From 1e94859edbb9a9e0c5fbbad364bcc30402ffc580 Mon Sep 17 00:00:00 2001 From: Hane Date: Sat, 26 Jul 2025 19:01:02 +0200 Subject: [PATCH] curl deps, compiles --- .gitignore | 2 + README.md | 2 +- build.bat | 11 + includes/curl/brotli/decode.h | 409 + includes/curl/brotli/encode.h | 501 + includes/curl/brotli/port.h | 305 + includes/curl/brotli/shared_dictionary.h | 100 + includes/curl/brotli/types.h | 83 + includes/curl/curl/curl.h | 3336 +++++ includes/curl/curl/curlver.h | 79 + includes/curl/curl/easy.h | 125 + includes/curl/curl/header.h | 74 + includes/curl/curl/mprintf.h | 85 + includes/curl/curl/multi.h | 481 + includes/curl/curl/options.h | 70 + includes/curl/curl/stdcheaders.h | 35 + includes/curl/curl/system.h | 402 + includes/curl/curl/typecheck-gcc.h | 867 ++ includes/curl/curl/urlapi.h | 155 + includes/curl/curl/websockets.h | 85 + includes/curl/libpsl.h | 210 + includes/curl/libssh2.h | 1516 +++ includes/curl/libssh2_publickey.h | 128 + includes/curl/libssh2_sftp.h | 382 + includes/curl/nghttp2/nghttp2.h | 6838 ++++++++++ includes/curl/nghttp2/nghttp2ver.h | 42 + includes/curl/nghttp3/nghttp3.h | 3048 +++++ includes/curl/nghttp3/version.h | 46 + includes/curl/ngtcp2/ngtcp2.h | 5999 +++++++++ includes/curl/ngtcp2/ngtcp2_crypto.h | 963 ++ includes/curl/ngtcp2/ngtcp2_crypto_quictls.h | 147 + includes/curl/ngtcp2/version.h | 51 + includes/curl/openssl/aes.h | 120 + includes/curl/openssl/asn1.h | 1124 ++ includes/curl/openssl/asn1t.h | 904 ++ includes/curl/openssl/bio.h | 717 + includes/curl/openssl/blowfish.h | 106 + includes/curl/openssl/bn.h | 520 + includes/curl/openssl/buffer.h | 102 + includes/curl/openssl/camellia.h | 121 + includes/curl/openssl/cast.h | 99 + includes/curl/openssl/chacha.h | 54 + includes/curl/openssl/cmac.h | 81 + includes/curl/openssl/cms.h | 534 + includes/curl/openssl/comp.h | 7 + includes/curl/openssl/conf.h | 189 + includes/curl/openssl/crypto.h | 458 + includes/curl/openssl/ct.h | 567 + includes/curl/openssl/curve25519.h | 104 + includes/curl/openssl/des.h | 206 + includes/curl/openssl/dh.h | 245 + includes/curl/openssl/dsa.h | 263 + includes/curl/openssl/dtls1.h | 107 + includes/curl/openssl/ec.h | 675 + includes/curl/openssl/ecdh.h | 6 + includes/curl/openssl/ecdsa.h | 6 + includes/curl/openssl/engine.h | 215 + includes/curl/openssl/err.h | 396 + includes/curl/openssl/evp.h | 1292 ++ includes/curl/openssl/hkdf.h | 65 + includes/curl/openssl/hmac.h | 101 + includes/curl/openssl/idea.h | 94 + includes/curl/openssl/kdf.h | 137 + includes/curl/openssl/lhash.h | 179 + includes/curl/openssl/md4.h | 105 + includes/curl/openssl/md5.h | 99 + includes/curl/openssl/modes.h | 118 + includes/curl/openssl/obj_mac.h | 4643 +++++++ includes/curl/openssl/objects.h | 137 + includes/curl/openssl/ocsp.h | 484 + includes/curl/openssl/opensslconf.h | 149 + includes/curl/openssl/opensslfeatures.h | 153 + includes/curl/openssl/opensslv.h | 18 + includes/curl/openssl/ossl_typ.h | 196 + includes/curl/openssl/pem.h | 546 + includes/curl/openssl/pkcs12.h | 284 + includes/curl/openssl/pkcs7.h | 522 + includes/curl/openssl/poly1305.h | 45 + includes/curl/openssl/posix_time.h | 54 + includes/curl/openssl/rand.h | 118 + includes/curl/openssl/rc2.h | 96 + includes/curl/openssl/rc4.h | 83 + includes/curl/openssl/ripemd.h | 107 + includes/curl/openssl/rsa.h | 603 + includes/curl/openssl/safestack.h | 1739 +++ includes/curl/openssl/sha.h | 190 + includes/curl/openssl/sm3.h | 49 + includes/curl/openssl/sm4.h | 47 + includes/curl/openssl/srtp.h | 148 + includes/curl/openssl/ssl.h | 2343 ++++ includes/curl/openssl/ssl3.h | 441 + includes/curl/openssl/stack.h | 99 + includes/curl/openssl/tls1.h | 764 ++ includes/curl/openssl/ts.h | 660 + includes/curl/openssl/txt_db.h | 112 + includes/curl/openssl/ui.h | 397 + includes/curl/openssl/x509.h | 1053 ++ includes/curl/openssl/x509_vfy.h | 463 + includes/curl/openssl/x509v3.h | 1041 ++ includes/curl/zconf.h | 206 + includes/curl/zdict.h | 481 + includes/curl/zlib.h | 1859 +++ includes/curl/zlib_name_mangling.h | 8 + includes/curl/zstd.h | 3198 +++++ includes/curl/zstd_errors.h | 107 + libs/curl-8.15.0_4-win64-mingw.zip | Bin 0 -> 8192164 bytes libs/curl/bin/curl-ca-bundle.crt | 3480 +++++ libs/curl/bin/curl.exe | Bin 0 -> 3788904 bytes libs/curl/bin/libcurl-x64.def | 97 + libs/curl/bin/libcurl-x64.dll | Bin 0 -> 3349608 bytes libs/curl/dep/brotli/LICENSE.txt | 19 + libs/curl/dep/brotli/README.md | 95 + libs/curl/dep/cacert/LICENSE.url | 2 + libs/curl/dep/libpsl/AUTHORS.txt | 24 + libs/curl/dep/libpsl/COPYING.txt | 19 + libs/curl/dep/libpsl/NEWS.txt | 237 + libs/curl/dep/libressl/COPYING.txt | 133 + libs/curl/dep/libressl/ChangeLog.txt | 3239 +++++ libs/curl/dep/libressl/README.md | 238 + libs/curl/dep/libssh2/COPYING.txt | 43 + libs/curl/dep/libssh2/NEWS.txt | 10896 ++++++++++++++++ libs/curl/dep/libssh2/README.txt | 19 + libs/curl/dep/libssh2/RELEASE-NOTES.txt | 325 + libs/curl/dep/libssh2/docs/AUTHORS.txt | 80 + libs/curl/dep/libssh2/docs/HACKING-CRYPTO.txt | 989 ++ .../dep/libssh2/docs/INSTALL_AUTOTOOLS.txt | 316 + libs/curl/dep/libssh2/docs/TODO.txt | 180 + libs/curl/dep/nghttp2/AUTHORS.txt | 174 + libs/curl/dep/nghttp2/COPYING.txt | 23 + libs/curl/dep/nghttp2/ChangeLog.txt | 3358 +++++ libs/curl/dep/nghttp2/README.rst | 1465 +++ libs/curl/dep/nghttp3/AUTHORS.txt | 29 + libs/curl/dep/nghttp3/COPYING.txt | 22 + libs/curl/dep/nghttp3/ChangeLog.txt | 319 + libs/curl/dep/nghttp3/README.rst | 75 + libs/curl/dep/ngtcp2/AUTHORS.txt | 70 + libs/curl/dep/ngtcp2/COPYING.txt | 22 + libs/curl/dep/ngtcp2/ChangeLog.txt | 1070 ++ libs/curl/dep/ngtcp2/README.rst | 379 + libs/curl/dep/zlibng/LICENSE.md | 19 + libs/curl/dep/zlibng/README.md | 228 + libs/curl/dep/zstd/CHANGELOG.txt | 863 ++ libs/curl/dep/zstd/LICENSE.txt | 30 + libs/curl/dep/zstd/README.md | 237 + libs/curl/docs/ALTSVC.md | 43 + libs/curl/docs/BINDINGS.md | 148 + libs/curl/docs/BUG-BOUNTY.md | 93 + libs/curl/docs/BUGS.md | 270 + libs/curl/docs/CIPHERS-TLS12.md | 336 + libs/curl/docs/CIPHERS.md | 270 + libs/curl/docs/CODE_OF_CONDUCT.md | 38 + libs/curl/docs/CODE_REVIEW.md | 175 + libs/curl/docs/CONTRIBUTE.md | 367 + libs/curl/docs/CURL-DISABLE.md | 191 + libs/curl/docs/CURLDOWN.md | 166 + libs/curl/docs/DEPRECATE.md | 73 + libs/curl/docs/DISTROS.md | 286 + libs/curl/docs/EARLY-RELEASE.md | 73 + libs/curl/docs/ECH.md | 496 + libs/curl/docs/EXPERIMENTAL.md | 90 + libs/curl/docs/FAQ.txt | 1559 +++ libs/curl/docs/FEATURES.md | 249 + libs/curl/docs/GOVERNANCE.md | 202 + libs/curl/docs/HELP-US.md | 94 + libs/curl/docs/HISTORY.md | 486 + libs/curl/docs/HSTS.md | 48 + libs/curl/docs/HTTP-COOKIES.md | 171 + libs/curl/docs/HTTP3.md | 481 + libs/curl/docs/HTTPSRR.md | 100 + libs/curl/docs/INFRASTRUCTURE.md | 209 + libs/curl/docs/INSTALL-CMAKE.md | 607 + libs/curl/docs/INSTALL.md | 643 + libs/curl/docs/INSTALL.txt | 9 + libs/curl/docs/INTERNALS.md | 63 + libs/curl/docs/IPFS.md | 133 + libs/curl/docs/KNOWN_BUGS.txt | 653 + libs/curl/docs/MAIL-ETIQUETTE.md | 258 + libs/curl/docs/MANUAL.md | 1008 ++ libs/curl/docs/README.md | 18 + libs/curl/docs/RELEASE-PROCEDURE.md | 147 + libs/curl/docs/RELEASE-TOOLS.md | 28 + libs/curl/docs/ROADMAP.md | 17 + libs/curl/docs/RUSTLS.md | 85 + libs/curl/docs/SECURITY-ADVISORY.md | 135 + libs/curl/docs/SPONSORS.md | 55 + libs/curl/docs/SSL-PROBLEMS.md | 97 + libs/curl/docs/SSLCERTS.md | 120 + libs/curl/docs/THANKS.txt | 3466 +++++ libs/curl/docs/TODO.txt | 1367 ++ libs/curl/docs/TheArtOfHttpScripting.md | 712 + libs/curl/docs/URL-SYNTAX.md | 396 + libs/curl/docs/VERSIONS.md | 341 + libs/curl/docs/VULN-DISCLOSURE-POLICY.md | 355 + libs/curl/docs/curl-config.md | 124 + libs/curl/docs/examples/10-at-a-time.c | 153 + libs/curl/docs/examples/address-scope.c | 62 + libs/curl/docs/examples/altsvc.c | 58 + libs/curl/docs/examples/anyauthput.c | 164 + libs/curl/docs/examples/block_ip.c | 356 + libs/curl/docs/examples/certinfo.c | 87 + libs/curl/docs/examples/chkspeed.c | 224 + libs/curl/docs/examples/connect-to.c | 70 + libs/curl/docs/examples/cookie_interface.c | 139 + libs/curl/docs/examples/debug.c | 155 + libs/curl/docs/examples/default-scheme.c | 57 + libs/curl/docs/examples/externalsocket.c | 182 + libs/curl/docs/examples/fileupload.c | 103 + libs/curl/docs/examples/ftp-delete.c | 84 + libs/curl/docs/examples/ftp-wildcard.c | 153 + libs/curl/docs/examples/ftpget.c | 94 + libs/curl/docs/examples/ftpgetinfo.c | 93 + libs/curl/docs/examples/ftpgetresp.c | 85 + libs/curl/docs/examples/ftpsget.c | 101 + libs/curl/docs/examples/ftpupload.c | 150 + libs/curl/docs/examples/ftpuploadfrommem.c | 126 + libs/curl/docs/examples/ftpuploadresume.c | 167 + libs/curl/docs/examples/getinfo.c | 54 + libs/curl/docs/examples/getinmemory.c | 118 + libs/curl/docs/examples/getredirect.c | 72 + libs/curl/docs/examples/getreferrer.c | 59 + libs/curl/docs/examples/headerapi.c | 81 + libs/curl/docs/examples/hsts-preload.c | 118 + libs/curl/docs/examples/http-options.c | 59 + libs/curl/docs/examples/http-post.c | 61 + libs/curl/docs/examples/http2-download.c | 236 + libs/curl/docs/examples/http2-pushinmemory.c | 186 + libs/curl/docs/examples/http2-serverpush.c | 273 + libs/curl/docs/examples/http2-upload.c | 343 + libs/curl/docs/examples/http3-present.c | 49 + libs/curl/docs/examples/http3.c | 55 + libs/curl/docs/examples/httpcustomheader.c | 72 + libs/curl/docs/examples/httpput-postfields.c | 104 + libs/curl/docs/examples/httpput.c | 130 + libs/curl/docs/examples/https.c | 83 + libs/curl/docs/examples/imap-append.c | 130 + libs/curl/docs/examples/imap-authzid.c | 73 + libs/curl/docs/examples/imap-copy.c | 73 + libs/curl/docs/examples/imap-create.c | 69 + libs/curl/docs/examples/imap-delete.c | 69 + libs/curl/docs/examples/imap-examine.c | 69 + libs/curl/docs/examples/imap-fetch.c | 67 + libs/curl/docs/examples/imap-list.c | 68 + libs/curl/docs/examples/imap-lsub.c | 70 + libs/curl/docs/examples/imap-multi.c | 83 + libs/curl/docs/examples/imap-noop.c | 69 + libs/curl/docs/examples/imap-search.c | 73 + libs/curl/docs/examples/imap-ssl.c | 94 + libs/curl/docs/examples/imap-store.c | 84 + libs/curl/docs/examples/imap-tls.c | 94 + libs/curl/docs/examples/interface.c | 52 + libs/curl/docs/examples/ipv6.c | 48 + libs/curl/docs/examples/keepalive.c | 58 + libs/curl/docs/examples/localport.c | 53 + libs/curl/docs/examples/maxconnects.c | 66 + libs/curl/docs/examples/multi-app.c | 115 + libs/curl/docs/examples/multi-debugcallback.c | 161 + libs/curl/docs/examples/multi-double.c | 93 + libs/curl/docs/examples/multi-formadd.c | 120 + libs/curl/docs/examples/multi-legacy.c | 191 + libs/curl/docs/examples/multi-post.c | 104 + libs/curl/docs/examples/multi-single.c | 80 + libs/curl/docs/examples/netrc.c | 49 + libs/curl/docs/examples/parseurl.c | 80 + libs/curl/docs/examples/persistent.c | 70 + libs/curl/docs/examples/pop3-authzid.c | 72 + libs/curl/docs/examples/pop3-dele.c | 72 + libs/curl/docs/examples/pop3-list.c | 66 + libs/curl/docs/examples/pop3-multi.c | 84 + libs/curl/docs/examples/pop3-noop.c | 72 + libs/curl/docs/examples/pop3-retr.c | 66 + libs/curl/docs/examples/pop3-ssl.c | 93 + libs/curl/docs/examples/pop3-stat.c | 72 + libs/curl/docs/examples/pop3-tls.c | 93 + libs/curl/docs/examples/pop3-top.c | 69 + libs/curl/docs/examples/pop3-uidl.c | 69 + libs/curl/docs/examples/post-callback.c | 156 + libs/curl/docs/examples/postinmemory.c | 113 + libs/curl/docs/examples/postit2-formadd.c | 119 + libs/curl/docs/examples/postit2.c | 104 + libs/curl/docs/examples/progressfunc.c | 97 + libs/curl/docs/examples/protofeats.c | 52 + libs/curl/docs/examples/range.c | 45 + libs/curl/docs/examples/resolve.c | 58 + libs/curl/docs/examples/rtsp-options.c | 55 + libs/curl/docs/examples/sendrecv.c | 179 + libs/curl/docs/examples/sepheaders.c | 95 + libs/curl/docs/examples/sftpget.c | 112 + libs/curl/docs/examples/sftpuploadresume.c | 139 + .../docs/examples/shared-connection-cache.c | 87 + libs/curl/docs/examples/simple.c | 53 + libs/curl/docs/examples/simplepost.c | 58 + libs/curl/docs/examples/simplessl.c | 154 + libs/curl/docs/examples/smtp-authzid.c | 162 + libs/curl/docs/examples/smtp-expn.c | 81 + libs/curl/docs/examples/smtp-mail.c | 150 + libs/curl/docs/examples/smtp-mime.c | 168 + libs/curl/docs/examples/smtp-multi.c | 153 + libs/curl/docs/examples/smtp-ssl.c | 170 + libs/curl/docs/examples/smtp-tls.c | 173 + libs/curl/docs/examples/smtp-vrfy.c | 81 + libs/curl/docs/examples/sslbackend.c | 79 + libs/curl/docs/examples/unixsocket.c | 67 + libs/curl/docs/examples/url2file.c | 87 + libs/curl/docs/examples/urlapi.c | 77 + libs/curl/docs/examples/websocket-cb.c | 68 + libs/curl/docs/examples/websocket.c | 167 + .../curl/docs/libcurl/symbols-in-versions.txt | 1171 ++ libs/curl/docs/mk-ca-bundle.md | 127 + libs/curl/docs/options-in-versions.txt | 281 + libs/curl/docs/runtests.md | 312 + libs/curl/docs/testcurl.md | 138 + libs/curl/docs/wcurl.md | 145 + libs/curl/lib/libbrotlicommon.a | Bin 0 -> 135262 bytes libs/curl/lib/libbrotlidec.a | Bin 0 -> 58316 bytes libs/curl/lib/libcrypto.a | Bin 0 -> 3459326 bytes libs/curl/lib/libcurl.a | Bin 0 -> 1947146 bytes libs/curl/lib/libcurl.dll.a | Bin 0 -> 21386 bytes libs/curl/lib/libnghttp2.a | Bin 0 -> 306888 bytes libs/curl/lib/libnghttp3.a | Bin 0 -> 271146 bytes libs/curl/lib/libngtcp2.a | Bin 0 -> 493390 bytes libs/curl/lib/libngtcp2_crypto_quictls.a | Bin 0 -> 46158 bytes libs/curl/lib/libpsl.a | Bin 0 -> 69396 bytes libs/curl/lib/libssh2.a | Bin 0 -> 475248 bytes libs/curl/lib/libssl.a | Bin 0 -> 703332 bytes libs/curl/lib/libz.a | Bin 0 -> 230026 bytes libs/curl/lib/libzstd.a | Bin 0 -> 871796 bytes libs/curl/mk-ca-bundle.pl | 667 + src/main.cpp | 14 + 328 files changed, 121283 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100644 build.bat create mode 100644 includes/curl/brotli/decode.h create mode 100644 includes/curl/brotli/encode.h create mode 100644 includes/curl/brotli/port.h create mode 100644 includes/curl/brotli/shared_dictionary.h create mode 100644 includes/curl/brotli/types.h create mode 100644 includes/curl/curl/curl.h create mode 100644 includes/curl/curl/curlver.h create mode 100644 includes/curl/curl/easy.h create mode 100644 includes/curl/curl/header.h create mode 100644 includes/curl/curl/mprintf.h create mode 100644 includes/curl/curl/multi.h create mode 100644 includes/curl/curl/options.h create mode 100644 includes/curl/curl/stdcheaders.h create mode 100644 includes/curl/curl/system.h create mode 100644 includes/curl/curl/typecheck-gcc.h create mode 100644 includes/curl/curl/urlapi.h create mode 100644 includes/curl/curl/websockets.h create mode 100644 includes/curl/libpsl.h create mode 100644 includes/curl/libssh2.h create mode 100644 includes/curl/libssh2_publickey.h create mode 100644 includes/curl/libssh2_sftp.h create mode 100644 includes/curl/nghttp2/nghttp2.h create mode 100644 includes/curl/nghttp2/nghttp2ver.h create mode 100644 includes/curl/nghttp3/nghttp3.h create mode 100644 includes/curl/nghttp3/version.h create mode 100644 includes/curl/ngtcp2/ngtcp2.h create mode 100644 includes/curl/ngtcp2/ngtcp2_crypto.h create mode 100644 includes/curl/ngtcp2/ngtcp2_crypto_quictls.h create mode 100644 includes/curl/ngtcp2/version.h create mode 100644 includes/curl/openssl/aes.h create mode 100644 includes/curl/openssl/asn1.h create mode 100644 includes/curl/openssl/asn1t.h create mode 100644 includes/curl/openssl/bio.h create mode 100644 includes/curl/openssl/blowfish.h create mode 100644 includes/curl/openssl/bn.h create mode 100644 includes/curl/openssl/buffer.h create mode 100644 includes/curl/openssl/camellia.h create mode 100644 includes/curl/openssl/cast.h create mode 100644 includes/curl/openssl/chacha.h create mode 100644 includes/curl/openssl/cmac.h create mode 100644 includes/curl/openssl/cms.h create mode 100644 includes/curl/openssl/comp.h create mode 100644 includes/curl/openssl/conf.h create mode 100644 includes/curl/openssl/crypto.h create mode 100644 includes/curl/openssl/ct.h create mode 100644 includes/curl/openssl/curve25519.h create mode 100644 includes/curl/openssl/des.h create mode 100644 includes/curl/openssl/dh.h create mode 100644 includes/curl/openssl/dsa.h create mode 100644 includes/curl/openssl/dtls1.h create mode 100644 includes/curl/openssl/ec.h create mode 100644 includes/curl/openssl/ecdh.h create mode 100644 includes/curl/openssl/ecdsa.h create mode 100644 includes/curl/openssl/engine.h create mode 100644 includes/curl/openssl/err.h create mode 100644 includes/curl/openssl/evp.h create mode 100644 includes/curl/openssl/hkdf.h create mode 100644 includes/curl/openssl/hmac.h create mode 100644 includes/curl/openssl/idea.h create mode 100644 includes/curl/openssl/kdf.h create mode 100644 includes/curl/openssl/lhash.h create mode 100644 includes/curl/openssl/md4.h create mode 100644 includes/curl/openssl/md5.h create mode 100644 includes/curl/openssl/modes.h create mode 100644 includes/curl/openssl/obj_mac.h create mode 100644 includes/curl/openssl/objects.h create mode 100644 includes/curl/openssl/ocsp.h create mode 100644 includes/curl/openssl/opensslconf.h create mode 100644 includes/curl/openssl/opensslfeatures.h create mode 100644 includes/curl/openssl/opensslv.h create mode 100644 includes/curl/openssl/ossl_typ.h create mode 100644 includes/curl/openssl/pem.h create mode 100644 includes/curl/openssl/pkcs12.h create mode 100644 includes/curl/openssl/pkcs7.h create mode 100644 includes/curl/openssl/poly1305.h create mode 100644 includes/curl/openssl/posix_time.h create mode 100644 includes/curl/openssl/rand.h create mode 100644 includes/curl/openssl/rc2.h create mode 100644 includes/curl/openssl/rc4.h create mode 100644 includes/curl/openssl/ripemd.h create mode 100644 includes/curl/openssl/rsa.h create mode 100644 includes/curl/openssl/safestack.h create mode 100644 includes/curl/openssl/sha.h create mode 100644 includes/curl/openssl/sm3.h create mode 100644 includes/curl/openssl/sm4.h create mode 100644 includes/curl/openssl/srtp.h create mode 100644 includes/curl/openssl/ssl.h create mode 100644 includes/curl/openssl/ssl3.h create mode 100644 includes/curl/openssl/stack.h create mode 100644 includes/curl/openssl/tls1.h create mode 100644 includes/curl/openssl/ts.h create mode 100644 includes/curl/openssl/txt_db.h create mode 100644 includes/curl/openssl/ui.h create mode 100644 includes/curl/openssl/x509.h create mode 100644 includes/curl/openssl/x509_vfy.h create mode 100644 includes/curl/openssl/x509v3.h create mode 100644 includes/curl/zconf.h create mode 100644 includes/curl/zdict.h create mode 100644 includes/curl/zlib.h create mode 100644 includes/curl/zlib_name_mangling.h create mode 100644 includes/curl/zstd.h create mode 100644 includes/curl/zstd_errors.h create mode 100644 libs/curl-8.15.0_4-win64-mingw.zip create mode 100644 libs/curl/bin/curl-ca-bundle.crt create mode 100644 libs/curl/bin/curl.exe create mode 100644 libs/curl/bin/libcurl-x64.def create mode 100644 libs/curl/bin/libcurl-x64.dll create mode 100644 libs/curl/dep/brotli/LICENSE.txt create mode 100644 libs/curl/dep/brotli/README.md create mode 100644 libs/curl/dep/cacert/LICENSE.url create mode 100644 libs/curl/dep/libpsl/AUTHORS.txt create mode 100644 libs/curl/dep/libpsl/COPYING.txt create mode 100644 libs/curl/dep/libpsl/NEWS.txt create mode 100644 libs/curl/dep/libressl/COPYING.txt create mode 100644 libs/curl/dep/libressl/ChangeLog.txt create mode 100644 libs/curl/dep/libressl/README.md create mode 100644 libs/curl/dep/libssh2/COPYING.txt create mode 100644 libs/curl/dep/libssh2/NEWS.txt create mode 100644 libs/curl/dep/libssh2/README.txt create mode 100644 libs/curl/dep/libssh2/RELEASE-NOTES.txt create mode 100644 libs/curl/dep/libssh2/docs/AUTHORS.txt create mode 100644 libs/curl/dep/libssh2/docs/HACKING-CRYPTO.txt create mode 100644 libs/curl/dep/libssh2/docs/INSTALL_AUTOTOOLS.txt create mode 100644 libs/curl/dep/libssh2/docs/TODO.txt create mode 100644 libs/curl/dep/nghttp2/AUTHORS.txt create mode 100644 libs/curl/dep/nghttp2/COPYING.txt create mode 100644 libs/curl/dep/nghttp2/ChangeLog.txt create mode 100644 libs/curl/dep/nghttp2/README.rst create mode 100644 libs/curl/dep/nghttp3/AUTHORS.txt create mode 100644 libs/curl/dep/nghttp3/COPYING.txt create mode 100644 libs/curl/dep/nghttp3/ChangeLog.txt create mode 100644 libs/curl/dep/nghttp3/README.rst create mode 100644 libs/curl/dep/ngtcp2/AUTHORS.txt create mode 100644 libs/curl/dep/ngtcp2/COPYING.txt create mode 100644 libs/curl/dep/ngtcp2/ChangeLog.txt create mode 100644 libs/curl/dep/ngtcp2/README.rst create mode 100644 libs/curl/dep/zlibng/LICENSE.md create mode 100644 libs/curl/dep/zlibng/README.md create mode 100644 libs/curl/dep/zstd/CHANGELOG.txt create mode 100644 libs/curl/dep/zstd/LICENSE.txt create mode 100644 libs/curl/dep/zstd/README.md create mode 100644 libs/curl/docs/ALTSVC.md create mode 100644 libs/curl/docs/BINDINGS.md create mode 100644 libs/curl/docs/BUG-BOUNTY.md create mode 100644 libs/curl/docs/BUGS.md create mode 100644 libs/curl/docs/CIPHERS-TLS12.md create mode 100644 libs/curl/docs/CIPHERS.md create mode 100644 libs/curl/docs/CODE_OF_CONDUCT.md create mode 100644 libs/curl/docs/CODE_REVIEW.md create mode 100644 libs/curl/docs/CONTRIBUTE.md create mode 100644 libs/curl/docs/CURL-DISABLE.md create mode 100644 libs/curl/docs/CURLDOWN.md create mode 100644 libs/curl/docs/DEPRECATE.md create mode 100644 libs/curl/docs/DISTROS.md create mode 100644 libs/curl/docs/EARLY-RELEASE.md create mode 100644 libs/curl/docs/ECH.md create mode 100644 libs/curl/docs/EXPERIMENTAL.md create mode 100644 libs/curl/docs/FAQ.txt create mode 100644 libs/curl/docs/FEATURES.md create mode 100644 libs/curl/docs/GOVERNANCE.md create mode 100644 libs/curl/docs/HELP-US.md create mode 100644 libs/curl/docs/HISTORY.md create mode 100644 libs/curl/docs/HSTS.md create mode 100644 libs/curl/docs/HTTP-COOKIES.md create mode 100644 libs/curl/docs/HTTP3.md create mode 100644 libs/curl/docs/HTTPSRR.md create mode 100644 libs/curl/docs/INFRASTRUCTURE.md create mode 100644 libs/curl/docs/INSTALL-CMAKE.md create mode 100644 libs/curl/docs/INSTALL.md create mode 100644 libs/curl/docs/INSTALL.txt create mode 100644 libs/curl/docs/INTERNALS.md create mode 100644 libs/curl/docs/IPFS.md create mode 100644 libs/curl/docs/KNOWN_BUGS.txt create mode 100644 libs/curl/docs/MAIL-ETIQUETTE.md create mode 100644 libs/curl/docs/MANUAL.md create mode 100644 libs/curl/docs/README.md create mode 100644 libs/curl/docs/RELEASE-PROCEDURE.md create mode 100644 libs/curl/docs/RELEASE-TOOLS.md create mode 100644 libs/curl/docs/ROADMAP.md create mode 100644 libs/curl/docs/RUSTLS.md create mode 100644 libs/curl/docs/SECURITY-ADVISORY.md create mode 100644 libs/curl/docs/SPONSORS.md create mode 100644 libs/curl/docs/SSL-PROBLEMS.md create mode 100644 libs/curl/docs/SSLCERTS.md create mode 100644 libs/curl/docs/THANKS.txt create mode 100644 libs/curl/docs/TODO.txt create mode 100644 libs/curl/docs/TheArtOfHttpScripting.md create mode 100644 libs/curl/docs/URL-SYNTAX.md create mode 100644 libs/curl/docs/VERSIONS.md create mode 100644 libs/curl/docs/VULN-DISCLOSURE-POLICY.md create mode 100644 libs/curl/docs/curl-config.md create mode 100644 libs/curl/docs/examples/10-at-a-time.c create mode 100644 libs/curl/docs/examples/address-scope.c create mode 100644 libs/curl/docs/examples/altsvc.c create mode 100644 libs/curl/docs/examples/anyauthput.c create mode 100644 libs/curl/docs/examples/block_ip.c create mode 100644 libs/curl/docs/examples/certinfo.c create mode 100644 libs/curl/docs/examples/chkspeed.c create mode 100644 libs/curl/docs/examples/connect-to.c create mode 100644 libs/curl/docs/examples/cookie_interface.c create mode 100644 libs/curl/docs/examples/debug.c create mode 100644 libs/curl/docs/examples/default-scheme.c create mode 100644 libs/curl/docs/examples/externalsocket.c create mode 100644 libs/curl/docs/examples/fileupload.c create mode 100644 libs/curl/docs/examples/ftp-delete.c create mode 100644 libs/curl/docs/examples/ftp-wildcard.c create mode 100644 libs/curl/docs/examples/ftpget.c create mode 100644 libs/curl/docs/examples/ftpgetinfo.c create mode 100644 libs/curl/docs/examples/ftpgetresp.c create mode 100644 libs/curl/docs/examples/ftpsget.c create mode 100644 libs/curl/docs/examples/ftpupload.c create mode 100644 libs/curl/docs/examples/ftpuploadfrommem.c create mode 100644 libs/curl/docs/examples/ftpuploadresume.c create mode 100644 libs/curl/docs/examples/getinfo.c create mode 100644 libs/curl/docs/examples/getinmemory.c create mode 100644 libs/curl/docs/examples/getredirect.c create mode 100644 libs/curl/docs/examples/getreferrer.c create mode 100644 libs/curl/docs/examples/headerapi.c create mode 100644 libs/curl/docs/examples/hsts-preload.c create mode 100644 libs/curl/docs/examples/http-options.c create mode 100644 libs/curl/docs/examples/http-post.c create mode 100644 libs/curl/docs/examples/http2-download.c create mode 100644 libs/curl/docs/examples/http2-pushinmemory.c create mode 100644 libs/curl/docs/examples/http2-serverpush.c create mode 100644 libs/curl/docs/examples/http2-upload.c create mode 100644 libs/curl/docs/examples/http3-present.c create mode 100644 libs/curl/docs/examples/http3.c create mode 100644 libs/curl/docs/examples/httpcustomheader.c create mode 100644 libs/curl/docs/examples/httpput-postfields.c create mode 100644 libs/curl/docs/examples/httpput.c create mode 100644 libs/curl/docs/examples/https.c create mode 100644 libs/curl/docs/examples/imap-append.c create mode 100644 libs/curl/docs/examples/imap-authzid.c create mode 100644 libs/curl/docs/examples/imap-copy.c create mode 100644 libs/curl/docs/examples/imap-create.c create mode 100644 libs/curl/docs/examples/imap-delete.c create mode 100644 libs/curl/docs/examples/imap-examine.c create mode 100644 libs/curl/docs/examples/imap-fetch.c create mode 100644 libs/curl/docs/examples/imap-list.c create mode 100644 libs/curl/docs/examples/imap-lsub.c create mode 100644 libs/curl/docs/examples/imap-multi.c create mode 100644 libs/curl/docs/examples/imap-noop.c create mode 100644 libs/curl/docs/examples/imap-search.c create mode 100644 libs/curl/docs/examples/imap-ssl.c create mode 100644 libs/curl/docs/examples/imap-store.c create mode 100644 libs/curl/docs/examples/imap-tls.c create mode 100644 libs/curl/docs/examples/interface.c create mode 100644 libs/curl/docs/examples/ipv6.c create mode 100644 libs/curl/docs/examples/keepalive.c create mode 100644 libs/curl/docs/examples/localport.c create mode 100644 libs/curl/docs/examples/maxconnects.c create mode 100644 libs/curl/docs/examples/multi-app.c create mode 100644 libs/curl/docs/examples/multi-debugcallback.c create mode 100644 libs/curl/docs/examples/multi-double.c create mode 100644 libs/curl/docs/examples/multi-formadd.c create mode 100644 libs/curl/docs/examples/multi-legacy.c create mode 100644 libs/curl/docs/examples/multi-post.c create mode 100644 libs/curl/docs/examples/multi-single.c create mode 100644 libs/curl/docs/examples/netrc.c create mode 100644 libs/curl/docs/examples/parseurl.c create mode 100644 libs/curl/docs/examples/persistent.c create mode 100644 libs/curl/docs/examples/pop3-authzid.c create mode 100644 libs/curl/docs/examples/pop3-dele.c create mode 100644 libs/curl/docs/examples/pop3-list.c create mode 100644 libs/curl/docs/examples/pop3-multi.c create mode 100644 libs/curl/docs/examples/pop3-noop.c create mode 100644 libs/curl/docs/examples/pop3-retr.c create mode 100644 libs/curl/docs/examples/pop3-ssl.c create mode 100644 libs/curl/docs/examples/pop3-stat.c create mode 100644 libs/curl/docs/examples/pop3-tls.c create mode 100644 libs/curl/docs/examples/pop3-top.c create mode 100644 libs/curl/docs/examples/pop3-uidl.c create mode 100644 libs/curl/docs/examples/post-callback.c create mode 100644 libs/curl/docs/examples/postinmemory.c create mode 100644 libs/curl/docs/examples/postit2-formadd.c create mode 100644 libs/curl/docs/examples/postit2.c create mode 100644 libs/curl/docs/examples/progressfunc.c create mode 100644 libs/curl/docs/examples/protofeats.c create mode 100644 libs/curl/docs/examples/range.c create mode 100644 libs/curl/docs/examples/resolve.c create mode 100644 libs/curl/docs/examples/rtsp-options.c create mode 100644 libs/curl/docs/examples/sendrecv.c create mode 100644 libs/curl/docs/examples/sepheaders.c create mode 100644 libs/curl/docs/examples/sftpget.c create mode 100644 libs/curl/docs/examples/sftpuploadresume.c create mode 100644 libs/curl/docs/examples/shared-connection-cache.c create mode 100644 libs/curl/docs/examples/simple.c create mode 100644 libs/curl/docs/examples/simplepost.c create mode 100644 libs/curl/docs/examples/simplessl.c create mode 100644 libs/curl/docs/examples/smtp-authzid.c create mode 100644 libs/curl/docs/examples/smtp-expn.c create mode 100644 libs/curl/docs/examples/smtp-mail.c create mode 100644 libs/curl/docs/examples/smtp-mime.c create mode 100644 libs/curl/docs/examples/smtp-multi.c create mode 100644 libs/curl/docs/examples/smtp-ssl.c create mode 100644 libs/curl/docs/examples/smtp-tls.c create mode 100644 libs/curl/docs/examples/smtp-vrfy.c create mode 100644 libs/curl/docs/examples/sslbackend.c create mode 100644 libs/curl/docs/examples/unixsocket.c create mode 100644 libs/curl/docs/examples/url2file.c create mode 100644 libs/curl/docs/examples/urlapi.c create mode 100644 libs/curl/docs/examples/websocket-cb.c create mode 100644 libs/curl/docs/examples/websocket.c create mode 100644 libs/curl/docs/libcurl/symbols-in-versions.txt create mode 100644 libs/curl/docs/mk-ca-bundle.md create mode 100644 libs/curl/docs/options-in-versions.txt create mode 100644 libs/curl/docs/runtests.md create mode 100644 libs/curl/docs/testcurl.md create mode 100644 libs/curl/docs/wcurl.md create mode 100644 libs/curl/lib/libbrotlicommon.a create mode 100644 libs/curl/lib/libbrotlidec.a create mode 100644 libs/curl/lib/libcrypto.a create mode 100644 libs/curl/lib/libcurl.a create mode 100644 libs/curl/lib/libcurl.dll.a create mode 100644 libs/curl/lib/libnghttp2.a create mode 100644 libs/curl/lib/libnghttp3.a create mode 100644 libs/curl/lib/libngtcp2.a create mode 100644 libs/curl/lib/libngtcp2_crypto_quictls.a create mode 100644 libs/curl/lib/libpsl.a create mode 100644 libs/curl/lib/libssh2.a create mode 100644 libs/curl/lib/libssl.a create mode 100644 libs/curl/lib/libz.a create mode 100644 libs/curl/lib/libzstd.a create mode 100644 libs/curl/mk-ca-bundle.pl create mode 100644 src/main.cpp diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..26ef62b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.projectile.cache +build/ diff --git a/README.md b/README.md index 909affd..173f450 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ -# microservice-plan-ingest +# Microservices in C++ test diff --git a/build.bat b/build.bat new file mode 100644 index 0000000..409b95f --- /dev/null +++ b/build.bat @@ -0,0 +1,11 @@ +set outputdir=%~dp0build +if "%~1"=="" goto default + +set outputdir="%~1" +goto compile + +:default +mkdir %~dp0build + +:compile +clang++ src/main.cpp -I includes/curl -L libs/curl/lib -lcurl -DCURL_STATICLIB -DWIN32_LEAN_AND_MEAN -o %outputdir%\micro.exe -g -gcodeview -O0 -Wl,-pdb= diff --git a/includes/curl/brotli/decode.h b/includes/curl/brotli/decode.h new file mode 100644 index 0000000..af1aa23 --- /dev/null +++ b/includes/curl/brotli/decode.h @@ -0,0 +1,409 @@ +/* Copyright 2013 Google Inc. All Rights Reserved. + + Distributed under MIT license. + See file LICENSE for detail or copy at https://opensource.org/licenses/MIT +*/ + +/** + * @file + * API for Brotli decompression. + */ + +#ifndef BROTLI_DEC_DECODE_H_ +#define BROTLI_DEC_DECODE_H_ + +#include +#include +#include + +#if defined(__cplusplus) || defined(c_plusplus) +extern "C" { +#endif + +/** + * Opaque structure that holds decoder state. + * + * Allocated and initialized with ::BrotliDecoderCreateInstance. + * Cleaned up and deallocated with ::BrotliDecoderDestroyInstance. + */ +typedef struct BrotliDecoderStateStruct BrotliDecoderState; + +/** + * Result type for ::BrotliDecoderDecompress and + * ::BrotliDecoderDecompressStream functions. + */ +typedef enum { + /** Decoding error, e.g. corrupted input or memory allocation problem. */ + BROTLI_DECODER_RESULT_ERROR = 0, + /** Decoding successfully completed. */ + BROTLI_DECODER_RESULT_SUCCESS = 1, + /** Partially done; should be called again with more input. */ + BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT = 2, + /** Partially done; should be called again with more output. */ + BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT = 3 +} BrotliDecoderResult; + +/** + * Template that evaluates items of ::BrotliDecoderErrorCode. + * + * Example: @code {.cpp} + * // Log Brotli error code. + * switch (brotliDecoderErrorCode) { + * #define CASE_(PREFIX, NAME, CODE) \ + * case BROTLI_DECODER ## PREFIX ## NAME: \ + * LOG(INFO) << "error code:" << #NAME; \ + * break; + * #define NEWLINE_ + * BROTLI_DECODER_ERROR_CODES_LIST(CASE_, NEWLINE_) + * #undef CASE_ + * #undef NEWLINE_ + * default: LOG(FATAL) << "unknown brotli error code"; + * } + * @endcode + */ +#define BROTLI_DECODER_ERROR_CODES_LIST(BROTLI_ERROR_CODE, SEPARATOR) \ + BROTLI_ERROR_CODE(_, NO_ERROR, 0) SEPARATOR \ + /* Same as BrotliDecoderResult values */ \ + BROTLI_ERROR_CODE(_, SUCCESS, 1) SEPARATOR \ + BROTLI_ERROR_CODE(_, NEEDS_MORE_INPUT, 2) SEPARATOR \ + BROTLI_ERROR_CODE(_, NEEDS_MORE_OUTPUT, 3) SEPARATOR \ + \ + /* Errors caused by invalid input */ \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, EXUBERANT_NIBBLE, -1) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, RESERVED, -2) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, EXUBERANT_META_NIBBLE, -3) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, SIMPLE_HUFFMAN_ALPHABET, -4) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, SIMPLE_HUFFMAN_SAME, -5) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, CL_SPACE, -6) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, HUFFMAN_SPACE, -7) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, CONTEXT_MAP_REPEAT, -8) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, BLOCK_LENGTH_1, -9) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, BLOCK_LENGTH_2, -10) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, TRANSFORM, -11) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, DICTIONARY, -12) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, WINDOW_BITS, -13) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, PADDING_1, -14) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, PADDING_2, -15) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_FORMAT_, DISTANCE, -16) SEPARATOR \ + \ + /* -17 code is reserved */ \ + \ + BROTLI_ERROR_CODE(_ERROR_, COMPOUND_DICTIONARY, -18) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_, DICTIONARY_NOT_SET, -19) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_, INVALID_ARGUMENTS, -20) SEPARATOR \ + \ + /* Memory allocation problems */ \ + BROTLI_ERROR_CODE(_ERROR_ALLOC_, CONTEXT_MODES, -21) SEPARATOR \ + /* Literal, insert and distance trees together */ \ + BROTLI_ERROR_CODE(_ERROR_ALLOC_, TREE_GROUPS, -22) SEPARATOR \ + /* -23..-24 codes are reserved for distinct tree groups */ \ + BROTLI_ERROR_CODE(_ERROR_ALLOC_, CONTEXT_MAP, -25) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_ALLOC_, RING_BUFFER_1, -26) SEPARATOR \ + BROTLI_ERROR_CODE(_ERROR_ALLOC_, RING_BUFFER_2, -27) SEPARATOR \ + /* -28..-29 codes are reserved for dynamic ring-buffer allocation */ \ + BROTLI_ERROR_CODE(_ERROR_ALLOC_, BLOCK_TYPE_TREES, -30) SEPARATOR \ + \ + /* "Impossible" states */ \ + BROTLI_ERROR_CODE(_ERROR_, UNREACHABLE, -31) + +/** + * Error code for detailed logging / production debugging. + * + * See ::BrotliDecoderGetErrorCode and ::BROTLI_LAST_ERROR_CODE. + */ +typedef enum { +#define BROTLI_COMMA_ , +#define BROTLI_ERROR_CODE_ENUM_ITEM_(PREFIX, NAME, CODE) \ + BROTLI_DECODER ## PREFIX ## NAME = CODE + BROTLI_DECODER_ERROR_CODES_LIST(BROTLI_ERROR_CODE_ENUM_ITEM_, BROTLI_COMMA_) +} BrotliDecoderErrorCode; +#undef BROTLI_ERROR_CODE_ENUM_ITEM_ +#undef BROTLI_COMMA_ + +/** + * The value of the last error code, negative integer. + * + * All other error code values are in the range from ::BROTLI_LAST_ERROR_CODE + * to @c -1. There are also 4 other possible non-error codes @c 0 .. @c 3 in + * ::BrotliDecoderErrorCode enumeration. + */ +#define BROTLI_LAST_ERROR_CODE BROTLI_DECODER_ERROR_UNREACHABLE + +/** Options to be used with ::BrotliDecoderSetParameter. */ +typedef enum BrotliDecoderParameter { + /** + * Disable "canny" ring buffer allocation strategy. + * + * Ring buffer is allocated according to window size, despite the real size of + * the content. + */ + BROTLI_DECODER_PARAM_DISABLE_RING_BUFFER_REALLOCATION = 0, + /** + * Flag that determines if "Large Window Brotli" is used. + */ + BROTLI_DECODER_PARAM_LARGE_WINDOW = 1 +} BrotliDecoderParameter; + +/** + * Sets the specified parameter to the given decoder instance. + * + * @param state decoder instance + * @param param parameter to set + * @param value new parameter value + * @returns ::BROTLI_FALSE if parameter is unrecognized, or value is invalid + * @returns ::BROTLI_TRUE if value is accepted + */ +BROTLI_DEC_API BROTLI_BOOL BrotliDecoderSetParameter( + BrotliDecoderState* state, BrotliDecoderParameter param, uint32_t value); + +/** + * Adds LZ77 prefix dictionary, adds or replaces built-in static dictionary and + * transforms. + * + * Attached dictionary ownership is not transferred. + * Data provided to this method should be kept accessible until + * decoding is finished and decoder instance is destroyed. + * + * @note Dictionaries can NOT be attached after actual decoding is started. + * + * @param state decoder instance + * @param type dictionary data format + * @param data_size length of memory region pointed by @p data + * @param data dictionary data in format corresponding to @p type + * @returns ::BROTLI_FALSE if dictionary is corrupted, + * or dictionary count limit is reached + * @returns ::BROTLI_TRUE if dictionary is accepted / attached + */ +BROTLI_DEC_API BROTLI_BOOL BrotliDecoderAttachDictionary( + BrotliDecoderState* state, BrotliSharedDictionaryType type, + size_t data_size, const uint8_t data[BROTLI_ARRAY_PARAM(data_size)]); + +/** + * Creates an instance of ::BrotliDecoderState and initializes it. + * + * The instance can be used once for decoding and should then be destroyed with + * ::BrotliDecoderDestroyInstance, it cannot be reused for a new decoding + * session. + * + * @p alloc_func and @p free_func @b MUST be both zero or both non-zero. In the + * case they are both zero, default memory allocators are used. @p opaque is + * passed to @p alloc_func and @p free_func when they are called. @p free_func + * has to return without doing anything when asked to free a NULL pointer. + * + * @param alloc_func custom memory allocation function + * @param free_func custom memory free function + * @param opaque custom memory manager handle + * @returns @c 0 if instance can not be allocated or initialized + * @returns pointer to initialized ::BrotliDecoderState otherwise + */ +BROTLI_DEC_API BrotliDecoderState* BrotliDecoderCreateInstance( + brotli_alloc_func alloc_func, brotli_free_func free_func, void* opaque); + +/** + * Deinitializes and frees ::BrotliDecoderState instance. + * + * @param state decoder instance to be cleaned up and deallocated + */ +BROTLI_DEC_API void BrotliDecoderDestroyInstance(BrotliDecoderState* state); + +/** + * Performs one-shot memory-to-memory decompression. + * + * Decompresses the data in @p encoded_buffer into @p decoded_buffer, and sets + * @p *decoded_size to the decompressed length. + * + * @param encoded_size size of @p encoded_buffer + * @param encoded_buffer compressed data buffer with at least @p encoded_size + * addressable bytes + * @param[in, out] decoded_size @b in: size of @p decoded_buffer; \n + * @b out: length of decompressed data written to + * @p decoded_buffer + * @param decoded_buffer decompressed data destination buffer + * @returns ::BROTLI_DECODER_RESULT_ERROR if input is corrupted, memory + * allocation failed, or @p decoded_buffer is not large enough; + * @returns ::BROTLI_DECODER_RESULT_SUCCESS otherwise + */ +BROTLI_DEC_API BrotliDecoderResult BrotliDecoderDecompress( + size_t encoded_size, + const uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(encoded_size)], + size_t* decoded_size, + uint8_t decoded_buffer[BROTLI_ARRAY_PARAM(*decoded_size)]); + +/** + * Decompresses the input stream to the output stream. + * + * The values @p *available_in and @p *available_out must specify the number of + * bytes addressable at @p *next_in and @p *next_out respectively. + * When @p *available_out is @c 0, @p next_out is allowed to be @c NULL. + * + * After each call, @p *available_in will be decremented by the amount of input + * bytes consumed, and the @p *next_in pointer will be incremented by that + * amount. Similarly, @p *available_out will be decremented by the amount of + * output bytes written, and the @p *next_out pointer will be incremented by + * that amount. + * + * @p total_out, if it is not a null-pointer, will be set to the number + * of bytes decompressed since the last @p state initialization. + * + * @note Input is never overconsumed, so @p next_in and @p available_in could be + * passed to the next consumer after decoding is complete. + * + * @param state decoder instance + * @param[in, out] available_in @b in: amount of available input; \n + * @b out: amount of unused input + * @param[in, out] next_in pointer to the next compressed byte + * @param[in, out] available_out @b in: length of output buffer; \n + * @b out: remaining size of output buffer + * @param[in, out] next_out output buffer cursor; + * can be @c NULL if @p available_out is @c 0 + * @param[out] total_out number of bytes decompressed so far; can be @c NULL + * @returns ::BROTLI_DECODER_RESULT_ERROR if input is corrupted, memory + * allocation failed, arguments were invalid, etc.; + * use ::BrotliDecoderGetErrorCode to get detailed error code + * @returns ::BROTLI_DECODER_RESULT_NEEDS_MORE_INPUT decoding is blocked until + * more input data is provided + * @returns ::BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT decoding is blocked until + * more output space is provided + * @returns ::BROTLI_DECODER_RESULT_SUCCESS decoding is finished, no more + * input might be consumed and no more output will be produced + */ +BROTLI_DEC_API BrotliDecoderResult BrotliDecoderDecompressStream( + BrotliDecoderState* state, size_t* available_in, const uint8_t** next_in, + size_t* available_out, uint8_t** next_out, size_t* total_out); + +/** + * Checks if decoder has more output. + * + * @param state decoder instance + * @returns ::BROTLI_TRUE, if decoder has some unconsumed output + * @returns ::BROTLI_FALSE otherwise + */ +BROTLI_DEC_API BROTLI_BOOL BrotliDecoderHasMoreOutput( + const BrotliDecoderState* state); + +/** + * Acquires pointer to internal output buffer. + * + * This method is used to make language bindings easier and more efficient: + * -# push data to ::BrotliDecoderDecompressStream, + * until ::BROTLI_DECODER_RESULT_NEEDS_MORE_OUTPUT is reported + * -# use ::BrotliDecoderTakeOutput to peek bytes and copy to language-specific + * entity + * + * Also this could be useful if there is an output stream that is able to + * consume all the provided data (e.g. when data is saved to file system). + * + * @attention After every call to ::BrotliDecoderTakeOutput @p *size bytes of + * output are considered consumed for all consecutive calls to the + * instance methods; returned pointer becomes invalidated as well. + * + * @note Decoder output is not guaranteed to be contiguous. This means that + * after the size-unrestricted call to ::BrotliDecoderTakeOutput, + * immediate next call to ::BrotliDecoderTakeOutput may return more data. + * + * @param state decoder instance + * @param[in, out] size @b in: number of bytes caller is ready to take, @c 0 if + * any amount could be handled; \n + * @b out: amount of data pointed by returned pointer and + * considered consumed; \n + * out value is never greater than in value, unless it is @c 0 + * @returns pointer to output data + */ +BROTLI_DEC_API const uint8_t* BrotliDecoderTakeOutput( + BrotliDecoderState* state, size_t* size); + +/** + * Checks if instance has already consumed input. + * + * Instance that returns ::BROTLI_FALSE is considered "fresh" and could be + * reused. + * + * @param state decoder instance + * @returns ::BROTLI_TRUE if decoder has already used some input bytes + * @returns ::BROTLI_FALSE otherwise + */ +BROTLI_DEC_API BROTLI_BOOL BrotliDecoderIsUsed(const BrotliDecoderState* state); + +/** + * Checks if decoder instance reached the final state. + * + * @param state decoder instance + * @returns ::BROTLI_TRUE if decoder is in a state where it reached the end of + * the input and produced all of the output + * @returns ::BROTLI_FALSE otherwise + */ +BROTLI_DEC_API BROTLI_BOOL BrotliDecoderIsFinished( + const BrotliDecoderState* state); + +/** + * Acquires a detailed error code. + * + * Should be used only after ::BrotliDecoderDecompressStream returns + * ::BROTLI_DECODER_RESULT_ERROR. + * + * See also ::BrotliDecoderErrorString + * + * @param state decoder instance + * @returns last saved error code + */ +BROTLI_DEC_API BrotliDecoderErrorCode BrotliDecoderGetErrorCode( + const BrotliDecoderState* state); + +/** + * Converts error code to a c-string. + */ +BROTLI_DEC_API const char* BrotliDecoderErrorString(BrotliDecoderErrorCode c); + +/** + * Gets a decoder library version. + * + * Look at BROTLI_MAKE_HEX_VERSION for more information. + */ +BROTLI_DEC_API uint32_t BrotliDecoderVersion(void); + +/** + * Callback to fire on metadata block start. + * + * After this callback is fired, if @p size is not @c 0, it is followed by + * ::brotli_decoder_metadata_chunk_func as more metadata block contents become + * accessible. + * + * @param opaque callback handle + * @param size size of metadata block + */ +typedef void (*brotli_decoder_metadata_start_func)(void* opaque, size_t size); + +/** + * Callback to fire on metadata block chunk becomes available. + * + * This function can be invoked multiple times per metadata block; block should + * be considered finished when sum of @p size matches the announced metadata + * block size. Chunks contents pointed by @p data are transient and shouln not + * be accessed after leaving the callback. + * + * @param opaque callback handle + * @param data pointer to metadata contents + * @param size size of metadata block chunk, at least @c 1 + */ +typedef void (*brotli_decoder_metadata_chunk_func)(void* opaque, + const uint8_t* data, + size_t size); + +/** + * Sets callback for receiving metadata blocks. + * + * @param state decoder instance + * @param start_func callback on metadata block start + * @param chunk_func callback on metadata block chunk + * @param opaque callback handle + */ +BROTLI_DEC_API void BrotliDecoderSetMetadataCallbacks( + BrotliDecoderState* state, + brotli_decoder_metadata_start_func start_func, + brotli_decoder_metadata_chunk_func chunk_func, void* opaque); + +#if defined(__cplusplus) || defined(c_plusplus) +} /* extern "C" */ +#endif + +#endif /* BROTLI_DEC_DECODE_H_ */ diff --git a/includes/curl/brotli/encode.h b/includes/curl/brotli/encode.h new file mode 100644 index 0000000..dea9931 --- /dev/null +++ b/includes/curl/brotli/encode.h @@ -0,0 +1,501 @@ +/* Copyright 2013 Google Inc. All Rights Reserved. + + Distributed under MIT license. + See file LICENSE for detail or copy at https://opensource.org/licenses/MIT +*/ + +/** + * @file + * API for Brotli compression. + */ + +#ifndef BROTLI_ENC_ENCODE_H_ +#define BROTLI_ENC_ENCODE_H_ + +#include +#include +#include + +#if defined(__cplusplus) || defined(c_plusplus) +extern "C" { +#endif + +/** Minimal value for ::BROTLI_PARAM_LGWIN parameter. */ +#define BROTLI_MIN_WINDOW_BITS 10 +/** + * Maximal value for ::BROTLI_PARAM_LGWIN parameter. + * + * @note equal to @c BROTLI_MAX_DISTANCE_BITS constant. + */ +#define BROTLI_MAX_WINDOW_BITS 24 +/** + * Maximal value for ::BROTLI_PARAM_LGWIN parameter + * in "Large Window Brotli" (32-bit). + */ +#define BROTLI_LARGE_MAX_WINDOW_BITS 30 +/** Minimal value for ::BROTLI_PARAM_LGBLOCK parameter. */ +#define BROTLI_MIN_INPUT_BLOCK_BITS 16 +/** Maximal value for ::BROTLI_PARAM_LGBLOCK parameter. */ +#define BROTLI_MAX_INPUT_BLOCK_BITS 24 +/** Minimal value for ::BROTLI_PARAM_QUALITY parameter. */ +#define BROTLI_MIN_QUALITY 0 +/** Maximal value for ::BROTLI_PARAM_QUALITY parameter. */ +#define BROTLI_MAX_QUALITY 11 + +/** Options for ::BROTLI_PARAM_MODE parameter. */ +typedef enum BrotliEncoderMode { + /** + * Default compression mode. + * + * In this mode compressor does not know anything in advance about the + * properties of the input. + */ + BROTLI_MODE_GENERIC = 0, + /** Compression mode for UTF-8 formatted text input. */ + BROTLI_MODE_TEXT = 1, + /** Compression mode used in WOFF 2.0. */ + BROTLI_MODE_FONT = 2 +} BrotliEncoderMode; + +/** Default value for ::BROTLI_PARAM_QUALITY parameter. */ +#define BROTLI_DEFAULT_QUALITY 11 +/** Default value for ::BROTLI_PARAM_LGWIN parameter. */ +#define BROTLI_DEFAULT_WINDOW 22 +/** Default value for ::BROTLI_PARAM_MODE parameter. */ +#define BROTLI_DEFAULT_MODE BROTLI_MODE_GENERIC + +/** Operations that can be performed by streaming encoder. */ +typedef enum BrotliEncoderOperation { + /** + * Process input. + * + * Encoder may postpone producing output, until it has processed enough input. + */ + BROTLI_OPERATION_PROCESS = 0, + /** + * Produce output for all processed input. + * + * Actual flush is performed when input stream is depleted and there is enough + * space in output stream. This means that client should repeat + * ::BROTLI_OPERATION_FLUSH operation until @p available_in becomes @c 0, and + * ::BrotliEncoderHasMoreOutput returns ::BROTLI_FALSE. If output is acquired + * via ::BrotliEncoderTakeOutput, then operation should be repeated after + * output buffer is drained. + * + * @warning Until flush is complete, client @b SHOULD @b NOT swap, + * reduce or extend input stream. + * + * When flush is complete, output data will be sufficient for decoder to + * reproduce all the given input. + */ + BROTLI_OPERATION_FLUSH = 1, + /** + * Finalize the stream. + * + * Actual finalization is performed when input stream is depleted and there is + * enough space in output stream. This means that client should repeat + * ::BROTLI_OPERATION_FINISH operation until @p available_in becomes @c 0, and + * ::BrotliEncoderHasMoreOutput returns ::BROTLI_FALSE. If output is acquired + * via ::BrotliEncoderTakeOutput, then operation should be repeated after + * output buffer is drained. + * + * @warning Until finalization is complete, client @b SHOULD @b NOT swap, + * reduce or extend input stream. + * + * Helper function ::BrotliEncoderIsFinished checks if stream is finalized and + * output fully dumped. + * + * Adding more input data to finalized stream is impossible. + */ + BROTLI_OPERATION_FINISH = 2, + /** + * Emit metadata block to stream. + * + * Metadata is opaque to Brotli: neither encoder, nor decoder processes this + * data or relies on it. It may be used to pass some extra information from + * encoder client to decoder client without interfering with main data stream. + * + * @note Encoder may emit empty metadata blocks internally, to pad encoded + * stream to byte boundary. + * + * @warning Until emitting metadata is complete client @b SHOULD @b NOT swap, + * reduce or extend input stream. + * + * @warning The whole content of input buffer is considered to be the content + * of metadata block. Do @b NOT @e append metadata to input stream, + * before it is depleted with other operations. + * + * Stream is soft-flushed before metadata block is emitted. Metadata block + * @b MUST be no longer than than 16MiB. + */ + BROTLI_OPERATION_EMIT_METADATA = 3 +} BrotliEncoderOperation; + +/** Options to be used with ::BrotliEncoderSetParameter. */ +typedef enum BrotliEncoderParameter { + /** + * Tune encoder for specific input. + * + * ::BrotliEncoderMode enumerates all available values. + */ + BROTLI_PARAM_MODE = 0, + /** + * The main compression speed-density lever. + * + * The higher the quality, the slower the compression. Range is + * from ::BROTLI_MIN_QUALITY to ::BROTLI_MAX_QUALITY. + */ + BROTLI_PARAM_QUALITY = 1, + /** + * Recommended sliding LZ77 window size. + * + * Encoder may reduce this value, e.g. if input is much smaller than + * window size. + * + * Window size is `(1 << value) - 16`. + * + * Range is from ::BROTLI_MIN_WINDOW_BITS to ::BROTLI_MAX_WINDOW_BITS. + */ + BROTLI_PARAM_LGWIN = 2, + /** + * Recommended input block size. + * + * Encoder may reduce this value, e.g. if input is much smaller than input + * block size. + * + * Range is from ::BROTLI_MIN_INPUT_BLOCK_BITS to + * ::BROTLI_MAX_INPUT_BLOCK_BITS. + * + * @note Bigger input block size allows better compression, but consumes more + * memory. \n The rough formula of memory used for temporary input + * storage is `3 << lgBlock`. + */ + BROTLI_PARAM_LGBLOCK = 3, + /** + * Flag that affects usage of "literal context modeling" format feature. + * + * This flag is a "decoding-speed vs compression ratio" trade-off. + */ + BROTLI_PARAM_DISABLE_LITERAL_CONTEXT_MODELING = 4, + /** + * Estimated total input size for all ::BrotliEncoderCompressStream calls. + * + * The default value is 0, which means that the total input size is unknown. + */ + BROTLI_PARAM_SIZE_HINT = 5, + /** + * Flag that determines if "Large Window Brotli" is used. + */ + BROTLI_PARAM_LARGE_WINDOW = 6, + /** + * Recommended number of postfix bits (NPOSTFIX). + * + * Encoder may change this value. + * + * Range is from 0 to ::BROTLI_MAX_NPOSTFIX. + */ + BROTLI_PARAM_NPOSTFIX = 7, + /** + * Recommended number of direct distance codes (NDIRECT). + * + * Encoder may change this value. + * + * Range is from 0 to (15 << NPOSTFIX) in steps of (1 << NPOSTFIX). + */ + BROTLI_PARAM_NDIRECT = 8, + /** + * Number of bytes of input stream already processed by a different instance. + * + * @note It is important to configure all the encoder instances with same + * parameters (except this one) in order to allow all the encoded parts + * obey the same restrictions implied by header. + * + * If offset is not 0, then stream header is omitted. + * In any case output start is byte aligned, so for proper streams stitching + * "predecessor" stream must be flushed. + * + * Range is not artificially limited, but all the values greater or equal to + * maximal window size have the same effect. Values greater than 2**30 are not + * allowed. + */ + BROTLI_PARAM_STREAM_OFFSET = 9 +} BrotliEncoderParameter; + +/** + * Opaque structure that holds encoder state. + * + * Allocated and initialized with ::BrotliEncoderCreateInstance. + * Cleaned up and deallocated with ::BrotliEncoderDestroyInstance. + */ +typedef struct BrotliEncoderStateStruct BrotliEncoderState; + +/** + * Sets the specified parameter to the given encoder instance. + * + * @param state encoder instance + * @param param parameter to set + * @param value new parameter value + * @returns ::BROTLI_FALSE if parameter is unrecognized, or value is invalid + * @returns ::BROTLI_FALSE if value of parameter can not be changed at current + * encoder state (e.g. when encoding is started, window size might be + * already encoded and therefore it is impossible to change it) + * @returns ::BROTLI_TRUE if value is accepted + * @warning invalid values might be accepted in case they would not break + * encoding process. + */ +BROTLI_ENC_API BROTLI_BOOL BrotliEncoderSetParameter( + BrotliEncoderState* state, BrotliEncoderParameter param, uint32_t value); + +/** + * Creates an instance of ::BrotliEncoderState and initializes it. + * + * @p alloc_func and @p free_func @b MUST be both zero or both non-zero. In the + * case they are both zero, default memory allocators are used. @p opaque is + * passed to @p alloc_func and @p free_func when they are called. @p free_func + * has to return without doing anything when asked to free a NULL pointer. + * + * @param alloc_func custom memory allocation function + * @param free_func custom memory free function + * @param opaque custom memory manager handle + * @returns @c 0 if instance can not be allocated or initialized + * @returns pointer to initialized ::BrotliEncoderState otherwise + */ +BROTLI_ENC_API BrotliEncoderState* BrotliEncoderCreateInstance( + brotli_alloc_func alloc_func, brotli_free_func free_func, void* opaque); + +/** + * Deinitializes and frees ::BrotliEncoderState instance. + * + * @param state decoder instance to be cleaned up and deallocated + */ +BROTLI_ENC_API void BrotliEncoderDestroyInstance(BrotliEncoderState* state); + +/* Opaque type for pointer to different possible internal structures containing + dictionary prepared for the encoder */ +typedef struct BrotliEncoderPreparedDictionaryStruct + BrotliEncoderPreparedDictionary; + +/** + * Prepares a shared dictionary from the given file format for the encoder. + * + * @p alloc_func and @p free_func @b MUST be both zero or both non-zero. In the + * case they are both zero, default memory allocators are used. @p opaque is + * passed to @p alloc_func and @p free_func when they are called. @p free_func + * has to return without doing anything when asked to free a NULL pointer. + * + * @param type type of dictionary stored in data + * @param data_size size of @p data buffer + * @param data pointer to the dictionary data + * @param quality the maximum Brotli quality to prepare the dictionary for, + * use BROTLI_MAX_QUALITY by default + * @param alloc_func custom memory allocation function + * @param free_func custom memory free function + * @param opaque custom memory manager handle + */ +BROTLI_ENC_API BrotliEncoderPreparedDictionary* +BrotliEncoderPrepareDictionary(BrotliSharedDictionaryType type, + size_t data_size, const uint8_t data[BROTLI_ARRAY_PARAM(data_size)], + int quality, + brotli_alloc_func alloc_func, brotli_free_func free_func, void* opaque); + +BROTLI_ENC_API void BrotliEncoderDestroyPreparedDictionary( + BrotliEncoderPreparedDictionary* dictionary); + +/** + * Attaches a prepared dictionary of any type to the encoder. Can be used + * multiple times to attach multiple dictionaries. The dictionary type was + * determined by BrotliEncoderPrepareDictionary. Multiple raw prefix + * dictionaries and/or max 1 serialized dictionary with custom words can be + * attached. + * + * @returns ::BROTLI_FALSE in case of error + * @returns ::BROTLI_TRUE otherwise + */ +BROTLI_ENC_API BROTLI_BOOL BrotliEncoderAttachPreparedDictionary( + BrotliEncoderState* state, + const BrotliEncoderPreparedDictionary* dictionary); + +/** + * Calculates the output size bound for the given @p input_size. + * + * @warning Result is only valid if quality is at least @c 2 and, in + * case ::BrotliEncoderCompressStream was used, no flushes + * (::BROTLI_OPERATION_FLUSH) were performed. + * + * @param input_size size of projected input + * @returns @c 0 if result does not fit @c size_t + */ +BROTLI_ENC_API size_t BrotliEncoderMaxCompressedSize(size_t input_size); + +/** + * Performs one-shot memory-to-memory compression. + * + * Compresses the data in @p input_buffer into @p encoded_buffer, and sets + * @p *encoded_size to the compressed length. + * + * @note If ::BrotliEncoderMaxCompressedSize(@p input_size) returns non-zero + * value, then output is guaranteed to be no longer than that. + * + * @note If @p lgwin is greater than ::BROTLI_MAX_WINDOW_BITS then resulting + * stream might be incompatible with RFC 7932; to decode such streams, + * decoder should be configured with + * ::BROTLI_DECODER_PARAM_LARGE_WINDOW = @c 1 + * + * @param quality quality parameter value, e.g. ::BROTLI_DEFAULT_QUALITY + * @param lgwin lgwin parameter value, e.g. ::BROTLI_DEFAULT_WINDOW + * @param mode mode parameter value, e.g. ::BROTLI_DEFAULT_MODE + * @param input_size size of @p input_buffer + * @param input_buffer input data buffer with at least @p input_size + * addressable bytes + * @param[in, out] encoded_size @b in: size of @p encoded_buffer; \n + * @b out: length of compressed data written to + * @p encoded_buffer, or @c 0 if compression fails + * @param encoded_buffer compressed data destination buffer + * @returns ::BROTLI_FALSE in case of compression error + * @returns ::BROTLI_FALSE if output buffer is too small + * @returns ::BROTLI_TRUE otherwise + */ +BROTLI_ENC_API BROTLI_BOOL BrotliEncoderCompress( + int quality, int lgwin, BrotliEncoderMode mode, size_t input_size, + const uint8_t input_buffer[BROTLI_ARRAY_PARAM(input_size)], + size_t* encoded_size, + uint8_t encoded_buffer[BROTLI_ARRAY_PARAM(*encoded_size)]); + +/** + * Compresses input stream to output stream. + * + * The values @p *available_in and @p *available_out must specify the number of + * bytes addressable at @p *next_in and @p *next_out respectively. + * When @p *available_out is @c 0, @p next_out is allowed to be @c NULL. + * + * After each call, @p *available_in will be decremented by the amount of input + * bytes consumed, and the @p *next_in pointer will be incremented by that + * amount. Similarly, @p *available_out will be decremented by the amount of + * output bytes written, and the @p *next_out pointer will be incremented by + * that amount. + * + * @p total_out, if it is not a null-pointer, will be set to the number + * of bytes compressed since the last @p state initialization. + * + * + * + * Internally workflow consists of 3 tasks: + * -# (optionally) copy input data to internal buffer + * -# actually compress data and (optionally) store it to internal buffer + * -# (optionally) copy compressed bytes from internal buffer to output stream + * + * Whenever all 3 tasks can't move forward anymore, or error occurs, this + * method returns the control flow to caller. + * + * @p op is used to perform flush, finish the stream, or inject metadata block. + * See ::BrotliEncoderOperation for more information. + * + * Flushing the stream means forcing encoding of all input passed to encoder and + * completing the current output block, so it could be fully decoded by stream + * decoder. To perform flush set @p op to ::BROTLI_OPERATION_FLUSH. + * Under some circumstances (e.g. lack of output stream capacity) this operation + * would require several calls to ::BrotliEncoderCompressStream. The method must + * be called again until both input stream is depleted and encoder has no more + * output (see ::BrotliEncoderHasMoreOutput) after the method is called. + * + * Finishing the stream means encoding of all input passed to encoder and + * adding specific "final" marks, so stream decoder could determine that stream + * is complete. To perform finish set @p op to ::BROTLI_OPERATION_FINISH. + * Under some circumstances (e.g. lack of output stream capacity) this operation + * would require several calls to ::BrotliEncoderCompressStream. The method must + * be called again until both input stream is depleted and encoder has no more + * output (see ::BrotliEncoderHasMoreOutput) after the method is called. + * + * @warning When flushing and finishing, @p op should not change until operation + * is complete; input stream should not be swapped, reduced or + * extended as well. + * + * @param state encoder instance + * @param op requested operation + * @param[in, out] available_in @b in: amount of available input; \n + * @b out: amount of unused input + * @param[in, out] next_in pointer to the next input byte + * @param[in, out] available_out @b in: length of output buffer; \n + * @b out: remaining size of output buffer + * @param[in, out] next_out compressed output buffer cursor; + * can be @c NULL if @p available_out is @c 0 + * @param[out] total_out number of bytes produced so far; can be @c NULL + * @returns ::BROTLI_FALSE if there was an error + * @returns ::BROTLI_TRUE otherwise + */ +BROTLI_ENC_API BROTLI_BOOL BrotliEncoderCompressStream( + BrotliEncoderState* state, BrotliEncoderOperation op, size_t* available_in, + const uint8_t** next_in, size_t* available_out, uint8_t** next_out, + size_t* total_out); + +/** + * Checks if encoder instance reached the final state. + * + * @param state encoder instance + * @returns ::BROTLI_TRUE if encoder is in a state where it reached the end of + * the input and produced all of the output + * @returns ::BROTLI_FALSE otherwise + */ +BROTLI_ENC_API BROTLI_BOOL BrotliEncoderIsFinished(BrotliEncoderState* state); + +/** + * Checks if encoder has more output. + * + * @param state encoder instance + * @returns ::BROTLI_TRUE, if encoder has some unconsumed output + * @returns ::BROTLI_FALSE otherwise + */ +BROTLI_ENC_API BROTLI_BOOL BrotliEncoderHasMoreOutput( + BrotliEncoderState* state); + +/** + * Acquires pointer to internal output buffer. + * + * This method is used to make language bindings easier and more efficient: + * -# push data to ::BrotliEncoderCompressStream, + * until ::BrotliEncoderHasMoreOutput returns BROTLI_TRUE + * -# use ::BrotliEncoderTakeOutput to peek bytes and copy to language-specific + * entity + * + * Also this could be useful if there is an output stream that is able to + * consume all the provided data (e.g. when data is saved to file system). + * + * @attention After every call to ::BrotliEncoderTakeOutput @p *size bytes of + * output are considered consumed for all consecutive calls to the + * instance methods; returned pointer becomes invalidated as well. + * + * @note Encoder output is not guaranteed to be contiguous. This means that + * after the size-unrestricted call to ::BrotliEncoderTakeOutput, + * immediate next call to ::BrotliEncoderTakeOutput may return more data. + * + * @param state encoder instance + * @param[in, out] size @b in: number of bytes caller is ready to take, @c 0 if + * any amount could be handled; \n + * @b out: amount of data pointed by returned pointer and + * considered consumed; \n + * out value is never greater than in value, unless it is @c 0 + * @returns pointer to output data + */ +BROTLI_ENC_API const uint8_t* BrotliEncoderTakeOutput( + BrotliEncoderState* state, size_t* size); + +/* Returns the estimated peak memory usage (in bytes) of the BrotliCompress() + function, not counting the memory needed for the input and output. */ +BROTLI_ENC_EXTRA_API size_t BrotliEncoderEstimatePeakMemoryUsage( + int quality, int lgwin, size_t input_size); +/* Returns 0 if dictionary is not valid; otherwise returns allocation size. */ +BROTLI_ENC_EXTRA_API size_t BrotliEncoderGetPreparedDictionarySize( + const BrotliEncoderPreparedDictionary* dictionary); + +/** + * Gets an encoder library version. + * + * Look at BROTLI_MAKE_HEX_VERSION for more information. + */ +BROTLI_ENC_API uint32_t BrotliEncoderVersion(void); + +#if defined(__cplusplus) || defined(c_plusplus) +} /* extern "C" */ +#endif + +#endif /* BROTLI_ENC_ENCODE_H_ */ diff --git a/includes/curl/brotli/port.h b/includes/curl/brotli/port.h new file mode 100644 index 0000000..0d50019 --- /dev/null +++ b/includes/curl/brotli/port.h @@ -0,0 +1,305 @@ +/* Copyright 2016 Google Inc. All Rights Reserved. + + Distributed under MIT license. + See file LICENSE for detail or copy at https://opensource.org/licenses/MIT +*/ + +/* Macros for compiler / platform specific API declarations. */ + +#ifndef BROTLI_COMMON_PORT_H_ +#define BROTLI_COMMON_PORT_H_ + +/* The following macros were borrowed from https://github.com/nemequ/hedley + * with permission of original author - Evan Nemerson */ + +/* >>> >>> >>> hedley macros */ + +#define BROTLI_MAKE_VERSION(major, minor, revision) \ + (((major) * 1000000) + ((minor) * 1000) + (revision)) + +#if defined(__GNUC__) && defined(__GNUC_PATCHLEVEL__) +#define BROTLI_GNUC_VERSION \ + BROTLI_MAKE_VERSION(__GNUC__, __GNUC_MINOR__, __GNUC_PATCHLEVEL__) +#elif defined(__GNUC__) +#define BROTLI_GNUC_VERSION BROTLI_MAKE_VERSION(__GNUC__, __GNUC_MINOR__, 0) +#endif + +#if defined(BROTLI_GNUC_VERSION) +#define BROTLI_GNUC_VERSION_CHECK(major, minor, patch) \ + (BROTLI_GNUC_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_GNUC_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(_MSC_FULL_VER) && (_MSC_FULL_VER >= 140000000) +#define BROTLI_MSVC_VERSION \ + BROTLI_MAKE_VERSION((_MSC_FULL_VER / 10000000), \ + (_MSC_FULL_VER % 10000000) / 100000, \ + (_MSC_FULL_VER % 100000) / 100) +#elif defined(_MSC_FULL_VER) +#define BROTLI_MSVC_VERSION \ + BROTLI_MAKE_VERSION((_MSC_FULL_VER / 1000000), \ + (_MSC_FULL_VER % 1000000) / 10000, \ + (_MSC_FULL_VER % 10000) / 10) +#elif defined(_MSC_VER) +#define BROTLI_MSVC_VERSION \ + BROTLI_MAKE_VERSION(_MSC_VER / 100, _MSC_VER % 100, 0) +#endif + +#if !defined(_MSC_VER) +#define BROTLI_MSVC_VERSION_CHECK(major, minor, patch) (0) +#elif defined(_MSC_VER) && (_MSC_VER >= 1400) +#define BROTLI_MSVC_VERSION_CHECK(major, minor, patch) \ + (_MSC_FULL_VER >= ((major * 10000000) + (minor * 100000) + (patch))) +#elif defined(_MSC_VER) && (_MSC_VER >= 1200) +#define BROTLI_MSVC_VERSION_CHECK(major, minor, patch) \ + (_MSC_FULL_VER >= ((major * 1000000) + (minor * 10000) + (patch))) +#else +#define BROTLI_MSVC_VERSION_CHECK(major, minor, patch) \ + (_MSC_VER >= ((major * 100) + (minor))) +#endif + +#if defined(__INTEL_COMPILER) && defined(__INTEL_COMPILER_UPDATE) +#define BROTLI_INTEL_VERSION \ + BROTLI_MAKE_VERSION(__INTEL_COMPILER / 100, \ + __INTEL_COMPILER % 100, \ + __INTEL_COMPILER_UPDATE) +#elif defined(__INTEL_COMPILER) +#define BROTLI_INTEL_VERSION \ + BROTLI_MAKE_VERSION(__INTEL_COMPILER / 100, __INTEL_COMPILER % 100, 0) +#endif + +#if defined(BROTLI_INTEL_VERSION) +#define BROTLI_INTEL_VERSION_CHECK(major, minor, patch) \ + (BROTLI_INTEL_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_INTEL_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__PGI) && \ + defined(__PGIC__) && defined(__PGIC_MINOR__) && defined(__PGIC_PATCHLEVEL__) +#define BROTLI_PGI_VERSION \ + BROTLI_MAKE_VERSION(__PGIC__, __PGIC_MINOR__, __PGIC_PATCHLEVEL__) +#endif + +#if defined(BROTLI_PGI_VERSION) +#define BROTLI_PGI_VERSION_CHECK(major, minor, patch) \ + (BROTLI_PGI_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_PGI_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__SUNPRO_C) && (__SUNPRO_C > 0x1000) +#define BROTLI_SUNPRO_VERSION \ + BROTLI_MAKE_VERSION( \ + (((__SUNPRO_C >> 16) & 0xf) * 10) + ((__SUNPRO_C >> 12) & 0xf), \ + (((__SUNPRO_C >> 8) & 0xf) * 10) + ((__SUNPRO_C >> 4) & 0xf), \ + (__SUNPRO_C & 0xf) * 10) +#elif defined(__SUNPRO_C) +#define BROTLI_SUNPRO_VERSION \ + BROTLI_MAKE_VERSION((__SUNPRO_C >> 8) & 0xf, \ + (__SUNPRO_C >> 4) & 0xf, \ + (__SUNPRO_C) & 0xf) +#elif defined(__SUNPRO_CC) && (__SUNPRO_CC > 0x1000) +#define BROTLI_SUNPRO_VERSION \ + BROTLI_MAKE_VERSION( \ + (((__SUNPRO_CC >> 16) & 0xf) * 10) + ((__SUNPRO_CC >> 12) & 0xf), \ + (((__SUNPRO_CC >> 8) & 0xf) * 10) + ((__SUNPRO_CC >> 4) & 0xf), \ + (__SUNPRO_CC & 0xf) * 10) +#elif defined(__SUNPRO_CC) +#define BROTLI_SUNPRO_VERSION \ + BROTLI_MAKE_VERSION((__SUNPRO_CC >> 8) & 0xf, \ + (__SUNPRO_CC >> 4) & 0xf, \ + (__SUNPRO_CC) & 0xf) +#endif + +#if defined(BROTLI_SUNPRO_VERSION) +#define BROTLI_SUNPRO_VERSION_CHECK(major, minor, patch) \ + (BROTLI_SUNPRO_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_SUNPRO_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__CC_ARM) && defined(__ARMCOMPILER_VERSION) +#define BROTLI_ARM_VERSION \ + BROTLI_MAKE_VERSION((__ARMCOMPILER_VERSION / 1000000), \ + (__ARMCOMPILER_VERSION % 1000000) / 10000, \ + (__ARMCOMPILER_VERSION % 10000) / 100) +#elif defined(__CC_ARM) && defined(__ARMCC_VERSION) +#define BROTLI_ARM_VERSION \ + BROTLI_MAKE_VERSION((__ARMCC_VERSION / 1000000), \ + (__ARMCC_VERSION % 1000000) / 10000, \ + (__ARMCC_VERSION % 10000) / 100) +#endif + +#if defined(BROTLI_ARM_VERSION) +#define BROTLI_ARM_VERSION_CHECK(major, minor, patch) \ + (BROTLI_ARM_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_ARM_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__ibmxl__) +#define BROTLI_IBM_VERSION \ + BROTLI_MAKE_VERSION(__ibmxl_version__, \ + __ibmxl_release__, \ + __ibmxl_modification__) +#elif defined(__xlC__) && defined(__xlC_ver__) +#define BROTLI_IBM_VERSION \ + BROTLI_MAKE_VERSION(__xlC__ >> 8, __xlC__ & 0xff, (__xlC_ver__ >> 8) & 0xff) +#elif defined(__xlC__) +#define BROTLI_IBM_VERSION BROTLI_MAKE_VERSION(__xlC__ >> 8, __xlC__ & 0xff, 0) +#endif + +#if defined(BROTLI_IBM_VERSION) +#define BROTLI_IBM_VERSION_CHECK(major, minor, patch) \ + (BROTLI_IBM_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_IBM_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__TI_COMPILER_VERSION__) +#define BROTLI_TI_VERSION \ + BROTLI_MAKE_VERSION((__TI_COMPILER_VERSION__ / 1000000), \ + (__TI_COMPILER_VERSION__ % 1000000) / 1000, \ + (__TI_COMPILER_VERSION__ % 1000)) +#endif + +#if defined(BROTLI_TI_VERSION) +#define BROTLI_TI_VERSION_CHECK(major, minor, patch) \ + (BROTLI_TI_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_TI_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__IAR_SYSTEMS_ICC__) +#if __VER__ > 1000 +#define BROTLI_IAR_VERSION \ + BROTLI_MAKE_VERSION((__VER__ / 1000000), \ + (__VER__ / 1000) % 1000, \ + (__VER__ % 1000)) +#else +#define BROTLI_IAR_VERSION BROTLI_MAKE_VERSION(VER / 100, __VER__ % 100, 0) +#endif +#endif + +#if defined(BROTLI_IAR_VERSION) +#define BROTLI_IAR_VERSION_CHECK(major, minor, patch) \ + (BROTLI_IAR_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_IAR_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__TINYC__) +#define BROTLI_TINYC_VERSION \ + BROTLI_MAKE_VERSION(__TINYC__ / 1000, (__TINYC__ / 100) % 10, __TINYC__ % 100) +#endif + +#if defined(BROTLI_TINYC_VERSION) +#define BROTLI_TINYC_VERSION_CHECK(major, minor, patch) \ + (BROTLI_TINYC_VERSION >= BROTLI_MAKE_VERSION(major, minor, patch)) +#else +#define BROTLI_TINYC_VERSION_CHECK(major, minor, patch) (0) +#endif + +#if defined(__has_attribute) +#define BROTLI_GNUC_HAS_ATTRIBUTE(attribute, major, minor, patch) \ + __has_attribute(attribute) +#else +#define BROTLI_GNUC_HAS_ATTRIBUTE(attribute, major, minor, patch) \ + BROTLI_GNUC_VERSION_CHECK(major, minor, patch) +#endif + +#if defined(__has_builtin) +#define BROTLI_GNUC_HAS_BUILTIN(builtin, major, minor, patch) \ + __has_builtin(builtin) +#else +#define BROTLI_GNUC_HAS_BUILTIN(builtin, major, minor, patch) \ + BROTLI_GNUC_VERSION_CHECK(major, minor, patch) +#endif + +#if defined(__has_feature) +#define BROTLI_HAS_FEATURE(feature) __has_feature(feature) +#else +#define BROTLI_HAS_FEATURE(feature) (0) +#endif + +#if defined(_WIN32) || defined(__CYGWIN__) +#define BROTLI_PUBLIC +#elif BROTLI_GNUC_VERSION_CHECK(3, 3, 0) || \ + BROTLI_TI_VERSION_CHECK(8, 0, 0) || \ + BROTLI_INTEL_VERSION_CHECK(16, 0, 0) || \ + BROTLI_ARM_VERSION_CHECK(4, 1, 0) || \ + BROTLI_IBM_VERSION_CHECK(13, 1, 0) || \ + BROTLI_SUNPRO_VERSION_CHECK(5, 11, 0) || \ + (BROTLI_TI_VERSION_CHECK(7, 3, 0) && \ + defined(__TI_GNU_ATTRIBUTE_SUPPORT__) && defined(__TI_EABI__)) +#define BROTLI_PUBLIC __attribute__ ((visibility ("default"))) +#else +#define BROTLI_PUBLIC +#endif + +/* BROTLI_INTERNAL could be defined to override visibility, e.g. for tests. */ +#if !defined(BROTLI_INTERNAL) +#if defined(_WIN32) || defined(__CYGWIN__) +#define BROTLI_INTERNAL +#elif BROTLI_GNUC_VERSION_CHECK(3, 3, 0) || \ + BROTLI_TI_VERSION_CHECK(8, 0, 0) || \ + BROTLI_INTEL_VERSION_CHECK(16, 0, 0) || \ + BROTLI_ARM_VERSION_CHECK(4, 1, 0) || \ + BROTLI_IBM_VERSION_CHECK(13, 1, 0) || \ + BROTLI_SUNPRO_VERSION_CHECK(5, 11, 0) || \ + (BROTLI_TI_VERSION_CHECK(7, 3, 0) && \ + defined(__TI_GNU_ATTRIBUTE_SUPPORT__) && defined(__TI_EABI__)) +#define BROTLI_INTERNAL __attribute__ ((visibility ("hidden"))) +#else +#define BROTLI_INTERNAL +#endif +#endif + +#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + !defined(__STDC_NO_VLA__) && !defined(__cplusplus) && \ + !defined(__PGI) && !defined(__PGIC__) && !defined(__TINYC__) && \ + !defined(__clang__) +#define BROTLI_ARRAY_PARAM(name) (name) +#else +#define BROTLI_ARRAY_PARAM(name) +#endif + +/* <<< <<< <<< end of hedley macros. */ + +#if defined(BROTLI_SHARED_COMPILATION) +#if defined(_WIN32) +#if defined(BROTLICOMMON_SHARED_COMPILATION) +#define BROTLI_COMMON_API __declspec(dllexport) +#else +#define BROTLI_COMMON_API __declspec(dllimport) +#endif /* BROTLICOMMON_SHARED_COMPILATION */ +#if defined(BROTLIDEC_SHARED_COMPILATION) +#define BROTLI_DEC_API __declspec(dllexport) +#else +#define BROTLI_DEC_API __declspec(dllimport) +#endif /* BROTLIDEC_SHARED_COMPILATION */ +#if defined(BROTLIENC_SHARED_COMPILATION) +#define BROTLI_ENC_API __declspec(dllexport) +#else +#define BROTLI_ENC_API __declspec(dllimport) +#endif /* BROTLIENC_SHARED_COMPILATION */ +#else /* _WIN32 */ +#define BROTLI_COMMON_API BROTLI_PUBLIC +#define BROTLI_DEC_API BROTLI_PUBLIC +#define BROTLI_ENC_API BROTLI_PUBLIC +#endif /* _WIN32 */ +#else /* BROTLI_SHARED_COMPILATION */ +#define BROTLI_COMMON_API +#define BROTLI_DEC_API +#define BROTLI_ENC_API +#endif + +#if defined(BROTLI_BUILD_ENC_EXTRA_API) +#define BROTLI_ENC_EXTRA_API BROTLI_ENC_API +#else +#define BROTLI_ENC_EXTRA_API BROTLI_INTERNAL +#endif + +#endif /* BROTLI_COMMON_PORT_H_ */ diff --git a/includes/curl/brotli/shared_dictionary.h b/includes/curl/brotli/shared_dictionary.h new file mode 100644 index 0000000..2970c2d --- /dev/null +++ b/includes/curl/brotli/shared_dictionary.h @@ -0,0 +1,100 @@ +/* Copyright 2017 Google Inc. All Rights Reserved. + + Distributed under MIT license. + See file LICENSE for detail or copy at https://opensource.org/licenses/MIT +*/ + +/* (Opaque) Shared Dictionary definition and utilities. */ + +#ifndef BROTLI_COMMON_SHARED_DICTIONARY_H_ +#define BROTLI_COMMON_SHARED_DICTIONARY_H_ + +#include +#include + +#if defined(__cplusplus) || defined(c_plusplus) +extern "C" { +#endif + +#define SHARED_BROTLI_MIN_DICTIONARY_WORD_LENGTH 4 +#define SHARED_BROTLI_MAX_DICTIONARY_WORD_LENGTH 31 +#define SHARED_BROTLI_NUM_DICTIONARY_CONTEXTS 64 +#define SHARED_BROTLI_MAX_COMPOUND_DICTS 15 + +/** + * Opaque structure that holds shared dictionary data. + * + * Allocated and initialized with ::BrotliSharedDictionaryCreateInstance. + * Cleaned up and deallocated with ::BrotliSharedDictionaryDestroyInstance. + */ +typedef struct BrotliSharedDictionaryStruct BrotliSharedDictionary; + +/** + * Input data type for ::BrotliSharedDictionaryAttach. + */ +typedef enum BrotliSharedDictionaryType { + /** Raw LZ77 prefix dictionary. */ + BROTLI_SHARED_DICTIONARY_RAW = 0, + /** Serialized shared dictionary. + * + * DO NOT USE: methods accepting this value will fail. + */ + BROTLI_SHARED_DICTIONARY_SERIALIZED = 1 +} BrotliSharedDictionaryType; + +/** + * Creates an instance of ::BrotliSharedDictionary. + * + * Fresh instance has default word dictionary and transforms + * and no LZ77 prefix dictionary. + * + * @p alloc_func and @p free_func @b MUST be both zero or both non-zero. In the + * case they are both zero, default memory allocators are used. @p opaque is + * passed to @p alloc_func and @p free_func when they are called. @p free_func + * has to return without doing anything when asked to free a NULL pointer. + * + * @param alloc_func custom memory allocation function + * @param free_func custom memory free function + * @param opaque custom memory manager handle + * @returns @c 0 if instance can not be allocated or initialized + * @returns pointer to initialized ::BrotliSharedDictionary otherwise + */ +BROTLI_COMMON_API BrotliSharedDictionary* BrotliSharedDictionaryCreateInstance( + brotli_alloc_func alloc_func, brotli_free_func free_func, void* opaque); + +/** + * Deinitializes and frees ::BrotliSharedDictionary instance. + * + * @param dict shared dictionary instance to be cleaned up and deallocated + */ +BROTLI_COMMON_API void BrotliSharedDictionaryDestroyInstance( + BrotliSharedDictionary* dict); + +/** + * Attaches dictionary to a given instance of ::BrotliSharedDictionary. + * + * Dictionary to be attached is represented in a serialized format as a region + * of memory. + * + * Provided data it partially referenced by a resulting (compound) dictionary, + * and should be kept untouched, while at least one compound dictionary uses it. + * This way memory overhead is kept minimal by the cost of additional resource + * management. + * + * @param dict dictionary to extend + * @param type type of dictionary to attach + * @param data_size size of @p data + * @param data serialized dictionary of type @p type, with at least @p data_size + * addressable bytes + * @returns ::BROTLI_TRUE if provided dictionary is successfully attached + * @returns ::BROTLI_FALSE otherwise + */ +BROTLI_COMMON_API BROTLI_BOOL BrotliSharedDictionaryAttach( + BrotliSharedDictionary* dict, BrotliSharedDictionaryType type, + size_t data_size, const uint8_t data[BROTLI_ARRAY_PARAM(data_size)]); + +#if defined(__cplusplus) || defined(c_plusplus) +} /* extern "C" */ +#endif + +#endif /* BROTLI_COMMON_SHARED_DICTIONARY_H_ */ diff --git a/includes/curl/brotli/types.h b/includes/curl/brotli/types.h new file mode 100644 index 0000000..eff1a3c --- /dev/null +++ b/includes/curl/brotli/types.h @@ -0,0 +1,83 @@ +/* Copyright 2013 Google Inc. All Rights Reserved. + + Distributed under MIT license. + See file LICENSE for detail or copy at https://opensource.org/licenses/MIT +*/ + +/** + * @file + * Common types used in decoder and encoder API. + */ + +#ifndef BROTLI_COMMON_TYPES_H_ +#define BROTLI_COMMON_TYPES_H_ + +#include /* for size_t */ + +#if defined(_MSC_VER) && (_MSC_VER < 1600) +typedef __int8 int8_t; +typedef unsigned __int8 uint8_t; +typedef __int16 int16_t; +typedef unsigned __int16 uint16_t; +typedef __int32 int32_t; +typedef unsigned __int32 uint32_t; +typedef unsigned __int64 uint64_t; +typedef __int64 int64_t; +#else +#include +#endif /* defined(_MSC_VER) && (_MSC_VER < 1600) */ + +/** + * A portable @c bool replacement. + * + * ::BROTLI_BOOL is a "documentation" type: actually it is @c int, but in API it + * denotes a type, whose only values are ::BROTLI_TRUE and ::BROTLI_FALSE. + * + * ::BROTLI_BOOL values passed to Brotli should either be ::BROTLI_TRUE or + * ::BROTLI_FALSE, or be a result of ::TO_BROTLI_BOOL macros. + * + * ::BROTLI_BOOL values returned by Brotli should not be tested for equality + * with @c true, @c false, ::BROTLI_TRUE, ::BROTLI_FALSE, but rather should be + * evaluated, for example: @code{.cpp} + * if (SomeBrotliFunction(encoder, BROTLI_TRUE) && + * !OtherBrotliFunction(decoder, BROTLI_FALSE)) { + * bool x = !!YetAnotherBrotliFunction(encoder, TO_BROLTI_BOOL(2 * 2 == 4)); + * DoSomething(x); + * } + * @endcode + */ +#define BROTLI_BOOL int +/** Portable @c true replacement. */ +#define BROTLI_TRUE 1 +/** Portable @c false replacement. */ +#define BROTLI_FALSE 0 +/** @c bool to ::BROTLI_BOOL conversion macros. */ +#define TO_BROTLI_BOOL(X) (!!(X) ? BROTLI_TRUE : BROTLI_FALSE) + +#define BROTLI_MAKE_UINT64_T(high, low) ((((uint64_t)(high)) << 32) | low) + +#define BROTLI_UINT32_MAX (~((uint32_t)0)) +#define BROTLI_SIZE_MAX (~((size_t)0)) + +/** + * Allocating function pointer type. + * + * @param opaque custom memory manager handle provided by client + * @param size requested memory region size; can not be @c 0 + * @returns @c 0 in the case of failure + * @returns a valid pointer to a memory region of at least @p size bytes + * long otherwise + */ +typedef void* (*brotli_alloc_func)(void* opaque, size_t size); + +/** + * Deallocating function pointer type. + * + * This function @b SHOULD do nothing if @p address is @c 0. + * + * @param opaque custom memory manager handle provided by client + * @param address memory region pointer returned by ::brotli_alloc_func, or @c 0 + */ +typedef void (*brotli_free_func)(void* opaque, void* address); + +#endif /* BROTLI_COMMON_TYPES_H_ */ diff --git a/includes/curl/curl/curl.h b/includes/curl/curl/curl.h new file mode 100644 index 0000000..7ef5b99 --- /dev/null +++ b/includes/curl/curl/curl.h @@ -0,0 +1,3336 @@ +#ifndef CURLINC_CURL_H +#define CURLINC_CURL_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +/* + * If you have libcurl problems, all docs and details are found here: + * https://curl.se/libcurl/ + */ + +#ifdef CURL_NO_OLDIES +#define CURL_STRICTER /* not used since 8.11.0 */ +#endif + +/* Compile-time deprecation macros. */ +#if (defined(__GNUC__) && \ + ((__GNUC__ > 12) || ((__GNUC__ == 12) && (__GNUC_MINOR__ >= 1))) || \ + (defined(__clang__) && __clang_major__ >= 3) || \ + defined(__IAR_SYSTEMS_ICC__)) && \ + !defined(__INTEL_COMPILER) && \ + !defined(CURL_DISABLE_DEPRECATION) && !defined(BUILDING_LIBCURL) +#define CURL_DEPRECATED(version, message) \ + __attribute__((deprecated("since " # version ". " message))) +#ifdef __IAR_SYSTEMS_ICC__ +#define CURL_IGNORE_DEPRECATION(statements) \ + _Pragma("diag_suppress=Pe1444") \ + statements \ + _Pragma("diag_default=Pe1444") +#else +#define CURL_IGNORE_DEPRECATION(statements) \ + _Pragma("GCC diagnostic push") \ + _Pragma("GCC diagnostic ignored \"-Wdeprecated-declarations\"") \ + statements \ + _Pragma("GCC diagnostic pop") +#endif +#else +#define CURL_DEPRECATED(version, message) +#define CURL_IGNORE_DEPRECATION(statements) statements +#endif + +#include "curlver.h" /* libcurl version defines */ +#include "system.h" /* determine things runtime */ + +#include +#include + +#if defined(__FreeBSD__) || defined(__MidnightBSD__) +/* Needed for __FreeBSD_version or __MidnightBSD_version symbol definition */ +#include +#endif + +/* The include stuff here below is mainly for time_t! */ +#include +#include + +#if defined(_WIN32) && !defined(_WIN32_WCE) && !defined(__CYGWIN__) +#if !(defined(_WINSOCKAPI_) || defined(_WINSOCK_H) || \ + defined(__LWIP_OPT_H__) || defined(LWIP_HDR_OPT_H)) +/* The check above prevents the winsock2.h inclusion if winsock.h already was + included, since they cannot co-exist without problems */ +#include +#include +#endif +#endif + +/* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish + libc5-based Linux systems. Only include it on systems that are known to + require it! */ +#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \ + defined(__minix) || defined(__INTEGRITY) || \ + defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \ + defined(__CYGWIN__) || defined(AMIGA) || defined(__NuttX__) || \ + (defined(__FreeBSD_version) && (__FreeBSD_version < 800000)) || \ + (defined(__MidnightBSD_version) && (__MidnightBSD_version < 100000)) || \ + defined(__sun__) || defined(__serenity__) || defined(__vxworks__) +#include +#endif + +#ifndef _WIN32 +#include +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void CURL; +typedef void CURLSH; + +/* + * libcurl external API function linkage decorations. + */ + +#ifdef __has_declspec_attribute +#define CURL_HAS_DECLSPEC_ATTRIBUTE(x) __has_declspec_attribute(x) +#else +#define CURL_HAS_DECLSPEC_ATTRIBUTE(x) 0 +#endif + +#ifdef CURL_STATICLIB +# define CURL_EXTERN +#elif defined(_WIN32) || \ + (CURL_HAS_DECLSPEC_ATTRIBUTE(dllexport) && \ + CURL_HAS_DECLSPEC_ATTRIBUTE(dllimport)) +# if defined(BUILDING_LIBCURL) +# define CURL_EXTERN __declspec(dllexport) +# else +# define CURL_EXTERN __declspec(dllimport) +# endif +#elif defined(BUILDING_LIBCURL) && defined(CURL_HIDDEN_SYMBOLS) +# define CURL_EXTERN CURL_EXTERN_SYMBOL +#else +# define CURL_EXTERN +#endif + +#ifndef curl_socket_typedef +/* socket typedef */ +#if defined(_WIN32) && !defined(__LWIP_OPT_H__) && !defined(LWIP_HDR_OPT_H) +typedef SOCKET curl_socket_t; +#define CURL_SOCKET_BAD INVALID_SOCKET +#else +typedef int curl_socket_t; +#define CURL_SOCKET_BAD -1 +#endif +#define curl_socket_typedef +#endif /* curl_socket_typedef */ + +/* enum for the different supported SSL backends */ +typedef enum { + CURLSSLBACKEND_NONE = 0, + CURLSSLBACKEND_OPENSSL = 1, + CURLSSLBACKEND_GNUTLS = 2, + CURLSSLBACKEND_NSS CURL_DEPRECATED(8.3.0, "") = 3, + CURLSSLBACKEND_OBSOLETE4 = 4, /* Was QSOSSL. */ + CURLSSLBACKEND_GSKIT CURL_DEPRECATED(8.3.0, "") = 5, + CURLSSLBACKEND_POLARSSL CURL_DEPRECATED(7.69.0, "") = 6, + CURLSSLBACKEND_WOLFSSL = 7, + CURLSSLBACKEND_SCHANNEL = 8, + CURLSSLBACKEND_SECURETRANSPORT CURL_DEPRECATED(8.15.0, "") = 9, + CURLSSLBACKEND_AXTLS CURL_DEPRECATED(7.61.0, "") = 10, + CURLSSLBACKEND_MBEDTLS = 11, + CURLSSLBACKEND_MESALINK CURL_DEPRECATED(7.82.0, "") = 12, + CURLSSLBACKEND_BEARSSL CURL_DEPRECATED(8.15.0, "") = 13, + CURLSSLBACKEND_RUSTLS = 14 +} curl_sslbackend; + +/* aliases for library clones and renames */ +#define CURLSSLBACKEND_AWSLC CURLSSLBACKEND_OPENSSL +#define CURLSSLBACKEND_BORINGSSL CURLSSLBACKEND_OPENSSL +#define CURLSSLBACKEND_LIBRESSL CURLSSLBACKEND_OPENSSL + +/* deprecated names: */ +#define CURLSSLBACKEND_CYASSL CURLSSLBACKEND_WOLFSSL +#define CURLSSLBACKEND_DARWINSSL CURLSSLBACKEND_SECURETRANSPORT + +/* bits for the CURLOPT_FOLLOWLOCATION option */ +#define CURLFOLLOW_ALL 1L /* generic follow redirects */ + +/* Do not use the custom method in the follow-up request if the HTTP code + instructs so (301, 302, 303). */ +#define CURLFOLLOW_OBEYCODE 2L + +/* Only use the custom method in the first request, always reset in the next */ +#define CURLFOLLOW_FIRSTONLY 3L + +struct curl_httppost { + struct curl_httppost *next; /* next entry in the list */ + char *name; /* pointer to allocated name */ + long namelength; /* length of name length */ + char *contents; /* pointer to allocated data contents */ + long contentslength; /* length of contents field, see also + CURL_HTTPPOST_LARGE */ + char *buffer; /* pointer to allocated buffer contents */ + long bufferlength; /* length of buffer field */ + char *contenttype; /* Content-Type */ + struct curl_slist *contentheader; /* list of extra headers for this form */ + struct curl_httppost *more; /* if one field name has more than one + file, this link should link to following + files */ + long flags; /* as defined below */ + +/* specified content is a filename */ +#define CURL_HTTPPOST_FILENAME (1<<0) +/* specified content is a filename */ +#define CURL_HTTPPOST_READFILE (1<<1) +/* name is only stored pointer do not free in formfree */ +#define CURL_HTTPPOST_PTRNAME (1<<2) +/* contents is only stored pointer do not free in formfree */ +#define CURL_HTTPPOST_PTRCONTENTS (1<<3) +/* upload file from buffer */ +#define CURL_HTTPPOST_BUFFER (1<<4) +/* upload file from pointer contents */ +#define CURL_HTTPPOST_PTRBUFFER (1<<5) +/* upload file contents by using the regular read callback to get the data and + pass the given pointer as custom pointer */ +#define CURL_HTTPPOST_CALLBACK (1<<6) +/* use size in 'contentlen', added in 7.46.0 */ +#define CURL_HTTPPOST_LARGE (1<<7) + + char *showfilename; /* The filename to show. If not set, the + actual filename will be used (if this + is a file part) */ + void *userp; /* custom pointer used for + HTTPPOST_CALLBACK posts */ + curl_off_t contentlen; /* alternative length of contents + field. Used if CURL_HTTPPOST_LARGE is + set. Added in 7.46.0 */ +}; + + +/* This is a return code for the progress callback that, when returned, will + signal libcurl to continue executing the default progress function */ +#define CURL_PROGRESSFUNC_CONTINUE 0x10000001 + +/* This is the CURLOPT_PROGRESSFUNCTION callback prototype. It is now + considered deprecated but was the only choice up until 7.31.0 */ +typedef int (*curl_progress_callback)(void *clientp, + double dltotal, + double dlnow, + double ultotal, + double ulnow); + +/* This is the CURLOPT_XFERINFOFUNCTION callback prototype. It was introduced + in 7.32.0, avoids the use of floating point numbers and provides more + detailed information. */ +typedef int (*curl_xferinfo_callback)(void *clientp, + curl_off_t dltotal, + curl_off_t dlnow, + curl_off_t ultotal, + curl_off_t ulnow); + +#ifndef CURL_MAX_READ_SIZE + /* The maximum receive buffer size configurable via CURLOPT_BUFFERSIZE. */ +#define CURL_MAX_READ_SIZE (10*1024*1024) +#endif + +#ifndef CURL_MAX_WRITE_SIZE + /* Tests have proven that 20K is a bad buffer size for uploads on Windows, + while 16K for some odd reason performed a lot better. We do the ifndef + check to allow this value to easier be changed at build time for those + who feel adventurous. The practical minimum is about 400 bytes since + libcurl uses a buffer of this size as a scratch area (unrelated to + network send operations). */ +#define CURL_MAX_WRITE_SIZE 16384 +#endif + +#ifndef CURL_MAX_HTTP_HEADER +/* The only reason to have a max limit for this is to avoid the risk of a bad + server feeding libcurl with a never-ending header that will cause reallocs + infinitely */ +#define CURL_MAX_HTTP_HEADER (100*1024) +#endif + +/* This is a magic return code for the write callback that, when returned, + will signal libcurl to pause receiving on the current transfer. */ +#define CURL_WRITEFUNC_PAUSE 0x10000001 + +/* This is a magic return code for the write callback that, when returned, + will signal an error from the callback. */ +#define CURL_WRITEFUNC_ERROR 0xFFFFFFFF + +typedef size_t (*curl_write_callback)(char *buffer, + size_t size, + size_t nitems, + void *outstream); + +/* This callback will be called when a new resolver request is made */ +typedef int (*curl_resolver_start_callback)(void *resolver_state, + void *reserved, void *userdata); + +/* enumeration of file types */ +typedef enum { + CURLFILETYPE_FILE = 0, + CURLFILETYPE_DIRECTORY, + CURLFILETYPE_SYMLINK, + CURLFILETYPE_DEVICE_BLOCK, + CURLFILETYPE_DEVICE_CHAR, + CURLFILETYPE_NAMEDPIPE, + CURLFILETYPE_SOCKET, + CURLFILETYPE_DOOR, /* is possible only on Sun Solaris now */ + + CURLFILETYPE_UNKNOWN /* should never occur */ +} curlfiletype; + +#define CURLFINFOFLAG_KNOWN_FILENAME (1<<0) +#define CURLFINFOFLAG_KNOWN_FILETYPE (1<<1) +#define CURLFINFOFLAG_KNOWN_TIME (1<<2) +#define CURLFINFOFLAG_KNOWN_PERM (1<<3) +#define CURLFINFOFLAG_KNOWN_UID (1<<4) +#define CURLFINFOFLAG_KNOWN_GID (1<<5) +#define CURLFINFOFLAG_KNOWN_SIZE (1<<6) +#define CURLFINFOFLAG_KNOWN_HLINKCOUNT (1<<7) + +/* Information about a single file, used when doing FTP wildcard matching */ +struct curl_fileinfo { + char *filename; + curlfiletype filetype; + time_t time; /* always zero! */ + unsigned int perm; + int uid; + int gid; + curl_off_t size; + long int hardlinks; + + struct { + /* If some of these fields is not NULL, it is a pointer to b_data. */ + char *time; + char *perm; + char *user; + char *group; + char *target; /* pointer to the target filename of a symlink */ + } strings; + + unsigned int flags; + + /* These are libcurl private struct fields. Previously used by libcurl, so + they must never be interfered with. */ + char *b_data; + size_t b_size; + size_t b_used; +}; + +/* return codes for CURLOPT_CHUNK_BGN_FUNCTION */ +#define CURL_CHUNK_BGN_FUNC_OK 0 +#define CURL_CHUNK_BGN_FUNC_FAIL 1 /* tell the lib to end the task */ +#define CURL_CHUNK_BGN_FUNC_SKIP 2 /* skip this chunk over */ + +/* if splitting of data transfer is enabled, this callback is called before + download of an individual chunk started. Note that parameter "remains" works + only for FTP wildcard downloading (for now), otherwise is not used */ +typedef long (*curl_chunk_bgn_callback)(const void *transfer_info, + void *ptr, + int remains); + +/* return codes for CURLOPT_CHUNK_END_FUNCTION */ +#define CURL_CHUNK_END_FUNC_OK 0 +#define CURL_CHUNK_END_FUNC_FAIL 1 /* tell the lib to end the task */ + +/* If splitting of data transfer is enabled this callback is called after + download of an individual chunk finished. + Note! After this callback was set then it have to be called FOR ALL chunks. + Even if downloading of this chunk was skipped in CHUNK_BGN_FUNC. + This is the reason why we do not need "transfer_info" parameter in this + callback and we are not interested in "remains" parameter too. */ +typedef long (*curl_chunk_end_callback)(void *ptr); + +/* return codes for FNMATCHFUNCTION */ +#define CURL_FNMATCHFUNC_MATCH 0 /* string corresponds to the pattern */ +#define CURL_FNMATCHFUNC_NOMATCH 1 /* pattern does not match the string */ +#define CURL_FNMATCHFUNC_FAIL 2 /* an error occurred */ + +/* callback type for wildcard downloading pattern matching. If the + string matches the pattern, return CURL_FNMATCHFUNC_MATCH value, etc. */ +typedef int (*curl_fnmatch_callback)(void *ptr, + const char *pattern, + const char *string); + +/* These are the return codes for the seek callbacks */ +#define CURL_SEEKFUNC_OK 0 +#define CURL_SEEKFUNC_FAIL 1 /* fail the entire transfer */ +#define CURL_SEEKFUNC_CANTSEEK 2 /* tell libcurl seeking cannot be done, so + libcurl might try other means instead */ +typedef int (*curl_seek_callback)(void *instream, + curl_off_t offset, + int origin); /* 'whence' */ + +/* This is a return code for the read callback that, when returned, will + signal libcurl to immediately abort the current transfer. */ +#define CURL_READFUNC_ABORT 0x10000000 +/* This is a return code for the read callback that, when returned, will + signal libcurl to pause sending data on the current transfer. */ +#define CURL_READFUNC_PAUSE 0x10000001 + +/* Return code for when the trailing headers' callback has terminated + without any errors */ +#define CURL_TRAILERFUNC_OK 0 +/* Return code for when was an error in the trailing header's list and we + want to abort the request */ +#define CURL_TRAILERFUNC_ABORT 1 + +typedef size_t (*curl_read_callback)(char *buffer, + size_t size, + size_t nitems, + void *instream); + +typedef int (*curl_trailer_callback)(struct curl_slist **list, + void *userdata); + +typedef enum { + CURLSOCKTYPE_IPCXN, /* socket created for a specific IP connection */ + CURLSOCKTYPE_ACCEPT, /* socket created by accept() call */ + CURLSOCKTYPE_LAST /* never use */ +} curlsocktype; + +/* The return code from the sockopt_callback can signal information back + to libcurl: */ +#define CURL_SOCKOPT_OK 0 +#define CURL_SOCKOPT_ERROR 1 /* causes libcurl to abort and return + CURLE_ABORTED_BY_CALLBACK */ +#define CURL_SOCKOPT_ALREADY_CONNECTED 2 + +typedef int (*curl_sockopt_callback)(void *clientp, + curl_socket_t curlfd, + curlsocktype purpose); + +struct curl_sockaddr { + int family; + int socktype; + int protocol; + unsigned int addrlen; /* addrlen was a socklen_t type before 7.18.0 but it + turned really ugly and painful on the systems that + lack this type */ + struct sockaddr addr; +}; + +typedef curl_socket_t +(*curl_opensocket_callback)(void *clientp, + curlsocktype purpose, + struct curl_sockaddr *address); + +typedef int +(*curl_closesocket_callback)(void *clientp, curl_socket_t item); + +typedef enum { + CURLIOE_OK, /* I/O operation successful */ + CURLIOE_UNKNOWNCMD, /* command was unknown to callback */ + CURLIOE_FAILRESTART, /* failed to restart the read */ + CURLIOE_LAST /* never use */ +} curlioerr; + +typedef enum { + CURLIOCMD_NOP, /* no operation */ + CURLIOCMD_RESTARTREAD, /* restart the read stream from start */ + CURLIOCMD_LAST /* never use */ +} curliocmd; + +typedef curlioerr (*curl_ioctl_callback)(CURL *handle, + int cmd, + void *clientp); + +#ifndef CURL_DID_MEMORY_FUNC_TYPEDEFS +/* + * The following typedef's are signatures of malloc, free, realloc, strdup and + * calloc respectively. Function pointers of these types can be passed to the + * curl_global_init_mem() function to set user defined memory management + * callback routines. + */ +typedef void *(*curl_malloc_callback)(size_t size); +typedef void (*curl_free_callback)(void *ptr); +typedef void *(*curl_realloc_callback)(void *ptr, size_t size); +typedef char *(*curl_strdup_callback)(const char *str); +typedef void *(*curl_calloc_callback)(size_t nmemb, size_t size); + +#define CURL_DID_MEMORY_FUNC_TYPEDEFS +#endif + +/* the kind of data that is passed to information_callback */ +typedef enum { + CURLINFO_TEXT = 0, + CURLINFO_HEADER_IN, /* 1 */ + CURLINFO_HEADER_OUT, /* 2 */ + CURLINFO_DATA_IN, /* 3 */ + CURLINFO_DATA_OUT, /* 4 */ + CURLINFO_SSL_DATA_IN, /* 5 */ + CURLINFO_SSL_DATA_OUT, /* 6 */ + CURLINFO_END +} curl_infotype; + +typedef int (*curl_debug_callback) + (CURL *handle, /* the handle/transfer this concerns */ + curl_infotype type, /* what kind of data */ + char *data, /* points to the data */ + size_t size, /* size of the data pointed to */ + void *userptr); /* whatever the user please */ + +/* This is the CURLOPT_PREREQFUNCTION callback prototype. */ +typedef int (*curl_prereq_callback)(void *clientp, + char *conn_primary_ip, + char *conn_local_ip, + int conn_primary_port, + int conn_local_port); + +/* Return code for when the pre-request callback has terminated without + any errors */ +#define CURL_PREREQFUNC_OK 0 +/* Return code for when the pre-request callback wants to abort the + request */ +#define CURL_PREREQFUNC_ABORT 1 + +/* All possible error codes from all sorts of curl functions. Future versions + may return other values, stay prepared. + + Always add new return codes last. Never *EVER* remove any. The return + codes must remain the same! + */ + +typedef enum { + CURLE_OK = 0, + CURLE_UNSUPPORTED_PROTOCOL, /* 1 */ + CURLE_FAILED_INIT, /* 2 */ + CURLE_URL_MALFORMAT, /* 3 */ + CURLE_NOT_BUILT_IN, /* 4 - [was obsoleted in August 2007 for + 7.17.0, reused in April 2011 for 7.21.5] */ + CURLE_COULDNT_RESOLVE_PROXY, /* 5 */ + CURLE_COULDNT_RESOLVE_HOST, /* 6 */ + CURLE_COULDNT_CONNECT, /* 7 */ + CURLE_WEIRD_SERVER_REPLY, /* 8 */ + CURLE_REMOTE_ACCESS_DENIED, /* 9 a service was denied by the server + due to lack of access - when login fails + this is not returned. */ + CURLE_FTP_ACCEPT_FAILED, /* 10 - [was obsoleted in April 2006 for + 7.15.4, reused in Dec 2011 for 7.24.0]*/ + CURLE_FTP_WEIRD_PASS_REPLY, /* 11 */ + CURLE_FTP_ACCEPT_TIMEOUT, /* 12 - timeout occurred accepting server + [was obsoleted in August 2007 for 7.17.0, + reused in Dec 2011 for 7.24.0]*/ + CURLE_FTP_WEIRD_PASV_REPLY, /* 13 */ + CURLE_FTP_WEIRD_227_FORMAT, /* 14 */ + CURLE_FTP_CANT_GET_HOST, /* 15 */ + CURLE_HTTP2, /* 16 - A problem in the http2 framing layer. + [was obsoleted in August 2007 for 7.17.0, + reused in July 2014 for 7.38.0] */ + CURLE_FTP_COULDNT_SET_TYPE, /* 17 */ + CURLE_PARTIAL_FILE, /* 18 */ + CURLE_FTP_COULDNT_RETR_FILE, /* 19 */ + CURLE_OBSOLETE20, /* 20 - NOT USED */ + CURLE_QUOTE_ERROR, /* 21 - quote command failure */ + CURLE_HTTP_RETURNED_ERROR, /* 22 */ + CURLE_WRITE_ERROR, /* 23 */ + CURLE_OBSOLETE24, /* 24 - NOT USED */ + CURLE_UPLOAD_FAILED, /* 25 - failed upload "command" */ + CURLE_READ_ERROR, /* 26 - could not open/read from file */ + CURLE_OUT_OF_MEMORY, /* 27 */ + CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was reached */ + CURLE_OBSOLETE29, /* 29 - NOT USED */ + CURLE_FTP_PORT_FAILED, /* 30 - FTP PORT operation failed */ + CURLE_FTP_COULDNT_USE_REST, /* 31 - the REST command failed */ + CURLE_OBSOLETE32, /* 32 - NOT USED */ + CURLE_RANGE_ERROR, /* 33 - RANGE "command" did not work */ + CURLE_OBSOLETE34, /* 34 */ + CURLE_SSL_CONNECT_ERROR, /* 35 - wrong when connecting with SSL */ + CURLE_BAD_DOWNLOAD_RESUME, /* 36 - could not resume download */ + CURLE_FILE_COULDNT_READ_FILE, /* 37 */ + CURLE_LDAP_CANNOT_BIND, /* 38 */ + CURLE_LDAP_SEARCH_FAILED, /* 39 */ + CURLE_OBSOLETE40, /* 40 - NOT USED */ + CURLE_OBSOLETE41, /* 41 - NOT USED starting with 7.53.0 */ + CURLE_ABORTED_BY_CALLBACK, /* 42 */ + CURLE_BAD_FUNCTION_ARGUMENT, /* 43 */ + CURLE_OBSOLETE44, /* 44 - NOT USED */ + CURLE_INTERFACE_FAILED, /* 45 - CURLOPT_INTERFACE failed */ + CURLE_OBSOLETE46, /* 46 - NOT USED */ + CURLE_TOO_MANY_REDIRECTS, /* 47 - catch endless re-direct loops */ + CURLE_UNKNOWN_OPTION, /* 48 - User specified an unknown option */ + CURLE_SETOPT_OPTION_SYNTAX, /* 49 - Malformed setopt option */ + CURLE_OBSOLETE50, /* 50 - NOT USED */ + CURLE_OBSOLETE51, /* 51 - NOT USED */ + CURLE_GOT_NOTHING, /* 52 - when this is a specific error */ + CURLE_SSL_ENGINE_NOTFOUND, /* 53 - SSL crypto engine not found */ + CURLE_SSL_ENGINE_SETFAILED, /* 54 - can not set SSL crypto engine as + default */ + CURLE_SEND_ERROR, /* 55 - failed sending network data */ + CURLE_RECV_ERROR, /* 56 - failure in receiving network data */ + CURLE_OBSOLETE57, /* 57 - NOT IN USE */ + CURLE_SSL_CERTPROBLEM, /* 58 - problem with the local certificate */ + CURLE_SSL_CIPHER, /* 59 - could not use specified cipher */ + CURLE_PEER_FAILED_VERIFICATION, /* 60 - peer's certificate or fingerprint + was not verified fine */ + CURLE_BAD_CONTENT_ENCODING, /* 61 - Unrecognized/bad encoding */ + CURLE_OBSOLETE62, /* 62 - NOT IN USE since 7.82.0 */ + CURLE_FILESIZE_EXCEEDED, /* 63 - Maximum file size exceeded */ + CURLE_USE_SSL_FAILED, /* 64 - Requested FTP SSL level failed */ + CURLE_SEND_FAIL_REWIND, /* 65 - Sending the data requires a rewind + that failed */ + CURLE_SSL_ENGINE_INITFAILED, /* 66 - failed to initialise ENGINE */ + CURLE_LOGIN_DENIED, /* 67 - user, password or similar was not + accepted and we failed to login */ + CURLE_TFTP_NOTFOUND, /* 68 - file not found on server */ + CURLE_TFTP_PERM, /* 69 - permission problem on server */ + CURLE_REMOTE_DISK_FULL, /* 70 - out of disk space on server */ + CURLE_TFTP_ILLEGAL, /* 71 - Illegal TFTP operation */ + CURLE_TFTP_UNKNOWNID, /* 72 - Unknown transfer ID */ + CURLE_REMOTE_FILE_EXISTS, /* 73 - File already exists */ + CURLE_TFTP_NOSUCHUSER, /* 74 - No such user */ + CURLE_OBSOLETE75, /* 75 - NOT IN USE since 7.82.0 */ + CURLE_OBSOLETE76, /* 76 - NOT IN USE since 7.82.0 */ + CURLE_SSL_CACERT_BADFILE, /* 77 - could not load CACERT file, missing + or wrong format */ + CURLE_REMOTE_FILE_NOT_FOUND, /* 78 - remote file not found */ + CURLE_SSH, /* 79 - error from the SSH layer, somewhat + generic so the error message will be of + interest when this has happened */ + + CURLE_SSL_SHUTDOWN_FAILED, /* 80 - Failed to shut down the SSL + connection */ + CURLE_AGAIN, /* 81 - socket is not ready for send/recv, + wait till it is ready and try again (Added + in 7.18.2) */ + CURLE_SSL_CRL_BADFILE, /* 82 - could not load CRL file, missing or + wrong format (Added in 7.19.0) */ + CURLE_SSL_ISSUER_ERROR, /* 83 - Issuer check failed. (Added in + 7.19.0) */ + CURLE_FTP_PRET_FAILED, /* 84 - a PRET command failed */ + CURLE_RTSP_CSEQ_ERROR, /* 85 - mismatch of RTSP CSeq numbers */ + CURLE_RTSP_SESSION_ERROR, /* 86 - mismatch of RTSP Session Ids */ + CURLE_FTP_BAD_FILE_LIST, /* 87 - unable to parse FTP file list */ + CURLE_CHUNK_FAILED, /* 88 - chunk callback reported error */ + CURLE_NO_CONNECTION_AVAILABLE, /* 89 - No connection available, the + session will be queued */ + CURLE_SSL_PINNEDPUBKEYNOTMATCH, /* 90 - specified pinned public key did not + match */ + CURLE_SSL_INVALIDCERTSTATUS, /* 91 - invalid certificate status */ + CURLE_HTTP2_STREAM, /* 92 - stream error in HTTP/2 framing layer + */ + CURLE_RECURSIVE_API_CALL, /* 93 - an api function was called from + inside a callback */ + CURLE_AUTH_ERROR, /* 94 - an authentication function returned an + error */ + CURLE_HTTP3, /* 95 - An HTTP/3 layer problem */ + CURLE_QUIC_CONNECT_ERROR, /* 96 - QUIC connection error */ + CURLE_PROXY, /* 97 - proxy handshake error */ + CURLE_SSL_CLIENTCERT, /* 98 - client-side certificate required */ + CURLE_UNRECOVERABLE_POLL, /* 99 - poll/select returned fatal error */ + CURLE_TOO_LARGE, /* 100 - a value/data met its maximum */ + CURLE_ECH_REQUIRED, /* 101 - ECH tried but failed */ + CURL_LAST /* never use! */ +} CURLcode; + +#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all + the obsolete stuff removed! */ + +/* removed in 7.53.0 */ +#define CURLE_FUNCTION_NOT_FOUND CURLE_OBSOLETE41 + +/* removed in 7.56.0 */ +#define CURLE_HTTP_POST_ERROR CURLE_OBSOLETE34 + +/* Previously obsolete error code reused in 7.38.0 */ +#define CURLE_OBSOLETE16 CURLE_HTTP2 + +/* Previously obsolete error codes reused in 7.24.0 */ +#define CURLE_OBSOLETE10 CURLE_FTP_ACCEPT_FAILED +#define CURLE_OBSOLETE12 CURLE_FTP_ACCEPT_TIMEOUT + +/* compatibility with older names */ +#define CURLOPT_ENCODING CURLOPT_ACCEPT_ENCODING +#define CURLE_FTP_WEIRD_SERVER_REPLY CURLE_WEIRD_SERVER_REPLY + +/* The following were added in 7.62.0 */ +#define CURLE_SSL_CACERT CURLE_PEER_FAILED_VERIFICATION + +/* The following were added in 7.21.5, April 2011 */ +#define CURLE_UNKNOWN_TELNET_OPTION CURLE_UNKNOWN_OPTION + +/* Added for 7.78.0 */ +#define CURLE_TELNET_OPTION_SYNTAX CURLE_SETOPT_OPTION_SYNTAX + +/* The following were added in 7.17.1 */ +/* These are scheduled to disappear by 2009 */ +#define CURLE_SSL_PEER_CERTIFICATE CURLE_PEER_FAILED_VERIFICATION + +/* The following were added in 7.17.0 */ +/* These are scheduled to disappear by 2009 */ +#define CURLE_OBSOLETE CURLE_OBSOLETE50 /* no one should be using this! */ +#define CURLE_BAD_PASSWORD_ENTERED CURLE_OBSOLETE46 +#define CURLE_BAD_CALLING_ORDER CURLE_OBSOLETE44 +#define CURLE_FTP_USER_PASSWORD_INCORRECT CURLE_OBSOLETE10 +#define CURLE_FTP_CANT_RECONNECT CURLE_OBSOLETE16 +#define CURLE_FTP_COULDNT_GET_SIZE CURLE_OBSOLETE32 +#define CURLE_FTP_COULDNT_SET_ASCII CURLE_OBSOLETE29 +#define CURLE_FTP_WEIRD_USER_REPLY CURLE_OBSOLETE12 +#define CURLE_FTP_WRITE_ERROR CURLE_OBSOLETE20 +#define CURLE_LIBRARY_NOT_FOUND CURLE_OBSOLETE40 +#define CURLE_MALFORMAT_USER CURLE_OBSOLETE24 +#define CURLE_SHARE_IN_USE CURLE_OBSOLETE57 +#define CURLE_URL_MALFORMAT_USER CURLE_NOT_BUILT_IN + +#define CURLE_FTP_ACCESS_DENIED CURLE_REMOTE_ACCESS_DENIED +#define CURLE_FTP_COULDNT_SET_BINARY CURLE_FTP_COULDNT_SET_TYPE +#define CURLE_FTP_QUOTE_ERROR CURLE_QUOTE_ERROR +#define CURLE_TFTP_DISKFULL CURLE_REMOTE_DISK_FULL +#define CURLE_TFTP_EXISTS CURLE_REMOTE_FILE_EXISTS +#define CURLE_HTTP_RANGE_ERROR CURLE_RANGE_ERROR +#define CURLE_FTP_SSL_FAILED CURLE_USE_SSL_FAILED + +/* The following were added earlier */ + +#define CURLE_OPERATION_TIMEOUTED CURLE_OPERATION_TIMEDOUT +#define CURLE_HTTP_NOT_FOUND CURLE_HTTP_RETURNED_ERROR +#define CURLE_HTTP_PORT_FAILED CURLE_INTERFACE_FAILED +#define CURLE_FTP_COULDNT_STOR_FILE CURLE_UPLOAD_FAILED +#define CURLE_FTP_PARTIAL_FILE CURLE_PARTIAL_FILE +#define CURLE_FTP_BAD_DOWNLOAD_RESUME CURLE_BAD_DOWNLOAD_RESUME +#define CURLE_LDAP_INVALID_URL CURLE_OBSOLETE62 +#define CURLE_CONV_REQD CURLE_OBSOLETE76 +#define CURLE_CONV_FAILED CURLE_OBSOLETE75 + +/* This was the error code 50 in 7.7.3 and a few earlier versions, this + is no longer used by libcurl but is instead #defined here only to not + make programs break */ +#define CURLE_ALREADY_COMPLETE 99999 + +/* Provide defines for really old option names */ +#define CURLOPT_FILE CURLOPT_WRITEDATA /* name changed in 7.9.7 */ +#define CURLOPT_INFILE CURLOPT_READDATA /* name changed in 7.9.7 */ +#define CURLOPT_WRITEHEADER CURLOPT_HEADERDATA + +/* Since long deprecated options with no code in the lib that does anything + with them. */ +#define CURLOPT_WRITEINFO CURLOPT_OBSOLETE40 +#define CURLOPT_CLOSEPOLICY CURLOPT_OBSOLETE72 +#define CURLOPT_OBSOLETE72 9999 +#define CURLOPT_OBSOLETE40 9999 + +#endif /* !CURL_NO_OLDIES */ + +/* + * Proxy error codes. Returned in CURLINFO_PROXY_ERROR if CURLE_PROXY was + * return for the transfers. + */ +typedef enum { + CURLPX_OK, + CURLPX_BAD_ADDRESS_TYPE, + CURLPX_BAD_VERSION, + CURLPX_CLOSED, + CURLPX_GSSAPI, + CURLPX_GSSAPI_PERMSG, + CURLPX_GSSAPI_PROTECTION, + CURLPX_IDENTD, + CURLPX_IDENTD_DIFFER, + CURLPX_LONG_HOSTNAME, + CURLPX_LONG_PASSWD, + CURLPX_LONG_USER, + CURLPX_NO_AUTH, + CURLPX_RECV_ADDRESS, + CURLPX_RECV_AUTH, + CURLPX_RECV_CONNECT, + CURLPX_RECV_REQACK, + CURLPX_REPLY_ADDRESS_TYPE_NOT_SUPPORTED, + CURLPX_REPLY_COMMAND_NOT_SUPPORTED, + CURLPX_REPLY_CONNECTION_REFUSED, + CURLPX_REPLY_GENERAL_SERVER_FAILURE, + CURLPX_REPLY_HOST_UNREACHABLE, + CURLPX_REPLY_NETWORK_UNREACHABLE, + CURLPX_REPLY_NOT_ALLOWED, + CURLPX_REPLY_TTL_EXPIRED, + CURLPX_REPLY_UNASSIGNED, + CURLPX_REQUEST_FAILED, + CURLPX_RESOLVE_HOST, + CURLPX_SEND_AUTH, + CURLPX_SEND_CONNECT, + CURLPX_SEND_REQUEST, + CURLPX_UNKNOWN_FAIL, + CURLPX_UNKNOWN_MODE, + CURLPX_USER_REJECTED, + CURLPX_LAST /* never use */ +} CURLproxycode; + +/* This prototype applies to all conversion callbacks */ +typedef CURLcode (*curl_conv_callback)(char *buffer, size_t length); + +typedef CURLcode (*curl_ssl_ctx_callback)(CURL *curl, /* easy handle */ + void *ssl_ctx, /* actually an OpenSSL + or wolfSSL SSL_CTX, + or an mbedTLS + mbedtls_ssl_config */ + void *userptr); + +typedef enum { + CURLPROXY_HTTP = 0, /* added in 7.10, new in 7.19.4 default is to use + CONNECT HTTP/1.1 */ + CURLPROXY_HTTP_1_0 = 1, /* added in 7.19.4, force to use CONNECT + HTTP/1.0 */ + CURLPROXY_HTTPS = 2, /* HTTPS but stick to HTTP/1 added in 7.52.0 */ + CURLPROXY_HTTPS2 = 3, /* HTTPS and attempt HTTP/2 added in 8.2.0 */ + CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already + in 7.10 */ + CURLPROXY_SOCKS5 = 5, /* added in 7.10 */ + CURLPROXY_SOCKS4A = 6, /* added in 7.18.0 */ + CURLPROXY_SOCKS5_HOSTNAME = 7 /* Use the SOCKS5 protocol but pass along the + hostname rather than the IP address. added + in 7.18.0 */ +} curl_proxytype; /* this enum was added in 7.10 */ + +/* + * Bitmasks for CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH options: + * + * CURLAUTH_NONE - No HTTP authentication + * CURLAUTH_BASIC - HTTP Basic authentication (default) + * CURLAUTH_DIGEST - HTTP Digest authentication + * CURLAUTH_NEGOTIATE - HTTP Negotiate (SPNEGO) authentication + * CURLAUTH_GSSNEGOTIATE - Alias for CURLAUTH_NEGOTIATE (deprecated) + * CURLAUTH_NTLM - HTTP NTLM authentication + * CURLAUTH_DIGEST_IE - HTTP Digest authentication with IE flavour + * CURLAUTH_NTLM_WB - HTTP NTLM authentication delegated to winbind helper + * CURLAUTH_BEARER - HTTP Bearer token authentication + * CURLAUTH_ONLY - Use together with a single other type to force no + * authentication or just that single type + * CURLAUTH_ANY - All fine types set + * CURLAUTH_ANYSAFE - All fine types except Basic + */ + +#define CURLAUTH_NONE ((unsigned long)0) +#define CURLAUTH_BASIC (((unsigned long)1)<<0) +#define CURLAUTH_DIGEST (((unsigned long)1)<<1) +#define CURLAUTH_NEGOTIATE (((unsigned long)1)<<2) +/* Deprecated since the advent of CURLAUTH_NEGOTIATE */ +#define CURLAUTH_GSSNEGOTIATE CURLAUTH_NEGOTIATE +/* Used for CURLOPT_SOCKS5_AUTH to stay terminologically correct */ +#define CURLAUTH_GSSAPI CURLAUTH_NEGOTIATE +#define CURLAUTH_NTLM (((unsigned long)1)<<3) +#define CURLAUTH_DIGEST_IE (((unsigned long)1)<<4) +#ifndef CURL_NO_OLDIES + /* functionality removed since 8.8.0 */ +#define CURLAUTH_NTLM_WB (((unsigned long)1)<<5) +#endif +#define CURLAUTH_BEARER (((unsigned long)1)<<6) +#define CURLAUTH_AWS_SIGV4 (((unsigned long)1)<<7) +#define CURLAUTH_ONLY (((unsigned long)1)<<31) +#define CURLAUTH_ANY (~CURLAUTH_DIGEST_IE) +#define CURLAUTH_ANYSAFE (~(CURLAUTH_BASIC|CURLAUTH_DIGEST_IE)) + +#define CURLSSH_AUTH_ANY ~0 /* all types supported by the server */ +#define CURLSSH_AUTH_NONE 0 /* none allowed, silly but complete */ +#define CURLSSH_AUTH_PUBLICKEY (1<<0) /* public/private key files */ +#define CURLSSH_AUTH_PASSWORD (1<<1) /* password */ +#define CURLSSH_AUTH_HOST (1<<2) /* host key files */ +#define CURLSSH_AUTH_KEYBOARD (1<<3) /* keyboard interactive */ +#define CURLSSH_AUTH_AGENT (1<<4) /* agent (ssh-agent, pageant...) */ +#define CURLSSH_AUTH_GSSAPI (1<<5) /* gssapi (kerberos, ...) */ +#define CURLSSH_AUTH_DEFAULT CURLSSH_AUTH_ANY + +#define CURLGSSAPI_DELEGATION_NONE 0 /* no delegation (default) */ +#define CURLGSSAPI_DELEGATION_POLICY_FLAG (1<<0) /* if permitted by policy */ +#define CURLGSSAPI_DELEGATION_FLAG (1<<1) /* delegate always */ + +#define CURL_ERROR_SIZE 256 + +enum curl_khtype { + CURLKHTYPE_UNKNOWN, + CURLKHTYPE_RSA1, + CURLKHTYPE_RSA, + CURLKHTYPE_DSS, + CURLKHTYPE_ECDSA, + CURLKHTYPE_ED25519 +}; + +struct curl_khkey { + const char *key; /* points to a null-terminated string encoded with base64 + if len is zero, otherwise to the "raw" data */ + size_t len; + enum curl_khtype keytype; +}; + +/* this is the set of return values expected from the curl_sshkeycallback + callback */ +enum curl_khstat { + CURLKHSTAT_FINE_ADD_TO_FILE, + CURLKHSTAT_FINE, + CURLKHSTAT_REJECT, /* reject the connection, return an error */ + CURLKHSTAT_DEFER, /* do not accept it, but we cannot answer right now. + Causes a CURLE_PEER_FAILED_VERIFICATION error but the + connection will be left intact etc */ + CURLKHSTAT_FINE_REPLACE, /* accept and replace the wrong key */ + CURLKHSTAT_LAST /* not for use, only a marker for last-in-list */ +}; + +/* this is the set of status codes pass in to the callback */ +enum curl_khmatch { + CURLKHMATCH_OK, /* match */ + CURLKHMATCH_MISMATCH, /* host found, key mismatch! */ + CURLKHMATCH_MISSING, /* no matching host/key found */ + CURLKHMATCH_LAST /* not for use, only a marker for last-in-list */ +}; + +typedef int + (*curl_sshkeycallback) (CURL *easy, /* easy handle */ + const struct curl_khkey *knownkey, /* known */ + const struct curl_khkey *foundkey, /* found */ + enum curl_khmatch, /* libcurl's view on the keys */ + void *clientp); /* custom pointer passed with */ + /* CURLOPT_SSH_KEYDATA */ + +typedef int + (*curl_sshhostkeycallback) (void *clientp,/* custom pointer passed */ + /* with CURLOPT_SSH_HOSTKEYDATA */ + int keytype, /* CURLKHTYPE */ + const char *key, /* hostkey to check */ + size_t keylen); /* length of the key */ + /* return CURLE_OK to accept */ + /* or something else to refuse */ + + +/* parameter for the CURLOPT_USE_SSL option */ +#define CURLUSESSL_NONE 0L /* do not attempt to use SSL */ +#define CURLUSESSL_TRY 1L /* try using SSL, proceed anyway otherwise */ +#define CURLUSESSL_CONTROL 2L /* SSL for the control connection or fail */ +#define CURLUSESSL_ALL 3L /* SSL for all communication or fail */ + +typedef enum { + CURLUSESSL_LAST = 4 /* not an option, never use */ +} curl_usessl; + +/* Definition of bits for the CURLOPT_SSL_OPTIONS argument: */ + +/* - ALLOW_BEAST tells libcurl to allow the BEAST SSL vulnerability in the + name of improving interoperability with older servers. Some SSL libraries + have introduced work-arounds for this flaw but those work-arounds sometimes + make the SSL communication fail. To regain functionality with those broken + servers, a user can this way allow the vulnerability back. */ +#define CURLSSLOPT_ALLOW_BEAST (1L<<0) + +/* - NO_REVOKE tells libcurl to disable certificate revocation checks for those + SSL backends where such behavior is present. */ +#define CURLSSLOPT_NO_REVOKE (1L<<1) + +/* - NO_PARTIALCHAIN tells libcurl to *NOT* accept a partial certificate chain + if possible. The OpenSSL backend has this ability. */ +#define CURLSSLOPT_NO_PARTIALCHAIN (1L<<2) + +/* - REVOKE_BEST_EFFORT tells libcurl to ignore certificate revocation offline + checks and ignore missing revocation list for those SSL backends where such + behavior is present. */ +#define CURLSSLOPT_REVOKE_BEST_EFFORT (1L<<3) + +/* - CURLSSLOPT_NATIVE_CA tells libcurl to use standard certificate store of + operating system. Currently implemented under MS-Windows. */ +#define CURLSSLOPT_NATIVE_CA (1L<<4) + +/* - CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl to automatically locate and use + a client certificate for authentication. (Schannel) */ +#define CURLSSLOPT_AUTO_CLIENT_CERT (1L<<5) + +/* If possible, send data using TLS 1.3 early data */ +#define CURLSSLOPT_EARLYDATA (1L<<6) + +/* The default connection attempt delay in milliseconds for happy eyeballs. + CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 and happy-eyeballs-timeout-ms.d document + this value, keep them in sync. */ +#define CURL_HET_DEFAULT 200L + +/* The default connection upkeep interval in milliseconds. */ +#define CURL_UPKEEP_INTERVAL_DEFAULT 60000L + +#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all + the obsolete stuff removed! */ + +/* Backwards compatibility with older names */ +/* These are scheduled to disappear by 2009 */ + +#define CURLFTPSSL_NONE CURLUSESSL_NONE +#define CURLFTPSSL_TRY CURLUSESSL_TRY +#define CURLFTPSSL_CONTROL CURLUSESSL_CONTROL +#define CURLFTPSSL_ALL CURLUSESSL_ALL +#define CURLFTPSSL_LAST CURLUSESSL_LAST +#define curl_ftpssl curl_usessl +#endif /* !CURL_NO_OLDIES */ + +/* parameter for the CURLOPT_FTP_SSL_CCC option */ +typedef enum { + CURLFTPSSL_CCC_NONE, /* do not send CCC */ + CURLFTPSSL_CCC_PASSIVE, /* Let the server initiate the shutdown */ + CURLFTPSSL_CCC_ACTIVE, /* Initiate the shutdown */ + CURLFTPSSL_CCC_LAST /* not an option, never use */ +} curl_ftpccc; + +/* parameter for the CURLOPT_FTPSSLAUTH option */ +typedef enum { + CURLFTPAUTH_DEFAULT, /* let libcurl decide */ + CURLFTPAUTH_SSL, /* use "AUTH SSL" */ + CURLFTPAUTH_TLS, /* use "AUTH TLS" */ + CURLFTPAUTH_LAST /* not an option, never use */ +} curl_ftpauth; + +/* parameter for the CURLOPT_FTP_CREATE_MISSING_DIRS option */ +typedef enum { + CURLFTP_CREATE_DIR_NONE, /* do NOT create missing dirs! */ + CURLFTP_CREATE_DIR, /* (FTP/SFTP) if CWD fails, try MKD and then CWD + again if MKD succeeded, for SFTP this does + similar magic */ + CURLFTP_CREATE_DIR_RETRY, /* (FTP only) if CWD fails, try MKD and then CWD + again even if MKD failed! */ + CURLFTP_CREATE_DIR_LAST /* not an option, never use */ +} curl_ftpcreatedir; + +/* parameter for the CURLOPT_FTP_FILEMETHOD option */ +typedef enum { + CURLFTPMETHOD_DEFAULT, /* let libcurl pick */ + CURLFTPMETHOD_MULTICWD, /* single CWD operation for each path part */ + CURLFTPMETHOD_NOCWD, /* no CWD at all */ + CURLFTPMETHOD_SINGLECWD, /* one CWD to full dir, then work on file */ + CURLFTPMETHOD_LAST /* not an option, never use */ +} curl_ftpmethod; + +/* bitmask defines for CURLOPT_HEADEROPT */ +#define CURLHEADER_UNIFIED 0 +#define CURLHEADER_SEPARATE (1<<0) + +/* CURLALTSVC_* are bits for the CURLOPT_ALTSVC_CTRL option */ +#define CURLALTSVC_READONLYFILE (1<<2) +#define CURLALTSVC_H1 (1<<3) +#define CURLALTSVC_H2 (1<<4) +#define CURLALTSVC_H3 (1<<5) + +/* bitmask values for CURLOPT_UPLOAD_FLAGS */ +#define CURLULFLAG_ANSWERED (1L<<0) +#define CURLULFLAG_DELETED (1L<<1) +#define CURLULFLAG_DRAFT (1L<<2) +#define CURLULFLAG_FLAGGED (1L<<3) +#define CURLULFLAG_SEEN (1L<<4) + +struct curl_hstsentry { + char *name; + size_t namelen; + unsigned int includeSubDomains:1; + char expire[18]; /* YYYYMMDD HH:MM:SS [null-terminated] */ +}; + +struct curl_index { + size_t index; /* the provided entry's "index" or count */ + size_t total; /* total number of entries to save */ +}; + +typedef enum { + CURLSTS_OK, + CURLSTS_DONE, + CURLSTS_FAIL +} CURLSTScode; + +typedef CURLSTScode (*curl_hstsread_callback)(CURL *easy, + struct curl_hstsentry *e, + void *userp); +typedef CURLSTScode (*curl_hstswrite_callback)(CURL *easy, + struct curl_hstsentry *e, + struct curl_index *i, + void *userp); + +/* CURLHSTS_* are bits for the CURLOPT_HSTS option */ +#define CURLHSTS_ENABLE (long)(1<<0) +#define CURLHSTS_READONLYFILE (long)(1<<1) + +/* The CURLPROTO_ defines below are for the **deprecated** CURLOPT_*PROTOCOLS + options. Do not use. */ +#define CURLPROTO_HTTP (1<<0) +#define CURLPROTO_HTTPS (1<<1) +#define CURLPROTO_FTP (1<<2) +#define CURLPROTO_FTPS (1<<3) +#define CURLPROTO_SCP (1<<4) +#define CURLPROTO_SFTP (1<<5) +#define CURLPROTO_TELNET (1<<6) +#define CURLPROTO_LDAP (1<<7) +#define CURLPROTO_LDAPS (1<<8) +#define CURLPROTO_DICT (1<<9) +#define CURLPROTO_FILE (1<<10) +#define CURLPROTO_TFTP (1<<11) +#define CURLPROTO_IMAP (1<<12) +#define CURLPROTO_IMAPS (1<<13) +#define CURLPROTO_POP3 (1<<14) +#define CURLPROTO_POP3S (1<<15) +#define CURLPROTO_SMTP (1<<16) +#define CURLPROTO_SMTPS (1<<17) +#define CURLPROTO_RTSP (1<<18) +#define CURLPROTO_RTMP (1<<19) +#define CURLPROTO_RTMPT (1<<20) +#define CURLPROTO_RTMPE (1<<21) +#define CURLPROTO_RTMPTE (1<<22) +#define CURLPROTO_RTMPS (1<<23) +#define CURLPROTO_RTMPTS (1<<24) +#define CURLPROTO_GOPHER (1<<25) +#define CURLPROTO_SMB (1<<26) +#define CURLPROTO_SMBS (1<<27) +#define CURLPROTO_MQTT (1<<28) +#define CURLPROTO_GOPHERS (1<<29) +#define CURLPROTO_ALL (~0) /* enable everything */ + +/* long may be 32 or 64 bits, but we should never depend on anything else + but 32 */ +#define CURLOPTTYPE_LONG 0 +#define CURLOPTTYPE_OBJECTPOINT 10000 +#define CURLOPTTYPE_FUNCTIONPOINT 20000 +#define CURLOPTTYPE_OFF_T 30000 +#define CURLOPTTYPE_BLOB 40000 + +/* *STRINGPOINT is an alias for OBJECTPOINT to allow tools to extract the + string options from the header file */ + + +#define CURLOPT(na,t,nu) na = t + nu +#define CURLOPTDEPRECATED(na,t,nu,v,m) na CURL_DEPRECATED(v,m) = t + nu + +/* CURLOPT aliases that make no runtime difference */ + +/* 'char *' argument to a string with a trailing zero */ +#define CURLOPTTYPE_STRINGPOINT CURLOPTTYPE_OBJECTPOINT + +/* 'struct curl_slist *' argument */ +#define CURLOPTTYPE_SLISTPOINT CURLOPTTYPE_OBJECTPOINT + +/* 'void *' argument passed untouched to callback */ +#define CURLOPTTYPE_CBPOINT CURLOPTTYPE_OBJECTPOINT + +/* 'long' argument with a set of values/bitmask */ +#define CURLOPTTYPE_VALUES CURLOPTTYPE_LONG + +/* + * All CURLOPT_* values. + */ + +typedef enum { + /* This is the FILE * or void * the regular output should be written to. */ + CURLOPT(CURLOPT_WRITEDATA, CURLOPTTYPE_CBPOINT, 1), + + /* The full URL to get/put */ + CURLOPT(CURLOPT_URL, CURLOPTTYPE_STRINGPOINT, 2), + + /* Port number to connect to, if other than default. */ + CURLOPT(CURLOPT_PORT, CURLOPTTYPE_LONG, 3), + + /* Name of proxy to use. */ + CURLOPT(CURLOPT_PROXY, CURLOPTTYPE_STRINGPOINT, 4), + + /* "user:password;options" to use when fetching. */ + CURLOPT(CURLOPT_USERPWD, CURLOPTTYPE_STRINGPOINT, 5), + + /* "user:password" to use with proxy. */ + CURLOPT(CURLOPT_PROXYUSERPWD, CURLOPTTYPE_STRINGPOINT, 6), + + /* Range to get, specified as an ASCII string. */ + CURLOPT(CURLOPT_RANGE, CURLOPTTYPE_STRINGPOINT, 7), + + /* not used */ + + /* Specified file stream to upload from (use as input): */ + CURLOPT(CURLOPT_READDATA, CURLOPTTYPE_CBPOINT, 9), + + /* Buffer to receive error messages in, must be at least CURL_ERROR_SIZE + * bytes big. */ + CURLOPT(CURLOPT_ERRORBUFFER, CURLOPTTYPE_OBJECTPOINT, 10), + + /* Function that will be called to store the output (instead of fwrite). The + * parameters will use fwrite() syntax, make sure to follow them. */ + CURLOPT(CURLOPT_WRITEFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 11), + + /* Function that will be called to read the input (instead of fread). The + * parameters will use fread() syntax, make sure to follow them. */ + CURLOPT(CURLOPT_READFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 12), + + /* Time-out the read operation after this amount of seconds */ + CURLOPT(CURLOPT_TIMEOUT, CURLOPTTYPE_LONG, 13), + + /* If CURLOPT_READDATA is used, this can be used to inform libcurl about + * how large the file being sent really is. That allows better error + * checking and better verifies that the upload was successful. -1 means + * unknown size. + * + * For large file support, there is also a _LARGE version of the key + * which takes an off_t type, allowing platforms with larger off_t + * sizes to handle larger files. See below for INFILESIZE_LARGE. + */ + CURLOPT(CURLOPT_INFILESIZE, CURLOPTTYPE_LONG, 14), + + /* POST static input fields. */ + CURLOPT(CURLOPT_POSTFIELDS, CURLOPTTYPE_OBJECTPOINT, 15), + + /* Set the referrer page (needed by some CGIs) */ + CURLOPT(CURLOPT_REFERER, CURLOPTTYPE_STRINGPOINT, 16), + + /* Set the FTP PORT string (interface name, named or numerical IP address) + Use i.e '-' to use default address. */ + CURLOPT(CURLOPT_FTPPORT, CURLOPTTYPE_STRINGPOINT, 17), + + /* Set the User-Agent string (examined by some CGIs) */ + CURLOPT(CURLOPT_USERAGENT, CURLOPTTYPE_STRINGPOINT, 18), + + /* If the download receives less than "low speed limit" bytes/second + * during "low speed time" seconds, the operations is aborted. + * You could i.e if you have a pretty high speed connection, abort if + * it is less than 2000 bytes/sec during 20 seconds. + */ + + /* Set the "low speed limit" */ + CURLOPT(CURLOPT_LOW_SPEED_LIMIT, CURLOPTTYPE_LONG, 19), + + /* Set the "low speed time" */ + CURLOPT(CURLOPT_LOW_SPEED_TIME, CURLOPTTYPE_LONG, 20), + + /* Set the continuation offset. + * + * Note there is also a _LARGE version of this key which uses + * off_t types, allowing for large file offsets on platforms which + * use larger-than-32-bit off_t's. Look below for RESUME_FROM_LARGE. + */ + CURLOPT(CURLOPT_RESUME_FROM, CURLOPTTYPE_LONG, 21), + + /* Set cookie in request: */ + CURLOPT(CURLOPT_COOKIE, CURLOPTTYPE_STRINGPOINT, 22), + + /* This points to a linked list of headers, struct curl_slist kind. This + list is also used for RTSP (in spite of its name) */ + CURLOPT(CURLOPT_HTTPHEADER, CURLOPTTYPE_SLISTPOINT, 23), + + /* This points to a linked list of post entries, struct curl_httppost */ + CURLOPTDEPRECATED(CURLOPT_HTTPPOST, CURLOPTTYPE_OBJECTPOINT, 24, + 7.56.0, "Use CURLOPT_MIMEPOST"), + + /* name of the file keeping your private SSL-certificate */ + CURLOPT(CURLOPT_SSLCERT, CURLOPTTYPE_STRINGPOINT, 25), + + /* password for the SSL or SSH private key */ + CURLOPT(CURLOPT_KEYPASSWD, CURLOPTTYPE_STRINGPOINT, 26), + + /* send TYPE parameter? */ + CURLOPT(CURLOPT_CRLF, CURLOPTTYPE_LONG, 27), + + /* send linked-list of QUOTE commands */ + CURLOPT(CURLOPT_QUOTE, CURLOPTTYPE_SLISTPOINT, 28), + + /* send FILE * or void * to store headers to, if you use a callback it + is simply passed to the callback unmodified */ + CURLOPT(CURLOPT_HEADERDATA, CURLOPTTYPE_CBPOINT, 29), + + /* point to a file to read the initial cookies from, also enables + "cookie awareness" */ + CURLOPT(CURLOPT_COOKIEFILE, CURLOPTTYPE_STRINGPOINT, 31), + + /* What version to specifically try to use. + See CURL_SSLVERSION defines below. */ + CURLOPT(CURLOPT_SSLVERSION, CURLOPTTYPE_VALUES, 32), + + /* What kind of HTTP time condition to use, see defines */ + CURLOPT(CURLOPT_TIMECONDITION, CURLOPTTYPE_VALUES, 33), + + /* Time to use with the above condition. Specified in number of seconds + since 1 Jan 1970 */ + CURLOPT(CURLOPT_TIMEVALUE, CURLOPTTYPE_LONG, 34), + + /* 35 = OBSOLETE */ + + /* Custom request, for customizing the get command like + HTTP: DELETE, TRACE and others + FTP: to use a different list command + */ + CURLOPT(CURLOPT_CUSTOMREQUEST, CURLOPTTYPE_STRINGPOINT, 36), + + /* FILE handle to use instead of stderr */ + CURLOPT(CURLOPT_STDERR, CURLOPTTYPE_OBJECTPOINT, 37), + + /* 38 is not used */ + + /* send linked-list of post-transfer QUOTE commands */ + CURLOPT(CURLOPT_POSTQUOTE, CURLOPTTYPE_SLISTPOINT, 39), + + /* 40 is not used */ + + /* talk a lot */ + CURLOPT(CURLOPT_VERBOSE, CURLOPTTYPE_LONG, 41), + + /* throw the header out too */ + CURLOPT(CURLOPT_HEADER, CURLOPTTYPE_LONG, 42), + + /* shut off the progress meter */ + CURLOPT(CURLOPT_NOPROGRESS, CURLOPTTYPE_LONG, 43), + + /* use HEAD to get http document */ + CURLOPT(CURLOPT_NOBODY, CURLOPTTYPE_LONG, 44), + + /* no output on http error codes >= 400 */ + CURLOPT(CURLOPT_FAILONERROR, CURLOPTTYPE_LONG, 45), + + /* this is an upload */ + CURLOPT(CURLOPT_UPLOAD, CURLOPTTYPE_LONG, 46), + + /* HTTP POST method */ + CURLOPT(CURLOPT_POST, CURLOPTTYPE_LONG, 47), + + /* bare names when listing directories */ + CURLOPT(CURLOPT_DIRLISTONLY, CURLOPTTYPE_LONG, 48), + + /* Append instead of overwrite on upload! */ + CURLOPT(CURLOPT_APPEND, CURLOPTTYPE_LONG, 50), + + /* Specify whether to read the user+password from the .netrc or the URL. + * This must be one of the CURL_NETRC_* enums below. */ + CURLOPT(CURLOPT_NETRC, CURLOPTTYPE_VALUES, 51), + + /* use Location: Luke! */ + CURLOPT(CURLOPT_FOLLOWLOCATION, CURLOPTTYPE_LONG, 52), + + /* transfer data in text/ASCII format */ + CURLOPT(CURLOPT_TRANSFERTEXT, CURLOPTTYPE_LONG, 53), + + /* HTTP PUT */ + CURLOPTDEPRECATED(CURLOPT_PUT, CURLOPTTYPE_LONG, 54, + 7.12.1, "Use CURLOPT_UPLOAD"), + + /* 55 = OBSOLETE */ + + /* DEPRECATED + * Function that will be called instead of the internal progress display + * function. This function should be defined as the curl_progress_callback + * prototype defines. */ + CURLOPTDEPRECATED(CURLOPT_PROGRESSFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 56, + 7.32.0, "Use CURLOPT_XFERINFOFUNCTION"), + + /* Data passed to the CURLOPT_PROGRESSFUNCTION and CURLOPT_XFERINFOFUNCTION + callbacks */ + CURLOPT(CURLOPT_XFERINFODATA, CURLOPTTYPE_CBPOINT, 57), +#define CURLOPT_PROGRESSDATA CURLOPT_XFERINFODATA + + /* We want the referrer field set automatically when following locations */ + CURLOPT(CURLOPT_AUTOREFERER, CURLOPTTYPE_LONG, 58), + + /* Port of the proxy, can be set in the proxy string as well with: + "[host]:[port]" */ + CURLOPT(CURLOPT_PROXYPORT, CURLOPTTYPE_LONG, 59), + + /* size of the POST input data, if strlen() is not good to use */ + CURLOPT(CURLOPT_POSTFIELDSIZE, CURLOPTTYPE_LONG, 60), + + /* tunnel non-http operations through an HTTP proxy */ + CURLOPT(CURLOPT_HTTPPROXYTUNNEL, CURLOPTTYPE_LONG, 61), + + /* Set the interface string to use as outgoing network interface */ + CURLOPT(CURLOPT_INTERFACE, CURLOPTTYPE_STRINGPOINT, 62), + + /* Set the krb4/5 security level, this also enables krb4/5 awareness. This + * is a string, 'clear', 'safe', 'confidential' or 'private'. If the string + * is set but does not match one of these, 'private' will be used. */ + CURLOPT(CURLOPT_KRBLEVEL, CURLOPTTYPE_STRINGPOINT, 63), + + /* Set if we should verify the peer in ssl handshake, set 1 to verify. */ + CURLOPT(CURLOPT_SSL_VERIFYPEER, CURLOPTTYPE_LONG, 64), + + /* The CApath or CAfile used to validate the peer certificate + this option is used only if SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_CAINFO, CURLOPTTYPE_STRINGPOINT, 65), + + /* 66 = OBSOLETE */ + /* 67 = OBSOLETE */ + + /* Maximum number of http redirects to follow */ + CURLOPT(CURLOPT_MAXREDIRS, CURLOPTTYPE_LONG, 68), + + /* Pass a long set to 1 to get the date of the requested document (if + possible)! Pass a zero to shut it off. */ + CURLOPT(CURLOPT_FILETIME, CURLOPTTYPE_LONG, 69), + + /* This points to a linked list of telnet options */ + CURLOPT(CURLOPT_TELNETOPTIONS, CURLOPTTYPE_SLISTPOINT, 70), + + /* Max amount of cached alive connections */ + CURLOPT(CURLOPT_MAXCONNECTS, CURLOPTTYPE_LONG, 71), + + /* 72 = OBSOLETE */ + /* 73 = OBSOLETE */ + + /* Set to explicitly use a new connection for the upcoming transfer. + Do not use this unless you are absolutely sure of this, as it makes the + operation slower and is less friendly for the network. */ + CURLOPT(CURLOPT_FRESH_CONNECT, CURLOPTTYPE_LONG, 74), + + /* Set to explicitly forbid the upcoming transfer's connection to be reused + when done. Do not use this unless you are absolutely sure of this, as it + makes the operation slower and is less friendly for the network. */ + CURLOPT(CURLOPT_FORBID_REUSE, CURLOPTTYPE_LONG, 75), + + /* Set to a filename that contains random data for libcurl to use to + seed the random engine when doing SSL connects. */ + CURLOPTDEPRECATED(CURLOPT_RANDOM_FILE, CURLOPTTYPE_STRINGPOINT, 76, + 7.84.0, "Serves no purpose anymore"), + + /* Set to the Entropy Gathering Daemon socket pathname */ + CURLOPTDEPRECATED(CURLOPT_EGDSOCKET, CURLOPTTYPE_STRINGPOINT, 77, + 7.84.0, "Serves no purpose anymore"), + + /* Time-out connect operations after this amount of seconds, if connects are + OK within this time, then fine... This only aborts the connect phase. */ + CURLOPT(CURLOPT_CONNECTTIMEOUT, CURLOPTTYPE_LONG, 78), + + /* Function that will be called to store headers (instead of fwrite). The + * parameters will use fwrite() syntax, make sure to follow them. */ + CURLOPT(CURLOPT_HEADERFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 79), + + /* Set this to force the HTTP request to get back to GET. Only really usable + if POST, PUT or a custom request have been used first. + */ + CURLOPT(CURLOPT_HTTPGET, CURLOPTTYPE_LONG, 80), + + /* Set if we should verify the Common name from the peer certificate in ssl + * handshake, set 1 to check existence, 2 to ensure that it matches the + * provided hostname. */ + CURLOPT(CURLOPT_SSL_VERIFYHOST, CURLOPTTYPE_LONG, 81), + + /* Specify which filename to write all known cookies in after completed + operation. Set filename to "-" (dash) to make it go to stdout. */ + CURLOPT(CURLOPT_COOKIEJAR, CURLOPTTYPE_STRINGPOINT, 82), + + /* Specify which TLS 1.2 (1.1, 1.0) ciphers to use */ + CURLOPT(CURLOPT_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 83), + + /* Specify which HTTP version to use! This must be set to one of the + CURL_HTTP_VERSION* enums set below. */ + CURLOPT(CURLOPT_HTTP_VERSION, CURLOPTTYPE_VALUES, 84), + + /* Specifically switch on or off the FTP engine's use of the EPSV command. By + default, that one will always be attempted before the more traditional + PASV command. */ + CURLOPT(CURLOPT_FTP_USE_EPSV, CURLOPTTYPE_LONG, 85), + + /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") */ + CURLOPT(CURLOPT_SSLCERTTYPE, CURLOPTTYPE_STRINGPOINT, 86), + + /* name of the file keeping your private SSL-key */ + CURLOPT(CURLOPT_SSLKEY, CURLOPTTYPE_STRINGPOINT, 87), + + /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") */ + CURLOPT(CURLOPT_SSLKEYTYPE, CURLOPTTYPE_STRINGPOINT, 88), + + /* crypto engine for the SSL-sub system */ + CURLOPT(CURLOPT_SSLENGINE, CURLOPTTYPE_STRINGPOINT, 89), + + /* set the crypto engine for the SSL-sub system as default + the param has no meaning... + */ + CURLOPT(CURLOPT_SSLENGINE_DEFAULT, CURLOPTTYPE_LONG, 90), + + /* Non-zero value means to use the global dns cache */ + /* DEPRECATED, do not use! */ + CURLOPTDEPRECATED(CURLOPT_DNS_USE_GLOBAL_CACHE, CURLOPTTYPE_LONG, 91, + 7.11.1, "Use CURLOPT_SHARE"), + + /* DNS cache timeout */ + CURLOPT(CURLOPT_DNS_CACHE_TIMEOUT, CURLOPTTYPE_LONG, 92), + + /* send linked-list of pre-transfer QUOTE commands */ + CURLOPT(CURLOPT_PREQUOTE, CURLOPTTYPE_SLISTPOINT, 93), + + /* set the debug function */ + CURLOPT(CURLOPT_DEBUGFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 94), + + /* set the data for the debug function */ + CURLOPT(CURLOPT_DEBUGDATA, CURLOPTTYPE_CBPOINT, 95), + + /* mark this as start of a cookie session */ + CURLOPT(CURLOPT_COOKIESESSION, CURLOPTTYPE_LONG, 96), + + /* The CApath directory used to validate the peer certificate + this option is used only if SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_CAPATH, CURLOPTTYPE_STRINGPOINT, 97), + + /* Instruct libcurl to use a smaller receive buffer */ + CURLOPT(CURLOPT_BUFFERSIZE, CURLOPTTYPE_LONG, 98), + + /* Instruct libcurl to not use any signal/alarm handlers, even when using + timeouts. This option is useful for multi-threaded applications. + See libcurl-the-guide for more background information. */ + CURLOPT(CURLOPT_NOSIGNAL, CURLOPTTYPE_LONG, 99), + + /* Provide a CURLShare for mutexing non-ts data */ + CURLOPT(CURLOPT_SHARE, CURLOPTTYPE_OBJECTPOINT, 100), + + /* indicates type of proxy. accepted values are CURLPROXY_HTTP (default), + CURLPROXY_HTTPS, CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and + CURLPROXY_SOCKS5. */ + CURLOPT(CURLOPT_PROXYTYPE, CURLOPTTYPE_VALUES, 101), + + /* Set the Accept-Encoding string. Use this to tell a server you would like + the response to be compressed. Before 7.21.6, this was known as + CURLOPT_ENCODING */ + CURLOPT(CURLOPT_ACCEPT_ENCODING, CURLOPTTYPE_STRINGPOINT, 102), + + /* Set pointer to private data */ + CURLOPT(CURLOPT_PRIVATE, CURLOPTTYPE_OBJECTPOINT, 103), + + /* Set aliases for HTTP 200 in the HTTP Response header */ + CURLOPT(CURLOPT_HTTP200ALIASES, CURLOPTTYPE_SLISTPOINT, 104), + + /* Continue to send authentication (user+password) when following locations, + even when hostname changed. This can potentially send off the name + and password to whatever host the server decides. */ + CURLOPT(CURLOPT_UNRESTRICTED_AUTH, CURLOPTTYPE_LONG, 105), + + /* Specifically switch on or off the FTP engine's use of the EPRT command ( + it also disables the LPRT attempt). By default, those ones will always be + attempted before the good old traditional PORT command. */ + CURLOPT(CURLOPT_FTP_USE_EPRT, CURLOPTTYPE_LONG, 106), + + /* Set this to a bitmask value to enable the particular authentications + methods you like. Use this in combination with CURLOPT_USERPWD. + Note that setting multiple bits may cause extra network round-trips. */ + CURLOPT(CURLOPT_HTTPAUTH, CURLOPTTYPE_VALUES, 107), + + /* Set the ssl context callback function, currently only for OpenSSL or + wolfSSL ssl_ctx, or mbedTLS mbedtls_ssl_config in the second argument. + The function must match the curl_ssl_ctx_callback prototype. */ + CURLOPT(CURLOPT_SSL_CTX_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 108), + + /* Set the userdata for the ssl context callback function's third + argument */ + CURLOPT(CURLOPT_SSL_CTX_DATA, CURLOPTTYPE_CBPOINT, 109), + + /* FTP Option that causes missing dirs to be created on the remote server. + In 7.19.4 we introduced the convenience enums for this option using the + CURLFTP_CREATE_DIR prefix. + */ + CURLOPT(CURLOPT_FTP_CREATE_MISSING_DIRS, CURLOPTTYPE_LONG, 110), + + /* Set this to a bitmask value to enable the particular authentications + methods you like. Use this in combination with CURLOPT_PROXYUSERPWD. + Note that setting multiple bits may cause extra network round-trips. */ + CURLOPT(CURLOPT_PROXYAUTH, CURLOPTTYPE_VALUES, 111), + + /* Option that changes the timeout, in seconds, associated with getting a + response. This is different from transfer timeout time and essentially + places a demand on the server to acknowledge commands in a timely + manner. For FTP, SMTP, IMAP and POP3. */ + CURLOPT(CURLOPT_SERVER_RESPONSE_TIMEOUT, CURLOPTTYPE_LONG, 112), + + /* Set this option to one of the CURL_IPRESOLVE_* defines (see below) to + tell libcurl to use those IP versions only. This only has effect on + systems with support for more than one, i.e IPv4 _and_ IPv6. */ + CURLOPT(CURLOPT_IPRESOLVE, CURLOPTTYPE_VALUES, 113), + + /* Set this option to limit the size of a file that will be downloaded from + an HTTP or FTP server. + + Note there is also _LARGE version which adds large file support for + platforms which have larger off_t sizes. See MAXFILESIZE_LARGE below. */ + CURLOPT(CURLOPT_MAXFILESIZE, CURLOPTTYPE_LONG, 114), + + /* See the comment for INFILESIZE above, but in short, specifies + * the size of the file being uploaded. -1 means unknown. + */ + CURLOPT(CURLOPT_INFILESIZE_LARGE, CURLOPTTYPE_OFF_T, 115), + + /* Sets the continuation offset. There is also a CURLOPTTYPE_LONG version + * of this; look above for RESUME_FROM. + */ + CURLOPT(CURLOPT_RESUME_FROM_LARGE, CURLOPTTYPE_OFF_T, 116), + + /* Sets the maximum size of data that will be downloaded from + * an HTTP or FTP server. See MAXFILESIZE above for the LONG version. + */ + CURLOPT(CURLOPT_MAXFILESIZE_LARGE, CURLOPTTYPE_OFF_T, 117), + + /* Set this option to the filename of your .netrc file you want libcurl + to parse (using the CURLOPT_NETRC option). If not set, libcurl will do + a poor attempt to find the user's home directory and check for a .netrc + file in there. */ + CURLOPT(CURLOPT_NETRC_FILE, CURLOPTTYPE_STRINGPOINT, 118), + + /* Enable SSL/TLS for FTP, pick one of: + CURLUSESSL_TRY - try using SSL, proceed anyway otherwise + CURLUSESSL_CONTROL - SSL for the control connection or fail + CURLUSESSL_ALL - SSL for all communication or fail + */ + CURLOPT(CURLOPT_USE_SSL, CURLOPTTYPE_VALUES, 119), + + /* The _LARGE version of the standard POSTFIELDSIZE option */ + CURLOPT(CURLOPT_POSTFIELDSIZE_LARGE, CURLOPTTYPE_OFF_T, 120), + + /* Enable/disable the TCP Nagle algorithm */ + CURLOPT(CURLOPT_TCP_NODELAY, CURLOPTTYPE_LONG, 121), + + /* 122 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 123 OBSOLETE. Gone in 7.16.0 */ + /* 124 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 125 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 126 OBSOLETE, used in 7.12.3. Gone in 7.13.0 */ + /* 127 OBSOLETE. Gone in 7.16.0 */ + /* 128 OBSOLETE. Gone in 7.16.0 */ + + /* When FTP over SSL/TLS is selected (with CURLOPT_USE_SSL), this option + can be used to change libcurl's default action which is to first try + "AUTH SSL" and then "AUTH TLS" in this order, and proceed when a OK + response has been received. + + Available parameters are: + CURLFTPAUTH_DEFAULT - let libcurl decide + CURLFTPAUTH_SSL - try "AUTH SSL" first, then TLS + CURLFTPAUTH_TLS - try "AUTH TLS" first, then SSL + */ + CURLOPT(CURLOPT_FTPSSLAUTH, CURLOPTTYPE_VALUES, 129), + + CURLOPTDEPRECATED(CURLOPT_IOCTLFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 130, + 7.18.0, "Use CURLOPT_SEEKFUNCTION"), + CURLOPTDEPRECATED(CURLOPT_IOCTLDATA, CURLOPTTYPE_CBPOINT, 131, + 7.18.0, "Use CURLOPT_SEEKDATA"), + + /* 132 OBSOLETE. Gone in 7.16.0 */ + /* 133 OBSOLETE. Gone in 7.16.0 */ + + /* null-terminated string for pass on to the FTP server when asked for + "account" info */ + CURLOPT(CURLOPT_FTP_ACCOUNT, CURLOPTTYPE_STRINGPOINT, 134), + + /* feed cookie into cookie engine */ + CURLOPT(CURLOPT_COOKIELIST, CURLOPTTYPE_STRINGPOINT, 135), + + /* ignore Content-Length */ + CURLOPT(CURLOPT_IGNORE_CONTENT_LENGTH, CURLOPTTYPE_LONG, 136), + + /* Set to non-zero to skip the IP address received in a 227 PASV FTP server + response. Typically used for FTP-SSL purposes but is not restricted to + that. libcurl will then instead use the same IP address it used for the + control connection. */ + CURLOPT(CURLOPT_FTP_SKIP_PASV_IP, CURLOPTTYPE_LONG, 137), + + /* Select "file method" to use when doing FTP, see the curl_ftpmethod + above. */ + CURLOPT(CURLOPT_FTP_FILEMETHOD, CURLOPTTYPE_VALUES, 138), + + /* Local port number to bind the socket to */ + CURLOPT(CURLOPT_LOCALPORT, CURLOPTTYPE_LONG, 139), + + /* Number of ports to try, including the first one set with LOCALPORT. + Thus, setting it to 1 will make no additional attempts but the first. + */ + CURLOPT(CURLOPT_LOCALPORTRANGE, CURLOPTTYPE_LONG, 140), + + /* no transfer, set up connection and let application use the socket by + extracting it with CURLINFO_LASTSOCKET */ + CURLOPT(CURLOPT_CONNECT_ONLY, CURLOPTTYPE_LONG, 141), + + /* Function that will be called to convert from the + network encoding (instead of using the iconv calls in libcurl) */ + CURLOPTDEPRECATED(CURLOPT_CONV_FROM_NETWORK_FUNCTION, + CURLOPTTYPE_FUNCTIONPOINT, 142, + 7.82.0, "Serves no purpose anymore"), + + /* Function that will be called to convert to the + network encoding (instead of using the iconv calls in libcurl) */ + CURLOPTDEPRECATED(CURLOPT_CONV_TO_NETWORK_FUNCTION, + CURLOPTTYPE_FUNCTIONPOINT, 143, + 7.82.0, "Serves no purpose anymore"), + + /* Function that will be called to convert from UTF8 + (instead of using the iconv calls in libcurl) + Note that this is used only for SSL certificate processing */ + CURLOPTDEPRECATED(CURLOPT_CONV_FROM_UTF8_FUNCTION, + CURLOPTTYPE_FUNCTIONPOINT, 144, + 7.82.0, "Serves no purpose anymore"), + + /* if the connection proceeds too quickly then need to slow it down */ + /* limit-rate: maximum number of bytes per second to send or receive */ + CURLOPT(CURLOPT_MAX_SEND_SPEED_LARGE, CURLOPTTYPE_OFF_T, 145), + CURLOPT(CURLOPT_MAX_RECV_SPEED_LARGE, CURLOPTTYPE_OFF_T, 146), + + /* Pointer to command string to send if USER/PASS fails. */ + CURLOPT(CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPTTYPE_STRINGPOINT, 147), + + /* callback function for setting socket options */ + CURLOPT(CURLOPT_SOCKOPTFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 148), + CURLOPT(CURLOPT_SOCKOPTDATA, CURLOPTTYPE_CBPOINT, 149), + + /* set to 0 to disable session ID reuse for this transfer, default is + enabled (== 1) */ + CURLOPT(CURLOPT_SSL_SESSIONID_CACHE, CURLOPTTYPE_LONG, 150), + + /* allowed SSH authentication methods */ + CURLOPT(CURLOPT_SSH_AUTH_TYPES, CURLOPTTYPE_VALUES, 151), + + /* Used by scp/sftp to do public/private key authentication */ + CURLOPT(CURLOPT_SSH_PUBLIC_KEYFILE, CURLOPTTYPE_STRINGPOINT, 152), + CURLOPT(CURLOPT_SSH_PRIVATE_KEYFILE, CURLOPTTYPE_STRINGPOINT, 153), + + /* Send CCC (Clear Command Channel) after authentication */ + CURLOPT(CURLOPT_FTP_SSL_CCC, CURLOPTTYPE_LONG, 154), + + /* Same as TIMEOUT and CONNECTTIMEOUT, but with ms resolution */ + CURLOPT(CURLOPT_TIMEOUT_MS, CURLOPTTYPE_LONG, 155), + CURLOPT(CURLOPT_CONNECTTIMEOUT_MS, CURLOPTTYPE_LONG, 156), + + /* set to zero to disable the libcurl's decoding and thus pass the raw body + data to the application even when it is encoded/compressed */ + CURLOPT(CURLOPT_HTTP_TRANSFER_DECODING, CURLOPTTYPE_LONG, 157), + CURLOPT(CURLOPT_HTTP_CONTENT_DECODING, CURLOPTTYPE_LONG, 158), + + /* Permission used when creating new files and directories on the remote + server for protocols that support it, SFTP/SCP/FILE */ + CURLOPT(CURLOPT_NEW_FILE_PERMS, CURLOPTTYPE_LONG, 159), + CURLOPT(CURLOPT_NEW_DIRECTORY_PERMS, CURLOPTTYPE_LONG, 160), + + /* Set the behavior of POST when redirecting. Values must be set to one + of CURL_REDIR* defines below. This used to be called CURLOPT_POST301 */ + CURLOPT(CURLOPT_POSTREDIR, CURLOPTTYPE_VALUES, 161), + + /* used by scp/sftp to verify the host's public key */ + CURLOPT(CURLOPT_SSH_HOST_PUBLIC_KEY_MD5, CURLOPTTYPE_STRINGPOINT, 162), + + /* Callback function for opening socket (instead of socket(2)). Optionally, + callback is able change the address or refuse to connect returning + CURL_SOCKET_BAD. The callback should have type + curl_opensocket_callback */ + CURLOPT(CURLOPT_OPENSOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 163), + CURLOPT(CURLOPT_OPENSOCKETDATA, CURLOPTTYPE_CBPOINT, 164), + + /* POST volatile input fields. */ + CURLOPT(CURLOPT_COPYPOSTFIELDS, CURLOPTTYPE_OBJECTPOINT, 165), + + /* set transfer mode (;type=) when doing FTP via an HTTP proxy */ + CURLOPT(CURLOPT_PROXY_TRANSFER_MODE, CURLOPTTYPE_LONG, 166), + + /* Callback function for seeking in the input stream */ + CURLOPT(CURLOPT_SEEKFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 167), + CURLOPT(CURLOPT_SEEKDATA, CURLOPTTYPE_CBPOINT, 168), + + /* CRL file */ + CURLOPT(CURLOPT_CRLFILE, CURLOPTTYPE_STRINGPOINT, 169), + + /* Issuer certificate */ + CURLOPT(CURLOPT_ISSUERCERT, CURLOPTTYPE_STRINGPOINT, 170), + + /* (IPv6) Address scope */ + CURLOPT(CURLOPT_ADDRESS_SCOPE, CURLOPTTYPE_LONG, 171), + + /* Collect certificate chain info and allow it to get retrievable with + CURLINFO_CERTINFO after the transfer is complete. */ + CURLOPT(CURLOPT_CERTINFO, CURLOPTTYPE_LONG, 172), + + /* "name" and "pwd" to use when fetching. */ + CURLOPT(CURLOPT_USERNAME, CURLOPTTYPE_STRINGPOINT, 173), + CURLOPT(CURLOPT_PASSWORD, CURLOPTTYPE_STRINGPOINT, 174), + + /* "name" and "pwd" to use with Proxy when fetching. */ + CURLOPT(CURLOPT_PROXYUSERNAME, CURLOPTTYPE_STRINGPOINT, 175), + CURLOPT(CURLOPT_PROXYPASSWORD, CURLOPTTYPE_STRINGPOINT, 176), + + /* Comma separated list of hostnames defining no-proxy zones. These should + match both hostnames directly, and hostnames within a domain. For + example, local.com will match local.com and www.local.com, but NOT + notlocal.com or www.notlocal.com. For compatibility with other + implementations of this, .local.com will be considered to be the same as + local.com. A single * is the only valid wildcard, and effectively + disables the use of proxy. */ + CURLOPT(CURLOPT_NOPROXY, CURLOPTTYPE_STRINGPOINT, 177), + + /* block size for TFTP transfers */ + CURLOPT(CURLOPT_TFTP_BLKSIZE, CURLOPTTYPE_LONG, 178), + + /* Socks Service */ + /* DEPRECATED, do not use! */ + CURLOPTDEPRECATED(CURLOPT_SOCKS5_GSSAPI_SERVICE, + CURLOPTTYPE_STRINGPOINT, 179, + 7.49.0, "Use CURLOPT_PROXY_SERVICE_NAME"), + + /* Socks Service */ + CURLOPT(CURLOPT_SOCKS5_GSSAPI_NEC, CURLOPTTYPE_LONG, 180), + + /* set the bitmask for the protocols that are allowed to be used for the + transfer, which thus helps the app which takes URLs from users or other + external inputs and want to restrict what protocol(s) to deal + with. Defaults to CURLPROTO_ALL. */ + CURLOPTDEPRECATED(CURLOPT_PROTOCOLS, CURLOPTTYPE_LONG, 181, + 7.85.0, "Use CURLOPT_PROTOCOLS_STR"), + + /* set the bitmask for the protocols that libcurl is allowed to follow to, + as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs + to be set in both bitmasks to be allowed to get redirected to. */ + CURLOPTDEPRECATED(CURLOPT_REDIR_PROTOCOLS, CURLOPTTYPE_LONG, 182, + 7.85.0, "Use CURLOPT_REDIR_PROTOCOLS_STR"), + + /* set the SSH knownhost filename to use */ + CURLOPT(CURLOPT_SSH_KNOWNHOSTS, CURLOPTTYPE_STRINGPOINT, 183), + + /* set the SSH host key callback, must point to a curl_sshkeycallback + function */ + CURLOPT(CURLOPT_SSH_KEYFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 184), + + /* set the SSH host key callback custom pointer */ + CURLOPT(CURLOPT_SSH_KEYDATA, CURLOPTTYPE_CBPOINT, 185), + + /* set the SMTP mail originator */ + CURLOPT(CURLOPT_MAIL_FROM, CURLOPTTYPE_STRINGPOINT, 186), + + /* set the list of SMTP mail receiver(s) */ + CURLOPT(CURLOPT_MAIL_RCPT, CURLOPTTYPE_SLISTPOINT, 187), + + /* FTP: send PRET before PASV */ + CURLOPT(CURLOPT_FTP_USE_PRET, CURLOPTTYPE_LONG, 188), + + /* RTSP request method (OPTIONS, SETUP, PLAY, etc...) */ + CURLOPT(CURLOPT_RTSP_REQUEST, CURLOPTTYPE_VALUES, 189), + + /* The RTSP session identifier */ + CURLOPT(CURLOPT_RTSP_SESSION_ID, CURLOPTTYPE_STRINGPOINT, 190), + + /* The RTSP stream URI */ + CURLOPT(CURLOPT_RTSP_STREAM_URI, CURLOPTTYPE_STRINGPOINT, 191), + + /* The Transport: header to use in RTSP requests */ + CURLOPT(CURLOPT_RTSP_TRANSPORT, CURLOPTTYPE_STRINGPOINT, 192), + + /* Manually initialize the client RTSP CSeq for this handle */ + CURLOPT(CURLOPT_RTSP_CLIENT_CSEQ, CURLOPTTYPE_LONG, 193), + + /* Manually initialize the server RTSP CSeq for this handle */ + CURLOPT(CURLOPT_RTSP_SERVER_CSEQ, CURLOPTTYPE_LONG, 194), + + /* The stream to pass to INTERLEAVEFUNCTION. */ + CURLOPT(CURLOPT_INTERLEAVEDATA, CURLOPTTYPE_CBPOINT, 195), + + /* Let the application define a custom write method for RTP data */ + CURLOPT(CURLOPT_INTERLEAVEFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 196), + + /* Turn on wildcard matching */ + CURLOPT(CURLOPT_WILDCARDMATCH, CURLOPTTYPE_LONG, 197), + + /* Directory matching callback called before downloading of an + individual file (chunk) started */ + CURLOPT(CURLOPT_CHUNK_BGN_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 198), + + /* Directory matching callback called after the file (chunk) + was downloaded, or skipped */ + CURLOPT(CURLOPT_CHUNK_END_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 199), + + /* Change match (fnmatch-like) callback for wildcard matching */ + CURLOPT(CURLOPT_FNMATCH_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 200), + + /* Let the application define custom chunk data pointer */ + CURLOPT(CURLOPT_CHUNK_DATA, CURLOPTTYPE_CBPOINT, 201), + + /* FNMATCH_FUNCTION user pointer */ + CURLOPT(CURLOPT_FNMATCH_DATA, CURLOPTTYPE_CBPOINT, 202), + + /* send linked-list of name:port:address sets */ + CURLOPT(CURLOPT_RESOLVE, CURLOPTTYPE_SLISTPOINT, 203), + + /* Set a username for authenticated TLS */ + CURLOPT(CURLOPT_TLSAUTH_USERNAME, CURLOPTTYPE_STRINGPOINT, 204), + + /* Set a password for authenticated TLS */ + CURLOPT(CURLOPT_TLSAUTH_PASSWORD, CURLOPTTYPE_STRINGPOINT, 205), + + /* Set authentication type for authenticated TLS */ + CURLOPT(CURLOPT_TLSAUTH_TYPE, CURLOPTTYPE_STRINGPOINT, 206), + + /* Set to 1 to enable the "TE:" header in HTTP requests to ask for + compressed transfer-encoded responses. Set to 0 to disable the use of TE: + in outgoing requests. The current default is 0, but it might change in a + future libcurl release. + + libcurl will ask for the compressed methods it knows of, and if that + is not any, it will not ask for transfer-encoding at all even if this + option is set to 1. + + */ + CURLOPT(CURLOPT_TRANSFER_ENCODING, CURLOPTTYPE_LONG, 207), + + /* Callback function for closing socket (instead of close(2)). The callback + should have type curl_closesocket_callback */ + CURLOPT(CURLOPT_CLOSESOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 208), + CURLOPT(CURLOPT_CLOSESOCKETDATA, CURLOPTTYPE_CBPOINT, 209), + + /* allow GSSAPI credential delegation */ + CURLOPT(CURLOPT_GSSAPI_DELEGATION, CURLOPTTYPE_VALUES, 210), + + /* Set the name servers to use for DNS resolution. + * Only supported by the c-ares DNS backend */ + CURLOPT(CURLOPT_DNS_SERVERS, CURLOPTTYPE_STRINGPOINT, 211), + + /* Time-out accept operations (currently for FTP only) after this amount + of milliseconds. */ + CURLOPT(CURLOPT_ACCEPTTIMEOUT_MS, CURLOPTTYPE_LONG, 212), + + /* Set TCP keepalive */ + CURLOPT(CURLOPT_TCP_KEEPALIVE, CURLOPTTYPE_LONG, 213), + + /* non-universal keepalive knobs (Linux, AIX, HP-UX, more) */ + CURLOPT(CURLOPT_TCP_KEEPIDLE, CURLOPTTYPE_LONG, 214), + CURLOPT(CURLOPT_TCP_KEEPINTVL, CURLOPTTYPE_LONG, 215), + + /* Enable/disable specific SSL features with a bitmask, see CURLSSLOPT_* */ + CURLOPT(CURLOPT_SSL_OPTIONS, CURLOPTTYPE_VALUES, 216), + + /* Set the SMTP auth originator */ + CURLOPT(CURLOPT_MAIL_AUTH, CURLOPTTYPE_STRINGPOINT, 217), + + /* Enable/disable SASL initial response */ + CURLOPT(CURLOPT_SASL_IR, CURLOPTTYPE_LONG, 218), + + /* Function that will be called instead of the internal progress display + * function. This function should be defined as the curl_xferinfo_callback + * prototype defines. (Deprecates CURLOPT_PROGRESSFUNCTION) */ + CURLOPT(CURLOPT_XFERINFOFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 219), + + /* The XOAUTH2 bearer token */ + CURLOPT(CURLOPT_XOAUTH2_BEARER, CURLOPTTYPE_STRINGPOINT, 220), + + /* Set the interface string to use as outgoing network + * interface for DNS requests. + * Only supported by the c-ares DNS backend */ + CURLOPT(CURLOPT_DNS_INTERFACE, CURLOPTTYPE_STRINGPOINT, 221), + + /* Set the local IPv4 address to use for outgoing DNS requests. + * Only supported by the c-ares DNS backend */ + CURLOPT(CURLOPT_DNS_LOCAL_IP4, CURLOPTTYPE_STRINGPOINT, 222), + + /* Set the local IPv6 address to use for outgoing DNS requests. + * Only supported by the c-ares DNS backend */ + CURLOPT(CURLOPT_DNS_LOCAL_IP6, CURLOPTTYPE_STRINGPOINT, 223), + + /* Set authentication options directly */ + CURLOPT(CURLOPT_LOGIN_OPTIONS, CURLOPTTYPE_STRINGPOINT, 224), + + /* Enable/disable TLS NPN extension (http2 over ssl might fail without) */ + CURLOPTDEPRECATED(CURLOPT_SSL_ENABLE_NPN, CURLOPTTYPE_LONG, 225, + 7.86.0, "Has no function"), + + /* Enable/disable TLS ALPN extension (http2 over ssl might fail without) */ + CURLOPT(CURLOPT_SSL_ENABLE_ALPN, CURLOPTTYPE_LONG, 226), + + /* Time to wait for a response to an HTTP request containing an + * Expect: 100-continue header before sending the data anyway. */ + CURLOPT(CURLOPT_EXPECT_100_TIMEOUT_MS, CURLOPTTYPE_LONG, 227), + + /* This points to a linked list of headers used for proxy requests only, + struct curl_slist kind */ + CURLOPT(CURLOPT_PROXYHEADER, CURLOPTTYPE_SLISTPOINT, 228), + + /* Pass in a bitmask of "header options" */ + CURLOPT(CURLOPT_HEADEROPT, CURLOPTTYPE_VALUES, 229), + + /* The public key in DER form used to validate the peer public key + this option is used only if SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_PINNEDPUBLICKEY, CURLOPTTYPE_STRINGPOINT, 230), + + /* Path to Unix domain socket */ + CURLOPT(CURLOPT_UNIX_SOCKET_PATH, CURLOPTTYPE_STRINGPOINT, 231), + + /* Set if we should verify the certificate status. */ + CURLOPT(CURLOPT_SSL_VERIFYSTATUS, CURLOPTTYPE_LONG, 232), + + /* Set if we should enable TLS false start. */ + CURLOPTDEPRECATED(CURLOPT_SSL_FALSESTART, CURLOPTTYPE_LONG, 233, + 8.15.0, "Has no function"), + + /* Do not squash dot-dot sequences */ + CURLOPT(CURLOPT_PATH_AS_IS, CURLOPTTYPE_LONG, 234), + + /* Proxy Service Name */ + CURLOPT(CURLOPT_PROXY_SERVICE_NAME, CURLOPTTYPE_STRINGPOINT, 235), + + /* Service Name */ + CURLOPT(CURLOPT_SERVICE_NAME, CURLOPTTYPE_STRINGPOINT, 236), + + /* Wait/do not wait for pipe/mutex to clarify */ + CURLOPT(CURLOPT_PIPEWAIT, CURLOPTTYPE_LONG, 237), + + /* Set the protocol used when curl is given a URL without a protocol */ + CURLOPT(CURLOPT_DEFAULT_PROTOCOL, CURLOPTTYPE_STRINGPOINT, 238), + + /* Set stream weight, 1 - 256 (default is 16) */ + CURLOPT(CURLOPT_STREAM_WEIGHT, CURLOPTTYPE_LONG, 239), + + /* Set stream dependency on another curl handle */ + CURLOPT(CURLOPT_STREAM_DEPENDS, CURLOPTTYPE_OBJECTPOINT, 240), + + /* Set E-xclusive stream dependency on another curl handle */ + CURLOPT(CURLOPT_STREAM_DEPENDS_E, CURLOPTTYPE_OBJECTPOINT, 241), + + /* Do not send any tftp option requests to the server */ + CURLOPT(CURLOPT_TFTP_NO_OPTIONS, CURLOPTTYPE_LONG, 242), + + /* Linked-list of host:port:connect-to-host:connect-to-port, + overrides the URL's host:port (only for the network layer) */ + CURLOPT(CURLOPT_CONNECT_TO, CURLOPTTYPE_SLISTPOINT, 243), + + /* Set TCP Fast Open */ + CURLOPT(CURLOPT_TCP_FASTOPEN, CURLOPTTYPE_LONG, 244), + + /* Continue to send data if the server responds early with an + * HTTP status code >= 300 */ + CURLOPT(CURLOPT_KEEP_SENDING_ON_ERROR, CURLOPTTYPE_LONG, 245), + + /* The CApath or CAfile used to validate the proxy certificate + this option is used only if PROXY_SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_PROXY_CAINFO, CURLOPTTYPE_STRINGPOINT, 246), + + /* The CApath directory used to validate the proxy certificate + this option is used only if PROXY_SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_PROXY_CAPATH, CURLOPTTYPE_STRINGPOINT, 247), + + /* Set if we should verify the proxy in ssl handshake, + set 1 to verify. */ + CURLOPT(CURLOPT_PROXY_SSL_VERIFYPEER, CURLOPTTYPE_LONG, 248), + + /* Set if we should verify the Common name from the proxy certificate in ssl + * handshake, set 1 to check existence, 2 to ensure that it matches + * the provided hostname. */ + CURLOPT(CURLOPT_PROXY_SSL_VERIFYHOST, CURLOPTTYPE_LONG, 249), + + /* What version to specifically try to use for proxy. + See CURL_SSLVERSION defines below. */ + CURLOPT(CURLOPT_PROXY_SSLVERSION, CURLOPTTYPE_VALUES, 250), + + /* Set a username for authenticated TLS for proxy */ + CURLOPT(CURLOPT_PROXY_TLSAUTH_USERNAME, CURLOPTTYPE_STRINGPOINT, 251), + + /* Set a password for authenticated TLS for proxy */ + CURLOPT(CURLOPT_PROXY_TLSAUTH_PASSWORD, CURLOPTTYPE_STRINGPOINT, 252), + + /* Set authentication type for authenticated TLS for proxy */ + CURLOPT(CURLOPT_PROXY_TLSAUTH_TYPE, CURLOPTTYPE_STRINGPOINT, 253), + + /* name of the file keeping your private SSL-certificate for proxy */ + CURLOPT(CURLOPT_PROXY_SSLCERT, CURLOPTTYPE_STRINGPOINT, 254), + + /* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") for + proxy */ + CURLOPT(CURLOPT_PROXY_SSLCERTTYPE, CURLOPTTYPE_STRINGPOINT, 255), + + /* name of the file keeping your private SSL-key for proxy */ + CURLOPT(CURLOPT_PROXY_SSLKEY, CURLOPTTYPE_STRINGPOINT, 256), + + /* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") for + proxy */ + CURLOPT(CURLOPT_PROXY_SSLKEYTYPE, CURLOPTTYPE_STRINGPOINT, 257), + + /* password for the SSL private key for proxy */ + CURLOPT(CURLOPT_PROXY_KEYPASSWD, CURLOPTTYPE_STRINGPOINT, 258), + + /* Specify which TLS 1.2 (1.1, 1.0) ciphers to use for proxy */ + CURLOPT(CURLOPT_PROXY_SSL_CIPHER_LIST, CURLOPTTYPE_STRINGPOINT, 259), + + /* CRL file for proxy */ + CURLOPT(CURLOPT_PROXY_CRLFILE, CURLOPTTYPE_STRINGPOINT, 260), + + /* Enable/disable specific SSL features with a bitmask for proxy, see + CURLSSLOPT_* */ + CURLOPT(CURLOPT_PROXY_SSL_OPTIONS, CURLOPTTYPE_LONG, 261), + + /* Name of pre proxy to use. */ + CURLOPT(CURLOPT_PRE_PROXY, CURLOPTTYPE_STRINGPOINT, 262), + + /* The public key in DER form used to validate the proxy public key + this option is used only if PROXY_SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_PROXY_PINNEDPUBLICKEY, CURLOPTTYPE_STRINGPOINT, 263), + + /* Path to an abstract Unix domain socket */ + CURLOPT(CURLOPT_ABSTRACT_UNIX_SOCKET, CURLOPTTYPE_STRINGPOINT, 264), + + /* Suppress proxy CONNECT response headers from user callbacks */ + CURLOPT(CURLOPT_SUPPRESS_CONNECT_HEADERS, CURLOPTTYPE_LONG, 265), + + /* The request target, instead of extracted from the URL */ + CURLOPT(CURLOPT_REQUEST_TARGET, CURLOPTTYPE_STRINGPOINT, 266), + + /* bitmask of allowed auth methods for connections to SOCKS5 proxies */ + CURLOPT(CURLOPT_SOCKS5_AUTH, CURLOPTTYPE_LONG, 267), + + /* Enable/disable SSH compression */ + CURLOPT(CURLOPT_SSH_COMPRESSION, CURLOPTTYPE_LONG, 268), + + /* Post MIME data. */ + CURLOPT(CURLOPT_MIMEPOST, CURLOPTTYPE_OBJECTPOINT, 269), + + /* Time to use with the CURLOPT_TIMECONDITION. Specified in number of + seconds since 1 Jan 1970. */ + CURLOPT(CURLOPT_TIMEVALUE_LARGE, CURLOPTTYPE_OFF_T, 270), + + /* Head start in milliseconds to give happy eyeballs. */ + CURLOPT(CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS, CURLOPTTYPE_LONG, 271), + + /* Function that will be called before a resolver request is made */ + CURLOPT(CURLOPT_RESOLVER_START_FUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 272), + + /* User data to pass to the resolver start callback. */ + CURLOPT(CURLOPT_RESOLVER_START_DATA, CURLOPTTYPE_CBPOINT, 273), + + /* send HAProxy PROXY protocol header? */ + CURLOPT(CURLOPT_HAPROXYPROTOCOL, CURLOPTTYPE_LONG, 274), + + /* shuffle addresses before use when DNS returns multiple */ + CURLOPT(CURLOPT_DNS_SHUFFLE_ADDRESSES, CURLOPTTYPE_LONG, 275), + + /* Specify which TLS 1.3 ciphers suites to use */ + CURLOPT(CURLOPT_TLS13_CIPHERS, CURLOPTTYPE_STRINGPOINT, 276), + CURLOPT(CURLOPT_PROXY_TLS13_CIPHERS, CURLOPTTYPE_STRINGPOINT, 277), + + /* Disallow specifying username/login in URL. */ + CURLOPT(CURLOPT_DISALLOW_USERNAME_IN_URL, CURLOPTTYPE_LONG, 278), + + /* DNS-over-HTTPS URL */ + CURLOPT(CURLOPT_DOH_URL, CURLOPTTYPE_STRINGPOINT, 279), + + /* Preferred buffer size to use for uploads */ + CURLOPT(CURLOPT_UPLOAD_BUFFERSIZE, CURLOPTTYPE_LONG, 280), + + /* Time in ms between connection upkeep calls for long-lived connections. */ + CURLOPT(CURLOPT_UPKEEP_INTERVAL_MS, CURLOPTTYPE_LONG, 281), + + /* Specify URL using CURL URL API. */ + CURLOPT(CURLOPT_CURLU, CURLOPTTYPE_OBJECTPOINT, 282), + + /* add trailing data just after no more data is available */ + CURLOPT(CURLOPT_TRAILERFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 283), + + /* pointer to be passed to HTTP_TRAILER_FUNCTION */ + CURLOPT(CURLOPT_TRAILERDATA, CURLOPTTYPE_CBPOINT, 284), + + /* set this to 1L to allow HTTP/0.9 responses or 0L to disallow */ + CURLOPT(CURLOPT_HTTP09_ALLOWED, CURLOPTTYPE_LONG, 285), + + /* alt-svc control bitmask */ + CURLOPT(CURLOPT_ALTSVC_CTRL, CURLOPTTYPE_LONG, 286), + + /* alt-svc cache filename to possibly read from/write to */ + CURLOPT(CURLOPT_ALTSVC, CURLOPTTYPE_STRINGPOINT, 287), + + /* maximum age (idle time) of a connection to consider it for reuse + * (in seconds) */ + CURLOPT(CURLOPT_MAXAGE_CONN, CURLOPTTYPE_LONG, 288), + + /* SASL authorization identity */ + CURLOPT(CURLOPT_SASL_AUTHZID, CURLOPTTYPE_STRINGPOINT, 289), + + /* allow RCPT TO command to fail for some recipients */ + CURLOPT(CURLOPT_MAIL_RCPT_ALLOWFAILS, CURLOPTTYPE_LONG, 290), + + /* the private SSL-certificate as a "blob" */ + CURLOPT(CURLOPT_SSLCERT_BLOB, CURLOPTTYPE_BLOB, 291), + CURLOPT(CURLOPT_SSLKEY_BLOB, CURLOPTTYPE_BLOB, 292), + CURLOPT(CURLOPT_PROXY_SSLCERT_BLOB, CURLOPTTYPE_BLOB, 293), + CURLOPT(CURLOPT_PROXY_SSLKEY_BLOB, CURLOPTTYPE_BLOB, 294), + CURLOPT(CURLOPT_ISSUERCERT_BLOB, CURLOPTTYPE_BLOB, 295), + + /* Issuer certificate for proxy */ + CURLOPT(CURLOPT_PROXY_ISSUERCERT, CURLOPTTYPE_STRINGPOINT, 296), + CURLOPT(CURLOPT_PROXY_ISSUERCERT_BLOB, CURLOPTTYPE_BLOB, 297), + + /* the EC curves requested by the TLS client (RFC 8422, 5.1); + * OpenSSL support via 'set_groups'/'set_curves': + * https://docs.openssl.org/master/man3/SSL_CTX_set1_curves/ + */ + CURLOPT(CURLOPT_SSL_EC_CURVES, CURLOPTTYPE_STRINGPOINT, 298), + + /* HSTS bitmask */ + CURLOPT(CURLOPT_HSTS_CTRL, CURLOPTTYPE_LONG, 299), + /* HSTS filename */ + CURLOPT(CURLOPT_HSTS, CURLOPTTYPE_STRINGPOINT, 300), + + /* HSTS read callback */ + CURLOPT(CURLOPT_HSTSREADFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 301), + CURLOPT(CURLOPT_HSTSREADDATA, CURLOPTTYPE_CBPOINT, 302), + + /* HSTS write callback */ + CURLOPT(CURLOPT_HSTSWRITEFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 303), + CURLOPT(CURLOPT_HSTSWRITEDATA, CURLOPTTYPE_CBPOINT, 304), + + /* Parameters for V4 signature */ + CURLOPT(CURLOPT_AWS_SIGV4, CURLOPTTYPE_STRINGPOINT, 305), + + /* Same as CURLOPT_SSL_VERIFYPEER but for DoH (DNS-over-HTTPS) servers. */ + CURLOPT(CURLOPT_DOH_SSL_VERIFYPEER, CURLOPTTYPE_LONG, 306), + + /* Same as CURLOPT_SSL_VERIFYHOST but for DoH (DNS-over-HTTPS) servers. */ + CURLOPT(CURLOPT_DOH_SSL_VERIFYHOST, CURLOPTTYPE_LONG, 307), + + /* Same as CURLOPT_SSL_VERIFYSTATUS but for DoH (DNS-over-HTTPS) servers. */ + CURLOPT(CURLOPT_DOH_SSL_VERIFYSTATUS, CURLOPTTYPE_LONG, 308), + + /* The CA certificates as "blob" used to validate the peer certificate + this option is used only if SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_CAINFO_BLOB, CURLOPTTYPE_BLOB, 309), + + /* The CA certificates as "blob" used to validate the proxy certificate + this option is used only if PROXY_SSL_VERIFYPEER is true */ + CURLOPT(CURLOPT_PROXY_CAINFO_BLOB, CURLOPTTYPE_BLOB, 310), + + /* used by scp/sftp to verify the host's public key */ + CURLOPT(CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256, CURLOPTTYPE_STRINGPOINT, 311), + + /* Function that will be called immediately before the initial request + is made on a connection (after any protocol negotiation step). */ + CURLOPT(CURLOPT_PREREQFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 312), + + /* Data passed to the CURLOPT_PREREQFUNCTION callback */ + CURLOPT(CURLOPT_PREREQDATA, CURLOPTTYPE_CBPOINT, 313), + + /* maximum age (since creation) of a connection to consider it for reuse + * (in seconds) */ + CURLOPT(CURLOPT_MAXLIFETIME_CONN, CURLOPTTYPE_LONG, 314), + + /* Set MIME option flags. */ + CURLOPT(CURLOPT_MIME_OPTIONS, CURLOPTTYPE_LONG, 315), + + /* set the SSH host key callback, must point to a curl_sshkeycallback + function */ + CURLOPT(CURLOPT_SSH_HOSTKEYFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 316), + + /* set the SSH host key callback custom pointer */ + CURLOPT(CURLOPT_SSH_HOSTKEYDATA, CURLOPTTYPE_CBPOINT, 317), + + /* specify which protocols that are allowed to be used for the transfer, + which thus helps the app which takes URLs from users or other external + inputs and want to restrict what protocol(s) to deal with. Defaults to + all built-in protocols. */ + CURLOPT(CURLOPT_PROTOCOLS_STR, CURLOPTTYPE_STRINGPOINT, 318), + + /* specify which protocols that libcurl is allowed to follow directs to */ + CURLOPT(CURLOPT_REDIR_PROTOCOLS_STR, CURLOPTTYPE_STRINGPOINT, 319), + + /* WebSockets options */ + CURLOPT(CURLOPT_WS_OPTIONS, CURLOPTTYPE_LONG, 320), + + /* CA cache timeout */ + CURLOPT(CURLOPT_CA_CACHE_TIMEOUT, CURLOPTTYPE_LONG, 321), + + /* Can leak things, gonna exit() soon */ + CURLOPT(CURLOPT_QUICK_EXIT, CURLOPTTYPE_LONG, 322), + + /* set a specific client IP for HAProxy PROXY protocol header? */ + CURLOPT(CURLOPT_HAPROXY_CLIENT_IP, CURLOPTTYPE_STRINGPOINT, 323), + + /* millisecond version */ + CURLOPT(CURLOPT_SERVER_RESPONSE_TIMEOUT_MS, CURLOPTTYPE_LONG, 324), + + /* set ECH configuration */ + CURLOPT(CURLOPT_ECH, CURLOPTTYPE_STRINGPOINT, 325), + + /* maximum number of keepalive probes (Linux, *BSD, macOS, etc.) */ + CURLOPT(CURLOPT_TCP_KEEPCNT, CURLOPTTYPE_LONG, 326), + + CURLOPT(CURLOPT_UPLOAD_FLAGS, CURLOPTTYPE_LONG, 327), + + /* set TLS supported signature algorithms */ + CURLOPT(CURLOPT_SSL_SIGNATURE_ALGORITHMS, CURLOPTTYPE_STRINGPOINT, 328), + + CURLOPT_LASTENTRY /* the last unused */ +} CURLoption; + +#ifndef CURL_NO_OLDIES /* define this to test if your app builds with all + the obsolete stuff removed! */ + +/* Backwards compatibility with older names */ +/* These are scheduled to disappear by 2011 */ + +/* This was added in version 7.19.1 */ +#define CURLOPT_POST301 CURLOPT_POSTREDIR + +/* These are scheduled to disappear by 2009 */ + +/* The following were added in 7.17.0 */ +#define CURLOPT_SSLKEYPASSWD CURLOPT_KEYPASSWD +#define CURLOPT_FTPAPPEND CURLOPT_APPEND +#define CURLOPT_FTPLISTONLY CURLOPT_DIRLISTONLY +#define CURLOPT_FTP_SSL CURLOPT_USE_SSL + +/* The following were added earlier */ + +#define CURLOPT_SSLCERTPASSWD CURLOPT_KEYPASSWD +#define CURLOPT_KRB4LEVEL CURLOPT_KRBLEVEL + +/* */ +#define CURLOPT_FTP_RESPONSE_TIMEOUT CURLOPT_SERVER_RESPONSE_TIMEOUT + +/* Added in 8.2.0 */ +#define CURLOPT_MAIL_RCPT_ALLLOWFAILS CURLOPT_MAIL_RCPT_ALLOWFAILS + +#else +/* This is set if CURL_NO_OLDIES is defined at compile-time */ +#undef CURLOPT_DNS_USE_GLOBAL_CACHE /* soon obsolete */ +#endif + + + /* Below here follows defines for the CURLOPT_IPRESOLVE option. If a host + name resolves addresses using more than one IP protocol version, this + option might be handy to force libcurl to use a specific IP version. */ +#define CURL_IPRESOLVE_WHATEVER 0L /* default, uses addresses to all IP + versions that your system allows */ +#define CURL_IPRESOLVE_V4 1L /* uses only IPv4 addresses/connections */ +#define CURL_IPRESOLVE_V6 2L /* uses only IPv6 addresses/connections */ + + /* Convenient "aliases" */ +#define CURLOPT_RTSPHEADER CURLOPT_HTTPHEADER + +/* These constants are for use with the CURLOPT_HTTP_VERSION option. */ +#define CURL_HTTP_VERSION_NONE 0L /* setting this means we do not care, and + that we would like the library to choose + the best possible for us! */ +#define CURL_HTTP_VERSION_1_0 1L /* please use HTTP 1.0 in the request */ +#define CURL_HTTP_VERSION_1_1 2L /* please use HTTP 1.1 in the request */ +#define CURL_HTTP_VERSION_2_0 3L /* please use HTTP 2 in the request */ +#define CURL_HTTP_VERSION_2TLS 4L /* use version 2 for HTTPS, version 1.1 for + HTTP */ +#define CURL_HTTP_VERSION_2_PRIOR_KNOWLEDGE 5L /* please use HTTP 2 without + HTTP/1.1 Upgrade */ +#define CURL_HTTP_VERSION_3 30L /* Use HTTP/3, fallback to HTTP/2 or + HTTP/1 if needed. For HTTPS only. For + HTTP, this option makes libcurl + return error. */ +#define CURL_HTTP_VERSION_3ONLY 31L /* Use HTTP/3 without fallback. For + HTTPS only. For HTTP, this makes + libcurl return error. */ +#define CURL_HTTP_VERSION_LAST 32L /* *ILLEGAL* http version */ + +/* Convenience definition simple because the name of the version is HTTP/2 and + not 2.0. The 2_0 version of the enum name was set while the version was + still planned to be 2.0 and we stick to it for compatibility. */ +#define CURL_HTTP_VERSION_2 CURL_HTTP_VERSION_2_0 + +/* + * Public API enums for RTSP requests + */ + +#define CURL_RTSPREQ_NONE 0L +#define CURL_RTSPREQ_OPTIONS 1L +#define CURL_RTSPREQ_DESCRIBE 2L +#define CURL_RTSPREQ_ANNOUNCE 3L +#define CURL_RTSPREQ_SETUP 4L +#define CURL_RTSPREQ_PLAY 5L +#define CURL_RTSPREQ_PAUSE 6L +#define CURL_RTSPREQ_TEARDOWN 7L +#define CURL_RTSPREQ_GET_PARAMETER 8L +#define CURL_RTSPREQ_SET_PARAMETER 9L +#define CURL_RTSPREQ_RECORD 10L +#define CURL_RTSPREQ_RECEIVE 11L +#define CURL_RTSPREQ_LAST 12L /* not used */ + + /* These enums are for use with the CURLOPT_NETRC option. */ +#define CURL_NETRC_IGNORED 0L /* The .netrc will never be read. + This is the default. */ +#define CURL_NETRC_OPTIONAL 1L /* A user:password in the URL will be preferred + to one in the .netrc. */ +#define CURL_NETRC_REQUIRED 2L /* A user:password in the URL will be ignored. + Unless one is set programmatically, the + .netrc will be queried. */ +enum CURL_NETRC_OPTION { + /* we set a single member here, just to make sure we still provide the enum, + but the values to use are defined above with L suffixes */ + CURL_NETRC_LAST = 3 +}; + +#define CURL_SSLVERSION_DEFAULT 0 +#define CURL_SSLVERSION_TLSv1 1 /* TLS 1.x */ +#define CURL_SSLVERSION_SSLv2 2 +#define CURL_SSLVERSION_SSLv3 3 +#define CURL_SSLVERSION_TLSv1_0 4 +#define CURL_SSLVERSION_TLSv1_1 5 +#define CURL_SSLVERSION_TLSv1_2 6 +#define CURL_SSLVERSION_TLSv1_3 7 + +#define CURL_SSLVERSION_LAST 8 /* never use, keep last */ + +#define CURL_SSLVERSION_MAX_NONE 0 +#define CURL_SSLVERSION_MAX_DEFAULT (CURL_SSLVERSION_TLSv1 << 16) +#define CURL_SSLVERSION_MAX_TLSv1_0 (CURL_SSLVERSION_TLSv1_0 << 16) +#define CURL_SSLVERSION_MAX_TLSv1_1 (CURL_SSLVERSION_TLSv1_1 << 16) +#define CURL_SSLVERSION_MAX_TLSv1_2 (CURL_SSLVERSION_TLSv1_2 << 16) +#define CURL_SSLVERSION_MAX_TLSv1_3 (CURL_SSLVERSION_TLSv1_3 << 16) + + /* never use, keep last */ +#define CURL_SSLVERSION_MAX_LAST (CURL_SSLVERSION_LAST << 16) + +#define CURL_TLSAUTH_NONE 0L +#define CURL_TLSAUTH_SRP 1L + +enum CURL_TLSAUTH { + /* we set a single member here, just to make sure we still provide the enum, + but the values to use are defined above with L suffixes */ + CURL_TLSAUTH_LAST = 2 +}; + +/* symbols to use with CURLOPT_POSTREDIR. + CURL_REDIR_POST_301, CURL_REDIR_POST_302 and CURL_REDIR_POST_303 + can be bitwise ORed so that CURL_REDIR_POST_301 | CURL_REDIR_POST_302 + | CURL_REDIR_POST_303 == CURL_REDIR_POST_ALL */ + +#define CURL_REDIR_GET_ALL 0 +#define CURL_REDIR_POST_301 1 +#define CURL_REDIR_POST_302 2 +#define CURL_REDIR_POST_303 4 +#define CURL_REDIR_POST_ALL \ + (CURL_REDIR_POST_301|CURL_REDIR_POST_302|CURL_REDIR_POST_303) + +#define CURL_TIMECOND_NONE 0L +#define CURL_TIMECOND_IFMODSINCE 1L +#define CURL_TIMECOND_IFUNMODSINCE 2L +#define CURL_TIMECOND_LASTMOD 3L + +typedef enum { + /* we set a single member here, just to make sure we still provide + the enum typedef, but the values to use are defined above with L + suffixes */ + CURL_TIMECOND_LAST = 4 +} curl_TimeCond; + +/* Special size_t value signaling a null-terminated string. */ +#define CURL_ZERO_TERMINATED ((size_t) -1) + +/* curl_strequal() and curl_strnequal() are subject for removal in a future + release */ +CURL_EXTERN int curl_strequal(const char *s1, const char *s2); +CURL_EXTERN int curl_strnequal(const char *s1, const char *s2, size_t n); + +/* Mime/form handling support. */ +typedef struct curl_mime curl_mime; /* Mime context. */ +typedef struct curl_mimepart curl_mimepart; /* Mime part context. */ + +/* CURLMIMEOPT_ defines are for the CURLOPT_MIME_OPTIONS option. */ +#define CURLMIMEOPT_FORMESCAPE (1<<0) /* Use backslash-escaping for forms. */ + +/* + * NAME curl_mime_init() + * + * DESCRIPTION + * + * Create a mime context and return its handle. The easy parameter is the + * target handle. + */ +CURL_EXTERN curl_mime *curl_mime_init(CURL *easy); + +/* + * NAME curl_mime_free() + * + * DESCRIPTION + * + * release a mime handle and its substructures. + */ +CURL_EXTERN void curl_mime_free(curl_mime *mime); + +/* + * NAME curl_mime_addpart() + * + * DESCRIPTION + * + * Append a new empty part to the given mime context and return a handle to + * the created part. + */ +CURL_EXTERN curl_mimepart *curl_mime_addpart(curl_mime *mime); + +/* + * NAME curl_mime_name() + * + * DESCRIPTION + * + * Set mime/form part name. + */ +CURL_EXTERN CURLcode curl_mime_name(curl_mimepart *part, const char *name); + +/* + * NAME curl_mime_filename() + * + * DESCRIPTION + * + * Set mime part remote filename. + */ +CURL_EXTERN CURLcode curl_mime_filename(curl_mimepart *part, + const char *filename); + +/* + * NAME curl_mime_type() + * + * DESCRIPTION + * + * Set mime part type. + */ +CURL_EXTERN CURLcode curl_mime_type(curl_mimepart *part, const char *mimetype); + +/* + * NAME curl_mime_encoder() + * + * DESCRIPTION + * + * Set mime data transfer encoder. + */ +CURL_EXTERN CURLcode curl_mime_encoder(curl_mimepart *part, + const char *encoding); + +/* + * NAME curl_mime_data() + * + * DESCRIPTION + * + * Set mime part data source from memory data, + */ +CURL_EXTERN CURLcode curl_mime_data(curl_mimepart *part, + const char *data, size_t datasize); + +/* + * NAME curl_mime_filedata() + * + * DESCRIPTION + * + * Set mime part data source from named file. + */ +CURL_EXTERN CURLcode curl_mime_filedata(curl_mimepart *part, + const char *filename); + +/* + * NAME curl_mime_data_cb() + * + * DESCRIPTION + * + * Set mime part data source from callback function. + */ +CURL_EXTERN CURLcode curl_mime_data_cb(curl_mimepart *part, + curl_off_t datasize, + curl_read_callback readfunc, + curl_seek_callback seekfunc, + curl_free_callback freefunc, + void *arg); + +/* + * NAME curl_mime_subparts() + * + * DESCRIPTION + * + * Set mime part data source from subparts. + */ +CURL_EXTERN CURLcode curl_mime_subparts(curl_mimepart *part, + curl_mime *subparts); +/* + * NAME curl_mime_headers() + * + * DESCRIPTION + * + * Set mime part headers. + */ +CURL_EXTERN CURLcode curl_mime_headers(curl_mimepart *part, + struct curl_slist *headers, + int take_ownership); + +typedef enum { + /********* the first one is unused ************/ + CURLFORM_NOTHING CURL_DEPRECATED(7.56.0, ""), + CURLFORM_COPYNAME CURL_DEPRECATED(7.56.0, "Use curl_mime_name()"), + CURLFORM_PTRNAME CURL_DEPRECATED(7.56.0, "Use curl_mime_name()"), + CURLFORM_NAMELENGTH CURL_DEPRECATED(7.56.0, ""), + CURLFORM_COPYCONTENTS CURL_DEPRECATED(7.56.0, "Use curl_mime_data()"), + CURLFORM_PTRCONTENTS CURL_DEPRECATED(7.56.0, "Use curl_mime_data()"), + CURLFORM_CONTENTSLENGTH CURL_DEPRECATED(7.56.0, "Use curl_mime_data()"), + CURLFORM_FILECONTENT CURL_DEPRECATED(7.56.0, "Use curl_mime_data_cb()"), + CURLFORM_ARRAY CURL_DEPRECATED(7.56.0, ""), + CURLFORM_OBSOLETE, + CURLFORM_FILE CURL_DEPRECATED(7.56.0, "Use curl_mime_filedata()"), + + CURLFORM_BUFFER CURL_DEPRECATED(7.56.0, "Use curl_mime_filename()"), + CURLFORM_BUFFERPTR CURL_DEPRECATED(7.56.0, "Use curl_mime_data()"), + CURLFORM_BUFFERLENGTH CURL_DEPRECATED(7.56.0, "Use curl_mime_data()"), + + CURLFORM_CONTENTTYPE CURL_DEPRECATED(7.56.0, "Use curl_mime_type()"), + CURLFORM_CONTENTHEADER CURL_DEPRECATED(7.56.0, "Use curl_mime_headers()"), + CURLFORM_FILENAME CURL_DEPRECATED(7.56.0, "Use curl_mime_filename()"), + CURLFORM_END, + CURLFORM_OBSOLETE2, + + CURLFORM_STREAM CURL_DEPRECATED(7.56.0, "Use curl_mime_data_cb()"), + CURLFORM_CONTENTLEN /* added in 7.46.0, provide a curl_off_t length */ + CURL_DEPRECATED(7.56.0, "Use curl_mime_data()"), + + CURLFORM_LASTENTRY /* the last unused */ +} CURLformoption; + +/* structure to be used as parameter for CURLFORM_ARRAY */ +struct curl_forms { + CURLformoption option; + const char *value; +}; + +/* use this for multipart formpost building */ +/* Returns code for curl_formadd() + * + * Returns: + * CURL_FORMADD_OK on success + * CURL_FORMADD_MEMORY if the FormInfo allocation fails + * CURL_FORMADD_OPTION_TWICE if one option is given twice for one Form + * CURL_FORMADD_NULL if a null pointer was given for a char + * CURL_FORMADD_MEMORY if the allocation of a FormInfo struct failed + * CURL_FORMADD_UNKNOWN_OPTION if an unknown option was used + * CURL_FORMADD_INCOMPLETE if the some FormInfo is not complete (or error) + * CURL_FORMADD_MEMORY if a curl_httppost struct cannot be allocated + * CURL_FORMADD_MEMORY if some allocation for string copying failed. + * CURL_FORMADD_ILLEGAL_ARRAY if an illegal option is used in an array + * + ***************************************************************************/ +typedef enum { + CURL_FORMADD_OK CURL_DEPRECATED(7.56.0, ""), /* 1st, no error */ + + CURL_FORMADD_MEMORY CURL_DEPRECATED(7.56.0, ""), + CURL_FORMADD_OPTION_TWICE CURL_DEPRECATED(7.56.0, ""), + CURL_FORMADD_NULL CURL_DEPRECATED(7.56.0, ""), + CURL_FORMADD_UNKNOWN_OPTION CURL_DEPRECATED(7.56.0, ""), + CURL_FORMADD_INCOMPLETE CURL_DEPRECATED(7.56.0, ""), + CURL_FORMADD_ILLEGAL_ARRAY CURL_DEPRECATED(7.56.0, ""), + /* libcurl was built with form api disabled */ + CURL_FORMADD_DISABLED CURL_DEPRECATED(7.56.0, ""), + + CURL_FORMADD_LAST /* last */ +} CURLFORMcode; + +/* + * NAME curl_formadd() + * + * DESCRIPTION + * + * Pretty advanced function for building multi-part formposts. Each invoke + * adds one part that together construct a full post. Then use + * CURLOPT_HTTPPOST to send it off to libcurl. + */ +CURL_EXTERN CURLFORMcode CURL_DEPRECATED(7.56.0, "Use curl_mime_init()") +curl_formadd(struct curl_httppost **httppost, + struct curl_httppost **last_post, + ...); + +/* + * callback function for curl_formget() + * The void *arg pointer will be the one passed as second argument to + * curl_formget(). + * The character buffer passed to it must not be freed. + * Should return the buffer length passed to it as the argument "len" on + * success. + */ +typedef size_t (*curl_formget_callback)(void *arg, const char *buf, + size_t len); + +/* + * NAME curl_formget() + * + * DESCRIPTION + * + * Serialize a curl_httppost struct built with curl_formadd(). + * Accepts a void pointer as second argument which will be passed to + * the curl_formget_callback function. + * Returns 0 on success. + */ +CURL_EXTERN int CURL_DEPRECATED(7.56.0, "") +curl_formget(struct curl_httppost *form, void *arg, + curl_formget_callback append); +/* + * NAME curl_formfree() + * + * DESCRIPTION + * + * Free a multipart formpost previously built with curl_formadd(). + */ +CURL_EXTERN void CURL_DEPRECATED(7.56.0, "Use curl_mime_free()") +curl_formfree(struct curl_httppost *form); + +/* + * NAME curl_getenv() + * + * DESCRIPTION + * + * Returns a malloc()'ed string that MUST be curl_free()ed after usage is + * complete. DEPRECATED - see lib/README.curlx + */ +CURL_EXTERN char *curl_getenv(const char *variable); + +/* + * NAME curl_version() + * + * DESCRIPTION + * + * Returns a static ASCII string of the libcurl version. + */ +CURL_EXTERN char *curl_version(void); + +/* + * NAME curl_easy_escape() + * + * DESCRIPTION + * + * Escapes URL strings (converts all letters consider illegal in URLs to their + * %XX versions). This function returns a new allocated string or NULL if an + * error occurred. + */ +CURL_EXTERN char *curl_easy_escape(CURL *handle, + const char *string, + int length); + +/* the previous version: */ +CURL_EXTERN char *curl_escape(const char *string, + int length); + + +/* + * NAME curl_easy_unescape() + * + * DESCRIPTION + * + * Unescapes URL encoding in strings (converts all %XX codes to their 8bit + * versions). This function returns a new allocated string or NULL if an error + * occurred. + * Conversion Note: On non-ASCII platforms the ASCII %XX codes are + * converted into the host encoding. + */ +CURL_EXTERN char *curl_easy_unescape(CURL *handle, + const char *string, + int length, + int *outlength); + +/* the previous version */ +CURL_EXTERN char *curl_unescape(const char *string, + int length); + +/* + * NAME curl_free() + * + * DESCRIPTION + * + * Provided for de-allocation in the same translation unit that did the + * allocation. Added in libcurl 7.10 + */ +CURL_EXTERN void curl_free(void *p); + +/* + * NAME curl_global_init() + * + * DESCRIPTION + * + * curl_global_init() should be invoked exactly once for each application that + * uses libcurl and before any call of other libcurl functions. + + * This function is thread-safe if CURL_VERSION_THREADSAFE is set in the + * curl_version_info_data.features flag (fetch by curl_version_info()). + + */ +CURL_EXTERN CURLcode curl_global_init(long flags); + +/* + * NAME curl_global_init_mem() + * + * DESCRIPTION + * + * curl_global_init() or curl_global_init_mem() should be invoked exactly once + * for each application that uses libcurl. This function can be used to + * initialize libcurl and set user defined memory management callback + * functions. Users can implement memory management routines to check for + * memory leaks, check for mis-use of the curl library etc. User registered + * callback routines will be invoked by this library instead of the system + * memory management routines like malloc, free etc. + */ +CURL_EXTERN CURLcode curl_global_init_mem(long flags, + curl_malloc_callback m, + curl_free_callback f, + curl_realloc_callback r, + curl_strdup_callback s, + curl_calloc_callback c); + +/* + * NAME curl_global_cleanup() + * + * DESCRIPTION + * + * curl_global_cleanup() should be invoked exactly once for each application + * that uses libcurl + */ +CURL_EXTERN void curl_global_cleanup(void); + +/* + * NAME curl_global_trace() + * + * DESCRIPTION + * + * curl_global_trace() can be invoked at application start to + * configure which components in curl should participate in tracing. + + * This function is thread-safe if CURL_VERSION_THREADSAFE is set in the + * curl_version_info_data.features flag (fetch by curl_version_info()). + + */ +CURL_EXTERN CURLcode curl_global_trace(const char *config); + +/* linked-list structure for the CURLOPT_QUOTE option (and other) */ +struct curl_slist { + char *data; + struct curl_slist *next; +}; + +/* + * NAME curl_global_sslset() + * + * DESCRIPTION + * + * When built with multiple SSL backends, curl_global_sslset() allows to + * choose one. This function can only be called once, and it must be called + * *before* curl_global_init(). + * + * The backend can be identified by the id (e.g. CURLSSLBACKEND_OPENSSL). The + * backend can also be specified via the name parameter (passing -1 as id). If + * both id and name are specified, the name will be ignored. If neither id nor + * name are specified, the function will fail with CURLSSLSET_UNKNOWN_BACKEND + * and set the "avail" pointer to the NULL-terminated list of available + * backends. + * + * Upon success, the function returns CURLSSLSET_OK. + * + * If the specified SSL backend is not available, the function returns + * CURLSSLSET_UNKNOWN_BACKEND and sets the "avail" pointer to a + * NULL-terminated list of available SSL backends. + * + * The SSL backend can be set only once. If it has already been set, a + * subsequent attempt to change it will result in a CURLSSLSET_TOO_LATE. + */ + +struct curl_ssl_backend { + curl_sslbackend id; + const char *name; +}; +typedef struct curl_ssl_backend curl_ssl_backend; + +typedef enum { + CURLSSLSET_OK = 0, + CURLSSLSET_UNKNOWN_BACKEND, + CURLSSLSET_TOO_LATE, + CURLSSLSET_NO_BACKENDS /* libcurl was built without any SSL support */ +} CURLsslset; + +CURL_EXTERN CURLsslset curl_global_sslset(curl_sslbackend id, const char *name, + const curl_ssl_backend ***avail); + +/* + * NAME curl_slist_append() + * + * DESCRIPTION + * + * Appends a string to a linked list. If no list exists, it will be created + * first. Returns the new list, after appending. + */ +CURL_EXTERN struct curl_slist *curl_slist_append(struct curl_slist *list, + const char *data); + +/* + * NAME curl_slist_free_all() + * + * DESCRIPTION + * + * free a previously built curl_slist. + */ +CURL_EXTERN void curl_slist_free_all(struct curl_slist *list); + +/* + * NAME curl_getdate() + * + * DESCRIPTION + * + * Returns the time, in seconds since 1 Jan 1970 of the time string given in + * the first argument. The time argument in the second parameter is unused + * and should be set to NULL. + */ +CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused); + +/* info about the certificate chain, for SSL backends that support it. Asked + for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ +struct curl_certinfo { + int num_of_certs; /* number of certificates with information */ + struct curl_slist **certinfo; /* for each index in this array, there is a + linked list with textual information for a + certificate in the format "name:content". + eg "Subject:foo", "Issuer:bar", etc. */ +}; + +/* Information about the SSL library used and the respective internal SSL + handle, which can be used to obtain further information regarding the + connection. Asked for with CURLINFO_TLS_SSL_PTR or CURLINFO_TLS_SESSION. */ +struct curl_tlssessioninfo { + curl_sslbackend backend; + void *internals; +}; + +#define CURLINFO_STRING 0x100000 +#define CURLINFO_LONG 0x200000 +#define CURLINFO_DOUBLE 0x300000 +#define CURLINFO_SLIST 0x400000 +#define CURLINFO_PTR 0x400000 /* same as SLIST */ +#define CURLINFO_SOCKET 0x500000 +#define CURLINFO_OFF_T 0x600000 +#define CURLINFO_MASK 0x0fffff +#define CURLINFO_TYPEMASK 0xf00000 + +typedef enum { + CURLINFO_NONE, /* first, never use this */ + CURLINFO_EFFECTIVE_URL = CURLINFO_STRING + 1, + CURLINFO_RESPONSE_CODE = CURLINFO_LONG + 2, + CURLINFO_TOTAL_TIME = CURLINFO_DOUBLE + 3, + CURLINFO_NAMELOOKUP_TIME = CURLINFO_DOUBLE + 4, + CURLINFO_CONNECT_TIME = CURLINFO_DOUBLE + 5, + CURLINFO_PRETRANSFER_TIME = CURLINFO_DOUBLE + 6, + CURLINFO_SIZE_UPLOAD CURL_DEPRECATED(7.55.0, "Use CURLINFO_SIZE_UPLOAD_T") + = CURLINFO_DOUBLE + 7, + CURLINFO_SIZE_UPLOAD_T = CURLINFO_OFF_T + 7, + CURLINFO_SIZE_DOWNLOAD + CURL_DEPRECATED(7.55.0, "Use CURLINFO_SIZE_DOWNLOAD_T") + = CURLINFO_DOUBLE + 8, + CURLINFO_SIZE_DOWNLOAD_T = CURLINFO_OFF_T + 8, + CURLINFO_SPEED_DOWNLOAD + CURL_DEPRECATED(7.55.0, "Use CURLINFO_SPEED_DOWNLOAD_T") + = CURLINFO_DOUBLE + 9, + CURLINFO_SPEED_DOWNLOAD_T = CURLINFO_OFF_T + 9, + CURLINFO_SPEED_UPLOAD + CURL_DEPRECATED(7.55.0, "Use CURLINFO_SPEED_UPLOAD_T") + = CURLINFO_DOUBLE + 10, + CURLINFO_SPEED_UPLOAD_T = CURLINFO_OFF_T + 10, + CURLINFO_HEADER_SIZE = CURLINFO_LONG + 11, + CURLINFO_REQUEST_SIZE = CURLINFO_LONG + 12, + CURLINFO_SSL_VERIFYRESULT = CURLINFO_LONG + 13, + CURLINFO_FILETIME = CURLINFO_LONG + 14, + CURLINFO_FILETIME_T = CURLINFO_OFF_T + 14, + CURLINFO_CONTENT_LENGTH_DOWNLOAD + CURL_DEPRECATED(7.55.0, + "Use CURLINFO_CONTENT_LENGTH_DOWNLOAD_T") + = CURLINFO_DOUBLE + 15, + CURLINFO_CONTENT_LENGTH_DOWNLOAD_T = CURLINFO_OFF_T + 15, + CURLINFO_CONTENT_LENGTH_UPLOAD + CURL_DEPRECATED(7.55.0, + "Use CURLINFO_CONTENT_LENGTH_UPLOAD_T") + = CURLINFO_DOUBLE + 16, + CURLINFO_CONTENT_LENGTH_UPLOAD_T = CURLINFO_OFF_T + 16, + CURLINFO_STARTTRANSFER_TIME = CURLINFO_DOUBLE + 17, + CURLINFO_CONTENT_TYPE = CURLINFO_STRING + 18, + CURLINFO_REDIRECT_TIME = CURLINFO_DOUBLE + 19, + CURLINFO_REDIRECT_COUNT = CURLINFO_LONG + 20, + CURLINFO_PRIVATE = CURLINFO_STRING + 21, + CURLINFO_HTTP_CONNECTCODE = CURLINFO_LONG + 22, + CURLINFO_HTTPAUTH_AVAIL = CURLINFO_LONG + 23, + CURLINFO_PROXYAUTH_AVAIL = CURLINFO_LONG + 24, + CURLINFO_OS_ERRNO = CURLINFO_LONG + 25, + CURLINFO_NUM_CONNECTS = CURLINFO_LONG + 26, + CURLINFO_SSL_ENGINES = CURLINFO_SLIST + 27, + CURLINFO_COOKIELIST = CURLINFO_SLIST + 28, + CURLINFO_LASTSOCKET CURL_DEPRECATED(7.45.0, "Use CURLINFO_ACTIVESOCKET") + = CURLINFO_LONG + 29, + CURLINFO_FTP_ENTRY_PATH = CURLINFO_STRING + 30, + CURLINFO_REDIRECT_URL = CURLINFO_STRING + 31, + CURLINFO_PRIMARY_IP = CURLINFO_STRING + 32, + CURLINFO_APPCONNECT_TIME = CURLINFO_DOUBLE + 33, + CURLINFO_CERTINFO = CURLINFO_PTR + 34, + CURLINFO_CONDITION_UNMET = CURLINFO_LONG + 35, + CURLINFO_RTSP_SESSION_ID = CURLINFO_STRING + 36, + CURLINFO_RTSP_CLIENT_CSEQ = CURLINFO_LONG + 37, + CURLINFO_RTSP_SERVER_CSEQ = CURLINFO_LONG + 38, + CURLINFO_RTSP_CSEQ_RECV = CURLINFO_LONG + 39, + CURLINFO_PRIMARY_PORT = CURLINFO_LONG + 40, + CURLINFO_LOCAL_IP = CURLINFO_STRING + 41, + CURLINFO_LOCAL_PORT = CURLINFO_LONG + 42, + CURLINFO_TLS_SESSION CURL_DEPRECATED(7.48.0, "Use CURLINFO_TLS_SSL_PTR") + = CURLINFO_PTR + 43, + CURLINFO_ACTIVESOCKET = CURLINFO_SOCKET + 44, + CURLINFO_TLS_SSL_PTR = CURLINFO_PTR + 45, + CURLINFO_HTTP_VERSION = CURLINFO_LONG + 46, + CURLINFO_PROXY_SSL_VERIFYRESULT = CURLINFO_LONG + 47, + CURLINFO_PROTOCOL CURL_DEPRECATED(7.85.0, "Use CURLINFO_SCHEME") + = CURLINFO_LONG + 48, + CURLINFO_SCHEME = CURLINFO_STRING + 49, + CURLINFO_TOTAL_TIME_T = CURLINFO_OFF_T + 50, + CURLINFO_NAMELOOKUP_TIME_T = CURLINFO_OFF_T + 51, + CURLINFO_CONNECT_TIME_T = CURLINFO_OFF_T + 52, + CURLINFO_PRETRANSFER_TIME_T = CURLINFO_OFF_T + 53, + CURLINFO_STARTTRANSFER_TIME_T = CURLINFO_OFF_T + 54, + CURLINFO_REDIRECT_TIME_T = CURLINFO_OFF_T + 55, + CURLINFO_APPCONNECT_TIME_T = CURLINFO_OFF_T + 56, + CURLINFO_RETRY_AFTER = CURLINFO_OFF_T + 57, + CURLINFO_EFFECTIVE_METHOD = CURLINFO_STRING + 58, + CURLINFO_PROXY_ERROR = CURLINFO_LONG + 59, + CURLINFO_REFERER = CURLINFO_STRING + 60, + CURLINFO_CAINFO = CURLINFO_STRING + 61, + CURLINFO_CAPATH = CURLINFO_STRING + 62, + CURLINFO_XFER_ID = CURLINFO_OFF_T + 63, + CURLINFO_CONN_ID = CURLINFO_OFF_T + 64, + CURLINFO_QUEUE_TIME_T = CURLINFO_OFF_T + 65, + CURLINFO_USED_PROXY = CURLINFO_LONG + 66, + CURLINFO_POSTTRANSFER_TIME_T = CURLINFO_OFF_T + 67, + CURLINFO_EARLYDATA_SENT_T = CURLINFO_OFF_T + 68, + CURLINFO_HTTPAUTH_USED = CURLINFO_LONG + 69, + CURLINFO_PROXYAUTH_USED = CURLINFO_LONG + 70, + CURLINFO_LASTONE = 70 +} CURLINFO; + +/* CURLINFO_RESPONSE_CODE is the new name for the option previously known as + CURLINFO_HTTP_CODE */ +#define CURLINFO_HTTP_CODE CURLINFO_RESPONSE_CODE + +typedef enum { + CURLCLOSEPOLICY_NONE, /* first, never use this */ + + CURLCLOSEPOLICY_OLDEST, + CURLCLOSEPOLICY_LEAST_RECENTLY_USED, + CURLCLOSEPOLICY_LEAST_TRAFFIC, + CURLCLOSEPOLICY_SLOWEST, + CURLCLOSEPOLICY_CALLBACK, + + CURLCLOSEPOLICY_LAST /* last, never use this */ +} curl_closepolicy; + +#define CURL_GLOBAL_SSL (1<<0) /* no purpose since 7.57.0 */ +#define CURL_GLOBAL_WIN32 (1<<1) +#define CURL_GLOBAL_ALL (CURL_GLOBAL_SSL|CURL_GLOBAL_WIN32) +#define CURL_GLOBAL_NOTHING 0 +#define CURL_GLOBAL_DEFAULT CURL_GLOBAL_ALL +#define CURL_GLOBAL_ACK_EINTR (1<<2) + + +/***************************************************************************** + * Setup defines, protos etc for the sharing stuff. + */ + +/* Different data locks for a single share */ +typedef enum { + CURL_LOCK_DATA_NONE = 0, + /* CURL_LOCK_DATA_SHARE is used internally to say that + * the locking is just made to change the internal state of the share + * itself. + */ + CURL_LOCK_DATA_SHARE, + CURL_LOCK_DATA_COOKIE, + CURL_LOCK_DATA_DNS, + CURL_LOCK_DATA_SSL_SESSION, + CURL_LOCK_DATA_CONNECT, + CURL_LOCK_DATA_PSL, + CURL_LOCK_DATA_HSTS, + CURL_LOCK_DATA_LAST +} curl_lock_data; + +/* Different lock access types */ +typedef enum { + CURL_LOCK_ACCESS_NONE = 0, /* unspecified action */ + CURL_LOCK_ACCESS_SHARED = 1, /* for read perhaps */ + CURL_LOCK_ACCESS_SINGLE = 2, /* for write perhaps */ + CURL_LOCK_ACCESS_LAST /* never use */ +} curl_lock_access; + +typedef void (*curl_lock_function)(CURL *handle, + curl_lock_data data, + curl_lock_access locktype, + void *userptr); +typedef void (*curl_unlock_function)(CURL *handle, + curl_lock_data data, + void *userptr); + + +typedef enum { + CURLSHE_OK, /* all is fine */ + CURLSHE_BAD_OPTION, /* 1 */ + CURLSHE_IN_USE, /* 2 */ + CURLSHE_INVALID, /* 3 */ + CURLSHE_NOMEM, /* 4 out of memory */ + CURLSHE_NOT_BUILT_IN, /* 5 feature not present in lib */ + CURLSHE_LAST /* never use */ +} CURLSHcode; + +typedef enum { + CURLSHOPT_NONE, /* do not use */ + CURLSHOPT_SHARE, /* specify a data type to share */ + CURLSHOPT_UNSHARE, /* specify which data type to stop sharing */ + CURLSHOPT_LOCKFUNC, /* pass in a 'curl_lock_function' pointer */ + CURLSHOPT_UNLOCKFUNC, /* pass in a 'curl_unlock_function' pointer */ + CURLSHOPT_USERDATA, /* pass in a user data pointer used in the lock/unlock + callback functions */ + CURLSHOPT_LAST /* never use */ +} CURLSHoption; + +CURL_EXTERN CURLSH *curl_share_init(void); +CURL_EXTERN CURLSHcode curl_share_setopt(CURLSH *share, CURLSHoption option, + ...); +CURL_EXTERN CURLSHcode curl_share_cleanup(CURLSH *share); + +/**************************************************************************** + * Structures for querying information about the curl library at runtime. + */ + +typedef enum { + CURLVERSION_FIRST, /* 7.10 */ + CURLVERSION_SECOND, /* 7.11.1 */ + CURLVERSION_THIRD, /* 7.12.0 */ + CURLVERSION_FOURTH, /* 7.16.1 */ + CURLVERSION_FIFTH, /* 7.57.0 */ + CURLVERSION_SIXTH, /* 7.66.0 */ + CURLVERSION_SEVENTH, /* 7.70.0 */ + CURLVERSION_EIGHTH, /* 7.72.0 */ + CURLVERSION_NINTH, /* 7.75.0 */ + CURLVERSION_TENTH, /* 7.77.0 */ + CURLVERSION_ELEVENTH, /* 7.87.0 */ + CURLVERSION_TWELFTH, /* 8.8.0 */ + CURLVERSION_LAST /* never actually use this */ +} CURLversion; + +/* The 'CURLVERSION_NOW' is the symbolic name meant to be used by + basically all programs ever that want to get version information. It is + meant to be a built-in version number for what kind of struct the caller + expects. If the struct ever changes, we redefine the NOW to another enum + from above. */ +#define CURLVERSION_NOW CURLVERSION_TWELFTH + +struct curl_version_info_data { + CURLversion age; /* age of the returned struct */ + const char *version; /* LIBCURL_VERSION */ + unsigned int version_num; /* LIBCURL_VERSION_NUM */ + const char *host; /* OS/host/cpu/machine when configured */ + int features; /* bitmask, see defines below */ + const char *ssl_version; /* human readable string */ + long ssl_version_num; /* not used anymore, always 0 */ + const char *libz_version; /* human readable string */ + /* protocols is terminated by an entry with a NULL protoname */ + const char * const *protocols; + + /* The fields below this were added in CURLVERSION_SECOND */ + const char *ares; + int ares_num; + + /* This field was added in CURLVERSION_THIRD */ + const char *libidn; + + /* These field were added in CURLVERSION_FOURTH */ + + /* Same as '_libiconv_version' if built with HAVE_ICONV */ + int iconv_ver_num; + + const char *libssh_version; /* human readable string */ + + /* These fields were added in CURLVERSION_FIFTH */ + unsigned int brotli_ver_num; /* Numeric Brotli version + (MAJOR << 24) | (MINOR << 12) | PATCH */ + const char *brotli_version; /* human readable string. */ + + /* These fields were added in CURLVERSION_SIXTH */ + unsigned int nghttp2_ver_num; /* Numeric nghttp2 version + (MAJOR << 16) | (MINOR << 8) | PATCH */ + const char *nghttp2_version; /* human readable string. */ + const char *quic_version; /* human readable quic (+ HTTP/3) library + + version or NULL */ + + /* These fields were added in CURLVERSION_SEVENTH */ + const char *cainfo; /* the built-in default CURLOPT_CAINFO, might + be NULL */ + const char *capath; /* the built-in default CURLOPT_CAPATH, might + be NULL */ + + /* These fields were added in CURLVERSION_EIGHTH */ + unsigned int zstd_ver_num; /* Numeric Zstd version + (MAJOR << 24) | (MINOR << 12) | PATCH */ + const char *zstd_version; /* human readable string. */ + + /* These fields were added in CURLVERSION_NINTH */ + const char *hyper_version; /* human readable string. */ + + /* These fields were added in CURLVERSION_TENTH */ + const char *gsasl_version; /* human readable string. */ + + /* These fields were added in CURLVERSION_ELEVENTH */ + /* feature_names is terminated by an entry with a NULL feature name */ + const char * const *feature_names; + + /* These fields were added in CURLVERSION_TWELFTH */ + const char *rtmp_version; /* human readable string. */ +}; +typedef struct curl_version_info_data curl_version_info_data; + +#define CURL_VERSION_IPV6 (1<<0) /* IPv6-enabled */ +#define CURL_VERSION_KERBEROS4 (1<<1) /* Kerberos V4 auth is supported + (deprecated) */ +#define CURL_VERSION_SSL (1<<2) /* SSL options are present */ +#define CURL_VERSION_LIBZ (1<<3) /* libz features are present */ +#define CURL_VERSION_NTLM (1<<4) /* NTLM auth is supported */ +#define CURL_VERSION_GSSNEGOTIATE (1<<5) /* Negotiate auth is supported + (deprecated) */ +#define CURL_VERSION_DEBUG (1<<6) /* Built with debug capabilities */ +#define CURL_VERSION_ASYNCHDNS (1<<7) /* Asynchronous DNS resolves */ +#define CURL_VERSION_SPNEGO (1<<8) /* SPNEGO auth is supported */ +#define CURL_VERSION_LARGEFILE (1<<9) /* Supports files larger than 2GB */ +#define CURL_VERSION_IDN (1<<10) /* Internationized Domain Names are + supported */ +#define CURL_VERSION_SSPI (1<<11) /* Built against Windows SSPI */ +#define CURL_VERSION_CONV (1<<12) /* Character conversions supported */ +#define CURL_VERSION_CURLDEBUG (1<<13) /* Debug memory tracking supported */ +#define CURL_VERSION_TLSAUTH_SRP (1<<14) /* TLS-SRP auth is supported */ +#define CURL_VERSION_NTLM_WB (1<<15) /* NTLM delegation to winbind helper + is supported */ +#define CURL_VERSION_HTTP2 (1<<16) /* HTTP2 support built-in */ +#define CURL_VERSION_GSSAPI (1<<17) /* Built against a GSS-API library */ +#define CURL_VERSION_KERBEROS5 (1<<18) /* Kerberos V5 auth is supported */ +#define CURL_VERSION_UNIX_SOCKETS (1<<19) /* Unix domain sockets support */ +#define CURL_VERSION_PSL (1<<20) /* Mozilla's Public Suffix List, used + for cookie domain verification */ +#define CURL_VERSION_HTTPS_PROXY (1<<21) /* HTTPS-proxy support built-in */ +#define CURL_VERSION_MULTI_SSL (1<<22) /* Multiple SSL backends available */ +#define CURL_VERSION_BROTLI (1<<23) /* Brotli features are present. */ +#define CURL_VERSION_ALTSVC (1<<24) /* Alt-Svc handling built-in */ +#define CURL_VERSION_HTTP3 (1<<25) /* HTTP3 support built-in */ +#define CURL_VERSION_ZSTD (1<<26) /* zstd features are present */ +#define CURL_VERSION_UNICODE (1<<27) /* Unicode support on Windows */ +#define CURL_VERSION_HSTS (1<<28) /* HSTS is supported */ +#define CURL_VERSION_GSASL (1<<29) /* libgsasl is supported */ +#define CURL_VERSION_THREADSAFE (1<<30) /* libcurl API is thread-safe */ + +/* + * NAME curl_version_info() + * + * DESCRIPTION + * + * This function returns a pointer to a static copy of the version info + * struct. See above. + */ +CURL_EXTERN curl_version_info_data *curl_version_info(CURLversion); + +/* + * NAME curl_easy_strerror() + * + * DESCRIPTION + * + * The curl_easy_strerror function may be used to turn a CURLcode value + * into the equivalent human readable error string. This is useful + * for printing meaningful error messages. + */ +CURL_EXTERN const char *curl_easy_strerror(CURLcode); + +/* + * NAME curl_share_strerror() + * + * DESCRIPTION + * + * The curl_share_strerror function may be used to turn a CURLSHcode value + * into the equivalent human readable error string. This is useful + * for printing meaningful error messages. + */ +CURL_EXTERN const char *curl_share_strerror(CURLSHcode); + +/* + * NAME curl_easy_pause() + * + * DESCRIPTION + * + * The curl_easy_pause function pauses or unpauses transfers. Select the new + * state by setting the bitmask, use the convenience defines below. + * + */ +CURL_EXTERN CURLcode curl_easy_pause(CURL *handle, int bitmask); + +#define CURLPAUSE_RECV (1<<0) +#define CURLPAUSE_RECV_CONT (0) + +#define CURLPAUSE_SEND (1<<2) +#define CURLPAUSE_SEND_CONT (0) + +#define CURLPAUSE_ALL (CURLPAUSE_RECV|CURLPAUSE_SEND) +#define CURLPAUSE_CONT (CURLPAUSE_RECV_CONT|CURLPAUSE_SEND_CONT) + +/* + * NAME curl_easy_ssls_import() + * + * DESCRIPTION + * + * The curl_easy_ssls_import function adds a previously exported SSL session + * to the SSL session cache of the easy handle (or the underlying share). + */ +CURL_EXTERN CURLcode curl_easy_ssls_import(CURL *handle, + const char *session_key, + const unsigned char *shmac, + size_t shmac_len, + const unsigned char *sdata, + size_t sdata_len); + +/* This is the curl_ssls_export_cb callback prototype. It + * is passed to curl_easy_ssls_export() to extract SSL sessions/tickets. */ +typedef CURLcode curl_ssls_export_cb(CURL *handle, + void *userptr, + const char *session_key, + const unsigned char *shmac, + size_t shmac_len, + const unsigned char *sdata, + size_t sdata_len, + curl_off_t valid_until, + int ietf_tls_id, + const char *alpn, + size_t earlydata_max); + +/* + * NAME curl_easy_ssls_export() + * + * DESCRIPTION + * + * The curl_easy_ssls_export function iterates over all SSL sessions stored + * in the easy handle (or underlying share) and invokes the passed + * callback. + * + */ +CURL_EXTERN CURLcode curl_easy_ssls_export(CURL *handle, + curl_ssls_export_cb *export_fn, + void *userptr); + + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif + +/* unfortunately, the easy.h and multi.h include files need options and info + stuff before they can be included! */ +#include "easy.h" /* nothing in curl is fun without the easy stuff */ +#include "multi.h" +#include "urlapi.h" +#include "options.h" +#include "header.h" +#include "websockets.h" +#include "mprintf.h" + +/* the typechecker does not work in C++ (yet) */ +#if defined(__GNUC__) && defined(__GNUC_MINOR__) && \ + ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)) && \ + !defined(__cplusplus) && !defined(CURL_DISABLE_TYPECHECK) +#include "typecheck-gcc.h" +#else +#if defined(__STDC__) && (__STDC__ >= 1) +/* This preprocessor magic that replaces a call with the exact same call is + only done to make sure application authors pass exactly three arguments + to these functions. */ +#define curl_easy_setopt(handle,opt,param) curl_easy_setopt(handle,opt,param) +#define curl_easy_getinfo(handle,info,arg) curl_easy_getinfo(handle,info,arg) +#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param) +#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param) +#endif /* __STDC__ >= 1 */ +#endif /* gcc >= 4.3 && !__cplusplus && !CURL_DISABLE_TYPECHECK */ + +#endif /* CURLINC_CURL_H */ diff --git a/includes/curl/curl/curlver.h b/includes/curl/curl/curlver.h new file mode 100644 index 0000000..31b01b9 --- /dev/null +++ b/includes/curl/curl/curlver.h @@ -0,0 +1,79 @@ +#ifndef CURLINC_CURLVER_H +#define CURLINC_CURLVER_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +/* This header file contains nothing but libcurl version info, generated by + a script at release-time. This was made its own header file in 7.11.2 */ + +/* This is the global package copyright */ +#define LIBCURL_COPYRIGHT "Daniel Stenberg, ." + +/* This is the version number of the libcurl package from which this header + file origins: */ +#define LIBCURL_VERSION "8.15.0" + +/* The numeric version number is also available "in parts" by using these + defines: */ +#define LIBCURL_VERSION_MAJOR 8 +#define LIBCURL_VERSION_MINOR 15 +#define LIBCURL_VERSION_PATCH 0 + +/* This is the numeric version of the libcurl version number, meant for easier + parsing and comparisons by programs. The LIBCURL_VERSION_NUM define will + always follow this syntax: + + 0xXXYYZZ + + Where XX, YY and ZZ are the main version, release and patch numbers in + hexadecimal (using 8 bits each). All three numbers are always represented + using two digits. 1.2 would appear as "0x010200" while version 9.11.7 + appears as "0x090b07". + + This 6-digit (24 bits) hexadecimal number does not show pre-release number, + and it is always a greater number in a more recent release. It makes + comparisons with greater than and less than work. + + Note: This define is the full hex number and _does not_ use the + CURL_VERSION_BITS() macro since curl's own configure script greps for it + and needs it to contain the full number. +*/ +#define LIBCURL_VERSION_NUM 0x080f00 + +/* + * This is the date and time when the full source package was created. The + * timestamp is not stored in git, as the timestamp is properly set in the + * tarballs by the maketgz script. + * + * The format of the date follows this template: + * + * "2007-11-23" + */ +#define LIBCURL_TIMESTAMP "2025-07-16" + +#define CURL_VERSION_BITS(x,y,z) ((x)<<16|(y)<<8|(z)) +#define CURL_AT_LEAST_VERSION(x,y,z) \ + (LIBCURL_VERSION_NUM >= CURL_VERSION_BITS(x, y, z)) + +#endif /* CURLINC_CURLVER_H */ diff --git a/includes/curl/curl/easy.h b/includes/curl/curl/easy.h new file mode 100644 index 0000000..56f8060 --- /dev/null +++ b/includes/curl/curl/easy.h @@ -0,0 +1,125 @@ +#ifndef CURLINC_EASY_H +#define CURLINC_EASY_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +#ifdef __cplusplus +extern "C" { +#endif + +/* Flag bits in the curl_blob struct: */ +#define CURL_BLOB_COPY 1 /* tell libcurl to copy the data */ +#define CURL_BLOB_NOCOPY 0 /* tell libcurl to NOT copy the data */ + +struct curl_blob { + void *data; + size_t len; + unsigned int flags; /* bit 0 is defined, the rest are reserved and should be + left zeroes */ +}; + +CURL_EXTERN CURL *curl_easy_init(void); +CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...); +CURL_EXTERN CURLcode curl_easy_perform(CURL *curl); +CURL_EXTERN void curl_easy_cleanup(CURL *curl); + +/* + * NAME curl_easy_getinfo() + * + * DESCRIPTION + * + * Request internal information from the curl session with this function. + * The third argument MUST be pointing to the specific type of the used option + * which is documented in each manpage of the option. The data pointed to + * will be filled in accordingly and can be relied upon only if the function + * returns CURLE_OK. This function is intended to get used *AFTER* a performed + * transfer, all results from this function are undefined until the transfer + * is completed. + */ +CURL_EXTERN CURLcode curl_easy_getinfo(CURL *curl, CURLINFO info, ...); + + +/* + * NAME curl_easy_duphandle() + * + * DESCRIPTION + * + * Creates a new curl session handle with the same options set for the handle + * passed in. Duplicating a handle could only be a matter of cloning data and + * options, internal state info and things like persistent connections cannot + * be transferred. It is useful in multithreaded applications when you can run + * curl_easy_duphandle() for each new thread to avoid a series of identical + * curl_easy_setopt() invokes in every thread. + */ +CURL_EXTERN CURL *curl_easy_duphandle(CURL *curl); + +/* + * NAME curl_easy_reset() + * + * DESCRIPTION + * + * Re-initializes a curl handle to the default values. This puts back the + * handle to the same state as it was in when it was just created. + * + * It does keep: live connections, the Session ID cache, the DNS cache and the + * cookies. + */ +CURL_EXTERN void curl_easy_reset(CURL *curl); + +/* + * NAME curl_easy_recv() + * + * DESCRIPTION + * + * Receives data from the connected socket. Use after successful + * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. + */ +CURL_EXTERN CURLcode curl_easy_recv(CURL *curl, void *buffer, size_t buflen, + size_t *n); + +/* + * NAME curl_easy_send() + * + * DESCRIPTION + * + * Sends data over the connected socket. Use after successful + * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. + */ +CURL_EXTERN CURLcode curl_easy_send(CURL *curl, const void *buffer, + size_t buflen, size_t *n); + + +/* + * NAME curl_easy_upkeep() + * + * DESCRIPTION + * + * Performs connection upkeep for the given session handle. + */ +CURL_EXTERN CURLcode curl_easy_upkeep(CURL *curl); + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif + +#endif diff --git a/includes/curl/curl/header.h b/includes/curl/curl/header.h new file mode 100644 index 0000000..8df11e1 --- /dev/null +++ b/includes/curl/curl/header.h @@ -0,0 +1,74 @@ +#ifndef CURLINC_HEADER_H +#define CURLINC_HEADER_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#ifdef __cplusplus +extern "C" { +#endif + +struct curl_header { + char *name; /* this might not use the same case */ + char *value; + size_t amount; /* number of headers using this name */ + size_t index; /* ... of this instance, 0 or higher */ + unsigned int origin; /* see bits below */ + void *anchor; /* handle privately used by libcurl */ +}; + +/* 'origin' bits */ +#define CURLH_HEADER (1<<0) /* plain server header */ +#define CURLH_TRAILER (1<<1) /* trailers */ +#define CURLH_CONNECT (1<<2) /* CONNECT headers */ +#define CURLH_1XX (1<<3) /* 1xx headers */ +#define CURLH_PSEUDO (1<<4) /* pseudo headers */ + +typedef enum { + CURLHE_OK, + CURLHE_BADINDEX, /* header exists but not with this index */ + CURLHE_MISSING, /* no such header exists */ + CURLHE_NOHEADERS, /* no headers at all exist (yet) */ + CURLHE_NOREQUEST, /* no request with this number was used */ + CURLHE_OUT_OF_MEMORY, /* out of memory while processing */ + CURLHE_BAD_ARGUMENT, /* a function argument was not okay */ + CURLHE_NOT_BUILT_IN /* if API was disabled in the build */ +} CURLHcode; + +CURL_EXTERN CURLHcode curl_easy_header(CURL *easy, + const char *name, + size_t index, + unsigned int origin, + int request, + struct curl_header **hout); + +CURL_EXTERN struct curl_header *curl_easy_nextheader(CURL *easy, + unsigned int origin, + int request, + struct curl_header *prev); + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif + +#endif /* CURLINC_HEADER_H */ diff --git a/includes/curl/curl/mprintf.h b/includes/curl/curl/mprintf.h new file mode 100644 index 0000000..88059c8 --- /dev/null +++ b/includes/curl/curl/mprintf.h @@ -0,0 +1,85 @@ +#ifndef CURLINC_MPRINTF_H +#define CURLINC_MPRINTF_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#include +#include /* needed for FILE */ +#include "curl.h" /* for CURL_EXTERN */ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef CURL_TEMP_PRINTF +#if (defined(__GNUC__) || defined(__clang__) || \ + defined(__IAR_SYSTEMS_ICC__)) && \ + defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ + !defined(CURL_NO_FMT_CHECKS) +#if defined(__MINGW32__) && !defined(__clang__) +#if defined(__MINGW_PRINTF_FORMAT) /* mingw-w64 3.0.0+. Needs stdio.h. */ +#define CURL_TEMP_PRINTF(fmt, arg) \ + __attribute__((format(__MINGW_PRINTF_FORMAT, fmt, arg))) +#else +#define CURL_TEMP_PRINTF(fmt, arg) +#endif +#else +#define CURL_TEMP_PRINTF(fmt, arg) \ + __attribute__((format(printf, fmt, arg))) +#endif +#else +#define CURL_TEMP_PRINTF(fmt, arg) +#endif +#endif + +CURL_EXTERN int curl_mprintf(const char *format, ...) + CURL_TEMP_PRINTF(1, 2); +CURL_EXTERN int curl_mfprintf(FILE *fd, const char *format, ...) + CURL_TEMP_PRINTF(2, 3); +CURL_EXTERN int curl_msprintf(char *buffer, const char *format, ...) + CURL_TEMP_PRINTF(2, 3); +CURL_EXTERN int curl_msnprintf(char *buffer, size_t maxlength, + const char *format, ...) + CURL_TEMP_PRINTF(3, 4); +CURL_EXTERN int curl_mvprintf(const char *format, va_list args) + CURL_TEMP_PRINTF(1, 0); +CURL_EXTERN int curl_mvfprintf(FILE *fd, const char *format, va_list args) + CURL_TEMP_PRINTF(2, 0); +CURL_EXTERN int curl_mvsprintf(char *buffer, const char *format, va_list args) + CURL_TEMP_PRINTF(2, 0); +CURL_EXTERN int curl_mvsnprintf(char *buffer, size_t maxlength, + const char *format, va_list args) + CURL_TEMP_PRINTF(3, 0); +CURL_EXTERN char *curl_maprintf(const char *format, ...) + CURL_TEMP_PRINTF(1, 2); +CURL_EXTERN char *curl_mvaprintf(const char *format, va_list args) + CURL_TEMP_PRINTF(1, 0); + +#undef CURL_TEMP_PRINTF + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif + +#endif /* CURLINC_MPRINTF_H */ diff --git a/includes/curl/curl/multi.h b/includes/curl/curl/multi.h new file mode 100644 index 0000000..42469bb --- /dev/null +++ b/includes/curl/curl/multi.h @@ -0,0 +1,481 @@ +#ifndef CURLINC_MULTI_H +#define CURLINC_MULTI_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ +/* + This is an "external" header file. Do not give away any internals here! + + GOALS + + o Enable a "pull" interface. The application that uses libcurl decides where + and when to ask libcurl to get/send data. + + o Enable multiple simultaneous transfers in the same thread without making it + complicated for the application. + + o Enable the application to select() on its own file descriptors and curl's + file descriptors simultaneous easily. + +*/ + +/* + * This header file should not really need to include "curl.h" since curl.h + * itself includes this file and we expect user applications to do #include + * without the need for especially including multi.h. + * + * For some reason we added this include here at one point, and rather than to + * break existing (wrongly written) libcurl applications, we leave it as-is + * but with this warning attached. + */ +#include "curl.h" + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void CURLM; + +typedef enum { + CURLM_CALL_MULTI_PERFORM = -1, /* please call curl_multi_perform() or + curl_multi_socket*() soon */ + CURLM_OK, + CURLM_BAD_HANDLE, /* the passed-in handle is not a valid CURLM handle */ + CURLM_BAD_EASY_HANDLE, /* an easy handle was not good/valid */ + CURLM_OUT_OF_MEMORY, /* if you ever get this, you are in deep sh*t */ + CURLM_INTERNAL_ERROR, /* this is a libcurl bug */ + CURLM_BAD_SOCKET, /* the passed in socket argument did not match */ + CURLM_UNKNOWN_OPTION, /* curl_multi_setopt() with unsupported option */ + CURLM_ADDED_ALREADY, /* an easy handle already added to a multi handle was + attempted to get added - again */ + CURLM_RECURSIVE_API_CALL, /* an api function was called from inside a + callback */ + CURLM_WAKEUP_FAILURE, /* wakeup is unavailable or failed */ + CURLM_BAD_FUNCTION_ARGUMENT, /* function called with a bad parameter */ + CURLM_ABORTED_BY_CALLBACK, + CURLM_UNRECOVERABLE_POLL, + CURLM_LAST +} CURLMcode; + +/* just to make code nicer when using curl_multi_socket() you can now check + for CURLM_CALL_MULTI_SOCKET too in the same style it works for + curl_multi_perform() and CURLM_CALL_MULTI_PERFORM */ +#define CURLM_CALL_MULTI_SOCKET CURLM_CALL_MULTI_PERFORM + +/* bitmask bits for CURLMOPT_PIPELINING */ +#define CURLPIPE_NOTHING 0L +#define CURLPIPE_HTTP1 1L +#define CURLPIPE_MULTIPLEX 2L + +typedef enum { + CURLMSG_NONE, /* first, not used */ + CURLMSG_DONE, /* This easy handle has completed. 'result' contains + the CURLcode of the transfer */ + CURLMSG_LAST /* last, not used */ +} CURLMSG; + +struct CURLMsg { + CURLMSG msg; /* what this message means */ + CURL *easy_handle; /* the handle it concerns */ + union { + void *whatever; /* message-specific data */ + CURLcode result; /* return code for transfer */ + } data; +}; +typedef struct CURLMsg CURLMsg; + +/* Based on poll(2) structure and values. + * We do not use pollfd and POLL* constants explicitly + * to cover platforms without poll(). */ +#define CURL_WAIT_POLLIN 0x0001 +#define CURL_WAIT_POLLPRI 0x0002 +#define CURL_WAIT_POLLOUT 0x0004 + +struct curl_waitfd { + curl_socket_t fd; + short events; + short revents; +}; + +/* + * Name: curl_multi_init() + * + * Desc: initialize multi-style curl usage + * + * Returns: a new CURLM handle to use in all 'curl_multi' functions. + */ +CURL_EXTERN CURLM *curl_multi_init(void); + +/* + * Name: curl_multi_add_handle() + * + * Desc: add a standard curl handle to the multi stack + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_add_handle(CURLM *multi_handle, + CURL *curl_handle); + + /* + * Name: curl_multi_remove_handle() + * + * Desc: removes a curl handle from the multi stack again + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_remove_handle(CURLM *multi_handle, + CURL *curl_handle); + + /* + * Name: curl_multi_fdset() + * + * Desc: Ask curl for its fd_set sets. The app can use these to select() or + * poll() on. We want curl_multi_perform() called as soon as one of + * them are ready. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_fdset(CURLM *multi_handle, + fd_set *read_fd_set, + fd_set *write_fd_set, + fd_set *exc_fd_set, + int *max_fd); + +/* + * Name: curl_multi_wait() + * + * Desc: Poll on all fds within a CURLM set as well as any + * additional fds passed to the function. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle, + struct curl_waitfd extra_fds[], + unsigned int extra_nfds, + int timeout_ms, + int *ret); + +/* + * Name: curl_multi_poll() + * + * Desc: Poll on all fds within a CURLM set as well as any + * additional fds passed to the function. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_poll(CURLM *multi_handle, + struct curl_waitfd extra_fds[], + unsigned int extra_nfds, + int timeout_ms, + int *ret); + +/* + * Name: curl_multi_wakeup() + * + * Desc: wakes up a sleeping curl_multi_poll call. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_wakeup(CURLM *multi_handle); + + /* + * Name: curl_multi_perform() + * + * Desc: When the app thinks there is data available for curl it calls this + * function to read/write whatever there is right now. This returns + * as soon as the reads and writes are done. This function does not + * require that there actually is data available for reading or that + * data can be written, it can be called just in case. It returns + * the number of handles that still transfer data in the second + * argument's integer-pointer. + * + * Returns: CURLMcode type, general multi error code. *NOTE* that this only + * returns errors etc regarding the whole multi stack. There might + * still have occurred problems on individual transfers even when + * this returns OK. + */ +CURL_EXTERN CURLMcode curl_multi_perform(CURLM *multi_handle, + int *running_handles); + + /* + * Name: curl_multi_cleanup() + * + * Desc: Cleans up and removes a whole multi stack. It does not free or + * touch any individual easy handles in any way. We need to define + * in what state those handles will be if this function is called + * in the middle of a transfer. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_cleanup(CURLM *multi_handle); + +/* + * Name: curl_multi_info_read() + * + * Desc: Ask the multi handle if there is any messages/informationals from + * the individual transfers. Messages include informationals such as + * error code from the transfer or just the fact that a transfer is + * completed. More details on these should be written down as well. + * + * Repeated calls to this function will return a new struct each + * time, until a special "end of msgs" struct is returned as a signal + * that there is no more to get at this point. + * + * The data the returned pointer points to will not survive calling + * curl_multi_cleanup(). + * + * The 'CURLMsg' struct is meant to be simple and only contain basic + * information. If more involved information is wanted, we will + * provide the particular "transfer handle" in that struct and that + * should/could/would be used in subsequent curl_easy_getinfo() calls + * (or similar). The point being that we must never expose complex + * structs to applications, as then we will undoubtably get backwards + * compatibility problems in the future. + * + * Returns: A pointer to a filled-in struct, or NULL if it failed or ran out + * of structs. It also writes the number of messages left in the + * queue (after this read) in the integer the second argument points + * to. + */ +CURL_EXTERN CURLMsg *curl_multi_info_read(CURLM *multi_handle, + int *msgs_in_queue); + +/* + * Name: curl_multi_strerror() + * + * Desc: The curl_multi_strerror function may be used to turn a CURLMcode + * value into the equivalent human readable error string. This is + * useful for printing meaningful error messages. + * + * Returns: A pointer to a null-terminated error message. + */ +CURL_EXTERN const char *curl_multi_strerror(CURLMcode); + +/* + * Name: curl_multi_socket() and + * curl_multi_socket_all() + * + * Desc: An alternative version of curl_multi_perform() that allows the + * application to pass in one of the file descriptors that have been + * detected to have "action" on them and let libcurl perform. + * See manpage for details. + */ +#define CURL_POLL_NONE 0 +#define CURL_POLL_IN 1 +#define CURL_POLL_OUT 2 +#define CURL_POLL_INOUT 3 +#define CURL_POLL_REMOVE 4 + +#define CURL_SOCKET_TIMEOUT CURL_SOCKET_BAD + +#define CURL_CSELECT_IN 0x01 +#define CURL_CSELECT_OUT 0x02 +#define CURL_CSELECT_ERR 0x04 + +typedef int (*curl_socket_callback)(CURL *easy, /* easy handle */ + curl_socket_t s, /* socket */ + int what, /* see above */ + void *userp, /* private callback + pointer */ + void *socketp); /* private socket + pointer */ +/* + * Name: curl_multi_timer_callback + * + * Desc: Called by libcurl whenever the library detects a change in the + * maximum number of milliseconds the app is allowed to wait before + * curl_multi_socket() or curl_multi_perform() must be called + * (to allow libcurl's timed events to take place). + * + * Returns: The callback should return zero. + */ +typedef int (*curl_multi_timer_callback)(CURLM *multi, /* multi handle */ + long timeout_ms, /* see above */ + void *userp); /* private callback + pointer */ + +CURL_EXTERN CURLMcode CURL_DEPRECATED(7.19.5, "Use curl_multi_socket_action()") +curl_multi_socket(CURLM *multi_handle, curl_socket_t s, int *running_handles); + +CURL_EXTERN CURLMcode curl_multi_socket_action(CURLM *multi_handle, + curl_socket_t s, + int ev_bitmask, + int *running_handles); + +CURL_EXTERN CURLMcode CURL_DEPRECATED(7.19.5, "Use curl_multi_socket_action()") +curl_multi_socket_all(CURLM *multi_handle, int *running_handles); + +#ifndef CURL_ALLOW_OLD_MULTI_SOCKET +/* This macro below was added in 7.16.3 to push users who recompile to use + the new curl_multi_socket_action() instead of the old curl_multi_socket() +*/ +#define curl_multi_socket(x,y,z) curl_multi_socket_action(x,y,0,z) +#endif + +/* + * Name: curl_multi_timeout() + * + * Desc: Returns the maximum number of milliseconds the app is allowed to + * wait before curl_multi_socket() or curl_multi_perform() must be + * called (to allow libcurl's timed events to take place). + * + * Returns: CURLM error code. + */ +CURL_EXTERN CURLMcode curl_multi_timeout(CURLM *multi_handle, + long *milliseconds); + +typedef enum { + /* This is the socket callback function pointer */ + CURLOPT(CURLMOPT_SOCKETFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 1), + + /* This is the argument passed to the socket callback */ + CURLOPT(CURLMOPT_SOCKETDATA, CURLOPTTYPE_OBJECTPOINT, 2), + + /* set to 1 to enable pipelining for this multi handle */ + CURLOPT(CURLMOPT_PIPELINING, CURLOPTTYPE_LONG, 3), + + /* This is the timer callback function pointer */ + CURLOPT(CURLMOPT_TIMERFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 4), + + /* This is the argument passed to the timer callback */ + CURLOPT(CURLMOPT_TIMERDATA, CURLOPTTYPE_OBJECTPOINT, 5), + + /* maximum number of entries in the connection cache */ + CURLOPT(CURLMOPT_MAXCONNECTS, CURLOPTTYPE_LONG, 6), + + /* maximum number of (pipelining) connections to one host */ + CURLOPT(CURLMOPT_MAX_HOST_CONNECTIONS, CURLOPTTYPE_LONG, 7), + + /* maximum number of requests in a pipeline */ + CURLOPT(CURLMOPT_MAX_PIPELINE_LENGTH, CURLOPTTYPE_LONG, 8), + + /* a connection with a content-length longer than this + will not be considered for pipelining */ + CURLOPT(CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE, CURLOPTTYPE_OFF_T, 9), + + /* a connection with a chunk length longer than this + will not be considered for pipelining */ + CURLOPT(CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE, CURLOPTTYPE_OFF_T, 10), + + /* a list of site names(+port) that are blocked from pipelining */ + CURLOPT(CURLMOPT_PIPELINING_SITE_BL, CURLOPTTYPE_OBJECTPOINT, 11), + + /* a list of server types that are blocked from pipelining */ + CURLOPT(CURLMOPT_PIPELINING_SERVER_BL, CURLOPTTYPE_OBJECTPOINT, 12), + + /* maximum number of open connections in total */ + CURLOPT(CURLMOPT_MAX_TOTAL_CONNECTIONS, CURLOPTTYPE_LONG, 13), + + /* This is the server push callback function pointer */ + CURLOPT(CURLMOPT_PUSHFUNCTION, CURLOPTTYPE_FUNCTIONPOINT, 14), + + /* This is the argument passed to the server push callback */ + CURLOPT(CURLMOPT_PUSHDATA, CURLOPTTYPE_OBJECTPOINT, 15), + + /* maximum number of concurrent streams to support on a connection */ + CURLOPT(CURLMOPT_MAX_CONCURRENT_STREAMS, CURLOPTTYPE_LONG, 16), + + CURLMOPT_LASTENTRY /* the last unused */ +} CURLMoption; + + +/* + * Name: curl_multi_setopt() + * + * Desc: Sets options for the multi handle. + * + * Returns: CURLM error code. + */ +CURL_EXTERN CURLMcode curl_multi_setopt(CURLM *multi_handle, + CURLMoption option, ...); + + +/* + * Name: curl_multi_assign() + * + * Desc: This function sets an association in the multi handle between the + * given socket and a private pointer of the application. This is + * (only) useful for curl_multi_socket uses. + * + * Returns: CURLM error code. + */ +CURL_EXTERN CURLMcode curl_multi_assign(CURLM *multi_handle, + curl_socket_t sockfd, void *sockp); + +/* + * Name: curl_multi_get_handles() + * + * Desc: Returns an allocated array holding all handles currently added to + * the multi handle. Marks the final entry with a NULL pointer. If + * there is no easy handle added to the multi handle, this function + * returns an array with the first entry as a NULL pointer. + * + * Returns: NULL on failure, otherwise a CURL **array pointer + */ +CURL_EXTERN CURL **curl_multi_get_handles(CURLM *multi_handle); + +/* + * Name: curl_push_callback + * + * Desc: This callback gets called when a new stream is being pushed by the + * server. It approves or denies the new stream. It can also decide + * to completely fail the connection. + * + * Returns: CURL_PUSH_OK, CURL_PUSH_DENY or CURL_PUSH_ERROROUT + */ +#define CURL_PUSH_OK 0 +#define CURL_PUSH_DENY 1 +#define CURL_PUSH_ERROROUT 2 /* added in 7.72.0 */ + +struct curl_pushheaders; /* forward declaration only */ + +CURL_EXTERN char *curl_pushheader_bynum(struct curl_pushheaders *h, + size_t num); +CURL_EXTERN char *curl_pushheader_byname(struct curl_pushheaders *h, + const char *name); + +typedef int (*curl_push_callback)(CURL *parent, + CURL *easy, + size_t num_headers, + struct curl_pushheaders *headers, + void *userp); + +/* + * Name: curl_multi_waitfds() + * + * Desc: Ask curl for fds for polling. The app can use these to poll on. + * We want curl_multi_perform() called as soon as one of them are + * ready. Passing zero size allows to get just a number of fds. + * + * Returns: CURLMcode type, general multi error code. + */ +CURL_EXTERN CURLMcode curl_multi_waitfds(CURLM *multi, + struct curl_waitfd *ufds, + unsigned int size, + unsigned int *fd_count); + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif + +#endif diff --git a/includes/curl/curl/options.h b/includes/curl/curl/options.h new file mode 100644 index 0000000..1ed76a9 --- /dev/null +++ b/includes/curl/curl/options.h @@ -0,0 +1,70 @@ +#ifndef CURLINC_OPTIONS_H +#define CURLINC_OPTIONS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum { + CURLOT_LONG, /* long (a range of values) */ + CURLOT_VALUES, /* (a defined set or bitmask) */ + CURLOT_OFF_T, /* curl_off_t (a range of values) */ + CURLOT_OBJECT, /* pointer (void *) */ + CURLOT_STRING, /* (char * to null-terminated buffer) */ + CURLOT_SLIST, /* (struct curl_slist *) */ + CURLOT_CBPTR, /* (void * passed as-is to a callback) */ + CURLOT_BLOB, /* blob (struct curl_blob *) */ + CURLOT_FUNCTION /* function pointer */ +} curl_easytype; + +/* Flag bits */ + +/* "alias" means it is provided for old programs to remain functional, + we prefer another name */ +#define CURLOT_FLAG_ALIAS (1<<0) + +/* The CURLOPTTYPE_* id ranges can still be used to figure out what type/size + to use for curl_easy_setopt() for the given id */ +struct curl_easyoption { + const char *name; + CURLoption id; + curl_easytype type; + unsigned int flags; +}; + +CURL_EXTERN const struct curl_easyoption * +curl_easy_option_by_name(const char *name); + +CURL_EXTERN const struct curl_easyoption * +curl_easy_option_by_id(CURLoption id); + +CURL_EXTERN const struct curl_easyoption * +curl_easy_option_next(const struct curl_easyoption *prev); + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif +#endif /* CURLINC_OPTIONS_H */ diff --git a/includes/curl/curl/stdcheaders.h b/includes/curl/curl/stdcheaders.h new file mode 100644 index 0000000..7451aa3 --- /dev/null +++ b/includes/curl/curl/stdcheaders.h @@ -0,0 +1,35 @@ +#ifndef CURLINC_STDCHEADERS_H +#define CURLINC_STDCHEADERS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#include + +size_t fread(void *, size_t, size_t, FILE *); +size_t fwrite(const void *, size_t, size_t, FILE *); + +int strcasecmp(const char *, const char *); +int strncasecmp(const char *, const char *, size_t); + +#endif /* CURLINC_STDCHEADERS_H */ diff --git a/includes/curl/curl/system.h b/includes/curl/curl/system.h new file mode 100644 index 0000000..ebcdc5e --- /dev/null +++ b/includes/curl/curl/system.h @@ -0,0 +1,402 @@ +#ifndef CURLINC_SYSTEM_H +#define CURLINC_SYSTEM_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +/* + * Try to keep one section per platform, compiler and architecture, otherwise, + * if an existing section is reused for a different one and later on the + * original is adjusted, probably the piggybacking one can be adversely + * changed. + * + * In order to differentiate between platforms/compilers/architectures use + * only compiler built-in predefined preprocessor symbols. + * + * curl_off_t + * ---------- + * + * For any given platform/compiler curl_off_t MUST be typedef'ed to a 64-bit + * wide signed integral data type. The width of this data type must remain + * constant and independent of any possible large file support settings. + * + * As a general rule, curl_off_t shall not be mapped to off_t. This rule shall + * only be violated if off_t is the only 64-bit data type available and the + * size of off_t is independent of large file support settings. Keep your + * build on the safe side avoiding an off_t gating. If you have a 64-bit + * off_t then take for sure that another 64-bit data type exists, dig deeper + * and you will find it. + * + */ + +#ifdef __DJGPP__ +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T int + +#elif defined(__BORLANDC__) +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# define CURL_TYPEOF_CURL_SOCKLEN_T int + +#elif defined(__POCC__) +# if defined(_MSC_VER) +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# else +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T int + +#elif defined(__LCC__) +# if defined(__MCST__) /* MCST eLbrus Compiler Collection */ +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 +# else /* Local (or Little) C Compiler */ +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# endif + +#elif defined(macintosh) +# include +# if TYPE_LONGLONG +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# else +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int + +#elif defined(__TANDEM) +# if !defined(__LP64) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# else +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int +# endif + +#elif defined(UNDER_CE) +# if defined(__MINGW32CE__) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# else +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# endif + +#elif defined(__MINGW32__) +# include +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T PRId64 +# define CURL_FORMAT_CURL_OFF_TU PRIu64 +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +# define CURL_PULL_SYS_TYPES_H 1 + +#elif defined(__VMS) +# if defined(__VAX) +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# else +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T unsigned int + +#elif defined(__OS400__) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +#elif defined(__MVS__) +# if defined(_LONG_LONG) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# else /* _LP64 and default */ +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +#elif defined(__370__) +# if defined(__IBMC__) || defined(__IBMCPP__) +# if defined(_LONG_LONG) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# else /* _LP64 and default */ +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 +# endif + +#elif defined(TPF) +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_TYPEOF_CURL_SOCKLEN_T int + +#elif defined(__TINYC__) /* also known as tcc */ +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +#elif defined(__SUNPRO_C) || defined(__SUNPRO_CC) /* Oracle Solaris Studio */ +# if !defined(__LP64) && (defined(__ILP32) || \ + defined(__i386) || \ + defined(__sparcv8) || \ + defined(__sparcv8plus)) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# elif defined(__LP64) || \ + defined(__amd64) || defined(__sparcv9) +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +#elif defined(__xlc__) /* IBM xlc compiler */ +# if !defined(_LP64) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# else +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +#elif defined(__hpux) /* HP aCC compiler */ +# if !defined(_LP64) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# else +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +/* ===================================== */ +/* KEEP MSVC THE PENULTIMATE ENTRY */ +/* ===================================== */ + +#elif defined(_MSC_VER) +# if (_MSC_VER >= 1800) +# include +# define CURL_FORMAT_CURL_OFF_T PRId64 +# define CURL_FORMAT_CURL_OFF_TU PRIu64 +# else +# define CURL_FORMAT_CURL_OFF_T "I64d" +# define CURL_FORMAT_CURL_OFF_TU "I64u" +# endif +# define CURL_TYPEOF_CURL_OFF_T __int64 +# define CURL_SUFFIX_CURL_OFF_T i64 +# define CURL_SUFFIX_CURL_OFF_TU ui64 +# define CURL_TYPEOF_CURL_SOCKLEN_T int + +/* ===================================== */ +/* KEEP GENERIC GCC THE LAST ENTRY */ +/* ===================================== */ + +#elif defined(__GNUC__) && !defined(_SCO_DS) +# if !defined(__LP64__) && \ + (defined(__ILP32__) || defined(__i386__) || defined(__hppa__) || \ + defined(__ppc__) || defined(__powerpc__) || defined(__arm__) || \ + defined(__sparc__) || defined(__mips__) || defined(__sh__) || \ + defined(__XTENSA__) || \ + (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 4) || \ + (defined(__LONG_MAX__) && __LONG_MAX__ == 2147483647L)) +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_POPCOUNT64(x) __builtin_popcountll(x) +# define CURL_CTZ64(x) __builtin_ctzll(x) +# elif defined(__LP64__) || \ + defined(__x86_64__) || defined(__ppc64__) || defined(__sparc64__) || \ + defined(__e2k__) || \ + (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__ == 8) || \ + (defined(__LONG_MAX__) && __LONG_MAX__ == 9223372036854775807L) +# define CURL_TYPEOF_CURL_OFF_T long +# define CURL_FORMAT_CURL_OFF_T "ld" +# define CURL_FORMAT_CURL_OFF_TU "lu" +# define CURL_SUFFIX_CURL_OFF_T L +# define CURL_SUFFIX_CURL_OFF_TU UL +# define CURL_POPCOUNT64(x) __builtin_popcountl(x) +# define CURL_CTZ64(x) __builtin_ctzl(x) +# endif +# define CURL_TYPEOF_CURL_SOCKLEN_T socklen_t +# define CURL_PULL_SYS_TYPES_H 1 +# define CURL_PULL_SYS_SOCKET_H 1 + +#else +/* generic "safe guess" on old 32-bit style */ +# define CURL_TYPEOF_CURL_OFF_T long long +# define CURL_FORMAT_CURL_OFF_T "lld" +# define CURL_FORMAT_CURL_OFF_TU "llu" +# define CURL_SUFFIX_CURL_OFF_T LL +# define CURL_SUFFIX_CURL_OFF_TU ULL +# define CURL_TYPEOF_CURL_SOCKLEN_T int +#endif + +#ifdef _AIX +/* AIX needs */ +#define CURL_PULL_SYS_POLL_H +#endif + +/* CURL_PULL_SYS_TYPES_H is defined above when inclusion of header file */ +/* sys/types.h is required here to properly make type definitions below. */ +#ifdef CURL_PULL_SYS_TYPES_H +# include +#endif + +/* CURL_PULL_SYS_SOCKET_H is defined above when inclusion of header file */ +/* sys/socket.h is required here to properly make type definitions below. */ +#ifdef CURL_PULL_SYS_SOCKET_H +# include +#endif + +/* CURL_PULL_SYS_POLL_H is defined above when inclusion of header file */ +/* sys/poll.h is required here to properly make type definitions below. */ +#ifdef CURL_PULL_SYS_POLL_H +# include +#endif + +/* Data type definition of curl_socklen_t. */ +#ifdef CURL_TYPEOF_CURL_SOCKLEN_T + typedef CURL_TYPEOF_CURL_SOCKLEN_T curl_socklen_t; +#endif + +/* Data type definition of curl_off_t. */ + +#ifdef CURL_TYPEOF_CURL_OFF_T + typedef CURL_TYPEOF_CURL_OFF_T curl_off_t; +#endif + +#endif /* CURLINC_SYSTEM_H */ diff --git a/includes/curl/curl/typecheck-gcc.h b/includes/curl/curl/typecheck-gcc.h new file mode 100644 index 0000000..ca0c0ef --- /dev/null +++ b/includes/curl/curl/typecheck-gcc.h @@ -0,0 +1,867 @@ +#ifndef CURLINC_TYPECHECK_GCC_H +#define CURLINC_TYPECHECK_GCC_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +/* wraps curl_easy_setopt() with typechecking */ + +/* To add a new kind of warning, add an + * if(curlcheck_sometype_option(_curl_opt)) + * if(!curlcheck_sometype(value)) + * _curl_easy_setopt_err_sometype(); + * block and define curlcheck_sometype_option, curlcheck_sometype and + * _curl_easy_setopt_err_sometype below + * + * NOTE: We use two nested 'if' statements here instead of the && operator, in + * order to work around gcc bug #32061. It affects only gcc 4.3.x/4.4.x + * when compiling with -Wlogical-op. + * + * To add an option that uses the same type as an existing option, you will + * just need to extend the appropriate _curl_*_option macro + */ + +#define curl_easy_setopt(handle, option, value) \ + __extension__({ \ + if(__builtin_constant_p(option)) { \ + CURL_IGNORE_DEPRECATION( \ + if(curlcheck_long_option(option)) \ + if(!curlcheck_long(value)) \ + _curl_easy_setopt_err_long(); \ + if(curlcheck_off_t_option(option)) \ + if(!curlcheck_off_t(value)) \ + _curl_easy_setopt_err_curl_off_t(); \ + if(curlcheck_string_option(option)) \ + if(!curlcheck_string(value)) \ + _curl_easy_setopt_err_string(); \ + if((option) == CURLOPT_PRIVATE) { } \ + if(curlcheck_write_cb_option(option)) \ + if(!curlcheck_write_cb(value)) \ + _curl_easy_setopt_err_write_callback(); \ + if(curlcheck_curl_option(option)) \ + if(!curlcheck_curl(value)) \ + _curl_easy_setopt_err_curl(); \ + if((option) == CURLOPT_RESOLVER_START_FUNCTION) \ + if(!curlcheck_resolver_start_callback(value)) \ + _curl_easy_setopt_err_resolver_start_callback(); \ + if((option) == CURLOPT_READFUNCTION) \ + if(!curlcheck_read_cb(value)) \ + _curl_easy_setopt_err_read_cb(); \ + if((option) == CURLOPT_IOCTLFUNCTION) \ + if(!curlcheck_ioctl_cb(value)) \ + _curl_easy_setopt_err_ioctl_cb(); \ + if((option) == CURLOPT_SOCKOPTFUNCTION) \ + if(!curlcheck_sockopt_cb(value)) \ + _curl_easy_setopt_err_sockopt_cb(); \ + if((option) == CURLOPT_OPENSOCKETFUNCTION) \ + if(!curlcheck_opensocket_cb(value)) \ + _curl_easy_setopt_err_opensocket_cb(); \ + if((option) == CURLOPT_PROGRESSFUNCTION) \ + if(!curlcheck_progress_cb(value)) \ + _curl_easy_setopt_err_progress_cb(); \ + if((option) == CURLOPT_XFERINFOFUNCTION) \ + if(!curlcheck_xferinfo_cb(value)) \ + _curl_easy_setopt_err_xferinfo_cb(); \ + if((option) == CURLOPT_DEBUGFUNCTION) \ + if(!curlcheck_debug_cb(value)) \ + _curl_easy_setopt_err_debug_cb(); \ + if((option) == CURLOPT_SSL_CTX_FUNCTION) \ + if(!curlcheck_ssl_ctx_cb(value)) \ + _curl_easy_setopt_err_ssl_ctx_cb(); \ + if(curlcheck_conv_cb_option(option)) \ + if(!curlcheck_conv_cb(value)) \ + _curl_easy_setopt_err_conv_cb(); \ + if((option) == CURLOPT_SEEKFUNCTION) \ + if(!curlcheck_seek_cb(value)) \ + _curl_easy_setopt_err_seek_cb(); \ + if((option) == CURLOPT_CHUNK_BGN_FUNCTION) \ + if(!curlcheck_chunk_bgn_cb(value)) \ + _curl_easy_setopt_err_chunk_bgn_cb(); \ + if((option) == CURLOPT_CHUNK_END_FUNCTION) \ + if(!curlcheck_chunk_end_cb(value)) \ + _curl_easy_setopt_err_chunk_end_cb(); \ + if((option) == CURLOPT_CLOSESOCKETFUNCTION) \ + if(!curlcheck_close_socket_cb(value)) \ + _curl_easy_setopt_err_close_socket_cb(); \ + if((option) == CURLOPT_FNMATCH_FUNCTION) \ + if(!curlcheck_fnmatch_cb(value)) \ + _curl_easy_setopt_err_fnmatch_cb(); \ + if((option) == CURLOPT_HSTSREADFUNCTION) \ + if(!curlcheck_hstsread_cb(value)) \ + _curl_easy_setopt_err_hstsread_cb(); \ + if((option) == CURLOPT_HSTSWRITEFUNCTION) \ + if(!curlcheck_hstswrite_cb(value)) \ + _curl_easy_setopt_err_hstswrite_cb(); \ + if((option) == CURLOPT_SSH_HOSTKEYFUNCTION) \ + if(!curlcheck_ssh_hostkey_cb(value)) \ + _curl_easy_setopt_err_ssh_hostkey_cb(); \ + if((option) == CURLOPT_SSH_KEYFUNCTION) \ + if(!curlcheck_ssh_key_cb(value)) \ + _curl_easy_setopt_err_ssh_key_cb(); \ + if((option) == CURLOPT_INTERLEAVEFUNCTION) \ + if(!curlcheck_interleave_cb(value)) \ + _curl_easy_setopt_err_interleave_cb(); \ + if((option) == CURLOPT_PREREQFUNCTION) \ + if(!curlcheck_prereq_cb(value)) \ + _curl_easy_setopt_err_prereq_cb(); \ + if((option) == CURLOPT_TRAILERFUNCTION) \ + if(!curlcheck_trailer_cb(value)) \ + _curl_easy_setopt_err_trailer_cb(); \ + if(curlcheck_cb_data_option(option)) \ + if(!curlcheck_cb_data(value)) \ + _curl_easy_setopt_err_cb_data(); \ + if((option) == CURLOPT_ERRORBUFFER) \ + if(!curlcheck_error_buffer(value)) \ + _curl_easy_setopt_err_error_buffer(); \ + if((option) == CURLOPT_CURLU) \ + if(!curlcheck_ptr((value), CURLU)) \ + _curl_easy_setopt_err_curlu(); \ + if((option) == CURLOPT_STDERR) \ + if(!curlcheck_FILE(value)) \ + _curl_easy_setopt_err_FILE(); \ + if(curlcheck_postfields_option(option)) \ + if(!curlcheck_postfields(value)) \ + _curl_easy_setopt_err_postfields(); \ + if((option) == CURLOPT_HTTPPOST) \ + if(!curlcheck_arr((value), struct curl_httppost)) \ + _curl_easy_setopt_err_curl_httpost(); \ + if((option) == CURLOPT_MIMEPOST) \ + if(!curlcheck_ptr((value), curl_mime)) \ + _curl_easy_setopt_err_curl_mimepost(); \ + if(curlcheck_slist_option(option)) \ + if(!curlcheck_arr((value), struct curl_slist)) \ + _curl_easy_setopt_err_curl_slist(); \ + if((option) == CURLOPT_SHARE) \ + if(!curlcheck_ptr((value), CURLSH)) \ + _curl_easy_setopt_err_CURLSH(); \ + ) \ + } \ + curl_easy_setopt(handle, option, value); \ + }) + +/* wraps curl_easy_getinfo() with typechecking */ +#define curl_easy_getinfo(handle, info, arg) \ + __extension__({ \ + if(__builtin_constant_p(info)) { \ + CURL_IGNORE_DEPRECATION( \ + if(curlcheck_string_info(info)) \ + if(!curlcheck_arr((arg), char *)) \ + _curl_easy_getinfo_err_string(); \ + if(curlcheck_long_info(info)) \ + if(!curlcheck_arr((arg), long)) \ + _curl_easy_getinfo_err_long(); \ + if(curlcheck_double_info(info)) \ + if(!curlcheck_arr((arg), double)) \ + _curl_easy_getinfo_err_double(); \ + if(curlcheck_slist_info(info)) \ + if(!curlcheck_arr((arg), struct curl_slist *)) \ + _curl_easy_getinfo_err_curl_slist(); \ + if(curlcheck_tlssessioninfo_info(info)) \ + if(!curlcheck_arr((arg), struct curl_tlssessioninfo *)) \ + _curl_easy_getinfo_err_curl_tlssessioninfo(); \ + if(curlcheck_certinfo_info(info)) \ + if(!curlcheck_arr((arg), struct curl_certinfo *)) \ + _curl_easy_getinfo_err_curl_certinfo(); \ + if(curlcheck_socket_info(info)) \ + if(!curlcheck_arr((arg), curl_socket_t)) \ + _curl_easy_getinfo_err_curl_socket(); \ + if(curlcheck_off_t_info(info)) \ + if(!curlcheck_arr((arg), curl_off_t)) \ + _curl_easy_getinfo_err_curl_off_t(); \ + ) \ + } \ + curl_easy_getinfo(handle, info, arg); \ + }) + +/* + * For now, just make sure that the functions are called with three arguments + */ +#define curl_share_setopt(share,opt,param) curl_share_setopt(share,opt,param) +#define curl_multi_setopt(handle,opt,param) curl_multi_setopt(handle,opt,param) + +/* the actual warnings, triggered by calling the _curl_easy_setopt_err* + * functions */ + +/* To define a new warning, use _CURL_WARNING(identifier, "message") */ +#define CURLWARNING(id, message) \ + static void __attribute__((__warning__(message))) \ + __attribute__((__unused__)) __attribute__((__noinline__)) \ + id(void) { __asm__(""); } + +CURLWARNING(_curl_easy_setopt_err_long, + "curl_easy_setopt expects a long argument") +CURLWARNING(_curl_easy_setopt_err_curl_off_t, + "curl_easy_setopt expects a curl_off_t argument") +CURLWARNING(_curl_easy_setopt_err_string, + "curl_easy_setopt expects a " + "string ('char *' or char[]) argument") +CURLWARNING(_curl_easy_setopt_err_write_callback, + "curl_easy_setopt expects a curl_write_callback argument") +CURLWARNING(_curl_easy_setopt_err_resolver_start_callback, + "curl_easy_setopt expects a " + "curl_resolver_start_callback argument") +CURLWARNING(_curl_easy_setopt_err_read_cb, + "curl_easy_setopt expects a curl_read_callback argument") +CURLWARNING(_curl_easy_setopt_err_ioctl_cb, + "curl_easy_setopt expects a curl_ioctl_callback argument") +CURLWARNING(_curl_easy_setopt_err_sockopt_cb, + "curl_easy_setopt expects a curl_sockopt_callback argument") +CURLWARNING(_curl_easy_setopt_err_opensocket_cb, + "curl_easy_setopt expects a " + "curl_opensocket_callback argument") +CURLWARNING(_curl_easy_setopt_err_progress_cb, + "curl_easy_setopt expects a curl_progress_callback argument") +CURLWARNING(_curl_easy_setopt_err_xferinfo_cb, + "curl_easy_setopt expects a curl_xferinfo_callback argument") +CURLWARNING(_curl_easy_setopt_err_debug_cb, + "curl_easy_setopt expects a curl_debug_callback argument") +CURLWARNING(_curl_easy_setopt_err_ssl_ctx_cb, + "curl_easy_setopt expects a curl_ssl_ctx_callback argument") +CURLWARNING(_curl_easy_setopt_err_conv_cb, + "curl_easy_setopt expects a curl_conv_callback argument") +CURLWARNING(_curl_easy_setopt_err_seek_cb, + "curl_easy_setopt expects a curl_seek_callback argument") +CURLWARNING(_curl_easy_setopt_err_cb_data, + "curl_easy_setopt expects a " + "private data pointer as argument") +CURLWARNING(_curl_easy_setopt_err_chunk_bgn_cb, + "curl_easy_setopt expects a curl_chunk_bgn_callback argument") +CURLWARNING(_curl_easy_setopt_err_chunk_end_cb, + "curl_easy_setopt expects a curl_chunk_end_callback argument") +CURLWARNING(_curl_easy_setopt_err_close_socket_cb, + "curl_easy_setopt expects a curl_closesocket_callback argument") +CURLWARNING(_curl_easy_setopt_err_fnmatch_cb, + "curl_easy_setopt expects a curl_fnmatch_callback argument") +CURLWARNING(_curl_easy_setopt_err_hstsread_cb, + "curl_easy_setopt expects a curl_hstsread_callback argument") +CURLWARNING(_curl_easy_setopt_err_hstswrite_cb, + "curl_easy_setopt expects a curl_hstswrite_callback argument") +CURLWARNING(_curl_easy_setopt_err_ssh_key_cb, + "curl_easy_setopt expects a curl_sshkeycallback argument") +CURLWARNING(_curl_easy_setopt_err_ssh_hostkey_cb, + "curl_easy_setopt expects a curl_sshhostkeycallback argument") +CURLWARNING(_curl_easy_setopt_err_interleave_cb, + "curl_easy_setopt expects a curl_interleave_callback argument") +CURLWARNING(_curl_easy_setopt_err_prereq_cb, + "curl_easy_setopt expects a curl_prereq_callback argument") +CURLWARNING(_curl_easy_setopt_err_trailer_cb, + "curl_easy_setopt expects a curl_trailerfunc_ok argument") +CURLWARNING(_curl_easy_setopt_err_error_buffer, + "curl_easy_setopt expects a " + "char buffer of CURL_ERROR_SIZE as argument") +CURLWARNING(_curl_easy_setopt_err_curlu, + "curl_easy_setopt expects a 'CURLU *' argument") +CURLWARNING(_curl_easy_setopt_err_curl, + "curl_easy_setopt expects a 'CURL *' argument") +CURLWARNING(_curl_easy_setopt_err_FILE, + "curl_easy_setopt expects a 'FILE *' argument") +CURLWARNING(_curl_easy_setopt_err_postfields, + "curl_easy_setopt expects a 'void *' or 'char *' argument") +CURLWARNING(_curl_easy_setopt_err_curl_httpost, + "curl_easy_setopt expects a 'struct curl_httppost *' " + "argument") +CURLWARNING(_curl_easy_setopt_err_curl_mimepost, + "curl_easy_setopt expects a 'curl_mime *' " + "argument") +CURLWARNING(_curl_easy_setopt_err_curl_slist, + "curl_easy_setopt expects a 'struct curl_slist *' argument") +CURLWARNING(_curl_easy_setopt_err_CURLSH, + "curl_easy_setopt expects a CURLSH* argument") +CURLWARNING(_curl_easy_getinfo_err_string, + "curl_easy_getinfo expects a pointer to 'char *'") +CURLWARNING(_curl_easy_getinfo_err_long, + "curl_easy_getinfo expects a pointer to long") +CURLWARNING(_curl_easy_getinfo_err_double, + "curl_easy_getinfo expects a pointer to double") +CURLWARNING(_curl_easy_getinfo_err_curl_slist, + "curl_easy_getinfo expects a pointer to 'struct curl_slist *'") +CURLWARNING(_curl_easy_getinfo_err_curl_tlssessioninfo, + "curl_easy_getinfo expects a pointer to " + "'struct curl_tlssessioninfo *'") +CURLWARNING(_curl_easy_getinfo_err_curl_certinfo, + "curl_easy_getinfo expects a pointer to " + "'struct curl_certinfo *'") +CURLWARNING(_curl_easy_getinfo_err_curl_socket, + "curl_easy_getinfo expects a pointer to curl_socket_t") +CURLWARNING(_curl_easy_getinfo_err_curl_off_t, + "curl_easy_getinfo expects a pointer to curl_off_t") + +/* groups of curl_easy_setops options that take the same type of argument */ + +/* evaluates to true if option takes a long argument */ +#define curlcheck_long_option(option) \ + (0 < (option) && (option) < CURLOPTTYPE_OBJECTPOINT) + +#define curlcheck_off_t_option(option) \ + (((option) > CURLOPTTYPE_OFF_T) && ((option) < CURLOPTTYPE_BLOB)) + +/* option takes a CURL * argument */ +#define curlcheck_curl_option(option) \ + ((option) == CURLOPT_STREAM_DEPENDS || \ + (option) == CURLOPT_STREAM_DEPENDS_E || \ + 0) + +/* evaluates to true if option takes a char* argument */ +#define curlcheck_string_option(option) \ + ((option) == CURLOPT_ABSTRACT_UNIX_SOCKET || \ + (option) == CURLOPT_ACCEPT_ENCODING || \ + (option) == CURLOPT_ALTSVC || \ + (option) == CURLOPT_CAINFO || \ + (option) == CURLOPT_CAPATH || \ + (option) == CURLOPT_COOKIE || \ + (option) == CURLOPT_COOKIEFILE || \ + (option) == CURLOPT_COOKIEJAR || \ + (option) == CURLOPT_COOKIELIST || \ + (option) == CURLOPT_CRLFILE || \ + (option) == CURLOPT_CUSTOMREQUEST || \ + (option) == CURLOPT_DEFAULT_PROTOCOL || \ + (option) == CURLOPT_DNS_INTERFACE || \ + (option) == CURLOPT_DNS_LOCAL_IP4 || \ + (option) == CURLOPT_DNS_LOCAL_IP6 || \ + (option) == CURLOPT_DNS_SERVERS || \ + (option) == CURLOPT_DOH_URL || \ + (option) == CURLOPT_ECH || \ + (option) == CURLOPT_EGDSOCKET || \ + (option) == CURLOPT_FTP_ACCOUNT || \ + (option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \ + (option) == CURLOPT_FTPPORT || \ + (option) == CURLOPT_HAPROXY_CLIENT_IP || \ + (option) == CURLOPT_HSTS || \ + (option) == CURLOPT_INTERFACE || \ + (option) == CURLOPT_ISSUERCERT || \ + (option) == CURLOPT_KEYPASSWD || \ + (option) == CURLOPT_KRBLEVEL || \ + (option) == CURLOPT_LOGIN_OPTIONS || \ + (option) == CURLOPT_MAIL_AUTH || \ + (option) == CURLOPT_MAIL_FROM || \ + (option) == CURLOPT_NETRC_FILE || \ + (option) == CURLOPT_NOPROXY || \ + (option) == CURLOPT_PASSWORD || \ + (option) == CURLOPT_PINNEDPUBLICKEY || \ + (option) == CURLOPT_PRE_PROXY || \ + (option) == CURLOPT_PROTOCOLS_STR || \ + (option) == CURLOPT_PROXY || \ + (option) == CURLOPT_PROXY_CAINFO || \ + (option) == CURLOPT_PROXY_CAPATH || \ + (option) == CURLOPT_PROXY_CRLFILE || \ + (option) == CURLOPT_PROXY_ISSUERCERT || \ + (option) == CURLOPT_PROXY_KEYPASSWD || \ + (option) == CURLOPT_PROXY_PINNEDPUBLICKEY || \ + (option) == CURLOPT_PROXY_SERVICE_NAME || \ + (option) == CURLOPT_PROXY_SSL_CIPHER_LIST || \ + (option) == CURLOPT_PROXY_SSLCERT || \ + (option) == CURLOPT_PROXY_SSLCERTTYPE || \ + (option) == CURLOPT_PROXY_SSLKEY || \ + (option) == CURLOPT_PROXY_SSLKEYTYPE || \ + (option) == CURLOPT_PROXY_TLS13_CIPHERS || \ + (option) == CURLOPT_PROXY_TLSAUTH_PASSWORD || \ + (option) == CURLOPT_PROXY_TLSAUTH_TYPE || \ + (option) == CURLOPT_PROXY_TLSAUTH_USERNAME || \ + (option) == CURLOPT_PROXYPASSWORD || \ + (option) == CURLOPT_PROXYUSERNAME || \ + (option) == CURLOPT_PROXYUSERPWD || \ + (option) == CURLOPT_RANDOM_FILE || \ + (option) == CURLOPT_RANGE || \ + (option) == CURLOPT_REDIR_PROTOCOLS_STR || \ + (option) == CURLOPT_REFERER || \ + (option) == CURLOPT_REQUEST_TARGET || \ + (option) == CURLOPT_RTSP_SESSION_ID || \ + (option) == CURLOPT_RTSP_STREAM_URI || \ + (option) == CURLOPT_RTSP_TRANSPORT || \ + (option) == CURLOPT_SASL_AUTHZID || \ + (option) == CURLOPT_SERVICE_NAME || \ + (option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \ + (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \ + (option) == CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 || \ + (option) == CURLOPT_SSH_KNOWNHOSTS || \ + (option) == CURLOPT_SSH_PRIVATE_KEYFILE || \ + (option) == CURLOPT_SSH_PUBLIC_KEYFILE || \ + (option) == CURLOPT_SSLCERT || \ + (option) == CURLOPT_SSLCERTTYPE || \ + (option) == CURLOPT_SSLENGINE || \ + (option) == CURLOPT_SSLKEY || \ + (option) == CURLOPT_SSLKEYTYPE || \ + (option) == CURLOPT_SSL_CIPHER_LIST || \ + (option) == CURLOPT_SSL_EC_CURVES || \ + (option) == CURLOPT_SSL_SIGNATURE_ALGORITHMS || \ + (option) == CURLOPT_TLS13_CIPHERS || \ + (option) == CURLOPT_TLSAUTH_PASSWORD || \ + (option) == CURLOPT_TLSAUTH_TYPE || \ + (option) == CURLOPT_TLSAUTH_USERNAME || \ + (option) == CURLOPT_UNIX_SOCKET_PATH || \ + (option) == CURLOPT_URL || \ + (option) == CURLOPT_USERAGENT || \ + (option) == CURLOPT_USERNAME || \ + (option) == CURLOPT_AWS_SIGV4 || \ + (option) == CURLOPT_USERPWD || \ + (option) == CURLOPT_XOAUTH2_BEARER || \ + 0) + +/* evaluates to true if option takes a curl_write_callback argument */ +#define curlcheck_write_cb_option(option) \ + ((option) == CURLOPT_HEADERFUNCTION || \ + (option) == CURLOPT_WRITEFUNCTION) + +/* evaluates to true if option takes a curl_conv_callback argument */ +#define curlcheck_conv_cb_option(option) \ + ((option) == CURLOPT_CONV_TO_NETWORK_FUNCTION || \ + (option) == CURLOPT_CONV_FROM_NETWORK_FUNCTION || \ + (option) == CURLOPT_CONV_FROM_UTF8_FUNCTION) + +/* evaluates to true if option takes a data argument to pass to a callback */ +#define curlcheck_cb_data_option(option) \ + ((option) == CURLOPT_CHUNK_DATA || \ + (option) == CURLOPT_CLOSESOCKETDATA || \ + (option) == CURLOPT_DEBUGDATA || \ + (option) == CURLOPT_FNMATCH_DATA || \ + (option) == CURLOPT_HEADERDATA || \ + (option) == CURLOPT_HSTSREADDATA || \ + (option) == CURLOPT_HSTSWRITEDATA || \ + (option) == CURLOPT_INTERLEAVEDATA || \ + (option) == CURLOPT_IOCTLDATA || \ + (option) == CURLOPT_OPENSOCKETDATA || \ + (option) == CURLOPT_PREREQDATA || \ + (option) == CURLOPT_XFERINFODATA || \ + (option) == CURLOPT_READDATA || \ + (option) == CURLOPT_SEEKDATA || \ + (option) == CURLOPT_SOCKOPTDATA || \ + (option) == CURLOPT_SSH_KEYDATA || \ + (option) == CURLOPT_SSL_CTX_DATA || \ + (option) == CURLOPT_WRITEDATA || \ + (option) == CURLOPT_RESOLVER_START_DATA || \ + (option) == CURLOPT_TRAILERDATA || \ + (option) == CURLOPT_SSH_HOSTKEYDATA || \ + 0) + +/* evaluates to true if option takes a POST data argument (void* or char*) */ +#define curlcheck_postfields_option(option) \ + ((option) == CURLOPT_POSTFIELDS || \ + (option) == CURLOPT_COPYPOSTFIELDS || \ + 0) + +/* evaluates to true if option takes a struct curl_slist * argument */ +#define curlcheck_slist_option(option) \ + ((option) == CURLOPT_HTTP200ALIASES || \ + (option) == CURLOPT_HTTPHEADER || \ + (option) == CURLOPT_MAIL_RCPT || \ + (option) == CURLOPT_POSTQUOTE || \ + (option) == CURLOPT_PREQUOTE || \ + (option) == CURLOPT_PROXYHEADER || \ + (option) == CURLOPT_QUOTE || \ + (option) == CURLOPT_RESOLVE || \ + (option) == CURLOPT_TELNETOPTIONS || \ + (option) == CURLOPT_CONNECT_TO || \ + 0) + +/* groups of curl_easy_getinfo infos that take the same type of argument */ + +/* evaluates to true if info expects a pointer to char * argument */ +#define curlcheck_string_info(info) \ + (CURLINFO_STRING < (info) && (info) < CURLINFO_LONG && \ + (info) != CURLINFO_PRIVATE) + +/* evaluates to true if info expects a pointer to long argument */ +#define curlcheck_long_info(info) \ + (CURLINFO_LONG < (info) && (info) < CURLINFO_DOUBLE) + +/* evaluates to true if info expects a pointer to double argument */ +#define curlcheck_double_info(info) \ + (CURLINFO_DOUBLE < (info) && (info) < CURLINFO_SLIST) + +/* true if info expects a pointer to struct curl_slist * argument */ +#define curlcheck_slist_info(info) \ + (((info) == CURLINFO_SSL_ENGINES) || ((info) == CURLINFO_COOKIELIST)) + +/* true if info expects a pointer to struct curl_tlssessioninfo * argument */ +#define curlcheck_tlssessioninfo_info(info) \ + (((info) == CURLINFO_TLS_SSL_PTR) || ((info) == CURLINFO_TLS_SESSION)) + +/* true if info expects a pointer to struct curl_certinfo * argument */ +#define curlcheck_certinfo_info(info) ((info) == CURLINFO_CERTINFO) + +/* true if info expects a pointer to struct curl_socket_t argument */ +#define curlcheck_socket_info(info) \ + (CURLINFO_SOCKET < (info) && (info) < CURLINFO_OFF_T) + +/* true if info expects a pointer to curl_off_t argument */ +#define curlcheck_off_t_info(info) \ + (CURLINFO_OFF_T < (info)) + + +/* typecheck helpers -- check whether given expression has requested type */ + +/* For pointers, you can use the curlcheck_ptr/curlcheck_arr macros, + * otherwise define a new macro. Search for __builtin_types_compatible_p + * in the GCC manual. + * NOTE: these macros MUST NOT EVALUATE their arguments! The argument is + * the actual expression passed to the curl_easy_setopt macro. This + * means that you can only apply the sizeof and __typeof__ operators, no + * == or whatsoever. + */ + +/* XXX: should evaluate to true if expr is a pointer */ +#define curlcheck_any_ptr(expr) \ + (sizeof(expr) == sizeof(void *)) + +/* evaluates to true if expr is NULL */ +/* XXX: must not evaluate expr, so this check is not accurate */ +#define curlcheck_NULL(expr) \ + (__builtin_types_compatible_p(__typeof__(expr), __typeof__(NULL))) + +/* evaluates to true if expr is type*, const type* or NULL */ +#define curlcheck_ptr(expr, type) \ + (curlcheck_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), type *) || \ + __builtin_types_compatible_p(__typeof__(expr), const type *)) + +/* evaluates to true if expr is one of type[], type*, NULL or const type* */ +#define curlcheck_arr(expr, type) \ + (curlcheck_ptr((expr), type) || \ + __builtin_types_compatible_p(__typeof__(expr), type [])) + +/* evaluates to true if expr is a string */ +#define curlcheck_string(expr) \ + (curlcheck_arr((expr), char) || \ + curlcheck_arr((expr), signed char) || \ + curlcheck_arr((expr), unsigned char)) + +/* evaluates to true if expr is a CURL * */ +#define curlcheck_curl(expr) \ + (curlcheck_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), CURL *)) + + +/* evaluates to true if expr is a long (no matter the signedness) + * XXX: for now, int is also accepted (and therefore short and char, which + * are promoted to int when passed to a variadic function) */ +#define curlcheck_long(expr) \ + ( \ + ((sizeof(long) != sizeof(int)) && \ + (__builtin_types_compatible_p(__typeof__(expr), long) || \ + __builtin_types_compatible_p(__typeof__(expr), signed long) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned long))) \ + || \ + ((sizeof(long) == sizeof(int)) && \ + (__builtin_types_compatible_p(__typeof__(expr), long) || \ + __builtin_types_compatible_p(__typeof__(expr), signed long) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned long) || \ + __builtin_types_compatible_p(__typeof__(expr), int) || \ + __builtin_types_compatible_p(__typeof__(expr), signed int) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned int) || \ + __builtin_types_compatible_p(__typeof__(expr), short) || \ + __builtin_types_compatible_p(__typeof__(expr), signed short) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned short) || \ + __builtin_types_compatible_p(__typeof__(expr), char) || \ + __builtin_types_compatible_p(__typeof__(expr), signed char) || \ + __builtin_types_compatible_p(__typeof__(expr), unsigned char))) \ + ) + +/* evaluates to true if expr is of type curl_off_t */ +#define curlcheck_off_t(expr) \ + (__builtin_types_compatible_p(__typeof__(expr), curl_off_t)) + +/* evaluates to true if expr is abuffer suitable for CURLOPT_ERRORBUFFER */ +/* XXX: also check size of an char[] array? */ +#define curlcheck_error_buffer(expr) \ + (curlcheck_NULL(expr) || \ + __builtin_types_compatible_p(__typeof__(expr), char *) || \ + __builtin_types_compatible_p(__typeof__(expr), char[])) + +/* evaluates to true if expr is of type (const) void* or (const) FILE* */ +#if 0 +#define curlcheck_cb_data(expr) \ + (curlcheck_ptr((expr), void) || \ + curlcheck_ptr((expr), FILE)) +#else /* be less strict */ +#define curlcheck_cb_data(expr) \ + curlcheck_any_ptr(expr) +#endif + +/* evaluates to true if expr is of type FILE* */ +#define curlcheck_FILE(expr) \ + (curlcheck_NULL(expr) || \ + (__builtin_types_compatible_p(__typeof__(expr), FILE *))) + +/* evaluates to true if expr can be passed as POST data (void* or char*) */ +#define curlcheck_postfields(expr) \ + (curlcheck_ptr((expr), void) || \ + curlcheck_arr((expr), char) || \ + curlcheck_arr((expr), unsigned char)) + +/* helper: __builtin_types_compatible_p distinguishes between functions and + * function pointers, hide it */ +#define curlcheck_cb_compatible(func, type) \ + (__builtin_types_compatible_p(__typeof__(func), type) || \ + __builtin_types_compatible_p(__typeof__(func) *, type)) + +/* evaluates to true if expr is of type curl_resolver_start_callback */ +#define curlcheck_resolver_start_callback(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_resolver_start_callback)) + +/* evaluates to true if expr is of type curl_read_callback or "similar" */ +#define curlcheck_read_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), __typeof__(fread) *) || \ + curlcheck_cb_compatible((expr), curl_read_callback) || \ + curlcheck_cb_compatible((expr), _curl_read_callback1) || \ + curlcheck_cb_compatible((expr), _curl_read_callback2) || \ + curlcheck_cb_compatible((expr), _curl_read_callback3) || \ + curlcheck_cb_compatible((expr), _curl_read_callback4) || \ + curlcheck_cb_compatible((expr), _curl_read_callback5) || \ + curlcheck_cb_compatible((expr), _curl_read_callback6)) +typedef size_t (*_curl_read_callback1)(char *, size_t, size_t, void *); +typedef size_t (*_curl_read_callback2)(char *, size_t, size_t, const void *); +typedef size_t (*_curl_read_callback3)(char *, size_t, size_t, FILE *); +typedef size_t (*_curl_read_callback4)(void *, size_t, size_t, void *); +typedef size_t (*_curl_read_callback5)(void *, size_t, size_t, const void *); +typedef size_t (*_curl_read_callback6)(void *, size_t, size_t, FILE *); + +/* evaluates to true if expr is of type curl_write_callback or "similar" */ +#define curlcheck_write_cb(expr) \ + (curlcheck_read_cb(expr) || \ + curlcheck_cb_compatible((expr), __typeof__(fwrite) *) || \ + curlcheck_cb_compatible((expr), curl_write_callback) || \ + curlcheck_cb_compatible((expr), _curl_write_callback1) || \ + curlcheck_cb_compatible((expr), _curl_write_callback2) || \ + curlcheck_cb_compatible((expr), _curl_write_callback3) || \ + curlcheck_cb_compatible((expr), _curl_write_callback4) || \ + curlcheck_cb_compatible((expr), _curl_write_callback5) || \ + curlcheck_cb_compatible((expr), _curl_write_callback6)) +typedef size_t (*_curl_write_callback1)(const char *, size_t, size_t, void *); +typedef size_t (*_curl_write_callback2)(const char *, size_t, size_t, + const void *); +typedef size_t (*_curl_write_callback3)(const char *, size_t, size_t, FILE *); +typedef size_t (*_curl_write_callback4)(const void *, size_t, size_t, void *); +typedef size_t (*_curl_write_callback5)(const void *, size_t, size_t, + const void *); +typedef size_t (*_curl_write_callback6)(const void *, size_t, size_t, FILE *); + +/* evaluates to true if expr is of type curl_ioctl_callback or "similar" */ +#define curlcheck_ioctl_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_ioctl_callback) || \ + curlcheck_cb_compatible((expr), _curl_ioctl_callback1) || \ + curlcheck_cb_compatible((expr), _curl_ioctl_callback2) || \ + curlcheck_cb_compatible((expr), _curl_ioctl_callback3) || \ + curlcheck_cb_compatible((expr), _curl_ioctl_callback4)) +typedef curlioerr (*_curl_ioctl_callback1)(CURL *, int, void *); +typedef curlioerr (*_curl_ioctl_callback2)(CURL *, int, const void *); +typedef curlioerr (*_curl_ioctl_callback3)(CURL *, curliocmd, void *); +typedef curlioerr (*_curl_ioctl_callback4)(CURL *, curliocmd, const void *); + +/* evaluates to true if expr is of type curl_sockopt_callback or "similar" */ +#define curlcheck_sockopt_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_sockopt_callback) || \ + curlcheck_cb_compatible((expr), _curl_sockopt_callback1) || \ + curlcheck_cb_compatible((expr), _curl_sockopt_callback2)) +typedef int (*_curl_sockopt_callback1)(void *, curl_socket_t, curlsocktype); +typedef int (*_curl_sockopt_callback2)(const void *, curl_socket_t, + curlsocktype); + +/* evaluates to true if expr is of type curl_opensocket_callback or + "similar" */ +#define curlcheck_opensocket_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_opensocket_callback) || \ + curlcheck_cb_compatible((expr), _curl_opensocket_callback1) || \ + curlcheck_cb_compatible((expr), _curl_opensocket_callback2) || \ + curlcheck_cb_compatible((expr), _curl_opensocket_callback3) || \ + curlcheck_cb_compatible((expr), _curl_opensocket_callback4)) +typedef curl_socket_t (*_curl_opensocket_callback1) + (void *, curlsocktype, struct curl_sockaddr *); +typedef curl_socket_t (*_curl_opensocket_callback2) + (void *, curlsocktype, const struct curl_sockaddr *); +typedef curl_socket_t (*_curl_opensocket_callback3) + (const void *, curlsocktype, struct curl_sockaddr *); +typedef curl_socket_t (*_curl_opensocket_callback4) + (const void *, curlsocktype, const struct curl_sockaddr *); + +/* evaluates to true if expr is of type curl_progress_callback or "similar" */ +#define curlcheck_progress_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_progress_callback) || \ + curlcheck_cb_compatible((expr), _curl_progress_callback1) || \ + curlcheck_cb_compatible((expr), _curl_progress_callback2)) +typedef int (*_curl_progress_callback1)(void *, + double, double, double, double); +typedef int (*_curl_progress_callback2)(const void *, + double, double, double, double); + +/* evaluates to true if expr is of type curl_xferinfo_callback */ +#define curlcheck_xferinfo_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_xferinfo_callback)) + +/* evaluates to true if expr is of type curl_debug_callback or "similar" */ +#define curlcheck_debug_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_debug_callback) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback1) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback2) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback3) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback4) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback5) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback6) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback7) || \ + curlcheck_cb_compatible((expr), _curl_debug_callback8)) +typedef int (*_curl_debug_callback1) (CURL *, + curl_infotype, char *, size_t, void *); +typedef int (*_curl_debug_callback2) (CURL *, + curl_infotype, char *, size_t, const void *); +typedef int (*_curl_debug_callback3) (CURL *, + curl_infotype, const char *, size_t, void *); +typedef int (*_curl_debug_callback4) (CURL *, + curl_infotype, const char *, size_t, const void *); +typedef int (*_curl_debug_callback5) (CURL *, + curl_infotype, unsigned char *, size_t, void *); +typedef int (*_curl_debug_callback6) (CURL *, + curl_infotype, unsigned char *, size_t, const void *); +typedef int (*_curl_debug_callback7) (CURL *, + curl_infotype, const unsigned char *, size_t, void *); +typedef int (*_curl_debug_callback8) (CURL *, + curl_infotype, const unsigned char *, size_t, const void *); + +/* evaluates to true if expr is of type curl_ssl_ctx_callback or "similar" */ +/* this is getting even messier... */ +#define curlcheck_ssl_ctx_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_ssl_ctx_callback) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback1) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback2) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback3) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback4) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback5) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback6) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback7) || \ + curlcheck_cb_compatible((expr), _curl_ssl_ctx_callback8)) +typedef CURLcode (*_curl_ssl_ctx_callback1)(CURL *, void *, void *); +typedef CURLcode (*_curl_ssl_ctx_callback2)(CURL *, void *, const void *); +typedef CURLcode (*_curl_ssl_ctx_callback3)(CURL *, const void *, void *); +typedef CURLcode (*_curl_ssl_ctx_callback4)(CURL *, const void *, + const void *); +#ifdef HEADER_SSL_H +/* hack: if we included OpenSSL's ssl.h, we know about SSL_CTX + * this will of course break if we are included before OpenSSL headers... + */ +typedef CURLcode (*_curl_ssl_ctx_callback5)(CURL *, SSL_CTX *, void *); +typedef CURLcode (*_curl_ssl_ctx_callback6)(CURL *, SSL_CTX *, const void *); +typedef CURLcode (*_curl_ssl_ctx_callback7)(CURL *, const SSL_CTX *, void *); +typedef CURLcode (*_curl_ssl_ctx_callback8)(CURL *, const SSL_CTX *, + const void *); +#else +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback5; +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback6; +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback7; +typedef _curl_ssl_ctx_callback1 _curl_ssl_ctx_callback8; +#endif + +/* evaluates to true if expr is of type curl_conv_callback or "similar" */ +#define curlcheck_conv_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_conv_callback) || \ + curlcheck_cb_compatible((expr), _curl_conv_callback1) || \ + curlcheck_cb_compatible((expr), _curl_conv_callback2) || \ + curlcheck_cb_compatible((expr), _curl_conv_callback3) || \ + curlcheck_cb_compatible((expr), _curl_conv_callback4)) +typedef CURLcode (*_curl_conv_callback1)(char *, size_t length); +typedef CURLcode (*_curl_conv_callback2)(const char *, size_t length); +typedef CURLcode (*_curl_conv_callback3)(void *, size_t length); +typedef CURLcode (*_curl_conv_callback4)(const void *, size_t length); + +/* evaluates to true if expr is of type curl_seek_callback or "similar" */ +#define curlcheck_seek_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_seek_callback) || \ + curlcheck_cb_compatible((expr), _curl_seek_callback1) || \ + curlcheck_cb_compatible((expr), _curl_seek_callback2)) +typedef CURLcode (*_curl_seek_callback1)(void *, curl_off_t, int); +typedef CURLcode (*_curl_seek_callback2)(const void *, curl_off_t, int); + +/* evaluates to true if expr is of type curl_chunk_bgn_callback */ +#define curlcheck_chunk_bgn_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_chunk_bgn_callback) || \ + curlcheck_cb_compatible((expr), _curl_chunk_bgn_callback1) || \ + curlcheck_cb_compatible((expr), _curl_chunk_bgn_callback2)) +typedef long (*_curl_chunk_bgn_callback1)(struct curl_fileinfo *, + void *, int); +typedef long (*_curl_chunk_bgn_callback2)(void *, void *, int); + +/* evaluates to true if expr is of type curl_chunk_end_callback */ +#define curlcheck_chunk_end_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_chunk_end_callback)) + +/* evaluates to true if expr is of type curl_closesocket_callback */ +#define curlcheck_close_socket_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_closesocket_callback)) + +/* evaluates to true if expr is of type curl_fnmatch_callback */ +#define curlcheck_fnmatch_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_fnmatch_callback)) + +/* evaluates to true if expr is of type curl_hstsread_callback */ +#define curlcheck_hstsread_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_hstsread_callback)) + +/* evaluates to true if expr is of type curl_hstswrite_callback */ +#define curlcheck_hstswrite_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_hstswrite_callback)) + +/* evaluates to true if expr is of type curl_sshhostkeycallback */ +#define curlcheck_ssh_hostkey_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_sshhostkeycallback)) + +/* evaluates to true if expr is of type curl_sshkeycallback */ +#define curlcheck_ssh_key_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_sshkeycallback)) + +/* evaluates to true if expr is of type curl_interleave_callback */ +#define curlcheck_interleave_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), _curl_interleave_callback1) || \ + curlcheck_cb_compatible((expr), _curl_interleave_callback2)) +typedef size_t (*_curl_interleave_callback1)(void *p, size_t s, + size_t n, void *u); +typedef size_t (*_curl_interleave_callback2)(char *p, size_t s, + size_t n, void *u); + +/* evaluates to true if expr is of type curl_prereq_callback */ +#define curlcheck_prereq_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_prereq_callback)) + +/* evaluates to true if expr is of type curl_trailer_callback */ +#define curlcheck_trailer_cb(expr) \ + (curlcheck_NULL(expr) || \ + curlcheck_cb_compatible((expr), curl_trailer_callback)) + +#endif /* CURLINC_TYPECHECK_GCC_H */ diff --git a/includes/curl/curl/urlapi.h b/includes/curl/curl/urlapi.h new file mode 100644 index 0000000..b4a6e5d --- /dev/null +++ b/includes/curl/curl/urlapi.h @@ -0,0 +1,155 @@ +#ifndef CURLINC_URLAPI_H +#define CURLINC_URLAPI_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#include "curl.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* the error codes for the URL API */ +typedef enum { + CURLUE_OK, + CURLUE_BAD_HANDLE, /* 1 */ + CURLUE_BAD_PARTPOINTER, /* 2 */ + CURLUE_MALFORMED_INPUT, /* 3 */ + CURLUE_BAD_PORT_NUMBER, /* 4 */ + CURLUE_UNSUPPORTED_SCHEME, /* 5 */ + CURLUE_URLDECODE, /* 6 */ + CURLUE_OUT_OF_MEMORY, /* 7 */ + CURLUE_USER_NOT_ALLOWED, /* 8 */ + CURLUE_UNKNOWN_PART, /* 9 */ + CURLUE_NO_SCHEME, /* 10 */ + CURLUE_NO_USER, /* 11 */ + CURLUE_NO_PASSWORD, /* 12 */ + CURLUE_NO_OPTIONS, /* 13 */ + CURLUE_NO_HOST, /* 14 */ + CURLUE_NO_PORT, /* 15 */ + CURLUE_NO_QUERY, /* 16 */ + CURLUE_NO_FRAGMENT, /* 17 */ + CURLUE_NO_ZONEID, /* 18 */ + CURLUE_BAD_FILE_URL, /* 19 */ + CURLUE_BAD_FRAGMENT, /* 20 */ + CURLUE_BAD_HOSTNAME, /* 21 */ + CURLUE_BAD_IPV6, /* 22 */ + CURLUE_BAD_LOGIN, /* 23 */ + CURLUE_BAD_PASSWORD, /* 24 */ + CURLUE_BAD_PATH, /* 25 */ + CURLUE_BAD_QUERY, /* 26 */ + CURLUE_BAD_SCHEME, /* 27 */ + CURLUE_BAD_SLASHES, /* 28 */ + CURLUE_BAD_USER, /* 29 */ + CURLUE_LACKS_IDN, /* 30 */ + CURLUE_TOO_LARGE, /* 31 */ + CURLUE_LAST +} CURLUcode; + +typedef enum { + CURLUPART_URL, + CURLUPART_SCHEME, + CURLUPART_USER, + CURLUPART_PASSWORD, + CURLUPART_OPTIONS, + CURLUPART_HOST, + CURLUPART_PORT, + CURLUPART_PATH, + CURLUPART_QUERY, + CURLUPART_FRAGMENT, + CURLUPART_ZONEID /* added in 7.65.0 */ +} CURLUPart; + +#define CURLU_DEFAULT_PORT (1<<0) /* return default port number */ +#define CURLU_NO_DEFAULT_PORT (1<<1) /* act as if no port number was set, + if the port number matches the + default for the scheme */ +#define CURLU_DEFAULT_SCHEME (1<<2) /* return default scheme if + missing */ +#define CURLU_NON_SUPPORT_SCHEME (1<<3) /* allow non-supported scheme */ +#define CURLU_PATH_AS_IS (1<<4) /* leave dot sequences */ +#define CURLU_DISALLOW_USER (1<<5) /* no user+password allowed */ +#define CURLU_URLDECODE (1<<6) /* URL decode on get */ +#define CURLU_URLENCODE (1<<7) /* URL encode on set */ +#define CURLU_APPENDQUERY (1<<8) /* append a form style part */ +#define CURLU_GUESS_SCHEME (1<<9) /* legacy curl-style guessing */ +#define CURLU_NO_AUTHORITY (1<<10) /* Allow empty authority when the + scheme is unknown. */ +#define CURLU_ALLOW_SPACE (1<<11) /* Allow spaces in the URL */ +#define CURLU_PUNYCODE (1<<12) /* get the hostname in punycode */ +#define CURLU_PUNY2IDN (1<<13) /* punycode => IDN conversion */ +#define CURLU_GET_EMPTY (1<<14) /* allow empty queries and fragments + when extracting the URL or the + components */ +#define CURLU_NO_GUESS_SCHEME (1<<15) /* for get, do not accept a guess */ + +typedef struct Curl_URL CURLU; + +/* + * curl_url() creates a new CURLU handle and returns a pointer to it. + * Must be freed with curl_url_cleanup(). + */ +CURL_EXTERN CURLU *curl_url(void); + +/* + * curl_url_cleanup() frees the CURLU handle and related resources used for + * the URL parsing. It will not free strings previously returned with the URL + * API. + */ +CURL_EXTERN void curl_url_cleanup(CURLU *handle); + +/* + * curl_url_dup() duplicates a CURLU handle and returns a new copy. The new + * handle must also be freed with curl_url_cleanup(). + */ +CURL_EXTERN CURLU *curl_url_dup(const CURLU *in); + +/* + * curl_url_get() extracts a specific part of the URL from a CURLU + * handle. Returns error code. The returned pointer MUST be freed with + * curl_free() afterwards. + */ +CURL_EXTERN CURLUcode curl_url_get(const CURLU *handle, CURLUPart what, + char **part, unsigned int flags); + +/* + * curl_url_set() sets a specific part of the URL in a CURLU handle. Returns + * error code. The passed in string will be copied. Passing a NULL instead of + * a part string, clears that part. + */ +CURL_EXTERN CURLUcode curl_url_set(CURLU *handle, CURLUPart what, + const char *part, unsigned int flags); + +/* + * curl_url_strerror() turns a CURLUcode value into the equivalent human + * readable error string. This is useful for printing meaningful error + * messages. + */ +CURL_EXTERN const char *curl_url_strerror(CURLUcode); + +#ifdef __cplusplus +} /* end of extern "C" */ +#endif + +#endif /* CURLINC_URLAPI_H */ diff --git a/includes/curl/curl/websockets.h b/includes/curl/curl/websockets.h new file mode 100644 index 0000000..afb86b4 --- /dev/null +++ b/includes/curl/curl/websockets.h @@ -0,0 +1,85 @@ +#ifndef CURLINC_WEBSOCKETS_H +#define CURLINC_WEBSOCKETS_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +#ifdef __cplusplus +extern "C" { +#endif + +struct curl_ws_frame { + int age; /* zero */ + int flags; /* See the CURLWS_* defines */ + curl_off_t offset; /* the offset of this data into the frame */ + curl_off_t bytesleft; /* number of pending bytes left of the payload */ + size_t len; /* size of the current data chunk */ +}; + +/* flag bits */ +#define CURLWS_TEXT (1<<0) +#define CURLWS_BINARY (1<<1) +#define CURLWS_CONT (1<<2) +#define CURLWS_CLOSE (1<<3) +#define CURLWS_PING (1<<4) +#define CURLWS_OFFSET (1<<5) + +/* + * NAME curl_ws_recv() + * + * DESCRIPTION + * + * Receives data from the websocket connection. Use after successful + * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. + */ +CURL_EXTERN CURLcode curl_ws_recv(CURL *curl, void *buffer, size_t buflen, + size_t *recv, + const struct curl_ws_frame **metap); + +/* flags for curl_ws_send() */ +#define CURLWS_PONG (1<<6) + +/* + * NAME curl_ws_send() + * + * DESCRIPTION + * + * Sends data over the websocket connection. Use after successful + * curl_easy_perform() with CURLOPT_CONNECT_ONLY option. + */ +CURL_EXTERN CURLcode curl_ws_send(CURL *curl, const void *buffer, + size_t buflen, size_t *sent, + curl_off_t fragsize, + unsigned int flags); + +/* bits for the CURLOPT_WS_OPTIONS bitmask: */ +#define CURLWS_RAW_MODE (1<<0) +#define CURLWS_NOAUTOPONG (1<<1) + +CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(CURL *curl); + +#ifdef __cplusplus +} +#endif + +#endif /* CURLINC_WEBSOCKETS_H */ diff --git a/includes/curl/libpsl.h b/includes/curl/libpsl.h new file mode 100644 index 0000000..d7946e5 --- /dev/null +++ b/includes/curl/libpsl.h @@ -0,0 +1,210 @@ +/* + * Copyright(c) 2014-2024 Tim Ruehsen + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + * + * This file is part of libpsl. + * + * Header file for libpsl library routines + * + * Changelog + * 20.03.2014 Tim Ruehsen created + * + */ + +#ifndef LIBPSL_LIBPSL_H +#define LIBPSL_LIBPSL_H + +#include +#include + +#define PSL_VERSION "0.21.5" +#define PSL_VERSION_MAJOR 0 +#define PSL_VERSION_MINOR 21 +#define PSL_VERSION_PATCH 5 +#define PSL_VERSION_NUMBER 0x001505 + +/* support clang's __has_declspec_attribute attribute */ +#ifndef __has_declspec_attribute +# define __has_declspec_attribute(x) 0 +#endif + +#ifndef PSL_API +#if defined BUILDING_PSL && HAVE_VISIBILITY +# define PSL_API __attribute__ ((__visibility__("default"))) +#elif defined BUILDING_PSL && (defined _MSC_VER || __has_declspec_attribute(dllexport)) && !defined PSL_STATIC +# define PSL_API __declspec(dllexport) +#elif (defined _MSC_VER || __has_declspec_attribute(dllimport)) && !defined PSL_STATIC +# define PSL_API __declspec(dllimport) +#else +# define PSL_API +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* types for psl_is_public_suffix2() */ +#define PSL_TYPE_ICANN (1<<0) +#define PSL_TYPE_PRIVATE (1<<1) +#define PSL_TYPE_NO_STAR_RULE (1<<2) +#define PSL_TYPE_ANY (PSL_TYPE_ICANN | PSL_TYPE_PRIVATE) + +/** + * psl_error_t: + * @PSL_SUCCESS: Successful return. + * @PSL_ERR_INVALID_ARG: Invalid argument. + * @PSL_ERR_CONVERTER: Failed to open libicu utf-16 converter. + * @PSL_ERR_TO_UTF16: Failed to convert to utf-16. + * @PSL_ERR_TO_LOWER: Failed to convert utf-16 to lowercase. + * @PSL_ERR_TO_UTF8: Failed to convert utf-16 to utf-8. + * @PSL_ERR_NO_MEM: Failed to allocate memory. + * + * Return codes for PSL functions. + * Negative return codes mean failure. + * Positive values are reserved for non-error return codes. + */ +typedef enum { + PSL_SUCCESS = 0, + PSL_ERR_INVALID_ARG = -1, + PSL_ERR_CONVERTER = -2, /* failed to open libicu utf-16 converter */ + PSL_ERR_TO_UTF16 = -3, /* failed to convert to utf-16 */ + PSL_ERR_TO_LOWER = -4, /* failed to convert utf-16 to lowercase */ + PSL_ERR_TO_UTF8 = -5, /* failed to convert utf-16 to utf-8 */ + PSL_ERR_NO_MEM = -6 /* failed to allocate memory */ +} psl_error_t; + +typedef struct psl_ctx_st psl_ctx_t; + +/* frees PSL context */ +PSL_API +void + psl_free(psl_ctx_t *psl); + +/* frees memory allocated by libpsl routines */ +PSL_API +void + psl_free_string(char *str); + +/* loads PSL data from file */ +PSL_API +psl_ctx_t * + psl_load_file(const char *fname); + +/* loads PSL data from FILE pointer */ +PSL_API +psl_ctx_t * + psl_load_fp(FILE *fp); + +/* retrieves builtin PSL data */ +PSL_API +const psl_ctx_t * + psl_builtin(void); + +/* retrieves most recent PSL data */ +PSL_API +psl_ctx_t * + psl_latest(const char *fname); + +/* checks whether domain is a public suffix or not */ +PSL_API +int + psl_is_public_suffix(const psl_ctx_t *psl, const char *domain); + +/* checks whether domain is a public suffix regarding the type or not */ +PSL_API +int + psl_is_public_suffix2(const psl_ctx_t *psl, const char *domain, int type); + +/* checks whether cookie_domain is acceptable for domain or not */ +PSL_API +int + psl_is_cookie_domain_acceptable(const psl_ctx_t *psl, const char *hostname, const char *cookie_domain); + +/* returns the longest not registrable domain within 'domain' or NULL if none found */ +PSL_API +const char * + psl_unregistrable_domain(const psl_ctx_t *psl, const char *domain); + +/* returns the shortest possible registrable domain part or NULL if domain is not registrable at all */ +PSL_API +const char * + psl_registrable_domain(const psl_ctx_t *psl, const char *domain); + +/* convert a string into lowercase UTF-8 */ +PSL_API +psl_error_t + psl_str_to_utf8lower(const char *str, const char *encoding, const char *locale, char **lower); + +/* does not include exceptions */ +PSL_API +int + psl_suffix_count(const psl_ctx_t *psl); + +/* just counts exceptions */ +PSL_API +int + psl_suffix_exception_count(const psl_ctx_t *psl); + +/* just counts wildcards */ +PSL_API +int + psl_suffix_wildcard_count(const psl_ctx_t *psl); + +/* returns mtime of PSL source file */ +PSL_API +time_t + psl_builtin_file_time(void); + +/* returns SHA1 checksum (hex-encoded, lowercase) of PSL source file */ +PSL_API +const char * + psl_builtin_sha1sum(void); + +/* returns file name of PSL source file */ +PSL_API +const char * + psl_builtin_filename(void); + +/* returns name of distribution PSL data file */ +PSL_API +const char * + psl_dist_filename(void); + +/* returns library version string */ +PSL_API +const char * + psl_get_version(void); + +/* checks library version number */ +PSL_API +int + psl_check_version_number(int version); + +/* returns whether the built-in data is outdated or not */ +PSL_API +int + psl_builtin_outdated(void); + +#ifdef __cplusplus +} +#endif + +#endif /* LIBPSL_LIBPSL_H */ diff --git a/includes/curl/libssh2.h b/includes/curl/libssh2.h new file mode 100644 index 0000000..f47858a --- /dev/null +++ b/includes/curl/libssh2.h @@ -0,0 +1,1516 @@ +/* Copyright (C) Sara Golemon + * Copyright (C) Daniel Stenberg + * Copyright (C) Simon Josefsson + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef LIBSSH2_H +#define LIBSSH2_H 1 + +#define LIBSSH2_COPYRIGHT "The libssh2 project and its contributors." + +/* We use underscore instead of dash when appending DEV in dev versions just + to make the BANNER define (used by src/session.c) be a valid SSH + banner. Release versions have no appended strings and may of course not + have dashes either. */ +#define LIBSSH2_VERSION "1.11.1" + +/* The numeric version number is also available "in parts" by using these + defines: */ +#define LIBSSH2_VERSION_MAJOR 1 +#define LIBSSH2_VERSION_MINOR 11 +#define LIBSSH2_VERSION_PATCH 1 + +/* This is the numeric version of the libssh2 version number, meant for easier + parsing and comparisons by programs. The LIBSSH2_VERSION_NUM define will + always follow this syntax: + + 0xXXYYZZ + + Where XX, YY and ZZ are the main version, release and patch numbers in + hexadecimal (using 8 bits each). All three numbers are always represented + using two digits. 1.2 would appear as "0x010200" while version 9.11.7 + appears as "0x090b07". + + This 6-digit (24 bits) hexadecimal number does not show pre-release number, + and it is always a greater number in a more recent release. It makes + comparisons with greater than and less than work. +*/ +#define LIBSSH2_VERSION_NUM 0x010b01 + +/* + * This is the date and time when the full source package was created. The + * timestamp is not stored in the source code repo, as the timestamp is + * properly set in the tarballs by the maketgz script. + * + * The format of the date should follow this template: + * + * "Mon Feb 12 11:35:33 UTC 2007" + */ +#define LIBSSH2_TIMESTAMP "Wed Oct 16 08:03:21 UTC 2024" + +#ifndef RC_INVOKED + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef _WIN32 +# include +# include +#endif + +#include +#include +#include +#include + +/* Allow alternate API prefix from CFLAGS or calling app */ +#ifndef LIBSSH2_API +# ifdef _WIN32 +# if defined(LIBSSH2_EXPORTS) || defined(_WINDLL) +# ifdef LIBSSH2_LIBRARY +# define LIBSSH2_API __declspec(dllexport) +# else +# define LIBSSH2_API __declspec(dllimport) +# endif /* LIBSSH2_LIBRARY */ +# else +# define LIBSSH2_API +# endif +# else /* !_WIN32 */ +# define LIBSSH2_API +# endif /* _WIN32 */ +#endif /* LIBSSH2_API */ + +#ifdef HAVE_SYS_UIO_H +# include +#endif + +#ifdef _MSC_VER +typedef unsigned char uint8_t; +typedef unsigned short int uint16_t; +typedef unsigned int uint32_t; +typedef __int32 int32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; +typedef unsigned __int64 libssh2_uint64_t; +typedef __int64 libssh2_int64_t; +#if (!defined(HAVE_SSIZE_T) && !defined(ssize_t)) +typedef SSIZE_T ssize_t; +#define HAVE_SSIZE_T +#endif +#else +#include +typedef unsigned long long libssh2_uint64_t; +typedef long long libssh2_int64_t; +#endif + +#ifdef _WIN32 +typedef SOCKET libssh2_socket_t; +#define LIBSSH2_INVALID_SOCKET INVALID_SOCKET +#define LIBSSH2_SOCKET_CLOSE(s) closesocket(s) +#else /* !_WIN32 */ +typedef int libssh2_socket_t; +#define LIBSSH2_INVALID_SOCKET -1 +#define LIBSSH2_SOCKET_CLOSE(s) close(s) +#endif /* _WIN32 */ + +/* Compile-time deprecation macros */ +#if !defined(LIBSSH2_DISABLE_DEPRECATION) && !defined(LIBSSH2_LIBRARY) +# if defined(_MSC_VER) +# if _MSC_VER >= 1400 +# define LIBSSH2_DEPRECATED(version, message) \ + __declspec(deprecated("since libssh2 " # version ". " message)) +# elif _MSC_VER >= 1310 +# define LIBSSH2_DEPRECATED(version, message) \ + __declspec(deprecated) +# endif +# elif defined(__GNUC__) && !defined(__INTEL_COMPILER) +# if (defined(__clang__) && __clang_major__ >= 3) || \ + (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)) +# define LIBSSH2_DEPRECATED(version, message) \ + __attribute__((deprecated("since libssh2 " # version ". " message))) +# elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# define LIBSSH2_DEPRECATED(version, message) \ + __attribute__((deprecated)) +# endif +# elif defined(__SUNPRO_C) && __SUNPRO_C >= 0x5130 +# define LIBSSH2_DEPRECATED(version, message) \ + __attribute__((deprecated)) +# endif +#endif + +#ifndef LIBSSH2_DEPRECATED +#define LIBSSH2_DEPRECATED(version, message) +#endif + +/* + * Determine whether there is small or large file support on windows. + */ + +#if defined(_MSC_VER) && !defined(_WIN32_WCE) +# if (_MSC_VER >= 900) && (_INTEGRAL_MAX_BITS >= 64) +# define LIBSSH2_USE_WIN32_LARGE_FILES +# else +# define LIBSSH2_USE_WIN32_SMALL_FILES +# endif +#endif + +#if defined(__MINGW32__) && !defined(LIBSSH2_USE_WIN32_LARGE_FILES) +# define LIBSSH2_USE_WIN32_LARGE_FILES +#endif + +#if defined(__WATCOMC__) && !defined(LIBSSH2_USE_WIN32_LARGE_FILES) +# define LIBSSH2_USE_WIN32_LARGE_FILES +#endif + +#if defined(__POCC__) +# undef LIBSSH2_USE_WIN32_LARGE_FILES +#endif + +#if defined(_WIN32) && !defined(LIBSSH2_USE_WIN32_LARGE_FILES) && \ + !defined(LIBSSH2_USE_WIN32_SMALL_FILES) +# define LIBSSH2_USE_WIN32_SMALL_FILES +#endif + +/* + * Large file (>2Gb) support using WIN32 functions. + */ + +#ifdef LIBSSH2_USE_WIN32_LARGE_FILES +# include +# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%I64d" +typedef struct _stati64 libssh2_struct_stat; +typedef __int64 libssh2_struct_stat_size; +#endif + +/* + * Small file (<2Gb) support using WIN32 functions. + */ + +#ifdef LIBSSH2_USE_WIN32_SMALL_FILES +# ifndef _WIN32_WCE +# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%d" +typedef struct _stat libssh2_struct_stat; +typedef off_t libssh2_struct_stat_size; +# endif +#endif + +#ifndef LIBSSH2_STRUCT_STAT_SIZE_FORMAT +# ifdef __VMS +/* We have to roll our own format here because %z is a C99-ism we don't + have. */ +# if __USE_OFF64_T || __USING_STD_STAT +# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%Ld" +# else +# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%d" +# endif +# else +# define LIBSSH2_STRUCT_STAT_SIZE_FORMAT "%zd" +# endif +typedef struct stat libssh2_struct_stat; +typedef off_t libssh2_struct_stat_size; +#endif + +/* Part of every banner, user specified or not */ +#define LIBSSH2_SSH_BANNER "SSH-2.0-libssh2_" LIBSSH2_VERSION + +#define LIBSSH2_SSH_DEFAULT_BANNER LIBSSH2_SSH_BANNER +#define LIBSSH2_SSH_DEFAULT_BANNER_WITH_CRLF LIBSSH2_SSH_DEFAULT_BANNER "\r\n" + +/* Defaults for pty requests */ +#define LIBSSH2_TERM_WIDTH 80 +#define LIBSSH2_TERM_HEIGHT 24 +#define LIBSSH2_TERM_WIDTH_PX 0 +#define LIBSSH2_TERM_HEIGHT_PX 0 + +/* 1/4 second */ +#define LIBSSH2_SOCKET_POLL_UDELAY 250000 +/* 0.25 * 120 == 30 seconds */ +#define LIBSSH2_SOCKET_POLL_MAXLOOPS 120 + +/* Maximum size to allow a payload to compress to, plays it safe by falling + short of spec limits */ +#define LIBSSH2_PACKET_MAXCOMP 32000 + +/* Maximum size to allow a payload to deccompress to, plays it safe by + allowing more than spec requires */ +#define LIBSSH2_PACKET_MAXDECOMP 40000 + +/* Maximum size for an inbound compressed payload, plays it safe by + overshooting spec limits */ +#define LIBSSH2_PACKET_MAXPAYLOAD 40000 + +/* Malloc callbacks */ +#define LIBSSH2_ALLOC_FUNC(name) void *name(size_t count, void **abstract) +#define LIBSSH2_REALLOC_FUNC(name) void *name(void *ptr, size_t count, \ + void **abstract) +#define LIBSSH2_FREE_FUNC(name) void name(void *ptr, void **abstract) + +typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT +{ + unsigned char *text; + size_t length; + unsigned char echo; +} LIBSSH2_USERAUTH_KBDINT_PROMPT; + +typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE +{ + char *text; + unsigned int length; /* FIXME: change type to size_t */ +} LIBSSH2_USERAUTH_KBDINT_RESPONSE; + +typedef struct _LIBSSH2_SK_SIG_INFO { + uint8_t flags; + uint32_t counter; + unsigned char *sig_r; + size_t sig_r_len; + unsigned char *sig_s; + size_t sig_s_len; +} LIBSSH2_SK_SIG_INFO; + +/* 'publickey' authentication callback */ +#define LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC(name) \ + int name(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, \ + const unsigned char *data, size_t data_len, void **abstract) + +/* 'keyboard-interactive' authentication callback */ +/* FIXME: name_len, instruction_len -> size_t, num_prompts -> unsigned int? */ +#define LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC(name_) \ + void name_(const char *name, int name_len, const char *instruction, \ + int instruction_len, int num_prompts, \ + const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts, \ + LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses, void **abstract) + +/* SK authentication callback */ +#define LIBSSH2_USERAUTH_SK_SIGN_FUNC(name) \ + int name(LIBSSH2_SESSION *session, LIBSSH2_SK_SIG_INFO *sig_info, \ + const unsigned char *data, size_t data_len, \ + int algorithm, uint8_t flags, \ + const char *application, const unsigned char *key_handle, \ + size_t handle_len, \ + void **abstract) + +/* Flags for SK authentication */ +#define LIBSSH2_SK_PRESENCE_REQUIRED 0x01 +#define LIBSSH2_SK_VERIFICATION_REQUIRED 0x04 + +/* FIXME: update lengths to size_t (or ssize_t): */ + +/* Callbacks for special SSH packets */ +#define LIBSSH2_IGNORE_FUNC(name) \ + void name(LIBSSH2_SESSION *session, const char *message, int message_len, \ + void **abstract) + +#define LIBSSH2_DEBUG_FUNC(name) \ + void name(LIBSSH2_SESSION *session, int always_display, \ + const char *message, int message_len, \ + const char *language, int language_len, \ + void **abstract) + +#define LIBSSH2_DISCONNECT_FUNC(name) \ + void name(LIBSSH2_SESSION *session, int reason, \ + const char *message, int message_len, \ + const char *language, int language_len, \ + void **abstract) + +#define LIBSSH2_PASSWD_CHANGEREQ_FUNC(name) \ + void name(LIBSSH2_SESSION *session, char **newpw, int *newpw_len, \ + void **abstract) + +#define LIBSSH2_MACERROR_FUNC(name) \ + int name(LIBSSH2_SESSION *session, const char *packet, int packet_len, \ + void **abstract) + +#define LIBSSH2_X11_OPEN_FUNC(name) \ + void name(LIBSSH2_SESSION *session, LIBSSH2_CHANNEL *channel, \ + const char *shost, int sport, void **abstract) + +#define LIBSSH2_AUTHAGENT_FUNC(name) \ + void name(LIBSSH2_SESSION *session, LIBSSH2_CHANNEL *channel, \ + void **abstract) + +#define LIBSSH2_ADD_IDENTITIES_FUNC(name) \ + void name(LIBSSH2_SESSION *session, void *buffer, \ + const char *agent_path, void **abstract) + +#define LIBSSH2_AUTHAGENT_SIGN_FUNC(name) \ + int name(LIBSSH2_SESSION* session, \ + unsigned char *blob, unsigned int blen, \ + const unsigned char *data, unsigned int dlen, \ + unsigned char **signature, unsigned int *sigLen, \ + const char *agentPath, \ + void **abstract) + +#define LIBSSH2_CHANNEL_CLOSE_FUNC(name) \ + void name(LIBSSH2_SESSION *session, void **session_abstract, \ + LIBSSH2_CHANNEL *channel, void **channel_abstract) + +/* I/O callbacks */ +#define LIBSSH2_RECV_FUNC(name) \ + ssize_t name(libssh2_socket_t socket, \ + void *buffer, size_t length, \ + int flags, void **abstract) +#define LIBSSH2_SEND_FUNC(name) \ + ssize_t name(libssh2_socket_t socket, \ + const void *buffer, size_t length, \ + int flags, void **abstract) + +/* libssh2_session_callback_set() constants */ +#define LIBSSH2_CALLBACK_IGNORE 0 +#define LIBSSH2_CALLBACK_DEBUG 1 +#define LIBSSH2_CALLBACK_DISCONNECT 2 +#define LIBSSH2_CALLBACK_MACERROR 3 +#define LIBSSH2_CALLBACK_X11 4 +#define LIBSSH2_CALLBACK_SEND 5 +#define LIBSSH2_CALLBACK_RECV 6 +#define LIBSSH2_CALLBACK_AUTHAGENT 7 +#define LIBSSH2_CALLBACK_AUTHAGENT_IDENTITIES 8 +#define LIBSSH2_CALLBACK_AUTHAGENT_SIGN 9 + +/* libssh2_session_method_pref() constants */ +#define LIBSSH2_METHOD_KEX 0 +#define LIBSSH2_METHOD_HOSTKEY 1 +#define LIBSSH2_METHOD_CRYPT_CS 2 +#define LIBSSH2_METHOD_CRYPT_SC 3 +#define LIBSSH2_METHOD_MAC_CS 4 +#define LIBSSH2_METHOD_MAC_SC 5 +#define LIBSSH2_METHOD_COMP_CS 6 +#define LIBSSH2_METHOD_COMP_SC 7 +#define LIBSSH2_METHOD_LANG_CS 8 +#define LIBSSH2_METHOD_LANG_SC 9 +#define LIBSSH2_METHOD_SIGN_ALGO 10 + +/* flags */ +#define LIBSSH2_FLAG_SIGPIPE 1 +#define LIBSSH2_FLAG_COMPRESS 2 +#define LIBSSH2_FLAG_QUOTE_PATHS 3 + +typedef struct _LIBSSH2_SESSION LIBSSH2_SESSION; +typedef struct _LIBSSH2_CHANNEL LIBSSH2_CHANNEL; +typedef struct _LIBSSH2_LISTENER LIBSSH2_LISTENER; +typedef struct _LIBSSH2_KNOWNHOSTS LIBSSH2_KNOWNHOSTS; +typedef struct _LIBSSH2_AGENT LIBSSH2_AGENT; + +/* SK signature callback */ +typedef struct _LIBSSH2_PRIVKEY_SK { + int algorithm; + uint8_t flags; + const char *application; + const unsigned char *key_handle; + size_t handle_len; + LIBSSH2_USERAUTH_SK_SIGN_FUNC((*sign_callback)); + void **orig_abstract; +} LIBSSH2_PRIVKEY_SK; + +int +libssh2_sign_sk(LIBSSH2_SESSION *session, + unsigned char **sig, + size_t *sig_len, + const unsigned char *data, + size_t data_len, + void **abstract); + +typedef struct _LIBSSH2_POLLFD { + unsigned char type; /* LIBSSH2_POLLFD_* below */ + + union { + libssh2_socket_t socket; /* File descriptors -- examined with + system select() call */ + LIBSSH2_CHANNEL *channel; /* Examined by checking internal state */ + LIBSSH2_LISTENER *listener; /* Read polls only -- are inbound + connections waiting to be accepted? */ + } fd; + + unsigned long events; /* Requested Events */ + unsigned long revents; /* Returned Events */ +} LIBSSH2_POLLFD; + +/* Poll FD Descriptor Types */ +#define LIBSSH2_POLLFD_SOCKET 1 +#define LIBSSH2_POLLFD_CHANNEL 2 +#define LIBSSH2_POLLFD_LISTENER 3 + +/* Note: Win32 Doesn't actually have a poll() implementation, so some of these + values are faked with select() data */ +/* Poll FD events/revents -- Match sys/poll.h where possible */ +#define LIBSSH2_POLLFD_POLLIN 0x0001 /* Data available to be read or + connection available -- + All */ +#define LIBSSH2_POLLFD_POLLPRI 0x0002 /* Priority data available to + be read -- Socket only */ +#define LIBSSH2_POLLFD_POLLEXT 0x0002 /* Extended data available to + be read -- Channel only */ +#define LIBSSH2_POLLFD_POLLOUT 0x0004 /* Can may be written -- + Socket/Channel */ +/* revents only */ +#define LIBSSH2_POLLFD_POLLERR 0x0008 /* Error Condition -- Socket */ +#define LIBSSH2_POLLFD_POLLHUP 0x0010 /* HangUp/EOF -- Socket */ +#define LIBSSH2_POLLFD_SESSION_CLOSED 0x0010 /* Session Disconnect */ +#define LIBSSH2_POLLFD_POLLNVAL 0x0020 /* Invalid request -- Socket + Only */ +#define LIBSSH2_POLLFD_POLLEX 0x0040 /* Exception Condition -- + Socket/Win32 */ +#define LIBSSH2_POLLFD_CHANNEL_CLOSED 0x0080 /* Channel Disconnect */ +#define LIBSSH2_POLLFD_LISTENER_CLOSED 0x0080 /* Listener Disconnect */ + +#define HAVE_LIBSSH2_SESSION_BLOCK_DIRECTION +/* Block Direction Types */ +#define LIBSSH2_SESSION_BLOCK_INBOUND 0x0001 +#define LIBSSH2_SESSION_BLOCK_OUTBOUND 0x0002 + +/* Hash Types */ +#define LIBSSH2_HOSTKEY_HASH_MD5 1 +#define LIBSSH2_HOSTKEY_HASH_SHA1 2 +#define LIBSSH2_HOSTKEY_HASH_SHA256 3 + +/* Hostkey Types */ +#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN 0 +#define LIBSSH2_HOSTKEY_TYPE_RSA 1 +#define LIBSSH2_HOSTKEY_TYPE_DSS 2 /* deprecated */ +#define LIBSSH2_HOSTKEY_TYPE_ECDSA_256 3 +#define LIBSSH2_HOSTKEY_TYPE_ECDSA_384 4 +#define LIBSSH2_HOSTKEY_TYPE_ECDSA_521 5 +#define LIBSSH2_HOSTKEY_TYPE_ED25519 6 + +/* Disconnect Codes (defined by SSH protocol) */ +#define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 +#define SSH_DISCONNECT_PROTOCOL_ERROR 2 +#define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3 +#define SSH_DISCONNECT_RESERVED 4 +#define SSH_DISCONNECT_MAC_ERROR 5 +#define SSH_DISCONNECT_COMPRESSION_ERROR 6 +#define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7 +#define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 +#define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 +#define SSH_DISCONNECT_CONNECTION_LOST 10 +#define SSH_DISCONNECT_BY_APPLICATION 11 +#define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12 +#define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13 +#define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 +#define SSH_DISCONNECT_ILLEGAL_USER_NAME 15 + +/* Error Codes (defined by libssh2) */ +#define LIBSSH2_ERROR_NONE 0 + +/* The library once used -1 as a generic error return value on numerous places + through the code, which subsequently was converted to + LIBSSH2_ERROR_SOCKET_NONE uses over time. As this is a generic error code, + the goal is to never ever return this code but instead make sure that a + more accurate and descriptive error code is used. */ +#define LIBSSH2_ERROR_SOCKET_NONE -1 + +#define LIBSSH2_ERROR_BANNER_RECV -2 +#define LIBSSH2_ERROR_BANNER_SEND -3 +#define LIBSSH2_ERROR_INVALID_MAC -4 +#define LIBSSH2_ERROR_KEX_FAILURE -5 +#define LIBSSH2_ERROR_ALLOC -6 +#define LIBSSH2_ERROR_SOCKET_SEND -7 +#define LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE -8 +#define LIBSSH2_ERROR_TIMEOUT -9 +#define LIBSSH2_ERROR_HOSTKEY_INIT -10 +#define LIBSSH2_ERROR_HOSTKEY_SIGN -11 +#define LIBSSH2_ERROR_DECRYPT -12 +#define LIBSSH2_ERROR_SOCKET_DISCONNECT -13 +#define LIBSSH2_ERROR_PROTO -14 +#define LIBSSH2_ERROR_PASSWORD_EXPIRED -15 +#define LIBSSH2_ERROR_FILE -16 +#define LIBSSH2_ERROR_METHOD_NONE -17 +#define LIBSSH2_ERROR_AUTHENTICATION_FAILED -18 +#define LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED \ + LIBSSH2_ERROR_AUTHENTICATION_FAILED +#define LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED -19 +#define LIBSSH2_ERROR_CHANNEL_OUTOFORDER -20 +#define LIBSSH2_ERROR_CHANNEL_FAILURE -21 +#define LIBSSH2_ERROR_CHANNEL_REQUEST_DENIED -22 +#define LIBSSH2_ERROR_CHANNEL_UNKNOWN -23 +#define LIBSSH2_ERROR_CHANNEL_WINDOW_EXCEEDED -24 +#define LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED -25 +#define LIBSSH2_ERROR_CHANNEL_CLOSED -26 +#define LIBSSH2_ERROR_CHANNEL_EOF_SENT -27 +#define LIBSSH2_ERROR_SCP_PROTOCOL -28 +#define LIBSSH2_ERROR_ZLIB -29 +#define LIBSSH2_ERROR_SOCKET_TIMEOUT -30 +#define LIBSSH2_ERROR_SFTP_PROTOCOL -31 +#define LIBSSH2_ERROR_REQUEST_DENIED -32 +#define LIBSSH2_ERROR_METHOD_NOT_SUPPORTED -33 +#define LIBSSH2_ERROR_INVAL -34 +#define LIBSSH2_ERROR_INVALID_POLL_TYPE -35 +#define LIBSSH2_ERROR_PUBLICKEY_PROTOCOL -36 +#define LIBSSH2_ERROR_EAGAIN -37 +#define LIBSSH2_ERROR_BUFFER_TOO_SMALL -38 +#define LIBSSH2_ERROR_BAD_USE -39 +#define LIBSSH2_ERROR_COMPRESS -40 +#define LIBSSH2_ERROR_OUT_OF_BOUNDARY -41 +#define LIBSSH2_ERROR_AGENT_PROTOCOL -42 +#define LIBSSH2_ERROR_SOCKET_RECV -43 +#define LIBSSH2_ERROR_ENCRYPT -44 +#define LIBSSH2_ERROR_BAD_SOCKET -45 +#define LIBSSH2_ERROR_KNOWN_HOSTS -46 +#define LIBSSH2_ERROR_CHANNEL_WINDOW_FULL -47 +#define LIBSSH2_ERROR_KEYFILE_AUTH_FAILED -48 +#define LIBSSH2_ERROR_RANDGEN -49 +#define LIBSSH2_ERROR_MISSING_USERAUTH_BANNER -50 +#define LIBSSH2_ERROR_ALGO_UNSUPPORTED -51 +#define LIBSSH2_ERROR_MAC_FAILURE -52 +#define LIBSSH2_ERROR_HASH_INIT -53 +#define LIBSSH2_ERROR_HASH_CALC -54 + +/* this is a define to provide the old (<= 1.2.7) name */ +#define LIBSSH2_ERROR_BANNER_NONE LIBSSH2_ERROR_BANNER_RECV + +/* Global API */ +#define LIBSSH2_INIT_NO_CRYPTO 0x0001 + +/* + * libssh2_init() + * + * Initialize the libssh2 functions. This typically initialize the + * crypto library. It uses a global state, and is not thread safe -- + * you must make sure this function is not called concurrently. + * + * Flags can be: + * 0: Normal initialize + * LIBSSH2_INIT_NO_CRYPTO: Do not initialize the crypto library (ie. + * OPENSSL_add_cipher_algoritms() for OpenSSL + * + * Returns 0 if succeeded, or a negative value for error. + */ +LIBSSH2_API int libssh2_init(int flags); + +/* + * libssh2_exit() + * + * Exit the libssh2 functions and free's all memory used internal. + */ +LIBSSH2_API void libssh2_exit(void); + +/* + * libssh2_free() + * + * Deallocate memory allocated by earlier call to libssh2 functions. + */ +LIBSSH2_API void libssh2_free(LIBSSH2_SESSION *session, void *ptr); + +/* + * libssh2_session_supported_algs() + * + * Fills algs with a list of supported acryptographic algorithms. Returns a + * non-negative number (number of supported algorithms) on success or a + * negative number (an error code) on failure. + * + * NOTE: on success, algs must be deallocated (by calling libssh2_free) when + * not needed anymore + */ +LIBSSH2_API int libssh2_session_supported_algs(LIBSSH2_SESSION* session, + int method_type, + const char ***algs); + +/* Session API */ +LIBSSH2_API LIBSSH2_SESSION * +libssh2_session_init_ex(LIBSSH2_ALLOC_FUNC((*my_alloc)), + LIBSSH2_FREE_FUNC((*my_free)), + LIBSSH2_REALLOC_FUNC((*my_realloc)), void *abstract); +#define libssh2_session_init() libssh2_session_init_ex(NULL, NULL, NULL, NULL) + +LIBSSH2_API void **libssh2_session_abstract(LIBSSH2_SESSION *session); + +typedef void (libssh2_cb_generic)(void); + +LIBSSH2_API libssh2_cb_generic * +libssh2_session_callback_set2(LIBSSH2_SESSION *session, int cbtype, + libssh2_cb_generic *callback); + +LIBSSH2_DEPRECATED(1.11.1, "Use libssh2_session_callback_set2()") +LIBSSH2_API void *libssh2_session_callback_set(LIBSSH2_SESSION *session, + int cbtype, void *callback); +LIBSSH2_API int libssh2_session_banner_set(LIBSSH2_SESSION *session, + const char *banner); +#ifndef LIBSSH2_NO_DEPRECATED +LIBSSH2_DEPRECATED(1.4.0, "Use libssh2_session_banner_set()") +LIBSSH2_API int libssh2_banner_set(LIBSSH2_SESSION *session, + const char *banner); + +LIBSSH2_DEPRECATED(1.2.8, "Use libssh2_session_handshake()") +LIBSSH2_API int libssh2_session_startup(LIBSSH2_SESSION *session, int sock); +#endif +LIBSSH2_API int libssh2_session_handshake(LIBSSH2_SESSION *session, + libssh2_socket_t sock); +LIBSSH2_API int libssh2_session_disconnect_ex(LIBSSH2_SESSION *session, + int reason, + const char *description, + const char *lang); +#define libssh2_session_disconnect(session, description) \ + libssh2_session_disconnect_ex((session), SSH_DISCONNECT_BY_APPLICATION, \ + (description), "") + +LIBSSH2_API int libssh2_session_free(LIBSSH2_SESSION *session); + +LIBSSH2_API const char *libssh2_hostkey_hash(LIBSSH2_SESSION *session, + int hash_type); + +LIBSSH2_API const char *libssh2_session_hostkey(LIBSSH2_SESSION *session, + size_t *len, int *type); + +LIBSSH2_API int libssh2_session_method_pref(LIBSSH2_SESSION *session, + int method_type, + const char *prefs); +LIBSSH2_API const char *libssh2_session_methods(LIBSSH2_SESSION *session, + int method_type); +LIBSSH2_API int libssh2_session_last_error(LIBSSH2_SESSION *session, + char **errmsg, + int *errmsg_len, int want_buf); +LIBSSH2_API int libssh2_session_last_errno(LIBSSH2_SESSION *session); +LIBSSH2_API int libssh2_session_set_last_error(LIBSSH2_SESSION* session, + int errcode, + const char *errmsg); +LIBSSH2_API int libssh2_session_block_directions(LIBSSH2_SESSION *session); + +LIBSSH2_API int libssh2_session_flag(LIBSSH2_SESSION *session, int flag, + int value); +LIBSSH2_API const char *libssh2_session_banner_get(LIBSSH2_SESSION *session); + +/* Userauth API */ +LIBSSH2_API char *libssh2_userauth_list(LIBSSH2_SESSION *session, + const char *username, + unsigned int username_len); +LIBSSH2_API int libssh2_userauth_banner(LIBSSH2_SESSION *session, + char **banner); +LIBSSH2_API int libssh2_userauth_authenticated(LIBSSH2_SESSION *session); + +LIBSSH2_API int +libssh2_userauth_password_ex(LIBSSH2_SESSION *session, + const char *username, + unsigned int username_len, + const char *password, + unsigned int password_len, + LIBSSH2_PASSWD_CHANGEREQ_FUNC + ((*passwd_change_cb))); + +#define libssh2_userauth_password(session, username, password) \ + libssh2_userauth_password_ex((session), (username), \ + (unsigned int)strlen(username), \ + (password), (unsigned int)strlen(password), \ + NULL) + +LIBSSH2_API int +libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session, + const char *username, + unsigned int username_len, + const char *publickey, + const char *privatekey, + const char *passphrase); + +#define libssh2_userauth_publickey_fromfile(session, username, publickey, \ + privatekey, passphrase) \ + libssh2_userauth_publickey_fromfile_ex((session), (username), \ + (unsigned int)strlen(username), \ + (publickey), \ + (privatekey), (passphrase)) + +LIBSSH2_API int +libssh2_userauth_publickey(LIBSSH2_SESSION *session, + const char *username, + const unsigned char *pubkeydata, + size_t pubkeydata_len, + LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC + ((*sign_callback)), + void **abstract); + +LIBSSH2_API int +libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session, + const char *username, + unsigned int username_len, + const char *publickey, + const char *privatekey, + const char *passphrase, + const char *hostname, + unsigned int hostname_len, + const char *local_username, + unsigned int local_username_len); + +#define libssh2_userauth_hostbased_fromfile(session, username, publickey, \ + privatekey, passphrase, hostname) \ + libssh2_userauth_hostbased_fromfile_ex((session), (username), \ + (unsigned int)strlen(username), \ + (publickey), \ + (privatekey), (passphrase), \ + (hostname), \ + (unsigned int)strlen(hostname), \ + (username), \ + (unsigned int)strlen(username)) + +LIBSSH2_API int +libssh2_userauth_publickey_frommemory(LIBSSH2_SESSION *session, + const char *username, + size_t username_len, + const char *publickeyfiledata, + size_t publickeyfiledata_len, + const char *privatekeyfiledata, + size_t privatekeyfiledata_len, + const char *passphrase); + +/* + * response_callback is provided with filled by library prompts array, + * but client must allocate and fill individual responses. Responses + * array is already allocated. Responses data will be freed by libssh2 + * after callback return, but before subsequent callback invocation. + */ +LIBSSH2_API int +libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION* session, + const char *username, + unsigned int username_len, + LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC + ((*response_callback))); + +#define libssh2_userauth_keyboard_interactive(session, username, \ + response_callback) \ + libssh2_userauth_keyboard_interactive_ex((session), (username), \ + (unsigned int)strlen(username), \ + (response_callback)) + +LIBSSH2_API int +libssh2_userauth_publickey_sk(LIBSSH2_SESSION *session, + const char *username, + size_t username_len, + const unsigned char *pubkeydata, + size_t pubkeydata_len, + const char *privatekeydata, + size_t privatekeydata_len, + const char *passphrase, + LIBSSH2_USERAUTH_SK_SIGN_FUNC + ((*sign_callback)), + void **abstract); + +LIBSSH2_API int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds, + long timeout); + +/* Channel API */ +#define LIBSSH2_CHANNEL_WINDOW_DEFAULT (2*1024*1024) +#define LIBSSH2_CHANNEL_PACKET_DEFAULT 32768 +#define LIBSSH2_CHANNEL_MINADJUST 1024 + +/* Extended Data Handling */ +#define LIBSSH2_CHANNEL_EXTENDED_DATA_NORMAL 0 +#define LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE 1 +#define LIBSSH2_CHANNEL_EXTENDED_DATA_MERGE 2 + +#define SSH_EXTENDED_DATA_STDERR 1 + +/* Returned by any function that would block during a read/write operation */ +#define LIBSSH2CHANNEL_EAGAIN LIBSSH2_ERROR_EAGAIN + +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_channel_open_ex(LIBSSH2_SESSION *session, const char *channel_type, + unsigned int channel_type_len, + unsigned int window_size, unsigned int packet_size, + const char *message, unsigned int message_len); + +#define libssh2_channel_open_session(session) \ + libssh2_channel_open_ex((session), "session", sizeof("session") - 1, \ + LIBSSH2_CHANNEL_WINDOW_DEFAULT, \ + LIBSSH2_CHANNEL_PACKET_DEFAULT, NULL, 0) + +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_channel_direct_tcpip_ex(LIBSSH2_SESSION *session, const char *host, + int port, const char *shost, int sport); +#define libssh2_channel_direct_tcpip(session, host, port) \ + libssh2_channel_direct_tcpip_ex((session), (host), (port), "127.0.0.1", 22) + +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_channel_direct_streamlocal_ex(LIBSSH2_SESSION * session, + const char *socket_path, + const char *shost, int sport); + +LIBSSH2_API LIBSSH2_LISTENER * +libssh2_channel_forward_listen_ex(LIBSSH2_SESSION *session, const char *host, + int port, int *bound_port, + int queue_maxsize); +#define libssh2_channel_forward_listen(session, port) \ + libssh2_channel_forward_listen_ex((session), NULL, (port), NULL, 16) + +LIBSSH2_API int libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener); + +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_channel_forward_accept(LIBSSH2_LISTENER *listener); + +LIBSSH2_API int libssh2_channel_setenv_ex(LIBSSH2_CHANNEL *channel, + const char *varname, + unsigned int varname_len, + const char *value, + unsigned int value_len); + +#define libssh2_channel_setenv(channel, varname, value) \ + libssh2_channel_setenv_ex((channel), (varname), \ + (unsigned int)strlen(varname), (value), \ + (unsigned int)strlen(value)) + +LIBSSH2_API int libssh2_channel_request_auth_agent(LIBSSH2_CHANNEL *channel); + +LIBSSH2_API int libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL *channel, + const char *term, + unsigned int term_len, + const char *modes, + unsigned int modes_len, + int width, int height, + int width_px, int height_px); +#define libssh2_channel_request_pty(channel, term) \ + libssh2_channel_request_pty_ex((channel), (term), \ + (unsigned int)strlen(term), \ + NULL, 0, \ + LIBSSH2_TERM_WIDTH, \ + LIBSSH2_TERM_HEIGHT, \ + LIBSSH2_TERM_WIDTH_PX, \ + LIBSSH2_TERM_HEIGHT_PX) + +LIBSSH2_API int libssh2_channel_request_pty_size_ex(LIBSSH2_CHANNEL *channel, + int width, int height, + int width_px, + int height_px); +#define libssh2_channel_request_pty_size(channel, width, height) \ + libssh2_channel_request_pty_size_ex((channel), (width), (height), 0, 0) + +LIBSSH2_API int libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL *channel, + int single_connection, + const char *auth_proto, + const char *auth_cookie, + int screen_number); +#define libssh2_channel_x11_req(channel, screen_number) \ + libssh2_channel_x11_req_ex((channel), 0, NULL, NULL, (screen_number)) + +LIBSSH2_API int libssh2_channel_signal_ex(LIBSSH2_CHANNEL *channel, + const char *signame, + size_t signame_len); +#define libssh2_channel_signal(channel, signame) \ + libssh2_channel_signal_ex((channel), signame, strlen(signame)) + +LIBSSH2_API int libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel, + const char *request, + unsigned int request_len, + const char *message, + unsigned int message_len); +#define libssh2_channel_shell(channel) \ + libssh2_channel_process_startup((channel), "shell", sizeof("shell") - 1, \ + NULL, 0) +#define libssh2_channel_exec(channel, command) \ + libssh2_channel_process_startup((channel), "exec", sizeof("exec") - 1, \ + (command), (unsigned int)strlen(command)) +#define libssh2_channel_subsystem(channel, subsystem) \ + libssh2_channel_process_startup((channel), "subsystem", \ + sizeof("subsystem") - 1, (subsystem), \ + (unsigned int)strlen(subsystem)) + +LIBSSH2_API ssize_t libssh2_channel_read_ex(LIBSSH2_CHANNEL *channel, + int stream_id, char *buf, + size_t buflen); +#define libssh2_channel_read(channel, buf, buflen) \ + libssh2_channel_read_ex((channel), 0, \ + (buf), (buflen)) +#define libssh2_channel_read_stderr(channel, buf, buflen) \ + libssh2_channel_read_ex((channel), SSH_EXTENDED_DATA_STDERR, \ + (buf), (buflen)) + +LIBSSH2_API int libssh2_poll_channel_read(LIBSSH2_CHANNEL *channel, + int extended); + +LIBSSH2_API unsigned long +libssh2_channel_window_read_ex(LIBSSH2_CHANNEL *channel, + unsigned long *read_avail, + unsigned long *window_size_initial); +#define libssh2_channel_window_read(channel) \ + libssh2_channel_window_read_ex((channel), NULL, NULL) + +#ifndef LIBSSH2_NO_DEPRECATED +LIBSSH2_DEPRECATED(1.1.0, "Use libssh2_channel_receive_window_adjust2()") +LIBSSH2_API unsigned long +libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL *channel, + unsigned long adjustment, + unsigned char force); +#endif +LIBSSH2_API int +libssh2_channel_receive_window_adjust2(LIBSSH2_CHANNEL *channel, + unsigned long adjustment, + unsigned char force, + unsigned int *storewindow); + +LIBSSH2_API ssize_t libssh2_channel_write_ex(LIBSSH2_CHANNEL *channel, + int stream_id, const char *buf, + size_t buflen); + +#define libssh2_channel_write(channel, buf, buflen) \ + libssh2_channel_write_ex((channel), 0, \ + (buf), (buflen)) +#define libssh2_channel_write_stderr(channel, buf, buflen) \ + libssh2_channel_write_ex((channel), SSH_EXTENDED_DATA_STDERR, \ + (buf), (buflen)) + +LIBSSH2_API unsigned long +libssh2_channel_window_write_ex(LIBSSH2_CHANNEL *channel, + unsigned long *window_size_initial); +#define libssh2_channel_window_write(channel) \ + libssh2_channel_window_write_ex((channel), NULL) + +LIBSSH2_API void libssh2_session_set_blocking(LIBSSH2_SESSION* session, + int blocking); +LIBSSH2_API int libssh2_session_get_blocking(LIBSSH2_SESSION* session); + +LIBSSH2_API void libssh2_channel_set_blocking(LIBSSH2_CHANNEL *channel, + int blocking); + +LIBSSH2_API void libssh2_session_set_timeout(LIBSSH2_SESSION* session, + long timeout); +LIBSSH2_API long libssh2_session_get_timeout(LIBSSH2_SESSION* session); + +LIBSSH2_API void libssh2_session_set_read_timeout(LIBSSH2_SESSION* session, + long timeout); +LIBSSH2_API long libssh2_session_get_read_timeout(LIBSSH2_SESSION* session); + +#ifndef LIBSSH2_NO_DEPRECATED +LIBSSH2_DEPRECATED(1.1.0, "libssh2_channel_handle_extended_data2()") +LIBSSH2_API void libssh2_channel_handle_extended_data(LIBSSH2_CHANNEL *channel, + int ignore_mode); +#endif +LIBSSH2_API int libssh2_channel_handle_extended_data2(LIBSSH2_CHANNEL *channel, + int ignore_mode); + +#ifndef LIBSSH2_NO_DEPRECATED +/* libssh2_channel_ignore_extended_data() is defined below for BC with version + * 0.1 + * + * Future uses should use libssh2_channel_handle_extended_data() directly if + * LIBSSH2_CHANNEL_EXTENDED_DATA_MERGE is passed, extended data will be read + * (FIFO) from the standard data channel + */ +/* DEPRECATED since 0.3.0. Use libssh2_channel_handle_extended_data2(). */ +#define libssh2_channel_ignore_extended_data(channel, ignore) \ + libssh2_channel_handle_extended_data((channel), (ignore) ? \ + LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE : \ + LIBSSH2_CHANNEL_EXTENDED_DATA_NORMAL) +#endif + +#define LIBSSH2_CHANNEL_FLUSH_EXTENDED_DATA -1 +#define LIBSSH2_CHANNEL_FLUSH_ALL -2 +LIBSSH2_API int libssh2_channel_flush_ex(LIBSSH2_CHANNEL *channel, + int streamid); +#define libssh2_channel_flush(channel) libssh2_channel_flush_ex((channel), 0) +#define libssh2_channel_flush_stderr(channel) \ + libssh2_channel_flush_ex((channel), SSH_EXTENDED_DATA_STDERR) + +LIBSSH2_API int libssh2_channel_get_exit_status(LIBSSH2_CHANNEL* channel); +LIBSSH2_API int libssh2_channel_get_exit_signal(LIBSSH2_CHANNEL* channel, + char **exitsignal, + size_t *exitsignal_len, + char **errmsg, + size_t *errmsg_len, + char **langtag, + size_t *langtag_len); +LIBSSH2_API int libssh2_channel_send_eof(LIBSSH2_CHANNEL *channel); +LIBSSH2_API int libssh2_channel_eof(LIBSSH2_CHANNEL *channel); +LIBSSH2_API int libssh2_channel_wait_eof(LIBSSH2_CHANNEL *channel); +LIBSSH2_API int libssh2_channel_close(LIBSSH2_CHANNEL *channel); +LIBSSH2_API int libssh2_channel_wait_closed(LIBSSH2_CHANNEL *channel); +LIBSSH2_API int libssh2_channel_free(LIBSSH2_CHANNEL *channel); + +#ifndef LIBSSH2_NO_DEPRECATED +LIBSSH2_DEPRECATED(1.7.0, "Use libssh2_scp_recv2()") +LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_recv(LIBSSH2_SESSION *session, + const char *path, + struct stat *sb); +#endif +/* Use libssh2_scp_recv2() for large (> 2GB) file support on windows */ +LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_recv2(LIBSSH2_SESSION *session, + const char *path, + libssh2_struct_stat *sb); +LIBSSH2_API LIBSSH2_CHANNEL *libssh2_scp_send_ex(LIBSSH2_SESSION *session, + const char *path, int mode, + size_t size, long mtime, + long atime); +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_scp_send64(LIBSSH2_SESSION *session, const char *path, int mode, + libssh2_int64_t size, time_t mtime, time_t atime); + +#define libssh2_scp_send(session, path, mode, size) \ + libssh2_scp_send_ex((session), (path), (mode), (size), 0, 0) + +/* DEPRECATED */ +LIBSSH2_API int libssh2_base64_decode(LIBSSH2_SESSION *session, char **dest, + unsigned int *dest_len, + const char *src, unsigned int src_len); + +LIBSSH2_API +const char *libssh2_version(int req_version_num); + +typedef enum { + libssh2_no_crypto = 0, + libssh2_openssl, + libssh2_gcrypt, + libssh2_mbedtls, + libssh2_wincng, + libssh2_os400qc3 +} libssh2_crypto_engine_t; + +LIBSSH2_API +libssh2_crypto_engine_t libssh2_crypto_engine(void); + +#define HAVE_LIBSSH2_KNOWNHOST_API 0x010101 /* since 1.1.1 */ +#define HAVE_LIBSSH2_VERSION_API 0x010100 /* libssh2_version since 1.1 */ +#define HAVE_LIBSSH2_CRYPTOENGINE_API 0x011100 /* libssh2_crypto_engine + since 1.11 */ + +struct libssh2_knownhost { + unsigned int magic; /* magic stored by the library */ + void *node; /* handle to the internal representation of this host */ + char *name; /* this is NULL if no plain text host name exists */ + char *key; /* key in base64/printable format */ + int typemask; +}; + +/* + * libssh2_knownhost_init() + * + * Init a collection of known hosts. Returns the pointer to a collection. + * + */ +LIBSSH2_API LIBSSH2_KNOWNHOSTS * +libssh2_knownhost_init(LIBSSH2_SESSION *session); + +/* + * libssh2_knownhost_add() + * + * Add a host and its associated key to the collection of known hosts. + * + * The 'type' argument specifies on what format the given host and keys are: + * + * plain - ascii "hostname.domain.tld" + * sha1 - SHA1( ) base64-encoded! + * custom - another hash + * + * If 'sha1' is selected as type, the salt must be provided to the salt + * argument. This too base64 encoded. + * + * The SHA-1 hash is what OpenSSH can be told to use in known_hosts files. If + * a custom type is used, salt is ignored and you must provide the host + * pre-hashed when checking for it in the libssh2_knownhost_check() function. + * + * The keylen parameter may be omitted (zero) if the key is provided as a + * NULL-terminated base64-encoded string. + */ + +/* host format (2 bits) */ +#define LIBSSH2_KNOWNHOST_TYPE_MASK 0xffff +#define LIBSSH2_KNOWNHOST_TYPE_PLAIN 1 +#define LIBSSH2_KNOWNHOST_TYPE_SHA1 2 /* always base64 encoded */ +#define LIBSSH2_KNOWNHOST_TYPE_CUSTOM 3 + +/* key format (2 bits) */ +#define LIBSSH2_KNOWNHOST_KEYENC_MASK (3<<16) +#define LIBSSH2_KNOWNHOST_KEYENC_RAW (1<<16) +#define LIBSSH2_KNOWNHOST_KEYENC_BASE64 (2<<16) + +/* type of key (4 bits) */ +#define LIBSSH2_KNOWNHOST_KEY_MASK (15<<18) +#define LIBSSH2_KNOWNHOST_KEY_SHIFT 18 +#define LIBSSH2_KNOWNHOST_KEY_RSA1 (1<<18) +#define LIBSSH2_KNOWNHOST_KEY_SSHRSA (2<<18) +#define LIBSSH2_KNOWNHOST_KEY_SSHDSS (3<<18) /* deprecated */ +#define LIBSSH2_KNOWNHOST_KEY_ECDSA_256 (4<<18) +#define LIBSSH2_KNOWNHOST_KEY_ECDSA_384 (5<<18) +#define LIBSSH2_KNOWNHOST_KEY_ECDSA_521 (6<<18) +#define LIBSSH2_KNOWNHOST_KEY_ED25519 (7<<18) +#define LIBSSH2_KNOWNHOST_KEY_UNKNOWN (15<<18) + +LIBSSH2_API int +libssh2_knownhost_add(LIBSSH2_KNOWNHOSTS *hosts, + const char *host, + const char *salt, + const char *key, size_t keylen, int typemask, + struct libssh2_knownhost **store); + +/* + * libssh2_knownhost_addc() + * + * Add a host and its associated key to the collection of known hosts. + * + * Takes a comment argument that may be NULL. A NULL comment indicates + * there is no comment and the entry will end directly after the key + * when written out to a file. An empty string "" comment will indicate an + * empty comment which will cause a single space to be written after the key. + * + * The 'type' argument specifies on what format the given host and keys are: + * + * plain - ascii "hostname.domain.tld" + * sha1 - SHA1( ) base64-encoded! + * custom - another hash + * + * If 'sha1' is selected as type, the salt must be provided to the salt + * argument. This too base64 encoded. + * + * The SHA-1 hash is what OpenSSH can be told to use in known_hosts files. + * If a custom type is used, salt is ignored and you must provide the host + * pre-hashed when checking for it in the libssh2_knownhost_check() function. + * + * The keylen parameter may be omitted (zero) if the key is provided as a + * NULL-terminated base64-encoded string. + */ + +LIBSSH2_API int +libssh2_knownhost_addc(LIBSSH2_KNOWNHOSTS *hosts, + const char *host, + const char *salt, + const char *key, size_t keylen, + const char *comment, size_t commentlen, int typemask, + struct libssh2_knownhost **store); + +/* + * libssh2_knownhost_check() + * + * Check a host and its associated key against the collection of known hosts. + * + * The type is the type/format of the given host name. + * + * plain - ascii "hostname.domain.tld" + * custom - prehashed base64 encoded. Note that this cannot use any salts. + * + * + * 'knownhost' may be set to NULL if you don't care about that info. + * + * Returns: + * + * LIBSSH2_KNOWNHOST_CHECK_* values, see below + * + */ + +#define LIBSSH2_KNOWNHOST_CHECK_MATCH 0 +#define LIBSSH2_KNOWNHOST_CHECK_MISMATCH 1 +#define LIBSSH2_KNOWNHOST_CHECK_NOTFOUND 2 +#define LIBSSH2_KNOWNHOST_CHECK_FAILURE 3 + +LIBSSH2_API int +libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts, + const char *host, const char *key, size_t keylen, + int typemask, + struct libssh2_knownhost **knownhost); + +/* this function is identital to the above one, but also takes a port + argument that allows libssh2 to do a better check */ +LIBSSH2_API int +libssh2_knownhost_checkp(LIBSSH2_KNOWNHOSTS *hosts, + const char *host, int port, + const char *key, size_t keylen, + int typemask, + struct libssh2_knownhost **knownhost); + +/* + * libssh2_knownhost_del() + * + * Remove a host from the collection of known hosts. The 'entry' struct is + * retrieved by a call to libssh2_knownhost_check(). + * + */ +LIBSSH2_API int +libssh2_knownhost_del(LIBSSH2_KNOWNHOSTS *hosts, + struct libssh2_knownhost *entry); + +/* + * libssh2_knownhost_free() + * + * Free an entire collection of known hosts. + * + */ +LIBSSH2_API void +libssh2_knownhost_free(LIBSSH2_KNOWNHOSTS *hosts); + +/* + * libssh2_knownhost_readline() + * + * Pass in a line of a file of 'type'. It makes libssh2 read this line. + * + * LIBSSH2_KNOWNHOST_FILE_OPENSSH is the only supported type. + * + */ +LIBSSH2_API int +libssh2_knownhost_readline(LIBSSH2_KNOWNHOSTS *hosts, + const char *line, size_t len, int type); + +/* + * libssh2_knownhost_readfile() + * + * Add hosts+key pairs from a given file. + * + * Returns a negative value for error or number of successfully added hosts. + * + * This implementation currently only knows one 'type' (openssh), all others + * are reserved for future use. + */ + +#define LIBSSH2_KNOWNHOST_FILE_OPENSSH 1 + +LIBSSH2_API int +libssh2_knownhost_readfile(LIBSSH2_KNOWNHOSTS *hosts, + const char *filename, int type); + +/* + * libssh2_knownhost_writeline() + * + * Ask libssh2 to convert a known host to an output line for storage. + * + * Note that this function returns LIBSSH2_ERROR_BUFFER_TOO_SMALL if the given + * output buffer is too small to hold the desired output. + * + * This implementation currently only knows one 'type' (openssh), all others + * are reserved for future use. + * + */ +LIBSSH2_API int +libssh2_knownhost_writeline(LIBSSH2_KNOWNHOSTS *hosts, + struct libssh2_knownhost *known, + char *buffer, size_t buflen, + size_t *outlen, /* the amount of written data */ + int type); + +/* + * libssh2_knownhost_writefile() + * + * Write hosts+key pairs to a given file. + * + * This implementation currently only knows one 'type' (openssh), all others + * are reserved for future use. + */ + +LIBSSH2_API int +libssh2_knownhost_writefile(LIBSSH2_KNOWNHOSTS *hosts, + const char *filename, int type); + +/* + * libssh2_knownhost_get() + * + * Traverse the internal list of known hosts. Pass NULL to 'prev' to get + * the first one. Or pass a pointer to the previously returned one to get the + * next. + * + * Returns: + * 0 if a fine host was stored in 'store' + * 1 if end of hosts + * [negative] on errors + */ +LIBSSH2_API int +libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts, + struct libssh2_knownhost **store, + struct libssh2_knownhost *prev); + +#define HAVE_LIBSSH2_AGENT_API 0x010202 /* since 1.2.2 */ + +struct libssh2_agent_publickey { + unsigned int magic; /* magic stored by the library */ + void *node; /* handle to the internal representation of key */ + unsigned char *blob; /* public key blob */ + size_t blob_len; /* length of the public key blob */ + char *comment; /* comment in printable format */ +}; + +/* + * libssh2_agent_init() + * + * Init an ssh-agent handle. Returns the pointer to the handle. + * + */ +LIBSSH2_API LIBSSH2_AGENT * +libssh2_agent_init(LIBSSH2_SESSION *session); + +/* + * libssh2_agent_connect() + * + * Connect to an ssh-agent. + * + * Returns 0 if succeeded, or a negative value for error. + */ +LIBSSH2_API int +libssh2_agent_connect(LIBSSH2_AGENT *agent); + +/* + * libssh2_agent_list_identities() + * + * Request an ssh-agent to list identities. + * + * Returns 0 if succeeded, or a negative value for error. + */ +LIBSSH2_API int +libssh2_agent_list_identities(LIBSSH2_AGENT *agent); + +/* + * libssh2_agent_get_identity() + * + * Traverse the internal list of public keys. Pass NULL to 'prev' to get + * the first one. Or pass a pointer to the previously returned one to get the + * next. + * + * Returns: + * 0 if a fine public key was stored in 'store' + * 1 if end of public keys + * [negative] on errors + */ +LIBSSH2_API int +libssh2_agent_get_identity(LIBSSH2_AGENT *agent, + struct libssh2_agent_publickey **store, + struct libssh2_agent_publickey *prev); + +/* + * libssh2_agent_userauth() + * + * Do publickey user authentication with the help of ssh-agent. + * + * Returns 0 if succeeded, or a negative value for error. + */ +LIBSSH2_API int +libssh2_agent_userauth(LIBSSH2_AGENT *agent, + const char *username, + struct libssh2_agent_publickey *identity); + +/* + * libssh2_agent_sign() + * + * Sign a payload using a system-installed ssh-agent. + * + * Returns 0 if succeeded, or a negative value for error. + */ +LIBSSH2_API int +libssh2_agent_sign(LIBSSH2_AGENT *agent, + struct libssh2_agent_publickey *identity, + unsigned char **sig, + size_t *s_len, + const unsigned char *data, + size_t d_len, + const char *method, + unsigned int method_len); + +/* + * libssh2_agent_disconnect() + * + * Close a connection to an ssh-agent. + * + * Returns 0 if succeeded, or a negative value for error. + */ +LIBSSH2_API int +libssh2_agent_disconnect(LIBSSH2_AGENT *agent); + +/* + * libssh2_agent_free() + * + * Free an ssh-agent handle. This function also frees the internal + * collection of public keys. + */ +LIBSSH2_API void +libssh2_agent_free(LIBSSH2_AGENT *agent); + +/* + * libssh2_agent_set_identity_path() + * + * Allows a custom agent identity socket path beyond SSH_AUTH_SOCK env + * + */ +LIBSSH2_API void +libssh2_agent_set_identity_path(LIBSSH2_AGENT *agent, + const char *path); + +/* + * libssh2_agent_get_identity_path() + * + * Returns the custom agent identity socket path if set + * + */ +LIBSSH2_API const char * +libssh2_agent_get_identity_path(LIBSSH2_AGENT *agent); + +/* + * libssh2_keepalive_config() + * + * Set how often keepalive messages should be sent. WANT_REPLY + * indicates whether the keepalive messages should request a response + * from the server. INTERVAL is number of seconds that can pass + * without any I/O, use 0 (the default) to disable keepalives. To + * avoid some busy-loop corner-cases, if you specify an interval of 1 + * it will be treated as 2. + * + * Note that non-blocking applications are responsible for sending the + * keepalive messages using libssh2_keepalive_send(). + */ +LIBSSH2_API void libssh2_keepalive_config(LIBSSH2_SESSION *session, + int want_reply, + unsigned int interval); + +/* + * libssh2_keepalive_send() + * + * Send a keepalive message if needed. SECONDS_TO_NEXT indicates how + * many seconds you can sleep after this call before you need to call + * it again. Returns 0 on success, or LIBSSH2_ERROR_SOCKET_SEND on + * I/O errors. + */ +LIBSSH2_API int libssh2_keepalive_send(LIBSSH2_SESSION *session, + int *seconds_to_next); + +/* NOTE NOTE NOTE + libssh2_trace() has no function in builds that aren't built with debug + enabled + */ +LIBSSH2_API int libssh2_trace(LIBSSH2_SESSION *session, int bitmask); +#define LIBSSH2_TRACE_TRANS (1<<1) +#define LIBSSH2_TRACE_KEX (1<<2) +#define LIBSSH2_TRACE_AUTH (1<<3) +#define LIBSSH2_TRACE_CONN (1<<4) +#define LIBSSH2_TRACE_SCP (1<<5) +#define LIBSSH2_TRACE_SFTP (1<<6) +#define LIBSSH2_TRACE_ERROR (1<<7) +#define LIBSSH2_TRACE_PUBLICKEY (1<<8) +#define LIBSSH2_TRACE_SOCKET (1<<9) + +typedef void (*libssh2_trace_handler_func)(LIBSSH2_SESSION*, + void *, + const char *, + size_t); +LIBSSH2_API int libssh2_trace_sethandler(LIBSSH2_SESSION *session, + void *context, + libssh2_trace_handler_func callback); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* !RC_INVOKED */ + +#endif /* LIBSSH2_H */ diff --git a/includes/curl/libssh2_publickey.h b/includes/curl/libssh2_publickey.h new file mode 100644 index 0000000..566acd6 --- /dev/null +++ b/includes/curl/libssh2_publickey.h @@ -0,0 +1,128 @@ +/* Copyright (C) Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +/* Note: This include file is only needed for using the + * publickey SUBSYSTEM which is not the same as publickey + * authentication. For authentication you only need libssh2.h + * + * For more information on the publickey subsystem, + * refer to IETF draft: secsh-publickey + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef LIBSSH2_PUBLICKEY_H +#define LIBSSH2_PUBLICKEY_H 1 + +#include "libssh2.h" + +typedef struct _LIBSSH2_PUBLICKEY LIBSSH2_PUBLICKEY; + +typedef struct _libssh2_publickey_attribute { + const char *name; + unsigned long name_len; + const char *value; + unsigned long value_len; + char mandatory; +} libssh2_publickey_attribute; + +typedef struct _libssh2_publickey_list { + unsigned char *packet; /* For freeing */ + + const unsigned char *name; + unsigned long name_len; + const unsigned char *blob; + unsigned long blob_len; + unsigned long num_attrs; + libssh2_publickey_attribute *attrs; /* free me */ +} libssh2_publickey_list; + +/* Generally use the first macro here, but if both name and value are string + literals, you can use _fast() to take advantage of preprocessing */ +#define libssh2_publickey_attribute(name, value, mandatory) \ + { (name), strlen(name), (value), strlen(value), (mandatory) }, +#define libssh2_publickey_attribute_fast(name, value, mandatory) \ + { (name), sizeof(name) - 1, (value), sizeof(value) - 1, (mandatory) }, + +#ifdef __cplusplus +extern "C" { +#endif + +/* Publickey Subsystem */ +LIBSSH2_API LIBSSH2_PUBLICKEY * +libssh2_publickey_init(LIBSSH2_SESSION *session); + +LIBSSH2_API int +libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY *pkey, + const unsigned char *name, + unsigned long name_len, + const unsigned char *blob, + unsigned long blob_len, char overwrite, + unsigned long num_attrs, + const libssh2_publickey_attribute attrs[]); +#define libssh2_publickey_add(pkey, name, blob, blob_len, overwrite, \ + num_attrs, attrs) \ + libssh2_publickey_add_ex((pkey), \ + (name), strlen(name), \ + (blob), (blob_len), \ + (overwrite), (num_attrs), (attrs)) + +LIBSSH2_API int libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY *pkey, + const unsigned char *name, + unsigned long name_len, + const unsigned char *blob, + unsigned long blob_len); +#define libssh2_publickey_remove(pkey, name, blob, blob_len) \ + libssh2_publickey_remove_ex((pkey), \ + (name), strlen(name), \ + (blob), (blob_len)) + +LIBSSH2_API int +libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, + unsigned long *num_keys, + libssh2_publickey_list **pkey_list); +LIBSSH2_API void +libssh2_publickey_list_free(LIBSSH2_PUBLICKEY *pkey, + libssh2_publickey_list *pkey_list); + +LIBSSH2_API int libssh2_publickey_shutdown(LIBSSH2_PUBLICKEY *pkey); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* LIBSSH2_PUBLICKEY_H */ diff --git a/includes/curl/libssh2_sftp.h b/includes/curl/libssh2_sftp.h new file mode 100644 index 0000000..ab7b0af --- /dev/null +++ b/includes/curl/libssh2_sftp.h @@ -0,0 +1,382 @@ +/* Copyright (C) Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef LIBSSH2_SFTP_H +#define LIBSSH2_SFTP_H 1 + +#include "libssh2.h" + +#ifndef _WIN32 +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* Note: Version 6 was documented at the time of writing + * However it was marked as "DO NOT IMPLEMENT" due to pending changes + * + * Let's start with Version 3 (The version found in OpenSSH) and go from there + */ +#define LIBSSH2_SFTP_VERSION 3 + +typedef struct _LIBSSH2_SFTP LIBSSH2_SFTP; +typedef struct _LIBSSH2_SFTP_HANDLE LIBSSH2_SFTP_HANDLE; +typedef struct _LIBSSH2_SFTP_ATTRIBUTES LIBSSH2_SFTP_ATTRIBUTES; +typedef struct _LIBSSH2_SFTP_STATVFS LIBSSH2_SFTP_STATVFS; + +/* Flags for open_ex() */ +#define LIBSSH2_SFTP_OPENFILE 0 +#define LIBSSH2_SFTP_OPENDIR 1 + +/* Flags for rename_ex() */ +#define LIBSSH2_SFTP_RENAME_OVERWRITE 0x00000001 +#define LIBSSH2_SFTP_RENAME_ATOMIC 0x00000002 +#define LIBSSH2_SFTP_RENAME_NATIVE 0x00000004 + +/* Flags for stat_ex() */ +#define LIBSSH2_SFTP_STAT 0 +#define LIBSSH2_SFTP_LSTAT 1 +#define LIBSSH2_SFTP_SETSTAT 2 + +/* Flags for symlink_ex() */ +#define LIBSSH2_SFTP_SYMLINK 0 +#define LIBSSH2_SFTP_READLINK 1 +#define LIBSSH2_SFTP_REALPATH 2 + +/* Flags for sftp_mkdir() */ +#define LIBSSH2_SFTP_DEFAULT_MODE -1 + +/* SFTP attribute flag bits */ +#define LIBSSH2_SFTP_ATTR_SIZE 0x00000001 +#define LIBSSH2_SFTP_ATTR_UIDGID 0x00000002 +#define LIBSSH2_SFTP_ATTR_PERMISSIONS 0x00000004 +#define LIBSSH2_SFTP_ATTR_ACMODTIME 0x00000008 +#define LIBSSH2_SFTP_ATTR_EXTENDED 0x80000000 + +/* SFTP statvfs flag bits */ +#define LIBSSH2_SFTP_ST_RDONLY 0x00000001 +#define LIBSSH2_SFTP_ST_NOSUID 0x00000002 + +struct _LIBSSH2_SFTP_ATTRIBUTES { + /* If flags & ATTR_* bit is set, then the value in this struct will be + * meaningful Otherwise it should be ignored + */ + unsigned long flags; + + libssh2_uint64_t filesize; + unsigned long uid, gid; + unsigned long permissions; + unsigned long atime, mtime; +}; + +struct _LIBSSH2_SFTP_STATVFS { + libssh2_uint64_t f_bsize; /* file system block size */ + libssh2_uint64_t f_frsize; /* fragment size */ + libssh2_uint64_t f_blocks; /* size of fs in f_frsize units */ + libssh2_uint64_t f_bfree; /* # free blocks */ + libssh2_uint64_t f_bavail; /* # free blocks for non-root */ + libssh2_uint64_t f_files; /* # inodes */ + libssh2_uint64_t f_ffree; /* # free inodes */ + libssh2_uint64_t f_favail; /* # free inodes for non-root */ + libssh2_uint64_t f_fsid; /* file system ID */ + libssh2_uint64_t f_flag; /* mount flags */ + libssh2_uint64_t f_namemax; /* maximum filename length */ +}; + +/* SFTP filetypes */ +#define LIBSSH2_SFTP_TYPE_REGULAR 1 +#define LIBSSH2_SFTP_TYPE_DIRECTORY 2 +#define LIBSSH2_SFTP_TYPE_SYMLINK 3 +#define LIBSSH2_SFTP_TYPE_SPECIAL 4 +#define LIBSSH2_SFTP_TYPE_UNKNOWN 5 +#define LIBSSH2_SFTP_TYPE_SOCKET 6 +#define LIBSSH2_SFTP_TYPE_CHAR_DEVICE 7 +#define LIBSSH2_SFTP_TYPE_BLOCK_DEVICE 8 +#define LIBSSH2_SFTP_TYPE_FIFO 9 + +/* + * Reproduce the POSIX file modes here for systems that are not POSIX + * compliant. + * + * These is used in "permissions" of "struct _LIBSSH2_SFTP_ATTRIBUTES" + */ +/* File type */ +#define LIBSSH2_SFTP_S_IFMT 0170000 /* type of file mask */ +#define LIBSSH2_SFTP_S_IFIFO 0010000 /* named pipe (fifo) */ +#define LIBSSH2_SFTP_S_IFCHR 0020000 /* character special */ +#define LIBSSH2_SFTP_S_IFDIR 0040000 /* directory */ +#define LIBSSH2_SFTP_S_IFBLK 0060000 /* block special */ +#define LIBSSH2_SFTP_S_IFREG 0100000 /* regular */ +#define LIBSSH2_SFTP_S_IFLNK 0120000 /* symbolic link */ +#define LIBSSH2_SFTP_S_IFSOCK 0140000 /* socket */ + +/* File mode */ +/* Read, write, execute/search by owner */ +#define LIBSSH2_SFTP_S_IRWXU 0000700 /* RWX mask for owner */ +#define LIBSSH2_SFTP_S_IRUSR 0000400 /* R for owner */ +#define LIBSSH2_SFTP_S_IWUSR 0000200 /* W for owner */ +#define LIBSSH2_SFTP_S_IXUSR 0000100 /* X for owner */ +/* Read, write, execute/search by group */ +#define LIBSSH2_SFTP_S_IRWXG 0000070 /* RWX mask for group */ +#define LIBSSH2_SFTP_S_IRGRP 0000040 /* R for group */ +#define LIBSSH2_SFTP_S_IWGRP 0000020 /* W for group */ +#define LIBSSH2_SFTP_S_IXGRP 0000010 /* X for group */ +/* Read, write, execute/search by others */ +#define LIBSSH2_SFTP_S_IRWXO 0000007 /* RWX mask for other */ +#define LIBSSH2_SFTP_S_IROTH 0000004 /* R for other */ +#define LIBSSH2_SFTP_S_IWOTH 0000002 /* W for other */ +#define LIBSSH2_SFTP_S_IXOTH 0000001 /* X for other */ + +/* macros to check for specific file types, added in 1.2.5 */ +#define LIBSSH2_SFTP_S_ISLNK(m) \ + (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFLNK) +#define LIBSSH2_SFTP_S_ISREG(m) \ + (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFREG) +#define LIBSSH2_SFTP_S_ISDIR(m) \ + (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFDIR) +#define LIBSSH2_SFTP_S_ISCHR(m) \ + (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFCHR) +#define LIBSSH2_SFTP_S_ISBLK(m) \ + (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFBLK) +#define LIBSSH2_SFTP_S_ISFIFO(m) \ + (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFIFO) +#define LIBSSH2_SFTP_S_ISSOCK(m) \ + (((m) & LIBSSH2_SFTP_S_IFMT) == LIBSSH2_SFTP_S_IFSOCK) + +/* SFTP File Transfer Flags -- (e.g. flags parameter to sftp_open()) + * Danger will robinson... APPEND doesn't have any effect on OpenSSH servers */ +#define LIBSSH2_FXF_READ 0x00000001 +#define LIBSSH2_FXF_WRITE 0x00000002 +#define LIBSSH2_FXF_APPEND 0x00000004 +#define LIBSSH2_FXF_CREAT 0x00000008 +#define LIBSSH2_FXF_TRUNC 0x00000010 +#define LIBSSH2_FXF_EXCL 0x00000020 + +/* SFTP Status Codes (returned by libssh2_sftp_last_error() ) */ +#define LIBSSH2_FX_OK 0UL +#define LIBSSH2_FX_EOF 1UL +#define LIBSSH2_FX_NO_SUCH_FILE 2UL +#define LIBSSH2_FX_PERMISSION_DENIED 3UL +#define LIBSSH2_FX_FAILURE 4UL +#define LIBSSH2_FX_BAD_MESSAGE 5UL +#define LIBSSH2_FX_NO_CONNECTION 6UL +#define LIBSSH2_FX_CONNECTION_LOST 7UL +#define LIBSSH2_FX_OP_UNSUPPORTED 8UL +#define LIBSSH2_FX_INVALID_HANDLE 9UL +#define LIBSSH2_FX_NO_SUCH_PATH 10UL +#define LIBSSH2_FX_FILE_ALREADY_EXISTS 11UL +#define LIBSSH2_FX_WRITE_PROTECT 12UL +#define LIBSSH2_FX_NO_MEDIA 13UL +#define LIBSSH2_FX_NO_SPACE_ON_FILESYSTEM 14UL +#define LIBSSH2_FX_QUOTA_EXCEEDED 15UL +#define LIBSSH2_FX_UNKNOWN_PRINCIPLE 16UL /* Initial mis-spelling */ +#define LIBSSH2_FX_UNKNOWN_PRINCIPAL 16UL +#define LIBSSH2_FX_LOCK_CONFlICT 17UL /* Initial mis-spelling */ +#define LIBSSH2_FX_LOCK_CONFLICT 17UL +#define LIBSSH2_FX_DIR_NOT_EMPTY 18UL +#define LIBSSH2_FX_NOT_A_DIRECTORY 19UL +#define LIBSSH2_FX_INVALID_FILENAME 20UL +#define LIBSSH2_FX_LINK_LOOP 21UL + +/* Returned by any function that would block during a read/write operation */ +#define LIBSSH2SFTP_EAGAIN LIBSSH2_ERROR_EAGAIN + +/* SFTP API */ +LIBSSH2_API LIBSSH2_SFTP *libssh2_sftp_init(LIBSSH2_SESSION *session); +LIBSSH2_API int libssh2_sftp_shutdown(LIBSSH2_SFTP *sftp); +LIBSSH2_API unsigned long libssh2_sftp_last_error(LIBSSH2_SFTP *sftp); +LIBSSH2_API LIBSSH2_CHANNEL *libssh2_sftp_get_channel(LIBSSH2_SFTP *sftp); + +/* File / Directory Ops */ +LIBSSH2_API LIBSSH2_SFTP_HANDLE * +libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, + const char *filename, + unsigned int filename_len, + unsigned long flags, + long mode, int open_type); +#define libssh2_sftp_open(sftp, filename, flags, mode) \ + libssh2_sftp_open_ex((sftp), \ + (filename), (unsigned int)strlen(filename), \ + (flags), (mode), LIBSSH2_SFTP_OPENFILE) +#define libssh2_sftp_opendir(sftp, path) \ + libssh2_sftp_open_ex((sftp), \ + (path), (unsigned int)strlen(path), \ + 0, 0, LIBSSH2_SFTP_OPENDIR) +LIBSSH2_API LIBSSH2_SFTP_HANDLE * +libssh2_sftp_open_ex_r(LIBSSH2_SFTP *sftp, + const char *filename, + size_t filename_len, + unsigned long flags, + long mode, int open_type, + LIBSSH2_SFTP_ATTRIBUTES *attrs); +#define libssh2_sftp_open_r(sftp, filename, flags, mode, attrs) \ + libssh2_sftp_open_ex_r((sftp), (filename), strlen(filename), \ + (flags), (mode), LIBSSH2_SFTP_OPENFILE, \ + (attrs)) + +LIBSSH2_API ssize_t libssh2_sftp_read(LIBSSH2_SFTP_HANDLE *handle, + char *buffer, size_t buffer_maxlen); + +LIBSSH2_API int libssh2_sftp_readdir_ex(LIBSSH2_SFTP_HANDLE *handle, \ + char *buffer, size_t buffer_maxlen, + char *longentry, + size_t longentry_maxlen, + LIBSSH2_SFTP_ATTRIBUTES *attrs); +#define libssh2_sftp_readdir(handle, buffer, buffer_maxlen, attrs) \ + libssh2_sftp_readdir_ex((handle), (buffer), (buffer_maxlen), NULL, 0, \ + (attrs)) + +LIBSSH2_API ssize_t libssh2_sftp_write(LIBSSH2_SFTP_HANDLE *handle, + const char *buffer, size_t count); +LIBSSH2_API int libssh2_sftp_fsync(LIBSSH2_SFTP_HANDLE *handle); + +LIBSSH2_API int libssh2_sftp_close_handle(LIBSSH2_SFTP_HANDLE *handle); +#define libssh2_sftp_close(handle) libssh2_sftp_close_handle(handle) +#define libssh2_sftp_closedir(handle) libssh2_sftp_close_handle(handle) + +LIBSSH2_API void libssh2_sftp_seek(LIBSSH2_SFTP_HANDLE *handle, size_t offset); +LIBSSH2_API void libssh2_sftp_seek64(LIBSSH2_SFTP_HANDLE *handle, + libssh2_uint64_t offset); +#define libssh2_sftp_rewind(handle) libssh2_sftp_seek64((handle), 0) + +LIBSSH2_API size_t libssh2_sftp_tell(LIBSSH2_SFTP_HANDLE *handle); +LIBSSH2_API libssh2_uint64_t libssh2_sftp_tell64(LIBSSH2_SFTP_HANDLE *handle); + +LIBSSH2_API int libssh2_sftp_fstat_ex(LIBSSH2_SFTP_HANDLE *handle, + LIBSSH2_SFTP_ATTRIBUTES *attrs, + int setstat); +#define libssh2_sftp_fstat(handle, attrs) \ + libssh2_sftp_fstat_ex((handle), (attrs), 0) +#define libssh2_sftp_fsetstat(handle, attrs) \ + libssh2_sftp_fstat_ex((handle), (attrs), 1) + +/* Miscellaneous Ops */ +LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp, + const char *source_filename, + unsigned int srouce_filename_len, + const char *dest_filename, + unsigned int dest_filename_len, + long flags); +#define libssh2_sftp_rename(sftp, sourcefile, destfile) \ + libssh2_sftp_rename_ex((sftp), \ + (sourcefile), (unsigned int)strlen(sourcefile), \ + (destfile), (unsigned int)strlen(destfile), \ + LIBSSH2_SFTP_RENAME_OVERWRITE | \ + LIBSSH2_SFTP_RENAME_ATOMIC | \ + LIBSSH2_SFTP_RENAME_NATIVE) + +LIBSSH2_API int libssh2_sftp_posix_rename_ex(LIBSSH2_SFTP *sftp, + const char *source_filename, + size_t srouce_filename_len, + const char *dest_filename, + size_t dest_filename_len); +#define libssh2_sftp_posix_rename(sftp, sourcefile, destfile) \ + libssh2_sftp_posix_rename_ex((sftp), (sourcefile), strlen(sourcefile), \ + (destfile), strlen(destfile)) + +LIBSSH2_API int libssh2_sftp_unlink_ex(LIBSSH2_SFTP *sftp, + const char *filename, + unsigned int filename_len); +#define libssh2_sftp_unlink(sftp, filename) \ + libssh2_sftp_unlink_ex((sftp), (filename), (unsigned int)strlen(filename)) + +LIBSSH2_API int libssh2_sftp_fstatvfs(LIBSSH2_SFTP_HANDLE *handle, + LIBSSH2_SFTP_STATVFS *st); + +LIBSSH2_API int libssh2_sftp_statvfs(LIBSSH2_SFTP *sftp, + const char *path, + size_t path_len, + LIBSSH2_SFTP_STATVFS *st); + +LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, + const char *path, + unsigned int path_len, long mode); +#define libssh2_sftp_mkdir(sftp, path, mode) \ + libssh2_sftp_mkdir_ex((sftp), (path), (unsigned int)strlen(path), (mode)) + +LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, + const char *path, + unsigned int path_len); +#define libssh2_sftp_rmdir(sftp, path) \ + libssh2_sftp_rmdir_ex((sftp), (path), (unsigned int)strlen(path)) + +LIBSSH2_API int libssh2_sftp_stat_ex(LIBSSH2_SFTP *sftp, + const char *path, + unsigned int path_len, + int stat_type, + LIBSSH2_SFTP_ATTRIBUTES *attrs); +#define libssh2_sftp_stat(sftp, path, attrs) \ + libssh2_sftp_stat_ex((sftp), (path), (unsigned int)strlen(path), \ + LIBSSH2_SFTP_STAT, (attrs)) +#define libssh2_sftp_lstat(sftp, path, attrs) \ + libssh2_sftp_stat_ex((sftp), (path), (unsigned int)strlen(path), \ + LIBSSH2_SFTP_LSTAT, (attrs)) +#define libssh2_sftp_setstat(sftp, path, attrs) \ + libssh2_sftp_stat_ex((sftp), (path), (unsigned int)strlen(path), \ + LIBSSH2_SFTP_SETSTAT, (attrs)) + +LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, + const char *path, + unsigned int path_len, + char *target, + unsigned int target_len, + int link_type); +#define libssh2_sftp_symlink(sftp, orig, linkpath) \ + libssh2_sftp_symlink_ex((sftp), \ + (orig), (unsigned int)strlen(orig), \ + (linkpath), (unsigned int)strlen(linkpath), \ + LIBSSH2_SFTP_SYMLINK) +#define libssh2_sftp_readlink(sftp, path, target, maxlen) \ + libssh2_sftp_symlink_ex((sftp), \ + (path), (unsigned int)strlen(path), \ + (target), (maxlen), \ + LIBSSH2_SFTP_READLINK) +#define libssh2_sftp_realpath(sftp, path, target, maxlen) \ + libssh2_sftp_symlink_ex((sftp), \ + (path), (unsigned int)strlen(path), \ + (target), (maxlen), \ + LIBSSH2_SFTP_REALPATH) + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* LIBSSH2_SFTP_H */ diff --git a/includes/curl/nghttp2/nghttp2.h b/includes/curl/nghttp2/nghttp2.h new file mode 100644 index 0000000..3d91af5 --- /dev/null +++ b/includes/curl/nghttp2/nghttp2.h @@ -0,0 +1,6838 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2013, 2014 Tatsuhiro Tsujikawa + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGHTTP2_H +#define NGHTTP2_H + +/* Define WIN32 when build target is Win32 API (borrowed from + libcurl) */ +#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) +# define WIN32 +#endif + +/* Compatibility for non-Clang compilers */ +#ifndef __has_declspec_attribute +# define __has_declspec_attribute(x) 0 +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#if defined(_MSC_VER) && (_MSC_VER < 1800) +/* MSVC < 2013 does not have inttypes.h because it is not C99 + compliant. See compiler macros and version number in + https://sourceforge.net/p/predef/wiki/Compilers/ */ +# include +#else /* !defined(_MSC_VER) || (_MSC_VER >= 1800) */ +# include +#endif /* !defined(_MSC_VER) || (_MSC_VER >= 1800) */ +#include +#include +#include + +#include + +#ifdef NGHTTP2_STATICLIB +# define NGHTTP2_EXTERN +#elif defined(WIN32) || \ + (__has_declspec_attribute(dllexport) && __has_declspec_attribute(dllimport)) +# ifdef BUILDING_NGHTTP2 +# define NGHTTP2_EXTERN __declspec(dllexport) +# else /* !BUILDING_NGHTTP2 */ +# define NGHTTP2_EXTERN __declspec(dllimport) +# endif /* !BUILDING_NGHTTP2 */ +#else /* !defined(WIN32) */ +# ifdef BUILDING_NGHTTP2 +# define NGHTTP2_EXTERN __attribute__((visibility("default"))) +# else /* !BUILDING_NGHTTP2 */ +# define NGHTTP2_EXTERN +# endif /* !BUILDING_NGHTTP2 */ +#endif /* !defined(WIN32) */ + +#ifdef BUILDING_NGHTTP2 +# undef NGHTTP2_NO_SSIZE_T +#endif /* BUILDING_NGHTTP2 */ + +/** + * @typedef + * + * :type:`nghttp2_ssize` is a signed counterpart of size_t. + */ +typedef ptrdiff_t nghttp2_ssize; + +/** + * @macro + * + * The protocol version identification string of this library + * supports. This identifier is used if HTTP/2 is used over TLS. + */ +#define NGHTTP2_PROTO_VERSION_ID "h2" +/** + * @macro + * + * The length of :macro:`NGHTTP2_PROTO_VERSION_ID`. + */ +#define NGHTTP2_PROTO_VERSION_ID_LEN 2 + +/** + * @macro + * + * The serialized form of ALPN protocol identifier this library + * supports. Notice that first byte is the length of following + * protocol identifier. This is the same wire format of `TLS ALPN + * extension `_. This is useful + * to process incoming ALPN tokens in wire format. + */ +#define NGHTTP2_PROTO_ALPN "\x2h2" + +/** + * @macro + * + * The length of :macro:`NGHTTP2_PROTO_ALPN`. + */ +#define NGHTTP2_PROTO_ALPN_LEN (sizeof(NGHTTP2_PROTO_ALPN) - 1) + +/** + * @macro + * + * The protocol version identification string of this library + * supports. This identifier is used if HTTP/2 is used over cleartext + * TCP. + */ +#define NGHTTP2_CLEARTEXT_PROTO_VERSION_ID "h2c" + +/** + * @macro + * + * The length of :macro:`NGHTTP2_CLEARTEXT_PROTO_VERSION_ID`. + */ +#define NGHTTP2_CLEARTEXT_PROTO_VERSION_ID_LEN 3 + +struct nghttp2_session; +/** + * @struct + * + * The primary structure to hold the resources needed for a HTTP/2 + * session. The details of this structure are intentionally hidden + * from the public API. + */ +typedef struct nghttp2_session nghttp2_session; + +/** + * @macro + * + * The age of :type:`nghttp2_info` + */ +#define NGHTTP2_VERSION_AGE 1 + +/** + * @struct + * + * This struct is what `nghttp2_version()` returns. It holds + * information about the particular nghttp2 version. + */ +typedef struct { + /** + * Age of this struct. This instance of nghttp2 sets it to + * :macro:`NGHTTP2_VERSION_AGE` but a future version may bump it and + * add more struct fields at the bottom + */ + int age; + /** + * the :macro:`NGHTTP2_VERSION_NUM` number (since age ==1) + */ + int version_num; + /** + * points to the :macro:`NGHTTP2_VERSION` string (since age ==1) + */ + const char *version_str; + /** + * points to the :macro:`NGHTTP2_PROTO_VERSION_ID` string this + * instance implements (since age ==1) + */ + const char *proto_str; + /* -------- the above fields all exist when age == 1 */ +} nghttp2_info; + +/** + * @macro + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * The default weight of stream dependency. + */ +#define NGHTTP2_DEFAULT_WEIGHT 16 + +/** + * @macro + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * The maximum weight of stream dependency. + */ +#define NGHTTP2_MAX_WEIGHT 256 + +/** + * @macro + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * The minimum weight of stream dependency. + */ +#define NGHTTP2_MIN_WEIGHT 1 + +/** + * @macro + * + * The maximum window size + */ +#define NGHTTP2_MAX_WINDOW_SIZE ((int32_t)((1U << 31) - 1)) + +/** + * @macro + * + * The initial window size for stream level flow control. + */ +#define NGHTTP2_INITIAL_WINDOW_SIZE ((1 << 16) - 1) +/** + * @macro + * + * The initial window size for connection level flow control. + */ +#define NGHTTP2_INITIAL_CONNECTION_WINDOW_SIZE ((1 << 16) - 1) + +/** + * @macro + * + * The default header table size. + */ +#define NGHTTP2_DEFAULT_HEADER_TABLE_SIZE (1 << 12) + +/** + * @macro + * + * The client magic string, which is the first 24 bytes byte string of + * client connection preface. + */ +#define NGHTTP2_CLIENT_MAGIC "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n" + +/** + * @macro + * + * The length of :macro:`NGHTTP2_CLIENT_MAGIC`. + */ +#define NGHTTP2_CLIENT_MAGIC_LEN 24 + +/** + * @macro + * + * The default max number of settings per SETTINGS frame + */ +#define NGHTTP2_DEFAULT_MAX_SETTINGS 32 + +/** + * @enum + * + * Error codes used in this library. The code range is [-999, -500], + * inclusive. The following values are defined: + */ +typedef enum { + /** + * Invalid argument passed. + */ + NGHTTP2_ERR_INVALID_ARGUMENT = -501, + /** + * Out of buffer space. + */ + NGHTTP2_ERR_BUFFER_ERROR = -502, + /** + * The specified protocol version is not supported. + */ + NGHTTP2_ERR_UNSUPPORTED_VERSION = -503, + /** + * Used as a return value from :type:`nghttp2_send_callback2`, + * :type:`nghttp2_recv_callback` and + * :type:`nghttp2_send_data_callback` to indicate that the operation + * would block. + */ + NGHTTP2_ERR_WOULDBLOCK = -504, + /** + * General protocol error + */ + NGHTTP2_ERR_PROTO = -505, + /** + * The frame is invalid. + */ + NGHTTP2_ERR_INVALID_FRAME = -506, + /** + * The peer performed a shutdown on the connection. + */ + NGHTTP2_ERR_EOF = -507, + /** + * Used as a return value from + * :func:`nghttp2_data_source_read_callback2` to indicate that data + * transfer is postponed. See + * :func:`nghttp2_data_source_read_callback2` for details. + */ + NGHTTP2_ERR_DEFERRED = -508, + /** + * Stream ID has reached the maximum value. Therefore no stream ID + * is available. + */ + NGHTTP2_ERR_STREAM_ID_NOT_AVAILABLE = -509, + /** + * The stream is already closed; or the stream ID is invalid. + */ + NGHTTP2_ERR_STREAM_CLOSED = -510, + /** + * RST_STREAM has been added to the outbound queue. The stream is + * in closing state. + */ + NGHTTP2_ERR_STREAM_CLOSING = -511, + /** + * The transmission is not allowed for this stream (e.g., a frame + * with END_STREAM flag set has already sent). + */ + NGHTTP2_ERR_STREAM_SHUT_WR = -512, + /** + * The stream ID is invalid. + */ + NGHTTP2_ERR_INVALID_STREAM_ID = -513, + /** + * The state of the stream is not valid (e.g., DATA cannot be sent + * to the stream if response HEADERS has not been sent). + */ + NGHTTP2_ERR_INVALID_STREAM_STATE = -514, + /** + * Another DATA frame has already been deferred. + */ + NGHTTP2_ERR_DEFERRED_DATA_EXIST = -515, + /** + * Starting new stream is not allowed (e.g., GOAWAY has been sent + * and/or received). + */ + NGHTTP2_ERR_START_STREAM_NOT_ALLOWED = -516, + /** + * GOAWAY has already been sent. + */ + NGHTTP2_ERR_GOAWAY_ALREADY_SENT = -517, + /** + * The received frame contains the invalid header block (e.g., There + * are duplicate header names; or the header names are not encoded + * in US-ASCII character set and not lower cased; or the header name + * is zero-length string; or the header value contains multiple + * in-sequence NUL bytes). + */ + NGHTTP2_ERR_INVALID_HEADER_BLOCK = -518, + /** + * Indicates that the context is not suitable to perform the + * requested operation. + */ + NGHTTP2_ERR_INVALID_STATE = -519, + /** + * The user callback function failed due to the temporal error. + */ + NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE = -521, + /** + * The length of the frame is invalid, either too large or too small. + */ + NGHTTP2_ERR_FRAME_SIZE_ERROR = -522, + /** + * Header block inflate/deflate error. + */ + NGHTTP2_ERR_HEADER_COMP = -523, + /** + * Flow control error + */ + NGHTTP2_ERR_FLOW_CONTROL = -524, + /** + * Insufficient buffer size given to function. + */ + NGHTTP2_ERR_INSUFF_BUFSIZE = -525, + /** + * Callback was paused by the application + */ + NGHTTP2_ERR_PAUSE = -526, + /** + * There are too many in-flight SETTING frame and no more + * transmission of SETTINGS is allowed. + */ + NGHTTP2_ERR_TOO_MANY_INFLIGHT_SETTINGS = -527, + /** + * The server push is disabled. + */ + NGHTTP2_ERR_PUSH_DISABLED = -528, + /** + * DATA or HEADERS frame for a given stream has been already + * submitted and has not been fully processed yet. Application + * should wait for the transmission of the previously submitted + * frame before submitting another. + */ + NGHTTP2_ERR_DATA_EXIST = -529, + /** + * The current session is closing due to a connection error or + * `nghttp2_session_terminate_session()` is called. + */ + NGHTTP2_ERR_SESSION_CLOSING = -530, + /** + * Invalid HTTP header field was received and stream is going to be + * closed. + */ + NGHTTP2_ERR_HTTP_HEADER = -531, + /** + * Violation in HTTP messaging rule. + */ + NGHTTP2_ERR_HTTP_MESSAGING = -532, + /** + * Stream was refused. + */ + NGHTTP2_ERR_REFUSED_STREAM = -533, + /** + * Unexpected internal error, but recovered. + */ + NGHTTP2_ERR_INTERNAL = -534, + /** + * Indicates that a processing was canceled. + */ + NGHTTP2_ERR_CANCEL = -535, + /** + * When a local endpoint expects to receive SETTINGS frame, it + * receives an other type of frame. + */ + NGHTTP2_ERR_SETTINGS_EXPECTED = -536, + /** + * When a local endpoint receives too many settings entries + * in a single SETTINGS frame. + */ + NGHTTP2_ERR_TOO_MANY_SETTINGS = -537, + /** + * The errors < :enum:`nghttp2_error.NGHTTP2_ERR_FATAL` mean that + * the library is under unexpected condition and processing was + * terminated (e.g., out of memory). If application receives this + * error code, it must stop using that :type:`nghttp2_session` + * object and only allowed operation for that object is deallocate + * it using `nghttp2_session_del()`. + */ + NGHTTP2_ERR_FATAL = -900, + /** + * Out of memory. This is a fatal error. + */ + NGHTTP2_ERR_NOMEM = -901, + /** + * The user callback function failed. This is a fatal error. + */ + NGHTTP2_ERR_CALLBACK_FAILURE = -902, + /** + * Invalid client magic (see :macro:`NGHTTP2_CLIENT_MAGIC`) was + * received and further processing is not possible. + */ + NGHTTP2_ERR_BAD_CLIENT_MAGIC = -903, + /** + * Possible flooding by peer was detected in this HTTP/2 session. + * Flooding is measured by how many PING and SETTINGS frames with + * ACK flag set are queued for transmission. These frames are + * response for the peer initiated frames, and peer can cause memory + * exhaustion on server side to send these frames forever and does + * not read network. + */ + NGHTTP2_ERR_FLOODED = -904, + /** + * When a local endpoint receives too many CONTINUATION frames + * following a HEADER frame. + */ + NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905, +} nghttp2_error; + +/** + * @struct + * + * The object representing single contiguous buffer. + */ +typedef struct { + /** + * The pointer to the buffer. + */ + uint8_t *base; + /** + * The length of the buffer. + */ + size_t len; +} nghttp2_vec; + +struct nghttp2_rcbuf; + +/** + * @struct + * + * The object representing reference counted buffer. The details of + * this structure are intentionally hidden from the public API. + */ +typedef struct nghttp2_rcbuf nghttp2_rcbuf; + +/** + * @function + * + * Increments the reference count of |rcbuf| by 1. + */ +NGHTTP2_EXTERN void nghttp2_rcbuf_incref(nghttp2_rcbuf *rcbuf); + +/** + * @function + * + * Decrements the reference count of |rcbuf| by 1. If the reference + * count becomes zero, the object pointed by |rcbuf| will be freed. + * In this case, application must not use |rcbuf| again. + */ +NGHTTP2_EXTERN void nghttp2_rcbuf_decref(nghttp2_rcbuf *rcbuf); + +/** + * @function + * + * Returns the underlying buffer managed by |rcbuf|. + */ +NGHTTP2_EXTERN nghttp2_vec nghttp2_rcbuf_get_buf(nghttp2_rcbuf *rcbuf); + +/** + * @function + * + * Returns nonzero if the underlying buffer is statically allocated, + * and 0 otherwise. This can be useful for language bindings that wish + * to avoid creating duplicate strings for these buffers. + */ +NGHTTP2_EXTERN int nghttp2_rcbuf_is_static(const nghttp2_rcbuf *rcbuf); + +/** + * @enum + * + * The flags for header field name/value pair. + */ +typedef enum { + /** + * No flag set. + */ + NGHTTP2_NV_FLAG_NONE = 0, + /** + * Indicates that this name/value pair must not be indexed ("Literal + * Header Field never Indexed" representation must be used in HPACK + * encoding). Other implementation calls this bit as "sensitive". + */ + NGHTTP2_NV_FLAG_NO_INDEX = 0x01, + /** + * This flag is set solely by application. If this flag is set, the + * library does not make a copy of header field name. This could + * improve performance. + */ + NGHTTP2_NV_FLAG_NO_COPY_NAME = 0x02, + /** + * This flag is set solely by application. If this flag is set, the + * library does not make a copy of header field value. This could + * improve performance. + */ + NGHTTP2_NV_FLAG_NO_COPY_VALUE = 0x04 +} nghttp2_nv_flag; + +/** + * @struct + * + * The name/value pair, which mainly used to represent header fields. + */ +typedef struct { + /** + * The |name| byte string. If this struct is presented from library + * (e.g., :type:`nghttp2_on_frame_recv_callback`), |name| is + * guaranteed to be NULL-terminated. For some callbacks + * (:type:`nghttp2_before_frame_send_callback`, + * :type:`nghttp2_on_frame_send_callback`, and + * :type:`nghttp2_on_frame_not_send_callback`), it may not be + * NULL-terminated if header field is passed from application with + * the flag :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`). + * When application is constructing this struct, |name| is not + * required to be NULL-terminated. + */ + uint8_t *name; + /** + * The |value| byte string. If this struct is presented from + * library (e.g., :type:`nghttp2_on_frame_recv_callback`), |value| + * is guaranteed to be NULL-terminated. For some callbacks + * (:type:`nghttp2_before_frame_send_callback`, + * :type:`nghttp2_on_frame_send_callback`, and + * :type:`nghttp2_on_frame_not_send_callback`), it may not be + * NULL-terminated if header field is passed from application with + * the flag :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE`). + * When application is constructing this struct, |value| is not + * required to be NULL-terminated. + */ + uint8_t *value; + /** + * The length of the |name|, excluding terminating NULL. + */ + size_t namelen; + /** + * The length of the |value|, excluding terminating NULL. + */ + size_t valuelen; + /** + * Bitwise OR of one or more of :type:`nghttp2_nv_flag`. + */ + uint8_t flags; +} nghttp2_nv; + +/** + * @enum + * + * The frame types in HTTP/2 specification. + */ +typedef enum { + /** + * The DATA frame. + */ + NGHTTP2_DATA = 0, + /** + * The HEADERS frame. + */ + NGHTTP2_HEADERS = 0x01, + /** + * The PRIORITY frame. + */ + NGHTTP2_PRIORITY = 0x02, + /** + * The RST_STREAM frame. + */ + NGHTTP2_RST_STREAM = 0x03, + /** + * The SETTINGS frame. + */ + NGHTTP2_SETTINGS = 0x04, + /** + * The PUSH_PROMISE frame. + */ + NGHTTP2_PUSH_PROMISE = 0x05, + /** + * The PING frame. + */ + NGHTTP2_PING = 0x06, + /** + * The GOAWAY frame. + */ + NGHTTP2_GOAWAY = 0x07, + /** + * The WINDOW_UPDATE frame. + */ + NGHTTP2_WINDOW_UPDATE = 0x08, + /** + * The CONTINUATION frame. This frame type won't be passed to any + * callbacks because the library processes this frame type and its + * preceding HEADERS/PUSH_PROMISE as a single frame. + */ + NGHTTP2_CONTINUATION = 0x09, + /** + * The ALTSVC frame, which is defined in `RFC 7383 + * `_. + */ + NGHTTP2_ALTSVC = 0x0a, + /** + * The ORIGIN frame, which is defined by `RFC 8336 + * `_. + */ + NGHTTP2_ORIGIN = 0x0c, + /** + * The PRIORITY_UPDATE frame, which is defined by :rfc:`9218`. + */ + NGHTTP2_PRIORITY_UPDATE = 0x10 +} nghttp2_frame_type; + +/** + * @enum + * + * The flags for HTTP/2 frames. This enum defines all flags for all + * frames. + */ +typedef enum { + /** + * No flag set. + */ + NGHTTP2_FLAG_NONE = 0, + /** + * The END_STREAM flag. + */ + NGHTTP2_FLAG_END_STREAM = 0x01, + /** + * The END_HEADERS flag. + */ + NGHTTP2_FLAG_END_HEADERS = 0x04, + /** + * The ACK flag. + */ + NGHTTP2_FLAG_ACK = 0x01, + /** + * The PADDED flag. + */ + NGHTTP2_FLAG_PADDED = 0x08, + /** + * The PRIORITY flag. + */ + NGHTTP2_FLAG_PRIORITY = 0x20 +} nghttp2_flag; + +/** + * @enum + * The SETTINGS ID. + */ +typedef enum { + /** + * SETTINGS_HEADER_TABLE_SIZE + */ + NGHTTP2_SETTINGS_HEADER_TABLE_SIZE = 0x01, + /** + * SETTINGS_ENABLE_PUSH + */ + NGHTTP2_SETTINGS_ENABLE_PUSH = 0x02, + /** + * SETTINGS_MAX_CONCURRENT_STREAMS + */ + NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS = 0x03, + /** + * SETTINGS_INITIAL_WINDOW_SIZE + */ + NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE = 0x04, + /** + * SETTINGS_MAX_FRAME_SIZE + */ + NGHTTP2_SETTINGS_MAX_FRAME_SIZE = 0x05, + /** + * SETTINGS_MAX_HEADER_LIST_SIZE + */ + NGHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE = 0x06, + /** + * SETTINGS_ENABLE_CONNECT_PROTOCOL + * (`RFC 8441 `_) + */ + NGHTTP2_SETTINGS_ENABLE_CONNECT_PROTOCOL = 0x08, + /** + * SETTINGS_NO_RFC7540_PRIORITIES (:rfc:`9218`) + */ + NGHTTP2_SETTINGS_NO_RFC7540_PRIORITIES = 0x09 +} nghttp2_settings_id; +/* Note: If we add SETTINGS, update the capacity of + NGHTTP2_INBOUND_NUM_IV as well */ + +/** + * @macro + * + * .. warning:: + * + * Deprecated. The initial max concurrent streams is 0xffffffffu. + * + * Default maximum number of incoming concurrent streams. Use + * `nghttp2_submit_settings()` with + * :enum:`nghttp2_settings_id.NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS` + * to change the maximum number of incoming concurrent streams. + * + * .. note:: + * + * The maximum number of outgoing concurrent streams is 100 by + * default. + */ +#define NGHTTP2_INITIAL_MAX_CONCURRENT_STREAMS ((1U << 31) - 1) + +/** + * @enum + * The status codes for the RST_STREAM and GOAWAY frames. + */ +typedef enum { + /** + * No errors. + */ + NGHTTP2_NO_ERROR = 0x00, + /** + * PROTOCOL_ERROR + */ + NGHTTP2_PROTOCOL_ERROR = 0x01, + /** + * INTERNAL_ERROR + */ + NGHTTP2_INTERNAL_ERROR = 0x02, + /** + * FLOW_CONTROL_ERROR + */ + NGHTTP2_FLOW_CONTROL_ERROR = 0x03, + /** + * SETTINGS_TIMEOUT + */ + NGHTTP2_SETTINGS_TIMEOUT = 0x04, + /** + * STREAM_CLOSED + */ + NGHTTP2_STREAM_CLOSED = 0x05, + /** + * FRAME_SIZE_ERROR + */ + NGHTTP2_FRAME_SIZE_ERROR = 0x06, + /** + * REFUSED_STREAM + */ + NGHTTP2_REFUSED_STREAM = 0x07, + /** + * CANCEL + */ + NGHTTP2_CANCEL = 0x08, + /** + * COMPRESSION_ERROR + */ + NGHTTP2_COMPRESSION_ERROR = 0x09, + /** + * CONNECT_ERROR + */ + NGHTTP2_CONNECT_ERROR = 0x0a, + /** + * ENHANCE_YOUR_CALM + */ + NGHTTP2_ENHANCE_YOUR_CALM = 0x0b, + /** + * INADEQUATE_SECURITY + */ + NGHTTP2_INADEQUATE_SECURITY = 0x0c, + /** + * HTTP_1_1_REQUIRED + */ + NGHTTP2_HTTP_1_1_REQUIRED = 0x0d +} nghttp2_error_code; + +/** + * @struct + * The frame header. + */ +typedef struct { + /** + * The length field of this frame, excluding frame header. + */ + size_t length; + /** + * The stream identifier (aka, stream ID) + */ + int32_t stream_id; + /** + * The type of this frame. See `nghttp2_frame_type`. + */ + uint8_t type; + /** + * The flags. + */ + uint8_t flags; + /** + * Reserved bit in frame header. Currently, this is always set to 0 + * and application should not expect something useful in here. + */ + uint8_t reserved; +} nghttp2_frame_hd; + +/** + * @union + * + * This union represents the some kind of data source passed to + * :type:`nghttp2_data_source_read_callback2`. + */ +typedef union { + /** + * The integer field, suitable for a file descriptor. + */ + int fd; + /** + * The pointer to an arbitrary object. + */ + void *ptr; +} nghttp2_data_source; + +/** + * @enum + * + * The flags used to set in |data_flags| output parameter in + * :type:`nghttp2_data_source_read_callback2`. + */ +typedef enum { + /** + * No flag set. + */ + NGHTTP2_DATA_FLAG_NONE = 0, + /** + * Indicates EOF was sensed. + */ + NGHTTP2_DATA_FLAG_EOF = 0x01, + /** + * Indicates that END_STREAM flag must not be set even if + * NGHTTP2_DATA_FLAG_EOF is set. Usually this flag is used to send + * trailer fields with `nghttp2_submit_request2()` or + * `nghttp2_submit_response2()`. + */ + NGHTTP2_DATA_FLAG_NO_END_STREAM = 0x02, + /** + * Indicates that application will send complete DATA frame in + * :type:`nghttp2_send_data_callback`. + */ + NGHTTP2_DATA_FLAG_NO_COPY = 0x04 +} nghttp2_data_flag; + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @functypedef + * + * .. warning:: + * + * Deprecated. Use :type:`nghttp2_data_source_read_callback2` + * instead. + * + * Callback function invoked when the library wants to read data from + * the |source|. The read data is sent in the stream |stream_id|. + * The implementation of this function must read at most |length| + * bytes of data from |source| (or possibly other places) and store + * them in |buf| and return number of data stored in |buf|. If EOF is + * reached, set :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_EOF` flag + * in |*data_flags|. + * + * Sometime it is desirable to avoid copying data into |buf| and let + * application to send data directly. To achieve this, set + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_COPY` to + * |*data_flags| (and possibly other flags, just like when we do + * copy), and return the number of bytes to send without copying data + * into |buf|. The library, seeing + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_COPY`, will invoke + * :type:`nghttp2_send_data_callback`. The application must send + * complete DATA frame in that callback. + * + * If this callback is set by `nghttp2_submit_request()`, + * `nghttp2_submit_response()` or `nghttp2_submit_headers()` and + * `nghttp2_submit_data()` with flag parameter + * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM` set, and + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_EOF` flag is set to + * |*data_flags|, DATA frame will have END_STREAM flag set. Usually, + * this is expected behaviour and all are fine. One exception is send + * trailer fields. You cannot send trailer fields after sending frame + * with END_STREAM set. To avoid this problem, one can set + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_END_STREAM` along + * with :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_EOF` to signal the + * library not to set END_STREAM in DATA frame. Then application can + * use `nghttp2_submit_trailer()` to send trailer fields. + * `nghttp2_submit_trailer()` can be called inside this callback. + * + * If the application wants to postpone DATA frames (e.g., + * asynchronous I/O, or reading data blocks for long time), it is + * achieved by returning :enum:`nghttp2_error.NGHTTP2_ERR_DEFERRED` + * without reading any data in this invocation. The library removes + * DATA frame from the outgoing queue temporarily. To move back + * deferred DATA frame to outgoing queue, call + * `nghttp2_session_resume_data()`. + * + * By default, |length| is limited to 16KiB at maximum. If peer + * allows larger frames, application can enlarge transmission buffer + * size. See :type:`nghttp2_data_source_read_length_callback` for + * more details. + * + * If the application just wants to return from + * `nghttp2_session_send()` or `nghttp2_session_mem_send()` without + * sending anything, return :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE`. + * + * In case of error, there are 2 choices. Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE` will + * close the stream by issuing RST_STREAM with + * :enum:`nghttp2_error_code.NGHTTP2_INTERNAL_ERROR`. If a different + * error code is desirable, use `nghttp2_submit_rst_stream()` with a + * desired error code and then return + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. + * Returning :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` will + * signal the entire session failure. + */ +typedef ssize_t (*nghttp2_data_source_read_callback)( + nghttp2_session *session, int32_t stream_id, uint8_t *buf, size_t length, + uint32_t *data_flags, nghttp2_data_source *source, void *user_data); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @functypedef + * + * Callback function invoked when the library wants to read data from + * the |source|. The read data is sent in the stream |stream_id|. + * The implementation of this function must read at most |length| + * bytes of data from |source| (or possibly other places) and store + * them in |buf| and return number of data stored in |buf|. If EOF is + * reached, set :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_EOF` flag + * in |*data_flags|. + * + * Sometime it is desirable to avoid copying data into |buf| and let + * application to send data directly. To achieve this, set + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_COPY` to + * |*data_flags| (and possibly other flags, just like when we do + * copy), and return the number of bytes to send without copying data + * into |buf|. The library, seeing + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_COPY`, will invoke + * :type:`nghttp2_send_data_callback`. The application must send + * complete DATA frame in that callback. + * + * If this callback is set by `nghttp2_submit_request2()`, + * `nghttp2_submit_response2()` or `nghttp2_submit_headers()` and + * `nghttp2_submit_data2()` with flag parameter + * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM` set, and + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_EOF` flag is set to + * |*data_flags|, DATA frame will have END_STREAM flag set. Usually, + * this is expected behaviour and all are fine. One exception is send + * trailer fields. You cannot send trailer fields after sending frame + * with END_STREAM set. To avoid this problem, one can set + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_END_STREAM` along + * with :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_EOF` to signal the + * library not to set END_STREAM in DATA frame. Then application can + * use `nghttp2_submit_trailer()` to send trailer fields. + * `nghttp2_submit_trailer()` can be called inside this callback. + * + * If the application wants to postpone DATA frames (e.g., + * asynchronous I/O, or reading data blocks for long time), it is + * achieved by returning :enum:`nghttp2_error.NGHTTP2_ERR_DEFERRED` + * without reading any data in this invocation. The library removes + * DATA frame from the outgoing queue temporarily. To move back + * deferred DATA frame to outgoing queue, call + * `nghttp2_session_resume_data()`. + * + * By default, |length| is limited to 16KiB at maximum. If peer + * allows larger frames, application can enlarge transmission buffer + * size. See :type:`nghttp2_data_source_read_length_callback` for + * more details. + * + * If the application just wants to return from + * `nghttp2_session_send()` or `nghttp2_session_mem_send2()` without + * sending anything, return :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE`. + * + * In case of error, there are 2 choices. Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE` will + * close the stream by issuing RST_STREAM with + * :enum:`nghttp2_error_code.NGHTTP2_INTERNAL_ERROR`. If a different + * error code is desirable, use `nghttp2_submit_rst_stream()` with a + * desired error code and then return + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. + * Returning :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` will + * signal the entire session failure. + */ +typedef nghttp2_ssize (*nghttp2_data_source_read_callback2)( + nghttp2_session *session, int32_t stream_id, uint8_t *buf, size_t length, + uint32_t *data_flags, nghttp2_data_source *source, void *user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @struct + * + * .. warning:: + * + * Deprecated. Use :type:`nghttp2_data_provider2` instead. + * + * This struct represents the data source and the way to read a chunk + * of data from it. + */ +typedef struct { + /** + * The data source. + */ + nghttp2_data_source source; + /** + * The callback function to read a chunk of data from the |source|. + */ + nghttp2_data_source_read_callback read_callback; +} nghttp2_data_provider; + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @struct + * + * This struct represents the data source and the way to read a chunk + * of data from it. + */ +typedef struct { + /** + * The data source. + */ + nghttp2_data_source source; + /** + * The callback function to read a chunk of data from the |source|. + */ + nghttp2_data_source_read_callback2 read_callback; +} nghttp2_data_provider2; + +/** + * @struct + * + * The DATA frame. The received data is delivered via + * :type:`nghttp2_on_data_chunk_recv_callback`. + */ +typedef struct { + nghttp2_frame_hd hd; + /** + * The length of the padding in this frame. This includes PAD_HIGH + * and PAD_LOW. + */ + size_t padlen; +} nghttp2_data; + +/** + * @enum + * + * The category of HEADERS, which indicates the role of the frame. In + * HTTP/2 spec, request, response, push response and other arbitrary + * headers (e.g., trailer fields) are all called just HEADERS. To + * give the application the role of incoming HEADERS frame, we define + * several categories. + */ +typedef enum { + /** + * The HEADERS frame is opening new stream, which is analogous to + * SYN_STREAM in SPDY. + */ + NGHTTP2_HCAT_REQUEST = 0, + /** + * The HEADERS frame is the first response headers, which is + * analogous to SYN_REPLY in SPDY. + */ + NGHTTP2_HCAT_RESPONSE = 1, + /** + * The HEADERS frame is the first headers sent against reserved + * stream. + */ + NGHTTP2_HCAT_PUSH_RESPONSE = 2, + /** + * The HEADERS frame which does not apply for the above categories, + * which is analogous to HEADERS in SPDY. If non-final response + * (e.g., status 1xx) is used, final response HEADERS frame will be + * categorized here. + */ + NGHTTP2_HCAT_HEADERS = 3 +} nghttp2_headers_category; + +/** + * @struct + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * The structure to specify stream dependency. + */ +typedef struct { + /** + * The stream ID of the stream to depend on. Specifying 0 makes + * stream not depend any other stream. + */ + int32_t stream_id; + /** + * The weight of this dependency. + */ + int32_t weight; + /** + * nonzero means exclusive dependency + */ + uint8_t exclusive; +} nghttp2_priority_spec; + +/** + * @struct + * + * The HEADERS frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The length of the padding in this frame. This includes PAD_HIGH + * and PAD_LOW. + */ + size_t padlen; + /** + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * The priority specification + */ + nghttp2_priority_spec pri_spec; + /** + * The name/value pairs. + */ + nghttp2_nv *nva; + /** + * The number of name/value pairs in |nva|. + */ + size_t nvlen; + /** + * The category of this HEADERS frame. + */ + nghttp2_headers_category cat; +} nghttp2_headers; + +/** + * @struct + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * The PRIORITY frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The priority specification. + */ + nghttp2_priority_spec pri_spec; +} nghttp2_priority; + +/** + * @struct + * + * The RST_STREAM frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The error code. See :type:`nghttp2_error_code`. + */ + uint32_t error_code; +} nghttp2_rst_stream; + +/** + * @struct + * + * The SETTINGS ID/Value pair. It has the following members: + */ +typedef struct { + /** + * The SETTINGS ID. See :type:`nghttp2_settings_id`. + */ + int32_t settings_id; + /** + * The value of this entry. + */ + uint32_t value; +} nghttp2_settings_entry; + +/** + * @struct + * + * The SETTINGS frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The number of SETTINGS ID/Value pairs in |iv|. + */ + size_t niv; + /** + * The pointer to the array of SETTINGS ID/Value pair. + */ + nghttp2_settings_entry *iv; +} nghttp2_settings; + +/** + * @struct + * + * The PUSH_PROMISE frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The length of the padding in this frame. This includes PAD_HIGH + * and PAD_LOW. + */ + size_t padlen; + /** + * The name/value pairs. + */ + nghttp2_nv *nva; + /** + * The number of name/value pairs in |nva|. + */ + size_t nvlen; + /** + * The promised stream ID + */ + int32_t promised_stream_id; + /** + * Reserved bit. Currently this is always set to 0 and application + * should not expect something useful in here. + */ + uint8_t reserved; +} nghttp2_push_promise; + +/** + * @struct + * + * The PING frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The opaque data + */ + uint8_t opaque_data[8]; +} nghttp2_ping; + +/** + * @struct + * + * The GOAWAY frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The last stream stream ID. + */ + int32_t last_stream_id; + /** + * The error code. See :type:`nghttp2_error_code`. + */ + uint32_t error_code; + /** + * The additional debug data + */ + uint8_t *opaque_data; + /** + * The length of |opaque_data| member. + */ + size_t opaque_data_len; + /** + * Reserved bit. Currently this is always set to 0 and application + * should not expect something useful in here. + */ + uint8_t reserved; +} nghttp2_goaway; + +/** + * @struct + * + * The WINDOW_UPDATE frame. It has the following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The window size increment. + */ + int32_t window_size_increment; + /** + * Reserved bit. Currently this is always set to 0 and application + * should not expect something useful in here. + */ + uint8_t reserved; +} nghttp2_window_update; + +/** + * @struct + * + * The extension frame. It has following members: + */ +typedef struct { + /** + * The frame header. + */ + nghttp2_frame_hd hd; + /** + * The pointer to extension payload. The exact pointer type is + * determined by hd.type. + * + * Currently, no extension is supported. This is a place holder for + * the future extensions. + */ + void *payload; +} nghttp2_extension; + +/** + * @union + * + * This union includes all frames to pass them to various function + * calls as nghttp2_frame type. The CONTINUATION frame is omitted + * from here because the library deals with it internally. + */ +typedef union { + /** + * The frame header, which is convenient to inspect frame header. + */ + nghttp2_frame_hd hd; + /** + * The DATA frame. + */ + nghttp2_data data; + /** + * The HEADERS frame. + */ + nghttp2_headers headers; + /** + * The PRIORITY frame. + */ + nghttp2_priority priority; + /** + * The RST_STREAM frame. + */ + nghttp2_rst_stream rst_stream; + /** + * The SETTINGS frame. + */ + nghttp2_settings settings; + /** + * The PUSH_PROMISE frame. + */ + nghttp2_push_promise push_promise; + /** + * The PING frame. + */ + nghttp2_ping ping; + /** + * The GOAWAY frame. + */ + nghttp2_goaway goaway; + /** + * The WINDOW_UPDATE frame. + */ + nghttp2_window_update window_update; + /** + * The extension frame. + */ + nghttp2_extension ext; +} nghttp2_frame; + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @functypedef + * + * .. warning:: + * + * Deprecated. Use :type:`nghttp2_send_callback2` instead. + * + * Callback function invoked when |session| wants to send data to the + * remote peer. The implementation of this function must send at most + * |length| bytes of data stored in |data|. The |flags| is currently + * not used and always 0. It must return the number of bytes sent if + * it succeeds. If it cannot send any single byte without blocking, + * it must return :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`. For + * other errors, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. The + * |user_data| pointer is the third argument passed in to the call to + * `nghttp2_session_client_new()` or `nghttp2_session_server_new()`. + * + * This callback is required if the application uses + * `nghttp2_session_send()` to send data to the remote endpoint. If + * the application uses solely `nghttp2_session_mem_send()` instead, + * this callback function is unnecessary. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_send_callback()`. + * + * .. note:: + * + * The |length| may be very small. If that is the case, and + * application disables Nagle algorithm (``TCP_NODELAY``), then just + * writing |data| to the network stack leads to very small packet, + * and it is very inefficient. An application should be responsible + * to buffer up small chunks of data as necessary to avoid this + * situation. + */ +typedef ssize_t (*nghttp2_send_callback)(nghttp2_session *session, + const uint8_t *data, size_t length, + int flags, void *user_data); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @functypedef + * + * Callback function invoked when |session| wants to send data to the + * remote peer. The implementation of this function must send at most + * |length| bytes of data stored in |data|. The |flags| is currently + * not used and always 0. It must return the number of bytes sent if + * it succeeds. If it cannot send any single byte without blocking, + * it must return :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`. For + * other errors, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. The + * |user_data| pointer is the third argument passed in to the call to + * `nghttp2_session_client_new()` or `nghttp2_session_server_new()`. + * + * This callback is required if the application uses + * `nghttp2_session_send()` to send data to the remote endpoint. If + * the application uses solely `nghttp2_session_mem_send2()` instead, + * this callback function is unnecessary. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_send_callback2()`. + * + * .. note:: + * + * The |length| may be very small. If that is the case, and + * application disables Nagle algorithm (``TCP_NODELAY``), then just + * writing |data| to the network stack leads to very small packet, + * and it is very inefficient. An application should be responsible + * to buffer up small chunks of data as necessary to avoid this + * situation. + */ +typedef nghttp2_ssize (*nghttp2_send_callback2)(nghttp2_session *session, + const uint8_t *data, + size_t length, int flags, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_COPY` is used in + * :type:`nghttp2_data_source_read_callback` to send complete DATA + * frame. + * + * The |frame| is a DATA frame to send. The |framehd| is the + * serialized frame header (9 bytes). The |length| is the length of + * application data to send (this does not include padding). The + * |source| is the same pointer passed to + * :type:`nghttp2_data_source_read_callback`. + * + * The application first must send frame header |framehd| of length 9 + * bytes. If ``frame->data.padlen > 0``, send 1 byte of value + * ``frame->data.padlen - 1``. Then send exactly |length| bytes of + * application data. Finally, if ``frame->data.padlen > 1``, send + * ``frame->data.padlen - 1`` bytes of zero as padding. + * + * The application has to send complete DATA frame in this callback. + * If all data were written successfully, return 0. + * + * If it cannot send any data at all, just return + * :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`; the library will call + * this callback with the same parameters later (It is recommended to + * send complete DATA frame at once in this function to deal with + * error; if partial frame data has already sent, it is impossible to + * send another data in that state, and all we can do is tear down + * connection). When data is fully processed, but application wants + * to make `nghttp2_session_mem_send2()` or `nghttp2_session_send()` + * return immediately without processing next frames, return + * :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE`. If application decided to + * reset this stream, return + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`, then + * the library will send RST_STREAM with INTERNAL_ERROR as error code. + * The application can also return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`, which will + * result in connection closure. Returning any other value is treated + * as :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` is returned. + */ +typedef int (*nghttp2_send_data_callback)(nghttp2_session *session, + nghttp2_frame *frame, + const uint8_t *framehd, size_t length, + nghttp2_data_source *source, + void *user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @functypedef + * + * .. warning:: + * + * Deprecated. Use :type:`nghttp2_recv_callback2` instead. + * + * Callback function invoked when |session| wants to receive data from + * the remote peer. The implementation of this function must read at + * most |length| bytes of data and store it in |buf|. The |flags| is + * currently not used and always 0. It must return the number of + * bytes written in |buf| if it succeeds. If it cannot read any + * single byte without blocking, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`. If it gets EOF + * before it reads any single byte, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_EOF`. For other errors, it must + * return :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * Returning 0 is treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`. The |user_data| + * pointer is the third argument passed in to the call to + * `nghttp2_session_client_new()` or `nghttp2_session_server_new()`. + * + * This callback is required if the application uses + * `nghttp2_session_recv()` to receive data from the remote endpoint. + * If the application uses solely `nghttp2_session_mem_recv()` + * instead, this callback function is unnecessary. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_recv_callback()`. + */ +typedef ssize_t (*nghttp2_recv_callback)(nghttp2_session *session, uint8_t *buf, + size_t length, int flags, + void *user_data); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @functypedef + * + * Callback function invoked when |session| wants to receive data from + * the remote peer. The implementation of this function must read at + * most |length| bytes of data and store it in |buf|. The |flags| is + * currently not used and always 0. It must return the number of + * bytes written in |buf| if it succeeds. If it cannot read any + * single byte without blocking, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`. If it gets EOF + * before it reads any single byte, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_EOF`. For other errors, it must + * return :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * Returning 0 is treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`. The |user_data| + * pointer is the third argument passed in to the call to + * `nghttp2_session_client_new()` or `nghttp2_session_server_new()`. + * + * This callback is required if the application uses + * `nghttp2_session_recv()` to receive data from the remote endpoint. + * If the application uses solely `nghttp2_session_mem_recv2()` + * instead, this callback function is unnecessary. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_recv_callback2()`. + */ +typedef nghttp2_ssize (*nghttp2_recv_callback2)(nghttp2_session *session, + uint8_t *buf, size_t length, + int flags, void *user_data); + +/** + * @functypedef + * + * Callback function invoked by `nghttp2_session_recv()` and + * `nghttp2_session_mem_recv2()` when a frame is received. The + * |user_data| pointer is the third argument passed in to the call to + * `nghttp2_session_client_new()` or `nghttp2_session_server_new()`. + * + * If frame is HEADERS or PUSH_PROMISE, the ``nva`` and ``nvlen`` + * member of their data structure are always ``NULL`` and 0 + * respectively. The header name/value pairs are emitted via + * :type:`nghttp2_on_header_callback`. + * + * Only HEADERS and DATA frame can signal the end of incoming data. + * If ``frame->hd.flags & NGHTTP2_FLAG_END_STREAM`` is nonzero, the + * |frame| is the last frame from the remote peer in this stream. + * + * This callback won't be called for CONTINUATION frames. + * HEADERS/PUSH_PROMISE + CONTINUATIONs are treated as single frame. + * + * The implementation of this function must return 0 if it succeeds. + * If nonzero value is returned, it is treated as fatal error and + * `nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_frame_recv_callback()`. + */ +typedef int (*nghttp2_on_frame_recv_callback)(nghttp2_session *session, + const nghttp2_frame *frame, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked by `nghttp2_session_recv()` and + * `nghttp2_session_mem_recv2()` when an invalid non-DATA frame is + * received. The error is indicated by the |lib_error_code|, which is + * one of the values defined in :type:`nghttp2_error`. When this + * callback function is invoked, the library automatically submits + * either RST_STREAM or GOAWAY frame. The |user_data| pointer is the + * third argument passed in to the call to + * `nghttp2_session_client_new()` or `nghttp2_session_server_new()`. + * + * If frame is HEADERS or PUSH_PROMISE, the ``nva`` and ``nvlen`` + * member of their data structure are always ``NULL`` and 0 + * respectively. + * + * The implementation of this function must return 0 if it succeeds. + * If nonzero is returned, it is treated as fatal error and + * `nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_invalid_frame_recv_callback()`. + */ +typedef int (*nghttp2_on_invalid_frame_recv_callback)( + nghttp2_session *session, const nghttp2_frame *frame, int lib_error_code, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when a chunk of data in DATA frame is + * received. The |stream_id| is the stream ID this DATA frame belongs + * to. The |flags| is the flags of DATA frame which this data chunk + * is contained. ``(flags & NGHTTP2_FLAG_END_STREAM) != 0`` does not + * necessarily mean this chunk of data is the last one in the stream. + * You should use :type:`nghttp2_on_frame_recv_callback` to know all + * data frames are received. The |user_data| pointer is the third + * argument passed in to the call to `nghttp2_session_client_new()` or + * `nghttp2_session_server_new()`. + * + * If the application uses `nghttp2_session_mem_recv2()`, it can + * return :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE` to make + * `nghttp2_session_mem_recv2()` return without processing further + * input bytes. The memory by pointed by the |data| is retained until + * `nghttp2_session_mem_recv2()` or `nghttp2_session_recv()` is + * called. The application must retain the input bytes which was used + * to produce the |data| parameter, because it may refer to the memory + * region included in the input bytes. + * + * The implementation of this function must return 0 if it succeeds. + * If nonzero is returned, it is treated as fatal error, and + * `nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_data_chunk_recv_callback()`. + */ +typedef int (*nghttp2_on_data_chunk_recv_callback)(nghttp2_session *session, + uint8_t flags, + int32_t stream_id, + const uint8_t *data, + size_t len, void *user_data); + +/** + * @functypedef + * + * Callback function invoked just before the non-DATA frame |frame| is + * sent. The |user_data| pointer is the third argument passed in to + * the call to `nghttp2_session_client_new()` or + * `nghttp2_session_server_new()`. + * + * The implementation of this function must return 0 if it succeeds. + * It can also return :enum:`nghttp2_error.NGHTTP2_ERR_CANCEL` to + * cancel the transmission of the given frame. + * + * If there is a fatal error while executing this callback, the + * implementation should return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`, which makes + * `nghttp2_session_send()` and `nghttp2_session_mem_send2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * If the other value is returned, it is treated as if + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` is returned. + * But the implementation should not rely on this since the library + * may define new return value to extend its capability. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_before_frame_send_callback()`. + */ +typedef int (*nghttp2_before_frame_send_callback)(nghttp2_session *session, + const nghttp2_frame *frame, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked after the frame |frame| is sent. The + * |user_data| pointer is the third argument passed in to the call to + * `nghttp2_session_client_new()` or `nghttp2_session_server_new()`. + * + * The implementation of this function must return 0 if it succeeds. + * If nonzero is returned, it is treated as fatal error and + * `nghttp2_session_send()` and `nghttp2_session_mem_send2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_frame_send_callback()`. + */ +typedef int (*nghttp2_on_frame_send_callback)(nghttp2_session *session, + const nghttp2_frame *frame, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked after the non-DATA frame |frame| is not + * sent because of the error. The error is indicated by the + * |lib_error_code|, which is one of the values defined in + * :type:`nghttp2_error`. The |user_data| pointer is the third + * argument passed in to the call to `nghttp2_session_client_new()` or + * `nghttp2_session_server_new()`. + * + * The implementation of this function must return 0 if it succeeds. + * If nonzero is returned, it is treated as fatal error and + * `nghttp2_session_send()` and `nghttp2_session_mem_send2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * `nghttp2_session_get_stream_user_data()` can be used to get + * associated data. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_frame_not_send_callback()`. + */ +typedef int (*nghttp2_on_frame_not_send_callback)(nghttp2_session *session, + const nghttp2_frame *frame, + int lib_error_code, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when the stream |stream_id| is closed. + * The reason of closure is indicated by the |error_code|. The + * |error_code| is usually one of :enum:`nghttp2_error_code`, but that + * is not guaranteed. The stream_user_data, which was specified in + * `nghttp2_submit_request2()` or `nghttp2_submit_headers()`, is still + * available in this function. The |user_data| pointer is the third + * argument passed in to the call to `nghttp2_session_client_new()` or + * `nghttp2_session_server_new()`. + * + * This function is also called for a stream in reserved state. + * + * The implementation of this function must return 0 if it succeeds. + * If nonzero is returned, it is treated as fatal error and + * `nghttp2_session_recv()`, `nghttp2_session_mem_recv2()`, + * `nghttp2_session_send()`, and `nghttp2_session_mem_send2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_stream_close_callback()`. + */ +typedef int (*nghttp2_on_stream_close_callback)(nghttp2_session *session, + int32_t stream_id, + uint32_t error_code, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when the reception of header block in + * HEADERS or PUSH_PROMISE is started. Each header name/value pair + * will be emitted by :type:`nghttp2_on_header_callback`. + * + * The ``frame->hd.flags`` may not have + * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_HEADERS` flag set, which + * indicates that one or more CONTINUATION frames are involved. But + * the application does not need to care about that because the header + * name/value pairs are emitted transparently regardless of + * CONTINUATION frames. + * + * The server applications probably create an object to store + * information about new stream if ``frame->hd.type == + * NGHTTP2_HEADERS`` and ``frame->headers.cat == + * NGHTTP2_HCAT_REQUEST``. If |session| is configured as server side, + * ``frame->headers.cat`` is either ``NGHTTP2_HCAT_REQUEST`` + * containing request headers or ``NGHTTP2_HCAT_HEADERS`` containing + * trailer fields and never get PUSH_PROMISE in this callback. + * + * For the client applications, ``frame->hd.type`` is either + * ``NGHTTP2_HEADERS`` or ``NGHTTP2_PUSH_PROMISE``. In case of + * ``NGHTTP2_HEADERS``, ``frame->headers.cat == + * NGHTTP2_HCAT_RESPONSE`` means that it is the first response + * headers, but it may be non-final response which is indicated by 1xx + * status code. In this case, there may be zero or more HEADERS frame + * with ``frame->headers.cat == NGHTTP2_HCAT_HEADERS`` which has + * non-final response code and finally client gets exactly one HEADERS + * frame with ``frame->headers.cat == NGHTTP2_HCAT_HEADERS`` + * containing final response headers (non-1xx status code). The + * trailer fields also has ``frame->headers.cat == + * NGHTTP2_HCAT_HEADERS`` which does not contain any status code. + * + * Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE` will + * close the stream (promised stream if frame is PUSH_PROMISE) by + * issuing RST_STREAM with + * :enum:`nghttp2_error_code.NGHTTP2_INTERNAL_ERROR`. In this case, + * :type:`nghttp2_on_header_callback` and + * :type:`nghttp2_on_frame_recv_callback` will not be invoked. If a + * different error code is desirable, use + * `nghttp2_submit_rst_stream()` with a desired error code and then + * return :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. + * Again, use ``frame->push_promise.promised_stream_id`` as stream_id + * parameter in `nghttp2_submit_rst_stream()` if frame is + * PUSH_PROMISE. + * + * The implementation of this function must return 0 if it succeeds. + * It can return + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE` to + * reset the stream (promised stream if frame is PUSH_PROMISE). For + * critical errors, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the other + * value is returned, it is treated as if + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` is returned. If + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` is returned, + * `nghttp2_session_mem_recv2()` function will immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_begin_headers_callback()`. + */ +typedef int (*nghttp2_on_begin_headers_callback)(nghttp2_session *session, + const nghttp2_frame *frame, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when a header name/value pair is received + * for the |frame|. The |name| of length |namelen| is header name. + * The |value| of length |valuelen| is header value. The |flags| is + * bitwise OR of one or more of :type:`nghttp2_nv_flag`. + * + * If :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_INDEX` is set in + * |flags|, the receiver must not index this name/value pair when + * forwarding it to the next hop. More specifically, "Literal Header + * Field never Indexed" representation must be used in HPACK encoding. + * + * When this callback is invoked, ``frame->hd.type`` is either + * :enum:`nghttp2_frame_type.NGHTTP2_HEADERS` or + * :enum:`nghttp2_frame_type.NGHTTP2_PUSH_PROMISE`. After all header + * name/value pairs are processed with this callback, and no error has + * been detected, :type:`nghttp2_on_frame_recv_callback` will be + * invoked. If there is an error in decompression, + * :type:`nghttp2_on_frame_recv_callback` for the |frame| will not be + * invoked. + * + * Both |name| and |value| are guaranteed to be NULL-terminated. The + * |namelen| and |valuelen| do not include terminal NULL. If + * `nghttp2_option_set_no_http_messaging()` is used with nonzero + * value, NULL character may be included in |name| or |value| before + * terminating NULL. + * + * Please note that unless `nghttp2_option_set_no_http_messaging()` is + * used, nghttp2 library does perform validation against the |name| + * and the |value| using `nghttp2_check_header_name()` and + * `nghttp2_check_header_value()`. In addition to this, nghttp2 + * performs validation based on HTTP Messaging rule, which is briefly + * explained in :ref:`http-messaging` section. + * + * If the application uses `nghttp2_session_mem_recv2()`, it can + * return :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE` to make + * `nghttp2_session_mem_recv2()` return without processing further + * input bytes. The memory pointed by |frame|, |name| and |value| + * parameters are retained until `nghttp2_session_mem_recv2()` or + * `nghttp2_session_recv()` is called. The application must retain + * the input bytes which was used to produce these parameters, because + * it may refer to the memory region included in the input bytes. + * + * Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE` will + * close the stream (promised stream if frame is PUSH_PROMISE) by + * issuing RST_STREAM with + * :enum:`nghttp2_error_code.NGHTTP2_INTERNAL_ERROR`. In this case, + * :type:`nghttp2_on_header_callback` and + * :type:`nghttp2_on_frame_recv_callback` will not be invoked. If a + * different error code is desirable, use + * `nghttp2_submit_rst_stream()` with a desired error code and then + * return :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. + * Again, use ``frame->push_promise.promised_stream_id`` as stream_id + * parameter in `nghttp2_submit_rst_stream()` if frame is + * PUSH_PROMISE. + * + * The implementation of this function must return 0 if it succeeds. + * It may return :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE` or + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. For + * other critical failures, it must return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the other + * nonzero value is returned, it is treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` is returned, + * `nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_header_callback()`. + * + * .. warning:: + * + * Application should properly limit the total buffer size to store + * incoming header fields. Without it, peer may send large number + * of header fields or large header fields to cause out of memory in + * local endpoint. Due to how HPACK works, peer can do this + * effectively without using much memory on their own. + */ +typedef int (*nghttp2_on_header_callback)(nghttp2_session *session, + const nghttp2_frame *frame, + const uint8_t *name, size_t namelen, + const uint8_t *value, size_t valuelen, + uint8_t flags, void *user_data); + +/** + * @functypedef + * + * Callback function invoked when a header name/value pair is received + * for the |frame|. The |name| is header name. The |value| is header + * value. The |flags| is bitwise OR of one or more of + * :type:`nghttp2_nv_flag`. + * + * This callback behaves like :type:`nghttp2_on_header_callback`, + * except that |name| and |value| are stored in reference counted + * buffer. If application wishes to keep these references without + * copying them, use `nghttp2_rcbuf_incref()` to increment their + * reference count. It is the application's responsibility to call + * `nghttp2_rcbuf_decref()` if they called `nghttp2_rcbuf_incref()` so + * as not to leak memory. If the |session| is created by + * `nghttp2_session_server_new3()` or `nghttp2_session_client_new3()`, + * the function to free memory is the one belongs to the mem + * parameter. As long as this free function alives, |name| and + * |value| can live after |session| was destroyed. + */ +typedef int (*nghttp2_on_header_callback2)(nghttp2_session *session, + const nghttp2_frame *frame, + nghttp2_rcbuf *name, + nghttp2_rcbuf *value, uint8_t flags, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when a invalid header name/value pair is + * received for the |frame|. + * + * The parameter and behaviour are similar to + * :type:`nghttp2_on_header_callback`. The difference is that this + * callback is only invoked when a invalid header name/value pair is + * received which is treated as stream error if this callback is not + * set. Only invalid regular header field are passed to this + * callback. In other words, invalid pseudo header field is not + * passed to this callback. Also header fields which includes upper + * cased latter are also treated as error without passing them to this + * callback. + * + * This callback is only considered if HTTP messaging validation is + * turned on (which is on by default, see + * `nghttp2_option_set_no_http_messaging()`). + * + * With this callback, application inspects the incoming invalid + * field, and it also can reset stream from this callback by returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. By + * default, the error code is + * :enum:`nghttp2_error_code.NGHTTP2_PROTOCOL_ERROR`. To change the + * error code, call `nghttp2_submit_rst_stream()` with the error code + * of choice in addition to returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. + * + * If 0 is returned, the header field is ignored, and the stream is + * not reset. + */ +typedef int (*nghttp2_on_invalid_header_callback)( + nghttp2_session *session, const nghttp2_frame *frame, const uint8_t *name, + size_t namelen, const uint8_t *value, size_t valuelen, uint8_t flags, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when a invalid header name/value pair is + * received for the |frame|. + * + * The parameter and behaviour are similar to + * :type:`nghttp2_on_header_callback2`. The difference is that this + * callback is only invoked when a invalid header name/value pair is + * received which is silently ignored if this callback is not set. + * Only invalid regular header field are passed to this callback. In + * other words, invalid pseudo header field is not passed to this + * callback. Also header fields which includes upper cased latter are + * also treated as error without passing them to this callback. + * + * This callback is only considered if HTTP messaging validation is + * turned on (which is on by default, see + * `nghttp2_option_set_no_http_messaging()`). + * + * With this callback, application inspects the incoming invalid + * field, and it also can reset stream from this callback by returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. By + * default, the error code is + * :enum:`nghttp2_error_code.NGHTTP2_INTERNAL_ERROR`. To change the + * error code, call `nghttp2_submit_rst_stream()` with the error code + * of choice in addition to returning + * :enum:`nghttp2_error.NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE`. + */ +typedef int (*nghttp2_on_invalid_header_callback2)( + nghttp2_session *session, const nghttp2_frame *frame, nghttp2_rcbuf *name, + nghttp2_rcbuf *value, uint8_t flags, void *user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @functypedef + * + * .. warning:: + * + * Deprecated. Use :type:`nghttp2_select_padding_callback2` + * instead. + * + * Callback function invoked when the library asks application how + * many padding bytes are required for the transmission of the + * |frame|. The application must choose the total length of payload + * including padded bytes in range [frame->hd.length, max_payloadlen], + * inclusive. Choosing number not in this range will be treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. Returning + * ``frame->hd.length`` means no padding is added. Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` will make + * `nghttp2_session_send()` and `nghttp2_session_mem_send()` functions + * immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_select_padding_callback()`. + */ +typedef ssize_t (*nghttp2_select_padding_callback)(nghttp2_session *session, + const nghttp2_frame *frame, + size_t max_payloadlen, + void *user_data); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @functypedef + * + * Callback function invoked when the library asks application how + * many padding bytes are required for the transmission of the + * |frame|. The application must choose the total length of payload + * including padded bytes in range [frame->hd.length, max_payloadlen], + * inclusive. Choosing number not in this range will be treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. Returning + * ``frame->hd.length`` means no padding is added. Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` will make + * `nghttp2_session_send()` and `nghttp2_session_mem_send2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_select_padding_callback2()`. + */ +typedef nghttp2_ssize (*nghttp2_select_padding_callback2)( + nghttp2_session *session, const nghttp2_frame *frame, size_t max_payloadlen, + void *user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @functypedef + * + * .. warning:: + * + * Deprecated. Use + * :type:`nghttp2_data_source_read_length_callback2` instead. + * + * Callback function invoked when library wants to get max length of + * data to send data to the remote peer. The implementation of this + * function should return a value in the following range. [1, + * min(|session_remote_window_size|, |stream_remote_window_size|, + * |remote_max_frame_size|)]. If a value greater than this range is + * returned than the max allow value will be used. Returning a value + * smaller than this range is treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. The + * |frame_type| is provided for future extensibility and identifies + * the type of frame (see :type:`nghttp2_frame_type`) for which to get + * the length for. Currently supported frame types are: + * :enum:`nghttp2_frame_type.NGHTTP2_DATA`. + * + * This callback can be used to control the length in bytes for which + * :type:`nghttp2_data_source_read_callback` is allowed to send to the + * remote endpoint. This callback is optional. Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` will signal the + * entire session failure. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_data_source_read_length_callback()`. + */ +typedef ssize_t (*nghttp2_data_source_read_length_callback)( + nghttp2_session *session, uint8_t frame_type, int32_t stream_id, + int32_t session_remote_window_size, int32_t stream_remote_window_size, + uint32_t remote_max_frame_size, void *user_data); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @functypedef + * + * Callback function invoked when library wants to get max length of + * data to send data to the remote peer. The implementation of this + * function should return a value in the following range. [1, + * min(|session_remote_window_size|, |stream_remote_window_size|, + * |remote_max_frame_size|)]. If a value greater than this range is + * returned than the max allow value will be used. Returning a value + * smaller than this range is treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. The + * |frame_type| is provided for future extensibility and identifies + * the type of frame (see :type:`nghttp2_frame_type`) for which to get + * the length for. Currently supported frame types are: + * :enum:`nghttp2_frame_type.NGHTTP2_DATA`. + * + * This callback can be used to control the length in bytes for which + * :type:`nghttp2_data_source_read_callback` is allowed to send to the + * remote endpoint. This callback is optional. Returning + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` will signal the + * entire session failure. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_data_source_read_length_callback2()`. + */ +typedef nghttp2_ssize (*nghttp2_data_source_read_length_callback2)( + nghttp2_session *session, uint8_t frame_type, int32_t stream_id, + int32_t session_remote_window_size, int32_t stream_remote_window_size, + uint32_t remote_max_frame_size, void *user_data); + +/** + * @functypedef + * + * Callback function invoked when a frame header is received. The + * |hd| points to received frame header. + * + * Unlike :type:`nghttp2_on_frame_recv_callback`, this callback will + * also be called when frame header of CONTINUATION frame is received. + * + * If both :type:`nghttp2_on_begin_frame_callback` and + * :type:`nghttp2_on_begin_headers_callback` are set and HEADERS or + * PUSH_PROMISE is received, :type:`nghttp2_on_begin_frame_callback` + * will be called first. + * + * The implementation of this function must return 0 if it succeeds. + * If nonzero value is returned, it is treated as fatal error and + * `nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * + * To set this callback to :type:`nghttp2_session_callbacks`, use + * `nghttp2_session_callbacks_set_on_begin_frame_callback()`. + */ +typedef int (*nghttp2_on_begin_frame_callback)(nghttp2_session *session, + const nghttp2_frame_hd *hd, + void *user_data); + +/** + * @functypedef + * + * Callback function invoked when chunk of extension frame payload is + * received. The |hd| points to frame header. The received + * chunk is |data| of length |len|. + * + * The implementation of this function must return 0 if it succeeds. + * + * To abort processing this extension frame, return + * :enum:`nghttp2_error.NGHTTP2_ERR_CANCEL`. + * + * If fatal error occurred, application should return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. In this case, + * `nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the other + * values are returned, currently they are treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp2_on_extension_chunk_recv_callback)( + nghttp2_session *session, const nghttp2_frame_hd *hd, const uint8_t *data, + size_t len, void *user_data); + +/** + * @functypedef + * + * Callback function invoked when library asks the application to + * unpack extension payload from its wire format. The extension + * payload has been passed to the application using + * :type:`nghttp2_on_extension_chunk_recv_callback`. The frame header + * is already unpacked by the library and provided as |hd|. + * + * To receive extension frames, the application must tell desired + * extension frame type to the library using + * `nghttp2_option_set_user_recv_extension_type()`. + * + * The implementation of this function may store the pointer to the + * created object as a result of unpacking in |*payload|, and returns + * 0. The pointer stored in |*payload| is opaque to the library, and + * the library does not own its pointer. |*payload| is initialized as + * ``NULL``. The |*payload| is available as ``frame->ext.payload`` in + * :type:`nghttp2_on_frame_recv_callback`. Therefore if application + * can free that memory inside :type:`nghttp2_on_frame_recv_callback` + * callback. Of course, application has a liberty not to use + * |*payload|, and do its own mechanism to process extension frames. + * + * To abort processing this extension frame, return + * :enum:`nghttp2_error.NGHTTP2_ERR_CANCEL`. + * + * If fatal error occurred, application should return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. In this case, + * `nghttp2_session_recv()` and `nghttp2_session_mem_recv2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the other + * values are returned, currently they are treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp2_unpack_extension_callback)(nghttp2_session *session, + void **payload, + const nghttp2_frame_hd *hd, + void *user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @functypedef + * + * .. warning:: + * + * Deprecated. Use :type:`nghttp2_pack_extension_callback2` + * instead. + * + * Callback function invoked when library asks the application to pack + * extension payload in its wire format. The frame header will be + * packed by library. Application must pack payload only. + * ``frame->ext.payload`` is the object passed to + * `nghttp2_submit_extension()` as payload parameter. Application + * must pack extension payload to the |buf| of its capacity |len| + * bytes. The |len| is at least 16KiB. + * + * The implementation of this function should return the number of + * bytes written into |buf| when it succeeds. + * + * To abort processing this extension frame, return + * :enum:`nghttp2_error.NGHTTP2_ERR_CANCEL`, and + * :type:`nghttp2_on_frame_not_send_callback` will be invoked. + * + * If fatal error occurred, application should return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. In this case, + * `nghttp2_session_send()` and `nghttp2_session_mem_send()` functions + * immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the other + * values are returned, currently they are treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the return + * value is strictly larger than |len|, it is treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + */ +typedef ssize_t (*nghttp2_pack_extension_callback)(nghttp2_session *session, + uint8_t *buf, size_t len, + const nghttp2_frame *frame, + void *user_data); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @functypedef + * + * Callback function invoked when library asks the application to pack + * extension payload in its wire format. The frame header will be + * packed by library. Application must pack payload only. + * ``frame->ext.payload`` is the object passed to + * `nghttp2_submit_extension()` as payload parameter. Application + * must pack extension payload to the |buf| of its capacity |len| + * bytes. The |len| is at least 16KiB. + * + * The implementation of this function should return the number of + * bytes written into |buf| when it succeeds. + * + * To abort processing this extension frame, return + * :enum:`nghttp2_error.NGHTTP2_ERR_CANCEL`, and + * :type:`nghttp2_on_frame_not_send_callback` will be invoked. + * + * If fatal error occurred, application should return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. In this case, + * `nghttp2_session_send()` and `nghttp2_session_mem_send2()` + * functions immediately return + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the other + * values are returned, currently they are treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. If the return + * value is strictly larger than |len|, it is treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + */ +typedef nghttp2_ssize (*nghttp2_pack_extension_callback2)( + nghttp2_session *session, uint8_t *buf, size_t len, + const nghttp2_frame *frame, void *user_data); + +/** + * @functypedef + * + * .. warning:: + * + * Deprecated. Use :type:`nghttp2_error_callback2` instead. + * + * Callback function invoked when library provides the error message + * intended for human consumption. This callback is solely for + * debugging purpose. The |msg| is typically NULL-terminated string + * of length |len|. |len| does not include the sentinel NULL + * character. + * + * The format of error message may change between nghttp2 library + * versions. The application should not depend on the particular + * format. + * + * Normally, application should return 0 from this callback. If fatal + * error occurred while doing something in this callback, application + * should return :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * In this case, library will return immediately with return value + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. Currently, if + * nonzero value is returned from this callback, they are treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`, but application + * should not rely on this details. + */ +typedef int (*nghttp2_error_callback)(nghttp2_session *session, const char *msg, + size_t len, void *user_data); + +/** + * @functypedef + * + * Callback function invoked when library provides the error code, and + * message. This callback is solely for debugging purpose. + * |lib_error_code| is one of error code defined in + * :enum:`nghttp2_error`. The |msg| is typically NULL-terminated + * string of length |len|, and intended for human consumption. |len| + * does not include the sentinel NULL character. + * + * The format of error message may change between nghttp2 library + * versions. The application should not depend on the particular + * format. + * + * Normally, application should return 0 from this callback. If fatal + * error occurred while doing something in this callback, application + * should return :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. + * In this case, library will return immediately with return value + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`. Currently, if + * nonzero value is returned from this callback, they are treated as + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE`, but application + * should not rely on this details. + */ +typedef int (*nghttp2_error_callback2)(nghttp2_session *session, + int lib_error_code, const char *msg, + size_t len, void *user_data); + +struct nghttp2_session_callbacks; + +/** + * @struct + * + * Callback functions for :type:`nghttp2_session`. The details of + * this structure are intentionally hidden from the public API. + */ +typedef struct nghttp2_session_callbacks nghttp2_session_callbacks; + +/** + * @function + * + * Initializes |*callbacks_ptr| with NULL values. + * + * The initialized object can be used when initializing multiple + * :type:`nghttp2_session` objects. + * + * When the application finished using this object, it can use + * `nghttp2_session_callbacks_del()` to free its memory. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_session_callbacks_new(nghttp2_session_callbacks **callbacks_ptr); + +/** + * @function + * + * Frees any resources allocated for |callbacks|. If |callbacks| is + * ``NULL``, this function does nothing. + */ +NGHTTP2_EXTERN void +nghttp2_session_callbacks_del(nghttp2_session_callbacks *callbacks); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_session_callbacks_set_send_callback2()` + * with :type:`nghttp2_send_callback2` instead. + * + * Sets callback function invoked when a session wants to send data to + * the remote peer. This callback is not necessary if the application + * uses solely `nghttp2_session_mem_send()` to serialize data to + * transmit. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_send_callback( + nghttp2_session_callbacks *cbs, nghttp2_send_callback send_callback); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Sets callback function invoked when a session wants to send data to + * the remote peer. This callback is not necessary if the application + * uses solely `nghttp2_session_mem_send2()` to serialize data to + * transmit. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_send_callback2( + nghttp2_session_callbacks *cbs, nghttp2_send_callback2 send_callback); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_session_callbacks_set_recv_callback2()` + * with :type:`nghttp2_recv_callback2` instead. + * + * Sets callback function invoked when the a session wants to receive + * data from the remote peer. This callback is not necessary if the + * application uses solely `nghttp2_session_mem_recv()` to process + * received data. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_recv_callback( + nghttp2_session_callbacks *cbs, nghttp2_recv_callback recv_callback); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Sets callback function invoked when the a session wants to receive + * data from the remote peer. This callback is not necessary if the + * application uses solely `nghttp2_session_mem_recv2()` to process + * received data. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_recv_callback2( + nghttp2_session_callbacks *cbs, nghttp2_recv_callback2 recv_callback); + +/** + * @function + * + * Sets callback function invoked by `nghttp2_session_recv()` and + * `nghttp2_session_mem_recv2()` when a frame is received. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_frame_recv_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_frame_recv_callback on_frame_recv_callback); + +/** + * @function + * + * Sets callback function invoked by `nghttp2_session_recv()` and + * `nghttp2_session_mem_recv2()` when an invalid non-DATA frame is + * received. + */ +NGHTTP2_EXTERN void +nghttp2_session_callbacks_set_on_invalid_frame_recv_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_invalid_frame_recv_callback on_invalid_frame_recv_callback); + +/** + * @function + * + * Sets callback function invoked when a chunk of data in DATA frame + * is received. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_data_chunk_recv_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_data_chunk_recv_callback on_data_chunk_recv_callback); + +/** + * @function + * + * Sets callback function invoked before a non-DATA frame is sent. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_before_frame_send_callback( + nghttp2_session_callbacks *cbs, + nghttp2_before_frame_send_callback before_frame_send_callback); + +/** + * @function + * + * Sets callback function invoked after a frame is sent. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_frame_send_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_frame_send_callback on_frame_send_callback); + +/** + * @function + * + * Sets callback function invoked when a non-DATA frame is not sent + * because of an error. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_frame_not_send_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_frame_not_send_callback on_frame_not_send_callback); + +/** + * @function + * + * Sets callback function invoked when the stream is closed. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_stream_close_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_stream_close_callback on_stream_close_callback); + +/** + * @function + * + * Sets callback function invoked when the reception of header block + * in HEADERS or PUSH_PROMISE is started. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_begin_headers_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_begin_headers_callback on_begin_headers_callback); + +/** + * @function + * + * Sets callback function invoked when a header name/value pair is + * received. If both + * `nghttp2_session_callbacks_set_on_header_callback()` and + * `nghttp2_session_callbacks_set_on_header_callback2()` are used to + * set callbacks, the latter has the precedence. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_header_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_header_callback on_header_callback); + +/** + * @function + * + * Sets callback function invoked when a header name/value pair is + * received. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_header_callback2( + nghttp2_session_callbacks *cbs, + nghttp2_on_header_callback2 on_header_callback2); + +/** + * @function + * + * Sets callback function invoked when a invalid header name/value + * pair is received. If both + * `nghttp2_session_callbacks_set_on_invalid_header_callback()` and + * `nghttp2_session_callbacks_set_on_invalid_header_callback2()` are + * used to set callbacks, the latter takes the precedence. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_invalid_header_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_invalid_header_callback on_invalid_header_callback); + +/** + * @function + * + * Sets callback function invoked when a invalid header name/value + * pair is received. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_invalid_header_callback2( + nghttp2_session_callbacks *cbs, + nghttp2_on_invalid_header_callback2 on_invalid_header_callback2); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use + * `nghttp2_session_callbacks_set_select_padding_callback2()` with + * :type:`nghttp2_select_padding_callback2` instead. + * + * Sets callback function invoked when the library asks application + * how many padding bytes are required for the transmission of the + * given frame. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_select_padding_callback( + nghttp2_session_callbacks *cbs, + nghttp2_select_padding_callback select_padding_callback); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Sets callback function invoked when the library asks application + * how many padding bytes are required for the transmission of the + * given frame. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_select_padding_callback2( + nghttp2_session_callbacks *cbs, + nghttp2_select_padding_callback2 select_padding_callback); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use + * `nghttp2_session_callbacks_set_data_source_read_length_callback2()` + * with :type:`nghttp2_data_source_read_length_callback2` instead. + * + * Sets callback function determine the length allowed in + * :type:`nghttp2_data_source_read_callback`. + */ +NGHTTP2_EXTERN void +nghttp2_session_callbacks_set_data_source_read_length_callback( + nghttp2_session_callbacks *cbs, + nghttp2_data_source_read_length_callback data_source_read_length_callback); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Sets callback function determine the length allowed in + * :type:`nghttp2_data_source_read_callback2`. + */ +NGHTTP2_EXTERN void +nghttp2_session_callbacks_set_data_source_read_length_callback2( + nghttp2_session_callbacks *cbs, + nghttp2_data_source_read_length_callback2 data_source_read_length_callback); + +/** + * @function + * + * Sets callback function invoked when a frame header is received. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_on_begin_frame_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_begin_frame_callback on_begin_frame_callback); + +/** + * @function + * + * Sets callback function invoked when + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_COPY` is used in + * :type:`nghttp2_data_source_read_callback2` to avoid data copy. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_send_data_callback( + nghttp2_session_callbacks *cbs, + nghttp2_send_data_callback send_data_callback); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use + * `nghttp2_session_callbacks_set_pack_extension_callback2()` with + * :type:`nghttp2_pack_extension_callback2` instead. + * + * Sets callback function invoked when the library asks the + * application to pack extension frame payload in wire format. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_pack_extension_callback( + nghttp2_session_callbacks *cbs, + nghttp2_pack_extension_callback pack_extension_callback); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Sets callback function invoked when the library asks the + * application to pack extension frame payload in wire format. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_pack_extension_callback2( + nghttp2_session_callbacks *cbs, + nghttp2_pack_extension_callback2 pack_extension_callback); + +/** + * @function + * + * Sets callback function invoked when the library asks the + * application to unpack extension frame payload from wire format. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_unpack_extension_callback( + nghttp2_session_callbacks *cbs, + nghttp2_unpack_extension_callback unpack_extension_callback); + +/** + * @function + * + * Sets callback function invoked when chunk of extension frame + * payload is received. + */ +NGHTTP2_EXTERN void +nghttp2_session_callbacks_set_on_extension_chunk_recv_callback( + nghttp2_session_callbacks *cbs, + nghttp2_on_extension_chunk_recv_callback on_extension_chunk_recv_callback); + +/** + * @function + * + * .. warning:: + * + * Deprecated. Use + * `nghttp2_session_callbacks_set_error_callback2()` with + * :type:`nghttp2_error_callback2` instead. + * + * Sets callback function invoked when library tells error message to + * the application. + * + * If both :type:`nghttp2_error_callback` and + * :type:`nghttp2_error_callback2` are set, the latter takes + * precedence. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_error_callback( + nghttp2_session_callbacks *cbs, nghttp2_error_callback error_callback); + +/** + * @function + * + * Sets callback function invoked when library tells error code, and + * message to the application. + * + * If both :type:`nghttp2_error_callback` and + * :type:`nghttp2_error_callback2` are set, the latter takes + * precedence. + */ +NGHTTP2_EXTERN void nghttp2_session_callbacks_set_error_callback2( + nghttp2_session_callbacks *cbs, nghttp2_error_callback2 error_callback2); + +/** + * @functypedef + * + * Custom memory allocator to replace malloc(). The |mem_user_data| + * is the mem_user_data member of :type:`nghttp2_mem` structure. + */ +typedef void *(*nghttp2_malloc)(size_t size, void *mem_user_data); + +/** + * @functypedef + * + * Custom memory allocator to replace free(). The |mem_user_data| is + * the mem_user_data member of :type:`nghttp2_mem` structure. + */ +typedef void (*nghttp2_free)(void *ptr, void *mem_user_data); + +/** + * @functypedef + * + * Custom memory allocator to replace calloc(). The |mem_user_data| + * is the mem_user_data member of :type:`nghttp2_mem` structure. + */ +typedef void *(*nghttp2_calloc)(size_t nmemb, size_t size, void *mem_user_data); + +/** + * @functypedef + * + * Custom memory allocator to replace realloc(). The |mem_user_data| + * is the mem_user_data member of :type:`nghttp2_mem` structure. + */ +typedef void *(*nghttp2_realloc)(void *ptr, size_t size, void *mem_user_data); + +/** + * @struct + * + * Custom memory allocator functions and user defined pointer. The + * |mem_user_data| member is passed to each allocator function. This + * can be used, for example, to achieve per-session memory pool. + * + * In the following example code, ``my_malloc``, ``my_free``, + * ``my_calloc`` and ``my_realloc`` are the replacement of the + * standard allocators ``malloc``, ``free``, ``calloc`` and + * ``realloc`` respectively:: + * + * void *my_malloc_cb(size_t size, void *mem_user_data) { + * return my_malloc(size); + * } + * + * void my_free_cb(void *ptr, void *mem_user_data) { my_free(ptr); } + * + * void *my_calloc_cb(size_t nmemb, size_t size, void *mem_user_data) { + * return my_calloc(nmemb, size); + * } + * + * void *my_realloc_cb(void *ptr, size_t size, void *mem_user_data) { + * return my_realloc(ptr, size); + * } + * + * void session_new() { + * nghttp2_session *session; + * nghttp2_session_callbacks *callbacks; + * nghttp2_mem mem = {NULL, my_malloc_cb, my_free_cb, my_calloc_cb, + * my_realloc_cb}; + * + * ... + * + * nghttp2_session_client_new3(&session, callbacks, NULL, NULL, &mem); + * + * ... + * } + */ +typedef struct { + /** + * An arbitrary user supplied data. This is passed to each + * allocator function. + */ + void *mem_user_data; + /** + * Custom allocator function to replace malloc(). + */ + nghttp2_malloc malloc; + /** + * Custom allocator function to replace free(). + */ + nghttp2_free free; + /** + * Custom allocator function to replace calloc(). + */ + nghttp2_calloc calloc; + /** + * Custom allocator function to replace realloc(). + */ + nghttp2_realloc realloc; +} nghttp2_mem; + +struct nghttp2_option; + +/** + * @struct + * + * Configuration options for :type:`nghttp2_session`. The details of + * this structure are intentionally hidden from the public API. + */ +typedef struct nghttp2_option nghttp2_option; + +/** + * @function + * + * Initializes |*option_ptr| with default values. + * + * When the application finished using this object, it can use + * `nghttp2_option_del()` to free its memory. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_option_new(nghttp2_option **option_ptr); + +/** + * @function + * + * Frees any resources allocated for |option|. If |option| is + * ``NULL``, this function does nothing. + */ +NGHTTP2_EXTERN void nghttp2_option_del(nghttp2_option *option); + +/** + * @function + * + * This option prevents the library from sending WINDOW_UPDATE for a + * connection automatically. If this option is set to nonzero, the + * library won't send WINDOW_UPDATE for DATA until application calls + * `nghttp2_session_consume()` to indicate the consumed amount of + * data. Don't use `nghttp2_submit_window_update()` for this purpose. + * By default, this option is set to zero. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_no_auto_window_update(nghttp2_option *option, int val); + +/** + * @function + * + * This option sets the SETTINGS_MAX_CONCURRENT_STREAMS value of + * remote endpoint as if it is received in SETTINGS frame. Without + * specifying this option, the maximum number of outgoing concurrent + * streams is initially limited to 100 to avoid issues when the local + * endpoint submits lots of requests before receiving initial SETTINGS + * frame from the remote endpoint, since sending them at once to the + * remote endpoint could lead to rejection of some of the requests. + * This value will be overwritten when the local endpoint receives + * initial SETTINGS frame from the remote endpoint, either to the + * value advertised in SETTINGS_MAX_CONCURRENT_STREAMS or to the + * default value (unlimited) if none was advertised. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_peer_max_concurrent_streams(nghttp2_option *option, + uint32_t val); + +/** + * @function + * + * By default, nghttp2 library, if configured as server, requires + * first 24 bytes of client magic byte string (MAGIC). In most cases, + * this will simplify the implementation of server. But sometimes + * server may want to detect the application protocol based on first + * few bytes on clear text communication. + * + * If this option is used with nonzero |val|, nghttp2 library does not + * handle MAGIC. It still checks following SETTINGS frame. This + * means that applications should deal with MAGIC by themselves. + * + * If this option is not used or used with zero value, if MAGIC does + * not match :macro:`NGHTTP2_CLIENT_MAGIC`, `nghttp2_session_recv()` + * and `nghttp2_session_mem_recv2()` will return error + * :enum:`nghttp2_error.NGHTTP2_ERR_BAD_CLIENT_MAGIC`, which is fatal + * error. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_no_recv_client_magic(nghttp2_option *option, int val); + +/** + * @function + * + * By default, nghttp2 library enforces subset of HTTP Messaging rules + * described in `HTTP/2 specification, section 8 + * `_. See + * :ref:`http-messaging` section for details. For those applications + * who use nghttp2 library as non-HTTP use, give nonzero to |val| to + * disable this enforcement. Please note that disabling this feature + * does not change the fundamental client and server model of HTTP. + * That is, even if the validation is disabled, only client can send + * requests. + */ +NGHTTP2_EXTERN void nghttp2_option_set_no_http_messaging(nghttp2_option *option, + int val); + +/** + * @function + * + * RFC 7540 does not enforce any limit on the number of incoming + * reserved streams (in RFC 7540 terms, streams in reserved (remote) + * state). This only affects client side, since only server can push + * streams. Malicious server can push arbitrary number of streams, + * and make client's memory exhausted. This option can set the + * maximum number of such incoming streams to avoid possible memory + * exhaustion. If this option is set, and pushed streams are + * automatically closed on reception, without calling user provided + * callback, if they exceed the given limit. The default value is + * 200. If session is configured as server side, this option has no + * effect. Server can control the number of streams to push. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_max_reserved_remote_streams(nghttp2_option *option, + uint32_t val); + +/** + * @function + * + * Sets extension frame type the application is willing to handle with + * user defined callbacks (see + * :type:`nghttp2_on_extension_chunk_recv_callback` and + * :type:`nghttp2_unpack_extension_callback`). The |type| is + * extension frame type, and must be strictly greater than 0x9. + * Otherwise, this function does nothing. The application can call + * this function multiple times to set more than one frame type to + * receive. The application does not have to call this function if it + * just sends extension frames. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_user_recv_extension_type(nghttp2_option *option, + uint8_t type); + +/** + * @function + * + * Sets extension frame type the application is willing to receive + * using builtin handler. The |type| is the extension frame type to + * receive, and must be strictly greater than 0x9. Otherwise, this + * function does nothing. The application can call this function + * multiple times to set more than one frame type to receive. The + * application does not have to call this function if it just sends + * extension frames. + * + * If same frame type is passed to both + * `nghttp2_option_set_builtin_recv_extension_type()` and + * `nghttp2_option_set_user_recv_extension_type()`, the latter takes + * precedence. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_builtin_recv_extension_type(nghttp2_option *option, + uint8_t type); + +/** + * @function + * + * This option prevents the library from sending PING frame with ACK + * flag set automatically when PING frame without ACK flag set is + * received. If this option is set to nonzero, the library won't send + * PING frame with ACK flag set in the response for incoming PING + * frame. The application can send PING frame with ACK flag set using + * `nghttp2_submit_ping()` with :enum:`nghttp2_flag.NGHTTP2_FLAG_ACK` + * as flags parameter. + */ +NGHTTP2_EXTERN void nghttp2_option_set_no_auto_ping_ack(nghttp2_option *option, + int val); + +/** + * @function + * + * This option sets the maximum length of header block (a set of + * header fields per one HEADERS frame) to send. The length of a + * given set of header fields is calculated using + * `nghttp2_hd_deflate_bound()`. The default value is 64KiB. If + * application attempts to send header fields larger than this limit, + * the transmission of the frame fails with error code + * :enum:`nghttp2_error.NGHTTP2_ERR_FRAME_SIZE_ERROR`. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_max_send_header_block_length(nghttp2_option *option, + size_t val); + +/** + * @function + * + * This option sets the maximum dynamic table size for deflating + * header fields. The default value is 4KiB. In HTTP/2, receiver of + * deflated header block can specify maximum dynamic table size. The + * actual maximum size is the minimum of the size receiver specified + * and this option value. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_max_deflate_dynamic_table_size(nghttp2_option *option, + size_t val); + +/** + * @function + * + * .. warning:: + * + * Deprecated. Closed streams are not retained anymore. + * + * This function works as before, but it does not take any effect + * against :type:`nghttp2_session`. + */ +NGHTTP2_EXTERN void nghttp2_option_set_no_closed_streams(nghttp2_option *option, + int val); + +/** + * @function + * + * This function sets the maximum number of outgoing SETTINGS ACK and + * PING ACK frames retained in :type:`nghttp2_session` object. If + * more than those frames are retained, the peer is considered to be + * misbehaving and session will be closed. The default value is 1000. + */ +NGHTTP2_EXTERN void nghttp2_option_set_max_outbound_ack(nghttp2_option *option, + size_t val); + +/** + * @function + * + * This function sets the maximum number of SETTINGS entries per + * SETTINGS frame that will be accepted. If more than those entries + * are received, the peer is considered to be misbehaving and session + * will be closed. The default value is 32. + */ +NGHTTP2_EXTERN void nghttp2_option_set_max_settings(nghttp2_option *option, + size_t val); + +/** + * @function + * + * .. warning:: + * Deprecated. :rfc:`7540` priorities have been removed. + * + * This function works as before, but it does not take any effect + * against :type:`nghttp2_session`. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_server_fallback_rfc7540_priorities(nghttp2_option *option, + int val); + +/** + * @function + * + * This option, if set to nonzero, turns off RFC 9113 leading and + * trailing white spaces validation against HTTP field value. Some + * important fields, such as HTTP/2 pseudo header fields, are + * validated more strictly and this option does not apply to them. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation( + nghttp2_option *option, int val); + +/** + * @function + * + * This function sets the rate limit for the incoming stream reset + * (RST_STREAM frame). It is server use only. It is a token-bucket + * based rate limiter. |burst| specifies the number of tokens that is + * initially available. The maximum number of tokens is capped to + * this value. |rate| specifies the number of tokens that are + * regenerated per second. An incoming RST_STREAM consumes one token. + * If there is no token available, GOAWAY is sent to tear down the + * connection. |burst| and |rate| default to 1000 and 33 + * respectively. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, + uint64_t burst, uint64_t rate); + +/** + * @function + * + * This function sets the maximum number of CONTINUATION frames + * following an incoming HEADER frame. If more than those frames are + * received, the remote endpoint is considered to be misbehaving and + * session will be closed. The default value is 8. + */ +NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option, + size_t val); + +/** + * @function + * + * Initializes |*session_ptr| for client use. The all members of + * |callbacks| are copied to |*session_ptr|. Therefore |*session_ptr| + * does not store |callbacks|. The |user_data| is an arbitrary user + * supplied data, which will be passed to the callback functions. + * + * The :type:`nghttp2_send_callback2` must be specified. If the + * application code uses `nghttp2_session_recv()`, the + * :type:`nghttp2_recv_callback` must be specified. The other members + * of |callbacks| can be ``NULL``. + * + * If this function fails, |*session_ptr| is left untouched. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_session_client_new(nghttp2_session **session_ptr, + const nghttp2_session_callbacks *callbacks, + void *user_data); + +/** + * @function + * + * Initializes |*session_ptr| for server use. The all members of + * |callbacks| are copied to |*session_ptr|. Therefore |*session_ptr| + * does not store |callbacks|. The |user_data| is an arbitrary user + * supplied data, which will be passed to the callback functions. + * + * The :type:`nghttp2_send_callback2` must be specified. If the + * application code uses `nghttp2_session_recv()`, the + * :type:`nghttp2_recv_callback` must be specified. The other members + * of |callbacks| can be ``NULL``. + * + * If this function fails, |*session_ptr| is left untouched. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_session_server_new(nghttp2_session **session_ptr, + const nghttp2_session_callbacks *callbacks, + void *user_data); + +/** + * @function + * + * Like `nghttp2_session_client_new()`, but with additional options + * specified in the |option|. + * + * The |option| can be ``NULL`` and the call is equivalent to + * `nghttp2_session_client_new()`. + * + * This function does not take ownership |option|. The application is + * responsible for freeing |option| if it finishes using the object. + * + * The library code does not refer to |option| after this function + * returns. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_session_client_new2(nghttp2_session **session_ptr, + const nghttp2_session_callbacks *callbacks, + void *user_data, const nghttp2_option *option); + +/** + * @function + * + * Like `nghttp2_session_server_new()`, but with additional options + * specified in the |option|. + * + * The |option| can be ``NULL`` and the call is equivalent to + * `nghttp2_session_server_new()`. + * + * This function does not take ownership |option|. The application is + * responsible for freeing |option| if it finishes using the object. + * + * The library code does not refer to |option| after this function + * returns. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_session_server_new2(nghttp2_session **session_ptr, + const nghttp2_session_callbacks *callbacks, + void *user_data, const nghttp2_option *option); + +/** + * @function + * + * Like `nghttp2_session_client_new2()`, but with additional custom + * memory allocator specified in the |mem|. + * + * The |mem| can be ``NULL`` and the call is equivalent to + * `nghttp2_session_client_new2()`. + * + * This function does not take ownership |mem|. The application is + * responsible for freeing |mem|. + * + * The library code does not refer to |mem| pointer after this + * function returns, so the application can safely free it. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_session_client_new3( + nghttp2_session **session_ptr, const nghttp2_session_callbacks *callbacks, + void *user_data, const nghttp2_option *option, nghttp2_mem *mem); + +/** + * @function + * + * Like `nghttp2_session_server_new2()`, but with additional custom + * memory allocator specified in the |mem|. + * + * The |mem| can be ``NULL`` and the call is equivalent to + * `nghttp2_session_server_new2()`. + * + * This function does not take ownership |mem|. The application is + * responsible for freeing |mem|. + * + * The library code does not refer to |mem| pointer after this + * function returns, so the application can safely free it. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_session_server_new3( + nghttp2_session **session_ptr, const nghttp2_session_callbacks *callbacks, + void *user_data, const nghttp2_option *option, nghttp2_mem *mem); + +/** + * @function + * + * Frees any resources allocated for |session|. If |session| is + * ``NULL``, this function does nothing. + */ +NGHTTP2_EXTERN void nghttp2_session_del(nghttp2_session *session); + +/** + * @function + * + * Sends pending frames to the remote peer. + * + * This function retrieves the highest prioritized frame from the + * outbound queue and sends it to the remote peer. It does this as + * many times as possible until the user callback + * :type:`nghttp2_send_callback2` returns + * :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`, the outbound queue + * becomes empty or flow control is triggered (remote window size + * becomes depleted or maximum number of concurrent streams is + * reached). This function calls several callback functions which are + * passed when initializing the |session|. Here is the simple time + * chart which tells when each callback is invoked: + * + * 1. Get the next frame to send from outbound queue. + * + * 2. Prepare transmission of the frame. + * + * 3. If the control frame cannot be sent because some preconditions + * are not met (e.g., request HEADERS cannot be sent after GOAWAY), + * :type:`nghttp2_on_frame_not_send_callback` is invoked. Abort + * the following steps. + * + * 4. If the frame is HEADERS, PUSH_PROMISE or DATA, + * :type:`nghttp2_select_padding_callback` is invoked. + * + * 5. If the frame is request HEADERS, the stream is opened here. + * + * 6. :type:`nghttp2_before_frame_send_callback` is invoked. + * + * 7. If :enum:`nghttp2_error.NGHTTP2_ERR_CANCEL` is returned from + * :type:`nghttp2_before_frame_send_callback`, the current frame + * transmission is canceled, and + * :type:`nghttp2_on_frame_not_send_callback` is invoked. Abort + * the following steps. + * + * 8. :type:`nghttp2_send_callback2` is invoked one or more times to + * send the frame. + * + * 9. :type:`nghttp2_on_frame_send_callback` is invoked. + * + * 10. If the transmission of the frame triggers closure of the + * stream, the stream is closed and + * :type:`nghttp2_on_stream_close_callback` is invoked. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` + * The callback function failed. + */ +NGHTTP2_EXTERN int nghttp2_session_send(nghttp2_session *session); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_session_mem_send2()` instead. + * + * Returns the serialized data to send. + * + * This function behaves like `nghttp2_session_send()` except that it + * does not use :type:`nghttp2_send_callback` to transmit data. + * Instead, it assigns the pointer to the serialized data to the + * |*data_ptr| and returns its length. The other callbacks are called + * in the same way as they are in `nghttp2_session_send()`. + * + * If no data is available to send, this function returns 0. + * + * This function may not return all serialized data in one invocation. + * To get all data, call this function repeatedly until it returns 0 + * or one of negative error codes. + * + * The assigned |*data_ptr| is valid until the next call of + * `nghttp2_session_mem_send()` or `nghttp2_session_send()`. + * + * The caller must send all data before sending the next chunk of + * data. + * + * This function returns the length of the data pointed by the + * |*data_ptr| if it succeeds, or one of the following negative error + * codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * + * .. note:: + * + * This function may produce very small byte string. If that is the + * case, and application disables Nagle algorithm (``TCP_NODELAY``), + * then writing this small chunk leads to very small packet, and it + * is very inefficient. An application should be responsible to + * buffer up small chunks of data as necessary to avoid this + * situation. + */ +NGHTTP2_EXTERN ssize_t nghttp2_session_mem_send(nghttp2_session *session, + const uint8_t **data_ptr); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Returns the serialized data to send. + * + * This function behaves like `nghttp2_session_send()` except that it + * does not use :type:`nghttp2_send_callback2` to transmit data. + * Instead, it assigns the pointer to the serialized data to the + * |*data_ptr| and returns its length. The other callbacks are called + * in the same way as they are in `nghttp2_session_send()`. + * + * If no data is available to send, this function returns 0. + * + * This function may not return all serialized data in one invocation. + * To get all data, call this function repeatedly until it returns 0 + * or one of negative error codes. + * + * The assigned |*data_ptr| is valid until the next call of + * `nghttp2_session_mem_send2()` or `nghttp2_session_send()`. + * + * The caller must send all data before sending the next chunk of + * data. + * + * This function returns the length of the data pointed by the + * |*data_ptr| if it succeeds, or one of the following negative error + * codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * + * .. note:: + * + * This function may produce very small byte string. If that is the + * case, and application disables Nagle algorithm (``TCP_NODELAY``), + * then writing this small chunk leads to very small packet, and it + * is very inefficient. An application should be responsible to + * buffer up small chunks of data as necessary to avoid this + * situation. + */ +NGHTTP2_EXTERN nghttp2_ssize +nghttp2_session_mem_send2(nghttp2_session *session, const uint8_t **data_ptr); + +/** + * @function + * + * Receives frames from the remote peer. + * + * This function receives as many frames as possible until the user + * callback :type:`nghttp2_recv_callback` returns + * :enum:`nghttp2_error.NGHTTP2_ERR_WOULDBLOCK`. This function calls + * several callback functions which are passed when initializing the + * |session|. Here is the simple time chart which tells when each + * callback is invoked: + * + * 1. :type:`nghttp2_recv_callback` is invoked one or more times to + * receive frame header. + * + * 2. When frame header is received, + * :type:`nghttp2_on_begin_frame_callback` is invoked. + * + * 3. If the frame is DATA frame: + * + * 1. :type:`nghttp2_recv_callback` is invoked to receive DATA + * payload. For each chunk of data, + * :type:`nghttp2_on_data_chunk_recv_callback` is invoked. + * + * 2. If one DATA frame is completely received, + * :type:`nghttp2_on_frame_recv_callback` is invoked. If the + * reception of the frame triggers the closure of the stream, + * :type:`nghttp2_on_stream_close_callback` is invoked. + * + * 4. If the frame is the control frame: + * + * 1. :type:`nghttp2_recv_callback` is invoked one or more times to + * receive whole frame. + * + * 2. If the received frame is valid, then following actions are + * taken. If the frame is either HEADERS or PUSH_PROMISE, + * :type:`nghttp2_on_begin_headers_callback` is invoked. Then + * :type:`nghttp2_on_header_callback` is invoked for each header + * name/value pair. For invalid header field, + * :type:`nghttp2_on_invalid_header_callback` is called. After + * all name/value pairs are emitted successfully, + * :type:`nghttp2_on_frame_recv_callback` is invoked. For other + * frames, :type:`nghttp2_on_frame_recv_callback` is invoked. + * If the reception of the frame triggers the closure of the + * stream, :type:`nghttp2_on_stream_close_callback` is invoked. + * + * 3. If the received frame is unpacked but is interpreted as + * invalid, :type:`nghttp2_on_invalid_frame_recv_callback` is + * invoked. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_EOF` + * The remote peer did shutdown on the connection. + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` + * The callback function failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_BAD_CLIENT_MAGIC` + * Invalid client magic was detected. This error only returns + * when |session| was configured as server and + * `nghttp2_option_set_no_recv_client_magic()` is not used with + * nonzero value. + * :enum:`nghttp2_error.NGHTTP2_ERR_FLOODED` + * Flooding was detected in this HTTP/2 session, and it must be + * closed. This is most likely caused by misbehaviour of peer. + */ +NGHTTP2_EXTERN int nghttp2_session_recv(nghttp2_session *session); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_session_mem_recv2()` instead. + * + * Processes data |in| as an input from the remote endpoint. The + * |inlen| indicates the number of bytes to receive in the |in|. + * + * This function behaves like `nghttp2_session_recv()` except that it + * does not use :type:`nghttp2_recv_callback` to receive data; the + * |in| is the only data for the invocation of this function. If all + * bytes are processed, this function returns. The other callbacks + * are called in the same way as they are in `nghttp2_session_recv()`. + * + * In the current implementation, this function always tries to + * processes |inlen| bytes of input data unless either an error occurs or + * :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE` is returned from + * :type:`nghttp2_on_header_callback` or + * :type:`nghttp2_on_data_chunk_recv_callback`. If + * :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE` is used, the return value + * includes the number of bytes which was used to produce the data or + * frame for the callback. + * + * This function returns the number of processed bytes, or one of the + * following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` + * The callback function failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_BAD_CLIENT_MAGIC` + * Invalid client magic was detected. This error only returns + * when |session| was configured as server and + * `nghttp2_option_set_no_recv_client_magic()` is not used with + * nonzero value. + * :enum:`nghttp2_error.NGHTTP2_ERR_FLOODED` + * Flooding was detected in this HTTP/2 session, and it must be + * closed. This is most likely caused by misbehaviour of peer. + */ +NGHTTP2_EXTERN ssize_t nghttp2_session_mem_recv(nghttp2_session *session, + const uint8_t *in, + size_t inlen); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Processes data |in| as an input from the remote endpoint. The + * |inlen| indicates the number of bytes to receive in the |in|. + * + * This function behaves like `nghttp2_session_recv()` except that it + * does not use :type:`nghttp2_recv_callback` to receive data; the + * |in| is the only data for the invocation of this function. If all + * bytes are processed, this function returns. The other callbacks + * are called in the same way as they are in `nghttp2_session_recv()`. + * + * In the current implementation, this function always tries to + * processes |inlen| bytes of input data unless either an error occurs or + * :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE` is returned from + * :type:`nghttp2_on_header_callback` or + * :type:`nghttp2_on_data_chunk_recv_callback`. If + * :enum:`nghttp2_error.NGHTTP2_ERR_PAUSE` is used, the return value + * includes the number of bytes which was used to produce the data or + * frame for the callback. + * + * This function returns the number of processed bytes, or one of the + * following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_CALLBACK_FAILURE` + * The callback function failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_BAD_CLIENT_MAGIC` + * Invalid client magic was detected. This error only returns + * when |session| was configured as server and + * `nghttp2_option_set_no_recv_client_magic()` is not used with + * nonzero value. + * :enum:`nghttp2_error.NGHTTP2_ERR_FLOODED` + * Flooding was detected in this HTTP/2 session, and it must be + * closed. This is most likely caused by misbehaviour of peer. + */ +NGHTTP2_EXTERN nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session, + const uint8_t *in, + size_t inlen); + +/** + * @function + * + * Puts back previously deferred DATA frame in the stream |stream_id| + * to the outbound queue. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The stream does not exist; or no deferred data exist. + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_session_resume_data(nghttp2_session *session, + int32_t stream_id); + +/** + * @function + * + * Returns nonzero value if |session| wants to receive data from the + * remote peer. + * + * If both `nghttp2_session_want_read()` and + * `nghttp2_session_want_write()` return 0, the application should + * drop the connection. + */ +NGHTTP2_EXTERN int nghttp2_session_want_read(nghttp2_session *session); + +/** + * @function + * + * Returns nonzero value if |session| wants to send data to the remote + * peer. + * + * If both `nghttp2_session_want_read()` and + * `nghttp2_session_want_write()` return 0, the application should + * drop the connection. + */ +NGHTTP2_EXTERN int nghttp2_session_want_write(nghttp2_session *session); + +/** + * @function + * + * Returns stream_user_data for the stream |stream_id|. The + * stream_user_data is provided by `nghttp2_submit_request2()`, + * `nghttp2_submit_headers()` or + * `nghttp2_session_set_stream_user_data()`. Unless it is set using + * `nghttp2_session_set_stream_user_data()`, if the stream is + * initiated by the remote endpoint, stream_user_data is always + * ``NULL``. If the stream does not exist, this function returns + * ``NULL``. + */ +NGHTTP2_EXTERN void * +nghttp2_session_get_stream_user_data(nghttp2_session *session, + int32_t stream_id); + +/** + * @function + * + * Sets the |stream_user_data| to the stream denoted by the + * |stream_id|. If a stream user data is already set to the stream, + * it is replaced with the |stream_user_data|. It is valid to specify + * ``NULL`` in the |stream_user_data|, which nullifies the associated + * data pointer. + * + * It is valid to set the |stream_user_data| to the stream reserved by + * PUSH_PROMISE frame. + * + * This function returns 0 if it succeeds, or one of following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The stream does not exist + */ +NGHTTP2_EXTERN int +nghttp2_session_set_stream_user_data(nghttp2_session *session, + int32_t stream_id, void *stream_user_data); + +/** + * @function + * + * Sets |user_data| to |session|, overwriting the existing user data + * specified in `nghttp2_session_client_new()`, or + * `nghttp2_session_server_new()`. + */ +NGHTTP2_EXTERN void nghttp2_session_set_user_data(nghttp2_session *session, + void *user_data); + +/** + * @function + * + * Returns the number of frames in the outbound queue. This does not + * include the deferred DATA frames. + */ +NGHTTP2_EXTERN size_t +nghttp2_session_get_outbound_queue_size(nghttp2_session *session); + +/** + * @function + * + * Returns the number of DATA payload in bytes received without + * WINDOW_UPDATE transmission for the stream |stream_id|. The local + * (receive) window size can be adjusted by + * `nghttp2_submit_window_update()`. This function takes into account + * that and returns effective data length. In particular, if the + * local window size is reduced by submitting negative + * window_size_increment with `nghttp2_submit_window_update()`, this + * function returns the number of bytes less than actually received. + * + * This function returns -1 if it fails. + */ +NGHTTP2_EXTERN int32_t nghttp2_session_get_stream_effective_recv_data_length( + nghttp2_session *session, int32_t stream_id); + +/** + * @function + * + * Returns the local (receive) window size for the stream |stream_id|. + * The local window size can be adjusted by + * `nghttp2_submit_window_update()`. This function takes into account + * that and returns effective window size. + * + * This function does not take into account the amount of received + * data from the remote endpoint. Use + * `nghttp2_session_get_stream_local_window_size()` to know the amount + * of data the remote endpoint can send without receiving stream level + * WINDOW_UPDATE frame. Note that each stream is still subject to the + * connection level flow control. + * + * This function returns -1 if it fails. + */ +NGHTTP2_EXTERN int32_t nghttp2_session_get_stream_effective_local_window_size( + nghttp2_session *session, int32_t stream_id); + +/** + * @function + * + * Returns the amount of flow-controlled payload (e.g., DATA) that the + * remote endpoint can send without receiving stream level + * WINDOW_UPDATE frame. It is also subject to the connection level + * flow control. So the actual amount of data to send is + * min(`nghttp2_session_get_stream_local_window_size()`, + * `nghttp2_session_get_local_window_size()`). + * + * This function returns -1 if it fails. + */ +NGHTTP2_EXTERN int32_t nghttp2_session_get_stream_local_window_size( + nghttp2_session *session, int32_t stream_id); + +/** + * @function + * + * Returns the number of DATA payload in bytes received without + * WINDOW_UPDATE transmission for a connection. The local (receive) + * window size can be adjusted by `nghttp2_submit_window_update()`. + * This function takes into account that and returns effective data + * length. In particular, if the local window size is reduced by + * submitting negative window_size_increment with + * `nghttp2_submit_window_update()`, this function returns the number + * of bytes less than actually received. + * + * This function returns -1 if it fails. + */ +NGHTTP2_EXTERN int32_t +nghttp2_session_get_effective_recv_data_length(nghttp2_session *session); + +/** + * @function + * + * Returns the local (receive) window size for a connection. The + * local window size can be adjusted by + * `nghttp2_submit_window_update()`. This function takes into account + * that and returns effective window size. + * + * This function does not take into account the amount of received + * data from the remote endpoint. Use + * `nghttp2_session_get_local_window_size()` to know the amount of + * data the remote endpoint can send without receiving + * connection-level WINDOW_UPDATE frame. Note that each stream is + * still subject to the stream level flow control. + * + * This function returns -1 if it fails. + */ +NGHTTP2_EXTERN int32_t +nghttp2_session_get_effective_local_window_size(nghttp2_session *session); + +/** + * @function + * + * Returns the amount of flow-controlled payload (e.g., DATA) that the + * remote endpoint can send without receiving connection level + * WINDOW_UPDATE frame. Note that each stream is still subject to the + * stream level flow control (see + * `nghttp2_session_get_stream_local_window_size()`). + * + * This function returns -1 if it fails. + */ +NGHTTP2_EXTERN int32_t +nghttp2_session_get_local_window_size(nghttp2_session *session); + +/** + * @function + * + * Returns the remote window size for a given stream |stream_id|. + * + * This is the amount of flow-controlled payload (e.g., DATA) that the + * local endpoint can send without stream level WINDOW_UPDATE. There + * is also connection level flow control, so the effective size of + * payload that the local endpoint can actually send is + * min(`nghttp2_session_get_stream_remote_window_size()`, + * `nghttp2_session_get_remote_window_size()`). + * + * This function returns -1 if it fails. + */ +NGHTTP2_EXTERN int32_t nghttp2_session_get_stream_remote_window_size( + nghttp2_session *session, int32_t stream_id); + +/** + * @function + * + * Returns the remote window size for a connection. + * + * This function always succeeds. + */ +NGHTTP2_EXTERN int32_t +nghttp2_session_get_remote_window_size(nghttp2_session *session); + +/** + * @function + * + * Returns 1 if local peer half closed the given stream |stream_id|. + * Returns 0 if it did not. Returns -1 if no such stream exists. + */ +NGHTTP2_EXTERN int +nghttp2_session_get_stream_local_close(nghttp2_session *session, + int32_t stream_id); + +/** + * @function + * + * Returns 1 if remote peer half closed the given stream |stream_id|. + * Returns 0 if it did not. Returns -1 if no such stream exists. + */ +NGHTTP2_EXTERN int +nghttp2_session_get_stream_remote_close(nghttp2_session *session, + int32_t stream_id); + +/** + * @function + * + * Returns the current dynamic table size of HPACK inflater, including + * the overhead 32 bytes per entry described in RFC 7541. + */ +NGHTTP2_EXTERN size_t +nghttp2_session_get_hd_inflate_dynamic_table_size(nghttp2_session *session); + +/** + * @function + * + * Returns the current dynamic table size of HPACK deflater including + * the overhead 32 bytes per entry described in RFC 7541. + */ +NGHTTP2_EXTERN size_t +nghttp2_session_get_hd_deflate_dynamic_table_size(nghttp2_session *session); + +/** + * @function + * + * Signals the session so that the connection should be terminated. + * + * The last stream ID is the minimum value between the stream ID of a + * stream for which :type:`nghttp2_on_frame_recv_callback` was called + * most recently and the last stream ID we have sent to the peer + * previously. + * + * The |error_code| is the error code of this GOAWAY frame. The + * pre-defined error code is one of :enum:`nghttp2_error_code`. + * + * After the transmission, both `nghttp2_session_want_read()` and + * `nghttp2_session_want_write()` return 0. + * + * This function should be called when the connection should be + * terminated after sending GOAWAY. If the remaining streams should + * be processed after GOAWAY, use `nghttp2_submit_goaway()` instead. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_session_terminate_session(nghttp2_session *session, + uint32_t error_code); + +/** + * @function + * + * Signals the session so that the connection should be terminated. + * + * This function behaves like `nghttp2_session_terminate_session()`, + * but the last stream ID can be specified by the application for fine + * grained control of stream. The HTTP/2 specification does not allow + * last_stream_id to be increased. So the actual value sent as + * last_stream_id is the minimum value between the given + * |last_stream_id| and the last_stream_id we have previously sent to + * the peer. + * + * The |last_stream_id| is peer's stream ID or 0. So if |session| is + * initialized as client, |last_stream_id| must be even or 0. If + * |session| is initialized as server, |last_stream_id| must be odd or + * 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |last_stream_id| is invalid. + */ +NGHTTP2_EXTERN int nghttp2_session_terminate_session2(nghttp2_session *session, + int32_t last_stream_id, + uint32_t error_code); + +/** + * @function + * + * Signals to the client that the server started graceful shutdown + * procedure. + * + * This function is only usable for server. If this function is + * called with client side session, this function returns + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE`. + * + * To gracefully shutdown HTTP/2 session, server should call this + * function to send GOAWAY with last_stream_id (1u << 31) - 1. And + * after some delay (e.g., 1 RTT), send another GOAWAY with the stream + * ID that the server has some processing using + * `nghttp2_submit_goaway()`. See also + * `nghttp2_session_get_last_proc_stream_id()`. + * + * Unlike `nghttp2_submit_goaway()`, this function just sends GOAWAY + * and does nothing more. This is a mere indication to the client + * that session shutdown is imminent. The application should call + * `nghttp2_submit_goaway()` with appropriate last_stream_id after + * this call. + * + * If one or more GOAWAY frame have been already sent by either + * `nghttp2_submit_goaway()` or `nghttp2_session_terminate_session()`, + * this function has no effect. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * The |session| is initialized as client. + */ +NGHTTP2_EXTERN int nghttp2_submit_shutdown_notice(nghttp2_session *session); + +/** + * @function + * + * Returns the value of SETTINGS |id| notified by a remote endpoint. + * The |id| must be one of values defined in + * :enum:`nghttp2_settings_id`. + */ +NGHTTP2_EXTERN uint32_t nghttp2_session_get_remote_settings( + nghttp2_session *session, nghttp2_settings_id id); + +/** + * @function + * + * Returns the value of SETTINGS |id| of local endpoint acknowledged + * by the remote endpoint. The |id| must be one of the values defined + * in :enum:`nghttp2_settings_id`. + */ +NGHTTP2_EXTERN uint32_t nghttp2_session_get_local_settings( + nghttp2_session *session, nghttp2_settings_id id); + +/** + * @function + * + * Tells the |session| that next stream ID is |next_stream_id|. The + * |next_stream_id| must be equal or greater than the value returned + * by `nghttp2_session_get_next_stream_id()`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |next_stream_id| is strictly less than the value + * `nghttp2_session_get_next_stream_id()` returns; or + * |next_stream_id| is invalid (e.g., even integer for client, or + * odd integer for server). + */ +NGHTTP2_EXTERN int nghttp2_session_set_next_stream_id(nghttp2_session *session, + int32_t next_stream_id); + +/** + * @function + * + * Returns the next outgoing stream ID. Notice that return type is + * uint32_t. If we run out of stream ID for this session, this + * function returns 1 << 31. + */ +NGHTTP2_EXTERN uint32_t +nghttp2_session_get_next_stream_id(nghttp2_session *session); + +/** + * @function + * + * Tells the |session| that |size| bytes for a stream denoted by + * |stream_id| were consumed by application and are ready to + * WINDOW_UPDATE. The consumed bytes are counted towards both + * connection and stream level WINDOW_UPDATE (see + * `nghttp2_session_consume_connection()` and + * `nghttp2_session_consume_stream()` to update consumption + * independently). This function is intended to be used without + * automatic window update (see + * `nghttp2_option_set_no_auto_window_update()`). + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * Automatic WINDOW_UPDATE is not disabled. + */ +NGHTTP2_EXTERN int nghttp2_session_consume(nghttp2_session *session, + int32_t stream_id, size_t size); + +/** + * @function + * + * Like `nghttp2_session_consume()`, but this only tells library that + * |size| bytes were consumed only for connection level. Note that + * HTTP/2 maintains connection and stream level flow control windows + * independently. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * Automatic WINDOW_UPDATE is not disabled. + */ +NGHTTP2_EXTERN int nghttp2_session_consume_connection(nghttp2_session *session, + size_t size); + +/** + * @function + * + * Like `nghttp2_session_consume()`, but this only tells library that + * |size| bytes were consumed only for stream denoted by |stream_id|. + * Note that HTTP/2 maintains connection and stream level flow control + * windows independently. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * Automatic WINDOW_UPDATE is not disabled. + */ +NGHTTP2_EXTERN int nghttp2_session_consume_stream(nghttp2_session *session, + int32_t stream_id, + size_t size); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function is noop. It always returns 0. + */ +NGHTTP2_EXTERN int +nghttp2_session_change_stream_priority(nghttp2_session *session, + int32_t stream_id, + const nghttp2_priority_spec *pri_spec); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function is noop. It always returns 0. + */ +NGHTTP2_EXTERN int +nghttp2_session_create_idle_stream(nghttp2_session *session, int32_t stream_id, + const nghttp2_priority_spec *pri_spec); + +/** + * @function + * + * .. warning:: + * + * This function is deprecated in favor of + * `nghttp2_session_upgrade2()`, because this function lacks the + * parameter to tell the library the request method used in the + * original HTTP request. This information is required for client + * to validate actual response body length against content-length + * header field (see `nghttp2_option_set_no_http_messaging()`). If + * HEAD is used in request, the length of response body must be 0 + * regardless of value included in content-length header field. + * + * Performs post-process of HTTP Upgrade request. This function can + * be called from both client and server, but the behavior is very + * different in each other. + * + * If called from client side, the |settings_payload| must be the + * value sent in ``HTTP2-Settings`` header field and must be decoded + * by base64url decoder. The |settings_payloadlen| is the length of + * |settings_payload|. The |settings_payload| is unpacked and its + * setting values will be submitted using `nghttp2_submit_settings()`. + * This means that the client application code does not need to submit + * SETTINGS by itself. The stream with stream ID=1 is opened and the + * |stream_user_data| is used for its stream_user_data. The opened + * stream becomes half-closed (local) state. + * + * If called from server side, the |settings_payload| must be the + * value received in ``HTTP2-Settings`` header field and must be + * decoded by base64url decoder. The |settings_payloadlen| is the + * length of |settings_payload|. It is treated as if the SETTINGS + * frame with that payload is received. Thus, callback functions for + * the reception of SETTINGS frame will be invoked. The stream with + * stream ID=1 is opened. The |stream_user_data| is ignored. The + * opened stream becomes half-closed (remote). + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |settings_payload| is badly formed. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * The stream ID 1 is already used or closed; or is not available. + */ +NGHTTP2_EXTERN int nghttp2_session_upgrade(nghttp2_session *session, + const uint8_t *settings_payload, + size_t settings_payloadlen, + void *stream_user_data); + +/** + * @function + * + * Performs post-process of HTTP Upgrade request. This function can + * be called from both client and server, but the behavior is very + * different in each other. + * + * If called from client side, the |settings_payload| must be the + * value sent in ``HTTP2-Settings`` header field and must be decoded + * by base64url decoder. The |settings_payloadlen| is the length of + * |settings_payload|. The |settings_payload| is unpacked and its + * setting values will be submitted using `nghttp2_submit_settings()`. + * This means that the client application code does not need to submit + * SETTINGS by itself. The stream with stream ID=1 is opened and the + * |stream_user_data| is used for its stream_user_data. The opened + * stream becomes half-closed (local) state. + * + * If called from server side, the |settings_payload| must be the + * value received in ``HTTP2-Settings`` header field and must be + * decoded by base64url decoder. The |settings_payloadlen| is the + * length of |settings_payload|. It is treated as if the SETTINGS + * frame with that payload is received. Thus, callback functions for + * the reception of SETTINGS frame will be invoked. The stream with + * stream ID=1 is opened. The |stream_user_data| is ignored. The + * opened stream becomes half-closed (remote). + * + * If the request method is HEAD, pass nonzero value to + * |head_request|. Otherwise, pass 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |settings_payload| is badly formed. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * The stream ID 1 is already used or closed; or is not available. + */ +NGHTTP2_EXTERN int nghttp2_session_upgrade2(nghttp2_session *session, + const uint8_t *settings_payload, + size_t settings_payloadlen, + int head_request, + void *stream_user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_pack_settings_payload2()` instead. + * + * Serializes the SETTINGS values |iv| in the |buf|. The size of the + * |buf| is specified by |buflen|. The number of entries in the |iv| + * array is given by |niv|. The required space in |buf| for the |niv| + * entries is ``6*niv`` bytes and if the given buffer is too small, an + * error is returned. This function is used mainly for creating a + * SETTINGS payload to be sent with the ``HTTP2-Settings`` header + * field in an HTTP Upgrade request. The data written in |buf| is NOT + * base64url encoded and the application is responsible for encoding. + * + * This function returns the number of bytes written in |buf|, or one + * of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |iv| contains duplicate settings ID or invalid value. + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE` + * The provided |buflen| size is too small to hold the output. + */ +NGHTTP2_EXTERN ssize_t nghttp2_pack_settings_payload( + uint8_t *buf, size_t buflen, const nghttp2_settings_entry *iv, size_t niv); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Serializes the SETTINGS values |iv| in the |buf|. The size of the + * |buf| is specified by |buflen|. The number of entries in the |iv| + * array is given by |niv|. The required space in |buf| for the |niv| + * entries is ``6*niv`` bytes and if the given buffer is too small, an + * error is returned. This function is used mainly for creating a + * SETTINGS payload to be sent with the ``HTTP2-Settings`` header + * field in an HTTP Upgrade request. The data written in |buf| is NOT + * base64url encoded and the application is responsible for encoding. + * + * This function returns the number of bytes written in |buf|, or one + * of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |iv| contains duplicate settings ID or invalid value. + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE` + * The provided |buflen| size is too small to hold the output. + */ +NGHTTP2_EXTERN nghttp2_ssize nghttp2_pack_settings_payload2( + uint8_t *buf, size_t buflen, const nghttp2_settings_entry *iv, size_t niv); + +/** + * @function + * + * Returns string describing the |lib_error_code|. The + * |lib_error_code| must be one of the :enum:`nghttp2_error`. + */ +NGHTTP2_EXTERN const char *nghttp2_strerror(int lib_error_code); + +/** + * @function + * + * Returns string representation of HTTP/2 error code |error_code| + * (e.g., ``PROTOCOL_ERROR`` is returned if ``error_code == + * NGHTTP2_PROTOCOL_ERROR``). If string representation is unknown for + * given |error_code|, this function returns string ``unknown``. + */ +NGHTTP2_EXTERN const char *nghttp2_http2_strerror(uint32_t error_code); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * Initializes |pri_spec| with the |stream_id| of the stream to depend + * on with |weight| and its exclusive flag. If |exclusive| is + * nonzero, exclusive flag is set. + * + * The |weight| must be in [:macro:`NGHTTP2_MIN_WEIGHT`, + * :macro:`NGHTTP2_MAX_WEIGHT`], inclusive. + */ +NGHTTP2_EXTERN void nghttp2_priority_spec_init(nghttp2_priority_spec *pri_spec, + int32_t stream_id, + int32_t weight, int exclusive); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * Initializes |pri_spec| with the default values. The default values + * are: stream_id = 0, weight = :macro:`NGHTTP2_DEFAULT_WEIGHT` and + * exclusive = 0. + */ +NGHTTP2_EXTERN void +nghttp2_priority_spec_default_init(nghttp2_priority_spec *pri_spec); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * Returns nonzero if the |pri_spec| is filled with default values. + */ +NGHTTP2_EXTERN int +nghttp2_priority_spec_check_default(const nghttp2_priority_spec *pri_spec); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_submit_request2()` instead. + * + * Submits HEADERS frame and optionally one or more DATA frames. + * + * The |pri_spec| is ignored. + * + * The |nva| is an array of name/value pair :type:`nghttp2_nv` with + * |nvlen| elements. The application is responsible to include + * required pseudo-header fields (header field whose name starts with + * ":") in |nva| and must place pseudo-headers before regular header + * fields. + * + * This function creates copies of all name/value pairs in |nva|. It + * also lower-cases all names in |nva|. The order of elements in + * |nva| is preserved. For header fields with + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME` and + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE` are set, + * header field name and value are not copied respectively. With + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`, application + * is responsible to pass header field name in lowercase. The + * application should maintain the references to them until + * :type:`nghttp2_on_frame_send_callback` or + * :type:`nghttp2_on_frame_not_send_callback` is called. + * + * HTTP/2 specification has requirement about header fields in the + * request HEADERS. See the specification for more details. + * + * If |data_prd| is not ``NULL``, it provides data which will be sent + * in subsequent DATA frames. In this case, a method that allows + * request message bodies + * (https://tools.ietf.org/html/rfc7231#section-4) must be specified + * with ``:method`` key in |nva| (e.g. ``POST``). This function does + * not take ownership of the |data_prd|. The function copies the + * members of the |data_prd|. If |data_prd| is ``NULL``, HEADERS have + * END_STREAM set. The |stream_user_data| is data associated to the + * stream opened by this request and can be an arbitrary pointer, + * which can be retrieved later by + * `nghttp2_session_get_stream_user_data()`. + * + * This function returns assigned stream ID if it succeeds, or one of + * the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_STREAM_ID_NOT_AVAILABLE` + * No stream ID is available because maximum stream ID was + * reached. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * The |session| is server session. + * + * .. warning:: + * + * This function returns assigned stream ID if it succeeds. But + * that stream is not created yet. The application must not submit + * frame to that stream ID before + * :type:`nghttp2_before_frame_send_callback` is called for this + * frame. This means `nghttp2_session_get_stream_user_data()` does + * not work before the callback. But + * `nghttp2_session_set_stream_user_data()` handles this situation + * specially, and it can set data to a stream during this period. + * + */ +NGHTTP2_EXTERN int32_t nghttp2_submit_request( + nghttp2_session *session, const nghttp2_priority_spec *pri_spec, + const nghttp2_nv *nva, size_t nvlen, const nghttp2_data_provider *data_prd, + void *stream_user_data); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Submits HEADERS frame and optionally one or more DATA frames. + * + * The |pri_spec| is ignored. + * + * The |nva| is an array of name/value pair :type:`nghttp2_nv` with + * |nvlen| elements. The application is responsible to include + * required pseudo-header fields (header field whose name starts with + * ":") in |nva| and must place pseudo-headers before regular header + * fields. + * + * This function creates copies of all name/value pairs in |nva|. It + * also lower-cases all names in |nva|. The order of elements in + * |nva| is preserved. For header fields with + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME` and + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE` are set, + * header field name and value are not copied respectively. With + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`, application + * is responsible to pass header field name in lowercase. The + * application should maintain the references to them until + * :type:`nghttp2_on_frame_send_callback` or + * :type:`nghttp2_on_frame_not_send_callback` is called. + * + * HTTP/2 specification has requirement about header fields in the + * request HEADERS. See the specification for more details. + * + * If |data_prd| is not ``NULL``, it provides data which will be sent + * in subsequent DATA frames. In this case, a method that allows + * request message bodies + * (https://tools.ietf.org/html/rfc7231#section-4) must be specified + * with ``:method`` key in |nva| (e.g. ``POST``). This function does + * not take ownership of the |data_prd|. The function copies the + * members of the |data_prd|. If |data_prd| is ``NULL``, HEADERS have + * END_STREAM set. The |stream_user_data| is data associated to the + * stream opened by this request and can be an arbitrary pointer, + * which can be retrieved later by + * `nghttp2_session_get_stream_user_data()`. + * + * This function returns assigned stream ID if it succeeds, or one of + * the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_STREAM_ID_NOT_AVAILABLE` + * No stream ID is available because maximum stream ID was + * reached. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * The |session| is server session. + * + * .. warning:: + * + * This function returns assigned stream ID if it succeeds. But + * that stream is not created yet. The application must not submit + * frame to that stream ID before + * :type:`nghttp2_before_frame_send_callback` is called for this + * frame. This means `nghttp2_session_get_stream_user_data()` does + * not work before the callback. But + * `nghttp2_session_set_stream_user_data()` handles this situation + * specially, and it can set data to a stream during this period. + * + */ +NGHTTP2_EXTERN int32_t nghttp2_submit_request2( + nghttp2_session *session, const nghttp2_priority_spec *pri_spec, + const nghttp2_nv *nva, size_t nvlen, const nghttp2_data_provider2 *data_prd, + void *stream_user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_submit_response2()` instead. + * + * Submits response HEADERS frame and optionally one or more DATA + * frames against the stream |stream_id|. + * + * The |nva| is an array of name/value pair :type:`nghttp2_nv` with + * |nvlen| elements. The application is responsible to include + * required pseudo-header fields (header field whose name starts with + * ":") in |nva| and must place pseudo-headers before regular header + * fields. + * + * This function creates copies of all name/value pairs in |nva|. It + * also lower-cases all names in |nva|. The order of elements in + * |nva| is preserved. For header fields with + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME` and + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE` are set, + * header field name and value are not copied respectively. With + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`, application + * is responsible to pass header field name in lowercase. The + * application should maintain the references to them until + * :type:`nghttp2_on_frame_send_callback` or + * :type:`nghttp2_on_frame_not_send_callback` is called. + * + * HTTP/2 specification has requirement about header fields in the + * response HEADERS. See the specification for more details. + * + * If |data_prd| is not ``NULL``, it provides data which will be sent + * in subsequent DATA frames. This function does not take ownership + * of the |data_prd|. The function copies the members of the + * |data_prd|. If |data_prd| is ``NULL``, HEADERS will have + * END_STREAM flag set. + * + * This method can be used as normal HTTP response and push response. + * When pushing a resource using this function, the |session| must be + * configured using `nghttp2_session_server_new()` or its variants and + * the target stream denoted by the |stream_id| must be reserved using + * `nghttp2_submit_push_promise()`. + * + * To send non-final response headers (e.g., HTTP status 101), don't + * use this function because this function half-closes the outbound + * stream. Instead, use `nghttp2_submit_headers()` for this purpose. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + * :enum:`nghttp2_error.NGHTTP2_ERR_DATA_EXIST` + * DATA or HEADERS has been already submitted and not fully + * processed yet. Normally, this does not happen, but when + * application wrongly calls `nghttp2_submit_response()` twice, + * this may happen. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * The |session| is client session. + * + * .. warning:: + * + * Calling this function twice for the same stream ID may lead to + * program crash. It is generally considered to a programming error + * to commit response twice. + */ +NGHTTP2_EXTERN int +nghttp2_submit_response(nghttp2_session *session, int32_t stream_id, + const nghttp2_nv *nva, size_t nvlen, + const nghttp2_data_provider *data_prd); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Submits response HEADERS frame and optionally one or more DATA + * frames against the stream |stream_id|. + * + * The |nva| is an array of name/value pair :type:`nghttp2_nv` with + * |nvlen| elements. The application is responsible to include + * required pseudo-header fields (header field whose name starts with + * ":") in |nva| and must place pseudo-headers before regular header + * fields. + * + * This function creates copies of all name/value pairs in |nva|. It + * also lower-cases all names in |nva|. The order of elements in + * |nva| is preserved. For header fields with + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME` and + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE` are set, + * header field name and value are not copied respectively. With + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`, application + * is responsible to pass header field name in lowercase. The + * application should maintain the references to them until + * :type:`nghttp2_on_frame_send_callback` or + * :type:`nghttp2_on_frame_not_send_callback` is called. + * + * HTTP/2 specification has requirement about header fields in the + * response HEADERS. See the specification for more details. + * + * If |data_prd| is not ``NULL``, it provides data which will be sent + * in subsequent DATA frames. This function does not take ownership + * of the |data_prd|. The function copies the members of the + * |data_prd|. If |data_prd| is ``NULL``, HEADERS will have + * END_STREAM flag set. + * + * This method can be used as normal HTTP response and push response. + * When pushing a resource using this function, the |session| must be + * configured using `nghttp2_session_server_new()` or its variants and + * the target stream denoted by the |stream_id| must be reserved using + * `nghttp2_submit_push_promise()`. + * + * To send non-final response headers (e.g., HTTP status 101), don't + * use this function because this function half-closes the outbound + * stream. Instead, use `nghttp2_submit_headers()` for this purpose. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + * :enum:`nghttp2_error.NGHTTP2_ERR_DATA_EXIST` + * DATA or HEADERS has been already submitted and not fully + * processed yet. Normally, this does not happen, but when + * application wrongly calls `nghttp2_submit_response2()` twice, + * this may happen. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * The |session| is client session. + * + * .. warning:: + * + * Calling this function twice for the same stream ID may lead to + * program crash. It is generally considered to a programming error + * to commit response twice. + */ +NGHTTP2_EXTERN int +nghttp2_submit_response2(nghttp2_session *session, int32_t stream_id, + const nghttp2_nv *nva, size_t nvlen, + const nghttp2_data_provider2 *data_prd); + +/** + * @function + * + * Submits trailer fields HEADERS against the stream |stream_id|. + * + * The |nva| is an array of name/value pair :type:`nghttp2_nv` with + * |nvlen| elements. The application must not include pseudo-header + * fields (headers whose names starts with ":") in |nva|. + * + * This function creates copies of all name/value pairs in |nva|. It + * also lower-cases all names in |nva|. The order of elements in + * |nva| is preserved. For header fields with + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME` and + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE` are set, + * header field name and value are not copied respectively. With + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`, application + * is responsible to pass header field name in lowercase. The + * application should maintain the references to them until + * :type:`nghttp2_on_frame_send_callback` or + * :type:`nghttp2_on_frame_not_send_callback` is called. + * + * For server, trailer fields must follow response HEADERS or response + * DATA without END_STREAM flat set. The library does not enforce + * this requirement, and applications should do this for themselves. + * If `nghttp2_submit_trailer()` is called before any response HEADERS + * submission (usually by `nghttp2_submit_response2()`), the content + * of |nva| will be sent as response headers, which will result in + * error. + * + * This function has the same effect with `nghttp2_submit_headers()`, + * with flags = :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM` and both + * pri_spec and stream_user_data to NULL. + * + * To submit trailer fields after `nghttp2_submit_response2()` is + * called, the application has to specify + * :type:`nghttp2_data_provider2` to `nghttp2_submit_response2()`. + * Inside of :type:`nghttp2_data_source_read_callback2`, when setting + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_EOF`, also set + * :enum:`nghttp2_data_flag.NGHTTP2_DATA_FLAG_NO_END_STREAM`. After + * that, the application can send trailer fields using + * `nghttp2_submit_trailer()`. `nghttp2_submit_trailer()` can be used + * inside :type:`nghttp2_data_source_read_callback2`. + * + * This function returns 0 if it succeeds and |stream_id| is -1. + * Otherwise, this function returns 0 if it succeeds, or one of the + * following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + */ +NGHTTP2_EXTERN int nghttp2_submit_trailer(nghttp2_session *session, + int32_t stream_id, + const nghttp2_nv *nva, size_t nvlen); + +/** + * @function + * + * Submits HEADERS frame. The |flags| is bitwise OR of the + * following values: + * + * * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM` + * + * If |flags| includes :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM`, + * this frame has END_STREAM flag set. + * + * The library handles the CONTINUATION frame internally and it + * correctly sets END_HEADERS to the last sequence of the PUSH_PROMISE + * or CONTINUATION frame. + * + * If the |stream_id| is -1, this frame is assumed as request (i.e., + * request HEADERS frame which opens new stream). In this case, the + * assigned stream ID will be returned. Otherwise, specify stream ID + * in |stream_id|. + * + * The |pri_spec| is ignored. + * + * The |nva| is an array of name/value pair :type:`nghttp2_nv` with + * |nvlen| elements. The application is responsible to include + * required pseudo-header fields (header field whose name starts with + * ":") in |nva| and must place pseudo-headers before regular header + * fields. + * + * This function creates copies of all name/value pairs in |nva|. It + * also lower-cases all names in |nva|. The order of elements in + * |nva| is preserved. For header fields with + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME` and + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE` are set, + * header field name and value are not copied respectively. With + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`, application + * is responsible to pass header field name in lowercase. The + * application should maintain the references to them until + * :type:`nghttp2_on_frame_send_callback` or + * :type:`nghttp2_on_frame_not_send_callback` is called. + * + * The |stream_user_data| is a pointer to an arbitrary data which is + * associated to the stream this frame will open. Therefore it is + * only used if this frame opens streams, in other words, it changes + * stream state from idle or reserved to open. + * + * This function is low-level in a sense that the application code can + * specify flags directly. For usual HTTP request, + * `nghttp2_submit_request2()` is useful. Likewise, for HTTP + * response, prefer `nghttp2_submit_response2()`. + * + * This function returns newly assigned stream ID if it succeeds and + * |stream_id| is -1. Otherwise, this function returns 0 if it + * succeeds, or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_STREAM_ID_NOT_AVAILABLE` + * No stream ID is available because maximum stream ID was + * reached. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + * :enum:`nghttp2_error.NGHTTP2_ERR_DATA_EXIST` + * DATA or HEADERS has been already submitted and not fully + * processed yet. This happens if stream denoted by |stream_id| + * is in reserved state. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * The |stream_id| is -1, and |session| is server session. + * + * .. warning:: + * + * This function returns assigned stream ID if it succeeds and + * |stream_id| is -1. But that stream is not opened yet. The + * application must not submit frame to that stream ID before + * :type:`nghttp2_before_frame_send_callback` is called for this + * frame. + * + */ +NGHTTP2_EXTERN int32_t nghttp2_submit_headers( + nghttp2_session *session, uint8_t flags, int32_t stream_id, + const nghttp2_priority_spec *pri_spec, const nghttp2_nv *nva, size_t nvlen, + void *stream_user_data); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_submit_data2()` instead. + * + * Submits one or more DATA frames to the stream |stream_id|. The + * data to be sent are provided by |data_prd|. If |flags| contains + * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM`, the last DATA frame + * has END_STREAM flag set. + * + * This function does not take ownership of the |data_prd|. The + * function copies the members of the |data_prd|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_DATA_EXIST` + * DATA or HEADERS has been already submitted and not fully + * processed yet. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + * :enum:`nghttp2_error.NGHTTP2_ERR_STREAM_CLOSED` + * The stream was already closed; or the |stream_id| is invalid. + * + * .. note:: + * + * Currently, only one DATA or HEADERS is allowed for a stream at a + * time. Submitting these frames more than once before first DATA + * or HEADERS is finished results in + * :enum:`nghttp2_error.NGHTTP2_ERR_DATA_EXIST` error code. The + * earliest callback which tells that previous frame is done is + * :type:`nghttp2_on_frame_send_callback`. In side that callback, + * new data can be submitted using `nghttp2_submit_data()`. Of + * course, all data except for last one must not have + * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM` flag set in |flags|. + * This sounds a bit complicated, and we recommend to use + * `nghttp2_submit_request()` and `nghttp2_submit_response()` to + * avoid this cascading issue. The experience shows that for HTTP + * use, these two functions are enough to implement both client and + * server. + */ +NGHTTP2_EXTERN int nghttp2_submit_data(nghttp2_session *session, uint8_t flags, + int32_t stream_id, + const nghttp2_data_provider *data_prd); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Submits one or more DATA frames to the stream |stream_id|. The + * data to be sent are provided by |data_prd|. If |flags| contains + * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM`, the last DATA frame + * has END_STREAM flag set. + * + * This function does not take ownership of the |data_prd|. The + * function copies the members of the |data_prd|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_DATA_EXIST` + * DATA or HEADERS has been already submitted and not fully + * processed yet. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + * :enum:`nghttp2_error.NGHTTP2_ERR_STREAM_CLOSED` + * The stream was already closed; or the |stream_id| is invalid. + * + * .. note:: + * + * Currently, only one DATA or HEADERS is allowed for a stream at a + * time. Submitting these frames more than once before first DATA + * or HEADERS is finished results in + * :enum:`nghttp2_error.NGHTTP2_ERR_DATA_EXIST` error code. The + * earliest callback which tells that previous frame is done is + * :type:`nghttp2_on_frame_send_callback`. In side that callback, + * new data can be submitted using `nghttp2_submit_data2()`. Of + * course, all data except for last one must not have + * :enum:`nghttp2_flag.NGHTTP2_FLAG_END_STREAM` flag set in |flags|. + * This sounds a bit complicated, and we recommend to use + * `nghttp2_submit_request2()` and `nghttp2_submit_response2()` to + * avoid this cascading issue. The experience shows that for HTTP + * use, these two functions are enough to implement both client and + * server. + */ +NGHTTP2_EXTERN int nghttp2_submit_data2(nghttp2_session *session, uint8_t flags, + int32_t stream_id, + const nghttp2_data_provider2 *data_prd); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function is noop. It always returns 0. + */ +NGHTTP2_EXTERN int +nghttp2_submit_priority(nghttp2_session *session, uint8_t flags, + int32_t stream_id, + const nghttp2_priority_spec *pri_spec); + +/** + * @macro + * + * :macro:`NGHTTP2_EXTPRI_DEFAULT_URGENCY` is the default urgency + * level for :rfc:`9218` extensible priorities. + */ +#define NGHTTP2_EXTPRI_DEFAULT_URGENCY 3 + +/** + * @macro + * + * :macro:`NGHTTP2_EXTPRI_URGENCY_HIGH` is the highest urgency level + * for :rfc:`9218` extensible priorities. + */ +#define NGHTTP2_EXTPRI_URGENCY_HIGH 0 + +/** + * @macro + * + * :macro:`NGHTTP2_EXTPRI_URGENCY_LOW` is the lowest urgency level for + * :rfc:`9218` extensible priorities. + */ +#define NGHTTP2_EXTPRI_URGENCY_LOW 7 + +/** + * @macro + * + * :macro:`NGHTTP2_EXTPRI_URGENCY_LEVELS` is the number of urgency + * levels for :rfc:`9218` extensible priorities. + */ +#define NGHTTP2_EXTPRI_URGENCY_LEVELS (NGHTTP2_EXTPRI_URGENCY_LOW + 1) + +/** + * @struct + * + * :type:`nghttp2_extpri` is :rfc:`9218` extensible priorities + * specification for a stream. + */ +typedef struct nghttp2_extpri { + /** + * :member:`urgency` is the urgency of a stream, it must be in + * [:macro:`NGHTTP2_EXTPRI_URGENCY_HIGH`, + * :macro:`NGHTTP2_EXTPRI_URGENCY_LOW`], inclusive, and 0 is the + * highest urgency. + */ + uint32_t urgency; + /** + * :member:`inc` indicates that a content can be processed + * incrementally or not. If inc is 0, it cannot be processed + * incrementally. If inc is 1, it can be processed incrementally. + * Other value is not permitted. + */ + int inc; +} nghttp2_extpri; + +/** + * @function + * + * Submits RST_STREAM frame to cancel/reject the stream |stream_id| + * with the error code |error_code|. + * + * The pre-defined error code is one of :enum:`nghttp2_error_code`. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0. + */ +NGHTTP2_EXTERN int nghttp2_submit_rst_stream(nghttp2_session *session, + uint8_t flags, int32_t stream_id, + uint32_t error_code); + +/** + * @function + * + * Stores local settings and submits SETTINGS frame. The |iv| is the + * pointer to the array of :type:`nghttp2_settings_entry`. The |niv| + * indicates the number of :type:`nghttp2_settings_entry`. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * This function does not take ownership of the |iv|. This function + * copies all the elements in the |iv|. + * + * While updating individual stream's local window size, if the window + * size becomes strictly larger than NGHTTP2_MAX_WINDOW_SIZE, + * RST_STREAM is issued against such a stream. + * + * SETTINGS with :enum:`nghttp2_flag.NGHTTP2_FLAG_ACK` is + * automatically submitted by the library and application could not + * send it at its will. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |iv| contains invalid value (e.g., initial window size + * strictly greater than (1 << 31) - 1. + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_submit_settings(nghttp2_session *session, + uint8_t flags, + const nghttp2_settings_entry *iv, + size_t niv); + +/** + * @function + * + * Submits PUSH_PROMISE frame. + * + * The |flags| is currently ignored. The library handles the + * CONTINUATION frame internally and it correctly sets END_HEADERS to + * the last sequence of the PUSH_PROMISE or CONTINUATION frame. + * + * The |stream_id| must be client initiated stream ID. + * + * The |nva| is an array of name/value pair :type:`nghttp2_nv` with + * |nvlen| elements. The application is responsible to include + * required pseudo-header fields (header field whose name starts with + * ":") in |nva| and must place pseudo-headers before regular header + * fields. + * + * This function creates copies of all name/value pairs in |nva|. It + * also lower-cases all names in |nva|. The order of elements in + * |nva| is preserved. For header fields with + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME` and + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE` are set, + * header field name and value are not copied respectively. With + * :enum:`nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME`, application + * is responsible to pass header field name in lowercase. The + * application should maintain the references to them until + * :type:`nghttp2_on_frame_send_callback` or + * :type:`nghttp2_on_frame_not_send_callback` is called. + * + * The |promised_stream_user_data| is a pointer to an arbitrary data + * which is associated to the promised stream this frame will open and + * make it in reserved state. It is available using + * `nghttp2_session_get_stream_user_data()`. The application can + * access it in :type:`nghttp2_before_frame_send_callback` and + * :type:`nghttp2_on_frame_send_callback` of this frame. + * + * The client side is not allowed to use this function. + * + * To submit response headers and data, use + * `nghttp2_submit_response2()`. + * + * This function returns assigned promised stream ID if it succeeds, + * or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_PROTO` + * This function was invoked when |session| is initialized as + * client. + * :enum:`nghttp2_error.NGHTTP2_ERR_STREAM_ID_NOT_AVAILABLE` + * No stream ID is available because maximum stream ID was + * reached. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is 0; The |stream_id| does not designate stream + * that peer initiated. + * :enum:`nghttp2_error.NGHTTP2_ERR_STREAM_CLOSED` + * The stream was already closed; or the |stream_id| is invalid. + * + * .. warning:: + * + * This function returns assigned promised stream ID if it succeeds. + * As of 1.16.0, stream object for pushed resource is created when + * this function succeeds. In that case, the application can submit + * push response for the promised frame. + * + * In 1.15.0 or prior versions, pushed stream is not opened yet when + * this function succeeds. The application must not submit frame to + * that stream ID before :type:`nghttp2_before_frame_send_callback` + * is called for this frame. + * + */ +NGHTTP2_EXTERN int32_t nghttp2_submit_push_promise( + nghttp2_session *session, uint8_t flags, int32_t stream_id, + const nghttp2_nv *nva, size_t nvlen, void *promised_stream_user_data); + +/** + * @function + * + * Submits PING frame. You don't have to send PING back when you + * received PING frame. The library automatically submits PING frame + * in this case. + * + * The |flags| is bitwise OR of 0 or more of the following value. + * + * * :enum:`nghttp2_flag.NGHTTP2_FLAG_ACK` + * + * Unless `nghttp2_option_set_no_auto_ping_ack()` is used, the |flags| + * should be :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * If the |opaque_data| is non ``NULL``, then it should point to the 8 + * bytes array of memory to specify opaque data to send with PING + * frame. If the |opaque_data| is ``NULL``, zero-cleared 8 bytes will + * be sent as opaque data. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_submit_ping(nghttp2_session *session, uint8_t flags, + const uint8_t *opaque_data); + +/** + * @function + * + * Submits GOAWAY frame with the last stream ID |last_stream_id| and + * the error code |error_code|. + * + * The pre-defined error code is one of :enum:`nghttp2_error_code`. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * The |last_stream_id| is peer's stream ID or 0. So if |session| is + * initialized as client, |last_stream_id| must be even or 0. If + * |session| is initialized as server, |last_stream_id| must be odd or + * 0. + * + * The HTTP/2 specification says last_stream_id must not be increased + * from the value previously sent. So the actual value sent as + * last_stream_id is the minimum value between the given + * |last_stream_id| and the last_stream_id previously sent to the + * peer. + * + * If the |opaque_data| is not ``NULL`` and |opaque_data_len| is not + * zero, those data will be sent as additional debug data. The + * library makes a copy of the memory region pointed by |opaque_data| + * with the length |opaque_data_len|, so the caller does not need to + * keep this memory after the return of this function. If the + * |opaque_data_len| is 0, the |opaque_data| could be ``NULL``. + * + * After successful transmission of GOAWAY, following things happen. + * All incoming streams having strictly more than |last_stream_id| are + * closed. All incoming HEADERS which starts new stream are simply + * ignored. After all active streams are handled, both + * `nghttp2_session_want_read()` and `nghttp2_session_want_write()` + * return 0 and the application can close session. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |opaque_data_len| is too large; the |last_stream_id| is + * invalid. + */ +NGHTTP2_EXTERN int nghttp2_submit_goaway(nghttp2_session *session, + uint8_t flags, int32_t last_stream_id, + uint32_t error_code, + const uint8_t *opaque_data, + size_t opaque_data_len); + +/** + * @function + * + * Returns the last stream ID of a stream for which + * :type:`nghttp2_on_frame_recv_callback` was invoked most recently. + * The returned value can be used as last_stream_id parameter for + * `nghttp2_submit_goaway()` and + * `nghttp2_session_terminate_session2()`. + * + * This function always succeeds. + */ +NGHTTP2_EXTERN int32_t +nghttp2_session_get_last_proc_stream_id(nghttp2_session *session); + +/** + * @function + * + * Returns nonzero if new request can be sent from local endpoint. + * + * This function return 0 if request is not allowed for this session. + * There are several reasons why request is not allowed. Some of the + * reasons are: session is server; stream ID has been spent; GOAWAY + * has been sent or received. + * + * The application can call `nghttp2_submit_request2()` without + * consulting this function. In that case, + * `nghttp2_submit_request2()` may return error. Or, request is + * failed to sent, and :type:`nghttp2_on_stream_close_callback` is + * called. + */ +NGHTTP2_EXTERN int +nghttp2_session_check_request_allowed(nghttp2_session *session); + +/** + * @function + * + * Returns nonzero if |session| is initialized as server side session. + */ +NGHTTP2_EXTERN int +nghttp2_session_check_server_session(nghttp2_session *session); + +/** + * @function + * + * Submits WINDOW_UPDATE frame. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * The |stream_id| is the stream ID to send this WINDOW_UPDATE. To + * send connection level WINDOW_UPDATE, specify 0 to |stream_id|. + * + * If the |window_size_increment| is positive, the WINDOW_UPDATE with + * that value as window_size_increment is queued. If the + * |window_size_increment| is larger than the received bytes from the + * remote endpoint, the local window size is increased by that + * difference. If the sole purpose is to increase the local window + * size, consider to use `nghttp2_session_set_local_window_size()`. + * + * If the |window_size_increment| is negative, the local window size + * is decreased by -|window_size_increment|. If automatic + * WINDOW_UPDATE is enabled + * (`nghttp2_option_set_no_auto_window_update()`), and the library + * decided that the WINDOW_UPDATE should be submitted, then + * WINDOW_UPDATE is queued with the current received bytes count. If + * the sole purpose is to decrease the local window size, consider to + * use `nghttp2_session_set_local_window_size()`. + * + * If the |window_size_increment| is 0, the function does nothing and + * returns 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_FLOW_CONTROL` + * The local window size overflow or gets negative. + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_submit_window_update(nghttp2_session *session, + uint8_t flags, + int32_t stream_id, + int32_t window_size_increment); + +/** + * @function + * + * Set local window size (local endpoints's window size) to the given + * |window_size| for the given stream denoted by |stream_id|. To + * change connection level window size, specify 0 to |stream_id|. To + * increase window size, this function may submit WINDOW_UPDATE frame + * to transmission queue. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * This sounds similar to `nghttp2_submit_window_update()`, but there + * are 2 differences. The first difference is that this function + * takes the absolute value of window size to set, rather than the + * delta. To change the window size, this may be easier to use since + * the application just declares the intended window size, rather than + * calculating delta. The second difference is that + * `nghttp2_submit_window_update()` affects the received bytes count + * which has not acked yet. By the specification of + * `nghttp2_submit_window_update()`, to strictly increase the local + * window size, we have to submit delta including all received bytes + * count, which might not be desirable in some cases. On the other + * hand, this function does not affect the received bytes count. It + * just sets the local window size to the given value. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |stream_id| is negative. + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_session_set_local_window_size(nghttp2_session *session, uint8_t flags, + int32_t stream_id, int32_t window_size); + +/** + * @function + * + * Submits extension frame. + * + * Application can pass arbitrary frame flags and stream ID in |flags| + * and |stream_id| respectively. The |payload| is opaque pointer, and + * it can be accessible though ``frame->ext.payload`` in + * :type:`nghttp2_pack_extension_callback2`. The library will not own + * passed |payload| pointer. + * + * The application must set :type:`nghttp2_pack_extension_callback2` + * using `nghttp2_session_callbacks_set_pack_extension_callback2()`. + * + * The application should retain the memory pointed by |payload| until + * the transmission of extension frame is done (which is indicated by + * :type:`nghttp2_on_frame_send_callback`), or transmission fails + * (which is indicated by :type:`nghttp2_on_frame_not_send_callback`). + * If application does not touch this memory region after packing it + * into a wire format, application can free it inside + * :type:`nghttp2_pack_extension_callback2`. + * + * The standard HTTP/2 frame cannot be sent with this function, so + * |type| must be strictly grater than 0x9. Otherwise, this function + * will fail with error code + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * If :type:`nghttp2_pack_extension_callback2` is not set. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * If |type| specifies standard HTTP/2 frame type. The frame + * types in the rage [0x0, 0x9], both inclusive, are standard + * HTTP/2 frame type, and cannot be sent using this function. + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory + */ +NGHTTP2_EXTERN int nghttp2_submit_extension(nghttp2_session *session, + uint8_t type, uint8_t flags, + int32_t stream_id, void *payload); + +/** + * @struct + * + * The payload of ALTSVC frame. ALTSVC frame is a non-critical + * extension to HTTP/2. If this frame is received, and + * `nghttp2_option_set_user_recv_extension_type()` is not set, and + * `nghttp2_option_set_builtin_recv_extension_type()` is set for + * :enum:`nghttp2_frame_type.NGHTTP2_ALTSVC`, + * ``nghttp2_extension.payload`` will point to this struct. + * + * It has the following members: + */ +typedef struct { + /** + * The pointer to origin which this alternative service is + * associated with. This is not necessarily NULL-terminated. + */ + uint8_t *origin; + /** + * The length of the |origin|. + */ + size_t origin_len; + /** + * The pointer to Alt-Svc field value contained in ALTSVC frame. + * This is not necessarily NULL-terminated. + */ + uint8_t *field_value; + /** + * The length of the |field_value|. + */ + size_t field_value_len; +} nghttp2_ext_altsvc; + +/** + * @function + * + * Submits ALTSVC frame. + * + * ALTSVC frame is a non-critical extension to HTTP/2, and defined in + * `RFC 7383 `_. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * The |origin| points to the origin this alternative service is + * associated with. The |origin_len| is the length of the origin. If + * |stream_id| is 0, the origin must be specified. If |stream_id| is + * not zero, the origin must be empty (in other words, |origin_len| + * must be 0). + * + * The ALTSVC frame is only usable from server side. If this function + * is invoked with client side session, this function returns + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * The function is called from client side session + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The sum of |origin_len| and |field_value_len| is larger than + * 16382; or |origin_len| is 0 while |stream_id| is 0; or + * |origin_len| is not 0 while |stream_id| is not 0. + */ +NGHTTP2_EXTERN int nghttp2_submit_altsvc(nghttp2_session *session, + uint8_t flags, int32_t stream_id, + const uint8_t *origin, + size_t origin_len, + const uint8_t *field_value, + size_t field_value_len); + +/** + * @struct + * + * The single entry of an origin. + */ +typedef struct { + /** + * The pointer to origin. No validation is made against this field + * by the library. This is not necessarily NULL-terminated. + */ + uint8_t *origin; + /** + * The length of the |origin|. + */ + size_t origin_len; +} nghttp2_origin_entry; + +/** + * @struct + * + * The payload of ORIGIN frame. ORIGIN frame is a non-critical + * extension to HTTP/2 and defined by `RFC 8336 + * `_. + * + * If this frame is received, and + * `nghttp2_option_set_user_recv_extension_type()` is not set, and + * `nghttp2_option_set_builtin_recv_extension_type()` is set for + * :enum:`nghttp2_frame_type.NGHTTP2_ORIGIN`, + * ``nghttp2_extension.payload`` will point to this struct. + * + * It has the following members: + */ +typedef struct { + /** + * The number of origins contained in |ov|. + */ + size_t nov; + /** + * The pointer to the array of origins contained in ORIGIN frame. + */ + nghttp2_origin_entry *ov; +} nghttp2_ext_origin; + +/** + * @function + * + * Submits ORIGIN frame. + * + * ORIGIN frame is a non-critical extension to HTTP/2 and defined by + * `RFC 8336 `_. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * The |ov| points to the array of origins. The |nov| specifies the + * number of origins included in |ov|. This function creates copies + * of all elements in |ov|. + * + * The ORIGIN frame is only usable by a server. If this function is + * invoked with client side session, this function returns + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE`. + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * The function is called from client side session. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * There are too many origins, or an origin is too large to fit + * into a default frame payload. + */ +NGHTTP2_EXTERN int nghttp2_submit_origin(nghttp2_session *session, + uint8_t flags, + const nghttp2_origin_entry *ov, + size_t nov); + +/** + * @struct + * + * The payload of PRIORITY_UPDATE frame. PRIORITY_UPDATE frame is a + * non-critical extension to HTTP/2. If this frame is received, and + * `nghttp2_option_set_user_recv_extension_type()` is not set, and + * `nghttp2_option_set_builtin_recv_extension_type()` is set for + * :enum:`nghttp2_frame_type.NGHTTP2_PRIORITY_UPDATE`, + * ``nghttp2_extension.payload`` will point to this struct. + * + * It has the following members: + */ +typedef struct { + /** + * The stream ID of the stream whose priority is updated. + */ + int32_t stream_id; + /** + * The pointer to Priority field value. It is not necessarily + * NULL-terminated. + */ + uint8_t *field_value; + /** + * The length of the :member:`field_value`. + */ + size_t field_value_len; +} nghttp2_ext_priority_update; + +/** + * @function + * + * Submits PRIORITY_UPDATE frame. + * + * PRIORITY_UPDATE frame is a non-critical extension to HTTP/2, and + * defined in :rfc:`9218#section-7.1`. + * + * The |flags| is currently ignored and should be + * :enum:`nghttp2_flag.NGHTTP2_FLAG_NONE`. + * + * The |stream_id| is the ID of stream which is prioritized. The + * |field_value| points to the Priority field value. The + * |field_value_len| is the length of the Priority field value. + * + * If this function is called by server, + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` is returned. + * + * If + * :enum:`nghttp2_settings_id.NGHTTP2_SETTINGS_NO_RFC7540_PRIORITIES` + * of value of 0 is received by a remote endpoint (or it is omitted), + * this function does nothing and returns 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * The function is called from server side session + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * The |field_value_len| is larger than 16380; or |stream_id| is + * 0. + */ +NGHTTP2_EXTERN int nghttp2_submit_priority_update(nghttp2_session *session, + uint8_t flags, + int32_t stream_id, + const uint8_t *field_value, + size_t field_value_len); + +/** + * @function + * + * Changes the priority of the existing stream denoted by |stream_id|. + * The new priority is |extpri|. This function is meant to be used by + * server for :rfc:`9218` extensible prioritization scheme. + * + * If |session| is initialized as client, this function returns + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE`. For client, use + * `nghttp2_submit_priority_update()` instead. + * + * If :member:`extpri->urgency ` is out of + * bound, it is set to :macro:`NGHTTP2_EXTPRI_URGENCY_LOW`. + * + * If |ignore_client_signal| is nonzero, server starts to ignore + * client priority signals for this stream. + * + * If + * :enum:`nghttp2_settings_id.NGHTTP2_SETTINGS_NO_RFC7540_PRIORITIES` + * of value of 1 is not submitted via `nghttp2_submit_settings()`, + * this function does nothing and returns 0. + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * The |session| is initialized as client. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * |stream_id| is zero; or a stream denoted by |stream_id| is not + * found. + */ +NGHTTP2_EXTERN int nghttp2_session_change_extpri_stream_priority( + nghttp2_session *session, int32_t stream_id, const nghttp2_extpri *extpri, + int ignore_client_signal); + +/** + * @function + * + * Stores the stream priority of the existing stream denoted by + * |stream_id| in the object pointed by |extpri|. This function is + * meant to be used by server for :rfc:`9218` extensible + * prioritization scheme. + * + * If |session| is initialized as client, this function returns + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE`. + * + * If + * :enum:`nghttp2_settings_id.NGHTTP2_SETTINGS_NO_RFC7540_PRIORITIES` + * of value of 1 is not submitted via `nghttp2_submit_settings()`, + * this function does nothing and returns 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * The |session| is initialized as client. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * |stream_id| is zero; or a stream denoted by |stream_id| is not + * found. + */ +NGHTTP2_EXTERN int nghttp2_session_get_extpri_stream_priority( + nghttp2_session *session, nghttp2_extpri *extpri, int32_t stream_id); + +/** + * @function + * + * Parses Priority header field value pointed by |value| of length + * |len|, and stores the result in the object pointed by |extpri|. + * Priority header field is defined in :rfc:`9218`. + * + * This function does not initialize the object pointed by |extpri| + * before storing the result. It only assigns the values that the + * parser correctly extracted to fields. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_ARGUMENT` + * Failed to parse the header field value. + */ +NGHTTP2_EXTERN int nghttp2_extpri_parse_priority(nghttp2_extpri *extpri, + const uint8_t *value, + size_t len); + +/** + * @function + * + * Compares ``lhs->name`` of length ``lhs->namelen`` bytes and + * ``rhs->name`` of length ``rhs->namelen`` bytes. Returns negative + * integer if ``lhs->name`` is found to be less than ``rhs->name``; or + * returns positive integer if ``lhs->name`` is found to be greater + * than ``rhs->name``; or returns 0 otherwise. + */ +NGHTTP2_EXTERN int nghttp2_nv_compare_name(const nghttp2_nv *lhs, + const nghttp2_nv *rhs); + +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_select_alpn` instead. + * + * A helper function for dealing with ALPN in server side. The |in| + * contains peer's protocol list in preferable order. The format of + * |in| is length-prefixed and not null-terminated. For example, + * ``h2`` and ``http/1.1`` stored in |in| like this:: + * + * in[0] = 2 + * in[1..2] = "h2" + * in[3] = 8 + * in[4..11] = "http/1.1" + * inlen = 12 + * + * The selection algorithm is as follows: + * + * 1. If peer's list contains HTTP/2 protocol the library supports, + * it is selected and returns 1. The following step is not taken. + * + * 2. If peer's list contains ``http/1.1``, this function selects + * ``http/1.1`` and returns 0. The following step is not taken. + * + * 3. This function selects nothing and returns -1 (So called + * non-overlap case). In this case, |out| and |outlen| are left + * untouched. + * + * Selecting ``h2`` means that ``h2`` is written into |*out| and its + * length (which is 2) is assigned to |*outlen|. + * + * For ALPN, refer to https://tools.ietf.org/html/rfc7301 + * + * To use this method you should do something like:: + * + * static int alpn_select_proto_cb(SSL* ssl, + * const unsigned char **out, + * unsigned char *outlen, + * const unsigned char *in, + * unsigned int inlen, + * void *arg) + * { + * int rv; + * rv = nghttp2_select_next_protocol((unsigned char**)out, outlen, + * in, inlen); + * if (rv == -1) { + * return SSL_TLSEXT_ERR_NOACK; + * } + * if (rv == 1) { + * ((MyType*)arg)->http2_selected = 1; + * } + * return SSL_TLSEXT_ERR_OK; + * } + * ... + * SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, my_obj); + * + */ +NGHTTP2_EXTERN int nghttp2_select_next_protocol(unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen); + +/** + * @function + * + * A helper function for dealing with ALPN in server side. The |in| + * contains peer's protocol list in preferable order. The format of + * |in| is length-prefixed and not null-terminated. For example, + * ``h2`` and ``http/1.1`` stored in |in| like this:: + * + * in[0] = 2 + * in[1..2] = "h2" + * in[3] = 8 + * in[4..11] = "http/1.1" + * inlen = 12 + * + * The selection algorithm is as follows: + * + * 1. If peer's list contains HTTP/2 protocol the library supports, + * it is selected and returns 1. The following step is not taken. + * + * 2. If peer's list contains ``http/1.1``, this function selects + * ``http/1.1`` and returns 0. The following step is not taken. + * + * 3. This function selects nothing and returns -1 (So called + * non-overlap case). In this case, |out| and |outlen| are left + * untouched. + * + * Selecting ``h2`` means that ``h2`` is written into |*out| and its + * length (which is 2) is assigned to |*outlen|. + * + * For ALPN, refer to https://tools.ietf.org/html/rfc7301 + * + * To use this method you should do something like:: + * + * static int alpn_select_proto_cb(SSL* ssl, + * const unsigned char **out, + * unsigned char *outlen, + * const unsigned char *in, + * unsigned int inlen, + * void *arg) + * { + * int rv; + * rv = nghttp2_select_alpn(out, outlen, in, inlen); + * if (rv == -1) { + * return SSL_TLSEXT_ERR_NOACK; + * } + * if (rv == 1) { + * ((MyType*)arg)->http2_selected = 1; + * } + * return SSL_TLSEXT_ERR_OK; + * } + * ... + * SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, my_obj); + * + */ +NGHTTP2_EXTERN int nghttp2_select_alpn(const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen); + +/** + * @function + * + * Returns a pointer to a nghttp2_info struct with version information + * about the run-time library in use. The |least_version| argument + * can be set to a 24 bit numerical value for the least accepted + * version number and if the condition is not met, this function will + * return a ``NULL``. Pass in 0 to skip the version checking. + */ +NGHTTP2_EXTERN nghttp2_info *nghttp2_version(int least_version); + +/** + * @function + * + * Returns nonzero if the :type:`nghttp2_error` library error code + * |lib_error| is fatal. + */ +NGHTTP2_EXTERN int nghttp2_is_fatal(int lib_error_code); + +/** + * @function + * + * Returns nonzero if HTTP header field name |name| of length |len| is + * valid according to http://tools.ietf.org/html/rfc7230#section-3.2 + * + * Because this is a header field name in HTTP2, the upper cased alphabet + * is treated as error. + */ +NGHTTP2_EXTERN int nghttp2_check_header_name(const uint8_t *name, size_t len); + +/** + * @function + * + * Returns nonzero if HTTP header field value |value| of length |len| + * is valid according to + * http://tools.ietf.org/html/rfc7230#section-3.2 + * + * This function is considered obsolete, and application should + * consider to use `nghttp2_check_header_value_rfc9113()` instead. + */ +NGHTTP2_EXTERN int nghttp2_check_header_value(const uint8_t *value, size_t len); + +/** + * @function + * + * Returns nonzero if HTTP header field value |value| of length |len| + * is valid according to + * http://tools.ietf.org/html/rfc7230#section-3.2, plus + * https://datatracker.ietf.org/doc/html/rfc9113#section-8.2.1 + */ +NGHTTP2_EXTERN int nghttp2_check_header_value_rfc9113(const uint8_t *value, + size_t len); + +/** + * @function + * + * Returns nonzero if the |value| which is supposed to be the value of + * the :method header field is valid according to + * https://datatracker.ietf.org/doc/html/rfc7231#section-4 and + * https://datatracker.ietf.org/doc/html/rfc7230#section-3.2.6 + */ +NGHTTP2_EXTERN int nghttp2_check_method(const uint8_t *value, size_t len); + +/** + * @function + * + * Returns nonzero if the |value| which is supposed to be the value of + * the :path header field is valid according to + * https://datatracker.ietf.org/doc/html/rfc7540#section-8.1.2.3 + * + * |value| is valid if it merely consists of the allowed characters. + * In particular, it does not check whether |value| follows the syntax + * of path. The allowed characters are all characters valid by + * `nghttp2_check_header_value` minus SPC and HT. + */ +NGHTTP2_EXTERN int nghttp2_check_path(const uint8_t *value, size_t len); + +/** + * @function + * + * Returns nonzero if the |value| which is supposed to be the value of the + * :authority or host header field is valid according to + * https://tools.ietf.org/html/rfc3986#section-3.2 + * + * Note that :authority and host field values are not authority. They + * do not include userinfo in RFC 3986, see + * https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2, that + * is, it does not include '@'. This function treats '@' as a valid + * character. + * + * |value| is valid if it merely consists of the allowed characters. + * In particular, it does not check whether |value| follows the syntax + * of authority. + */ +NGHTTP2_EXTERN int nghttp2_check_authority(const uint8_t *value, size_t len); + +/* HPACK API */ + +struct nghttp2_hd_deflater; + +/** + * @struct + * + * HPACK deflater object. + */ +typedef struct nghttp2_hd_deflater nghttp2_hd_deflater; + +/** + * @function + * + * Initializes |*deflater_ptr| for deflating name/values pairs. + * + * The |max_deflate_dynamic_table_size| is the upper bound of header + * table size the deflater will use. + * + * If this function fails, |*deflater_ptr| is left untouched. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_hd_deflate_new(nghttp2_hd_deflater **deflater_ptr, + size_t max_deflate_dynamic_table_size); + +/** + * @function + * + * Like `nghttp2_hd_deflate_new()`, but with additional custom memory + * allocator specified in the |mem|. + * + * The |mem| can be ``NULL`` and the call is equivalent to + * `nghttp2_hd_deflate_new()`. + * + * This function does not take ownership |mem|. The application is + * responsible for freeing |mem|. + * + * The library code does not refer to |mem| pointer after this + * function returns, so the application can safely free it. + */ +NGHTTP2_EXTERN int +nghttp2_hd_deflate_new2(nghttp2_hd_deflater **deflater_ptr, + size_t max_deflate_dynamic_table_size, + nghttp2_mem *mem); + +/** + * @function + * + * Deallocates any resources allocated for |deflater|. + */ +NGHTTP2_EXTERN void nghttp2_hd_deflate_del(nghttp2_hd_deflater *deflater); + +/** + * @function + * + * Changes header table size of the |deflater| to + * |settings_max_dynamic_table_size| bytes. This may trigger eviction + * in the dynamic table. + * + * The |settings_max_dynamic_table_size| should be the value received + * in SETTINGS_HEADER_TABLE_SIZE. + * + * The deflater never uses more memory than + * ``max_deflate_dynamic_table_size`` bytes specified in + * `nghttp2_hd_deflate_new()`. Therefore, if + * |settings_max_dynamic_table_size| > + * ``max_deflate_dynamic_table_size``, resulting maximum table size + * becomes ``max_deflate_dynamic_table_size``. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int +nghttp2_hd_deflate_change_table_size(nghttp2_hd_deflater *deflater, + size_t settings_max_dynamic_table_size); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_hd_deflate_hd2()` instead. + * + * Deflates the |nva|, which has the |nvlen| name/value pairs, into + * the |buf| of length |buflen|. + * + * If |buf| is not large enough to store the deflated header block, + * this function fails with + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE`. The caller + * should use `nghttp2_hd_deflate_bound()` to know the upper bound of + * buffer size required to deflate given header name/value pairs. + * + * Once this function fails, subsequent call of this function always + * returns :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP`. + * + * After this function returns, it is safe to delete the |nva|. + * + * This function returns the number of bytes written to |buf| if it + * succeeds, or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP` + * Deflation process has failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE` + * The provided |buflen| size is too small to hold the output. + */ +NGHTTP2_EXTERN ssize_t nghttp2_hd_deflate_hd(nghttp2_hd_deflater *deflater, + uint8_t *buf, size_t buflen, + const nghttp2_nv *nva, + size_t nvlen); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Deflates the |nva|, which has the |nvlen| name/value pairs, into + * the |buf| of length |buflen|. + * + * If |buf| is not large enough to store the deflated header block, + * this function fails with + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE`. The caller + * should use `nghttp2_hd_deflate_bound()` to know the upper bound of + * buffer size required to deflate given header name/value pairs. + * + * Once this function fails, subsequent call of this function always + * returns :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP`. + * + * After this function returns, it is safe to delete the |nva|. + * + * This function returns the number of bytes written to |buf| if it + * succeeds, or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP` + * Deflation process has failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE` + * The provided |buflen| size is too small to hold the output. + */ +NGHTTP2_EXTERN nghttp2_ssize +nghttp2_hd_deflate_hd2(nghttp2_hd_deflater *deflater, uint8_t *buf, + size_t buflen, const nghttp2_nv *nva, size_t nvlen); + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_hd_deflate_hd_vec2()` instead. + * + * Deflates the |nva|, which has the |nvlen| name/value pairs, into + * the |veclen| size of buf vector |vec|. The each size of buffer + * must be set in len field of :type:`nghttp2_vec`. If and only if + * one chunk is filled up completely, next chunk will be used. If + * |vec| is not large enough to store the deflated header block, this + * function fails with + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE`. The caller + * should use `nghttp2_hd_deflate_bound()` to know the upper bound of + * buffer size required to deflate given header name/value pairs. + * + * Once this function fails, subsequent call of this function always + * returns :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP`. + * + * After this function returns, it is safe to delete the |nva|. + * + * This function returns the number of bytes written to |vec| if it + * succeeds, or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP` + * Deflation process has failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE` + * The provided |buflen| size is too small to hold the output. + */ +NGHTTP2_EXTERN ssize_t nghttp2_hd_deflate_hd_vec(nghttp2_hd_deflater *deflater, + const nghttp2_vec *vec, + size_t veclen, + const nghttp2_nv *nva, + size_t nvlen); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Deflates the |nva|, which has the |nvlen| name/value pairs, into + * the |veclen| size of buf vector |vec|. The each size of buffer + * must be set in len field of :type:`nghttp2_vec`. If and only if + * one chunk is filled up completely, next chunk will be used. If + * |vec| is not large enough to store the deflated header block, this + * function fails with + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE`. The caller + * should use `nghttp2_hd_deflate_bound()` to know the upper bound of + * buffer size required to deflate given header name/value pairs. + * + * Once this function fails, subsequent call of this function always + * returns :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP`. + * + * After this function returns, it is safe to delete the |nva|. + * + * This function returns the number of bytes written to |vec| if it + * succeeds, or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP` + * Deflation process has failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_INSUFF_BUFSIZE` + * The provided |buflen| size is too small to hold the output. + */ +NGHTTP2_EXTERN nghttp2_ssize nghttp2_hd_deflate_hd_vec2( + nghttp2_hd_deflater *deflater, const nghttp2_vec *vec, size_t veclen, + const nghttp2_nv *nva, size_t nvlen); + +/** + * @function + * + * Returns an upper bound on the compressed size after deflation of + * |nva| of length |nvlen|. + */ +NGHTTP2_EXTERN size_t nghttp2_hd_deflate_bound(nghttp2_hd_deflater *deflater, + const nghttp2_nv *nva, + size_t nvlen); + +/** + * @function + * + * Returns the number of entries that header table of |deflater| + * contains. This is the sum of the number of static table and + * dynamic table, so the return value is at least 61. + */ +NGHTTP2_EXTERN +size_t nghttp2_hd_deflate_get_num_table_entries(nghttp2_hd_deflater *deflater); + +/** + * @function + * + * Returns the table entry denoted by |idx| from header table of + * |deflater|. The |idx| is 1-based, and idx=1 returns first entry of + * static table. idx=62 returns first entry of dynamic table if it + * exists. Specifying idx=0 is error, and this function returns NULL. + * If |idx| is strictly greater than the number of entries the tables + * contain, this function returns NULL. + */ +NGHTTP2_EXTERN +const nghttp2_nv * +nghttp2_hd_deflate_get_table_entry(nghttp2_hd_deflater *deflater, size_t idx); + +/** + * @function + * + * Returns the used dynamic table size, including the overhead 32 + * bytes per entry described in RFC 7541. + */ +NGHTTP2_EXTERN +size_t nghttp2_hd_deflate_get_dynamic_table_size(nghttp2_hd_deflater *deflater); + +/** + * @function + * + * Returns the maximum dynamic table size. + */ +NGHTTP2_EXTERN +size_t +nghttp2_hd_deflate_get_max_dynamic_table_size(nghttp2_hd_deflater *deflater); + +struct nghttp2_hd_inflater; + +/** + * @struct + * + * HPACK inflater object. + */ +typedef struct nghttp2_hd_inflater nghttp2_hd_inflater; + +/** + * @function + * + * Initializes |*inflater_ptr| for inflating name/values pairs. + * + * If this function fails, |*inflater_ptr| is left untouched. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + */ +NGHTTP2_EXTERN int nghttp2_hd_inflate_new(nghttp2_hd_inflater **inflater_ptr); + +/** + * @function + * + * Like `nghttp2_hd_inflate_new()`, but with additional custom memory + * allocator specified in the |mem|. + * + * The |mem| can be ``NULL`` and the call is equivalent to + * `nghttp2_hd_inflate_new()`. + * + * This function does not take ownership |mem|. The application is + * responsible for freeing |mem|. + * + * The library code does not refer to |mem| pointer after this + * function returns, so the application can safely free it. + */ +NGHTTP2_EXTERN int nghttp2_hd_inflate_new2(nghttp2_hd_inflater **inflater_ptr, + nghttp2_mem *mem); + +/** + * @function + * + * Deallocates any resources allocated for |inflater|. + */ +NGHTTP2_EXTERN void nghttp2_hd_inflate_del(nghttp2_hd_inflater *inflater); + +/** + * @function + * + * Changes header table size in the |inflater|. This may trigger + * eviction in the dynamic table. + * + * The |settings_max_dynamic_table_size| should be the value + * transmitted in SETTINGS_HEADER_TABLE_SIZE. + * + * This function must not be called while header block is being + * inflated. In other words, this function must be called after + * initialization of |inflater|, but before calling + * `nghttp2_hd_inflate_hd3()`, or after + * `nghttp2_hd_inflate_end_headers()`. Otherwise, + * `NGHTTP2_ERR_INVALID_STATE` was returned. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_INVALID_STATE` + * The function is called while header block is being inflated. + * Probably, application missed to call + * `nghttp2_hd_inflate_end_headers()`. + */ +NGHTTP2_EXTERN int +nghttp2_hd_inflate_change_table_size(nghttp2_hd_inflater *inflater, + size_t settings_max_dynamic_table_size); + +/** + * @enum + * + * The flags for header inflation. + */ +typedef enum { + /** + * No flag set. + */ + NGHTTP2_HD_INFLATE_NONE = 0, + /** + * Indicates all headers were inflated. + */ + NGHTTP2_HD_INFLATE_FINAL = 0x01, + /** + * Indicates a header was emitted. + */ + NGHTTP2_HD_INFLATE_EMIT = 0x02 +} nghttp2_hd_inflate_flag; + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_hd_inflate_hd2()` instead. + * + * Inflates name/value block stored in |in| with length |inlen|. This + * function performs decompression. For each successful emission of + * header name/value pair, + * :enum:`nghttp2_hd_inflate_flag.NGHTTP2_HD_INFLATE_EMIT` is set in + * |*inflate_flags| and name/value pair is assigned to the |nv_out| + * and the function returns. The caller must not free the members of + * |nv_out|. + * + * The |nv_out| may include pointers to the memory region in the |in|. + * The caller must retain the |in| while the |nv_out| is used. + * + * The application should call this function repeatedly until the + * ``(*inflate_flags) & NGHTTP2_HD_INFLATE_FINAL`` is nonzero and + * return value is non-negative. This means the all input values are + * processed successfully. Then the application must call + * `nghttp2_hd_inflate_end_headers()` to prepare for the next header + * block input. + * + * The caller can feed complete compressed header block. It also can + * feed it in several chunks. The caller must set |in_final| to + * nonzero if the given input is the last block of the compressed + * header. + * + * This function returns the number of bytes processed if it succeeds, + * or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP` + * Inflation process has failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_BUFFER_ERROR` + * The header field name or value is too large. + * + * Example follows:: + * + * int inflate_header_block(nghttp2_hd_inflater *hd_inflater, + * uint8_t *in, size_t inlen, int final) + * { + * ssize_t rv; + * + * for(;;) { + * nghttp2_nv nv; + * int inflate_flags = 0; + * + * rv = nghttp2_hd_inflate_hd(hd_inflater, &nv, &inflate_flags, + * in, inlen, final); + * + * if(rv < 0) { + * fprintf(stderr, "inflate failed with error code %zd", rv); + * return -1; + * } + * + * in += rv; + * inlen -= rv; + * + * if(inflate_flags & NGHTTP2_HD_INFLATE_EMIT) { + * fwrite(nv.name, nv.namelen, 1, stderr); + * fprintf(stderr, ": "); + * fwrite(nv.value, nv.valuelen, 1, stderr); + * fprintf(stderr, "\n"); + * } + * if(inflate_flags & NGHTTP2_HD_INFLATE_FINAL) { + * nghttp2_hd_inflate_end_headers(hd_inflater); + * break; + * } + * if((inflate_flags & NGHTTP2_HD_INFLATE_EMIT) == 0 && + * inlen == 0) { + * break; + * } + * } + * + * return 0; + * } + * + */ +NGHTTP2_EXTERN ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater, + nghttp2_nv *nv_out, + int *inflate_flags, uint8_t *in, + size_t inlen, int in_final); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +#ifndef NGHTTP2_NO_SSIZE_T +/** + * @function + * + * .. warning:: + * + * Deprecated. Use `nghttp2_hd_inflate_hd3()` instead. + * + * Inflates name/value block stored in |in| with length |inlen|. This + * function performs decompression. For each successful emission of + * header name/value pair, + * :enum:`nghttp2_hd_inflate_flag.NGHTTP2_HD_INFLATE_EMIT` is set in + * |*inflate_flags| and name/value pair is assigned to the |nv_out| + * and the function returns. The caller must not free the members of + * |nv_out|. + * + * The |nv_out| may include pointers to the memory region in the |in|. + * The caller must retain the |in| while the |nv_out| is used. + * + * The application should call this function repeatedly until the + * ``(*inflate_flags) & NGHTTP2_HD_INFLATE_FINAL`` is nonzero and + * return value is non-negative. If that happens, all given input + * data (|inlen| bytes) are processed successfully. Then the + * application must call `nghttp2_hd_inflate_end_headers()` to prepare + * for the next header block input. + * + * In other words, if |in_final| is nonzero, and this function returns + * |inlen|, you can assert that + * :enum:`nghttp2_hd_inflate_final.NGHTTP2_HD_INFLATE_FINAL` is set in + * |*inflate_flags|. + * + * The caller can feed complete compressed header block. It also can + * feed it in several chunks. The caller must set |in_final| to + * nonzero if the given input is the last block of the compressed + * header. + * + * This function returns the number of bytes processed if it succeeds, + * or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP` + * Inflation process has failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_BUFFER_ERROR` + * The header field name or value is too large. + * + * Example follows:: + * + * int inflate_header_block(nghttp2_hd_inflater *hd_inflater, + * uint8_t *in, size_t inlen, int final) + * { + * ssize_t rv; + * + * for(;;) { + * nghttp2_nv nv; + * int inflate_flags = 0; + * + * rv = nghttp2_hd_inflate_hd2(hd_inflater, &nv, &inflate_flags, + * in, inlen, final); + * + * if(rv < 0) { + * fprintf(stderr, "inflate failed with error code %zd", rv); + * return -1; + * } + * + * in += rv; + * inlen -= rv; + * + * if(inflate_flags & NGHTTP2_HD_INFLATE_EMIT) { + * fwrite(nv.name, nv.namelen, 1, stderr); + * fprintf(stderr, ": "); + * fwrite(nv.value, nv.valuelen, 1, stderr); + * fprintf(stderr, "\n"); + * } + * if(inflate_flags & NGHTTP2_HD_INFLATE_FINAL) { + * nghttp2_hd_inflate_end_headers(hd_inflater); + * break; + * } + * if((inflate_flags & NGHTTP2_HD_INFLATE_EMIT) == 0 && + * inlen == 0) { + * break; + * } + * } + * + * return 0; + * } + * + */ +NGHTTP2_EXTERN ssize_t nghttp2_hd_inflate_hd2(nghttp2_hd_inflater *inflater, + nghttp2_nv *nv_out, + int *inflate_flags, + const uint8_t *in, size_t inlen, + int in_final); + +#endif /* NGHTTP2_NO_SSIZE_T */ + +/** + * @function + * + * Inflates name/value block stored in |in| with length |inlen|. This + * function performs decompression. For each successful emission of + * header name/value pair, + * :enum:`nghttp2_hd_inflate_flag.NGHTTP2_HD_INFLATE_EMIT` is set in + * |*inflate_flags| and name/value pair is assigned to the |nv_out| + * and the function returns. The caller must not free the members of + * |nv_out|. + * + * The |nv_out| may include pointers to the memory region in the |in|. + * The caller must retain the |in| while the |nv_out| is used. + * + * The application should call this function repeatedly until the + * ``(*inflate_flags) & NGHTTP2_HD_INFLATE_FINAL`` is nonzero and + * return value is non-negative. If that happens, all given input + * data (|inlen| bytes) are processed successfully. Then the + * application must call `nghttp2_hd_inflate_end_headers()` to prepare + * for the next header block input. + * + * In other words, if |in_final| is nonzero, and this function returns + * |inlen|, you can assert that + * :enum:`nghttp2_hd_inflate_final.NGHTTP2_HD_INFLATE_FINAL` is set in + * |*inflate_flags|. + * + * The caller can feed complete compressed header block. It also can + * feed it in several chunks. The caller must set |in_final| to + * nonzero if the given input is the last block of the compressed + * header. + * + * This function returns the number of bytes processed if it succeeds, + * or one of the following negative error codes: + * + * :enum:`nghttp2_error.NGHTTP2_ERR_NOMEM` + * Out of memory. + * :enum:`nghttp2_error.NGHTTP2_ERR_HEADER_COMP` + * Inflation process has failed. + * :enum:`nghttp2_error.NGHTTP2_ERR_BUFFER_ERROR` + * The header field name or value is too large. + * + * Example follows:: + * + * int inflate_header_block(nghttp2_hd_inflater *hd_inflater, + * uint8_t *in, size_t inlen, int final) + * { + * nghttp2_ssize rv; + * + * for(;;) { + * nghttp2_nv nv; + * int inflate_flags = 0; + * + * rv = nghttp2_hd_inflate_hd3(hd_inflater, &nv, &inflate_flags, + * in, inlen, final); + * + * if(rv < 0) { + * fprintf(stderr, "inflate failed with error code %td", rv); + * return -1; + * } + * + * in += rv; + * inlen -= rv; + * + * if(inflate_flags & NGHTTP2_HD_INFLATE_EMIT) { + * fwrite(nv.name, nv.namelen, 1, stderr); + * fprintf(stderr, ": "); + * fwrite(nv.value, nv.valuelen, 1, stderr); + * fprintf(stderr, "\n"); + * } + * if(inflate_flags & NGHTTP2_HD_INFLATE_FINAL) { + * nghttp2_hd_inflate_end_headers(hd_inflater); + * break; + * } + * if((inflate_flags & NGHTTP2_HD_INFLATE_EMIT) == 0 && + * inlen == 0) { + * break; + * } + * } + * + * return 0; + * } + * + */ +NGHTTP2_EXTERN nghttp2_ssize nghttp2_hd_inflate_hd3( + nghttp2_hd_inflater *inflater, nghttp2_nv *nv_out, int *inflate_flags, + const uint8_t *in, size_t inlen, int in_final); + +/** + * @function + * + * Signals the end of decompression for one header block. + * + * This function returns 0 if it succeeds. Currently this function + * always succeeds. + */ +NGHTTP2_EXTERN int +nghttp2_hd_inflate_end_headers(nghttp2_hd_inflater *inflater); + +/** + * @function + * + * Returns the number of entries that header table of |inflater| + * contains. This is the sum of the number of static table and + * dynamic table, so the return value is at least 61. + */ +NGHTTP2_EXTERN +size_t nghttp2_hd_inflate_get_num_table_entries(nghttp2_hd_inflater *inflater); + +/** + * @function + * + * Returns the table entry denoted by |idx| from header table of + * |inflater|. The |idx| is 1-based, and idx=1 returns first entry of + * static table. idx=62 returns first entry of dynamic table if it + * exists. Specifying idx=0 is error, and this function returns NULL. + * If |idx| is strictly greater than the number of entries the tables + * contain, this function returns NULL. + */ +NGHTTP2_EXTERN +const nghttp2_nv * +nghttp2_hd_inflate_get_table_entry(nghttp2_hd_inflater *inflater, size_t idx); + +/** + * @function + * + * Returns the used dynamic table size, including the overhead 32 + * bytes per entry described in RFC 7541. + */ +NGHTTP2_EXTERN +size_t nghttp2_hd_inflate_get_dynamic_table_size(nghttp2_hd_inflater *inflater); + +/** + * @function + * + * Returns the maximum dynamic table size. + */ +NGHTTP2_EXTERN +size_t +nghttp2_hd_inflate_get_max_dynamic_table_size(nghttp2_hd_inflater *inflater); + +struct nghttp2_stream; + +/** + * @struct + * + * The structure to represent HTTP/2 stream. The details of this + * structure are intentionally hidden from the public API. + */ +typedef struct nghttp2_stream nghttp2_stream; + +/** + * @function + * + * Returns pointer to :type:`nghttp2_stream` object denoted by + * |stream_id|. If stream was not found, returns NULL. + * + * Returns imaginary root stream (see + * `nghttp2_session_get_root_stream()`) if 0 is given in |stream_id|. + * + * Unless |stream_id| == 0, the returned pointer is valid until next + * call of `nghttp2_session_send()`, `nghttp2_session_mem_send2()`, + * `nghttp2_session_recv()`, and `nghttp2_session_mem_recv2()`. + */ +NGHTTP2_EXTERN nghttp2_stream * +nghttp2_session_find_stream(nghttp2_session *session, int32_t stream_id); + +/** + * @enum + * + * State of stream as described in RFC 7540. + */ +typedef enum { + /** + * idle state. + */ + NGHTTP2_STREAM_STATE_IDLE = 1, + /** + * open state. + */ + NGHTTP2_STREAM_STATE_OPEN, + /** + * reserved (local) state. + */ + NGHTTP2_STREAM_STATE_RESERVED_LOCAL, + /** + * reserved (remote) state. + */ + NGHTTP2_STREAM_STATE_RESERVED_REMOTE, + /** + * half closed (local) state. + */ + NGHTTP2_STREAM_STATE_HALF_CLOSED_LOCAL, + /** + * half closed (remote) state. + */ + NGHTTP2_STREAM_STATE_HALF_CLOSED_REMOTE, + /** + * closed state. + */ + NGHTTP2_STREAM_STATE_CLOSED +} nghttp2_stream_proto_state; + +/** + * @function + * + * Returns state of |stream|. The root stream retrieved by + * `nghttp2_session_get_root_stream()` will have stream state + * :enum:`nghttp2_stream_proto_state.NGHTTP2_STREAM_STATE_IDLE`. + */ +NGHTTP2_EXTERN nghttp2_stream_proto_state +nghttp2_stream_get_state(nghttp2_stream *stream); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * Returns root of dependency tree, which is imaginary stream with + * stream ID 0. The returned pointer is valid until |session| is + * freed by `nghttp2_session_del()`. + */ +NGHTTP2_EXTERN nghttp2_stream * +nghttp2_session_get_root_stream(nghttp2_session *session); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function always returns NULL. + */ +NGHTTP2_EXTERN nghttp2_stream * +nghttp2_stream_get_parent(nghttp2_stream *stream); + +NGHTTP2_EXTERN int32_t nghttp2_stream_get_stream_id(nghttp2_stream *stream); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function always returns NULL. + */ +NGHTTP2_EXTERN nghttp2_stream * +nghttp2_stream_get_next_sibling(nghttp2_stream *stream); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function always returns NULL. + */ +NGHTTP2_EXTERN nghttp2_stream * +nghttp2_stream_get_previous_sibling(nghttp2_stream *stream); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function always returns NULL. + */ +NGHTTP2_EXTERN nghttp2_stream * +nghttp2_stream_get_first_child(nghttp2_stream *stream); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function always returns :macro:`NGHTTP2_DEFAULT_WEIGHT`. + */ +NGHTTP2_EXTERN int32_t nghttp2_stream_get_weight(nghttp2_stream *stream); + +/** + * @function + * + * .. warning:: + * + * Deprecated. :rfc:`7540` priorities are deprecated by + * :rfc:`9113`. Consider migrating to :rfc:`9218` extensible + * prioritization scheme. + * + * This function always returns 0. + */ +NGHTTP2_EXTERN int32_t +nghttp2_stream_get_sum_dependency_weight(nghttp2_stream *stream); + +/** + * @functypedef + * + * Callback function invoked when the library outputs debug logging. + * The function is called with arguments suitable for ``vfprintf(3)`` + * + * The debug output is only enabled if the library is built with + * ``DEBUGBUILD`` macro defined. + */ +typedef void (*nghttp2_debug_vprintf_callback)(const char *format, + va_list args); + +/** + * @function + * + * Sets a debug output callback called by the library when built with + * ``DEBUGBUILD`` macro defined. If this option is not used, debug + * log is written into standard error output. + * + * For builds without ``DEBUGBUILD`` macro defined, this function is + * noop. + * + * Note that building with ``DEBUGBUILD`` may cause significant + * performance penalty to libnghttp2 because of extra processing. It + * should be used for debugging purpose only. + * + * .. Warning:: + * + * Building with ``DEBUGBUILD`` may cause significant performance + * penalty to libnghttp2 because of extra processing. It should be + * used for debugging purpose only. We write this two times because + * this is important. + */ +NGHTTP2_EXTERN void nghttp2_set_debug_vprintf_callback( + nghttp2_debug_vprintf_callback debug_vprintf_callback); + +#ifdef __cplusplus +} +#endif + +#endif /* NGHTTP2_H */ diff --git a/includes/curl/nghttp2/nghttp2ver.h b/includes/curl/nghttp2/nghttp2ver.h new file mode 100644 index 0000000..776c492 --- /dev/null +++ b/includes/curl/nghttp2/nghttp2ver.h @@ -0,0 +1,42 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2012, 2013 Tatsuhiro Tsujikawa + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGHTTP2VER_H +#define NGHTTP2VER_H + +/** + * @macro + * Version number of the nghttp2 library release + */ +#define NGHTTP2_VERSION "1.66.0" + +/** + * @macro + * Numerical representation of the version number of the nghttp2 library + * release. This is a 24 bit number with 8 bits for major number, 8 bits + * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. + */ +#define NGHTTP2_VERSION_NUM 0x014200 + +#endif /* NGHTTP2VER_H */ diff --git a/includes/curl/nghttp3/nghttp3.h b/includes/curl/nghttp3/nghttp3.h new file mode 100644 index 0000000..83820fc --- /dev/null +++ b/includes/curl/nghttp3/nghttp3.h @@ -0,0 +1,3048 @@ +/* + * nghttp3 + * + * Copyright (c) 2018 nghttp3 contributors + * Copyright (c) 2017 ngtcp2 contributors + * Copyright (c) 2017 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGHTTP3_H +#define NGHTTP3_H + +/* Define WIN32 when build target is Win32 API (borrowed from + libcurl) */ +#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) +# define WIN32 +#endif /* (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) */ + +#ifdef __cplusplus +extern "C" { +#endif /* defined(__cplusplus) */ + +#include +#if defined(_MSC_VER) && (_MSC_VER < 1800) +/* MSVC < 2013 does not have inttypes.h because it is not C99 + compliant. See compiler macros and version number in + https://sourceforge.net/p/predef/wiki/Compilers/ */ +# include +#else /* !(defined(_MSC_VER) && (_MSC_VER < 1800)) */ +# include +#endif /* !(defined(_MSC_VER) && (_MSC_VER < 1800)) */ +#include +#include +#include + +#include + +#ifdef NGHTTP3_STATICLIB +# define NGHTTP3_EXTERN +#elif defined(WIN32) +# ifdef BUILDING_NGHTTP3 +# define NGHTTP3_EXTERN __declspec(dllexport) +# else /* !defined(BUILDING_NGHTTP3) */ +# define NGHTTP3_EXTERN __declspec(dllimport) +# endif /* !defined(BUILDING_NGHTTP3) */ +#else /* !(defined(NGHTTP3_STATICLIB) || defined(WIN32)) */ +# ifdef BUILDING_NGHTTP3 +# define NGHTTP3_EXTERN __attribute__((visibility("default"))) +# else /* !defined(BUILDING_NGHTTP3) */ +# define NGHTTP3_EXTERN +# endif /* !defined(BUILDING_NGHTTP3) */ +#endif /* !(defined(NGHTTP3_STATICLIB) || defined(WIN32)) */ + +#ifdef _MSC_VER +# define NGHTTP3_ALIGN(N) __declspec(align(N)) +#else /* !defined(_MSC_VER) */ +# define NGHTTP3_ALIGN(N) __attribute__((aligned(N))) +#endif /* !defined(_MSC_VER) */ + +/** + * @typedef + * + * :type:`nghttp3_ssize` is signed counterpart of size_t. + */ +typedef ptrdiff_t nghttp3_ssize; + +/** + * @macro + * + * :macro:`NGHTTP3_ALPN_H3` is a serialized form of HTTP/3 ALPN + * protocol identifier this library supports. Notice that the first + * byte is the length of the following protocol identifier. + */ +#define NGHTTP3_ALPN_H3 "\x2h3" + +/** + * @macrosection + * + * nghttp3 library error codes + */ + +/** + * @macro + * + * :macro:`NGHTTP3_ERR_INVALID_ARGUMENT` indicates that a passed + * argument is invalid. + */ +#define NGHTTP3_ERR_INVALID_ARGUMENT -101 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_INVALID_STATE` indicates that a requested + * operation is not allowed at the current connection state. + */ +#define NGHTTP3_ERR_INVALID_STATE -102 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_WOULDBLOCK` indicates that an operation might + * block. + */ +#define NGHTTP3_ERR_WOULDBLOCK -103 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_STREAM_IN_USE` indicates that a stream ID is + * already in use. + */ +#define NGHTTP3_ERR_STREAM_IN_USE -104 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_MALFORMED_HTTP_HEADER` indicates that an HTTP + * header field is malformed. + */ +#define NGHTTP3_ERR_MALFORMED_HTTP_HEADER -105 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_REMOVE_HTTP_HEADER` indicates that an HTTP + * header field is discarded. + */ +#define NGHTTP3_ERR_REMOVE_HTTP_HEADER -106 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_MALFORMED_HTTP_MESSAGING` indicates that HTTP + * messaging is malformed. + */ +#define NGHTTP3_ERR_MALFORMED_HTTP_MESSAGING -107 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_QPACK_FATAL` indicates that a fatal error is + * occurred during QPACK processing, and it cannot be recoverable. + */ +#define NGHTTP3_ERR_QPACK_FATAL -108 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_QPACK_HEADER_TOO_LARGE` indicates that a header + * field is too large to process. + */ +#define NGHTTP3_ERR_QPACK_HEADER_TOO_LARGE -109 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` indicates that a stream is + * not found. + */ +#define NGHTTP3_ERR_STREAM_NOT_FOUND -110 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_CONN_CLOSING` indicates that a connection is + * closing state. + */ +#define NGHTTP3_ERR_CONN_CLOSING -111 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_STREAM_DATA_OVERFLOW` indicates that the length + * of stream data is too long, and causes overflow. + */ +#define NGHTTP3_ERR_STREAM_DATA_OVERFLOW -112 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_QPACK_DECOMPRESSION_FAILED` indicates that a + * QPACK decompression failed. + */ +#define NGHTTP3_ERR_QPACK_DECOMPRESSION_FAILED -401 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_QPACK_ENCODER_STREAM_ERROR` indicates that an + * error occurred while reading QPACK encoder stream. + */ +#define NGHTTP3_ERR_QPACK_ENCODER_STREAM_ERROR -402 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_QPACK_DECODER_STREAM_ERROR` indicates that an + * error occurred while reading QPACK decoder stream. + */ +#define NGHTTP3_ERR_QPACK_DECODER_STREAM_ERROR -403 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_FRAME_UNEXPECTED` indicates that an + * unexpected HTTP/3 frame is received. + */ +#define NGHTTP3_ERR_H3_FRAME_UNEXPECTED -601 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_FRAME_ERROR` indicates that an HTTP/3 frame + * is malformed. + */ +#define NGHTTP3_ERR_H3_FRAME_ERROR -602 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_MISSING_SETTINGS` indicates that an HTTP/3 + * SETTINGS frame is missing. + */ +#define NGHTTP3_ERR_H3_MISSING_SETTINGS -603 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_INTERNAL_ERROR` indicates an internal error. + */ +#define NGHTTP3_ERR_H3_INTERNAL_ERROR -604 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_CLOSED_CRITICAL_STREAM` indicates that a + * critical stream is closed. + */ +#define NGHTTP3_ERR_H3_CLOSED_CRITICAL_STREAM -605 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_GENERAL_PROTOCOL_ERROR` indicates a general + * protocol error. This is typically a catch-all error. + */ +#define NGHTTP3_ERR_H3_GENERAL_PROTOCOL_ERROR -606 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_ID_ERROR` indicates that an ID related error + * occurred. + */ +#define NGHTTP3_ERR_H3_ID_ERROR -607 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_SETTINGS_ERROR` indicates that an HTTP/3 + * SETTINGS frame is malformed. + */ +#define NGHTTP3_ERR_H3_SETTINGS_ERROR -608 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_H3_STREAM_CREATION_ERROR` indicates that a + * remote endpoint attempts to create a new stream which is not + * allowed. + */ +#define NGHTTP3_ERR_H3_STREAM_CREATION_ERROR -609 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_FATAL` indicates that error codes less than + * this value is fatal error. When this error is returned, an + * endpoint should drop connection immediately. + */ +#define NGHTTP3_ERR_FATAL -900 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_NOMEM` indicates out of memory. + */ +#define NGHTTP3_ERR_NOMEM -901 +/** + * @macro + * + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` indicates that user defined + * callback function failed. + */ +#define NGHTTP3_ERR_CALLBACK_FAILURE -902 + +/** + * @macrosection + * + * HTTP/3 application error code + */ + +/** + * @macro + * + * :macro:`NGHTTP3_H3_NO_ERROR` is HTTP/3 application error code + * ``H3_NO_ERROR``. + */ +#define NGHTTP3_H3_NO_ERROR 0x0100 +/** + * @macro + * + * :macro:`NGHTTP3_H3_GENERAL_PROTOCOL_ERROR` is HTTP/3 application + * error code ``H3_GENERAL_PROTOCOL_ERROR``. + */ +#define NGHTTP3_H3_GENERAL_PROTOCOL_ERROR 0x0101 +/** + * @macro + * + * :macro:`NGHTTP3_H3_INTERNAL_ERROR` is HTTP/3 application error code + * ``H3_INTERNAL_ERROR``. + */ +#define NGHTTP3_H3_INTERNAL_ERROR 0x0102 +/** + * @macro + * + * :macro:`NGHTTP3_H3_STREAM_CREATION_ERROR` is HTTP/3 application + * error code ``H3_STREAM_CREATION_ERROR``. + */ +#define NGHTTP3_H3_STREAM_CREATION_ERROR 0x0103 +/** + * @macro + * + * :macro:`NGHTTP3_H3_CLOSED_CRITICAL_STREAM` is HTTP/3 application + * error code ``H3_CLOSED_CRITICAL_STREAM``. + */ +#define NGHTTP3_H3_CLOSED_CRITICAL_STREAM 0x0104 +/** + * @macro + * + * :macro:`NGHTTP3_H3_FRAME_UNEXPECTED` is HTTP/3 application error + * code ``H3_FRAME_UNEXPECTED``. + */ +#define NGHTTP3_H3_FRAME_UNEXPECTED 0x0105 +/** + * @macro + * + * :macro:`NGHTTP3_H3_FRAME_ERROR` is HTTP/3 application error code + * ``H3_FRAME_ERROR``. + */ +#define NGHTTP3_H3_FRAME_ERROR 0x0106 +/** + * @macro + * + * :macro:`NGHTTP3_H3_EXCESSIVE_LOAD` is HTTP/3 application error code + * ``H3_EXCESSIVE_LOAD``. + */ +#define NGHTTP3_H3_EXCESSIVE_LOAD 0x0107 +/** + * @macro + * + * :macro:`NGHTTP3_H3_ID_ERROR` is HTTP/3 application error code + * ``H3_ID_ERROR``. + */ +#define NGHTTP3_H3_ID_ERROR 0x0108 +/** + * @macro + * + * :macro:`NGHTTP3_H3_SETTINGS_ERROR` is HTTP/3 application error code + * ``H3_SETTINGS_ERROR``. + */ +#define NGHTTP3_H3_SETTINGS_ERROR 0x0109 +/** + * @macro + * + * :macro:`NGHTTP3_H3_MISSING_SETTINGS` is HTTP/3 application error + * code ``H3_MISSING_SETTINGS``. + */ +#define NGHTTP3_H3_MISSING_SETTINGS 0x010a +/** + * @macro + * + * :macro:`NGHTTP3_H3_REQUEST_REJECTED` is HTTP/3 application error + * code ``H3_REQUEST_REJECTED``. + */ +#define NGHTTP3_H3_REQUEST_REJECTED 0x010b +/** + * @macro + * + * :macro:`NGHTTP3_H3_REQUEST_CANCELLED` is HTTP/3 application error + * code ``H3_REQUEST_CANCELLED``. + */ +#define NGHTTP3_H3_REQUEST_CANCELLED 0x010c +/** + * @macro + * + * :macro:`NGHTTP3_H3_REQUEST_INCOMPLETE` is HTTP/3 application error + * code ``H3_REQUEST_INCOMPLETE``. + */ +#define NGHTTP3_H3_REQUEST_INCOMPLETE 0x010d +/** + * @macro + * + * :macro:`NGHTTP3_H3_MESSAGE_ERROR` is HTTP/3 application error code + * ``H3_MESSAGE_ERROR``. + */ +#define NGHTTP3_H3_MESSAGE_ERROR 0x010e +/** + * @macro + * + * :macro:`NGHTTP3_H3_CONNECT_ERROR` is HTTP/3 application error code + * ``H3_CONNECT_ERROR``. + */ +#define NGHTTP3_H3_CONNECT_ERROR 0x010f +/** + * @macro + * + * :macro:`NGHTTP3_H3_VERSION_FALLBACK` is HTTP/3 application error + * code ``H3_VERSION_FALLBACK``. + */ +#define NGHTTP3_H3_VERSION_FALLBACK 0x0110 +/** + * @macro + * + * :macro:`NGHTTP3_QPACK_DECOMPRESSION_FAILED` is HTTP/3 application + * error code ``QPACK_DECOMPRESSION_FAILED``. + */ +#define NGHTTP3_QPACK_DECOMPRESSION_FAILED 0x0200 +/** + * @macro + * + * :macro:`NGHTTP3_QPACK_ENCODER_STREAM_ERROR` is HTTP/3 application + * error code ``QPACK_ENCODER_STREAM_ERROR``. + */ +#define NGHTTP3_QPACK_ENCODER_STREAM_ERROR 0x0201 +/** + * @macro + * + * :macro:`NGHTTP3_QPACK_DECODER_STREAM_ERROR` is HTTP/3 application + * error code ``QPACK_DECODER_STREAM_ERROR``. + */ +#define NGHTTP3_QPACK_DECODER_STREAM_ERROR 0x0202 + +/** + * @functypedef + * + * :type:`nghttp3_malloc` is a custom memory allocator to replace + * :manpage:`malloc(3)`. The |user_data| is the + * :member:`nghttp3_mem.user_data`. + */ +typedef void *(*nghttp3_malloc)(size_t size, void *user_data); + +/** + * @functypedef + * + * :type:`nghttp3_free` is a custom memory allocator to replace + * :manpage:`free(3)`. The |user_data| is the + * :member:`nghttp3_mem.user_data`. + */ +typedef void (*nghttp3_free)(void *ptr, void *user_data); + +/** + * @functypedef + * + * :type:`nghttp3_calloc` is a custom memory allocator to replace + * :manpage:`calloc(3)`. The |user_data| is the + * :member:`nghttp3_mem.user_data`. + */ +typedef void *(*nghttp3_calloc)(size_t nmemb, size_t size, void *user_data); + +/** + * @functypedef + * + * :type:`nghttp3_realloc` is a custom memory allocator to replace + * :manpage:`realloc(3)`. The |user_data| is the + * :member:`nghttp3_mem.user_data`. + */ +typedef void *(*nghttp3_realloc)(void *ptr, size_t size, void *user_data); + +/** + * @struct + * + * :type:`nghttp3_mem` is a custom memory allocator functions and user + * defined pointer. The :member:`user_data` field is passed to each + * allocator function. This can be used, for example, to achieve + * per-session memory pool. + * + * In the following example code, ``my_malloc``, ``my_free``, + * ``my_calloc``, and ``my_realloc`` are the replacement of the + * standard allocators :manpage:`malloc(3)`, :manpage:`free(3)`, + * :manpage:`calloc(3)` and :manpage:`realloc(3)` respectively:: + * + * void *my_malloc_cb(size_t size, void *user_data) { + * (void)user_data; + * return my_malloc(size); + * } + * + * void my_free_cb(void *ptr, void *user_data) { + * (void)user_data; + * my_free(ptr); + * } + * + * void *my_calloc_cb(size_t nmemb, size_t size, void *user_data) { + * (void)user_data; + * return my_calloc(nmemb, size); + * } + * + * void *my_realloc_cb(void *ptr, size_t size, void *user_data) { + * (void)user_data; + * return my_realloc(ptr, size); + * } + * + * void conn_new() { + * nghttp3_mem mem = {NULL, my_malloc_cb, my_free_cb, my_calloc_cb, + * my_realloc_cb}; + * + * ... + * } + */ +typedef struct nghttp3_mem { + /** + * :member:`user_data` is an arbitrary user supplied data. This is + * passed to each allocator function. + */ + void *user_data; + /** + * :member:`malloc` is a custom allocator function to replace + * :manpage:`malloc(3)`. + */ + nghttp3_malloc malloc; + /** + * :member:`free` is a custom allocator function to replace + * :manpage:`free(3)`. + */ + nghttp3_free free; + /** + * :member:`calloc` is a custom allocator function to replace + * :manpage:`calloc(3)`. + */ + nghttp3_calloc calloc; + /** + * :member:`realloc` is a custom allocator function to replace + * :manpage:`realloc(3)`. + */ + nghttp3_realloc realloc; +} nghttp3_mem; + +/** + * @function + * + * `nghttp3_mem_default` returns the default memory allocator which + * uses malloc/calloc/realloc/free. + */ +NGHTTP3_EXTERN const nghttp3_mem *nghttp3_mem_default(void); + +/** + * @struct + * + * :type:`nghttp3_vec` is ``struct iovec`` compatible structure to + * reference arbitrary array of bytes. + */ +typedef struct nghttp3_vec { + /** + * :member:`base` points to the data. + */ + uint8_t *base; + /** + * :member:`len` is the number of bytes which the buffer pointed by + * :member:`base` contains. + */ + size_t len; +} nghttp3_vec; + +/** + * @struct + * + * :type:`nghttp3_rcbuf` is the object representing reference counted + * buffer. The details of this structure are intentionally hidden + * from the public API. + */ +typedef struct nghttp3_rcbuf nghttp3_rcbuf; + +/** + * @function + * + * `nghttp3_rcbuf_incref` increments the reference count of |rcbuf| by + * 1. + */ +NGHTTP3_EXTERN void nghttp3_rcbuf_incref(nghttp3_rcbuf *rcbuf); + +/** + * @function + * + * `nghttp3_rcbuf_decref` decrements the reference count of |rcbuf| by + * 1. If the reference count becomes zero, the object pointed by + * |rcbuf| will be freed. In this case, application must not use + * |rcbuf| again. + */ +NGHTTP3_EXTERN void nghttp3_rcbuf_decref(nghttp3_rcbuf *rcbuf); + +/** + * @function + * + * `nghttp3_rcbuf_get_buf` returns the underlying buffer managed by + * |rcbuf|. + */ +NGHTTP3_EXTERN nghttp3_vec nghttp3_rcbuf_get_buf(const nghttp3_rcbuf *rcbuf); + +/** + * @function + * + * `nghttp3_rcbuf_is_static` returns nonzero if the underlying buffer + * is statically allocated, and 0 otherwise. This can be useful for + * language bindings that wish to avoid creating duplicate strings for + * these buffers. + */ +NGHTTP3_EXTERN int nghttp3_rcbuf_is_static(const nghttp3_rcbuf *rcbuf); + +/** + * @struct + * + * :type:`nghttp3_buf` is the variable size buffer. + */ +typedef struct nghttp3_buf { + /** + * :member:`begin` points to the beginning of the buffer. + */ + uint8_t *begin; + /** + * :member:`end` points to the one beyond of the last byte of the + * buffer + */ + uint8_t *end; + /** + * :member:`pos` points to the start of data. Typically, this + * points to the address that next data should be read. Initially, + * it points to :member:`begin`. + */ + uint8_t *pos; + /** + * :member:`last` points to the one beyond of the last data of the + * buffer. Typically, new data is written at this point. + * Initially, it points to :member:`begin`. + */ + uint8_t *last; +} nghttp3_buf; + +/** + * @function + * + * `nghttp3_buf_init` initializes empty |buf|. + */ +NGHTTP3_EXTERN void nghttp3_buf_init(nghttp3_buf *buf); + +/** + * @function + * + * `nghttp3_buf_free` frees resources allocated for |buf| using |mem| + * as memory allocator. :member:`buf->begin ` must + * be a heap buffer allocated by |mem|. + */ +NGHTTP3_EXTERN void nghttp3_buf_free(nghttp3_buf *buf, const nghttp3_mem *mem); + +/** + * @function + * + * `nghttp3_buf_left` returns the number of additional bytes which can + * be written to the underlying buffer. In other words, it returns + * :member:`buf->end ` - :member:`buf->last + * `. + */ +NGHTTP3_EXTERN size_t nghttp3_buf_left(const nghttp3_buf *buf); + +/** + * @function + * + * `nghttp3_buf_len` returns the number of bytes left to read. In + * other words, it returns :member:`buf->last ` - + * :member:`buf->pos `. + */ +NGHTTP3_EXTERN size_t nghttp3_buf_len(const nghttp3_buf *buf); + +/** + * @function + * + * `nghttp3_buf_reset` sets :member:`buf->pos ` and + * :member:`buf->last ` to :member:`buf->begin + * `. + */ +NGHTTP3_EXTERN void nghttp3_buf_reset(nghttp3_buf *buf); + +/** + * @macrosection + * + * Flags for HTTP field name/value pair + */ + +/** + * @macro + * + * :macro:`NGHTTP3_NV_FLAG_NONE` indicates no flag set. + */ +#define NGHTTP3_NV_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGHTTP3_NV_FLAG_NEVER_INDEX` indicates that this name/value + * pair must not be indexed. Other implementation calls this bit as + * "sensitive". + */ +#define NGHTTP3_NV_FLAG_NEVER_INDEX 0x01u + +/** + * @macro + * + * :macro:`NGHTTP3_NV_FLAG_NO_COPY_NAME` is set solely by application. + * If this flag is set, the library does not make a copy of field + * name. This could improve performance. + */ +#define NGHTTP3_NV_FLAG_NO_COPY_NAME 0x02u + +/** + * @macro + * + * :macro:`NGHTTP3_NV_FLAG_NO_COPY_VALUE` is set solely by + * application. If this flag is set, the library does not make a copy + * of field value. This could improve performance. + */ +#define NGHTTP3_NV_FLAG_NO_COPY_VALUE 0x04u + +/** + * @macro + * + * :macro:`NGHTTP3_NV_FLAG_TRY_INDEX` gives a hint to QPACK encoder to + * index an HTTP field which is not indexed by default. This is just + * a hint, and QPACK encoder might not encode the field in various + * reasons. + */ +#define NGHTTP3_NV_FLAG_TRY_INDEX 0x08u + +/** + * @struct + * + * :type:`nghttp3_nv` is the name/value pair, which mainly used to + * represent HTTP fields. + */ +typedef struct nghttp3_nv { + /** + * :member:`name` is the HTTP field name. + */ + const uint8_t *name; + /** + * :member:`value` is the HTTP field value. + */ + const uint8_t *value; + /** + * :member:`namelen` is the length of the |name|, excluding + * terminating NULL. + */ + size_t namelen; + /** + * :member:`valuelen` is the length of the |value|, excluding + * terminating NULL. + */ + size_t valuelen; + /** + * :member:`flags` is bitwise OR of one or more of + * :macro:`NGHTTP3_NV_FLAG_* `. + */ + uint8_t flags; +} nghttp3_nv; + +/* Generated by mkstatichdtbl.py */ +/** + * @enum + * + * :type:`nghttp3_qpack_token` defines HTTP field name tokens to + * identify field name quickly. It appears in + * :member:`nghttp3_qpack_nv.token`. + */ +typedef enum nghttp3_qpack_token { + /** + * :enum:`NGHTTP3_QPACK_TOKEN__AUTHORITY` is a token for + * ``:authority``. + */ + NGHTTP3_QPACK_TOKEN__AUTHORITY = 0, + /** + * :enum:`NGHTTP3_QPACK_TOKEN__PATH` is a token for ``:path``. + */ + NGHTTP3_QPACK_TOKEN__PATH = 8, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_AGE` is a token for ``age``. + */ + NGHTTP3_QPACK_TOKEN_AGE = 43, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_CONTENT_DISPOSITION` is a token for + * ``content-disposition``. + */ + NGHTTP3_QPACK_TOKEN_CONTENT_DISPOSITION = 52, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_CONTENT_LENGTH` is a token for + * ``content-length``. + */ + NGHTTP3_QPACK_TOKEN_CONTENT_LENGTH = 55, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_COOKIE` is a token for ``cookie``. + */ + NGHTTP3_QPACK_TOKEN_COOKIE = 68, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_DATE` is a token for ``date``. + */ + NGHTTP3_QPACK_TOKEN_DATE = 69, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ETAG` is a token for ``etag``. + */ + NGHTTP3_QPACK_TOKEN_ETAG = 71, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_IF_MODIFIED_SINCE` is a token for + * ``if-modified-since``. + */ + NGHTTP3_QPACK_TOKEN_IF_MODIFIED_SINCE = 74, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_IF_NONE_MATCH` is a token for + * ``if-none-match``. + */ + NGHTTP3_QPACK_TOKEN_IF_NONE_MATCH = 75, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_LAST_MODIFIED` is a token for + * ``last-modified``. + */ + NGHTTP3_QPACK_TOKEN_LAST_MODIFIED = 77, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_LINK` is a token for ``link``. + */ + NGHTTP3_QPACK_TOKEN_LINK = 78, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_LOCATION` is a token for ``location``. + */ + NGHTTP3_QPACK_TOKEN_LOCATION = 79, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_REFERER` is a token for ``referer``. + */ + NGHTTP3_QPACK_TOKEN_REFERER = 83, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_SET_COOKIE` is a token for + * ``set-cookie``. + */ + NGHTTP3_QPACK_TOKEN_SET_COOKIE = 85, + /** + * :enum:`NGHTTP3_QPACK_TOKEN__METHOD` is a token for ``:method``. + */ + NGHTTP3_QPACK_TOKEN__METHOD = 1, + /** + * :enum:`NGHTTP3_QPACK_TOKEN__SCHEME` is a token for ``:scheme``. + */ + NGHTTP3_QPACK_TOKEN__SCHEME = 9, + /** + * :enum:`NGHTTP3_QPACK_TOKEN__STATUS` is a token for ``:status``. + */ + NGHTTP3_QPACK_TOKEN__STATUS = 11, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCEPT` is a token for ``accept``. + */ + NGHTTP3_QPACK_TOKEN_ACCEPT = 25, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCEPT_ENCODING` is a token for + * ``accept-encoding``. + */ + NGHTTP3_QPACK_TOKEN_ACCEPT_ENCODING = 27, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCEPT_RANGES` is a token for + * ``accept-ranges``. + */ + NGHTTP3_QPACK_TOKEN_ACCEPT_RANGES = 29, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_HEADERS` is a + * token for ``access-control-allow-headers``. + */ + NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_HEADERS = 32, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_ORIGIN` is a + * token for ``access-control-allow-origin``. + */ + NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_ORIGIN = 38, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_CACHE_CONTROL` is a token for + * ``cache-control``. + */ + NGHTTP3_QPACK_TOKEN_CACHE_CONTROL = 46, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_CONTENT_ENCODING` is a token for + * ``content-encoding``. + */ + NGHTTP3_QPACK_TOKEN_CONTENT_ENCODING = 53, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_CONTENT_TYPE` is a token for + * ``content-type``. + */ + NGHTTP3_QPACK_TOKEN_CONTENT_TYPE = 57, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_RANGE` is a token for ``range``. + */ + NGHTTP3_QPACK_TOKEN_RANGE = 82, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_STRICT_TRANSPORT_SECURITY` is a token + * for ``strict-transport-security``. + */ + NGHTTP3_QPACK_TOKEN_STRICT_TRANSPORT_SECURITY = 86, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_VARY` is a token for ``vary``. + */ + NGHTTP3_QPACK_TOKEN_VARY = 92, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_X_CONTENT_TYPE_OPTIONS` is a token for + * ``x-content-type-options``. + */ + NGHTTP3_QPACK_TOKEN_X_CONTENT_TYPE_OPTIONS = 94, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_X_XSS_PROTECTION` is a token for + * ``x-xss-protection``. + */ + NGHTTP3_QPACK_TOKEN_X_XSS_PROTECTION = 98, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCEPT_LANGUAGE` is a token for + * ``accept-language``. + */ + NGHTTP3_QPACK_TOKEN_ACCEPT_LANGUAGE = 28, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_CREDENTIALS` is a + * token for ``access-control-allow-credentials``. + */ + NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_CREDENTIALS = 30, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_METHODS` is a + * token for ``access-control-allow-methods``. + */ + NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_ALLOW_METHODS = 35, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_EXPOSE_HEADERS` is a + * token for ``access-control-expose-headers``. + */ + NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_EXPOSE_HEADERS = 39, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_REQUEST_HEADERS` is a + * token for ``access-control-request-headers``. + */ + NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_REQUEST_HEADERS = 40, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_REQUEST_METHOD` is a + * token for ``access-control-request-method``. + */ + NGHTTP3_QPACK_TOKEN_ACCESS_CONTROL_REQUEST_METHOD = 41, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ALT_SVC` is a token for ``alt-svc``. + */ + NGHTTP3_QPACK_TOKEN_ALT_SVC = 44, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_AUTHORIZATION` is a token for + * ``authorization``. + */ + NGHTTP3_QPACK_TOKEN_AUTHORIZATION = 45, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_CONTENT_SECURITY_POLICY` is a token + * for ``content-security-policy``. + */ + NGHTTP3_QPACK_TOKEN_CONTENT_SECURITY_POLICY = 56, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_EARLY_DATA` is a token for + * ``early-data``. + */ + NGHTTP3_QPACK_TOKEN_EARLY_DATA = 70, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_EXPECT_CT` is a token for + * ``expect-ct``. + */ + NGHTTP3_QPACK_TOKEN_EXPECT_CT = 72, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_FORWARDED` is a token for + * ``forwarded``. + */ + NGHTTP3_QPACK_TOKEN_FORWARDED = 73, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_IF_RANGE` is a token for ``if-range``. + */ + NGHTTP3_QPACK_TOKEN_IF_RANGE = 76, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_ORIGIN` is a token for ``origin``. + */ + NGHTTP3_QPACK_TOKEN_ORIGIN = 80, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_PURPOSE` is a token for ``purpose``. + */ + NGHTTP3_QPACK_TOKEN_PURPOSE = 81, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_SERVER` is a token for ``server``. + */ + NGHTTP3_QPACK_TOKEN_SERVER = 84, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_TIMING_ALLOW_ORIGIN` is a token for + * ``timing-allow-origin``. + */ + NGHTTP3_QPACK_TOKEN_TIMING_ALLOW_ORIGIN = 89, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_UPGRADE_INSECURE_REQUESTS` is a token + * for ``upgrade-insecure-requests``. + */ + NGHTTP3_QPACK_TOKEN_UPGRADE_INSECURE_REQUESTS = 90, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_USER_AGENT` is a token for + * ``user-agent``. + */ + NGHTTP3_QPACK_TOKEN_USER_AGENT = 91, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_X_FORWARDED_FOR` is a token for + * ``x-forwarded-for``. + */ + NGHTTP3_QPACK_TOKEN_X_FORWARDED_FOR = 95, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_X_FRAME_OPTIONS` is a token for + * ``x-frame-options``. + */ + NGHTTP3_QPACK_TOKEN_X_FRAME_OPTIONS = 96, + + /* Additional HTTP fields for HTTP messaging validation */ + + /** + * :enum:`NGHTTP3_QPACK_TOKEN_HOST` is a token for ``host``. + */ + NGHTTP3_QPACK_TOKEN_HOST = 1000, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_CONNECTION` is a token for + * ``connection``. + */ + NGHTTP3_QPACK_TOKEN_CONNECTION, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_KEEP_ALIVE` is a token for + * ``keep-alive``. + */ + NGHTTP3_QPACK_TOKEN_KEEP_ALIVE, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_PROXY_CONNECTION` is a token for + * ``proxy-connection``. + */ + NGHTTP3_QPACK_TOKEN_PROXY_CONNECTION, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_TRANSFER_ENCODING` is a token for + * ``transfer-encoding``. + */ + NGHTTP3_QPACK_TOKEN_TRANSFER_ENCODING, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_UPGRADE` is a token for ``upgrade``. + */ + NGHTTP3_QPACK_TOKEN_UPGRADE, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_TE` is a token for ``te``. + */ + NGHTTP3_QPACK_TOKEN_TE, + /** + * :enum:`NGHTTP3_QPACK_TOKEN__PROTOCOL` is a token for + * ``:protocol``. + */ + NGHTTP3_QPACK_TOKEN__PROTOCOL, + /** + * :enum:`NGHTTP3_QPACK_TOKEN_PRIORITY` is a token for ``priority``. + */ + NGHTTP3_QPACK_TOKEN_PRIORITY +} nghttp3_qpack_token; + +/** + * @struct + * + * :type:`nghttp3_qpack_nv` represents HTTP field name/value pair just + * like :type:`nghttp3_nv`. It is an extended version of + * :type:`nghttp3_nv`, and has reference counted buffers and tokens. + */ +typedef struct nghttp3_qpack_nv { + /** + * :member:`name` is the buffer containing HTTP field name. + * NULL-termination is guaranteed. + */ + nghttp3_rcbuf *name; + /** + * :member:`value` is the buffer containing HTTP field value. + * NULL-termination is guaranteed. + */ + nghttp3_rcbuf *value; + /** + * :member:`token` is :type:`nghttp3_qpack_token` value of + * :member:`name`. It could be -1 if we have no token for that HTTP + * field name. + */ + int32_t token; + /** + * :member:`flags` is a bitwise OR of one or more of + * :macro:`NGHTTP3_NV_FLAG_* `. + */ + uint8_t flags; +} nghttp3_qpack_nv; + +/** + * @struct + * + * :type:`nghttp3_qpack_encoder` is QPACK encoder. The details of + * this structure are intentionally hidden from the public API. + */ +typedef struct nghttp3_qpack_encoder nghttp3_qpack_encoder; + +/** + * @function + * + * `nghttp3_qpack_encoder_new` initializes QPACK encoder. |pencoder| + * must be non-NULL pointer. |hard_max_dtable_capacity| is the upper + * bound of the dynamic table capacity. |mem| is a memory allocator. + * This function allocates memory for :type:`nghttp3_qpack_encoder` + * itself, and assigns its pointer to |*pencoder| if it succeeds. + * + * The maximum dynamic table capacity is still 0. In order to change + * the maximum dynamic table capacity, call + * `nghttp3_qpack_encoder_set_max_dtable_capacity`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * + * See also `nghttp3_qpack_encoder_new2`. This function calls + * `nghttp3_qpack_encoder_new2` with the given parameters and 0 as + * seed. + */ +NGHTTP3_EXTERN int nghttp3_qpack_encoder_new(nghttp3_qpack_encoder **pencoder, + size_t hard_max_dtable_capacity, + const nghttp3_mem *mem); + +/** + * @function + * + * `nghttp3_qpack_encoder_new2` initializes QPACK encoder. |pencoder| + * must be non-NULL pointer. |hard_max_dtable_capacity| is the upper + * bound of the dynamic table capacity. |seed| must be unpredictable + * value, and is used to seed the internal data structure. |mem| is a + * memory allocator. This function allocates memory for + * :type:`nghttp3_qpack_encoder` itself, and assigns its pointer to + * |*pencoder| if it succeeds. + * + * The maximum dynamic table capacity is still 0. In order to change + * the maximum dynamic table capacity, call + * `nghttp3_qpack_encoder_set_max_dtable_capacity`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * + * This function is available since v1.11.0. + */ +NGHTTP3_EXTERN int nghttp3_qpack_encoder_new2(nghttp3_qpack_encoder **pencoder, + size_t hard_max_dtable_capacity, + uint64_t seed, + const nghttp3_mem *mem); + +/** + * @function + * + * `nghttp3_qpack_encoder_del` frees memory allocated for |encoder|. + * This function also frees memory pointed by |encoder| itself. This + * function does nothing if |encoder| is NULL. + */ +NGHTTP3_EXTERN void nghttp3_qpack_encoder_del(nghttp3_qpack_encoder *encoder); + +/** + * @function + * + * `nghttp3_qpack_encoder_encode` encodes the list of HTTP fields + * |nva|. |nvlen| is the length of |nva|. |stream_id| is the + * identifier of the stream which these HTTP fields belong to. This + * function writes field section prefix, encoded HTTP field section, + * and encoder stream to |pbuf|, |rbuf|, and |ebuf| respectively. + * Each :member:`nghttp3_buf.last` will be adjusted when data is + * written. An application should write |pbuf| and |rbuf| to the + * request stream in this order. + * + * The buffer pointed by |pbuf|, |rbuf|, and |ebuf| can be empty + * buffer. It is fine to pass a buffer initialized by + * `nghttp3_buf_init(buf) `. This function + * allocates memory for these buffers as necessary. In particular, it + * frees and expands buffer if the current capacity of buffer is not + * enough. If :member:`nghttp3_buf.begin` of any buffer is not NULL, + * it must be allocated by the same memory allocator passed to + * `nghttp3_qpack_encoder_new`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory + * :macro:`NGHTTP3_ERR_QPACK_FATAL` + * |encoder| is in unrecoverable error state, and cannot be used + * anymore. + */ +NGHTTP3_EXTERN int nghttp3_qpack_encoder_encode( + nghttp3_qpack_encoder *encoder, nghttp3_buf *pbuf, nghttp3_buf *rbuf, + nghttp3_buf *ebuf, int64_t stream_id, const nghttp3_nv *nva, size_t nvlen); + +/** + * @function + * + * `nghttp3_qpack_encoder_read_decoder` reads decoder stream. The + * buffer pointed by |src| of length |srclen| contains decoder stream. + * + * This function returns the number of bytes read, or one of the + * following negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory + * :macro:`NGHTTP3_ERR_QPACK_FATAL` + * |encoder| is in unrecoverable error state, and cannot be used + * anymore. + * :macro:`NGHTTP3_ERR_QPACK_DECODER_STREAM` + * |encoder| is unable to process input because it is malformed. + */ +NGHTTP3_EXTERN nghttp3_ssize nghttp3_qpack_encoder_read_decoder( + nghttp3_qpack_encoder *encoder, const uint8_t *src, size_t srclen); + +/** + * @function + * + * `nghttp3_qpack_encoder_set_max_dtable_capacity` sets max dynamic + * table capacity to |max_dtable_capacity|. If |max_dtable_capacity| + * is larger than ``hard_max_dtable_capacity`` parameter of + * `nghttp3_qpack_encoder_new`, it is truncated to the latter. + */ +NGHTTP3_EXTERN void +nghttp3_qpack_encoder_set_max_dtable_capacity(nghttp3_qpack_encoder *encoder, + size_t max_dtable_capacity); + +/** + * @function + * + * `nghttp3_qpack_encoder_set_max_blocked_streams` sets the number of + * streams which can be blocked to |max_blocked_streams|. + */ +NGHTTP3_EXTERN void +nghttp3_qpack_encoder_set_max_blocked_streams(nghttp3_qpack_encoder *encoder, + size_t max_blocked_streams); + +/** + * @function + * + * `nghttp3_qpack_encoder_ack_everything` tells |encoder| that all + * encoded HTTP field sections are acknowledged. This function is + * provided for debugging purpose only. In HTTP/3, |encoder| knows + * this by reading decoder stream with + * `nghttp3_qpack_encoder_read_decoder`. + */ +NGHTTP3_EXTERN void +nghttp3_qpack_encoder_ack_everything(nghttp3_qpack_encoder *encoder); + +/** + * @function + * + * `nghttp3_qpack_encoder_get_num_blocked_streams` returns the number + * of streams which are potentially blocked at decoder side. + */ +NGHTTP3_EXTERN size_t +nghttp3_qpack_encoder_get_num_blocked_streams(nghttp3_qpack_encoder *encoder); + +/** + * @struct + * + * :type:`nghttp3_qpack_stream_context` is a decoder context for an + * individual stream. Its state is per HTTP field section. In order + * to reuse this object for another HTTP field section, call + * `nghttp3_qpack_stream_context_reset`. The details of this + * structure are intentionally hidden from the public API. + */ +typedef struct nghttp3_qpack_stream_context nghttp3_qpack_stream_context; + +/** + * @function + * + * `nghttp3_qpack_stream_context_new` initializes stream context. + * |psctx| must be non-NULL pointer. |stream_id| is stream ID. |mem| + * is a memory allocator. This function allocates memory for + * :type:`nghttp3_qpack_stream_context` itself, and assigns its + * pointer to |*psctx| if it succeeds. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int +nghttp3_qpack_stream_context_new(nghttp3_qpack_stream_context **psctx, + int64_t stream_id, const nghttp3_mem *mem); + +/** + * @function + * + * `nghttp3_qpack_stream_context_del` frees memory allocated for + * |sctx|. This function frees memory pointed by |sctx| itself. This + * function does nothing if |sctx| is NULL. + */ +NGHTTP3_EXTERN void +nghttp3_qpack_stream_context_del(nghttp3_qpack_stream_context *sctx); + +/** + * @function + * + * `nghttp3_qpack_stream_context_get_ricnt` returns required insert + * count. + */ +NGHTTP3_EXTERN uint64_t +nghttp3_qpack_stream_context_get_ricnt(nghttp3_qpack_stream_context *sctx); + +/** + * @function + * + * `nghttp3_qpack_stream_context_reset` resets the state of |sctx|. + * Then it can be reused for decoding an another HTTP field section in + * the same stream. + */ +NGHTTP3_EXTERN +void nghttp3_qpack_stream_context_reset(nghttp3_qpack_stream_context *sctx); + +/** + * @struct + * + * :type:`nghttp3_qpack_decoder` is QPACK decoder. The details of + * this structure are intentionally hidden from the public API. + */ +typedef struct nghttp3_qpack_decoder nghttp3_qpack_decoder; + +/** + * @function + * + * `nghttp3_qpack_decoder_new` initializes QPACK decoder. |pdecoder| + * must be non-NULL pointer. |hard_max_dtable_capacity| is the upper + * bound of the dynamic table capacity. |max_blocked_streams| is the + * maximum number of streams which can be blocked. |mem| is a memory + * allocator. This function allocates memory for + * :type:`nghttp3_qpack_decoder` itself, and assigns its pointer to + * |*pdecoder| if it succeeds. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_qpack_decoder_new(nghttp3_qpack_decoder **pdecoder, + size_t hard_max_dtable_capacity, + size_t max_blocked_streams, + const nghttp3_mem *mem); + +/** + * @function + * + * `nghttp3_qpack_decoder_del` frees memory allocated for |decoder|. + * This function frees memory pointed by |decoder| itself. This + * function does nothing if |decoder| is NULL. + */ +NGHTTP3_EXTERN void nghttp3_qpack_decoder_del(nghttp3_qpack_decoder *decoder); + +/** + * @function + * + * `nghttp3_qpack_decoder_read_encoder` reads encoder stream. The + * buffer pointed by |src| of length |srclen| contains encoder stream. + * + * This function returns the number of bytes read, or one of the + * following negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * :macro:`NGHTTP3_ERR_QPACK_FATAL` + * |decoder| is in unrecoverable error state, and cannot be used + * anymore. + * :macro:`NGHTTP3_ERR_QPACK_ENCODER_STREAM` + * Could not interpret encoder stream instruction. + */ +NGHTTP3_EXTERN nghttp3_ssize nghttp3_qpack_decoder_read_encoder( + nghttp3_qpack_decoder *decoder, const uint8_t *src, size_t srclen); + +/** + * @function + * + * `nghttp3_qpack_decoder_get_icnt` returns insert count. + */ +NGHTTP3_EXTERN uint64_t +nghttp3_qpack_decoder_get_icnt(const nghttp3_qpack_decoder *decoder); + +/** + * @macrosection + * + * Flags for QPACK decoder + */ + +/** + * @macro + * + * :macro:`NGHTTP3_QPACK_DECODE_FLAG_NONE` indicates that no flag set. + */ +#define NGHTTP3_QPACK_DECODE_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGHTTP3_QPACK_DECODE_FLAG_EMIT` indicates that an HTTP + * field is successfully decoded. + */ +#define NGHTTP3_QPACK_DECODE_FLAG_EMIT 0x01u + +/** + * @macro + * + * :macro:`NGHTTP3_QPACK_DECODE_FLAG_FINAL` indicates that an entire + * HTTP field section has been decoded. + */ +#define NGHTTP3_QPACK_DECODE_FLAG_FINAL 0x02u + +/** + * @macro + * + * :macro:`NGHTTP3_QPACK_DECODE_FLAG_BLOCKED` indicates that decoding + * has been blocked. + */ +#define NGHTTP3_QPACK_DECODE_FLAG_BLOCKED 0x04u + +/** + * @function + * + * `nghttp3_qpack_decoder_read_request` reads request stream. The + * request stream is given as the buffer pointed by |src| of length + * |srclen|. |sctx| is the stream context, and it must be created by + * `nghttp3_qpack_stream_context_new`. |*pflags| must be non-NULL + * pointer. |nv| must be non-NULL pointer. + * + * If this function succeeds, it assigns flags to |*pflags|. If + * |*pflags| has :macro:`NGHTTP3_QPACK_DECODE_FLAG_EMIT` set, a + * decoded HTTP field is assigned to |nv|. If |*pflags| has + * :macro:`NGHTTP3_QPACK_DECODE_FLAG_FINAL` set, an entire HTTP field + * section has been successfully decoded. If |*pflags| has + * :macro:`NGHTTP3_QPACK_DECODE_FLAG_BLOCKED` set, decoding is blocked + * due to required insert count. + * + * When an HTTP field is decoded, an application receives it in |nv|. + * :member:`nv->name ` and :member:`nv->value + * ` are reference counted buffer, and their + * reference counts are already incremented for application use. + * Therefore, when application finishes processing |nv|, it must call + * `nghttp3_rcbuf_decref(nv->name) ` and + * `nghttp3_rcbuf_decref(nv->value) `, or memory + * leak might occur. These :type:`nghttp3_rcbuf` objects hold the + * pointer to :type:`nghttp3_mem` that is passed to + * `nghttp3_qpack_decoder_new` (or either `nghttp3_conn_client_new` or + * `nghttp3_conn_server_new` if it is used indirectly). As long as + * these objects are alive, the pointed :type:`nghttp3_mem` object + * must be available. Otherwise, `nghttp3_rcbuf_decref` will cause + * undefined behavior. + * + * This function returns the number of bytes read, or one of the + * following negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * :macro:`NGHTTP3_ERR_QPACK_FATAL` + * |decoder| is in unrecoverable error state, and cannot be used + * anymore. + * :macro:`NGHTTP3_ERR_QPACK_DECOMPRESSION_FAILED` + * Could not interpret field line representations. + * :macro:`NGHTTP3_ERR_QPACK_HEADER_TOO_LARGE` + * HTTP field is too large. + */ +NGHTTP3_EXTERN nghttp3_ssize nghttp3_qpack_decoder_read_request( + nghttp3_qpack_decoder *decoder, nghttp3_qpack_stream_context *sctx, + nghttp3_qpack_nv *nv, uint8_t *pflags, const uint8_t *src, size_t srclen, + int fin); + +/** + * @function + * + * `nghttp3_qpack_decoder_write_decoder` writes decoder stream into + * |dbuf|. + * + * The caller must ensure that `nghttp3_buf_left(dbuf) + * ` >= + * `nghttp3_qpack_decoder_get_decoder_streamlen(decoder) + * `. + */ +NGHTTP3_EXTERN void +nghttp3_qpack_decoder_write_decoder(nghttp3_qpack_decoder *decoder, + nghttp3_buf *dbuf); + +/** + * @function + * + * `nghttp3_qpack_decoder_get_decoder_streamlen` returns the length of + * decoder stream that is currently pending. + */ +NGHTTP3_EXTERN size_t +nghttp3_qpack_decoder_get_decoder_streamlen(nghttp3_qpack_decoder *decoder); + +/** + * @function + * + * `nghttp3_qpack_decoder_cancel_stream` cancels HTTP field section + * decoding for stream denoted by |stream_id|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * :macro:`NGHTTP3_ERR_QPACK_FATAL` + * Decoder stream overflow. + */ +NGHTTP3_EXTERN int +nghttp3_qpack_decoder_cancel_stream(nghttp3_qpack_decoder *decoder, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_qpack_decoder_set_max_dtable_capacity` sets + * |max_dtable_capacity| as maximum dynamic table size. + * |max_dtable_capacity| must be equal to, or smaller than + * ``hard_max_dtable_capacity`` parameter of + * `nghttp3_qpack_decoder_new`. Normally, the maximum capacity is + * communicated in encoder stream. This function is provided for + * debugging and testing purpose. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_ARGUMENT` + * |max_dtable_capacity| exceeds the upper bound of the dynamic + * table capacity. + */ +NGHTTP3_EXTERN int +nghttp3_qpack_decoder_set_max_dtable_capacity(nghttp3_qpack_decoder *decoder, + size_t max_dtable_capacity); + +/** + * @function + * + * `nghttp3_qpack_decoder_set_max_concurrent_streams` tells |decoder| + * the maximum number of concurrent streams that a remote endpoint can + * open, including both bidirectional and unidirectional streams which + * potentially receive QPACK encoded HEADERS frame. This value is + * used as a hint to limit the length of decoder stream. + */ +NGHTTP3_EXTERN void +nghttp3_qpack_decoder_set_max_concurrent_streams(nghttp3_qpack_decoder *decoder, + size_t max_concurrent_streams); + +/** + * @function + * + * `nghttp3_strerror` returns textual representation of |liberr|. + */ +NGHTTP3_EXTERN const char *nghttp3_strerror(int liberr); + +/** + * @function + * + * `nghttp3_err_infer_quic_app_error_code` returns a QUIC application + * error code which corresponds to |liberr|. + */ +NGHTTP3_EXTERN uint64_t nghttp3_err_infer_quic_app_error_code(int liberr); + +/** + * @functypedef + * + * :type:`nghttp3_debug_vprintf_callback` is a callback function + * invoked when the library outputs debug logging. The function is + * called with arguments suitable for :manpage:`vfprintf(3)`. + * + * The debug output is only enabled if the library is built with + * :macro:`DEBUGBUILD` macro defined. + */ +typedef void (*nghttp3_debug_vprintf_callback)(const char *format, + va_list args); + +/** + * @function + * + * `nghttp3_set_debug_vprintf_callback` sets a debug output callback + * called by the library when built with :macro:`DEBUGBUILD` macro + * defined. If a callback function is not set by this function, debug + * log is written into standard error output. + * + * For builds without :macro:`DEBUGBUILD` macro defined, this function + * is noop. + * + * Note that building with :macro:`DEBUGBUILD` may cause significant + * performance penalty to libnghttp3 because of extra processing. It + * should be used for debugging purpose only. + * + * .. Warning:: + * + * Building with :macro:`DEBUGBUILD` may cause significant + * performance penalty to libnghttp3 because of extra processing. + * It should be used for debugging purpose only. We write this two + * times because this is important. + */ +NGHTTP3_EXTERN void nghttp3_set_debug_vprintf_callback( + nghttp3_debug_vprintf_callback debug_vprintf_callback); + +/** + * @macrosection + * + * Shutdown related constants + */ + +/** + * @macro + * + * :macro:`NGHTTP3_SHUTDOWN_NOTICE_STREAM_ID` specifies stream ID sent + * by a server when it initiates graceful shutdown of the connection + * via `nghttp3_conn_submit_shutdown_notice`. + */ +#define NGHTTP3_SHUTDOWN_NOTICE_STREAM_ID ((1ull << 62) - 4) + +/** + * @macro + * + * :macro:`NGHTTP3_SHUTDOWN_NOTICE_PUSH_ID` specifies push ID sent by + * a client when it initiates graceful shutdown of the connection via + * `nghttp3_conn_submit_shutdown_notice`. Note that libnghttp3 does + * not implement HTTP/3 Server Push. + */ +#define NGHTTP3_SHUTDOWN_NOTICE_PUSH_ID ((1ull << 62) - 1) + +/** + * @struct + * + * :type:`nghttp3_conn` represents a single HTTP/3 connection. The + * details of this structure are intentionally hidden from the public + * API. + */ +typedef struct nghttp3_conn nghttp3_conn; + +#define NGHTTP3_SETTINGS_V1 1 +#define NGHTTP3_SETTINGS_V2 2 +#define NGHTTP3_SETTINGS_VERSION NGHTTP3_SETTINGS_V2 + +/** + * @struct + * + * :type:`nghttp3_settings` defines HTTP/3 settings. + */ +typedef struct nghttp3_settings { + /** + * :member:`max_field_section_size` specifies the maximum header + * section (block) size. + */ + uint64_t max_field_section_size; + /** + * :member:`qpack_max_dtable_capacity` is the maximum size of QPACK + * dynamic table. + */ + size_t qpack_max_dtable_capacity; + /** + * :member:`qpack_encoder_max_dtable_capacity` is the upper bound of + * QPACK dynamic table capacity that the QPACK encoder is willing to + * use. The effective maximum dynamic table capacity is the minimum + * of this field and the value of the received + * SETTINGS_QPACK_MAX_TABLE_CAPACITY. If this field is set to 0, + * the encoder does not use the dynamic table. + * + * When :type:`nghttp3_settings` is passed to + * :member:`nghttp3_callbacks.recv_settings` callback, this field + * should be ignored. + */ + size_t qpack_encoder_max_dtable_capacity; + /** + * :member:`qpack_blocked_streams` is the maximum number of streams + * which can be blocked while they are being decoded. + */ + size_t qpack_blocked_streams; + /** + * :member:`enable_connect_protocol`, if set to nonzero, enables + * Extended CONNECT Method (see :rfc:`9220`). Client ignores this + * field. + */ + uint8_t enable_connect_protocol; + /** + * :member:`h3_datagram`, if set to nonzero, enables HTTP/3 + * Datagrams (see :rfc:`9297`). + */ + uint8_t h3_datagram; + /* The following fields have been added since NGHTTP3_SETTINGS_V2. */ + /** + * :member:`origin_list`, if set, must contain a serialized HTTP/3 + * ORIGIN frame (see :rfc:`9412`) payload. The ORIGIN frame payload + * is a sequence of zero or more of a length prefixed byte string. + * The length is encoded in 2 bytes in network byte order. If + * :member:`origin_list->len ` is zero, an empty + * ORIGIN frame is sent. An application must keep the buffer + * pointed by :member:`origin_list->base ` alive + * until the :type:`nghttp3_conn` to which this field was passed is + * freed by `nghttp3_conn_del`. The object pointed to by this field + * is copied internally, and does not need to be kept alive. Only + * server uses this field. This field is available since v1.11.0. + */ + const nghttp3_vec *origin_list; +} nghttp3_settings; + +/** + * @functypedef + * + * :type:`nghttp3_acked_stream_data` is a callback function which is + * invoked when data sent on stream denoted by |stream_id| supplied + * from application is acknowledged by remote endpoint. The number of + * bytes acknowledged is given in |datalen|. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_acked_stream_data)(nghttp3_conn *conn, int64_t stream_id, + uint64_t datalen, void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_conn_stream_close` is a callback function which is + * invoked when a stream identified by |stream_id| is closed. QUIC + * application error code |app_error_code| indicates the reason of + * this closure. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_stream_close)(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, + void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_recv_data` is a callback function which is invoked + * when a part of request or response body on stream identified by + * |stream_id| is received. |data| points to the received data, and + * its length is |datalen|. + * + * The application is responsible for increasing flow control credit + * (say, increasing by |datalen| bytes). + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_recv_data)(nghttp3_conn *conn, int64_t stream_id, + const uint8_t *data, size_t datalen, + void *conn_user_data, void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_deferred_consume` is a callback function which is + * invoked when the library consumed |consumed| bytes for a stream + * identified by |stream_id|. This callback is used to notify the + * consumed bytes for stream blocked due to synchronization between + * streams. The application is responsible for increasing flow + * control credit by |consumed| bytes. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_deferred_consume)(nghttp3_conn *conn, int64_t stream_id, + size_t consumed, void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_begin_headers` is a callback function which is + * invoked when an incoming HTTP field section is started on a stream + * denoted by |stream_id|. Each HTTP field is passed to application + * by :type:`nghttp3_recv_header` callback. And then + * :type:`nghttp3_end_headers` is called when a whole HTTP field + * section is processed. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_begin_headers)(nghttp3_conn *conn, int64_t stream_id, + void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_recv_header` is a callback function which is invoked + * when an HTTP field is received on a stream denoted by |stream_id|. + * |name| contains a field name, and |value| contains a field value. + * |token| is one of token defined in :type:`nghttp3_qpack_token` or + * -1 if no token is defined for |name|. |flags| is bitwise OR of + * zero or more of :macro:`NGHTTP3_NV_FLAG_* `. + * + * The buffers for |name| and |value| are reference counted. If + * application needs to keep them, increment the reference count with + * `nghttp3_rcbuf_incref`. When they are no longer used, call + * `nghttp3_rcbuf_decref`. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_recv_header)(nghttp3_conn *conn, int64_t stream_id, + int32_t token, nghttp3_rcbuf *name, + nghttp3_rcbuf *value, uint8_t flags, + void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_end_headers` is a callback function which is invoked + * when an incoming HTTP field section has ended. + * + * If the stream ends with this HTTP field section, |fin| is set to + * nonzero. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_end_headers)(nghttp3_conn *conn, int64_t stream_id, + int fin, void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_end_stream` is a callback function which is invoked + * when the receiving side of stream is closed. For server, this + * callback function is invoked when HTTP request is received + * completely. For client, this callback function is invoked when + * HTTP response is received completely. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_end_stream)(nghttp3_conn *conn, int64_t stream_id, + void *conn_user_data, void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_stop_sending` is a callback function which is + * invoked when the library asks application to send STOP_SENDING to + * the stream identified by |stream_id|. QUIC application error code + * |app_error_code| indicates the reason for this action. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_stop_sending)(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, + void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_reset_stream` is a callback function which is + * invoked when the library asks application to reset stream + * identified by |stream_id|. QUIC application error code + * |app_error_code| indicates the reason for this action. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_reset_stream)(nghttp3_conn *conn, int64_t stream_id, + uint64_t app_error_code, + void *conn_user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_shutdown` is a callback function which is invoked + * when a shutdown is initiated by the remote endpoint. For client, + * |id| contains a stream ID of a client initiated stream, for server, + * it contains a push ID. All client streams with stream ID, or pushes + * with push ID equal to, or larger than |ID| are guaranteed to not be + * processed by the remote endpoint. Note that libnghttp3 does not + * implement Server Push. + * + * Parameter |id| for client can contain a special value + * :macro:`NGHTTP3_SHUTDOWN_NOTICE_STREAM_ID`, and for server it can + * contain special value + * :macro:`NGHTTP3_SHUTDOWN_NOTICE_PUSH_ID`. These values signal + * request for graceful shutdown of the connection, triggered by + * remote endpoint's invocation of + * `nghttp3_conn_submit_shutdown_notice`. + * + * It is possible that this callback is invoked multiple times on a + * single connection, however the |id| can only stay the same or + * decrease, never increase. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_shutdown)(nghttp3_conn *conn, int64_t id, + void *conn_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_recv_settings` is a callback function which is + * invoked when SETTINGS frame is received. |settings| is a received + * remote HTTP/3 settings. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_recv_settings)(nghttp3_conn *conn, + const nghttp3_settings *settings, + void *conn_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_recv_origin` is a callback function which is invoked + * when a single origin in ORIGIN frame is received. |origin| is a + * received origin of length |originlen|. |originlen| never be 0. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_recv_origin)(nghttp3_conn *conn, const uint8_t *origin, + size_t originlen, void *conn_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_end_origin` is a callback function which is invoked + * when an ORIGIN frame has been completely processed. + * + * The implementation of this callback must return 0 if it succeeds. + * Returning :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` will return to the + * caller immediately. Any values other than 0 is treated as + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + */ +typedef int (*nghttp3_end_origin)(nghttp3_conn *conn, void *conn_user_data); + +/** + * @functypedef + * + * :type:`nghttp3_rand` is a callback function which is invoked when + * unpredictable data of |destlen| bytes are needed. The + * implementation must write unpredictable data of |destlen| bytes + * into the buffer pointed by |dest|. + */ +typedef void (*nghttp3_rand)(uint8_t *dest, size_t destlen); + +#define NGHTTP3_CALLBACKS_V1 1 +#define NGHTTP3_CALLBACKS_V2 2 +#define NGHTTP3_CALLBACKS_VERSION NGHTTP3_CALLBACKS_V2 + +/** + * @struct + * + * :type:`nghttp3_callbacks` holds a set of callback functions. + */ +typedef struct nghttp3_callbacks { + /** + * :member:`acked_stream_data` is a callback function which is + * invoked when data sent on a particular stream have been + * acknowledged by a remote endpoint. + */ + nghttp3_acked_stream_data acked_stream_data; + /** + * :member:`stream_close` is a callback function which is invoked + * when a particular stream has closed. + */ + nghttp3_stream_close stream_close; + /** + * :member:`recv_data` is a callback function which is invoked when + * stream data is received. + */ + nghttp3_recv_data recv_data; + /** + * :member:`deferred_consume` is a callback function which is + * invoked when the library consumed data for a particular stream + * which had been blocked for synchronization between streams. + */ + nghttp3_deferred_consume deferred_consume; + /** + * :member:`begin_headers` is a callback function which is invoked + * when an HTTP header field section has started on a particular + * stream. + */ + nghttp3_begin_headers begin_headers; + /** + * :member:`recv_header` is a callback function which is invoked + * when a single HTTP header field is received on a particular + * stream. + */ + nghttp3_recv_header recv_header; + /** + * :member:`end_headers` is a callback function which is invoked + * when an HTTP header field section has ended on a particular + * stream. + */ + nghttp3_end_headers end_headers; + /** + * :member:`begin_trailers` is a callback function which is invoked + * when an HTTP trailer field section has started on a particular + * stream. + */ + nghttp3_begin_headers begin_trailers; + /** + * :member:`recv_trailer` is a callback function which is invoked + * when a single HTTP trailer field is received on a particular + * stream. + */ + nghttp3_recv_header recv_trailer; + /** + * :member:`end_trailers` is a callback function which is invoked + * when an HTTP trailer field section has ended on a particular + * stream. + */ + nghttp3_end_headers end_trailers; + /** + * :member:`stop_sending` is a callback function which is invoked + * when the library asks application to send STOP_SENDING to a + * particular stream. + */ + nghttp3_stop_sending stop_sending; + /** + * :member:`end_stream` is a callback function which is invoked when + * a receiving side of stream has been closed. + */ + nghttp3_end_stream end_stream; + /** + * :member:`reset_stream` is a callback function which is invoked + * when the library asks application to reset stream (by sending + * RESET_STREAM). + */ + nghttp3_reset_stream reset_stream; + /** + * :member:`shutdown` is a callback function which is invoked when + * the remote endpoint has signalled initiation of connection + * shutdown. + */ + nghttp3_shutdown shutdown; + /** + * :member:`recv_settings` is a callback function which is invoked + * when SETTINGS frame is received. + */ + nghttp3_recv_settings recv_settings; + /* The following fields have been added since NGHTTP3_CALLBACKS_V2. */ + /** + * :member:`recv_origin` is a callback function which is invoked + * when a single origin in an ORIGIN frame is received. This field + * is available since v1.11.0. + */ + nghttp3_recv_origin recv_origin; + /** + * :member:`end_origin` is a callback function which is invoked when + * an ORIGIN frame has been completely processed. This field is + * available since v1.11.0. + */ + nghttp3_end_origin end_origin; + /** + * :member:`rand` is a callback function which is invoked when + * unpredictable data are needed. Although this field is optional + * due to the backward compatibility, it is recommended to specify + * this field to harden the runtime behavior against suspicious + * activities of a remote endpoint. This field is available since + * v1.11.0. + */ + nghttp3_rand rand; +} nghttp3_callbacks; + +/** + * @function + * + * `nghttp3_settings_default` fills |settings| with the default + * values. + * + * - :member:`max_field_section_size + * ` = :expr:`((1ull << 62) - 1)` + * - :member:`qpack_max_dtable_capacity + * ` = 0 + * - :member:`qpack_encoder_max_dtable_capacity + * ` = 4096 + * - :member:`qpack_blocked_streams + * ` = 0 + * - :member:`enable_connect_protocol + * ` = 0 + */ +NGHTTP3_EXTERN void +nghttp3_settings_default_versioned(int settings_version, + nghttp3_settings *settings); + +/** + * @function + * + * `nghttp3_conn_client_new` creates :type:`nghttp3_conn`, and + * initializes it for client use. The pointer to the object is stored + * in |*pconn|. If |mem| is ``NULL``, the memory allocator returned + * by `nghttp3_mem_default` is used. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int +nghttp3_conn_client_new_versioned(nghttp3_conn **pconn, int callbacks_version, + const nghttp3_callbacks *callbacks, + int settings_version, + const nghttp3_settings *settings, + const nghttp3_mem *mem, void *conn_user_data); + +/** + * @function + * + * `nghttp3_conn_server_new` creates :type:`nghttp3_conn`, and + * initializes it for server use. The pointer to the object is stored + * in |*pconn|. If |mem| is ``NULL``, the memory allocator returned + * by `nghttp3_mem_default` is used. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int +nghttp3_conn_server_new_versioned(nghttp3_conn **pconn, int callbacks_version, + const nghttp3_callbacks *callbacks, + int settings_version, + const nghttp3_settings *settings, + const nghttp3_mem *mem, void *conn_user_data); + +/** + * @function + * + * `nghttp3_conn_del` frees resources allocated for |conn|. This + * function also frees memory pointed by |conn| itself. This function + * does nothing if |conn| is NULL. + */ +NGHTTP3_EXTERN void nghttp3_conn_del(nghttp3_conn *conn); + +/** + * @function + * + * `nghttp3_conn_bind_control_stream` binds stream denoted by + * |stream_id| to outgoing unidirectional control stream. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_STATE` + * Control stream has already corresponding stream ID. + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_bind_control_stream(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_bind_qpack_streams` binds stream denoted by + * |qenc_stream_id| to outgoing QPACK encoder stream, and stream + * denoted by |qdec_stream_id| to outgoing QPACK encoder stream. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_STATE` + * QPACK encoder/decoder stream have already corresponding stream + * IDs. + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_bind_qpack_streams(nghttp3_conn *conn, + int64_t qenc_stream_id, + int64_t qdec_stream_id); + +/** + * @function + * + * `nghttp3_conn_read_stream` reads data |src| of length |srclen| on + * stream identified by |stream_id|. It returns the number of bytes + * consumed. The "consumed" means that application can increase flow + * control credit (both stream and connection) of underlying QUIC + * connection by that amount. It does not include the amount of data + * carried by DATA frame which contains application data (excluding + * any control or QPACK unidirectional streams). See + * :type:`nghttp3_recv_data` to handle those bytes. If |fin| is + * nonzero, this is the last data from remote endpoint in this stream. + * + * This function returns the number of bytes consumed, or one of the + * following negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` + * User callback failed. + * + * It may return the other error codes. The negative error code means + * that |conn| encountered a connection error, and the connection must + * be closed. Calling nghttp3 API other than `nghttp3_conn_del` + * causes undefined behavior. + */ +NGHTTP3_EXTERN nghttp3_ssize nghttp3_conn_read_stream(nghttp3_conn *conn, + int64_t stream_id, + const uint8_t *src, + size_t srclen, int fin); + +/** + * @function + * + * `nghttp3_conn_writev_stream` stores stream data to send to |vec| of + * length |veccnt|, and returns the number of nghttp3_vec object in + * which it stored data. It stores stream ID to |*pstream_id|. An + * application has to call `nghttp3_conn_add_write_offset` to inform + * |conn| of the actual number of bytes that underlying QUIC stack + * accepted. |*pfin| will be nonzero if this is the last data to + * send. If there is no stream to write data or send fin, this + * function returns 0, and -1 is assigned to |*pstream_id|. This + * function may return 0, and |*pstream_id| is not -1, and |*pfin| is + * nonzero. It means 0 length data to |*pstream_id|, and it is the + * last data to the stream. They must be passed to QUIC stack, and + * they are accepted, the application has to call + * `nghttp3_conn_add_write_offset` with 0 byte. + * + * This function returns the number of bytes consumed, or one of the + * following negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` + * User callback failed. + * + * It may return the other error codes. The negative error code means + * that |conn| encountered a connection error, and the connection must + * be closed. Calling nghttp3 API other than `nghttp3_conn_del` + * causes undefined behavior. + */ +NGHTTP3_EXTERN nghttp3_ssize nghttp3_conn_writev_stream(nghttp3_conn *conn, + int64_t *pstream_id, + int *pfin, + nghttp3_vec *vec, + size_t veccnt); + +/** + * @function + * + * `nghttp3_conn_add_write_offset` tells |conn| the number of bytes + * |n| for stream denoted by |stream_id| QUIC stack accepted. + * + * If stream has no data to send but just sends fin (closing the write + * side of a stream), the number of bytes sent is 0. It is important + * to call this function even if |n| is 0 in this case. It is safe to + * call this function if |n| is 0. + * + * `nghttp3_conn_writev_stream` must be called before calling this + * function to get data to send, and those data must be fed into QUIC + * stack. + * + * If a stream denoted by |stream_id| is not found, this function + * returns 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_add_write_offset(nghttp3_conn *conn, + int64_t stream_id, size_t n); + +/** + * @function + * + * `nghttp3_conn_add_ack_offset` tells |conn| the number of bytes |n| + * for stream denoted by |stream_id| QUIC stack has acknowledged. + * + * If a stream denoted by |stream_id| is not found, this function + * returns 0. + * + * Alternatively, `nghttp3_conn_update_ack_offset` can be used to + * accomplish the same thing. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` + * User callback failed. + */ +NGHTTP3_EXTERN int nghttp3_conn_add_ack_offset(nghttp3_conn *conn, + int64_t stream_id, uint64_t n); + +/** + * @function + * + * `nghttp3_conn_update_ack_offset` tells |conn| that QUIC stack has + * acknowledged the stream data up to |offset| for a stream denoted by + * |stream_id|. + * + * If a stream denoted by |stream_id| is not found, this function + * returns 0. + * + * Alternatively, `nghttp3_conn_add_ack_offset` can be used to + * accomplish the same thing. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_ARGUMENT` + * |offset| is less than the number of bytes acknowledged so far. + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` + * User callback failed. + */ +NGHTTP3_EXTERN int nghttp3_conn_update_ack_offset(nghttp3_conn *conn, + int64_t stream_id, + uint64_t offset); + +/** + * @function + * + * `nghttp3_conn_block_stream` tells the library that stream + * identified by |stream_id| is blocked due to QUIC flow control. + */ +NGHTTP3_EXTERN void nghttp3_conn_block_stream(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_unblock_stream` tells the library that stream + * identified by |stream_id| which was blocked by QUIC flow control + * (see `nghttp3_conn_block_stream`) is unblocked. + * + * If a stream denoted by |stream_id| is not found, this function + * returns 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_unblock_stream(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_is_stream_writable` returns nonzero if a stream + * identified by |stream_id| is writable. It is not writable if: + * + * - the stream does not exist; or, + * - the stream is closed (e.g., `nghttp3_conn_close_stream` is + * called); or, + * - the stream is QUIC flow control blocked (e.g., + * `nghttp3_conn_block_stream` is called); or, + * - the stream is input data blocked (e.g., + * :macro:`NGHTTP3_ERR_WOULDBLOCK` is returned from + * :type:`nghttp3_read_data_callback`); or, + * - the stream is half-closed local (e.g., + * `nghttp3_conn_shutdown_stream_write` is called). + */ +NGHTTP3_EXTERN int nghttp3_conn_is_stream_writable(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_shutdown_stream_write` tells the library that any + * further write operation to stream identified by |stream_id| is + * prohibited. This works like `nghttp3_conn_block_stream`, but it + * cannot be unblocked by `nghttp3_conn_unblock_stream`. + */ +NGHTTP3_EXTERN void nghttp3_conn_shutdown_stream_write(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_shutdown_stream_read` tells the library that + * read-side of stream denoted by |stream_id| is abruptly closed, and + * any further incoming data and pending stream data should be + * discarded. + * + * If a stream denoted by |stream_id| is not client bidirectional + * stream, this function returns 0. If the stream has already + * shutdown read-side stream, this function returns 0. + * + * This function does not fail if a stream denoted by |stream_id| is + * not found, although it may fail with the other reasons. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + * :macro:`NGHTTP3_ERR_QPACK_FATAL` + * QPACK decoder stream overflow. + */ +NGHTTP3_EXTERN int nghttp3_conn_shutdown_stream_read(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_resume_stream` resumes stream identified by + * |stream_id| which was previously unable to provide data. See + * :type:`nghttp3_read_data_callback`. + * + * If a stream denoted by |stream_id| is not found, this function + * returns 0. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_resume_stream(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_close_stream` tells the library that a stream + * identified by |stream_id| has been closed. QUIC application error + * code |app_error_code| is the reason of the closure. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found. + * :macro:`NGHTTP3_ERR_H3_CLOSED_CRITICAL_STREAM` + * A critical stream is closed. + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE` + * User callback failed + */ +NGHTTP3_EXTERN int nghttp3_conn_close_stream(nghttp3_conn *conn, + int64_t stream_id, + uint64_t app_error_code); + +/** + * @macrosection + * + * Data flags + */ + +/** + * @macro + * + * :macro:`NGHTTP3_DATA_FLAG_NONE` indicates no flag set. + */ +#define NGHTTP3_DATA_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGHTTP3_DATA_FLAG_EOF` indicates that all request or + * response body has been provided to the library. It also indicates + * that sending side of stream is closed unless + * :macro:`NGHTTP3_DATA_FLAG_NO_END_STREAM` is given at the same time. + */ +#define NGHTTP3_DATA_FLAG_EOF 0x01u + +/** + * @macro + * + * :macro:`NGHTTP3_DATA_FLAG_NO_END_STREAM` indicates that sending + * side of stream is not closed even if :macro:`NGHTTP3_DATA_FLAG_EOF` + * is set. Usually this flag is used to send trailer fields with + * `nghttp3_conn_submit_trailers`. If `nghttp3_conn_submit_trailers` + * has been called, regardless of this flag, the submitted trailer + * fields are sent. + */ +#define NGHTTP3_DATA_FLAG_NO_END_STREAM 0x02u + +/** + * @function + * + * `nghttp3_conn_set_max_client_streams_bidi` tells |conn| the + * cumulative number of bidirectional streams that client can open. + */ +NGHTTP3_EXTERN void +nghttp3_conn_set_max_client_streams_bidi(nghttp3_conn *conn, + uint64_t max_streams); + +/** + * @function + * + * `nghttp3_conn_set_max_concurrent_streams` tells |conn| the maximum + * number of concurrent streams that a remote endpoint can open, + * including both bidirectional and unidirectional streams which + * potentially receive QPACK encoded HEADERS frame. This value is + * used as a hint to limit the internal resource consumption. + */ +NGHTTP3_EXTERN void +nghttp3_conn_set_max_concurrent_streams(nghttp3_conn *conn, + size_t max_concurrent_streams); + +/** + * @functypedef + * + * :type:`nghttp3_read_data_callback` is a callback function invoked + * when the library asks an application to provide stream data for a + * stream denoted by |stream_id|. + * + * The library provides |vec| of length |veccnt| to the application. + * The application should fill data and its length to |vec|. It has + * to return the number of the filled objects. The application must + * retain data until they are safe to free. It is notified by + * :type:`nghttp3_acked_stream_data` callback. + * + * If this is the last data to send (or there is no data to send + * because all data have been sent already), set + * :macro:`NGHTTP3_DATA_FLAG_EOF` to |*pflags|. + * + * If the application is unable to provide data temporarily, return + * :macro:`NGHTTP3_ERR_WOULDBLOCK`. When it is ready to provide data, + * call `nghttp3_conn_resume_stream`. + * + * The callback should return the number of objects in |vec| that the + * application filled if it succeeds, or + * :macro:`NGHTTP3_ERR_CALLBACK_FAILURE`. + * + * TODO Add NGHTTP3_ERR_TEMPORAL_CALLBACK_FAILURE to reset just this + * stream. + */ +typedef nghttp3_ssize (*nghttp3_read_data_callback)( + nghttp3_conn *conn, int64_t stream_id, nghttp3_vec *vec, size_t veccnt, + uint32_t *pflags, void *conn_user_data, void *stream_user_data); + +/** + * @struct + * + * :type:`nghttp3_data_reader` specifies the way how to generate + * request or response body. + */ +typedef struct nghttp3_data_reader { + /** + * :member:`read_data` is a callback function to generate body. + */ + nghttp3_read_data_callback read_data; +} nghttp3_data_reader; + +/** + * @function + * + * `nghttp3_conn_submit_request` submits HTTP request header fields + * and body on the stream identified by |stream_id|. |stream_id| must + * be a client initiated bidirectional stream. Only client can submit + * HTTP request. |nva| of length |nvlen| specifies HTTP request + * header fields. |dr| specifies a request body. If there is no + * request body, specify NULL. If |dr| is NULL, it implies the end of + * stream. |stream_user_data| is an opaque pointer attached to the + * stream. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_CONN_CLOSING` + * Connection is shutting down, and no new stream is allowed. + * :macro:`NGHTTP3_ERR_STREAM_IN_USE` + * Stream has already been opened. + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_submit_request( + nghttp3_conn *conn, int64_t stream_id, const nghttp3_nv *nva, size_t nvlen, + const nghttp3_data_reader *dr, void *stream_user_data); + +/** + * @function + * + * `nghttp3_conn_submit_info` submits HTTP non-final response header + * fields on the stream identified by |stream_id|. |nva| of length + * |nvlen| specifies HTTP response header fields. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_submit_info(nghttp3_conn *conn, + int64_t stream_id, + const nghttp3_nv *nva, + size_t nvlen); + +/** + * @function + * + * `nghttp3_conn_submit_response` submits HTTP response header fields + * and body on the stream identified by |stream_id|. |nva| of length + * |nvlen| specifies HTTP response header fields. |dr| specifies a + * response body. If there is no response body, specify NULL. If + * |dr| is NULL, it implies the end of stream. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_submit_response(nghttp3_conn *conn, + int64_t stream_id, + const nghttp3_nv *nva, + size_t nvlen, + const nghttp3_data_reader *dr); + +/** + * @function + * + * `nghttp3_conn_submit_trailers` submits HTTP trailer fields on the + * stream identified by |stream_id|. |nva| of length |nvlen| + * specifies HTTP trailer fields. Calling this function implies the + * end of stream. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found + * :macro:`NGHTTP3_ERR_INVALID_STATE` + * Application has already submitted fin to stream. + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_submit_trailers(nghttp3_conn *conn, + int64_t stream_id, + const nghttp3_nv *nva, + size_t nvlen); + +/** + * @function + * + * `nghttp3_conn_submit_shutdown_notice` notifies the other endpoint + * to stop creating new stream. After a couple of RTTs later, call + * `nghttp3_conn_shutdown` to start graceful shutdown. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_submit_shutdown_notice(nghttp3_conn *conn); + +/** + * @function + * + * `nghttp3_conn_shutdown` starts graceful shutdown. It should be + * called after `nghttp3_conn_submit_shutdown_notice` and a couple of + * RTTs. After calling this function, the local endpoint starts + * rejecting new incoming streams. The existing streams are processed + * normally. See also `nghttp3_conn_is_drained`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_shutdown(nghttp3_conn *conn); + +/** + * @function + * + * `nghttp3_conn_set_stream_user_data` sets |stream_user_data| to the + * stream identified by |stream_id|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found. + */ +NGHTTP3_EXTERN int nghttp3_conn_set_stream_user_data(nghttp3_conn *conn, + int64_t stream_id, + void *stream_user_data); + +/** + * @function + * + * `nghttp3_conn_get_frame_payload_left` returns the number of bytes + * left to read current frame payload for a stream denoted by + * |stream_id|. If no such stream is found, or |stream_id| identifies + * neither client bidirectional stream nor remote control stream, it + * returns 0. + */ +NGHTTP3_EXTERN uint64_t nghttp3_conn_get_frame_payload_left(nghttp3_conn *conn, + int64_t stream_id); + +/** + * @macrosection + * + * HTTP stream priority flags + */ + +/** + * @macro + * + * :macro:`NGHTTP3_DEFAULT_URGENCY` is the default urgency level. + */ +#define NGHTTP3_DEFAULT_URGENCY 3 + +/** + * @macro + * + * :macro:`NGHTTP3_URGENCY_HIGH` is the highest urgency level. + */ +#define NGHTTP3_URGENCY_HIGH 0 + +/** + * @macro + * + * :macro:`NGHTTP3_URGENCY_LOW` is the lowest urgency level. + */ +#define NGHTTP3_URGENCY_LOW 7 + +/** + * @macro + * + * :macro:`NGHTTP3_URGENCY_LEVELS` is the number of urgency levels. + */ +#define NGHTTP3_URGENCY_LEVELS (NGHTTP3_URGENCY_LOW + 1) + +#define NGHTTP3_PRI_V1 1 +#define NGHTTP3_PRI_VERSION NGHTTP3_PRI_V1 + +/** + * @struct + * + * :type:`nghttp3_pri` represents HTTP priority. + */ +typedef struct NGHTTP3_ALIGN(8) nghttp3_pri { + /** + * :member:`urgency` is the urgency of a stream, it must be in + * [:macro:`NGHTTP3_URGENCY_HIGH`, :macro:`NGHTTP3_URGENCY_LOW`], + * inclusive, and 0 is the highest urgency. + */ + uint32_t urgency; + /** + * :member:`inc` indicates that a content can be processed + * incrementally or not. If it is 0, it cannot be processed + * incrementally. If it is 1, it can be processed incrementally. + * Other value is not permitted. + */ + uint8_t inc; +} nghttp3_pri; + +/** + * @function + * + * `nghttp3_conn_get_stream_priority` stores stream priority of a + * stream denoted by |stream_id| into |*dest|. |stream_id| must + * identify client initiated bidirectional stream. Only server can + * use this function. + * + * This function must not be called if |conn| is initialized as + * client. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_ARGUMENT` + * |stream_id| is not a client initiated bidirectional stream ID. + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found. + */ +NGHTTP3_EXTERN int nghttp3_conn_get_stream_priority_versioned( + nghttp3_conn *conn, int pri_version, nghttp3_pri *dest, int64_t stream_id); + +/** + * @function + * + * `nghttp3_conn_set_client_stream_priority` updates priority of a + * stream denoted by |stream_id| with the value pointed by |data| of + * length |datalen|, which should be a serialized :rfc:`9218` priority + * field value. |stream_id| must identify client initiated + * bidirectional stream. + * + * This function must not be called if |conn| is initialized as + * server. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_ARGUMENT` + * |stream_id| is not a client initiated bidirectional stream ID. + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found. + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_set_client_stream_priority(nghttp3_conn *conn, + int64_t stream_id, + const uint8_t *data, + size_t datalen); + +/** + * @function + * + * `nghttp3_conn_set_server_stream_priority` updates priority of a + * stream denoted by |stream_id| with the value pointed by |pri|. + * |stream_id| must identify client initiated bidirectional stream. + * + * This function must not be called if |conn| is initialized as + * client. + * + * This function completely overrides stream priority set by client, + * and any attempts to update priority by client are ignored. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_ARGUMENT` + * |stream_id| is not a client initiated bidirectional stream ID. + * :macro:`NGHTTP3_ERR_STREAM_NOT_FOUND` + * Stream not found. + * :macro:`NGHTTP3_ERR_NOMEM` + * Out of memory. + */ +NGHTTP3_EXTERN int nghttp3_conn_set_server_stream_priority_versioned( + nghttp3_conn *conn, int64_t stream_id, int pri_version, + const nghttp3_pri *pri); + +/** + * @function + * + * `nghttp3_vec_len` returns the sum of length in |vec| of |cnt| + * elements. + */ +NGHTTP3_EXTERN uint64_t nghttp3_vec_len(const nghttp3_vec *vec, size_t cnt); + +/** + * @function + * + * `nghttp3_check_header_name` returns nonzero if HTTP field name + * |name| of length |len| is valid according to + * :rfc:`7230#section-3.2`. + * + * Because this is an HTTP field name in HTTP/3, the upper cased + * alphabet is treated as error. + */ +NGHTTP3_EXTERN int nghttp3_check_header_name(const uint8_t *name, size_t len); + +/** + * @function + * + * `nghttp3_check_header_value` returns nonzero if HTTP field value + * |value| of length |len| is valid according to + * :rfc:`7230#section-3.2`. + */ +NGHTTP3_EXTERN int nghttp3_check_header_value(const uint8_t *value, size_t len); + +/** + * @function + * + * `nghttp3_conn_is_drained` returns nonzero if + * `nghttp3_conn_shutdown` has been called, and there is no active + * remote streams. This function is for server use only. + */ +NGHTTP3_EXTERN int nghttp3_conn_is_drained(nghttp3_conn *conn); + +/** + * @function + * + * `nghttp3_pri_parse_priority` parses Priority header field value + * pointed by |value| of length |len|, and stores the result in the + * object pointed by |dest|. Priority header field is defined in + * :rfc:`9218`. + * + * This function does not initialize the object pointed by |dest| + * before storing the result. It only assigns the values that the + * parser correctly extracted to fields. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGHTTP3_ERR_INVALID_ARGUMENT` + * Failed to parse the header field value. + */ +NGHTTP3_EXTERN int nghttp3_pri_parse_priority_versioned(int pri_version, + nghttp3_pri *dest, + const uint8_t *value, + size_t len); + +/** + * @macrosection + * + * nghttp3_info flags + */ + +/** + * @macro + * + * :macro:`NGHTTP3_VERSION_AGE` is the age of :type:`nghttp3_info`. + */ +#define NGHTTP3_VERSION_AGE 1 + +/** + * @struct + * + * :type:`nghttp3_info` is what `nghttp3_version` returns. It holds + * information about the particular nghttp3 version. + */ +typedef struct nghttp3_info { + /** + * :member:`age` is the age of this struct. This instance of + * nghttp3 sets it to :macro:`NGHTTP3_VERSION_AGE` but a future + * version may bump it and add more struct fields at the bottom + */ + int age; + /** + * :member:`version_num` is the :macro:`NGHTTP3_VERSION_NUM` number + * (since age == 1) + */ + int version_num; + /** + * :member:`version_str` points to the :macro:`NGHTTP3_VERSION` + * string (since age ==1) + */ + const char *version_str; + /* -------- the above fields all exist when age == 1 */ +} nghttp3_info; + +/** + * @function + * + * `nghttp3_version` returns a pointer to a :type:`nghttp3_info` + * struct with version information about the run-time library in use. + * The |least_version| argument can be set to a 24 bit numerical value + * for the least accepted version number, and if the condition is not + * met, this function will return a ``NULL``. Pass in 0 to skip the + * version checking. + */ +NGHTTP3_EXTERN const nghttp3_info *nghttp3_version(int least_version); + +/** + * @function + * + * `nghttp3_err_is_fatal` returns nonzero if |liberr| is a fatal + * error. |liberr| must be one of nghttp3 library error codes (which + * is defined as NGHTTP3_ERR_* macro, such as + * :macro:`NGHTTP3_ERR_NOMEM`). + */ +NGHTTP3_EXTERN int nghttp3_err_is_fatal(int liberr); + +/* + * Versioned function wrappers + */ + +/* + * `nghttp3_settings_default` is a wrapper around + * `nghttp3_settings_default_versioned` to set the correct struct + * version. + */ +#define nghttp3_settings_default(SETTINGS) \ + nghttp3_settings_default_versioned(NGHTTP3_SETTINGS_VERSION, (SETTINGS)) + +/* + * `nghttp3_conn_client_new` is a wrapper around + * `nghttp3_conn_client_new_versioned` to set the correct struct + * version. + */ +#define nghttp3_conn_client_new(PCONN, CALLBACKS, SETTINGS, MEM, USER_DATA) \ + nghttp3_conn_client_new_versioned((PCONN), NGHTTP3_CALLBACKS_VERSION, \ + (CALLBACKS), NGHTTP3_SETTINGS_VERSION, \ + (SETTINGS), (MEM), (USER_DATA)) + +/* + * `nghttp3_conn_server_new` is a wrapper around + * `nghttp3_conn_server_new_versioned` to set the correct struct + * version. + */ +#define nghttp3_conn_server_new(PCONN, CALLBACKS, SETTINGS, MEM, USER_DATA) \ + nghttp3_conn_server_new_versioned((PCONN), NGHTTP3_CALLBACKS_VERSION, \ + (CALLBACKS), NGHTTP3_SETTINGS_VERSION, \ + (SETTINGS), (MEM), (USER_DATA)) + +/* + * `nghttp3_conn_set_server_stream_priority` is a wrapper around + * `nghttp3_conn_set_server_stream_priority_versioned` to set the + * correct struct version. + */ +#define nghttp3_conn_set_server_stream_priority(CONN, STREAM_ID, PRI) \ + nghttp3_conn_set_server_stream_priority_versioned( \ + (CONN), (STREAM_ID), NGHTTP3_PRI_VERSION, (PRI)) + +/* + * `nghttp3_conn_get_stream_priority` is a wrapper around + * `nghttp3_conn_get_stream_priority_versioned` to set the correct + * struct version. + */ +#define nghttp3_conn_get_stream_priority(CONN, DEST, STREAM_ID) \ + nghttp3_conn_get_stream_priority_versioned((CONN), NGHTTP3_PRI_VERSION, \ + (DEST), (STREAM_ID)) + +/* + * `nghttp3_pri_parse_priority` is a wrapper around + * `nghttp3_pri_parse_priority_versioned` to set the correct struct + * version. + */ +#define nghttp3_pri_parse_priority(DEST, VALUE, LEN) \ + nghttp3_pri_parse_priority_versioned(NGHTTP3_PRI_VERSION, (DEST), (VALUE), \ + (LEN)) + +#ifdef __cplusplus +} +#endif /* defined(__cplusplus) */ + +#endif /* !defined(NGHTTP3_H) */ diff --git a/includes/curl/nghttp3/version.h b/includes/curl/nghttp3/version.h new file mode 100644 index 0000000..bd442b8 --- /dev/null +++ b/includes/curl/nghttp3/version.h @@ -0,0 +1,46 @@ +/* + * nghttp3 + * + * Copyright (c) 2019 nghttp3 contributors + * Copyright (c) 2016 ngtcp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGHTTP3_VERSION_H +#define NGHTTP3_VERSION_H + +/** + * @macro + * + * Version number of the nghttp3 library release. + */ +#define NGHTTP3_VERSION "1.11.0" + +/** + * @macro + * + * Numerical representation of the version number of the nghttp3 + * library release. This is a 24 bit number with 8 bits for major + * number, 8 bits for minor and 8 bits for patch. Version 1.2.3 + * becomes 0x010203. + */ +#define NGHTTP3_VERSION_NUM 0x010b00 + +#endif /* !defined(NGHTTP3_VERSION_H) */ diff --git a/includes/curl/ngtcp2/ngtcp2.h b/includes/curl/ngtcp2/ngtcp2.h new file mode 100644 index 0000000..b0cc867 --- /dev/null +++ b/includes/curl/ngtcp2/ngtcp2.h @@ -0,0 +1,5999 @@ +/* + * ngtcp2 + * + * Copyright (c) 2017 ngtcp2 contributors + * Copyright (c) 2017 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGTCP2_H +#define NGTCP2_H + +/* Define WIN32 when build target is Win32 API (borrowed from + libcurl) */ +#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) +# define WIN32 +#endif /* (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32) */ + +#ifdef _MSC_VER +# pragma warning(push) +# pragma warning(disable : 4324) +#endif /* defined(_MSC_VER) */ + +#include +#if defined(_MSC_VER) && (_MSC_VER < 1800) +/* MSVC < 2013 does not have inttypes.h because it is not C99 + compliant. See compiler macros and version number in + https://sourceforge.net/p/predef/wiki/Compilers/ */ +# include +#else /* !(defined(_MSC_VER) && (_MSC_VER < 1800)) */ +# include +#endif /* !(defined(_MSC_VER) && (_MSC_VER < 1800)) */ +#include +#include +#include + +#ifndef NGTCP2_USE_GENERIC_SOCKADDR +# ifdef WIN32 +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif /* !defined(WIN32_LEAN_AND_MEAN) */ +# include +# else /* !defined(WIN32) */ +# include +# include +# endif /* !defined(WIN32) */ +#endif /* !defined(NGTCP2_USE_GENERIC_SOCKADDR) */ + +#include + +#ifdef NGTCP2_STATICLIB +# define NGTCP2_EXTERN +#elif defined(WIN32) +# ifdef BUILDING_NGTCP2 +# define NGTCP2_EXTERN __declspec(dllexport) +# else /* !defined(BUILDING_NGTCP2) */ +# define NGTCP2_EXTERN __declspec(dllimport) +# endif /* !defined(BUILDING_NGTCP2) */ +#else /* !(defined(NGTCP2_STATICLIB) || defined(WIN32)) */ +# ifdef BUILDING_NGTCP2 +# define NGTCP2_EXTERN __attribute__((visibility("default"))) +# else /* !defined(BUILDING_NGTCP2) */ +# define NGTCP2_EXTERN +# endif /* !defined(BUILDING_NGTCP2) */ +#endif /* !(defined(NGTCP2_STATICLIB) || defined(WIN32)) */ + +#ifdef _MSC_VER +# define NGTCP2_ALIGN(N) __declspec(align(N)) +#else /* !defined(_MSC_VER) */ +# define NGTCP2_ALIGN(N) __attribute__((aligned(N))) +#endif /* !defined(_MSC_VER) */ + +#ifdef __cplusplus +extern "C" { +#endif /* defined(__cplusplus) */ + +/** + * @typedef + * + * :type:`ngtcp2_ssize` is signed counterpart of size_t. + */ +typedef ptrdiff_t ngtcp2_ssize; + +/** + * @functypedef + * + * :type:`ngtcp2_malloc` is a custom memory allocator to replace + * :manpage:`malloc(3)`. The |user_data| is + * :member:`ngtcp2_mem.user_data`. + */ +typedef void *(*ngtcp2_malloc)(size_t size, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_free` is a custom memory allocator to replace + * :manpage:`free(3)`. The |user_data| is + * :member:`ngtcp2_mem.user_data`. + */ +typedef void (*ngtcp2_free)(void *ptr, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_calloc` is a custom memory allocator to replace + * :manpage:`calloc(3)`. The |user_data| is the + * :member:`ngtcp2_mem.user_data`. + */ +typedef void *(*ngtcp2_calloc)(size_t nmemb, size_t size, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_realloc` is a custom memory allocator to replace + * :manpage:`realloc(3)`. The |user_data| is the + * :member:`ngtcp2_mem.user_data`. + */ +typedef void *(*ngtcp2_realloc)(void *ptr, size_t size, void *user_data); + +/** + * @struct + * + * :type:`ngtcp2_mem` is a custom memory allocator. The + * :member:`user_data` field is passed to each allocator function. + * This can be used, for example, to achieve per-connection memory + * pool. + * + * In the following example code, ``my_malloc``, ``my_free``, + * ``my_calloc`` and ``my_realloc`` are the replacement of the + * standard allocators :manpage:`malloc(3)`, :manpage:`free(3)`, + * :manpage:`calloc(3)` and :manpage:`realloc(3)` respectively:: + * + * void *my_malloc_cb(size_t size, void *user_data) { + * (void)user_data; + * return my_malloc(size); + * } + * + * void my_free_cb(void *ptr, void *user_data) { + * (void)user_data; + * my_free(ptr); + * } + * + * void *my_calloc_cb(size_t nmemb, size_t size, void *user_data) { + * (void)user_data; + * return my_calloc(nmemb, size); + * } + * + * void *my_realloc_cb(void *ptr, size_t size, void *user_data) { + * (void)user_data; + * return my_realloc(ptr, size); + * } + * + * void conn_new() { + * ngtcp2_mem mem = { + * .malloc = my_malloc_cb, + * .free = my_free_cb, + * .calloc = my_calloc_cb, + * .realloc = my_realloc_cb, + * }; + * + * ... + * } + */ +typedef struct ngtcp2_mem { + /** + * :member:`user_data` is an arbitrary user supplied data. This + * is passed to each allocator function. + */ + void *user_data; + /** + * :member:`malloc` is a custom allocator function to replace + * :manpage:`malloc(3)`. + */ + ngtcp2_malloc malloc; + /** + * :member:`free` is a custom allocator function to replace + * :manpage:`free(3)`. + */ + ngtcp2_free free; + /** + * :member:`calloc` is a custom allocator function to replace + * :manpage:`calloc(3)`. + */ + ngtcp2_calloc calloc; + /** + * :member:`realloc` is a custom allocator function to replace + * :manpage:`realloc(3)`. + */ + ngtcp2_realloc realloc; +} ngtcp2_mem; + +/** + * @macrosection + * + * Time related macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_NANOSECONDS` is a count of tick which corresponds to + * 1 nanosecond. + */ +#define NGTCP2_NANOSECONDS ((ngtcp2_duration)1ULL) + +/** + * @macro + * + * :macro:`NGTCP2_MICROSECONDS` is a count of tick which corresponds + * to 1 microsecond. + */ +#define NGTCP2_MICROSECONDS ((ngtcp2_duration)(1000ULL * NGTCP2_NANOSECONDS)) + +/** + * @macro + * + * :macro:`NGTCP2_MILLISECONDS` is a count of tick which corresponds + * to 1 millisecond. + */ +#define NGTCP2_MILLISECONDS ((ngtcp2_duration)(1000ULL * NGTCP2_MICROSECONDS)) + +/** + * @macro + * + * :macro:`NGTCP2_SECONDS` is a count of tick which corresponds to 1 + * second. + */ +#define NGTCP2_SECONDS ((ngtcp2_duration)(1000ULL * NGTCP2_MILLISECONDS)) + +/** + * @macro + * + * :macro:`NGTCP2_MINUTES` is a count of tick which corresponds to 1 + * minute. + */ +#define NGTCP2_MINUTES ((ngtcp2_duration)(60ULL * NGTCP2_SECONDS)) + +/** + * @macrosection + * + * QUIC protocol version macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_PROTO_VER_V1` is the QUIC version 1. + */ +#define NGTCP2_PROTO_VER_V1 ((uint32_t)0x00000001u) + +/** + * @macro + * + * :macro:`NGTCP2_PROTO_VER_V2` is the QUIC version 2. See + * :rfc:`9369`. + */ +#define NGTCP2_PROTO_VER_V2 ((uint32_t)0x6b3343cfu) + +/** + * @macro + * + * :macro:`NGTCP2_PROTO_VER_MAX` is the highest QUIC version that this + * library supports. Deprecated since v1.1.0. + */ +#define NGTCP2_PROTO_VER_MAX NGTCP2_PROTO_VER_V1 + +/** + * @macro + * + * :macro:`NGTCP2_PROTO_VER_MIN` is the lowest QUIC version that this + * library supports. Deprecated since v1.1.0. + */ +#define NGTCP2_PROTO_VER_MIN NGTCP2_PROTO_VER_V1 + +/** + * @macro + * + * :macro:`NGTCP2_RESERVED_VERSION_MASK` is the bit mask of reserved + * version. + */ +#define NGTCP2_RESERVED_VERSION_MASK 0x0a0a0a0au + +/** + * @macrosection + * + * UDP datagram related macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_MAX_UDP_PAYLOAD_SIZE` is the default maximum UDP + * datagram payload size that the local endpoint transmits. + */ +#define NGTCP2_MAX_UDP_PAYLOAD_SIZE 1200 + +/** + * @macro + * + * :macro:`NGTCP2_MAX_PMTUD_UDP_PAYLOAD_SIZE` is the maximum UDP + * datagram payload size that Path MTU Discovery can discover. + */ +#define NGTCP2_MAX_PMTUD_UDP_PAYLOAD_SIZE 1452 + +/** + * @macrosection + * + * QUIC specific macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_MAX_VARINT` is the maximum value which can be + * encoded in variable-length integer encoding. + */ +#define NGTCP2_MAX_VARINT ((1ULL << 62) - 1) + +/** + * @macro + * + * :macro:`NGTCP2_STATELESS_RESET_TOKENLEN` is the length of Stateless + * Reset Token. + */ +#define NGTCP2_STATELESS_RESET_TOKENLEN 16 + +/** + * @macro + * + * :macro:`NGTCP2_MIN_STATELESS_RESET_RANDLEN` is the minimum length + * of random bytes (Unpredictable Bits) in Stateless Reset packet. + */ +#define NGTCP2_MIN_STATELESS_RESET_RANDLEN 5 + +/** + * @macro + * + * :macro:`NGTCP2_PATH_CHALLENGE_DATALEN` is the length of + * PATH_CHALLENGE data. + */ +#define NGTCP2_PATH_CHALLENGE_DATALEN 8 + +/** + * @macro + * + * :macro:`NGTCP2_RETRY_KEY_V1` is an encryption key to create + * integrity tag of Retry packet. It is used for QUIC v1. + */ +#define NGTCP2_RETRY_KEY_V1 \ + "\xbe\x0c\x69\x0b\x9f\x66\x57\x5a\x1d\x76\x6b\x54\xe3\x68\xc8\x4e" + +/** + * @macro + * + * :macro:`NGTCP2_RETRY_NONCE_V1` is nonce used when generating + * integrity tag of Retry packet. It is used for QUIC v1. + */ +#define NGTCP2_RETRY_NONCE_V1 "\x46\x15\x99\xd3\x5d\x63\x2b\xf2\x23\x98\x25\xbb" + +/** + * @macro + * + * :macro:`NGTCP2_RETRY_KEY_V2` is an encryption key to create + * integrity tag of Retry packet. It is used for QUIC v2. See + * :rfc:`9369`. + */ +#define NGTCP2_RETRY_KEY_V2 \ + "\x8f\xb4\xb0\x1b\x56\xac\x48\xe2\x60\xfb\xcb\xce\xad\x7c\xcc\x92" + +/** + * @macro + * + * :macro:`NGTCP2_RETRY_NONCE_V2` is nonce used when generating + * integrity tag of Retry packet. It is used for QUIC v2. See + * :rfc:`9369`. + */ +#define NGTCP2_RETRY_NONCE_V2 "\xd8\x69\x69\xbc\x2d\x7c\x6d\x99\x90\xef\xb0\x4a" + +/** + * @macro + * + * :macro:`NGTCP2_HP_MASKLEN` is the length of header protection mask. + */ +#define NGTCP2_HP_MASKLEN 5 + +/** + * @macro + * + * :macro:`NGTCP2_HP_SAMPLELEN` is the number bytes sampled when + * encrypting a packet header. + */ +#define NGTCP2_HP_SAMPLELEN 16 + +/** + * @macro + * + * :macro:`NGTCP2_DEFAULT_INITIAL_RTT` is a default initial RTT. + */ +#define NGTCP2_DEFAULT_INITIAL_RTT (333 * NGTCP2_MILLISECONDS) + +/** + * @macro + * + * :macro:`NGTCP2_MAX_CIDLEN` is the maximum length of Connection ID. + */ +#define NGTCP2_MAX_CIDLEN 20 + +/** + * @macro + * + * :macro:`NGTCP2_MIN_CIDLEN` is the minimum length of Connection ID. + */ +#define NGTCP2_MIN_CIDLEN 1 + +/** + * @macro + * + * :macro:`NGTCP2_MIN_INITIAL_DCIDLEN` is the minimum length of + * Destination Connection ID in Client Initial packet if it does not + * bear token from Retry packet. + */ +#define NGTCP2_MIN_INITIAL_DCIDLEN 8 + +/** + * @macrosection + * + * ECN related macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_ECN_NOT_ECT` indicates no ECN marking. + */ +#define NGTCP2_ECN_NOT_ECT 0x0 + +/** + * @macro + * + * :macro:`NGTCP2_ECN_ECT_1` is ECT(1) codepoint. + */ +#define NGTCP2_ECN_ECT_1 0x1 + +/** + * @macro + * + * :macro:`NGTCP2_ECN_ECT_0` is ECT(0) codepoint. + */ +#define NGTCP2_ECN_ECT_0 0x2 + +/** + * @macro + * + * :macro:`NGTCP2_ECN_CE` is CE codepoint. + */ +#define NGTCP2_ECN_CE 0x3 + +/** + * @macro + * + * :macro:`NGTCP2_ECN_MASK` is a bit mask to get ECN marking. + */ +#define NGTCP2_ECN_MASK 0x3 + +#define NGTCP2_PKT_INFO_V1 1 +#define NGTCP2_PKT_INFO_VERSION NGTCP2_PKT_INFO_V1 + +/** + * @struct + * + * :type:`ngtcp2_pkt_info` is a packet metadata. + */ +typedef struct NGTCP2_ALIGN(8) ngtcp2_pkt_info { + /** + * :member:`ecn` is ECN marking, and when it is passed to + * `ngtcp2_conn_read_pkt()`, it should be either + * :macro:`NGTCP2_ECN_NOT_ECT`, :macro:`NGTCP2_ECN_ECT_1`, + * :macro:`NGTCP2_ECN_ECT_0`, or :macro:`NGTCP2_ECN_CE`. + */ + uint8_t ecn; +} ngtcp2_pkt_info; + +/** + * @macrosection + * + * ngtcp2 library error codes + */ + +/** + * @macro + * + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` indicates that a passed + * argument is invalid. + */ +#define NGTCP2_ERR_INVALID_ARGUMENT -201 +/** + * @macro + * + * :macro:`NGTCP2_ERR_NOBUF` indicates that a provided buffer does not + * have enough space to store data. + */ +#define NGTCP2_ERR_NOBUF -202 +/** + * @macro + * + * :macro:`NGTCP2_ERR_PROTO` indicates a general protocol error. + */ +#define NGTCP2_ERR_PROTO -203 +/** + * @macro + * + * :macro:`NGTCP2_ERR_INVALID_STATE` indicates that a requested + * operation is not allowed at the current connection state. + */ +#define NGTCP2_ERR_INVALID_STATE -204 +/** + * @macro + * + * :macro:`NGTCP2_ERR_ACK_FRAME` indicates that an invalid ACK frame + * is received. + */ +#define NGTCP2_ERR_ACK_FRAME -205 +/** + * @macro + * + * :macro:`NGTCP2_ERR_STREAM_ID_BLOCKED` indicates that there is no + * spare stream ID available. + */ +#define NGTCP2_ERR_STREAM_ID_BLOCKED -206 +/** + * @macro + * + * :macro:`NGTCP2_ERR_STREAM_IN_USE` indicates that a stream ID is + * already in use. + */ +#define NGTCP2_ERR_STREAM_IN_USE -207 +/** + * @macro + * + * :macro:`NGTCP2_ERR_STREAM_DATA_BLOCKED` indicates that stream data + * cannot be sent because of flow control. + */ +#define NGTCP2_ERR_STREAM_DATA_BLOCKED -208 +/** + * @macro + * + * :macro:`NGTCP2_ERR_FLOW_CONTROL` indicates flow control error. + */ +#define NGTCP2_ERR_FLOW_CONTROL -209 +/** + * @macro + * + * :macro:`NGTCP2_ERR_CONNECTION_ID_LIMIT` indicates that the number + * of received Connection ID exceeds acceptable limit. + */ +#define NGTCP2_ERR_CONNECTION_ID_LIMIT -210 +/** + * @macro + * + * :macro:`NGTCP2_ERR_STREAM_LIMIT` indicates that a remote endpoint + * opens more streams that is permitted. + */ +#define NGTCP2_ERR_STREAM_LIMIT -211 +/** + * @macro + * + * :macro:`NGTCP2_ERR_FINAL_SIZE` indicates that inconsistent final + * size of a stream. + */ +#define NGTCP2_ERR_FINAL_SIZE -212 +/** + * @macro + * + * :macro:`NGTCP2_ERR_CRYPTO` indicates crypto (TLS) related error. + */ +#define NGTCP2_ERR_CRYPTO -213 +/** + * @macro + * + * :macro:`NGTCP2_ERR_PKT_NUM_EXHAUSTED` indicates that packet number + * is exhausted. + */ +#define NGTCP2_ERR_PKT_NUM_EXHAUSTED -214 +/** + * @macro + * + * :macro:`NGTCP2_ERR_REQUIRED_TRANSPORT_PARAM` indicates that a + * required transport parameter is missing. + */ +#define NGTCP2_ERR_REQUIRED_TRANSPORT_PARAM -215 +/** + * @macro + * + * :macro:`NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM` indicates that a + * transport parameter is malformed. + */ +#define NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM -216 +/** + * @macro + * + * :macro:`NGTCP2_ERR_FRAME_ENCODING` indicates there is an error in + * frame encoding. + */ +#define NGTCP2_ERR_FRAME_ENCODING -217 +/** + * @macro + * + * :macro:`NGTCP2_ERR_DECRYPT` indicates a decryption failure. + */ +#define NGTCP2_ERR_DECRYPT -218 +/** + * @macro + * + * :macro:`NGTCP2_ERR_STREAM_SHUT_WR` indicates no more data can be + * sent to a stream. + */ +#define NGTCP2_ERR_STREAM_SHUT_WR -219 +/** + * @macro + * + * :macro:`NGTCP2_ERR_STREAM_NOT_FOUND` indicates that a stream was + * not found. + */ +#define NGTCP2_ERR_STREAM_NOT_FOUND -220 +/** + * @macro + * + * :macro:`NGTCP2_ERR_STREAM_STATE` indicates that a requested + * operation is not allowed at the current stream state. + */ +#define NGTCP2_ERR_STREAM_STATE -221 +/** + * @macro + * + * :macro:`NGTCP2_ERR_RECV_VERSION_NEGOTIATION` indicates that Version + * Negotiation packet was received. + */ +#define NGTCP2_ERR_RECV_VERSION_NEGOTIATION -222 +/** + * @macro + * + * :macro:`NGTCP2_ERR_CLOSING` indicates that connection is in closing + * state. + */ +#define NGTCP2_ERR_CLOSING -223 +/** + * @macro + * + * :macro:`NGTCP2_ERR_DRAINING` indicates that connection is in + * draining state. + */ +#define NGTCP2_ERR_DRAINING -224 +/** + * @macro + * + * :macro:`NGTCP2_ERR_TRANSPORT_PARAM` indicates a general transport + * parameter error. + */ +#define NGTCP2_ERR_TRANSPORT_PARAM -225 +/** + * @macro + * + * :macro:`NGTCP2_ERR_DISCARD_PKT` indicates a packet was discarded. + */ +#define NGTCP2_ERR_DISCARD_PKT -226 +/** + * @macro + * + * :macro:`NGTCP2_ERR_CONN_ID_BLOCKED` indicates that there is no + * spare Connection ID available. + */ +#define NGTCP2_ERR_CONN_ID_BLOCKED -227 +/** + * @macro + * + * :macro:`NGTCP2_ERR_INTERNAL` indicates an internal error. + */ +#define NGTCP2_ERR_INTERNAL -228 +/** + * @macro + * + * :macro:`NGTCP2_ERR_CRYPTO_BUFFER_EXCEEDED` indicates that a crypto + * buffer exceeded. + */ +#define NGTCP2_ERR_CRYPTO_BUFFER_EXCEEDED -229 +/** + * @macro + * + * :macro:`NGTCP2_ERR_WRITE_MORE` indicates + * :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE` is used and a function call + * succeeded. + */ +#define NGTCP2_ERR_WRITE_MORE -230 +/** + * @macro + * + * :macro:`NGTCP2_ERR_RETRY` indicates that server should send Retry + * packet. + */ +#define NGTCP2_ERR_RETRY -231 +/** + * @macro + * + * :macro:`NGTCP2_ERR_DROP_CONN` indicates that an endpoint should + * drop connection immediately. + */ +#define NGTCP2_ERR_DROP_CONN -232 +/** + * @macro + * + * :macro:`NGTCP2_ERR_AEAD_LIMIT_REACHED` indicates AEAD encryption + * limit is reached and key update is not available. An endpoint + * should drop connection immediately. + */ +#define NGTCP2_ERR_AEAD_LIMIT_REACHED -233 +/** + * @macro + * + * :macro:`NGTCP2_ERR_NO_VIABLE_PATH` indicates that path validation + * could not probe that a path is capable of sending UDP datagram + * payload of size at least 1200 bytes. + */ +#define NGTCP2_ERR_NO_VIABLE_PATH -234 +/** + * @macro + * + * :macro:`NGTCP2_ERR_VERSION_NEGOTIATION` indicates that server + * should send Version Negotiation packet. + */ +#define NGTCP2_ERR_VERSION_NEGOTIATION -235 +/** + * @macro + * + * :macro:`NGTCP2_ERR_HANDSHAKE_TIMEOUT` indicates that QUIC + * connection is not established before the specified deadline. + */ +#define NGTCP2_ERR_HANDSHAKE_TIMEOUT -236 +/** + * @macro + * + * :macro:`NGTCP2_ERR_VERSION_NEGOTIATION_FAILURE` indicates the + * version negotiation failed. + */ +#define NGTCP2_ERR_VERSION_NEGOTIATION_FAILURE -237 +/** + * @macro + * + * :macro:`NGTCP2_ERR_IDLE_CLOSE` indicates the connection should be + * closed silently because of idle timeout. + */ +#define NGTCP2_ERR_IDLE_CLOSE -238 +/** + * @macro + * + * :macro:`NGTCP2_ERR_FATAL` indicates that error codes less than this + * value is fatal error. When this error is returned, an endpoint + * should close connection immediately. + */ +#define NGTCP2_ERR_FATAL -500 +/** + * @macro + * + * :macro:`NGTCP2_ERR_NOMEM` indicates out of memory. + */ +#define NGTCP2_ERR_NOMEM -501 +/** + * @macro + * + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` indicates that user defined + * callback function failed. + */ +#define NGTCP2_ERR_CALLBACK_FAILURE -502 + +/** + * @macrosection + * + * QUIC packet header flags + */ + +/** + * @macro + * + * :macro:`NGTCP2_PKT_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_PKT_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGTCP2_PKT_FLAG_LONG_FORM` indicates the Long header packet + * header. + */ +#define NGTCP2_PKT_FLAG_LONG_FORM 0x01u + +/** + * @macro + * + * :macro:`NGTCP2_PKT_FLAG_FIXED_BIT_CLEAR` indicates that Fixed Bit + * (aka QUIC bit) is not set. + */ +#define NGTCP2_PKT_FLAG_FIXED_BIT_CLEAR 0x02u + +/** + * @macro + * + * :macro:`NGTCP2_PKT_FLAG_KEY_PHASE` indicates Key Phase bit set. + */ +#define NGTCP2_PKT_FLAG_KEY_PHASE 0x04u + +/** + * @enum + * + * :type:`ngtcp2_pkt_type` defines QUIC version-independent QUIC + * packet types. + */ +typedef enum ngtcp2_pkt_type { + /** + * :enum:`NGTCP2_PKT_VERSION_NEGOTIATION` is defined by libngtcp2 + * for convenience. + */ + NGTCP2_PKT_VERSION_NEGOTIATION = 0x80, + /** + * :enum:`NGTCP2_PKT_STATELESS_RESET` is defined by libngtcp2 for + * convenience. + */ + NGTCP2_PKT_STATELESS_RESET = 0x81, + /** + * :enum:`NGTCP2_PKT_INITIAL` indicates Initial packet. + */ + NGTCP2_PKT_INITIAL = 0x10, + /** + * :enum:`NGTCP2_PKT_0RTT` indicates 0-RTT packet. + */ + NGTCP2_PKT_0RTT = 0x11, + /** + * :enum:`NGTCP2_PKT_HANDSHAKE` indicates Handshake packet. + */ + NGTCP2_PKT_HANDSHAKE = 0x12, + /** + * :enum:`NGTCP2_PKT_RETRY` indicates Retry packet. + */ + NGTCP2_PKT_RETRY = 0x13, + /** + * :enum:`NGTCP2_PKT_1RTT` is defined by libngtcp2 for convenience. + */ + NGTCP2_PKT_1RTT = 0x40 +} ngtcp2_pkt_type; + +/** + * @macrosection + * + * QUIC transport error code + */ + +/** + * @macro + * + * :macro:`NGTCP2_NO_ERROR` is QUIC transport error code ``NO_ERROR``. + */ +#define NGTCP2_NO_ERROR 0x0u + +/** + * @macro + * + * :macro:`NGTCP2_INTERNAL_ERROR` is QUIC transport error code + * ``INTERNAL_ERROR``. + */ +#define NGTCP2_INTERNAL_ERROR 0x1u + +/** + * @macro + * + * :macro:`NGTCP2_CONNECTION_REFUSED` is QUIC transport error code + * ``CONNECTION_REFUSED``. + */ +#define NGTCP2_CONNECTION_REFUSED 0x2u + +/** + * @macro + * + * :macro:`NGTCP2_FLOW_CONTROL_ERROR` is QUIC transport error code + * ``FLOW_CONTROL_ERROR``. + */ +#define NGTCP2_FLOW_CONTROL_ERROR 0x3u + +/** + * @macro + * + * :macro:`NGTCP2_STREAM_LIMIT_ERROR` is QUIC transport error code + * ``STREAM_LIMIT_ERROR``. + */ +#define NGTCP2_STREAM_LIMIT_ERROR 0x4u + +/** + * @macro + * + * :macro:`NGTCP2_STREAM_STATE_ERROR` is QUIC transport error code + * ``STREAM_STATE_ERROR``. + */ +#define NGTCP2_STREAM_STATE_ERROR 0x5u + +/** + * @macro + * + * :macro:`NGTCP2_FINAL_SIZE_ERROR` is QUIC transport error code + * ``FINAL_SIZE_ERROR``. + */ +#define NGTCP2_FINAL_SIZE_ERROR 0x6u + +/** + * @macro + * + * :macro:`NGTCP2_FRAME_ENCODING_ERROR` is QUIC transport error code + * ``FRAME_ENCODING_ERROR``. + */ +#define NGTCP2_FRAME_ENCODING_ERROR 0x7u + +/** + * @macro + * + * :macro:`NGTCP2_TRANSPORT_PARAMETER_ERROR` is QUIC transport error + * code ``TRANSPORT_PARAMETER_ERROR``. + */ +#define NGTCP2_TRANSPORT_PARAMETER_ERROR 0x8u + +/** + * @macro + * + * :macro:`NGTCP2_CONNECTION_ID_LIMIT_ERROR` is QUIC transport error + * code ``CONNECTION_ID_LIMIT_ERROR``. + */ +#define NGTCP2_CONNECTION_ID_LIMIT_ERROR 0x9u + +/** + * @macro + * + * :macro:`NGTCP2_PROTOCOL_VIOLATION` is QUIC transport error code + * ``PROTOCOL_VIOLATION``. + */ +#define NGTCP2_PROTOCOL_VIOLATION 0xau + +/** + * @macro + * + * :macro:`NGTCP2_INVALID_TOKEN` is QUIC transport error code + * ``INVALID_TOKEN``. + */ +#define NGTCP2_INVALID_TOKEN 0xbu + +/** + * @macro + * + * :macro:`NGTCP2_APPLICATION_ERROR` is QUIC transport error code + * ``APPLICATION_ERROR``. + */ +#define NGTCP2_APPLICATION_ERROR 0xcu + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_BUFFER_EXCEEDED` is QUIC transport error code + * ``CRYPTO_BUFFER_EXCEEDED``. + */ +#define NGTCP2_CRYPTO_BUFFER_EXCEEDED 0xdu + +/** + * @macro + * + * :macro:`NGTCP2_KEY_UPDATE_ERROR` is QUIC transport error code + * ``KEY_UPDATE_ERROR``. + */ +#define NGTCP2_KEY_UPDATE_ERROR 0xeu + +/** + * @macro + * + * :macro:`NGTCP2_AEAD_LIMIT_REACHED` is QUIC transport error code + * ``AEAD_LIMIT_REACHED``. + */ +#define NGTCP2_AEAD_LIMIT_REACHED 0xfu + +/** + * @macro + * + * :macro:`NGTCP2_NO_VIABLE_PATH` is QUIC transport error code + * ``NO_VIABLE_PATH``. + */ +#define NGTCP2_NO_VIABLE_PATH 0x10u + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_ERROR` is QUIC transport error code + * ``CRYPTO_ERROR``. + */ +#define NGTCP2_CRYPTO_ERROR 0x100u + +/** + * @macro + * + * :macro:`NGTCP2_VERSION_NEGOTIATION_ERROR` is QUIC transport error + * code ``VERSION_NEGOTIATION_ERROR``. See :rfc:`9368`. + */ +#define NGTCP2_VERSION_NEGOTIATION_ERROR 0x11 + +/** + * @enum + * + * :type:`ngtcp2_path_validation_result` defines path validation + * result code. + */ +typedef enum ngtcp2_path_validation_result { + /** + * :enum:`NGTCP2_PATH_VALIDATION_RESULT_SUCCESS` indicates + * successful validation. + */ + NGTCP2_PATH_VALIDATION_RESULT_SUCCESS, + /** + * :enum:`NGTCP2_PATH_VALIDATION_RESULT_FAILURE` indicates + * validation failure. + */ + NGTCP2_PATH_VALIDATION_RESULT_FAILURE, + /** + * :enum:`NGTCP2_PATH_VALIDATION_RESULT_ABORTED` indicates that path + * validation was aborted. + */ + NGTCP2_PATH_VALIDATION_RESULT_ABORTED +} ngtcp2_path_validation_result; + +/** + * @typedef + * + * :type:`ngtcp2_tstamp` is a timestamp with nanosecond resolution. + * ``UINT64_MAX`` is an invalid value, and it is often used to + * indicate that no value is set. + */ +typedef uint64_t ngtcp2_tstamp; + +/** + * @typedef + * + * :type:`ngtcp2_duration` is a period of time in nanosecond + * resolution. ``UINT64_MAX`` is an invalid value, and it is often + * used to indicate that no value is set. + */ +typedef uint64_t ngtcp2_duration; + +/** + * @struct + * + * :type:`ngtcp2_cid` holds a Connection ID. + */ +typedef struct ngtcp2_cid { + /** + * :member:`datalen` is the length of Connection ID. + */ + size_t datalen; + /** + * :member:`data` is the buffer to store Connection ID. + */ + uint8_t data[NGTCP2_MAX_CIDLEN]; +} ngtcp2_cid; + +/** + * @struct + * + * :type:`ngtcp2_vec` is struct iovec compatible structure to + * reference arbitrary array of bytes. + */ +typedef struct ngtcp2_vec { + /** + * :member:`base` points to the data. + */ + uint8_t *base; + /** + * :member:`len` is the number of bytes which the buffer pointed by + * base contains. + */ + size_t len; +} ngtcp2_vec; + +/** + * @function + * + * `ngtcp2_cid_init` initializes Connection ID |cid| with the byte + * string pointed by |data| and its length is |datalen|. |datalen| + * must be at most :macro:`NGTCP2_MAX_CIDLEN`. + */ +NGTCP2_EXTERN void ngtcp2_cid_init(ngtcp2_cid *cid, const uint8_t *data, + size_t datalen); + +/** + * @function + * + * `ngtcp2_cid_eq` returns nonzero if |a| and |b| share the same + * Connection ID. + */ +NGTCP2_EXTERN int ngtcp2_cid_eq(const ngtcp2_cid *a, const ngtcp2_cid *b); + +/** + * @struct + * + * :type:`ngtcp2_pkt_hd` represents QUIC packet header. + */ +typedef struct ngtcp2_pkt_hd { + /** + * :member:`dcid` is Destination Connection ID. + */ + ngtcp2_cid dcid; + /** + * :member:`scid` is Source Connection ID. + */ + ngtcp2_cid scid; + /** + * :member:`pkt_num` is a packet number. + */ + int64_t pkt_num; + /** + * :member:`token` contains token. Only Initial packet may contain + * token. NULL if no token is present. + */ + const uint8_t *token; + /** + * :member:`tokenlen` is the length of :member:`token`. 0 if no + * token is present. + */ + size_t tokenlen; + /** + * :member:`pkt_numlen` is the number of bytes spent to encode + * :member:`pkt_num`. + */ + size_t pkt_numlen; + /** + * :member:`len` is the sum of :member:`pkt_numlen` and the length + * of QUIC packet payload. + */ + size_t len; + /** + * :member:`version` is QUIC version. + */ + uint32_t version; + /** + * :member:`type` is a type of QUIC packet. This field does not + * have a QUIC packet type defined for a specific QUIC version. + * Instead, it contains version independent packet type defined by + * this library. See :type:`ngtcp2_pkt_type`. + */ + uint8_t type; + /** + * :member:`flags` is zero or more of :macro:`NGTCP2_PKT_FLAG_* + * `. + */ + uint8_t flags; +} ngtcp2_pkt_hd; + +/** + * @struct + * + * :type:`ngtcp2_pkt_stateless_reset` represents Stateless Reset. + */ +typedef struct ngtcp2_pkt_stateless_reset { + /** + * :member:`stateless_reset_token` contains stateless reset token. + */ + uint8_t stateless_reset_token[NGTCP2_STATELESS_RESET_TOKENLEN]; + /** + * :member:`rand` points a buffer which contains random bytes + * section. + */ + const uint8_t *rand; + /** + * :member:`randlen` is the number of random bytes. + */ + size_t randlen; +} ngtcp2_pkt_stateless_reset; + +/** + * @macrosection + * + * QUIC transport parameters related macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_DEFAULT_MAX_RECV_UDP_PAYLOAD_SIZE` is the default + * value of max_udp_payload_size transport parameter. + */ +#define NGTCP2_DEFAULT_MAX_RECV_UDP_PAYLOAD_SIZE 65527 + +/** + * @macro + * + * :macro:`NGTCP2_DEFAULT_ACK_DELAY_EXPONENT` is a default value of + * scaling factor of ACK Delay field in ACK frame. + */ +#define NGTCP2_DEFAULT_ACK_DELAY_EXPONENT 3 + +/** + * @macro + * + * :macro:`NGTCP2_DEFAULT_MAX_ACK_DELAY` is a default value of the + * maximum amount of time in nanoseconds by which endpoint delays + * sending acknowledgement. + */ +#define NGTCP2_DEFAULT_MAX_ACK_DELAY (25 * NGTCP2_MILLISECONDS) + +/** + * @macro + * + * :macro:`NGTCP2_DEFAULT_ACTIVE_CONNECTION_ID_LIMIT` is the default + * value of active_connection_id_limit transport parameter value if + * omitted. + */ +#define NGTCP2_DEFAULT_ACTIVE_CONNECTION_ID_LIMIT 2 + +/** + * @macro + * + * :macro:`NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS_V1` is TLS + * extension type of quic_transport_parameters. + */ +#define NGTCP2_TLSEXT_QUIC_TRANSPORT_PARAMETERS_V1 0x39u + +#ifdef NGTCP2_USE_GENERIC_SOCKADDR +# ifndef NGTCP2_AF_INET +# error NGTCP2_AF_INET must be defined +# endif /* !defined(NGTCP2_AF_INET) */ + +# ifndef NGTCP2_AF_INET6 +# error NGTCP2_AF_INET6 must be defined +# endif /* !defined(NGTCP2_AF_INET6) */ + +typedef unsigned short int ngtcp2_sa_family; +typedef uint16_t ngtcp2_in_port; + +typedef struct ngtcp2_sockaddr { + ngtcp2_sa_family sa_family; + uint8_t sa_data[14]; +} ngtcp2_sockaddr; + +typedef struct ngtcp2_in_addr { + uint32_t s_addr; +} ngtcp2_in_addr; + +typedef struct ngtcp2_sockaddr_in { + ngtcp2_sa_family sin_family; + ngtcp2_in_port sin_port; + ngtcp2_in_addr sin_addr; + uint8_t sin_zero[8]; +} ngtcp2_sockaddr_in; + +typedef struct ngtcp2_in6_addr { + uint8_t in6_addr[16]; +} ngtcp2_in6_addr; + +typedef struct ngtcp2_sockaddr_in6 { + ngtcp2_sa_family sin6_family; + ngtcp2_in_port sin6_port; + uint32_t sin6_flowinfo; + ngtcp2_in6_addr sin6_addr; + uint32_t sin6_scope_id; +} ngtcp2_sockaddr_in6; + +typedef uint32_t ngtcp2_socklen; +#else /* !defined(NGTCP2_USE_GENERIC_SOCKADDR) */ +# define NGTCP2_AF_INET AF_INET +# define NGTCP2_AF_INET6 AF_INET6 + +/** + * @typedef + * + * :type:`ngtcp2_sockaddr` is typedefed to struct sockaddr. If + * :macro:`NGTCP2_USE_GENERIC_SOCKADDR` is defined, it is typedefed to + * the generic struct sockaddr defined in ngtcp2.h. + */ +typedef struct sockaddr ngtcp2_sockaddr; +/** + * @typedef + * + * :type:`ngtcp2_sockaddr_in` is typedefed to struct sockaddr_in. If + * :macro:`NGTCP2_USE_GENERIC_SOCKADDR` is defined, it is typedefed to + * the generic struct sockaddr_in defined in ngtcp2.h. + */ +typedef struct sockaddr_in ngtcp2_sockaddr_in; +/** + * @typedef + * + * :type:`ngtcp2_sockaddr_in6` is typedefed to struct sockaddr_in6. + * If :macro:`NGTCP2_USE_GENERIC_SOCKADDR` is defined, it is typedefed + * to the generic struct sockaddr_in6 defined in ngtcp2.h. + */ +typedef struct sockaddr_in6 ngtcp2_sockaddr_in6; +/** + * @typedef + * + * :type:`ngtcp2_socklen` is typedefed to socklen_t. If + * :macro:`NGTCP2_USE_GENERIC_SOCKADDR` is defined, it is typedefed to + * uint32_t. + */ +typedef socklen_t ngtcp2_socklen; +#endif /* !defined(NGTCP2_USE_GENERIC_SOCKADDR) */ + +/** + * @struct + * + * :type:`ngtcp2_sockaddr_union` conveniently includes all supported + * address types. + */ +typedef union ngtcp2_sockaddr_union { + ngtcp2_sockaddr sa; + ngtcp2_sockaddr_in in; + ngtcp2_sockaddr_in6 in6; +} ngtcp2_sockaddr_union; + +/** + * @struct + * + * :type:`ngtcp2_preferred_addr` represents preferred address + * structure. + */ +typedef struct ngtcp2_preferred_addr { + /** + * :member:`cid` is a Connection ID. + */ + ngtcp2_cid cid; + /** + * :member:`ipv4` contains IPv4 address and port. + */ + ngtcp2_sockaddr_in ipv4; + /** + * :member:`ipv6` contains IPv6 address and port. + */ + ngtcp2_sockaddr_in6 ipv6; + /** + * :member:`ipv4_present` indicates that :member:`ipv4` contains + * IPv4 address and port. + */ + uint8_t ipv4_present; + /** + * :member:`ipv6_present` indicates that :member:`ipv6` contains + * IPv6 address and port. + */ + uint8_t ipv6_present; + /** + * :member:`stateless_reset_token` contains stateless reset token. + */ + uint8_t stateless_reset_token[NGTCP2_STATELESS_RESET_TOKENLEN]; +} ngtcp2_preferred_addr; + +/** + * @struct + * + * :type:`ngtcp2_version_info` represents version_information + * structure. See :rfc:`9368`. + */ +typedef struct ngtcp2_version_info { + /** + * :member:`chosen_version` is the version chosen by the sender. + */ + uint32_t chosen_version; + /** + * :member:`available_versions` points the wire image of + * available_versions field. The each version is therefore in + * network byte order. + */ + const uint8_t *available_versions; + /** + * :member:`available_versionslen` is the number of bytes pointed by + * :member:`available_versions`, not the number of versions + * included. + */ + size_t available_versionslen; +} ngtcp2_version_info; + +#define NGTCP2_TRANSPORT_PARAMS_V1 1 +#define NGTCP2_TRANSPORT_PARAMS_VERSION NGTCP2_TRANSPORT_PARAMS_V1 + +/** + * @struct + * + * :type:`ngtcp2_transport_params` represents QUIC transport + * parameters. + */ +typedef struct ngtcp2_transport_params { + /** + * :member:`preferred_addr` contains preferred address if + * :member:`preferred_addr_present` is nonzero. + */ + ngtcp2_preferred_addr preferred_addr; + /** + * :member:`original_dcid` is the Destination Connection ID field + * from the first Initial packet from client. Server must specify + * this field and set :member:`original_dcid_present` to nonzero. + * It is expected that application knows the original Destination + * Connection ID even if it sends Retry packet, for example, by + * including it in retry token. Otherwise, application should not + * specify this field. + */ + ngtcp2_cid original_dcid; + /** + * :member:`initial_scid` is the Source Connection ID field from the + * first Initial packet the local endpoint sends. Application + * should not specify this field. If :member:`initial_scid_present` + * is set to nonzero, it indicates this field is set. + */ + ngtcp2_cid initial_scid; + /** + * :member:`retry_scid` is the Source Connection ID field from Retry + * packet. Only server uses this field. If server application + * received Initial packet with retry token from client, and server + * successfully verified its token, server application must set + * Destination Connection ID field from the Initial packet to this + * field, and set :member:`retry_scid_present` to nonzero. Server + * application must verify that the Destination Connection ID from + * Initial packet was sent in Retry packet by, for example, + * including the Connection ID in a token, or including it in AAD + * when encrypting a token. + */ + ngtcp2_cid retry_scid; + /** + * :member:`initial_max_stream_data_bidi_local` is the size of flow + * control window of locally initiated stream. This is the number + * of bytes that the remote endpoint can send, and the local + * endpoint must ensure that it has enough buffer to receive them. + */ + uint64_t initial_max_stream_data_bidi_local; + /** + * :member:`initial_max_stream_data_bidi_remote` is the size of flow + * control window of remotely initiated stream. This is the number + * of bytes that the remote endpoint can send, and the local + * endpoint must ensure that it has enough buffer to receive them. + */ + uint64_t initial_max_stream_data_bidi_remote; + /** + * :member:`initial_max_stream_data_uni` is the size of flow control + * window of remotely initiated unidirectional stream. This is the + * number of bytes that the remote endpoint can send, and the local + * endpoint must ensure that it has enough buffer to receive them. + */ + uint64_t initial_max_stream_data_uni; + /** + * :member:`initial_max_data` is the connection level flow control + * window. + */ + uint64_t initial_max_data; + /** + * :member:`initial_max_streams_bidi` is the number of concurrent + * streams that the remote endpoint can create. + */ + uint64_t initial_max_streams_bidi; + /** + * :member:`initial_max_streams_uni` is the number of concurrent + * unidirectional streams that the remote endpoint can create. + */ + uint64_t initial_max_streams_uni; + /** + * :member:`max_idle_timeout` is a duration during which sender + * allows quiescent. 0 means no idle timeout. It must not be + * UINT64_MAX. + */ + ngtcp2_duration max_idle_timeout; + /** + * :member:`max_udp_payload_size` is the maximum UDP payload size + * that the local endpoint can receive. + */ + uint64_t max_udp_payload_size; + /** + * :member:`active_connection_id_limit` is the maximum number of + * Connection ID that sender can store. If specified, it must be in + * the range of [:macro:`NGTCP2_DEFAULT_ACTIVE_CONNECTION_ID_LIMIT`, + * 8], inclusive. + */ + uint64_t active_connection_id_limit; + /** + * :member:`ack_delay_exponent` is the exponent used in ACK Delay + * field in ACK frame. + */ + uint64_t ack_delay_exponent; + /** + * :member:`max_ack_delay` is the maximum acknowledgement delay by + * which the local endpoint will delay sending acknowledgements. It + * must be strictly less than (1 << 14) milliseconds. + * Sub-millisecond part is dropped when sending it in a QUIC + * transport parameter. + */ + ngtcp2_duration max_ack_delay; + /** + * :member:`max_datagram_frame_size` is the maximum size of DATAGRAM + * frame that the local endpoint willingly receives. Specifying 0 + * disables DATAGRAM support. See :rfc:`9221`. + */ + uint64_t max_datagram_frame_size; + /** + * :member:`stateless_reset_token_present` is nonzero if + * :member:`stateless_reset_token` field is set. + */ + uint8_t stateless_reset_token_present; + /** + * :member:`disable_active_migration` is nonzero if the local + * endpoint does not support active connection migration. + */ + uint8_t disable_active_migration; + /** + * :member:`original_dcid_present` is nonzero if + * :member:`original_dcid` field is set. + */ + uint8_t original_dcid_present; + /** + * :member:`initial_scid_present` is nonzero if + * :member:`initial_scid` field is set. + */ + uint8_t initial_scid_present; + /** + * :member:`retry_scid_present` is nonzero if :member:`retry_scid` + * field is set. + */ + uint8_t retry_scid_present; + /** + * :member:`preferred_addr_present` is nonzero if + * :member:`preferred_address` is set. + */ + uint8_t preferred_addr_present; + /** + * :member:`stateless_reset_token` contains stateless reset token. + */ + uint8_t stateless_reset_token[NGTCP2_STATELESS_RESET_TOKENLEN]; + /** + * :member:`grease_quic_bit` is nonzero if sender supports "Greasing + * the QUIC Bit" extension. See :rfc:`9287`. + */ + uint8_t grease_quic_bit; + /** + * :member:`version_info` contains version_information field if + * :member:`version_info_present` is nonzero. Application should + * not specify this field. + */ + ngtcp2_version_info version_info; + /** + * :member:`version_info_present` is nonzero if + * :member:`version_info` is set. Application should not specify + * this field. + */ + uint8_t version_info_present; +} ngtcp2_transport_params; + +#define NGTCP2_CONN_INFO_V1 1 +#define NGTCP2_CONN_INFO_VERSION NGTCP2_CONN_INFO_V1 + +/** + * @struct + * + * :type:`ngtcp2_conn_info` holds various connection statistics. + */ +typedef struct ngtcp2_conn_info { + /** + * :member:`latest_rtt` is the latest RTT sample which is not + * adjusted by acknowledgement delay. + */ + ngtcp2_duration latest_rtt; + /** + * :member:`min_rtt` is the minimum RTT seen so far. It is not + * adjusted by acknowledgement delay. + */ + ngtcp2_duration min_rtt; + /** + * :member:`smoothed_rtt` is the smoothed RTT. + */ + ngtcp2_duration smoothed_rtt; + /** + * :member:`rttvar` is a mean deviation of observed RTT. + */ + ngtcp2_duration rttvar; + /** + * :member:`cwnd` is the size of congestion window. + */ + uint64_t cwnd; + /** + * :member:`ssthresh` is slow start threshold. + */ + uint64_t ssthresh; + /** + * :member:`bytes_in_flight` is the number in bytes of all sent + * packets which have not been acknowledged. + */ + uint64_t bytes_in_flight; +} ngtcp2_conn_info; + +/** + * @enum + * + * :type:`ngtcp2_cc_algo` defines congestion control algorithms. + */ +typedef enum ngtcp2_cc_algo { + /** + * :enum:`NGTCP2_CC_ALGO_RENO` represents Reno. + */ + NGTCP2_CC_ALGO_RENO = 0x00, + /** + * :enum:`NGTCP2_CC_ALGO_CUBIC` represents Cubic. + */ + NGTCP2_CC_ALGO_CUBIC = 0x01, + /** + * :enum:`NGTCP2_CC_ALGO_BBR` represents BBR v2. + */ + NGTCP2_CC_ALGO_BBR = 0x02 +} ngtcp2_cc_algo; + +/** + * @functypedef + * + * :type:`ngtcp2_printf` is a callback function for logging. + * |user_data| is the same object passed to `ngtcp2_conn_client_new` + * or `ngtcp2_conn_server_new`. + */ +typedef void (*ngtcp2_printf)(void *user_data, const char *format, ...); + +/** + * @macrosection + * + * QLog related macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_QLOG_WRITE_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_QLOG_WRITE_FLAG_NONE 0x00u +/** + * @macro + * + * :macro:`NGTCP2_QLOG_WRITE_FLAG_FIN` indicates that this is the + * final call to :type:`ngtcp2_qlog_write` in the current connection. + */ +#define NGTCP2_QLOG_WRITE_FLAG_FIN 0x01u + +/** + * @struct + * + * :type:`ngtcp2_rand_ctx` is a wrapper around native random number + * generator. It is opaque to the ngtcp2 library. This might be + * useful if application needs to specify random number generator per + * thread or per connection. + */ +typedef struct ngtcp2_rand_ctx { + /** + * :member:`native_handle` is a pointer to an underlying random + * number generator. + */ + void *native_handle; +} ngtcp2_rand_ctx; + +/** + * @functypedef + * + * :type:`ngtcp2_qlog_write` is a callback function which is called to + * write qlog |data| of length |datalen| bytes. |flags| is bitwise OR + * of zero or more of :macro:`NGTCP2_QLOG_WRITE_FLAG_* + * `. If + * :macro:`NGTCP2_QLOG_WRITE_FLAG_FIN` is set, |datalen| may be 0. + */ +typedef void (*ngtcp2_qlog_write)(void *user_data, uint32_t flags, + const void *data, size_t datalen); + +/** + * @enum + * + * :type:`ngtcp2_token_type` defines the type of token. + */ +typedef enum ngtcp2_token_type { + /** + * :enum:`NGTCP2_TOKEN_TYPE_UNKNOWN` indicates that the type of + * token is unknown. + */ + NGTCP2_TOKEN_TYPE_UNKNOWN, + /** + * :enum:`NGTCP2_TOKEN_TYPE_RETRY` indicates that a token comes from + * Retry packet. + */ + NGTCP2_TOKEN_TYPE_RETRY, + /** + * :enum:`NGTCP2_TOKEN_TYPE_NEW_TOKEN` indicates that a token comes + * from NEW_TOKEN frame. + */ + NGTCP2_TOKEN_TYPE_NEW_TOKEN +} ngtcp2_token_type; + +#define NGTCP2_SETTINGS_V1 1 +#define NGTCP2_SETTINGS_V2 2 +#define NGTCP2_SETTINGS_VERSION NGTCP2_SETTINGS_V2 + +/** + * @struct + * + * :type:`ngtcp2_settings` defines QUIC connection settings. + */ +typedef struct ngtcp2_settings { + /** + * :member:`qlog_write` is a callback function to write qlog. + * Setting ``NULL`` disables qlog. + */ + ngtcp2_qlog_write qlog_write; + /** + * :member:`cc_algo` specifies congestion control algorithm. + */ + ngtcp2_cc_algo cc_algo; + /** + * :member:`initial_ts` is an initial timestamp given to the + * library. + */ + ngtcp2_tstamp initial_ts; + /** + * :member:`initial_rtt` is an initial RTT. + */ + ngtcp2_duration initial_rtt; + /** + * :member:`log_printf` is a function that the library uses to write + * logs. ``NULL`` means no logging output. It is nothing to do + * with qlog. + */ + ngtcp2_printf log_printf; + /** + * :member:`max_tx_udp_payload_size` is the maximum size of UDP + * datagram payload that the local endpoint transmits. + */ + size_t max_tx_udp_payload_size; + /** + * :member:`token` is a token from Retry packet or NEW_TOKEN frame. + * + * Server sets this field if it received the token in Client Initial + * packet and successfully validated. It should also set + * :member:`token_type` field. + * + * Client sets this field if it intends to send token in its Initial + * packet. + * + * `ngtcp2_conn_server_new` and `ngtcp2_conn_client_new` make a copy + * of token. + * + * Set NULL if there is no token. + */ + const uint8_t *token; + /** + * :member:`tokenlen` is the length of :member:`token`. Set 0 if + * there is no token. + */ + size_t tokenlen; + /** + * :member:`token_type` is the type of token. Server application + * should set this field. + */ + ngtcp2_token_type token_type; + /** + * :member:`rand_ctx` is an optional random number generator to be + * passed to :type:`ngtcp2_rand` callback. + */ + ngtcp2_rand_ctx rand_ctx; + /** + * :member:`max_window` is the maximum connection-level flow control + * window if connection-level window auto-tuning is enabled. The + * connection-level window auto tuning is enabled if nonzero value + * is specified in this field. The initial value of window size is + * :member:`ngtcp2_transport_params.initial_max_data`. The window + * size is scaled up to the value specified in this field. + */ + uint64_t max_window; + /** + * :member:`max_stream_window` is the maximum stream-level flow + * control window if stream-level window auto-tuning is enabled. + * The stream-level window auto-tuning is enabled if nonzero value + * is specified in this field. The initial value of window size is + * :member:`ngtcp2_transport_params.initial_max_stream_data_bidi_remote`, + * :member:`ngtcp2_transport_params.initial_max_stream_data_bidi_local`, + * or :member:`ngtcp2_transport_params.initial_max_stream_data_uni`, + * depending on the type of stream. The window size is scaled up to + * the value specified in this field. + * + * Please note that the auto-tuning is done per stream. Even if the + * previous stream gets larger window as a result of auto-tuning, + * the new stream still starts with the initial value set in + * transport parameters. This might become a bottleneck if + * congestion window of a remote server is wide open. If this + * causes an issue, do not enable auto-tuning. + */ + uint64_t max_stream_window; + /** + * :member:`ack_thresh` is the minimum number of the received ACK + * eliciting packets that trigger the immediate acknowledgement from + * the local endpoint. + */ + size_t ack_thresh; + /** + * :member:`no_tx_udp_payload_size_shaping`, if set to nonzero, + * instructs the library not to limit the UDP payload size to + * :macro:`NGTCP2_MAX_UDP_PAYLOAD_SIZE` (which can be extended by + * Path MTU Discovery), and instead use the minimum size among the + * given buffer size, :member:`max_tx_udp_payload_size`, and the + * received max_udp_payload_size QUIC transport parameter. + */ + uint8_t no_tx_udp_payload_size_shaping; + /** + * :member:`handshake_timeout` is the period of time before giving + * up QUIC connection establishment. If QUIC handshake is not + * complete within this period, `ngtcp2_conn_handle_expiry` returns + * :macro:`NGTCP2_ERR_HANDSHAKE_TIMEOUT` error. The deadline is + * :member:`initial_ts` + :member:`handshake_timeout`. If this + * field is set to ``UINT64_MAX``, no handshake timeout is set. + */ + ngtcp2_duration handshake_timeout; + /** + * :member:`preferred_versions` is the array of versions that are + * preferred by the local endpoint. All versions set in this array + * must be supported by the library, and compatible to QUIC v1. The + * reserved versions are not allowed. They are sorted in the order + * of preference. + * + * On compatible version negotiation, server will negotiate one of + * those versions contained in this array if there is some overlap + * between these versions and the versions offered by the client. + * If there is no overlap, but the client chosen version is + * supported by the library, the server chooses the client chosen + * version as the negotiated version. This version set corresponds + * to Offered Versions described in :rfc:`9368`, and it should be + * included in Version Negotiation packet. + * + * Client uses this field and :member:`original_version` to prevent + * version downgrade attack if it reacted upon Version Negotiation + * packet. If this field is specified, client must include + * |client_chosen_version| passed to `ngtcp2_conn_client_new` unless + * |client_chosen_version| is a reserved version. + */ + const uint32_t *preferred_versions; + /** + * :member:`preferred_versionslen` is the number of versions that + * are contained in the array pointed by + * :member:`preferred_versions`. + */ + size_t preferred_versionslen; + /** + * :member:`available_versions` is the array of versions that are + * going to be set in :member:`available_versions + * ` field of outgoing + * version_information QUIC transport parameter. + * + * For server, this corresponds to Fully-Deployed Versions described + * in :rfc:`9368`. If this field is not set, it is set to + * :member:`preferred_versions` internally if + * :member:`preferred_versionslen` is not zero. If this field is + * not set, and :member:`preferred_versionslen` is zero, this field + * is set to :macro:`NGTCP2_PROTO_VER_V1` internally. + * + * Client must include |client_chosen_version| passed to + * `ngtcp2_conn_client_new` in this array if this field is set and + * |client_chosen_version| is not a reserved version. If this field + * is not set, |client_chosen_version| passed to + * `ngtcp2_conn_client_new` will be set in this field internally + * unless |client_chosen_version| is a reserved version. + */ + const uint32_t *available_versions; + /** + * :member:`available_versionslen` is the number of versions that + * are contained in the array pointed by + * :member:`available_versions`. + */ + size_t available_versionslen; + /** + * :member:`original_version` is the original version that client + * initially used to make a connection attempt. If it is set, and + * it differs from |client_chosen_version| passed to + * `ngtcp2_conn_client_new`, the library assumes that client reacted + * upon Version Negotiation packet. Server does not use this field. + */ + uint32_t original_version; + /** + * :member:`no_pmtud`, if set to nonzero, disables Path MTU + * Discovery. + */ + uint8_t no_pmtud; + /** + * :member:`initial_pkt_num` is the initial packet number for each + * packet number space. It must be in range [0, INT32_MAX], + * inclusive. + */ + uint32_t initial_pkt_num; + /* The following fields have been added since NGTCP2_SETTINGS_V2. */ + /** + * :member:`pmtud_probes` is the array of UDP datagram payload size + * to probe during Path MTU Discovery. The discovery is done in the + * order appeared in this array. The size must be strictly larger + * than 1200, otherwise the behavior is undefined. The maximum + * value in this array should be set to + * :member:`max_tx_udp_payload_size`. If this field is not set, the + * predefined PMTUD probes are made. This field has been available + * since v1.4.0. + */ + const uint16_t *pmtud_probes; + /** + * :member:`pmtud_probeslen` is the number of elements that are + * contained in the array pointed by :member:`pmtud_probes`. This + * field has been available since v1.4.0. + */ + size_t pmtud_probeslen; +} ngtcp2_settings; + +/** + * @struct + * + * :type:`ngtcp2_addr` is the endpoint address. + */ +typedef struct ngtcp2_addr { + /** + * :member:`addr` points to the buffer which contains endpoint + * address. It must not be ``NULL``. + */ + ngtcp2_sockaddr *addr; + /** + * :member:`addrlen` is the length of :member:`addr`. It must not + * be longer than sizeof(:type:`ngtcp2_sockaddr_union`). + */ + ngtcp2_socklen addrlen; +} ngtcp2_addr; + +/** + * @struct + * + * :type:`ngtcp2_path` is the network endpoints where a packet is sent + * and received. + */ +typedef struct ngtcp2_path { + /** + * :member:`local` is the address of local endpoint. + */ + ngtcp2_addr local; + /** + * :member:`remote` is the address of remote endpoint. + */ + ngtcp2_addr remote; + /** + * :member:`user_data` is an arbitrary data and opaque to the + * library. + * + * Note that :type:`ngtcp2_path` is generally passed to + * :type:`ngtcp2_conn` by an application, and :type:`ngtcp2_conn` + * stores their copies. Unfortunately, there is no way for the + * application to know when :type:`ngtcp2_conn` finished using a + * specific :type:`ngtcp2_path` object in mid connection, which + * means that the application cannot free the data pointed by this + * field. Therefore, it is advised to use this field only when the + * data pointed by this field persists in an entire lifetime of the + * connection. + */ + void *user_data; +} ngtcp2_path; + +/** + * @struct + * + * :type:`ngtcp2_path_storage` is a convenient struct to have buffers + * to store the longest addresses. + */ +typedef struct ngtcp2_path_storage { + /** + * :member:`path` stores network path. + */ + ngtcp2_path path; + /** + * :member:`local_addrbuf` is a buffer to store local address. + */ + ngtcp2_sockaddr_union local_addrbuf; + /** + * :member:`remote_addrbuf` is a buffer to store remote address. + */ + ngtcp2_sockaddr_union remote_addrbuf; +} ngtcp2_path_storage; + +/** + * @struct + * + * :type:`ngtcp2_crypto_md` is a wrapper around native message digest + * object. + */ +typedef struct ngtcp2_crypto_md { + /** + * :member:`native_handle` is a pointer to an underlying message + * digest object. + */ + void *native_handle; +} ngtcp2_crypto_md; + +/** + * @struct + * + * :type:`ngtcp2_crypto_aead` is a wrapper around native AEAD object. + */ +typedef struct ngtcp2_crypto_aead { + /** + * :member:`native_handle` is a pointer to an underlying AEAD + * object. + */ + void *native_handle; + /** + * :member:`max_overhead` is the number of additional bytes which + * AEAD encryption needs on encryption. + */ + size_t max_overhead; +} ngtcp2_crypto_aead; + +/** + * @struct + * + * :type:`ngtcp2_crypto_cipher` is a wrapper around native cipher + * object. + */ +typedef struct ngtcp2_crypto_cipher { + /** + * :member:`native_handle` is a pointer to an underlying cipher + * object. + */ + void *native_handle; +} ngtcp2_crypto_cipher; + +/** + * @struct + * + * :type:`ngtcp2_crypto_aead_ctx` is a wrapper around native AEAD + * cipher context object. It should be initialized with a specific + * key. ngtcp2 library reuses this context object to encrypt or + * decrypt multiple packets. + */ +typedef struct ngtcp2_crypto_aead_ctx { + /** + * :member:`native_handle` is a pointer to an underlying AEAD + * context object. + */ + void *native_handle; +} ngtcp2_crypto_aead_ctx; + +/** + * @struct + * + * :type:`ngtcp2_crypto_cipher_ctx` is a wrapper around native cipher + * context object. It should be initialized with a specific key. + * ngtcp2 library reuses this context object to encrypt or decrypt + * multiple packet headers. + */ +typedef struct ngtcp2_crypto_cipher_ctx { + /** + * :member:`native_handle` is a pointer to an underlying cipher + * context object. + */ + void *native_handle; +} ngtcp2_crypto_cipher_ctx; + +/** + * @struct + * + * :type:`ngtcp2_crypto_ctx` is a convenient structure to bind all + * crypto related objects in one place. Use + * `ngtcp2_crypto_ctx_initial` to initialize this struct for Initial + * packet encryption. For Handshake and 1-RTT packets, use + * `ngtcp2_crypto_ctx_tls`. For 0-RTT packets, use + * `ngtcp2_crypto_ctx_tls_early`. + */ +typedef struct ngtcp2_crypto_ctx { + /** + * :member:`aead` is AEAD object. + */ + ngtcp2_crypto_aead aead; + /** + * :member:`md` is message digest object. + */ + ngtcp2_crypto_md md; + /** + * :member:`hp` is header protection cipher. + */ + ngtcp2_crypto_cipher hp; + /** + * :member:`max_encryption` is the number of encryption which this + * key can be used with. + */ + uint64_t max_encryption; + /** + * :member:`max_decryption_failure` is the number of decryption + * failure with this key. + */ + uint64_t max_decryption_failure; +} ngtcp2_crypto_ctx; + +/** + * @function + * + * `ngtcp2_transport_params_encode` encodes |params| in |dest| of + * length |destlen|. + * + * If |dest| is NULL, and |destlen| is zero, this function just + * returns the number of bytes required to store the encoded transport + * parameters. + * + * This function returns the number of bytes written, or one of the + * following negative error codes: + * + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_transport_params_encode_versioned( + uint8_t *dest, size_t destlen, int transport_params_version, + const ngtcp2_transport_params *params); + +/** + * @function + * + * `ngtcp2_transport_params_decode` decodes transport parameters in + * |data| of length |datalen|, and stores the result in the object + * pointed by |params|. + * + * If an optional parameter is missing, the default value is assigned. + * + * The following fields may point to somewhere inside the buffer + * pointed by |data| of length |datalen|: + * + * - :member:`ngtcp2_transport_params.version_info.available_versions + * ` + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM` + * The input is malformed. + */ +NGTCP2_EXTERN int +ngtcp2_transport_params_decode_versioned(int transport_params_version, + ngtcp2_transport_params *params, + const uint8_t *data, size_t datalen); + +/** + * @function + * + * `ngtcp2_transport_params_decode_new` decodes transport parameters + * in |data| of length |datalen|, and stores the result in the object + * allocated dynamically. The pointer to the allocated object is + * assigned to |*pparams|. Unlike `ngtcp2_transport_params_decode`, + * all direct and indirect fields are also allocated dynamically if + * needed. + * + * |mem| is a memory allocator to allocate memory. If |mem| is + * ``NULL``, the memory allocator returned by `ngtcp2_mem_default()` + * is used. + * + * If the optional parameters are missing, the default value is + * assigned. + * + * `ngtcp2_transport_params_del` frees the memory allocated by this + * function. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM` + * The input is malformed. + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int +ngtcp2_transport_params_decode_new(ngtcp2_transport_params **pparams, + const uint8_t *data, size_t datalen, + const ngtcp2_mem *mem); + +/** + * @function + * + * `ngtcp2_transport_params_del` frees the |params| which must be + * dynamically allocated by `ngtcp2_transport_params_decode_new`. + * + * |mem| is a memory allocator that allocated |params|. If |mem| is + * ``NULL``, the memory allocator returned by `ngtcp2_mem_default()` + * is used. + * + * If |params| is ``NULL``, this function does nothing. + */ +NGTCP2_EXTERN void ngtcp2_transport_params_del(ngtcp2_transport_params *params, + const ngtcp2_mem *mem); + +/** + * @struct + * + * :type:`ngtcp2_version_cid` is a convenient struct to store the + * result of `ngtcp2_pkt_decode_version_cid`. + */ +typedef struct ngtcp2_version_cid { + /** + * :member:`version` stores QUIC version. + */ + uint32_t version; + /** + * :member:`dcid` points to the Destination Connection ID. + */ + const uint8_t *dcid; + /** + * :member:`dcidlen` is the length of the Destination Connection ID + * pointed by :member:`dcid`. + */ + size_t dcidlen; + /** + * :member:`scid` points to the Source Connection ID. + */ + const uint8_t *scid; + /** + * :member:`scidlen` is the length of the Source Connection ID + * pointed by :member:`scid`. + */ + size_t scidlen; +} ngtcp2_version_cid; + +/** + * @function + * + * `ngtcp2_pkt_decode_version_cid` extracts QUIC version, Destination + * Connection ID and Source Connection ID from the packet pointed by + * |data| of length |datalen|. This function can handle Connection ID + * up to 255 bytes unlike `ngtcp2_pkt_decode_hd_long` or + * `ngtcp2_pkt_decode_hd_short` which are only capable of handling + * Connection ID less than or equal to :macro:`NGTCP2_MAX_CIDLEN`. + * Longer Connection ID is only valid if the version is unsupported + * QUIC version. + * + * If the given packet is Long header packet, this function extracts + * the version from the packet, and assigns it to + * :member:`dest->version `. It also + * extracts the pointer to the Destination Connection ID and its + * length, and assigns them to :member:`dest->dcid + * ` and :member:`dest->dcidlen + * ` respectively. Similarly, it extracts + * the pointer to the Source Connection ID and its length, and assigns + * them to :member:`dest->scid ` and + * :member:`dest->scidlen ` respectively. + * |short_dcidlen| is ignored. + * + * If the given packet is Short header packet, :member:`dest->version + * ` will be 0, :member:`dest->scid + * ` will be ``NULL``, and + * :member:`dest->scidlen ` will be 0. + * Because the Short header packet does not have the length of + * Destination Connection ID, the caller has to pass the length in + * |short_dcidlen|. This function extracts the pointer to the + * Destination Connection ID, and assigns it to :member:`dest->dcid + * `. |short_dcidlen| is assigned to + * :member:`dest->dcidlen `. + * + * If Version Negotiation is required, this function returns + * :macro:`NGTCP2_ERR_VERSION_NEGOTIATION`. Unlike the other error + * cases, all fields of |dest| are assigned as described above. + * + * This function returns 0 if it succeeds. Otherwise, one of the + * following negative error code: + * + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * The function could not decode the packet header. + * :macro:`NGTCP2_ERR_VERSION_NEGOTIATION` + * Version Negotiation packet should be sent. + */ +NGTCP2_EXTERN int ngtcp2_pkt_decode_version_cid(ngtcp2_version_cid *dest, + const uint8_t *data, + size_t datalen, + size_t short_dcidlen); + +/** + * @function + * + * `ngtcp2_pkt_decode_hd_long` decodes QUIC long packet header in + * |pkt| of length |pktlen|. This function only parses the input just + * before packet number field. + * + * This function does not verify that length field is correct. In + * other words, this function succeeds even if length > |pktlen|. + * + * This function can handle Connection ID up to + * :macro:`NGTCP2_MAX_CIDLEN`. Consider to use + * `ngtcp2_pkt_decode_version_cid` to get longer Connection ID. + * + * This function handles Version Negotiation specially. If version + * field is 0, |pkt| must contain Version Negotiation packet. Version + * Negotiation packet has random type in wire format. For + * convenience, this function sets + * :enum:`ngtcp2_pkt_type.NGTCP2_PKT_VERSION_NEGOTIATION` to + * :member:`dest->type `, clears + * :macro:`NGTCP2_PKT_FLAG_LONG_FORM` flag from :member:`dest->flags + * `, and sets 0 to :member:`dest->len + * `. Version Negotiation packet occupies a single + * packet. + * + * It stores the result in the object pointed by |dest|, and returns + * the number of bytes decoded to read the packet header if it + * succeeds, or one of the following error codes: + * + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * Packet is too short; or it is not a long header + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_pkt_decode_hd_long(ngtcp2_pkt_hd *dest, + const uint8_t *pkt, + size_t pktlen); + +/** + * @function + * + * `ngtcp2_pkt_decode_hd_short` decodes QUIC short header in |pkt| of + * length |pktlen|. Short header packet does not encode the length of + * Connection ID, thus we need the input from the outside. |dcidlen| + * is the length of Destination Connection ID in packet header. This + * function only parses the input just before packet number field. + * This function can handle Connection ID up to + * :macro:`NGTCP2_MAX_CIDLEN`. Consider to use + * `ngtcp2_pkt_decode_version_cid` to get longer Connection ID. It + * stores the result in the object pointed by |dest|, and returns the + * number of bytes decoded to read the packet header if it succeeds, + * or one of the following error codes: + * + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * Packet is too short; or it is not a short header + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_pkt_decode_hd_short(ngtcp2_pkt_hd *dest, + const uint8_t *pkt, + size_t pktlen, + size_t dcidlen); + +/** + * @function + * + * `ngtcp2_pkt_write_stateless_reset` writes Stateless Reset packet in + * the buffer pointed by |dest| whose length is |destlen|. + * |stateless_reset_token| is a pointer to the Stateless Reset Token, + * and its length must be :macro:`NGTCP2_STATELESS_RESET_TOKENLEN` + * bytes long. |rand| specifies the random octets preceding Stateless + * Reset Token. The length of |rand| is specified by |randlen| which + * must be at least :macro:`NGTCP2_MIN_STATELESS_RESET_RANDLEN` bytes + * long. + * + * If |randlen| is too long to write them all in the buffer, |rand| is + * written to the buffer as much as possible, and is truncated. + * + * This function returns the number of bytes written to the buffer, or + * one of the following negative error codes: + * + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small. + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * |randlen| is strictly less than + * :macro:`NGTCP2_MIN_STATELESS_RESET_RANDLEN`. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_pkt_write_stateless_reset( + uint8_t *dest, size_t destlen, const uint8_t *stateless_reset_token, + const uint8_t *rand, size_t randlen); + +/** + * @function + * + * `ngtcp2_pkt_write_version_negotiation` writes Version Negotiation + * packet in the buffer pointed by |dest| whose length is |destlen|. + * |unused_random| should be generated randomly. |dcid| is a + * Connection ID which appeared in a packet as a Source Connection ID + * sent by client which caused version negotiation. Similarly, |scid| + * is a Connection ID which appeared in a packet as a Destination + * Connection ID sent by client. |sv| is a list of supported + * versions, and |nsv| specifies the number of supported versions + * included in |sv|. + * + * This function returns the number of bytes written to the buffer, or + * one of the following negative error codes: + * + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_pkt_write_version_negotiation( + uint8_t *dest, size_t destlen, uint8_t unused_random, const uint8_t *dcid, + size_t dcidlen, const uint8_t *scid, size_t scidlen, const uint32_t *sv, + size_t nsv); + +/** + * @struct + * + * :type:`ngtcp2_conn` represents a single QUIC connection. + */ +typedef struct ngtcp2_conn ngtcp2_conn; + +/** + * @functypedef + * + * :type:`ngtcp2_client_initial` is invoked when client application + * asks TLS stack to produce first TLS cryptographic handshake data. + * + * This implementation of this callback must get the first handshake + * data from TLS stack, and pass it to ngtcp2 library using + * `ngtcp2_conn_submit_crypto_data` function. Make sure that before + * calling `ngtcp2_conn_submit_crypto_data` function, client + * application must create initial packet protection keys and IVs, and + * provide them to ngtcp2 library using + * `ngtcp2_conn_install_initial_key`. + * + * This callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library call + * return immediately. + */ +typedef int (*ngtcp2_client_initial)(ngtcp2_conn *conn, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_recv_client_initial` is invoked when server receives + * Initial packet from client. An server application must implement + * this callback, and generate initial keys and IVs for both + * transmission and reception. Install them using + * `ngtcp2_conn_install_initial_key`. |dcid| is the Destination + * Connection ID in Initial packet received from client. It is used + * to derive initial packet protection keys. + * + * The callback function must return 0 if it succeeds. If an error + * occurs, return :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the + * library call return immediately. + */ +typedef int (*ngtcp2_recv_client_initial)(ngtcp2_conn *conn, + const ngtcp2_cid *dcid, + void *user_data); + +/** + * @enum + * + * :type:`ngtcp2_encryption_level` is QUIC encryption level. + */ +typedef enum ngtcp2_encryption_level { + /** + * :enum:`NGTCP2_ENCRYPTION_LEVEL_INITIAL` is Initial encryption + * level. + */ + NGTCP2_ENCRYPTION_LEVEL_INITIAL, + /** + * :enum:`NGTCP2_ENCRYPTION_LEVEL_HANDSHAKE` is Handshake encryption + * level. + */ + NGTCP2_ENCRYPTION_LEVEL_HANDSHAKE, + /** + * :enum:`NGTCP2_ENCRYPTION_LEVEL_1RTT` is 1-RTT encryption level. + */ + NGTCP2_ENCRYPTION_LEVEL_1RTT, + /** + * :enum:`NGTCP2_ENCRYPTION_LEVEL_0RTT` is 0-RTT encryption level. + */ + NGTCP2_ENCRYPTION_LEVEL_0RTT +} ngtcp2_encryption_level; + +/** + * @functypedef + * + * :type`ngtcp2_recv_crypto_data` is invoked when crypto data is + * received. The received data is pointed by |data|, and its length + * is |datalen|. The |offset| specifies the offset where |data| is + * positioned. |user_data| is the arbitrary pointer passed to + * `ngtcp2_conn_client_new` or `ngtcp2_conn_server_new`. The ngtcp2 + * library ensures that the crypto data is passed to the application + * in the increasing order of |offset|. |datalen| is always strictly + * greater than 0. |encryption_level| indicates the encryption level + * where this data is received. Crypto data can never be received in + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`. + * + * The application should provide the given data to TLS stack. + * + * The callback function must return 0 if it succeeds, or one of the + * following negative error codes: + * + * - :macro:`NGTCP2_ERR_CRYPTO` + * - :macro:`NGTCP2_ERR_REQUIRED_TRANSPORT_PARAM` + * - :macro:`NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM` + * - :macro:`NGTCP2_ERR_TRANSPORT_PARAM` + * - :macro:`NGTCP2_ERR_PROTO` + * - :macro:`NGTCP2_ERR_VERSION_NEGOTIATION_FAILURE` + * - :macro:`NGTCP2_ERR_NOMEM` + * - :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * + * If the other value is returned, it is treated as + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE`. + * + * If application encounters fatal error, return + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library call + * return immediately. + */ +typedef int (*ngtcp2_recv_crypto_data)(ngtcp2_conn *conn, + ngtcp2_encryption_level encryption_level, + uint64_t offset, const uint8_t *data, + size_t datalen, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_handshake_completed` is invoked when QUIC + * cryptographic handshake has completed. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_handshake_completed)(ngtcp2_conn *conn, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_handshake_confirmed` is invoked when QUIC + * cryptographic handshake is confirmed. The handshake confirmation + * means that both endpoints agree that handshake has finished. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_handshake_confirmed)(ngtcp2_conn *conn, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_recv_version_negotiation` is invoked when Version + * Negotiation packet is received. |hd| is the pointer to the QUIC + * packet header object. The vector |sv| of |nsv| elements contains + * the QUIC version the server supports. Since Version Negotiation is + * only sent by server, this callback function is used by client only. + * + * The callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library call + * return immediately. + */ +typedef int (*ngtcp2_recv_version_negotiation)(ngtcp2_conn *conn, + const ngtcp2_pkt_hd *hd, + const uint32_t *sv, size_t nsv, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_recv_retry` is invoked when Retry packet is received. + * This callback is client use only. + * + * Application must regenerate packet protection key, IV, and header + * protection key for Initial packets using the Destination Connection + * ID obtained by :member:`hd->scid `, and install + * them by calling `ngtcp2_conn_install_initial_key`. + * + * 0-RTT data accepted by the ngtcp2 library will be automatically + * retransmitted as 0-RTT data by the library. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_recv_retry)(ngtcp2_conn *conn, const ngtcp2_pkt_hd *hd, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_encrypt` is invoked when the ngtcp2 library asks the + * application to encrypt packet payload. The packet payload to + * encrypt is passed as |plaintext| of length |plaintextlen|. The + * AEAD cipher is |aead|. |aead_ctx| is the AEAD cipher context + * object which is initialized with the specific encryption key. The + * nonce is passed as |nonce| of length |noncelen|. The Additional + * Authenticated Data is passed as |aad| of length |aadlen|. + * + * The implementation of this callback must encrypt |plaintext| using + * the negotiated cipher suite, and write the ciphertext into the + * buffer pointed by |dest|. |dest| has enough capacity to store the + * ciphertext and any additional AEAD tag data. + * + * |dest| and |plaintext| may point to the same buffer. + * + * The callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library call + * return immediately. + */ +typedef int (*ngtcp2_encrypt)(uint8_t *dest, const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx, + const uint8_t *plaintext, size_t plaintextlen, + const uint8_t *nonce, size_t noncelen, + const uint8_t *aad, size_t aadlen); + +/** + * @functypedef + * + * :type:`ngtcp2_decrypt` is invoked when the ngtcp2 library asks the + * application to decrypt packet payload. The packet payload to + * decrypt is passed as |ciphertext| of length |ciphertextlen|. The + * AEAD cipher is |aead|. |aead_ctx| is the AEAD cipher context + * object which is initialized with the specific decryption key. The + * nonce is passed as |nonce| of length |noncelen|. The Additional + * Authenticated Data is passed as |aad| of length |aadlen|. + * + * The implementation of this callback must decrypt |ciphertext| using + * the negotiated cipher suite, and write the ciphertext into the + * buffer pointed by |dest|. |dest| has enough capacity to store the + * cleartext. + * + * |dest| and |ciphertext| may point to the same buffer. + * + * The callback function must return 0 if it succeeds. If TLS stack + * fails to decrypt data, return :macro:`NGTCP2_ERR_DECRYPT`. For any + * other errors, return :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which + * makes the library call return immediately. + */ +typedef int (*ngtcp2_decrypt)(uint8_t *dest, const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx, + const uint8_t *ciphertext, size_t ciphertextlen, + const uint8_t *nonce, size_t noncelen, + const uint8_t *aad, size_t aadlen); + +/** + * @functypedef + * + * :type:`ngtcp2_hp_mask` is invoked when the ngtcp2 library asks the + * application to produce a mask to encrypt or decrypt packet header. + * The encryption cipher is |hp|. |hp_ctx| is the cipher context + * object which is initialized with the specific header protection + * key. The sample is passed as |sample| which is + * :macro:`NGTCP2_HP_SAMPLELEN` bytes long. + * + * The implementation of this callback must produce a mask using the + * header protection cipher suite specified by QUIC specification, and + * write the result into the buffer pointed by |dest|. The length of + * the mask must be at least :macro:`NGTCP2_HP_MASKLEN`. The library + * only uses the first :macro:`NGTCP2_HP_MASKLEN` bytes of the + * produced mask. The buffer pointed by |dest| is guaranteed to have + * at least :macro:`NGTCP2_HP_SAMPLELEN` bytes available for + * convenience. + * + * The callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library call + * return immediately. + */ +typedef int (*ngtcp2_hp_mask)(uint8_t *dest, const ngtcp2_crypto_cipher *hp, + const ngtcp2_crypto_cipher_ctx *hp_ctx, + const uint8_t *sample); + +/** + * @macrosection + * + * STREAM frame data flags + */ + +/** + * @macro + * + * :macro:`NGTCP2_STREAM_DATA_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_STREAM_DATA_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGTCP2_STREAM_DATA_FLAG_FIN` indicates that this chunk of + * data is final piece of an incoming stream. + */ +#define NGTCP2_STREAM_DATA_FLAG_FIN 0x01u + +/** + * @macro + * + * :macro:`NGTCP2_STREAM_DATA_FLAG_0RTT` indicates that this chunk of + * data contains data received in 0-RTT packet, and the handshake has + * not completed yet, which means that the data might be replayed. + */ +#define NGTCP2_STREAM_DATA_FLAG_0RTT 0x02u + +/** + * @functypedef + * + * :type:`ngtcp2_recv_stream_data` is invoked when stream data is + * received. The stream is specified by |stream_id|. |flags| is the + * bitwise-OR of zero or more of :macro:`NGTCP2_STREAM_DATA_FLAG_* + * `. If |flags| & + * :macro:`NGTCP2_STREAM_DATA_FLAG_FIN` is nonzero, this portion of + * the data is the last data in this stream. |offset| is the offset + * where this data begins. The library ensures that data is passed to + * the application in the non-decreasing order of |offset| without any + * overlap. The data is passed as |data| of length |datalen|. + * |datalen| may be 0 if and only if |fin| is nonzero. + * + * If :macro:`NGTCP2_STREAM_DATA_FLAG_0RTT` is set in |flags|, it + * indicates that a part of or whole data was received in 0-RTT + * packet, and a handshake has not completed yet. + * + * The callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library return + * immediately. + */ +typedef int (*ngtcp2_recv_stream_data)(ngtcp2_conn *conn, uint32_t flags, + int64_t stream_id, uint64_t offset, + const uint8_t *data, size_t datalen, + void *user_data, void *stream_user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_stream_open` is a callback function which is called + * when remote stream is opened by a remote endpoint. This function + * is not called if stream is opened by implicitly (we might + * reconsider this behaviour later). + * + * The implementation of this callback should return 0 if it succeeds. + * Returning :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library + * call return immediately. + */ +typedef int (*ngtcp2_stream_open)(ngtcp2_conn *conn, int64_t stream_id, + void *user_data); + +/** + * @macrosection + * + * Stream close flags + */ + +/** + * @macro + * + * :macro:`NGTCP2_STREAM_CLOSE_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_STREAM_CLOSE_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET` indicates that + * app_error_code parameter is set. + */ +#define NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET 0x01u + +/** + * @functypedef + * + * :type:`ngtcp2_stream_close` is invoked when a stream is closed. + * This callback is not called when QUIC connection is closed before + * existing streams are closed. |flags| is the bitwise-OR of zero or + * more of :macro:`NGTCP2_STREAM_CLOSE_FLAG_* + * `. |app_error_code| indicates the + * error code of this closure if + * :macro:`NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET` is set in + * |flags|. If it is not set, the stream was closed without any error + * code, which generally means success. + * + * |app_error_code| is the first application error code sent by a + * local endpoint, or received from a remote endpoint. If a stream is + * closed cleanly, no application error code is exchanged. Since QUIC + * stack does not know the application error code which indicates "no + * errors", |app_error_code| is set to 0 and + * :macro:`NGTCP2_STREAM_CLOSE_FLAG_APP_ERROR_CODE_SET` is not set in + * |flags| in this case. + * + * The implementation of this callback should return 0 if it succeeds. + * Returning :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library + * call return immediately. + */ +typedef int (*ngtcp2_stream_close)(ngtcp2_conn *conn, uint32_t flags, + int64_t stream_id, uint64_t app_error_code, + void *user_data, void *stream_user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_stream_reset` is invoked when a stream identified by + * |stream_id| is reset by a remote endpoint. + * + * The implementation of this callback should return 0 if it succeeds. + * Returning :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library + * call return immediately. + */ +typedef int (*ngtcp2_stream_reset)(ngtcp2_conn *conn, int64_t stream_id, + uint64_t final_size, uint64_t app_error_code, + void *user_data, void *stream_user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_acked_stream_data_offset` is a callback function + * which is called when stream data in range [|offset|, |offset| + + * |datalen|) is acknowledged, and application can free the portion of + * data. For a given |stream_id|, this callback is called + * sequentially in increasing order of |offset| without any overlap. + * |datalen| is normally strictly greater than 0. One exception is + * that when a STREAM frame has fin flag set and 0 length data, this + * callback is invoked with |datalen| == 0. + * + * If a stream is closed prematurely, and stream data is still + * in-flight, this callback function is not called for those data. + * After :member:`ngtcp2_callbacks.stream_close` is called for a + * particular stream, |conn| does not touch data for the closed stream + * again, and application can free all unacknowledged stream data. + * + * The implementation of this callback should return 0 if it succeeds. + * Returning :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library + * call return immediately. + */ +typedef int (*ngtcp2_acked_stream_data_offset)( + ngtcp2_conn *conn, int64_t stream_id, uint64_t offset, uint64_t datalen, + void *user_data, void *stream_user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_recv_stateless_reset` is a callback function which is + * called when Stateless Reset packet is received. The stateless + * reset details are given in |sr|. + * + * The implementation of this callback should return 0 if it succeeds. + * Returning :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library + * call return immediately. + */ +typedef int (*ngtcp2_recv_stateless_reset)(ngtcp2_conn *conn, + const ngtcp2_pkt_stateless_reset *sr, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_extend_max_streams` is a callback function which is + * called every time max stream ID is strictly extended. + * |max_streams| is the cumulative number of streams which an endpoint + * can open. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_extend_max_streams)(ngtcp2_conn *conn, + uint64_t max_streams, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_extend_max_stream_data` is a callback function which + * is invoked when max stream data is extended. |stream_id| + * identifies the stream. |max_data| is a cumulative number of bytes + * an endpoint can send on this stream. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_extend_max_stream_data)(ngtcp2_conn *conn, + int64_t stream_id, + uint64_t max_data, void *user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_rand` is a callback function to get random data of + * length |destlen|. Application must fill random |destlen| bytes to + * the buffer pointed by |dest|. The generated data is used only in + * non-cryptographic context. But it is strongly recommended to use a + * secure random number generator. + */ +typedef void (*ngtcp2_rand)(uint8_t *dest, size_t destlen, + const ngtcp2_rand_ctx *rand_ctx); + +/** + * @functypedef + * + * :type:`ngtcp2_get_new_connection_id` is a callback function to ask + * an application for new connection ID. Application must generate + * new unused connection ID with the exact |cidlen| bytes, and store + * it in |cid|. It also has to generate a stateless reset token, and + * store it in |token|. The length of stateless reset token is + * :macro:`NGTCP2_STATELESS_RESET_TOKENLEN` and it is guaranteed that + * the buffer pointed by |token| has the sufficient space to store the + * token. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_get_new_connection_id)(ngtcp2_conn *conn, ngtcp2_cid *cid, + uint8_t *token, size_t cidlen, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_remove_connection_id` is a callback function which + * notifies the application that connection ID |cid| is no longer used + * by a remote endpoint. This Connection ID was previously offered by + * a local endpoint, and a remote endpoint could use it as Destination + * Connection ID when sending QUIC packet. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_remove_connection_id)(ngtcp2_conn *conn, + const ngtcp2_cid *cid, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_update_key` is a callback function which tells the + * application that it must generate new packet protection keying + * materials and AEAD cipher context objects with new keys. The + * current set of secrets are given as |current_rx_secret| and + * |current_tx_secret| of length |secretlen|. They are decryption and + * encryption secrets respectively. + * + * The application must generate new secrets and keys for both + * encryption and decryption. It must write decryption secret and IV + * to the buffer pointed by |rx_secret| and |rx_iv| respectively. It + * also must create new AEAD cipher context object with new decryption + * key and initialize |rx_aead_ctx| with it. Similarly, write + * encryption secret and IV to the buffer pointed by |tx_secret| and + * |tx_iv|. Create new AEAD cipher context object with new encryption + * key and initialize |tx_aead_ctx| with it. All given buffers have + * the enough capacity to store secret, key and IV. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_update_key)( + ngtcp2_conn *conn, uint8_t *rx_secret, uint8_t *tx_secret, + ngtcp2_crypto_aead_ctx *rx_aead_ctx, uint8_t *rx_iv, + ngtcp2_crypto_aead_ctx *tx_aead_ctx, uint8_t *tx_iv, + const uint8_t *current_rx_secret, const uint8_t *current_tx_secret, + size_t secretlen, void *user_data); + +/** + * @macrosection + * + * Path validation related macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_PATH_VALIDATION_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_PATH_VALIDATION_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGTCP2_PATH_VALIDATION_FLAG_PREFERRED_ADDR` indicates the + * validation involving server preferred address. This flag is only + * set for client. + */ +#define NGTCP2_PATH_VALIDATION_FLAG_PREFERRED_ADDR 0x01u + +/** + * @macro + * + * :macro:`NGTCP2_PATH_VALIDATION_FLAG_NEW_TOKEN` indicates that + * server should send NEW_TOKEN frame for the new remote address. + * This flag is only set for server. + */ +#define NGTCP2_PATH_VALIDATION_FLAG_NEW_TOKEN 0x02u + +/** + * @functypedef + * + * :type:`ngtcp2_begin_path_validation` is a callback function which + * is called when the path validation has started. |flags| is zero or + * more of :macro:`NGTCP2_PATH_VALIDATION_FLAG_* + * `. |path| is the path that is + * being validated. |fallback_path|, if not NULL, is the path that is + * used when this validation fails. + * + * Currently, the flags may only contain + * :macro:`NGTCP2_PATH_VALIDATION_FLAG_PREFERRED_ADDR`. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_begin_path_validation)(ngtcp2_conn *conn, uint32_t flags, + const ngtcp2_path *path, + const ngtcp2_path *fallback_path, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_path_validation` is a callback function which tells + * an application the outcome of path validation. |flags| is zero or + * more of :macro:`NGTCP2_PATH_VALIDATION_FLAG_* + * `. |path| is the path that was + * validated. |old_path| is the path that is previously used before a + * local endpoint has migrated to |path| if |old_path| is not NULL. + * If |res| is + * :enum:`ngtcp2_path_validation_result.NGTCP2_PATH_VALIDATION_RESULT_SUCCESS`, + * the path validation succeeded. If |res| is + * :enum:`ngtcp2_path_validation_result.NGTCP2_PATH_VALIDATION_RESULT_FAILURE`, + * the path validation failed. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_path_validation)(ngtcp2_conn *conn, uint32_t flags, + const ngtcp2_path *path, + const ngtcp2_path *old_path, + ngtcp2_path_validation_result res, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_select_preferred_addr` is a callback function which + * asks a client application to choose server address from preferred + * addresses |paddr| received from server. An application should + * write a network path for a selected preferred address in |dest|. + * More specifically, the selected preferred address must be set to + * :member:`dest->remote `, a client source + * address must be set to :member:`dest->local `. + * If a client source address does not change for the new server + * address, leave :member:`dest->local ` + * unmodified, or copy the value of :member:`local + * ` field of the current network path obtained + * from `ngtcp2_conn_get_path()`. Both :member:`dest->local.addr + * ` and :member:`dest->remote.addr + * ` point to buffers which are at least + * sizeof(:type:`ngtcp2_sockaddr_union`) bytes long, respectively. If + * an application denies the preferred addresses, just leave |dest| + * unmodified (or set :member:`dest->remote.addrlen + * ` to 0), and return 0. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_select_preferred_addr)(ngtcp2_conn *conn, + ngtcp2_path *dest, + const ngtcp2_preferred_addr *paddr, + void *user_data); + +/** + * @enum + * + * :type:`ngtcp2_connection_id_status_type` defines a set of status + * for Destination Connection ID. + */ +typedef enum ngtcp2_connection_id_status_type { + /** + * :enum:`NGTCP2_CONNECTION_ID_STATUS_TYPE_ACTIVATE` indicates that + * a local endpoint starts using new Destination Connection ID. + */ + NGTCP2_CONNECTION_ID_STATUS_TYPE_ACTIVATE, + /** + * :enum:`NGTCP2_CONNECTION_ID_STATUS_TYPE_DEACTIVATE` indicates + * that a local endpoint stops using a given Destination Connection + * ID. + */ + NGTCP2_CONNECTION_ID_STATUS_TYPE_DEACTIVATE +} ngtcp2_connection_id_status_type; + +/** + * @functypedef + * + * :type:`ngtcp2_connection_id_status` is a callback function which is + * called when the status of Destination Connection ID changes. + * + * |token| is the associated stateless reset token, and it is ``NULL`` + * if no token is present. + * + * |type| is the one of the value defined in + * :type:`ngtcp2_connection_id_status_type`. The new value might be + * added in the future release. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_connection_id_status)( + ngtcp2_conn *conn, ngtcp2_connection_id_status_type type, uint64_t seq, + const ngtcp2_cid *cid, const uint8_t *token, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_recv_new_token` is a callback function which is + * called when new token is received from server. This callback is + * client use only. + * + * |token| is the received token of length |tokenlen| bytes long. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_recv_new_token)(ngtcp2_conn *conn, const uint8_t *token, + size_t tokenlen, void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_delete_crypto_aead_ctx` is a callback function which + * must delete the native object pointed by + * :member:`aead_ctx->native_handle + * `. + */ +typedef void (*ngtcp2_delete_crypto_aead_ctx)(ngtcp2_conn *conn, + ngtcp2_crypto_aead_ctx *aead_ctx, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_delete_crypto_cipher_ctx` is a callback function + * which must delete the native object pointed by + * :member:`cipher_ctx->native_handle + * `. + */ +typedef void (*ngtcp2_delete_crypto_cipher_ctx)( + ngtcp2_conn *conn, ngtcp2_crypto_cipher_ctx *cipher_ctx, void *user_data); + +/** + * @macrosection + * + * DATAGRAM frame flags + */ + +/** + * @macro + * + * :macro:`NGTCP2_DATAGRAM_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_DATAGRAM_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGTCP2_DATAGRAM_FLAG_0RTT` indicates that DATAGRAM frame is + * received in 0-RTT packet, and the handshake has not completed yet, + * which means that the data might be replayed. + */ +#define NGTCP2_DATAGRAM_FLAG_0RTT 0x01u + +/** + * @functypedef + * + * :type:`ngtcp2_recv_datagram` is invoked when DATAGRAM frame is + * received. |flags| is bitwise-OR of zero or more of + * :macro:`NGTCP2_DATAGRAM_FLAG_* `. + * + * If :macro:`NGTCP2_DATAGRAM_FLAG_0RTT` is set in |flags|, it + * indicates that DATAGRAM frame was received in 0-RTT packet, and a + * handshake has not completed yet. + * + * The callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library return + * immediately. + */ +typedef int (*ngtcp2_recv_datagram)(ngtcp2_conn *conn, uint32_t flags, + const uint8_t *data, size_t datalen, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_ack_datagram` is invoked when a packet which contains + * DATAGRAM frame which is identified by |dgram_id| is acknowledged. + * |dgram_id| is the valued passed to `ngtcp2_conn_writev_datagram`. + * + * The callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library return + * immediately. + */ +typedef int (*ngtcp2_ack_datagram)(ngtcp2_conn *conn, uint64_t dgram_id, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_lost_datagram` is invoked when a packet which + * contains DATAGRAM frame which is identified by |dgram_id| is + * declared lost. |dgram_id| is the valued passed to + * `ngtcp2_conn_writev_datagram`. Note that the loss might be + * spurious, and DATAGRAM frame might be acknowledged later. + * + * The callback function must return 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` which makes the library return + * immediately. + */ +typedef int (*ngtcp2_lost_datagram)(ngtcp2_conn *conn, uint64_t dgram_id, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_get_path_challenge_data` is a callback function to + * ask an application for new data that is sent in PATH_CHALLENGE + * frame. Application must generate new unpredictable, exactly + * :macro:`NGTCP2_PATH_CHALLENGE_DATALEN` bytes of random data, and + * store them into the buffer pointed by |data|. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_get_path_challenge_data)(ngtcp2_conn *conn, uint8_t *data, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_stream_stop_sending` is invoked when a stream is no + * longer read by a local endpoint before it receives all stream data. + * This function is called at most once per stream. |app_error_code| + * is the error code passed to `ngtcp2_conn_shutdown_stream_read` or + * `ngtcp2_conn_shutdown_stream`. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_stream_stop_sending)(ngtcp2_conn *conn, int64_t stream_id, + uint64_t app_error_code, + void *user_data, + void *stream_user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_version_negotiation` is invoked when the compatible + * version negotiation takes place. For client, it is called when it + * sees a change in version field of a long header packet. This + * callback function might be called multiple times for client. For + * server, it is called once when the version is negotiated. + * + * The implementation of this callback must install new Initial keys + * for |version| and Destination Connection ID |client_dcid| from + * client. Use `ngtcp2_conn_install_vneg_initial_key` to install + * keys. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_version_negotiation)(ngtcp2_conn *conn, uint32_t version, + const ngtcp2_cid *client_dcid, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_recv_key` is invoked when new key is installed to + * |conn| during QUIC cryptographic handshake. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_recv_key)(ngtcp2_conn *conn, ngtcp2_encryption_level level, + void *user_data); + +/** + * @functypedef + * + * :type:`ngtcp2_tls_early_data_rejected` is invoked when early data + * was rejected by server during TLS handshake, or client decided not + * to attempt early data. + * + * The callback function must return 0 if it succeeds. Returning + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` makes the library call return + * immediately. + */ +typedef int (*ngtcp2_tls_early_data_rejected)(ngtcp2_conn *conn, + void *user_data); + +#define NGTCP2_CALLBACKS_V1 1 +#define NGTCP2_CALLBACKS_V2 2 +#define NGTCP2_CALLBACKS_VERSION NGTCP2_CALLBACKS_V2 + +/** + * @struct + * + * :type:`ngtcp2_callbacks` holds a set of callback functions. + */ +typedef struct ngtcp2_callbacks { + /** + * :member:`client_initial` is a callback function which is invoked + * when client asks TLS stack to produce first TLS cryptographic + * handshake message. This callback function must be specified for + * a client application. + */ + ngtcp2_client_initial client_initial; + /** + * :member:`recv_client_initial` is a callback function which is + * invoked when a server receives the first Initial packet from + * client. This callback function must be specified for a server + * application. + */ + ngtcp2_recv_client_initial recv_client_initial; + /** + * :member:`recv_crypto_data` is a callback function which is + * invoked when cryptographic data (CRYPTO frame, in other words, + * TLS message) is received. This callback function must be + * specified. + */ + ngtcp2_recv_crypto_data recv_crypto_data; + /** + * :member:`handshake_completed` is a callback function which is + * invoked when QUIC cryptographic handshake has completed. This + * callback function is optional. + */ + ngtcp2_handshake_completed handshake_completed; + /** + * :member:`recv_version_negotiation` is a callback function which + * is invoked when Version Negotiation packet is received by a + * client. This callback function is optional. + */ + ngtcp2_recv_version_negotiation recv_version_negotiation; + /** + * :member:`encrypt` is a callback function which is invoked to + * encrypt a QUIC packet. This callback function must be specified. + */ + ngtcp2_encrypt encrypt; + /** + * :member:`decrypt` is a callback function which is invoked to + * decrypt a QUIC packet. This callback function must be specified. + */ + ngtcp2_decrypt decrypt; + /** + * :member:`hp_mask` is a callback function which is invoked to get + * a mask to encrypt or decrypt QUIC packet header. This callback + * function must be specified. + */ + ngtcp2_hp_mask hp_mask; + /** + * :member:`recv_stream_data` is a callback function which is + * invoked when stream data, which includes application data, is + * received. This callback function is optional. + */ + ngtcp2_recv_stream_data recv_stream_data; + /** + * :member:`acked_stream_data_offset` is a callback function which + * is invoked when stream data, which includes application data, is + * acknowledged by a remote endpoint. It tells an application the + * largest offset of acknowledged stream data without a gap so that + * application can free memory for the data up to that offset. This + * callback function is optional. + */ + ngtcp2_acked_stream_data_offset acked_stream_data_offset; + /** + * :member:`stream_open` is a callback function which is invoked + * when new remote stream is opened by a remote endpoint. This + * callback function is optional. + */ + ngtcp2_stream_open stream_open; + /** + * :member:`stream_close` is a callback function which is invoked + * when a stream is closed. This callback function is optional. + */ + ngtcp2_stream_close stream_close; + /** + * :member:`recv_stateless_reset` is a callback function which is + * invoked when Stateless Reset packet is received. This callback + * function is optional. + */ + ngtcp2_recv_stateless_reset recv_stateless_reset; + /** + * :member:`recv_retry` is a callback function which is invoked when + * a client receives Retry packet. For client, this callback + * function must be specified. Server never receive Retry packet. + */ + ngtcp2_recv_retry recv_retry; + /** + * :member:`extend_max_local_streams_bidi` is a callback function + * which is invoked when the number of bidirectional stream which a + * local endpoint can open is increased. This callback function is + * optional. + */ + ngtcp2_extend_max_streams extend_max_local_streams_bidi; + /** + * :member:`extend_max_local_streams_uni` is a callback function + * which is invoked when the number of unidirectional stream which a + * local endpoint can open is increased. This callback function is + * optional. + */ + ngtcp2_extend_max_streams extend_max_local_streams_uni; + /** + * :member:`rand` is a callback function which is invoked when the + * library needs random data. This callback function must be + * specified. + */ + ngtcp2_rand rand; + /** + * :member:`get_new_connection_id` is a callback function which is + * invoked when the library needs new connection ID. This callback + * function must be specified. + */ + ngtcp2_get_new_connection_id get_new_connection_id; + /** + * :member:`remove_connection_id` is a callback function which + * notifies an application that connection ID is no longer used by a + * remote endpoint. This callback function is optional. + */ + ngtcp2_remove_connection_id remove_connection_id; + /** + * :member:`update_key` is a callback function which is invoked when + * the library tells an application that it must update keying + * materials, and install new keys. This callback function must be + * specified. + */ + ngtcp2_update_key update_key; + /** + * :member:`path_validation` is a callback function which is invoked + * when path validation completed. This callback function is + * optional. + */ + ngtcp2_path_validation path_validation; + /** + * :member:`select_preferred_addr` is a callback function which is + * invoked when the library asks a client to select preferred + * address presented by a server. If not set, client ignores + * preferred addresses. This callback function is optional. + */ + ngtcp2_select_preferred_addr select_preferred_addr; + /** + * :member:`stream_reset` is a callback function which is invoked + * when a stream is reset by a remote endpoint. This callback + * function is optional. + */ + ngtcp2_stream_reset stream_reset; + /** + * :member:`extend_max_remote_streams_bidi` is a callback function + * which is invoked when the number of bidirectional streams which a + * remote endpoint can open is increased. This callback function is + * optional. + */ + ngtcp2_extend_max_streams extend_max_remote_streams_bidi; + /** + * :member:`extend_max_remote_streams_uni` is a callback function + * which is invoked when the number of unidirectional streams which + * a remote endpoint can open is increased. This callback function + * is optional. + */ + ngtcp2_extend_max_streams extend_max_remote_streams_uni; + /** + * :member:`extend_max_stream_data` is callback function which is + * invoked when the maximum offset of stream data that a local + * endpoint can send is increased. This callback function is + * optional. + */ + ngtcp2_extend_max_stream_data extend_max_stream_data; + /** + * :member:`dcid_status` is a callback function which is invoked + * when the new Destination Connection ID is activated, or the + * activated Destination Connection ID is now deactivated. This + * callback function is optional. + */ + ngtcp2_connection_id_status dcid_status; + /** + * :member:`handshake_confirmed` is a callback function which is + * invoked when both endpoints agree that handshake has finished. + * This field is ignored by server because + * :member:`handshake_completed` also indicates the handshake + * confirmation for server. This callback function is optional. + */ + ngtcp2_handshake_confirmed handshake_confirmed; + /** + * :member:`recv_new_token` is a callback function which is invoked + * when new token is received from server. This field is ignored by + * server. This callback function is optional. + */ + ngtcp2_recv_new_token recv_new_token; + /** + * :member:`delete_crypto_aead_ctx` is a callback function which + * deletes a given AEAD cipher context object. This callback + * function must be specified. + */ + ngtcp2_delete_crypto_aead_ctx delete_crypto_aead_ctx; + /** + * :member:`delete_crypto_cipher_ctx` is a callback function which + * deletes a given cipher context object. This callback function + * must be specified. + */ + ngtcp2_delete_crypto_cipher_ctx delete_crypto_cipher_ctx; + /** + * :member:`recv_datagram` is a callback function which is invoked + * when DATAGRAM frame is received. This callback function is + * optional. + */ + ngtcp2_recv_datagram recv_datagram; + /** + * :member:`ack_datagram` is a callback function which is invoked + * when a QUIC packet containing DATAGRAM frame is acknowledged by a + * remote endpoint. This callback function is optional. + */ + ngtcp2_ack_datagram ack_datagram; + /** + * :member:`lost_datagram` is a callback function which is invoked + * when a QUIC packet containing DATAGRAM frame is declared lost. + * This callback function is optional. + */ + ngtcp2_lost_datagram lost_datagram; + /** + * :member:`get_path_challenge_data` is a callback function which is + * invoked when the library needs new data sent along with + * PATH_CHALLENGE frame. This callback must be specified. + */ + ngtcp2_get_path_challenge_data get_path_challenge_data; + /** + * :member:`stream_stop_sending` is a callback function which is + * invoked when a local endpoint no longer reads from a stream + * before it receives all stream data. This callback function is + * optional. + */ + ngtcp2_stream_stop_sending stream_stop_sending; + /** + * :member:`version_negotiation` is a callback function which is + * invoked when the compatible version negotiation takes place. + * This callback function must be specified. + */ + ngtcp2_version_negotiation version_negotiation; + /** + * :member:`recv_rx_key` is a callback function which is invoked + * when a new key for decrypting packets is installed during QUIC + * cryptographic handshake. It is not called for + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_INITIAL`. + */ + ngtcp2_recv_key recv_rx_key; + /** + * :member:`recv_tx_key` is a callback function which is invoked + * when a new key for encrypting packets is installed during QUIC + * cryptographic handshake. It is not called for + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_INITIAL`. + */ + ngtcp2_recv_key recv_tx_key; + /** + * :member:`tls_early_data_rejected` is a callback function which is + * invoked when server rejected early data during TLS handshake, or + * client decided not to attempt early data. This callback function + * is only used by client. + */ + ngtcp2_tls_early_data_rejected tls_early_data_rejected; + /* The following fields have been added since NGTCP2_CALLBACKS_V2. */ + /** + * :member:`begin_path_validation` is a callback function which is + * invoked when a path validation has started. This field is + * available since v1.14.0. + */ + ngtcp2_begin_path_validation begin_path_validation; +} ngtcp2_callbacks; + +/** + * @function + * + * `ngtcp2_pkt_write_connection_close` writes Initial packet + * containing CONNECTION_CLOSE frame with the given |error_code| and + * the optional |reason| of length |reasonlen| to the buffer pointed + * by |dest| of length |destlen|. All encryption parameters are for + * Initial packet encryption. The packet number is always 0. + * + * The primary use case of this function is for server to send + * CONNECTION_CLOSE frame in Initial packet to close connection + * without committing any state when validating Retry token fails. + * + * This function returns the number of bytes written if it succeeds, + * or one of the following negative error codes: + * + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small. + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * Callback function failed. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_pkt_write_connection_close( + uint8_t *dest, size_t destlen, uint32_t version, const ngtcp2_cid *dcid, + const ngtcp2_cid *scid, uint64_t error_code, const uint8_t *reason, + size_t reasonlen, ngtcp2_encrypt encrypt, const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx, const uint8_t *iv, + ngtcp2_hp_mask hp_mask, const ngtcp2_crypto_cipher *hp, + const ngtcp2_crypto_cipher_ctx *hp_ctx); + +/** + * @function + * + * `ngtcp2_pkt_write_retry` writes Retry packet in the buffer pointed + * by |dest| whose length is |destlen|. |dcid| is the Connection ID + * which appeared in a packet as a Source Connection ID sent by + * client. |scid| is a server chosen Source Connection ID. |odcid| + * specifies Original Destination Connection ID which appeared in a + * packet as a Destination Connection ID sent by client. |token| + * specifies Retry Token, and |tokenlen| specifies its length. |aead| + * must be AEAD_AES_128_GCM. |aead_ctx| must be initialized with + * :macro:`NGTCP2_RETRY_KEY` as an encryption key. + * + * This function returns the number of bytes written to the buffer, or + * one of the following negative error codes: + * + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small. + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * Callback function failed. + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * :member:`odcid->datalen ` is less than + * :macro:`NGTCP2_MIN_INITIAL_DCIDLEN`. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_pkt_write_retry( + uint8_t *dest, size_t destlen, uint32_t version, const ngtcp2_cid *dcid, + const ngtcp2_cid *scid, const ngtcp2_cid *odcid, const uint8_t *token, + size_t tokenlen, ngtcp2_encrypt encrypt, const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx); + +/** + * @function + * + * `ngtcp2_accept` is used by server implementation, and decides + * whether packet |pkt| of length |pktlen| from client is acceptable + * for the very first packet to a connection. + * + * If |dest| is not ``NULL`` and the function returns 0, the decoded + * packet header is stored in the object pointed by |dest|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * The packet is not acceptable for the very first packet to a new + * connection; or the function failed to parse the packet header. + */ +NGTCP2_EXTERN int ngtcp2_accept(ngtcp2_pkt_hd *dest, const uint8_t *pkt, + size_t pktlen); + +/** + * @function + * + * `ngtcp2_conn_client_new` creates new :type:`ngtcp2_conn`, and + * initializes it as client. On success, it stores the pointer to the + * newly allocated object in |*pconn|. |dcid| is a randomized + * Destination Connection ID which must be longer than or equal to + * :macro:`NGTCP2_MIN_INITIAL_DCIDLEN`. |scid| is a Source Connection + * ID chosen by client. |client_chosen_version| is a QUIC version + * that a client chooses. |path| is the network path where this QUIC + * connection is being established, and must not be ``NULL``. + * |callbacks|, |settings|, and |params| must not be ``NULL``, and the + * function makes a copy of each of them. |params| is a local QUIC + * transport parameters, and sent to a remote endpoint during + * handshake. |user_data| is the arbitrary pointer which is passed to + * the user-defined callback functions. If |mem| is ``NULL``, the + * memory allocator returned by `ngtcp2_mem_default()` is used. + * + * Call `ngtcp2_conn_del` to free memory allocated for |*pconn|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_client_new_versioned( + ngtcp2_conn **pconn, const ngtcp2_cid *dcid, const ngtcp2_cid *scid, + const ngtcp2_path *path, uint32_t client_chosen_version, + int callbacks_version, const ngtcp2_callbacks *callbacks, + int settings_version, const ngtcp2_settings *settings, + int transport_params_version, const ngtcp2_transport_params *params, + const ngtcp2_mem *mem, void *user_data); + +/** + * @function + * + * `ngtcp2_conn_server_new` creates new :type:`ngtcp2_conn`, and + * initializes it as server. On success, it stores the pointer to the + * newly allocated object in |*pconn|. |dcid| is a Destination + * Connection ID, and is usually the Connection ID that appears in + * client Initial packet as Source Connection ID. |scid| is a Source + * Connection ID chosen by server. |path| is the network path where + * this QUIC connection is being established, and must not be + * ``NULL``. |client_chosen_version| is a QUIC version that a client + * chooses. |callbacks|, |settings|, and |params| must not be + * ``NULL``, and the function makes a copy of each of them. |params| + * is a local QUIC transport parameters, and sent to a remote endpoint + * during handshake. |user_data| is the arbitrary pointer which is + * passed to the user-defined callback functions. If |mem| is + * ``NULL``, the memory allocator returned by `ngtcp2_mem_default()` + * is used. + * + * Call `ngtcp2_conn_del` to free memory allocated for |*pconn|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_server_new_versioned( + ngtcp2_conn **pconn, const ngtcp2_cid *dcid, const ngtcp2_cid *scid, + const ngtcp2_path *path, uint32_t client_chosen_version, + int callbacks_version, const ngtcp2_callbacks *callbacks, + int settings_version, const ngtcp2_settings *settings, + int transport_params_version, const ngtcp2_transport_params *params, + const ngtcp2_mem *mem, void *user_data); + +/** + * @function + * + * `ngtcp2_conn_del` frees resources allocated for |conn|. It also + * frees memory pointed by |conn|. + */ +NGTCP2_EXTERN void ngtcp2_conn_del(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_read_pkt` decrypts QUIC packet given in |pkt| of + * length |pktlen| and processes it. |path| is the network path the + * packet is delivered and must not be ``NULL``. |pi| is packet + * metadata and may be ``NULL``. This function performs QUIC handshake + * as well. + * + * This function must not be called from inside the callback + * functions. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_RETRY` + * Server must perform address validation by sending Retry packet + * (see `ngtcp2_crypto_write_retry` and `ngtcp2_pkt_write_retry`), + * and discard the connection state. Client application does not + * get this error code. + * :macro:`NGTCP2_ERR_DROP_CONN` + * Server application must drop the connection silently (without + * sending any CONNECTION_CLOSE frame), and discard connection + * state. Client application does not get this error code. + * :macro:`NGTCP2_ERR_DRAINING` + * A connection has entered the draining state, and no further + * packet transmission is allowed. + * :macro:`NGTCP2_ERR_CLOSING` + * A connection has entered the closing state, and no further + * packet transmission is allowed. Calling + * `ngtcp2_conn_write_connection_close` makes a connection enter + * this state. + * :macro:`NGTCP2_ERR_CRYPTO` + * An error happened in TLS stack. `ngtcp2_conn_get_tls_alert` + * returns TLS alert if set. + * + * If any other negative error is returned, call + * `ngtcp2_conn_write_connection_close` to get terminal packet, and + * sending it makes QUIC connection enter the closing state. + */ +NGTCP2_EXTERN int +ngtcp2_conn_read_pkt_versioned(ngtcp2_conn *conn, const ngtcp2_path *path, + int pkt_info_version, const ngtcp2_pkt_info *pi, + const uint8_t *pkt, size_t pktlen, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_write_pkt` is equivalent to calling + * `ngtcp2_conn_writev_stream` with -1 as |stream_id|, no stream data, + * and :macro:`NGTCP2_WRITE_STREAM_FLAG_NONE` as flags. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_write_pkt_versioned( + ngtcp2_conn *conn, ngtcp2_path *path, int pkt_info_version, + ngtcp2_pkt_info *pi, uint8_t *dest, size_t destlen, ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_tls_handshake_completed` tells |conn| that the TLS + * stack declares TLS handshake completion. This does not mean QUIC + * handshake has completed. The library needs extra conditions to be + * met. + */ +NGTCP2_EXTERN void ngtcp2_conn_tls_handshake_completed(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_handshake_completed` returns nonzero if QUIC + * handshake has completed. + */ +NGTCP2_EXTERN int ngtcp2_conn_get_handshake_completed(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_install_initial_key` installs packet protection keying + * materials for Initial packets. |rx_aead_ctx| is AEAD cipher + * context object, and must be initialized with a decryption key. + * |rx_iv| is IV of length |rx_ivlen| for decryption. |rx_hp_ctx| is + * a packet header protection cipher context object for decryption. + * Similarly, |tx_aead_ctx|, |tx_iv| and |tx_hp_ctx| are for + * encrypting outgoing packets, and are the same length with the + * decryption counterpart . If they have already been set, they are + * overwritten. + * + * |ivlen| must be the minimum length of AEAD nonce, or 8 bytes if + * that is larger. + * + * If this function succeeds, |conn| takes ownership of |rx_aead_ctx|, + * |rx_hp_ctx|, |tx_aead_ctx|, and |tx_hp_ctx|. + * :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` and + * :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` will be called + * to delete these objects when they are no longer used. If this + * function fails, the caller is responsible to delete them. + * + * After receiving Retry packet, a Destination Connection ID that + * client sends in Initial packet most likely changes. In that case, + * client application must generate these keying materials again based + * on new Destination Connection ID, and install them again with this + * function. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_install_initial_key( + ngtcp2_conn *conn, const ngtcp2_crypto_aead_ctx *rx_aead_ctx, + const uint8_t *rx_iv, const ngtcp2_crypto_cipher_ctx *rx_hp_ctx, + const ngtcp2_crypto_aead_ctx *tx_aead_ctx, const uint8_t *tx_iv, + const ngtcp2_crypto_cipher_ctx *tx_hp_ctx, size_t ivlen); + +/** + * @function + * + * `ngtcp2_conn_install_vneg_initial_key` installs packet protection + * keying materials for Initial packets on compatible version + * negotiation for |version|. |rx_aead_ctx| is AEAD cipher context + * object, and must be initialized with a decryption key. |rx_iv| is + * IV of length |rx_ivlen| for decryption. |rx_hp_ctx| is a packet + * header protection cipher context object for decryption. Similarly, + * |tx_aead_ctx|, |tx_iv| and |tx_hp_ctx| are for encrypting outgoing + * packets, and are the same length with the decryption counterpart. + * If they have already been set, they are overwritten. + * + * |ivlen| must be the minimum length of AEAD nonce, or 8 bytes if + * that is larger. + * + * If this function succeeds, |conn| takes ownership of |rx_aead_ctx|, + * |rx_hp_ctx|, |tx_aead_ctx|, and |tx_hp_ctx|. + * :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` and + * :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` will be called + * to delete these objects when they are no longer used. If this + * function fails, the caller is responsible to delete them. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_install_vneg_initial_key( + ngtcp2_conn *conn, uint32_t version, + const ngtcp2_crypto_aead_ctx *rx_aead_ctx, const uint8_t *rx_iv, + const ngtcp2_crypto_cipher_ctx *rx_hp_ctx, + const ngtcp2_crypto_aead_ctx *tx_aead_ctx, const uint8_t *tx_iv, + const ngtcp2_crypto_cipher_ctx *tx_hp_ctx, size_t ivlen); + +/** + * @function + * + * `ngtcp2_conn_install_rx_handshake_key` installs packet protection + * keying materials for decrypting incoming Handshake packets. + * |aead_ctx| is AEAD cipher context object which must be initialized + * with a decryption key. |iv| is IV of length |ivlen|. |hp_ctx| is + * a packet header protection cipher context object. + * + * |ivlen| must be the minimum length of AEAD nonce, or 8 bytes if + * that is larger. + * + * If this function succeeds, |conn| takes ownership of |aead_ctx|, + * and |hp_ctx|. :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` + * and :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` will be + * called to delete these objects when they are no longer used. If + * this function fails, the caller is responsible to delete them. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_install_rx_handshake_key( + ngtcp2_conn *conn, const ngtcp2_crypto_aead_ctx *aead_ctx, const uint8_t *iv, + size_t ivlen, const ngtcp2_crypto_cipher_ctx *hp_ctx); + +/** + * @function + * + * `ngtcp2_conn_install_tx_handshake_key` installs packet protection + * keying materials for encrypting outgoing Handshake packets. + * |aead_ctx| is AEAD cipher context object which must be initialized + * with an encryption key. |iv| is IV of length |ivlen|. |hp_ctx| is + * a packet header protection cipher context object. + * + * |ivlen| must be the minimum length of AEAD nonce, or 8 bytes if + * that is larger. + * + * If this function succeeds, |conn| takes ownership of |aead_ctx| and + * |hp_ctx|. :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` and + * :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` will be called + * to delete these objects when they are no longer used. If this + * function fails, the caller is responsible to delete them. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_install_tx_handshake_key( + ngtcp2_conn *conn, const ngtcp2_crypto_aead_ctx *aead_ctx, const uint8_t *iv, + size_t ivlen, const ngtcp2_crypto_cipher_ctx *hp_ctx); + +/** + * @function + * + * `ngtcp2_conn_install_0rtt_key` installs packet protection AEAD + * cipher context object |aead_ctx|, IV |iv| of length |ivlen|, and + * packet header protection cipher context object |hp_ctx| to encrypt + * (for client) or decrypt (for server) 0-RTT packets. + * + * |ivlen| must be the minimum length of AEAD nonce, or 8 bytes if + * that is larger. + * + * If this function succeeds, |conn| takes ownership of |aead_ctx| and + * |hp_ctx|. :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` and + * :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` will be called + * to delete these objects when they are no longer used. If this + * function fails, the caller is responsible to delete them. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_install_0rtt_key( + ngtcp2_conn *conn, const ngtcp2_crypto_aead_ctx *aead_ctx, const uint8_t *iv, + size_t ivlen, const ngtcp2_crypto_cipher_ctx *hp_ctx); + +/** + * @function + * + * `ngtcp2_conn_install_rx_key` installs packet protection keying + * materials for decrypting 1-RTT packets. |secret| of length + * |secretlen| is the decryption secret which is used to derive keying + * materials passed to this function. |aead_ctx| is AEAD cipher + * context object which must be initialized with a decryption key. + * |iv| is IV of length |ivlen|. |hp_ctx| is a packet header + * protection cipher context object. + * + * |ivlen| must be the minimum length of AEAD nonce, or 8 bytes if + * that is larger. + * + * If this function succeeds, |conn| takes ownership of |aead_ctx| and + * |hp_ctx|. :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` and + * :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` will be called + * to delete these objects when they are no longer used. If this + * function fails, the caller is responsible to delete them. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_install_rx_key( + ngtcp2_conn *conn, const uint8_t *secret, size_t secretlen, + const ngtcp2_crypto_aead_ctx *aead_ctx, const uint8_t *iv, size_t ivlen, + const ngtcp2_crypto_cipher_ctx *hp_ctx); + +/** + * @function + * + * `ngtcp2_conn_install_tx_key` installs packet protection keying + * materials for encrypting 1-RTT packets. |secret| of length + * |secretlen| is the encryption secret which is used to derive keying + * materials passed to this function. |aead_ctx| is AEAD cipher + * context object which must be initialized with an encryption key. + * |iv| is IV of length |ivlen|. |hp_ctx| is a packet header + * protection cipher context object. + * + * |ivlen| must be the minimum length of AEAD nonce, or 8 bytes if + * that is larger. + * + * If this function succeeds, |conn| takes ownership of |aead_ctx| and + * |hp_ctx|. :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` and + * :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` will be called + * to delete these objects when they are no longer used. If this + * function fails, the caller is responsible to delete them. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_install_tx_key( + ngtcp2_conn *conn, const uint8_t *secret, size_t secretlen, + const ngtcp2_crypto_aead_ctx *aead_ctx, const uint8_t *iv, size_t ivlen, + const ngtcp2_crypto_cipher_ctx *hp_ctx); + +/** + * @function + * + * `ngtcp2_conn_initiate_key_update` initiates the key update. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_INVALID_STATE` + * The previous key update has not been confirmed yet; or key + * update is too frequent; or new keys are not available yet. + */ +NGTCP2_EXTERN int ngtcp2_conn_initiate_key_update(ngtcp2_conn *conn, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_set_tls_error` sets the TLS related error |liberr| in + * |conn|. |liberr| must be one of ngtcp2 library error codes (which + * is defined as NGTCP2_ERR_* macro, such as + * :macro:`NGTCP2_ERR_DECRYPT`). In general, error code should be + * propagated via return value, but sometimes ngtcp2 API is called + * inside callback function of TLS stack, and it does not allow to + * return ngtcp2 error code directly. In this case, implementation + * can set the error code (e.g., + * :macro:`NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM`) using this function. + * + * See also `ngtcp2_conn_get_tls_error`. + */ +NGTCP2_EXTERN void ngtcp2_conn_set_tls_error(ngtcp2_conn *conn, int liberr); + +/** + * @function + * + * `ngtcp2_conn_get_tls_error` returns the value set by + * `ngtcp2_conn_set_tls_error`. If no value is set, this function + * returns 0. + */ +NGTCP2_EXTERN int ngtcp2_conn_get_tls_error(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_set_tls_alert` sets a TLS alert |alert| generated by a + * TLS stack of a local endpoint to |conn|. + * + * See also `ngtcp2_conn_get_tls_alert`. + */ +NGTCP2_EXTERN void ngtcp2_conn_set_tls_alert(ngtcp2_conn *conn, uint8_t alert); + +/** + * @function + * + * `ngtcp2_conn_get_tls_alert` returns the value set by + * `ngtcp2_conn_set_tls_alert`. If no value is set, this function + * returns 0. + */ +NGTCP2_EXTERN uint8_t ngtcp2_conn_get_tls_alert(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_set_keep_alive_timeout` sets keep-alive timeout. If + * nonzero value is given, after a connection is idle at least in a + * given amount of time, a keep-alive packet is sent. If UINT64_MAX + * is set, keep-alive functionality is disabled, and this is the + * default. Specifying 0 in |timeout| is reserved for a future + * extension, and for now it is treated as if UINT64_MAX is given. + */ +NGTCP2_EXTERN void ngtcp2_conn_set_keep_alive_timeout(ngtcp2_conn *conn, + ngtcp2_duration timeout); + +/** + * @function + * + * `ngtcp2_conn_get_expiry` returns the next expiry time. It returns + * ``UINT64_MAX`` if there is no next expiry. + * + * Call `ngtcp2_conn_handle_expiry` and then + * `ngtcp2_conn_writev_stream` (or `ngtcp2_conn_writev_datagram`) when + * the expiry time has passed. + */ +NGTCP2_EXTERN ngtcp2_tstamp ngtcp2_conn_get_expiry(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_handle_expiry` handles expired timer. + */ +NGTCP2_EXTERN int ngtcp2_conn_handle_expiry(ngtcp2_conn *conn, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_get_pto` returns Probe Timeout (PTO). + */ +NGTCP2_EXTERN ngtcp2_duration ngtcp2_conn_get_pto(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_decode_and_set_remote_transport_params` decodes QUIC + * transport parameters from the buffer pointed by |data| of length + * |datalen|, and sets the result to |conn|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_REQUIRED_TRANSPORT_PARAM` + * The required parameter is missing. + * :macro:`NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM` + * The input is malformed. + * :macro:`NGTCP2_ERR_TRANSPORT_PARAM` + * Failed to validate the remote QUIC transport parameters. + * :macro:`NGTCP2_ERR_VERSION_NEGOTIATION_FAILURE` + * Version negotiation failure. + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * User callback failed + */ +NGTCP2_EXTERN int ngtcp2_conn_decode_and_set_remote_transport_params( + ngtcp2_conn *conn, const uint8_t *data, size_t datalen); + +/** + * @function + * + * `ngtcp2_conn_get_remote_transport_params` returns a pointer to the + * remote QUIC transport parameters. If no remote transport + * parameters are set, it returns NULL. + */ +NGTCP2_EXTERN const ngtcp2_transport_params * +ngtcp2_conn_get_remote_transport_params(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_encode_0rtt_transport_params` encodes the QUIC + * transport parameters that are used for 0-RTT data in the buffer + * pointed by |dest| of length |destlen|. It includes at least the + * following fields: + * + * - :member:`ngtcp2_transport_params.initial_max_streams_bidi` + * - :member:`ngtcp2_transport_params.initial_max_streams_uni` + * - :member:`ngtcp2_transport_params.initial_max_stream_data_bidi_local` + * - :member:`ngtcp2_transport_params.initial_max_stream_data_bidi_remote` + * - :member:`ngtcp2_transport_params.initial_max_stream_data_uni` + * - :member:`ngtcp2_transport_params.initial_max_data` + * - :member:`ngtcp2_transport_params.active_connection_id_limit` + * - :member:`ngtcp2_transport_params.max_datagram_frame_size` + * + * If |conn| is initialized as server, the following additional fields + * are also included: + * + * - :member:`ngtcp2_transport_params.max_idle_timeout` + * - :member:`ngtcp2_transport_params.max_udp_payload_size` + * - :member:`ngtcp2_transport_params.disable_active_migration` + * + * If |conn| is initialized as client, these parameters are + * synthesized from the remote transport parameters received from + * server. Otherwise, it is the local transport parameters that are + * set by the local endpoint. + * + * This function returns the number of bytes written, or one of the + * following negative error codes: + * + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small. + */ +NGTCP2_EXTERN +ngtcp2_ssize ngtcp2_conn_encode_0rtt_transport_params(ngtcp2_conn *conn, + uint8_t *dest, + size_t destlen); + +/** + * @function + * + * `ngtcp2_conn_decode_and_set_0rtt_transport_params` decodes QUIC + * transport parameters from |data| of length |datalen|, which is + * assumed to be the parameters received from the server in the + * previous connection, and sets it to |conn|. These parameters are + * used to send 0-RTT data. QUIC requires that client application + * should remember transport parameters along with a session ticket. + * + * At least following fields should be included: + * + * - :member:`ngtcp2_transport_params.initial_max_streams_bidi` + * - :member:`ngtcp2_transport_params.initial_max_streams_uni` + * - :member:`ngtcp2_transport_params.initial_max_stream_data_bidi_local` + * - :member:`ngtcp2_transport_params.initial_max_stream_data_bidi_remote` + * - :member:`ngtcp2_transport_params.initial_max_stream_data_uni` + * - :member:`ngtcp2_transport_params.initial_max_data` + * - :member:`ngtcp2_transport_params.active_connection_id_limit` + * - :member:`ngtcp2_transport_params.max_datagram_frame_size` (if + * DATAGRAM extension was negotiated) + * + * This function must only be used by client. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + * :macro:`NGTCP2_ERR_MALFORMED_TRANSPORT_PARAM` + * The input is malformed. + */ +NGTCP2_EXTERN int ngtcp2_conn_decode_and_set_0rtt_transport_params( + ngtcp2_conn *conn, const uint8_t *data, size_t datalen); + +/** + * @function + * + * `ngtcp2_conn_set_local_transport_params` sets the local transport + * parameters |params|. This function can only be called by server. + * Although the local transport parameters are passed to + * `ngtcp2_conn_server_new`, server might want to update them after + * ALPN is chosen. In that case, server can update the transport + * parameters with this function. Server must call this function + * before calling `ngtcp2_conn_install_tx_handshake_key`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_INVALID_STATE` + * `ngtcp2_conn_install_tx_handshake_key` has been called. + */ +NGTCP2_EXTERN int ngtcp2_conn_set_local_transport_params_versioned( + ngtcp2_conn *conn, int transport_params_version, + const ngtcp2_transport_params *params); + +/** + * @function + * + * `ngtcp2_conn_get_local_transport_params` returns a pointer to the + * local QUIC transport parameters. + */ +NGTCP2_EXTERN const ngtcp2_transport_params * +ngtcp2_conn_get_local_transport_params(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_encode_local_transport_params` encodes the local QUIC + * transport parameters in |dest| of length |destlen|. + * + * This function returns the number of bytes written, or one of the + * following negative error codes: + * + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_encode_local_transport_params( + ngtcp2_conn *conn, uint8_t *dest, size_t destlen); + +/** + * @function + * + * `ngtcp2_conn_open_bidi_stream` opens new bidirectional stream. The + * |stream_user_data| is the user data specific to the stream. The + * stream ID of the opened stream is stored in |*pstream_id|. + * + * Application can call this function before handshake completes. For + * 0-RTT packet, application can call this function after calling + * `ngtcp2_conn_decode_and_set_0rtt_transport_params`. For 1-RTT + * packet, application can call this function after calling + * `ngtcp2_conn_decode_and_set_remote_transport_params` and + * `ngtcp2_conn_install_tx_key`. If ngtcp2 crypto support library is + * used, application can call this function after calling + * `ngtcp2_crypto_derive_and_install_tx_key` for 1-RTT packet. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + * :macro:`NGTCP2_ERR_STREAM_ID_BLOCKED` + * The remote endpoint does not allow |stream_id| yet. + */ +NGTCP2_EXTERN int ngtcp2_conn_open_bidi_stream(ngtcp2_conn *conn, + int64_t *pstream_id, + void *stream_user_data); + +/** + * @function + * + * `ngtcp2_conn_open_uni_stream` opens new unidirectional stream. The + * |stream_user_data| is the user data specific to the stream. The + * stream ID of the opened stream is stored in |*pstream_id|. + * + * Application can call this function before handshake completes. For + * 0-RTT packet, application can call this function after calling + * `ngtcp2_conn_decode_and_set_0rtt_transport_params`. For 1-RTT + * packet, application can call this function after calling + * `ngtcp2_conn_decode_and_set_remote_transport_params` and + * `ngtcp2_conn_install_tx_key`. If ngtcp2 crypto support library is + * used, application can call this function after calling + * `ngtcp2_crypto_derive_and_install_tx_key` for 1-RTT packet. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + * :macro:`NGTCP2_ERR_STREAM_ID_BLOCKED` + * The remote endpoint does not allow |stream_id| yet. + */ +NGTCP2_EXTERN int ngtcp2_conn_open_uni_stream(ngtcp2_conn *conn, + int64_t *pstream_id, + void *stream_user_data); + +/** + * @function + * + * `ngtcp2_conn_shutdown_stream` closes a stream denoted by + * |stream_id| abruptly. |app_error_code| is one of application error + * codes, and indicates the reason of shutdown. Successful call of + * this function does not immediately erase the state of the stream. + * The actual deletion is done when the remote endpoint sends + * acknowledgement. Calling this function is equivalent to call + * `ngtcp2_conn_shutdown_stream_read`, and + * `ngtcp2_conn_shutdown_stream_write` sequentially with the following + * differences. If |stream_id| refers to a local unidirectional + * stream, this function only shutdowns write side of the stream. If + * |stream_id| refers to a remote unidirectional stream, this function + * only shutdowns read side of the stream. + * + * |flags| is currently unused, and should be set to 0. + * + * This function returns 0 if a stream denoted by |stream_id| is not + * found. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + */ +NGTCP2_EXTERN int ngtcp2_conn_shutdown_stream(ngtcp2_conn *conn, uint32_t flags, + int64_t stream_id, + uint64_t app_error_code); + +/** + * @function + * + * `ngtcp2_conn_shutdown_stream_write` closes write-side of a stream + * denoted by |stream_id| abruptly. |app_error_code| is one of + * application error codes, and indicates the reason of shutdown. If + * this function succeeds, no further application data is sent to the + * remote endpoint. It discards all data which has not been + * acknowledged yet. + * + * |flags| is currently unused, and should be set to 0. + * + * This function returns 0 if a stream denoted by |stream_id| is not + * found. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * |stream_id| refers to a remote unidirectional stream. + */ +NGTCP2_EXTERN int ngtcp2_conn_shutdown_stream_write(ngtcp2_conn *conn, + uint32_t flags, + int64_t stream_id, + uint64_t app_error_code); + +/** + * @function + * + * `ngtcp2_conn_shutdown_stream_read` closes read-side of a stream + * denoted by |stream_id| abruptly. |app_error_code| is one of + * application error codes, and indicates the reason of shutdown. If + * this function succeeds, no further application data is forwarded to + * an application layer. + * + * |flags| is currently unused, and should be set to 0. + * + * This function returns 0 if a stream denoted by |stream_id| is not + * found. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * |stream_id| refers to a local unidirectional stream. + */ +NGTCP2_EXTERN int ngtcp2_conn_shutdown_stream_read(ngtcp2_conn *conn, + uint32_t flags, + int64_t stream_id, + uint64_t app_error_code); + +/** + * @macrosection + * + * Write stream data flags + */ + +/** + * @macro + * + * :macro:`NGTCP2_WRITE_STREAM_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_WRITE_STREAM_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE` indicates that more data may + * come, and should be coalesced into the same packet if possible. + */ +#define NGTCP2_WRITE_STREAM_FLAG_MORE 0x01u + +/** + * @macro + * + * :macro:`NGTCP2_WRITE_STREAM_FLAG_FIN` indicates that a passed data + * is the final part of a stream. + */ +#define NGTCP2_WRITE_STREAM_FLAG_FIN 0x02u + +/** + * @macro + * + * :macro:`NGTCP2_WRITE_STREAM_FLAG_PADDING` indicates that a + * non-empty 0 RTT or 1 RTT ack-eliciting packet is padded to the + * minimum length of a sending path MTU or a given packet buffer when + * finalizing it. PATH_CHALLENGE, PATH_RESPONSE, CONNECTION_CLOSE + * only packets and PMTUD packets are excluded. + */ +#define NGTCP2_WRITE_STREAM_FLAG_PADDING 0x04u + +/** + * @function + * + * `ngtcp2_conn_write_stream` is just like + * `ngtcp2_conn_writev_stream`. The only difference is that it + * conveniently accepts a single buffer. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_write_stream_versioned( + ngtcp2_conn *conn, ngtcp2_path *path, int pkt_info_version, + ngtcp2_pkt_info *pi, uint8_t *dest, size_t destlen, ngtcp2_ssize *pdatalen, + uint32_t flags, int64_t stream_id, const uint8_t *data, size_t datalen, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_writev_stream` writes a packet containing stream data + * of a stream denoted by |stream_id|. The buffer of the packet is + * pointed by |dest| of length |destlen|. This function performs QUIC + * handshake as well. + * + * |destlen| should be at least + * :member:`ngtcp2_settings.max_tx_udp_payload_size`. It must be at + * least :macro:`NGTCP2_MAX_UDP_PAYLOAD_SIZE`. + * + * Specifying -1 to |stream_id| means no new stream data to send. + * + * If |path| is not ``NULL``, this function stores the network path + * with which the packet should be sent. Each addr field + * (:member:`ngtcp2_path.local` and :member:`ngtcp2_path.remote`) must + * point to the buffer which should be at least + * sizeof(:type:`sockaddr_union`) bytes long. The assignment might + * not be done if nothing is written to |dest|. + * + * If |pi| is not ``NULL``, this function stores packet metadata in it + * if it succeeds. The metadata includes ECN markings. When calling + * this function again after it returns + * :macro:`NGTCP2_ERR_WRITE_MORE`, caller must pass the same |pi| to + * this function. + * + * Stream data is specified as vector of data |datav|. |datavcnt| + * specifies the number of :type:`ngtcp2_vec` that |datav| includes. + * + * If all given data is encoded as STREAM frame in |dest|, and if + * |flags| & :macro:`NGTCP2_WRITE_STREAM_FLAG_FIN` is nonzero, fin + * flag is set to outgoing STREAM frame. Otherwise, fin flag in + * STREAM frame is not set. + * + * This packet may contain frames other than STREAM frame. The packet + * might not contain STREAM frame if other frames occupy the packet. + * In that case, |*pdatalen| would be -1 if |pdatalen| is not + * ``NULL``. + * + * Empty data is treated specially, and it is only accepted if no + * data, including the empty data, is submitted to a stream or + * :macro:`NGTCP2_WRITE_STREAM_FLAG_FIN` is set in |flags|. If 0 + * length STREAM frame is successfully serialized, |*pdatalen| would + * be 0. + * + * The number of data encoded in STREAM frame is stored in |*pdatalen| + * if it is not ``NULL``. The caller must keep the portion of data + * covered by |*pdatalen| bytes in tact until + * :member:`ngtcp2_callbacks.acked_stream_data_offset` indicates that + * they are acknowledged by a remote endpoint or the stream is closed. + * + * If the given stream data is small (e.g., few bytes), the packet + * might be severely under filled. Too many small packet might + * increase overall packet processing costs. Unless there are + * retransmissions, by default, application can only send 1 STREAM + * frame in one QUIC packet. In order to include more than 1 STREAM + * frame in one QUIC packet, specify + * :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE` in |flags|. This is + * analogous to ``MSG_MORE`` flag in :manpage:`send(2)`. If the + * :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE` is used, there are 4 + * outcomes: + * + * - The function returns the written length of packet just like + * without :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE`. This is because + * packet is nearly full, and the library decided to make a complete + * packet. |*pdatalen| might be -1 or >= 0. It may return 0 which + * indicates that no packet transmission is possible at the moment + * for some reason. + * + * - The function returns :macro:`NGTCP2_ERR_WRITE_MORE`. In this + * case, |*pdatalen| >= 0 is asserted. It indicates that + * application can still call this function with different stream + * data (or `ngtcp2_conn_writev_datagram` if it has data to send in + * unreliable datagram) to pack them into the same packet. + * Application has to specify the same |conn|, |path|, |pi|, |dest|, + * |destlen|, and |ts| parameters, otherwise the behaviour is + * undefined. The application can change |flags|. + * + * - The function returns one of the following negative error codes: + * :macro:`NGTCP2_ERR_STREAM_DATA_BLOCKED`, + * :macro:`NGTCP2_ERR_STREAM_NOT_FOUND`, or + * :macro:`NGTCP2_ERR_STREAM_SHUT_WR`. In this case, |*pdatalen| == + * -1 is asserted. Application can still write the stream data of + * the other streams by calling this function (or + * `ngtcp2_conn_writev_datagram` if it has data to send in + * unreliable datagram) to pack them into the same packet. + * Application has to specify the same |conn|, |path|, |pi|, |dest|, + * |destlen|, and |ts| parameters, otherwise the behaviour is + * undefined. The application can change |flags|. + * + * - The other negative error codes might be returned just like + * without :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE`. These errors + * should be treated as a connection error. + * + * When application uses :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE` at + * least once, it must not call other ngtcp2 API functions + * (application can still call `ngtcp2_conn_write_connection_close` to + * handle error from this function. It can also call + * `ngtcp2_conn_shutdown_stream_read`, + * `ngtcp2_conn_shutdown_stream_write`, and + * `ngtcp2_conn_shutdown_stream`), just keep calling this function (or + * `ngtcp2_conn_writev_datagram`) until it returns 0, a positive + * number (which indicates a complete packet is ready), or the error + * codes other than :macro:`NGTCP2_ERR_WRITE_MORE`, + * :macro:`NGTCP2_ERR_STREAM_DATA_BLOCKED`, + * :macro:`NGTCP2_ERR_STREAM_NOT_FOUND`, and + * :macro:`NGTCP2_ERR_STREAM_SHUT_WR`. If there is no stream data to + * include, call this function with |stream_id| as -1 to stop + * coalescing and write a packet. + * + * If :macro:`NGTCP2_WRITE_STREAM_FLAG_PADDING` is set in |flags| when + * finalizing a non-empty 0 RTT or 1 RTT ack-eliciting packet, the + * packet is padded to the minimum length of a sending path MTU or a + * given packet buffer. + * + * This function returns 0 if it cannot write any frame because buffer + * is too small, or packet is congestion limited. Application should + * keep reading and wait for congestion window to grow. + * + * This function must not be called from inside the callback + * functions. + * + * `ngtcp2_conn_update_pkt_tx_time` must be called after this + * function. Application may call this function multiple times before + * calling `ngtcp2_conn_update_pkt_tx_time`. + * + * This function returns the number of bytes written in |dest| if it + * succeeds, or one of the following negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + * :macro:`NGTCP2_ERR_STREAM_NOT_FOUND` + * Stream does not exist + * :macro:`NGTCP2_ERR_STREAM_SHUT_WR` + * Stream is half closed (local); or stream is being reset. + * :macro:`NGTCP2_ERR_PKT_NUM_EXHAUSTED` + * Packet number is exhausted, and cannot send any more packet. + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * User callback failed + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * The total length of stream data is too large. + * :macro:`NGTCP2_ERR_STREAM_DATA_BLOCKED` + * Stream is blocked because of flow control. + * :macro:`NGTCP2_ERR_WRITE_MORE` + * (Only when :macro:`NGTCP2_WRITE_STREAM_FLAG_MORE` is specified) + * Application can call this function to pack more stream data + * into the same packet. See above to know how it works. + * + * If any other negative error is returned, call + * `ngtcp2_conn_write_connection_close` to get terminal packet, and + * sending it makes QUIC connection enter the closing state. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_writev_stream_versioned( + ngtcp2_conn *conn, ngtcp2_path *path, int pkt_info_version, + ngtcp2_pkt_info *pi, uint8_t *dest, size_t destlen, ngtcp2_ssize *pdatalen, + uint32_t flags, int64_t stream_id, const ngtcp2_vec *datav, size_t datavcnt, + ngtcp2_tstamp ts); + +/** + * @macrosection + * + * Write datagram flags + */ + +/** + * @macro + * + * :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_NONE` indicates no flag set. + */ +#define NGTCP2_WRITE_DATAGRAM_FLAG_NONE 0x00u + +/** + * @macro + * + * :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_MORE` indicates that more data + * may come, and should be coalesced into the same packet if possible. + */ +#define NGTCP2_WRITE_DATAGRAM_FLAG_MORE 0x01u + +/** + * @macro + * + * :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_PADDING` indicates that a + * non-empty 0 RTT or 1 RTT ack-eliciting packet is padded to the + * minimum length of a sending path MTU or a given packet buffer when + * finalizing it. PATH_CHALLENGE, PATH_RESPONSE, CONNECTION_CLOSE + * only packets and PMTUD packets are excluded. + */ +#define NGTCP2_WRITE_DATAGRAM_FLAG_PADDING 0x02u + +/** + * @function + * + * `ngtcp2_conn_write_datagram` is just like + * `ngtcp2_conn_writev_datagram`. The only difference is that it + * conveniently accepts a single buffer. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_write_datagram_versioned( + ngtcp2_conn *conn, ngtcp2_path *path, int pkt_info_version, + ngtcp2_pkt_info *pi, uint8_t *dest, size_t destlen, int *paccepted, + uint32_t flags, uint64_t dgram_id, const uint8_t *data, size_t datalen, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_writev_datagram` writes a packet containing unreliable + * data in DATAGRAM frame. The buffer of the packet is pointed by + * |dest| of length |destlen|. This function performs QUIC handshake + * as well. + * + * |destlen| should be at least + * :member:`ngtcp2_settings.max_tx_udp_payload_size`. It must be at + * least :macro:`NGTCP2_MAX_UDP_PAYLOAD_SIZE`. + * + * For |path| and |pi| parameters, refer to + * `ngtcp2_conn_writev_stream`. + * + * Stream data is specified as vector of data |datav|. |datavcnt| + * specifies the number of :type:`ngtcp2_vec` that |datav| includes. + * + * If the given data is written to the buffer, nonzero value is + * assigned to |*paccepted| if it is not NULL. The data in DATAGRAM + * frame cannot be fragmented; writing partial data is not possible. + * + * |dgram_id| is an opaque identifier which should uniquely identify + * the given DATAGRAM data. It is passed to + * :member:`ngtcp2_callbacks.ack_datagram` callback when a packet that + * contains DATAGRAM frame is acknowledged. It is also passed to + * :member:`ngtcp2_callbacks.lost_datagram` callback when a packet + * that contains DATAGRAM frame is declared lost. If an application + * uses neither of those callbacks, it can sets 0 to this parameter. + * + * This function might write other frames other than DATAGRAM frame, + * just like `ngtcp2_conn_writev_stream`. + * + * If the function returns 0, it means that no more data cannot be + * sent because of congestion control limit; or, data does not fit + * into the provided buffer; or, a local endpoint, as a server, is + * unable to send data because of its amplification limit. In this + * case, |*paccepted| is assigned zero if it is not NULL. + * + * If :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_MORE` is set in |flags|, + * there are 3 outcomes: + * + * - The function returns the written length of packet just like + * without :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_MORE`. This is + * because packet is nearly full and the library decided to make a + * complete packet. |*paccepted| might be zero or nonzero. + * + * - The function returns :macro:`NGTCP2_ERR_WRITE_MORE`. In this + * case, |*paccepted| != 0 is asserted. This indicates that + * application can call this function with another unreliable data + * (or `ngtcp2_conn_writev_stream` if it has stream data to send) to + * pack them into the same packet. Application has to specify the + * same |conn|, |path|, |pi|, |dest|, |destlen|, and |ts| + * parameters, otherwise the behaviour is undefined. The + * application can change |flags|. + * + * - The other error might be returned just like without + * :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_MORE`. + * + * When application sees :macro:`NGTCP2_ERR_WRITE_MORE`, it must not + * call other ngtcp2 API functions (application can still call + * `ngtcp2_conn_write_connection_close` to handle error from this + * function. It can also call `ngtcp2_conn_shutdown_stream_read`, + * `ngtcp2_conn_shutdown_stream_write`, and + * `ngtcp2_conn_shutdown_stream`). Just keep calling this function + * (or `ngtcp2_conn_writev_stream`) until it returns a positive number + * (which indicates a complete packet is ready). + * + * If :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_PADDING` is set in |flags| + * when finalizing a non-empty 0 RTT or 1 RTT ack-eliciting packet, + * the packet is padded to the minimum length of a sending path MTU or + * a given packet buffer. + * + * This function returns the number of bytes written in |dest| if it + * succeeds, or one of the following negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + * :macro:`NGTCP2_ERR_PKT_NUM_EXHAUSTED` + * Packet number is exhausted, and cannot send any more packet. + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * User callback failed + * :macro:`NGTCP2_ERR_WRITE_MORE` + * (Only when :macro:`NGTCP2_WRITE_DATAGRAM_FLAG_MORE` is + * specified) Application can call this function to pack more data + * into the same packet. See above to know how it works. + * :macro:`NGTCP2_ERR_INVALID_STATE` + * A remote endpoint did not express the DATAGRAM frame support. + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * The provisional DATAGRAM frame size exceeds the maximum + * DATAGRAM frame size that a remote endpoint can receive. + * + * If any other negative error is returned, call + * `ngtcp2_conn_write_connection_close` to get terminal packet, and + * sending it makes QUIC connection enter the closing state. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_writev_datagram_versioned( + ngtcp2_conn *conn, ngtcp2_path *path, int pkt_info_version, + ngtcp2_pkt_info *pi, uint8_t *dest, size_t destlen, int *paccepted, + uint32_t flags, uint64_t dgram_id, const ngtcp2_vec *datav, size_t datavcnt, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_in_closing_period` returns nonzero if |conn| is in the + * closing period. + */ +NGTCP2_EXTERN int ngtcp2_conn_in_closing_period(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_in_draining_period` returns nonzero if |conn| is in + * the draining period. + */ +NGTCP2_EXTERN int ngtcp2_conn_in_draining_period(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_extend_max_stream_offset` extends the maximum stream + * data that a remote endpoint can send by |datalen|. |stream_id| + * specifies the stream ID. This function only extends stream-level + * flow control window. + * + * This function returns 0 if a stream denoted by |stream_id| is not + * found. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * |stream_id| refers to a local unidirectional stream. + */ +NGTCP2_EXTERN int ngtcp2_conn_extend_max_stream_offset(ngtcp2_conn *conn, + int64_t stream_id, + uint64_t datalen); + +/** + * @function + * + * `ngtcp2_conn_extend_max_offset` extends max data offset by + * |datalen|. This function only extends connection-level flow + * control window. + */ +NGTCP2_EXTERN void ngtcp2_conn_extend_max_offset(ngtcp2_conn *conn, + uint64_t datalen); + +/** + * @function + * + * `ngtcp2_conn_extend_max_streams_bidi` extends the number of maximum + * remote bidirectional streams that a remote endpoint can open by + * |n|. + * + * The library does not increase maximum stream limit automatically. + * The exception is when a stream is closed without + * :member:`ngtcp2_callbacks.stream_open` callback being called. In + * this case, stream limit is increased automatically. + */ +NGTCP2_EXTERN void ngtcp2_conn_extend_max_streams_bidi(ngtcp2_conn *conn, + size_t n); + +/** + * @function + * + * `ngtcp2_conn_extend_max_streams_uni` extends the number of maximum + * remote unidirectional streams that a remote endpoint can open by + * |n|. + * + * The library does not increase maximum stream limit automatically. + * The exception is when a stream is closed without + * :member:`ngtcp2_callbacks.stream_open` callback being called. In + * this case, stream limit is increased automatically. + */ +NGTCP2_EXTERN void ngtcp2_conn_extend_max_streams_uni(ngtcp2_conn *conn, + size_t n); + +/** + * @function + * + * `ngtcp2_conn_get_dcid` returns the non-NULL pointer to the current + * Destination Connection ID. If no Destination Connection ID is + * present, the return value is not ``NULL``, and its :member:`datalen + * ` field is 0. + */ +NGTCP2_EXTERN const ngtcp2_cid *ngtcp2_conn_get_dcid(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_client_initial_dcid` returns the non-NULL pointer + * to the Destination Connection ID that client sent in its Initial + * packet. If the Destination Connection ID is not present, the + * return value is not ``NULL``, and its :member:`datalen + * ` field is 0. + */ +NGTCP2_EXTERN const ngtcp2_cid * +ngtcp2_conn_get_client_initial_dcid(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_scid` writes the all Source Connection IDs which a + * local endpoint has provided to a remote endpoint, and are not + * retired in |dest|. If |dest| is NULL, this function does not write + * anything, and returns the number of Source Connection IDs that + * would otherwise be written to the provided buffer. The buffer + * pointed by |dest| must have sizeof(:type:`ngtcp2_cid`) * n bytes + * available, where n is the return value of `ngtcp2_conn_get_scid` + * with |dest| == NULL. + */ +NGTCP2_EXTERN size_t ngtcp2_conn_get_scid(ngtcp2_conn *conn, ngtcp2_cid *dest); + +/** + * @struct + * + * :type:`ngtcp2_cid_token` is the convenient struct to store + * Connection ID, its associated path, and stateless reset token. + */ +typedef struct ngtcp2_cid_token { + /** + * :member:`seq` is the sequence number of this Connection ID. + */ + uint64_t seq; + /** + * :member:`cid` is Connection ID. + */ + ngtcp2_cid cid; + /** + * :member:`ps` is the path which this Connection ID is associated + * with. + */ + ngtcp2_path_storage ps; + /** + * :member:`token` is the stateless reset token for this Connection + * ID. + */ + uint8_t token[NGTCP2_STATELESS_RESET_TOKENLEN]; + /** + * :member:`token_present` is nonzero if token contains stateless + * reset token. + */ + uint8_t token_present; +} ngtcp2_cid_token; + +/** + * @function + * + * `ngtcp2_conn_get_active_dcid` writes the all active Destination + * Connection IDs and their tokens to |dest|. Before handshake + * completes, this function returns 0. If |dest| is NULL, this + * function does not write anything, and returns the number of + * Destination Connection IDs that would otherwise be written to the + * provided buffer. The buffer pointed by |dest| must have + * sizeof(:type:`ngtcp2_cid_token`) * n bytes available, where n is + * the return value of `ngtcp2_conn_get_active_dcid` with |dest| == + * NULL. + */ +NGTCP2_EXTERN size_t ngtcp2_conn_get_active_dcid(ngtcp2_conn *conn, + ngtcp2_cid_token *dest); + +/** + * @function + * + * `ngtcp2_conn_get_client_chosen_version` returns the client chosen + * version. + */ +NGTCP2_EXTERN uint32_t ngtcp2_conn_get_client_chosen_version(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_negotiated_version` returns the negotiated + * version. + * + * Until the version is negotiated, this function returns 0. + */ +NGTCP2_EXTERN uint32_t ngtcp2_conn_get_negotiated_version(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_tls_early_data_rejected` tells |conn| that early data + * was rejected by a server during TLS handshake, or client decided + * not to attempt early data for some reason. |conn| discards the + * following connection states: + * + * - Any opened streams. + * - Stream identifier allocations. + * - Max data extended by `ngtcp2_conn_extend_max_offset`. + * - Max bidi streams extended by `ngtcp2_conn_extend_max_streams_bidi`. + * - Max uni streams extended by `ngtcp2_conn_extend_max_streams_uni`. + * + * Application which wishes to retransmit early data, it has to open + * streams, and send stream data again. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * User callback failed + */ +NGTCP2_EXTERN int ngtcp2_conn_tls_early_data_rejected(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_tls_early_data_rejected` returns nonzero if + * `ngtcp2_conn_tls_early_data_rejected` has been called. + */ +NGTCP2_EXTERN int ngtcp2_conn_get_tls_early_data_rejected(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_conn_info` assigns connection statistics data to + * |*cinfo|. + */ +NGTCP2_EXTERN void ngtcp2_conn_get_conn_info_versioned(ngtcp2_conn *conn, + int conn_info_version, + ngtcp2_conn_info *cinfo); + +/** + * @function + * + * `ngtcp2_conn_submit_crypto_data` submits crypto data |data| of + * length |datalen| to the library for transmission. + * |encryption_level| specifies the encryption level of data. + * + * The library makes a copy of the buffer pointed by |data| of length + * |datalen|. Application can discard |data|. + */ +NGTCP2_EXTERN int +ngtcp2_conn_submit_crypto_data(ngtcp2_conn *conn, + ngtcp2_encryption_level encryption_level, + const uint8_t *data, const size_t datalen); + +/** + * @function + * + * `ngtcp2_conn_submit_new_token` submits address validation token. + * It is sent in NEW_TOKEN frame. Only server can call this function. + * |tokenlen| must not be 0. + * + * This function makes a copy of the buffer pointed by |token| of + * length |tokenlen|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory. + */ +NGTCP2_EXTERN int ngtcp2_conn_submit_new_token(ngtcp2_conn *conn, + const uint8_t *token, + size_t tokenlen); + +/** + * @function + * + * `ngtcp2_conn_set_local_addr` sets local endpoint address |addr| to + * the current path of |conn|. This function is provided for testing + * purpose only. + */ +NGTCP2_EXTERN void ngtcp2_conn_set_local_addr(ngtcp2_conn *conn, + const ngtcp2_addr *addr); + +/** + * @function + * + * `ngtcp2_conn_set_path_user_data` sets the |path_user_data| to the + * current path (see :member:`ngtcp2_path.user_data`). + */ +NGTCP2_EXTERN void ngtcp2_conn_set_path_user_data(ngtcp2_conn *conn, + void *path_user_data); + +/** + * @function + * + * `ngtcp2_conn_get_path` returns the current path. + */ +NGTCP2_EXTERN const ngtcp2_path *ngtcp2_conn_get_path(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_max_tx_udp_payload_size` returns the maximum UDP + * payload size that this local endpoint would send. This is the + * value of :member:`ngtcp2_settings.max_tx_udp_payload_size` that is + * passed to `ngtcp2_conn_client_new` or `ngtcp2_conn_server_new`. + */ +NGTCP2_EXTERN size_t ngtcp2_conn_get_max_tx_udp_payload_size(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_path_max_tx_udp_payload_size` returns the maximum + * UDP payload size for the current path. If + * :member:`ngtcp2_settings.no_tx_udp_payload_size_shaping` is set to + * nonzero, this function is equivalent to + * `ngtcp2_conn_get_max_tx_udp_payload_size`. Otherwise, it returns + * the maximum UDP payload size that is probed for the current path. + */ +NGTCP2_EXTERN size_t +ngtcp2_conn_get_path_max_tx_udp_payload_size(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_initiate_immediate_migration` starts connection + * migration to the given |path|. Only client can initiate migration. + * This function does immediate migration; while the path validation + * is nonetheless performed, this function does not wait for it to + * succeed. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_INVALID_STATE` + * Migration is disabled; or handshake is not yet confirmed; or + * client is migrating to server's preferred address. + * :macro:`NGTCP2_ERR_CONN_ID_BLOCKED` + * No unused connection ID is available. + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * :member:`local ` field of |path| equals the + * current local address. + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + */ +NGTCP2_EXTERN int ngtcp2_conn_initiate_immediate_migration( + ngtcp2_conn *conn, const ngtcp2_path *path, ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_initiate_migration` starts connection migration to the + * given |path|. Only client can initiate migration. Unlike + * `ngtcp2_conn_initiate_immediate_migration`, this function starts a + * path validation with a new path, and migrate to the new path after + * successful path validation. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_INVALID_STATE` + * Migration is disabled; or handshake is not yet confirmed; or + * client is migrating to server's preferred address. + * :macro:`NGTCP2_ERR_CONN_ID_BLOCKED` + * No unused connection ID is available. + * :macro:`NGTCP2_ERR_INVALID_ARGUMENT` + * :member:`local ` field of |path| equals the + * current local address. + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + */ +NGTCP2_EXTERN int ngtcp2_conn_initiate_migration(ngtcp2_conn *conn, + const ngtcp2_path *path, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_get_max_data_left` returns the number of bytes that + * this local endpoint can send in this connection without violating + * connection-level flow control. + */ +NGTCP2_EXTERN uint64_t ngtcp2_conn_get_max_data_left(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_max_stream_data_left` returns the number of bytes + * that this local endpoint can send to a stream identified by + * |stream_id| without violating stream-level flow control. If no + * such stream is found, this function returns 0. + */ +NGTCP2_EXTERN uint64_t ngtcp2_conn_get_max_stream_data_left(ngtcp2_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `ngtcp2_conn_get_streams_bidi_left` returns the number of + * bidirectional streams which the local endpoint can open without + * violating stream concurrency limit. + */ +NGTCP2_EXTERN uint64_t ngtcp2_conn_get_streams_bidi_left(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_streams_uni_left` returns the number of + * unidirectional streams which the local endpoint can open without + * violating stream concurrency limit. + */ +NGTCP2_EXTERN uint64_t ngtcp2_conn_get_streams_uni_left(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_cwnd_left` returns the cwnd minus the number of + * bytes in flight on the current path. If the former is smaller than + * the latter, this function returns 0. + */ +NGTCP2_EXTERN uint64_t ngtcp2_conn_get_cwnd_left(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_set_initial_crypto_ctx` sets |ctx| for Initial packet + * encryption. The passed data will be passed to + * :type:`ngtcp2_encrypt`, :type:`ngtcp2_decrypt` and + * :type:`ngtcp2_hp_mask` callbacks. + */ +NGTCP2_EXTERN void +ngtcp2_conn_set_initial_crypto_ctx(ngtcp2_conn *conn, + const ngtcp2_crypto_ctx *ctx); + +/** + * @function + * + * `ngtcp2_conn_get_initial_crypto_ctx` returns + * :type:`ngtcp2_crypto_ctx` object for Initial packet encryption. + */ +NGTCP2_EXTERN const ngtcp2_crypto_ctx * +ngtcp2_conn_get_initial_crypto_ctx(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_set_crypto_ctx` sets |ctx| for Handshake/1-RTT packet + * encryption. The passed data will be passed to + * :type:`ngtcp2_encrypt`, :type:`ngtcp2_decrypt` and + * :type:`ngtcp2_hp_mask` callbacks. + */ +NGTCP2_EXTERN void ngtcp2_conn_set_crypto_ctx(ngtcp2_conn *conn, + const ngtcp2_crypto_ctx *ctx); + +/** + * @function + * + * `ngtcp2_conn_get_crypto_ctx` returns :type:`ngtcp2_crypto_ctx` + * object for Handshake/1-RTT packet encryption. + */ +NGTCP2_EXTERN const ngtcp2_crypto_ctx * +ngtcp2_conn_get_crypto_ctx(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_set_0rtt_crypto_ctx` sets |ctx| for 0-RTT packet + * encryption. The passed data will be passed to + * :type:`ngtcp2_encrypt`, :type:`ngtcp2_decrypt` and + * :type:`ngtcp2_hp_mask` callbacks. + */ +NGTCP2_EXTERN void +ngtcp2_conn_set_0rtt_crypto_ctx(ngtcp2_conn *conn, + const ngtcp2_crypto_ctx *ctx); + +/** + * @function + * + * `ngtcp2_conn_get_0rtt_crypto_ctx` returns :type:`ngtcp2_crypto_ctx` + * object for 0-RTT packet encryption. + */ +NGTCP2_EXTERN const ngtcp2_crypto_ctx * +ngtcp2_conn_get_0rtt_crypto_ctx(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_tls_native_handle` returns TLS native handle set + * by `ngtcp2_conn_set_tls_native_handle`. + */ +NGTCP2_EXTERN void *ngtcp2_conn_get_tls_native_handle(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_set_tls_native_handle` sets TLS native handle + * |tls_native_handle| to |conn|. Internally, it is used as an opaque + * pointer. + */ +NGTCP2_EXTERN void ngtcp2_conn_set_tls_native_handle(ngtcp2_conn *conn, + void *tls_native_handle); + +/** + * @function + * + * `ngtcp2_conn_set_retry_aead` sets |aead| and |aead_ctx| for Retry + * integrity tag verification. |aead| must be AEAD_AES_128_GCM. + * |aead_ctx| must be initialized with :macro:`NGTCP2_RETRY_KEY` as + * encryption key. This function must be called if |conn| is + * initialized as client. Server does not verify the tag, and has no + * need to call this function. + * + * |conn| takes ownership of |aead_ctx|. + * :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` will be called to + * delete this object when it is no longer used. + */ +NGTCP2_EXTERN void +ngtcp2_conn_set_retry_aead(ngtcp2_conn *conn, const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx); + +/** + * @enum + * + * :type:`ngtcp2_ccerr_type` defines connection error type. + */ +typedef enum ngtcp2_ccerr_type { + /** + * :enum:`NGTCP2_CCERR_TYPE_TRANSPORT` indicates the QUIC transport + * error, and the error code is QUIC transport error code. + */ + NGTCP2_CCERR_TYPE_TRANSPORT, + /** + * :enum:`NGTCP2_CCERR_TYPE_APPLICATION` indicates an application + * error, and the error code is application error code. + */ + NGTCP2_CCERR_TYPE_APPLICATION, + /** + * :enum:`NGTCP2_CCERR_TYPE_VERSION_NEGOTIATION` is a special case + * of QUIC transport error, and it indicates that client receives + * Version Negotiation packet. + */ + NGTCP2_CCERR_TYPE_VERSION_NEGOTIATION, + /** + * :enum:`NGTCP2_CCERR_TYPE_IDLE_CLOSE` is a special case of QUIC + * transport error, and it indicates that connection is closed + * because of idle timeout. + */ + NGTCP2_CCERR_TYPE_IDLE_CLOSE, + /** + * :enum:`NGTCP2_CCERR_TYPE_DROP_CONN` is a special case of QUIC + * transport error, and it indicates that connection should be + * dropped without sending a CONNECTION_CLOSE frame. + */ + NGTCP2_CCERR_TYPE_DROP_CONN, + /** + * :enum:`NGTCP2_CCERR_TYPE_RETRY` is a special case of QUIC + * transport error, and it indicates that RETRY packet should be + * sent to a client. + */ + NGTCP2_CCERR_TYPE_RETRY +} ngtcp2_ccerr_type; + +/** + * @struct + * + * :type:`ngtcp2_ccerr` contains connection error code, its type, a + * frame type that caused this error, and the optional reason phrase. + */ +typedef struct ngtcp2_ccerr { + /** + * :member:`type` is the type of this error. + */ + ngtcp2_ccerr_type type; + /** + * :member:`error_code` is the error code for connection closure. + * Its interpretation depends on :member:`type`. + */ + uint64_t error_code; + /** + * :member:`frame_type` is the type of QUIC frame which triggers + * this connection error. This field is set to 0 if the frame type + * is unknown. + */ + uint64_t frame_type; + /** + * :member:`reason` points to the buffer which contains a reason + * phrase. It may be NULL if there is no reason phrase. If it is + * received from a remote endpoint, it is truncated to at most 1024 + * bytes. + */ + const uint8_t *reason; + /** + * :member:`reasonlen` is the length of data pointed by + * :member:`reason`. + */ + size_t reasonlen; +} ngtcp2_ccerr; + +/** + * @function + * + * `ngtcp2_ccerr_default` initializes |ccerr| with the default values. + * It sets the following fields: + * + * - :member:`type ` = + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_TRANSPORT` + * - :member:`error_code ` = + * :macro:`NGTCP2_NO_ERROR`. + * - :member:`frame_type ` = 0 + * - :member:`reason ` = NULL + * - :member:`reasonlen ` = 0 + */ +NGTCP2_EXTERN void ngtcp2_ccerr_default(ngtcp2_ccerr *ccerr); + +/** + * @function + * + * `ngtcp2_ccerr_set_transport_error` sets :member:`ccerr->type + * ` to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_TRANSPORT`, and + * :member:`ccerr->error_code ` to + * |error_code|. |reason| is the reason phrase of length |reasonlen|. + * This function does not make a copy of the reason phrase. + */ +NGTCP2_EXTERN void ngtcp2_ccerr_set_transport_error(ngtcp2_ccerr *ccerr, + uint64_t error_code, + const uint8_t *reason, + size_t reasonlen); + +/** + * @function + * + * `ngtcp2_ccerr_set_liberr` sets type and error_code based on + * |liberr|. + * + * |reason| is the reason phrase of length |reasonlen|. This function + * does not make a copy of the reason phrase. + * + * If |liberr| is :macro:`NGTCP2_ERR_RECV_VERSION_NEGOTIATION`, + * :member:`ccerr->type ` is set to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_VERSION_NEGOTIATION`, + * and :member:`ccerr->error_code ` to + * :macro:`NGTCP2_NO_ERROR`. + * + * If |liberr| is :macro:`NGTCP2_ERR_IDLE_CLOSE`, :member:`ccerr->type + * ` is set to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_IDLE_CLOSE`, and + * :member:`ccerr->error_code ` to + * :macro:`NGTCP2_NO_ERROR`. + * + * If |liberr| is :macro:`NGTCP2_ERR_DROP_CONN`, :member:`ccerr->type + * ` is set to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_DROP_CONN`, and + * :member:`ccerr->error_code ` to + * :macro:`NGTCP2_NO_ERROR`. + * + * If |liberr| is :macro:`NGTCP2_ERR_RETRY`, :member:`ccerr->type + * ` is set to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_RETRY`, and + * :member:`ccerr->error_type ` to + * :macro:`NGTCP2_NO_ERROR`. + * + * Otherwise, :member:`ccerr->type ` is set to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_TRANSPORT`, and + * :member:`ccerr->error_code ` is set to an + * error code inferred by |liberr| (see + * `ngtcp2_err_infer_quic_transport_error_code`). + */ +NGTCP2_EXTERN void ngtcp2_ccerr_set_liberr(ngtcp2_ccerr *ccerr, int liberr, + const uint8_t *reason, + size_t reasonlen); + +/** + * @function + * + * `ngtcp2_ccerr_set_tls_alert` sets :member:`ccerr->type + * ` to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_TRANSPORT`, and + * :member:`ccerr->error_code ` to bitwise-OR + * of :macro:`NGTCP2_CRYPTO_ERROR` and |tls_alert|. |reason| is the + * reason phrase of length |reasonlen|. This function does not make a + * copy of the reason phrase. + */ +NGTCP2_EXTERN void ngtcp2_ccerr_set_tls_alert(ngtcp2_ccerr *ccerr, + uint8_t tls_alert, + const uint8_t *reason, + size_t reasonlen); + +/** + * @function + * + * `ngtcp2_ccerr_set_application_error` sets :member:`ccerr->type + * ` to + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_APPLICATION`, and + * :member:`ccerr->error_code ` to + * |error_code|. |reason| is the reason phrase of length |reasonlen|. + * This function does not make a copy of the reason phrase. + */ +NGTCP2_EXTERN void ngtcp2_ccerr_set_application_error(ngtcp2_ccerr *ccerr, + uint64_t error_code, + const uint8_t *reason, + size_t reasonlen); + +/** + * @function + * + * `ngtcp2_conn_write_connection_close` writes a packet which contains + * CONNECTION_CLOSE frame(s) (type 0x1c or 0x1d) in the buffer pointed + * by |dest| whose capacity is |destlen|. + * + * For client, |destlen| should be at least + * :macro:`NGTCP2_MAX_UDP_PAYLOAD_SIZE`. + * + * If |path| is not ``NULL``, this function stores the network path + * with which the packet should be sent. Each addr field must point + * to the buffer which should be at least + * sizeof(:type:`ngtcp2_sockaddr_union`) bytes long. The assignment + * might not be done if nothing is written to |dest|. + * + * If |pi| is not ``NULL``, this function stores packet metadata in it + * if it succeeds. The metadata includes ECN markings. + * + * If :member:`ccerr->type ` == + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_TRANSPORT`, this + * function sends CONNECTION_CLOSE (type 0x1c) frame. If + * :member:`ccerr->type ` == + * :enum:`ngtcp2_ccerr_type.NGTCP2_CCERR_TYPE_APPLICATION`, it sends + * CONNECTION_CLOSE (type 0x1d) frame. Otherwise, it does not produce + * any data, and returns 0. + * + * |destlen| could be shorten by some factors (e.g., server side + * amplification limit). This function returns + * :macro:`NGTCP2_ERR_NOBUF` if the resulting buffer is too small even + * if the given buffer has enough space. + * + * This function must not be called from inside the callback + * functions. + * + * At the moment, successful call to this function makes connection + * close. We may change this behaviour in the future to allow + * graceful shutdown. + * + * This function returns the number of bytes written in |dest| if it + * succeeds, or one of the following negative error codes: + * + * :macro:`NGTCP2_ERR_NOMEM` + * Out of memory + * :macro:`NGTCP2_ERR_NOBUF` + * Buffer is too small + * :macro:`NGTCP2_ERR_INVALID_STATE` + * The current state does not allow sending CONNECTION_CLOSE + * frame. + * :macro:`NGTCP2_ERR_PKT_NUM_EXHAUSTED` + * Packet number is exhausted, and cannot send any more packet. + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE` + * User callback failed + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_conn_write_connection_close_versioned( + ngtcp2_conn *conn, ngtcp2_path *path, int pkt_info_version, + ngtcp2_pkt_info *pi, uint8_t *dest, size_t destlen, const ngtcp2_ccerr *ccerr, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_get_ccerr` returns the received connection close + * error. If no connection error is received, it returns + * :type:`ngtcp2_ccerr` that is initialized by `ngtcp2_ccerr_default`. + */ +NGTCP2_EXTERN const ngtcp2_ccerr *ngtcp2_conn_get_ccerr(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_is_local_stream` returns nonzero if |stream_id| + * denotes a locally initiated stream. + */ +NGTCP2_EXTERN int ngtcp2_conn_is_local_stream(ngtcp2_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `ngtcp2_conn_is_server` returns nonzero if |conn| is initialized as + * server. + */ +NGTCP2_EXTERN int ngtcp2_conn_is_server(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_after_retry` returns nonzero if |conn| as a client has + * received Retry packet from server, and successfully validated it. + */ +NGTCP2_EXTERN int ngtcp2_conn_after_retry(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_set_stream_user_data` sets |stream_user_data| to the + * stream identified by |stream_id|. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_ERR_STREAM_NOT_FOUND` + * Stream does not exist + */ +NGTCP2_EXTERN int ngtcp2_conn_set_stream_user_data(ngtcp2_conn *conn, + int64_t stream_id, + void *stream_user_data); + +/** + * @function + * + * `ngtcp2_conn_update_pkt_tx_time` sets the time instant of the next + * packet transmission to pace packets. This function must be called + * after (multiple invocation of) `ngtcp2_conn_writev_stream`. If + * packet aggregation (e.g., packet batching, GSO) is used, call this + * function after all aggregated datagrams are sent, which indicates + * multiple invocation of `ngtcp2_conn_writev_stream`. + */ +NGTCP2_EXTERN void ngtcp2_conn_update_pkt_tx_time(ngtcp2_conn *conn, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_conn_get_send_quantum` returns the maximum number of bytes + * that can be sent in one go without packet spacing. + */ +NGTCP2_EXTERN size_t ngtcp2_conn_get_send_quantum(ngtcp2_conn *conn); + +/** + * @function + * + * `ngtcp2_conn_get_stream_loss_count` returns the number of packets + * that contain STREAM frame for a stream identified by |stream_id| + * and are declared to be lost. The number may include the spurious + * losses. If no stream identified by |stream_id| is found, this + * function returns 0. + */ +NGTCP2_EXTERN size_t ngtcp2_conn_get_stream_loss_count(ngtcp2_conn *conn, + int64_t stream_id); + +/** + * @function + * + * `ngtcp2_strerror` returns the text representation of |liberr|. + * |liberr| must be one of ngtcp2 library error codes (which is + * defined as :macro:`NGTCP2_ERR_* ` + * macros). + */ +NGTCP2_EXTERN const char *ngtcp2_strerror(int liberr); + +/** + * @function + * + * `ngtcp2_err_is_fatal` returns nonzero if |liberr| is a fatal error. + * |liberr| must be one of ngtcp2 library error codes (which is + * defined as :macro:`NGTCP2_ERR_* ` + * macros). + */ +NGTCP2_EXTERN int ngtcp2_err_is_fatal(int liberr); + +/** + * @function + * + * `ngtcp2_err_infer_quic_transport_error_code` returns a QUIC + * transport error code which corresponds to |liberr|. |liberr| must + * be one of ngtcp2 library error codes (which is defined as + * :macro:`NGTCP2_ERR_* ` macros). + */ +NGTCP2_EXTERN uint64_t ngtcp2_err_infer_quic_transport_error_code(int liberr); + +/** + * @function + * + * `ngtcp2_addr_init` initializes |dest| with the given arguments and + * returns |dest|. + */ +NGTCP2_EXTERN ngtcp2_addr *ngtcp2_addr_init(ngtcp2_addr *dest, + const ngtcp2_sockaddr *addr, + ngtcp2_socklen addrlen); + +/** + * @function + * + * `ngtcp2_addr_copy_byte` copies |addr| of length |addrlen| into the + * buffer pointed by :member:`dest->addr `. + * :member:`dest->addrlen ` is updated to have + * |addrlen|. This function assumes that :member:`dest->addr + * ` points to a buffer which has a sufficient + * capacity to store the copy. + */ +NGTCP2_EXTERN void ngtcp2_addr_copy_byte(ngtcp2_addr *dest, + const ngtcp2_sockaddr *addr, + ngtcp2_socklen addrlen); + +/** + * @function + * + * `ngtcp2_path_storage_init` initializes |ps| with the given + * arguments. This function copies |local_addr| and |remote_addr|. + */ +NGTCP2_EXTERN void ngtcp2_path_storage_init(ngtcp2_path_storage *ps, + const ngtcp2_sockaddr *local_addr, + ngtcp2_socklen local_addrlen, + const ngtcp2_sockaddr *remote_addr, + ngtcp2_socklen remote_addrlen, + void *user_data); + +/** + * @function + * + * `ngtcp2_path_storage_zero` initializes |ps| with the zero length + * addresses. + */ +NGTCP2_EXTERN void ngtcp2_path_storage_zero(ngtcp2_path_storage *ps); + +/** + * @function + * + * `ngtcp2_settings_default` initializes |settings| with the default + * values. First this function fills |settings| with 0, and set the + * default value to the following fields: + * + * * :type:`cc_algo ` = + * :enum:`ngtcp2_cc_algo.NGTCP2_CC_ALGO_CUBIC` + * * :type:`initial_rtt ` = + * :macro:`NGTCP2_DEFAULT_INITIAL_RTT` + * * :type:`ack_thresh ` = 2 + * * :type:`max_tx_udp_payload_size + * ` = 1452 + * * :type:`handshake_timeout ` = + * ``UINT64_MAX`` + */ +NGTCP2_EXTERN void ngtcp2_settings_default_versioned(int settings_version, + ngtcp2_settings *settings); + +/** + * @function + * + * `ngtcp2_transport_params_default` initializes |params| with the + * default values. First this function fills |params| with 0, and set + * the default value to the following fields: + * + * * :type:`max_udp_payload_size + * ` = + * :macro:`NGTCP2_DEFAULT_MAX_RECV_UDP_PAYLOAD_SIZE` + * * :type:`ack_delay_exponent + * ` = + * :macro:`NGTCP2_DEFAULT_ACK_DELAY_EXPONENT` + * * :type:`max_ack_delay ` = + * :macro:`NGTCP2_DEFAULT_MAX_ACK_DELAY` + * * :type:`active_connection_id_limit + * ` = + * :macro:`NGTCP2_DEFAULT_ACTIVE_CONNECTION_ID_LIMIT` + */ +NGTCP2_EXTERN void +ngtcp2_transport_params_default_versioned(int transport_params_version, + ngtcp2_transport_params *params); + +/** + * @function + * + * `ngtcp2_mem_default` returns the default, system standard memory + * allocator. + */ +NGTCP2_EXTERN const ngtcp2_mem *ngtcp2_mem_default(void); + +/** + * @macrosection + * + * ngtcp2_info macros + */ + +/** + * @macro + * + * :macro:`NGTCP2_VERSION_AGE` is the age of :type:`ngtcp2_info` + */ +#define NGTCP2_VERSION_AGE 1 + +/** + * @struct + * + * :type:`ngtcp2_info` is what `ngtcp2_version` returns. It holds + * information about the particular ngtcp2 version. + */ +typedef struct ngtcp2_info { + /** + * :member:`age` is the age of this struct. This instance of ngtcp2 + * sets it to :macro:`NGTCP2_VERSION_AGE` but a future version may + * bump it and add more struct fields at the bottom + */ + int age; + /** + * :member:`version_num` is the :macro:`NGTCP2_VERSION_NUM` number + * (since :member:`age` ==1) + */ + int version_num; + /** + * :member:`version_str` points to the :macro:`NGTCP2_VERSION` + * string (since :member:`age` ==1) + */ + const char *version_str; + /* -------- the above fields all exist when age == 1 */ +} ngtcp2_info; + +/** + * @function + * + * `ngtcp2_version` returns a pointer to a :type:`ngtcp2_info` struct + * with version information about the run-time library in use. The + * |least_version| argument can be set to a 24 bit numerical value for + * the least accepted version number, and if the condition is not met, + * this function will return a ``NULL``. Pass in 0 to skip the + * version checking. + */ +NGTCP2_EXTERN const ngtcp2_info *ngtcp2_version(int least_version); + +/** + * @function + * + * `ngtcp2_is_bidi_stream` returns nonzero if |stream_id| denotes + * bidirectional stream. + */ +NGTCP2_EXTERN int ngtcp2_is_bidi_stream(int64_t stream_id); + +/** + * @function + * + * `ngtcp2_path_copy` copies |src| into |dest|. This function assumes + * that |dest| has enough buffer to store the deep copy of + * :member:`src->local ` and :member:`src->remote + * `. + */ +NGTCP2_EXTERN void ngtcp2_path_copy(ngtcp2_path *dest, const ngtcp2_path *src); + +/** + * @function + * + * `ngtcp2_path_eq` returns nonzero if |a| and |b| shares the same + * local and remote addresses. + */ +NGTCP2_EXTERN int ngtcp2_path_eq(const ngtcp2_path *a, const ngtcp2_path *b); + +/** + * @function + * + * `ngtcp2_is_supported_version` returns nonzero if the library + * supports QUIC version |version|. + */ +NGTCP2_EXTERN int ngtcp2_is_supported_version(uint32_t version); + +/** + * @function + * + * `ngtcp2_is_reserved_version` returns nonzero if |version| is a + * reserved version. + */ +NGTCP2_EXTERN int ngtcp2_is_reserved_version(uint32_t version); + +/** + * @function + * + * `ngtcp2_select_version` selects and returns a version from the + * version set |offered_versions| of |offered_versionslen| elements. + * |preferred_versions| of |preferred_versionslen| elements specifies + * the preference of versions, which is sorted in the order of + * preference. All versions included in |preferred_versions| must be + * supported by the library, that is, passing any version in the array + * to `ngtcp2_is_supported_version` must return nonzero. This + * function is intended to be used by client when it receives Version + * Negotiation packet. If no version is selected, this function + * returns 0. + */ +NGTCP2_EXTERN uint32_t ngtcp2_select_version(const uint32_t *preferred_versions, + size_t preferred_versionslen, + const uint32_t *offered_versions, + size_t offered_versionslen); + +/* + * Versioned function wrappers + */ + +/* + * `ngtcp2_conn_read_pkt` is a wrapper around + * `ngtcp2_conn_read_pkt_versioned` to set the correct struct version. + */ +#define ngtcp2_conn_read_pkt(CONN, PATH, PI, PKT, PKTLEN, TS) \ + ngtcp2_conn_read_pkt_versioned((CONN), (PATH), NGTCP2_PKT_INFO_VERSION, \ + (PI), (PKT), (PKTLEN), (TS)) + +/* + * `ngtcp2_conn_write_pkt` is a wrapper around + * `ngtcp2_conn_write_pkt_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_write_pkt(CONN, PATH, PI, DEST, DESTLEN, TS) \ + ngtcp2_conn_write_pkt_versioned((CONN), (PATH), NGTCP2_PKT_INFO_VERSION, \ + (PI), (DEST), (DESTLEN), (TS)) + +/* + * `ngtcp2_conn_write_stream` is a wrapper around + * `ngtcp2_conn_write_stream_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_write_stream(CONN, PATH, PI, DEST, DESTLEN, PDATALEN, \ + FLAGS, STREAM_ID, DATA, DATALEN, TS) \ + ngtcp2_conn_write_stream_versioned( \ + (CONN), (PATH), NGTCP2_PKT_INFO_VERSION, (PI), (DEST), (DESTLEN), \ + (PDATALEN), (FLAGS), (STREAM_ID), (DATA), (DATALEN), (TS)) + +/* + * `ngtcp2_conn_writev_stream` is a wrapper around + * `ngtcp2_conn_writev_stream_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_writev_stream(CONN, PATH, PI, DEST, DESTLEN, PDATALEN, \ + FLAGS, STREAM_ID, DATAV, DATAVCNT, TS) \ + ngtcp2_conn_writev_stream_versioned( \ + (CONN), (PATH), NGTCP2_PKT_INFO_VERSION, (PI), (DEST), (DESTLEN), \ + (PDATALEN), (FLAGS), (STREAM_ID), (DATAV), (DATAVCNT), (TS)) + +/* + * `ngtcp2_conn_write_datagram` is a wrapper around + * `ngtcp2_conn_write_datagram_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_write_datagram(CONN, PATH, PI, DEST, DESTLEN, PACCEPTED, \ + FLAGS, DGRAM_ID, DATA, DATALEN, TS) \ + ngtcp2_conn_write_datagram_versioned( \ + (CONN), (PATH), NGTCP2_PKT_INFO_VERSION, (PI), (DEST), (DESTLEN), \ + (PACCEPTED), (FLAGS), (DGRAM_ID), (DATA), (DATALEN), (TS)) + +/* + * `ngtcp2_conn_writev_datagram` is a wrapper around + * `ngtcp2_conn_writev_datagram_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_writev_datagram(CONN, PATH, PI, DEST, DESTLEN, PACCEPTED, \ + FLAGS, DGRAM_ID, DATAV, DATAVCNT, TS) \ + ngtcp2_conn_writev_datagram_versioned( \ + (CONN), (PATH), NGTCP2_PKT_INFO_VERSION, (PI), (DEST), (DESTLEN), \ + (PACCEPTED), (FLAGS), (DGRAM_ID), (DATAV), (DATAVCNT), (TS)) + +/* + * `ngtcp2_conn_write_connection_close` is a wrapper around + * `ngtcp2_conn_write_connection_close_versioned` to set the correct + * struct version. + */ +#define ngtcp2_conn_write_connection_close(CONN, PATH, PI, DEST, DESTLEN, \ + CCERR, TS) \ + ngtcp2_conn_write_connection_close_versioned( \ + (CONN), (PATH), NGTCP2_PKT_INFO_VERSION, (PI), (DEST), (DESTLEN), (CCERR), \ + (TS)) + +/* + * `ngtcp2_transport_params_encode` is a wrapper around + * `ngtcp2_transport_params_encode_versioned` to set the correct + * struct version. + */ +#define ngtcp2_transport_params_encode(DEST, DESTLEN, PARAMS) \ + ngtcp2_transport_params_encode_versioned( \ + (DEST), (DESTLEN), NGTCP2_TRANSPORT_PARAMS_VERSION, (PARAMS)) + +/* + * `ngtcp2_transport_params_decode` is a wrapper around + * `ngtcp2_transport_params_decode_versioned` to set the correct + * struct version. + */ +#define ngtcp2_transport_params_decode(PARAMS, DATA, DATALEN) \ + ngtcp2_transport_params_decode_versioned(NGTCP2_TRANSPORT_PARAMS_VERSION, \ + (PARAMS), (DATA), (DATALEN)) + +/* + * `ngtcp2_conn_client_new` is a wrapper around + * `ngtcp2_conn_client_new_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_client_new(PCONN, DCID, SCID, PATH, VERSION, CALLBACKS, \ + SETTINGS, PARAMS, MEM, USER_DATA) \ + ngtcp2_conn_client_new_versioned( \ + (PCONN), (DCID), (SCID), (PATH), (VERSION), NGTCP2_CALLBACKS_VERSION, \ + (CALLBACKS), NGTCP2_SETTINGS_VERSION, (SETTINGS), \ + NGTCP2_TRANSPORT_PARAMS_VERSION, (PARAMS), (MEM), (USER_DATA)) + +/* + * `ngtcp2_conn_server_new` is a wrapper around + * `ngtcp2_conn_server_new_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_server_new(PCONN, DCID, SCID, PATH, VERSION, CALLBACKS, \ + SETTINGS, PARAMS, MEM, USER_DATA) \ + ngtcp2_conn_server_new_versioned( \ + (PCONN), (DCID), (SCID), (PATH), (VERSION), NGTCP2_CALLBACKS_VERSION, \ + (CALLBACKS), NGTCP2_SETTINGS_VERSION, (SETTINGS), \ + NGTCP2_TRANSPORT_PARAMS_VERSION, (PARAMS), (MEM), (USER_DATA)) + +/* + * `ngtcp2_conn_set_local_transport_params` is a wrapper around + * `ngtcp2_conn_set_local_transport_params_versioned` to set the + * correct struct version. + */ +#define ngtcp2_conn_set_local_transport_params(CONN, PARAMS) \ + ngtcp2_conn_set_local_transport_params_versioned( \ + (CONN), NGTCP2_TRANSPORT_PARAMS_VERSION, (PARAMS)) + +/* + * `ngtcp2_transport_params_default` is a wrapper around + * `ngtcp2_transport_params_default_versioned` to set the correct + * struct version. + */ +#define ngtcp2_transport_params_default(PARAMS) \ + ngtcp2_transport_params_default_versioned(NGTCP2_TRANSPORT_PARAMS_VERSION, \ + (PARAMS)) + +/* + * `ngtcp2_conn_get_conn_info` is a wrapper around + * `ngtcp2_conn_get_conn_info_versioned` to set the correct struct + * version. + */ +#define ngtcp2_conn_get_conn_info(CONN, CINFO) \ + ngtcp2_conn_get_conn_info_versioned((CONN), NGTCP2_CONN_INFO_VERSION, (CINFO)) + +/* + * `ngtcp2_settings_default` is a wrapper around + * `ngtcp2_settings_default_versioned` to set the correct struct + * version. + */ +#define ngtcp2_settings_default(SETTINGS) \ + ngtcp2_settings_default_versioned(NGTCP2_SETTINGS_VERSION, (SETTINGS)) + +#ifdef _MSC_VER +# pragma warning(pop) +#endif /* defined(_MSC_VER) */ + +#ifdef __cplusplus +} +#endif /* defined(__cplusplus) */ + +#endif /* !defined(NGTCP2_H) */ diff --git a/includes/curl/ngtcp2/ngtcp2_crypto.h b/includes/curl/ngtcp2/ngtcp2_crypto.h new file mode 100644 index 0000000..003ec6b --- /dev/null +++ b/includes/curl/ngtcp2/ngtcp2_crypto.h @@ -0,0 +1,963 @@ +/* + * ngtcp2 + * + * Copyright (c) 2019 ngtcp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGTCP2_CRYPTO_H +#define NGTCP2_CRYPTO_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif /* defined(__cplusplus) */ + +#ifdef WIN32 +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif /* !defined(WIN32_LEAN_AND_MEAN) */ +# include +#endif /* defined(WIN32) */ + +/** + * @macrosection + * + * ngtcp2 crypto library error codes + */ + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_ERR_INTERNAL` indicates an internal error. + */ +#define NGTCP2_CRYPTO_ERR_INTERNAL -201 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_ERR_UNREADABLE_TOKEN` indicates that a token + * is unreadable because it is not correctly formatted; or verifying + * the integrity protection failed. + */ +#define NGTCP2_CRYPTO_ERR_UNREADABLE_TOKEN -202 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_ERR_VERIFY_TOKEN` indicates that a token does + * not probe the client address; or the token validity has expired; or + * it contains invalid Connection ID. + */ +#define NGTCP2_CRYPTO_ERR_VERIFY_TOKEN -203 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_ERR_NOMEM` indicates out of memory. + */ +#define NGTCP2_CRYPTO_ERR_NOMEM -501 + +/** + * @function + * + * `ngtcp2_crypto_ctx_tls` initializes |ctx| by extracting negotiated + * ciphers and message digests from native TLS session + * |tls_native_handle|. This is used for encrypting/decrypting + * Handshake and 1-RTT packets. If it is unable to obtain necessary + * data from |tls_native_handle|, this function returns NULL. + * + * If libngtcp2_crypto_quictls is linked, |tls_native_handle| must be + * a pointer to SSL object. + */ +NGTCP2_EXTERN ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_tls(ngtcp2_crypto_ctx *ctx, + void *tls_native_handle); + +/** + * @function + * + * `ngtcp2_crypto_ctx_tls_early` initializes |ctx| by extracting early + * ciphers and message digests from native TLS session + * |tls_native_handle|. This is used for encrypting/decrypting 0-RTT + * packets. If it is unable to obtain necessary data from + * |tls_native_handle|, this function returns NULL. + * + * If libngtcp2_crypto_quictls is linked, |tls_native_handle| must be + * a pointer to SSL object. + */ +NGTCP2_EXTERN ngtcp2_crypto_ctx * +ngtcp2_crypto_ctx_tls_early(ngtcp2_crypto_ctx *ctx, void *tls_native_handle); + +/** + * @function + * + * `ngtcp2_crypto_md_init` initializes |md| with the provided + * |md_native_handle| which is an underlying message digest object. + * + * If libngtcp2_crypto_quictls is linked, |md_native_handle| must be a + * pointer to EVP_MD. + * + * If libngtcp2_crypto_gnutls is linked, |md_native_handle| must be + * gnutls_mac_algorithm_t casted to ``void *``. + * + * If libngtcp2_crypto_boringssl is linked, |md_native_handle| must be + * a pointer to EVP_MD. + */ +NGTCP2_EXTERN ngtcp2_crypto_md *ngtcp2_crypto_md_init(ngtcp2_crypto_md *md, + void *md_native_handle); + +/** + * @function + * + * `ngtcp2_crypto_md_hashlen` returns the length of |md| output. + */ +NGTCP2_EXTERN size_t ngtcp2_crypto_md_hashlen(const ngtcp2_crypto_md *md); + +/** + * @function + * + * `ngtcp2_crypto_aead_keylen` returns the length of key for |aead|. + */ +NGTCP2_EXTERN size_t ngtcp2_crypto_aead_keylen(const ngtcp2_crypto_aead *aead); + +/** + * @function + * + * `ngtcp2_crypto_aead_noncelen` returns the length of nonce for + * |aead|. + */ +NGTCP2_EXTERN size_t +ngtcp2_crypto_aead_noncelen(const ngtcp2_crypto_aead *aead); + +/** + * @function + * + * `ngtcp2_crypto_hkdf_extract` performs HKDF extract operation. + * + * The length of output is `ngtcp2_crypto_md_hashlen(md) + * `. The output is stored in the buffer + * pointed by |dest|. The caller is responsible to specify the buffer + * that has enough capacity to store the output. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_hkdf_extract(uint8_t *dest, const ngtcp2_crypto_md *md, + const uint8_t *secret, size_t secretlen, + const uint8_t *salt, size_t saltlen); + +/** + * @function + * + * `ngtcp2_crypto_hkdf_expand` performs HKDF expand operation. The + * result is |destlen| bytes long, and is stored in the buffer pointed + * by |dest|. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_hkdf_expand( + uint8_t *dest, size_t destlen, const ngtcp2_crypto_md *md, + const uint8_t *secret, size_t secretlen, const uint8_t *info, size_t infolen); + +/** + * @function + * + * `ngtcp2_crypto_hkdf` performs HKDF operation. The result is + * |destlen| bytes long, and is stored in the buffer pointed by + * |dest|. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_hkdf(uint8_t *dest, size_t destlen, + const ngtcp2_crypto_md *md, + const uint8_t *secret, size_t secretlen, + const uint8_t *salt, size_t saltlen, + const uint8_t *info, size_t infolen); + +/** + * @function + * + * `ngtcp2_crypto_packet_protection_ivlen` returns the length of IV + * used to encrypt QUIC packet. + */ +NGTCP2_EXTERN size_t +ngtcp2_crypto_packet_protection_ivlen(const ngtcp2_crypto_aead *aead); + +/** + * @function + * + * `ngtcp2_crypto_encrypt` encrypts |plaintext| of length + * |plaintextlen| and writes the ciphertext into the buffer pointed by + * |dest|. The length of ciphertext is |plaintextlen| + + * :member:`aead->max_overhead ` + * bytes long. |dest| must have enough capacity to store the + * ciphertext. |dest| and |plaintext| may point to the same buffer. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_encrypt(uint8_t *dest, + const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx, + const uint8_t *plaintext, + size_t plaintextlen, + const uint8_t *nonce, size_t noncelen, + const uint8_t *aad, size_t aadlen); + +/** + * @function + * + * `ngtcp2_crypto_encrypt_cb` is a wrapper function around + * `ngtcp2_crypto_encrypt`. It can be directly passed to + * :member:`ngtcp2_callbacks.encrypt` field. + * + * This function returns 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE`. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_encrypt_cb(uint8_t *dest, const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx, + const uint8_t *plaintext, size_t plaintextlen, + const uint8_t *nonce, size_t noncelen, + const uint8_t *aad, size_t aadlen); + +/** + * @function + * + * `ngtcp2_crypto_decrypt` decrypts |ciphertext| of length + * |ciphertextlen| and writes the plaintext into the buffer pointed by + * |dest|. The length of plaintext is |ciphertextlen| - + * :member:`aead->max_overhead ` + * bytes long. |dest| must have enough capacity to store the + * plaintext. |dest| and |ciphertext| may point to the same buffer. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_decrypt(uint8_t *dest, + const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx, + const uint8_t *ciphertext, + size_t ciphertextlen, + const uint8_t *nonce, size_t noncelen, + const uint8_t *aad, size_t aadlen); + +/** + * @function + * + * `ngtcp2_crypto_decrypt_cb` is a wrapper function around + * `ngtcp2_crypto_decrypt`. It can be directly passed to + * :member:`ngtcp2_callbacks.decrypt` field. + * + * This function returns 0 if it succeeds, or + * :macro:`NGTCP2_ERR_TLS_DECRYPT`. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_decrypt_cb(uint8_t *dest, const ngtcp2_crypto_aead *aead, + const ngtcp2_crypto_aead_ctx *aead_ctx, + const uint8_t *ciphertext, size_t ciphertextlen, + const uint8_t *nonce, size_t noncelen, + const uint8_t *aad, size_t aadlen); + +/** + * @function + * + * `ngtcp2_crypto_hp_mask` generates a mask which is used in packet + * header encryption. The mask is written to the buffer pointed by + * |dest|. The sample is passed as |sample| which is + * :macro:`NGTCP2_HP_SAMPLELEN` bytes long. The length of mask must + * be at least :macro:`NGTCP2_HP_MASKLEN`. The library only uses the + * first :macro:`NGTCP2_HP_MASKLEN` bytes of the produced mask. The + * buffer pointed by |dest| must have at least + * :macro:`NGTCP2_HP_SAMPLELEN` bytes available. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_hp_mask(uint8_t *dest, + const ngtcp2_crypto_cipher *hp, + const ngtcp2_crypto_cipher_ctx *hp_ctx, + const uint8_t *sample); + +/** + * @function + * + * `ngtcp2_crypto_hp_mask_cb` is a wrapper function around + * `ngtcp2_crypto_hp_mask`. It can be directly passed to + * :member:`ngtcp2_callbacks.hp_mask` field. + * + * This function returns 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE`. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_hp_mask_cb(uint8_t *dest, const ngtcp2_crypto_cipher *hp, + const ngtcp2_crypto_cipher_ctx *hp_ctx, + const uint8_t *sample); + +/** + * @function + * + * `ngtcp2_crypto_derive_and_install_rx_key` derives the decryption + * keying materials from |secret|, and installs them to |conn|. + * + * If |key| is not NULL, the derived packet protection key is written + * to the buffer pointed by |key|. If |iv| is not NULL, the derived + * packet protection IV is written to the buffer pointed by |iv|. If + * |hp| is not NULL, the derived header protection key is written to + * the buffer pointed by |hp|. + * + * |secretlen| specifies the length of |secret|. + * + * The length of packet protection key and header protection key is + * `ngtcp2_crypto_aead_keylen(ctx->aead) `, + * and the length of packet protection IV is + * `ngtcp2_crypto_packet_protection_ivlen(ctx->aead) + * ` where ctx is obtained by + * `ngtcp2_crypto_ctx_tls` (or `ngtcp2_crypto_ctx_tls_early` if + * |level| == + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`). + * + * In the first call of this function, it calls + * `ngtcp2_conn_set_crypto_ctx` (or `ngtcp2_conn_set_early_crypto_ctx` + * if |level| == + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`) to + * set negotiated AEAD and message digest algorithm. After the + * successful call of this function, application can use + * `ngtcp2_conn_get_crypto_ctx` (or `ngtcp2_conn_get_0rtt_crypto_ctx` + * if |level| == + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`) to + * get :type:`ngtcp2_crypto_ctx`. + * + * If |conn| is initialized as client, and |level| is + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_1RTT`, this + * function retrieves a remote QUIC transport parameters extension + * from an object obtained by `ngtcp2_conn_get_tls_native_handle`, and + * sets it to |conn| by calling + * `ngtcp2_conn_decode_and_set_remote_transport_params`. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_rx_key( + ngtcp2_conn *conn, uint8_t *key, uint8_t *iv, uint8_t *hp, + ngtcp2_encryption_level level, const uint8_t *secret, size_t secretlen); + +/** + * @function + * + * `ngtcp2_crypto_derive_and_install_tx_key` derives the encryption + * keying materials from |secret|, and installs new keys to |conn|. + * + * If |key| is not NULL, the derived packet protection key is written + * to the buffer pointed by |key|. If |iv| is not NULL, the derived + * packet protection IV is written to the buffer pointed by |iv|. If + * |hp| is not NULL, the derived header protection key is written to + * the buffer pointed by |hp|. + * + * |secretlen| specifies the length of |secret|. + * + * The length of packet protection key and header protection key is + * `ngtcp2_crypto_aead_keylen(ctx->aead) `, + * and the length of packet protection IV is + * `ngtcp2_crypto_packet_protection_ivlen(ctx->aead) + * ` where ctx is obtained by + * `ngtcp2_crypto_ctx_tls` (or `ngtcp2_crypto_ctx_tls_early` if + * |level| == + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`). + * + * In the first call of this function, it calls + * `ngtcp2_conn_set_crypto_ctx` (or `ngtcp2_conn_set_early_crypto_ctx` + * if |level| == + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`) to + * set negotiated AEAD and message digest algorithm. After the + * successful call of this function, application can use + * `ngtcp2_conn_get_crypto_ctx` (or `ngtcp2_conn_get_0rtt_crypto_ctx` + * if |level| == + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_0RTT`) to + * get :type:`ngtcp2_crypto_ctx`. + * + * If |conn| is initialized as server, and |level| is + * :enum:`ngtcp2_encryption_level.NGTCP2_ENCRYPTION_LEVEL_1RTT`, this + * function retrieves a remote QUIC transport parameters extension + * from an object obtained by `ngtcp2_conn_get_tls_native_handle`, and + * sets it to |conn| by calling + * `ngtcp2_conn_decode_and_set_remote_transport_params`. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_derive_and_install_tx_key( + ngtcp2_conn *conn, uint8_t *key, uint8_t *iv, uint8_t *hp, + ngtcp2_encryption_level level, const uint8_t *secret, size_t secretlen); + +/** + * @function + * + * `ngtcp2_crypto_update_key` updates traffic keying materials. + * + * The new decryption traffic secret is written to the buffer pointed + * by |rx_secret|. The length of secret is |secretlen| bytes, and + * |rx_secret| must point to the buffer which has enough capacity. + * + * The new encryption traffic secret is written to the buffer pointed + * by |tx_secret|. The length of secret is |secretlen| bytes, and + * |tx_secret| must point to the buffer which has enough capacity. + * + * The derived decryption packet protection key is written to the + * buffer pointed by |rx_key|. The derived decryption packet + * protection IV is written to the buffer pointed by |rx_iv|. + * |rx_aead_ctx| is initialized with the derived key and IV. + * + * The derived encryption packet protection key is written to the + * buffer pointed by |tx_key|. The derived encryption packet + * protection IV is written to the buffer pointed by |tx_iv|. + * |tx_aead_ctx| is initialized with the derived key and IV. + * + * |current_rx_secret| and |current_tx_secret| are the current + * decryption and encryption traffic secrets respectively. They share + * the same length with |rx_secret| and |tx_secret|. + * + * The length of packet protection key and header protection key is + * `ngtcp2_crypto_aead_keylen(ctx->aead) `, + * and the length of packet protection IV is + * `ngtcp2_crypto_packet_protection_ivlen(ctx->aead) + * ` where ctx is obtained by + * `ngtcp2_crypto_ctx_tls`. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_update_key( + ngtcp2_conn *conn, uint8_t *rx_secret, uint8_t *tx_secret, + ngtcp2_crypto_aead_ctx *rx_aead_ctx, uint8_t *rx_key, uint8_t *rx_iv, + ngtcp2_crypto_aead_ctx *tx_aead_ctx, uint8_t *tx_key, uint8_t *tx_iv, + const uint8_t *current_rx_secret, const uint8_t *current_tx_secret, + size_t secretlen); + +/** + * @function + * + * `ngtcp2_crypto_update_key_cb` is a wrapper function around + * `ngtcp2_crypto_update_key`. It can be directly passed to + * :member:`ngtcp2_callbacks.update_key` field. + * + * This function returns 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE`. + */ +NGTCP2_EXTERN int ngtcp2_crypto_update_key_cb( + ngtcp2_conn *conn, uint8_t *rx_secret, uint8_t *tx_secret, + ngtcp2_crypto_aead_ctx *rx_aead_ctx, uint8_t *rx_iv, + ngtcp2_crypto_aead_ctx *tx_aead_ctx, uint8_t *tx_iv, + const uint8_t *current_rx_secret, const uint8_t *current_tx_secret, + size_t secretlen, void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_client_initial_cb` installs initial secrets and + * encryption keys, and sets QUIC transport parameters. + * + * This function can be directly passed to + * :member:`ngtcp2_callbacks.client_initial` field. It is only used + * by client. + * + * This function returns 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE`. + */ +NGTCP2_EXTERN int ngtcp2_crypto_client_initial_cb(ngtcp2_conn *conn, + void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_recv_retry_cb` re-installs initial secrets in + * response to incoming Retry packet. + * + * This function can be directly passed to + * :member:`ngtcp2_callbacks.recv_retry` field. It is only used by + * client. + * + * This function returns 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE`. + */ +NGTCP2_EXTERN int ngtcp2_crypto_recv_retry_cb(ngtcp2_conn *conn, + const ngtcp2_pkt_hd *hd, + void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_recv_client_initial_cb` installs initial secrets in + * response to an incoming Initial packet from client, and sets QUIC + * transport parameters. + * + * This function can be directly passed to + * :member:`ngtcp2_callbacks.recv_client_initial` field. It is only + * used by server. + * + * This function returns 0 if it succeeds, or + * :macro:`NGTCP2_ERR_CALLBACK_FAILURE`. + */ +NGTCP2_EXTERN int ngtcp2_crypto_recv_client_initial_cb(ngtcp2_conn *conn, + const ngtcp2_cid *dcid, + void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_read_write_crypto_data` reads CRYPTO data |data| of + * length |datalen| in an encryption level |encryption_level|, and may + * feed outgoing CRYPTO data to |conn|. This function can drive + * handshake. This function can be also used after handshake + * completes. It is allowed to call this function with |datalen| == + * 0. In this case, no additional read operation is done. + * + * This function returns 0 if it succeeds, or a negative error code. + * The generic error code is -1 if a specific error code is not + * suitable. The error codes less than -10000 are specific to + * underlying TLS implementation. For quictls, the error codes are + * defined in *ngtcp2_crypto_quictls.h*. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn, + ngtcp2_encryption_level encryption_level, + const uint8_t *data, size_t datalen); + +/** + * @function + * + * `ngtcp2_crypto_recv_crypto_data_cb` is a wrapper function around + * `ngtcp2_crypto_read_write_crypto_data`. It can be directly passed + * to :member:`ngtcp2_callbacks.recv_crypto_data` field. + * + * If this function is used, the TLS implementation specific error + * codes described in `ngtcp2_crypto_read_write_crypto_data` are + * treated as if it returns -1. Do not use this function if an + * application wishes to use the TLS implementation specific error + * codes. + */ +NGTCP2_EXTERN int ngtcp2_crypto_recv_crypto_data_cb( + ngtcp2_conn *conn, ngtcp2_encryption_level encryption_level, uint64_t offset, + const uint8_t *data, size_t datalen, void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_generate_stateless_reset_token` generates a + * stateless reset token using HKDF extraction using the given |cid| + * and |secret| as input. The token will be written to the buffer + * pointed by |token|, and it must have a capacity of at least + * :macro:`NGTCP2_STATELESS_RESET_TOKENLEN` bytes. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_generate_stateless_reset_token( + uint8_t *token, const uint8_t *secret, size_t secretlen, + const ngtcp2_cid *cid); + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_TOKEN_RAND_DATALEN` is the length of random + * data added to a token generated by + * `ngtcp2_crypto_generate_retry_token` or + * `ngtcp2_crypto_generate_regular_token`. + */ +#define NGTCP2_CRYPTO_TOKEN_RAND_DATALEN 16 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY` is the magic byte for + * Retry token generated by `ngtcp2_crypto_generate_retry_token`. + */ +#define NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY 0xb6 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY2` is the magic byte for + * Retry token generated by `ngtcp2_crypto_generate_retry_token2`. + */ +#define NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY2 0xb7 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_REGULAR` is the magic byte for a + * token generated by `ngtcp2_crypto_generate_regular_token`. + */ +#define NGTCP2_CRYPTO_TOKEN_MAGIC_REGULAR 0x36 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN` is the maximum length of + * a token generated by `ngtcp2_crypto_generate_retry_token`. + */ +#define NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN \ + (/* magic = */ 1 + /* cid len = */ 1 + NGTCP2_MAX_CIDLEN + \ + sizeof(ngtcp2_tstamp) + /* aead tag = */ 16 + \ + NGTCP2_CRYPTO_TOKEN_RAND_DATALEN) + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN2` is the maximum length of + * a token generated by `ngtcp2_crypto_generate_retry_token2`. + */ +#define NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN2 \ + (/* magic = */ 1 + sizeof(ngtcp2_sockaddr_union) + /* cid len = */ 1 + \ + NGTCP2_MAX_CIDLEN + sizeof(ngtcp2_tstamp) + /* aead tag = */ 16 + \ + NGTCP2_CRYPTO_TOKEN_RAND_DATALEN) + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_MAX_REGULAR_TOKENLEN` is the maximum length + * of a token generated by `ngtcp2_crypto_generate_regular_token`. + */ +#define NGTCP2_CRYPTO_MAX_REGULAR_TOKENLEN \ + (/* magic = */ 1 + sizeof(ngtcp2_tstamp) + /* aead tag = */ 16 + \ + NGTCP2_CRYPTO_TOKEN_RAND_DATALEN) + +/** + * @function + * + * `ngtcp2_crypto_generate_retry_token` generates a token in the + * buffer pointed by |token| that is sent with Retry packet. The + * buffer pointed by |token| must have at least + * :macro:`NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN` bytes long. The + * successfully generated token starts with + * :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY`. |secret| of length + * |secretlen| is a keying material to generate keys to encrypt the + * token. |version| is QUIC version. |remote_addr| of length + * |remote_addrlen| is an address of client. |retry_scid| is a Source + * Connection ID chosen by server, and set in Retry packet. |odcid| + * is a Destination Connection ID in Initial packet sent by client. + * |ts| is the timestamp when the token is generated. + * + * See also `ngtcp2_crypto_generate_retry_token2`. + * + * This function returns the length of generated token if it succeeds, + * or -1. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_crypto_generate_retry_token( + uint8_t *token, const uint8_t *secret, size_t secretlen, uint32_t version, + const ngtcp2_sockaddr *remote_addr, ngtcp2_socklen remote_addrlen, + const ngtcp2_cid *retry_scid, const ngtcp2_cid *odcid, ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_crypto_verify_retry_token` verifies Retry token stored in + * the buffer pointed by |token| of length |tokenlen|. |secret| of + * length |secretlen| is a keying material to generate keys to decrypt + * the token. |version| is QUIC version of the Initial packet that + * contains this token. |remote_addr| of length |remote_addrlen| is + * an address of client. |dcid| is a Destination Connection ID in + * Initial packet sent by client. |timeout| is the period during + * which the token is valid. |ts| is the current timestamp. When + * validation succeeds, the extracted Destination Connection ID (which + * is the Destination Connection ID in Initial packet sent by client + * that triggered Retry packet) is stored in the buffer pointed by + * |odcid|. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_verify_retry_token( + ngtcp2_cid *odcid, const uint8_t *token, size_t tokenlen, + const uint8_t *secret, size_t secretlen, uint32_t version, + const ngtcp2_sockaddr *remote_addr, ngtcp2_socklen remote_addrlen, + const ngtcp2_cid *dcid, ngtcp2_duration timeout, ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_crypto_generate_retry_token2` generates a token in the + * buffer pointed by |token| that is sent with Retry packet. The + * buffer pointed by |token| must have at least + * :macro:`NGTCP2_CRYPTO_MAX_RETRY_TOKENLEN2` bytes long. The + * successfully generated token starts with + * :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY2`. |secret| of length + * |secretlen| is a keying material to generate keys to encrypt the + * token. |version| is QUIC version. |remote_addr| of length + * |remote_addrlen| is an address of client. |retry_scid| is a Source + * Connection ID chosen by server, and set in Retry packet. |odcid| + * is a Destination Connection ID in Initial packet sent by client. + * |ts| is the timestamp when the token is generated. + * + * Use this function instead of `ngtcp2_crypto_generate_retry_token` + * if more detailed error handling is required when verifying the + * token. `ngtcp2_crypto_verify_retry_token2` must be used to verify + * the token. + * + * This function returns the length of generated token if it succeeds, + * or -1. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_crypto_generate_retry_token2( + uint8_t *token, const uint8_t *secret, size_t secretlen, uint32_t version, + const ngtcp2_sockaddr *remote_addr, ngtcp2_socklen remote_addrlen, + const ngtcp2_cid *retry_scid, const ngtcp2_cid *odcid, ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_crypto_verify_retry_token2` verifies Retry token stored in + * the buffer pointed by |token| of length |tokenlen|. |secret| of + * length |secretlen| is a keying material to generate keys to decrypt + * the token. |version| is QUIC version of the Initial packet that + * contains this token. |remote_addr| of length |remote_addrlen| is + * an address of client. |dcid| is a Destination Connection ID in + * Initial packet sent by client. |timeout| is the period during + * which the token is valid. |ts| is the current timestamp. When + * validation succeeds, the extracted Destination Connection ID (which + * is the Destination Connection ID in Initial packet sent by client + * that triggered Retry packet) is stored in the buffer pointed by + * |odcid|. + * + * The token must be generated by + * `ngtcp2_crypto_generate_retry_token2`. + * + * This function returns 0 if it succeeds, or one of the following + * negative error codes: + * + * :macro:`NGTCP2_CRYPTO_ERR_UNREADABLE_TOKEN` + * A token is badly formatted; or verifying the integrity + * protection failed. + * :macro:`NGTCP2_CRYPTO_ERR_VERIFY_TOKEN` + * A token does not probe the client address; or the token + * validity has expired; or it contains invalid Connection ID. + * :macro:`NGTCP2_CRYPTO_ERR_INTERNAL` + * Internal error occurred. + */ +NGTCP2_EXTERN int ngtcp2_crypto_verify_retry_token2( + ngtcp2_cid *odcid, const uint8_t *token, size_t tokenlen, + const uint8_t *secret, size_t secretlen, uint32_t version, + const ngtcp2_sockaddr *remote_addr, ngtcp2_socklen remote_addrlen, + const ngtcp2_cid *dcid, ngtcp2_duration timeout, ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_crypto_generate_regular_token` generates a token in the + * buffer pointed by |token| that is sent with NEW_TOKEN frame. The + * buffer pointed by |token| must have at least + * :macro:`NGTCP2_CRYPTO_MAX_REGULAR_TOKENLEN` bytes long. The + * successfully generated token starts with + * :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_REGULAR`. |secret| of length + * |secretlen| is a keying material to generate keys to encrypt the + * token. |remote_addr| of length |remote_addrlen| is an address of + * client. |ts| is the timestamp when the token is generated. + * + * This function returns the length of generated token if it succeeds, + * or -1. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_crypto_generate_regular_token( + uint8_t *token, const uint8_t *secret, size_t secretlen, + const ngtcp2_sockaddr *remote_addr, ngtcp2_socklen remote_addrlen, + ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_crypto_verify_regular_token` verifies a regular token + * stored in the buffer pointed by |token| of length |tokenlen|. + * |secret| of length |secretlen| is a keying material to generate + * keys to decrypt the token. |remote_addr| of length + * |remote_addrlen| is an address of client. |timeout| is the period + * during which the token is valid. |ts| is the current timestamp. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_verify_regular_token( + const uint8_t *token, size_t tokenlen, const uint8_t *secret, + size_t secretlen, const ngtcp2_sockaddr *remote_addr, + ngtcp2_socklen remote_addrlen, ngtcp2_duration timeout, ngtcp2_tstamp ts); + +/** + * @function + * + * `ngtcp2_crypto_write_connection_close` writes Initial packet + * containing CONNECTION_CLOSE with the given |error_code| and the + * optional |reason| of length |reasonlen| to the buffer pointed by + * |dest| of length |destlen|. This function is designed for server + * to close connection without committing the state when validating + * Retry token fails. This function must not be used by client. The + * |dcid| must be the Source Connection ID in Initial packet from + * client. The |scid| must be the Destination Connection ID in + * Initial packet from client. |scid| is used to derive initial + * keying materials. + * + * This function wraps around `ngtcp2_pkt_write_connection_close` for + * easier use. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_crypto_write_connection_close( + uint8_t *dest, size_t destlen, uint32_t version, const ngtcp2_cid *dcid, + const ngtcp2_cid *scid, uint64_t error_code, const uint8_t *reason, + size_t reasonlen); + +/** + * @function + * + * `ngtcp2_crypto_write_retry` writes Retry packet to the buffer + * pointed by |dest| of length |destlen|. |dcid| is the Connection ID + * which appeared in a packet as a Source Connection ID sent by + * client. |scid| is a server chosen Source Connection ID. |odcid| + * specifies Original Destination Connection ID which appeared in a + * packet as a Destination Connection ID sent by client. |token| + * specifies Retry Token, and |tokenlen| specifies its length. + * + * This function wraps around `ngtcp2_pkt_write_retry` for easier use. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN ngtcp2_ssize ngtcp2_crypto_write_retry( + uint8_t *dest, size_t destlen, uint32_t version, const ngtcp2_cid *dcid, + const ngtcp2_cid *scid, const ngtcp2_cid *odcid, const uint8_t *token, + size_t tokenlen); + +/** + * @function + * + * `ngtcp2_crypto_aead_ctx_encrypt_init` initializes |aead_ctx| with + * new AEAD cipher context object for encryption which is constructed + * to use |key| as encryption key. |aead| specifies AEAD cipher to + * use. |noncelen| is the length of nonce. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_aead_ctx_encrypt_init(ngtcp2_crypto_aead_ctx *aead_ctx, + const ngtcp2_crypto_aead *aead, + const uint8_t *key, size_t noncelen); + +/** + * @function + * + * `ngtcp2_crypto_aead_ctx_decrypt_init` initializes |aead_ctx| with + * new AEAD cipher context object for decryption which is constructed + * to use |key| as decryption key. |aead| specifies AEAD cipher to + * use. |noncelen| is the length of nonce. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_aead_ctx_decrypt_init(ngtcp2_crypto_aead_ctx *aead_ctx, + const ngtcp2_crypto_aead *aead, + const uint8_t *key, size_t noncelen); + +/** + * @function + * + * `ngtcp2_crypto_aead_ctx_free` frees up resources used by + * |aead_ctx|. This function does not free the memory pointed by + * |aead_ctx| itself. + */ +NGTCP2_EXTERN void +ngtcp2_crypto_aead_ctx_free(ngtcp2_crypto_aead_ctx *aead_ctx); + +/** + * @function + * + * `ngtcp2_crypto_delete_crypto_aead_ctx_cb` deletes the given + * |aead_ctx|. + * + * This function can be directly passed to + * :member:`ngtcp2_callbacks.delete_crypto_aead_ctx` field. + */ +NGTCP2_EXTERN void ngtcp2_crypto_delete_crypto_aead_ctx_cb( + ngtcp2_conn *conn, ngtcp2_crypto_aead_ctx *aead_ctx, void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_delete_crypto_cipher_ctx_cb` deletes the given + * |cipher_ctx|. + * + * This function can be directly passed to + * :member:`ngtcp2_callbacks.delete_crypto_cipher_ctx` field. + */ +NGTCP2_EXTERN void ngtcp2_crypto_delete_crypto_cipher_ctx_cb( + ngtcp2_conn *conn, ngtcp2_crypto_cipher_ctx *cipher_ctx, void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_get_path_challenge_data_cb` writes unpredictable + * sequence of :macro:`NGTCP2_PATH_CHALLENGE_DATALEN` bytes to |data| + * which is sent with PATH_CHALLENGE frame. + * + * This function can be directly passed to + * :member:`ngtcp2_callbacks.get_path_challenge_data` field. + */ +NGTCP2_EXTERN int ngtcp2_crypto_get_path_challenge_data_cb(ngtcp2_conn *conn, + uint8_t *data, + void *user_data); + +/** + * @function + * + * `ngtcp2_crypto_version_negotiation_cb` installs Initial keys for + * |version| which is negotiated or being negotiated. |client_dcid| + * is the destination connection ID in first Initial packet from + * client. + * + * This function can be directly passed to + * :member:`ngtcp2_callbacks.version_negotiation` field. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_version_negotiation_cb(ngtcp2_conn *conn, uint32_t version, + const ngtcp2_cid *client_dcid, + void *user_data); + +typedef struct ngtcp2_crypto_conn_ref ngtcp2_crypto_conn_ref; + +/** + * @functypedef + * + * :type:`ngtcp2_crypto_get_conn` is a callback function to get a + * pointer to :type:`ngtcp2_conn` from |conn_ref|. The implementation + * must return non-NULL :type:`ngtcp2_conn` object. + */ +typedef ngtcp2_conn *(*ngtcp2_crypto_get_conn)( + ngtcp2_crypto_conn_ref *conn_ref); + +/** + * @struct + * + * :type:`ngtcp2_crypto_conn_ref` is a structure to get a pointer to + * :type:`ngtcp2_conn`. It is meant to be set to TLS native handle as + * an application specific data (e.g. SSL_set_app_data in quictls). + */ +typedef struct ngtcp2_crypto_conn_ref { + /** + * :member:`get_conn` is a callback function to get a pointer to + * :type:`ngtcp2_conn` object. + */ + ngtcp2_crypto_get_conn get_conn; + /** + * :member:`user_data` is a pointer to arbitrary user data. + */ + void *user_data; +} ngtcp2_crypto_conn_ref; + +#ifdef __cplusplus +} +#endif /* defined(__cplusplus) */ + +#endif /* !defined(NGTCP2_CRYPTO_H) */ diff --git a/includes/curl/ngtcp2/ngtcp2_crypto_quictls.h b/includes/curl/ngtcp2/ngtcp2_crypto_quictls.h new file mode 100644 index 0000000..22e3eda --- /dev/null +++ b/includes/curl/ngtcp2/ngtcp2_crypto_quictls.h @@ -0,0 +1,147 @@ +/* + * ngtcp2 + * + * Copyright (c) 2019 ngtcp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGTCP2_CRYPTO_QUICTLS_H +#define NGTCP2_CRYPTO_QUICTLS_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif /* defined(__cplusplus) */ + +/** + * @macrosection + * + * quictls specific error codes + */ + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_X509_LOOKUP` is the + * error code which indicates that TLS handshake routine is + * interrupted by X509 certificate lookup. See + * :macro:`SSL_ERROR_WANT_X509_LOOKUP` error description from + * `SSL_do_handshake`. + */ +#define NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_X509_LOOKUP -10001 + +/** + * @macro + * + * :macro:`NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_CLIENT_HELLO_CB` is the + * error code which indicates that TLS handshake routine is + * interrupted by client hello callback. See + * :macro:`SSL_ERROR_WANT_CLIENT_HELLO_CB` error description from + * `SSL_do_handshake`. + */ +#define NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_CLIENT_HELLO_CB -10002 + +/** + * @function + * + * `ngtcp2_crypto_quictls_from_ossl_encryption_level` translates + * |ossl_level| to :type:`ngtcp2_encryption_level`. This function is + * only available for quictls backend. + */ +NGTCP2_EXTERN ngtcp2_encryption_level +ngtcp2_crypto_quictls_from_ossl_encryption_level( + OSSL_ENCRYPTION_LEVEL ossl_level); + +/** + * @function + * + * `ngtcp2_crypto_quictls_from_ngtcp2_encryption_level` translates + * |encryption_level| to OSSL_ENCRYPTION_LEVEL. This function is only + * available for quictls backend. + */ +NGTCP2_EXTERN OSSL_ENCRYPTION_LEVEL +ngtcp2_crypto_quictls_from_ngtcp2_encryption_level( + ngtcp2_encryption_level encryption_level); + +/** + * @function + * + * `ngtcp2_crypto_quictls_configure_server_context` configures + * |ssl_ctx| for server side QUIC connection. It performs the + * following modifications: + * + * - Set minimum and maximum TLS version to TLSv1.3. + * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method. + * + * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to + * SSL object by calling SSL_set_app_data, and + * :type:`ngtcp2_crypto_conn_ref` object must have + * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get + * :type:`ngtcp2_conn`. + * + * It returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_quictls_configure_server_context(SSL_CTX *ssl_ctx); + +/** + * @function + * + * `ngtcp2_crypto_quictls_configure_client_context` configures + * |ssl_ctx| for client side QUIC connection. It performs the + * following modifications: + * + * - Set minimum and maximum TLS version to TLSv1.3. + * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method. + * + * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to + * SSL object by calling SSL_set_app_data, and + * :type:`ngtcp2_crypto_conn_ref` object must have + * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get + * :type:`ngtcp2_conn`. + * + * It returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int +ngtcp2_crypto_quictls_configure_client_context(SSL_CTX *ssl_ctx); + +/** + * @function + * + * `ngtcp2_crypto_quictls_init` initializes libngtcp2_crypto_quictls + * library. This initialization is optional. For quictls >= 3.0, it + * is highly recommended to call this function before any use of + * libngtcp2_crypto library API to workaround the performance + * regression. Note that calling this function does not solve all + * performance issues introduced in 3.x. For quictls 1.1.1, this + * function does nothing, and always succeeds. + * + * This function returns 0 if it succeeds, or -1. + */ +NGTCP2_EXTERN int ngtcp2_crypto_quictls_init(void); + +#ifdef __cplusplus +} +#endif /* defined(__cplusplus) */ + +#endif /* !defined(NGTCP2_CRYPTO_QUICTLS_H) */ diff --git a/includes/curl/ngtcp2/version.h b/includes/curl/ngtcp2/version.h new file mode 100644 index 0000000..533f6d5 --- /dev/null +++ b/includes/curl/ngtcp2/version.h @@ -0,0 +1,51 @@ +/* + * ngtcp2 + * + * Copyright (c) 2016 ngtcp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGTCP2_VERSION_H +#define NGTCP2_VERSION_H + +/** + * @macrosection + * + * Library version macros + */ + +/** + * @macro + * + * Version number of the ngtcp2 library release. + */ +#define NGTCP2_VERSION "1.14.0" + +/** + * @macro + * + * Numerical representation of the version number of the ngtcp2 + * library release. This is a 24 bit number with 8 bits for major + * number, 8 bits for minor and 8 bits for patch. Version 1.2.3 + * becomes 0x010203. + */ +#define NGTCP2_VERSION_NUM 0x010e00 + +#endif /* !defined(NGTCP2_VERSION_H) */ diff --git a/includes/curl/openssl/aes.h b/includes/curl/openssl/aes.h new file mode 100644 index 0000000..8903a8e --- /dev/null +++ b/includes/curl/openssl/aes.h @@ -0,0 +1,120 @@ +/* $OpenBSD: aes.h,v 1.16 2025/01/25 17:59:44 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_AES_H +#define HEADER_AES_H + +#include + +#include + +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 + +/* Because array size can't be a const in C, the following two are macros. + Both sizes are in bytes. */ +#define AES_MAXNR 14 +#define AES_BLOCK_SIZE 16 + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ +struct aes_key_st { + unsigned int rd_key[4 *(AES_MAXNR + 1)]; + int rounds; +}; +typedef struct aes_key_st AES_KEY; + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); + +void AES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void AES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc); +void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); +void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, + const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, + const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, + const int enc); +void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num); +void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen); + + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_AES_H */ diff --git a/includes/curl/openssl/asn1.h b/includes/curl/openssl/asn1.h new file mode 100644 index 0000000..aeabbc0 --- /dev/null +++ b/includes/curl/openssl/asn1.h @@ -0,0 +1,1124 @@ +/* $OpenBSD: asn1.h,v 1.92 2024/04/10 14:55:12 beck Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ASN1_H +#define HEADER_ASN1_H + +#include + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define V_ASN1_UNIVERSAL 0x00 +#define V_ASN1_APPLICATION 0x40 +#define V_ASN1_CONTEXT_SPECIFIC 0x80 +#define V_ASN1_PRIVATE 0xc0 + +#define V_ASN1_CONSTRUCTED 0x20 +#define V_ASN1_PRIMITIVE_TAG 0x1f +#define V_ASN1_PRIMATIVE_TAG 0x1f + +#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ +#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ +#define V_ASN1_ANY -4 /* used in ASN1 template code */ + +#define V_ASN1_NEG 0x100 /* negative flag */ + +#define V_ASN1_UNDEF -1 +#define V_ASN1_EOC 0 +#define V_ASN1_BOOLEAN 1 /**/ +#define V_ASN1_INTEGER 2 +#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) +#define V_ASN1_BIT_STRING 3 +#define V_ASN1_OCTET_STRING 4 +#define V_ASN1_NULL 5 +#define V_ASN1_OBJECT 6 +#define V_ASN1_OBJECT_DESCRIPTOR 7 +#define V_ASN1_EXTERNAL 8 +#define V_ASN1_REAL 9 +#define V_ASN1_ENUMERATED 10 +#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) +#define V_ASN1_UTF8STRING 12 +#define V_ASN1_SEQUENCE 16 +#define V_ASN1_SET 17 +#define V_ASN1_NUMERICSTRING 18 /**/ +#define V_ASN1_PRINTABLESTRING 19 +#define V_ASN1_T61STRING 20 +#define V_ASN1_TELETEXSTRING 20 /* alias */ +#define V_ASN1_VIDEOTEXSTRING 21 /**/ +#define V_ASN1_IA5STRING 22 +#define V_ASN1_UTCTIME 23 +#define V_ASN1_GENERALIZEDTIME 24 /**/ +#define V_ASN1_GRAPHICSTRING 25 /**/ +#define V_ASN1_ISO64STRING 26 /**/ +#define V_ASN1_VISIBLESTRING 26 /* alias */ +#define V_ASN1_GENERALSTRING 27 /**/ +#define V_ASN1_UNIVERSALSTRING 28 /**/ +#define V_ASN1_BMPSTRING 30 + +#define B_ASN1_NUMERICSTRING 0x0001 +#define B_ASN1_PRINTABLESTRING 0x0002 +#define B_ASN1_T61STRING 0x0004 +#define B_ASN1_TELETEXSTRING 0x0004 +#define B_ASN1_VIDEOTEXSTRING 0x0008 +#define B_ASN1_IA5STRING 0x0010 +#define B_ASN1_GRAPHICSTRING 0x0020 +#define B_ASN1_ISO64STRING 0x0040 +#define B_ASN1_VISIBLESTRING 0x0040 +#define B_ASN1_GENERALSTRING 0x0080 +#define B_ASN1_UNIVERSALSTRING 0x0100 +#define B_ASN1_OCTET_STRING 0x0200 +#define B_ASN1_BIT_STRING 0x0400 +#define B_ASN1_BMPSTRING 0x0800 +#define B_ASN1_UNKNOWN 0x1000 +#define B_ASN1_UTF8STRING 0x2000 +#define B_ASN1_UTCTIME 0x4000 +#define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 + +/* For use with ASN1_mbstring_copy() */ +#define MBSTRING_FLAG 0x1000 +#define MBSTRING_UTF8 (MBSTRING_FLAG) +#define MBSTRING_ASC (MBSTRING_FLAG|1) +#define MBSTRING_BMP (MBSTRING_FLAG|2) +#define MBSTRING_UNIV (MBSTRING_FLAG|4) + +#define SMIME_OLDMIME 0x400 +#define SMIME_CRLFEOL 0x800 +#define SMIME_STREAM 0x1000 + +struct X509_algor_st; +DECLARE_STACK_OF(X509_ALGOR) + +#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ +#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ + +#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ +/* This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should + * be inserted in the memory buffer + */ +#define ASN1_STRING_FLAG_NDEF 0x010 + +/* This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been + * accessed. The flag will be reset when content has been written to it. + */ + +#define ASN1_STRING_FLAG_CONT 0x020 +/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +#define ASN1_STRING_FLAG_MSTRING 0x040 +/* This is the base type that holds just about everything :-) */ +struct asn1_string_st { + int length; + int type; + unsigned char *data; + /* The value of the following field depends on the type being + * held. It is mostly being used for BIT_STRING so if the + * input data has a non-zero 'unused bits' value, it will be + * handled correctly */ + long flags; +}; + +/* ASN1_ENCODING structure: this is used to save the received + * encoding of an ASN1 type. This is useful to get round + * problems with invalid encodings which can break signatures. + */ + +typedef struct ASN1_ENCODING_st { + unsigned char *enc; /* DER encoding */ + long len; /* Length of encoding */ + int modified; /* set to 1 if 'enc' is invalid */ +} ASN1_ENCODING; + +/* Used with ASN1 LONG type: if a long is set to this it is omitted */ +#define ASN1_LONG_UNDEF 0x7fffffffL + +#define STABLE_FLAGS_MALLOC 0x01 +#define STABLE_NO_MASK 0x02 +#define DIRSTRING_TYPE \ + (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) +#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) + +typedef struct asn1_string_table_st { + int nid; + long minsize; + long maxsize; + unsigned long mask; + unsigned long flags; +} ASN1_STRING_TABLE; + +/* Declarations for template structures: for full definitions + * see asn1t.h + */ +typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; +typedef struct ASN1_TLC_st ASN1_TLC; +/* This is just an opaque pointer */ +typedef struct ASN1_VALUE_st ASN1_VALUE; + +#ifndef LIBRESSL_INTERNAL + +/* Declare ASN1 functions: the implement macro in in asn1t.h */ + +#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) + +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + +#define DECLARE_ASN1_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) + +#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) + +#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(itname) + +#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ + int i2d_##name(const type *a, unsigned char **out); \ + DECLARE_ASN1_ITEM(name) + +#define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + +#define DECLARE_ASN1_FUNCTIONS_const(name) \ + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +#define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) + +#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +#endif /* !LIBRESSL_INTERNAL */ + +#define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +#define I2D_OF(type) int (*)(type *,unsigned char **) +#define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +#define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +#define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +#define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); + +/* The following macros and typedefs allow an ASN1_ITEM + * to be embedded in a structure and referenced. Since + * the ASN1_ITEM pointers need to be globally accessible + * (possibly from shared libraries) they may exist in + * different forms. On platforms that support it the + * ASN1_ITEM structure itself will be globally exported. + * Other platforms will export a function that returns + * an ASN1_ITEM pointer. + * + * To handle both cases transparently the macros below + * should be used instead of hard coding an ASN1_ITEM + * pointer in a structure. + * + * The structure will look like this: + * + * typedef struct SOMETHING_st { + * ... + * ASN1_ITEM_EXP *iptr; + * ... + * } SOMETHING; + * + * It would be initialised as e.g.: + * + * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; + * + * and the actual pointer extracted with: + * + * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); + * + * Finally an ASN1_ITEM pointer can be extracted from an + * appropriate reference with: ASN1_ITEM_rptr(X509). This + * would be used when a function takes an ASN1_ITEM * argument. + * + */ + +/* ASN1_ITEM pointer exported type */ +typedef const ASN1_ITEM ASN1_ITEM_EXP; + +#ifndef LIBRESSL_INTERNAL + +/* Macro to obtain ASN1_ITEM pointer from exported type */ +#define ASN1_ITEM_ptr(iptr) (iptr) + +/* Macro to include ASN1_ITEM pointer from base type */ +#define ASN1_ITEM_ref(iptr) (&(iptr##_it)) + +#define ASN1_ITEM_rptr(ref) (&(ref##_it)) + +#define DECLARE_ASN1_ITEM(name) \ + extern const ASN1_ITEM name##_it; + +#endif /* !LIBRESSL_INTERNAL */ + +/* Parameters used by ASN1_STRING_print_ex() */ + +/* These determine which characters to escape: + * RFC2253 special characters, control characters and + * MSB set characters + */ + +#define ASN1_STRFLGS_ESC_2253 1 +#define ASN1_STRFLGS_ESC_CTRL 2 +#define ASN1_STRFLGS_ESC_MSB 4 + + +/* This flag determines how we do escaping: normally + * RC2253 backslash only, set this to use backslash and + * quote. + */ + +#define ASN1_STRFLGS_ESC_QUOTE 8 + + +/* These three flags are internal use only. */ + +/* Character is a valid PrintableString character */ +#define CHARTYPE_PRINTABLESTRING 0x10 +/* Character needs escaping if it is the first character */ +#define CHARTYPE_FIRST_ESC_2253 0x20 +/* Character needs escaping if it is the last character */ +#define CHARTYPE_LAST_ESC_2253 0x40 + +/* NB the internal flags are safely reused below by flags + * handled at the top level. + */ + +/* If this is set we convert all character strings + * to UTF8 first + */ + +#define ASN1_STRFLGS_UTF8_CONVERT 0x10 + +/* If this is set we don't attempt to interpret content: + * just assume all strings are 1 byte per character. This + * will produce some pretty odd looking output! + */ + +#define ASN1_STRFLGS_IGNORE_TYPE 0x20 + +/* If this is set we include the string type in the output */ +#define ASN1_STRFLGS_SHOW_TYPE 0x40 + +/* This determines which strings to display and which to + * 'dump' (hex dump of content octets or DER encoding). We can + * only dump non character strings or everything. If we + * don't dump 'unknown' they are interpreted as character + * strings with 1 octet per character and are subject to + * the usual escaping options. + */ + +#define ASN1_STRFLGS_DUMP_ALL 0x80 +#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 + +/* These determine what 'dumping' does, we can dump the + * content octets or the DER encoding: both use the + * RFC2253 #NNNNN notation. + */ + +#define ASN1_STRFLGS_DUMP_DER 0x200 + +/* All the string flags consistent with RFC2253, + * escaping control characters isn't essential in + * RFC2253 but it is advisable anyway. + */ + +#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + ASN1_STRFLGS_UTF8_CONVERT | \ + ASN1_STRFLGS_DUMP_UNKNOWN | \ + ASN1_STRFLGS_DUMP_DER) + +DECLARE_STACK_OF(ASN1_INTEGER) + +DECLARE_STACK_OF(ASN1_GENERALSTRING) + +typedef struct asn1_type_st { + int type; + union { + char *ptr; + ASN1_BOOLEAN boolean; + ASN1_STRING * asn1_string; + ASN1_OBJECT * object; + ASN1_INTEGER * integer; + ASN1_ENUMERATED * enumerated; + ASN1_BIT_STRING * bit_string; + ASN1_OCTET_STRING * octet_string; + ASN1_PRINTABLESTRING * printablestring; + ASN1_T61STRING * t61string; + ASN1_IA5STRING * ia5string; + ASN1_GENERALSTRING * generalstring; + ASN1_BMPSTRING * bmpstring; + ASN1_UNIVERSALSTRING * universalstring; + ASN1_UTCTIME * utctime; + ASN1_GENERALIZEDTIME * generalizedtime; + ASN1_VISIBLESTRING * visiblestring; + ASN1_UTF8STRING * utf8string; + /* set and sequence are left complete and still + * contain the set or sequence bytes */ + ASN1_STRING * set; + ASN1_STRING * sequence; + ASN1_VALUE * asn1_value; + } value; +} ASN1_TYPE; + +DECLARE_STACK_OF(ASN1_TYPE) + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +ASN1_SEQUENCE_ANY *d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len); +int i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out); +extern const ASN1_ITEM ASN1_SEQUENCE_ANY_it; +ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len); +int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out); +extern const ASN1_ITEM ASN1_SET_ANY_it; + +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + +#define B_ASN1_TIME \ + B_ASN1_UTCTIME | \ + B_ASN1_GENERALIZEDTIME + +#define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_T61STRING| \ + B_ASN1_IA5STRING| \ + B_ASN1_BIT_STRING| \ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ + B_ASN1_UNKNOWN + +#define B_ASN1_DIRECTORYSTRING \ + B_ASN1_PRINTABLESTRING| \ + B_ASN1_TELETEXSTRING|\ + B_ASN1_BMPSTRING|\ + B_ASN1_UNIVERSALSTRING|\ + B_ASN1_UTF8STRING + +#define B_ASN1_DISPLAYTEXT \ + B_ASN1_IA5STRING| \ + B_ASN1_VISIBLESTRING| \ + B_ASN1_BMPSTRING|\ + B_ASN1_UTF8STRING + +ASN1_TYPE *ASN1_TYPE_new(void); +void ASN1_TYPE_free(ASN1_TYPE *a); +ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len); +int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out); +extern const ASN1_ITEM ASN1_ANY_it; + +int ASN1_TYPE_get(const ASN1_TYPE *a); +void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); + +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); + +extern const ASN1_ITEM ASN1_OBJECT_it; + +DECLARE_STACK_OF(ASN1_OBJECT) + +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); + /* Since this is used to store all sorts of things, via macros, for now, make + its data void * */ +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); +void ASN1_STRING_length_set(ASN1_STRING *x, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +unsigned char *ASN1_STRING_data(ASN1_STRING *x); +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +ASN1_BIT_STRING *ASN1_BIT_STRING_new(void); +void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a); +ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len); +int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_BIT_STRING_it; +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); + +ASN1_INTEGER *ASN1_INTEGER_new(void); +void ASN1_INTEGER_free(ASN1_INTEGER *a); +ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len); +int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out); +extern const ASN1_ITEM ASN1_INTEGER_it; +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); +void ASN1_ENUMERATED_free(ASN1_ENUMERATED *a); +ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len); +int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out); +extern const ASN1_ITEM ASN1_ENUMERATED_it; + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); + +int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void); +void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a); +ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len); +int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_OCTET_STRING_it; +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void); +void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a); +ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, const unsigned char **in, long len); +int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_VISIBLESTRING_it; +ASN1_UNIVERSALSTRING *ASN1_UNIVERSALSTRING_new(void); +void ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *a); +ASN1_UNIVERSALSTRING *d2i_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING **a, const unsigned char **in, long len); +int i2d_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_UNIVERSALSTRING_it; +ASN1_UTF8STRING *ASN1_UTF8STRING_new(void); +void ASN1_UTF8STRING_free(ASN1_UTF8STRING *a); +ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, const unsigned char **in, long len); +int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_UTF8STRING_it; +ASN1_NULL *ASN1_NULL_new(void); +void ASN1_NULL_free(ASN1_NULL *a); +ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, const unsigned char **in, long len); +int i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **out); +extern const ASN1_ITEM ASN1_NULL_it; +ASN1_BMPSTRING *ASN1_BMPSTRING_new(void); +void ASN1_BMPSTRING_free(ASN1_BMPSTRING *a); +ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, const unsigned char **in, long len); +int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_BMPSTRING_it; + +ASN1_STRING *ASN1_PRINTABLE_new(void); +void ASN1_PRINTABLE_free(ASN1_STRING *a); +ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, const unsigned char **in, long len); +int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_PRINTABLE_it; + +ASN1_STRING *DIRECTORYSTRING_new(void); +void DIRECTORYSTRING_free(ASN1_STRING *a); +ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, const unsigned char **in, long len); +int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **out); +extern const ASN1_ITEM DIRECTORYSTRING_it; +ASN1_STRING *DISPLAYTEXT_new(void); +void DISPLAYTEXT_free(ASN1_STRING *a); +ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, const unsigned char **in, long len); +int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **out); +extern const ASN1_ITEM DISPLAYTEXT_it; +ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void); +void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a); +ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, const unsigned char **in, long len); +int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_PRINTABLESTRING_it; +ASN1_T61STRING *ASN1_T61STRING_new(void); +void ASN1_T61STRING_free(ASN1_T61STRING *a); +ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, const unsigned char **in, long len); +int i2d_ASN1_T61STRING(ASN1_T61STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_T61STRING_it; +ASN1_IA5STRING *ASN1_IA5STRING_new(void); +void ASN1_IA5STRING_free(ASN1_IA5STRING *a); +ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, const unsigned char **in, long len); +int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_IA5STRING_it; +ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void); +void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *a); +ASN1_GENERALSTRING *d2i_ASN1_GENERALSTRING(ASN1_GENERALSTRING **a, const unsigned char **in, long len); +int i2d_ASN1_GENERALSTRING(ASN1_GENERALSTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_GENERALSTRING_it; +ASN1_UTCTIME *ASN1_UTCTIME_new(void); +void ASN1_UTCTIME_free(ASN1_UTCTIME *a); +ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, const unsigned char **in, long len); +int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **out); +extern const ASN1_ITEM ASN1_UTCTIME_it; +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void); +void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, const unsigned char **in, long len); +int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **out); +extern const ASN1_ITEM ASN1_GENERALIZEDTIME_it; +ASN1_TIME *ASN1_TIME_new(void); +void ASN1_TIME_free(ASN1_TIME *a); +ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len); +int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out); +extern const ASN1_ITEM ASN1_TIME_it; + +int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm); +int ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2); +int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t2); +int ASN1_TIME_normalize(ASN1_TIME *t); +int ASN1_TIME_set_string_X509(ASN1_TIME *time, const char *str); +int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, + const ASN1_TIME *to); + +extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it; + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, + long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); + +#ifndef OPENSSL_NO_BIO +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); +#endif +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); + +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); + +int ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val); +int ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val); +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + +int ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val); +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); + +/* General */ +/* given a string, return the correct type, max is the maximum length */ +int ASN1_PRINTABLE_type(const unsigned char *s, int max); + +/* SPECIALS */ +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, + int xclass); +int ASN1_put_eoc(unsigned char **pp); +int ASN1_object_size(int constructed, int length, int tag); + +void *ASN1_item_dup(const ASN1_ITEM *it, void *x); + +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); + +#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +#define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +#define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, + unsigned long flags); + +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); + +#ifndef OPENSSL_NO_BIO +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); + +#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +#define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +#define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump); +#endif + +unsigned long ASN1_tag2bit(int tag); +const char *ASN1_tag2str(int tag); + +int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); + +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, + int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, const unsigned char *data, + int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); + +void ASN1_STRING_set_default_mask(unsigned long mask); +int ASN1_STRING_set_default_mask_asc(const char *p); +unsigned long ASN1_STRING_get_default_mask(void); +int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask); +int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, long minsize, long maxsize); + +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, int inform, int nid); +const ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); + +/* ASN1 template functions */ + +/* Old API compatible functions */ +ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); +void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); +int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); + +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +#define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +#define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +#define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +#define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +#define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); + +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + +void ERR_load_ASN1_strings(void); + +/* Error codes for the ASN1 functions. */ + +/* Function codes. */ +#define ASN1_F_A2D_ASN1_OBJECT 100 +#define ASN1_F_A2I_ASN1_ENUMERATED 101 +#define ASN1_F_A2I_ASN1_INTEGER 102 +#define ASN1_F_A2I_ASN1_STRING 103 +#define ASN1_F_APPEND_EXP 176 +#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +#define ASN1_F_ASN1_CB 177 +#define ASN1_F_ASN1_CHECK_TLEN 104 +#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 +#define ASN1_F_ASN1_COLLECT 106 +#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 +#define ASN1_F_ASN1_D2I_FP 109 +#define ASN1_F_ASN1_D2I_READ_BIO 107 +#define ASN1_F_ASN1_DIGEST 184 +#define ASN1_F_ASN1_DO_ADB 110 +#define ASN1_F_ASN1_DUP 111 +#define ASN1_F_ASN1_ENUMERATED_SET 112 +#define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +#define ASN1_F_ASN1_EX_C2I 204 +#define ASN1_F_ASN1_FIND_END 190 +#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 +#define ASN1_F_ASN1_GENERATE_V3 178 +#define ASN1_F_ASN1_GET_OBJECT 114 +#define ASN1_F_ASN1_HEADER_NEW 115 +#define ASN1_F_ASN1_I2D_BIO 116 +#define ASN1_F_ASN1_I2D_FP 117 +#define ASN1_F_ASN1_INTEGER_SET 118 +#define ASN1_F_ASN1_INTEGER_TO_BN 119 +#define ASN1_F_ASN1_ITEM_D2I_FP 206 +#define ASN1_F_ASN1_ITEM_DUP 191 +#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 +#define ASN1_F_ASN1_ITEM_EX_D2I 120 +#define ASN1_F_ASN1_ITEM_I2D_BIO 192 +#define ASN1_F_ASN1_ITEM_I2D_FP 193 +#define ASN1_F_ASN1_ITEM_PACK 198 +#define ASN1_F_ASN1_ITEM_SIGN 195 +#define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +#define ASN1_F_ASN1_ITEM_UNPACK 199 +#define ASN1_F_ASN1_ITEM_VERIFY 197 +#define ASN1_F_ASN1_MBSTRING_NCOPY 122 +#define ASN1_F_ASN1_OBJECT_NEW 123 +#define ASN1_F_ASN1_OUTPUT_DATA 214 +#define ASN1_F_ASN1_PACK_STRING 124 +#define ASN1_F_ASN1_PCTX_NEW 205 +#define ASN1_F_ASN1_PKCS5_PBE_SET 125 +#define ASN1_F_ASN1_SEQ_PACK 126 +#define ASN1_F_ASN1_SEQ_UNPACK 127 +#define ASN1_F_ASN1_SIGN 128 +#define ASN1_F_ASN1_STR2TYPE 179 +#define ASN1_F_ASN1_STRING_SET 186 +#define ASN1_F_ASN1_STRING_TABLE_ADD 129 +#define ASN1_F_ASN1_STRING_TYPE_NEW 130 +#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 +#define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +#define ASN1_F_ASN1_TIME_ADJ 217 +#define ASN1_F_ASN1_TIME_SET 175 +#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 +#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 +#define ASN1_F_ASN1_UNPACK_STRING 136 +#define ASN1_F_ASN1_UTCTIME_ADJ 218 +#define ASN1_F_ASN1_UTCTIME_SET 187 +#define ASN1_F_ASN1_VERIFY 137 +#define ASN1_F_B64_READ_ASN1 209 +#define ASN1_F_B64_WRITE_ASN1 210 +#define ASN1_F_BIO_NEW_NDEF 208 +#define ASN1_F_BITSTR_CB 180 +#define ASN1_F_BN_TO_ASN1_ENUMERATED 138 +#define ASN1_F_BN_TO_ASN1_INTEGER 139 +#define ASN1_F_C2I_ASN1_BIT_STRING 189 +#define ASN1_F_C2I_ASN1_INTEGER 194 +#define ASN1_F_C2I_ASN1_OBJECT 196 +#define ASN1_F_COLLECT_DATA 140 +#define ASN1_F_D2I_ASN1_BIT_STRING 141 +#define ASN1_F_D2I_ASN1_BOOLEAN 142 +#define ASN1_F_D2I_ASN1_BYTES 143 +#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 +#define ASN1_F_D2I_ASN1_HEADER 145 +#define ASN1_F_D2I_ASN1_INTEGER 146 +#define ASN1_F_D2I_ASN1_OBJECT 147 +#define ASN1_F_D2I_ASN1_SET 148 +#define ASN1_F_D2I_ASN1_TYPE_BYTES 149 +#define ASN1_F_D2I_ASN1_UINTEGER 150 +#define ASN1_F_D2I_ASN1_UTCTIME 151 +#define ASN1_F_D2I_AUTOPRIVATEKEY 207 +#define ASN1_F_D2I_NETSCAPE_RSA 152 +#define ASN1_F_D2I_NETSCAPE_RSA_2 153 +#define ASN1_F_D2I_PRIVATEKEY 154 +#define ASN1_F_D2I_PUBLICKEY 155 +#define ASN1_F_D2I_RSA_NET 200 +#define ASN1_F_D2I_RSA_NET_2 201 +#define ASN1_F_D2I_X509 156 +#define ASN1_F_D2I_X509_CINF 157 +#define ASN1_F_D2I_X509_PKEY 159 +#define ASN1_F_I2D_ASN1_BIO_STREAM 211 +#define ASN1_F_I2D_ASN1_SET 188 +#define ASN1_F_I2D_ASN1_TIME 160 +#define ASN1_F_I2D_DSA_PUBKEY 161 +#define ASN1_F_I2D_EC_PUBKEY 181 +#define ASN1_F_I2D_PRIVATEKEY 163 +#define ASN1_F_I2D_PUBLICKEY 164 +#define ASN1_F_I2D_RSA_NET 162 +#define ASN1_F_I2D_RSA_PUBKEY 165 +#define ASN1_F_LONG_C2I 166 +#define ASN1_F_OID_MODULE_INIT 174 +#define ASN1_F_PARSE_TAGGING 182 +#define ASN1_F_PKCS5_PBE2_SET_IV 167 +#define ASN1_F_PKCS5_PBE_SET 202 +#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +#define ASN1_F_PKCS5_PBKDF2_SET 219 +#define ASN1_F_SMIME_READ_ASN1 212 +#define ASN1_F_SMIME_TEXT 213 +#define ASN1_F_X509_CINF_NEW 168 +#define ASN1_F_X509_CRL_ADD0_REVOKED 169 +#define ASN1_F_X509_INFO_NEW 170 +#define ASN1_F_X509_NAME_ENCODE 203 +#define ASN1_F_X509_NAME_EX_D2I 158 +#define ASN1_F_X509_NAME_EX_NEW 171 +#define ASN1_F_X509_NEW 172 +#define ASN1_F_X509_PKEY_NEW 173 + +/* Reason codes. */ +#define ASN1_R_ADDING_OBJECT 171 +#define ASN1_R_ASN1_PARSE_ERROR 203 +#define ASN1_R_ASN1_SIG_PARSE_ERROR 204 +#define ASN1_R_AUX_ERROR 100 +#define ASN1_R_BAD_CLASS 101 +#define ASN1_R_BAD_OBJECT_HEADER 102 +#define ASN1_R_BAD_PASSWORD_READ 103 +#define ASN1_R_BAD_TAG 104 +#define ASN1_R_BAD_TEMPLATE 230 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +#define ASN1_R_BN_LIB 105 +#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 +#define ASN1_R_BUFFER_TOO_SMALL 107 +#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +#define ASN1_R_CONTEXT_NOT_INITIALISED 217 +#define ASN1_R_DATA_IS_WRONG 109 +#define ASN1_R_DECODE_ERROR 110 +#define ASN1_R_DECODING_ERROR 111 +#define ASN1_R_DEPTH_EXCEEDED 174 +#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 +#define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 +#define ASN1_R_ERROR_LOADING_SECTION 172 +#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 +#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 +#define ASN1_R_EXPECTING_AN_INTEGER 115 +#define ASN1_R_EXPECTING_AN_OBJECT 116 +#define ASN1_R_EXPECTING_A_BOOLEAN 117 +#define ASN1_R_EXPECTING_A_TIME 118 +#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 +#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 +#define ASN1_R_FIELD_MISSING 121 +#define ASN1_R_FIRST_NUM_TOO_LARGE 122 +#define ASN1_R_HEADER_TOO_LONG 123 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 +#define ASN1_R_ILLEGAL_CHARACTERS 124 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 +#define ASN1_R_ILLEGAL_NULL 125 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 +#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 +#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +#define ASN1_R_ILLEGAL_TAGGED_ANY 127 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 +#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 +#define ASN1_R_INVALID_BMPSTRING_LENGTH 129 +#define ASN1_R_INVALID_DIGIT 130 +#define ASN1_R_INVALID_MIME_TYPE 205 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 216 +#define ASN1_R_INVALID_SEPARATOR 131 +#define ASN1_R_INVALID_TIME_FORMAT 132 +#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 +#define ASN1_R_INVALID_UTF8STRING 134 +#define ASN1_R_IV_TOO_LARGE 135 +#define ASN1_R_LENGTH_ERROR 136 +#define ASN1_R_LIST_ERROR 188 +#define ASN1_R_MIME_NO_CONTENT_TYPE 206 +#define ASN1_R_MIME_PARSE_ERROR 207 +#define ASN1_R_MIME_SIG_PARSE_ERROR 208 +#define ASN1_R_MISSING_EOC 137 +#define ASN1_R_MISSING_SECOND_NUMBER 138 +#define ASN1_R_MISSING_VALUE 189 +#define ASN1_R_MSTRING_NOT_UNIVERSAL 139 +#define ASN1_R_MSTRING_WRONG_TAG 140 +#define ASN1_R_NESTED_ASN1_STRING 197 +#define ASN1_R_NESTED_TOO_DEEP 219 +#define ASN1_R_NON_HEX_CHARACTERS 141 +#define ASN1_R_NOT_ASCII_FORMAT 190 +#define ASN1_R_NOT_ENOUGH_DATA 142 +#define ASN1_R_NO_CONTENT_TYPE 209 +#define ASN1_R_NO_DEFAULT_DIGEST 201 +#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +#define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +#define ASN1_R_NO_MULTIPART_BOUNDARY 211 +#define ASN1_R_NO_SIG_CONTENT_TYPE 212 +#define ASN1_R_NULL_IS_WRONG_LENGTH 144 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 +#define ASN1_R_ODD_NUMBER_OF_CHARS 145 +#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 +#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 +#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 +#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 +#define ASN1_R_SHORT_LINE 150 +#define ASN1_R_SIG_INVALID_MIME_TYPE 213 +#define ASN1_R_STREAMING_NOT_SUPPORTED 202 +#define ASN1_R_STRING_TOO_LONG 151 +#define ASN1_R_STRING_TOO_SHORT 152 +#define ASN1_R_TAG_VALUE_TOO_HIGH 153 +#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +#define ASN1_R_TOO_LARGE 223 +#define ASN1_R_TOO_LONG 155 +#define ASN1_R_TOO_SMALL 224 +#define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 231 +#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 +#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 +#define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 +#define ASN1_R_UNKNOWN_FORMAT 160 +#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 +#define ASN1_R_UNKNOWN_OBJECT_TYPE 162 +#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNKOWN_FORMAT 195 +#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 +#define ASN1_R_UNSUPPORTED_CIPHER 165 +#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 +#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +#define ASN1_R_UNSUPPORTED_TYPE 196 +#define ASN1_R_WRONG_INTEGER_TYPE 225 +#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 +#define ASN1_R_WRONG_TAG 168 +#define ASN1_R_WRONG_TYPE 169 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/asn1t.h b/includes/curl/openssl/asn1t.h new file mode 100644 index 0000000..22cde48 --- /dev/null +++ b/includes/curl/openssl/asn1t.h @@ -0,0 +1,904 @@ +/* $OpenBSD: asn1t.h,v 1.24 2024/07/08 16:24:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ASN1T_H +#define HEADER_ASN1T_H + +#include + +#include + +#include + +/* ASN1 template defines, structures and functions */ + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef LIBRESSL_INTERNAL + +/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ +#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) + + +/* Macros for start and end of ASN1_ITEM definition */ + +#define ASN1_ITEM_start(itname) \ + const ASN1_ITEM itname##_it = { + +#define static_ASN1_ITEM_start(itname) \ + static const ASN1_ITEM itname##_it = { + +#define ASN1_ITEM_end(itname) \ + }; + + + +/* Macros to aid ASN1 template writing */ + +#define ASN1_ITEM_TEMPLATE(tname) \ + static const ASN1_TEMPLATE tname##_item_tt + +#define ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + +#define static_ASN1_ITEM_TEMPLATE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_PRIMITIVE,\ + -1,\ + &tname##_item_tt,\ + 0,\ + NULL,\ + 0,\ + #tname \ + ASN1_ITEM_end(tname) + + +/* This is a ASN1 type which just embeds a template */ + +/* + * This pair helps declare a SEQUENCE. We can do: + * + * ASN1_SEQUENCE(stname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END(stname) + * + * This will produce an ASN1_ITEM called stname_it + * for a structure called stname. + * + * If you want the same structure but a different + * name then use: + * + * ASN1_SEQUENCE(itname) = { + * ... SEQUENCE components ... + * } ASN1_SEQUENCE_END_name(stname, itname) + * + * This will create an item called itname_it using + * a structure called stname. + */ + +#define ASN1_SEQUENCE(tname) \ + static const ASN1_TEMPLATE tname##_seq_tt[] + +#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) + +#define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname) + +#define ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define static_ASN1_SEQUENCE_END_name(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + +#define ASN1_SEQUENCE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_ref(tname, cb, lck) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ + ASN1_SEQUENCE(tname) + +#define ASN1_SEQUENCE_enc(tname, enc, cb) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +#define static_ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + +#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) + +#define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname) + +#define ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define static_ASN1_SEQUENCE_END_ref(stname, tname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + + +/* + * This pair helps declare a CHOICE type. We can do: + * + * ASN1_CHOICE(chname) = { + * ... CHOICE options ... + * ASN1_CHOICE_END(chname) + * + * This will produce an ASN1_ITEM called chname_it + * for a structure called chname. The structure + * definition must look like this: + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + * + * the name of the selector must be 'type'. + * to use an alternative selector name use the + * ASN1_CHOICE_END_selector() version. + */ + +#define ASN1_CHOICE(tname) \ + static const ASN1_TEMPLATE tname##_ch_tt[] + +#define ASN1_CHOICE_cb(tname, cb) \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + ASN1_CHOICE(tname) + +#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) + +#define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname) + +#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type) + +#define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type) + +#define ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define static_ASN1_CHOICE_END_selector(stname, tname, selname) \ + ;\ + static_ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +#define ASN1_CHOICE_END_cb(stname, tname, selname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_CHOICE,\ + offsetof(stname,selname) ,\ + tname##_ch_tt,\ + sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + +/* This helps with the template wrapper form of ASN1_ITEM */ + +#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \ + (flags), (tag), 0,\ + #name, ASN1_ITEM_ref(type) } + +/* These help with SEQUENCE or CHOICE components */ + +/* used to declare other types */ + +#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \ + (flags), (tag), offsetof(stname, field),\ + #field, ASN1_ITEM_ref(type) } + +/* implicit and explicit helper macros */ + +#define ASN1_IMP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type) + +#define ASN1_EXP_EX(stname, field, type, tag, ex) \ + ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type) + +/* Any defined by macros: the field used is in the table itself */ + +#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } +/* Plain simple type */ +#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) + +/* OPTIONAL simple type */ +#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* IMPLICIT tagged simple type */ +#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0) + +/* IMPLICIT tagged OPTIONAL simple type */ +#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + +/* Same as above but EXPLICIT */ + +#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0) +#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL) + +/* SEQUENCE OF type */ +#define ASN1_SEQUENCE_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type) + +/* OPTIONAL SEQUENCE OF */ +#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Same as above but for SET OF */ + +#define ASN1_SET_OF(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type) + +#define ASN1_SET_OF_OPT(stname, field, type) \ + ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type) + +/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */ + +#define ASN1_IMP_SET_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +#define ASN1_EXP_SET_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF) + +#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL) + +#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF) + +#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) + +/* EXPLICIT using indefinite length constructed form */ +#define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + +/* Macros for the ASN1_ADB structure */ + +#define ASN1_ADB(name) \ + static const ASN1_ADB_TABLE name##_adbtbl[] + + +#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ + ;\ + static const ASN1_ADB name##_adb = {\ + flags,\ + offsetof(name, field),\ + app_table,\ + name##_adbtbl,\ + sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ + def,\ + none\ + } + + +#define ADB_ENTRY(val, template) {val, template} + +#define ASN1_ADB_TEMPLATE(name) \ + static const ASN1_TEMPLATE name##_tt + +#endif /* !LIBRESSL_INTERNAL */ + +/* This is the ASN1 template structure that defines + * a wrapper round the actual type. It determines the + * actual position of the field in the value structure, + * various flags such as OPTIONAL and the field name. + */ + +struct ASN1_TEMPLATE_st { + unsigned long flags; /* Various flags */ + long tag; /* tag, not used if no tagging */ + unsigned long offset; /* Offset of this field in structure */ + const char *field_name; /* Field name */ + ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ +}; + +/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */ + +#define ASN1_TEMPLATE_item(t) (t->item_ptr) +#define ASN1_TEMPLATE_adb(t) (t->item_ptr) + +typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE; +typedef struct ASN1_ADB_st ASN1_ADB; + +struct ASN1_ADB_st { + unsigned long flags; /* Various flags */ + unsigned long offset; /* Offset of selector field */ + const ASN1_ADB_TABLE *tbl; /* Table of possible types */ + long tblcount; /* Number of entries in tbl */ + const ASN1_TEMPLATE *default_tt; /* Type to use if no match */ + const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */ +}; + +struct ASN1_ADB_TABLE_st { + long value; /* NID for an object or value for an int */ + const ASN1_TEMPLATE tt; /* item for this value */ +}; + +/* template flags */ + +/* Field is optional */ +#define ASN1_TFLG_OPTIONAL (0x1) + +/* Field is a SET OF */ +#define ASN1_TFLG_SET_OF (0x1 << 1) + +/* Field is a SEQUENCE OF */ +#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1) + +/* Special case: this refers to a SET OF that + * will be sorted into DER order when encoded *and* + * the corresponding STACK will be modified to match + * the new order. + */ +#define ASN1_TFLG_SET_ORDER (0x3 << 1) + +/* Mask for SET OF or SEQUENCE OF */ +#define ASN1_TFLG_SK_MASK (0x3 << 1) + +/* These flags mean the tag should be taken from the + * tag field. If EXPLICIT then the underlying type + * is used for the inner tag. + */ + +/* IMPLICIT tagging */ +#define ASN1_TFLG_IMPTAG (0x1 << 3) + + +/* EXPLICIT tagging, inner tag from underlying type */ +#define ASN1_TFLG_EXPTAG (0x2 << 3) + +#define ASN1_TFLG_TAG_MASK (0x3 << 3) + +/* context specific IMPLICIT */ +#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT + +/* context specific EXPLICIT */ +#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT + +/* + * If tagging is in force these determine the type of tag to use. Otherwiser + * the tag is determined by the underlying type. These values reflect the + * actual octet format. + */ + +/* Universal tag */ +#define ASN1_TFLG_UNIVERSAL (0x0<<6) +/* Application tag */ +#define ASN1_TFLG_APPLICATION (0x1<<6) +/* Context specific tag */ +#define ASN1_TFLG_CONTEXT (0x2<<6) +/* Private tag */ +#define ASN1_TFLG_PRIVATE (0x3<<6) + +#define ASN1_TFLG_TAG_CLASS (0x3<<6) + +/* + * These are for ANY DEFINED BY type. In this case + * the 'item' field points to an ASN1_ADB structure + * which contains a table of values to decode the + * relevant type + */ + +#define ASN1_TFLG_ADB_MASK (0x3<<8) + +#define ASN1_TFLG_ADB_OID (0x1<<8) + +#define ASN1_TFLG_ADB_INT (0x1<<9) + +/* + * This flag when present in a SEQUENCE OF, SET OF + * or EXPLICIT causes indefinite length constructed + * encoding to be used if required. + */ + +#define ASN1_TFLG_NDEF (0x1<<11) + +/* This is the actual ASN1 item itself */ + +struct ASN1_ITEM_st { + char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */ + long utype; /* underlying type */ + const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */ + long tcount; /* Number of templates if SEQUENCE or CHOICE */ + const void *funcs; /* functions that handle this type */ + long size; /* Structure size (usually)*/ + const char *sname; /* Structure name */ +}; + +/* These are values for the itype field and + * determine how the type is interpreted. + * + * For PRIMITIVE types the underlying type + * determines the behaviour if items is NULL. + * + * Otherwise templates must contain a single + * template and the type is treated in the + * same way as the type specified in the template. + * + * For SEQUENCE types the templates field points + * to the members, the size field is the + * structure size. + * + * For CHOICE types the templates field points + * to each possible member (typically a union) + * and the 'size' field is the offset of the + * selector. + * + * The 'funcs' field is used for application + * specific functions. + * + * The EXTERN type uses a new style d2i/i2d. + * The new style should be used where possible + * because it avoids things like the d2i IMPLICIT + * hack. + * + * MSTRING is a multiple string type, it is used + * for a CHOICE of character strings where the + * actual strings all occupy an ASN1_STRING + * structure. In this case the 'utype' field + * has a special meaning, it is used as a mask + * of acceptable types using the B_ASN1 constants. + * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * + */ + +#define ASN1_ITYPE_PRIMITIVE 0x0 + +#define ASN1_ITYPE_SEQUENCE 0x1 + +#define ASN1_ITYPE_CHOICE 0x2 + +#define ASN1_ITYPE_EXTERN 0x4 + +#define ASN1_ITYPE_MSTRING 0x5 + +#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 + +/* Cache for ASN1 tag and length, so we + * don't keep re-reading it for things + * like CHOICE + */ + +struct ASN1_TLC_st { + char valid; /* Values below are valid */ + int ret; /* return value */ + long plen; /* length */ + int ptag; /* class value */ + int pclass; /* class value */ + int hdrlen; /* header length */ +}; + +/* Typedefs for ASN1 function pointers */ + +typedef ASN1_VALUE * ASN1_new_func(void); +typedef void ASN1_free_func(ASN1_VALUE *a); +typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length); +typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); + +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx); + +typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); +typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); +typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); + +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); + +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); + +typedef struct ASN1_EXTERN_FUNCS_st { + void *app_data; + ASN1_ex_new_func *asn1_ex_new; + ASN1_ex_free_func *asn1_ex_free; + ASN1_ex_free_func *asn1_ex_clear; + ASN1_ex_d2i *asn1_ex_d2i; + ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; +} ASN1_EXTERN_FUNCS; + +typedef struct ASN1_PRIMITIVE_FUNCS_st { + void *app_data; + unsigned long flags; + ASN1_ex_new_func *prim_new; + ASN1_ex_free_func *prim_free; + ASN1_ex_free_func *prim_clear; + ASN1_primitive_c2i *prim_c2i; + ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; +} ASN1_PRIMITIVE_FUNCS; + +/* This is the ASN1_AUX structure: it handles various + * miscellaneous requirements. For example the use of + * reference counts and an informational callback. + * + * The "informational callback" is called at various + * points during the ASN1 encoding and decoding. It can + * be used to provide minor customisation of the structures + * used. This is most useful where the supplied routines + * *almost* do the right thing but need some extra help + * at a few points. If the callback returns zero then + * it is assumed a fatal error has occurred and the + * main operation should be abandoned. + * + * If major changes in the default behaviour are required + * then an external type is more appropriate. + */ + +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); + +typedef struct ASN1_AUX_st { + void *app_data; + int flags; + int ref_offset; /* Offset of reference value */ + int ref_lock; /* Lock type to use */ + ASN1_aux_cb *asn1_cb; + int enc_offset; /* Offset of ASN1_ENCODING structure */ +} ASN1_AUX; + +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + +/* Flags in ASN1_AUX */ + +/* Use a reference count */ +#define ASN1_AFLG_REFCOUNT 1 +/* Save the encoding of structure (useful for signatures) */ +#define ASN1_AFLG_ENCODING 2 + +/* operation values for asn1_cb */ + +#define ASN1_OP_NEW_PRE 0 +#define ASN1_OP_NEW_POST 1 +#define ASN1_OP_FREE_PRE 2 +#define ASN1_OP_FREE_POST 3 +#define ASN1_OP_D2I_PRE 4 +#define ASN1_OP_D2I_POST 5 +#define ASN1_OP_I2D_PRE 6 +#define ASN1_OP_I2D_POST 7 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 + +#ifndef LIBRESSL_INTERNAL + +/* Macro to implement a primitive type */ +#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) +#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \ + ASN1_ITEM_end(itname) + +/* Macro to implement a multi string type */ +#define IMPLEMENT_ASN1_MSTRING(itname, mask) \ + ASN1_ITEM_start(itname) \ + ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ + ASN1_ITEM_end(itname) +#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ + ASN1_ITEM_start(sname) \ + ASN1_ITYPE_EXTERN, \ + tag, \ + NULL, \ + 0, \ + &fptrs, \ + 0, \ + #sname \ + ASN1_ITEM_end(sname) + +/* Macro to implement standard functions in terms of ASN1_ITEM structures */ + +#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname) + +#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ + IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) + +#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ + stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + +/* This includes evil casts to remove const: they will go away when full + * ASN1 constification is done. + */ +#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ + { \ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ + } \ + int i2d_##fname(const stname *a, unsigned char **out) \ + { \ + return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ + } + +#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \ + stname * stname##_dup(stname *x) \ + { \ + return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ + } + +#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + +#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ + IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) + +#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) + +#endif /* !LIBRESSL_INTERNAL */ + +/* external definitions for primitive types */ + +extern const ASN1_ITEM ASN1_BOOLEAN_it; +extern const ASN1_ITEM ASN1_TBOOLEAN_it; +extern const ASN1_ITEM ASN1_FBOOLEAN_it; +extern const ASN1_ITEM ASN1_SEQUENCE_it; +extern const ASN1_ITEM BIGNUM_it; +extern const ASN1_ITEM LONG_it; +extern const ASN1_ITEM ZLONG_it; +extern const ASN1_ITEM CBIGNUM_it; + +DECLARE_STACK_OF(ASN1_VALUE) + +/* Functions used internally by the ASN1 code */ + +int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx); + +int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/bio.h b/includes/curl/openssl/bio.h new file mode 100644 index 0000000..8327ffc --- /dev/null +++ b/includes/curl/openssl/bio.h @@ -0,0 +1,717 @@ +/* $OpenBSD: bio.h,v 1.64 2024/05/19 07:12:50 jsg Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BIO_H +#define HEADER_BIO_H +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif +#include + +# include +#include + +#include + + +#ifdef __cplusplus +extern "C" { +#endif + +/* These are the 'types' of BIOs */ +#define BIO_TYPE_NONE 0 +#define BIO_TYPE_MEM (1|0x0400) +#define BIO_TYPE_FILE (2|0x0400) + +#define BIO_TYPE_FD (4|0x0400|0x0100) +#define BIO_TYPE_SOCKET (5|0x0400|0x0100) +#define BIO_TYPE_NULL (6|0x0400) +#define BIO_TYPE_SSL (7|0x0200) +#define BIO_TYPE_MD (8|0x0200) /* passive filter */ +#define BIO_TYPE_BUFFER (9|0x0200) /* filter */ +#define BIO_TYPE_CIPHER (10|0x0200) /* filter */ +#define BIO_TYPE_BASE64 (11|0x0200) /* filter */ +#define BIO_TYPE_CONNECT (12|0x0400|0x0100) /* socket - connect */ +#define BIO_TYPE_ACCEPT (13|0x0400|0x0100) /* socket for accept */ +#define BIO_TYPE_PROXY_CLIENT (14|0x0200) /* client proxy BIO */ +#define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */ +#define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */ +#define BIO_TYPE_NULL_FILTER (17|0x0200) +#define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ +#define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ +#define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ +#define BIO_TYPE_DGRAM (21|0x0400|0x0100) +#define BIO_TYPE_ASN1 (22|0x0200) /* filter */ +#define BIO_TYPE_COMP (23|0x0200) /* filter */ + +#define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ +#define BIO_TYPE_FILTER 0x0200 +#define BIO_TYPE_SOURCE_SINK 0x0400 + +/* + * BIO_TYPE_START is the first user-allocated BIO type. No pre-defined type, + * flag bits aside, may exceed this value. + */ +#define BIO_TYPE_START 128 + +/* BIO_FILENAME_READ|BIO_CLOSE to open or close on free. + * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ +#define BIO_NOCLOSE 0x00 +#define BIO_CLOSE 0x01 + +/* These are used in the following macros and are passed to + * BIO_ctrl() */ +#define BIO_CTRL_RESET 1 /* opt - rewind/zero etc */ +#define BIO_CTRL_EOF 2 /* opt - are we at the eof */ +#define BIO_CTRL_INFO 3 /* opt - extra tit-bits */ +#define BIO_CTRL_SET 4 /* man - set the 'IO' type */ +#define BIO_CTRL_GET 5 /* man - get the 'IO' type */ +#define BIO_CTRL_PUSH 6 /* opt - internal, used to signify change */ +#define BIO_CTRL_POP 7 /* opt - internal, used to signify change */ +#define BIO_CTRL_GET_CLOSE 8 /* man - set the 'close' on free */ +#define BIO_CTRL_SET_CLOSE 9 /* man - set the 'close' on free */ +#define BIO_CTRL_PENDING 10 /* opt - is their more data buffered */ +#define BIO_CTRL_FLUSH 11 /* opt - 'flush' buffered output */ +#define BIO_CTRL_DUP 12 /* man - extra stuff for 'duped' BIO */ +#define BIO_CTRL_WPENDING 13 /* opt - number of bytes still to write */ +/* callback is int cb(BIO *bio,state,ret); */ +#define BIO_CTRL_SET_CALLBACK 14 /* opt - set callback function */ +#define BIO_CTRL_GET_CALLBACK 15 /* opt - set callback function */ + +#define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ + +/* dgram BIO stuff */ +#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally + * connected socket to be + * passed in */ +#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ + +#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ +/* #endif */ + +#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ +#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for + * MTU. want to use this + * if asking the kernel + * fails */ + +#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU + * was exceed in the + * previous write + * operation */ + +#define BIO_CTRL_DGRAM_GET_PEER 46 +#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ + +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to + * adjust socket timeouts */ + + +/* modifiers */ +#define BIO_FP_READ 0x02 +#define BIO_FP_WRITE 0x04 +#define BIO_FP_APPEND 0x08 +#define BIO_FP_TEXT 0x10 + +#define BIO_FLAGS_READ 0x01 +#define BIO_FLAGS_WRITE 0x02 +#define BIO_FLAGS_IO_SPECIAL 0x04 +#define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +#define BIO_FLAGS_SHOULD_RETRY 0x08 + +/* Used in BIO_gethostbyname() */ +#define BIO_GHBN_CTRL_HITS 1 +#define BIO_GHBN_CTRL_MISSES 2 +#define BIO_GHBN_CTRL_CACHE_SIZE 3 +#define BIO_GHBN_CTRL_GET_ENTRY 4 +#define BIO_GHBN_CTRL_FLUSH 5 + +/* Mostly used in the SSL BIO */ +/* Not used anymore + * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 + * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 + * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 + */ + +#define BIO_FLAGS_BASE64_NO_NL 0x100 + +/* This is used with memory BIOs: it means we shouldn't free up or change the + * data in any way. + */ +#define BIO_FLAGS_MEM_RDONLY 0x200 + +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) +#define BIO_set_retry_special(b) \ + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_read(b) \ + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_set_retry_write(b) \ + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + +/* These are normally used internally in BIOs */ +#define BIO_clear_retry_flags(b) \ + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) +#define BIO_get_retry_flags(b) \ + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + +/* These should be used by the application to tell why we should retry */ +#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) + +/* The next three are used in conjunction with the + * BIO_should_io_special() condition. After this returns true, + * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO + * stack and return the 'reason' for the special and the offending BIO. + * Given a BIO, BIO_get_retry_reason(bio) will return the code. */ +/* Returned from the SSL bio when the certificate retrieval code had an error */ +#define BIO_RR_SSL_X509_LOOKUP 0x01 +/* Returned from the connect BIO when a connect would have blocked */ +#define BIO_RR_CONNECT 0x02 +/* Returned from the accept BIO when an accept would have blocked */ +#define BIO_RR_ACCEPT 0x03 + +/* These are passed by the BIO callback */ +#define BIO_CB_FREE 0x01 +#define BIO_CB_READ 0x02 +#define BIO_CB_WRITE 0x03 +#define BIO_CB_PUTS 0x04 +#define BIO_CB_GETS 0x05 +#define BIO_CB_CTRL 0x06 + +/* + * The callback is called before and after the underling operation, + * the BIO_CB_RETURN flag indicates if it is after the call. + */ +#define BIO_CB_RETURN 0x80 +#define BIO_CB_return(a) ((a)|BIO_CB_RETURN)) +#define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) +#define BIO_cb_post(a) ((a)&BIO_CB_RETURN) + +typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi, + long argl, long ret); +typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp, + size_t len, int argi, long argl, int ret, size_t *processed); + +BIO_callback_fn BIO_get_callback(const BIO *b); +void BIO_set_callback(BIO *b, BIO_callback_fn callback); + +BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b); +void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback); + +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); + +const char *BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); + +typedef int BIO_info_cb(BIO *, int, int); +/* Compatibility with OpenSSL's backward compatibility. */ +typedef BIO_info_cb bio_info_cb; + +typedef struct bio_method_st BIO_METHOD; + +DECLARE_STACK_OF(BIO) + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg); + +/* BIO_METHOD accessors */ +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write)(BIO *, const char *, int)); +int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *biom))(BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); + +/* connect BIO stuff */ +#define BIO_CONN_S_BEFORE 1 +#define BIO_CONN_S_GET_IP 2 +#define BIO_CONN_S_GET_PORT 3 +#define BIO_CONN_S_CREATE_SOCKET 4 +#define BIO_CONN_S_CONNECT 5 +#define BIO_CONN_S_OK 6 +#define BIO_CONN_S_BLOCKED_CONNECT 7 +#define BIO_CONN_S_NBIO 8 +/*#define BIO_CONN_get_param_hostname BIO_ctrl */ + +#define BIO_C_SET_CONNECT 100 +#define BIO_C_DO_STATE_MACHINE 101 +#define BIO_C_SET_NBIO 102 +#define BIO_C_SET_PROXY_PARAM 103 +#define BIO_C_SET_FD 104 +#define BIO_C_GET_FD 105 +#define BIO_C_SET_FILE_PTR 106 +#define BIO_C_GET_FILE_PTR 107 +#define BIO_C_SET_FILENAME 108 +#define BIO_C_SET_SSL 109 +#define BIO_C_GET_SSL 110 +#define BIO_C_SET_MD 111 +#define BIO_C_GET_MD 112 +#define BIO_C_GET_CIPHER_STATUS 113 +#define BIO_C_SET_BUF_MEM 114 +#define BIO_C_GET_BUF_MEM_PTR 115 +#define BIO_C_GET_BUFF_NUM_LINES 116 +#define BIO_C_SET_BUFF_SIZE 117 +#define BIO_C_SET_ACCEPT 118 +#define BIO_C_SSL_MODE 119 +#define BIO_C_GET_MD_CTX 120 +#define BIO_C_GET_PROXY_PARAM 121 +#define BIO_C_SET_BUFF_READ_DATA 122 /* data to read first */ +#define BIO_C_GET_CONNECT 123 +#define BIO_C_GET_ACCEPT 124 +#define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 +#define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 +#define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 +#define BIO_C_FILE_SEEK 128 +#define BIO_C_GET_CIPHER_CTX 129 +#define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/ +#define BIO_C_SET_BIND_MODE 131 +#define BIO_C_GET_BIND_MODE 132 +#define BIO_C_FILE_TELL 133 +#define BIO_C_GET_SOCKS 134 +#define BIO_C_SET_SOCKS 135 + +#define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ +#define BIO_C_GET_WRITE_BUF_SIZE 137 +#define BIO_C_MAKE_BIO_PAIR 138 +#define BIO_C_DESTROY_BIO_PAIR 139 +#define BIO_C_GET_WRITE_GUARANTEE 140 +#define BIO_C_GET_READ_REQUEST 141 +#define BIO_C_SHUTDOWN_WR 142 +#define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 + +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 + +#define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) +#define BIO_get_app_data(s) BIO_get_ex_data(s,0) + +/* BIO_s_connect() and BIO_s_socks4a_connect() */ +#define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) +#define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) +#define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) +#define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) +#define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) +#define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) +#define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) +#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) + + +#define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) + +/* BIO_s_accept_socket() */ +#define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) +#define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +/* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ +#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) +#define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) + +#define BIO_BIND_NORMAL 0 +#define BIO_BIND_REUSEADDR_IF_UNUSED 1 +#define BIO_BIND_REUSEADDR 2 +#define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +#define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) + +#define BIO_do_connect(b) BIO_do_handshake(b) +#define BIO_do_accept(b) BIO_do_handshake(b) +#define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) + +/* BIO_s_proxy_client() */ +#define BIO_set_url(b,url) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,0,(char *)(url)) +#define BIO_set_proxies(b,p) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,1,(char *)(p)) +/* BIO_set_nbio(b,n) */ +#define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) +/* BIO *BIO_get_filter_bio(BIO *bio); */ +#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) +#define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) +#define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) + +#define BIO_get_proxy_header(b,skp) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,0,(char *)skp) +#define BIO_get_proxies(b,pxy_p) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,1,(char *)(pxy_p)) +#define BIO_get_url(b,url) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,2,(char *)(url)) +#define BIO_get_no_connect_return(b) BIO_ctrl(b,BIO_C_GET_PROXY_PARAM,5,NULL) + +#define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +#define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) + +#define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) +#define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) + +#define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) +#define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) + +/* name is cast to lose const, but might be better to route through a function + so we can do it safely */ +#define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ,(char *)name) +#define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_WRITE,name) +#define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_APPEND,name) +#define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ + BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) + +/* WARNING WARNING, this ups the reference count on the read bio of the + * SSL structure. This is because the ssl read BIO is now pointed to by + * the next_bio field in the bio. So when you free the BIO, make sure + * you are doing a BIO_free_all() to catch the underlying BIO. */ +#define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) +#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) +#define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +#define BIO_set_ssl_renegotiate_bytes(b,num) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) +#define BIO_get_num_renegotiates(b) \ + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) +#define BIO_set_ssl_renegotiate_timeout(b,seconds) \ + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) + +/* defined in evp.h */ +/* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ + +#define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) +#define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) +#define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) +#define BIO_set_mem_eof_return(b,v) \ + BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) + +/* For the BIO_f_buffer() type */ +#define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +#define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +#define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +#define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +#define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + +/* Don't use the next one unless you know what you are doing :-) */ +#define BIO_dup_state(b,ret) BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret)) + +#define BIO_reset(b) (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL) +#define BIO_eof(b) (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL) +#define BIO_set_close(b,c) (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL) +#define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) +#define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) +#define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +/* ...pending macros have inappropriate return type */ +size_t BIO_ctrl_pending(BIO *b); +size_t BIO_ctrl_wpending(BIO *b); +#define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) +#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ + cbp) +#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) + +/* For the BIO_f_buffer() type */ +#define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) + +/* For BIO_s_bio() */ +#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +#define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +#define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +/* macros with inappropriate type -- but ...pending macros use int too: */ +#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +#define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +size_t BIO_ctrl_get_write_guarantee(BIO *b); +size_t BIO_ctrl_get_read_request(BIO *b); +int BIO_ctrl_reset_read_request(BIO *b); + +/* ctrl macros for dgram */ +#define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) +#define BIO_ctrl_set_connected(b, state, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +#define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +#define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) +#define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) + +/* These two aren't currently implemented */ +/* int BIO_get_ex_num(BIO *bio); */ +/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +unsigned long BIO_number_read(BIO *bio); +unsigned long BIO_number_written(BIO *bio); + +int BIO_get_new_index(void); +const BIO_METHOD *BIO_s_file(void); +BIO *BIO_new_file(const char *filename, const char *mode); +BIO *BIO_new_fp(FILE *stream, int close_flag); +BIO *BIO_new(const BIO_METHOD *type); +int BIO_free(BIO *a); +int BIO_up_ref(BIO *bio); +void *BIO_get_data(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +int BIO_get_init(BIO *a); +void BIO_set_init(BIO *a, int init); +int BIO_get_shutdown(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); +void BIO_vfree(BIO *a); +int BIO_read(BIO *b, void *data, int len) + __attribute__((__bounded__(__buffer__,2,3))); +int BIO_gets(BIO *bp, char *buf, int size) + __attribute__((__bounded__ (__string__,2,3))); +int BIO_write(BIO *b, const void *data, int len) + __attribute__((__bounded__(__buffer__,2,3))); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp); +char * BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO * BIO_push(BIO *b, BIO *append); +BIO * BIO_pop(BIO *b); +void BIO_free_all(BIO *a); +BIO * BIO_find_type(BIO *b, int bio_type); +BIO * BIO_next(BIO *b); +void BIO_set_next(BIO *b, BIO *next); +BIO * BIO_get_retry_BIO(BIO *bio, int *reason); +int BIO_get_retry_reason(BIO *bio); +void BIO_set_retry_reason(BIO *bio, int reason); +BIO * BIO_dup_chain(BIO *in); + +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +#ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); +#endif + +/* BIO_METHOD *BIO_f_ber(void); */ + +int BIO_sock_should_retry(int i); +int BIO_sock_non_fatal_error(int _error); +int BIO_dgram_non_fatal_error(int _error); + +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int _error); + +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); + +struct hostent *BIO_gethostbyname(const char *name); +/* We might want a thread-safe interface too: + * struct hostent *BIO_gethostbyname_r(const char *name, + * struct hostent *result, void *buffer, size_t buflen); + * or something similar (caller allocates a struct hostent, + * pointed to by "result", and additional buffer space for the various + * substructures; if the buffer does not suffice, NULL is returned + * and an appropriate error code is set). + */ +int BIO_sock_error(int sock); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); +int BIO_get_port(const char *str, unsigned short *port_ptr); +int BIO_get_host_ip(const char *str, unsigned char *ip); +int BIO_get_accept_socket(char *host_port, int mode); +int BIO_accept(int sock, char **ip_port); +int BIO_sock_init(void ); +void BIO_sock_cleanup(void); +int BIO_set_tcp_ndelay(int sock, int turn_on); + +BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_dgram(int fd, int close_flag); +BIO *BIO_new_fd(int fd, int close_flag); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); + +int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, + BIO **bio2, size_t writebuf2); +/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. + * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. + * Size 0 uses default value. + */ + +void BIO_copy_next_retry(BIO *b); + +/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ + +/* Needed for libressl-portable. */ +#ifndef __MINGW_PRINTF_FORMAT +int BIO_printf(BIO *bio, const char *format, ...) + __attribute__((__format__(__printf__, 2, 3), __nonnull__(2))); +#else +int BIO_printf(BIO *bio, const char *format, ...) + __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2))); +#endif + +void ERR_load_BIO_strings(void); + +/* Error codes for the BIO functions. */ + +/* Function codes. */ +#define BIO_F_ACPT_STATE 100 +#define BIO_F_BIO_ACCEPT 101 +#define BIO_F_BIO_BER_GET_HEADER 102 +#define BIO_F_BIO_CALLBACK_CTRL 131 +#define BIO_F_BIO_CTRL 103 +#define BIO_F_BIO_GETHOSTBYNAME 120 +#define BIO_F_BIO_GETS 104 +#define BIO_F_BIO_GET_ACCEPT_SOCKET 105 +#define BIO_F_BIO_GET_HOST_IP 106 +#define BIO_F_BIO_GET_PORT 107 +#define BIO_F_BIO_MAKE_PAIR 121 +#define BIO_F_BIO_NEW 108 +#define BIO_F_BIO_NEW_FILE 109 +#define BIO_F_BIO_NEW_MEM_BUF 126 +#define BIO_F_BIO_NREAD 123 +#define BIO_F_BIO_NREAD0 124 +#define BIO_F_BIO_NWRITE 125 +#define BIO_F_BIO_NWRITE0 122 +#define BIO_F_BIO_PUTS 110 +#define BIO_F_BIO_READ 111 +#define BIO_F_BIO_SOCK_INIT 112 +#define BIO_F_BIO_WRITE 113 +#define BIO_F_BUFFER_CTRL 114 +#define BIO_F_CONN_CTRL 127 +#define BIO_F_CONN_STATE 115 +#define BIO_F_DGRAM_SCTP_READ 132 +#define BIO_F_FILE_CTRL 116 +#define BIO_F_FILE_READ 130 +#define BIO_F_LINEBUFFER_CTRL 129 +#define BIO_F_MEM_READ 128 +#define BIO_F_MEM_WRITE 117 +#define BIO_F_SSL_NEW 118 +#define BIO_F_WSASTARTUP 119 + +/* Reason codes. */ +#define BIO_R_ACCEPT_ERROR 100 +#define BIO_R_BAD_FOPEN_MODE 101 +#define BIO_R_BAD_HOSTNAME_LOOKUP 102 +#define BIO_R_BROKEN_PIPE 124 +#define BIO_R_CONNECT_ERROR 103 +#define BIO_R_EOF_ON_MEMORY_BIO 127 +#define BIO_R_ERROR_SETTING_NBIO 104 +#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 +#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 +#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 +#define BIO_R_INVALID_ARGUMENT 125 +#define BIO_R_INVALID_IP_ADDRESS 108 +#define BIO_R_INVALID_PORT_NUMBER 129 +#define BIO_R_IN_USE 123 +#define BIO_R_KEEPALIVE 109 +#define BIO_R_LENGTH_TOO_LONG 130 +#define BIO_R_NBIO_CONNECT_ERROR 110 +#define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 +#define BIO_R_NO_HOSTNAME_SPECIFIED 112 +#define BIO_R_NO_PORT_DEFINED 113 +#define BIO_R_NO_PORT_SPECIFIED 114 +#define BIO_R_NO_SUCH_FILE 128 +#define BIO_R_NULL_PARAMETER 115 +#define BIO_R_TAG_MISMATCH 116 +#define BIO_R_UNABLE_TO_BIND_SOCKET 117 +#define BIO_R_UNABLE_TO_CREATE_SOCKET 118 +#define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 +#define BIO_R_UNINITIALIZED 120 +#define BIO_R_UNSUPPORTED_METHOD 121 +#define BIO_R_WRITE_TO_READ_ONLY_BIO 126 +#define BIO_R_WSASTARTUP 122 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/blowfish.h b/includes/curl/openssl/blowfish.h new file mode 100644 index 0000000..5ea99af --- /dev/null +++ b/includes/curl/openssl/blowfish.h @@ -0,0 +1,106 @@ +/* $OpenBSD: blowfish.h,v 1.18 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BLOWFISH_H +#define HEADER_BLOWFISH_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define BF_ENCRYPT 1 +#define BF_DECRYPT 0 + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! + * ! BF_LONG_LOG2 has to be defined along. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#define BF_LONG unsigned int + +#define BF_ROUNDS 16 +#define BF_BLOCK 8 + +typedef struct bf_key_st { + BF_LONG P[BF_ROUNDS + 2]; + BF_LONG S[4*256]; +} BF_KEY; + +void BF_set_key(BF_KEY *key, int len, const unsigned char *data); + +void BF_encrypt(BF_LONG *data, const BF_KEY *key); +void BF_decrypt(BF_LONG *data, const BF_KEY *key); + +void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, + const BF_KEY *key, int enc); +void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int enc); +void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int *num, int enc); +void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, + const BF_KEY *schedule, unsigned char *ivec, int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/bn.h b/includes/curl/openssl/bn.h new file mode 100644 index 0000000..7c3c0b1 --- /dev/null +++ b/includes/curl/openssl/bn.h @@ -0,0 +1,520 @@ +/* $OpenBSD: bn.h,v 1.80 2025/03/09 15:22:40 tb Exp $ */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#ifndef HEADER_BN_H +#define HEADER_BN_H + +#include +#include + +#include + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* This next option uses the C libraries (2 word)/(1 word) function. + * If it is not defined, I use my C version (which is slower). + * The reason for this flag is that when the particular C compiler + * library routine is used, and the library is linked with a different + * compiler, the library is missing. This mostly happens when the + * library is built with gcc and then linked using normal cc. This would + * be a common occurrence because gcc normally produces code that is + * 2 times faster than system compilers for the big number stuff. + * For machines with only one compiler (or shared libraries), this should + * be on. Again this in only really a problem on machines + * using "long long's", are 32bit, and are not using my assembler code. */ +/* #define BN_DIV2W */ + +#ifdef _LP64 +#undef BN_LLONG +#define BN_ULONG unsigned long +#define BN_LONG long +#define BN_BITS 128 +#define BN_BYTES 8 +#define BN_BITS2 64 +#define BN_BITS4 32 +#define BN_MASK2 (0xffffffffffffffffL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000L) +#define BN_MASK2h1 (0xffffffff80000000L) +#define BN_TBIT (0x8000000000000000L) +#define BN_DEC_CONV (10000000000000000000UL) +#define BN_DEC_FMT1 "%lu" +#define BN_DEC_FMT2 "%019lu" +#define BN_DEC_NUM 19 +#define BN_HEX_FMT1 "%lX" +#define BN_HEX_FMT2 "%016lX" +#else +#define BN_ULLONG unsigned long long +#define BN_LLONG +#define BN_ULONG unsigned int +#define BN_LONG int +#define BN_BITS 64 +#define BN_BYTES 4 +#define BN_BITS2 32 +#define BN_BITS4 16 +#define BN_MASK (0xffffffffffffffffLL) +#define BN_MASK2 (0xffffffffL) +#define BN_MASK2l (0xffff) +#define BN_MASK2h1 (0xffff8000L) +#define BN_MASK2h (0xffff0000L) +#define BN_TBIT (0x80000000L) +#define BN_DEC_CONV (1000000000L) +#define BN_DEC_FMT1 "%u" +#define BN_DEC_FMT2 "%09u" +#define BN_DEC_NUM 9 +#define BN_HEX_FMT1 "%X" +#define BN_HEX_FMT2 "%08X" +#endif + +#define BN_FLG_MALLOCED 0x01 +#define BN_FLG_STATIC_DATA 0x02 +#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ + +void BN_set_flags(BIGNUM *b, int n); +int BN_get_flags(const BIGNUM *b, int n); +void BN_with_flags(BIGNUM *dest, const BIGNUM *src, int flags); + +/* Values for |top| in BN_rand() */ +#define BN_RAND_TOP_ANY -1 +#define BN_RAND_TOP_ONE 0 +#define BN_RAND_TOP_TWO 1 + +/* Values for |bottom| in BN_rand() */ +#define BN_RAND_BOTTOM_ANY 0 +#define BN_RAND_BOTTOM_ODD 1 + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); + +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); + +/* Populate a BN_GENCB structure with an "old"-style callback */ +void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback)(int, int, void *), + void *cb_arg); + +/* Populate a BN_GENCB structure with a "new"-style callback */ +void BN_GENCB_set(BN_GENCB *gencb, int (*callback)(int, int, BN_GENCB *), + void *cb_arg); + +void *BN_GENCB_get_arg(BN_GENCB *cb); + +#define BN_prime_checks 0 /* default: select number of iterations + based on the size of the number */ + +/* + * BN_prime_checks_for_size() returns the number of Miller-Rabin + * iterations that will be done for checking that a random number + * is probably prime. The error rate for accepting a composite + * number as prime depends on the size of the prime |b|. The error + * rates used are for calculating an RSA key with 2 primes, and so + * the level is what you would expect for a key of double the size + * of the prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level + * we want to reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit + */ + +#define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) + +#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) + +int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_zero(const BIGNUM *a); +int BN_is_one(const BIGNUM *a); +int BN_is_word(const BIGNUM *a, const BN_ULONG w); +int BN_is_odd(const BIGNUM *a); + +void BN_zero(BIGNUM *a); +int BN_one(BIGNUM *a); + +const BIGNUM *BN_value_one(void); +BN_CTX *BN_CTX_new(void); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG); +BIGNUM *BN_new(void); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +void BN_swap(BIGNUM *a, BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); +int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +void BN_set_negative(BIGNUM *b, int n); + +int BN_is_negative(const BIGNUM *b); + +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) + +int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); +int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); +int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); +int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(const BIGNUM *a); + +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, const BIGNUM *a); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); + +int BN_mask_bits(BIGNUM *a, int n); +int BN_print_fp(FILE *fp, const BIGNUM *a); +int BN_print(BIO *fp, const BIGNUM *a); +int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, const BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +char * BN_bn2hex(const BIGNUM *a); +char * BN_bn2dec(const BIGNUM *a); +int BN_hex2bn(BIGNUM **a, const char *str); +int BN_dec2bn(BIGNUM **a, const char *str); +int BN_asc2bn(BIGNUM **a, const char *str); +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ +BIGNUM *BN_mod_inverse(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +BIGNUM *BN_mod_sqrt(BIGNUM *ret, + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +int BN_security_bits(int L, int N); + +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +BN_MONT_CTX *BN_MONT_CTX_new(void); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, + BN_MONT_CTX *mont, BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, const BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* Primes from RFC 2409 */ +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); + +void ERR_load_BN_strings(void); + +/* Error codes for the BN functions. */ + +/* Function codes. */ +#define BN_F_BNRAND 127 +#define BN_F_BN_BLINDING_CONVERT_EX 100 +#define BN_F_BN_BLINDING_CREATE_PARAM 128 +#define BN_F_BN_BLINDING_INVERT_EX 101 +#define BN_F_BN_BLINDING_NEW 102 +#define BN_F_BN_BLINDING_UPDATE 103 +#define BN_F_BN_BN2DEC 104 +#define BN_F_BN_BN2HEX 105 +#define BN_F_BN_CTX_GET 116 +#define BN_F_BN_CTX_NEW 106 +#define BN_F_BN_CTX_START 129 +#define BN_F_BN_DIV 107 +#define BN_F_BN_DIV_NO_BRANCH 138 +#define BN_F_BN_DIV_RECP 130 +#define BN_F_BN_EXP 123 +#define BN_F_BN_EXPAND2 108 +#define BN_F_BN_GENERATE_PRIME_EX 140 +#define BN_F_BN_EXPAND_INTERNAL 120 +#define BN_F_BN_GF2M_MOD 131 +#define BN_F_BN_GF2M_MOD_EXP 132 +#define BN_F_BN_GF2M_MOD_MUL 133 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +#define BN_F_BN_GF2M_MOD_SQR 136 +#define BN_F_BN_GF2M_MOD_SQRT 137 +#define BN_F_BN_MOD_EXP2_MONT 118 +#define BN_F_BN_MOD_EXP_MONT 109 +#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 +#define BN_F_BN_MOD_EXP_MONT_WORD 117 +#define BN_F_BN_MOD_EXP_RECP 125 +#define BN_F_BN_MOD_EXP_SIMPLE 126 +#define BN_F_BN_MOD_INVERSE 110 +#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 +#define BN_F_BN_MOD_LSHIFT_QUICK 119 +#define BN_F_BN_MOD_MUL_RECIPROCAL 111 +#define BN_F_BN_MOD_SQRT 121 +#define BN_F_BN_MPI2BN 112 +#define BN_F_BN_NEW 113 +#define BN_F_BN_RAND 114 +#define BN_F_BN_RAND_RANGE 122 +#define BN_F_BN_USUB 115 + +/* Reason codes. */ +#define BN_R_ARG2_LT_ARG3 100 +#define BN_R_BAD_RECIPROCAL 101 +#define BN_R_BIGNUM_TOO_LONG 114 +#define BN_R_BITS_TOO_SMALL 117 +#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +#define BN_R_DIV_BY_ZERO 103 +#define BN_R_ENCODING_ERROR 104 +#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +#define BN_R_INPUT_NOT_REDUCED 110 +#define BN_R_INVALID_ARGUMENT 118 +#define BN_R_INVALID_LENGTH 106 +#define BN_R_INVALID_RANGE 115 +#define BN_R_NOT_A_SQUARE 111 +#define BN_R_NOT_INITIALIZED 107 +#define BN_R_NO_INVERSE 108 +#define BN_R_NO_SOLUTION 116 +#define BN_R_P_IS_NOT_PRIME 112 +#define BN_R_TOO_MANY_ITERATIONS 113 +#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/buffer.h b/includes/curl/openssl/buffer.h new file mode 100644 index 0000000..d461d64 --- /dev/null +++ b/includes/curl/openssl/buffer.h @@ -0,0 +1,102 @@ +/* $OpenBSD: buffer.h,v 1.17 2023/07/28 10:17:21 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BUFFER_H +#define HEADER_BUFFER_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +/* Already declared in ossl_typ.h */ +/* typedef struct buf_mem_st BUF_MEM; */ + +struct buf_mem_st { + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ +}; + +BUF_MEM *BUF_MEM_new(void); +void BUF_MEM_free(BUF_MEM *a); +int BUF_MEM_grow(BUF_MEM *str, size_t len); +int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); + +void ERR_load_BUF_strings(void); + +/* Error codes for the BUF functions. */ + +/* Function codes. */ +#define BUF_F_BUF_MEMDUP 103 +#define BUF_F_BUF_MEM_GROW 100 +#define BUF_F_BUF_MEM_GROW_CLEAN 105 +#define BUF_F_BUF_MEM_NEW 101 +#define BUF_F_BUF_STRDUP 102 +#define BUF_F_BUF_STRNDUP 104 + +/* Reason codes. */ + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/camellia.h b/includes/curl/openssl/camellia.h new file mode 100644 index 0000000..c1f1a17 --- /dev/null +++ b/includes/curl/openssl/camellia.h @@ -0,0 +1,121 @@ +/* $OpenBSD: camellia.h,v 1.6 2025/01/25 17:59:44 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_CAMELLIA_H +#define HEADER_CAMELLIA_H + +#include + +#include + +#define CAMELLIA_ENCRYPT 1 +#define CAMELLIA_DECRYPT 0 + +/* Because array size can't be a const in C, the following two are macros. + Both sizes are in bytes. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ + +#define CAMELLIA_BLOCK_SIZE 16 +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_Camellia_H */ diff --git a/includes/curl/openssl/cast.h b/includes/curl/openssl/cast.h new file mode 100644 index 0000000..5c12d91 --- /dev/null +++ b/includes/curl/openssl/cast.h @@ -0,0 +1,99 @@ +/* $OpenBSD: cast.h,v 1.14 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CAST_H +#define HEADER_CAST_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define CAST_ENCRYPT 1 +#define CAST_DECRYPT 0 + +#define CAST_LONG unsigned int + +#define CAST_BLOCK 8 +#define CAST_KEY_LENGTH 16 + +typedef struct cast_key_st { + CAST_LONG data[32]; + int short_key; /* Use reduced rounds for short key */ +} CAST_KEY; + +void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, + int enc); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + const CAST_KEY *ks, unsigned char *iv, int enc); +void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, const CAST_KEY *schedule, unsigned char *ivec, + int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/chacha.h b/includes/curl/openssl/chacha.h new file mode 100644 index 0000000..7d30c51 --- /dev/null +++ b/includes/curl/openssl/chacha.h @@ -0,0 +1,54 @@ +/* $OpenBSD: chacha.h,v 1.9 2025/01/25 17:59:44 tb Exp $ */ +/* + * Copyright (c) 2014 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_CHACHA_H +#define HEADER_CHACHA_H + +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + unsigned int input[16]; + unsigned char ks[64]; + unsigned char unused; +} ChaCha_ctx; + +void ChaCha_set_key(ChaCha_ctx *ctx, const unsigned char *key, + unsigned int keybits); +void ChaCha_set_iv(ChaCha_ctx *ctx, const unsigned char *iv, + const unsigned char *counter); +void ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, + size_t len); + +void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, + const unsigned char key[32], const unsigned char iv[8], uint64_t counter); +void CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len, + const unsigned char key[32], const unsigned char iv[24]); +void CRYPTO_hchacha_20(unsigned char out[32], + const unsigned char key[32], const unsigned char iv[16]); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_CHACHA_H */ diff --git a/includes/curl/openssl/cmac.h b/includes/curl/openssl/cmac.h new file mode 100644 index 0000000..f77dae1 --- /dev/null +++ b/includes/curl/openssl/cmac.h @@ -0,0 +1,81 @@ +/* $OpenBSD: cmac.h,v 1.4 2024/03/02 09:30:21 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#ifndef HEADER_CMAC_H +#define HEADER_CMAC_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/cms.h b/includes/curl/openssl/cms.h new file mode 100644 index 0000000..90030bd --- /dev/null +++ b/includes/curl/openssl/cms.h @@ -0,0 +1,534 @@ +/* $OpenBSD: cms.h,v 1.18 2024/03/30 00:35:15 joshua Exp $ */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CMS_H +#define HEADER_CMS_H + +#include + +#ifndef OPENSSL_NO_CMS + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct CMS_ContentInfo_st CMS_ContentInfo; +typedef struct CMS_SignerInfo_st CMS_SignerInfo; +typedef struct CMS_CertificateChoices CMS_CertificateChoices; +typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; +typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; +typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; +typedef struct CMS_Receipt_st CMS_Receipt; +typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; +typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; + +DECLARE_STACK_OF(CMS_SignerInfo) +DECLARE_STACK_OF(CMS_RecipientEncryptedKey) +DECLARE_STACK_OF(CMS_RecipientInfo) +DECLARE_STACK_OF(CMS_RevocationInfoChoice) +CMS_ContentInfo *CMS_ContentInfo_new(void); +void CMS_ContentInfo_free(CMS_ContentInfo *a); +CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len); +int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **out); +extern const ASN1_ITEM CMS_ContentInfo_it; +CMS_ReceiptRequest *CMS_ReceiptRequest_new(void); +void CMS_ReceiptRequest_free(CMS_ReceiptRequest *a); +CMS_ReceiptRequest *d2i_CMS_ReceiptRequest(CMS_ReceiptRequest **a, const unsigned char **in, long len); +int i2d_CMS_ReceiptRequest(CMS_ReceiptRequest *a, unsigned char **out); +extern const ASN1_ITEM CMS_ReceiptRequest_it; +int CMS_ContentInfo_print_ctx(BIO *out, CMS_ContentInfo *x, int indent, const ASN1_PCTX *pctx); + +#define CMS_SIGNERINFO_ISSUER_SERIAL 0 +#define CMS_SIGNERINFO_KEYIDENTIFIER 1 + +#define CMS_RECIPINFO_NONE -1 +#define CMS_RECIPINFO_TRANS 0 +#define CMS_RECIPINFO_AGREE 1 +#define CMS_RECIPINFO_KEK 2 +#define CMS_RECIPINFO_PASS 3 +#define CMS_RECIPINFO_OTHER 4 + +/* S/MIME related flags */ + +#define CMS_TEXT 0x1 +#define CMS_NOCERTS 0x2 +#define CMS_NO_CONTENT_VERIFY 0x4 +#define CMS_NO_ATTR_VERIFY 0x8 +#define CMS_NOSIGS \ + (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) +#define CMS_NOINTERN 0x10 +#define CMS_NO_SIGNER_CERT_VERIFY 0x20 +#define CMS_NOVERIFY 0x20 +#define CMS_DETACHED 0x40 +#define CMS_BINARY 0x80 +#define CMS_NOATTR 0x100 +#define CMS_NOSMIMECAP 0x200 +#define CMS_NOOLDMIMETYPE 0x400 +#define CMS_CRLFEOL 0x800 +#define CMS_STREAM 0x1000 +#define CMS_NOCRL 0x2000 +#define CMS_PARTIAL 0x4000 +#define CMS_REUSE_DIGEST 0x8000 +#define CMS_USE_KEYID 0x10000 +#define CMS_DEBUG_DECRYPT 0x20000 +#define CMS_KEY_PARAM 0x40000 +#define CMS_ASCIICRLF 0x80000 + +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms); + +int CMS_get_version(const CMS_ContentInfo *cms, long *version); +int CMS_SignerInfo_get_version(const CMS_SignerInfo *si, long *version); + +BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); +int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); + +ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); +int CMS_is_detached(CMS_ContentInfo *cms); +int CMS_set_detached(CMS_ContentInfo *cms, int detached); + +CMS_ContentInfo *PEM_read_bio_CMS(BIO *bp, CMS_ContentInfo **x, + pem_password_cb *cb, void *u); +CMS_ContentInfo *PEM_read_CMS(FILE *fp, CMS_ContentInfo **x, + pem_password_cb *cb, void *u); +int PEM_write_bio_CMS(BIO *bp, const CMS_ContentInfo *x); +int PEM_write_CMS(FILE *fp, const CMS_ContentInfo *x); +int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); +CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); +int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); + +BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); +int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); +int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, + int flags); +CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); +int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); + +int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags); + +CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, unsigned int flags); + +CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, + EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags); + +int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); +CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); + +int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, + unsigned int flags); + +int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key, + size_t keylen, BIO *dcont, BIO *out, unsigned int flags); + +CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + const unsigned char *key, size_t keylen, unsigned int flags); + +int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, + const unsigned char *key, size_t keylen); + +int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); + +int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, + STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags); + +STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); + +CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, + const EVP_CIPHER *cipher, unsigned int flags); + +int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, + BIO *dcont, BIO *out, unsigned int flags); + +int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); +int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, + size_t keylen, const unsigned char *id, size_t idlen); +int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass, + ssize_t passlen); + +STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); +int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); +EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); +CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); +CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, + unsigned int flags); +int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); +int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); +int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk, + X509 **recip, X509_ALGOR **palg); +int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, + ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); + +CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, + unsigned char *key, size_t keylen, unsigned char *id, size_t idlen, + ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType); + +int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, + ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, + ASN1_OBJECT **potherid, ASN1_TYPE **pothertype); + +int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, + size_t keylen); + +int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, + const unsigned char *id, size_t idlen); + +int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, + ssize_t passlen); + +CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, + int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen, + const EVP_CIPHER *kekciph); + +int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); +int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); + +int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, + unsigned int flags); +CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); + +int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); +const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + +CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); +int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); +int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); +STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); + +CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); +int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); +int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); +STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); + +int CMS_SignedData_init(CMS_ContentInfo *cms); +CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, + EVP_PKEY *pk, const EVP_MD *md, unsigned int flags); +EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); +EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); +STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); + +void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); +int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); +int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, + unsigned int flags); +void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer, + X509_ALGOR **pdig, X509_ALGOR **psig); +ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); +int CMS_SignerInfo_sign(CMS_SignerInfo *si); +int CMS_SignerInfo_verify(CMS_SignerInfo *si); +int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); + +int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); +int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, + int keysize); +int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); + +int CMS_signed_get_attr_count(const CMS_SignerInfo *si); +int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos); +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int type, const void *bytes, int len); +int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, + const void *bytes, int len); +int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, const void *bytes, int len); +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); +int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); +X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); +X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); +int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); +int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, const void *bytes, int len); +int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, + const void *bytes, int len); +int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, + int type, const void *bytes, int len); +void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); +CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, + int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList, + STACK_OF(GENERAL_NAMES) *receiptsTo); +int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); +void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid, + int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist, + STACK_OF(GENERAL_NAMES) **prto); + +int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg, + ASN1_OCTET_STRING **pukm); +STACK_OF(CMS_RecipientEncryptedKey) * + CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); + +int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, + X509_ALGOR **pubalg, ASN1_BIT_STRING **pubkey, ASN1_OCTET_STRING **keyid, + X509_NAME **issuer, ASN1_INTEGER **sno); + +int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); + +int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, + ASN1_OCTET_STRING **keyid, ASN1_GENERALIZEDTIME **tm, + CMS_OtherKeyAttribute **other, X509_NAME **issuer, ASN1_INTEGER **sno); +int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, + X509 *cert); +int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); +EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); +int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, + CMS_RecipientInfo *ri, CMS_RecipientEncryptedKey *rek); + +int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, + ASN1_OCTET_STRING *ukm, int keylen); + +/* Backward compatibility for spelling errors. */ +#define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM +#define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \ + CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE + +int ERR_load_CMS_strings(void); + +/* + * CMS function codes. + */ +#define CMS_F_CHECK_CONTENT 99 +#define CMS_F_CMS_ADD0_CERT 164 +#define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 +#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 +#define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 +#define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 +#define CMS_F_CMS_ADD1_SIGNER 102 +#define CMS_F_CMS_ADD1_SIGNINGTIME 103 +#define CMS_F_CMS_COMPRESS 104 +#define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 +#define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 +#define CMS_F_CMS_COPY_CONTENT 107 +#define CMS_F_CMS_COPY_MESSAGEDIGEST 108 +#define CMS_F_CMS_DATA 109 +#define CMS_F_CMS_DATAFINAL 110 +#define CMS_F_CMS_DATAINIT 111 +#define CMS_F_CMS_DECRYPT 112 +#define CMS_F_CMS_DECRYPT_SET1_KEY 113 +#define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 +#define CMS_F_CMS_DECRYPT_SET1_PKEY 114 +#define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 +#define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 +#define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 +#define CMS_F_CMS_DIGEST_VERIFY 118 +#define CMS_F_CMS_ENCODE_RECEIPT 161 +#define CMS_F_CMS_ENCRYPT 119 +#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT 179 +#define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 +#define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 +#define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 +#define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 +#define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 +#define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 +#define CMS_F_CMS_ENVELOPED_DATA_INIT 126 +#define CMS_F_CMS_ENV_ASN1_CTRL 171 +#define CMS_F_CMS_FINAL 127 +#define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 +#define CMS_F_CMS_GET0_CONTENT 129 +#define CMS_F_CMS_GET0_ECONTENT_TYPE 130 +#define CMS_F_CMS_GET0_ENVELOPED 131 +#define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 +#define CMS_F_CMS_GET0_SIGNED 133 +#define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 +#define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 +#define CMS_F_CMS_RECEIPT_VERIFY 160 +#define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 +#define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 +#define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 +#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 +#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 +#define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 +#define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 +#define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 +#define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 +#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 +#define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 +#define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 +#define CMS_F_CMS_SD_ASN1_CTRL 170 +#define CMS_F_CMS_SET1_IAS 176 +#define CMS_F_CMS_SET1_KEYID 177 +#define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 +#define CMS_F_CMS_SET_DETACHED 147 +#define CMS_F_CMS_SIGN 148 +#define CMS_F_CMS_SIGNED_DATA_INIT 149 +#define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 +#define CMS_F_CMS_SIGNERINFO_SIGN 151 +#define CMS_F_CMS_SIGNERINFO_VERIFY 152 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 +#define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 +#define CMS_F_CMS_SIGN_RECEIPT 163 +#define CMS_F_CMS_STREAM 155 +#define CMS_F_CMS_UNCOMPRESS 156 +#define CMS_F_CMS_VERIFY 157 +#define CMS_F_KEK_UNWRAP_KEY 180 + +/* + * CMS reason codes. + */ +#define CMS_R_ADD_SIGNER_ERROR 99 +#define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 +#define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 +#define CMS_R_CERTIFICATE_VERIFY_ERROR 100 +#define CMS_R_CIPHER_INITIALISATION_ERROR 101 +#define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 +#define CMS_R_CMS_DATAFINAL_ERROR 103 +#define CMS_R_CMS_LIB 104 +#define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 +#define CMS_R_CONTENT_NOT_FOUND 105 +#define CMS_R_CONTENT_TYPE_MISMATCH 171 +#define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 +#define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 +#define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 +#define CMS_R_CONTENT_VERIFY_ERROR 109 +#define CMS_R_CTRL_ERROR 110 +#define CMS_R_CTRL_FAILURE 111 +#define CMS_R_DECRYPT_ERROR 112 +#define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 +#define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 +#define CMS_R_ERROR_SETTING_KEY 115 +#define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 +#define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 +#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 +#define CMS_R_INVALID_KEY_LENGTH 118 +#define CMS_R_MD_BIO_INIT_ERROR 119 +#define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 +#define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 +#define CMS_R_MSGSIGDIGEST_ERROR 172 +#define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 +#define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 +#define CMS_R_NEED_ONE_SIGNER 164 +#define CMS_R_NOT_A_SIGNED_RECEIPT 165 +#define CMS_R_NOT_ENCRYPTED_DATA 122 +#define CMS_R_NOT_KEK 123 +#define CMS_R_NOT_KEY_AGREEMENT 181 +#define CMS_R_NOT_KEY_TRANSPORT 124 +#define CMS_R_NOT_PWRI 177 +#define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 +#define CMS_R_NO_CIPHER 126 +#define CMS_R_NO_CONTENT 127 +#define CMS_R_NO_CONTENT_TYPE 173 +#define CMS_R_NO_DEFAULT_DIGEST 128 +#define CMS_R_NO_DIGEST_SET 129 +#define CMS_R_NO_KEY 130 +#define CMS_R_NO_KEY_OR_CERT 174 +#define CMS_R_NO_MATCHING_DIGEST 131 +#define CMS_R_NO_MATCHING_RECIPIENT 132 +#define CMS_R_NO_MATCHING_SIGNATURE 166 +#define CMS_R_NO_MSGSIGDIGEST 167 +#define CMS_R_NO_PASSWORD 178 +#define CMS_R_NO_PRIVATE_KEY 133 +#define CMS_R_NO_PUBLIC_KEY 134 +#define CMS_R_NO_RECEIPT_REQUEST 168 +#define CMS_R_NO_SIGNERS 135 +#define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 +#define CMS_R_RECEIPT_DECODE_ERROR 169 +#define CMS_R_RECIPIENT_ERROR 137 +#define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 +#define CMS_R_SIGNFINAL_ERROR 139 +#define CMS_R_SMIME_TEXT_ERROR 140 +#define CMS_R_STORE_INIT_ERROR 141 +#define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 +#define CMS_R_TYPE_NOT_DATA 143 +#define CMS_R_TYPE_NOT_DIGESTED_DATA 144 +#define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 +#define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 +#define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 +#define CMS_R_UNKNOWN_CIPHER 148 +#define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 +#define CMS_R_UNKNOWN_ID 150 +#define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +#define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 +#define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 +#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 +#define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 +#define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +#define CMS_R_UNSUPPORTED_TYPE 156 +#define CMS_R_UNWRAP_ERROR 157 +#define CMS_R_UNWRAP_FAILURE 180 +#define CMS_R_VERIFICATION_FAILURE 158 +#define CMS_R_WRAP_ERROR 159 + +#ifdef __cplusplus +} +#endif +#endif +#endif diff --git a/includes/curl/openssl/comp.h b/includes/curl/openssl/comp.h new file mode 100644 index 0000000..f033027 --- /dev/null +++ b/includes/curl/openssl/comp.h @@ -0,0 +1,7 @@ +/* $OpenBSD: comp.h,v 1.13 2023/07/28 09:42:44 tb Exp $ */ + +/* + * Public domain. + * + * This header is intentionally left empty. Some software uses it unnecessarily. + */ diff --git a/includes/curl/openssl/conf.h b/includes/curl/openssl/conf.h new file mode 100644 index 0000000..58a9035 --- /dev/null +++ b/includes/curl/openssl/conf.h @@ -0,0 +1,189 @@ +/* $OpenBSD: conf.h,v 1.28 2025/03/01 10:11:19 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONF_H +#define HEADER_CONF_H + +#include + +#include +#include +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + char *section; + char *name; + char *value; +} CONF_VALUE; + +DECLARE_STACK_OF(CONF_VALUE) +DECLARE_LHASH_OF(CONF_VALUE); + +struct conf_st; +struct conf_method_st; +typedef struct conf_method_st CONF_METHOD; + +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +DECLARE_STACK_OF(CONF_MODULE) +DECLARE_STACK_OF(CONF_IMODULE) + +/* DSO module function typedefs */ +typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); +typedef void conf_finish_func(CONF_IMODULE *md); + +#define CONF_MFLAGS_IGNORE_ERRORS 0x1 +#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +#define CONF_MFLAGS_SILENT 0x4 +#define CONF_MFLAGS_NO_DSO 0x8 +#define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +#define CONF_MFLAGS_DEFAULT_SECTION 0x20 + +void OPENSSL_config(const char *config_name); +void OPENSSL_no_config(void); + +struct conf_st { + const CONF_METHOD *meth; + LHASH_OF(CONF_VALUE) *data; +}; + +CONF *NCONF_new(const CONF_METHOD *meth); +void NCONF_free(CONF *conf); + +int NCONF_load(CONF *conf, const char *file, long *eline); +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); + +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) + +/* Module functions */ + +int CONF_modules_load(const CONF *cnf, const char *appname, + unsigned long flags); +int CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +void CONF_modules_free(void); + +char *CONF_get1_default_config_file(void); + +void ERR_load_CONF_strings(void); + +/* Error codes for the CONF functions. */ + +/* Function codes. */ +#define CONF_F_CONF_DUMP_FP 104 +#define CONF_F_CONF_LOAD 100 +#define CONF_F_CONF_LOAD_BIO 102 +#define CONF_F_CONF_LOAD_FP 103 +#define CONF_F_CONF_MODULES_LOAD 116 +#define CONF_F_CONF_PARSE_LIST 119 +#define CONF_F_DEF_LOAD 120 +#define CONF_F_DEF_LOAD_BIO 121 +#define CONF_F_MODULE_INIT 115 +#define CONF_F_MODULE_LOAD_DSO 117 +#define CONF_F_MODULE_RUN 118 +#define CONF_F_NCONF_DUMP_BIO 105 +#define CONF_F_NCONF_DUMP_FP 106 +#define CONF_F_NCONF_GET_NUMBER 107 +#define CONF_F_NCONF_GET_NUMBER_E 112 +#define CONF_F_NCONF_GET_SECTION 108 +#define CONF_F_NCONF_GET_STRING 109 +#define CONF_F_NCONF_LOAD 113 +#define CONF_F_NCONF_LOAD_BIO 110 +#define CONF_F_NCONF_LOAD_FP 114 +#define CONF_F_NCONF_NEW 111 +#define CONF_F_STR_COPY 101 + +/* Reason codes. */ +#define CONF_R_ERROR_LOADING_DSO 110 +#define CONF_R_LIST_CANNOT_BE_NULL 115 +#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 +#define CONF_R_MISSING_EQUAL_SIGN 101 +#define CONF_R_MISSING_FINISH_FUNCTION 111 +#define CONF_R_MISSING_INIT_FUNCTION 112 +#define CONF_R_MODULE_INITIALIZATION_ERROR 109 +#define CONF_R_NO_CLOSE_BRACE 102 +#define CONF_R_NO_CONF 105 +#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 +#define CONF_R_NO_SECTION 107 +#define CONF_R_NO_SUCH_FILE 114 +#define CONF_R_NO_VALUE 108 +#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +#define CONF_R_UNKNOWN_MODULE_NAME 113 +#define CONF_R_VARIABLE_EXPANSION_TOO_LONG 116 +#define CONF_R_VARIABLE_HAS_NO_VALUE 104 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/crypto.h b/includes/curl/openssl/crypto.h new file mode 100644 index 0000000..b4230f1 --- /dev/null +++ b/includes/curl/openssl/crypto.h @@ -0,0 +1,458 @@ +/* $OpenBSD: crypto.h,v 1.79 2025/03/09 15:29:56 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include +#include +#include +#include + +#ifndef HEADER_CRYPTO_H +#define HEADER_CRYPTO_H + +#include + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Backward compatibility to SSLeay */ +/* This is more to be used to check the correct DLL is being used + * in the MS world. */ +#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER +#define SSLEAY_VERSION 0 +/* #define SSLEAY_OPTIONS 1 no longer supported */ +#define SSLEAY_CFLAGS 2 +#define SSLEAY_BUILT_ON 3 +#define SSLEAY_PLATFORM 4 +#define SSLEAY_DIR 5 + +/* When changing the CRYPTO_LOCK_* list, be sure to maintain the text lock + * names in cryptlib.c + */ + +#define CRYPTO_LOCK_ERR 1 +#define CRYPTO_LOCK_EX_DATA 2 +#define CRYPTO_LOCK_X509 3 +#define CRYPTO_LOCK_X509_INFO 4 +#define CRYPTO_LOCK_X509_PKEY 5 +#define CRYPTO_LOCK_X509_CRL 6 +#define CRYPTO_LOCK_X509_REQ 7 +#define CRYPTO_LOCK_DSA 8 +#define CRYPTO_LOCK_RSA 9 +#define CRYPTO_LOCK_EVP_PKEY 10 +#define CRYPTO_LOCK_X509_STORE 11 +#define CRYPTO_LOCK_SSL_CTX 12 +#define CRYPTO_LOCK_SSL_CERT 13 +#define CRYPTO_LOCK_SSL_SESSION 14 +#define CRYPTO_LOCK_SSL_SESS_CERT 15 +#define CRYPTO_LOCK_SSL 16 +#define CRYPTO_LOCK_SSL_METHOD 17 +#define CRYPTO_LOCK_RAND 18 +#define CRYPTO_LOCK_RAND2 19 +#define CRYPTO_LOCK_MALLOC 20 +#define CRYPTO_LOCK_BIO 21 +#define CRYPTO_LOCK_GETHOSTBYNAME 22 +#define CRYPTO_LOCK_GETSERVBYNAME 23 +#define CRYPTO_LOCK_READDIR 24 +#define CRYPTO_LOCK_RSA_BLINDING 25 +#define CRYPTO_LOCK_DH 26 +#define CRYPTO_LOCK_MALLOC2 27 +#define CRYPTO_LOCK_DSO 28 +#define CRYPTO_LOCK_DYNLOCK 29 +#define CRYPTO_LOCK_ENGINE 30 +#define CRYPTO_LOCK_UI 31 +#define CRYPTO_LOCK_ECDSA 32 +#define CRYPTO_LOCK_EC 33 +#define CRYPTO_LOCK_ECDH 34 +#define CRYPTO_LOCK_BN 35 +#define CRYPTO_LOCK_EC_PRE_COMP 36 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_LOCK_COMP 38 +#define CRYPTO_LOCK_FIPS 39 +#define CRYPTO_LOCK_FIPS2 40 +#define CRYPTO_NUM_LOCKS 41 + +#define CRYPTO_LOCK 1 +#define CRYPTO_UNLOCK 2 +#define CRYPTO_READ 4 +#define CRYPTO_WRITE 8 + +#ifndef CRYPTO_w_lock +#define CRYPTO_w_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) +#define CRYPTO_w_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,OPENSSL_FILE,OPENSSL_LINE) +#define CRYPTO_r_lock(type) \ + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) +#define CRYPTO_r_unlock(type) \ + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,OPENSSL_FILE,OPENSSL_LINE) +#define CRYPTO_add(addr,amount,type) \ + CRYPTO_add_lock(addr,amount,type,OPENSSL_FILE,OPENSSL_LINE) +#endif + +/* Some applications as well as some parts of OpenSSL need to allocate + and deallocate locks in a dynamic fashion. The following typedef + makes this possible in a type-safe manner. */ +/* struct CRYPTO_dynlock_value has to be defined by the application. */ +typedef struct { + int references; + struct CRYPTO_dynlock_value *data; +} CRYPTO_dynlock; + + +/* The following can be used to detect memory leaks in the SSLeay library. + * It used, it turns on malloc checking */ + +#define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */ +#define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */ +#define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */ +#define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */ + +/* The following are bit values to turn on or off options connected to the + * malloc checking functionality */ + +/* Adds time to the memory checking information */ +#define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */ +/* Adds thread number to the memory checking information */ +#define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */ + +#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) + + +/* predec of the BIO type */ +typedef struct bio_st BIO_dummy; + +struct crypto_ex_data_st { + void *sk; +}; +DECLARE_STACK_OF(void) + +#define CRYPTO_EX_INDEX_SSL 0 +#define CRYPTO_EX_INDEX_SSL_CTX 1 +#define CRYPTO_EX_INDEX_SSL_SESSION 2 +#define CRYPTO_EX_INDEX_APP 3 +#define CRYPTO_EX_INDEX_BIO 4 +#define CRYPTO_EX_INDEX_DH 5 +#define CRYPTO_EX_INDEX_DSA 6 +#define CRYPTO_EX_INDEX_EC_KEY 7 +#define CRYPTO_EX_INDEX_ENGINE 8 +#define CRYPTO_EX_INDEX_RSA 9 +#define CRYPTO_EX_INDEX_UI 10 +#define CRYPTO_EX_INDEX_UI_METHOD 11 +#define CRYPTO_EX_INDEX_X509 12 +#define CRYPTO_EX_INDEX_X509_STORE 13 +#define CRYPTO_EX_INDEX_X509_STORE_CTX 14 +#define CRYPTO_EX_INDEX__COUNT 15 + +#ifndef LIBRESSL_INTERNAL +#define CRYPTO_malloc_init() (0) +#define CRYPTO_malloc_debug_init() (0) +#endif /* LIBRESSL_INTERNAL */ + +#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD +# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ +# define CRYPTO_MDEBUG +# endif +#endif + +int CRYPTO_mem_ctrl(int mode); + +#define OPENSSL_malloc(num) CRYPTO_malloc((num),OPENSSL_FILE,OPENSSL_LINE) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),OPENSSL_FILE,OPENSSL_LINE) +#define OPENSSL_free(addr) CRYPTO_free((addr),OPENSSL_FILE,OPENSSL_LINE) + +const char *OpenSSL_version(int type); +#define OPENSSL_VERSION 0 +#define OPENSSL_CFLAGS 1 +#define OPENSSL_BUILT_ON 2 +#define OPENSSL_PLATFORM 3 +#define OPENSSL_DIR 4 +#define OPENSSL_ENGINES_DIR 5 +unsigned long OpenSSL_version_num(void); + +const char *SSLeay_version(int type); +unsigned long SSLeay(void); + +/* Within a given class, get/register a new index */ +int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); +/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given + * class (invokes whatever per-class callbacks are applicable) */ +int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, + CRYPTO_EX_DATA *from); +void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); +/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index + * (relative to the class type involved) */ +int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); +/* This function cleans up all "ex_data" state. It mustn't be called under + * potential race-conditions. */ +void CRYPTO_cleanup_all_ex_data(void); + +void CRYPTO_lock(int mode, int type, const char *file, int line); +int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + int line); + +/* Don't use this structure directly. */ +typedef struct crypto_threadid_st CRYPTO_THREADID; + +/* These functions are deprecated no-op stubs */ +void CRYPTO_set_id_callback(unsigned long (*func)(void)); +unsigned long (*CRYPTO_get_id_callback(void))(void); +unsigned long CRYPTO_thread_id(void); + +int CRYPTO_get_new_lockid(char *name); +const char *CRYPTO_get_lock_name(int type); + +int CRYPTO_num_locks(void); +void CRYPTO_set_locking_callback(void (*func)(int mode, int type, + const char *file, int line)); +void (*CRYPTO_get_locking_callback(void))(int mode, int type, + const char *file, int line); +void CRYPTO_set_add_lock_callback(int (*func)(int *num, int mount, int type, + const char *file, int line)); +int (*CRYPTO_get_add_lock_callback(void))(int *num, int mount, int type, + const char *file, int line); + +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); +void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); + +int CRYPTO_get_new_dynlockid(void); +void CRYPTO_destroy_dynlockid(int i); +struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); +void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line)); +void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)); +void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line)); +struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file, int line); +void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line); +void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file, int line); + +int CRYPTO_set_mem_functions(void *(*m)(size_t, const char *, int), + void *(*r)(void *, size_t, const char *, int), + void (*f)(void *, const char *, int)); + +void *CRYPTO_malloc(size_t num, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +void CRYPTO_free(void *ptr, const char *file, int line); + +void OPENSSL_cleanse(void *ptr, size_t len); + +/* + * Because this is a public header, use a portable method of indicating the + * function does not return, rather than __dead. + */ +#ifdef _MSC_VER +__declspec(noreturn) +#else +__attribute__((__noreturn__)) +#endif +void OpenSSLDie(const char *file, int line, const char *assertion); +#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(OPENSSL_FILE, OPENSSL_LINE, #e),1)) + +int FIPS_mode(void); +int FIPS_mode_set(int r); + +void OPENSSL_init(void); + +/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It + * takes an amount of time dependent on |len|, but independent of the contents + * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a + * defined order as the return value when a != b is undefined, other than to be + * non-zero. */ +int CRYPTO_memcmp(const void *a, const void *b, size_t len); + +/* + * OpenSSL compatible OPENSSL_INIT options. + */ + +#define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000001L +#define OPENSSL_INIT_LOAD_CONFIG 0x00000002L + +/* LibreSSL specific */ +#define _OPENSSL_INIT_FLAG_NOOP 0x80000000L + +/* + * These are provided for compatibility, but have no effect + * on how LibreSSL is initialized. + */ +#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ADD_ALL_CIPHERS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ADD_ALL_DIGESTS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ASYNC _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_RDRAND _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_DYNAMIC _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_OPENSSL _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_CRYPTODEV _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_CAPI _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_PADLOCK _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_AFALG _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_reserved_internal _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ATFORK _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_ALL_BUILTIN _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_NO_ATEXIT _OPENSSL_INIT_FLAG_NOOP + +int OPENSSL_init_crypto(uint64_t opts, const void *settings); +void OPENSSL_cleanup(void); + +/* + * CPU capabilities. + */ +#define CRYPTO_CPU_CAPS_ACCELERATED_AES 0x00000001ULL + +uint64_t OPENSSL_cpu_caps(void); + +/* + * OpenSSL helpfully put OPENSSL_gmtime() here because all other time related + * functions are in asn1.h. + */ +struct tm *OPENSSL_gmtime(const time_t *time, struct tm *out_tm); + +void ERR_load_CRYPTO_strings(void); + +/* Error codes for the CRYPTO functions. */ + +/* Function codes. */ +#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 +#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 +#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 +#define CRYPTO_F_CRYPTO_SET_EX_DATA 102 +#define CRYPTO_F_DEF_ADD_INDEX 104 +#define CRYPTO_F_DEF_GET_CLASS 105 +#define CRYPTO_F_FIPS_MODE_SET 109 +#define CRYPTO_F_INT_DUP_EX_DATA 106 +#define CRYPTO_F_INT_FREE_EX_DATA 107 +#define CRYPTO_F_INT_NEW_EX_DATA 108 + +/* Reason codes. */ +#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 +#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/ct.h b/includes/curl/openssl/ct.h new file mode 100644 index 0000000..db5cf28 --- /dev/null +++ b/includes/curl/openssl/ct.h @@ -0,0 +1,567 @@ +/* $OpenBSD: ct.h,v 1.8 2024/08/08 23:50:29 tb Exp $ */ +/* + * Public API for Certificate Transparency (CT). + * Written by Rob Percival (robpercival@google.com) for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2016 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CT_H +#define HEADER_CT_H + +#include + +#ifndef OPENSSL_NO_CT +#include +#include +#include +#ifdef __cplusplus +extern "C" { +#endif + +/* Minimum RSA key size, from RFC6962 */ +#define SCT_MIN_RSA_BITS 2048 + +/* All hashes are SHA256 in v1 of Certificate Transparency */ +#define CT_V1_HASHLEN SHA256_DIGEST_LENGTH + +typedef enum { + CT_LOG_ENTRY_TYPE_NOT_SET = -1, + CT_LOG_ENTRY_TYPE_X509 = 0, + CT_LOG_ENTRY_TYPE_PRECERT = 1 +} ct_log_entry_type_t; + +typedef enum { + SCT_VERSION_NOT_SET = -1, + SCT_VERSION_V1 = 0 +} sct_version_t; + +typedef enum { + SCT_SOURCE_UNKNOWN, + SCT_SOURCE_TLS_EXTENSION, + SCT_SOURCE_X509V3_EXTENSION, + SCT_SOURCE_OCSP_STAPLED_RESPONSE +} sct_source_t; + +typedef enum { + SCT_VALIDATION_STATUS_NOT_SET, + SCT_VALIDATION_STATUS_UNKNOWN_LOG, + SCT_VALIDATION_STATUS_VALID, + SCT_VALIDATION_STATUS_INVALID, + SCT_VALIDATION_STATUS_UNVERIFIED, + SCT_VALIDATION_STATUS_UNKNOWN_VERSION +} sct_validation_status_t; + +DECLARE_STACK_OF(SCT) +DECLARE_STACK_OF(CTLOG) + +/****************************************** + * CT policy evaluation context functions * + ******************************************/ + +/* + * Creates a new, empty policy evaluation context. + * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished + * with the CT_POLICY_EVAL_CTX. + */ +CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void); + +/* Deletes a policy evaluation context and anything it owns. */ +void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx); + +/* Gets the peer certificate that the SCTs are for */ +X509 *CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the certificate associated with the received SCTs. + * Increments the reference count of cert. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert); + +/* Gets the issuer of the aforementioned certificate */ +X509 *CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the issuer of the certificate associated with the received SCTs. + * Increments the reference count of issuer. + * Returns 1 on success, 0 otherwise. + */ +int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer); + +/* Gets the CT logs that are trusted sources of SCTs */ +const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx); + +/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */ +void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx, + CTLOG_STORE *log_store); + +/* + * Gets the time, in milliseconds since the Unix epoch, that will be used as the + * current time when checking whether an SCT was issued in the future. + * Such SCTs will fail validation, as required by RFC6962. + */ +uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx); + +/* + * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch. + * If an SCT's timestamp is after this time, it will be interpreted as having + * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs + * whose timestamp is in the future", so an SCT will not validate in this case. + */ +void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms); + +/***************** + * SCT functions * + *****************/ + +/* + * Creates a new, blank SCT. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new(void); + +/* + * Creates a new SCT from some base64-encoded strings. + * The caller is responsible for calling SCT_free when finished with the SCT. + */ +SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64, + ct_log_entry_type_t entry_type, uint64_t timestamp, + const char *extensions_base64, const char *signature_base64); + +/* + * Frees the SCT and the underlying data structures. + */ +void SCT_free(SCT *sct); + +/* + * Free a stack of SCTs, and the underlying SCTs themselves. + * Intended to be compatible with X509V3_EXT_FREE. + */ +void SCT_LIST_free(STACK_OF(SCT) *a); + +/* + * Returns the version of the SCT. + */ +sct_version_t SCT_get_version(const SCT *sct); + +/* + * Set the version of an SCT. + * Returns 1 on success, 0 if the version is unrecognized. + */ +int SCT_set_version(SCT *sct, sct_version_t version); + +/* + * Returns the log entry type of the SCT. + */ +ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct); + +/* + * Set the log entry type of an SCT. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type); + +/* + * Gets the ID of the log that an SCT came from. + * Ownership of the log ID remains with the SCT. + * Returns the length of the log ID. + */ +size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id); + +/* + * Set the log ID of an SCT to point directly to the *log_id specified. + * The SCT takes ownership of the specified pointer. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len); + +/* + * Set the log ID of an SCT. + * This makes a copy of the log_id. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, + size_t log_id_len); + +/* + * Returns the timestamp for the SCT (epoch time in milliseconds). + */ +uint64_t SCT_get_timestamp(const SCT *sct); + +/* + * Set the timestamp of an SCT (epoch time in milliseconds). + */ +void SCT_set_timestamp(SCT *sct, uint64_t timestamp); + +/* + * Return the NID for the signature used by the SCT. + * For CT v1, this will be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset). + */ +int SCT_get_signature_nid(const SCT *sct); + +/* + * Set the signature type of an SCT + * For CT v1, this should be either NID_sha256WithRSAEncryption or + * NID_ecdsa_with_SHA256. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_signature_nid(SCT *sct, int nid); + +/* + * Set *ext to point to the extension data for the SCT. ext must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext); + +/* + * Set the extensions of an SCT to point directly to the *ext specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len); + +/* + * Set the extensions of an SCT. + * This takes a copy of the ext. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_extensions(SCT *sct, const unsigned char *ext, + size_t ext_len); + +/* + * Set *sig to point to the signature for the SCT. sig must not be NULL. + * The SCT retains ownership of this pointer. + * Returns length of the data pointed to. + */ +size_t SCT_get0_signature(const SCT *sct, unsigned char **sig); + +/* + * Set the signature of an SCT to point directly to the *sig specified. + * The SCT takes ownership of the specified pointer. + */ +void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len); + +/* + * Set the signature of an SCT to be a copy of the *sig specified. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set1_signature(SCT *sct, const unsigned char *sig, + size_t sig_len); + +/* + * The origin of this SCT, e.g. TLS extension, OCSP response, etc. + */ +sct_source_t SCT_get_source(const SCT *sct); + +/* + * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc. + * Returns 1 on success, 0 otherwise. + */ +int SCT_set_source(SCT *sct, sct_source_t source); + +/* + * Returns a text string describing the validation status of |sct|. + */ +const char *SCT_validation_status_string(const SCT *sct); + +/* + * Pretty-prints an |sct| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came + * from, so that the log name can be printed. + */ +void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs); + +/* + * Pretty-prints an |sct_list| to |out|. + * It will be indented by the number of spaces specified by |indent|. + * SCTs will be delimited by |separator|. + * If |logs| is not NULL, it will be used to lookup the CT log that each SCT + * came from, so that the log names can be printed. + */ +void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent, + const char *separator, const CTLOG_STORE *logs); + +/* + * Gets the last result of validating this SCT. + * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET. + */ +sct_validation_status_t SCT_get_validation_status(const SCT *sct); + +/* + * Validates the given SCT with the provided context. + * Sets the "validation_status" field of the SCT. + * Returns 1 if the SCT is valid and the signature verifies. + * Returns 0 if the SCT is invalid or could not be verified. + * Returns -1 if an error occurs. + */ +int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx); + +/* + * Validates the given list of SCTs with the provided context. + * Sets the "validation_status" field of each SCT. + * Returns 1 if there are no invalid SCTs and all signatures verify. + * Returns 0 if at least one SCT is invalid or could not be verified. + * Returns a negative integer if an error occurs. + */ +int SCT_LIST_validate(const STACK_OF(SCT) *scts, + CT_POLICY_EVAL_CTX *ctx); + + +/********************************* + * SCT parsing and serialisation * + *********************************/ + +/* + * Serialize (to TLS format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just return the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Convert TLS format SCT list to a stack of SCTs. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + size_t len); + +/* + * Serialize (to DER format) a stack of SCTs and return the length. + * "a" must not be NULL. + * If "pp" is NULL, just returns the length of what would have been serialized. + * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer + * for data that caller is responsible for freeing (only if function returns + * successfully). + * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring + * that "*pp" is large enough to accept all of the serialized data. + * Returns < 0 on error, >= 0 indicating bytes written (or would have been) + * on success. + */ +int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp); + +/* + * Parses an SCT list in DER format and returns it. + * If "a" or "*a" is NULL, a new stack will be created that the caller is + * responsible for freeing (by calling SCT_LIST_free). + * "**pp" and "*pp" must not be NULL. + * Upon success, "*pp" will point to after the last bytes read, and a stack + * will be returned. + * Upon failure, a NULL pointer will be returned, and the position of "*pp" is + * not defined. + */ +STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp, + long len); + +/* + * Serialize (to TLS format) an |sct| and write it to |out|. + * If |out| is null, no SCT will be output but the length will still be returned. + * If |out| points to a null pointer, a string will be allocated to hold the + * TLS-format SCT. It is the responsibility of the caller to free it. + * If |out| points to an allocated string, the TLS-format SCT will be written + * to it. + * The length of the SCT in TLS format will be returned. + */ +int i2o_SCT(const SCT *sct, unsigned char **out); + +/* + * Parses an SCT in TLS format and returns it. + * If |psct| is not null, it will end up pointing to the parsed SCT. If it + * already points to a non-null pointer, the pointer will be free'd. + * |in| should be a pointer to a string containing the TLS-format SCT. + * |in| will be advanced to the end of the SCT if parsing succeeds. + * |len| should be the length of the SCT in |in|. + * Returns NULL if an error occurs. + * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len' + * fields will be populated (with |in| and |len| respectively). + */ +SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len); + +/******************** + * CT log functions * + ********************/ + +/* + * Creates a new CT log instance with the given |public_key| and |name|. + * Takes ownership of |public_key| but copies |name|. + * Returns NULL if malloc fails or if |public_key| cannot be converted to DER. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name); + +/* + * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER + * in |pkey_base64|. The |name| is a string to help users identify this log. + * Returns 1 on success, 0 on failure. + * Should be deleted by the caller using CTLOG_free when no longer needed. + */ +int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, + const char *name); + +/* + * Deletes a CT log instance and its fields. + */ +void CTLOG_free(CTLOG *log); + +/* Gets the name of the CT log */ +const char *CTLOG_get0_name(const CTLOG *log); +/* Gets the ID of the CT log */ +void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id, + size_t *log_id_len); +/* Gets the public key of the CT log */ +EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log); + +/************************** + * CT log store functions * + **************************/ + +/* + * Creates a new CT log store. + * Should be deleted by the caller using CTLOG_STORE_free when no longer needed. + */ +CTLOG_STORE *CTLOG_STORE_new(void); + +/* + * Deletes a CT log store and all of the CT log instances held within. + */ +void CTLOG_STORE_free(CTLOG_STORE *store); + +/* + * Finds a CT log in the store based on its log ID. + * Returns the CT log, or NULL if no match is found. + */ +const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store, + const uint8_t *log_id, size_t log_id_len); + +/* + * Loads a CT log list into a |store| from a |file|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file); + +/* + * Loads the default CT log list into a |store|. + * Returns 1 if loading is successful, or 0 otherwise. + */ +int CTLOG_STORE_load_default_file(CTLOG_STORE *store); + +int ERR_load_CT_strings(void); + +/* + * CT function codes. + */ +# define CT_F_CTLOG_NEW 117 +# define CT_F_CTLOG_NEW_FROM_BASE64 118 +# define CT_F_CTLOG_NEW_FROM_CONF 119 +# define CT_F_CTLOG_STORE_LOAD_CTX_NEW 122 +# define CT_F_CTLOG_STORE_LOAD_FILE 123 +# define CT_F_CTLOG_STORE_LOAD_LOG 130 +# define CT_F_CTLOG_STORE_NEW 131 +# define CT_F_CT_BASE64_DECODE 124 +# define CT_F_CT_POLICY_EVAL_CTX_NEW 133 +# define CT_F_CT_V1_LOG_ID_FROM_PKEY 125 +# define CT_F_I2O_SCT 107 +# define CT_F_I2O_SCT_LIST 108 +# define CT_F_I2O_SCT_SIGNATURE 109 +# define CT_F_O2I_SCT 110 +# define CT_F_O2I_SCT_LIST 111 +# define CT_F_O2I_SCT_SIGNATURE 112 +# define CT_F_SCT_CTX_NEW 126 +# define CT_F_SCT_CTX_VERIFY 128 +# define CT_F_SCT_NEW 100 +# define CT_F_SCT_NEW_FROM_BASE64 127 +# define CT_F_SCT_SET0_LOG_ID 101 +# define CT_F_SCT_SET1_EXTENSIONS 114 +# define CT_F_SCT_SET1_LOG_ID 115 +# define CT_F_SCT_SET1_SIGNATURE 116 +# define CT_F_SCT_SET_LOG_ENTRY_TYPE 102 +# define CT_F_SCT_SET_SIGNATURE_NID 103 +# define CT_F_SCT_SET_VERSION 104 + +/* + * CT reason codes. + */ +# define CT_R_BASE64_DECODE_ERROR 108 +# define CT_R_INVALID_LOG_ID_LENGTH 100 +# define CT_R_LOG_CONF_INVALID 109 +# define CT_R_LOG_CONF_INVALID_KEY 110 +# define CT_R_LOG_CONF_MISSING_DESCRIPTION 111 +# define CT_R_LOG_CONF_MISSING_KEY 112 +# define CT_R_LOG_KEY_INVALID 113 +# define CT_R_SCT_FUTURE_TIMESTAMP 116 +# define CT_R_SCT_INVALID 104 +# define CT_R_SCT_INVALID_SIGNATURE 107 +# define CT_R_SCT_LIST_INVALID 105 +# define CT_R_SCT_LOG_ID_MISMATCH 114 +# define CT_R_SCT_NOT_SET 106 +# define CT_R_SCT_UNSUPPORTED_VERSION 115 +# define CT_R_UNRECOGNIZED_SIGNATURE_NID 101 +# define CT_R_UNSUPPORTED_ENTRY_TYPE 102 +# define CT_R_UNSUPPORTED_VERSION 103 + +#ifdef __cplusplus +} +#endif +#endif +#endif diff --git a/includes/curl/openssl/curve25519.h b/includes/curl/openssl/curve25519.h new file mode 100644 index 0000000..e42bc22 --- /dev/null +++ b/includes/curl/openssl/curve25519.h @@ -0,0 +1,104 @@ +/* $OpenBSD: curve25519.h,v 1.7 2022/11/13 14:05:04 tb Exp $ */ +/* + * Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_CURVE25519_H +#define HEADER_CURVE25519_H + +#include + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * Curve25519. + * + * Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748. + */ + +/* + * X25519. + * + * X25519 is the Diffie-Hellman primitive built from curve25519. It is + * sometimes referred to as curve25519, but X25519 is a more precise name. + * See http://cr.yp.to/ecdh.html and https://tools.ietf.org/html/rfc7748. + */ + +#define X25519_KEY_LENGTH 32 + +/* + * X25519_keypair sets |out_public_value| and |out_private_key| to a freshly + * generated, public/private key pair. + */ +void X25519_keypair(uint8_t out_public_value[X25519_KEY_LENGTH], + uint8_t out_private_key[X25519_KEY_LENGTH]); + +/* + * X25519 writes a shared key to |out_shared_key| that is calculated from the + * given private key and the peer's public value. It returns one on success and + * zero on error. + * + * Don't use the shared key directly, rather use a KDF and also include the two + * public values as inputs. + */ +int X25519(uint8_t out_shared_key[X25519_KEY_LENGTH], + const uint8_t private_key[X25519_KEY_LENGTH], + const uint8_t peers_public_value[X25519_KEY_LENGTH]); + +/* + * ED25519 + * + * Ed25519 is a signature scheme using a twisted Edwards curve that is + * birationally equivalent to curve25519. + */ + +#define ED25519_PRIVATE_KEY_LENGTH 32 +#define ED25519_PUBLIC_KEY_LENGTH 32 +#define ED25519_SIGNATURE_LENGTH 64 + +/* + * ED25519_keypair sets |out_public_key| and |out_private_key| to a freshly + * generated, public/private key pair. + */ +void ED25519_keypair(uint8_t out_public_key[ED25519_PUBLIC_KEY_LENGTH], + uint8_t out_private_key[ED25519_PRIVATE_KEY_LENGTH]); + +/* + * ED25519_sign sets |out_sig| to be a signature of |message_len| bytes from + * |message| using |public_key| and |private_key|. It returns one on success + * or zero on allocation failure. + */ +int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[ED25519_PUBLIC_KEY_LENGTH], + const uint8_t private_key_seed[ED25519_PRIVATE_KEY_LENGTH]); + +/* + * ED25519_verify returns one iff |signature| is a valid signature by + * |public_key| of |message_len| bytes from |message|. It returns zero + * otherwise. + */ +int ED25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[ED25519_SIGNATURE_LENGTH], + const uint8_t public_key[ED25519_PUBLIC_KEY_LENGTH]); + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* HEADER_CURVE25519_H */ diff --git a/includes/curl/openssl/des.h b/includes/curl/openssl/des.h new file mode 100644 index 0000000..2d957a1 --- /dev/null +++ b/includes/curl/openssl/des.h @@ -0,0 +1,206 @@ +/* $OpenBSD: des.h,v 1.23 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_NEW_DES_H +#define HEADER_NEW_DES_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef unsigned char DES_cblock[8]; +typedef /* const */ unsigned char const_DES_cblock[8]; +/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * + * and const_DES_cblock * are incompatible pointer types. */ + +typedef struct DES_ks { + union { + DES_cblock cblock; + /* make sure things are correct size on machines with + * 8 byte longs */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + +#define DES_KEY_SZ (sizeof(DES_cblock)) +#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) + +#define DES_ENCRYPT 1 +#define DES_DECRYPT 0 + +#define DES_CBC_MODE 0 +#define DES_PCBC_MODE 1 + +#define DES_ecb2_encrypt(i,o,k1,k2,e) \ + DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) + +#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ + DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) + +#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ + DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) + +#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ + DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) + +extern int DES_check_key; /* defaults to false */ + +void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, int enc); +DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, + long length, DES_key_schedule *schedule, + const_DES_cblock *ivec); +/* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ +void DES_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); +void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); +void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + const_DES_cblock *inw, const_DES_cblock *outw, int enc); +void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); +void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc); + +/* This is the DES encryption function that gets called by just about + every other DES routine in the library. You should not use this + function except to implement 'modes' of DES. I say this because the + functions that call this routine do the conversion from 'char *' to + long, and this needs to be done to make sure 'non-aligned' memory + access do not occur. The characters are loaded 'little endian'. + Data is a pointer to 2 unsigned long's and ks is the + DES_key_schedule to use. enc, is non zero specifies encryption, + zero if decryption. */ +void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc); + +/* This functions is the same as DES_encrypt1() except that the DES + initial permutation (IP) and final permutation (FP) have been left + out. As for DES_encrypt1(), you should not use this function. + It is used by the routines in the library that implement triple DES. + IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same + as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */ +void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc); + +void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3); +void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, DES_cblock *ivec, int enc); +void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, + long length, + DES_key_schedule *ks1, DES_key_schedule *ks2, + DES_key_schedule *ks3, + DES_cblock *ivec1, DES_cblock *ivec2, + int enc); +void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num, int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out, + int numbits, long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int enc); +void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, DES_key_schedule *ks1, + DES_key_schedule *ks2, DES_key_schedule *ks3, + DES_cblock *ivec, int *num); +char *DES_fcrypt(const char *buf, const char *salt, char *ret); +char *DES_crypt(const char *buf, const char *salt); +void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, + long length, DES_key_schedule *schedule, DES_cblock *ivec); +void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc); +DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], + long length, int out_count, DES_cblock *seed); +int DES_random_key(DES_cblock *ret); +void DES_set_odd_parity(DES_cblock *key); +int DES_check_key_parity(const_DES_cblock *key); +int DES_is_weak_key(const_DES_cblock *key); +/* DES_set_key (= set_key = DES_key_sched = key_sched) calls + * DES_set_key_checked if global variable DES_check_key is set, + * DES_set_key_unchecked otherwise. */ +int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule); +void DES_string_to_key(const char *str, DES_cblock *key); +void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2); +void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, + DES_key_schedule *schedule, DES_cblock *ivec, int *num, + int enc); +void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, + DES_key_schedule *schedule, DES_cblock *ivec, int *num); + +#define DES_fixup_key_parity DES_set_odd_parity + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/dh.h b/includes/curl/openssl/dh.h new file mode 100644 index 0000000..04bda3f --- /dev/null +++ b/includes/curl/openssl/dh.h @@ -0,0 +1,245 @@ +/* $OpenBSD: dh.h,v 1.38 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_DH_H +#define HEADER_DH_H + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include + +#ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#endif + +#define DH_FLAG_CACHE_MONT_P 0x01 + +/* If this flag is set the DH method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DH_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DH_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef __cplusplus +extern "C" { +#endif + +#define DH_GENERATOR_2 2 +/* #define DH_GENERATOR_3 3 */ +#define DH_GENERATOR_5 5 + +/* DH_check error codes */ +#define DH_CHECK_P_NOT_PRIME 0x01 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +#define DH_UNABLE_TO_CHECK_GENERATOR 0x04 +#define DH_NOT_SUITABLE_GENERATOR 0x08 +#define DH_CHECK_Q_NOT_PRIME 0x10 +#define DH_CHECK_INVALID_Q_VALUE 0x20 +#define DH_CHECK_INVALID_J_VALUE 0x40 + +/* DH_check_pub_key error codes */ +#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 +#define DH_CHECK_PUBKEY_INVALID 0x04 + +/* primes p where (p-1)/2 is prime too are called "safe"; we define + this for backward compatibility: */ +#define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME + +DH *d2i_DHparams_bio(BIO *bp, DH **a); +int i2d_DHparams_bio(BIO *bp, DH *a); +DH *d2i_DHparams_fp(FILE *fp, DH **a); +int i2d_DHparams_fp(FILE *fp, DH *a); + +DH *DHparams_dup(DH *); + +const DH_METHOD *DH_OpenSSL(void); + +void DH_set_default_method(const DH_METHOD *meth); +const DH_METHOD *DH_get_default_method(void); +int DH_set_method(DH *dh, const DH_METHOD *meth); +DH *DH_new_method(ENGINE *engine); + +DH * DH_new(void); +void DH_free(DH *dh); +int DH_up_ref(DH *dh); +int DH_size(const DH *dh); +int DH_bits(const DH *dh); +int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DH_set_ex_data(DH *d, int idx, void *arg); +void *DH_get_ex_data(DH *d, int idx); +int DH_security_bits(const DH *dh); + +ENGINE *DH_get0_engine(DH *d); +void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DH_get0_p(const DH *dh); +const BIGNUM *DH_get0_q(const DH *dh); +const BIGNUM *DH_get0_g(const DH *dh); +const BIGNUM *DH_get0_priv_key(const DH *dh); +const BIGNUM *DH_get0_pub_key(const DH *dh); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +long DH_get_length(const DH *dh); +int DH_set_length(DH *dh, long length); + +/* + * Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8, added to rust-openssl in 2020, + * for "advanced DH support". + */ +DH * DH_generate_parameters(int prime_len,int generator, + void (*callback)(int,int,void *),void *cb_arg); + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); + +int DH_check(const DH *dh,int *codes); +int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); +int DH_generate_key(DH *dh); +int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); +DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); +int i2d_DHparams(const DH *a,unsigned char **pp); +int DHparams_print_fp(FILE *fp, const DH *x); +#ifndef OPENSSL_NO_BIO +int DHparams_print(BIO *bp, const DH *x); +#else +int DHparams_print(char *bp, const DH *x); +#endif + +#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) + + +void ERR_load_DH_strings(void); + +/* Error codes for the DH functions. */ + +/* Function codes. */ +#define DH_F_COMPUTE_KEY 102 +#define DH_F_DHPARAMS_PRINT_FP 101 +#define DH_F_DH_BUILTIN_GENPARAMS 106 +#define DH_F_DH_COMPUTE_KEY 114 +#define DH_F_DH_GENERATE_KEY 115 +#define DH_F_DH_GENERATE_PARAMETERS_EX 116 +#define DH_F_DH_NEW_METHOD 105 +#define DH_F_DH_PARAM_DECODE 107 +#define DH_F_DH_PRIV_DECODE 110 +#define DH_F_DH_PRIV_ENCODE 111 +#define DH_F_DH_PUB_DECODE 108 +#define DH_F_DH_PUB_ENCODE 109 +#define DH_F_DO_DH_PRINT 100 +#define DH_F_GENERATE_KEY 103 +#define DH_F_GENERATE_PARAMETERS 104 +#define DH_F_PKEY_DH_DERIVE 112 +#define DH_F_PKEY_DH_KEYGEN 113 + +/* Reason codes. */ +#define DH_R_BAD_GENERATOR 101 +#define DH_R_BN_DECODE_ERROR 109 +#define DH_R_BN_ERROR 106 +#define DH_R_DECODE_ERROR 104 +#define DH_R_INVALID_PUBKEY 102 +#define DH_R_KEYS_NOT_SET 108 +#define DH_R_KEY_SIZE_TOO_SMALL 110 +#define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_NON_FIPS_METHOD 111 +#define DH_R_NO_PARAMETERS_SET 107 +#define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_PARAMETER_ENCODING_ERROR 105 +#define DH_R_CHECK_INVALID_J_VALUE 115 +#define DH_R_CHECK_INVALID_Q_VALUE 116 +#define DH_R_CHECK_PUBKEY_INVALID 122 +#define DH_R_CHECK_PUBKEY_TOO_LARGE 123 +#define DH_R_CHECK_PUBKEY_TOO_SMALL 124 +#define DH_R_CHECK_P_NOT_PRIME 117 +#define DH_R_CHECK_P_NOT_SAFE_PRIME 118 +#define DH_R_CHECK_Q_NOT_PRIME 119 +#define DH_R_MISSING_PUBKEY 125 +#define DH_R_NOT_SUITABLE_GENERATOR 120 +#define DH_R_UNABLE_TO_CHECK_GENERATOR 121 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/dsa.h b/includes/curl/openssl/dsa.h new file mode 100644 index 0000000..7a8e7fc --- /dev/null +++ b/includes/curl/openssl/dsa.h @@ -0,0 +1,263 @@ +/* $OpenBSD: dsa.h,v 1.48 2025/03/01 11:33:07 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * The DSS routines are based on patches supplied by + * Steven Schoch . He basically did the + * work and I have just tweaked them a little to fit into my + * stylistic vision for SSLeay :-) */ + +#ifndef HEADER_DSA_H +#define HEADER_DSA_H + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#ifndef OPENSSL_NO_DH +# include +#endif + +#include + +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif + +#define DSA_FLAG_CACHE_MONT_P 0x01 + +/* If this flag is set the DSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct DSA_SIG_st DSA_SIG; + +DSA *d2i_DSAparams_bio(BIO *bp, DSA **a); +int i2d_DSAparams_bio(BIO *bp, DSA *a); +DSA *d2i_DSAparams_fp(FILE *fp, DSA **a); +int i2d_DSAparams_fp(FILE *fp, DSA *a); + +DSA *DSAparams_dup(DSA *x); +DSA_SIG * DSA_SIG_new(void); +void DSA_SIG_free(DSA_SIG *a); +int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); +int DSA_do_verify(const unsigned char *dgst,int dgst_len, + DSA_SIG *sig,DSA *dsa); + +const DSA_METHOD *DSA_OpenSSL(void); + +void DSA_set_default_method(const DSA_METHOD *); +const DSA_METHOD *DSA_get_default_method(void); +int DSA_set_method(DSA *dsa, const DSA_METHOD *); + +DSA * DSA_new(void); +DSA * DSA_new_method(ENGINE *engine); +void DSA_free(DSA *r); +/* "up" the DSA object's reference count */ +int DSA_up_ref(DSA *r); +int DSA_size(const DSA *); +int DSA_bits(const DSA *d); + /* next 4 return -1 on error */ +int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); +int DSA_sign(int type,const unsigned char *dgst,int dlen, + unsigned char *sig, unsigned int *siglen, DSA *dsa); +int DSA_verify(int type,const unsigned char *dgst,int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa); +int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int DSA_set_ex_data(DSA *d, int idx, void *arg); +void *DSA_get_ex_data(DSA *d, int idx); +int DSA_security_bits(const DSA *d); + +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +extern const ASN1_ITEM DSAPublicKey_it; + +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +extern const ASN1_ITEM DSAPrivateKey_it; + +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +int i2d_DSAparams(const DSA *a,unsigned char **pp); +extern const ASN1_ITEM DSAparams_it; + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +int DSA_generate_key(DSA *a); + +#ifndef OPENSSL_NO_BIO +int DSAparams_print(BIO *bp, const DSA *x); +int DSA_print(BIO *bp, const DSA *x, int off); +#endif +int DSAparams_print_fp(FILE *fp, const DSA *x); +int DSA_print_fp(FILE *bp, const DSA *x, int off); + +#ifndef OPENSSL_NO_DH +/* Convert DSA structure (key or just parameters) into DH structure + * (be careful to avoid small subgroup attacks when using this!) */ +DH *DSA_dup_DH(const DSA *r); +#endif + +void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +const BIGNUM *DSA_get0_p(const DSA *d); +const BIGNUM *DSA_get0_q(const DSA *d); +const BIGNUM *DSA_get0_g(const DSA *d); +const BIGNUM *DSA_get0_pub_key(const DSA *d); +const BIGNUM *DSA_get0_priv_key(const DSA *d); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +ENGINE *DSA_get0_engine(DSA *d); + +DSA_METHOD *DSA_meth_new(const char *name, int flags); +void DSA_meth_free(DSA_METHOD *meth); +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +const char *DSA_meth_get0_name(const DSA_METHOD *meth); +int DSA_meth_set1_name(DSA_METHOD *meth, const char *name); +int DSA_meth_set_sign(DSA_METHOD *meth, + DSA_SIG *(*sign)(const unsigned char *, int, DSA *)); +int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *)); + +#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) + +#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + +void ERR_load_DSA_strings(void); + +/* Error codes for the DSA functions. */ + +/* Function codes. */ +#define DSA_F_D2I_DSA_SIG 110 +#define DSA_F_DO_DSA_PRINT 104 +#define DSA_F_DSAPARAMS_PRINT 100 +#define DSA_F_DSAPARAMS_PRINT_FP 101 +#define DSA_F_DSA_DO_SIGN 112 +#define DSA_F_DSA_DO_VERIFY 113 +#define DSA_F_DSA_GENERATE_KEY 124 +#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 +#define DSA_F_DSA_NEW_METHOD 103 +#define DSA_F_DSA_PARAM_DECODE 119 +#define DSA_F_DSA_PRINT_FP 105 +#define DSA_F_DSA_PRIV_DECODE 115 +#define DSA_F_DSA_PRIV_ENCODE 116 +#define DSA_F_DSA_PUB_DECODE 117 +#define DSA_F_DSA_PUB_ENCODE 118 +#define DSA_F_DSA_SIGN 106 +#define DSA_F_DSA_SIGN_SETUP 107 +#define DSA_F_DSA_SIG_NEW 109 +#define DSA_F_DSA_SIG_PRINT 125 +#define DSA_F_DSA_VERIFY 108 +#define DSA_F_I2D_DSA_SIG 111 +#define DSA_F_OLD_DSA_PRIV_DECODE 122 +#define DSA_F_PKEY_DSA_CTRL 120 +#define DSA_F_PKEY_DSA_KEYGEN 121 +#define DSA_F_SIG_CB 114 + +/* Reason codes. */ +#define DSA_R_BAD_Q_VALUE 102 +#define DSA_R_BN_DECODE_ERROR 108 +#define DSA_R_BN_ERROR 109 +#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_DECODE_ERROR 104 +#define DSA_R_INVALID_DIGEST_TYPE 106 +#define DSA_R_INVALID_PARAMETERS 112 +#define DSA_R_MISSING_PARAMETERS 101 +#define DSA_R_MODULUS_TOO_LARGE 103 +#define DSA_R_NEED_NEW_SETUP_VALUES 110 +#define DSA_R_NON_FIPS_DSA_METHOD 111 +#define DSA_R_NO_PARAMETERS_SET 107 +#define DSA_R_PARAMETER_ENCODING_ERROR 105 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/dtls1.h b/includes/curl/openssl/dtls1.h new file mode 100644 index 0000000..79542c8 --- /dev/null +++ b/includes/curl/openssl/dtls1.h @@ -0,0 +1,107 @@ +/* $OpenBSD: dtls1.h,v 1.27 2021/05/16 13:56:30 jsing Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DTLS1_H +#define HEADER_DTLS1_H + +#if defined(_WIN32) +#include +#else +#include +#endif + +#include +#include +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define DTLS1_VERSION 0xFEFF +#define DTLS1_2_VERSION 0xFEFD +#define DTLS1_VERSION_MAJOR 0xFE + +/* lengths of messages */ +#define DTLS1_COOKIE_LENGTH 256 + +#define DTLS1_RT_HEADER_LENGTH 13 + +#define DTLS1_HM_HEADER_LENGTH 12 + +#define DTLS1_HM_BAD_FRAGMENT -2 +#define DTLS1_HM_FRAGMENT_RETRY -3 + +#define DTLS1_CCS_HEADER_LENGTH 1 + +#define DTLS1_AL_HEADER_LENGTH 2 + +/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +#define DTLS1_TMO_READ_COUNT 2 +#define DTLS1_TMO_WRITE_COUNT 2 + +#define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/ec.h b/includes/curl/openssl/ec.h new file mode 100644 index 0000000..5438dd8 --- /dev/null +++ b/includes/curl/openssl/ec.h @@ -0,0 +1,675 @@ +/* $OpenBSD: ec.h,v 1.55 2025/03/10 08:38:11 tb Exp $ */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + */ + +#ifndef HEADER_EC_H +#define HEADER_EC_H + +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef OPENSSL_ECC_MAX_FIELD_BITS +#define OPENSSL_ECC_MAX_FIELD_BITS 661 +#endif + +/* Elliptic point conversion form as per X9.62, page 4 and section 4.4.2. */ +typedef enum { + POINT_CONVERSION_COMPRESSED = 2, + POINT_CONVERSION_UNCOMPRESSED = 4, + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; + +typedef struct ec_group_st EC_GROUP; +typedef struct ec_point_st EC_POINT; + +void EC_GROUP_free(EC_GROUP *group); +void EC_GROUP_clear_free(EC_GROUP *group); + +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor); +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); +int EC_GROUP_order_bits(const EC_GROUP *group); +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, + point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx); + +int EC_GROUP_get_degree(const EC_GROUP *group); + +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); + +/* Compare two EC_GROUPs. Returns 0 if both groups are equal, 1 otherwise. */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; + +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +EC_POINT *EC_POINT_new(const EC_GROUP *group); +void EC_POINT_free(EC_POINT *point); +void EC_POINT_clear_free(EC_POINT *point); +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); + +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); + +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); + +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, unsigned char *buf, size_t len, BN_CTX *ctx); +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); + +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, EC_POINT *, + BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, EC_POINT *, + BN_CTX *); + +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx); +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx); +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, + BN_CTX *ctx); +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, + const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +int EC_GROUP_get_basis_type(const EC_GROUP *); + +#define OPENSSL_EC_EXPLICIT_CURVE 0x000 +#define OPENSSL_EC_NAMED_CURVE 0x001 + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +#ifndef OPENSSL_NO_BIO +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +#endif +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + +#define EC_PKEY_NO_PARAMETERS 0x001 +#define EC_PKEY_NO_PUBKEY 0x002 + +#define EC_FLAG_NON_FIPS_ALLOW 0x1 +#define EC_FLAG_FIPS_CHECKED 0x2 +#define EC_FLAG_COFACTOR_ECDH 0x1000 + +EC_KEY *EC_KEY_new(void); +int EC_KEY_get_flags(const EC_KEY *key); +void EC_KEY_set_flags(EC_KEY *key, int flags); +void EC_KEY_clear_flags(EC_KEY *key, int flags); +EC_KEY *EC_KEY_new_by_curve_name(int nid); +void EC_KEY_free(EC_KEY *key); +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); +EC_KEY *EC_KEY_dup(const EC_KEY *src); +int EC_KEY_up_ref(EC_KEY *key); + +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); + +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); +int EC_KEY_generate_key(EC_KEY *key); +int EC_KEY_check_key(const EC_KEY *key); +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +#ifndef OPENSSL_NO_BIO +int ECParameters_print(BIO *bp, const EC_KEY *key); +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); +#endif +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); + +int ECDH_size(const EC_KEY *ecdh); +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +ECDSA_SIG *ECDSA_SIG_new(void); +void ECDSA_SIG_free(ECDSA_SIG *sig); +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); +const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +int ECDSA_size(const EC_KEY *eckey); + +ECDSA_SIG *ECDSA_do_sign(const unsigned char *digest, int digest_len, + EC_KEY *eckey); +int ECDSA_do_verify(const unsigned char *digest, int digest_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +int ECDSA_sign(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, EC_KEY *eckey); +int ECDSA_verify(int type, const unsigned char *digest, int digest_len, + const unsigned char *signature, int signature_len, EC_KEY *eckey); + +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(unsigned char **out, size_t *out_len, const EC_POINT *pub_key, + const EC_KEY *ecdh)); +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *digest, int digest_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)); +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned char *digest, int digest_len, + const unsigned char *signature, int signature_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *digest, int digest_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(unsigned char **out, size_t *out_len, const EC_POINT *pub_key, + const EC_KEY *ecdh)); +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *digest, int digest_len, + unsigned char *signature, unsigned int *signature_len, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *digest, int digest_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)); +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned char *digest, int digest_len, + const unsigned char *signature, int signature_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *digest, int digest_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); + +EC_KEY *ECParameters_dup(EC_KEY *key); + +#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) + +#define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL) + +#define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL) + +#define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL) + +#define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL) + +#define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL) + +#define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md)) + +#define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd)) + +#define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL) + +#define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \ + (void *)(plen)) + +#define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p)) + +#define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \ + EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p)) + +/* SM2 will skip the operation check so no need to pass operation here */ +#define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id)) + +#define EVP_PKEY_CTX_get1_id(ctx, id) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id)) + +#define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \ + EVP_PKEY_CTX_ctrl(ctx, -1, -1, \ + EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len)) + +#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_EC_PARAM_ENC (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_EC_ECDH_COFACTOR (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_EC_KDF_TYPE (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 5) +#define EVP_PKEY_CTRL_GET_EC_KDF_MD (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN (EVP_PKEY_ALG_CTRL + 8) +#define EVP_PKEY_CTRL_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 9) +#define EVP_PKEY_CTRL_GET_EC_KDF_UKM (EVP_PKEY_ALG_CTRL + 10) +#define EVP_PKEY_CTRL_SET1_ID (EVP_PKEY_ALG_CTRL + 11) +#define EVP_PKEY_CTRL_GET1_ID (EVP_PKEY_ALG_CTRL + 12) +#define EVP_PKEY_CTRL_GET1_ID_LEN (EVP_PKEY_ALG_CTRL + 13) + +/* KDF types */ +#define EVP_PKEY_ECDH_KDF_NONE 1 +#define EVP_PKEY_ECDH_KDF_X9_63 2 + +void ERR_load_EC_strings(void); + +/* Error codes for the EC functions. */ + +/* Function codes. */ +#define EC_F_BN_TO_FELEM 224 +#define EC_F_COMPUTE_WNAF 143 +#define EC_F_D2I_ECPARAMETERS 144 +#define EC_F_D2I_ECPKPARAMETERS 145 +#define EC_F_D2I_ECPRIVATEKEY 146 +#define EC_F_DO_EC_KEY_PRINT 221 +#define EC_F_ECKEY_PARAM2TYPE 223 +#define EC_F_ECKEY_PARAM_DECODE 212 +#define EC_F_ECKEY_PRIV_DECODE 213 +#define EC_F_ECKEY_PRIV_ENCODE 214 +#define EC_F_ECKEY_PUB_DECODE 215 +#define EC_F_ECKEY_PUB_ENCODE 216 +#define EC_F_ECKEY_TYPE2PARAM 220 +#define EC_F_ECPARAMETERS_PRINT 147 +#define EC_F_ECPARAMETERS_PRINT_FP 148 +#define EC_F_ECPKPARAMETERS_PRINT 149 +#define EC_F_ECPKPARAMETERS_PRINT_FP 150 +#define EC_F_ECP_NIST_MOD_192 203 +#define EC_F_ECP_NIST_MOD_224 204 +#define EC_F_ECP_NIST_MOD_256 205 +#define EC_F_ECP_NIST_MOD_521 206 +#define EC_F_ECP_NISTZ256_GET_AFFINE 240 +#define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +#define EC_F_ECP_NISTZ256_POINTS_MUL 241 +#define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +#define EC_F_ECP_NISTZ256_SET_WORDS 245 +#define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +#define EC_F_EC_ASN1_GROUP2CURVE 153 +#define EC_F_EC_ASN1_GROUP2FIELDID 154 +#define EC_F_EC_ASN1_GROUP2PARAMETERS 155 +#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 +#define EC_F_EC_ASN1_PARAMETERS2GROUP 157 +#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +#define EC_F_EC_EX_DATA_SET_DATA 211 +#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 +#define EC_F_EC_GFP_MONT_FIELD_DECODE 133 +#define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 +#define EC_F_EC_GFP_MONT_FIELD_MUL 131 +#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 +#define EC_F_EC_GFP_MONT_FIELD_SQR 132 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +#define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +#define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +#define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +#define EC_F_EC_GFP_NIST_FIELD_MUL 200 +#define EC_F_EC_GFP_NIST_FIELD_SQR 201 +#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 +#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 +#define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 +#define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 +#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +#define EC_F_EC_GROUP_CHECK 170 +#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 +#define EC_F_EC_GROUP_COPY 106 +#define EC_F_EC_GROUP_GET0_GENERATOR 139 +#define EC_F_EC_GROUP_GET_COFACTOR 140 +#define EC_F_EC_GROUP_GET_CURVE_GF2M 172 +#define EC_F_EC_GROUP_GET_CURVE_GFP 130 +#define EC_F_EC_GROUP_GET_DEGREE 173 +#define EC_F_EC_GROUP_GET_ORDER 141 +#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 +#define EC_F_EC_GROUP_NEW 108 +#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +#define EC_F_EC_GROUP_NEW_FROM_DATA 175 +#define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 +#define EC_F_EC_GROUP_SET_CURVE_GF2M 176 +#define EC_F_EC_GROUP_SET_CURVE_GFP 109 +#define EC_F_EC_GROUP_SET_EXTRA_DATA 110 +#define EC_F_EC_GROUP_SET_GENERATOR 111 +#define EC_F_EC_KEY_CHECK_KEY 177 +#define EC_F_EC_KEY_COPY 178 +#define EC_F_EC_KEY_GENERATE_KEY 179 +#define EC_F_EC_KEY_NEW 182 +#define EC_F_EC_KEY_PRINT 180 +#define EC_F_EC_KEY_PRINT_FP 181 +#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 +#define EC_F_EC_POINTS_MAKE_AFFINE 136 +#define EC_F_EC_POINT_ADD 112 +#define EC_F_EC_POINT_CMP 113 +#define EC_F_EC_POINT_COPY 114 +#define EC_F_EC_POINT_DBL 115 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 +#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +#define EC_F_EC_POINT_INVERT 210 +#define EC_F_EC_POINT_IS_AT_INFINITY 118 +#define EC_F_EC_POINT_IS_ON_CURVE 119 +#define EC_F_EC_POINT_MAKE_AFFINE 120 +#define EC_F_EC_POINT_MUL 184 +#define EC_F_EC_POINT_NEW 121 +#define EC_F_EC_POINT_OCT2POINT 122 +#define EC_F_EC_POINT_POINT2OCT 123 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 +#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 +#define EC_F_EC_POINT_SET_TO_INFINITY 127 +#define EC_F_EC_PRE_COMP_DUP 207 +#define EC_F_EC_PRE_COMP_NEW 196 +#define EC_F_EC_WNAF_MUL 187 +#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +#define EC_F_I2D_ECPARAMETERS 190 +#define EC_F_I2D_ECPKPARAMETERS 191 +#define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_NISTP224_PRE_COMP_NEW 227 +#define EC_F_NISTP256_PRE_COMP_NEW 236 +#define EC_F_NISTP521_PRE_COMP_NEW 237 +#define EC_F_O2I_ECPUBLICKEY 152 +#define EC_F_OLD_EC_PRIV_DECODE 222 +#define EC_F_PKEY_EC_CTRL 197 +#define EC_F_PKEY_EC_CTRL_STR 198 +#define EC_F_PKEY_EC_DERIVE 217 +#define EC_F_PKEY_EC_KEYGEN 199 +#define EC_F_PKEY_EC_PARAMGEN 219 +#define EC_F_PKEY_EC_SIGN 218 + +/* Reason codes. */ +#define EC_R_ASN1_ERROR 115 +#define EC_R_ASN1_UNKNOWN_FIELD 116 +#define EC_R_BAD_SIGNATURE 166 +#define EC_R_BIGNUM_OUT_OF_RANGE 144 +#define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_COORDINATES_OUT_OF_RANGE 146 +#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +#define EC_R_DECODE_ERROR 142 +#define EC_R_DISCRIMINANT_IS_ZERO 118 +#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_FIELD_TOO_LARGE 143 +#define EC_R_GF2M_NOT_SUPPORTED 147 +#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 +#define EC_R_INCOMPATIBLE_OBJECTS 101 +#define EC_R_INVALID_ARGUMENT 112 +#define EC_R_INVALID_COMPRESSED_POINT 110 +#define EC_R_INVALID_COMPRESSION_BIT 109 +#define EC_R_INVALID_CURVE 141 +#define EC_R_INVALID_DIGEST 151 +#define EC_R_INVALID_DIGEST_TYPE 138 +#define EC_R_INVALID_ENCODING 102 +#define EC_R_INVALID_FIELD 103 +#define EC_R_INVALID_FORM 104 +#define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_KEY 165 +#define EC_R_INVALID_OUTPUT_LENGTH 171 +#define EC_R_INVALID_PEER_KEY 152 +#define EC_R_INVALID_PENTANOMIAL_BASIS 132 +#define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_INVALID_TRINOMIAL_BASIS 137 +#define EC_R_KDF_FAILED 167 +#define EC_R_KDF_PARAMETER_ERROR 148 +#define EC_R_KEY_TRUNCATION 168 +#define EC_R_KEYS_NOT_SET 140 +#define EC_R_MISSING_PARAMETERS 124 +#define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NEED_NEW_SETUP_VALUES 170 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_IMPLEMENTED 126 +#define EC_R_NOT_INITIALIZED 111 +#define EC_R_NO_FIELD_MOD 133 +#define EC_R_NO_PARAMETERS_SET 139 +#define EC_R_PASSED_NULL_PARAMETER 134 +#define EC_R_PEER_KEY_ERROR 149 +#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 +#define EC_R_POINT_AT_INFINITY 106 +#define EC_R_POINT_ARITHMETIC_FAILURE 169 +#define EC_R_POINT_IS_NOT_ON_CURVE 107 +#define EC_R_SHARED_INFO_ERROR 150 +#define EC_R_SLOT_FULL 108 +#define EC_R_UNDEFINED_GENERATOR 113 +#define EC_R_UNDEFINED_ORDER 128 +#define EC_R_UNKNOWN_COFACTOR 164 +#define EC_R_UNKNOWN_GROUP 129 +#define EC_R_UNKNOWN_ORDER 114 +#define EC_R_UNSUPPORTED_FIELD 131 +#define EC_R_WRONG_CURVE_PARAMETERS 145 +#define EC_R_WRONG_ORDER 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/ecdh.h b/includes/curl/openssl/ecdh.h new file mode 100644 index 0000000..0149d5c --- /dev/null +++ b/includes/curl/openssl/ecdh.h @@ -0,0 +1,6 @@ +/* $OpenBSD: ecdh.h,v 1.10 2023/07/28 09:25:12 tb Exp $ */ +/* + * Public domain. + */ + +#include diff --git a/includes/curl/openssl/ecdsa.h b/includes/curl/openssl/ecdsa.h new file mode 100644 index 0000000..9f498eb --- /dev/null +++ b/includes/curl/openssl/ecdsa.h @@ -0,0 +1,6 @@ +/* $OpenBSD: ecdsa.h,v 1.20 2023/07/28 09:16:17 tb Exp $ */ +/* + * Public domain. + */ + +#include diff --git a/includes/curl/openssl/engine.h b/includes/curl/openssl/engine.h new file mode 100644 index 0000000..20398f8 --- /dev/null +++ b/includes/curl/openssl/engine.h @@ -0,0 +1,215 @@ +/* $OpenBSD: engine.h,v 1.44 2024/03/02 10:22:07 tb Exp $ */ +/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_ENGINE_H +#define HEADER_ENGINE_H + +#include + +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define ENGINE_METHOD_RSA (unsigned int)0x0001 +#define ENGINE_METHOD_DSA (unsigned int)0x0002 +#define ENGINE_METHOD_DH (unsigned int)0x0004 +#define ENGINE_METHOD_RAND (unsigned int)0x0008 +#define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 +#define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 +#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +#define ENGINE_METHOD_EC (unsigned int)0x0800 +#define ENGINE_METHOD_ALL (unsigned int)0xFFFF +#define ENGINE_METHOD_NONE (unsigned int)0x0000 + +/* + * Prototypes for the stub functions in engine_stubs.c. They are provided to + * build M2Crypto, Dovecot, apr-utils without patching. + */ +void ENGINE_load_builtin_engines(void); +void ENGINE_load_dynamic(void); +void ENGINE_load_openssl(void); +int ENGINE_register_all_complete(void); + +void ENGINE_cleanup(void); + +ENGINE *ENGINE_new(void); +int ENGINE_free(ENGINE *engine); +int ENGINE_init(ENGINE *engine); +int ENGINE_finish(ENGINE *engine); + +ENGINE *ENGINE_by_id(const char *id); +const char *ENGINE_get_id(const ENGINE *engine); +const char *ENGINE_get_name(const ENGINE *engine); + +int ENGINE_set_default(ENGINE *engine, unsigned int flags); + +ENGINE *ENGINE_get_default_RSA(void); +int ENGINE_set_default_RSA(ENGINE *engine); + +int ENGINE_ctrl_cmd(ENGINE *engine, const char *cmd_name, long i, void *p, + void (*f)(void), int cmd_optional); +int ENGINE_ctrl_cmd_string(ENGINE *engine, const char *cmd, const char *arg, + int cmd_optional); + +EVP_PKEY *ENGINE_load_private_key(ENGINE *engine, const char *key_id, + UI_METHOD *ui_method, void *callback_data); +EVP_PKEY *ENGINE_load_public_key(ENGINE *engine, const char *key_id, + UI_METHOD *ui_method, void *callback_data); + +/* Error codes for the ENGINE functions. */ + +/* Function codes. */ +#define ENGINE_F_DYNAMIC_CTRL 180 +#define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 +#define ENGINE_F_DYNAMIC_LOAD 182 +#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 +#define ENGINE_F_ENGINE_ADD 105 +#define ENGINE_F_ENGINE_BY_ID 106 +#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 +#define ENGINE_F_ENGINE_CTRL 142 +#define ENGINE_F_ENGINE_CTRL_CMD 178 +#define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 +#define ENGINE_F_ENGINE_FINISH 107 +#define ENGINE_F_ENGINE_FREE_UTIL 108 +#define ENGINE_F_ENGINE_GET_CIPHER 185 +#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 +#define ENGINE_F_ENGINE_GET_DIGEST 186 +#define ENGINE_F_ENGINE_GET_NEXT 115 +#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +#define ENGINE_F_ENGINE_GET_PKEY_METH 192 +#define ENGINE_F_ENGINE_GET_PREV 116 +#define ENGINE_F_ENGINE_INIT 119 +#define ENGINE_F_ENGINE_LIST_ADD 120 +#define ENGINE_F_ENGINE_LIST_REMOVE 121 +#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 +#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 +#define ENGINE_F_ENGINE_NEW 122 +#define ENGINE_F_ENGINE_REMOVE 123 +#define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 +#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 +#define ENGINE_F_ENGINE_SET_ID 129 +#define ENGINE_F_ENGINE_SET_NAME 130 +#define ENGINE_F_ENGINE_TABLE_REGISTER 184 +#define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +#define ENGINE_F_ENGINE_UP_REF 190 +#define ENGINE_F_INT_CTRL_HELPER 172 +#define ENGINE_F_INT_ENGINE_CONFIGURE 188 +#define ENGINE_F_INT_ENGINE_MODULE_INIT 187 +#define ENGINE_F_LOG_MESSAGE 141 + +/* Reason codes. */ +#define ENGINE_R_ALREADY_LOADED 100 +#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 +#define ENGINE_R_CMD_NOT_EXECUTABLE 134 +#define ENGINE_R_COMMAND_TAKES_INPUT 135 +#define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 +#define ENGINE_R_CONFLICTING_ENGINE_ID 103 +#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 +#define ENGINE_R_DH_NOT_IMPLEMENTED 139 +#define ENGINE_R_DSA_NOT_IMPLEMENTED 140 +#define ENGINE_R_DSO_FAILURE 104 +#define ENGINE_R_DSO_NOT_FOUND 132 +#define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 +#define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 +#define ENGINE_R_ENGINE_SECTION_ERROR 149 +#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 +#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 +#define ENGINE_R_FINISH_FAILED 106 +#define ENGINE_R_GET_HANDLE_FAILED 107 +#define ENGINE_R_ID_OR_NAME_MISSING 108 +#define ENGINE_R_INIT_FAILED 109 +#define ENGINE_R_INTERNAL_LIST_ERROR 110 +#define ENGINE_R_INVALID_ARGUMENT 143 +#define ENGINE_R_INVALID_CMD_NAME 137 +#define ENGINE_R_INVALID_CMD_NUMBER 138 +#define ENGINE_R_INVALID_INIT_VALUE 151 +#define ENGINE_R_INVALID_STRING 150 +#define ENGINE_R_NOT_INITIALISED 117 +#define ENGINE_R_NOT_LOADED 112 +#define ENGINE_R_NO_CONTROL_FUNCTION 120 +#define ENGINE_R_NO_INDEX 144 +#define ENGINE_R_NO_LOAD_FUNCTION 125 +#define ENGINE_R_NO_REFERENCE 130 +#define ENGINE_R_NO_SUCH_ENGINE 116 +#define ENGINE_R_NO_UNLOAD_FUNCTION 126 +#define ENGINE_R_PROVIDE_PARAMETERS 113 +#define ENGINE_R_RSA_NOT_IMPLEMENTED 141 +#define ENGINE_R_UNIMPLEMENTED_CIPHER 146 +#define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 +#define ENGINE_R_VERSION_INCOMPATIBILITY 145 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/err.h b/includes/curl/openssl/err.h new file mode 100644 index 0000000..fe6c34d --- /dev/null +++ b/includes/curl/openssl/err.h @@ -0,0 +1,396 @@ +/* $OpenBSD: err.h,v 1.36 2025/03/09 15:12:18 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ERR_H +#define HEADER_ERR_H + +#include + +#include +#include + +#include +#ifndef OPENSSL_NO_BIO +#include +#endif +#ifndef OPENSSL_NO_LHASH +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef OPENSSL_NO_FILENAMES +#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) +#else +#define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) +#endif + +#include + +#define ERR_TXT_MALLOCED 0x01 +#define ERR_TXT_STRING 0x02 + +#define ERR_FLAG_MARK 0x01 + +#define ERR_NUM_ERRORS 16 + +/* library */ +#define ERR_LIB_NONE 1 +#define ERR_LIB_SYS 2 +#define ERR_LIB_BN 3 +#define ERR_LIB_RSA 4 +#define ERR_LIB_DH 5 +#define ERR_LIB_EVP 6 +#define ERR_LIB_BUF 7 +#define ERR_LIB_OBJ 8 +#define ERR_LIB_PEM 9 +#define ERR_LIB_DSA 10 +#define ERR_LIB_X509 11 +/* #define ERR_LIB_METH 12 */ +#define ERR_LIB_ASN1 13 +#define ERR_LIB_CONF 14 +#define ERR_LIB_CRYPTO 15 +#define ERR_LIB_EC 16 +#define ERR_LIB_SSL 20 +/* #define ERR_LIB_SSL23 21 */ +/* #define ERR_LIB_SSL2 22 */ +/* #define ERR_LIB_SSL3 23 */ +/* #define ERR_LIB_RSAREF 30 */ +/* #define ERR_LIB_PROXY 31 */ +#define ERR_LIB_BIO 32 +#define ERR_LIB_PKCS7 33 +#define ERR_LIB_X509V3 34 +#define ERR_LIB_PKCS12 35 +#define ERR_LIB_RAND 36 +#define ERR_LIB_DSO 37 +#define ERR_LIB_ENGINE 38 +#define ERR_LIB_OCSP 39 +#define ERR_LIB_UI 40 +#define ERR_LIB_COMP 41 +#define ERR_LIB_ECDSA 42 +#define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 +#define ERR_LIB_FIPS 45 +#define ERR_LIB_CMS 46 +#define ERR_LIB_TS 47 +#define ERR_LIB_HMAC 48 +#define ERR_LIB_JPAKE 49 +#define ERR_LIB_GOST 50 +#define ERR_LIB_CT 51 +#define ERR_LIB_KDF 52 + +#define ERR_LIB_USER 128 + +#ifndef LIBRESSL_INTERNAL +#define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CTerr(f, r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#define KDFerr(f, r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +#endif + +#ifdef LIBRESSL_INTERNAL +#define SYSerror(r) ERR_PUT_error(ERR_LIB_SYS,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define BNerror(r) ERR_PUT_error(ERR_LIB_BN,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define RSAerror(r) ERR_PUT_error(ERR_LIB_RSA,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define DHerror(r) ERR_PUT_error(ERR_LIB_DH,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define EVPerror(r) ERR_PUT_error(ERR_LIB_EVP,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define BUFerror(r) ERR_PUT_error(ERR_LIB_BUF,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define OBJerror(r) ERR_PUT_error(ERR_LIB_OBJ,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define PEMerror(r) ERR_PUT_error(ERR_LIB_PEM,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define DSAerror(r) ERR_PUT_error(ERR_LIB_DSA,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define X509error(r) ERR_PUT_error(ERR_LIB_X509,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ASN1error(r) ERR_PUT_error(ERR_LIB_ASN1,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CONFerror(r) ERR_PUT_error(ERR_LIB_CONF,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CRYPTOerror(r) ERR_PUT_error(ERR_LIB_CRYPTO,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ECerror(r) ERR_PUT_error(ERR_LIB_EC,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define BIOerror(r) ERR_PUT_error(ERR_LIB_BIO,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define PKCS7error(r) ERR_PUT_error(ERR_LIB_PKCS7,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define X509V3error(r) ERR_PUT_error(ERR_LIB_X509V3,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define PKCS12error(r) ERR_PUT_error(ERR_LIB_PKCS12,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define RANDerror(r) ERR_PUT_error(ERR_LIB_RAND,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define DSOerror(r) ERR_PUT_error(ERR_LIB_DSO,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ENGINEerror(r) ERR_PUT_error(ERR_LIB_ENGINE,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define OCSPerror(r) ERR_PUT_error(ERR_LIB_OCSP,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define UIerror(r) ERR_PUT_error(ERR_LIB_UI,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define COMPerror(r) ERR_PUT_error(ERR_LIB_COMP,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ECDSAerror(r) ERR_PUT_error(ERR_LIB_ECDSA,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define ECDHerror(r) ERR_PUT_error(ERR_LIB_ECDH,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define STOREerror(r) ERR_PUT_error(ERR_LIB_STORE,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define FIPSerror(r) ERR_PUT_error(ERR_LIB_FIPS,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CMSerror(r) ERR_PUT_error(ERR_LIB_CMS,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define TSerror(r) ERR_PUT_error(ERR_LIB_TS,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define CTerror(r) ERR_PUT_error(ERR_LIB_CT,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#define KDFerror(r) ERR_PUT_error(ERR_LIB_KDF,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE) +#endif + +#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)<<24L)| \ + ((((unsigned long)f)&0xfffL)<<12L)| \ + ((((unsigned long)r)&0xfffL))) +#define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) +#define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) +#define ERR_GET_REASON(l) (int)((l)&0xfffL) +#define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) + + +/* OS functions */ +#define SYS_F_FOPEN 1 +#define SYS_F_CONNECT 2 +#define SYS_F_GETSERVBYNAME 3 +#define SYS_F_SOCKET 4 +#define SYS_F_IOCTLSOCKET 5 +#define SYS_F_BIND 6 +#define SYS_F_LISTEN 7 +#define SYS_F_ACCEPT 8 +#define SYS_F_WSASTARTUP 9 /* Winsock stuff */ +#define SYS_F_OPENDIR 10 +#define SYS_F_FREAD 11 + + +/* reasons */ +#define ERR_R_SYS_LIB ERR_LIB_SYS /* 2 */ +#define ERR_R_BN_LIB ERR_LIB_BN /* 3 */ +#define ERR_R_RSA_LIB ERR_LIB_RSA /* 4 */ +#define ERR_R_DH_LIB ERR_LIB_DH /* 5 */ +#define ERR_R_EVP_LIB ERR_LIB_EVP /* 6 */ +#define ERR_R_BUF_LIB ERR_LIB_BUF /* 7 */ +#define ERR_R_OBJ_LIB ERR_LIB_OBJ /* 8 */ +#define ERR_R_PEM_LIB ERR_LIB_PEM /* 9 */ +#define ERR_R_DSA_LIB ERR_LIB_DSA /* 10 */ +#define ERR_R_X509_LIB ERR_LIB_X509 /* 11 */ +#define ERR_R_ASN1_LIB ERR_LIB_ASN1 /* 13 */ +#define ERR_R_CONF_LIB ERR_LIB_CONF /* 14 */ +#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO /* 15 */ +#define ERR_R_EC_LIB ERR_LIB_EC /* 16 */ +#define ERR_R_SSL_LIB ERR_LIB_SSL /* 20 */ +#define ERR_R_BIO_LIB ERR_LIB_BIO /* 32 */ +#define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 /* 33 */ +#define ERR_R_X509V3_LIB ERR_LIB_X509V3 /* 34 */ +#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 /* 35 */ +#define ERR_R_RAND_LIB ERR_LIB_RAND /* 36 */ +#define ERR_R_DSO_LIB ERR_LIB_DSO /* 37 */ +#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE /* 38 */ +#define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ +#define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ +#define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ +#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ +#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ +#define ERR_R_TS_LIB ERR_LIB_TS /* 45 */ + +#define ERR_R_NESTED_ASN1_ERROR 58 +#define ERR_R_BAD_ASN1_OBJECT_HEADER 59 +#define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 +#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 +#define ERR_R_ASN1_LENGTH_MISMATCH 62 +#define ERR_R_MISSING_ASN1_EOS 63 + +/* fatal error */ +#define ERR_R_FATAL 64 +#define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) +#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) +#define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) +#define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +#define ERR_R_DISABLED (5|ERR_R_FATAL) +#define ERR_R_INIT_FAIL (6|ERR_R_FATAL) + +/* 99 is the maximum possible ERR_R_... code, higher values + * are reserved for the individual libraries */ + +typedef struct ERR_string_data_st { + unsigned long error; + const char *string; +} ERR_STRING_DATA; + +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); + +unsigned long ERR_get_error(void); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_error(void); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); +unsigned long ERR_peek_last_error(void); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); +void ERR_clear_error(void ); +char *ERR_error_string(unsigned long e, char *buf); +void ERR_error_string_n(unsigned long e, char *buf, size_t len); +const char *ERR_lib_error_string(unsigned long e); +const char *ERR_func_error_string(unsigned long e); +const char *ERR_reason_error_string(unsigned long e); +void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), + void *u); +void ERR_print_errors_fp(FILE *fp); +#ifndef OPENSSL_NO_BIO +void ERR_print_errors(BIO *bp); +#endif +void ERR_asprintf_error_data(char * format, ...); +void ERR_load_strings(int lib, ERR_STRING_DATA *str); +void ERR_unload_strings(int lib, ERR_STRING_DATA *str); +void ERR_load_ERR_strings(void); +void ERR_load_crypto_strings(void); +void ERR_free_strings(void); + +void ERR_remove_thread_state(const CRYPTO_THREADID *tid); +/* Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used in 2023. */ +void ERR_remove_state(unsigned long pid); + +int ERR_get_next_error_library(void); + +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/evp.h b/includes/curl/openssl/evp.h new file mode 100644 index 0000000..c2b81d0 --- /dev/null +++ b/includes/curl/openssl/evp.h @@ -0,0 +1,1292 @@ +/* $OpenBSD: evp.h,v 1.137 2024/08/31 10:38:49 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_ENVELOPE_H +#define HEADER_ENVELOPE_H + +#include + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif + +/* +#define EVP_RC2_KEY_SIZE 16 +#define EVP_RC4_KEY_SIZE 16 +#define EVP_BLOWFISH_KEY_SIZE 16 +#define EVP_CAST5_KEY_SIZE 16 +#define EVP_RC5_32_12_16_KEY_SIZE 16 +*/ +#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ +#define EVP_MAX_KEY_LENGTH 64 +#define EVP_MAX_IV_LENGTH 16 +#define EVP_MAX_BLOCK_LENGTH 32 + +#define PKCS5_SALT_LEN 8 +/* Default PKCS#5 iteration count */ +#define PKCS5_DEFAULT_ITER 2048 + +#include + +#define EVP_PK_RSA 0x0001 +#define EVP_PK_DSA 0x0002 +#define EVP_PK_DH 0x0004 +#define EVP_PK_EC 0x0008 +#define EVP_PKT_SIGN 0x0010 +#define EVP_PKT_ENC 0x0020 +#define EVP_PKT_EXCH 0x0040 +#define EVP_PKS_RSA 0x0100 +#define EVP_PKS_DSA 0x0200 +#define EVP_PKS_EC 0x0400 +#define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA NID_rsaEncryption +#define EVP_PKEY_RSA_PSS NID_rsassaPss +#define EVP_PKEY_RSA2 NID_rsa +#define EVP_PKEY_DSA NID_dsa +#define EVP_PKEY_DSA1 NID_dsa_2 +#define EVP_PKEY_DSA2 NID_dsaWithSHA +#define EVP_PKEY_DSA3 NID_dsaWithSHA1 +#define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 +#define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +#define EVP_PKEY_GOSTR01 NID_id_GostR3410_2001 +#define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC +#define EVP_PKEY_HMAC NID_hmac +#define EVP_PKEY_CMAC NID_cmac +#define EVP_PKEY_HKDF NID_hkdf +#define EVP_PKEY_TLS1_PRF NID_tls1_prf +#define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256 +#define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512 +#define EVP_PKEY_ED25519 NID_ED25519 +#define EVP_PKEY_X25519 NID_X25519 + +#ifdef __cplusplus +extern "C" { +#endif + +#define EVP_PKEY_MO_SIGN 0x0001 +#define EVP_PKEY_MO_VERIFY 0x0002 +#define EVP_PKEY_MO_ENCRYPT 0x0004 +#define EVP_PKEY_MO_DECRYPT 0x0008 + +#ifndef EVP_MD +#define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single + * block */ + +/* DigestAlgorithmIdentifier flags... */ + +#define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +#define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ + +/* Digest ctrls */ + +#define EVP_MD_CTRL_DIGALGID 0x1 +#define EVP_MD_CTRL_MICALG 0x2 +#define EVP_MD_CTRL_SET_KEY 0x3 +#define EVP_MD_CTRL_GOST_SET_SBOX 0x4 + +/* Minimum Algorithm specific ctrl value */ + +#define EVP_MD_CTRL_ALG_CTRL 0x1000 + +#endif /* !EVP_MD */ + +/* values for EVP_MD_CTX flags */ + +#define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called + * once only */ +#define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been + * cleaned */ +#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data + * in EVP_MD_CTX_cleanup */ +/* FIPS and pad options are ignored in 1.0.0, definitions are here + * so we don't accidentally reuse the values for other purposes. + */ + +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest + * in FIPS mode */ + +/* The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ +#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ +#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ + +#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ + +/* Values for cipher flags */ + +/* Modes for ciphers */ + +#define EVP_CIPH_STREAM_CIPHER 0x0 +#define EVP_CIPH_ECB_MODE 0x1 +#define EVP_CIPH_CBC_MODE 0x2 +#define EVP_CIPH_CFB_MODE 0x3 +#define EVP_CIPH_OFB_MODE 0x4 +#define EVP_CIPH_CTR_MODE 0x5 +#define EVP_CIPH_GCM_MODE 0x6 +#define EVP_CIPH_CCM_MODE 0x7 +#define EVP_CIPH_XTS_MODE 0x10001 +#define EVP_CIPH_WRAP_MODE 0x10002 +#define EVP_CIPH_MODE 0xF0007 +/* Set if variable length cipher */ +#define EVP_CIPH_VARIABLE_LENGTH 0x8 +/* Set if the iv handling should be done by the cipher itself */ +#define EVP_CIPH_CUSTOM_IV 0x10 +/* Set if the cipher's init() function should be called if key is NULL */ +#define EVP_CIPH_ALWAYS_CALL_INIT 0x20 +/* Call ctrl() to init cipher parameters */ +#define EVP_CIPH_CTRL_INIT 0x40 +/* Don't use standard block padding */ +#define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +#define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +#define EVP_CIPH_CUSTOM_COPY 0x400 +/* Allow use default ASN1 get/set iv */ +#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* Cipher handles any and all padding logic as well + * as finalisation. + */ +#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 + +/* + * Cipher context flag to indicate that we can handle wrap mode: if allowed in + * older applications, it could overflow buffers. + */ +#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 + +/* ctrl() values */ + +#define EVP_CTRL_INIT 0x0 +#define EVP_CTRL_GET_RC2_KEY_BITS 0x2 +#define EVP_CTRL_SET_RC2_KEY_BITS 0x3 +#define EVP_CTRL_GET_RC5_ROUNDS 0x4 +#define EVP_CTRL_SET_RC5_ROUNDS 0x5 +#define EVP_CTRL_RAND_KEY 0x6 +#define EVP_CTRL_PBE_PRF_NID 0x7 +#define EVP_CTRL_COPY 0x8 +#define EVP_CTRL_AEAD_SET_IVLEN 0x9 +#define EVP_CTRL_AEAD_GET_TAG 0x10 +#define EVP_CTRL_AEAD_SET_TAG 0x11 +#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +#define EVP_CTRL_GCM_IV_GEN 0x13 +#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG +#define EVP_CTRL_CCM_SET_L 0x14 +#define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* AEAD cipher deduces payload length and returns number of bytes + * required to store MAC and eventual padding. Subsequent call to + * EVP_Cipher even appends/verifies MAC. + */ +#define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +#define EVP_CTRL_GCM_SET_IV_INV 0x18 +/* Set the S-BOX NID for GOST ciphers */ +#define EVP_CTRL_GOST_SET_SBOX 0x19 + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +#define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +#define EVP_GCM_TLS_TAG_LEN 16 + +/* CCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +#define EVP_CCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +#define EVP_CCM_TLS_EXPLICIT_IV_LEN 8 +/* Total length of CCM IV length for TLS */ +#define EVP_CCM_TLS_IV_LEN 12 +/* Length of tag for TLS */ +#define EVP_CCM_TLS_TAG_LEN 16 +/* Length of CCM8 tag for TLS */ +#define EVP_CCM8_TLS_TAG_LEN 8 + +/* Length of tag for TLS */ +#define EVP_CHACHAPOLY_TLS_TAG_LEN 16 + +/* XXX - do we want to expose these? */ +#if defined(LIBRESSL_INTERNAL) +#define ED25519_KEYLEN 32 +#define X25519_KEYLEN 32 +#endif + +typedef struct evp_cipher_info_st { + const EVP_CIPHER *cipher; + unsigned char iv[EVP_MAX_IV_LENGTH]; +} EVP_CIPHER_INFO; + +/* Password based encryption function */ +typedef int EVP_PBE_KEYGEN(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); + +#ifndef OPENSSL_NO_RSA +#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ + (char *)(rsa)) +#endif + +#ifndef OPENSSL_NO_DSA +#define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ + (char *)(dsa)) +#endif + +#ifndef OPENSSL_NO_DH +#define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ + (char *)(dh)) +#endif + +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +#endif + +/* Add some extra combinations */ +#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +#define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +#define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) + +int EVP_MD_type(const EVP_MD *md); +#define EVP_MD_nid(e) EVP_MD_type(e) +#define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); + +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); +void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) + +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); +#define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, + unsigned char *iv, size_t len); +int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, + const unsigned char *iv, size_t len); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); +void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx); +void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data); +unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx); +#define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); +#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) + +EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); +EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher); +void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); + +int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); +int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); +int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size); +int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, + int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc)); +int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, + int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl)); +int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, + int (*cleanup)(EVP_CIPHER_CTX *)); +int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher, + int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *)); +int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher, + int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *)); +int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, + int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr)); + +EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *engine, + const unsigned char *private_key, size_t len); +EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *engine, + const unsigned char *public_key, size_t len); +int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, + unsigned char *out_private_key, size_t *out_len); +int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, + unsigned char *out_public_key, size_t *out_len); + +#define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) +#define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) + +#define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +#define EVP_SignInit(a,b) EVP_DigestInit(a,b) +#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) +#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) +#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) +#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) + +#define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) +#define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) +#define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) +#define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) +#define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) + +int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, + unsigned int inl); + +EVP_MD_CTX *EVP_MD_CTX_new(void); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +int EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_create(void); +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); + +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +int EVP_Digest(const void *data, size_t count, unsigned char *md, + unsigned int *size, const EVP_MD *type, ENGINE *impl); + +int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, const unsigned char *iv); +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, const unsigned char *iv); +int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc); +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); + +int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); + +int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, + size_t siglen, const unsigned char *tbs, size_t tbslen); + +int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv); +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, + int npubk); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); + +int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); +int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); + +#ifndef OPENSSL_NO_BIO +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); +#endif + +const EVP_MD *EVP_md_null(void); +#ifndef OPENSSL_NO_MD4 +const EVP_MD *EVP_md4(void); +#endif +#ifndef OPENSSL_NO_MD5 +const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); +#endif +#ifndef OPENSSL_NO_SHA +const EVP_MD *EVP_sha1(void); +#endif +#ifndef OPENSSL_NO_SHA256 +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); +#endif +#ifndef OPENSSL_NO_SHA512 +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +const EVP_MD *EVP_sha512_224(void); +const EVP_MD *EVP_sha512_256(void); +#endif +#ifndef OPENSSL_NO_SHA3 +const EVP_MD *EVP_sha3_224(void); +const EVP_MD *EVP_sha3_256(void); +const EVP_MD *EVP_sha3_384(void); +const EVP_MD *EVP_sha3_512(void); +#endif +#ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); +#endif +#ifndef OPENSSL_NO_RIPEMD +const EVP_MD *EVP_ripemd160(void); +#endif +const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ +#ifndef OPENSSL_NO_DES +const EVP_CIPHER *EVP_des_ecb(void); +const EVP_CIPHER *EVP_des_ede(void); +const EVP_CIPHER *EVP_des_ede3(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); +const EVP_CIPHER *EVP_des_ofb(void); +const EVP_CIPHER *EVP_des_ede_ofb(void); +const EVP_CIPHER *EVP_des_ede3_ofb(void); +const EVP_CIPHER *EVP_des_cbc(void); +const EVP_CIPHER *EVP_des_ede_cbc(void); +const EVP_CIPHER *EVP_des_ede3_cbc(void); +const EVP_CIPHER *EVP_desx_cbc(void); +#endif +#ifndef OPENSSL_NO_RC4 +const EVP_CIPHER *EVP_rc4(void); +const EVP_CIPHER *EVP_rc4_40(void); +#endif +#ifndef OPENSSL_NO_IDEA +const EVP_CIPHER *EVP_idea_ecb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 +const EVP_CIPHER *EVP_idea_ofb(void); +const EVP_CIPHER *EVP_idea_cbc(void); +#endif +#ifndef OPENSSL_NO_RC2 +const EVP_CIPHER *EVP_rc2_ecb(void); +const EVP_CIPHER *EVP_rc2_cbc(void); +const EVP_CIPHER *EVP_rc2_40_cbc(void); +const EVP_CIPHER *EVP_rc2_64_cbc(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 +const EVP_CIPHER *EVP_rc2_ofb(void); +#endif +#ifndef OPENSSL_NO_BF +const EVP_CIPHER *EVP_bf_ecb(void); +const EVP_CIPHER *EVP_bf_cbc(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 +const EVP_CIPHER *EVP_bf_ofb(void); +#endif +#ifndef OPENSSL_NO_CAST +const EVP_CIPHER *EVP_cast5_ecb(void); +const EVP_CIPHER *EVP_cast5_cbc(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 +const EVP_CIPHER *EVP_cast5_ofb(void); +#endif +#ifndef OPENSSL_NO_AES +const EVP_CIPHER *EVP_aes_128_ecb(void); +const EVP_CIPHER *EVP_aes_128_cbc(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 +const EVP_CIPHER *EVP_aes_128_ofb(void); +const EVP_CIPHER *EVP_aes_128_ctr(void); +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_xts(void); +const EVP_CIPHER *EVP_aes_192_ecb(void); +const EVP_CIPHER *EVP_aes_192_cbc(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 +const EVP_CIPHER *EVP_aes_192_ofb(void); +const EVP_CIPHER *EVP_aes_192_ctr(void); +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); +const EVP_CIPHER *EVP_aes_256_ecb(void); +const EVP_CIPHER *EVP_aes_256_cbc(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 +const EVP_CIPHER *EVP_aes_256_ofb(void); +const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +const EVP_CIPHER *EVP_chacha20_poly1305(void); +#endif +#endif +#ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +#endif + +#ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +#endif + +#ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +#define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +#endif + +void OPENSSL_add_all_algorithms_noconf(void); +void OPENSSL_add_all_algorithms_conf(void); + +#ifdef OPENSSL_LOAD_CONF +#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() +#else +#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() +#endif + +void OpenSSL_add_all_ciphers(void); +void OpenSSL_add_all_digests(void); + +#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() +#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() +#define SSLeay_add_all_digests() OpenSSL_add_all_digests() + +const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +const EVP_MD *EVP_get_digestbyname(const char *name); +void EVP_cleanup(void); + +void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, + int enc_key_len, EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, const unsigned char *key, + int key_len, EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); + +#ifndef OPENSSL_NO_RSA +struct rsa_st; +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +#endif +#ifndef OPENSSL_NO_DSA +struct dsa_st; +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); +struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); +#endif +#ifndef OPENSSL_NO_DH +struct dh_st; +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); +struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +#endif +#ifndef OPENSSL_NO_EC +struct ec_key_st; +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); +#endif + +EVP_PKEY *EVP_PKEY_new(void); +void EVP_PKEY_free(EVP_PKEY *pkey); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); + +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); + +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); + +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); + +int EVP_CIPHER_type(const EVP_CIPHER *ctx); + +/* PKCS5 password based encryption */ +int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, + const unsigned char *salt, int saltlen, int iter, int keylen, + unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, + int saltlen, int iter, const EVP_MD *digest, int keylen, + unsigned char *out); + +#define ASN1_PKEY_ALIAS 0x1 +#define ASN1_PKEY_DYNAMIC 0x2 +#define ASN1_PKEY_SIGPARAM_NULL 0x4 + +#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +#define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 +#define ASN1_PKEY_CTRL_CMS_RI_TYPE 0x8 + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags, + const char **pinfo, const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); + +#define EVP_PKEY_OP_UNDEFINED 0 +#define EVP_PKEY_OP_PARAMGEN (1<<1) +#define EVP_PKEY_OP_KEYGEN (1<<2) +#define EVP_PKEY_OP_SIGN (1<<3) +#define EVP_PKEY_OP_VERIFY (1<<4) +#define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +#define EVP_PKEY_OP_SIGNCTX (1<<6) +#define EVP_PKEY_OP_VERIFYCTX (1<<7) +#define EVP_PKEY_OP_ENCRYPT (1<<8) +#define EVP_PKEY_OP_DECRYPT (1<<9) +#define EVP_PKEY_OP_DERIVE (1<<10) + +#define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +#define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +#define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + +#define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +#define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)md) + +#define EVP_PKEY_CTX_get_signature_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd)) + +#define EVP_PKEY_CTRL_MD 1 +#define EVP_PKEY_CTRL_PEER_KEY 2 + +#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +#define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +#define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +#define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +#define EVP_PKEY_CTRL_SET_IV 8 + +#define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +#define EVP_PKEY_CTRL_CMS_DECRYPT 10 +#define EVP_PKEY_CTRL_CMS_SIGN 11 + +#define EVP_PKEY_CTRL_CIPHER 12 + +#define EVP_PKEY_CTRL_GET_MD 13 + +#define EVP_PKEY_ALG_CTRL 0x1000 + + +#define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* Method handles all operations: don't assume any digest related + * defaults. + */ +#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, + int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, + int keylen); +EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, + size_t len, const EVP_CIPHER *cipher); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, + size_t *routlen, const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +/* Authenticated Encryption with Additional Data. + * + * AEAD couples confidentiality and integrity in a single primtive. AEAD + * algorithms take a key and then can seal and open individual messages. Each + * message has a unique, per-message nonce and, optionally, additional data + * which is authenticated but not included in the output. */ + +typedef struct evp_aead_st EVP_AEAD; + +#ifndef OPENSSL_NO_AES +/* EVP_aes_128_gcm is AES-128 in Galois Counter Mode. */ +const EVP_AEAD *EVP_aead_aes_128_gcm(void); +/* EVP_aes_256_gcm is AES-256 in Galois Counter Mode. */ +const EVP_AEAD *EVP_aead_aes_256_gcm(void); +#endif + +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */ +const EVP_AEAD *EVP_aead_chacha20_poly1305(void); +/* EVP_aead_xchacha20_poly1305 is XChaCha20 with a Poly1305 authenticator. */ +const EVP_AEAD *EVP_aead_xchacha20_poly1305(void); +#endif + +/* EVP_AEAD_key_length returns the length of the keys used. */ +size_t EVP_AEAD_key_length(const EVP_AEAD *aead); + +/* EVP_AEAD_nonce_length returns the length of the per-message nonce. */ +size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead); + +/* EVP_AEAD_max_overhead returns the maximum number of additional bytes added + * by the act of sealing data with the AEAD. */ +size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead); + +/* EVP_AEAD_max_tag_len returns the maximum tag length when using this AEAD. + * This * is the largest value that can be passed as a tag length to + * EVP_AEAD_CTX_init. */ +size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead); + +/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key + * and message-independent IV. */ +typedef struct evp_aead_ctx_st EVP_AEAD_CTX; + +/* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD + * defined in this header. */ +#define EVP_AEAD_MAX_TAG_LENGTH 16 + +/* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to + * EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD + * should be used. */ +#define EVP_AEAD_DEFAULT_TAG_LENGTH 0 + +/* EVP_AEAD_CTX_new allocates a new context for use with EVP_AEAD_CTX_init. + * It can be cleaned up for reuse with EVP_AEAD_CTX_cleanup and must be freed + * with EVP_AEAD_CTX_free. */ +EVP_AEAD_CTX *EVP_AEAD_CTX_new(void); + +/* EVP_AEAD_CTX_free releases all memory owned by the context. */ +void EVP_AEAD_CTX_free(EVP_AEAD_CTX *ctx); + +/* EVP_AEAD_CTX_init initializes the context for the given AEAD algorithm. + * The implementation argument may be NULL to choose the default implementation. + * Authentication tags may be truncated by passing a tag length. A tag length + * of zero indicates the default tag length should be used. */ +int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, + const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl); + +/* EVP_AEAD_CTX_cleanup frees any data allocated for this context. */ +void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx); + +/* EVP_AEAD_CTX_seal encrypts and authenticates the input and authenticates + * any additional data (AD), the result being written as output. One is + * returned on success, otherwise zero. + * + * This function may be called (with the same EVP_AEAD_CTX) concurrently with + * itself or EVP_AEAD_CTX_open. + * + * At most max_out_len bytes are written as output and, in order to ensure + * success, this value should be the length of the input plus the result of + * EVP_AEAD_overhead. On successful return, out_len is set to the actual + * number of bytes written. + * + * The length of the nonce is must be equal to the result of + * EVP_AEAD_nonce_length for this AEAD. + * + * EVP_AEAD_CTX_seal never results in a partial output. If max_out_len is + * insufficient, zero will be returned and out_len will be set to zero. + * + * If the input and output are aliased then out must be <= in. */ +int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len); + +/* EVP_AEAD_CTX_open authenticates the input and additional data, decrypting + * the input and writing it as output. One is returned on success, otherwise + * zero. + * + * This function may be called (with the same EVP_AEAD_CTX) concurrently with + * itself or EVP_AEAD_CTX_seal. + * + * At most the number of input bytes are written as output. In order to ensure + * success, max_out_len should be at least the same as the input length. On + * successful return out_len is set to the actual number of bytes written. + * + * The length of nonce must be equal to the result of EVP_AEAD_nonce_length + * for this AEAD. + * + * EVP_AEAD_CTX_open never results in a partial output. If max_out_len is + * insufficient, zero will be returned and out_len will be set to zero. + * + * If the input and output are aliased then out must be <= in. */ +int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len); + +void ERR_load_EVP_strings(void); + +/* Error codes for the EVP functions. */ + +/* Function codes. */ +#define EVP_F_AEAD_AES_GCM_INIT 187 +#define EVP_F_AEAD_AES_GCM_OPEN 188 +#define EVP_F_AEAD_AES_GCM_SEAL 189 +#define EVP_F_AEAD_CHACHA20_POLY1305_INIT 192 +#define EVP_F_AEAD_CHACHA20_POLY1305_OPEN 193 +#define EVP_F_AEAD_CHACHA20_POLY1305_SEAL 194 +#define EVP_F_AEAD_CTX_OPEN 185 +#define EVP_F_AEAD_CTX_SEAL 186 +#define EVP_F_AESNI_INIT_KEY 165 +#define EVP_F_AESNI_XTS_CIPHER 176 +#define EVP_F_AES_INIT_KEY 133 +#define EVP_F_AES_XTS 172 +#define EVP_F_AES_XTS_CIPHER 175 +#define EVP_F_ALG_MODULE_INIT 177 +#define EVP_F_CAMELLIA_INIT_KEY 159 +#define EVP_F_CMAC_INIT 173 +#define EVP_F_D2I_PKEY 100 +#define EVP_F_DO_SIGVER_INIT 161 +#define EVP_F_DSAPKEY2PKCS8 134 +#define EVP_F_DSA_PKEY2PKCS8 135 +#define EVP_F_ECDSA_PKEY2PKCS8 129 +#define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_AEAD_CTX_INIT 180 +#define EVP_F_EVP_AEAD_CTX_OPEN 190 +#define EVP_F_EVP_AEAD_CTX_SEAL 191 +#define EVP_F_EVP_BYTESTOKEY 200 +#define EVP_F_EVP_CIPHERINIT_EX 123 +#define EVP_F_EVP_CIPHER_CTX_COPY 163 +#define EVP_F_EVP_CIPHER_CTX_CTRL 124 +#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 +#define EVP_F_EVP_CIPHER_GET_ASN1_IV 201 +#define EVP_F_EVP_CIPHER_SET_ASN1_IV 202 +#define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DECRYPTUPDATE 199 +#define EVP_F_EVP_DIGESTFINAL_EX 196 +#define EVP_F_EVP_DIGESTINIT_EX 128 +#define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_ENCRYPTUPDATE 198 +#define EVP_F_EVP_MD_CTX_COPY_EX 110 +#define EVP_F_EVP_MD_CTX_CTRL 195 +#define EVP_F_EVP_MD_SIZE 162 +#define EVP_F_EVP_OPENINIT 102 +#define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 +#define EVP_F_EVP_PBE_CIPHERINIT 116 +#define EVP_F_EVP_PKCS82PKEY 111 +#define EVP_F_EVP_PKCS82PKEY_BROKEN 136 +#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 +#define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +#define EVP_F_EVP_PKEY_CTX_CTRL 137 +#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +#define EVP_F_EVP_PKEY_CTX_DUP 156 +#define EVP_F_EVP_PKEY_DECRYPT 104 +#define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +#define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +#define EVP_F_EVP_PKEY_DERIVE 153 +#define EVP_F_EVP_PKEY_DERIVE_INIT 154 +#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 +#define EVP_F_EVP_PKEY_ENCRYPT 105 +#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 +#define EVP_F_EVP_PKEY_GET1_DH 119 +#define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_ECDSA 130 +#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 +#define EVP_F_EVP_PKEY_GET1_RSA 121 +#define EVP_F_EVP_PKEY_KEYGEN 146 +#define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +#define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_PKEY_PARAMGEN 148 +#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +#define EVP_F_EVP_PKEY_SIGN 140 +#define EVP_F_EVP_PKEY_SIGN_INIT 141 +#define EVP_F_EVP_PKEY_VERIFY 142 +#define EVP_F_EVP_PKEY_VERIFY_INIT 143 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 +#define EVP_F_EVP_RIJNDAEL 126 +#define EVP_F_EVP_SIGNFINAL 107 +#define EVP_F_EVP_VERIFYFINAL 108 +#define EVP_F_FIPS_CIPHERINIT 166 +#define EVP_F_FIPS_CIPHER_CTX_COPY 170 +#define EVP_F_FIPS_CIPHER_CTX_CTRL 167 +#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 +#define EVP_F_FIPS_DIGESTINIT 168 +#define EVP_F_FIPS_MD_CTX_COPY 169 +#define EVP_F_HMAC_INIT_EX 174 +#define EVP_F_INT_CTX_NEW 157 +#define EVP_F_PKCS5_PBE_KEYIVGEN 117 +#define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +#define EVP_F_PKCS8_SET_BROKEN 112 +#define EVP_F_PKEY_SET_TYPE 158 +#define EVP_F_RC2_GET_ASN1_TYPE_AND_IV 197 +#define EVP_F_RC2_MAGIC_TO_METH 109 +#define EVP_F_RC5_CTRL 125 + +/* Reason codes. */ +#define EVP_R_AES_IV_SETUP_FAILED 162 +#define EVP_R_AES_KEY_SETUP_FAILED 143 +#define EVP_R_ASN1_LIB 140 +#define EVP_R_BAD_BLOCK_LENGTH 136 +#define EVP_R_BAD_DECRYPT 100 +#define EVP_R_BAD_KEY_LENGTH 137 +#define EVP_R_BN_DECODE_ERROR 112 +#define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_BUFFER_TOO_SMALL 155 +#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +#define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_COMMAND_NOT_SUPPORTED 147 +#define EVP_R_CTRL_NOT_IMPLEMENTED 132 +#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 +#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 +#define EVP_R_DECODE_ERROR 114 +#define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_DIFFERENT_PARAMETERS 153 +#define EVP_R_DISABLED_FOR_FIPS 163 +#define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 165 +#define EVP_R_ERROR_SETTING_FIPS_MODE 166 +#define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +#define EVP_R_EXPECTING_AN_HMAC_KEY 174 +#define EVP_R_EXPECTING_AN_RSA_KEY 127 +#define EVP_R_EXPECTING_A_DH_KEY 128 +#define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_EXPECTING_A_ECDSA_KEY 141 +#define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +#define EVP_R_GET_RAW_KEY_FAILED 182 +#define EVP_R_INITIALIZATION_ERROR 134 +#define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_DIGEST 152 +#define EVP_R_INVALID_FIPS_MODE 168 +#define EVP_R_INVALID_IV_LENGTH 194 +#define EVP_R_INVALID_KEY_LENGTH 130 +#define EVP_R_INVALID_OPERATION 148 +#define EVP_R_IV_TOO_LARGE 102 +#define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_KEY_SETUP_FAILED 180 +#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +#define EVP_R_METHOD_NOT_SUPPORTED 144 +#define EVP_R_MISSING_PARAMETERS 103 +#define EVP_R_NO_CIPHER_SET 131 +#define EVP_R_NO_DEFAULT_DIGEST 158 +#define EVP_R_NO_DIGEST_SET 139 +#define EVP_R_NO_DSA_PARAMETERS 116 +#define EVP_R_NO_KEY_SET 154 +#define EVP_R_NO_OPERATION_SET 149 +#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 +#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_ONLY_ONESHOT_SUPPORTED 177 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +#define EVP_R_OPERATON_NOT_INITIALIZED 151 +#define EVP_R_OUTPUT_ALIASES_INPUT 172 +#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 +#define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_TAG_TOO_LARGE 171 +#define EVP_R_TOO_LARGE 164 +#define EVP_R_UNKNOWN_CIPHER 160 +#define EVP_R_UNKNOWN_DIGEST 161 +#define EVP_R_UNKNOWN_OPTION 169 +#define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 +#define EVP_R_UNSUPPORTED_ALGORITHM 156 +#define EVP_R_UNSUPPORTED_CIPHER 107 +#define EVP_R_UNSUPPORTED_KEYLENGTH 123 +#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 +#define EVP_R_UNSUPPORTED_KEY_SIZE 108 +#define EVP_R_UNSUPPORTED_PRF 125 +#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +#define EVP_R_WRAP_MODE_NOT_ALLOWED 170 +#define EVP_R_UNSUPPORTED_SALT_TYPE 126 +#define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 +#define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/hkdf.h b/includes/curl/openssl/hkdf.h new file mode 100644 index 0000000..6cec526 --- /dev/null +++ b/includes/curl/openssl/hkdf.h @@ -0,0 +1,65 @@ +/* $OpenBSD: hkdf.h,v 1.3 2023/08/11 04:52:08 tb Exp $ */ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_HKDF_H +#define OPENSSL_HEADER_HKDF_H + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * HKDF computes HKDF (as specified by RFC 5869) of initial keying + * material |secret| with |salt| and |info| using |digest|, and + * outputs |out_len| bytes to |out_key|. It returns one on success and + * zero on error. + * + * HKDF is an Extract-and-Expand algorithm. It does not do any key + * stretching, and as such, is not suited to be used alone to generate + * a key from a password. + */ + +int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, + const uint8_t *secret, size_t secret_len, const uint8_t *salt, + size_t salt_len, const uint8_t *info, size_t info_len); + +/* + * HKDF_extract computes a HKDF PRK (as specified by RFC 5869) from + * initial keying material |secret| and salt |salt| using |digest|, + * and outputs |out_len| bytes to |out_key|. The maximum output size + * is |EVP_MAX_MD_SIZE|. It returns one on success and zero on error. + */ +int HKDF_extract(uint8_t *out_key, size_t *out_len, const EVP_MD *digest, + const uint8_t *secret, size_t secret_len, + const uint8_t *salt, size_t salt_len); + +/* + * HKDF_expand computes a HKDF OKM (as specified by RFC 5869) of + * length |out_len| from the PRK |prk| and info |info| using |digest|, + * and outputs the result to |out_key|. It returns one on success and + * zero on error. + */ +int HKDF_expand(uint8_t *out_key, size_t out_len, + const EVP_MD *digest, const uint8_t *prk, size_t prk_len, + const uint8_t *info, size_t info_len); + + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_HKDF_H */ diff --git a/includes/curl/openssl/hmac.h b/includes/curl/openssl/hmac.h new file mode 100644 index 0000000..2216fd9 --- /dev/null +++ b/includes/curl/openssl/hmac.h @@ -0,0 +1,101 @@ +/* $OpenBSD: hmac.h,v 1.21 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#ifndef HEADER_HMAC_H +#define HEADER_HMAC_H + +#include + +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + +#include + +#define HMAC_MAX_MD_CBLOCK 144 /* largest known is SHA3-224 */ + +#ifdef __cplusplus +extern "C" { +#endif + +#define HMAC_size(e) (EVP_MD_size(HMAC_CTX_get_md((e)))) + +HMAC_CTX *HMAC_CTX_new(void); +void HMAC_CTX_free(HMAC_CTX *ctx); +int HMAC_CTX_reset(HMAC_CTX *ctx); + +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, + ENGINE *impl) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, + const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len) + __attribute__ ((__bounded__(__buffer__, 2, 3))) + __attribute__ ((__bounded__(__buffer__, 4, 5))) + __attribute__((__nonnull__ (6))); +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); + +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/idea.h b/includes/curl/openssl/idea.h new file mode 100644 index 0000000..2bdd364 --- /dev/null +++ b/includes/curl/openssl/idea.h @@ -0,0 +1,94 @@ +/* $OpenBSD: idea.h,v 1.13 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_IDEA_H +#define HEADER_IDEA_H + +#include /* IDEA_INT, OPENSSL_NO_IDEA */ + +#define IDEA_ENCRYPT 1 +#define IDEA_DECRYPT 0 + +#define IDEA_BLOCK 8 +#define IDEA_KEY_LENGTH 16 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct idea_key_st { + IDEA_INT data[9][6]; +} IDEA_KEY_SCHEDULE; + +void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks); +void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); +void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int enc); +void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, + int *num, int enc); +void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); +void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/kdf.h b/includes/curl/openssl/kdf.h new file mode 100644 index 0000000..578949c --- /dev/null +++ b/includes/curl/openssl/kdf.h @@ -0,0 +1,137 @@ +/* $OpenBSD: kdf.h,v 1.9 2024/07/09 16:20:17 tb Exp $ */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2016-2018 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_KDF_H +# define HEADER_KDF_H + +#ifdef __cplusplus +extern "C" { +#endif + +# define EVP_PKEY_CTRL_TLS_MD (EVP_PKEY_ALG_CTRL + 0) +# define EVP_PKEY_CTRL_TLS_SECRET (EVP_PKEY_ALG_CTRL + 1) +# define EVP_PKEY_CTRL_TLS_SEED (EVP_PKEY_ALG_CTRL + 2) + +# define EVP_PKEY_CTRL_HKDF_MD (EVP_PKEY_ALG_CTRL + 3) +# define EVP_PKEY_CTRL_HKDF_SALT (EVP_PKEY_ALG_CTRL + 4) +# define EVP_PKEY_CTRL_HKDF_KEY (EVP_PKEY_ALG_CTRL + 5) +# define EVP_PKEY_CTRL_HKDF_INFO (EVP_PKEY_ALG_CTRL + 6) +# define EVP_PKEY_CTRL_HKDF_MODE (EVP_PKEY_ALG_CTRL + 7) + +# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0 +# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1 +# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2 + + +# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec)) + +# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed)) + + +# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)) + +# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)) + +# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)) + +# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)) + +# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \ + EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \ + EVP_PKEY_CTRL_HKDF_MODE, mode, NULL) + +int ERR_load_KDF_strings(void); + +/* + * KDF function codes. + */ +# define KDF_F_PKEY_HKDF_CTRL_STR 103 +# define KDF_F_PKEY_HKDF_DERIVE 102 +# define KDF_F_PKEY_HKDF_INIT 108 +# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 +# define KDF_F_PKEY_TLS1_PRF_DERIVE 101 +# define KDF_F_PKEY_TLS1_PRF_INIT 110 +# define KDF_F_TLS1_PRF_ALG 111 + +/* + * KDF reason codes. + */ +# define KDF_R_INVALID_DIGEST 100 +# define KDF_R_MISSING_KEY 104 +# define KDF_R_MISSING_MESSAGE_DIGEST 105 +# define KDF_R_MISSING_SECRET 107 +# define KDF_R_MISSING_SEED 106 +# define KDF_R_UNKNOWN_PARAMETER_TYPE 103 +# define KDF_R_VALUE_MISSING 102 + +# ifdef __cplusplus +} +# endif +#endif diff --git a/includes/curl/openssl/lhash.h b/includes/curl/openssl/lhash.h new file mode 100644 index 0000000..86d0554 --- /dev/null +++ b/includes/curl/openssl/lhash.h @@ -0,0 +1,179 @@ +/* $OpenBSD: lhash.h,v 1.14 2024/03/02 11:11:11 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* Header for dynamic hash table routines + * Author - Eric Young + */ + +#ifndef HEADER_LHASH_H +#define HEADER_LHASH_H + +#include + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); +typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); + +/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. + * This way, callbacks can be provided to LHASH structures without function + * pointer casting and the macro-defined callbacks provide per-variable casting + * before deferring to the underlying type-specific callbacks. NB: It is + * possible to place a "static" in front of both the DECLARE and IMPLEMENT + * macros if the functions are strictly internal. */ + +/* First: "hash" functions */ +#define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +#define LHASH_HASH_FN(name) name##_LHASH_HASH + +/* Second: "compare" functions */ +#define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +#define LHASH_COMP_FN(name) name##_LHASH_COMP + +/* Third: "doall" functions */ +#define DECLARE_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *); +#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *arg) { \ + o_type *a = arg; \ + name##_doall(a); } +#define LHASH_DOALL_FN(name) name##_LHASH_DOALL + +/* Fourth: "doall_arg" functions */ +#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + +typedef struct lhash_st _LHASH; + +#define LH_LOAD_MULT 256 + +_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); +void lh_free(_LHASH *lh); +int lh_error(_LHASH *lh); +void *lh_insert(_LHASH *lh, void *data); +void *lh_delete(_LHASH *lh, const void *data); +void *lh_retrieve(_LHASH *lh, const void *data); +void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); +void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); +unsigned long lh_strhash(const char *c); +unsigned long lh_num_items(const _LHASH *lh); + +/* Type checking... */ + +#define LHASH_OF(type) struct lhash_st_##type + +#define DECLARE_LHASH_OF(type) LHASH_OF(type) + +#define CHECKED_LHASH_OF(type,lh) \ + ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) + +/* Define wrapper functions. */ +#define LHM_lh_new(type, name) \ + ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) +#define LHM_lh_error(type, lh) \ + lh_error(CHECKED_LHASH_OF(type,lh)) +#define LHM_lh_insert(type, lh, inst) \ + ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_retrieve(type, lh, inst) \ + ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_delete(type, lh, inst) \ + ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) +#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ + lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) +#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) +#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) + +DECLARE_LHASH_OF(OPENSSL_STRING); +DECLARE_LHASH_OF(OPENSSL_CSTRING); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/md4.h b/includes/curl/openssl/md4.h new file mode 100644 index 0000000..d2a107a --- /dev/null +++ b/includes/curl/openssl/md4.h @@ -0,0 +1,105 @@ +/* $OpenBSD: md4.h,v 1.22 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#ifndef HEADER_MD4_H +#define HEADER_MD4_H + +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! MD4_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#define MD4_LONG unsigned int + +#define MD4_CBLOCK 64 +#define MD4_LBLOCK (MD4_CBLOCK/4) +#define MD4_DIGEST_LENGTH 16 + +typedef struct MD4state_st { + MD4_LONG A, B,C, D; + MD4_LONG Nl, Nh; + MD4_LONG data[MD4_LBLOCK]; + unsigned int num; +} MD4_CTX; + +int MD4_Init(MD4_CTX *c); +int MD4_Update(MD4_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int MD4_Final(unsigned char *md, MD4_CTX *c); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +void MD4_Transform(MD4_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/md5.h b/includes/curl/openssl/md5.h new file mode 100644 index 0000000..4d94c84 --- /dev/null +++ b/includes/curl/openssl/md5.h @@ -0,0 +1,99 @@ +/* $OpenBSD: md5.h,v 1.25 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#ifndef HEADER_MD5_H +#define HEADER_MD5_H + +#include + +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#define MD5_LONG unsigned int + +#define MD5_CBLOCK 64 +#define MD5_LBLOCK (MD5_CBLOCK/4) +#define MD5_DIGEST_LENGTH 16 + +typedef struct MD5state_st { + MD5_LONG A, B,C, D; + MD5_LONG Nl, Nh; + MD5_LONG data[MD5_LBLOCK]; + unsigned int num; +} MD5_CTX; + +int MD5_Init(MD5_CTX *c); +int MD5_Update(MD5_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int MD5_Final(unsigned char *md, MD5_CTX *c); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +void MD5_Transform(MD5_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/modes.h b/includes/curl/openssl/modes.h new file mode 100644 index 0000000..53fa9af --- /dev/null +++ b/includes/curl/openssl/modes.h @@ -0,0 +1,118 @@ +/* $OpenBSD: modes.h,v 1.6 2023/07/08 14:55:36 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void (*block128_f)(const unsigned char in[16], + unsigned char out[16], + const void *key); + +typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16], unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key, block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, + const unsigned char *nonce, size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, + const unsigned char *aad, size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, size_t len, int enc); + +#ifdef __cplusplus +} +#endif diff --git a/includes/curl/openssl/obj_mac.h b/includes/curl/openssl/obj_mac.h new file mode 100644 index 0000000..ace77cc --- /dev/null +++ b/includes/curl/openssl/obj_mac.h @@ -0,0 +1,4643 @@ +/* crypto/objects/obj_mac.h */ + +/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the + * following command: + * perl objects.pl objects.txt obj_mac.num obj_mac.h + */ + +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#define SN_undef "UNDEF" +#define LN_undef "undefined" +#define NID_undef 0 +#define OBJ_undef 0L + +#define SN_itu_t "ITU-T" +#define LN_itu_t "itu-t" +#define NID_itu_t 645 +#define OBJ_itu_t 0L + +#define NID_ccitt 404 +#define OBJ_ccitt OBJ_itu_t + +#define SN_iso "ISO" +#define LN_iso "iso" +#define NID_iso 181 +#define OBJ_iso 1L + +#define SN_joint_iso_itu_t "JOINT-ISO-ITU-T" +#define LN_joint_iso_itu_t "joint-iso-itu-t" +#define NID_joint_iso_itu_t 646 +#define OBJ_joint_iso_itu_t 2L + +#define NID_joint_iso_ccitt 393 +#define OBJ_joint_iso_ccitt OBJ_joint_iso_itu_t + +#define SN_member_body "member-body" +#define LN_member_body "ISO Member Body" +#define NID_member_body 182 +#define OBJ_member_body OBJ_iso,2L + +#define SN_identified_organization "identified-organization" +#define NID_identified_organization 676 +#define OBJ_identified_organization OBJ_iso,3L + +#define SN_hmac_md5 "HMAC-MD5" +#define LN_hmac_md5 "hmac-md5" +#define NID_hmac_md5 780 +#define OBJ_hmac_md5 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L + +#define SN_hmac_sha1 "HMAC-SHA1" +#define LN_hmac_sha1 "hmac-sha1" +#define NID_hmac_sha1 781 +#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L + +#define SN_certicom_arc "certicom-arc" +#define NID_certicom_arc 677 +#define OBJ_certicom_arc OBJ_identified_organization,132L + +#define SN_international_organizations "international-organizations" +#define LN_international_organizations "International Organizations" +#define NID_international_organizations 647 +#define OBJ_international_organizations OBJ_joint_iso_itu_t,23L + +#define SN_wap "wap" +#define NID_wap 678 +#define OBJ_wap OBJ_international_organizations,43L + +#define SN_wap_wsg "wap-wsg" +#define NID_wap_wsg 679 +#define OBJ_wap_wsg OBJ_wap,1L + +#define SN_selected_attribute_types "selected-attribute-types" +#define LN_selected_attribute_types "Selected Attribute Types" +#define NID_selected_attribute_types 394 +#define OBJ_selected_attribute_types OBJ_joint_iso_itu_t,5L,1L,5L + +#define SN_clearance "clearance" +#define NID_clearance 395 +#define OBJ_clearance OBJ_selected_attribute_types,55L + +#define SN_ISO_US "ISO-US" +#define LN_ISO_US "ISO US Member Body" +#define NID_ISO_US 183 +#define OBJ_ISO_US OBJ_member_body,840L + +#define SN_X9_57 "X9-57" +#define LN_X9_57 "X9.57" +#define NID_X9_57 184 +#define OBJ_X9_57 OBJ_ISO_US,10040L + +#define SN_X9cm "X9cm" +#define LN_X9cm "X9.57 CM ?" +#define NID_X9cm 185 +#define OBJ_X9cm OBJ_X9_57,4L + +#define SN_dsa "DSA" +#define LN_dsa "dsaEncryption" +#define NID_dsa 116 +#define OBJ_dsa OBJ_X9cm,1L + +#define SN_dsaWithSHA1 "DSA-SHA1" +#define LN_dsaWithSHA1 "dsaWithSHA1" +#define NID_dsaWithSHA1 113 +#define OBJ_dsaWithSHA1 OBJ_X9cm,3L + +#define SN_ansi_X9_62 "ansi-X9-62" +#define LN_ansi_X9_62 "ANSI X9.62" +#define NID_ansi_X9_62 405 +#define OBJ_ansi_X9_62 OBJ_ISO_US,10045L + +#define OBJ_X9_62_id_fieldType OBJ_ansi_X9_62,1L + +#define SN_X9_62_prime_field "prime-field" +#define NID_X9_62_prime_field 406 +#define OBJ_X9_62_prime_field OBJ_X9_62_id_fieldType,1L + +#define SN_X9_62_characteristic_two_field "characteristic-two-field" +#define NID_X9_62_characteristic_two_field 407 +#define OBJ_X9_62_characteristic_two_field OBJ_X9_62_id_fieldType,2L + +#define SN_X9_62_id_characteristic_two_basis "id-characteristic-two-basis" +#define NID_X9_62_id_characteristic_two_basis 680 +#define OBJ_X9_62_id_characteristic_two_basis OBJ_X9_62_characteristic_two_field,3L + +#define SN_X9_62_onBasis "onBasis" +#define NID_X9_62_onBasis 681 +#define OBJ_X9_62_onBasis OBJ_X9_62_id_characteristic_two_basis,1L + +#define SN_X9_62_tpBasis "tpBasis" +#define NID_X9_62_tpBasis 682 +#define OBJ_X9_62_tpBasis OBJ_X9_62_id_characteristic_two_basis,2L + +#define SN_X9_62_ppBasis "ppBasis" +#define NID_X9_62_ppBasis 683 +#define OBJ_X9_62_ppBasis OBJ_X9_62_id_characteristic_two_basis,3L + +#define OBJ_X9_62_id_publicKeyType OBJ_ansi_X9_62,2L + +#define SN_X9_62_id_ecPublicKey "id-ecPublicKey" +#define NID_X9_62_id_ecPublicKey 408 +#define OBJ_X9_62_id_ecPublicKey OBJ_X9_62_id_publicKeyType,1L + +#define OBJ_X9_62_ellipticCurve OBJ_ansi_X9_62,3L + +#define OBJ_X9_62_c_TwoCurve OBJ_X9_62_ellipticCurve,0L + +#define SN_X9_62_c2pnb163v1 "c2pnb163v1" +#define NID_X9_62_c2pnb163v1 684 +#define OBJ_X9_62_c2pnb163v1 OBJ_X9_62_c_TwoCurve,1L + +#define SN_X9_62_c2pnb163v2 "c2pnb163v2" +#define NID_X9_62_c2pnb163v2 685 +#define OBJ_X9_62_c2pnb163v2 OBJ_X9_62_c_TwoCurve,2L + +#define SN_X9_62_c2pnb163v3 "c2pnb163v3" +#define NID_X9_62_c2pnb163v3 686 +#define OBJ_X9_62_c2pnb163v3 OBJ_X9_62_c_TwoCurve,3L + +#define SN_X9_62_c2pnb176v1 "c2pnb176v1" +#define NID_X9_62_c2pnb176v1 687 +#define OBJ_X9_62_c2pnb176v1 OBJ_X9_62_c_TwoCurve,4L + +#define SN_X9_62_c2tnb191v1 "c2tnb191v1" +#define NID_X9_62_c2tnb191v1 688 +#define OBJ_X9_62_c2tnb191v1 OBJ_X9_62_c_TwoCurve,5L + +#define SN_X9_62_c2tnb191v2 "c2tnb191v2" +#define NID_X9_62_c2tnb191v2 689 +#define OBJ_X9_62_c2tnb191v2 OBJ_X9_62_c_TwoCurve,6L + +#define SN_X9_62_c2tnb191v3 "c2tnb191v3" +#define NID_X9_62_c2tnb191v3 690 +#define OBJ_X9_62_c2tnb191v3 OBJ_X9_62_c_TwoCurve,7L + +#define SN_X9_62_c2onb191v4 "c2onb191v4" +#define NID_X9_62_c2onb191v4 691 +#define OBJ_X9_62_c2onb191v4 OBJ_X9_62_c_TwoCurve,8L + +#define SN_X9_62_c2onb191v5 "c2onb191v5" +#define NID_X9_62_c2onb191v5 692 +#define OBJ_X9_62_c2onb191v5 OBJ_X9_62_c_TwoCurve,9L + +#define SN_X9_62_c2pnb208w1 "c2pnb208w1" +#define NID_X9_62_c2pnb208w1 693 +#define OBJ_X9_62_c2pnb208w1 OBJ_X9_62_c_TwoCurve,10L + +#define SN_X9_62_c2tnb239v1 "c2tnb239v1" +#define NID_X9_62_c2tnb239v1 694 +#define OBJ_X9_62_c2tnb239v1 OBJ_X9_62_c_TwoCurve,11L + +#define SN_X9_62_c2tnb239v2 "c2tnb239v2" +#define NID_X9_62_c2tnb239v2 695 +#define OBJ_X9_62_c2tnb239v2 OBJ_X9_62_c_TwoCurve,12L + +#define SN_X9_62_c2tnb239v3 "c2tnb239v3" +#define NID_X9_62_c2tnb239v3 696 +#define OBJ_X9_62_c2tnb239v3 OBJ_X9_62_c_TwoCurve,13L + +#define SN_X9_62_c2onb239v4 "c2onb239v4" +#define NID_X9_62_c2onb239v4 697 +#define OBJ_X9_62_c2onb239v4 OBJ_X9_62_c_TwoCurve,14L + +#define SN_X9_62_c2onb239v5 "c2onb239v5" +#define NID_X9_62_c2onb239v5 698 +#define OBJ_X9_62_c2onb239v5 OBJ_X9_62_c_TwoCurve,15L + +#define SN_X9_62_c2pnb272w1 "c2pnb272w1" +#define NID_X9_62_c2pnb272w1 699 +#define OBJ_X9_62_c2pnb272w1 OBJ_X9_62_c_TwoCurve,16L + +#define SN_X9_62_c2pnb304w1 "c2pnb304w1" +#define NID_X9_62_c2pnb304w1 700 +#define OBJ_X9_62_c2pnb304w1 OBJ_X9_62_c_TwoCurve,17L + +#define SN_X9_62_c2tnb359v1 "c2tnb359v1" +#define NID_X9_62_c2tnb359v1 701 +#define OBJ_X9_62_c2tnb359v1 OBJ_X9_62_c_TwoCurve,18L + +#define SN_X9_62_c2pnb368w1 "c2pnb368w1" +#define NID_X9_62_c2pnb368w1 702 +#define OBJ_X9_62_c2pnb368w1 OBJ_X9_62_c_TwoCurve,19L + +#define SN_X9_62_c2tnb431r1 "c2tnb431r1" +#define NID_X9_62_c2tnb431r1 703 +#define OBJ_X9_62_c2tnb431r1 OBJ_X9_62_c_TwoCurve,20L + +#define OBJ_X9_62_primeCurve OBJ_X9_62_ellipticCurve,1L + +#define SN_X9_62_prime192v1 "prime192v1" +#define NID_X9_62_prime192v1 409 +#define OBJ_X9_62_prime192v1 OBJ_X9_62_primeCurve,1L + +#define SN_X9_62_prime192v2 "prime192v2" +#define NID_X9_62_prime192v2 410 +#define OBJ_X9_62_prime192v2 OBJ_X9_62_primeCurve,2L + +#define SN_X9_62_prime192v3 "prime192v3" +#define NID_X9_62_prime192v3 411 +#define OBJ_X9_62_prime192v3 OBJ_X9_62_primeCurve,3L + +#define SN_X9_62_prime239v1 "prime239v1" +#define NID_X9_62_prime239v1 412 +#define OBJ_X9_62_prime239v1 OBJ_X9_62_primeCurve,4L + +#define SN_X9_62_prime239v2 "prime239v2" +#define NID_X9_62_prime239v2 413 +#define OBJ_X9_62_prime239v2 OBJ_X9_62_primeCurve,5L + +#define SN_X9_62_prime239v3 "prime239v3" +#define NID_X9_62_prime239v3 414 +#define OBJ_X9_62_prime239v3 OBJ_X9_62_primeCurve,6L + +#define SN_X9_62_prime256v1 "prime256v1" +#define NID_X9_62_prime256v1 415 +#define OBJ_X9_62_prime256v1 OBJ_X9_62_primeCurve,7L + +#define OBJ_X9_62_id_ecSigType OBJ_ansi_X9_62,4L + +#define SN_ecdsa_with_SHA1 "ecdsa-with-SHA1" +#define NID_ecdsa_with_SHA1 416 +#define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L + +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 791 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 792 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 793 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 794 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 795 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 796 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + +#define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L + +#define SN_secp112r1 "secp112r1" +#define NID_secp112r1 704 +#define OBJ_secp112r1 OBJ_secg_ellipticCurve,6L + +#define SN_secp112r2 "secp112r2" +#define NID_secp112r2 705 +#define OBJ_secp112r2 OBJ_secg_ellipticCurve,7L + +#define SN_secp128r1 "secp128r1" +#define NID_secp128r1 706 +#define OBJ_secp128r1 OBJ_secg_ellipticCurve,28L + +#define SN_secp128r2 "secp128r2" +#define NID_secp128r2 707 +#define OBJ_secp128r2 OBJ_secg_ellipticCurve,29L + +#define SN_secp160k1 "secp160k1" +#define NID_secp160k1 708 +#define OBJ_secp160k1 OBJ_secg_ellipticCurve,9L + +#define SN_secp160r1 "secp160r1" +#define NID_secp160r1 709 +#define OBJ_secp160r1 OBJ_secg_ellipticCurve,8L + +#define SN_secp160r2 "secp160r2" +#define NID_secp160r2 710 +#define OBJ_secp160r2 OBJ_secg_ellipticCurve,30L + +#define SN_secp192k1 "secp192k1" +#define NID_secp192k1 711 +#define OBJ_secp192k1 OBJ_secg_ellipticCurve,31L + +#define SN_secp224k1 "secp224k1" +#define NID_secp224k1 712 +#define OBJ_secp224k1 OBJ_secg_ellipticCurve,32L + +#define SN_secp224r1 "secp224r1" +#define NID_secp224r1 713 +#define OBJ_secp224r1 OBJ_secg_ellipticCurve,33L + +#define SN_secp256k1 "secp256k1" +#define NID_secp256k1 714 +#define OBJ_secp256k1 OBJ_secg_ellipticCurve,10L + +#define SN_secp384r1 "secp384r1" +#define NID_secp384r1 715 +#define OBJ_secp384r1 OBJ_secg_ellipticCurve,34L + +#define SN_secp521r1 "secp521r1" +#define NID_secp521r1 716 +#define OBJ_secp521r1 OBJ_secg_ellipticCurve,35L + +#define SN_sect113r1 "sect113r1" +#define NID_sect113r1 717 +#define OBJ_sect113r1 OBJ_secg_ellipticCurve,4L + +#define SN_sect113r2 "sect113r2" +#define NID_sect113r2 718 +#define OBJ_sect113r2 OBJ_secg_ellipticCurve,5L + +#define SN_sect131r1 "sect131r1" +#define NID_sect131r1 719 +#define OBJ_sect131r1 OBJ_secg_ellipticCurve,22L + +#define SN_sect131r2 "sect131r2" +#define NID_sect131r2 720 +#define OBJ_sect131r2 OBJ_secg_ellipticCurve,23L + +#define SN_sect163k1 "sect163k1" +#define NID_sect163k1 721 +#define OBJ_sect163k1 OBJ_secg_ellipticCurve,1L + +#define SN_sect163r1 "sect163r1" +#define NID_sect163r1 722 +#define OBJ_sect163r1 OBJ_secg_ellipticCurve,2L + +#define SN_sect163r2 "sect163r2" +#define NID_sect163r2 723 +#define OBJ_sect163r2 OBJ_secg_ellipticCurve,15L + +#define SN_sect193r1 "sect193r1" +#define NID_sect193r1 724 +#define OBJ_sect193r1 OBJ_secg_ellipticCurve,24L + +#define SN_sect193r2 "sect193r2" +#define NID_sect193r2 725 +#define OBJ_sect193r2 OBJ_secg_ellipticCurve,25L + +#define SN_sect233k1 "sect233k1" +#define NID_sect233k1 726 +#define OBJ_sect233k1 OBJ_secg_ellipticCurve,26L + +#define SN_sect233r1 "sect233r1" +#define NID_sect233r1 727 +#define OBJ_sect233r1 OBJ_secg_ellipticCurve,27L + +#define SN_sect239k1 "sect239k1" +#define NID_sect239k1 728 +#define OBJ_sect239k1 OBJ_secg_ellipticCurve,3L + +#define SN_sect283k1 "sect283k1" +#define NID_sect283k1 729 +#define OBJ_sect283k1 OBJ_secg_ellipticCurve,16L + +#define SN_sect283r1 "sect283r1" +#define NID_sect283r1 730 +#define OBJ_sect283r1 OBJ_secg_ellipticCurve,17L + +#define SN_sect409k1 "sect409k1" +#define NID_sect409k1 731 +#define OBJ_sect409k1 OBJ_secg_ellipticCurve,36L + +#define SN_sect409r1 "sect409r1" +#define NID_sect409r1 732 +#define OBJ_sect409r1 OBJ_secg_ellipticCurve,37L + +#define SN_sect571k1 "sect571k1" +#define NID_sect571k1 733 +#define OBJ_sect571k1 OBJ_secg_ellipticCurve,38L + +#define SN_sect571r1 "sect571r1" +#define NID_sect571r1 734 +#define OBJ_sect571r1 OBJ_secg_ellipticCurve,39L + +#define OBJ_wap_wsg_idm_ecid OBJ_wap_wsg,4L + +#define SN_wap_wsg_idm_ecid_wtls1 "wap-wsg-idm-ecid-wtls1" +#define NID_wap_wsg_idm_ecid_wtls1 735 +#define OBJ_wap_wsg_idm_ecid_wtls1 OBJ_wap_wsg_idm_ecid,1L + +#define SN_wap_wsg_idm_ecid_wtls3 "wap-wsg-idm-ecid-wtls3" +#define NID_wap_wsg_idm_ecid_wtls3 736 +#define OBJ_wap_wsg_idm_ecid_wtls3 OBJ_wap_wsg_idm_ecid,3L + +#define SN_wap_wsg_idm_ecid_wtls4 "wap-wsg-idm-ecid-wtls4" +#define NID_wap_wsg_idm_ecid_wtls4 737 +#define OBJ_wap_wsg_idm_ecid_wtls4 OBJ_wap_wsg_idm_ecid,4L + +#define SN_wap_wsg_idm_ecid_wtls5 "wap-wsg-idm-ecid-wtls5" +#define NID_wap_wsg_idm_ecid_wtls5 738 +#define OBJ_wap_wsg_idm_ecid_wtls5 OBJ_wap_wsg_idm_ecid,5L + +#define SN_wap_wsg_idm_ecid_wtls6 "wap-wsg-idm-ecid-wtls6" +#define NID_wap_wsg_idm_ecid_wtls6 739 +#define OBJ_wap_wsg_idm_ecid_wtls6 OBJ_wap_wsg_idm_ecid,6L + +#define SN_wap_wsg_idm_ecid_wtls7 "wap-wsg-idm-ecid-wtls7" +#define NID_wap_wsg_idm_ecid_wtls7 740 +#define OBJ_wap_wsg_idm_ecid_wtls7 OBJ_wap_wsg_idm_ecid,7L + +#define SN_wap_wsg_idm_ecid_wtls8 "wap-wsg-idm-ecid-wtls8" +#define NID_wap_wsg_idm_ecid_wtls8 741 +#define OBJ_wap_wsg_idm_ecid_wtls8 OBJ_wap_wsg_idm_ecid,8L + +#define SN_wap_wsg_idm_ecid_wtls9 "wap-wsg-idm-ecid-wtls9" +#define NID_wap_wsg_idm_ecid_wtls9 742 +#define OBJ_wap_wsg_idm_ecid_wtls9 OBJ_wap_wsg_idm_ecid,9L + +#define SN_wap_wsg_idm_ecid_wtls10 "wap-wsg-idm-ecid-wtls10" +#define NID_wap_wsg_idm_ecid_wtls10 743 +#define OBJ_wap_wsg_idm_ecid_wtls10 OBJ_wap_wsg_idm_ecid,10L + +#define SN_wap_wsg_idm_ecid_wtls11 "wap-wsg-idm-ecid-wtls11" +#define NID_wap_wsg_idm_ecid_wtls11 744 +#define OBJ_wap_wsg_idm_ecid_wtls11 OBJ_wap_wsg_idm_ecid,11L + +#define SN_wap_wsg_idm_ecid_wtls12 "wap-wsg-idm-ecid-wtls12" +#define NID_wap_wsg_idm_ecid_wtls12 745 +#define OBJ_wap_wsg_idm_ecid_wtls12 OBJ_wap_wsg_idm_ecid,12L + +#define SN_cast5_cbc "CAST5-CBC" +#define LN_cast5_cbc "cast5-cbc" +#define NID_cast5_cbc 108 +#define OBJ_cast5_cbc OBJ_ISO_US,113533L,7L,66L,10L + +#define SN_cast5_ecb "CAST5-ECB" +#define LN_cast5_ecb "cast5-ecb" +#define NID_cast5_ecb 109 + +#define SN_cast5_cfb64 "CAST5-CFB" +#define LN_cast5_cfb64 "cast5-cfb" +#define NID_cast5_cfb64 110 + +#define SN_cast5_ofb64 "CAST5-OFB" +#define LN_cast5_ofb64 "cast5-ofb" +#define NID_cast5_ofb64 111 + +#define LN_pbeWithMD5AndCast5_CBC "pbeWithMD5AndCast5CBC" +#define NID_pbeWithMD5AndCast5_CBC 112 +#define OBJ_pbeWithMD5AndCast5_CBC OBJ_ISO_US,113533L,7L,66L,12L + +#define SN_id_PasswordBasedMAC "id-PasswordBasedMAC" +#define LN_id_PasswordBasedMAC "password based MAC" +#define NID_id_PasswordBasedMAC 782 +#define OBJ_id_PasswordBasedMAC OBJ_ISO_US,113533L,7L,66L,13L + +#define SN_id_DHBasedMac "id-DHBasedMac" +#define LN_id_DHBasedMac "Diffie-Hellman based MAC" +#define NID_id_DHBasedMac 783 +#define OBJ_id_DHBasedMac OBJ_ISO_US,113533L,7L,66L,30L + +#define SN_rsadsi "rsadsi" +#define LN_rsadsi "RSA Data Security, Inc." +#define NID_rsadsi 1 +#define OBJ_rsadsi OBJ_ISO_US,113549L + +#define SN_pkcs "pkcs" +#define LN_pkcs "RSA Data Security, Inc. PKCS" +#define NID_pkcs 2 +#define OBJ_pkcs OBJ_rsadsi,1L + +#define SN_pkcs1 "pkcs1" +#define NID_pkcs1 186 +#define OBJ_pkcs1 OBJ_pkcs,1L + +#define LN_rsaEncryption "rsaEncryption" +#define NID_rsaEncryption 6 +#define OBJ_rsaEncryption OBJ_pkcs1,1L + +#define SN_md2WithRSAEncryption "RSA-MD2" +#define LN_md2WithRSAEncryption "md2WithRSAEncryption" +#define NID_md2WithRSAEncryption 7 +#define OBJ_md2WithRSAEncryption OBJ_pkcs1,2L + +#define SN_md4WithRSAEncryption "RSA-MD4" +#define LN_md4WithRSAEncryption "md4WithRSAEncryption" +#define NID_md4WithRSAEncryption 396 +#define OBJ_md4WithRSAEncryption OBJ_pkcs1,3L + +#define SN_md5WithRSAEncryption "RSA-MD5" +#define LN_md5WithRSAEncryption "md5WithRSAEncryption" +#define NID_md5WithRSAEncryption 8 +#define OBJ_md5WithRSAEncryption OBJ_pkcs1,4L + +#define SN_sha1WithRSAEncryption "RSA-SHA1" +#define LN_sha1WithRSAEncryption "sha1WithRSAEncryption" +#define NID_sha1WithRSAEncryption 65 +#define OBJ_sha1WithRSAEncryption OBJ_pkcs1,5L + +#define SN_rsaesOaep "RSAES-OAEP" +#define LN_rsaesOaep "rsaesOaep" +#define NID_rsaesOaep 919 +#define OBJ_rsaesOaep OBJ_pkcs1,7L + +#define SN_mgf1 "MGF1" +#define LN_mgf1 "mgf1" +#define NID_mgf1 911 +#define OBJ_mgf1 OBJ_pkcs1,8L + +#define SN_pSpecified "PSPECIFIED" +#define LN_pSpecified "pSpecified" +#define NID_pSpecified 992 +#define OBJ_pSpecified OBJ_pkcs1,9L + +#define SN_rsassaPss "RSASSA-PSS" +#define LN_rsassaPss "rsassaPss" +#define NID_rsassaPss 912 +#define OBJ_rsassaPss OBJ_pkcs1,10L + +#define SN_sha256WithRSAEncryption "RSA-SHA256" +#define LN_sha256WithRSAEncryption "sha256WithRSAEncryption" +#define NID_sha256WithRSAEncryption 668 +#define OBJ_sha256WithRSAEncryption OBJ_pkcs1,11L + +#define SN_sha384WithRSAEncryption "RSA-SHA384" +#define LN_sha384WithRSAEncryption "sha384WithRSAEncryption" +#define NID_sha384WithRSAEncryption 669 +#define OBJ_sha384WithRSAEncryption OBJ_pkcs1,12L + +#define SN_sha512WithRSAEncryption "RSA-SHA512" +#define LN_sha512WithRSAEncryption "sha512WithRSAEncryption" +#define NID_sha512WithRSAEncryption 670 +#define OBJ_sha512WithRSAEncryption OBJ_pkcs1,13L + +#define SN_sha224WithRSAEncryption "RSA-SHA224" +#define LN_sha224WithRSAEncryption "sha224WithRSAEncryption" +#define NID_sha224WithRSAEncryption 671 +#define OBJ_sha224WithRSAEncryption OBJ_pkcs1,14L + +#define SN_sha512_224WithRSAEncryption "RSA-SHA512/224" +#define LN_sha512_224WithRSAEncryption "sha512-224WithRSAEncryption" +#define NID_sha512_224WithRSAEncryption 1025 +#define OBJ_sha512_224WithRSAEncryption OBJ_pkcs1,15L + +#define SN_sha512_256WithRSAEncryption "RSA-SHA512/256" +#define LN_sha512_256WithRSAEncryption "sha512-256WithRSAEncryption" +#define NID_sha512_256WithRSAEncryption 1026 +#define OBJ_sha512_256WithRSAEncryption OBJ_pkcs1,16L + +#define SN_pkcs3 "pkcs3" +#define NID_pkcs3 27 +#define OBJ_pkcs3 OBJ_pkcs,3L + +#define LN_dhKeyAgreement "dhKeyAgreement" +#define NID_dhKeyAgreement 28 +#define OBJ_dhKeyAgreement OBJ_pkcs3,1L + +#define SN_pkcs5 "pkcs5" +#define NID_pkcs5 187 +#define OBJ_pkcs5 OBJ_pkcs,5L + +#define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" +#define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" +#define NID_pbeWithMD2AndDES_CBC 9 +#define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs5,1L + +#define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" +#define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" +#define NID_pbeWithMD5AndDES_CBC 10 +#define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs5,3L + +#define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" +#define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" +#define NID_pbeWithMD2AndRC2_CBC 168 +#define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs5,4L + +#define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" +#define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" +#define NID_pbeWithMD5AndRC2_CBC 169 +#define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs5,6L + +#define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" +#define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" +#define NID_pbeWithSHA1AndDES_CBC 170 +#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs5,10L + +#define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" +#define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" +#define NID_pbeWithSHA1AndRC2_CBC 68 +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs5,11L + +#define LN_id_pbkdf2 "PBKDF2" +#define NID_id_pbkdf2 69 +#define OBJ_id_pbkdf2 OBJ_pkcs5,12L + +#define LN_pbes2 "PBES2" +#define NID_pbes2 161 +#define OBJ_pbes2 OBJ_pkcs5,13L + +#define LN_pbmac1 "PBMAC1" +#define NID_pbmac1 162 +#define OBJ_pbmac1 OBJ_pkcs5,14L + +#define SN_pkcs7 "pkcs7" +#define NID_pkcs7 20 +#define OBJ_pkcs7 OBJ_pkcs,7L + +#define LN_pkcs7_data "pkcs7-data" +#define NID_pkcs7_data 21 +#define OBJ_pkcs7_data OBJ_pkcs7,1L + +#define LN_pkcs7_signed "pkcs7-signedData" +#define NID_pkcs7_signed 22 +#define OBJ_pkcs7_signed OBJ_pkcs7,2L + +#define LN_pkcs7_enveloped "pkcs7-envelopedData" +#define NID_pkcs7_enveloped 23 +#define OBJ_pkcs7_enveloped OBJ_pkcs7,3L + +#define LN_pkcs7_signedAndEnveloped "pkcs7-signedAndEnvelopedData" +#define NID_pkcs7_signedAndEnveloped 24 +#define OBJ_pkcs7_signedAndEnveloped OBJ_pkcs7,4L + +#define LN_pkcs7_digest "pkcs7-digestData" +#define NID_pkcs7_digest 25 +#define OBJ_pkcs7_digest OBJ_pkcs7,5L + +#define LN_pkcs7_encrypted "pkcs7-encryptedData" +#define NID_pkcs7_encrypted 26 +#define OBJ_pkcs7_encrypted OBJ_pkcs7,6L + +#define SN_pkcs9 "pkcs9" +#define NID_pkcs9 47 +#define OBJ_pkcs9 OBJ_pkcs,9L + +#define LN_pkcs9_emailAddress "emailAddress" +#define NID_pkcs9_emailAddress 48 +#define OBJ_pkcs9_emailAddress OBJ_pkcs9,1L + +#define LN_pkcs9_unstructuredName "unstructuredName" +#define NID_pkcs9_unstructuredName 49 +#define OBJ_pkcs9_unstructuredName OBJ_pkcs9,2L + +#define LN_pkcs9_contentType "contentType" +#define NID_pkcs9_contentType 50 +#define OBJ_pkcs9_contentType OBJ_pkcs9,3L + +#define LN_pkcs9_messageDigest "messageDigest" +#define NID_pkcs9_messageDigest 51 +#define OBJ_pkcs9_messageDigest OBJ_pkcs9,4L + +#define LN_pkcs9_signingTime "signingTime" +#define NID_pkcs9_signingTime 52 +#define OBJ_pkcs9_signingTime OBJ_pkcs9,5L + +#define LN_pkcs9_countersignature "countersignature" +#define NID_pkcs9_countersignature 53 +#define OBJ_pkcs9_countersignature OBJ_pkcs9,6L + +#define LN_pkcs9_challengePassword "challengePassword" +#define NID_pkcs9_challengePassword 54 +#define OBJ_pkcs9_challengePassword OBJ_pkcs9,7L + +#define LN_pkcs9_unstructuredAddress "unstructuredAddress" +#define NID_pkcs9_unstructuredAddress 55 +#define OBJ_pkcs9_unstructuredAddress OBJ_pkcs9,8L + +#define LN_pkcs9_extCertAttributes "extendedCertificateAttributes" +#define NID_pkcs9_extCertAttributes 56 +#define OBJ_pkcs9_extCertAttributes OBJ_pkcs9,9L + +#define SN_ext_req "extReq" +#define LN_ext_req "Extension Request" +#define NID_ext_req 172 +#define OBJ_ext_req OBJ_pkcs9,14L + +#define SN_SMIMECapabilities "SMIME-CAPS" +#define LN_SMIMECapabilities "S/MIME Capabilities" +#define NID_SMIMECapabilities 167 +#define OBJ_SMIMECapabilities OBJ_pkcs9,15L + +#define SN_SMIME "SMIME" +#define LN_SMIME "S/MIME" +#define NID_SMIME 188 +#define OBJ_SMIME OBJ_pkcs9,16L + +#define SN_id_smime_mod "id-smime-mod" +#define NID_id_smime_mod 189 +#define OBJ_id_smime_mod OBJ_SMIME,0L + +#define SN_id_smime_ct "id-smime-ct" +#define NID_id_smime_ct 190 +#define OBJ_id_smime_ct OBJ_SMIME,1L + +#define SN_id_smime_aa "id-smime-aa" +#define NID_id_smime_aa 191 +#define OBJ_id_smime_aa OBJ_SMIME,2L + +#define SN_id_smime_alg "id-smime-alg" +#define NID_id_smime_alg 192 +#define OBJ_id_smime_alg OBJ_SMIME,3L + +#define SN_id_smime_cd "id-smime-cd" +#define NID_id_smime_cd 193 +#define OBJ_id_smime_cd OBJ_SMIME,4L + +#define SN_id_smime_spq "id-smime-spq" +#define NID_id_smime_spq 194 +#define OBJ_id_smime_spq OBJ_SMIME,5L + +#define SN_id_smime_cti "id-smime-cti" +#define NID_id_smime_cti 195 +#define OBJ_id_smime_cti OBJ_SMIME,6L + +#define SN_id_smime_mod_cms "id-smime-mod-cms" +#define NID_id_smime_mod_cms 196 +#define OBJ_id_smime_mod_cms OBJ_id_smime_mod,1L + +#define SN_id_smime_mod_ess "id-smime-mod-ess" +#define NID_id_smime_mod_ess 197 +#define OBJ_id_smime_mod_ess OBJ_id_smime_mod,2L + +#define SN_id_smime_mod_oid "id-smime-mod-oid" +#define NID_id_smime_mod_oid 198 +#define OBJ_id_smime_mod_oid OBJ_id_smime_mod,3L + +#define SN_id_smime_mod_msg_v3 "id-smime-mod-msg-v3" +#define NID_id_smime_mod_msg_v3 199 +#define OBJ_id_smime_mod_msg_v3 OBJ_id_smime_mod,4L + +#define SN_id_smime_mod_ets_eSignature_88 "id-smime-mod-ets-eSignature-88" +#define NID_id_smime_mod_ets_eSignature_88 200 +#define OBJ_id_smime_mod_ets_eSignature_88 OBJ_id_smime_mod,5L + +#define SN_id_smime_mod_ets_eSignature_97 "id-smime-mod-ets-eSignature-97" +#define NID_id_smime_mod_ets_eSignature_97 201 +#define OBJ_id_smime_mod_ets_eSignature_97 OBJ_id_smime_mod,6L + +#define SN_id_smime_mod_ets_eSigPolicy_88 "id-smime-mod-ets-eSigPolicy-88" +#define NID_id_smime_mod_ets_eSigPolicy_88 202 +#define OBJ_id_smime_mod_ets_eSigPolicy_88 OBJ_id_smime_mod,7L + +#define SN_id_smime_mod_ets_eSigPolicy_97 "id-smime-mod-ets-eSigPolicy-97" +#define NID_id_smime_mod_ets_eSigPolicy_97 203 +#define OBJ_id_smime_mod_ets_eSigPolicy_97 OBJ_id_smime_mod,8L + +#define SN_id_smime_ct_receipt "id-smime-ct-receipt" +#define NID_id_smime_ct_receipt 204 +#define OBJ_id_smime_ct_receipt OBJ_id_smime_ct,1L + +#define SN_id_smime_ct_authData "id-smime-ct-authData" +#define NID_id_smime_ct_authData 205 +#define OBJ_id_smime_ct_authData OBJ_id_smime_ct,2L + +#define SN_id_smime_ct_publishCert "id-smime-ct-publishCert" +#define NID_id_smime_ct_publishCert 206 +#define OBJ_id_smime_ct_publishCert OBJ_id_smime_ct,3L + +#define SN_id_smime_ct_TSTInfo "id-smime-ct-TSTInfo" +#define NID_id_smime_ct_TSTInfo 207 +#define OBJ_id_smime_ct_TSTInfo OBJ_id_smime_ct,4L + +#define SN_id_smime_ct_TDTInfo "id-smime-ct-TDTInfo" +#define NID_id_smime_ct_TDTInfo 208 +#define OBJ_id_smime_ct_TDTInfo OBJ_id_smime_ct,5L + +#define SN_id_smime_ct_contentInfo "id-smime-ct-contentInfo" +#define NID_id_smime_ct_contentInfo 209 +#define OBJ_id_smime_ct_contentInfo OBJ_id_smime_ct,6L + +#define SN_id_smime_ct_DVCSRequestData "id-smime-ct-DVCSRequestData" +#define NID_id_smime_ct_DVCSRequestData 210 +#define OBJ_id_smime_ct_DVCSRequestData OBJ_id_smime_ct,7L + +#define SN_id_smime_ct_DVCSResponseData "id-smime-ct-DVCSResponseData" +#define NID_id_smime_ct_DVCSResponseData 211 +#define OBJ_id_smime_ct_DVCSResponseData OBJ_id_smime_ct,8L + +#define SN_id_smime_ct_compressedData "id-smime-ct-compressedData" +#define NID_id_smime_ct_compressedData 786 +#define OBJ_id_smime_ct_compressedData OBJ_id_smime_ct,9L + +#define SN_id_ct_routeOriginAuthz "id-ct-routeOriginAuthz" +#define NID_id_ct_routeOriginAuthz 1001 +#define OBJ_id_ct_routeOriginAuthz OBJ_id_smime_ct,24L + +#define SN_id_ct_rpkiManifest "id-ct-rpkiManifest" +#define NID_id_ct_rpkiManifest 1002 +#define OBJ_id_ct_rpkiManifest OBJ_id_smime_ct,26L + +#define SN_id_ct_asciiTextWithCRLF "id-ct-asciiTextWithCRLF" +#define NID_id_ct_asciiTextWithCRLF 787 +#define OBJ_id_ct_asciiTextWithCRLF OBJ_id_smime_ct,27L + +#define SN_id_ct_rpkiGhostbusters "id-ct-rpkiGhostbusters" +#define NID_id_ct_rpkiGhostbusters 1003 +#define OBJ_id_ct_rpkiGhostbusters OBJ_id_smime_ct,35L + +#define SN_id_ct_resourceTaggedAttest "id-ct-resourceTaggedAttest" +#define NID_id_ct_resourceTaggedAttest 1004 +#define OBJ_id_ct_resourceTaggedAttest OBJ_id_smime_ct,36L + +#define SN_id_ct_geofeedCSVwithCRLF "id-ct-geofeedCSVwithCRLF" +#define NID_id_ct_geofeedCSVwithCRLF 1013 +#define OBJ_id_ct_geofeedCSVwithCRLF OBJ_id_smime_ct,47L + +#define SN_id_ct_signedChecklist "id-ct-signedChecklist" +#define NID_id_ct_signedChecklist 1014 +#define OBJ_id_ct_signedChecklist OBJ_id_smime_ct,48L + +#define SN_id_ct_ASPA "id-ct-ASPA" +#define NID_id_ct_ASPA 1017 +#define OBJ_id_ct_ASPA OBJ_id_smime_ct,49L + +#define SN_id_ct_signedTAL "id-ct-signedTAL" +#define NID_id_ct_signedTAL 1024 +#define OBJ_id_ct_signedTAL OBJ_id_smime_ct,50L + +#define SN_id_ct_rpkiSignedPrefixList "id-ct-rpkiSignedPrefixList" +#define NID_id_ct_rpkiSignedPrefixList 1054 +#define OBJ_id_ct_rpkiSignedPrefixList OBJ_id_smime_ct,51L + +#define SN_id_smime_aa_receiptRequest "id-smime-aa-receiptRequest" +#define NID_id_smime_aa_receiptRequest 212 +#define OBJ_id_smime_aa_receiptRequest OBJ_id_smime_aa,1L + +#define SN_id_smime_aa_securityLabel "id-smime-aa-securityLabel" +#define NID_id_smime_aa_securityLabel 213 +#define OBJ_id_smime_aa_securityLabel OBJ_id_smime_aa,2L + +#define SN_id_smime_aa_mlExpandHistory "id-smime-aa-mlExpandHistory" +#define NID_id_smime_aa_mlExpandHistory 214 +#define OBJ_id_smime_aa_mlExpandHistory OBJ_id_smime_aa,3L + +#define SN_id_smime_aa_contentHint "id-smime-aa-contentHint" +#define NID_id_smime_aa_contentHint 215 +#define OBJ_id_smime_aa_contentHint OBJ_id_smime_aa,4L + +#define SN_id_smime_aa_msgSigDigest "id-smime-aa-msgSigDigest" +#define NID_id_smime_aa_msgSigDigest 216 +#define OBJ_id_smime_aa_msgSigDigest OBJ_id_smime_aa,5L + +#define SN_id_smime_aa_encapContentType "id-smime-aa-encapContentType" +#define NID_id_smime_aa_encapContentType 217 +#define OBJ_id_smime_aa_encapContentType OBJ_id_smime_aa,6L + +#define SN_id_smime_aa_contentIdentifier "id-smime-aa-contentIdentifier" +#define NID_id_smime_aa_contentIdentifier 218 +#define OBJ_id_smime_aa_contentIdentifier OBJ_id_smime_aa,7L + +#define SN_id_smime_aa_macValue "id-smime-aa-macValue" +#define NID_id_smime_aa_macValue 219 +#define OBJ_id_smime_aa_macValue OBJ_id_smime_aa,8L + +#define SN_id_smime_aa_equivalentLabels "id-smime-aa-equivalentLabels" +#define NID_id_smime_aa_equivalentLabels 220 +#define OBJ_id_smime_aa_equivalentLabels OBJ_id_smime_aa,9L + +#define SN_id_smime_aa_contentReference "id-smime-aa-contentReference" +#define NID_id_smime_aa_contentReference 221 +#define OBJ_id_smime_aa_contentReference OBJ_id_smime_aa,10L + +#define SN_id_smime_aa_encrypKeyPref "id-smime-aa-encrypKeyPref" +#define NID_id_smime_aa_encrypKeyPref 222 +#define OBJ_id_smime_aa_encrypKeyPref OBJ_id_smime_aa,11L + +#define SN_id_smime_aa_signingCertificate "id-smime-aa-signingCertificate" +#define NID_id_smime_aa_signingCertificate 223 +#define OBJ_id_smime_aa_signingCertificate OBJ_id_smime_aa,12L + +#define SN_id_smime_aa_smimeEncryptCerts "id-smime-aa-smimeEncryptCerts" +#define NID_id_smime_aa_smimeEncryptCerts 224 +#define OBJ_id_smime_aa_smimeEncryptCerts OBJ_id_smime_aa,13L + +#define SN_id_smime_aa_timeStampToken "id-smime-aa-timeStampToken" +#define NID_id_smime_aa_timeStampToken 225 +#define OBJ_id_smime_aa_timeStampToken OBJ_id_smime_aa,14L + +#define SN_id_smime_aa_ets_sigPolicyId "id-smime-aa-ets-sigPolicyId" +#define NID_id_smime_aa_ets_sigPolicyId 226 +#define OBJ_id_smime_aa_ets_sigPolicyId OBJ_id_smime_aa,15L + +#define SN_id_smime_aa_ets_commitmentType "id-smime-aa-ets-commitmentType" +#define NID_id_smime_aa_ets_commitmentType 227 +#define OBJ_id_smime_aa_ets_commitmentType OBJ_id_smime_aa,16L + +#define SN_id_smime_aa_ets_signerLocation "id-smime-aa-ets-signerLocation" +#define NID_id_smime_aa_ets_signerLocation 228 +#define OBJ_id_smime_aa_ets_signerLocation OBJ_id_smime_aa,17L + +#define SN_id_smime_aa_ets_signerAttr "id-smime-aa-ets-signerAttr" +#define NID_id_smime_aa_ets_signerAttr 229 +#define OBJ_id_smime_aa_ets_signerAttr OBJ_id_smime_aa,18L + +#define SN_id_smime_aa_ets_otherSigCert "id-smime-aa-ets-otherSigCert" +#define NID_id_smime_aa_ets_otherSigCert 230 +#define OBJ_id_smime_aa_ets_otherSigCert OBJ_id_smime_aa,19L + +#define SN_id_smime_aa_ets_contentTimestamp "id-smime-aa-ets-contentTimestamp" +#define NID_id_smime_aa_ets_contentTimestamp 231 +#define OBJ_id_smime_aa_ets_contentTimestamp OBJ_id_smime_aa,20L + +#define SN_id_smime_aa_ets_CertificateRefs "id-smime-aa-ets-CertificateRefs" +#define NID_id_smime_aa_ets_CertificateRefs 232 +#define OBJ_id_smime_aa_ets_CertificateRefs OBJ_id_smime_aa,21L + +#define SN_id_smime_aa_ets_RevocationRefs "id-smime-aa-ets-RevocationRefs" +#define NID_id_smime_aa_ets_RevocationRefs 233 +#define OBJ_id_smime_aa_ets_RevocationRefs OBJ_id_smime_aa,22L + +#define SN_id_smime_aa_ets_certValues "id-smime-aa-ets-certValues" +#define NID_id_smime_aa_ets_certValues 234 +#define OBJ_id_smime_aa_ets_certValues OBJ_id_smime_aa,23L + +#define SN_id_smime_aa_ets_revocationValues "id-smime-aa-ets-revocationValues" +#define NID_id_smime_aa_ets_revocationValues 235 +#define OBJ_id_smime_aa_ets_revocationValues OBJ_id_smime_aa,24L + +#define SN_id_smime_aa_ets_escTimeStamp "id-smime-aa-ets-escTimeStamp" +#define NID_id_smime_aa_ets_escTimeStamp 236 +#define OBJ_id_smime_aa_ets_escTimeStamp OBJ_id_smime_aa,25L + +#define SN_id_smime_aa_ets_certCRLTimestamp "id-smime-aa-ets-certCRLTimestamp" +#define NID_id_smime_aa_ets_certCRLTimestamp 237 +#define OBJ_id_smime_aa_ets_certCRLTimestamp OBJ_id_smime_aa,26L + +#define SN_id_smime_aa_ets_archiveTimeStamp "id-smime-aa-ets-archiveTimeStamp" +#define NID_id_smime_aa_ets_archiveTimeStamp 238 +#define OBJ_id_smime_aa_ets_archiveTimeStamp OBJ_id_smime_aa,27L + +#define SN_id_smime_aa_signatureType "id-smime-aa-signatureType" +#define NID_id_smime_aa_signatureType 239 +#define OBJ_id_smime_aa_signatureType OBJ_id_smime_aa,28L + +#define SN_id_smime_aa_dvcs_dvc "id-smime-aa-dvcs-dvc" +#define NID_id_smime_aa_dvcs_dvc 240 +#define OBJ_id_smime_aa_dvcs_dvc OBJ_id_smime_aa,29L + +#define SN_id_smime_aa_signingCertificateV2 "id-smime-aa-signingCertificateV2" +#define NID_id_smime_aa_signingCertificateV2 1023 +#define OBJ_id_smime_aa_signingCertificateV2 OBJ_id_smime_aa,47L + +#define SN_id_smime_alg_ESDHwith3DES "id-smime-alg-ESDHwith3DES" +#define NID_id_smime_alg_ESDHwith3DES 241 +#define OBJ_id_smime_alg_ESDHwith3DES OBJ_id_smime_alg,1L + +#define SN_id_smime_alg_ESDHwithRC2 "id-smime-alg-ESDHwithRC2" +#define NID_id_smime_alg_ESDHwithRC2 242 +#define OBJ_id_smime_alg_ESDHwithRC2 OBJ_id_smime_alg,2L + +#define SN_id_smime_alg_3DESwrap "id-smime-alg-3DESwrap" +#define NID_id_smime_alg_3DESwrap 243 +#define OBJ_id_smime_alg_3DESwrap OBJ_id_smime_alg,3L + +#define SN_id_smime_alg_RC2wrap "id-smime-alg-RC2wrap" +#define NID_id_smime_alg_RC2wrap 244 +#define OBJ_id_smime_alg_RC2wrap OBJ_id_smime_alg,4L + +#define SN_id_smime_alg_ESDH "id-smime-alg-ESDH" +#define NID_id_smime_alg_ESDH 245 +#define OBJ_id_smime_alg_ESDH OBJ_id_smime_alg,5L + +#define SN_id_smime_alg_CMS3DESwrap "id-smime-alg-CMS3DESwrap" +#define NID_id_smime_alg_CMS3DESwrap 246 +#define OBJ_id_smime_alg_CMS3DESwrap OBJ_id_smime_alg,6L + +#define SN_id_smime_alg_CMSRC2wrap "id-smime-alg-CMSRC2wrap" +#define NID_id_smime_alg_CMSRC2wrap 247 +#define OBJ_id_smime_alg_CMSRC2wrap OBJ_id_smime_alg,7L + +#define SN_id_alg_PWRI_KEK "id-alg-PWRI-KEK" +#define NID_id_alg_PWRI_KEK 893 +#define OBJ_id_alg_PWRI_KEK OBJ_id_smime_alg,9L + +#define SN_id_smime_cd_ldap "id-smime-cd-ldap" +#define NID_id_smime_cd_ldap 248 +#define OBJ_id_smime_cd_ldap OBJ_id_smime_cd,1L + +#define SN_id_smime_spq_ets_sqt_uri "id-smime-spq-ets-sqt-uri" +#define NID_id_smime_spq_ets_sqt_uri 249 +#define OBJ_id_smime_spq_ets_sqt_uri OBJ_id_smime_spq,1L + +#define SN_id_smime_spq_ets_sqt_unotice "id-smime-spq-ets-sqt-unotice" +#define NID_id_smime_spq_ets_sqt_unotice 250 +#define OBJ_id_smime_spq_ets_sqt_unotice OBJ_id_smime_spq,2L + +#define SN_id_smime_cti_ets_proofOfOrigin "id-smime-cti-ets-proofOfOrigin" +#define NID_id_smime_cti_ets_proofOfOrigin 251 +#define OBJ_id_smime_cti_ets_proofOfOrigin OBJ_id_smime_cti,1L + +#define SN_id_smime_cti_ets_proofOfReceipt "id-smime-cti-ets-proofOfReceipt" +#define NID_id_smime_cti_ets_proofOfReceipt 252 +#define OBJ_id_smime_cti_ets_proofOfReceipt OBJ_id_smime_cti,2L + +#define SN_id_smime_cti_ets_proofOfDelivery "id-smime-cti-ets-proofOfDelivery" +#define NID_id_smime_cti_ets_proofOfDelivery 253 +#define OBJ_id_smime_cti_ets_proofOfDelivery OBJ_id_smime_cti,3L + +#define SN_id_smime_cti_ets_proofOfSender "id-smime-cti-ets-proofOfSender" +#define NID_id_smime_cti_ets_proofOfSender 254 +#define OBJ_id_smime_cti_ets_proofOfSender OBJ_id_smime_cti,4L + +#define SN_id_smime_cti_ets_proofOfApproval "id-smime-cti-ets-proofOfApproval" +#define NID_id_smime_cti_ets_proofOfApproval 255 +#define OBJ_id_smime_cti_ets_proofOfApproval OBJ_id_smime_cti,5L + +#define SN_id_smime_cti_ets_proofOfCreation "id-smime-cti-ets-proofOfCreation" +#define NID_id_smime_cti_ets_proofOfCreation 256 +#define OBJ_id_smime_cti_ets_proofOfCreation OBJ_id_smime_cti,6L + +#define LN_friendlyName "friendlyName" +#define NID_friendlyName 156 +#define OBJ_friendlyName OBJ_pkcs9,20L + +#define LN_localKeyID "localKeyID" +#define NID_localKeyID 157 +#define OBJ_localKeyID OBJ_pkcs9,21L + +#define SN_ms_csp_name "CSPName" +#define LN_ms_csp_name "Microsoft CSP Name" +#define NID_ms_csp_name 417 +#define OBJ_ms_csp_name 1L,3L,6L,1L,4L,1L,311L,17L,1L + +#define SN_LocalKeySet "LocalKeySet" +#define LN_LocalKeySet "Microsoft Local Key set" +#define NID_LocalKeySet 856 +#define OBJ_LocalKeySet 1L,3L,6L,1L,4L,1L,311L,17L,2L + +#define OBJ_certTypes OBJ_pkcs9,22L + +#define LN_x509Certificate "x509Certificate" +#define NID_x509Certificate 158 +#define OBJ_x509Certificate OBJ_certTypes,1L + +#define LN_sdsiCertificate "sdsiCertificate" +#define NID_sdsiCertificate 159 +#define OBJ_sdsiCertificate OBJ_certTypes,2L + +#define OBJ_crlTypes OBJ_pkcs9,23L + +#define LN_x509Crl "x509Crl" +#define NID_x509Crl 160 +#define OBJ_x509Crl OBJ_crlTypes,1L + +#define OBJ_pkcs12 OBJ_pkcs,12L + +#define OBJ_pkcs12_pbeids OBJ_pkcs12,1L + +#define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" +#define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" +#define NID_pbe_WithSHA1And128BitRC4 144 +#define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids,1L + +#define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" +#define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" +#define NID_pbe_WithSHA1And40BitRC4 145 +#define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids,2L + +#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" +#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 +#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids,3L + +#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" +#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" +#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 +#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids,4L + +#define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" +#define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" +#define NID_pbe_WithSHA1And128BitRC2_CBC 148 +#define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids,5L + +#define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" +#define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" +#define NID_pbe_WithSHA1And40BitRC2_CBC 149 +#define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids,6L + +#define OBJ_pkcs12_Version1 OBJ_pkcs12,10L + +#define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1,1L + +#define LN_keyBag "keyBag" +#define NID_keyBag 150 +#define OBJ_keyBag OBJ_pkcs12_BagIds,1L + +#define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" +#define NID_pkcs8ShroudedKeyBag 151 +#define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds,2L + +#define LN_certBag "certBag" +#define NID_certBag 152 +#define OBJ_certBag OBJ_pkcs12_BagIds,3L + +#define LN_crlBag "crlBag" +#define NID_crlBag 153 +#define OBJ_crlBag OBJ_pkcs12_BagIds,4L + +#define LN_secretBag "secretBag" +#define NID_secretBag 154 +#define OBJ_secretBag OBJ_pkcs12_BagIds,5L + +#define LN_safeContentsBag "safeContentsBag" +#define NID_safeContentsBag 155 +#define OBJ_safeContentsBag OBJ_pkcs12_BagIds,6L + +#define SN_md2 "MD2" +#define LN_md2 "md2" +#define NID_md2 3 +#define OBJ_md2 OBJ_rsadsi,2L,2L + +#define SN_md4 "MD4" +#define LN_md4 "md4" +#define NID_md4 257 +#define OBJ_md4 OBJ_rsadsi,2L,4L + +#define SN_md5 "MD5" +#define LN_md5 "md5" +#define NID_md5 4 +#define OBJ_md5 OBJ_rsadsi,2L,5L + +#define SN_md5_sha1 "MD5-SHA1" +#define LN_md5_sha1 "md5-sha1" +#define NID_md5_sha1 114 + +#define LN_hmacWithMD5 "hmacWithMD5" +#define NID_hmacWithMD5 797 +#define OBJ_hmacWithMD5 OBJ_rsadsi,2L,6L + +#define LN_hmacWithSHA1 "hmacWithSHA1" +#define NID_hmacWithSHA1 163 +#define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L + +#define LN_hmacWithSHA224 "hmacWithSHA224" +#define NID_hmacWithSHA224 798 +#define OBJ_hmacWithSHA224 OBJ_rsadsi,2L,8L + +#define LN_hmacWithSHA256 "hmacWithSHA256" +#define NID_hmacWithSHA256 799 +#define OBJ_hmacWithSHA256 OBJ_rsadsi,2L,9L + +#define LN_hmacWithSHA384 "hmacWithSHA384" +#define NID_hmacWithSHA384 800 +#define OBJ_hmacWithSHA384 OBJ_rsadsi,2L,10L + +#define LN_hmacWithSHA512 "hmacWithSHA512" +#define NID_hmacWithSHA512 801 +#define OBJ_hmacWithSHA512 OBJ_rsadsi,2L,11L + +#define LN_hmacWithSHA512_224 "hmacWithSHA512-224" +#define NID_hmacWithSHA512_224 1027 +#define OBJ_hmacWithSHA512_224 OBJ_rsadsi,2L,12L + +#define LN_hmacWithSHA512_256 "hmacWithSHA512-256" +#define NID_hmacWithSHA512_256 1028 +#define OBJ_hmacWithSHA512_256 OBJ_rsadsi,2L,13L + +#define SN_rc2_cbc "RC2-CBC" +#define LN_rc2_cbc "rc2-cbc" +#define NID_rc2_cbc 37 +#define OBJ_rc2_cbc OBJ_rsadsi,3L,2L + +#define SN_rc2_ecb "RC2-ECB" +#define LN_rc2_ecb "rc2-ecb" +#define NID_rc2_ecb 38 + +#define SN_rc2_cfb64 "RC2-CFB" +#define LN_rc2_cfb64 "rc2-cfb" +#define NID_rc2_cfb64 39 + +#define SN_rc2_ofb64 "RC2-OFB" +#define LN_rc2_ofb64 "rc2-ofb" +#define NID_rc2_ofb64 40 + +#define SN_rc2_40_cbc "RC2-40-CBC" +#define LN_rc2_40_cbc "rc2-40-cbc" +#define NID_rc2_40_cbc 98 + +#define SN_rc2_64_cbc "RC2-64-CBC" +#define LN_rc2_64_cbc "rc2-64-cbc" +#define NID_rc2_64_cbc 166 + +#define SN_rc4 "RC4" +#define LN_rc4 "rc4" +#define NID_rc4 5 +#define OBJ_rc4 OBJ_rsadsi,3L,4L + +#define SN_rc4_40 "RC4-40" +#define LN_rc4_40 "rc4-40" +#define NID_rc4_40 97 + +#define SN_des_ede3_cbc "DES-EDE3-CBC" +#define LN_des_ede3_cbc "des-ede3-cbc" +#define NID_des_ede3_cbc 44 +#define OBJ_des_ede3_cbc OBJ_rsadsi,3L,7L + +#define SN_rc5_cbc "RC5-CBC" +#define LN_rc5_cbc "rc5-cbc" +#define NID_rc5_cbc 120 +#define OBJ_rc5_cbc OBJ_rsadsi,3L,8L + +#define SN_rc5_ecb "RC5-ECB" +#define LN_rc5_ecb "rc5-ecb" +#define NID_rc5_ecb 121 + +#define SN_rc5_cfb64 "RC5-CFB" +#define LN_rc5_cfb64 "rc5-cfb" +#define NID_rc5_cfb64 122 + +#define SN_rc5_ofb64 "RC5-OFB" +#define LN_rc5_ofb64 "rc5-ofb" +#define NID_rc5_ofb64 123 + +#define SN_ms_ext_req "msExtReq" +#define LN_ms_ext_req "Microsoft Extension Request" +#define NID_ms_ext_req 171 +#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L + +#define SN_ms_code_ind "msCodeInd" +#define LN_ms_code_ind "Microsoft Individual Code Signing" +#define NID_ms_code_ind 134 +#define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L + +#define SN_ms_code_com "msCodeCom" +#define LN_ms_code_com "Microsoft Commercial Code Signing" +#define NID_ms_code_com 135 +#define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L + +#define SN_ms_ctl_sign "msCTLSign" +#define LN_ms_ctl_sign "Microsoft Trust List Signing" +#define NID_ms_ctl_sign 136 +#define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L + +#define SN_ms_sgc "msSGC" +#define LN_ms_sgc "Microsoft Server Gated Crypto" +#define NID_ms_sgc 137 +#define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L + +#define SN_ms_efs "msEFS" +#define LN_ms_efs "Microsoft Encrypted File System" +#define NID_ms_efs 138 +#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L + +#define SN_ms_smartcard_login "msSmartcardLogin" +#define LN_ms_smartcard_login "Microsoft Smartcardlogin" +#define NID_ms_smartcard_login 648 +#define OBJ_ms_smartcard_login 1L,3L,6L,1L,4L,1L,311L,20L,2L,2L + +#define SN_ms_upn "msUPN" +#define LN_ms_upn "Microsoft Universal Principal Name" +#define NID_ms_upn 649 +#define OBJ_ms_upn 1L,3L,6L,1L,4L,1L,311L,20L,2L,3L + +#define SN_idea_cbc "IDEA-CBC" +#define LN_idea_cbc "idea-cbc" +#define NID_idea_cbc 34 +#define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L + +#define SN_idea_ecb "IDEA-ECB" +#define LN_idea_ecb "idea-ecb" +#define NID_idea_ecb 36 + +#define SN_idea_cfb64 "IDEA-CFB" +#define LN_idea_cfb64 "idea-cfb" +#define NID_idea_cfb64 35 + +#define SN_idea_ofb64 "IDEA-OFB" +#define LN_idea_ofb64 "idea-ofb" +#define NID_idea_ofb64 46 + +#define SN_bf_cbc "BF-CBC" +#define LN_bf_cbc "bf-cbc" +#define NID_bf_cbc 91 +#define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L + +#define SN_bf_ecb "BF-ECB" +#define LN_bf_ecb "bf-ecb" +#define NID_bf_ecb 92 + +#define SN_bf_cfb64 "BF-CFB" +#define LN_bf_cfb64 "bf-cfb" +#define NID_bf_cfb64 93 + +#define SN_bf_ofb64 "BF-OFB" +#define LN_bf_ofb64 "bf-ofb" +#define NID_bf_ofb64 94 + +#define SN_id_pkix "PKIX" +#define NID_id_pkix 127 +#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L + +#define SN_id_pkix_mod "id-pkix-mod" +#define NID_id_pkix_mod 258 +#define OBJ_id_pkix_mod OBJ_id_pkix,0L + +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_qt "id-qt" +#define NID_id_qt 259 +#define OBJ_id_qt OBJ_id_pkix,2L + +#define SN_id_kp "id-kp" +#define NID_id_kp 128 +#define OBJ_id_kp OBJ_id_pkix,3L + +#define SN_id_it "id-it" +#define NID_id_it 260 +#define OBJ_id_it OBJ_id_pkix,4L + +#define SN_id_pkip "id-pkip" +#define NID_id_pkip 261 +#define OBJ_id_pkip OBJ_id_pkix,5L + +#define SN_id_alg "id-alg" +#define NID_id_alg 262 +#define OBJ_id_alg OBJ_id_pkix,6L + +#define SN_id_cmc "id-cmc" +#define NID_id_cmc 263 +#define OBJ_id_cmc OBJ_id_pkix,7L + +#define SN_id_on "id-on" +#define NID_id_on 264 +#define OBJ_id_on OBJ_id_pkix,8L + +#define SN_id_pda "id-pda" +#define NID_id_pda 265 +#define OBJ_id_pda OBJ_id_pkix,9L + +#define SN_id_aca "id-aca" +#define NID_id_aca 266 +#define OBJ_id_aca OBJ_id_pkix,10L + +#define SN_id_qcs "id-qcs" +#define NID_id_qcs 267 +#define OBJ_id_qcs OBJ_id_pkix,11L + +#define SN_id_cct "id-cct" +#define NID_id_cct 268 +#define OBJ_id_cct OBJ_id_pkix,12L + +#define SN_id_cp "id-cp" +#define NID_id_cp 1005 +#define OBJ_id_cp OBJ_id_pkix,14L + +#define SN_id_ppl "id-ppl" +#define NID_id_ppl 662 +#define OBJ_id_ppl OBJ_id_pkix,21L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_id_pkix1_explicit_88 "id-pkix1-explicit-88" +#define NID_id_pkix1_explicit_88 269 +#define OBJ_id_pkix1_explicit_88 OBJ_id_pkix_mod,1L + +#define SN_id_pkix1_implicit_88 "id-pkix1-implicit-88" +#define NID_id_pkix1_implicit_88 270 +#define OBJ_id_pkix1_implicit_88 OBJ_id_pkix_mod,2L + +#define SN_id_pkix1_explicit_93 "id-pkix1-explicit-93" +#define NID_id_pkix1_explicit_93 271 +#define OBJ_id_pkix1_explicit_93 OBJ_id_pkix_mod,3L + +#define SN_id_pkix1_implicit_93 "id-pkix1-implicit-93" +#define NID_id_pkix1_implicit_93 272 +#define OBJ_id_pkix1_implicit_93 OBJ_id_pkix_mod,4L + +#define SN_id_mod_crmf "id-mod-crmf" +#define NID_id_mod_crmf 273 +#define OBJ_id_mod_crmf OBJ_id_pkix_mod,5L + +#define SN_id_mod_cmc "id-mod-cmc" +#define NID_id_mod_cmc 274 +#define OBJ_id_mod_cmc OBJ_id_pkix_mod,6L + +#define SN_id_mod_kea_profile_88 "id-mod-kea-profile-88" +#define NID_id_mod_kea_profile_88 275 +#define OBJ_id_mod_kea_profile_88 OBJ_id_pkix_mod,7L + +#define SN_id_mod_kea_profile_93 "id-mod-kea-profile-93" +#define NID_id_mod_kea_profile_93 276 +#define OBJ_id_mod_kea_profile_93 OBJ_id_pkix_mod,8L + +#define SN_id_mod_cmp "id-mod-cmp" +#define NID_id_mod_cmp 277 +#define OBJ_id_mod_cmp OBJ_id_pkix_mod,9L + +#define SN_id_mod_qualified_cert_88 "id-mod-qualified-cert-88" +#define NID_id_mod_qualified_cert_88 278 +#define OBJ_id_mod_qualified_cert_88 OBJ_id_pkix_mod,10L + +#define SN_id_mod_qualified_cert_93 "id-mod-qualified-cert-93" +#define NID_id_mod_qualified_cert_93 279 +#define OBJ_id_mod_qualified_cert_93 OBJ_id_pkix_mod,11L + +#define SN_id_mod_attribute_cert "id-mod-attribute-cert" +#define NID_id_mod_attribute_cert 280 +#define OBJ_id_mod_attribute_cert OBJ_id_pkix_mod,12L + +#define SN_id_mod_timestamp_protocol "id-mod-timestamp-protocol" +#define NID_id_mod_timestamp_protocol 281 +#define OBJ_id_mod_timestamp_protocol OBJ_id_pkix_mod,13L + +#define SN_id_mod_ocsp "id-mod-ocsp" +#define NID_id_mod_ocsp 282 +#define OBJ_id_mod_ocsp OBJ_id_pkix_mod,14L + +#define SN_id_mod_dvcs "id-mod-dvcs" +#define NID_id_mod_dvcs 283 +#define OBJ_id_mod_dvcs OBJ_id_pkix_mod,15L + +#define SN_id_mod_cmp2000 "id-mod-cmp2000" +#define NID_id_mod_cmp2000 284 +#define OBJ_id_mod_cmp2000 OBJ_id_pkix_mod,16L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_biometricInfo "biometricInfo" +#define LN_biometricInfo "Biometric Info" +#define NID_biometricInfo 285 +#define OBJ_biometricInfo OBJ_id_pe,2L + +#define SN_qcStatements "qcStatements" +#define NID_qcStatements 286 +#define OBJ_qcStatements OBJ_id_pe,3L + +#define SN_ac_auditEntity "ac-auditEntity" +#define NID_ac_auditEntity 287 +#define OBJ_ac_auditEntity OBJ_id_pe,4L + +#define SN_ac_targeting "ac-targeting" +#define NID_ac_targeting 288 +#define OBJ_ac_targeting OBJ_id_pe,5L + +#define SN_aaControls "aaControls" +#define NID_aaControls 289 +#define OBJ_aaControls OBJ_id_pe,6L + +#define SN_sbgp_ipAddrBlock "sbgp-ipAddrBlock" +#define NID_sbgp_ipAddrBlock 290 +#define OBJ_sbgp_ipAddrBlock OBJ_id_pe,7L + +#define SN_sbgp_autonomousSysNum "sbgp-autonomousSysNum" +#define NID_sbgp_autonomousSysNum 291 +#define OBJ_sbgp_autonomousSysNum OBJ_id_pe,8L + +#define SN_sbgp_routerIdentifier "sbgp-routerIdentifier" +#define NID_sbgp_routerIdentifier 292 +#define OBJ_sbgp_routerIdentifier OBJ_id_pe,9L + +#define SN_ac_proxying "ac-proxying" +#define NID_ac_proxying 397 +#define OBJ_ac_proxying OBJ_id_pe,10L + +#define SN_sinfo_access "subjectInfoAccess" +#define LN_sinfo_access "Subject Information Access" +#define NID_sinfo_access 398 +#define OBJ_sinfo_access OBJ_id_pe,11L + +#define SN_proxyCertInfo "proxyCertInfo" +#define LN_proxyCertInfo "Proxy Certificate Information" +#define NID_proxyCertInfo 663 +#define OBJ_proxyCertInfo OBJ_id_pe,14L + +#define SN_tlsfeature "tlsfeature" +#define LN_tlsfeature "TLS Feature" +#define NID_tlsfeature 1016 +#define OBJ_tlsfeature OBJ_id_pe,24L + +#define SN_sbgp_ipAddrBlockv2 "sbgp-ipAddrBlockv2" +#define NID_sbgp_ipAddrBlockv2 1006 +#define OBJ_sbgp_ipAddrBlockv2 OBJ_id_pe,28L + +#define SN_sbgp_autonomousSysNumv2 "sbgp-autonomousSysNumv2" +#define NID_sbgp_autonomousSysNumv2 1007 +#define OBJ_sbgp_autonomousSysNumv2 OBJ_id_pe,29L + +#define SN_acmeIdentifier "acmeIdentifier" +#define LN_acmeIdentifier "ACME Identifier" +#define NID_acmeIdentifier 1053 +#define OBJ_acmeIdentifier OBJ_id_pe,31L + +#define SN_id_qt_cps "id-qt-cps" +#define LN_id_qt_cps "Policy Qualifier CPS" +#define NID_id_qt_cps 164 +#define OBJ_id_qt_cps OBJ_id_qt,1L + +#define SN_id_qt_unotice "id-qt-unotice" +#define LN_id_qt_unotice "Policy Qualifier User Notice" +#define NID_id_qt_unotice 165 +#define OBJ_id_qt_unotice OBJ_id_qt,2L + +#define SN_textNotice "textNotice" +#define NID_textNotice 293 +#define OBJ_textNotice OBJ_id_qt,3L + +#define SN_server_auth "serverAuth" +#define LN_server_auth "TLS Web Server Authentication" +#define NID_server_auth 129 +#define OBJ_server_auth OBJ_id_kp,1L + +#define SN_client_auth "clientAuth" +#define LN_client_auth "TLS Web Client Authentication" +#define NID_client_auth 130 +#define OBJ_client_auth OBJ_id_kp,2L + +#define SN_code_sign "codeSigning" +#define LN_code_sign "Code Signing" +#define NID_code_sign 131 +#define OBJ_code_sign OBJ_id_kp,3L + +#define SN_email_protect "emailProtection" +#define LN_email_protect "E-mail Protection" +#define NID_email_protect 132 +#define OBJ_email_protect OBJ_id_kp,4L + +#define SN_ipsecEndSystem "ipsecEndSystem" +#define LN_ipsecEndSystem "IPSec End System" +#define NID_ipsecEndSystem 294 +#define OBJ_ipsecEndSystem OBJ_id_kp,5L + +#define SN_ipsecTunnel "ipsecTunnel" +#define LN_ipsecTunnel "IPSec Tunnel" +#define NID_ipsecTunnel 295 +#define OBJ_ipsecTunnel OBJ_id_kp,6L + +#define SN_ipsecUser "ipsecUser" +#define LN_ipsecUser "IPSec User" +#define NID_ipsecUser 296 +#define OBJ_ipsecUser OBJ_id_kp,7L + +#define SN_time_stamp "timeStamping" +#define LN_time_stamp "Time Stamping" +#define NID_time_stamp 133 +#define OBJ_time_stamp OBJ_id_kp,8L + +#define SN_OCSP_sign "OCSPSigning" +#define LN_OCSP_sign "OCSP Signing" +#define NID_OCSP_sign 180 +#define OBJ_OCSP_sign OBJ_id_kp,9L + +#define SN_dvcs "DVCS" +#define LN_dvcs "dvcs" +#define NID_dvcs 297 +#define OBJ_dvcs OBJ_id_kp,10L + +#define SN_id_kp_bgpsec_router "id-kp-bgpsec-router" +#define LN_id_kp_bgpsec_router "BGPsec Router" +#define NID_id_kp_bgpsec_router 1015 +#define OBJ_id_kp_bgpsec_router OBJ_id_kp,30L + +#define SN_id_it_caProtEncCert "id-it-caProtEncCert" +#define NID_id_it_caProtEncCert 298 +#define OBJ_id_it_caProtEncCert OBJ_id_it,1L + +#define SN_id_it_signKeyPairTypes "id-it-signKeyPairTypes" +#define NID_id_it_signKeyPairTypes 299 +#define OBJ_id_it_signKeyPairTypes OBJ_id_it,2L + +#define SN_id_it_encKeyPairTypes "id-it-encKeyPairTypes" +#define NID_id_it_encKeyPairTypes 300 +#define OBJ_id_it_encKeyPairTypes OBJ_id_it,3L + +#define SN_id_it_preferredSymmAlg "id-it-preferredSymmAlg" +#define NID_id_it_preferredSymmAlg 301 +#define OBJ_id_it_preferredSymmAlg OBJ_id_it,4L + +#define SN_id_it_caKeyUpdateInfo "id-it-caKeyUpdateInfo" +#define NID_id_it_caKeyUpdateInfo 302 +#define OBJ_id_it_caKeyUpdateInfo OBJ_id_it,5L + +#define SN_id_it_currentCRL "id-it-currentCRL" +#define NID_id_it_currentCRL 303 +#define OBJ_id_it_currentCRL OBJ_id_it,6L + +#define SN_id_it_unsupportedOIDs "id-it-unsupportedOIDs" +#define NID_id_it_unsupportedOIDs 304 +#define OBJ_id_it_unsupportedOIDs OBJ_id_it,7L + +#define SN_id_it_subscriptionRequest "id-it-subscriptionRequest" +#define NID_id_it_subscriptionRequest 305 +#define OBJ_id_it_subscriptionRequest OBJ_id_it,8L + +#define SN_id_it_subscriptionResponse "id-it-subscriptionResponse" +#define NID_id_it_subscriptionResponse 306 +#define OBJ_id_it_subscriptionResponse OBJ_id_it,9L + +#define SN_id_it_keyPairParamReq "id-it-keyPairParamReq" +#define NID_id_it_keyPairParamReq 307 +#define OBJ_id_it_keyPairParamReq OBJ_id_it,10L + +#define SN_id_it_keyPairParamRep "id-it-keyPairParamRep" +#define NID_id_it_keyPairParamRep 308 +#define OBJ_id_it_keyPairParamRep OBJ_id_it,11L + +#define SN_id_it_revPassphrase "id-it-revPassphrase" +#define NID_id_it_revPassphrase 309 +#define OBJ_id_it_revPassphrase OBJ_id_it,12L + +#define SN_id_it_implicitConfirm "id-it-implicitConfirm" +#define NID_id_it_implicitConfirm 310 +#define OBJ_id_it_implicitConfirm OBJ_id_it,13L + +#define SN_id_it_confirmWaitTime "id-it-confirmWaitTime" +#define NID_id_it_confirmWaitTime 311 +#define OBJ_id_it_confirmWaitTime OBJ_id_it,14L + +#define SN_id_it_origPKIMessage "id-it-origPKIMessage" +#define NID_id_it_origPKIMessage 312 +#define OBJ_id_it_origPKIMessage OBJ_id_it,15L + +#define SN_id_it_suppLangTags "id-it-suppLangTags" +#define NID_id_it_suppLangTags 784 +#define OBJ_id_it_suppLangTags OBJ_id_it,16L + +#define SN_id_regCtrl "id-regCtrl" +#define NID_id_regCtrl 313 +#define OBJ_id_regCtrl OBJ_id_pkip,1L + +#define SN_id_regInfo "id-regInfo" +#define NID_id_regInfo 314 +#define OBJ_id_regInfo OBJ_id_pkip,2L + +#define SN_id_regCtrl_regToken "id-regCtrl-regToken" +#define NID_id_regCtrl_regToken 315 +#define OBJ_id_regCtrl_regToken OBJ_id_regCtrl,1L + +#define SN_id_regCtrl_authenticator "id-regCtrl-authenticator" +#define NID_id_regCtrl_authenticator 316 +#define OBJ_id_regCtrl_authenticator OBJ_id_regCtrl,2L + +#define SN_id_regCtrl_pkiPublicationInfo "id-regCtrl-pkiPublicationInfo" +#define NID_id_regCtrl_pkiPublicationInfo 317 +#define OBJ_id_regCtrl_pkiPublicationInfo OBJ_id_regCtrl,3L + +#define SN_id_regCtrl_pkiArchiveOptions "id-regCtrl-pkiArchiveOptions" +#define NID_id_regCtrl_pkiArchiveOptions 318 +#define OBJ_id_regCtrl_pkiArchiveOptions OBJ_id_regCtrl,4L + +#define SN_id_regCtrl_oldCertID "id-regCtrl-oldCertID" +#define NID_id_regCtrl_oldCertID 319 +#define OBJ_id_regCtrl_oldCertID OBJ_id_regCtrl,5L + +#define SN_id_regCtrl_protocolEncrKey "id-regCtrl-protocolEncrKey" +#define NID_id_regCtrl_protocolEncrKey 320 +#define OBJ_id_regCtrl_protocolEncrKey OBJ_id_regCtrl,6L + +#define SN_id_regInfo_utf8Pairs "id-regInfo-utf8Pairs" +#define NID_id_regInfo_utf8Pairs 321 +#define OBJ_id_regInfo_utf8Pairs OBJ_id_regInfo,1L + +#define SN_id_regInfo_certReq "id-regInfo-certReq" +#define NID_id_regInfo_certReq 322 +#define OBJ_id_regInfo_certReq OBJ_id_regInfo,2L + +#define SN_id_alg_des40 "id-alg-des40" +#define NID_id_alg_des40 323 +#define OBJ_id_alg_des40 OBJ_id_alg,1L + +#define SN_id_alg_noSignature "id-alg-noSignature" +#define NID_id_alg_noSignature 324 +#define OBJ_id_alg_noSignature OBJ_id_alg,2L + +#define SN_id_alg_dh_sig_hmac_sha1 "id-alg-dh-sig-hmac-sha1" +#define NID_id_alg_dh_sig_hmac_sha1 325 +#define OBJ_id_alg_dh_sig_hmac_sha1 OBJ_id_alg,3L + +#define SN_id_alg_dh_pop "id-alg-dh-pop" +#define NID_id_alg_dh_pop 326 +#define OBJ_id_alg_dh_pop OBJ_id_alg,4L + +#define SN_id_cmc_statusInfo "id-cmc-statusInfo" +#define NID_id_cmc_statusInfo 327 +#define OBJ_id_cmc_statusInfo OBJ_id_cmc,1L + +#define SN_id_cmc_identification "id-cmc-identification" +#define NID_id_cmc_identification 328 +#define OBJ_id_cmc_identification OBJ_id_cmc,2L + +#define SN_id_cmc_identityProof "id-cmc-identityProof" +#define NID_id_cmc_identityProof 329 +#define OBJ_id_cmc_identityProof OBJ_id_cmc,3L + +#define SN_id_cmc_dataReturn "id-cmc-dataReturn" +#define NID_id_cmc_dataReturn 330 +#define OBJ_id_cmc_dataReturn OBJ_id_cmc,4L + +#define SN_id_cmc_transactionId "id-cmc-transactionId" +#define NID_id_cmc_transactionId 331 +#define OBJ_id_cmc_transactionId OBJ_id_cmc,5L + +#define SN_id_cmc_senderNonce "id-cmc-senderNonce" +#define NID_id_cmc_senderNonce 332 +#define OBJ_id_cmc_senderNonce OBJ_id_cmc,6L + +#define SN_id_cmc_recipientNonce "id-cmc-recipientNonce" +#define NID_id_cmc_recipientNonce 333 +#define OBJ_id_cmc_recipientNonce OBJ_id_cmc,7L + +#define SN_id_cmc_addExtensions "id-cmc-addExtensions" +#define NID_id_cmc_addExtensions 334 +#define OBJ_id_cmc_addExtensions OBJ_id_cmc,8L + +#define SN_id_cmc_encryptedPOP "id-cmc-encryptedPOP" +#define NID_id_cmc_encryptedPOP 335 +#define OBJ_id_cmc_encryptedPOP OBJ_id_cmc,9L + +#define SN_id_cmc_decryptedPOP "id-cmc-decryptedPOP" +#define NID_id_cmc_decryptedPOP 336 +#define OBJ_id_cmc_decryptedPOP OBJ_id_cmc,10L + +#define SN_id_cmc_lraPOPWitness "id-cmc-lraPOPWitness" +#define NID_id_cmc_lraPOPWitness 337 +#define OBJ_id_cmc_lraPOPWitness OBJ_id_cmc,11L + +#define SN_id_cmc_getCert "id-cmc-getCert" +#define NID_id_cmc_getCert 338 +#define OBJ_id_cmc_getCert OBJ_id_cmc,15L + +#define SN_id_cmc_getCRL "id-cmc-getCRL" +#define NID_id_cmc_getCRL 339 +#define OBJ_id_cmc_getCRL OBJ_id_cmc,16L + +#define SN_id_cmc_revokeRequest "id-cmc-revokeRequest" +#define NID_id_cmc_revokeRequest 340 +#define OBJ_id_cmc_revokeRequest OBJ_id_cmc,17L + +#define SN_id_cmc_regInfo "id-cmc-regInfo" +#define NID_id_cmc_regInfo 341 +#define OBJ_id_cmc_regInfo OBJ_id_cmc,18L + +#define SN_id_cmc_responseInfo "id-cmc-responseInfo" +#define NID_id_cmc_responseInfo 342 +#define OBJ_id_cmc_responseInfo OBJ_id_cmc,19L + +#define SN_id_cmc_queryPending "id-cmc-queryPending" +#define NID_id_cmc_queryPending 343 +#define OBJ_id_cmc_queryPending OBJ_id_cmc,21L + +#define SN_id_cmc_popLinkRandom "id-cmc-popLinkRandom" +#define NID_id_cmc_popLinkRandom 344 +#define OBJ_id_cmc_popLinkRandom OBJ_id_cmc,22L + +#define SN_id_cmc_popLinkWitness "id-cmc-popLinkWitness" +#define NID_id_cmc_popLinkWitness 345 +#define OBJ_id_cmc_popLinkWitness OBJ_id_cmc,23L + +#define SN_id_cmc_confirmCertAcceptance "id-cmc-confirmCertAcceptance" +#define NID_id_cmc_confirmCertAcceptance 346 +#define OBJ_id_cmc_confirmCertAcceptance OBJ_id_cmc,24L + +#define SN_id_on_personalData "id-on-personalData" +#define NID_id_on_personalData 347 +#define OBJ_id_on_personalData OBJ_id_on,1L + +#define SN_id_on_permanentIdentifier "id-on-permanentIdentifier" +#define LN_id_on_permanentIdentifier "Permanent Identifier" +#define NID_id_on_permanentIdentifier 858 +#define OBJ_id_on_permanentIdentifier OBJ_id_on,3L + +#define SN_id_pda_dateOfBirth "id-pda-dateOfBirth" +#define NID_id_pda_dateOfBirth 348 +#define OBJ_id_pda_dateOfBirth OBJ_id_pda,1L + +#define SN_id_pda_placeOfBirth "id-pda-placeOfBirth" +#define NID_id_pda_placeOfBirth 349 +#define OBJ_id_pda_placeOfBirth OBJ_id_pda,2L + +#define SN_id_pda_gender "id-pda-gender" +#define NID_id_pda_gender 351 +#define OBJ_id_pda_gender OBJ_id_pda,3L + +#define SN_id_pda_countryOfCitizenship "id-pda-countryOfCitizenship" +#define NID_id_pda_countryOfCitizenship 352 +#define OBJ_id_pda_countryOfCitizenship OBJ_id_pda,4L + +#define SN_id_pda_countryOfResidence "id-pda-countryOfResidence" +#define NID_id_pda_countryOfResidence 353 +#define OBJ_id_pda_countryOfResidence OBJ_id_pda,5L + +#define SN_id_aca_authenticationInfo "id-aca-authenticationInfo" +#define NID_id_aca_authenticationInfo 354 +#define OBJ_id_aca_authenticationInfo OBJ_id_aca,1L + +#define SN_id_aca_accessIdentity "id-aca-accessIdentity" +#define NID_id_aca_accessIdentity 355 +#define OBJ_id_aca_accessIdentity OBJ_id_aca,2L + +#define SN_id_aca_chargingIdentity "id-aca-chargingIdentity" +#define NID_id_aca_chargingIdentity 356 +#define OBJ_id_aca_chargingIdentity OBJ_id_aca,3L + +#define SN_id_aca_group "id-aca-group" +#define NID_id_aca_group 357 +#define OBJ_id_aca_group OBJ_id_aca,4L + +#define SN_id_aca_role "id-aca-role" +#define NID_id_aca_role 358 +#define OBJ_id_aca_role OBJ_id_aca,5L + +#define SN_id_aca_encAttrs "id-aca-encAttrs" +#define NID_id_aca_encAttrs 399 +#define OBJ_id_aca_encAttrs OBJ_id_aca,6L + +#define SN_id_qcs_pkixQCSyntax_v1 "id-qcs-pkixQCSyntax-v1" +#define NID_id_qcs_pkixQCSyntax_v1 359 +#define OBJ_id_qcs_pkixQCSyntax_v1 OBJ_id_qcs,1L + +#define SN_id_cct_crs "id-cct-crs" +#define NID_id_cct_crs 360 +#define OBJ_id_cct_crs OBJ_id_cct,1L + +#define SN_id_cct_PKIData "id-cct-PKIData" +#define NID_id_cct_PKIData 361 +#define OBJ_id_cct_PKIData OBJ_id_cct,2L + +#define SN_id_cct_PKIResponse "id-cct-PKIResponse" +#define NID_id_cct_PKIResponse 362 +#define OBJ_id_cct_PKIResponse OBJ_id_cct,3L + +#define SN_ipAddr_asNumber "ipAddr-asNumber" +#define NID_ipAddr_asNumber 1008 +#define OBJ_ipAddr_asNumber OBJ_id_cp,2L + +#define SN_ipAddr_asNumberv2 "ipAddr-asNumberv2" +#define NID_ipAddr_asNumberv2 1009 +#define OBJ_ipAddr_asNumberv2 OBJ_id_cp,3L + +#define SN_id_ppl_anyLanguage "id-ppl-anyLanguage" +#define LN_id_ppl_anyLanguage "Any language" +#define NID_id_ppl_anyLanguage 664 +#define OBJ_id_ppl_anyLanguage OBJ_id_ppl,0L + +#define SN_id_ppl_inheritAll "id-ppl-inheritAll" +#define LN_id_ppl_inheritAll "Inherit all" +#define NID_id_ppl_inheritAll 665 +#define OBJ_id_ppl_inheritAll OBJ_id_ppl,1L + +#define SN_Independent "id-ppl-independent" +#define LN_Independent "Independent" +#define NID_Independent 667 +#define OBJ_Independent OBJ_id_ppl,2L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + +#define SN_ad_timeStamping "ad_timestamping" +#define LN_ad_timeStamping "AD Time Stamping" +#define NID_ad_timeStamping 363 +#define OBJ_ad_timeStamping OBJ_id_ad,3L + +#define SN_ad_dvcs "AD_DVCS" +#define LN_ad_dvcs "ad dvcs" +#define NID_ad_dvcs 364 +#define OBJ_ad_dvcs OBJ_id_ad,4L + +#define SN_caRepository "caRepository" +#define LN_caRepository "CA Repository" +#define NID_caRepository 785 +#define OBJ_caRepository OBJ_id_ad,5L + +#define SN_rpkiManifest "rpkiManifest" +#define LN_rpkiManifest "RPKI Manifest" +#define NID_rpkiManifest 1010 +#define OBJ_rpkiManifest OBJ_id_ad,10L + +#define SN_signedObject "signedObject" +#define LN_signedObject "Signed Object" +#define NID_signedObject 1011 +#define OBJ_signedObject OBJ_id_ad,11L + +#define SN_rpkiNotify "rpkiNotify" +#define LN_rpkiNotify "RPKI Notify" +#define NID_rpkiNotify 1012 +#define OBJ_rpkiNotify OBJ_id_ad,13L + +#define OBJ_id_pkix_OCSP OBJ_ad_OCSP + +#define SN_id_pkix_OCSP_basic "basicOCSPResponse" +#define LN_id_pkix_OCSP_basic "Basic OCSP Response" +#define NID_id_pkix_OCSP_basic 365 +#define OBJ_id_pkix_OCSP_basic OBJ_id_pkix_OCSP,1L + +#define SN_id_pkix_OCSP_Nonce "Nonce" +#define LN_id_pkix_OCSP_Nonce "OCSP Nonce" +#define NID_id_pkix_OCSP_Nonce 366 +#define OBJ_id_pkix_OCSP_Nonce OBJ_id_pkix_OCSP,2L + +#define SN_id_pkix_OCSP_CrlID "CrlID" +#define LN_id_pkix_OCSP_CrlID "OCSP CRL ID" +#define NID_id_pkix_OCSP_CrlID 367 +#define OBJ_id_pkix_OCSP_CrlID OBJ_id_pkix_OCSP,3L + +#define SN_id_pkix_OCSP_acceptableResponses "acceptableResponses" +#define LN_id_pkix_OCSP_acceptableResponses "Acceptable OCSP Responses" +#define NID_id_pkix_OCSP_acceptableResponses 368 +#define OBJ_id_pkix_OCSP_acceptableResponses OBJ_id_pkix_OCSP,4L + +#define SN_id_pkix_OCSP_noCheck "noCheck" +#define LN_id_pkix_OCSP_noCheck "OCSP No Check" +#define NID_id_pkix_OCSP_noCheck 369 +#define OBJ_id_pkix_OCSP_noCheck OBJ_id_pkix_OCSP,5L + +#define SN_id_pkix_OCSP_archiveCutoff "archiveCutoff" +#define LN_id_pkix_OCSP_archiveCutoff "OCSP Archive Cutoff" +#define NID_id_pkix_OCSP_archiveCutoff 370 +#define OBJ_id_pkix_OCSP_archiveCutoff OBJ_id_pkix_OCSP,6L + +#define SN_id_pkix_OCSP_serviceLocator "serviceLocator" +#define LN_id_pkix_OCSP_serviceLocator "OCSP Service Locator" +#define NID_id_pkix_OCSP_serviceLocator 371 +#define OBJ_id_pkix_OCSP_serviceLocator OBJ_id_pkix_OCSP,7L + +#define SN_id_pkix_OCSP_extendedStatus "extendedStatus" +#define LN_id_pkix_OCSP_extendedStatus "Extended OCSP Status" +#define NID_id_pkix_OCSP_extendedStatus 372 +#define OBJ_id_pkix_OCSP_extendedStatus OBJ_id_pkix_OCSP,8L + +#define SN_id_pkix_OCSP_valid "valid" +#define NID_id_pkix_OCSP_valid 373 +#define OBJ_id_pkix_OCSP_valid OBJ_id_pkix_OCSP,9L + +#define SN_id_pkix_OCSP_path "path" +#define NID_id_pkix_OCSP_path 374 +#define OBJ_id_pkix_OCSP_path OBJ_id_pkix_OCSP,10L + +#define SN_id_pkix_OCSP_trustRoot "trustRoot" +#define LN_id_pkix_OCSP_trustRoot "Trust Root" +#define NID_id_pkix_OCSP_trustRoot 375 +#define OBJ_id_pkix_OCSP_trustRoot OBJ_id_pkix_OCSP,11L + +#define SN_algorithm "algorithm" +#define LN_algorithm "algorithm" +#define NID_algorithm 376 +#define OBJ_algorithm 1L,3L,14L,3L,2L + +#define SN_md5WithRSA "RSA-NP-MD5" +#define LN_md5WithRSA "md5WithRSA" +#define NID_md5WithRSA 104 +#define OBJ_md5WithRSA OBJ_algorithm,3L + +#define SN_des_ecb "DES-ECB" +#define LN_des_ecb "des-ecb" +#define NID_des_ecb 29 +#define OBJ_des_ecb OBJ_algorithm,6L + +#define SN_des_cbc "DES-CBC" +#define LN_des_cbc "des-cbc" +#define NID_des_cbc 31 +#define OBJ_des_cbc OBJ_algorithm,7L + +#define SN_des_ofb64 "DES-OFB" +#define LN_des_ofb64 "des-ofb" +#define NID_des_ofb64 45 +#define OBJ_des_ofb64 OBJ_algorithm,8L + +#define SN_des_cfb64 "DES-CFB" +#define LN_des_cfb64 "des-cfb" +#define NID_des_cfb64 30 +#define OBJ_des_cfb64 OBJ_algorithm,9L + +#define SN_rsaSignature "rsaSignature" +#define NID_rsaSignature 377 +#define OBJ_rsaSignature OBJ_algorithm,11L + +#define SN_dsa_2 "DSA-old" +#define LN_dsa_2 "dsaEncryption-old" +#define NID_dsa_2 67 +#define OBJ_dsa_2 OBJ_algorithm,12L + +#define SN_dsaWithSHA "DSA-SHA" +#define LN_dsaWithSHA "dsaWithSHA" +#define NID_dsaWithSHA 66 +#define OBJ_dsaWithSHA OBJ_algorithm,13L + +#define SN_shaWithRSAEncryption "RSA-SHA" +#define LN_shaWithRSAEncryption "shaWithRSAEncryption" +#define NID_shaWithRSAEncryption 42 +#define OBJ_shaWithRSAEncryption OBJ_algorithm,15L + +#define SN_des_ede_ecb "DES-EDE" +#define LN_des_ede_ecb "des-ede" +#define NID_des_ede_ecb 32 +#define OBJ_des_ede_ecb OBJ_algorithm,17L + +#define SN_des_ede3_ecb "DES-EDE3" +#define LN_des_ede3_ecb "des-ede3" +#define NID_des_ede3_ecb 33 + +#define SN_des_ede_cbc "DES-EDE-CBC" +#define LN_des_ede_cbc "des-ede-cbc" +#define NID_des_ede_cbc 43 + +#define SN_des_ede_cfb64 "DES-EDE-CFB" +#define LN_des_ede_cfb64 "des-ede-cfb" +#define NID_des_ede_cfb64 60 + +#define SN_des_ede3_cfb64 "DES-EDE3-CFB" +#define LN_des_ede3_cfb64 "des-ede3-cfb" +#define NID_des_ede3_cfb64 61 + +#define SN_des_ede_ofb64 "DES-EDE-OFB" +#define LN_des_ede_ofb64 "des-ede-ofb" +#define NID_des_ede_ofb64 62 + +#define SN_des_ede3_ofb64 "DES-EDE3-OFB" +#define LN_des_ede3_ofb64 "des-ede3-ofb" +#define NID_des_ede3_ofb64 63 + +#define SN_desx_cbc "DESX-CBC" +#define LN_desx_cbc "desx-cbc" +#define NID_desx_cbc 80 + +#define SN_sha "SHA" +#define LN_sha "sha" +#define NID_sha 41 +#define OBJ_sha OBJ_algorithm,18L + +#define SN_sha1 "SHA1" +#define LN_sha1 "sha1" +#define NID_sha1 64 +#define OBJ_sha1 OBJ_algorithm,26L + +#define SN_dsaWithSHA1_2 "DSA-SHA1-old" +#define LN_dsaWithSHA1_2 "dsaWithSHA1-old" +#define NID_dsaWithSHA1_2 70 +#define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L + +#define SN_sha1WithRSA "RSA-SHA1-2" +#define LN_sha1WithRSA "sha1WithRSA" +#define NID_sha1WithRSA 115 +#define OBJ_sha1WithRSA OBJ_algorithm,29L + +#define SN_ripemd160 "RIPEMD160" +#define LN_ripemd160 "ripemd160" +#define NID_ripemd160 117 +#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L + +#define SN_ripemd160WithRSA "RSA-RIPEMD160" +#define LN_ripemd160WithRSA "ripemd160WithRSA" +#define NID_ripemd160WithRSA 119 +#define OBJ_ripemd160WithRSA 1L,3L,36L,3L,3L,1L,2L + +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + +#define SN_X500 "X500" +#define LN_X500 "directory services (X.500)" +#define NID_X500 11 +#define OBJ_X500 2L,5L + +#define SN_X509 "X509" +#define NID_X509 12 +#define OBJ_X509 OBJ_X500,4L + +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +#define OBJ_commonName OBJ_X509,3L + +#define SN_surname "SN" +#define LN_surname "surname" +#define NID_surname 100 +#define OBJ_surname OBJ_X509,4L + +#define LN_serialNumber "serialNumber" +#define NID_serialNumber 105 +#define OBJ_serialNumber OBJ_X509,5L + +#define SN_countryName "C" +#define LN_countryName "countryName" +#define NID_countryName 14 +#define OBJ_countryName OBJ_X509,6L + +#define SN_localityName "L" +#define LN_localityName "localityName" +#define NID_localityName 15 +#define OBJ_localityName OBJ_X509,7L + +#define SN_stateOrProvinceName "ST" +#define LN_stateOrProvinceName "stateOrProvinceName" +#define NID_stateOrProvinceName 16 +#define OBJ_stateOrProvinceName OBJ_X509,8L + +#define SN_streetAddress "street" +#define LN_streetAddress "streetAddress" +#define NID_streetAddress 660 +#define OBJ_streetAddress OBJ_X509,9L + +#define SN_organizationName "O" +#define LN_organizationName "organizationName" +#define NID_organizationName 17 +#define OBJ_organizationName OBJ_X509,10L + +#define SN_organizationalUnitName "OU" +#define LN_organizationalUnitName "organizationalUnitName" +#define NID_organizationalUnitName 18 +#define OBJ_organizationalUnitName OBJ_X509,11L + +#define SN_title "title" +#define LN_title "title" +#define NID_title 106 +#define OBJ_title OBJ_X509,12L + +#define LN_description "description" +#define NID_description 107 +#define OBJ_description OBJ_X509,13L + +#define LN_searchGuide "searchGuide" +#define NID_searchGuide 859 +#define OBJ_searchGuide OBJ_X509,14L + +#define LN_businessCategory "businessCategory" +#define NID_businessCategory 860 +#define OBJ_businessCategory OBJ_X509,15L + +#define LN_postalAddress "postalAddress" +#define NID_postalAddress 861 +#define OBJ_postalAddress OBJ_X509,16L + +#define LN_postalCode "postalCode" +#define NID_postalCode 661 +#define OBJ_postalCode OBJ_X509,17L + +#define LN_postOfficeBox "postOfficeBox" +#define NID_postOfficeBox 862 +#define OBJ_postOfficeBox OBJ_X509,18L + +#define LN_physicalDeliveryOfficeName "physicalDeliveryOfficeName" +#define NID_physicalDeliveryOfficeName 863 +#define OBJ_physicalDeliveryOfficeName OBJ_X509,19L + +#define LN_telephoneNumber "telephoneNumber" +#define NID_telephoneNumber 864 +#define OBJ_telephoneNumber OBJ_X509,20L + +#define LN_telexNumber "telexNumber" +#define NID_telexNumber 865 +#define OBJ_telexNumber OBJ_X509,21L + +#define LN_teletexTerminalIdentifier "teletexTerminalIdentifier" +#define NID_teletexTerminalIdentifier 866 +#define OBJ_teletexTerminalIdentifier OBJ_X509,22L + +#define LN_facsimileTelephoneNumber "facsimileTelephoneNumber" +#define NID_facsimileTelephoneNumber 867 +#define OBJ_facsimileTelephoneNumber OBJ_X509,23L + +#define LN_x121Address "x121Address" +#define NID_x121Address 868 +#define OBJ_x121Address OBJ_X509,24L + +#define LN_internationaliSDNNumber "internationaliSDNNumber" +#define NID_internationaliSDNNumber 869 +#define OBJ_internationaliSDNNumber OBJ_X509,25L + +#define LN_registeredAddress "registeredAddress" +#define NID_registeredAddress 870 +#define OBJ_registeredAddress OBJ_X509,26L + +#define LN_destinationIndicator "destinationIndicator" +#define NID_destinationIndicator 871 +#define OBJ_destinationIndicator OBJ_X509,27L + +#define LN_preferredDeliveryMethod "preferredDeliveryMethod" +#define NID_preferredDeliveryMethod 872 +#define OBJ_preferredDeliveryMethod OBJ_X509,28L + +#define LN_presentationAddress "presentationAddress" +#define NID_presentationAddress 873 +#define OBJ_presentationAddress OBJ_X509,29L + +#define LN_supportedApplicationContext "supportedApplicationContext" +#define NID_supportedApplicationContext 874 +#define OBJ_supportedApplicationContext OBJ_X509,30L + +#define SN_member "member" +#define NID_member 875 +#define OBJ_member OBJ_X509,31L + +#define SN_owner "owner" +#define NID_owner 876 +#define OBJ_owner OBJ_X509,32L + +#define LN_roleOccupant "roleOccupant" +#define NID_roleOccupant 877 +#define OBJ_roleOccupant OBJ_X509,33L + +#define SN_seeAlso "seeAlso" +#define NID_seeAlso 878 +#define OBJ_seeAlso OBJ_X509,34L + +#define LN_userPassword "userPassword" +#define NID_userPassword 879 +#define OBJ_userPassword OBJ_X509,35L + +#define LN_userCertificate "userCertificate" +#define NID_userCertificate 880 +#define OBJ_userCertificate OBJ_X509,36L + +#define LN_cACertificate "cACertificate" +#define NID_cACertificate 881 +#define OBJ_cACertificate OBJ_X509,37L + +#define LN_authorityRevocationList "authorityRevocationList" +#define NID_authorityRevocationList 882 +#define OBJ_authorityRevocationList OBJ_X509,38L + +#define LN_certificateRevocationList "certificateRevocationList" +#define NID_certificateRevocationList 883 +#define OBJ_certificateRevocationList OBJ_X509,39L + +#define LN_crossCertificatePair "crossCertificatePair" +#define NID_crossCertificatePair 884 +#define OBJ_crossCertificatePair OBJ_X509,40L + +#define SN_name "name" +#define LN_name "name" +#define NID_name 173 +#define OBJ_name OBJ_X509,41L + +#define SN_givenName "GN" +#define LN_givenName "givenName" +#define NID_givenName 99 +#define OBJ_givenName OBJ_X509,42L + +#define SN_initials "initials" +#define LN_initials "initials" +#define NID_initials 101 +#define OBJ_initials OBJ_X509,43L + +#define LN_generationQualifier "generationQualifier" +#define NID_generationQualifier 509 +#define OBJ_generationQualifier OBJ_X509,44L + +#define LN_x500UniqueIdentifier "x500UniqueIdentifier" +#define NID_x500UniqueIdentifier 503 +#define OBJ_x500UniqueIdentifier OBJ_X509,45L + +#define SN_dnQualifier "dnQualifier" +#define LN_dnQualifier "dnQualifier" +#define NID_dnQualifier 174 +#define OBJ_dnQualifier OBJ_X509,46L + +#define LN_enhancedSearchGuide "enhancedSearchGuide" +#define NID_enhancedSearchGuide 885 +#define OBJ_enhancedSearchGuide OBJ_X509,47L + +#define LN_protocolInformation "protocolInformation" +#define NID_protocolInformation 886 +#define OBJ_protocolInformation OBJ_X509,48L + +#define LN_distinguishedName "distinguishedName" +#define NID_distinguishedName 887 +#define OBJ_distinguishedName OBJ_X509,49L + +#define LN_uniqueMember "uniqueMember" +#define NID_uniqueMember 888 +#define OBJ_uniqueMember OBJ_X509,50L + +#define LN_houseIdentifier "houseIdentifier" +#define NID_houseIdentifier 889 +#define OBJ_houseIdentifier OBJ_X509,51L + +#define LN_supportedAlgorithms "supportedAlgorithms" +#define NID_supportedAlgorithms 890 +#define OBJ_supportedAlgorithms OBJ_X509,52L + +#define LN_deltaRevocationList "deltaRevocationList" +#define NID_deltaRevocationList 891 +#define OBJ_deltaRevocationList OBJ_X509,53L + +#define SN_dmdName "dmdName" +#define NID_dmdName 892 +#define OBJ_dmdName OBJ_X509,54L + +#define LN_pseudonym "pseudonym" +#define NID_pseudonym 510 +#define OBJ_pseudonym OBJ_X509,65L + +#define SN_role "role" +#define LN_role "role" +#define NID_role 400 +#define OBJ_role OBJ_X509,72L + +#define SN_X500algorithms "X500algorithms" +#define LN_X500algorithms "directory services - algorithms" +#define NID_X500algorithms 378 +#define OBJ_X500algorithms OBJ_X500,8L + +#define SN_rsa "RSA" +#define LN_rsa "rsa" +#define NID_rsa 19 +#define OBJ_rsa OBJ_X500algorithms,1L,1L + +#define SN_mdc2WithRSA "RSA-MDC2" +#define LN_mdc2WithRSA "mdc2WithRSA" +#define NID_mdc2WithRSA 96 +#define OBJ_mdc2WithRSA OBJ_X500algorithms,3L,100L + +#define SN_mdc2 "MDC2" +#define LN_mdc2 "mdc2" +#define NID_mdc2 95 +#define OBJ_mdc2 OBJ_X500algorithms,3L,101L + +#define SN_id_ce "id-ce" +#define NID_id_ce 81 +#define OBJ_id_ce OBJ_X500,29L + +#define SN_subject_directory_attributes "subjectDirectoryAttributes" +#define LN_subject_directory_attributes "X509v3 Subject Directory Attributes" +#define NID_subject_directory_attributes 769 +#define OBJ_subject_directory_attributes OBJ_id_ce,9L + +#define SN_subject_key_identifier "subjectKeyIdentifier" +#define LN_subject_key_identifier "X509v3 Subject Key Identifier" +#define NID_subject_key_identifier 82 +#define OBJ_subject_key_identifier OBJ_id_ce,14L + +#define SN_key_usage "keyUsage" +#define LN_key_usage "X509v3 Key Usage" +#define NID_key_usage 83 +#define OBJ_key_usage OBJ_id_ce,15L + +#define SN_private_key_usage_period "privateKeyUsagePeriod" +#define LN_private_key_usage_period "X509v3 Private Key Usage Period" +#define NID_private_key_usage_period 84 +#define OBJ_private_key_usage_period OBJ_id_ce,16L + +#define SN_subject_alt_name "subjectAltName" +#define LN_subject_alt_name "X509v3 Subject Alternative Name" +#define NID_subject_alt_name 85 +#define OBJ_subject_alt_name OBJ_id_ce,17L + +#define SN_issuer_alt_name "issuerAltName" +#define LN_issuer_alt_name "X509v3 Issuer Alternative Name" +#define NID_issuer_alt_name 86 +#define OBJ_issuer_alt_name OBJ_id_ce,18L + +#define SN_basic_constraints "basicConstraints" +#define LN_basic_constraints "X509v3 Basic Constraints" +#define NID_basic_constraints 87 +#define OBJ_basic_constraints OBJ_id_ce,19L + +#define SN_crl_number "crlNumber" +#define LN_crl_number "X509v3 CRL Number" +#define NID_crl_number 88 +#define OBJ_crl_number OBJ_id_ce,20L + +#define SN_crl_reason "CRLReason" +#define LN_crl_reason "X509v3 CRL Reason Code" +#define NID_crl_reason 141 +#define OBJ_crl_reason OBJ_id_ce,21L + +#define SN_invalidity_date "invalidityDate" +#define LN_invalidity_date "Invalidity Date" +#define NID_invalidity_date 142 +#define OBJ_invalidity_date OBJ_id_ce,24L + +#define SN_delta_crl "deltaCRL" +#define LN_delta_crl "X509v3 Delta CRL Indicator" +#define NID_delta_crl 140 +#define OBJ_delta_crl OBJ_id_ce,27L + +#define SN_issuing_distribution_point "issuingDistributionPoint" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" +#define NID_issuing_distribution_point 770 +#define OBJ_issuing_distribution_point OBJ_id_ce,28L + +#define SN_certificate_issuer "certificateIssuer" +#define LN_certificate_issuer "X509v3 Certificate Issuer" +#define NID_certificate_issuer 771 +#define OBJ_certificate_issuer OBJ_id_ce,29L + +#define SN_name_constraints "nameConstraints" +#define LN_name_constraints "X509v3 Name Constraints" +#define NID_name_constraints 666 +#define OBJ_name_constraints OBJ_id_ce,30L + +#define SN_crl_distribution_points "crlDistributionPoints" +#define LN_crl_distribution_points "X509v3 CRL Distribution Points" +#define NID_crl_distribution_points 103 +#define OBJ_crl_distribution_points OBJ_id_ce,31L + +#define SN_certificate_policies "certificatePolicies" +#define LN_certificate_policies "X509v3 Certificate Policies" +#define NID_certificate_policies 89 +#define OBJ_certificate_policies OBJ_id_ce,32L + +#define SN_any_policy "anyPolicy" +#define LN_any_policy "X509v3 Any Policy" +#define NID_any_policy 746 +#define OBJ_any_policy OBJ_certificate_policies,0L + +#define SN_policy_mappings "policyMappings" +#define LN_policy_mappings "X509v3 Policy Mappings" +#define NID_policy_mappings 747 +#define OBJ_policy_mappings OBJ_id_ce,33L + +#define SN_authority_key_identifier "authorityKeyIdentifier" +#define LN_authority_key_identifier "X509v3 Authority Key Identifier" +#define NID_authority_key_identifier 90 +#define OBJ_authority_key_identifier OBJ_id_ce,35L + +#define SN_policy_constraints "policyConstraints" +#define LN_policy_constraints "X509v3 Policy Constraints" +#define NID_policy_constraints 401 +#define OBJ_policy_constraints OBJ_id_ce,36L + +#define SN_ext_key_usage "extendedKeyUsage" +#define LN_ext_key_usage "X509v3 Extended Key Usage" +#define NID_ext_key_usage 126 +#define OBJ_ext_key_usage OBJ_id_ce,37L + +#define SN_freshest_crl "freshestCRL" +#define LN_freshest_crl "X509v3 Freshest CRL" +#define NID_freshest_crl 857 +#define OBJ_freshest_crl OBJ_id_ce,46L + +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 748 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + +#define SN_target_information "targetInformation" +#define LN_target_information "X509v3 AC Targeting" +#define NID_target_information 402 +#define OBJ_target_information OBJ_id_ce,55L + +#define SN_no_rev_avail "noRevAvail" +#define LN_no_rev_avail "X509v3 No Revocation Available" +#define NID_no_rev_avail 403 +#define OBJ_no_rev_avail OBJ_id_ce,56L + +#define SN_anyExtendedKeyUsage "anyExtendedKeyUsage" +#define LN_anyExtendedKeyUsage "Any Extended Key Usage" +#define NID_anyExtendedKeyUsage 910 +#define OBJ_anyExtendedKeyUsage OBJ_ext_key_usage,0L + +#define SN_netscape "Netscape" +#define LN_netscape "Netscape Communications Corp." +#define NID_netscape 57 +#define OBJ_netscape 2L,16L,840L,1L,113730L + +#define SN_netscape_cert_extension "nsCertExt" +#define LN_netscape_cert_extension "Netscape Certificate Extension" +#define NID_netscape_cert_extension 58 +#define OBJ_netscape_cert_extension OBJ_netscape,1L + +#define SN_netscape_data_type "nsDataType" +#define LN_netscape_data_type "Netscape Data Type" +#define NID_netscape_data_type 59 +#define OBJ_netscape_data_type OBJ_netscape,2L + +#define SN_netscape_cert_type "nsCertType" +#define LN_netscape_cert_type "Netscape Cert Type" +#define NID_netscape_cert_type 71 +#define OBJ_netscape_cert_type OBJ_netscape_cert_extension,1L + +#define SN_netscape_base_url "nsBaseUrl" +#define LN_netscape_base_url "Netscape Base Url" +#define NID_netscape_base_url 72 +#define OBJ_netscape_base_url OBJ_netscape_cert_extension,2L + +#define SN_netscape_revocation_url "nsRevocationUrl" +#define LN_netscape_revocation_url "Netscape Revocation Url" +#define NID_netscape_revocation_url 73 +#define OBJ_netscape_revocation_url OBJ_netscape_cert_extension,3L + +#define SN_netscape_ca_revocation_url "nsCaRevocationUrl" +#define LN_netscape_ca_revocation_url "Netscape CA Revocation Url" +#define NID_netscape_ca_revocation_url 74 +#define OBJ_netscape_ca_revocation_url OBJ_netscape_cert_extension,4L + +#define SN_netscape_renewal_url "nsRenewalUrl" +#define LN_netscape_renewal_url "Netscape Renewal Url" +#define NID_netscape_renewal_url 75 +#define OBJ_netscape_renewal_url OBJ_netscape_cert_extension,7L + +#define SN_netscape_ca_policy_url "nsCaPolicyUrl" +#define LN_netscape_ca_policy_url "Netscape CA Policy Url" +#define NID_netscape_ca_policy_url 76 +#define OBJ_netscape_ca_policy_url OBJ_netscape_cert_extension,8L + +#define SN_netscape_ssl_server_name "nsSslServerName" +#define LN_netscape_ssl_server_name "Netscape SSL Server Name" +#define NID_netscape_ssl_server_name 77 +#define OBJ_netscape_ssl_server_name OBJ_netscape_cert_extension,12L + +#define SN_netscape_comment "nsComment" +#define LN_netscape_comment "Netscape Comment" +#define NID_netscape_comment 78 +#define OBJ_netscape_comment OBJ_netscape_cert_extension,13L + +#define SN_netscape_cert_sequence "nsCertSequence" +#define LN_netscape_cert_sequence "Netscape Certificate Sequence" +#define NID_netscape_cert_sequence 79 +#define OBJ_netscape_cert_sequence OBJ_netscape_data_type,5L + +#define SN_ns_sgc "nsSGC" +#define LN_ns_sgc "Netscape Server Gated Crypto" +#define NID_ns_sgc 139 +#define OBJ_ns_sgc OBJ_netscape,4L,1L + +#define SN_org "ORG" +#define LN_org "org" +#define NID_org 379 +#define OBJ_org OBJ_iso,3L + +#define SN_dod "DOD" +#define LN_dod "dod" +#define NID_dod 380 +#define OBJ_dod OBJ_org,6L + +#define SN_iana "IANA" +#define LN_iana "iana" +#define NID_iana 381 +#define OBJ_iana OBJ_dod,1L + +#define OBJ_internet OBJ_iana + +#define SN_Directory "directory" +#define LN_Directory "Directory" +#define NID_Directory 382 +#define OBJ_Directory OBJ_internet,1L + +#define SN_Management "mgmt" +#define LN_Management "Management" +#define NID_Management 383 +#define OBJ_Management OBJ_internet,2L + +#define SN_Experimental "experimental" +#define LN_Experimental "Experimental" +#define NID_Experimental 384 +#define OBJ_Experimental OBJ_internet,3L + +#define SN_Private "private" +#define LN_Private "Private" +#define NID_Private 385 +#define OBJ_Private OBJ_internet,4L + +#define SN_Security "security" +#define LN_Security "Security" +#define NID_Security 386 +#define OBJ_Security OBJ_internet,5L + +#define SN_SNMPv2 "snmpv2" +#define LN_SNMPv2 "SNMPv2" +#define NID_SNMPv2 387 +#define OBJ_SNMPv2 OBJ_internet,6L + +#define LN_Mail "Mail" +#define NID_Mail 388 +#define OBJ_Mail OBJ_internet,7L + +#define SN_Enterprises "enterprises" +#define LN_Enterprises "Enterprises" +#define NID_Enterprises 389 +#define OBJ_Enterprises OBJ_Private,1L + +#define SN_dcObject "dcobject" +#define LN_dcObject "dcObject" +#define NID_dcObject 390 +#define OBJ_dcObject OBJ_Enterprises,1466L,344L + +#define OBJ_extendedValidation OBJ_Enterprises,311L,60L + +#define LN_jurisdictionLocalityName "jurisdictionLocalityName" +#define NID_jurisdictionLocalityName 956 +#define OBJ_jurisdictionLocalityName OBJ_extendedValidation,2L,1L,1L + +#define LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define NID_jurisdictionStateOrProvinceName 957 +#define OBJ_jurisdictionStateOrProvinceName OBJ_extendedValidation,2L,1L,2L + +#define LN_jurisdictionCountryName "jurisdictionCountryName" +#define NID_jurisdictionCountryName 958 +#define OBJ_jurisdictionCountryName OBJ_extendedValidation,2L,1L,3L + +#define SN_mime_mhs "mime-mhs" +#define LN_mime_mhs "MIME MHS" +#define NID_mime_mhs 504 +#define OBJ_mime_mhs OBJ_Mail,1L + +#define SN_mime_mhs_headings "mime-mhs-headings" +#define LN_mime_mhs_headings "mime-mhs-headings" +#define NID_mime_mhs_headings 505 +#define OBJ_mime_mhs_headings OBJ_mime_mhs,1L + +#define SN_mime_mhs_bodies "mime-mhs-bodies" +#define LN_mime_mhs_bodies "mime-mhs-bodies" +#define NID_mime_mhs_bodies 506 +#define OBJ_mime_mhs_bodies OBJ_mime_mhs,2L + +#define SN_id_hex_partial_message "id-hex-partial-message" +#define LN_id_hex_partial_message "id-hex-partial-message" +#define NID_id_hex_partial_message 507 +#define OBJ_id_hex_partial_message OBJ_mime_mhs_headings,1L + +#define SN_id_hex_multipart_message "id-hex-multipart-message" +#define LN_id_hex_multipart_message "id-hex-multipart-message" +#define NID_id_hex_multipart_message 508 +#define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L + +#define SN_rle_compression "RLE" +#define LN_rle_compression "run length compression" +#define NID_rle_compression 124 +#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L + +#define SN_zlib_compression "ZLIB" +#define LN_zlib_compression "zlib compression" +#define NID_zlib_compression 125 +#define OBJ_zlib_compression OBJ_id_smime_alg,8L + +#define OBJ_csor 2L,16L,840L,1L,101L,3L + +#define OBJ_nistAlgorithms OBJ_csor,4L + +#define OBJ_aes OBJ_nistAlgorithms,1L + +#define SN_aes_128_ecb "AES-128-ECB" +#define LN_aes_128_ecb "aes-128-ecb" +#define NID_aes_128_ecb 418 +#define OBJ_aes_128_ecb OBJ_aes,1L + +#define SN_aes_128_cbc "AES-128-CBC" +#define LN_aes_128_cbc "aes-128-cbc" +#define NID_aes_128_cbc 419 +#define OBJ_aes_128_cbc OBJ_aes,2L + +#define SN_aes_128_ofb128 "AES-128-OFB" +#define LN_aes_128_ofb128 "aes-128-ofb" +#define NID_aes_128_ofb128 420 +#define OBJ_aes_128_ofb128 OBJ_aes,3L + +#define SN_aes_128_cfb128 "AES-128-CFB" +#define LN_aes_128_cfb128 "aes-128-cfb" +#define NID_aes_128_cfb128 421 +#define OBJ_aes_128_cfb128 OBJ_aes,4L + +#define SN_id_aes128_wrap "id-aes128-wrap" +#define NID_id_aes128_wrap 788 +#define OBJ_id_aes128_wrap OBJ_aes,5L + +#define SN_aes_128_gcm "id-aes128-GCM" +#define LN_aes_128_gcm "aes-128-gcm" +#define NID_aes_128_gcm 895 +#define OBJ_aes_128_gcm OBJ_aes,6L + +#define SN_aes_128_ccm "id-aes128-CCM" +#define LN_aes_128_ccm "aes-128-ccm" +#define NID_aes_128_ccm 896 +#define OBJ_aes_128_ccm OBJ_aes,7L + +#define SN_id_aes128_wrap_pad "id-aes128-wrap-pad" +#define NID_id_aes128_wrap_pad 897 +#define OBJ_id_aes128_wrap_pad OBJ_aes,8L + +#define SN_aes_192_ecb "AES-192-ECB" +#define LN_aes_192_ecb "aes-192-ecb" +#define NID_aes_192_ecb 422 +#define OBJ_aes_192_ecb OBJ_aes,21L + +#define SN_aes_192_cbc "AES-192-CBC" +#define LN_aes_192_cbc "aes-192-cbc" +#define NID_aes_192_cbc 423 +#define OBJ_aes_192_cbc OBJ_aes,22L + +#define SN_aes_192_ofb128 "AES-192-OFB" +#define LN_aes_192_ofb128 "aes-192-ofb" +#define NID_aes_192_ofb128 424 +#define OBJ_aes_192_ofb128 OBJ_aes,23L + +#define SN_aes_192_cfb128 "AES-192-CFB" +#define LN_aes_192_cfb128 "aes-192-cfb" +#define NID_aes_192_cfb128 425 +#define OBJ_aes_192_cfb128 OBJ_aes,24L + +#define SN_id_aes192_wrap "id-aes192-wrap" +#define NID_id_aes192_wrap 789 +#define OBJ_id_aes192_wrap OBJ_aes,25L + +#define SN_aes_192_gcm "id-aes192-GCM" +#define LN_aes_192_gcm "aes-192-gcm" +#define NID_aes_192_gcm 898 +#define OBJ_aes_192_gcm OBJ_aes,26L + +#define SN_aes_192_ccm "id-aes192-CCM" +#define LN_aes_192_ccm "aes-192-ccm" +#define NID_aes_192_ccm 899 +#define OBJ_aes_192_ccm OBJ_aes,27L + +#define SN_id_aes192_wrap_pad "id-aes192-wrap-pad" +#define NID_id_aes192_wrap_pad 900 +#define OBJ_id_aes192_wrap_pad OBJ_aes,28L + +#define SN_aes_256_ecb "AES-256-ECB" +#define LN_aes_256_ecb "aes-256-ecb" +#define NID_aes_256_ecb 426 +#define OBJ_aes_256_ecb OBJ_aes,41L + +#define SN_aes_256_cbc "AES-256-CBC" +#define LN_aes_256_cbc "aes-256-cbc" +#define NID_aes_256_cbc 427 +#define OBJ_aes_256_cbc OBJ_aes,42L + +#define SN_aes_256_ofb128 "AES-256-OFB" +#define LN_aes_256_ofb128 "aes-256-ofb" +#define NID_aes_256_ofb128 428 +#define OBJ_aes_256_ofb128 OBJ_aes,43L + +#define SN_aes_256_cfb128 "AES-256-CFB" +#define LN_aes_256_cfb128 "aes-256-cfb" +#define NID_aes_256_cfb128 429 +#define OBJ_aes_256_cfb128 OBJ_aes,44L + +#define SN_id_aes256_wrap "id-aes256-wrap" +#define NID_id_aes256_wrap 790 +#define OBJ_id_aes256_wrap OBJ_aes,45L + +#define SN_aes_256_gcm "id-aes256-GCM" +#define LN_aes_256_gcm "aes-256-gcm" +#define NID_aes_256_gcm 901 +#define OBJ_aes_256_gcm OBJ_aes,46L + +#define SN_aes_256_ccm "id-aes256-CCM" +#define LN_aes_256_ccm "aes-256-ccm" +#define NID_aes_256_ccm 902 +#define OBJ_aes_256_ccm OBJ_aes,47L + +#define SN_id_aes256_wrap_pad "id-aes256-wrap-pad" +#define NID_id_aes256_wrap_pad 903 +#define OBJ_id_aes256_wrap_pad OBJ_aes,48L + +#define SN_aes_128_cfb1 "AES-128-CFB1" +#define LN_aes_128_cfb1 "aes-128-cfb1" +#define NID_aes_128_cfb1 650 + +#define SN_aes_192_cfb1 "AES-192-CFB1" +#define LN_aes_192_cfb1 "aes-192-cfb1" +#define NID_aes_192_cfb1 651 + +#define SN_aes_256_cfb1 "AES-256-CFB1" +#define LN_aes_256_cfb1 "aes-256-cfb1" +#define NID_aes_256_cfb1 652 + +#define SN_aes_128_cfb8 "AES-128-CFB8" +#define LN_aes_128_cfb8 "aes-128-cfb8" +#define NID_aes_128_cfb8 653 + +#define SN_aes_192_cfb8 "AES-192-CFB8" +#define LN_aes_192_cfb8 "aes-192-cfb8" +#define NID_aes_192_cfb8 654 + +#define SN_aes_256_cfb8 "AES-256-CFB8" +#define LN_aes_256_cfb8 "aes-256-cfb8" +#define NID_aes_256_cfb8 655 + +#define SN_aes_128_ctr "AES-128-CTR" +#define LN_aes_128_ctr "aes-128-ctr" +#define NID_aes_128_ctr 904 + +#define SN_aes_192_ctr "AES-192-CTR" +#define LN_aes_192_ctr "aes-192-ctr" +#define NID_aes_192_ctr 905 + +#define SN_aes_256_ctr "AES-256-CTR" +#define LN_aes_256_ctr "aes-256-ctr" +#define NID_aes_256_ctr 906 + +#define SN_aes_128_xts "AES-128-XTS" +#define LN_aes_128_xts "aes-128-xts" +#define NID_aes_128_xts 913 + +#define SN_aes_256_xts "AES-256-XTS" +#define LN_aes_256_xts "aes-256-xts" +#define NID_aes_256_xts 914 + +#define SN_des_cfb1 "DES-CFB1" +#define LN_des_cfb1 "des-cfb1" +#define NID_des_cfb1 656 + +#define SN_des_cfb8 "DES-CFB8" +#define LN_des_cfb8 "des-cfb8" +#define NID_des_cfb8 657 + +#define SN_des_ede3_cfb1 "DES-EDE3-CFB1" +#define LN_des_ede3_cfb1 "des-ede3-cfb1" +#define NID_des_ede3_cfb1 658 + +#define SN_des_ede3_cfb8 "DES-EDE3-CFB8" +#define LN_des_ede3_cfb8 "des-ede3-cfb8" +#define NID_des_ede3_cfb8 659 + +#define OBJ_nist_hashalgs OBJ_nistAlgorithms,2L + +#define SN_sha256 "SHA256" +#define LN_sha256 "sha256" +#define NID_sha256 672 +#define OBJ_sha256 OBJ_nist_hashalgs,1L + +#define SN_sha384 "SHA384" +#define LN_sha384 "sha384" +#define NID_sha384 673 +#define OBJ_sha384 OBJ_nist_hashalgs,2L + +#define SN_sha512 "SHA512" +#define LN_sha512 "sha512" +#define NID_sha512 674 +#define OBJ_sha512 OBJ_nist_hashalgs,3L + +#define SN_sha224 "SHA224" +#define LN_sha224 "sha224" +#define NID_sha224 675 +#define OBJ_sha224 OBJ_nist_hashalgs,4L + +#define SN_sha512_224 "SHA512-224" +#define LN_sha512_224 "sha512-224" +#define NID_sha512_224 1029 +#define OBJ_sha512_224 OBJ_nist_hashalgs,5L + +#define SN_sha512_256 "SHA512-256" +#define LN_sha512_256 "sha512-256" +#define NID_sha512_256 1030 +#define OBJ_sha512_256 OBJ_nist_hashalgs,6L + +#define SN_sha3_224 "SHA3-224" +#define LN_sha3_224 "sha3-224" +#define NID_sha3_224 1031 +#define OBJ_sha3_224 OBJ_nist_hashalgs,7L + +#define SN_sha3_256 "SHA3-256" +#define LN_sha3_256 "sha3-256" +#define NID_sha3_256 1032 +#define OBJ_sha3_256 OBJ_nist_hashalgs,8L + +#define SN_sha3_384 "SHA3-384" +#define LN_sha3_384 "sha3-384" +#define NID_sha3_384 1033 +#define OBJ_sha3_384 OBJ_nist_hashalgs,9L + +#define SN_sha3_512 "SHA3-512" +#define LN_sha3_512 "sha3-512" +#define NID_sha3_512 1034 +#define OBJ_sha3_512 OBJ_nist_hashalgs,10L + +#define SN_hmac_sha3_224 "id-hmacWithSHA3-224" +#define LN_hmac_sha3_224 "hmac-sha3-224" +#define NID_hmac_sha3_224 1035 +#define OBJ_hmac_sha3_224 OBJ_nist_hashalgs,13L + +#define SN_hmac_sha3_256 "id-hmacWithSHA3-256" +#define LN_hmac_sha3_256 "hmac-sha3-256" +#define NID_hmac_sha3_256 1036 +#define OBJ_hmac_sha3_256 OBJ_nist_hashalgs,14L + +#define SN_hmac_sha3_384 "id-hmacWithSHA3-384" +#define LN_hmac_sha3_384 "hmac-sha3-384" +#define NID_hmac_sha3_384 1037 +#define OBJ_hmac_sha3_384 OBJ_nist_hashalgs,15L + +#define SN_hmac_sha3_512 "id-hmacWithSHA3-512" +#define LN_hmac_sha3_512 "hmac-sha3-512" +#define NID_hmac_sha3_512 1038 +#define OBJ_hmac_sha3_512 OBJ_nist_hashalgs,16L + +#define OBJ_nist_sigalgs OBJ_nistAlgorithms,3L + +#define SN_dsa_with_SHA224 "id-dsa-with-sha224" +#define LN_dsa_with_SHA224 "dsa_with_SHA224" +#define NID_dsa_with_SHA224 802 +#define OBJ_dsa_with_SHA224 OBJ_nist_sigalgs,1L + +#define SN_dsa_with_SHA256 "id-dsa-with-sha256" +#define LN_dsa_with_SHA256 "dsa_with_SHA256" +#define NID_dsa_with_SHA256 803 +#define OBJ_dsa_with_SHA256 OBJ_nist_sigalgs,2L + +#define SN_dsa_with_SHA384 "id-dsa-with-sha384" +#define LN_dsa_with_SHA384 "dsa_with_SHA384" +#define NID_dsa_with_SHA384 1039 +#define OBJ_dsa_with_SHA384 OBJ_nist_sigalgs,3L + +#define SN_dsa_with_SHA512 "id-dsa-with-sha512" +#define LN_dsa_with_SHA512 "dsa_with_SHA512" +#define NID_dsa_with_SHA512 1040 +#define OBJ_dsa_with_SHA512 OBJ_nist_sigalgs,4L + +#define SN_dsa_with_SHA3_224 "id-dsa-with-sha3-224" +#define LN_dsa_with_SHA3_224 "dsa_with_SHA3-224" +#define NID_dsa_with_SHA3_224 1041 +#define OBJ_dsa_with_SHA3_224 OBJ_nist_sigalgs,5L + +#define SN_dsa_with_SHA3_256 "id-dsa-with-sha3-256" +#define LN_dsa_with_SHA3_256 "dsa_with_SHA3-256" +#define NID_dsa_with_SHA3_256 1042 +#define OBJ_dsa_with_SHA3_256 OBJ_nist_sigalgs,6L + +#define SN_dsa_with_SHA3_384 "id-dsa-with-sha3-384" +#define LN_dsa_with_SHA3_384 "dsa_with_SHA3-384" +#define NID_dsa_with_SHA3_384 1043 +#define OBJ_dsa_with_SHA3_384 OBJ_nist_sigalgs,7L + +#define SN_dsa_with_SHA3_512 "id-dsa-with-sha3-512" +#define LN_dsa_with_SHA3_512 "dsa_with_SHA3-512" +#define NID_dsa_with_SHA3_512 1044 +#define OBJ_dsa_with_SHA3_512 OBJ_nist_sigalgs,8L + +#define SN_ecdsa_with_SHA3_224 "id-ecdsa-with-sha3-224" +#define LN_ecdsa_with_SHA3_224 "ecdsa_with_SHA3-224" +#define NID_ecdsa_with_SHA3_224 1045 +#define OBJ_ecdsa_with_SHA3_224 OBJ_nist_sigalgs,9L + +#define SN_ecdsa_with_SHA3_256 "id-ecdsa-with-sha3-256" +#define LN_ecdsa_with_SHA3_256 "ecdsa_with_SHA3-256" +#define NID_ecdsa_with_SHA3_256 1046 +#define OBJ_ecdsa_with_SHA3_256 OBJ_nist_sigalgs,10L + +#define SN_ecdsa_with_SHA3_384 "id-ecdsa-with-sha3-384" +#define LN_ecdsa_with_SHA3_384 "ecdsa_with_SHA3-384" +#define NID_ecdsa_with_SHA3_384 1047 +#define OBJ_ecdsa_with_SHA3_384 OBJ_nist_sigalgs,11L + +#define SN_ecdsa_with_SHA3_512 "id-ecdsa-with-sha3-512" +#define LN_ecdsa_with_SHA3_512 "ecdsa_with_SHA3-512" +#define NID_ecdsa_with_SHA3_512 1048 +#define OBJ_ecdsa_with_SHA3_512 OBJ_nist_sigalgs,12L + +#define SN_RSA_SHA3_224 "id-rsassa-pkcs1-v1_5-with-sha3-224" +#define LN_RSA_SHA3_224 "RSA-SHA3-224" +#define NID_RSA_SHA3_224 1049 +#define OBJ_RSA_SHA3_224 OBJ_nist_sigalgs,13L + +#define SN_RSA_SHA3_256 "id-rsassa-pkcs1-v1_5-with-sha3-256" +#define LN_RSA_SHA3_256 "RSA-SHA3-256" +#define NID_RSA_SHA3_256 1050 +#define OBJ_RSA_SHA3_256 OBJ_nist_sigalgs,14L + +#define SN_RSA_SHA3_384 "id-rsassa-pkcs1-v1_5-with-sha3-384" +#define LN_RSA_SHA3_384 "RSA-SHA3-384" +#define NID_RSA_SHA3_384 1051 +#define OBJ_RSA_SHA3_384 OBJ_nist_sigalgs,15L + +#define SN_RSA_SHA3_512 "id-rsassa-pkcs1-v1_5-with-sha3-512" +#define LN_RSA_SHA3_512 "RSA-SHA3-512" +#define NID_RSA_SHA3_512 1052 +#define OBJ_RSA_SHA3_512 OBJ_nist_sigalgs,16L + +#define SN_hold_instruction_code "holdInstructionCode" +#define LN_hold_instruction_code "Hold Instruction Code" +#define NID_hold_instruction_code 430 +#define OBJ_hold_instruction_code OBJ_id_ce,23L + +#define OBJ_holdInstruction OBJ_X9_57,2L + +#define SN_hold_instruction_none "holdInstructionNone" +#define LN_hold_instruction_none "Hold Instruction None" +#define NID_hold_instruction_none 431 +#define OBJ_hold_instruction_none OBJ_holdInstruction,1L + +#define SN_hold_instruction_call_issuer "holdInstructionCallIssuer" +#define LN_hold_instruction_call_issuer "Hold Instruction Call Issuer" +#define NID_hold_instruction_call_issuer 432 +#define OBJ_hold_instruction_call_issuer OBJ_holdInstruction,2L + +#define SN_hold_instruction_reject "holdInstructionReject" +#define LN_hold_instruction_reject "Hold Instruction Reject" +#define NID_hold_instruction_reject 433 +#define OBJ_hold_instruction_reject OBJ_holdInstruction,3L + +#define SN_data "data" +#define NID_data 434 +#define OBJ_data OBJ_itu_t,9L + +#define SN_pss "pss" +#define NID_pss 435 +#define OBJ_pss OBJ_data,2342L + +#define SN_ucl "ucl" +#define NID_ucl 436 +#define OBJ_ucl OBJ_pss,19200300L + +#define SN_pilot "pilot" +#define NID_pilot 437 +#define OBJ_pilot OBJ_ucl,100L + +#define LN_pilotAttributeType "pilotAttributeType" +#define NID_pilotAttributeType 438 +#define OBJ_pilotAttributeType OBJ_pilot,1L + +#define LN_pilotAttributeSyntax "pilotAttributeSyntax" +#define NID_pilotAttributeSyntax 439 +#define OBJ_pilotAttributeSyntax OBJ_pilot,3L + +#define LN_pilotObjectClass "pilotObjectClass" +#define NID_pilotObjectClass 440 +#define OBJ_pilotObjectClass OBJ_pilot,4L + +#define LN_pilotGroups "pilotGroups" +#define NID_pilotGroups 441 +#define OBJ_pilotGroups OBJ_pilot,10L + +#define LN_iA5StringSyntax "iA5StringSyntax" +#define NID_iA5StringSyntax 442 +#define OBJ_iA5StringSyntax OBJ_pilotAttributeSyntax,4L + +#define LN_caseIgnoreIA5StringSyntax "caseIgnoreIA5StringSyntax" +#define NID_caseIgnoreIA5StringSyntax 443 +#define OBJ_caseIgnoreIA5StringSyntax OBJ_pilotAttributeSyntax,5L + +#define LN_pilotObject "pilotObject" +#define NID_pilotObject 444 +#define OBJ_pilotObject OBJ_pilotObjectClass,3L + +#define LN_pilotPerson "pilotPerson" +#define NID_pilotPerson 445 +#define OBJ_pilotPerson OBJ_pilotObjectClass,4L + +#define SN_account "account" +#define NID_account 446 +#define OBJ_account OBJ_pilotObjectClass,5L + +#define SN_document "document" +#define NID_document 447 +#define OBJ_document OBJ_pilotObjectClass,6L + +#define SN_room "room" +#define NID_room 448 +#define OBJ_room OBJ_pilotObjectClass,7L + +#define LN_documentSeries "documentSeries" +#define NID_documentSeries 449 +#define OBJ_documentSeries OBJ_pilotObjectClass,9L + +#define SN_Domain "domain" +#define LN_Domain "Domain" +#define NID_Domain 392 +#define OBJ_Domain OBJ_pilotObjectClass,13L + +#define LN_rFC822localPart "rFC822localPart" +#define NID_rFC822localPart 450 +#define OBJ_rFC822localPart OBJ_pilotObjectClass,14L + +#define LN_dNSDomain "dNSDomain" +#define NID_dNSDomain 451 +#define OBJ_dNSDomain OBJ_pilotObjectClass,15L + +#define LN_domainRelatedObject "domainRelatedObject" +#define NID_domainRelatedObject 452 +#define OBJ_domainRelatedObject OBJ_pilotObjectClass,17L + +#define LN_friendlyCountry "friendlyCountry" +#define NID_friendlyCountry 453 +#define OBJ_friendlyCountry OBJ_pilotObjectClass,18L + +#define LN_simpleSecurityObject "simpleSecurityObject" +#define NID_simpleSecurityObject 454 +#define OBJ_simpleSecurityObject OBJ_pilotObjectClass,19L + +#define LN_pilotOrganization "pilotOrganization" +#define NID_pilotOrganization 455 +#define OBJ_pilotOrganization OBJ_pilotObjectClass,20L + +#define LN_pilotDSA "pilotDSA" +#define NID_pilotDSA 456 +#define OBJ_pilotDSA OBJ_pilotObjectClass,21L + +#define LN_qualityLabelledData "qualityLabelledData" +#define NID_qualityLabelledData 457 +#define OBJ_qualityLabelledData OBJ_pilotObjectClass,22L + +#define SN_userId "UID" +#define LN_userId "userId" +#define NID_userId 458 +#define OBJ_userId OBJ_pilotAttributeType,1L + +#define LN_textEncodedORAddress "textEncodedORAddress" +#define NID_textEncodedORAddress 459 +#define OBJ_textEncodedORAddress OBJ_pilotAttributeType,2L + +#define SN_rfc822Mailbox "mail" +#define LN_rfc822Mailbox "rfc822Mailbox" +#define NID_rfc822Mailbox 460 +#define OBJ_rfc822Mailbox OBJ_pilotAttributeType,3L + +#define SN_info "info" +#define NID_info 461 +#define OBJ_info OBJ_pilotAttributeType,4L + +#define LN_favouriteDrink "favouriteDrink" +#define NID_favouriteDrink 462 +#define OBJ_favouriteDrink OBJ_pilotAttributeType,5L + +#define LN_roomNumber "roomNumber" +#define NID_roomNumber 463 +#define OBJ_roomNumber OBJ_pilotAttributeType,6L + +#define SN_photo "photo" +#define NID_photo 464 +#define OBJ_photo OBJ_pilotAttributeType,7L + +#define LN_userClass "userClass" +#define NID_userClass 465 +#define OBJ_userClass OBJ_pilotAttributeType,8L + +#define SN_host "host" +#define NID_host 466 +#define OBJ_host OBJ_pilotAttributeType,9L + +#define SN_manager "manager" +#define NID_manager 467 +#define OBJ_manager OBJ_pilotAttributeType,10L + +#define LN_documentIdentifier "documentIdentifier" +#define NID_documentIdentifier 468 +#define OBJ_documentIdentifier OBJ_pilotAttributeType,11L + +#define LN_documentTitle "documentTitle" +#define NID_documentTitle 469 +#define OBJ_documentTitle OBJ_pilotAttributeType,12L + +#define LN_documentVersion "documentVersion" +#define NID_documentVersion 470 +#define OBJ_documentVersion OBJ_pilotAttributeType,13L + +#define LN_documentAuthor "documentAuthor" +#define NID_documentAuthor 471 +#define OBJ_documentAuthor OBJ_pilotAttributeType,14L + +#define LN_documentLocation "documentLocation" +#define NID_documentLocation 472 +#define OBJ_documentLocation OBJ_pilotAttributeType,15L + +#define LN_homeTelephoneNumber "homeTelephoneNumber" +#define NID_homeTelephoneNumber 473 +#define OBJ_homeTelephoneNumber OBJ_pilotAttributeType,20L + +#define SN_secretary "secretary" +#define NID_secretary 474 +#define OBJ_secretary OBJ_pilotAttributeType,21L + +#define LN_otherMailbox "otherMailbox" +#define NID_otherMailbox 475 +#define OBJ_otherMailbox OBJ_pilotAttributeType,22L + +#define LN_lastModifiedTime "lastModifiedTime" +#define NID_lastModifiedTime 476 +#define OBJ_lastModifiedTime OBJ_pilotAttributeType,23L + +#define LN_lastModifiedBy "lastModifiedBy" +#define NID_lastModifiedBy 477 +#define OBJ_lastModifiedBy OBJ_pilotAttributeType,24L + +#define SN_domainComponent "DC" +#define LN_domainComponent "domainComponent" +#define NID_domainComponent 391 +#define OBJ_domainComponent OBJ_pilotAttributeType,25L + +#define LN_aRecord "aRecord" +#define NID_aRecord 478 +#define OBJ_aRecord OBJ_pilotAttributeType,26L + +#define LN_pilotAttributeType27 "pilotAttributeType27" +#define NID_pilotAttributeType27 479 +#define OBJ_pilotAttributeType27 OBJ_pilotAttributeType,27L + +#define LN_mXRecord "mXRecord" +#define NID_mXRecord 480 +#define OBJ_mXRecord OBJ_pilotAttributeType,28L + +#define LN_nSRecord "nSRecord" +#define NID_nSRecord 481 +#define OBJ_nSRecord OBJ_pilotAttributeType,29L + +#define LN_sOARecord "sOARecord" +#define NID_sOARecord 482 +#define OBJ_sOARecord OBJ_pilotAttributeType,30L + +#define LN_cNAMERecord "cNAMERecord" +#define NID_cNAMERecord 483 +#define OBJ_cNAMERecord OBJ_pilotAttributeType,31L + +#define LN_associatedDomain "associatedDomain" +#define NID_associatedDomain 484 +#define OBJ_associatedDomain OBJ_pilotAttributeType,37L + +#define LN_associatedName "associatedName" +#define NID_associatedName 485 +#define OBJ_associatedName OBJ_pilotAttributeType,38L + +#define LN_homePostalAddress "homePostalAddress" +#define NID_homePostalAddress 486 +#define OBJ_homePostalAddress OBJ_pilotAttributeType,39L + +#define LN_personalTitle "personalTitle" +#define NID_personalTitle 487 +#define OBJ_personalTitle OBJ_pilotAttributeType,40L + +#define LN_mobileTelephoneNumber "mobileTelephoneNumber" +#define NID_mobileTelephoneNumber 488 +#define OBJ_mobileTelephoneNumber OBJ_pilotAttributeType,41L + +#define LN_pagerTelephoneNumber "pagerTelephoneNumber" +#define NID_pagerTelephoneNumber 489 +#define OBJ_pagerTelephoneNumber OBJ_pilotAttributeType,42L + +#define LN_friendlyCountryName "friendlyCountryName" +#define NID_friendlyCountryName 490 +#define OBJ_friendlyCountryName OBJ_pilotAttributeType,43L + +#define LN_organizationalStatus "organizationalStatus" +#define NID_organizationalStatus 491 +#define OBJ_organizationalStatus OBJ_pilotAttributeType,45L + +#define LN_janetMailbox "janetMailbox" +#define NID_janetMailbox 492 +#define OBJ_janetMailbox OBJ_pilotAttributeType,46L + +#define LN_mailPreferenceOption "mailPreferenceOption" +#define NID_mailPreferenceOption 493 +#define OBJ_mailPreferenceOption OBJ_pilotAttributeType,47L + +#define LN_buildingName "buildingName" +#define NID_buildingName 494 +#define OBJ_buildingName OBJ_pilotAttributeType,48L + +#define LN_dSAQuality "dSAQuality" +#define NID_dSAQuality 495 +#define OBJ_dSAQuality OBJ_pilotAttributeType,49L + +#define LN_singleLevelQuality "singleLevelQuality" +#define NID_singleLevelQuality 496 +#define OBJ_singleLevelQuality OBJ_pilotAttributeType,50L + +#define LN_subtreeMinimumQuality "subtreeMinimumQuality" +#define NID_subtreeMinimumQuality 497 +#define OBJ_subtreeMinimumQuality OBJ_pilotAttributeType,51L + +#define LN_subtreeMaximumQuality "subtreeMaximumQuality" +#define NID_subtreeMaximumQuality 498 +#define OBJ_subtreeMaximumQuality OBJ_pilotAttributeType,52L + +#define LN_personalSignature "personalSignature" +#define NID_personalSignature 499 +#define OBJ_personalSignature OBJ_pilotAttributeType,53L + +#define LN_dITRedirect "dITRedirect" +#define NID_dITRedirect 500 +#define OBJ_dITRedirect OBJ_pilotAttributeType,54L + +#define SN_audio "audio" +#define NID_audio 501 +#define OBJ_audio OBJ_pilotAttributeType,55L + +#define LN_documentPublisher "documentPublisher" +#define NID_documentPublisher 502 +#define OBJ_documentPublisher OBJ_pilotAttributeType,56L + +#define SN_id_set "id-set" +#define LN_id_set "Secure Electronic Transactions" +#define NID_id_set 512 +#define OBJ_id_set OBJ_international_organizations,42L + +#define SN_set_ctype "set-ctype" +#define LN_set_ctype "content types" +#define NID_set_ctype 513 +#define OBJ_set_ctype OBJ_id_set,0L + +#define SN_set_msgExt "set-msgExt" +#define LN_set_msgExt "message extensions" +#define NID_set_msgExt 514 +#define OBJ_set_msgExt OBJ_id_set,1L + +#define SN_set_attr "set-attr" +#define NID_set_attr 515 +#define OBJ_set_attr OBJ_id_set,3L + +#define SN_set_policy "set-policy" +#define NID_set_policy 516 +#define OBJ_set_policy OBJ_id_set,5L + +#define SN_set_certExt "set-certExt" +#define LN_set_certExt "certificate extensions" +#define NID_set_certExt 517 +#define OBJ_set_certExt OBJ_id_set,7L + +#define SN_set_brand "set-brand" +#define NID_set_brand 518 +#define OBJ_set_brand OBJ_id_set,8L + +#define SN_setct_PANData "setct-PANData" +#define NID_setct_PANData 519 +#define OBJ_setct_PANData OBJ_set_ctype,0L + +#define SN_setct_PANToken "setct-PANToken" +#define NID_setct_PANToken 520 +#define OBJ_setct_PANToken OBJ_set_ctype,1L + +#define SN_setct_PANOnly "setct-PANOnly" +#define NID_setct_PANOnly 521 +#define OBJ_setct_PANOnly OBJ_set_ctype,2L + +#define SN_setct_OIData "setct-OIData" +#define NID_setct_OIData 522 +#define OBJ_setct_OIData OBJ_set_ctype,3L + +#define SN_setct_PI "setct-PI" +#define NID_setct_PI 523 +#define OBJ_setct_PI OBJ_set_ctype,4L + +#define SN_setct_PIData "setct-PIData" +#define NID_setct_PIData 524 +#define OBJ_setct_PIData OBJ_set_ctype,5L + +#define SN_setct_PIDataUnsigned "setct-PIDataUnsigned" +#define NID_setct_PIDataUnsigned 525 +#define OBJ_setct_PIDataUnsigned OBJ_set_ctype,6L + +#define SN_setct_HODInput "setct-HODInput" +#define NID_setct_HODInput 526 +#define OBJ_setct_HODInput OBJ_set_ctype,7L + +#define SN_setct_AuthResBaggage "setct-AuthResBaggage" +#define NID_setct_AuthResBaggage 527 +#define OBJ_setct_AuthResBaggage OBJ_set_ctype,8L + +#define SN_setct_AuthRevReqBaggage "setct-AuthRevReqBaggage" +#define NID_setct_AuthRevReqBaggage 528 +#define OBJ_setct_AuthRevReqBaggage OBJ_set_ctype,9L + +#define SN_setct_AuthRevResBaggage "setct-AuthRevResBaggage" +#define NID_setct_AuthRevResBaggage 529 +#define OBJ_setct_AuthRevResBaggage OBJ_set_ctype,10L + +#define SN_setct_CapTokenSeq "setct-CapTokenSeq" +#define NID_setct_CapTokenSeq 530 +#define OBJ_setct_CapTokenSeq OBJ_set_ctype,11L + +#define SN_setct_PInitResData "setct-PInitResData" +#define NID_setct_PInitResData 531 +#define OBJ_setct_PInitResData OBJ_set_ctype,12L + +#define SN_setct_PI_TBS "setct-PI-TBS" +#define NID_setct_PI_TBS 532 +#define OBJ_setct_PI_TBS OBJ_set_ctype,13L + +#define SN_setct_PResData "setct-PResData" +#define NID_setct_PResData 533 +#define OBJ_setct_PResData OBJ_set_ctype,14L + +#define SN_setct_AuthReqTBS "setct-AuthReqTBS" +#define NID_setct_AuthReqTBS 534 +#define OBJ_setct_AuthReqTBS OBJ_set_ctype,16L + +#define SN_setct_AuthResTBS "setct-AuthResTBS" +#define NID_setct_AuthResTBS 535 +#define OBJ_setct_AuthResTBS OBJ_set_ctype,17L + +#define SN_setct_AuthResTBSX "setct-AuthResTBSX" +#define NID_setct_AuthResTBSX 536 +#define OBJ_setct_AuthResTBSX OBJ_set_ctype,18L + +#define SN_setct_AuthTokenTBS "setct-AuthTokenTBS" +#define NID_setct_AuthTokenTBS 537 +#define OBJ_setct_AuthTokenTBS OBJ_set_ctype,19L + +#define SN_setct_CapTokenData "setct-CapTokenData" +#define NID_setct_CapTokenData 538 +#define OBJ_setct_CapTokenData OBJ_set_ctype,20L + +#define SN_setct_CapTokenTBS "setct-CapTokenTBS" +#define NID_setct_CapTokenTBS 539 +#define OBJ_setct_CapTokenTBS OBJ_set_ctype,21L + +#define SN_setct_AcqCardCodeMsg "setct-AcqCardCodeMsg" +#define NID_setct_AcqCardCodeMsg 540 +#define OBJ_setct_AcqCardCodeMsg OBJ_set_ctype,22L + +#define SN_setct_AuthRevReqTBS "setct-AuthRevReqTBS" +#define NID_setct_AuthRevReqTBS 541 +#define OBJ_setct_AuthRevReqTBS OBJ_set_ctype,23L + +#define SN_setct_AuthRevResData "setct-AuthRevResData" +#define NID_setct_AuthRevResData 542 +#define OBJ_setct_AuthRevResData OBJ_set_ctype,24L + +#define SN_setct_AuthRevResTBS "setct-AuthRevResTBS" +#define NID_setct_AuthRevResTBS 543 +#define OBJ_setct_AuthRevResTBS OBJ_set_ctype,25L + +#define SN_setct_CapReqTBS "setct-CapReqTBS" +#define NID_setct_CapReqTBS 544 +#define OBJ_setct_CapReqTBS OBJ_set_ctype,26L + +#define SN_setct_CapReqTBSX "setct-CapReqTBSX" +#define NID_setct_CapReqTBSX 545 +#define OBJ_setct_CapReqTBSX OBJ_set_ctype,27L + +#define SN_setct_CapResData "setct-CapResData" +#define NID_setct_CapResData 546 +#define OBJ_setct_CapResData OBJ_set_ctype,28L + +#define SN_setct_CapRevReqTBS "setct-CapRevReqTBS" +#define NID_setct_CapRevReqTBS 547 +#define OBJ_setct_CapRevReqTBS OBJ_set_ctype,29L + +#define SN_setct_CapRevReqTBSX "setct-CapRevReqTBSX" +#define NID_setct_CapRevReqTBSX 548 +#define OBJ_setct_CapRevReqTBSX OBJ_set_ctype,30L + +#define SN_setct_CapRevResData "setct-CapRevResData" +#define NID_setct_CapRevResData 549 +#define OBJ_setct_CapRevResData OBJ_set_ctype,31L + +#define SN_setct_CredReqTBS "setct-CredReqTBS" +#define NID_setct_CredReqTBS 550 +#define OBJ_setct_CredReqTBS OBJ_set_ctype,32L + +#define SN_setct_CredReqTBSX "setct-CredReqTBSX" +#define NID_setct_CredReqTBSX 551 +#define OBJ_setct_CredReqTBSX OBJ_set_ctype,33L + +#define SN_setct_CredResData "setct-CredResData" +#define NID_setct_CredResData 552 +#define OBJ_setct_CredResData OBJ_set_ctype,34L + +#define SN_setct_CredRevReqTBS "setct-CredRevReqTBS" +#define NID_setct_CredRevReqTBS 553 +#define OBJ_setct_CredRevReqTBS OBJ_set_ctype,35L + +#define SN_setct_CredRevReqTBSX "setct-CredRevReqTBSX" +#define NID_setct_CredRevReqTBSX 554 +#define OBJ_setct_CredRevReqTBSX OBJ_set_ctype,36L + +#define SN_setct_CredRevResData "setct-CredRevResData" +#define NID_setct_CredRevResData 555 +#define OBJ_setct_CredRevResData OBJ_set_ctype,37L + +#define SN_setct_PCertReqData "setct-PCertReqData" +#define NID_setct_PCertReqData 556 +#define OBJ_setct_PCertReqData OBJ_set_ctype,38L + +#define SN_setct_PCertResTBS "setct-PCertResTBS" +#define NID_setct_PCertResTBS 557 +#define OBJ_setct_PCertResTBS OBJ_set_ctype,39L + +#define SN_setct_BatchAdminReqData "setct-BatchAdminReqData" +#define NID_setct_BatchAdminReqData 558 +#define OBJ_setct_BatchAdminReqData OBJ_set_ctype,40L + +#define SN_setct_BatchAdminResData "setct-BatchAdminResData" +#define NID_setct_BatchAdminResData 559 +#define OBJ_setct_BatchAdminResData OBJ_set_ctype,41L + +#define SN_setct_CardCInitResTBS "setct-CardCInitResTBS" +#define NID_setct_CardCInitResTBS 560 +#define OBJ_setct_CardCInitResTBS OBJ_set_ctype,42L + +#define SN_setct_MeAqCInitResTBS "setct-MeAqCInitResTBS" +#define NID_setct_MeAqCInitResTBS 561 +#define OBJ_setct_MeAqCInitResTBS OBJ_set_ctype,43L + +#define SN_setct_RegFormResTBS "setct-RegFormResTBS" +#define NID_setct_RegFormResTBS 562 +#define OBJ_setct_RegFormResTBS OBJ_set_ctype,44L + +#define SN_setct_CertReqData "setct-CertReqData" +#define NID_setct_CertReqData 563 +#define OBJ_setct_CertReqData OBJ_set_ctype,45L + +#define SN_setct_CertReqTBS "setct-CertReqTBS" +#define NID_setct_CertReqTBS 564 +#define OBJ_setct_CertReqTBS OBJ_set_ctype,46L + +#define SN_setct_CertResData "setct-CertResData" +#define NID_setct_CertResData 565 +#define OBJ_setct_CertResData OBJ_set_ctype,47L + +#define SN_setct_CertInqReqTBS "setct-CertInqReqTBS" +#define NID_setct_CertInqReqTBS 566 +#define OBJ_setct_CertInqReqTBS OBJ_set_ctype,48L + +#define SN_setct_ErrorTBS "setct-ErrorTBS" +#define NID_setct_ErrorTBS 567 +#define OBJ_setct_ErrorTBS OBJ_set_ctype,49L + +#define SN_setct_PIDualSignedTBE "setct-PIDualSignedTBE" +#define NID_setct_PIDualSignedTBE 568 +#define OBJ_setct_PIDualSignedTBE OBJ_set_ctype,50L + +#define SN_setct_PIUnsignedTBE "setct-PIUnsignedTBE" +#define NID_setct_PIUnsignedTBE 569 +#define OBJ_setct_PIUnsignedTBE OBJ_set_ctype,51L + +#define SN_setct_AuthReqTBE "setct-AuthReqTBE" +#define NID_setct_AuthReqTBE 570 +#define OBJ_setct_AuthReqTBE OBJ_set_ctype,52L + +#define SN_setct_AuthResTBE "setct-AuthResTBE" +#define NID_setct_AuthResTBE 571 +#define OBJ_setct_AuthResTBE OBJ_set_ctype,53L + +#define SN_setct_AuthResTBEX "setct-AuthResTBEX" +#define NID_setct_AuthResTBEX 572 +#define OBJ_setct_AuthResTBEX OBJ_set_ctype,54L + +#define SN_setct_AuthTokenTBE "setct-AuthTokenTBE" +#define NID_setct_AuthTokenTBE 573 +#define OBJ_setct_AuthTokenTBE OBJ_set_ctype,55L + +#define SN_setct_CapTokenTBE "setct-CapTokenTBE" +#define NID_setct_CapTokenTBE 574 +#define OBJ_setct_CapTokenTBE OBJ_set_ctype,56L + +#define SN_setct_CapTokenTBEX "setct-CapTokenTBEX" +#define NID_setct_CapTokenTBEX 575 +#define OBJ_setct_CapTokenTBEX OBJ_set_ctype,57L + +#define SN_setct_AcqCardCodeMsgTBE "setct-AcqCardCodeMsgTBE" +#define NID_setct_AcqCardCodeMsgTBE 576 +#define OBJ_setct_AcqCardCodeMsgTBE OBJ_set_ctype,58L + +#define SN_setct_AuthRevReqTBE "setct-AuthRevReqTBE" +#define NID_setct_AuthRevReqTBE 577 +#define OBJ_setct_AuthRevReqTBE OBJ_set_ctype,59L + +#define SN_setct_AuthRevResTBE "setct-AuthRevResTBE" +#define NID_setct_AuthRevResTBE 578 +#define OBJ_setct_AuthRevResTBE OBJ_set_ctype,60L + +#define SN_setct_AuthRevResTBEB "setct-AuthRevResTBEB" +#define NID_setct_AuthRevResTBEB 579 +#define OBJ_setct_AuthRevResTBEB OBJ_set_ctype,61L + +#define SN_setct_CapReqTBE "setct-CapReqTBE" +#define NID_setct_CapReqTBE 580 +#define OBJ_setct_CapReqTBE OBJ_set_ctype,62L + +#define SN_setct_CapReqTBEX "setct-CapReqTBEX" +#define NID_setct_CapReqTBEX 581 +#define OBJ_setct_CapReqTBEX OBJ_set_ctype,63L + +#define SN_setct_CapResTBE "setct-CapResTBE" +#define NID_setct_CapResTBE 582 +#define OBJ_setct_CapResTBE OBJ_set_ctype,64L + +#define SN_setct_CapRevReqTBE "setct-CapRevReqTBE" +#define NID_setct_CapRevReqTBE 583 +#define OBJ_setct_CapRevReqTBE OBJ_set_ctype,65L + +#define SN_setct_CapRevReqTBEX "setct-CapRevReqTBEX" +#define NID_setct_CapRevReqTBEX 584 +#define OBJ_setct_CapRevReqTBEX OBJ_set_ctype,66L + +#define SN_setct_CapRevResTBE "setct-CapRevResTBE" +#define NID_setct_CapRevResTBE 585 +#define OBJ_setct_CapRevResTBE OBJ_set_ctype,67L + +#define SN_setct_CredReqTBE "setct-CredReqTBE" +#define NID_setct_CredReqTBE 586 +#define OBJ_setct_CredReqTBE OBJ_set_ctype,68L + +#define SN_setct_CredReqTBEX "setct-CredReqTBEX" +#define NID_setct_CredReqTBEX 587 +#define OBJ_setct_CredReqTBEX OBJ_set_ctype,69L + +#define SN_setct_CredResTBE "setct-CredResTBE" +#define NID_setct_CredResTBE 588 +#define OBJ_setct_CredResTBE OBJ_set_ctype,70L + +#define SN_setct_CredRevReqTBE "setct-CredRevReqTBE" +#define NID_setct_CredRevReqTBE 589 +#define OBJ_setct_CredRevReqTBE OBJ_set_ctype,71L + +#define SN_setct_CredRevReqTBEX "setct-CredRevReqTBEX" +#define NID_setct_CredRevReqTBEX 590 +#define OBJ_setct_CredRevReqTBEX OBJ_set_ctype,72L + +#define SN_setct_CredRevResTBE "setct-CredRevResTBE" +#define NID_setct_CredRevResTBE 591 +#define OBJ_setct_CredRevResTBE OBJ_set_ctype,73L + +#define SN_setct_BatchAdminReqTBE "setct-BatchAdminReqTBE" +#define NID_setct_BatchAdminReqTBE 592 +#define OBJ_setct_BatchAdminReqTBE OBJ_set_ctype,74L + +#define SN_setct_BatchAdminResTBE "setct-BatchAdminResTBE" +#define NID_setct_BatchAdminResTBE 593 +#define OBJ_setct_BatchAdminResTBE OBJ_set_ctype,75L + +#define SN_setct_RegFormReqTBE "setct-RegFormReqTBE" +#define NID_setct_RegFormReqTBE 594 +#define OBJ_setct_RegFormReqTBE OBJ_set_ctype,76L + +#define SN_setct_CertReqTBE "setct-CertReqTBE" +#define NID_setct_CertReqTBE 595 +#define OBJ_setct_CertReqTBE OBJ_set_ctype,77L + +#define SN_setct_CertReqTBEX "setct-CertReqTBEX" +#define NID_setct_CertReqTBEX 596 +#define OBJ_setct_CertReqTBEX OBJ_set_ctype,78L + +#define SN_setct_CertResTBE "setct-CertResTBE" +#define NID_setct_CertResTBE 597 +#define OBJ_setct_CertResTBE OBJ_set_ctype,79L + +#define SN_setct_CRLNotificationTBS "setct-CRLNotificationTBS" +#define NID_setct_CRLNotificationTBS 598 +#define OBJ_setct_CRLNotificationTBS OBJ_set_ctype,80L + +#define SN_setct_CRLNotificationResTBS "setct-CRLNotificationResTBS" +#define NID_setct_CRLNotificationResTBS 599 +#define OBJ_setct_CRLNotificationResTBS OBJ_set_ctype,81L + +#define SN_setct_BCIDistributionTBS "setct-BCIDistributionTBS" +#define NID_setct_BCIDistributionTBS 600 +#define OBJ_setct_BCIDistributionTBS OBJ_set_ctype,82L + +#define SN_setext_genCrypt "setext-genCrypt" +#define LN_setext_genCrypt "generic cryptogram" +#define NID_setext_genCrypt 601 +#define OBJ_setext_genCrypt OBJ_set_msgExt,1L + +#define SN_setext_miAuth "setext-miAuth" +#define LN_setext_miAuth "merchant initiated auth" +#define NID_setext_miAuth 602 +#define OBJ_setext_miAuth OBJ_set_msgExt,3L + +#define SN_setext_pinSecure "setext-pinSecure" +#define NID_setext_pinSecure 603 +#define OBJ_setext_pinSecure OBJ_set_msgExt,4L + +#define SN_setext_pinAny "setext-pinAny" +#define NID_setext_pinAny 604 +#define OBJ_setext_pinAny OBJ_set_msgExt,5L + +#define SN_setext_track2 "setext-track2" +#define NID_setext_track2 605 +#define OBJ_setext_track2 OBJ_set_msgExt,7L + +#define SN_setext_cv "setext-cv" +#define LN_setext_cv "additional verification" +#define NID_setext_cv 606 +#define OBJ_setext_cv OBJ_set_msgExt,8L + +#define SN_set_policy_root "set-policy-root" +#define NID_set_policy_root 607 +#define OBJ_set_policy_root OBJ_set_policy,0L + +#define SN_setCext_hashedRoot "setCext-hashedRoot" +#define NID_setCext_hashedRoot 608 +#define OBJ_setCext_hashedRoot OBJ_set_certExt,0L + +#define SN_setCext_certType "setCext-certType" +#define NID_setCext_certType 609 +#define OBJ_setCext_certType OBJ_set_certExt,1L + +#define SN_setCext_merchData "setCext-merchData" +#define NID_setCext_merchData 610 +#define OBJ_setCext_merchData OBJ_set_certExt,2L + +#define SN_setCext_cCertRequired "setCext-cCertRequired" +#define NID_setCext_cCertRequired 611 +#define OBJ_setCext_cCertRequired OBJ_set_certExt,3L + +#define SN_setCext_tunneling "setCext-tunneling" +#define NID_setCext_tunneling 612 +#define OBJ_setCext_tunneling OBJ_set_certExt,4L + +#define SN_setCext_setExt "setCext-setExt" +#define NID_setCext_setExt 613 +#define OBJ_setCext_setExt OBJ_set_certExt,5L + +#define SN_setCext_setQualf "setCext-setQualf" +#define NID_setCext_setQualf 614 +#define OBJ_setCext_setQualf OBJ_set_certExt,6L + +#define SN_setCext_PGWYcapabilities "setCext-PGWYcapabilities" +#define NID_setCext_PGWYcapabilities 615 +#define OBJ_setCext_PGWYcapabilities OBJ_set_certExt,7L + +#define SN_setCext_TokenIdentifier "setCext-TokenIdentifier" +#define NID_setCext_TokenIdentifier 616 +#define OBJ_setCext_TokenIdentifier OBJ_set_certExt,8L + +#define SN_setCext_Track2Data "setCext-Track2Data" +#define NID_setCext_Track2Data 617 +#define OBJ_setCext_Track2Data OBJ_set_certExt,9L + +#define SN_setCext_TokenType "setCext-TokenType" +#define NID_setCext_TokenType 618 +#define OBJ_setCext_TokenType OBJ_set_certExt,10L + +#define SN_setCext_IssuerCapabilities "setCext-IssuerCapabilities" +#define NID_setCext_IssuerCapabilities 619 +#define OBJ_setCext_IssuerCapabilities OBJ_set_certExt,11L + +#define SN_setAttr_Cert "setAttr-Cert" +#define NID_setAttr_Cert 620 +#define OBJ_setAttr_Cert OBJ_set_attr,0L + +#define SN_setAttr_PGWYcap "setAttr-PGWYcap" +#define LN_setAttr_PGWYcap "payment gateway capabilities" +#define NID_setAttr_PGWYcap 621 +#define OBJ_setAttr_PGWYcap OBJ_set_attr,1L + +#define SN_setAttr_TokenType "setAttr-TokenType" +#define NID_setAttr_TokenType 622 +#define OBJ_setAttr_TokenType OBJ_set_attr,2L + +#define SN_setAttr_IssCap "setAttr-IssCap" +#define LN_setAttr_IssCap "issuer capabilities" +#define NID_setAttr_IssCap 623 +#define OBJ_setAttr_IssCap OBJ_set_attr,3L + +#define SN_set_rootKeyThumb "set-rootKeyThumb" +#define NID_set_rootKeyThumb 624 +#define OBJ_set_rootKeyThumb OBJ_setAttr_Cert,0L + +#define SN_set_addPolicy "set-addPolicy" +#define NID_set_addPolicy 625 +#define OBJ_set_addPolicy OBJ_setAttr_Cert,1L + +#define SN_setAttr_Token_EMV "setAttr-Token-EMV" +#define NID_setAttr_Token_EMV 626 +#define OBJ_setAttr_Token_EMV OBJ_setAttr_TokenType,1L + +#define SN_setAttr_Token_B0Prime "setAttr-Token-B0Prime" +#define NID_setAttr_Token_B0Prime 627 +#define OBJ_setAttr_Token_B0Prime OBJ_setAttr_TokenType,2L + +#define SN_setAttr_IssCap_CVM "setAttr-IssCap-CVM" +#define NID_setAttr_IssCap_CVM 628 +#define OBJ_setAttr_IssCap_CVM OBJ_setAttr_IssCap,3L + +#define SN_setAttr_IssCap_T2 "setAttr-IssCap-T2" +#define NID_setAttr_IssCap_T2 629 +#define OBJ_setAttr_IssCap_T2 OBJ_setAttr_IssCap,4L + +#define SN_setAttr_IssCap_Sig "setAttr-IssCap-Sig" +#define NID_setAttr_IssCap_Sig 630 +#define OBJ_setAttr_IssCap_Sig OBJ_setAttr_IssCap,5L + +#define SN_setAttr_GenCryptgrm "setAttr-GenCryptgrm" +#define LN_setAttr_GenCryptgrm "generate cryptogram" +#define NID_setAttr_GenCryptgrm 631 +#define OBJ_setAttr_GenCryptgrm OBJ_setAttr_IssCap_CVM,1L + +#define SN_setAttr_T2Enc "setAttr-T2Enc" +#define LN_setAttr_T2Enc "encrypted track 2" +#define NID_setAttr_T2Enc 632 +#define OBJ_setAttr_T2Enc OBJ_setAttr_IssCap_T2,1L + +#define SN_setAttr_T2cleartxt "setAttr-T2cleartxt" +#define LN_setAttr_T2cleartxt "cleartext track 2" +#define NID_setAttr_T2cleartxt 633 +#define OBJ_setAttr_T2cleartxt OBJ_setAttr_IssCap_T2,2L + +#define SN_setAttr_TokICCsig "setAttr-TokICCsig" +#define LN_setAttr_TokICCsig "ICC or token signature" +#define NID_setAttr_TokICCsig 634 +#define OBJ_setAttr_TokICCsig OBJ_setAttr_IssCap_Sig,1L + +#define SN_setAttr_SecDevSig "setAttr-SecDevSig" +#define LN_setAttr_SecDevSig "secure device signature" +#define NID_setAttr_SecDevSig 635 +#define OBJ_setAttr_SecDevSig OBJ_setAttr_IssCap_Sig,2L + +#define SN_set_brand_IATA_ATA "set-brand-IATA-ATA" +#define NID_set_brand_IATA_ATA 636 +#define OBJ_set_brand_IATA_ATA OBJ_set_brand,1L + +#define SN_set_brand_Diners "set-brand-Diners" +#define NID_set_brand_Diners 637 +#define OBJ_set_brand_Diners OBJ_set_brand,30L + +#define SN_set_brand_AmericanExpress "set-brand-AmericanExpress" +#define NID_set_brand_AmericanExpress 638 +#define OBJ_set_brand_AmericanExpress OBJ_set_brand,34L + +#define SN_set_brand_JCB "set-brand-JCB" +#define NID_set_brand_JCB 639 +#define OBJ_set_brand_JCB OBJ_set_brand,35L + +#define SN_set_brand_Visa "set-brand-Visa" +#define NID_set_brand_Visa 640 +#define OBJ_set_brand_Visa OBJ_set_brand,4L + +#define SN_set_brand_MasterCard "set-brand-MasterCard" +#define NID_set_brand_MasterCard 641 +#define OBJ_set_brand_MasterCard OBJ_set_brand,5L + +#define SN_set_brand_Novus "set-brand-Novus" +#define NID_set_brand_Novus 642 +#define OBJ_set_brand_Novus OBJ_set_brand,6011L + +#define SN_des_cdmf "DES-CDMF" +#define LN_des_cdmf "des-cdmf" +#define NID_des_cdmf 643 +#define OBJ_des_cdmf OBJ_rsadsi,3L,10L + +#define SN_rsaOAEPEncryptionSET "rsaOAEPEncryptionSET" +#define NID_rsaOAEPEncryptionSET 644 +#define OBJ_rsaOAEPEncryptionSET OBJ_rsadsi,1L,1L,6L + +#define SN_ipsec3 "Oakley-EC2N-3" +#define LN_ipsec3 "ipsec3" +#define NID_ipsec3 749 + +#define SN_ipsec4 "Oakley-EC2N-4" +#define LN_ipsec4 "ipsec4" +#define NID_ipsec4 750 + +#define SN_whirlpool "whirlpool" +#define NID_whirlpool 804 +#define OBJ_whirlpool OBJ_iso,0L,10118L,3L,0L,55L + +#define SN_cryptopro "cryptopro" +#define NID_cryptopro 805 +#define OBJ_cryptopro OBJ_member_body,643L,2L,2L + +#define SN_cryptocom "cryptocom" +#define NID_cryptocom 806 +#define OBJ_cryptocom OBJ_member_body,643L,2L,9L + +#define SN_id_GostR3411_94_with_GostR3410_2001 "id-GostR3411-94-with-GostR3410-2001" +#define LN_id_GostR3411_94_with_GostR3410_2001 "GOST R 34.11-94 with GOST R 34.10-2001" +#define NID_id_GostR3411_94_with_GostR3410_2001 807 +#define OBJ_id_GostR3411_94_with_GostR3410_2001 OBJ_cryptopro,3L + +#define SN_id_GostR3411_94_with_GostR3410_94 "id-GostR3411-94-with-GostR3410-94" +#define LN_id_GostR3411_94_with_GostR3410_94 "GOST R 34.11-94 with GOST R 34.10-94" +#define NID_id_GostR3411_94_with_GostR3410_94 808 +#define OBJ_id_GostR3411_94_with_GostR3410_94 OBJ_cryptopro,4L + +#define SN_id_GostR3411_94 "md_gost94" +#define LN_id_GostR3411_94 "GOST R 34.11-94" +#define NID_id_GostR3411_94 809 +#define OBJ_id_GostR3411_94 OBJ_cryptopro,9L + +#define SN_id_HMACGostR3411_94 "id-HMACGostR3411-94" +#define LN_id_HMACGostR3411_94 "HMAC GOST 34.11-94" +#define NID_id_HMACGostR3411_94 810 +#define OBJ_id_HMACGostR3411_94 OBJ_cryptopro,10L + +#define SN_id_GostR3410_2001 "gost2001" +#define LN_id_GostR3410_2001 "GOST R 34.10-2001" +#define NID_id_GostR3410_2001 811 +#define OBJ_id_GostR3410_2001 OBJ_cryptopro,19L + +#define SN_id_GostR3410_94 "gost94" +#define LN_id_GostR3410_94 "GOST R 34.10-94" +#define NID_id_GostR3410_94 812 +#define OBJ_id_GostR3410_94 OBJ_cryptopro,20L + +#define SN_id_Gost28147_89 "gost89" +#define LN_id_Gost28147_89 "GOST 28147-89" +#define NID_id_Gost28147_89 813 +#define OBJ_id_Gost28147_89 OBJ_cryptopro,21L + +#define SN_gost89_cnt "gost89-cnt" +#define NID_gost89_cnt 814 + +#define SN_id_Gost28147_89_MAC "gost-mac" +#define LN_id_Gost28147_89_MAC "GOST 28147-89 MAC" +#define NID_id_Gost28147_89_MAC 815 +#define OBJ_id_Gost28147_89_MAC OBJ_cryptopro,22L + +#define SN_id_GostR3411_94_prf "prf-gostr3411-94" +#define LN_id_GostR3411_94_prf "GOST R 34.11-94 PRF" +#define NID_id_GostR3411_94_prf 816 +#define OBJ_id_GostR3411_94_prf OBJ_cryptopro,23L + +#define SN_id_GostR3410_2001DH "id-GostR3410-2001DH" +#define LN_id_GostR3410_2001DH "GOST R 34.10-2001 DH" +#define NID_id_GostR3410_2001DH 817 +#define OBJ_id_GostR3410_2001DH OBJ_cryptopro,98L + +#define SN_id_GostR3410_94DH "id-GostR3410-94DH" +#define LN_id_GostR3410_94DH "GOST R 34.10-94 DH" +#define NID_id_GostR3410_94DH 818 +#define OBJ_id_GostR3410_94DH OBJ_cryptopro,99L + +#define SN_id_Gost28147_89_CryptoPro_KeyMeshing "id-Gost28147-89-CryptoPro-KeyMeshing" +#define NID_id_Gost28147_89_CryptoPro_KeyMeshing 819 +#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing OBJ_cryptopro,14L,1L + +#define SN_id_Gost28147_89_None_KeyMeshing "id-Gost28147-89-None-KeyMeshing" +#define NID_id_Gost28147_89_None_KeyMeshing 820 +#define OBJ_id_Gost28147_89_None_KeyMeshing OBJ_cryptopro,14L,0L + +#define SN_id_GostR3411_94_TestParamSet "id-GostR3411-94-TestParamSet" +#define NID_id_GostR3411_94_TestParamSet 821 +#define OBJ_id_GostR3411_94_TestParamSet OBJ_cryptopro,30L,0L + +#define SN_id_GostR3411_94_CryptoProParamSet "id-GostR3411-94-CryptoProParamSet" +#define NID_id_GostR3411_94_CryptoProParamSet 822 +#define OBJ_id_GostR3411_94_CryptoProParamSet OBJ_cryptopro,30L,1L + +#define SN_id_Gost28147_89_TestParamSet "id-Gost28147-89-TestParamSet" +#define NID_id_Gost28147_89_TestParamSet 823 +#define OBJ_id_Gost28147_89_TestParamSet OBJ_cryptopro,31L,0L + +#define SN_id_Gost28147_89_CryptoPro_A_ParamSet "id-Gost28147-89-CryptoPro-A-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_A_ParamSet 824 +#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet OBJ_cryptopro,31L,1L + +#define SN_id_Gost28147_89_CryptoPro_B_ParamSet "id-Gost28147-89-CryptoPro-B-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_B_ParamSet 825 +#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet OBJ_cryptopro,31L,2L + +#define SN_id_Gost28147_89_CryptoPro_C_ParamSet "id-Gost28147-89-CryptoPro-C-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_C_ParamSet 826 +#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet OBJ_cryptopro,31L,3L + +#define SN_id_Gost28147_89_CryptoPro_D_ParamSet "id-Gost28147-89-CryptoPro-D-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_D_ParamSet 827 +#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet OBJ_cryptopro,31L,4L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet OBJ_cryptopro,31L,5L + +#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet OBJ_cryptopro,31L,6L + +#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" +#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet OBJ_cryptopro,31L,7L + +#define SN_id_GostR3410_94_TestParamSet "id-GostR3410-94-TestParamSet" +#define NID_id_GostR3410_94_TestParamSet 831 +#define OBJ_id_GostR3410_94_TestParamSet OBJ_cryptopro,32L,0L + +#define SN_id_GostR3410_94_CryptoPro_A_ParamSet "id-GostR3410-94-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_A_ParamSet 832 +#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet OBJ_cryptopro,32L,2L + +#define SN_id_GostR3410_94_CryptoPro_B_ParamSet "id-GostR3410-94-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_B_ParamSet 833 +#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet OBJ_cryptopro,32L,3L + +#define SN_id_GostR3410_94_CryptoPro_C_ParamSet "id-GostR3410-94-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_C_ParamSet 834 +#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet OBJ_cryptopro,32L,4L + +#define SN_id_GostR3410_94_CryptoPro_D_ParamSet "id-GostR3410-94-CryptoPro-D-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_D_ParamSet 835 +#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet OBJ_cryptopro,32L,5L + +#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet "id-GostR3410-94-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet OBJ_cryptopro,33L,1L + +#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet "id-GostR3410-94-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet OBJ_cryptopro,33L,2L + +#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet "id-GostR3410-94-CryptoPro-XchC-ParamSet" +#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet OBJ_cryptopro,33L,3L + +#define SN_id_GostR3410_2001_TestParamSet "id-GostR3410-2001-TestParamSet" +#define NID_id_GostR3410_2001_TestParamSet 839 +#define OBJ_id_GostR3410_2001_TestParamSet OBJ_cryptopro,35L,0L + +#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet "id-GostR3410-2001-CryptoPro-A-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet 840 +#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet OBJ_cryptopro,35L,1L + +#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet "id-GostR3410-2001-CryptoPro-B-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet 841 +#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet OBJ_cryptopro,35L,2L + +#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet "id-GostR3410-2001-CryptoPro-C-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet 842 +#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet OBJ_cryptopro,35L,3L + +#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet "id-GostR3410-2001-CryptoPro-XchA-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet OBJ_cryptopro,36L,0L + +#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet "id-GostR3410-2001-CryptoPro-XchB-ParamSet" +#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet OBJ_cryptopro,36L,1L + +#define SN_id_GostR3410_94_a "id-GostR3410-94-a" +#define NID_id_GostR3410_94_a 845 +#define OBJ_id_GostR3410_94_a OBJ_id_GostR3410_94,1L + +#define SN_id_GostR3410_94_aBis "id-GostR3410-94-aBis" +#define NID_id_GostR3410_94_aBis 846 +#define OBJ_id_GostR3410_94_aBis OBJ_id_GostR3410_94,2L + +#define SN_id_GostR3410_94_b "id-GostR3410-94-b" +#define NID_id_GostR3410_94_b 847 +#define OBJ_id_GostR3410_94_b OBJ_id_GostR3410_94,3L + +#define SN_id_GostR3410_94_bBis "id-GostR3410-94-bBis" +#define NID_id_GostR3410_94_bBis 848 +#define OBJ_id_GostR3410_94_bBis OBJ_id_GostR3410_94,4L + +#define SN_id_Gost28147_89_cc "id-Gost28147-89-cc" +#define LN_id_Gost28147_89_cc "GOST 28147-89 Cryptocom ParamSet" +#define NID_id_Gost28147_89_cc 849 +#define OBJ_id_Gost28147_89_cc OBJ_cryptocom,1L,6L,1L + +#define SN_id_GostR3410_94_cc "gost94cc" +#define LN_id_GostR3410_94_cc "GOST 34.10-94 Cryptocom" +#define NID_id_GostR3410_94_cc 850 +#define OBJ_id_GostR3410_94_cc OBJ_cryptocom,1L,5L,3L + +#define SN_id_GostR3410_2001_cc "gost2001cc" +#define LN_id_GostR3410_2001_cc "GOST 34.10-2001 Cryptocom" +#define NID_id_GostR3410_2001_cc 851 +#define OBJ_id_GostR3410_2001_cc OBJ_cryptocom,1L,5L,4L + +#define SN_id_GostR3411_94_with_GostR3410_94_cc "id-GostR3411-94-with-GostR3410-94-cc" +#define LN_id_GostR3411_94_with_GostR3410_94_cc "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_94_cc 852 +#define OBJ_id_GostR3411_94_with_GostR3410_94_cc OBJ_cryptocom,1L,3L,3L + +#define SN_id_GostR3411_94_with_GostR3410_2001_cc "id-GostR3411-94-with-GostR3410-2001-cc" +#define LN_id_GostR3411_94_with_GostR3410_2001_cc "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" +#define NID_id_GostR3411_94_with_GostR3410_2001_cc 853 +#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc OBJ_cryptocom,1L,3L,4L + +#define SN_id_GostR3410_2001_ParamSet_cc "id-GostR3410-2001-ParamSet-cc" +#define LN_id_GostR3410_2001_ParamSet_cc "GOST R 3410-2001 Parameter Set Cryptocom" +#define NID_id_GostR3410_2001_ParamSet_cc 854 +#define OBJ_id_GostR3410_2001_ParamSet_cc OBJ_cryptocom,1L,8L,1L + +#define SN_sm3 "SM3" +#define LN_sm3 "sm3" +#define NID_sm3 968 +#define OBJ_sm3 1L,2L,156L,10197L,1L,401L + +#define SN_sm3WithRSAEncryption "RSA-SM3" +#define LN_sm3WithRSAEncryption "sm3WithRSAEncryption" +#define NID_sm3WithRSAEncryption 969 +#define OBJ_sm3WithRSAEncryption 1L,2L,156L,10197L,1L,504L + +#define SN_camellia_128_cbc "CAMELLIA-128-CBC" +#define LN_camellia_128_cbc "camellia-128-cbc" +#define NID_camellia_128_cbc 751 +#define OBJ_camellia_128_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,2L + +#define SN_camellia_192_cbc "CAMELLIA-192-CBC" +#define LN_camellia_192_cbc "camellia-192-cbc" +#define NID_camellia_192_cbc 752 +#define OBJ_camellia_192_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,3L + +#define SN_camellia_256_cbc "CAMELLIA-256-CBC" +#define LN_camellia_256_cbc "camellia-256-cbc" +#define NID_camellia_256_cbc 753 +#define OBJ_camellia_256_cbc 1L,2L,392L,200011L,61L,1L,1L,1L,4L + +#define SN_id_camellia128_wrap "id-camellia128-wrap" +#define NID_id_camellia128_wrap 907 +#define OBJ_id_camellia128_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,2L + +#define SN_id_camellia192_wrap "id-camellia192-wrap" +#define NID_id_camellia192_wrap 908 +#define OBJ_id_camellia192_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,3L + +#define SN_id_camellia256_wrap "id-camellia256-wrap" +#define NID_id_camellia256_wrap 909 +#define OBJ_id_camellia256_wrap 1L,2L,392L,200011L,61L,1L,1L,3L,4L + +#define OBJ_ntt_ds 0L,3L,4401L,5L + +#define OBJ_camellia OBJ_ntt_ds,3L,1L,9L + +#define SN_camellia_128_ecb "CAMELLIA-128-ECB" +#define LN_camellia_128_ecb "camellia-128-ecb" +#define NID_camellia_128_ecb 754 +#define OBJ_camellia_128_ecb OBJ_camellia,1L + +#define SN_camellia_128_ofb128 "CAMELLIA-128-OFB" +#define LN_camellia_128_ofb128 "camellia-128-ofb" +#define NID_camellia_128_ofb128 766 +#define OBJ_camellia_128_ofb128 OBJ_camellia,3L + +#define SN_camellia_128_cfb128 "CAMELLIA-128-CFB" +#define LN_camellia_128_cfb128 "camellia-128-cfb" +#define NID_camellia_128_cfb128 757 +#define OBJ_camellia_128_cfb128 OBJ_camellia,4L + +#define SN_camellia_192_ecb "CAMELLIA-192-ECB" +#define LN_camellia_192_ecb "camellia-192-ecb" +#define NID_camellia_192_ecb 755 +#define OBJ_camellia_192_ecb OBJ_camellia,21L + +#define SN_camellia_192_ofb128 "CAMELLIA-192-OFB" +#define LN_camellia_192_ofb128 "camellia-192-ofb" +#define NID_camellia_192_ofb128 767 +#define OBJ_camellia_192_ofb128 OBJ_camellia,23L + +#define SN_camellia_192_cfb128 "CAMELLIA-192-CFB" +#define LN_camellia_192_cfb128 "camellia-192-cfb" +#define NID_camellia_192_cfb128 758 +#define OBJ_camellia_192_cfb128 OBJ_camellia,24L + +#define SN_camellia_256_ecb "CAMELLIA-256-ECB" +#define LN_camellia_256_ecb "camellia-256-ecb" +#define NID_camellia_256_ecb 756 +#define OBJ_camellia_256_ecb OBJ_camellia,41L + +#define SN_camellia_256_ofb128 "CAMELLIA-256-OFB" +#define LN_camellia_256_ofb128 "camellia-256-ofb" +#define NID_camellia_256_ofb128 768 +#define OBJ_camellia_256_ofb128 OBJ_camellia,43L + +#define SN_camellia_256_cfb128 "CAMELLIA-256-CFB" +#define LN_camellia_256_cfb128 "camellia-256-cfb" +#define NID_camellia_256_cfb128 759 +#define OBJ_camellia_256_cfb128 OBJ_camellia,44L + +#define SN_camellia_128_cfb1 "CAMELLIA-128-CFB1" +#define LN_camellia_128_cfb1 "camellia-128-cfb1" +#define NID_camellia_128_cfb1 760 + +#define SN_camellia_192_cfb1 "CAMELLIA-192-CFB1" +#define LN_camellia_192_cfb1 "camellia-192-cfb1" +#define NID_camellia_192_cfb1 761 + +#define SN_camellia_256_cfb1 "CAMELLIA-256-CFB1" +#define LN_camellia_256_cfb1 "camellia-256-cfb1" +#define NID_camellia_256_cfb1 762 + +#define SN_camellia_128_cfb8 "CAMELLIA-128-CFB8" +#define LN_camellia_128_cfb8 "camellia-128-cfb8" +#define NID_camellia_128_cfb8 763 + +#define SN_camellia_192_cfb8 "CAMELLIA-192-CFB8" +#define LN_camellia_192_cfb8 "camellia-192-cfb8" +#define NID_camellia_192_cfb8 764 + +#define SN_camellia_256_cfb8 "CAMELLIA-256-CFB8" +#define LN_camellia_256_cfb8 "camellia-256-cfb8" +#define NID_camellia_256_cfb8 765 + +#define SN_kisa "KISA" +#define LN_kisa "kisa" +#define NID_kisa 773 +#define OBJ_kisa OBJ_member_body,410L,200004L + +#define SN_seed_ecb "SEED-ECB" +#define LN_seed_ecb "seed-ecb" +#define NID_seed_ecb 776 +#define OBJ_seed_ecb OBJ_kisa,1L,3L + +#define SN_seed_cbc "SEED-CBC" +#define LN_seed_cbc "seed-cbc" +#define NID_seed_cbc 777 +#define OBJ_seed_cbc OBJ_kisa,1L,4L + +#define SN_seed_cfb128 "SEED-CFB" +#define LN_seed_cfb128 "seed-cfb" +#define NID_seed_cfb128 779 +#define OBJ_seed_cfb128 OBJ_kisa,1L,5L + +#define SN_seed_ofb128 "SEED-OFB" +#define LN_seed_ofb128 "seed-ofb" +#define NID_seed_ofb128 778 +#define OBJ_seed_ofb128 OBJ_kisa,1L,6L + +#define SN_ISO_CN "ISO-CN" +#define LN_ISO_CN "ISO CN Member Body" +#define NID_ISO_CN 970 +#define OBJ_ISO_CN OBJ_member_body,156L + +#define SN_oscca "oscca" +#define NID_oscca 971 +#define OBJ_oscca OBJ_ISO_CN,10197L + +#define SN_sm_scheme "sm-scheme" +#define NID_sm_scheme 972 +#define OBJ_sm_scheme OBJ_oscca,1L + +#define SN_sm4_ecb "SM4-ECB" +#define LN_sm4_ecb "sm4-ecb" +#define NID_sm4_ecb 973 +#define OBJ_sm4_ecb OBJ_sm_scheme,104L,1L + +#define SN_sm4_cbc "SM4-CBC" +#define LN_sm4_cbc "sm4-cbc" +#define NID_sm4_cbc 974 +#define OBJ_sm4_cbc OBJ_sm_scheme,104L,2L + +#define SN_sm4_ofb128 "SM4-OFB" +#define LN_sm4_ofb128 "sm4-ofb" +#define NID_sm4_ofb128 975 +#define OBJ_sm4_ofb128 OBJ_sm_scheme,104L,3L + +#define SN_sm4_cfb128 "SM4-CFB" +#define LN_sm4_cfb128 "sm4-cfb" +#define NID_sm4_cfb128 976 +#define OBJ_sm4_cfb128 OBJ_sm_scheme,104L,4L + +#define SN_sm4_cfb1 "SM4-CFB1" +#define LN_sm4_cfb1 "sm4-cfb1" +#define NID_sm4_cfb1 977 +#define OBJ_sm4_cfb1 OBJ_sm_scheme,104L,5L + +#define SN_sm4_cfb8 "SM4-CFB8" +#define LN_sm4_cfb8 "sm4-cfb8" +#define NID_sm4_cfb8 978 +#define OBJ_sm4_cfb8 OBJ_sm_scheme,104L,6L + +#define SN_sm4_ctr "SM4-CTR" +#define LN_sm4_ctr "sm4-ctr" +#define NID_sm4_ctr 979 +#define OBJ_sm4_ctr OBJ_sm_scheme,104L,7L + +#define SN_hmac "HMAC" +#define LN_hmac "hmac" +#define NID_hmac 855 + +#define SN_cmac "CMAC" +#define LN_cmac "cmac" +#define NID_cmac 894 + +#define SN_rc4_hmac_md5 "RC4-HMAC-MD5" +#define LN_rc4_hmac_md5 "rc4-hmac-md5" +#define NID_rc4_hmac_md5 915 + +#define SN_aes_128_cbc_hmac_sha1 "AES-128-CBC-HMAC-SHA1" +#define LN_aes_128_cbc_hmac_sha1 "aes-128-cbc-hmac-sha1" +#define NID_aes_128_cbc_hmac_sha1 916 + +#define SN_aes_192_cbc_hmac_sha1 "AES-192-CBC-HMAC-SHA1" +#define LN_aes_192_cbc_hmac_sha1 "aes-192-cbc-hmac-sha1" +#define NID_aes_192_cbc_hmac_sha1 917 + +#define SN_aes_256_cbc_hmac_sha1 "AES-256-CBC-HMAC-SHA1" +#define LN_aes_256_cbc_hmac_sha1 "aes-256-cbc-hmac-sha1" +#define NID_aes_256_cbc_hmac_sha1 918 + +#define OBJ_x9_63_scheme 1L,3L,133L,16L,840L,63L,0L + +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_dhSinglePass_stdDH_sha1kdf_scheme "dhSinglePass-stdDH-sha1kdf-scheme" +#define NID_dhSinglePass_stdDH_sha1kdf_scheme 980 +#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme OBJ_x9_63_scheme,2L + +#define SN_dhSinglePass_stdDH_sha224kdf_scheme "dhSinglePass-stdDH-sha224kdf-scheme" +#define NID_dhSinglePass_stdDH_sha224kdf_scheme 981 +#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme OBJ_secg_scheme,11L,0L + +#define SN_dhSinglePass_stdDH_sha256kdf_scheme "dhSinglePass-stdDH-sha256kdf-scheme" +#define NID_dhSinglePass_stdDH_sha256kdf_scheme 982 +#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme OBJ_secg_scheme,11L,1L + +#define SN_dhSinglePass_stdDH_sha384kdf_scheme "dhSinglePass-stdDH-sha384kdf-scheme" +#define NID_dhSinglePass_stdDH_sha384kdf_scheme 983 +#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme OBJ_secg_scheme,11L,2L + +#define SN_dhSinglePass_stdDH_sha512kdf_scheme "dhSinglePass-stdDH-sha512kdf-scheme" +#define NID_dhSinglePass_stdDH_sha512kdf_scheme 984 +#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme OBJ_secg_scheme,11L,3L + +#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme "dhSinglePass-cofactorDH-sha1kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme 985 +#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme OBJ_x9_63_scheme,3L + +#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme "dhSinglePass-cofactorDH-sha224kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme 986 +#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme OBJ_secg_scheme,14L,0L + +#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme "dhSinglePass-cofactorDH-sha256kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme 987 +#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme OBJ_secg_scheme,14L,1L + +#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme "dhSinglePass-cofactorDH-sha384kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme 988 +#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme OBJ_secg_scheme,14L,2L + +#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme "dhSinglePass-cofactorDH-sha512kdf-scheme" +#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme 989 +#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme OBJ_secg_scheme,14L,3L + +#define SN_dh_std_kdf "dh-std-kdf" +#define NID_dh_std_kdf 990 + +#define SN_dh_cofactor_kdf "dh-cofactor-kdf" +#define NID_dh_cofactor_kdf 991 + +#define SN_ct_precert_scts "ct_precert_scts" +#define LN_ct_precert_scts "CT Precertificate SCTs" +#define NID_ct_precert_scts 1018 +#define OBJ_ct_precert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L + +#define SN_ct_precert_poison "ct_precert_poison" +#define LN_ct_precert_poison "CT Precertificate Poison" +#define NID_ct_precert_poison 1019 +#define OBJ_ct_precert_poison 1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L + +#define SN_ct_precert_signer "ct_precert_signer" +#define LN_ct_precert_signer "CT Precertificate Signer" +#define NID_ct_precert_signer 1020 +#define OBJ_ct_precert_signer 1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L + +#define SN_ct_cert_scts "ct_cert_scts" +#define LN_ct_cert_scts "CT Certificate SCTs" +#define NID_ct_cert_scts 1021 +#define OBJ_ct_cert_scts 1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L + +#define SN_tls1_prf "TLS1-PRF" +#define LN_tls1_prf "tls1-prf" +#define NID_tls1_prf 1055 + +#define SN_hkdf "HKDF" +#define LN_hkdf "hkdf" +#define NID_hkdf 1022 + +#define SN_teletrust "teletrust" +#define NID_teletrust 920 +#define OBJ_teletrust OBJ_identified_organization,36L + +#define SN_brainpool "brainpool" +#define NID_brainpool 921 +#define OBJ_brainpool OBJ_teletrust,3L,3L,2L,8L,1L + +#define SN_brainpoolP160r1 "brainpoolP160r1" +#define NID_brainpoolP160r1 922 +#define OBJ_brainpoolP160r1 OBJ_brainpool,1L,1L + +#define SN_brainpoolP160t1 "brainpoolP160t1" +#define NID_brainpoolP160t1 923 +#define OBJ_brainpoolP160t1 OBJ_brainpool,1L,2L + +#define SN_brainpoolP192r1 "brainpoolP192r1" +#define NID_brainpoolP192r1 924 +#define OBJ_brainpoolP192r1 OBJ_brainpool,1L,3L + +#define SN_brainpoolP192t1 "brainpoolP192t1" +#define NID_brainpoolP192t1 925 +#define OBJ_brainpoolP192t1 OBJ_brainpool,1L,4L + +#define SN_brainpoolP224r1 "brainpoolP224r1" +#define NID_brainpoolP224r1 926 +#define OBJ_brainpoolP224r1 OBJ_brainpool,1L,5L + +#define SN_brainpoolP224t1 "brainpoolP224t1" +#define NID_brainpoolP224t1 927 +#define OBJ_brainpoolP224t1 OBJ_brainpool,1L,6L + +#define SN_brainpoolP256r1 "brainpoolP256r1" +#define NID_brainpoolP256r1 928 +#define OBJ_brainpoolP256r1 OBJ_brainpool,1L,7L + +#define SN_brainpoolP256t1 "brainpoolP256t1" +#define NID_brainpoolP256t1 929 +#define OBJ_brainpoolP256t1 OBJ_brainpool,1L,8L + +#define SN_brainpoolP320r1 "brainpoolP320r1" +#define NID_brainpoolP320r1 930 +#define OBJ_brainpoolP320r1 OBJ_brainpool,1L,9L + +#define SN_brainpoolP320t1 "brainpoolP320t1" +#define NID_brainpoolP320t1 931 +#define OBJ_brainpoolP320t1 OBJ_brainpool,1L,10L + +#define SN_brainpoolP384r1 "brainpoolP384r1" +#define NID_brainpoolP384r1 932 +#define OBJ_brainpoolP384r1 OBJ_brainpool,1L,11L + +#define SN_brainpoolP384t1 "brainpoolP384t1" +#define NID_brainpoolP384t1 933 +#define OBJ_brainpoolP384t1 OBJ_brainpool,1L,12L + +#define SN_brainpoolP512r1 "brainpoolP512r1" +#define NID_brainpoolP512r1 934 +#define OBJ_brainpoolP512r1 OBJ_brainpool,1L,13L + +#define SN_brainpoolP512t1 "brainpoolP512t1" +#define NID_brainpoolP512t1 935 +#define OBJ_brainpoolP512t1 OBJ_brainpool,1L,14L + +#define SN_FRP256v1 "FRP256v1" +#define NID_FRP256v1 936 +#define OBJ_FRP256v1 1L,2L,250L,1L,223L,101L,256L,1L + +#define SN_chacha20 "ChaCha" +#define LN_chacha20 "chacha" +#define NID_chacha20 937 + +#define SN_chacha20_poly1305 "ChaCha20-Poly1305" +#define LN_chacha20_poly1305 "chacha20-poly1305" +#define NID_chacha20_poly1305 967 + +#define SN_gost89_ecb "gost89-ecb" +#define NID_gost89_ecb 938 + +#define SN_gost89_cbc "gost89-cbc" +#define NID_gost89_cbc 939 + +#define SN_tc26 "tc26" +#define NID_tc26 940 +#define OBJ_tc26 OBJ_member_body,643L,7L,1L + +#define SN_id_tc26_gost3411_2012_256 "streebog256" +#define LN_id_tc26_gost3411_2012_256 "GOST R 34.11-2012 (256 bit)" +#define NID_id_tc26_gost3411_2012_256 941 +#define OBJ_id_tc26_gost3411_2012_256 OBJ_tc26,1L,2L,2L + +#define SN_id_tc26_gost3411_2012_512 "streebog512" +#define LN_id_tc26_gost3411_2012_512 "GOST R 34-11-2012 (512 bit)" +#define NID_id_tc26_gost3411_2012_512 942 +#define OBJ_id_tc26_gost3411_2012_512 OBJ_tc26,1L,2L,3L + +#define SN_id_tc26_hmac_gost_3411_12_256 "id-tc26-hmac-gost-3411-12-256" +#define LN_id_tc26_hmac_gost_3411_12_256 "HMAC STREEBOG 256" +#define NID_id_tc26_hmac_gost_3411_12_256 999 +#define OBJ_id_tc26_hmac_gost_3411_12_256 OBJ_tc26,1L,4L,1L + +#define SN_id_tc26_hmac_gost_3411_12_512 "id-tc26-hmac-gost-3411-12-512" +#define LN_id_tc26_hmac_gost_3411_12_512 "HMAC STREEBOG 512" +#define NID_id_tc26_hmac_gost_3411_12_512 1000 +#define OBJ_id_tc26_hmac_gost_3411_12_512 OBJ_tc26,1L,4L,2L + +#define SN_id_tc26_gost_3410_12_256_paramSetA "id-tc26-gost-3410-12-256-paramSetA" +#define LN_id_tc26_gost_3410_12_256_paramSetA "GOST R 34.10-2012 (256 bit) ParamSet A" +#define NID_id_tc26_gost_3410_12_256_paramSetA 993 +#define OBJ_id_tc26_gost_3410_12_256_paramSetA OBJ_tc26,2L,1L,1L,1L + +#define SN_id_tc26_gost_3410_12_256_paramSetB "id-tc26-gost-3410-12-256-paramSetB" +#define LN_id_tc26_gost_3410_12_256_paramSetB "GOST R 34.10-2012 (256 bit) ParamSet B" +#define NID_id_tc26_gost_3410_12_256_paramSetB 994 +#define OBJ_id_tc26_gost_3410_12_256_paramSetB OBJ_tc26,2L,1L,1L,2L + +#define SN_id_tc26_gost_3410_12_256_paramSetC "id-tc26-gost-3410-12-256-paramSetC" +#define LN_id_tc26_gost_3410_12_256_paramSetC "GOST R 34.10-2012 (256 bit) ParamSet C" +#define NID_id_tc26_gost_3410_12_256_paramSetC 995 +#define OBJ_id_tc26_gost_3410_12_256_paramSetC OBJ_tc26,2L,1L,1L,3L + +#define SN_id_tc26_gost_3410_12_256_paramSetD "id-tc26-gost-3410-12-256-paramSetD" +#define LN_id_tc26_gost_3410_12_256_paramSetD "GOST R 34.10-2012 (256 bit) ParamSet D" +#define NID_id_tc26_gost_3410_12_256_paramSetD 996 +#define OBJ_id_tc26_gost_3410_12_256_paramSetD OBJ_tc26,2L,1L,1L,4L + +#define SN_id_tc26_gost_3410_12_512_paramSetTest "id-tc26-gost-3410-12-512-paramSetTest" +#define LN_id_tc26_gost_3410_12_512_paramSetTest "GOST R 34.10-2012 (512 bit) testing parameter set" +#define NID_id_tc26_gost_3410_12_512_paramSetTest 997 +#define OBJ_id_tc26_gost_3410_12_512_paramSetTest OBJ_tc26,2L,1L,2L,0L + +#define SN_id_tc26_gost_3410_12_512_paramSetA "id-tc26-gost-3410-12-512-paramSetA" +#define LN_id_tc26_gost_3410_12_512_paramSetA "GOST R 34.10-2012 (512 bit) ParamSet A" +#define NID_id_tc26_gost_3410_12_512_paramSetA 943 +#define OBJ_id_tc26_gost_3410_12_512_paramSetA OBJ_tc26,2L,1L,2L,1L + +#define SN_id_tc26_gost_3410_12_512_paramSetB "id-tc26-gost-3410-12-512-paramSetB" +#define LN_id_tc26_gost_3410_12_512_paramSetB "GOST R 34.10-2012 (512 bit) ParamSet B" +#define NID_id_tc26_gost_3410_12_512_paramSetB 944 +#define OBJ_id_tc26_gost_3410_12_512_paramSetB OBJ_tc26,2L,1L,2L,2L + +#define SN_id_tc26_gost_3410_12_512_paramSetC "id-tc26-gost-3410-12-512-paramSetC" +#define LN_id_tc26_gost_3410_12_512_paramSetC "GOST R 34.10-2012 (512 bit) ParamSet C" +#define NID_id_tc26_gost_3410_12_512_paramSetC 998 +#define OBJ_id_tc26_gost_3410_12_512_paramSetC OBJ_tc26,2L,1L,2L,3L + +#define SN_id_tc26_gost_28147_param_Z "id-tc26-gost-28147-param-Z" +#define NID_id_tc26_gost_28147_param_Z 945 +#define OBJ_id_tc26_gost_28147_param_Z OBJ_tc26,2L,5L,1L,1L + +#define SN_id_tc26_gost3410_2012_256 "id-tc26-gost3410-2012-256" +#define LN_id_tc26_gost3410_2012_256 "GOST R 34.10-2012 (256 bit)" +#define NID_id_tc26_gost3410_2012_256 946 +#define OBJ_id_tc26_gost3410_2012_256 OBJ_tc26,1L,1L,1L + +#define SN_id_tc26_gost3410_2012_512 "id-tc26-gost3410-2012-512" +#define LN_id_tc26_gost3410_2012_512 "GOST R 34.10-2012 (512 bit)" +#define NID_id_tc26_gost3410_2012_512 947 +#define OBJ_id_tc26_gost3410_2012_512 OBJ_tc26,1L,1L,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_256 "id-tc26-signwithdigest-gost3410-2012-256" +#define LN_id_tc26_signwithdigest_gost3410_2012_256 "GOST R 34.11-2012 with GOST R 34.10-2012 (256 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_256 948 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_256 OBJ_tc26,1L,3L,2L + +#define SN_id_tc26_signwithdigest_gost3410_2012_512 "id-tc26-signwithdigest-gost3410-2012-512" +#define LN_id_tc26_signwithdigest_gost3410_2012_512 "GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit)" +#define NID_id_tc26_signwithdigest_gost3410_2012_512 949 +#define OBJ_id_tc26_signwithdigest_gost3410_2012_512 OBJ_tc26,1L,3L,3L + +#define SN_X25519 "X25519" +#define NID_X25519 950 +#define OBJ_X25519 1L,3L,101L,110L + +#define SN_X448 "X448" +#define NID_X448 951 +#define OBJ_X448 1L,3L,101L,111L + +#define SN_Ed25519 "Ed25519" +#define NID_Ed25519 952 +#define OBJ_Ed25519 1L,3L,101L,112L + +#define SN_Ed448 "Ed448" +#define NID_Ed448 953 +#define OBJ_Ed448 1L,3L,101L,113L + +#define SN_Ed25519ph "Ed25519ph" +#define NID_Ed25519ph 954 +#define OBJ_Ed25519ph 1L,3L,101L,114L + +#define SN_Ed448ph "Ed448ph" +#define NID_Ed448ph 955 +#define OBJ_Ed448ph 1L,3L,101L,115L + +#define SN_kx_rsa "KxRSA" +#define LN_kx_rsa "kx-rsa" +#define NID_kx_rsa 959 + +#define SN_kx_ecdhe "KxECDHE" +#define LN_kx_ecdhe "kx-ecdhe" +#define NID_kx_ecdhe 960 + +#define SN_kx_dhe "KxDHE" +#define LN_kx_dhe "kx-dhe" +#define NID_kx_dhe 961 + +#define SN_kx_gost "KxGOST" +#define LN_kx_gost "kx-gost" +#define NID_kx_gost 962 + +#define SN_auth_rsa "AuthRSA" +#define LN_auth_rsa "auth-rsa" +#define NID_auth_rsa 963 + +#define SN_auth_ecdsa "AuthECDSA" +#define LN_auth_ecdsa "auth-ecdsa" +#define NID_auth_ecdsa 964 + +#define SN_auth_gost01 "AuthGOST01" +#define LN_auth_gost01 "auth-gost01" +#define NID_auth_gost01 965 + +#define SN_auth_null "AuthNULL" +#define LN_auth_null "auth-null" +#define NID_auth_null 966 + diff --git a/includes/curl/openssl/objects.h b/includes/curl/openssl/objects.h new file mode 100644 index 0000000..1a8490b --- /dev/null +++ b/includes/curl/openssl/objects.h @@ -0,0 +1,137 @@ +/* $OpenBSD: objects.h,v 1.29 2024/03/02 09:51:36 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_OBJECTS_H +#define HEADER_OBJECTS_H + +#include + +#define SN_ED25519 SN_Ed25519 +#define NID_ED25519 NID_Ed25519 +#define OBJ_ED25519 OBJ_Ed25519 + +#include +#include + +#define OBJ_NAME_TYPE_UNDEF 0x00 +#define OBJ_NAME_TYPE_MD_METH 0x01 +#define OBJ_NAME_TYPE_CIPHER_METH 0x02 +#define OBJ_NAME_TYPE_NUM 0x03 + +#define OBJ_NAME_ALIAS 0x8000 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct obj_name_st { + int type; + int alias; + const char *name; + const void *data; +} OBJ_NAME; + +void OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg), + void *arg); + +ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); +ASN1_OBJECT * OBJ_nid2obj(int n); +const char * OBJ_nid2ln(int n); +const char * OBJ_nid2sn(int n); +int OBJ_obj2nid(const ASN1_OBJECT *o); +ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); +int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +int OBJ_txt2nid(const char *s); +int OBJ_ln2nid(const char *s); +int OBJ_sn2nid(const char *s); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); + +int OBJ_new_nid(int num); +int OBJ_create(const char *oid, const char *sn, const char *ln); +void OBJ_cleanup(void); +int OBJ_create_objects(BIO *in); + +size_t OBJ_length(const ASN1_OBJECT *obj); +const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); + +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); + +void ERR_load_OBJ_strings(void); + +/* Error codes for the OBJ functions. */ + +/* Function codes. */ +#define OBJ_F_OBJ_ADD_OBJECT 105 +#define OBJ_F_OBJ_CREATE 100 +#define OBJ_F_OBJ_DUP 101 +#define OBJ_F_OBJ_NAME_NEW_INDEX 106 +#define OBJ_F_OBJ_NID2LN 102 +#define OBJ_F_OBJ_NID2OBJ 103 +#define OBJ_F_OBJ_NID2SN 104 + +/* Reason codes. */ +#define OBJ_R_MALLOC_FAILURE 100 +#define OBJ_R_UNKNOWN_NID 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/ocsp.h b/includes/curl/openssl/ocsp.h new file mode 100644 index 0000000..691ee4a --- /dev/null +++ b/includes/curl/openssl/ocsp.h @@ -0,0 +1,484 @@ +/* $OpenBSD: ocsp.h,v 1.20 2022/07/12 14:42:49 kn Exp $ */ +/* Written by Tom Titchener for the OpenSSL + * project. */ + +/* History: + This file was transfered to Richard Levitte from CertCo by Kathy + Weinhold in mid-spring 2000 to be included in OpenSSL or released + as a patch kit. */ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OCSP_H +#define HEADER_OCSP_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * CRLReason ::= ENUMERATED { + * unspecified (0), + * keyCompromise (1), + * cACompromise (2), + * affiliationChanged (3), + * superseded (4), + * cessationOfOperation (5), + * certificateHold (6), + * removeFromCRL (8) } + */ +#define OCSP_REVOKED_STATUS_NOSTATUS -1 +#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +#define OCSP_REVOKED_STATUS_SUPERSEDED 4 +#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 + + +/* Various flags and values */ + +#define OCSP_DEFAULT_NONCE_LENGTH 16 + +#define OCSP_NOCERTS 0x1 +#define OCSP_NOINTERN 0x2 +#define OCSP_NOSIGS 0x4 +#define OCSP_NOCHAIN 0x8 +#define OCSP_NOVERIFY 0x10 +#define OCSP_NOEXPLICIT 0x20 +#define OCSP_NOCASIGN 0x40 +#define OCSP_NODELEGATED 0x80 +#define OCSP_NOCHECKS 0x100 +#define OCSP_TRUSTOTHER 0x200 +#define OCSP_RESPID_KEY 0x400 +#define OCSP_NOTIME 0x800 + +typedef struct ocsp_cert_id_st OCSP_CERTID; + +DECLARE_STACK_OF(OCSP_CERTID) + +typedef struct ocsp_one_request_st OCSP_ONEREQ; + +DECLARE_STACK_OF(OCSP_ONEREQ) + +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + +#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +#define OCSP_RESPONSE_STATUS_TRYLATER 3 +#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 + +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + +#define V_OCSP_RESPID_NAME 0 +#define V_OCSP_RESPID_KEY 1 + +DECLARE_STACK_OF(OCSP_RESPID) + +OCSP_RESPID *OCSP_RESPID_new(void); +void OCSP_RESPID_free(OCSP_RESPID *a); +OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len); +int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPID_it; + +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; + +#define V_OCSP_CERTSTATUS_GOOD 0 +#define V_OCSP_CERTSTATUS_REVOKED 1 +#define V_OCSP_CERTSTATUS_UNKNOWN 2 + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; + +DECLARE_STACK_OF(OCSP_SINGLERESP) + +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; + +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; + +#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" +#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" + +#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) \ + (OCSP_REQUEST *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_REQUEST, \ + PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) + +#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) \ + (OCSP_RESPONSE *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_RESPONSE, \ + PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) + +#define PEM_write_bio_OCSP_REQUEST(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +#define PEM_write_bio_OCSP_RESPONSE(bp,o) \ + PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ + bp,(char *)o, NULL,NULL,0,NULL,NULL) + +#define ASN1_BIT_STRING_digest(data,type,md,len) \ + ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len) + +#define OCSP_CERTSTATUS_dup(cs) \ + ASN1_item_dup(&OCSP_CERTSTATUS_it, cs) + +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); + +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name, + const char *value); + +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); + +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, const ASN1_INTEGER *serialNumber); + +OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); + +int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, + const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); + +int OCSP_response_status(OCSP_RESPONSE *resp); +OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); + +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); + +int OCSP_resp_count(OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, const X509_NAME **pname); + +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, + char **ppath, int *pssl); + +int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); +OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); +OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial, + OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, + int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, + const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); + +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); + +X509_EXTENSION *OCSP_accept_responses_new(char **oids); + +X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); + +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls); + +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); +X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); +void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); +X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); +void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); +X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, + const ASN1_OBJECT *obj, int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); +X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); +X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, + int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +OCSP_SINGLERESP *OCSP_SINGLERESP_new(void); +void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a); +OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, const unsigned char **in, long len); +int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **out); +extern const ASN1_ITEM OCSP_SINGLERESP_it; +OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void); +void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a); +OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, const unsigned char **in, long len); +int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **out); +extern const ASN1_ITEM OCSP_CERTSTATUS_it; +OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void); +void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a); +OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, const unsigned char **in, long len); +int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **out); +extern const ASN1_ITEM OCSP_REVOKEDINFO_it; +OCSP_BASICRESP *OCSP_BASICRESP_new(void); +void OCSP_BASICRESP_free(OCSP_BASICRESP *a); +OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, const unsigned char **in, long len); +int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **out); +extern const ASN1_ITEM OCSP_BASICRESP_it; +OCSP_RESPDATA *OCSP_RESPDATA_new(void); +void OCSP_RESPDATA_free(OCSP_RESPDATA *a); +OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, const unsigned char **in, long len); +int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPDATA_it; +OCSP_RESPID *OCSP_RESPID_new(void); +void OCSP_RESPID_free(OCSP_RESPID *a); +OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len); +int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPID_it; +OCSP_RESPONSE *OCSP_RESPONSE_new(void); +void OCSP_RESPONSE_free(OCSP_RESPONSE *a); +OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, const unsigned char **in, long len); +int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **out); +OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE **a); +int i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *a); +extern const ASN1_ITEM OCSP_RESPONSE_it; +OCSP_RESPBYTES *OCSP_RESPBYTES_new(void); +void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a); +OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, const unsigned char **in, long len); +int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPBYTES_it; +OCSP_ONEREQ *OCSP_ONEREQ_new(void); +void OCSP_ONEREQ_free(OCSP_ONEREQ *a); +OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, const unsigned char **in, long len); +int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **out); +extern const ASN1_ITEM OCSP_ONEREQ_it; +OCSP_CERTID *OCSP_CERTID_new(void); +void OCSP_CERTID_free(OCSP_CERTID *a); +OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, const unsigned char **in, long len); +int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_CERTID_it; +OCSP_REQUEST *OCSP_REQUEST_new(void); +void OCSP_REQUEST_free(OCSP_REQUEST *a); +OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, const unsigned char **in, long len); +int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **out); +OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **a); +int i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *a); +extern const ASN1_ITEM OCSP_REQUEST_it; +OCSP_SIGNATURE *OCSP_SIGNATURE_new(void); +void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a); +OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, const unsigned char **in, long len); +int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **out); +extern const ASN1_ITEM OCSP_SIGNATURE_it; +OCSP_REQINFO *OCSP_REQINFO_new(void); +void OCSP_REQINFO_free(OCSP_REQINFO *a); +OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, const unsigned char **in, long len); +int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **out); +extern const ASN1_ITEM OCSP_REQINFO_it; +OCSP_CRLID *OCSP_CRLID_new(void); +void OCSP_CRLID_free(OCSP_CRLID *a); +OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, const unsigned char **in, long len); +int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_CRLID_it; +OCSP_SERVICELOC *OCSP_SERVICELOC_new(void); +void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a); +OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, const unsigned char **in, long len); +int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **out); +extern const ASN1_ITEM OCSP_SERVICELOC_it; + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); + +void ERR_load_OCSP_strings(void); + +/* Error codes for the OCSP functions. */ + +/* Function codes. */ +#define OCSP_F_ASN1_STRING_ENCODE 100 +#define OCSP_F_D2I_OCSP_NONCE 102 +#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 +#define OCSP_F_OCSP_BASIC_SIGN 104 +#define OCSP_F_OCSP_BASIC_VERIFY 105 +#define OCSP_F_OCSP_CERT_ID_NEW 101 +#define OCSP_F_OCSP_CHECK_DELEGATED 106 +#define OCSP_F_OCSP_CHECK_IDS 107 +#define OCSP_F_OCSP_CHECK_ISSUER 108 +#define OCSP_F_OCSP_CHECK_VALIDITY 115 +#define OCSP_F_OCSP_MATCH_ISSUERID 109 +#define OCSP_F_OCSP_PARSE_URL 114 +#define OCSP_F_OCSP_REQUEST_SIGN 110 +#define OCSP_F_OCSP_REQUEST_VERIFY 116 +#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 +#define OCSP_F_OCSP_SENDREQ_BIO 112 +#define OCSP_F_OCSP_SENDREQ_NBIO 117 +#define OCSP_F_PARSE_HTTP_LINE1 118 +#define OCSP_F_REQUEST_VERIFY 113 + +/* Reason codes. */ +#define OCSP_R_BAD_DATA 100 +#define OCSP_R_CERTIFICATE_VERIFY_ERROR 101 +#define OCSP_R_DIGEST_ERR 102 +#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD 122 +#define OCSP_R_ERROR_IN_THISUPDATE_FIELD 123 +#define OCSP_R_ERROR_PARSING_URL 121 +#define OCSP_R_MISSING_OCSPSIGNING_USAGE 103 +#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE 124 +#define OCSP_R_NOT_BASIC_RESPONSE 104 +#define OCSP_R_NO_CERTIFICATES_IN_CHAIN 105 +#define OCSP_R_NO_CONTENT 106 +#define OCSP_R_NO_PUBLIC_KEY 107 +#define OCSP_R_NO_RESPONSE_DATA 108 +#define OCSP_R_NO_REVOKED_TIME 109 +#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 110 +#define OCSP_R_REQUEST_NOT_SIGNED 128 +#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 111 +#define OCSP_R_ROOT_CA_NOT_TRUSTED 112 +#define OCSP_R_SERVER_READ_ERROR 113 +#define OCSP_R_SERVER_RESPONSE_ERROR 114 +#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR 115 +#define OCSP_R_SERVER_WRITE_ERROR 116 +#define OCSP_R_SIGNATURE_FAILURE 117 +#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND 118 +#define OCSP_R_STATUS_EXPIRED 125 +#define OCSP_R_STATUS_NOT_YET_VALID 126 +#define OCSP_R_STATUS_TOO_OLD 127 +#define OCSP_R_UNKNOWN_MESSAGE_DIGEST 119 +#define OCSP_R_UNKNOWN_NID 120 +#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE 129 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/opensslconf.h b/includes/curl/openssl/opensslconf.h new file mode 100644 index 0000000..cc19376 --- /dev/null +++ b/includes/curl/openssl/opensslconf.h @@ -0,0 +1,149 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTO_LOCAL_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#ifndef OPENSSL_FILE +#ifdef OPENSSL_NO_FILENAMES +#define OPENSSL_FILE "" +#define OPENSSL_LINE 0 +#else +#define OPENSSL_FILE __FILE__ +#define OPENSSL_LINE __LINE__ +#endif +#endif + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependencies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very much CPU dependent */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/includes/curl/openssl/opensslfeatures.h b/includes/curl/openssl/opensslfeatures.h new file mode 100644 index 0000000..41df8b8 --- /dev/null +++ b/includes/curl/openssl/opensslfeatures.h @@ -0,0 +1,153 @@ +/* $OpenBSD: opensslfeatures.h,v 1.44 2024/08/31 10:38:49 tb Exp $ */ +/* + * Feature flags for LibreSSL... so you can actually tell when things + * are enabled, rather than not being able to tell when things are + * enabled (or possibly not yet not implemented, or removed!). + */ +#define LIBRESSL_HAS_QUIC +#define LIBRESSL_HAS_TLS1_3 +#define LIBRESSL_HAS_DTLS1_2 + +/* + * Used for compatibility with compilers lacking __attribute__ + */ +#if defined(_MSC_VER) && !defined(__clang__) && !defined(__attribute__) +#define __attribute__(a) +#endif + +#define OPENSSL_THREADS + +#define OPENSSL_NO_BUF_FREELISTS +#define OPENSSL_NO_DEPRECATED +#define OPENSSL_NO_EC2M +#define OPENSSL_NO_GMP +#define OPENSSL_NO_JPAKE +#define OPENSSL_NO_KRB5 +#define OPENSSL_NO_RSAX +#define OPENSSL_NO_SHA0 +#define OPENSSL_NO_SSL2 +#define OPENSSL_NO_STORE + +/* + * OPENSSL_NO_* flags that currently appear in OpenSSL. + */ + +/* #define OPENSSL_NO_AFALGENG */ +/* #define OPENSSL_NO_ALGORITHMS */ +/* #define OPENSSL_NO_ARIA */ +/* #define OPENSSL_NO_ASM */ +#define OPENSSL_NO_ASYNC +/* #define OPENSSL_NO_AUTOALGINIT */ +/* #define OPENSSL_NO_AUTOERRINIT */ +/* #define OPENSSL_NO_AUTOLOAD_CONFIG */ +/* #define OPENSSL_NO_BF */ +#define OPENSSL_NO_BLAKE2 +#define OPENSSL_NO_BROTLI +/* #define OPENSSL_NO_BUILTIN_OVERFLOW_CHECKING */ +/* #define OPENSSL_NO_CAMELLIA */ +#define OPENSSL_NO_CAPIENG +/* #define OPENSSL_NO_CAST */ +/* #define OPENSSL_NO_CHACHA */ +/* #define OPENSSL_NO_CMAC */ +/* #define OPENSSL_NO_CMP */ +/* #define OPENSSL_NO_CMS */ +#define OPENSSL_NO_COMP +/* #define OPENSSL_NO_COMP_ALG */ +/* #define OPENSSL_NO_CRMF */ +/* #define OPENSSL_NO_CRYPTO_MDEBUG */ +/* #define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE */ +/* #define OPENSSL_NO_CT */ +/* #define OPENSSL_NO_DECC_INIT */ +/* #define OPENSSL_NO_DES */ +/* #define OPENSSL_NO_DEVCRYPTOENG */ +/* #define OPENSSL_NO_DGRAM */ +/* #define OPENSSL_NO_DH */ +/* #define OPENSSL_NO_DSA */ +#define OPENSSL_NO_DSO +/* #define OPENSSL_NO_DTLS */ +#define OPENSSL_NO_DTLS1 +#ifndef LIBRESSL_HAS_DTLS1_2 +#define OPENSSL_NO_DTLS1_2 +#endif +/* #define OPENSSL_NO_DTLS1_2_METHOD */ +/* #define OPENSSL_NO_DTLS1_METHOD */ +#define OPENSSL_NO_DYNAMIC_ENGINE +/* #define OPENSSL_NO_EC */ +#define OPENSSL_NO_EC_NISTP_64_GCC_128 +#define OPENSSL_NO_EGD +#define OPENSSL_NO_ENGINE +/* #define OPENSSL_NO_ERR */ +/* #define OPENSSL_NO_FILENAMES */ +/* #define OPENSSL_NO_FUZZ_AFL */ +/* #define OPENSSL_NO_FUZZ_LIBFUZZER */ +#define OPENSSL_NO_GOST +#define OPENSSL_NO_HEARTBEATS +/* #define OPENSSL_NO_HW */ +/* #define OPENSSL_NO_HW_PADLOCK */ +/* #define OPENSSL_NO_IDEA */ +/* #define OPENSSL_NO_INLINE_ASM */ +/* #define OPENSSL_NO_KEYPARAMS */ +#define OPENSSL_NO_KTLS +/* #define OPENSSL_NO_KTLS_RX */ +/* #define OPENSSL_NO_KTLS_ZC_TX */ +/* #define OPENSSL_NO_LOCALE */ +#define OPENSSL_NO_MD2 +/* #define OPENSSL_NO_MD4 */ +/* #define OPENSSL_NO_MD5 */ +#define OPENSSL_NO_MDC2 +/* #define OPENSSL_NO_MULTIBLOCK */ +/* #define OPENSSL_NO_NEXTPROTONEG */ +/* #define OPENSSL_NO_OCB */ +/* #define OPENSSL_NO_OCSP */ +/* #define OPENSSL_NO_PADLOCKENG */ +/* #define OPENSSL_NO_PINSHARED */ +/* #define OPENSSL_NO_POLY1305 */ +/* #define OPENSSL_NO_POSIX_IO */ +#define OPENSSL_NO_PSK +#define OPENSSL_NO_QUIC +/* #define OPENSSL_NO_RC2 */ +/* #define OPENSSL_NO_RC4 */ +#define OPENSSL_NO_RC5 +/* #define OPENSSL_NO_RDRAND */ +/* #define OPENSSL_NO_RFC3779 */ +/* #define OPENSSL_NO_RMD160 */ +/* #define OPENSSL_NO_RSA */ +#define OPENSSL_NO_SCRYPT +#define OPENSSL_NO_SCTP +/* #define OPENSSL_NO_SECURE_MEMORY */ +#define OPENSSL_NO_SEED +/* #define OPENSSL_NO_SIPHASH */ +/* #define OPENSSL_NO_SIV */ +/* #define OPENSSL_NO_SM2 */ +/* #define OPENSSL_NO_SM3 */ +/* #define OPENSSL_NO_SM4 */ +/* #define OPENSSL_NO_SOCK */ +#define OPENSSL_NO_SRP +/* #define OPENSSL_NO_SRTP */ +#define OPENSSL_NO_SSL3 +#define OPENSSL_NO_SSL3_METHOD +#define OPENSSL_NO_SSL_TRACE +/* #define OPENSSL_NO_STATIC_ENGINE */ +/* #define OPENSSL_NO_STDIO */ +/* #define OPENSSL_NO_THREAD_POOL */ +/* #define OPENSSL_NO_TLS */ +#define OPENSSL_NO_TLS1 +#define OPENSSL_NO_TLS1_1 +#define OPENSSL_NO_TLS1_METHOD +#define OPENSSL_NO_TLS1_1_METHOD +/* #define OPENSSL_NO_TLS1_2 */ +/* #define OPENSSL_NO_TLS1_2_METHOD */ +#ifndef LIBRESSL_HAS_TLS1_3 +#define OPENSSL_NO_TLS1_3 +#endif +/* #define OPENSSL_NO_TLS1_METHOD */ +/* #define OPENSSL_NO_TRACE */ +/* #define OPENSSL_NO_TS */ +/* #define OPENSSL_NO_UI_CONSOLE */ +/* #define OPENSSL_NO_UNIT_TEST */ +/* #define OPENSSL_NO_UNIX_SOCK */ +/* #define OPENSSL_NO_WEAK_SSL_CIPHERS */ +#define OPENSSL_NO_WHIRLPOOL +/* #define OPENSSL_NO_WINSTORE */ +#define OPENSSL_NO_ZLIB +/* #define OPENSSL_NO_ZSTD */ diff --git a/includes/curl/openssl/opensslv.h b/includes/curl/openssl/opensslv.h new file mode 100644 index 0000000..bf06db8 --- /dev/null +++ b/includes/curl/openssl/opensslv.h @@ -0,0 +1,18 @@ +/* $OpenBSD: opensslv.h,v 1.80 2025/03/09 15:49:18 tb Exp $ */ +#ifndef HEADER_OPENSSLV_H +#define HEADER_OPENSSLV_H + +/* These will change with each release of LibreSSL-portable */ +#define LIBRESSL_VERSION_NUMBER 0x4010000fL +/* ^ Patch starts here */ +#define LIBRESSL_VERSION_TEXT "LibreSSL 4.1.0" + +/* These will never change */ +#define OPENSSL_VERSION_NUMBER 0x20000000L +#define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT +#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT + +#define SHLIB_VERSION_HISTORY "" +#define SHLIB_VERSION_NUMBER "1.0.0" + +#endif /* HEADER_OPENSSLV_H */ diff --git a/includes/curl/openssl/ossl_typ.h b/includes/curl/openssl/ossl_typ.h new file mode 100644 index 0000000..e82ad2f --- /dev/null +++ b/includes/curl/openssl/ossl_typ.h @@ -0,0 +1,196 @@ +/* $OpenBSD: ossl_typ.h,v 1.31 2024/05/27 09:12:32 jsg Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_OPENSSL_TYPES_H +#define HEADER_OPENSSL_TYPES_H + +#include + +typedef struct asn1_string_st ASN1_INTEGER; +typedef struct asn1_string_st ASN1_ENUMERATED; +typedef struct asn1_string_st ASN1_BIT_STRING; +typedef struct asn1_string_st ASN1_OCTET_STRING; +typedef struct asn1_string_st ASN1_PRINTABLESTRING; +typedef struct asn1_string_st ASN1_T61STRING; +typedef struct asn1_string_st ASN1_IA5STRING; +typedef struct asn1_string_st ASN1_GENERALSTRING; +typedef struct asn1_string_st ASN1_UNIVERSALSTRING; +typedef struct asn1_string_st ASN1_BMPSTRING; +typedef struct asn1_string_st ASN1_UTCTIME; +typedef struct asn1_string_st ASN1_TIME; +typedef struct asn1_string_st ASN1_GENERALIZEDTIME; +typedef struct asn1_string_st ASN1_VISIBLESTRING; +typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; +typedef int ASN1_BOOLEAN; +typedef int ASN1_NULL; + +typedef struct asn1_object_st ASN1_OBJECT; + +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; + +#if defined(_WIN32) && defined(__WINCRYPT_H__) +#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING) +#ifdef _MSC_VER +#pragma message("Warning, overriding WinCrypt defines") +#else +#warning overriding WinCrypt defines +#endif +#endif +#undef X509_NAME +#undef X509_EXTENSIONS +#undef OCSP_REQUEST +#undef OCSP_RESPONSE +#undef PKCS7_ISSUER_AND_SERIAL +#endif + +#ifdef BIGNUM +#undef BIGNUM +#endif +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct bio_st BIO; +typedef struct buf_mem_st BUF_MEM; + +typedef struct evp_cipher_st EVP_CIPHER; +typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; +typedef struct evp_md_st EVP_MD; +typedef struct evp_md_ctx_st EVP_MD_CTX; +typedef struct evp_pkey_st EVP_PKEY; + +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX; + +typedef struct hmac_ctx_st HMAC_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; +typedef struct rsa_pss_params_st RSA_PSS_PARAMS; + +typedef struct rand_meth_st RAND_METHOD; + +typedef struct x509_st X509; +typedef struct X509_algor_st X509_ALGOR; +typedef struct X509_crl_st X509_CRL; +typedef struct x509_revoked_st X509_REVOKED; +typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; +typedef struct x509_store_st X509_STORE; +typedef struct x509_store_ctx_st X509_STORE_CTX; + +typedef struct x509_object_st X509_OBJECT; +typedef struct x509_lookup_st X509_LOOKUP; +typedef struct x509_lookup_method_st X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; + +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; + +/* If placed in pkcs12.h, we end up with a circular dependency with pkcs7.h */ +#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ +#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ + +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Callback types for crypto.h */ +typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + +typedef struct sct_st SCT; +typedef struct sct_ctx_st SCT_CTX; +typedef struct ctlog_st CTLOG; +typedef struct ctlog_store_st CTLOG_STORE; +typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + +#endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/includes/curl/openssl/pem.h b/includes/curl/openssl/pem.h new file mode 100644 index 0000000..4fdab48 --- /dev/null +++ b/includes/curl/openssl/pem.h @@ -0,0 +1,546 @@ +/* $OpenBSD: pem.h,v 1.28 2024/05/11 05:41:28 tb Exp $ */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_PEM_H +#define HEADER_PEM_H + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif +#ifndef OPENSSL_NO_STACK +#include +#endif +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define PEM_BUFSIZE 1024 + +#define PEM_OBJ_UNDEF 0 +#define PEM_OBJ_X509 1 +#define PEM_OBJ_X509_REQ 2 +#define PEM_OBJ_CRL 3 +#define PEM_OBJ_SSL_SESSION 4 +#define PEM_OBJ_PRIV_KEY 10 +#define PEM_OBJ_PRIV_RSA 11 +#define PEM_OBJ_PRIV_DSA 12 +#define PEM_OBJ_PRIV_DH 13 +#define PEM_OBJ_PUB_RSA 14 +#define PEM_OBJ_PUB_DSA 15 +#define PEM_OBJ_PUB_DH 16 +#define PEM_OBJ_DHPARAMS 17 +#define PEM_OBJ_DSAPARAMS 18 +#define PEM_OBJ_PRIV_RSA_PUBLIC 19 +#define PEM_OBJ_PRIV_ECDSA 20 +#define PEM_OBJ_PUB_ECDSA 21 +#define PEM_OBJ_ECPARAMETERS 22 + +#define PEM_ERROR 30 +#define PEM_DEK_DES_CBC 40 +#define PEM_DEK_IDEA_CBC 45 +#define PEM_DEK_DES_EDE 50 +#define PEM_DEK_DES_ECB 60 +#define PEM_DEK_RSA 70 +#define PEM_DEK_RSA_MD2 80 +#define PEM_DEK_RSA_MD5 90 + +#define PEM_MD_MD2 NID_md2 +#define PEM_MD_MD5 NID_md5 +#define PEM_MD_SHA NID_sha +#define PEM_MD_MD2_RSA NID_md2WithRSAEncryption +#define PEM_MD_MD5_RSA NID_md5WithRSAEncryption +#define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption + +#define PEM_STRING_X509_OLD "X509 CERTIFICATE" +#define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" +#define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" +#define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" +#define PEM_STRING_X509_CRL "X509 CRL" +#define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" +#define PEM_STRING_PUBLIC "PUBLIC KEY" +#define PEM_STRING_RSA "RSA PRIVATE KEY" +#define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" +#define PEM_STRING_DSA "DSA PRIVATE KEY" +#define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" +#define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" +#define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" +#define PEM_STRING_PKCS8INF "PRIVATE KEY" +#define PEM_STRING_DHPARAMS "DH PARAMETERS" +#define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" +#define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_PARAMETERS "PARAMETERS" +#define PEM_STRING_CMS "CMS" + +/* enc_type is one off */ +#define PEM_TYPE_ENCRYPTED 10 +#define PEM_TYPE_MIC_ONLY 20 +#define PEM_TYPE_MIC_CLEAR 30 +#define PEM_TYPE_CLEAR 40 + +#ifndef LIBRESSL_INTERNAL +/* These macros make the PEM_read/PEM_write functions easier to maintain and + * write. Now they are all implemented with either: + * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) + */ + +#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ +type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} + +#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + + +#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ +type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ +{ \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ +} + +#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) + +#define IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ + IMPLEMENT_PEM_read_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_rw(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write(name, type, str, asn1) + +#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + +#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb(name, type, str, asn1) + +#endif + +/* These are the same except they are for the declarations */ + + +#define DECLARE_PEM_read_fp(name, type) \ + type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); + +#define DECLARE_PEM_write_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x); + +#define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + +#define DECLARE_PEM_write_cb_fp(name, type) \ + int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + + +#ifndef OPENSSL_NO_BIO +#define DECLARE_PEM_read_bio(name, type) \ + type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); + +#define DECLARE_PEM_write_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x); + +#define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + +#define DECLARE_PEM_write_cb_bio(name, type) \ + int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +#else + +#define DECLARE_PEM_read_bio(name, type) /**/ +#define DECLARE_PEM_write_bio(name, type) /**/ +#define DECLARE_PEM_write_bio_const(name, type) /**/ +#define DECLARE_PEM_write_cb_bio(name, type) /**/ + +#endif + +#define DECLARE_PEM_write(name, type) \ + DECLARE_PEM_write_bio(name, type) \ + DECLARE_PEM_write_fp(name, type) + +#define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) + +#define DECLARE_PEM_write_cb(name, type) \ + DECLARE_PEM_write_cb_bio(name, type) \ + DECLARE_PEM_write_cb_fp(name, type) + +#define DECLARE_PEM_read(name, type) \ + DECLARE_PEM_read_bio(name, type) \ + DECLARE_PEM_read_fp(name, type) + +#define DECLARE_PEM_rw(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write(name, type) + +#define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) + +#define DECLARE_PEM_rw_cb(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_cb(name, type) + +typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); + +int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); +int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); + +#ifndef OPENSSL_NO_BIO +int PEM_read_bio(BIO *bp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, void *u); +void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, + void **x, pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, + STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cd, void *u); +#endif + +int PEM_read(FILE *fp, char **name, char **header, + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); +STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, + pem_password_cb *cb, void *u); + +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); +int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, + unsigned int *siglen, EVP_PKEY *pkey); + +int PEM_def_callback(char *buf, int num, int w, void *key); +void PEM_proc_type(char *buf, int type); +void PEM_dek_info(char *buf, const char *type, int len, char *str); + + +DECLARE_PEM_rw(X509, X509) + +DECLARE_PEM_rw(X509_AUX, X509) + +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) + +DECLARE_PEM_rw(X509_CRL, X509_CRL) + +DECLARE_PEM_rw(PKCS7, PKCS7) + +DECLARE_PEM_rw(PKCS8, X509_SIG) + +DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) + +#ifndef OPENSSL_NO_RSA + +DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) + +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) + +#endif + +#ifndef OPENSSL_NO_DSA + +DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) + +DECLARE_PEM_rw(DSA_PUBKEY, DSA) + +DECLARE_PEM_rw_const(DSAparams, DSA) + +#endif + +#ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +#endif + +#ifndef OPENSSL_NO_DH + +DECLARE_PEM_rw_const(DHparams, DH) + +#endif + +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) + +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) + +int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u); +int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, + char *, int, pem_password_cb *, void *); +int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); +int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, + char *kstr, int klen, + pem_password_cb *cb, void *u); + +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); + +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, void *u); + +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +#ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, + void *u); +#endif + + +void ERR_load_PEM_strings(void); + +/* Error codes for the PEM functions. */ + +/* Function codes. */ +#define PEM_F_B2I_DSS 127 +#define PEM_F_B2I_PVK_BIO 128 +#define PEM_F_B2I_RSA 129 +#define PEM_F_CHECK_BITLEN_DSA 130 +#define PEM_F_CHECK_BITLEN_RSA 131 +#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 +#define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 +#define PEM_F_DO_B2I 132 +#define PEM_F_DO_B2I_BIO 133 +#define PEM_F_DO_BLOB_HEADER 134 +#define PEM_F_DO_PK8PKEY 126 +#define PEM_F_DO_PK8PKEY_FP 125 +#define PEM_F_DO_PVK_BODY 135 +#define PEM_F_DO_PVK_HEADER 136 +#define PEM_F_I2B_PVK 137 +#define PEM_F_I2B_PVK_BIO 138 +#define PEM_F_LOAD_IV 101 +#define PEM_F_PEM_ASN1_READ 102 +#define PEM_F_PEM_ASN1_READ_BIO 103 +#define PEM_F_PEM_ASN1_WRITE 104 +#define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DEF_CALLBACK 100 +#define PEM_F_PEM_DO_HEADER 106 +#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 +#define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_PK8PKEY 119 +#define PEM_F_PEM_READ 108 +#define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_READ_BIO_PARAMETERS 140 +#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +#define PEM_F_PEM_READ_PRIVATEKEY 124 +#define PEM_F_PEM_SEALFINAL 110 +#define PEM_F_PEM_SEALINIT 111 +#define PEM_F_PEM_SIGNFINAL 112 +#define PEM_F_PEM_WRITE 113 +#define PEM_F_PEM_WRITE_BIO 114 +#define PEM_F_PEM_WRITE_PRIVATEKEY 139 +#define PEM_F_PEM_X509_INFO_READ 115 +#define PEM_F_PEM_X509_INFO_READ_BIO 116 +#define PEM_F_PEM_X509_INFO_WRITE_BIO 117 + +/* Reason codes. */ +#define PEM_R_BAD_BASE64_DECODE 100 +#define PEM_R_BAD_DECRYPT 101 +#define PEM_R_BAD_END_LINE 102 +#define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_MAGIC_NUMBER 116 +#define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_BAD_VERSION_NUMBER 117 +#define PEM_R_BIO_WRITE_FAILURE 118 +#define PEM_R_CIPHER_IS_NULL 127 +#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +#define PEM_R_INCONSISTENT_HEADER 121 +#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +#define PEM_R_KEYBLOB_TOO_SHORT 123 +#define PEM_R_NOT_DEK_INFO 105 +#define PEM_R_NOT_ENCRYPTED 106 +#define PEM_R_NOT_PROC_TYPE 107 +#define PEM_R_NO_START_LINE 108 +#define PEM_R_PROBLEMS_GETTING_PASSWORD 109 +#define PEM_R_PUBLIC_KEY_NO_RSA 110 +#define PEM_R_PVK_DATA_TOO_SHORT 124 +#define PEM_R_PVK_TOO_SHORT 125 +#define PEM_R_READ_KEY 111 +#define PEM_R_SHORT_HEADER 112 +#define PEM_R_UNSUPPORTED_CIPHER 113 +#define PEM_R_UNSUPPORTED_ENCRYPTION 114 +#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/pkcs12.h b/includes/curl/openssl/pkcs12.h new file mode 100644 index 0000000..2007120 --- /dev/null +++ b/includes/curl/openssl/pkcs12.h @@ -0,0 +1,284 @@ +/* $OpenBSD: pkcs12.h,v 1.29 2025/03/09 15:45:52 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PKCS12_H +#define HEADER_PKCS12_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define PKCS12_KEY_ID 1 +#define PKCS12_IV_ID 2 +#define PKCS12_MAC_ID 3 + +/* Default iteration count */ +#ifndef PKCS12_DEFAULT_ITER +#define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER +#endif + +#define PKCS12_MAC_KEY_LENGTH 20 + +#define PKCS12_SALT_LEN 8 + +/* Uncomment out next line for unicode password and names, otherwise ASCII */ + +/*#define PBE_UNICODE*/ + +#ifdef PBE_UNICODE +#define PKCS12_key_gen PKCS12_key_gen_uni +#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni +#else +#define PKCS12_key_gen PKCS12_key_gen_asc +#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc +#endif + +/* MS key usage constants */ + +#define KEY_EX 0x10 +#define KEY_SIG 0x80 + +typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; + +typedef struct PKCS12_st PKCS12; + +typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; + +DECLARE_STACK_OF(PKCS12_SAFEBAG) +DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) + +typedef struct pkcs12_bag_st PKCS12_BAGS; + +#define PKCS12_ERROR 0 +#define PKCS12_OK 1 + +#ifndef LIBRESSL_INTERNAL + +/* Compatibility macros */ + +#define M_PKCS12_x5092certbag PKCS12_x5092certbag +#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag + +#define M_PKCS12_certbag2x509 PKCS12_certbag2x509 +#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl + +#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data +#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes +#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes +#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata + +#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey +#define M_PKCS8_decrypt PKCS8_decrypt + +#endif /* !LIBRESSL_INTERNAL */ + +#define M_PKCS12_bag_type PKCS12_bag_type +#define M_PKCS12_cert_bag_type PKCS12_cert_bag_type +#define M_PKCS12_crl_bag_type PKCS12_cert_bag_type + +#define PKCS12_bag_type PKCS12_SAFEBAG_get_nid +#define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid + +#define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert +#define PKCS12_certbag2x509crl PKCS12_SAFEBAG_get1_crl + +#define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert +#define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl +#define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf +#define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt + +const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, + int attr_nid); +const STACK_OF(X509_ATTRIBUTE) * + PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); +int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); + +X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); +X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); + +ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); +int PKCS12_mac_present(const PKCS12 *p12); +void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, const X509_ALGOR **pmacalg, + const ASN1_OCTET_STRING **psalt, const ASN1_INTEGER **piter, + const PKCS12 *p12); + +const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); +const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); +const STACK_OF(PKCS12_SAFEBAG) * + PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); +const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); + +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); + +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); + +int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); +char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type); +int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); +int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); + +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); + +PKCS12 *PKCS12_new(void); +void PKCS12_free(PKCS12 *a); +PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len); +int i2d_PKCS12(PKCS12 *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_it; + +PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void); +void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); +PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len); +int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_SAFEBAG_it; + +void PKCS12_PBE_add(void); +int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, + int mac_iter, int keytype); + +int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); +int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); +PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); +PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); + +void ERR_load_PKCS12_strings(void); + +/* Error codes for the PKCS12 functions. */ + +/* Function codes. */ +#define PKCS12_F_PARSE_BAG 129 +#define PKCS12_F_PARSE_BAGS 103 +#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 +#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 +#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 +#define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 +#define PKCS12_F_PKCS12_CREATE 105 +#define PKCS12_F_PKCS12_GEN_MAC 107 +#define PKCS12_F_PKCS12_INIT 109 +#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 +#define PKCS12_F_PKCS12_KEY_GEN_ASC 110 +#define PKCS12_F_PKCS12_KEY_GEN_UNI 111 +#define PKCS12_F_PKCS12_MAKE_KEYBAG 112 +#define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 +#define PKCS12_F_PKCS12_NEWPASS 128 +#define PKCS12_F_PKCS12_PACK_P7DATA 114 +#define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 +#define PKCS12_F_PKCS12_PARSE 118 +#define PKCS12_F_PKCS12_PBE_CRYPT 119 +#define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 +#define PKCS12_F_PKCS12_SETUP_MAC 122 +#define PKCS12_F_PKCS12_SET_MAC 123 +#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +#define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +#define PKCS12_F_PKCS12_VERIFY_MAC 126 +#define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 +#define PKCS12_F_PKCS8_ENCRYPT 125 + +/* Reason codes. */ +#define PKCS12_R_CANT_PACK_STRUCTURE 100 +#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 +#define PKCS12_R_DECODE_ERROR 101 +#define PKCS12_R_ENCODE_ERROR 102 +#define PKCS12_R_ENCRYPT_ERROR 103 +#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 +#define PKCS12_R_INVALID_NULL_ARGUMENT 104 +#define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 +#define PKCS12_R_IV_GEN_ERROR 106 +#define PKCS12_R_KEY_GEN_ERROR 107 +#define PKCS12_R_MAC_ABSENT 108 +#define PKCS12_R_MAC_GENERATION_ERROR 109 +#define PKCS12_R_MAC_SETUP_ERROR 110 +#define PKCS12_R_MAC_STRING_SET_ERROR 111 +#define PKCS12_R_MAC_VERIFY_ERROR 112 +#define PKCS12_R_MAC_VERIFY_FAILURE 113 +#define PKCS12_R_PARSE_ERROR 114 +#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 +#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 +#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 +#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 +#define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/pkcs7.h b/includes/curl/openssl/pkcs7.h new file mode 100644 index 0000000..b286205 --- /dev/null +++ b/includes/curl/openssl/pkcs7.h @@ -0,0 +1,522 @@ +/* $OpenBSD: pkcs7.h,v 1.22 2024/10/23 01:57:19 jsg Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_PKCS7_H +#define HEADER_PKCS7_H + +#include + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(_WIN32) && defined(__WINCRYPT_H__) +#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING) +#ifdef _MSC_VER +#pragma message("Warning, overriding WinCrypt defines") +#else +#warning overriding WinCrypt defines +#endif +#endif +#undef PKCS7_ISSUER_AND_SERIAL +#undef PKCS7_SIGNER_INFO +#endif + +/* +Encryption_ID DES-CBC +Digest_ID MD5 +Digest_Encryption_ID rsaEncryption +Key_Encryption_ID rsaEncryption +*/ + +typedef struct pkcs7_issuer_and_serial_st { + X509_NAME *issuer; + ASN1_INTEGER *serial; +} PKCS7_ISSUER_AND_SERIAL; + +typedef struct pkcs7_signer_info_st { + ASN1_INTEGER *version; /* version 1 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *digest_alg; + STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ + X509_ALGOR *digest_enc_alg; + ASN1_OCTET_STRING *enc_digest; + STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ + + /* The private key to sign with */ + EVP_PKEY *pkey; +} PKCS7_SIGNER_INFO; + +DECLARE_STACK_OF(PKCS7_SIGNER_INFO) + +typedef struct pkcs7_recip_info_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; + X509_ALGOR *key_enc_algor; + ASN1_OCTET_STRING *enc_key; + X509 *cert; /* get the pub-key from this */ +} PKCS7_RECIP_INFO; + +DECLARE_STACK_OF(PKCS7_RECIP_INFO) + +typedef struct pkcs7_signed_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + + struct pkcs7_st *contents; +} PKCS7_SIGNED; +/* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. + * How about merging the two */ + +typedef struct pkcs7_enc_content_st { + ASN1_OBJECT *content_type; + X509_ALGOR *algorithm; + ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ + const EVP_CIPHER *cipher; +} PKCS7_ENC_CONTENT; + +typedef struct pkcs7_enveloped_st { + ASN1_INTEGER *version; /* version 0 */ + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENVELOPE; + +typedef struct pkcs7_signedandenveloped_st { + ASN1_INTEGER *version; /* version 1 */ + STACK_OF(X509_ALGOR) *md_algs; /* md used */ + STACK_OF(X509) *cert; /* [ 0 ] */ + STACK_OF(X509_CRL) *crl; /* [ 1 ] */ + STACK_OF(PKCS7_SIGNER_INFO) *signer_info; + + PKCS7_ENC_CONTENT *enc_data; + STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; +} PKCS7_SIGN_ENVELOPE; + +typedef struct pkcs7_digest_st { + ASN1_INTEGER *version; /* version 0 */ + X509_ALGOR *md; /* md used */ + struct pkcs7_st *contents; + ASN1_OCTET_STRING *digest; +} PKCS7_DIGEST; + +typedef struct pkcs7_encrypted_st { + ASN1_INTEGER *version; /* version 0 */ + PKCS7_ENC_CONTENT *enc_data; +} PKCS7_ENCRYPT; + +typedef struct pkcs7_st { + /* The following is non NULL if it contains ASN1 encoding of + * this structure */ + unsigned char *asn1; + long length; + +#define PKCS7_S_HEADER 0 +#define PKCS7_S_BODY 1 +#define PKCS7_S_TAIL 2 + int state; /* used during processing */ + + int detached; + + ASN1_OBJECT *type; + /* content as defined by the type */ + /* all encryption/message digests are applied to the 'contents', + * leaving out the 'type' field. */ + union { + char *ptr; + + /* NID_pkcs7_data */ + ASN1_OCTET_STRING *data; + + /* NID_pkcs7_signed */ + PKCS7_SIGNED *sign; + + /* NID_pkcs7_enveloped */ + PKCS7_ENVELOPE *enveloped; + + /* NID_pkcs7_signedAndEnveloped */ + PKCS7_SIGN_ENVELOPE *signed_and_enveloped; + + /* NID_pkcs7_digest */ + PKCS7_DIGEST *digest; + + /* NID_pkcs7_encrypted */ + PKCS7_ENCRYPT *encrypted; + + /* Anything else */ + ASN1_TYPE *other; + } d; +} PKCS7; + +DECLARE_STACK_OF(PKCS7) +DECLARE_PKCS12_STACK_OF(PKCS7) + +#define PKCS7_OP_SET_DETACHED_SIGNATURE 1 +#define PKCS7_OP_GET_DETACHED_SIGNATURE 2 + +#define PKCS7_get_signed_attributes(si) ((si)->auth_attr) +#define PKCS7_get_attributes(si) ((si)->unauth_attr) + +#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) +#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) +#define PKCS7_type_is_signedAndEnveloped(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) +#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +#define PKCS7_type_is_encrypted(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) + +#define PKCS7_set_detached(p,v) \ + PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) +#define PKCS7_get_detached(p) \ + PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) + +#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) + +/* S/MIME related flags */ + +#define PKCS7_TEXT 0x1 +#define PKCS7_NOCERTS 0x2 +#define PKCS7_NOSIGS 0x4 +#define PKCS7_NOCHAIN 0x8 +#define PKCS7_NOINTERN 0x10 +#define PKCS7_NOVERIFY 0x20 +#define PKCS7_DETACHED 0x40 +#define PKCS7_BINARY 0x80 +#define PKCS7_NOATTR 0x100 +#define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 +#define PKCS7_PARTIAL 0x4000 +#define PKCS7_REUSE_DIGEST 0x8000 + +/* Flags: for compatibility with older code */ + +#define SMIME_TEXT PKCS7_TEXT +#define SMIME_NOCERTS PKCS7_NOCERTS +#define SMIME_NOSIGS PKCS7_NOSIGS +#define SMIME_NOCHAIN PKCS7_NOCHAIN +#define SMIME_NOINTERN PKCS7_NOINTERN +#define SMIME_NOVERIFY PKCS7_NOVERIFY +#define SMIME_DETACHED PKCS7_DETACHED +#define SMIME_BINARY PKCS7_BINARY +#define SMIME_NOATTR PKCS7_NOATTR + +PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void); +void PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a); +PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, const unsigned char **in, long len); +int i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ISSUER_AND_SERIAL_it; + +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, unsigned int *len); +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); +PKCS7 *PKCS7_dup(PKCS7 *p7); +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void); +void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a); +PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, const unsigned char **in, long len); +int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_SIGNER_INFO_it; +PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void); +void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a); +PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, const unsigned char **in, long len); +int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_RECIP_INFO_it; +PKCS7_SIGNED *PKCS7_SIGNED_new(void); +void PKCS7_SIGNED_free(PKCS7_SIGNED *a); +PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, const unsigned char **in, long len); +int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_SIGNED_it; +PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void); +void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a); +PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, const unsigned char **in, long len); +int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ENC_CONTENT_it; +PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void); +void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a); +PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, const unsigned char **in, long len); +int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ENVELOPE_it; +PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void); +void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a); +PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, const unsigned char **in, long len); +int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_SIGN_ENVELOPE_it; +PKCS7_DIGEST *PKCS7_DIGEST_new(void); +void PKCS7_DIGEST_free(PKCS7_DIGEST *a); +PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, const unsigned char **in, long len); +int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_DIGEST_it; +PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void); +void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a); +PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, const unsigned char **in, long len); +int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ENCRYPT_it; +PKCS7 *PKCS7_new(void); +void PKCS7_free(PKCS7 *a); +PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len); +int i2d_PKCS7(PKCS7 *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_it; + +extern const ASN1_ITEM PKCS7_ATTR_SIGN_it; +extern const ASN1_ITEM PKCS7_ATTR_VERIFY_it; + +int PKCS7_print_ctx(BIO *out, PKCS7 *x, int indent, const ASN1_PCTX *pctx); + +long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); + +int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); +int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); +int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); +int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); +int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); +int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); +int PKCS7_content_new(PKCS7 *p7, int nid); +int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, + X509 *x509); + +BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); +int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); +BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); + + +PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, + EVP_PKEY *pkey, const EVP_MD *dgst); +X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); +STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); + +PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); +int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); +int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); +int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); + +PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); +ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); +int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value); +ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); +ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); +int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk); + + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, + int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, + STACK_OF(X509_ALGOR) *cap); +STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); + +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + + +void ERR_load_PKCS7_strings(void); + +/* Error codes for the PKCS7 functions. */ + +/* Function codes. */ +#define PKCS7_F_B64_READ_PKCS7 120 +#define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +#define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 +#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 +#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 +#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 +#define PKCS7_F_PKCS7_ADD_CRL 101 +#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +#define PKCS7_F_PKCS7_ADD_SIGNATURE 131 +#define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 +#define PKCS7_F_PKCS7_CTRL 104 +#define PKCS7_F_PKCS7_DATADECODE 112 +#define PKCS7_F_PKCS7_DATAFINAL 128 +#define PKCS7_F_PKCS7_DATAINIT 105 +#define PKCS7_F_PKCS7_DATASIGN 106 +#define PKCS7_F_PKCS7_DATAVERIFY 107 +#define PKCS7_F_PKCS7_DECRYPT 114 +#define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +#define PKCS7_F_PKCS7_ENCODE_RINFO 132 +#define PKCS7_F_PKCS7_ENCRYPT 115 +#define PKCS7_F_PKCS7_FINAL 134 +#define PKCS7_F_PKCS7_FIND_DIGEST 127 +#define PKCS7_F_PKCS7_GET0_SIGNERS 124 +#define PKCS7_F_PKCS7_RECIP_INFO_SET 130 +#define PKCS7_F_PKCS7_SET_CIPHER 108 +#define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 +#define PKCS7_F_PKCS7_SET_TYPE 110 +#define PKCS7_F_PKCS7_SIGN 116 +#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +#define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 +#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +#define PKCS7_F_PKCS7_VERIFY 117 +#define PKCS7_F_SMIME_READ_PKCS7 122 +#define PKCS7_F_SMIME_TEXT 123 + +/* Reason codes. */ +#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 +#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 +#define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +#define PKCS7_R_CTRL_ERROR 152 +#define PKCS7_R_DECODE_ERROR 130 +#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 +#define PKCS7_R_DECRYPT_ERROR 119 +#define PKCS7_R_DIGEST_FAILURE 101 +#define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 +#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +#define PKCS7_R_ERROR_SETTING_CIPHER 121 +#define PKCS7_R_INVALID_MIME_TYPE 131 +#define PKCS7_R_INVALID_NULL_POINTER 143 +#define PKCS7_R_MIME_NO_CONTENT_TYPE 132 +#define PKCS7_R_MIME_PARSE_ERROR 133 +#define PKCS7_R_MIME_SIG_PARSE_ERROR 134 +#define PKCS7_R_MISSING_CERIPEND_INFO 103 +#define PKCS7_R_NO_CONTENT 122 +#define PKCS7_R_NO_CONTENT_TYPE 135 +#define PKCS7_R_NO_DEFAULT_DIGEST 151 +#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 +#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 +#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 +#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 +#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +#define PKCS7_R_NO_SIGNERS 142 +#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 +#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +#define PKCS7_R_PKCS7_DATAFINAL 126 +#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 +#define PKCS7_R_PKCS7_DATASIGN 145 +#define PKCS7_R_PKCS7_PARSE_ERROR 139 +#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 +#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 +#define PKCS7_R_SIGNATURE_FAILURE 105 +#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +#define PKCS7_R_SIGNING_CTRL_FAILURE 147 +#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 +#define PKCS7_R_SIG_INVALID_MIME_TYPE 141 +#define PKCS7_R_SMIME_TEXT_ERROR 129 +#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 +#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 +#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 +#define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 +#define PKCS7_R_UNKNOWN_OPERATION 110 +#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 +#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 +#define PKCS7_R_WRONG_CONTENT_TYPE 113 +#define PKCS7_R_WRONG_PKCS7_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/poly1305.h b/includes/curl/openssl/poly1305.h new file mode 100644 index 0000000..f538335 --- /dev/null +++ b/includes/curl/openssl/poly1305.h @@ -0,0 +1,45 @@ +/* $OpenBSD: poly1305.h,v 1.4 2025/01/25 17:59:44 tb Exp $ */ +/* + * Copyright (c) 2014 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_POLY1305_H +#define HEADER_POLY1305_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct poly1305_context { + size_t aligner; + unsigned char opaque[136]; +} poly1305_context; + +typedef struct poly1305_context poly1305_state; + +void CRYPTO_poly1305_init(poly1305_context *ctx, const unsigned char key[32]); +void CRYPTO_poly1305_update(poly1305_context *ctx, const unsigned char *in, + size_t len); +void CRYPTO_poly1305_finish(poly1305_context *ctx, unsigned char mac[16]); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_POLY1305_H */ diff --git a/includes/curl/openssl/posix_time.h b/includes/curl/openssl/posix_time.h new file mode 100644 index 0000000..82b3f30 --- /dev/null +++ b/includes/curl/openssl/posix_time.h @@ -0,0 +1,54 @@ +/* $OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */ +/* + * Copyright (c) 2022, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSL_HEADER_POSIX_TIME_H +#define OPENSSL_HEADER_POSIX_TIME_H + +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must + * be in the range of year 0000 to 9999, to a broken out time value in |tm|. It + * returns one on success and zero on error. + */ +int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm); + +/* + * OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in + * |tm| to a POSIX time value in |out|. One is returned on success, zero is + * returned on failure. It is a failure if |tm| contains out of range values. + */ +int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out); + +/* + * OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to + * a time_t value in |out|. One is returned on success, zero is returned on + * failure. It is a failure if the converted time can not be represented in a + * time_t, or if the tm contains out of range values. + */ +int OPENSSL_timegm(const struct tm *tm, time_t *out); + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_POSIX_TIME_H */ diff --git a/includes/curl/openssl/rand.h b/includes/curl/openssl/rand.h new file mode 100644 index 0000000..1a2c8f7 --- /dev/null +++ b/includes/curl/openssl/rand.h @@ -0,0 +1,118 @@ +/* $OpenBSD: rand.h,v 1.25 2024/04/10 14:53:01 beck Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#ifndef HEADER_RAND_H +#define HEADER_RAND_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Already defined in ossl_typ.h */ +/* typedef struct rand_meth_st RAND_METHOD; */ + +struct rand_meth_st { + void (*seed)(const void *buf, int num); + int (*bytes)(unsigned char *buf, int num); + void (*cleanup)(void); + void (*add)(const void *buf, int num, double entropy); + int (*pseudorand)(unsigned char *buf, int num); + int (*status)(void); +}; + +int RAND_set_rand_method(const RAND_METHOD *meth); +const RAND_METHOD *RAND_get_rand_method(void); +RAND_METHOD *RAND_SSLeay(void); + +void RAND_cleanup(void ); +int RAND_bytes(unsigned char *buf, int num); +int RAND_pseudo_bytes(unsigned char *buf, int num); +void RAND_seed(const void *buf, int num); +void RAND_add(const void *buf, int num, double entropy); +int RAND_load_file(const char *file, long max_bytes); +int RAND_write_file(const char *file); +const char *RAND_file_name(char *file, size_t num); +int RAND_status(void); +int RAND_poll(void); + +void ERR_load_RAND_strings(void); + +/* Error codes for the RAND functions. (no longer used) */ + +/* Function codes. */ +#define RAND_F_RAND_GET_RAND_METHOD 101 +#define RAND_F_RAND_INIT_FIPS 102 +#define RAND_F_SSLEAY_RAND_BYTES 100 + +/* Reason codes. */ +#define RAND_R_DUAL_EC_DRBG_DISABLED 104 +#define RAND_R_ERROR_INITIALISING_DRBG 102 +#define RAND_R_ERROR_INSTANTIATING_DRBG 103 +#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 +#define RAND_R_PRNG_NOT_SEEDED 100 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/rc2.h b/includes/curl/openssl/rc2.h new file mode 100644 index 0000000..96e395f --- /dev/null +++ b/includes/curl/openssl/rc2.h @@ -0,0 +1,96 @@ +/* $OpenBSD: rc2.h,v 1.13 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RC2_H +#define HEADER_RC2_H + +#include /* OPENSSL_NO_RC2, RC2_INT */ + +#define RC2_ENCRYPT 1 +#define RC2_DECRYPT 0 + +#define RC2_BLOCK 8 +#define RC2_KEY_LENGTH 16 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc2_key_st { + RC2_INT data[64]; +} RC2_KEY; + +void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits); +void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *key, + int enc); +void RC2_encrypt(unsigned long *data, RC2_KEY *key); +void RC2_decrypt(unsigned long *data, RC2_KEY *key); +void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + RC2_KEY *ks, unsigned char *iv, int enc); +void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num, int enc); +void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, RC2_KEY *schedule, unsigned char *ivec, + int *num); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/rc4.h b/includes/curl/openssl/rc4.h new file mode 100644 index 0000000..a204723 --- /dev/null +++ b/includes/curl/openssl/rc4.h @@ -0,0 +1,83 @@ +/* $OpenBSD: rc4.h,v 1.16 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RC4_H +#define HEADER_RC4_H + +#include /* OPENSSL_NO_RC4, RC4_INT */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct rc4_key_st { + RC4_INT x, y; + RC4_INT data[256]; +} RC4_KEY; + +void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/ripemd.h b/includes/curl/openssl/ripemd.h new file mode 100644 index 0000000..c7b1bd7 --- /dev/null +++ b/includes/curl/openssl/ripemd.h @@ -0,0 +1,107 @@ +/* $OpenBSD: ripemd.h,v 1.20 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#ifndef HEADER_RIPEMD_H +#define HEADER_RIPEMD_H + +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(__LP32__) +#define RIPEMD160_LONG unsigned long +#elif defined(__ILP64__) +#define RIPEMD160_LONG unsigned long +#define RIPEMD160_LONG_LOG2 3 +#else +#define RIPEMD160_LONG unsigned int +#endif + +#define RIPEMD160_CBLOCK 64 +#define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) +#define RIPEMD160_DIGEST_LENGTH 20 + +typedef struct RIPEMD160state_st { + RIPEMD160_LONG A, B,C, D, E; + RIPEMD160_LONG Nl, Nh; + RIPEMD160_LONG data[RIPEMD160_LBLOCK]; + unsigned int num; +} RIPEMD160_CTX; + +int RIPEMD160_Init(RIPEMD160_CTX *c); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +unsigned char *RIPEMD160(const unsigned char *d, size_t n, + unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/rsa.h b/includes/curl/openssl/rsa.h new file mode 100644 index 0000000..5620128 --- /dev/null +++ b/includes/curl/openssl/rsa.h @@ -0,0 +1,603 @@ +/* $OpenBSD: rsa.h,v 1.67 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_RSA_H +#define HEADER_RSA_H + +#include + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; + + /* Hash algorithm decoded from maskGenAlgorithm. */ + X509_ALGOR *maskHash; +} /* RSA_PSS_PARAMS */; + +typedef struct rsa_oaep_params_st { + X509_ALGOR *hashFunc; + X509_ALGOR *maskGenFunc; + X509_ALGOR *pSourceFunc; + + /* Hash algorithm decoded from maskGenFunc. */ + X509_ALGOR *maskHash; +} RSA_OAEP_PARAMS; + +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif + +#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +#endif +#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ +#endif + +#define RSA_3 0x3L +#define RSA_F4 0x10001L + +/* Don't check pub/private match. */ +#define RSA_METHOD_FLAG_NO_CHECK 0x0001 + +#define RSA_FLAG_CACHE_PUBLIC 0x0002 +#define RSA_FLAG_CACHE_PRIVATE 0x0004 +#define RSA_FLAG_BLINDING 0x0008 +#define RSA_FLAG_THREAD_SAFE 0x0010 + +/* + * This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag bn_mod_exp + * gets called when private key components are absent. + */ +#define RSA_FLAG_EXT_PKEY 0x0020 + +/* + * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. + */ +#define RSA_FLAG_SIGN_VER 0x0040 + +/* + * The built-in RSA implementation uses blinding by default, but other engines + * might not need it. + */ +#define RSA_FLAG_NO_BLINDING 0x0080 + +/* Salt length matches digest */ +#define RSA_PSS_SALTLEN_DIGEST -1 +/* Verify only: auto detect salt length */ +#define RSA_PSS_SALTLEN_AUTO -2 +/* Set salt length to maximum possible */ +#define RSA_PSS_SALTLEN_MAX -3 + +#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL) + +#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +#define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL) + +#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen) + +#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +#define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +#define EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md)) + +#define EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)) + +#define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd)) + +#define EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd)) + +#define EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l)) + +#define EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, \ + EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l)) + +#define EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, \ + EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD, 0, (void *)(md)) + +#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +#define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) + +#define EVP_PKEY_CTRL_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 9) +#define EVP_PKEY_CTRL_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 10) + +#define EVP_PKEY_CTRL_GET_RSA_OAEP_MD (EVP_PKEY_ALG_CTRL + 11) +#define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12) + +#define RSA_PKCS1_PADDING 1 +#define RSA_SSLV23_PADDING 2 +#define RSA_NO_PADDING 3 +#define RSA_PKCS1_OAEP_PADDING 4 +/* rust-openssl and erlang expose this and salt even uses it. */ +#define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +#define RSA_PKCS1_PSS_PADDING 6 + +#define RSA_PKCS1_PADDING_SIZE 11 + +#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) +#define RSA_get_app_data(s) RSA_get_ex_data(s,0) + +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); +int RSA_size(const RSA *rsa); + +/* + * Wrapped in OPENSSL_NO_DEPRECATED in 0.9.8. Still used for libressl bindings + * in rust-openssl. + */ +RSA *RSA_generate_key(int bits, unsigned long e, + void (*callback)(int, int, void *), void *cb_arg); + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + +int RSA_check_key(const RSA *); +/* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); +/* "up" the RSA object's reference count */ +int RSA_up_ref(RSA *r); + +int RSA_flags(const RSA *r); + +void RSA_set_default_method(const RSA_METHOD *meth); +const RSA_METHOD *RSA_get_default_method(void); +const RSA_METHOD *RSA_get_method(const RSA *rsa); +int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); + +const RSA_METHOD *RSA_PKCS1_OpenSSL(void); +const RSA_METHOD *RSA_PKCS1_SSLeay(void); + +int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2); + +RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len); +int i2d_RSAPublicKey(const RSA *a, unsigned char **out); +extern const ASN1_ITEM RSAPublicKey_it; +RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len); +int i2d_RSAPrivateKey(const RSA *a, unsigned char **out); +extern const ASN1_ITEM RSAPrivateKey_it; + +RSA_PSS_PARAMS *RSA_PSS_PARAMS_new(void); +void RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a); +RSA_PSS_PARAMS *d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len); +int i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out); +extern const ASN1_ITEM RSA_PSS_PARAMS_it; + +RSA_OAEP_PARAMS *RSA_OAEP_PARAMS_new(void); +void RSA_OAEP_PARAMS_free(RSA_OAEP_PARAMS *a); +RSA_OAEP_PARAMS *d2i_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS **a, const unsigned char **in, long len); +int i2d_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS *a, unsigned char **out); +extern const ASN1_ITEM RSA_OAEP_PARAMS_it; + +int RSA_print_fp(FILE *fp, const RSA *r, int offset); + +#ifndef OPENSSL_NO_BIO +int RSA_print(BIO *bp, const RSA *r, int offset); +#endif + +/* The following 2 functions sign and verify a X509_SIG ASN1 object + * inside PKCS#1 padded RSA encryption */ +int RSA_sign(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); +int RSA_verify(int type, const unsigned char *m, unsigned int m_length, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +/* The following 2 function sign and verify a ASN1_OCTET_STRING + * object inside PKCS#1 padded RSA encryption */ +int RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, unsigned int siglen, + RSA *rsa); + +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, const unsigned char *param, int plen, + const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num, const unsigned char *param, + int plen, const EVP_MD *md, const EVP_MD *mgf1md); +int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, const unsigned char *EM, + int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); + +int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int RSA_set_ex_data(RSA *r, int idx, void *arg); +void *RSA_get_ex_data(const RSA *r, int idx); + +int RSA_security_bits(const RSA *rsa); + +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, + const BIGNUM **d); +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +const BIGNUM *RSA_get0_n(const RSA *r); +const BIGNUM *RSA_get0_e(const RSA *r); +const BIGNUM *RSA_get0_d(const RSA *r); +const BIGNUM *RSA_get0_p(const RSA *r); +const BIGNUM *RSA_get0_q(const RSA *r); +const BIGNUM *RSA_get0_dmp1(const RSA *r); +const BIGNUM *RSA_get0_dmq1(const RSA *r); +const BIGNUM *RSA_get0_iqmp(const RSA *r); +const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r); +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* If this flag is set the RSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its responsibility + * to ensure the result is compliant. + */ + +#define RSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* Application has decided PRNG is good enough to generate a key: don't + * check. + */ +#define RSA_FLAG_CHECKED 0x0800 + +RSA_METHOD *RSA_meth_new(const char *name, int flags); +void RSA_meth_free(RSA_METHOD *meth); +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); +int RSA_meth_set_pub_enc(RSA_METHOD *meth, int (*pub_enc)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +int RSA_meth_set_pub_dec(RSA_METHOD *meth, int (*pub_dec)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +int RSA_meth_set_mod_exp(RSA_METHOD *meth, int (*mod_exp)(BIGNUM *r0, + const BIGNUM *i, RSA *rsa, BN_CTX *ctx)); +int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth, int (*bn_mod_exp)(BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx)); +int RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa)); +int RSA_meth_set_keygen(RSA_METHOD *meth, int (*keygen)(RSA *rsa, int bits, + BIGNUM *e, BN_GENCB *cb)); +int RSA_meth_set_flags(RSA_METHOD *meth, int flags); +int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data); +const char *RSA_meth_get0_name(const RSA_METHOD *); +int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding); +int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding); +int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding); +int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding); +int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))(BIGNUM *r0, const BIGNUM *i, + RSA *rsa, BN_CTX *ctx); +int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))(BIGNUM *r, + const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); +int (*RSA_meth_get_init(const RSA_METHOD *meth))(RSA *rsa); +int (*RSA_meth_get_keygen(const RSA_METHOD *meth))(RSA *rsa, int bits, BIGNUM *e, + BN_GENCB *cb); +int RSA_meth_get_flags(const RSA_METHOD *meth); +void *RSA_meth_get0_app_data(const RSA_METHOD *meth); +int (*RSA_meth_get_sign(const RSA_METHOD *meth))(int type, + const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, + const RSA *rsa); +int RSA_meth_set_sign(RSA_METHOD *rsa, int (*sign)(int type, + const unsigned char *m, unsigned int m_length, unsigned char *sigret, + unsigned int *siglen, const RSA *rsa)); +int (*RSA_meth_get_verify(const RSA_METHOD *meth))(int dtype, + const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +int RSA_meth_set_verify(RSA_METHOD *rsa, int (*verify)(int dtype, + const unsigned char *m, unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa)); + + +void ERR_load_RSA_strings(void); + +/* Error codes for the RSA functions. */ + +/* Function codes. */ +#define RSA_F_CHECK_PADDING_MD 140 +#define RSA_F_DO_RSA_PRINT 146 +#define RSA_F_INT_RSA_VERIFY 145 +#define RSA_F_MEMORY_LOCK 100 +#define RSA_F_OLD_RSA_PRIV_DECODE 147 +#define RSA_F_PKEY_RSA_CTRL 143 +#define RSA_F_PKEY_RSA_CTRL_STR 144 +#define RSA_F_PKEY_RSA_SIGN 142 +#define RSA_F_PKEY_RSA_VERIFY 154 +#define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +#define RSA_F_RSA_BUILTIN_KEYGEN 129 +#define RSA_F_RSA_CHECK_KEY 123 +#define RSA_F_RSA_EAY_MOD_EXP 157 +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +#define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_GENERATE_KEY_EX 155 +#define RSA_F_RSA_ITEM_VERIFY 156 +#define RSA_F_RSA_MEMORY_LOCK 130 +#define RSA_F_RSA_NEW_METHOD 106 +#define RSA_F_RSA_NULL 124 +#define RSA_F_RSA_NULL_MOD_EXP 131 +#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 +#define RSA_F_RSA_PADDING_ADD_NONE 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +#define RSA_F_RSA_PADDING_ADD_X931 127 +#define RSA_F_RSA_PADDING_CHECK_NONE 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +#define RSA_F_RSA_PADDING_CHECK_X931 128 +#define RSA_F_RSA_PRINT 115 +#define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_PRIVATE_DECRYPT 150 +#define RSA_F_RSA_PRIVATE_ENCRYPT 151 +#define RSA_F_RSA_PRIV_DECODE 137 +#define RSA_F_RSA_PRIV_ENCODE 138 +#define RSA_F_RSA_PUBLIC_DECRYPT 152 +#define RSA_F_RSA_PUBLIC_ENCRYPT 153 +#define RSA_F_RSA_PUB_DECODE 139 +#define RSA_F_RSA_SETUP_BLINDING 136 +#define RSA_F_RSA_SIGN 117 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +#define RSA_F_RSA_VERIFY 119 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 +#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 + +/* Reason codes. */ +#define RSA_R_ALGORITHM_MISMATCH 100 +#define RSA_R_BAD_E_VALUE 101 +#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 +#define RSA_R_BAD_PAD_BYTE_COUNT 103 +#define RSA_R_BAD_SIGNATURE 104 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +#define RSA_R_DATA_TOO_LARGE 109 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 +#define RSA_R_DATA_TOO_SMALL 111 +#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +#define RSA_R_DIGEST_DOES_NOT_MATCH 158 +#define RSA_R_DIGEST_NOT_ALLOWED 145 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +#define RSA_R_FIRST_OCTET_INVALID 133 +#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +#define RSA_R_INVALID_DIGEST 157 +#define RSA_R_INVALID_DIGEST_LENGTH 143 +#define RSA_R_INVALID_HEADER 137 +#define RSA_R_INVALID_KEYBITS 145 +#define RSA_R_INVALID_LABEL 160 +#define RSA_R_INVALID_MESSAGE_LENGTH 131 +#define RSA_R_INVALID_MGF1_MD 156 +#define RSA_R_INVALID_OAEP_PARAMETERS 161 +#define RSA_R_INVALID_PADDING 138 +#define RSA_R_INVALID_PADDING_MODE 141 +#define RSA_R_INVALID_PSS_PARAMETERS 149 +#define RSA_R_INVALID_PSS_SALTLEN 146 +#define RSA_R_INVALID_SALT_LENGTH 150 +#define RSA_R_INVALID_TRAILER 139 +#define RSA_R_INVALID_X931_DIGEST 142 +#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +#define RSA_R_KEY_SIZE_TOO_SMALL 120 +#define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_MODULUS_TOO_LARGE 105 +#define RSA_R_MGF1_DIGEST_NOT_ALLOWED 152 +#define RSA_R_NON_FIPS_RSA_METHOD 157 +#define RSA_R_NO_PUBLIC_EXPONENT 140 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +#define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 +#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 +#define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_PSS_SALTLEN_TOO_SMALL 164 +#define RSA_R_P_NOT_PRIME 128 +#define RSA_R_Q_NOT_PRIME 129 +#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SLEN_CHECK_FAILED 136 +#define RSA_R_SLEN_RECOVERY_FAILED 135 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +#define RSA_R_UNKNOWN_DIGEST 166 +#define RSA_R_UNKNOWN_MASK_DIGEST 151 +#define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_UNKNOWN_PSS_DIGEST 152 +#define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE 162 +#define RSA_R_UNSUPPORTED_LABEL_SOURCE 163 +#define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +#define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +#define RSA_R_VALUE_MISSING 147 +#define RSA_R_WRONG_SIGNATURE_LENGTH 119 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/safestack.h b/includes/curl/openssl/safestack.h new file mode 100644 index 0000000..8425a45 --- /dev/null +++ b/includes/curl/openssl/safestack.h @@ -0,0 +1,1739 @@ +/* $OpenBSD: safestack.h,v 1.33 2024/03/02 11:22:48 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_SAFESTACK_H +#define HEADER_SAFESTACK_H + +#include + +#ifndef CHECKED_PTR_OF +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#endif + +/* In C++ we get problems because an explicit cast is needed from (void *) + * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros + * below. + */ + +#define CHECKED_STACK_OF(type, p) \ + ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) + +#define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +#define CHECKED_SK_FREE_FUNC2(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type))0))) + +#define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const void *, const void *)) \ + ((1 ? p : (int (*)(const type * const *, const type * const *))0))) + +#define STACK_OF(type) struct stack_st_##type +#define PREDECLARE_STACK_OF(type) STACK_OF(type); + +#define DECLARE_STACK_OF(type) STACK_OF(type); +#define DECLARE_SPECIAL_STACK_OF(type, type2) STACK_OF(type); + +#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ + + +/* Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * +o * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; + +typedef const char *OPENSSL_CSTRING; + +/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as + * mentioned above, instead of a single char each entry is a + * NUL-terminated array of chars. So, we have to implement STRING + * specially for STACK_OF. This is dealt with in the autogenerated + * macros below. + */ + +DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + +/* SKM_sk_... stack macros are internal to safestack.h: + * never use them directly, use sk__... instead */ +#define SKM_sk_new(type, cmp) \ + ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) +#define SKM_sk_new_null(type) \ + ((STACK_OF(type) *)sk_new_null()) +#define SKM_sk_free(type, st) \ + sk_free(CHECKED_STACK_OF(type, st)) +#define SKM_sk_num(type, st) \ + sk_num(CHECKED_STACK_OF(type, st)) +#define SKM_sk_value(type, st,i) \ + ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) +#define SKM_sk_set(type, st,i,val) \ + sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) +#define SKM_sk_zero(type, st) \ + sk_zero(CHECKED_STACK_OF(type, st)) +#define SKM_sk_push(type, st, val) \ + sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_unshift(type, st, val) \ + sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_find(type, st, val) \ + sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_delete(type, st, i) \ + (type *)sk_delete(CHECKED_STACK_OF(type, st), i) +#define SKM_sk_delete_ptr(type, st, ptr) \ + (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) +#define SKM_sk_insert(type, st,val, i) \ + sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) +#define SKM_sk_set_cmp_func(type, st, cmp) \ + ((int (*)(const type * const *,const type * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) +#define SKM_sk_dup(type, st) \ + (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) +#define SKM_sk_pop_free(type, st, free_func) \ + sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) +#define SKM_sk_shift(type, st) \ + (type *)sk_shift(CHECKED_STACK_OF(type, st)) +#define SKM_sk_pop(type, st) \ + (type *)sk_pop(CHECKED_STACK_OF(type, st)) +#define SKM_sk_sort(type, st) \ + sk_sort(CHECKED_STACK_OF(type, st)) +#define SKM_sk_is_sorted(type, st) \ + sk_is_sorted(CHECKED_STACK_OF(type, st)) + +#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) +#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) +#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) +#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) +#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) +#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) +#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) +#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) +#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) +#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) +#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) + +#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) +#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) +#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) +#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) +#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) +#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) +#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) +#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) +#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) +#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) +#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) +#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) +#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) +#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) +#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) + +#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) +#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) +#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) +#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) +#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) +#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) +#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) +#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) +#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) +#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) +#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) + +#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) +#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) +#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) +#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) +#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) +#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) +#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) +#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) +#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) +#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) +#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) + +#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) +#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) +#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) +#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) +#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) +#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) +#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) +#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) +#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) +#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) +#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) + +#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) +#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) +#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) +#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) +#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) +#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) +#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) +#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) +#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) +#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) +#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) + +#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) +#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) +#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) +#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) +#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) +#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) +#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) +#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) +#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) + +#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) +#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) +#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) +#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) +#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) +#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) +#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) +#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) +#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) +#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) +#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) + +#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) +#define sk_BIO_new_null() SKM_sk_new_null(BIO) +#define sk_BIO_free(st) SKM_sk_free(BIO, (st)) +#define sk_BIO_num(st) SKM_sk_num(BIO, (st)) +#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) +#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) +#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) +#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) +#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) +#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) +#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) +#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) +#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) +#define sk_BIO_dup(st) SKM_sk_dup(BIO, st) +#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) +#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) +#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) +#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) +#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) + +#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) +#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) +#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) +#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) +#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) +#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) +#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) +#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) +#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) + +#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) +#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) +#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) +#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) +#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) +#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) +#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) +#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) +#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) + +#define sk_CMS_CertificateChoices_new(cmp) SKM_sk_new(CMS_CertificateChoices, (cmp)) +#define sk_CMS_CertificateChoices_new_null() SKM_sk_new_null(CMS_CertificateChoices) +#define sk_CMS_CertificateChoices_free(st) SKM_sk_free(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_num(st) SKM_sk_num(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_value(st, i) SKM_sk_value(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_set(st, i, val) SKM_sk_set(CMS_CertificateChoices, (st), (i), (val)) +#define sk_CMS_CertificateChoices_zero(st) SKM_sk_zero(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_push(st, val) SKM_sk_push(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_unshift(st, val) SKM_sk_unshift(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_find(st, val) SKM_sk_find(CMS_CertificateChoices, (st), (val)) +#define sk_CMS_CertificateChoices_delete(st, i) SKM_sk_delete(CMS_CertificateChoices, (st), (i)) +#define sk_CMS_CertificateChoices_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_CertificateChoices, (st), (ptr)) +#define sk_CMS_CertificateChoices_insert(st, val, i) SKM_sk_insert(CMS_CertificateChoices, (st), (val), (i)) +#define sk_CMS_CertificateChoices_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_CertificateChoices, (st), (cmp)) +#define sk_CMS_CertificateChoices_dup(st) SKM_sk_dup(CMS_CertificateChoices, st) +#define sk_CMS_CertificateChoices_pop_free(st, free_func) SKM_sk_pop_free(CMS_CertificateChoices, (st), (free_func)) +#define sk_CMS_CertificateChoices_shift(st) SKM_sk_shift(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_pop(st) SKM_sk_pop(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_sort(st) SKM_sk_sort(CMS_CertificateChoices, (st)) +#define sk_CMS_CertificateChoices_is_sorted(st) SKM_sk_is_sorted(CMS_CertificateChoices, (st)) + +#define sk_CMS_RecipientEncryptedKey_new(cmp) SKM_sk_new(CMS_RecipientEncryptedKey, (cmp)) +#define sk_CMS_RecipientEncryptedKey_new_null() SKM_sk_new_null(CMS_RecipientEncryptedKey) +#define sk_CMS_RecipientEncryptedKey_free(st) SKM_sk_free(CMS_RecipientEncryptedKey, (st)) +#define sk_CMS_RecipientEncryptedKey_num(st) SKM_sk_num(CMS_RecipientEncryptedKey, (st)) +#define sk_CMS_RecipientEncryptedKey_value(st, i) SKM_sk_value(CMS_RecipientEncryptedKey, (st), (i)) +#define sk_CMS_RecipientEncryptedKey_set(st, i, val) SKM_sk_set(CMS_RecipientEncryptedKey, (st), (i), (val)) +#define sk_CMS_RecipientEncryptedKey_zero(st) SKM_sk_zero(CMS_RecipientEncryptedKey, (st)) +#define sk_CMS_RecipientEncryptedKey_push(st, val) SKM_sk_push(CMS_RecipientEncryptedKey, (st), (val)) +#define sk_CMS_RecipientEncryptedKey_unshift(st, val) SKM_sk_unshift(CMS_RecipientEncryptedKey, (st), (val)) +#define sk_CMS_RecipientEncryptedKey_find(st, val) SKM_sk_find(CMS_RecipientEncryptedKey, (st), (val)) +#define sk_CMS_RecipientEncryptedKey_delete(st, i) SKM_sk_delete(CMS_RecipientEncryptedKey, (st), (i)) +#define sk_CMS_RecipientEncryptedKey_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientEncryptedKey, (st), (ptr)) +#define sk_CMS_RecipientEncryptedKey_insert(st, val, i) SKM_sk_insert(CMS_RecipientEncryptedKey, (st), (val), (i)) +#define sk_CMS_RecipientEncryptedKey_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientEncryptedKey, (st), (cmp)) +#define sk_CMS_RecipientEncryptedKey_dup(st) SKM_sk_dup(CMS_RecipientEncryptedKey, st) +#define sk_CMS_RecipientEncryptedKey_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientEncryptedKey, (st), (free_func)) +#define sk_CMS_RecipientEncryptedKey_shift(st) SKM_sk_shift(CMS_RecipientEncryptedKey, (st)) +#define sk_CMS_RecipientEncryptedKey_pop(st) SKM_sk_pop(CMS_RecipientEncryptedKey, (st)) +#define sk_CMS_RecipientEncryptedKey_sort(st) SKM_sk_sort(CMS_RecipientEncryptedKey, (st)) +#define sk_CMS_RecipientEncryptedKey_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientEncryptedKey, (st)) + +#define sk_CMS_RecipientInfo_new(cmp) SKM_sk_new(CMS_RecipientInfo, (cmp)) +#define sk_CMS_RecipientInfo_new_null() SKM_sk_new_null(CMS_RecipientInfo) +#define sk_CMS_RecipientInfo_free(st) SKM_sk_free(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_num(st) SKM_sk_num(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_value(st, i) SKM_sk_value(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_set(st, i, val) SKM_sk_set(CMS_RecipientInfo, (st), (i), (val)) +#define sk_CMS_RecipientInfo_zero(st) SKM_sk_zero(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_push(st, val) SKM_sk_push(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_unshift(st, val) SKM_sk_unshift(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_find(st, val) SKM_sk_find(CMS_RecipientInfo, (st), (val)) +#define sk_CMS_RecipientInfo_delete(st, i) SKM_sk_delete(CMS_RecipientInfo, (st), (i)) +#define sk_CMS_RecipientInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RecipientInfo, (st), (ptr)) +#define sk_CMS_RecipientInfo_insert(st, val, i) SKM_sk_insert(CMS_RecipientInfo, (st), (val), (i)) +#define sk_CMS_RecipientInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RecipientInfo, (st), (cmp)) +#define sk_CMS_RecipientInfo_dup(st) SKM_sk_dup(CMS_RecipientInfo, st) +#define sk_CMS_RecipientInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_RecipientInfo, (st), (free_func)) +#define sk_CMS_RecipientInfo_shift(st) SKM_sk_shift(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_pop(st) SKM_sk_pop(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_sort(st) SKM_sk_sort(CMS_RecipientInfo, (st)) +#define sk_CMS_RecipientInfo_is_sorted(st) SKM_sk_is_sorted(CMS_RecipientInfo, (st)) + +#define sk_CMS_RevocationInfoChoice_new(cmp) SKM_sk_new(CMS_RevocationInfoChoice, (cmp)) +#define sk_CMS_RevocationInfoChoice_new_null() SKM_sk_new_null(CMS_RevocationInfoChoice) +#define sk_CMS_RevocationInfoChoice_free(st) SKM_sk_free(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_num(st) SKM_sk_num(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_value(st, i) SKM_sk_value(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_set(st, i, val) SKM_sk_set(CMS_RevocationInfoChoice, (st), (i), (val)) +#define sk_CMS_RevocationInfoChoice_zero(st) SKM_sk_zero(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_push(st, val) SKM_sk_push(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_unshift(st, val) SKM_sk_unshift(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_find(st, val) SKM_sk_find(CMS_RevocationInfoChoice, (st), (val)) +#define sk_CMS_RevocationInfoChoice_delete(st, i) SKM_sk_delete(CMS_RevocationInfoChoice, (st), (i)) +#define sk_CMS_RevocationInfoChoice_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_RevocationInfoChoice, (st), (ptr)) +#define sk_CMS_RevocationInfoChoice_insert(st, val, i) SKM_sk_insert(CMS_RevocationInfoChoice, (st), (val), (i)) +#define sk_CMS_RevocationInfoChoice_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_RevocationInfoChoice, (st), (cmp)) +#define sk_CMS_RevocationInfoChoice_dup(st) SKM_sk_dup(CMS_RevocationInfoChoice, st) +#define sk_CMS_RevocationInfoChoice_pop_free(st, free_func) SKM_sk_pop_free(CMS_RevocationInfoChoice, (st), (free_func)) +#define sk_CMS_RevocationInfoChoice_shift(st) SKM_sk_shift(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_pop(st) SKM_sk_pop(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_sort(st) SKM_sk_sort(CMS_RevocationInfoChoice, (st)) +#define sk_CMS_RevocationInfoChoice_is_sorted(st) SKM_sk_is_sorted(CMS_RevocationInfoChoice, (st)) + +#define sk_CMS_SignerInfo_new(cmp) SKM_sk_new(CMS_SignerInfo, (cmp)) +#define sk_CMS_SignerInfo_new_null() SKM_sk_new_null(CMS_SignerInfo) +#define sk_CMS_SignerInfo_free(st) SKM_sk_free(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_num(st) SKM_sk_num(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_value(st, i) SKM_sk_value(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_set(st, i, val) SKM_sk_set(CMS_SignerInfo, (st), (i), (val)) +#define sk_CMS_SignerInfo_zero(st) SKM_sk_zero(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_push(st, val) SKM_sk_push(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_unshift(st, val) SKM_sk_unshift(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_find(st, val) SKM_sk_find(CMS_SignerInfo, (st), (val)) +#define sk_CMS_SignerInfo_delete(st, i) SKM_sk_delete(CMS_SignerInfo, (st), (i)) +#define sk_CMS_SignerInfo_delete_ptr(st, ptr) SKM_sk_delete_ptr(CMS_SignerInfo, (st), (ptr)) +#define sk_CMS_SignerInfo_insert(st, val, i) SKM_sk_insert(CMS_SignerInfo, (st), (val), (i)) +#define sk_CMS_SignerInfo_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CMS_SignerInfo, (st), (cmp)) +#define sk_CMS_SignerInfo_dup(st) SKM_sk_dup(CMS_SignerInfo, st) +#define sk_CMS_SignerInfo_pop_free(st, free_func) SKM_sk_pop_free(CMS_SignerInfo, (st), (free_func)) +#define sk_CMS_SignerInfo_shift(st) SKM_sk_shift(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_pop(st) SKM_sk_pop(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_sort(st) SKM_sk_sort(CMS_SignerInfo, (st)) +#define sk_CMS_SignerInfo_is_sorted(st) SKM_sk_is_sorted(CMS_SignerInfo, (st)) + +#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) +#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) +#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) +#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) +#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) +#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) +#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) +#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) +#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) +#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) +#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) + +#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) +#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) +#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) +#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) +#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) +#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) +#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) +#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) +#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) +#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) +#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) +#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) +#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) +#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) +#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) +#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) +#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) + +#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) +#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) +#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) +#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) +#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) +#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) +#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) +#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) +#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) +#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) +#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) +#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) +#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) +#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) +#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) +#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) +#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) + +#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) +#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) +#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) +#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) +#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) +#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) +#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) +#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) +#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) +#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) +#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) + +#define sk_CTLOG_new(cmp) SKM_sk_new(CTLOG, (cmp)) +#define sk_CTLOG_new_null() SKM_sk_new_null(CTLOG) +#define sk_CTLOG_free(st) SKM_sk_free(CTLOG, (st)) +#define sk_CTLOG_num(st) SKM_sk_num(CTLOG, (st)) +#define sk_CTLOG_value(st, i) SKM_sk_value(CTLOG, (st), (i)) +#define sk_CTLOG_set(st, i, val) SKM_sk_set(CTLOG, (st), (i), (val)) +#define sk_CTLOG_zero(st) SKM_sk_zero(CTLOG, (st)) +#define sk_CTLOG_push(st, val) SKM_sk_push(CTLOG, (st), (val)) +#define sk_CTLOG_unshift(st, val) SKM_sk_unshift(CTLOG, (st), (val)) +#define sk_CTLOG_find(st, val) SKM_sk_find(CTLOG, (st), (val)) +#define sk_CTLOG_delete(st, i) SKM_sk_delete(CTLOG, (st), (i)) +#define sk_CTLOG_delete_ptr(st, ptr) SKM_sk_delete_ptr(CTLOG, (st), (ptr)) +#define sk_CTLOG_insert(st, val, i) SKM_sk_insert(CTLOG, (st), (val), (i)) +#define sk_CTLOG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CTLOG, (st), (cmp)) +#define sk_CTLOG_dup(st) SKM_sk_dup(CTLOG, st) +#define sk_CTLOG_pop_free(st, free_func) SKM_sk_pop_free(CTLOG, (st), (free_func)) +#define sk_CTLOG_shift(st) SKM_sk_shift(CTLOG, (st)) +#define sk_CTLOG_pop(st) SKM_sk_pop(CTLOG, (st)) +#define sk_CTLOG_sort(st) SKM_sk_sort(CTLOG, (st)) +#define sk_CTLOG_is_sorted(st) SKM_sk_is_sorted(CTLOG, (st)) + +#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) +#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) +#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) +#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) +#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) +#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) +#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) +#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) +#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) +#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) +#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) +#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) +#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) +#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) +#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) +#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) +#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) + +#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) +#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) +#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) +#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) +#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) +#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) +#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) +#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) +#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) + +#ifdef LIBRESSL_INTERNAL +#define sk_ESS_CERT_ID_V2_new(cmp) SKM_sk_new(ESS_CERT_ID_V2, (cmp)) +#define sk_ESS_CERT_ID_V2_new_null() SKM_sk_new_null(ESS_CERT_ID_V2) +#define sk_ESS_CERT_ID_V2_free(st) SKM_sk_free(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_num(st) SKM_sk_num(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_value(st, i) SKM_sk_value(ESS_CERT_ID_V2, (st), (i)) +#define sk_ESS_CERT_ID_V2_set(st, i, val) SKM_sk_set(ESS_CERT_ID_V2, (st), (i), (val)) +#define sk_ESS_CERT_ID_V2_zero(st) SKM_sk_zero(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_push(st, val) SKM_sk_push(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_find(st, val) SKM_sk_find(ESS_CERT_ID_V2, (st), (val)) +#define sk_ESS_CERT_ID_V2_delete(st, i) SKM_sk_delete(ESS_CERT_ID_V2, (st), (i)) +#define sk_ESS_CERT_ID_V2_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID_V2, (st), (ptr)) +#define sk_ESS_CERT_ID_V2_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID_V2, (st), (val), (i)) +#define sk_ESS_CERT_ID_V2_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID_V2, (st), (cmp)) +#define sk_ESS_CERT_ID_V2_dup(st) SKM_sk_dup(ESS_CERT_ID_V2, st) +#define sk_ESS_CERT_ID_V2_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID_V2, (st), (free_func)) +#define sk_ESS_CERT_ID_V2_shift(st) SKM_sk_shift(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_pop(st) SKM_sk_pop(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_sort(st) SKM_sk_sort(ESS_CERT_ID_V2, (st)) +#define sk_ESS_CERT_ID_V2_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID_V2, (st)) +#endif /* LIBRESSL_INTERNAL */ + +#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) +#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) +#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) +#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) +#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) +#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) +#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) +#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) +#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) +#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) +#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) +#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) +#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) +#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) +#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) +#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) +#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) +#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) +#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) +#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) + +#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) +#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) +#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) + +#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) +#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) +#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) +#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) + +#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) +#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) +#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) +#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) +#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) +#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) +#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) +#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) +#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) +#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) +#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) +#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) + +#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) +#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) +#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) +#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) +#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) +#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) +#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) +#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) + +#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) +#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) + +#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) +#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) +#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) +#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) +#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) +#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) +#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) +#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) +#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) +#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) +#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) +#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) +#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) +#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) +#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) + +#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) +#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) +#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) +#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) +#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) +#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) +#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) +#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) +#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) + +#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) +#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) +#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) +#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) +#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) +#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) +#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) +#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) +#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) +#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) +#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) +#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) +#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) +#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) +#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) + +#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) +#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) +#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) +#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) +#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) +#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) +#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) +#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) +#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) +#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) +#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) +#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) +#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) +#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) +#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) + +#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) +#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) +#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) +#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) +#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) +#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) +#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) +#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) +#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) +#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) +#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) + +#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) +#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) +#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) +#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) +#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) +#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) +#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) +#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) +#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) +#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) +#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) + +#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) +#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) +#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) +#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) +#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) +#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) +#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) +#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) +#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) +#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) +#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) + +#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) +#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) + +#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) +#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) +#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) +#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) +#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) +#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) +#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) +#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) +#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) +#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) +#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) + +#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) +#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) +#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) +#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) +#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) +#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) +#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) +#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) +#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) +#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) +#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) + +#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) +#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) +#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) +#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) +#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) +#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) +#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) +#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) +#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) +#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) +#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) +#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) +#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) +#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) +#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) +#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) +#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) +#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) +#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) + +#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) +#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) +#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) +#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) +#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) +#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) +#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) +#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) +#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) +#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) +#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) + +#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) +#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) +#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) +#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) +#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) +#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) +#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) +#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) +#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) +#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) +#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) + +#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) +#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) +#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) +#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) +#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) +#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) +#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) +#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) +#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) +#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) +#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) +#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) +#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) +#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) +#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) +#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) +#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) + +#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) +#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) +#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) +#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) +#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) +#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) +#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) +#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) +#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) +#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) +#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) + +#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) +#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) + +#define sk_SCT_new(cmp) SKM_sk_new(SCT, (cmp)) +#define sk_SCT_new_null() SKM_sk_new_null(SCT) +#define sk_SCT_free(st) SKM_sk_free(SCT, (st)) +#define sk_SCT_num(st) SKM_sk_num(SCT, (st)) +#define sk_SCT_value(st, i) SKM_sk_value(SCT, (st), (i)) +#define sk_SCT_set(st, i, val) SKM_sk_set(SCT, (st), (i), (val)) +#define sk_SCT_zero(st) SKM_sk_zero(SCT, (st)) +#define sk_SCT_push(st, val) SKM_sk_push(SCT, (st), (val)) +#define sk_SCT_unshift(st, val) SKM_sk_unshift(SCT, (st), (val)) +#define sk_SCT_find(st, val) SKM_sk_find(SCT, (st), (val)) +#define sk_SCT_delete(st, i) SKM_sk_delete(SCT, (st), (i)) +#define sk_SCT_delete_ptr(st, ptr) SKM_sk_delete_ptr(SCT, (st), (ptr)) +#define sk_SCT_insert(st, val, i) SKM_sk_insert(SCT, (st), (val), (i)) +#define sk_SCT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SCT, (st), (cmp)) +#define sk_SCT_dup(st) SKM_sk_dup(SCT, st) +#define sk_SCT_pop_free(st, free_func) SKM_sk_pop_free(SCT, (st), (free_func)) +#define sk_SCT_shift(st) SKM_sk_shift(SCT, (st)) +#define sk_SCT_pop(st) SKM_sk_pop(SCT, (st)) +#define sk_SCT_sort(st) SKM_sk_sort(SCT, (st)) +#define sk_SCT_is_sorted(st) SKM_sk_is_sorted(SCT, (st)) + +#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) +#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) +#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) +#define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) +#define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) +#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) +#define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) +#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) +#define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) +#define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) +#define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) + +#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) +#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) +#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) +#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) +#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) +#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) +#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) +#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) +#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) +#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) +#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) + +#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) +#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) +#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) +#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) +#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) +#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) +#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) +#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) +#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) +#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) +#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) +#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) +#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) +#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) +#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) +#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) +#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) + +#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) +#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) +#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) +#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) +#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) + +#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) +#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) +#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) +#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) +#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) +#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) +#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) +#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) +#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) + +#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) + +#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) +#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) +#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) +#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) +#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) +#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) +#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) +#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) +#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) +#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) +#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) +#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) +#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) +#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) +#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) +#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) +#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) +#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) +#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) + +#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) +#define sk_X509_new_null() SKM_sk_new_null(X509) +#define sk_X509_free(st) SKM_sk_free(X509, (st)) +#define sk_X509_num(st) SKM_sk_num(X509, (st)) +#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) +#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) +#define sk_X509_zero(st) SKM_sk_zero(X509, (st)) +#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) +#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) +#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) +#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) +#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) +#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) +#define sk_X509_dup(st) SKM_sk_dup(X509, st) +#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) +#define sk_X509_shift(st) SKM_sk_shift(X509, (st)) +#define sk_X509_pop(st) SKM_sk_pop(X509, (st)) +#define sk_X509_sort(st) SKM_sk_sort(X509, (st)) +#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) + +#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) +#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) +#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) +#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) +#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) +#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) +#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) +#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) +#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) +#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) +#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) + +#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) +#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) +#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) +#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) +#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) +#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) +#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) +#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) +#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) +#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) +#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) +#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) +#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) +#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) +#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) +#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) +#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) + +#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) +#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) +#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) +#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) +#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) +#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) +#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) +#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) +#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) +#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) +#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) + +#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) +#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) +#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) +#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) +#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) +#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) +#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) +#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) +#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) +#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) +#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) +#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) +#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) +#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) +#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) +#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) +#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) +#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) +#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) + +#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) +#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) +#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) +#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) +#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) +#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) +#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) +#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) +#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) +#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) +#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) + +#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) +#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) +#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) +#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) +#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) +#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) +#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) +#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) +#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) +#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) +#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) +#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) +#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) +#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) +#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) +#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) +#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) +#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) +#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) + +#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) +#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) +#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) +#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) +#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) +#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) +#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) +#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) +#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) +#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) +#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) + +#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) +#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) +#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) +#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) +#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) +#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) +#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) +#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) +#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) +#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) +#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) +#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) +#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) +#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) +#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) +#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) +#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) +#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) +#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) + +#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) +#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) +#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) +#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) +#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) +#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) +#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) +#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) +#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) +#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) +#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) + +#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) +#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) +#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) +#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) +#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) +#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) +#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) +#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) +#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) +#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) +#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) +#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) +#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) +#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) +#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) +#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) +#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) + +#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) +#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) +#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) +#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) +#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) +#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) +#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) +#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) +#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) +#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) +#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) +#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) +#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) +#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) +#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) +#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) +#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) + +#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) +#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) +#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) +#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) +#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) +#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) +#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) +#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) +#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) + +#define sk_void_new(cmp) SKM_sk_new(void, (cmp)) +#define sk_void_new_null() SKM_sk_new_null(void) +#define sk_void_free(st) SKM_sk_free(void, (st)) +#define sk_void_num(st) SKM_sk_num(void, (st)) +#define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) +#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) +#define sk_void_zero(st) SKM_sk_zero(void, (st)) +#define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) +#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) +#define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) +#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) +#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) +#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) +#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) +#define sk_void_dup(st) SKM_sk_dup(void, st) +#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) +#define sk_void_shift(st) SKM_sk_shift(void, (st)) +#define sk_void_pop(st) SKM_sk_pop(void, (st)) +#define sk_void_sort(st) SKM_sk_sort(void, (st)) +#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) + +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) + +#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) +#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) +#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + +#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) +#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) +#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) +#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) + +#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) +#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) +#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) +#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) +#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) +#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) + +#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) +#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) +#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) +#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) +#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) +#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) +#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) +#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) +#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) + +#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) +#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) +#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) +#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) + +#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) +#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) +#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) +#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) + +#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) +#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) +#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) +#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) +#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) +#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) +#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) +#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) +#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) + +#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) +#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) +#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) +#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) +#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) +#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) + +#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) +#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) +#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) +#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) + +#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) +#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) +#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) +#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) +#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) +#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) + +#endif /* !defined HEADER_SAFESTACK_H */ diff --git a/includes/curl/openssl/sha.h b/includes/curl/openssl/sha.h new file mode 100644 index 0000000..ec97f48 --- /dev/null +++ b/includes/curl/openssl/sha.h @@ -0,0 +1,190 @@ +/* $OpenBSD: sha.h,v 1.26 2025/01/25 17:59:44 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#ifndef HEADER_SHA_H +#define HEADER_SHA_H +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + * ! SHA_LONG has to be at least 32 bits wide. ! + * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + */ + +#define SHA_LONG unsigned int + +#define SHA_LBLOCK 16 +#define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA_LAST_BLOCK (SHA_CBLOCK-8) +#define SHA_DIGEST_LENGTH 20 + +typedef struct SHAstate_st { + SHA_LONG h0, h1, h2, h3, h4; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num; +} SHA_CTX; + +#ifndef OPENSSL_NO_SHA1 +int SHA1_Init(SHA_CTX *c); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int SHA1_Final(unsigned char *md, SHA_CTX *c); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +void SHA1_Transform(SHA_CTX *c, const unsigned char *data); +#endif + +#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA224_DIGEST_LENGTH 28 +#define SHA256_DIGEST_LENGTH 32 + +typedef struct SHA256state_st { + SHA_LONG h[8]; + SHA_LONG Nl, Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num, md_len; +} SHA256_CTX; + +#ifndef OPENSSL_NO_SHA256 +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +#endif + +#define SHA384_DIGEST_LENGTH 48 +#define SHA512_DIGEST_LENGTH 64 + +#ifndef OPENSSL_NO_SHA512 +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. */ +#if defined(_LP64) +#define SHA_LONG64 unsigned long +#define U64(C) C##UL +#else +#define SHA_LONG64 unsigned long long +#define U64(C) C##ULL +#endif + +typedef struct SHA512state_st { + SHA_LONG64 h[8]; + SHA_LONG64 Nl, Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num, md_len; +} SHA512_CTX; +#endif + +#ifndef OPENSSL_NO_SHA512 +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__, 2, 3))); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__, 1, 2))) + __attribute__ ((__nonnull__(3))); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/sm3.h b/includes/curl/openssl/sm3.h new file mode 100644 index 0000000..fa435d3 --- /dev/null +++ b/includes/curl/openssl/sm3.h @@ -0,0 +1,49 @@ +/* $OpenBSD: sm3.h,v 1.2 2025/01/25 17:59:44 tb Exp $ */ +/* + * Copyright (c) 2018, Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_SM3_H +#define HEADER_SM3_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SM3_DIGEST_LENGTH 32 +#define SM3_WORD unsigned int + +#define SM3_CBLOCK 64 +#define SM3_LBLOCK (SM3_CBLOCK / 4) + +typedef struct SM3state_st { + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD Nl, Nh; + SM3_WORD data[SM3_LBLOCK]; + unsigned int num; +} SM3_CTX; + +int SM3_Init(SM3_CTX *c); +int SM3_Update(SM3_CTX *c, const void *data, size_t len); +int SM3_Final(unsigned char *md, SM3_CTX *c); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SM3_H */ diff --git a/includes/curl/openssl/sm4.h b/includes/curl/openssl/sm4.h new file mode 100644 index 0000000..0c7fc22 --- /dev/null +++ b/includes/curl/openssl/sm4.h @@ -0,0 +1,47 @@ +/* $OpenBSD: sm4.h,v 1.2 2025/01/25 17:59:44 tb Exp $ */ +/* + * Copyright (c) 2017, 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_SM4_H +#define HEADER_SM4_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SM4_DECRYPT 0 +#define SM4_ENCRYPT 1 + +#define SM4_BLOCK_SIZE 16 +#define SM4_KEY_SCHEDULE 32 + +typedef struct sm4_key_st { + unsigned char opaque[128]; +} SM4_KEY; + +int SM4_set_key(const uint8_t *key, SM4_KEY *ks); +void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); +void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SM4_H */ diff --git a/includes/curl/openssl/srtp.h b/includes/curl/openssl/srtp.h new file mode 100644 index 0000000..686e9d9 --- /dev/null +++ b/includes/curl/openssl/srtp.h @@ -0,0 +1,148 @@ +/* $OpenBSD: srtp.h,v 1.8 2025/03/13 10:26:41 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. + * Copyright (C) 2011, RTFM, Inc. + */ + +#ifndef HEADER_D1_SRTP_H +#define HEADER_D1_SRTP_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SRTP_AES128_CM_SHA1_80 0x0001 +#define SRTP_AES128_CM_SHA1_32 0x0002 +#define SRTP_AES128_F8_SHA1_80 0x0003 +#define SRTP_AES128_F8_SHA1_32 0x0004 +#define SRTP_NULL_SHA1_80 0x0005 +#define SRTP_NULL_SHA1_32 0x0006 + +/* AEAD SRTP protection profiles from RFC 7714 */ +#define SRTP_AEAD_AES_128_GCM 0x0007 +#define SRTP_AEAD_AES_256_GCM 0x0008 + +int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles); +int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles); + +STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl); +SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/ssl.h b/includes/curl/openssl/ssl.h new file mode 100644 index 0000000..a1ed22b --- /dev/null +++ b/includes/curl/openssl/ssl.h @@ -0,0 +1,2343 @@ +/* $OpenBSD: ssl.h,v 1.247 2025/03/12 14:03:55 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#ifndef HEADER_SSL_H +#define HEADER_SSL_H + +#include + +#include + +#include +#include +#include + +#include + +#ifndef OPENSSL_NO_DEPRECATED +#include +#include +#include + +#ifndef OPENSSL_NO_X509 +#include +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* SSLeay version number for ASN.1 encoding of the session information */ +/* Version 0 - initial version + * Version 1 - added the optional peer certificate + */ +#define SSL_SESSION_ASN1_VERSION 0x0001 + +/* text strings for the ciphers */ +#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5 +#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5 +#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5 +#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 +#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5 +#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA +#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 +#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA + +/* VRS Additional Kerberos5 entries + */ +#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA +#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA +#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 +#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 + +#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA +#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA +#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 +#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 + +#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA +#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 +#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA +#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 +#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA +#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 +#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 + +#define SSL_MAX_SSL_SESSION_ID_LENGTH 32 +#define SSL_MAX_SID_CTX_LENGTH 32 + +#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) +#define SSL_MAX_KEY_ARG_LENGTH 8 +#define SSL_MAX_MASTER_KEY_LENGTH 48 + + +/* These are used to specify which ciphers to use and not to use */ + +#define SSL_TXT_LOW "LOW" +#define SSL_TXT_MEDIUM "MEDIUM" +#define SSL_TXT_HIGH "HIGH" + +#define SSL_TXT_kFZA "kFZA" /* unused! */ +#define SSL_TXT_aFZA "aFZA" /* unused! */ +#define SSL_TXT_eFZA "eFZA" /* unused! */ +#define SSL_TXT_FZA "FZA" /* unused! */ + +#define SSL_TXT_aNULL "aNULL" +#define SSL_TXT_eNULL "eNULL" +#define SSL_TXT_NULL "NULL" + +#define SSL_TXT_kRSA "kRSA" +#define SSL_TXT_kDHr "kDHr" /* no such ciphersuites supported! */ +#define SSL_TXT_kDHd "kDHd" /* no such ciphersuites supported! */ +#define SSL_TXT_kDH "kDH" /* no such ciphersuites supported! */ +#define SSL_TXT_kEDH "kEDH" +#define SSL_TXT_kKRB5 "kKRB5" +#define SSL_TXT_kECDHr "kECDHr" +#define SSL_TXT_kECDHe "kECDHe" +#define SSL_TXT_kECDH "kECDH" +#define SSL_TXT_kEECDH "kEECDH" +#define SSL_TXT_kPSK "kPSK" +#define SSL_TXT_kSRP "kSRP" + +#define SSL_TXT_aRSA "aRSA" +#define SSL_TXT_aDSS "aDSS" +#define SSL_TXT_aDH "aDH" /* no such ciphersuites supported! */ +#define SSL_TXT_aECDH "aECDH" +#define SSL_TXT_aKRB5 "aKRB5" +#define SSL_TXT_aECDSA "aECDSA" +#define SSL_TXT_aPSK "aPSK" + +#define SSL_TXT_DSS "DSS" +#define SSL_TXT_DH "DH" +#define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */ +#define SSL_TXT_EDH "EDH" /* previous name for DHE */ +#define SSL_TXT_ADH "ADH" +#define SSL_TXT_RSA "RSA" +#define SSL_TXT_ECDH "ECDH" +#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */ +#define SSL_TXT_EECDH "EECDH" /* previous name for ECDHE */ +#define SSL_TXT_AECDH "AECDH" +#define SSL_TXT_ECDSA "ECDSA" +#define SSL_TXT_KRB5 "KRB5" +#define SSL_TXT_PSK "PSK" +#define SSL_TXT_SRP "SRP" + +#define SSL_TXT_DES "DES" +#define SSL_TXT_3DES "3DES" +#define SSL_TXT_RC4 "RC4" +#define SSL_TXT_RC2 "RC2" +#define SSL_TXT_IDEA "IDEA" +#define SSL_TXT_SEED "SEED" +#define SSL_TXT_AES128 "AES128" +#define SSL_TXT_AES256 "AES256" +#define SSL_TXT_AES "AES" +#define SSL_TXT_AES_GCM "AESGCM" +#define SSL_TXT_CAMELLIA128 "CAMELLIA128" +#define SSL_TXT_CAMELLIA256 "CAMELLIA256" +#define SSL_TXT_CAMELLIA "CAMELLIA" +#define SSL_TXT_CHACHA20 "CHACHA20" + +#define SSL_TXT_AEAD "AEAD" +#define SSL_TXT_MD5 "MD5" +#define SSL_TXT_SHA1 "SHA1" +#define SSL_TXT_SHA "SHA" /* same as "SHA1" */ +#define SSL_TXT_SHA256 "SHA256" +#define SSL_TXT_SHA384 "SHA384" + +#define SSL_TXT_DTLS1 "DTLSv1" +#define SSL_TXT_DTLS1_2 "DTLSv1.2" +#define SSL_TXT_SSLV2 "SSLv2" +#define SSL_TXT_SSLV3 "SSLv3" +#define SSL_TXT_TLSV1 "TLSv1" +#define SSL_TXT_TLSV1_1 "TLSv1.1" +#define SSL_TXT_TLSV1_2 "TLSv1.2" +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_TXT_TLSV1_3 "TLSv1.3" +#endif + +#define SSL_TXT_EXP "EXP" +#define SSL_TXT_EXPORT "EXPORT" + +#define SSL_TXT_ALL "ALL" + +/* + * COMPLEMENTOF* definitions. These identifiers are used to (de-select) + * ciphers normally not being used. + * Example: "RC4" will activate all ciphers using RC4 including ciphers + * without authentication, which would normally disabled by DEFAULT (due + * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT" + * will make sure that it is also disabled in the specific selection. + * COMPLEMENTOF* identifiers are portable between version, as adjustments + * to the default cipher setup will also be included here. + * + * COMPLEMENTOFDEFAULT does not experience the same special treatment that + * DEFAULT gets, as only selection is being done and no sorting as needed + * for DEFAULT. + */ +#define SSL_TXT_CMPALL "COMPLEMENTOFALL" +#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT" + +/* The following cipher list is used by default. + * It also is substituted when an application-defined cipher list string + * starts with 'DEFAULT'. */ +#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always + * starts with a reasonable order, and all we have to do for DEFAULT is + * throwing out anonymous and unencrypted ciphersuites! + * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable + * some of them.) + */ + +/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ +#define SSL_SENT_SHUTDOWN 1 +#define SSL_RECEIVED_SHUTDOWN 2 + + +#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 +#define SSL_FILETYPE_PEM X509_FILETYPE_PEM + +/* This is needed to stop compilers complaining about the + * 'struct ssl_st *' function parameters used to prototype callbacks + * in SSL_CTX. */ +typedef struct ssl_st *ssl_crock_st; + +typedef struct ssl_method_st SSL_METHOD; +typedef struct ssl_cipher_st SSL_CIPHER; +typedef struct ssl_session_st SSL_SESSION; + +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +typedef struct ssl_quic_method_st SSL_QUIC_METHOD; +#endif + +DECLARE_STACK_OF(SSL_CIPHER) + +/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/ +typedef struct srtp_protection_profile_st { + const char *name; + unsigned long id; +} SRTP_PROTECTION_PROFILE; + +DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE) + +typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, + int len, void *arg); +typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg); + +/* Allow initial connection to servers that don't support RI */ +#define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L + +/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added + * in OpenSSL 0.9.6d. Usually (depending on the application protocol) + * the workaround is not needed. + * Unfortunately some broken SSL/TLS implementations cannot handle it + * at all, which is why it was previously included in SSL_OP_ALL. + * Now it's not. + */ +#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L + +/* DTLS options */ +#define SSL_OP_NO_QUERY_MTU 0x00001000L +/* Turn on Cookie Exchange (on relevant for servers) */ +#define SSL_OP_COOKIE_EXCHANGE 0x00002000L +/* Don't use RFC4507 ticket extension */ +#define SSL_OP_NO_TICKET 0x00004000L + +/* As server, disallow session resumption on renegotiation */ +#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L +/* Disallow client initiated renegotiation. */ +#define SSL_OP_NO_CLIENT_RENEGOTIATION 0x00020000L +/* Disallow client and server initiated renegotiation. */ +#define SSL_OP_NO_RENEGOTIATION 0x00040000L +/* Allow client initiated renegotiation. */ +#define SSL_OP_ALLOW_CLIENT_RENEGOTIATION 0x00080000L +/* If set, always create a new key when using tmp_dh parameters */ +#define SSL_OP_SINGLE_DH_USE 0x00100000L +/* Set on servers to choose the cipher according to the server's + * preferences */ +#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L + +#define SSL_OP_NO_TLSv1 0x04000000L +#define SSL_OP_NO_TLSv1_2 0x08000000L +#define SSL_OP_NO_TLSv1_1 0x10000000L + +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_OP_NO_TLSv1_3 0x20000000L +#endif + +#define SSL_OP_NO_DTLSv1 0x40000000L +#define SSL_OP_NO_DTLSv1_2 0x80000000L + +/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */ +#define SSL_OP_ALL \ + (SSL_OP_LEGACY_SERVER_CONNECT) + +/* Obsolete flags kept for compatibility. No sane code should use them. */ +#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0 +#define SSL_OP_CISCO_ANYCONNECT 0x0 +#define SSL_OP_CRYPTOPRO_TLSEXT_BUG 0x0 +#define SSL_OP_EPHEMERAL_RSA 0x0 +#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x0 +#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x0 +#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x0 +#define SSL_OP_NETSCAPE_CA_DN_BUG 0x0 +#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x0 +#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x0 +#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 +#define SSL_OP_NO_COMPRESSION 0x0 +#define SSL_OP_NO_SSLv2 0x0 +#define SSL_OP_NO_SSLv3 0x0 +#define SSL_OP_PKCS1_CHECK_1 0x0 +#define SSL_OP_PKCS1_CHECK_2 0x0 +#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0 +#define SSL_OP_SINGLE_ECDH_USE 0x0 +#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 +#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 +#define SSL_OP_TLSEXT_PADDING 0x0 +#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 +#define SSL_OP_TLS_D5_BUG 0x0 +#define SSL_OP_TLS_ROLLBACK_BUG 0x0 + +/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success + * when just a single record has been written): */ +#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L +/* Make it possible to retry SSL_write() with changed buffer location + * (buffer contents must stay the same!); this is not the default to avoid + * the misconception that non-blocking SSL_write() behaves like + * non-blocking write(): */ +#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L +/* Never bother the application with retries if the transport + * is blocking: */ +#define SSL_MODE_AUTO_RETRY 0x00000004L +/* Don't attempt to automatically build certificate chain */ +#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L +/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and + * TLS only.) "Released" buffers are put onto a free-list in the context + * or just freed (depending on the context's setting for freelist_max_len). */ +#define SSL_MODE_RELEASE_BUFFERS 0x00000010L + +/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, + * they cannot be used to clear bits. */ + +#define SSL_CTX_set_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_CTX_clear_options(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +#define SSL_CTX_get_options(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) +#define SSL_set_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) +#define SSL_clear_options(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL) +#define SSL_get_options(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) + +#define SSL_CTX_set_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) +#define SSL_CTX_clear_mode(ctx,op) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL) +#define SSL_CTX_get_mode(ctx) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) +#define SSL_clear_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL) +#define SSL_set_mode(ssl,op) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +#define SSL_get_mode(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) +#define SSL_set_mtu(ssl, mtu) \ + SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL) + +#define SSL_get_secure_renegotiation_support(ssl) \ + SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL) + +void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, + int version, int content_type, const void *buf, size_t len, SSL *ssl, + void *arg)); +void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, + int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) +typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line); +void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb); +SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx); +int SSL_set_num_tickets(SSL *s, size_t num_tickets); +size_t SSL_get_num_tickets(const SSL *s); +int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets); +size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx); +STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s); + +#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ + +#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) + +/* This callback type is used inside SSL_CTX, SSL, and in the functions that set + * them. It is used to override the generation of SSL/TLS session IDs in a + * server. Return value should be zero on an error, non-zero to proceed. Also, + * callbacks should themselves check if the id they generate is unique otherwise + * the SSL handshake will fail with an error - callbacks can do this using the + * 'ssl' value they're passed by; + * SSL_has_matching_session_id(ssl, id, *id_len) + * The length value passed in is set at the maximum size the session ID can be. + * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback + * can alter this length to be less if desired, but under SSLv2 session IDs are + * supposed to be fixed at 16 bytes so the id will be padded after the callback + * returns in this case. It is also an error for the callback to set the size to + * zero. */ +typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, + unsigned int *id_len); + +typedef struct ssl_comp_st SSL_COMP; + +#ifdef LIBRESSL_INTERNAL +DECLARE_STACK_OF(SSL_COMP) +struct lhash_st_SSL_SESSION { + int dummy; +}; +#endif + +#define SSL_SESS_CACHE_OFF 0x0000 +#define SSL_SESS_CACHE_CLIENT 0x0001 +#define SSL_SESS_CACHE_SERVER 0x0002 +#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER) +#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080 +/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */ +#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 +#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200 +#define SSL_SESS_CACHE_NO_INTERNAL \ + (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE) + +struct lhash_st_SSL_SESSION *SSL_CTX_sessions(SSL_CTX *ctx); +#define SSL_CTX_sess_number(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) +#define SSL_CTX_sess_connect(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) +#define SSL_CTX_sess_connect_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) +#define SSL_CTX_sess_connect_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) +#define SSL_CTX_sess_accept(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) +#define SSL_CTX_sess_accept_renegotiate(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) +#define SSL_CTX_sess_accept_good(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) +#define SSL_CTX_sess_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) +#define SSL_CTX_sess_cb_hits(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) +#define SSL_CTX_sess_misses(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) +#define SSL_CTX_sess_timeouts(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) +#define SSL_CTX_sess_cache_full(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) + +void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, + int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess)); +int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + SSL_SESSION *sess); +void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, + void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess)); +void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, + SSL_SESSION *sess); +void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, + SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, + const unsigned char *data, int len, int *copy)); +SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, + const unsigned char *data, int len, int *copy); +void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl, + int type, int val)); +void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, + int val); +void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, + int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)); +int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, + EVP_PKEY **pkey); +void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, + int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len)); +void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, + int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len)); +void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl, + const unsigned char **out, unsigned int *outlen, void *arg), void *arg); +void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl, + unsigned char **out, unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg), void *arg); + +int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, const unsigned char *client, + unsigned int client_len); +void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, + unsigned int *len); + +#define OPENSSL_NPN_UNSUPPORTED 0 +#define OPENSSL_NPN_NEGOTIATED 1 +#define OPENSSL_NPN_NO_OVERLAP 2 + +int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, + unsigned int protos_len); +int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, + unsigned int protos_len); +void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx, + int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen, + const unsigned char *in, unsigned int inlen, void *arg), void *arg); +void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, + unsigned int *len); + +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md, + const unsigned char **id, size_t *idlen, SSL_SESSION **sess); +void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb); +#endif + +#define SSL_NOTHING 1 +#define SSL_WRITING 2 +#define SSL_READING 3 +#define SSL_X509_LOOKUP 4 + +/* These will only be used when doing non-blocking IO */ +#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) +#define SSL_want_read(s) (SSL_want(s) == SSL_READING) +#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) +#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) + +#define SSL_MAC_FLAG_READ_MAC_STREAM 1 +#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 + +#ifdef __cplusplus +} +#endif + +#include +#include /* This is mostly sslv3 with a few tweaks */ +#include /* Datagram TLS */ +#include /* Support for the use_srtp extension */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* compatibility */ +#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) +#define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) +#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) +#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0)) +#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0)) +#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) + +/* The following are the possible values for ssl->state are are + * used to indicate where we are up to in the SSL connection establishment. + * The macros that follow are about the only things you should need to use + * and even then, only when using non-blocking IO. + * It can also be useful to work out where you were when the connection + * failed */ + +#define SSL_ST_CONNECT 0x1000 +#define SSL_ST_ACCEPT 0x2000 +#define SSL_ST_MASK 0x0FFF +#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT) +#define SSL_ST_BEFORE 0x4000 +#define SSL_ST_OK 0x03 +#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) + +#define SSL_CB_LOOP 0x01 +#define SSL_CB_EXIT 0x02 +#define SSL_CB_READ 0x04 +#define SSL_CB_WRITE 0x08 +#define SSL_CB_ALERT 0x4000 /* used in callback */ +#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ) +#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE) +#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP) +#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT) +#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP) +#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT) +#define SSL_CB_HANDSHAKE_START 0x10 +#define SSL_CB_HANDSHAKE_DONE 0x20 + +/* Is the SSL_connection established? */ +#define SSL_get_state(a) (SSL_state((a))) +#define SSL_is_init_finished(a) (SSL_state((a)) == SSL_ST_OK) +#define SSL_in_init(a) (SSL_state((a))&SSL_ST_INIT) +#define SSL_in_before(a) (SSL_state((a))&SSL_ST_BEFORE) +#define SSL_in_connect_init(a) (SSL_state((a))&SSL_ST_CONNECT) +#define SSL_in_accept_init(a) (SSL_state((a))&SSL_ST_ACCEPT) + +/* The following 2 states are kept in ssl->rstate when reads fail, + * you should not need these */ +#define SSL_ST_READ_HEADER 0xF0 +#define SSL_ST_READ_BODY 0xF1 +#define SSL_ST_READ_DONE 0xF2 + +/* Obtain latest Finished message + * -- that we sent (SSL_get_finished) + * -- that we expected from peer (SSL_get_peer_finished). + * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ +size_t SSL_get_finished(const SSL *s, void *buf, size_t count); +size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); + +/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options + * are 'ored' with SSL_VERIFY_PEER if they are desired */ +#define SSL_VERIFY_NONE 0x00 +#define SSL_VERIFY_PEER 0x01 +#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 +#define SSL_VERIFY_CLIENT_ONCE 0x04 +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_VERIFY_POST_HANDSHAKE 0x08 + +int SSL_verify_client_post_handshake(SSL *s); +void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val); +void SSL_set_post_handshake_auth(SSL *s, int val); +#endif + +#define OpenSSL_add_ssl_algorithms() SSL_library_init() +#define SSLeay_add_ssl_algorithms() SSL_library_init() + +/* More backward compatibility */ +#define SSL_get_cipher(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_cipher_bits(s,np) \ + SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define SSL_get_cipher_version(s) \ + SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +#define SSL_get_cipher_name(s) \ + SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +#define SSL_get_time(a) SSL_SESSION_get_time(a) +#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b)) +#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) +#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) + +#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id) +#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id) + +SSL_SESSION *PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x, + pem_password_cb *cb, void *u); +SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, + pem_password_cb *cb, void *u); +int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x); +int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x); + +/* + * TLS Alerts. + * + * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6 + */ + +/* Obsolete alerts. */ +#ifndef LIBRESSL_INTERNAL +#define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */ +#define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */ +#define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */ +#endif + +#define SSL_AD_CLOSE_NOTIFY 0 +#define SSL_AD_UNEXPECTED_MESSAGE 10 +#define SSL_AD_BAD_RECORD_MAC 20 +#define SSL_AD_RECORD_OVERFLOW 22 +#define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */ +#define SSL_AD_HANDSHAKE_FAILURE 40 +#define SSL_AD_BAD_CERTIFICATE 42 +#define SSL_AD_UNSUPPORTED_CERTIFICATE 43 +#define SSL_AD_CERTIFICATE_REVOKED 44 +#define SSL_AD_CERTIFICATE_EXPIRED 45 +#define SSL_AD_CERTIFICATE_UNKNOWN 46 +#define SSL_AD_ILLEGAL_PARAMETER 47 +#define SSL_AD_UNKNOWN_CA 48 +#define SSL_AD_ACCESS_DENIED 49 +#define SSL_AD_DECODE_ERROR 50 +#define SSL_AD_DECRYPT_ERROR 51 +#define SSL_AD_PROTOCOL_VERSION 70 +#define SSL_AD_INSUFFICIENT_SECURITY 71 +#define SSL_AD_INTERNAL_ERROR 80 +#define SSL_AD_INAPPROPRIATE_FALLBACK 86 +#define SSL_AD_USER_CANCELLED 90 +#define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */ +#define SSL_AD_MISSING_EXTENSION 109 /* Added in TLSv1.3. */ +#define SSL_AD_UNSUPPORTED_EXTENSION 110 +#define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */ +#define SSL_AD_UNRECOGNIZED_NAME 112 +#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */ +#define SSL_AD_UNKNOWN_PSK_IDENTITY 115 +#define SSL_AD_CERTIFICATE_REQUIRED 116 +#define SSL_AD_NO_APPLICATION_PROTOCOL 120 + +/* Offset to get an SSL_R_... value from an SSL_AD_... value. */ +#define SSL_AD_REASON_OFFSET 1000 + +#define SSL_ERROR_NONE 0 +#define SSL_ERROR_SSL 1 +#define SSL_ERROR_WANT_READ 2 +#define SSL_ERROR_WANT_WRITE 3 +#define SSL_ERROR_WANT_X509_LOOKUP 4 +#define SSL_ERROR_SYSCALL 5 +#define SSL_ERROR_ZERO_RETURN 6 +#define SSL_ERROR_WANT_CONNECT 7 +#define SSL_ERROR_WANT_ACCEPT 8 +#define SSL_ERROR_WANT_ASYNC 9 +#define SSL_ERROR_WANT_ASYNC_JOB 10 +#define SSL_ERROR_WANT_CLIENT_HELLO_CB 11 + +#define SSL_CTRL_NEED_TMP_RSA 1 +#define SSL_CTRL_SET_TMP_RSA 2 +#define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_ECDH 4 +#define SSL_CTRL_SET_TMP_RSA_CB 5 +#define SSL_CTRL_SET_TMP_DH_CB 6 +#define SSL_CTRL_SET_TMP_ECDH_CB 7 + +#define SSL_CTRL_GET_SESSION_REUSED 8 +#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9 +#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10 +#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 +#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 +#define SSL_CTRL_GET_FLAGS 13 +#define SSL_CTRL_EXTRA_CHAIN_CERT 14 + +#define SSL_CTRL_SET_MSG_CALLBACK 15 +#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16 + +/* only applies to datagram connections */ +#define SSL_CTRL_SET_MTU 17 +/* Stats */ +#define SSL_CTRL_SESS_NUMBER 20 +#define SSL_CTRL_SESS_CONNECT 21 +#define SSL_CTRL_SESS_CONNECT_GOOD 22 +#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 +#define SSL_CTRL_SESS_ACCEPT 24 +#define SSL_CTRL_SESS_ACCEPT_GOOD 25 +#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 +#define SSL_CTRL_SESS_HIT 27 +#define SSL_CTRL_SESS_CB_HIT 28 +#define SSL_CTRL_SESS_MISSES 29 +#define SSL_CTRL_SESS_TIMEOUTS 30 +#define SSL_CTRL_SESS_CACHE_FULL 31 +#define SSL_CTRL_OPTIONS 32 +#define SSL_CTRL_MODE 33 + +#define SSL_CTRL_GET_READ_AHEAD 40 +#define SSL_CTRL_SET_READ_AHEAD 41 +#define SSL_CTRL_SET_SESS_CACHE_SIZE 42 +#define SSL_CTRL_GET_SESS_CACHE_SIZE 43 +#define SSL_CTRL_SET_SESS_CACHE_MODE 44 +#define SSL_CTRL_GET_SESS_CACHE_MODE 45 + +#define SSL_CTRL_GET_MAX_CERT_LIST 50 +#define SSL_CTRL_SET_MAX_CERT_LIST 51 + +#define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 + +/* see tls1.h for macros based on these */ +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +#define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +#define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE 127 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 + +#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 + +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 + +#define SSL_CTRL_SET_SRP_ARG 78 +#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 + +#define DTLS_CTRL_GET_TIMEOUT 73 +#define DTLS_CTRL_HANDLE_TIMEOUT 74 +#define DTLS_CTRL_LISTEN 75 + +#define SSL_CTRL_GET_RI_SUPPORT 76 +#define SSL_CTRL_CLEAR_OPTIONS 77 +#define SSL_CTRL_CLEAR_MODE 78 + +#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 + +#define SSL_CTRL_CHAIN 88 +#define SSL_CTRL_CHAIN_CERT 89 + +#define SSL_CTRL_SET_GROUPS 91 +#define SSL_CTRL_SET_GROUPS_LIST 92 +#define SSL_CTRL_GET_SHARED_GROUP 93 +#define SSL_CTRL_SET_ECDH_AUTO 94 + +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_CTRL_GET_PEER_SIGNATURE_NID 108 +#define SSL_CTRL_GET_PEER_TMP_KEY 109 +#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY +#else +#define SSL_CTRL_GET_SERVER_TMP_KEY 109 +#endif + +#define SSL_CTRL_GET_CHAIN_CERTS 115 + +#define SSL_CTRL_SET_DH_AUTO 118 + +#define SSL_CTRL_SET_MIN_PROTO_VERSION 123 +#define SSL_CTRL_SET_MAX_PROTO_VERSION 124 +#define SSL_CTRL_GET_MIN_PROTO_VERSION 130 +#define SSL_CTRL_GET_MAX_PROTO_VERSION 131 + +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_CTRL_GET_SIGNATURE_NID 132 +#endif + +#define DTLSv1_get_timeout(ssl, arg) \ + SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg) +#define DTLSv1_handle_timeout(ssl) \ + SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL) +#define DTLSv1_listen(ssl, peer) \ + SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer) + +#define SSL_session_reused(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) +#define SSL_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL) +#define SSL_clear_num_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL) +#define SSL_total_renegotiations(ssl) \ + SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL) + +#define SSL_CTX_need_tmp_RSA(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_CTX_set_tmp_rsa(ctx,rsa) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_CTX_set_tmp_dh(ctx,dh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +#define SSL_CTX_set_dh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +#define SSL_CTX_set_ecdh_auto(ctx, onoff) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) + +#define SSL_need_tmp_RSA(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) +#define SSL_set_tmp_rsa(ssl,rsa) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) +#define SSL_set_tmp_dh(ssl,dh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) +#define SSL_set_tmp_ecdh(ssl,ecdh) \ + SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh) +#define SSL_set_dh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL) +#define SSL_set_ecdh_auto(s, onoff) \ + SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL) + +int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); +int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain); +int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509); +int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509); +int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain); +int SSL_CTX_clear_chain_certs(SSL_CTX *ctx); + +int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain); +int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain); +int SSL_add0_chain_cert(SSL *ssl, X509 *x509); +int SSL_add1_chain_cert(SSL *ssl, X509 *x509); +int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain); +int SSL_clear_chain_certs(SSL *ssl); + +int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len); +int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups); + +int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len); +int SSL_set1_groups_list(SSL *ssl, const char *groups); + +int SSL_CTX_get_min_proto_version(SSL_CTX *ctx); +int SSL_CTX_get_max_proto_version(SSL_CTX *ctx); +int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version); +int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version); + +int SSL_get_min_proto_version(SSL *ssl); +int SSL_get_max_proto_version(SSL *ssl); +int SSL_set_min_proto_version(SSL *ssl, uint16_t version); +int SSL_set_max_proto_version(SSL *ssl, uint16_t version); + +const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx); + +#ifndef LIBRESSL_INTERNAL +#define SSL_CTRL_SET_CURVES SSL_CTRL_SET_GROUPS +#define SSL_CTRL_SET_CURVES_LIST SSL_CTRL_SET_GROUPS_LIST + +#define SSL_CTX_set1_curves SSL_CTX_set1_groups +#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list +#define SSL_set1_curves SSL_set1_groups +#define SSL_set1_curves_list SSL_set1_groups_list +#endif + +#define SSL_CTX_add_extra_chain_cert(ctx, x509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509) +#define SSL_CTX_get_extra_chain_certs(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509) +#define SSL_CTX_get_extra_chain_certs_only(ctx, px509) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 1, px509) +#define SSL_CTX_clear_extra_chain_certs(ctx) \ + SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL) + +#define SSL_get_shared_group(s, n) \ + SSL_ctrl((s), SSL_CTRL_GET_SHARED_GROUP, (n), NULL) +#define SSL_get_shared_curve SSL_get_shared_group + +#define SSL_get_server_tmp_key(s, pk) \ + SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk) + +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define SSL_get_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn) + +#define SSL_get_peer_signature_nid(s, pn) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn) +#define SSL_get_peer_tmp_key(s, pk) \ + SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk) +#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */ + +#ifndef LIBRESSL_INTERNAL +/* + * Also provide those functions as macros for compatibility with + * existing users. + */ +#define SSL_CTX_set0_chain SSL_CTX_set0_chain +#define SSL_CTX_set1_chain SSL_CTX_set1_chain +#define SSL_CTX_add0_chain_cert SSL_CTX_add0_chain_cert +#define SSL_CTX_add1_chain_cert SSL_CTX_add1_chain_cert +#define SSL_CTX_get0_chain_certs SSL_CTX_get0_chain_certs +#define SSL_CTX_clear_chain_certs SSL_CTX_clear_chain_certs + +#define SSL_add0_chain_cert SSL_add0_chain_cert +#define SSL_add1_chain_cert SSL_add1_chain_cert +#define SSL_set0_chain SSL_set0_chain +#define SSL_set1_chain SSL_set1_chain +#define SSL_get0_chain_certs SSL_get0_chain_certs +#define SSL_clear_chain_certs SSL_clear_chain_certs + +#define SSL_CTX_set1_groups SSL_CTX_set1_groups +#define SSL_CTX_set1_groups_list SSL_CTX_set1_groups_list +#define SSL_set1_groups SSL_set1_groups +#define SSL_set1_groups_list SSL_set1_groups_list + +#define SSL_CTX_get_min_proto_version SSL_CTX_get_min_proto_version +#define SSL_CTX_get_max_proto_version SSL_CTX_get_max_proto_version +#define SSL_CTX_set_min_proto_version SSL_CTX_set_min_proto_version +#define SSL_CTX_set_max_proto_version SSL_CTX_set_max_proto_version + +#define SSL_get_min_proto_version SSL_get_min_proto_version +#define SSL_get_max_proto_version SSL_get_max_proto_version +#define SSL_set_min_proto_version SSL_set_min_proto_version +#define SSL_set_max_proto_version SSL_set_max_proto_version +#endif + +const BIO_METHOD *BIO_f_ssl(void); +BIO *BIO_new_ssl(SSL_CTX *ctx, int client); +BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +int BIO_ssl_copy_session_id(BIO *to, BIO *from); +void BIO_ssl_shutdown(BIO *ssl_bio); + +STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx); +int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str); +#endif +SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); +void SSL_CTX_free(SSL_CTX *); +int SSL_CTX_up_ref(SSL_CTX *ctx); +long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +long SSL_CTX_get_timeout(const SSL_CTX *ctx); +X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *); +void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *); +void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store); +X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx); +EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx); +int SSL_want(const SSL *s); +int SSL_clear(SSL *s); + +void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); + +const SSL_CIPHER *SSL_get_current_cipher(const SSL *s); +int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits); +const char * SSL_CIPHER_get_version(const SSL_CIPHER *c); +const char * SSL_CIPHER_get_name(const SSL_CIPHER *c); +unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c); +uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c); +const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); +int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); +int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); +const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); +int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + +int SSL_get_fd(const SSL *s); +int SSL_get_rfd(const SSL *s); +int SSL_get_wfd(const SSL *s); +const char * SSL_get_cipher_list(const SSL *s, int n); +char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len); +int SSL_get_read_ahead(const SSL * s); +int SSL_pending(const SSL *s); +int SSL_set_fd(SSL *s, int fd); +int SSL_set_rfd(SSL *s, int fd); +int SSL_set_wfd(SSL *s, int fd); +void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); +BIO * SSL_get_rbio(const SSL *s); +void SSL_set0_rbio(SSL *s, BIO *rbio); +BIO * SSL_get_wbio(const SSL *s); +int SSL_set_cipher_list(SSL *s, const char *str); +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +int SSL_set_ciphersuites(SSL *s, const char *str); +#endif +void SSL_set_read_ahead(SSL *s, int yes); +int SSL_get_verify_mode(const SSL *s); +int SSL_get_verify_depth(const SSL *s); +int (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *); +void SSL_set_verify(SSL *s, int mode, + int (*callback)(int ok, X509_STORE_CTX *ctx)); +void SSL_set_verify_depth(SSL *s, int depth); +int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len); +int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len); +int SSL_use_certificate(SSL *ssl, X509 *x); +int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); + +int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +int SSL_use_certificate_chain_file(SSL *ssl, const char *file); +int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ +int SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len); +STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *file); +int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, + const char *dir); + +void SSL_load_error_strings(void ); +const char *SSL_state_string(const SSL *s); +const char *SSL_rstate_string(const SSL *s); +const char *SSL_state_string_long(const SSL *s); +const char *SSL_rstate_string_long(const SSL *s); +const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *ss); +size_t SSL_SESSION_get_master_key(const SSL_SESSION *ss, + unsigned char *out, size_t max_out); +int SSL_SESSION_get_protocol_version(const SSL_SESSION *s); +long SSL_SESSION_get_time(const SSL_SESSION *s); +long SSL_SESSION_set_time(SSL_SESSION *s, long t); +long SSL_SESSION_get_timeout(const SSL_SESSION *s); +long SSL_SESSION_set_timeout(SSL_SESSION *s, long t); +int SSL_copy_session_id(SSL *to, const SSL *from); +X509 *SSL_SESSION_get0_peer(SSL_SESSION *s); +int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, + unsigned int sid_len); +int SSL_SESSION_set1_id_context(SSL_SESSION *s, + const unsigned char *sid_ctx, unsigned int sid_ctx_len); +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +int SSL_SESSION_is_resumable(const SSL_SESSION *s); +#endif + +SSL_SESSION *SSL_SESSION_new(void); +void SSL_SESSION_free(SSL_SESSION *ses); +int SSL_SESSION_up_ref(SSL_SESSION *ss); +const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *ss, + unsigned int *len); +const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *ss, + unsigned int *len); +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *sess); +int SSL_SESSION_set_max_early_data(SSL_SESSION *sess, uint32_t max_early_data); +#endif +unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s); +int SSL_SESSION_has_ticket(const SSL_SESSION *s); +unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *ss); +int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); +int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); +int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +int SSL_set_session(SSL *to, SSL_SESSION *session); +int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); +int SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c); +int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); +int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); +int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, + unsigned int id_len); +SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, + long length); + +#ifdef HEADER_X509_H +X509 * SSL_get_peer_certificate(const SSL *s); +#endif + +STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s); + +int SSL_CTX_get_verify_mode(const SSL_CTX *ctx); +int SSL_CTX_get_verify_depth(const SSL_CTX *ctx); +int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *); +void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, + int (*callback)(int, X509_STORE_CTX *)); +void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth); +void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg); +int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len); +int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len); +int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d); + +pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx); +void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx); +void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); + +int SSL_CTX_check_private_key(const SSL_CTX *ctx); +int SSL_check_private_key(const SSL *ctx); + +int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len); + +int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); + +int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); +int SSL_set_purpose(SSL *s, int purpose); +int SSL_CTX_set_trust(SSL_CTX *s, int trust); +int SSL_set_trust(SSL *s, int trust); +int SSL_set1_host(SSL *s, const char *hostname); +void SSL_set_hostflags(SSL *s, unsigned int flags); +const char *SSL_get0_peername(SSL *s); + +X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); +int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); +X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); +int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); + +SSL *SSL_new(SSL_CTX *ctx); +void SSL_free(SSL *ssl); +int SSL_up_ref(SSL *ssl); +int SSL_accept(SSL *ssl); +int SSL_connect(SSL *ssl); +int SSL_is_dtls(const SSL *s); +int SSL_is_server(const SSL *s); +int SSL_read(SSL *ssl, void *buf, int num); +int SSL_peek(SSL *ssl, void *buf, int num); +int SSL_write(SSL *ssl, const void *buf, int num); +int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read); +int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked); +int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written); + +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); +int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); + +uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); + +#define SSL_EARLY_DATA_NOT_SENT 0 +#define SSL_EARLY_DATA_REJECTED 1 +#define SSL_EARLY_DATA_ACCEPTED 2 +int SSL_get_early_data_status(const SSL *s); + +#define SSL_READ_EARLY_DATA_ERROR 0 +#define SSL_READ_EARLY_DATA_SUCCESS 1 +#define SSL_READ_EARLY_DATA_FINISH 2 +int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes); +int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written); +#endif + +long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); +long SSL_callback_ctrl(SSL *, int, void (*)(void)); +long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); +long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void)); + +int SSL_get_error(const SSL *s, int ret_code); +const char *SSL_get_version(const SSL *s); + +/* This sets the 'default' SSL version that SSL_new() will create */ +int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth); + +const SSL_METHOD *SSLv23_method(void); /* SSLv3 or TLSv1.* */ +const SSL_METHOD *SSLv23_server_method(void); /* SSLv3 or TLSv1.* */ +const SSL_METHOD *SSLv23_client_method(void); /* SSLv3 or TLSv1.* */ + +const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ +const SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ + +const SSL_METHOD *TLSv1_1_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */ +const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */ + +const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */ +const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */ + +const SSL_METHOD *TLS_method(void); /* TLS v1.0 or later */ +const SSL_METHOD *TLS_server_method(void); /* TLS v1.0 or later */ +const SSL_METHOD *TLS_client_method(void); /* TLS v1.0 or later */ + +const SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */ +const SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */ + +const SSL_METHOD *DTLSv1_2_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */ +const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */ + +const SSL_METHOD *DTLS_method(void); /* DTLS v1.0 or later */ +const SSL_METHOD *DTLS_server_method(void); /* DTLS v1.0 or later */ +const SSL_METHOD *DTLS_client_method(void); /* DTLS v1.0 or later */ + +STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); +STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); + +int SSL_do_handshake(SSL *s); +int SSL_renegotiate(SSL *s); +int SSL_renegotiate_abbreviated(SSL *s); +int SSL_renegotiate_pending(SSL *s); +int SSL_shutdown(SSL *s); + +const SSL_METHOD *SSL_get_ssl_method(SSL *s); +int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method); +const char *SSL_alert_type_string_long(int value); +const char *SSL_alert_type_string(int value); +const char *SSL_alert_desc_string_long(int value); +const char *SSL_alert_desc_string(int value); + +void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); +void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); +STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s); +STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s); +int SSL_add_client_CA(SSL *ssl, X509 *x); +int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x); + +void SSL_set_connect_state(SSL *s); +void SSL_set_accept_state(SSL *s); + +long SSL_get_default_timeout(const SSL *s); + +char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size); +STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk); + +SSL *SSL_dup(SSL *ssl); + +X509 *SSL_get_certificate(const SSL *ssl); +/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl); + +void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode); +int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx); +void SSL_set_quiet_shutdown(SSL *ssl,int mode); +int SSL_get_quiet_shutdown(const SSL *ssl); +void SSL_set_shutdown(SSL *ssl,int mode); +int SSL_get_shutdown(const SSL *ssl); +int SSL_version(const SSL *ssl); +int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); +int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, + const char *CApath); +int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len); +#define SSL_get0_session SSL_get_session /* just peek at pointer */ +SSL_SESSION *SSL_get_session(const SSL *ssl); +SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ +SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl); +SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx); +void SSL_set_info_callback(SSL *ssl, + void (*cb)(const SSL *ssl, int type, int val)); +void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val); +int SSL_state(const SSL *ssl); +void SSL_set_state(SSL *ssl, int state); + +void SSL_set_verify_result(SSL *ssl, long v); +long SSL_get_verify_result(const SSL *ssl); + +int SSL_set_ex_data(SSL *ssl, int idx, void *data); +void *SSL_get_ex_data(const SSL *ssl, int idx); +int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data); +void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx); +int SSL_SESSION_get_ex_new_index(long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); + +int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data); +void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx); +int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + +int SSL_get_ex_data_X509_STORE_CTX_idx(void ); + +#define SSL_CTX_sess_set_cache_size(ctx,t) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) +#define SSL_CTX_sess_get_cache_size(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) +#define SSL_CTX_set_session_cache_mode(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) +#define SSL_CTX_get_session_cache_mode(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) + +#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) +#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) +#define SSL_CTX_get_read_ahead(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) +#define SSL_CTX_set_read_ahead(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) +#define SSL_CTX_get_max_cert_list(ctx) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +#define SSL_CTX_set_max_cert_list(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) +#define SSL_get_max_cert_list(ssl) \ + SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) +#define SSL_set_max_cert_list(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) + +#define SSL_CTX_set_max_send_fragment(ctx,m) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) +#define SSL_set_max_send_fragment(ssl,m) \ + SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL) + +/* NB: the keylength is only applicable when is_export is true */ +void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, + RSA *(*cb)(SSL *ssl, int is_export, int keylength)); + +void SSL_set_tmp_rsa_callback(SSL *ssl, + RSA *(*cb)(SSL *ssl, int is_export, int keylength)); +void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, + DH *(*dh)(SSL *ssl, int is_export, int keylength)); +void SSL_set_tmp_dh_callback(SSL *ssl, + DH *(*dh)(SSL *ssl, int is_export, int keylength)); +void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, + EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); +void SSL_set_tmp_ecdh_callback(SSL *ssl, + EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)); + +size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out); +size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out); + +const void *SSL_get_current_compression(SSL *s); +const void *SSL_get_current_expansion(SSL *s); + +const char *SSL_COMP_get_name(const void *comp); +void *SSL_COMP_get_compression_methods(void); + +/* TLS extensions functions */ +int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len); + +int SSL_set_session_ticket_ext_cb(SSL *s, + tls_session_ticket_ext_cb_fn cb, void *arg); + +/* Pre-shared secret session resumption functions */ +int SSL_set_session_secret_cb(SSL *s, + tls_session_secret_cb_fn tls_session_secret_cb, void *arg); + +int SSL_cache_hit(SSL *s); + +/* What the "other" parameter contains in security callback */ +/* Mask for type */ +#define SSL_SECOP_OTHER_TYPE 0xffff0000 +#define SSL_SECOP_OTHER_NONE 0 +#define SSL_SECOP_OTHER_CIPHER (1 << 16) +#define SSL_SECOP_OTHER_CURVE (2 << 16) +#define SSL_SECOP_OTHER_DH (3 << 16) +#define SSL_SECOP_OTHER_PKEY (4 << 16) +#define SSL_SECOP_OTHER_SIGALG (5 << 16) +#define SSL_SECOP_OTHER_CERT (6 << 16) + +/* Indicated operation refers to peer key or certificate */ +#define SSL_SECOP_PEER 0x1000 + +/* Values for "op" parameter in security callback */ + +/* Called to filter ciphers */ +/* Ciphers client supports */ +#define SSL_SECOP_CIPHER_SUPPORTED (1 | SSL_SECOP_OTHER_CIPHER) +/* Cipher shared by client/server */ +#define SSL_SECOP_CIPHER_SHARED (2 | SSL_SECOP_OTHER_CIPHER) +/* Sanity check of cipher server selects */ +#define SSL_SECOP_CIPHER_CHECK (3 | SSL_SECOP_OTHER_CIPHER) +/* Curves supported by client */ +#define SSL_SECOP_CURVE_SUPPORTED (4 | SSL_SECOP_OTHER_CURVE) +/* Curves shared by client/server */ +#define SSL_SECOP_CURVE_SHARED (5 | SSL_SECOP_OTHER_CURVE) +/* Sanity check of curve server selects */ +#define SSL_SECOP_CURVE_CHECK (6 | SSL_SECOP_OTHER_CURVE) +/* Temporary DH key */ +/* + * XXX: changed in OpenSSL e2b420fdd70 to (7 | SSL_SECOP_OTHER_PKEY) + * Needs switching internal use of DH to EVP_PKEY. The code is not reachable + * from outside the library as long as we do not expose the callback in the API. + */ +#define SSL_SECOP_TMP_DH (7 | SSL_SECOP_OTHER_DH) +/* SSL/TLS version */ +#define SSL_SECOP_VERSION (9 | SSL_SECOP_OTHER_NONE) +/* Session tickets */ +#define SSL_SECOP_TICKET (10 | SSL_SECOP_OTHER_NONE) +/* Supported signature algorithms sent to peer */ +#define SSL_SECOP_SIGALG_SUPPORTED (11 | SSL_SECOP_OTHER_SIGALG) +/* Shared signature algorithm */ +#define SSL_SECOP_SIGALG_SHARED (12 | SSL_SECOP_OTHER_SIGALG) +/* Sanity check signature algorithm allowed */ +#define SSL_SECOP_SIGALG_CHECK (13 | SSL_SECOP_OTHER_SIGALG) +/* Used to get mask of supported public key signature algorithms */ +#define SSL_SECOP_SIGALG_MASK (14 | SSL_SECOP_OTHER_SIGALG) +/* Use to see if compression is allowed */ +#define SSL_SECOP_COMPRESSION (15 | SSL_SECOP_OTHER_NONE) +/* EE key in certificate */ +#define SSL_SECOP_EE_KEY (16 | SSL_SECOP_OTHER_CERT) +/* CA key in certificate */ +#define SSL_SECOP_CA_KEY (17 | SSL_SECOP_OTHER_CERT) +/* CA digest algorithm in certificate */ +#define SSL_SECOP_CA_MD (18 | SSL_SECOP_OTHER_CERT) +/* Peer EE key in certificate */ +#define SSL_SECOP_PEER_EE_KEY (SSL_SECOP_EE_KEY | SSL_SECOP_PEER) +/* Peer CA key in certificate */ +#define SSL_SECOP_PEER_CA_KEY (SSL_SECOP_CA_KEY | SSL_SECOP_PEER) +/* Peer CA digest algorithm in certificate */ +#define SSL_SECOP_PEER_CA_MD (SSL_SECOP_CA_MD | SSL_SECOP_PEER) + +void SSL_set_security_level(SSL *ssl, int level); +int SSL_get_security_level(const SSL *ssl); + +void SSL_CTX_set_security_level(SSL_CTX *ctx, int level); +int SSL_CTX_get_security_level(const SSL_CTX *ctx); + +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +/* + * QUIC integration. + * + * QUIC acts as an underlying transport for the TLS 1.3 handshake. The following + * functions allow a QUIC implementation to serve as the underlying transport as + * described in RFC 9001. + * + * When configured for QUIC, |SSL_do_handshake| will drive the handshake as + * before, but it will not use the configured |BIO|. It will call functions on + * |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from + * the peer, it will return |SSL_ERROR_WANT_READ|. As the caller receives data + * it can decrypt, it calls |SSL_provide_quic_data|. Subsequent + * |SSL_do_handshake| calls will then consume that data and progress the + * handshake. After the handshake is complete, the caller should continue to + * call |SSL_provide_quic_data| for any post-handshake data, followed by + * |SSL_process_quic_post_handshake| to process it. It is an error to call + * |SSL_peek|, |SSL_read| and |SSL_write| in QUIC. + * + * To avoid DoS attacks, the QUIC implementation must limit the amount of data + * being queued up. The implementation can call + * |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each + * encryption level. + * + * QUIC implementations must additionally configure transport parameters with + * |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be + * used to query the value received from the peer. This extension is handled + * as an opaque byte string, which the caller is responsible for serializing + * and parsing. See RFC 9000 section 7.4 for further details. + */ + +/* + * ssl_encryption_level_t specifies the QUIC encryption level used to transmit + * handshake messages. + */ +typedef enum ssl_encryption_level_t { + ssl_encryption_initial = 0, + ssl_encryption_early_data, + ssl_encryption_handshake, + ssl_encryption_application, +} OSSL_ENCRYPTION_LEVEL; + +/* + * ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks. + * + * Note that we provide both the new (BoringSSL) secrets interface + * (set_read_secret/set_write_secret) along with the old interface + * (set_encryption_secrets), which quictls is still using. + * + * Since some consumers fail to use named initialisers, the order of these + * functions is important. Hopefully all of these consumers use the old version. + */ +struct ssl_quic_method_st { + /* + * set_encryption_secrets configures the read and write secrets for the + * given encryption level. This function will always be called before an + * encryption level other than |ssl_encryption_initial| is used. + * + * When reading packets at a given level, the QUIC implementation must + * send ACKs at the same level, so this function provides read and write + * secrets together. The exception is |ssl_encryption_early_data|, where + * secrets are only available in the client to server direction. The + * other secret will be NULL. The server acknowledges such data at + * |ssl_encryption_application|, which will be configured in the same + * |SSL_do_handshake| call. + * + * This function should use |SSL_get_current_cipher| to determine the TLS + * cipher suite. + */ + int (*set_encryption_secrets)(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *read_secret, const uint8_t *write_secret, + size_t secret_len); + + /* + * add_handshake_data adds handshake data to the current flight at the + * given encryption level. It returns one on success and zero on error. + * Callers should defer writing data to the network until |flush_flight| + * to better pack QUIC packets into transport datagrams. + * + * If |level| is not |ssl_encryption_initial|, this function will not be + * called before |level| is initialized with |set_write_secret|. + */ + int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len); + + /* + * flush_flight is called when the current flight is complete and should + * be written to the transport. Note a flight may contain data at + * several encryption levels. It returns one on success and zero on + * error. + */ + int (*flush_flight)(SSL *ssl); + + /* + * send_alert sends a fatal alert at the specified encryption level. It + * returns one on success and zero on error. + * + * If |level| is not |ssl_encryption_initial|, this function will not be + * called before |level| is initialized with |set_write_secret|. + */ + int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, + uint8_t alert); + + /* + * set_read_secret configures the read secret and cipher suite for the + * given encryption level. It returns one on success and zero to + * terminate the handshake with an error. It will be called at most once + * per encryption level. + * + * Read keys will not be released before QUIC may use them. Once a level + * has been initialized, QUIC may begin processing data from it. + * Handshake data should be passed to |SSL_provide_quic_data| and + * application data (if |level| is |ssl_encryption_early_data| or + * |ssl_encryption_application|) may be processed according to the rules + * of the QUIC protocol. + */ + int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); + + /* + * set_write_secret behaves like |set_read_secret| but configures the + * write secret and cipher suite for the given encryption level. It will + * be called at most once per encryption level. + * + * Write keys will not be released before QUIC may use them. If |level| + * is |ssl_encryption_early_data| or |ssl_encryption_application|, QUIC + * may begin sending application data at |level|. + */ + int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level, + const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); +}; + +/* + * SSL_CTX_set_quic_method configures the QUIC hooks. This should only be + * configured with a minimum version of TLS 1.3. |quic_method| must remain valid + * for the lifetime of |ctx|. It returns one on success and zero on error. + */ +int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); + +/* + * SSL_set_quic_method configures the QUIC hooks. This should only be + * configured with a minimum version of TLS 1.3. |quic_method| must remain valid + * for the lifetime of |ssl|. It returns one on success and zero on error. + */ +int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); + +/* SSL_is_quic returns true if an SSL has been configured for use with QUIC. */ +int SSL_is_quic(const SSL *ssl); + +/* + * SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes + * that may be received at the given encryption level. This function should be + * used to limit buffering in the QUIC implementation. See RFC 9000 section 7.5. + */ +size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, + enum ssl_encryption_level_t level); + +/* + * SSL_quic_read_level returns the current read encryption level. + */ +enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl); + +/* + * SSL_quic_write_level returns the current write encryption level. + */ +enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl); + +/* + * SSL_provide_quic_data provides data from QUIC at a particular encryption + * level |level|. It returns one on success and zero on error. Note this + * function will return zero if the handshake is not expecting data from |level| + * at this time. The QUIC implementation should then close the connection with + * an error. + */ +int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, + const uint8_t *data, size_t len); + +/* + * SSL_process_quic_post_handshake processes any data that QUIC has provided + * after the handshake has completed. This includes NewSessionTicket messages + * sent by the server. It returns one on success and zero on error. + */ +int SSL_process_quic_post_handshake(SSL *ssl); + +/* + * SSL_set_quic_transport_params configures |ssl| to send |params| (of length + * |params_len|) in the quic_transport_parameters extension in either the + * ClientHello or EncryptedExtensions handshake message. It is an error to set + * transport parameters if |ssl| is not configured for QUIC. The buffer pointed + * to by |params| only need be valid for the duration of the call to this + * function. This function returns 1 on success and 0 on failure. + */ +int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, + size_t params_len); + +/* + * SSL_get_peer_quic_transport_params provides the caller with the value of the + * quic_transport_parameters extension sent by the peer. A pointer to the buffer + * containing the TransportParameters will be put in |*out_params|, and its + * length in |*params_len|. This buffer will be valid for the lifetime of the + * |SSL|. If no params were received from the peer, |*out_params_len| will be 0. + */ +void SSL_get_peer_quic_transport_params(const SSL *ssl, + const uint8_t **out_params, size_t *out_params_len); + +/* + * SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC + * extension codepoint 0xffa5 as opposed to the official value 57. This is + * unsupported in LibreSSL. + */ +void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); + +#endif + +void ERR_load_SSL_strings(void); + +/* Error codes for the SSL functions. */ + +/* Function codes. */ +#define SSL_F_CLIENT_CERTIFICATE 100 +#define SSL_F_CLIENT_FINISHED 167 +#define SSL_F_CLIENT_HELLO 101 +#define SSL_F_CLIENT_MASTER_KEY 102 +#define SSL_F_D2I_SSL_SESSION 103 +#define SSL_F_DO_DTLS1_WRITE 245 +#define SSL_F_DO_SSL3_WRITE 104 +#define SSL_F_DTLS1_ACCEPT 246 +#define SSL_F_DTLS1_ADD_CERT_TO_BUF 295 +#define SSL_F_DTLS1_BUFFER_RECORD 247 +#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM 316 +#define SSL_F_DTLS1_CLIENT_HELLO 248 +#define SSL_F_DTLS1_CONNECT 249 +#define SSL_F_DTLS1_ENC 250 +#define SSL_F_DTLS1_GET_HELLO_VERIFY 251 +#define SSL_F_DTLS1_GET_MESSAGE 252 +#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253 +#define SSL_F_DTLS1_GET_RECORD 254 +#define SSL_F_DTLS1_HANDLE_TIMEOUT 297 +#define SSL_F_DTLS1_HEARTBEAT 305 +#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255 +#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 288 +#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256 +#define SSL_F_DTLS1_PROCESS_RECORD 257 +#define SSL_F_DTLS1_READ_BYTES 258 +#define SSL_F_DTLS1_READ_FAILED 259 +#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260 +#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261 +#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262 +#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263 +#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264 +#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265 +#define SSL_F_DTLS1_SEND_SERVER_HELLO 266 +#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 +#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 +#define SSL_F_GET_CLIENT_FINISHED 105 +#define SSL_F_GET_CLIENT_HELLO 106 +#define SSL_F_GET_CLIENT_MASTER_KEY 107 +#define SSL_F_GET_SERVER_FINISHED 108 +#define SSL_F_GET_SERVER_HELLO 109 +#define SSL_F_GET_SERVER_VERIFY 110 +#define SSL_F_I2D_SSL_SESSION 111 +#define SSL_F_READ_N 112 +#define SSL_F_REQUEST_CERTIFICATE 113 +#define SSL_F_SERVER_FINISH 239 +#define SSL_F_SERVER_HELLO 114 +#define SSL_F_SERVER_VERIFY 240 +#define SSL_F_SSL23_ACCEPT 115 +#define SSL_F_SSL23_CLIENT_HELLO 116 +#define SSL_F_SSL23_CONNECT 117 +#define SSL_F_SSL23_GET_CLIENT_HELLO 118 +#define SSL_F_SSL23_GET_SERVER_HELLO 119 +#define SSL_F_SSL23_PEEK 237 +#define SSL_F_SSL23_READ 120 +#define SSL_F_SSL23_WRITE 121 +#define SSL_F_SSL2_ACCEPT 122 +#define SSL_F_SSL2_CONNECT 123 +#define SSL_F_SSL2_ENC_INIT 124 +#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241 +#define SSL_F_SSL2_PEEK 234 +#define SSL_F_SSL2_READ 125 +#define SSL_F_SSL2_READ_INTERNAL 236 +#define SSL_F_SSL2_SET_CERTIFICATE 126 +#define SSL_F_SSL2_WRITE 127 +#define SSL_F_SSL3_ACCEPT 128 +#define SSL_F_SSL3_ADD_CERT_TO_BUF 296 +#define SSL_F_SSL3_CALLBACK_CTRL 233 +#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 +#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 +#define SSL_F_SSL3_CHECK_CLIENT_HELLO 304 +#define SSL_F_SSL3_CLIENT_HELLO 131 +#define SSL_F_SSL3_CONNECT 132 +#define SSL_F_SSL3_CTRL 213 +#define SSL_F_SSL3_CTX_CTRL 133 +#define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 +#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 +#define SSL_F_SSL3_ENC 134 +#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 +#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 +#define SSL_F_SSL3_GET_CERT_STATUS 289 +#define SSL_F_SSL3_GET_CERT_VERIFY 136 +#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 +#define SSL_F_SSL3_GET_CLIENT_HELLO 138 +#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139 +#define SSL_F_SSL3_GET_FINISHED 140 +#define SSL_F_SSL3_GET_KEY_EXCHANGE 141 +#define SSL_F_SSL3_GET_MESSAGE 142 +#define SSL_F_SSL3_GET_NEW_SESSION_TICKET 283 +#define SSL_F_SSL3_GET_NEXT_PROTO 306 +#define SSL_F_SSL3_GET_RECORD 143 +#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144 +#define SSL_F_SSL3_GET_SERVER_DONE 145 +#define SSL_F_SSL3_GET_SERVER_HELLO 146 +#define SSL_F_SSL3_HANDSHAKE_MAC 285 +#define SSL_F_SSL3_NEW_SESSION_TICKET 287 +#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 +#define SSL_F_SSL3_PEEK 235 +#define SSL_F_SSL3_READ_BYTES 148 +#define SSL_F_SSL3_READ_N 149 +#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 +#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151 +#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152 +#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153 +#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154 +#define SSL_F_SSL3_SEND_SERVER_HELLO 242 +#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155 +#define SSL_F_SSL3_SETUP_KEY_BLOCK 157 +#define SSL_F_SSL3_SETUP_READ_BUFFER 156 +#define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +#define SSL_F_SSL3_WRITE_BYTES 158 +#define SSL_F_SSL3_WRITE_PENDING 159 +#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT 298 +#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT 277 +#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT 307 +#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 +#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 +#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT 299 +#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT 278 +#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT 308 +#define SSL_F_SSL_BAD_METHOD 160 +#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 +#define SSL_F_SSL_CERT_DUP 221 +#define SSL_F_SSL_CERT_INST 222 +#define SSL_F_SSL_CERT_INSTANTIATE 214 +#define SSL_F_SSL_CERT_NEW 162 +#define SSL_F_SSL_CHECK_PRIVATE_KEY 163 +#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT 280 +#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG 279 +#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 +#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 +#define SSL_F_SSL_CLEAR 164 +#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 +#define SSL_F_SSL_CREATE_CIPHER_LIST 166 +#define SSL_F_SSL_CTRL 232 +#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 +#define SSL_F_SSL_CTX_MAKE_PROFILES 309 +#define SSL_F_SSL_CTX_NEW 169 +#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269 +#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE 290 +#define SSL_F_SSL_CTX_SET_PURPOSE 226 +#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 +#define SSL_F_SSL_CTX_SET_SSL_VERSION 170 +#define SSL_F_SSL_CTX_SET_TRUST 229 +#define SSL_F_SSL_CTX_USE_CERTIFICATE 171 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 +#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 +#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 +#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT 272 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 +#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 +#define SSL_F_SSL_DO_HANDSHAKE 180 +#define SSL_F_SSL_GET_NEW_SESSION 181 +#define SSL_F_SSL_GET_PREV_SESSION 217 +#define SSL_F_SSL_GET_SERVER_SEND_CERT 182 +#define SSL_F_SSL_GET_SERVER_SEND_PKEY 317 +#define SSL_F_SSL_GET_SIGN_PKEY 183 +#define SSL_F_SSL_INIT_WBIO_BUFFER 184 +#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 +#define SSL_F_SSL_NEW 186 +#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT 300 +#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT 302 +#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT 310 +#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT 301 +#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT 303 +#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT 311 +#define SSL_F_SSL_PEEK 270 +#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT 281 +#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT 282 +#define SSL_F_SSL_READ 223 +#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 +#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 +#define SSL_F_SSL_SESSION_NEW 189 +#define SSL_F_SSL_SESSION_PRINT_FP 190 +#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT 312 +#define SSL_F_SSL_SESS_CERT_NEW 225 +#define SSL_F_SSL_SET_CERT 191 +#define SSL_F_SSL_SET_CIPHER_LIST 271 +#define SSL_F_SSL_SET_FD 192 +#define SSL_F_SSL_SET_PKEY 193 +#define SSL_F_SSL_SET_PURPOSE 227 +#define SSL_F_SSL_SET_RFD 194 +#define SSL_F_SSL_SET_SESSION 195 +#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 +#define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 +#define SSL_F_SSL_SET_TRUST 228 +#define SSL_F_SSL_SET_WFD 196 +#define SSL_F_SSL_SHUTDOWN 224 +#define SSL_F_SSL_SRP_CTX_INIT 313 +#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243 +#define SSL_F_SSL_UNDEFINED_FUNCTION 197 +#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244 +#define SSL_F_SSL_USE_CERTIFICATE 198 +#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 +#define SSL_F_SSL_USE_CERTIFICATE_FILE 200 +#define SSL_F_SSL_USE_PRIVATEKEY 201 +#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 +#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 +#define SSL_F_SSL_USE_PSK_IDENTITY_HINT 273 +#define SSL_F_SSL_USE_RSAPRIVATEKEY 204 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 +#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 +#define SSL_F_SSL_VERIFY_CERT_CHAIN 207 +#define SSL_F_SSL_WRITE 208 +#define SSL_F_TLS1_AEAD_CTX_INIT 339 +#define SSL_F_TLS1_CERT_VERIFY_MAC 286 +#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 +#define SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD 340 +#define SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER 338 +#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT 274 +#define SSL_F_TLS1_ENC 210 +#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL 314 +#define SSL_F_TLS1_HEARTBEAT 315 +#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT 275 +#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT 276 +#define SSL_F_TLS1_PRF 284 +#define SSL_F_TLS1_SETUP_KEY_BLOCK 211 +#define SSL_F_WRITE_PENDING 212 + +/* Reason codes. */ +#define SSL_R_APP_DATA_IN_HANDSHAKE 100 +#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 +#define SSL_R_BAD_ALERT_RECORD 101 +#define SSL_R_BAD_AUTHENTICATION_TYPE 102 +#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 +#define SSL_R_BAD_CHECKSUM 104 +#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 +#define SSL_R_BAD_DECOMPRESSION 107 +#define SSL_R_BAD_DH_G_LENGTH 108 +#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109 +#define SSL_R_BAD_DH_P_LENGTH 110 +#define SSL_R_BAD_DIGEST_LENGTH 111 +#define SSL_R_BAD_DSA_SIGNATURE 112 +#define SSL_R_BAD_ECC_CERT 304 +#define SSL_R_BAD_ECDSA_SIGNATURE 305 +#define SSL_R_BAD_ECPOINT 306 +#define SSL_R_BAD_HANDSHAKE_LENGTH 332 +#define SSL_R_BAD_HELLO_REQUEST 105 +#define SSL_R_BAD_LENGTH 271 +#define SSL_R_BAD_MAC_DECODE 113 +#define SSL_R_BAD_MAC_LENGTH 333 +#define SSL_R_BAD_MESSAGE_TYPE 114 +#define SSL_R_BAD_PACKET_LENGTH 115 +#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116 +#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH 316 +#define SSL_R_BAD_RESPONSE_ARGUMENT 117 +#define SSL_R_BAD_RSA_DECRYPT 118 +#define SSL_R_BAD_RSA_ENCRYPT 119 +#define SSL_R_BAD_RSA_E_LENGTH 120 +#define SSL_R_BAD_RSA_MODULUS_LENGTH 121 +#define SSL_R_BAD_RSA_SIGNATURE 122 +#define SSL_R_BAD_SIGNATURE 123 +#define SSL_R_BAD_SRP_A_LENGTH 347 +#define SSL_R_BAD_SRP_B_LENGTH 348 +#define SSL_R_BAD_SRP_G_LENGTH 349 +#define SSL_R_BAD_SRP_N_LENGTH 350 +#define SSL_R_BAD_SRP_S_LENGTH 351 +#define SSL_R_BAD_SRTP_MKI_VALUE 352 +#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST 353 +#define SSL_R_BAD_SSL_FILETYPE 124 +#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125 +#define SSL_R_BAD_STATE 126 +#define SSL_R_BAD_WRITE_RETRY 127 +#define SSL_R_BIO_NOT_SET 128 +#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129 +#define SSL_R_BN_LIB 130 +#define SSL_R_CA_DN_LENGTH_MISMATCH 131 +#define SSL_R_CA_DN_TOO_LONG 132 +#define SSL_R_CA_KEY_TOO_SMALL 397 +#define SSL_R_CA_MD_TOO_WEAK 398 +#define SSL_R_CCS_RECEIVED_EARLY 133 +#define SSL_R_CERTIFICATE_VERIFY_FAILED 134 +#define SSL_R_CERT_LENGTH_MISMATCH 135 +#define SSL_R_CHALLENGE_IS_DIFFERENT 136 +#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137 +#define SSL_R_CIPHER_COMPRESSION_UNAVAILABLE 371 +#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138 +#define SSL_R_CIPHER_TABLE_SRC_ERROR 139 +#define SSL_R_CLIENTHELLO_TLSEXT 226 +#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 +#define SSL_R_COMPRESSION_DISABLED 343 +#define SSL_R_COMPRESSION_FAILURE 141 +#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307 +#define SSL_R_COMPRESSION_LIBRARY_ERROR 142 +#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 +#define SSL_R_CONNECTION_TYPE_NOT_SET 144 +#define SSL_R_COOKIE_MISMATCH 308 +#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 +#define SSL_R_DATA_LENGTH_TOO_LONG 146 +#define SSL_R_DECRYPTION_FAILED 147 +#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +#define SSL_R_DH_KEY_TOO_SMALL 394 +#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 +#define SSL_R_DIGEST_CHECK_FAILED 149 +#define SSL_R_DTLS_MESSAGE_TOO_BIG 334 +#define SSL_R_DUPLICATE_COMPRESSION_ID 309 +#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT 317 +#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 +#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 +#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 +#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 +#define SSL_R_EE_KEY_TOO_SMALL 399 +#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 +#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 +#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282 +#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 +#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 +#define SSL_R_EXTRA_DATA_IN_MESSAGE 153 +#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 +#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS 355 +#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION 356 +#define SSL_R_HTTPS_PROXY_REQUEST 155 +#define SSL_R_HTTP_REQUEST 156 +#define SSL_R_ILLEGAL_PADDING 283 +#define SSL_R_INAPPROPRIATE_FALLBACK 373 +#define SSL_R_INCONSISTENT_COMPRESSION 340 +#define SSL_R_INVALID_CHALLENGE_LENGTH 158 +#define SSL_R_INVALID_COMMAND 280 +#define SSL_R_INVALID_COMPRESSION_ALGORITHM 341 +#define SSL_R_INVALID_PURPOSE 278 +#define SSL_R_INVALID_SRP_USERNAME 357 +#define SSL_R_INVALID_STATUS_RESPONSE 328 +#define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +#define SSL_R_INVALID_TRUST 279 +#define SSL_R_KEY_ARG_TOO_LONG 284 +#define SSL_R_KRB5 285 +#define SSL_R_KRB5_C_CC_PRINC 286 +#define SSL_R_KRB5_C_GET_CRED 287 +#define SSL_R_KRB5_C_INIT 288 +#define SSL_R_KRB5_C_MK_REQ 289 +#define SSL_R_KRB5_S_BAD_TICKET 290 +#define SSL_R_KRB5_S_INIT 291 +#define SSL_R_KRB5_S_RD_REQ 292 +#define SSL_R_KRB5_S_TKT_EXPIRED 293 +#define SSL_R_KRB5_S_TKT_NYV 294 +#define SSL_R_KRB5_S_TKT_SKEW 295 +#define SSL_R_LENGTH_MISMATCH 159 +#define SSL_R_LENGTH_TOO_SHORT 160 +#define SSL_R_LIBRARY_BUG 274 +#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 +#define SSL_R_MESSAGE_TOO_LONG 296 +#define SSL_R_MISSING_DH_DSA_CERT 162 +#define SSL_R_MISSING_DH_KEY 163 +#define SSL_R_MISSING_DH_RSA_CERT 164 +#define SSL_R_MISSING_DSA_SIGNING_CERT 165 +#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 +#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 +#define SSL_R_MISSING_RSA_CERTIFICATE 168 +#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 +#define SSL_R_MISSING_RSA_SIGNING_CERT 170 +#define SSL_R_MISSING_SRP_PARAM 358 +#define SSL_R_MISSING_TMP_DH_KEY 171 +#define SSL_R_MISSING_TMP_ECDH_KEY 311 +#define SSL_R_MISSING_TMP_RSA_KEY 172 +#define SSL_R_MISSING_TMP_RSA_PKEY 173 +#define SSL_R_MISSING_VERIFY_MESSAGE 174 +#define SSL_R_MULTIPLE_SGC_RESTARTS 346 +#define SSL_R_NON_SSLV2_INITIAL_PACKET 175 +#define SSL_R_NO_APPLICATION_PROTOCOL 235 +#define SSL_R_NO_CERTIFICATES_RETURNED 176 +#define SSL_R_NO_CERTIFICATE_ASSIGNED 177 +#define SSL_R_NO_CERTIFICATE_RETURNED 178 +#define SSL_R_NO_CERTIFICATE_SET 179 +#define SSL_R_NO_CERTIFICATE_SPECIFIED 180 +#define SSL_R_NO_CIPHERS_AVAILABLE 181 +#define SSL_R_NO_CIPHERS_PASSED 182 +#define SSL_R_NO_CIPHERS_SPECIFIED 183 +#define SSL_R_NO_CIPHER_LIST 184 +#define SSL_R_NO_CIPHER_MATCH 185 +#define SSL_R_NO_CLIENT_CERT_METHOD 331 +#define SSL_R_NO_CLIENT_CERT_RECEIVED 186 +#define SSL_R_NO_COMPRESSION_SPECIFIED 187 +#define SSL_R_NO_METHOD_SPECIFIED 188 +#define SSL_R_NO_PRIVATEKEY 189 +#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 +#define SSL_R_NO_PROTOCOLS_AVAILABLE 191 +#define SSL_R_NO_PUBLICKEY 192 +#define SSL_R_NO_RENEGOTIATION 339 +#define SSL_R_NO_REQUIRED_DIGEST 324 +#define SSL_R_NO_SHARED_CIPHER 193 +#define SSL_R_NO_SRTP_PROFILES 359 +#define SSL_R_NO_VERIFY_CALLBACK 194 +#define SSL_R_NULL_SSL_CTX 195 +#define SSL_R_NULL_SSL_METHOD_PASSED 196 +#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 +#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344 +#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297 +#define SSL_R_PACKET_LENGTH_TOO_LONG 198 +#define SSL_R_PARSE_TLSEXT 227 +#define SSL_R_PATH_TOO_LONG 270 +#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 +#define SSL_R_PEER_ERROR 200 +#define SSL_R_PEER_ERROR_CERTIFICATE 201 +#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 +#define SSL_R_PEER_ERROR_NO_CIPHER 203 +#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 +#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 +#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 +#define SSL_R_PROTOCOL_IS_SHUTDOWN 207 +#define SSL_R_PSK_IDENTITY_NOT_FOUND 223 +#define SSL_R_PSK_NO_CLIENT_CB 224 +#define SSL_R_PSK_NO_SERVER_CB 225 +#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 +#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 +#define SSL_R_PUBLIC_KEY_NOT_RSA 210 +#define SSL_R_READ_BIO_NOT_SET 211 +#define SSL_R_READ_TIMEOUT_EXPIRED 312 +#define SSL_R_READ_WRONG_PACKET_TYPE 212 +#define SSL_R_RECORD_LENGTH_MISMATCH 213 +#define SSL_R_RECORD_TOO_LARGE 214 +#define SSL_R_RECORD_TOO_SMALL 298 +#define SSL_R_RENEGOTIATE_EXT_TOO_LONG 335 +#define SSL_R_RENEGOTIATION_ENCODING_ERR 336 +#define SSL_R_RENEGOTIATION_MISMATCH 337 +#define SSL_R_REQUIRED_CIPHER_MISSING 215 +#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING 342 +#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 +#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 +#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 +#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 +#define SSL_R_SERVERHELLO_TLSEXT 275 +#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +#define SSL_R_SHORT_READ 219 +#define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 +#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 +#define SSL_R_SRP_A_CALC 361 +#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 +#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 +#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 +#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 +#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299 +#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 +#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 +#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300 +#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 +#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 +#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044 +#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046 +#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030 +#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 +#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 +#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 +#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 +#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 +#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 +#define SSL_R_SSL_HANDSHAKE_FAILURE 229 +#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 +#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301 +#define SSL_R_SSL_SESSION_ID_CONFLICT 302 +#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 +#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303 +#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 +#define SSL_R_SSL_SESSION_ID_TOO_LONG 408 +#define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 +#define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 +#define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120 +#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 +#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 +#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 +#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 +#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 +#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 +#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 +#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 +#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 +#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 +#define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115 +#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 +#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 +#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +#define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 +#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT 365 +#define SSL_R_TLS_HEARTBEAT_PENDING 366 +#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL 367 +#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST 157 +#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 +#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 +#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 +#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313 +#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 +#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 +#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314 +#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 +#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 +#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 +#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 +#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 +#define SSL_R_UNEXPECTED_MESSAGE 244 +#define SSL_R_UNEXPECTED_RECORD 245 +#define SSL_R_UNINITIALIZED 276 +#define SSL_R_UNKNOWN_ALERT_TYPE 246 +#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 +#define SSL_R_UNKNOWN_CIPHER_RETURNED 248 +#define SSL_R_UNKNOWN_CIPHER_TYPE 249 +#define SSL_R_UNKNOWN_DIGEST 368 +#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 +#define SSL_R_UNKNOWN_PKEY_TYPE 251 +#define SSL_R_UNKNOWN_PROTOCOL 252 +#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 +#define SSL_R_UNKNOWN_SSL_VERSION 254 +#define SSL_R_UNKNOWN_STATE 255 +#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED 338 +#define SSL_R_UNSUPPORTED_CIPHER 256 +#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 +#define SSL_R_UNSUPPORTED_DIGEST_TYPE 326 +#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315 +#define SSL_R_UNSUPPORTED_PROTOCOL 258 +#define SSL_R_UNSUPPORTED_SSL_VERSION 259 +#define SSL_R_UNSUPPORTED_STATUS_TYPE 329 +#define SSL_R_USE_SRTP_NOT_NEGOTIATED 369 +#define SSL_R_VERSION_TOO_LOW 396 +#define SSL_R_WRITE_BIO_NOT_SET 260 +#define SSL_R_WRONG_CIPHER_RETURNED 261 +#define SSL_R_WRONG_CURVE 378 +#define SSL_R_WRONG_MESSAGE_TYPE 262 +#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 +#define SSL_R_WRONG_SIGNATURE_LENGTH 264 +#define SSL_R_WRONG_SIGNATURE_SIZE 265 +#define SSL_R_WRONG_SIGNATURE_TYPE 370 +#define SSL_R_WRONG_SSL_VERSION 266 +#define SSL_R_WRONG_VERSION_NUMBER 267 +#define SSL_R_X509_LIB 268 +#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 +#define SSL_R_PEER_BEHAVING_BADLY 666 +#define SSL_R_QUIC_INTERNAL_ERROR 667 +#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 668 +#define SSL_R_UNKNOWN 999 + +/* + * OpenSSL compatible OPENSSL_INIT options + */ + +/* + * These are provided for compatibility, but have no effect + * on how LibreSSL is initialized. + */ +#define OPENSSL_INIT_LOAD_SSL_STRINGS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_SSL_DEFAULT _OPENSSL_INIT_FLAG_NOOP + +int OPENSSL_init_ssl(uint64_t opts, const void *settings); +int SSL_library_init(void); + +/* + * A few things still use this without #ifdef guard. + */ + +#define SSL2_VERSION 0x0002 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/ssl3.h b/includes/curl/openssl/ssl3.h new file mode 100644 index 0000000..1b1110b --- /dev/null +++ b/includes/curl/openssl/ssl3.h @@ -0,0 +1,441 @@ +/* $OpenBSD: ssl3.h,v 1.60 2024/03/02 11:47:41 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECC cipher suite support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_SSL3_H +#define HEADER_SSL3_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. */ +#define SSL3_CK_SCSV 0x030000FF + +/* TLS_FALLBACK_SCSV from draft-ietf-tls-downgrade-scsv-03. */ +#define SSL3_CK_FALLBACK_SCSV 0x03005600 + +#define SSL3_CK_RSA_NULL_MD5 0x03000001 +#define SSL3_CK_RSA_NULL_SHA 0x03000002 +#define SSL3_CK_RSA_RC4_40_MD5 0x03000003 +#define SSL3_CK_RSA_RC4_128_MD5 0x03000004 +#define SSL3_CK_RSA_RC4_128_SHA 0x03000005 +#define SSL3_CK_RSA_RC2_40_MD5 0x03000006 +#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007 +#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008 +#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009 +#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A + +#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B +#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C +#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D +#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E +#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F +#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010 + +#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011 +#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012 +#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013 +#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014 +#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015 +#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016 + +#define SSL3_CK_ADH_RC4_40_MD5 0x03000017 +#define SSL3_CK_ADH_RC4_128_MD5 0x03000018 +#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019 +#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A +#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B + +/* VRS Additional Kerberos5 entries + */ +#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E +#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F +#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 +#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 +#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 +#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 +#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 +#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 + +#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 +#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 +#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 +#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 +#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A +#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B + +#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" +#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" +#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5" +#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA" +#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5" +#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA" +#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA" +#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA" + +#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA" +#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA" +#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA" +#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA" +#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA" +#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA" + +#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5" +#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5" +#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" +#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" + +#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" +#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" +#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" +#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" +#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" + +#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" +#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" +#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" +#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" +#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" +#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" + +#define SSL3_SSL_SESSION_ID_LENGTH 32 +#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 + +#define SSL3_MASTER_SECRET_SIZE 48 +#define SSL3_RANDOM_SIZE 32 +#define SSL3_SEQUENCE_SIZE 8 +#define SSL3_SESSION_ID_SIZE 32 +#define SSL3_CIPHER_VALUE_SIZE 2 + +#define SSL3_RT_HEADER_LENGTH 5 +#define SSL3_HM_HEADER_LENGTH 4 + +#define SSL3_ALIGN_PAYLOAD 8 + +/* This is the maximum MAC (digest) size used by the SSL library. + * Currently maximum of 20 is used by SHA1, but we reserve for + * future extension for 512-bit hashes. + */ + +#define SSL3_RT_MAX_MD_SIZE 64 + +/* Maximum block size used in all ciphersuites. Currently 16 for AES. + */ + +#define SSL_RT_MAX_CIPHER_BLOCK_SIZE 16 + +#define SSL3_RT_MAX_EXTRA (16384) + +/* Maximum plaintext length: defined by SSL/TLS standards */ +#define SSL3_RT_MAX_PLAIN_LENGTH 16384 +/* Maximum compression overhead: defined by SSL/TLS standards */ +#define SSL3_RT_MAX_COMPRESSED_OVERHEAD 1024 + +/* The standards give a maximum encryption overhead of 1024 bytes. + * In practice the value is lower than this. The overhead is the maximum + * number of padding bytes (256) plus the mac size. + */ +#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD (256 + SSL3_RT_MAX_MD_SIZE) + +/* OpenSSL currently only uses a padding length of at most one block so + * the send overhead is smaller. + */ + +#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \ + (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE) + +/* If compression isn't used don't include the compression overhead */ +#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH +#define SSL3_RT_MAX_ENCRYPTED_LENGTH \ + (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH) +#define SSL3_RT_MAX_PACKET_SIZE \ + (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) + +#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" +#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" + +#define SSL3_VERSION 0x0300 +#define SSL3_VERSION_MAJOR 0x03 +#define SSL3_VERSION_MINOR 0x00 + +#define SSL3_RT_CHANGE_CIPHER_SPEC 20 +#define SSL3_RT_ALERT 21 +#define SSL3_RT_HANDSHAKE 22 +#define SSL3_RT_APPLICATION_DATA 23 + +#define SSL3_AL_WARNING 1 +#define SSL3_AL_FATAL 2 + +#ifndef LIBRESSL_INTERNAL +#define SSL3_AD_CLOSE_NOTIFY 0 +#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */ +#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */ +#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */ +#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */ +#define SSL3_AD_NO_CERTIFICATE 41 +#define SSL3_AD_BAD_CERTIFICATE 42 +#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43 +#define SSL3_AD_CERTIFICATE_REVOKED 44 +#define SSL3_AD_CERTIFICATE_EXPIRED 45 +#define SSL3_AD_CERTIFICATE_UNKNOWN 46 +#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */ +#endif + +#define TLS1_HB_REQUEST 1 +#define TLS1_HB_RESPONSE 2 + +#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 +#define TLS1_FLAGS_FREEZE_TRANSCRIPT 0x0020 +#define SSL3_FLAGS_CCS_OK 0x0080 + +/* SSLv3 */ +/*client */ +/* extra state */ +#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT) +/* write to server */ +#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT) +#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT) +#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT) +#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT) +#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT) +#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT) +/* write to server */ +#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT) +#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT) +#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT) +#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT) +#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT) +#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT) +/* read from server */ +#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT) +#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_A (0x1E0|SSL_ST_CONNECT) +#define SSL3_ST_CR_SESSION_TICKET_B (0x1E1|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_A (0x1F0|SSL_ST_CONNECT) +#define SSL3_ST_CR_CERT_STATUS_B (0x1F1|SSL_ST_CONNECT) + +/* server */ +/* extra state */ +#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT) +/* read from client */ +/* Do not change the number values, they do matter */ +#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT) +/* write to client */ +#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT) +#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT) +#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT) +#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT) +/* read from client */ +#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT) +#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT) +#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT) +#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT) +/* write to client */ +#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_A (0x1F0|SSL_ST_ACCEPT) +#define SSL3_ST_SW_SESSION_TICKET_B (0x1F1|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_A (0x200|SSL_ST_ACCEPT) +#define SSL3_ST_SW_CERT_STATUS_B (0x201|SSL_ST_ACCEPT) + +#define SSL3_MT_HELLO_REQUEST 0 +#define SSL3_MT_CLIENT_HELLO 1 +#define SSL3_MT_SERVER_HELLO 2 +#define SSL3_MT_NEWSESSION_TICKET 4 +#define SSL3_MT_CERTIFICATE 11 +#define SSL3_MT_SERVER_KEY_EXCHANGE 12 +#define SSL3_MT_CERTIFICATE_REQUEST 13 +#define SSL3_MT_SERVER_DONE 14 +#define SSL3_MT_CERTIFICATE_VERIFY 15 +#define SSL3_MT_CLIENT_KEY_EXCHANGE 16 +#define SSL3_MT_FINISHED 20 +#define SSL3_MT_CERTIFICATE_STATUS 22 + +#define DTLS1_MT_HELLO_VERIFY_REQUEST 3 + +#define SSL3_MT_CCS 1 + +#ifndef LIBRESSL_INTERNAL +/* These are used when changing over to a new cipher */ +#define SSL3_CC_READ 0x01 +#define SSL3_CC_WRITE 0x02 +#define SSL3_CC_CLIENT 0x10 +#define SSL3_CC_SERVER 0x20 +#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE) +#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ) +#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE) +#endif + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/stack.h b/includes/curl/openssl/stack.h new file mode 100644 index 0000000..783ccb4 --- /dev/null +++ b/includes/curl/openssl/stack.h @@ -0,0 +1,99 @@ +/* $OpenBSD: stack.h,v 1.11 2024/03/02 11:20:36 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_STACK_H +#define HEADER_STACK_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct stack_st _STACK; + +#define M_sk_num(sk) ((sk) ? (sk)->num:-1) +#define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) + +int sk_num(const _STACK *); +void *sk_value(const _STACK *, int); + +void *sk_set(_STACK *, int, void *); + +_STACK *sk_new(int (*cmp)(const void *, const void *)); +_STACK *sk_new_null(void); +void sk_free(_STACK *); +void sk_pop_free(_STACK *st, void (*func)(void *)); +int sk_insert(_STACK *sk, void *data, int where); +void *sk_delete(_STACK *st, int loc); +void *sk_delete_ptr(_STACK *st, void *p); +int sk_find(_STACK *st, void *data); +int sk_push(_STACK *st, void *data); +int sk_unshift(_STACK *st, void *data); +void *sk_shift(_STACK *st); +void *sk_pop(_STACK *st); +void sk_zero(_STACK *st); +int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))( + const void *, const void *); +_STACK *sk_dup(_STACK *st); +void sk_sort(_STACK *st); +int sk_is_sorted(const _STACK *st); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/tls1.h b/includes/curl/openssl/tls1.h new file mode 100644 index 0000000..d018fce --- /dev/null +++ b/includes/curl/openssl/tls1.h @@ -0,0 +1,764 @@ +/* $OpenBSD: tls1.h,v 1.60 2024/10/23 01:57:19 jsg Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * ECC cipher suite support in OpenSSL originally written by + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#ifndef HEADER_TLS1_H +#define HEADER_TLS1_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define OPENSSL_TLS_SECURITY_LEVEL 1 + +#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 + +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define TLS1_3_VERSION 0x0304 +#endif + +#define TLS1_2_VERSION 0x0303 +#define TLS1_2_VERSION_MAJOR 0x03 +#define TLS1_2_VERSION_MINOR 0x03 + +#define TLS1_1_VERSION 0x0302 +#define TLS1_1_VERSION_MAJOR 0x03 +#define TLS1_1_VERSION_MINOR 0x02 + +#define TLS1_VERSION 0x0301 +#define TLS1_VERSION_MAJOR 0x03 +#define TLS1_VERSION_MINOR 0x01 + +#ifndef LIBRESSL_INTERNAL +#define TLS1_AD_DECRYPTION_FAILED 21 +#define TLS1_AD_RECORD_OVERFLOW 22 +#define TLS1_AD_UNKNOWN_CA 48 /* fatal */ +#define TLS1_AD_ACCESS_DENIED 49 /* fatal */ +#define TLS1_AD_DECODE_ERROR 50 /* fatal */ +#define TLS1_AD_DECRYPT_ERROR 51 +#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ +#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ +#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ +#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ +/* Code 86 from RFC 7507. */ +#define TLS1_AD_INAPPROPRIATE_FALLBACK 86 /* fatal */ +#define TLS1_AD_USER_CANCELLED 90 +#define TLS1_AD_NO_RENEGOTIATION 100 +/* Codes 110-114 from RFC 3546. */ +#define TLS1_AD_UNSUPPORTED_EXTENSION 110 +#define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111 +#define TLS1_AD_UNRECOGNIZED_NAME 112 +#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113 +#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114 +/* Code 115 from RFC 4279. */ +#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */ +#endif + +/* + * TLS ExtensionType values. + * + * https://www.iana.org/assignments/tls-extensiontype-values/ + */ + +/* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */ +#define TLSEXT_TYPE_server_name 0 +#define TLSEXT_TYPE_max_fragment_length 1 +#define TLSEXT_TYPE_client_certificate_url 2 +#define TLSEXT_TYPE_trusted_ca_keys 3 +#define TLSEXT_TYPE_truncated_hmac 4 +#define TLSEXT_TYPE_status_request 5 + +/* ExtensionType values from RFC 4681. */ +#define TLSEXT_TYPE_user_mapping 6 + +/* ExtensionType values from RFC 5878. */ +#define TLSEXT_TYPE_client_authz 7 +#define TLSEXT_TYPE_server_authz 8 + +/* ExtensionType values from RFC 6091. */ +#define TLSEXT_TYPE_cert_type 9 + +/* ExtensionType values from RFC 7919. */ +#define TLSEXT_TYPE_supported_groups 10 + +/* ExtensionType values from RFC 4492. */ +#ifndef LIBRESSL_INTERNAL +#define TLSEXT_TYPE_elliptic_curves TLSEXT_TYPE_supported_groups +#endif +#define TLSEXT_TYPE_ec_point_formats 11 + +/* ExtensionType value from RFC 5054. */ +#define TLSEXT_TYPE_srp 12 + +/* ExtensionType value from RFC 5246/RFC 8446. */ +#define TLSEXT_TYPE_signature_algorithms 13 + +/* ExtensionType value from RFC 5764. */ +#define TLSEXT_TYPE_use_srtp 14 + +/* ExtensionType value from RFC 5620. */ +#define TLSEXT_TYPE_heartbeat 15 + +/* ExtensionType value from RFC 7301. */ +#define TLSEXT_TYPE_application_layer_protocol_negotiation 16 + +/* ExtensionType value from RFC 7685. */ +#define TLSEXT_TYPE_padding 21 + +/* ExtensionType value from RFC 4507. */ +#define TLSEXT_TYPE_session_ticket 35 + +/* ExtensionType values from RFC 8446 section 4.2 */ +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define TLSEXT_TYPE_pre_shared_key 41 +#define TLSEXT_TYPE_early_data 42 +#define TLSEXT_TYPE_supported_versions 43 +#define TLSEXT_TYPE_cookie 44 +#define TLSEXT_TYPE_psk_key_exchange_modes 45 +#define TLSEXT_TYPE_certificate_authorities 47 +#define TLSEXT_TYPE_oid_filters 48 +#define TLSEXT_TYPE_post_handshake_auth 49 +#define TLSEXT_TYPE_signature_algorithms_cert 50 +#define TLSEXT_TYPE_key_share 51 +#endif + +/* ExtensionType value from RFC 9001 section 8.2 */ +#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL) +#define TLSEXT_TYPE_quic_transport_parameters 57 +#endif + +/* + * TLS 1.3 extension names from OpenSSL, where they decided to use a different + * name from that given in RFC 8446. + */ +#if defined(LIBRESSL_HAS_TLS1_3) +#define TLSEXT_TYPE_psk TLSEXT_TYPE_pre_shared_key +#define TLSEXT_TYPE_psk_kex_modes TLSEXT_TYPE_psk_key_exchange_modes +#endif + +/* Temporary extension type */ +#define TLSEXT_TYPE_renegotiate 0xff01 + +/* NameType value from RFC 3546. */ +#define TLSEXT_NAMETYPE_host_name 0 +/* status request value from RFC 3546 */ +#define TLSEXT_STATUSTYPE_ocsp 1 + +/* ECPointFormat values from RFC 4492. */ +#define TLSEXT_ECPOINTFORMAT_first 0 +#define TLSEXT_ECPOINTFORMAT_uncompressed 0 +#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime 1 +#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2 +#define TLSEXT_ECPOINTFORMAT_last 2 + +#define TLSEXT_MAXLEN_host_name 255 + +const char *SSL_get_servername(const SSL *s, const int type); +int SSL_get_servername_type(const SSL *s); +/* SSL_export_keying_material exports a value derived from the master secret, + * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and + * optional context. (Since a zero length context is allowed, the |use_context| + * flag controls whether a context is included.) + * + * It returns 1 on success and zero otherwise. + */ +int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, + const char *label, size_t llen, const unsigned char *p, size_t plen, + int use_context); + +int SSL_get_signature_type_nid(const SSL *ssl, int *nid); +int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid); + +#define SSL_set_tlsext_host_name(s,name) \ +SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) + +#define SSL_set_tlsext_debug_callback(ssl, cb) \ +SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) + +#define SSL_set_tlsext_debug_arg(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) + +#define SSL_get_tlsext_status_type(ssl) \ +SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL) + +#define SSL_set_tlsext_status_type(ssl, type) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) + +#define SSL_get_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_set_tlsext_status_exts(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) + +#define SSL_get_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_set_tlsext_status_ids(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) + +#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) + +#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) + +#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ +SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) + +#define SSL_TLSEXT_ERR_OK 0 +#define SSL_TLSEXT_ERR_ALERT_WARNING 1 +#define SSL_TLSEXT_ERR_ALERT_FATAL 2 +#define SSL_TLSEXT_ERR_NOACK 3 + +#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ +SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) + +#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) +#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ + SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) + +#define SSL_CTX_get_tlsext_status_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) +#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) + +#define SSL_CTX_get_tlsext_status_arg(ssl, arg) \ +SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg) +#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg) + +#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) + +/* PSK ciphersuites from RFC 4279. */ +#define TLS1_CK_PSK_WITH_RC4_128_SHA 0x0300008A +#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA 0x0300008B +#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C +#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D + +/* Additional TLS ciphersuites from expired Internet Draft + * draft-ietf-tls-56-bit-ciphersuites-01.txt + * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see + * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably + * shouldn't. Note that the first two are actually not in the IDs. */ +#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 /* not in ID */ +#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 /* not in ID */ +#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 +#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 +#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 +#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 +#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 + +/* AES ciphersuites from RFC 3268. */ + +#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F +#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 +#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 +#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 +#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 +#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 + +#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 +#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 +#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 +#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 +#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 +#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A + +/* TLS v1.2 ciphersuites */ +#define TLS1_CK_RSA_WITH_NULL_SHA256 0x0300003B +#define TLS1_CK_RSA_WITH_AES_128_SHA256 0x0300003C +#define TLS1_CK_RSA_WITH_AES_256_SHA256 0x0300003D +#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256 0x0300003E +#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F +#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040 + +/* Camellia ciphersuites from RFC 4132. */ +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045 +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046 + +/* TLS v1.2 ciphersuites */ +#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256 0x03000067 +#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256 0x03000068 +#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256 0x03000069 +#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256 0x0300006A +#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256 0x0300006B +#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C +#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D + +/* Camellia ciphersuites from RFC 4132. */ +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089 + +/* SEED ciphersuites from RFC 4162. */ +#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096 +#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097 +#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098 +#define TLS1_CK_DHE_DSS_WITH_SEED_SHA 0x03000099 +#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A +#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B + +/* TLS v1.2 GCM ciphersuites from RFC 5288. */ +#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C +#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D +#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E +#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384 0x0300009F +#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256 0x030000A0 +#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384 0x030000A1 +#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256 0x030000A2 +#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384 0x030000A3 +#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256 0x030000A4 +#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384 0x030000A5 +#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6 +#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7 + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BA +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BB +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BC +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 0x030000BD +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0x030000BE +#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256 0x030000BF + +#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C0 +#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C1 +#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C2 +#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 0x030000C3 +#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0x030000C4 +#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256 0x030000C5 + +/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define TLS1_3_CK_AES_128_GCM_SHA256 0x03001301 +#define TLS1_3_CK_AES_256_GCM_SHA384 0x03001302 +#define TLS1_3_CK_CHACHA20_POLY1305_SHA256 0x03001303 +#define TLS1_3_CK_AES_128_CCM_SHA256 0x03001304 +#define TLS1_3_CK_AES_128_CCM_8_SHA256 0x03001305 +#endif + +/* ECC ciphersuites from RFC 4492. */ +#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001 +#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002 +#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005 + +#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006 +#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007 +#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A + +#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B +#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C +#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D +#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E +#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F + +#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010 +#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011 +#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014 + +#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015 +#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016 +#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017 +#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018 +#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019 + +/* SRP ciphersuites from RFC 5054. */ +#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA 0x0300C01A +#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA 0x0300C01B +#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA 0x0300C01C +#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA 0x0300C01D +#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA 0x0300C01E +#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA 0x0300C01F +#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA 0x0300C020 +#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021 +#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022 + +/* ECDH HMAC based ciphersuites from RFC 5289. */ +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023 +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256 0x0300C025 +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384 0x0300C026 +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256 0x0300C027 +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 0x0300C028 +#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029 +#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A + +/* ECDH GCM based ciphersuites from RFC 5289. */ +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B +#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C +#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D +#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02E +#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0x0300C02F +#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0x0300C030 +#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 +#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 + +/* ChaCha20-Poly1305 based ciphersuites. */ +#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305 0x0300CCA8 +#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305 0x0300CCA9 +#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305 0x0300CCAA + +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" +#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" +#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" +#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" +#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" +#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" + +/* AES ciphersuites from RFC 3268. */ +#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA" +#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA" + +#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA" +#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA" + +/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */ +#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA" + +#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA" + +#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA" + +#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA" +#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA" +#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA" +#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA" + +/* PSK ciphersuites from RFC 4279. */ +#define TLS1_TXT_PSK_WITH_RC4_128_SHA "PSK-RC4-SHA" +#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA "PSK-3DES-EDE-CBC-SHA" +#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA" +#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA" + +/* SRP ciphersuite from RFC 5054. */ +#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA "SRP-DSS-3DES-EDE-CBC-SHA" +#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA "SRP-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA "SRP-RSA-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA "SRP-DSS-AES-128-CBC-SHA" +#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA "SRP-AES-256-CBC-SHA" +#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA" +#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA" + +/* Camellia ciphersuites from RFC 4132. */ +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA" + +/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ +#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256 "CAMELLIA128-SHA256" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DH-DSS-CAMELLIA128-SHA256" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DH-RSA-CAMELLIA128-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 "DHE-DSS-CAMELLIA128-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "DHE-RSA-CAMELLIA128-SHA256" +#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256 "ADH-CAMELLIA128-SHA256" + +#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256 "CAMELLIA256-SHA256" +#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DH-DSS-CAMELLIA256-SHA256" +#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DH-RSA-CAMELLIA256-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 "DHE-DSS-CAMELLIA256-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 "DHE-RSA-CAMELLIA256-SHA256" +#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256 "ADH-CAMELLIA256-SHA256" + +/* SEED ciphersuites from RFC 4162. */ +#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA" +#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA" +#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA" +#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA "DHE-DSS-SEED-SHA" +#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA "DHE-RSA-SEED-SHA" +#define TLS1_TXT_ADH_WITH_SEED_SHA "ADH-SEED-SHA" + +/* TLS v1.2 ciphersuites. */ +#define TLS1_TXT_RSA_WITH_NULL_SHA256 "NULL-SHA256" +#define TLS1_TXT_RSA_WITH_AES_128_SHA256 "AES128-SHA256" +#define TLS1_TXT_RSA_WITH_AES_256_SHA256 "AES256-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256 "DH-DSS-AES128-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256 "DH-RSA-AES128-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256 "DHE-DSS-AES128-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256 "DHE-RSA-AES128-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256 "DH-DSS-AES256-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256 "DH-RSA-AES256-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256 "DHE-DSS-AES256-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256 "DHE-RSA-AES256-SHA256" +#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256" +#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256" + +/* TLS v1.2 GCM ciphersuites from RFC 5288. */ +#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256" +#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384" +#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384 "DHE-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256 "DH-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384 "DH-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256 "DHE-DSS-AES128-GCM-SHA256" +#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384 "DHE-DSS-AES256-GCM-SHA384" +#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256 "DH-DSS-AES128-GCM-SHA256" +#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384 "DH-DSS-AES256-GCM-SHA384" +#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256" +#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384" + +/* ECDH HMAC based ciphersuites from RFC 5289. */ +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256 "ECDH-ECDSA-AES128-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384 "ECDH-ECDSA-AES256-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256 "ECDHE-RSA-AES128-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384 "ECDHE-RSA-AES256-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384" + +/* ECDH GCM based ciphersuites from RFC 5289. */ +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 "ECDHE-ECDSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 "ECDHE-ECDSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 "ECDH-ECDSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 "ECDH-ECDSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 "ECDHE-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384 "ECDHE-RSA-AES256-GCM-SHA384" +#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" +#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" + +/* ChaCha20-Poly1305 based ciphersuites. */ +#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305 "ECDHE-RSA-CHACHA20-POLY1305" +#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 "ECDHE-ECDSA-CHACHA20-POLY1305" +#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305 "DHE-RSA-CHACHA20-POLY1305" + +/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */ +#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL) +#define TLS1_3_TXT_AES_128_GCM_SHA256 "AEAD-AES128-GCM-SHA256" +#define TLS1_3_TXT_AES_256_GCM_SHA384 "AEAD-AES256-GCM-SHA384" +#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256 "AEAD-CHACHA20-POLY1305-SHA256" +#define TLS1_3_TXT_AES_128_CCM_SHA256 "AEAD-AES128-CCM-SHA256" +#define TLS1_3_TXT_AES_128_CCM_8_SHA256 "AEAD-AES128-CCM-8-SHA256" + +#define TLS1_3_RFC_AES_128_GCM_SHA256 "TLS_AES_128_GCM_SHA256" +#define TLS1_3_RFC_AES_256_GCM_SHA384 "TLS_AES_256_GCM_SHA384" +#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256 "TLS_CHACHA20_POLY1305_SHA256" +#define TLS1_3_RFC_AES_128_CCM_SHA256 "TLS_AES_128_CCM_SHA256" +#define TLS1_3_RFC_AES_128_CCM_8_SHA256 "TLS_AES_128_CCM_8_SHA256" +#endif + +#define TLS1_FINISH_MAC_LENGTH 12 + +#define TLS_MD_MAX_CONST_SIZE 20 +#define TLS_MD_CLIENT_FINISH_CONST "client finished" +#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15 +#define TLS_MD_SERVER_FINISH_CONST "server finished" +#define TLS_MD_SERVER_FINISH_CONST_SIZE 15 +#define TLS_MD_KEY_EXPANSION_CONST "key expansion" +#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13 +#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key" +#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key" +#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16 +#define TLS_MD_IV_BLOCK_CONST "IV block" +#define TLS_MD_IV_BLOCK_CONST_SIZE 8 +#define TLS_MD_MASTER_SECRET_CONST "master secret" +#define TLS_MD_MASTER_SECRET_CONST_SIZE 13 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/ts.h b/includes/curl/openssl/ts.h new file mode 100644 index 0000000..c2b2a9e --- /dev/null +++ b/includes/curl/openssl/ts.h @@ -0,0 +1,660 @@ +/* $OpenBSD: ts.h,v 1.24 2024/03/26 00:39:22 beck Exp $ */ +/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL + * project 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_H +#define HEADER_TS_H + +#include + +#ifndef OPENSSL_NO_BUFFER +#include +#endif +#ifndef OPENSSL_NO_EVP +#include +#endif +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#include + +#ifndef OPENSSL_NO_RSA +#include +#endif + +#ifndef OPENSSL_NO_DSA +#include +#endif + +#ifndef OPENSSL_NO_DH +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +typedef struct TS_msg_imprint_st TS_MSG_IMPRINT; +typedef struct TS_req_st TS_REQ; +typedef struct TS_accuracy_st TS_ACCURACY; +typedef struct TS_tst_info_st TS_TST_INFO; + +/* Possible values for status. */ +#define TS_STATUS_GRANTED 0 +#define TS_STATUS_GRANTED_WITH_MODS 1 +#define TS_STATUS_REJECTION 2 +#define TS_STATUS_WAITING 3 +#define TS_STATUS_REVOCATION_WARNING 4 +#define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. */ +#define TS_INFO_BAD_ALG 0 +#define TS_INFO_BAD_REQUEST 2 +#define TS_INFO_BAD_DATA_FORMAT 5 +#define TS_INFO_TIME_NOT_AVAILABLE 14 +#define TS_INFO_UNACCEPTED_POLICY 15 +#define TS_INFO_UNACCEPTED_EXTENSION 16 +#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +#define TS_INFO_SYSTEM_FAILURE 25 + +typedef struct TS_status_info_st TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) + +typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL; +typedef struct ESS_cert_id ESS_CERT_ID; +DECLARE_STACK_OF(ESS_CERT_ID) +typedef struct ESS_signing_cert ESS_SIGNING_CERT; + +typedef struct ESS_cert_id_v2 ESS_CERT_ID_V2; +DECLARE_STACK_OF(ESS_CERT_ID_V2) + +typedef struct ESS_signing_cert_v2 ESS_SIGNING_CERT_V2; + +typedef struct TS_resp_st TS_RESP; + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, + unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, + unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_rsp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +const ASN1_UTF8STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *si); +const STACK_OF(ASN1_UTF8STRING) * + TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *si); +const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *si); +int TS_STATUS_INFO_set_status(TS_STATUS_INFO *si, int i); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* Declarations related to response generation, defined in ts/ts_rsp_sign.c. */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +#define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +#define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +#define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); + +/* This must return the seconds and microseconds since Jan 1, 1970 in + the sec and usec variables allocated by the caller. + Return non-zero for success and zero for failure. */ +typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec); + +/* This must process the given extension. + * It can modify the TS_TST_INFO object of the context. + * Return values: !0 (processed), 0 (error, it must set the + * status info/failure info of the response). + */ +typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +typedef struct TS_resp_ctx TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* Adds a new acceptable policy, only the default policy + is accepted by default. */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* Adds a new acceptable message digest. Note that no message digests + are accepted by default. The md argument is shared with the caller. */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* Clock precision digits, i.e. the number of decimal digits: + '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept sec precision. */ +#define TS_MAX_CLOCK_PRECISION_DIGITS 0 + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback uses gettimeofday() and gmtime(). */ +void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); + +/* Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_rsp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +#define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +#define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +#define TS_VFY_POLICY (1u << 2) +/* Verify the message imprint provided by the user. This flag should not be + specified with TS_VFY_DATA. */ +#define TS_VFY_IMPRINT (1u << 3) +/* Verify the message imprint computed by the verify method from the user + provided data and the MD algorithm of the response. This flag should not be + specified with TS_VFY_IMPRINT. */ +#define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +#define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +#define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +#define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. + */ + +/* Set all fields to zero. */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); + +int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int flags); +int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int flags); +BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *bio); +X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *store); +/* R$ special */ +#define TS_VERIFY_CTS_set_certs TS_VERIFY_CTX_set_certs +STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, + STACK_OF(X509) *certs); +unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx, + unsigned char *imprint, long imprint_len); + +/* + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_rsp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* Function declarations for handling configuration options, + defined in ts/ts_conf.c */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +void ERR_load_TS_strings(void); + +/* Error codes for the TS functions. */ + +/* Function codes. */ +#define TS_F_D2I_TS_RESP 147 +#define TS_F_DEF_SERIAL_CB 110 +#define TS_F_DEF_TIME_CB 111 +#define TS_F_ESS_ADD_SIGNING_CERT 112 +#define TS_F_ESS_CERT_ID_NEW_INIT 113 +#define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +#define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +#define TS_F_PKCS7_TO_TS_TST_INFO 148 +#define TS_F_TS_ACCURACY_SET_MICROS 115 +#define TS_F_TS_ACCURACY_SET_MILLIS 116 +#define TS_F_TS_ACCURACY_SET_SECONDS 117 +#define TS_F_TS_CHECK_IMPRINTS 100 +#define TS_F_TS_CHECK_NONCES 101 +#define TS_F_TS_CHECK_POLICY 102 +#define TS_F_TS_CHECK_SIGNING_CERTS 103 +#define TS_F_TS_CHECK_STATUS_INFO 104 +#define TS_F_TS_COMPUTE_IMPRINT 145 +#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +#define TS_F_TS_GET_STATUS_TEXT 105 +#define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +#define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +#define TS_F_TS_REQ_SET_NONCE 120 +#define TS_F_TS_REQ_SET_POLICY_ID 121 +#define TS_F_TS_RESP_CREATE_RESPONSE 122 +#define TS_F_TS_RESP_CREATE_TST_INFO 123 +#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +#define TS_F_TS_RESP_CTX_ADD_MD 125 +#define TS_F_TS_RESP_CTX_ADD_POLICY 126 +#define TS_F_TS_RESP_CTX_NEW 127 +#define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +#define TS_F_TS_RESP_CTX_SET_CERTS 129 +#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +#define TS_F_TS_RESP_GET_POLICY 133 +#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +#define TS_F_TS_RESP_SET_STATUS_INFO 135 +#define TS_F_TS_RESP_SET_TST_INFO 150 +#define TS_F_TS_RESP_SIGN 136 +#define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +#define TS_F_TS_RESP_VERIFY_TOKEN 107 +#define TS_F_TS_TST_INFO_SET_ACCURACY 137 +#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +#define TS_F_TS_TST_INFO_SET_NONCE 139 +#define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +#define TS_F_TS_TST_INFO_SET_SERIAL 141 +#define TS_F_TS_TST_INFO_SET_TIME 142 +#define TS_F_TS_TST_INFO_SET_TSA 143 +#define TS_F_TS_VERIFY 108 +#define TS_F_TS_VERIFY_CERT 109 +#define TS_F_TS_VERIFY_CTX_NEW 144 + +/* Reason codes. */ +#define TS_R_BAD_PKCS7_TYPE 132 +#define TS_R_BAD_TYPE 133 +#define TS_R_CERTIFICATE_VERIFY_ERROR 100 +#define TS_R_COULD_NOT_SET_ENGINE 127 +#define TS_R_COULD_NOT_SET_TIME 115 +#define TS_R_D2I_TS_RESP_INT_FAILED 128 +#define TS_R_DETACHED_CONTENT 134 +#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +#define TS_R_INVALID_NULL_POINTER 102 +#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +#define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +#define TS_R_NONCE_MISMATCH 104 +#define TS_R_NONCE_NOT_RETURNED 105 +#define TS_R_NO_CONTENT 106 +#define TS_R_NO_TIME_STAMP_TOKEN 107 +#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +#define TS_R_POLICY_MISMATCH 108 +#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +#define TS_R_RESPONSE_SETUP_ERROR 121 +#define TS_R_SIGNATURE_FAILURE 109 +#define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +#define TS_R_TIME_SYSCALL_ERROR 122 +#define TS_R_TOKEN_NOT_PRESENT 130 +#define TS_R_TOKEN_PRESENT 131 +#define TS_R_TSA_NAME_MISMATCH 111 +#define TS_R_TSA_UNTRUSTED 112 +#define TS_R_TST_INFO_SETUP_ERROR 123 +#define TS_R_TS_DATASIGN 124 +#define TS_R_UNACCEPTABLE_POLICY 125 +#define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +#define TS_R_UNSUPPORTED_VERSION 113 +#define TS_R_WRONG_CONTENT_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/txt_db.h b/includes/curl/openssl/txt_db.h new file mode 100644 index 0000000..56b6b42 --- /dev/null +++ b/includes/curl/openssl/txt_db.h @@ -0,0 +1,112 @@ +/* $OpenBSD: txt_db.h,v 1.9 2014/07/10 22:45:58 jsing Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_TXT_DB_H +#define HEADER_TXT_DB_H + +#include + +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include + +#define DB_ERROR_OK 0 +#define DB_ERROR_MALLOC 1 +#define DB_ERROR_INDEX_CLASH 2 +#define DB_ERROR_INDEX_OUT_OF_RANGE 3 +#define DB_ERROR_NO_INDEX 4 +#define DB_ERROR_INSERT_INDEX_CLASH 5 + +#ifdef __cplusplus +extern "C" { +#endif + +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { + int num_fields; + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual)(OPENSSL_STRING *); + long error; + long arg1; + long arg2; + OPENSSL_STRING *arg_row; +} TXT_DB; + +#ifndef OPENSSL_NO_BIO +TXT_DB *TXT_DB_read(BIO *in, int num); +long TXT_DB_write(BIO *out, TXT_DB *db); +#else +TXT_DB *TXT_DB_read(char *in, int num); +long TXT_DB_write(char *out, TXT_DB *db); +#endif +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); +void TXT_DB_free(TXT_DB *db); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/includes/curl/openssl/ui.h b/includes/curl/openssl/ui.h new file mode 100644 index 0000000..cc400c2 --- /dev/null +++ b/includes/curl/openssl/ui.h @@ -0,0 +1,397 @@ +/* $OpenBSD: ui.h,v 1.20 2025/03/09 15:25:53 tb Exp $ */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_UI_H +#define HEADER_UI_H + +#include + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Declared already in ossl_typ.h */ +/* typedef struct ui_st UI; */ +/* typedef struct ui_method_st UI_METHOD; */ + + +/* + * All the following functions return -1 or NULL on error and in some cases + * (UI_process()) -2 if interrupted or in some other way cancelled. + * When everything is fine, they return 0, a positive value or a non-NULL + * pointer, all depending on their purpose. + */ + +/* Creators and destructor. */ +UI *UI_new(void); +UI *UI_new_method(const UI_METHOD *method); +void UI_free(UI *ui); + +/* + * The following functions are used to add strings to be printed and prompt + * strings to prompt for data. The names are UI_{add,dup}__string + * and UI_{add,dup}_input_boolean. + * + * UI_{add,dup}__string have the following meanings: + * add add a text or prompt string. The pointers given to these + * functions are used verbatim, no copying is done. + * dup make a copy of the text or prompt string, then add the copy + * to the collection of strings in the user interface. + * + * The function is a name for the functionality that the given + * string shall be used for. It can be one of: + * input use the string as data prompt. + * verify use the string as verification prompt. This + * is used to verify a previous input. + * info use the string for informational output. + * error use the string for error output. + * Honestly, there's currently no difference between info and error for the + * moment. + * + * UI_{add,dup}_input_boolean have the same semantics for "add" and "dup", + * and are typically used when one wants to prompt for a yes/no response. + * + * All of the functions in this group take a UI and a prompt string. + * The string input and verify addition functions also take a flag argument, + * a buffer for the result to end up in, a minimum input size and a maximum + * input size (the result buffer MUST be large enough to be able to contain + * the maximum number of characters). Additionally, the verify addition + * functions takes another buffer to compare the result against. + * The boolean input functions take an action description string (which should + * be safe to ignore if the expected user action is obvious, for example with + * a dialog box with an OK button and a Cancel button), a string of acceptable + * characters to mean OK and to mean Cancel. The two last strings are checked + * to make sure they don't have common characters. Additionally, the same + * flag argument as for the string input is taken, as well as a result buffer. + * The result buffer is required to be at least one byte long. Depending on + * the answer, the first character from the OK or the Cancel character strings + * will be stored in the first byte of the result buffer. No NUL will be + * added, so the result is *not* a string. + * + * On success, the functions all return an index of the added information. + * That index is useful when retrieving results with UI_get0_result(). + */ +int UI_add_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_dup_input_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize); +int UI_add_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, const char *test_buf); +int UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, const char *test_buf); +int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); +int UI_add_info_string(UI *ui, const char *text); +int UI_dup_info_string(UI *ui, const char *text); +int UI_add_error_string(UI *ui, const char *text); +int UI_dup_error_string(UI *ui, const char *text); + +/* These are the possible flags. They can be or'ed together. */ +/* Use to have echoing of input */ +#define UI_INPUT_FLAG_ECHO 0x01 +/* + * Use a default password. Where that password is found is completely + * up to the application, it might for example be in the user data set + * with UI_add_user_data(). It is not recommended to have more than + * one input in each UI being marked with this flag, or the application + * might get confused. + */ +#define UI_INPUT_FLAG_DEFAULT_PWD 0x02 + +/* + * Users of these routines may want to define flags of their own. The core + * UI won't look at those, but will pass them on to the method routines. They + * must use higher bits so they don't get confused with the UI bits above. + * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use. A good + * example of use is this: + * + * #define MY_UI_FLAG1 (0x01 << UI_INPUT_FLAG_USER_BASE) + */ +#define UI_INPUT_FLAG_USER_BASE 16 + + +/* + * The following function helps construct a prompt. object_desc is a + * textual short description of the object, for example "pass phrase", + * and object_name is the name of the object (might be a card name or + * a file name. + * The returned string shall always be allocated on the heap with + * malloc(), and need to be free'd with free(). + * + * If the ui_method doesn't contain a pointer to a user-defined prompt + * constructor, a default string is built, looking like this: + * + * "Enter {object_desc} for {object_name}:" + * + * So, if object_desc has the value "pass phrase" and object_name has + * the value "foo.key", the resulting string is: + * + * "Enter pass phrase for foo.key:" + */ +char *UI_construct_prompt(UI *ui_method, const char *object_desc, + const char *object_name); + + +/* + * The following function is used to store a pointer to user-specific data. + * Any previous such pointer will be returned and replaced. + * + * For callback purposes, this function makes a lot more sense than using + * ex_data, since the latter requires that different parts of OpenSSL or + * applications share the same ex_data index. + * + * Note that the UI_OpenSSL() method completely ignores the user data. + * Other methods may not, however. + */ +void *UI_add_user_data(UI *ui, void *user_data); +/* We need a user data retrieving function as well. */ +void *UI_get0_user_data(UI *ui); + +/* Return the result associated with a prompt given with the index i. */ +const char *UI_get0_result(UI *ui, int i); + +/* When all strings have been added, process the whole thing. */ +int UI_process(UI *ui); + +/* + * Give a user interface parametrised control commands. This can be used to + * send down an integer, a data pointer or a function pointer, as well as + * be used to get information from a UI. + */ +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); + +/* The commands */ +/* + * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the + * OpenSSL error stack before printing any info or added error messages and + * before any prompting. + */ +#define UI_CTRL_PRINT_ERRORS 1 +/* + * Check if a UI_process() is possible to do again with the same instance of + * a user interface. This makes UI_ctrl() return 1 if it is redoable, and 0 + * if not. + */ +#define UI_CTRL_IS_REDOABLE 2 + + +/* Some methods may use extra data */ +#define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) +#define UI_get_app_data(s) UI_get_ex_data(s,0) +int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int UI_set_ex_data(UI *r, int idx, void *arg); +void *UI_get_ex_data(UI *r, int idx); + +/* Use specific methods instead of the built-in one */ +void UI_set_default_method(const UI_METHOD *meth); +const UI_METHOD *UI_get_default_method(void); +const UI_METHOD *UI_get_method(UI *ui); +const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); + +/* The method with all the built-in thingies */ +const UI_METHOD *UI_OpenSSL(void); + +const UI_METHOD *UI_null(void); + +/* + * ---------- For method writers ---------- + * A method contains a number of functions that implement the low level + * of the User Interface. The functions are: + * + * an opener This function starts a session, maybe by opening + * a channel to a tty, or by opening a window. + * a writer This function is called to write a given string, + * maybe to the tty, maybe as a field label in a + * window. + * a flusher This function is called to flush everything that + * has been output so far. It can be used to actually + * display a dialog box after it has been built. + * a reader This function is called to read a given prompt, + * maybe from the tty, maybe from a field in a + * window. Note that it's called with all string + * structures, not only the prompt ones, so it must + * check such things itself. + * a closer This function closes the session, maybe by closing + * the channel to the tty, or closing the window. + * + * All these functions are expected to return: + * + * 0 on error. + * 1 on success. + * -1 on out-of-band events, for example if some prompting has + * been canceled (by pressing Ctrl-C, for example). This is + * only checked when returned by the flusher or the reader. + * + * The way this is used, the opener is first called, then the writer for all + * strings, then the flusher, then the reader for all strings and finally the + * closer. Note that if you want to prompt from a terminal or other command + * line interface, the best is to have the reader also write the prompts + * instead of having the writer do it. If you want to prompt from a dialog + * box, the writer can be used to build up the contents of the box, and the + * flusher to actually display the box and run the event loop until all data + * has been given, after which the reader only grabs the given data and puts + * them back into the UI strings. + * + * All method functions take a UI as argument. Additionally, the writer and + * the reader take a UI_STRING. + */ + +/* + * The UI_STRING type is the data structure that contains all the needed info + * about a string or a prompt, including test data for a verification prompt. + */ +typedef struct ui_string_st UI_STRING; +DECLARE_STACK_OF(UI_STRING) + +/* + * The different types of strings that are currently supported. + * This is only needed by method authors. + */ +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; + +/* Create and manipulate methods */ +UI_METHOD *UI_create_method(const char *name); +void UI_destroy_method(UI_METHOD *ui_method); +int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)); +int UI_method_set_writer(UI_METHOD *method, + int (*writer)(UI *ui, UI_STRING *uis)); +int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); +int UI_method_set_reader(UI_METHOD *method, + int (*reader)(UI *ui, UI_STRING *uis)); +int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); +int UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor)(UI *ui, const char *object_desc, + const char *object_name)); +int (*UI_method_get_opener(const UI_METHOD *method))(UI *); +int (*UI_method_get_writer(const UI_METHOD *method))(UI *, UI_STRING *); +int (*UI_method_get_flusher(const UI_METHOD *method))(UI *); +int (*UI_method_get_reader(const UI_METHOD *method))(UI *, UI_STRING *); +int (*UI_method_get_closer(const UI_METHOD *method))(UI *); +char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))(UI *, + const char *, const char *); + +/* + * The following functions are helpers for method writers to access relevant + * data from a UI_STRING. + */ +/* Return type of the UI_STRING */ +enum UI_string_types UI_get_string_type(UI_STRING *uis); +/* Return input flags of the UI_STRING */ +int UI_get_input_flags(UI_STRING *uis); +/* Return the actual string to output (the prompt, info or error) */ +const char *UI_get0_output_string(UI_STRING *uis); +/* Return the optional action string to output (boolean prompt instruction) */ +const char *UI_get0_action_string(UI_STRING *uis); +/* Return the result of a prompt */ +const char *UI_get0_result_string(UI_STRING *uis); +/* Return the string to test the result against. Only useful with verifies. */ +const char *UI_get0_test_string(UI_STRING *uis); +/* Return the required minimum size of the result */ +int UI_get_result_minsize(UI_STRING *uis); +/* Return the required maximum size of the result */ +int UI_get_result_maxsize(UI_STRING *uis); +/* Set the result of a UI_STRING. */ +int UI_set_result(UI *ui, UI_STRING *uis, const char *result); + +void ERR_load_UI_strings(void); + +/* Error codes for the UI functions. */ + +/* Function codes. */ +#define UI_F_GENERAL_ALLOCATE_BOOLEAN 108 +#define UI_F_GENERAL_ALLOCATE_PROMPT 109 +#define UI_F_GENERAL_ALLOCATE_STRING 100 +#define UI_F_UI_CTRL 111 +#define UI_F_UI_DUP_ERROR_STRING 101 +#define UI_F_UI_DUP_INFO_STRING 102 +#define UI_F_UI_DUP_INPUT_BOOLEAN 110 +#define UI_F_UI_DUP_INPUT_STRING 103 +#define UI_F_UI_DUP_VERIFY_STRING 106 +#define UI_F_UI_GET0_RESULT 107 +#define UI_F_UI_NEW_METHOD 104 +#define UI_F_UI_SET_RESULT 105 + +/* Reason codes. */ +#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS 104 +#define UI_R_INDEX_TOO_LARGE 102 +#define UI_R_INDEX_TOO_SMALL 103 +#define UI_R_NO_RESULT_BUFFER 105 +#define UI_R_RESULT_TOO_LARGE 100 +#define UI_R_RESULT_TOO_SMALL 101 +#define UI_R_UNKNOWN_CONTROL_COMMAND 106 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/x509.h b/includes/curl/openssl/x509.h new file mode 100644 index 0000000..68a68e7 --- /dev/null +++ b/includes/curl/openssl/x509.h @@ -0,0 +1,1053 @@ +/* $OpenBSD: x509.h,v 1.121 2025/03/09 15:17:22 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#ifndef HEADER_X509_H +#define HEADER_X509_H + +#include + +#include +#ifndef OPENSSL_NO_BIO +#include +#endif +#ifndef OPENSSL_NO_BUFFER +#include +#endif +#ifndef OPENSSL_NO_DH +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_EC +#include +#endif +#ifndef OPENSSL_NO_EVP +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_SHA +#include +#endif +#include +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(_WIN32) && defined(__WINCRYPT_H__) +#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING) +#ifdef _MSC_VER +#pragma message("Warning, overriding WinCrypt defines") +#else +#warning overriding WinCrypt defines +#endif +#endif +#undef X509_NAME +#undef X509_EXTENSIONS +#endif + +#define X509_FILETYPE_PEM 1 +#define X509_FILETYPE_ASN1 2 +#define X509_FILETYPE_DEFAULT 3 + +#define X509v3_KU_DIGITAL_SIGNATURE 0x0080 +#define X509v3_KU_NON_REPUDIATION 0x0040 +#define X509v3_KU_KEY_ENCIPHERMENT 0x0020 +#define X509v3_KU_DATA_ENCIPHERMENT 0x0010 +#define X509v3_KU_KEY_AGREEMENT 0x0008 +#define X509v3_KU_KEY_CERT_SIGN 0x0004 +#define X509v3_KU_CRL_SIGN 0x0002 +#define X509v3_KU_ENCIPHER_ONLY 0x0001 +#define X509v3_KU_DECIPHER_ONLY 0x8000 +#define X509v3_KU_UNDEF 0xffff + +struct X509_algor_st { + ASN1_OBJECT *algorithm; + ASN1_TYPE *parameter; +} /* X509_ALGOR */; + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; + +typedef struct X509_val_st X509_VAL; + +typedef struct X509_sig_st X509_SIG; + +typedef struct X509_name_entry_st X509_NAME_ENTRY; + +DECLARE_STACK_OF(X509_NAME_ENTRY) + +DECLARE_STACK_OF(X509_NAME) + +typedef struct X509_extension_st X509_EXTENSION; + +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + +DECLARE_STACK_OF(X509_EXTENSION) + +typedef struct x509_attributes_st X509_ATTRIBUTE; + +DECLARE_STACK_OF(X509_ATTRIBUTE) + +typedef struct X509_req_info_st X509_REQ_INFO; + +typedef struct X509_req_st X509_REQ; + +typedef struct x509_cinf_st X509_CINF; + +DECLARE_STACK_OF(X509) + +#define X509_TRUST_COMPAT 1 +#define X509_TRUST_SSL_CLIENT 2 +#define X509_TRUST_SSL_SERVER 3 +#define X509_TRUST_EMAIL 4 +#define X509_TRUST_OBJECT_SIGN 5 +#define X509_TRUST_OCSP_SIGN 6 +#define X509_TRUST_OCSP_REQUEST 7 +#define X509_TRUST_TSA 8 + +/* Keep these up to date! */ +#define X509_TRUST_MIN 1 +#define X509_TRUST_MAX 8 + +/* Flags for X509_print_ex() */ + +#define X509_FLAG_COMPAT 0 +#define X509_FLAG_NO_HEADER 1L +#define X509_FLAG_NO_VERSION (1L << 1) +#define X509_FLAG_NO_SERIAL (1L << 2) +#define X509_FLAG_NO_SIGNAME (1L << 3) +#define X509_FLAG_NO_ISSUER (1L << 4) +#define X509_FLAG_NO_VALIDITY (1L << 5) +#define X509_FLAG_NO_SUBJECT (1L << 6) +#define X509_FLAG_NO_PUBKEY (1L << 7) +#define X509_FLAG_NO_EXTENSIONS (1L << 8) +#define X509_FLAG_NO_SIGDUMP (1L << 9) +#define X509_FLAG_NO_AUX (1L << 10) +#define X509_FLAG_NO_ATTRIBUTES (1L << 11) + +/* Flags specific to X509_NAME_print_ex() */ + +/* The field separator information */ + +#define XN_FLAG_SEP_MASK (0xf << 16) + +#define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ +#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ +#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ +#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ +#define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ + +#define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ + +/* How the field name is shown */ + +#define XN_FLAG_FN_MASK (0x3 << 21) + +#define XN_FLAG_FN_SN 0 /* Object short name */ +#define XN_FLAG_FN_LN (1 << 21) /* Object long name */ +#define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ +#define XN_FLAG_FN_NONE (3 << 21) /* No field names */ + +#define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ + +/* This determines if we dump fields we don't recognise: + * RFC2253 requires this. + */ + +#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) + +#define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */ + +/* Complete set of RFC2253 flags */ + +#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ + XN_FLAG_SEP_COMMA_PLUS | \ + XN_FLAG_DN_REV | \ + XN_FLAG_FN_SN | \ + XN_FLAG_DUMP_UNKNOWN_FIELDS) + +/* readable oneline form */ + +#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + XN_FLAG_SEP_CPLUS_SPC | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_SN) + +/* readable multiline form */ + +#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB | \ + XN_FLAG_SEP_MULTILINE | \ + XN_FLAG_SPC_EQ | \ + XN_FLAG_FN_LN | \ + XN_FLAG_FN_ALIGN) + +DECLARE_STACK_OF(X509_REVOKED) + +typedef struct X509_crl_info_st X509_CRL_INFO; + +DECLARE_STACK_OF(X509_CRL) + +typedef struct private_key_st { + int version; + /* The PKCS#8 data types */ + X509_ALGOR *enc_algor; + ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */ + + /* When decrypted, the following will not be NULL */ + EVP_PKEY *dec_pkey; + + /* used to encrypt and decrypt */ + int key_length; + char *key_data; + int key_free; /* true if we should auto free key_data */ + + /* expanded version of 'enc_algor' */ + EVP_CIPHER_INFO cipher; + + int references; +} X509_PKEY; + +#ifndef OPENSSL_NO_EVP +typedef struct X509_info_st { + X509 *x509; + X509_CRL *crl; + X509_PKEY *x_pkey; + + EVP_CIPHER_INFO enc_cipher; + int enc_len; + char *enc_data; + + int references; +} X509_INFO; + +DECLARE_STACK_OF(X509_INFO) +#endif + +/* The next 2 structures and their 8 routines were sent to me by + * Pat Richard and are used to manipulate + * Netscapes spki structures - useful if you are writing a CA web page + */ +typedef struct Netscape_spkac_st { + X509_PUBKEY *pubkey; + ASN1_IA5STRING *challenge; /* challenge sent in atlas >= PR2 */ +} NETSCAPE_SPKAC; + +typedef struct Netscape_spki_st { + NETSCAPE_SPKAC *spkac; /* signed public key and challenge */ + X509_ALGOR *sig_algor; + ASN1_BIT_STRING *signature; +} NETSCAPE_SPKI; + +typedef struct PBEPARAM_st { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; +} PBEPARAM; + +#ifdef __cplusplus +} +#endif + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define X509_extract_key(x) X509_get_pubkey(x) /*****/ +#define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) +#define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) + +int X509_CRL_up_ref(X509_CRL *x); +int X509_CRL_get_signature_nid(const X509_CRL *crl); + +int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp); + +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); +ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); + +const X509_ALGOR *X509_CRL_get0_tbs_sigalg(const X509_CRL *crl); + +int X509_REQ_get_signature_nid(const X509_REQ *req); + +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); + +X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x); + +const char *X509_verify_cert_error_string(long n); + +#ifndef OPENSSL_NO_EVP +int X509_verify(X509 *a, EVP_PKEY *r); + +int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); +int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); +int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); + +NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); +char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); +EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); +int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); + +int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); + +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); + +int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); +int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); +int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); +int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); + +int X509_pubkey_digest(const X509 *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_digest(const X509 *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, + unsigned char *md, unsigned int *len); +#endif + +X509 *d2i_X509_fp(FILE *fp, X509 **x509); +int i2d_X509_fp(FILE *fp,X509 *x509); +X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); +int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); +int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); +#ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); +int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); +RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); +int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); +int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); +#endif +#ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); +int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); +DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); +int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); +#endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +#endif +X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); +int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); +int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); +int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); + +#ifndef OPENSSL_NO_BIO +X509 *d2i_X509_bio(BIO *bp,X509 **x509); +int i2d_X509_bio(BIO *bp,X509 *x509); +X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); +int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); +X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); +int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); +#ifndef OPENSSL_NO_RSA +RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); +int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); +RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); +int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); +RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); +int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); +#endif +#ifndef OPENSSL_NO_DSA +DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); +int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); +DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); +int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); +#endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +#endif +X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); +int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, + PKCS8_PRIV_KEY_INFO **p8inf); +int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); +int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); +int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); +int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); +EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); +#endif + +X509 *X509_dup(X509 *x509); +X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); +X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); +X509_CRL *X509_CRL_dup(X509_CRL *crl); +X509_REQ *X509_REQ_dup(X509_REQ *req); +X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, + const X509_ALGOR *algor); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + +X509_NAME *X509_NAME_dup(X509_NAME *xn); +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen); +X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); + +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); +ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME * X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); +ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); + +const char * X509_get_default_cert_area(void ); +const char * X509_get_default_cert_dir(void ); +const char * X509_get_default_cert_file(void ); +const char * X509_get_default_cert_dir_env(void ); +const char * X509_get_default_cert_file_env(void ); +const char * X509_get_default_private_dir(void ); + +X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); + +X509_ALGOR *X509_ALGOR_new(void); +void X509_ALGOR_free(X509_ALGOR *a); +X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, const unsigned char **in, long len); +int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **out); +extern const ASN1_ITEM X509_ALGOR_it; +X509_ALGORS *d2i_X509_ALGORS(X509_ALGORS **a, const unsigned char **in, long len); +int i2d_X509_ALGORS(X509_ALGORS *a, unsigned char **out); +extern const ASN1_ITEM X509_ALGORS_it; +X509_VAL *X509_VAL_new(void); +void X509_VAL_free(X509_VAL *a); +X509_VAL *d2i_X509_VAL(X509_VAL **a, const unsigned char **in, long len); +int i2d_X509_VAL(X509_VAL *a, unsigned char **out); +extern const ASN1_ITEM X509_VAL_it; + +X509_PUBKEY *X509_PUBKEY_new(void); +void X509_PUBKEY_free(X509_PUBKEY *a); +X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len); +int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **out); +extern const ASN1_ITEM X509_PUBKEY_it; + +int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); +EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); +EVP_PKEY * X509_PUBKEY_get0(X509_PUBKEY *key); +int X509_get_pubkey_parameters(EVP_PKEY *pkey, + STACK_OF(X509) *chain); +int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); +EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, + long length); +#ifndef OPENSSL_NO_RSA +int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); +RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, + long length); +#endif +#ifndef OPENSSL_NO_DSA +int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); +DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, + long length); +#endif +#ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, + long length); +#endif + +X509_SIG *X509_SIG_new(void); +void X509_SIG_free(X509_SIG *a); +X509_SIG *d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len); +int i2d_X509_SIG(X509_SIG *a, unsigned char **out); +extern const ASN1_ITEM X509_SIG_it; +void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg, + const ASN1_OCTET_STRING **pdigest); +void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, + ASN1_OCTET_STRING **pdigest); + +X509_REQ_INFO *X509_REQ_INFO_new(void); +void X509_REQ_INFO_free(X509_REQ_INFO *a); +X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len); +int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **out); +extern const ASN1_ITEM X509_REQ_INFO_it; +X509_REQ *X509_REQ_new(void); +void X509_REQ_free(X509_REQ *a); +X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **in, long len); +int i2d_X509_REQ(X509_REQ *a, unsigned char **out); +extern const ASN1_ITEM X509_REQ_it; + +X509_ATTRIBUTE *X509_ATTRIBUTE_new(void); +void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); +X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len); +int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **out); +extern const ASN1_ITEM X509_ATTRIBUTE_it; +X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + +X509_EXTENSION *X509_EXTENSION_new(void); +void X509_EXTENSION_free(X509_EXTENSION *a); +X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, const unsigned char **in, long len); +int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **out); +extern const ASN1_ITEM X509_EXTENSION_it; +X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **a, const unsigned char **in, long len); +int i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out); +extern const ASN1_ITEM X509_EXTENSIONS_it; + +X509_NAME_ENTRY *X509_NAME_ENTRY_new(void); +void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a); +X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, const unsigned char **in, long len); +int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **out); +extern const ASN1_ITEM X509_NAME_ENTRY_it; + +X509_NAME *X509_NAME_new(void); +void X509_NAME_free(X509_NAME *a); +X509_NAME *d2i_X509_NAME(X509_NAME **a, const unsigned char **in, long len); +int i2d_X509_NAME(X509_NAME *a, unsigned char **out); +extern const ASN1_ITEM X509_NAME_it; + +int X509_NAME_set(X509_NAME **xn, X509_NAME *name); + +X509_CINF *X509_CINF_new(void); +void X509_CINF_free(X509_CINF *a); +X509_CINF *d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len); +int i2d_X509_CINF(X509_CINF *a, unsigned char **out); +extern const ASN1_ITEM X509_CINF_it; + +X509 *X509_new(void); +void X509_free(X509 *a); +X509 *d2i_X509(X509 **a, const unsigned char **in, long len); +int i2d_X509(X509 *a, unsigned char **out); +extern const ASN1_ITEM X509_it; + +int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int X509_set_ex_data(X509 *r, int idx, void *arg); +void *X509_get_ex_data(X509 *r, int idx); +int i2d_X509_AUX(X509 *a,unsigned char **pp); +X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); + +int i2d_re_X509_tbs(X509 *x, unsigned char **pp); + +/* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */ +#define X509_SIG_INFO_VALID 1 +#define X509_SIG_INFO_TLS 2 +int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, + uint32_t *flags); + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); +void X509_trust_clear(X509 *x); +void X509_reject_clear(X509 *x); + +X509_REVOKED *X509_REVOKED_new(void); +void X509_REVOKED_free(X509_REVOKED *a); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *a); +X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len); +int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out); +extern const ASN1_ITEM X509_REVOKED_it; + +X509_CRL_INFO *X509_CRL_INFO_new(void); +void X509_CRL_INFO_free(X509_CRL_INFO *a); +X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len); +int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out); +extern const ASN1_ITEM X509_CRL_INFO_it; + +X509_CRL *X509_CRL_new(void); +void X509_CRL_free(X509_CRL *a); +X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len); +int i2d_X509_CRL(X509_CRL *a, unsigned char **out); +extern const ASN1_ITEM X509_CRL_it; + +int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); + +X509_PKEY * X509_PKEY_new(void ); +void X509_PKEY_free(X509_PKEY *a); + +NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); +void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); +NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len); +int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **out); +extern const ASN1_ITEM NETSCAPE_SPKI_it; +NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void); +void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a); +NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len); +int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **out); +extern const ASN1_ITEM NETSCAPE_SPKAC_it; + +#ifndef OPENSSL_NO_EVP +X509_INFO * X509_INFO_new(void); +void X509_INFO_free(X509_INFO *a); +char * X509_NAME_oneline(const X509_NAME *a, char *buf, int size); + +int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, + unsigned char *md,unsigned int *len); + +int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, + ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey); + +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, + void *data, EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, + X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx); +#endif + +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **issuerUID, + const ASN1_BIT_STRING **subjectUID); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +int X509_set_version(X509 *x, long version); +long X509_get_version(const X509 *x); +int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); +ASN1_INTEGER * X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set_issuer_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_issuer_name(const X509 *a); +int X509_set_subject_name(X509 *x, X509_NAME *name); +X509_NAME * X509_get_subject_name(const X509 *a); +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); +int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); +EVP_PKEY * X509_get_pubkey(X509 *x); +EVP_PKEY * X509_get0_pubkey(const X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); +int X509_get_signature_type(const X509 *x); + +#define X509_get_notBefore X509_getm_notBefore +#define X509_get_notAfter X509_getm_notAfter + +int X509_REQ_set_version(X509_REQ *x,long version); +long X509_REQ_get_version(const X509_REQ *x); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *x); +int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); +EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); +int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp); +EVP_PKEY * X509_REQ_get0_pubkey(X509_REQ *req); +int X509_REQ_extension_nid(int nid); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid); +int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); +int X509_REQ_get_attr_count(const X509_REQ *req); +int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, + int lastpos); +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); +X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); +int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); +int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); +int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +int X509_CRL_set_version(X509_CRL *x, long version); +int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); +int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_sort(X509_CRL *crl); + +const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *x); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); + +int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); + +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); + +int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_and_serial_hash(X509 *a); + +int X509_issuer_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_issuer_name_hash(X509 *a); + +int X509_subject_name_cmp(const X509 *a, const X509 *b); +unsigned long X509_subject_name_hash(X509 *x); + +#ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +#endif + +int X509_cmp(const X509 *a, const X509 *b); +int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); +unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); + +int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); +int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); +int X509_print_fp(FILE *bp,X509 *x); +int X509_CRL_print_fp(FILE *bp,X509_CRL *x); +int X509_REQ_print_fp(FILE *bp,X509_REQ *req); +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); + +#ifndef OPENSSL_NO_BIO +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); +int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); +int X509_print(BIO *bp,X509 *x); +int X509_ocspid_print(BIO *bp,X509 *x); +int X509_CRL_print(BIO *bp,X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); +int X509_REQ_print(BIO *bp,X509_REQ *req); +#endif + +int X509_NAME_entry_count(const X509_NAME *name); +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, + char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, + const ASN1_OBJECT *obj, char *buf,int len); + +/* NOTE: you should be passing -1, not 0 as lastpos. The functions that use + * lastpos, search after that position on. */ +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, + int lastpos); +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, + const ASN1_OBJECT *obj, int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, + int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int type, const unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, const unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, + int type, const unsigned char *bytes, int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, + const ASN1_OBJECT *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len); +ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); + +int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); +int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, + int nid, int lastpos); +int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, + const ASN1_OBJECT *obj, int lastpos); +int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, + int crit, int lastpos); +X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); +X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); +STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, + X509_EXTENSION *ex, int loc); + +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); +X509_EXTENSION *X509_delete_ext(X509 *x, int loc); +int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); +void * X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); +int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, + unsigned long flags); + +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, + int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, + const ASN1_OBJECT *obj, int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, + int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); +X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); +int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); +void * X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, + int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, + int crit, unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, + int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, + const ASN1_OBJECT *obj, int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, + int crit, int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); +X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, + int loc); +void * X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, + int *crit, int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, + int crit, unsigned long flags); + +X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, + int nid, int crit, ASN1_OCTET_STRING *data); +X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, + const ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, + const ASN1_OBJECT *obj); +int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); +int X509_EXTENSION_set_data(X509_EXTENSION *ex, + ASN1_OCTET_STRING *data); +ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); +ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); + +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, int atrtype, const void *data, int len); +X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, const unsigned char *bytes, int len); +int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); +int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); +void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, + int atrtype, void *data); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); +ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); +ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +int X509_verify_cert(X509_STORE_CTX *ctx); + +/* lookup a cert from a X509 STACK */ +X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, + ASN1_INTEGER *serial); +X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); + +extern const ASN1_ITEM PBEPARAM_it; + +/* PKCS#8 utilities */ + +PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void); +void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, const unsigned char **in, long len); +int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **out); +extern const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it; + +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, + int ptype, void *pval, unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, const unsigned char **pk, + int *ppklen, const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, + void *pval, unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, + int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub); + +int X509_up_ref(X509 *x); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); + +void ERR_load_X509_strings(void); + +/* Error codes for the X509 functions. */ + +/* Function codes. */ +#define X509_F_ADD_CERT_DIR 100 +#define X509_F_BY_FILE_CTRL 101 +#define X509_F_CHECK_POLICY 145 +#define X509_F_DIR_CTRL 102 +#define X509_F_GET_CERT_BY_SUBJECT 103 +#define X509_F_NETSCAPE_SPKI_B64_DECODE 129 +#define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +#define X509_F_X509AT_ADD1_ATTR 135 +#define X509_F_X509V3_ADD_EXT 104 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 +#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 +#define X509_F_X509_ATTRIBUTE_GET0_DATA 139 +#define X509_F_X509_ATTRIBUTE_SET1_DATA 138 +#define X509_F_X509_CHECK_PRIVATE_KEY 128 +#define X509_F_X509_CRL_PRINT_FP 147 +#define X509_F_X509_EXTENSION_CREATE_BY_NID 108 +#define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 +#define X509_F_X509_GET_PUBKEY_PARAMETERS 110 +#define X509_F_X509_LOAD_CERT_CRL_FILE 132 +#define X509_F_X509_LOAD_CERT_FILE 111 +#define X509_F_X509_LOAD_CRL_FILE 112 +#define X509_F_X509_NAME_ADD_ENTRY 113 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 +#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 +#define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 +#define X509_F_X509_NAME_ONELINE 116 +#define X509_F_X509_NAME_PRINT 117 +#define X509_F_X509_PRINT_EX_FP 118 +#define X509_F_X509_PUBKEY_GET 119 +#define X509_F_X509_PUBKEY_SET 120 +#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +#define X509_F_X509_REQ_PRINT_EX 121 +#define X509_F_X509_REQ_PRINT_FP 122 +#define X509_F_X509_REQ_TO_X509 123 +#define X509_F_X509_STORE_ADD_CERT 124 +#define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_STORE_CTX_GET1_ISSUER 146 +#define X509_F_X509_STORE_CTX_INIT 143 +#define X509_F_X509_STORE_CTX_NEW 142 +#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 +#define X509_F_X509_TO_X509_REQ 126 +#define X509_F_X509_TRUST_ADD 133 +#define X509_F_X509_TRUST_SET 141 +#define X509_F_X509_VERIFY_CERT 127 + +/* Reason codes. */ +#define X509_R_BAD_X509_FILETYPE 100 +#define X509_R_BASE64_DECODE_ERROR 118 +#define X509_R_CANT_CHECK_DH_KEY 114 +#define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 +#define X509_R_ERR_ASN1_LIB 102 +#define X509_R_INVALID_DIRECTORY 113 +#define X509_R_INVALID_FIELD_NAME 119 +#define X509_R_INVALID_TRUST 123 +#define X509_R_INVALID_VERSION 137 +#define X509_R_KEY_TYPE_MISMATCH 115 +#define X509_R_KEY_VALUES_MISMATCH 116 +#define X509_R_LOADING_CERT_DIR 103 +#define X509_R_LOADING_DEFAULTS 104 +#define X509_R_METHOD_NOT_SUPPORTED 124 +#define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 136 +#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +#define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +#define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 +#define X509_R_SHOULD_RETRY 106 +#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 +#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 +#define X509_R_UNKNOWN_KEY_TYPE 117 +#define X509_R_UNKNOWN_NID 109 +#define X509_R_UNKNOWN_PURPOSE_ID 121 +#define X509_R_UNKNOWN_TRUST_ID 120 +#define X509_R_UNSUPPORTED_ALGORITHM 111 +#define X509_R_WRONG_LOOKUP_TYPE 112 +#define X509_R_WRONG_TYPE 122 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/x509_vfy.h b/includes/curl/openssl/x509_vfy.h new file mode 100644 index 0000000..7058bbc --- /dev/null +++ b/includes/curl/openssl/x509_vfy.h @@ -0,0 +1,463 @@ +/* $OpenBSD: x509_vfy.h,v 1.70 2025/03/09 15:20:20 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_X509_H +#include +/* openssl/x509.h ends up #include-ing this file at about the only + * appropriate moment. */ +#endif + +#ifndef HEADER_X509_VFY_H +#define HEADER_X509_VFY_H + +#include + +#ifndef OPENSSL_NO_LHASH +#include +#endif +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * SSL_CTX -> X509_STORE + * -> X509_LOOKUP + * ->X509_LOOKUP_METHOD + * -> X509_LOOKUP + * ->X509_LOOKUP_METHOD + * + * SSL -> X509_STORE_CTX + * ->X509_STORE + * + * The X509_STORE holds the tables etc for verification stuff. + * A X509_STORE_CTX is used while validating a single certificate. + * The X509_STORE has X509_LOOKUPs for looking up certs. + * The X509_STORE then calls a function to actually verify the + * certificate chain. + */ + +typedef enum { + X509_LU_NONE, + X509_LU_X509, + X509_LU_CRL, +} X509_LOOKUP_TYPE; + + +DECLARE_STACK_OF(X509_LOOKUP) +DECLARE_STACK_OF(X509_OBJECT) +DECLARE_STACK_OF(X509_VERIFY_PARAM) + +/* XXX - unused in OpenSSL. Can we remove this? */ +typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; + + +int X509_STORE_set_depth(X509_STORE *store, int depth); + +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); + +#define X509_STORE_CTX_set_app_data(ctx,data) \ + X509_STORE_CTX_set_ex_data(ctx,0,data) +#define X509_STORE_CTX_get_app_data(ctx) \ + X509_STORE_CTX_get_ex_data(ctx,0) + +#define X509_L_FILE_LOAD 1 +#define X509_L_ADD_DIR 2 +#define X509_L_MEM 3 + +#define X509_LOOKUP_load_file(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) + +#define X509_LOOKUP_add_dir(x,name,type) \ + X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) + +#define X509_LOOKUP_add_mem(x,iov,type) \ + X509_LOOKUP_ctrl((x),X509_L_MEM,(const char *)(iov),\ + (long)(type),NULL) + +#define X509_V_OK 0 +#define X509_V_ERR_UNSPECIFIED 1 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 +#define X509_V_ERR_UNABLE_TO_GET_CRL 3 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 +#define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5 +#define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 +#define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 +#define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_HAS_EXPIRED 10 +#define X509_V_ERR_CRL_NOT_YET_VALID 11 +#define X509_V_ERR_CRL_HAS_EXPIRED 12 +#define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13 +#define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14 +#define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15 +#define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16 +#define X509_V_ERR_OUT_OF_MEM 17 +#define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18 +#define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19 +#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20 +#define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 +#define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 +#define X509_V_ERR_CERT_REVOKED 23 +#define X509_V_ERR_INVALID_CA 24 +#define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 +#define X509_V_ERR_INVALID_PURPOSE 26 +#define X509_V_ERR_CERT_UNTRUSTED 27 +#define X509_V_ERR_CERT_REJECTED 28 +/* These are 'informational' when looking for issuer cert */ +#define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 +#define X509_V_ERR_AKID_SKID_MISMATCH 30 +#define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 +#define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 + +#define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 +#define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 + +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 + +#define X509_V_ERR_UNNESTED_RESOURCE 46 + +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 + +/* The application is not happy */ +#define X509_V_ERR_APPLICATION_VERIFICATION 50 + +/* Host, email and IP check errors */ +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 + +/* Caller error */ +#define X509_V_ERR_INVALID_CALL 65 +/* Issuer lookup error */ +#define X509_V_ERR_STORE_LOOKUP 66 + +/* Security level errors */ +#define X509_V_ERR_EE_KEY_TOO_SMALL 67 +#define X509_V_ERR_CA_KEY_TOO_SMALL 68 +#define X509_V_ERR_CA_MD_TOO_WEAK 69 + +/* Certificate verify flags */ + +/* Deprecated in 1.1.0, has no effect. Various FFI bindings still expose it. */ +#define X509_V_FLAG_CB_ISSUER_CHECK 0x0 +/* Use check time instead of current time */ +#define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +#define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +#define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +#define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +#define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Does nothing as its functionality has been enabled by default */ +#define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +#define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +#define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +#define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +#define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +#define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check selfsigned CA signature */ +#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +#define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Allow partial chains if at least one certificate is in trusted store */ +#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 + +/* If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. */ +#define X509_V_FLAG_NO_ALT_CHAINS 0x100000 + +/* Do not check certificate or CRL validity against current time. */ +#define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +/* Force the use of the legacy certificate verification */ +#define X509_V_FLAG_LEGACY_VERIFY 0x400000 + +#define X509_VP_FLAG_DEFAULT 0x1 +#define X509_VP_FLAG_OVERWRITE 0x2 +#define X509_VP_FLAG_RESET_FLAGS 0x4 +#define X509_VP_FLAG_LOCKED 0x8 +#define X509_VP_FLAG_ONCE 0x10 + +/* + * Obsolete internal use: mask of policy related options. + * This should really go away. + */ +#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) + +X509_OBJECT *X509_OBJECT_new(void); +void X509_OBJECT_free(X509_OBJECT *a); +int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type, + X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, + X509_LOOKUP_TYPE type, X509_NAME *name); +X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); +X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo); + +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_up_ref(X509_STORE *x); +#define X509_STORE_get1_certs X509_STORE_CTX_get1_certs +#define X509_STORE_get1_crls X509_STORE_CTX_get1_crls +STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs); +STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs); +void *X509_STORE_get_ex_data(X509_STORE *xs, int idx); +int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \ + (newf), (dupf), (freef)) + +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); +int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); +int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); + +X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *); + +void X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); +#define X509_STORE_set_verify_cb_func(ctx, func) \ + X509_STORE_set_verify_cb((ctx), (func)) + +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *subject, X509 *issuer); + +X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *store); +void X509_STORE_set_check_issued(X509_STORE *store, + X509_STORE_CTX_check_issued_fn check_issued); +X509_STORE_CTX_check_issued_fn + X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); + +X509_STORE_CTX *X509_STORE_CTX_new(void); + +int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); + +void X509_STORE_CTX_free(X509_STORE_CTX *ctx); +int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, + X509 *x509, STACK_OF(X509) *chain); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs); +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *xs); +STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); + +X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, const X509_LOOKUP_METHOD *m); + +const X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); +const X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +const X509_LOOKUP_METHOD *X509_LOOKUP_mem(void); + +int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); +int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); + +int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret); +#define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject +X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs, + X509_LOOKUP_TYPE type, X509_NAME *name); + +int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, + long argl, char **ret); + +int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); +int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); + +void X509_LOOKUP_free(X509_LOOKUP *ctx); + +int X509_STORE_load_locations(X509_STORE *ctx, + const char *file, const char *dir); +int X509_STORE_load_mem(X509_STORE *ctx, void *buf, int len); +int X509_STORE_set_default_paths(X509_STORE *ctx); + +int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); +void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); +X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); +void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); +int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); +int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); +void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +int (*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *); +void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, + int (*verify)(X509_STORE_CTX *)); +int (*X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx))(int, X509_STORE_CTX *); +void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); + +typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); + +void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); +X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx); +#define X509_STORE_set_verify_func(ctx, func) \ + X509_STORE_set_verify((ctx), (func)) + +int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level); +time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, + size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, + size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, + size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, + size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +int X509_VERIFY_PARAM_get_count(void); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/openssl/x509v3.h b/includes/curl/openssl/x509v3.h new file mode 100644 index 0000000..fa31279 --- /dev/null +++ b/includes/curl/openssl/x509v3.h @@ -0,0 +1,1041 @@ +/* $OpenBSD: x509v3.h,v 1.40 2024/12/23 09:57:23 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_X509V3_H +#define HEADER_X509V3_H + +#include + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward reference */ +struct v3_ext_method; +struct v3_ext_ctx; + +/* Useful typedefs */ + +typedef void * (*X509V3_EXT_NEW)(void); +typedef void (*X509V3_EXT_FREE)(void *); +typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); +typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext); +typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); + +/* V3 extension structure */ + +struct v3_ext_method { + int ext_nid; + int ext_flags; + /* If this is set the following four fields are ignored */ + ASN1_ITEM_EXP *it; + /* Old style ASN1 calls */ + X509V3_EXT_NEW ext_new; + X509V3_EXT_FREE ext_free; + X509V3_EXT_D2I d2i; + X509V3_EXT_I2D i2d; + + /* The following pair is used for string extensions */ + X509V3_EXT_I2S i2s; + X509V3_EXT_S2I s2i; + + /* The following pair is used for multi-valued extensions */ + X509V3_EXT_I2V i2v; + X509V3_EXT_V2I v2i; + + /* The following are used for raw extensions */ + X509V3_EXT_I2R i2r; + X509V3_EXT_R2I r2i; + + const void *usr_data; /* Any extension specific data */ +}; + +struct v3_ext_ctx { + #define CTX_TEST 0x1 + int flags; + X509 *issuer_cert; + X509 *subject_cert; + X509_REQ *subject_req; + X509_CRL *crl; + void *db; +}; + +typedef struct v3_ext_method X509V3_EXT_METHOD; + +DECLARE_STACK_OF(X509V3_EXT_METHOD) + +/* XXX - can this be made internal? */ +#define X509V3_EXT_MULTILINE 0x4 + +/* XXX - remove it anyway? */ +/* Guess who uses this... Yes, of course, it's xca. */ +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + +typedef struct BASIC_CONSTRAINTS_st { + int ca; + ASN1_INTEGER *pathlen; +} BASIC_CONSTRAINTS; + + +typedef struct PKEY_USAGE_PERIOD_st { + ASN1_GENERALIZEDTIME *notBefore; + ASN1_GENERALIZEDTIME *notAfter; +} PKEY_USAGE_PERIOD; + +typedef struct otherName_st { + ASN1_OBJECT *type_id; + ASN1_TYPE *value; +} OTHERNAME; + +typedef struct EDIPartyName_st { + ASN1_STRING *nameAssigner; + ASN1_STRING *partyName; +} EDIPARTYNAME; + +typedef struct GENERAL_NAME_st { + + #define GEN_OTHERNAME 0 + #define GEN_EMAIL 1 + #define GEN_DNS 2 + #define GEN_X400 3 + #define GEN_DIRNAME 4 + #define GEN_EDIPARTY 5 + #define GEN_URI 6 + #define GEN_IPADD 7 + #define GEN_RID 8 + + int type; + union { + char *ptr; + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; + ASN1_STRING *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; + ASN1_OCTET_STRING *iPAddress; + ASN1_OBJECT *registeredID; + + /* Old names */ + ASN1_OCTET_STRING *ip; /* iPAddress */ + X509_NAME *dirn; /* dirn */ + ASN1_IA5STRING *ia5; /* rfc822Name, dNSName, uniformResourceIdentifier */ + ASN1_OBJECT *rid; /* registeredID */ + } d; +} GENERAL_NAME; + +typedef struct ACCESS_DESCRIPTION_st { + ASN1_OBJECT *method; + GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; + +DECLARE_STACK_OF(GENERAL_NAME) + +typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; +DECLARE_STACK_OF(GENERAL_NAMES) + +DECLARE_STACK_OF(ACCESS_DESCRIPTION) + +typedef struct DIST_POINT_NAME_st { + int type; + union { + GENERAL_NAMES *fullname; + STACK_OF(X509_NAME_ENTRY) *relativename; + } name; + /* If relativename then this contains the full distribution point name */ + X509_NAME *dpname; +} DIST_POINT_NAME; +/* All existing reasons */ +#define CRLDP_ALL_REASONS 0x807f + +#define CRL_REASON_NONE -1 +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { + DIST_POINT_NAME *distpoint; + ASN1_BIT_STRING *reasons; + GENERAL_NAMES *CRLissuer; + int dp_reasons; +}; + +typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; + +DECLARE_STACK_OF(DIST_POINT) + +struct AUTHORITY_KEYID_st { + ASN1_OCTET_STRING *keyid; + GENERAL_NAMES *issuer; + ASN1_INTEGER *serial; +}; + +typedef struct NOTICEREF_st { + ASN1_STRING *organization; + STACK_OF(ASN1_INTEGER) *noticenos; +} NOTICEREF; + +typedef struct USERNOTICE_st { + NOTICEREF *noticeref; + ASN1_STRING *exptext; +} USERNOTICE; + +typedef struct POLICYQUALINFO_st { + ASN1_OBJECT *pqualid; + union { + ASN1_IA5STRING *cpsuri; + USERNOTICE *usernotice; + ASN1_TYPE *other; + } d; +} POLICYQUALINFO; + +DECLARE_STACK_OF(POLICYQUALINFO) + +typedef struct POLICYINFO_st { + ASN1_OBJECT *policyid; + STACK_OF(POLICYQUALINFO) *qualifiers; +} POLICYINFO; + +typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; + +DECLARE_STACK_OF(POLICYINFO) + +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DECLARE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DECLARE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +struct ISSUING_DIST_POINT_st { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; +}; + +/* Values in idp_flags field */ +/* IDP present */ +#define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +#define IDP_INVALID 0x2 +/* onlyuser true */ +#define IDP_ONLYUSER 0x4 +/* onlyCA true */ +#define IDP_ONLYCA 0x8 +/* onlyattr true */ +#define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +#define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +#define IDP_REASONS 0x40 + +#define X509V3_conf_err(val) ERR_asprintf_error_data( \ + "section:%s,name:%s,value:%s", val->section, \ + val->name, val->value); + +#define X509V3_set_ctx_test(ctx) \ + X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) +#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; + +/* X509_PURPOSE stuff */ + +#define EXFLAG_BCONS 0x0001 +#define EXFLAG_KUSAGE 0x0002 +#define EXFLAG_XKUSAGE 0x0004 +#define EXFLAG_NSCERT 0x0008 + +#define EXFLAG_CA 0x0010 +#define EXFLAG_SI 0x0020 /* Self issued. */ +#define EXFLAG_V1 0x0040 +#define EXFLAG_INVALID 0x0080 +#define EXFLAG_SET 0x0100 +#define EXFLAG_CRITICAL 0x0200 +#if !defined(LIBRESSL_INTERNAL) +#define EXFLAG_PROXY 0x0400 +#endif +#define EXFLAG_INVALID_POLICY 0x0800 +#define EXFLAG_FRESHEST 0x1000 +#define EXFLAG_SS 0x2000 /* Self signed. */ + +#define KU_DIGITAL_SIGNATURE 0x0080 +#define KU_NON_REPUDIATION 0x0040 +#define KU_KEY_ENCIPHERMENT 0x0020 +#define KU_DATA_ENCIPHERMENT 0x0010 +#define KU_KEY_AGREEMENT 0x0008 +#define KU_KEY_CERT_SIGN 0x0004 +#define KU_CRL_SIGN 0x0002 +#define KU_ENCIPHER_ONLY 0x0001 +#define KU_DECIPHER_ONLY 0x8000 + +#define NS_SSL_CLIENT 0x80 +#define NS_SSL_SERVER 0x40 +#define NS_SMIME 0x20 +#define NS_OBJSIGN 0x10 +#define NS_SSL_CA 0x04 +#define NS_SMIME_CA 0x02 +#define NS_OBJSIGN_CA 0x01 +#define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) + +#define XKU_SSL_SERVER 0x1 +#define XKU_SSL_CLIENT 0x2 +#define XKU_SMIME 0x4 +#define XKU_CODE_SIGN 0x8 +#define XKU_SGC 0x10 +#define XKU_OCSP_SIGN 0x20 +#define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 +#define XKU_ANYEKU 0x100 + +#define X509_PURPOSE_DYNAMIC 0x1 +#define X509_PURPOSE_DYNAMIC_NAME 0x2 + +typedef struct x509_purpose_st X509_PURPOSE; + +#define X509_PURPOSE_SSL_CLIENT 1 +#define X509_PURPOSE_SSL_SERVER 2 +#define X509_PURPOSE_NS_SSL_SERVER 3 +#define X509_PURPOSE_SMIME_SIGN 4 +#define X509_PURPOSE_SMIME_ENCRYPT 5 +#define X509_PURPOSE_CRL_SIGN 6 +#define X509_PURPOSE_ANY 7 +#define X509_PURPOSE_OCSP_HELPER 8 +#define X509_PURPOSE_TIMESTAMP_SIGN 9 + +#define X509_PURPOSE_MIN 1 +#define X509_PURPOSE_MAX 9 + +/* Flags for X509V3_EXT_print() */ + +#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) +/* Return error for unknown extensions */ +#define X509V3_EXT_DEFAULT 0 +/* Print error for unknown extensions */ +#define X509V3_EXT_ERROR_UNKNOWN (1L << 16) +/* ASN1 parse unknown extensions */ +#define X509V3_EXT_PARSE_UNKNOWN (2L << 16) +/* BIO_dump unknown extensions */ +#define X509V3_EXT_DUMP_UNKNOWN (3L << 16) + +/* Flags for X509V3_add1_i2d */ + +#define X509V3_ADD_OP_MASK 0xfL +#define X509V3_ADD_DEFAULT 0L +#define X509V3_ADD_APPEND 1L +#define X509V3_ADD_REPLACE 2L +#define X509V3_ADD_REPLACE_EXISTING 3L +#define X509V3_ADD_KEEP_EXISTING 4L +#define X509V3_ADD_DELETE 5L +#define X509V3_ADD_SILENT 0x10 + +DECLARE_STACK_OF(X509_PURPOSE) + +BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void); +void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a); +BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len); +int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out); +extern const ASN1_ITEM BASIC_CONSTRAINTS_it; + +AUTHORITY_KEYID *AUTHORITY_KEYID_new(void); +void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a); +AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len); +int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **out); +extern const ASN1_ITEM AUTHORITY_KEYID_it; + +PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void); +void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a); +PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, const unsigned char **in, long len); +int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **out); +extern const ASN1_ITEM PKEY_USAGE_PERIOD_it; + +GENERAL_NAME *GENERAL_NAME_new(void); +void GENERAL_NAME_free(GENERAL_NAME *a); +GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, const unsigned char **in, long len); +int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out); +extern const ASN1_ITEM GENERAL_NAME_it; +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); + + + +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); +int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); + +GENERAL_NAMES *GENERAL_NAMES_new(void); +void GENERAL_NAMES_free(GENERAL_NAMES *a); +GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len); +int i2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out); +extern const ASN1_ITEM GENERAL_NAMES_it; + +STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, + GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +OTHERNAME *OTHERNAME_new(void); +void OTHERNAME_free(OTHERNAME *a); +OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len); +int i2d_OTHERNAME(OTHERNAME *a, unsigned char **out); +extern const ASN1_ITEM OTHERNAME_it; +EDIPARTYNAME *EDIPARTYNAME_new(void); +void EDIPARTYNAME_free(EDIPARTYNAME *a); +EDIPARTYNAME *d2i_EDIPARTYNAME(EDIPARTYNAME **a, const unsigned char **in, long len); +int i2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out); +extern const ASN1_ITEM EDIPARTYNAME_it; +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +EXTENDED_KEY_USAGE *EXTENDED_KEY_USAGE_new(void); +void EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a); +EXTENDED_KEY_USAGE *d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len); +int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out); +extern const ASN1_ITEM EXTENDED_KEY_USAGE_it; +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a); + +CERTIFICATEPOLICIES *CERTIFICATEPOLICIES_new(void); +void CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a); +CERTIFICATEPOLICIES *d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len); +int i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out); +extern const ASN1_ITEM CERTIFICATEPOLICIES_it; +POLICYINFO *POLICYINFO_new(void); +void POLICYINFO_free(POLICYINFO *a); +POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len); +int i2d_POLICYINFO(POLICYINFO *a, unsigned char **out); +extern const ASN1_ITEM POLICYINFO_it; +POLICYQUALINFO *POLICYQUALINFO_new(void); +void POLICYQUALINFO_free(POLICYQUALINFO *a); +POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len); +int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out); +extern const ASN1_ITEM POLICYQUALINFO_it; +USERNOTICE *USERNOTICE_new(void); +void USERNOTICE_free(USERNOTICE *a); +USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len); +int i2d_USERNOTICE(USERNOTICE *a, unsigned char **out); +extern const ASN1_ITEM USERNOTICE_it; +NOTICEREF *NOTICEREF_new(void); +void NOTICEREF_free(NOTICEREF *a); +NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len); +int i2d_NOTICEREF(NOTICEREF *a, unsigned char **out); +extern const ASN1_ITEM NOTICEREF_it; + +CRL_DIST_POINTS *CRL_DIST_POINTS_new(void); +void CRL_DIST_POINTS_free(CRL_DIST_POINTS *a); +CRL_DIST_POINTS *d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len); +int i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out); +extern const ASN1_ITEM CRL_DIST_POINTS_it; +DIST_POINT *DIST_POINT_new(void); +void DIST_POINT_free(DIST_POINT *a); +DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len); +int i2d_DIST_POINT(DIST_POINT *a, unsigned char **out); +extern const ASN1_ITEM DIST_POINT_it; +DIST_POINT_NAME *DIST_POINT_NAME_new(void); +void DIST_POINT_NAME_free(DIST_POINT_NAME *a); +DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len); +int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out); +extern const ASN1_ITEM DIST_POINT_NAME_it; +ISSUING_DIST_POINT *ISSUING_DIST_POINT_new(void); +void ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a); +ISSUING_DIST_POINT *d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len); +int i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out); +extern const ASN1_ITEM ISSUING_DIST_POINT_it; + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); + +ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void); +void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a); +ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len); +int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out); +extern const ASN1_ITEM ACCESS_DESCRIPTION_it; +AUTHORITY_INFO_ACCESS *AUTHORITY_INFO_ACCESS_new(void); +void AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a); +AUTHORITY_INFO_ACCESS *d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len); +int i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out); +extern const ASN1_ITEM AUTHORITY_INFO_ACCESS_it; + +extern const ASN1_ITEM POLICY_MAPPING_it; +POLICY_MAPPING *POLICY_MAPPING_new(void); +void POLICY_MAPPING_free(POLICY_MAPPING *a); +extern const ASN1_ITEM POLICY_MAPPINGS_it; + +extern const ASN1_ITEM GENERAL_SUBTREE_it; +GENERAL_SUBTREE *GENERAL_SUBTREE_new(void); +void GENERAL_SUBTREE_free(GENERAL_SUBTREE *a); + +extern const ASN1_ITEM NAME_CONSTRAINTS_it; +NAME_CONSTRAINTS *NAME_CONSTRAINTS_new(void); +void NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *a); + +POLICY_CONSTRAINTS *POLICY_CONSTRAINTS_new(void); +void POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *a); +extern const ASN1_ITEM POLICY_CONSTRAINTS_it; + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + int gen_type, const char *value, int is_nc); + +#ifdef HEADER_CONF_H +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); +void X509V3_conf_free(CONF_VALUE *val); + +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + int ext_nid, const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); + +void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); +#endif + +void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, + X509_REQ *req, X509_CRL *crl, int flags); + +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); + +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +int X509V3_add_standard_extensions(void); +STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); +void *X509V3_EXT_d2i(X509_EXTENSION *ext); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); + +X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); +int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); + +char *hex_to_string(const unsigned char *buffer, long len); +unsigned char *string_to_hex(const char *str, long *len); + +void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, + int ml); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); + +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); + +int X509_check_ca(X509 *x); +int X509_check_purpose(X509 *x, int id, int ca); +int X509_supported_extension(X509_EXTENSION *ex); +int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); + +int X509_PURPOSE_get_count(void); +const X509_PURPOSE *X509_PURPOSE_get0(int idx); +int X509_PURPOSE_get_by_sname(const char *sname); +const char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +const char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_id(const X509_PURPOSE *); +uint32_t X509_get_extension_flags(X509 *x); +uint32_t X509_get_key_usage(X509 *x); +uint32_t X509_get_extended_key_usage(X509 *x); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); + +/* Flags for X509_check_* functions */ +/* Always check subject name for host match even if subject alt names present */ +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +#define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 +/* Disable checking the CN for a hostname, to support modern validation */ +#define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int a2i_ipadd(unsigned char *ipout, const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype); + +#ifndef OPENSSL_NO_RFC3779 +typedef struct ASRange_st { + ASN1_INTEGER *min; + ASN1_INTEGER *max; +} ASRange; + +#define ASIdOrRange_id 0 +#define ASIdOrRange_range 1 + +typedef struct ASIdOrRange_st { + int type; + union { + ASN1_INTEGER *id; + ASRange *range; + } u; +} ASIdOrRange; + +typedef STACK_OF(ASIdOrRange) ASIdOrRanges; +DECLARE_STACK_OF(ASIdOrRange) + +#define ASIdentifierChoice_inherit 0 +#define ASIdentifierChoice_asIdsOrRanges 1 + +typedef struct ASIdentifierChoice_st { + int type; + union { + ASN1_NULL *inherit; + ASIdOrRanges *asIdsOrRanges; + } u; +} ASIdentifierChoice; + +typedef struct ASIdentifiers_st { + ASIdentifierChoice *asnum; + ASIdentifierChoice *rdi; +} ASIdentifiers; + +ASRange *ASRange_new(void); +void ASRange_free(ASRange *a); +ASRange *d2i_ASRange(ASRange **a, const unsigned char **in, long len); +int i2d_ASRange(ASRange *a, unsigned char **out); +extern const ASN1_ITEM ASRange_it; + +ASIdOrRange *ASIdOrRange_new(void); +void ASIdOrRange_free(ASIdOrRange *a); +ASIdOrRange *d2i_ASIdOrRange(ASIdOrRange **a, const unsigned char **in, + long len); +int i2d_ASIdOrRange(ASIdOrRange *a, unsigned char **out); +extern const ASN1_ITEM ASIdOrRange_it; + +ASIdentifierChoice *ASIdentifierChoice_new(void); +void ASIdentifierChoice_free(ASIdentifierChoice *a); +ASIdentifierChoice *d2i_ASIdentifierChoice(ASIdentifierChoice **a, + const unsigned char **in, long len); +int i2d_ASIdentifierChoice(ASIdentifierChoice *a, unsigned char **out); +extern const ASN1_ITEM ASIdentifierChoice_it; + +ASIdentifiers *ASIdentifiers_new(void); +void ASIdentifiers_free(ASIdentifiers *a); +ASIdentifiers *d2i_ASIdentifiers(ASIdentifiers **a, const unsigned char **in, + long len); +int i2d_ASIdentifiers(ASIdentifiers *a, unsigned char **out); +extern const ASN1_ITEM ASIdentifiers_it; + +typedef struct IPAddressRange_st { + ASN1_BIT_STRING *min; + ASN1_BIT_STRING *max; +} IPAddressRange; + +#define IPAddressOrRange_addressPrefix 0 +#define IPAddressOrRange_addressRange 1 + +typedef struct IPAddressOrRange_st { + int type; + union { + ASN1_BIT_STRING *addressPrefix; + IPAddressRange *addressRange; + } u; +} IPAddressOrRange; + +typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; +DECLARE_STACK_OF(IPAddressOrRange) + +#define IPAddressChoice_inherit 0 +#define IPAddressChoice_addressesOrRanges 1 + +typedef struct IPAddressChoice_st { + int type; + union { + ASN1_NULL *inherit; + IPAddressOrRanges *addressesOrRanges; + } u; +} IPAddressChoice; + +typedef struct IPAddressFamily_st { + ASN1_OCTET_STRING *addressFamily; + IPAddressChoice *ipAddressChoice; +} IPAddressFamily; + +typedef STACK_OF(IPAddressFamily) IPAddrBlocks; +DECLARE_STACK_OF(IPAddressFamily) + +IPAddressRange *IPAddressRange_new(void); +void IPAddressRange_free(IPAddressRange *a); +IPAddressRange *d2i_IPAddressRange(IPAddressRange **a, + const unsigned char **in, long len); +int i2d_IPAddressRange(IPAddressRange *a, unsigned char **out); +extern const ASN1_ITEM IPAddressRange_it; + +IPAddressOrRange *IPAddressOrRange_new(void); +void IPAddressOrRange_free(IPAddressOrRange *a); +IPAddressOrRange *d2i_IPAddressOrRange(IPAddressOrRange **a, + const unsigned char **in, long len); +int i2d_IPAddressOrRange(IPAddressOrRange *a, unsigned char **out); +extern const ASN1_ITEM IPAddressOrRange_it; + +IPAddressChoice *IPAddressChoice_new(void); +void IPAddressChoice_free(IPAddressChoice *a); +IPAddressChoice *d2i_IPAddressChoice(IPAddressChoice **a, + const unsigned char **in, long len); +int i2d_IPAddressChoice(IPAddressChoice *a, unsigned char **out); +extern const ASN1_ITEM IPAddressChoice_it; + +IPAddressFamily *IPAddressFamily_new(void); +void IPAddressFamily_free(IPAddressFamily *a); +IPAddressFamily *d2i_IPAddressFamily(IPAddressFamily **a, + const unsigned char **in, long len); +int i2d_IPAddressFamily(IPAddressFamily *a, unsigned char **out); +extern const ASN1_ITEM IPAddressFamily_it; + +/* + * API tag for elements of the ASIdentifer SEQUENCE. + */ +#define V3_ASID_ASNUM 0 +#define V3_ASID_RDI 1 + +/* + * AFI values, assigned by IANA. It'd be nice to make the AFI + * handling code totally generic, but there are too many little things + * that would need to be defined for other address families for it to + * be worth the trouble. + */ +#define IANA_AFI_IPV4 1 +#define IANA_AFI_IPV6 2 + +/* + * Utilities to construct and extract values from RFC3779 extensions, + * since some of the encodings (particularly for IP address prefixes + * and ranges) are a bit tedious to work with directly. + */ +int X509v3_asid_add_inherit(ASIdentifiers *asid, int which); +int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, + ASN1_INTEGER *min, ASN1_INTEGER *max); +int X509v3_addr_add_inherit(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi); +int X509v3_addr_add_prefix(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *a, const int prefixlen); +int X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi, + const unsigned *safi, unsigned char *min, unsigned char *max); +unsigned X509v3_addr_get_afi(const IPAddressFamily *f); +int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi, + unsigned char *min, unsigned char *max, const int length); + +/* + * Canonical forms. + */ +int X509v3_asid_is_canonical(ASIdentifiers *asid); +int X509v3_addr_is_canonical(IPAddrBlocks *addr); +int X509v3_asid_canonize(ASIdentifiers *asid); +int X509v3_addr_canonize(IPAddrBlocks *addr); + +/* + * Tests for inheritance and containment. + */ +int X509v3_asid_inherits(ASIdentifiers *asid); +int X509v3_addr_inherits(IPAddrBlocks *addr); +int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b); +int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b); + +/* + * Check whether RFC 3779 extensions nest properly in chains. + */ +int X509v3_asid_validate_path(X509_STORE_CTX *); +int X509v3_addr_validate_path(X509_STORE_CTX *); +int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain, ASIdentifiers *ext, + int allow_inheritance); +int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, + int allow_inheritance); + +#endif /* !OPENSSL_NO_RFC3779 */ + +void ERR_load_X509V3_strings(void); + +/* Error codes for the X509V3 functions. */ + +/* Function codes. */ +#define X509V3_F_A2I_GENERAL_NAME 164 +#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 +#define X509V3_F_COPY_EMAIL 122 +#define X509V3_F_COPY_ISSUER 123 +#define X509V3_F_DO_DIRNAME 144 +#define X509V3_F_DO_EXT_CONF 124 +#define X509V3_F_DO_EXT_I2D 135 +#define X509V3_F_DO_EXT_NCONF 151 +#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 +#define X509V3_F_GNAMES_FROM_SECTNAME 156 +#define X509V3_F_HEX_TO_STRING 111 +#define X509V3_F_I2S_ASN1_ENUMERATED 121 +#define X509V3_F_I2S_ASN1_IA5STRING 149 +#define X509V3_F_I2S_ASN1_INTEGER 120 +#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 +#define X509V3_F_NOTICE_SECTION 132 +#define X509V3_F_NREF_NOS 133 +#define X509V3_F_POLICY_SECTION 131 +#define X509V3_F_PROCESS_PCI_VALUE 150 +#define X509V3_F_R2I_CERTPOL 130 +#define X509V3_F_R2I_PCI 155 +#define X509V3_F_S2I_ASN1_IA5STRING 100 +#define X509V3_F_S2I_ASN1_INTEGER 108 +#define X509V3_F_S2I_ASN1_OCTET_STRING 112 +#define X509V3_F_S2I_ASN1_SKEY_ID 114 +#define X509V3_F_S2I_SKEY_ID 115 +#define X509V3_F_SET_DIST_POINT_NAME 158 +#define X509V3_F_STRING_TO_HEX 113 +#define X509V3_F_SXNET_ADD_ID_ASC 125 +#define X509V3_F_SXNET_ADD_ID_INTEGER 126 +#define X509V3_F_SXNET_ADD_ID_ULONG 127 +#define X509V3_F_SXNET_GET_ID_ASC 128 +#define X509V3_F_SXNET_GET_ID_ULONG 129 +#define X509V3_F_V2I_ASIDENTIFIERS 163 +#define X509V3_F_V2I_ASN1_BIT_STRING 101 +#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 +#define X509V3_F_V2I_AUTHORITY_KEYID 119 +#define X509V3_F_V2I_BASIC_CONSTRAINTS 102 +#define X509V3_F_V2I_CRLD 134 +#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 +#define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_GENERAL_NAME_EX 117 +#define X509V3_F_V2I_IDP 157 +#define X509V3_F_V2I_IPADDRBLOCKS 159 +#define X509V3_F_V2I_ISSUER_ALT 153 +#define X509V3_F_V2I_NAME_CONSTRAINTS 147 +#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +#define X509V3_F_V2I_POLICY_MAPPINGS 145 +#define X509V3_F_V2I_SUBJECT_ALT 154 +#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 +#define X509V3_F_V3_GENERIC_EXTENSION 116 +#define X509V3_F_X509V3_ADD1_I2D 140 +#define X509V3_F_X509V3_ADD_VALUE 105 +#define X509V3_F_X509V3_EXT_ADD 104 +#define X509V3_F_X509V3_EXT_ADD_ALIAS 106 +#define X509V3_F_X509V3_EXT_CONF 107 +#define X509V3_F_X509V3_EXT_I2D 136 +#define X509V3_F_X509V3_EXT_NCONF 152 +#define X509V3_F_X509V3_GET_SECTION 142 +#define X509V3_F_X509V3_GET_STRING 143 +#define X509V3_F_X509V3_GET_VALUE_BOOL 110 +#define X509V3_F_X509V3_PARSE_LIST 109 +#define X509V3_F_X509_PURPOSE_ADD 137 +#define X509V3_F_X509_PURPOSE_SET 141 + +/* Reason codes. */ +#define X509V3_R_BAD_IP_ADDRESS 118 +#define X509V3_R_BAD_OBJECT 119 +#define X509V3_R_BN_DEC2BN_ERROR 100 +#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_DIRNAME_ERROR 149 +#define X509V3_R_DISTPOINT_ALREADY_SET 160 +#define X509V3_R_DUPLICATE_ZONE_ID 133 +#define X509V3_R_ERROR_CONVERTING_ZONE 131 +#define X509V3_R_ERROR_CREATING_EXTENSION 144 +#define X509V3_R_ERROR_IN_EXTENSION 128 +#define X509V3_R_EXPECTED_A_SECTION_NAME 137 +#define X509V3_R_EXTENSION_EXISTS 145 +#define X509V3_R_EXTENSION_NAME_ERROR 115 +#define X509V3_R_EXTENSION_NOT_FOUND 102 +#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 +#define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 +#define X509V3_R_ILLEGAL_HEX_DIGIT 113 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +#define X509V3_R_INVALID_MULTIPLE_RDNS 161 +#define X509V3_R_INVALID_ASNUMBER 162 +#define X509V3_R_INVALID_ASRANGE 163 +#define X509V3_R_INVALID_BOOLEAN_STRING 104 +#define X509V3_R_INVALID_EXTENSION_STRING 105 +#define X509V3_R_INVALID_INHERITANCE 165 +#define X509V3_R_INVALID_IPADDRESS 166 +#define X509V3_R_INVALID_NAME 106 +#define X509V3_R_INVALID_NULL_ARGUMENT 107 +#define X509V3_R_INVALID_NULL_NAME 108 +#define X509V3_R_INVALID_NULL_VALUE 109 +#define X509V3_R_INVALID_NUMBER 140 +#define X509V3_R_INVALID_NUMBERS 141 +#define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 +#define X509V3_R_INVALID_OPTION 138 +#define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 +#define X509V3_R_INVALID_PURPOSE 146 +#define X509V3_R_INVALID_SAFI 164 +#define X509V3_R_INVALID_SECTION 135 +#define X509V3_R_INVALID_SYNTAX 143 +#define X509V3_R_ISSUER_DECODE_ERROR 126 +#define X509V3_R_MISSING_VALUE 124 +#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 +#define X509V3_R_NO_CONFIG_DATABASE 136 +#define X509V3_R_NO_ISSUER_CERTIFICATE 121 +#define X509V3_R_NO_ISSUER_DETAILS 127 +#define X509V3_R_NO_POLICY_IDENTIFIER 139 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 +#define X509V3_R_NO_PUBLIC_KEY 114 +#define X509V3_R_NO_SUBJECT_DETAILS 125 +#define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +#define X509V3_R_OPERATION_NOT_DEFINED 148 +#define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +#define X509V3_R_POLICY_PATH_LENGTH 156 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 +#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +#define X509V3_R_SECTION_NOT_FOUND 150 +#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 +#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 +#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 +#define X509V3_R_UNKNOWN_EXTENSION 129 +#define X509V3_R_UNKNOWN_EXTENSION_NAME 130 +#define X509V3_R_UNKNOWN_OPTION 120 +#define X509V3_R_UNSUPPORTED_OPTION 117 +#define X509V3_R_UNSUPPORTED_TYPE 167 +#define X509V3_R_USER_TOO_LONG 132 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/includes/curl/zconf.h b/includes/curl/zconf.h new file mode 100644 index 0000000..de90f8e --- /dev/null +++ b/includes/curl/zconf.h @@ -0,0 +1,206 @@ +/* zconf.h -- configuration of the zlib compression library + * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler + * For conditions of distribution and use, see copyright notice in zlib.h + */ + +#ifndef ZCONF_H +#define ZCONF_H + +#include "zlib_name_mangling.h" + +#if !defined(_WIN32) && defined(__WIN32__) +# define _WIN32 +#endif + +/* Clang macro for detecting declspec support + * https://clang.llvm.org/docs/LanguageExtensions.html#has-declspec-attribute + */ +#ifndef __has_declspec_attribute +# define __has_declspec_attribute(x) 0 +#endif + +#if defined(ZLIB_CONST) && !defined(z_const) +# define z_const const +#else +# define z_const +#endif + +/* Maximum value for memLevel in deflateInit2 */ +#ifndef MAX_MEM_LEVEL +# define MAX_MEM_LEVEL 9 +#endif + +/* Maximum value for windowBits in deflateInit2 and inflateInit2. + * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files + * created by gzip. (Files created by minigzip can still be extracted by + * gzip.) + */ +#ifndef MIN_WBITS +# define MIN_WBITS 8 /* 256 LZ77 window */ +#endif +#ifndef MAX_WBITS +# define MAX_WBITS 15 /* 32K LZ77 window */ +#endif + +/* The memory requirements for deflate are (in bytes): + (1 << (windowBits+2)) + (1 << (memLevel+9)) + that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) + plus a few kilobytes for small objects. For example, if you want to reduce + the default memory requirements from 256K to 128K, compile with + make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" + Of course this will generally degrade compression (there's no free lunch). + + The memory requirements for inflate are (in bytes) 1 << windowBits + that is, 32K for windowBits=15 (default value) plus about 7 kilobytes + for small objects. +*/ + +/* Type declarations */ + + +#ifndef OF /* function prototypes */ +# define OF(args) args +#endif + +#ifdef ZLIB_INTERNAL +# define Z_INTERNAL ZLIB_INTERNAL +#endif + +/* If building or using zlib as a DLL, define ZLIB_DLL. + * This is not mandatory, but it offers a little performance increase. + */ +#if defined(ZLIB_DLL) && (defined(_WIN32) || (__has_declspec_attribute(dllexport) && __has_declspec_attribute(dllimport))) +# ifdef Z_INTERNAL +# define Z_EXTERN extern __declspec(dllexport) +# else +# define Z_EXTERN extern __declspec(dllimport) +# endif +#endif + +/* If building or using zlib with the WINAPI/WINAPIV calling convention, + * define ZLIB_WINAPI. + * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI. + */ +#if defined(ZLIB_WINAPI) && defined(_WIN32) +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# include + /* No need for _export, use ZLIB.DEF instead. */ + /* For complete Windows compatibility, use WINAPI, not __stdcall. */ +# define Z_EXPORT WINAPI +# define Z_EXPORTVA WINAPIV +#endif + +#ifndef Z_EXTERN +# define Z_EXTERN extern +#endif +#ifndef Z_EXPORT +# define Z_EXPORT +#endif +#ifndef Z_EXPORTVA +# define Z_EXPORTVA +#endif + +/* Conditional exports */ +#define ZNG_CONDEXPORT Z_INTERNAL + +/* For backwards compatibility */ + +#ifndef ZEXTERN +# define ZEXTERN Z_EXTERN +#endif +#ifndef ZEXPORT +# define ZEXPORT Z_EXPORT +#endif +#ifndef ZEXPORTVA +# define ZEXPORTVA Z_EXPORTVA +#endif +#ifndef FAR +# define FAR +#endif + +/* Legacy zlib typedefs for backwards compatibility. Don't assume stdint.h is defined. */ +typedef unsigned char Byte; +typedef Byte Bytef; + +typedef unsigned int uInt; /* 16 bits or more */ +typedef unsigned long uLong; /* 32 bits or more */ + +typedef char charf; +typedef int intf; +typedef uInt uIntf; +typedef uLong uLongf; + +typedef void const *voidpc; +typedef void *voidpf; +typedef void *voidp; + +typedef unsigned int z_crc_t; + +#if 1 /* was set to #if 1 by configure/cmake/etc */ +# define Z_HAVE_UNISTD_H +#endif + +#ifdef NEED_PTRDIFF_T /* may be set to #if 1 by configure/cmake/etc */ +typedef PTRDIFF_TYPE ptrdiff_t; +#endif + +#include /* for off_t */ + +#include /* for wchar_t and NULL */ + +/* a little trick to accommodate both "#define _LARGEFILE64_SOURCE" and + * "#define _LARGEFILE64_SOURCE 1" as requesting 64-bit operations, (even + * though the former does not conform to the LFS document), but considering + * both "#undef _LARGEFILE64_SOURCE" and "#define _LARGEFILE64_SOURCE 0" as + * equivalently requesting no 64-bit operations + */ +#if defined(_LARGEFILE64_SOURCE) && -_LARGEFILE64_SOURCE - -1 == 1 +# undef _LARGEFILE64_SOURCE +#endif + +#if defined(Z_HAVE_UNISTD_H) || defined(_LARGEFILE64_SOURCE) +# include /* for SEEK_*, off_t, and _LFS64_LARGEFILE */ +# ifndef z_off_t +# define z_off_t off_t +# endif +#endif + +#if defined(_LFS64_LARGEFILE) && _LFS64_LARGEFILE-0 +# define Z_LFS64 +#endif + +#if defined(_LARGEFILE64_SOURCE) && defined(Z_LFS64) +# define Z_LARGE64 +#endif + +#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS-0 == 64 && defined(Z_LFS64) +# define Z_WANT64 +#endif + +#if !defined(SEEK_SET) +# define SEEK_SET 0 /* Seek from beginning of file. */ +# define SEEK_CUR 1 /* Seek from current position. */ +# define SEEK_END 2 /* Set file pointer to EOF plus "offset" */ +#endif + +#ifndef z_off_t +# define z_off_t long +#endif + +#if !defined(_WIN32) && defined(Z_LARGE64) +# define z_off64_t off64_t +#else +# if defined(__MSYS__) +# define z_off64_t _off64_t +# elif defined(_WIN32) && !defined(__GNUC__) +# define z_off64_t __int64 +# else +# define z_off64_t z_off_t +# endif +#endif + +typedef size_t z_size_t; + +#endif /* ZCONF_H */ diff --git a/includes/curl/zdict.h b/includes/curl/zdict.h new file mode 100644 index 0000000..599b793 --- /dev/null +++ b/includes/curl/zdict.h @@ -0,0 +1,481 @@ +/* + * Copyright (c) Meta Platforms, Inc. and affiliates. + * All rights reserved. + * + * This source code is licensed under both the BSD-style license (found in the + * LICENSE file in the root directory of this source tree) and the GPLv2 (found + * in the COPYING file in the root directory of this source tree). + * You may select, at your option, one of the above-listed licenses. + */ + +#ifndef ZSTD_ZDICT_H +#define ZSTD_ZDICT_H + + +/*====== Dependencies ======*/ +#include /* size_t */ + +#if defined (__cplusplus) +extern "C" { +#endif + +/* ===== ZDICTLIB_API : control library symbols visibility ===== */ +#ifndef ZDICTLIB_VISIBLE + /* Backwards compatibility with old macro name */ +# ifdef ZDICTLIB_VISIBILITY +# define ZDICTLIB_VISIBLE ZDICTLIB_VISIBILITY +# elif defined(__GNUC__) && (__GNUC__ >= 4) && !defined(__MINGW32__) +# define ZDICTLIB_VISIBLE __attribute__ ((visibility ("default"))) +# else +# define ZDICTLIB_VISIBLE +# endif +#endif + +#ifndef ZDICTLIB_HIDDEN +# if defined(__GNUC__) && (__GNUC__ >= 4) && !defined(__MINGW32__) +# define ZDICTLIB_HIDDEN __attribute__ ((visibility ("hidden"))) +# else +# define ZDICTLIB_HIDDEN +# endif +#endif + +#if defined(ZSTD_DLL_EXPORT) && (ZSTD_DLL_EXPORT==1) +# define ZDICTLIB_API __declspec(dllexport) ZDICTLIB_VISIBLE +#elif defined(ZSTD_DLL_IMPORT) && (ZSTD_DLL_IMPORT==1) +# define ZDICTLIB_API __declspec(dllimport) ZDICTLIB_VISIBLE /* It isn't required but allows to generate better code, saving a function pointer load from the IAT and an indirect jump.*/ +#else +# define ZDICTLIB_API ZDICTLIB_VISIBLE +#endif + +/******************************************************************************* + * Zstd dictionary builder + * + * FAQ + * === + * Why should I use a dictionary? + * ------------------------------ + * + * Zstd can use dictionaries to improve compression ratio of small data. + * Traditionally small files don't compress well because there is very little + * repetition in a single sample, since it is small. But, if you are compressing + * many similar files, like a bunch of JSON records that share the same + * structure, you can train a dictionary on ahead of time on some samples of + * these files. Then, zstd can use the dictionary to find repetitions that are + * present across samples. This can vastly improve compression ratio. + * + * When is a dictionary useful? + * ---------------------------- + * + * Dictionaries are useful when compressing many small files that are similar. + * The larger a file is, the less benefit a dictionary will have. Generally, + * we don't expect dictionary compression to be effective past 100KB. And the + * smaller a file is, the more we would expect the dictionary to help. + * + * How do I use a dictionary? + * -------------------------- + * + * Simply pass the dictionary to the zstd compressor with + * `ZSTD_CCtx_loadDictionary()`. The same dictionary must then be passed to + * the decompressor, using `ZSTD_DCtx_loadDictionary()`. There are other + * more advanced functions that allow selecting some options, see zstd.h for + * complete documentation. + * + * What is a zstd dictionary? + * -------------------------- + * + * A zstd dictionary has two pieces: Its header, and its content. The header + * contains a magic number, the dictionary ID, and entropy tables. These + * entropy tables allow zstd to save on header costs in the compressed file, + * which really matters for small data. The content is just bytes, which are + * repeated content that is common across many samples. + * + * What is a raw content dictionary? + * --------------------------------- + * + * A raw content dictionary is just bytes. It doesn't have a zstd dictionary + * header, a dictionary ID, or entropy tables. Any buffer is a valid raw + * content dictionary. + * + * How do I train a dictionary? + * ---------------------------- + * + * Gather samples from your use case. These samples should be similar to each + * other. If you have several use cases, you could try to train one dictionary + * per use case. + * + * Pass those samples to `ZDICT_trainFromBuffer()` and that will train your + * dictionary. There are a few advanced versions of this function, but this + * is a great starting point. If you want to further tune your dictionary + * you could try `ZDICT_optimizeTrainFromBuffer_cover()`. If that is too slow + * you can try `ZDICT_optimizeTrainFromBuffer_fastCover()`. + * + * If the dictionary training function fails, that is likely because you + * either passed too few samples, or a dictionary would not be effective + * for your data. Look at the messages that the dictionary trainer printed, + * if it doesn't say too few samples, then a dictionary would not be effective. + * + * How large should my dictionary be? + * ---------------------------------- + * + * A reasonable dictionary size, the `dictBufferCapacity`, is about 100KB. + * The zstd CLI defaults to a 110KB dictionary. You likely don't need a + * dictionary larger than that. But, most use cases can get away with a + * smaller dictionary. The advanced dictionary builders can automatically + * shrink the dictionary for you, and select the smallest size that doesn't + * hurt compression ratio too much. See the `shrinkDict` parameter. + * A smaller dictionary can save memory, and potentially speed up + * compression. + * + * How many samples should I provide to the dictionary builder? + * ------------------------------------------------------------ + * + * We generally recommend passing ~100x the size of the dictionary + * in samples. A few thousand should suffice. Having too few samples + * can hurt the dictionaries effectiveness. Having more samples will + * only improve the dictionaries effectiveness. But having too many + * samples can slow down the dictionary builder. + * + * How do I determine if a dictionary will be effective? + * ----------------------------------------------------- + * + * Simply train a dictionary and try it out. You can use zstd's built in + * benchmarking tool to test the dictionary effectiveness. + * + * # Benchmark levels 1-3 without a dictionary + * zstd -b1e3 -r /path/to/my/files + * # Benchmark levels 1-3 with a dictionary + * zstd -b1e3 -r /path/to/my/files -D /path/to/my/dictionary + * + * When should I retrain a dictionary? + * ----------------------------------- + * + * You should retrain a dictionary when its effectiveness drops. Dictionary + * effectiveness drops as the data you are compressing changes. Generally, we do + * expect dictionaries to "decay" over time, as your data changes, but the rate + * at which they decay depends on your use case. Internally, we regularly + * retrain dictionaries, and if the new dictionary performs significantly + * better than the old dictionary, we will ship the new dictionary. + * + * I have a raw content dictionary, how do I turn it into a zstd dictionary? + * ------------------------------------------------------------------------- + * + * If you have a raw content dictionary, e.g. by manually constructing it, or + * using a third-party dictionary builder, you can turn it into a zstd + * dictionary by using `ZDICT_finalizeDictionary()`. You'll also have to + * provide some samples of the data. It will add the zstd header to the + * raw content, which contains a dictionary ID and entropy tables, which + * will improve compression ratio, and allow zstd to write the dictionary ID + * into the frame, if you so choose. + * + * Do I have to use zstd's dictionary builder? + * ------------------------------------------- + * + * No! You can construct dictionary content however you please, it is just + * bytes. It will always be valid as a raw content dictionary. If you want + * a zstd dictionary, which can improve compression ratio, use + * `ZDICT_finalizeDictionary()`. + * + * What is the attack surface of a zstd dictionary? + * ------------------------------------------------ + * + * Zstd is heavily fuzz tested, including loading fuzzed dictionaries, so + * zstd should never crash, or access out-of-bounds memory no matter what + * the dictionary is. However, if an attacker can control the dictionary + * during decompression, they can cause zstd to generate arbitrary bytes, + * just like if they controlled the compressed data. + * + ******************************************************************************/ + + +/*! ZDICT_trainFromBuffer(): + * Train a dictionary from an array of samples. + * Redirect towards ZDICT_optimizeTrainFromBuffer_fastCover() single-threaded, with d=8, steps=4, + * f=20, and accel=1. + * Samples must be stored concatenated in a single flat buffer `samplesBuffer`, + * supplied with an array of sizes `samplesSizes`, providing the size of each sample, in order. + * The resulting dictionary will be saved into `dictBuffer`. + * @return: size of dictionary stored into `dictBuffer` (<= `dictBufferCapacity`) + * or an error code, which can be tested with ZDICT_isError(). + * Note: Dictionary training will fail if there are not enough samples to construct a + * dictionary, or if most of the samples are too small (< 8 bytes being the lower limit). + * If dictionary training fails, you should use zstd without a dictionary, as the dictionary + * would've been ineffective anyways. If you believe your samples would benefit from a dictionary + * please open an issue with details, and we can look into it. + * Note: ZDICT_trainFromBuffer()'s memory usage is about 6 MB. + * Tips: In general, a reasonable dictionary has a size of ~ 100 KB. + * It's possible to select smaller or larger size, just by specifying `dictBufferCapacity`. + * In general, it's recommended to provide a few thousands samples, though this can vary a lot. + * It's recommended that total size of all samples be about ~x100 times the target size of dictionary. + */ +ZDICTLIB_API size_t ZDICT_trainFromBuffer(void* dictBuffer, size_t dictBufferCapacity, + const void* samplesBuffer, + const size_t* samplesSizes, unsigned nbSamples); + +typedef struct { + int compressionLevel; /**< optimize for a specific zstd compression level; 0 means default */ + unsigned notificationLevel; /**< Write log to stderr; 0 = none (default); 1 = errors; 2 = progression; 3 = details; 4 = debug; */ + unsigned dictID; /**< force dictID value; 0 means auto mode (32-bits random value) + * NOTE: The zstd format reserves some dictionary IDs for future use. + * You may use them in private settings, but be warned that they + * may be used by zstd in a public dictionary registry in the future. + * These dictionary IDs are: + * - low range : <= 32767 + * - high range : >= (2^31) + */ +} ZDICT_params_t; + +/*! ZDICT_finalizeDictionary(): + * Given a custom content as a basis for dictionary, and a set of samples, + * finalize dictionary by adding headers and statistics according to the zstd + * dictionary format. + * + * Samples must be stored concatenated in a flat buffer `samplesBuffer`, + * supplied with an array of sizes `samplesSizes`, providing the size of each + * sample in order. The samples are used to construct the statistics, so they + * should be representative of what you will compress with this dictionary. + * + * The compression level can be set in `parameters`. You should pass the + * compression level you expect to use in production. The statistics for each + * compression level differ, so tuning the dictionary for the compression level + * can help quite a bit. + * + * You can set an explicit dictionary ID in `parameters`, or allow us to pick + * a random dictionary ID for you, but we can't guarantee no collisions. + * + * The dstDictBuffer and the dictContent may overlap, and the content will be + * appended to the end of the header. If the header + the content doesn't fit in + * maxDictSize the beginning of the content is truncated to make room, since it + * is presumed that the most profitable content is at the end of the dictionary, + * since that is the cheapest to reference. + * + * `maxDictSize` must be >= max(dictContentSize, ZDICT_DICTSIZE_MIN). + * + * @return: size of dictionary stored into `dstDictBuffer` (<= `maxDictSize`), + * or an error code, which can be tested by ZDICT_isError(). + * Note: ZDICT_finalizeDictionary() will push notifications into stderr if + * instructed to, using notificationLevel>0. + * NOTE: This function currently may fail in several edge cases including: + * * Not enough samples + * * Samples are uncompressible + * * Samples are all exactly the same + */ +ZDICTLIB_API size_t ZDICT_finalizeDictionary(void* dstDictBuffer, size_t maxDictSize, + const void* dictContent, size_t dictContentSize, + const void* samplesBuffer, const size_t* samplesSizes, unsigned nbSamples, + ZDICT_params_t parameters); + + +/*====== Helper functions ======*/ +ZDICTLIB_API unsigned ZDICT_getDictID(const void* dictBuffer, size_t dictSize); /**< extracts dictID; @return zero if error (not a valid dictionary) */ +ZDICTLIB_API size_t ZDICT_getDictHeaderSize(const void* dictBuffer, size_t dictSize); /* returns dict header size; returns a ZSTD error code on failure */ +ZDICTLIB_API unsigned ZDICT_isError(size_t errorCode); +ZDICTLIB_API const char* ZDICT_getErrorName(size_t errorCode); + +#if defined (__cplusplus) +} +#endif + +#endif /* ZSTD_ZDICT_H */ + +#if defined(ZDICT_STATIC_LINKING_ONLY) && !defined(ZSTD_ZDICT_H_STATIC) +#define ZSTD_ZDICT_H_STATIC + +#if defined (__cplusplus) +extern "C" { +#endif + +/* This can be overridden externally to hide static symbols. */ +#ifndef ZDICTLIB_STATIC_API +# if defined(ZSTD_DLL_EXPORT) && (ZSTD_DLL_EXPORT==1) +# define ZDICTLIB_STATIC_API __declspec(dllexport) ZDICTLIB_VISIBLE +# elif defined(ZSTD_DLL_IMPORT) && (ZSTD_DLL_IMPORT==1) +# define ZDICTLIB_STATIC_API __declspec(dllimport) ZDICTLIB_VISIBLE +# else +# define ZDICTLIB_STATIC_API ZDICTLIB_VISIBLE +# endif +#endif + +/* ==================================================================================== + * The definitions in this section are considered experimental. + * They should never be used with a dynamic library, as they may change in the future. + * They are provided for advanced usages. + * Use them only in association with static linking. + * ==================================================================================== */ + +#define ZDICT_DICTSIZE_MIN 256 +/* Deprecated: Remove in v1.6.0 */ +#define ZDICT_CONTENTSIZE_MIN 128 + +/*! ZDICT_cover_params_t: + * k and d are the only required parameters. + * For others, value 0 means default. + */ +typedef struct { + unsigned k; /* Segment size : constraint: 0 < k : Reasonable range [16, 2048+] */ + unsigned d; /* dmer size : constraint: 0 < d <= k : Reasonable range [6, 16] */ + unsigned steps; /* Number of steps : Only used for optimization : 0 means default (40) : Higher means more parameters checked */ + unsigned nbThreads; /* Number of threads : constraint: 0 < nbThreads : 1 means single-threaded : Only used for optimization : Ignored if ZSTD_MULTITHREAD is not defined */ + double splitPoint; /* Percentage of samples used for training: Only used for optimization : the first nbSamples * splitPoint samples will be used to training, the last nbSamples * (1 - splitPoint) samples will be used for testing, 0 means default (1.0), 1.0 when all samples are used for both training and testing */ + unsigned shrinkDict; /* Train dictionaries to shrink in size starting from the minimum size and selects the smallest dictionary that is shrinkDictMaxRegression% worse than the largest dictionary. 0 means no shrinking and 1 means shrinking */ + unsigned shrinkDictMaxRegression; /* Sets shrinkDictMaxRegression so that a smaller dictionary can be at worse shrinkDictMaxRegression% worse than the max dict size dictionary. */ + ZDICT_params_t zParams; +} ZDICT_cover_params_t; + +typedef struct { + unsigned k; /* Segment size : constraint: 0 < k : Reasonable range [16, 2048+] */ + unsigned d; /* dmer size : constraint: 0 < d <= k : Reasonable range [6, 16] */ + unsigned f; /* log of size of frequency array : constraint: 0 < f <= 31 : 1 means default(20)*/ + unsigned steps; /* Number of steps : Only used for optimization : 0 means default (40) : Higher means more parameters checked */ + unsigned nbThreads; /* Number of threads : constraint: 0 < nbThreads : 1 means single-threaded : Only used for optimization : Ignored if ZSTD_MULTITHREAD is not defined */ + double splitPoint; /* Percentage of samples used for training: Only used for optimization : the first nbSamples * splitPoint samples will be used to training, the last nbSamples * (1 - splitPoint) samples will be used for testing, 0 means default (0.75), 1.0 when all samples are used for both training and testing */ + unsigned accel; /* Acceleration level: constraint: 0 < accel <= 10, higher means faster and less accurate, 0 means default(1) */ + unsigned shrinkDict; /* Train dictionaries to shrink in size starting from the minimum size and selects the smallest dictionary that is shrinkDictMaxRegression% worse than the largest dictionary. 0 means no shrinking and 1 means shrinking */ + unsigned shrinkDictMaxRegression; /* Sets shrinkDictMaxRegression so that a smaller dictionary can be at worse shrinkDictMaxRegression% worse than the max dict size dictionary. */ + + ZDICT_params_t zParams; +} ZDICT_fastCover_params_t; + +/*! ZDICT_trainFromBuffer_cover(): + * Train a dictionary from an array of samples using the COVER algorithm. + * Samples must be stored concatenated in a single flat buffer `samplesBuffer`, + * supplied with an array of sizes `samplesSizes`, providing the size of each sample, in order. + * The resulting dictionary will be saved into `dictBuffer`. + * @return: size of dictionary stored into `dictBuffer` (<= `dictBufferCapacity`) + * or an error code, which can be tested with ZDICT_isError(). + * See ZDICT_trainFromBuffer() for details on failure modes. + * Note: ZDICT_trainFromBuffer_cover() requires about 9 bytes of memory for each input byte. + * Tips: In general, a reasonable dictionary has a size of ~ 100 KB. + * It's possible to select smaller or larger size, just by specifying `dictBufferCapacity`. + * In general, it's recommended to provide a few thousands samples, though this can vary a lot. + * It's recommended that total size of all samples be about ~x100 times the target size of dictionary. + */ +ZDICTLIB_STATIC_API size_t ZDICT_trainFromBuffer_cover( + void *dictBuffer, size_t dictBufferCapacity, + const void *samplesBuffer, const size_t *samplesSizes, unsigned nbSamples, + ZDICT_cover_params_t parameters); + +/*! ZDICT_optimizeTrainFromBuffer_cover(): + * The same requirements as above hold for all the parameters except `parameters`. + * This function tries many parameter combinations and picks the best parameters. + * `*parameters` is filled with the best parameters found, + * dictionary constructed with those parameters is stored in `dictBuffer`. + * + * All of the parameters d, k, steps are optional. + * If d is non-zero then we don't check multiple values of d, otherwise we check d = {6, 8}. + * if steps is zero it defaults to its default value. + * If k is non-zero then we don't check multiple values of k, otherwise we check steps values in [50, 2000]. + * + * @return: size of dictionary stored into `dictBuffer` (<= `dictBufferCapacity`) + * or an error code, which can be tested with ZDICT_isError(). + * On success `*parameters` contains the parameters selected. + * See ZDICT_trainFromBuffer() for details on failure modes. + * Note: ZDICT_optimizeTrainFromBuffer_cover() requires about 8 bytes of memory for each input byte and additionally another 5 bytes of memory for each byte of memory for each thread. + */ +ZDICTLIB_STATIC_API size_t ZDICT_optimizeTrainFromBuffer_cover( + void* dictBuffer, size_t dictBufferCapacity, + const void* samplesBuffer, const size_t* samplesSizes, unsigned nbSamples, + ZDICT_cover_params_t* parameters); + +/*! ZDICT_trainFromBuffer_fastCover(): + * Train a dictionary from an array of samples using a modified version of COVER algorithm. + * Samples must be stored concatenated in a single flat buffer `samplesBuffer`, + * supplied with an array of sizes `samplesSizes`, providing the size of each sample, in order. + * d and k are required. + * All other parameters are optional, will use default values if not provided + * The resulting dictionary will be saved into `dictBuffer`. + * @return: size of dictionary stored into `dictBuffer` (<= `dictBufferCapacity`) + * or an error code, which can be tested with ZDICT_isError(). + * See ZDICT_trainFromBuffer() for details on failure modes. + * Note: ZDICT_trainFromBuffer_fastCover() requires 6 * 2^f bytes of memory. + * Tips: In general, a reasonable dictionary has a size of ~ 100 KB. + * It's possible to select smaller or larger size, just by specifying `dictBufferCapacity`. + * In general, it's recommended to provide a few thousands samples, though this can vary a lot. + * It's recommended that total size of all samples be about ~x100 times the target size of dictionary. + */ +ZDICTLIB_STATIC_API size_t ZDICT_trainFromBuffer_fastCover(void *dictBuffer, + size_t dictBufferCapacity, const void *samplesBuffer, + const size_t *samplesSizes, unsigned nbSamples, + ZDICT_fastCover_params_t parameters); + +/*! ZDICT_optimizeTrainFromBuffer_fastCover(): + * The same requirements as above hold for all the parameters except `parameters`. + * This function tries many parameter combinations (specifically, k and d combinations) + * and picks the best parameters. `*parameters` is filled with the best parameters found, + * dictionary constructed with those parameters is stored in `dictBuffer`. + * All of the parameters d, k, steps, f, and accel are optional. + * If d is non-zero then we don't check multiple values of d, otherwise we check d = {6, 8}. + * if steps is zero it defaults to its default value. + * If k is non-zero then we don't check multiple values of k, otherwise we check steps values in [50, 2000]. + * If f is zero, default value of 20 is used. + * If accel is zero, default value of 1 is used. + * + * @return: size of dictionary stored into `dictBuffer` (<= `dictBufferCapacity`) + * or an error code, which can be tested with ZDICT_isError(). + * On success `*parameters` contains the parameters selected. + * See ZDICT_trainFromBuffer() for details on failure modes. + * Note: ZDICT_optimizeTrainFromBuffer_fastCover() requires about 6 * 2^f bytes of memory for each thread. + */ +ZDICTLIB_STATIC_API size_t ZDICT_optimizeTrainFromBuffer_fastCover(void* dictBuffer, + size_t dictBufferCapacity, const void* samplesBuffer, + const size_t* samplesSizes, unsigned nbSamples, + ZDICT_fastCover_params_t* parameters); + +typedef struct { + unsigned selectivityLevel; /* 0 means default; larger => select more => larger dictionary */ + ZDICT_params_t zParams; +} ZDICT_legacy_params_t; + +/*! ZDICT_trainFromBuffer_legacy(): + * Train a dictionary from an array of samples. + * Samples must be stored concatenated in a single flat buffer `samplesBuffer`, + * supplied with an array of sizes `samplesSizes`, providing the size of each sample, in order. + * The resulting dictionary will be saved into `dictBuffer`. + * `parameters` is optional and can be provided with values set to 0 to mean "default". + * @return: size of dictionary stored into `dictBuffer` (<= `dictBufferCapacity`) + * or an error code, which can be tested with ZDICT_isError(). + * See ZDICT_trainFromBuffer() for details on failure modes. + * Tips: In general, a reasonable dictionary has a size of ~ 100 KB. + * It's possible to select smaller or larger size, just by specifying `dictBufferCapacity`. + * In general, it's recommended to provide a few thousands samples, though this can vary a lot. + * It's recommended that total size of all samples be about ~x100 times the target size of dictionary. + * Note: ZDICT_trainFromBuffer_legacy() will send notifications into stderr if instructed to, using notificationLevel>0. + */ +ZDICTLIB_STATIC_API size_t ZDICT_trainFromBuffer_legacy( + void* dictBuffer, size_t dictBufferCapacity, + const void* samplesBuffer, const size_t* samplesSizes, unsigned nbSamples, + ZDICT_legacy_params_t parameters); + + +/* Deprecation warnings */ +/* It is generally possible to disable deprecation warnings from compiler, + for example with -Wno-deprecated-declarations for gcc + or _CRT_SECURE_NO_WARNINGS in Visual. + Otherwise, it's also possible to manually define ZDICT_DISABLE_DEPRECATE_WARNINGS */ +#ifdef ZDICT_DISABLE_DEPRECATE_WARNINGS +# define ZDICT_DEPRECATED(message) /* disable deprecation warnings */ +#else +# define ZDICT_GCC_VERSION (__GNUC__ * 100 + __GNUC_MINOR__) +# if defined (__cplusplus) && (__cplusplus >= 201402) /* C++14 or greater */ +# define ZDICT_DEPRECATED(message) [[deprecated(message)]] +# elif defined(__clang__) || (ZDICT_GCC_VERSION >= 405) +# define ZDICT_DEPRECATED(message) __attribute__((deprecated(message))) +# elif (ZDICT_GCC_VERSION >= 301) +# define ZDICT_DEPRECATED(message) __attribute__((deprecated)) +# elif defined(_MSC_VER) +# define ZDICT_DEPRECATED(message) __declspec(deprecated(message)) +# else +# pragma message("WARNING: You need to implement ZDICT_DEPRECATED for this compiler") +# define ZDICT_DEPRECATED(message) +# endif +#endif /* ZDICT_DISABLE_DEPRECATE_WARNINGS */ + +ZDICT_DEPRECATED("use ZDICT_finalizeDictionary() instead") +ZDICTLIB_STATIC_API +size_t ZDICT_addEntropyTablesFromBuffer(void* dictBuffer, size_t dictContentSize, size_t dictBufferCapacity, + const void* samplesBuffer, const size_t* samplesSizes, unsigned nbSamples); + +#if defined (__cplusplus) +} +#endif + +#endif /* ZSTD_ZDICT_H_STATIC */ diff --git a/includes/curl/zlib.h b/includes/curl/zlib.h new file mode 100644 index 0000000..d784951 --- /dev/null +++ b/includes/curl/zlib.h @@ -0,0 +1,1859 @@ +#ifndef ZLIB_H_ +#define ZLIB_H_ +/* zlib.h -- interface of the 'zlib-ng' compression library + Forked from and compatible with zlib 1.3.1 + + Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler + + This software is provided 'as-is', without any express or implied + warranty. In no event will the authors be held liable for any damages + arising from the use of this software. + + Permission is granted to anyone to use this software for any purpose, + including commercial applications, and to alter it and redistribute it + freely, subject to the following restrictions: + + 1. The origin of this software must not be misrepresented; you must not + claim that you wrote the original software. If you use this software + in a product, an acknowledgment in the product documentation would be + appreciated but is not required. + 2. Altered source versions must be plainly marked as such, and must not be + misrepresented as being the original software. + 3. This notice may not be removed or altered from any source distribution. + + Jean-loup Gailly Mark Adler + jloup@gzip.org madler@alumni.caltech.edu + + + The data format used by the zlib library is described by RFCs (Request for + Comments) 1950 to 1952 in the files https://tools.ietf.org/html/rfc1950 + (zlib format), rfc1951 (deflate format) and rfc1952 (gzip format). +*/ + +#ifdef ZNGLIB_H_ +# error Include zlib-ng.h for zlib-ng API or zlib.h for zlib-compat API but not both +#endif + +#ifndef RC_INVOKED +#include +#include + +#include "zconf.h" + +#ifndef ZCONF_H +# error Missing zconf.h add binary output directory to include directories +#endif +#endif /* RC_INVOKED */ + +#ifdef __cplusplus +extern "C" { +#endif + +#define ZLIBNG_VERSION "2.2.4" +#define ZLIBNG_VERNUM 0x020204F0L /* MMNNRRSM: major minor revision status modified */ +#define ZLIBNG_VER_MAJOR 2 +#define ZLIBNG_VER_MINOR 2 +#define ZLIBNG_VER_REVISION 4 +#define ZLIBNG_VER_STATUS F /* 0=devel, 1-E=beta, F=Release (DEPRECATED) */ +#define ZLIBNG_VER_STATUSH 0xF /* Hex values: 0=devel, 1-E=beta, F=Release */ +#define ZLIBNG_VER_MODIFIED 0 /* non-zero if modified externally from zlib-ng */ + +#define ZLIB_VERSION "1.3.1.zlib-ng" +#define ZLIB_VERNUM 0x131f +#define ZLIB_VER_MAJOR 1 +#define ZLIB_VER_MINOR 3 +#define ZLIB_VER_REVISION 1 +#define ZLIB_VER_SUBREVISION 15 /* 15=fork (0xf) */ + +/* + The 'zlib' compression library provides in-memory compression and + decompression functions, including integrity checks of the uncompressed data. + This version of the library supports only one compression method (deflation) + but other algorithms will be added later and will have the same stream + interface. + + Compression can be done in a single step if the buffers are large enough, + or can be done by repeated calls of the compression function. In the latter + case, the application must provide more input and/or consume the output + (providing more output space) before each call. + + The compressed data format used by default by the in-memory functions is + the zlib format, which is a zlib wrapper documented in RFC 1950, wrapped + around a deflate stream, which is itself documented in RFC 1951. + + The library also supports reading and writing files in gzip (.gz) format + with an interface similar to that of stdio using the functions that start + with "gz". The gzip format is different from the zlib format. gzip is a + gzip wrapper, documented in RFC 1952, wrapped around a deflate stream. + + This library can optionally read and write gzip and raw deflate streams in + memory as well. + + The zlib format was designed to be compact and fast for use in memory + and on communications channels. The gzip format was designed for single- + file compression on file systems, has a larger header than zlib to maintain + directory information, and uses a different, slower check method than zlib. + + The library does not install any signal handler. The decoder checks + the consistency of the compressed data, so the library should never crash + even in the case of corrupted input. +*/ + +typedef void *(*alloc_func) (void *opaque, unsigned int items, unsigned int size); +typedef void (*free_func) (void *opaque, void *address); + +struct internal_state; + +typedef struct z_stream_s { + z_const unsigned char *next_in; /* next input byte */ + uint32_t avail_in; /* number of bytes available at next_in */ + unsigned long total_in; /* total number of input bytes read so far */ + + unsigned char *next_out; /* next output byte will go here */ + uint32_t avail_out; /* remaining free space at next_out */ + unsigned long total_out; /* total number of bytes output so far */ + + z_const char *msg; /* last error message, NULL if no error */ + struct internal_state *state; /* not visible by applications */ + + alloc_func zalloc; /* used to allocate the internal state */ + free_func zfree; /* used to free the internal state */ + void *opaque; /* private data object passed to zalloc and zfree */ + + int data_type; /* best guess about the data type: binary or text + for deflate, or the decoding state for inflate */ + unsigned long adler; /* Adler-32 or CRC-32 value of the uncompressed data */ + unsigned long reserved; /* reserved for future use */ +} z_stream; + +typedef z_stream *z_streamp; /* Obsolete type, retained for compatibility only */ + +/* + gzip header information passed to and from zlib routines. See RFC 1952 + for more details on the meanings of these fields. +*/ +typedef struct gz_header_s { + int text; /* true if compressed data believed to be text */ + unsigned long time; /* modification time */ + int xflags; /* extra flags (not used when writing a gzip file) */ + int os; /* operating system */ + unsigned char *extra; /* pointer to extra field or NULL if none */ + unsigned int extra_len; /* extra field length (valid if extra != NULL) */ + unsigned int extra_max; /* space at extra (only when reading header) */ + unsigned char *name; /* pointer to zero-terminated file name or NULL */ + unsigned int name_max; /* space at name (only when reading header) */ + unsigned char *comment; /* pointer to zero-terminated comment or NULL */ + unsigned int comm_max; /* space at comment (only when reading header) */ + int hcrc; /* true if there was or will be a header crc */ + int done; /* true when done reading gzip header (not used when writing a gzip file) */ +} gz_header; + +typedef gz_header *gz_headerp; + +/* + The application must update next_in and avail_in when avail_in has dropped + to zero. It must update next_out and avail_out when avail_out has dropped + to zero. The application must initialize zalloc, zfree and opaque before + calling the init function. All other fields are set by the compression + library and must not be updated by the application. + + The opaque value provided by the application will be passed as the first + parameter for calls of zalloc and zfree. This can be useful for custom + memory management. The compression library attaches no meaning to the + opaque value. + + zalloc must return NULL if there is not enough memory for the object. + If zlib is used in a multi-threaded application, zalloc and zfree must be + thread safe. In that case, zlib is thread-safe. When zalloc and zfree are + Z_NULL on entry to the initialization function, they are set to internal + routines that use the standard library functions malloc() and free(). + + The fields total_in and total_out can be used for statistics or progress + reports. After compression, total_in holds the total size of the + uncompressed data and may be saved for use by the decompressor (particularly + if the decompressor wants to decompress everything in a single step). +*/ + + /* constants */ + +#define Z_NO_FLUSH 0 +#define Z_PARTIAL_FLUSH 1 +#define Z_SYNC_FLUSH 2 +#define Z_FULL_FLUSH 3 +#define Z_FINISH 4 +#define Z_BLOCK 5 +#define Z_TREES 6 +/* Allowed flush values; see deflate() and inflate() below for details */ + +#define Z_OK 0 +#define Z_STREAM_END 1 +#define Z_NEED_DICT 2 +#define Z_ERRNO (-1) +#define Z_STREAM_ERROR (-2) +#define Z_DATA_ERROR (-3) +#define Z_MEM_ERROR (-4) +#define Z_BUF_ERROR (-5) +#define Z_VERSION_ERROR (-6) +/* Return codes for the compression/decompression functions. Negative values + * are errors, positive values are used for special but normal events. + */ + +#define Z_NO_COMPRESSION 0 +#define Z_BEST_SPEED 1 +#define Z_BEST_COMPRESSION 9 +#define Z_DEFAULT_COMPRESSION (-1) +/* compression levels */ + +#define Z_FILTERED 1 +#define Z_HUFFMAN_ONLY 2 +#define Z_RLE 3 +#define Z_FIXED 4 +#define Z_DEFAULT_STRATEGY 0 +/* compression strategy; see deflateInit2() below for details */ + +#define Z_BINARY 0 +#define Z_TEXT 1 +#define Z_ASCII Z_TEXT /* for compatibility with 1.2.2 and earlier */ +#define Z_UNKNOWN 2 +/* Possible values of the data_type field for deflate() */ + +#define Z_DEFLATED 8 +/* The deflate compression method (the only one supported in this version) */ + +#define Z_NULL 0 /* for compatibility with zlib, was for initializing zalloc, zfree, opaque */ + +#define zlib_version zlibVersion() +/* for compatibility with versions < 1.0.2 */ + + + /* basic functions */ + +Z_EXTERN const char * Z_EXPORT zlibVersion(void); +/* The application can compare zlibVersion and ZLIB_VERSION for consistency. + If the first character differs, the library code actually used is not + compatible with the zlib.h header file used by the application. This check + is automatically made by deflateInit and inflateInit. + */ + +/* +Z_EXTERN int Z_EXPORT deflateInit (z_stream *strm, int level); + + Initializes the internal stream state for compression. The fields + zalloc, zfree and opaque must be initialized before by the caller. If + zalloc and zfree are set to Z_NULL, deflateInit updates them to use default + allocation functions. total_in, total_out, adler, and msg are initialized. + + The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9: + 1 gives best speed, 9 gives best compression, 0 gives no compression at all + (the input data is simply copied a block at a time). Z_DEFAULT_COMPRESSION + requests a default compromise between speed and compression (currently + equivalent to level 6). + + deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough + memory, Z_STREAM_ERROR if level is not a valid compression level, or + Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible + with the version assumed by the caller (ZLIB_VERSION). msg is set to null + if there is no error message. deflateInit does not perform any compression: + this will be done by deflate(). +*/ + + +Z_EXTERN int Z_EXPORT deflate(z_stream *strm, int flush); +/* + deflate compresses as much data as possible, and stops when the input + buffer becomes empty or the output buffer becomes full. It may introduce + some output latency (reading input without producing any output) except when + forced to flush. + + The detailed semantics are as follows. deflate performs one or both of the + following actions: + + - Compress more input starting at next_in and update next_in and avail_in + accordingly. If not all input can be processed (because there is not + enough room in the output buffer), next_in and avail_in are updated and + processing will resume at this point for the next call of deflate(). + + - Generate more output starting at next_out and update next_out and avail_out + accordingly. This action is forced if the parameter flush is non zero. + Forcing flush frequently degrades the compression ratio, so this parameter + should be set only when necessary. Some output may be provided even if + flush is zero. + + Before the call of deflate(), the application should ensure that at least + one of the actions is possible, by providing more input and/or consuming more + output, and updating avail_in or avail_out accordingly; avail_out should + never be zero before the call. The application can consume the compressed + output when it wants, for example when the output buffer is full (avail_out + == 0), or after each call of deflate(). If deflate returns Z_OK and with + zero avail_out, it must be called again after making room in the output + buffer because there might be more output pending. See deflatePending(), + which can be used if desired to determine whether or not there is more output + in that case. + + Normally the parameter flush is set to Z_NO_FLUSH, which allows deflate to + decide how much data to accumulate before producing output, in order to + maximize compression. + + If the parameter flush is set to Z_SYNC_FLUSH, all pending output is + flushed to the output buffer and the output is aligned on a byte boundary, so + that the decompressor can get all input data available so far. (In + particular avail_in is zero after the call if enough output space has been + provided before the call.) Flushing may degrade compression for some + compression algorithms and so it should be used only when necessary. This + completes the current deflate block and follows it with an empty stored block + that is three bits plus filler bits to the next byte, followed by four bytes + (00 00 ff ff). + + If flush is set to Z_PARTIAL_FLUSH, all pending output is flushed to the + output buffer, but the output is not aligned to a byte boundary. All of the + input data so far will be available to the decompressor, as for Z_SYNC_FLUSH. + This completes the current deflate block and follows it with an empty fixed + codes block that is 10 bits long. This assures that enough bytes are output + in order for the decompressor to finish the block before the empty fixed + codes block. + + If flush is set to Z_BLOCK, a deflate block is completed and emitted, as + for Z_SYNC_FLUSH, but the output is not aligned on a byte boundary, and up to + seven bits of the current block are held to be written as the next byte after + the next deflate block is completed. In this case, the decompressor may not + be provided enough bits at this point in order to complete decompression of + the data provided so far to the compressor. It may need to wait for the next + block to be emitted. This is for advanced applications that need to control + the emission of deflate blocks. + + If flush is set to Z_FULL_FLUSH, all output is flushed as with + Z_SYNC_FLUSH, and the compression state is reset so that decompression can + restart from this point if previous compressed data has been damaged or if + random access is desired. Using Z_FULL_FLUSH too often can seriously degrade + compression. + + If deflate returns with avail_out == 0, this function must be called again + with the same value of the flush parameter and more output space (updated + avail_out), until the flush is complete (deflate returns with non-zero + avail_out). In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that + avail_out is greater than six when the flush marker begins, in order to avoid + repeated flush markers upon calling deflate() again when avail_out == 0. + + If the parameter flush is set to Z_FINISH, pending input is processed, + pending output is flushed and deflate returns with Z_STREAM_END if there was + enough output space. If deflate returns with Z_OK or Z_BUF_ERROR, this + function must be called again with Z_FINISH and more output space (updated + avail_out) but no more input data, until it returns with Z_STREAM_END or an + error. After deflate has returned Z_STREAM_END, the only possible operations + on the stream are deflateReset or deflateEnd. + + Z_FINISH can be used in the first deflate call after deflateInit if all the + compression is to be done in a single step. In order to complete in one + call, avail_out must be at least the value returned by deflateBound (see + below). Then deflate is guaranteed to return Z_STREAM_END. If not enough + output space is provided, deflate will not return Z_STREAM_END, and it must + be called again as described above. + + deflate() sets strm->adler to the Adler-32 checksum of all input read + so far (that is, total_in bytes). If a gzip stream is being generated, then + strm->adler will be the CRC-32 checksum of the input read so far. (See + deflateInit2 below.) + + deflate() may update strm->data_type if it can make a good guess about + the input data type (Z_BINARY or Z_TEXT). If in doubt, the data is + considered binary. This field is only for information purposes and does not + affect the compression algorithm in any manner. + + deflate() returns Z_OK if some progress has been made (more input + processed or more output produced), Z_STREAM_END if all input has been + consumed and all output has been produced (only when flush is set to + Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example + if next_in or next_out was NULL) or the state was inadvertently written over + by the application), or Z_BUF_ERROR if no progress is possible (for example + avail_in or avail_out was zero). Note that Z_BUF_ERROR is not fatal, and + deflate() can be called again with more input and more output space to + continue compressing. +*/ + + +Z_EXTERN int Z_EXPORT deflateEnd(z_stream *strm); +/* + All dynamically allocated data structures for this stream are freed. + This function discards any unprocessed input and does not flush any pending + output. + + deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the + stream state was inconsistent, Z_DATA_ERROR if the stream was freed + prematurely (some input or output was discarded). In the error case, msg + may be set but then points to a static string (which must not be + deallocated). +*/ + + +/* +Z_EXTERN int Z_EXPORT inflateInit (z_stream *strm); + + Initializes the internal stream state for decompression. The fields + next_in, avail_in, zalloc, zfree and opaque must be initialized before by + the caller. In the current version of inflate, the provided input is not + read or consumed. The allocation of a sliding window will be deferred to + the first call of inflate (if the decompression does not complete on the + first call). If zalloc and zfree are set to Z_NULL, inflateInit updates + them to use default allocation functions. total_in, total_out, adler, and + msg are initialized. + + inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough + memory, Z_VERSION_ERROR if the zlib library version is incompatible with the + version assumed by the caller, or Z_STREAM_ERROR if the parameters are + invalid, such as a null pointer to the structure. msg is set to null if + there is no error message. inflateInit does not perform any decompression. + Actual decompression will be done by inflate(). So next_in, and avail_in, + next_out, and avail_out are unused and unchanged. The current + implementation of inflateInit() does not process any header information -- + that is deferred until inflate() is called. +*/ + + +Z_EXTERN int Z_EXPORT inflate(z_stream *strm, int flush); +/* + inflate decompresses as much data as possible, and stops when the input + buffer becomes empty or the output buffer becomes full. It may introduce + some output latency (reading input without producing any output) except when + forced to flush. + + The detailed semantics are as follows. inflate performs one or both of the + following actions: + + - Decompress more input starting at next_in and update next_in and avail_in + accordingly. If not all input can be processed (because there is not + enough room in the output buffer), then next_in and avail_in are updated + accordingly, and processing will resume at this point for the next call of + inflate(). + + - Generate more output starting at next_out and update next_out and avail_out + accordingly. inflate() provides as much output as possible, until there is + no more input data or no more space in the output buffer (see below about + the flush parameter). + + Before the call of inflate(), the application should ensure that at least + one of the actions is possible, by providing more input and/or consuming more + output, and updating the next_* and avail_* values accordingly. If the + caller of inflate() does not provide both available input and available + output space, it is possible that there will be no progress made. The + application can consume the uncompressed output when it wants, for example + when the output buffer is full (avail_out == 0), or after each call of + inflate(). If inflate returns Z_OK and with zero avail_out, it must be + called again after making room in the output buffer because there might be + more output pending. + + The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, Z_FINISH, + Z_BLOCK, or Z_TREES. Z_SYNC_FLUSH requests that inflate() flush as much + output as possible to the output buffer. Z_BLOCK requests that inflate() + stop if and when it gets to the next deflate block boundary. When decoding + the zlib or gzip format, this will cause inflate() to return immediately + after the header and before the first block. When doing a raw inflate, + inflate() will go ahead and process the first block, and will return when it + gets to the end of that block, or when it runs out of data. + + The Z_BLOCK option assists in appending to or combining deflate streams. + To assist in this, on return inflate() always sets strm->data_type to the + number of unused bits in the last byte taken from strm->next_in, plus 64 if + inflate() is currently decoding the last block in the deflate stream, plus + 128 if inflate() returned immediately after decoding an end-of-block code or + decoding the complete header up to just before the first byte of the deflate + stream. The end-of-block will not be indicated until all of the uncompressed + data from that block has been written to strm->next_out. The number of + unused bits may in general be greater than seven, except when bit 7 of + data_type is set, in which case the number of unused bits will be less than + eight. data_type is set as noted here every time inflate() returns for all + flush options, and so can be used to determine the amount of currently + consumed input in bits. + + The Z_TREES option behaves as Z_BLOCK does, but it also returns when the + end of each deflate block header is reached, before any actual data in that + block is decoded. This allows the caller to determine the length of the + deflate block header for later use in random access within a deflate block. + 256 is added to the value of strm->data_type when inflate() returns + immediately after reaching the end of the deflate block header. + + inflate() should normally be called until it returns Z_STREAM_END or an + error. However if all decompression is to be performed in a single step (a + single call of inflate), the parameter flush should be set to Z_FINISH. In + this case all pending input is processed and all pending output is flushed; + avail_out must be large enough to hold all of the uncompressed data for the + operation to complete. (The size of the uncompressed data may have been + saved by the compressor for this purpose.) The use of Z_FINISH is not + required to perform an inflation in one step. However it may be used to + inform inflate that a faster approach can be used for the single inflate() + call. Z_FINISH also informs inflate to not maintain a sliding window if the + stream completes, which reduces inflate's memory footprint. If the stream + does not complete, either because not all of the stream is provided or not + enough output space is provided, then a sliding window will be allocated and + inflate() can be called again to continue the operation as if Z_NO_FLUSH had + been used. + + In this implementation, inflate() always flushes as much output as + possible to the output buffer, and always uses the faster approach on the + first call. So the effects of the flush parameter in this implementation are + on the return value of inflate() as noted below, when inflate() returns early + when Z_BLOCK or Z_TREES is used, and when inflate() avoids the allocation of + memory for a sliding window when Z_FINISH is used. + + If a preset dictionary is needed after this call (see inflateSetDictionary + below), inflate sets strm->adler to the Adler-32 checksum of the dictionary + chosen by the compressor and returns Z_NEED_DICT; otherwise it sets + strm->adler to the Adler-32 checksum of all output produced so far (that is, + total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described + below. At the end of the stream, inflate() checks that its computed Adler-32 + checksum is equal to that saved by the compressor and returns Z_STREAM_END + only if the checksum is correct. + + inflate() can decompress and check either zlib-wrapped or gzip-wrapped + deflate data. The header type is detected automatically, if requested when + initializing with inflateInit2(). Any information contained in the gzip + header is not retained unless inflateGetHeader() is used. When processing + gzip-wrapped deflate data, strm->adler32 is set to the CRC-32 of the output + produced so far. The CRC-32 is checked against the gzip trailer, as is the + uncompressed length, modulo 2^32. + + inflate() returns Z_OK if some progress has been made (more input processed + or more output produced), Z_STREAM_END if the end of the compressed data has + been reached and all uncompressed output has been produced, Z_NEED_DICT if a + preset dictionary is needed at this point, Z_DATA_ERROR if the input data was + corrupted (input stream not conforming to the zlib format or incorrect check + value, in which case strm->msg points to a string with a more specific + error), Z_STREAM_ERROR if the stream structure was inconsistent (for example + next_in or next_out was NULL, or the state was inadvertently written over + by the application), Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR + if no progress is possible or if there was not enough room in the output + buffer when Z_FINISH is used. Note that Z_BUF_ERROR is not fatal, and + inflate() can be called again with more input and more output space to + continue decompressing. If Z_DATA_ERROR is returned, the application may + then call inflateSync() to look for a good compression block if a partial + recovery of the data is to be attempted. +*/ + + +Z_EXTERN int Z_EXPORT inflateEnd(z_stream *strm); +/* + All dynamically allocated data structures for this stream are freed. + This function discards any unprocessed input and does not flush any pending + output. + + inflateEnd returns Z_OK if success, or Z_STREAM_ERROR if the stream state + was inconsistent. +*/ + + + /* Advanced functions */ + +/* + The following functions are needed only in some special applications. +*/ + +/* +Z_EXTERN int Z_EXPORT deflateInit2 (z_stream *strm, + int level, + int method, + int windowBits, + int memLevel, + int strategy); + + This is another version of deflateInit with more compression options. The + fields zalloc, zfree and opaque must be initialized before by the caller. + + The method parameter is the compression method. It must be Z_DEFLATED in + this version of the library. + + The windowBits parameter is the base two logarithm of the window size + (the size of the history buffer). It should be in the range 8..15 for this + version of the library. Larger values of this parameter result in better + compression at the expense of memory usage. The default value is 15 if + deflateInit is used instead. + + For the current implementation of deflate(), a windowBits value of 8 (a + window size of 256 bytes) is not supported. As a result, a request for 8 + will result in 9 (a 512-byte window). In that case, providing 8 to + inflateInit2() will result in an error when the zlib header with 9 is + checked against the initialization of inflate(). The remedy is to not use 8 + with deflateInit2() with this initialization, or at least in that case use 9 + with inflateInit2(). + + windowBits can also be -8..-15 for raw deflate. In this case, -windowBits + determines the window size. deflate() will then generate raw deflate data + with no zlib header or trailer, and will not compute a check value. + + windowBits can also be greater than 15 for optional gzip encoding. Add + 16 to windowBits to write a simple gzip header and trailer around the + compressed data instead of a zlib wrapper. The gzip header will have no + file name, no extra data, no comment, no modification time (set to zero), no + header crc, and the operating system will be set to the appropriate value, + if the operating system was determined at compile time. If a gzip stream is + being written, strm->adler is a CRC-32 instead of an Adler-32. + + For raw deflate or gzip encoding, a request for a 256-byte window is + rejected as invalid, since only the zlib header provides a means of + transmitting the window size to the decompressor. + + The memLevel parameter specifies how much memory should be allocated + for the internal compression state. memLevel=1 uses minimum memory but is + slow and reduces compression ratio; memLevel=9 uses maximum memory for + optimal speed. The default value is 8. See zconf.h for total memory usage + as a function of windowBits and memLevel. + + The strategy parameter is used to tune the compression algorithm. Use the + value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a + filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no + string match), or Z_RLE to limit match distances to one (run-length + encoding). Filtered data consists mostly of small values with a somewhat + random distribution. In this case, the compression algorithm is tuned to + compress them better. The effect of Z_FILTERED is to force more Huffman + coding and less string matching; it is somewhat intermediate between + Z_DEFAULT_STRATEGY and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as + fast as Z_HUFFMAN_ONLY, but give better compression for PNG image data. The + strategy parameter only affects the compression ratio but not the + correctness of the compressed output even if it is not set appropriately. + Z_FIXED prevents the use of dynamic Huffman codes, allowing for a simpler + decoder for special applications. + + deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough + memory, Z_STREAM_ERROR if any parameter is invalid (such as an invalid + method), or Z_VERSION_ERROR if the zlib library version (zlib_version) is + incompatible with the version assumed by the caller (ZLIB_VERSION). msg is + set to null if there is no error message. deflateInit2 does not perform any + compression: this will be done by deflate(). +*/ + +Z_EXTERN int Z_EXPORT deflateSetDictionary(z_stream *strm, + const unsigned char *dictionary, + unsigned int dictLength); +/* + Initializes the compression dictionary from the given byte sequence + without producing any compressed output. When using the zlib format, this + function must be called immediately after deflateInit, deflateInit2 or + deflateReset, and before any call of deflate. When doing raw deflate, this + function must be called either before any call of deflate, or immediately + after the completion of a deflate block, i.e. after all input has been + consumed and all output has been delivered when using any of the flush + options Z_BLOCK, Z_PARTIAL_FLUSH, Z_SYNC_FLUSH, or Z_FULL_FLUSH. The + compressor and decompressor must use exactly the same dictionary (see + inflateSetDictionary). + + The dictionary should consist of strings (byte sequences) that are likely + to be encountered later in the data to be compressed, with the most commonly + used strings preferably put towards the end of the dictionary. Using a + dictionary is most useful when the data to be compressed is short and can be + predicted with good accuracy; the data can then be compressed better than + with the default empty dictionary. + + Depending on the size of the compression data structures selected by + deflateInit or deflateInit2, a part of the dictionary may in effect be + discarded, for example if the dictionary is larger than the window size + provided in deflateInit or deflateInit2. Thus the strings most likely to be + useful should be put at the end of the dictionary, not at the front. In + addition, the current implementation of deflate will use at most the window + size minus 262 bytes of the provided dictionary. + + Upon return of this function, strm->adler is set to the Adler-32 value + of the dictionary; the decompressor may later use this value to determine + which dictionary has been used by the compressor. (The Adler-32 value + applies to the whole dictionary even if only a subset of the dictionary is + actually used by the compressor.) If a raw deflate was requested, then the + Adler-32 value is not computed and strm->adler is not set. + + deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a + parameter is invalid (e.g. dictionary being NULL) or the stream state is + inconsistent (for example if deflate has already been called for this stream + or if not at a block boundary for raw deflate). deflateSetDictionary does + not perform any compression: this will be done by deflate(). +*/ + +Z_EXTERN int Z_EXPORT deflateGetDictionary (z_stream *strm, unsigned char *dictionary, unsigned int *dictLength); +/* + Returns the sliding dictionary being maintained by deflate. dictLength is + set to the number of bytes in the dictionary, and that many bytes are copied + to dictionary. dictionary must have enough space, where 32768 bytes is + always enough. If deflateGetDictionary() is called with dictionary equal to + Z_NULL, then only the dictionary length is returned, and nothing is copied. + Similarly, if dictLength is Z_NULL, then it is not set. + + deflateGetDictionary() may return a length less than the window size, even + when more than the window size in input has been provided. It may return up + to 258 bytes less in that case, due to how zlib's implementation of deflate + manages the sliding window and lookahead for matches, where matches can be + up to 258 bytes long. If the application needs the last window-size bytes of + input, then that would need to be saved by the application outside of zlib. + + deflateGetDictionary returns Z_OK on success, or Z_STREAM_ERROR if the + stream state is inconsistent. +*/ + +Z_EXTERN int Z_EXPORT deflateCopy(z_stream *dest, z_stream *source); +/* + Sets the destination stream as a complete copy of the source stream. + + This function can be useful when several compression strategies will be + tried, for example when there are several ways of pre-processing the input + data with a filter. The streams that will be discarded should then be freed + by calling deflateEnd. Note that deflateCopy duplicates the internal + compression state which can be quite large, so this strategy is slow and can + consume lots of memory. + + deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not + enough memory, Z_STREAM_ERROR if the source stream state was inconsistent + (such as zalloc being NULL). msg is left unchanged in both source and + destination. +*/ + +Z_EXTERN int Z_EXPORT deflateReset(z_stream *strm); +/* + This function is equivalent to deflateEnd followed by deflateInit, but + does not free and reallocate the internal compression state. The stream + will leave the compression level and any other attributes that may have been + set unchanged. total_in, total_out, adler, and msg are initialized. + + deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent (such as zalloc or state being NULL). +*/ + +Z_EXTERN int Z_EXPORT deflateParams(z_stream *strm, int level, int strategy); +/* + Dynamically update the compression level and compression strategy. The + interpretation of level and strategy is as in deflateInit2(). This can be + used to switch between compression and straight copy of the input data, or + to switch to a different kind of input data requiring a different strategy. + If the compression approach (which is a function of the level) or the + strategy is changed, and if there have been any deflate() calls since the + state was initialized or reset, then the input available so far is + compressed with the old level and strategy using deflate(strm, Z_BLOCK). + There are three approaches for the compression levels 0, 1..3, and 4..9 + respectively. The new level and strategy will take effect at the next call + of deflate(). + + If a deflate(strm, Z_BLOCK) is performed by deflateParams(), and it does + not have enough output space to complete, then the parameter change will not + take effect. In this case, deflateParams() can be called again with the + same parameters and more output space to try again. + + In order to assure a change in the parameters on the first try, the + deflate stream should be flushed using deflate() with Z_BLOCK or other flush + request until strm.avail_out is not zero, before calling deflateParams(). + Then no more input data should be provided before the deflateParams() call. + If this is done, the old level and strategy will be applied to the data + compressed before deflateParams(), and the new level and strategy will be + applied to the data compressed after deflateParams(). + + deflateParams returns Z_OK on success, Z_STREAM_ERROR if the source stream + state was inconsistent or if a parameter was invalid, or Z_BUF_ERROR if + there was not enough output space to complete the compression of the + available input data before a change in the strategy or approach. Note that + in the case of a Z_BUF_ERROR, the parameters are not changed. A return + value of Z_BUF_ERROR is not fatal, in which case deflateParams() can be + retried with more output space. +*/ + +Z_EXTERN int Z_EXPORT deflateTune(z_stream *strm, int good_length, int max_lazy, int nice_length, int max_chain); +/* + Fine tune deflate's internal compression parameters. This should only be + used by someone who understands the algorithm used by zlib's deflate for + searching for the best matching string, and even then only by the most + fanatic optimizer trying to squeeze out the last compressed bit for their + specific input data. Read the deflate.c source code for the meaning of the + max_lazy, good_length, nice_length, and max_chain parameters. + + deflateTune() can be called after deflateInit() or deflateInit2(), and + returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream. + */ + +Z_EXTERN unsigned long Z_EXPORT deflateBound(z_stream *strm, unsigned long sourceLen); +/* + deflateBound() returns an upper bound on the compressed size after + deflation of sourceLen bytes. It must be called after deflateInit() or + deflateInit2(), and after deflateSetHeader(), if used. This would be used + to allocate an output buffer for deflation in a single pass, and so would be + called before deflate(). If that first deflate() call is provided the + sourceLen input bytes, an output buffer allocated to the size returned by + deflateBound(), and the flush value Z_FINISH, then deflate() is guaranteed + to return Z_STREAM_END. Note that it is possible for the compressed size to + be larger than the value returned by deflateBound() if flush options other + than Z_FINISH or Z_NO_FLUSH are used. +*/ + +Z_EXTERN int Z_EXPORT deflatePending(z_stream *strm, uint32_t *pending, int *bits); +/* + deflatePending() returns the number of bytes and bits of output that have + been generated, but not yet provided in the available output. The bytes not + provided would be due to the available output space having being consumed. + The number of bits of output not provided are between 0 and 7, where they + await more bits to join them in order to fill out a full byte. If pending + or bits are NULL, then those values are not set. + + deflatePending returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent. + */ + +Z_EXTERN int Z_EXPORT deflatePrime(z_stream *strm, int bits, int value); +/* + deflatePrime() inserts bits in the deflate output stream. The intent + is that this function is used to start off the deflate output with the bits + leftover from a previous deflate stream when appending to it. As such, this + function can only be used for raw deflate, and must be used before the first + deflate() call after a deflateInit2() or deflateReset(). bits must be less + than or equal to 16, and that many of the least significant bits of value + will be inserted in the output. + + deflatePrime returns Z_OK if success, Z_BUF_ERROR if there was not enough + room in the internal buffer to insert the bits, or Z_STREAM_ERROR if the + source stream state was inconsistent. +*/ + +Z_EXTERN int Z_EXPORT deflateSetHeader(z_stream *strm, gz_headerp head); +/* + deflateSetHeader() provides gzip header information for when a gzip + stream is requested by deflateInit2(). deflateSetHeader() may be called + after deflateInit2() or deflateReset() and before the first call of + deflate(). The text, time, os, extra field, name, and comment information + in the provided gz_header structure are written to the gzip header (xflag is + ignored -- the extra flags are set according to the compression level). The + caller must assure that, if not NULL, name and comment are terminated with + a zero byte, and that if extra is not NULL, that extra_len bytes are + available there. If hcrc is true, a gzip header crc is included. Note that + the current versions of the command-line version of gzip (up through version + 1.3.x) do not support header crc's, and will report that it is a "multi-part + gzip file" and give up. + + If deflateSetHeader is not used, the default gzip header has text false, + the time set to zero, and os set to the current operating system, with no + extra, name, or comment fields. The gzip header is returned to the default + state by deflateReset(). + + deflateSetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent. +*/ + +/* +Z_EXTERN int Z_EXPORT inflateInit2(z_stream *strm, int windowBits); + + This is another version of inflateInit with an extra parameter. The + fields next_in, avail_in, zalloc, zfree and opaque must be initialized + before by the caller. + + The windowBits parameter is the base two logarithm of the maximum window + size (the size of the history buffer). It should be in the range 8..15 for + this version of the library. The default value is 15 if inflateInit is used + instead. windowBits must be greater than or equal to the windowBits value + provided to deflateInit2() while compressing, or it must be equal to 15 if + deflateInit2() was not used. If a compressed stream with a larger window + size is given as input, inflate() will return with the error code + Z_DATA_ERROR instead of trying to allocate a larger window. + + windowBits can also be zero to request that inflate use the window size in + the zlib header of the compressed stream. + + windowBits can also be -8..-15 for raw inflate. In this case, -windowBits + determines the window size. inflate() will then process raw deflate data, + not looking for a zlib or gzip header, not generating a check value, and not + looking for any check values for comparison at the end of the stream. This + is for use with other formats that use the deflate compressed data format + such as zip. Those formats provide their own check values. If a custom + format is developed using the raw deflate format for compressed data, it is + recommended that a check value such as an Adler-32 or a CRC-32 be applied to + the uncompressed data as is done in the zlib, gzip, and zip formats. For + most applications, the zlib format should be used as is. Note that comments + above on the use in deflateInit2() applies to the magnitude of windowBits. + + windowBits can also be greater than 15 for optional gzip decoding. Add + 32 to windowBits to enable zlib and gzip decoding with automatic header + detection, or add 16 to decode only the gzip format (the zlib format will + return a Z_DATA_ERROR). If a gzip stream is being decoded, strm->adler is a + CRC-32 instead of an Adler-32. Unlike the gunzip utility and gzread() (see + below), inflate() will *not* automatically decode concatenated gzip members. + inflate() will return Z_STREAM_END at the end of the gzip member. The state + would need to be reset to continue decoding a subsequent gzip member. This + *must* be done if there is more data after a gzip member, in order for the + decompression to be compliant with the gzip standard (RFC 1952). + + inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough + memory, Z_VERSION_ERROR if the zlib library version is incompatible with the + version assumed by the caller, or Z_STREAM_ERROR if the parameters are + invalid, such as a null pointer to the structure. msg is set to null if + there is no error message. inflateInit2 does not perform any decompression + apart from possibly reading the zlib header if present: actual decompression + will be done by inflate(). (So next_in and avail_in may be modified, but + next_out and avail_out are unused and unchanged.) The current implementation + of inflateInit2() does not process any header information -- that is + deferred until inflate() is called. +*/ + +Z_EXTERN int Z_EXPORT inflateSetDictionary(z_stream *strm, const unsigned char *dictionary, unsigned int dictLength); +/* + Initializes the decompression dictionary from the given uncompressed byte + sequence. This function must be called immediately after a call of inflate, + if that call returned Z_NEED_DICT. The dictionary chosen by the compressor + can be determined from the Adler-32 value returned by that call of inflate. + The compressor and decompressor must use exactly the same dictionary (see + deflateSetDictionary). For raw inflate, this function can be called at any + time to set the dictionary. If the provided dictionary is smaller than the + window and there is already data in the window, then the provided dictionary + will amend what's there. The application must ensure that the dictionary + that was used for compression is provided. + + inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a + parameter is invalid (e.g. dictionary being NULL) or the stream state is + inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the + expected one (incorrect Adler-32 value). inflateSetDictionary does not + perform any decompression: this will be done by subsequent calls of + inflate(). +*/ + +Z_EXTERN int Z_EXPORT inflateGetDictionary(z_stream *strm, unsigned char *dictionary, unsigned int *dictLength); +/* + Returns the sliding dictionary being maintained by inflate. dictLength is + set to the number of bytes in the dictionary, and that many bytes are copied + to dictionary. dictionary must have enough space, where 32768 bytes is + always enough. If inflateGetDictionary() is called with dictionary equal to + NULL, then only the dictionary length is returned, and nothing is copied. + Similarly, if dictLength is NULL, then it is not set. + + inflateGetDictionary returns Z_OK on success, or Z_STREAM_ERROR if the + stream state is inconsistent. +*/ + +Z_EXTERN int Z_EXPORT inflateSync(z_stream *strm); +/* + Skips invalid compressed data until a possible full flush point (see above + for the description of deflate with Z_FULL_FLUSH) can be found, or until all + available input is skipped. No output is provided. + + inflateSync searches for a 00 00 FF FF pattern in the compressed data. + All full flush points have this pattern, but not all occurrences of this + pattern are full flush points. + + inflateSync returns Z_OK if a possible full flush point has been found, + Z_BUF_ERROR if no more input was provided, Z_DATA_ERROR if no flush point + has been found, or Z_STREAM_ERROR if the stream structure was inconsistent. + In the success case, the application may save the current value of + total_in which indicates where valid compressed data was found. In the + error case, the application may repeatedly call inflateSync, providing more + input each time, until success or end of the input data. +*/ + +Z_EXTERN int Z_EXPORT inflateCopy(z_stream *dest, z_stream *source); +/* + Sets the destination stream as a complete copy of the source stream. + + This function can be useful when randomly accessing a large stream. The + first pass through the stream can periodically record the inflate state, + allowing restarting inflate at those points when randomly accessing the + stream. + + inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not + enough memory, Z_STREAM_ERROR if the source stream state was inconsistent + (such as zalloc being NULL). msg is left unchanged in both source and + destination. +*/ + +Z_EXTERN int Z_EXPORT inflateReset(z_stream *strm); +/* + This function is equivalent to inflateEnd followed by inflateInit, + but does not free and reallocate the internal decompression state. The + stream will keep attributes that may have been set by inflateInit2. + total_in, total_out, adler, and msg are initialized. + + inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent (such as zalloc or state being NULL). +*/ + +Z_EXTERN int Z_EXPORT inflateReset2(z_stream *strm, int windowBits); +/* + This function is the same as inflateReset, but it also permits changing + the wrap and window size requests. The windowBits parameter is interpreted + the same as it is for inflateInit2. If the window size is changed, then the + memory allocated for the window is freed, and the window will be reallocated + by inflate() if needed. + + inflateReset2 returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent (such as zalloc or state being NULL), or if + the windowBits parameter is invalid. +*/ + +Z_EXTERN int Z_EXPORT inflatePrime(z_stream *strm, int bits, int value); +/* + This function inserts bits in the inflate input stream. The intent is + that this function is used to start inflating at a bit position in the + middle of a byte. The provided bits will be used before any bytes are used + from next_in. This function should only be used with raw inflate, and + should be used before the first inflate() call after inflateInit2() or + inflateReset(). bits must be less than or equal to 16, and that many of the + least significant bits of value will be inserted in the input. + + If bits is negative, then the input stream bit buffer is emptied. Then + inflatePrime() can be called again to put bits in the buffer. This is used + to clear out bits leftover after feeding inflate a block description prior + to feeding inflate codes. + + inflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent. +*/ + +Z_EXTERN long Z_EXPORT inflateMark(z_stream *strm); +/* + This function returns two values, one in the lower 16 bits of the return + value, and the other in the remaining upper bits, obtained by shifting the + return value down 16 bits. If the upper value is -1 and the lower value is + zero, then inflate() is currently decoding information outside of a block. + If the upper value is -1 and the lower value is non-zero, then inflate is in + the middle of a stored block, with the lower value equaling the number of + bytes from the input remaining to copy. If the upper value is not -1, then + it is the number of bits back from the current bit position in the input of + the code (literal or length/distance pair) currently being processed. In + that case the lower value is the number of bytes already emitted for that + code. + + A code is being processed if inflate is waiting for more input to complete + decoding of the code, or if it has completed decoding but is waiting for + more output space to write the literal or match data. + + inflateMark() is used to mark locations in the input data for random + access, which may be at bit positions, and to note those cases where the + output of a code may span boundaries of random access blocks. The current + location in the input stream can be determined from avail_in and data_type + as noted in the description for the Z_BLOCK flush parameter for inflate. + + inflateMark returns the value noted above, or -65536 if the provided + source stream state was inconsistent. +*/ + +Z_EXTERN int Z_EXPORT inflateGetHeader(z_stream *strm, gz_headerp head); +/* + inflateGetHeader() requests that gzip header information be stored in the + provided gz_header structure. inflateGetHeader() may be called after + inflateInit2() or inflateReset(), and before the first call of inflate(). + As inflate() processes the gzip stream, head->done is zero until the header + is completed, at which time head->done is set to one. If a zlib stream is + being decoded, then head->done is set to -1 to indicate that there will be + no gzip header information forthcoming. Note that Z_BLOCK or Z_TREES can be + used to force inflate() to return immediately after header processing is + complete and before any actual data is decompressed. + + The text, time, xflags, and os fields are filled in with the gzip header + contents. hcrc is set to true if there is a header CRC. (The header CRC + was valid if done is set to one.) If extra is not NULL, then extra_max + contains the maximum number of bytes to write to extra. Once done is true, + extra_len contains the actual extra field length, and extra contains the + extra field, or that field truncated if extra_max is less than extra_len. + If name is not NULL, then up to name_max characters are written there, + terminated with a zero unless the length is greater than name_max. If + comment is not NULL, then up to comm_max characters are written there, + terminated with a zero unless the length is greater than comm_max. When any + of extra, name, or comment are not NULL and the respective field is not + present in the header, then that field is set to NULL to signal its + absence. This allows the use of deflateSetHeader() with the returned + structure to duplicate the header. However if those fields are set to + allocated memory, then the application will need to save those pointers + elsewhere so that they can be eventually freed. + + If inflateGetHeader is not used, then the header information is simply + discarded. The header is always checked for validity, including the header + CRC if present. inflateReset() will reset the process to discard the header + information. The application would need to call inflateGetHeader() again to + retrieve the header from the next gzip stream. + + inflateGetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent. +*/ + +/* +Z_EXTERN int Z_EXPORT inflateBackInit (z_stream *strm, int windowBits, unsigned char *window); + + Initialize the internal stream state for decompression using inflateBack() + calls. The fields zalloc, zfree and opaque in strm must be initialized + before the call. If zalloc and zfree are NULL, then the default library- + derived memory allocation routines are used. windowBits is the base two + logarithm of the window size, in the range 8..15. window is a caller + supplied buffer of that size. Except for special applications where it is + assured that deflate was used with small window sizes, windowBits must be 15 + and a 32K byte window must be supplied to be able to decompress general + deflate streams. + + See inflateBack() for the usage of these routines. + + inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of + the parameters are invalid, Z_MEM_ERROR if the internal state could not be + allocated, or Z_VERSION_ERROR if the version of the library does not match + the version of the header file. +*/ + +typedef uint32_t (*in_func) (void *, z_const unsigned char * *); +typedef int (*out_func) (void *, unsigned char *, uint32_t); + +Z_EXTERN int Z_EXPORT inflateBack(z_stream *strm, in_func in, void *in_desc, out_func out, void *out_desc); +/* + inflateBack() does a raw inflate with a single call using a call-back + interface for input and output. This is potentially more efficient than + inflate() for file i/o applications, in that it avoids copying between the + output and the sliding window by simply making the window itself the output + buffer. inflate() can be faster on modern CPUs when used with large + buffers. inflateBack() trusts the application to not change the output + buffer passed by the output function, at least until inflateBack() returns. + + inflateBackInit() must be called first to allocate the internal state + and to initialize the state with the user-provided window buffer. + inflateBack() may then be used multiple times to inflate a complete, raw + deflate stream with each call. inflateBackEnd() is then called to free the + allocated state. + + A raw deflate stream is one with no zlib or gzip header or trailer. + This routine would normally be used in a utility that reads zip or gzip + files and writes out uncompressed files. The utility would decode the + header and process the trailer on its own, hence this routine expects only + the raw deflate stream to decompress. This is different from the default + behavior of inflate(), which expects a zlib header and trailer around the + deflate stream. + + inflateBack() uses two subroutines supplied by the caller that are then + called by inflateBack() for input and output. inflateBack() calls those + routines until it reads a complete deflate stream and writes out all of the + uncompressed data, or until it encounters an error. The function's + parameters and return types are defined above in the in_func and out_func + typedefs. inflateBack() will call in(in_desc, &buf) which should return the + number of bytes of provided input, and a pointer to that input in buf. If + there is no input available, in() must return zero -- buf is ignored in that + case -- and inflateBack() will return a buffer error. inflateBack() will + call out(out_desc, buf, len) to write the uncompressed data buf[0..len-1]. + out() should return zero on success, or non-zero on failure. If out() + returns non-zero, inflateBack() will return with an error. Neither in() nor + out() are permitted to change the contents of the window provided to + inflateBackInit(), which is also the buffer that out() uses to write from. + The length written by out() will be at most the window size. Any non-zero + amount of input may be provided by in(). + + For convenience, inflateBack() can be provided input on the first call by + setting strm->next_in and strm->avail_in. If that input is exhausted, then + in() will be called. Therefore strm->next_in must be initialized before + calling inflateBack(). If strm->next_in is NULL, then in() will be called + immediately for input. If strm->next_in is not NULL, then strm->avail_in + must also be initialized, and then if strm->avail_in is not zero, input will + initially be taken from strm->next_in[0 .. strm->avail_in - 1]. + + The in_desc and out_desc parameters of inflateBack() is passed as the + first parameter of in() and out() respectively when they are called. These + descriptors can be optionally used to pass any information that the caller- + supplied in() and out() functions need to do their job. + + On return, inflateBack() will set strm->next_in and strm->avail_in to + pass back any unused input that was provided by the last in() call. The + return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR + if in() or out() returned an error, Z_DATA_ERROR if there was a format error + in the deflate stream (in which case strm->msg is set to indicate the nature + of the error), or Z_STREAM_ERROR if the stream was not properly initialized. + In the case of Z_BUF_ERROR, an input or output error can be distinguished + using strm->next_in which will be NULL only if in() returned an error. If + strm->next_in is not NULL, then the Z_BUF_ERROR was due to out() returning + non-zero. (in() will always be called before out(), so strm->next_in is + assured to be defined if out() returns non-zero.) Note that inflateBack() + cannot return Z_OK. +*/ + +Z_EXTERN int Z_EXPORT inflateBackEnd(z_stream *strm); +/* + All memory allocated by inflateBackInit() is freed. + + inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream + state was inconsistent. +*/ + +Z_EXTERN unsigned long Z_EXPORT zlibCompileFlags(void); +/* Return flags indicating compile-time options. + + Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other: + 1.0: size of unsigned int + 3.2: size of unsigned long + 5.4: size of void * (pointer) + 7.6: size of z_off_t + + Compiler, assembler, and debug options: + 8: ZLIB_DEBUG + 9: ASMV or ASMINF -- use ASM code + 10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention + 11: 0 (reserved) + + One-time table building (smaller code, but not thread-safe if true): + 12: BUILDFIXED -- build static block decoding tables when needed (not supported by zlib-ng) + 13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed + 14,15: 0 (reserved) + + Library content (indicates missing functionality): + 16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking + deflate code when not needed) + 17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect + and decode gzip streams (to avoid linking crc code) + 18-19: 0 (reserved) + + Operation variations (changes in library functionality): + 20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate + 21: FASTEST -- deflate algorithm with only one, lowest compression level + 22,23: 0 (reserved) + + The sprintf variant used by gzprintf (zero is best): + 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format + 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure! + 26: 0 = returns value, 1 = void -- 1 means inferred string length returned + + Remainder: + 27-31: 0 (reserved) + */ + + +#ifndef Z_SOLO + + /* utility functions */ + +/* + The following utility functions are implemented on top of the basic + stream-oriented functions. To simplify the interface, some default options + are assumed (compression level and memory usage, standard memory allocation + functions). The source code of these utility functions can be modified if + you need special options. +*/ + +Z_EXTERN int Z_EXPORT compress(unsigned char *dest, unsigned long *destLen, const unsigned char *source, unsigned long sourceLen); +/* + Compresses the source buffer into the destination buffer. sourceLen is + the byte length of the source buffer. Upon entry, destLen is the total size + of the destination buffer, which must be at least the value returned by + compressBound(sourceLen). Upon exit, destLen is the actual size of the + compressed data. compress() is equivalent to compress2() with a level + parameter of Z_DEFAULT_COMPRESSION. + + compress returns Z_OK if success, Z_MEM_ERROR if there was not + enough memory, Z_BUF_ERROR if there was not enough room in the output + buffer. +*/ + +Z_EXTERN int Z_EXPORT compress2(unsigned char *dest, unsigned long *destLen, const unsigned char *source, + unsigned long sourceLen, int level); +/* + Compresses the source buffer into the destination buffer. The level + parameter has the same meaning as in deflateInit. sourceLen is the byte + length of the source buffer. Upon entry, destLen is the total size of the + destination buffer, which must be at least the value returned by + compressBound(sourceLen). Upon exit, destLen is the actual size of the + compressed data. + + compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough + memory, Z_BUF_ERROR if there was not enough room in the output buffer, + Z_STREAM_ERROR if the level parameter is invalid. +*/ + +Z_EXTERN unsigned long Z_EXPORT compressBound(unsigned long sourceLen); +/* + compressBound() returns an upper bound on the compressed size after + compress() or compress2() on sourceLen bytes. It would be used before a + compress() or compress2() call to allocate the destination buffer. +*/ + +Z_EXTERN int Z_EXPORT uncompress(unsigned char *dest, unsigned long *destLen, const unsigned char *source, unsigned long sourceLen); +/* + Decompresses the source buffer into the destination buffer. sourceLen is + the byte length of the source buffer. Upon entry, destLen is the total size + of the destination buffer, which must be large enough to hold the entire + uncompressed data. (The size of the uncompressed data must have been saved + previously by the compressor and transmitted to the decompressor by some + mechanism outside the scope of this compression library.) Upon exit, destLen + is the actual size of the uncompressed data. + + uncompress returns Z_OK if success, Z_MEM_ERROR if there was not + enough memory, Z_BUF_ERROR if there was not enough room in the output + buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete. In + the case where there is not enough room, uncompress() will fill the output + buffer with the uncompressed data up to that point. +*/ + + +Z_EXTERN int Z_EXPORT uncompress2 (unsigned char *dest, unsigned long *destLen, + const unsigned char *source, unsigned long *sourceLen); +/* + Same as uncompress, except that sourceLen is a pointer, where the + length of the source is *sourceLen. On return, *sourceLen is the number of + source bytes consumed. +*/ + + + /* gzip file access functions */ + +/* + This library supports reading and writing files in gzip (.gz) format with + an interface similar to that of stdio, using the functions that start with + "gz". The gzip format is different from the zlib format. gzip is a gzip + wrapper, documented in RFC 1952, wrapped around a deflate stream. +*/ + +typedef struct gzFile_s *gzFile; /* semi-opaque gzip file descriptor */ + +/* +Z_EXTERN gzFile Z_EXPORT gzopen(const char *path, const char *mode); + + Open the gzip (.gz) file at path for reading and decompressing, or + compressing and writing. The mode parameter is as in fopen ("rb" or "wb") + but can also include a compression level ("wb9") or a strategy: 'f' for + filtered data as in "wb6f", 'h' for Huffman-only compression as in "wb1h", + 'R' for run-length encoding as in "wb1R", or 'F' for fixed code compression + as in "wb9F". (See the description of deflateInit2 for more information + about the strategy parameter.) 'T' will request transparent writing or + appending with no compression and not using the gzip format. + + "a" can be used instead of "w" to request that the gzip stream that will + be written be appended to the file. "+" will result in an error, since + reading and writing to the same gzip file is not supported. The addition of + "x" when writing will create the file exclusively, which fails if the file + already exists. On systems that support it, the addition of "e" when + reading or writing will set the flag to close the file on an execve() call. + + These functions, as well as gzip, will read and decode a sequence of gzip + streams in a file. The append function of gzopen() can be used to create + such a file. (Also see gzflush() for another way to do this.) When + appending, gzopen does not test whether the file begins with a gzip stream, + nor does it look for the end of the gzip streams to begin appending. gzopen + will simply append a gzip stream to the existing file. + + gzopen can be used to read a file which is not in gzip format; in this + case gzread will directly read from the file without decompression. When + reading, this will be detected automatically by looking for the magic two- + byte gzip header. + + gzopen returns NULL if the file could not be opened, if there was + insufficient memory to allocate the gzFile state, or if an invalid mode was + specified (an 'r', 'w', or 'a' was not provided, or '+' was provided). + errno can be checked to determine if the reason gzopen failed was that the + file could not be opened. +*/ + +Z_EXTERN gzFile Z_EXPORT gzdopen(int fd, const char *mode); +/* + Associate a gzFile with the file descriptor fd. File descriptors are + obtained from calls like open, dup, creat, pipe or fileno (if the file has + been previously opened with fopen). The mode parameter is as in gzopen. + + The next call of gzclose on the returned gzFile will also close the file + descriptor fd, just like fclose(fdopen(fd, mode)) closes the file descriptor + fd. If you want to keep fd open, use fd = dup(fd_keep); gz = gzdopen(fd, + mode);. The duplicated descriptor should be saved to avoid a leak, since + gzdopen does not close fd if it fails. If you are using fileno() to get the + file descriptor from a FILE *, then you will have to use dup() to avoid + double-close()ing the file descriptor. Both gzclose() and fclose() will + close the associated file descriptor, so they need to have different file + descriptors. + + gzdopen returns NULL if there was insufficient memory to allocate the + gzFile state, if an invalid mode was specified (an 'r', 'w', or 'a' was not + provided, or '+' was provided), or if fd is -1. The file descriptor is not + used until the next gz* read, write, seek, or close operation, so gzdopen + will not detect if fd is invalid (unless fd is -1). +*/ + +Z_EXTERN int Z_EXPORT gzbuffer(gzFile file, unsigned size); +/* + Set the internal buffer size used by this library's functions for file to + size. The default buffer size is 8192 bytes. This function must be called + after gzopen() or gzdopen(), and before any other calls that read or write + the file. The buffer memory allocation is always deferred to the first read + or write. Three times that size in buffer space is allocated. A larger + buffer size of, for example, 64K or 128K bytes will noticeably increase the + speed of decompression (reading). + + The new buffer size also affects the maximum length for gzprintf(). + + gzbuffer() returns 0 on success, or -1 on failure, such as being called + too late. +*/ + +Z_EXTERN int Z_EXPORT gzsetparams(gzFile file, int level, int strategy); +/* + Dynamically update the compression level and strategy for file. See the + description of deflateInit2 for the meaning of these parameters. Previously + provided data is flushed before applying the parameter changes. + + gzsetparams returns Z_OK if success, Z_STREAM_ERROR if the file was not + opened for writing, Z_ERRNO if there is an error writing the flushed data, + or Z_MEM_ERROR if there is a memory allocation error. +*/ + +Z_EXTERN int Z_EXPORT gzread(gzFile file, void *buf, unsigned len); +/* + Read and decompress up to len uncompressed bytes from file into buf. If + the input file is not in gzip format, gzread copies the given number of + bytes into the buffer directly from the file. + + After reaching the end of a gzip stream in the input, gzread will continue + to read, looking for another gzip stream. Any number of gzip streams may be + concatenated in the input file, and will all be decompressed by gzread(). + If something other than a gzip stream is encountered after a gzip stream, + that remaining trailing garbage is ignored (and no error is returned). + + gzread can be used to read a gzip file that is being concurrently written. + Upon reaching the end of the input, gzread will return with the available + data. If the error code returned by gzerror is Z_OK or Z_BUF_ERROR, then + gzclearerr can be used to clear the end of file indicator in order to permit + gzread to be tried again. Z_OK indicates that a gzip stream was completed + on the last gzread. Z_BUF_ERROR indicates that the input file ended in the + middle of a gzip stream. Note that gzread does not return -1 in the event + of an incomplete gzip stream. This error is deferred until gzclose(), which + will return Z_BUF_ERROR if the last gzread ended in the middle of a gzip + stream. Alternatively, gzerror can be used before gzclose to detect this + case. + + gzread returns the number of uncompressed bytes actually read, less than + len for end of file, or -1 for error. If len is too large to fit in an int, + then nothing is read, -1 is returned, and the error state is set to + Z_STREAM_ERROR. +*/ + +Z_EXTERN size_t Z_EXPORT gzfread (void *buf, size_t size, size_t nitems, gzFile file); +/* + Read and decompress up to nitems items of size size from file into buf, + otherwise operating as gzread() does. This duplicates the interface of + stdio's fread(), with size_t request and return types. If the library + defines size_t, then z_size_t is identical to size_t. If not, then z_size_t + is an unsigned integer type that can contain a pointer. + + gzfread() returns the number of full items read of size size, or zero if + the end of the file was reached and a full item could not be read, or if + there was an error. gzerror() must be consulted if zero is returned in + order to determine if there was an error. If the multiplication of size and + nitems overflows, i.e. the product does not fit in a size_t, then nothing + is read, zero is returned, and the error state is set to Z_STREAM_ERROR. + + In the event that the end of file is reached and only a partial item is + available at the end, i.e. the remaining uncompressed data length is not a + multiple of size, then the final partial item is nevertheless read into buf + and the end-of-file flag is set. The length of the partial item read is not + provided, but could be inferred from the result of gztell(). This behavior + is the same as the behavior of fread() implementations in common libraries, + but it prevents the direct use of gzfread() to read a concurrently written + file, resetting and retrying on end-of-file, when size is not 1. +*/ + +Z_EXTERN int Z_EXPORT gzwrite(gzFile file, void const *buf, unsigned len); +/* + Compress and write the len uncompressed bytes at buf to file. gzwrite + returns the number of uncompressed bytes written or 0 in case of error. +*/ + +Z_EXTERN size_t Z_EXPORT gzfwrite(void const *buf, size_t size, size_t nitems, gzFile file); +/* + Compress and write nitems items of size size from buf to file, duplicating + the interface of stdio's fwrite(), with size_t request and return types. + + gzfwrite() returns the number of full items written of size size, or zero + if there was an error. If the multiplication of size and nitems overflows, + i.e. the product does not fit in a size_t, then nothing is written, zero + is returned, and the error state is set to Z_STREAM_ERROR. +*/ + +Z_EXTERN int Z_EXPORTVA gzprintf(gzFile file, const char *format, ...); +/* + Convert, format, compress, and write the arguments (...) to file under + control of the string format, as in fprintf. gzprintf returns the number of + uncompressed bytes actually written, or a negative zlib error code in case + of error. The number of uncompressed bytes written is limited to 8191, or + one less than the buffer size given to gzbuffer(). The caller should assure + that this limit is not exceeded. If it is exceeded, then gzprintf() will + return an error (0) with nothing written. In this case, there may also be a + buffer overflow with unpredictable consequences, which is possible only if + zlib was compiled with the insecure functions sprintf() or vsprintf(), + because the secure snprintf() or vsnprintf() functions were not available. + This can be determined using zlibCompileFlags(). +*/ + +Z_EXTERN int Z_EXPORT gzputs(gzFile file, const char *s); +/* + Compress and write the given null-terminated string s to file, excluding + the terminating null character. + + gzputs returns the number of characters written, or -1 in case of error. +*/ + +Z_EXTERN char * Z_EXPORT gzgets(gzFile file, char *buf, int len); +/* + Read and decompress bytes from file into buf, until len-1 characters are + read, or until a newline character is read and transferred to buf, or an + end-of-file condition is encountered. If any characters are read or if len + is one, the string is terminated with a null character. If no characters + are read due to an end-of-file or len is less than one, then the buffer is + left untouched. + + gzgets returns buf which is a null-terminated string, or it returns NULL + for end-of-file or in case of error. If there was an error, the contents at + buf are indeterminate. +*/ + +Z_EXTERN int Z_EXPORT gzputc(gzFile file, int c); +/* + Compress and write c, converted to an unsigned char, into file. gzputc + returns the value that was written, or -1 in case of error. +*/ + +Z_EXTERN int Z_EXPORT gzgetc(gzFile file); +/* + Read and decompress one byte from file. gzgetc returns this byte or -1 + in case of end of file or error. This is implemented as a macro for speed. + As such, it does not do all of the checking the other functions do. I.e. + it does not check to see if file is NULL, nor whether the structure file + points to has been clobbered or not. +*/ + +Z_EXTERN int Z_EXPORT gzungetc(int c, gzFile file); +/* + Push c back onto the stream for file to be read as the first character on + the next read. At least one character of push-back is always allowed. + gzungetc() returns the character pushed, or -1 on failure. gzungetc() will + fail if c is -1, and may fail if a character has been pushed but not read + yet. If gzungetc is used immediately after gzopen or gzdopen, at least the + output buffer size of pushed characters is allowed. (See gzbuffer above.) + The pushed character will be discarded if the stream is repositioned with + gzseek() or gzrewind(). +*/ + +Z_EXTERN int Z_EXPORT gzflush(gzFile file, int flush); +/* + Flush all pending output to file. The parameter flush is as in the + deflate() function. The return value is the zlib error number (see function + gzerror below). gzflush is only permitted when writing. + + If the flush parameter is Z_FINISH, the remaining data is written and the + gzip stream is completed in the output. If gzwrite() is called again, a new + gzip stream will be started in the output. gzread() is able to read such + concatenated gzip streams. + + gzflush should be called only when strictly necessary because it will + degrade compression if called too often. +*/ + +/* +Z_EXTERN z_off_t Z_EXPORT gzseek (gzFile file, z_off_t offset, int whence); + + Set the starting position to offset relative to whence for the next gzread + or gzwrite on file. The offset represents a number of bytes in the + uncompressed data stream. The whence parameter is defined as in lseek(2); + the value SEEK_END is not supported. + + If the file is opened for reading, this function is emulated but can be + extremely slow. If the file is opened for writing, only forward seeks are + supported; gzseek then compresses a sequence of zeroes up to the new + starting position. + + gzseek returns the resulting offset location as measured in bytes from + the beginning of the uncompressed stream, or -1 in case of error, in + particular if the file is opened for writing and the new starting position + would be before the current position. +*/ + +Z_EXTERN int Z_EXPORT gzrewind(gzFile file); +/* + Rewind file. This function is supported only for reading. + + gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET). +*/ + +/* +Z_EXTERN z_off_t Z_EXPORT gztell(gzFile file); + + Return the starting position for the next gzread or gzwrite on file. + This position represents a number of bytes in the uncompressed data stream, + and is zero when starting, even if appending or reading a gzip stream from + the middle of a file using gzdopen(). + + gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR) +*/ + +/* +Z_EXTERN z_off_t Z_EXPORT gzoffset(gzFile file); + + Return the current compressed (actual) read or write offset of file. This + offset includes the count of bytes that precede the gzip stream, for example + when appending or when using gzdopen() for reading. When reading, the + offset does not include as yet unused buffered input. This information can + be used for a progress indicator. On error, gzoffset() returns -1. +*/ + +Z_EXTERN int Z_EXPORT gzeof(gzFile file); +/* + Return true (1) if the end-of-file indicator for file has been set while + reading, false (0) otherwise. Note that the end-of-file indicator is set + only if the read tried to go past the end of the input, but came up short. + Therefore, just like feof(), gzeof() may return false even if there is no + more data to read, in the event that the last read request was for the exact + number of bytes remaining in the input file. This will happen if the input + file size is an exact multiple of the buffer size. + + If gzeof() returns true, then the read functions will return no more data, + unless the end-of-file indicator is reset by gzclearerr() and the input file + has grown since the previous end of file was detected. +*/ + +Z_EXTERN int Z_EXPORT gzdirect(gzFile file); +/* + Return true (1) if file is being copied directly while reading, or false + (0) if file is a gzip stream being decompressed. + + If the input file is empty, gzdirect() will return true, since the input + does not contain a gzip stream. + + If gzdirect() is used immediately after gzopen() or gzdopen() it will + cause buffers to be allocated to allow reading the file to determine if it + is a gzip file. Therefore if gzbuffer() is used, it should be called before + gzdirect(). + + When writing, gzdirect() returns true (1) if transparent writing was + requested ("wT" for the gzopen() mode), or false (0) otherwise. (Note: + gzdirect() is not needed when writing. Transparent writing must be + explicitly requested, so the application already knows the answer. When + linking statically, using gzdirect() will include all of the zlib code for + gzip file reading and decompression, which may not be desired.) +*/ + +Z_EXTERN int Z_EXPORT gzclose(gzFile file); +/* + Flush all pending output for file, if necessary, close file and + deallocate the (de)compression state. Note that once file is closed, you + cannot call gzerror with file, since its structures have been deallocated. + gzclose must not be called more than once on the same file, just as free + must not be called more than once on the same allocation. + + gzclose will return Z_STREAM_ERROR if file is not valid, Z_ERRNO on a + file operation error, Z_MEM_ERROR if out of memory, Z_BUF_ERROR if the + last read ended in the middle of a gzip stream, or Z_OK on success. +*/ + +Z_EXTERN int Z_EXPORT gzclose_r(gzFile file); +Z_EXTERN int Z_EXPORT gzclose_w(gzFile file); +/* + Same as gzclose(), but gzclose_r() is only for use when reading, and + gzclose_w() is only for use when writing or appending. The advantage to + using these instead of gzclose() is that they avoid linking in zlib + compression or decompression code that is not used when only reading or only + writing respectively. If gzclose() is used, then both compression and + decompression code will be included the application when linking to a static + zlib library. +*/ + +Z_EXTERN const char * Z_EXPORT gzerror(gzFile file, int *errnum); +/* + Return the error message for the last error which occurred on file. + errnum is set to zlib error number. If an error occurred in the file system + and not in the compression library, errnum is set to Z_ERRNO and the + application may consult errno to get the exact error code. + + The application must not modify the returned string. Future calls to + this function may invalidate the previously returned string. If file is + closed, then the string previously returned by gzerror will no longer be + available. + + gzerror() should be used to distinguish errors from end-of-file for those + functions above that do not distinguish those cases in their return values. +*/ + +Z_EXTERN void Z_EXPORT gzclearerr(gzFile file); +/* + Clear the error and end-of-file flags for file. This is analogous to the + clearerr() function in stdio. This is useful for continuing to read a gzip + file that is being written concurrently. +*/ + +#endif + + /* checksum functions */ + +/* + These functions are not related to compression but are exported + anyway because they might be useful in applications using the compression + library. +*/ + +Z_EXTERN unsigned long Z_EXPORT adler32(unsigned long adler, const unsigned char *buf, unsigned int len); +/* + Update a running Adler-32 checksum with the bytes buf[0..len-1] and + return the updated checksum. An Adler-32 value is in the range of a 32-bit + unsigned integer. If buf is Z_NULL, this function returns the required + initial value for the checksum. + + An Adler-32 checksum is almost as reliable as a CRC-32 but can be computed + much faster. + + Usage example: + + uint32_t adler = adler32(0L, NULL, 0); + + while (read_buffer(buffer, length) != EOF) { + adler = adler32(adler, buffer, length); + } + if (adler != original_adler) error(); +*/ + +Z_EXTERN unsigned long Z_EXPORT adler32_z(unsigned long adler, const unsigned char *buf, size_t len); +/* + Same as adler32(), but with a size_t length. +*/ + +/* +Z_EXTERN unsigned long Z_EXPORT adler32_combine(unsigned long adler1, unsigned long adler2, z_off_t len2); + + Combine two Adler-32 checksums into one. For two sequences of bytes, seq1 + and seq2 with lengths len1 and len2, Adler-32 checksums were calculated for + each, adler1 and adler2. adler32_combine() returns the Adler-32 checksum of + seq1 and seq2 concatenated, requiring only adler1, adler2, and len2. Note + that the z_off_t type (like off_t) is a signed integer. If len2 is + negative, the result has no meaning or utility. +*/ + +Z_EXTERN unsigned long Z_EXPORT crc32(unsigned long crc, const unsigned char *buf, unsigned int len); +/* + Update a running CRC-32 with the bytes buf[0..len-1] and return the + updated CRC-32. A CRC-32 value is in the range of a 32-bit unsigned integer. + If buf is Z_NULL, this function returns the required initial value for the + crc. Pre- and post-conditioning (one's complement) is performed within this + function so it shouldn't be done by the application. + + Usage example: + + uint32_t crc = crc32(0L, NULL, 0); + + while (read_buffer(buffer, length) != EOF) { + crc = crc32(crc, buffer, length); + } + if (crc != original_crc) error(); +*/ + +Z_EXTERN unsigned long Z_EXPORT crc32_z(unsigned long crc, const unsigned char *buf, size_t len); +/* + Same as crc32(), but with a size_t length. +*/ + +/* +Z_EXTERN unsigned long Z_EXPORT crc32_combine(unsigned long crc1, unsigned long crc2, z_off64_t len2); + + Combine two CRC-32 check values into one. For two sequences of bytes, + seq1 and seq2 with lengths len1 and len2, CRC-32 check values were + calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32 + check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and + len2. len2 must be non-negative. +*/ + +/* +Z_EXTERN unsigned long Z_EXPORT crc32_combine_gen(z_off_t len2); + + Return the operator corresponding to length len2, to be used with + crc32_combine_op(). len2 must be non-negative. +*/ + +Z_EXTERN unsigned long Z_EXPORT crc32_combine_op(unsigned long crc1, unsigned long crc2, + const unsigned long op); +/* + Give the same result as crc32_combine(), using op in place of len2. op is + is generated from len2 by crc32_combine_gen(). This will be faster than + crc32_combine() if the generated op is used more than once. +*/ + + + /* various hacks, don't look :) */ + +/* deflateInit and inflateInit are macros to allow checking the zlib version + * and the compiler's view of z_stream: + */ +Z_EXTERN int Z_EXPORT deflateInit_(z_stream *strm, int level, const char *version, int stream_size); +Z_EXTERN int Z_EXPORT inflateInit_(z_stream *strm, const char *version, int stream_size); +Z_EXTERN int Z_EXPORT deflateInit2_(z_stream *strm, int level, int method, int windowBits, int memLevel, + int strategy, const char *version, int stream_size); +Z_EXTERN int Z_EXPORT inflateInit2_(z_stream *strm, int windowBits, const char *version, int stream_size); +Z_EXTERN int Z_EXPORT inflateBackInit_(z_stream *strm, int windowBits, unsigned char *window, + const char *version, int stream_size); +#define deflateInit(strm, level) deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream)) +#define inflateInit(strm) inflateInit_((strm), ZLIB_VERSION, (int)sizeof(z_stream)) +#define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \ + deflateInit2_((strm), (level), (method), (windowBits), (memLevel), \ + (strategy), ZLIB_VERSION, (int)sizeof(z_stream)) +#define inflateInit2(strm, windowBits) inflateInit2_((strm), (windowBits), ZLIB_VERSION, (int)sizeof(z_stream)) +#define inflateBackInit(strm, windowBits, window) \ + inflateBackInit_((strm), (windowBits), (window), ZLIB_VERSION, (int)sizeof(z_stream)) + + +#ifndef Z_SOLO +/* gzgetc() macro and its supporting function and exposed data structure. Note + * that the real internal state is much larger than the exposed structure. + * This abbreviated structure exposes just enough for the gzgetc() macro. The + * user should not mess with these exposed elements, since their names or + * behavior could change in the future, perhaps even capriciously. They can + * only be used by the gzgetc() macro. You have been warned. + */ +struct gzFile_s { + unsigned have; + unsigned char *next; + z_off64_t pos; +}; +Z_EXTERN int Z_EXPORT gzgetc_(gzFile file); /* backward compatibility */ +# define gzgetc(g) ((g)->have ? ((g)->have--, (g)->pos++, *((g)->next)++) : (gzgetc)(g)) + +/* provide 64-bit offset functions if _LARGEFILE64_SOURCE defined, and/or + * change the regular functions to 64 bits if _FILE_OFFSET_BITS is 64 (if + * both are true, the application gets the *64 functions, and the regular + * functions are changed to 64 bits) -- in case these are set on systems + * without large file support, _LFS64_LARGEFILE must also be true + */ +#ifdef Z_LARGE64 + Z_EXTERN gzFile Z_EXPORT gzopen64(const char *, const char *); + Z_EXTERN z_off64_t Z_EXPORT gzseek64(gzFile, z_off64_t, int); + Z_EXTERN z_off64_t Z_EXPORT gztell64(gzFile); + Z_EXTERN z_off64_t Z_EXPORT gzoffset64(gzFile); + Z_EXTERN unsigned long Z_EXPORT adler32_combine64(unsigned long, unsigned long, z_off64_t); + Z_EXTERN unsigned long Z_EXPORT crc32_combine64(unsigned long, unsigned long, z_off64_t); + Z_EXTERN unsigned long Z_EXPORT crc32_combine_gen64(z_off64_t); +#endif +#endif + +#if !defined(Z_SOLO) && !defined(Z_INTERNAL) && defined(Z_WANT64) +# define gzopen gzopen64 +# define gzseek gzseek64 +# define gztell gztell64 +# define gzoffset gzoffset64 +# define adler32_combine adler32_combine64 +# define crc32_combine crc32_combine64 +# define crc32_combine_gen crc32_combine_gen64 +# ifndef Z_LARGE64 + Z_EXTERN gzFile Z_EXPORT gzopen64(const char *, const char *); + Z_EXTERN z_off_t Z_EXPORT gzseek64(gzFile, z_off_t, int); + Z_EXTERN z_off_t Z_EXPORT gztell64(gzFile); + Z_EXTERN z_off_t Z_EXPORT gzoffset64(gzFile); + Z_EXTERN unsigned long Z_EXPORT adler32_combine64(unsigned long, unsigned long, z_off_t); + Z_EXTERN unsigned long Z_EXPORT crc32_combine64(unsigned long, unsigned long, z_off_t); + Z_EXTERN unsigned long Z_EXPORT crc32_combine_gen64(z_off64_t); +# endif +#else +# ifndef Z_SOLO + Z_EXTERN gzFile Z_EXPORT gzopen(const char *, const char *); + Z_EXTERN z_off_t Z_EXPORT gzseek(gzFile, z_off_t, int); + Z_EXTERN z_off_t Z_EXPORT gztell(gzFile); + Z_EXTERN z_off_t Z_EXPORT gzoffset(gzFile); +# endif + Z_EXTERN unsigned long Z_EXPORT adler32_combine(unsigned long, unsigned long, z_off_t); + Z_EXTERN unsigned long Z_EXPORT crc32_combine(unsigned long, unsigned long, z_off_t); + Z_EXTERN unsigned long Z_EXPORT crc32_combine_gen(z_off_t); +#endif + +/* undocumented functions */ +Z_EXTERN const char * Z_EXPORT zError (int); +Z_EXTERN int Z_EXPORT inflateSyncPoint (z_stream *); +Z_EXTERN const uint32_t * Z_EXPORT get_crc_table (void); +Z_EXTERN int Z_EXPORT inflateUndermine (z_stream *, int); +Z_EXTERN int Z_EXPORT inflateValidate (z_stream *, int); +Z_EXTERN unsigned long Z_EXPORT inflateCodesUsed (z_stream *); +Z_EXTERN int Z_EXPORT inflateResetKeep (z_stream *); +Z_EXTERN int Z_EXPORT deflateResetKeep (z_stream *); + +#ifndef Z_SOLO +#if defined(_WIN32) + Z_EXTERN gzFile Z_EXPORT gzopen_w(const wchar_t *path, const char *mode); +#endif +Z_EXTERN int Z_EXPORTVA gzvprintf(gzFile file, const char *format, va_list va); +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* ZLIB_H_ */ diff --git a/includes/curl/zlib_name_mangling.h b/includes/curl/zlib_name_mangling.h new file mode 100644 index 0000000..b24cb83 --- /dev/null +++ b/includes/curl/zlib_name_mangling.h @@ -0,0 +1,8 @@ +/* zlib_name_mangling.h has been automatically generated from + * zlib_name_mangling.h.empty because ZLIB_SYMBOL_PREFIX was NOT set. + */ + +#ifndef ZLIB_NAME_MANGLING_H +#define ZLIB_NAME_MANGLING_H + +#endif /* ZLIB_NAME_MANGLING_H */ diff --git a/includes/curl/zstd.h b/includes/curl/zstd.h new file mode 100644 index 0000000..b8c0644 --- /dev/null +++ b/includes/curl/zstd.h @@ -0,0 +1,3198 @@ +/* + * Copyright (c) Meta Platforms, Inc. and affiliates. + * All rights reserved. + * + * This source code is licensed under both the BSD-style license (found in the + * LICENSE file in the root directory of this source tree) and the GPLv2 (found + * in the COPYING file in the root directory of this source tree). + * You may select, at your option, one of the above-listed licenses. + */ + +#ifndef ZSTD_H_235446 +#define ZSTD_H_235446 + + +/* ====== Dependencies ======*/ +#include /* size_t */ + +#include "zstd_errors.h" /* list of errors */ +#if defined(ZSTD_STATIC_LINKING_ONLY) && !defined(ZSTD_H_ZSTD_STATIC_LINKING_ONLY) +#include /* INT_MAX */ +#endif /* ZSTD_STATIC_LINKING_ONLY */ + +#if defined (__cplusplus) +extern "C" { +#endif + +/* ===== ZSTDLIB_API : control library symbols visibility ===== */ +#ifndef ZSTDLIB_VISIBLE + /* Backwards compatibility with old macro name */ +# ifdef ZSTDLIB_VISIBILITY +# define ZSTDLIB_VISIBLE ZSTDLIB_VISIBILITY +# elif defined(__GNUC__) && (__GNUC__ >= 4) && !defined(__MINGW32__) +# define ZSTDLIB_VISIBLE __attribute__ ((visibility ("default"))) +# else +# define ZSTDLIB_VISIBLE +# endif +#endif + +#ifndef ZSTDLIB_HIDDEN +# if defined(__GNUC__) && (__GNUC__ >= 4) && !defined(__MINGW32__) +# define ZSTDLIB_HIDDEN __attribute__ ((visibility ("hidden"))) +# else +# define ZSTDLIB_HIDDEN +# endif +#endif + +#if defined(ZSTD_DLL_EXPORT) && (ZSTD_DLL_EXPORT==1) +# define ZSTDLIB_API __declspec(dllexport) ZSTDLIB_VISIBLE +#elif defined(ZSTD_DLL_IMPORT) && (ZSTD_DLL_IMPORT==1) +# define ZSTDLIB_API __declspec(dllimport) ZSTDLIB_VISIBLE /* It isn't required but allows to generate better code, saving a function pointer load from the IAT and an indirect jump.*/ +#else +# define ZSTDLIB_API ZSTDLIB_VISIBLE +#endif + +/* Deprecation warnings : + * Should these warnings be a problem, it is generally possible to disable them, + * typically with -Wno-deprecated-declarations for gcc or _CRT_SECURE_NO_WARNINGS in Visual. + * Otherwise, it's also possible to define ZSTD_DISABLE_DEPRECATE_WARNINGS. + */ +#ifdef ZSTD_DISABLE_DEPRECATE_WARNINGS +# define ZSTD_DEPRECATED(message) /* disable deprecation warnings */ +#else +# if defined (__cplusplus) && (__cplusplus >= 201402) /* C++14 or greater */ +# define ZSTD_DEPRECATED(message) [[deprecated(message)]] +# elif (defined(GNUC) && (GNUC > 4 || (GNUC == 4 && GNUC_MINOR >= 5))) || defined(__clang__) || defined(__IAR_SYSTEMS_ICC__) +# define ZSTD_DEPRECATED(message) __attribute__((deprecated(message))) +# elif defined(__GNUC__) && (__GNUC__ >= 3) +# define ZSTD_DEPRECATED(message) __attribute__((deprecated)) +# elif defined(_MSC_VER) +# define ZSTD_DEPRECATED(message) __declspec(deprecated(message)) +# else +# pragma message("WARNING: You need to implement ZSTD_DEPRECATED for this compiler") +# define ZSTD_DEPRECATED(message) +# endif +#endif /* ZSTD_DISABLE_DEPRECATE_WARNINGS */ + + +/******************************************************************************* + Introduction + + zstd, short for Zstandard, is a fast lossless compression algorithm, targeting + real-time compression scenarios at zlib-level and better compression ratios. + The zstd compression library provides in-memory compression and decompression + functions. + + The library supports regular compression levels from 1 up to ZSTD_maxCLevel(), + which is currently 22. Levels >= 20, labeled `--ultra`, should be used with + caution, as they require more memory. The library also offers negative + compression levels, which extend the range of speed vs. ratio preferences. + The lower the level, the faster the speed (at the cost of compression). + + Compression can be done in: + - a single step (described as Simple API) + - a single step, reusing a context (described as Explicit context) + - unbounded multiple steps (described as Streaming compression) + + The compression ratio achievable on small data can be highly improved using + a dictionary. Dictionary compression can be performed in: + - a single step (described as Simple dictionary API) + - a single step, reusing a dictionary (described as Bulk-processing + dictionary API) + + Advanced experimental functions can be accessed using + `#define ZSTD_STATIC_LINKING_ONLY` before including zstd.h. + + Advanced experimental APIs should never be used with a dynamically-linked + library. They are not "stable"; their definitions or signatures may change in + the future. Only static linking is allowed. +*******************************************************************************/ + +/*------ Version ------*/ +#define ZSTD_VERSION_MAJOR 1 +#define ZSTD_VERSION_MINOR 5 +#define ZSTD_VERSION_RELEASE 7 +#define ZSTD_VERSION_NUMBER (ZSTD_VERSION_MAJOR *100*100 + ZSTD_VERSION_MINOR *100 + ZSTD_VERSION_RELEASE) + +/*! ZSTD_versionNumber() : + * Return runtime library version, the value is (MAJOR*100*100 + MINOR*100 + RELEASE). */ +ZSTDLIB_API unsigned ZSTD_versionNumber(void); + +#define ZSTD_LIB_VERSION ZSTD_VERSION_MAJOR.ZSTD_VERSION_MINOR.ZSTD_VERSION_RELEASE +#define ZSTD_QUOTE(str) #str +#define ZSTD_EXPAND_AND_QUOTE(str) ZSTD_QUOTE(str) +#define ZSTD_VERSION_STRING ZSTD_EXPAND_AND_QUOTE(ZSTD_LIB_VERSION) + +/*! ZSTD_versionString() : + * Return runtime library version, like "1.4.5". Requires v1.3.0+. */ +ZSTDLIB_API const char* ZSTD_versionString(void); + +/* ************************************* + * Default constant + ***************************************/ +#ifndef ZSTD_CLEVEL_DEFAULT +# define ZSTD_CLEVEL_DEFAULT 3 +#endif + +/* ************************************* + * Constants + ***************************************/ + +/* All magic numbers are supposed read/written to/from files/memory using little-endian convention */ +#define ZSTD_MAGICNUMBER 0xFD2FB528 /* valid since v0.8.0 */ +#define ZSTD_MAGIC_DICTIONARY 0xEC30A437 /* valid since v0.7.0 */ +#define ZSTD_MAGIC_SKIPPABLE_START 0x184D2A50 /* all 16 values, from 0x184D2A50 to 0x184D2A5F, signal the beginning of a skippable frame */ +#define ZSTD_MAGIC_SKIPPABLE_MASK 0xFFFFFFF0 + +#define ZSTD_BLOCKSIZELOG_MAX 17 +#define ZSTD_BLOCKSIZE_MAX (1<= ZSTD_compressBound(srcSize)` guarantees that zstd will have + * enough space to successfully compress the data. + * @return : compressed size written into `dst` (<= `dstCapacity), + * or an error code if it fails (which can be tested using ZSTD_isError()). */ +ZSTDLIB_API size_t ZSTD_compress( void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + int compressionLevel); + +/*! ZSTD_decompress() : + * `compressedSize` : must be the _exact_ size of some number of compressed and/or skippable frames. + * Multiple compressed frames can be decompressed at once with this method. + * The result will be the concatenation of all decompressed frames, back to back. + * `dstCapacity` is an upper bound of originalSize to regenerate. + * First frame's decompressed size can be extracted using ZSTD_getFrameContentSize(). + * If maximum upper bound isn't known, prefer using streaming mode to decompress data. + * @return : the number of bytes decompressed into `dst` (<= `dstCapacity`), + * or an errorCode if it fails (which can be tested using ZSTD_isError()). */ +ZSTDLIB_API size_t ZSTD_decompress( void* dst, size_t dstCapacity, + const void* src, size_t compressedSize); + + +/*====== Decompression helper functions ======*/ + +/*! ZSTD_getFrameContentSize() : requires v1.3.0+ + * `src` should point to the start of a ZSTD encoded frame. + * `srcSize` must be at least as large as the frame header. + * hint : any size >= `ZSTD_frameHeaderSize_max` is large enough. + * @return : - decompressed size of `src` frame content, if known + * - ZSTD_CONTENTSIZE_UNKNOWN if the size cannot be determined + * - ZSTD_CONTENTSIZE_ERROR if an error occurred (e.g. invalid magic number, srcSize too small) + * note 1 : a 0 return value means the frame is valid but "empty". + * When invoking this method on a skippable frame, it will return 0. + * note 2 : decompressed size is an optional field, it may not be present (typically in streaming mode). + * When `return==ZSTD_CONTENTSIZE_UNKNOWN`, data to decompress could be any size. + * In which case, it's necessary to use streaming mode to decompress data. + * Optionally, application can rely on some implicit limit, + * as ZSTD_decompress() only needs an upper bound of decompressed size. + * (For example, data could be necessarily cut into blocks <= 16 KB). + * note 3 : decompressed size is always present when compression is completed using single-pass functions, + * such as ZSTD_compress(), ZSTD_compressCCtx() ZSTD_compress_usingDict() or ZSTD_compress_usingCDict(). + * note 4 : decompressed size can be very large (64-bits value), + * potentially larger than what local system can handle as a single memory segment. + * In which case, it's necessary to use streaming mode to decompress data. + * note 5 : If source is untrusted, decompressed size could be wrong or intentionally modified. + * Always ensure return value fits within application's authorized limits. + * Each application can set its own limits. + * note 6 : This function replaces ZSTD_getDecompressedSize() */ +#define ZSTD_CONTENTSIZE_UNKNOWN (0ULL - 1) +#define ZSTD_CONTENTSIZE_ERROR (0ULL - 2) +ZSTDLIB_API unsigned long long ZSTD_getFrameContentSize(const void *src, size_t srcSize); + +/*! ZSTD_getDecompressedSize() (obsolete): + * This function is now obsolete, in favor of ZSTD_getFrameContentSize(). + * Both functions work the same way, but ZSTD_getDecompressedSize() blends + * "empty", "unknown" and "error" results to the same return value (0), + * while ZSTD_getFrameContentSize() gives them separate return values. + * @return : decompressed size of `src` frame content _if known and not empty_, 0 otherwise. */ +ZSTD_DEPRECATED("Replaced by ZSTD_getFrameContentSize") +ZSTDLIB_API unsigned long long ZSTD_getDecompressedSize(const void* src, size_t srcSize); + +/*! ZSTD_findFrameCompressedSize() : Requires v1.4.0+ + * `src` should point to the start of a ZSTD frame or skippable frame. + * `srcSize` must be >= first frame size + * @return : the compressed size of the first frame starting at `src`, + * suitable to pass as `srcSize` to `ZSTD_decompress` or similar, + * or an error code if input is invalid + * Note 1: this method is called _find*() because it's not enough to read the header, + * it may have to scan through the frame's content, to reach its end. + * Note 2: this method also works with Skippable Frames. In which case, + * it returns the size of the complete skippable frame, + * which is always equal to its content size + 8 bytes for headers. */ +ZSTDLIB_API size_t ZSTD_findFrameCompressedSize(const void* src, size_t srcSize); + + +/*====== Compression helper functions ======*/ + +/*! ZSTD_compressBound() : + * maximum compressed size in worst case single-pass scenario. + * When invoking `ZSTD_compress()`, or any other one-pass compression function, + * it's recommended to provide @dstCapacity >= ZSTD_compressBound(srcSize) + * as it eliminates one potential failure scenario, + * aka not enough room in dst buffer to write the compressed frame. + * Note : ZSTD_compressBound() itself can fail, if @srcSize >= ZSTD_MAX_INPUT_SIZE . + * In which case, ZSTD_compressBound() will return an error code + * which can be tested using ZSTD_isError(). + * + * ZSTD_COMPRESSBOUND() : + * same as ZSTD_compressBound(), but as a macro. + * It can be used to produce constants, which can be useful for static allocation, + * for example to size a static array on stack. + * Will produce constant value 0 if srcSize is too large. + */ +#define ZSTD_MAX_INPUT_SIZE ((sizeof(size_t)==8) ? 0xFF00FF00FF00FF00ULL : 0xFF00FF00U) +#define ZSTD_COMPRESSBOUND(srcSize) (((size_t)(srcSize) >= ZSTD_MAX_INPUT_SIZE) ? 0 : (srcSize) + ((srcSize)>>8) + (((srcSize) < (128<<10)) ? (((128<<10) - (srcSize)) >> 11) /* margin, from 64 to 0 */ : 0)) /* this formula ensures that bound(A) + bound(B) <= bound(A+B) as long as A and B >= 128 KB */ +ZSTDLIB_API size_t ZSTD_compressBound(size_t srcSize); /*!< maximum compressed size in worst case single-pass scenario */ + + +/*====== Error helper functions ======*/ +/* ZSTD_isError() : + * Most ZSTD_* functions returning a size_t value can be tested for error, + * using ZSTD_isError(). + * @return 1 if error, 0 otherwise + */ +ZSTDLIB_API unsigned ZSTD_isError(size_t result); /*!< tells if a `size_t` function result is an error code */ +ZSTDLIB_API ZSTD_ErrorCode ZSTD_getErrorCode(size_t functionResult); /* convert a result into an error code, which can be compared to error enum list */ +ZSTDLIB_API const char* ZSTD_getErrorName(size_t result); /*!< provides readable string from a function result */ +ZSTDLIB_API int ZSTD_minCLevel(void); /*!< minimum negative compression level allowed, requires v1.4.0+ */ +ZSTDLIB_API int ZSTD_maxCLevel(void); /*!< maximum compression level available */ +ZSTDLIB_API int ZSTD_defaultCLevel(void); /*!< default compression level, specified by ZSTD_CLEVEL_DEFAULT, requires v1.5.0+ */ + + +/*************************************** +* Explicit context +***************************************/ +/*= Compression context + * When compressing many times, + * it is recommended to allocate a compression context just once, + * and reuse it for each successive compression operation. + * This will make the workload easier for system's memory. + * Note : re-using context is just a speed / resource optimization. + * It doesn't change the compression ratio, which remains identical. + * Note 2: For parallel execution in multi-threaded environments, + * use one different context per thread . + */ +typedef struct ZSTD_CCtx_s ZSTD_CCtx; +ZSTDLIB_API ZSTD_CCtx* ZSTD_createCCtx(void); +ZSTDLIB_API size_t ZSTD_freeCCtx(ZSTD_CCtx* cctx); /* compatible with NULL pointer */ + +/*! ZSTD_compressCCtx() : + * Same as ZSTD_compress(), using an explicit ZSTD_CCtx. + * Important : in order to mirror `ZSTD_compress()` behavior, + * this function compresses at the requested compression level, + * __ignoring any other advanced parameter__ . + * If any advanced parameter was set using the advanced API, + * they will all be reset. Only @compressionLevel remains. + */ +ZSTDLIB_API size_t ZSTD_compressCCtx(ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + int compressionLevel); + +/*= Decompression context + * When decompressing many times, + * it is recommended to allocate a context only once, + * and reuse it for each successive compression operation. + * This will make workload friendlier for system's memory. + * Use one context per thread for parallel execution. */ +typedef struct ZSTD_DCtx_s ZSTD_DCtx; +ZSTDLIB_API ZSTD_DCtx* ZSTD_createDCtx(void); +ZSTDLIB_API size_t ZSTD_freeDCtx(ZSTD_DCtx* dctx); /* accept NULL pointer */ + +/*! ZSTD_decompressDCtx() : + * Same as ZSTD_decompress(), + * requires an allocated ZSTD_DCtx. + * Compatible with sticky parameters (see below). + */ +ZSTDLIB_API size_t ZSTD_decompressDCtx(ZSTD_DCtx* dctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize); + + +/********************************************* +* Advanced compression API (Requires v1.4.0+) +**********************************************/ + +/* API design : + * Parameters are pushed one by one into an existing context, + * using ZSTD_CCtx_set*() functions. + * Pushed parameters are sticky : they are valid for next compressed frame, and any subsequent frame. + * "sticky" parameters are applicable to `ZSTD_compress2()` and `ZSTD_compressStream*()` ! + * __They do not apply to one-shot variants such as ZSTD_compressCCtx()__ . + * + * It's possible to reset all parameters to "default" using ZSTD_CCtx_reset(). + * + * This API supersedes all other "advanced" API entry points in the experimental section. + * In the future, we expect to remove API entry points from experimental which are redundant with this API. + */ + + +/* Compression strategies, listed from fastest to strongest */ +typedef enum { ZSTD_fast=1, + ZSTD_dfast=2, + ZSTD_greedy=3, + ZSTD_lazy=4, + ZSTD_lazy2=5, + ZSTD_btlazy2=6, + ZSTD_btopt=7, + ZSTD_btultra=8, + ZSTD_btultra2=9 + /* note : new strategies _might_ be added in the future. + Only the order (from fast to strong) is guaranteed */ +} ZSTD_strategy; + +typedef enum { + + /* compression parameters + * Note: When compressing with a ZSTD_CDict these parameters are superseded + * by the parameters used to construct the ZSTD_CDict. + * See ZSTD_CCtx_refCDict() for more info (superseded-by-cdict). */ + ZSTD_c_compressionLevel=100, /* Set compression parameters according to pre-defined cLevel table. + * Note that exact compression parameters are dynamically determined, + * depending on both compression level and srcSize (when known). + * Default level is ZSTD_CLEVEL_DEFAULT==3. + * Special: value 0 means default, which is controlled by ZSTD_CLEVEL_DEFAULT. + * Note 1 : it's possible to pass a negative compression level. + * Note 2 : setting a level does not automatically set all other compression parameters + * to default. Setting this will however eventually dynamically impact the compression + * parameters which have not been manually set. The manually set + * ones will 'stick'. */ + /* Advanced compression parameters : + * It's possible to pin down compression parameters to some specific values. + * In which case, these values are no longer dynamically selected by the compressor */ + ZSTD_c_windowLog=101, /* Maximum allowed back-reference distance, expressed as power of 2. + * This will set a memory budget for streaming decompression, + * with larger values requiring more memory + * and typically compressing more. + * Must be clamped between ZSTD_WINDOWLOG_MIN and ZSTD_WINDOWLOG_MAX. + * Special: value 0 means "use default windowLog". + * Note: Using a windowLog greater than ZSTD_WINDOWLOG_LIMIT_DEFAULT + * requires explicitly allowing such size at streaming decompression stage. */ + ZSTD_c_hashLog=102, /* Size of the initial probe table, as a power of 2. + * Resulting memory usage is (1 << (hashLog+2)). + * Must be clamped between ZSTD_HASHLOG_MIN and ZSTD_HASHLOG_MAX. + * Larger tables improve compression ratio of strategies <= dFast, + * and improve speed of strategies > dFast. + * Special: value 0 means "use default hashLog". */ + ZSTD_c_chainLog=103, /* Size of the multi-probe search table, as a power of 2. + * Resulting memory usage is (1 << (chainLog+2)). + * Must be clamped between ZSTD_CHAINLOG_MIN and ZSTD_CHAINLOG_MAX. + * Larger tables result in better and slower compression. + * This parameter is useless for "fast" strategy. + * It's still useful when using "dfast" strategy, + * in which case it defines a secondary probe table. + * Special: value 0 means "use default chainLog". */ + ZSTD_c_searchLog=104, /* Number of search attempts, as a power of 2. + * More attempts result in better and slower compression. + * This parameter is useless for "fast" and "dFast" strategies. + * Special: value 0 means "use default searchLog". */ + ZSTD_c_minMatch=105, /* Minimum size of searched matches. + * Note that Zstandard can still find matches of smaller size, + * it just tweaks its search algorithm to look for this size and larger. + * Larger values increase compression and decompression speed, but decrease ratio. + * Must be clamped between ZSTD_MINMATCH_MIN and ZSTD_MINMATCH_MAX. + * Note that currently, for all strategies < btopt, effective minimum is 4. + * , for all strategies > fast, effective maximum is 6. + * Special: value 0 means "use default minMatchLength". */ + ZSTD_c_targetLength=106, /* Impact of this field depends on strategy. + * For strategies btopt, btultra & btultra2: + * Length of Match considered "good enough" to stop search. + * Larger values make compression stronger, and slower. + * For strategy fast: + * Distance between match sampling. + * Larger values make compression faster, and weaker. + * Special: value 0 means "use default targetLength". */ + ZSTD_c_strategy=107, /* See ZSTD_strategy enum definition. + * The higher the value of selected strategy, the more complex it is, + * resulting in stronger and slower compression. + * Special: value 0 means "use default strategy". */ + + ZSTD_c_targetCBlockSize=130, /* v1.5.6+ + * Attempts to fit compressed block size into approximately targetCBlockSize. + * Bound by ZSTD_TARGETCBLOCKSIZE_MIN and ZSTD_TARGETCBLOCKSIZE_MAX. + * Note that it's not a guarantee, just a convergence target (default:0). + * No target when targetCBlockSize == 0. + * This is helpful in low bandwidth streaming environments to improve end-to-end latency, + * when a client can make use of partial documents (a prominent example being Chrome). + * Note: this parameter is stable since v1.5.6. + * It was present as an experimental parameter in earlier versions, + * but it's not recommended using it with earlier library versions + * due to massive performance regressions. + */ + /* LDM mode parameters */ + ZSTD_c_enableLongDistanceMatching=160, /* Enable long distance matching. + * This parameter is designed to improve compression ratio + * for large inputs, by finding large matches at long distance. + * It increases memory usage and window size. + * Note: enabling this parameter increases default ZSTD_c_windowLog to 128 MB + * except when expressly set to a different value. + * Note: will be enabled by default if ZSTD_c_windowLog >= 128 MB and + * compression strategy >= ZSTD_btopt (== compression level 16+) */ + ZSTD_c_ldmHashLog=161, /* Size of the table for long distance matching, as a power of 2. + * Larger values increase memory usage and compression ratio, + * but decrease compression speed. + * Must be clamped between ZSTD_HASHLOG_MIN and ZSTD_HASHLOG_MAX + * default: windowlog - 7. + * Special: value 0 means "automatically determine hashlog". */ + ZSTD_c_ldmMinMatch=162, /* Minimum match size for long distance matcher. + * Larger/too small values usually decrease compression ratio. + * Must be clamped between ZSTD_LDM_MINMATCH_MIN and ZSTD_LDM_MINMATCH_MAX. + * Special: value 0 means "use default value" (default: 64). */ + ZSTD_c_ldmBucketSizeLog=163, /* Log size of each bucket in the LDM hash table for collision resolution. + * Larger values improve collision resolution but decrease compression speed. + * The maximum value is ZSTD_LDM_BUCKETSIZELOG_MAX. + * Special: value 0 means "use default value" (default: 3). */ + ZSTD_c_ldmHashRateLog=164, /* Frequency of inserting/looking up entries into the LDM hash table. + * Must be clamped between 0 and (ZSTD_WINDOWLOG_MAX - ZSTD_HASHLOG_MIN). + * Default is MAX(0, (windowLog - ldmHashLog)), optimizing hash table usage. + * Larger values improve compression speed. + * Deviating far from default value will likely result in a compression ratio decrease. + * Special: value 0 means "automatically determine hashRateLog". */ + + /* frame parameters */ + ZSTD_c_contentSizeFlag=200, /* Content size will be written into frame header _whenever known_ (default:1) + * Content size must be known at the beginning of compression. + * This is automatically the case when using ZSTD_compress2(), + * For streaming scenarios, content size must be provided with ZSTD_CCtx_setPledgedSrcSize() */ + ZSTD_c_checksumFlag=201, /* A 32-bits checksum of content is written at end of frame (default:0) */ + ZSTD_c_dictIDFlag=202, /* When applicable, dictionary's ID is written into frame header (default:1) */ + + /* multi-threading parameters */ + /* These parameters are only active if multi-threading is enabled (compiled with build macro ZSTD_MULTITHREAD). + * Otherwise, trying to set any other value than default (0) will be a no-op and return an error. + * In a situation where it's unknown if the linked library supports multi-threading or not, + * setting ZSTD_c_nbWorkers to any value >= 1 and consulting the return value provides a quick way to check this property. + */ + ZSTD_c_nbWorkers=400, /* Select how many threads will be spawned to compress in parallel. + * When nbWorkers >= 1, triggers asynchronous mode when invoking ZSTD_compressStream*() : + * ZSTD_compressStream*() consumes input and flush output if possible, but immediately gives back control to caller, + * while compression is performed in parallel, within worker thread(s). + * (note : a strong exception to this rule is when first invocation of ZSTD_compressStream2() sets ZSTD_e_end : + * in which case, ZSTD_compressStream2() delegates to ZSTD_compress2(), which is always a blocking call). + * More workers improve speed, but also increase memory usage. + * Default value is `0`, aka "single-threaded mode" : no worker is spawned, + * compression is performed inside Caller's thread, and all invocations are blocking */ + ZSTD_c_jobSize=401, /* Size of a compression job. This value is enforced only when nbWorkers >= 1. + * Each compression job is completed in parallel, so this value can indirectly impact the nb of active threads. + * 0 means default, which is dynamically determined based on compression parameters. + * Job size must be a minimum of overlap size, or ZSTDMT_JOBSIZE_MIN (= 512 KB), whichever is largest. + * The minimum size is automatically and transparently enforced. */ + ZSTD_c_overlapLog=402, /* Control the overlap size, as a fraction of window size. + * The overlap size is an amount of data reloaded from previous job at the beginning of a new job. + * It helps preserve compression ratio, while each job is compressed in parallel. + * This value is enforced only when nbWorkers >= 1. + * Larger values increase compression ratio, but decrease speed. + * Possible values range from 0 to 9 : + * - 0 means "default" : value will be determined by the library, depending on strategy + * - 1 means "no overlap" + * - 9 means "full overlap", using a full window size. + * Each intermediate rank increases/decreases load size by a factor 2 : + * 9: full window; 8: w/2; 7: w/4; 6: w/8; 5:w/16; 4: w/32; 3:w/64; 2:w/128; 1:no overlap; 0:default + * default value varies between 6 and 9, depending on strategy */ + + /* note : additional experimental parameters are also available + * within the experimental section of the API. + * At the time of this writing, they include : + * ZSTD_c_rsyncable + * ZSTD_c_format + * ZSTD_c_forceMaxWindow + * ZSTD_c_forceAttachDict + * ZSTD_c_literalCompressionMode + * ZSTD_c_srcSizeHint + * ZSTD_c_enableDedicatedDictSearch + * ZSTD_c_stableInBuffer + * ZSTD_c_stableOutBuffer + * ZSTD_c_blockDelimiters + * ZSTD_c_validateSequences + * ZSTD_c_blockSplitterLevel + * ZSTD_c_splitAfterSequences + * ZSTD_c_useRowMatchFinder + * ZSTD_c_prefetchCDictTables + * ZSTD_c_enableSeqProducerFallback + * ZSTD_c_maxBlockSize + * Because they are not stable, it's necessary to define ZSTD_STATIC_LINKING_ONLY to access them. + * note : never ever use experimentalParam? names directly; + * also, the enums values themselves are unstable and can still change. + */ + ZSTD_c_experimentalParam1=500, + ZSTD_c_experimentalParam2=10, + ZSTD_c_experimentalParam3=1000, + ZSTD_c_experimentalParam4=1001, + ZSTD_c_experimentalParam5=1002, + /* was ZSTD_c_experimentalParam6=1003; is now ZSTD_c_targetCBlockSize */ + ZSTD_c_experimentalParam7=1004, + ZSTD_c_experimentalParam8=1005, + ZSTD_c_experimentalParam9=1006, + ZSTD_c_experimentalParam10=1007, + ZSTD_c_experimentalParam11=1008, + ZSTD_c_experimentalParam12=1009, + ZSTD_c_experimentalParam13=1010, + ZSTD_c_experimentalParam14=1011, + ZSTD_c_experimentalParam15=1012, + ZSTD_c_experimentalParam16=1013, + ZSTD_c_experimentalParam17=1014, + ZSTD_c_experimentalParam18=1015, + ZSTD_c_experimentalParam19=1016, + ZSTD_c_experimentalParam20=1017 +} ZSTD_cParameter; + +typedef struct { + size_t error; + int lowerBound; + int upperBound; +} ZSTD_bounds; + +/*! ZSTD_cParam_getBounds() : + * All parameters must belong to an interval with lower and upper bounds, + * otherwise they will either trigger an error or be automatically clamped. + * @return : a structure, ZSTD_bounds, which contains + * - an error status field, which must be tested using ZSTD_isError() + * - lower and upper bounds, both inclusive + */ +ZSTDLIB_API ZSTD_bounds ZSTD_cParam_getBounds(ZSTD_cParameter cParam); + +/*! ZSTD_CCtx_setParameter() : + * Set one compression parameter, selected by enum ZSTD_cParameter. + * All parameters have valid bounds. Bounds can be queried using ZSTD_cParam_getBounds(). + * Providing a value beyond bound will either clamp it, or trigger an error (depending on parameter). + * Setting a parameter is generally only possible during frame initialization (before starting compression). + * Exception : when using multi-threading mode (nbWorkers >= 1), + * the following parameters can be updated _during_ compression (within same frame): + * => compressionLevel, hashLog, chainLog, searchLog, minMatch, targetLength and strategy. + * new parameters will be active for next job only (after a flush()). + * @return : an error code (which can be tested using ZSTD_isError()). + */ +ZSTDLIB_API size_t ZSTD_CCtx_setParameter(ZSTD_CCtx* cctx, ZSTD_cParameter param, int value); + +/*! ZSTD_CCtx_setPledgedSrcSize() : + * Total input data size to be compressed as a single frame. + * Value will be written in frame header, unless if explicitly forbidden using ZSTD_c_contentSizeFlag. + * This value will also be controlled at end of frame, and trigger an error if not respected. + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + * Note 1 : pledgedSrcSize==0 actually means zero, aka an empty frame. + * In order to mean "unknown content size", pass constant ZSTD_CONTENTSIZE_UNKNOWN. + * ZSTD_CONTENTSIZE_UNKNOWN is default value for any new frame. + * Note 2 : pledgedSrcSize is only valid once, for the next frame. + * It's discarded at the end of the frame, and replaced by ZSTD_CONTENTSIZE_UNKNOWN. + * Note 3 : Whenever all input data is provided and consumed in a single round, + * for example with ZSTD_compress2(), + * or invoking immediately ZSTD_compressStream2(,,,ZSTD_e_end), + * this value is automatically overridden by srcSize instead. + */ +ZSTDLIB_API size_t ZSTD_CCtx_setPledgedSrcSize(ZSTD_CCtx* cctx, unsigned long long pledgedSrcSize); + +typedef enum { + ZSTD_reset_session_only = 1, + ZSTD_reset_parameters = 2, + ZSTD_reset_session_and_parameters = 3 +} ZSTD_ResetDirective; + +/*! ZSTD_CCtx_reset() : + * There are 2 different things that can be reset, independently or jointly : + * - The session : will stop compressing current frame, and make CCtx ready to start a new one. + * Useful after an error, or to interrupt any ongoing compression. + * Any internal data not yet flushed is cancelled. + * Compression parameters and dictionary remain unchanged. + * They will be used to compress next frame. + * Resetting session never fails. + * - The parameters : changes all parameters back to "default". + * This also removes any reference to any dictionary or external sequence producer. + * Parameters can only be changed between 2 sessions (i.e. no compression is currently ongoing) + * otherwise the reset fails, and function returns an error value (which can be tested using ZSTD_isError()) + * - Both : similar to resetting the session, followed by resetting parameters. + */ +ZSTDLIB_API size_t ZSTD_CCtx_reset(ZSTD_CCtx* cctx, ZSTD_ResetDirective reset); + +/*! ZSTD_compress2() : + * Behave the same as ZSTD_compressCCtx(), but compression parameters are set using the advanced API. + * (note that this entry point doesn't even expose a compression level parameter). + * ZSTD_compress2() always starts a new frame. + * Should cctx hold data from a previously unfinished frame, everything about it is forgotten. + * - Compression parameters are pushed into CCtx before starting compression, using ZSTD_CCtx_set*() + * - The function is always blocking, returns when compression is completed. + * NOTE: Providing `dstCapacity >= ZSTD_compressBound(srcSize)` guarantees that zstd will have + * enough space to successfully compress the data, though it is possible it fails for other reasons. + * @return : compressed size written into `dst` (<= `dstCapacity), + * or an error code if it fails (which can be tested using ZSTD_isError()). + */ +ZSTDLIB_API size_t ZSTD_compress2( ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize); + + +/*********************************************** +* Advanced decompression API (Requires v1.4.0+) +************************************************/ + +/* The advanced API pushes parameters one by one into an existing DCtx context. + * Parameters are sticky, and remain valid for all following frames + * using the same DCtx context. + * It's possible to reset parameters to default values using ZSTD_DCtx_reset(). + * Note : This API is compatible with existing ZSTD_decompressDCtx() and ZSTD_decompressStream(). + * Therefore, no new decompression function is necessary. + */ + +typedef enum { + + ZSTD_d_windowLogMax=100, /* Select a size limit (in power of 2) beyond which + * the streaming API will refuse to allocate memory buffer + * in order to protect the host from unreasonable memory requirements. + * This parameter is only useful in streaming mode, since no internal buffer is allocated in single-pass mode. + * By default, a decompression context accepts window sizes <= (1 << ZSTD_WINDOWLOG_LIMIT_DEFAULT). + * Special: value 0 means "use default maximum windowLog". */ + + /* note : additional experimental parameters are also available + * within the experimental section of the API. + * At the time of this writing, they include : + * ZSTD_d_format + * ZSTD_d_stableOutBuffer + * ZSTD_d_forceIgnoreChecksum + * ZSTD_d_refMultipleDDicts + * ZSTD_d_disableHuffmanAssembly + * ZSTD_d_maxBlockSize + * Because they are not stable, it's necessary to define ZSTD_STATIC_LINKING_ONLY to access them. + * note : never ever use experimentalParam? names directly + */ + ZSTD_d_experimentalParam1=1000, + ZSTD_d_experimentalParam2=1001, + ZSTD_d_experimentalParam3=1002, + ZSTD_d_experimentalParam4=1003, + ZSTD_d_experimentalParam5=1004, + ZSTD_d_experimentalParam6=1005 + +} ZSTD_dParameter; + +/*! ZSTD_dParam_getBounds() : + * All parameters must belong to an interval with lower and upper bounds, + * otherwise they will either trigger an error or be automatically clamped. + * @return : a structure, ZSTD_bounds, which contains + * - an error status field, which must be tested using ZSTD_isError() + * - both lower and upper bounds, inclusive + */ +ZSTDLIB_API ZSTD_bounds ZSTD_dParam_getBounds(ZSTD_dParameter dParam); + +/*! ZSTD_DCtx_setParameter() : + * Set one compression parameter, selected by enum ZSTD_dParameter. + * All parameters have valid bounds. Bounds can be queried using ZSTD_dParam_getBounds(). + * Providing a value beyond bound will either clamp it, or trigger an error (depending on parameter). + * Setting a parameter is only possible during frame initialization (before starting decompression). + * @return : 0, or an error code (which can be tested using ZSTD_isError()). + */ +ZSTDLIB_API size_t ZSTD_DCtx_setParameter(ZSTD_DCtx* dctx, ZSTD_dParameter param, int value); + +/*! ZSTD_DCtx_reset() : + * Return a DCtx to clean state. + * Session and parameters can be reset jointly or separately. + * Parameters can only be reset when no active frame is being decompressed. + * @return : 0, or an error code, which can be tested with ZSTD_isError() + */ +ZSTDLIB_API size_t ZSTD_DCtx_reset(ZSTD_DCtx* dctx, ZSTD_ResetDirective reset); + + +/**************************** +* Streaming +****************************/ + +typedef struct ZSTD_inBuffer_s { + const void* src; /**< start of input buffer */ + size_t size; /**< size of input buffer */ + size_t pos; /**< position where reading stopped. Will be updated. Necessarily 0 <= pos <= size */ +} ZSTD_inBuffer; + +typedef struct ZSTD_outBuffer_s { + void* dst; /**< start of output buffer */ + size_t size; /**< size of output buffer */ + size_t pos; /**< position where writing stopped. Will be updated. Necessarily 0 <= pos <= size */ +} ZSTD_outBuffer; + + + +/*-*********************************************************************** +* Streaming compression - HowTo +* +* A ZSTD_CStream object is required to track streaming operation. +* Use ZSTD_createCStream() and ZSTD_freeCStream() to create/release resources. +* ZSTD_CStream objects can be reused multiple times on consecutive compression operations. +* It is recommended to reuse ZSTD_CStream since it will play nicer with system's memory, by re-using already allocated memory. +* +* For parallel execution, use one separate ZSTD_CStream per thread. +* +* note : since v1.3.0, ZSTD_CStream and ZSTD_CCtx are the same thing. +* +* Parameters are sticky : when starting a new compression on the same context, +* it will reuse the same sticky parameters as previous compression session. +* When in doubt, it's recommended to fully initialize the context before usage. +* Use ZSTD_CCtx_reset() to reset the context and ZSTD_CCtx_setParameter(), +* ZSTD_CCtx_setPledgedSrcSize(), or ZSTD_CCtx_loadDictionary() and friends to +* set more specific parameters, the pledged source size, or load a dictionary. +* +* Use ZSTD_compressStream2() with ZSTD_e_continue as many times as necessary to +* consume input stream. The function will automatically update both `pos` +* fields within `input` and `output`. +* Note that the function may not consume the entire input, for example, because +* the output buffer is already full, in which case `input.pos < input.size`. +* The caller must check if input has been entirely consumed. +* If not, the caller must make some room to receive more compressed data, +* and then present again remaining input data. +* note: ZSTD_e_continue is guaranteed to make some forward progress when called, +* but doesn't guarantee maximal forward progress. This is especially relevant +* when compressing with multiple threads. The call won't block if it can +* consume some input, but if it can't it will wait for some, but not all, +* output to be flushed. +* @return : provides a minimum amount of data remaining to be flushed from internal buffers +* or an error code, which can be tested using ZSTD_isError(). +* +* At any moment, it's possible to flush whatever data might remain stuck within internal buffer, +* using ZSTD_compressStream2() with ZSTD_e_flush. `output->pos` will be updated. +* Note that, if `output->size` is too small, a single invocation with ZSTD_e_flush might not be enough (return code > 0). +* In which case, make some room to receive more compressed data, and call again ZSTD_compressStream2() with ZSTD_e_flush. +* You must continue calling ZSTD_compressStream2() with ZSTD_e_flush until it returns 0, at which point you can change the +* operation. +* note: ZSTD_e_flush will flush as much output as possible, meaning when compressing with multiple threads, it will +* block until the flush is complete or the output buffer is full. +* @return : 0 if internal buffers are entirely flushed, +* >0 if some data still present within internal buffer (the value is minimal estimation of remaining size), +* or an error code, which can be tested using ZSTD_isError(). +* +* Calling ZSTD_compressStream2() with ZSTD_e_end instructs to finish a frame. +* It will perform a flush and write frame epilogue. +* The epilogue is required for decoders to consider a frame completed. +* flush operation is the same, and follows same rules as calling ZSTD_compressStream2() with ZSTD_e_flush. +* You must continue calling ZSTD_compressStream2() with ZSTD_e_end until it returns 0, at which point you are free to +* start a new frame. +* note: ZSTD_e_end will flush as much output as possible, meaning when compressing with multiple threads, it will +* block until the flush is complete or the output buffer is full. +* @return : 0 if frame fully completed and fully flushed, +* >0 if some data still present within internal buffer (the value is minimal estimation of remaining size), +* or an error code, which can be tested using ZSTD_isError(). +* +* *******************************************************************/ + +typedef ZSTD_CCtx ZSTD_CStream; /**< CCtx and CStream are now effectively same object (>= v1.3.0) */ + /* Continue to distinguish them for compatibility with older versions <= v1.2.0 */ +/*===== ZSTD_CStream management functions =====*/ +ZSTDLIB_API ZSTD_CStream* ZSTD_createCStream(void); +ZSTDLIB_API size_t ZSTD_freeCStream(ZSTD_CStream* zcs); /* accept NULL pointer */ + +/*===== Streaming compression functions =====*/ +typedef enum { + ZSTD_e_continue=0, /* collect more data, encoder decides when to output compressed result, for optimal compression ratio */ + ZSTD_e_flush=1, /* flush any data provided so far, + * it creates (at least) one new block, that can be decoded immediately on reception; + * frame will continue: any future data can still reference previously compressed data, improving compression. + * note : multithreaded compression will block to flush as much output as possible. */ + ZSTD_e_end=2 /* flush any remaining data _and_ close current frame. + * note that frame is only closed after compressed data is fully flushed (return value == 0). + * After that point, any additional data starts a new frame. + * note : each frame is independent (does not reference any content from previous frame). + : note : multithreaded compression will block to flush as much output as possible. */ +} ZSTD_EndDirective; + +/*! ZSTD_compressStream2() : Requires v1.4.0+ + * Behaves about the same as ZSTD_compressStream, with additional control on end directive. + * - Compression parameters are pushed into CCtx before starting compression, using ZSTD_CCtx_set*() + * - Compression parameters cannot be changed once compression is started (save a list of exceptions in multi-threading mode) + * - output->pos must be <= dstCapacity, input->pos must be <= srcSize + * - output->pos and input->pos will be updated. They are guaranteed to remain below their respective limit. + * - endOp must be a valid directive + * - When nbWorkers==0 (default), function is blocking : it completes its job before returning to caller. + * - When nbWorkers>=1, function is non-blocking : it copies a portion of input, distributes jobs to internal worker threads, flush to output whatever is available, + * and then immediately returns, just indicating that there is some data remaining to be flushed. + * The function nonetheless guarantees forward progress : it will return only after it reads or write at least 1+ byte. + * - Exception : if the first call requests a ZSTD_e_end directive and provides enough dstCapacity, the function delegates to ZSTD_compress2() which is always blocking. + * - @return provides a minimum amount of data remaining to be flushed from internal buffers + * or an error code, which can be tested using ZSTD_isError(). + * if @return != 0, flush is not fully completed, there is still some data left within internal buffers. + * This is useful for ZSTD_e_flush, since in this case more flushes are necessary to empty all buffers. + * For ZSTD_e_end, @return == 0 when internal buffers are fully flushed and frame is completed. + * - after a ZSTD_e_end directive, if internal buffer is not fully flushed (@return != 0), + * only ZSTD_e_end or ZSTD_e_flush operations are allowed. + * Before starting a new compression job, or changing compression parameters, + * it is required to fully flush internal buffers. + * - note: if an operation ends with an error, it may leave @cctx in an undefined state. + * Therefore, it's UB to invoke ZSTD_compressStream2() of ZSTD_compressStream() on such a state. + * In order to be re-employed after an error, a state must be reset, + * which can be done explicitly (ZSTD_CCtx_reset()), + * or is sometimes implied by methods starting a new compression job (ZSTD_initCStream(), ZSTD_compressCCtx()) + */ +ZSTDLIB_API size_t ZSTD_compressStream2( ZSTD_CCtx* cctx, + ZSTD_outBuffer* output, + ZSTD_inBuffer* input, + ZSTD_EndDirective endOp); + + +/* These buffer sizes are softly recommended. + * They are not required : ZSTD_compressStream*() happily accepts any buffer size, for both input and output. + * Respecting the recommended size just makes it a bit easier for ZSTD_compressStream*(), + * reducing the amount of memory shuffling and buffering, resulting in minor performance savings. + * + * However, note that these recommendations are from the perspective of a C caller program. + * If the streaming interface is invoked from some other language, + * especially managed ones such as Java or Go, through a foreign function interface such as jni or cgo, + * a major performance rule is to reduce crossing such interface to an absolute minimum. + * It's not rare that performance ends being spent more into the interface, rather than compression itself. + * In which cases, prefer using large buffers, as large as practical, + * for both input and output, to reduce the nb of roundtrips. + */ +ZSTDLIB_API size_t ZSTD_CStreamInSize(void); /**< recommended size for input buffer */ +ZSTDLIB_API size_t ZSTD_CStreamOutSize(void); /**< recommended size for output buffer. Guarantee to successfully flush at least one complete compressed block. */ + + +/* ***************************************************************************** + * This following is a legacy streaming API, available since v1.0+ . + * It can be replaced by ZSTD_CCtx_reset() and ZSTD_compressStream2(). + * It is redundant, but remains fully supported. + ******************************************************************************/ + +/*! + * Equivalent to: + * + * ZSTD_CCtx_reset(zcs, ZSTD_reset_session_only); + * ZSTD_CCtx_refCDict(zcs, NULL); // clear the dictionary (if any) + * ZSTD_CCtx_setParameter(zcs, ZSTD_c_compressionLevel, compressionLevel); + * + * Note that ZSTD_initCStream() clears any previously set dictionary. Use the new API + * to compress with a dictionary. + */ +ZSTDLIB_API size_t ZSTD_initCStream(ZSTD_CStream* zcs, int compressionLevel); +/*! + * Alternative for ZSTD_compressStream2(zcs, output, input, ZSTD_e_continue). + * NOTE: The return value is different. ZSTD_compressStream() returns a hint for + * the next read size (if non-zero and not an error). ZSTD_compressStream2() + * returns the minimum nb of bytes left to flush (if non-zero and not an error). + */ +ZSTDLIB_API size_t ZSTD_compressStream(ZSTD_CStream* zcs, ZSTD_outBuffer* output, ZSTD_inBuffer* input); +/*! Equivalent to ZSTD_compressStream2(zcs, output, &emptyInput, ZSTD_e_flush). */ +ZSTDLIB_API size_t ZSTD_flushStream(ZSTD_CStream* zcs, ZSTD_outBuffer* output); +/*! Equivalent to ZSTD_compressStream2(zcs, output, &emptyInput, ZSTD_e_end). */ +ZSTDLIB_API size_t ZSTD_endStream(ZSTD_CStream* zcs, ZSTD_outBuffer* output); + + +/*-*************************************************************************** +* Streaming decompression - HowTo +* +* A ZSTD_DStream object is required to track streaming operations. +* Use ZSTD_createDStream() and ZSTD_freeDStream() to create/release resources. +* ZSTD_DStream objects can be re-employed multiple times. +* +* Use ZSTD_initDStream() to start a new decompression operation. +* @return : recommended first input size +* Alternatively, use advanced API to set specific properties. +* +* Use ZSTD_decompressStream() repetitively to consume your input. +* The function will update both `pos` fields. +* If `input.pos < input.size`, some input has not been consumed. +* It's up to the caller to present again remaining data. +* +* The function tries to flush all data decoded immediately, respecting output buffer size. +* If `output.pos < output.size`, decoder has flushed everything it could. +* +* However, when `output.pos == output.size`, it's more difficult to know. +* If @return > 0, the frame is not complete, meaning +* either there is still some data left to flush within internal buffers, +* or there is more input to read to complete the frame (or both). +* In which case, call ZSTD_decompressStream() again to flush whatever remains in the buffer. +* Note : with no additional input provided, amount of data flushed is necessarily <= ZSTD_BLOCKSIZE_MAX. +* @return : 0 when a frame is completely decoded and fully flushed, +* or an error code, which can be tested using ZSTD_isError(), +* or any other value > 0, which means there is still some decoding or flushing to do to complete current frame : +* the return value is a suggested next input size (just a hint for better latency) +* that will never request more than the remaining content of the compressed frame. +* *******************************************************************************/ + +typedef ZSTD_DCtx ZSTD_DStream; /**< DCtx and DStream are now effectively same object (>= v1.3.0) */ + /* For compatibility with versions <= v1.2.0, prefer differentiating them. */ +/*===== ZSTD_DStream management functions =====*/ +ZSTDLIB_API ZSTD_DStream* ZSTD_createDStream(void); +ZSTDLIB_API size_t ZSTD_freeDStream(ZSTD_DStream* zds); /* accept NULL pointer */ + +/*===== Streaming decompression functions =====*/ + +/*! ZSTD_initDStream() : + * Initialize/reset DStream state for new decompression operation. + * Call before new decompression operation using same DStream. + * + * Note : This function is redundant with the advanced API and equivalent to: + * ZSTD_DCtx_reset(zds, ZSTD_reset_session_only); + * ZSTD_DCtx_refDDict(zds, NULL); + */ +ZSTDLIB_API size_t ZSTD_initDStream(ZSTD_DStream* zds); + +/*! ZSTD_decompressStream() : + * Streaming decompression function. + * Call repetitively to consume full input updating it as necessary. + * Function will update both input and output `pos` fields exposing current state via these fields: + * - `input.pos < input.size`, some input remaining and caller should provide remaining input + * on the next call. + * - `output.pos < output.size`, decoder flushed internal output buffer. + * - `output.pos == output.size`, unflushed data potentially present in the internal buffers, + * check ZSTD_decompressStream() @return value, + * if > 0, invoke it again to flush remaining data to output. + * Note : with no additional input, amount of data flushed <= ZSTD_BLOCKSIZE_MAX. + * + * @return : 0 when a frame is completely decoded and fully flushed, + * or an error code, which can be tested using ZSTD_isError(), + * or any other value > 0, which means there is some decoding or flushing to do to complete current frame. + * + * Note: when an operation returns with an error code, the @zds state may be left in undefined state. + * It's UB to invoke `ZSTD_decompressStream()` on such a state. + * In order to re-use such a state, it must be first reset, + * which can be done explicitly (`ZSTD_DCtx_reset()`), + * or is implied for operations starting some new decompression job (`ZSTD_initDStream`, `ZSTD_decompressDCtx()`, `ZSTD_decompress_usingDict()`) + */ +ZSTDLIB_API size_t ZSTD_decompressStream(ZSTD_DStream* zds, ZSTD_outBuffer* output, ZSTD_inBuffer* input); + +ZSTDLIB_API size_t ZSTD_DStreamInSize(void); /*!< recommended size for input buffer */ +ZSTDLIB_API size_t ZSTD_DStreamOutSize(void); /*!< recommended size for output buffer. Guarantee to successfully flush at least one complete block in all circumstances. */ + + +/************************** +* Simple dictionary API +***************************/ +/*! ZSTD_compress_usingDict() : + * Compression at an explicit compression level using a Dictionary. + * A dictionary can be any arbitrary data segment (also called a prefix), + * or a buffer with specified information (see zdict.h). + * Note : This function loads the dictionary, resulting in significant startup delay. + * It's intended for a dictionary used only once. + * Note 2 : When `dict == NULL || dictSize < 8` no dictionary is used. */ +ZSTDLIB_API size_t ZSTD_compress_usingDict(ZSTD_CCtx* ctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + const void* dict,size_t dictSize, + int compressionLevel); + +/*! ZSTD_decompress_usingDict() : + * Decompression using a known Dictionary. + * Dictionary must be identical to the one used during compression. + * Note : This function loads the dictionary, resulting in significant startup delay. + * It's intended for a dictionary used only once. + * Note : When `dict == NULL || dictSize < 8` no dictionary is used. */ +ZSTDLIB_API size_t ZSTD_decompress_usingDict(ZSTD_DCtx* dctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + const void* dict,size_t dictSize); + + +/*********************************** + * Bulk processing dictionary API + **********************************/ +typedef struct ZSTD_CDict_s ZSTD_CDict; + +/*! ZSTD_createCDict() : + * When compressing multiple messages or blocks using the same dictionary, + * it's recommended to digest the dictionary only once, since it's a costly operation. + * ZSTD_createCDict() will create a state from digesting a dictionary. + * The resulting state can be used for future compression operations with very limited startup cost. + * ZSTD_CDict can be created once and shared by multiple threads concurrently, since its usage is read-only. + * @dictBuffer can be released after ZSTD_CDict creation, because its content is copied within CDict. + * Note 1 : Consider experimental function `ZSTD_createCDict_byReference()` if you prefer to not duplicate @dictBuffer content. + * Note 2 : A ZSTD_CDict can be created from an empty @dictBuffer, + * in which case the only thing that it transports is the @compressionLevel. + * This can be useful in a pipeline featuring ZSTD_compress_usingCDict() exclusively, + * expecting a ZSTD_CDict parameter with any data, including those without a known dictionary. */ +ZSTDLIB_API ZSTD_CDict* ZSTD_createCDict(const void* dictBuffer, size_t dictSize, + int compressionLevel); + +/*! ZSTD_freeCDict() : + * Function frees memory allocated by ZSTD_createCDict(). + * If a NULL pointer is passed, no operation is performed. */ +ZSTDLIB_API size_t ZSTD_freeCDict(ZSTD_CDict* CDict); + +/*! ZSTD_compress_usingCDict() : + * Compression using a digested Dictionary. + * Recommended when same dictionary is used multiple times. + * Note : compression level is _decided at dictionary creation time_, + * and frame parameters are hardcoded (dictID=yes, contentSize=yes, checksum=no) */ +ZSTDLIB_API size_t ZSTD_compress_usingCDict(ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + const ZSTD_CDict* cdict); + + +typedef struct ZSTD_DDict_s ZSTD_DDict; + +/*! ZSTD_createDDict() : + * Create a digested dictionary, ready to start decompression operation without startup delay. + * dictBuffer can be released after DDict creation, as its content is copied inside DDict. */ +ZSTDLIB_API ZSTD_DDict* ZSTD_createDDict(const void* dictBuffer, size_t dictSize); + +/*! ZSTD_freeDDict() : + * Function frees memory allocated with ZSTD_createDDict() + * If a NULL pointer is passed, no operation is performed. */ +ZSTDLIB_API size_t ZSTD_freeDDict(ZSTD_DDict* ddict); + +/*! ZSTD_decompress_usingDDict() : + * Decompression using a digested Dictionary. + * Recommended when same dictionary is used multiple times. */ +ZSTDLIB_API size_t ZSTD_decompress_usingDDict(ZSTD_DCtx* dctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + const ZSTD_DDict* ddict); + + +/******************************** + * Dictionary helper functions + *******************************/ + +/*! ZSTD_getDictID_fromDict() : Requires v1.4.0+ + * Provides the dictID stored within dictionary. + * if @return == 0, the dictionary is not conformant with Zstandard specification. + * It can still be loaded, but as a content-only dictionary. */ +ZSTDLIB_API unsigned ZSTD_getDictID_fromDict(const void* dict, size_t dictSize); + +/*! ZSTD_getDictID_fromCDict() : Requires v1.5.0+ + * Provides the dictID of the dictionary loaded into `cdict`. + * If @return == 0, the dictionary is not conformant to Zstandard specification, or empty. + * Non-conformant dictionaries can still be loaded, but as content-only dictionaries. */ +ZSTDLIB_API unsigned ZSTD_getDictID_fromCDict(const ZSTD_CDict* cdict); + +/*! ZSTD_getDictID_fromDDict() : Requires v1.4.0+ + * Provides the dictID of the dictionary loaded into `ddict`. + * If @return == 0, the dictionary is not conformant to Zstandard specification, or empty. + * Non-conformant dictionaries can still be loaded, but as content-only dictionaries. */ +ZSTDLIB_API unsigned ZSTD_getDictID_fromDDict(const ZSTD_DDict* ddict); + +/*! ZSTD_getDictID_fromFrame() : Requires v1.4.0+ + * Provides the dictID required to decompressed the frame stored within `src`. + * If @return == 0, the dictID could not be decoded. + * This could for one of the following reasons : + * - The frame does not require a dictionary to be decoded (most common case). + * - The frame was built with dictID intentionally removed. Whatever dictionary is necessary is a hidden piece of information. + * Note : this use case also happens when using a non-conformant dictionary. + * - `srcSize` is too small, and as a result, the frame header could not be decoded (only possible if `srcSize < ZSTD_FRAMEHEADERSIZE_MAX`). + * - This is not a Zstandard frame. + * When identifying the exact failure cause, it's possible to use ZSTD_getFrameHeader(), which will provide a more precise error code. */ +ZSTDLIB_API unsigned ZSTD_getDictID_fromFrame(const void* src, size_t srcSize); + + +/******************************************************************************* + * Advanced dictionary and prefix API (Requires v1.4.0+) + * + * This API allows dictionaries to be used with ZSTD_compress2(), + * ZSTD_compressStream2(), and ZSTD_decompressDCtx(). + * Dictionaries are sticky, they remain valid when same context is reused, + * they only reset when the context is reset + * with ZSTD_reset_parameters or ZSTD_reset_session_and_parameters. + * In contrast, Prefixes are single-use. + ******************************************************************************/ + + +/*! ZSTD_CCtx_loadDictionary() : Requires v1.4.0+ + * Create an internal CDict from `dict` buffer. + * Decompression will have to use same dictionary. + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + * Special: Loading a NULL (or 0-size) dictionary invalidates previous dictionary, + * meaning "return to no-dictionary mode". + * Note 1 : Dictionary is sticky, it will be used for all future compressed frames, + * until parameters are reset, a new dictionary is loaded, or the dictionary + * is explicitly invalidated by loading a NULL dictionary. + * Note 2 : Loading a dictionary involves building tables. + * It's also a CPU consuming operation, with non-negligible impact on latency. + * Tables are dependent on compression parameters, and for this reason, + * compression parameters can no longer be changed after loading a dictionary. + * Note 3 :`dict` content will be copied internally. + * Use experimental ZSTD_CCtx_loadDictionary_byReference() to reference content instead. + * In such a case, dictionary buffer must outlive its users. + * Note 4 : Use ZSTD_CCtx_loadDictionary_advanced() + * to precisely select how dictionary content must be interpreted. + * Note 5 : This method does not benefit from LDM (long distance mode). + * If you want to employ LDM on some large dictionary content, + * prefer employing ZSTD_CCtx_refPrefix() described below. + */ +ZSTDLIB_API size_t ZSTD_CCtx_loadDictionary(ZSTD_CCtx* cctx, const void* dict, size_t dictSize); + +/*! ZSTD_CCtx_refCDict() : Requires v1.4.0+ + * Reference a prepared dictionary, to be used for all future compressed frames. + * Note that compression parameters are enforced from within CDict, + * and supersede any compression parameter previously set within CCtx. + * The parameters ignored are labelled as "superseded-by-cdict" in the ZSTD_cParameter enum docs. + * The ignored parameters will be used again if the CCtx is returned to no-dictionary mode. + * The dictionary will remain valid for future compressed frames using same CCtx. + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + * Special : Referencing a NULL CDict means "return to no-dictionary mode". + * Note 1 : Currently, only one dictionary can be managed. + * Referencing a new dictionary effectively "discards" any previous one. + * Note 2 : CDict is just referenced, its lifetime must outlive its usage within CCtx. */ +ZSTDLIB_API size_t ZSTD_CCtx_refCDict(ZSTD_CCtx* cctx, const ZSTD_CDict* cdict); + +/*! ZSTD_CCtx_refPrefix() : Requires v1.4.0+ + * Reference a prefix (single-usage dictionary) for next compressed frame. + * A prefix is **only used once**. Tables are discarded at end of frame (ZSTD_e_end). + * Decompression will need same prefix to properly regenerate data. + * Compressing with a prefix is similar in outcome as performing a diff and compressing it, + * but performs much faster, especially during decompression (compression speed is tunable with compression level). + * This method is compatible with LDM (long distance mode). + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + * Special: Adding any prefix (including NULL) invalidates any previous prefix or dictionary + * Note 1 : Prefix buffer is referenced. It **must** outlive compression. + * Its content must remain unmodified during compression. + * Note 2 : If the intention is to diff some large src data blob with some prior version of itself, + * ensure that the window size is large enough to contain the entire source. + * See ZSTD_c_windowLog. + * Note 3 : Referencing a prefix involves building tables, which are dependent on compression parameters. + * It's a CPU consuming operation, with non-negligible impact on latency. + * If there is a need to use the same prefix multiple times, consider loadDictionary instead. + * Note 4 : By default, the prefix is interpreted as raw content (ZSTD_dct_rawContent). + * Use experimental ZSTD_CCtx_refPrefix_advanced() to alter dictionary interpretation. */ +ZSTDLIB_API size_t ZSTD_CCtx_refPrefix(ZSTD_CCtx* cctx, + const void* prefix, size_t prefixSize); + +/*! ZSTD_DCtx_loadDictionary() : Requires v1.4.0+ + * Create an internal DDict from dict buffer, to be used to decompress all future frames. + * The dictionary remains valid for all future frames, until explicitly invalidated, or + * a new dictionary is loaded. + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + * Special : Adding a NULL (or 0-size) dictionary invalidates any previous dictionary, + * meaning "return to no-dictionary mode". + * Note 1 : Loading a dictionary involves building tables, + * which has a non-negligible impact on CPU usage and latency. + * It's recommended to "load once, use many times", to amortize the cost + * Note 2 :`dict` content will be copied internally, so `dict` can be released after loading. + * Use ZSTD_DCtx_loadDictionary_byReference() to reference dictionary content instead. + * Note 3 : Use ZSTD_DCtx_loadDictionary_advanced() to take control of + * how dictionary content is loaded and interpreted. + */ +ZSTDLIB_API size_t ZSTD_DCtx_loadDictionary(ZSTD_DCtx* dctx, const void* dict, size_t dictSize); + +/*! ZSTD_DCtx_refDDict() : Requires v1.4.0+ + * Reference a prepared dictionary, to be used to decompress next frames. + * The dictionary remains active for decompression of future frames using same DCtx. + * + * If called with ZSTD_d_refMultipleDDicts enabled, repeated calls of this function + * will store the DDict references in a table, and the DDict used for decompression + * will be determined at decompression time, as per the dict ID in the frame. + * The memory for the table is allocated on the first call to refDDict, and can be + * freed with ZSTD_freeDCtx(). + * + * If called with ZSTD_d_refMultipleDDicts disabled (the default), only one dictionary + * will be managed, and referencing a dictionary effectively "discards" any previous one. + * + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + * Special: referencing a NULL DDict means "return to no-dictionary mode". + * Note 2 : DDict is just referenced, its lifetime must outlive its usage from DCtx. + */ +ZSTDLIB_API size_t ZSTD_DCtx_refDDict(ZSTD_DCtx* dctx, const ZSTD_DDict* ddict); + +/*! ZSTD_DCtx_refPrefix() : Requires v1.4.0+ + * Reference a prefix (single-usage dictionary) to decompress next frame. + * This is the reverse operation of ZSTD_CCtx_refPrefix(), + * and must use the same prefix as the one used during compression. + * Prefix is **only used once**. Reference is discarded at end of frame. + * End of frame is reached when ZSTD_decompressStream() returns 0. + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + * Note 1 : Adding any prefix (including NULL) invalidates any previously set prefix or dictionary + * Note 2 : Prefix buffer is referenced. It **must** outlive decompression. + * Prefix buffer must remain unmodified up to the end of frame, + * reached when ZSTD_decompressStream() returns 0. + * Note 3 : By default, the prefix is treated as raw content (ZSTD_dct_rawContent). + * Use ZSTD_CCtx_refPrefix_advanced() to alter dictMode (Experimental section) + * Note 4 : Referencing a raw content prefix has almost no cpu nor memory cost. + * A full dictionary is more costly, as it requires building tables. + */ +ZSTDLIB_API size_t ZSTD_DCtx_refPrefix(ZSTD_DCtx* dctx, + const void* prefix, size_t prefixSize); + +/* === Memory management === */ + +/*! ZSTD_sizeof_*() : Requires v1.4.0+ + * These functions give the _current_ memory usage of selected object. + * Note that object memory usage can evolve (increase or decrease) over time. */ +ZSTDLIB_API size_t ZSTD_sizeof_CCtx(const ZSTD_CCtx* cctx); +ZSTDLIB_API size_t ZSTD_sizeof_DCtx(const ZSTD_DCtx* dctx); +ZSTDLIB_API size_t ZSTD_sizeof_CStream(const ZSTD_CStream* zcs); +ZSTDLIB_API size_t ZSTD_sizeof_DStream(const ZSTD_DStream* zds); +ZSTDLIB_API size_t ZSTD_sizeof_CDict(const ZSTD_CDict* cdict); +ZSTDLIB_API size_t ZSTD_sizeof_DDict(const ZSTD_DDict* ddict); + +#if defined (__cplusplus) +} +#endif + +#endif /* ZSTD_H_235446 */ + + +/* ************************************************************************************** + * ADVANCED AND EXPERIMENTAL FUNCTIONS + **************************************************************************************** + * The definitions in the following section are considered experimental. + * They are provided for advanced scenarios. + * They should never be used with a dynamic library, as prototypes may change in the future. + * Use them only in association with static linking. + * ***************************************************************************************/ + +#if defined(ZSTD_STATIC_LINKING_ONLY) && !defined(ZSTD_H_ZSTD_STATIC_LINKING_ONLY) +#define ZSTD_H_ZSTD_STATIC_LINKING_ONLY + +#if defined (__cplusplus) +extern "C" { +#endif + +/* This can be overridden externally to hide static symbols. */ +#ifndef ZSTDLIB_STATIC_API +# if defined(ZSTD_DLL_EXPORT) && (ZSTD_DLL_EXPORT==1) +# define ZSTDLIB_STATIC_API __declspec(dllexport) ZSTDLIB_VISIBLE +# elif defined(ZSTD_DLL_IMPORT) && (ZSTD_DLL_IMPORT==1) +# define ZSTDLIB_STATIC_API __declspec(dllimport) ZSTDLIB_VISIBLE +# else +# define ZSTDLIB_STATIC_API ZSTDLIB_VISIBLE +# endif +#endif + +/**************************************************************************************** + * experimental API (static linking only) + **************************************************************************************** + * The following symbols and constants + * are not planned to join "stable API" status in the near future. + * They can still change in future versions. + * Some of them are planned to remain in the static_only section indefinitely. + * Some of them might be removed in the future (especially when redundant with existing stable functions) + * ***************************************************************************************/ + +#define ZSTD_FRAMEHEADERSIZE_PREFIX(format) ((format) == ZSTD_f_zstd1 ? 5 : 1) /* minimum input size required to query frame header size */ +#define ZSTD_FRAMEHEADERSIZE_MIN(format) ((format) == ZSTD_f_zstd1 ? 6 : 2) +#define ZSTD_FRAMEHEADERSIZE_MAX 18 /* can be useful for static allocation */ +#define ZSTD_SKIPPABLEHEADERSIZE 8 + +/* compression parameter bounds */ +#define ZSTD_WINDOWLOG_MAX_32 30 +#define ZSTD_WINDOWLOG_MAX_64 31 +#define ZSTD_WINDOWLOG_MAX ((int)(sizeof(size_t) == 4 ? ZSTD_WINDOWLOG_MAX_32 : ZSTD_WINDOWLOG_MAX_64)) +#define ZSTD_WINDOWLOG_MIN 10 +#define ZSTD_HASHLOG_MAX ((ZSTD_WINDOWLOG_MAX < 30) ? ZSTD_WINDOWLOG_MAX : 30) +#define ZSTD_HASHLOG_MIN 6 +#define ZSTD_CHAINLOG_MAX_32 29 +#define ZSTD_CHAINLOG_MAX_64 30 +#define ZSTD_CHAINLOG_MAX ((int)(sizeof(size_t) == 4 ? ZSTD_CHAINLOG_MAX_32 : ZSTD_CHAINLOG_MAX_64)) +#define ZSTD_CHAINLOG_MIN ZSTD_HASHLOG_MIN +#define ZSTD_SEARCHLOG_MAX (ZSTD_WINDOWLOG_MAX-1) +#define ZSTD_SEARCHLOG_MIN 1 +#define ZSTD_MINMATCH_MAX 7 /* only for ZSTD_fast, other strategies are limited to 6 */ +#define ZSTD_MINMATCH_MIN 3 /* only for ZSTD_btopt+, faster strategies are limited to 4 */ +#define ZSTD_TARGETLENGTH_MAX ZSTD_BLOCKSIZE_MAX +#define ZSTD_TARGETLENGTH_MIN 0 /* note : comparing this constant to an unsigned results in a tautological test */ +#define ZSTD_STRATEGY_MIN ZSTD_fast +#define ZSTD_STRATEGY_MAX ZSTD_btultra2 +#define ZSTD_BLOCKSIZE_MAX_MIN (1 << 10) /* The minimum valid max blocksize. Maximum blocksizes smaller than this make compressBound() inaccurate. */ + + +#define ZSTD_OVERLAPLOG_MIN 0 +#define ZSTD_OVERLAPLOG_MAX 9 + +#define ZSTD_WINDOWLOG_LIMIT_DEFAULT 27 /* by default, the streaming decoder will refuse any frame + * requiring larger than (1< 0: + * If litLength != 0: + * rep == 1 --> offset == repeat_offset_1 + * rep == 2 --> offset == repeat_offset_2 + * rep == 3 --> offset == repeat_offset_3 + * If litLength == 0: + * rep == 1 --> offset == repeat_offset_2 + * rep == 2 --> offset == repeat_offset_3 + * rep == 3 --> offset == repeat_offset_1 - 1 + * + * Note: This field is optional. ZSTD_generateSequences() will calculate the value of + * 'rep', but repeat offsets do not necessarily need to be calculated from an external + * sequence provider perspective. For example, ZSTD_compressSequences() does not + * use this 'rep' field at all (as of now). + */ +} ZSTD_Sequence; + +typedef struct { + unsigned windowLog; /**< largest match distance : larger == more compression, more memory needed during decompression */ + unsigned chainLog; /**< fully searched segment : larger == more compression, slower, more memory (useless for fast) */ + unsigned hashLog; /**< dispatch table : larger == faster, more memory */ + unsigned searchLog; /**< nb of searches : larger == more compression, slower */ + unsigned minMatch; /**< match length searched : larger == faster decompression, sometimes less compression */ + unsigned targetLength; /**< acceptable match size for optimal parser (only) : larger == more compression, slower */ + ZSTD_strategy strategy; /**< see ZSTD_strategy definition above */ +} ZSTD_compressionParameters; + +typedef struct { + int contentSizeFlag; /**< 1: content size will be in frame header (when known) */ + int checksumFlag; /**< 1: generate a 32-bits checksum using XXH64 algorithm at end of frame, for error detection */ + int noDictIDFlag; /**< 1: no dictID will be saved into frame header (dictID is only useful for dictionary compression) */ +} ZSTD_frameParameters; + +typedef struct { + ZSTD_compressionParameters cParams; + ZSTD_frameParameters fParams; +} ZSTD_parameters; + +typedef enum { + ZSTD_dct_auto = 0, /* dictionary is "full" when starting with ZSTD_MAGIC_DICTIONARY, otherwise it is "rawContent" */ + ZSTD_dct_rawContent = 1, /* ensures dictionary is always loaded as rawContent, even if it starts with ZSTD_MAGIC_DICTIONARY */ + ZSTD_dct_fullDict = 2 /* refuses to load a dictionary if it does not respect Zstandard's specification, starting with ZSTD_MAGIC_DICTIONARY */ +} ZSTD_dictContentType_e; + +typedef enum { + ZSTD_dlm_byCopy = 0, /**< Copy dictionary content internally */ + ZSTD_dlm_byRef = 1 /**< Reference dictionary content -- the dictionary buffer must outlive its users. */ +} ZSTD_dictLoadMethod_e; + +typedef enum { + ZSTD_f_zstd1 = 0, /* zstd frame format, specified in zstd_compression_format.md (default) */ + ZSTD_f_zstd1_magicless = 1 /* Variant of zstd frame format, without initial 4-bytes magic number. + * Useful to save 4 bytes per generated frame. + * Decoder cannot recognise automatically this format, requiring this instruction. */ +} ZSTD_format_e; + +typedef enum { + /* Note: this enum controls ZSTD_d_forceIgnoreChecksum */ + ZSTD_d_validateChecksum = 0, + ZSTD_d_ignoreChecksum = 1 +} ZSTD_forceIgnoreChecksum_e; + +typedef enum { + /* Note: this enum controls ZSTD_d_refMultipleDDicts */ + ZSTD_rmd_refSingleDDict = 0, + ZSTD_rmd_refMultipleDDicts = 1 +} ZSTD_refMultipleDDicts_e; + +typedef enum { + /* Note: this enum and the behavior it controls are effectively internal + * implementation details of the compressor. They are expected to continue + * to evolve and should be considered only in the context of extremely + * advanced performance tuning. + * + * Zstd currently supports the use of a CDict in three ways: + * + * - The contents of the CDict can be copied into the working context. This + * means that the compression can search both the dictionary and input + * while operating on a single set of internal tables. This makes + * the compression faster per-byte of input. However, the initial copy of + * the CDict's tables incurs a fixed cost at the beginning of the + * compression. For small compressions (< 8 KB), that copy can dominate + * the cost of the compression. + * + * - The CDict's tables can be used in-place. In this model, compression is + * slower per input byte, because the compressor has to search two sets of + * tables. However, this model incurs no start-up cost (as long as the + * working context's tables can be reused). For small inputs, this can be + * faster than copying the CDict's tables. + * + * - The CDict's tables are not used at all, and instead we use the working + * context alone to reload the dictionary and use params based on the source + * size. See ZSTD_compress_insertDictionary() and ZSTD_compress_usingDict(). + * This method is effective when the dictionary sizes are very small relative + * to the input size, and the input size is fairly large to begin with. + * + * Zstd has a simple internal heuristic that selects which strategy to use + * at the beginning of a compression. However, if experimentation shows that + * Zstd is making poor choices, it is possible to override that choice with + * this enum. + */ + ZSTD_dictDefaultAttach = 0, /* Use the default heuristic. */ + ZSTD_dictForceAttach = 1, /* Never copy the dictionary. */ + ZSTD_dictForceCopy = 2, /* Always copy the dictionary. */ + ZSTD_dictForceLoad = 3 /* Always reload the dictionary */ +} ZSTD_dictAttachPref_e; + +typedef enum { + ZSTD_lcm_auto = 0, /**< Automatically determine the compression mode based on the compression level. + * Negative compression levels will be uncompressed, and positive compression + * levels will be compressed. */ + ZSTD_lcm_huffman = 1, /**< Always attempt Huffman compression. Uncompressed literals will still be + * emitted if Huffman compression is not profitable. */ + ZSTD_lcm_uncompressed = 2 /**< Always emit uncompressed literals. */ +} ZSTD_literalCompressionMode_e; + +typedef enum { + /* Note: This enum controls features which are conditionally beneficial. + * Zstd can take a decision on whether or not to enable the feature (ZSTD_ps_auto), + * but setting the switch to ZSTD_ps_enable or ZSTD_ps_disable force enable/disable the feature. + */ + ZSTD_ps_auto = 0, /* Let the library automatically determine whether the feature shall be enabled */ + ZSTD_ps_enable = 1, /* Force-enable the feature */ + ZSTD_ps_disable = 2 /* Do not use the feature */ +} ZSTD_ParamSwitch_e; +#define ZSTD_paramSwitch_e ZSTD_ParamSwitch_e /* old name */ + +/*************************************** +* Frame header and size functions +***************************************/ + +/*! ZSTD_findDecompressedSize() : + * `src` should point to the start of a series of ZSTD encoded and/or skippable frames + * `srcSize` must be the _exact_ size of this series + * (i.e. there should be a frame boundary at `src + srcSize`) + * @return : - decompressed size of all data in all successive frames + * - if the decompressed size cannot be determined: ZSTD_CONTENTSIZE_UNKNOWN + * - if an error occurred: ZSTD_CONTENTSIZE_ERROR + * + * note 1 : decompressed size is an optional field, that may not be present, especially in streaming mode. + * When `return==ZSTD_CONTENTSIZE_UNKNOWN`, data to decompress could be any size. + * In which case, it's necessary to use streaming mode to decompress data. + * note 2 : decompressed size is always present when compression is done with ZSTD_compress() + * note 3 : decompressed size can be very large (64-bits value), + * potentially larger than what local system can handle as a single memory segment. + * In which case, it's necessary to use streaming mode to decompress data. + * note 4 : If source is untrusted, decompressed size could be wrong or intentionally modified. + * Always ensure result fits within application's authorized limits. + * Each application can set its own limits. + * note 5 : ZSTD_findDecompressedSize handles multiple frames, and so it must traverse the input to + * read each contained frame header. This is fast as most of the data is skipped, + * however it does mean that all frame data must be present and valid. */ +ZSTDLIB_STATIC_API unsigned long long ZSTD_findDecompressedSize(const void* src, size_t srcSize); + +/*! ZSTD_decompressBound() : + * `src` should point to the start of a series of ZSTD encoded and/or skippable frames + * `srcSize` must be the _exact_ size of this series + * (i.e. there should be a frame boundary at `src + srcSize`) + * @return : - upper-bound for the decompressed size of all data in all successive frames + * - if an error occurred: ZSTD_CONTENTSIZE_ERROR + * + * note 1 : an error can occur if `src` contains an invalid or incorrectly formatted frame. + * note 2 : the upper-bound is exact when the decompressed size field is available in every ZSTD encoded frame of `src`. + * in this case, `ZSTD_findDecompressedSize` and `ZSTD_decompressBound` return the same value. + * note 3 : when the decompressed size field isn't available, the upper-bound for that frame is calculated by: + * upper-bound = # blocks * min(128 KB, Window_Size) + */ +ZSTDLIB_STATIC_API unsigned long long ZSTD_decompressBound(const void* src, size_t srcSize); + +/*! ZSTD_frameHeaderSize() : + * srcSize must be large enough, aka >= ZSTD_FRAMEHEADERSIZE_PREFIX. + * @return : size of the Frame Header, + * or an error code (if srcSize is too small) */ +ZSTDLIB_STATIC_API size_t ZSTD_frameHeaderSize(const void* src, size_t srcSize); + +typedef enum { ZSTD_frame, ZSTD_skippableFrame } ZSTD_FrameType_e; +#define ZSTD_frameType_e ZSTD_FrameType_e /* old name */ +typedef struct { + unsigned long long frameContentSize; /* if == ZSTD_CONTENTSIZE_UNKNOWN, it means this field is not available. 0 means "empty" */ + unsigned long long windowSize; /* can be very large, up to <= frameContentSize */ + unsigned blockSizeMax; + ZSTD_FrameType_e frameType; /* if == ZSTD_skippableFrame, frameContentSize is the size of skippable content */ + unsigned headerSize; + unsigned dictID; /* for ZSTD_skippableFrame, contains the skippable magic variant [0-15] */ + unsigned checksumFlag; + unsigned _reserved1; + unsigned _reserved2; +} ZSTD_FrameHeader; +#define ZSTD_frameHeader ZSTD_FrameHeader /* old name */ + +/*! ZSTD_getFrameHeader() : + * decode Frame Header into `zfhPtr`, or requires larger `srcSize`. + * @return : 0 => header is complete, `zfhPtr` is correctly filled, + * >0 => `srcSize` is too small, @return value is the wanted `srcSize` amount, `zfhPtr` is not filled, + * or an error code, which can be tested using ZSTD_isError() */ +ZSTDLIB_STATIC_API size_t ZSTD_getFrameHeader(ZSTD_FrameHeader* zfhPtr, const void* src, size_t srcSize); +/*! ZSTD_getFrameHeader_advanced() : + * same as ZSTD_getFrameHeader(), + * with added capability to select a format (like ZSTD_f_zstd1_magicless) */ +ZSTDLIB_STATIC_API size_t ZSTD_getFrameHeader_advanced(ZSTD_FrameHeader* zfhPtr, const void* src, size_t srcSize, ZSTD_format_e format); + +/*! ZSTD_decompressionMargin() : + * Zstd supports in-place decompression, where the input and output buffers overlap. + * In this case, the output buffer must be at least (Margin + Output_Size) bytes large, + * and the input buffer must be at the end of the output buffer. + * + * _______________________ Output Buffer ________________________ + * | | + * | ____ Input Buffer ____| + * | | | + * v v v + * |---------------------------------------|-----------|----------| + * ^ ^ ^ + * |___________________ Output_Size ___________________|_ Margin _| + * + * NOTE: See also ZSTD_DECOMPRESSION_MARGIN(). + * NOTE: This applies only to single-pass decompression through ZSTD_decompress() or + * ZSTD_decompressDCtx(). + * NOTE: This function supports multi-frame input. + * + * @param src The compressed frame(s) + * @param srcSize The size of the compressed frame(s) + * @returns The decompression margin or an error that can be checked with ZSTD_isError(). + */ +ZSTDLIB_STATIC_API size_t ZSTD_decompressionMargin(const void* src, size_t srcSize); + +/*! ZSTD_DECOMPRESS_MARGIN() : + * Similar to ZSTD_decompressionMargin(), but instead of computing the margin from + * the compressed frame, compute it from the original size and the blockSizeLog. + * See ZSTD_decompressionMargin() for details. + * + * WARNING: This macro does not support multi-frame input, the input must be a single + * zstd frame. If you need that support use the function, or implement it yourself. + * + * @param originalSize The original uncompressed size of the data. + * @param blockSize The block size == MIN(windowSize, ZSTD_BLOCKSIZE_MAX). + * Unless you explicitly set the windowLog smaller than + * ZSTD_BLOCKSIZELOG_MAX you can just use ZSTD_BLOCKSIZE_MAX. + */ +#define ZSTD_DECOMPRESSION_MARGIN(originalSize, blockSize) ((size_t)( \ + ZSTD_FRAMEHEADERSIZE_MAX /* Frame header */ + \ + 4 /* checksum */ + \ + ((originalSize) == 0 ? 0 : 3 * (((originalSize) + (blockSize) - 1) / blockSize)) /* 3 bytes per block */ + \ + (blockSize) /* One block of margin */ \ + )) + +typedef enum { + ZSTD_sf_noBlockDelimiters = 0, /* ZSTD_Sequence[] has no block delimiters, just sequences */ + ZSTD_sf_explicitBlockDelimiters = 1 /* ZSTD_Sequence[] contains explicit block delimiters */ +} ZSTD_SequenceFormat_e; +#define ZSTD_sequenceFormat_e ZSTD_SequenceFormat_e /* old name */ + +/*! ZSTD_sequenceBound() : + * `srcSize` : size of the input buffer + * @return : upper-bound for the number of sequences that can be generated + * from a buffer of srcSize bytes + * + * note : returns number of sequences - to get bytes, multiply by sizeof(ZSTD_Sequence). + */ +ZSTDLIB_STATIC_API size_t ZSTD_sequenceBound(size_t srcSize); + +/*! ZSTD_generateSequences() : + * WARNING: This function is meant for debugging and informational purposes ONLY! + * Its implementation is flawed, and it will be deleted in a future version. + * It is not guaranteed to succeed, as there are several cases where it will give + * up and fail. You should NOT use this function in production code. + * + * This function is deprecated, and will be removed in a future version. + * + * Generate sequences using ZSTD_compress2(), given a source buffer. + * + * @param zc The compression context to be used for ZSTD_compress2(). Set any + * compression parameters you need on this context. + * @param outSeqs The output sequences buffer of size @p outSeqsSize + * @param outSeqsCapacity The size of the output sequences buffer. + * ZSTD_sequenceBound(srcSize) is an upper bound on the number + * of sequences that can be generated. + * @param src The source buffer to generate sequences from of size @p srcSize. + * @param srcSize The size of the source buffer. + * + * Each block will end with a dummy sequence + * with offset == 0, matchLength == 0, and litLength == length of last literals. + * litLength may be == 0, and if so, then the sequence of (of: 0 ml: 0 ll: 0) + * simply acts as a block delimiter. + * + * @returns The number of sequences generated, necessarily less than + * ZSTD_sequenceBound(srcSize), or an error code that can be checked + * with ZSTD_isError(). + */ +ZSTD_DEPRECATED("For debugging only, will be replaced by ZSTD_extractSequences()") +ZSTDLIB_STATIC_API size_t +ZSTD_generateSequences(ZSTD_CCtx* zc, + ZSTD_Sequence* outSeqs, size_t outSeqsCapacity, + const void* src, size_t srcSize); + +/*! ZSTD_mergeBlockDelimiters() : + * Given an array of ZSTD_Sequence, remove all sequences that represent block delimiters/last literals + * by merging them into the literals of the next sequence. + * + * As such, the final generated result has no explicit representation of block boundaries, + * and the final last literals segment is not represented in the sequences. + * + * The output of this function can be fed into ZSTD_compressSequences() with CCtx + * setting of ZSTD_c_blockDelimiters as ZSTD_sf_noBlockDelimiters + * @return : number of sequences left after merging + */ +ZSTDLIB_STATIC_API size_t ZSTD_mergeBlockDelimiters(ZSTD_Sequence* sequences, size_t seqsSize); + +/*! ZSTD_compressSequences() : + * Compress an array of ZSTD_Sequence, associated with @src buffer, into dst. + * @src contains the entire input (not just the literals). + * If @srcSize > sum(sequence.length), the remaining bytes are considered all literals + * If a dictionary is included, then the cctx should reference the dict (see: ZSTD_CCtx_refCDict(), ZSTD_CCtx_loadDictionary(), etc.). + * The entire source is compressed into a single frame. + * + * The compression behavior changes based on cctx params. In particular: + * If ZSTD_c_blockDelimiters == ZSTD_sf_noBlockDelimiters, the array of ZSTD_Sequence is expected to contain + * no block delimiters (defined in ZSTD_Sequence). Block boundaries are roughly determined based on + * the block size derived from the cctx, and sequences may be split. This is the default setting. + * + * If ZSTD_c_blockDelimiters == ZSTD_sf_explicitBlockDelimiters, the array of ZSTD_Sequence is expected to contain + * valid block delimiters (defined in ZSTD_Sequence). Behavior is undefined if no block delimiters are provided. + * + * When ZSTD_c_blockDelimiters == ZSTD_sf_explicitBlockDelimiters, it's possible to decide generating repcodes + * using the advanced parameter ZSTD_c_repcodeResolution. Repcodes will improve compression ratio, though the benefit + * can vary greatly depending on Sequences. On the other hand, repcode resolution is an expensive operation. + * By default, it's disabled at low (<10) compression levels, and enabled above the threshold (>=10). + * ZSTD_c_repcodeResolution makes it possible to directly manage this processing in either direction. + * + * If ZSTD_c_validateSequences == 0, this function blindly accepts the Sequences provided. Invalid Sequences cause undefined + * behavior. If ZSTD_c_validateSequences == 1, then the function will detect invalid Sequences (see doc/zstd_compression_format.md for + * specifics regarding offset/matchlength requirements) and then bail out and return an error. + * + * In addition to the two adjustable experimental params, there are other important cctx params. + * - ZSTD_c_minMatch MUST be set as less than or equal to the smallest match generated by the match finder. It has a minimum value of ZSTD_MINMATCH_MIN. + * - ZSTD_c_compressionLevel accordingly adjusts the strength of the entropy coder, as it would in typical compression. + * - ZSTD_c_windowLog affects offset validation: this function will return an error at higher debug levels if a provided offset + * is larger than what the spec allows for a given window log and dictionary (if present). See: doc/zstd_compression_format.md + * + * Note: Repcodes are, as of now, always re-calculated within this function, ZSTD_Sequence.rep is effectively unused. + * Dev Note: Once ability to ingest repcodes become available, the explicit block delims mode must respect those repcodes exactly, + * and cannot emit an RLE block that disagrees with the repcode history. + * @return : final compressed size, or a ZSTD error code. + */ +ZSTDLIB_STATIC_API size_t +ZSTD_compressSequences(ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, + const ZSTD_Sequence* inSeqs, size_t inSeqsSize, + const void* src, size_t srcSize); + + +/*! ZSTD_compressSequencesAndLiterals() : + * This is a variant of ZSTD_compressSequences() which, + * instead of receiving (src,srcSize) as input parameter, receives (literals,litSize), + * aka all the literals, already extracted and laid out into a single continuous buffer. + * This can be useful if the process generating the sequences also happens to generate the buffer of literals, + * thus skipping an extraction + caching stage. + * It's a speed optimization, useful when the right conditions are met, + * but it also features the following limitations: + * - Only supports explicit delimiter mode + * - Currently does not support Sequences validation (so input Sequences are trusted) + * - Not compatible with frame checksum, which must be disabled + * - If any block is incompressible, will fail and return an error + * - @litSize must be == sum of all @.litLength fields in @inSeqs. Any discrepancy will generate an error. + * - @litBufCapacity is the size of the underlying buffer into which literals are written, starting at address @literals. + * @litBufCapacity must be at least 8 bytes larger than @litSize. + * - @decompressedSize must be correct, and correspond to the sum of all Sequences. Any discrepancy will generate an error. + * @return : final compressed size, or a ZSTD error code. + */ +ZSTDLIB_STATIC_API size_t +ZSTD_compressSequencesAndLiterals(ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, + const ZSTD_Sequence* inSeqs, size_t nbSequences, + const void* literals, size_t litSize, size_t litBufCapacity, + size_t decompressedSize); + + +/*! ZSTD_writeSkippableFrame() : + * Generates a zstd skippable frame containing data given by src, and writes it to dst buffer. + * + * Skippable frames begin with a 4-byte magic number. There are 16 possible choices of magic number, + * ranging from ZSTD_MAGIC_SKIPPABLE_START to ZSTD_MAGIC_SKIPPABLE_START+15. + * As such, the parameter magicVariant controls the exact skippable frame magic number variant used, + * so the magic number used will be ZSTD_MAGIC_SKIPPABLE_START + magicVariant. + * + * Returns an error if destination buffer is not large enough, if the source size is not representable + * with a 4-byte unsigned int, or if the parameter magicVariant is greater than 15 (and therefore invalid). + * + * @return : number of bytes written or a ZSTD error. + */ +ZSTDLIB_STATIC_API size_t ZSTD_writeSkippableFrame(void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + unsigned magicVariant); + +/*! ZSTD_readSkippableFrame() : + * Retrieves the content of a zstd skippable frame starting at @src, and writes it to @dst buffer. + * + * The parameter @magicVariant will receive the magicVariant that was supplied when the frame was written, + * i.e. magicNumber - ZSTD_MAGIC_SKIPPABLE_START. + * This can be NULL if the caller is not interested in the magicVariant. + * + * Returns an error if destination buffer is not large enough, or if the frame is not skippable. + * + * @return : number of bytes written or a ZSTD error. + */ +ZSTDLIB_STATIC_API size_t ZSTD_readSkippableFrame(void* dst, size_t dstCapacity, + unsigned* magicVariant, + const void* src, size_t srcSize); + +/*! ZSTD_isSkippableFrame() : + * Tells if the content of `buffer` starts with a valid Frame Identifier for a skippable frame. + */ +ZSTDLIB_STATIC_API unsigned ZSTD_isSkippableFrame(const void* buffer, size_t size); + + + +/*************************************** +* Memory management +***************************************/ + +/*! ZSTD_estimate*() : + * These functions make it possible to estimate memory usage + * of a future {D,C}Ctx, before its creation. + * This is useful in combination with ZSTD_initStatic(), + * which makes it possible to employ a static buffer for ZSTD_CCtx* state. + * + * ZSTD_estimateCCtxSize() will provide a memory budget large enough + * to compress data of any size using one-shot compression ZSTD_compressCCtx() or ZSTD_compress2() + * associated with any compression level up to max specified one. + * The estimate will assume the input may be arbitrarily large, + * which is the worst case. + * + * Note that the size estimation is specific for one-shot compression, + * it is not valid for streaming (see ZSTD_estimateCStreamSize*()) + * nor other potential ways of using a ZSTD_CCtx* state. + * + * When srcSize can be bound by a known and rather "small" value, + * this knowledge can be used to provide a tighter budget estimation + * because the ZSTD_CCtx* state will need less memory for small inputs. + * This tighter estimation can be provided by employing more advanced functions + * ZSTD_estimateCCtxSize_usingCParams(), which can be used in tandem with ZSTD_getCParams(), + * and ZSTD_estimateCCtxSize_usingCCtxParams(), which can be used in tandem with ZSTD_CCtxParams_setParameter(). + * Both can be used to estimate memory using custom compression parameters and arbitrary srcSize limits. + * + * Note : only single-threaded compression is supported. + * ZSTD_estimateCCtxSize_usingCCtxParams() will return an error code if ZSTD_c_nbWorkers is >= 1. + */ +ZSTDLIB_STATIC_API size_t ZSTD_estimateCCtxSize(int maxCompressionLevel); +ZSTDLIB_STATIC_API size_t ZSTD_estimateCCtxSize_usingCParams(ZSTD_compressionParameters cParams); +ZSTDLIB_STATIC_API size_t ZSTD_estimateCCtxSize_usingCCtxParams(const ZSTD_CCtx_params* params); +ZSTDLIB_STATIC_API size_t ZSTD_estimateDCtxSize(void); + +/*! ZSTD_estimateCStreamSize() : + * ZSTD_estimateCStreamSize() will provide a memory budget large enough for streaming compression + * using any compression level up to the max specified one. + * It will also consider src size to be arbitrarily "large", which is a worst case scenario. + * If srcSize is known to always be small, ZSTD_estimateCStreamSize_usingCParams() can provide a tighter estimation. + * ZSTD_estimateCStreamSize_usingCParams() can be used in tandem with ZSTD_getCParams() to create cParams from compressionLevel. + * ZSTD_estimateCStreamSize_usingCCtxParams() can be used in tandem with ZSTD_CCtxParams_setParameter(). Only single-threaded compression is supported. This function will return an error code if ZSTD_c_nbWorkers is >= 1. + * Note : CStream size estimation is only correct for single-threaded compression. + * ZSTD_estimateCStreamSize_usingCCtxParams() will return an error code if ZSTD_c_nbWorkers is >= 1. + * Note 2 : ZSTD_estimateCStreamSize* functions are not compatible with the Block-Level Sequence Producer API at this time. + * Size estimates assume that no external sequence producer is registered. + * + * ZSTD_DStream memory budget depends on frame's window Size. + * This information can be passed manually, using ZSTD_estimateDStreamSize, + * or deducted from a valid frame Header, using ZSTD_estimateDStreamSize_fromFrame(); + * Any frame requesting a window size larger than max specified one will be rejected. + * Note : if streaming is init with function ZSTD_init?Stream_usingDict(), + * an internal ?Dict will be created, which additional size is not estimated here. + * In this case, get total size by adding ZSTD_estimate?DictSize + */ +ZSTDLIB_STATIC_API size_t ZSTD_estimateCStreamSize(int maxCompressionLevel); +ZSTDLIB_STATIC_API size_t ZSTD_estimateCStreamSize_usingCParams(ZSTD_compressionParameters cParams); +ZSTDLIB_STATIC_API size_t ZSTD_estimateCStreamSize_usingCCtxParams(const ZSTD_CCtx_params* params); +ZSTDLIB_STATIC_API size_t ZSTD_estimateDStreamSize(size_t maxWindowSize); +ZSTDLIB_STATIC_API size_t ZSTD_estimateDStreamSize_fromFrame(const void* src, size_t srcSize); + +/*! ZSTD_estimate?DictSize() : + * ZSTD_estimateCDictSize() will bet that src size is relatively "small", and content is copied, like ZSTD_createCDict(). + * ZSTD_estimateCDictSize_advanced() makes it possible to control compression parameters precisely, like ZSTD_createCDict_advanced(). + * Note : dictionaries created by reference (`ZSTD_dlm_byRef`) are logically smaller. + */ +ZSTDLIB_STATIC_API size_t ZSTD_estimateCDictSize(size_t dictSize, int compressionLevel); +ZSTDLIB_STATIC_API size_t ZSTD_estimateCDictSize_advanced(size_t dictSize, ZSTD_compressionParameters cParams, ZSTD_dictLoadMethod_e dictLoadMethod); +ZSTDLIB_STATIC_API size_t ZSTD_estimateDDictSize(size_t dictSize, ZSTD_dictLoadMethod_e dictLoadMethod); + +/*! ZSTD_initStatic*() : + * Initialize an object using a pre-allocated fixed-size buffer. + * workspace: The memory area to emplace the object into. + * Provided pointer *must be 8-bytes aligned*. + * Buffer must outlive object. + * workspaceSize: Use ZSTD_estimate*Size() to determine + * how large workspace must be to support target scenario. + * @return : pointer to object (same address as workspace, just different type), + * or NULL if error (size too small, incorrect alignment, etc.) + * Note : zstd will never resize nor malloc() when using a static buffer. + * If the object requires more memory than available, + * zstd will just error out (typically ZSTD_error_memory_allocation). + * Note 2 : there is no corresponding "free" function. + * Since workspace is allocated externally, it must be freed externally too. + * Note 3 : cParams : use ZSTD_getCParams() to convert a compression level + * into its associated cParams. + * Limitation 1 : currently not compatible with internal dictionary creation, triggered by + * ZSTD_CCtx_loadDictionary(), ZSTD_initCStream_usingDict() or ZSTD_initDStream_usingDict(). + * Limitation 2 : static cctx currently not compatible with multi-threading. + * Limitation 3 : static dctx is incompatible with legacy support. + */ +ZSTDLIB_STATIC_API ZSTD_CCtx* ZSTD_initStaticCCtx(void* workspace, size_t workspaceSize); +ZSTDLIB_STATIC_API ZSTD_CStream* ZSTD_initStaticCStream(void* workspace, size_t workspaceSize); /**< same as ZSTD_initStaticCCtx() */ + +ZSTDLIB_STATIC_API ZSTD_DCtx* ZSTD_initStaticDCtx(void* workspace, size_t workspaceSize); +ZSTDLIB_STATIC_API ZSTD_DStream* ZSTD_initStaticDStream(void* workspace, size_t workspaceSize); /**< same as ZSTD_initStaticDCtx() */ + +ZSTDLIB_STATIC_API const ZSTD_CDict* ZSTD_initStaticCDict( + void* workspace, size_t workspaceSize, + const void* dict, size_t dictSize, + ZSTD_dictLoadMethod_e dictLoadMethod, + ZSTD_dictContentType_e dictContentType, + ZSTD_compressionParameters cParams); + +ZSTDLIB_STATIC_API const ZSTD_DDict* ZSTD_initStaticDDict( + void* workspace, size_t workspaceSize, + const void* dict, size_t dictSize, + ZSTD_dictLoadMethod_e dictLoadMethod, + ZSTD_dictContentType_e dictContentType); + + +/*! Custom memory allocation : + * These prototypes make it possible to pass your own allocation/free functions. + * ZSTD_customMem is provided at creation time, using ZSTD_create*_advanced() variants listed below. + * All allocation/free operations will be completed using these custom variants instead of regular ones. + */ +typedef void* (*ZSTD_allocFunction) (void* opaque, size_t size); +typedef void (*ZSTD_freeFunction) (void* opaque, void* address); +typedef struct { ZSTD_allocFunction customAlloc; ZSTD_freeFunction customFree; void* opaque; } ZSTD_customMem; +static +#ifdef __GNUC__ +__attribute__((__unused__)) +#endif + +#if defined(__clang__) && __clang_major__ >= 5 +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wzero-as-null-pointer-constant" +#endif +ZSTD_customMem const ZSTD_defaultCMem = { NULL, NULL, NULL }; /**< this constant defers to stdlib's functions */ +#if defined(__clang__) && __clang_major__ >= 5 +#pragma clang diagnostic pop +#endif + +ZSTDLIB_STATIC_API ZSTD_CCtx* ZSTD_createCCtx_advanced(ZSTD_customMem customMem); +ZSTDLIB_STATIC_API ZSTD_CStream* ZSTD_createCStream_advanced(ZSTD_customMem customMem); +ZSTDLIB_STATIC_API ZSTD_DCtx* ZSTD_createDCtx_advanced(ZSTD_customMem customMem); +ZSTDLIB_STATIC_API ZSTD_DStream* ZSTD_createDStream_advanced(ZSTD_customMem customMem); + +ZSTDLIB_STATIC_API ZSTD_CDict* ZSTD_createCDict_advanced(const void* dict, size_t dictSize, + ZSTD_dictLoadMethod_e dictLoadMethod, + ZSTD_dictContentType_e dictContentType, + ZSTD_compressionParameters cParams, + ZSTD_customMem customMem); + +/*! Thread pool : + * These prototypes make it possible to share a thread pool among multiple compression contexts. + * This can limit resources for applications with multiple threads where each one uses + * a threaded compression mode (via ZSTD_c_nbWorkers parameter). + * ZSTD_createThreadPool creates a new thread pool with a given number of threads. + * Note that the lifetime of such pool must exist while being used. + * ZSTD_CCtx_refThreadPool assigns a thread pool to a context (use NULL argument value + * to use an internal thread pool). + * ZSTD_freeThreadPool frees a thread pool, accepts NULL pointer. + */ +typedef struct POOL_ctx_s ZSTD_threadPool; +ZSTDLIB_STATIC_API ZSTD_threadPool* ZSTD_createThreadPool(size_t numThreads); +ZSTDLIB_STATIC_API void ZSTD_freeThreadPool (ZSTD_threadPool* pool); /* accept NULL pointer */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_refThreadPool(ZSTD_CCtx* cctx, ZSTD_threadPool* pool); + + +/* + * This API is temporary and is expected to change or disappear in the future! + */ +ZSTDLIB_STATIC_API ZSTD_CDict* ZSTD_createCDict_advanced2( + const void* dict, size_t dictSize, + ZSTD_dictLoadMethod_e dictLoadMethod, + ZSTD_dictContentType_e dictContentType, + const ZSTD_CCtx_params* cctxParams, + ZSTD_customMem customMem); + +ZSTDLIB_STATIC_API ZSTD_DDict* ZSTD_createDDict_advanced( + const void* dict, size_t dictSize, + ZSTD_dictLoadMethod_e dictLoadMethod, + ZSTD_dictContentType_e dictContentType, + ZSTD_customMem customMem); + + +/*************************************** +* Advanced compression functions +***************************************/ + +/*! ZSTD_createCDict_byReference() : + * Create a digested dictionary for compression + * Dictionary content is just referenced, not duplicated. + * As a consequence, `dictBuffer` **must** outlive CDict, + * and its content must remain unmodified throughout the lifetime of CDict. + * note: equivalent to ZSTD_createCDict_advanced(), with dictLoadMethod==ZSTD_dlm_byRef */ +ZSTDLIB_STATIC_API ZSTD_CDict* ZSTD_createCDict_byReference(const void* dictBuffer, size_t dictSize, int compressionLevel); + +/*! ZSTD_getCParams() : + * @return ZSTD_compressionParameters structure for a selected compression level and estimated srcSize. + * `estimatedSrcSize` value is optional, select 0 if not known */ +ZSTDLIB_STATIC_API ZSTD_compressionParameters ZSTD_getCParams(int compressionLevel, unsigned long long estimatedSrcSize, size_t dictSize); + +/*! ZSTD_getParams() : + * same as ZSTD_getCParams(), but @return a full `ZSTD_parameters` object instead of sub-component `ZSTD_compressionParameters`. + * All fields of `ZSTD_frameParameters` are set to default : contentSize=1, checksum=0, noDictID=0 */ +ZSTDLIB_STATIC_API ZSTD_parameters ZSTD_getParams(int compressionLevel, unsigned long long estimatedSrcSize, size_t dictSize); + +/*! ZSTD_checkCParams() : + * Ensure param values remain within authorized range. + * @return 0 on success, or an error code (can be checked with ZSTD_isError()) */ +ZSTDLIB_STATIC_API size_t ZSTD_checkCParams(ZSTD_compressionParameters params); + +/*! ZSTD_adjustCParams() : + * optimize params for a given `srcSize` and `dictSize`. + * `srcSize` can be unknown, in which case use ZSTD_CONTENTSIZE_UNKNOWN. + * `dictSize` must be `0` when there is no dictionary. + * cPar can be invalid : all parameters will be clamped within valid range in the @return struct. + * This function never fails (wide contract) */ +ZSTDLIB_STATIC_API ZSTD_compressionParameters ZSTD_adjustCParams(ZSTD_compressionParameters cPar, unsigned long long srcSize, size_t dictSize); + +/*! ZSTD_CCtx_setCParams() : + * Set all parameters provided within @p cparams into the working @p cctx. + * Note : if modifying parameters during compression (MT mode only), + * note that changes to the .windowLog parameter will be ignored. + * @return 0 on success, or an error code (can be checked with ZSTD_isError()). + * On failure, no parameters are updated. + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_setCParams(ZSTD_CCtx* cctx, ZSTD_compressionParameters cparams); + +/*! ZSTD_CCtx_setFParams() : + * Set all parameters provided within @p fparams into the working @p cctx. + * @return 0 on success, or an error code (can be checked with ZSTD_isError()). + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_setFParams(ZSTD_CCtx* cctx, ZSTD_frameParameters fparams); + +/*! ZSTD_CCtx_setParams() : + * Set all parameters provided within @p params into the working @p cctx. + * @return 0 on success, or an error code (can be checked with ZSTD_isError()). + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_setParams(ZSTD_CCtx* cctx, ZSTD_parameters params); + +/*! ZSTD_compress_advanced() : + * Note : this function is now DEPRECATED. + * It can be replaced by ZSTD_compress2(), in combination with ZSTD_CCtx_setParameter() and other parameter setters. + * This prototype will generate compilation warnings. */ +ZSTD_DEPRECATED("use ZSTD_compress2") +ZSTDLIB_STATIC_API +size_t ZSTD_compress_advanced(ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + const void* dict,size_t dictSize, + ZSTD_parameters params); + +/*! ZSTD_compress_usingCDict_advanced() : + * Note : this function is now DEPRECATED. + * It can be replaced by ZSTD_compress2(), in combination with ZSTD_CCtx_loadDictionary() and other parameter setters. + * This prototype will generate compilation warnings. */ +ZSTD_DEPRECATED("use ZSTD_compress2 with ZSTD_CCtx_loadDictionary") +ZSTDLIB_STATIC_API +size_t ZSTD_compress_usingCDict_advanced(ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, + const void* src, size_t srcSize, + const ZSTD_CDict* cdict, + ZSTD_frameParameters fParams); + + +/*! ZSTD_CCtx_loadDictionary_byReference() : + * Same as ZSTD_CCtx_loadDictionary(), but dictionary content is referenced, instead of being copied into CCtx. + * It saves some memory, but also requires that `dict` outlives its usage within `cctx` */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_loadDictionary_byReference(ZSTD_CCtx* cctx, const void* dict, size_t dictSize); + +/*! ZSTD_CCtx_loadDictionary_advanced() : + * Same as ZSTD_CCtx_loadDictionary(), but gives finer control over + * how to load the dictionary (by copy ? by reference ?) + * and how to interpret it (automatic ? force raw mode ? full mode only ?) */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_loadDictionary_advanced(ZSTD_CCtx* cctx, const void* dict, size_t dictSize, ZSTD_dictLoadMethod_e dictLoadMethod, ZSTD_dictContentType_e dictContentType); + +/*! ZSTD_CCtx_refPrefix_advanced() : + * Same as ZSTD_CCtx_refPrefix(), but gives finer control over + * how to interpret prefix content (automatic ? force raw mode (default) ? full mode only ?) */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_refPrefix_advanced(ZSTD_CCtx* cctx, const void* prefix, size_t prefixSize, ZSTD_dictContentType_e dictContentType); + +/* === experimental parameters === */ +/* these parameters can be used with ZSTD_setParameter() + * they are not guaranteed to remain supported in the future */ + + /* Enables rsyncable mode, + * which makes compressed files more rsync friendly + * by adding periodic synchronization points to the compressed data. + * The target average block size is ZSTD_c_jobSize / 2. + * It's possible to modify the job size to increase or decrease + * the granularity of the synchronization point. + * Once the jobSize is smaller than the window size, + * it will result in compression ratio degradation. + * NOTE 1: rsyncable mode only works when multithreading is enabled. + * NOTE 2: rsyncable performs poorly in combination with long range mode, + * since it will decrease the effectiveness of synchronization points, + * though mileage may vary. + * NOTE 3: Rsyncable mode limits maximum compression speed to ~400 MB/s. + * If the selected compression level is already running significantly slower, + * the overall speed won't be significantly impacted. + */ + #define ZSTD_c_rsyncable ZSTD_c_experimentalParam1 + +/* Select a compression format. + * The value must be of type ZSTD_format_e. + * See ZSTD_format_e enum definition for details */ +#define ZSTD_c_format ZSTD_c_experimentalParam2 + +/* Force back-reference distances to remain < windowSize, + * even when referencing into Dictionary content (default:0) */ +#define ZSTD_c_forceMaxWindow ZSTD_c_experimentalParam3 + +/* Controls whether the contents of a CDict + * are used in place, or copied into the working context. + * Accepts values from the ZSTD_dictAttachPref_e enum. + * See the comments on that enum for an explanation of the feature. */ +#define ZSTD_c_forceAttachDict ZSTD_c_experimentalParam4 + +/* Controlled with ZSTD_ParamSwitch_e enum. + * Default is ZSTD_ps_auto. + * Set to ZSTD_ps_disable to never compress literals. + * Set to ZSTD_ps_enable to always compress literals. (Note: uncompressed literals + * may still be emitted if huffman is not beneficial to use.) + * + * By default, in ZSTD_ps_auto, the library will decide at runtime whether to use + * literals compression based on the compression parameters - specifically, + * negative compression levels do not use literal compression. + */ +#define ZSTD_c_literalCompressionMode ZSTD_c_experimentalParam5 + +/* User's best guess of source size. + * Hint is not valid when srcSizeHint == 0. + * There is no guarantee that hint is close to actual source size, + * but compression ratio may regress significantly if guess considerably underestimates */ +#define ZSTD_c_srcSizeHint ZSTD_c_experimentalParam7 + +/* Controls whether the new and experimental "dedicated dictionary search + * structure" can be used. This feature is still rough around the edges, be + * prepared for surprising behavior! + * + * How to use it: + * + * When using a CDict, whether to use this feature or not is controlled at + * CDict creation, and it must be set in a CCtxParams set passed into that + * construction (via ZSTD_createCDict_advanced2()). A compression will then + * use the feature or not based on how the CDict was constructed; the value of + * this param, set in the CCtx, will have no effect. + * + * However, when a dictionary buffer is passed into a CCtx, such as via + * ZSTD_CCtx_loadDictionary(), this param can be set on the CCtx to control + * whether the CDict that is created internally can use the feature or not. + * + * What it does: + * + * Normally, the internal data structures of the CDict are analogous to what + * would be stored in a CCtx after compressing the contents of a dictionary. + * To an approximation, a compression using a dictionary can then use those + * data structures to simply continue what is effectively a streaming + * compression where the simulated compression of the dictionary left off. + * Which is to say, the search structures in the CDict are normally the same + * format as in the CCtx. + * + * It is possible to do better, since the CDict is not like a CCtx: the search + * structures are written once during CDict creation, and then are only read + * after that, while the search structures in the CCtx are both read and + * written as the compression goes along. This means we can choose a search + * structure for the dictionary that is read-optimized. + * + * This feature enables the use of that different structure. + * + * Note that some of the members of the ZSTD_compressionParameters struct have + * different semantics and constraints in the dedicated search structure. It is + * highly recommended that you simply set a compression level in the CCtxParams + * you pass into the CDict creation call, and avoid messing with the cParams + * directly. + * + * Effects: + * + * This will only have any effect when the selected ZSTD_strategy + * implementation supports this feature. Currently, that's limited to + * ZSTD_greedy, ZSTD_lazy, and ZSTD_lazy2. + * + * Note that this means that the CDict tables can no longer be copied into the + * CCtx, so the dict attachment mode ZSTD_dictForceCopy will no longer be + * usable. The dictionary can only be attached or reloaded. + * + * In general, you should expect compression to be faster--sometimes very much + * so--and CDict creation to be slightly slower. Eventually, we will probably + * make this mode the default. + */ +#define ZSTD_c_enableDedicatedDictSearch ZSTD_c_experimentalParam8 + +/* ZSTD_c_stableInBuffer + * Experimental parameter. + * Default is 0 == disabled. Set to 1 to enable. + * + * Tells the compressor that input data presented with ZSTD_inBuffer + * will ALWAYS be the same between calls. + * Technically, the @src pointer must never be changed, + * and the @pos field can only be updated by zstd. + * However, it's possible to increase the @size field, + * allowing scenarios where more data can be appended after compressions starts. + * These conditions are checked by the compressor, + * and compression will fail if they are not respected. + * Also, data in the ZSTD_inBuffer within the range [src, src + pos) + * MUST not be modified during compression or it will result in data corruption. + * + * When this flag is enabled zstd won't allocate an input window buffer, + * because the user guarantees it can reference the ZSTD_inBuffer until + * the frame is complete. But, it will still allocate an output buffer + * large enough to fit a block (see ZSTD_c_stableOutBuffer). This will also + * avoid the memcpy() from the input buffer to the input window buffer. + * + * NOTE: So long as the ZSTD_inBuffer always points to valid memory, using + * this flag is ALWAYS memory safe, and will never access out-of-bounds + * memory. However, compression WILL fail if conditions are not respected. + * + * WARNING: The data in the ZSTD_inBuffer in the range [src, src + pos) MUST + * not be modified during compression or it will result in data corruption. + * This is because zstd needs to reference data in the ZSTD_inBuffer to find + * matches. Normally zstd maintains its own window buffer for this purpose, + * but passing this flag tells zstd to rely on user provided buffer instead. + */ +#define ZSTD_c_stableInBuffer ZSTD_c_experimentalParam9 + +/* ZSTD_c_stableOutBuffer + * Experimental parameter. + * Default is 0 == disabled. Set to 1 to enable. + * + * Tells he compressor that the ZSTD_outBuffer will not be resized between + * calls. Specifically: (out.size - out.pos) will never grow. This gives the + * compressor the freedom to say: If the compressed data doesn't fit in the + * output buffer then return ZSTD_error_dstSizeTooSmall. This allows us to + * always decompress directly into the output buffer, instead of decompressing + * into an internal buffer and copying to the output buffer. + * + * When this flag is enabled zstd won't allocate an output buffer, because + * it can write directly to the ZSTD_outBuffer. It will still allocate the + * input window buffer (see ZSTD_c_stableInBuffer). + * + * Zstd will check that (out.size - out.pos) never grows and return an error + * if it does. While not strictly necessary, this should prevent surprises. + */ +#define ZSTD_c_stableOutBuffer ZSTD_c_experimentalParam10 + +/* ZSTD_c_blockDelimiters + * Default is 0 == ZSTD_sf_noBlockDelimiters. + * + * For use with sequence compression API: ZSTD_compressSequences(). + * + * Designates whether or not the given array of ZSTD_Sequence contains block delimiters + * and last literals, which are defined as sequences with offset == 0 and matchLength == 0. + * See the definition of ZSTD_Sequence for more specifics. + */ +#define ZSTD_c_blockDelimiters ZSTD_c_experimentalParam11 + +/* ZSTD_c_validateSequences + * Default is 0 == disabled. Set to 1 to enable sequence validation. + * + * For use with sequence compression API: ZSTD_compressSequences*(). + * Designates whether or not provided sequences are validated within ZSTD_compressSequences*() + * during function execution. + * + * When Sequence validation is disabled (default), Sequences are compressed as-is, + * so they must correct, otherwise it would result in a corruption error. + * + * Sequence validation adds some protection, by ensuring that all values respect boundary conditions. + * If a Sequence is detected invalid (see doc/zstd_compression_format.md for + * specifics regarding offset/matchlength requirements) then the function will bail out and + * return an error. + */ +#define ZSTD_c_validateSequences ZSTD_c_experimentalParam12 + +/* ZSTD_c_blockSplitterLevel + * note: this parameter only influences the first splitter stage, + * which is active before producing the sequences. + * ZSTD_c_splitAfterSequences controls the next splitter stage, + * which is active after sequence production. + * Note that both can be combined. + * Allowed values are between 0 and ZSTD_BLOCKSPLITTER_LEVEL_MAX included. + * 0 means "auto", which will select a value depending on current ZSTD_c_strategy. + * 1 means no splitting. + * Then, values from 2 to 6 are sorted in increasing cpu load order. + * + * Note that currently the first block is never split, + * to ensure expansion guarantees in presence of incompressible data. + */ +#define ZSTD_BLOCKSPLITTER_LEVEL_MAX 6 +#define ZSTD_c_blockSplitterLevel ZSTD_c_experimentalParam20 + +/* ZSTD_c_splitAfterSequences + * This is a stronger splitter algorithm, + * based on actual sequences previously produced by the selected parser. + * It's also slower, and as a consequence, mostly used for high compression levels. + * While the post-splitter does overlap with the pre-splitter, + * both can nonetheless be combined, + * notably with ZSTD_c_blockSplitterLevel at ZSTD_BLOCKSPLITTER_LEVEL_MAX, + * resulting in higher compression ratio than just one of them. + * + * Default is ZSTD_ps_auto. + * Set to ZSTD_ps_disable to never use block splitter. + * Set to ZSTD_ps_enable to always use block splitter. + * + * By default, in ZSTD_ps_auto, the library will decide at runtime whether to use + * block splitting based on the compression parameters. + */ +#define ZSTD_c_splitAfterSequences ZSTD_c_experimentalParam13 + +/* ZSTD_c_useRowMatchFinder + * Controlled with ZSTD_ParamSwitch_e enum. + * Default is ZSTD_ps_auto. + * Set to ZSTD_ps_disable to never use row-based matchfinder. + * Set to ZSTD_ps_enable to force usage of row-based matchfinder. + * + * By default, in ZSTD_ps_auto, the library will decide at runtime whether to use + * the row-based matchfinder based on support for SIMD instructions and the window log. + * Note that this only pertains to compression strategies: greedy, lazy, and lazy2 + */ +#define ZSTD_c_useRowMatchFinder ZSTD_c_experimentalParam14 + +/* ZSTD_c_deterministicRefPrefix + * Default is 0 == disabled. Set to 1 to enable. + * + * Zstd produces different results for prefix compression when the prefix is + * directly adjacent to the data about to be compressed vs. when it isn't. + * This is because zstd detects that the two buffers are contiguous and it can + * use a more efficient match finding algorithm. However, this produces different + * results than when the two buffers are non-contiguous. This flag forces zstd + * to always load the prefix in non-contiguous mode, even if it happens to be + * adjacent to the data, to guarantee determinism. + * + * If you really care about determinism when using a dictionary or prefix, + * like when doing delta compression, you should select this option. It comes + * at a speed penalty of about ~2.5% if the dictionary and data happened to be + * contiguous, and is free if they weren't contiguous. We don't expect that + * intentionally making the dictionary and data contiguous will be worth the + * cost to memcpy() the data. + */ +#define ZSTD_c_deterministicRefPrefix ZSTD_c_experimentalParam15 + +/* ZSTD_c_prefetchCDictTables + * Controlled with ZSTD_ParamSwitch_e enum. Default is ZSTD_ps_auto. + * + * In some situations, zstd uses CDict tables in-place rather than copying them + * into the working context. (See docs on ZSTD_dictAttachPref_e above for details). + * In such situations, compression speed is seriously impacted when CDict tables are + * "cold" (outside CPU cache). This parameter instructs zstd to prefetch CDict tables + * when they are used in-place. + * + * For sufficiently small inputs, the cost of the prefetch will outweigh the benefit. + * For sufficiently large inputs, zstd will by default memcpy() CDict tables + * into the working context, so there is no need to prefetch. This parameter is + * targeted at a middle range of input sizes, where a prefetch is cheap enough to be + * useful but memcpy() is too expensive. The exact range of input sizes where this + * makes sense is best determined by careful experimentation. + * + * Note: for this parameter, ZSTD_ps_auto is currently equivalent to ZSTD_ps_disable, + * but in the future zstd may conditionally enable this feature via an auto-detection + * heuristic for cold CDicts. + * Use ZSTD_ps_disable to opt out of prefetching under any circumstances. + */ +#define ZSTD_c_prefetchCDictTables ZSTD_c_experimentalParam16 + +/* ZSTD_c_enableSeqProducerFallback + * Allowed values are 0 (disable) and 1 (enable). The default setting is 0. + * + * Controls whether zstd will fall back to an internal sequence producer if an + * external sequence producer is registered and returns an error code. This fallback + * is block-by-block: the internal sequence producer will only be called for blocks + * where the external sequence producer returns an error code. Fallback parsing will + * follow any other cParam settings, such as compression level, the same as in a + * normal (fully-internal) compression operation. + * + * The user is strongly encouraged to read the full Block-Level Sequence Producer API + * documentation (below) before setting this parameter. */ +#define ZSTD_c_enableSeqProducerFallback ZSTD_c_experimentalParam17 + +/* ZSTD_c_maxBlockSize + * Allowed values are between 1KB and ZSTD_BLOCKSIZE_MAX (128KB). + * The default is ZSTD_BLOCKSIZE_MAX, and setting to 0 will set to the default. + * + * This parameter can be used to set an upper bound on the blocksize + * that overrides the default ZSTD_BLOCKSIZE_MAX. It cannot be used to set upper + * bounds greater than ZSTD_BLOCKSIZE_MAX or bounds lower than 1KB (will make + * compressBound() inaccurate). Only currently meant to be used for testing. + */ +#define ZSTD_c_maxBlockSize ZSTD_c_experimentalParam18 + +/* ZSTD_c_repcodeResolution + * This parameter only has an effect if ZSTD_c_blockDelimiters is + * set to ZSTD_sf_explicitBlockDelimiters (may change in the future). + * + * This parameter affects how zstd parses external sequences, + * provided via the ZSTD_compressSequences*() API + * or from an external block-level sequence producer. + * + * If set to ZSTD_ps_enable, the library will check for repeated offsets within + * external sequences, even if those repcodes are not explicitly indicated in + * the "rep" field. Note that this is the only way to exploit repcode matches + * while using compressSequences*() or an external sequence producer, since zstd + * currently ignores the "rep" field of external sequences. + * + * If set to ZSTD_ps_disable, the library will not exploit repeated offsets in + * external sequences, regardless of whether the "rep" field has been set. This + * reduces sequence compression overhead by about 25% while sacrificing some + * compression ratio. + * + * The default value is ZSTD_ps_auto, for which the library will enable/disable + * based on compression level (currently: level<10 disables, level>=10 enables). + */ +#define ZSTD_c_repcodeResolution ZSTD_c_experimentalParam19 +#define ZSTD_c_searchForExternalRepcodes ZSTD_c_experimentalParam19 /* older name */ + + +/*! ZSTD_CCtx_getParameter() : + * Get the requested compression parameter value, selected by enum ZSTD_cParameter, + * and store it into int* value. + * @return : 0, or an error code (which can be tested with ZSTD_isError()). + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_getParameter(const ZSTD_CCtx* cctx, ZSTD_cParameter param, int* value); + + +/*! ZSTD_CCtx_params : + * Quick howto : + * - ZSTD_createCCtxParams() : Create a ZSTD_CCtx_params structure + * - ZSTD_CCtxParams_setParameter() : Push parameters one by one into + * an existing ZSTD_CCtx_params structure. + * This is similar to + * ZSTD_CCtx_setParameter(). + * - ZSTD_CCtx_setParametersUsingCCtxParams() : Apply parameters to + * an existing CCtx. + * These parameters will be applied to + * all subsequent frames. + * - ZSTD_compressStream2() : Do compression using the CCtx. + * - ZSTD_freeCCtxParams() : Free the memory, accept NULL pointer. + * + * This can be used with ZSTD_estimateCCtxSize_advanced_usingCCtxParams() + * for static allocation of CCtx for single-threaded compression. + */ +ZSTDLIB_STATIC_API ZSTD_CCtx_params* ZSTD_createCCtxParams(void); +ZSTDLIB_STATIC_API size_t ZSTD_freeCCtxParams(ZSTD_CCtx_params* params); /* accept NULL pointer */ + +/*! ZSTD_CCtxParams_reset() : + * Reset params to default values. + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtxParams_reset(ZSTD_CCtx_params* params); + +/*! ZSTD_CCtxParams_init() : + * Initializes the compression parameters of cctxParams according to + * compression level. All other parameters are reset to their default values. + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtxParams_init(ZSTD_CCtx_params* cctxParams, int compressionLevel); + +/*! ZSTD_CCtxParams_init_advanced() : + * Initializes the compression and frame parameters of cctxParams according to + * params. All other parameters are reset to their default values. + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtxParams_init_advanced(ZSTD_CCtx_params* cctxParams, ZSTD_parameters params); + +/*! ZSTD_CCtxParams_setParameter() : Requires v1.4.0+ + * Similar to ZSTD_CCtx_setParameter. + * Set one compression parameter, selected by enum ZSTD_cParameter. + * Parameters must be applied to a ZSTD_CCtx using + * ZSTD_CCtx_setParametersUsingCCtxParams(). + * @result : a code representing success or failure (which can be tested with + * ZSTD_isError()). + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtxParams_setParameter(ZSTD_CCtx_params* params, ZSTD_cParameter param, int value); + +/*! ZSTD_CCtxParams_getParameter() : + * Similar to ZSTD_CCtx_getParameter. + * Get the requested value of one compression parameter, selected by enum ZSTD_cParameter. + * @result : 0, or an error code (which can be tested with ZSTD_isError()). + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtxParams_getParameter(const ZSTD_CCtx_params* params, ZSTD_cParameter param, int* value); + +/*! ZSTD_CCtx_setParametersUsingCCtxParams() : + * Apply a set of ZSTD_CCtx_params to the compression context. + * This can be done even after compression is started, + * if nbWorkers==0, this will have no impact until a new compression is started. + * if nbWorkers>=1, new parameters will be picked up at next job, + * with a few restrictions (windowLog, pledgedSrcSize, nbWorkers, jobSize, and overlapLog are not updated). + */ +ZSTDLIB_STATIC_API size_t ZSTD_CCtx_setParametersUsingCCtxParams( + ZSTD_CCtx* cctx, const ZSTD_CCtx_params* params); + +/*! ZSTD_compressStream2_simpleArgs() : + * Same as ZSTD_compressStream2(), + * but using only integral types as arguments. + * This variant might be helpful for binders from dynamic languages + * which have troubles handling structures containing memory pointers. + */ +ZSTDLIB_STATIC_API size_t ZSTD_compressStream2_simpleArgs ( + ZSTD_CCtx* cctx, + void* dst, size_t dstCapacity, size_t* dstPos, + const void* src, size_t srcSize, size_t* srcPos, + ZSTD_EndDirective endOp); + + +/*************************************** +* Advanced decompression functions +***************************************/ + +/*! ZSTD_isFrame() : + * Tells if the content of `buffer` starts with a valid Frame Identifier. + * Note : Frame Identifier is 4 bytes. If `size < 4`, @return will always be 0. + * Note 2 : Legacy Frame Identifiers are considered valid only if Legacy Support is enabled. + * Note 3 : Skippable Frame Identifiers are considered valid. */ +ZSTDLIB_STATIC_API unsigned ZSTD_isFrame(const void* buffer, size_t size); + +/*! ZSTD_createDDict_byReference() : + * Create a digested dictionary, ready to start decompression operation without startup delay. + * Dictionary content is referenced, and therefore stays in dictBuffer. + * It is important that dictBuffer outlives DDict, + * it must remain read accessible throughout the lifetime of DDict */ +ZSTDLIB_STATIC_API ZSTD_DDict* ZSTD_createDDict_byReference(const void* dictBuffer, size_t dictSize); + +/*! ZSTD_DCtx_loadDictionary_byReference() : + * Same as ZSTD_DCtx_loadDictionary(), + * but references `dict` content instead of copying it into `dctx`. + * This saves memory if `dict` remains around., + * However, it's imperative that `dict` remains accessible (and unmodified) while being used, so it must outlive decompression. */ +ZSTDLIB_STATIC_API size_t ZSTD_DCtx_loadDictionary_byReference(ZSTD_DCtx* dctx, const void* dict, size_t dictSize); + +/*! ZSTD_DCtx_loadDictionary_advanced() : + * Same as ZSTD_DCtx_loadDictionary(), + * but gives direct control over + * how to load the dictionary (by copy ? by reference ?) + * and how to interpret it (automatic ? force raw mode ? full mode only ?). */ +ZSTDLIB_STATIC_API size_t ZSTD_DCtx_loadDictionary_advanced(ZSTD_DCtx* dctx, const void* dict, size_t dictSize, ZSTD_dictLoadMethod_e dictLoadMethod, ZSTD_dictContentType_e dictContentType); + +/*! ZSTD_DCtx_refPrefix_advanced() : + * Same as ZSTD_DCtx_refPrefix(), but gives finer control over + * how to interpret prefix content (automatic ? force raw mode (default) ? full mode only ?) */ +ZSTDLIB_STATIC_API size_t ZSTD_DCtx_refPrefix_advanced(ZSTD_DCtx* dctx, const void* prefix, size_t prefixSize, ZSTD_dictContentType_e dictContentType); + +/*! ZSTD_DCtx_setMaxWindowSize() : + * Refuses allocating internal buffers for frames requiring a window size larger than provided limit. + * This protects a decoder context from reserving too much memory for itself (potential attack scenario). + * This parameter is only useful in streaming mode, since no internal buffer is allocated in single-pass mode. + * By default, a decompression context accepts all window sizes <= (1 << ZSTD_WINDOWLOG_LIMIT_DEFAULT) + * @return : 0, or an error code (which can be tested using ZSTD_isError()). + */ +ZSTDLIB_STATIC_API size_t ZSTD_DCtx_setMaxWindowSize(ZSTD_DCtx* dctx, size_t maxWindowSize); + +/*! ZSTD_DCtx_getParameter() : + * Get the requested decompression parameter value, selected by enum ZSTD_dParameter, + * and store it into int* value. + * @return : 0, or an error code (which can be tested with ZSTD_isError()). + */ +ZSTDLIB_STATIC_API size_t ZSTD_DCtx_getParameter(ZSTD_DCtx* dctx, ZSTD_dParameter param, int* value); + +/* ZSTD_d_format + * experimental parameter, + * allowing selection between ZSTD_format_e input compression formats + */ +#define ZSTD_d_format ZSTD_d_experimentalParam1 +/* ZSTD_d_stableOutBuffer + * Experimental parameter. + * Default is 0 == disabled. Set to 1 to enable. + * + * Tells the decompressor that the ZSTD_outBuffer will ALWAYS be the same + * between calls, except for the modifications that zstd makes to pos (the + * caller must not modify pos). This is checked by the decompressor, and + * decompression will fail if it ever changes. Therefore the ZSTD_outBuffer + * MUST be large enough to fit the entire decompressed frame. This will be + * checked when the frame content size is known. The data in the ZSTD_outBuffer + * in the range [dst, dst + pos) MUST not be modified during decompression + * or you will get data corruption. + * + * When this flag is enabled zstd won't allocate an output buffer, because + * it can write directly to the ZSTD_outBuffer, but it will still allocate + * an input buffer large enough to fit any compressed block. This will also + * avoid the memcpy() from the internal output buffer to the ZSTD_outBuffer. + * If you need to avoid the input buffer allocation use the buffer-less + * streaming API. + * + * NOTE: So long as the ZSTD_outBuffer always points to valid memory, using + * this flag is ALWAYS memory safe, and will never access out-of-bounds + * memory. However, decompression WILL fail if you violate the preconditions. + * + * WARNING: The data in the ZSTD_outBuffer in the range [dst, dst + pos) MUST + * not be modified during decompression or you will get data corruption. This + * is because zstd needs to reference data in the ZSTD_outBuffer to regenerate + * matches. Normally zstd maintains its own buffer for this purpose, but passing + * this flag tells zstd to use the user provided buffer. + */ +#define ZSTD_d_stableOutBuffer ZSTD_d_experimentalParam2 + +/* ZSTD_d_forceIgnoreChecksum + * Experimental parameter. + * Default is 0 == disabled. Set to 1 to enable + * + * Tells the decompressor to skip checksum validation during decompression, regardless + * of whether checksumming was specified during compression. This offers some + * slight performance benefits, and may be useful for debugging. + * Param has values of type ZSTD_forceIgnoreChecksum_e + */ +#define ZSTD_d_forceIgnoreChecksum ZSTD_d_experimentalParam3 + +/* ZSTD_d_refMultipleDDicts + * Experimental parameter. + * Default is 0 == disabled. Set to 1 to enable + * + * If enabled and dctx is allocated on the heap, then additional memory will be allocated + * to store references to multiple ZSTD_DDict. That is, multiple calls of ZSTD_refDDict() + * using a given ZSTD_DCtx, rather than overwriting the previous DDict reference, will instead + * store all references. At decompression time, the appropriate dictID is selected + * from the set of DDicts based on the dictID in the frame. + * + * Usage is simply calling ZSTD_refDDict() on multiple dict buffers. + * + * Param has values of byte ZSTD_refMultipleDDicts_e + * + * WARNING: Enabling this parameter and calling ZSTD_DCtx_refDDict(), will trigger memory + * allocation for the hash table. ZSTD_freeDCtx() also frees this memory. + * Memory is allocated as per ZSTD_DCtx::customMem. + * + * Although this function allocates memory for the table, the user is still responsible for + * memory management of the underlying ZSTD_DDict* themselves. + */ +#define ZSTD_d_refMultipleDDicts ZSTD_d_experimentalParam4 + +/* ZSTD_d_disableHuffmanAssembly + * Set to 1 to disable the Huffman assembly implementation. + * The default value is 0, which allows zstd to use the Huffman assembly + * implementation if available. + * + * This parameter can be used to disable Huffman assembly at runtime. + * If you want to disable it at compile time you can define the macro + * ZSTD_DISABLE_ASM. + */ +#define ZSTD_d_disableHuffmanAssembly ZSTD_d_experimentalParam5 + +/* ZSTD_d_maxBlockSize + * Allowed values are between 1KB and ZSTD_BLOCKSIZE_MAX (128KB). + * The default is ZSTD_BLOCKSIZE_MAX, and setting to 0 will set to the default. + * + * Forces the decompressor to reject blocks whose content size is + * larger than the configured maxBlockSize. When maxBlockSize is + * larger than the windowSize, the windowSize is used instead. + * This saves memory on the decoder when you know all blocks are small. + * + * This option is typically used in conjunction with ZSTD_c_maxBlockSize. + * + * WARNING: This causes the decoder to reject otherwise valid frames + * that have block sizes larger than the configured maxBlockSize. + */ +#define ZSTD_d_maxBlockSize ZSTD_d_experimentalParam6 + + +/*! ZSTD_DCtx_setFormat() : + * This function is REDUNDANT. Prefer ZSTD_DCtx_setParameter(). + * Instruct the decoder context about what kind of data to decode next. + * This instruction is mandatory to decode data without a fully-formed header, + * such ZSTD_f_zstd1_magicless for example. + * @return : 0, or an error code (which can be tested using ZSTD_isError()). */ +ZSTD_DEPRECATED("use ZSTD_DCtx_setParameter() instead") +ZSTDLIB_STATIC_API +size_t ZSTD_DCtx_setFormat(ZSTD_DCtx* dctx, ZSTD_format_e format); + +/*! ZSTD_decompressStream_simpleArgs() : + * Same as ZSTD_decompressStream(), + * but using only integral types as arguments. + * This can be helpful for binders from dynamic languages + * which have troubles handling structures containing memory pointers. + */ +ZSTDLIB_STATIC_API size_t ZSTD_decompressStream_simpleArgs ( + ZSTD_DCtx* dctx, + void* dst, size_t dstCapacity, size_t* dstPos, + const void* src, size_t srcSize, size_t* srcPos); + + +/******************************************************************** +* Advanced streaming functions +* Warning : most of these functions are now redundant with the Advanced API. +* Once Advanced API reaches "stable" status, +* redundant functions will be deprecated, and then at some point removed. +********************************************************************/ + +/*===== Advanced Streaming compression functions =====*/ + +/*! ZSTD_initCStream_srcSize() : + * This function is DEPRECATED, and equivalent to: + * ZSTD_CCtx_reset(zcs, ZSTD_reset_session_only); + * ZSTD_CCtx_refCDict(zcs, NULL); // clear the dictionary (if any) + * ZSTD_CCtx_setParameter(zcs, ZSTD_c_compressionLevel, compressionLevel); + * ZSTD_CCtx_setPledgedSrcSize(zcs, pledgedSrcSize); + * + * pledgedSrcSize must be correct. If it is not known at init time, use + * ZSTD_CONTENTSIZE_UNKNOWN. Note that, for compatibility with older programs, + * "0" also disables frame content size field. It may be enabled in the future. + * This prototype will generate compilation warnings. + */ +ZSTD_DEPRECATED("use ZSTD_CCtx_reset, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API +size_t ZSTD_initCStream_srcSize(ZSTD_CStream* zcs, + int compressionLevel, + unsigned long long pledgedSrcSize); + +/*! ZSTD_initCStream_usingDict() : + * This function is DEPRECATED, and is equivalent to: + * ZSTD_CCtx_reset(zcs, ZSTD_reset_session_only); + * ZSTD_CCtx_setParameter(zcs, ZSTD_c_compressionLevel, compressionLevel); + * ZSTD_CCtx_loadDictionary(zcs, dict, dictSize); + * + * Creates of an internal CDict (incompatible with static CCtx), except if + * dict == NULL or dictSize < 8, in which case no dict is used. + * Note: dict is loaded with ZSTD_dct_auto (treated as a full zstd dictionary if + * it begins with ZSTD_MAGIC_DICTIONARY, else as raw content) and ZSTD_dlm_byCopy. + * This prototype will generate compilation warnings. + */ +ZSTD_DEPRECATED("use ZSTD_CCtx_reset, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API +size_t ZSTD_initCStream_usingDict(ZSTD_CStream* zcs, + const void* dict, size_t dictSize, + int compressionLevel); + +/*! ZSTD_initCStream_advanced() : + * This function is DEPRECATED, and is equivalent to: + * ZSTD_CCtx_reset(zcs, ZSTD_reset_session_only); + * ZSTD_CCtx_setParams(zcs, params); + * ZSTD_CCtx_setPledgedSrcSize(zcs, pledgedSrcSize); + * ZSTD_CCtx_loadDictionary(zcs, dict, dictSize); + * + * dict is loaded with ZSTD_dct_auto and ZSTD_dlm_byCopy. + * pledgedSrcSize must be correct. + * If srcSize is not known at init time, use value ZSTD_CONTENTSIZE_UNKNOWN. + * This prototype will generate compilation warnings. + */ +ZSTD_DEPRECATED("use ZSTD_CCtx_reset, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API +size_t ZSTD_initCStream_advanced(ZSTD_CStream* zcs, + const void* dict, size_t dictSize, + ZSTD_parameters params, + unsigned long long pledgedSrcSize); + +/*! ZSTD_initCStream_usingCDict() : + * This function is DEPRECATED, and equivalent to: + * ZSTD_CCtx_reset(zcs, ZSTD_reset_session_only); + * ZSTD_CCtx_refCDict(zcs, cdict); + * + * note : cdict will just be referenced, and must outlive compression session + * This prototype will generate compilation warnings. + */ +ZSTD_DEPRECATED("use ZSTD_CCtx_reset and ZSTD_CCtx_refCDict, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API +size_t ZSTD_initCStream_usingCDict(ZSTD_CStream* zcs, const ZSTD_CDict* cdict); + +/*! ZSTD_initCStream_usingCDict_advanced() : + * This function is DEPRECATED, and is equivalent to: + * ZSTD_CCtx_reset(zcs, ZSTD_reset_session_only); + * ZSTD_CCtx_setFParams(zcs, fParams); + * ZSTD_CCtx_setPledgedSrcSize(zcs, pledgedSrcSize); + * ZSTD_CCtx_refCDict(zcs, cdict); + * + * same as ZSTD_initCStream_usingCDict(), with control over frame parameters. + * pledgedSrcSize must be correct. If srcSize is not known at init time, use + * value ZSTD_CONTENTSIZE_UNKNOWN. + * This prototype will generate compilation warnings. + */ +ZSTD_DEPRECATED("use ZSTD_CCtx_reset and ZSTD_CCtx_refCDict, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API +size_t ZSTD_initCStream_usingCDict_advanced(ZSTD_CStream* zcs, + const ZSTD_CDict* cdict, + ZSTD_frameParameters fParams, + unsigned long long pledgedSrcSize); + +/*! ZSTD_resetCStream() : + * This function is DEPRECATED, and is equivalent to: + * ZSTD_CCtx_reset(zcs, ZSTD_reset_session_only); + * ZSTD_CCtx_setPledgedSrcSize(zcs, pledgedSrcSize); + * Note: ZSTD_resetCStream() interprets pledgedSrcSize == 0 as ZSTD_CONTENTSIZE_UNKNOWN, but + * ZSTD_CCtx_setPledgedSrcSize() does not do the same, so ZSTD_CONTENTSIZE_UNKNOWN must be + * explicitly specified. + * + * start a new frame, using same parameters from previous frame. + * This is typically useful to skip dictionary loading stage, since it will reuse it in-place. + * Note that zcs must be init at least once before using ZSTD_resetCStream(). + * If pledgedSrcSize is not known at reset time, use macro ZSTD_CONTENTSIZE_UNKNOWN. + * If pledgedSrcSize > 0, its value must be correct, as it will be written in header, and controlled at the end. + * For the time being, pledgedSrcSize==0 is interpreted as "srcSize unknown" for compatibility with older programs, + * but it will change to mean "empty" in future version, so use macro ZSTD_CONTENTSIZE_UNKNOWN instead. + * @return : 0, or an error code (which can be tested using ZSTD_isError()) + * This prototype will generate compilation warnings. + */ +ZSTD_DEPRECATED("use ZSTD_CCtx_reset, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API +size_t ZSTD_resetCStream(ZSTD_CStream* zcs, unsigned long long pledgedSrcSize); + + +typedef struct { + unsigned long long ingested; /* nb input bytes read and buffered */ + unsigned long long consumed; /* nb input bytes actually compressed */ + unsigned long long produced; /* nb of compressed bytes generated and buffered */ + unsigned long long flushed; /* nb of compressed bytes flushed : not provided; can be tracked from caller side */ + unsigned currentJobID; /* MT only : latest started job nb */ + unsigned nbActiveWorkers; /* MT only : nb of workers actively compressing at probe time */ +} ZSTD_frameProgression; + +/* ZSTD_getFrameProgression() : + * tells how much data has been ingested (read from input) + * consumed (input actually compressed) and produced (output) for current frame. + * Note : (ingested - consumed) is amount of input data buffered internally, not yet compressed. + * Aggregates progression inside active worker threads. + */ +ZSTDLIB_STATIC_API ZSTD_frameProgression ZSTD_getFrameProgression(const ZSTD_CCtx* cctx); + +/*! ZSTD_toFlushNow() : + * Tell how many bytes are ready to be flushed immediately. + * Useful for multithreading scenarios (nbWorkers >= 1). + * Probe the oldest active job, defined as oldest job not yet entirely flushed, + * and check its output buffer. + * @return : amount of data stored in oldest job and ready to be flushed immediately. + * if @return == 0, it means either : + * + there is no active job (could be checked with ZSTD_frameProgression()), or + * + oldest job is still actively compressing data, + * but everything it has produced has also been flushed so far, + * therefore flush speed is limited by production speed of oldest job + * irrespective of the speed of concurrent (and newer) jobs. + */ +ZSTDLIB_STATIC_API size_t ZSTD_toFlushNow(ZSTD_CCtx* cctx); + + +/*===== Advanced Streaming decompression functions =====*/ + +/*! + * This function is deprecated, and is equivalent to: + * + * ZSTD_DCtx_reset(zds, ZSTD_reset_session_only); + * ZSTD_DCtx_loadDictionary(zds, dict, dictSize); + * + * note: no dictionary will be used if dict == NULL or dictSize < 8 + */ +ZSTD_DEPRECATED("use ZSTD_DCtx_reset + ZSTD_DCtx_loadDictionary, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API size_t ZSTD_initDStream_usingDict(ZSTD_DStream* zds, const void* dict, size_t dictSize); + +/*! + * This function is deprecated, and is equivalent to: + * + * ZSTD_DCtx_reset(zds, ZSTD_reset_session_only); + * ZSTD_DCtx_refDDict(zds, ddict); + * + * note : ddict is referenced, it must outlive decompression session + */ +ZSTD_DEPRECATED("use ZSTD_DCtx_reset + ZSTD_DCtx_refDDict, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API size_t ZSTD_initDStream_usingDDict(ZSTD_DStream* zds, const ZSTD_DDict* ddict); + +/*! + * This function is deprecated, and is equivalent to: + * + * ZSTD_DCtx_reset(zds, ZSTD_reset_session_only); + * + * reuse decompression parameters from previous init; saves dictionary loading + */ +ZSTD_DEPRECATED("use ZSTD_DCtx_reset, see zstd.h for detailed instructions") +ZSTDLIB_STATIC_API size_t ZSTD_resetDStream(ZSTD_DStream* zds); + + +/* ********************* BLOCK-LEVEL SEQUENCE PRODUCER API ********************* + * + * *** OVERVIEW *** + * The Block-Level Sequence Producer API allows users to provide their own custom + * sequence producer which libzstd invokes to process each block. The produced list + * of sequences (literals and matches) is then post-processed by libzstd to produce + * valid compressed blocks. + * + * This block-level offload API is a more granular complement of the existing + * frame-level offload API compressSequences() (introduced in v1.5.1). It offers + * an easier migration story for applications already integrated with libzstd: the + * user application continues to invoke the same compression functions + * ZSTD_compress2() or ZSTD_compressStream2() as usual, and transparently benefits + * from the specific advantages of the external sequence producer. For example, + * the sequence producer could be tuned to take advantage of known characteristics + * of the input, to offer better speed / ratio, or could leverage hardware + * acceleration not available within libzstd itself. + * + * See contrib/externalSequenceProducer for an example program employing the + * Block-Level Sequence Producer API. + * + * *** USAGE *** + * The user is responsible for implementing a function of type + * ZSTD_sequenceProducer_F. For each block, zstd will pass the following + * arguments to the user-provided function: + * + * - sequenceProducerState: a pointer to a user-managed state for the sequence + * producer. + * + * - outSeqs, outSeqsCapacity: an output buffer for the sequence producer. + * outSeqsCapacity is guaranteed >= ZSTD_sequenceBound(srcSize). The memory + * backing outSeqs is managed by the CCtx. + * + * - src, srcSize: an input buffer for the sequence producer to parse. + * srcSize is guaranteed to be <= ZSTD_BLOCKSIZE_MAX. + * + * - dict, dictSize: a history buffer, which may be empty, which the sequence + * producer may reference as it parses the src buffer. Currently, zstd will + * always pass dictSize == 0 into external sequence producers, but this will + * change in the future. + * + * - compressionLevel: a signed integer representing the zstd compression level + * set by the user for the current operation. The sequence producer may choose + * to use this information to change its compression strategy and speed/ratio + * tradeoff. Note: the compression level does not reflect zstd parameters set + * through the advanced API. + * + * - windowSize: a size_t representing the maximum allowed offset for external + * sequences. Note that sequence offsets are sometimes allowed to exceed the + * windowSize if a dictionary is present, see doc/zstd_compression_format.md + * for details. + * + * The user-provided function shall return a size_t representing the number of + * sequences written to outSeqs. This return value will be treated as an error + * code if it is greater than outSeqsCapacity. The return value must be non-zero + * if srcSize is non-zero. The ZSTD_SEQUENCE_PRODUCER_ERROR macro is provided + * for convenience, but any value greater than outSeqsCapacity will be treated as + * an error code. + * + * If the user-provided function does not return an error code, the sequences + * written to outSeqs must be a valid parse of the src buffer. Data corruption may + * occur if the parse is not valid. A parse is defined to be valid if the + * following conditions hold: + * - The sum of matchLengths and literalLengths must equal srcSize. + * - All sequences in the parse, except for the final sequence, must have + * matchLength >= ZSTD_MINMATCH_MIN. The final sequence must have + * matchLength >= ZSTD_MINMATCH_MIN or matchLength == 0. + * - All offsets must respect the windowSize parameter as specified in + * doc/zstd_compression_format.md. + * - If the final sequence has matchLength == 0, it must also have offset == 0. + * + * zstd will only validate these conditions (and fail compression if they do not + * hold) if the ZSTD_c_validateSequences cParam is enabled. Note that sequence + * validation has a performance cost. + * + * If the user-provided function returns an error, zstd will either fall back + * to an internal sequence producer or fail the compression operation. The user can + * choose between the two behaviors by setting the ZSTD_c_enableSeqProducerFallback + * cParam. Fallback compression will follow any other cParam settings, such as + * compression level, the same as in a normal compression operation. + * + * The user shall instruct zstd to use a particular ZSTD_sequenceProducer_F + * function by calling + * ZSTD_registerSequenceProducer(cctx, + * sequenceProducerState, + * sequenceProducer) + * This setting will persist until the next parameter reset of the CCtx. + * + * The sequenceProducerState must be initialized by the user before calling + * ZSTD_registerSequenceProducer(). The user is responsible for destroying the + * sequenceProducerState. + * + * *** LIMITATIONS *** + * This API is compatible with all zstd compression APIs which respect advanced parameters. + * However, there are three limitations: + * + * First, the ZSTD_c_enableLongDistanceMatching cParam is not currently supported. + * COMPRESSION WILL FAIL if it is enabled and the user tries to compress with a block-level + * external sequence producer. + * - Note that ZSTD_c_enableLongDistanceMatching is auto-enabled by default in some + * cases (see its documentation for details). Users must explicitly set + * ZSTD_c_enableLongDistanceMatching to ZSTD_ps_disable in such cases if an external + * sequence producer is registered. + * - As of this writing, ZSTD_c_enableLongDistanceMatching is disabled by default + * whenever ZSTD_c_windowLog < 128MB, but that's subject to change. Users should + * check the docs on ZSTD_c_enableLongDistanceMatching whenever the Block-Level Sequence + * Producer API is used in conjunction with advanced settings (like ZSTD_c_windowLog). + * + * Second, history buffers are not currently supported. Concretely, zstd will always pass + * dictSize == 0 to the external sequence producer (for now). This has two implications: + * - Dictionaries are not currently supported. Compression will *not* fail if the user + * references a dictionary, but the dictionary won't have any effect. + * - Stream history is not currently supported. All advanced compression APIs, including + * streaming APIs, work with external sequence producers, but each block is treated as + * an independent chunk without history from previous blocks. + * + * Third, multi-threading within a single compression is not currently supported. In other words, + * COMPRESSION WILL FAIL if ZSTD_c_nbWorkers > 0 and an external sequence producer is registered. + * Multi-threading across compressions is fine: simply create one CCtx per thread. + * + * Long-term, we plan to overcome all three limitations. There is no technical blocker to + * overcoming them. It is purely a question of engineering effort. + */ + +#define ZSTD_SEQUENCE_PRODUCER_ERROR ((size_t)(-1)) + +typedef size_t (*ZSTD_sequenceProducer_F) ( + void* sequenceProducerState, + ZSTD_Sequence* outSeqs, size_t outSeqsCapacity, + const void* src, size_t srcSize, + const void* dict, size_t dictSize, + int compressionLevel, + size_t windowSize +); + +/*! ZSTD_registerSequenceProducer() : + * Instruct zstd to use a block-level external sequence producer function. + * + * The sequenceProducerState must be initialized by the caller, and the caller is + * responsible for managing its lifetime. This parameter is sticky across + * compressions. It will remain set until the user explicitly resets compression + * parameters. + * + * Sequence producer registration is considered to be an "advanced parameter", + * part of the "advanced API". This means it will only have an effect on compression + * APIs which respect advanced parameters, such as compress2() and compressStream2(). + * Older compression APIs such as compressCCtx(), which predate the introduction of + * "advanced parameters", will ignore any external sequence producer setting. + * + * The sequence producer can be "cleared" by registering a NULL function pointer. This + * removes all limitations described above in the "LIMITATIONS" section of the API docs. + * + * The user is strongly encouraged to read the full API documentation (above) before + * calling this function. */ +ZSTDLIB_STATIC_API void +ZSTD_registerSequenceProducer( + ZSTD_CCtx* cctx, + void* sequenceProducerState, + ZSTD_sequenceProducer_F sequenceProducer +); + +/*! ZSTD_CCtxParams_registerSequenceProducer() : + * Same as ZSTD_registerSequenceProducer(), but operates on ZSTD_CCtx_params. + * This is used for accurate size estimation with ZSTD_estimateCCtxSize_usingCCtxParams(), + * which is needed when creating a ZSTD_CCtx with ZSTD_initStaticCCtx(). + * + * If you are using the external sequence producer API in a scenario where ZSTD_initStaticCCtx() + * is required, then this function is for you. Otherwise, you probably don't need it. + * + * See tests/zstreamtest.c for example usage. */ +ZSTDLIB_STATIC_API void +ZSTD_CCtxParams_registerSequenceProducer( + ZSTD_CCtx_params* params, + void* sequenceProducerState, + ZSTD_sequenceProducer_F sequenceProducer +); + + +/********************************************************************* +* Buffer-less and synchronous inner streaming functions (DEPRECATED) +* +* This API is deprecated, and will be removed in a future version. +* It allows streaming (de)compression with user allocated buffers. +* However, it is hard to use, and not as well tested as the rest of +* our API. +* +* Please use the normal streaming API instead: ZSTD_compressStream2, +* and ZSTD_decompressStream. +* If there is functionality that you need, but it doesn't provide, +* please open an issue on our GitHub. +********************************************************************* */ + +/** + Buffer-less streaming compression (synchronous mode) + + A ZSTD_CCtx object is required to track streaming operations. + Use ZSTD_createCCtx() / ZSTD_freeCCtx() to manage resource. + ZSTD_CCtx object can be reused multiple times within successive compression operations. + + Start by initializing a context. + Use ZSTD_compressBegin(), or ZSTD_compressBegin_usingDict() for dictionary compression. + + Then, consume your input using ZSTD_compressContinue(). + There are some important considerations to keep in mind when using this advanced function : + - ZSTD_compressContinue() has no internal buffer. It uses externally provided buffers only. + - Interface is synchronous : input is consumed entirely and produces 1+ compressed blocks. + - Caller must ensure there is enough space in `dst` to store compressed data under worst case scenario. + Worst case evaluation is provided by ZSTD_compressBound(). + ZSTD_compressContinue() doesn't guarantee recover after a failed compression. + - ZSTD_compressContinue() presumes prior input ***is still accessible and unmodified*** (up to maximum distance size, see WindowLog). + It remembers all previous contiguous blocks, plus one separated memory segment (which can itself consists of multiple contiguous blocks) + - ZSTD_compressContinue() detects that prior input has been overwritten when `src` buffer overlaps. + In which case, it will "discard" the relevant memory section from its history. + + Finish a frame with ZSTD_compressEnd(), which will write the last block(s) and optional checksum. + It's possible to use srcSize==0, in which case, it will write a final empty block to end the frame. + Without last block mark, frames are considered unfinished (hence corrupted) by compliant decoders. + + `ZSTD_CCtx` object can be reused (ZSTD_compressBegin()) to compress again. +*/ + +/*===== Buffer-less streaming compression functions =====*/ +ZSTD_DEPRECATED("The buffer-less API is deprecated in favor of the normal streaming API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_compressBegin(ZSTD_CCtx* cctx, int compressionLevel); +ZSTD_DEPRECATED("The buffer-less API is deprecated in favor of the normal streaming API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_compressBegin_usingDict(ZSTD_CCtx* cctx, const void* dict, size_t dictSize, int compressionLevel); +ZSTD_DEPRECATED("The buffer-less API is deprecated in favor of the normal streaming API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_compressBegin_usingCDict(ZSTD_CCtx* cctx, const ZSTD_CDict* cdict); /**< note: fails if cdict==NULL */ + +ZSTD_DEPRECATED("This function will likely be removed in a future release. It is misleading and has very limited utility.") +ZSTDLIB_STATIC_API +size_t ZSTD_copyCCtx(ZSTD_CCtx* cctx, const ZSTD_CCtx* preparedCCtx, unsigned long long pledgedSrcSize); /**< note: if pledgedSrcSize is not known, use ZSTD_CONTENTSIZE_UNKNOWN */ + +ZSTD_DEPRECATED("The buffer-less API is deprecated in favor of the normal streaming API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_compressContinue(ZSTD_CCtx* cctx, void* dst, size_t dstCapacity, const void* src, size_t srcSize); +ZSTD_DEPRECATED("The buffer-less API is deprecated in favor of the normal streaming API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_compressEnd(ZSTD_CCtx* cctx, void* dst, size_t dstCapacity, const void* src, size_t srcSize); + +/* The ZSTD_compressBegin_advanced() and ZSTD_compressBegin_usingCDict_advanced() are now DEPRECATED and will generate a compiler warning */ +ZSTD_DEPRECATED("use advanced API to access custom parameters") +ZSTDLIB_STATIC_API +size_t ZSTD_compressBegin_advanced(ZSTD_CCtx* cctx, const void* dict, size_t dictSize, ZSTD_parameters params, unsigned long long pledgedSrcSize); /**< pledgedSrcSize : If srcSize is not known at init time, use ZSTD_CONTENTSIZE_UNKNOWN */ +ZSTD_DEPRECATED("use advanced API to access custom parameters") +ZSTDLIB_STATIC_API +size_t ZSTD_compressBegin_usingCDict_advanced(ZSTD_CCtx* const cctx, const ZSTD_CDict* const cdict, ZSTD_frameParameters const fParams, unsigned long long const pledgedSrcSize); /* compression parameters are already set within cdict. pledgedSrcSize must be correct. If srcSize is not known, use macro ZSTD_CONTENTSIZE_UNKNOWN */ +/** + Buffer-less streaming decompression (synchronous mode) + + A ZSTD_DCtx object is required to track streaming operations. + Use ZSTD_createDCtx() / ZSTD_freeDCtx() to manage it. + A ZSTD_DCtx object can be reused multiple times. + + First typical operation is to retrieve frame parameters, using ZSTD_getFrameHeader(). + Frame header is extracted from the beginning of compressed frame, so providing only the frame's beginning is enough. + Data fragment must be large enough to ensure successful decoding. + `ZSTD_frameHeaderSize_max` bytes is guaranteed to always be large enough. + result : 0 : successful decoding, the `ZSTD_frameHeader` structure is correctly filled. + >0 : `srcSize` is too small, please provide at least result bytes on next attempt. + errorCode, which can be tested using ZSTD_isError(). + + It fills a ZSTD_FrameHeader structure with important information to correctly decode the frame, + such as the dictionary ID, content size, or maximum back-reference distance (`windowSize`). + Note that these values could be wrong, either because of data corruption, or because a 3rd party deliberately spoofs false information. + As a consequence, check that values remain within valid application range. + For example, do not allocate memory blindly, check that `windowSize` is within expectation. + Each application can set its own limits, depending on local restrictions. + For extended interoperability, it is recommended to support `windowSize` of at least 8 MB. + + ZSTD_decompressContinue() needs previous data blocks during decompression, up to `windowSize` bytes. + ZSTD_decompressContinue() is very sensitive to contiguity, + if 2 blocks don't follow each other, make sure that either the compressor breaks contiguity at the same place, + or that previous contiguous segment is large enough to properly handle maximum back-reference distance. + There are multiple ways to guarantee this condition. + + The most memory efficient way is to use a round buffer of sufficient size. + Sufficient size is determined by invoking ZSTD_decodingBufferSize_min(), + which can return an error code if required value is too large for current system (in 32-bits mode). + In a round buffer methodology, ZSTD_decompressContinue() decompresses each block next to previous one, + up to the moment there is not enough room left in the buffer to guarantee decoding another full block, + which maximum size is provided in `ZSTD_frameHeader` structure, field `blockSizeMax`. + At which point, decoding can resume from the beginning of the buffer. + Note that already decoded data stored in the buffer should be flushed before being overwritten. + + There are alternatives possible, for example using two or more buffers of size `windowSize` each, though they consume more memory. + + Finally, if you control the compression process, you can also ignore all buffer size rules, + as long as the encoder and decoder progress in "lock-step", + aka use exactly the same buffer sizes, break contiguity at the same place, etc. + + Once buffers are setup, start decompression, with ZSTD_decompressBegin(). + If decompression requires a dictionary, use ZSTD_decompressBegin_usingDict() or ZSTD_decompressBegin_usingDDict(). + + Then use ZSTD_nextSrcSizeToDecompress() and ZSTD_decompressContinue() alternatively. + ZSTD_nextSrcSizeToDecompress() tells how many bytes to provide as 'srcSize' to ZSTD_decompressContinue(). + ZSTD_decompressContinue() requires this _exact_ amount of bytes, or it will fail. + + result of ZSTD_decompressContinue() is the number of bytes regenerated within 'dst' (necessarily <= dstCapacity). + It can be zero : it just means ZSTD_decompressContinue() has decoded some metadata item. + It can also be an error code, which can be tested with ZSTD_isError(). + + A frame is fully decoded when ZSTD_nextSrcSizeToDecompress() returns zero. + Context can then be reset to start a new decompression. + + Note : it's possible to know if next input to present is a header or a block, using ZSTD_nextInputType(). + This information is not required to properly decode a frame. + + == Special case : skippable frames == + + Skippable frames allow integration of user-defined data into a flow of concatenated frames. + Skippable frames will be ignored (skipped) by decompressor. + The format of skippable frames is as follows : + a) Skippable frame ID - 4 Bytes, Little endian format, any value from 0x184D2A50 to 0x184D2A5F + b) Frame Size - 4 Bytes, Little endian format, unsigned 32-bits + c) Frame Content - any content (User Data) of length equal to Frame Size + For skippable frames ZSTD_getFrameHeader() returns zfhPtr->frameType==ZSTD_skippableFrame. + For skippable frames ZSTD_decompressContinue() always returns 0 : it only skips the content. +*/ + +/*===== Buffer-less streaming decompression functions =====*/ + +ZSTDLIB_STATIC_API size_t ZSTD_decodingBufferSize_min(unsigned long long windowSize, unsigned long long frameContentSize); /**< when frame content size is not known, pass in frameContentSize == ZSTD_CONTENTSIZE_UNKNOWN */ + +ZSTDLIB_STATIC_API size_t ZSTD_decompressBegin(ZSTD_DCtx* dctx); +ZSTDLIB_STATIC_API size_t ZSTD_decompressBegin_usingDict(ZSTD_DCtx* dctx, const void* dict, size_t dictSize); +ZSTDLIB_STATIC_API size_t ZSTD_decompressBegin_usingDDict(ZSTD_DCtx* dctx, const ZSTD_DDict* ddict); + +ZSTDLIB_STATIC_API size_t ZSTD_nextSrcSizeToDecompress(ZSTD_DCtx* dctx); +ZSTDLIB_STATIC_API size_t ZSTD_decompressContinue(ZSTD_DCtx* dctx, void* dst, size_t dstCapacity, const void* src, size_t srcSize); + +/* misc */ +ZSTD_DEPRECATED("This function will likely be removed in the next minor release. It is misleading and has very limited utility.") +ZSTDLIB_STATIC_API void ZSTD_copyDCtx(ZSTD_DCtx* dctx, const ZSTD_DCtx* preparedDCtx); +typedef enum { ZSTDnit_frameHeader, ZSTDnit_blockHeader, ZSTDnit_block, ZSTDnit_lastBlock, ZSTDnit_checksum, ZSTDnit_skippableFrame } ZSTD_nextInputType_e; +ZSTDLIB_STATIC_API ZSTD_nextInputType_e ZSTD_nextInputType(ZSTD_DCtx* dctx); + + + + +/* ========================================= */ +/** Block level API (DEPRECATED) */ +/* ========================================= */ + +/*! + + This API is deprecated in favor of the regular compression API. + You can get the frame header down to 2 bytes by setting: + - ZSTD_c_format = ZSTD_f_zstd1_magicless + - ZSTD_c_contentSizeFlag = 0 + - ZSTD_c_checksumFlag = 0 + - ZSTD_c_dictIDFlag = 0 + + This API is not as well tested as our normal API, so we recommend not using it. + We will be removing it in a future version. If the normal API doesn't provide + the functionality you need, please open a GitHub issue. + + Block functions produce and decode raw zstd blocks, without frame metadata. + Frame metadata cost is typically ~12 bytes, which can be non-negligible for very small blocks (< 100 bytes). + But users will have to take in charge needed metadata to regenerate data, such as compressed and content sizes. + + A few rules to respect : + - Compressing and decompressing require a context structure + + Use ZSTD_createCCtx() and ZSTD_createDCtx() + - It is necessary to init context before starting + + compression : any ZSTD_compressBegin*() variant, including with dictionary + + decompression : any ZSTD_decompressBegin*() variant, including with dictionary + - Block size is limited, it must be <= ZSTD_getBlockSize() <= ZSTD_BLOCKSIZE_MAX == 128 KB + + If input is larger than a block size, it's necessary to split input data into multiple blocks + + For inputs larger than a single block, consider using regular ZSTD_compress() instead. + Frame metadata is not that costly, and quickly becomes negligible as source size grows larger than a block. + - When a block is considered not compressible enough, ZSTD_compressBlock() result will be 0 (zero) ! + ===> In which case, nothing is produced into `dst` ! + + User __must__ test for such outcome and deal directly with uncompressed data + + A block cannot be declared incompressible if ZSTD_compressBlock() return value was != 0. + Doing so would mess up with statistics history, leading to potential data corruption. + + ZSTD_decompressBlock() _doesn't accept uncompressed data as input_ !! + + In case of multiple successive blocks, should some of them be uncompressed, + decoder must be informed of their existence in order to follow proper history. + Use ZSTD_insertBlock() for such a case. +*/ + +/*===== Raw zstd block functions =====*/ +ZSTD_DEPRECATED("The block API is deprecated in favor of the normal compression API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_getBlockSize (const ZSTD_CCtx* cctx); +ZSTD_DEPRECATED("The block API is deprecated in favor of the normal compression API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_compressBlock (ZSTD_CCtx* cctx, void* dst, size_t dstCapacity, const void* src, size_t srcSize); +ZSTD_DEPRECATED("The block API is deprecated in favor of the normal compression API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_decompressBlock(ZSTD_DCtx* dctx, void* dst, size_t dstCapacity, const void* src, size_t srcSize); +ZSTD_DEPRECATED("The block API is deprecated in favor of the normal compression API. See docs.") +ZSTDLIB_STATIC_API size_t ZSTD_insertBlock (ZSTD_DCtx* dctx, const void* blockStart, size_t blockSize); /**< insert uncompressed block into `dctx` history. Useful for multi-blocks decompression. */ + +#if defined (__cplusplus) +} +#endif + +#endif /* ZSTD_H_ZSTD_STATIC_LINKING_ONLY */ diff --git a/includes/curl/zstd_errors.h b/includes/curl/zstd_errors.h new file mode 100644 index 0000000..8ebc95c --- /dev/null +++ b/includes/curl/zstd_errors.h @@ -0,0 +1,107 @@ +/* + * Copyright (c) Meta Platforms, Inc. and affiliates. + * All rights reserved. + * + * This source code is licensed under both the BSD-style license (found in the + * LICENSE file in the root directory of this source tree) and the GPLv2 (found + * in the COPYING file in the root directory of this source tree). + * You may select, at your option, one of the above-listed licenses. + */ + +#ifndef ZSTD_ERRORS_H_398273423 +#define ZSTD_ERRORS_H_398273423 + +#if defined (__cplusplus) +extern "C" { +#endif + +/* ===== ZSTDERRORLIB_API : control library symbols visibility ===== */ +#ifndef ZSTDERRORLIB_VISIBLE + /* Backwards compatibility with old macro name */ +# ifdef ZSTDERRORLIB_VISIBILITY +# define ZSTDERRORLIB_VISIBLE ZSTDERRORLIB_VISIBILITY +# elif defined(__GNUC__) && (__GNUC__ >= 4) && !defined(__MINGW32__) +# define ZSTDERRORLIB_VISIBLE __attribute__ ((visibility ("default"))) +# else +# define ZSTDERRORLIB_VISIBLE +# endif +#endif + +#ifndef ZSTDERRORLIB_HIDDEN +# if defined(__GNUC__) && (__GNUC__ >= 4) && !defined(__MINGW32__) +# define ZSTDERRORLIB_HIDDEN __attribute__ ((visibility ("hidden"))) +# else +# define ZSTDERRORLIB_HIDDEN +# endif +#endif + +#if defined(ZSTD_DLL_EXPORT) && (ZSTD_DLL_EXPORT==1) +# define ZSTDERRORLIB_API __declspec(dllexport) ZSTDERRORLIB_VISIBLE +#elif defined(ZSTD_DLL_IMPORT) && (ZSTD_DLL_IMPORT==1) +# define ZSTDERRORLIB_API __declspec(dllimport) ZSTDERRORLIB_VISIBLE /* It isn't required but allows to generate better code, saving a function pointer load from the IAT and an indirect jump.*/ +#else +# define ZSTDERRORLIB_API ZSTDERRORLIB_VISIBLE +#endif + +/*-********************************************* + * Error codes list + *-********************************************* + * Error codes _values_ are pinned down since v1.3.1 only. + * Therefore, don't rely on values if you may link to any version < v1.3.1. + * + * Only values < 100 are considered stable. + * + * note 1 : this API shall be used with static linking only. + * dynamic linking is not yet officially supported. + * note 2 : Prefer relying on the enum than on its value whenever possible + * This is the only supported way to use the error list < v1.3.1 + * note 3 : ZSTD_isError() is always correct, whatever the library version. + **********************************************/ +typedef enum { + ZSTD_error_no_error = 0, + ZSTD_error_GENERIC = 1, + ZSTD_error_prefix_unknown = 10, + ZSTD_error_version_unsupported = 12, + ZSTD_error_frameParameter_unsupported = 14, + ZSTD_error_frameParameter_windowTooLarge = 16, + ZSTD_error_corruption_detected = 20, + ZSTD_error_checksum_wrong = 22, + ZSTD_error_literals_headerWrong = 24, + ZSTD_error_dictionary_corrupted = 30, + ZSTD_error_dictionary_wrong = 32, + ZSTD_error_dictionaryCreation_failed = 34, + ZSTD_error_parameter_unsupported = 40, + ZSTD_error_parameter_combination_unsupported = 41, + ZSTD_error_parameter_outOfBound = 42, + ZSTD_error_tableLog_tooLarge = 44, + ZSTD_error_maxSymbolValue_tooLarge = 46, + ZSTD_error_maxSymbolValue_tooSmall = 48, + ZSTD_error_cannotProduce_uncompressedBlock = 49, + ZSTD_error_stabilityCondition_notRespected = 50, + ZSTD_error_stage_wrong = 60, + ZSTD_error_init_missing = 62, + ZSTD_error_memory_allocation = 64, + ZSTD_error_workSpace_tooSmall= 66, + ZSTD_error_dstSize_tooSmall = 70, + ZSTD_error_srcSize_wrong = 72, + ZSTD_error_dstBuffer_null = 74, + ZSTD_error_noForwardProgress_destFull = 80, + ZSTD_error_noForwardProgress_inputEmpty = 82, + /* following error codes are __NOT STABLE__, they can be removed or changed in future versions */ + ZSTD_error_frameIndex_tooLarge = 100, + ZSTD_error_seekableIO = 102, + ZSTD_error_dstBuffer_wrong = 104, + ZSTD_error_srcBuffer_wrong = 105, + ZSTD_error_sequenceProducer_failed = 106, + ZSTD_error_externalSequences_invalid = 107, + ZSTD_error_maxCode = 120 /* never EVER use this value directly, it can change in future versions! Use ZSTD_isError() instead */ +} ZSTD_ErrorCode; + +ZSTDERRORLIB_API const char* ZSTD_getErrorString(ZSTD_ErrorCode code); /**< Same as ZSTD_getErrorName, but using a `ZSTD_ErrorCode` enum argument */ + + +#if defined (__cplusplus) +} +#endif + +#endif /* ZSTD_ERRORS_H_398273423 */ diff --git a/libs/curl-8.15.0_4-win64-mingw.zip b/libs/curl-8.15.0_4-win64-mingw.zip new file mode 100644 index 0000000000000000000000000000000000000000..38b8768f6ca0182029186c98bcb2b7f73a607059 GIT binary patch literal 8192164 zcma&NV~{4%vnSlPZB5&@r)}G|Ic?jvZQHhOK5e_FyLbLK?uU0b-nhFJQFW@aG9$7g zaZcs$q=Gak7!1&VjzQ)-t^d0D?+ebq(b(0=hK`e-iH)97pOwzt(vF>#&eqb-+?_$; zpBx$x2oThN$*oVxUR9z40f{mI0a5>ta>A;TG9q*mLdp`N%JeQCE-{%?ZusI(qJS@S zf=y7#cV9T(yXnVopxW_q8DzTdXs-#3=jYvk&it+|K}D^ZQ&7Q?ndxxnmx{{1?^nN& zJYo8u??;BCn|sW!2dAH;N%^Cxqi%hH%c*C9@5eo>NITcI)TIiP(k*(pK9`clF$AtT zUR|ddufCj1vQ~8QOG6Cwwa)L8x}U!Bxy#p)5?A{@Cjy@qj2v8&!=$>}lIQ-EGMml?_8JxNXMa*_4P>3qiLq*UAEfPFj(K0!{$<*(`ve! zjO03)mO$%u9R}y~B^?33R%$zLOI3~VP+CQ|nU2oPF)P<< zG@j?oV?HNI=l0e=7IZT$-Z^ydNz|A3UMcB1$=jEkJjFfAH}oI#FE|w+DW}u?t-9+h zX{#Fa9Op@^`|7hB=aMOavb0OBQ9@TcnWS*Ffpv#F-AoyGCS=9tb!n1wl3 zDV*9iqZvGP+mhz`;4h40!>(d z=cZ*y-Q@`&Vu`>y5IM+bNajtyndEYC~&#jdAp~^7_{hi8TF~ zrO3IGlun0T1AAhMmHrdDUseyI`bRAjVA%h&bmyL9CP?v*ZtqY1Ab{+#6^5Vj*Fteh zj#@5Wr&+==2I!uXgeN#_*(%nbI~?gJI<7n^Asgr7vCLZ@FKM@#sy6 zJ;brZ;+V#dtc`OuuBpv$i!#070;5kgce2hG=@ULW$5UU=H)q@9`OD+cjF%?+I5apQ}eou5bE*?*UuoU1Q2G>|7zvIgAJ zw`l!dci!+;VS?O8LWY*Bnu$X^cFOsKH>qf$_F~e!=$)AUx*ASuubfmrNxyP3;=+`i*?3x71(AdIYWo8Zj)q0O)u<7HvkCRsdqG4zKM<*Oq6u8TMtac{*jnusro4uyk_@4zp2H#I;l>ZmlBr()J`8Nn*2LD^Mr?<- zLUug%F=RZnAkTUw*Jz*2^^@TQWI&>tF0f(Mdk;xmpKq^T-q6-*Z`X0DqYglh0JF+uG59RVPjv3*Wen zGt*5i+~#ABYtGq=`c&9TPfobMKw->IETC}Y??{5CM1m>0tqjIQ?#82Mh9;baDl(QV zZ<6t=ua`Q{u7ImHP-@m>Qs0BnlCao?bj&4C9?GM1|?z%l;bk&3$GP-IZHH zwfAC%z1%u^@rK=DlfJm}{5TjMw9fDdmvrBW!Z2X|3Ll(H6Wc9bbYnA6t@ox8{;xUA zx2ta?0)sg^OraRCAJaPGVFV280eL>=)FL?>!tZFgr~#-l5m>U*!e|GjC&D;b*H)88 zXW-e9dbU;d->CXT=8TLbLah5m9!W9bjQ+Mu1vfT#T~KdN-2@D2pZdpQ{v$`cBFXS8 z1835$TeyyF7J_5ir9pRHBS580Y9@t7 zqL~X}m6MBSy)@emu*!4vqci`rOUY1DmLVoa)ed2Lpor?FJuyU#+vJJ9vw-ca4D6_%VV+tMlw+bEn~{U zK>6}B0u+G7#Au=26GnvH#GwM*9_Vx=b~VC%rD@}FB1+trB7EqRKb|~D%a#kEJ(%rk zfPts4w(QWe8oXeK=#IR}e#|ZGL`xohLI%qUe@S~?M92() zh=;?0v*+r9q^VPk$B1khCk}K&n&>dl4c%orXk%NSYFGjwcItKL1PW+VWfOeBXawJ+}LY z{R0+-=O+7Sly!Vd&KlBBuUjb>N5Ux!B|d^G!t%0l-w=bS%e}NtPwEfGxnY(}wX&jw zpNA|KLNq{;K%Ev$@D#z{qRBrQQ>6K(X*r+X2mE|`cgFVdKxTJNBL&rPeQdZf;#q#3%Uu9Lh8ybF7tftN+l|0fjGAp7_B&m5 zAA1^$WwziJe(4HX%&D%UsAIXruu3m*EO8&h_b-ARHP7^Oo?Xvn^e-|VAZU7N-~sjr zVa$3-f}TmddozQaoyORGu^Y0YSL@uh@iqYZ8CPxz7p-rprol*jq;!37SXeqqgEnyP z&Xr||e=P7=LFX}R-kQfB7Fx^f&SNHGLdNbKM<5Mf3)XN zFHjL4t0$MVUcd1( z{K}i2+z9OkQ3^8qi@JTXXoO>`<;Lh)`q2>%=8l!M@rw4|SioJXcU|-3j+68dY%3_$ zAly(dOnriz`{^^uP7)v$s4y} zV_&b%pf~1E!!5KOz3-q#9(svs_GP@b!E&&m?h=lz}v-k-;D`Nd#sD zFrOB{3hH5hom+8-mKnm$A^h;o!yz0c+`4X>!$Y^|q6=0Fp_6Gbnj!y~w^i&nHcwQ{ zu*LF*VYHb3>VN`ApR|L`JLw)Zw1+j_=-q?`55!;JajczLKi&rBXhDA$BsY0kxCJsv zQ$uprK=9?%AH!#Hwn=L#+wm#MArntLAt2g~54J*4B6e8J;43eAtiQerS6V=v>Y3Nw zEHm9L*W}B?Yu83HJrNWWvgZ994W8GYu%jk?MY`%hrOhd-qa;}zCYaKUfyMFbi2Qbo z!dV=jBDd&e_M6cQu^_m#>?s7LjlQ=Zm|>K~8waxsyjF`=2Fx3wNFQU4 zwil!P;tm;?3g99=1@pS87tWxI5nLY01u;tF_n`gk8U5Y8L$!dj|IPMJ-RuB zGqzpR=2E_Q2VYuNLO?t`_&P3)gcluI(xZ~JAW=8f6FPj){FFpxvnJ+4I$v9ZSIIve zyhvHJMjnz-k@9-?u%;(P;Jb-7mzK`=eGhxZ+7%H5(` zNV|%b6vdw$fp1XngB=!4R;Lh38g`dRAp6&o)blH_7(o9Zz3P<)MQ)CXZU#XpT^vsw z-!BP24Q)ZGmXis1Sy8X;)#aUXsugYoM)#}=F;>1vc&@X&1M#A&vGhmtY+0jSAqPnT zWWObt4TOGWJ1wSlahSDIOym&m=xjPQmP_XrVH7TyL@qX#c@K)j!dO12PeaaB$H=>> z9ll=0b{QeqTg}p;^*}j~L)*8{+Pgt*;*bJ*X^rEdfK1OMX0 zr1RE|?a|V6w0+U3m)Qj!P|7Kr~cH7+-H2{~?=aVhH5lx^?grwa5gak|0t_lpGEx%F>F*##90 zaYG$}L8YoA|Mn_o1UUw5=pHgf#iZYM0lkFv*t*&*Aa$Zq>p5=G@a^0N?~pAL9v?FD z!?G4^;nR50v)`c+X2Gs|Nxbi@ejR<=Z6n}(B^-41Jng$RKn+K(*!uW-G2f`{sUa2xePPX@nb9+^<+>jJhN6G#7T+0)Itqt_g;!BrpA_D9+d77CT2!2H;bQ-mzVFG7D6*Y!JKie$~4fnU1IYTjB!;LdZ@f+y`3gjV@(XV zN7FBhg)B@#UtZ@E|vq0S>TYMVLgV()OJNdP0$o_kc}nj;6Cx<9rdeZz3Jt(){fy~ z;!--zjk57gQV)3M#XI_@1 zX%de?yV_OnAv@}oE$V^V68@iXwaemR?vdS=L4|^dx82$99`uJljlxpIzlCUbgXBc| zrTms?cL0-cb?NWrc=Q>+Lo+&hjA1bTq!$Aa83^N?O^u;Xf=v>!;f?B!61uPKh(J$Q zZW6;R#CmjF#KDnylZA zhrR7W_4U#{|LKp-kE^Yj(U9FM@>vcKS)_Pjw1?|U+*#Uwk#kWrK@fM+g*Igr_kP_R z8>3gWLUOQ!NJG0m;k?e#iyqaANWwQ!ZsYZ^kpr_nwS2u3R!ngZdx_JYgG4D>_nI48 zSWiG}3s_B2Br@7@c`5gG%G}cQUqQl^1OZ?VQ1`kUCYf}xXB*q|Zqc|l3k`z-(*$CI z;#kaRP;YOg*NeqF?>F`sC$HFaNwqiibDqe|8lVB|Kl9ueLzcc9T~Dd-CJJtju10&dd)=k)cEU`f87B$X40 zAh=Qn;*+HGAQ$gq&VVUcs7;x8l~IU2N049Dc?It+VLiA)aYh!lked>Cb9BD%AI7f{ zTSObzt?4brp4*ZzXeb;%q_Ja8`{WP^K$5DnS*1`fm(MJp64L;qAfj0?$&(?mYQFjA zhd(!rx?{G}a!aP0mO1$CKV&g9mZIv#oADpt=66ks2H;Mi&?N3qVvf`x3cZ1Kl>&tw z*6l>llXQMS|GV8HU}6<`|JjTG-}(PisaFye5|I_9|Azxay-d?c(oIU!LC=meP)pL& zMVy?#z&|w1P*PD*wl1#8&(Tg$$}URJ&aKGP(@g@Sc3QrRcAjK-cI*5fI)o%y;-`ZE z0SSTu0g?TWzVlmNK~qvr{69{ktGr-`ON`{*SEq4Oky5LOTaiMdsycxmt2pZbvb`L) z9%fAX$q6iX=<9>IO=_DbcQrGOaAouBBgLf689umeUb(|SifJGKb_PdFH6~APfbR;W zd#gK4er-*EA5_Pu`$OlqwV3&9ej@%FJMZ$HD`mLcbHZ?dxomWt5*drQ7HD!I}6C_7j`_I=-IeqCBl=*x0C5cF%tUS5K`iH+is>~SUyG0d6nwx*i-{&zfZI{5e9C$aMz%YYRlQ5jp zeZn0BNEMa}4L0i^3u%B+1CEaqu6AZx>{8ZDn*NfBED%TFKos%PM)>Q3GmO;q6JG*a zdZ1n;VRZ?e4pImp3g;#xH>w0eL}Kt6W*DxlDUfG$3+HT3PpL$3Jd*AsRfH?Uo|VXUR1ZmM99w45LzVx-0cPK)mcj_`WL7~k+ao;@~`$(kLvpyC4f2g zvRA1Eya;njo+bH6Vd&rSaU@YN&+J^)2cZ2tE@INWv`Do&JuNBjWu=V299ZTuc^qz1 z1|-MZxEw}_jF4oM0GDMll_D;UJ8ee$fxw(SM0UaLlVzfIt*z`25`$22+{7q5?{VUn za^zf{W=|HzM##KbFZ3A#9->Qh@E|s?;*pDyus@m!X{zagQ&Gq|gCP*k!&VM`GLs2n zahk7wX=y9=|9g0?`?MwV{!5Ae5I{hr|D$XFcVPV|9ja{EZHXcI0Mw_8;Gs|gdzXdu z(NrTs)|IFi=-{xBQjZh2JvydtMyP@P)P3^>R#|AGoE8gHi4wJLvbg}$(^as;nv6558}4k;@3BMh1J=ORZFEEDVC7+p)C= zI)X$U)>r;0_ct)kUnKw%UXZ5d5@m`{Dl|%-Cs-@Jg@UfYj3J#}mIB(DU2}iLt+c`B zu^j9}PPrGd@FD#My|C(;0&q;5N1MlJp`S#_?1uEowFk&qFO+#i5h)EUscXwvqQ9wv ztbsBPCn;#5W!4l3H`YfkA+mEnv?4$r94EIzags^m_;FjqrFKXhz*$R9-`Eysf)5@C zx#SLTbvE%UTp#Bl<3OnsCbQ)tB;r7ukzaps{#<(%bRks{_h{MlZr82m0U?a)j7h!k zs~}^C1-j(OBYRpa7NA0H0_kvHDiGDvbFvzpkP)`NW5;LH2DyR)VPv`T>mNrqS8l*s zjU*NCYI3f;Ph@-qtB{2Ngg@6=kE{@Xw~Nz$l)=@bE7Z4y0W+uyjftWsKI2>USK%0y zHYX)+BK`UCWtZ0T;yS`-DP<9lVzgManVSvVRG+6%p&1xg)b-`l_uK7Ze~LQ^+o6^> ze&~9jj?RhVMtk#fVOP}#qa^u-C=N^G#kd(c**7-|{gq&q>Z3&laN@b~gFju+B;!#w za|Xk9e}&&KRLFOVe!CroU;e`kUKp!$D}5+QuVSpVH$xkM!PbkkkWK3Ny5h z`&0~ef2R}mpx6nYUPfj387<4VJ0@J^^asr&ai#PciJN+=@tItoZgx!5iaZ;2nMPCU zN#`pkqX6Bq9kZ1%+iFt~^MtIYtMkKiaE+$lJGOM85;=KFyy$OH{$*bu+xLQ%VJQ}l zNKg?7Np3QgYju7@3Ozm|(dwn)Q&e2hPkQhFIk~Cs;3yap0s-}D0|C+eU!qS&R7hEr zPEKCszj0_CTld59lWycDm>Lp8HD&h9`R#7U4v&3ajwa#= zEers|FQZZdJY$l+`awW$PoSwbaYpQPbW*C-GkusLZ2k%Q^oAm1lIeKJ{W&0~Rh_Px z_K@qRALhu31MBG3GKW)sNHc-LQr7o9Pp&QQD|XdT?FJR)RIx!JBc(2-MW&E)BjkQE zvo6RZM0wvOf~^x@&tQ<;Q%z0HrcE-_*un}PT}^G36815;a?;y;nbIVN4tMjz%o^}_bK82{AsTJyM5@kdUQIi{Wq(#9C124iFWfWz45NEZ3Re z2bqV`6r&Qr0mLWud>^oIbaMP*#+jK&vBW;sden=S5|U+$M*q6X8%Z03x}5(v2`*%0~x zhP+J{ZWHx0fU7=OckMWY$z$-tlL__1l?#1U7l0E>np1Xb74hT-1ypDa&X>$7luyj|wv?hF-JwTjzR)yism=-EK(H_iS|)7@ zW>!0+Z73JdaX3Koi^=5?~6C^fLf z38Mq(@Ul+_nc{4O2WyNznW5h3x|Vt{H)FBAO$^H6-kyhYtT_v*(Vy2Fa`z_ zFHfgRJx)VLD$@{GNydXF)J9+zWq}ZPj6~ZglqJmLH{lAyK|}(9KD`tymnnalX(90B zfxjp7uJdL33`iQ(?gu8%QR%W)8+66IsMW(rv_-f{;i)Q7^N3%flAL@VDBxLSktYXR zq^XO)*G&q#^?j`#BkiI?D8A901XPDVWHt?!d<|v8I=)NRYsj1;Gmizk@DV@CJ`m|r zW!Ii&>(%kAW*b!I065pI3CGWhvxxHQ5IbgY+&f*Fl=6EKAd~X!ZfbA+gr^Y+?Z!(f z-C^04#Ms)7;_IvG;@Xn7vf_R_9U60SD^gp}f;XsO}_B;31C7!3=Mf)$N&0a4V@SH*duI zhB;Dh*H_h?a@332g)n;1!aiU@6i+M4qRGyl5=;5A)JJhgTJxg2AqrhfrX4@?PIru9}^ z=%rSra1YDD<3gao(L#yL$NSAz9~eh`+iy)MyC3ZIIcS3Q9ZM;@eGK!e0DhF85*v=Zt z@tErSZ^ucgbRDq>wy(G6n-4c2#Pb(;5RDOP!9ldIE~p~Givl8!iFnz&xY%Dz$`DoK0mzMPc<4!Fnj#Z0)3BP8H8bM$?em$PJ-y!b zfn?dyb8?=Ii)Fb$L^*_@6nBvz*d9gfEYm@KZ+*+7hftWuWK`IHGSg_IKxW+a;e+Gs zg!8pkBeRr3X3;}zq@0^4_itr4da}LR#5Ctxk2C7s62SeZJ3dlTzj)7Q$47w7MXjwm(kwjHel0 zq&}0C{Afk#?fEj&N;Uvls_>+0Y_sNHH)f702ou(?D$*CF;R#h0HgH)%d4xBF;;O-d z_A|6mnHl@-(WA=H5B>$ud=5f(r;4j8 zz=0X-h9T>2HIt0#TmwIQ+k43I&zGA!;8c^>(X3$Jh2@_Ev4!S(JG+RGi(_x7yoyF~ ze{zj516}8JAJ+?wcM1y~Y3yPy7MATrb>%F;XB?Wr8mrz8Q9O+@yshcYX4Pzw5a%S@ z4Tgcl6_XLmABWF^tcp27K}wHv##tGoIn5ko@*T*D)~z7O(8_s~EjOz7T~-6U>L^%ZV+W~<>DhiR&k8|!I%C;V`M+fny3_w6 z-n}?-f@q>IBZlqIu!I(9Lknny`Y zQj;f3X_b)-+zGOOhg0ryFmT00xAaXuVZQt3lFAp9Cgz0|9TWiNAG%k0CUM5G>#P?a zNykJ-FAAX@JUMVyFM4rl1qGAHLGLl+kX?abCc@(<{!-ZUZTZz(>I9^|fk5^^OSRaM zORlN^f<_l;d%hW*+MzYq0CO&c3e8VgwA{!wAaTUVr}LnnDRP=X(P-2WY*g?DQ3vlA z3ai|8(9JHsNh96{GDA+cQVg6a{qW{++RRsGW0hC}%*zTwK3(t+>UCToS+z>Q|21OE zBwKM6tBgAeDVL&v0ES^iR_jSATR;5o=s!gP}lX)U80rQF({Z>7H21aZTz}GuylFe^9{kNW1WkX zWL7c5aj5L2taV<6z0BPGe!g!Wrt*bk8^rl5 z8wH@0d(Cf62|-9eyzZ@7&fUr+Lt~aXteeI-P%nsRC|&uWPhB)QTH`3@^`PpN)LWhO z`;=lsLv1wegg1KJ$^ryBpTy(bB`!uG$1(#ph>ga4KTljHJvv|TJCkCUe3)YCrXp%h z0N9UkwxSU0oLQo+Wxdhm7&ZYp{%?bX=~Nm^C%jV3Y;<*_>3j~E6Z*59j7qYm!IIL5 zw^J4%TfQVma{RtutljT~7l`XPl_^H_lRUpqOT7WCM;I3xL+l4EAKsg)WY`Waa_)~d ziZ%x`HRr`2JPvXYOZZHUZm$x0D+PJSE7i;>7R~Kf?iKVT{O7^sYvSxV+D_)o~2M(>pdSpwJj=N{t`ek=~V>k>%KmmK^dfn zYRGl^>|aA3u+{9VJI;JskQ2OuR5T>kVtnN??q#6DP0RIzyNw2UiVs2^`GbTs$1c<< zc5U?6xYrbAfoq9FtkgEYIa3CO_mm{mJB9=QAm@m(RW9rPt-J-#r+@_ii3U!plA{gL z6HEvwZ_tn49|c|n1>P7qI{NyxQ>0t)W@Pi~L2Fy01&3`M+87Sgw_k+{7Ww$6{aY|P zE}RYgVcqBV)r)2BhMQ#El2%$}XZdPVqg|IQE9y4#jk`0C1s}h+yrkj4NeH~unz?4} zQ9@5A)%W6gPdjeodY4 z>e`)~JQX;pd-!iHbpMDzFOkFW+JR?Hbu z(dDOxkn182@VrrZL>+MJ`_sI3fPE{>loYH_?Nsk&U;KbUq0KwjwOf`Vj@aB_c%sb4 z?)9Z7rR}({ix2(+4-(j}8y)9gaE_MG#MCf#M7oQ(lyVm}6H@dlsaGS1_pg%~e3Vc< z|E(QW%vecsYm;1?SIc%S07ktimZ}0)yOa`Zi+LmW#t{OCOB%~pOozKPbjCOoh|(1i zdflpYiP+M?2v8g`Lwx{b6^(Ysy(zaiV-5TGwW@ZQADaeKoi-EBbNG~!p~Kat)V^cp zwGuP^gIS}^=`pW&UplKaZ+XqMX4vyQ&-mGgFDTT+>oZwDVE|RFJ;6D_<~bpJ7ZTzI z3ut;>RC*;DYm`VD)kP#@T)v!S4FCGhrWRkHA22(;X3Q;li{Dj`V;V&ZUt3~o%Wi+ckZe@~~%4e8m|(!+_OAdwI%swOm9-}<64Y{xy}Yxf=+vCq?y ztg$fQ1Z)R*cbxWmDbOf^Lc;x-3I|f3F@wfaCHsn8h5G!j5>SB26@q8-l6c@-{t|e6 z&z7HbI^)KI0cWOnZ}(^J-of_LjAV}5_32k>c>W(+M-NgVk2ybUu@Y6`iw_W` zzC4HPO)yKUmPp>{SpXy!KFzUSO50$&UvH@>cik!D3h=RNO^nnzvxTf2S4nphRQ_2y z8UzZGa}`9Z)LUx7Wgl6DstXag4Cgfm#H1Gymbh{VfM_ON(L7q1lEZy3d(15jMHDA( zTq(;ockzp&b;Xwr7Tog}RMy5)Y$NW@^;8rzNQNl@?%%=?7*9lj?GU>AKvRe@m7tl? zB0)?ES}r@%i}o?wM*_b0ECua)TcASc+GdfVN#6krYn; zVTn_Y}qVQ==DYOnA6<_f6G=W-Eq%t47z`6fJS)0?%$1@4T?v zKG^SrG<8{E5+~(J&y~4+yw8=V+pr<>mH`YeJfvDN`E1fFuHr1*b5W^2IE%CKu4ZKE zH%Rd~sKSLMpoa1iLZ|*%ahyWh*D=jLp6?JhURdUpTdPsi*Q-4alv3x-9^asEmkB%W z2!_XNVSu9WUwyk9$^uDyqv}1p3pJ^j?w|Mg;cq3SH}|mHUD+B$iGBE5lD{en0-~l* zRhOs&RAgrDaD_68pb=6jcJNAEZJ*1G6b8rOV_LSL4!ik=gg22%McplRWfQ;Lu0UtJI6KE}cn~ zXV-#QX=#kxx73JjbY13xTmFg@a>%|vhH?*oEzLi)FGl@?9n7sP64ZCkmDst zO}oHDyhk#(?bvza;KB-}M!mj)+HF627GWe>up=Lo`iWL5!);HC zN#*s1u3cm;SrCMACzt>y?EYP5Sd3^0cgfCj0w>3SfI%7r*41=Gqd;2?ud^XU;diz3 znkv$mswvImZ6Yt~oTaAEmJf13l5fQ7Da(%OB@w{d)^fy|s@S=(k|dn;^oi!#+|BH( zI`gB0?&50It79S&Z?}-fQ^!mc?^XtoW;@msGIUED?yY z3XC_N{D<)kdzhB0^+Ao$`D!z}hSw?;x4N2${5M4sEFI@Lc@hV8&YH7H#i=<8y26;!rbb@&g{O_=EQvY6NAGGnGGA*$?_Jc5(^)^~*cus1T zl`5G{O3h4y6Gfri)>0Yt_l9=gO4xvCZ)-{|fn5IZsze&-0|L6J19NSn?d1&4H%`a| z@@iKL`qcFa%sRhYf9P-*Uy2j!1j}c;V5uf|T7N&L!A$xJa}ge5FhSSDKX><+uS=2H zDV+yUv30#Dm6oWI-!2WNRQLHsqz4T@9i6hHVc0m4>6U>Yh@s+`n>XQL&U|`f7&y zDp*uNOq-%o|APDueUh|gBoHf_U3(|z=J^!i04S<_OC^lR`(ujWl&dK8{)M;v6NvGM zq(}qV>=Y$K9OwVWCofuevKAJ~=DPU8vC(PlLl8rtmBUQ85_(_9?YJj1P3^g6tGSrAc)(vY}I9?;S$MwBiuG1OjA)W}MFK zjXBfM`O;hQ=fSB61Na+m)pEf?d>7%DGp|Xk4 zWmDwR9brhL-H@z-k0SCsBy^{ivC`~gf>QnQK~$bfI&j;x1@t@n!S)Z+1_RD2o0xat z&7wmuxzHP4<@g6dg@B*~xnt4aizz&>@Ri;Vqx32)C3TVA)Mc|F`9xe4W{vrpuQUB0 znV)C*GxPX?pc+DzCo}`Zplp6!G5O{K`2pImwV#ZtuZamiR1)7m)dT=oC}g zBR{AmBof*V5_)C7>0iMwL zR4tC`Fd!hbj1O2thJN)#WnYeIRR20CFHfi>-jr`Yfvwt%Hj7=fWt6X z)fdyc_HTt#R$``o59olgd)f)V0mLNm*w*}X@<)N2i7FJ38F*`t6)lMk|%uHWAy zV2J^63AE)g4xR|WTacHXCQ5%4x9ff3^3LeKk%Ul@06(}O)`&fapmMwQzOLl) zPr$UMdY{iTx3jYZh$6}3vJI8ue7}N)`=F~jYtXKYKQS)_^i7Fn?7!6C@>;hp-^`y3 zUXIg!0nvH~xv5J$MVORjqb__nOFVRCTl_@?Pm)~x5BKYQbYqvfia}pbx#v2)hH%$o zc6oTq2SFR;vP-cxL6uZw|}(%dyyxz>41M?5vQdbRe90*K6KT~l7nl-pz>TNG@& zw_P{bKb^ytl3y&}@DoWvcz|fXw6o@-_<)=xoZBuuGTkAf-6hKy_s`?5*nxqr>cD^G z&0-lq^Jo{}1IXC^5&cH3@w`Xe%QBNix9pT__8!Z4zGEEg?!U*ei1X&r&#T^?UPGj+ zem1Q1v`4rgjYNAak=zZwntR{0r{xy-M2~sPm{+a{S6TkqAUK>dzifZ{BsoM9!rM$% zx$k8*i|)BH7K?13ZtHoEJh?R%i*9k;TWr?ZfcbyaM~}JudxU=<={Q$fz4(uSDmItz zNdL?iG-|74_U|2ihy6c79>g;|&h7m92Sf~yOXs&_%&#jCg)zqPG?uq^dBa@}6*+8^ zMb4`J{Ck4ibBQC6yE!2{?G*u-`R!{rx&hakT8rWMRX*ktYes*0$AesU|0(`69G%_L zp-zaiLuMBitp3ua4v4h2iL9Mo!=vPA-5}u2Zi=8Oo@$vrg+$3j^ZEAQIInOa$uo!l zG!I$kDRHdZBd_v+2$>>6RU?gih0|Cl>jq@-=E?xD>kGx@_OW%cGyLrZ>G>-rI4HZP z65+-}mcs0X>1ihfL)vXVA!1l+?%;9UJ>w;hj^%m>M*i7ik3$6Q_nX@mW8{SRR=nD# z4DDuF%8k=x{@y4TSLL2S(yLLKx=HHd4YpVW?Qc8FE^{YhuRqCWQ!LR=v&ZUp@_7mB z&9d0KVi_)T-K&D)pLqH&Ti(gJ#S7ZWrAuyqX59K#?6!Q)EhhW+96xAnptpiaH5niR zH(y0l2T%qx;n7x3^ulbjXa_!-%Gvo|0bFQhmIht7`tb!#nK1L`{$JD8Z&EO)S6=Dz5* z`ZaaUAl$}^yT?*c4F3KQrG#B|2(W(GMLC>aaLbSIM3&MiJM@%%vtQP zFKASB^CjJI5x|SA8kZX4rdLy74GWs;%Ddg-y3JuQ$7{;pMF-4uZWA?rLhO9nT=xpS z_EuZmc~$&|5W8g7Z-Y->eO?!akh}a~o-Fp-NE^8I>Sh3qTUnVDG~v6E*{FqfoQ#Cn zkuJt=ubz5EY7Lm~RN{fNSvBr8$33g2pj_xT=j;8fhYwy&!m~AK&ONpOEqNvt$K|Y{ z@LajX5^Ly%YhF#dy3BBjt+trty5fQ`yObv9P|%iF7_+q7a!eQBgmAi)eqpQEmUk$y zU!>kz5Y+XVSb(^>fGuK*SC@ZCvtO*NKEqZ!j<(#dW1eKXQ}3g5S7^KE`Sl z4|4|#n}gz93OanJ`#wmU);YAI zP2nvt(5D$F5aa(<_P<)#jScCHT0rK>B9S}^-<8I_qBo;y zoCM0P8LfiyD3;mM6>*+Ovf|;#5sq(@uGEe6L_FSJ!h2pj0F$VaX%6}{jBse8uG37X z+1$^5pL_m4*M6TddLPX*zPJy2SQi}DSf_jGHrZ9(QiWVuvn>1+Uk+z&teHi74~}QP zOQA(pTW4(++sb1 z8*Z7^S=rvC&Gh%D{Ryu?*^h4r>D2o7ShDUSaR$9)au0w>>hy;aQ2XVEURGVYH~Uk# zcesc9^M;5=;wSBE@c}qOJsd_i%6@?srtS; zA=LU?6Ib$hKI5`TZ0pnY<*t&EM@%v!U?={YaA`T$o}8cX z8;>#1>)UMW!d_B4=j+Z>`{ey`sn(hDYYedU!0cn`rH4NC&JWo068QKa1+-ybgdq>) z<$aC4I`Tj5iJjP=&ztMx?y&vPMSO3q6}%A6y?nNR!G9wL|8)}AE=J0JyX`wrXBJl^ zkzytts=H(BHI)QGMhYgyPA0{cJXQ}EoJZ^3VNNHV02?u)?9+ozlvs%V%L)S2?n@vL zcekYTcl-Wx{eJ;3K+wP4f&cL@`~m*k=MT*ZlKvaRS&qa@4CQcNjslt_agD<;6xtQk zCec(Oah5-u9!u$T(Y(s0637jrDbwXCmZ2w>Q#Gm)DA?ubQe!+%d-FBr(uM8;G&MM^ z>n*7$!wG6m64x%lj=c?sLO&#=W(t4;@lFyiFOBb$P9b9_L>luVYl+ zfb*X+6}(0gWLy&EHtf7TJUA(lq_hVLm)4639JzShz-G57wa&&EadhRK{Pj@-hiW}Xvx1GM0@gE4h1+2M_s3>vIqtLt z(41z|w=XBC+(Dx$nk?b(t;Cn`VXh`jJCe{I=ienj$UQk*ceb_-8M?}B`s|jlO*(G@ z0>pib2bF&BY`!XM#in+Rr4Whx#}}hI)cEyW&5{53yl^{m1!jnH%Mbd3PM7CE*93s%z~#bOz`3; zW7`0xhJqtsNu})~33neV=Vu~9lW6Xja$`mg&(wN%fhWbw28lur;wx}j-qL5W6MeM>SWQJ z0a9yrApN z_H`Mr2y6DbT@kPAbMNn@ZzfEGTC4J!`h7GnD0xA8^fhJBCMN=i)Q%1KXvKQVp6HX- zVWo(KP?I*VMFYY0k}U*pzf!ZfGyQ{mxoUgkJLhei8LQ92{Z6?C(M$KFMyTrzenG%2 zE(=mDrXfDo!h$2Tv!+cjznsK!Z~4cQzFQ~y zW7>*Bs(v2rr$MI9!Ool$oBEufP{Y}gCKH|J@PtC>1l${|1mnhHqBJ&JSXz+O6Vua@ z9*2qvvsMzOHG*|n1(CSophy=4@Q~jHzYjzzX@@4lrALeEHChXNR;qmU#`s;KOfk)u ztO2jvC`@nmiE6UIU&{0nInf2jW&e3}8W=P{yC#>Vokmd{;B5~3%WLjjX`U5<8n0wp zY`4r=B?xJ9{Q~Nf#og>AMPqs#6DAsX;^q1*Ry?}Ji)o-`v%4+wwX|%H(9FE5S@Zf9 zM$F=G7))l-TNv4U#}knA1S#vdEj{>bTFsa8d4&7_-)7>n;jeNSwhmq6xb+hK{J;U@_gxbRXV0gTi?Bh^`6^!rLDi*QYJ+Yn6PQmIWVc)XHuu! z$3kr;uTk2^lx@sc3wA$;{)zvb@Qnnf09%;;iT+V3C^wti4%u|v>&zn5%?zzsaHE4> zzFVsBpxfea&IKZZm!DknPvPZXK^NdJ;br(sTsx`LiF+)j@C}mF?J|r#pQ@X?0wEYU zR&eL^bEs`hps}$hhCGVRqAFW2mlc@Qs~#npE-zn~sE4Ed@%_6}N3st`$-44EejGiGt&{Si z-6?lrBDjT93z;{lyRdedC;%w4wns>z8@Y1}i4hHfPgj4Lb!Z8gbKTlIboNpW8(>Lc zv9);RP#gjo)ETr`!Nn&+?Sfyq2|Y$1kcJ~E)v1a}7Q?jwCrn$qYX(8U9uWsjDBrz_ z%2%wtGOiD<$CX0#Uc!LyMKu_ea+X&sJ2uuJ?r5|?5TpiO zP#00T9T;(k76_*=G|s)mGz1@#&vr3|G3@2}SR0rI9XaUm2apq~+2$Fs%WGG^B>J6( z-HNv5?bs45?wALU6dTwFwhDzq$+?10>}5F*_ohIFp+X;FnDtt|%7`QZ*pmw%y84z< zgy12CX;Fc858>HgLNXZ19g7S{Om;i45@nPySoG~(50xka*H9-Fp)IjJ@ z#X(E{AJiZT{x6^g$IsN@3mwq^Obt%WsI%7pYHFbUJJf*HJV^3A`RF?R?l{>Mye3(0 z9<36__kkY@2-)DUc{ulGEI3nv82b>$RYI&tFA9Jy2O2A%SEo!0PUlFvv9AqNh)IrEVDw4wk6+3osk;|3$GuItO949=ZssY9Eh9||}S;Aa&@D{J2 zap#nBf5GJghizfk`okxO326}{uJ`&rkJn;(q_=k8X-8kHIyN9$H!fFF0a(`3o|9It z9>sat@?LQCYFT*0r?^K28q$&qesuGIdv+Lle#rijq0c9|=r!fUr)lL!A&b~ahzXqR zFLid+wkPn!t6Fxo^?KoRc@ZQhFSB^gLtel_4e5FVv*qSyIi6*d?xUnYwU&nkzb>uJ z6gcKyP0#k*)_>yp4d|VlqNH`=;GDr-kF1THyuv$hl&7OIK)8r*Cq0v${T_?gXW~wp zcguKHx@q{5A`JIjnpaw}vrlmkK$GuJVOWa_7S3t5K7%rD0aS`tG|68-b91JFftDqN1EVmzRzbGjt%R)m_sFq80cY0;a+oSZ`t z27xtw9G67z2yJ=|D;kQvfWsgDA>iY3k%ZIy_Bs?jEcl$Kha~WIfOuOf@JoQWMT`VR zDwM6n{{?#NU!5wzcdyEMH#0`w&j4)-b^nFOg{SwxKX2&k=S6ks(}>vjmXyIZ)eIzM z3uxe!zT!!Ve914NRHO)XC%-t7l83jZ9p6L`y^jU53jFQkK$=xV-;#q;zj+FN_Y$1a zn+48JG-x{D`12idCmk@4>-AcZz4i>?hrVF@d0$PyzHl#TvwBVNslPfG_?$erU1J?I zubI=ve8n_@+hoRZxKN{$ub#Y8Gu^Yb-j~*Dg(I|c^l@>qT&&Swp&X#zn*HNRA2-#< zOJ&;BapD~Ru7BaQqzvZl8px&G;oXQsk6@-%*;$vu0|sBg2`JZNc?8Cdo?M2j$rXM! zrryI(&o@_(^R zNQBwr^#pFs(70;~UE-&KzlxOVh&LP1+!kFO=}7Yh^KJ?*Erdw4)!EBfeCy*KPG9{Z zUWzfbFS|k7aTE761H|=x(n9>&+{9-0o9Ldw~f;zm%pqcP4IV zW-M4{_ob+lRlPH(liQ-@xB7sGzJ)RM)EAEa#;%bQkH9O$OEI|Z$Z+!G-UPF)X^?_P zt($p099!%1hl1H&sa@qz0ObWf(#KpNPi`Lm$KO#ZwkoPmSl~BmnwBw3f0Nkn>bL!Ixs>4a=H4@iy zKj7>pmWi&hAD1P!X)N{Sum3rAaBtvG2kSpK``>Lf@ORDrcUuh<1@~8Uj{eH#xDT8A zxHxCFd>AJcpdP9q-mYl@J~;asT@(3fORv>20Me##g)a;CUQx)a@mfbN@2dY+BwMNG zJ!guY<oOn|I`i7m!4ldJs|Q+?DvQiV@BykGF^=?8rdPEA*!;vbP}edR`dx9Tk_>ip>jg z>Z`5H0YOafRH4xnCDg%jiU;bep<}-~Be>73C~NBe)oreQ^|3n?`(Y#B9TH#t5f%>+ zgtC&dsundjyTQ^wcOktYsKg%s;5z63=G-q+4fqG6b~a`xh#Ly3^Ucur1bsHGdO?#e z4z$H$QeRn0a6Qqt&%Dvd4-In_wb5IIP5`cX2e_`01=RAsoWPOw8Z7YXzx!_F=CUsW zC(pO$)*2BeS6i_<$e~C*`ncRG?3r;Q*tSwwxV*^&IFzGEyFz|I;7jGJ3yX6DOF6KA*rZZU3#*K}I*`&&dN zO)nBZKhoRFo9ArhY^!5fcu%;sS&jC3WyAeBa4AUP+jfNG&0#HTxuLf_cvBew4p1!n z@Kh5%8koWxdTHHY(eFM&tL@UWohP8mmPki+?Oavq!Q#oQgu2~||M9P3uh0&0)c!Nv z{im2ae!<-Acg$tjweX%aV~s+Y`lIZJqG;E@#N6_K5#~}GApVYC>5u3oeq)k<&@bl) zMeI=Dp!Ek|`FRZZeozy*Uj#|rjr*>MxA%`X`vggU(C(ANi75)C`zb!plY%cN;dP8a z?^7vc-?cjros=DEzmRE(OQ#r-%lMCwFMakoE!F=pvAAy&>qdP}U<&2SB*W^p4{I245x}bSMashga*Y&7 ztNXZ`M5%)1t9fd8f;v!BK5DeS6pUm9c;U*5`B2nI*LwZygSs>pox06YdD)9VBKiODt{Aq zz<_95@T<6G5d4MO`*SprB5_mqV#`tI4!9}zN_ekqdzDDYb2stp1!|fuHh!S~bn?&V z{_INvzJ;>S#w>|WJSFZeDc}rqJxAKp-O0zofwM;=4Z9g!xM@7i#k`~s@v=I!2-oT& zAW7CceaCboz{QU`QJC^@cc}{vt$DE3Yr7@u(|BHxyN6S00TITf_a^z4`UVEyp}M;h zcOs8xAs*?FIeVh^6Fg6oMn9n`34~@vlKFezx=j@YCtr|WY`)&~5D(}$ z8;!y^d}6Zb1XH0t!dw?r#s+b3Hv({}7*&^=^PqMLY%YLJd(PNxG6s5lg3HQV&J&S( zdU47Ld-7AYlFjl+TJK;fVYh26J)S6(-saeB0Oov4R|X-OE6J}ggTM0o*ioE4CYAJl z7SIEOl)Dx`;n4Tu6#Lh3R;-HhE76VmB>Ro?{uQeGucGh!<5_qizoRepdM9!>sHVJ} z6TRQZCTP>+m*_kFFGAmG1C;OHzg_+j5T*0?LE`u$LA^crJN>V_u`<(q@ENFxz+>b z@-qr()}l|hq_M(RKMD}V^8+_u2Zw+;rQ>*7YVbA)GTQW*F7tL7EnCGS-34!<#NFRu zr$G^2MolE%P2lVh=b`X#2!7tYbk0J9L(7BqX~VT<=A3LRj~hW%Q6+zqk(2AFDR!F% z<;7Mb(>ctFglQW%^kBOgP{L5;Qd7ZAZ+by6)paV&zJ1Rs(d*M-Z*1{3^!62nKjAk) z_*Iw=_{8bNua3B{J|vX`H>6=fl@zJe4&-u>sD-RUW@R<{_RWW61{xhvKc5Ty>EvG| zdwk9Hpc0{o9;lur{jp175lG%H#*&+3N|(LXcd@4pWdhz!P;TfLa=vfq`766{KHSf( zrnw8&WF@Og#F1&&7=v{@N#j-uO&V!^v8$|x9G=~w6N!F923_T!K)2tezAq{TrCAL2 zM9t^ID_rxXO&Z!gDl{vocO$PtD>(M+EfNTd1hr>Y9fBHAm8_bZ@Zc5neQGbD(>d>f z-|V&Dkl?6DOR+9E6O7DcKOz%-)`m)Pe1`2}U^m`lw}n1fnSt>)l7kuQja+OZVZyW# zm<(9C>A~0_w7+pS(i%~|iT2~3zofVwxaW53RWQ3qbkZSr{mNx8*-ra`%@0bFNl(w7 zpwTQGp`!#%Du0K}_Et@kT^0Rr!qBFlh|YieO+bME90K!8eNJjZ`HsLcrOuSd-QhnAi}CrLp5>jEH z!aAfc?gQY9|A3WXjV%t1)!?uGgP)Go|KQhTZT8P5z(vz1Z~~rlLiZ|>dhvdnP%>lS($W3u=|)?l;R-4`$;m)n&%ha`PFp=@y4;Z}2CF!&TxTen1bVrH#e z7qYG9iXMmcaV8qq+^8VrwSekAd)~DM%u5WHl z`YKoF0>sM#^{eL&rq8O86>l%Wgow49a$66|GA{mfp=a}10BefCoo_jd!uS(%spLMh zYJ;vgO38H!Y~WBj+>`+8_{C)%b&KXDSHL4f3+@s(XzNO`Ix8n3|i zd@Na?0<~151BC3_bOby(>hlfn`qUvGD@e8n_Dr)Bd?Io%?k@CnMe!bQx~mPR3BO5x z33>@yRx3g7ywDiHGjmzCuMD{=nH!a;K}DJ2ahj}G!yc50WnH{Vk^$G;)32W#b&>F- zmBDbc<*zsw20uo?`PyxbAMqTZ~1-Lp{@9unW;do5k@9B#p%h0dC zNMHO}1^~a(0sih?+n3e44+1mtJCzAxMzCXlGq8V<0Y9D#{Cu)idz`Rb^NE{acNiKoqkp{$^YL<>sTVFgrFZWDn#qK9>k_-0AY*?&&{<1_ic zup|5S*LfdIMqs#gyG2(DE%Oe*)7m3Fdn+#X_3$u0gTOrXqxEi-e!jlk@-OuW?-?9a(L6Rowk`32lUjidXeR|eq~u+t?7 z?$T<7h5w9TCcm(w z{4PW2mkSkW=~u$6IJMDttNd^guTCFw>wU|4H~&bi|11M|^9SX9rweSWx525mLeJWP zPx}5(LTl3x4*!G}j4wJ%!Zk*KHjz6&iL{^JhcZg8Rpy`CEB zOBh(Ql8ygP88+Mr{Vx#&_uFEIFR}^vmvxh}oZ#$xNB%%~>B=~_(Z%}8^W`^^oayDB{jA&hfGI;3dW z{M*~?-uAt#)!Vy)(CZ=s0v}QGNuP8|r+mrJL!L)41zKLtxgWWv~UvK0o3iXwZ z+(>+)PgU&M3Z%0|fs-L#hi*}C)FlQWxVfCO)~vdV zzD4GUc(#k4jGXxTIr_sjqc9NOJS}rD1{-*<6M<#?BOAYW7`m%JQu%d)dJhjo0z2vE8(r{!Fw@s(MTp*_zXgks7IWSov z2SE*dH%}^}?=gcP-^S1PWhNgF>gvMQNjvd6>9+G3&SA6#G))PN{&wlFhM4*?ynuf+ zUFQ?9?Cd~e>9bEeX&3nU(py1^uC6nqM2Nm1oJ=szYqJeid{Ew8RdH#{UI07Ebkj`i z1h+tz(aKA_nK?q4ey_qEMNC(&)o;eUwN zAr$D=?rycD1beVW_{kVi>62zJ;IOZn!;6K&&BK(_+{T;ZgIcH!`0K4-Z5_8uRSdCd z8_QueAm&hC~N-p<|ukt^Q zvVXYtPq^g2VW3Tm!1o}-pM$v+syPj$)e`najMXRStUq3@2G(i{ImMXri&$;}{8zN- zdxL;ai~fx`?W)_?U=-e7WQK3t(uZ@r-4SgotxNp|0=AMX^Zs13XJ)mUjPeKUFEwh} z14A5q3GdC}Xjd_(1~e}~LVMPw7-nmI%ah%y{2Mt%7haqrEjEGpq$IK~Eap`CuAnX0 z9fvQ^s((Pu(q3*e@64^@7Q zyHR*gf#(;=gX5nsi}7K7$})S@!_X`=0vT z14LG!uEY>TH~9*aqX9Zv0p~s$)!JN`&UNAsw^#1fgGTF@E5na|byM($d+I1NWf61F zR#vf6y?As5K#zN0qfhpGoVEy|tq6xt2Aa~}1j2A?Ii^w^yJPAajWxeqK-|pF62nc2s2&&?UyzXBbFe;0x+LGm+qboK zU-PeET|9@;5}@*=eVS{3($P%1s1xt}`AKi5fWLNm(X~*NR32HGyTK?Tz7}zVRM!gF z>$|+|hOtI% zTnbJzqgS|bQCyNer4SNA>z&4qj#@Jqi!F9`r8IDj&Nz7nCBQgKk}9HBT2cbxpb z5Ty8}r4KuPzdVocdG`hCX5PRLKhV);N54m>j3@$q zVxj9-6#ZIH8s>$pB`vao-(t&Da``U3FHx*)xn+o{gqD_nOZ>k>TE@@}*7#2@#r>y? zaK(?`d;2}N*>nc(yn)qdb;7LNWNFWxnl`!Qa;8_s#``22No-Dx9D66l{GT{LSh2EHc+ zGPGt}r{wbf>fk=s%y@ZVjG%8h0XoA7;6?we-;2ZHYw zcl(l|`9tPmuQBfTC`R@}7yRv#Vc^H$@;{3$LmZ=4s9HDHin<9Gdz2kOM0eS;NO?FX z*9EVObQEZ<9yg&~nM(1PaGa;>;ALCN^Y0^rnZ||b%d3|V;U%Pyef9n5;qn9oGw;pP zE|HFVOyq1E@D_!`U8&NE#9*o0nh04%$@ZTdP{3b#puRG5TK<{{bmPqWJd-7gyFw9VT@I;eZANulKM?=L z?ci|)dxhfU&kEz4^!pGv2>oh$Lz0@T0c%;>i(>o( z&N%7AMSiXRFlVHfGrS$cP^w+xURh7b~A2V(j1S_;Fak*)stG&M$7t;Op|IR^wF)5utWCj=0czBtxEt& z$hqs?uO9RP0$pDy>n9?+XkXZ5?{hV|pZx2|HQ;z8h4lW}T{(ER%Zpl`N-W0?Pm(hUF1 zCNR~JYhl8QZpVq$s|5f(ji-Gw& zd+^bm-|d0)hdtm;NGrYsu!XjZe7!t>u5m@vK>DzT6Ox~)*nFe;#ikt;^5>k*^O(b7 zC)I}y$Ho2nA0P4agus8*BYvI`_^*1z&l3XQA2F>@_Esd{-j+nug*z6eNlArXQ71LE z&}mJRj^TsHHO*{`pY1Vt_VB%xRC>Z`N(3JOW)97rhG^QrNN9lMb~}nRa|jU46lHbU zfSZu&9n|~_l9Sw0NTxLBJ0Xbzc8QtW%6M)3^d?oq`wG|&LUb^}Vj{P~2 z5l*7yR6yOWKXtt6=6S1GQi}IZ=KNb=`O`q%^x=~;Ow}B9-Sjwn?Px|l_Zh46%heMA zo@x~E#df(_3&N0*f>Iu<9V-E~r^mC)4|uz4h5+)c_@ZjcC1veqN6C>rX~DYc^-1hv zXG~Xt%_zXVTvN%Q;I59X_a@-@e5AL_EmhgU_sGsR(%|nW{AZRIeFXf=vikLr)lcS+ znCAVOU>kSe-TLy&m?mrf6w?gtv!6GB`^HpQs^y}SoMb);MGx)GIbYLI&ra8v@1z95 z%Wr;3^i<3rIt6Qvw&~s%za$F$ba2yua!gvS^ya<{(l36=lK@#mO*tZ%xB zqqa=~z76+2?*1J`%u3Py)IxJ~=%U*d<#n3X>kD`oTz9p2G021}r$fwS#3qpOXcz9~ zTNV6fy#=w~)R;Y2B#Bmf1zPmAm5%K?WpOa!hovS|(GJHh0>ZoB3p2SJG8IB^5iCb% zhdeA3pRryDhhZFoGp|YkDV@jlNZU>CahEK=s*NYUOP>3Vw}Z|n@6^x0P`m;rz19!> zy`o%Qm*z>6UJ=m~ZwcGFoxGSk+G5aJzOjcZ$47xxHH4Tj3hgKJP*ve|sq34|1x*34 zed5jz;xbZ>%GTAJI*Pgqx0k|ri&A4j@J`zMfpZcaBl1+VW8o>Yk=E+n(D+sdANR=; zikh}MB?qLjes2T(MDGLPQ*r*gB96DMh?{>YdrnwT&~!Qzm>DZv3vqX6k0;v!M`>;g zsc&I39@>12`u*g8JXa_U#YDajV&Lad{O=CpqG+hge4HckA_MmQ_KOsh&kAr(V0=cf zDM0|a&)E8spiR-oU#tTZ>z8Fh^|cyH|+x4X&Zh&Z?M?1<`$5zgfp37S{BhS z=_m1g5WMlCNl74Q*QJZaqEL5=MFkE*|7`Svvsn(Ku%n|(8~||9NG)=2H=EdI$m}*I zrbgJ^`g-;BY6$7Om5A%*uB!P3x+9`ViymhiS6idXS7Z)q4tbzT8_LDp0Dl*6T*yId zBd!^aJklI|v>>4Uj=^*dqWlZp)8G#Rhe zgW|6ZJuA2V*RIU$XIG}{9bA2m$*+u{*dh}t;kZkO6yXX_@TSoJ5P6!7cWgQd0u(aX z`($Iow@hVC@;%dr&ME&rwe9bVDSgw#?5TZgYWw2WtkW+!)IS~rJ_j`(`zeRodT6$` zN#?gnMnBm|^p+4Q(ZHtN(0{idx6>!6q*hzuh*qQ4+zZf{Z-i&t%Fv@#+x{2JV*NWw zDVXivuLBxatPY1aWEN3~a5^M~_M3Y{bZFnWGOF`e$y1`ehcV;o6Cj27Yu8XWY>o62de2f%l~pb7Eo#e*C3T{FRS-+5fYv!8 z!p|;@LN^#0GBfm8+lzycX$IS+%lIM^_}pBq8v01-7UV4frztk!!$EG0aFnp# zvegQ_j5p>!80A4TtZR!X=Ri=|URzs39z`I*4&6^-9*%F*FRxAFz@t{mxM?zT(-_y+ zX|!}fV^18{>jwZM<6<0jt&sME9h(^6QaL}87x+lA19oN~iqZk2jK;mwa69L``pTaJ z)L0N5uBe1fbvWr4FoZnF0DSW`MtM$6g~eyBNsS}!kmIAr^5QleqW#LT((N4nDZ#=nv@1MSP=`XUShoMXJrHLYU0_K&R{?man?C2@( zE6OF^rMI#KE0695WkQ}}+C30s0`EbYgxNL>hc(*88!O-YegW2%EF(4Th3kwt0cwQc zquBxim5{jVLmJlQ>ZwXCD1+r8V>Y{@<@8W8oT+HTG0UEV^ONso$pKO=` z7w&_2virBj+&0zxl=t||U3X*)jS-5I`ca8M`^k&iDC)CtXwp;>VA}9@ZD)*?AGpBZ z>1TNa9Q)S`T$$KlUAUp|PfuQQfnL@Ykr)G(5gGzu;T7sUK2iKV>@P|;*`{a-!|VO> zjf_?Yi);hot-T(77x&xn3W=b-Z{gGH?`+kD61aD?hnm9vJYIle6j-aPu=qAI6LN>1QjUs2Zxyz4va7D}Osdt!r18Ih4>lSrk?VG1ry|-?u2fWA0p2Hk^ zUBz8JSD*%u%9732@owmtDCA9H&sreWI)+L;G3^OHeyU@u+KQ-Ent7 ze=PA>w@(I<3zMOcnz&r`1)CXeNEa21AD>W`wG;^v2cU2*w9U#RW#~%~4Y!apQgS9~9 z5T0-~4hTa$?F{uAb0g3cYtULtAL7-hcVM~`wpa#=upZ&6C^6&`JQ5aEx)Fp zY^r?Mtgqz;fUhZ~<(CY17ivYP{$b_%TQk3`L*jMWg0RAE$h-HaRZ$-)X1>1^)MKp( z__{3W&jIKr=*GCFW+ z;>Abxt4e1~;o+64a7-8*rw=Fer8-GO~-imRCYA*d#1xXAA zsMAdNdtF1%_i?Wku~S6ZwJ#6!wH*_5`))`W?NlazA;*6Ap#Z<9JSM@Pt&YKH9XYjj ze1GRs>`#p%G9*0?df)t2nDFFd6bO~Otk#bkC_YlWC)?_7?T*$=@F5#F5(+anBkOuT zr6OtCw&_G~Q%IJZ3=u+!K@7KNNuc%S4X_35-b1TPzOPP$g^eetb<(n)ms|)*)|lbB zvJ$QveCr{DNaJw=mE!HTs__FVpXvYnf6wdx`Ty$wwF18XQv8trO!)QpMNES2aua@%j-Q7Ivz=Hc3H?t& zHOX_nI(NQ={OIk}61~?154ufI^T#DY8q48r%DvYBnF<>Tp;JhlQ09Ku5sN4A%XWPp z8v#Q=IvHi$w`1h<&34sCi79_k;p8JWKL76>%EvXuYTsQ|PPHYup zcJOgLLfSIaj3e4VPxEJ=F%Va@bM_JPWkuNDymf~=$De;hHW42 zwWNtP$&OCT-=dtK=k=iPC6golo0L~A3Yn85uov%QVkR2Ef||X&4Y-KU;0TELn&?6- zS=%EW4=SYU3x{p5$F-D^dw=!K+o0C6hTK8^$zD!qCSl@~!m`CO*Vyx;DD!5j0YsF> zM{>eF3U1T1@lL8qkMMOO2lRa*;O0^>5ey&Wx=JR6FddY2%8eW6r+c~gIB@wc~IzhGVJCrG$@dIO#n1tHJ{S zUH{p4cif+Sb77E0XWEUv9_|IvToPnq{2vOVslO-cDf8u8Za(k|x0`D+#YS@y9c3Zj z-RO!x$IU9>f&wdJPS7S}xawtwbLKYKh}4_{S0#P%EeZq{IQ3ZM&uVby2nc4w4HKut zJA?t5Tbrm-DNp?FTA-$C2G?kMRA0wCsif^QTLLJb_^AnD-qv3+=GB_SZg7a@ighqR zd^Xni5Ys=FfpysXio%y;71H90%2tOJ&$TVxcqmnL0iTvv52@{y7a?16L%tmdzo>P* zjy|sBeFW$y;Mt+cmYmbCkoG=MUzJl4dUg)ntkFnk6G=p_s&{I14!~R=7UWS2n6l0p z*^9ZwMA_R2^d>eJAPs%W^`EMyL|gC@oLjgC$7I#1Lx$G%?=$tZDjA0VF{HcgXU%#)^Q8}!UizEvH`$%5C1>dfNxdazt{j5eg>$# zesY_>yS{!%1<}Oj>*v6i69jj5(dWmlyZ%&TcQd{fbN``rGGzs3iO<4` zc*h4I{l=(`FG<&*bUobrdf5$gA2fAx6ZpAPu1c)agV2mDt&Uiyu(1OF0bH+rnT z==GSs1VqUTb6xLEN_6sCg->7K#&B8oTBm^ANBsE38J2M^IUI4#R*BY!&!@~juqEQm zWrfz~@5g0MlDLnq_v?@kmqvXf`%CmiM9oUvS?`_u6i(u-g?Yl1T)BI(J3@$-wT`1L zrPEUB19NkUvOAs?O+Uj1i7q`QoSgF1lqMz;Nk?d44sN_VsFXqh&vy^^^V>U3@FUw& z>4NuH9UGcA-)k;S*Y)f56h?*z{#!v1g;=*vh7UhCZat@_MaF|e6T($)U zN0$MwF5&Lufm#-)P#kuiU z8^Lh^&r)__(a*RGSMwZr$+vN*b|w6)N&Yomkd+}5&(!&$P3Q*hmyNt^&;Ycd#_j4Q zIvyQn;_UWRuj_5Om7RLHFb@gjf-_f^{;V5*?yIm?>u_OE{dHf4#T2o8Jc&(~O$)>3 z4?wyYT7SjTDHEDBT?(u<-6E(_*VxMy!@lmZgS~~*)Md{hv%?WSy z8=pl@hpiU|(@~5(Sg5?V@wNw21*ngw`$AbZx8=6znZL~!{F;*eWsU52p#N{bS?GVd zNX+9?B&PYjNQ_ETU;faNS2~O${mS5P4*Nqo_FH>c$a@8Xj-S3QeEp-AC<7I4t-ZN} zvc9iLVVZB1Q}{1SQ-AnO`~5TE+lSxCcC%>*hkY*s^DRgF&&O(7`&5_tR$NBq-s!j0 z>bC=YSs?oZhN?DgpI>%9fxd5v8OrAoet&}ckIzo*|I=qcT>m?j1hzJP(m3506~8{H z;u>*#Rb>~`L%77Bfl5?wRw1+RtD^L#mCM?+*dSjNOkxvK3Yp?OxQ7 zrVzvfz6Net()e;rP9bI*WAHKnb&? zAza}_g$k?Ko32yt;nTRp>dsUa9wJKMB`7e8ri+SBVJ!Hr?nDBT%yqrEBxRh41Xhef z;Lfui`~*8v)5Hp6Voug7KBopWPikEdUal^u_>Y9T1q>!E(pbsU3uy5MxJX=o8(qq? zb&mNga(|4~<4VBjjMz~&lKE!c*A7vytbY`q(D*O&9>q(?HYkq(@2=yEGWoL$YDZ8fm3~sAL+0X}#a@>LNtNQ3av53|BZ5!yrakLg!>z^R(VyS2k*x<*@Tybk$%A32>`!|tJvXQ0r- zDyCPRVpF;XVGfAX)KTOVydeoEmXAmEj81ZhYcgSJ0;(VBYCgI|%Cq8Ht7bJb-5+&WR0j3SPaTDc9w9oAw~bui6M^ZDtDhD!D7S)_ap^2Bx@k zBrkKa^eStflWV-hUY02ZVA{xdr$yHqVrU!Oe4hs;nUT7)9#Ih~A}P*`+-I_{pgytf zyZLw?afilPU($qGoj^f|Y8O}m@^%66*wbWUZt8krW)jlVMI+!#21P1Sk(oiq6EDOt zqGKE?c)TwQr{!Tr{;@=c(rNd}I2^up`Dflg7~syZd=Nh^i=c`|Hp+%u52xRG%d;cM zbUQO92TZJN`<7*0}Ob&UoyO13yy4>h)A zy_YDB`z#Q5P##_HM&!4W?w?mhkY>($meT#GQXZmTy~dC+gH{>uGO+^i*ILeo)K}?& z7P}qfh?AhIZbLeiHKd`6tilzVadFOtTakxhbi0Kv*y(&SD?8Dymf^-`aw*GKt^knm z%2#gJ=~|D5;n6m%Uj*&uJ1bic>%a=5IVG_ks5*XS$SGpMHIuBHkZu7xY5m&e2er62 zwXA9ofX4oXk*{`x(kHjD@$DXj6$oDwJz?Ml5e250XvWe~(2}Zh6byWH+1p5@sYILn zOV46ZJ)rgeDnDCqWcKVx1IXi|JNar`EIvgmCYuk)1?j(zfs1wup+Yh8Azs}D_Ga4QV1+EAMZ<08;4TTmuFZL$@&vMMO0Vm5jZw_b-?SH8N(4ElgrsXH~Glrj7ZK2K``8qB z@#;$SQCxy4e^t%G7jc9W(bm1*Rlh`B+iTLvTx-rZycxV%+k*O=Jm%7S3uI%7S9~3B zFQ9ZTl&NThpT9%<*alf&ApYSmY)}zuf2UTj67iGG6YzBrYpUv!3561~j3seeJE+6U zqcJNcv#!hp6mYw#?86_A0Gc)E3bM*@1$C^-7u~Xts8>tSq~9fe5LHvX)!T#;ofR<%^CTUVBvXRebejCg9m|WNV4zrAFilg@;@1E)6rh zk<8+=MrhR1h;<6@GN>CvIXA6I$ASJKn*k98{uYt8fCfgOZv^|;=u~*E#y#FC^_AZd z2ASm8t^Jctz2>F%9f?SCTZdrlS?!!qH%~`oPS`FMA>hp2qv4D3jQ9z&VDP%SQZWbl z?PB&C-*R`auHOdb4B^uv1*gx=N9NN~C5V^vK&e;Gn1%yjLe-9d^C26VmBV&34;0u( z+RYKw6Ibm5);3H&r8NB{DqHWL{f%G}HgdXp&D%<>{W#H(Cx_nda0vLL5$-}enR`I% zzFv62$u{~&ury=n-7gC|uz{L#80=v)gO}vJJK_ryonzwf^T>qZH#SPs{U0_d{Uej? z?`jeK&)0|hq;LF!gD`Y){No~jj{Q2fKPl+|4e|SlYirzbKd^wrVOqV8Q42~CtBeKr zE!0%-`#v*nx>^F?gktk`>EIt52XdRbeXkK$iYFX#fp0b0uXDKCKV_SJFD~>oRTu}p zC^zT#x^SObap>0?2GXHB4QzPBRs`BFDtG?A!b;+{ls+#`0P!aY+0r)7{J!++>6}f6 zQc-VCnb-cb{7Q@=s||L-DJGy3qcbYX2?M{$mP6 z?I#5Y{CyOhdWPrceLQzfUp&oBVu0SG}^$NH$HfBzvnN29L(5xF%W_> z!TXTt$#g*)x-R7Xc~{|Pla_20yl}(@O1#`PKMg3{eXK3$_(;kT&pMDCTn#QS(_jJc zrGQoGy>b#$w`&mc)I%XY1sG-XYW3UB<{A}Ns#N>!tPh(dsJSzh?_y?af*KA3B4L3h zG3CC@DUfUB4ZKpLOW5{loh;e(N};jon%SQw9@HqY5k)u{O5!H3tWCu+%KDm8jO6;R zB=%~&%iLNI<4sTO zo$5#1;giUX4vhOl0RsO@6#Q2v@QVdxUr}i$X1G_#^%9W)?edGH2`*AxvcHyqOo+fR z4(Hv&_Y*eAdC=H`cWNW0B;ofk$RLu45@6Nqr%JN1zg+LB^gd>`WRSwUf|Lv|cch)t zY$4}7<8GfQG@)3t@BqhTQQpGXs8nCv`=N)&r;dXofa~NmVeX@M&`{<`ym21>V{^tr zGRCfu=GkITUB!yDs8iR6)DB9QUu9y9XeIP+(VeRY`KiL(#SA<^zX>tUD)rT=2SjiV zRm9xOX(Rd@dZCfxf$WNDFfdW4ynFNe`f=QqtcI`5a#wQrhU3}!1e1pd?A-v=(~LR_ zicVQ>I7H2L(9@+S?~9NQ8Oc^qFd; z(}{-ZGkj>j@45Pk3w-yYDc+yH^iOdc_!+qWHQc`a61Rb$f%~80w(V}x?;97romAlW zvz2Wum<8YoUL6Ve8Vh89KF;yoPMs~;H0ryVYX9`5zru0gp8@&b<2X8R=KV$vmm4+m zE8yd#goH4Ty%dx}cwf+Tah`MK?zl_k-qFGDVssdyi=`F4YRTy#J-rpduhNl9>vKn$ zv~0mE;t$UGHp>pL>?0}p)l2X5__+D<)1vLl4LwpVVbKULIBzfZrSy_EVT8PRBwjy? zRUxLQ4X{;wn(uZq-Sr00(azqCxA5pMW$fu%@Ve;YHrLDXO2Nw;r{uCswOdy-bbY(Z zdsH@hmz+wie`xw;QLBUx&--5OIr-ujLP?(oibhM%Tq&0l$GB3 zDI75VW`V-;vc1FVLdO~wz4o^jnZ2;W+!+$X*ahU-lxV&;I|?)K`Fh*HEpP7Jzm?7O z9mj!x0CI8Dv=ZzQhrYZ;co-067!qQn;i>;?9H%TlA6mfK^tF|nYgd9y>GW<|`0iuj zh6aJFhuJfOQoEDrVmHTn^_iVlL(sWdFhNN$$4|GgpAvmlD^OV&X0)lVaNVlhT&=lu{^0y}i*@WqgZgj+rX*l+0Nb z?zCr6_t5M5q(dM<99-|MOpZi2EZikO8t-L~r)XP@((j>v4an_mT&pCT{_7C^Ux)VV zC-yOC{}kFg_Ww#~Hx3H_4((d|r!W1G(erDV2mX$q|4T3*7Qe$h@OS+D--UVLN67wb zn4dnW?q6a4kpB$xpA4t&Qy*IU^@`2wmUw1WQGGCy3t;iS)TNpGd-gt}0 zMLqCa!6DGon2LMu9B70FSU@&Npj7dr-Kav9R{wE9fb!C`CKmURHQU{jEtBjXs3vU0 zmsqmX4!OOb{#Y$YN;~6mnL6zKBE&FQqIwQmsTIBT)(*11x!64dO3`#TB+F=_AW#ga z{1R52iDVmR?Y%jm5^c7x{Y;Ma*srXJTY1a`r_%OKX)Lr2vPcj|pL83W>K#yJp?fZQ zR$8T;3!yO_&-oQU7M&po)-*7UBt_!NkG1^>yBk46t|w^Ea4SiSVVjmM<8Vr@b3=4I z4UAgvdO9eox1^e?SnJ`|jpWO1t%mi@yGiQO1&_Im=X7emxql1!z`xAh<#$f$;EPI= zO*txQ7|Ypy9y=Ebzn69feigpaUlErgeQLbBJlr)Y-tcnI5f0@qfj)>jLeI1sk_DP1 zQFLNlJj7+i-0#52y4eGiplP#HaqqqLQf9mUpx2DB<3omSPk~Xd2xIoISs9ZecadAx zy7pE+UTdDdS{t8I`EnOkX9wP=_L1ajO&Qii-Dii?f|>QlR44d+rA5<$V>g<{Jybp%x&G)~k<1O&UEU;GNyjQ0kjzA__l5niQi zSNkWTlq)sNJ?lc9hl-JOKWMvU^vSM>zk_@#&#STfRGx@=6UsQpjYc4nOqH>-ay zFD9jEBAis_IX$*thODh$m854W8~A-mGQ@W$wCwS>Qi(rSQ)cOq4!iJ~bnx$`5n}|N zKMvr?=cliL%6+yY;XXM-kj4g^-hM&U?OV~t@5lbKB|kR=_)oRuFOo5VUu9#G<$Mpf zWE`vqOjoKZZo-bCI!`y2tg5ptTaJHB2Kw6H_jhyBY(6KrR~iHCqTIzdAqY|Snr#Gs zY>2YGKwf_|yBbePQ0M#P&B{F)^~Ae8&5>{kte;j?9AC~#>! z0-$q)?2yJAd)SbKJEuPag5FeFzo4Q8UWeNwNR#(tZwVXT#V3xq%E{l!*_khGcX*W60rdvawT-USz%v;B3u^l$8rhn=@F4$?}ue~-mmk{j?vj z8&T{8&+Hn)Ftl9)&Z+X###iec-fUxcjr}1^US%q`V0|06(LG+HyaLens$Aoa7+|qj zni_|7_0-@{y7^G7VUS+4WTE4zvv)A4io=}0o8*1ml+F>>ah!wgA zGPF6<&Xt)o9d9DL)X}J+32f;F+?E5WFD1dwwPz9hD+<=|qE5uvw-KB>eiAQH!{}o- zW)hG}i6*un-d8B`g0&GFyLekZwbC9E8;(5vd2wP(DNAaV2uC=9_uCYNR&Uu+ydqOBt;Q?<9OrA$|JxLt+*r||8MlCV3E=71vRx^fq4^`$XVpB9#SEY~0wxgAHYIHG1OOv87P7s*XUKYWC)QT7qB8{w75rL% z;jQnM_o7*)Fy|j)=7nl8Tw=Yp$jp^z;eArjvEW@qOnn3ed^wCzAGIlkg*vDLwxwthaSu@~>;%#1}1EeY53HXZUm7M-%e7lcXS1ldz zpQ)x`eI(dU{ElpKu({SKbj*VN{LZxxvYF1mjcnT{6yNbg{~1rrr1R$J;mzMs?E`AS z7gTeo<11@3|3I~`$NsVvziI^VZ?)nVMGtw%a^x#da`OCY2pAC}85LB>BG-1vg z>&7Fvi6k+w+6$GS!Y8mf1~Uh7!Y%6Rd)=N&!<&16Rwz>z$W)P3x`p$=W*TQ+1h8?@ zyfojAAPr8 zUYez=aSM2oT=k}2y}^~!bm=d7vGjDHO?e^b3X~8iTS*Ry`7*g>L?d`+ zM4ERyUE;D1d5>j5<{Wqe}^J8($y{AeN05>$l`J&DsAOO38%8PV|BKWJf$?QDZR^Hz#%v zpA01&d@JJRTN?8mlOhK0Ip2}d>H01rFTjCIYzoHVZ34$B^?dHXdplwV(`XiNKM+_R6$eFCg)H4FISg$kcbr-2FLG^UvxXJ>P4f zNpsVYu0K9cv&Wq_*oxlukI9?BKh2Q;$-B!^-xF1s!-F6*XfOg-j@Lr(E1*?(X@c6w z4c~|&!T7691)hAs?i!(%QAn103rby53k~JD6{0-TD@#aBX4}s0niK5zdFv|@YX_|W z^clagNaIwB2kXy5dQNdZYS-G=BlJEK#0{JvQ?IHb_ptkZ@t*k+4zrcf6!sW%oW2?U zo~%!E8lLC7$8!Uj}a-=0yI#6(JRZy0x9%F~m%P!A0^_6On}tLB1rLIYOuZr+F| z`oe~s#;kR`>HDRv2IoL87>7jsFfg|UD>@ILXW!cwu4$L~Mm{xu0pWwNQ7d)&2fjNo z!r{4zff+=b_zHWQEw>LXwv%h~3Mf3-M1&HqbJ?I811n?N?vF+a_Cy)1r zwBwTTGm|^-S4$&I|0J_AE4?seI){@{pR#Jx-SQ*tNFQ^2)X+J1waxk)BMAJ`6#tQue;UE`FO8tYd8~PS zS%>x6Nbs|cwt4HUv}v{VS%?LFZ1iU*jPJ+(VXLk$UTJgVitp=Z=ihGze7V~XOBSeY zdzgOMMGtxYUa#F1+PIJUpkT>Q(Diomy;in_*QF&{!Kr0}>NC&XQriM@1_!&i@< z2^0E2Tkrm=;c2sp)pQ?VWeCxC9D?~T2!>=9CC$N z!Wtaj+augfow8)wN3H3{Zeh>4RrY@@sR+=t9gTZSY%~Y!c4%o7%SJ0s!O_*fvwyL< z^e@(f(lw<3Kh;$1DVA=intCv~AyzycjkmLdMpArSyeS&u;?1NG&Xx|mc^Bbu>URYm zd(qrZdHw+KYbo4vq{Mpev;uNiLU-3qK?2&E-Jb|4ZxgcTNhZ3uq8dN8;(5n?A6&xw zGr)r>!w>_U15uARMFX;bRzx)$=W|YcnIT#FU5fwhrk?+N%a~7~=w*DLBrMH2)Gy0@ zh(DLm`YcP4HtAbl62QG%FYa36)U@kKh1&orml%1kA<}+gIF8zIi)JUAY<^$If`5r= zq&`&qYDxEx0gm@cBa82WBH_!fsOyJ@ z{&@$4Z^vpH{3#*bbXcxBHSG5VG@<9?&#d#Hc&A<9do1f)D64RHoL1{UDql07%GaOA z5kGVPpH;s8qXXHq|9QUEZL= zvF*JcB>r}#2~~3*_xMKO_ct7S{wwpVd^}!A?Mhe}%D0;g$k%;}dxaHQdPhN~B2u+X zMK@gSSC+j!m!{W;d33X9*F09fuB65`V_nMH?TwV-4YyLI=~wCeRK$SXFz5W@PY-bN z`ztp?@u)Sfj5^FiZrE}~F02M(Sk}S~2>Y~w7w&L%TbzRy!q%r1e5j6*jG#ys5Rj}s zWS+O7lKX^~+|0vJzVNK|D7!vNF;UxV#g!lU6LwTj3Qa5Oar@6cg5SXh`0K6hO(~sF zmA>2>a(d|3crjN);dCg3$-jsN0e|TuP@-Y9RfBSnZn%&Y#8qhpt2 z)x>I#+~T?1Y%w)Z+j+)dat#^RjAc{Y^rmVWnaK3^E-_da5_44|KZyDE)lcC76AfSE ztt>n?q+kAU!Ce$mMi3kCFwogBUrJ+Z7X2foq?N?_pv$_OOj=?c54u&p(c^75qS`fD zVke4dvikjY2zJyGCJfC7@p$*~AmdRDgfm)>t4#a1SKtl$kr=ih%+lM8hjpzW$M3_{ zSxTcYv5UWH)j%s?*cO&OP3&7WUrL4eJV@c5`j!9)4f_6Mq4X=3uWWC>$R+QJsi$i9 zIk}97U;3fveMvYe-h4Q4K4Ew_H`vV+QD^`A;!2LsQ2&doF|yeQi#y|wp#85aFXlf1 z)~E2I{n-`cTbjQNc&7sKAl^{j6EpsZXsaxh{;}<`J#5N1>|q(+^&p-8eJSA&cnthl zm-*+))1P%d8k_7os~un0`%vHD)%{j^`p>Nee%0LnY-@pEHTPGo{Z~ru0^fF@+45e& zo|NI@uXD~gm1UPaRTAmV_f0pux)!IS;7UHI1&*uIen9#|x`X^lCNiF*5(N@9?G2b^ zD3*>^rK6<8+ohE~`d$VRxZ=ga2}!n=9A6f``R02w7YlQe=wt>(Q9&PSE`!UQ3aNCY z^^<%vz)&GJP0!}`Sg?D!%3fisDy+m~)cQmsUe2FEc`!(kXAdjiLhqQy7_>xEZuv`z zzCk&wD;h#Ye!l~l7_?n`l6T&@STc=Bq_n>$<5U-y8+g4O;{&mSLXMSGg9qG*OvEZ4 zu}Wy`3HA!9o5F~{!TTy*;1SqC_g)=^el5n^r2vEeeEq2Zw!^$rix{gg>m5+nmnC40 z_`THb7jpL(wK{%HZC0@AnqmEJ`N1#(KUcB6>mGVf$GnPP zB1@HSRMBQL5}WBDxZK$+Q(XpAV;%~Vojh)on+y5EiGa$nmI1msuyF5gsJCNBiU)UD zWb@6wggiN-yrg6Umtdte_RBJjblOgjEHPwk=DN9bMN5oVQ{$^QpA1V*lLz!8kJivd;IzWL{nX zI8dB}2#ou=!bz>Nu(#uyvuhtsr+7?s0@RIj=zy3cIi=p3{u^R51A88*ei0b=$glc% zfq9)7l70t*5~_-0f4uW1461AjZS?^ihkysf?%v+=F>c$Xp9~FWuh&#^8|x;H|3uS$ z*=_5S==6z;Fa3Aa`~WFKA^(##JlOODm@W8EvYhDjC%{x(mTNWU_YH>=z=b^4fxZ*3 zQ!}CMhgZ%gab=wyn;hQaer9>!_Qm>=fMX)$96!9}N5K4oT_+j+At}k-4TpkH8F(1p zw|x))d~AFCyc2=lQa|Tb@t;cjC&m7{?;)?_AF3FiT-1ba%gL)<>rdr3CP)0X8zb-` zou8Vvu@A%X52W-mOA}9xvW63sfdgC!#O~eKr*aSMt*Hi@qf-FE|0sdv>G8} zu5n@- z$ZxhD?Lz?jS>bA6xdcsrn;w^8?~X~ek=w3cMDa%LJstDVaoQLpbQU>&mq>PhBtui= zf&&^2xW2(MUk>+L)3oft%cB9%d;;mmQHkDFcwYC1gA@drH4D=i$OxxN(3Q9Og4ESu z7o(tn%GQbcoqkdA5-VPC8YT)oc73|J#0!{vOW?ZQy4H?&m0uPP*tLY1$%=-C9p!{2b|1a(r{{c$kcV;Ph+hDbj z%3-%(=M+Uh7kBecgI7};@V&Yl?ZVGk;Fq7OXww1uNe69@&jQngIi+!R+q6T2Pm!^o zst(bQKR^_qwk|ln;A1DVF*N7VS4lQ{I@QTUFQUlpIDt zyk96wBx-iCt;4Gq^uCH>bE+Xb!x>7*pB0yqr-oFagH#l>s9sPt^I=;Lp%HfJyL~@pi+A)OJ4BL*ceY5zDt*aNe+J_(5iT+^pQwAa@bjuR2KW- z4{clO8G2pglne_v2Lg|)JZr73?HJ5cbm!+{xp( z2=`UEc`wz^BxV#B8{#n6fm@y|-kHLK8^MzNaRb*5xm-J4J8JT>@t%63KWp{Zk+3C4|7mATuOlg4s5Q1b-A z?2L={3%lGewKpIrmo?Y=uDmx7NuSiLDP*?`cOUMd-z`?HodoMo7K>K{pkha03Gj^|t?r2%a#e@$g~B#BM^A6Cm^w3Ei&Ej>FF1v+LaiOu*u1Riak!zW>LB%y&CvVLwY!&uIZQhKI1t))8A z6k_pL+jtVx#5%-Y&~jTsTS6aFhd6Bx;dwm0uuH@M*uFm=5O%5rhqzRGjfg?CaL8_O zU<{V96o^fSt#|U3G7%v%cl$B=cnm4*Jk2)@xe%wJ&y!VbAL0NYFa7pTR4kPxPQXsx z!pM%PM$@HvBgbWNwTXgzG`PfzZ^kdClV1v^s#iC`o1TpmE1<;#3a z+8ae{lq!RBv8dwxPPsDHE*T}Eb=X~wtcBv)4Vgohub$fUczYqW8H-zE6~V@|1=DaF3~$Gi0jGaWZ6~s$&z;$&A7J}jqGvoWy;_AmrXw|Tah7C z0Nv~MZCay70_!FO&Q%UQE&+A%yqOm{YJY!)Rf!!IbVO>R+lV<0n;RI0u(%^z_}Y;{s;y z;fcT>AM5Du5N@#A`$ULCtCKIAxqmO}!b38gJ?JkrYQNX2)qb-5z?Xa$huZZ|37O9Z zXYluQmOmZaochnU-)U}d(fL{v?i0x4IT;3izniDchEp7x6CBzhp+80SnDo(ZUrWV) zD;dj5zc0f3QZc;x%ld=TSG81p)Y939dM-ZJoTf<&1tF~@?+zSg&Y~4!JYYeN^NqeN zDGU^_dg_aJ$-C86G;^g^hz*sal$i9Q86rjzjl?VBi;XxN%M7R;KiXq^->xgKEU31H z`Q1}71Id?r50D`-2KU~%g@~O>VGT(E!~<%XuZ2Np-Wrq2D#ZuG|QDrk6WMNnXv+?9%Gd z=f%)Irg?6kJn0f6Yp`$U;mve~a z!-NS(-7#$z-ZQKulsnAQaaw^Jbi&|Eq$rQa;GrPpt$!C1a9I2RC++A?C}$0qWX|t_ zhiVxSnkOH;IA~pGGk>2VYp?RjzT@<~jk!{R`HJ$L)kPsGyOH`S4BG>A^Sr?R4m+`S zV1hV4;_I`cZae&j)jNYnl&4rsuI9vm26RK$uTpF-lZN)CW#2DOb=>8$Aw@Do)(7Ce zP5@G7$|UHA?&;W#zhi+biJ=xhVtm#N3a(E9wCclBCEK8r_9q?csS~}#+UY7j-f$J% zauN;23DCeR9LLt833ayXK{ttBmR(IzlB@C*FPP)M?|*jL{dLVT;CExMbyNz{RWqot z^*oMcO|^|Auz`T^zfh0h&PAuIf$|MM& zaWyAD4Mk3>56R=6n)WQp7b(2n=xnsh*6KKiL7W5(lQ@ZKOgh)tw@AumZezEP-Ze#W zT7(JqeT_6DjJ7)-(WXxpr~Mtke5#VPC8q-x)~n5pIF+#2%?6^^WxbX-F&45?mC2Z{ z#N_ZdgS0xFr4+g<^BtmAQjJa0eXR`%^zT7Ua_7$i>3b1{nU6S!7 zOZ2|s$>r8(qq$4U8(a`pvKdvPM>80t%~;xq1Ve6G6xbuq9u*6@C=gqF5C+Y`m)&Op zHJ6E%9Lahm+8uHy@n%adfuro)Md{=lDvi|3{Ft=Ym3qAn6ndOvj5I~8sZnVlwx>+K zj)B;xj)j0>S4|0AT)%%lQ4_qFd^SaJYa)>mV*VAZO&*tb%|o9`nw?$kFR5y?bR-yo z5@*pJ)0Hbelef4M7+~`Y+==bL7sBe`Ugl%E6Y^%iGs}azWCur^&E$?s2spH!uloyE zw9E5Cmgt?29Dmy-=)R0fy~vkg2LF?t z{(9_xwVl@flXhBpM9kCmUBmEhEs>`6DJJ??e6wg|p_pj)q*Jz9A~4CfAXN8=Tt_cU zD>G=eN+mJup2o$?XcASQF)r(ji08ay$`9@2%L5Oo4}*Tt`>>G-%IRn_I96o=_;~T$ z6@IG^3dB$KUoH1dp;jn;R%L~y-c%3HMNL5Y$P8&Q24^4FK%L0>=vlVl#m<9lhn!ik z%}U^!cj;R4qTEhSr_3ooyf*#)e)R6+Qpo|bURQ-i=e0!c4~Ugta0^fDT{z;pucCun z43p}49m6(b3xRM5Y(j>2zSJ9c%AWfBAd8xvOS(u&luf+QnG;ds3^#e2=jLCHMe66IZGpW{K=pxBUVm27OG5^yi%R|e;C!Q5w4 zD%8Y~38=UR5m#M{Qo}jEej>~uzDqUs_0=|D*95H1^+H4j1;Oa7`X;ljxj)969`r+h z#n=HMTa|7H)UO^UL(3>E++euc0gvYiBR6N=(Dzs!PdvZs z@^PS56@rDvE&LMht}J%<++UuSU)&XveIw3aTiwh-?r1#DdkPa zOaw?WMuxND~odb;Hd7MU}W~ zxr>{=@l_m<_EoGDEZuEZ%aa2pkUrk}&3SN!(j zKNsi!$KHP}J8o>-qUbxmV!ktW5RL%x2=55*@docf5QZ>cf5CDp)s!@)wdOu2?v1Mm z#Tb?3025$lYprK@S);7{s{6rIlEZ7f1EFTh(2cXns3Arznyv^xn66zu;EQs@5||u!{%-vK2${T(kGyEe`}+(oU7LhH4u$ zM};S?l#9nh&%1Wzlqt{(FEC$~-l+Itw}s1((EZtTq*pPPEFJ)+G;9-#rb@9FY^E6A zyfe*>RIU(9xL1>k7vb@I;N$M;YMdO+g^6B~bi#-W`w45PbAdvL#wvci6o3=jkGzaW z*1FV9 z7HZs%_oh|=JzRw)O#V95t@Bu-)<(0UqB9qy55- zChPpvM*FD%Vr$Gl`6#)#H`}DA_Q+S;pWDNTY&r)gXbRtY*naw}aKHcCZ$YG=3IpEl z)BXD=ccY>RoH2jt-RY`ruv6bFPk*QU?_~QU;12l2xPGW!vmN+rM2PYw?)B$hT6I*Z%M|BtdFKVMnXyT(D{0(clJ?WNF};0 z7I&?Y+Qu#e#H{OyZd!9%*_5X8WzSJo^mG-UUg^=dwLTle_UowD&-f?=_5eyyz{=| z+Wtoh`db8vTO;q&JR#s-+r0<2G%_4WxBNoJ{OS}mYG+0)p7tb=Pt4+X%}a`i1S*jT z?0e~cO9oVo1f(!S=E{W-Z*kVGdrO9q?M^hb1V&Hgy!N*P9uam!{D~W^!v>aQ5Qu5q zi6xsCr?|eU2w6P@#ER~X>l$=hy=*8k*?|PFK?Nn1ba+W$on*LR<_;Hw!Dwp_Oohiw zKnDfETuBJZeVc%cOJSdkuW!+`m?OiP zSnjCWB6cm15m}{&5r61nr_#`?8Q_SY$rWuOje1adwNsb$&Ju0#FwNnK>q3Rbm|!rT zRb>=9*n`dtoZ)!?A%cYYKep*u_P>5c;V(U4{wrNzln)|rKM+9hQFI0_8*+PI4XSw=!Pw7n_SbzVs7d#BUu?$PD<}wB_UM{Pf#W zAoaJVEx#N4PqX?=3i$8L>YwylQMKKg2+X_?P`B%tR$V=Z^(56EPkZ`(fmiDJ(ntni zO%QR&Dz}~C*)rbY5WEv$N#VY(nd8@!TqB3YmWE!8x!HOT2}T%}1=Yrt7+A~;-$CKo z5@i2qNr2*rIG^@vY_Ddb3uHi;yQM#q z7Y4q$K+3nrLwN9SKn_WHcYTE+G>~5)L3IZi54VG&1>-e>3X41BUWL=fPfE+Z+*Tco z?k!vgYwncDmNc2k1@nT^7JdN3rR<&8;tCgv*XOEP??bfNJc+SY)ZfhETJ|X{sP`gy zdB_u=r$gkzzyNPcOt>2j`ABqq;3t+Pzx7(7N%Q$39q;e-0^oEc;uI@aRJ44XH(Ja0 zG1yfJKy{w|W4%vP;8!19PKm-p5d~2ZdGaY>MJ|R|%$sGxJl_x49FoqhKUJN9%(^uX z|Lat{^azxJ0_>Yzpn;$&H|3%Z;tnF8xq7=4UD3m%xMqkUJ0fGi9L1#Ns(j;X$br( z3vNs38}9&-rUz`y>DRFPJo(I$BkC_Z0lFXld13#M^3P5HH0xF;-TLQ6Dujy1# zR+3vBRtSv7QPNORmK(4JH9j7L!d_xWkvaetFjaZDtCF3zcak58Iu%?H8%$1LMv{Y0 zd-c+T@O6esyw`PE$fPV%tGW;K*5DaSt%M8suuzT|K;Vg79R#NX^0mDqc$y^3+@GGm zNbcC)>PLT{FQb)@N5eNYyxQRn+JY!R01>$77r+U|II$)})c(V+zV8?S|f zD3wR7R-bx)@6d!e#yP2gD6S7h7G}HbkU)BtD|C68hmGC#i8kVPZlGYe`2JoTz3Y zJ(aIvvdc(46y%#(iBaaJ3lZKVXPNKH*1*r=BFBYJrwWMJIuy)82^?lW;AN@XT(zJj z?lIitdUJs-iV=hqUMsi^Req{5k89ZSlik91>v_e(mtiYhwiOW*&$O^0M0~LU+zYk> zJ@~}71iQ>%Bf6Nixp_u}Rw{%d_Yw&~3sfI)YYzCW8=g;09ua{bg_6_hi&nz716sD| zje)@A1jX|`Wg5b~n_EfLg67>P|6Tg@d|Lc>p)f9j%mmDRwhCCfxbRCv4Lv8>B2}p!}uSs^YhGl$Mqxf5_p=wUmY!$md!^gD0f#f+5>YPP_y7hm? z8i?_OHQbXmtdli_r^vJC|5Vu%)2Ab-R^8t~$hUjwsbGvqw@3FKdyOUTT<`&^n*Q55 zYnA%z8S{q(zMVUtW8@e1FhI8b^d{ZEFoYX?UN|X)ygk@EVbb3dGCvgaWie02$ttEz z)W55z=Sywc5ntkAKh?OW=#$~eMujO;blFhP^wiCtX{RTD{M&3{b&qM{2lx5NCo93s zgL9@pf~dIyomY16yAQjt|D}I*vwSG$FG_cUxIag_Y&n&7k67Ok9=Lu1bp4q*Ry>y1 zU_cgTgOs45vz|I2C!QH5Jj(GxwS31##*E|AVj>BHRm=qpgKc z{Ui6`)(1#+USK)g#b!26OC)gT3&QIJV?gwhH70%+S`z{lVjwgMyfTuF_t7?FJSaYx z8!OG%k*Pu!)ubgQ0hNv*TI_wAS8I(Hh)PSqdf!L3i;=bj&lNR?4ti+CzyYT9_czbZxU)Eqg*@CI2s`$zwCj5^ZsB_T= z@F4!Trjn9;Lcp?C6IcH+QHZ}}RjQ9qsY&3cT9b6rap1WiPr(%aT!&IVUt`blA>66* z(JPB$HY@kN!2L!shDCjO9SFbsXgKj(Fgm+`+VyCkpmf_gzE;RIejQt#U(RV9aN2<1 z6#;Fe{j+D1bE&7lD-il=hV~h6`*ZUz$&PNkP5R$cIN1+Tu;*U;@`i6&JWehCgLXc2 z^}HJ-okpB*K{KbvG_WFCrY6$n`WSV=X5P^lDrZ~t_L^@Vb3|8UO?sm8$-cNmAj@J7 zPrM6dI=AXORISmER6+Nw81t$K*rqks@z-T~P9Rxffot~nn!mh!Vo;6-WW-1hz}m9i zA%588N^#FX*e zbMM=|FLQI>{Y%-P&7%#JjD<7Olsg$qsL;FJgA!&-_4-;*qh_#PE>PT6n>DsWFqYjM z7}Kan&EPS2%&&YaLraTVTJBx4>Pf1W2OVg?Si+~ z2Q1J$pM&f{qgEb$>VtG*;K!F-gw)I^K{&Yha?9>jh7`&XLEYy684EzFgWxR+tSo z+@B1l54KzX2Z^J=-%MNoT^Hjy?9maY9U@Z-sCdmsbMuDNmH~_f{1dz6gd;jQwKUU* zwk{SO9`;m%@yO6kg#c&FJowf1bp`R8tZ0GUaSAZghE?^@eBvC^KYaN%?wN$%6h5hj zw?C555omGX?k6#O*sR7v{~LmNyzdj5@wD1c*x+keZjUjjD;5 z$8xhd{6cX2M9B9LH!Jt?ln7W`8%&NaS!+F>bHTpecfzAQe4~=;Zk+76GahVcJMP^9 zsJT)(vn{o$o}~326_rWs=*mHH)Y{ypfF>$eY+PuR7ysm&b$;VcbxvCbR*D;mo@o7f;-H z?A~a6%3JPEmk_dn5U|W5QXHkNF#&$S$8hl`4b&$VV+jO;9V!#g4PK*V@aC=o!YX@6 zurOBi&)&PlPxb=cnUTL0dU6^9!1NrIRdfOjzG2ffjh;q!eL1pqhsmnF7|!|c*zRMp z?h#_3eZjmSR{_zcL(y8yyUX=3w`)stbEFl3vpp0yNXt9QFDx6DZ^tMXMI=&%xJZnT z31p&m2UzXPeS4t$#E!_@pzFKrW%*R9dRW=4v-N{eH7uBG-PPh>!6W;SbNZ@e@j&**Htncm2q2% z0xb8r{gSI{SYS&Tpz0|GxY9pP;LLAhzc#)5RuaS}A>fOF_Nh>Pq#vX0_*N3+$C$#3 z8~ded$G0YU4tFZ6&@!AhI?2@dh8Zlqt^(k&^VezCtg4VdqCD7dW50L2xXNErF7ONI z#;<6(2F}YL_lqA61LzY>*uD|{GH!{Mhe|O!GdaJcCbLIa%iWCzfGkgSMdcTJQ*E#IYPj^1jNP<>nV= zIf|j{Q;vLiXf@uzXf>P=0J|%BAFgPIE41;Rjh6||&3dn2_n2aCk1HsPF5xOtVjfr1 z)Yw}UW*3bX1#-M|WAsec2)*+fOTHK$@RpPPRAL=p8Y5++x7{+K!E(NOK93eA5thMx zy+a2sjY@{##RnzlG4^V<<}n)4qi!ADCQmtDj}s2ucLmkJQKJ*2J2C_7clo#uk7zj z5yKZqep);1U10+~NUwMaJJB1$C#9q5RKyDAi+X5QDv$AFfU_RJrep>2Cxc0I`{acLAF)mc8wfK-#|VLxXX*W+3{%{qu00nXSvf~ z?fg@41PT?AoGJ^mrswLO*=`@BLjB^x5lO{<5hCxB3V36@j?Ihoj;dz%NZ;&EMH6-tRelnk* zNkM^MUO!DYl2^#UIF-)%@B2zEBu$b|L6rchfn-*Y#peQ{@%g!)Z#;jpENQIg05m|$ zzlFHqyde4f{5xE!mgG?~SU(qJfBrz{^AiX@SLW|zOj2)>Pe|N2XLf#4_T_@g`2pvQ z&zVOC)qQ4izQ6p;EHaqmbK&zs+-Cyk`)c6x#-#ZALiAi{>v?#wmiuM zq(YJ#$*`nqkTA(Qq->C1Zt=VWgX9zvIIrA(`-JD`!YN6uB=aO6EBPjcgiKcoA!+p6 zGg8R3I4|&dhR3HnPBBu&hq03L3kVt@5=`*R`TV(X)BU&g^nkZEgxe$LxjOQQ#fO#U zeDADqUsBpqVKudLC#=?s5}$0un|uiZKcAd`S;^I{Jy&)Yd0Ts~@;UO*xA7^`&9`uj zDDU8>Y78NN?g~UIBY*fZ2|#g)CiKN`=O2G4b^Y%hEb@IuB?IjPZNnNIN}*tbKjVA@u4t z6$s9?XgR7A5My;bhVJGNY}UTR=*fZ$2efoKDg^gK!u z^zPXkmE3gac((40Xru(#)@760sZR}3+IR_(jWX}sZkl^+?jd6p3!M^ruDQM&lpcZr zF+^vi^#@h1*&x6wlcK$mRWn?A2r$ulDr2<`SDt`prE9XVcq)QRDGlhTCz{(d8dNJS z^fV2lTMM=XUr>zQ?>$Wo0#&>V59)3xYd&rzAY#WbSeC*DwBxiXrXjXD$94Ton{F8i5lIXpfcWC?8~JngOy`30aR8CpIt&`%(&Sh*d4=AFO6 z%N+Q;G+(4Y#y5o zIJ+tvyec%n|6|dauR%zE6)pT9kEOnZ!0ta9Mbpd!{lm0h=hrHDT=J9feA>XNxGBp` zDZ7Fg<7ef$DZ+2@wrrwM&+k3vZI??wM^WEmYt|oL1HiDqY2ccKl{#6~T11sY{aFHU zs_ooV`;@sH`^!O@d2SbRWq*_(TU+PU!@l95vjMU{HL;m&3i?(j<{TFoGWu~01)2Ui zR+#Yi4mxi7ei8+IN{Ib~qo|ci-y(({Z2WwdIC@iift3YFT5%7ifnLfv2;4N&=^q9w zLu_qMd?JAZ!{wzR`}ijaq1CNk+_f1mZ}9$hqqnSulfB3*D>SopfaD{0^w0%HIMDVB zB?R<+RO$wD>gTh#mN+*B!NNa0bN9^SO@?d(&%xEVb;Ql(oGuk=eLbbB<6>mFnhku{ zWD_vZE4I&pA%U%e69{z=+_k%puNOBkS03hLL?2Yp8&1>_4zYxUah|C6C5{f%$9evh z_y;dU55&q&Gj6sI@97B;npK@h;S!&4m6RU19DgLu)mH39iB9u}H^$v)O;4@{Gt zXBqZQKHW8l_VNsx4Z(aXFL((m6=ohq9OzH-Ism)mUf+;sQvRsxrccHMDxJj5K!*_@ zEZyE8RU8st(AY~~3Y9Cp%!t;DF@2mWlsWQ+vNTM+47IoQKvOH}`p7L@dWi3$yFTcK zi&tsvm&^UVzwX|hGHQ@plOWseIALFbRV%N{f_IZ&;qrFvjC4-_kIgQ!vOl@n*NLv7B??MK3_-(>NwtfKvAWy=4!ruiR7NEIyU9~PA^ z7f(q2c1{~QKn-t=umVUpz9+yT?FCW!Linmx3M-8`rcd7IH=6gcJaVVPm@gGL zk8Ccbk2+?a=PF+YuVFjmWeu;X2Oj017V(9J1Tq_){Bm_(sd8cVB{4agW@Wf*hXfJT zcWqxy(>1xEBd(ftQ_R`BBH#$qU}@ZSfFug} ze%gfQ2;PFl^RUCL*>fqiIX~l4*KJ2}U`Xy)CthSzY(hN=>A_UoH0H^a6KGt$(}^_yGDcNRY~ z?}&K8Fso<~U1@k^)3RM=1UOy+HXF)eBe8jdHivYPN2c2n^SJ8l6ZIdK`fRmqyuP|! zUSoq&z`qUz&e|%no_#h(-|6>XZ|Hy6_kz$st4;Rl=!u523@R=Pta=Qadr%!V!UI2ihxxVt~J}3Z%YRzPQ5IZKgy(?RCk)8 z-(q!>?c`YWOL5H4`P0`}UGdA{kFlCWeknccgx)p;uKJEUcMohf|7N0oPRBgpms$Om zf@4vz@+}SLZ)M>q@&&;5d=(@8h^)}f2ZVFY$nWXoRU};G> zjszFtEW)qB>pJ7NQGl5Xgq@eU_#u9K)K91ZC@4W)uL0E>v@MO$(OK<;m#y<-nyIz! z%w$CHq(G#oX^^ZB)g1B^@$GW0{StR6{AJTBpDI$_l|A6c_j|jQ_OiFtmJC@k2|_#D z@gt%^0d5#v8!Ja=6VR->y=lHia#LxY8eBygJVESD0G^Ktsunqj#N~2} zi5;IG*pPu1p6>xKH(fffPirF!K~=9@pUk*-AqlWMjU*5Ey;^{j65{HMw;DJ&BeCi;Kd7>R^rx$Lm5;NBtbmv+Cl8rjt=$XdFz7WjZ1KeniDcUz->fXvb)7`g69Ic<$kOvll-M)d6B|7E_#Cw~>yI^RHK0p!}R^1Smt&s4M+d?5;#E5Fnn}*BTMnn9R=0KWGuUQ{4uD z{MH zG(^~+7>Qfo+n1cm18RMh)&g+?nJN0v6RTQE-(+eJx)_ z65=tHjJz-S7m&_{`Tj89-ZFONT2?gow6Sm`#jQ2!BD2-SX|6;=EGk$$HS)>Bu8%K9oAQTLE*W3MysWACs+ZMDBt_z3|eZ^?eN4uq?>b{E_75?nXiiB zW=QEAN89O*cL7fmNCt_+^@Q;vSNBA^y|3jCe&o|!?JQXFh-Q$>hpiItd#l#xnKS5 zzz>J}XR61);q2e4M*R)QT;Q||{CI!jkNT|-Z)H%=mBP#G3H%4kbr06m(>PGLQE+!t@ zLa3p=z4pRFknTy`R&$vO++x_(%r$M4CWo?fa8?BV6hbHq=|uOdCsG$R=puM!~IIcMF9kKX# zy{vN9QX@MJMO)xA?_>T6H_Q|Qu{xCsReXIjX_zO3epdbCi#M9&*N367=gR*B2<7>| zsMtz&>0!q$Tb(8zpFS9rZ+M2S<@Mn{ihS|kHg)vPrM}@)4QY6Iuis&QM9}fZ-w-*> zml9|&RxV%1TU4nV8AB+s^?`H>h;vrmQhL$4=LyW-^@A$w>#g~u?v1G#mtuYd(v%7_ z7VDlMZTUEsfE~JmcJJPC#DijCrq1T$?{VoAVDsPQhbl8qy>R-zD} z`i9R;M(nah7U-TOu!|WD>LcC~ga?q0x-Pk@o6_Sgk4d1vk`Oj#VzN`p7-=k^ko{UT z=A_d?hGpqr!J@G|-6*Z5A4fybzj)+-28&$qIs5>t@381(T$w*!;KV!cT3r)JrIhC! z#!eV2e+ZM-x6Y)%cc3vE@TZ8|r_FL46hmPdermI_+Yoy#7@ii;Pv~ZI?oaPIkq!8M zXrz4F%O5|SHJ|1w+o{SBmHF1f=$A2tEq+NdkyPNP=wzAQC^Pj4FYwGy=~N~1py31N ziiw_E^Lqrd`}2E#6qykjwgAjS`6mvV;@y%)z4Uv`(jX=6++qtdLL&_uH7uZ0v%8)q z<%t8$tmyAD#gvC8Phi7bRjQWg9~O8kf!33@FLPlynrzzin#*W-R*mn2kfiFR)5m&ze1gx&poS+Qgl zVF5)8wDfWe(5GxfDJ`MQDmZRBG=(yFrFHutd{zScqObRumd~waJxf$yZ?9I5a{pwA zqP5=~$Wh9rw4Rqo`V>{*nb+2~nTU5IVG8AAy@)ZVz13S3kk^+#IOS~3p?FIQMG8jv zgrsm8X0TlgwL@}+1s$fcp9@d$*A^%+vM)K5U31TP+a$4RmuD2OXop!%J98D>^&}Za z%YHXaReLJ0_r0v!PPf{l3Bp$oF3l?wAyc=XE`YzJuzs}(GWoZLKB<6pHzef4Sa{{S z4F@@g!|yVDJ~?cmcm3`amzUTF^B%E=klD6LYeprVHtG`l01>_pk3!#y*oZu2RdZO> zI9Vcsv( z_|XjScMdl0c)_i`vi@5j#c#2~RE>Fvf7km_@R3~D=d14D6>DRu6k_Dp!jC>=I<7es z^^iq|w^gC7X|wUtXh5+e@yL37BQ4JoCu&1M>VT$$8qTk@H&Xk8Q1jSNjGT1A9Ouj^M^;)rA1@PnjibT%tu2qz`3ulS_T zy4*epn64c4lV<(?7?-xz1ps*RFlYN8)o=8yL3qJyvK@)b>QNHXw@`peL*&C>%nw;ZafS1 zF2BBG*uTLCGKtxi5xVu*JF0b6ZVPq$HoP=SIf5g}=_ca{Z48tWKx$K}voahdWKY{C zd@pryypYlcv#(gsi$22evUxt^9baalR~trWCM3p)oSJ%rH!cHa5W}_~U>*VMc5PIP zvhS^ZiYuNOibo~c=jCm2_Iu56T8Q2hl&~(sjSq|ziX`J;g_C$~=AFip_fqSykjb~< zV1Nc@2~Luot$U&qU!Edz4=9{`;K9^AJ=+eParC8YHep0h;!2KqP#SsV@Pbeb7q(Ng zCV1&!85egTz&Tf@^@jkuw-e^=xBK4K{%A~h8YFOcXi>S14Mh^WfSddB&dc>`&ElkY znAqIqNQL^bu<)>HJMEOliXA69=GK}>|Ju> zjUWmbj%M~7n$?vI&%jeWu0t`kPUZJpA-FqUK!vf_+LbBMe2e@9BNGont!TPv_zQ(l zlDc62=;1o&cjQZn=(l<)3T?PN0i{~cFR@9%8>ad3rgR$4@m-1IoYrBc0X>PUT1Y1% z>r+DL{M8z33<|c*nv(p}eYG1k#?NKeT`n!)g1RP0u=0Yu>!!~!nS!+#eZnSB1;amW z+|+BfT1bS?yEcBPLM1KoyQCofA#-G=R;^=gT@Ni{_yiu1noX+w5)(eS)l3~izR1_LL+ho0GVGA7+BF*(9^CBsapojMjnZ9{0>JfXVU}D3o#b&MGL= zNArmeb2OcbUo16Lfo_M8XBD?Bj40+NxHqONpQNgzNLId8$K;Vyq^xye7;gr^w)1Xf zBZMP)94}(;w82O|pA$#hw>K!#?>!c`=e3CIl5lpU#lz}oJ@uJi8;DRZ;^vW1Gg0@* z+)AJ|V*?}5$9SMD%et+{k?084yB7!Ey-l(Nz`x*XNyrO^U}*ogt?zuC&`L*Let$C%bg{~Gf9zq0%;{@6AH6Xm*yCaM z1k@`&h5=+W3a13d8`Ti~hg3uZv+n0t5xlzxp3jRsue@!q1A{hR)s~7yUY{i|ymUeC z(u+xt&#E?{@|M4F85mqeec90Zw#YDu%t_NXMp*>Pyk1dUXHBt|yC^1aqT8httpYh5U?XDC(AVm{zp#homg^$FGIw<5U76m2=* z;_KCc&15U%_NKIon~h7M`OoD_+>rv0PW^T0i%ZoP2FKs|(;SV9x&oa#r)eyzo{@2! zrQD#mkiV=zhniZLu%IGr<M8UX;0U}9 zvF`c}POW&H-lcy)Ru-eC<`)0aJBu^;W$;-!b7jo zNsv`Q%3Q>G8;rnKox@#3k)f9RQ(|5R?3dc9;&y?u*L&4HBh<4-*gU|nqLF8r@fj{U zVl;A-sx&Fi79*e`^&C!?mU$h6^cUqHaW(Sae{oXQE7enW>+l+}hcLl+3=lWVyl(Av zNL~{@s&Ma*L$xhqbO`aKm~C6Wa)UYCba7Cw*pW-=O@jk*r$Ia0=S3N1b>W^0K6K^- zP@X-`l>wSBGlR}5XiZW@_lk@--Qg1QN4W*n&F5m9QPaVfATe6Ryc%|ZVFUcF7JZ*KlBx3}TsnCpMeFv}C zXA${`jdudHjC!xABm#(NxCf3iSX}#zk*s?>`3nU?@9~barm2~nK=So=$uD9$Oa}g5 z(I&($&m_npcpt5S0P14M_-ZE==O+#&G07+hHM= zlXDW|ZIFvc>(;neJ?@OBz!=A+`U2C1K z$82qHFAs@c3>_ROwUcPod0@08eS4=#r3@nsLCw9LtXBmn>8+#moJ_THLq7SG$?i#| z{3t`$=U?-f8Z)b#>{A!!a=yrV2wq#9*_1$}2KOj3(p^+Hs|DoFC_uU^pyj)FVkk^( zM>5=D7mjr3{K8yBZGvtaKZ(=L*Hc_lc+enGU%lrSg&TcpsxdLVWN#&DQf_>-*y-_5`+kDLQgtldSv0IDuwBm??)ase!B4iS1ea5I1w_T zubD2kPQS7f728Y5q(<7oYX2aZ1z?h)drPK1ypZ{--RhA`uA$}Y(=*aRvc4`t;KVcD zN|$}i9D+ac#BD1Xl4V)(U4jrV%vZefJBBKG(x8^&JD0dfeU>&SWR@ArwZ!LmB#tgBEzx;-i;-}cd$CgMh6dAIr}27R0i z`n5#Z=RMw+_bdTS%!*~KfLMH|(3y?AbokPDmZqo#QK6*!bRloq@4=Sl@hv37R#xpx zM8+qklKd8DS**Y({ou!7{rhSE(^&(5HSK>oYvAuYD4Fo~X;4((;iT!r=CF?o|I8HE zI=?%}F=AH$kX!VGqsUTS1lhaCzn-o9 zwtCV7%1Olb2Wuxx92^%Mq-)#tz=NP}d$r6Bm9)oUCql}MY{DdF{eB@Jr!NvNOBB-_ z%Fd1S&xN?844FR-K{Wno7LivUZWrMg2nTE4xc5GNhJkV$AFs1$n`il_fl+ z&XpCpyeK-uK_o+idGd2N4T|~T5Xqd)%5&Z2^ft`b2l9>w1-zY zgd3(s>Yg7M(5YDOG?J-rX#!-s``-f01AM>(8WtSjM4YN(GLt2kDp+Gv{<@x4wLkf} zA#1W7M2;i7$+8d^wC_cYBFvupk1QAa^|*065QMjkm88%eJ7(LMUenq@szUiw%ZK1;f&RKjeXJzqrlsx9~WB>|1SVYk=B z^W9q?Y2@h_O=CWWs_Sv@iIo?WGa-@mCg+hQ!8S~adPKt3ZP0carfFX6H;Yj*d=fxa z0}y|jz!6*q>)O2HYSv~e93DZ7h4V!bPe zO1wPP%aZwKnzF_YA;r2RIKhl5xZZdg^}TU>HQUAa zwbCb^RaDtpM0P(x|Bb2{2gB*5Gsd@Ik`c(zB}n?9Y(t2C{UAlGpC zz~^MaeMi*z(1%o>OXp{IWe!DkE=qQq*AiY=^BA=?3bB}*-}QEN1WEu5lk<58Cu
mu&W;vALam?%%B&eD_%T@}a7{KC}jS9x>xX2mZK7-J6!xdPQL z-z=h$%*f7$$0^rTFwR{$uiKWXM84^(*o`qHWs(5NGw^(5?>2=97_WDA;~>w&9%0yF zhid07pp3!)06UTYDR$EOCulVBeqbl%y53utvVn1+6*F`wnz^L@H}z8fUs5k$TTcOh z3pbDdjGJF7<^H#D^8=f}{{lA;MF>7g^}=UE9X0qR6PS}xmL+MC2?~-$qC8yC7fN5J z)8-MZ`vbcqSLN`{*Im`dY#Ww4DEaVRISd*fN)O`rd_d>^f@wgou0BqtE0J8-M?;^y zUR(_i#K%-?IIe*+31o~5YOwIOBQH!GFm9Y3T?>h|zOG90yoi_YSOWY{!DJ$4anQSR zORGg~1cmj~0SKz@Zry{GE&}n}y|bV1Dk8}>G{lXR;rqQ?uWU1#54&gRqVtohC92O| zl<;>~iI7o7X?+RN9YDIsX0C!V8J&)J`*`W*>ys2$%?snTv(!bp87JbnR`i%R;xH}$ z?vrsXmQOBj@zim4d_#bzTZ$91=r21{& zg;VU_Fio@{m1bnbfTWPm{Hj^jk7lX# z4d+oq-I#OJY)hk2@#s#GADi$v_5Hq=f_3Ar9%XM91Bv-Ipzh#fmmX_(P-g*O%eW7|7Ym8TnyIW)$?9F^ETV_v{eWAJX)afIY zgc;6F5%AXD(s73;m8J5@A3D6xMN2L_7s_&%t2BmQ5F1NY*o~LHpHmb=Bpbq8HA}Xg zc-j8EYcH~^w5oO-W>(bMA{8giM0HG2$lF5!hyfSa9qvnVwN`FGZkdN_4*~lIvGtE@cyeF zR6cqT_~L$f%q8r@L;OJfO=9B}CO?t+O4+aXp(B~Wd)Z&Tgwu-vBGgqqMA&#+@sqz^?I zES50}sogex)o!CG7%RAtHX#ErOQhG?|c z)n)B{g}ciGLmLkjA$6iUqIZ3QpPls@S7nr0u{FqL)e>TcE|6T|YYbeSRAy454|{C) zK*7*1HmF^V^Bd~lYip2BM9cEjYngJm*fU}IhpvraCyrOm>f-3Qb*v6P9r6Z|pR&b^ z+nZgvg!|UvEGaBkg8>OTRvP)O-Iz-~Y(rA2(#wIaL7Tosw-W4!^`vJ94+nou-x#ah z!x^1rfJg7tTxG6vso=_k;x}JA=Z1JVk>p)+x+`SH6GrXMtc0Cf-3u#KXs)kHQs(EswW-p6mER<^+hJdROCn`;TM*O_e`YlmfnFK!M`MA7uDdj}|uDqw>gxA?W#$A9S-KX(ZHe2f1e%)`Vu%L0qRo1#^fRD?S~vjtOe843KWWUY69IFNcG%@Tj#&Gw#yWsS<0`j%Wmy;FrT1UUZP_YaMG ziV~K-h^1rTY&mS0q(=)FMXSTH>ELbX@)ETeii0AgWbBO#^mT7rwtw?E zvsV}#T?QW5?n&`{uz8r?MEdb+>{q`RV1Sg``+1yu#eh>Ssa~=FfE0eOWS^GsSw6qy z3@@BOXJ{wXVjBxDgX05mzaB2g-fLHwX*^8EeXIGI@OS2N$6SQ%FoNqcx%MgxTwblG zC&c^pCM55HuP^-yE;2Hx*9BX2;{j;z{%L?>R;3lYZ~6wu@3Qh}w5CgMq>QvD$3Ds4 zIx~aBD~w9(0p1Dh0x_1PtQ1e-T!0g^R-x^J08?R9&ft*^+&}APYwsb;JbVfym)9fQ zoFQ^WdLi=M;Rn|oFU4~&%luq4D<;1lH2*U1=(8t7E*&p4z|$EBMHsk4Ocz~ErR>=i zi{hMn#s#bsB$B@k<5^yxhk`xYH8V_}3hro-c+-f>kvtz1slp_2~Lj3<#5thZ(cn1m-LAr(gFBrhXo@pWQ}0Mo4uDJ zHsf^_;A*ogv+>8t%YSk@4*ZeO_@Xn&af6(Qow1v_!251HtV2qw(kt(F)dm8!f ziAfe!!lDD6Qf6S}qH0pZ3mZO$$N0(~!>~^=7@GW6s*xPcRA5E!OF`4*GEn35vFhO1 zu_;SUuR)x#El0Uw5lCpNFF^mobQymVU0w&t+6HEab-ix;5}~uhm z3S}9m=OzYT#dna@GagC?(sBM{9GhY(x21f(*wq6j^A*xdX+NZMenu0d#@4=s_d~>! zXss%4-QHJ_o+}(PaXRFK5M3QIfu2-1)S~Y&Cu+&@Q{c;7KFt~$=?U3sSTE+7M(I{465LZFfkWBCZ3!^k z6qm@}rZyIcR|(-c8eN0}-OcwKXHf#m!Tn)@VSOz~&=44E#k&%T!WAv7PYt-Ckc1Zy zN*jh+BJ(;g8Lzk2hIiq-))Bv$TN-(>p_QjOl%>|#lj+W@S2W*|aaZsy&u6fCfVs3N zzO;`F} z_u}8^82HY|f2cS0(vs+|l^y6~5s`;*4FsSJr*C=C_Qkwt z(i_xP@6)VDUmnj?X@Xf2oS?Jg98>svPz2FHR{G<(uvc2(gg1PnE*hkn=2mh&U>2ph zqk-d|9Ijk%msmQk+yDk|m)F!N>cgqrLt-k!QE)n>V9uqAVal;0k3F+>>`jFMBtU62 zU#}W)v0>!#h+$Vn#M>rfc63v!F-^MBLPQ3U^IZhT9>pU*piC{H>?X9kLoJA#b#ac& zNI?BiCe_A?n+BN3{BjFmUF2}D3-xXh{6t&p$I6tq2}m(x5Dq9UuJ zvx6rFh10#Q6qsEe>~&xo9X8|)+av{O{o{yMZ}7{AIUZ$?E`{AETU^YlGF_nfO5kmR zt+lp;fDAG?U&trvYo-Y>0vxYm;w zdC1M^CIs;IzWVIcu;Fs1j~lRp-E zyzESf`cB7j;1qXZA@}prNj}&`*JRAg9j1wDfB`@ z>I9QO*-AkA3)k;E2X(~tWg+=uoI5MbqS^MN70%WYd=0XM*7ci6011AV6MH?V3rap_ zGc513WrY5VU~?buOv?3l)iY!l@#J(J`^BqDu#~-czA*wr<~b2GaLPP9S>ab;BHu;N z9*m&IcNFd*6O5<_CetrMtxbVp>-;_|_-n3_1xmzf(aT;p=sLJ6m9ao@D860m*4CVW z78_t(Fi}WzzOFYWD&d}2Z-j2fTk!7XMy`p!r#e`g{=cg_==$SgEPrz``r;C9?#tOy zX>(^>tpY}o{>{bsdn*27{QtM8_`}4&|B#9~162OO8OJ|V9RFW-o9UPO<$oH16^)!3 zz4G=cUQ!IQ%(rt7qm!}5ZT4UQ%)%py@U&M0CCHKZDK^YPIu6d|8s36ewBnEBojX4mabK8*O~t<0_%5CRR)F{ z9SijP+>sXxf#c0Kvg7 zsHafJvAm3uYn~G9XohHJ?uHBb&@3718KZWsCQ;h7qnR9#Rt#p4J5H!MNw&b#cGqLi zRKo=z0u77ZijdUSv$XNO$r4`#2{xXW-Yw&5zAVSzD&CUw`N_~P{TjcQx3eQJU4D9v0sig9?|m9S4SbKUyYp+GM&(N+fo7A3 zVjHUpJ^!Dc*)I_SzXk}Hprf_#negN5prveik?xOqc5z`4F~H)QLfeo9WK6MRJ)Vh|+L8G-LI=(7O;&1evu`>JC~ua)FfY#P zqP%xI+YZx`dWP~h{q=8E&HrMb{9dc+Suj}A`$gTKrO7@!q{B1tsT)1i{CR+Y<__%C zF7Q3rfTd_DG|bV<6^_szwDt_ThpPUdEbrmYU2%hMsa-5g&&{wLk&;w#ub>duB$c5W zI$qj^JC~&QOhXX|cJ3f7?XIS@{G>H$*_>Y6*8M)f+;Gnm9JR*B#d;s%Kq7y&p~N)n zzw#;l?7D1Bs^8j5{0jp9mv;Lvsg?#^aCAYQ|2a;*vljIEm8}0Tz)}9AV1XZf*XUA_ zEYED?_G^D##Y$Gm`0i1^Ng?kpUkkDsCmRrR?74dYw_l=KfS;-ceIq>MLvFBQ7n@Rx z$5+DpWvu@FjJ{6@_;1YU`-FhcjQ)W&+&fgC>9>Y}7?rl04%^@?Gxfym({cGFxODPv(bN3hMpfbPd>jJ`m<8f7ReJN%%7XYSQ9@mv^|9Rf`WTx zCn>GOzI}czEy9wP4=XB21AcfdASWYcZHk}qELmxld+Xz<7Nco2v$DY}HKLQ2QrQ#q zWijfXl$GqD+4nq$3sFa*f|n1F7`QEfgp_x@mvQjubd!*qGt!TDkl*Tks_9CFwQF*q zNkiV@{$^p1!XCFvb95(Mq--MK7YZ8NDLPDEId(wJT*)$O*_|5VvfhI{nDEuqX*;+| z_KG5yc`2E0%!3Mls77dJ)*(uE4PKh1uiQNW7e&>AP)>!z1-u}qbr4m2?g8p~Y87wc z^~6pPu#HI8)l-c#a$Be0*ROzAr9Stc+kM7ytc!F|)GH;JYFVVB^#2P8Lko zdSniUTKmdDp~g#ME+o`e8yVJprN#0~Lg5TjzFT~^yLXqc1BGT!THw-j|A^pJs7_p4 zxFsPi%*JReQdInU2y1eHL`%Om8f3Mnep4&n9Wz@4e<_Rbk9th}-q-IK;i~E@^?Wab zuw0BK>0G7K)IRu&R7(Y$69l;yhZo4WAKn$uCdak~A<*s9fX))MsjF>r zkjokvm);G-(+-o<0q)9UC|>xx8(Wh=i@NJN7YOR3bpsNHAcMYM`J12MjtE}^GcaWj z_TQCpq@0`-`&PA5Y^WDQSfBF)B$X1ZU+l{gZ!Ns(ELu4}kY~%KgeG6)OtS%p)3A6? ze)2qU??ISJ^7e==c#7oh_8$FfsW`)OE*o~BQ`Kfts6CE=;NPu-;@9yBH1^}wLIo?% zD7xPFdz>_f);;COz7)GQ>@~X8Wu+0Zy?g!O7nZZXo@4XkZ!28*^}Jq69<9RA6r2oz zeebjxK%CTFuQvcZVFe9zbNkK*U{Qi31johcI%Sx&cDBT>4#ILW-X9|8WXBkab z^kE;#Yr7cy?8^P8xMac~3jQ|z3sqqyj|qQ|z4aw-tK?r+mdwxbZxi_6;qdSyjX~@W zIs5>_`(JRl`VTq$xys)Q671aX7}F8lD(2hzQ)W6q%r}r!zpMWD3y&v|awz-ndHma0 z{rg#c4*~wK%<40#->Hj#z~!(w*!O|0-WZ#X^n2>l#ohrOed1a3oD}P&)G6XSQ2ia~5m@1w@z)?J+Y%qqLf8fhiI(huFZ(FR1_F3GI4R-8`4{=7imm1geXRd__c2#m?% zin6iETpDoIXyZb~E~82* zHz_M_;bH~Z>uCXqqRqxh`wlJCSP&vR7vrcHs z*-vcVGu`s;&K}QDG~Hg4OWK?@PNN;ddF?0jl)QPE2;J)&s2JxJR@a3X)%MP4YA%&j z0HMXE)6AN?ybXF5N7}UgpB7!d{5zlVqfs+5P~~S|M`c8JeeH zN+vxQr+9Z~JN0kwj(bo}fCb}S5l((FaI$MGOHI`6Pq-ZTJEqmoT#h0_(a%+H%zd1M z+}KL`xMI4=$;!X^(|_Y~HpdX-wXz|Ljt-O(m(#+8jId}b!4>ycDD{E&#zZo4gCXoT z5i)9EhM%d(+BMQJVJdEjpH#_|KDj7Y&N3zIc%ay!8jD8ynVN%nj8|kN6@(oz zvcdaSf*epqG;(WS1ASL#fS=iyMD<}AD?W~t%ge1zkm$2qtUn_H56WTeBjeHcfcMBJbsmp2WB zf}PEj9}=AD@YOvzjq%NuXbraL)Y<3j3%yoYP2U|Rf8U)9%KdeswC&l)resnKm^4!o zYWe-vEe3#iEfM7)>ApNWJ~@~_KK+M?_^n5?Zw@hx7RHZ@nKzLJ zzg9u`+E1fd)q_M%MX{^4^R1o6r`u>WSe{)VlW=i-#d!Sua1o;+zjCC)Q%W^?Af>k^vI9(4 zDZ0^F)bF;xEr-$V9*y1)dSiXAmQsxBrWYGt2D-b68hni*iVcl-rc?M8a-d71zYYJP zg~Q0AJ7Dt?f{pp}7Ej=t>K@~;nKwMW%&xX6`=gB$V%4b;Lx;JapE_7a-aBYE73Hca z{G8@qE4U8LT9VBT_$?$!|Kh>W(lv)5HOqkz^-Y%o~FAY`__E5pstRtub_l0 z(sU_$NlN4%smFGCL{0>&mgG+_Vq~BR=HWM#tMDmr@ro%bp!asWn+)QOig9RPItGGY zSIyhGIN5Z(fV`$)^RS z7wY_uvuz>X#(=>%IAPGb3ttwntQgOt!<1-S42(-r#kX8K~jKECFJE{avGQt>@6jj%({Dbn+aJ-Q#a zy~Ldhe(eU&O~Au9+oXdI#XjlodqUemK7+ma+S;U|{_R6Pck>BW7f-R7@~2|&S}gR8 z0!Tj{qIhD7h34b9+P*t)<>tqy|L{e9l29Y>(@Ba0KmF)M_Q%D*%pzyt{H7Sirr?jo zPVFbLC@Ap>j-jlDI)SbtVUeUn!`@RGiyaO}yTiaBHxCOjl5{h!yjDQ*n$B}!2gu3G zpL!TW!Nl`Hs5=`qQ@hbWBL;<>Bn+I5*axM@dPBkCi$~|T8W*TkeL;PS;ZpB!uF1Tr z0Ah21$kYmwTY)-oMU+)qIq~(M1P=?wm-lKE6|eyJNbB1+rghecL+devM!g)CYgtE< z6!OW_^w(QIpCd!U390Y~t?=9p)?C^o?#b9{A%}-=K|o62z3~ocXkwaKY86>>dP?`$ z6W-+8$LI8_TpRp)ef8b2imP|){nAeO*`LH~HuV+waxR&G4Jg{tT6qVWuACF1d`qvj zB*!Y8_mJ{-w-{$iWP5)`L{*-pjFyzLV&BtTIx}L~Mx($6#EEPYA zrKrLvACq4QTlOjYh001 zoY}Nq`%OY_j0!B=<)RZnu=lgU`&aB z6+DDhB3P(ZS3H*K>~Ky9^YbgCz^|T-79$D_Og-`00%iITLKB_q zDbD99E_3wBil#H9I(g|OI%Q~ltLj_yItfUaa#xr2xxFiysz1?-QE2F$N@Y|x-ENeC z`Bgg3ep&%tLKHm#g8I9h3%6K&Ca#P3jfGAk@XjS$(zn%NB^(j+@ZiwvE#T_!WjtYJ zJy|jT>bpzQiuA%v`wk2!w9&&j${ujeVvb^LMs=OQG)pVjy7Tm$Vh4C(lU2`pYu1;Fy1s>KKW^E| z-;M)9nuTyG7<^BDrNwquUuS324YVR&K$c9TxYwOfpEMhE?AnLA%0zQ`*EPe4#4XPk zn0ld5F<%}1V!zIBtk#a%>F9kR!D#CV?CL}SN;|J^J_N&#kzFvjlIdJ64IUb1 z^q1m99STROlWJM3c#_xa+kpdeaGoI7h4-t`HREvW`HrAyc;W%}_6Y=JxtYGGl@}bc zA39wrpwjiV>o=h|3NXGOWHiS2$~WKkdv`cH<1N0wg#EFx&3$wXww($w_W_C-8Ko5= zrj5}dJ+-hnsjNxZ`-bf&&plIUEFk4AQWy?t6{e|pZjjE*$bP11VWt=Dh&q`kJ*m0} zB7sQh3df&dqUljkXH!6J=vDMbVlKGoQdJhFTwXb9i)Q~8EE{ED9;Dxzgqn`f9&Gtg zZ{40g#Bv98hNh^2t+2M6;j&r8Nmft&D4=|FPj)pIJ+m&@8hSEopog|-v21EQhV1&j zd0Hfh2ZUw3XY#E2^noT$xI*3^T__PZ>=97w1WT7x%sg6NiNyBxayL{$-tU)?B%kD` zha=pE9Elck59bEtciT&Z$k;$=AZr-x4iSxcdpsPx!@cCDUsKX`Rv|zx@9@^gZ;;k- z4Qp=`;m~pdOV3-NTeaWY&4Wx6P&h8Zgdx-NSFEmymd*al6Rk|n_TN`{q5ega!2i;$ zVCE0^55JYFOFu1idwVT|l%K9e&A(%M{ljxBYW~#+#aPU5DVB7p2rk&#p)eFZI1uQ8B;i$}eI+^(|LzE!e#&mbi-K*D^Gx z%5U}a1;?}~K1SRnFHGH0=@)v3ToPv|lJL%?Pn=#fs*v@WmfI{^F)mwB7*&V!8L` zH*Ya-P%YN-g|kmelLf_khdoclt)~3p@I1v*0OR zcRdUVL7ES6zi^rCc6w0@&$mvV#UZ6S{mQYa`hhAD63g2S2s&%Hl3xIcqW!Z^Qfz6=7py7?) zV;nu@(su_8#IE*1KE63%zWQE*KlZ%j=uS0sibux-nDm+yP_e@TnTke1E+n;rj5NPjuA6x1$?(xR;?655VyCs%{pn z+cWCHvm8>W^%zSLd(~C8L$6y*&g@bFLYQUQTUrc3$RnL=?c{cfmeYuiy7vCyeM%r* zv(N%am9Or@Dm($QVq);5?%}}dA}QWIxzi6CgvA6<6G(|n*Wm{`K$a=k7fpB6 zp_hgLqzxR|X0q*3Xbc3w?s=@Dl)pUeu|kp)%`ZmP3Ag{|A^4B@ntc2K?dwNN1pPUr z)MazQ`r*zO4fa=Ie56MMEyf?VL~!h1S|T{?`qL53QxU*<54_=>!favrLlsyjo*=^% zc`6oqw;@K-Qsk7yu+Z%z*SnVkp zrGoO}(a>+_mGbKaT<;GmT=f*8mPC)W6)DK<#hAi!8^>!gId3~+0k{B*_jQPOtnow{ zyagKiPUE<5Z^uo4Ll@g4)W_u_GTw+GIZMP9-99N9w0-(^%;~P7ojss5E6}L~Buxih zkHzgLLD@-R!bnV}hq#}xNVui(jj|@S1*uhkyr$HBC6EKBWHDOSZSE{E5IESIdw3T~ zb*+FZW6DrHr5VHB0(-~zMo@kJN$$*w)@}9vCzX_$GP1|b#j^6Ez6gjb`#Vx9MC8in%E-Ihgk zAj9>pn-rU^R}%%V$uqwJ+7)i%eYQ!BxoUCyqE>tq%maS*vazEg!3OdJ9G6^v-OF32 z@x9-K_%*{B#xquQobB}r9n>Qn7z_uV`dYLup-a`>6j4=6jYNOn-sVgp152I;OGoR^ zW=F^5S~lcW9g9)${RMHM^n?)mKH!SZ>fyPR%CL#o=`;dX?AsrY`n&ATVa_(PlW_rm4fI^u8dQ#JOH z=N{i7Q94f8`hMEod^rSyfY|yEho$y!833m|jlX2Y2<|L$Ur%j6C$o0vf+K zpP`mZ3>4AX%QJ~&{GdyDolAy7utOF*5{ZBB%5`}h2et5Qg(R)bV2*2 z`+D{1I_#MUQI~nOozYuk)mvna(xkU}Ik;i~4uMCQMmdE(i6AUiVvt#Ay1rm%I zqF@Y|<4sUhXGvy(3y84~ke1Dxxt7F^f7HfRb~dZpU;V1drYv^1m3!ZWwC^Phxpsx@ zuSsY$!$dzG@Bl2f8Pem0wcgkKI%+vabQvlYH7+f)IA{t1b7V-_W<-ws|%Ihp_L3Bq^TUqC4z#+y{elViEt%B44&Cl zw%%D%d9$FugK#x%xIwjJN({R0B3=j(`HSbf6rJ#kcdhN@ou!t$c*o6maR}s1D&5j3 z(_F^UZdXzBw9v(4k&5h1-M2Xyaj(I;Y+SnRTx(SP7o!&2{cKZtS+;hFs^r)pzdq&CTJbYuw05D|8f--}>lWsJ#R2 zr*^gfBwywi{jdHA$`bgNneYaS@2BeUByTe4AfJ`ZH2g;}>kd2_+;wY9B{8g!$>4j^ zHE7YDo6rNu7QH?7On==XXfV~JFwL2H@+TrMvOR_RkV2Kv*g5U?pob(6_0l~=B}VB6 zT|DX-6@t;rj*;N^LIRK5O$kI3)h(`p-ZLd^g?_uYP;y$azKVk7aib;@hnFge-pH1h)T6S)}1$#txq@c3`42^yD>Vp?NJD5*2ALi=^OJquL|4q*GSjYgOg^Q4wfh)Y5%ZzjL3Xh^yW-3E#TucQ z(>->g-9xKvbu^G^dae8(VqN9r-S8s&W_sz@rS9IhL+J&&pTZpth9@9hg@(ax)|TC} zxmG?)CNG8dh9xPtMI)XE4PA(gx-h8xjPVGIMU_eKu-u#mcHhn@S3?|Ht2>f$9k36* zy(dn0HJ~TOM$0^Ras5EU_bBl9vafyeAwSgeZ54UA+kRvS{=Ugc7~gI*E0xe~@E*bA zn9q&p1J#7P9k+RHp>uej@M?b5ZyI`KVPS!Z=UnEDIu7v8lP$O2!*6>U4kqL<#^Ce8`_i|P|J{a=g;qfcl(qiZ4=lnlTLkpT;wOi4kt~6 zz(;u``&Tvc_Ha_Y6R4R4wiL>_3-+691srux_lkWpxs-urX zxmUrHE-3)K5xlt*oCh;LBkBpP$Fyc^tss zeI9@3aR7h!dHkKn0eqgrKk)6*7rD9eXn)t4mGy1dP{$Jk`{o|D;~R+WhO*2TINyn@ zZK?KrJFl@RFIf(@d&rXLUQc7iQAc@=u0CjaE6*@^xB9ofyq7XlupqC`mub9YB~bCx zHeTrmNEOGT&RkU6Ao(Pl{||M4vh*mHbPJ$!o}%X1xk5Ao26sT;gXo)?0ExZ_(LDV{ z(Pd<0QfEXcVEl5`|@)s3?F&VwCME4>0JL3tNYa;I0&K(_UX#j z%)A*jEC<66$}!UB2?TC;%8Z^@2(`iXr4X&IPW>xd;A3qiEY*~Yl-E&UDu}2hfp(=P z>u~4J)*PO_KcrjdKX68dZcJAODZt;&*9Di6YnZ%;1|wzW)o#<&U`qf-Yg)pbt0PVy zMNS<)dnHOrILY~&B*mpiG6w+%wCx}T`gYb4C@?=HRC8E#NP00R~q+Nrw0@}ve_#Oc1(hUR48H5jnQywZ*4D`uPYA-=3|zz+E@cxL}LGyd76#I zf@bs3W^S*t)S_F6MXKV^M$Tb{;Gx9PKg~WM=o^M)ptQ({?T7bBfq~a@i3pFkUN+S1 zLLG%qW_pa-pywR-tQk`4Y)~b){hB5zU%e^|4zv5k_O}OUP{B~MNMDgA6y{{J0EHgh za*eyKLe;4+Nq_LdfZjZ08*GyuIHWkZ(jqvSG3JFtiuj7EM9wggZ8b1gJvI>XJbq}( z=&>gNyEsicQQKE zP!3S|4Kx49TQGxJF zHom&eUZsWe?$!Ig=-!}j&6KuzKo&>ISCId(M+e?9ul=(x9bMGJE=*c~i~3M_<8BKa(**b6T>`g3@$CC$9O8IVbo zDT$Gt?YDA!z9q@i&^}plSWFO2k?*j7v51P9&7cdmG*a}iLCn-U5fAA(p|12Nn!{)q0N6(KDd71O*Q-sZ+>4cc!u)f zKM3W(e+$}tLOJkPvD{*5<~y`8{=-lX{8=owT%G-@_ilYn!h9+Kzg7fZH8wdR&gU#J z*|aYef#xRx^C>(092$PPxMq*;mqWtT*32&j2%p@D$gL5b3g-%2?Wa|Dzgso%PZ7vh z#rj_oGOoFrKL%kOvlRK;^hxlCJ57f$Uq$})^Y3}wd@BCDBl7t@gtL!!{&C(IO21@z zu;WwYXMUSR41Af3TvD6<@2dV}B{QG7nw=p7eP8 zQvk2-iHEtIZ){b?B2HVwx2nHCZ+rSvHvPTo5BQY*@v2!cs1nH(XSC|OV&Cuu#FDJS zs^OQaKjycpzn8%`650)0VLhIGZ95bo6wgE}-zOIKZ^QG2(wy$(Pt2CmTT0qKd+)K( z-Y-G4X@+DLN;$`$ zNFpi@)qa2dKbHQbF1YcauRWaJ*Zzgyd4qJ15pVrnZ5_96vU`=q??W2=A04PCA1NtF zbGTJ!HS}w5$S>DQ`u=BqvAxD5-+k4`9H7(Xd`g%z7xv0D_~LSYXEGKdzte!)c!zSn zyCHz(YR9dT@AU?u_NkmGq+g#8{SDgOsgFWO)-hjTj)HWuc!zlQbu<_{0^Xh_IgTeY zNuZUqEq5adId9h6UffFxi>9%I)LCDdFr7Eug z611-gFE8Ai%bV&=7hSYH+`fsL{r)Pq^?ieSDT@zGW1CFD3mXNICb+p2c5y5$B^oy? zT`)t(ico+U)fULDgHocQdG6j2TjGc+!;L9cXz=( zM19-)6B;vzmTFdHbb#8M4E3}Mr|%J-Hy2LTm68SJ6Kq(>u!}V2Kp`Sd>LR~=tf0}b zPIR%J(uKe)LB_CoshWalwv;jf)Wn~##Tfj1LC9N)Y@o}~SaH|0!oxrbsWS*pBOGU2 zWfP-?pf0scrv;6eKBUYMeS55Q+Pex%mM`EML$-LhZ-q`Ls4wY(s;d;nL>(WEk*}W* z`Fcs_hrF2)tvFb8pP`1d9hrNij}F=>5qjiJ?6*eEFF;-{&sU(dT;`$v69U~J^O)7R zmnrq8V+njhU1B2|&%F=fw$LVrY;1+t$KE<^nG-alQ|pzVH+?ikV42R4#Bb7!N_eA0 zWGD?qw>Qk84rI2Pao1_A`4D~j#l`CwuYXznprMm6OtlAo?C#1KXrUA%$A>9);K>-zZREjU*V((k`^w*ddc_7-gB z+vbVKHAeAAcACsi_aQ(oO&tH#P}Gd0Jc|s6c;5$}HCa^*g{I2ny^=cr0{ui$|G%f27MAZK?50dKyy`Zra5Bb)jXopNE`r6@_QepIu_WQvIy z7IjFdtlec$m});1W3d<2%H^F63T70*9i}108u-)yedFb?#JS2}|pWbkh3VJCkX% zCR;$}3Kxpb2bCq4^EJ6=fn}k=fZ!2Sq9dMN?Tq7&b)zu+#OwQg%aU+wFHZ|aFN%zE z^aR!(Ya#FFE&~l%1tv+x@bv|BVefnCsuUP6+sX^s} zQ(axvlUc{%B8~nQFW1#HT`hAfUiJ(6r_X#T6IqQfNV%*|_~?E)v;5SFXrJLvEcaDH z?K5ZXm*4((za03_e*1qGc)tyy>9Y$-wIsS--Wt^lg5M%< z{Ee7{DLs=%gvpOCZ{6^sxZEp^v@QuP7Ok0NgD;1RsFVm;a`#&in+5#ehS_F=QO zfigWsB~^ZXWRP56n?98o=~adE8eg5hehSO_PPtB-0<4h6bK&(Tr4l@BWh-k0bBkA{Gcc{ z{q}mb4lo-{orFBTR+v~10i1SzsYsVT6K=G7^X350B`{GjeFzu(1)}w&Xf$rb#rdV& zwkbi1>x%YITT=uXK=I8Rn3r#ZusMeBTey3X`pB+GG6Wia)JO76q37`qGEAwcunBK4 z20QLd<2@YN`{bb{Nm5VuigFB4*KkQgt@r722d#H|`kU)8(wI5TU1FAfs6yBy!J(1R zeN%hR?jXsS016h`y>5Hf2BDUXt0Tw!;{g;J@PEd6zIHm@Q*wJD+)eJ{ z6t-K^g0n*f#Zc~Njs2R_lPD9>Sa;RdkURfkcE<2gW2%!6O#)@QJbii_KEHNADq5>i z5bv+eZC_`uMGZEm3|1#QStWvgsK;MNbQ+@-| zx4gD*R#^-Xxga5u)^9lO%43A3UFtR6Xa<89LQVB_$b;SIHC9szv;4@ZPvp24TH$TsrEU3umG}gISq(Hzxt}5`*y7X^#4) ztD^&$ulG&sx?$cIfq@&=P;tE|P&H9tUGCLIe7m%=j?uM$#__^*g0WLwP^P;>O*0gMi+=WE4^HpgD#U1B`z} zdT=an1LSGK*|vq|j2KKq9FVrMzje6fxDTCh-qm9oZs2Yp&1HxvyMFk5H=~!}X}u+54d-sR{d3qR;rpBQP_ zo8dYqD#J>R()0x3>~%`c&> z`5w_f)4yH^)?7-e!_YU47S+9}%P8Lev>T7YzO!B6C*j2V2LgO!yMpOo^JhaYKMhZ0 zxs9e{pTB)detwcE{oW~i1x|0U>*XIsQ1#!0QCGwHV{7qmxx(&~E1biie*6q;-(+kZQm#|xIBU&q% z)U)(OxU5y_F3_$B0XfFovt=b0yK4Z$lx4#Ncj@L}NFh2e$(2X<_DG$PVcp$B z26UUh|$% zSkM=q_xyal7DYe)Y>Lc(*N5$Y}pf8pthRluI%uf zxt2jVJ|tXJN-9$*;)GF@v-JvV^jnfn%&iJ>Zr)j+oRynaqCh3akq=!?%AE;%g=lB! zBw3jntJyrc1T*Q7h2^2Zj9!PJ6r#0{NORkGFfkaRb>1ZFAiJhYW1ss3bg)%k1D4e8 zRccD`++IHyauDfiZVQ!RPAWOkaRWcq*8myj?M};1_$C#iT|nLRd#-d!0=A&ASV@55 z>W6Yick2W>i0`&k%i(Y}A|g5J(HYA(tJ(p~GM z?^hyz(=)g|P`shI4XECP>Rs%|G}giG@qV*GY!L@l!~!f9YFnR@KE7-obzNT|29g%|Zf*DJ zG0;txvRX#(UM{}Rx1{U$xTB-XHMxO-yLS-w!VRbk=UNAni>hT-n&AmDBKp#vqy?l# zWcR4ty~O6s*lXZ%LkM|J?)r%YE!XAM5ErO`Y2U7!9iyh?_YlcK7` zt+FdjAA2x+pWuK4LjI)Hlxzw7!k4}rh4^Eh_1gp7V}xQ}RN%QtDz~yLUP|A_ICNiY zeAzUueM0Rv_VyLZwsa&#De-}=x_4J~YMRPhgP~IO>%Fkrsl7aDf#@3K;1qb@vnHOK zdUr<2wDgR;G8+H5?XlH)LY<;mFAcEopJ1gVCu#r}uI$>n47uwD7nxx6%|)!2(IR-2 zHuji%r96R>wKz1FZt8N;9c-u-Dt{Ys*+@);^10Xt9%ih%#ByAknLb<|e7WoWCCb>d zZuOw*j8R_tM%1yF>OhCup!B-$XEa1N7?iq*X-Q?o-f(gw>COYf{D!nRN=|n3j&7Vy z)R`%G8mrL@Ds(N}s&GJ|w~~2jX|apjNg69r7haJm3Ag(2Io#mzn^FhTh5*VV?N(t~ zOkL?_W7G-hsv7bdHTl$eY9Uv~MM*;rJSk%(Ye_gl_{G9dku1Hs*EPj^U#>iCP53P< z0NHJvc_t{H?88@$ESt5gP|Cj~ixt6_aXWo`OB2C%on8)lpX5+j{|R|O{&C=?=TF4( zmfr>5YhVX@6JCsUdBD%&nP&Ih{&kQ_`CHKa`Izi~8g!4}4%FQp_-_T>Ps|1WZO}dF z=rc3^=VR;d=eQ?c6)8xfXr>8zBBFs8ak5J=qlIfM5VcY-1-x@hX{+<=wkJV2G|($S z&o>CmM9D!)Q{cj!NIM45Z?ok97Sw^5Se%-Kx z6Jj1+e=W|)beUplfhxEYEBki0J(2QNjr8C<=l_Kdf#1PJ$f5g`08fEwOswS>&158# zNvP$r)$)GS?{?gZ5uJ+zG`Wh~0{^!1t!TqZ$zLQD6AA~nS6 zf-ImIUh_>#CF&*^WK+Cwf~}X}*^zzH(8Hj|lAQB_6~~unX2wq=K@EcpP^$n4gs!w3 ztI7mq5O9VTKGctc#0(!>(W@LE`~O-nt*9qSPx>B?iH!5%(tM zCNevx=rt$xe-^YV1)S8YsQ`qB3Lr97R5(mHJW`lBdj!(pmOLzmI(k6ma~{Z}o1E&&V8Z&ObMDA!z%Q zczmzIP(8~ttJ*c)>0CWOr#9_4=N}hZKf4*f-x&CI=l-)z7xDH_@0#{a9YQ;}O)K5i zV5O_>c%M@%Nc$9m{d7%}MEh4}>bfNtYIOL0g!tWpz2ez?*{&MHdLEt6N^_;v{4N)F z)b9C6#z#=s5-0a3wx59n_9jV;YKgb%2mGZYad`MsW(IQpDUM5;YkqG3nzY`zz0dTZ zA6wp3hZ?_kE6V310=_(>A2Ye;^9Em(H1z2Ftx?eTU%%yV&*>x9&YIu-)9mpcV|x~D z@AQ{11vnp`e*SSB=ChsY_cw;C&o-Se-|#0{_-|w?fS+|LM#NpU+kihvBT{Jz$v?6P z*pq@_yuDzvSvxng_9EuG)r8#HdiCyT(dq7JW1=&<6TnR>v0}GJb+})3(4xvbtDm8M z6_58NR!V-WV{|rP#Zrth<_2r5 z3bj!P@}x|aP=h7d8?0Q3+I6)RXNm6gO^)e$FS3wRKq_Ju4o#-VrAbh9<2Fz+e1;N=hU*zI? z;nzf-PNwf_%&YE@`}~He*6ZA6BpB-+&}&Z=!64nc=ieVY2JzI0+!t|R`-!u}}v z_Ycx{#V0R?{LmGZUS<140 z*&bI5wyV=04Ik6~9)Ad9Wr{C3L(>%^Rf!jBk#xD|kbR=4z9-MC-)nEP+L)*Ij zRjlG0g8P*IeZbmPbF@wOz5zH#I?n5-8?Ua0*R8-`E%|@4V&Jcq{BKt*NzAVf6ZqjV zvoFFv%om55aTNT}d_v2iRD8zxq3OmNf!=Gsh7t+qxy-!0sJV9qg9mcS_BR!A%n6`s z-deYo^gWx~U;H>h`+C0ELg17_HzW(^J#Sg=7p+9jlUyszTOEslE}gbL!_7i=HM|iO z$0#?r2aMr9J6*o8zxGHJ&V=wEZ>46m^c*TM+eTs4dPq3+hgi3qQ8<&YS2Q+eEktAVN^C+d|= zPQj8LRSbU1;8*l&3VB!^$CLq**)hKfhlzg1ZH~dM+c%mkzV4SdPcK9~x9GzvVDd^ zurT2UZ|uAh&2HCgt6K;Zu6F}(vx{HcP;sui`;ko=VBKEzeJsdV@{IKdo!3WCr`AhT zun19lDHrF)OAESvXoUVwFTS|eL$jz_f(Vt0Kz634j>bh#`)Wr33%}$(DR)T|7+i)d zgpe3;>u~4^Wz9m?kt~_4Jr+pIZi4V+NS3wafwLqv;?@i=PZRTAB?@#Fj1C<| zIg;8=Eg>)Jx^@hqlb-S{-%op5J4!TZw_f9HGGEcQl1UUmMC{c8X25m%tSJ{GJo`p( z0GW3=O7<&V@F6cf`4nk}tgU``c=S6$V5qVwllrj~k1jawY)RIe-AIqTwt#=cpZ}z` z>C=OE{@Aj;R|fRN*7<5jv-=bsA-smJKXK1%=?X0>A|S|j7qWd$>QKsJI?JtWz~qb7 z_Ie*hI*c0DN=cq}*}5wj>;il`mn1w|LpF|lP>Z+FhUPHzdP~f zO-_JbFve)?R6?#6sf-30<4++n^cKN@Tcq~1j+3^3C*s%SCXwE%P^!!)01}J-NVsr) zU&mcVni>tEGg3Btcsw;7_W4BU6MwDu<#8?Vs+a=cecj*3Q^3^4XqXgSa>7Rg$|AD+ zOZKH*-osGq?AK+bZX7;5oR@W9Xls>5QBg3~P!fJ688Cfa6cZ5V=z-v=a4{YNIK8tI zn%|OahJ(KqApXpnhvJmoDjp!U-=KEMw&#^(HgD>YBv!8JgEt44W&xg%IyfQi z;`)|C(qirdbv&zZA=fUmY72Z+#72ZXXtpLA1zL+w5wS>k&^u$$C_+-wvNV#C!EvRszjT1P{@M*w6A2tv^9AAiK#oMELVh-@)g>uL7dWl2c zOySW;!uSR*TyCUt&WwBgR+~`-5yXm0t~jKSdNmK0}ALn2Y5WFUUr9i-`{D`gd*Q&o`-NTe)q)uZag(7yadZ&6Gh`5fdCKV*QV=f20#_Mo)B z`cowEV*eyDQc~JCB#>#eXVp)EKYkL`6Hk1!1r`Gv%pFu5lJxqs6n z`Scl6?{Dl+Q@)TBtc+pkKNPj5Z5R69KoEXv6+c4Y$zeDe_O+w=!}@-@R?@_u%%U_j zYW+%%sg?Hx4-G$qA-Hdoc}`lb(NO;WME%c_f1}&oM`Y_mr`Q;g*YnR;rNi>1pA7Mp zhn;@dz3LjEHu^iZ|HB~=yzH2NQv?b8q5a@q-I0ejzLK}8yicP;{RZ37cxhibdhy@A zaop@0wl+Q$A6t$*ka)jD=U*}}48ZrO8cn)i%V?0Hf#EHeoj;*#_;w4%bGpb%4Kr>t z2YLiU{+1R2D}tuk0&*It7AInDJj}G5A)_RKJIqUXOtCx-nQV0~M4b&>it5V|A3>8a z3l3l&?0Nd8+Z?+sW(X~Z&!xoSH{^(b!>$fdyJBHK`q${hKoA#A&W%7i!Qxs zXiv7Bu}PsS#-zRQ{ixNUy`7vAcHNj9*Smjf=uZ`fV_&>U1o04|x%la^jXB#vFKwYom#R5RarNTS^VA zREq;l250(=vuw)_x31!4-7`*{Z^-f0Iu5{-I=#W--%>SlUL88y##( zA4s)P`zXO@tFV^s)`Bh_SFhS@9>kMN=|p^_4T=jcy{^0Qhz9|uF_?yvgmcPbMmR8X zUqDgj?0psZ-hH-r_p!eXw|LxByw$Vmo^|=oK*y+F_yABqufHs+wp8P4srkoS>PBpMx4VlFa%GEI*udK_-U(rY|9kM9XoXpoKaBz04oZBtAhmUHn zr{lSR*V3U2d~jK$0eFrklq^&!BWW`C?2s28HGssy63Z(aZ-sP!!?O)N zuu0*kz`TP*UQ@#v&)ipfhCcdDmgD2LfylCzfVTOFv=;X*19j6I({l2$67={xQpU?H z#ilBPi3?p&Nhp^32H|v&Ri_^n5j^*zN|n-^(`F-%4Y~}x&p>clQe+zFYmK{e7G^)~IUo8791#IqhkNaGV0>;`hCKRrWiusPwrM%>*Yw zk6(2O@Rx-m>^zhbc%|zAmk-jZM5d={ERgZ)e~&#lhWW2y59Z4Vg8avncqx6xubtpK z|CaqS0$ln_-0@BPXbNr*ruD`vWY1=DcO_SgtQLxUGrq^fhW-$km$(`#D3I_7mGmTQZ|KS9ujLqaBM1=ubblPY9YP#lB*=uT4_!z#h$eS@%c9F#`5vy# zmw~xw%(J1vw=P0Az0}Sp`1_JX)dKQBTd~9CAQWY)_q*7ku@vx{5FD?OIvAz}~}{@qs4@@t{pOReH?W zYcn4kFIc0NNG4q@IL=~Vsnb}CvF4m6CC&|*w2JtCV?b$@?=umHw8!)nm{HIHVE&_= zZU)|`zFMx;)Yn%KeN!SMkk<&l?acqx?t^oV>97bX(&y9jSPmbU8$R+ zTkjvsIE~?*wDf7uU+w#}-(=OlC;J%e<29BLCg*QcK)xRF{x~twzl)mxtZR_D^(R3n zozCEE{_@j!@yS)9nqwaN^-KP8|8kA}aqTa+_kDN3e`9;!cL)48w)Z{P3H<5l&@Z{p z@`!5F5Pc_MgW0GBxOop6^wOPsO}^qAsXE9CBV`WcLl7-l9XyO{a35Hc;RF`jb6Tb^ zWs(ObWsP{yQsp!)FXMT?Z!RuW4b*Jyf=^`Ew&oz*LJpx{_zEO}IIY{!hc_wUW#lcu zFDLh0hMFUJPqqgdpG^HwUVCcd1t)Z^il_rQ&(F1bb=9_4dN(rn<9_EI1Bh0zJFc)V zm~Re6)NxFCQnX+1YMIRU^*tK5%RSQ(8tOyNM|!YVD#8#SRoLA!!^4M^AXAEO?oqLV z0DV(R+77Kp^cwOwx!2jO?i`!DYPS^A8)31oz!31EZ+D%jAm_1*)~c-qG4KL;I+a%I zbKOj+n2d6Op~YbtOZXP+8Ro(mE)#Av)q$_S^&D=|q6=*bdS0Sjhet6bb;jm10ttqG zH-(yZ~jL%)V&_UH?NOL+E*tMT^qKG3 zan}`S;Y_8Oz>4L?W0FAnE%MGQB%@}aT{nQdteGpmVmn*z@5N<8k*0&$UR<^+cqUe- zaz0Yt6KSNOjYqa}kW94IV4?bUQPPFTvAoh9Rrkm}wwk7Ee^F8beFnc8 zcTc}RP||!*@*_Q9DC&VhM*m@Al=deSSDF4Qmm^qhvVccVTc7uq)+Y7*?KOdk1S}Or>DLKsKd|j)ge&Ou~gqOTi zy)(AH6n#>h`fgUS+>;B1-X}9a6P+mD=dM_42A8msn`Mh5D5>%>9sZsDbxuX`bbRyS= zorTn7FjEil?C=S1@83#9q|qTJ%lY zTFecDQ$;ajyg^P}J@RMKYJ3)2~2YYvD8N7RFlP78A+r zG(nr>43`PgebqFcXjqEM4c<z_7-w;GkRE<5J7b^e?ghneP<3*v4HfRj1OR|dix z#oM5(>A*gFknY?#mvO@j$}VGj@^GFHZ^D!gEd#FqSz`3xVUvHtPyQ2%QhyR^`40sp zNoAVE-{P5$+&@y3&$W`i{NG5ALK-W5 zrzzvl=~3P*{`XV`_)%=9bhd>tp>TP>SBMg`oi>P*h;~_Q5xpXWFBO*jQlT_Qyj2?I zNpW(qE-y;W>99VMgbsHA$-(HV9Xw5Bk_dA?edWlPw~8*PT@C4Y9nmFHv#T=a)#A7G zgI-{eP=s}#DOq{^o~nG+DdOKsumn%26NclF%@HraaG=CB7~TI<}kNcH~XkTQJSnf1!^t;-609f$$4jX=Q;ku1~dv)nARcU3oaR+66uOnrubow$7 zh}Zk*w3FX{rhWMt@Y4^!nXI{K<#(Y4YW*sS^vkvKGn0c_#UBGo(=UUQfY9HZhoAng zI90W2TQ50Bqq*;;fXeT7@YBzz?YEx+Uw`-ykxQ>khcHR`xWx|{N*?=Va}3uqbDSGf;W`S}?zK2h=h4fx zin7Jdw4MWy)^MG-(G~%De+rtk)3O=6a-%{p_Ox@|%?Cy37(@s;<2BjJTd*|A+SrGl zkaub1rzZ9)c|bHX=7IMj&sz3q#CL<;ZbP}KAec3}d74sKq?d|C+UsqQUdk-5YWr^A zvVq6my|BeyhtJc@Q-Q4Y(@<)ZgQyb~~Gf5wcVj`5@0g61*f|wAU-6-N-9+ z+Xppn&Gs3%=3Lzc`tY7M*xm@2vPxYi$7(A;;Bh>5<7rPa`#=Z-ghg5pDm;Ep@3P3_ z^ytRyI#j`q$`IW7q+7iC-D}XL&^*hmOs_U><>nNA17QZ>XR}DGA#4Z9`W86^d&HAu z=GTi6<$OsZ*R-)})Kp^KWSqdEcmpAg*TNDt>UO5RGGGhh-6fB+Wd|5l&!em!CNsQ6 z=l|9_b-g6*Ly@2d7p7-a8@i@-)3zK0+GL(E%KGxFP3Q=1eRqQm?>&GIKZhml4nVKV zOQS_BPl&_5pFYtyT~+KuhtySuYx&wYAK{8&_m_W^S|5(l##lkUuw4=byuC&7<5J4+ zgaa!bi1BPegml@%$(lpcEix)fBps`wr**>f_I)HzEqjH$pb-kUzkhcg@n=T_|Ct<; zy~LDXR@=SkmRE7z4u8AQmt9Dmj{O5?_}dTvWv^7W2lGuA$=XwOpq(hLlldO24>Q;C zWPHf?8<(Qj#t#Q?>F!cWP~B*qyvk3&=(X~8cnxfDO^||%gjw1$5_$5wB|jjb_HgQn z-l8WRvD`HZrkipYxQ8Gdy^qR$Yz`Nk%q;JoFU~wtOdD@k3|l8h-B=}R3{5vC>B*Mj zYYYMU&|&Wk#mZRg5`(P|eXQNf&IY=X5^s`YIjbRNwS2oFB{UGT6kb|BxXn$ku9a^( zj5R*KbqUSy4ZuH16ct-ANGEWpHt!O3-r!&I{{4O>EZeUj##jr&RI4w8?X`R!7c&WY zf-;J5%rI2fv>Ln-O1sk|fH;#=ZiFZnG!#gjR}(bLMBH-@bndc%BXLR2&Z*&p_>LqvQD=7M!X@D8;X53G&PH3 zqUacFi1^3b-C?bH@=v0bz~kyjZ~ry*6scLSivuhURnpLY=TuOr=O*$;JMy-@I@HN4 zJmaQP?j6(Yrx0_Yu6tS=k2AS}Z&`Lv%AT4S8qw>ALK@q zZ^Mw2>P=%LwsT8so`%6?uNJq6iV%GdR8?2EZ&0Y!hIoyt6iZ3Z^*3+^WcH<6UT<`q zCGC2#Hi_%yR106LT3!Vo#qxfO2c{!JwX+;-x@Ky?G*6cHM!Bb{|L^~B2qN=e7=p+= zKBo^)@V6;6_DSm${J|8Ay5~jxe>4E`10sO`)&Rs0q5*yyfXIHCK_-Tu@p$4lKJ^i` z;T4qQC`Mw#jN%;QB*$8KPx69*?OhRVvBLUIbAo`YDmV&1R5QDM0-mHcY5&-6>4bU@Ls~O2vTgB=^S@C$OdKy>v5m z@Im^AV0Bk>b<4jP;PL0lpcMEy!DCB_I~sSk?di;zUrO=BoiW@YR|x-dGT_e?6Zn9; z2Su%sDXsF9_9v3|FkEeSYS&8bo<74h4#_}vd&_Xn`z70L&(616PH4?^xdaO z)jb;W@2uB7;rKV372q#s3;Yi-x%I)9`|XE~1}V6~^-$s-4El|mMW$im$Dhiikbf9d z>Xe-IjZ1wp;?ie~($~pG<|Z6e^qp06^+_XtGBxXvzM32R)yzK4W1sx}53#c^X7(9A zdi*Sa_6IXFei1+$%f%X9eP_S6=YHmle`5xxk!#;r#GjQD|D0h5eonD( z&v1;9<1J@y+o4DRbJ6txz;9*GHiJlK@j9l*VsMTF|l{!0_gSvsaXGQQqf%6jsakuLPRx;-cRRd49*(Z2)H&+V@-TEVJ=>^5*Ygy zuG^BTPx-niH@y_bg^ykd(E+OCqqP@4h*%D7Jh62mCnoT!W`>}HrBu!hh}g0#O|E6+ z;d-NLGgC?M;z0y%^i+N&xJLKP4A+tiV1dWmA4&B&3A3@KW+12`3(X3`yl?Ti9o2+P z+m-FiC=P}In_;6$OLVv{USTiQU@Pn9UqW_d?(`E-d^8rR{as>)Jf;iTVQ9X0RfOx{ zb=}61f1ePhI{bL1Kz`dz9-f-zJ>OKEu*B2JsDZ|oH@4Ov^aDVv?J5RhZaBH~iwKdszr+}~@_{DXd#-zQTfkt?<1im~jaH`mkEuU@qC5S5-x;xDu2loQ$NwJetT zbf4-4uR8#n49aF9?s@4-6&YuJ9?o|ffw3O1gKKf$k7VzXyq*UXy*qAvA6IdeJ!Kd2$Nv(>Oc$aErvpD~k)xa%-*h!Q!+h4N43bt{eti z)Il(cLfjL6nP2sFXm#XC!i@w`06Rf3m>Edf(IHzT7x%rm-PAv$r1f)s!1O>oK) z1@X6!s@{Em%uiX31NJyz1-UK4eA(Ern={EPYIAB;DgY7`H}#w5-sR%N`D;&m%hPt7 zEg)XyP7rMrqE{YIgPmm~(_1iJjk`4iUG4F78*LkIc#z8%*BmIZ1Ik=3Zc?eu0V&i3 z6LUg{3S}e&yWHK=i@fDpJ6ttkR3swLqB_QTaI$Nz8H}6lSKTAL1egcTv=mi9ybT$v zxl%aYsE%Y0TqvLK@-Fh%`I2dt=BPrGOCxLGnS7k6Wy#CZ;}iHYPwyA^%#HFcfnJ7N z9Jm2{rpUA$b`Q-{7v>=^WO%4o*1PnByyV$l)sEnUObU8<&Du&#&SSAN!X6gF>AIO+ zZ5$^c%JP--Enry$e_4zI$Bk~f=wx}WN8F{?36`OS;-IvoD9qN;{?lhkg9^CD*EMff z=->3Neu6N!&CfP{rvLIDb&-C}m;XgL{s)2C{{&`8`4N~MQX0$C)9$SCbPg+w3jGXp ze>y>2{6~RV{&1gffm!6g1ZMszTJ;H@_ldG>JE79{ zQ=&}#70!QO4Di2Q&G*H81_=TG;ef=RF_Vs4l{0$L=YzvozU_}G60+2}b>O0*lsHa6 z;ddE}zWGU>PQ*V5TU`j(MBo?bBD5T>?<2lEJ~Fu>w>Ir=)6a=luwH`H9KQFlB&lzE zx(jz$*?7QugF^%}P>NuKc&v{TEO2)-A#xMuAew}kcRKJoxub_gco61O4u%nrt~cQ0 z21?}YB-s_Y;UmI03-EOPHjhKT&~MTS`iUC0S|)8Se(v)5Ta(3Q3(qgWB9OG2#PEgD z)Ro`fJ3I1I&kSX9S!HoUcfr#v03(}2Wia@3gC){pLqWA2kv)}@kLsN9DiY}Ym1}9; zL6KlE`;ea`(a$ey#4eY*AFoxggbea>UrQzeP@`OHr!9#KKeH=V=TcvKnorFO^R$tx zC=UtE@Q78&c(5Ka2X?Z;G`agaa)%=JiemN3^(wVP6$^OQ_{2}@p)64W7h~-Ek}130 zkeRbcLz<9CFB|MNO9^_(c`ojT(E13!JU137iQ?#4?4-V@FV4cg0U8p-5gzKGd*jEI z*_+yauV{1g8RV+T#iq9s_NprGVmGZLwiWHY;##eI7rhG82795G`mft%X(4Tdd$=+IzHsYx$NT`6G0JQA&S zIRckrxXWgURIE&!ZF+PParwB3WTF8NZ-kSeglZAC7!;o>-ZtI>m^;dwNCk&Xq7gOC zXMRLtb(hDiIV3E(O~ci1rKij_T7VSW!EP7YLVm*;P;Wii6hrl znZi~IVFLf%qf6iw65^{WI12dfsz`}_zRSx+M2M1PM0q@kEr{3C04mSB70||xwNzbL zEqFoA6YkD%c}*Y4eSXCkE?GOLgAx zlzEGf5*A!kIkKy3a|YWGi%#nlYR@ezTou!yLh0J=UewAwND;_8o}LeA^y#J;?X>`e z-Z$R;!wg(G*zT1}9quSHSIb+A)|k-?rWFu{+?myWP|G?q;tkTrJ=)=E2dA6C`V`D; z7Ad$-BLM_$*Bca>?B{%Sbzf8XR!LdsQBqSrZ1^C6fq1c8aHXFExa*5t#VYu2wxpT+ zV^=r^mhPioMU-q8Kw2KI8jUk8qchz|rhb)@Jdk1;479BjCmq~MKbllAh_zR#Jc^Si z=(U0)ZS+d3S{?(CjBIA#6K(|3JcrxsWBYd_my4`@d_U6q$9gM*e=rQq{WRf28+!q5 zH_z1c4vgqHams$-{Th~I}Y`4br*>3-cV-Oj6=M6hfScC9A6bWEuFU=NY z_65;>ax&%}nXS`H1Jm3bI~fLUD|Il68ErSf%%yqea<8W|S}5LOPo#9(A%zWrT~>9N zbUvvu1wFUBew(%Up&DkY>iYpGI^_`6W>8g=dmQt`7MJfBnA`7Q80+j<ptsiYJTtOTU%SV_6pp^52B$pvrW;0YNH&78CBuOWa8R&|aC8GZ^{q zSrBZ!dvPFeuZmkJ^soHxB#0n{9aOQr8xGpKBZiA+l`ohpKluZI>Y>tC?CW`tue7-J z9BLC#Dzx-OoLHu$2L6c~jc^iz-9c{%LFh9Vdu?KS%`(bEq?a`PM8ZSro+YsMiV(l+ z^(1Oyj=AwB4y5+FyU^lC7aWstF}ObIFzs8GejRJvMJj#}8F8I_hv_a?&*|Yh!JpnXe%&?JvN^p=UTf^2Z_)!S`^EO0@97_*VFjgvf#46=2ha=q>b;f@q~X zn~`AM>$-@=GeE~b^yd7@XMrCd=FIP^<)p?=t6~07E&o#7{yWw3LhnAJ<;l^#RpcXE zo-E<%ae!|wXNg+r9R?osrG8cL4)vhtuP1l}7nO9SF<_=Xs4*|KbW4lS)9dHCo5WQVQukF*Eg?JEeO_9QPQLEN$ zf$&yCsGHShk2zyf=Q)yx*(tKP(^P-gpL!-|XRM|L4Yc?Hzz2d{uP4E}635fog+bK$ zN?NnIl@ES5KpGC}r!46wT&Hg6dLkuo%G-plDLBEF3M(zJal<`g*%|@R*p9(`Ydx48 z9^I{1pe=X?eIT9uIe>Mc^tQ<8VpOZrqJtA%ki`VNMI-6vd9v$KnJMj?a|V)YQh@NR z5cHWhoEMe4=R6_~Ss_I!alG5hUR|^MR+*U7pxgF-50IfWMx+omn7^X!b_SjLg+EIu zOZ?fkfgAH)utSWO%sLrdc}CvL`}If)auq}8)yNQad(d7}wf#rq`>iA@R;{&Pl1B4h zF{wwS%$MbgDD6iG%=LmC+6~dy7b(w8nA^_9w>7p|;Iw^|RZy13^(yHxDP7{2;~!9K z6g@8_7Y9}^OqU>u5k2<&L@74#2(a_TK18uh+U(|Q+p1Q)c9p4^KBfyIRBZo-nqxM= z6Su~Q- zSD+F)^>Zw*N~uDBo2Pg-zm)L^f2ySQZLEZSoDohyOeq(f-2! z<&*zAz>i{>O;aNO`mJb&R&9r?HAee>)R#o=^%@EJ9)8it(!01Jrx;HAD9|$JH1$Vd z)j-7l29!Q?m4Cb8@2YUb?@Cn$OMNN6JMqqM#|y{TYryx5C&~N;1J#CRX)9-btNB^` zI`+QQ4P`Dj%bM-3(zmk*Zrf@n@G9UT%K1l;DunYd@?H^K*U3(6C&c@>#!9o+Rrqn7 zr~h`t-(>Y>iA%odLIHm#4E3`vR0S>g&3`C(e~qt>?LhSOT*2pa5zONS>*zyubUlK@_t%CZu8g(c8M5L(qb#FY<@eI(>c&VM&i|%PSa?`(-{h4zD%L(DK-kAZkc)<9(;NDK_9pmEMul zG~x7q-p!cWpMvNEtao9-L8hwwn($z>-piov#upPV%Gk5HHapcd20Qlg>TaG;@NpXN zDs+aI{(Sf6(t8ZH4_O+ain$5g*ujSK)W;n6VbUvD+NbrUB!fyio$6qDB#IDnd56N4 z>QRh}iBT_^SIj9*Daak>Pz7X6QzDT@5y;KIrs5z-=y`uzQ4;Q#7k9ci0=(R5MA^DO z&9ei4Ck*wcx=?(3A-dz5BiHTzFkZs-ZNcx-X@v;}-qF&B&-arrHs~JVO`49uGCT=0 zf3^2W9I*gN@BOhIm@>uO$sG#m@^Ie#oV)Mt2!zM!$h;eY;V5DPdZLA_I8k1H=*3n; z$cWy#g*AtPyHKUQCED!_qM<~swSYHl_8Mc(HZALQLi@Ke>=&fopF^15Jz@YrZ7eQM zgIIVwzGi}xZkJn2h2rfsmlaA=a}rHV$#qAzzYbh0^^m4Z|KN0Fp;eU0O-|u&X@!>0 zA_rUoqTg`a`B}VM=3;^ap1(0<6Y6uw>!T7m ze{Yxv$l-e11{C`3cF-X8s=EKgcYYr$`^|qM|I;!^#`&PW^ap=b?)Oj}{Cs8SLCx7e zltYYv=088~6ZmiW&(nQo!1n^n(|-m(Zurwo)9>|_*73cvIr|hbqvt=5@7Z7d<2ui4 zz>kaNUoZbZT|MxhEdM`UJ@8q6`h{;N-yX6=)0sPFrb(TgwV)`o?9CljE%mD0jcuBd zg31-DE$f%i3@2dk{x7~idA9YBm*8oKq=f;JCDUE=Z4NN3Leno!M0{{KEKO#883P(Cx(J%Co zCy82A&z8&2&;F4p0Dn_6@%#5{)%!C>H=kmK_gl}8RWe22_Gml{eGz-dKo9$Zy1vV-@LG_$B z4wT}1jLen=lqeZ~j)0Y}!z@@hoNkC_;ukJ@u_FX}Hg%)bh{5KJdr5uYDgL zgKDgFqLuTX#}7r_0RoX}kK_bdj_;I_HWJzE`yjQG&)d6 zZTpo10)Z^>&%79%*!{Y)6T>+&d`_*8`W^?11W#L^6{RFNfKnLrAffnJOu@-!eeB;!e@q6NTg+q z=9Q*7mtggF$uF08un&KxD|nwDw$4xz$L@nsQ2-5BQF?nd>&3bMTA}~91^R!fN^UX` z%n(fRf?-EcZYG2}xu{&n8A_1(aYgvY-RJ0snxdJ*DD2)F-D^Q@Q+xS2bU_jHya&Cy zKx9}%-Dy^HEo?&>m>OL_^)4B6(Ie_z=l zc5POjfBtpvrulE?N&Khv9LLAF@aK2qav3^$71dtj6f0K{``Wa}az?qtAIv|+AMv-| zN8mdEvAOA|lcV!Nx%oS8l8;{Z5*?iVdGo$0YRk58UfVzN(^#un;mUtI#{szYDt#_K z;4dFAV?>93e#g&O{0~3>{iKK=h0!peeS!ZHrnAxGTVXW(^EFK%e#xlh>QARi61Uc0 zewoD0Z{Xa@Puoj=-JY+}=67GBf7u>9fBCs9ke_PL-!TH<4kj;Q;8zEA%B6bcP&2#C^~Br-NO?uUA&kGEjpTK70;%?Zp&-?2jKb`)-d76rjW zoy9BSet+g0BWqFsFd)nIs!wL=;e`Xk-WiF47~?` zJyf!`^Nti0;{mBNZ5g zdl)K@nb5--d2$}E7_qt^^1XOh59fVJ3V+kPDBciqEUs>BPi_`E@B-{tHfPuYoFuX| zJ#A(9ifHI7vNVSEoI2ALm~QzjRLh);MJbZ2~=kf($VQVVyv?vxNp%>VEL& zjeiF_c?{9T?(G})yh7K*?bPfwQ7p0fzdsoVe#>#4j**YOCyX~zCfa5{g;x^~qC!v5 z%Pre5)xJgcY~NG?r)475JqfBSw@KJ>NyU-mvK8=eaO)vPG^F=>Cb`A8tq>8iMQzmZ zu~;j!Lz&AkmDUFqC7&jAK@jaN%i|Q?Q0@uF6RviMbW{C01$LtBET?tBN~Jk>LxM=f zA8#_Wj9|>7+q;vS`8`y0G)<`J94~XbK#qTdmOK?MB0}aUk3BNzU@zSp0BIY`R6TVb zLx8^8O3(uI>J*w>9wbqe1zz`Z!5pur0~>8m5pS1QjQJXq{Qw;$QEMWxzaA1>>udr% z2i``Sn^Rg@bMgG?9fC15fo}{Ar+p*j_@=*y&~X!-)VsipokGuuX*GrxtlHDf4yxQ3 zM|puGa|Os&;ohG!Yw98-`|3X;O}vaekH<^l`NIm2oM3I;u)a0P z_2grY7C$YEN^VPq1MR9i_=4RiQ}Um>)2$;Wq+RCRcLld;DRnajqFOW;@>?Rmoa64H zPbfdIX@}v{FDKhH<<7_=jhlo(o^az*`wP8{CXK7fKr&3-1_o5KVDo(4RqWEHGoLH( zDPIoJ9C}jhRjJtX@aFO_&WH4N^Sy$CDjK*!_Xxfh&oKeFaK(61IT40D&D$fU#z!ua zOsW|avU{Knp2>eB7^@C*4Mwndf>$M z&l7Kb54WD<*JaX>M+`^M9|e!XRj0mzhyAKQe0@Jb!#irtFBlp4bI~LB_c8;lw0@M6 zzUCRL?Mt4q)K;{-hUyzs@f@?wf@e zv-N0hzv~%g3slX$A45Th*<2s@SZOWnZ8wqCW%sC!#2YZ@kF6B&=SxH4=OcU{RS|ipOJ+M^32W|l!!Xg2;*F!mEv)kpC*AHZxOccE)6_2ru10a{xgrC z|3|&HjpquHpK!S;IiJEHYOB2JxDQh@`#g9 zL^taJvG3lub-U8&hXp+K*)0W^E|%1cCTW|G=C;sXK|?t4xSGCnC&u}iYAgpg4)XV- zA%3&sFUoBHH?5c-J}0i&k3kZqI2!@uUBX$_#e}{M@0R4JKb-;ldy@eECpPg{CINhv zB>SIQvUJtXcj&t%10PfVnD@!tkN>SD1An*df4XYmKj#Ik;^Q}0L)X5JIG^c#(t=gG zco~sClR~96HGl{C5JOMvanIW5N*&@uXh4vy&6~kdbwUTxCYh4#aO!^9j=8JU2ctd% zC`wr^wpy)z)%eH_?r7pqz&?3xzCLXZW2g)^uZHOm*t4D{JbbybiAElsoKFOsJO3)G zZgA5hzDZSXey-0hkK5h7oO7ME_&L`{Sr6w3NQWhPflRzM?80hfi+zqJiP6WLFR^^gwaGsy_ z{Z6)yyV~`DTrX|W)#xj@cxaaCdv5P4ewCVenJ}@2Qtye9Jg^H%m&`DsZ;)hDCJ;ktS!oN`?rLin(3KvV0R#F20I z$esPrG;Uw+*M1=rIgLg$S@ zty#U)myiasGw2D1>9MlTk#MCPgrSKcdU`VyG+fk;`h7(eSD2h-Snv9EK)BIA!wTk) zbyDPWD+ACh2JX`s4I=U`7HU94u0=PXNtlUL+G;2HeyEz0u?3Jc_^@u-e3hJ0;Kd;RU*T)N@$vD(lUJ zTG^LuWA4P&U@}d=8&kS)&ZR-Ohn3&wITr~CNEKM_i5qq$pRZi7?K6_(qggu|i7d?0 zD{hFry~lE!BTE>&?E)*ZDf?cQadE7z_7bapnDS@0Ig^70;dhu=|MY~=OH?f}(@ zNdI2%%eDs04Wr>;C*|9nRLjw-Fndcjs48w`ES+{Z!|92!-P<-ieC>ic)szd9C0JWu zUrM6&fvDs%(_%!`JpA=RK#kT{*=2G(QltrXyOl~nUm`c}M3JuGbmNxcUQm56_;w^+ zV|-+~B~h_vqjnC!L0=^>jRu9mJU^^XO;OIia=$sC_AKWo3qG|)i%uN#B2z<^oI~Hy z$i(6pvPT@%oR%g87}TdjaexFe{rFizB*=J~1p0wfRHX8LG9@EcWUf;pUs!gk8kNHN z2wBf?0=Wg8@Xc~sO^$bvtR+dJ?d6RHFeQG^E4K!xSt@5z-^vr=OONz#S+(rsao@shFv80mk1>U^x&Mwk_Dlgx^pXpA05{BOshaW)j861UZZ1h7>;ddARY8(G<7r;N+ z#=qMI@aNn34<_ZxadHpGa1!VDRy;vVW;S5DhG&GsSXqP~Io~cJT^zMb2_1=rPhyYTrfz z7xsvK1Mh=6pX{%hpFjWbx6l6NR9#^9Ug;I>J?4n>ymD?=z3$4mOeAzr*wlQ#p8bKV zq#i37Bblt)$EFP~&+APi!Rm4xdPu&Vx+i9JGl1#6?L$3B;PaJe|0aE(ocP?91pSBA z3Gn}!3UEKvKW5hQWY>ji(J5%h zbbe~`*iQ8N!KJ(|TM(ML6?yl*9DC8?`L=yGm>tmAa5WqW(GKr>rhWhU+Fz~W&lUmv zvsL`P92xLCJu;2uQ>(FFt_7vi3uMd1NA!$7`N|SvV#~l6!&uLN&>jqW1DUdmgP!{~3&H>$lGb<44s!{U*#CdAp(byRqFZyJjawKVde_Kxu;+*?A}FJtxJO7 zArMbkdW;rnMy2Le0gssOHs`2fz85e85y9oc;oL$#279_BYv(>eduEz(IQ)lWI2@ye z&2i8B7PJ$BX`SHS3Vh)|B|^)9)q(E!Bd4bOjj`Bb@bf`=z?Fvy zjchm9H_r7TdNHF>XIQR1k(Vovq>Yl}LIU19fkpX8@6yC++07W@Ajc!Gjdk8HfW)?Z zI{dIGhaG3vhklS?iK%zklH5q|Oe**23v}Ub+g|RkAtIr;N3AlN;%rxw$z^#q%wV6z zPuL6`#Kim6aTB6+yw;Ed5pv?G>z>?blzj2CI4!UK@pwt|VY$(bdHPnSSQ^+}uJ@!F zMs#-Sg|R%9vs9qya<0_|4%$2XyB^s;n?nAZZw0iFxvgHT5wi}Bh+N%g41pn-jTD1C}ND;v%Y=r7-`?i9y=otL z%t|u(+K%~R=I)Zwuf2SmW>CD9McA=0$9Z;hG9_dPbQJ-It5Ja`B%Y*IWA4ghfYq%{ zS;*xtvkTbUtAvn>jQv^O?aWYH%Y3g#WR;znPfdFVn+z8(V;`j9BM_Tx?GU1i5ds&(qxxq4@xHWaGH+k#2pWX|Y75XybwQ!L#FCawdj#G4QnUql8n;q6wE zx9xy}qn*~}%}|u=2Nzwj2dP4nK#BT!( zI!PD&Q>@ozY#T^<-ZM+N8Z{z=lA3EjLj-GSyYq9mw%OX3#*CCE#cAtQZ zGRx5p#K5+V(NwssWt@&6Ezb%{) z6crAI0Or8&yx!nQ9GT5?ddGGjKWZAcW^qOckg+9$|kiG2$;qOGvrNv=wx z2%0msScy>}SRR^*^)iqwy4xI2>h4ei#Y>fKWTrX)+Rkece#CTz2gYRjfmc-Ef;_9d z7kl0a#l3Ei6w9CY@reHvb^w2+!Stm}OKvm4PxNq};fd_Xg@1P!SG6_sCjQyc4nY6S zsI^AaS9D|@+-WCAV57lO1b(~ukdeCzJ6EbLG@yL-Ik=bZ?nMOdMH|On!FudzKeonS z4KqQE42{B=Pao+6K3x7Cyq?QmAtvRDD`wd((O1ZeixqMcn4Ds?*Hw8?kO)LF+lX&> z=pM!Sjv!dKW-4bM+kJ=3TDX8{X^R;d-!W^t#;L@jF{KX*Gg!rw(TBvFv!XF;E13KG z0ifB8ReBn5HFp)loPIEYt8Y(^e@%2U?;cW1jU;Cc+QwHIzT7BwR>HK>_p9J2Z^)M;*|R0G-!wM+UMsi#MR?}Fl;N_{RWE)E)xe*Q zKlmdexoQsmD)TemRb{m`lUgjgE(Q7=^23BaZDec!pY4sJp|Q$C%=y1V6Bx}ElSF0 zFmmDSmieQya1khOaeR5CX#IW{*}RqqU}@-ptXa;o2_rF3L)|F;?Y}LuKF}!Hg*Y}6 zoy*IdYWXrq9_X|uXkg+0+^P`*{l93{?H45aW2BcJ)WuT{_gFIcsP z>dZg4YFKCWU#h8{K&m^M=AI1a*Sq@V3p2#J68n~(S)Q1n32%?p|inrMRW}J~ud7Sk-P4oY?i}<&xhwhVlK!1!fa;eB% z#X(Y$SHNrgu$hpxfqG;*CiJIsP9Dy$CH_}wlS``l&b37sqrJ+rCGNB*s5UH5KUYC( zre_JxRo1^2!%&OnNUQd(1_of6+AzI{cZ)x0oBx~F|0j!gvejVS(`MK&sfFX)#a%mG zOn2&sCRD$i(9O1HhbR8~CKyFuzb}IEJY9Aw&jH+>HXV+4t%|fA`|G$O^)nZVrM_ni zdZ*%j%agM2Ls9-}W+L#*(8PaI(hpznf)l77RhYxbMsy6gg0WPx1@Vx#pFFPii(2ik zkIcrix7h|g988s8^7XJK0pw^m*b)ZbcqBcz-;F}g?3SXXK?(2EvDjt68L8&0J9l8Dyci3+^|(*qE<=WRVxQ!3jUT5+ zdUN&wYmgg677BzhVZ?Jcyct4c5TTj2@X{JFcF3foKP9$PsPK)yxA)ueODWOKcOon= ze#TAP9Znnrt+8MV;;W621MtMyaF34edzr>5yDV3@xSFkUot6jjB-tQg#@-e00k5x# z)<}JUxDS{=T;?H!CiW5tX+*ojTQGzMC`h^0djA??RyjCG!J)LLcA@|;Tz8CQ>I!~W z3Gk7sl(gOU4th>td*4!_(-wtTt^{PK#*hSI^eBKN)z>=r^cmU?Jg<|@n?Un*n^K>` z1^8}II`Uv-x|j`j#;c-zY|qG3Z=$^zeUMq&ZKG#TkKe?z+<`EU)l7KL_a|}{52hZg zx6FaCayoK(;rVbC!ZSof>ZZFJ)u??cnHmgT1@%vaD1h&H4(dS(xrw@}A`|IMG!y5jo+MtlhfN%M>RKkc9P4e`3UI*j~Vvyz>S@H6_xCx z=Ja?YZ&RwY$&wBnvj-@q*JSCP4B!wn$NG`k36F_X^I40NBq#ZHNGb23fz$4FA$7V{ zuT)qg>Cnik{1WI1fj81#tkuz!=RzY0#5y9t5(nO22=+Z(*GlhHB+2Lc3O-(IwVN+Q z@22e$yT?9MEf~Ga9%h4)EwU$GWp87qF~-S>zEGG73rv8*Zy+^LJYrJ?3KMC;TG_UQ z%3{`6=0b@#q4D+Pg-fVl7;J-D_RKyN)lzBa!rJ+s^nM&fF;|0F# z&s-lsbZ(y#;tW+BO;Dw;Zs0JN8Jq%4dLl{6|0_%9;Ygn9p z{;S|xh7J5TxWkuWUaud@A7=Ot_t*$H6wVU?R@0WbrM2^iihT4J{=ok}X`ii#m3+WP!u(!BL) z$o+)x!yk|Jm*bj*O5*l60RC+DVn{m zO7?xOv`zybDG<}GAJVtGe{L@EI`7tzY;mN0-r%!6(evcH`)|jw-yb*cdYAU${nD%6 zmY#M1b$Z*r>Do={XHKNz$DusFN6t_9iJajXP+cydSU!XtmciMr!%O6t$ zrh;b(45N&wE~e?<#$>y+P=m?eIV|v7>uyD9Link)U+hI2O-+Zmm*S09SRxgw2}_jr zw)K2K7JgyN!XcK#vJ%Uo%~q~mEOk2;IB3IcG3mSsd$XG@E5!SOk3|>`t)UQVR1DFo zS@3(3&nO991e6qya7c&?rY-b!lPN##xlG>QVDgW~7Fy^H_%A51+gz&POPZ8|j8VZl zq-x5(WdCLTiZWU1Qw9|Nz{9{-KrHi`RjvFFg|P2v{M*1l0fW^*&wo({`Tb{3>r@D6s;&VtO`uX3}6YsS#RYwOeO-`2S<>KeipWlC4p=kEb|& zj_-#dNCJ)9fcM^`2T#I#_w+xRsZ6C(DXHpIU86BHc5ZB%1#(5q8D`BG7lT_lfhC?1 z2#oilBp#7NKlUY7WEqa42d%ZpX2=gAy){=e8&gJJG2U3k+#Vv>jVpCYukf9J$H9-$ ztj7zOOMy^k05WkpJUrYSH?ZRJ@Y(91Ox!YK%nNTT zyes!)5F^G~J@Lx4kARth*o(-j%ODPZ-cK5nE>)=8{xi8yvw&_EbHG<*=7uxOcdD(K zMmT6$H|<-I!8KcuI@ef!Sd@CnuO%R1RC+P(g9BMFdf&G!cRo+?%M%1qZ|%n5~kFvt%is^*s%z}cxT)D^(7Oec$PywA=Rb8fz=Z zMxK>pZ1cvdpUL*`3hexjKJ zl@p5&FRI$E;g1S+3qV{t(b8ym!SX&*rAJi0KU%(7n5f*E{95ymZ5@=|zh7fUh(g|h zT{V(1w$~oMILt4kQm)oT=H|>hfMT!iJFdrehzi-NFXwrCUG8TWD5tsK*`$Dc#!SwW zMJDGk3`(Dcs&Ct#pYE?4#)fQ&rD(N8dXFOjMZqH?_wPV%pzrHlakJL2hgL~XZZ}Ex z?#s*t+D(=41x7gOP+jQWyI=WWD z9(O0u?p8^%$Suj=Za^&&1!JSlw&Yw~)9M^s<}PkQcv;KK8tlH0DoE_4Tyj^hS#raX zioS+)*!48lgAagaL^Qzp7meT#SYq&0%-9(!Zbljupi0~)aO`5tl9raauHE8KezDsR zy`2liK5Hu-Uv7Bv80>H56)+fQtTiE=8X27)nJJ|dibNG+2nf+k%H?=$9*T+$N8xihn3v%)b;Nk)TSuqMv`QBD8JtBC zBz*4`IXiAvOR1f(h4e!dRtL4?3zWP;;+fZ6njZc@>J(K1Uz;BOx5rV9o$B8{W{Og% zGG(BUz1Qt|*_jH9{}fDpKX%Fx*LOto2-o#>GpOplX`A?dwyzVRZk*CWoipWO1+4Pi zIi{izVB)?|vsi)^bh<}d%3DH|1a>ibr(_<)=JC`!AR2}pk`)(w@R~r>kg?y^+gZQB zsD4Mg07Yb{D!d7N2wwRvUS8L~pU=t38cE3S7|XK%2Z0a>`1dDne<&>SJtHl9)q;EL ztiS5@9%jxjg=TE~rw!>EJ0P6I^Lr(xapsS*cI>%FfH+0$;Y;M3pQQ0eBZiMXQTV}} z=#M$s3{Dx&?l`q;11|OHRu{IfW+HsfeeOS*$@|~IkJo;=s?VZ;|JJHLivqr^>K{e` z{x|_}eBHd!oRS9^x#gX_a>r^1=!LNz?*-5|JT{{_%wPt(WQY7}OZMt5>zdek1v%Mz zV^HdjYV4Ad30TGp&Y@05%f&gL8h5+C3Oo#sSnZEd16+MU(TT)N>{jIT}qU#pJ{m6hX1GwbuL+QKOn9A~Mc)E11cwZugR@-rX%8de0NiSb*&ZwtS;X&A| zOZ$zY=OD{>R&Mlk7#bG>p}sct?GRr!VnLpHBh2D1+=W5t+`Bx26QxKJ)c|>x3`V(7 z1*g@)j=izqIKrW%-W&EBU&ISp^Pw3SIWwV^(^xD8y$HL@cHt##!?G;vLQp6}cM~HK z00DEu%-;u7P3a)lUeO+jR%DeuwMfKdqB!@Gw#>Y%BfE09AWor1g_Vj+I#72mdcvYk zVa-P%;+hGFubJnYiXZVe@6c=~+LqIAPe&9;Uh=AszQqJO^oVHio>=Q~XN&X>alSA) zIZU^Ph+cSfFCkQ_Ie^YxNb7_J;?Svz-c*U6xqCY?3>#(zd4+q=?~3(&k?8(1bEmjg z;r1LjtiqKnmBMMF&MUDU0v6Jc$|Hz*Ehw+eRtZ$J)+?u61Ug4$pgUm(F1?? z;J+LfNSPQTP!U5f8&VQ)uL0%{PNuipUFvA28#+zv*~nv_6z7hEpUk48@W;%hP8xCG zgJtBPG#=-iay7b%ls})HSr@!&2pfRPJ7i6tUOX`7W@;OelLnLJ#C?1wj$7#V&@9`Y zGR+~)9*0Fub9xsx-MW%AB*@^K!GpbM6Kj{@z-!U$42$$;k5UowuxxUvqS+G?r}`~; z7N*t&PczIf0w@tCt%-?#3&^F|!<>eWLr@|KSG3cB6v6_qgt?&?AHJxebhT~uf`Fub zQHU2Dzp6Fqrb@gfFSXrI%w%Kvjg#Kx{oOyP@$!b09P}7nZ;-4ghztSvWSHZuCmA1| zQ&E3x<8g5un|&ZfEuwUJNVLN&XV}|Gs$LJMO2!D5Ij_j@&gTQeittNsXK%~fEnu}Z z(iXtm)$>DEK_tiPXC9ap102MRH3&>%+)De-JcjGB$;kJWm@08+b z7Z`^zpo@?N9;Sj>FlpN<#R>!XO3bi7vO4Tw5dCD{R^`%W)|5;-Ox>-e=C*3lv0V>M zMpUc5r~1g|sK5fj5J>mtb!1M$#jE(H70$V@DQcB4l_B#5TvP5o^JBSOgos_cEv@%_ zg{udMwUSgzZGC8p;;g=U>)jGJk z$NRRr^+|}hD3-Y6w2la)ZF{~c>*MJd(_1` zF&P>6&o`mK1-00>aS_opubd+wF#hhRLEhuT!Li!>ir?0K1#Jz3rYBw_a*g5<(kF4d z0ybQveR_igF?&9|r*iED-+CM)hM`_rIHt7_8{^DA^)-M)wNrSBW2^(0t&1>;B0N_R zJ^@o7_*&jjgcWRz(3eru~t$J7R)ia7|)BLvWmLV9CYa8KK%hwhwwz4WdUq+(R*o{gtl1Xkm<4APO5Zzpx2RUAh{i zJCm<4*Pjk8Cq7P2!ClQOY_J>RHJ3tG%j`+2Kd~0z$JE>}GIM{~3~xX0x7QRE4UNB< zM@vNYE&|SQ$`TBtn!>xTVC5A^@th4!Vb_kdBV(sd!cY4m;{usxnd65K2rd@+(1jcB zow4k71R>?JCLQMvl=prnLv>1~)Vt%jAsl6Gngo95vU1#RE`1}!V8LZCk`V{w2{kj; z&9d;!!nJpB@&L`Qm?T4!d3pv?`hqeyhjWs$dmgdWv-7~dIP2=GMf)UzYk83Or3kj` zA!6^SKp&wu<~j60hq$t_lSTUeOQb?l@fF}5TtKV-4vbCxb?;WXyelV-F}+Qy8uE0# z#8;1^rje#pv2Nr#t~8<0JvAs>M(09Ag<1|;)mCCj#lX!xq(Q1&rHjI<=nMf4EL4v* zTazB^yr@;Hkl_n|>7#gvkb^uN*h6nw2%a6R53Xa?VrU_B{8(=&!1%ayCCytPhhs?S zF&pU5ZhRoZEj2KrI@RHA;xGSP91%y(0+iX;bZ6uzJ(soyZA-By5t?KLAiK>FJ~m7qzaB)xae^hft#hcfv~YEHQr7`xjry*C3cfg9Ly~Ttm)Lj z#*!KOteaLR7E6&nn87U`zfWkb|^vBHANY1 z|JOf_JY1UpVW|J}rB(LdA9+ZHpQhLByI{VN30Uh3jODzjnpBDT8uusuXDK=8C#*F9 zn`XXQ{|9UX!&lEY?5_f2K2z?Eo!9zIId@JD(v~Y`QLN=Ue%^I|2UP zTlu>?0sfU+`TLO;HX{l5k$XD^U~O)dis;pu9iz79N*5PeQMLZ_)#P1hA1FeijliO0 zbv+(pr@074w-38v4=kEsi1N^?)D^)bt)T^8q!M5-#lQ~;lBrB|bMS54dEP&hpO}`1J@|h~dr*DVK?kDeEM273+b# znrr!{wJ^bs#8Ctt{z}P&84$+btMrj;I7JZMscQr{^ze={kxd?gn~14yPfJptJL}Z< z3Es#X0`M9}I5+HeC9PVfgnGJ)2Ph!t%|-?OX$Bqio0UU|Yj(PzCI6FsF)6jkioP&;(&onRvcG@PD! zxem=ehvQu&bbop=U0R@s^8Siphl`rw^^S()PSIA8;SNf`F{g&lD~Fyp`WobyT^nKN zyeVOhJ*;U)y=L9;FSVXQVF}<>l3dmi*EJf!E?c+vS(*(V5X(k|I zK$2ck3lcXgW_}`%UhUNn4LzHI)H%CK}AzZRxE~xo}-zk$dL;A8tJ(A3}Vg*2324dQT z4M=w2y?Q#ljBaZ{8te6d&w@s1jt_5#LBEMFSr~U55gh0xBZoRXA3pJ>tpcUQV6nm$ zF9E!H8W+rhpEz^3rxclOSD63Us`@X~b1dbu?=Y|uvfV=HVyW#dV69=7RsB-_Iy3oG z)U1B5oinc&Y!EUa&jh%Vr#ri*$k+XdYj3Dyh%2gW?@+H5FQo^kW@bl)+dsoowf7qJ z_J+g|<+5S7xCEWmFIa>*u?ZmLR;_E{W_b`}Pkv9Mfr{qC>7#;$*`pQ~L8Ve_cPe8W zr3c?80t8=M6S`*TP}c$2L(Qdpae9wPz!Ne3o0;6vwNaN$IWvVb5V=feR5fpktq8co z-{V4Loe6~!u4 z6I~?`b?N=BRuE9io$=&Vu#oFCA8z8--Z0R494(R$mMp)NW`LXoSKF)uJkK0O3|vKw zFGbno@cZqeRLGWjrKx2v!&5YRC9nzZ^YJXsr=aA~d_HLXfvs2CsxHU$JiSb}K)VF) zvjN_q%YBJF+cfuvKlppd-d2>49A%ne+1NrSBHdXLnGSQj+Xpk#XwIxnd9WbBWFv4wR7Ve6tpF{}|Mo0u}UPNXs=3+Y_rmJm@BKAHsNZ zR4^q{peT7vN;bk1v-fr;2%gs1`UT2HBFT(k)0Ab2{KL_aw7#1A%c?mt*>4rC>yK+4 zrMM$;#5Oea=)OF_wfOj1x6X(~*fn4m5}%7;eM}7Zh$4cAihb$zL5u}Ft@asAy7n4a zkAZ?}9t}r~GZ*tFy#gc)upF@aDxEq^p`RysxK{!U38NpGD~3ULk-J0Bkb3*ZN-0$@ zhNp6OODrmc`aWbrtkle;uX3J&VVb?F5GWU4SnY6s!LYJDA@IH2*LlL59fd|i`H28F zsK+ou665+JSVg&!4x1ll?7rH%Tu18`w5PYcx*(bW+TWd96DnbSG1eCs5mhkX1f446 zR=3Vam!BK?5b*5uK}%u;vJS>qeL{xdUy;^4SykdEnLs7ywON4c6P2E<6id6bZ>8Eg zQTWgv-VHpmAc7faqx?T+_x{kG!8QGqJJ;)uN45Y!XmII#HJtVI{pI}?9r!6dNJLSy z<943&aIcj1v%EhOxPbs1GM;}C68>d&Zz$Ylo+0;$FX#TE5wgm*XRp-nl_9r-Aix@Q zEfIb0hi~I|tgjGwUHKZhuQ)$G>b+l{v4A}q9Xf->U@D$=+w8Sdn`OK??u`MhN1g&i z_dpBlnVjlAk1*!6JRD@i6)A}3b~o<6WH#vh#t(LyU1qVlJYJcH{(^Z1y@U^t_4j#> zounHIGXR1#MAkzDAtD`m#I!LnQ`>+57mVQ%#9MFubTpIdRG5)aippHBbICZm89n=F z)YfzLX3S-ku$w9NK$OOuTJld&ABd&i^<7)8%5b8o$N2D0giFp_REFP;9*(_Yb@txX zr0H$Uc&g{mf_v#qIHygp+;2OulV_WxgJ8 z^Ay|1Mx2VWlx2z!v?(l^Yn8+cF71lGY1~HdY=qF#?eE9a^2D2i6aQn&)(`6RAC*}I z2L6-Nto;X*(C?$Z4J{dLUc+e&i?j;Mp-`yMy!_?J@9F1U!ly~<50Gnd?(_!!H-S^$ zUP66_@1Xnh@4&l#V&ghN+-K6Loxs#fay8#Ewfj{R>K&QC;gqQqO85r3vBj{K<$P+3 zrs5o=<$Ni^eV-V2eCaRx+H16bnGR<&n`%2JpnYvNg1C=Lfb zNvEnm@|up#DqlqEfuD3{59Qy{zYT!f0F4ko{*=CQp2 zetc#R@9olVk4iKeKg3vmn=U3>hA-VN7}Vt`@P1k|*QWBanH}UWK!i*WTfQh|WMr+$ z-R^dI%L-I!G@;~ERts>uT^N?RAnz~}?{Wz9%on>SsOd-mMq>qC0j{Zl8Bck5LHY^l?Do1m8&R&fuw$V zBW6OT@Nj9NN6BhT0%CDY01D)oHE1QUb5d%L2u-Q`1izV5Crz!*qnAT}5gREak|K(2 z5VAQV}l<0`;5JM7d3Qh9`u9>y6baqbiE!78D&? z`{3{D)0%^Uxx-hR?1JXT=$=||uHyL@sRIRJXnt*bl(p!9uQN7az(5g(W$Fz3iH zM9H8!GmB^*y|+OJ$5R)OmVZD`$9GjXbi@+g1SzXJX$PyGA&rCt#3VbP0%q+ABu z!(9LVa@Ez8m!CNS@LMzKUy=g7C*PmO?ZsMdlWnJ43X9mL`D_>Y+Ny-(!#88~US1^` z4!}fx7aJ9k8tL&arV!h~~z*ZdYDjN)>AN)#4M zL#jOmIO`68Va`0+6xgy=LNM34>qx`MYV0Vwo?1uajqsE`Dx>$e*{`mm?>d+qi+aJT zLwHsx$E^y12b9^(I}I4U6$?6Tp0Pa2tWG)Cr(|!IV}ye)o-%oJs&EDQW9ycVDyvgSoW5Why+gYcfjcCYa0!s3&z z7igFfEk79IAyn&Cy+-#mu~-7`OE_j>GLde;8d`HnzQd@SisO@i4y~<|g6A{@4WVl* ziJS+boU|T_f1jo%bE`7Sa>PrY-laot-YzQ;DBpPe?Jj{qKV3z5c8_UU4o_#^arUH< z<GXIZebM{kpyK(;wg*q6ssn=M%&={rEwdGo*+dA^Zc zOICfU?rX>NeH2>P_o@o;zJX`KKLqQ6NBS$q247d~XTnBfQ*ZQ}vJ7>9Hp4wIK|p7@ zPMaIYLl4m2p8G9b-elLd`V}QQEb#UX>nkfzwYRI1l`{2*HOB0RKP;*q=to{)!NMY6knK`55?t5PU9fn)|;a z1Rp*C{5J@}xA{}R9|^%fh||!80FGQy&*FWQa8a9S0#%fUB#nF0z%@WHnefz)NNkqD zdh`=X41)j64>!m$MJ6D$Gy``Z80S)LNYoy6Ytzo#U061+G|a7Ff)s|Xl2b947+@%8 z82Dmddy@1-!cB(kIse58)n6TqI?T7LHRTJbIvxN;1J*Q`YbQEkJaxa&Ea135&z4OH zg)=CH2F&Am$@5XX_Wp?n*FXxlYBI3*w@%Z{n+K%^#1iDmMgITL)?-36@~8DzprKWuUa+7 zeyke&PW1)uO83xuSz`XzErgE!=Ptnya0B1Au;%=8|D3>t{d*@q6JA`y#yvmRKH4+} zRC5BuAb?T^r~3Y8HTpLpn$HpP&%n1Y$H~*LIy5EmHdg2RHHH0oQiN+Oj<5m7Z*n*^ zUH@bAV*Dbx$QS3pCyy8j-@fN-PEcS}@zeYWsHK1?r?IJJvHd$EqUvVR?rZtLA^}F< zScWV#4LEa(&rez)>icONBV!}OaXj}_5_^;}``&Z2b+$ZDWeUP5Gv5;HhSDemHaVm>u?c}Dal*Hk zO5ht=q6No}8h#aG(L3yvwCwJx?eyC>yj_GE`Uk;sPCiG%-D0Lb1=V1jdI1v@@af;N zVjV~%zsB{09Js(%F1PCf>32de2k90ym)r9QSHn95ps#5>Y7`j{6_48+eOi#X!5RZM z80ETGIDMk1fK_X`ohGrOv73e(BtX~*T`CN`uhOirtzQXUGW&oMTgf3(M+h1L+begF z$pgrLd5U?tOWU6NVKWD49f=f)AS#Ft(7h3cA@!G_eYJ2WMSA-h%ZQ05ACSW)We$_W zG5>{#7cIv!J>}qNTAl|Uor_3Pv%K38cp#D4viw@f`Lgjb&V#ljV7uq8_F+iP%*qlF z_xZ!X96@X@5-zWJd%OlZby;jz?tEGjnShhwxn(tHE!noRceNs4bQRTTSQ)AFcy9Z0 zDL`&@3I|xvT7|_MId>P2_cX7<8<%X0JrdC?SuVuOai5x{^BiQAY~~~vQP`GmCtp#1 zRRn(eN#x$F&ukf06D9Qa;id|a%)H9e&%Tn+uQSxYrS_JOEjS$oOT^*L(1WI9v%r4&Ei(`mnBWr@gh&N1D1m}EyPM_=V zpVa4iT#!$KLkS?>NaX7u2#BDQ-yZOOfr2bQPmBq2{X8%*h=QQs(ZqZ81kDiYFHTSZ zzbI7xKKPcmc!?0kbjO>QXV2x;Sj^|~81xdQc7&eGp}jMnL_YFDf6+348fDCEB`Qe_ zJayDb!8`%MQB>M0Yel$-X#`GQdzOJm@DSe{dM~CtjL~Z(*2a~xE7H4HD%f!`9Rsq^ z7xW`tYa+?`C>Ec2gsb|K$T-1B=;4w()2)aq0~SMa0iSOQJ*AW`?UPX7vGo)ETl(wz zf;IS60|I)}-5f=<3!%(dHz*8K%mS^B>yCu2){V{MnX4Ur7mecfl1hlY7`{c?EEW1l zZTZ(dWSBQQd2x{rB<0J#TGUmQA3m1d%Cbst5)oqMC^KPp-cEq!+fi4+!Fqj2z?3EnyMtDT4^_jPf z%+$0h9g@WoZ!-;^L^@#xeJ7=3l0IVaLICyBqNO+BoJgb~R7DjlT&n}ah#H~NVm5Dk z%)4NLUZPxW4$*la+QxdY9U7|SS3@xknPwSesHr{=-~w6U-raTN!pxuUrZK~o<20kR zZ@bAsQKKM7=3>aG?8fzj_x^N!5Tn}u-ra_|wBMU)dH?4`Yo7zE5VyhTtv{`8!1cz8n~Y&>xP>b~c05U%GJ&U>W13}e_O z0qjnOR`B^0J9mORH%?mG0@L|5tGNAoAiK#vUq;dLmlls1Ex#E0l|U3_RF-t>$E*?F z&OAfO)I#wVuyw}xQLF45?{DZe(?|xLK6&M=tR(k70imH)z1G8bE&f`swKH zh(klz+}kyESDr^N4QjdM*dQ$(Ursu={K~yKHeiUe1)b|@kPRkI$xQZlI6I>pw|pl+ zCgO8a_@3%qTSt*J9Z#eLh48i7p12jyd>E^s-x88R1J00vplD2wpl^0QL6O>tqs4HX zXlws$D8Dq4e@xN4pX0sf{kwq}7j|Z-+3HV#5-XE@&B>huj)2{q*jcNQ7~84N+c{hfsP+qpk1I=5>1*TrR9$5-9;Z+}pb%PqG&Ia%V22 z+|%-^$IU@JkIEsALlwnQ075~7qhYgUTHjlIn*w`_^egE$cZhIWP$%W~qOQZ6xI{~^ z-aVU9FRp1_xKX#_L|W4(a-(C|YCdBDzcBRR372V}jyG(Mo0gvRCSfrh<=^f=m(+>f zpGGUAA&yab242F80+lVb-vY==MrXVER^$6``bz+TzAG#3+JrawNhhtC32%4tgdgyO zij|bl>%n(Qy2cst-)qS_1AFIY|>>EKyY9rSwW>~*74=}QViwdd9a z0C7`WW)DKUoA5@QkjfbrN$%#9=i}Y3b-ckC?>Gbn)R9Vv3-iM;-*^!{&D(}7RsT#5(Fin1Bg*=@U6J|N~gM=(wqQY`vRO=(=V@V{Y8}sy1pxv1n9H(FLAf3m0qZsSP(rvM=-2 zZ*W9FnD6_x)7+VqI}z=mz{{lVGG56(T*l87eXub0Qpyo1>l8uUin)xt#Y5hN@dNSD z_B9>uCbCl+sUFt#P9wMBCPElHG0#P*9cNo76ROGJ08xv@UmkL?RNOLxinQ)g@mKy3AZd!462R89y3+yzn zA*Wr7hFXaJyf>OnaL1gdjBHt$8&X8Zuai&bm&`*lK9R)Sd+(eQf1A_sgbj0Z?Mdlw zH`FVDSHiH`#$2Hj7tuB!1?(k+<%DZ~@HAI`@(&HY-^C{NZPL*5AQA@~eIdO(LP@tj zgj9*%pIuiB=Yj$g6XP)s=T7ay!AkiZfBKpZ)mIEDnw{2Pj{^1U2Rlmvr4CHy@28IT zQTqPe@J6~>Xs(jZy7Y1@c|d#Q?}$akFJxDS?erKBZ&M2Py>C&xt1v}6z1Ke1EmJz% z=?4otYGGT!y8VJ4Dx*J}0)5+M(j*%e9hX4+%u#K&W-E88p+fvRPwD&{iALUg}%6izVSI5Tc-Y( zCi6GOxo7CHM}QQCc@@{xCwA5*?C+?|)HdK$$u}?zew!irRg94~zKUzmzl~=2T(gt? zqXzl8rZCt~BP3lLP~KmK_)R6}_@uJUI%#h8`^A4dy<0<>^@nsf|Ble%gl62&fP~*r zTCrT!0?cpxl`W1BfBif9dWNgpq7+Rnn`o_yXO*|)yk^t&4QsRs@xVN9-US|HR$X6- zM>9+1xlGV#_ae^mqw{#ly6uT`poCuVoe*fk>YHgHMa`oj`20cCEH2E26!(1$q&T=; zDt^+^9X^_Zr%7=5OYtuw_}discUj(?k-Txf$riodtM!$Y3O>K?^`YLJzof6(wbsm< zVz$cS&F9PliH-+N`hdX5w%jNvWZ(8wc_%xV%n2*?W*Kc$BU+i)4Q_-h_MxvY(7nd0 zEriinP{+BjBGjsP`vy37*St{;4TCR3ac8RCMi?AWBGNL&GA>9A&oP_J?cWxfUb-ZF zuP^*iK{7vFz;aZilP?kB}|Yh~IidcC3Zwz^4i)%QyUY~pd= z_%!L5_>zKM)Y0Ye2>avuTJV}p?#r^@ZZM7;jd9Cf?;Aes4Yn@#IxNg^Kzua~VIrW5 z5wsW}2sV|kaqM{uGa~}W=Ve6woLOFkbFnGufjqI{>WW-Qx2G{Z!nQchiO>8{JPBM< z7XIe&6Pf3VIuQUThDsN(^3^bB=dR!&kxj7TT#IF`YNH4xLAH!?C=phlvY;+3juw($ zG_HiE7w6?L>NG--v1h_O1)kOmQ*^kQ@eqvyeYIQDYHRCcV! zux;=NnhfI?{WCiH#JBCM<|tQ&>b#)@;8OGLgDv@b(UFABOrO2dD4Y5R7mb0gTaDNgrkJOV2fq>gwo|inXn5x9d7PH(( z)C&+E6PR8kR#(nowoUeeHS*PKq(X_nNMo9;!A3E-5rW8^N5AY81eGKUVA**kNInnq zGLazFUH8b}3DA`}ju~2s1DD{QPXd@{4@};T%dPWMhr3*@4Em;7^Sz+>k5Y?RoA{Ud z-hpd?C#l;lQ_azI8H^9&PX$HbYen&|bZE%8?TiUIK0EQ zu01!Vv7~7y`4{jwRjGd|Zw?Og2%Yos9fNY{LPn>n-+if8G7-IjsaBKE*x;{vbg<5I ziQH^mxnmg;i@Euf3$5?St_Ef?IX%^zvZz&juwgH?%$E7fWVPu|o4Mgk;seFRv#dgt zEQ{&Ro>4g2P_L67XDhwecyHg5a@Mdgz_z1pXJTg6S8W<9`br0n8qRdFo|NUb=`e?G zByK1E8FpdW(Df^6UQ@|v`8^Um&`r9y&k?z_8~1*9+5-fn7}swF0;86%NFni5X7 zkv=Y>#EY9plj^DoIkI2{~49a*|t62iSW9}?BpxY?Frr^T$Cs4{Gt7h0O zs+jkViz5Nga$swz){cqvr}aK5vXbVJTptorhv%L$HUa&z-Xw&ecqY8^$aJVt7+OuS6*y* zdI#jY$dZJ(fp^Kz?`sSKhfdA0D|PIBiGzHz9NVwN99f5E;Ix03j{buL9 z^gn42A+MigO7LCaTqO#<&Q}MlK%}ND?&yD}za?qBsm3OJlTq2{FRF^bcUi@s@|*$% zebkS4<|NE-Nh+%PgZSYOe^b8v4fx@Yza^!FU9p+-o4(vv8JS{JzDhQJ3e8vV|M8W1 zUzq!kN4URzP6|nGDn$?$y0@)eB3n)O*rJ(LLfoyTS)3cWRUU9O+P(xa`l@r%#ctH4 z)t)%wQsDj|30Yi{?E&rwUvrZ623iIjRO@zjTly zrxMpPeRCfL6c7zbivhhh@==!1t_-#@#v1sj!>Re(eQ#U8X@dWOrv7uH^%L5imp|<5 z3c>b?RK*v!yx2dqT04(&qo9khnXUJLBEGftng!k;FIPmX_AjPrLH zrFY;YoA76KzsVvw<+mj3nhB*WPZ_} z>1}#k<%^?_ncG7I*5wFw@u7q4#2sHF1<1j*LmvAe_nF_JyL_=$WXj*0n?&|Y;`!I* za>E9_Ur9;yhiq_$6%~$L?qx0s@YQep$41qUF_K~k*z2CB9mr5Fsy3Ngd63V^x||pl z(jT|mi~NX?cvgXSUvmUN(SyP??f*)Rxe>JcM&h zR@$6CFXFRji4)nf$Z{kJ((@y(2co>xOMykAX+JvU{-P$gE}8@72Ssju4`{WebsOuw zvG8sz5r69}eUo=$Bj#kyBYryFX(XRUj@pH-AQp7cz4F+tCc=){YEID_p!c&6H0dh< zzeE%xT)Q@rq?g{IVK-s{SdkaM#4~umUfPJiEN4C$w_ELI&}zjiT=3?752OV}Jx8YF2Cy?e(B1hJ4&0ZS0Y^HC_?1$a|&FLARWA z&AL!9B5RtN;K-)I1R#O1O+Tm>wkLH8h8KaO`gz;mPb9o`dDD2}FO>z(X9=Gj-}?W|M9=PpJ2_OlQB6+~IxSM$tGD#+uVuAmQI-WcCYkJGfu zEJUI`=dNfp0&iX{N>{fjOyb!u-36D>8oX}qb-F8}4N5^vNce$?VUY{^eqxw9vxvXAK-Myw6;Fr$J*#?m2wQeoSt> zH9>f4B9w8C8MB9EuDpX%^~st>1*ue$smW7CE5^T?(gU>y8w^n5rFs>$>|+cTmJP% z(`!xnrp2pqXZ!7RtJ^eTLhUv4_N-Fn3hf6OHpna}y1Ja@)I8~c(6c?f0;~*z$kx2g zUBd*naPR578=#&sib7naVyNHS4=yi8bdBR!zbmUQZmMx6jak80H5bfAch#0#TyVJp zMRQI5H7rK{V=NvgPbDcQ8g`~0%Kvw;Sor@E77PCl7Sq~wMViayoLKtp&$cj%+4joW zeu`sU>PDk|+Dlbk+T^sHIQAS=dEdOPqV>a!Fd@o2)VZ!2BP}wxL!$Ux=9lX zv28bt6%LXfPA>jREDCj}Kz+bwGLbCJ6B^8mfe62E$7s-)IzpBFtV2CbZ0Y)TfnnC9 z8M>7Z0V1_@%pR5LFQS`g5|4=1la$V_qI?wXa`VPDDLY!gbgwAL zlK65x{6$~9BFD`q4YRUNUle3vw^S{uNaAmsarRv%f(z_mX%R0`^-zGSD>geEaC@7D zrnBHi(%s8dCtZY3B{qba`<*YBL~)GDNQ0-c3fEh9o{mrzxip_+^q83`na;!(IbgiQ z5*D0YN)OX*?_LQ?TZ*34#+1CYbF#)TSoTRp$a`1Jrz^Ub#}!nVR59*dWEL%H8f zPZ;q5u&yX6#6qdeVAWLS?74G_8&tuIE0>9xTIrYgkOpYnSyOW#;RVTN*qzMQmLl$P zb(eank7TMNS9JjqK8vG_Z##Q$Oww6F- zkvO_8n}Q1BnqsxN3_&{vG1w^>05#%sGwk_XX!b}7n}PlI9lg&bKapUYY-n=pn$1U< z<#zj=tTkx7ii40fZ+wLJ6*=t0SUDWev(-mmSiC59S39oT0;Ojh*`>)gRJu#A zYtN5%VG+>_?uht87|hhnX02UNCUV>WTn|by zeic#Qjp)z$A1cgLqQ#(hj_!vmm<<~|;yilOHu6vvhPK+K- zgDJoxP)%E_L-a)!dm`3VCn?xYBvjT{i?{8DSCG7lutLRGb;3|*fh6+W{gz6a88wyIK%M1)g94i%_3Jyi1anZHK zeSE4o^NVb8&vf+Jhk;@*4`YJK=0{~d;Lp;0MsA-PuN;lk1$K5|$M1VYfXjG$EZrEvuK-;dw0Nz97w9fd5z_wR_irlJe5#W8!W6Y>K3qvN*e3@*m2!xY$#0);5T>ZO#T6BaP8*Oh7`w33 z;>HVj4drW3oQaZgug{BsAML8erP-%OUz0qSAE={g5P6P_&plcA9z%3_gqNr0i-8om z01TVqd`V1Mc*9VJ`v00yp#QN^Y+Shp`;a6(X*mDS8-?-zDWfp{$tdhI<+U~v=3=Zg zR82fm;b++juaC{+wcC8-R&R9!vw+8nP7^Q_E1Qh&=eYn+|9BaE@EDQ^HSuD&-6S(= z^?ve&TYEHl*O#^r--2i3=v`pestbw zdmy|D89ymRez0Ha{TRn!J!lohqCDZiNE0+lYeTl8v_QPJDH>{rD& zg)x2}+Z2k5*=^kS8RP7yirxnn$wl66`f_xX!EaIdlR^{cPLcPcL>BqP6-sIaGTIr7A!1x8=PI@j3uFKhdLCVpGTJjY>lI?po&wTyA$Ax%M*Uk!?|r zE4xb--uspZ4&dz-4R~#)4#Gbf%-FANC>ISQwLq^%gCNT47ExzC3il@?sd?(TH#Lsm z{D$#l^|lA6t=byhUcIODN}rm}hI()_P#M1IS~}J1?M>Xp8kmJ!0+9@Kg%QvhvUfzF zf{o*aZ0h(2(c2GBKO6t5M5e@T&wL}oJNT4O)0w8YYGSQt^}35e2H9ENzqotSWl#KV7c$$w#62y!xi3@w~UBwldCyg@wl9K55zPS-F zNgnDQow6CdPUuLPOV!VMXDJ36@=59p0v#a=kCWSNj@6Ae8x*c^_g-6ICaBLi?=6Gm zhP!7&3_$u`s@?@nF0bPjnN|Tlj0iWIaz44cDQdjc`@@sMa`sN;QPdo{FfX~|i}$NZ zzqz?|^Y5Dkr49LpI0ce8YN*dSpCLL_hM+KBvXf71Zy>BpL6*>SW0WU?lk(`V&_d=K(lzL0Fh!Q#{$mJi)7p4YFOAiFqIs5AIVG-&8szUahyb#{2lUfneWas7PyK?90dg!N_HYT zk|f;7Ns7kaGkNBEt+-Z8&~?Uz^b@i!uaB7`^p+Q>>?y2pq}?6=wMws<37tC(8e_L5 z@C|q(%y{ic-;D7V3m4NLyz0T$0z*LP{-Ez0WX`1Sq7Hdjb-hM-Tr5ky>bIO6T4!24 zUYYIV%JB390;cmavIhF#98T&L)@PbCPl|&-v1pgvFEbA8ZQt)l3ikR-#um#7yHvi122Yvd?KR3{O4!M{nv9nb-Z43o zrzTj2;jd@YzheRi35WclUXpIdO9L1qx32}T+fuB$kQ1*28Huo0Wf1f zS)=^@Xk_~Te4Qpon%^ND{`F|Nf1U0kpL}dXeed1Nl}49P+rM5q{qVd9f@Zb;GvyV2 zBAEu%h|+D zrJdjA%PH{h*9`ch@L>I{@W43VduhLnVWb&j{-*0_BJk_|gg;Dp`Kb&|d``fWK61P-1yMO7nu+aI@ePOVLjQnU^%WV$!BDFdx}s`Z>tV*3tfGRBCtt zsUBG8@|O+6#=`x0T&yOyD)`(Dmz9iXprSRGw%xvooDIXO;Ad~2jPKh4 z8Lo7T7k>ea;qCSeXe$av{5z@k?-D$`W-`(Wy0IGNL{-DFbf+Y89CmyLetnXFBKNP& zSNS_SxF`bmQ0RN1OT_(IKD(4RH|>S3!Bw2(#+cKupZ5a9jSI<$dc@SH+5cMSmqr3azmH7%n^#85C#P$9KU&8z_ ztMUh5VpsolU&6ZoD_^2B@-+zQkKR#@`khb>@p(gn^TL_vJjt5bS zkM!23Potg1H)8#}z63J}Gq`Gl(cM@Y?e%<$P6+{*M*e@om$=CPt-i!`gZ~$O$x)u1 z)cTa)x-ZQRh=3jBE!4tOZDYfp9?x6lYq+o2Sogy36mftJG?}x9`?3X+t@*{5RC%&h zCuW$hdGA%?VTvmu83H?1?A6KDo7dkpRw6ZH7ULpUps3JWp?n(N1qy9Q@&4AAyo%RH z3+KCFmHwGj^Tn-jH{d@Kx1qRCIxhTPFE*%*vcu@SBFXEfKR21Ax&=G`FW1)l|O1zjj||Ku!-Nj9n3^t+J6zfp?*}D zBEC$M`F6H|SN}<2N@1BU!OR+_qU%eeR3ld*WeVC<-t%h$+vl1BH7{C^M0i}Z^PVAd zAZSN8PAwM6D!inV_)rQPcOD$|gd2r99z2vtI>#8stHyex&`?V5q0{ZoelCF)wcy5q zgHCwBu9msSZw=vp@FNOqnl2d*=cAR`@h(t;MWU3DlkD)L8v*_?pZ6z)se({A=Q9yT zj5?UVT}~{n9UAe{2@tD0y{}jCa!mFrr}t7eYpALFU{}lc9UF4NJu@RRTjvFCBl=!- zPP6{9cOn;Bq1NgA*_lNo%et@wglMI~^b%LIVOXuHFB^x_en^+p?H#I|@5nIo9OCaA zeE(ojrbVC-e*c&3=^xW~;U_-@-G4VHy@4{RyytU2C}$>K+f#r2x&=f1`KXTjFPW50 zl;2H?`IAX~)Lx-CL|4c++%`|=Yb!>{d|Gll?*R`Uk6Vh!lGr1JZ_om2l1`eKa`DQ3EnDB%O)1#?^HnieLFh1et$ty!c6ptSL>@$5JH$wcU!R*T-n@E z*l3d`owsQR9{}6Wd?KRvaLlgf0%{NKsMBPa&cYy^fzqj(W z+Qe|VM+XG9_R6rAB$e0o0M2`ip}R5Feeo=1%eVZbfo57)NW!NgS;f+>?o8Id)Q2y z79VA3X_>u|dsAh!c+{FhGfo5Y!j8e6D5PF;RQ{=AtPU~Xu5LYOGkc4@P&wT?p zU&uPF;lbf;ykc-aScRd+kX$hHy}O#6Ba6pWJWf^X-V7I61&&&(*E3g_G`*=0URP&B zi;#zIJyoD?cVw?uXiF!jkESpvlE7duew7}{eqUh6xHg|gnUk(@WO7W`mst&6#0zcA zJ(<_+B?@z!5(GO}0fkKPMVGLF_X-2wE-z;>#s;EM@+dno5SJ@b&PQjM%*>IeSw3v; zMr!x6xed#$WKsOR;=o=;kF!BwL6bIkdE^y8o-!EEJ&51m{B%+DS4E@}tGO82gl`8@ z&l~5&muEv<#^CLQQs^dHc#uC2I=~FJ>G%z(+P*>X;20PI z>yt+uP7L>s;L3I*v3aWz_RcjUb3;JSRGQK3TT1HIJnI>c6^9}#S*Z80r;LdGK)|;R zdz%>$Gjk_ny@PjWq^u7*LKRR`!plDmhKpWpef;Xc!oP^s<|mv!zEfY55K#T{-bsn~ ztQFXXV8*!37vh)NFuMJdfYOI){ysOlv#BqLXg)s$uFPg4g)F`Wu;y1qMYfNd{r2Ml zfe$PLA6!=H_rrd|@wHHUskOyZlgpdsAHY3l;}ny~JP6$$w$A z)<21;1AiQ{Odv1`4%cX{pg3+WhfG{eMUC3&#q5W#bI&p?rG$8RYAtJ@a+EEc1LhC4}q-KuN3|)DIm=MsvcK+ec+rB+tk6l}E3&&2o0ULQO z9=Q@{X~Z5@zxp+RZ5=e{_@i4azDuH&-RPCL@$+ErT4G#ffqK3CsNLqlz-3pz>d(d)^H78+D4AnEm8crdDNBM}%PVvR(#p@GGVw41t2b5}QvL9!-G6T(a;}}RSE@QR)rcezs*QoM77^`$ zHbYz_h!MS6&IBT|cn#LPw^4f~s5Zkh+joR6Hb-G;?H+pwxsvt4dq;jVNG@w>ot!TY z47i&MiWuq(!j^zK|3FHnx3Vitp;l{SZ;+pauGPl{l`#HtDrWX#b?RV@xgzevA>2vv zkQ>zEl76&+{_Zm~@0o)&{iLG)ODUJXZC?0I*U>J9606G)fAe7Gey8qB`ra&hlPEa- z*VVGc&DMpKBNx^5h?q`*H&olrEjQ7OQICn+9UR19y;#U30d>RL}F~2USQq zStj9t!}WE1y44BKH_}g=dw1H=c1;1yt)|V^YDFMi(@0saWL|SG5W}s0!!v#z@73#g z;pOr4y&a1;-8(U!Kmvy2GA0sU@HQTm-;bJsu7IK_h!ujx-M}c5C9XB=;`bgzw8!A| z&e^Z@&78GTs>;xb-L00?F&#}Chc1toQ1~OHOV@~$eXr|DfSV$#ce_Ubx%zrx?&%?{ zzKnAhx1*n?O8MBBIe7Y-qW~rqkq2)r{#5bgT@TfV0Q`x;z;qTEzaa_CDt zMTp~MfjTnf+F}w`KkCF8!22LxQDLXAGDuUoPd#rQ!4erQ(qujQ0V{ZqeuKO%FL*#C zm-{nfBGPDxrFYB29w#xx!8RT$bN6DCr}wB@J&nE5*#5jY+@tqiWfNxMl{-hAk5O72 z^cdE-2axwcEA7{%*VjmN4V%Ex+de6|9lojiK1EueaBJ8Sa7K4S&R3H!hP4G3ob7Z6P19|-o5@8L4}a?Z&~Xyr(gOMpa63@VpDWwiec ze!#EL@81AF_BZj0>M@ipL_lljv$YRl)f|k+9ut#9HGX{)>u$l8?IAA1t z&@vU8(PqvRK|OQyYO7}JQ)>qM0b$+nw;^cH@n!y<9aveijIa6l zAF6AbrF|vQ{E;jFc5<8|VBkL&A*Zwt`HH_MmPA4g)8?U~h4mPJPR1$R&obY=p;*o) zeChD`Y|wqTP3O%czRldFNIUaYDD>b{c=HSSwJR=TEQ&R4lJT469O926Ms$q8Gmv_> zA4mUvKl1$%?f*>y6jA6;o{xYP+d00D6jIPn-d3Z(U;8pP5%@82Yt_ULNuYV?@|Il9I`%&k0=~#DIwpng(n<8c6_ONNsMR{Sx^G8l-af)Hu?NGS83bSFE~4K@ z2gFzNGd1Zi$Akl4`!21j_we@@pwp|(L(rZj5^BPu=Ht4XE-<2jx55&u?oPIv-kZon zsz_O2E>zp*X`Pbz#K>|7+_ZL$1LtTQYxmcyl0NCcdmyiUZ9QW#{d9h_y3*?{w7{4u zoqZh_?Y);A`OhkL07+ULujQ9FuaI6_d67u|z7A@0;mA-v|1CWx3HW(V_-|vvUEdLK zP>vV;Ty}MNW%y)r5>uTJ`=q5t=}!jPXMT7s288x5EJ*8B2Bua`JG2n?ZKIU;>kS8_ z#TgWI^K9QOKX#3>aFjDQImRo7S)62veDE5d$)++jLd>k4XIriuJfI9v@xPxFPKp%q zKVM}VzLi^lZFT={|E1x2c#S^nu;RLyO4&)D$VvFM){^sc0{5fS*(j9pO=~GNDp$0s zH(VbiZMvdkIiYAktYcav>AI$1!=mW2)y~^Q{7r9(Wkd=16kAPXUxSa%{_h3YZ#H)O zXf|jzaVqxP*5EI-5$KDKL;3yM=F-2AGyT0H(J7c+YwgD*l8t$h1JWzu%BDYts zNxH@4<1(pNOC;>1vCV})3^jy;EGWx*V=xot4|=? z9;Kgia>mQ`Y6d%^;Rk1u z^fn<~$ixGVVY`BU(^h7RYGN~c8gg8xL(B~=nb5kvU6jXUNnE*wb4KKNWs2a$P07o+ z-WFy4&{yiv4H)vw63CW%X_sD@N52=IZ&Ra<2#xvL10}Tul#YkpyDzzr*x%i)3NrAekWbANpKg2|sR}Q`dA_|r z^v<-ann#Y8Lllc+z0Mmmllq-zFEKxWeR+ui&4ws;P=X1`rgyk87029a0h=uT-GMzj zZ99A!mnY^uY(J_}0lwZ(m_jtS4Yd<#_qZ}An6ih`vYr4ZUvL+^_l@nr$WC4t8Wxs0 zCT}29>T{kyL#WkNlUR*TS#!TFE#E7Ai#KPZPa~0v_4IsYDZXBN3E*+%b(pSu;`o}g zzR?R4&)8{R+=Irw2c&m>Ts*GehpfIMaod3~kq?*zZOWs&uaLe5u)4_m{s}07U#pAS z?BjA(5CMAbRav2U;>bhdRTnQH{zhCB_;+S?I-NAV$z3jh(hJcWbUYJ85L#1xM|V+p zL4m-e?p?_Ro|AWPNPg2sm!vgfaMQO-pH}pyqxgaQsy`nmn_WYIVEQD&C_A zK{b#3l{%bEd(knkZ+XKd6g8WtN$Rl^y#0-#dH_n0mz0P>O)(EX)jAz1cK>bg`*Bx1 zL@(~@mO;z@gbOBCTg$~`+VN?0B4NCrT4Yi(t@Fw&@t>i z+PkQj%@8kz@mmE7)zZJXu2!J*cKWw4Lrb~8p4x+~h8_{j^K5f#ANCzU-J|4<<3Y`M zjt=VEk#$#ZAW;dlojjY7M=m}S$*r4N6IJpxUarCgei(S>o&kSn&J1rThd6BZ-cP_) zkv?LPzB*h2@#t=j#%-_Msq5>Fk4Or7@VYeJa#K`KBp8SedU)l+S=SdQQs)h}&#<|K z+)KB2)B-F$x1>Z1BxO95VzEoA)^(0JPQ&wp>^w&BekRnm^sDgiqB!!uLUBs`AW!uB zATF6qgxoWRO~11oTXE;Zltvf{29TELvepb@GsZCBlsUw z`~On}{{T4fmk3_|Lzjbil?#zm9VCMnm)Z%itO3i!Nug*q#}xzkH9;ljSmx7aUk5fl zb!>`<(#4FnB#w93%P4rRFw@S=gEd|I=Y@P*uXMRoy}8ho1b`Wzaik#ORd&7Y87QKo zV>pMWbJQCKA(xka(dD3u(&Vxrxzc9w#I?A-j0Lz004!7HU)9e3TxVmrzwB}#2MqA= z{4%7XLsxwYHOOwLCuHEhW%X6a)DeNB3WVCOW^oWh!^tOkKTpw+5@-3|8t=eXS(PWO z%h`+-fa7b%COzXIrCEn=@n`-Z(QAqJb11Lj!j~IZ!?orO=P4L!|HNUf#J9iia(D-( z^Q-9oM_=OlmHdyDjcYdk53$V8tewAwsb6z9=pFd4&dj2;Paj0`gWB&ZE68*1RmjZQ z{04vI1Mok$D&~KhglCjYppe10#E$+&;g_r1_#l@5Jr8naI806R92*4}< zyxjloYJp!Z_g`7Pf_oIR)a_O5se$n$KO|R&dJO*{b{j=-_*lXMh^ek2Z| z(b%c$y?dMZbwI7VATRu_-yuq=9!HDpZmMa^xGpufJZ5M;DPreG)7^`YiRZV9_7Kb&1eIkgh$wi>vg`*YN=*4oz4o-!B@vc&Tm*?PoaG1I8C7}ko^ zx2Hvu&r8Q*{E!INn@3CgmIEBK@54Ki9P{ULr)LTIbkfa{_$0Lw?Vg|p=8%rD`sktP0L#KLtEKWfU!gq^X%K=DhskpiP#y%w{-zRntI2^h#kH|6eV^_hgPn_qM(nw z*cD}G!A8D8E_7s$#9xt7ai29|C--3i8#t{R2eWdtiah#eL?;kzcjBrMmK#uwhD4AS zB=e!u24vd(jeu499do!>nbr24cl+xL&KEKWK6w<%P}$`Q?O|Yh@!On~#%&2Bq0eU9gqw%LqdBh;@foC*);wkLgv$GqyzGn|p5C^}t%XC1#Bs z-?XC^;5-DFj;^hogz3vgz3)ftQZGobPb?=!@Nu2TG{4AvM1*9t-Y?Wb8cTt`UE5<= zAsp3p=?dNb`e3lq%igIUFk0zg@r-)iorRtZ?i zEx!_S;_bUmS0yP1T0)hVY%-LSd3NonC$E^YO~T<(kI*loSG?XR7U}#xwXG`v7|QQq zlP1Vmh{di^Gh!kBawvYJtqhFX!V-{ceoikD8x(jUq!~r&bXIXH%2py9&aC^PM6T(AKX3i z>C19U`S!+-TMD=v%#WC|wrI-rm#Ogz+zTG=E8tM#a#32wl3TEEbXE6mcSSRk@fvLV z{U)!HX|lZGVvwS$t{}u<3@{+uh>mJOE%ADrO}>*mEJ$#fGzv#=XnW4$K*tBHnPU(6 z;T>|%>IT)K>^j#-CnBvcE-snzuGTbw2vcHq5UUPez%H02^Hze=br$tW>CJ`+jA1&Z zcqF8_vR|ntyvmx?uomwZD91UnyyC*_8r3iM3Olxbu>P!9|LyJv!U{(3lSCW=oljdtR=v%$%Ylykq z4zw*_1pI&R0RDqe|K~u-Z^7^f)r&*@l#Wj0Q0i~3{>5h!_19~^X!Qp^9atPqc;A9y z8dh!l{o?Ue+}{5`zYLTvnOdQgZxRE^XXSG9W#GY=R)44djK%(Wm~{DXq_I`1qI~g9 z#S1I2QCPS=765N;UB1qNo}d_Q5?w`Id>q{cM4|&RW|fI#751tc5G6{%V;}f>>)MA8BZ(5A(+DnE*Nwa-q86~w2qutcvOYD5@n+eO;wxJ* zMd?z=SH0aCA5~NgN>IU5n_hfs0sl~0^MfRFRcY9qaNY6UwmCkY7z@@%FN`>(NTe}nahSjIf8(I1Rugu=~%0n&0o84%gGG2An7-h`OUHiEwkBwFX%$2Q6Kve*y zm79i6=qcG;#bbJ_BQg}}I?`!vl+=bgy9t>JlHuENurt>!@`}2evXTs}^nQ0#e#&x8 zYzWO7fZ{Spm2}nA%2Xkj?^hB$qr%5G-pEC>CLHfE6g5j+Z_ACMI*yo~k|%ZVp04pe zlK0~}wGFryuoG0k!zASZT52-5+~2!s?AO6Wd(m36a}00k+`N#yc>9L%lphvRfQaRx zB;~AskR138gMmLCNBbIrmG2O9V>`mR9O(72XiWA>meZ`@$$sw)++>Wg`eQOipB6y9 zJjy5EwekdoYRsIu4mu_y-Tp#C<}Xv;Wl+z+lW_vfxtyJbcfCTSBTZo;5^c?dAj2Vq z;jBE2*fCm@x+l&11E7e62~w&-_dPo5e@uDOZ6j?sP;BAUrou;qi32H7n>fENh`@U>0B}$3lHV=j7U8b!p^K|qQLFYR}PhT>DpUB*hE+<8#lk3lcbcg$ekTKHO;jvLn zd*}d0Ew{zWM;x2)kIg;m(PzqAc<$QMOKt}ixoo*=c*`?N3ej%-9h^RYm^fYl5QfxwT#1(jOAJen-JSIRnEl0eyp2g@bs*?DuaTyL1l zCjOWc;5c1}@zzc0@iy1GE_I%}yZlooDW8eHgATGT8 zR4Y|?a7^1e|IQrkJ0!A>_d9S@)|y(gE6uFBMp&EZ*bx8Mzl!)j&KmfS5&yRg-0z2l zSwe>gaJs(sl<+PhJq^CO)BoDRzW)^MzaH#+gFW!~XsevZ+yt>K3)Pl0T0}#2Oi4y9p(=e?nBBZCN zX09~!*hN!fuk9&cZ@S=<=gl$>Yt^bs3_LH#Ybr59Vb{s`i&~laux~32+_n-W(DK@2 znq}>^Q$%X1yuX{j=;O%0P7ha@&&N}cmRKH_@=h%U%bE`WgCkU|@m3?21o|mpdj;6q zU5c?IO(z3YZ=u3GJPWy1iC@NRz+dLaS-%wOxQA~-u7N^xTw@c7m zfliS7@;oFUGqMRH5zqR1?l&N8@5R0N`wSd0chmoT=F84m`Zdw^oAG@N@nev0BZPtf zPClIda?JMkf|MQ>kG=`;iqo(8EA%zOUWq?jqoP>oCjXX-qA8dB9H~CPH9>`*`P+!N z-;d;f-P0ed`(k9fVn7@9+e|u|Fv-vJznM7jO%TBRq5JXc=q>?KO7*L}*XNp@{B})@ z6lUAyl9;|#w?v19;;T{sU(aTnb@=T>!|$?PU+mvyc3b#p1(eKA+l2hha!KaP3;e8J zX0rd(5m|R(Akm2w;#6^c86lVP6=@`SeYw7$A>HuF+#TgE0kjVKvmZS=@33P*dqv#6 zMq+e&i7t7%*K|q-IzV-0lW)))^V43tNp>9<4ONpBEEuq5phPLQSZG*4d;$GEMHlcL z^!=9g_!kuKOhlr5FVD!PX*+Rhx<^^+KA_I3-j%=3dH>baJMUKY*lpYAt{!7G!qW?j z-C*_tEcB>$XPD=Df~Du9awMd?;bKTrk*3h|LQx~t!=vyyuHIyda=YvFh^wMpMU;Sq z>0uBKvqC7YaRCrrlRlfL>O@>(#pR?V`3~n{P!O!%Sd8v}Wmun>_P=XbZ1@Sjpx^to z9NgD$&&H;}X(UZK*j~e{|8*++55@(2tm~hQ>uY%U&&CD(sJ8J7Hezgwp@2aRFcZLEpypZ_LD-J3`y}1}B3ZpCm1{Em1u{k_2i94pEiAxZUAn zbB345aTQQJhZ8$6lJy{-xBZs2h(Aq&RHGaAf}0&R;*d?y)^}!i3f3UIcpyb`z?!X2 zc4A=8Bq%9W@leb8J5sP&)74fN$HqHc?$rlz1>d9ap0MbM*Yh*l811S$v@RwrJ#oQ(+d&cXkeS(A#9P8b z@Vq#a3@*m0eg>f3xmR4@VzD`fbM?GqV;HnM$FOIXI(6Gt@(pagzPn$+wCGzy(^(w7 z^3Sjj+eV6_1!kYOXFJWV1n6o8X&a$#0+yo=&5X_VyfXDApN6CK5M;e6Yv*p45*z12 zxCLlB`zPuknk?=;(I{0{2`{GH4NeJwsa_Os(P?PUhGB0?nOrM4iCMc=e(MfSz6U1v5*n& zkr^JY7&Eqmu7m{H;oayRYa73Nr%X;f{BYUaPvY)qUD$^ZU(|;X2jGzcPoOwrUNA;?cE@=uO-nE98;vh4^%)2Vtc(Cg#o6mpH*4 zpK2-ho4Oz^Xe=R4cP@Z4we(Ob@(v#Cmsjv8Ymrw}Dr7n)ly3I%DYW##eL|$UtGj#| z3vD;zz35fwl_u6Q!2VlMAjD(G7O*i{r|uTs#vfXW`(?Z$zE8mm##BM-gPenX5)AU$ zdgWOWhXOx z_g9!I+qoalkc6WV-n+{7+H3Ou3wl6X4;lrs)+wU*^y0Cm+ za%2oMv0Z|Y?^NJF_H#q#Ml5iyBKJH^^&|091dPOD-ir69E1+-^XZ zEJt@}Iql4fKOe@UyHKKE^Un3Bv#{CQH_73u z6UHxMjQ^ql@)IjIlc;#5(?YK1B)qiksIu45>_5B*+Qa%sUCqBL2XyIYJhvlb{K-ky z7_yF9GPD?zNdI+Y1xHukVHXgQ-~Fd=-ga@g{}y&7{rUyh5&g>+`rAN__Pb&T(Y@x| z8t}EK3&S5I8HV|rqFMbE%|9tIKA7?~^EMEJIu&p4&j+k;4 z5BkeW=hFXjumkkspR5l5ZHg?G1}hnYP}8#VWXHj04gdq*evAvRj7rNJe_!;PC%dSydt z=M2V`-b{xTa>x~!b;bvjeUE2H8j$n+}i>- z%{f4;ULwDq531@p_(U$gfWtQZ}X#$0*Y2!(w z>Vd1A+iZ0OTJxYgBrk3Gl&j&pdYr9>&?QhXxNArHLos^ws?JyFMfAxaqJj!(4YdZ0 zDYxWBJcWdQX-{mekmQp|N5$%?QFoN_IBxmb4_*b<9YBS&bt(GtlAr?;=X(b~3Y0)) z>uI2cXGJdI$raQiHuAF0d&vbd*uJ8Y7vIM9AzYH=i_aTXM%Qb~0S=z;81D>$SXZ`p zftu`!#&sFi305fh!~)uQhJ}SSQ7u(iF$r6syb?ypd-~l37;bd|%^qEHx^W4FUCkI7 zWsQh*pbS5UAe;78NwW2zN_UaDx#T|1?KsAjf9n?SNePX0p?S_{?JxvnDBC@zyR_9k zQlMKNscz#tX~vPQM2Yi&nRc2W&N4JOv@jm2>CLi;ghI1th^Wx#ce1)Z2^~kz;eHj` zq0{&RRu-%Pcyj(J^1z3EY+L&wk>z*eF;w5=t0qDSLEi7~8$6f8+}JC9wI+`|6nVAA(_8`YCEI9Bo1y zEw1lTZXc%>zU%jkwzY951_aNtezZke@{N4(Mr}UQbd4Sw(n|w)xi2)! zR>VaV^$putow>WmXB5_1T@0#EMN1{VdJ!DHct#Brn{K=!g_m0&lB8>dv@#$BjhJep zmc0fk`3Cm2^+^Z)jY>l3G+nKwwJGx@9kTI=_=Li;wm>dr13QGYd&QIvJ%T{; zTXecUHGt9*frdmDjJLKjr5-0p^cXP&UXAQ^JA4t_%=78NB@Nm(Uppq5O`&i? z(>e|61XAHWNmB$@Hm-reDML`?+Agx{eTeE z%AW|q*BbEOA_QN20QlDkf&G_4$FHVQfTq1;xx@I44Y*r@Cv3Jck5mq#BdFAH7K zZs3E!Fx#qt89id2wfJfPJ=_kLmFjm_k>773fxo(n9J5tz@5H5IV51jAR3aTWcGPiF z`0uYG)sXxYUgmPH5HNDmqs5J+B$9WYzaM`w5aKU7Oqs`hTf~cRjvl6IAj=BScrym? zL)VEngeFyvuNv8|kBIVCp+6_Hz7gKBB##pwvQ%2-@$2sArc0DmlqL4ws{}iiU{g0>U=&b)uwd=(wwI?1w z>umG=Hm9;tYRv+p&M>C^O=IS_0QkCR`sLE8VBuZ=-6326NIjZ(gT9}m+i&t`A2r^&=>H-*{>l_`^P6w%GIkLvOB#MZz_Ux>HTkGCsIjfAdu~GP!Bld1RtN>9Yg9g7$|6C*sMyV}5Ff(}k zJTB#5P)&UJ6Yv|e7n4CX+BYy!v}4-oZJvV6?HL7z{%5b3pEbuk-E-E{e(3eY%P63X zITA_l8HL~YG^|(P1ohl$vb4tzGKR-@?$n?UM_Qwq#PY~=`;xz|@)OBb0s7N{C#?KVNE)j@_q zTgIx$qEfPBPt?SB{u_6=#n^bjE%jOqiz&Mc+nbJW1|`b!`#%mZuM?#RB2n(~Qa!|3 zo)5Q;YQ0Wwl=qkVh%Sd);zM9N_vui8UqilayIaYdToQ%1S4`t3mAr3?DNZ=lSNRL- zu-nYOlpszA2bUUFm!5+jiHjxi95UFQ^m6h0wU7X|Aqga|x-L=4)kI^C(m~f;`>n-W z`4z1DP$aOXnrZoOq1X4e$o~#{3E4NfzxzvgS*4+rkslVEXnN{9I1+kn7yrf^@DJy} zd4D{9`fr37@bgTLZ#O%CiD0#j{3*n~t^Gd4fFDh$`FBGM_=>UbO_JXc>|dDMy1Qan za}L7dH(>?(*lpq@cJ~eA&`O8JC_{-i5`^z0pab2yFQ?wZ;LX>!i}szceWRIb9%Mnk zd%IhMYiVE0R;@O762Rv3D&yZXWe6>s4CpnE97K}x5|%EiiKJ3hd0#2SYohf-WImAt zOCg-L+^lFLO|(yw#1T>Ew#1l#>a&}3tK7;a#^wD6ALz=g6#XG?D7{EGtU(R-Q#NxZ zX4YZFqXhgUMCO@nUB)(qYe53q%+JG4$8Z7OtbM^5DnIcIp)%!C2kJiW^(l@eG{r(| z-9^31!%$ZS^@2SA zlNrFV$Fxdgw+j=~h~_za6kM}I5YqAD4(Sz+xI;8iV)^ybx~Eq?0mgj{?M04$o-B;} z$wMVHiXyhWlU+pALZJj(NYQ=2KNb#o3{=`@?0F1>>myKNa)e5aSBXndW1AGvYVWTi zE!R8C=*e{`Gm#I8JNm|++b2U|ZnC8So-~qFbGWF^Ctc<$7|Y3=wL>D zqi*Lwi8Kfd5RXR#?(NxUQ{g$(EF(TS=Ns1OOnDJtZXN{XnK98`kh(9t*H}f2;pPb6 zaQfzh$S2LW4sWY00RaOogAj5{;N3UdfbyINHNU7pzMQmc2kV8Ax_H0yK1w_nNnVRa zp^dzi`uN%S=LB*!3BDJ5Orqk*0R(izIao`nn6{RbZ>XIiMM-<0_|oN!Mh@c$mZfLx zV92YS)ica3)5|bcn;)PQT`MOi$8qA{=B5M0;v9-v5$dy%m#PR2Pk9n`PwL4Wi21eu zN2reeZ=ia>q>zc>w>Avc5oaF#b6xtiru?6xy8JJoI`;xg zl1ypZJ$WnuW>(`3n1k`Tdiso}`3v9#SGsFPt= zkepRUK52$a-EazW19NFp(*smzfyXT?+@#2wh6rG&*Hq^oyYG@wSEXh{ydmP=z2$l3 z8OQZ%a(XIJxt<8&>CfYK85Y+nd!I!0r+f^7@Pw&|5ILtsQTz_V^H<`K}T=8CSz>v*!W^&IiV%$FXD z!5-yG60XOF_a96k;9|AAny?QujaKpvhwDA+hT1auDEAPWXrxAd0&XJ0kX*-xYf@hG9qmA(Pcz6l`Qf6L@>*W*?RI&}9?j9ZsWU8|%4#?hrhx83UZn&{wnhAcd|9Nt)DB;~k`$YKmdT8HQv$DX8I_+dj1T)OaomjB&D*W-t(AP_%}tW3rML-xH@^^e5Zo3tIv@_;t5uhe zwi5z85&YUjb%g<$(_z#6*33e4J86#cMW`~i;oS>HiaI`3l1jSm=biOhv}l|5q&0O0 zieR@=VJVVadFmft%|SHzdWZW526GA=TBbPHVO&2kE`s)YM`QVad{#D4Ir@h}@wBsdVON(KmPrz=5Wn?N`%*#xKlV5xAgFx|Zz`OqgH5mOa`;rG5?Iq4a|uL+ONIs3 zKlFRH8pvD=)#4x>0nodk%R~aOb#xGQ7ySG-h4T!UxI}TArZOqhw{1 zE8PCe@%W3N_!E!Ve}iQ&U&EVkziJxfp!*!XGq7XGyc7}u}fV*hDO0$)M-ug2tWSou#e zdHtkC2L35AvI!$YEYkP;s;0r41rd>(tBk@!@+uvL%6$%cVF3%MuC$hcykLjMh_U;n zpb}Ig3S9Kyk><*nTcQThtQv#N8&lOn>=SjLQjm{?1G-k2OB+cgZ-!JX3lJY;`y5{T zAX)bhH$j3KXWu%?xZV<&#eP1lKIn#+gEXDT(`hH)YY8V!e&G{IZ<` z@FN6ysP8LGXC4<>u*MB{ll;{7qV;X*L=1MLz(>)o)tqeA9&gh^*z4Wlx=Y!p?Trih z`QT!y#&7`I`%B^==E2MFUUDvQ@wSrjjDhh*cK?uFIZ4#h@c%EwwMS%?AMJ&UvufdA4qwp(+5@}8doC{geb#FxyvF&4^sm4k#Wy)gjPTS(5Lklw9-bD# z_Mh5T5?M~f%BV@F2C^T6ZoL|6)#gm?q7OktL`{q4wWC~YYhn5xZ|ehjd0}m;VFe2# z@F@(tEotX?c3%P-!(+GB$K0CtN*hBO3GG56J_%*l?=ZQc@XMSCGoK^QeZR-&BRo1h z+whH{Rx3XN$W{4!94Q9YkE;hlk?Fw8aChR8D?~AUq0v%DkZ2;|a|nzvGrI-NppIES zAgW^p4F>9j6)tz-0S<|(o=hO?P>00JXvc> zF(%^E%E*8*a!nsj+>|$sp{`)PfK)@)LzO+Q%aiR>z(2cP?>eGXSS)aycYe^a4-G+< zBu~{F8Jm?x)_C^Q-eo>Wi<>mN;7-(Us83U1nBu4NPI>bAp(KmVUVR~J@_CZ_2h+iQ z37ndFzWNP!p>vMSte=(yyQiv#AJ{F+1(N&ZGK~-yJiPzHCObV#_fJJ2cO=tvVtaDo(kOEZx9*6pRL?baMk6+2`%dlW8?=640kj$ zTpI&N*5h%3J;t*8q?XQh*kyx4AHU0oN?^T=WV+#o?t=VdF|r^#I{m551>TiSgVw%D zwoKFefAs%^JOliP^!@Qg-^*VG$$FB%$P`rU{*Ku3@u~#y~33+;O)e*!+A;$+)OB&*o2gM(=f7 z0?SHjq*gZ>IAu{*cnwpYLGG99&HZ5)*k3h)HK4!&F|yzLBL3_sZ4pRyoX-m@-sSJ> z1I2pTsF7O=7Alb8lFZ|r()&VT8U8~L)E{(#eIJcqJXMF>@fOiRo}By;a<+aP3QUn- zDdrr!hAIpV}IhihG?fBEBG=ka4-Q~Qrx-w*y^))IW)NdOC`<{OOe{H!&%ZH?cHUnkKz%PxMm zqBuT312&kiU7grX;Qpq+@q1t%`nSmfG4iQtZ$HQ7Pivn4-P`p4_?!I;C+Z@o4-eFC z%I6DN0B<2I9L_ICxui4fCbL~}vgh39UGkqo*pIS2Mum(qqOkw(x)fe!k-Tpw^80d?V92^4pc&$&F|3DYHPMf^vd)^bK*x zE2W8|Sm}$axnsBl^)Z3&o6zAfoeW0Ed4Mt94tw{GGz{>kr9bcYVd#;eY{L}3vgcM~ zRpU7Is8pcQoz1YME@pP<4PkaXZ-RIU$obAz*@|l_0Oe4q@8A=>Jsyj5=KVH4qjj6G zz#DazAF}v%yJMkSvl)o#5xSGy(-B&3AY)FoVp&%QLkFdIuQn1OZ$=Wrtc4C0mfF>@ zp8Dp{ZDJsA2|u2vyseuVXad%{eW$mYtVFppw9l2%ZZEepiF?@#E=RkRrvp#=SPXja zx-&k;`s}H-w_QSMpleI)NMmq`jqa{Xs&@yLXK_hS`BV%8R~L>RT(l#DAZ9gXt%#3IXD`_ajFfr$tnBrUU?7~|vB-G7`R5vut=A6A`WMJXm z(fjXI7$)#9IFJ01ju)?x_n*2@Ww&Cu@plZcO>xCPWY_qEX0wljmmpnC+<{SQI+g)* zulZAW1$F+HDhz-YUF)+aDsB$tORJ?Q*v-XWCKy> zDy+1O#7=l!#nzL(AVP-L0CJKVYmBYq{7lhG|q>~h>Vy{Ad z5C-Dq~byf4+M5QIR}tMyqRRXAA-j+wLz>=S8~3`fl3@m)A7Uz z*N{nt7RkKRu$+`>VYX!oL!*`5EsQ!o)Rq&8=H|usmxfoH3E30aBRcE=!jZ}L3-+fE zKEe$v4*b17$3zG^TD-C%pwpOX#R$wwU)g52nKtbmY6PVqSxjQa5yJL$AIFoJnFnBX z#OSy0B^OcTh2OELKJ{KFo4bzd2`uT?JEbT1Q|Ag9vWG&_kTy836K)*pQ?0eSBFopO zE|?ShdIR!G$f~#M2sDE$C`j*d2d%*({QyH!E8pZe%HNQX;{6pJ50~4+dEN#l#oB$% zr3^pKP|`VaV!dUz-Jz;*QaA=?9?Fs~ zWP00$C7jM)RlSU}=y>5Ql#Kq?fa>8^W&ex!&A&G`pUb}}dOQ6p#(ekEo@e(#B;@3Q@~ zXWKDyk5KutX8XxtiXUIOC~RMojI2AUd`XL%g?5M+(am-jWu0nxOYCUU5XfX&epSA8b~`hXrOW zxRfMGMQ&iKRYM}>HVc=6k0uYcd`lSDxPs`k3^}TK8W~_CtzHHqGPh) z*(Vyr*Ad{L`l7`3aQM%&vFq<0KmV1p|KDo>BjW=t*Y0SD8+CV|MK%6Pv`1IY-j9dX zeSR2ETk|{n+t8ykN1MSEFLF4H}y`Q!TVLFK$^<8vS?B&U7^#os$|~^ioT}6fZSyQ z5BbfP7$GRH5MYzAQgfr~lt3 z#9stx-;>`(qrWK9z2C3>UnfNSUnzeCxSw7CGE9(AOLk}QL~9-CCgRl|YS_3BJ&ACr zHj9sx(e{jWYV#@W*uja|T)46kxFM`2{o5?xt^ADcM-OCazWJ)gv^a`_N`x%hoc9kF zJShk>Ek&ZzG;KzIire;+kk!L@6z$T9Cow8V`mo144>F}~-FmVIb+{jeL!B(wpNXRE$5qN41$0p(1K!+3uN+eVDxeQb zR6uf>QS~7ac`9L*SmnLN8t;-)nxdY}cTd6M>p;N{QDK5@I;xXEZpZj*Iag`gdRqiD zlLs2bb0Yk9i4IfHTdJ1aS+Y8}>Xo$ctsCKoP8+}w6vAMnEo%UBGJ#JkeHSaNs z-;&S5S>93)yI$aMLL+xN$MBOI@CXJ9A>*h=f%sLqj8Cd_h{%WD#3RtC_E}1yE`zNx zo|VsBn<>+bt7lSSdE%@awCg0Vf<520ct^-+i2+(zK1h4mTt2z_!5vD|t{CPw1};|! zScQ-iX!IC^45kLpX`wupjLtXr#Dx;l+&kaZRZagaLI?igNU(pRp@`=7Bi^TPL9Hq`9ef zDs!kKSdaQ~b3sk4FQqHoi2T&)5PddXot2^VjGsDslW$v%2c(=miaYt*=PJ<#8aTV_ z{aopqz$yzu-OS(~Pa_Pgk)|oWGQ&{7)EIw?!~T%HM==(|=zTSQk-T;`pqY$Zet(g# z3Wc}@kggmu5Q@75u~?sMw9gMA?MlsI$ku-l-qozzYmr=zbrRz>JvBwN@T1OJ#aGEh zoVc;i+t#Y%*b)I@9_nqqis$Q-9$*zkgF(QQ@re{5jy45_)^#>>eIRw~qP`w_oTEn; z$;^J&OIlQhPsRy~Y5G7cF#-LO-R?$@b1u)`bbk=q#@UK?%+JYvXq6k>7WrP!t#%7P znW>m%##sgPuD&HQ4vI=fD~J%&h^#;c0?cP{s(8d}>h%`=(DgLq#ZZSKp`=?nM&7-3 zH^D8dyFjhKq0N?7A&t!fS#b}Y8s7bDBnpOnk;{<+X6Y5nG4K=P)U#Gd{9vY;6?KH; z2aPlFqD}aYnY(orWTluVm}q)Dy|&sg6Kpb?=nxOjbbJ{_X#(R}rW>M_59_sT-MMFT zCq-MA7~b=+LVKQ48gA}Xtx+L^5w}_){D(JSxf;C^(CS{YeD+GiY-O(*z(dpI`r02k z_+%s!vaZRWI%?$;PAxZ#$`!|u*9dg~MFhY7drn~T*M)idOVf}qydr6*Udl+`Moyk& z^2zLAfnwJ1XDRu2^!`OZ_uoM8FYpF_h~D1s(c9$o)9{ktq4)Q-@96!Tk#7GvdVhg8 z@MHA$|K_s5)_ln|K5sbbGRuwW3YUkQ2o&sr@9fHJA@Y>+ZgUa2EH4xnM8tcc?Bh$4 zf$p*2J~&CWz~Zwjrh8^;*#ogO_^r6(Cs|7oNIxzHK+TnCrB^8O#xunwjhe4?rB75% zbUBT|e@RCN{F&o>vz=EPWP}gjuaS5BhF>S^+3wq;{((#tbqNJ{wl{NRcxT8q3D|7J3da!!GFYIrvUC=XvrKt zrgo(x_tD8W6Ejz=%GSo+Ktv9qYmGb0Iw*m0iZGilv&YwVM^zUcxy2B#hO{stG z@R4`<7yI^>*8;~40>hVi<+sP{C7@S-?CSA%)1z_2i?5$7^}dX!f3qeGyUYE#sYmc= z5BMJ99B;4R#ic(t?^HTVe-E1E>)ZNm-~}wh`oD=8nUjBM*a7}&_W+fI*r0PtdQ?+0 zZY;9uZ+c0v^$=cpQ^zUm0r^v%s}E-##G;K2#ZOVg$>8R~C0XJz7{Bb)WzN=3;Tx9G zp4UF-;`7@`qFi`A{dccw246<2GgI&dEaB^pG&dcp)?v%XF3r6qY72`C7<5xqHYmJj(jsAZSL7CtTqvA!j{&H(v=5R@KXp?Nmubbd90+^6qHx-B1=I zoT#b4UwtM#+>4nK)^o;Jf8xe82y{JOZ?yFKl68roa*k=NOtQ3+&~5boX`5=4a8OH3V4XP(athPx%bpYu)gHNZZdhl{R8 zLP6o`-K+-#`nl^(SkK+>i3Rqfk=_(1Z4p~HqV<`XI4zytLX!haMH$>vZc4`fVzTlZ zIH>YnyaWphkDRbVQ^5;J^oN&oql-rj=OI*E?hrL(W@L3n@(KGY?A+OA?v;9{0T*iH z?oj4#4j%ye{%}xk!OTwInNUQQ|Ar%)RVAj ze5Y)>)M!SpxeXo;5PjeHb0R>uGxYGbdQKo5TzC>2iR9CyIq%WD8^Oy<<#Z{F5$7N_ z#eu%QgY=nop0O1Xtn!xcbM$c}l|JWM$2Z~RP0GGr{CsnleYW)1vyz596~;i$g1LnC zyV6ui*A!I^#5OUNu>cW*%EG?Z;|v^wlPeh8L&QIn^=)_xQXkwsK$NT}m=5ibDpajX z&|(C_``xvK^IX`C6rKR|Ub&ZTi0>8?&x-FLDrfuNQ8BCZgiK_DE7OwTawJc{2sh$( zQa%kTIy$;&aaQDeAEmOeuAG5P%nkv(ygh~!N(5b z*oKwLOCfIAdl|cg8%o1`Dt~iI_MI5;!T%mHNZnX@4vglhY+p;S%15X)yZ+aSK@k2k z#NeiX`RyXVBL+XMwf|jWAO!z0F)%7~z&n~HmB?Su(T8_zi>O*StoMj4b%?eIuqcfx z+(qp$wgK1oV_UTI3b1j7%3?-mzKx%ebMFFFmU*8;8PDyd2~Q|474&xUBRax5B%G&FL#d%owEFhT3aETA@vwP|-2gS+3c+W~Ryee?+tlt=p@Zj}qd7-IN zh81zKTj5~(6L{ySGfK+Tt8yl)%$pQA_~~=(#BtU;vSj{TZ2lm$ZYn<%-||GUQQh}f z^0%Nz1R}0Pk>pm6*_G%(8;T-obybef+gyPm+0};S!-M^91@)3Mr}e{hN;LJ^k!_Gd z&I?uW1~iI5y#9}PgSH(j9zR9Nt8xKk@M-VlkY zMX?_5C=K(Mj$%$25K9c=^WezVY!F^ra`>izw38$$^Wt=pb1{uh0sD%!v6x1uJ-62& zd|-KmmF;{oGsH4p(G*cRrWPhpk2mN*ee=q=*W(h4v8T>~?0JnP^)ARw***k-PMnrN zedXx%ioFb_Y05jKW9GsUW)r9RPE41?+?n>?@Ja080Kc=C z4|uUoCc!3RA!&-=aUy!m=F4A6)q&D;lps~QF;CG=U!T1=Na39id1r7%Xr^uKb9Yjd4sMo^-zP@(Ob(LC_g;GkrPcN%M`le`bffx zVSS!CQY3vEYy(gj?|b!(GyVN&6g5FtxbR3EQEH+?OXP!-BO`oL+JlDg9Y<8!oi@Wo z-2+$>(zM_FThDsvTNrUosQ@n_EC}z44#5oP(fM?x8aNj~gvIlZNLT{d!gaC{^w$~( zj$py2-#eJJke?VpI<<3Q*h*7Pd7FC$xHnHq6+3!vs;P1WdTcXdi09M5OUX1gF@MfR z>%X{cGOTiVMuzg*+?#QWrC{VBIz@6aWGM2mrz|@LGm1_`&i`9RO(1IRGXA003ik za%?R)E-^JOFkdt+cWG`mG%amuZfAEdVrgzKV|8+DE@gOS}O`&DV zQa~0d3ba*FDj+RTXrO_KCV&fy3Wy?z8zLl7m8F;j7{@3sxIHeoKIrqPxM5obT9z(= zQgK6ZDTq2_Tnb_rw)vf9l1wOmpZEQ|fByVPGjr~lbI(0@JNMjk&-GqgB3J}LunCF( z6$$_QzY_S@p-)8z;l0$4`<7WeANRd-?kx+m<}bMO<^?z0ku~dvdGqe{W!*SCYk_}W z)-Ch0iYHx>b;q4I&Ay!`V)((QuE=LgF>&URq@F#;= zLO$u)DhSEOH_=~V{s=0>Cie&-Ntjs`{V4j=_C4WI$Y{tHc2fo;gndcyv#vn!rNHmj z0%2|kL>M7>u7TgI0-@I#WKlWnLLui2@XsUpLQCpD%kTo<>=GZ6P0eA3u#XR48~wN3e$y>CWeLnH%1THsXp6_>1a&t284T$c zz^|hXUgZVz8IfcGG7%i`d+{0QK~*EE^$6Ht!!UeP7nd(g7HXz(|2L2YzzWq)>q&kGU6t0Eexoz;q3jcrh-?lk(E)e?! z=~?VkBuIhZawNt6lb9pq)z#3@0Ixs8YwSfczx)O-b5`Vgul0-4tjVJ!OZ|#`?AyLM zkoW^6%IU9o3j{?7Rr=_F^Ux1aWY=;IDZ9^V7`7T@H& zN-3~CXWN=`%vYTV*pUyBU-5&<-RG=0*52ZC;g8k7I#7nC=^(DWSJ!oAO$)r_)rIzo zYpb+d03!A&6^Qlp6+m14?eh+TL0jxoEC_)TAADK_h{Z~&O5eIdmH6>MfX!J0^2rCj zrogwJu>DIK!jx1fa1!f1AOF z^U5h#Uv&jg&61Sfec%g88T8(_`9hvPTT*QO2NSFF9g%KPz6+|w;LRX}aur&<{)HsB zG)m&zL!?lp|3^s~_8W`|dAgDuXt9XFs{l_)2KIyR!&8mDGw^}(Gm<^<9MZ+$YztLo zRR_#n07||zS6*d>l}fMIt2y;p7wK<9x}GTlb5K$5A#yl<(@9;IWUKnc%TT8opL7tE z-g_@C5W@Fbq*=OD^-Gc@x2pRf(WCT#`%;v`j?jMb!SR@5;7>>1ez%g=OT8Hor0{%; zBp+7)1J7=`5yaJ7a4TJUNph7G*yd0b#3}f}|A}PzQ>sZJS;&K?15NeGUDQ_cfF+M& z9}6HQ-GiAaf=5PXha=Y5-=N^>-QiKTcZI*9Ix$#{!pIcxZLiM<^^$enjO(X6r)`@P z?GqrzZVgA_zJ3FF=5X zwkk<`7@lJERRypVd*~8i*OdJQ@%%Goruhi`)Fe~$zaGBPhM%JLDA#De!;@U4Uc+sR z`tR(tXdhLdhALXK#%STu{_Uc4V&I-O>FU2<09iw^&N4ck>A%0kvyV-2UhTZfImLP9 zRaaxnm89_P{ffNu9>bV;TyFC!W z57v>aye%LvXHTf@&$}f-vcHP~8-}n-g861j$`qvLl^fmA;CAi~n`kl+Qv+kqvWY0ibQ!V* zs(E{%lc~>jMFbxs+?h=X%ghK%0Rhu6cNp({oF>UfoaMR5(8pa+>??8hl?sJ57NH#f zh@RRC{Dry~i+9SNep&GCG0<$H-`+^`0DU`dYK+59%)lW=e8++eoXCVhsM0O#%@d}9 zVkd}eD{&wNdUYmx=OaBQ(DTU69%Um6L6WC2)s9TH?&3iJYvp3SnrTA#j1el#2q8oW z+b2#o3GjRt;A>{Q>1IM_F`?(o2&0(LD_#?!flO$X8Lx|(P#F`t*NpI27a}xml8I0a z6S~Qaw+rx`fn`@({3*_+@zaxhlB5Lcal8#xO3G3}46XoSmF8dIUs76P5&VmgkigZu z2$WDD6c_0qohZ|rA)iQlcsN_aDq9-o;5c*8Jj}#_yNjtPZZ687W`rCrigUE7D0ecU zZ_Rjunb066wAYOA11t`jR^AG|F3Xo?YNl0=csT}QIR38omIs{Uzl=YI@;J52ULZP^ZSA;QR;&Ep5UH zm?Z+6ku+3<0)LB@jaS-e=n^VWe|7=6lB`t06>9R$i_#0+ogw&U!gw&v86K|(T2dBX zTz)T-c&TdPK)Dj;;ae6$$DEb6!fmO8w^h?gEolvtlJe_N;Kg<;RAFyOyN%O6;{$tPq$E+=UPlf?aD>nG<1+r=Z1W40bv3va9yQ#2sBuX{`mUPK{25hqR`*YAexig z2)%0#5q_9IV4_`+=!3Td(Xu~5(Q2+jZQMV!48;a7@Z--ebMOoN_W^YZDwm}M=a}nDytYTYdaIYRG^{m z5Q*N@Hf24|M2`(I5zXm{%@*5*Euq;q4vACkgjDZjs;k>jy@Dn9m6__^jCi$linF@k z9`6f-u;@LQsA@G8y$93VW;b<%`!WR5j6bZW)*2gk-!~D&MWb5RA)ay9c*f6|@KB9a zUohdBWVzaecM;;<9m9JK*ZThH_+#^TfR3|{JI)&Fk*yU&P#vI#pceN|6%xA3a_BDi zLVLgWT59jV-%suRJUjlRzYcHe;W^MHrpD>e411#2X>^7IogqMH2-A6m=^V5Xory^2 zHKdafr30F?`T-GHxz2KWy{+Wd@Q%$SXRME?STf>bdBGMJ%P{2Z#&oK;!EJ~(GSQHk z=#CDAoMUd^nT)s4jQ1?#31+-*jCY+G&kuOcrU}z5{tKaN4WEaad|;pXs~-H-5dMnC z=P^{18BjE%P`Rc;{R;~fPD6~zfDvd(^7RU|*u;>AwHw%6hLe)77-XIdUqwJ`eQ+=; zmA9@;5u}=xgOhjx8^c@(n1iueV8!vci0UIY4DItKUH60+O$Jp#o#ai5Gu($6{v;{K zG?ItY1yU+tyi-^FD=9XBe3%qxe7zsI2tp2#v7RvTAt{e%k;>7k?iO(>5JT5C;d+2m z4H{)88oi;zsTtH`2is`!=w)ENWWpMWgTSrr5i5XIAu_;^>$|Yb2K)_GHF8icGK2Uzh~M5o`YRK~ za5O2_mcFpYi`1F)zjlbx635tO!svn+ecF*=>P>>#Y{IF+iv3S|T%$E`J}}{IMVwXX zIDli9&GL7`j{mZsJO1YGsY0Y5d|oERKVNJ591&HCvsi5&fzM+x2CODA3hfDRjTx^K zkJNXV@%BNnKwM|dH{{kG9{imRxqaA`g;G%Y<_W;w+^R$-^TOcBI|+#XHg?ChWe*+4J09YE2Y_ zCY;fW0Oww=q*`+&4du$5Z!uNUkW|R|aUAJ9QS8I&#D3IK#03TMkB9NcZi{IkZ8Ah; z?wu1EZ?HL&PZ+Pk%*-Ul>tV)w74ZVwN+kJfD2Y0uA4{&y)bgXDy$hyqZ{<8P+93bV z$X}X~3mLh48{|J2d5al2gORh^Apgn8>&?hNrVw(zscxPV;&pQs*7id*yL5@qKaZF& zp1~SUPiBF&$ugV!*}dj0=cgdK+o?gP1RAUc(VI;~=ONKDI}afO6YU-4Z-xo+6&wi0 zV4GO^TYSX2%7k$jlDfl=Bh5U>G9#g9jxiy=NBWN)No6I@68e&O zwoxumu(aEmi|$X37rjTkFCW*lV?gQET#{%#ip6VeKFUe%-aAdP}qEH0q70UiT7R8 zr|;mWhiPVCS=y#;>|_Bw!5^@IuH-sjZ8@#ZgC?rGuuUFMjgN|HaY@cI;hlrkvoHzq z8j})~gV`pm=aENmQe0PtKVoRI1s@&wxQxuYD~pm&W9b$Xk^RWh+*Cr8PDh+C3&y=POp8%G$_MV_9}G%hEv$;+0RfLC)h&*?h`` zygvzB$}Med0Kc4yv+xbFa1OIjnq(~NHwpM5PI_5l=ppmS+H9B_fP!{E*%eo=OBi{X zjXzJC>)%unDE;7lWDs7t-u&St{&2VX!=6dzS`tH7!FSp`{5bkmcm8UCxzs;#VKxY- zi|7>dexVr|S4iBMtiJQ0-Rn1FyEhB#ER(Q~ps@Z%bN5OKJ}E?%(BFmEs}BF*z~&RE zc`v^vGSR5)qbK7Zi`aC_gy{O#;j1_0^1BJKD+ z_53wYh(B3OhRavD%r$0&?SLR|TzQiX6|+NF-@AU*b%W!#O^i%HMsOEddmRvV$L-sO zbvp~K+gUF86AxLp-SQq~=}cH^j64rbp;c=82P~*V1*s|+j5GUDg~2Z}c;Pe#e`kOn zV{q4j46Zi7D;eC)0KY|G-x6He7<8Xu&;kIBFhDYc<^pK!v1|e@V$ci#?Kr`pSpXtQ z_^$u~4_gXLs`2pfUzj2yh4An$J`9D23Vb*p9;)!+9C)b3hqK^e4?bkT!^FZz{Bu#Tz@BI zFNJjRv8|y>r?|G#>8N))YQ+%tO;=Edg-^{^9sYB!IE9NszX+<)WKfONxUHf_Z*G)DNkdBR>Oi?;=+y>TZ}t5k(AiPT`T0REx;&=@9z0I)Hf z*B%-}NcWv@ZV|rT&=HW~X%aE)y2q%?R`r`J%?xwT^+DCGp zjxD2yTe(VtR)d^&y^*HF9+J{Qu8E{<=}B9u>RWy^U69L)+!Af>GtN|>F$qy|zVaxp zA}EeJqg|>{<2r!^fV=~Rfm}+;DlSgI8Rk}@9 zGwkm=_IK#~8+t2BvkK;%Qy^xrL1h3rSgb}{=bE^

-)}Kpili^nt*6wksv_wZy~K`O_FK;cC!BB?`<+x_dgb=*D+3SmWkd7TK^Ee z=em=2wBI)$jV(vBvFYqnFH1SiRC^J~;R2S+*J@IGlFQkKTzthOm&g5Nz7-)K_3-3` zy-m@S_fMq%HzSYT$FbG=aa-7f~;G_2BBqBR-#dpkLiKQZ`#!1fm0 z+7FM@11)DS9s-hSxszIK>UBVVmTiS(sU5910K5s{5hpw(&4-74co>Nf7Xt1pX^kpTGW%dv-MYLKjNV4JTtS zn#{cjs<;HImKaRFuv09`<$zp)Q-EM5cOMsxfMmr8A{WquKxPb=Mv$*&7_3$39dF*|hW%I*XrV4xQC>D-;ermkJ_M8OxxevPxf?W|ZsXi-1<3t3$Cq}d|6p7E|HyssJWF~(bG#(RhH zE;r-d&Uow1coTSRxx|cDjE!Q|f;L5#7)g?kIm^>0>J`b zZSOV+F(UMnz5?)ZXs6Q+vH!T;+W-s7I<$x>40L|{7@$E)uu94SrW@sKab1Q*HotO{-QFK{B9~! zc^#I?YLuz5E0yU|F4G%-ahd+^PNf)}P^O}UGVOisf0U_xyi6N6#LKh@%hW$!rn|2) zmFagOu}mlK;4*pdiI*vr%k=VZrZW9hi)FgtDlStmF4JQAN&or?m#J@eHmkO2)#cn! z!(Gk(FMm?2o@_MGv@?F#g&XHh<`4J(K_5EbF>i`V6bJRx z1W_EmokcPB?zkvU9VSsc6)}n8n;I0wxl>pa9WzN3f6`C-Cx=-SUAysK!x@?E#--Yo zX=2hIXR_`}6O)CfG3hawe6}Rc$(|gK{_i-eu+pLGlw5J_@VW_?Ve;s1z-}sv) zhJMH2#I5dgO*JtT=jFdNq;v>|mi8+f;yZNRO?X-4zkQ6xDst)boujN& z+ddZcCX=hGw4}fRi@Y^(FeBXMVSKkc8}`+` zlew=}W>8=4L|rz0>F?ZEcd$ce;~AOk%nd{9Y+~{~EyiTYWD}FW9ZO{L_|43u$Hb(A znSAMI6O)IwB9ns*CVMiIYdaH@`+j34vzW=2GcwtanOtCIQj9bC*(4K_6Ha6DDuc;? zFN`xe>o;QZ)K4ZR#}JdNCoz+YL}IclGdaXy^4^Z@S#idpxj!@cS0@vbx2iEFFEBIt zVrwFkZ_i;SttKWnM~KO5%uGIAg-rf9k(vCo12Oq*Ct~u!2s8O*Msx?u!M)a4i#^aO z-gqCU`Qc~ua@jl4+9ym$9x8y$2C7wcAYu^#<}_v`)%xzLO}hmqI)6LN+bxqy*3 zv{6`ZF}y1}nvm0eVTJWC*pjdUzC(-)5|4hWM-S<`Dg7o>`em5@`JvcAYZHUdA4|aY zny@dzG3C`nYLY2^2&S)$Q*(&HYZ9pqGhw63r%p|zc9AK)mHgl0)Uw22XM>tC(DyZA zKpaHhpf1j&^@k3e**|;US04Ctnvl`z|M{!>Iz2f97k;g zRCPppoBfijV!1=E;?0JU%Ou0-!E@@Nhq!sT-eDGd>@Ce$99~9*m462*kXX5;b=l zy($a3#zui2i=bD1D?}&f*YMb>7{YCq^)QT_XGyRVZ|)GUjxWgma{wDqexlFIn31Wg;Rm8kn#&gKrziA* zU8WC?;s?nGqB;YYJ!pdu@VrNF(`2xX_u*ekH=lnw82u0=75ws4LdSe8{WM8E-$3S_ z!Pm#DsBQg7%8L9po*&;DE;s3>q4K~18dr2! z3@wXD@*de`t8vj8YV3u%u0|>BYIMu6F8-3Xced)8!(YqCeUf3~2d>6BftGHPeAqWc z{Gc+>V)d^_&TLefUR&N?9t!nLAANH7{gJ_WmBuIjkIkqRxil1J6ZUw*7Uik9#h&@( z%lU#bSW>p&5TZ=Cp+0!4MKE^hGOtRb@;l{yxTp4m0~&i4e0Ik1jmr;1TJwGwhF;oj z2%-IG{yLSp#1?Auk10P&+?}^B z9}hn2FiFGbl3b-{KJk1$4Upm%f0MYybtJc1ZnQV<)Ad69v)I0Q5_Z(anEZDq{&$A` z)Y^po)K5IJtH>#T>6Uj(N@xR_|H^25ReCp1C?K!0m2L0a`vfqnLv0>M`(g}wFaf?F&?u_8GXhf-w21%t7HdI_MQ6HmKALPZ+(<^vyC zfl2sWwhw?bc?k_x3%<$5hTMxx)ZVNLa=hLMsKC9iJ(dP$S(sXcYFEABRwg(|>)dA? zP!nDIB-~5u0ji8sSw1R}a_mbb+f9af%S3s)r; z?WwIuS>%w8Bg|CmJ!s5BJgu-5$8ZB(d#)W}92eQT^{XbH3o@^>!1+amaT8MX5}G}XwYfZE@06E`|7&HJF66+qFZ z06F!_?n#j01c$S9(zFay%Lx69C(gr}LjVc)?y-E@zleEzEz~c5V@Ce~&?9^3EIaFF zw6A|aeR+#hB!;FeL1I!b814J^&o%ItImRNVTs_5h4%a`D%SzjEukBN$1MFxy>H=M~yra z!}iy{$`&HH*ZKxN^heh$eCSne|H=uOY5!)l{~$2MNJUq;!Q>AY9Z26v8I;gIf}s?y z)%!pcWvG5RH{rYx(5)V^SQSGND!D2(?}H(sRtmU^tWd>~^WC}My93o*qvz4f+Y#Pz zk9JKG|7Eq}NRn#92QRus_>xU~_^oD7+JaXkx}dX(8kdHeJ9NEhSZOffO2yx2?by@?9zvD{Ha1s*{wFD&hi$z0mLkUf+W zKR2J>cNGDfwtT?#$OqLEffSU1yWpfR+bH~k{S`^(=80RecF2v<{9gmjoLIa7EHY<% z(hfy_BSuaPUIxW7NQ!}C9HX#5L)I*}1>4I|Y>`b+&bRDX-2N5t6B#h)jOA5knajIy zBJqC=%UKYha`vM7H2A@y^^F&;JX)_CPUE4Td8orCnFl#&4U`?ZzGXJs65DM3eJO@i zBxPw4Ymz7&^+pS|<Lj?%Mjr(~u>Se%I>5}2lTGv*t zwx17ls_p%e8fa%Lw%4B7Dd-ITaIP%!iHrNcy(Ag_Z*R5rf16_R6svT@3NN(Rm+UOf z$IU$$PY1!1FQ-`E2~+ZANrNz=2B>{klBibWyIiH-vLeMGTP)Y&z?FnEgbh@KofLcn zQnWj6un1@J$BeD=Jj&fU-jMDa3rf7XJ-L-WSPh|>7}cYi0ywab9J<=|0jlnTYJX?1 zvfKe*`#*(t)jqEd{-$o>dY_o1o;4A@=Emp5+~#sjj*$Ntk3y1nm7z|D+eOTX8|INZ zF?bOk!IAg4<@ zhM5?Vq)`ktkhVtY>a>~Ud7C3C6EY-aH7ar*4kQDTJ!>z_Y{$OTb>d7TTaz*g+gW2p z9;oT+1?e_G_cx*qt;nMcnzJt-823VJuk#Id2X;7IdHS4${_2sBsOsldign>;-#D26 z>ioY%QUNz&^D0YQJmI%!DHC2*N#b|GS4$f`BMbKwfYz4|51+t;7%H$Ly*pIH!_Z*u zL=&qL9Q@cEk@49YSRdl#%&K3?8Lr_?8?#s{1pSeAK7e(3S06 z`|1aeT4{}2hr?d!GUzcO)Ct`BC!X-Vc29WTai_R3CD4-P?-MyEvAk{=VDyiTWS>3I zlIpj63z`@FvY}n11I(|GGF}HlfHW%AcUat58)(h)X||?ONsE5;7Mv3An?%PV9zy=q zjWb|bP?fh=o&8V;Qtj|$jE56pB!*h{%Bos212uss5J<@VY0Zn$H%x8U!EXF(yR z2*JI+jM9TYly2QpdaTC+yIbE8Ip{9fv3RIknIcGeJ6)i3INX88LU(Gt7#t76$8WpR zw=f8#2ab(|`BmQm&;`E&`?Tx`?UfX->Ob3!>+GvD@ZhU@4SC6+U59YcX4~}yc@ebR zOzre!ymS~)Wfd-Un@Tb4LWUT+iX?W2>QO#GxI4Pdbs3bkVgz}4HmX-mXYc78WfdN^ zA_Z{0&F@ei!UHpURiNRxOerz}Kv&q96lh7u`fcY=DSZf&Y)%gKkl~vT!*HWC(w;FK znr}~d5b>cCJaoW^RCxIA;sU`hK{Lb>3I6V}!rqSCGgZ|8f_1)Jx8f3%qG@z^#y=2h zzBV=!8)xJ0orbH^#x}85);oOlrG?W*;8BVib6Ibl#$|m6#yikBB&G??VD2Z`7~X+q zi*4#(_u_21&E5Q^+tPG;#?Y%HA@u%$PjJrLr}n!Nmbc3DC5GXkkht3lS*Rm^cEBgA zN-SJ;%5@mKXG;lnKVGUpqx(Wi5x6o38<1@hj;iz-{>O=(QH2QXNCi#KoBO9XJao8Q zuSTkw*KstL;JcttyXEa}OEb(39{E?V+~S4w9ZCmbT(xZ!_CH&{KufkSy<#Mem-0`6 zmUH|mUKo-s@>Yz1b2*dpB~>HCTE&HQ-sD;aW?)PbF}MZApjT4ZAgy8=Vtkf}@oWM{ zI%2e5n@E_t>LC-*TkxB&2eQz7jRm@1kp&cWD#Bs4Kk$!kd(h+Y9PjuZxHnM)>FP)z z;6i8SN{_O%!Aq|64p=?CPN6)wefj#}QlukbvKV)Rknmd_^3hfxA~nDJ8VrZJJgC}9 zyHO+AivGybq$mBb?}utFd7QE)c6$id<6&Xd}S5RB!Py;Ky8Xl&(*6+d7^~2 zjV_WwsH5@p8FzT-?W)wmdkPl-Tsv~yY)&!xo3nE}&NM^F3RkFoijlrVg!GjHH4fI_ zp-Yr}Li0^mOawSiH!4}6ve+4YLQCYxKiWUyI>RnWDUg(R$PjejObP*D^|b@SeVWGQ zSkXH_^QB#MP)8l#E{WVCZrARkUiPI&=|Az2d;#NMwN_X{*mY12>ZZ$VKt}fubn2f6 z@@>8bXJ9juw)j0r=hW2{*y^tZ7%adI#5D}3;FNd3>+oH;^48RfsoY{ZmtLBaCduO* zWWXMmvB44WEjZ@L`P+KMn&*ndB9o%<}3Ql@|=_Zk9% zuxQ_$qILJsoqU{V=qJ#Yx}o*MNY_qLyE=oti(J7Bd)FK>_x&|AQtk4{HFS&uRL4!| z$Kd`*=l_;V;V^EetCg?eG|NZmLX{;$a9y2S<+1$b2@mWp6@2X#J-@jvy2sMuDQI~Ze zLYTRj>smKQ%viaanGTVaIqY30h1cSv`rdkKNwdU<#?j3Cr})5&@U=F~`aei4jgr9j zIFG5^Bt9@3LtFHT=sN9vc;r{GdX{u?%O`5cn;C`nA?=3r#UmIea7)A?KZi*Xkx@{= z_>gx;*mYM9;bdCvT9*!-zu=U=4{STN1<5 z!f82Dpy~xFw+2>6D~>%%-%%41$L@iaP})4uQ0df~PzS*{jCf0JpHSp7sY)AgOC1hC z;mLOCmc0!7b-*oq5!U=oaX2l*8K|;{C$~FeY8Ob|+AcgPectpcDUYwCK5{@^a;3#6 zQdqLuM?kY&(Te$tW2H1QNm5sQ0Rh+aDMOQ4-54)fTDvy=Z!LovCk3u!N zG|d%iy1R2;C8u?!Zb!^NLaawvdpd9gt1FPJ9>)olf?iDS_;1>Mj7RSO;b^1DP zTBr}5OG8_W6I7I60v&|v;=*-kEWB$68VfgJ52(oD6B8JK>aiElnEW80vxOD)zByvf z_jBChvcqcKf|O{Idh&8~CfLkF33szOVn^y?P9@kc8Z@ZL*S$Z;eT!3O7_1|+K+E6K z+XjnqF^7gASd-((blRG{&G}FEYvmJ%G+yoTDmP@fl@(nwes-)$J&16j_{(7D?)YuS9zWtP1frF!LX8?Jbmsw=Nf&z$oR?ecWeGlLK2 z3xz|np=FV>^RiqC)xpJY)qO)f3KidNsdVSoF6%ETC42@mebAywB5fZU1aHGNx3FN3B>F7LaCsz{sK_)GdLpbp{E=Ir&Gnt0aLZt_QYd) zg)ablUR@Ifd$5uyL|0Y9;V6?mhP5HZJzw1lYv;T=tZC5vEOl}%Dmtg(%RhNQYD$sA z8E8rNr%E-I*zKopQyj`<+jL3qe;J7IpY)*;%xXTgFfZuU@)wfqRlUkx(8MU1qf#=> z9Vq8zOmF8FGHHY#tTdMX&w{FfD&LoAXOMq{+WfA$MxdfEReh7B6`Sh;b5DvOEFTN& zC)^Uw@aG%bxBJx1lUUaoz=Ykgo&BX-q1tBt4nvm_z)tg#vEo5wL|r}!m(6Mm%!=^lPs|vY-s5_p;_sflY_JiNSeJT{3dF`;>MK?tg${;71}R8w$%ZsOIyUy zmADYBDm~Cp+6r3hyEvn6Op)}O)hiE>&(ODXYFrrh!NnF<+|ERA_~L#!Xh$u_^=jT; zShzcB@YOTFrM!KE=LD8oE$k)Z4D5r|kFixP$-jES-lN24ZHW0?jvG+=Zf7;*vU9B{WCCTBQLA{p_`{;HS6H{#HNiQt_B+ zMWE}mj}XQ-z&&s6ebRHk1!1qPbcGJlBF67@hKu{@;>NU;VBOtg!X11@=iGD_u;oMqR)(;F1sMnO6i@xaSZvHK6ob z>eLF4p$p@22w2Y*%S()HjMKi(G`{}UoC8)I23Q5zz`&(vI-ssSax=_2sAn(p;Nq>x zEuRvDZ{TN^=jv%%`XNDD!M&io8WYA!)4=giH=9|kS-u6ZEcy~!h}pi+ZT}_@+5Ill zzd|)yi;Tqv+*sP$;Lj}Ge1M{B2k+rl|r#o!O9;p;V}n-3CCp$iy^Iv#=|*E&DKy4Nz#^z{n~U;8r&0iP)~ z5KaA&Y41H5r~MtkPp!#D`uwiKV=<-$~p`>E@EFoTUd^ zoTaUeVrVra6|Y{&MNJb|KX@QkXv|%%*RDHhTJa{F=VrsXnCovO%kZNZe+V6xnzWI) zM@;M8@XGb5%XgfgA$A-LwT(N~>VQiu*cJ8}T>-#2si-1@8{%N}qE%bm1Xkl<^jlRA zFt{-eMo&?7Cxct!VD!yY-(@hx!Dlc9O@4;KjyM?CQfi378F4VWfUENu+&vCPk8kyA z24}^=s2Qn649FTu%o*xIJH@Z5G z!6k7pI-jcp8C)6%V;DCzlfkRwV2s+Po|-`5HE}Q=L{ooZ@RM;cp2t$_8N4nI#=}`^ zIfK{7!RSh=zR2JWaWKwos>0y1IJgqQJ_c9D!FbL=ozCF;I2hxCs^b}~#=#h|Oudl7 zwQ(>;8dJM7xWObrT+Lb-T#^(oJT{+S$8+K1%?CHW)z27Q8plREvicE&8%>3$ctQ-` zAjJEQmCoDJQUSxnsR#KP!@;Rv@-s$6RCn?-9w}Eh^E1Vj>@+knt|asg1ou1}d;i8P zR(~+un7W$3!jL`c5`MlQQ_pI2c3Us$~pb z9m{-TiE6uuWQ_|!^+`@IHGM|@NqM;SJ8`o5WGk&LapqTVXWaTYE=}K47+f0%lW*{7 z2CH!}?j@?(3~n^FJ_KhlxFrt8!^3LpI3Bs<4W2fR4l+0=4o0^}br*y4<6yQoF}NrW zMzv0TmcddSJemBd89X@-o=WkA89X%(Mn^<-DuZXn!59ZxbuxHv986ZZ^B6oo4o0_9 zwKIdW;$RH=r=A$gGfo_gfdkc_7@QFYWAH)s69zltVA4E4U~q|P$UyKq2A9UcXpvF1 z3#n<~8ed(?C~M*<7?f9?!{BwM`5P;65`!Cr#2%DC_KZEK@7U9N(B}2D7SP3Dbu(S@ zP>hPra7mfuP>(thd4j{(Sj|v>WI%=i=&tTX0O@Qn> zB>W6ZbYn{W)QO9a?NT@`3182_SIhRXrK8RTJeAbz9k`F-EKU;Kfs@t+=cDO<0H|)a zS;)lj4Xk3Iy(H0&t4s!plOudKArE4#o7S)l|K&@ zBE99B$Pn}v!Iun-uL0QTWR-b0KyZ%*k60Ic01Jg~Mw|zABxFS@x^%{nFK4ialXtUW z52tCGl+UMe*-=9cQVQ*b#exl2SJjdn#z_v=0=QCXs!1(>w$tr(yM@o|4Z#* zT35F$@%mZD+E*`dyY^k(I`e~ts_lmye9nmU!-vI*!tm)C-yS6H;sN0L zL}|H;JQzajPD?Do#QjEM;Izc+F>x~``fqi9luXIVvE*V*ex8#rHGg*zCamOy-sXhf zm~aQ@7Q}!(==zal+cPTF`4M@F1U^riv&L&VYHUeo`JuuEx4u34?)wXRLm#YcG0-wX z4836VFj#(8+xlHk?RgE_Mr%h}qE$whL7;)>J%G8x6D_=rd_+Ao3Ks0u$=ACJzV}}j ztFp64@lYA9vJRt+Dm&D+%6@|?`wgqC7kWxVm2LORKSe}Sl~H>wh+wQO$Rz_BdYV`M z1IdJj(e9jgo$48d-Jb$Q^uuPjWF%{7Hu&`vv@Gh1FE_&r4G@v+4^f~IfHoU_O_KBT zDkCDdQy?%BaOHi{itRXTwH@LT{J~cIHr2G(hx|CpaN(D?SKSR{YFz6m=z=or>G}Br z&yVFeBSN}xLkF^^`#Zr{-qPLoOP-!rr=FdYB19HT;VJ7R+9XxwndqnEE0V&`)>E*3 z-4ph&OYn!n`9tl$!$E`HITFR>!x|b7pSooon$iA9PoiF#4b(Gme%Y9fE{#&)6k7A; z!+K`lJJFbq!Mvs#dj#hFf%y3*b$3>Kq5N+$GyYEB*spEkGX!Gr8TR|QtceWsdS>yR zY`_W{$9IyV{+4*O;y+_>e~mm1=MGCnhn$&B_DuNH=ATS;waT7`gu>}h{UQhz>_RXN+%i!XxE`=5ejR(gC)3uhQ)1=pXm(CoEjG_2Qj1Ndgf}tmt9A3 zM+IFq%Q8qV=K+)mtf0AeN~0(2!l+<+rW8$CWNcHhAa96*=aD;8;cIu~3r-y-)NSQW zRJj@R(9{j{%vZoZ**K!c&bSpBwIdq7p#kOG!F4^z!p6!3R8QDG6uU(o8aDy?$J?pp zsGSSg5}IOZD;+&EokU~5WJ9!l{h5$^RfVo2@^bQS22p+GU&?wh)<{Y`{E z!s3K8|9})NM3C1RaugtuMSAAH__Y~dZ`Ly(;8)9k;B~5=xs+d1@YStn&g0iid>x@@ zUeB*t_K}c@e)}^q*`#RaB`ic>~>c3T;pV-RCxnH{^Db zRO6d?T%^|DS5ms7AMII2au=veBWxpJ?F1}6vwk7M?B)1EHuCiIIu($gW>-U;9q22& z*oiNhH1>ofn2rZYN(aPD)-%g*#hfQPXeSNc??$rdPc_UE`y#M?YJ31XZGUpbZY43`d<{1rJ{~>Mp=TyhVa7WsJKP)6GoM^Yjlnk$ z^pg#q@cX;DU%Y)=K3?T_+N}nfmC^LSVrY$jnb5`=X#0l{T74W%Go$q~(B5OTx;Wa?X0*Sv z7%j|b_e9Z7KMs2)`?n<5!@!Nl&^)pi7LQY4?Kq_cXWI+&Qv^eksFsvId3BP!Ro%IX zr`BTJ_39`omx6BVbVSafAg7Tc7$nOxD4xtkyx!;ngQ!Pt^vFZdnM#uT43|NEw(}jM?F9 z!h9!+Ijt>b(_z9K$e636m>0Fh+|8Kpyh^2+5yf=0#e5Ml75j(y17e;dDc!L~W`JN; z0W8w%H2ejGPkWA_KPjDoy#Ap<{xw>4Hu-nQMAR?O5D|r>j*2MqE>O>97DZ<9L#E-o zB~jQtW0bxb%4LLN`q|KCrk*g`Ox}KA zr=ro+4}R~>{U9`$`oYtU+z*2LqqEwu+c?+DULo#JRu~cp3#T`icnP`>j;)*%OVEdD zr82FznU>FW8vm_-64nnd8|9P@yxynbeF}IHyiP{VhEk{tjvJ+nop~_zhq%9{GVCd) z|H8|}#rX#HoBydamt4rD8GU+bE@L`(Mfp5Xer7&%V|*^}1$^#2X67^N`ZJ9;ZO)7A zl9anMO2-WHw}a&|bmD8d6JNWIm5Hkw(0)_x%4?!CYgbWfVf&ZSP-SoVVqo-2hc_pt zAY|~DF~~Cvxgrj^pCP_Dq=X@F#36GSGU}!5DCA0ptc&A}WysXroG4^4L!OP}oXwDb z#UW{Uctx?>|KMJlZS>MUP@E#jZH-4sGB6K%Q(`^=8jNyvzeC&gjmMQPv!zxNhW%}f zfx~1#oQ16~W}Eh-P4n<4^x@-J99M2qvYekoe4ndJwyrj{x|$YdKmLN z6LY~w#vvVFZ?BSqCyabQQsOsiPCOCsAhrtz>GKRO&jHd`08Nf39_8dT4yppx&W#p2 zJ@z`EBn`h{91Uwx@7zi1R_uI{_D6Gqv-IinXAxOiJ@Ph5{!-mLkj*o=J`he@A0!zX zIyvl?r9>AypUot73@5|S&qq&C&{{@#!rm5A!d!Wkdgjy{XdO3EQd})kxxRe#7vI1A ztOc~x<=0|p4i=WWu@07XV_`iA*tBv-SL)fI|K31ddK9Cf7WDvPUaDty=aiq<#ZneP z3VjE>CNYF_6>iLE# zt5K>_+ew92q*;e8=m-3K%mV_O{>^!_W-SaR`>`sU&uPPd)R`>q$_vV~k+mp~4YELYy|Xtwy_L3EH#>mvnfx=SncePqRT;|9lCg`*)HaLYB=RX_D8#eEvR zbn#6%U3>u#PajkF^hL+GY9#g8gIFWYG~D9yvvf(H7K=YUugRmhKz;w+e^2CoCmQo_ zgYP9^2)=jHVNMSoJqY#X{LW%$_Po97kaO@L{N2M*`okZj0P7v2pIsmQY@+em%-Clq z`r>CLH#_C+k&7VjmSXu2`1Jcv=~K10@xj2@2fO%#A@G4y{u^_1=aSu_SU#XO9Ryw6|{1)<;NR@_s8#gZ)P{7EyHO_9oC4*7i>VZ>SHP~V)@ zj!imEzKcD|VlpllO3I{}>SK_CXXy({zSiLSO*U#Mym>D>?ysc-tX3|lN*9Xv1jQr<};k;5^ zw;hjvPMC|biLCyI^DgAl>kPD5eCbY%d6H2!718Zw7_?eS8k%Bk(KMA@Bn6gt7kr=s zEuNWI895h+m|V>J>dBTPz#twRO3y|YNcsfo`ir&-QJcF=(9p1yM#e8CL?(aU!njPWP1z$8O>8 z9~f;D*H+^8$J#1KRT+C$u;rU%WNMMs9|vAfKWJc9lfY z5n9xt=+-V*qow~>riR_~!J#&RphiX*?;>)k!IPWq8R}UhY(nH>U?gYkpXVGQfd zFg!tyb@bFw1}8HZy;H=>MtErgkrf-+kWbF z_27TqpW&7FkeBZ#(PPQ*TW|dCGk*D;YoI{zpAU_K4XWrpp-%2+tjT&p`>G*-0=I1I z=ay3>`3O#{lK^3}MKB`yS!pM#2K5fQkNN9!jn8w@B9pgQDroVD6TT8RPMI%-B@6l; zSJQ$1A`A3{94E9Gr{hzPJf&6)cAzr|d;Mpl?_HqkE59A^B&#b_XP}9}9Z9tPR}=&M z$3lQn#;p}%(4K_({vO=xFE*TZp$oY7;lp5w&f3$pb*@GuM2buG(2=~uFwEb?VX;ID5vc;5?*z`SQrKB(I#^hASvKyDJVr-3P@X7zXmgK|l42%|8-E5`OhMly><-Z(C z4NAj6e}Sp&_xCmGg!MzkBO(#_psx zBa%EWhjMy@h6t(yNcxtONc_P^IB6eM&pYs3w_VitC1e|Qx6-3s#IOOg1n&FZyZQOt);_$eMQbhr)adz4ou6HND|xNC5gLNT#2qTMx;O!0wg zjMxT$2U=2n&>A+;^|Rr%_~QwOD(R%hVHkeHn2~yX7s@_aQo@)b71a1IkP2ECi;*lN z-cB97F3J!$UZw|*W%>RL982~68cCuPr~HW$Lek>K!POQaaB8F&`VKEem7iV1!?jcs zS|9bis|l4Ek9oQ)PX{Jmq0-9lqr+h29J(xREmI9M)w8O}=jb@leLFdpn-rdJL9d{3 zxRQLIAR*m?(ZMoF;Gy$m+}7oAv$feE!i!9M`ti%@o*%)THKgyl2>?!9;fJg z(^-}pqqz4$Xb&R|il5=(X|zBvZlF5VkpF4)m=?Jln5)1AtBcZ|SRO8J0jRztCoyEf zMqY4a@l34|`r(|@<5%qP$ZsGar?}B2U`D@TM!$G4WL>5e3tivSB3u$4m1ERBAWpLj zS~(J1Bk4PVwz%>U^1;7E$LJQ3Kx?Y+XAN(hT;nWr#L8Q<9f(~znahiTBje>2H;#9} z)Qndd6p5klErtYaYyMxAzm63QCBz~)<&igSAQ8}}R6*n7-r5)|y6>3AZ@m^{rmXBo zr+Oqa|6TCNjj6iM4MTN3Fp1qsuEY_~RJO=ADBGPzVz!=`*Z~WEIVJkSxIJZQ>rS+3Pto@9E6EevLn_KM%lC6>Ra0qe(xUIRTPacjFw+j&H&na@cp3%# zh#M=BrQiQAmY%I4IaNk^d5S9b@Zv5Sy1G+;f$`7o~TGb@@O0L1J%CpcL^Ou00>N^mt*`*5td zvAF;9RNq+h5sE(Z)7a|b{_AiSprAk)BW}t%b;*mo0TEh&fg`q|1oU%#{Q?;CYz@U{ z(?PEw!qv{E8jJG-ix|2da3kHkbnRZTqXm;buwba#@u*U*IPo)N;OhhhG@iv(gYb(% zP#Y8sJ9awLwiWkULnyCeC5-Y>Z+lkMC^R3yB#8M$X9=yj75mjjgz1?NO{P`*(XJMwE1gq`{fq)A z{PG^m%ewKoRtcXK%RfR@Vf|}wx8j7p7Q2V`5I&n`vbEeodQ@B35ooL0>jh(j=UX~m zR-?_Q&uQkyX?r~A$MIRsG}n=dEhlmt<LqU zkT6?DMgfZPg|BOTbXmP+pnx%kj=l?PUDhiA(NG@@jR6-0MAa?3gh(F`zo0R%bDYr4 zKuCR)s8F`3S|od6d5A86379t^W)Lt@6S2GHF_CkzkY^hh9t9m{75uudo(>SbZQ9tM))-07ha7-mGIop@4qz@*Um;nLUP|0qfsdqJeK*6h}7UZ1?== z$=hNy;qP(QSa5}3I%1GNx%3{3;JXbM)yKLR>y?+O1y!4tGFv#wH?&4z3xA0NC7C8E zlO#!&G9-C|qOHRuhADZ#i@-Y!(ePFD@NC%`b)`>-B0|$wYk602t!@-zPq}5 zXZ_+)mezZ7e}RDzB5W^dyORj6n3r{ z_2NQXUgh*{rG?{v&KCs#O=X?f#cB2Zv@@0WW4;jScKZAqs5~VFwr0T~cS)-oC*Cwq z`0~a{@?*6Ex%*W5GBGWc(muV^fJbVo?F~QW3zpKV21(ppC0Bxw>JQ?^o~^3Q{kFiL zq@+qpr|H@=9gRSI|A)OP$-HJU;;gvkJ#J;i21B*L(YnUI{ZHNIFJza;0Tj_^7PX0)%f0redV zwU#;NepN@DvEAVbDIwi0x@vIFU|!xk73XFB>NE3F(lKt8 zp@>g3!{R~dMb1r`D5$35eh#Yy^Ac)1!NP2It)eh^;YLz-!ev%InLjR@l@ASf@*c$8`*a^;RH* za)xdl4ya5TiDfadGNizd(8L4#7{LLL_57FtkCpTo5}1uLesl0!5u$RJLg*@iN4~f)#QxNQe12n# za$p0$t>L%T{8qvw_(rABlbpu)HIc(Uyzy;Nbp1Kj4!`mJ^#Q(l%D8haP|Hnh9n)0# zjeXqNt81>3;>zPUpzi~*K&|rQm zHENLGhH~y4*(p%MX%fGU;xvxD8OZ0isr<$_W`<_+8{gO&n#*qk8FN0rj`rb z48(X{OIb7;er)|EZcYhHD|mD*ZGBO^Z)IN$>$~v#d>o~F-@ZRz@ZV5w%9e1 zP#9ipDcWe!*3)Sy6Tj;-#Lz(aKF|t;CeeKTL2iW!y|%Cm9W{CrZ}Kp16^FIf zkGN-OyHB#zkJcN2xhkln3SB>?pZh3X4BL>Ax>cq}XH%6$4E8@8FC(_0i^jZ~fr2Jw z8u1b4I0H-iwYyRb9_vFl4U56_EVP1H@|uvfhx<_3lLM`w7kD>_AvC;?0@cDsL4cN# z(m(l;Y{4fQb0-EQ`{h+s-rpC<`1JwMM>FIKolCN-7wVYra!Jzv`!kiK+&IWr6N(*9 zuL(sDjR*9;VyGzT^vN0x9?DueD}M2(G)d!1_I4nzO+Q;O{F_;vh3GseKJ+gN2li>8 zb&9y^a|)rJN>YY0+|)pP+|Lq~l=o?JP&#zn$ zr@}uFk1tsUVIu%-K$5@mXTkGCYZ;o=G0Iuy^oO%)m963i!sqa(87Ah;2?i8{muQ>e zPk6N*nqr{UwivaX^A4CfstGh0)(`C($hdGL?axkx$C`i|O&QY*HTfhlbTPrxp!)yB zrBik<>_WGGMXj|RDEUgD7hiYNAJBbS@rKo}8vQgrQTxAwI}nGBBG(W)9SQulC%*m` z&GF-&NI8QkZ#XNFvfWI1=MJX4>*cnTaiyT$N2IF1BvP|aBXzc!)N+GV=^03!jiiPH zslbQ$YF%LZZi4ZhbcXM!G%FLFGWcc0pD5->d7+O&G^cJJ21o93wu4YPH zpXVW8FopDBb*@s>Jw$4W@2kn-n#P7R_HNhFM#khZx! zqhc{tAXTbhXDbB|&coXC?fE#UF+6<*!q)1$#VJ0)6f5ak)i6%$+Kc!c_zQzP6%NMTeqw72;g^($=-v1=c*HD3snOorBZo`cJRiK`hA)hlgDSKiZ7HnCo6 z=A@&+$;~lN#Ndps)IR_F;Xpy{%S?qTo#JCVoK-(1X+>T6-jS+kw(q7;R;a&d9XVSZ z&^3EkQ{~*(m`Oxuen^d8)k>o6So@P&kaw>3IX~oRYg40*qX>whnxvI+nxMVK4@KIm znemEUzLzTY6>f{D>T9bQFJD`h$?Hdpx#(*7om}oaGtn0)Fb0@uPd80?Rc!{7!3Bp_ z#LuXFYJaEFGZskeLC;E2lBxccX#G=r31FJmiP=!K<}UOxEf(YAe`EvA!8L&^qa*qO z#zWm#`+=6eie$>f8O`M7u9OL;X>W9ii^BIQiQ?%l(K^Saj`j;LqJ<>BIgwmrHVcLo zqK2}(v;-ZA58Q9iFDClqO0>xaLrCVLGZy0Gw@ihgIiZ({p&#psp;Z197js&qGd<6b zcOGZizqVt%{X22CMoSCualVy3d{B;7vWk+aW;>iOtY{EqPpdM z?zQ8dfnHlPo`Ot)#I>QA*GqVN;}6(Lux>?Wcul;CsD*bh*(6FLi%cLN6tSj`=+Q;W zM}#h94L@o6D#iHfV@e{c4t-VGG3p1Vz27lG4zphY*mE7R`1A1ARFf=6_yj=?p#5Ge z<*aHcnqS8Ri5I_*YH-JR1Izw|8km|LKfAU1%REwU*hUt z+hR+|> z=Sse5sO-AZ7|QOZS`J{EcAt29qZj|f1)VLT=iai()&yof zXyTA9+SU#U`H#hV{7(m(kuR>`8QIq#D+DVizzMyh32E3GFyYn?(MF`*ML1rEc2x(S zJTd(e2JX|^TNARIbr*Ic+z-?W7#;0iTF(v%P3JpUrE6z#`Z_XOr(@O8(iUZUN2_2Q z$hCQJNCj-@BCv~DxTOiU+! zCuN*S4NlokyY-v-{&osF;t~X6?v_=?nM!Z@x9_cmR z(y<}q;FuL19FL^Yr)aU$ex_${t@a%~Y^qHdQLq>J*Rue2rN!s2t!cOdfnl&59<z^BcXP}(Q4gs+{)8&a zFT!=#q}oD^FihL7Z*?8fem>YHstyI zAsPm?%lR1%fzj1~YUlB8!Nf*1`eFkUPv)vrj^5jQP-BH5@u69`r;tGCx$F;)@GZjwlCM4 zvHb0jVZ38C&~V(~Ic!@k6G#i1rI1mMraUdTZ4pm~ZIV&M%aNXQ8YF!hILM{1mz~qJ z5tPqd^H;|y9|UQ=+O=KxHm4?1f=nhOrABip&cc$N)Yc|P1-lnhH_XFvEHw>`!fQvI*7+V8?as@T5< zkt4m#Wdl*H!LoHRf8{8rR#$FjIlWx}0bu`1X^XciC1y?sfzA)v~7}IQp{CUb&z__iewWRhIe+#mCh9n&<1s9 zYJIUBjku0?&G&T}RTnx)%Q<2qjd(m6YmdMLg0!P4aS3XorEPb9z}B{o<|Vfk*3)JI z8r=i;I!g;5*+ygXJ!Yx5D+fBd)}Kl?_zdzxn09r_Y2D7~ju%jex!pX(*aHneXkM!+ zi>|=K7G2w&WEx_MQlg@{IE99o+und7W~;Srk6)YAwsKaOVV%oS_}WXcy3rnh-USk#u|Yo_wL$@ue8N z7NFWRQ;jA{jjFV7avL_!RZv)nfxm$daa92mayWEb}4Pv7oIdGO1K3j=y9$iZd z1M~pgjjN(2m7Nq-x&jB9qY~Eo+D~g8(SZ>`T9Vy7=-+M(E-xmvX;IkqQfrN`KDMWBFV*EpQNK7NHGeJRDFKcxT#ay}VPjmmfFv@+!46a8aC9i*6Ug z$nQO~;td|2#?LViPlmB7#Vlo`hW=|kt>#iIK=}H(mrYCEDql8D`!1>NV2hf`X%jp3 zx|PL* zX!cG+q92l$WQ~qWD-Ph0#w``S<0j$ilKqY_j6u#TuylDDP4ax3j@oUJvHZWs!sd89 zZL-o>N#m6-Wf)yl&AJY9xrL7CY$BHrMN~&caK|!*kHevx{ps?XZ^#dS#XbW1RsRmG z-(JV8hiH`GjqDS6u6zv44}Z~RpEY#W?0gu8w1e@Q(JSQu-q;p-AC?9IeU5J^NZBoa z;=53a8fK2DS4}Za0rE;IROcI|p7W~^-LZ*WfF~^DhmYCDz_{VHjl9c@K8$Z(MRf2O zb0*f|wf*w(LRy~#*XDgA7`W`76QFI5%*Bco2 zpIfTj!J9do<{H63FaF&sL?*I*Q)@@3#A0bZez)@7m@wWhd1YYi63AAyF=7??8zc8n zr9V58V!XgC-)J>X-X2l6N301JR4hQL#&o7WhZ}AI+HAtpS%&U;;ktoQhc(r|3WLV| z9+}4dIdY}A(V$L_XQM2BG3vqA4ya)yyr^%QcGuUso>xb4MxCXj1-Iz>MD35d;wH4> zM^c@elE`AzRJw_r*jTzhsyNuFcoH$`j5j0yqkp5rV)k#Wam$}evbV$|dnY@qEkXrG zcknJFr<#dGMTqKo3dHMdO)g`lgN8G=I9LooiksHqkH6H}@eX3y- zLn92{c_&Atz&5LK->7jFDf&_T@C#d)a(^J_w@{^9EIuWLCzMKomQrzLBOh0s3rymP z{S_LQ_%Nz#~&aT`5PQo4s$OWf%KV&2 zTI{@mSGgElR=zvDs5|<9kNO!8ptSgZA--t1yWtn=8DF@S84kCyC?g`84u)xhneNq2Fa!)A!Z3A%gQg3w})pwu(NmP>io6 z^psdC22rnYhnHGn@r|L9g1B3_>u1)t_fyE1cw*XG^wT#ICtB!kBe^P2rT9BQ23~8R z>OnF1CZ6-G6N4Kqc+1;!l;pAoDtC&(3`39aPL@)8jBXdq^eUzs$~DfHB?FIm#%qKa z>WYj8b|j+=7XM=9I2WT0n`U^*Oi$P~Ro#3~G7&#!iALGoRsm#(_qOu^C!E-KSk32U zFc*6~mrfkwPz-J(#+oI0U!+swd8JB8-y?2x;6bG$=o9@r9aOR{_=zH?2g#AI%MeN5 znO7G{TO;XpcqqhD>$?L(MYnU}shVFYIP)QAX=M|%vZO`dNR~a3Nrt~p0zc26q6=;9 zSn3r&8>L2LA0CUw`+bdx;0sxZh3nKFvvT^jh&2yG(5MsOOAbVc?d_VMxu1MQ*B$S$ zYb`7XZ&IM@F{riBC8ubf^x6Wg$VV&iF`W6ZA+^?@3_dF9WC%vp`^E|V?}qJ3f|CXc z>f9mYI8)f0g$G&Q?P(V%maVD*{~)T+jTG6@pB1?m3!N0G+)X}0CnX2E%={vgkiK0K(60(kxeh0)=NA$TGDvd$d@O+JBh zQ4>-YLl{3)Lw&_OO3)CV^L@5}apEgVv2@k8*x3Cm4t?((;xl>9W1wE#j_L(T7R0?D z3Ht{}E@nvNY=hp>=_UJ_9zY%d@fe%CO zlkxJ_g##K&u`-paeqzW3f>6g8m<>a`N$cf8fa-9$W8Em_)1-W z08nv50`#S$=>%VOE5O$PT>dL?D#a5XroVvuP=zO7pmRuWaoi{9xddL#jJm+|TYV_%@#W7t+D= z4w5*wQN4~REK5$Ha1c<++SA>u<64{_;gfn15nBwjeuyJ}3W&hoQMC(`aU_sg@c2N! z9Tdr^hfgI7-te8t2?RD^P8}FURX;g}dH4b4yEw`#AWP?_G%E7Aztz`IQIQiFeu9hq zlllNr@bz;f6j^~}=avpkqFKH9Oe8LO$dH=bAd#Fv;tnq9-|Bh%aZ19+H@*-rX@i<# zP)L;fWi{DMK|Ohf>^;OHN}8D1e)3FAK;?5<=f7kCHg9(Yb~0 zFrR)VR#K6bO&yq(pVWer+=@~Ys2vAwo+l4%MVV*fC$i3{l;#s>;zwOKkgH=KBunA( z*mfWZ6voU0NIb(Jj=k@FL;>1i`?lxkLX9f?5yzsp>T8eU`8%SK{^rfu!kM~d@9)XJ z)O9X*<^h+J0^I#fsQ0wTRpTK4B5~s+i@5P>Yia8sF+{1I=my}hd}sXV&l^|b(I4-IgmXWo-wDw`<&RZ5_W4KP>G*z0 zqb$B*k(pAschj>2jmsI-r4&8DcOwiD3;s1w(9k_HxYs{IeXkBPp~zT+ip9+nQ=OpO z_@|XFa|q&Uh2t5O-prX-Os2C=t#pz~QqnUjD0o~aNLIf+o-Anp;#hA_$MdywzUM-| zoiN|IPm{b`Q*+b;0!oE6L3 zWm-UDzt5oqZ}cM;9nlO4tQZye(W z#1I+dt2mAO;}};X#_zQJ>|Gnjm>b9NBE~MpknfLSjE`fCLyXrLV+bTVrKum>9$8j~L?^O!&j${0V7*8?A@Hj>n#z+MW4KO12U;~RM|Lu(> zAH?MAAUP+V{AE0OKPHcYi0r5AqKdH%_z!H1f2bXl?#FPp1f6JA4-w zkDPsU>1eldWwk>J?e$-*q1(%xHNfEmH((1vRX^DcO6<-Zpib2|_3f^L6Jj_OSDLzS zwT4?Yd3*7$jIb*O@m}0PiX<{!L|&G3%s0coO;Q4U(G>t`qzaV4AV<*(_#kfys95St zUl}NmL>(byIt^Y^iie8Od7-8hk9pP76Ix#dYnD)5ih;f|&^jX zhx19+S_D>TAc%tSgyVr0yLjK@c-CWr9%$(*u3~jR{i<0w2&RY22Ab}U0{E=}kMzsa zo5)CP_07OXw9OXzu7Ko{o3e#1o!Lqb)5Cdq97Y|1H8|dazVa~bDd}nNaXi-RK_`K= zz~6i;i;{lyU4nmmJuY@?)$gKlmJ@HAq9R0ohRj@$S>#E0C`YCqf`{L3gol;z&EMFT$_l=hZ+;yM&*YAbd1Ge~!-=@pB_S4=|pQP7i+8@wo#( zTO@e4^7B!|Z#qTKHl+XSX(9CD@foAR=|AzvuE8GJn~#waop{St*fp5Xo2EbdVYX1g zR|#=6yu<3Q&*_LjixCZY_t9j&V+DGE`oZUqJN6noNX&7wY9HH_5>c5S2G1s$X z8>t3H+~J~pJnag<1;`Nm&cu_lZuxU}^S90|hNGM$Pf;VYjPqfVGNZdEJWls0e)bca z(xR^aoEmc@h7HNrR~Mf>+@s9P@F?Ta7Yo+2s{T1!Col%1y8xE=kM6iMY#Sx%m2Mq< z$1Gy79a)m-l0l4R`6MjyiXkt@>3NN6lb57)g{;UX`vm3Vf94d?i9AO4vHjvv=Hz(s zqG&Unqo2j-Ov~5DuAVkvIL1u`N;yc$OO$+zC1w2J(&O#i@(F*oR7giD@nZ7ptBaFo znj)Ke8`Spjh1LgqW*jY_;}T9Byn0&lOlm@IeTNau`K`2kvWd!D)%v}Hz$|Ouqv_>+ zi?j463mTW(-pY1b-E!1cr~HMy=R-U7^1_|ZQ!oDys8&2Gd*oBj&1A|xYtEWtxj_os zirnF$HEtyhhf&;pI5)H`!*@u1{!_ejtO-HRv2vdzPS_X0`>5qwx4hk* z`>n_FmsGILD~|u!8Q5_uP<0X-7tVi^o=3fF*kH(-!#K+OBIhRBgJDq}PAdWyc6pSc zyYy-_j=Do78NQ!AN{Iu{!1sVmFA1k*K{W|Zx!##u=_ybt9%r#Q4xY7Q`JhuAR}W=; zb`1s}X~Y}F4>cwWkr$)Euj2wU$F>a*Yqu7a{mh>pK{r|ZkB?B$ZFPMk>iU@xhW=?l zA7SWU3_WZ>moQXkXwst$ox{-M3~e!RCo}XULysHK5e$8G6+!l1`pFn zpZ(QAIY(x!=`w{D}F0Y*tw~u8wfqFB7!=pMmmEsa`S&k8R>Bis8d6JPZreYCZ^(8>A42QwpD%pH(K=H zh_B(yI}q&w0C|+cXI=S%TNzFo?XMKxw#MPgJA`X0LhgMj{J8R(A{Vyd=a{;FH%=yQ z(RI`jM1Z5V#LD^HRbq`36`>#=J8)@4l2boh+LRg>IUP85SO;pWcV3 z(p?9p_+OC2BnM>y9}JIf-5gP^7AuhH2AL+8-eVK!N=NmLNHXpT`)a)-hx;-5wfZlB zM9N9!P$yxPDTV8c@y4z(pd-IWd%459J(CYZbg#cNjJTN}>@sxa$M~|9iDBE{#-(0# zBjnfW>=WsrW?Y4f^Gkr^OJrNqB{juO4h|8T{y3>XMp!zvVK><}a{y6I19pt-ta2pz zFDbAMD!#D!>g?$KO;8B+SH$T|X;9a{G4qe?W@;mLk>~u6_ha*!j4Pq9;cKu-@4q`aAA?Ufe{)vlbiS~3`nERr{iq`rCXsa} z8p9N0rdCz-6p92@Uz~&meF5{|MQpmFTj{+Ij=^h8)<{YQO4v?CgjA)-K>FF@k)i&qlj@kG0oQxWLkMO8sP{N3sbe(G=Ulrty-Q5FUs zl5xo+?}aMb1})O7*go|tX;siU4q*e;Z`O6*?I(0I{n*t^p#5fn_6tRtl7;s&1@4|K z_&R%dVRPSxY>G|zGo3HoKG=|7qCI_mLj3976vOl@4neJ&Lr$AQP)9>kw-~<;;~LN z;lO6YJE*pR>Ua`tLhw&9Ng3D5+y)$8hb_cMiDaWwVZT8xQc3AA=tytl$4LH)k8b73u}9H`;X z)ck0KMvfx_km`G_QF)2Mry1H^<%4ntG-xp{l0Kl8RZ~`xR66z%WNEtPT9Ttz-hmsq z!8#7=o5=PgFEVA_}$VUjU_kW4P5ke^$85sp{Yk9E%F)Eo&za& zD9yjnpITaC5&TIMty5Fq<&9-@ZObswAm^P082{e|Rq4S6MtYa4(9Y4K4%=ij;X)1) z9+eafc1HOgtzp5_l2K`|KDr%8s3aq1_6864F+y$mlu?h8zYFV_{dQ0+LwtNHmu?0O zj1FsIbd2DeN0-^Os;_Os>rztm3;njd%E(lVfgIRs zmBLF^+S}cxs(vfY!FVyuKD9@+6*uyg4r;@;STvB3?#KPqZL4s77)T_Zvz7 zT?t8FaMFXEbghw80;NzZI4QtMV~nJEnDjg+m2gr&Bk2W93UbmNl;rCYkM~MSg&UL# z3!sDExC3>lXj@BvWdvQ)_v(s#A(FnCf^c+VXD)Z{$L^|=Ng(fB&;|qf?H2U+DC=w4 z<;!;#!0#FnuZIv`rl7ry9_Uh5Gv3{5@u!0__{Q3NAy`+^Gm;H2OK-<+Y=3GkYU%c; zDe3MG(5#*dVM2x!sC3}BrGglG9!SA+2D)zr~RlF7#EtH=Vn3mVTNwX z&X{P<6hk%bcP( zEyMo2mAcGzms6MN8Kf>Vo8EeNqqkvq!ds;OY4M!xtq&2gSX&CdVZ=TahQ<0-C@J2r zw4t$nH7_aNul5d&^{cCsVjbt@05s+ghEij8T+aO}Kc4&`CO^r^79;trc(Nap@8;xV zmvQnjYb^O%Oum+r|1y&I$CI6yJd%@tGm<}wC!dGOy*T+NBl+2Qat0=!974(88_CP! z$<6mc^7owlm63dXJo$S}-onZCMsiU+c^4+Hen`65bw-blVV zp4=CcYdHByBUy?kx5MQ1ocyqnoEuO6a|I;JoP58L+%BH{6(--x$pIrd5+9^L!sJUi zd5Mv{+cbt_@<2}Z8_93PlOMw5bWWaUBtIBWz891K$fM+&DcQf!NScdDpK;PnoHW%) zx(1WVIOzsXDm0SDW74ynG=r1QF_MO3(tVtC9kUX=0u&#Nf37$kG?R{l_iDkSjYLID zvA=gOEtluwp3h$2S@7ZImqjC$s&9QnE1t(HF<9+td*%cA0$qxgbNb@q&*kyKMoFIu zGrV&5bfpJzP;OvXz zz)TQqY9*Z85^&y&IW|ZKYjFXXoBgJrVrU^dI zI4#S}IQ{N1Xd#5*2?#^uxxh>r{E~5cCg5bm zaBv0Va-y>qC{|j`T)Z0iu z_3pp$`a0hd`qUD|NVv31}yw z$#o(FuQ~Fr=bITX{D9Kd8=I0F)X|K*A+}4o={9s7h+Wx6^3X2Or;va^t;YZYKNGl&dSPGP( z--Y169@^-)kCG|=sb|oy^^0VIEN0poKBD9+q?ntPpZSu}jvu*zVoL@pA7ZbT%vYbu zCRgoA?~@HzDBER^f`D0e7k;PfftD_dy?HtXDF5>bv*&{pScXH(e@Hfko&Chn zfm|xnD`SikXFpl^h}sNl<#-eILS~f`!s$t4Xs_V!A9DnC=I6a0GSuw>B|Rg zebHcbK)%7=`TQ+fl*!^kCv()VFj@ZE08xL~o&ch1dK*AZ60iV3xW|vTGxRJitPbKC%T9RhC+=lzhtkS5Pm>F;N{jZ30qWSbKEu2C5bdToKs~Z|0zO+E>z2bR3x$3<@FoVL+!`Q)f9-wW{5=KPmW8I|f=HBQ`Ee1Y!PKOU9k|5fwr z@tdmS3Zs&_RBbIcVVNA8G&UnsA}OneS^?3g~dod(n$+S5&pQSNqP|Tk*tT$nCp`2zch%3fv4K&;Eq={yIpxNi0uqJA2##-Lm*wq=Ls;AFA(!@uoKL zuGW1UV%9bDo!;C2U!6awcHw5wlzK^7P(;T}OA7{}C!fDv>D{Q;qD2H6{mQ3c7=Gaf zD-3-k6^sND+fG4)s_a)IE*S2n03vVy{uQFzA;h4UNsN0coA>)_)TuWZ_VU;4@y{iB zX$$<@SM5q+w_QP4C#YdW4flTik%5AH3u>j%7W>t>j?#T{Y0zF>p+jP*%*NA~6!vdm zPrwxQ(enf$2zfkZW8=b*o2-Vv3!gqBaJ9HmkgMGC-=hZk3*R0D55YR0$6P;nOu9AI zC*eu1ad_y-;?{Qr>-@h&`bW=W5va7aaPeP&>=s|zv!Dlv(*F~s1L0l~ujxElwTmuE z8#Tx`9Pf*V@0a4m=!J`i!>9VfJV=Yd7X23K+xC7nO2%uN{=y5J{?J`Vi%Ru##L(N( z>(?~3=?#>*WKj#>G|Ib{uA8Ywc7;IeG~aoKzZUK|pdJ-yJ%?l70)^EMNw17z`oE(h ziW@&I4v&4r8EA1V?s3ViE&<8%&1n7L+wCH~-%gL5^>%6`^X>MLj(FK`0>7)#%wsjv z3rF5GmnZD9$j8uLSZ-9W5Zo&UWxwCNeE{o)Ox`4D_o!duO<~UsIq3YTnhd_;zR5(+?(B``;t7p^bE1oG#bG zV6tY#K)Nr+t%Uhv7raVS_R&Fy`9P;w@g7x`b8v$u%F6G@Va_g?lW^ZzG}YHv`{X$7 z`6TEY(NEtwuG3-2^FZO#Ucnc|ug30Iu9hz_q8Y_*0>e$!ufO^B34m%(# z7XmBBN1foKNFB~O9bOlVK{T@cjPq#;-8jV_O#9%U3jfOBUkm)JMHBwj(aToskMN^f z<0><}liIzCQ-o`SCv1OhUk=X#CcmT=uaI9-3Hv3@dW{!|Gs!P$=?0Hdxa7y-LXE4I zosrPB%J4)gd4)ZZ2Fcs77h8nl^Zm8dd7S!J(QpKZ>6B)bdfRKfIN6Ak#@VkK8@jK2 zoQ|_>Nt;>rf6T8QxtcF0I^F4jra9#)Zam&Ha*$G=zZPe^%~%Z$y#2?VdI@KF?`Mz_2}?RCCGFzzicv~u&t8w@53zB@p|6G!t=p&Y!0eAz_u zt(iI+j{x{p5AQa&sJHaSj8p?D}cy?K2aMWKIPiJS|^K`c00?MDb=t4G+e30hwJ?HR;Xzz9E zHRJ-ZE6s3$*qX+k57$n!MuVE`uacrl@d40nWXr#eQSns*?5H+QeNSn`jdFFvC_WQh zqGOB%(qTdB6|dqT+hSc(46{V!?9<2R>SDW2w|oN1vc67?3!n#D+xdPDw5IzGz4A1Z1Ro-2|_+dTRzH&pff>#XdHGPb=@5e4v2eC9j1|4H9Q$H-4S zN;!^^O)Dsx2-}1_%EpW&IA=#<(pOpbIm{LR>CBL-ig^+9`HA7ccQ7r!PR zzn7FG;4zta{8S2T#$dOCuLC^cT`>Y5M1i-t1n=(&KRA~zr`Mh0V`!wfC!9@QgJXMf zEQF_Vg;EKN*7<@M3JdHha~H;Qe}zT|NRubdM~!r$6q~KQ-JnF1p`S)BiWlFC#oToP z71P(lC|{IAF?1~+$({v&XuCdwoaH2Nw*LXu<&l?pbs{<`Ea4yB}~D zhPr7g7K_nwJwv^U!snkY!Ey`zG++rJ7Jn?sXG!5pvG(9?wS|Xu4EqDneIwfw_70GE zNqrtFmpo#pgTP9cW{J9z|mX-KUi09}3lw zk4HZqcz|1RhCOO{Nmtc*XkZmXC+PNZZq_gCF_qMFp- zBD=EuY0@ljFOU4EhUSoWErFK7;;Ox9A+3@sFwC^zu%KeUQw)4S>h)4|a4^~c^ngXn zp_;|woswK2g(u<7j2IC;2DIRa*zN^t5syyK7lQktS8$9fF?gAcN+5witmNG`y%LMP z|1XeN1{umXa43=u>eYW??M{^31y$mMU*M6B+$z2#cHpga88dp-?EO;LmGM&UK514h zic&qGr3l)8PVps8-I~Tvvx%V*I^URV_HXu}OKl6bF!hsrNV;pc`8$*@9U%A*Kx5L9 zbuu78=FsO(8jac#A;>SvoXP~9_B z=@N^Z$y@OVG%4*;beDovI9@*7q1x5XLM)smkH|Jy4e+(_7?V=~9P946Qkd-K3r1OVvW~SnX6HB<1O)?l18e3&jLGswILWT>;f#~w)z zr6dDdQ$?nbfdfLN+S!w2Apfd-Ove`+sN_JKkM>ljyR zROC2>s=xWL$H8K)rF3bk#h+q~$i!$CGFon8v`V~h-wDG^_8B~2USenmE~mGjpiZi| zvWQxv3(rAG%CdYKYYx%2-lPn5Py~6I)Lr#GgKLWk-MJ4<%28)AAcyUPHRR2&{|c1X zw~)%Gt)m^k)ATd;1N5LB`7^SF8ds{i8lz6sFhrzhQvkAuz2xND;!!pe5|)A--{fj_ zcCoQU*(Dg;6ue472f@3~b_nt|^70|cEQiI(El?G2=e1p&e3(aZN;s}eeFh@<5*8*K z%m{B~BrHr`BeyW*Hks8r=2-|%~kQuzIQF??=b|VbLonxzXy~|-Tnz`x8&qGf)b*K zHU2{hFa?pcvaXwPhWK}q{F7c6XzjiDeD(wlXMTssc4G-?90UASRM;z4Qlj!rQguWx+S_y~Pa3ID|D_>Fn{&92&mU$wE@46d)R-K^c3 zwYBt^#b2O)agq<2tGiFKSck$mqV-31&Zn4*_(Z#kI5B)k$H1G6gXt9)lE3tmbpJ4U zFX!!dmM-aso{f9?Vqr#^{3ObLs)YmT)xf_Wu-{Ij{c=j1jA@_?eFj|sC&~w5$r6`b zi1u?1;rUtUeG}W!In#iMQD};5L94-mVbq$WXf!FyNm`uwJW|a0c^``5si$qE?Sb<2 z+!Lg?`+Mi@H(b}TPH1;B=@s(-z8Elzf!KR6D9hU-cIF26=b)L8#GXE3^wgq+E3-w_ z`GjCtH&Y@X|HJ-JJ{?ox)+5Qg)Q_LC#mFmVkJ5UYjx=-q&VQV@2=UM{Rq-cWw^JXda$ucf z^GGMZ_LS<=zP{)mzV4Cubp}SjgW2IF1cPMz<4qs1rcobZ0CeubOAY%&rTX0vJ$md~ zJ$y`v9^e~=cd=ur)k^hWQ?O#Oz8+p13)Kp(rc>Z}5{(vASXkIaQaE5j3b~r)|3BOh zE0bV^RUhAxE=alCP2MgzT8G2y@miOdNnF*(TUpoVxFX(l#(p>YtKl;9hqcBYEX*rw z$@QSOK}0?3wnlgB%DO~*rziYACVq%p4ql}Dpb?ZZ(m8IQZgE?-yK`%NevDu0aO*p~ z1%LXwj}tfA1_oNv7ylu?v~8glX=ltQUil>1;tt|ngAYB zv9_L)!-xeLG(|cje(6!(FUsJ9tBGypvtp}&7RB(=b&)L7ewTa{2R7GZNa1I!9Q4#N zNtP6juhqvMHKMP6tv>uHFOgq0w#z@lC>z;s+`Rv7>2%4`?9Tn$=as@;E|3CS*F`es zB>GbvyCiJ8&?_Hx=bn%ZW(yj<;>4c}o-xMYoX6-y>>`il7pb6mc?O>5nt~B6EPrZV zs>)~A^KD4#rE9Hp%@w_3@M`tz@dRNxTA-STMr)q>ixMK-8e@4Es*S%WL41c1JCf%;$# zwt+mojJLXd>9=?r={DdhxdU`~WqPy#?pQEw^&X<&%b=i#=k7zD!X0Qy z6(6mXR$T=Zc}+rhfIS5VJ>(9mG`09Qb$zY2O-2Q7`C`k=tX>F`-)GM?|w7yQua zrem1kF%%^9dp^zx>jDX;T`wNLX~aX1p70$TC?*#AH+Ymq4qR^_ttv?=^dT)itbPcW zrDz**B+=;81>t-y-LFQfqxSR(EvQy}03!|3la!89pb8iDKD$(~)&HjyxVuI0KPk!1 z7Gva&C<*o?+$~vcn7yrjJbtIDbI!+8cg3id*xGTdfJab z{}A@w<3Ps$MvMOFD%xY{;lgt46pZ@e3f0;}BUW880YfT>{6gVrT^~II@g-z{fRb zt}ijPj5euab*9Zbg~ttwIQ;AcI$Rd#d^o*l=G*A7+1Int>~G^%40(9)&~(3#(giJ- z1Ab>D)c<9U1P1<)0tJE?JVizvS9d8;k^wEF$l?E+j?#CG=J_2W)NF0RSx{M;6`Q{U zOS(DWgUcQMqtKm`JmK`#ExOL@U98-35Acnn`T)8(-MbH!*yONP@G2>&w-kURhk0b3 zLsaxu7GT&E|GotO$8S{oU^GV12M)x9-=C0r_(tT~^e5;Tu7wi^6g%bzO>{ir@k^D;-fK z-B|mZ`Y&Ncx>5s;paX7Tc?$<#g<&5J0fw!iO@26Z?SbKM(OuA<|2SpAIXsEy@JRr^ zW;VLV z+1NIp*|;6p;P4I1!)bHL)Kt@4q7=~HlgPAOd49q3&im2i5~w{TS+=1o=ZfRV=)w#2uT~fL-Z0AH+mDz1w50p& zftGgu@2UZaq({t-`kod6;YeQqWye5+R-r~qgkU8ddMiZ`V&xm@QIerXPF*oDDgzI? zm~ljG4|ypnXB zS$J8X0XmmK*I;~q1C+ra=ysWY19UP(AQxIk4bZP4(z9*cNCT+nL^ zPvL2wRUBwP{Q(!I}FVOJ*S%X?dRXX&cwCB*dlgQ5Tk8lYtLAFIWX^cYj<93rLB3>7Wn_r-=a~YcEOym z&J!NAiMHcf)mK(p*&hLSgX1@-x_tlT-=Z7yJvaAg2$qb)(@DRFttc>buubD#b=H~ zvil$6)4&Wq*rQwq^Y+8EZ6&W*M?W%|+2s|u$wkAYv1jBz->E!8m&{c*Z$%Bu*JH&& zyo|{y6IfE*S+H_hJTXa##<=<4@!a>B>aWQ;J;{G(F>2CZ!JwC+e)|P&|7M7}uBWc0APM6v0=~qWHM&D{NBPAi*&oEG8`JU!0ethL$+q0x* z%`JaXp0x0SZg8=(8n^!NjxT?v+fwh5 z?R_B=XQ0kfEK?F-^Crq(e@0{-=vc9L-y`v_t^QS#*TaB+ZyjTFZ0~SB9 z6g5>_#Ngv>Q4)jXJX7}Ogah|r{-VXa=qJ9i@XAV?y8n#x24h}H+oVliN6eZ=8|Gp|_vAYw17eLHy{I#Ugm1sc0G9GWK=#Uix-B}!7L@|^ zc&PD+B%Zew|I{84XQcPn1_RZhSaXoXLZv%t~;#vz{7 zw8Pb38-eR6|3F*_0utTg7PhbXYXA;99pR^R>D95|H8XMHI8_RRFhT2@3=e!}d!s zvlMuk3=b8lIA*WiWic{4Z9Xx_A4RRER$9^e{7Q?kJQcq0hJ-pxh5DFhgvI?Kr*;5z zAkpM#B*iLq1d`_C^%y*-P}j#KFCGLbP=GG|VO1?iw^Uk6VP>vU&xxwcJKb?2k&n>% zsY>e(S>vtXi_-zK3n0A%NRh`lF)Ps8eQ|%LdUk(UXO97@pyA~JZhn;NYW!e5e{haL zECUeEhP1mOO)Dn70FwurlCgqrz~ugzT%}$F?^E$TQ%?+@e5U<%(wII|mQF5~cRJ-3 zwdbi6yglf#DoJ^i);@uIU=Vn0E9o~Aw^g` zT5g5*1jH9!hKCx`b_Of`gQHQQJ{Un~ODEpOYqb0cx*i$00ra6d{(8~Yyt-he4@25M zz^LEdN~ligQtc*~ckkP-C1I?*6Fze4mBq4sHar!}Ry=RdgqkN{{EYGJaQ6_pT;k#+ zeGsSqhN-Vns^8Bk?K$NDraZ(c*KvwgKq)_Ail0-QoU(^gp2L*u#v{ASC8(1s^b6SP z*y-=VXqAli5uyzx0%-i;Re_{T!VpvZroDQ*Aehff8hiawletmsB?Zx9FDQr>dm864 z-Hma=T*Tx=&V2-@48fF*oHCSCGC0MBDbH|Jt2JIl3qM zx`QU+3LWx&5LpG&Xn=M^wYz~Fz_q*D_Md-<{r#0&-i=}RD#rDJ(W={dRy=>E``e>~ z{cDTag=dBSDJ)~fXI;35d-%5j6sHfZTRHbw4Zj6ixYKn|VrUf3CoA-NygGUl{`H8S zKViOU@W?-V0jzH^8LT9zJvD*1(eko-PS@DdCgOxVpO^KGGhFo+k^BJ2L9H_-Iw>wiTtvUl1SN znpX)8aA86=Q;lri6*wCx?sjOC?!Zaw5lc>lOIzD5$VJ0IW?;aGit)pn!*QsX z%4oPKzh)6P^Ff4x29nHk_`V>V1h#d8M$pL!2LIxl6jGz+^8C|{mSRSb90o+IR5;^r4(;Rx!kl zms&PV3t#q1;Mh5f2f8WBf}Ji8d#Qe5FSJQ2Yf%J}zE!S`bn=FD{}Yk^81EpKux)h; znniI})__!N4X2FDDshESodOaJ_QUh)QAv8jLyPddxBdctA9yGX~wqv)&K9m@ZV?hC{7+ z6skt;{$yHb>^d|6z6$nhK!$39{nSoE+^Z^zJ0m$(!@>RNR^1e6xmOImNiBSw1=?8# zwTuUhas{beQaH^Gt5KUbJTT2!V@snEBHSy@9oXh@iXDAv4rfhq8Wl}h+ly}7zB0`Q zvgH@Pnt%oCk)I_4p!^12Hxucz#u;cCCp6>ed0>RTdY~|AmhFD8rGB(iZvZ6E5KFMmcQ1U1;WXXySCNhGz$uFu z6eu2@Hv?AxCA091v$7WZm?XZn6Gk8MFp7DC#QF9#t%$CQp+0P!o@QeHcfIm=T<^#3qz{c6Hu4aIc0=$K zlVIa~gJs#ahjRPHf|oSdh5-9+*_%`Ez`x|=X9^g2r=|N#U%8C`3d&-maJ|<{4CdC_c7@lqQqf*6HhlyFV zksEHhrDF#B2awic9^b-}E>G+ZO)9Chsvg=IsvQwe_>M}tFPS(o`7UgJm3SHrgR6t% z7r!$|l^K|egID3XR^g0a247{~FSZ!G`zyWj5$LCuqJgn~>Xjd(eo8KPUimBSRqBX# zz2X1p%fJhEQtc7O{csE{?5^VHo8URplN<)OX$u%uf-u|~xN?j+njSg6ap_uBR_f;DcpCtd_m20%;$fB|-D)Z@T<|{1DM|q?Doe^phL+Hld zGuD9BKv>2IK&1XV=ws4wH$fwdORDSe{xx>Q9+TuR9yvC;^SKbcC znvVEI`;6=`%7H$E7WNQqio6dZkw(Hm@aJjQWBqe{XJZdjc^cJ7kMa&p^sLR6R_r71 zu^`$67Kh&e9&o~e8{;Pen(6`AU^nk z0d7DLd;r649bf5`>J-)0O)VQz1eTii(*ZW(??PF9zB0nmVNk+s#UuoxC8u%(iU^VrrPp0qH+{#_?FpAt`TfaIgPk&;~u>JF_tKMYwSMv}_?VKIV_+LiaU{>C9(jql)j} z8!a4H>1JTjQZ40fbL-pPfgOWABma%uhyfp-8dRnY2E?ZD9 zUX?7+RH&V$pW*(r|0~`?4Z9_J8>35|@bnE8LJm8xjy?;Q$HRtxJAeX%gqH%#chH^c zF#DhD>l8gtO;=0C?pwF;jJ<-?NI&SjerSLk`3X(u$J7bWbG*|k@-`!@R@P4R2z1hJ zDSDti!4akQ`YzxVbY7j|-)88l1;wJxcWJR)<%B_|VCUjrV*X-&A<`)^UJh;>7@>@C z?foly@V-13C-y&Z&cXAEk!6ylwOFx$x|-xGguhl_mJ=^h3w=#}#OZL$e`CFEl4iNP zdz68-kx}ACXS>y|`fAsw(Tl;tchpCoDOTLw;e#w{F%_K*ID3z2c*{rmdltGWVa04( z>1j8|j)+f#k)`$;76%Z)haM}f8u7876 z*8TnDNqgnYEA_!{jX}T+5}+@Of#N9 zYk&Xra=QNDV=G4}GOf33F^E%6l!v>-hyGyS+RQ-fJTY_+S_9DdLi*mEHR9%4^k?gR z6OJo?yY(HK4DgBJQ5V3fJZAQLaRxe198(wF#A?$Au`q%decDL8#z@3!VD36u4ckJE zC-+Y&w;7A#3BO-vVawnA*;dXeP-FE(&qb^E%;t;LkMrfk3!V8;y$!Bh)tTGq3{>KE z(7#MaH_=x0!ay<%?oc=FuFi&WYP(ndN!yJph1LaP@D+OSi6Okowj6hPwC62Yw0@A` zcF>a!aAl00WvsydOU}wXjD*`vfVy~wvz!+i7{=_dI{8twM%eJ8 z7GqA8vZQc`=Xv9tq)t03N9e#aS?2z=8{LTfo#C5({EY)E;DH-)(N%*sjgxd*$Y`f( z&u(;z6EBi(urlE+XW9Rcw?6@oqD&sg@#$oeOhQ5r$3PH}AOR8rmgs1xB%9;0kTD(UpBjk;)eTwBx?>eZ_UJ zGGpWqQ3^XRag$4^6t{22MQ&GVJ;MmrP9JQ#T0dz=H5yhub5T+@9X%@fv3pu^6rQDl z$DnfH9fza0TB&&XD9hDi=_A-4c#gjsj#IUoYU_bm4NZEgWg@UxI>V? z--=7T9F}M>X;%^ne+_-?Pqj_Avc>3oFA9h|V|%_PFxO)bq4_PwY$3ZmBRWh{+^oT* zST^}qY$U9N;Cs*%<>(-0rcuczd-|=6Ji7yZO3*AjS6{@DSn2`lg$a{5+T)1(u184Z zG;o`Vsq1KCx^g9&ADA*l6X6L#ED7*IQ}$}};WGgY=+e54OK)avd~Ggd_h-Zy7A7~L zfxnTPx1{i#jJ$rZ3HVp2QYGA`?IB_&(Df4PycSxk(Vm{Z2&6WxKnFIlUbkJoel!9G z&}Nx6&tt*!_0U{gaeez;ons32YnAh_xm-%9+dg^WaBRD?hKDzUpKkXFMaEYJnA3!jCwLg5h7P8AedIeYtit%E~|3 zHI&!YG6y|sVI15Wnd_&wSH_yOlm-j)t5JoA=TYWIaX*K6Y-MamejhuapP5fCMn8vI z|L`3AUC}73Q&YJ0kxqUM>a<<^DN0T=b2CfoqqEW7$~_LeWXLlj+1=0e^R3Vt^!srY zw2#F3Sp6`le%H>O<0!Jg_xQO;3Hovo+mlYvSbrRZH9(SZ$Kr>z7aKb(k*zqiP_q}#CLf%w z{ly`aOI>8yy=ARHBxSHOg`v=VvlwpNa3gcf>k`faWxEMI6YF+ydxhken|K z1CCu%F+{i@f*|)8^zdAo(KUB~RYf=|xD zn;Au4HiuoeppRm0sx^xF7(Jss3;7}77dY@AA>W;Q(K7+g^3dK}b2E$d%T8BZ1Cd87 za6Eve`Pq8Sd(6WYN<>1dcRZH&=Z(B!Fu73+WM7K(Z$X}{J^|#`eoYGO!_9%6EOyne z(+5WqYY6hiO{S3Bxek;ef0th_Jt}TcNzlbF_b?=$aF}co2PTcj04>Aj;OPrn8h$wb za^QNE{Q1qk=F652bIvoDxP*qQ^#)@K(bS~hbc~NVi?1BKj18o=TdD|%0hF`^0}v&i zfeUnyH^X9mBLwyZf_2k57@DmFK8#q22=W$!RNTx#UPF*KBSG-se9_2WPvmEt8Zfev zwvvGqEetM+%)1Hm{=oCx!J8tg{Z5<2(?L^mrPY| zc87WX5^arfq1FE8OddjS%gtqgl0utf)y#;^vBm(OmPA*^`K|m?cfcPdM?|@G z?lI(-z=14d=Ch^6CPU=7c@uN7Fqg5iD;5AIj3Pf@AHyOTh;A#3;B0(*6FIotUL*jr zb(Fx4Vb;<23Oqb?q&@53H?d{vMOU=|?77-dTII0p z_a27KJ&*|rk5x*=Ew`{Zmis;1o%;K5+6Cj`S9((*t9#@jFkfD+7n2a^(Y=n6Pd)bn zaSg2%OV`u3Jm@H?gQI4VHw9%2>>8078zX!1%(^5~wLNbexeJ4Nn=q64+QtT>6QS#& z$!N)9d+AzaYfj=_Z_WEHx>ROE{ zJS$w$0<7qgp8?0U0|7PQ5R!mA@%BGjkl}_Rmj7WtXz+(LTD_`z`H$(z!S}o$gOQf_bSPg03#l zA>BSg#TL#;VJE}p>6|mN37jQGce=?gbRx#qg|9Tp@Je+&G}+!9#wr9uY;B6*r2&{STM`^v1EdciN(3Y4CmeCf68y0 zT?p9i>ln^e3}6ufr0qgrCGm&vGWpq3a(9<>y~(&BZ$=_UX+{&YWOl2KCsJ8Sl8HAN zGJ!jdgElQswYcHbw89aZ=2Q|>UCP`vG$BXNS~#emTxYn!r4bmy9C0nv_CR`|4~4Eg z7||_Q!=tVXtzlf&?yR%!_@6v8ow*n=Q}jQ>bV!ybF!|a7r&8@sXAV5yCNZE8#9}b# zkU+@>x86Lu&-84}3`NBc!C;Y91bKQZ3rh>u4;yPvtIw z8d3F9+~1<(BxpS>=v>|6#;N3x14j6TsyunX z83(&N^(slZ0DtZ4fe);3kF_qo91!be(B@fQ4QhKp@aeNW$E1JG^66K2>VqGmJ2K^y ztO_m<)@x8n%z;s!fuI`exx$fC>*-6*&%Yu^=$`|MJ_9KFB3{(lEfv9oTLn)a9*P-b zyr0i7k@v1DZPkykK9x^VJ6IXhv4^Kt;~SzpkUK7|^CW703qwH$pvy6+Z`U8GkoO8B zZX?82w-K}V?(BhwOe5DfydhFIlbm({e}4dultx&^jcttYFRi0vp%1!Uj33Ip#58L= zerVCjz$~zxU0ycA7-iwv-(Bl8mAUIJN`}7Ai07BbE-LImxJ(%IYF|aUuQ`Ls@X?3r z=vIMVRChD^ACPxrD~OKEJ+jIzSDw5)IHpam9>;R8gxv1IK5cXLew5nNJE9l%d%TQC`asZEzHO#~jD&&sWlq1aRj(I9m+rZ7`R9c+rU(nZ_zLs7~l7k-H z@bOc~`%ox-=^U4TMZL7^GG>uXH$076^eU1wjjBgF42dl-obxTi0B86eM_7cANLLP? zwUMqI3YaBeSHqRV%#hRpx~J?ti?qlv(Q&Nw#IoDOl2az;<7^%oYOd(O$3hQQp9Q^e zF>M=%iJYT9>uVOpb%^P975|ux7Ll2G`uy&H}HQPdnJ&ww^JkrT%>mw+aV#Vd5vuI_AGmz;n< z!K;|y2IjsntlS*9x0{Ll)<>-!ZM2fy1e0Tz*062xzafA7+vL_q%=E~;Anjt}?N7q} zL*xi-SUoH)Nv|B2Q1l~g?+WP4<%k<&08M&(BMi+BV98;g%K{r{Tn=RE!3AK0Z^kdvd4-zY}0(GUi@0G}H#lN<9 z4Sj73``Tvq_9(BPd$!qNF&j10N5plwg)%naSN+ojKZYEwMCe-*ajczO} zBHWPtmOeShVW^iM01DBcn@+=1oYgF&N9T(s!*^iM2ddf zk`D)&w4{~fFyjujV3x1pg_0Ay=n`!%t^ED*mCBS^_<sO;OTIPLNiKXx~4eU{-vs zQZOqxA!2_Q|15~x_uBo5jtr`4d1{(nxh>?<11$cO_aqm&5bNhcakbg-;GfkwW*Q+s^-Qmu#V87_5g zJ)M0k$f4QQFcfp6NRR&*x>k$&K8kxLeX;=dtH|!a`$K(LO7j(PjD6Duc0wrS_1qIY z$1SbtuavO06xx?_3NJ<*TY!hk5&;*BSYYBFLx2JcEApO3Mc%zjxFT=Jja!Ey%-Y}s z!@hv~lhtNB7=KxWJTmM-VQ9#Q=xGh-8eLZ5^KAumSsHYq&b+|R-<*l8@Rv?~AF`Em zd1V6uu=r|Vc=L$2osDs%fIn+OLdUIKBF8$xspvPS3H_ru9k^4*q8GJJ=vOcot5HT9 z%Ku?y0ytu-9i}l({XM)vp5h;Q_4wj(_?^!}UU%L#!Co^txT1W6oQ_@}F;|>W%j_zV zm0RacGC74WW#LPw@cDQQhvsV@gNSXG_jP!+UkylWmgh!Hd2Hl@zGtkO58-RpZsk#SfHM(GZV;FQgTd53$_ofQ?W^%rf2_D>590yi=^JML4Ksa1 zEcr9mwaN_S+9ynO$+aFP#`v^hUNbzzo;?QR7K6aQFlV(3hB8kW#lHxo0b*RV6pX}^p^>%Mj*vqsPyL^T;ndoNFhIfI9x!4dhP-VXpldiDQaDgR|f(qi{=j z)Bh3SNojS`3u-K> z@V*~F_nNEEV`bjHFbv696%<{~ih9yu6frH>n}^!K%-eWoCmv=4(CU14V%&nG`{n~g zP?OUQSRwsd4RGqk43ZFS+R?%&?O+Czu3@mK^6n(Hu>V3b{T06oCP#_xB_cmlGO;+^ z^6#DJZFMf;sCcu2WXw&dRq{{fTH~KQ$}sDHDS8y!vnaoA==kqQ3_Jkm_EI7OnzBVlDffzQjlVNQJsQz5uPN? zcMUnTwi;`;H}-HiepM;3wqEZsw0hMkslJmmb}M`AL*n)* zBtfr0w{ByQH&ZvDb%yq89h<$0FngE)JCZUjn5pp0A&`j)!DPs3Mw5X*@*FGVU;?`j zLWzkOCVLJZ{7rs{h#wX-s%iBCBB@px7_=>m{m&)DZ+IDNZ7Heq43+hYP5x>1#pe^m zN2`iYwiKTmDn4FmIl>iZ6#~SFdUf7o*i*qk5k0Ra6k!rVD8f6R33(ob<@j@R25mUu zZDYURE|cMbbqQ10x}UMpUz}rbffFsdOLe1<=$J=yOo`=!-1$|n3F^{F) zcr_s+lh6i_g$Ny}`$Jy0ALS%rZpjMzPJI0UE4>PA$MWXq_2 zEOuaBW5^=mw6+5Kq)<|;9t55gPSwR0>9vR3vfQc2sduqnpjSsw^~Bd zjgDfjw)PeKiGf4%JOcrTc)BBV8V%%F%~}^{tAoARGij$LuxBECh@}8N=B8e8xcqC0 zwQAPAlB_tT_4(ppc0QCh%JrDH}Ss6^>`T_}SF?=Ml+w0jAGWYpHga^&>W0)snlpnf)3rcT} z)MrKmLOGW%9|vdENyQh3p&E61t?a9~2;DV{>wZP5S2!%sGy7!W7^xzJIqfp+VEz~) z=x&8)TzpR<*}I4PA7vq{8SrWZ?#6)41ngN9c*4|5-!|mP5#aL?{;OPCSm^&Vc+dPz zj9X#(>6pJam+E`AiRw#<%-fsD6KzGu_g z9Mx_3IlG~j21smY7>SiLBv!sN0*OW8A>A5@eVN0N*e3=OTg#BxhPFtooRHYs)<`U7 zX%~J--wO}Q#1!L;XfsZS^cSPUQ7teWs^?B*GuP)3<t7qLLFkhnTpPG<+?7YASNL zSc?t}C_UjZc`mAG4$!}(nBh%;C-iG;@=OY^_0x?o+AIEHoI#oFfCButc4sU6*OPuq zPV5?DC`XHqBk?m*|0{l$ox{d0#s_$BsT|pzhl6?3=x}sLgKv<@Ku|fpJD=j-k2ZxP z$T^j2XZjatc1@ITBXJpBeBTjzEsQ$*Y3WfC3A}I>-dMh`4bV7l{gSB>%MlU~c6kWf z`#U$FwyZjB`=52-cwOqig^MtXr=)-AL=FUgQP8p_8zm#VO~rV>`2s-vZe4dmU2a%I zy(MKIqSGEwz?oa)vEbJIJez`uA`>u&jFoP0c9(wb9gi*p{(|-&*}ThE*6OT^fQ>?j zH6b!yW#pbQ9M)B8V@EMk#13>zRvo%yNbeEN^rla08%FV2B(Id;bNpc$#ZM2C#juWCKWI5DO~04ioa2rp7$g6|1N(0X*f zaAKRyPaEqo9bX+Iu`AawH~Bpg_dr$f4Rlug`d`CGPHRaVmVD0p)`T z-0{*#25=AVKtdW%Fr-ljNaKjCL_sBlG&T^@I2r9bX;EaLe8wkn$|n~d6gh=|EUQlW zG#IPONTka(`BuhuAFVtU9lsyrP!%FI19bb^wsd>zkTR|5_mZQYRkAOyybA@bd!DMC zaueZ`=%sUHe~h;e+2OBeQ8lUyZW7S#=HL;8v;Xoktl$$P=%$mFX$`Rvg{5^QBlPru zT7Xvuj`ws1Q8VHZBpYf93Zuj1Jk*KU$Hb5`azZfah}H7YLY%{_4E{ z2wVeO6hNY(P!wZ`R{&%%8Pd#nRfaE};3W!Prtvy%Zu7zaz;U$oCDAHA<9jImR7_`%bECsI<< zfVGQYp?SOQEQag>6KCZic_o&wR=#wp z8<=TF-|d}q$TBomD$X@|JK2?h*1H*T0D7M3no7bF2l_iNj5SHVOXFnaf=fYv);Zo( zmzuP+GdY+H0`s&xP6#=7S&)e?d&bdNqu|Bty%IKgEqD7oK%1FK1Mlrc${T*$H>7cJ zPBXpMqO%qkms4MHbF9Uu>U=X_CBBtuuoEZ5pt@-JP&}zUx5&ydyApIOzq*xwqkDDi zWDOwAdhPi&=!UXD7Sl1*+VloYl+hwUcPrnzm0#S-kCO5^T11%Fpl{I)SfjkK4zGdb z+*;B9DLM6=l2YTav*_xV`iScm35IIu&bd|$B=?dg`fethEC&ma&n$+iJ{>Qc>B&Ux>-7S>{vI~R*`=d3(8ND_|3Bwy6^JdG)09C`^a4sG|ra*@UH z^=d(yuQ|%)xBUSUT>iedz>iyWf9g_ZrDn3w=GT+Yyg10v_8kNoa7r2sQW_2tx^kYL zqel4?O?f9DGn;l+430O6u1Y|&#v&_mp<@jndQBN0OH2TtF|p(-c-Q_ioYd?ZluF(9 z^!(AJP}d9nYwU3Rd!PyEkNIbhiL2wnMYTo4(O#9hZ`@V*ZGV9w(6VnMc@#lii}k8c z9HS_k+Qm6ZM1&VI-LuUA9iZ^dzDsek;!g4AAnp`kw_*T#&ya{+vAY*;iB2c*0($j| z2KQhR&e{Fu{J_To+v>d~MuWbNK~}u?L8U#s_YK5=dO%rX6$Nvr*o!q%g2Dx5_` zIvBYi6E@7RuV8@nPBbbMq1U(9f+MSy{F&sx6c7smFdcBvSF$=g6Y2rFWiMMlJv>jq zm+TC6%z-cAchLcyVHS}po5Qi)={>2 zwc=q+z9O4xtR>jSe7ZF6OU70V>?2e$p_%uDqOXsQ`B!WX-q4MW`6oPh@5e4tC#YNN zjw4#CP#t#v`b1cVzH{cKNxpM}$HI88pfeAJ_ny;v=(pALT`)JRE@+n3$@CF_tjh%M zXr;x}@%EIEM=YH|VMiTl)P-ErT-ZOyXdcqIgdeN8>LPkY3rO!0p_}*2z7*4{UXt>@ zJg-h(SkF+#{*`g|g&IB^=t(R&e*wi;?h4JivK=<6&{PcH%RUn6O*iZrGL8aYLfdwQ zi0mvNNRKSsc^PlhT(Wu zT`zch`c^JOOshVDK9HE>tA7kJaJR)XAp&=g)`n)7*on1)DeIQ3HH9`ge0BJ*aJJF9 zk#^!=ZRm?Fdhkvvv4fp)5~CiYm_7QBRYd;V$?oeSJ$Fm^;V0gCyHqKAa&B>h9I*`SpsDt zccyhoCn;znzaLiD%HgtUf>HKBdMJyP#b}h;M`=_x#R%32N0N5>qbNRnXvqfs*_K8* zGqu;)!vgJjdLSlPdla6VCe9K(i84F?wPKdL44*%=#o`B+@ekM)4V^T!vyb-M?)sSx z%i=kDXjsJ3Z(wHzencJF8bb6e)IBUTytnf7_#&}<`NUDxA zA(<%dkY)-Ma&FAbuSc6!f@;tbGRzad)((o70iml*y+3RwotqEb#&1M zS-Y1GW?{LehEnE*UGI$vC0?KysWAay(6!W1s*@M)8cNBaja#9aCYipt;rN+myT#Sha+Sk$Cj zPmMO|l}gf$@C$Q~ruwS4F|eiuuR)O|sU3(npTW*BJ^97|7Vs`WTA$VKUW)k;(Du+z zO~?F+W{R}c_ZCVNweY?iGP^3LFm23q^Dr#PS~Rp*+_DSLX2qS4^1p4c$DeQjx%K#i8_pGHjyxu7oBLov>u>`!7tVVIm#Z;Wj zwK*(=yLOKf(X*0WovEfbvEYEUJfiQ)1a_eZh4-++X}oZz5-~_6%R8g}KMXF9Ae^Qy zn&npKr@)AlFS@lA+~4W#fb;JrwV-QZ7z>fSyMVfxrElUfTtg}3d>n=KSM%9&DzVO* z0^DaXNeh3WNkWDF;Gov_LbTVrN3+tNs^Yvng!L|fBhSJwCOSi#lUbW@CD&^k7DVJM zV>xSBjx{1Dh2?BvIg284idjxM-SysHp?JHy)!`UQbG09H!WXdrG?IHPB@$IPZZyWRoWo zNd)f@9_F(PN~#ie()~q`!1*X1prh6Nse=*EFT;AAV+%6Hhd(!3iA!$SB4}7mK|XV> zGbLHOyFa=hV;RmXKxyv%K&}Dnb1VY-quLIg({1+F9dB4u877HPblHR zB{w)tj?@(B9$m_}AJljl)V}&?Q!pCF1SSG)o>3up+TYl)TpLYa380^rO|rT|2BJ9! z4$6EuwVsY4Jk|*R8{mJv;s5g{-00X&$1#|PiYU(5eHulimW4;={xW{BNjrap1jPWF z0xN?B-?5-7gP_v)A4h7`5*R|hGYV3iHM9}At-}VClN6s!DLyBVMBaBCP}>u@10|(a zI$LiqtrANIA;MEOU@C?&gN-GYzJ%2JTxQ6+^Nm4(gcB>_m`Q_H9miLH%tH7HFew9b z>|tAW0@jgwJyX0XWo6fY18H}p5MD`+;%-b9V&$(!_yn=#VbMZf^fp%1jYWsDqRWh; zGUNsC4V8<*a>=}00V`+2a=-MWaw$f+Ay_UuRPOyx0jA+PRxXW|`}}K2D`Vw~jdF>Q zM{e%|-=inNT7Y}~A2=N50E9q$ze*UABYa4zAxS$~)}oh_j#gzfnt1h&Tnl2Um-sdU zf8h}T|MTV+Ub8nklv9d1>q9wH2^X!U^`SU2oh&lDZi|{pMof2H&TL2hHrHintqc%= z#cwP_E2b4&FeerSfiPW)qPu;_CuVLsk~r8{KBrjJZv24BdXX&--=9=XC;(HMmHaoU|_ND zWb7dx6~&$+C%XmJPMl~#^l`IN9hgSWHIiJghJ{XvX!YSF87d#J$*E2;{W4=3&l7kg6R5^HQ7Ie7PwL7CC z`>^d4G~=<|z~&$Zyt7Xj10sq{xC{0A0wZZTVKsT1utq&5a14=3-b3tdFT9Cqj(Rc8 z-5{n-Zxp-y39oU*E*mrHXI+Y5;t~v8qn=S(Wgoh`uQzC?I~W~QXl9Ch9t-XV96x@B z<3((BwBS;fS}C}nGBHJhUuEK4j^)axV}sT;vt^?h(yO^q>}u@%FtG&X0lxDC#nRr$ z65w2vb`e58mLCjP5U??KiOJeqy(4bB-UJA(c5iqtNX`6aqHo{H+d zY0N^KlEycocX)io?a@GJK3-W;>2)9_>7QcNo?fW4i8y&#o1>`yvhY!affVsB^lpGg z*LfpjsJ5)8t+2rc$6$$x@Xc))W5KN~C4#ne>aTzY6JpqQ(cY|yGCXXqkOQ+|k+a3w zTZq^v-HmKScv*Nd{I&@Vu+pA7 zz;7aRgm9j+5&7ccjmR`78guY!E7`(}uhX$mh4}AvIuaJZkM`*fRN2``JnlbwkwQm( zh)srW?yrV!Mj74o5|7HsWq(rYmw4kgy9D-xopJ&Nzq6Xko>}(=XH|0tQ>grQiz&@z08Mp>W3)r*$9ZJr_oo1 z;M^8%MlZTBpGh5zZ(-|;DFuyVSqmuZM>JgZzfeJl(vfPxID}IdAmC7OyP>)x38cDn z8RPVv$}!--WX*17oa@`?afF(&e=fBcCjxcTM@VR$)jUjAW+$W4@o;Y(>Svlfmy^Ix zot%OQzIY`gaPEUTg59!?2FKwy5J34<8$p8Q$Le{grrunPln?pIo^C*e?BqVEgRxmh zF%ea>SFS)6OB_7UFjymo7^}bbc~6oy_edrsw=PJA70a_@i#Ou*MFl6=)#=^sN`0jk z?`sfLO7)$*r%CFxS<+7ZoUYsZSH)K;1Rf7GE&n+3;X1@zsU z=w`BS9EWaf(6oPB*l4Xghsc8saVI<<@^A}!NAn9O!JEpL(8QKl@g&bvKnld#L1Hx-REug4jTf{CCWgysPa;jP&yK);4gD&qc ziCsu(ZRu^Wgmob35i9PtMG)w?>`(s!2UZ=0kk4ug!U{_|{4@E^KMO=yc~r=+hqf(W z*U=}bw@_ZaPirgdf*poztag))pXI?1m?$BNNg;}=qD)Flu)M82i|f}c;$D*|CXf0M zt=pQtWRHf^^_|H$lwd!cA8rr^A27`hnqbY^IohNYEJCK=3P@@v-n^u^$@P;2y*hVh zG~KJPi7!XW^owhBU7fOM=Vj!o3rMKvNRI$|KuI+PgqA3taPbDZHx+j{%0ss|kKk6R z$H*Nda`(z8XWab~21Y=A>_5ekGSHO zPWyWUS`c55mFIUdPNGpuxPvAc2!w(hQea&asWsC^9=HHUaV|xru68OPq6-?PzbgA5 zSm09cTz~=X$Gg=6D{il4XjbP^T9|h<&H6V|nAmb;vAat45Ye4Id)YVEd%T41dN9;4+SSDa(Q@Xx9jrtDifq@HNt zA;mL_$Cx~WTxuMQiCPMq@u5y!@bRRHDY5}xitUDb=E~41+YKX20Fs+>gl(Lm>T`USz@zF6@5*hp0X*?MAim%S1Oo6Ri zU@;0P1YKQH)YXY7ZUb5=3nlGQV(FFmYZgm0NGLCsD)?&^OZ(w3aO)ER z7i@*$?uKsuD#Z2nD7;1_6#-;QUnj@YrB_p`86S~?c^w0|ilsS}YQ@I@rKaHHRg{{K zkLYH2J~|8^PH85jOW!9*s8%G8*K}pcuK8Za3rn%|3YKa$u{8jXDe%~brRJMhObd7{ zhQ}T(6{TE{uv8QD*~(L)+aiC2o_FVu(D`2c5&D056sj_qOcmZcf}X9h-bF$4RS_4(xPiwA^TQF*$<}z2Ksr1V^FP6GMIJqUQPWw zVyxp(4`AA0cgVD`Ozl3%2}Uau7s>OcE+QXu+LVKFuz>F$sIFS1+dh|xNgglKM){tV zlJF*?QX7S}8Y9#8MMZc5(7ceJc!E2d;Cz6a)=s6mKRNv&Yn%nVlkhCV&1 z)7Lo6jNEYoD||~Dk&hVPNGDfbcpSfckdEV;PqAH%5;WzC<0R-vYSkDu4o4wITz5Ae z&q=R0wHjcw9pKT$q8~>$JJkT=WL0adYFynlz#ICmF^iik(Vq;4WFv8pYc$)f!j#(iVO`||F+^9lRtW^x#m)Q9DcMfu+rp7j8U45sGbw2d>` z^U|Y6djk8Zh&?>McZAz>FoCznV+q=`DkxY-=?PCR(k{HF8y`g$Y%kRG0;{QaxTd~T zQ#GE^YZ5|(A0UTCQ%S&;V^q^MRLx9QO;dP)KK?jV&DaE_teViQ0H}DVAm6Cq$RkDt zJy``Gge%w_uHbw;Rp7y(v4LAyOY*UzsWQ-Tvo^71PyiXs#BqNeRrd06zOv70^2cmk zuORj{>2(J1m*Z?p4uRZ2+$A(c511~sbwJR8|3gM|I_Tn$MYa>Sdl!X}jo)3n8*!|b z^^RatXCwm6m%aM@a5{Ybq^HMJxPhrf6N}xLqj|SSg-ExoI%vsvfQ{6p7JtDHzUJRk!$Btm3+hEbwa-DhA9;+$N*U|9!H$#DZpnx65j0!#3lLwsstv zef5A{VU~SWF{s!4(lvAhQh`ILJJUD(~+aWsGw<|CvU@qlNr z8PC0Kf>UY2Mg*Sa;RZE#2(3EqmQ z52ULqyHc(5Is=cHn6r6uHwQV#xPnRyDvA!V!yuk{9|ioC!M^yZ;6mINTIYAz-H|`3 z%Y%b>>|eJDBat?hRCpYO9`Z|?JOdb)am@)*QrF@J#lknH<1@vB{5v4pD^VY!2T+s2 zfv~u$9vDPg{ZJ8>@5;)@@bWbSW2x^y-O2W+Rt?*M`O|F67_^K3Y8Y9~E;M$ydM)m0 zt5cO}>+F7u)`PX=gl81{>;}N6!T#{ho3ZRuMj+;6Gw}TO+g9+TVUT1rq(ghTR{lFf z@kg;aHI9qn){Jqg`MA$7q6Rg}f!-o-p17$tlQoK15+vp=7C!zXU_R}isj;R2@`CCO z7XSEdYB5HYRvcK-ezm~jt2hmq>7uV$Sc-l?#vbP@HwUZvWI%XSGh5r- zbU2a(@D^aTm>*~Skn!)SpHvkt1)a18$SQ46H$NzS3 zTH7P|?oT#(;*3DeC<<}n3Z>c7x=|Oru}DCYr&zq)Z?B)9Rk1e$o6g@PT|a#WGx2b# zx1}z!qm%TH>EJu8HH=C!`7Q~Bm3+r_?HIgkC*Y52QsT5v;Xzi>wn6*Ec#Ouo_IOE6 zOw|rR8gt!u^PF2|OSASe|2@C=y)A9N_auJrF5`QThQGJ5gYVtk@%NbZigG}kHwqPt zce02}_PqqScm5_>jY%2YYIcmWJK%?UN&Cgl1cfc?Ig% zty*V3ySY|(a9)Qo)>{&F*Zwmd> z2gZ&YZNlFrV_N?{pUZv^@!!roy$Aojoc|8z`B(Gbk8|+XSbzG!4P#rs|09RNtsTpL zpWx-bFuucoTX_D*{QX}3y$$^L2L7APe-H8BS9$&A{CB1CKBjej<^1;_{C6$SkLB>4 z`S%ZvZr%RjM!Put6b}Eq(Z1Z)@Wyx6w)w6xu2b5yWB6$PJGOOujQl0p?6-P! zZ0mlMbGZ2&ZaYtJGV0^ME&TU#UeDzmK9<8*XGiv@1OLv)BK$iW?jU0>E=8$KylxvX z2p?h|CifrbbXzxk=k`(KEkxn+%em?G$Oozo@#q)5zNEq_Ixx7(m~RJ>VnNrdl9<<= z)7lQA?#W}X8LLpR5KfCoy zujuqoJkjgg*30 zQ5?wTtzU|z-vUF+^_|A0h^5EyhS68k%QSda3 zo}%F?$LZS_?Oc6PfRB4W3T$G5T>7IQ)Y7lLSCSNp5_}a=7)}QgFALlmPK<`~QKYel zLMd4(l}QK)O>z)7E(5vi$27DM^G~ZTKHns+83I}UY4zgvqt2bCi>t|jCkDehe9=WOTDi_R4SW}h~;(Sj=F_)?;kXoDg)i*+{5C=!^Ds# z?vefDWO4hHU;R?`xTd1Z{1SYvUiKFVt-rYV&ye=3(d?DKLc9G?gSfq*2}ZeOHG9S- z)LHgVIZGl)lHNmVGf!DK$p5IL}s3J(Zz>_ZQre$*r zBwgf57kAU5aY520o^)w9Etyp#_M)_~Kls_KORoL~(^!`r!paNlIxUEjPOmh3KOE0vfPf!8k^F^}CqKY$)7F`BnAyk3{HS#%D&v&s z=Xqv*>&$q}JY{4a2xnplrZ!_xdJ*NrOif_F0VdSKWCU15hy5;=2y-Z~39aBBINRjF z>{dhtm$XYaLwa;@PP_CNNH+%y+NH-rdQ5P5yYx6nj}7){mu`XdI2Y?x@v{0etZXTv#*232m2C06NtgfOHTmMXR%c?|&tpHB<){FA5h& zi`a8Xo_OE61hMocY>clmDqNLI*$>AJyML|cebGh?PBLbx+8$F+d0OX_u_iuWkZ0k6 z!em)lo|+E{DLf%ZRy@F0sinzAC^2*-nL-ZhPQeFgtEhh3D!o6CXOgU{X4)%Mw<4$1 z$dG)?yLi_Md9nmYz5jFroeJo(k8%g_l4+ZC|@J72-z$4I! ze~`p%QkvvDX%Wo_867@^=^OO3;W&B)&_kS6!X6mZL%68JmWI@7w7_*+_`r6GgDS(p|grvdm7;O-o`+0wcPp7R6nt%4WrVy(+`=OjS-) z+_O~Ks<>}c^SdjKxlVP4byrWi;AzyxekhoH&4TRj`;P@k2!1L1MG)Ar2n$sbGVwcyrvUD2Y2}SRCpteI(xn3y^_;)8HwEMIMGHs~4+}g2I98G3bQf zW`gno8J=NkGbp@oFdC*82T=RuXI#}Q7RY1*pP$k=PEg$*^!#y7R;TA{eW^rz zWl+i?l;Sc=dFGz&)?a9EJbE{$tan{D8r`+6-q&pEU?coa{K{7GP(z+d4m){3)EdVz zPN0+1i0?im0{vJ?1$tW-9T*Pyt$Bk?+I@qPP`?{zyvG>~B`}y-20GA^;cI4+iPF1i zXOK#oehk%Hq#AxJFINUqmHm~cVuiZ& zBSIy{8yAtzGYissb1KHP)!+9%Lnf6Judb0UZD{|ZpN|Jw4}oBDjnIAPW??MMD?JmP z`XO%+W1ih6y-Orlw4}U;K1|e@ukRdhpTPGYJ*Oo zAmu!v>jS2uPQg2&KK6Cl*W6z!OJQC_8{ix3|2UetLeXunB#$OZ_&BFhgAJY*cJMw4 z`Z57Mv_iE}a-IpQT{0R8}Ls47{$^u}LHkAv(>2CkM zK+~N%o{BjSMk_~;MJ8<5yLWDl9)%=A0JFT6Cp$c3> zSKPlDKa1Qd9VpJb;zhI<8X~KCU0%c{26Wr1c64whVsXPEqyd{#%FsOh@x z>r~jdmGZ*V=paC@{Bh92L#Q>EUc0ave}m~+N6(&xUN5XdabrX+3A~mX)PV#L^5k+8 z^^ExBsXwthMheNuP95F$aVlw)4F(ns!SDK!^>N;hI)x5u>q5%;Zv5Z++;rR6FLmdh zZZmWLRlB4-(tmt$Ue*@u@MxDhFl7txu$mg`uq*x~HFXRIdcTPG2cui@*ShWB16c3t zSnmUa79OGA*DtJ~-Veio>c1ca?|zjl{uBm~_ry`1!9)V!{HUCMdXm3;IuA&kdtO}A z6Yq+di-+`P`AK9;qoqgw1Jm2}w$9uk+;x}hH_1dhX!M+jl34bC`%yqK9-NR&RsqoyJ`sKI@V(B`TWbZ7Xv(uLVkwCi3yO`3VFzrc} z=J4J^Y0;SGXK9jmGNqX@Z4FDi);pTgVqo`rKF=_{B?RtEVJ_F;EvrJ@j=nL9Y=mg7 z;`aD4<}Sd)q>z_Yar?+vG{)RRx1M=o$#&K}Ppp8+yN%>GjpQgye#c0D%Sevy7}|`< zyNu**Msf@$?=+I%Fp{YyJB;Li7|C&%yxmAAspM<5?%%%CD{BhwJablJvNt-_uRF7JtOG z7;p)VvR>=*OG4HOSdg~);q^F4cjndu3*zZx4=uz1EySl4hvH= z#EQ$V5TgLijFL!z;z04h5+vk(7XadJx&SYXMu=#Mgee4ZeF$O_gD@k6St7v-L0lDr zNMjHfonvNw zM2JLbcP9hliVy?~_*aP0k7g!GyAurvQwXAoP-J0egy<~oPBI|AFc}aZG6)eNL}_rIbAWQtF*fd&-nx8%z~V5 znA1(7@b#D@Q_gtE>5e(wrQO|l&Tz^B8lcdIIW}o`cisR`H*8Pot4WdZAEaVvS?Qxm zxL7CAVqKeri*>A6vLXq$&rP^ki=x;8=0HTVFahg>HC}Q{0zu$nEsB=Pq6~ai7K-?IDn93k< zu@-fb$`TBS(IJRo3<4KxQKD4V$$+qhAUZJ!T&zV&Qdyz_@w3H%2v`UL7i&>xsVvEW zI1+-WVGy`ji$tlcvjOo&2;vn6fs3`s%0t^Bgg*q~V-UDli@HcM77c9{XuGX#;uAn>Rv>LZo)HXweDH6Vhq z1ko2E`buSe42Tax5OoaVa)h{CD(h=NycvRcjY0H7h<;MpLR=x0^*12WLlFHK!~ldCAeCKVK*WV0F2xW;Dng`6 zWdjU|Z()x5Dg@zW z5NQaJCY22~AZCXku454C2m$1NngKC31d+uch9JZcsVv=q=oNwx8AJv`WJqO042ZL4 z1L6lWK@3HRp;B3f0r61?;sApfh7iM~vY`gVKSL0&Gl<~`F_5Ou0)6{ zrLy4$#2-Ttw=;-LgvgZ2t~4OrA&3bKA`2n1q_Ru{A|nLRpFv!O5LZcMSq4OW2tp?} z(Kn4ih!IlRRR+Yj(FVll3}PfgjFieo7!dD;Al_jRqYz@0R5sFpcqs(&6obe{h-|5B zlmW3i1hJGsj7EsjQdzbEaZ3ndI)lhTh#aYGv;mP9f*8RdauFg|D$6k-dWRsoFo-b- zF-9uOH6YGK84y235yV)87%P>HF(5t(LA=i(#v#NwscftP@pcH}uM8p&A@ZcMaR$U= zAqa&*T#XP{OJ#Wm#C;)%I~c?@2yu;6cC`U9H3Z>c5cvp^FO^+mKnx2(3}6rvLP%0s zz5&rG1R*ep@dzBE&?gtiXV{CIm5xLC6RpOJx%ch`u3+ zZVbYS5KgH~HXtbAI6<5ycIKu@2r)@2a~crGLlB1<#AJk+ER{_%Aa;ZxnEd`G7ectC zvdIR-<`9I+AlwMymdacV!m|`}J@-M*6wH|-mAQG&Y|5DdIa4ubs#G?G=S-lSJjf}; zoISc-`vHmd=j((^XJqLdvNK+ z6D#*4v2vPAsCQ&l1UotPTDNk}EmV4X6#%&pH=qV#QYe= zX2qXX7wn%^0V&H47#&&@%{m0o78LkAUg`8*6fg##A)Ay$dwoeA{6SS^!=DbWgwh_3 zXkXZJg?AQA{$jzY?+rvlQr1z72?AdTj-tmTd>lfL(fHVp9?$KE$L{p_6F$b%<2Ug5 zrhwYrvr%5Nh&ksmr9z7;6bA-s%=7dMG$e%_@$O_22}dJliKW#^WW1xv{zVpXho3G{ z6gS2pumVthC=wL95Tme8MP14J+Fx^rnu=GU%0NjHY8S#HpBUw99s>g!hhAN77E6!C zQ3NT{2{@UEiL=F$V~JS&4vZ*emdXY0jWNfI~g^2*0D3!-^ z*px_EhXLD@!6pH0l2o3+VSkB@fbC_#GE)DJ&H&q4D(}Q$Ya?NQ7|mh#Fjx^_MX5ZI z!#*1cTWP>P#$aJ9Pqa$qNgQ@jBJyK&eBk+6OP_7(=)6JUEv6r&1Z$3?>4YQT`b{GKt)5AneXa*w06C*f$t#Z-DJB zl_zu9ha+L%G+=!UwhzGek;;2<*twCgr3UN_2HO{4`%2}PaoCZOus0g884UJvfW2HI z7X}DxiG&?yz%o+*j(z~!Pb%-jVLywGfE5hb4;X9;z@|v$eL3v5NZ5}?a@f}xY=405 zFO^@;VM`)mUpHVMWUyBN>=jaZKMp%H5_W|FJC(r>0N4Ric?yRe8VNhifE~bKQvo(r zD(}x>O_8tz4cN0p^xiQLUjo`2c80;W`9VC?x;ILaGVc$1kUtq9< z0d}xdp2}gDN5Z~nz%FL6X#krhl@H{wg^{pc19l>VO$XR?seBNJO^t+g8nC??>=1w* zB9#y3uoyr)1l!ku{fWroJ2C(^Ln=?>um>YyPhZ7h_cGX_06SDFPv@{(B4OV%VE@Em zhXL#`seA~B^+duxWx(FWV21r_DZRID2MG62`d?}jMTp) z6JRr?@?jhnHH1U3HUsusBFFE@0@y66e7K1pQhTWogAHVHSiE!!m z*U|WTm2-7V3laq-kC~ZD?dTY%uNvq#@180C)X}I08|=lOqMdqmFp|;G3Ut*zS-CK7j999nuRa|^B%4$Hay8N42Vn#GWuSxW zGg7uURno{9W-r$#&d%Tr^pH9+sr=l!d|_L_b}ZPtluvx}pV_E?NzeEl}DJyf*(C!CK>Bc(!g~?9kh`Y4HCE5?TRbUFHH`cSd-4vO%G z%Q7is!0&6$gTs^GRwoJ2l2sTf?E!j?LVqy$O83@DxRw5huXoZbZl#6zdKO#w|Ds;G%+8 z;?1tFG8zV*u5v5Q!9MKzwlXHzm0j6Z#s)3ynzk~I`~t0_6?-5ka(;&v`vK4RHutSg z;UKV7NvI!Chw~-u_n@wR_e2B0-3zJ0iAD;09a&f%jD6=m;{cZ-jO0#Gifld!lOdwX(TWza)@i(hl z$Evy&stW#-ihGtu6!qNMrWjju*F%vhSfm*JaNS~7$~ub7 z-KH;zuhV2zwse36{1h%sO!Hdh)%&(~pf^YQ9kTL`tV*;YZj#k5vR*6eRl)A)4_a2b z$cltw4cNK*ViXmQ*Co^~{6<2XkS_r~*gevo0Dut^FM7;T1Q{gAZ^GYeA9E4|*Bqp*<*3%*1DDB-cMZV z$6Ue}I3(#LV@dk+&&cVUfl2H!#+(4(3-(~f%yRr`cuT1d#%@Cs>k4subI3(T$MGcF z`iDmkx3pW1qS1izzDud0@Zi8)E7QLZ+R?sf!f2CI6?NM`PiLdT+H!iIYSnFjW(jvq z;5uiI!h6Jg(48Y~mnN6G5|-SOWGVNSMDM@nJ97VM@qUSsX4Ju`Z+WB^wW;1i6~^jX zjB)mZr*~G}_~PYP>cdf*k^a6j_dQAZT%G;BcWV$sFNEKpBnPJt8xE#@+{@A9RpNHB zq|TTtm+UWuX{l&6A23OM3(jQVv7gv$BK$E=7?apbEFBN12sH%bU}|Kcq|Re;I9O zC)BxkUvQ4>@B7YRp#RG6U~UZne`6V#_2tR+zHddBQX!`|JJ0?Y4*wA)3suhC4^|DG z>^DE-^7nxm@4UwBHxjyfO396r%@>cl*y zBA$#wYiyKF%FG28V5ez<19QG3Z~f=9n0yn`ol!tT_SlhO3LNKQb4fQv+)h$QB(_;K zf2YK0Bx6H>;!|H1pTAx#-OSRXF#YF<^c5^U8q>cu(hJ4X+gZ9974%P#Ki4ZoZelVm z1{04`A~bL;ON_%6ITk zVghL|)NAMBU8>fOLf)0L_d=Pnwp2w8)j!)vd{j!7e|- zIhuKnD;!=+se8#kJ}Z!RPyQfn}q@d~|I zd=K>1i^ntb!YGy=At`@Lbde|(UvslJ-U-}~uev4JWkT`t(fV*qI3$+*mFO-#x+t-D z?9JXdS>FqUWea?+mxMaqQv}`i+IQLH<_tP|KkDLQppHhTQlm|&;=121c%W38jg!#PdG@#89*3y$+rd*fLL<@N90uM+=@VKp_JTu!aLCaW-(ro zMgg|-d!S7uE_RH}h)fs^6B@6e~f3Jm>qEGQZJ%W6#J z7*5J)8jZ@EV+>N}6PB=L3@2r3@Ez;jKntnSAYk0NOH)>il2wYT`*%54@Z2J+g;pdX z;S?`QrZSCmg56*xW+9}%2}Dn#_peT15kqv(@jW5B=g=NT_oTO`dw|bTvZzwx5I8{) zsAmD77!~AFenzViSzXZ}mQEzMsJh3C{u~x{KnacEln|W1bs@S(BD$y3Z_zy;hUuOx zz@32Kk~zTxr9MJuUYE(rG)r(?Te1h;U&%hhA z_9@&30mdoI)$7rFIIc{&g-7^nmBS< zwqYuHcGqNzOsP&;fQE+)3!~6FQq$_Mi!!M*GO@sjnu(d@%NJoNsO5DX6&-FA-3&!# z!>PU+^J6x7Zno&Q?%!nNouJrdDNNKvBmWS~&(Uqad=2?smgYdF%roDl%njHj-S*+v z*%TNoiMco63oQSZus_{a@xEpCDK>W}#F7_iDBwU^oa6E@wvrXnQ@{+_Ro}} zg`S$$v4b*8R@b$j(SE+XtFm!Md%%o7)^{j5X1FodWYi(otV`xCb3mc7j3LE&ZD_=H zM{}17x-ApunftOP-ZgN>2+zyNSb|C*D5_&Xc*XSjIg|=DuWeKF_C`XI501i7n+!w# z;#Zh3S*Cb6F7-b2mogi2b=x|~fifr`{T3kdW#2j76RX>z&ruaQqqvRHEnkHi>zQJV z&WLuS)8Ci(GOhPy^ndgbV)p|uKp6VU@i!K$)t@wk{Dhvz#LN}3Cce5^r)7QM`sQrY zZ~BX3bLvvx#6hNzRbihS26Z!}-8M}2<*gWr%|ai+@APKd@MVg%(>Xk-HLwzZW>Guy zVZHLFY?HGlmhs5Cr+?`QZ(o^tGslIg?B&}tXnQA$+-C6itP=i*^oMfGuUpbD{4VXQ}NDd^0S$n=GDu>ezNf%+1D^zfQZWDPf9 zAs@uPT^AaIxcrBRK|CI||GR*Li1vTq|NbDR!qEKOdgwk458VYCx}Rmm-H05Fe|jVN z8EfX=1$%#wGQt2Mf8S1Wi?bUI^>;Nh&sh84iD9en+7~F?2Fm2`eTOZRjn>d!VO}R_ z={uEJz8*c}VUe=6SO>`Fen2*vzC3FtBAdbF7cl1Pt>jtq%n(|GwNQE1R_-YInAVS9 zw@f_8(L;Va8OCq(bFzW)u4%{54fExxS7IYlWj_XvfnkXZn7rUhG-f5PZgzAVuC4=o zE2~!#ZQGf=B;2?R{jbJ0O)y)$K!-^SWdD=f7zQ8*v4;F<8o(X(_6oY?)qA(l(HNQG z$(H?VC^`3-cSzHCv&93IjVJP~w@aM_jXq4KMl5uJZu{)BYzoDsPqBJB8?{diJYbyZ zgtmLn-^9Q)((nWouxdQ!Pnty$F!#?B*UyP9~LR?W>>2TK;0zXp>!Ok^PCk zGV@d43C@ha&ONU}gJ6Zb`~^C?xnX`i6gRBSbJ0Z(J5E8J>^pf8LxkG#4DAj@u1#|) z*H>GN2dnXrY&@ipwO($e_ppqzOGmxbR1xhN?DU(fmE*pX(OE}1|L0Qe_04YRv`aD9 zP_KFJ=ZZ&NgtQ;9R}XmwhfrhYg{VKsp@Xzk+@?1GK6~$IC6}H zBhUooN7?uM^t~O&!rx=Ulh&N48~41sF><`et9Iog8c?5hs^*WUs`f+8ZpHlZWCb3a zdY#jEPFQtk-)72lGL zw`6=v!8dZ_1KXnlwnvkrKH4)Bw}wOcK=OSBnKyTjxSsM7Xm5=B!{^Hi$`K`R$eL%eA z{mXFHVw)zy8PG#kSCS)-5{ebFx&{w}U>rPbp>y@YK6Z6+GI}9?i!EaC1vw&i=%{iW7YP}yE;&!u07TxysuB2@!14u-(TRFGZrBr$woc_e2uynSe zuAe;A#LPnBNWK0Nd|)21!c&$p_s_Eb5r*T>i;q{ORH1+2!A%n2`u<#w;YoI(o`G_@ z)wy%q$JwT-e)CADULn^2Im|tQY$LwrxOR`9d0KYK`ULB5ek`j3KldPg&I?~jcEe$H zw@Z~mpK~d-x~=&mSlAW8>wdEy^7MmMWl~i`jH>##tLpDi6^jQPLmiP<@5>Ll2kPj4 zN#1Eto-S2zWkfl58HA@hw|3Py=PrZrgjXayD_}P<@=TR18RIPxgeQiXV1#F_{G>~$ zXzzc8DtkE!6)S0!oeEqQb&!PV^Fuxp9)d8uK3eNL!D<^u%SbATkL;m=pe*CO|AVq zoC*7PXbHv;Kr8z8IMTPU%CA1z){E|M(jW81Ro+I2a>!2ZZD<=i7S-@O;5yGrgQU%D z$3I{0%gY;x)T9k|=#$SGetgjr{hVKQUD^}HY$*h>q?As8f(7FCVvHzSQsMmrdGTR( z<;Z5wL`gTsBgvD||IJfcwrN{b@Tzbn9($V-gNzaxRN@XO5wva-P~^0JHGXAWl-HV7 z0cE44Jv~Xe0dZde(5>q?MWOoo_eLj2qJUA&Ul7{KF2DPG8NFL{rp>xXgClDPRjNqg99eI>vV9z}*)eYoAn{iwiN8KNLa6-eG%lHW58oAH*_rJw zHTxZQVlEnB+`DY0?mc;glTFVE+{r$DSJ_Fv)ctdF=8H?3eim0P%Bd-Snfni|$;Uez zXwI_h?aG3gBuvep1^@4^$zM)~jZ)+E)xZIF4wfnR5;Eb-Y*RH3v0FK*oxc@h#)#`N z>Hu;;jlYRhvv!N&m{g5fHkkK9ug}KVx};$8Ai%uLyaWO&+m0hlvi_ew&j$8#-%S*` zdLlVo8~DaeveAhb@K584Vd#e4gG*C@HS$KMYlPz)#?y&u-IfRq`(3p3YKnoDZnq4LKua}^r1S*nja-IC zp~H23!^^Zb2RER^H-$d%*Uv&95KA}WYS_`zCSV3Tufp0$6fp$2-Y|xn1Guye%3Az2 zM_Ji~vi|iIA-RmKrZ#Ys4Y(A7dl=yIw+q3pt+89a_;@wD37iw*&wuszGh0z+^{Crw zIPWY)8lKAsyq#giKS>@3OKzb%en0olxRZtV09wXh!CVE`hP?)pQ(_isZ|mL|bkA5p zyS+l&wGCd?&GkG09AHaUeC%c{?(JDE=_b8ao(D*H!;?%y!rMKV0c)^Tnx|LOS~S2< z@nW#QZQ4V}6HUb%C}n<)J#Sk=XlhEfGUXIl0#+XLe2{Swaf7-VmCBX9zOT%_TC+lL z956W6rEXZy0{y(4I+P7O!%^D5UPi}*JlDOA`>#~aYtKMNa7@+-Xy_*5E?ueUGk+UJ zRdV90nRYOn4moT`7j-@9w4b~Xe_WwQptNQ(O6#}IW8;qe5O*+#H0^EdzFbxgw~hY+ z%lS!$*FARvu63z%fz8fOcBb!>#K+(B3zP5uNy-5l;~B!TOce{30pW}5srnu$9cuFhT}lZ) z3ApyQKBL(^*tAU9SCz&Y;I;c113U>CQ1ymPyg`)pf|S4?kdG$ig$yjH-e8F+Rme+q zhec>Xr7sdpO-vzwa9I@r)J*#wdC>np|1IPu>wlX67yth>|84k1gJ#BS$Z+?>5<0NM zz7=5};>8(F!Ng6#_95@s)6k@1LPp8zQtyX8)_A7M{_X;deF|P`IF*A)`{wFPl2J~u zev7Uk7)MMq^+k{`JtebE-Y&+alZ)g@f*5-zyXb$+e$D8@g41vyqqE?N(?Ae=VN z+$k1}Hc~+1zN<-1U~FOX;yYk%TE#9`(ZcE?E3ho`txkPP3aiSygJyaDCMN}#q|)9h zct~-MEl69ME;SY8M0u}(1Sk&QnPO$-#L@>*2PhWH8vYxP^g>$ULJd$8q58$r>k#e> zx>*lR8q62)bJN22o|)|!x(NN*oX||T3=Rf{oksa96B}i^N6)Qae3_hHC9Xy1?C1#2 zR{`fy+%_Rl!wfiE%OgXjiuNNptwhVYlP#XnJm?YLdGaB=t)n3f-rRP5Pq6T!-uK`E zw)zAZzorQ=d;{Pehfh`}TiJc5w>X&5Ha=3!Bgr^^?^MI4)F-EK9bg(ievzJa6h&A) z_?YFiQoC)-k1|!;qs)SybdL}7wQ8mL!u8tJZoM*11=41$_a*`lpA%|dZlf$tsCN0C zR#a?My0~(yyqCf1%)&eW^lI!>@8Ik6!}7}N`R&HrSg&}Sm^;;i*mUB5vtDI=Y6?>= z2(4FHnP}mqy;U+gsU15J$9p0h?}==@r&@Wj;y@>oQAUn;|DHJBli$PfHtLU9ug213 zquc@hllfH!M&J1W$h2h~Wdk{gr~-X)xq+!r4h64(_L9#V8syoUEc{IHLZ&nQtXPsy z@zjZJ5KCSnrLmP59rQ^aKpysXins_RT+*X*&?oafJZg(PjAL>M+Yuq$ZXFY zSxtODqLMrs!?+g#ci4cOJ<$I9kTLY8Lv91oJn6FVF*=PbzeLU>jk;D*UEX(sy?o8n zm>wIo{|(ZeA^e0|U9&ZpV#E)?T6Q)w{C*vJk5w0N{QjO;qN6^tKheza`z65dKaulN zP4hp4`2FrwK=41hgrF<^C-2+%DW>N$K2jbzg&}h1*ePj6;}I{x8Tu+hjmoME_JRLB zU`^ww`f|cprq`PS#sX`VT7|ahRllXE{G0kSYzxKsdLgeiNziRw_Oj!%FP`AtNu>_e z0c52{+x|2~Q?E8>nvCQB;BV;jsxeP>$CKGsRh4a;E$gR#W9;+v-(bO7r&;0O39~x8z_K*}3}^Jx!x-1}gQ1bJ zPyd7DA+#LXI)p`e^Z5*u*5@Yjkj+Ct#>8|XVHLJTx25eNT`g)DV>O#ed$y5Z%`X}m zgW|S+80u5Ky*aRvkiAV%9HxL1`B>hl^mdKvi2`Dmn!gO&#M<$2e^c$CyHisEwAaq-5gb)}}TMN4iv9G!vw zDWh=_OMZzrR*H7ZaTbm=5YK{1mR=E0_lC{zwFdIINZ*d~4sxorg|XQ{Cd;~0*|3G} zO+nmvBa%`H2^dUZzQwJsOvVecC|7Q?xNbuyI?}BeO9aW!zwwBn;qzXpmxZIw+=`-K z-MP(faeQ;&d0babYyZXqUt>5D*sv@xoZqpNX@;P9j&~1eoLUF^u5owP4*g8Kq4W;i z4Zf8#En;aIl>a>>P8+5ONBq9Sz=pB)OzO~UC`^)`Qe;Js?YmRhy?Yf3kX7Kr4toZ< z)R==^D8#u-ISeV=axIzWS8KO8k<8#4;(O*}}g7|oa-EV%cJ0XTANPDgHs7qO4@(!}I z3H|XzEbD(lB#5K{(ph2h%#qb7JcC`zZDbA&h1@70%G`}-ag8xb1?@&@q%ZF-D~c{N z>=;LcjoF?zDSj`uu?9XA6xnSCuf@BY7Sz627>3ms^*79>rTOaGWN5oxXi(Tg^sC>K zsGfeL)fa_rW@z;aljy69$6)pqvrS6|OUgcJ7d{5NscR9?DPRHzMeDrMm*dIKX|UwG znB<9tzX{$yt}aKUgx(Cq(m%#wvrtl3ESCNuE`+rR53q$zl>8&%<^vIc5s1PA!OdXr zr8q^{{d<0eC3E%ru<~z$G)KwT%#&@_QM=M0Zbw&2(rz*WG^050m0!`KFEL^K7&8!7 zFO#95y{CW#CJ^)SvhO@@5pT8ZJJ-eI!T6I=F3ywK%f$zVmJqDWY9|EujoM8rC#uDGx;xCRAfuEO@hVQnwAu%p*daHJH^8FWGSLj`Qr9C ze<8-4E9&Jh#CUV)#iDfpxF`6z7uZZ!B45k?7~h!;^lxww8c?{MmO~e4`ItnjcR~lV z*c3q%UEglyj%Tws0jku#ss)xeD`M)pgr@GkGcAPQ+4M#$|f<7O%3Tc;7|0U@+Rn=i-;XDQ=&d;Gb4sd_I2Z zE8_MUo$UVc^-^(j{L(+!$(vVk1->Q}t-q_{Hh-exH_JkOOlDBm73#XO_8@dHa0kh@ zpeJ$Eldhq56r84>Oj!fXxq^BkmY_xAe>||Shk{x~4SJcQehUUi1zn!WS)v6dPn=UN zn9BxY0b@THcNIXfLu=}4x)8w_z)?D(J_@)_<^abN2MCdTuCr_ZFp&Ut2t@Rw-G|xW zCsT-@JpLA^1@_RstbxVS<8K*E#eS8wW@0kw@2TZ@1?Dc*QK~x;PXD#ZBqoYu-12EM zQ`+zrUBJ#Tb3?L~@E$G+2!<*B{_!|F{(t_N44UY0Y(e)C!Y`B%7=<^B)TzJ_T$1Hw zj0ro4KFG>Vbj?hz((nqd8@-WNWWKomd`=}{LgHlF9>b4 zxk7Y$^nY=U-M*IG@1d5%lWC-uF$F{vOuR%(!Ciq8m@a>dHt1Nul|NCAqk&lxU@Sr* z)DIZuU}JdI|5pvT_d967l*zv*5fDpmYc#xRAXgcfPOmZ6C{zgmo?!I0Y!pFc8!`(v ziOaBS_EWf0Q0NjcU7}K-3K*qGw?$#0J!B@Z;WPj#HGwZeRMB``02V5X?Fj5c+DQ4D z6Ko8-J(@w>*Qt}CFFX%WoTk}(sUw=^@03bIAa2-liG7WRVGuTU;v}dk| z>SUsWC_uM$`3H$b2p`ZeOrR^$>Asz~cFibp79R&Pd&&2@UOYJ!Xn_q(ICMtq{CYIC z_TyJ#v5NHx#&!MLoyH?IUfX4+VF+9FzUFr5fw`U%te7Mh|#_ zQLMH3dN!@h1%GcXzv05~fwH=06TgS=C94+IX=$o7d;2$4MtkF7Bv2mj{Z?JWM$H@V zt4&eph40Q7vE;e`1xLV?7JVC*e@+Zxni$jX?N*uOKdps#HEU}_qaJf(OT?rs|68j` z;iLu()7R|Nn(vFy_Nu}&i?Dt$)=*qyJ;VO5Xbil_x`)sIbr(1OJJiM6g8!>7F1ZxZ z#i#z-s*BZeCWmqNFkr_kk6a#0B(X=}8m6R~v>#YqzGh$m;!8x*>iA<<)yQc7KxVo{Tpn z`?(R4eeTmBQkwtB*I{Y?2e?0OcW`O`r?PJqj;^f6RpUmQ$ZUswtI~kl!TT|m%7%8G zA&jkAXGrPfnso+&UHlpo#ln8T>x6q5UPy7NG5!9MZ89AGIQ52zwsxn^CLryAHxUT| zo$mVUkPQbka1rkRh!6ROuPGGb~O=A_w&`V zdZU%=NIDe_-9V&d0ijD_R1hQF@OrlC>@m5QE_YgiMzx-izIRA;>0KcEbe*{bR14DZ zmbAj-ME(5Safg`W9~Rlm`(tnj1Kkt}dU^Q1blf4&Tn>8%I3HiLdFcXK8F#4K-g#(L z@M3m|=Z`HF>*2TE^>D;}6Pwkp zYIDOZ^X}&*-_@SJTa?)B9xWbQ>{g~Jf8Ysd~1N*6GKNaj}8~fS9em2oh zK|cJ?#5*zgkG`n#@sbRFbBgJM{7@($D_tm6%t|eS|8wDgAsh(A=dnVJ^5)E44JmT6 zr!>KM!d9aU0P3n`RqkXzTiMT(j2@{CRZ6XAjiDZ}YU(-ugc26k^Jey@v7ckC8qDL> zAh?C4HioLP@^(2@S86gN)Lu6cF7u|ilogrYzLIZwYKq`>xzsnYp~2oTHF(DvK-mo> z*3?y!Vni%&&`|ENRt8jBga5NO#LR9USucM5}+eLk9 zR=AM&Ku}blnj4X@yHZQ=H3(?n;?F?&%~y>Bfj5^$`w`&QU6AGy?RCm5w9ZV*@@G&K z-|-%Fut3}^BixAhB_m(IJ4c(hEfEe}mx}$oAePLabX&#A3{n~U=p$XvYI3P7VCA}V zaL>hP_dyBVN@ISq7I8wwWp##_-&H94%ZO#{Ic|A9EDM{zQr(*wN~3Y77u0TEjS` z^JrWIZhEMk*Af=TGu+~dgHL*G!CpKgYYAmQA`0a%P4f}!r< z4)%P_f;Y4HwNgmC5F8rH1?clpTos^SC*~%k6eGO^u(O|y*RB|M}z4=*f^D+F{lQbne~D{-5g^QFB3~- z#93(2StXVnK=<+LxFb&ADy!8SaH~DtKz^PC-~>lWo#!2lxBQXWkE-z6(~dqygnq!q3bxn9;&N#D-cpj2u<=y#|&{2d(_G z5N_qbh*oxO-^v}(%1{kZ;}0-n(6&B(sF}MvXl55|=0Rv?SFt3QbjNKwp^#hnAaEbq zMR?(ujIo@~ZY8M8e1Qw<7LuI_3hM585-$wm+{!Ae6q3}v#^h~ZdkP};mF%f-YOZ5K zJ98>KbO zQ?o7c|Fp=zZGeTCmK$2+X2xfACZ8)C8K0Gf%>)jC^I3u60{6v(?)msvv2|hz<+NM& zM%NknpFlz7r&>Zym;_i^dnL!%T)?WD0^hJ^tow;E?r%Jo&Cd+#bmoP2oxY`Ar`>4$ zLNb)}ww*roC46y2PS`O{|8}KCwol*s1R(E!Q`gmXW(@1ta1jV@dgS93%^Lc}j}hY~ zJlATxkeE_8rjf-8GDoM*0Ta4}R`%`5#@>Fs%1y%EbJ}137)^prH*J`W%a~#&_FF9J z8_n#X;A^_=>1XLPhBSkJ1HXXgP`-15H}3z-%9#8GbiMOv6Y~uGiYML_xC$lj>q5#a z>)I=?XDtfBU0qV3K{#VF61PlCXsP0tbXyj*D1?oX-ea(<$ zMXIcn$GxF=>nLUP{E*E=+|N9Nn`K1>O2!AmP}btc>*L63nyeX6k|&d9z~EpDaR>8p?d z^Qwupl4upsL*7n!kkFrNeyvoUe+)kEsQdc1(Qc|4 zov!zL6KO!jVHK4w=)+B^Rw}gzUQgtw<~=76=~kdQ^m_-elgKRwzD1o?nyeL>q2m;2 zfk!#XkYbPweV~eKKVa;AkTDCWzn_Z@4ipor*$5opnp_;{@MfK=>CMIq|Oo!r8w?y+d<(<7T= z5!nP^M?#s%=m>gQEIs%OthR$>syRE&rTk18e%paL@g^<%l|&PNpL|Q}_XD@W`wiju z2mjDI|G|0iUJ!oobQ_0o!e8gl|3#dJqKJXWyB3RFqbz9RY` zPHE)}Y<6%eIz%8v7cKcss-3?Lc{7nIZ26%it|AxC16hfPZzTezs76@r1E|kY+Qh5# zEP|#z^%0x=^>xTh;538==MB6CdxNgUV169inu?JSjS@@$f-VIn;$j3g3yTDn;|mdH z^g5FKsM^jSWpxjQx&z2F);KEI;V^N5T8tW4iesOc7W3>)8Nd!YYGoB2O1q#B(ynOI z3(@-jjYgoGQVD&~e6J=V10+D3gV4^-Sw|gN01In0R{NGg-pC+tWRND-JGMcf+uDn@ z*ie)t1Ulor9wQl$()Pp?@qdU^SRy+6?nP8rfga~?7XqJ=tg~bP<%f}!Lsr5jt2e@? zzR#k4g*%<}?PprhH6G^n35yKB-;4r|Gm%om4h4K6`9`EnPnA-)3M|MT**x9I%_q?P zxvwGWh-SCcdLK}ID5Tjcco(_U#TJq(UT1MDHCxTz2LTnCKh5B%8ErV@Y0SCTpc#Lm z@tmwwDtonrS7YKKzUPzxV=8B!VUu~`5G=s z@%45^N)3$B+lse;&)#9Lj1F-Ry3~b+j1^ral5Qa!!$8qS2wH!53$RURuR7v1SpOOJ5{!x=_uzW7*8(4|gD zBgu1C9s2Kg<&Hey>21hM(Pyj9KjXcc0=C%2?aMn2wJUml{ZB?tY5;Hjp#k~DX9Y~u zrf1-|N#f=jqmf>zsYdX|=EGmlLOjkG@>UBi7~M`*yp1v}4DDi0k_lDP)XjKOlpYn= z|BbNz*J$-hRX?4>rld08a$2$+mWsa>$c7zTuwB6V#gYw%yH%;Fl-3c8#7P4O`}9r0 zWNPzy`1HvuLxb2&2oGXsW4OdM7inybffP%=BLrm(=A$)%6RfS|w6z9X##`i_2&o<` zwf_P9%y#&U_bTHPNmvP_(Ny(`n5xbZwO0qDvYPVOdk}?u>Q)*ZfGrQ*XJWo4FcJd~ z6@i+|q~%vqNzH2;Y2vS@NOs~m=2PWxzPP=b4g;WEKc;XNjd(b_hr&Ktj#UPW*hz5nt(WLv>C7#o`;mU7!!!jikevIoEKc}>z-1xC zonuK_TeKav7xdXm(lRyp8d-qIYAmgY{?rJSoiVT$e*6HXfdM%59Lh;;UpfxpMLK%F z7E6CMF&!R4@_dgh21>KDq&|U&L-W9)0mSd@t%)WYeB9NwTwh!HPJ8>QXZaP9i> zB$J3`*a8&-9BO$A)3sr<`4s!tpTZIthW)^4YZ+Ei$h4bABo90iuQHU zk*#zrpe*!$CIRnAUNli3vE%{}Wy=1_?_$Rm=8L``kQ60Lf9D4cP)ClW9GMbtt{You z7k%{zT4)c{qRs75G=wO`vl*9XzFoNu<6t>xv1Zya3KokL#g^{SmfxlVHXGT!PMJ07N<#A%gLp6&pPKH{XY#BGWX zqr+RWS)`9)$m>9mRhdc>AI}56b8%v6HFxcsXYjHk+wrnj7|1Gum7P*ggf31~zkxUk zQ|HHRGMWJMB1P%mgJW>a94T<36B;_)`4@-SxYj2{r0V6{)xtqh^ zpBDc93#nKRG4~8WCe=&6=>U`W3fow1& zmP7Tk@5CB=YsH~Zcef1yjCh-abryOylzmy#cB2NGG2g>T4CWcfRy4M$85Xrt$y?=X zp5}G>&Q0@Ja9vL_mP&ZBdq)SaMZ$-Zq;54<`y@5V@B{lds0+=Z%+R~2tcq|kPhVsf zWFS8lcQXJI0RIwNMj!vW=UQW=o$W??v@z1dLnF|Bq&K{8424poy>tc4a5ILFa4EO8 zCzdcnR+VGCam7aCL|+l%&lwA7N8Jf8>Qt*l-rrogm14KG7$^9H$6tw&-JO6c2q!Os-!+n229%BLx>KTz9kWUh~tDA?ZhYVr<>y0 zvfpotxO}1jZs7?@zzGpIyhf=sDdL8wnMhSqpG{?xlbEV}s+or30a%T1+Q^}J0zRG^ zJ_2pbp1j@p=SqbGu+FZ0=dl4h?alx?Hd=!7E*?_hyo*NLD?D>3_98oOJgI5ux)&AU z4u&_|aqWc^+-w@nwQ|3OEr$Cozh|QT`}`>z^MzIvU>XOB)3*XI(|)G$n8MT^|7|kV z9%qvA_A%Wywltg6%@5#EZ5N8i3SucL%2h|>nPG8bbeD)2FKDvk^t-LvJG(e>TT0gz zvV|=5xy2$>>Uz~`F25PtQjx+`xn&toN*779WK`*Xr-a!lPJ?|nNk%3Vod*gs z>Sg}I=l_~Hc)BgiAin0$eUPv8_NSMR`g8uZIta&`BNIP7){(OqW}^wWu4HW8oOWl# zAmfba3w+ffaeFjJTo{*~Bd)WTGm5~a%msq3@juQ_*x!`oYmV~_M&%l@^m!)2&i@Ss zo8U6$H>I!;FZ~kS>P=Sn*qf4zdW4B5&m72x)3Y#n@%6YwuQAl;vfHW8r5fsUy`d|M z_hVOTN%yP@coS{V<)qUq)d&I$!N;6a8BA5ruzpXfkEy=R2`Tw-*x&N6b<`spt-7YI zx&Cl&u0M!et{E+a8IIXn7S@hCqpj=9Eg8|uz6srB#N7R1HZ5P>_UM{yrhrpmiHK0) zqI{coO*RinkcQz1PPJ}q$NEG&BlL+vw*D_M*_)wA#Px@q%7Oo%tv(_snfz=k`W% z?FrVG;t$XsCJ2Z7;6QHYvy2nA2y~1bRY2qgx!`7`&X8 zSD>0jk4h=(jAo`RR<=u=(CAd7oVkZQ!(GbsG~o8X8fiFnV&_{-qWmB@AsqzZ*u<#Z9f9=mYV>Du%y$0#1s>o2p>Xth(ThbcDe} zA)v$x6WeU*7#su@g|D0vYr?yJlQ#`M%oHwS)*Qjv$5<;{SJ6s`X`g6u@?a~H@0ut; z!C4jSMR9wbdPA!3R7?DR<%ZNi6YBf#WS7R%(*pluZh`-={As*e)<%8xt6qlsDpT{7 ztlSx?Z<*EPffb%_p=-37e5TvSQA=`IL|(Tt+feyq;_=_~7ji>LGLA0Fn(|Wx&vM+R z-X$Sr*MN&1Ce;x_*aa(TX>YC~&d=AZ8_}7rfrhI$q&X;}g6E1z{&iBWxzaNT12pDV zdCxeNdf$2TQgM=Eu7m|542{yOlxb-w`G%%qU}%BVP{*%_2cG&{{!ZGdPS&kxtvdPp z{>E_F0UtV*CTw#7KhNM5(PQXHi^mCs#FYd2xIGFxA1D0wWR_5Kpk%lCwQ{U&z-M855yz3xr znW3Unb&1sPkNLdQS$}vrF7eqG++zPQYBc<5May`bQ8U59-RE1$Bmzo3wVc#P{%|Op zc^y^oUHKVK2yb2BHl%VH2Q7t8g>|*@c+N3XeZL${F%F!ya^<-wr?P?Zz+Te-I7Fw% z=;fi)BNCa0oYQnXKMQbv=8}J2Ai`)}N(L!*pB3n*;=K1`(C=`zOU)~bF zDRYqQM1P#RQ`r}sSRE~(f!fJf^6{^rhfmkSljz~oS^51SY2iU~@mXtMsNsX8#-h4_ zuQ__jw7?f=1A0_Cdsb5Rg?xU7zR`<+kh#+d3m2&|vu{G7MWo>Od-) zAr|L7ZpML|?NU}8gTY&6HU=-SzTM#6OdUg~%`=OqqzW*A#7-WEQ#bH5TFt2|lYR43 zTdJcOpILz!t7C9{2dw{n52{0GXj*$vJsCm=wZd6Z1 z-^AMW>;4B}gP{yH{R*1P6<31#l=IuJ$x$A(^R3n(?T(}SC#*y(yt8?D_#@s3US=5|!gM=flc_*F1K3<(W z_uz_q-D6+FaTOolLxVV#;;>{ww`9}(>2Cj2xvhU`6hM&wb?CEhOJ0@@58uHv6%p6p zOhUOok)!B8FAy9RTZZCL<>BVk&Jq3Hxc6UWU@Y6M`w?bn=MMY4c)h)=?mW*OCl6@Cpr1 zB?dNe`bmyGU;L?VzW7I5#u!whsfE`Q@V{cdc<&!J!Jog(Bo~f%e-F=B!2cqExcis+ z;*!98@yqY#iywXt&!^$}3_MrMtE(D_EUmcceHRk;&KDQe{s<4X^JQ`6emS=mHI*uy z>9z7*bvZ5pqhVyydFIO%WZ$QNO)GPpdabun2C`xdZJ$GtGK|VrG7Pb##Bi2FUcc@K zqU?ddbBr5D+>GU`Bg^kw%|?`Zh&M?0n=_z+iY!lo=C`Qt)Uv*Mqks z`;}(Mw)z3kQxQO)XkUo9HO@!O4X`v*G9%~(yPAu4E{Qk*G7P{^Pzp z`Wh;G~;ay3!Pu zUfypUh9+hj=l0)mJ*hEyzMFY55^r1dQ)(H%DZ4;=f ztP|UaCL&*(p*{6PYw_t^LKCYEv~xr7e!!kiUqg%AzY)yr_{O|pSEOjPq?5@+mv1?( zQ34=%Xvi_6YnvSEBZ$f2G?7Hdrw(=6rto8J=&=iba$=aC)s+n-aH;fGkqkY6{-*A# z1+;w*(KZgO1EXWn{e6L&C^%5_%5fYD=O9=3eWaK9-^3qmF(r~M)82^nq^=8X{Fm8^ zLbcFfH=cp(Dfd0mho)Q3yFSW+h18vP&c9v4Dc=KDllOCVT56=futQB%f;ZX81r;LX zLW1X8-hQd6AT`PZ6y*{NhEZz_KHuiP7G)awnIw>4r}b5T%r+U|Cj+B)=0 zzezZkLpc&m#g~2tHPOSaPELbaeR4;b{*O1AI*y0kCSINLF)>j$lkH$=ygc{F{#!B~ zSxv#7k?q&3W#3-dc-4#DvO2jL#~|n%Yx4e^D~1rNm~$@*x4k*MwqRXYriYp%*W7C; z>xE*&HIPu$hz_?+2%i2A_#>-=&Gy;$^?=|I`v3A3)d`~wrK zfmFPL1QhD}P3`d?#!k;Yym-Fzu9_UT>WRT=@qFhJG!(OVPX?3Q!1I~&{GCl~p)0q+ z6QrA7CLck$lSIL1bent+g-bbzS88#AW#s(4-H!Xu`f-f^CCAHLS91CyHWvRPVbm(C zL<-8~#6mR3@H+-ybDUWEC@sP8mRLhuVreFxh5b>#jc2-*fCT6OYQ_`LSDk~W;7nNb zY{Dhq)h6#ZBrtuy#!+ty%RD1U`7_MpkIV0_*KMx5$s_O<-->#Z=V>@z$%G3y?hF#z zw$kTZzydGgLb5?Ir6v#yKzm49c@b}b_3$ZCC(xcw%Q_*>Xo7R1o`T3Zj3M4q?xHTdOWrU^&ZWAK zA*$MpLN2MeS@6Dyag)+Nb?*H2ruqlxSrF@0i5r(AA+fX5D_530dlqjEtHg)Bczrkz z7~G@C;JSn=*F4Afu5?0>8(ru|0R2NpcC^9tA3HiYvZEXywe9cgrvKDmv(ewD?)-o3 zulIlKuOrmo6RkUiF-c@4S#^J}$QISDDRSa(kgorEzrcAww;1Tq)KLqV;7l3XYTRC- zK7PawoM88kffpeA9ZRIgwqqSSkg4KU9*mU# z7k#K2PLV|;fM|ar!iCJ(c7a>deR=P^lWj7sOaU|iMS71w8`bHk2&|1Jo6uvt2Q?0J z3egYD_XmvPMHp0QeF?f)Cj~F#Go#vRL=G^Tx3U*&+PD}>RmVjm z&d>ViOUQ5}#gmGk>k1$CUI`Wad?kHuW^f3+1dNxy@bV>pk*Y~15fii+;sE+sCn;=r z?pDef!x{7PPGbbpXao+<=l3=H8AqhK6!fgz=u#G0BblRWnyFw`h~DIE0*9%YNbFI~ zMB2ur^ym%?8d3etsFR&H=2WJ!00&2i z>u^eCS;1-Or@DBTce2xWfCB=-GD$0c8HE=u7_T^-l^a8O>9dS<)Y?HxA zMRHFu9(2H%)kOFY>XYX=$T6~0eYk>r_^238ZW2bTOjgFHIF-jK`F8@E$!ZiWUlG>s zh%C0fDe9WiAr@;JznH}?PBCH^_l$^L+y$9s`pT+KEG97~{AzsgdzT;WaAr62A}%$- zt#+}ilYlCjg%^lqMONij>a}$b2}V@o|9D?pEh`7ycwc$XR+m!a6z!MnYLVHljAkfE z@|}zJbb`OJ-XtU{x=Up^4Z%dItc%HTU7CHDD8pUqsjoNWEcTDG5VrsOxVtGiypuw(pvr-YjT?OLY7w!E6Lm?c~4H zfxe#KxgVFOpFXY#Sb=vB^K#h14Ka`Z)0*~n`p)Ubo;>7WmK1O#GM$fd>eTpr+L(I{ zi4rNp@n}wq;hgG7TEboW`10&K5k+4PM~ihjzmPhOSHa35?NkPNzjC8fw3vN2WH1lb zwJzlVs=e*I7=!n$JZ=;4DxSFF^?X>NMd~EkrR>*j-amw6JH-`mp|Omh7*Y7aee*N_s6t$Y#4h_@>QQI-1D74)Y(e^{wb_=!rv`eWA zH$~P5&R&Xbg@&s!<+mcv*x!l)`49Z18>8{;bs}SVSZm5bbDip)88p`|XuH3pOFLc* zeFEE+lfJ-0?=9l?se&&s-+P0&eMZ!-{!lLcNNJtdUA!vVEPs~L|Z7($?o2y%QX7_{GiqX)DYV!z; z7mr$_#j9dWyrxFd*NrLPPBmQw`ahy3QW@}7U!YFKgsam=8`U|L%L9KWCrveR0152u zx!wJV`)<@GQj16)zKvuRZ`pfR=KmX9z!7AGa4;fPfn<|=OL2IkcAdG{Sb1|H$RJ0T?se?Z?EgbQXA{q4*;tuzIR5*|Jor?00 zH=nJH14z+cMP50cSh>*Kr2zN%#1)^jmR603FF zt3}z&i}O?~R(zm8+a|Js+pcMc+lCpE>r}Vje~4`BOUYX;6U;Tf5|U;Ah<G>Vj(X}g^0E45;|I|gjJ2Tn$9%V`@S4n z06+W+Q`{Bj-oKfV8K)h9u5NJB>UEShd6RMG@tPw%R&3`ByDnYU@m3D)hs({6 zIm(8TM4W<{Md7faE7~pAyPW<~_GPjUa{J%qD;CvQ6bgIkP+uWG)2v!#&ZM1~pnW+Y z&aeQv4Jpp$q_QTz#EjTfs?e_bu?}tVy?BpA+R#W8p?dfX^gqnwPws2db!QE&f83jZ zaFBow#g6=a`B`gxdMM;0aW~1!HX7d)OJ3)G5+@iMTVvWOdZrl|7H{XGXsa4d67$LU z{Zn2eX(7&=lHwZsaP3_5deu#?DWNCQ9cMrev}Pzo3rvZOXi;HQJN7HOt6pdHwfHpz z_=%(!>zMN|a`#d^KeeTuk+Y$Hw)*=Na~N$C&L)|t%p)l|jUMK=>)~)i4{e}}=|upI zmGv_6p!=bLF6AiF{Yr&4?Pr)0g(8#^;)h9d_^yuj=GQp32rOF0mfb7on~NDd;DdXS zuxT!>Sk~7lgOjgXtfFMX7 z8YSsf4y7;+soByffjQ2by*HxL)cLLJD>nUJeL}cC?|s3yps`l(-y&)o)UJJ>{kQdr zrHF|GH^Z`-AZ~{|^wcq@) zOU={2pp&g$w=JAUCtH1l{?#h3SXLce0X)NL?|aT9;G7WD!Ci6;T`H!zh>_|<=48gQqX2HcN>q=knJ4Y+1HD~ECQwd(dN zZwb6*H9-pps&N6EpFyVP@~$SXeI)1BiW@eDZHWlM*;8{ONQO+nA@xK%pic#)EOtNW zG3PV43V<&bl7#wd7#L}6DUQGADqb00LzwyP11C5HA~?>nG6`5lp)zjeZEToBc^B2E zf|KN3h7uICaQRr75eIhVoRr}w08T)$zXhv#bseccVX{yuuRa$5Xwg5IUGD(7UTBc( z6J=FxEkqq<+{+G?RliK6Ks;$ra8mHr7YqvCshm@4v@d?pbuwatm32dkOL_Uo+*To! zfA9XCuinhotJlfn>%BrTuJOXO#+=Foesn;gqlM5yeQW_OR0}Rtb84`wZhQTXY*RTd zx;$KRUK=T0l&}CwEDldza2bZHW@}KXRI0VQ-n0mxe;&;@Pvat-QGzy9+i?+==R_3t zJd=qt$E8Jc@B4f~i|SbY>R?VR?n?}5Q>Vlf0IcErM2@CYe6zHx#`M_J8# z{se8XZMw}emp0foRBGbO7)VE%DLAIv}D$7F^ku!H-INcx4{?HysR`ULXZw~f7!N7T~%D1OLefK_G$?V9IInW8Y- zgNcA-;-_q5{S*2YgblxhXSH?e4*H7wV6HU!{aab9cz?m zon#fQ*QSWpn=-{NPkl{<$s-@qkFt+`R-^c$cmwv*idy7iDRw{b9FJKn*AyExP5}8y zMx`Lu^4*^TUGZ`_yIRZ;*qY_t@zcf3>Fb)i*&Flyx@H!8BX6(P_2m22x`{l&TAyTo zVV`y(NS8;)(a%Fe>1R!!?hIF}#psh%SyK$}f%B%&AZ!ytgRn&i4Z@}l2ceh^!Xh>Z zbJ-viQZO6eN=r}i@k$K!U3s#Tv{MJx&OU(od5^EPGmq~PW950kw=Biv^`PCJ`Uq{F zKe6twX5C-My1$xre;w=oYSw*)b^j68{ij&>Utrz;6YKs)*8O#?`}s!q*J1aWffCV` z?fhTkgpi>DvV&#JgGQL~|7%#82emL9jTq4+j(GpZ5bvKn7}@$|6U7n*8@9u7{&nK| znO0q??pg3VZuboG+YVd);L~utXZ|nh(bqj4Qjd64!wbid&dcn*|3qaS&yPk;-?Xdg z1EZ$>P*X;@CK+l9ZvS7Jkryu9NhALKp8|P^H0&>wZzO+yi?2CRT=x<&DYJ82sNvur zb#^YPhOd={#;f&)T{@`%tzr1B4P)6_W1(+!4UE3X-~p7)WKpT&%v4MJAn4h%XKNB_Ch5um(J|jr~4a z!G52vXFxY+!k_C>;Ll`hFx}~^vM?LFFAmGf|zcTt2V(N!xc@l;KF{f$;KfAU0tA%0EI z8FzFuS^Uq*D4nZjcUZK){z+)aTPW=$q7%cEYE=V}J6vmEPP>w=PB1G47RlEV?Xkk& zSa0{AMQhA>5jIEHGw_s;PZoSCfG4qAL84uqV6`g+-KFw~`Mca|G;c%4Lu9pw?*VkJf-3S)gw^4YN?H6hkXntw*bp;X*!qN)eB)AM#L@_k_{Z z1Z=9f;Ya$86`Lz=z^D(tu`$4xS3f}ktiI|-HiEUX>SL{VjCADvzC*Nt9;4$^edZ$F zJI+E|>FZN-?C>Yk#SG>dx#@a>lTc?g&sWGHH9~92fgwDKCHo@P7&p?kD-&}sG?X{xShO3I6Cw-&rKmBurOjY*u-7U zKe2L@QN4tglsIs!_hFZ@Qxs(q{Vi+`b?Svv)G2g!RxGCqfmC7xn{k=AxOXVe1X*3* znn=%*SMOySw~?$=bQhvxzj&0paXW@LPye`?Dzq!xh@rv-8mPP!Y0>|C_@MF0*7zWK z;(vn=-s<_+VJU@8W}w$E)H`t;b7q{5RvZ=JNk;ys8q6@v2BL#;ZEvzaFpNeQCV<{HgVL z*&S`iYxh&XGhW|3!Nx1eLF4uD6MVcb+5cPoN&Gbfo1MfXV{8FZFJ9aJcOPR#>pA3uIFLF_P{IB|3~3c)Mg3s2CAu2k7G{xlb$-SdvR7aqm7xs?x{mET|EtUN!+A)LZ=;Zt||5ob*m ze%38Ij<`{md2^*Z_lzVyyVp^2+&kQvu@OlsS8nC19?p=>6#4`4(_Ow^MK%@l*^G;gE#US`8$kV5Nz zhZLGuFAMv5hf77B{FPp{iTRpY?$Py~iHHY9lJYhg^>+@AgA>3Qk<4}@5{{w@eICEb z=rcO!J@y&96$9RA9R{UEZ^7Q_6u_-x!aE!_>XuMN+M`fQb*w4ijV9+fXEw41A6N_x z#^7LqIng}QZHNB5{kCs;iCxoi7B+Hu_BNNFwwG?}JAf&hR*O+>(R5C09aAY8;sq9Kr8EC3BL$>$crcm!y&u#Mf}nS8J9O zdI3z8%oiM4)6rGSji2K!`VMx7F(Fx=HyKdwzesw3Hq25r3y~_-ti5Q&6)D}xJAyL2 z^ipgA{N%HrLiRJ4{VZZX#q4Jj``JP?55E%FoJrSURHtq`Je@{y0Gt`qiD-a9$~2@& z+KPBOg>5hZ!KrRPwamG?8XKl=-btjRKa*s9r?u15O{kQf4S4L@X;78^pOcypQrmGK;_}H>B;110A<2!kIPbPP;}-I|Is-Mn>yAK;9o#|=bpIdS zLT+TYkmTM81K<5`=w%B-FLaF;fnK)wLpx;AakBnO;d)jsS)JNO!HVUn8`DU>{U@Tt zb~2CRH(yP?R42C54ca+`c^HbRj%8Fe9#4^SuQunGp$O+D!XC(b_q^sw>a*urJiQa1 ziIZwdbbK-N38AAdbzX<|OLcj4hCaHH+b`|PLnWZEFcd-^q!(>$O-($V7uHxo7x6WS zEt#h+BC=IqXgftIKDL`;hHY$p+)vNrYM0Lv?+c4JX3V3cf#y`^SSP8h@lGH=oXW~% zhq5wdit;a=_3rn>{W&AV2`4PvE$A7o>=Rut&U?Qam*pH->1EZlESq)Ppvl?H$4~gg zo*O!`XG7cX-@s^%7st^!-MN8}(ELlL8SR2|nqq>&79CBw=4!Uk-?3r>*j=^(PRofn`|B4Nb z;j)iWbRR(PhzF-LDr##47mA*J_>B==8aI=GW_*fUEk+%1si_zpNn6CyFHJ1&uJUnB zX=*D3Nm9D>(rxUgg8kI9p9c2R$bL)=LDI-D6#&4DskA`fEhNl%g>D;Ah*lE(GL<35 z+suT=raT0Q(WP!qrN|=ZT#Tx4uC8R!8cB6gJ61@DafGb)&2?p)^bgb=_-_f+E53L)4E^eTTNz*6#@}pv{~E3KGfD?lDaAGK%p|p}k*#;#GYB?#8~Yk{ zVydqp+Se?gLcl5u8XJC(rgar<7NewmLY^N!*lWcdyzFOsbDWcASs>hDo;1A1=UWE->t(Heu=q-pKfLv#iQInSWrw-)CZCXMO=#x(jEzr8@OFz8nsS*_`OKV zF5eO&>(HdSQX{g?E>tiPS8kQK;VzWWZ;H^n$oKPIbmAoBcw ziDu4=psB^ttf_a>Cchy?v^uo$VwVyc8L00VbA%-AtdAqcqe4~-fbb~B!Sb!Nnmk=$ zL29`Cc8R!ZiyXKYyt>Puw+X5a_8@!P;;E@oe4&UX9{}s!G%+>G`$P5rkGD60Z>m}z z$CET^Q`&OF5-5vUutListx|1}YEu$=12<3<1QirT5uOV?NC1~YF$r+rHONzOdFs=* zsOa-OaYGitq=hb^P>Ny!mx5bDR0?Wo3-tbH=G>d43;4d@-|zSLBfYujoO_lzbLPy< znKNUT(aeTj1#KZ~(MH+)!8LRiI9^(ZY-CxftYJ4X=_W{_>)lSH{F`dI^{je(zBx3p zPL?BUqtkWQ`L3pGGNp2iAX(3o|I#;fs+kYdIBDxp;}pK^JW?Ol1|< zQFX3pb)gRqz^_m^XR~QXa#}oXBH)%lk;yEMP@@ zEW^#_mJ~cO*9Ri0AXP+?u;qUaM`I7XPteQ)aM1lNzxg8xjp=Jb!)CR&FOT^zLz@!G zU5K=Rp9?=9t7f#I#${&rr%B~ELQyWeF@EzlE$VX)goeyVIi8N%$z?>;r@Aq7!{X%H}<_osp-oAJy_N0VPVeej!D)bFx1HK{X zt#%cY!Tsj~U4%jxC$mGas=22EPIB>X47$goo(n^sG_c?UenVJw>nRV(=KZ-kWwStr*Ek`pgPG_%;xfKc}- zPPtUCL378@n##kQ5_ClCt8_mEAF2zLqC$rj70s1ImH9A zdHYr54J!vnuZ_kAWhobrhncR8kB9kw8MF0Zd)W)hUUn3CMm#ayJU-K&`)#Jyx>n2i z{!SOm_KDN)<7PB*J=`$yc;IX=sj|;9&Y#hND$pd+gkfdJKC2{ z$e1WSM)fOB3h1~+`klL%CfQtjB~8g)o>HKqx3P-YrW?^Kv=VI-lGy##kSh{b5h=vC z=(LK3mXE4()mX({G*|l**bUnD{sYhz3G&>$RJw?6T}-|bMYmniV}1U@$NJpnBqSkd zF_;mJvaV?xjzNy*hraw6@1B3l`Ox~b?0PNd{hYe?t=$Xses}^(dOwq%4biezpm{(f@<# zZ%R-QTVrH)(1)O$G<~M8&bkHnZc2zyvh=c7KEBZw{ zJOVn58&FlKY%f}uKtpR6vpaII*cVyLELt14*}hVc+(rzY>05{)Yw)sc@(VvVyy}BDXmO80TqQiQ9zL zwv)t6yNN7G4imRI6>UJyBDd*;4P^CM0zl}FJAhOBkYYr+U~xniT0g`!8@Wd|>k59~ z+T@q^)+R?{)+T4k+T<5re7rURkM!#kqS$4V?DvH>vL(}GpQCm4K>wHM%MnmWHotlW zs+AkKEJoEtr6y~rns*QY6(2r zJ$TdD)2buY1kX9kdF^Ur3a!lsh6mWE2Bl9e?XP`5F-mcLrt~S)zE6{sK4FJOwC|9C zmn*10{M@Hmf9hF(_VU>WdC%Ese=49qChQNp+B_#tr62Pr$#ysfV`&vKtfZU-F2IW6 zJvWpa_qg*q8<_uzwt+S8(Fx$=COQo;|7{ZE#oG#jIk=Z8Iq&MUY;TYrCqM0o?|6fG z(3TwLV&2{R3<;21@pkPNx?0THf`X(6Zjdx%(waAw`wV!gS!wLgg``eG8Tm{Zo(;l} zfNL4I`EiUWR%`Cxxi_x()it#ZU z3skk+h=^Tjmj>|S8Ggi8Jf{G*Ot5^;J&v+}y#2-Jr7nkms+MAV0XOtC9Wz$IT$dHd z@2U1`KfkAHb7oqi+8oth?Gdsx1D-GPpllB0GXu^VX22O9YGv|Xb~Pg*B*xcAmhcN? zX5DyX#GmnCgr8f-vx5<|YYj#~7;GJ?J%Y*FRzACyXXhe3hjy8@cHrF>hEI@BFtqaw zB4O`n0tfB1vw{Q0rddS)8w{evb4D%%!^b}ac@~<%<9h^TZXJ9VP({UtC-qEJ9Pu_= zgNIg5i21PNEtRDy4mlXPGPe#ymFxKhl{D57&*5rx%-yRHScg~x5F#^9n-+*ijYAuB zW>@o70dfJw*~x8b5-e$=9qnS?cX>WpNjAazdFfHyGTQS;fQb`PpiyG11K zQlN>;Qf-z~+@o{RkjhgDRM0U0!K*dfOmtp)3h4hZc6;zPR0d0ZZBlWnBiNvag%`R; zZj+^A(?+eU7kp-++rXS`o&#S{q`FIO;<8jvwN@-PNmGo{1T^puqvj@RU>Dn1Ny8cm zbs=x?iSfF}{XEHk$|Yg8{)L3+QAi7%VrT|)Nnxpi&Y2z*W}iai<{VdDWQ@%EpxLI{6;^o%64ftRCx}( z)ZsZRyT0JHXSok&BPf@OcvHB)kW}V;Uf>l}Nw6wWT z*~K$<%jXye&FX0_v~o}GvK!C2jg!S$ziqP0gC=tyIb1>w>UVCm6x|&h=NvQ8P+>x-pO2P7r`)8~8 zmDREjUE8zjs_e!yobOi(b^5}WSXK^(ziUIwf$1Af~zo1O@7! zpz?O@ubrUY3uI(~9OtV*Ru{L*twV>QO823$S8IrU3cpT~PN0_MH;~UzSH2(y_+Ti3 z-?m?I-^rgrC8T~qIqC7T1N^F1q@P=uIa*PuGUA3^iBjrlx;%6Yb?+lTrBI0( z^qui_8f40Oxvw!WlmqsSLPHy{wxyg%D>Z1Y^86~#IN*2bXH(* zgnt;u)CAIF29qf5FT=l07}}H~oo3q`a_dz22z3H`8KqElSIoK65PWrg9qHeJ9xJ+1 zyt2!5r5N4FKf6)&Uzo)9hZeeoP%oPw9dfn$mHU`vPiL`=7?MuUtw9=67cs@?Z&0vQ zyT$=UpO!Yz+ElK!ZpV4Fakj(O;Bg@7$4&F>$wyp=CQGwEX@s2v5lftv_cCk_)ABaT z<&h78<9RvsO)H%?Y*O4RwA+6>-S1Phc~2?YygJvM+!{rnR|GH_BuG8&(hWxInL6lE zGOU6<0=x=hozqw6{sN&jI_ejxO7WBdGC>OM343Mpiov7?8H|FV1257v^AcH}J4C$q zm%)swt>_b?%lmop*3=oex$q9Lx`P5TPYvo3b&7R@^s4Me2Fd;;pPbGh?T!&$YhwsR zp3H*s+ui3@_!Cuxz!0aZWR1e`c)_3d%W@C}x<%#VoTz-<*oAx?71-PvOdk}vL6NcX zTO04c{VA4*zRvY{r`0qk=_$1cZON!eKe$K21tg*m(><=Yv*bjXPtqsIMzpYwJ1E z>MzoYMOl&VO$UYu{YM(B*V_7zbfv^GME>zwo27QiMBblzg!hl>&wDCI@_yS9qxkii z&nNixeSu9#p!+rDAwzSU?C|#<1pD$RYr={wbZH_shkicOh5@v#z#7Qak@e7~9Qjk% z{`l3XGXdnT{L>p`bITxhCp(kw7eoe46npP0sWtwG;C(f;bflgK$Ru21FL z%VO~X;QO(iz8@U_y*8WzuR!@>=;0*wr!IW1P5G$}(=|oUF8;#t0(^BVig@iF>sEsq z7kRZBPmY!zJa0U0dk^$df?TXn9KaG{5#^7 z&_?{*z9#E@9p^p8T*%C%9K5)r9t9P3Itt416yOzo&5B{XXT==63Or*0o$T4e!%6oj zNRx9=%7)j_mv5gepbbun8 zhrv*!3GY~B#ClB z7l)@6{h{h|Ydj5YR2%D7K6UF#sC1?v6)i_xyWC1?gB+;0#(p`;Yt;ej8u0%E5X{{P zR-4$p?hG>Nc$~S)>epdEgY;m7;De@X^kl9$aV`(Lezyn~&T z4DUikviZyYSUbCiS~Vd4E~nHJH@YhwmIIszFY5xpRDM{2r`y~CmfwfpMei!o zEk>s_zzGuMHV66%M%LjkZ7g^-uw$q{m)0OFxG}?>?5WNW=>@^fNFE*s8YzWAv@`}$ zmkV_UXO1vR7444@Y{rA^>n8hCb=Vm>;6U%Z-$(3946saxC9otP(xYX2b}HM?DNQx9 zVY{jw(nHj7ABJiJd&HaRBj`-p zVfljdi5kX&LE?Pgl8+uTra1I2}PIm%15&Km%f1eY0+i%ExbCaCaBBml?94(xQ`({ zoO6Nr<3#_7=UcU2F?PF5rT>z~j-hp$0($p2_?zHP27sYb#r>_k$J46go(QmTmQCdu z6z?V{;O@a~4#0-tIsSEWISXnzy8_k_|K@q7C)e_RH4O zUBlq9OYF&e>>|B+1MX?Sg3c8D&Lp}!6U4)2j9FIU6stqGZze?{%uJI#N$bv5t@$!| z!?Sc<*g-~)=tQns<#fZh?4syHusq7`v5SP^Z~8Es7q1WZ8})+!a@vXh)WN&~1DbjY z*4_*I4!3SP`I#v!0m{K|ov!@n*mjljpJO|x{KxOqD*r{yF@M<-v%jOeZPIe$MaQ7m z@&gfm@LoRqYxpe;KF9}8>V(0c^ICl8gAqNih2*0=_tsbNmT%P_hL27ECm*N(pM0D_ zbQaO~e^WvD3>ga>g3?NFNq&&FPnVaW&Eld*H!8Uo`@T`dmJx4i19gbB|JDE zht-o`RaH$hS&W;kdsyU7pg(L4R;|iORqptbt7iX0IZ82C0gsmTPX%!Mg@?@;a1SRI zAyZ`$1|W+7h}n)y(DtTF5M@*5gIrWx$oosQyf~wf7p=G~9|TfYT-c%MvU}#YsjWsi z05+yl=bwT%d;GI9wc!;gc(y;Efh}rWEYcD$0ZJ8gGN>Qn zDG1+%V$l$w7bUO}rc=;ix(Nv4xjE+x5Qoa@QD=M_7cgGHnM%Hi8Nwp^z5P9|A>xG= zpl3pPcWezE6T}m;xi8n5e_|ixv*k0Hm?tMXhYri;PvDIm8W zT{fO`#4(iC<4X3Pq}^fyw(A?ZyU6LODfHdK8Y22g#Bnzxd zdLA8)mIaYPaq#I-(xqjyHa{A{`A%x!iD$LST;D+NI$-FHG;UOJ^A;25{X20C6HNl` z48Uy*qBWh=`hO)xpErfy>LPv$5XWcr%Jsv>xI15#PBE;9c?w>+lU$q%sAz+3GY@HW z`NAPqh6)cM{xs4CK+IIAyDkbg_rkD=EQ2R@=K1>*&)-|+`P-l8@abHS#lZMqsWSd4 zxitdbk9a+mL{RvRO4zMge!I4* zY##2xY(L7S{b)qIa$pecN$Ki7%;7$)NZ_Vay6o7c%?8;~4oJCLG3UkEcqIiR!GsrfZU2b;M>`!jG8_h7)FMZ6EGM*U zvNE3Iwnccj3p~ed^J#}af>XJwLg6|5H^ZE+LBb3B6_4Z&zM=3J>F_}LgD2M{-577p zH7Xd(qo-K#-=CpacKUnYGqIy3ad#KEEnRtS+90 zG~;c=v8T}kN0rt!F^thQSRq z@w8S7X|0TfwrLV`5pcM4th7#G|FI&!`lFH1MP*q@PR9kp_}1uaMVGNu$jaooCsZqw zwNDT$(kPox_aRoKG0w^)Pw|RW5y_R!xAb8Q$YI8SM20Td8*gMH5ZB2>vMjnRr?z+wh6!siATvi zWDk5LB;4QZw0s84&!@lyeFp2zDXmPW9dZfsDCjZY|7Ipzi!7dpr^+2{5c;GOkjOexwttv9)7s31A)4ry$G|JM?&S(G1G#M zger@dR*;+tglffnl7Md^Z)fdfO)g^R{SQWE%KQ$r#yyPI%V6?11^MamBu1q#Zy7+` z0dZ20mXLJQ_eNjK|Nc?NYOUC1-j4T?PDlw6r)vQsKZ zbBTL;=ZiMOqcrca=;-@NH3F!asw#y9sWWfe8u_D3NSxYa`2>BoPu$k6g%RPovfGpdkU7^ zj2u%By!v#25z_vjpgj$f@TXuzPS-Uw<+&=w%%ayJ$fP^rwI5PU6$8XdL9CX||49Hk z*4R}LyRP?F1zWB2ZPF$e1|b2CAqB8>IihQ?NMD<@NN){(uTzo$p^E{b2Pg>baws?q z@}D1wu8WH}cu!SMS%Dc}-Qz$U)ccX115>}S2a(`-|BBP1GT>C+z&4|*vVy~pVO6_i z^KR2cr9xhmkOYXHnXKdP>%w?+av@oe^P-C+rN#DNvMigll5P1ja1Gjkdj*8D;{t@= zXtsCLa!Le-3t2o&9L7_)hn6@MPx}QqNO!eHnlj&0qZOyj2V}{yiKjMc9hT~)H>lW= z*=dLE2}tqi{^86=@~O~}KBz5g33Wr)=VCcZ=yb6L_8cgX8xSi(A2rFcSWlgw8;?LY z5yq6L2vkh3RuzHr+aXW|A<+F=fO&o75`tnUIQi;Fq=r`$UA?qv1(powFcEN&Vju$aNYF-%`5B zTIK{QiTa<}iqo+@s2i zD@{3$sD@%^XX+#3iYtLn?^wtHY^y83W#9n604^{tKKwg zIiDAW(JFK$UT9;djR+|3=V-9!x1Ur1`squ|VL-ey)()`~@;n9R8*z6T>G_B*27y>` zVjqbGb0=P|5jck`6Z~f%Qklb{mnxBA8V^Xk_F2Vhr*|~!(Gl4^1A2)0blq#yCKBGM z^!lz!XRD=qYcWPAGC-k?q1`M=2hj^4%S?B~H)@#VqkiVd`akyq%D(Q}a5faYjkt!>8{BXg+&r6qlaC-(%B`cS$kh%{C2$uX;CC+At^Q$T>$rujbQHC4bc~{|a>#UW{SGMAu)LW&SO00lou;*LF$@3i}R`78y zpDb0}x^xPIFoDNw#ty}N;1^n^r6C7165+hZF#+Vo519>tW};*}){HxXd7@uG1i4Uo z7w>6Cdxj5a+uF^la*f9=lv9uA69w^pP2?J^)?xW{$z@KzEmI5iuAeO3hc*U3xo_@h zV}KgfsKs6(NDKL-&xZYKphLRdh=QH!%DFi-y=M~cSjQp*P~bw35*S(rJ%C0obBepD z^{vV+x!gdg&(Gw~f(rFO%T$v+gttGq9vXyMV5#NUkwZ2N~Zak?{?x9e(Fbu}@@XZXkS|eAg_G zihDLEUdVYW7(GI)cIPs4p5YEfp*Gkl@njV$9&E?cY&(N^cZ4p*70&Ye zca+_Oyo5PGb=$(2o};dRqVE!E05&~LupC;FA^4YS z=dGWl_UHOZtUnI5Kgj53#mGn#i1Nh<~XGr z;-}H6st29oe!9?o;y0R45W9h&q*uC@=G%+dxinMxQggSr9v-WWPv+D+7~b$RDj*Rb}~HyNYfzTR>MlPG%d+= z`XA8FQ|h}b(u^*K20(oysJ`8-KK21#kx5}co#M~))&rR^wm&bu9!ba=2e7;jPgOc^ znOfpLfsXvh>OwaE@+%Ho8SU{l9IXmfwh*pWvF}O(=txz=ewlL8{SH*nPHm_z;yBe| zY+ZLL4-4XcGE60@m>CRAj#K1}SNF4IWj{kvrILv%H{m*QUlCadJ<0ktFY4{Sxq}i@ z@c%JKDeW51;}y)O0yrKJWo*WB_wR2v4m9M3?WW?FJm3YIt#rJtHYS_jgk&ooQK&TV zzf-%qf64o=)UF-vdCB021^YwtWiIb=RfuFV>T8DozeC{$jEe9OpY4_)j>_%RDniQ$<4ew98 z626Bojojv*WA)vjZAeCc70Cx!lOP>uRI{{ATK3FU%KSI>4g#!pQe56(pvc?m6}WCT zX`(T9X$A4*%n6%xZz}3)$=OV660a@i{rVoZ1$DS3*|Tfyj1ejJ_tsihwNl7nzpIC~ z*#Ckyu%l77bHWjU6B#~$L_ws8R_{ZmkLivHgzY*X7yBk4KL1awu!U#t_N-6{l5yLy8*RgzJNf1 zRPFVyA#pBzq>>D$G#@s6cZM_jkkhh{TZfnA(HKfBG{S^}z`KX3)9QH9V@`AWo!!FEj}fPbcbnr-(nG$Qp8!U^RsURK#BIfVLgt0bZKjEJ!%E(vVHM|5uwd zTkjCHX#OlRNJ!5tXWasn0Y*O!-4ftRw0VP^_f6v9Kfn?;@uf0)yyd0NzP6U!9e=bX zjr_#ntsduGiVo?`)lyVBfN3>AxEA31DR8vapOuHG}}5&7$J9Ngo3X}bZKJ~Arh=;A)#VEqk#Y?k zr#{}n1nynt-)Y&g;pCZ741{h-z!R=-!g%~j^KRu<>NCR>k7#a57W5L=2@YR-7>7b` z#pZEK5kb~$WFUB!9zo`$wgmXmXI`dd0K>t#7Y92;>OJpS37rtp&vf`v@&!?0ljdac zQ8NlaX12efafjurN3OI>v$O2k-za7v@x~utI)Xnb#vc)8^1(g+%Q@sdZcmSH%1-It z=z~HN20U9Klqs%_9);IG5|$Kxj&plT<`gz`KnM?=~^KdymHT8V%V0I2&a{ z#{sT=HQuB3b4=^d;r=`Z`}P!^D?%CYq1Y{DVZ>E@H0rs-Qn^y#w?wfNc6m!>X*OOx z&V%8E_2{7qXptalaV6RuRfX(KxJVGK#>hB+?s%hf!9JWnr#9%w4#Ld8^0hMajiLO_ zWUSZz;5%wyCp*%kWB~qX6h$8AO*)HybO7~a^S&SR5ck5rwsv`b9Df!lNUH+msx07| z!b_`O)+wr`UlijQ-y1AgZCSzmr2rFDvlq-*swk_=QI=!MYW0LKU%8bYh~xqPemjOg zGhYV9@N#;PT}}@TwJxaca5+7a#cq@bI-MCpW{2zK_C|C(#rmprpZ8C1q+J}wvEtge zX_I<7U=>FNO9#fQN5U1mH4aIoizfN?K=%U3)04@^YsBb^o0tmuI7AqBB^JW)WbL7U-O>k-vew50rr;;fIZ9r+tNXn_TJcr=(OxzX^(lJgV)mJNgzDKz7n}kx&a1GhsGoRjC>ki zg6krqx9vde0Jy9B`KlANeFA!A+{=BS zMb8=D$0#6sU)L=dbkv8zB5d5|@p||($pAkR;hCfcWrCIIYDS;??ncyu`=3k2eI)c< zpbeINHE{N$mMkRX6I()|-%?Ot?H&{X7U@Q#b?X&S_13<`j5dcJRc`AG+y|3%vU#+e zr{O*bh>4LAp4Nm%F5x{DI>B$aY|`bLZC7a2aL1uHIUpMel}Q?Qxnq+ya+z%QzKSBo!0y9iA~1C3cubR8*t9yMfXgoaI8&~ zgFhJ6nt9P~MCpNa637b}9_7||pYZ9ub<_XB?d z{Op-}sJ18p5ZPo;4%$TL7;f|8B<#Dh#DgfQaXSmO`t*_qQZt#oeId<>;o%F7C4izc(iTV)uOugUJwQ-)9r=&T$R1viK~X zR@s&3X_kRi+GVqZt=uyKyRpH>+2NUpwp?q zrY*OzQ6_)oDZLK>cQ;`2>~x#xp6?pLMqt5yjH31{T-e#RjI24XlU*_~qNg zqcA9&mOKu5c97J|B<`+V6Z;?mOyQU?m@} zPZ9};8wW^Vv48a4Q9AGGYA9%fYRCIiv(Xzu5$igI5rsYJ@yE%vGPiCGi@h1(rPAfV z%JYIW9d;f!2m*H-=@Z`>Hlqam^b-X8#5S9&i9Yr?9H@}3#%0WyN zr2DggF6P?A=3q#VMD-v_r@c*(A6z>59r+d7Ra$eR^PQI*pWS0VJW}3uT4A= zJb{gmWsUdNQ9cgZ>iG^o9LzqPX4X&+AyPK{)vmk@{;U{er4b{-Rcgj!)j;D`qwC&q znwHXVq)WO%4(V?qSJ=ektjVf6waF4Kj8$j#e2Wcks$)Iv&3alo#8 zJ>O&bvN{@bpIG<$!(ZLX-tcDyXC<2ZDC=J2A?i=7+MhbspE_3gHJ$o%9P7_e`qNYC zPmXCxBFsifWB~q+e%*2)zH7?2-yVqnmO7UUe-l=YfIlmS;!l{=nNZOj&i7m#4E5Y< znf1Muwf^vdj(w+Dzw1D|Sueeh`d*rWeJ{<3eqGR^@APd}yKkd_ z)gxf_1Xw-iTde?g1^i)0+p?+44j!rPvV#@1?K?Q1bugVem>&K5h1xDUxTdyK2N5w1 zh?oXKOatdz7YEctZuRqVh*_xi6}gN4kr8TRqdRn!wbrke&`jwlQCR3JER@1XfBdU{ zeQJL@6s2#!+#mNXb+ixsOQ}l{R0fXB+l+)w7lR+w}~|s0mlL zvS#M&Zx1_KG?Vr-*!5}Or6lZ95_Ksl)+KA%S#?s6vPnI{sy6KJIH})Y`Cc;6l!c#C$l(%)b(<0$ zIbcUZ=v?HU3FH=eM0=3s!OBPKt5RNW^)M~DM&o==5^kE7gaO&@paVUB5Wf1B9CK0Wktr+yJ& zcPig;as8qt(1-O27C{!#uIqTDUDMV2R)5^NE3C%*KBlSUVja29w749UQk+L($dMkVxSuWhrMcuJ;tgW=&scYkq+}pDBNOmPQjE?I zM$ezODk!Klu=pjLSi^d@X>V5mK8C&9u$KWUIW{in%A;;_&F@T)R&oE{PJpKGr+56G z0NrLbWg{Q ziSheTP4ZJn+*PM25OH!1aC-82`x1v zEIH5PjG2pp90RI_-)4eWQ7VcqY4D>vJh?cr>sS~?($Y-=NS&>JLXos3bi+GL?DAeo z@|-ikXCLN0!7DKAvS$zr4ZR8EGpE=X8Y(eSZ4iE=tyi0;<5mU&XyiZ*!K#M>Kyru1 z$}vC~Hq{Uy^xCxvyj-EubF)gN{#?TjAXqLUtziXAN}?oQtOp4vo@(2HYWI(fvWbUT z52m#50VCRJ7S?QP3Y$S7+I@M+na@5MsD8qT*z|m2Z_*4bxtoGZ3_fQLqr-b3?Uvf5 zCfPhHqDs}dO_5Z9Rsd~3dVQZlN3^SU89Vw$1(XOUb})eM=zrarCHUc=h~7q>A->Aq z$c%NTH$!I^?$=Yug3#&@;fDlizB-o)ub}bQPH%LlR$65ZDjCp|dS%q5`i1m)$~i5@ z0)}delsngGqVZ^Z!>3_NT=W%#0MXa=96|R~(UAQh8p`}(3E5HNQMs?lmCQ>HQ)p<7 z5$$RKi$HY0iieX2l124&2&UdAj`||GfPSG_6YoFUJx35LSRAqq%Y@-sg!l-JkDi)&kUc&U-?SClBuX1j)@iq!sB=kIw~f%CckbcmRfCo7gZe)D6qhsRZVwIGH(%k_QH=D9EnPuNc71_be>XC+k8o0nE* zA^UfVsLv$4XDU0y-FTt)r(75W)SN4$VZa7p%YJf*ZBEYi8<0eA5Jcq$fwP~4WX`Ll zBN_~&G<_yFqY2oRd@I*uS-Jy_Lq&U`qpCPvvG4j|m>P9wKB>OG{wzhTuBn_jWgs(AN z&Z0j^)A`Vrg)+Oa`7VL5*(og~^CLlewK|#3O%$6x!-}Ep0r%>s@qp___d%V|X=r9X zz+(}>V-dn9N95B5ae0m)&dFD%+hwp!(YsH>F9wk50Fc%gKpY282x199LmvkXgo8sY zMsp18xNE)&lH21zas^Va$pnzB$OOA|w?0=!;B($B=kXMY;p#j}!wEJV0fES`mXkwZn7!cJzJS0FyASTNWraopyVD8D400(AIg@CZ$4 z-F*OUs2Q>S73x>+LhONHMjgM5M#tlV4eED{@P$`FO*?a?E^WG|vv2 zaAl8J$9z85L_Hx_vj9No2|0-A+5(gkffp4zK! zsBL?AOV9y3Hz#1E5WJ#f^{hY#1r#G(D!$9p(Cn#B0Px-gJH{*|JsV+)n=~xMn&l!< z3)B#6X22g7vIOwv_@#h1H~j$`w-+k*!<=_05FTl=i4@j&_D*4Y#67_iiPx4Ca-Jl3 zV~StL!3JL9^R426$;tYfYfEgL=fpWET4D!FE5*X=-LPX8 zn z5-W$_lPO1sP~g^C>Cm2I%je)A0K=38AP)|QWJFKX7Ces*-%g*{OB^GL3*#3>^@>EN zG^HdmEpBPV*;&*+GLl!Zz&X=8VhSI_%62D#gp@(73XmOxS^a#L#^f4xk()tIDTzXB zm=9yOjmO)N#?BFdwP!)I-Z-oJA9Q$1vtW6l6IjV!nA}Vp=7(yJIq%ctRYfHOD{?MK z0tVn^KshqK!~GR|ZcXF{^mY}$F8{}C5>JJ*Ym{Y)IN!yxlxQWzEzX!@btf#&K2HBM z=-<>1{d0=P{;=D+bOzjc{VYa~adN^zr>_PQ4pKban-gjCT9<7=rm8d@eN4b!Hd4o^Fwnihc$dP)T!Uw7;-r0);Jk*IK{neG%YZi!*P_UZve@p@X_q%eE zgBHG3fHm{~avP3e(DH5VF=#3aT;jdrxA=WW-E-1^!`Vw@drr!4wC8ljCMg||VgH@5 z|Ac;(Wu?NCzjjsO;a}q_{P@@CCPww7U_EQFo_8=uEX|r!W&4c;OAzY;ZSt!MO(X`a+2fNscs)GXIa6OQ-Me4d=HRy zV!4Vid_EjCX}RrG=UmmjbUJzV9U4$$c5s~ghT!~a=UDP z^Wa4Vw=l+}j<*8~JTlx7BL~?BEuBX~i4maS3IoESAU-}y5UpE-F}hRIj_!0ZO7U>0|6M4&+cL8R3en~_-^hkd z?oe7nQd66}YA4D}$X*c)IQzly&L7cF*nc4xD;BWxkiwunqu5{p$zR{pcWcMn} zZFFe&IkFEqJZ&tll7n+rDsh#fobG!B+l~a{uPkmIBM?lko5YN%y>af>Nm3_Of|GfJ zHVTeZhc#e_g1=Fn~I>qBuGX{L4Y>V)pCC;wbM&U1_mMvKZNI^+<@I% z)qjz|RR8Sa9m7OH(pm`>FSn!jd>!U|s3f3ygH@My=}-h!Lq9~iEBe@r#!IS~&2=B;#o{GFlSFgxQJcJtHTi$By*uOE z!yR>k>H;p_jbIvztRry>RwhL<@#Rup+4cI^0J~rgK1mv(1V{*de{ZDWRj2Vr|Vx8!W3D}aa8yQB~7z)b)z#n>C+`CNI%p0ZZ0 zySt@PJjDssz?t#YNEl9|4< zwndY@k?WDz(RR2){ABEkr^U}*Le&>1WCijkd7Nn6K-z%6j#LEW-#yZlA)R0 zPnZX@j%U$H;zj*wL{AO}8`P*{{9J1W@AF&`azyc{$x($5dQCai$ zJa!hd6YKJ)m6~vKGz#Jz6LW$x1NvWVv;pQS`YS~Ll60F0JF?=Z{6~lAFj}kZ8g`~o zY}~3*Pk4UDi%5ka)QCaOdyH<`6sI?pA>*mzysxuEqMJMPY1KBRPY<&`<@TgL@yex^ zPW|dY&oA6RU8nv{j_;op{Y$2I*dLHetQkgBVoJKSiXsodbfJ9%xB1WL$hGWvTUo2l z?cnFmfF>V1p!(hzq{L(BA>CkXD%ZKQn##3!{hUSm{s9g6_kW*6lm1Ksqe2ovW}}f^ z8352+m!g8kM4*|s6{og}`tGEU3inQ%+MGKM9s&V!mfaqJYQc0`tc0mxWzZgF0I{~EaY#cyNon-*gb89{$MY>&&W&TcBrFADFP$KCB z8fh)b^Q&Ia5Xe?yeFUjkxTZ_zb-<_D?eU4*{Pf$s@Uj}=5LtP=e4L?IKB4dQ5V<{~ z7!EVy<{yaUL>ONYv~~mfEyeL!X?%uG;~Nw|z8+`sDAA6pY)#peOf6b51j2jOc=h2R zJKFDUWapxFp*EQWr!Ylz)oK)#!e2CT0+gSc>~PrjFs}raUJS%N$*4*XC=HI9Dzi!> zH^D^rH8PC7elv0UMkBgqITiu#sg3tkB2NF7gwao?7-jPSC_^6R68WkL3SluEO1hf4 zlR5u>9&7K8zsZYB=BJgnS;vZ_gIgR{xiW(EV!<>Xk_C?kzeI}6ukTvwM=%f?NWgE&(S2{C^jL&N;>HW1Ght~g%9tp6DNUWtt7156{fMrGFigD`$Qfbkl`yBT ztW@T-JhXZ;Iju%-EQZAf!b;iv+`D<|ocB4@Cfi~@3E~i~BmYfiS*`uKMPbLD82;P&s_HC%3r`t1XPJb{LCTl1@RU6=77yFXtdDkhh@W&;=hRx z&IW9*v%%?q(nLPY*=~A-fthI$(DYM2pS% z3kLHnD@9JQCJE(%lU8nX67OjqxvZbE9=U&1E=hC9Rcgl4p9lw?;(2@Sw*Zb2?fDIE zbFHU!q{}>Ru)sNw!AEv2di0Qk0E%zW5y*O!z;CvyZpNlKI=UGv@D%(t32zgRA$Q*b ztbV`wuYik!WN)yG$3iVhbZ!;0Nlw@V2p}?^P>nbuN(bAdCnzqzI$@Itl6m)HOwwV}hb(Ej`*uu9z@&1PG}$d+k{*+)S<)o8 z1(OVzw2vj(-9s@c5tBY;Nj7&cOiFqi=Fyx0;|cH5D*Y8icRlCBPa{KNhWzF)SD^VN zpol&n&}yvS!aY?HE%z!)e@&j50KW{*`-V0)z7N>=9Gvfk`0-VakUf;n>tgYr=*+Nu#GhAL!~fml&Sz*@ou}X z9Daw52D*dkH@{WdVc4+vDyiIGuv~*41NlL@wOGw!_3dqVi#$v}7h%TDYQ}SzaVPzp zi5Z1z#wyHk(9c557^Y?{z>FOFnS~kM)r_f_(U*RjFyprbCBp)5?`ko;kbr&%)~mDR zy#-!j;DqMJdgQrpf)sJ~Ifv9A_q}Y`!*T=bbL(stM>_XZIj^l%d7%jJ37mtq*2=Bk zh_FJ0_G;8=c1@ylGCNQZ;C~cwK~G+PM7d=#RzKD~b3C`%mZWv~OUUVofQL`D?mCC% zQ&%R6Nl=#8?ujH5*cU$10qpL6Kx%Hr`pU-XL7dOKZUdC?UP}(fY?(5o{8J`E^vS~j zmtpboY|F+Cfubh55B^6ZQX7)>n#jDT5Aqa?fL8bH4FVtm{4;fIe{EbUZqSek9}fUAND9e}UN!w~&*?yz2p!k-W0fa~jw^ zVD9hd#d^u9$N3X1Ih=Qzj`>7G?)>Kn7f(;27`n53DuDY@u$%LoF^Dq8h<5s76U@XL z4-MCZzVe`#eprsgw6GZEU&5Zf`FtKiAxrU~{Pn+7G0c_i6t8iLD@_vK9xhHN&w&!E zZ(3#ZmVco?Q0P-~?$Jp4_5qB?Tzo!{@tDs+HZTQ@1Wykk8HTlrRQdPl`%W#?TNiF+Y&4&#T>Yz?t zVFkfR5D!>N(xutwI8RfvEU(AoLx?E!<4sI+ z-(;`Xx|i9#O|FMA#Lt9g@_+I?REP5w8uLY)yuARWlMiVZBzrmxvwf7^Tv5Bod0(Iv z;puS3vzpv^Tuxmrg^DkMiV?0T$Vcu&PblRXz zy&TOOAy%OEVy1(F+-5{E?55X=rN8v7f>IM+S3Jnhyr{eqcV7T~={iXx%d0^;ukRG3 zbCjoGlAH%41KMZLK>vtzKu5<_Na|%o*sBYoWQ?b4aPsO@8uYTXY1`ziboLL65*^BH^SI_AdB^GFT*-MZp z33%9bXpUeFgwZ%Gw3taM?oU)9Vs9sraH{~+h)D#ywztWV*H!Oeqo`-YRPSJe6z^a& zUSrah}22`xlS#$IB58i%ZBf1^o@nkFjO_?DUwoi5)S(0tBS&8 zDCt2fNp3DQaXmEf$bf%2@UIa5mB7C_@NW^`}-bi`Zihd#q=VGWOWS9xt;;Eqesmqmext*aNLEus!z3VUG;< zC}EF6_E^LobJ$}&dz7)qCiZxlJ!;t_z#fh4(ZC+21lAsVF*l)GEm!x(#8)>2rmT4Hzn(`)e}-uttS=y1K(i=I>*oP9r# z@!ytSt_h8MD+SLe@q*v6huYXRk6EbYeifT+6U1N8*>twM7HVuz1AeXTMH{w zk`6MwG96@<)(Za1Z(V{nVn+4&C(uk=CwtWZFycL2xSQBAGb(MF`C27v``g;k19YT| zA)`Wbm3m(zF3Mhubg-P;Z1mQ+CJ`^M%Fi`;jWQef_ud&rV^fE_?}v8~{)v^ZaV0xE z&E1ffKg4@lQ(Qv@?eT~yKE79tARbpM;WqcADu#nVkrGLwcuq3#`9@DmhU+&^OR}rc zx=9-@K##ex@q|ZV%(|w?VxXix^xr69)V+WGjc9e~;UUc5>UB5`w*iPFW7PB8%uZq8 zFyz3me;m%7^VEmldcRFpCZg=|9Z)iZVFr4ZWhfDiVzs;-1CV_7fYc%omg;|-K7Vgz+`d}Y8} znfC_9!Dsb^Z$8`^glyOw-^U#z(!(LPIs7ZM*0Sra<$S?(>K@EYzam|99WbYuAe>4$u8(e>NUKKJWRh1@dxB;ya}l-cVz+w zYdx(Qt{*+E$*v!GZ3WaZCbO`tt-#eUyn%E`-{l^SCUU-2)ZQ*MI`x}JW9Nn{o%@5s z-&>Du3Vyv2JxYsJku-LmC+~8|`(3x-1=mbO>z@&=!wzkwpgn`K*`Y|^4*i1#$!mkI zE8&YI{NhLa;s=MeN)UgD3~`Fz=c2AtkY2&bjpW+#cHSWYT1Y!4X^9|~Uu6)n7aX9JsrlV7GnZ4YGFMj={d;x0aIM3vCWXh6>rlmb|8u{iEp{Au2 zWi7+HC5dIMRWiP$40n$$c)%VpY(a&;HQAQwa(EueEYz?AH#$!WllQ)}iJbQt9sSaC zKD(Z%uN|Xpdd*BPQ^NVKP?AYWv^ANMt(>o~l1xgXJ}FGG!}&ByGAW84Ph~1IkWCU; zvi=<{^mj1yH~cVUvKbve0F~P3U}-e6g_UdZeNNG18{>zUJ6qq4J*^rjc;o1^tm$bKV+3^5g19wQv>i(`7Bm+=lY9mJBQRM4+r?CFc$F1`?A|&iOv* zO`kwHZ;ktNBK@5Au5;uMF{;1p{C%1F{WAIz;T<4A& z)#Q@IxXyjiOrI?*FH=@d*Lv$X?^LuG!3@B-ca#hrW+3z^ z;|As-2{RHf<1(X?0jOK1Wau&DugOY=!+kF%8Zhy&nmEOM6DB5N;?3QZL=}eav6zFl=!*HPR%RKro%!5r&JGWUoer#_O=iSvT%Q!&fNtFQt`W?~5 z4e)ur(iR|KP!~7ATy=mmVXY|{38;sB5eDdK9mV;c(8Z1Jh%r{rgGvUC@KSYz#hh=B zl0l<F*{ayjoMz*14b z%HDWmvZ?I)D+;-%fSK4qG~7S%8mD;9k^L(#ZCFdpdmYc&4%)cQ{q0`h<6oiE`ywql z<+cZMYw$+bAZsPays&Yj#y7VH3a6v{3M_vg?jQb#YYWTdMKnqB!McpvJQ*&+=w5Ej}<{y>Zqf7KCT%`7O z$U#&fN5d}i{(_?zJ7@bR3Oftm!f2=E*P`1ohkv{*5*(IV?r}W1nB>=& zIsN(~n0Bqdq_V8FX))(7sfDp%+(GUihn8$5AFXX0sV8%{^k^z+1tz_si zqgl-W0x(O-FknVOVyyA;N=71PRHzw18HOtvN$&un8@>$#qW?RQ1R%d*e;DTyex=QN zn)#(khN31AhPt6EL0d-kIJ^gi7hgQ`6mHE|^y?9rOU_pZzpY!R694snfQ2mP#a86@ zu75E_Q&j0K2&j>a2hA`5?FJkmb|Mj1px6x&DiChdDvPc)q%OMJ4eb}5dwBRk_2}zp zwA33NN&yd+sPa=+L*K%Kn(#0lil%KG0)t+ORn!6L{yS6=mUZgk7ruQ)M{QWt08&_Z ziGjJvdi<>FXjSl&8|={K0&`XV(r(_fV=Y-Qcn7eH){lQd6009mLzmp!CJUAZ?$M{Z zM-zdW28M}0bAIQU01H{S5`Os(uCdJjQ>_Hg_ zT}vv3FOS?t@TvSBYI+{;N5U|#_1DsXt9fn;H3+; z?(}^NjQ7y5GSQf!o@~UAAa^g%SGap%>*v_LKLG-WZD9-ascf=Ki@!&mQrEz%m!ia> zQ|9C4?}iiRS@0H&*aodv9LJ+CA+tm_ht{hyfvj}xx@gxvUaxd*Tz3k+#AE{L%S^Na zhu+naWpZ=quK6evTnoLQm05!0SE`>Wn?)5R0>>ay!cyXT^Aye~$U@!t$NoIDzG4oA9SUNIzNh#JFRzE|azEVYj%CJmF2 zj=H)>E$c%y_Yl+uY0y}9rbBEBCp98&8Rk$8X_X^}Yh?2`kLM9)Qs8pmcPD|MyqKm; z?>*lFEdLfo!h`q0>-Ab?p{>Bo8&p&uhHvj`l(!6gyGN^j*lQ5H{-9>|gv`ifma_`0 z{83%IBk?m?E%(_sP;M^$JODq#eWUg5x&&UIQOi|8rgal-Mx$Yx!?rUjE@Wcu>(tu! zV{Dw7sM%b}%rqgHDdw|Ptw$fL{lqNRdXtcUEU{zlf{kD{4_|B?w% z_&T}4o+|@)2|IF?Q~b`EeI9W2O`sSUmbCz%_7XtL&jY(ur158tM;WrI-J%RxXMPMrL3983Y{?r+ zZv?S$KHV`0zk)uP@G`|=Vl^5c;w929V1Zb54Ll9wzo96-1 z9x*Vwg#|}*zWWlC=+u31Yw40%vatCngYpy#WfG^DXen#yy-5*BV`|#@HBf z_F@#TCkOR+>A>#fa=sU!V3A_J!Yk%0<**OB4g#4NO5t7@SOz8MjAYx(# zwP!I%F^0TAqM(d^qRVrvEjb9IC($qbMJrNeSR!sGs){AU(XWu8A&aqKtul$#29?F2 zNn~NjL*3@kBwiagi8IO1J?o)lcOUO zs8*Rc#XYk-a*CXHy_S*Pcy5vNeW+Dv?o!H*V;RHqNCmt@!^ZS+Lg$&({Rq7?N7W2`*mRK_9RA5shX7B0V8vQP~cev}#5~SG?2)`-Miww82jWqQdl3 zL1U2f4UL5@a283Lde!rr4h9`^U0Xa3&Lm%c(@-Ty=ooQOi~ST83#nT|JI0buW!+j@!E_kSTpEy(00@{c5I^o; zp@Vv6FYqX{x;%HVgPc9!Q8JzTmeMDKblZ(39ApU~kG8C$gmRWp2=XsWc>ADwNcK5P zc=;e5?aSsWc+U;+t9D@z+DFrhH65~`C!Jt}ftOwk(J)f+jwmmlafpqfH=hAo$yN_S zZi(cf1O5iBYrblqcY7!MJST|SJEsoUlBmx_5ox_u5W%_tG1 z8S~L$Wj@;O

~zGrJ3zpknwW2Wlt!HMcu}xO#HPTv_~mT;zjzwi_KvZ zi3Uu|W1R_I7b`Geb0`mguR6ssQ-UTY!-*cOSx40*e3*k9AP8ck+a_(+mMr^`tt1@f9o}6;-<% zc>jg~0mUBR#bD^+>r&PA=a8n5b=?h3R(+vM5F`hM%^gqHbz;jl0~obM1k{7#_N$Itg5ZYU`Iz=5A^i^;HSe0 zG?h;R;fn^2E5PbI1&$j=-bp7EQb18<4)12)3(AbFglfX_xp)hYPQESB4iIf1x5pV* z+)guD#Y<#>#9OLR?`EmzHehTe-yJlae1U){ad-x;c2^`8M_N&BO#ZRnA*ltlW#lWRFl|Ti(uMTVl+)61u*p z7sQ9iZ)mPVoMDO-vHRVx^4G4TmGB}j(vQeff@r~FCe>?Vq%SW{HAZ@?a)P z?AOHg$cYBh3$>BTLOddyeWiJta6P;$W<2>FJu-B8*U64||0~sqs1xUe4(U}AGbRxY zv^45v%Yztba;-ao7fb6g=%^qqDHQw#OIHlnRH2mv`cjVckGF?{<-IhWzMVq6#cf7G znp-G{$IvM2Khu~j{WR4tql8K6PgAcCd)SHO!O@#*85qUE{dTJ-l_Uk+6Bi z%d>T;ogHgq+Sz<}AF{aWfj6M)+{eoDVFS*f3p^EC&X=eB!q}-S;&eEuMUOCX{$R#K z51cU21r&DoX7c@vCArNeka3{{qtPY17-skx*FGLy<#WDFL<%_w#nE!0&i!SX1(tJn ziYzdGCQ4R=!W#5?2Nk1RCXm*CQgVQ_(H4i%1NoT*01C}H-Ua*Q$4VBrxzLrVs||It zCvd(GFi~_ipyW=>GX}{EeRQM3Kc;6`-$GD+|kYI$)_M|(YF7=Yqh zpj^-5v8iK0PL#_b70rs^JG!su>VwXC37x__kWh+yAk}?>S_~i@HUx8m)HO|9*Vrun z2``lwyY%j!04F_ci=6jCj0-_~rFbTMAM+aB7&JFADe37d^bV`<3V0d(Bd|M^0HvTSl58P+0_^Y5YVI#w>gMnY`&G9BEe?^;WP5d z#EbS2bfBK*vw$RIg;3`(%k~b0x<765X5;?h8mHLk6vLq({6LozkXHm@Qj6DH$?}K= z4>w8^79qxpR(K>~JrD4feAi{Cb7|YApRA3Y+xna!S~-M`e?~ zVF_>UQQ4$Amhk)@l}!q=gg@<3*`!S@;lVu$oAffg%| z@JBWMrkJA_nt)x*h9A(ehuy1qJmLKlQ2hv8@;N#$kC^3h#U9Vb)-e=yEwTG=sRdRx zdD%pEY+jC9W@L_!xM$(1bFp7v2G4`VcsRVO8M&8b<85oTv2*gbJ+1mj{t>w%wmz(7 ztyj1QVfeIukmu?h<<9YXL}V4Dm70MS`H|RJbiET9jeP2gZi*umbbTY93jH=2ci`Zb z{u;&yek1sM=Q`v)4i=6RuU;wpt>yIM$*}aC{)w`+Z0r?y%PIow5$gFcL|sm9U3>o+ zmQ#xdIsH>*_{Lghf$|635e!=*h;@P(jOc(7LyH9aX@u^&`AGbt8HW(2FjxqP^$ z!+ljC(3L#5v$xKPp+t`voZ4zfZY^)wxA+@=YY)BEg#S}m?qm2jyOuu?LM?VMWFQ;N zV~MCR)ds@n&=mDT_vx$bjGT)nLM=Jy1#z~<8-Q+}RXiAZA5CG=Q4fc*33iR~w;(#+ ze-Xc2VfDbNEfsr3?X7^=GGjbwLF;|pZ7Em-j+eG`-;kelZ)RE6M4&ij4y9EwKtC(t&6QN zFChQ8*>(6CyqL&~D`0c{LC~JWUWq}0=}BJ`P&mO{W2HV{Lta+Lmpw8}?&h*0;Ue9g0vKdbz8c_KS2k)|G(T1=3Hn$DDJc$l#Y?hBOBZ82Sac_xCHlu^v?SM=bvsM z@pL1zC;0qX7OU>o(%BX16Z54j)IgLgKpl*?q}Dr``LA>aZ3+o+%i-q_H7#8E-q56TMjtI za`&fE>lTpW-D#1GnC*vIsRnI6SS<}mqAU#vB3BBt`#1neK)+9dd^1xy0y`GEuNX)k zy6c(D`^RT6h|(0?3PYHifu;+@ku7uhOVSpcrh}cER*?@jGFfP=pmZxbV zOHXo-euG^06hD(dvs^OC!Pq`v^u*bBQ+0h{_8ivfM;0fj0B znTp3D=`)#IC$UA9_e%g+J;)K7C&>IK3I4S2P-m)e)3kqo3~)vZGF;8?(G6RKGE~(a zu^PV02&3oJ^^vv?{=U?5OPLUl%(B)s5CwPv+hjs~Q95dm20FwNQ)Cq6rDK;U_ElBU z@5}2rhW0YM%ZNt!_4lJa4E5RPB3hrs`+1;|g@7A#0R2)k*-gnDoC70jh|=~`g{T>>xz>o|l$U|d`Z0-TW2p?13 zHsOJ@7yVVKvr$7(7BZPwL9l^L~Jh_#tJ=NL{{-P9(Vopq>h@u(O`|is< ziaNqx3O$f3fZe&CalgD+&-8<15+nCU^@CHA$HZS`F366y<0ff(aEMYWD0O4~w zOBlowK=`z=gfx}_!sk^i;oNow+b@H6+7K6$X0XvAb$3WBj84*WL8l*9bbv$SbbyP~ z$t9~pyvYQzUI%_M7xPRGh5tcudn$?BR^x^AeMn_d-for68y3LYGs1h->QEB%;;v}^ za$-I)FX->I1H7~TOL+5=9&gdRABr3U`ffP3O@(*T0)kcTHWl7Y^C{t@Z7RIKV+sG+ zro#JEmhj>>72Xvr;jwKByx*O#>SF=e1o#C+Dwi7tX%XxRE9Yz6->C}N2Nd9^cLIJo z0e^5OaB~FiWEI@&e+S-|&sX4mAt-loUw%G9c@8h`y||x%!|nV8e0UFn!9%_Qun&FF z4rU9@G3O-{=NiF(`MvLD;?3AcJ{*pUR&ll_($POLYJza%_Ox7&GB4+?W&YHtViEE{ z;^w7+gv#ZYY8MMDSnorH(QV3eqj}1!*x5!^J%C01nRfYg14s_zSAGQ-SkMu%Y|SZ*0fV zcD7G>(Ur*y@TU;ZmGaU1R1TgssV7Wn0yG#pd$pE%UBlyESeLL+w=(CJ;yi_!c#*CZ zGr}*3Iq2gU>S$H`LmW{36#mMKR%19t#(*6$cp+a!AmDuHJtn*zPO-J~0 zsB?p!9Qgn(h4k17=1vmQDnC%L_@}$^#~FZv`;*9I)PH?|W@D#h^Fhpk9^ONBuaDLD zC#vtgyW{Iys@C^nTz#lwpG1gtB_Y;G)y>0Yco3x`mTX=C-$XbpJzJxE;oirS*SPr? za`*9j@)uKQNLx43K_8+wKDJy z_OApc5|n<2iuWW>Xp~!z?zPU;L&c>a{4@xDKxXFqBIIb3t>SKb?zaMLsmMbR-O%C% z6z{j3ubFJnPK7cGVCRkK6r&CvJ!nFQIq!9JP@ydTTncT|x#I(%?o84mag z9Q!VbcL@?d2mKC}mkS>L04*~Q0V%;( z^K5*T`1v3(6e0!Tk$4pHz(42njG)ZI$PnasChaT~4!v=uHr@kd6`l=1MJr&G4lxiK zaf_bz|92HL&&%#a7ddi;!?Ig|1t^~8)-=j48BZ4yqi zI|Rsw@oAmS;r$whfqxx~3Nb)jM8GZ7{yxOuc@sg16Hk$43z{uVxE7FS2a5NR>##QB zNOSN+cr>1WstvEXgEfqeG7M6irVnIhjF|f_`4niD%`@)Eqabr7s!N&TPA+Bgl*MTS z(K5gsvL;_ST#2XQ5QCvx-EA^Zl^UqH{vD)PI;hlp6oX1kSk5a;8pAp8*HSPL7X{-? zM^hFJMJ6)*?Hz@vRnI|MN6v2;>N4jw`9wypRH<6F;=JZBbK;!WbY{uXk4+Zttp+~cZS2-Ug^sCrljzPwFC7cm zcZ~|mD>}h)pr>Hk`{)L#mkpgc`pw}Sf@J7S7AgA3xqB(^Uylx0q{$|$SYusv49^B( zbtvZ#b_<{7N?n%al+d8T-5432 zhV}^^814?dHiMgu#m=#w2~u1r-vDiV+no12^SsN&^7$a7Y@)pu{8fT+yK721lYigvJ(WlfHv5qrs7$bJLY_{He@ffib>ba?X zsOQtMP|s~F)N>OrK8|t3#5EKUOniJky(~(h9yUkUF&h~S$R@3$fd|8vSUtxSM=f?V zkokC4o<_-ai1pT0s5L0GiIiaX)hxfA+r0XZFh$;g>y}D;n>P0--uVz&_0KBaz)R7$ zv}+mfx090yEkUjdsknIvE}~|D=Z1i>qNzgbzKz>#mxtKftZOyynG;dea+bpgy;a_a>2QW6M#JQypg$BHVVUE;jU0P8F5vNo61?)p2{SGI0D-pOny zCdBmTQ!`LNSt0lzrS)Tl^;2$Lb(~BAP}i@Vms_SP>pdB@lC<6{XuXSj#GvC~g&-aX zh7vptu(Zm@+8C_h zrYpT^HIA^*%_%N-Hfe$W--@XBR|ZG&FTI*feVM+8ml6bNNoW7kAY0YkLXzJTZz`5J zTW`T_?H7zw0=vs!pH(WfL50sM6(YZU!TKI#^%bf0EofJtVK}Bs>z*a*jNyiF!uH1 zEZa!g@33rREPD~l<|+G0md(eqr?PAlWxH6mDVBXD%TA~4=`1@vmfeeGH&D;7X4ws~ zp8xs=`FZ>^r&WdF(XW99b z{XEOgk7eJ?ve#43A7R<+V?7_svICSon`H-L*#lViCd$5!Wp9dQpCeC+>$Xt#r7U|( zEc;8A&Fe8+!?JmGjlmAT`~E~4KPy&9#SYJ4^RADL|8>C z$2BCLzwd|lOI}CLYwZlebQI-7%tRw2YNj!n*-t3}#>!OT;&Jj)8A*@v3reP3!CNYp zEEJ@ra~#sRuh2N_%19X3+XOsd1Nnz~Sgfo%!xtMBCN5zH-om6WT<`Ew670!e@$$O0 z6g#Hah+5ZL*m6lCe24dAkb)WMK>u$7;q)!)C*c1^9M0C82nKT)ouY0jjV;8+B=fU3 zF$d_%{@ZmtmQ_DCw?8kOgAyxBVA%k8X+oB#LCbkBp?f`_t07`?J9*N&)Kl>6zmRw9 zBS;g{fp>dh7`fF#r`$12-!MdTX5@wsdp zKFqe^$j}9QcZ7W=|17^Cz~T*-vv`Be zL$$TS+y;mCV@@n3?6UJ*50EWO3#;rxx2Vqo!EY}N9YMD<;%)$XuO@p5;M!J<6LXaU zPwSa4Ko%>Mrt{WS=di&o_{YXM8=P}@h1QLfW%iMm$(Zg}NOmg(`gdcVCj0aF6b0=CH1-E(&Vn zYbvOVE@Pm6t3QG;fd;XPfl!bZ5eV=3y<^SHE+N;|X++d{tE$*b!Be!;ve`J5_5k>e z^ZCS7G84_9R|Hu4rF-?xm1bOKd669esD1iy+F@#OP75&icgoGOA zO_=RV;ngL0+)Biel#DCB!^%TUL@&$214q962 zocpR=7ehW-(J8^?- zuAW6(Ps4=-;+$Fkmjq&Gt!S?o{CC%eCjeHichcG51L+hFm@cKg@e^IwruOG2PHCAD-NC}Y0Q}n&)&4WDt))NFf}*=w^`X(1Q3SXQB5+U8 z#=AaBD&lly@%HAZFYCW7KdLY5aQ@o0_AK5W67^@CXl*{aNoW^k?f;0-^-R zz5g=2%Y&q5CEf$!d}I|fIyV5@=meA2)fd>Hut)Ng%G@nt^wQ~B3ljSf@gMvJ@+SCgprK)=hG3VbXR7UL;R9T z|ESn#5RP6M@(*c4_lZ_W(R*5Su92RWzV5x&odXqH3INlv$oBaAAknh!Ppvym(PFNr zofcQ7Y4PI#kSua_TRD-%49X#}yg5-h+fY#vdxwU0Dva9z%>K6Qo2e8+68SX2t4iQTm+4hdrxN16`*Dk|L z)c)rcaq2xs^q}wCTy}pT^3280^GRJ(X>ZhYuxT$=tQQ-Z^&kt;jc zv;U6$;$!T3U87>t-Wo#BGk8n$7sZdtunf8x2ynUoFG$dDbSg(>PxA^^)F?8mp9ge7 z6RIF!jsQQ?*;Qa(tO{jgEnBb+GNKZT^;N|tivLZaM2qw1RTby-)kN;MNqD8LCA8^M zwb`cUs9CGh?4_((*G-+8ENtK8W~_k@4C9(aq_>I7#$a?>{^(`bVA#|7M7@hl7g98z4Ggx1$vP zxq*2D^zMTn=%o;`k@^^(gLW1`2(#^tcw5NIZ9Yxt{7?L(ZLB-3>>=$~&gat8@OXbI z3&NF_zH+$6u~nmK*5be1qr6`~g7*X(o!rhk1;@KB9t7h!0=@B6)LA`e^SL#Xp;jmN zkHeg&NK2!f){VUWahn%w3%yM&Af~|W{K`{_SE5-BXR(GVs6mDrQdtcxoM)j9r}$9t zdp*{Z!n_A2pN6V*RMm0a?^G4kt5scd!KxCds%L($s-@AYWNnvK0c>y469P;^nFJ63 zCrR$cJ$fx7MA=z@@!NELz1+Zi&UWY4=l~M)tif{QJexS}5+HaLI-DS!9N*(;G*Lz2 zzs{y|zVQhfc3OFo#9Dx*9edqKUTbdA!jv4cLf5U>^?}f>)9?lzZ-b8SNT80N;yld> z@e=~IJfyRGfw%Z8I=16>o`J#EVvnhYw%E`gPEdzVzO2O0t-&8??A@s%XL2jnl|Xgf z@H=&lj@ETlbK$!5R9E8f)b)){t?Q)=*R|L{klKbN{3~kNjJ!^+YuaE&nn?#!o`_D^ z=e3a|MF4jNnI-XxJSr7jrzHDo5)e7z7M0iJZ=>pat?6jfS^6)ICB{7yYaH6v1skIG)+;Z-l%cN zHG-wa9S$oFiuZb2u3+AZfifUMu3`Q`FtW1~2z1&x3URt_s+RnTE8YE-Fc#GSz+tl_ zGClK6C;Kw!YHzAB+@C%>?Ko5C(C!iZvt>d2O2|GWSia)cU|Fa3w9|5kTjL-R_Ov4# z3pF~mM;xAVlfzPO<(?>aSlZwLboL168;q>Swno(5wak#Ut7dkelf=0XzVc|Vhjl8AJ z9TF@@T+XKQR97kVC)F{y&M6*ncxtqcGe9%{c#i+*oZ6GYpYvzFE|LZgDiUX1a;~UK zKZps}73T!Y*Y58H3#|OR=-ROz+tBQ!6WI1QkOlvk5e`o!aHXdRm`0=&{~-+At96Qp z!>Z29fkyWGbJ+9WCG7c1A$z`Ysh*Zu?l16?5adiomw&cB4$fAY&vCwgrjzv%n&HV+k==?u z)6;T2=bPOJ-L+`kZ-iH-YuexUiy!&3ecSM=%>*qONs)`bX{;-`HMw<6-{Wc3vABw! zR;_C>OtP<>-69TI{nKCZv?g$Cjvyw^?fsOXJ${{h+*-B*nSzaGXt>H(uV{6AwThY- z$D#92^_8`L$E_KOZe?1a^h0JOt1A*_bH0UUbe4LXKHSm^&ljy_&9}Plw^CTm*_`(| zGg4#zjJ2%AVC9|+TFU|rP~>*Jh+_8!U4z0;^lhiVfK2%8PBXP!TWK?I(&G4FrTqef zNO6i^*~Mz)v3xyo6;JDnyju#EA;Xr)=T^`8!R~%dK`n4d7~$66d( zTU2QqwMlFB^R;$=$xBv$$wy_a{TFj(E!`G(1OB@ow?<+xOMz~W;(Q~?v11M71L1)o zwDu?;`+X~}|Zc2dltAASy0z`f}um{-Vtt@K-8S5{C?&zR9 zhR)rYi`}^myR&p=Zr$73@cB0M6}E|;aBaY+D=ltxZ)+=c+Hfr@xPz!G>5YI%L%_VP zCH69mdUSZLw5MvJy4Tz2-WClJeSiH|!%JYpQ}~OU^e{X_ba=CnKK%??m=eAL-q!kS z6%NS$w_K*K?){+ zrX(BHTbouJ3Oo$Gz^t>#KFMdHz zeinbUT}PL|+WIdZ2(K^Uu|9iEgV);JqsUvrE@iXqRcICG>w!?qujRak1R`%u2W^^z zWoMJPM~@+M4{fZjr)y`w$d#~(&9ib39I%U3HgN~@r&7A9>?|j~|1nnP!MICA(Vo{1 z*I32hte)?h?V1p`nOs26;~uD-$IS_x<`xCu<(%PiEmF5ddo=d!NIQQM(8{?AVCs#W z*JGg9g=c{b*1|_-4SlrmI3#}6FpqN`S2L1W#*uk;Zecy<)}@&xxuYBkHef@iv2m>QN30_Zb>NSaC!zFDkow&`?v8Ka_fh=v zAk=zC9sD`^8MgX8{D~aG*ILN^dKdoMjcID-%|Af;(jfd<0gzbnO<_}|)@20PR@(A5 zX;0g^MYV5W=Aq!vCN=L2<-y0h8}*om?P41Xe|2>izrupt=B8MgMD|@Ul3r=M1k$(# zK!X=R&llj_9sLsiM82BG9R4bZHaHJccIDNWgS5?E#;WHxuF%%t$6Y3&vhv4;7;C_cU0Zv2w- zo!5~Vb<`?X*u)nO%)PlWGFn{ah} zkADvRSBr}KYE&uJ%+}S<|HZoc7}wCJ7h6}~vvpN7$~atSrd> z%o_a3MA;WxTBrVhSX$N#EGW`ah#`}`xDeT4(by69;hR?cMg~my4%2a| z%s~uU7y%sr2@wPTM1IC!KSJi$KOjP5*$AwHg|Ou`k9vrKZ0T{_4!#GRjvboBypkA$R=G#-i^GeKrK@$7%gVdT;2W_cZVT zl`(WN1OPOGom=oNqR4lMEPw(>zX7^Z&nOL|DYp~|&F){Qe~BF$K>%<|niJ#d-gA4y{|F`rh`1T?gYxQrt&N&&3g!1@IyfTWGU<#rZzh zD|CUa{5a}hzWq!#5rH5H#eY1*XhqumCZH8N&MG_bUz3O~8G$aLdu5B@T--AS( zq0RDQ2lABN#Ok>`r-{+2eD*9TX+k8~?r?Fy*B-a`6kfULQ?Qi2GilLiGvpA0|XUv?IB(;yl6Z;AG7w9D~h=h|l~kw*(vo z_jLuPz(xpTz#+67fj$n-Fy~9o8X)zkKE4n7xJ4eS9=k84pGmAJ=lwepq~XzQ z*D?GoDXxvUvPg&KDG7`iVSGTwOxr9+Ip0}LJ7Pps=+kocqW!%Y&x|w`b}_!o-z&pS`?4_(2#t+#KuCZhAWJCYF?TT@ zSK$%4=rkJyzn5`yOz|mAD^D`2BB_x!YCor54SPD|H8z zdXGw_#Y!!Q=5h~68%RI2<(>sDjV-sFioQ!lk87eu7cE}!K!=X`{qIw$4`Ze7S$xN$ zxKi_})D|lBbga~pMR&}ND|I)O+KT!(mr~-+`|gNu?OrN@ww$gTloIYmi|&pqv6xEW z(UmJlDRJMzWt~fWK=-joiI;*(yl+p)a-~*F3b!v$C^Pol$r#$qewjiKp(*CZh8R4U^(l;h>1j#E1CIlAR$jJa8}-jOkzPJfyYf;PtC@!qsue|I_)}4~ zW3z_c#-y48YE41X#WU`~Mtkxu3vC6|H%#&+~%_Df%jXfb$=PTGB*G(+=f6T z3!bjauvXm2_Eae0!i%x|2RlAHGJ#^;=B7ccLk5XOyY01SOGoPJZ(b0Y*&MVr@MqYX_ zeWE`#0sS>tT9%?6kZ+md@$SvbJ9?MUa}ctKH~a1@KE!B6aD+upntd)2UpaB z{^4Zu57#pIBgH>l3%Yx=RJlet#6wQJ@@&X_1nrDkW%KyUnQhCps*|`CCa2geh^Hs| z$0eYSKZVyG4t;sZN30vVn1ZU=r{pbE?-mvv8OBQv?b8XZz-He>`BE$K6u{ zOrSHH+dRn-Xh;zE1Wp)?;@3>?#m<$)84#yxANU!e)CwU36qA`ATtyz*lT zI%M3a1dkv3bBbcQjA3HwJUaA_CKV{o_!MbUlG+Vpv>RPCpW3ncv@V*5riWwGtl77I zf@b|Uq2K>lyJK0qJ*7$A)pogywcD#>yS+QN%ll_%p##SML~xvkvF)p{ZBM1Cg|-En8=&iqW)BG%>b{vsKj z0;FA*Ib6f+(|U8o+~$GZY-?wwWjTFy=)`@hmbX+3;sNx|o;sZO1hX93wYhbn31`pC z+-Cbo31RU-aIG^R9?on852D7(a2Kdy;Wj%*5r6q?B%C*9=1`KjP~pWxruySIjimytua0kS!Huwsn&h2lrWbJnzYAn(`T?(nA$ z;w}4O3l%Jl+%xC}-n)mnlR&Gv8ZGkWCJafGxVCq3rL9;?F%m6%UE?t>RpQ!ImIyCG zqIRuNtb^ACK+k}Vw^X=~Mg~GhT9;C2kD2#l@S4($Jn90V)KuQ@d^7Z3LMj^dUt#m> z2f$3esm$IdkgS;M7Nw-dL(HBlM-r_c>DVaG|535W%!G<<vLg7 zPX^fe^)FU#MQV5aJFPpBhhMmrsZ-!bE&P}^#RRx(0$g@~4g=x5Q}IMK)E4Igti%0# z@jJzXuXP)$4w_c&=%vxSKViUN{cjeStJ>PPI*udvDJI?&T2T#Dv9pWDEMZT@|n;rf!whP72 zJ-B2WS*IcD3fYx30PeA`8QaBM+Bok)`VBk7+X$5KPJE3<`~?s|UA6QXM&sokMV5l! z9vz1NK`jj8o15YXVH0bk@#i}9zh3FT!%}PI{#vmzTM0LZJ{^?q4^qR;RZ;lg?bLQ8 z2WkwLLbFz}+#$Av7n5h9Cdzd6QaaC{`N|n$aMwNu7wvH)u}a-I*FIhKL*AzFnm(Z*M0g)bW63!npU=;Eu2%gEHLRUOi) zRV5|FI*O5!!&jjzfGUlF&Wh8_uE==d`%88PJY_#3RwQBGSPZvmfwO^4R4M97e~gQ?@+l2Ld2D5r$KI1T;;i3a$E!&fjNkZ2mrJi_ITi)CliQ zjK_+re^RmH-NgR_D=-iW)|z)dR%&T_IH0jMW8fNG4(IShXET zpP^Kj9#q1P?gYx0h38h5)ZRq3toXN+t|7>O1_Dn@Q$7->zQR?8KPTzqePY}^vVMr#7~ z-KTGljao-;z_B%kjSj#@K-xFhdP`f}pQ?#rqSZjvkitKJp6p>trbW~#IiUY9rsUPL zY)bxmHZ~_-Z&gzjyPV#s{1&s_AWQtyNguUqKx@e+?c<^G5?~AAM?&= ztw(kL#h9OOg<7GeCtHH!wdn~42=MoU#b7gEu4wN^#Xi%gYK znJP`(RQ-yG#Ix%9htxT`M*CmP{H(KV+|$m+#?51OEo{Kg|Db{~q*1|mk?QJ|DX)#2 z@?ALCH&}JMeo*1}oJO7Ni&SSy}lk=vlI^-5i?smR8_JjABg-f?;_JBt&6 zz3F$BCL&;^%2Keh9#Gk>KPWq^@6~1~3N+qy>unwHkGHc)-V!I13FveSy^l%O3@cjd zHk|eA*NPJ|=2cA?2-^g^?MM0+dpi6x!oOy|%AUpUB!avw6=kphG*7I>8@l53Mkr!} zBJ6tm2b25HyKHhgh?%B&qO-Zmp4tQDj9`YVhai<@(76D{P)gM*ehj~&Y?EskNJ;Vw zsPrjgLS)*Uw_v3H={d6bWKX(xNHM*5PiZ53{~9%BZ{BEhjeswAxBK#val@4_-&elG zP-s*fSlR~W))al#y5?>qXB`G#?0dm~c@nfN`0vkQehg*vLZy~6RyVIIHH+Q2LxGPCc+mfzh?kp#V&&z^XnhrCP0aHMNXZTi( zK($4$p%BR!eSH3KP52se5oUPtc^YRK0|5Z&sUCSyVQI)Iy_T+H*QG7ivT>Oj*Ol<; zD+L(O?O3So#CdX`zj_6k*zd-)x)7vk8+f_eVcE@j?xL6*|HvUnp7sW)$el?30|uAP z$v6+gyJ0>X9={a{Ukc%q(>SlHaG*)kRM>8m&nXW4QQb%yfu||Htg}Io?9kJ-FViK` z_0(a8RFWgZb4+(2OzvONWn;b|3Yi&eh0H9z%9feK(D$$t`hCj~jYhO*MXmvGtous` zaQIAl06U|GqAvpgp121)JzWDm#rEfk)`5~eO9@=%)KK864FPLLEv#9X_~~>xWU>kR zna)eybLm0>`7>>@j@2^HvV!Eyz&rbQ@_u_gb~Our!C5aF$=X$C&$E`RoqP%TMu%mPzWIw2;$vXMHr)`h)z@FO0{rz0d=uZ_*IUs zp!(DD{(WiUz01tDmm#F$khH(@|l5FTb&3z4e=#UBlnA6#OG|J{4@Rf)_b@!`EQoMwE zO4Ct6FWG!Xae@&Nl<{|H@KASZkYBZHOJ|Sj<1=_^J#!;g=ejAkrl}}X>mDRXIy-d0 zdZyOe6iDVd+a5tGGGbU3a^-;GZg@!xeVmUJ1jAHj2!1C_)Di2J6uP~6M|Y$KI2G6e zAtQh?M=G18M*!CIe#45p5pC?i&7wTioduJ^P*V+v?;33fe5YWJ7>A1CG+)*- zJuM}!WIIq9-#8XVew+nkc(sJC2C5mhu!snIp6P(Y!8Bab+jCe5LU%WETOdJFeg~M` z@ZZB^m;w_)ysr~HrlwsS9s+u)rJKje9RN|-apAvw4t=7R*3#v2>AuW4PTx8^mOai-sC~ISvGG> zWk(Z-prjE>x^DvT-FlnqM{+rh#sh_->PpvqAa)MVt~oHLr=LvJsBtd;l|Ni#-NL$X z3?r(!D-=rALemg8l|-H(B?n1U4#H3IM=c%(N>Cd*i&s0)s=YKT{5KS*{D%Cw40~WB zNMqFzw8}a{Yw_83Xao3h&ozi2&7nSDuZ&AI*h@W?^-S5Ql7iClxWf5(XbU1t+ z8-B_rZPO|Ofa?>)QirrQheFGg#ccD`pCIPwn(4>0m$Gze^;9bH^i5*}@gAad`NL4fyj@86JsNvmNNpNEy)iQiLYkv6Ud36p0(MRZ z^Bu|gMp4J7*V-ie7wDFNdWWR=p}{nTxao%fj7+I`Dzvl@rKPBD3umEjQCi3N$fp_M zAU~5fX)>VFF`X4yN&oalbo9;GN%R1oVe7z8w%}geEgc%lYQtd2o6{A~@SDHHg&)if z;P{E@RgeHWfn+4yOgp|6R#B;m{L{3`=Hx`?UF8ePqd7va)y{NovliyxWyH+C5+@v` z&z~9C>3AHvVEe1h%0QO@lt6^g!F19N0a6bPMCFhl$;_#Q$<^YJ6t6Qa=-dMxD1@%; zOWjSy?m8&e^8>UU&u~Z+U^iaPHsi}*&W&!y$7HkJ&|x#qhSHt(;s)6~(7^WM&z;iU zMidrsFW!Gs`@Q )05PqCJMZ$2d@5=AVq)@!ZE^+ws6$bvs4|KfGNT{4jmT=>^Eu zsz89f_^#+)Of$KtJB=8*l<*7|WM^=FHhB=)aCMtZh9KeV&Y{z#b!^XxuNw$rW9Z*7 zJ>dc8*yIAOG|?g*t!FcjLlF0d-X z;Z`g-Zw?9_H@CyDg2K`9%-(l8#IMX3ZTY3(s=gAOsQN{KurbKcuq@jiJaVwm<%F$~*wMU3G)g}CC~s=y(lRfuw74Bpr4 z7`%J7UIgBw+rv9W*9qQAeaO&#*PT4t_yR46mI}2~&{pJd{#!cW+;%PN!@8D>^x-yL zyFRSZcIpF61jD&?4Ch$WSqeW%ZG}Px*15}KO>M!AZYxEbu~m!CF|bh@C^vqCNY~z>I3Az5%qf)d2H3=_o zmSuIR-xvFhdW~&9VqhoTpaex&47Cyk3XgBb-J~V-EGv6zXD zZG}RAzCVG$l8T>6cf$^Of2b=SyN3qrxf^)w`;o^UUch*4TroR2hGo8dR879haDvr- zl~VhE&S34O7)h|p+TWGO#B=Z;k7Kom-#Q!D)$i|PmEG|>mCb8k*~)RTuJ%&9`omd8 zDhT&F6W4@CX`-#^;?PK-CZf<7sP=cs`MAoiRw{d&Dsx}3znj~zGPl~_{nsj${rz0K z_@wRqpD~|E0>-pgTrOa>X*kHQK0`^VDw1GFZ(XJ25=~U_ zPmlt0aN}epu+l^D&TY2mfN%?sT+u$##%*?9X+w)FZu9gp@MC%&{F!|<{Bd6ce@gS= z&)pcA{{FG>b}b~2gZu*c>^k`BdeNJS3TE*!7W!yb=5o=MxdXXkHMj zoZ`n0@iTzwFkifOeq|-r?SKgA zbx`pT3Y;KqyX%;j&>B}aG?(SpUByD(U#`?7cZZtrdvdhHOMYzACOwGZv7Yos)n>AJ zT`SG~$r6R4ufTUPxP_^KKo~kgWAm@4YBp$S+nfN>cG=5pOnPZyn`1|hp<`NTejmXB zJJA3CM0D@oT{aJZ3`bR>>i?dSCuactr*tKXjAYowGEB1hL^EZWl#G8(RKQu+Oe21N zV%*4fLK+iz(YFy#mgmfao-c<`#9u-q@aMy$$~O)EQuI#A3G2Z>6Ybh0r%6;w`R33! zzB2YUpT6-b-|&)eJxgCp?$LIXv6Ggo9wo@-AjoDygEj?ZCGdNW@|%a>>B?^eYmV|e z2jsDQ5*Goq%2VM83G}&jAbk^fKRYu9wTD*!nxD=!$)0BIvcb^y2dk*<=uG)H%ptJ6 z2BjlC?SNKk)>U%Pgk;!;$Z@pvKH8&8O5Z!tiiKy!#Kt+nh&J6oGFFWtk^$`%v-Z^C z$mZ+l1H)*Ro}u(ZHV-|+P#-bj1g~I1k2CR@aFACqp{1!ECT!zXOlW9ohY5e<6-=mx zbYL{EAoUvC;iVn|Ioef9_Svp+XcXK&%-5U8|CSsDN*O+s=R=dA~pfv8fH z1XYqW*O3HmI>-1F>lV5p0Cc#e!hl5SyGxa@SAozy-P+_Zp6_TllkxwWI=}YVFG|2 z3K4H4h%0zJ&z+!3TP(ujFjk|HYOEt%OG{aarxjDvp-o=!11lFj!Bc4q&vrfYAOD;k zPg?{ecc1+Vq%BBG9hFEPw)WO^X!osOsa@us{T4bxwJ!p|MXt*vf1y9@QV93eEQ~Y~ z?#n(=c29$Kf?~TnAFDw<8ONHbR!Ptls=o?Zz>y#0XDb#_Aj6Y5KXJqdWE{WU$W;5O zjCcTefgzP9l+dw=;e4q=HHfi6&cu~D6Ik9K1%OBi{Ak7>JZfMIRU#2pNOhzZNG6(z zO#J5;1e1T2N+ce@I60*Xk$^P?*aIT-+FuX@cCeGAr8A}3(1j@~El5&m!CWjPE`w3r zZc+kE<_02ZeAR?S(aRaIpFA6H-AswAT5ut`zFF0Rgva$X&evQFLHF1NGoA>xGj z&{Mm@P{d*_qgecBwu8{-fzA?vb}qy~cq)#D*z=4Hb7-W+l&sj>q)?!I)G7@BL;R# z2vm8EJ5fV6{S6&%M|2f`8;SYNa}c5DW9T?RT0;xYpZAA>il&Q4hVbl37>9pgMJNBx z1Mt&P@F`HRNifAXDq1fGo~7?T$wpt#V^Ayfk~odgDwkCyiE{{TUO1@;mn=wjB?y+N z^KveW>Aa2%P<39U(>oPf|EeP5YvS01;kf@l$o7BPY(GhxNOvo3A|RKI!35<90xx{Q z7kDqt%)WqKz8CxAi$dkTR|0*Ya09T5z!W04@FC@MviX~z$HWD+eT9;zKs|dYy;$WI z9%C86Exf}rOiFk{UMX-d6+m|4&r~4FPTWwa22olL87xQwZkA&U^VrPX0m;A|lXuFv zle#YNTeQE!6pj5TNUu~YuFFjt&ilIZd!}-q*WnqL2|r7iv=L~(ivW=t!AlcOB$q5^ zQGS|%AOH`J`wIFb)Ue}wkX@Z1yS}(ZJ$Coo3vstmNCk?&NCS8)`~WHdJAt8e8KVLe zKM~Ed@Rls9R*eE|5#gU{?_{bAf7+YZWWtd4gf{L_w$I0u2&k}qe!E+hdvw<;LRI!p zjQLxD^2vBb?&1& zBNO}X?!&~s&>CX4N&9qyOFBEStPyH?}6#OZfsrn752C{fK#V?4~S3J=rd zL?ImK{krzd#GOBqY>2TUWAfonW{Yv%QYJ1T#DJTz=L^y3v3RBD7j7l-GZa16T(&m5 zy{u&Xu^lt>2Uh2{g7)nnk0|ZiGL6v=_&!CO+I+_0WdMhV*@(4oy5m^9*CMpmj753m zgCBUj4G{!C;sK5wjdU5PekK=>b-8s;)REY@&3o$CBqUG%$*@~&I6<77 z0!Lukev8HwLf8IRm*b9cjV6p|yNrv*>*q0@L}k1{uvOEQPU0WTl59qAhMf1domX@c ze^T}v?@`yR4tq{p7>U2(?l%FWNNP5#YR;V#<^SpQ@<29s^ddxql#p9 zDE4K3(X0HpWpjU^kQ~IY`I0s!~g(LkU=97`cRTEDp(G z#4y{rb+S1l+zAOjRB-;SD6P{mqV+NmtpGeXR@rxTV|)uT(AClelL#4AcJk2Lj>)ct zX5U{-Xivl!d07ASmw{QywC4t7^WQ?mkIYeK@hC75;^9cQC|`J$$`=mr#1~@ZnP5-g z3tu^>%wohqXaUgM*imcdDXrDJZ-Dh!kN2Y&N7o^@Iaf9hgietAqx+-X*bd!j^021g z>eTd$(Ddujbi@<=;7_p+IPXIgY$EzmH~ffOcb81ZnAgLH;bJOb=mzvma{efrpZkIF z3jKI;r0p7jMEKlJ(r`OGRr-jD(ET!$;a0b(+^Xnqmh2(u zw&-lEvg;KF+GrC?0R?-rqZ@ZR>}}A*)o%do*D|89|NNdNe9ocbSwn=w4!n?+)JqKAvJbtQxWXXx@U6Y_aM%vv?I|y`J zuTgs2@E!H;^=p*g*0T5Ku2Fg$_-+hSW#MUv1FBb6{zgc5ilsmxN|8VWhaiElqspX! zsZ3_5Ev#TQ7OO2hz}~M>Te$5zMLiNuI3IV}v@3qsCI%d0EidlzG?%#aAgO>PlIAkO z8v5h=jPt~x%|M|`kUExrh~jfq7e^A2Z`&P7=!dW)i9lqqplHPlP3ZYG80r_T*S%2{ z)}nk`7xB0&S^uDhEbP{i_cW>l1L9;(Y*!Qkoz!A8zip>N|Kngqg$^`fKqo`43(EtC zxDOsopNE^zD`@t8*@OMrT~!P@Gh7XcHMmnqEDYQ>XiGM2Dt(&I%Y{u<8JzEPwoKo@ zKb~XiQ-;M($mUnSVGNT2)&rC`F;_ISlO2iIu8(H{rKv%`IWl%Q_W>K**fZzlu%uHO&5)H) z=giQL-6epuXq_?zI_y|yxQ*ywhEnJEO;G1&EF|Ke?u)md1s-M9@i7D(7cvll2A-XG z(?R3TRp%lr2AXsR8g)tpzu{gB+vh#d#2LE2h~814>*QCya~;u-QU1NpLctYhD0N)V z>d^gv%)JSCQ`OcmoTN#cmX?!30|gn17HI*Ym7)}=_CNwBkU&vTu8QJ>I3py2%FvR8 zay$lbz^m8!I$ZDdsyJ0ZEos4~1;v5`MH~uFiP0;dmbO68zt-COB^#SGDdeRV<4WPSs5w3jFZ2gR-=YD^w86%Z%#yt*0hlf zDegZ^B+(3gHhXfS7X##-H+LD6TMyHinBC)jhdj6bc_;ocfpua6Yrx&V6K)!z3()xg zG5|NTynT4y3w|fc_rpzz4Zm>}$L6MHYIp{eUW%pfbPtct1@Nsmb!q*p&D44Z^xv8g zKA)P9w2Gn1JHOE!0MdK!+4Zp9CV;y+@=UqL?^ z)6UGLTIT(BnnFxH5yQ3zwPNn=j?Heit3Sqy$~>P9Rwk4Y`3uEi`#)&Ug{+WW=TUpA zhOzd%|0}ge@S#_Etxba8n7GnT^tjRvvz4Y&d8S*>V{P+5d67Cu>T*7g$GF6kF*6(} z&A~qyd`=gB;_cIFwdOm*cTC4v1-XX2CWS}5jjarN@NRzlSo~sro7fju{s}1{=^@P_ z*!DUD!`F_=)wu-w_fEmqit>r^7$EqOulOc?Kd}=jNbOI(by}6Dqk!>95uB1pq_l*= zxo;%_;}MtK>X3JZmwwhuH?__<8FtJYEH-%!%EQCwRN-cEF#KH=wG3HH6d^xZ#5dC6 zyeQaQrenyb@O@MtIZrtTkD=+K$pWG!Y9@UHOg*Xz8#!N&-0F9o_mlW;0z1@fJYSE+ zC6I~NvGP9E`pTCHLKV{zO2jLchv|FlisjO=noMNXmkBbFM8)ZD@{Iy>{4~HBXTdkc zz^;Oo3X6eZ$5beHF&&lB*S+%SN{spPjnSz*jQHb1Q3HDPa8$IZDHIF}@8F1s-H0O7 z$Y~vmOq+v;ZTLxm4N!t zq)*RH=vR1^UR5I)M%0?QP~4>$J@07Cl~)c^q*w`% zY#r+|Qo(vj(WAF6>^0)pXcF^6yQ8oLMTe7bp0T9HYFb=4vJ;j>E%0&QnF**9Ht7g& z$T(oXdxVBRTN(Z|JC!uZG7rmvb=Cwtne>Q5zssq-H30#X_lRovRrh!e_04&_3mE#B)0XVp28_RrHlKop#C`?N*g~#EQ1NAAyp`F~DgxBVn z4usnUL^bu@BowPsIyAnYq)@6fX*1^boLeWVI<=lvRB@^UzAYQ;2&~M-I4Q%oq}AC< zwrDJ@$3bo_>-4%r@TL0}X{)2o|1$pWz!f6C+ridJmqHldudNT5<+C}hbYG%W;5v|Z z0;TlU8)bUqfYC{uAOYbzfI6}X2px*TI@BrJ$lt*$!L1D-Sy-X=0WOVVmg8mz?7*QO-eh z&Xof89J)7^69lJ=A&o1kzkG_q4VQMlZ~4EdZ`7aEXO7ob^1oHzp3#3?-;1MT^?i8q zf2qEk|D--CUf+WMt@?WXNqyl_vHE^)@2S4d`j|1!M)1w-r6bQ?fs$Jy$X|{x`3xZp=8tj3O(cJA!q;!niJB1G&NCCFama9iA=h1?{HI3XOn9y%;Jwp2-6BM&E&#jA;vB&HPHGafQA^r4hE2f z07=vk0(db7@FW93-%q8+?M4ltG6t}U0hkcLwB4iuEQ$eK!2psGAbEST24If?Okw~j z2#~TpMFYr<0SsgSW&|*AH){Y%F@QGO6&9u)3&E+05vgy zw;4b$1n9NBmj>{34B%k~kd6T9+tW3GH8B7W1IR#tjO`g3z?Ct8xeTB;0`w-AfCNwy z0~p5uF#2PuuwBpq2E_pSFaW&lD7DaC3jv(eYXHZ{Z^gn)1jyW;sR4W*188IbeGs6} z_C6ZGwiv*x44^Lp^xfW919&6`uz>+&AwU-01rxyX7{ILzz={CY?N$xok{E!K0rW$F ze%t$L0OMl-qZmMc1n9rLzXp&M14v^4*$9xmJzE37Sh@@#LJa1@0SGW)`v47Ke+;0W z0SrWdfuyED0I$UW{=opwK!7v0pP>P4iUF)+0D}-<(Dp$Lz`YC;-M2!*U`!aieK1eB zj1uNT!VpXtvV90o5Gi32Bn-ubq1%V@ggi<(6B2STA!mCIuiM=lo8mu${+rPM9@{&C zCX90D!ryZ|7f9-Eii14mwB&6y-Fac;pC{2du694K?v5qpMmAtl=lgrPMoSkeZ%1l- zt+7(lw_cz&3srgyVW%QS$~9v7;jhK=Hc{{oV3AK9dJOaC`w-V9OLNA;`8W)e*2|cf zc9^FniErqg0c*p#xjOQL_afQ|{Yu_;sKWW3Dx4+w7aI~Qbj2&Q3w~#(3YB=;T)|(U zRY++Ic{T_pIw;AzQ}_EbD=rr;0qv=s4m=-}Yc z_4&F;r7_ko^n@PoSDE0yR-f3fMTW$Brt1^?^_(HGeWUb={aP9C^L)WC=o9;OZ#?ZU zg8x???-y%d^2S_UWNCcdF+OST*OQ@PH;^wMk-i!X^c9*khkZ5R*H-ow8Z(J~O~S9~ zN%R$lemMJT#IF}8X|MwOYNA(<$pQkqg+;NL2jp9eORtybZ-({PrjggCN$M1_|I(B2GM;N>yo84K7i=i z8oo+`zx@OoK$?_{D~6BMQQYBA;B(Ye7<9=Ip(;25`#n zWNg~Oe)7m4sp)?9lQxWgma(7f&ZM8`bLpq|aQeA)F#QDC&ua|i%pvsC_bmFE%OF>= zkFT@B9%D7U$=+76pO!)N^D2AW%6@9t&u;jMT-2gr!#~f0u}F_~@@)l9t$FNu_tnth z4O}ZUU@b?;BRUOogOW?5=5w8<{!e4w*~qGHWj_&C=Vh!{Goe?J1HWtIdoz?DEo6n~ zV&VQ+;d3ylA4^Jur0A{e`$YIom6}+khgrch*pR%zeg?5A*vx(|V1u`ey?t>8{k#RE z7IFQq4Z@3OLKSK3`H3?T8-VEC%BrYl8DC}N+{j96W8Is@K3>XxmSCZ+zachjZntBX z)^UH@Q!G-blyH8_wTSC6)sHEI&k(A{*CI`qm zlp%Pq>I26p`3bzC_$d6(A;3k*Z8l{Za5c>xHhEf}q}v$UEtt9+hcC^y)t= z&j7ulk-iW{dXrN*kB@KK036?68zMR3SA6{M?T_RC=KI~o|Bn8A{2zJ0r}6JWpZR}6 z4|>)Qg1NA`m@>l&W0iP}IA>>gChVyuIup>}P0*AsD0{5gxC$^O4!I)l2 z@~)F;02w~P{J4eX5F*(iW_aH!c_-jKD{>1L5b)Q^f^@mb+pI^o6{R^}ReZCC_S~Q| zQ1Zp2*o0DDyc_Nz`0gy8fb*@jCyiBph*X4BodpjR_}3{+36=U_LpJ4B zIQ>qKN~o@Z?pFYf#z~3+wF#Xhsg*-^IqV|+kDaLK)yjInG??dW^le9fuEjJ>!{U-| zSUk#Ga%uo#@tHtw^U(GXr847(qVJ&h(SyRJ12Nn@TGWP774sz7@BiS;4+*~S(GEmk z7aK3%NxB8}9F3jwriQr>2;6117yj&$e{;xn8a~Kv;T0$7 z@=fq%(uG5vQ(0jqtxV{^LpufEH6#~JPnNtjIj-UpE@5g1yVeU&`y2YSTb=FFpLXd_ zx$-+auSSYG@tbJ(ouw&cmNEZVwfq`!FEy>!--4Z=A_r@tI!)!S7zj5c!45W|1jyj8fbqG_xq5uO;;RTPLRvr4QvK{&_CH+^9 z{I5J!&cYv@slV(Xb=f&g(>^+H6OOO{=T2WG@2W-}I+t_RONyAswBRR+1xrV?h^2aW zV{|BFDm>IRo9_^jFS>wrg>k|am~dqtFz_0xPU(iK1>TZ5{Sj410HQR(B<4x_M#Nf8 zN&S^Uh_zvx;z|!c-CtGxs%N%K{~v^Q>KDUCxT?{a{|h3h;NOJSCVAwyFR|Ui+M8in zzoEz03qHHb_m`N4zuXF&grz49zaI5@5_pe$7H!h_4Oo#A7`@Pw1(ag?F%#)?RDiPXyO9k|%j3xSTqY;xdvRTP&}>K04~&KTUTCRKxVKKCvNu!NT1oEwF7^@5;zFdq z4jNFTzarA#g$8mf(aPOGc9O^JMUjl6BYF)B1$9MHo&IRJ238duCKuR!syl=HT1ZgT z-$=dw)}sl8TJZggIZgu1PPU;Pq(-+%zpG8Pj;Tg7&0V;n{pcV+f}fo{s* zFnSm-cB)=0mdZ%36yIf=gzBE7 znd3l{D?6{e^SmVo`qE`O=65O*ESzL$DO#!LaqlB|7c+p?UpO}lPSu3py>SrH(Z*{? zl`wDqVmPS%Z1;Z)r)+BD*`(i%(>D)Rq6HRVwy^dL*fnsy=t;93u%MwgE`VR(Ez)V= zp2N}HZuT$)j|=8eg5SyEX~i6lJPvDKd{67IkM~#bEhjy)$}Y+)SHo9t$=7|L-@=Bu z1cH4p&7*0OBpaVm==kH=BX!|1eSuhvMy5di&ITK%cbC+KKy=f0Ddj8fqdJ3LQXaMR zA&d`VQY%9%D8-6mn!uP3Lx-zHQg zIYKoo$_JgZyd6oxS|7#jXdUiZ4FFU1_JGugvF^n3wzQ=KHTW&V?SXrCh+cL0@~fS~ zvu(>RM_>a7ZtV_y0|1{IzPt#44=)=7FwUe#F?iSrPqvgsvAkKZo9iLNX=)9NfZm!T ztVLXR>OXb{F4Ei98(jLmf*;QlVx2)JR3&4lF=nE-b*$i@MDC$y>G7jfGJLi`mr7&375WPXHCU;-&n@Ghz zV7(tx8ltn|u@WAEJBm((=au|<44S#}=QH7X5r0O#w9EN(8cCn6E__99Yb!|<8=L`C z!8`f7DMD4cUa0CbWnwxU^d3(l37I%~tmhhS2oZtU5PD|e@L~7b7^S>0DORvdJ)E8)%HCkvMY?6LL=Ttb{KliJQhmnGVlQ z@P)*fPq8nvJoDiTi7@Ng7n^4qd@*U4N#53pp7HP@Sqfxa2CaErA9;iMy_|+^3kp>@ zFe9ODLY2`XRHaTdW&$_K)JX%_CDMo^eY^KNR3P~0LBc9Z;J1X~$t(di;}&o=tjGoK)4nHsa90ZLb^{~*Xl66&Atk(%eHDCqGAY}Mn*8UZ8b3_;I4IF2*z2O_ z0Q8~0FxLAc#Z2|!KFnLG<$a$RZd3};VIu<8b68u@ALE&IDRia}08AZPETii=G7VDc zRMkSx=XiJ`yc-sGnRJnRNcxHMy09-pc;8)U>Qu{gL1(kZ{F_Y@(*exf$Od@2q+)!i zXmXuCM^bBqs!VVDME7wxQXYficJ$>f3x?Ofk1cbbjcynNR*5Bq{~kWAQq)J7mT^$k zcYUy`sI7b33lDW|`nsJaoUzDzY>-}JSyK!5!^>0ff|9{msB^C&#exmYi4Zj7a!25b z+&Csp-N1TtDOzQyA;P3KmXx=FpL3#2FR}}wrShC-)zRkX$%$S>*tVBp8!&CqGYkCu zAK=!vnQU;LZ$RAoR>Q4zcXHfXRjc9Fb~Zt`KuY+AT8o{(y?%`tjg@{`RG6}ar zh;M@#zGYOW(YL)(2>_}Pz~AEe1`?i!gy=ZdUcv7~R{b85m1G#P9<_$*af^h58Ozg1 z2h~GuzJiVmlX&|#?<8dOp;sw3?Q?j_OW&VXqh?0ZQBlS;C7J7P-uNaNL7bb+Iqtu} zyN$FnOM8m6)T6wV$tdk85!tDEZM`c;@@~t?pkSLwX^QurR?A-~g%2I_lM^yfHLPlK z1~JB$q;dO_FW*3Je_cTa*NmOX3?(<1w4><~I+|87upA96SF_bYL?zQ!;ORr9OfnQI z%|U0bq0$0M%`AmOYN^DN$}mYR--yw3ff;2r%TpIC>#&9L)a!sJA#-;)yf~E&jbQaOlZd--i`~6Ow5S- z)KEPzdkdKv6N#E9bd62;2l^@O4CPe*iNg%1Ucq-W-q`X9#>3|8<=mWODJ&|AF`!gF zO;_CGFB3-UNM(ZTZjxUwf{(d%uqZh{r#U(t2{}<7lIZI&jeH#*RjnVr#pYpTPNLaR6#wA|%R?=Q=xdR#fZlvVGy7FZn~g*}{1J{nP5~K<=Gl z&9}y>@)g5JlfOiamFqu*&3l`7Qt+e4u1E{B$@O7wlu=y#4b1aJBt7~`R4Pm9au%ql z3p!+W1m4ajL*u8=8@&s7D&D>HcW3c&r!eJsGz<9SoTa@nzNuJ^=PNig z9djsuWi3i|6xVr74*5h>#9$Xrd0yBl zIhA=~bjjuj6b(efy-cTmpF?hfeuO`%#6waq2Y_1YjD@I3EO(%tonDK7`f5>^_@@a& z?PEq|opGupIU|NsKq_8;6>+Mlj?0JT7MF4!65IJ4qg;VSfKZokd?J75t*Uk9s|=++ zLc>uxSyDH?NZ2^d?D7XC#iMiI=HOvtU6`AW>(e1qbQY#UC$G`a>Mz~UYC5n3Z_FY) zfxoB6w&6KDf%1+9;76z(u((gWLXLj8^8nLU9XC(=8ov7vd7c!#s}}0qnca?EngZkZ z$}G!vT-#FdKKDU+cg>HSJze+df9yU>F9NDIpF2ErwOFXtLu#ZSV2&57enFy69P-RwL)g;La!YEnMW1tbEPVWq?Ne@jUQ44%PJ-Bjm zLa-V?B(9&s+s7bx@sgjJ#lbM2;gG*{<$vc0*fA{Y1$X8~R+)7=4c`ujU-Xe%L@iyY zyb|?_1GDw^^wB2 zhc{$$%GDF}Opsr=A5JUboQe+Ohc?ua-tsOOZ1gJ#mDHi*}4~b zCV0f9-k(DCw1`4xRcShXElZC9%*V$~81pon1mcYZ3t0B?8{XF5tpWrE~>maAVgVOn{!B2t6|fy%iPQ@hl;3Gtd%#XFH%xaR?(i zVS4#`K33zgz$pm@rX&{F&Kxm^TgusfHIv2EDDS*yjrW#JZ!gm6R*%LK^W$UnqamUH zNs0ZBl{+8GHMl9`wegIvC1kuaG2@LqqfMclVof+p^fntXJKm*)S0rRCNz7Q#V@5q@ zEX9l$CS)`wW;|i&nz5gj5ots?IU(a7Lqf)CgEkrEI*L01$7pINj(DR!o@;YruJ!R; zQffjj&l8aAZwa}sO3ZapJXdRSLasZouImzVM#>4fW+mnl za!t%bdlS_d%k}TX zTu)K1RbiV@RXLiIB;0($Z()w|4b`y3EO)$4FjHL64%PBgJKj_JV zeSQgA^R?HK?`IZ4F5qeo7egWF^Ph+9iI8`q5K&cKY{r0_3quW43?oV0{{CmNpyU;y zY^|hUP#CW~$?ld8xz9uW4W*Y8U1=$%i7iDyVy=4*Z={kqM|w88jzrmj>p4`V_!Z?8 zAEJFJxs=?%oM9F|SER9UDKSS>is?skh6vnj=5r`VXyuwH^E+{};*LQSjexO?Z~xA# z`|4S21?>goKfe$~=g5vLt`)K#Lyy1m$NCxOq(uFUx0cWXsUR6a$e`0~ZNI`m6Y?JK z1l5z~T~Po>y$4cAZsc9DP$&4?iG|wC-2XqAm%&XU>833lf}>){FBw?tLjGF}npM`p zaFlG`Tm^-yxb-OcG7UH0gXT(`F>8nvh0$9!^FzM{*ybQ(cJ1|eG>31E8Y>OIVg4-^ zOa^|<{9D|QKE^MkIerVsy@UoXB#7u~)WaHk4PUL)1~V6-dO zP0X{yLH;wR{(w_iZlO&XPM+z)S`*IVe^% zt8dK_3?r(aE>ulU5>pR| zz~Z?D_&dU#YA-&;6y^hEM(PO$P^0G59L7vZ(`j&0>lcY$4CaU4Dd4l&g$>L=SS7u$ z&@d^0D7q|Jrr&^+MosydIsZjn`l-;4Bxr{>m}+MwHcksn*2l-Io^TPZ?rgbvWP&F@ zQA#>C=&8`A1hACw>u)f5`2^COf15hFNL1@N&T$lWDwI|5KZMt(UTT0rcql0Q@hO@X zqF=%U`Mt#khB0Qum_>N;g96#u4CPZF+G!j`z!i=oS^7pwPSdkF+7BplW@i*>(RH4r zuXPDShlU}6vNRfU^q0kkxu%&9(Bve0YDm-{h>s5*a{!+N|1~OVwrb6unzjfr3lZyM zgkbYd=j<=o&^ZHSyAV!!oekZ$s8|yqbB2Iu<`vZO0d&c2OU1w(Y}e9aY?G1NRFjG* zk#0+^(eHzqT{^@ieF+8n6$9&hwgDs9mwIXUKmsg0tmC|%rteRC3nM(l-ChW%8& z&fA(HRIZ0lGDcxMc@hpO*BUDv`ufPSli1fbv_u6ScCY7!a+*t>r@!~TY>rn*tH@Bi7CxV058CN2+F_B_kpq2~2wnV1U`yLT%cVDqOnd%^l zE%=eW(_B)ClH%>m5|8zkpnFH%>a$%)9|P7rcRtbhOLw4G|9M;R`6VK5j7%y^7mLc> z*P+<=A@^xj31C+c4XmV{gN+ zEu(upmtZ?hL68QhsGWC9ZeB#7DaN2|)|E@y(Eo&Pi#%-2||i)N4VtPIwG;PtT9>JT!h3Ex;Sffx%n3Kk^3ipicTZ%96#(it8kWrW=}# zy5MxrMjl+-fgQxFwU?^dt=8F+?2WMZ$jFBYST(00nik>%h^#xME zv!zglrpEN=Ojn~rM-;WL{~NaVyqKI-4aM492ki~5+>aytH}V>BRLEnTQ^hXir~WV` z2GDJUNbCmXrDXpD71*5J^^!^BRwTEh}B z0m`KXm|$ohhoHG^bZTou^6tDu{L*q_82q=1SaX}WrO-K4tx zY|6Up*kyai2^KbM^~p2H@+=)%qlc%z zj7aP$aHzYaYu6EScz0$wigyWt+t5$_)SrQ8bI*lc+Vh1bW&XHZdumX1o zh2P)s7AUT}bQ`oXeCXe&)#$@9eN-XO6oJpcKIXvVUiN5#$2Zs`0zASV0R>E}*kdz1 zUc(+6;c+^948r4R_P7NNwdHB&K9|fj# z&$nmk!jD#WP}rfXAveG~^r5cZiDi)j};HLq+qet)+9K19UTotN% z^$0x!pkr!a51&p{17r8Wqzbn2M$|G`4u6z&xcU2otLNgqb71gyzvBR(h~|-e+ohy1 zccI}2{&kweI*`!S!zAaxM!ssWhN0mEm)G^k9IUC0e$rEz zm1)_w;-fZU%26@D<4%W+Dg#41>EDHnZRFZ@)*zslqPmy7SHO8Ws|{7yqY}R)I)IzU zh|NsdHQInG6HPriQSZ^dh@Ifc-!TktMe&fAdI58S2Asr&k**}}m=zPL^JJvz1eV05 znSeWr>jnRL6yI@*McjrIleT{seD@6@y7U*btys*yGu5f|nynaX&;@YNQQRo_RXsm; zwUGM_qu?iAUs(zia7qr@FCblX=ZM~pw50>#udqA|T~v{DbmdBP3V57cvY-PONVbT= z13_iVXi46O@o8(5bO<2t3zya5<1yIA(7S1E&5y}2;FB(0xU9EJnLgj4WHm~{v$ac& zqB`3sRn!Dw8pDsjgAqQ-%Pz82U!G4P%Amk-ZHP*1SvQx$)Ao|QcP)WKDFvHX?#GJ> z33re_z?r^XpMOX#IG`&zq*GcvBaiGI zvPm^K+6$fEO!zlm4IQ&7ccBMRI8lU?cO;>Rqb8gTi)GUE0%2_xDpuD{5=(`(sE;y9 zEQ9@BSo=LaFI;AoLctE={@bLFgOW0PzBJ6Z&k-tJ%&s>|Ewt+)eXGZAwnKe(UyHjB zetL1Dj(>tSO)U&+xIe+ka36(NDIy{NaBqn|jL1L8rpz!ZQwDLh^4)9mb#_<>Ph8%i zcCkB?Lbb7$)nY^*WqO`tSXPkr#(OUMeu_2T0gXqH*%MsQe%?#(K!T}>!PF4UrIKq{ z`hMuWu(ku$zIro{uG&lqK0AC3E05A8mpfPTZpEDuM_TZWB*Up%yan66jwUhEpFSOv zLhB0nwNu2{&AjIi?Wb_D-G@FfltQ{_F30B($(vf%k=V}DPh&bV5Z$Jpf(qVb9(tJ; zICE>i=_oKH$}Ed0H;5I7u^kS%F-|}1#ZsO-eR-Zs!D;avjSk@h1EW$CN%9`fb`5iy z&2f7X^a3Hj*uj8aVB!^H*7+;%o~_L_2c19vJv^mzo4^brE~=k zYGPwsJz^c`DZ4$k)`q z9MvkYs++#%?NbA+ef#0#PJ+S+2ay0lz5X?C;K2YjaB-SOm#Y`1vwBN9;fJJLh4^vz z*N7j_1rqUNkycg!Kg(aE9?;ac?%`?XUSXQ$)B?1t(4q)A0=;%Cs(oLASEBX507hA zLDs0oghsvHPixd$_fex(vwV$|?-^EXW4zd_SaK63uVu+i@#IpL+)T;WvgGD?@-UXX zkVu4$B`?g3B^y|>juzK&maNN)C4ciJC7UTZnI)UE;!EhB=V>zypY;N{LVc5gqxzj{ zJ)jUczA#;ahs_y$y}W`Fn1?O=^*nfuT8X~MdP#ojXsS+E{tqKyP6rg$n##E=<||(> zVT3$+9eq|zQ@%vJxrM5##Ekeamift}sqC`kZ2%R%Eb0`h;CzKC5j`f!E6h?rVI@Au z>I0tbc9pwFNyOKS%-+BA!c)JdnT@DTSPjDN`HCB}cRwG3X+7ACk3Z>CuUHi)*fZP}F6uhg6(p1sW zP?`J{s_kA7J<=IIrXJNKQ)ClOJ?hazd@%>*A}zQ3DM?9j$i}ZEb;FBP_HayL>$ zBzSmL3d{yh?$T`4DnqvDt6CQnlj9H$;4-RYT})qvsh()}Uxyf-=!*m3V33dWjU}hB zGl_xr~x~vE;INasx}2DEX)Llq|)Q|HYEaDfvT|TpmwWSn_;IeuX8^ zk0;;4k{43)MwYxVp6p`Diz#^tOI{pL9>bECQ1Tp>yd<71u;dk#d@f5~5l=pPkdoI^ za$lCbKAyafC2ykS-zq72Q#|=~mi#m&f69`djwe6Jl3%3cDwh0WEO|pI?9Sm!Zz0gd z478LsafN}FYP)w}1D!7>zse}cb!X$Z>Lu)klzw2*pRtKNwJVq7em3AB;>*-Z3X*^i=!~J zC|_eiftg44;#p?FOFpy|&k|Q)^bqpLs*kYLNwe~V%Gnf-;1iepkut47wi}@l6QB`} zz`QfL{PyZ~Tz)&0M~e$cKnBcC`3PFpCS8g2`YMYQNFOSBYlcbkY)GOIGvNiN;c&J* zyTxwQyY1QvoQzwvT90l+Ot-Di*L9{3HlZp#bGlHKrMIomLZ7AXbZ20OUMg;M%DX*> z$)_wz#wX3PEHg>Ukm#+FH)tV?(c*fCyw?dwceJ$?Y#8M0wgW{va`8rLl#losd7eSK zaQ( z75j^HiH`99B%W-i^9Kv_hH8^=CcfngW)}x2c=Z)HvNp{@2p8v^JWU=1HI(=h|AG5O z;h`EJe(+OU7_^&r3;tbXDrWGu=D1V6t*L@PiB88Ni%>WNQQ<^Ww0|P~Rcjq8q>W*I zpVCBcTaNoj_?znfmIsT*ZOdKL>Qq+asyO*6j@~5}r@kHi73bGV-rBP`CiVAmOgbNH z%KzG-hNKgRI6lFQz+_m^)%2^E<3!-IE!P5QYjk+u$Lj*)Fo%qmk;)}z0L>0pGPvw1 zb+$Zx&Wu2M9>sh{*?Cj=rpsA)rEDHI*(qOFkCznJe9D)Y?4|ITTQsX!n1X#|N#c@2 z;Wsa5V)tSRLsHf`@;hM5as;O7U2?0lxOHitXg;%Ng^f%NI*WtL`UzFNaBzOcu?a`h zwvNJZDf66i(2*ZR^Og)=^j}!f9uyXAXFBbzVHx%zf=gED9tFC)ms%4C_y! z$EN>+VKM*M6Jkz*WjmmlYl1W2!r!Bk>}svElh|5akwjv0)JFd1`XpWXDxD7Ry*xNh z6F=e0;OezqHL`^&7aARGzfKD^CD>|x4ek^)A^@CZ)&!m6PsD|Jd!<0htK=TMEj;4x zUOGAiq2E44`nK>O{6rqWnW!H6Qt=bJKxR^Td9RZ3_1N*cfT)*EpTR?65HBAwj59z% z9^ZcVG$~+O_7@ybQ+g9c7V@*VMIX~!e;RDlLY9_)8NK~@fZk3r$RdC&FIfuZ>pa8j zOgF*6*azW${04gt;4GDVBV5FP0y_V+jXdxrZi*$9S z0!W6Ue#c{zw-`dM zF(K5I=Q4!)Y*SxaI((IU#VV#N_1T|w6fLv{AzIb4313d{+U-;sP&u5qAv^jJ+e$=jUm8a7vN z#`C8G#jc(_3K-@Y20tjjW3GDoav9(kQfO^lekbza1aXOVUbxc7WS|QZWT3DZ$*Vt# zKtp#hIks{a#^LppNgAo)2RkxD-YNH9*V4KTUh@@lFoZFiA9t$ z@Q6}m*NX9j0}G7Nv_+dxjpacKv_>O>#;1C`6xSy@gW$w74E+k<^B&gWxrSHy?@*FX zaT!x}LwC>!0!$73yg-4lhrn9R;%(C8HDk)_aCrS7ByNynH zN;V!IOC55VB`Osj^0p=kn|IcHWAyGkLt?iMlfQ?lZ{ij?Xo*vnO|ESAyDd^^3hkEB z-jY1W95ut-vZJf&$Y!>Pa6-^&XYpQz4bXno`s>|AI_2_$=u@5Pv*zR9)rtt8Sy7C% z#*<2y+<6hk62{g?0&B_rR|haCuDvy!!SBI)iq|?p%TfwiBpR0uM20AercQ1guG1aW znc$CF6V9qGAb$lWq4IYl85JDaFjD8Z)>!V;2QN^Y$&o~$6r*zLn70wZ_W=M_)T-() zs<*vFsC>^zCXUWP#t-*n)~x%T`rQ|(MC}H7+*-CI>KnWS6EA!z9(G3?Pq+8hzs6=ODl4{ zzH8B}@d7pewE7V=euz-1W1V(vq?T`T>T99p$0cE8#Zg!nkvv0>4J2RL6}8`~JD`+4 zLgjW+O*QQZjMPa`ibSP20~K4c@W_%Pp}++z-%X0{n>HD^Ac^u}ya%&gahS!H8iU}! z3-uIRYV=HpQuAK(MPx%#&rP|2n$n?u4Nb8Lm19{`e%p}P6y>#gAlUNx5h1DPQ9)nX z6}4^ZQ*26qWC0Z>1rkR^s;F6yV?xIAA#aSjK(Sj%qof8U?vgA-{>dVMwl*RoQND?^ zY^a(CNU^wSIdbkP5mbo`?-a0zln8ptrg6{f#dV?S4Qo6O%PTTZOSfS9CXxwNm}z`< z6hM>`w`$;LYhMZgJbE2HX5-^uARCJMF`J$>dk{6-963%0?20W+-CppSjSTE__8n!T z_=>I}s5~>4mr9SiURdvyrr{Ulv-)4qfPz|!9@4&S(!Q+akQu3X&Cmb0yz?cdngrKt`$2fmIOo|{aYLtET)G_c*8PSvFmv)9n5MNCZL7b z%bFY<-XrXphWa!1jDr{1&7N^gBh~CVj41Isd&a&-UZCx-7EwcMg>N%U--7Au*fUOZ zbQL_{ltta0av0n3+sv;xwRJu@&!*W8Dz)L0?u>w(sy z)*>#_n_wW6*Ivw`mj(2)B9mUq=;b%ImZ#E7D|GZO-BX;Fmtul#B;V8|Nk-U5?F7Ji0tfng8VIA_drmsB91a4^A;%ju_n!75v;a z4bNS~!FD-?z?mb5BINKeF@I&jt?=G8e4ztxkDd&p-u2e4#2p+g+#k-H0iQ$b9x<{| zyP_R1G;QRP%fA!CP*N1EM_W}`DCXjO@>&)qtq@Hh>@n3^ zg&AaH2k!jO6Tc+xI2-%X6vv?z9qL!M^&RTOTw>nH#-K?^<) zYVyKi1M)lM-VSA+&ZXGR;i~C8q@PoHJ1>=W`X;CHk0uHde@aCcp{C-xBIYfx{&rp+ zvN9|VyHh^ylAFV~O-IRdH5L&)3+~}vXP$*+*s!XsB=}At$mEvTB`uD~bL5 zXg~rJNh%X=j6UB{txZw^_4w>td5=+bn%l&cW|Md*RGK$|PP3$O0W~-An$4(Ews{)N zpmzu9I=C-Izn5J~{@@l~@^C`fTCH#khJ=Sg7pKKkIPeIY9!@fLQs%%I(xGHLL`Ghw zxjNyf2+?}Meq2z^*UR-(%^~-s_rZ`8({CBeifVnA*EjU$xPHqw?`rxjsSIlWyS&1-n>y>aU_4BwlJM%g{L11p07;aI zb#?>7CIDtYnZFT7ml!4XitUfw6??_fBR9qM;xvEPo#S10*N>C;N+CMh#_l&?LtYtv zEbIsQe*i%ipRP2YL4x-+e5vOYFGSod+q{XzMB-Hb46=zGp^EG*ZEGcF6n>CngTB9k zP9YVUsgrzmV^?*Ohu%q0Cwcoux?RN=__>As3}Qc{+0SJ5<77WqWZ|}s+#EJ0v~FdV zCZS!oKBf=0DXXgr+uu=zZ8?xaI4A#K>#u#j9oLWX#zg(3y6qeneqQ`%`fE>ZPtaeh zUHk|7Ydu{b_hcWtBH?z0LNa~^RZONTW&oOAvzX9yPc?7aMffgrokuS-H{HS*LbQNt z3pbpZg7?i^d_g!YbpV^YB0ra;^JVTd@|FjP{riQdQO^`@KX1ecHfa3n4^mhG3J*riv%!l;peD}Nic`Pr}FnuEo}^5eM*X-bb7fLET$13zTBYK z@{#{?w%2=jsnuk?^>UE>1g+9XlO5{&z%GeG)heA=O?4mjsyXhcS3S#J=aeJi>I;xe zw;GmiwHJO{+7kNOZR?`nGgYWsIb2Uk=hL%+o-gE~69pgobEAYLhj&*JCVKYF3}lVQ zJ#P%1;_!{GVRzxTff0xH&0A}LJOeiuJ3BFe=+7KMk`M&_;SSt@x$X05?~G~bI{PFDiPiIN(OUPTYypg~eY zaIj}DNsz}7wedG2yd_1?<8LN-Gs3~1y(Pn&DLRn9rNCQqG@ZYh;VlK@+Id?u@NPU! z@E@j|_F99uP0s^Mq7Sv`t!X-nW(j-L7HOO3wp(tz^+xygQenODwri{8J$9XxS|e@K zm@l^kXpGj|L{^{-DXWG2vh5~C-(o6R@E-sWstoEs%FQaSM*q+by(*pf+7U>fEU68J`#a;iP=x~B zhp#7psYWvz1oxXd(P$R@m8?8te`jC{1}!p6#rvFcEz&nC-_T$) zhvp|e(Z|IJQEO2ixnJ=4nFLu|f-*b_-gG49JZlQYUc(N`{hL*wVJx|+7Y zyf-*MH~Z>1KiBsSjh`!KP=+`7Mwx$g+?jh1mOtI@U-GmI?LxIv{Ds$E$8zuMKv{!o z{dggk>Z3Q!YSXJaJ-BICzRr|oQxWiA3z@QPYK&J}%#tTivci%l#FHH?xs;M`VacWO zXsk{46* zK9;;VRb$KE1y1pwC<;Q&R@2(o5>)k{2Us`=pH|NzD4G5yDDD3fMLVS7Ka*w4p=`HZ zrD^zgpwKCB27j9oIi^--7&I?p2BW-S=BKZe(1Qpnsky73dno zpsPKt#*8Z^)l2w^P(1+WJq#04*g%gj!XtAKg>OvSW!iNfsNZbN}dr|Sg;pc^r9E0XuHf4nB?_?hVM zx?nOEQV)Nhqw2}ED{GHCm98|%K1`Tvs?CM%E>6aC!KPFus^lmp zR@`$Qh;3b&B13iq-LW5ItWzIs>Zz-G~(?(}9Y zMn1g3EeKVQ;yro!H^yMp5H%DYvMJR@bWX6(d)O$-^ClOL9RaT~qk!Ox!k|q) z5*4tZh8$K9lpuP4u!uFk80CGipNJDaat|m!0{hA_ITWtM+khIm)vpS+8UR%&PfLx# zlYU}fOHHO{DBa1m)aX5FEj2lAOXM4P#iRn@W|>=$@{$$b73uVzQLvP5_zqRSTt|Vn z;Bic`A4OHX)HbOmlH)!{dQ>`rx_Qxjpz)9nNjElp?7GGR$!FiV548~T8*dEaZ#1`X z|A`X_P+K}hK)H;R+Ah`nnBz{NQldsomt@ybv{(>9xB%Sl zYe6?jz7aH5s~6L)?La1SDkc31@(IP%8!UofWoNLX&Vc=O^k9KmA0lmKi2p730U>|ddF7ljH}GWzW{q!99((>G{AYS9sX}5 ztMnTiuv<=jgR{8CGb0kv#ipDZH;%4zaKcNq3D3QZiOL325})u$8oX_1YzNe^LJ}1;?!B{_;wDkTFC1M=}-a0Vck@>dGhe&nRg9@qC)y#2c*D8L_N43@3NcgStgU{cCuR&Qq?*WTS0Rtc2fNco}- z-T1}1i82#daY_XurEkAG!&`5W*WpW{8lCEG{)N3r%(r17Y4(hk0vUIW$=7X?ip`1f zw6ZXsmb*8i{m0?*O{yw?E{B}T>Kvi!bC>e=CIgd^PjLo@8(urDMpJ=zA?a8F`mt3? z%bdl{?r2PRhFJdN;?`tx3<8{te?Bps4bfRp+9UDOO5WT8rS)30Nh@zmti0AgD{nk6 zPj1!Z4qe=YchSE?<-Bc#%uT4!Baq*Ex>d-$Zx9$FdG?0M1KU}2xge@zcMvH#Uyx`P>>B1T$UD#)JMgCQ{j zRr$Ke+d55i?QPoE4!|jdR9phqb&!sSN2ZYKkPoW9)1UhmnQ#Ix@(xPM#rPRc5z5+fcFb`D8}H7|tHbFp+z-cL2aZPRB}HsSozGU3 zw`~sm#QrqP zSKyc~kra_E7t~q>)}pTA@w?)}Io95A5Pni~y~cjY?9m~A zh9hQ0eUFENF4$-vs(lCBW3I&=#lAvP<}Gm&f!~YzGH?33z7Fp4QQ;GbqBJ{FC-u;vmG&u(lXTbESoR1n~ zC_zx|g19R)K20i+z~FKEQ!)G5b*XJeR)Dhxf>H zw2@shAC2x%6d;gR6VvpIq`?b~zT|B$703^uhDGEMDnO!0i~vZsFoMsFyzq`P7NH`V zE6HW%$on+u(=9mY4zv?*h1)YJlW@D( zLl(h@+x#r$mWf-)=l?aN!ZoiMMF4N-GvC;OjN#;l_=va_w}IpaZ%{7!_=kk47H8nrAQY-vBXe;0rVa3imQOv$Cf8^Jx^q zkrhDA@W33aPw`BM>yy0insiI9Meu%sIv9#O*E}O&e3`)XVX3CsBzY&p8TX-D<-X*{ zb#zD)fo9u$wVs`Df^t_&-c@BfcT!!7PQtjSvvSZyoarIlweHL*4B{TJIVkDvd9)j> zAkpHqGN5YN@C!_wJtsa6t0aeViMeGRR-}a`^j-k8#LaX_djEq=MkH~EQM+V+m(Hv6 z!pvV?VFPf2*QwSoUF;a~80uWuual?YEp_7yEH~xzC25|&wLJgid2Z11%!NFUC*~>Z zmdC^MjMMVWN4Z&IoCw@o`=@r}g6=;S>0*fhpr4t)ES#UXni-F~&x=6G{Dr4%onG15_5|kT_N6#P&=F zLO&bm{PY~sgOARnk3i=ywGhK$ry#M}bpWB}o`}1ksnd!i2R| zO0M$~^{t>~`k=$B4qN&g{1vx~EC5PtG+Ep+Ovhs;qsIFIM{x)Pp@gDm;(Y$Si2LPJ ztz|Qdm>a&G)Zrl07|#|gI>91Ygv^=nKdEkNjt(pEq)T!WHBN4iqI~klXNq*&MID#; z8)uRp2L}**D_Mkx9KH()nNop}S(;N|hpUO;V@XQ?8<#N%~uoQQi2|}hVHxJ4xWBU%2LXHUA z;8Qd3KQkC&{FC-Jy9MRsNCf=-(HG90Co!~C$cEuu;^g;CBEN$)9|C>Jhk!)ay>Tbzm=cqLa}B5n0Q*A7iuhRTz5 zxB< zu|wYL@cyS9&3K>BLC<%kdI^q8IZhr?zAb!#j;Uy&#La`qA6}V*s)uD5{|rN1V|1fq zQrwQX;1B(Ub+`Y9R_t_;Z!V`&?1JMBV%sf$W7iX81+7{)OI-ggg-~|~jlp!Y6ILB- zrD|OYAg(}e$R&R#4Ar@mTS*0w%(q>ERXGk=^05AxO{!|ONzA7D0P642$;3yuD0bRy z7jbCSItbvRNU-jC5@l^O^Hggp&srjdxWY>f1#YH@&9IAyUmS|I&{t+V%?2VJt zmKNFMaPHT}9g_zx%@>8L_XA}gd)p052YXvryR*HmR|)=FiapcWA1NFe49?L_Xhg{F@ba{L)xy}XjxA?Podk1Q5%!E_ZFt(jIgei^CHFOGRgfrc= z@pPY@W$-o&(}b$g)NHfXY-sc5$EnTh=cQ1yU$Fx}S2Zt%!qiWxGv*ARvVLxke%kt5 zatzpmBpoVSL?*D6U-nnN;Fm)-%~M}qmk3Ly-9(eD7uykkGlo5IRyQkbNj=hC9+<;d z=SNPt&cUK1`S;_H9}Jfd(qiB)LNBuv1NS!@AMhV&MI;lG^&MVwxfXick_6vjip**h z{9iB&)yr4GHoRR6jJpYg;bPQVQP{i_JvRZ=<$8PI9t?7ONGw;= zmRe$Qa9vK}+4g1A0puQoJ#YhpsABmk0^!kbM*_%^Ww{vrwpT3rt(^}Pbt&ClcmV{2s=qv$!KrWMcFeDf`Z zQs+O&+;hVDPt;r-D6=ehlaL~{*|(=b)QSQ&0LqFCy7l>%%`1M@bAM3SFX1J%Rj+}Qj@pKidak&Rq$=W z5X*1dFBq;ns?(L=DHs@~GAXo^MnkZFjgccIc^ztTO5SR876>eN4Jz_gZJ3pYaV+70 zDUs`uplEIs{LeG(V?1Y&fMTBvbSG>2a@*wr`0+?u@++WaCW?O*Ojl(>)b(T^b&0JR=pQ+ zDzyT|){QoW?u}6lv(Cb9$}%vB1RQ17y_m_=vfLvzMgP+zl0kQFs9t};(b-C0tIG_{xt5p^nB4C&M^C~o|uE~uCq7YY2K2?htQ#DiKI|{LKPL77=IL|u=n}-=;p)@ zP5m5*MN|;02kK%I?s?IU#|T|2_WrG{+Ui)!umA@UD?A_hjr^MJOfznFqsWz%W@GF> z;DEOBgnCK;xg>AEY`|?qlYpz0+wAgDQT;@E1jVTSVQ8tT|J^CSvYxBMKYtms>F9&z z5G7ZJ=w{fdjCY0TW_Ss#4?2F@m!OeJ>M`wR*m0r*Z-z&z)}b^1{AT#4(L0f7WRYuKjUV$}}nkt-c~6ssUp4 zn}g`tkX>`ZtR0m6hf0N~LZvyO(sEVr=`G1mq9t89tv4e|1&d-diM5C*li>RW4xUWg z&nX|l8{Qmf06I_ie~QA-z-FSY0skhx^ai}o0xD&rBnOU%;bcaF0(yWU1tUflL zzBobB9dow2UTn zTSjMlOa5{{E~CLVJTb!1Z8?{Qj+Nk&4~JjBzeA;EqPF9f6tDYJeXMS}nC(Z+&Zzxc zLIJAvv5B3UFsWM;^1UUWZNetxXiYc=njmiL$A*nZ)f=s~;x1~1eW6WZcqjYW-bLse zzI9p}V`I;O#wli{%xF_e%{HYh-FfYNi%pTT#p+uSYm=5_iQb5w-5?87Yote@=_dvP zwNTP)U`HQ)M!s%_Vr-I8OffgN)P`aTY+wOJld-`!7;IA#bk-U0usK2n^SKLgj_S4h zEY$pd?KwTI@weEtK0XM0XW)_4sdF1S#Dlun{44928P`dSSKolx@o0@hkU9d!^^#n@ zB}VK|tn=xaJ)+>hvJKYc-KW?peCaZz%$}(UGv?oqQMhS2Xgi+&M_k8)JMcS+Cp{@{lUHnGno@u;me;jIz=?e-*g%@Y`W zd@Rn#_+|dHbkV_f;6D79B(bek0bmySUGQBpm?F@22^pTS;3D3x4K8hUQ=ABf`J04S~HI!jJQod>253A8C_s;l8#$ z*9vG0Pub9c`_y|0)8u)Fx}q2o+rZklYd&k=OP$i(cP1`Oy|$8A6&U}zQyT@}e!7ra z*X1_gUDS>*DGtzWz^fhTL>t;GZsX;}S{>dP=ujgY5Q#dq`sK*o9i2#q|HG5r5b!7X z6gd-+7E$0%3Y~)Y@sXS95p`Z7cM+i>I!gNOlD-DEE3)uaVWs)E5cl%ldd7uHlb*m2 zD^r{brIh;M2x9X;LNSUMwQdjJ+8eKPe#RiSXk!jkb!we)1X1CKf~CHY;79XS$jV}j zxdi)9T}OV#rEKI2JCQ~Ab&2FSVbo#2+BCisDRgwhjPt!EdlbZsF^m)v3p4bbd|eE^ z!nyYmb|j9W=WQa4kMeEiqKg}=#=+>Qc9PRJm4cZwiu>mtC;^9_`JjK{T0t zi)a5j^7e07)e-H$6JBOi(#S73Mxi;!m;w3GSAQ_ev9!AtpB zMGDM>5-*OORa#Z6p@^MTK9w-;AROi}^7(sy?P&JRxNb+Yg7nzYEat2JzsmER$~No= z#Yw`rKOS=U*QGB&vaWoP_l4O%j>DtZ#6UbErsbt&%;1*boE9Pf`y zSz|`nUJmbtI(If4UJ4KOC|Y{b(uc(gygf}52+fl=v=0~j4-rp(vECM#(Fnjt#PYVZrMV1Ne0{hb#s-e5ai7 zD5RL1(I}Q55k&KTXeS9NwlTrbe)m02{T^39(%aWtTynij|CQh$O>z^x&XHeJK4Glq z96GO!5UM1Dw{4}{dv}S!$gPL5Y1rG$^TC7|97ItP_eKf+Ly~4>x{jw zkklGSaf5rLP?goo+dkGE1=10f6zhC%5ec2;M&Mx!i*)Z`yCQ#~f(~ximD6SxzMJj5 zWPWTK?k%EgE!8>`GPvX$%yxOXC3dRLM%wG`Pz8VQ4sz>GGaIlDxu0#%7hH>WHstR3 zo#EOsCrmL})-g0($CuQBO^HkDs{$qg&`$qvu`E5E{$WLJDd4AnhjOQxlxqA0Z@OWv zwyFXJomZ9My9PkQpP6GTD>8>%Nc>;XgMpnIKdj*Yh#njt+XFp#xk79C$78$EgBxIFla?CzqMc zsJ^tN54y~R&x)tnjo6V=!9{yx#&(LVRTzxsNZ!?Eo!cZS$x)26u+mRrSS6y`!Mz5LV-8&`uGjtFu z?+bt0hoj6H6jQ+D@fGQ|Eu@2q0Xi?fdxm!Z{~N!gl|3*^tG3cq$Lzp`yz!U+o(Ds_ zBwN~g4*%znr{}o>w-@YS2cPSARZle!^Tp$x{c~OHy4$^m9b=rh0UuGV>&_wHnKvr- zUEbD{%lFGQ`y!I?>Rvd%=gPZljwI_F^7rZS9P->*WQ?X4*V|FYLQ+5SJSUF^KKg$|~L<`8TlbXf0@*I1m&&1UJ^i%GR@a}dRbn`?YEg6}@cacd(~za5E)Jg-R# z%z*95HkxlwlPS{4`$$ifd5sjkKAeR7ioHp!vzeIv|0=qST&!9%Mw2V|#e9lxTZ`in zQLVp^!ouxMl8g@eOjWD+_b>6gcU6){I2XiwV_$+= z#XOUyR-xhAz)|e>e3A)OF@lJ1yAj{EBenw4?e30rV}~)MTc3hfUg{ptqjf2OaCV8e zXcb_as|hvf7^=-aZGf$6m!vEJR`b>u?f!2C|8q$ChD2|spI){hpU->y>Snp$j|Y+{3V)9 z?E&;^6qQn7lz+t)QruRgi(bO|B**S$w~xH6cd;Kv@LP&Gvlq{fD7pPQH?9MU3)42BY3 zv>29P=FTP95alp5Z)DK>S^X0X4c)S?SV-c6!9C@DoUuZ(cWlMIE=aZg41w<0#*P(kVln(u{tzHicK-LbO? z6&K?D2@T>_Z5N;gy`5<`H8Ha)_{Exspa#y<3{e+$8O&#(JQ^va7&-A#xOGC;A;wYp zqoL+>u&2@XuG*>-d`WauX5WgVjy2`MTATo5y+j-1$YCI_&;@2DkK zRy@vrYm=LS7lQw*@Q!DFSG6CP{7YneYiIu@J?Z!U1{ke3_>?3tvj zMrw1}a-=rC;c+8f#WZa>zvjCYKg%8DzXoRPsKj@9@0t~QPZ}{LmF%+S_W5+V_AH7u zJWJr&CD?ygW?P6)FQuzL*kyq;!%KUglLG%Db_o8ZMt%T54;X0V?rRWyeaI>5x9I!1 z4~m_wGtbUP?a{b>eFH{FfOA#4PMnyYDfmYj$;*T@S&v64UxPc<;cZQY^OWafhqo!wuAq~@^F?u^j(Vjjr-QcO42CW$Yt+`llXU#d;%O!v8`NZLE zPj^4*(C?25vGcUOu)!hkPb{Sm79#jicMCOLRd1WYJ%uzL`WfP*2`BXfnfWmOH%vek znQWK;Ti|1Mp`%)7;C2c7Nekm_=yarkTzsu+hOZ0J-yC&|^b8bF7#XjY_EV(5u0M(e zNCD#zNeyB(6u7nId<#i4gSjw7{mW5*^)7NBg8qlpT@LT5G&su2KVaPZ8A{QGSmJY7 zV)0Jlff_u3(Qfw%>X%FTH9}P;oPD=SCz_-rVAvbF_)pl6iZ18EKpT5cotRbNc>-R| zaD?^k_Z%so+*{|l&!Jac%n6d<|B6wAqdX*`;CqL7$vTwF=0F=zoB+LIy>aSWfUkxz zSDk_3*9eGTgQLLMM*Bdg+{?*dwHk7G)in2Vr>ye+jKKbU(gtM}*ZpyS-uuJ;K>G($ zcf^TV*`6ok-T8*P6L9EHxlm6TE$aKA=O?n`7;nZwr!XF{{P?WH3Uex}n)wRyRU_4- zJ9Oo$g><}7@e0ZnrpboW&Jb)hFhu&M*a&CxPlrScZoyO!}@iFN<9uu|kn9##`xbz)pb%*_i z{zi<5kuQYBU!|LvZtGpGdge);kQ`6qVGf=Gn5eo_i88kEqDI{ zi`9%Pd?pbCzMi3lc21$Pdf6wY_wj^aWjnJw(Str3J?M+{V0Tw~usgAoK3E8+2X~<# zcA&`vU{U5^W2tAo;Ab&RA6nl)h7`LGeRctWd1GpI`@Uj5PV-`WgxF4~NCm%nb&19Mb{8am4(XVO5^ zDzKxP@2Y0S6^{HH)p)!$=?p)efgAPZcj5u zg3giT=*fQxqSHrk?2&&h4Du@ZtOcy;I5+`Q;}BQ}XLhCsV)tR2JGco{*4eB?2VpftTghJ6my)$s79-&huZwGM2U*UQ4Ut=0pL~ox<><_63s+28BbI6Vq}7#FpcVogF8{Z zbCK%xEmVo_jp#!6`U7eAror^}hIzac9wLzrbcO|e={%n?N0x(NoiI0Hs6&9t+Ryxs zcERp1NvXZHn>FPh-IpL9tR>neFP9cxC(V`+jENRp?)DW}EZtt${o`iN01#CK7k;|!d0hk*9{iYb3-T>khM zCKF=8DpYIo0FpmWRqV!?{Lvx2`au^_5W3RJ7uP4FHK_WL=OwW&8Tu{7`aP{I3XGF! z{Y{)cznab6M0Qtt*Yq!$#ArceP}HF7S^qLeLudDOgvzFx+hXFQS=l_2T7tv~WgIO> zk&kZeLFgDeF-h|IFs~L;`mybmWDLEz+7dN%4%74J@zH6Gq2-TFab#i41NRb1xuZ-f z{tT^;{Vf>rOf=VeE|TPrZF0yV?~TV(R(d=6`R_(L|Ml;5{<~2-|Mkbicn9(tAHud_ zS7v32XrA%8=snzFlO0)-Jg1CI1ZwR}&9M*_9X*2RZO~(S)Wlq{Bu3Kyqwy8Bt4LEF z`C4?qI{B$z!a9LfH~>teySWegb(9Zs^aP*$1{cw+q z$DZp-s&4J~zeB3Z7iFF7zF5hM&^?l@l$3d8PWet)j#mP2a!G+C&zgYoU?6`I>(i+J z?mr9tmrCmJFGdvUI`wxU_IDxmcO7%j*1e}*>;IQMC1(Pe`UK0Yz`Rzxuz&6&^!>k} z)raxYCBeQ25`wDLF`QHr@a(exr&H=yyt^l@f{z%2+HdA4@Ie;8yPTHIwV)eV$W?48 zIX!yYUPl@{i%vA%(U$~9^0XzerT*&(a-h>-C7G`J#=u;8225Gs(qjSi#=xrj{3c%2 z)mdz@Uq&{`gKOz~&GxYkp{Xrxrg1v_N+N4@P>03lRwqp9*^}KyGeaS~L zl>tXC#Z-R1ws*YHmsXJ`VoSM+GqfA1lxYi5qbo=zUV{A?uK(*fz^#4J?2KHI|B-%r zPwO|CYIZ=)qZ4c9>v#Q)yu|{q{{O}LJ*hcs{kS_yZ|U>@?c$B!{d!fEnX;VVQ}_Rt@(X8-XMa&5cJmU;9A3b0bHyzUI1OVGn<8fGVT8=hKwV=j-luk?6IJH zR+bT(rDwOPS!}>Ev@XR4t{ai)asO~=^EK;Q&8{Gacz`=Ii*!3;w<0BE0J{@CjxnLK zus&{H@Q53a6G1KFnTxCe}X(B&NM^+Ew~(}YN4CIx|**u6MT<+$`v$ql_|PNJ?H^`RD}z zU3xWyublu5Y3+Ic?@3&?4z9Ln;AD6hW5p-f-wQkbkcFuvu7Jl*yzO*yH) zH!vxI+&VaJCY)z-bMZJc0x~Xf1mLudjxw^vZCRRr(gVG@eg!!Pa4I{PHHzx#ANdEJ z{o|i_03M~1sdrRz6{#og$WLg+l-@BFDO*fGY9VCmtREGtzfbR&e$;YvT@sH^34JX> z@;|oxg)A7@uUSL{y{Cx9Swr+VygCJ$<&4No6QCi_sHshKc66is1A{rkq4Sp9QfHuK z&DkT-pCI}tS%4x5>!_8aqx8O5emZ4&yW?78rBmN}f!gd)Y`F!Jf=UyAC0B_`nFSu7 zrl^NY%wnA_w=_vobmCh^?}~Kjf3x5x1Nyg;B=3qmyvg$XBl0upI8;8uB22hNhx{Sl z@R3Um&A}K?RyJ-SpO&Z7$=V$+mun}!4taFx6c;k}4UxxlHsidYY1k@04) z9pPjf<5r*^9rMG3l5oX(Y9VoPq-oO#=l?Xi3^vDf_7PD;^Z^3r*DE?3-_1$WuDCU? zKBnXt$b14BL&d>xlFwc}-MJRPemAB(1*@4*z5^YH8ayd=mE=J*zQ|AAor1zh@=QSv zOwx0S-`Pu3Hi!9K+R65aM=mE#lx9hJ;A!R&0eIYf!2hHY{{xuSEMzjBv{1zsUCf*8 z!pm`6yf>9D(wm|y*s6y)x)heSO<9p{r&xmN$>d>8EWeOBmTkC-EA5n}#s|y)F{=C# z&k(&!th1LI<9#V$eTiPZB?aa%dMgJzhYML7Q2uclHbph#bQ*Jc`+}EoPewnON$$Gk zGP;w7_4t`NZr=_)6opKCfm4B*DqopfYIIw$;hTfOW<$C`To1GgkQ`A$sFF$xgWd*% zw=G5RHMFA!c`L&D-$SM8P~}!_XJp58^gfzdN!B<2K;wqC@(oCojT#M@+->oU^p+gF z61T=-@tsk;F}5=mWi*5v)}IWQaE zyP?%?Z^>EM>NQgIMy+oP69AJ5Y8G_BvzYp_8?6!Vq`rvquJFb)PQyqxM@M^04lN+l z8AzWI2d&aTL*cmvY|snU@=1EnOszIxGB&c>8lbkj7?ZJ)${L~dGGIM%L#)WkcX@CPW>4i_?yaWd=4xl*p)T?})7A6I(=mZ6>A-}QC*y~8%zVt)6bomuj{M{m z?_9Y%25!ooj|e*}nOrajwetc&^5PAwctR=ba0a+Fp8U-E!PZ$>iIEZ+2AozS7oXy-q!DqC!uYm`{dqbx5Mh>kZRC;C z5eniDqI_N-6C8T@8jPf!&C=au=4m(~-F4Nis3NaniKe zqmfyE6FCLrYypd)MB~9C-lKy8A zacRr!8Wop@(~NpTUnHSPtV;VOOz~M*3Dp|O?&QF%2mX37NrCM0`yy)2?xmorHlYG`pf4g#rW&1%;>7srQEO(y`5!8 z7Nz1nU&1%RcX29CUW~_ws{4GAmr(V$2J*(Ts|$ZG_y)3!-FSRz!z%`^0nQKWznBpi z7$uTN9fmj2+cC?jtZH382yLkY87t37j3{X@{MPRK*?o>ui8$wNj-m@&dKQ&RTvT@X zw-<9f8Q%IFQPw^%kGp#JJQy2|_q{;!?qH~1r1{v5vw;js*}z!fc6||n_@_%4kPV&Y;OVZ*kfn~mi95-%kBpUN~EH_ly7`x5-8Im+Qxy-wR z(MbuAi{g(dCXwYvkQquk%)vrxStWf48C!YSKIz)ZR&t;cLi$MHIH0I!c`?$+k*wYr zjjT+dkzZXzRWKTe7EI`18odBt=(VO1b4NM&W6dqc?K$q}My* z2eKK%>|flJqGOxBpFF|bW6^mAv3WPT`?ge~B+r2U{LEok_86Bk2sk46-^6>v4Ja2m zQG?Mp1Tw_q`?Q316a#?zA(AY#-QG2G-Usc-`%f5g%q(|9f<*@T>1!`1&7=eP70Cnp5Kk(mP$rfqQ`(S zPWc@?s=+-blm<}~0p zhx`TfvHnUprpmK(kZ^fY22yH3+fF1{M~ zLvkm2{;l|yo*;8c{dP@(6q;UuAsBED!phmFRl#C!6f&m+cRsHk2IX7C*s~}qHvoHA z)$3q#y{&_UhuD3E;ICv-#wQjt?5;c~wkFXREL)Thd;{Y&2*>GuqOu#%7l(svsip%R z+Kw{wvmQq0-4%yXBAU7n7FZ)uZq%f371szGhM?8=apsPHt9FZnd_efR{ijq|7SR>t z8?aUIk4~iTO?3BZ|5mJMJwhe+Lr$=wwVhs4*$XZ(!Ea)7F_d@Z-OP~IDP01 z%&!l%a-iG35v=NZo|qS_x;H7_Gx{lP5Ks1C!5%wu3Mez@B_#L8c(0sVwjDmr?7$Xx zwzCXa&*R{4kJ2i9;$%<$iMq$rkhotxl+2Q%RMjG8=_^NTOCoQ!Ghp&9qI zvS#chUCcVWstINfxjiVDT@q(J9%Ehu;nZFJ2=@!$4_L@TSfLcZU~VjafivKu0}Z*C zDh!5K?>dbtH5Yr|p&KR7lu$B1^GNdNsEhXDH7R%xW?5tBRJ}Z{X4VGg%G3-bJr&V2<&lP=bZ4SEdN zs%O`U)Ly}NutSX>L_Z)py0Hs+t|H$7B`zY*|D;%dUM`<`=F*sa=E!w)MkV>mP#{Ue z^x6!sf5gD9{D3gskJX8}Kp!8ax-wg)nBj#v7a(0YPjloJG<*%XIuhrqvi3A7-Q`1C z`Kk`cgAR$ypCw5@8?JED^-SPn0vOiM2;!Mo6X`8_59?7vl&#?joL`*``oL)od-!AHs1i}BTA@0!m_BPjQov793lTirj_>gZWqK!JhbG07S=;ZMI91WLZP&tz4cLgnTy zr~ey$(%htdhQtYvmCQpHt@*x$jURP7Uk-l#!`S)qplbE~Hm>LM#X0# zX%@ynv+9zWZ6}IlVn;GSz~-;DBUxx_LGTkjUZD<3#~V*C4;eouo8E{h0d3;MB)5~i z$_%K5p?z+^a6YLTY59Q%9WF0HHn6swkg~9d7 zwz!EaCopW>qTiFZ0IEP$zjbko9$m)m-Eo?^Q1W~vmTyGodd672#aOR$rdl{CR;qm zTQbgpvc+7Au$b}G#W4y{fscWV>bXo<_52xtp;V&2)ABm!Epl5HTVcV-YaQMF$9KJN zcPe)PYOY?0l9QEeD|Nt0-=(bMI5}ibB2FGXHjZu-nZG-dw@d^0C0&IrfQauOV~E&< z!WP`C26t-i>NgXpL2`U!iQmco!G2GkI`^{ue$7H0;afVdqFZ(+w)lc$wBLsc)j!?u zsmXng#rFG^xZl5!;FjWB&!ET#x`poYUGObuA%hacRL($2-?_1!zfHAnJ<50fMcwX$ z1>gDl1c!lL_kUP2_Z;Q>KZ%G^=`^$wRby4AY=VAKk5Q}-8rj@8k~B`=*8qp3WXL*O zW7Yuk9_}nd2h7_xjW7@ODXg}Is5$_6moaD#M?qL^1p|QMZ6w)l1pDc05XfJi=v`y^ z16k>@u6yRGQ$`doD${Z*)@#z=@{R2Fg14@q8!I`)TXF`q&dR$4oefyuyeeN8K|OJD z+ELm=Fr%L6G57bXT(hvSg$8~j)70USVH9X~D)JjQ_$=$vzNZu6|9jSX(6D6@7CEAzMV~75vKX%?Bl^V?S2D^0V zl2BrY^8WKD_{fCr(|hjIe|{dP`LEP)Q0C0&v=%R$#u7>KcAmyj-jcaCoW?Unp{kN| zIq%Gh(YQTj`Q&D$z8@ZicQ7t7S5l@TC(8ya*@3u5gC){vq3fNf1sG?ZE>`Qg|H+<5 z@K44szAq~%p2HFRn6!`+M=+}{aRk5riH~6S@taQTd1}w&_sUO+`!j9M{m~H{u|wYa zQkfp?z7|i4gt8WQDk_xI$HJBuje;-2)z-#oo5{#-SAN;vlJBSBXyZYw*A;BvxYdf> zpQ&UPiM{5{&ga~4_>;GoucK#hdDn!WS4i%4{PKL}oi!Lf3(mrfBRq+mr$Vc@r6$Ld zia`PCO=Df53HF4m$S#}QNN>q3YS%EB{r8-)*?-DOJKO;mYw6A`ZHLo!n@sHa721xP z>z?zcJL+LEVMlev>l@4Jn=^~mcX6z~+~`35K%{mx8lA=FmvOA6?(?-e$8;O`LEe&E zsm{Jo%f8E4@xS#|nf#iD8`u|QCD**nWK?IMjEZf8o+l$2@i)PzBj5Oi4e?AfD3klk z$alE2_i&#g(GD3?K6ENK!shN-=ulXE582*|=f#x{#SZ(WpW*fJ$vb0seOR^j{&5`n zv(d~k67d^7+_-Zc=(#=S+J+%^vugb`!uNY%C(I$cQO9+MoSF}=L6P%OYRFRTF>Nlv zmt%;#ltn~rrGTk4pqbv1L8W*=+V~R+aSgBOIg>~8(}oAH6rH9Kbpk_Tx-eXm_%5<{ z_QIb#-LI1C4?Ohr;gO*?P{6Dbgmnm0cRA3A%$+8BPaA~$?js^N3yC#jejD7gI*$jQ zw>-VH^paoal!L0ZCOi(7lv6$mZSpmECUy275A;mWJf*q@ph`rm zBeh;)@_Yv@#K}hH=@!j{+*c9xa|^5!;U&E&;^Ey=00Uy$xOq&w3&Xy(h5t^Mv7Rf? z`jqr&J%XsdPu;T%w*T1Vh@?*vF7lRKase)j1x}@xB4~zYtYlFR%5~w7 zEGT%4PWG0JzCfc~ZwFb`Z&)xKQ^LgiQ%E$r%81kMPsNzioO_fy$(2;A`_wq>#9xD2 zRpCnpKtCqnaiZ}L{X=&;zuC0V4U+O&Bi)^~tS%}q`E&`MZ6-LCl3h!*v(1>_$HmV! zEJW!7H?Jv`wx|7j&}G+6`dW1qH?B%{1TNJ_N4Z!va;-S(l050!{nCy5 zu^|q5pQ9#np;Xg;woShqzB~1`QvPR>^4G1@_x+;qWKc9Wc@{~dHqP%wo0_xu@R|!9 zTeV7@#WkyvU4iNP=t$@tRx+w`AwWuxNH+#q9YIG;80u(+I)ct?gARSYBsV(qgA#Lk zE(!K}sd%p>xQ_V_ajQ=MeqqB)bh^9zb{-sd@QmBFk$>~o*vLz%2WjLl#jvg?apW&n zt%H93)4`5+Z}kk`FYMIn&YiM5)KK)M!u=2-C1&DO|wywuP`-+Y$i%nYb9?-JjKmYEJjKRxEft@ zefY2Ml6;A#&VlaN$h<{(+x~fB!#|UdbJ$!HxXbuYBYG&ewQY^nceY$pbJ!@n?acT* zaH;u34Z+$D$OpV18Bf$O@OCvwE$~47!rL~}=a46oR?U?0gJMK3~2 z$p-h#6~)^+kiHf-ID{z;s`Xbm@KMD;aBk)`iislps(Si{_qpSSr=51$> zz?(9$b)1gY9H|hO#nsyXOT0DMkIPG*xz2HAh_j3=M$zpgvyTsOR{d%i77XEqWzTUjKSb_|AZ*svuy|v2HyJoK0r`!PSEtH`iQ8 zdsHpqUO(KUTBBJuxjvc}D>N0iEOg{C-=+Tw2H5Cc1O*1uaMl`DUj_rag$=Be4XpcO z8dL`k>P~>%8n1fgMgOA#bx()q=%m6!lIAaH7WGAh&U7hp)hqv#jx6llk%dz6L2{8U zH#zf<0v+)mLI?P;vX6(O6HWn_;yQ(gtgqQ~GCG(27@nE)>cWN>4S?m6a^GH@s>1zn zzK7sD3d-0fs*%$YL&BKm zYhxN6h*|@=j+=wm5!KjD9UeeP3><8w!b37X%!h|l_yGIa6}b{Rn1(aYEx8jYx|xg`!vQ3xEMVF~&5GwNADZ1CcF9Mb z0atE#@TW1F5T5haDZH2LA(UB<_GL^E=~QM|NZWrX6v1!g8kl4sL#eqmni=Iz{lLei;J*kSzC~vIqiy@bc zC~-2#y(-$CM{NoJI_@CFM%ID)(3;3rQcX zg?|uyWqj9nYBvBSgWgEgdi>A9apW>~(I)OC%r}JPSQ2*_8&h_yImqh#gas${{Z5U%zftgFJ zOE8xxBv|WZ0D>zRD!CFvow0`=&jShZo5-w9DW*kJqIt!bj-k5UnUXTQK(!jQs;3u7 z-ZgnTrp=Ba{bK&C&~^)-H}>G4i8&@)fjY`(^{AtK7U?LTAM*#>gF5m+Qb*3x)R8;; zf9hn-qlFPBon-02I2|?FeTLRtKgODj{us|6?SK*d1wA_|f@k+lkWHo zzfY&y>!z3LA@Q9&ZY+F+(vo#?W4FY(Q$5J%=F=&R*%N-|5MDj%P%6+0L{dr%oJyYP zU6rnLU*k}KNr#mzLS3_|Asd;o<Ux1eKG1u_<&kdy^Yg70<~>1^^OmvX%YFVyCt-|G>Yc~X$Nxbf3* zItmMkNOhUO%G4#)A!Kf0oiC4dK2(lEG|LDif!A9cfyZ+xx}oxB?u#V0d^496xB}A* z&f=p&<@3EU@xEO0D8!;R=8}IkI2>cV#vsN&Jn9mr9PJ#h5st4pO9yrh)|iOzNsi*Z z?y*kA^bC2ntpR3_#DLpB8OJ1>Be81PN9}XTZ&DNNLe&XTsQyd}%+lM|7Zo@ZmhO=6 zqxRR?3iLWru>(V3a9@u0b^czx@iyOXgtnv#l@F0HEaRE~ zGIR_6GtD%bX1YmH?b(rg(Wq!Bln9$D1~ROig3fjoZ5Vyj3}?VJ7HV)@o4($uuem@y z3^in{K@kp>-d3|vxd)jbb^&ut`nVaYx=^URCj*9srdOAvCP~BU1^@S`S9fg&cEDx! zwn1--Nq1c<3^L{j{vf)43OW>5j-)?WXEUqN4iB&dMdP5S**0Y4j)y0`bc!^4oM_Y; zNFOJuHBn2#e5rNt1;}x-w>8Io493d+6I$lwF+ZAB$$_%E^7a;C?We$r2g(|Ss{M|w zx>FT^rg~IuZWPwOlTKPP44>&5!Md(jK6>_dS{g;~VF3;o()JF{rAvj4()Jq|6eE@0VC9_XZ0=}!0JR7_}dby-M8#v7xIG`sFg>nkCdlq<7Hq@ zBXQt-e}@M&EP3!0O)VTAQ9qDq-9+@Qcn^MuTnRIU*(UOASCGL=N2=hvh&@385^AVuK^eo>OPj z;}qI+U~Ly*K_)C{EPB^e=9wjLdx}u`!AZnAj{M4f8rB_)BGzSXa_Va@P>-;Fq7@DC z5Rc%4+Tf5~IT4oudF!M^yoA*eq9EF-%!^))2q%B{Kbi5R|8k70(v(Kn$2#NICw69D zwpuI7^LS@glFg$FkkDwB_fM&_8B`rQ2($&J)QRP-fJX{qe_#p*Ukt{l)FnJyvve7( zN=Xf(zpVYxCoz?Rrp`4qdXESquo@Ld0g2YQZVV#&zzOzDXK~G%3jnEQ_&-CavS_s| zJwvMjitAj-vS$%xDx`(Do61r_B30%T)M#X~d)aP|ENEx52t>prRL*WEBJ$jiornkx zc2PT<7n~0bd6X>MrzsodvpvL0P#xUG_BuLXUkS; zg(U8Wkv6oG0}@Lm-^Ofv(gYvHt?+ha2!4zNg~c0)&?l+7NL?${ktX;rAj=?HGI^1? z*o9X3`a-MLh9Ov9U1=Ht0bR*LZN~O}%>WmAV2+*^2leQ!B&|m! zxTb*uP?rl(ZWjPXjqhb*oh=3WIKcSFG^6fBPc#GlAsdr*-PwW2!zVgTc&D-&X#2P4 z%m`%Z%Lq&YBCr(+c(i{!p|_TR zw{%D%*8Yx|Q2xW$oHh&;)_#N5IX9SCdE{*^no5tfXsDPVW(rJioD4K32<1Ih-Uc*= z!hHYxcdTLh^OL{Fq;ho(cl7=ce2-+B{ure`LHCv2P^y&N6Bq>lR3oE}xJN`Tpcmk6 z$(~B%7Lc%(OAAXQpCxq}^&HPUT)#LPu_{i*mTgxO90~u%2m<6h$8!eeB=_6<;-4=N ze3u(ELNUpxO=zJpfe!usH*I1E;!1*AX>#W#@tJ~VA#aZ*w8a+Yt&l15V-hO{2Rw2) z7E@;wVEHGr<^Q*d`6S2N_IKi}{AjP`2+U4)cta^sYd8P9H4ZfdIE+i@I4+`}0}|{G zsmlex>=by0WHcc==7XY^u$qm`PVHSH2Re5$FwJ#1K8&s~9q&~}*ov!vMV_SYV`%&| zq4L}$l2Qe%XMCHln{jRW>ymyS@St1qycSskpoDgjMfikx6}bYRh{?DJpJ>=5d`hNS z{+06&pT~x}QKQMeIs+Rc8WYA_Xgfh9?^j}}I<2|`dTof)er430T6Ow(PlPN_8v||O zJuIfc`~z$SQY$?XYlF9a>6$)3vE8?M+b{N94oN`kqgQ*|m$@(Twy*FwybYz%i(oO- zP5xb|eDFA;11+@Y0WH20Dl3i?LpMh7EoV;?1>dd5asKtJZ!|`i$7+oxS2Q52Nwp_o z#TICS$K-9u!K7Hjj67*MCRsWqnPP1oiEZu=Nl;02Ft)i5wi$AmqrKzxnT@=@BsAvEBI0P0?9CU(E;9ex4Spg2^=UI;x$lxdPu5(4IH?(%5P{* z&$D=EEHukAvSD7Ngr#aETq-#R8w<=HZXEIXE7Rufs|!a@)TH!FnJ@L`Sn5A8^_yQH)M!DQv8X(g0|Dy~gkglPXI-Vxq)qeRP*<5Zqm$YVeD zq1(IcKIklq{P7k8)!X?(o-TabW|e|l!nYE1U$y%2Q|P}oX&FG2?9DujgrrQ0j;tzV4Ra}U+Z`y|CzU(R*8i21?$Aa;>LCcCW^$#XIk zjAp&w);WUzak6=^$L-By5i75VUeI}eb1Jt|%p$8(|4MV;PH{yGqJ27N9x4o_>+AX7 zGPS<(onxWi5Q}(u3y*kdBnc06`^nmIG0mw3-883WdP}~@#v6wz@qpch+w*in z|K>S5eHS)t*5W-#qc))8PQtC}HccVQS=_K@hO|AEEAvRj`_}Z4w#MM}L5CWQmS~ze z>pE%XV7qF5B+VRsqjYVfq~A>!I*$BC!RNvw)_PRM5ch>KVSKvLRYJMTF4~FdZ zs3Q|IigZ89RAkVk(5e4Lc-y}FpJ+WT_w%L9zkp5KRTa$8mFg5bFS zqjkb4jJ8gk0n?ag^WxE#Rcl6YoKADSB8Onncvfo*Ch``me0wIBH6PwFPFJ18K0cqx zk>vyUC?AdfMaxCpee`UucT?{Wrqrv}d-jfF_hQkEZTPblBiahK8gf*5S*F&x@*SkV zH@bjnhdg@h6sq0y5PL?eYzI~LfuxWF8Fz}LU)Oo<3ckPVItS%8u%O%{{+^c@lskDx zd|h79ZC#G`me{PgF3;kZ%a2zj3?eH-4uv1J!qRNTg(v-iW#O^H{Rt)#2lp7!?)nTK zCO)m1QIlS3=NQ2k!28xtA%ZW*yN$p0?0>f~_y_)t<>!D1FQ9JQzJ8-x-<`G6Rh)9h_OEUZm8@SE}^16SN_Cn~gR z2}X>k$8GETkP7sN=o;a*`_chFa71mzUkUepsAmO>g8f%X*|ww)zxUn3FERsz->A-u zJN4CqFv_jm!9Z+%mQU2V%Xn}W_Y&rH4~7Lvegt;9d3X}SC;$f>>ih7B{x&cg4n<5E zXrGvMhNo6iYY7q{@N)3W=u60(<`&ufyWP)=#qQh!&y$jh7yS04F8TZD{p^^MM(o49 zRzk;CO@8Gpt`*k(LLAH#)ma?$T<%g95)O@@DL-*5S@tp;pzd^s?FpKyM6!$(& zZP(J1&P5OSmCf<%enbg-aqX(UbhVn@DZA)xRqcYk5%v89ha%?T{2q|J!R%-X4B`^v z0kPkGy6U%=(yinxE@i$M+C8&K^zQ>yD89JB^NplXMu&2F4tYLywQ{>{ya5lhD|vF+ z>N<)cd`iZ?i_sAN9RYey7jxEqlnOHQ*^9Bqwyq)Jz>i`CfHxUNmNy}`P?``gbe8$>vAM~a` zff@=MqS<86(7h8+NXink6zIPKb>aP4#G_CKk5MgSxH^0x^BlsRBx3uZm-nJa~f4ps} z?ug_)X%Np4zk@+vNTrGLIyDn8Tn&M$FDi= zUqzC)Mw8%RAgQ~h;@Ueg?2myGqm=laOI{5p?rC}U^^1y>b-3b1d0K&!c}d&&;VIQA zSK%}QMXM&mK!umOo|J|Qb=S<2jPGF{G0})DApS+GuVfWbUa)|r1ip`+^ z0#rx+K(lJ@$^W`CCkH(uz_v>2T*?C&S?|PJbejhcK^`dw#R88qZt9SG1f1`G98U2- zk|b|&WYyuKW*^gM@=?@jLPll;h=OvWKefhR4@rg6k3L=&?lms&!l+00*m zukBnp&^^9*PWH0fG<_E|(PVLo=E3)+zeIr>Fa*!VbZU5-M*u!Ynk$V*}TXE#*gOa`m5HK5BFfk3it9|eW9^^xWspPFfhV_H1 zYPMOKmM!U9aVwVO=@wh@or9K@NJ_G5edG-~#F$a%25rRA?THV*DOYAoNmp4Q3I1Pd zCcU>?;JZz^GlyU?^W~HohGe!ywa$VUyL`g#Z*kA35P=?*k2i*DIjiWr^>$UO2}X|v zTT!k3AsYj@A`W0l0BCuA97Ys$760I=vQ1h&Xqf{z%^Nr5QNTL*L4CMb`?X9pugAKT zSk}L&tdKHokfS)XG$fHFK{rc|Zt;tp@}BSw9dyI*z6&FjDXZo?QC(7@0PN&{0Ylf! zq*{kygv=D>9vHyYFnCkp|0QNRwT+_msb&oJVnY*Kxm~sPV;>R9LQp39VA`9+!!UI8Hje87>rG6~j^j<0uAS4Gs zP|e%=leFci1GYM5Beo!NTm5NOwZ2(9P8ZUlVTYEm^S|>aq?hSfL8rkM(P;Mc1D1I) ziSJMg#!*p+tVcA(8F&q^qm;MHlG%x8b5IJ9qNB6;I66M5r3f5Y1Zt`>^|fp#EGlGX z$WM0=;FNpK4w33KG0F8?6-b z1A*RZV0~P{Rb7pe3M_{*i<)yD$3UsL-7}Kv$OVMU#>X6WawO+NVFC*q1 z?MZ*Ni|jp5pCEh39e6SM9{q@|df4n>*28&zz}^y-Z1~ApfiUGLws9P=muP(wu(rIK z$Mpv>5T}4nE-kk8&WxuKt`9 z9BAAZSfh7%Lxyfm0zw@4H#TWBs&#igpHlk-ADJ(AZ6i?Zi+LMA)7t3!4t)x|gX9NJ zIzjSm9uB}1UR|cG6vks`eqdu}--fP2)x&!1k;OZ49{4t}WY9L-&WDgK{niDVJ{F|dG zj*4ARvrCc{Qpg@AKf3mBS=*-NR6LE6E+F2g$s@)p6Il<0^D9o#C7ZW3MOcgTIU``a z5HA(HHSO-pwFuTz;DC7{?As@SpHB57hh=L1S6)1xHNa(3IO}{kNWe=Pik*B7p0CP_ zbslTvONvFE@sTf22Ok9AhxqOdwz>a;$4|PcLVuY+J}$(1rGV)rAH~JI2P#RlH|Q3R zHoJQ~TETZ4twu&&$8ib{yW$`0>&H6n>(9IhtgP(TqFXxP*bTV%Eb8L1SlB%iZ)fq5 zKPBD{c^47yDNwvqZl)uOCdJMC4&$ijQeczux`g=_N_+d zs3DDIFYUo^w3*q1TF{!Up>V%yt^UV2od&1H4Z*YAO(<2ie}YuLzumW=Q;@)PJ(^bp zT%Q!~x5Hs1FJV6FL_O-9FfT`t%>uJQIVYgxH*i^_Sbj2f`Csh*22t1y2!XNxcG-PL z1V1XJ<7`e37|Y@JWB8pSRAwz*hTr2sSC?a~Qj+nr)0qPU3p9kwcb`&Y;my~QFOCqq6%P;pi0Rre z4;|!5*pQ4vz6yuDosij-x;78v9Si;kPLqF5{aPlCSl@I?jSNNIz*XM@E?NnC9tBQc zmCCOC^n{=2K-#V&8}hAlD5zRZ&4IoB{hML`<;(S6_)f6Ib7bYu2-hty#tN z&IvfS1TJ-PVbZtHb79g`Ja86}NN=#fA*1JkW3aTG4tZ8K@guF_?~%`CZqC({KI zH(u%LEw-nw4*8`+jo1=>#?HG04x`Te-OEgcK{(gp!2m;$HfSM8S4sMPBJ2n-_Yc*& zwD0>p(;R_0KmqqV;e7vGo-QFid=MoB*(ih0oHEfk#Pg4-LY2*;cLbK|VGhjB;{6W! zxaWW)|CppdhE#bJ(-S=tiouNp_BYr@pcT*@XKD@lt)^39PCb0sqVHm|6_ahn{M^F1 zQ{ET;_AZiABSTTLb)1eOF6R6OIO(lpI7yuCw7+w-Y-1sEzq%1aR62oSMGZsUIsnVYU>^QgQklPCsNMaxAq;`J!aw@cES)L>}MN8E}vmX7cZN4+R1fbo!$4V=W1fS0_iej_!@p^iWP0RbuO1|>r)Y& z)EGQlL~pBc<&)8K$B#nb4Fl~xjePGpfY#tgE+v<} z8~0-r|1IKC&x=|my_JO_{Y$%Dzl(G!g=Be$YD1Lc<@t%$no-rb8uh`62WqWyAQdzfhr(33$(o5dTilRba=dt}{3v zcBodJ`&_4DKN=mU&GhnaaM#1M<_b(3R%6+sq%RTQky5RW?eK#r?Dd5!OBnW+WyN<9a6%#Vhm9;z>e!_qM84m#L*6P~?&suriI@1q$Z7M8a z9eWpJ2{&&!Mam-|zJ>jGlI`h-*q+{|r#-zLeK=C^&z#5kp1#biMdQTy!Ym#3bRDK= zE{prTRZQ>woUo@iKh||mfAZ&qJ-z0!PJ6nfq)76*Ja{YLPzrzbK%N;l6czE**iw!P z=LV0J^TBs-!!Gnk1v_hWDF67@i4Oh|_!;?_To?Yh9esy!ULkH|-%Z~|by(bHO^t;_ zbg4-5b7J<#cfkOgzWiw%v^)h{4olXrdVYY9_2{)xu^#)IW@wFNNa~S4z0a=rDQt+- zY^QR^3OpgCh%M9LP~8XKQD*FxV)9~mz|&p%GbmI#DanB{V%@hDXeusWz`p3%uGxkF zf6}%eW39f0M~A431~RfPAGc$ar0JGp)XS!@?-kszsW8Y=2U+4}h~+YqU{QRXH7p2` zCl6bjf>MbnFi6?uC(jZ5vzU5#nZCUJa>0LJCcTv!04C&ZUEr>D1WJ?OiNsg^v8C7UtXT%F95CuqrIS#l~Sr&g!%SC%0R9@-ZtN zmjI#{LiDOmBxSsec5 zuJGq+@Xs;${s`Z{+REWqb%jsX;N1*98{xC7`*CJ!Cm2B z(BQKe{6K^sSe?z`f9}%-{!R`4Tha_EJp$Y|GUC}|DlHe41Ng052+rc;eS{7Dh)oD!4F0Fq1A&m{Lk!){~G*n znFNoPmr_pk5Dovk!e64n?_%)75Pn$oP!0dP!k?|dKg8hCVX|~)b&iJrUEy0k(D0wZ zqdyYqtma2HFzU~ACBmPS+$*YLk9e6j}bX7G6kpI3dhhW}mRKii|>KZDOl`26Y- z8vb{Me?f!KV(=poeq?o?hW|oW{MX>W6$pM5!jG!X*YLk9{4@>zO$I+2;YU}G)bPJ6 zd_N7|$KcOF_;ad9Y53n2{`=h;{xkS72tTHJw1)p(;j1+GTn0ZD;m1~=qv3z=uK2IP z|JIw}3lP4b8jm=%Cw|ZyGbZ4_2EPjuB9EMi-{;CrF1e=sUa)h)LqR2A;l0ORr_= z$b*PR7QzbCU((Y5&eD+y5l!N|MxL%{>1$a!av@@}_^yek->juy!_tur5mUr>lX?0~ zEqw}0M?OR}i|?lJ^if*+nJgU{5iwPK*UZy^{UL4HN-h54`Ulpk_EAJ3JhM*X{9K zy|i4jST5vP{vX!f1ip!CdjQU)Nt>3olR^t+FHoe&T0m`Cv;zrDAYoAuTu^)p;!~ao z89*OPN)pOA20_K;xjc7qc|P=ME%>Ah&;=9e(3Ztb`^-|fa6w)n1I+p6%zEncARGMDul$A;$^&;?C zifdo$lbT4WbiLGDtQ68Pf|XPzQrne!B3g>qOD$uikdhHHu+)L}rEZIsvg)OZSSh4u zgpOoj(Z1B6XsHanR0=DFRE^MyytKD3^?P-sR7btkr#zKH+D6F4QgZuJ<!PKy^im^ODWrCUE?7!vU#e%cRA;?Z zYdV!enn%dSQUlwU`fhimR2RKeH7kXbkI)rMWwbB#PPA0EUTPyNh4hcmjRdJ3+Liiy zv{YBU)QzkZQb9s@EOoMdDSNb3H@#FYD}}U>&;v`=wJ*g-OLf;v{gg(fkRlR#VySo9 zmpZm9QmThus*IIFx=84SrJibE>ZNF@o_eXZtQ1m5LT@Zp+`iPJXsKR$DJLt1G?I{m zrS589>Z)j|-g>FdtQ1m8LLV$OqkSnZS}I2`)sRZ1kX{n{VyVLRrS|TOleW_ccrTXcmu4bi>f)e^;sk15VN)3#b%GFC* zSSh5Vgv+qhvG%2Yt%{WDua`R5fl47YB@Dn)mF-J?6fJd`Ug{ZE3TY}K4@Mbr3UJy&Zkf*q_TuTbbhrj z^-X1@)a81qU91$+TEbxR^3uN4zoVrF>7_QXQb=(LL+G?_U+Vs7slj@wIjj`YUBXZ- zWo=(-LbTKny;NUT3aKw)7@hdP(fw_-R9dvuP`%U-$!LuHld3v^g35379ds|`ORKz1 zquukw;x-Jh!~6O}GFl}KH=@81EtkFLNAtch95cTko`B%-I=D~=n-DDM-~t_N7QNLb z-$Cg~N5C{(R4YgxJq*LUe)J>7o1DOxn)>L<)6f#$hXLLl#jUJ0Pe3lbHS0s<9V%s0 z9`w*dU?ZK~I=D#(Cm`6QgIjd43BgG^xJ?I}5uBofu{HuHlHQOGHtFCbnj{^JwK=@I zEP6luD8!x?7~BUHS^OJ-Fbf^}0S6qq@2xP3YBdajG(5B;3QT}8G9t8FXiF4o0%!tB z!yg5p2S(NZ;16U6731ECU%L!ox{D_l|56pd_70ZIo?jQQ55|`sL?2S!bRSZU_2jOS z|DeKtSH&kEV}QP3Ck*QOaNi%W3nqDLAa#7KFR6?eUsCw3rEdY&ph&um+{nD|&xwWgPPt0@LPQn4;z~>-bvS3hJmOrQ zAvoi$3#zDS@=el{=Li!mE>w&S1nOz^{Gw*{^E2fwP5$eUzhe4Z+M45i zBDn)YRj#F)D%V+Oz+X>!&#GBp``CR+HK}tYiCUBuRn(QbcpsVbF~u&RL+FL7QL|o! z!XaEEfLp1kmaFa}3>yrrL+HNm3FlHB-rYt(MkA$k#FW|5lmtjgpp+&v`m2bhm>|VO zDPLkrzi5gXQp}XH3saJ#DT$DhNGWe%%Fm%lN)n_bQOZV4IUK?}1lCnDX|GhXj(Ou$ z)BbT-Q%$S%VtDTNSzbSzZgIsQsY1swFTLQT;Qb3j7}wHd;eEHzX9eb0YDNgd2@7$E zpk`f%Ukmg+{b8(xJJg@@w&RY%!!E@zz42ij!xVauJmTvc@IxOGC+h(&*IyrmCA@-z zHCzo(4%`UfAB;uZT7Co4Nc|#O$)peCxU0~BxK9lHFpi4~CC8<9_%M!J3WXD5Q-9nZ z#}$P>iA&wTJ&yYc{W~u8o$Ya4PH0nH>Z9A^xS7z>xKwF-9M=+>6_+}DdmMKXx+*TU zaC;mV66zY4+I@Q*w-IVF#-?7_7RObP+FvyFt8H=IL#RA1wQ^e=mk@d(F7>5taoj-2 z8<*~H;zI-DQU`5|qt-(m;!@ML#Zl#IZSuYv`-E)RP~?QK_NIxYV5=#8IQ6m*P@i`5=z!4Ef_y zOFoFBF2jF~Cf)Nv90?ho7DNAj5JxA5N5#lLKZqj+!(C(W|AY1v-&ojsW}Su&hy0q_ zIXE}gKYJ^xk-$#mP9qx4&IQD3Pcv*k=w&q^*7K!x4*sP*{Mzf%khIyIkbgq=XA0DS zExX>^z{{152lyRz{0DV+)gkFn8R{e!?&Tk*+v7m$({N0RShvdRUXrQR3+EP8z4X1% zxm4DOpHs1+9~EH_%7f_-SZs9Dx)S}Pb9N0=V%UPmBooDgB;BJR_I_O zf}haA8+35OrNMA))|h;C(vy<|V@H#5umcq_z3Mgmx@Yn5E$a{)4~{P#PekmC9W)so zGSXt;0V5qd)IV(|1b|zAC0wgC0<+_CONtd9s!~S5Ka4W{RzW2RcBG4nlc~mSZr>Atf zudy6f$YB-Ac`e7hnVBLi||2<28S$Gn&vx3e4_AxB4{JVVQIbxaO{<>&-CItk?+ zwH!TSa`a|7G9gE%P~J()aXulM<3a-E$buYMLV2c^<7iBd6D&t($kACS&(d;~#^l(> za&&HK)q-*g&Psq_zDDR==sEx_7 zm*waMIeH1@J+&OK#^iXN<>(DLdJE;fv>d*e93?DA4&=xY%6n@${t}a8KFiSua`X|( zbF>^qF*zo%9DN~2U!lB@mZMipjy^0$KgiKfDDSJ~Xyu|gRMJg*AQy7v3g!K@9LHmF ze8F<`haCNd@?0%PSxk-(S&qvf$7Mo!e=W!3F*%-MIR-$E0Ydp@S`K$ij^!*z9^}Xq z$_HpUu8qkti{%&yIR*;ld0LL)F*!!E9G63m%Z2iRT8{LX92qRfAjmODD8F3G@q;0n zgZWK)U@+tuER+w@a_ou8@d?W@1ab@!$_HyXw#4LkljRr+Ife@5Lkv-m#d;2zU!80i zU+o*$z;tv^%EyCG3~poIF082@Z4MlIJ=eckz@QXH@U*Bd=~p@H;!({TpN16iyGJrR^hE&oe1t^rAbvAih~ofg>TU9Q zKws>Vtk#HIlj2 z_-!#d`D{eN?&)yPxcX9K>ihjgtv(DVW^AV(>`-__tgfPRAJ%+s4j-!tb_3Po#%Ln++Fd3(upxEqngP#rE_4F=sj;_fmC@{ zmB^JCI^gE84lQzvq@GdVgUwF)7kfTzP{)GSZDc!#{y~B-m#J!Xq8_j;s@DF8@y1=6 zh5vqg{^|U>;NVHj-7R29p&fP6ciQ;Ubi1#P#eNk76FD*9GQpSg4~F|*%DyxIAe!8g zZAzW{ulB$UINQ%BFP}=LDV5B!bEn;ROqvs8)wu_L10(<%KQpgQV-8Hp>59z z?CHU9cDy~iy5Fa9Ev~@5mW%wQJCG_wcWp`N-s&uRy81zoD+SNVub?R|=~hUZ#=)DX zS&**97bCsQk?ewJO~Mcf9luR8X&LhI#Y``gB)o{8mPjvlsSCNIYOLaT|G()nt0pOg zF~s2`4&I;0Zt}DbP38T+Gg3|a*aY5xS_32yz{&d$X#n==Su7%9^z$~}|BeRGn!x*? z*8oWbxQ>~uAi$#6v04Kp6JWe_AHJlp3Z*;nr31Z8lV;;fD!sU*$@r3{jlnp4Nv9Ww zgoc-AY5$~Mi)J}z|@8h629prsKEMuzYn7b?%Z{u@w!W!i{N4*61-LBNz>1kCh?LaqjEl?T4Xc$G~JJ zin|Po1SXTnEHuFurT28$`Kkf{|fMc!=)lN|BBfB6Aq*Q_g1=ZPC}>u zLYS_ocJ&n3H#&AuFk09P&{#n(m-QWL)5s7w0MBaKUpL z)dWBFo@`4#AdAC8`*gc1y~HuyL)v@Hg$a5_A`YHBo(y*vpvxnoJ7ZnH6_D$u7j%JATLf!Zx&B!_L**NuArcO(UK@fOnVt6MX}n54se0uEnL?kqbixEi0Uu$8Xq6 zPEJQ>dW>SqIs87VYQ9L_nFSw~qwW~Y2W99YS(Lm$$fmFenGwnvfCEpVvM zahikK&9u6c2?bD;fk)6LGFGo}oI8q+Oyk#E9dH1J=uko!om$BIOE|_{E3SHCV^K{N z4y0sqpRo*G9bT!SKkqwr0YgixS?|stX$T#L7a*iC&M`Uf$~h43=R~iC zWDMQE_JRQK~f6M3#XWQVO3Eyc_`N=ItG{|bol z`t}aZ+WBdHt1*xH5LxGGoSIdqC$h_<`SZ}6T0ZWOn}8Y$-aWQetu~E;QnvuEFFn*6RAj-=uPWeh2d>Hwe&OlMN3+nM#xOm$>my+xxzXB7jWfV$f zyi2jT0x0&VW4;+jIOVGFmCT1=AvDias%> z6)xD%;5F%Ro*vV_8II*2Kg}})kHbzzb^g;3yQ9J62PPe;bBiDCNSI4+j~vXuqrSaF-2@ zM#dP1nOI9(&Y7{C)Rp{F&dLeCH5reMWB!T{yO4XOqb!&I1ix7mO>}^z5tML%F?_W7 zrT-u|`^jyHX6HrkjuqsV$w!_smGOY8_H0oLOzKoFCj)5odGGjdgc=B}`oS5HjyeOY ztU!M$b74Fe!2vNP2ag*TPaT%MGGVy4fkSU9%7i?0wUZ^5Nq@WNu0?mb=ZkXEf|^N| zI}Bl1bI7!Xf-4s#v&Fa;9Z0bWD1r%?o(hv-wJBmI4ZXls3hGW6-y$}&HXPcSxp_Fq zIomsG{z3v~%OM!rjU}kSv~C5V-UbhI-9oNuo7Akm^F~sz&aC_sfb*H6YPVu%{e#fO zrkUmd*wW%%Wq)Ek9Py{9Z&fyBEi!OIV?~a;1CWAW*<=FbS9rF)gC?BPtTK#E@7ex0 zU{Mm?lSE}LIzMgnpto2KcC|p3?TI`?I2WogN?n9=^|WumTe5_56A2TO;6Z?g;IKzp zSxhBd|9`;$75~r_7jI=Bx|0_JJ)eK8FTBmot2T0cX~{iwt7YVU8%bQ=i}#h#LxOab zs64!pIfHk1NB@}|ER4n~t5ncfl>iN9&QYcBloD)-w;|ixWOb*9ryyr}&3)vc;Tn9t zeKE=*q-(uA32?(1#3 zgZB@l2=rM?1ZGT~w@G)Xj9Q$H>rhR_BFzS5FWpLZ&WlsA(qp#}wKM+xkUU^w>BKredkv( zcQ`L!O?y@4t>h)^iK}VL*hD{B3jOr-!%rC9$gegDp6}WOk2;$79cFIPm=m~Vq<4{z z@~<%DyV~wk-G5;LrBqQmibXku-KW8(NxKkcMA#w?cAc~pVF?KPs|K4XJ;OfxK5#dm z+kLPEBwPZin*aEG)ggZhIaK&JHVOXZ=GsS(HSxY_=uv4d#YFhgCGUcg?xUg6`uoRJ z6D_7H0(?qxh7w!i<=cNX1}`<{;_DWE%Nz-qyr!sdIr! zkqG!W%^sUk5v32h1DQ&@rBW(DkJWa-!v4(fJ$VZ=kQcMjCQj`* zZ&70M9^Q8o3FlZOXQiYTQDHrz!nsPAV-M`H3|Yo~NNnk2l{ViVsq?u?4uz?kE4@wA zQTDe7w_)2kS|H@NB4Fqz@@3)L}&)o}po7|-gcW8p5+reQr};_Bgj!9;TGa8!>p@;M7Cmux5RYCY!y z9uA84uU3>Icp3mDQStU+ws0*}^aVO2NTC!_(t?7ZY3=x9bW4KnAu})tK?nQj)Q(d5 zB)-&{4TSo2oSjkXEy*tVko2j;dp^az!NKhb^AY(XFpLg)Pi!q6u@c^QJEGrx6m!G8 z|1DaNMYJA&xsldmk+vRTa!boPMON}TTFEe!74EFYb!Z`s)?U>D*{s`m+Zm^_V`~y& zqC1&o$Z?NvT(^!xp9dp^z(f_0zhs6{3pJef^xXqt5XM%<2d+Xos<%D=bodHqVB8Z` zeGL~SyH7&lpT@upJ#{&XUUxAUA-r#rnMSPJ zECck|?*GwkvB|;EiSslhfU3r?BUi!aM^y$MZjnPFWrUR9RSY2~^?z z2QVJ@zsRdxS}ha`&d;M&Jx^cN9TOt+Nz?cot!ncdg>->5=?3^_SHARG-gBxAmD z3G&h4w1tfLDEXcIIZlBLS`=3J_S)N#ZrQE5`1@@Mk++W^qdw3+9ayM&nyV_P!-~xo zQ5(*k0%%#3ijfToS5q}y4P=eH5^>Wto%}E!K-XGQ7iR!!Vh(k3mubpW6hj+593Fp# zTpdk^{eLD4I~ns`o7_b4YF%=xL*0d3V~D z-^_#Q9^Q@dUf~&38yJm(LGK|?$Oe02Bhfn^ zcQ2H&Ux5+zEZXRs{-Q1IkB!J)ITqKfFP_l|W zPYciJ;_Vll^2*%BD4ba+0{=b_Qb~8oxD&$+ z5Jd!?8Zc5{Dh)yBzBZMuhdnP6u1+Uh{c$>NNYf){f%#3A{3IpsW64iOlOK8!kvpVj z{bxE7Q!4L&3O#ZvC5-p2aQ74y3-Dr%l}6r=L`P#Kvg>R!mcAA~;5;pz_>%SH2n<<$ zqkC!Ny7%CLbN^Lj+->ky2^X>ZM%Li2FX{{Un&~5H#m;EKPd4>Ij$A`oChPBy-c0YK8E1Yr{~&INf16Ig{#qu@t7lU&LHQ^&_`Zyx^`N1nA`QK9 z+C{sR+yn!?xl-_);{?lo-rxI-swx|NC^4*902_f^1jKCdNp+2?$^;G#J0IgaG^!5~ z)rLR?ffs&*ZS{iZ1ydUQ$n~OkTV(IuM0>9hCcjwUdr`h!WwTWA{J02j9oh1q${gA%%RI;!Nx-M28TF-b!kD-)s^ z^PRE*S8drSLrfGu0%<-bDMfp}MEnj128^=3BOmFCvxngeU+HM!r zSpRA)Fbo#LHo`>h5ta42WT&7}$mOIFqQaqA2IjoUiJ=NmP+ubu&uPcIfyZ5_UDI^# zsMxhp>>xFTVO!fuj?I$9nrfAFNQRf8-&~B964mFpK0Y?hzNkV6d?}c{jUBUSmZCht zroXWY*4ac7O1hfxV)C&nao|3I-&|q0oYC|Md4GS*!0m-KgYrweuhG4T*qH+{(Ic7X z?q;E^m`nnXsaf^Tk%q<+P2=elWqnwW9GQZVBl!&QQ zR$2H~`q*Qa`WUBw?Dpu#-1ov}3*ai%%Z_z%`JVE;as{lRcHNSX4mCuC7 zqT0u^i!i*9G+gU31)A&>2{fto$v>C`IGBGC<#%_`L)TDPp=eS2MMZDKq6gZquc(7t zo4i+)_j!Khs_iQ5PWCe*?aVQ9JT+KW!d6wK1Tr(S|$qZN}tZq$@$ zL{G;>5k0T+j$85q4%bj^xb}?KBC8cM6ouj1^8yVQx*ZJu?H=mBgtf_3MKt1VZ z6|h)Yw;pm8*7DC(S`G-MoTnM^_yQ!W6*46;vl7-QtNTSgMkbR*7~Pk_rux;>be17~ zpk^5-(^;0MDdTxw#e5ea*E>(^mtk{gXpcFx`z{wnv)%~=Q4Tq*sU$b6AijIMc%eP;Vm z`V3^wrpz7S{Bw|G))J|8CY_pvC9&SYWkR5;J8im3G0bm?neY=y!Jpn(` zviQ=1R|OVqAg9;kRTCt0na6@>(+2ctAXJ7dg7>6VNUpT!|CoOeBL#fe7v=c9`I0Xa zNF(;#^?3#v$;d};A7~J7Hx-Lq?bT`nq@>NxGlW_bkfTb<{mN86wku!qf*!a-+(y{7 z5bu=Z^a;EbM!s}rlIlC?UXGUP6tFxGP2D{Wzy?>81EAZIF6frODP{+tf9j~;n<1wn^xtKbZ6o(#W!*+>*@*lxKm^cQ)Hbl?hJAH`y za>0aN{p?5<8+rFce6X{1aRpsEuCrv)QNsHkO2m;}SHW2F8JDr!hV3g_)v{qoaGl0Q z{yxX{0zhPk9AqedWDwfJ(Xr`mw(upWuR+SX&;13*JoQ15J8-pnlFjGyNCrSoW50Ds zZ}9$yaSA@zVS^VYghXL^kyHp@z=gD(g7(tF4*qQrBifwGswQOeUTsNbWYQ=aaMGc@}$qdnP8xY=8Egg7tT0&jy62 zv1c3B!?Afj)sLh@Cug$h-n$H@oBH>=AzI&I_WUD$r;a^8f$)zQGyfc`L)7Xh!8)kN z@36cbFz+VzY{xqM?0F~@2(N^PtpE%!g@b5!>jnv7akVlLsxisc@`6Zn2nejeJr1vMRx!v`?60QkfOJX1##k& zh?nSByOc?xt=({ zkH^!gxjxDPKFE?cQu4o8@;6K@d$c)E3tx&t~G!WqpF53IS7g0jp^wT?#b*vBdUakpV zb3I00_w2Y13MEL_ie9?PFu0*KR(`J1V8}5@qcLo7jzK1v{)PS*eW4Rn{c5D@)3dN@ z6PJ+85{z#2 z$>e_?c7$+WErTr}s7N&}UC8p7(DvwT@F{d2YNp?I@O*PTz~AB@-k7Nh##P+!=D=~4A>hg|C%w5|X( zz_;ld;I6{jHG>@6bPaHLjc9;xC_+C3RTR*qmPxy07(8{4d6HtT7rGlZu3ZGTtOq2D1cjgUQ>_VoR=&$79sS z;^{~vsI@T0y_V-V18E~}9%z^bG=K|e06}e7P&1z6IB%^5vd`U#ZwX24H%a^DIQDDO z(-XY4Tr_tA`!yOpGKxNo8vh6Ur~FMLX+l`t>19QUXe~99h;DNk3F(zo4kdq&k*e2Y zRhBAuVt&P~6cD7&or|$PoPjJ)5o}Zw+uLuk;H(Fbb%nj*XTH?RE;*#r;T;P$PUK5_ zSOm}4ZGxv|wEJIr_80Z+7+(RegC^yxdc5=#lb{Ux@*7n!adeN)(q71Oa{(s?mgDUe zD(IaT<#WchoDqB9iMK}8ky`lDE3ppV=SCze{sa4sKvr7MJVP+Avt|VK z5sP1)sNJ{u|3#;iDUlpVsc`n^5|rhiHbdC-+$3kz=p^353xjHl{7J8cwwZuZ_6X927iFSZrHwN#8id3?; zr10FpEB@Uf*E`M~%|8Jn9F1RH=};@&ci{y->2&`@I^98$s~5RyM_@Xae)Ns#hxhsM+!;?l)67 zp#R4*)4AU0tUr_V1z9BL>fo46)O$KpZOS%;jge5vb9ZVLCqRdd#CHxrOn6=cn*f|Z zU@L-U4QvLmiNMWx+jy@&F5a3%NHJ5&SC}#@nvw)5iIlP%Q^rJ7fc>pXqLeo=rH>l3 zhg=-LR@sC?_WTN`d{8`hTp;};d)Eq^A|s0;1ZF(rJ%0yJYD-En9wEL8e*F`)6ldf( zJ8Z%um6;m}#m&Uc^aY$PZXSe4{V;_b--ap-wtg~-dU)Rl#7Wnd+xiusfo%?cf~lnP zWRh-zzeUmlQii$@{#tlH>eRp!5R-PJfda*?zZ#`xHN`(LfnHG>UR=u5w0t#uvqC#f zWkYghQ*UoW=Mef11GtS9z-#|9{1eV$05s4o!#`o30gO5eR71@pxn=QhNRofRu|3Vi z`%&&&q16orx;i}cl4jOqj?-uD|V^kO{waNScR$R;!I`H9~C}u6}M_*>ydF-Jt4$a28|40=qQa* zYwVDPc12*wg3;|wXsaPIT^35l!NeyRP|r3CG%uB3`y$@{Xco0YF0!cYE(XkBbjf3* zatH&o*<85%j>Awe6}&AdQmxHl>URrjicuubaiJ+~db^PvCz?FmkF_NN2z82NLQE?2 zP$La#`rM!CMAH#G$>_#wA0+w?XGG1C3W(JFazhNwcUu9o9E{AG`vwg|@+$yGHp0V7 zX**(GzfFj$?uDXv+hX)c;qD0OXzDB_d$yI)wWkvxY-ZsBSC=#pauXRVbq@Dr8p8u{ zDQdV03?wZDk2?d-nX1lk&NSTxgnj4O0MTp&BE1b|T+p|OOT-q}Bw@;?Y)z)ONK~Gy zj|f5YNPYR9t430Is)5I#!wx1JcJhw1kTsihO&SIMsTxOdTRm!Z@{jJq9W{Rei|<~< zqJ|w;v-(3dz6xoL9^kzpoTgPKyvNz|)y8#x4wuzqJ8d~%v)jTP-k*+vp-%9=M3TMX zL;@S`PV?>{oa6mylHx5NZemQAi%OTUAyL zddIdkdeb}V>w>2y22R|H5gDP)QgYb3m4gRhMX0wXsgJk3fO_UXN8KLFUcP6Y&w)>& zjnxTMyCnexDhC$5j?2;gz(qY>=%Smx+t)I+Yak&zZ((|CWSE28$ZJ5P6|(Z9FDjqM z%J++w|Liqg?=9=lYpmNV9Idf8Z~Yfs@;;?cyZe-q*kw;IKtY!oG-CP^q1)T($H(Eg z4MQSh_!(z_P9rfuyQK0U)_d+iW2IR#3yLM22|N}pK4k-D<9#n<YjAPbw!GI2oPOBesfpk88${JTX@KygyeC7gET0+QoPj@(w73NQ1*ij5vm=t9LA}N5S9d_QU5P1BY6BejU)E-sU8}+ApDMpGKEl6DbW3*I;4Z_gCD~Rxs0Nyh-lH3>wy!d^W5-aOl#aLzm7)hR*GFMis_r*aRFloxf~9UUiokuT*`!(%et{`FNr9 zBIL#K(xc-knLISY85sA`%Dx7s`C>}a)Lz6uTH~h!48i^e&Cx|K7DW|~>R^5nY`Xzh z6RKyxAs!MbSbZSPac7?4-El7Yi~}+~^qrYV)gP(5S+k1CbPy}3SF@H6Lsu=KZ6uSg z^Gr?Ul!+#9QxWg)%+ZPLPhlg^7Mib>sZ~eR^xkH=$gl7uhuk!r=_0qsx1zMDM%?xo zjku+nE;5d~)$Tj!o`82Nd?_-@nH}Lzk97O!%udq&N$4XP#`_iybHQ-8!Ek?x`fx32 z?&lob-Z=f^gARFbY%Sff65fZ`hhZPme;%?YV0tIgP<(j;`v)C)=mns*wzstbE|*N# zRW;utbV_rl(8Ad+jqw<{jdwS;IEvvxht0`PVp4>ZNZRJqc7lJhoP2*Ad8#wbrr4Vyd*QZHP} zw3SH8pi`ModVP1I{ll7(hRI6mFg43R1X*MAhgo^7DR?vR!1JhcbRM;Hc3fyvC(9;` zm^f&Srp0$H6q)QDJIp{=nVD-e+tV>a&@XJ->{M92RX~1{B}nKgd?M-l!;B>Tll$3y z0$*xDtz%CT1v`}w!K}d+B6!YlsM$C*kn0b2!pq0QLghCmNAV|kWIF?<%}5_PW&0U1 zu;WPrt*d|^-$4g-NVmZE600V1y7Bx{_Rb9QC-MH<**mkxpT_&IWADryeXe^CiD(s@0XRc$&ZAOVA&{c*QxC zNTaC^x?gP|OBc_2wyJ(eL9Ch8q-NC*8cDa}PFSmNF(&4HmX%C|6qKyK1$n4G$TZ%Q zdYQ>vXBscV`*`olp(c~G+^H;M0nt%Y60gv3cSv84o2@(9L$YO0cnZqDSHvT$@|Y5VrIm} z`%kiWlRkn6;zzJ5I)WByG8@6?-isZJr7H^#; zI(ioA1{A6v$2in-MewdiXwV8Zo&btq{P%WjK}T}Vm^JHJ*iq(Ojk=p>^g&M51`9yZ z@j-tN#+dN|jC;WtkFlGKG2;UmR&0#H*z0)zea0A!h4HuJ}qv=c1NjA=eSZ6-@AXK9J=qDkq@Bslh#xf*A@ZTycXLlHQACfO@bL6Z;GflMbh+(dUGi;1NG+Rr`TFDkB-|?(xdc`Pjz1j)ZupY#TfkdLJO&f_lc3m zS3s8$U4BQzIfLrkbxmaBZ_aZ@Ff_#!`qU=m!MNiyWDJ-YlVtnl6(wC zp+<;R%V4J(?95{Et|!}B4ur-&U}CKe9Z1$H{EC?h2h!dWVl`@@hgU7bEh$~ix+Ry6 zy#e$-)uLv(7@#u)SkF~C*^C{nXNV}O4$fT(8e?#GmJGbR?nzv1vNM|X=-Gm*@6L*D@=Z6jjrD+_J3 zw@G>%OZt)bKZ-~kDrcz^B6Z)zQkmY^f|(aW&$1kSBz+Vn^^1BB46R|Q36ee}16e9* zkcDnzso%KuzI9-!1(Z60rPjE$@&2hVCMIfMZVB~c>94uou zb?d|VI?F@;5ke=ED0RMDAANP#a5#88bPl4=QUkG@#RvxoLlAj&SoJ6w%DlfL=9uF(Grpt2~}1kXw)*pQJdxe}Wr zH`(M>RxLM1bBF&cL|HO~@6jqmgMDP;HZEnI644_~y)^+?VjS@0m@Hzz^iw&S z+T(CDbEYc8$K_RLstv<1xIC`q>LL!lz|sA={d1e*O2vC6-}U6Sl$^NuP+dUqoaJoF zs!aS~#J_6}zq!(8sgouGgA^2%RZWh7GuJ2#|ne|u}A)P{mnZHOH5 zZXApW)wceIK@c) z8wqjall=$d)0w(rZQqsHo_r=nd-6*!ttX={?g`H3g!RxHGK!iXba6ij)uvnnSug>e zgYK{{$2-zyx@D~4m_z5N~UNgku?thc|*ROH2gs{x4H zt-+F}3o3pNI`xXT>5ek=K)o%A{BzWXo=PCEqrs}*TU0n?oLmsjP-kJoGE^2aFV^(- z2175lQ5cB35}0gY4D@cnMo~Th<0BSUF8SSAc+$y_KN-GK+e$c8|AgmEScXNo3}OAr zm7%}4V(gRFoF(a^x2X?{9^vFCG&l-d-9wzD@Arh8zUq`usagN&sSRHbBO5*#Cm6mO zhukzJFc#(a?sOM-0Y)1(gPA}`IinZ-2+*s8|{G`AxjI( za$NB4ge)!nm;Vd09AEmHJ#a%gq;?bdM|TQ=2g-{)YPTZ((Hg~o|enp=+WcYzXwn<8;GEjC1)ZC2RL;wyBbbo zOwKopNL)g+zqiHA`$rJm9>iumR;kRgR(_x2+r#_2>D)AKoSs#m8{BtA=$haWw~5$S zq(DPw7!Ru~BAw5Ma6bA!qtArGK**byEW)icjM#anmM3&GvqGA^NW<3E-A6J64}Hjb zjrQ6GRPj$>>fc+O)St6>RonHmHdN8u0^RK7RA8_eKQW#ftlpz(?p@ZM=#`)E z(S$^u@jK`vKYTrakLqBx8)d7-Vv58_fH1+Z_C&l7HNUCXd5~p(IyUo;ZdlWm`E_uT zUVOg&AO4gUa#4D8fsJ27uA1?|k2tV^U-Qvc_WM5bPyq|TNWQG9$;A@h2x_#7_dJl3 zKf#q7OKi|Dcq? zmkKj;jrBpByub42^r9SC<3bVnxD)=vc?t{?Z|3Mm!j-DM-UwAgsvs3B}&k6Kwmr^``M`fe8GOz{r<>0dMy=KNkdG1Pi z)e5KVM{Q8M{4uK11Oy;CNLM0cG3&SO*JS9*0$1Qu8ugq)`t%|(|NSC)SI3t!yc8GC zRicsx?@P?U^IDiGpm!=?lNCAMADw}5)${urLcic$b}H3H;gAjzmJ0qyN(s%)w^71c}RNAGiw|BvdD2DJ&s0?keJa`LtQ}f({0E{nVl|8QUAM zi8umNp*;m%w4=vPCwC1Y({Uy^dT(0np#p=Y@!N19ba2#Ekw(CWWHaS$OW@b~nCsa7 z(rOzT=+mLXmp0SE(oN6*PJdfq4V)cn|K+#A*>Qg9O_Mp2^n>6{k#)+X+velf2z>018~7)+DetT8y&vJ&)KamCEf3ARC z%3dVu9-3FS1zlp%%Qy892_&|f{J=Z&9K};4^!AUZQI*wXus{zej?yi zGsRoJXcrU%JqNxt08NX6?}cHpqOPL1IngQ8TI5T{oi*+`QMIAV{ui{17tSC zIpp)OD<)yJUx!{N1~jXBKGV8E6#Bjsvwxbe@x;eFMR;QJVGyeBplxlT|B@Q=QPJDb zkbiIif3JDji2;Ui2GZlAw<a3wU?^0)by$PilC+$;c&Dn>y#f zh?4;lY=)Y09s#Tb@J*p?w$8>Jp)!~q)!>7Ja(9)HRi)=KVIE7nJPGl65-*j<6rab^ zE)TZf+1W~2&GA`NE>&G(e4f-x>qr9a4%oO3ZM{Xy0aIWeg82YJ$RVo>Q1 z^6)wFs6^Q=Ia(S2%V>4Vi9w}5_+(a23@ZIWo-R2tsPqSUy5_{7(jVmMo)d#ge~_nV zP7Erw%QLfu<>{Rha-bK5!kxUYxyko-`vX zLkFmh+XJVk5x(SJ9!)dGq$Rj-i6$h(B$(XxXo4vw!R#I!O)$qKB)U6Qo-!jQGa=q)Wio2aJCpjvEee8EvOt1~Cf>ArZ6ZSMu3NY)9xLcyVymp#i_4FNXt2O!({E-GF$mg%-A@vTH~b zog_~foytjxFo_0t0!*J%d1WK>{X`tmP7YdXsdQh4N+Wa8o!%UQ|6u&|{5qkqWFtvx z?H@xnBk*A-!vbcw&aOPHkzGB9A=x!QStGlSIOUUe`ODyr{0p$>{R)^ODnvm!mEmDC zmhF}g-z<3+og+Gxe?3VuE?W>Ct)151QT8|XCZ|lTlvcWwzvPiy;NirJQx=>2l?%Uh zHrW4Ei>lMZR=~y_jULWJde}y8l03RRS#+a}(B{uh*vpfejk)Big! z$SqncD9WkbcVfjP;oMG)k0~v{ha6<@UL~D-cW2~=Q1||EqTe|rbt|Nw#K2~cJ{V_l zFlIc;8N#zzco2Xh=xkB z+a9yts_=FXEv|t_K5;)R{P8nQQcsw!!=KYA6m1_u{XK%3njMEpu#j;~mCbBs zd*)r=7m$3C#i2|hzvGYX1n%yZACL;(71xM>tW6}P+>g9sRY)Ov%6%c%$~>{)LzJb$f2w$ z5dEr4J^+j8iI+(x@Ez3upJf9Ko>eRH%PlVD-Xii~1PuseeR(1eQdXdQsY5Ph4T>h< zu?5vsSD>S!#TcV$p$M<@5JTpm7nSL#f+dQq9r#Q^3m4h86EZ z5mh?}Xy$#=093eoa%Nw|NAzBen)>hqlXUKQ9-6ZN@E8o2sLUvEp@&gyrIW=nORGAb zM=C!jj<5!zj0WwLLajf?nkcsS&x0IR9g{eA#SSSMx@F7gB;r>RZqRQB2Qt7fbMyb$^h>=@8Q|GD`aR-K26$+Wes%XQ1N?oC zevkPA1N@Z$S&t?%YYy_vBdVv`x#)@d+sV<*`+`TmK;CXT@OI}D`I7rcR-BGT-WFo& zQn}(vovC9Em@y<19VSybO1E)!cxK^&r6(9;66nCv6B1$)=)lqwOfd;`VCf0wm;^kq zPU3+zRX?z5Z9q)QwHF;&fF|azasdaF)LNR=r)WFoh{F!B0}JB`2`q*H1p~4ik|x{p zPrwR$KT(V4rh9fRL?@fs_R*=MrRyg0rOsXv|FA$_9Y^=DhcPJAz=JN14D`~%{atbu z-5edH;|cxW-kM0qQ)UXfiJdSyGet@gJYx+8w-N6GYtc*gt?}-ZE@_Wh=4<*{?N|IU zt`}HVw z?j;x5gUv&)aLdUaEI7IgT7sPoJ9U$(37&0Omr)w6S8(}76=b7-?qyT~P-l2c@oQ(Q z#v_vp;A*nbGk9J=#qu>VYd*%mmHZ7eVP-z4s{~7xbPt@gM6*@7qD$Z&7wiSJ46b-P zAeR9CWL7Rl_ zXj=?fMrC{3(w3(P{7b*^Ytcf}QQX4piqXvnWN>G5F*#l{Xh35O@C_Z95CeQu2byAl zZ|OjD4Deq%Ffj)Bwhl~+0sfohzB?^?yZLoCJc%6eXKElb+vPvOf?bj84_6=njX-k0 zGr^%&In~T*q$Q!SAp(VeI};FkGuhf`P!m8+2%Q)zk3!7=H6wI* z==CTx5uk|(?G}183QYoN61Ky)nuxHk#B*QeH^$jJSBPqj`#Qcf+uM@kKI3gkc86Wu zPA7LvRO_69*&O;2st9+|{P*2XU&^&}~<#1E|MGQ<<(Ps*W2mP<%0kmHOoiFb#;!9P;&?LUJ`}omg z6WrAfbuW%-;jc@!!CpKXXb1OUdw%1Bjat?oNfRJ{{`k>7lB7fMxN-!b^DP|agZ=%i zL;e!>_rl}M->j3{8-C`G?%Sd^H?A`_+1@J3dwmDp9UHyOL}s$6c+s993P>#= zR4xMs42H!tn8IPxhBt=ymD9Srz}6kwe?b=8V2Wp7s^`H~LSQ3;|D%K7(7_1^epd&- zu7gb!Y*hzu(ZOZ}|4RqItb-FN7_kn1UI!;3_!S-e46VZ57QG+jS9?kzbuh)%K%@`t zfIkQ!EB@U8m)3;d&|%(6SbMvT2)!%xSQHBDWOo8WuM4e?LSgOgHX(Fe_-+jZ3vag> zL6?W;Xdqa1yAu)AC2ZF~u;g|pq2KFKD8CsyMjGt7pEF380gFjKa9wgR*!Zb-v44k= zrYqLJ1I|_hiTa_!?VyKD7?Lba1u2Pe>%9-((Rm&fvEKDvLLuL6O!miudR6UNG_g zH#9*JY1V7e0^ARfqO-{RA7VgfE-B@|V$zi5r%B5QN-Fv9>d@z_Y#{5hV*}7tggYnnjG2ZciTq4Ap{mz|W<(yybm8a#)V4?YRzA^3sUvvbJ){w# zAob^MPH^ApZ8q}$&sj%OdH+GZBX!Y^FnJvu%DBJi6+-h`@XlF{uvi z{R<2dR8IE(o53nb0 zv9yG~gIt%eMEwK(yV@9g5YM)$DYRdasu9Jz2426+q-g>NTn)jFs)cD8Wid~p4`T_T zt!~>Ormthn^I&_M0m0(Vyf&KE8afcYE$N9Dn;3V0Cklo6P$sxyAlQh z<=+E%jB;kltn$A7%*b~EBu!ODCA$Kv@t&sqSD3TBxbqfQ*%b!n=*zuERMuFi{KF(n z8-`>mM$>T_U{Y-M{5pNT_L+#`lqQT$?JMoYD$+O?h7YYn>A-%Md_X$lD*Vj-qJujg z?ilwy45xHluLR~a1?uRd`M@jAuM0iGd^g$-4j^mcPx`g0G%(?n-XOOP^+xy!wc_oS zVjyi3=21-eSWSflJ13#z6Snu`8LD@iT0_EKt@QU7v)ZF=A}T?SJr0ACw%Bv;|??h1(L zNbag%U>?R1e(Mh5j$g`uTn+OdXNdTZE7h~V`G5M4<4Z@4Ciih4w{suoC~QXeai2K~ z&$wR@xzA{VV*SSf+WsH@;}HMjWtK;n6g{}8rbTta5)zeLvK@icL?j^#k1fkXJv%|W zBR%l*2quY4)U9h+@H}SBdc75y{~iwc0QJWu*SfemO&|ZLgCBo1+zIuqmZYIR{)bE- zf5I`ms4YC??(d+hib>>E_qdw106vAobTug@C5rMbR;S$L2=u_9yY37pca|KeRRk|o z1H*;tZ?{;gOMC=t49Jou4}cc9q4iR}bFFIFUSl_1DxRY$CZ6LhKaQZ`#^_Iq-84=m^|rg< zZEPmL79*e102JKPKD_3~f7F6qv}eawXnKl!6|=r6UB4LF zgXR?XJzG1l5wN(Ewx$4N*^S!QBYheFhkbeE2keWKuJ>cP$yXs&;2>(>lQxDsL_hHA z)|A+u{ediNuU+0P;BmE2^9?60z)*82|1KFvW-^a&$sk48eio)#@t$ z4N1&Y8qzj=Y%!2cja(JX$V$M_K@{9%iW%K6vwJvsoNj=bLmhl4Jc8Aep&3jC%s-tT z08dFSd5u-5nUqbAvy@kvBd^o$NpbPCZMhavUWaK8#gxmUBAg}Dk~vthV(v3e^8_Kn zd$by97v(!2EbJI<=S!%;;cYXyQ{XSh`v;mSFdBMCBci1%vS;g2nVf~_1Ku)`R6-ud zT7~j%294rrO=9|G-UqTxyzk?rh_e>y$4~>=<}ETg1Fr^=?v`II=x9KH%2@C$bFdfe z#7A3|X3{K0MDLEGjzn*yo3uI7)~rR!9F@Qh5Vbei?7&0kFS`D{!Oad$5*V1 ztp(#Nrs)1n9D$X&nS$cXwF)q?nciBX0Oxilb2bK@m|BUK=C(?h-z}W`Z!TqJ?sQk- z&v5jj5(|bthZJe5D9>#|2OAhKn0F|*!ue$GHU{sPY@rbb2g+{<6%)s31|>rfOuFdO zC%9)mUO*A??65V?ZSpp>Q7c^XJ-O3yl``q`+p39m>tQID$tDaRiM)96?jA*1esD+Sk7S z4u|k_9KtwtU;JJvXuT%qu{PC^c(6qzmQUS-7=}xE07aEYk2Y@_sTKKOnEeEd$%X6OBMx z_MkP?<3%juV*`s-U7NusX5R-4o3BmKqrRQKiiJ8Q&nZb*Uk%kqCczT9fuh~9eFVgp z7+qgbjY=QpE58E*I0yGbAWj__(fy_~7voP!REXC7nS$lU>^GA%4Y15kzz`ax{diyB zHEzGL>ibOw?l%Y9?>7fyYw3uUMExl}u6van73)s2=QlLvD|(k0Qo|u9gO%fZ$-hC;A^ML;hFbHIg6a4)oYzd|Hqqxdb{5JX`#j8r*BR`J6 z)SPFk;KLYaY9B277|-tQ2rM)Tte(T#@VBNGHKsZ(2-XJLHllMow^_xDx|?^ALeGug z;M~HT&47751@nsWJ~NFmp<0JDV|kj}FyzZXFIZPc`Im#JijjhhPtv5(nH{7WG;}HC zoPk@Jzbw(K0u}!i`OC_1KknjoqI}$M9*PAnsLwK=m@4NZnr?YyR?Cr6HLzoUs(`I1rbyUssOv0dkWw(FcY@nR1mr!Gkk4NRsUhcQ6HHzV2BlXgnqdSX^g$JiAUJ~@J-a#f)9l1*6zBrKhR zG;mIoD!tqoht+0BZ^G&sTXn1^wz4YN^(#~}JMXK|Die8oeJIq(w7lBUvy2~YET-U! zysrl`73a--Nhh-C+6RPaAnnJtyf`-*QA8%ce1SCo_2lMk(<#E|74(+1gnoM7b3H1@ zjaxuJJ?CNQih+P_%glo3Tfp@;z;*Pz6}>;#kv@ft35UnVPiI0hEe`s%(x-Y1b*9Ut z!3F8RdK`7eJ8AH#6rY%4sq;Q13ZEoBMDf%K?u)|hyniu^GrZa?yvM<5ZugyLQtGfZ zmj72B@+TN?eUcV$eZFB5#ar);cSS=e?(k_BWWmx#EPapwhY5heiNloyVD&d3U@Jvf zy+DBd2>2(`LHTr&%pt#ZAAN zX?u;C=zTkr-1Z%Z<2aoA2mbmxaF_PicM&}s6EFM{^lYkrzL3AZ|0!PhMdwRa>}vVw zOFWrtaKY55EU5Sc!(+zhSxoots7K9!72V*3W*kVJySv7BNRu2~bJ!sUW@B{I&~<>9 z>Cpl0Jri{(nu2e?9T`&`fpJkeM^rOY*+85gE9(jfSl@r4zTkavg(b}~-;Q?ta(mg3 zQ+cNr{kb;+<^!ev4uzJ69Sj~ZyfpJT>TO7-$f4UvYP#0}3ty2jY)`PqFcUzkS%_A& za_f%Vj8Z~k(@BmJO(&BL?6N~4A3xyR8WEbgLmc~(a(gZ z=rQ1U7<(lxL(P(VVLk4hk;mk!XM(+NXj8*;@eG{*DdPB}h#ANOn?wu&j`0PdFj?iU z9HNJSdhrCDr;Totd?wr%iZn2cUjEkshG2OfIxBD|H+tug1dVSmw+m$LnUY7|F5K@i z&ryTXixpBHpL$j#8Kix1?!5jvUaOcmZ$-Jc$+A3UTQX|MzErv7o&1V(be%!gqmNbC z0;b)!F$(O*>CBs@YYyEU$YFnbea_+^w#530(tMVWUzlGfddr?CElAH|K!X~)6~%S3 zJyRq%_7uEQwrAJabBxT7uk6Yt{|$k;RuWPRRY^d4Fnoc#zoO?BTSDp|RM3CYOQj+!;`_y~jC6fe#UufnU@kC^=3m5M?|^G|~` z)XX}5k@S<4l^nnqTcMouBcksgqT=K*dC=@OHluG0()7m<9D|RZsVPCxI)!#qrsWjN zOlX;d+TvT7pq(UE?e1FE$BZdIP&xxl{ZX`LSKfI(iDKH(9`P{k^4`b+aguHe$DPrtmQ_nXJ*(g++?!p!X<<)%ubX4eZ;I^2LY{{smxmFDeG?>T?l<#->SjA2TPV#DeKSuBM_+FZi$HO}POaDdKiv(M$!?qx7Lw=)E`EVXu>C0!F$xXcP zFNqX54{c{=HhPg>%VAEIgdKEm?R%Ea0;$2N{AV%6&2DsGDJm5Aqo|ZSN1?mW`y=l^ zgcvwRtDn^=y@lQg@*6|5Y1-Z;&li_0{J4SDeU}zb+$r4}jVC@+k0(Asa_I5I1?g&h zG*RA>_-LjuAAOCa05f1`z{Tn z5U7ZM4A#sPQi>khD40x8OcAUU`^AYS>GHAdMsmYoB<5h%XGpr!05}!JN`bl1_lPYw zuV_8Rggr(sanA&wzWsu#*PKT+_k{|xk(TI+Hx+u#a z?>nQZ4%!e8{q^Kn2WEKHQRzxM3O!abGpepmBFXOU-xtMd4(MKw>o8t+wV>{Td{W2I zO(yagf0Rm1HBmjhAEn?9Wx2(ntjQJw6BES3rsXz=GR;crL${Kktd{WEDOb6;3bC+i z$?q5!i64JHbR9`d&$05iV)6TH|D~o?|_j|H?L+n4%1#H@EJ*tnn_lMdvp_3 zoe*u5|886v?~x2#LPC~ym@!5znh0#w^-g8c(eN0yzNQ3B!$h?rzYfc8u7q<9SdPre zB3C8Kv+AMSm|2utL}ghv)pV8+bhX8$EEf?EzqQHpf1nR_XW<#X z1l=(?6ql9s>+9V8+Urkg{;MjM{O&3|;^~SKKB5p zV(v_Pb0r+#PPszO8uqCsYrB=~R_z9tELqWSmPOn?;of`izH9#IoXK)#4pkw$EaR(f zITi!XA0&udC655VcO*Z!rFUB9GZhY_Enl^Ekqr zxbcd^pW`qz$D`iM(s0PiwJXLZhms@~?ss1X!}Z-j&CS7i8ZN^jZMg2D4=# zjSFf_!_!iroI{>wskRL_;sHhOP}$~$OG)&us)fyND+PPEm*E2M!Ow0)0((dZ{lvDL z-*8*|`!-f+xh7D#S1jb*Jw#=?)rp)w@EInjJU$!woE{E&x-~o$(z4M$1Cp#_&3Ja^ z17wCJ+)=C%h=PsPuXAKW2@9XG*ve-N*Eb;x3IQw!ktxCU`^gJDiA%M+*`~`@xH zy|~So-_Fwp?l=ux%>gFT7)672E4d$xVwfmr4v!9=1^1J?d-a9#ZJ{kp5IVb`wv<;N zxWrOsg3&X4o^%F?iuLVp@6pHW`y6^U8!yUDn&Wev66qSm$IxHe=o`QG#cv=X+BNbK zz89vj$+VTb89UpWw6ql%0oB@gjk z=rrEvkUvAyK!FnIfJmrkSF5O&r`U^RJK%`95$9Pc5@}T&q4wy7h;i7rpB1Xq3yng* zp|OQtytvR)TA_#ZLIr3ym&aNPjij9J`^3PiXenBv(8{?~R+>rW#zIf?Sln<7?}4I& zL?V}m3)^tW-yIk1UxE~~lndycm$w96l7(}KApy211L|T_ubF-35~?AhvZ{!ARm-D> zoDW{NCK*qkmvb~XV0-tCVA}ls2iBvW{sl+nH>SzT${`I%clUo4^${Lt6zoB=xmKBn zr&`!h-35~arXdX|C*Xq6dkf%Kr{4zRSp8c!Z3CyN5Ip_X|@FFE-cK3&>^@B|DoyhelBrNlp)90k0Md={^w|{I^lYs89RQcpMmz7OgH0f z_$m~J45XtQ4RhvBWQ*)WBrYem>Nh`ZuV|_Ta%LQ7uo{+J<5bpIoXT<_+$VJbx_$Ws zQKv$0(YY5-JNnaE_=}St|4V3wk;L#$@dwO1>kiF3E2@AYbAZ%tbFVn&pku8@?UL!HoaB_3 z6K`N#Fuul=la_)yWo9V#x8VZJbABCap*&UT;>8~VCebOsjq!zL%0agk z%txa6{;vAPR{`<1FVrw9aT078g187==Sj zXYv+EUGj7I2KYp;uIw6XB2*ok%drqdnu-$~6R(BQl-j*mu5rNjs^6IXqGoljApz)D z*_z|eM0gkER#Lx4!QM`28Jxy4#t?)C4#$R7+j55+D1?}<&_yy}2fNHdPj;416AYm* zSYM!_PM}$Rr;x~*o()ar*P?w?_*J?pOJ(B63uEc3tZgiAICy;){B0-QHioJ%pts#W zoKGae2lkAc&+*l4c*jKMa$0BJYX0|FG}X;86^Psa=DzE1()_fP$@0vC^yu^!bT$Yd zaG{xuh~3*o!^~fHUyPZI6mPglM|=XN^fbLfu|??`VYtwf~LHWYE1mZ>;qg9y({@*3Bn zr2r@OMh)#OiVV-Ko2R)2uB|X4Z90P)yvGMXVDS$k-XV(5tN%6`mS3$DXJwHYFPnmOU~S#;|vvZ4a?F6xdQUSBjlAnCAobL3Vhqm{R(X6VyC>H;t(-K-cvX<;zFgO)=yQ=a z1xDmtFq&Qb=NxHKm30P+qxj1>B+&VXM{&9reQZUWJ<*_>1^|tU9N&_D=+5Cca?Oqb z3gO{H6G`ISlbv!i>OC|BtN)>4EXK@%FJ_NpU)=Cpiz@t=qTY_{N1JPICL0cC)d+1} zhWbHD^}1vh7L@C4QFCACB~Y}zQQHGF9j8rc1g_H}1m@;7MTR)`ys zS)+WOht?o>{a+?A1ZMq#DsINgZ8&H_Xsy`BZ_E(fNofrPgFL>ia;HC^_ZcYeP=&YY4&Gnihv>9yUA48M4^hrFHBxjp(O^i&^IX>Ma$GYn~rQdiQ^ejcwoRP`%0PDgtOUL2^> z5*Ag~D%~Y$kyfQ!8LD-Vu6HOUI6aLX6kMC6iJl#38)$ZqgYN%18veC_A;nXlwy1zP zbZQ14+R{n`776M4Ze)}xf-~>i3Gi_k>6iCskTxs@t_2be3xrZlI(oufUE^&suFUhQ zIT!;oSu(?`)D=I)?3x>by`I$YbXXz+z6ne!_cmS0mmJBZVZHl{c+HH7fQ*kXPKols z6&erB`(MEl5lw8~w>g)*zt~|GFj_b7U)x2G)BQkh#LPnaJakVkM!`jf&3A;wS4i6O z74N?;9nUFRDV=f<*=HF%I}indctl733h|)iA!i*={y=#D+k7;_&83I@@Re-HFFVwt zGA=ejQ+SVJ06QVLC=OQBVU~%WoLGdj^Y;7-JS(ilv@7^4D5|WJw*&7#%RneTvNtq* z5(-pHCz%7{J~R{cewKjm(-P5w7C4VaZ*wy5cLUMNRoDWfJc6e>$F{zdZaYgSC7J5S zCi5i|((rAzB`~?(1KCSP()+YzPbI~L@b;tkin}ZB0B)T-7|49YQ$wPzU(lT?gs;`wj&Mcz-!g&;|o(sMU5tnzA1LuJ@w8J=B3(@ojqw zs+J@{cku;Q8jEk;hpisG+%0Z?o(VjW?mEpUgrVmE4p)voYA4JH% z=~%m}2Q+R|4{98Sh32HI{=8vdjf^zx(EhlFvCk$*U5a;Lqp&gV4nj={LQRIq7ZO;T zrEH<>iAdYiA>UX%pIpIqYEHtV<>lxH$N#7uEuCYImJi_s4ejqv{_C_@>ik2ury#S5 z@zg1xHSfDNB?jj@>oL{Sbma4mKnp+?R~^_Y_QG~tLkB9!BE|YIB*WK!B)>%Y@NIbW ztVtZo`?n{PCE@ZUn|vm>ZR~K~za^Pgp#=}>WL%2=$CHtruRb1K@yTq(ucEB8Q}h+T zh~B4lpcN1AbCdsv6%UJ9TgK}OQM2)`3S6E-Ww679K&l~-D(BTg12M?HUD@vJR7&wGi6m|(lE{F#1Hbk_ z5^hj%I`ku?18M+8h|PK=xOXYidg-)Cz_k}NfKiWNxDf%KH3>s_zh6r;>9)si4Pe#{ zi*MHei8|m~4UnW87z-M}qT3Y@*8s_S3wpB;ri|wOnM9-PSWIh5m6AlIj9rRTOzdjA zA?{ZEAuS;6t#CZjMfdf9Fzim;2~X@wd^|j{8}R~oVi)2=@c^Rx@LYIe*Wumpc%j>H zE8-+wh9`Q~Xm{b0nRF%i$itDla6tpDArSwV-QWt`*+F*_cIo@@vvK#~i$1{naGFFw z0=y4LBi8j!v;noDDc4H$BzQ-z9zqo3*VhGyb;i4K`U>xx&;uR0n@qf~um{C%$R<1* z+ye;>A@W5vi-T{4vU)JgK_@*ng?3-z+%DRi{U2HggLr=JvuK>U4waR>4Hn+N0r95^ z#}eojHg{~0dH+)F6-Rn1@4rKP#o-1-nx(zsn8P$r)LzXj^HthwBFmh|kRS=LuBVoQ zbKvCt>Dp^Dt42*^uPLmWGumqhc%8)iPin8Jtk#3tYZ^{A@86k7A4vyHL+|d6z%*;< z-LB-#hMW~VQc>jj?yDk?IvpdESMvTtoud7{miO=K6zwl`|NTzU{?6h3uXc*|_Xgho zL?`-~8G7`3$JkW@=E--4Tn_q>IFq*9yCnRG$H`?I>n zZhkPKrmnG@pTPTn&1QfEeaKE_$8Ldujt8=1w?LSOitO0Qg-ZXO%}^P}@a1fzeR6a& zjL>7*xGtCFFy09k*IekaMlAd$QJVS*P&4J3=xll~&3e-O>JBpO>{i5tB zQo^L?XGf6|GWX4nL&{Fs5u~(aM;9RUytxZ|#XWE$@Bh9_bP+p_e;HmeW(68SdvS)q=|R`&lKQuq0=dn}U;kC>-4- zD(3zP+V!jR9oV!p>Beru!W7MHzbe9E*29|bjENgJYFDtnk@ywG809d3N!B^c?9Neh z&d)IV}EirMs4OqY}Mam!R5W>(fY{qgQ08QAEl zNXL|}!{yypI~I+7JF$xIc-v^eXmmq5=@q|#G;3Z|7~<{$9Q!MmVZ*D$!W7=uwPSP? zeo~0^g^zpSdqL+#4k^@s-ag&lPycxzzn{3oW$|zOj4^(`UOAA zl+0EWjyX>L2s4rAFy9eABMZJC8fcA?#*hNe=}3m(cnk?;)fZ9AJ85}G90X!%Iv9D&&xWW8Du{IaDL7YeDL zrQ(=e-HEyG;n#-ZMj_OG6uyfeg`@GKP!~T6+v7*!&G=DxCOQh63~^iK+L%$e0eDSq z1g1;(=p$g4ZiAw!qoo^hL*Vb#HiV90+7LViWdE&>fLXnXuyunW6G^zM|ApokJMbkm zrK3*o3ms#-JhG$KWeo(K&gmG}=^ri8PQ&Y$7P@X;ZW27-ekFL?pyPWj(T+ov-^CMZ zN0XvEE9{PSF~k~tYwo4Q5gZxm zHrgfk!F%XbibhGTZKXSPiybP7dvpX(j$8X^gbz_1}T|e zdm#<7pgjU#@=IDAhxc__bVvXNKTV4c2@KfowCIirBUG9e9Tq^o*V5vK<;k?@umC2? zX*8S`K)lsyO!CB${Ah6++X2qq1(^9?W>STY2T+hyfD=xE$<|?R&yMRDBBw0+9ahk_SXG%w&Jr@F(I8m(wN0s!!GW%QpBl?5z-S#yZ6_zG zO^uMIAEm}J34l6prN%M|*8}~V+KvN!Fg3y?tVu-^wn-MgbVD+o`gNY>OmxiTY3?;X zkopM)xZIY*;sn=;%6bZ8@PP-th%I0Wf=-eV1V7!>qK1a2QjfavYcGrT2-=j*nlPIM ztAq|DX#f_n61Jzt4h+D;R>BN^qXA3=!1>nzX1$J`9jF_LFbHK@T9Tgjng+1w^*^ow zk_iBV?AHJ(1OTLPYk&>}fJWc00a6Jto%dg>0n!KnXeDTXbp0#CH2|--qc>}#7224o zrDf>#Cuo33pPRE4p6t;H*PrGckQ)U4OZb8>IHAO6T{0(MoQlnjC_eZ7JEN7r^hB#VaYdjJ3 zf+3C;c*GD#3wUG6L1_ixWalMIhz5}EjujD{K1t{Q%HDag=l=^7jb%KZ{rLxj4?Ywl zADEhasX-`6rrL^nGctWn8LWleWQv#A0plgodGJVu&C&p5V=}G`q>hZqan#YTmbg9t zv?Y!tJZy<039Bt}qw#?yLK41ZiH-zd$g`H{NC4Vzu*8Y5)>z_1Sc@%DeiOcV8>=-9 zQ000Q(FG=@^Q9JFox4Y1M!n~J3ct1-cgE(+-5t;>R8%W`b<$}@`V7J?{o&pgQV!4^ zUW9nPQ-~p%jO8&y@B6c!OD}Ye{-e7+ti7Fq{^}f{W4S-A`*o64RI2L zS7WeY7IWPiLl&=(!3I%UrT5=1Ez$cvRk|}Gx|42>G6pkr#$bXpQD+PUX$(GEDerK6 z%%IBpL(@8rmUnlVP8bh*OC|~Q~4n=iWM+_UnEAc z0yd3(iBYTov@cJLVg;mbO^jb7iP2GknjcAwjtb1ZH!(UYklD=ylqoQ{cf|-cVQ_DZ z5p2TXPKgn0LbCE z-Nxo_P!eh-{E$jst7e(m=J5G#+RT3S1qR@%=1bA9D6$I}8-oe3_ApLlBB!M|ER+I6 zxm8OsYAJ_Vij#3BWI?B;oM0(1sVlV69C9dLtS(9fM2!SwukK^;tgZAF|m)t?D9zUabs%gg_RVUW)TtNJAxLSJe} zh#5BsJGmg4W+vP9&=lNc+iBOtlBakfvU(Q9c=0VrAYBA0-Kj`t9Nsn+28-^?lLBJ3 zr@4_|TY#diZHCrjD9srH)9d-tgChUZ0e)?-1p1DntWBl=)}SCHkap;^0S3qRJDIxZ z0(*WVUs^GdFTL4PFL=M^o$^siyHn5?Fl%dec6a6Zl?gV%}LBi@&8cIO4aHrekVry(fB_od*?|0( zF(SJ&8r;d=S_|XwU=S;45IZv6lupZI(x8HAeNlZ(vf%Tf+(b=<%z+NPfPLdJ&S}33 zOejf8FCQ`+ktB+-7TS|YF5mf5K}8Jw4KeU%eO~{HiMb&6X~3igXMVkS?mLD_2l$8gGE9CgwucDg7|)Hi(q_XKeAb_(wNGg)$H4fs)KVi?Y(;2_-3 za3*Ct(oCVHNCjz3vv(F|c}NhNHM`-b_>+!oM!w z`K?|qnKu3J{xO1G3bIR9O=rv9Nkgpq|FDQnHB6XGqG6ZZ@>v0k!3Da=MR?cGJ8lc?Zidy} zY+58ibrZ>0sfJL{bhcF`F`yYu?XbPy+eu3^ZUYSc>oBDT{T~`5hBb%Iqp(A7CiDi# zE7WxUZpSw=<8-AcrJ9|*LH>sF;{g-y2CC_ z4!8d^qQlXFdi1JJc$~@Mj$fe4Y5Ie$o)~Jpf;rl1M~%O6fvinTI6#YjW1UZ`*4H@HVvCxC(EDQJ%B{H_RbA z-sE0{Hyxpx_d3yjg&`+hZ=s!~w)H9IOn-veciK##@wid-wJcr1^j<_iL;B^Ap0ORLKJ*useh;MQA7r9Hw9X+% z`uA$c+)>-sI&MctSfODW+0aP?ciN5$L7{97oT-5`iQc4WQV7n{z**Zdd}io-ZOiPe zfje)fi{}RRee3P9EwuXy9%D?f~F!+tKrB_yL4< z*I?bZlf$3|2Ec8m#yB-U#cAupC6D zv7ffEB@2udoe(!yJKCL}b;y zfZ-CeUQ1<4C^uebCYtNZ!{|G>f$2LjW#tY+X@_>2%5z}H3N1bov1y2j&*uGMI9W0{ z<$W%>8kO1iipnNyywzd0$aeB$v=0O6`O;$}G(Y-9?unwJFnq0p<#<0V$5GyKC%?yS ze2_-&7e0gw4of@avvPHCY`9gG&xBLaBER8%+N3+cEc@%y@31qLb&0s` zFOoKe4`0e2V-EIWx>MfYSWKF$Qo6_-sODFM?nLuQd6(`gS%!tn(nu=uJefXyCI(2c z9#We`c~wK4y$&OvU<-AV%K2G3l~Hy0>${oi@a8Ic)(^bTp1@2qYYyCCC>@{Nq;-eUqaBuj}L|i$N5w6UdUO} zt)1_L-EsE!O`>9O6n^3!;#AC^ghnvin(xWB=G#X!ql0Y}0f4≷6fyAQPA^a!t$< z2YYz`UvV#G)ybbv4y0Z~IJ*J6RBf_Aw-!MUS2Z}fVcs3Tv5!AaH7aDDz=ZDFW*Ms^ z-k)6Y9D#WWj_Z_&qY3o`0YXa56mO|kzvM1AYE$(X^}WeVO8pLgJe(jY`d!PTY?~gI z4hsZ*In;`UwQivDCUd#~mzg1?rDG0An+$12U4T1_rTv=5(uP8s=2(mO7qYaYT3ScX z1EyiHd{H4^8*kUZA6(o|VgL?xl+WrqTzD2$enN*&#CpR8Bbi*y#aeF=E#XHS&w(F1 zxP2nWAF!e#3jVMjGNP{y_q8>%gRPm=0f2SR z!e%lzY&?k_mzv1;Q`e1`^xGd^2B#>kE5w^FWK37FpuN4}9<(<+??nGB77BR17s-OD z?=XJ0n#L!q7rbN~MzwZN<`l9!LfJWK zK|1QZn)R;@+Q#A0VyfzU#||24uGz_br)?YK7vQ#`?WjB0W`XzIcGxI#w2gxIzs0rR zE-tZA+=Gqo#wRlK24svvKISy%$FE`#!Mfp+ArL};ZHp!R9r7{WKlFlrrs#CP4Y^P& z=0uF|&uRNjD)&eGjpT+MVP|s8UIS+_S$^sJjdU&Kcrlsw3>FD0y5C4wLRyKQ_9{!$ z9r<-bGE7gyI6Ac7(3orYp@dVs->+?~e}FE`6Hp-QTT5O9buPo?#$tv#T_dP-1lTDS z%`uR**FtClr}VcwTHurp4ZIN1+*j;BAaCGCJL8vHBH(!B=6!dPuSgBSc|SUt1SIGE z)6|Gny!2H_P~+(lQU0ckqRnhm2``%xqzS-!8|}b*3&?z50dLoG_P~ws+S0h>GI%rE z^tbE@0h31vn8w48Es#21D6SkH#*Nb^CtnmlAxb}J)B`g-bRi8?AVr5Q;0;Gb=yfl!Fs*Z&A@{(m1EGY97?{<;fAGWu<1_ zqi750ENyzb(9c-9Q$9(HrYV?qJDK~9g^KQ6>{O(MdM%5gmM0^%T&CCZ?j>uf`Af8x z6;R6xtmPV~@{xyGGEa+C^u>b_m*MRzSsSh7HFDX4D{GRK+0Qb2;hIT#27}d5Gif*r z_&liq{)qsdqb1K{$rNZg|3tWd8HQO7rxb%mPMEEAxL02`Q?`Wu3!V+A(R zyV_!KUz4xK`zuHkl~mYQ%nw32HS0Yrpw@_ER$G>Q4JE@o`R`$7tY|Qd{?94rgEBeR zq!Hq0H}V-*>bsE`SY3cFE%B=(;HyOj_mKP(n!TPf5zsmrZlve-(0~|CM{L4 zjVk7QzQplrEWzQJw3w!H zUC_qYOVG!3g1!gr<21Y7AF-upX$J@fZPd~;PA-ToRqh^6kuH8D`l=s`mSAL`ICu-P zbs~_6&53-;)y(!UGuIg~Z;=NW#`8Nejm1?(4g3Kn`DYfGP{SxCYfWB65W}Vr_6S8PK14BR~=2$HSQAp z;O_43?iM7t1PSgC+}+(dxCJM;yE}p4?hZi@@SN*@f57{t*Pfp4s$JDRYt2k|SMmRU z!smP}^>FmTiX8$TZBB>R*QLi`eOpy)Y&LS?3^YTp|L#EvF#{Y=khlymwXkk8+jTn7(U@y+C z5+c$)mHcB97YV5|4*v(F0j1{miugo22-t%+hCu)1Y_mjmxEA*1z{Vc>Ca$yZjf^xtg zz{^B6@jM&6h|p@1zuzgAX=JPY4C)@`WpE{akC{^@ol9u>{qi1~9+JT%oXCTjAgF55 zSgxBFll!OpUYql9w#`RU`N7crimXofv*l04Q8DiiTU1Y2P^jVuu}b&rjgnusWI`e( zO5<&asoBu}FV4_VQuRFewHL~$sOv)pJE)IN`ex}Ifp(77bDE2om@*}l?=D4pVFoZu z-6+?`mZX2m?b4pm%b1oFblJ~QjDns?Iai??ObW1ju&8yg}DFNe^Kll>i? zut}WpcG@})3RX$9U6m;Jdkw2mPjnCo@X^1vcb&yz?V~NMwnLdK%K_X%+k>a^%#$`f zDcuP;;YM|GkScNbaD+`PzBU)~((6Fa$aX7SB}|{>l6JSiCY%l4w*GELuj{K|nM0K$ z1kqp3uGE!Mc084@_9SL=Cw1Q!*gWOxGtHghAnxEtSb=RFbh-BtICsH2Zx-?c@}Slj({k=#HF@WHq|n-ZK~HGp1^ zzD2e=J~8HVk@_3}naOxE;~eIFW#yMB_11Lg^Z8q>*Ih5#C3$E&#!D@5ySqYSVfCIB zLOEt7;c-h!_N}c+^P{i$(u>w)ZqU*@xbd2JDf}@sBK*$cAuG}-@u~4?6zxp1b5m0C z{3--HdnvNkGf2Wb$q;vhz2noEUdnD~@_^)s5;Y-YE;(MdKBInV`IjjPs{N;g)fG#4 zOUz7jv4O4C{?sod%zx40IlY`4Qlt^ZEQwEy1v%!Jpy@TplYFHm@!Do@px)RC#zx=f&+s4U?F6brvJNnJs3VAl`sF%U?_36?S! z&7U++ZxRx;mq{Co_3sSUGzT)R_T}E&Or4rcatk2mJSQ(sufbw7OkL4{e#N;K4oMLl zqNv-P{Tl~4|D#qb^_jvbV*Z@7cSANsTjIp_`AnDyYvJG(^sHB1f_i_8_-3VEJUuG1 ztnYemLo|n37L+NOn%ZgiH>iu7T`972kcR7M$ z{}k-}I+hiJy=9@|#8VS%M6J$x`*|m}@UPLt@BJE%21-jz$QccGuvt4I(nv6X{`x+Z z3rVKWM6Rq`^pvN4v|}UgU=!{#8eEkwa1@U?i}Cr)GzlBZdJVoih-UL{58|gQr497V zF{N(zz$4u#kUuy4WnAb?4r7BeKpQ2jYBadoe8Mh@IV9eOvm(}wUt{mxIV6iDQS_Zbc?cr{4?ffS7}aADC@Ceo#MjgIP+Pb(2UWADvR7%(%-p&2ig@xRn4ze z5Ba3bdG)uYt(;aaImIgbwJ9DHx%?^jvb$I%ycjAo2Uja5MGr6oV_6$Tksr|{k1sEt7D+au)6t;G1TRaF~hR+ikB;R0IX<&go}5j6;w$nRtvE56<2+-*8#I*!2N*uF89UHzPC zRkvQlZFl$Ol~EPBS=K}+v`=P_&3=)X-DvU+{)Ape>8GYDhF3s#esUoF>=`}U)@QZ2 zBD?9tpf^(0!a2RA5`8?MZ)^qO?36Oh#kbmkcX#4!m^tZ=v&UkAB?>#(CAmqM2h{CQ z1ZN(hm3;IP!?mB8clBfW0VBr^7cX2Q=vK3%H~bmG*MrA)k6rgNEfY8GDEaq{Y)gEV z7I&qAs^1K+WW&3-nka#^yryntX;1v~6}fMjM^ozyE1US}h_NY`_V`n8(TN>__%>s8 zgC6BBZNmSGcU1lUwlm}M67sl+F>e9mY^pHsD`c2wdz)FxX~_60LX7A8X<$g_`e#o~ zID=cycWB+5D1wa_`U%~gFoQ`K`Ww+&$aEL_sjhCd^(csMjl+7_Zr4!Y`gS)hP`J%J zcfV~)*KPl(yHUE9rMO0XFv9xDJO2isUk0T;`0Vg0+FcYB5I z_$8a+*Cd_JBa`g{);^+(5pH(G{USryuVcY+$v}Sc_e@rcGRUH@;~6t1WtfX4PrF&) z~x4_Y&Jww80& zcl9vg!ZNMG$wDNnH%bDPM`w#BoP-Q*lx>+{DwJNv{Bb%%hT%L9I zGM7cw4{i)^r924l!96<6_a1|DDtNz#fj6W`Wyt>{_sJ=1>uw?Snb`3otw+XZygpuk zaPsS7Eo2tBVw>qTj6B7TJwHWe&kIiQ_a-mXboKhI1z&XpJ@rQ5kvtWHv zjfQ1ji7BHSMV_K@eFh=lZoV-3sLn^6%RFw0*Ew?ds4hp?a`~t(Mx47m=GO+)5&9he zd)2Hc)pi>X!PE5|@*onybBH_T>ngAYmnchH+D!3q4rw*)_XrhFDz-|artkrU-2NoI zzen6a-dn~S1dGnk3w~c+k+?2Y4BUP6i&NbFY~31xlPP-pwC7c;Jd%oV%_HU}8Gkaz zgEh(NTMn^)ezvDSOWzqPDoxf|=osd|%~RZ`q(AcnEManfyD1I$J*4^voTfSjHU+~v zDvL=szgo|X26@C5-#=yFx#bnbtWvBxW** zq=oy!K|g?W_k)hh8ELzFC-FA)57DZO{>D~@6+MFL*oDLqhWMwLUK!S{9<;ddRuEQU zQZI%2B7mW9C0cEETW#0Tu>$_+-&J$yqS-$4#epK08CRb(MZmkX7Gccq$xp|Cepc+( zMSbwfyhA>`q3n07gmXBxU$L!z%r++F9rngi@gB?(c%b!if48}o9Jiht2v_2aQ z%J^NY``xBR)T{pNfS=F#6@J%nRl|fYTMw&mISr|8fqrJY(oejELfMlht~Wlo$AyyA zh9|KdPqVCUYxi{)=Rq|nDh3YhkUg;mz1k4EbD^_wPz>2!86}l6#4clRxh^|O zjv?ZROf%xJayw+-MFlub*C-RTzVf);{P9S6FL)XmquI@k6oEyikIi5+h?(QVVDwLB z>eoS!5O=X2MC_HmXg0FvZd;TJW5C04vpkz~96vC}IIMEV;< zcAeKYf#lZ$TA9xYb+3`2TN~|>(I)-~)J*Y0B^~{SnQ_QP2I=}FP%uqd?s*o{9&8tLS*hX;SncO3U z-1&S<5XxYY_C7eV$G)ok%T-NUkp7LkxUtEtmYrH0G>~!nt`3U4)#vl9oAXcUfsiw= zf|@=YQDWLrR8YoaCSS_d`{a^Vu*PcVd4LnDUoJEd&8@}l2}v0*EP>X*-OVPE;(K9Q zEJOd;Uq`MYTbG}$fJ+!#S8BNZb_k93!iFkhX#@)o6H_;u>o<>QTzNh1@CpCX_tsGq zZocaY5@0O#W1YC(2l7KpZ>08BnD%v!>~4F_t`_oN&1*tcf=>v}6#DNm3AKaX=E%)t z%cD06YUb2>0hnh8`=} z1NZQKx|I=k#4(9@#I+FHA&p-lC+1^+?9-nu&WYX4)P2SAWV?3+2Xa0zk8VuuPON28 zff_4Rg2p6|f;_|TtFq+Yk`Hu&8`Ey;F%4|RCzG9iO@++22o&PBrG*w6f*4%><%z#@ zjiLs$?CygIun45!wxxvL=z}QA{v8fEWbd`I@XK=3hc@f{hc31agqh*Cr&lj+@VrX+ z75h0=@J82m{C5!-NGA}k8K{5*H1cMbR#yFu_{y#hX4JzIRHWPz$-Vr&jaKubGS_1_ zXcZT$7Oy2q!PnmBRbmm3waA)BrCl%eNf2k$ETdNiB@+)+jt(bV4L*aw9p%&qIf+j` zae>3~DK7WRli~B>OS==)R(vD18z)O)R)=PY*q>!I%iM+!+YUJK?i&h2*4&ayig6B~ zvIIht$duNcnblN^Y6?q19Au2nHa2cmM5is7x+0{~0Kp}j}?)&%nP$(IUPv(vuEniUWYFmTKPpjg@NqOXNY?S3L1vr(iq3s9TrIXTO<`S9r zXfGAnzc0{mDHxX{OG>OzfP%8*&L5UFDnOH9w4Z6iyWML$GZ+(d?kKK>IG`h|CUQ4; z0v;--xu*pFju{JH8b}?LoA+T{E@C;@U#Bm75SBkF7+8ji_TwxiZwTd9wluT%wp;Zv z_qVp?!k@N_uhGl;-gZyk;(pw|u(po$COCZN*K`Zw(2qvBRhk(+UP44qjp0`6Mb+6OZzs@yi52ecy z+ihjT5-aL$^!o?K>4v$~;jUM4LQr7B)|)2kiC7~vi{Q@l)?2a&%GW|Noe6I7^)Os5 zhk?WWRL3T%kh75saqjQT5sJ#z55?*+>;yr&uQ3%$`Us;Po`f-4OijAO`t;fj=fZ%E zMgkw$7&Qax*|o6SbG99}^}l!MaI{RVU&gsfrIpfF-|$YlrqAAmcF?~~4dA6J$Hdve z{}F+CAn`LxM-(xwY|tOCX6$Vr2**fs_ghq@N!S&j&s-}7 zVS}pIZnQmd=8~x4n8N`r*u?#*DXNNYaFjAoO)!@B($gK)$tf7?5e*&@xSE~45?ysB zi$WVCWj{}f*`^Oj7_nfj)S7@orohEk`b^Uzy}N%=p~`hsTbZ>@hJ}{maX*af3G_Fa ztBg#>q+vS-Ne&GmIkz#&Htxbi4*Spb^-j)Tdl|m2MdaBx(1Re0^j&BHxOuFv zwlM$4d;D$t*=O6YWBvmI+kl>Nhc8Qo!konG&;)=+!KW!VLsnPsg?rFqs^+G2J>em$ z`*5Vy8b9Z#d@Qg8_s(t^5SR9oPJ%@Z%5Hk^*s;EGOfV8<3vNFMh$@M)(;dAxeC5D? z`(d_so}p(=*)s#xe1Xdt;%!^QVbMgtr9FUt|C#}3jRt`DeV6=08W^(6nz4|p6hz&@ z*>>v4MSX9)P%f3204usJw*^(-sq(WSEOvgfc7UFOvB?HnR=W*$9&oG>v6F;b)soUu zxir8}sWT9tjBZuTVJZ+6B_-V)Z9a5CJ=!n?l3_44r=I(_y+Y2EYP@To-@ndCSSd+E zkIG^CKvXC&{zWCYmx%ky+j;}@Puq=#uw%flRYc`}n-f$_9 z)8&XjAgwyZefQx{lrn6JOZy8eA~~Co$uT^oDm5lFOWehO}XP?0w&1Cdwziwr3!1~GYK z?Zgx|taDPe;|ibd;UnmgqS&6klGe?&M!eNRv4qRmjDtW8)SxqWKhF`&9%!|p!h*c| z{y)!tdcQCtf}x7_nc@lJXOf>$A>>K;^PPDD%xsWHK4?{T{bq74^ye5l15r~Ya)mVe62rpW z2`9&aFE~Z&3FLk^6RciS{e@3qiXXWDwvA++-{G5*RS9zlyJ z1+2h}h4WCs4>1SslV@^GEjJEHa^ zO2^++bWws`>Z_HikoU!~@_$u0MH`KK4(dEMdu7GOInEeTWt*OgjLZZELoXfIp(*fsQPz8VkBqv8 z{o9ZICc1Uam%-ue{UKhWF2J&S0^r&_lgrG%EUFl5>#;la zrd-FT9pK#tYG+SZGu!1PsR*U+6S1!%Si9X~CxcZUgfaPj;3Q~)3_VNLo!!R%_&0X8 zozz8BbgCIX{iD(^mVoF$;fQdGTnxxz1QeP6_8tm8TXL0EhvAs~#LEv-_h2*OGxy{S zK0qT*m!p9Y)Q^lO=*U1dm&~TOwb_bF4}JjX6paJ+oA?HFhkL_#%$4(49NG(3gr_GD zeQQft3{kZ32^p_^eY9PhvyIy-yITp&@?Y#XVW_EXS3N(p+U4Qj5;#ALI%fTvB)=^m zXlP4=V!4L6Zm9_ttOiL(AI$s(2P)9Z3%fZb0PX|Kus-K>4&9eN7bK{Wnhrx*&Ga!> z-#8RLH-ItemO4xQB2z+Hsna2Q{fn(l>4VmIe-D|d%+)zurLPbQ&-%Q70FNm(f{*>o z2~J^_PV098z8Nu7-`XMo2=!b5<{qxV(m>m>n3&l$B9P*!lpTh@n{;Cc=V5ryhoM&Y z_jN(Z?AaNTjR-E=MOf%OV+%FYf9=1hl_v4u1X-R+1f`v~!_ryT!$Z-;#{E z_^0X)avMwQcPIa&|A=Asi3gggiX1$9Lzk|9?f7E$Prk(`NeSLB(>R*cl3h#sg|nO^ zfSnyXZpd)M;x~Chjh*Fj^ije9jn2-`yB?2xB0HE*9^N`hnvx!XEz47l9dWpG^4x?Xu*$AcGubjo6A=0Ma>c|a)Ed?$v!*^26#p1?~ zlR%fMzJgj#V$~29^=K7+u=;ej64RmInW4fRWPWVyN7DDtO4JJx($i$BGX$U6xnS{& zG}4!SXzx+$hCp7|icUF5*BTZhj& z-1LOpCJG~AJ$}v}985tcn&{g!P8Ok7A<~NB|D+`>+=-u^_e^@j{ga} z!oEzoQ-6A1P3Vvv_IK|4d;zaYB_+t@r4I|zj#HsXc3TppKYWoUmR!Y3O_GV&z5yOJ zj@Mq8*b;t&*TGVuAd0-3*$J4jmNj$JCPere2Q)eQ26nIY)dq#oAEdD~G?sw1hH)~? zKfD)Ei|RtrmW>e)KLU$U$D%pKKh|-zM35lVgEX~zwlO)He`6tl3Pq{jgO7N0#Ti{8 z|El|Rw2hCQl1ts~PT4A$p+E{z-}!f{yTWs(pYR(ygcg&+Kv-mRe@Y2fs=do7lcXx$ zk*Q~ylZOGPOU@++YT(@mN;7+Yz`r`V!shnQ#ZQDwU60=#C}eHvuE@(YvU-I@jZbdJ zQNgT`@a|i{ZaPp&`ncWR?40<)T<4Tv#2EsPS^8|-LbUtKhNQY=DOZ|TCtV~vjfy}x z-hX=%GB%9=$Q8LVSEz7*3yp`^1g@dHBb0QKztVZ%ktg0NZgeO}b@iC70nj^G@ z>-`aYl=W`j=%Q%lBk=+o+Y2#7S-dbEaX#MJ0`4goVBjHy?cv=2CNqZ|jdXmX(@LsB6a<+u7L=?u zF~4aqU^r$r<&3Nmn6Nuc_6hj8Y#GmD_-7}x*S5+B{^W~nsV}=eUZ}Wqd{FiwMTfpC zoYGu=G*Lt{%r+dR$PgUHn~%|S2htjZEbO|flOWJA3nj9UiPrKnfmieHV=NZb3Ypm& z_|9v8IHf$`XE}_6b}dV_lNi2m_5K%+YVAalb==stX!EQdhi-j$HH!T)xD>G>ZbxSm zyyrVOM$b8GD>~n!$BooD8(5P&_(p+BuryaBA9DQ7#3zKBa)dcc^v)P7z-pN0)!&-* zS|fc>Xtw2`0Jz?|BkBO0jQ?;Oy|2px7mq!wg85|@%x4jD-$EnAUv^NbzXC~dbjOjp z06IW8WP{Ql>w7hbFZSax8<2h=_*crQmH01o8r{mcJ)udLPx^U5zgRz#t(-O-^v(~? z=off^gDx=$-DF=oLR5mfPfQ?Y!ppCQ3ERwBUYN?F#@f@#UgIQHtJZJPMSF}AIpw6# z;*j&^Ri8iAQa-=ck;=1T5cpea*8X0*S6w}L1%(`okmd862w*eTd6cgrmFrUjA&zy` zDu7A@Z;(IapCS3ACo?5>#9Id|g$n1ZuAH6B22b|C4OB_#r9JTfeYqvZWBmXsY{-M7 zo)CZkYr*0hr#4vlHg!Yy5Y*puqTnl1ZU*0?UFx761T@k>D6o=xwS)>Z7=1L+O zr2|<|g(&Lw$yYe=Q=)HXoj@re0l&a8`J|cFOQ6u@FUk%Pxl^P~l5`+Apa_bs%0QI<^CygsAzp?kw4DSZ+_z2VCy#}{yt#WgsiFsKp1 zg#Al#%}m+O%WK=|DNO*AIDftHen~ zReYm8Bb%<*)WKqrL*J25if3M;kHbFEYF*C4NQ*47Mdk^tI~$tFDeQj5{2mS(rtpCK zoo%;@F|0~gsA(>2UETd<=6fxEO1I^eyBD6A!U!5>r`?epM^RWMz#8|{EK;C1~Bl0 zE<^bjJEwhTq?xS0^z(}7;pommqq)9Qo(?olUjyNXu^J~la~e<)A8&DTVq;j2v(pWJ zwFQ7aZz$LJZx%^CYdO^C>PW%3=HZjg<7n4;>6m!s%*c?jhUz?BJGn-`QRTel;oghz zQg<&gSq*`@tc0FQ%!%S&46~CbJ+P7qfq@U6n}?YzVbQ4s#wvWzWCO-kxE~?ci7OCU zxkQ%y5W&O@(|zmdy_>U1@^p&SA7tHAa9zEb*8Jv^@bb=~Q+2qqc$6)Sfk#SykN5aB zv2dyfx?tZ{l0(83KwM~u z%&PF~_W5CG)mM9AHD8vp;bZwWv5}#5_Y3S1CgV-q9wKA7CcUg=I? zhP~QDSnXSsJL`n7FYP#Sb6=-T(dTJh|0BoZL%nI6_niU>nm|-1x5Tak;^RQ()t*lI zsrh;cUJiRt1bhAfTLLThVBEr5Os7M5NV1IRqa>^I=Nu{ELP@s=W_u)qHFUH7pKB$H zt0PW#5xSwNNUeyM!C;x))3K(?X0Ydt?=p(XcGLbG;jwxFh)S3Z-ESdvM%-p2Kq=r2 zcWIDxW&iD^9P85Gzv8yPhA*(4IoR*)Tc%aa^rpBYWm7ryT|y_jcl?Xv5@^NYBPR3H zWjX+HW0mJKk8S0lpj;J1x*1vb@^)143d?K4@?D~dc4x85`H}A36YZTBX)|W?*s8C2 z?1J6xx`ij&E7)jtuoS$kCW`up_LtO@yDO9ag}^^6$dn^aC#9_4utT1=8Pvp>RX8b= zA$|xm9+#u0M#e)ms5}v98F>9$aOc_!B1P}tLI@rq+6p}O_gUn;fk$uHkk%6|C+cQ4*gDq(oyRQuwf z1}kWeorT^4AhC;nH~Fkj@_@Lfl7Ty3Jt?a(ua#U(oMcAgFI?`S3dRV^{SNpQXUIc#adAeKIm2B zOC|f|U&PDf{WVu78l7OTOrC3RYA#pO{JR!PXcT-CfF~gbAdeio#Vyiu4>!z#D`oy3 zaT=ge$<0JklCLZMD?<=qE3M*#n7$ zE9CU>SsdZC#e;yvJ;XHh0}F5V=*iE}a7a|>j+MA@e0y>((mCIaf8%jSoCIXe5OYvs ztZv1yu^$}7^Acjn&g&AqdSfTOm`JjaQY#R8$1*Ey9WiqhVlfcYZpG5E{^4_GVlj|@ zjMHJboNH3nh(Kz-ltURsfT6NvGxnT@7^zEfX{?B0e$eC0BLFePW<85B zWbhDc;F<{n;5V$fi??Z;;pPa$2sf=!i?^woap&~J?l-KNi;pooaOZxnng~pW)mk*i zg9CNfLO-Mu8jhZ1VN0Du)C?w=@#>A9AWED=){M%F@aoN;Y=-hctOb&;Iy48(*I}(8 zSW^N!H?1j)t+0?}9i?(0x~JlJ*gMkaEX8slg;(NuIA2XUikJgicHpB4?M)x>LR+BL zqAx9Z*CtLxvDVBT}i+L@@TMUI%CnyP&ebyI0z`+5a!5*<_F`@*!AR3*nor2A7?TV_

zCBF)VJUB#pmKon#_n+9a0lL2j~bSj9H>hu6mY&$^`j6tx1Q zd)ee$as=<`RDplAB3yg}+U$i8*(6ka<=5aV{?9>2j75mD62YS;*_V%pOHTQbd^~EB zC&9`yyK}wGCeO7FnRgDU!R&i$&>255Azxq}c}7(zZ;_*AwB+aQOa4VG`7X1A-bM)5 z%Qa-59Rqu!lWn%6@F2hDhlEe@QDC$7=>h!3GU$>ZZjY7O#|QRlWfY`k@^p)~$quO$ z=Tvr-9?&_b!U4=~z$yTGMDqWuPez{4JSJY-(yR)hfn4Cbt*bWY+6BLF7 z9Z^O*k>{fNYMt_G=Dx>*G+g-nU_<0G$NYWmKJEY({afh8^UTw}XFHJG3wGe0cX>{y zg*U|QWI1!sr4Je2(SAmi;HK6+x~U0r&xo0xS0!;6#0dnP`!~ZX2>yH}^GuHqXxP@5 zUaFQSW@v87QxPxo! zW&CbM> z#eH3pEjuHUzt$-Y#QUy}5ZseTV1K71SR%dRf_1fx*OeHni}#7>uu!8~x0S$#JBobc zSmuFfni09!@(X`&F-Bqt|H7|;!SIB2hlRj%80gF?zlx(|li$P`UGi36XBH^`Zl`p6 zolUyCUh;ekNKqHQO5|V|j*7#?EC=_IxI?#jcNBiUXd(^NDy{d@npHIJkRlM}w#^h55gGM9n+SbEW9rPEP*r%P2;jY;nLu5j!Q( zDFo-f&?N&aBhLV&If&SE16&-2r_wbUk=!_MHYf%>QCBRL;n2grb#Y%W&a3(_H{uK%>9@bhK7o}#)uAxf)R`~8iUo3f@3{*MljfLK!j3aWP=TCI!-PW?XdDosn<%Y&lDU^z zX72V@p7FN8mzR+%mia39(lMvUS|?XI219(rK9sv1IPN{hX-Po@Z~a*zwKke51FHf^ zLJt!pMtp#FwTiU>~Aqq?Tcg4nz-pSqk2Ze1I{@2D&t^^ns zoTHeu&V9}|1?PM-I{K!xWgr0V>DL~xwNao+SA8z{MdP{OZH#``Hvfx`9PVswE%b{= z3Qre|(gOQHxF;TDS0rYF>5%@jD34C5Dqq!nQh5Jq(yYC2lcyHTg3VS~D@xN0y!Wq! z2a5_4T=IrHm`h%wKi++9{qdatFZ0K1lE&H48}B1JO(^;_6S;!hn@l#BKz5l_;jT60$sPtp`;UNw%ybB9zF5rDp-qb*Q3CPFt*L|Sh- z@+r>wCy09u{&aybe?KuQ)i$P_j$A~dJ*qNwUL{(4C$08S#G(}niSnP>*4cS*uL}&} z0s(#Ryap}WRWhGZoE1rmfua{j{m;$Bqm9jS4rvhQOw4gaef6A$70Y`Q(DCQywf7HK z@SxJMO}EQ|a!c(_W{TsQ^N~Z^2f~Mos|3=&{36?sW?d^@qqAkwKE`i1U%(w;z2!cl zLu6oX@`zBsA4?;``ccz?VD>a))(d+=-|rGyRMOv+6y+E-4zhnQ zqdr@uWzpHvJfDHX)x4e~7pYdo|GONd69zDn!`zYa`uAOu9g;d|*}b|e)ey*i|f{2HlR z8>0^MbtU-2GX_S>q~?^T&T}CiW7Gq=^x9;N%iKqqv{oVo&f@(akyQM!g=0p`g^t3N zsKQ!wzbKo(2_a_z5`PWzCRDB5{rKby0{H|+B_zE`iG^|SPD;&Y{~*sGucPLGqsODI z_dWR4A*X!JJcqQ>LcXzH4IcMxE{R&CI!_8E4-;S%Q%cqYM1+{y!Yg86AvgadbR0f zAJ0EmwH?pR?heN@Gk!dO+lS*hBW^q&a>tKnCL7NgapRfQc07x<5zI^&&#Z*;ROf2r zS$+qM)RnKqkLP-PH2jtL@q8N}^?v1d#Kg0hx929#t?fw{MEu=g&49oXz|Zjz-4E^Ug4A!^vG^-w5W7iONtPA#cT>R{0-eq z0Cv5cmA`Dx9a@xO3jBM?A}z`=?SCw|FpFFaUoFtn)3E5mE(~$QEz;6%D-Y_&!xB|& z9?%uNy`~{NVee~b-te9l@7O(CJGOPn{tXO@uja->@%M!c3N5&CJ`^X;u6^?>7qaF* z#bCxT928AE(mi^Wyom!IJre|T7mGq-566WdxfGDevL{c=n^-{S#(7wy6xx|&U?I;h zq7gugZ%1JA?8wEyDQ3}lr>3Lxt5aImkxC;slej|Cn={DWku~FQsK!1f5{h+dPT`A<;c03U|U1fgdfq=TX&q*?lrqmP>pR zj6Y^wx6t_4t5)NE(ea;aL0!ObGLoE2PFyx%ZVQ`W>jSEaB9QX5sZIQD8Nih6+X!R; z7dz*EFb1yso^yfv@B$6gHvK1f3(gJi)e92g_1v2Hy}3E4qr((Jhk*;Us91kDQB*9x z>w+v@g`wNVuq=omYa_mIb4bB(_Y1X|#W?pR%Q6ifo6zWI4CqL}=0pZG$6GXHFEXG5 zFl<7=`g7+Cka@@me^Ahpz~3W24x@1;J!fwd_G)Q%UVaU>!FVBsLi%X&_he6oApItk z{@Xx@D=Lg#VtnapTjBg1_kD}gM3CQ6TV3P9c)5Qf0j%7-XW#fql$AUj4 zdB4jPQ?JdlZ04LY;J$o!4h>l+eaJi$@+&HhAHaJ1zaVHBfRS^@=$0_-+jU9_vtj#`J8;}J@C(%4jsV4LPrW!^JyTR!E@2XNh!uS{m9bUj^j4UNxo1G^)F>Eo#X2W$6>7=cT ze_e)YEtT*YRmH)_$U+7R(s2}tO$@&ar{=i3^W}TV=PDJE`$uIP+<+{6Jjr`3Ql#e$X`ONq77%}8b zx-DT0+_Wr*x>u0L<~R!X^4>0H%*393TxK~d2ISYYiPt#lwht@ZA8LZb38w^mk@vLf z-YUv(u`G#=?!R?NvZ1%1|4Ap=ZRj=cbCa^OLz)d@*t36PH2Z)k-*18P2sQ7s(KjHR z!JC`J!tr^$k0d!Hg#HWJ%bdm%O)%`KJwOgRQ8+w}#x+H+?V?5gGg&^;aBa0*U{F3d z%RZCE40KQ?1BZqf{6b+dY}4H_;#>KQq&WKqiaQV*PqFkJ+jUaoctz);D!3~^(;<0k z#{cHy%>T{DSw!Q=g7tq;fpQAheT_J3QXXa@H}tLn)VdJEs>#!Gki-W%A4vgOy~4=w zmCg)c-6`cpjBB~YHgxzZ7UM0)pnWAuo(z~Lmvl7TvYPD;xCbC=U=2=rW(My!ooRz2 zznnf7iX0;E%(C|gMLsx)x?#O}~17Uz`hlz$~%iAd)tBTzO!aNIetQXFys zuLrh>K?Me;S>z5d9fwKe_BjV0bntI}26qJlJO`xv-+Y|;zxkLYddMS7Y&oyHgw&IL^ z@(#|}n$sKh!= z*gQVRUcu+MYWbXL^+0Z~M#?)839m7~F=CXeDECmFSh}bBzqB6!aiYmVocb4J@wne9 zKVQIUM|mi1lYs$6E|SX_U8S6@u+KEbXzN3_=NVjq>^*Jv50{*sO%*LC&xkT4u#SK; zI}6VT<4NqO+Zl=7?~<2hTToa6fUaU6t<}wZFVZ4F7B_ksCwqk`%Zaf_2YZWdMwW4T zKNw7mi~}nYTvjBGsmahjPlRpCrL@asfMe$54tb0)1nJ2MCaN-WE-klbA2(v@X&P=b|Ix46M+^N^Lwzvdp=S4axf~ zXKQw1&RyPjSPwmhH(Tfiljp!>{4@u)^?wn2od`8cxf&0(7?{bRrW8MK&xs1(ZSwoD zQ{5=Mixc2wIewPRiHA3(O^V)A%oqPw5ZOy{#(Q zrFsh3>}62m_Q=rq?|-{B;rlK6_g~$bryYnSWLJ!jpO~1ll)`k0(t&W_k?0e!9Ca7& zr4Fgep;nRUDWFE*>I;!+`v z)`#i5=xk=e7mfpS;W^UL2bqo@xZYC@ zqEtI`H|ppc@S<%z`BWfRqb&Sm6&>m4;s$O%qnqyjn*OE`^B=y2{NoG_CcjGjBj0sA zh-u?NOiP9$X$o_|M@WXiB5VXA(^8m-SciC)B z%1tMYOJbY6?_)fRDy(PvO=_F>?xIzyxBsRX=v;X1VAOu?9+qXmsG@~=nkL}+Se)q- zXpAevc*w3M5W2&A$)mHuoA?ZvExk<%zK>99%5Kwvq3L#ArxRCZLR44v`K?3 z10N?b1!voHir>+1I;0OVH-luiGz#c&B@kwO;*vs6MB4W#&2`9L!NLbmt3WfsqTWdW z^2`b!CNXG*9p#4sS!6%B=TFIGFCiTY&%eA`Wm-|xhSsuJt@b)YG1D|I5Cg6XjH5d> zOku2jFOa^`QxWOL4=^}cjNQxV9lEd0gtA{m(qi^1mHZZ?w<*>Ao3|;;-QaB+duYO7Ud>^22m+mz~Ty3gzVYc_-HY0?Zw(}CM$8+j?QV{qV|zoO{8VO zKcWT6N0ITAf69*Gnyx~Z$r`+NA5zAkt)eTN-vSQ|9C3NPy;^c*Z%P74ibWvU(kc4R z|91*M@vS>us4^NN$!PzrhWIThIJCdvAUEJ}cIMXyy-l40=?;On?H9aFNjBaFPtIp* zXq>~DsTeh~6Ysk=Rgd&IdLaLZft3&RV46N|7og~k&3aY2W)*H!ox??>Nnm-M+y z`ilHa+wdDU$^NS-fwZyZW{$z>JIsO=iGjta5&&2u`SJM>j*MH?@BDF9w(~iIL*3($ zS{;G=If36Yi*rh+@Z2)NZ^mx@+MP-q#1Chn^QL?^OqGLlvsXk8Ps&EhKPjbnpNfV}GVv|9S&v zp{XRL=V6Sc`bCPt@K$PDpvvyVQ}Zn;n4%E}NJK%8G~mjW=(6TL!&-ClW5YOmzOk$| zD{Bo?QDAEqQ)^_o>l*;yO$>~i;(QSVE*`(0hn>C$tE=b zrOsGNDey`~uG%F~*f9r?$}-Bq(#bwD+J*X3-jA-V{FcdF$Ju)WJR(8aLGicEGhh!>0HUNBPA^Y@2{p@1=EdmKaTfrWA{mPFY^A4 z?A}E84&MJHyEoJQB;LP@-6zw%o%b(+`;tPC=k7&~iF5?}4g3D(c6iyGVV5k-v9-lW!%l5iENn^$_N@#vfenkSl zOBFVLOL`i=r3Ww7+VZOTofWp!3Oib>Jeow=t9=JOhm^7;GE2P@rAJ%9RE%vXT~QkK zE^9Klufv^ZDk`V=Ef!x5zI9&&w;O>c=YFePFuL3T6vPqLIF0+Oj50mjl&#zGI%2`0}Y1j6Frk>y!BSnW1BQelkoNkP56pb#al|e8% ziT9nx_+ed8TE>CB(Ws-QlRzCAMa#*AiVQ6$5GpdXbPy^sw48*fXok5*6S2`#JhS4E z`s(P{*LcQ9zrKcAU|&zC7R*{}*g`U0UrjBfXo~<^Kx<9Yx6>@ErJV1dnJcP6-- z#`|wzcV-+v-tT00$#8cq?;nGnO4y2j1Q)kzDDXfwyqJd`Aw=C z1MEh2rvc_-cN$<M%q2|!PX{fpRT8#%^NQQ8`>HHSDdXgbsq!;2;qyWfZ>JeCdc&Ljf zo(w}d9YbTdIU8D477_^fJr;|;^xuFl$H0Fq@0&6SE}4~|WY3Iz3~-%%S%b4T!u1EF zDF3hn_lQ=e>{1M9@C3U*@CS|dVp!&9HU0m~`gHBNMw>367VYb%IwQAiGim@SSCSIj zJWGeke@$Lo+Zqi35R~q$;AMKjo37~)cjqfjNPK|Qe%$Ld?ysffc%mw^YAU124? z5p{txGi=gsm-Mv@4Q@~Dpy*X6)63erYf1Q<4u4$PuWW zB99Pn6%_vZMXg;kl#TR+Cm+11$xOdY&C|TZG*A`H#><}Q15S_sN}9J8ttXG@HNFMk z0}b`(lP%%00szXhNtBmub7wN(lgOwWD7TcHuPWDI7Dyn{?p&zkd!zz^&h}>qK==PN zHA>+k?dpr5R^oMzIInzjId|wJu ztlq$@K8EQEksb&Z;Bu~~=SE!Gli<=D9_lgiTgGyy>Wa5;_;h3n&iQ8`Y?QR#=$X7@ zCgRq~oMt9I_n|CoEts))NUi8?TEUm6;G@8@4Z?P&3~EN#9uR($uTM6Nt+EwuFc8bu zpu7uc6|TJy;|sR{6$HlnuruJ=AV^1Gmhx5fxa}&am2=m^=3fY?Yxk+{MfSkrTA}1@ z>f(uhRp8f$?7qX$mpyjh_nuqq{FcKL0{xzb-$wYIC6u-ze> z?l1;*Z*@t#Bi*C$@LO(#lDi!$jQQ}z4N&%d7ysh^Mc6GVyL#lQSX>f3#MV9bo=ssDpbR>+5 zpNu%U&td!vFg;cg&RBsfFjqyHN^b%-^U=8zpb5{taKAJMs&{c%(&8%o!6kj@`P4OJ zzmxljLL$D4A-VZ2At-6e04VuLKR`xoAF=OQ6B@N^Z=qP12_sEiJ()_GDZzhMAJ3B3 zRQE4Xez$9vCxTHG28kbRZ7ekAV)7)Nwfe5@R zETeu&(UgU3B~eyB7Bxbu#1tNHPh$%z3tv&}jqnYFX^hj41m6P-Lugq&+3fiS#h2RfKg7+k4Tr!afX8BE9gxOsy(N1)c@$Wnfws zyg|#e@L#ky*V(0S1@BqQ!aiaku!*Ix+Q5v4!jqt{Kt?Yud9RMyMRRlU>-6eKk zBNNwwPKYw~-^rlNuK@}c=@Ums;2u87133bd96x9e%mpfTI(6}6JJRCyRg8@7wflbJ z{k=HCd7YH~8b`|bax@zRa)zIgv5se>w;8At8W5_%$kRX?VI5NDcRexyzW3jUBKS_a zOX63*O)38nQi;-k#X5C+mfiO)GdZS2i}r!ez4wB#S!nt@|E(;I3@w#hKK_ zjsc<+_27s>sq52* zriH!2pxYPe3lSc>e<2(=4T9UPHu>#Ml+_HUcYu4S9N0tCKlsU;fn88P5v08~=>%NZ z^20J=P~#!Qp-76Y@a;W@wrCUw8}FZm3Ke61BPB$e$NkRX;|Fd1S%3*>B9r~Vw5ISt z<^3R7}%-s!r@(Bc>h@$=o`xoqpH*!#u2JwkWx(`7QavyI7a-9{s-){}0)J zU_W8}A+KkQwDb;M6eCJ!b&BbHoq?kBCJr`)?6i)fg|&~PRWX3&W!0iItsyYJc629n zZE46pV%jyj5BgmTmTGtA=-zz!Cepv%{fX27dqQLc%@4n2F$Z$CUVh={0EYWuU{Y;K zbL!$_k!pwcOxoh1u(WNtFpYZy;&Ua2fS|%1s}QH z1hPLxE;Gr;x92i-<7%&zDn1D5X$Y9DArF_ZaVPJ<+`SSG^ z3aAF3-{R@A~{htVFG3Xfah@zZ9a1~n4`rV{uQun6p2 zqxkZFo2d>*lIRU4DT~cf`$F_1!Y^RAErbgLY_YRm&mOGa_5%D_%gBSgKFd|#h z;vU)(fM;tiz-SulVb-OYr(N=hY;68`zh;&A8OkYI80P)uw3#9_PDj9{5=3p`fgv^Z z95>Qb;JJz5aR$Z`JYwMiU;#X^3Y*BB0P6E$I$jr771xz6)RXhILdt9Chj`~K%V->L z#BNNMqP&2g$?j|mLTO`Ax*x)kx*uV?Itts|4#q16pW|HcaXNfM8GJw!E8=0)im|4I8v(f*&a{iIm` zwf3{9|9x2dcVYW?VEg0G-Ts7V`^f$20DKO$n{)s$5vvA3eCwuY>&)`sot=ZN7xvK* zHlQP{k3@!ebp0KCxZ#}em>E3o{vE(#)?o2aA|H9?X&qIa+|M@o?oX8NNesk11o83S z&HB!R<1`1yX%<3wyAC0KisxhP;k&$J_;8^7UsD46retz)jDn${=eKsRY;8tEC1or5 zs|JDMHv>t3%*e$l0Mal`vdF^@EDgOvPSSX5nqEGShT1QQgIN}1nCpI zwAYTOuh8m1D7qF!gzbjYr2qkEAiLO=Wl3yv+rf^`zfH7Hl@8$Ugh8brAf5KL##-+& zp7Jm^sP(^@UGppc^3+qk9l>yxt8fp$rT}WYDqwoa8OVmxBly5|RV6Kr3;PDHL(nV5 zz*No=1pp+`;G(~Zqn1_Q|0kf-p4%}N%50(Z^b(lA#nWLcRJ|=1xy{~|VIGH_-?~Q# zhK=_56%X}*!3c)C+V89$ZNIbPHoJ7pKBUsl?SnFv@L;q}+I{M9Ny{*Sx7YoXv&r_b zO`iEJ@f?u_`3JqtmV{@Xo4m{FRL^y|qkE=cBqGm5yHxL(Upv4bnJR3*zSq_RF8<9R z^ztGMR0tqsT!=@JN9{v`_W3~#p6-HLZNqISczp1k2LY;jVMy&iIg$HFI?#B47+a9` zvudybxU95i?GpmdY}MO5K%g+`c7E&!!0p(52kpGAnyKsT&;?u80m}iKTFWY zkf1m}h%=35j}-r9uow(qIOG6VZ61Uwv(n%sAPx?4TD=?9VNW{d0JmmdesnN%+Mi<& zJGg2GSL@&^0Q-v_b3PCQrl1I@=$P}N$OWBu2H^^LLS#s6b>f_lMQ)!Xke(ry220*J zt2(4k5i{e7y?f@Jo5TMd{$BVMga2~wfgrDkDkytnji(DtWD{CufiTb8gN)55qiV+R zpVQvQCcSS*`-{)X;z+=-xw9$Ua&@?F8kwdnw~0mQ1iPI=Me<{-fp*w^s*|@LB`?)j z5S&RddeSIlbDnHH>dlGBrNAR!mCvHZRNT|7Zo@z~%3EZ*$5H+|H2+#Y8l)&Zh&T8u zJh!nc(Ys=a!82V91=*;r$S}CgE-4(jB(8M_8wdmR6g(MD5$iQ=9`1sTzvY`gS&6%nIL(92(SGZEc zlym$)4iFa?&?bBX%kT(tccZ%>u0#(yKYoF zjA+msal|6a!)HrJ%2!)lERfW&b(rrdK9KvzECxRYa{mIJJGp}{Hf_$rgUi-GLa4CQM;FMu`q@9*-_HZ9*1B*FRhPB1@~TpL%&8 zz~GH<=-%faIRgs|MDK&e26wVUPOc&kh+<~e;%TS?=>W!mVlL7nS3@|zADVSH8Qdd9 zd1iwsn^!%IqmZUr-z>;u!RM01(6|h??YNpsnvFX!v#jxct$(r<;9{rYlX51v{9Qn( z#I(1S3x5*}zW^%sMWnmvZOvNP8P?XocbMhMxH{;qSopsCLZ@urw>pnS5&VK8(R_17 zUR)p}X*?|6S)v1E_qk(3rh?9$fEdA}NyTHUYz0O`3E4v%*})hpX{Xcbp3IE#C!*LV zuPdPyaFF+nqIDwm;=^d0GVDP#IZwHW|tpW zGDBMLq)-=?qU0|ocOn0jBrU_d{5U&KJLnz*Gd$Zdf%oGGe{NogAK zA`qC8q{YP(w)N5>+bPdo036T7qFUiB ztmn&*kxqQlJainP)W2=*^J_)!prf#2;cu?OdKW*oKGM(OJ)O0%C$6_0nx$B!L)xSJ zbEY^7KcIy-Ri=eUMv<`a{xm{ccu$a5#rPRcY3@8H7j|*KA?gLDZNi~5rK5Q{zPx8P z3|$VuMw7smhv|SR8Tv58DUY8GTmU=kz9C&Zk1QoSygiXi6XYRnZqVIa&W(OF7(Rls z^qm7m?;$@p)IGSCNNa&P#gB%kTnEcZeu70yJ?Oz`=HcPf$l%d`2XQ?5JNIp(OffZ_ z(rsw--OP^CUC3lCyp+-e=wUf0wF}ER+FSGw2|Y9}wMp)5mbb;q4I6CGD>)iYez--A z^bmITiiI8ZY^Cw0L{ncGVs0VQO{@xeeL<4m6V>|TCCHq3mg2~{q$<~t@9w{htS`SO zd%H<99NY&mQ8)t+rnNy{{6^UYA0{H z*cHk(In{kAazwRWIROcp_0RRL%F3(Oqxm{zO>u-K z5M>m0(mwPg#=p>u?dYf&QQ&*x(xA7s_jdx9x@{OmV&Voc zdLhUGXyh-O-(9J@jc1Y%&$oGbhIjhv{zDFCRqycrR3Zk-eFR-p^32-SB>YYVxQ`M;D> zythEnwvPuJc4(ufS_dH%fquI+`CpX#()R;WVk97N74++xOkul~2zZlf{pn)OU)L!= zWTC_6pD7jg&Wvtk=7^MSY%*G70OMuO@naKLajJC-e78M{EfvXF-2@9YNaQ%sdH5Z$ z-gaCGH~2^P8n9eQ#AAn)z?>!VEB$0@(KOhz!iI)!c=BQAx6}zG&7BtZ(aUcdY!A%Y zC3sH{UVN*QfAQF&o3OA^D_l>7`^Fc(D;r9m8N7G|ls>-bVkqQHs}(Aan&8ToUMrN; z^L9%$d~t@rNn$``@hd+-QHJ~6iRT=vFt53jd!P3gV=0=KXSI3p^i!(P8C7NGqRlRj$; zz51*f*w-|1ysr~=0DY*S*+w>N_un2rYyaPvv+K_}XORn_`-hhy-JT4~m>UjPngbZc zsZvr*u{jKtp|Xk64kL41R)T47yOwS0gqse=lxdEi=IW#lruo9!_-TH07@KB&X4fbE z-pt-MEb2Kw&O)o|b_|POhUX7PcXEhg)uGJ>NK#obNZd=?LGk=Y@ld2gz0N@P?)<}= zhpF4C0TJ(A8U^F4p$v?J4*8~R3(>*9ETsX=P^}e1X#i=@z%q0H?y>gQUnmQanI^h>(U{bS0l!Tv5+5hs03#& zl?*CiXB@kq{KwuI3ea`N_zm9XZoH3TU7`>7F_Tm7XGG1(H#UB&(`bS9(cSJl$Un9l zxC4QI4ETa0o-wY#185rxFAq-OxAZWM<+t>^aQw&~NuIyM{k4NQN8qMx4!%PZtM47s zm!3~t()*4fhefV60=!o%MZQ1m?iH;8)^FblPyz6`ut@M^n76~w_C$*{-jDW;j4zFJ z%CCuZXFBiv8k^r{Oy?g929I{#rmAPuL1k!Pomwr?F9^iI89g)`y0rALwgi`js4wsUs__e3ot!4L(>T=!Bix8Mv&A-WT%bec(dY zmp1<2S5hTj7W9cN(D?q5r}LN#wRPc=7hCXzYdZX8!eC@|n1)R@f3*Y`FETMn7vka_ zue-nQVJ~1+AHRTJFh-Vf+0rQrNS+hby8MnmsYCkIDc=Hsy0d4$!$usW%B8doeS}C3 zi^i9&MKBw`FMc2vT)@JNp!}f67a7N~a8wIo(M6)YFTQ~F{$q?TB2?M6w)SAkD`*3| zyfMq2=B+;>NbD8^dsKYFVQjC~Nyu;#t%SQXv*-?oxvC7+!zpt4HWq4gM-55}6mdUP zR-sGhp|Wc2GE_#ci-sfW+)&vkEE(YHI?ABeqy{B+*~Gbp{F;p%zdjh~;RvMrna@hK z;H|d^skKt2_n5^VNUz;kEChVDB`EZx>)g?dxv4>S%3NvnL28uAJVlqkiRzilMY;dr zH+A*QnoHx&=6K#7cLQm-9OmvGTIH+m5JC z`EGK{g%U+jVy+;S9wZ_rl#Ce#G|Uk&bwPWOE?8Ahs%kdp3@kB9`+$yKkmygyZ>bc# zO+{`VzUYyS9)fDfchK{_E8xyn9ihF*X^@@=KJ7PmEl^o+%P4m@D19C0P^%p3UQyi- zAAHCBU3mXfU$IIc(iLnBt$pl48PPeu2hp)Io&%w>FWl@3ONjCX{sC8L&5m z-!QeRb75u&It%Y^@btw=nJc7G4LC{44Okp5A`5Unve9virmbwyV1s)MfLT#Bm`cXL z%m6UEd2SZTE|3=k*Wo~>!K471fz0jsRP?rR9zJp&ZNeq(zNc<_1_)K9NG^=A4k=$^ z2&x(a#{yfQ2@y{y*-pjW!v%gT6@G<3m5iuz$(LiGZHNYjRZrE@6b-$`u?p8O4PS-S=APTGa}$10Rb zt*T0erMixT>Yii&y$|@a<-|TLWhWcZLm)4D4?f!+-vdJy+jvP|#Tbe44(dfBBLThm zbU<{(ZbrG*-Jd1q(mJsE81NA9XwWA|%e#iWu!Fxdhyi*4J$M6pReR#h<`X9ra z7~jJw-#RB+VwpFi*L;h^^d7TaK+kYG@Peqa*!)LJS|u-~oNo5EHu9pCeav{eV2a zTTce#yH(j=>lVx3q02E$$2y_oKCSK_<=2*GGl3mF*4|sz;s=gffbmcS}%YC@OJB3Vrsi?En&Zl7vO)h z@xLkfUorldhyP(vq{SE%=?bW4+dWv%ntIaL9qxzhV0pd9?c^Vhs;}Zh!Z_u{v+4L? zB0JTFQPU-(TPxym_>q3`RD*eyv*Bt-Id18v#ixbmOw{`k$$Y>(efa>Gj?VY4U`N>} z{!Ljy{U6aLa6hc5xw?cFzm~q(6%U80UponHe8&>n7k$qmp>?9&N9*_1XWRDsPYLZk z);F===bt@izvuUj_ItU7lsLbgiHaz^FHG5bQGgLPal&RU-1Y0YxBJfEV7R|lP%rWy z#eb0>fK|O>w(u@n0?^!j6w~%&itdc=nbBSW$Nt#Pc#eH%A5C;wtII2wnRWDUC#_w&BdWZFlM&^GB( z3M4Uz95XIv!ICisg+HInd(R}n+JY_-fxzI#{=Q@}P`**y=x`f)*(Oap?UH_T3^^mp zkLw3Gc=8^;a}+zk=|Mi~`a9kyBk|#mM9*<3cFzedNE*d|>5b<&d$hz#*h!l_?KJPZ zo5kd66Ygv}+M5@BdM^d2L*sKBI~h6wOwr)3s0U{UO-gv^0!)WD?KIY?WEq)9QoKF8 zk@s!Zy6(x-I!a>3Ke@;y@YKZnHl8J8c8>Qw+vYq5EvV=ViUa*H9o($hL{jH8RV>^m z^5YJm2cNgayvQs{)scLu)?1&%LVh`TTZK5J65S1k)H;TIYR3p|6((n4rRS7$NYEjz zVeTOb_J@@sw-5M$Ko5(k?sG^_kn4_GgGmIreV!vqGC~;ZANQfqSjoXURX^03qUeOV zaKd&JvI(1GOn8^C{4=pI&2B&|e7P}kcFU-22U835=FoeCfgZl!tL^lhj_7OJWttSfAN39F%MPg zl=AKA4vG=7`TvaJO{G)#h3`F#r27oX(KN%ty9QlTzn-@JCNu9}#w89!BsLHfEZNA$ z;L~@B=IWW6clL}Q3=q8y9pU&Jl*Hl0U4-M$8+05GSZ!TkM3`DeuQNRE?iMw&!ZD;- zGt-K~Xed{sbi!LS8v$Bzx3W^R27BNNisb|) zb4p%8Tc)#dizsrl3xi>u2w!srxyRiGB_mhGjhKJ`**3Gm`%l25$Xni`#yj(<&Ef3R;vFhPt-haA%3;j{8y{E%?|I+@d(#&+)i?$b}q1r%wmMq&u zx&KekYL;!+4~km0=~{z}qFRF?sx^52|B0$#H3A@&6~q60Mhf4x40HdoD@x29D#MJw znqs9ccDXHfxk|hAlJfmfT(T1HPE3z%aNq8bs-45ALPudOCa7Oc*^kR=+ax-66;>}T zaIqc;QqVSR^&ccUc5y*HjqvNx9OXB5FJR3*sWsOJnxl-yWg8NE6qyj8kFj=XftE}h zBbE#+V+o8aTr5eUOA0!I3bfn=EmylJ!=a+8nWA&0ENqcc=`DN$FjQ|T6z<-aAbHi7A+iG9a1GM!1=Y5?@n4* zLCK;wQ?ls!RqTt>wN&9#OK3h?S;z*(W@NdZe-WUD{x*bNICT} z)baH?3mcaeL@U?9VIB|!QU@(Qf-PctWv$+YPw$F3zdKr!eS3@R-RV=T96qq8s38 zG#z;3im{HJu{__6%gmy>J94od4SDA`;#wI$%-PN2m~$X%ymSh)bR+Jq}C_Z?jU@CSG)N&`fGo55$c49{|g*;)q z=>k3vsPy$uA(g&Jl#9ftG%Ed8|2QhmOz(1-nW=Y-!E<3GSG8tB5lK%@514fUy-JVt zKs!3Tc6V|Vj<@h@*3(8miGZ3)KxG3^nFv&0rz}K)Qmse3|`9qU1a^`HwX98aBM1>MPx!daFT59QZ{ z`|YPVf{tA)(oPfMa~8Hbd1os^XBVYbM`@_!*CaHNL<`KvDg}9b#zu~Xw5au@hMn&x z8}M0v4N6$+gMg|I>AcjSAWZ@)yxbD$DKw7H;5>Y|5=vsN!1eBqZ2ZrL?v>8}>Cmy6 zzrQm|+{qa7W4Qj^K>Dt)-a@y;7Hplhz^w6yGJkYFMMhZ-M8uhb<9%nqV~V6>JjEer zS&A8u{~Iu*uv{z>i%5|my=P4N!t+$*b7d z3Q>M8Q;XF+r;R!%-Dr#p~O*QCcknkroQ=_p05p4)H!sqcXtv;t(}LbNRI_Y`H||i^_HcwMdKw$C)C?Kpr@SH8d5uI>aW$z^X4#9Q#u2e`EO}f zBN-TvlOYoCGe$9FinFl6{e2Vy>Nr4PBmuHUwQ>Z6dvD}oc{L)RRPC*w?QP2P4AX4V zv(WvByMQ-;c+vt$(@nT4>qxAQHG@_wDUu z{cF5M<7eTjp9p|#Q?p5yygLt8ePP1-odD~%jIG}kwti8Er&=FOq4hiNdM%9FpXh!k zTfZu--&`axe5-8S*ij82!mQXPVWyfs}LpD)a9=Hn7(pKz}6eVu*3NdNvX=Ksm~o+IDvN0esZ_63fRi3J3fODVes zMV6Wr7-10$gD!qj1FCQR6)xTe0zxC1)?^9qQOf7BfJRwb#?VVCQ3X)CMMK)=ixG#x zn(K&rzrX=|@dDxxG-+&Ec0XXjQSKV~BeHFw`f(Yg6oX z8N7BT?WBk;lKz9@Ah8UI${Bn9k8K8m_y2-%pD++^hxXQ6iJ-iOx-{N@JFya|X3FCI zlu$q}&C%xNJkh&7k7D2S5ao50Tc>ax<{sd^95bX5OM^Ix;oq*%oEkpTtf}Q07N@)* z(>Vkrmu41J6{^V8)q0<>aB`G-u*$9)CIw8FJG>QHOs|$923)F0shcRLCu!K4Nw@Zi zk6yq+;Xva5mLGEJ4P#S~CZ(sz}$W;0{%I%Ga}hh4*3RTONS z0k^I%S*CKHloE;1lx$eI@tKhc=!8{g6FCHe!Q!>R-Q!M;S%=;4o zE_vO?uFTT)g$w8xlOO?p0Rx|Z3T^oEE4+gc0 zk*3C(^SAZamG;S!wq3#h9utVf{Wo!qL8GUqyb>qbTR+s>Wb|~=vrDu8ad)#A+&x8k zrM@OR>1%S~CzP*OE@6xZW*TvKa*ir#$9SC96TOdU%XBycuG2cp(VZif10zV;z=Z zmB8~H?Rn`w19U*5$0g6>D1934p=aREYMX!My7+Tj^vIOZ+J$2uzE@H-@L}CQGvnbr zEe-I4UEGCTBrq+7E} zz!W!zES?8-_VB)TOw!E&VU+wObNZ=94*6u9J(G(?#en$-tT$i{;ty}Djbt&VYhb(j zcqny;21H6Xlr?4n&3cD1=BnEXOnJjJU_pDeou3tWmg^qQxCP?PBXPWWGx6pYgT|ZR z4uD18hkBpX>b0T$4c5!+`8E>k6ASBpuRbfQPdl_n+83~X`V!3NWg1aChkuYmXY2kt zDKXdTp3}K;{y|l2_aXP2Jl%~Heltns>#af$pFi1S9zK70sg2jrGjFl%@KccQi#BDU zrmjDo%aQ?;x6se%fpkw?UGsj)PV^R<`j+M` zbLRp)A@bN@EN-2OI;g+~8uNd*ryIPnjRAf zI~#z?FnewxaBa5gZAs(HH^P^tN73S23=}>7A}%)bH7}B7`)mC!V8J%H$}#FOiE4qj zMesH<8#*PtXQVU3a7Uqi0Rd)0L1i+9zc=^6kA^`L0$wbEC+Z7>F)K&FTwI-Ph-9GU z?+cpkV$%y~)VFh2g>eCvPdbr*P>Vi+#uug( z&Y(OETdWRu(ccnl^*xbznaWF9PEO=$=hIps^xxZ!6glWg}@xW{2` z5PnMq#x_FtfOMmMq$$;dp;m1@IagpJhow>--WH2X+UNNMMDtYlvkopu#71im4FrPm zwWMMtyl)YnK>7slX_LnV__V}AW+;!7KFE9z1)^UF)Q>h{8=?R zqL(e{uA!M7Jv*c-WiII`8lhGr@4ueYMut+MNy~sbnX_?pFi3Ks=*MjXu)e38aiHoV zg9Lud)yXBt&X%;mxNOAG#f)ASGdG%NQ*ae#xL}|nP_&!xAPalPawd2%FfEQp4e$Fa zxfC5eB49}QUHIHc&)3F3e-)o6(Q{wyx!tn{pPS&hd#Uzp3h!S`p@6nbG~@FH+Vg99 z|IOO-WMLDk=>|fNA~%xHehWMf(uf17wvnbzyssbfq8AZ1Vj#kww?g5I+4Z-0eLlNB zgx5XU^?tnW#IAS4wH@P+e1eSghG;nHkUdXB(K_9ad<;pJw->vl)0oaI(79iIHg1x6 zP1yzvaB*QGJ~}!qXvf9r(j1~Xrurf}~ZU@7*o$Im^>c6c*96W&AZvGNcm zi3pfqe@??Z@6Ngu!u23aMS`(D0M|vr^_PDmT(6@z*PZYDJlhaHzL#(v-^2GT4fJX} z(PyAeCkKty#Z0#q1KK?X>b_tC>NuugrJ*t`LWag~Q|L)OzM7*Gj6MziGlnR>qX{qN zvHaPFD;CghJd7Ob`vc}lUuRR)NTdi|ffn=wvXI{0vv)kd#n~0e!VS0#h%BVKq%S-l z(lk8b;_4#lbJxQ6UGRGrMv|()Fp_q({r269DEc5p@7bAy1ObG2nc&9k<`GP6r0u|V zmLyn90eZqI9fz4fW#eCWoklI7MUeI?qnYK@lkEFC%v;AU>tVoVcPC0?8jmA%@vk&O zv%BkT<{LTPm>GH>nADx0BBzj|nR~Pt&k)OD#vr4xL3DogQ=}lr!@{0c)gkSLxuUv( z;53%K2UjN4IyCO#VWY4FozmT5&v{U3#(ZRD%vz-{vr2hiDi@dkByLR!%&FwzXNcYW z?$>ObiDl2=M%Z~V{6q%9FitZGK)?i|V1G@b_@YtzWgxA14)!U6MGd%CrbBt4B`xEK ze$9l5JM6w)DES7SwO-@djn9nu?0W5)-SZ|sOTuR^?b%chMiQQB63_#n=*PbTETb`M zv4rdLV|}d-V5$2px37mf4MdKSCmN5Wao`zD6H3e=e@ZU4RDjy3$%v*jl;H zMr&mTt(6B((pte1FfzBnr{SHIxK`|$Fb6ZbCk&t;0}Q~(dHy;$ZZ0q8*j&QSZ=Lg3 zwsa?E>q{3J{P#G@640Pp)1WowO%TT9B#nW*89xZP8l18nEvRzBdH1%GL21bu40Mxi z@braJ)3j1}a=>c^ZazbC1%WC&JO-8&Z-Y8q1wiZIvKpF$MP4J)<+4m*)-gGdQ=S=y z&CH3h!sKa~`4`0vXu1waB|NQg%G2s$b8_NS>Dp}32~ZY`a8=-xZbHF#X-uo~(bGCi z4dI9GX;opdKwq23(%?>^!R>c~R>Tx-McC00@`tk&PtD{`#tqifLys6$cjh#8Yt?Bq zvqc3E@Hzrziwyt$1bcVaY5F#mC&kP*3&t4aU##c7Xm#0GwzE6xcl{ibSgSehv|U8FMu-Jt0`}vzp#Zy>7@hN+FNAj!%u5(`@-8qPMdA-?Kthfv{L+c#7bdP zT3F7ZJbs0MO#y2!Z3eE(f*Fv`D4kAIlanSffN*!e@lLj8|ArZlBCrBfl7&R3iJ+nS z1b29eEX}a8)HFnS;k}{czGVw5|7vX$&!eMw4R)!DTnC);15saLPol5zU)RT5hClct zihjfQP=wAn|A@P3-^ym5!!D5gro~HswjY_~_qj{H-2(d@R;@WP{OIYg7%3CQw{2eV zzT;e5KXqrI=z?#vNBI6mG~p6}t(a-$JT!sI6`0>dv1f22X_GilKY29)@$FE?=u1q4Wk0PIg!t zgC@_=#$b{sRbvG_-wSd%I<>xo$%8g#dAfS5vjmAAMa=Y&oToZ=Vm_yT55wABQGb}f z8+2!YI3#ukF8ln^ct?P@kLT*nFp2&>3mhH#!oWtn@;F14Pbs!E3amCfPl-A%yHmYK zk7$m|ND7D)9}2&#HWvBvqjwma7m%?vtwES(IV&TesgWiwlThDDj7>; z>g)dt1l{wA)>l;R#w^D%$o;kiv+h6XX5HsFZ^{Qjq=Iu7J0##OA6~1wxnK{5i}KXW z#+A5ivOELWiO>w-=2XfEQ>|J%eGgr)1&+pBA9wU~&i#z^=3i0NA>7u0!vbFE9x2FD z?eTuUfn~2m4aoBVh?dyzK8*a2&)iAcGrMOd2K>io%k^hdF)I3G6B^B6bboL2NKXOg z=tExQD`00faY{NV_N+_cHot~tVchh6ww{Ht8)aeiH6*cwikQq@1MM2#|6v?xRvk1u z?|+*;C-A_+8sBE=ND9!!Y(Pl(0IV{gNcdm!X`NAA{nTqn~+t zr*R`qux4{Gs4|OTPB{uvMUdp3z~Fui3~ncPj+3j2q(W71VY?V{9;FGicMgP&ZLgcw5*7MkclAZ7-X6C_9c#>2fT$jlZHfDUO|O=d$?q(dhZg1jfaFO0hL3 zCr7%rIp0%*n5#vlv|%R&MBX2Sz!Z#;&#x>c_X-`C^sYib_br@n&xiGH?c8TDiKr9e z264AgiuNQcT=Ng#0ZloAk@H=JhgMuMIgl>Fp9t-7_P`7nz*ZW-8CdIK00b)jV$o)s zB${l}>Js2|l>P*@_3FB89Z!aL*SXvz_U`67ZT>l$f51R@hVE7-HSvDT0>|xkN-d4M zInQt*Fg?YN+4UTs2V0VCQgg}C6lTmUd|WTi*=Mu(y7;={m`>;N4?7E+c;D0T))p9> z;y-BP9hE|`DM>njUu|b!9d*p9wpkvbuQ2HXj1sf}Smme|g3U>=sIl-4R`{4>PL0j- z7!?-1l}1Nlh37@3kS*uOKc}8V#>cIf&bVH%AFB%(3AkR4E*arhSTZF{V!ToNR#TR{ zKGzU#F3PapkR{SdkEf^QKiBii13!*J#Ce}H9{$6wFud2{@KXHf&~9W+6Z50k25_Rf zd-TAirqQF&34IGYF=}*=!ps$4ZfR1*!a7ek7AOJOzc9BAV`I3lMTP!n`a}XZ6P~R% z78xnZ=0`8n1-?I)oA`Yv z{rl&bD)wN)_s00|WuDAxY`{R;3Wdx?6XX3?_i2IV-G%sW;ZKoEwV;m*JN+d#aIngJ z)BhZ;PL%3AZ_v?BBpGddE1_i({(wz2Ul9d0hd{mgD-G0NSyz8vHMlLP48&}CN@n5I z%thD7<#Yc?hi?qLS@?6LPy^}FvjmbaNS~)^ZUw+~OH~wq_xP8&WdC?E*^@^WB9I{s zNF2{cFV=y~A|Q8s$*}AiRO|)J4-t$hqO>9-G=ZtVnda+@OHtwDb^yrHHe0kd?`LgZ zd9h|QIT!Aw1`I}T9tO|Qg5er?MCM;ni*;D0zeLBB_cvnzx*AHX8Yj=?SH$tRB;T<^ z(r&t!uWW5ToNJirP>&G{uA`)0zU_V6`r5v4Q-6+AHb2Gcuh)_{#Pi$N#mnAN6WY9s z^br$6|KSrcY5~Uk6LgNVO`Hb@Ft{9?lT$UIb#}uj3A`nlvW^#EDG4c!ZCqTy&=1)Kl9ml_5^FKU~?U`S|eXJHw6H4;%u*=fPnVGQSv z9MW;luX-NT9Ldd3X>Wu2+sMsGVC5%t3&bpKg;8E4=@*CG#feTlG`@m{@xDVe%C2FW z*M=MJZHV%?+;(frEr}#?caa_wdW0yiNt9I2_ZHRUqNIwOkKv$ZWZA$xJi=V78ViX+ z29IfUw%EY?kJ4(1Jkid+E^7WRO3XTv;jwBxSQkITNu+SlW|(%li8(kpEwHnNcHZ+^ReiBx^H6iZaP5p(-1aQJ?r$TnnY9exTatadrnih zjB!#Zx(ZIvD){zunxB6R(N@7Ha1Rnc-*$RB7+iN34ewTBV8qDBFw7ry=${Ss+lM3) z)4M-sL$-_&(>H3ffj)rNS=>FNLe-IqzjD~fefe2ivfDvCX-#)1RYlFk?#@Xx7hC@s>(>fKzAmqAOTL`aA{dfIIY7Je z*wJm2ZjC{E`*YK)k)Kijl5(_}8v0oqdPNi}+!y*4=?w+HxRCYC_*ram|G^TQJ6vC4 zUwxFg#QbMl5|`My{UcaBA@hwGvQbV2`uAzB9?=gW$VbZY-QV$iEJ*HZVrjFX+k=M1 zec+?2VcN#%!jGh65&;?Z;gm4cK5@=?-wXulv(gs+LQD{g1TS#inbH;;+LV{y+Xs!i z3dA`_$U)8-Fn2mVINl_yrSuqv!X>auffG(K@M|{E$z79BT8}wfDesc+k?6A~)lkCw zm-fa*Us{4ngwkLIYIx3Oq0LkAst4|trp{BYhXSQ%2TU>;7EcV69je1bM^jnOVHoVu zEkG>hm{y8h?HIM*f##*9n699zbTZ79vE+H2vLm8gTHK9!qe(%fGuoM*&GkTyH*G^q zDm{A-RL`%uJPEId;k7S=3Js_0fpk3sul*lnB6ei}qj9id5_H1>-4N7zHo0C^wJUk=Txu&r>(*kJ$`x0Zp1mBWbTx+0 zEj@b$UiA<31AgG{hgQnoU?%QBaxW*j@PxwKU&BS$1k@8jQ1wi?axD@w2Y$KkJmv45&3IaoBLGJW%Sv9z*@`c^B--SElzV&O!K z=VzyEbV^94Zp4TiuvuZxR~*PCx4ckkgVy}C{9)05D+Nm>@2|{6g~mS2ZE=IeA^jPfbIILY{)3($ zoqvB>}6e6;IlcE+mz_qS1xbNEgBf|ApB(%-;+os|b9gT9a#Y8RJn_&<$fY z^uSt~U8c3$#wJXuRtr?19@S58_t1#~rXgkCfJ78da2ip-C(7y`IHU&YWNb4~%6sdd zuHqPCALRXa^dQvV&Yb2K9M!ohX*Cv7#2yUQT%w$0P$^HI88tKWLbY--&`q9b|Tw5NAd zp$$6WnAIIIt9BD&)^ON^dJ<->?*OwbIJ~*taqAg#KjOmR?nE|mvr9ei$$(n`gP}a5rR`aj#2#Xt8U^)}aeKfF{4lV&j-0%<!qh!B0yBzkFZ<_!&C* zCyoCF_*mFQ|MWfre_kT^xAGl<@8lD}ug*#U zf9gIB{7e5E@DD$)gO4C6-*+KEKkZ9^PKg8bWDT>FO9XU#myQ5^u}cD=0}=tA9g8@1t5zved0d47=0O;DcU(kx7j&{!%!a2%!|%Qmk{F;LS?bdqb#<0P$kNqv^HS9okn1d z$9}w;#ccAZ((kK3z6`mbYmE`zm-Qn3ORXN!y?pex?6=<#bb*K1Y!>CTu_6qFq$MJIirj=4DUMu^lAlgMKyHnX@xTwGQnX-vo*sPz? z_H^|W;!K~__$+C^YJGc8u0g7#4FMf$ys6A+OKa`%JhR@KvMnBp26}!rwNj!>3df0j^jP64frGOR#alB2wAiR%D%4Ca>g<5ZvrbOay4Jf9K* zrV5GPC<_@Vt4>?u*D{WTGTlPV7;@!+4IJ+;1#AxQyamX^Xzi;i3$2MIIPEzU*v~o% z_Swd@A|wkwH`>Sl=IK>sk%}uT0nR->f{6(lO$rk!QzRtQ3qV+*D$^-4@>3*vJd+&5M^dA$MrgKIW9y~Ktfe&863z78@%44u zp`y9>Ra&`klH(C$1BwY_P#-j%>D;_6o%r%xsvfP$l=HRE{!Wj=_=snaUyYC_CCB5$ zDF!nsnG|z-s^&%Ij>;9oH>h;yU7;cjxw8ZR&uBvl4OQ>7;hRn7qe+R<1C{ zb!h++j}^)-NmxPh!t}s|W2h_kUTmR?reLqGj-M3E4i%%Qe)yDjicz%*9d0^c`ch=djlIOh+tuW*4XZyDQD zf_29B?JhI6p{Ls9+!#?8hK zum8z~M}|0qvPx^E8?{o8v*wAfsOJt`F3L6W&(d}P$EFUV`M~C><5!|uP~8U0WgGs- zj}3WM%MMh_^DdxC8xj7#TzeYdY-qo}|IJXow-qv{U?M17@y3ci+wdCovdn7Qzf|C~gxNs;Nh z0*eIJSvnIv3_tND2!(;iGdi=w-&J_abf%iN(|w*OkEL*%R;N5Rs$^BIpKjL#Ct*pP zD2qvrORqfd!LG}B|624*lpa{pI034;$SF@J7xQc<=73Mo)ly=2Kh%dhUub;!5*0*N z`H5ORZ@4ILo=wbZqk9->Do=!$PijFO_JA}kT*Y|p^JY(@j5N-nut){xJDyO&FLSOhOSD{;vN=3wqo?D;iJlPh3$E;KXPfl6HY zVN&WIJ!?y?k?2}Eb{b~x?7ejA_t|OmAVfqBBkQ>rEdjlS@Zuf3B5C2-)I@2aYO5wK ztmAZPA%pLVC$mZ!)rLBMOTrnV|J`p?m9)o1UT=;z`XtG}(c3(vY(n%FgM}%VL~qgP zOBocs-Guu<4+K-Tj?9Q@rW_0ii6*!+R$Z3DiojNY!rw{Jyn zi?R8aqPMu0DC?uQ7@0~bi{9qpKrfEoPQkbHV(lX6*TZeeb`l?WzY}gWm4Z?X*Tjx8 z>Z#M*hwgeIlFRTPQ}3kG!{pe5rWUdX)6T+6f0)9>qPDPu%gUeY z02x{)u(NQU&LR3Ai$8||0qw~YJZwlK#Kqutij611?MVyr{ov(TdJ(@E8^}T9@Lx`ZPV{Ts?tP zh2Zqlz`2stj%#KkmP;qYm-W(oDgQ|{wj7@;y}Qs*g>k4(rP8&C!x>4X;mklh`Hi%K zR!`?B5_bj4aI`a(UV^3HW2H+FBSWn8gt*cs-uD(OorxvZu+lkL_fzcoTC8O;Ykw79 z-^s3L;PuVgHNtoeyIzvYVpI9E;Q~Z+#HLBCDvaWypo>q5bOV|q;Bg8*>YYlbl(jnl z9mJtJ@s&!^TzA$|Y?SpuQc(?hoY=ji-Bb5Tbg7^;jK^A7QLUyHK+yKE>jr$jja{R7 zto)s3qZC<0WlK5@$mQt?!}kKKF#}64XJ1aSX!;2F68(mhrL0UfKEFY$9j_-*n3mFp zl=!Y(pm(JqCEAs<&=q2Kk7i(3Nb(xOD#a|+ikUTrDHs(#ovvr&l1^e}EZEr56nef5 zpGVRdw&1rlDRf<*qUj@W7_iLd6lTE}vR5!Are6=KDF&uhhyl8FNmfjD{0|87+B-OBs7+OX9}rRWc*RB%4RxVo1zIz=#tC=UZX!Ui%zlnE^;Qu zI^V0-4*B$IZFm|ln-^itrMqWP%@5;`L;6g$J_40HLS-}BRo;x1*J0)Pcj1Ax^^zpo zUy+yq!*K0p+I0ITXGN3D=*}*-hG_Zw-N-hPZf7Tn0dNYXCl9kw-qD^tV$x7(W zS?EnxLT~1MLA_xQS7T|Vgpr9Su{R5~_3o>u99HY-NY>i|gm!8Q+rw8C(x)E*W`*S+ znwW$Aa~3V~rn!Ve5Z7R@RO^dx<}!-D74MZTWDB&eAhyCpshVM^Sh@!{CCz5w;~pkl z$#+>|yE(`E>ezR)aUuN6L@=+y1+|kcu1z%m?0O^4#w)CR29BhUl^3!6YNkKz5?6Z` z?|YDyE=ke!5qMsVwM=B!Q}Fp1I-9kAl9Iq>6tgx(WHBybwS@7@4EE&){L;j(S0OA- zNpxL@Wqu$(q;(Y(Bd4^QE$`YCTqrdijm&%)8I14>V~%t|C@C=TzFiu9Dh=kv_R1A? zY;$@cg%B`{A|98N=zjipPzWe9_eQQ}o1V~)L#?Ma(oFhX!)T$nz%(@V;*55Rk4SO&gZf+*K=M^SH)D{H< znxPzfU!6v_-851r*a9-ya z$awuM5gY3WbHcjWz)CkEzAYusrYeo7umrjorBtID$~IP86V^6`U9ZK#uyJgS;WD0N zW@`+u$FjONV3{md9s|-SJ=it6&L|dky%Db|lpm~Nyl!CEoACNucAbOY*0F05pMSti zo|+P9*h`;MRHY^sW(~EJp)v#tiFMWt)C5Vk|}`{ z+{>!SOhH>|c>Qfs!st(7uPyjG7cSg7%_LV!X&<0L;-bB+s|i2IV~C#kuI>|z&Q*%} zn3dni?XYwPX{lMR@_dZ@s8f7quruj(MpQ%PQCj~hqxG`cs1>)wiVwizP*zuaN?Wt& zl$O;ZO=#Z8}loa1zON$d9$HA6QwT|h5!%&TC{nu+TYhKxW ze`_w2jh~?kzeYpr5AirUL_|Rgcur|PIsuzb3B)m<_bS5vwPRZ7>{{Nc>jC;wezGy7 z1n8sJEl}N1XNj&rQQl-~;8QKsv$~X6&w3DiWfZauOZqW%Fe>s@zr#IIAd-aSddA%O|m1&^K5DO3@B2prSwbiHd=QP(n11GSxEEA#%I zMy7Q6W_+uvq>#^HX-)!i)*NJsE#)oj`DWxFw8K^9a}wJ;6*~;tTtHRTzc#C4X^3?b z1D=Mw7 z%p^UVWnAeG&4#XH&F=n%nnm}7@PxC?YJTD_zZ-}fp)=)aq^KVl{HMR#jG=khdVpab zikd^H?d@gl4d&mB&%9&mAoEWA6rX-M7YAj-{TMtcjd9}P=l+RteILixSTy!f8VScX z4866K!qpXU6o-h5WOn#QOPTSw2{DGC;eFizW`v0MSt#kPz%Ztj($)%DO3j(J@x{r1 zAWsYZZ-+lu0qZGr?qcaPX8@mJbnB18>9uG$KFre#z0#k{W@%m;!uHRbRLvN0Pu|V# z{Sy-WQNq(7Pu9H)hKbVd@Ybi24aj>O5~WHswhgUK#;i3x05!r_L0O6t6EW|iz`0Ec z9wIS+xKz7TF;n?+U9zE_f5LTft$#)ym0hrz1&=0Uz+UDesvKL7U$!kTn>#h;YPt+0 z399vymo!}l;(5q`TGqo_n6NLZ)2)CmsXgV53J0?|+fVr#(-E$!8g)_IX=Od^zQ&4VX(lLBEL}Yen+j zp!ny3DHc(h)+FZzt~*O#cw5YT`Hign(!}!Ge#HBS5y}22zb3j2A8*A0Lp7BiG|Qii zpi$P+&b0Z&8l!mNfY-lp9X-#W3n9!^Wk0iw<}?{J4x$rdlMVgPszomw23+CZtsm4 zOcBvud+#g`u4YDqD&u#s@|O*9mHVI2eS6KFe#uSH)53T1!u6OAWXS~oixzNf+S(s1aGxb zqIy{f8fl+&;^X?%u_l)30OVM7zBpv&!39-f#5%1-cCuQZ= zB-p+eY{)fums&m*yo@(;?OR+_SOsqd8OxPnjfE>T12c2c9KJ z8)D!!X-(f+dgWAW7lUWA#(H{JWEk87^AFqe8=)$T$Q=s*>r)Q%gNvoRDd5Mb#Tg5~ zh01^XnOd``*1oK@Z-3TWOJl7yMO#~4r|qai>7t=s&(TtxrQjCbmz|+wR!ZJ+{7c<_W3pv^G{)XdLmW8zE69G z8Nl9vexb7Y4P5)oDQJ}T2E*<%jFJkFe=7ohIKkiffaaR+`4y$q|7|Bm za_yn#0%#7eyQYPnhBE$k<38Y~2^+U0E?ym+3tO|Mhr zU#wmo`viKj5+(qH2_k>991%a%~i544zp z)J^&eQBEzYvYBTuGF0nj?1i4!p)o=)@>FX-_Ckv!YyOJ8C{V3Q>_vh0VoyX{3X!LP zn&!Zhe@1edL-8Se(i5I+ppRX6{tJ(G;=t01X`8g$yf~r_&a+R&!5gribPT32xNpAS zq(*jq@CW|7$P>%gXF26XvyuKT5an_6oU)hUdeL&IYex?zut5Kx>M(x@3N|)OIZ`No%e7I z+ljSRnF@dqN6b6N>Btq!Q|gdz#_xChh+M*ImZzgAR);4P+20YpzBWFmi|(L*AMg&d zW@8kAJ75n3v?^m^J&P`!pv?{8@7Iq5A_uZ}=O5PNd0r^eWW?fm_RvGW{_}Ayo~J{; zDcjxqwc;f_9v^W2QPCB|~q1FjBa`TbbXRU_~J7`2~4 zE*5z88`x?b;|FV7O$cOvUO&G7LfE`8yupkoj-CafB(nDj*c-GM1R*sE6$)m|OLjGe zBd1^*?gF{Hwsdcix&TiS8nYu@?6Pt%h-04SOSBxug(gJabaYw`LOY!q?qG${7Oi1x(9E_BJrC zOlJ{U&2M#N&6Tbi9!f$+UZ_gu#Lzer4wQSDQo|uiBn zQNDc=Hf-A`NUk2r@FX4B(mgnb3A>|H`bTY&p6YfL4V)CHgD2tR^HG(z+bQ3h>6Dc4 zVYr1U%yfA7baIrQMvKaYS;QnM>)CF4YAlPQe9N9Db=wsvSFRShIx*n-sLH+{!^dM* zD#P56eUAx4yY(1{#jizG%U#;C)ui8_#^MpyF{ey`pyF%wwq|v%O}hO<(YxC!N;hFb zMEjmt{M;6&Ox#h*@DD_6`I%CF=w z$HZ1)2na)D&AaM)`m0f z$FFF4aXe2na4qAB^i*2AI!dJ#<%oV+6Akq^3Bw3&W6GQYXh-U;+d?4I6i4v(O5N}o~%;#xSCk)Sw28$*Z?8(CWuA#0AqPX2qGUn5-H$TIP zh1L8cm*Qi16dXEm(yeDju3Fsw-q;8K{pn-7J`+zJ6@$lnDcu;+WU-g1Et%@}9z8?b z55`~M9kl}g6q+InqV#wP`dpQf31z#UzD_-T$HZ*3p{Ga|lsYsY4Vb#($m=@}h7BLy zd|DNxD!|rWBKIuzf3E-V1H6K~dJR13~iwj`zL`{%u{fgetfc1~>yKcqx4nHOIvv>jg&4#}z@K+3fdGMD7e;It& zE8y$*=<7AL1b)3t$H%o%RgwAGuQVxfuN)n&M)&V!1n?F)j)8cvyc=}%#bPZ>d0qIT zw_DV6r5Ze!zGVr{;sP-)yToD=4BKRvxMXyEi1~gpZ6a0n{Khu&)j9Z~Xt4QX568#n z*P`u$nB~b--el?7V$XQrUpr)oM#Y1&?qMeAY5WkA?{4GH5r3Cpn5DsRz$M>nsY)?u zx?LdVBRGu*8b$}MJJHmTDjY-B8qMLSZ$Zt@9+DARc%b>snP7Cc@C!l_(k6wP$V0+-sU4r+_ z;Kj3@{ENpI-GGISTH!Di?j0*E1ZM8?whmrALc}<}7ef(eTCGrV)Pxb1JClCLZmI4- zzq6n8JD)oPQ#jiy^fPdAA29t+WRO01fNo0?7&3NH3jg?UwWMsi=So%u*9PVDA<@xwV3$st42(Jfm ze%Y)1nv#*D(OQ!`pjtbv(r{o1(M^y`g5i5^W|Ddrp=4=_I>wVMQ~-5Aioe-XR8nOX zqsVf>Y)x_XXjE}!&;J&_8@hl_NS|e{V*{MxjdAo^R$PmkD28 z2u&?7j84l_({Nf)-J54&3d@LOy;}Mza7v-6Cbk2e|Y|x$3E7(jd zHI&LiTWU5I3umD%w)-wY+Kb&(P^M)c#>M#zY-9$OImC0*JZuCEd^;&t3dGvgFOx}X z=L_?*4dId3YDWfL%|s`(&lF!$d_p>GlJ~vJ@Ze}S%IcTl&o)H*0ktkpk7a0mIxZ>W zLrxiWP?QnVf=L!dd;Z~e`O2bM6?>%FN2Yi41Sh~wkjc3M*XW5EThm<9$C$6ICEdN& z!R^C*Wi<|IU;M}2@LS%8?sv*kihaI1k0k&o257^N%|bl)bZ0{ve)(1kr{;TuV(znq zax)uX%3k_JL$UW)(s|lrpJ-alci6q}6KzWW2KRRVk8a*3g)z20Y$(bIiZ$AZ*Y2q> zjwo7sn=Ed-zK@J`=!1{sCQ9SwhVIFDvx0@Wg!X0U<>MI2@8G+a=wWogu)8QNUscT+B8y8w&v~ zzoyXt#q@t3{hx(pD1;18=Zsy%e-}J2QT$aL*|eGkNdd2#CGW zte+^`!i$9wCBR5%4*(yd*p3FU6%#tW#ihBY_^EMe?t87EY~D!bl(Q{VRws<^7g?-o zOgspy-65N@qhXMbsn)NS)9QYuR$Kia!o9MdO@MN=6*UqL?_LWL2|uy|rSG4IwB_t2 zFonGBfI~t}lvD@TxI;Jt<_NrT;+=FmtgB|Y#QYa;OnX`E1f(v&+?RPM zCgz~xE(^Y1bID+qC-x)~Ud%xC%LEn4lrn=H|0)*6xDr%+AEIUHKA* z7nrD$Hf5ZuNz~^&-?pu?r_iAZCUbYlGiTGj$>I>(fvotogOhhI9vqiM@8xCe-~`34 zc>OQRTlNmlGB7C zFj2{=Jyd?74Z1N7a{qWDE8n6W$g|AyrZ@TRlR8LV!#vf2pWyvl*zujl({CifU+4RG zY5WN?;HQx7Dt3#}og@u6kTvZ#kdF@P8_3reM>mkgxwL`Yk;}|cUwS#ZfuQwgT>b=# z*1m~Dy8h;v7+rUpV9bsRAyc*%x!Kbxa+Q9oN0A=c4xAisQ89rt0EnC`MN@s485Dxl z0F%Dk5OyYMBrU>mYZ68Q)c@>{+h$)wEW0B$iJPe6# zU;~jz|3*#c;t2USX_xSnWsEzb&V}oD*+V&iW=-CsO==LZkgl6J_t^ZJjU2x|80g^$ zr2DC$R4sVxEf|BS(tFHe52V*_EEWR3+7jdlfgX8}X3R|ux-D~|njO?KORrZ_RGpM( z;5-vVx&K!37IbY;tpibrl@Hdj3fAG{VSfH|aEN?);EA1n~=Q#z!lkm*{5LQLVP#_ZsutZ7tq6!04mawaKc1+RgO`!b^D4VnG1!jgB&qQ zt_OjI&7Qj*$C`}?2wph^;NjfkMXa7bS1?<%9w6-q65SzMv%u46a1*dvuF3{dT_3hgX`(&) zZahOmx^&DLux|)Ibv@9F;9P$N4H55KjjHd$+c)rjA6(59(rDh4QFLnb99le;Jj5B? zW*FYcl~wi)fXXvBps@m;t*O>m9?3OS`8Qx)cs>a9V$aop1Xe6@F$&NFCo=&$sfs0Y zE}VoKHgtR(@F8m0CUL6uANOlq)Q?0p{I$Bi?t3O74Sw?+`Zd6pq&E7svq}6)pRQk9 zZbQsCw|?!RU4mB~y!aL;|65Kr=XkFJ5$=)L>FbI|&KyQB6&H#7Sn;6ZXI zKXP+S^nT(BVBp`0iaR3!6_!>Z?+{=L^yl2jJ@|D6I#XDE-$I#3qH<9extMs{vT=Lx*;nW({52WJYa7e?EU z%Fw*;Eq3e`8|N!8gK^#+H_rTHDS&{F1+#)B&78+Bc&{|PL(JI7_7ZLW;r23Zc;*Vy zKzR7bHPGriM(yNgye?rEwNqpd^A@eC#x;4qCY9D)5Iw!Q_vscj(n+tyvx9P{#arV1 zPJZQEXXiK4K&_#f4C(f>W9K>Lm6|MZ@A>h3{q^_7M!enmjkBY%CjS2X`=a(N%o@O* zg;v_=%tmHwyy#t$!Ho8IB0=G84Y5onHzj6^{@wn>7UsQ_{Wzo_GDf?EInM{iBT?A` ztxN6kXBhW8_%mri^pO50>=O{BR+Kn=D$5cqG?t+toyGfJXJ%9x2HyW1v+@{t@H`}@ zg_JpqlwI2jnNo1Mh7D6>FC*6Jf1sJVze*?8{_~^6`n*9ztPdSz833<(sznV^edrOl zmNg0T1iI1Od`XmUk~ncJUnQ5j-#u30s`O)(LD@|C6@Id%eY)!p&M7ZEX^6=SPHBJ0 zej3eXDG!0>PLWJh`yx~hdz*kb_}MYA7_!%Dr{dK{Qktw#txx!Xi?x3M&-S6%bbrM! z{EB4lXh)A~;gA&AFLq$KR$*H!u0?AFd`5Mfi0z+NjpENXX3BortG#13_S33?%{fiS zt$p;b_T&64JDtHlvWE$2n#uhTy}&;bx&-t@wa)ahoH_J9V9=Wl>dmfa&AL4r^bX9F z-MnM@TvLf^t%jHWiY3>J(lSHHZZVL7kRohDPMw*vJvzQQYCxx2^Ss#Dcnh}X9t6Td zUAXi~j5;>$=XX+RkW=YEDtzN?$~;vJVnw=_ohpAU%3bik<(7At8UuRXure33xl_`_ zI*=!D65E&?cfrb8y>?Uyxx8qReS4iV;MpqM>m_@WL;6{y{7H7b53B=DZT!Of?dbe6 z$wCRr>Zq2VSF%yb5T6u>>}Dz599&goizv;6em0fnqQ0o4==H{2kd8(;rC(gqcP{C) zQ!ZNDh>8f;M%CK#Ac;vE(Ze^jnZ%@v#HSpm(1k8CRJGpv;O~nc=gdHLx*Sq8E20Keub}x`3;Nr(CsIH2XNF4!Rz`7fR1u%5sztJNbXJWrSVze>NEs`G=CCTYg1E zx&rWL%CCe!wW@W;62hO_IQ$W#_+yX%UbXgI^1Ha?l*_lVUJ?bnxz9Q4Hy_1Gi&cc0s;0Zi`M?(WKREZJinbLn`-*vO=(Bx+lY$3xTEchF%!b82amFSmpJeOto*UezdMbIgTQls+c?^#d7Bd48r%z9oxNCDL4F zI#4cXoJ+)l($wZxl#GE7S83Kh7XmoXZPU+6@N`PGhURKgeu-{EF(Jb)UttGk-v3t2 z>q65NZ$s=t1A6DSTBg0l)C5;N@Bq{Z_`Z0xiBn4g<-~*`~0~QK=hTlT(yOtyT!cOKP zGCdO*{TED>;M|sd+S`=GmzOi$r2GUWqAP_x0Ta;$CctK4&k;3q6+zuEc+Ym`%cm!k zcJpp1J#kL@CXow{QIA%w#E>c+@v0%zc&|iIz4aWk6m9fsM`RR0MfSEy@Qx<6Ldof5 zs5U$R`Ac)wKhMKck_wl+hIO4frRkF&AHW=p?s=d|Rc4Wm)9t|OOv`afcjvj}R~HzW z+uQQdO?cS$XAEzg*bSa9|C<$w3-mG2`S|15l^&Z#ZeMWI`=y_UrQi1Pm$< z707* zbi=v!07O@&04Hj3>OX9P%7E^~^w$d8 ziVbW56m4o%Q7+Enw}>WT)#M)VYldGd{3gS1Pku{rim+-zFP!I#^?4rLZl1ftn5^rE z3lo`?L*d^%O;Ma1;%icYEk#Vj)fc!U6M)Tx!F;oX!f5^I9*m9-Ckx;cEiQa3*^yNM zgih%=+W7P@Y*G>44-3ee(c#^bDwLc}_Dq1@qv<*awXsF5gkQso)C#>W3?Jp>>cyhz z7&N>5J-ki2Jx8y5Pk7zkX0-RqgB>ad2q{j8OS;1Xc+v&HCRFKSh)$t<)PFQ_f1iyL z=e`#`hibx2KW*>+U>d zR#$qtTYGsgzD(6$3Y7WFRZDo5)s^9hIHVf=?Ht^ic}6W#1&6Of6ENVUA+FERUlVoK z6xZ2H+jUmdJDWxQ+;cPa^AhZ5cWf{+KHA9w*2zMQSrf2+)0;Y30I)0d#yC(t8RrD` zx(tG=E5X%OgSVu>;Km%ZMr{=4uY*yb1Jx_BIKO2=*MRtnw;A@WugSv4+;<)BTj{IV zPNc2*ZW(cF-kj0Vn*W@S?m7z@^soPo?K)_I(}y+RX;BmATi=ak8!KCID%^s;QVQDb z1{c7mvwF~{PRX8Smuj_rpmHJY15VkV1sefW#d*>kA=;XmR|G6`w#vyyLg05CGcHPl zC*3(=J82obyQr|+GOo&GF*?+s5OAD@Mcmb;V>L{wPKbE4Y?3~qgNu%l7{ODm-^^qb zC<_m^gG5D-(n4!+Kvk5B0A?tSW{BbjX%x`^LNhRqQGyxDWTW-&8kj8FsUA(BO@zTK zy2O^q_A7L}UKm3bqJKVHmyQqyrxj3UP!|FY_gBDiQpsufjjScZ>M=lpfpf|DBjo=6 zCPMCs8s+u$A_Sk6fZ+H7ko?-ygyd&?5}F+7M!f~LJpBG@=rG01eZF&>ek|>LPQ;(t znM4(#WOO#r@+UbBuPM9mQOqp>WiT%k?vSu1GI;-5+>sx}d>TOt+JdIlJ>b8|R{XLj z{5QE5u!7UO%?(ys_^k)g159#e=OD*~HaRyjXR>RwdFp{+6K`=m{lBklCaY|XR#_+j zl_9xNp7|eCb|b6o)?Tc#2eGm~SlN`el}*OVruVW_WdhV@$LgR88`TN8t(k~xn& z4p?^%?umJ1HfqnJ)v+`U`JST{iV^89@0*N=p^Ww_u`!{qvg*u%= zOZQ%jwtV%qJNCceo-Vxp_t)p-maT?->h(0S@+s?L!5{%uHPRta%Q zg2MgG#QO&mZ%@)(74!&r``&gRY}5;q$f>{%1RjQij>Zl~GVnD%#S%8$%L0pPfh9~` zJk{<$DDdld+kKe#d5_)q4e!4wiCGd)2&7B!`!)PtC6qQZ1~CI(+E#VK&q&$hc}eg# znfL%&S_x`JWW7+*dNJ?EoH=$}-1WpPK?&by2_U*cq!gzc)CjP2HS%vpu^m9#KQEp0!3P8wfZ^w9S;U~JZsNN=!_y3VXj6!!4 zpJT5D!G1yy;XMi@0P9P+*4Xh@4Xc~?U-Jtd5dO$-@nS|5Uxj=4XpWewZM|rNW|3de zDqbkGn=tdl-5?+S=sBUhp?hJ!Y|zCa5HKz_FlPMA7hBZ?5k)gbD`AQIEyw-@}T!*3@1c81^H@Y@A``@k;`zkT611AhC#Z&ţL{u_dNLR z4!;B7w+H-UJ68A|2){ky_k8GaFX-_gHi0O9P0^Xk3GKwM%VNFsrpKhPd*?N&5oDF0 zj(a$=tVv}wUKh|--H!rVLu4Vt`+pf(_miOc97H$*pXBtx|?AM(Rg zCF@h=G9ll)*BIq+?p$Ewe!coX-ZE}ENi_Bg8e8-Bv?z_O1A%w@dE~2{ z)P}}NN#~%k*j?T~7gb_fr*YmcW0i)>d|IcKn@H!-fZItYT5nr5*^Q?@^KpG1>H6a> z#eDUDyrnEWLEY`gx_h)!w7ZHIfJ5c1va2np{ukppx0Htv?2<8N&s{)}?|@z9Ti&-h zVR7zfP1u2xDZ?gull{?Y3tv8+lt%Sppz~KyMourK;M_8hJd%baBzqd2KqTY+*W=;O zT2xmBtYhI5WzPv!9nEP1lX zXce|i<}rVhR%j^}%F+u>;u6~Mj7MO4h}iy0@-_BWq`+Sz4SrxkpO~nh;qC+d#aWBQ zFEwWNuVc^^e}q0&lRHA68#+RtOMfQx`6`vr=bqFk`n+BWJ?f0;Q({O!ANS22qK?Ow zs1d-u00U&{WN2VJGK97Q{aAzHo8}u3NEy7DWM*%kz&GjoB+pknjE5VIk5_U__F4VVq%VNNZNOvn z&sA#YV351vb#pd{x+%q@TgR?8-HqsuO#wV%jo;oaAlFSUhffhMzO=F9sJC zie6Q9KO~ROA=%yCn;&2h3rFvF-w2GISXk{jDWb-~w0MRnjox2n>oS~EE2Qx`5s^L| z8~rdVF1{arpWo*DO#ORfWGBA`ezQ-Xtyl%Wnvwa;-P+T1W1_WMe0%{4o(vpiCG3)E z#9&%J_P}_%^5nI2o+80QDk0h>arqT^;^m-K)J+>8r)+)PnQMUIK1K{b7bN z!JeIxmCer-=LlI2`Q5#ESQ+wP%SBVgJ(&`C zj%nSTxfCrBBQq%TkMiQb^miRWXVU8Nm(J&{Zy z2OZu$Mwk4L294Rv#q!)93M>PQ{PgUzo$ zK!)vPPA0K}A^!%wr-8sm`ZPc}2Bh_wtfGyq*rsSP|7`XmFIpjsszN@G=*T_9&w|>T z4WHtvdU2*R@LrgDurwQ3f&jfmw;OU{!uS?>THLxZ-w#5joa{9Ty{jhX8Um|+I^C#x zo0Aq=a9=AoW5A4h7E;GvAG4q-n@w@_!Xs&@_tJ3<@y$ypTb+5~Cj?C%f-wWYxK;yW z3S4Ju*Fb&)+q7#0)uLVJ>0VVBj3dJka}w3MlYbE7a%}HO0iwH3M3a?0IAK2x1O$-- z8#pcUCx8+8I9E>+qFTRmzbVzrX#)>%u^eNM8iqc8ddXs~l%wB?DdEdk0 zu*YVb<0_nN!5q{Cf>ZXhb3|5sv|g&Jt5#KaC@(YoDWo_vyx%~M^MOs;cnpB?ID9Z} zJU$b19Yp--mH3aI7tb|_rKh_kVHBOcn3*QH_xw07% zJju_%hoyZx8^$MfU|9Qj2xHJdxC1lH6uvxzhU^APH*+F9Crb+ru+*rz?3p(l_>VAp zJ;Ug0|0|4+!)IYa6rax<&<>yb9*CQYo)i8UpS6k5&>Djg#?X3aB3i$AQ+u>7ix)4} zS8H8k=oiIjZGu&+e>}rQia;JkYnL&u!X@T&pmn?I3A-=VYP`(c4!h4cx5Mr;AH|JM zll?!#?&|oDcH935yT8{lDITA-5eWbN3x-n*P4Q@bn<TD8+ZIejCUrD_H|~u?9YiHBfUu)%Yj9#&xX5m5DW~ z)(6=0Ke6XJsaLJH(DUdF^nfzs_s7kEV58Ix%UO%z8=yI5fQe;;i|&fnGVS#!2F;i2 zHE5Dp?VI9i4}Ta}`#0m_Tjzc2S<;w2@nv>F8D%MZ;ngdCojx=_O$CcHV3RE-Hz~3~ zaYijxz2k88qW8>wtYj8(DR<%HKv~=#)5!aMq(Oh1Rd6EQ(6@=~g@4aTnK&bJ>R958 z@YwDHePXJ@Q>Npga)VYQM!WdB4-L-uA4EGxT{$u~7uFJzuh)=Y0lD)xtR-MQfj_+M zz{U&=pC@1=wo08q7!kIiI&1^m*)pS8@}M>=d#`I!=YlZMScWMOOL+gkC@Yb9CP7j> zLqi4_ylPPJY&wjJv+j%XF(djOfBkRPK8F`s&~_em5`tYeAT&(n#$O57yo_0ht^ z-t?qq;-p#?fyyq?%U)unm@gr}51yc2R}NsbASqD7c9enC!dvXCRrIX$Gw*8*;~hlO zN~;+K*ZP7S8KOZ6F;fo+=qqe)Ev6xnD#MuRQQuLZ{;BUrX9W;)9<2?#KuC6Z!mB0p zYAAcvH{sPPdd0&l%B&4DuxAXLfkBI4*=*F-3OrLj!gR6;OXyyFyzMku(?l2kiLgYe zMy-p^W+V6`{(q#s2YgfI`Z%7nDWqkbG9ncjMXI(Ug(@fo3JoN10trJwaG)q&1QkU{ z1eMW}1~?uAIB;DDSFc{&I6y#wv_J5L4hzXe?YyBE^M`V5A4v-M*qZjI`jS+VUoY_iL`p8_)(o29Z6H zD&vOH45hkyIcLPyHR%GHiv05C8=~J3I*w;VkK?J)GdwA^y!i}RIRE@;{@JnoRb|b$ z&gXfQe|a>2fd~Pqxt4OQxUM--w96Dn>#t{8-}{%e{_H#^VTctKC5j#+`&R-zZZO5w zzR>)agugeQG)fcoqOMmH(kR;;PZ|kBHfqwhrE#a+p}~EGJGn+!;l{xXpWok0v}d%6 zB63Ha^v_ro;kzNKltvrt{8y&)bT>LD=IH%rF!%j~*qi{3|0>-wxA4Vb!TB!^qxLg} zwZs&ouzd3YsRWU{vis{3czulbut3<{h{F0TH;%&6&dvff`T7~+q%I!>d)%xyMU(eq z^e+ufqi=-hNJ|JjFo-AYJ*?^$MiIW9%|UtQAljTa?raXVV>oH(&ZYnw&Lp#-;?~n^ zJl%S#9m@Ktyk8d@*rWBJ#s^^y^aEgMsxgzXTTeR6Yl~Xny}M42tQF|bPPf*Lal=w+wxkWF zXhmbT$BodHOF%Gidvo~6hNLoQmAM%c#yqx<$)Lzw%_y>K#AFOM1BtgQmq@%XbD6{| zLOSx*T%sdO5XyO5XstYTXh7wII-0L5MC=!L5i*EhoySY!`W_t6XmtXg;o)^H)PcO+ z!e7(loU`YI9KlDB&a)$-Hz07p+fNQU*SM8ZKBQ%3pR!*D$S{-GwJq`|c|CI})p$(1 zp(E^&sBj0?dh7Y@YsT|?Nq*%ne2U-L>eW6)&)4d@Ytx@MRz5tNB``!FhS*eVqH}WSm-zqBuWo4XI_M?ke z()d*pWHr^Ll*Dyy#T>HBK8!R#?~ZHgB5Z0vlcuu1lLPvqi)D3ytULq_q{;{&zK)T8 zP4s=CKj=nA4$4+pZATs)jV2dA7H&W+2su>f_jt%4TU|9z1RG^qWxa`-1=s54TdA;1h{v{_7^xO2C5ijl! z@tsZqW=Df>IW^&NDEJp#*76H1mN>5~*UKEHr4z(D@ytKVQWdw@={A%9Li?Iv|6wYbGqBf zxz!IO7tGh&_!4Ek9FSze5J1<1>A{c=$fWfn4aHZdQm?&r6U;(alBVdNjNPqg!yhwY z7lnW0@O%s(<*VEhygH(>mD4!?K;!cGq7VK|q={V`8(4)4ME9->_g+c=zy?Iv@$ z>NteYv4Z_d%yXQ>9WeYOhyTDlhd6vK_UBU$kHI{}9DWP)tmp8T82>tlr(u6y;PB;G z_Aw6k$8dnd_e1{30tg(yz+4EpFmM+HGBI!)1niJMG8qC_LWPmB5a@z|5fC``7zFYl zpkSVU*kLS%0Noz*T#Pki(uEKx!Wg)<_kR@wEg>)&0?1XkD+NF)_u$-CtctJA8JZM> zvu{$E%lTw6s!3*@kkMDg^Jwmot$`fhj4zqmhNjs7slEugyjQ}V%z=9|-Pd2Y^@M9! zZkgAL43BH*-dqi6IzM_Lqw82Ho)^c5Qz7qe-S!g(m2}FXQkf7=D<;zhVCSIIPGJ zp2p!WILb*J{ti1fn!~SQcqoT2#{5@t*yMunWgNC(ofmQVQ_LfAILQg&L=Ha=7%5y! zI4JM^;Si2+_#SNcI}Ufmwm#$Ve=tuOhsR)BA9MI~%>OQjH(*<@aJT})PjmQFY**#* zWNddahabRt=5lyEwsj|mk71oRarh+WAIsqa3=ikpX(QjG5) z`haz|aCa;JCJN_#!O(0f!&Qw*JH6 z>oELJ4!6O2R&sbemi2SEJ(iuv;X17UZVpQre=CP?!T9S$f3VJx9A1ib4&ty2``m}a z3$ScYQ5N%e;&6iqQ|49yCfc5;$VF%_p!r`76zmLOLW1ZVM{3w?F zh{M}4|C=06!!TQY$h#BEKEdIk7+%KV2-Fi<1c4baz=#j`G{)S6Qv^ecOoPBQ4BQBT z2Qe@nFvO*a$pt<;9H!UF#$jsTgpu0K6W}~OF8Y$sSU1m~&saC_seHz|d6V)P>*hTN zx98G8$joLH{x=Gtnka-t1BpV&gu7FSZ77878|jWZuDTJOP}C;G7lBtpbh|sssQktx zK{B{=tD2AuTd07ygIl>HBhvx5a-oz+E zl}z21KQM;kCk!%BJfh_D7`OWi{2g~0a4377N}2MNvfH7)jW65m16$4}&9626bMd z;@c>zc^e0!T~2c73Ja!x1zllF6vjt7eN^#Bs__x1@m`4$D7|H0XVz`Ap`Oiy@Z#9r znR5(XyRh!)R+p!d@>6-#Uc&%rKHt2! z*1okDanDSI+mn9$1sUeP5IN;WvU2#?dflyVP47aCjB|?wAF3!*JdpfhVke$z(xF9B zr>4`5R5GwG9Gkk8zBHuHRP*Vk9!S1=Uybrrs^nG|qe1e+4{mHaE*oxmntb#@;okLw%MkM+ zl0!&s>JjoE4~lU=dRZUpWUO}s$o?kuPsTM+lLk`%?zk+zf0r8l^HA|xv^w>vT;@*~ zFv{>v_Pt$7nOmXC%a;DzYFLVUcMWR7TRiG4D+{!vy9{+9y+`KZso>CSg@aTS1qsS# zS=rUdKF2_ay%yHn_c5Bv$T}_iOB&!7&_Y`Fa$8#Y>!-x~3A1nQYXEMzB?*gmLW_|@ z0KJk;#z|6Oe@jwM7>gDde?8L^W^WhTHNOacDa&DJe7`>XK$4P<9MYIK@ zU*%}06zCwLlitVvpZOWDc9uqcI^H7IrvcojF;d`2i?}|OBpTK2Xc5<^DvpLZdRs&% z;?kT%DQUQt1fFgY*QNWST`CaKNf^D;Vzf9@M7O}`GLF7p3S29qThahV;{ZNrJb=D& z1CV(D!&nPDIsl1#>XHJ9@dN0cXf*z7Qrx7D=4iVV_#!E81W$7GwNhYfQrrmsooKAg ze?)W(>T1PL(A8Cmjn_XZ*3~!7RBke?e^Ojm=kN#|u>MJLU0s!6jKCh>)ps}=VDR$z zuAWLTz@kHZS4VMI-BJJ*)}xc{=IF6f;71Wn9W?VA43`3XMYNR$w(Upcy^t?Hbi|Hd z!xF^TzwxV6A{mMaCVf)Z(Tq$j+a7nN1l9puCJ$GE9>{$_=& zm&kg^0}ai6HN3+Z-nnBipuJ}C^$C8}kZ63}d@1l^A`KzI9voL%aJoiX5+ttMIOy>K z=Bya6Y`8gzy2WZGxYT) zetl=8{Rh7~7+;TI6_-$OBPJ{{3eCf>H;im|z*o@$UssqV0F?(XCQz|h*(R+eMGA}| zVrYexMmZyXlwa11QQi=1>LRS%V^n?teia%GU)89ow#}QuJFPb4ODhXD&4ucjZZa_i z)saKt8;y3~{T`~XGOB+Az9O9{_%tSz83~VnAK&g%J({(9H&F%a(@4>MgCIj5cmU5> zQ+gxH5LFXh+XUQIn*+q5+N7sHd#5*%&&T)jKoZU+Edn1drE0p!N21t z_rW?b$UR5ndw(#!S?}Lw?~AFlKu^Zk(Z3GO>D|yzbniPsM&a{aiG5=a>ip<_!tB^F z)b6bz1AP0gKuTnNwM4ITb^Mb`y@gBDgI8dQM95%DMXK%-^2tL~E)D4pT%+CmuzBH8 zdT{Y5b=tS%>U8_o9FwUDZ8JD#Pd!TC+&CNOzNlL~eKTUVpl@b%J1>0`ei=J&^It_* zyo;+c*lK!6`v)~lMi3U)pmk&*vGO37Gp8neZw;yT)ht63^Qmw}*-3WVHr>IR_eu~4 zWY>2>UWf8_I($SfkOw`D*14qMh$J>ES#&LmAu3@xxEiMnE-?<33hK6VSFnYEKTSef z?`a6+CD1!5J`0M5;i#aCY#@Us*%9Y^6kXY(-i{to z4M|Wgf>bt|nA>Qgk6;FM>KReIBZ?(cli~0G=fXFM!rK!_uz)*UFQd<@YVEmoi6-)( z2s2q0ew_rUc1Yrm1YoDG=DH|Sx0U6v{lME)idYNxK@@^on@+{=BGIO0b;a6coojm6rkp1<#H$@(_994CsCrjKxX9)2^QTc44_Eq#CP3g)BElA)1N4W|A zaY(}}Q2IBOrGL|D6U?}Xm*E!Dt|*0ZlI66k@!2^$+V?OzX;f&5aW(Bqacr%Ae}|m> zW<%*P%BnFWM6+Q3v|aDedIAjMEB_%=6kvT1{?EYLKC6%Djp3vu3bLoq19i-+Y6Nmx zCd+r+i0ps~{{8Xbyn94 z@@if|Q-e8fwfB#&AV#72*KKaR6RH7TjAD0kIA*Z&oG@7V-erGpu(CH=`unr7Rl#3k z1}o38!OA}cD7tz*nnCZJjqO#E)X-*OG`qmHF=qO&SbFrvGf`uB_FhF9NSFVG3Cn4f zvUykd@-w=DAy1I2I590`7SFBH(2<=pEDkjKtV^Ut*#h(FA7b*R`4?GC=-3`}Xyf75 zQZ~ZE_El?mdxta5Qr(DmSD?AfkIWeKlL;={+lL8ZYafk5Y~6(c!bEevsyD8`?<&JM z`sDxuO-$eFHnlh5{re6_@qX}%I{kdkjOv>je!k-p=-eIE)Q!guM-Qyt)Dyfugh$nr zfXMclLQm+IP6!1=Fod(~4USZlAH^~Q!fK!T9=kcIk&51DepF+t-Ey$&Er+5UnnSuR zh?NKXm9BEZA*WuARKx>2W|dQi9B+=;OuRNTU)w3PLgYpMDXR&*fN zS5`-$dX`thl63m@f&!6LsPh@B1nkBL8EC;8>U;o}S<{$^Yni>^(Qqw?muc zrAzLGbHyU7N-9fzPXzKytNep_2fj4GpzLhMmWS~hIo^9kDN3{Cw?O&fPH_JK3ddhJ z2EEMNeaQtYw!m`dM_LxVhJkI=qx7cY8hifQK0Gl2qpnZ9QyUvEe;5#V%K0AiIMTR|b~HCNqJHx0 z_7`54S_>Nn zSE1NrT&D0ndlHeexSU1MwomP5(q^`5&|^h>pXP)j|M|Q3kpbp-eM$BTjHW%4s_!s3 z;4Dy>)}hfoCyg$B+i{W6yYscXV*F^&;f$y&=0lowmtaOeLxQI7tR+hzzuC8;yq{BY z{9!LVXQrU%ob3OYyqftgg$~?z2P!d4vIv3tXWApi@lQ5n4xc6-^T#Bi>qA|op_t!a z#`)dKY2Ee@E;7|9atHZsEXojmv|EuMZT^&%xv4HlVypJU)5;R*N;%y6JU&18$@?0K z!My1vx@|-{ABR+LYl>RF%J779mW|b|GsX0KfoNGLG{1pfPBBy zFN>|ktQc&UK598#89o42n(wFpDyya_1HFi(@_kBH4$Jh?(Db3nUhpW70Ac^JGXSS8@qCX|{vCWyZVaD|{8N2M zaeEu1seNC?qp90doBOBoF8&ML*grMiUr9^abJxQRr}_usRUia7>aJt-?m7QvpbDmk z;bfXNIzvtz-B->nUo;U&7llTx$6FI2DI4ib$Z$G z)=5kYhtVH&nKQ(4qod)>equ6hZ`vt#f5;*S{Tod}Qk@V3!TZk{q;0792cr}@+;9A3 zQ`dhsaWP_!e=&4wpXXC!ID0gO;ZI09{e#JDk+%gJJe58QDZ^X)L+8lG?k#L%_bO++ zC=AqVk&14>ru^d&aN*YZ(U^qk#l_a?x#dz|D7C%gtgJqjYIr?NL=!>&QVV-NOv6X) zbQIvGM>#S=Ew#lll*PH#Y$6DIsXuSj9pqM%q~>s3Nh}2}DmkjXa!0-HL~7s_^xgas zZ}$-iVqDlh_DdOVg+)g7<0|dwk4OdqiTH?tb&zZ3&Z>6jR?U6T=*;Y9ow)^?zvC-v zp6=g0>h#Dcw|ZS_JW{KIle`70qeIK^w*xM^t1D^sUd8Kn_yeZLGVVj?7fBghot8bc z4n2QrmtIabn9v%|W`qyTSqkWC8y;)n&OrRD*R@6@)~A%NlUA6!aN;>4^y##3DFsfU zXn!+8oPG2*rNs|k2-R*si)@`MSwGaG9RN@8iWV+?r(0dkj;juM2iR+t@B(GK)Fq7< zs0)vy-IwU5tJ#vEHe_$ z?uUfFlu!r3@V!RDvHekYbQLB{G!pi}7f$SaWIxm_A@7w^;3Dp^)5I?_(vlR2;P)3f z`Z^=iOH4IvkI})_m!jzjXU;Jg3)K3DJp-RZ+^Lmz|53@Ul*^kNgp&n1r&8X0Cktm! zmutU=`+tHf_j76Gf5;PA`RJhK-+&^Zbu%|Ur!zIY-xZY2u1!YcF6ov1b04Sc!^i}N z{QgnM@6`0M%AuP#CA*I#uervj=YE{0o@zn7jZ4qBFbl$Y0~AR~%0 zg%i&TKKS#MFrUfH(67Wg4PeAKV})nWV+z_!2iL^<><)JQG9RC_c0$IW9R>y4{FP#9 z35wyuxM2=MFoz+SWdH>Cg_SUOo6%N()-LIz12Yfc>rnA89bCDU(#j=Nq+@|QXc;eU zum;EDv(p?YI38b|WIaUlv%!PN`$sZ4Th~%rfud>-RYkJW1BcSGlSCH~a`xbXlyQcD zK(H7uID_73jfs?sYESDrnQL45+iBF`J5A^Icl$}<5TOd@*uDuRyR^l*K<{lEN#4h6 zDceFwm)Xslc3UiUdM$Z$*51iPr?_RXUhSi({Vup>g`MPxIeKOW_S8YfZJkJ~hx-}$ z8KT0SSq)|pcO&vo2s^oFj~hKByQa61M{(OL9I1UdAlj89HI(uz?v!Kk`~-G<#upZC z=bxlxw7NJ&Vy!Oh{i>dEmn$i-g4}})TZKHkUb32(vxPprmy>SW{1&9PZ8dp218I@YHz{vhS(Q`eLFfmW+!ere z$gLLOY~)n9kXB7`4=P|bcCoBJT8=lPGG{gWx&_2`VT;(s$l&g}gPv--9JQni%81D=R-2^2akR(q6pk+Z4Fqcs)Rgq~waf{HCzGkre;mXv0DW8~96nXzB>x^nH}u|A zSsgRO|1Z>o{w|zJb~~q(+qaUAnYyqNsf;qG#?0y8(Cu-&evGFIJN#tGVbz?{hTrTp zJI$Nf)1>2aiT9-c;5E?3^n6R)=;>tm(vZi z4ys*bll==d7~NTn%B`0r56~aw*oL=jFAOYSNKR%RBBz^94LT;& zSAdl4+MeHk2$8|mu)AHDpONwNGcbOBP^}^8Y^l9ph8Hehw~gb;L~Bd4uY+j%!N8@wB!Ovyl;Xmp*7O9E{X=tMy%k7rDPYFS$qMp-ee`pM03>ud|w+r9#T%T0| ziX329_K!)nR16yDn474KbNsDmzRM;Wp7}hx`F^#xyiQle^d^$E*Z0_ne^pHZ@~qN* zDTofFqUT~K?_XHT$QD)pvjbGQ0vAI#(78PhtM>(v>&xo)vI_sULtj+@?_7FXxoGAv^Azx*jj7$eP+IsF0M48c`vyv+E#BhLlCbKsDy6DdAx~nqVAqNcWMw z7j>y{^Tp4|u1&@hpG$3>VMmvos6yK7De@v9MCUq7)kWvcik-mXWaq6758mv?RgRGil6yt;|~ zbG}EGDX0xOx6b?XU$=2Tx3M!!7LJ$VP!fC@IFTlS&pWw$EyZ&Zs2KlN(kPdTE*5z4 zrVEjkLCXclvdLJF$Vk`6#teCK4=)(tF+727cl3IZJ%JtZ%she=A}Yrg|1s26eCATS z`3%OJKl9`slvex$#*h=LDH$pSUdBU%_DVwdDbn+;Sp0yzIVI*?aG@O*Aac8Sqjh9e z#(66Xxr#O6tt{l87IK-(feawqFvMUE+U`t46~6P7ZS=I;xMV( zk9`6$$t4Q?#zkkvl;j#yUY2t|x&>J@eRHu5d4BC)v?dqM__&|y!~FQZ9@JH0*b`8H4^ z?6C&DC*@M;Ure^S35H4HHJ!Mzlf9rZ6nPJKOCs_HI;ZR^{N4mW zeaTltb-nPYsQ~Vyt;Z)9OBwbq!sjyx$PrSnKoR!+AKug}IR4Z%4QOkcXL9kml`Cn7gc%cxK6uS@b? zNcMTXWMOIPIwEG5u7#|TR#0YbyV&d2yW{HNjYAs&!@0% zSa389wM%(Q0A9L@*;TT-HALsRj<=1Z8(hY-oJ^fAtj#9xy2{d!!4oJ&e%#`GlkYZJ z9ov^Akz{q`0Npkb^QuYR&@QDq)~eea7*RITc+^j#1WC7DLGdhCS2i+}ZIC40+wBa{ zi6heqN=BxZj?6cU3CAH9JaHNqSInLF8mMo*OrVzE0XurI1{;4WlQaX`Z0(p~(z=$x zR4PmJjgGe=d9D`+SQ$D}pfVDb^tR{i=&w5KFHhj@1`9Q@Y^i24ETp_RyFD)a2K+&v z>)r5ta;ami9`%7V=u4K2xZpbI1f=?Yf@Q029|!cqQ>Au^;m6oe#<`Ky@8#6*^cvbC zq{|}SVRMn4UGQlwZ(%vl)czrpwCr9ok&raiEndQY{u5V*3exBnQROe@Gj4j8+gL?y zeDWu?v8rhsU7EI$!fl)#E!yyN8>@^qI&&N21pebT)=(Rhxs5eV+t|3LNgJ;vQyQ zcgV60pPOUOsc%6om=)#hoc^FWih7WUUtK~@NS_R)R}MByfro*_*S^_}OdQG*zUz#r zE?gROV;g6`!;r;!FkLPqr%?{I5aG;T8zOSDldLYo>qc$ClVlXvBGjuKs-n@&+?}YD z6Vm8TQkzJi=X)=$DI^NS+tIDABngGuLN0F#d6WH{mIHOy%6F~3CX^}_{e)zEA(Qd_ z;0SF@#$OCO@Y!~FeC#DxoF&@cmiYd17&f1S_lMnI^@l^DZmWd_fNC7Ud^1E~5K#95 z^q#ett6+*ryZe$l9T1o}QOG_&5FN^AMmI8=b)!96Y2-RI4|U);EacsYIrwCz6EboF z*E11|btzm)mz8{ja%nw_5X0W-G2ry1&^2*3uJrLr&bA8^u;Kz)7c4Ug1u%t9ATMM!}dg9 zvPZqv3ORgLaKY<<3Wf)eL=I#j_D9WQ7dvtlK4Iz3pj5ilqEcqkEv+IqUOG_KmHepd zQJuu{%Z%p+Jx-m^!avicN)Tii55^_=Xo!Y8_$UX)s!x77 zmHbFNRYi^#Xh=?J!+t09s`zNC{bOCU}cO4r)P&tkvZcPoN`P z4zlBPhyTcCm2rHueX`iD9JCiyn{z^rqGI1-m-3~oK8=O0_FS)awqVnt0{P z;er!p>n>k%!AhLiG`O0G%5$4lewjaSK2_cg7HPL=;N>=ksU)cRfU{m#s?pK6fv9mn zWD&CIfT9oSrN74pi+v)BooHxWY=GXRSP|_GS#RPHy|F)ZmvR7s#H~KV zj82#T3~|Pv5xhjZ^4Tc0=%C=ZbUlDN7eUBC#Ri&yOo^naQ61h{=E-D7Kosw5* zl>AeKlC@a!zd5;@lFK-`I+h&Zj$Qu1A#Y>g#n za&jsqkLKjmSaLEar&011oSYU--g=P8EWq`fg#7PdaaAx!=uWX~uyLoT{)HkoaYU+a z`;H^lazvVL+shG8b40ps+rkk`IU-ZHy~Pnej_3>U&k=WU1YBhv;fU)vB44*X$PvRh zLe_0FI3j1TPzsv-3ytZZF`s`a9}L^ah(4cx^`!5}e4{#+aPA;J2Ge1#sL1J`sWj3~F z*qXRaXu{}0%iL;cJt7zdpilTMSIO`UoSJLOP^r8<<-!k@TP zpEY?ex985yX&eytgAI?aPFp zRFkg<{G^$Do#7|l#~6ONJaulx3Dga_&jo|I*0a=pavW)X0*f+>`Ya zDje5-C7bsl*K451{4*4DD|L{u6l!rvjxv|>jjQ$xmw9KTTh0+wPJYd$e2XOmM?8|F zHb+OMXDNz`s7dVsySjp7%(`vO(QHyEhZ(;aSsHNrttY2Y)tYlttvBN=7(anYM&D@$vl#|MN2ccKw9LRV3HP~Mdv|L@qEx(Twt8d4-LNi~Q_VmVD zeORd_+Z0L2sgady056jcyox@z(xYZv^gU*kGR<9iQP@E&4z@_d5ob|uHgvY&sW5t`Dr}gR5 z1EG`B;+ADgTZ@$G(jOSJ6cr}$7cDlIE+ymd_*pJ~4~kz+{MMO_*MeeLvL)%7-jg_J zmms4fxmXd8@M!oA(bXUD*9l*qkOyayiq`O4T$W?J7|gfebd3EjTWI^^sS1!)mOl>9 ztFnT(aJndTvxP%qCi2z#(D!APiS(8=3a;48m!bYa=`v&tS&$;O3jaI>xh8LCl^B-(id0gs7@Rn# zgY;xb+E5v3B~p(50j((IfX&VV>J3`j`>PXrlsl3`$(3S0fK(M#w#6!8rrL7~${cJZ z9=x==*k5%fXj#q){03MYPWB(Q`m1V_%Ns{0@Pptb`eI!_Uz*7bX?jC64F-y?h?g(B zkDLJ!5M`K`FT3A@<3|0^!(5!J8I;OsE7VvBdXnzb0k(sD*BiRk*7AcWLd0v zZon4pNod}b@ttMc;0x!qvKP!Z50nBUX(zNXy^&$khP@@U-WKpXYzLCK!Pn%TvTA$2 zcl0$GQ9E*YHXX?ZY*@!xWrf-(tiTfd&Wnt~dd4>fzrmvp&LBOg?POKWSM642Rl0*4 zFdf|ze)~S3VQSKj96T3B19ralh}irC63NjR6syAntD{>9yOq-}<)HS*`=}|Q$>xKl zSkF6E{2Z)BTV0R=bd2s+ebrLY;6!d~PPDDb(YAg%EZRCNoSHRmXBoC*j>w8=M{CD^ z5HG{3@^IwRk}R51Tj^S%KZ8c~v<oL@%te z2-EZmnJN5@<)ugt2r&M`a&Q%qhhu;|tUz8enLn!}`8{W@oat>nFVmwUEUuAiCUEYs@|glQlAvH8PVmGLtp3+8#yrzLw+Ztr0?q1!&mQ_H}0MBSl#i&RIjwbfo&Y$Y%_nsY#Ne0WCp*L6pDkd}Q;c5;&z zXgy6z2<-}|#_LFtQHfcNO2mmqxYb#eC>Wfy`|>#P zh~E!p3;79I^%w#XZ3vV(wmAp~@=!dVPl9pCqa|yan<&o=SmzYh-$Pk^*m!P}j)H6^Dd26u;gJhFmZvatOePVS;IO7a^^;SA}^>19B>w;^$Ql5 z%zdOlHM%8mkRzn%?s2QMpU8aPZH7We#&?59NP%m`r<+mk`EJMOMU}Ow+?U- zbVm+$ZI#gtU2sL*cx-2VMaX`Yp>6gdjzeLKk;<~QOdLrY+M#a6aXb<9;-Ui&{w^!O zptqhUZaIgH^rC9CRHEz*zs`0YzX2EwFX!+D7+%2P!#_iKHis8u_zn)ce}eGjxOg{* z+hCX-q9r|v_4MQLS`4!jkfcw3gm4!QKaTlRIs7HYTUcXy%D+h)VJ^KW9M`5;>jb_C z*U^(&(lV^@D-JKhN_KNN6XUnB+*BG@a_C2{B#kOD8)|cq@=q-IIETN$5iRBLRwxl! z2!VXa5b;7_CZtC0M!#CGP@N}5ojY1$ox|yM7NWnx{0_+W0%vOry@?D$gJGD^3j+Ny za51{-!x}F{(^?pVj@BN-KuZYRj}Jsa+YPS>`KOi!R?RtL_n*5#Dw=x+g&BX70$Wex z>1vjW&{V!$SXNChmGUOzVL{#;eOTBSeOTCJJS@nnuQJk3*ryyynD`vYHcrAvS8qSK z_PX{*Ts?MsvJPXo$7e27Kk9M7W2W!ohy_LHdTjSd?;e7$0S@y)D4hC#DV+9yDV$D^ zuzmT){{LKo@Ulh11T_WElU1SsyCOLbWF;H|E!NhdN&3rS+*tM?knOHbnnQ}0EDb9ypPN?5p1L)pFcKyz)44*1-;k z8+d7}+0=&@t@uCiZ?u|_!nO;v8)4dUX=ZUZ6E>pD*N>}2@1P&IK|k<*j;35yclT7F zfA$l`US~i+LM{3hqJF~xw(>r5YROOqgzfxmd-{ZF7`O%F@ZMjfS5bcW&|GUNHwc@VPKa)=MIt+|!nl0Q1ZWnprYU*=gR7YqR%12y%zrN>4Q5%Z8e#R3Z41(kB82PXSraF%C`jMHWqD zdKw=oUr%82KiDR{ANuTP_exnh6*AZZq=)3n?#M5^*OHtv}OwMXgrpM8B z7wqFl9q}p{PdQE_f)nZt)r&d{8`Wv_0_c9s-tR+(GCbz#(x6g19%$sfz1b%J_A~x7 z7P?^g@52fYLWKvv%P=|AD+mJr_V#Q^^|rnwB6?_p~U+>1t6p3s5h z+k!&eVe?5G3$og1i)gD$ozjYO>oaqfIsBVshNC7K|bDPZzT$AjwmYe@(CTK zd`WaMCZ|d2Dn+ldWG22*GuR;*B*ws?_xlJnt)*pCP6(*E&k_$cvf4@=swuwKWM_U3ZRfdFn`%;lHJ%sjgnv`zyl29X*3t_-&o_XNcmQ?nxa$eAuFrW7yWUD#Hu9wCx|SI2IuG{$bpVT(;sCsD0a$a6An=EM zr2R^AsA4E+bw~T@&jy6(W}^UFjrL4n5S4ooAOEr2Y;OOceN#S){B2x^J#Ql|3mTJt z%XxdA^mGs0ldW`Hx7~EGWEvWIuU7*^1xa`St0#f%O~{_nZeAzQz@yco?tzJo7Bu)` zwV2BmMyC*vw4Uoo9{);ut5Z{<;1_rFG-+RVLVW0(8os((H;C$->gb-ov>M$NE_I|Z z{3h4XG~~n0TTNtTP(0y&5p08%hw(_oi@4K-#zU6HpX(&+fc>%xT>03$XLNPx>|_#r zZ=o!^gSldwHO3WtAf4>L?xNZ0Ys`-N2O^>s8{;y1DC1WZlyQKO@pjG_5*h7~F@rL` z!x{4pK3gtiR9E1&zxZe}^7>2`d}BP*lW04G;}>bcwBA~aca{+Pg)@gGYAfVmQtu18 zA?;8O&1~t8&5RVypcrI~ZoHZ};YXmrSsN8Ni2T3q;^6GSWn{ymQkYJ*DF3t%%0E-( zzmyXz4VmUZ+}K`yni0yG)3pZf{*={3<5;Dz`big4>9?qKDV8RE7EyXjv^1Ip{JACl z!rqz}m`a0$F?b7ug<}3bE6a}W;(wl^F0Sqt>*9N5u`b>p-^H_^Qy0f!7e{j!9r0bnH=xM|S|8gC zt>>Ymh^LG*!VNvsRvf9-BdFZcCcdvGqpz1?Ps*HiOgyb*BIc>7v{(lKFecV%zxo>V zqLBA$C{~dst_0PkEdP@xd=*sj_v>lghHl#j5#b+*8&Ty>26WXjiOjennslpHyt=Q( zeug)9B=X5qt~q|I6I!D=N6-&KSDdfY)XTzBer_6q(58gpgmj|mwY{IwY;|$u)_FVe zY^A!DAK=rjl+FD(oXZ}`y( zmRo&;;X8@GuY^zwv_kL8giuQ~+wSWIAuF1a_jQC&G8&`zr4%eoF-b))35z3bdX}Ln z_6bQysasMU%N0bvFw0YIkW z08K(Vg3Luc2_0z?2x2~VD+|lRecADRN~hRFG+ZDi;*y=wiI^k>5W`6uJZ7ARf}`Il zy9!QRX9u#hp!!z3wNeUfA|Y*_7%7lIxt$g^$$yGmk$HUR|~eUe~`agvX%Z_ zC?UQOr9whc{b1ZHz1KZKdu8TDv9%BE5Es}0U+dg)>%Tvntf8R;Dp+)>=z0jy6iEKj zM~W*pRu#9O7nKy!2)FsdtJCnM$5ArxBSXu(UyC~wLDU^?BkXf#xE53xsz$+WYGHC7@coP`%tC*59W(i2iOV&K9Q!#1?cg z5anydsH}9%+fDWp69^E-U`AUvcM!@+4dznZ0jkjVXJ`#te%^_GjoXXf{29vT2Nq;N zL$@L$nIr)kHP{+8qD}szscX&Tuu5|5SBm{d|481i(4%VLfG^cwRmHSSDZS5%Ibnf_ zne9a{SB2<2xxr|(Kr|XCJ4Jl8^62Qz-VTB!GUE%ZmFsp$AFV)&(TOHE1;r=@NcD_{ zr;U7s&GmUt>AHy8v4W#+JB4?trRyxw%r~y&l#!64zJ&GHY&Uy5%fXd6gWAWVhz}mf zj7v_SWaPtW&x_>bXmag#6PbQr!C~l?x3juzDl|BV=v80q!XI=rP;KN+BrOr-&Z6l^ zU$TFKzIL)X*Kr5Et|iqh$EVk2B!?bsGeg0zl?5~*%jVP1%H;{h%TsYx zn@a$fnKr?7R_{qmmt4$Ch$PxC+xhqL?R7f4_%?gn!0oCvfiFHS*U($ESqdbQyAWq5 zvJQwAquoKzAEMVkJdrK;Cj z(H2honi6xIDHh73P6=^K_z?Njv-sZp9V%)BE{Dp(ucOICWhKrxP$ONFyAd^lP^)b| zhDNGlufs3=fIt$~=B%biOHyuAejv}_PV$aYP@gO|Mh87+ zw7(Iwjjid4$}%DNbEN*gD-uucK56B}P(LuXjK@Y_o-kZvay(y^Kdmap-DpTf9h2`vj2%-&d4nshmp|xkN+d3E^8{ z*nlAX<>qK>R*WBk@m1%-L(Y(Xh+J5V{9*0K5xi}$t!}byi(F?(afE5*m1I~eEtz?G z*^mT#x53!E;jU=x9DqDi4wiV{)nPjJ~?y6+yACgg<(YS&C^(5jA-_Y}!W&G_tW*P0}(Hf^G5v!%>>Oata*iHdxtORr% zNLFV~2x!yIa0}@8M;si!Kqx!4X6X$nD3;Z-VCBaUZ!TEa$?VH8PTSj?ownm(>)g65 z!xR}Rny-DWPABfo?PhkV5qQr0-|VAIUdA`fhxgVRqo}&29xj_V;8pdmD(q%F%9ysA zP=-J7z={VvQ-`Zc464ro1^E|s)LBSPD!PcRK>d}88%JBi z#7%1+gcd2RGX~Ii8#5Ho{Tc_saT&4` z8mX??ptV%d+6#MXbuLpzRS-pjCX6tuhLrOGJ-yk0R*x)gNZhpOg$8W!?`r=xz_kyh z+Ob?2RTZrrqrwxR9-11d=%46xA~roj8ahC+BW5_%g28kW+pM4fh8u8F$ST>WD{hNvV_uNW^m@>jIC_U&<7Jlsx-e-2Jm(qFmA9nJp zy}SbQ1!Z0K*SC120Qes?^#XBlK$r6{8v zySdV#l-QL@&&<%>?tiy*6>B}5cZY^MvPxh)&wSAnaBIiPsKTOKO(5BEJQtys))~&C z3eK+KK$UoG)KymmcN&lk0%OGcG$ zvvWiWM`*gOFGP?@gb`M`Y($z#NKXYmWCMATyRe6s**`&^TaEMUbl)o||I-4CUvEXd zSY^L%i+qS&tVLE?U08*3!ZyhBAIdW(RkwZ0si|cC&U+!g|8QEGZhP-TdO*}L2eDVp4)4-7*6mlk*~CcDui`}_|@zgs}J$+4#WlkTMd zT-D5wjY}96>FH8J@$2VSN<8L}oV#nzpYGi6-O{k{BOP7-v*~l%!anF>|0JF4kPbfz zZMt%IAU;Ssl!7GD_qwg_1Hp`Nvk5Kiyh|~Al-p9r1T%(ua)0-xp}3p5p5&qHv}J0o zPMOqX$YdQ>YUu%kxv*f+O}>F>Z*vOn*AuGYQIq%yvN=$JWmt*8{t3M!;NvrTy_NM) zq%)QrNPK=S$+=C!tXI|{SFX!C$LdmC)>2C=sBxSbC3uih363h|3WIZ$w>uM|L80DHkh=J{+e3byV;369{c&)N&lR7gvHreWQR!#Vk*gq?jgB2($kfDL|Taw4r7B|{y8St_)9C z_z-vFgUG=AkNQFbjfNnqERG~nZOH3`n!dwXGDDYwx0V;2shhjUq1+s(h7NbO`_E+i z7U8kLE;wbh*}maM%uBOvLyi3)tS(}|ikc-zG+N*msR6B29RB?@Twe}I0V|N!)0JDs zq5fwAVHTjAC#}oIyT+<1c-J_rttmK7+Yb;;U)*7VuTks&Jrt%39FYRqL_8)+%N{ig zDaa?ZjJT()(gehpv*j{7STV1I=VSL5kmU~6oP9!T&PF@)-F9!Vz=&+0(hZl(xOsQ{EHPDGa86Y`pY`G zni8s&Keww30jfFIc8B$d0}i#JO&eGM6*JAb?n0oiAH@1qXRP{Sbev^|+KTPg3bent za5gH@*S<{~38%CG%@M1e-0DaxZn1CB+bwLdnGoHyvF*i?RG7ZF0YSS1F2or-q#f(U zZ@V4HKh&{s=4n>EZ|+}cA1wLRrp993x4dJ>JhRts^dbmn7@j*HSnyEH!wgCb%5xLl zE5};t9EKc^QI3l!#|SG|!&y>|Eca5Dy08mNX;FXv*>hXGxPlvW?_IN^Zr;nPhNH`e@|1>B@+4>c|OjT~NnN;2Xo32^3-W zA8nwo@W*^Jf2jdactGT(ZxQLSlD@}Sb=!K5Si})PDEylvW^n{i2TyRs%^Z=g+m>*| zXpYF#ZTEA;K#qWIKb0f0IAVZq8_N-C9FecvhHyknj*xX*Z;q%rm(4z|y23ZAELAsE z8gF8o&WU9BS7e}Pzc$s+67l}fSAfnA&TYxsQ)mN2oABxx@@Zu)m_Ff5PAJlftnt`u zO0B+DamJ3M4K0O=!FE~S?LB}pmr;@ER_Kph2V!NrcN0*XE%Au97u2Q9`2{FldqLHA z_JYthi0C}$kpFb{yh7!GEWNUS&YrM0X0@V`?IXZk?VWG}lW>Ba_*Uq4z!l|NAwKgE zF}D<0YY?eLG94g!MSfo>}UdJu&nF`6#V%l#N8*fV-FFF#G5XY zr&Z5cT(8lv*mK{&C40E1nAaq-fD^Sg)b#!|8OJ@&f$OyoZb~eXj+Qv!G9_(D zz`3t2wIC06)Zh!HWv7vxc-TD9=LoaEc_32jQ4{F6Hf<%D`AigMKEGwLto3KIg;dj# z*R#g9AgbWHkVxX~DxK%(uVn5G zB-Y*!E(?ip%eXFD?(L@Kp2u=FquiWeBw5-pIx4{KyHE`Hl7a<^=03iZNEa4w^!^+_ zT<;1J*XTgHx~J_*wYFqkqAC0{iS_!>FobqnL9LF@5;>mW;1(`_St2yq)9ydp)7uOF z?c*D|xerfgAK&G&e|tjC0Z&#fdF0(nGRPI-N1(RNJ!$Z+?JX!`FE~5Y*ZF-j*%xyuWzbyYCP>c-VT$)Bj8AfB z)kUmW;^oD{>zvEHb9B&>jVm*Kl{>d?PG`Ip7YyhlE9JgF(80p{W*6MRp|&>Y17zl6 zR4y-rcJM0R{vneqIMOWVnUOQ>MZ;#pX$*kuAmZJq?wlT$(0i1+@(uTuX&g&D

-``QH*l>1Lg1|S^;+}~ zHsxR-r6O~NNpY=ZkJwP4^)zD{fmAYAb8MAOE$G2;MoFsa}nLuc5nlxqKhLF81( zxz*%449Gddiol+~^ABZBi1QDnCOxEMck}zoLEpN~Y!ej__|30no3wp1t;o(Fz6-_P zgP4DFH?~Qx9otiOzdo3O#n%|cwY6Aw z_BO3V!O5x%D|;~{C; z5h^t`TIxwCC2zcE=IzsbbMAqilJo(Zn%HW*#M)f)AE^yoAT+Q;336Un zBrBJlOkl@*kfStd8T^}$;-tC4pV>CdWZ%@4Ui_=I&Tm^_bp3|7{H2mBt5z(m_QS)* z;hW&fEt8hM26dJ?hDhnCQ*HmG3)O-Dy0VVT!PNyUjHc~*%VKhwzjf)Q?%?2Vo~*NC zrL`v>X0{pCw?kTbJ&Ht^wxH_V!HjM$|BiOfoQka|AFvVsac5P*-Y$o_*RVH0Z8p{2 z0Cl^}D8+7VAf2FyRpdKpwNXEi{jd!f>h=I}gkwVU5C`idGk{r`D&AM6Z16D)zCT(|?VTXQt~ z*Zxe|@EG91Ij0Rg*niT1KBmp%3{*J&Ux?WIzYJJk+j0l)>ZI531i)S1_2!n)cK(~4(>4OWOL`T9lQ;fXv7e>K(ljyEG(r*xA6oa+9|9{|8Xkr_8`=`yKyQ? zA*Ag_1UDvz;Gk+R_x`0XV>6hNkj^Q&lu-hGKI%6}I5+Er$0pkhkiFKCfB zn6$l??ZCykKi%_p=c7U6dXzGD5rYO!-Riul9&{!5DV>=kXSmg6!g=E7J7I(!4CjfL zKuHjJG&D8y-5K70ahe5>NIEFV1)gQ*m}zF13BFnJPAchvdCpk~vZ1y_UN6X2iG6CrRt z{7%9LPtn&|+gS&)Y8~n#B;D}4vA$E;{`K>MxwDczKo(MV*tz+sW%*>DjFu~Z9Q@_O zUtjo3XOkB=t@$Jj0KWrh=JLtosT|zO;sq=4hcp(*EaElrl{-F7^3OF3`&GzqB99^L zW)c$TM8Y_YG+W_csIs|JWwk9{O!}cO2?dq+(4M1i+xbu8grLKbA0wUc{)g$qXCoa; z8U9TfU@Jh5AB_C~uux!_MNri>!cWC$S@~8jEXB`wd+4IQUR2%0`1U#*?Gf}L|AX@6 zP#%@F$SQo_Kx=EGMi>ZQ4f|ieiW`FdoUjbj>`nl=-v1TRYvd40bEAKSPgpd7$TzjE zu)hxX8l}{&gml{n&k^Tk!LQjYXY$H(c-e@&ie@v)U{PiGYbhj%WW`tK>q(lCSF`%$ zX4c%Q^1ubIFzGDZ$iv;pW-MNps=c?lm7nAwY*WRl<>(&eEIxQ?b$i7N%c~}~h@j3# z+@I#kDzi&ZmU{b+3bxLKJ(TXr{TWX1voc@8D(;8-t$AUZ+pN3I4M24H-isuW>w0`G zd$Poleu8`h**CGfC=@^Rpw}mF$D#x1D#+IwXaiwq*>|H`sc{)lpK81fft>E4R)qx$6Mn>+ss{ zP+L0Gu@)(Hq*V?&tMLFpi%YXH0H_e}Zzv862ls%d8IdlZk|>0!Ng?#vN<_OOt!^_= zC-4LPgPmdc`763hKc6ha1Tx*b9uNwAjMQ16BWQd6-V9@VURzwRhkK)ip~n6j{tp9~ z_mmjG^9k_-I0zHuPQ26VR_>(Ud$N88WStN{hk?B~hrU7}@%G+LMvall_!6LSTGjAe zJUZ$8Wo6HinPnq0qNGVnxol)A6D_~EgJ{g^xOUZEUKQeq1@FsnDSxqlhs z{vrBNrFgByH#ppY6NQTw=}W{!qys6(MK0cyz+cFZUu*HU50_xh7W5?rw&GhLjy%zu zsEqAvFLM$^g!`e%5&{)8IE5UMnNcu8>y2e2uVD9mVN{}1r&L3hJ7QV-qphlg`0AJp zp~!w1fp;j1zg$jUzf>{z;kQ}M{z@nr4zLA_AsEI5kv&VWu9gx!? z7gr6CHjKSUEg5g>Ye?9}k5fd#4LkwJVN2W$SiCBeV^4Qqeb8-2cr-=F*c}0SW zQ6SlbIfc)JPLqKGVEdnHvi))UA(g0va}E#=nEN>4fcY)OjH}L5;q~0NRA@7DEd&N( zzy*Q*(A!8p1g6hmL8~b{YW2t{drfGzRJ4jqy@R7uIeaq~L{Yvz7-)&K=}az|0RnhKN8e2(&4j{SQR|J*o!15@%7FRvT4{u-=h6PMr=f7JR8SAwXdmN}n_mIM zt+uWRmy%F#|Fv3=Lw&dQO8hPz!YNS0i;z~nnOVEs+ z+F3>IbUpQQhH0$YdUtr4VG{qCDX#jjOy?T{I=%Mi$z1z~CLRKEBt-4=X1Ig4=eXuw zXg{S*@I+5jQ3&ot!*St*ZQ6g+750m(oV`j0lR6_{V8%NzV+G{E80cU4>#ioZ$Q?uJ{rnMx#KiM~+cN~3D+PAp;jh)YyTsdg*EDwLq7?WAAtjM~c_vALd{!A{x! zU+f*am3?kyJ6z;l%BK!>%W~Q*>k9~mQUi@?zJC6^%YMQeZ7;hTATfR| z&0l54As9aDpWJ}r$6>g{dl0@hL7#Zvx>R2}d7f{Jw6s#|f{TW-5NPB@Q^}Z130u>e z;Z~OlF2aiS@mz%ORv_zQa2ee<*#65(E;3sVj!l=n7G1 zI7ihF%g1*SSsjKKRJU?cRwkOHqJJ^y5sxwVkgP7WN=wgCha1qpcXV*t{16;y&W^nZ zl4%a?*K>|**g-514kw`!krxd&kq6!Ih2%aYKvxmpMNs?^QM^;Ecz89< z-|D`t+3lWp4rX{@bsfDe-6;DvqG3hddy_H8f#*>^iuA9v`?BlxXnYag3Z8=$XHH1l z*%D2t~xuO&xV<-K4Q@Kc=t#);xQsuNvk z;DBHpQqfelT2g>+BkcuM7JEob2#?{*ob+VKPvbnb1|OU2Ka9e|jIB|45SuCd9d!t1-T?7en}PV7@5h7qS(QPY;oJM* zU%>VkD#P|c1GdNEvfXZ}(VSt7( zniGSe_4t5iV$~LyiSxoRX6{Eu!$JlYL5TZOo0TNsiiM%%AYHxeHD&3ru5QV(TMhyc zM1|3@lsfUC6K=zEt*nf*{NLx$=!~x;*((SxVRK>5Dz`FAL&v3T#2Xbw{xl5|TDJ5+)44(vrE{+2LbS zMbzCvUxz0APt{YU&D+XP&8WO9tFwvuAZL|&A9n>?TafV}=YA_o!%w==a$B`F?zUQh zYi~xHY_4^gYvinxzK!8~P>8U*c&IJJQQEgMd!Ue8ZbA-W%gJa0eP zA!x@>2C|euMTL7xcl*}y0^1dBrjEuEX=!2J+*z8e!1Spejppt3nENUgo|aXmiA$HI zbX33a9b%V-(uPr!m0kYtB{(+E{L<4@a5`mPD+5%9;0e78 z;SCKb;`u9QmB_^Ur&Aky5wuOYgAAhi;Ya)9{dzsp!Bw`Cuwat`c+ghHEbYM*yT4&P z`+^einNxv_VPpPAFF93Cl%w$H&Z?KqbjBD6rKo|Y$$OEpYuh(PTaiTAXkv%8O2FOg zyA`g?Cc}op>n64{Z*D1KUFIEf)^_yG5Vb5&6Wcs+{G5g5)8QX!nM^~24i1v7(vnQ% z5aHt5l~RA*c;7@9I_IKI?2b0*y&XoVlo*6VuTe0l$HyVh!*%3%TYQSjycgwExU$OK=9ZqULKBhvfP)>y2zh**Ea|<=zHv{cLnA?q_uso-e^30M;$tG!W9m8I73IMTlpT4u1l%cuJ3ai z+Ynvx^^V*R$!KV8p~=9dfe%l|71H|sJJINQv|oc=YOpcsez`yIz}MKX9>}d@+R^5` zHA9>%K!Pfz+RSz67zt5sacvWCLCyF{GLiE1N<-(Q@Z!@z=<2H&L+LlV+-{c(%Lu;) zCsrfh0R_uG-ok8z%M#dPYz?L3eG|>R!a?&U5!!jDrU1R#eH9kji0DUQq4a9)AyL6k zv>~8k+%IS{qDt%jN+L?SqnONQW_JMH71$A{TeYqkYyU-m-n&O|idM@}R>!1w(SZL% zQ=|~vM~%1sjk-|#33p*yv zQD5_hx0l=c3uZ8jIYS|Is6KO9+JW zr6&x0U-z*pq zR>-Tp_5looXx@G>g8Yw^@GG2c0H!XFrd~j)1%y)y<9todZ}vnm9WJPk(mL#Qp+IYi zQ`w>2y1G_(Dpka8Jsug3ATije;;Lp<^nfbfxJkIHs18H&&5jI8?OzhX5j3 zg1oz$P@*@@p@fRH1ej)rI;so${<9|+I}`|_m&_+avi}V79Ei0~k^Q4Z)O0hP;vD|rzgMA_RCkHbjSi`||2-c$CKe#_Zu#SVN z5UgLm@U(qf3IX21NPp}diWM%bffoLR78;f>JZ0Zz5$QHaIRz;v$%kNhfqfh9AjfjE ztaO%@8&PcQ;0=PAKz>0lU6Tl_e_coWCKR{xWYrsQxAj_NnZ@Mtms!e&GsikO@q{}F zloQ*xYXhKSS6aX|j2A`<{03A8?GU$8=gwWINrC-He0+H}PX0bB{#@{{4*>*DPA@Bb z4^7O$@+~2g_c-tA-h0Geawv~rY{4eXWbsYhi0`-so5`%HcO($-F|BknE#Z4`yNqN& z9SOcp_S#C~!^2my4_Rm5V=;eUwz;Q>|F(d>jf*KKzH={)aE zj^!N_AZ~)0A|IkiuVeXy1T)1ZVC+JQorkfUHxXm6qS)SfsO{su6cZC=f5>7q;Co3n z7t7|7(gagMZl3qLaDUwD5almUglO4ck|>e}ggc8Q9Sg|1QKmbi2P%`mWfC|^3j9n5 z_;~E)4Q4qwJ^|%d&s+>p?N+{&CC3T4cv#IvaJpc$@9s@H-HeVzE`s}keYwe{hu}-v zFw6|?;i-obQ2wx4T2e&wy4~zM1a()!Aa7bM!M_*#I_6YF_7Xh|pEvt9+dnWzwn8w) zI|cr2<9j^oE z_!};scMy6cPwV%dY~DLW|H-8sz;1YxazeLE*^YiaJW9KD=0^UcV*IfINpbR@N{~!* zp!sz#9BgQRT?))6YGCzRvgYvWzvx+Q{ThB(i<5rGBsEI!xX~O}4l7TS4 zCi}pS1DLfh>u_0YNA|OQ-xdro`5wgU`}hgsS^7ib9+c4y{wK80bs(EPv@CmANIpDb zV)MOflH*f+!(6|XEM%Yp#k7Yp^Ym0y>D_lNoUtR)P`bI_b+x)jIfb0O*!W+C@vAhx zNQ&YAM2tTf$Di)4_SaqEOGIepdEmK`0#*1(gB~$+LMQ}XuYC?p@$+=y4qTwW5@Bnu zzXPPNixg|n*ZB*i_Lnc~wtqgv{{QwEnjw#1gi!xO`jWg!!yIo?wT09s(U*)@u`TBi+qxpJw zmoZ;o%x^Sb<3xrPyNqf1kTQ&zEE0U2Fay>f62#K+v`sCTKEIhd&YtG-3T~xXdy3BW zq|2x_+qn6E{lMRJep%ol3S4axjQMRfpC;?`3In)K&x;2xlJ?1j3`fky^d6c=C0?!& z%1;$kphZ()Tv8z>_w{-4lY4iCF}aV;Yc#pnRv42zf8Ke4F{i><&q?#**E1=t!kG0T z^WuTgMDez)dB!y16pMK}|NKtp`7JA_g4GZFm-#)f3pgG$I zI|bdNOsR9#e&-72o1Hnw+`%co<{UvwzG#oem3vYOTxLe+Zsb6gZ743G_9?1d1 z%vLau%<~+8zmDyt4TEzW13Pw-0w-DRX+mE(j2D^Fth_WT*rgk}UT8pvUc247`=p}1 ztQu@-kJbSOTH3*R9mZRW@z#Ak-?6SqwDMu!Hnzeg=cjrKX15mc~8tvmI8h2{AVl+UWjBzO?YCJKRbMT%WYNdZRU) zMIFdpS5s*(k7;u@0hg~DIhENS)<9Q|N=3hlm(X4w^Eo$U92@MI<3SXE_lr z_*o}hxt~jc8(8iHrnCr6LWewoV|X)g!p&fqC+NsPvo&ywTkA9Q*E_Z!A#LcAJbYls z4pQJED2+PpRd7tlD2IHXd9uECn-7t-jDORaUINf@JJn)Il{O@YyW$&; z3b2MS^;rYjUtyqzE*vqsFltn=<5e=vfIHZxrwh%Y#X5{$IH3REI5zBuA!HDn%rvMLj~EUru^%qLx3)n(ax>1Q;sk7@}8H%WAiV^RgY*gSwDi%Cy)0=~ zdY`EO(;bAchRz{`6=?@ii5zvs9FjkbpAW)hjpncLSIrc!d({5|>Pe0FGUP#^!1b3d zWuG<~U7aDB^h7aS%J#|r)0NWWCDvWumN}vDeZ&Uvtg&y}&W8WdmnK}4hd%`OwBRK3 zuu=yM5UykBbjY1m=Lxp%axdOY{Z&J94m6>60iU(*ckuBL5zx;S0HM1!#UnXBv)2rp zZS^JRROHlz_mZ~9URjw4=Z{nKD0|#WMa}`O#~Q1No@j7qprD344GmOwE=8fmx9%e& zz*S7%3sa16Sw}ni+RrZ$VBbQfwZ!w?QSG)@t!PT$zomd5MnfcqiY5VvpkHz{5KE3B z$KS_qklg{ylqnXHz!&;Yb=s*Bk>*ksWTblV0U71}T#6;brA)}M zdLX*5tOk}-XHd=uh^S8JpLr+F$usw6Q#5()>W90NnWY-q*L(us+)5+2qyI0m4~h0O zr{7B?SDz4Fm?A?V+!MkswRMJWb8%vOiXh8s*KmwU!~m^z3CH}tEt^eE+U`YRX7qou z4SUq$UZDvo|Ly(eeDsbR?c{tZtJluQXW-Uub#ooN0`YYfjAyB+J@Jq?R+)tR7qlpA zFC04F))p?cKd`i`1E^EjDJgPrDMR5?2!(ckeTqwRl+@(Uwn|02SeC}4?DP((8D>dE zJKMv^{7sfy9hHun)yi=)5^pEotZwT)i$uF+HPNUaYutz)we6pvt8=&HsB$OXmS$jW z)F0I*0r0r|i&IT(ZU!a3)sff^+?5x%a!nhV<~CQOIG8KAqF}t)RJb_Jf}*C-=Yh#= z>nyiiT9HEFJ~lO6$Sl%tZ;3jU+45qoj-FFtGA<&U(Id%x0UTpv^W|Ktce<=j8s}C= zPR2>KxRqgPsD(PqrHo4@Pg7`Le5;_ZUH9<%(>J=9AHWgjtp=ri8Anua$!33Yo!~qC z3SF%yO_r5Zl27VNCIyEPQ5|NZspG6+$t+yXjj}|$DHXjy1EQ|NAxJ9X&ASVyCyB2@ zm&?R!!i&Z3+-m8CkhR=5+jwd@uYI+CCE3Eh+SgNrJ-gNT)*{;97~g*1zifY~(f$mw z>8Y{Oh9B+y)4TvYCLli_K!8L7Rx8A(PhOwS=@`FttT@fmTF zOcxD%s?^R5_aZiyF*ea8G>|{M3#J&s%ot|xX2ZP5pXVty9s@_M>B(;h2erqZj2kJl z$;C)}n~jlQl0r-(l^lu(*f-Lj@vibqsLE(%4m%QFq2qUXzWFv3^y_B-P*PnC z@h~y;2{lFEv&b_@v)8l#kW51TR(d^qj-IT?rXl8XXH}DZ7Ijjl>|fj$<^KlXiRyi} z4KMUG;W?jk1U2(pc+^`5;BDmyN(1JjfZqTXP>46%`1FmuBg2o?8@==mh)nwLgC5CS zV+S;Tk*wO&Na8@K(GU*TZTCS=NgJitm`wYP+xk`4cOP3Sw%KKngh9PzZU>%tL7y60Y zxGZvho2n=RT`*=k6Dj*$>H}74n{>zgivS$RC}MOV(()E)2tKb>b+*au>m{psr~g1g z%9EX4a=v-1~j#L%}8 zv=Xt97p-1nQsvEtHz7H9zqE2YnH4cS3PIGu*0P~HSP;3ya4a+;?Jv9vJtLdTUDF<= z2@sj#TwZveOLdxXS!K0tJS^BZ3W6XsN}Z5EtTL1&@wU>o4JLmpS4Udr9FTK&`2d$M zvf`<@I^;;N8*KJ_TB*jh* zZ^m|k%Bi$(B${U{f+6fmpa~uAfWUHA;^ChXeO^z-cq=-AcdM3m@LM%nUC=LIozQMJ ztVBjs8uHPM#t+`Z{PSCz77a#*$HGbzbe@E)0%)JnMGiBa6~YX{<@p)xVe^dg6?*g9 z+EADF8T~#TuV@Et*={|wb7w0+#{4blruytpp9hZD=qB@t4TOx3%+aR3-uri z>&hyJ?d0f8`|OyNE)Ex4@Xf~P{lzY|D5JS?+pFxnkQD~uspR=N2lP>5@cz8`wKLTr6Ss3zNRpz`x zXqHrxH9}vVRCE$S3szGuJdIwlq^0Lz7~4Ep(PNO5|B*Qda`v7BR~1nlt)N7DLVt3G zQh$K%U#IPTpjM~p$ge3gZzHSC&mjL}2zoc@Sd3y$6W2xWBvR1|_P3@iEQh(wIiTA% zVTw|=&W!#MaS6U=f9eNG8-bM);4_`I7JR9Z%bVP9UCOsi_2{-)TvyZ`g-kZjoNIA9 zj}Uw0gZr}CCYZk%4v7==p!2(3{~{1t{1FO@!u?hTsJH81211KkP$FOR^)WHO>?Z=8=jXLZ7tlbz6t~Foog*(~0+0kB+6#ta@wR_RTDIh~b75bz*DW zqP+)AJOvY({s3~S+ik>4PO)z5dz+Xpv?8v0S}UGYC^uojoKz*83S8wQRHdv;NtcTL zM5DP^A@?IoR&TO8bB^Kr-zc@?53nN1uxQ%40f-K~om~13ckWNVW048EZ7K{V&yt>8 z;2Y_H6Bkx2IB~7^(~ku9C{*C<%UeNKwrdh#3N$wRB<{e2)?zZ`4p^f0M^xDVhZeq{ z_-_BuuvqvG_*ez^R`jHGFk%z_gT-Q^Hv^qq$+Ul;Zj1Q-F;x&tZ{9=qMFfyl5G+_& z4aY(XNqd)?)rI9=7Xr)`(aj?j%{zzk!m;gh%X?i3cNs<9M49e5?tznj2ZFA!^eVDI7s^oz0bSV`_tU&Ha_Qd?^Ib` z#%KI8KI8lE8yG#~Vb}cY7Chrod%%I``%o-%1(e~leJq^qF%j!(-8SbIKHI-=sq^q` z_f0~-kL$77R=eqe}842WAK*c>oK1>>Xkgdh+dPe|!3B z&%cgnm`+!z=qbF+s_t&A4lXg#e(i_IDfoJdfgEIYN?$nRS#VstXDys|H?u)*ZS0Q% z+p}}!QbLG?sbCW$N3(52WO$7dwxgrv({*$ZtY8YaIW9uR< z#XQL>`5DVgPNrqKq?V3gtt<2#zzs!(ejC7N=)e_l2-bz)Fvo3P#5aF+_8t=DE}mV> zB6zKwRqDhpvbqpGwAQg^tU3{e1*#7rJ{qijWG;2kS~P#(3kW@M2du< z$#%Ki>ls^jS3KuLg04Uy* zjVa>8F^c#MQN$++#FR0qXl7Hn1&-h$K)Ds}*l0SR6vFxRt<16ej|cUw*s}UQSxs=O zx2H8CeYXhGSBs-S;j?gWrt2at}yFdXZFDhe0%CA~r=fGp_Ys^f~;N}x5_LdcJo zHnsXL)T&z|FnAXjf~YMEmQ&KOGRM{PNe>yFOAb#{UDn$DHN`2L<8NlWoa)F-JDN$C z?P$f8tar=G7WPrKz&gvXx0IHlhpmnHfGNFFC;5YD%V;ySilUnX!|yZu?N(TZ@QX+a zIIJ_U8+j&EOOx+mQQ0Um(f5Jn&B zRs*Xj7m)uabldxriM+|QD`nxUxd(%;;hXceM*woVa9kqxikyDX}Q${r4O!jOP5pil5}c1s@e*i+>-onv^+o%k<5OiLw&Jb4Z)?IjvP4y+wGp!VJ*RRL6iB#i3M3 zF#l}QIda+zkYtgDRca4F0d5EKKN*{DI$iA>;d)OGaErI`tY=ZI;e&W4#JZJekseXD zGbXwrajd%FigY~X-G05rypgd5K}qqOiurg#(=*0`XEfsxB5Uw*f7EU7Yj@S^SZgNK zDsykW;{hSm>%$WrSIo%6&^*AU61MQ5Xravf-&&XzYr%0BnsTT8?pEOHLgv@p$>lJu z^hTImj<#Pq4U(SHJ0Ge0e6&g#}|X%}o%J1+@azrC8XlE|rr6-4>pJ&SuJD znb%GQrOfU5+Dhzr4a|$(9h}uGutaN*l4IWOF9BT=fMmk9?=G) zXN~r(_qL?4CrbJTZ6`3$-o6d3;D=9~rNn0oqiZ#PDejU%nE1unCK?%0d%kQ(&5bnH zm&(4<1iCR)XkD%rc#d>`P_V!|iJr*Y^e^g3#>Xc1#L115_d~gY1bo&+xq<}WwT4W= zc$6tfcKPeA9%aApOZ(PjBw_uhlf8Z1=KT@a_ic^>faM&3I-uf&iR22RV}i6H85$Ti zu%j6z3C0HdRnV&nb0ErJ=!)vv?=xhgmGhK`$iWI)3kLeR)O;(6^tHowPWVr!dw&ZY z@ck-3;||VkaAlP~&~bX1rNzMXQb&sflWZ=P{iO+!M7ZUWu0FE%AL)>6Di~t&^#wW# zIXQCBQXu<7R(Edo+%B-af=QFFM>$HHep^pGh$?ZBXWfdA_SJ^rvY5oydCuP%miRaI zz*NHtu8Vl-`KhuxTPA)A8S@s{Un;shflaC`>j43$QffzinJwdxJrZ1I!mCuBWnK?C z*tK&tDU|*GC>e8KBAYA8FLBq?eF4eNb>b~$C$Rtl`3{7PH7{cRuKWM!ih|7k2Afd- z?M4St*CSYLFa%04a1{iKF>pC9MqgAee}TL|6J}KQz>e}LpQ2B#IrHmuhjP@Tgzbet zqn@t4P#3=3P}C<-!*c4CKG_)@@hhF-%Sfj#nDlX9)N#Ay4XWPu7=78Ud=zyNEK58v z9y<;w>E*s?Y-OKQ+L{BT5}9qd9L9n}@ZJIccJ!qh$-$%^*l90*KpaZwLWT?GT>>dy zNO8iB3%2=Ar6vkJ=5o=*bSyOl0tq<~=npLngqU?^Y{U1wOZnU`Z8aBHS-GA2&2}@a z%cl;2h{UUs;gCXgD`cc4NyBjWv}rYr`0C{j#fvO-+WTlHRTw#4*$0Q}3vD)8Xg1xf zC3D%lI^8|395o6KAc(e{ThCJqS9k=8CrkV#NwoRPQ5#H~Q?J9}h;Y`#xI$8Q=zaKZ zqF0lihQ`9Ta(DxVuj8-<^Ni$hDaH@ta2baCaCioWdvf?*40q!25)8NE@P9Cj-oXA+ z9}M~wnCidrei~HH z0X`?FLGM7(;2Vj2b2i#6(O$m<+4DfV4;&r>@HK> zz@PrYDqLMlMAmB~l9Sn1twH9!T2F`23k!Oh!pjoQJC%tEaWx{nO5J6zl%?n<8~Fg* zU>pZ@A0K_9V>qm>?w5>y6>tc@9N??#?Y~$}AHYUDi`-g#VXJ4KQi+H)ltU<=t$mjXxQXODa7!gKXB37T^2k^EGw1Nd#g+VI6~jQF`22S6(gzlH z3g6baI2_kr{}2oNKER$X+)vxcpAB32X$x!c2b1L98F+z4<+pCVX|@q7nHRxqkLLQ^ zKvf+_ATRyE>~AnjMK|LL)tZe&CWy7RSJASHWhCo^+`tanNOR{=SO&$PZ zvPkiD)JhVPjeKelkpqfY6>E`wRsw=)KO^|#+y+?t`PHdZ@%qUGWYzBED)dQ3<{-41 zy9tMSlpkG6O%xBJwjbg_0fXN5j0)c|v1aX3v%m$f$KwKZzt}?kpcEsZO7IT!00SL|shmUARL zpaCsb5byP^xHy-Jrx zZTr7)hDNeKoF8e21)ebrcD3f*j=2(Lb#x>4$!5Wvs;qIen{7eSzOmNL_D0-+R_|EJ z`;K<|o7Si{gGU{c>S2dHP~aNI#ah+d;t7;42FyfKTN&K2O~jGgA~fh zsphC0mvCmrPO>~GO&DOw4LTTMChvbh?1*;aEJvID0PD%B)ugUKC3j3jqv^H9CZWRH zgvrsvrH)Kzrm(uAtHBf=C1zmU4YkM)NElXAl#Oiy!HAZHT>i!BfP|98X}s$pUZr~4 z@59pyHr`L3%!yK>mDWO5Q=Wyq1b@zVK4butI@fXcX*PqNbuwQ9cy?*RJos3*#KE?R z-$izfbDf!OOS#lZ>4s%}c|IH^3!&q3CUrdgP#kAxR^ zR&X`eh9}Cq^g0Ci2}j^fhTc5}(-3Ku6N+>cu}G}ed12@DWZl5E=D#&>e_sB4oWBn# zYrTmG(cn7T1#mt3f=s{$N#|3&KZ<@38*CDCN^nyQBHhr0r7KOUf%?{QwQKli75{Ks zzS;0M75>J-Uq1Zxg}-$812p2p^lJF4g1<`m3u#j;tVC3&eQPz1Q12K5rPo(BMhy@o z@2tXjQc)G(gDTmw*!(0i*3-H*!t)rbw)o$4o-H@*#++OM501-80L6r9Jb` zy~40dNc&=rfn0ZVrJC<~Jlp7$Zd(bpyUGGEe(j%SyolF*jd#2=qGz(Ry9UYAl@K}J)QhG7|8g4Zx zQ+Cvf1N<2Yfd}ty-qh;1n>F?FPv>t6&Vo+fo+fS1`I?(0nww+g=j}G1a9cs!%RR~U zp*DI;qn3~#GvKdVnhm8i>-kzr6fIe;xbIK7lm?(FL;Q}UU41u^X@&DGC^GMpxC`aW zx|+0`U?%)S5OZGd>uFk)ozv9*@Cd6z+F%(#Gjv#c9tJ>rqlKJXw%}-7&)rHb-iIIl z@jRV(D?ccQq5GRIhVHvYou~VbAF=yz9lTqIrOhV)<74OPKXpC@JO8NbJe^;5tWoC! zWbXQfgW~pHzggTO6jRjS0I~F=VhkTuQm@tshSVL{wd)#pO%O&}muB5V@|PI^2g$T@ z(gQu9pU33$^z*wP7)HJ!Re>P(R=a6al!6a^#jK2o;m<>SA0eS(AupsH2PoL^6>k2W z+KTOr3`QIjq}4jUY@oXSmHU&8y^jn7R;USSH|~0s71ypHq@c|4~k=fW;{3PHh{liE^T|4pop8>sdBH8+*1=UM&XkUD3 zHRW!X9_>wbfVS{Hsn=F)G*E#y_v=RUF9%H}T300fpZh zs))tfeRtqh&MOsp$w+P&)~Lxj0@ph+5GgQR$gEriH}jk$C~m^^4G^ByX1=0qETr3N zwXkE^Qfv7GUIiJ+953pMHe0l5G(^Azr=it8oi+Lb5liJO~E*n5qOIgx=~bp z)HKzv&8PFIuQ-odZ@}}Y)TnBjRnFbJ;P816=MUfh_WUdK@X%j3bSpMAYWR6}tMgmjt-j87z0@&ieG#2(U&HEoFUl}UkM6BO ziN<>ErOz-IEU!lP7KuuO?rr4PZlv;jeZ#+-_!1?KxVt~Y?)-I$D22>+RiqUQnIgW> zkPmG_4=|+P_#9N8P^H|F5W9F%r59 z^n3=7B;joM6~RGNx8Tjedu`NYq1?=5;ne^-d^a+Qs}aEQ%4zg=y#jwE2j1~#O=BCf z_qb|xmpUSq&db}7DY?2*kgV@@V7r(1M_aqIS!)yFq#NW`i7^t%MSdP`^RoRYdA=jj zdm*&+-R<1c_tSyoAB-gb{&r+2e^)y?-rG#0*W`MU?TCyW8k4FWcrTeP$d_mzeSt@> z;G{%hRI55-r4IIwcCc5o4qj-0ZqW87w}3?I1Ej>!2x6Z&g0d{o?&es#L(kvtjQ_WG zow0TsMmB5rBDyXBKC85vhSfNR%uetvrhdGCYopcZ*`9&=9&_|wQx?EW@n8}qgvmx> zs9$g6S@it_c@nfC#O;SPVE}2}O^+wyF62@EK>G2 ztLrGHO9oQlcckD*=&EX0y%}si{1Z6-{S66H(L4$O`l|uTtdvPtz;dme==JuoWZZt+ za}LOSIOJ5oR75W3{aKoCMsrC-N@5AfNQFLyE$0l5ue2AOCVLqnJL)7JAOj*rhor#Z zWRk@Qc6{6^ZP;ZGb{t=L8f9UnWfw!r@>DEAJV@W`{(6fPYz?t`apZY>L4CFqXn;$G z6KD5ND+(D{qyV~54*zWB9dKoIp);GAF19Ld!MrDcvK9;fl-5CQ=T*0B-LzF@Bg02Q-fK=h7oeUX@ zuU@#=q+Q^s)wyl&^8f1$b>7{4hBmBkK11KX8=WE1>F6x|{0vXYOH-n=bjpoyK07h? zLJtIMmI(sWNix1G1vZn4&Y%|-H0`|dII68(N^-q4VfGpzk`iLmCIvoDA^G?Wt3aBY zM+l60!Bf^aidrfn2e1nDUyLfJ0`X(p-vv=$*&-_czWH~4sVzbUB(%5t`f)^zwyQ4? zW_UyBuexX|(7JE7U^*U}A)_`(Q2q0#I`T($QBss$rfi902YrmT;{AXH9fl_)LCQ_y>a8N9B8F2$y z#~yZFq~kiXLWuxC&fHT{(Gg;R)*~#mh1ylCzdpfx*k9k$_l->V#WHQ_Zlt+)61RO6 zgym=6Gb?l!%eke#4Rj}1T`fGm-qr%ubkK6dZsVE>$JS$Tk_QcEWhvMPEFQ@*Le0#7 zc7hGHj&$l$;;=&LQ1Q@Wb|>&Id(}?-%yq zL?X36FEt=XLdcmPUEq5S7#dc=j1z>R78ss(kn9U2)anRK#Qn)Vh_*(=vcvzgtt^D- z7EJ1f4|JVOlwcQ4-i}2_ys2Rnca8Fw0mgHGT-eI4@5CqeTXen%JY`D3msNwz7q{9T ze@Ewszk*AIO5;zVk*qZf5=AOnf&*6pIs5C(a;^Ap|FX+ zuC){x&%O^dds*~Ze|i~96)Dssa$yA>U&}+%Up0}|tMpPk;;ffQXRRJk)=fJM!0Uj3XMNwSti}?#hkTz!TI1J2{@Q5( z;-=DMem5+DK;#`Hxg7yMR-#u0vyQJqfzSG6lWk_Dti4C9*)5#J`bLNSUQ<*O+r&dw!%q0<4&d& z=uUX{DZ(cAh#CL#1~PL3og4gfvT5s0CO$V)wKi|#Kf4t3EJO%F?y>x?IAaw)@= z`T{Y`@O>nNYK8ccO?nOVRPrrdBy=3(fQA}f&aIOI0eaT9WUwZLV1-Ck`s&ik$fPKgWqediiuSXdmiQb&z<12@LBXm zq3^&VyF#c6xMRUSM66rhAQ_RTaIP4+hQH*?%8FJzeWNGU>XAMWQQ4X!20{dRnh{fN zpt<)&fzFczwtz{OiYm?^Wo=CLoA>inFU5299rV(`jYe1WvSuraQZJjhYLa+5t{oas zONT-sob%y&7OcFlwNQ{zMK7PczE-DwlcPt_O2}#vzaSPb$W%d{A_^XRjJ5yDen^hn zRry7_RJ8CcS}FfI(IGjvtYhA-!9|g+wfkMcfVCy6qpqIa5?vsspfwBtZ-o8;iDRjK z=?YA0A+1rum<35cc|}qiNZNWM0ry!T)PlAa*D+4%G7-@PqN>~1#-pk_ zDU)96Q7NgZM|*8jrz8^tEc)Vny=4kZXaW7TR>+f1CJm1$@3k+4;~2JlsSzTkPclEb zz%2ZGp3nv$d%g@||DB`BCckdb5mMkymO*=lpHi@P`^GEq-%WV(YTb|V?pY-~yyQpW z^y+4CnxO`^n`kNyy8$-3Ro4cJmpM3d*cpVp6`O2m2)!tvr zZ(Db5v6?<+U+FOPE{v*V|6;4j+d@`bmd4yTvfpNUL`K)a+PIbYyrQ%JBzMq*PArV~ zEbY2-D>-+S)ik$?epu(Fxq_{`$a*nAB-tNO<_POX>(aBE_*MOwtn-soOLY?IDqrMM z_M?3Pk5cY2SGaP^=lto(t@cR6sv{j;{)Y59ZDoIb5Bt`1l4TiwoP9b=uG}xZ-BBNW z9%}fX&~1)%))trPJ))&snV0Gb_UnRf>i}Coq`%v_%}2=|<3a7)S~#IlQ)-@dSg9q4 z9)^xP4@lpI5zTbg)Z>Y(8kH7tNeW>P6R$ z73xK&wKtu0dPIuS@1-qnmGx3-LtB46>KE0ceo+PL7YR$6O$B@!`wu`B{Q^LN(_5sN zwDE81Y}`Yb@;^_0S#9$Q+U^EgD^;`OB9$er*pqECMN6GWerR&Mei6+!`qgo(cjdcO z53BC)MoTRtG7_XfF*#ZYY@}Dk)u_o+wq%FNpxT4wc*iU?o3xJ4!LC81u@-0>2kz>N zNgG0Eqf>Z32dAua2m623qLI87HHk)DP@_freTmg1I4x+SZ)IbiF$}k@|H0OHwKlY| z(8(o`#Mf`E)g4M5o*Ij=(x5xT?DC&Yb}4)2yb!q;dT3r}R>x#W8$$l0=Yp;6%9xCz zkT2Q4na1L6S@1HFytSk#J-Mk~4C%K`Sx5ZW#{C_#gvgIJuHYDGuL0WIJLenBqLe7x zwfx7?PJ}NPrDyvUY#}bBAb!vSfQkmLCIiO)h$i>6Zu_W9wh1Y{Psq4TBw3X4j>9Uo z_nxuBCC)coEB{=~EDFs>8B?jGNwO?zJ%jW_@a(9?+ceU@D-WOv0FCVae}wXna*(qt zyuOfmb>K@>87BZmRLZ(ORv_`GufjN>iKkfp*U1!fsI~g6>HO8h(PID5%y1MP;+!uSj+LOUP^h51`2rDZoTFsSRi}hBn z?|2|GSC;_#dR|zBZ`9SHv91=x+Kn|RdVuZrinZ%=7=0fEb^NIJG(|2v@31b6Ro~;i z^FUVk^E$ZYAJR?@L>Z3lx@}UgY?B~<@}gzQe#AObd!dQM<5koVUR@VYaWlQ5{3xsT zRB1y2ZiozPNK0%)&&1Pzq;l~U?u))qrm;zo%VcG@c6d9P%gdG3;p}ZvSOtkBYuh-f zci~THR81!S+Q$$F*UAv;!LAOOQ4%|7d-NpferflPtku~Yn?ao!{at6~9-fDODmTa5 zhb)uT`&0c}QT{&>4PL)*4o}5r9we-Gm$o#OEj7p`b?GN;FhVBe`cw;H)p$4I8Dm>* zAuJr*RzWg>dqgVwcY?9479*ZnO{UyVp=kq$Q5wFz*Tf2YlQBO;F1lD&6A{8Nd;zTF zvwBaH5U9E6UF6D6OLeJ^i~%0io00Dc5<{cSzj71lT~9{$efbcPDk265uk(fv+~ef7 zuufaIiOnSBwj{27KHujq2B_I&#)Gc!S-}=291>J9BL`GG>|v#j-jybYGV7G6 z3)iHNu_oS2;ueIj${nEd(;M&_pn2CUxr5TC~!^?$NN7F?XlgE4xl@?@upHy@my(S#j%EL86KVmdK zW-4WFvnKmPM+NDERO4tI_D`F6vDixL<>C&cU-LYf08;!MGi`rXBTDG8MPR1vJy7x-^f zem~Gx@Tpv=jG=NB>f4$0WUaY_K}^?<&9gEyDS(yK6!6-(#kZ^$G+v^si~(K_Irl!!st1G@iWGB5LV`IKIjQR79YBC7}|7sF?Kmx6e zTCk3pqLa>%hb+vkU7Jy>m(g02yE!!xv4}^#CnG;z90P$e|VMP_A zAx^fNcmpS2E2hD|F`cE7Q7Qiy#VSk?^%bg<+C;j=W!Oud8Rkpq=m6}8Lp7GoS&6Eq zrWfdKe?ZhIK##Z`%g^A^{r^yO|Ico=|8Jp@&sjza6%@W&Vct{Q*@()1f^OziXy!S| zQ9(;}aL=e!zR825ivYXaXcNsnoYJ;jj27q@WDGEQbLo}=19h_sx>ooQ3PpG-)tE*) zx&UXFwBBLtUh|2>7~)A_JK1zd<(T6Ssh;M>htx@vIHXddv>&QOhR+BB5^e2W>9*!nI8pe zRpgV3h8P&A7y?_(hM2|6<~V=ds~bP!izlPS6ic{3S}}(O?w^4!gl{pQ2Nlk&i=x8q z|G`Jl23dU=(A~&K_$a8=&cWAp9N?41{^Lo?ics9~kthW|F;?;QMyvSGCaZY2 zS*+rc=qgS@3Vtq5T7r=FzTa4~8OrLQtdU*4>Ano(MU z(s$SQq_?z%uc1HA4+(MP9LT8%TS#uCj77yltZvF0YXR0+3$VsofHl^fv*B+l{EdUZ zeE91Nf9dd-3V)bhZJh4$C$F}&6uo;~f^WKc@J~l6fPRjYgQ$sb%CiAR^R~)cO7y-e zKwP_W8S8oOqzm8+IO1W7l~BAg6p+_%m7zh_kbHNXyuu>xKHw797iRM&{G%qB{w> z?6(gFTKIN`t;k9^EAi~X7qtiJ{+J>y`Oh47rq@eR1*+~|J3T1Qo5WPwpzth^- zw%fY(#HRnErcpbm2SGci!W?eLZ2aolM(KwK3GK+h5$K5&Fryn*T5c8$i&qMTpDO<0 z_xCrtp)RaLsrP33>yvyv<=_j9|54J5s6p+>fd(Bi6tGzgpH)lArkf5u}B{Z?o2LLbs+?n zV;~g*6Hc;=*sd!fpxcVNqE%7bEq}%j&<>T|I?z~}2hPya^uG()-AT6C3TlG}8e+;b zVEJH;)b$we?a&C^eES>pNEax2k{RYtoWRr6Q@I(_wRzcfOr+R?rTzP7u#t9}B|e?#HDFpxGN;%o&h!=>f^{zR zULLX6(CsWi9iHhMlv9DoD5J5wi95ITZtpmB_?cVoI{{}jTG8^jmDamU9j&e~>mg-$ zW+ab`UMO|v{L`A`pK9b!;QZsH4e*h1wjs0}eu>RG1)w~Nn8%SgW|V4}L~IqbvV@3o z@%V6G+!9x5_(o#U%$)3}POs0uW!PgV2||JFck5~=7I2AKaKt@sMDTl$cnIIDsnx^(iZiNU+@Etog{OO&^4VIv3yvvEFhm))Ar%&PBXQx%0jEG`8pJVVf3A zHoDcBsj@=SOQ4J9GN6j@k`G z)!^1%n=S>=c%;8PU7?8Zb5!ku48)jdy+zxO7QK>7y_rg>ZhJfpuxc5?vxO!jD(Q1v zYxOQ%t#g>9Px4(a#Nx(#Cj>&i$@UtuuLFeR)ns0IR2rL*&m}_87nK)6i$y@hE#A|B zSTlIMr?3qJlukg`XdxW3v>H96b%>jjdhMg# zfW6aUeYD>$O~eDB_Z?^g&=cCsZmo*7^_g{Kj;ET?cLgmfjuUi+JF=kb z^VQ65)32)4BfZg>29@)1eRysC2iJF9b#&(70#tdGs4l!GieX~#EucHS5jSoh8?1y| z8r7^m2shGs`K~fc2Ep`-O$gJ=449T1!88H$7<`z~F1VB5_0SceB?Ew2XX!tDkGbms zK@RO;nj)AtG18L{bEN{t@X+9RfYt_mLR8V3=!yN@TQnyp{)k$<)viS0U)Gr)3w1@j z5ZHi$yG3V_l0dUVd2=y#qHZg;AwY}Gv?zVN_crao$He@+t5IXUp|LRgg39X=VY(o1 zc7*AIyulHs3-abgkS@5#Ms&e7M$hVyCK!FCpa}qq(xXr$V2DorHBq=(Tp>>VbGOl{ z|H3bH>aXEbzwlC8cRClfv>ceS zUW}V(3)~FJ6CpWrmv;H>tg>?PuPohg7fi-FmKH&0q1q$A(mD=gwK}*K1&3dN(t*qV zh;v*$!=;qd`>0zf@t8w$ZpoZK<=oS_jxaNt4ZHZ$Yw6< zX}1#6ZMElm8^RcToVDqyL%pj6BdqMr_tRLtD5!Z!YMP&qN4TgZ*1FP|m~g%kn3m%w&vLcfXm*@g3S z80P12q=W1~Lu0D%@v#`wAtW(!w|jd+gDEto!@4btM4E)B}1H7nOnyDP4o@BT;MY1#8k32B%d~%TgpBU!A!4fb2uEB45q%+|ul68ETnZ6Dr%uY(W^jZJA_hRj z0BsUPD8=i{feK#&xqXiLTsP=JDYfum3$&`G)ZtG%g-q?Jh3UvKR|-vJfuS&yzbY-1 zGqok2Fhwu&wtgF58vuqHsZSXrwCVPy+*IXIVzay>%1Mz8_CV{D9z@C-{Ls7Z%Bm~9$o zV?FULoQ=>5S$>0T?^CwHoGp#bKXSHo$|ihIs+7&f+0rT7eVi?mvaw7>(jAoT_ZrHU zN!eu1Hh{AI!rAgDTN!5?K-qe5wyBiupzzO4+17Bjsg&(BTaD{W+1Ou0(jRWj_8@2L zOA4~6+aKOb4`f0apXV^}2_Bcxi#5+!U@u1sofe*-Kov)(iAb7_zzL2_7m+mffJLXs zOc6;V4P3yH14JZ^E0D>NQ%!NB2n^)Nz9KT896Z9X(r8#O|4G9_Le1BKurI&VLy3GW zvCbTcoLAm}+$7)Z4i+*hD8@bS4lXAXj7hljiw?LXM>+fztK(<;zfW+e`Lpe?Q|-x> z4kdp!MVjsCAwxvq-nKx*8GCX$MgVqb=1ZO>HiNdiF9mWc*Y+!{Am1KwRIO#D&0&ZM z_oN5Syl*_{bF-)ux)F&voB#P3Ih${jkZoE8)9~QvsDJsVPWAp<|MIJZfBEHxe|gEj zkc8CP$Nc+H+ua^v0Bnh{L97?&p#1A~5Dz5#^M3+S-N9Zk(B!?_r8+9DvR*Ioe1{vvJYR&>PsjZ4{$@_^EYGsC0}T_n4-Vc@WVT_oQwmtF!N7rFH9MMr#9kq@EG zcb)8CJ_W+BILWcRZrgRTH<_AFI^@RGq!KrIZ1p>Z$%r>FJrwVNe*5|TNe>WQm)&kQ zdXJaDV(o`rHM%=E+w3ZA_}5aiY3|Kv2T)mf*5z;LVJBMFBMomrf8(RjrL`O7FRwYt z^lM+2veOed=Jl|G0KSiX4b=@VbzFiJWfgi>m-DdNIsL+Gc@OS(U^Tk!< zyRyl84Z=bx;6G>x=pdmPddc)*WtK|^nnnjLEo40;=V2`mbc147I%q<}w-HA$si%W# z3117JV}pZ%q&?lpo=3C(Y!?055BCdSlC0E5u-0R8Hp{=4={6Jfq>kNtc^^fmlWkq* z1{Ms_UaqLohoMJx^p)&Vmys=zX;aR+)qV$|qFzwZrvHz*H-T@e+WLl*G@)rJoFD|M zOa%(GK%rH@RwyFw}CbgdP>Kc2?wz+R1P+4L?>F#m?fNb5fb<5Ew6iNd1St^NZiTonxj%niIfHu*8X z?4!V8l#Sb_v4GsF^-6dL=GL8}Y|S8A4lx)Zy)hMZh>{K)DUk4}a1; zu$3d#jTEv%XVD4e$4)Uz1>7Dn^bjy%e=%83{}le7?u#7jG-sW?Nl{q1PPf7?!N`55 z5V55H^NJ2#b!5}MMVw8(_&bo-jJ8IzaRGzql?Pm3(;W_MbB)>+qwp}K-YtCx=#+mO z2yEjMJD5W!3*Aj!^H3@;e$BDwd^y6dlisTlx zL@ZLO>}X4A__^Z=4qQ?BPO2e!pj}yDOQB}rF@y9TyF}@87ug$LwjY+nyd8}!isc2& z4$+<6v&pD}@>iY%FWB&f^R*XJ=!K7*{_1nw*+<<4e+d3Ynv64X zPj5z~o}cpeN3u{xkUkqPRHThtnU-Eyz zSq$D|5ViS7xAf9Z6dQ-f@6UC#KS$@^CO-eR;r3hbnWrq$UDPHY?Apx;X%FtHeXfT9xwC1%_9z-#pDaWc6JK7JLG-0|N0wNwz)ce@40H=^M9 z*e#E7$^B)$G$E4!NPv3?Wfn3M!$`4ZCIbo!AEAH#g`DIo!gQ*Px%M5P!K^}StwPS? zI#=Qh^bCjho}~9+p7#&OoiqPKw+f>jLPd8+*&c8A@RziA-)ZJgxW{vFf}TL)+(z6h zY9m&48^_DB3l$cS&mgO3p(A)joy~Wg@S19E81$$NC4g#2*)i`dC@?fJX!OD7=kQr< zD{aP0h(#0ZEA^P2qPcq4`HvazeIb$;^*^)ujt%$rhYX(HkmO0Pvf};uKjWc5@Yq(G{+_N5 znFxQnPFUH?TIHE!Ul-{}HAqu3$joy}I#=X8K`0S8 zSmkWe<`oPly}4?=3~7lTb3yRC)GQY4#AtG+G|VLJR;}k@9!QHGkxhs5Q84WJOT1wC zT|SkWu3D2=nRH6#eMUZ!i3TFGdR)YDrgYOA0=k(ZXmwOuy||cu8F&Ua1|VZ-R?-31+!cN!aXZN z3{LDoB}|Vm;TbxY*0l5fW4hD4Z;gNdz0A;xb%xn7yU49(< ziJ#5w6adgs?~=R?uHZ6Ll|A1$zS@|7!L;el$R&SQs+?HrOIoSF8{3vT152Gg#p#lu zr;?V`Lyzr^%=o(+vJ-14)@ryvu7+YN*pcz|tPwALwFq_s417_WtO9LVry`0{sULa{7n1OTRev z;!FM^{YC}^5J!I}p#RRvz>r)cDT;f&YF%(Jr!`}+Y5Vt}Xf7AzveOPeBk{1qyP+oy zU(x@r{rQRQKcKbWkkI}#XfU=m2ixB*zqs0-Z?;`B{o?qRr?Hmf%Jf`Iv3^&gyxdfY zH_903*2l302X*JGee>09wVy>IX50%sP_E9{=pjEZ<7w+RP95|+`u<_W3-8xZr z4V&kHvxo`z(O$O7Fv92T)n2%qzpzew;T8v;eIUzrEz4-0B?wujLIX0~JjWYaj&3~1 z%{)hzmSe4!I(kRe-g%0@ z^Jj~yPKJD_@b>i9vfZv_vo;)~Y@a|j8@K&cg|dw>`+OIIe6^05ZcgC&QF<@tB|lDx zB&Ly+WX**S-;!hyMICiia!;OZK?@7H-Fgp`I>5;$Tte|sO?T#L^Yy78+L_gK`WSeU z^$%jO%t__CGqL~c)HTe3MhgM1@RelJVQ0lfU}@ie1;!- zune#845BtfC%f`~EaXL$@f;;uj-Rv~J$a66d5#$r)24uQ2G&|F*HK>6SjZLb)!N=J z@lI-&C|_=&;6wL_qI9t+%0=^4>y_W<=&Jo2bWsJ%Ik|Lu10qb(_b9@Q=ZgNxW>LP_ zf^tze$o1CaiVrfFc10B7!7X{gPTm82l=m{+RHF6%j5kqVqL@1 z7eo35lztscUrgyx=zJz9(dmj)+=W$Kq*~9X%qHCke#9O8U7Wml2KOGxp{twB;ObG0XyO$w(1~a%M#XE$Vw5Bs~8rAyjw>iu?gG|YMW8hti zfg(?|xa8R|$P^IPGg^!3lhYOR5)7*fp^Kw&uC-8 zF?o?QG&fY}oaOtmbG+HqG2Z^ZshN7-#Yx_7sPIw54ozxaNU%88*@P~R66`9w)>UIf zc~u)nY=ODU3KboB+|{y=wH~t(0@i=MWLGCowYa2fM6q-Sj(Ng9T6xG)uv74Jq{k=W z{VAw7+Nl{g<4{*C#}}ew5tb%Tg3-Q1)-D%kvOB{X zyHuRnCctxB`-EN0<{7vw@Ia{qT40+^dbW*wwa#2DMy(Ip=kL6L8Cn5k#nyvn=+~-s zJ{BY$LyMKNT5p#a*hs!=y@V>60+n1Yw#U-WaKDDOl}==4Fjuc%j0{b)t8~jtU@)eO z7#^B2H?ISasbbKP%>B%`g)@c+I6FB>Cshg+(~})}AsBsT#V9yJs04X9BseN<8Fe;a zv)+5BQx2}feFPNpuf z`M0t@xx96s(5&4-@rFJ{gICp*#O^EV-BMVpv|}IHqCK=($NFhI_0x9fCr8HTHs5i* zH{B^GLyJk1CV8l6)q2xc2_v1~ew4A;eL3@~I7@@2kvnBW0W+QIfp~M9*7mpBw6^0u z2b-LCHg-U8{9pcN!@?`v@(t7x6ghrRJ&APthY#1uI-AsiXfB$EOf+wg|9G14@U~#L z>F6_{THpK*JLIMY-Aag(=iUSs1#*ijF{-o{lWp08|zWnu}i`3{kf z`PS;`&mBa7k6a4n+DJVUSC~^hxCLzwB9FHxPuZD|iL^_ocmNUq?Q%K05(q2v86&tH z)urN`k6m)vXKM(sw%9C6cc)8}U?3i*N7`;Pyv=UYOO#V-x9N%)RL}LNfIC%6;C9+z z+Ah#Gd&e$YQ;24l3Bi#E01x%1xPqg`Rt?ZatT1;#6gOAlrOv2*A5nCJ2DB>~G+am8 zvrWuzYTOq&x~);gs8i2FM0XmVgZqftCCz6(|8%_uA1mpjXfgboCsxx_G*X7IYq+&C zeD(1~Sxpm@VON-*8i>Nyv~;c={OEIJRpX1O-b$9`u7MhHS(NAb&)K!GRSb6ekTy2x z-WirWHT(j5p@hnu43guWpOeVRCCAAmIoh1k_fCJ+Jng<$@02>gOFakTHt6^q_eXRu z@%|j?f%iKoKaNNF@mMBi$o!ndUQK=+&*evdocy>uld1>#v1t#|8-*tp>YF4o-tjWnK*7Mpn@&YaeJP|ts1y+Q#B3)^w+2z z1MuioY4e>*f}dY)r=K;VY`u6W5(#_8R5rBbY-r2b&`yM*1u46_JT|oDv7s%G4sChd z&{iTcqkNGzw1;-%&`xAS+sLv!Gazwjt9EM!!@*7$4dp|-*uoDXApedx+vV{Y@%G(l z1Y44Bmp}qRU~O1`zd9wS8P1G+HWUxg&Jpu=w>?LU7p3E(fBU>x{1O;%I4YSs4#43a zg|EmRTg?YLPaNux8M^KM+w(+af9*W+OC8OJb^ZBy;_EtoYZ5bQIjugJ`MG7l^ug1? zMMi{Sb98XcIWk3l<1q3RikNu;DKk2~l8u)Ye;~aDf~T`6FEgX5!jbSfMrQDErlWzs zZ~?r|js}Yi(W8Ok<|frw*!7Cxz*~lja&N;G=pEozRO>Bt6m%$PrjfEwtPE#Bv5$*Q z$KgRFTeW@x$0kU+vG#NKwH8PobmMLW9m}q}F@&Fy%)C8Ke`1DhMa2S!pchlV5i1X6 zc#^4`kFI*f!K5#)L36gc)6uFN7#5 zOD#Is$b!=q^fA~d;0fc4Z<|!uEkMBhm9DP6%`SNn?9>xP)JQp{J4M`_H#Z_8L)Wi`+Jky;14>GYz-O>rZ!e3@!UpZjJznXy~?%2!v zYb^AKONL*p&s-^$)Mpopk2{;1vCqcF>O+Hp{j@e#eS79!9F@1n*3=N+jjoh!S~o($ zk#3Zsm4C$KV7IYi={6+aEx$yxi$hbLgtU!bFwTvQ7ytP3lRGkWu7cWS4(Eo{H+o%h z-IyO#S3%_xix|!43Kr=jgMd1uWhiWTkBK*ih*AlOxKONY9;B~x%?Ua6HSX*kj5!G_ znagqR&i=t4q8D6cj$1;$kmpVL+A{iuiyTCd(pa~$!*Z&MqYhY_Iy z<+22220rb@yn8?ZVI`J`8yLicw^_a{(|_<}$~Nh;Oq_MVKBF@;Z%-psNAAXgV;iho zN2NYs3c9e4wmFIs7TgVv#2SSMV3s!`q8i?^5@xlVJQ zApl8fx3b_xhAOk@Y_vb4y3o1lMSKkBNe#&IwC9aW5`8E?BR8(Q(rt|-Z<$FlB{9$T z!L3HT5B7AheQ*mIvCo|Cmgmn#OP~_MFOc}fZmK4u?f%CPmMxR*>plS-~$tjlc-l zYj`~zeeH;@z1O~F%JR23p{u`dRKrzdiA5!R7+=D=c1w7Il`t*VqDfdtDckz4Ml{*r zWW8$rwU#9K*&Ktvl6U{w=Nna*)Zmn-%tl8U(SO|F$$-CRZq@OGc^E7JyR zT|AUp>iJq*HoMv^n-8Gq<0qh7vsug}rNCo+)h8Ff}`aLCAwZ6|DEM*TeRO?IZ!L9Vb`bZ5K(lHljQ9X$M2+Q@3~)*% zmdN>0{c8z`WnD0bMXW9+rBdV^WMIHTt8Hc;VIx+)>P&}s%tDv>7NJWnsV?v$8ck(u zs-ZRhrTIF9!C;gI&{8FGDE5Bj6uIR9iEvtn%^JlP*c+=!FsX83+pmja46s2-JyIEmYRekO9BD3=8dLugOFZotbl2o*5>H#n(-cU%fT!Kc({ABu7(28NPn*Wm zN_g5KNHg%XQ9NxVPm4g>e~+`Yvw2!NPx}?pcJj27HkO8n{FwF|h6U$o2Y6aNPx~EX zFz~dGc-ju0_6MZh$lX zdlrB0V9!N-eiEJ^YhllG*z;U`jw}Ble{N;Z@rduh3xb{e`N<1g)Clu2EaK_{wh8`@ zE3of-9P}ab!)f*x3W$xUqqfq!(v7gVmULvBMR?&Q7!ieOiU&G_&LXkEj4mG2O5Cz- zMgqsbnK=GJw14l4*8(XnX_sm}XB+KAKX%pjsucEMPgiZPYObUQmGr=Rs4{V{f~sbS zk|lBH=nR6jIbx1l`>W*kDUwFQ1{(${?r6g}%O#s0gA(&xZdKmTRyuB)wKMKcuwdRri)i5REyy89|A}G@ zn*D1+sb;3Nk(+7NxRPMwt9EcJe6m_5H-`008L^lUP8)4T3qoPBO|hR#o`!(fn~a26 zWYF+BcB|H>Lpksr7_`E5$1SAJZcq@~i-MJ*cLid6VPsu6L{f0w$8{`l+(*iXk2k{T zPt8DAfff@+o>834rOUHOlxaIJ5erg11MuwOlASaUjBZJUFSVWlZpmhefb0}zaDcXS zmt?>k7H4%4A4t@C;y@Pjft-}?lCLqx2GS-^>7`cMq$#~@((1?JI$;QPLME%U*3;94 zo?BWcphrTDYJFxaS*xIp_%fF?Ac}JHx-J3STZ=b@SB8bz-O;yd6`m#?vMV#)CRm{7 z5F9TTRVE9!^hYW3x4-&R&?_gpts%B4LI~v|x+$IvyqJm*a}982$_qEEk$mkwDX$HJ zb6bcZ(|kAJgCX=bM_v5gYG)m)v2b9J^TJLZek%${>A0tu8}fD=&&%t&Gt zx-=NI@ont?^ZbP)h>9#X-bhTcpvW1t-v9Oh=0sAh+z8Y-rDiwEC;Je5T|&@Bw<5|{ zSm^ll4k@wm=45(<2-Avg=@~j7DrDxHMgNj!9rHDD1#i$h@_us#M_s!Wgyt?N4PE6_ zKXMj)CzK&#`IO+;|Ip;u|KY6s#WYDajzeO<6)Jj^?eWyPqyq{12_DbkTwsj4@fUQ< z^}Y+INui>Ps8*Kk@g9gg>(nO=)dlIklHt(t;`DFUbc#woi-nUP1; zIOR**_CZI*@i3uWyv^L>|K%jtB^*m{N8CuN9zvgus!73a!$tqL5?BtyUhL0dGL>xe zF?Osyq~rGh+$yBVOulDL4)mw#_yH=l&J*Q}%?PF83f>xWNnzFc=jI#+!XZz#I7laV zNVR^?9s*|p5nI04LOE+U({}M-C$25u2*2I(ZRS61!tM4^^YP>UQ7CNB6+G@b_~Qu8 z74}!o6}}D?s&Lr#T;r6lwvc+F>XfRI^)bw1=*W@U@)#Oh9xmCT(?Tlw3)9ZRC6Wdc zVbhx+I$!#8Gr8^fcg$;T4Tl9{$9YC;h32$bb3Ofqo4b$-6$%vJL`c|rJPxWqHRF|6 zNf%B3y9v8tDRiUpd~%gTn*H~lZ`Kj!qjxO+u;{!a@iSfL9YzP|?Mjaa8`X`>2&Fk` zL3a?-efK7*6TNA9wZ3}|r!D~YudkKM&d1roJk8m6XA(kc056ep!@b$5bb9=qC7l>i zVo)_-vd`d@7`X&!KG6|3@s6r>z$O}{U+MQ`*!It25B7J|?0od>!Oo6+91m~IiP>`# z?|6>b^emudSvunX;_P|`R$PPdbjV!e-4D-5E-4p-lSwY=1(T%2C67;(OL~!90^NUc zTS1}+2@+j2K_XT^NEGmbD0I04cA-2jP6%b!L3iL8)DFakFGD;ve)?;3-xj@_iSsk9 zCgqfOwzk3Zn_eVxTx^eq4Z0bT($kMI=P(~b=CE*`{vGslI{E;5tWK$Wc(y(Y@FJ8= zqaPE@sA>x3HAd3sa=e!+QQhV&4N;$}wI0#w&)0cVZH+$08wSGput?`kh7aIuy-L6sRCbFfo3852XTy){qwW))-t3LM{gLbP_TvS` z%e1>iOzbU`mx+MG%0T#(nj_O78>0B&idYH@BL_ZUT@2#EWYtxqa!guawfXK%h6T|n zZ$Ey+6|r5v-~Y?Wlpi>4u=<@+2NJCF+xinCSUCT6+G0s9R)rRk7R1>mG%I9HXOfYHeNkqZ5b$ux#Uj$DoBv0N@MmdPW3<=W0&^j@93Q-_gdI;4qGZq9Zu;B-vxSa zA+-R#9+xI-_k*+P4&;^hHN*>=AJtBRT|P?pfaCHS!`PL1M zJl56m_lOJbpx;x0Paa|q-enJfPwrz6Ug*G=QZ4)rFQsBG;|xtG8;`#^Qwxv78wKW^ z74Cts?D}6&J_uSbY8ar4WENK$@!Icpvs?eGD4kFJilCj4=q@-R`1hi%yVUH;uE#!H z^(FkY2^DFX{>oGS7L!oE;}rTD+B5YrxH5#F&8`&vEe7HKmnr{xNS|97G7IZNPXCT1 zX<~Zhg=j9LaQ`yQB||2m2GUKUG%+hu8eh!S3B}lj^$M25=yDY(!u^GGb7ShCihe_G zy=q99*Wh;ET?xls+DAS{ZB+)pW1>o#YwSttg%s!oOL%d7CLnA2-;p(v zk#%;ItXJP**W>rLCCR0c1mmAi{mC^lcr^nT5|H@9-zcNmJJ2e&NHyw9fkuR{*_h0YB#YjT?rDR$E*N<`Z~)WVWWHE?z0I~U z+_ysBxh#&I2ey?GRJownKJeFVn{hic@AO^?hfO{Fb3%_#nJsjgP$F1#f<=U%6XpwD zR-shuqX3tB+*%&dwz!y-!*Ergoolk!Bf7Aa%2D(7&3Z(T;E2lGn z^CR*z&ELqWxPwHiyPPx2NB+Aly2W_c2AoMk?p3u7`mY7Il5c-hn|DZy83)Ej&wWN2*^4-{kQ1gGlJ=@xd6WKo)G zM%OGo9RHW`IHvJbUfhbxME>6nz1{wv$~z4SRIdIvr}AKj_NX)_P$|j=r}U*uMx#u; z_fjrT<_^MvDvY_(ZX;H8h=p3sa7w#fQke6nw)FQv`XNKRP526()Jzrn1o}Vw7pK2} zjDC!D8@!C@HxT`owe97k7=gc;Vg&X80{>~h%9p3d(bXrBuJbjz?lZNb%P_ZcyLoQ0 z)GI%ZHp6K;Z`%Kowm8B9x&*?Wd7Tq>*w|i&C7rIrQes4XVEo?_h0at_!hThA;t4Zp zgw1G8m{}A)o|M>M82{w14A?|64X2xT-HrdpT{kI_!a1+y#NPn7?mAPeuDb){c`2_f zYgCDgh@@!~%AZQ&k=MPDXOS7L;hez<+I*}R%4a6UR(+4we%S|ILh(T){DemM2b}PF zBK#B2ARzpKQ=IUFMEJj6<%FL!aKdk}*rk@ru-O^B)ZmbsZI$(AdrBqD%Cy{AD{>7) zp(xKvpBzJyg^k^m-IBwOY9+7cv=?6)O<)3eq7MJY4ur({p)sL<3?eINAhI7Jb}WL( z{`3lO#T!~cG9Yx8Wpc0=3Q!D0R-TT5e3ZMEQjldxCJdA!pGeB#=o%-nf(HL!q(`^T)7)AE~B}GnoW>y?ko)ZaF z1z+Y=ks>Bal~MRO%A*)rM(jrvukXr*h1ZQ>_sBjbMSr?Jd{Fm))Q5Wnc=b!IComq9E+93?ne2SK z16fQB^6EF5*^+X_uIAWTB3|`vYCg*A>)WP2j-t}&l_QDrOOnd z6;|k7h;5x@+enMApqb#F%c#!IcIh+K`r3;KeU*s$9KJ24B=rn(N;~JamM?a@^?RI% zU*{}naSFvPxKvMvVSTO>?RKhR#JU~JiAS=|d6CbrHOwa&(X27pmUP4}RRRlg1t$Xw z+GeXf2rOv#TqzB9)ebI(W^K@E&;VaRpugRdf@w*_fLf?+ul<$7tdKr?p$(KZ1$bvO zFA8P74dh*|J+-m+^s#LujSzu$@}{*!n??Z71=XIRtZ7hfK}!w`FFoT0HVwyUVAfij zCI!bPxhY7BexGvWE{ zC4ZzY-fcI*RQL}kh%3(4A&qqt`Q?Ri{Ml;vh+Ei3~KJ+GqQv6SN?xdSNdwTKQzorW z0mgTy#aDPf5qZ8-`qm{yTyjnZks9=o>a`pXlX8FsiHFj|nw`J1=_J~$4^geZ{^!gV z>cfzRqlp&khhi4$CmE4PozizM=|`uus-ABAS14HJjkUU+PmCd}ax9C~I}XH%x47k3 zii{|YY@rYThp(}ykPYNQx&lX2@9poFSCr^=nlD55e0Br#Bq2ntqC8^Ip=jatCK!?! zB%f^~)kc=B_~Oib?wwDO!SMwu@6z1{dOVqewFZ#_WzUWjvZX7BbC*pHAP_fZ$uh8; zg3+4cK#tft9$-TJ-=YVj!F7BEO{#B7rXGQYs!Gw+xev~gJ<8WBn$&P#Gjh8ReIzl` zFx#ZSO6-#A70710u}$OVCcLK=#SKQ%y4P}akmKh8wpW4TBqrZ}~o5>#u;)9m%p@vnctUjMl zPlX&C(OrSSKLvXwcgog`wYy;Cyu;Aef^D8m`2I%&`;Oc*iGNRn?>DgT-X*}>Xe0H= z4^Rk?wG>UwQrZv;ss_J!h_w*=MPc?V5(V9}Jis14PC2umW|8>TvPgWvxJZ1Fvv^z> zMsI*3T%oG(PFN;UbDkSb?V0mjjP^?M``?m728P+m8q=(5!7%%-M&Cxxrdk}Z4QzU= z5%2QDy-acAwwFzWtN)6dM|Tp&M(d$E?@2a~rbBA<^>5khedAw0zunjWdV;;)J^uB2 z_ImxFaj!R@Z145=`RiYwjC-Ado131Ge|=-SuiwdEe+=&1*65+*ZA!hC4jMj)B3f48B6s0NgS2Tyo)G{p0q^D_>3AD_dfFrONlp z&?{%&D+l3L*p#?e9*gajD%&fYTJ4fDhb8)6-%&fqFCc97hQ9Ws>wZz`d$V9o?rAwHZ#o(N~C>U5k+ud~O*>?99azs<(w zUBcszo6?Wu(C(ZoR@*aYknO%b6H)c?GvB~Iv-l@-G?J&!BY!jGi81HYn))009il}84TtEflXf- zqLF$x-={_DCHoI$%=t_X$iS-PRR~B5JNUrv82|VYf+v-!>B^B}=!ViNvyu5O{Wv03 z*Ej*h&OUK+$M-b`UAVGERjD=M^@O1`A-&2+!U1m<$OychnsDT~IyUB^W4i)jV)Q~;7YYDP(x6RVl}U&-K#fv+ zYoiMDm$(C7o(EqkVck80qw$-R+x|?32Wgq?m##5c$5;nSg80`0e~qvc)7=DSnn?cR z#6f@~fBoMaSpE97Xw{`<@qQQSAAg@f`I!Nf=~c?V`(eueoR;4i^F%?>P5UaZ5{;}< zi!yp2aa(-A)3|5=X;(awLVSxy40kiR7zdmT0`ekKpWN@ZO~jFdtG3VD$wbG(Oq{k1tB^FD6auT9Rvn z!8P!qJi0su&(v^a!O*2}WD(`Ug%rfp4QKW5o~LtFh}@AG>n%V>Vq(3cuvk1Pn;8JV!;KkZ3{S4$ifDeV=G(`IWHc0Fhf33wP(E~nI#spuQMXUv~6JF zF>00lLsO|+E{%~lxh;A58hIle@+vd+^C}B`5R>NIteQA=HSe&l!*Iehlcmh(v|+uB zk(FH1hZuD!PsO7&P1foJeG~6d<-Ly>M($Vyd6s9GNl}o!-E*-sm}V6Hl^L#r<4$4x z4;=A4IImH4>aWU77xh0l_1`(OfAGE^$ps?UX<8KL7z+6;EZ@(VT@Aww`;_~nmSMaQ zO)$apAJMi#$Id5a&J0{KQSXvjTVyr?qr6HetEDE`VEAn?<=*(iFAO zX;AzFX)0Yzfy}G8%iK>w*;8~(=fw+UL1JgEhwpA}`0juzzF8Tq;x?!va%CJpPQ$qi z+Yij%1&;qA>C$|v^y^}TH=*dA|L4RI5p8c=abX#x9nm|j-D|e z#t9`CWznUFOYRDbP3WteTF|Y=ljl?`T^P^Uk+%m;8U1VcQFjQOs)1dJ={BKan~fm$ z?ZWuF$XVlsihIq&Y|=4X-63JqFZzW$iyEu-Xy$`xU*yvaZJX(m-^J)>Xvsd!DSd92 zCs`bMaC)l&Hv2A3>7eneR_l!_PPG?^7Vi-dUO^`P28yBak{+Us1nTgf9a#b;wN3EM zbxS*x?)j-yOfTL6%FpN11L0wqq^eu0_ohWIU8iT?(M0J&-Qo#0`B4hOeh?VgZd+y8 zh)vqa+U%$;3*q0l^>*nqXxX5+PD&S{lSJqw;lavCry_H6rv7ccR2?zo0SiuA3CyU- z_lw>oZF5Q?jH3GbElm{A&?T*Ff6x6J{6R5JpQ))a|HB-2?!b#hmlPzFb%}H(o+7ur zf(=55p{vPLaS(6}Y)ut>5b9d>|6=U^Ke78Gw`vNx>J>#sEjWWWBvw0WSmY7+UgfL1 zwGDi`bvUxIcZfL^zDW^B-6g6u{R!H{OJe6Iq3pl-IzK~&>xuuXiP}G^NLo@umD~}n zQC^CBYm=_84YR2 znPI;fT4_enz8KyaKY;lAG-*2v089lv^O1poDPVu^NW{&jZSd0M|ssp|lXQ^{F8-$((#YkDY^6Ey<9UL_Z=CwYDW<} zfdsU}2THXTlG~q>H5K>iwwXy)=8VV z0gTMH8KWPEyQ502x)S@@DZ6!a^rtl<6F1d_%G~AJw1d5QYd^w{OgIsXtxv=@xg7a0 zf|Dz{`01F8>aQTWx~<(n?2EKu?P^7GfRW6C zhfgYvu9VJ5@Ls}{K0)dVktR|P#dI=N7yj7De=f3x0u7UxyleluuA#iHEDmaR~Ryzq2uRw%my zQgPk>fewANB1JmP%oN2S6-OKt6;fT2$u9I}>@Q=5U zbxWet_GoXE$!O$&Tk7Jrynk;o=)$Q~Wq?#VK|K6*Bn<6(1p{}n{-8vbo7Iv{I4yi@k}SIIpC}o&SA5d4hRN*N;3`o)GxGw_bzX5;33Pf zFA#M(tXeN#&cimbd4w{kNucTqh`gB;EjG_3FPVW%G0TznQ@s2=NlyC_JE3oFWz6^VGV&f0{i`=G)HHbDb5Tc=#RiXQYKP7H}SrQ0}E}I0leC>OCNJlDEw9v zjggjpT1+_gINB9V`HOrj9U7BMGh(Ik%EA{lk((%gN;t9bPIs=L@E_=a0o{|G`W5LE zDl|IAH@pjCO}v~_@qs}X*e^J?hb>5NY!-EcZG{)_IiHklog*XSo(<6E*Eul1dfubW zFCbNUuqSZFb&VK5?&I)l@JW2I?eq>d#!YV@{YYTvBci1$7h;h!Aq!hhWHr)}ylrq< zPS=U59~A;ZMfnD(<5bPqq($dLg|BrXPg8`_m8fVNTbcd?O&HaP!W4#zgT_i5Tl3yw zk***RL~l-fl-ryaiuC7?ao2>&h>x2a^9rW78jipZt|I z39o2fd-rklY=Gr0ug*A&IMw018K=7bA&O8ZlwAf{HtR{95t)p6K{)Yo&SjTfl@|Gu z%5<09tx}Zjm1erNkS@v0av{1jj!MwF9g0+}P@c3`-R>;dA*@I`9%XEvLvj1~bGVN$ zdm{1`Cwlj>1fmP6jUOCiZCrMK_-#zbXRjTLn<7sh!$!GbKAS$iOPd;z3n=5V_>2oE z?n7F9p(PwJ@QYCUTSPx^0{~I99v^K35VXxUGh>3{9?zsKG30Y$GI#k9p^^be5s(Z?X$|Uc+kzUqMv9_g zfc1zDenGE2hMd(I7@I>L7uRXS{$oHC6GuRG2#%)ke@^|KevX;R;ZkwS>)G^v6hHDB zZT`@48w=RQ;=o>4F+ewEj?w4ThsN2|db&e+4<$JHQMSC`_fZPewc9QiTTrnUieG1Y z$e%{jrxjVeM?})6?c~OJLSP$i$p!{m? zO#-3qEJ*M+h(lMh_+=|eR+LxMt|nWQ?SCLkZ3%ZZkWeH9Qc2rTJdgU~B%U>jEt_b< z7Ssu4h*B$Ut31@fHm0OV@P9|cSj$wba9IBQpi?f&mv*~Sy464qyWrnQe5Azgl4`@~ zm6xY#CYFvw6U$o9NPhb_41Wv;sgu@LA6ODCw6J!OmF4HSyiT5ls*`Up=xrk{dIbDx zEN2TKFcIs)UV+?*6!+}A$Xr^mLBlW~bIJB5OI6`sB!>C52n^k^YK6iuEE6I>AkoLT zN`H?_*0ZP#H9*lFMA5z|aOo{XP)qm|o*S4&7gCH5cFSg0(0YTHJKXdwV z$Bhv=n+bI96LbRlYrjDkw++pU9`yK}=~c(^!lk{U+!NWBqhPWH(M!6DlEtR3{)@)- zV$wgH zqedTmU!g&#=~fS;qe;-cLA734Mw{k_INj=$sBU$#YTfQX3 zODDv@h9ln7sa3hKhjq1E%Cb%3CJn(De%?EZBNp3+mSxhL?ZOtrQ+>_S6z7-~Sm2^X zTI`eCcyI*G0yx>5qbmz}E?cL^&@&fRC6SUfLE89sjwWr?p2~ray91<+4X1Lrw9((+ zM%q{yl{V(LzKq(?dOu?3v+cE8SiJ>yny?CgRI7dYKd?Redzs}Q2`i`3Ft1G`kt8>! zVU9{9JHI-OhWS7m6ATJ9!C+(?9aq9#TlpP{ky~t?aZ9I5o$$M-;_-{yi{D`j7ODQ` zv_%)VGE_u>TQ|M{}Z>K$Nv*I3;aLlRz3eOVvX*HZn>u$F~p{kQO+DQYLiB~rJtRdyWZzxO-oto+sB?03Sgr{9&o8Qpq#{GD5P>ks&q@6apovgQBe<@EoPmow7V76goBW-LE*vBSVme(<@dQx~Q1@c0#0-N<0@IRO|cTku?*(Z@}Or zw1GPE_B)3z$0NH#3b};wd)@l&&eG#JVQgFRuUjZS?vM&dIy#7g3>W0ezND>ad7PR8 zrYYVmFdaqsea#?%N$h%dB7Bxv2Y_%hzeF@O(CYk*w${&;hnAmGaRu8EL>pG$klVD4 z+KG6isUViimsujSZ1VEGj9oCkyBv)`&cJrj<4|3Oi({E6xN2-tN(5GU@jSb{VLpmZ zQbANY9ZKUvlRXCP(<;QxY5lF;(kF!Fy$g2eT+-wUOYMYGU}(O;SFlrPE5P#$xjXOZdgt%+n;-U?!o*3}5W)2W)EL*XPc z4|czW=`Lx0x;!~U5;HI$h$!^|o)#(2+aKu*rCq!gK|xjPJ+~61gncX5bKZPwe7xqI zty~7X1RqN+N;gtFHn(wmYa3sOmc;`U#D^OkmXQhbmJ)`{9%xtA(ZbJMK&7QD)3u;y0z6D!ydV4}KYEO6>eG`h);A5v_+bvtmCf{z#8=8`Mw>CS2F_lS&=7x^jCzb_Uh!F2hDIn3(acXN*R zg6A#t!jz2PtE-rR&MpXdi}DIhK>rX#ebwrMcOvg-WXh(r53%W^Z^lWpLR*8?L>#Z~ z&ouZ^Vi~7XM(fg>G^|}7WQefg|51EOV1d({5&qK|+(1(Ol-pluRLfw@RGRQBm@Ap12EH=4TSuKJ_a5ZKE4iEz%aDX64UvI~5;!vLMLIz&8Fs#H!q(Wqk9e9C$oKHbW$v6eI-VGLR|unM<)3p1hDwWY@))koXn#V-BvGQHPO#uF z2K^iRtqr0=1sj-LHuWo< zU4l*hn$4~+Bln=ba88{|digOuy8FM31t1`uel1pDmxDxy9LP856R*D!a00cffm}#Y zt)E?woAd!F0Sm&RyPnY9h$8fAm7ji%O8O8R9KM~{;I6xKXkK?xt=r)%O>K<5M|lX{ zmR=Idn)Gpc>4p0EJ2aR4K2mDi$}}2%Y39Ib4IyJ7K@Mj&dq1PnD5+5<~z5B`OZDYedlIl zmh819^bstgk3cT#*ZXOFtt01Ivt;y(RC&FmqJWx@VBRbHdUHK*F zl!_@l-c2_sCiZ^ZqL@V`<yg4Iz9 zTr$lVvel;+ALbghA(VZbaW_x(@Zj6VD zPBqi(ozkZuw5pHy*C~#%=yQ@xYFwPxKN^@44LbLt3xHn)XXwS!<9d)P7Ien_|2-65 z!v|U5KGA=?-xlu1|0ksSHWJ>wbVRj2eJyj{AA#oO(2JvR`7j5gVkp;EWgLsTbkQF& zh=q90xU+Y7IddC4m(_6t9_}&Q2IkXuMAL8X7WI2X#7l5Vw>G=bOT4rNOR#Ohzb>Kp zu(P1iYsSN_)JP(?vVkpMB+Phi>(2mEq_xIaWt<9Ey;tXcOHXI6<3n|o?T?vASLhcGtVL@KP)kv=zg2{Osdn$hxa`p#KBq5$q{Fx$X12(s(5a-y^rzs z8>)?chA+J1mMVLn4myWiUPJg)hd1dpp?AENG3e1 zew&y4`z$RkrEGfVZFWHWW){bq6#sTV6s4bMhKn0eW%oDwZkMzRR$&(1R=9IvJ?GUb zciGHL9taSgyrpc9=Mt1>f}I{*-5;;PH_Yy@BkOj16mQ;unC>a#FX(3QUIf1{G3(vI zX?l1w#p!Q>xxd@{m2GPZ&6i^-o)Iqn?nnw0XoCXt_COg>>a|cR6(v-pKo>NIcu-dscu3_6%$q#7u@VtkXc2A$ zx#(b%g~Atk+2k|P(w$38)sclNoP!|vw5N1#Pku>=QG^JR6es#K82vZi(hmFUXb=5j zW{w6P10yto!L2&|RkOvQsjd%4VZey#BL;9cWfv-h4=dZdwJ?^tk4>wKqXj=_#)9ve z$(0}b8AlK`nSXOZ~FXAj)rpVs(6LN2lRMKmTEl+&xJ1MN0EAD({n7%tXium z?L4u1JOd`|gcoglZ0q#Ob!X#cg30?PUu92S#rsX#%K-+9+6yOpx_Gi*A+ncSUOJmB zXdkC;|I8^*nCF&PFd4FU_V59^O{~THRO>LP&m9~aHM*Tky5b4*ox!OYPWiHQ+s1CB z`q`^m^;faI=?kYk(OlJmjY5H*X}!4msJckhEULSd`%;;X3_g6X_Da*~TAcCNQkUk$lUjNuBbDLvae6Csr=@q=mF>`rToa}PW{S*3!?(qW zRd!6MvNNx8?iyB~XVPiv`uPf0*WOrNo_qOLK%3D;iE zn((Dt_GFrsE4y{jsWtv))55E1A4jaWcl8=M!f7MI4jOUyRKFd|MHyr5O9Z# z8(56Yskfq4Sfh79_#;$J=QS!PyYkW(ynv;z-A+w=mAoJ+j^%3^o>YJR4>pN@L0i)e z>;^iwY`^CUjf`n+(7P_gAW?H!wR>*?xqCR|AEM>&*CxLJ`CsPwU%Le*&rY^;lJF35 z1$;mo{qTW|?Rc3912xW|Rq&affz-(>>R5c;rRRv1N|LzgvnF-{B{t#3pi!Crm`P{z zZN=!+2JanzPs#*NO7B}R4$+huKtO*WU=y-SMF{{2?BUZr;UR5bpVPzg`6NJ3fYn&; zGcZ&LnkVIP`~rCQ&wa6Nolf;i!e~A<@ML^HYVB2h=t-SZTFr`j)JLk^=|HT(sWr@N|-l&^7iAL4BT>3RU=)9(){~@(&`C>te~-;zqdbV=7PL7Ao8*j->?lcub9zde2v)d}juJfm80}8B(=!mfr-& zb*UMc&Ds6~Ns%7fP{e!x$&+2us!L#(i2S#;ynOAcsJslnMS1ybn(sP!Ip&ut{Ri~^ zdP8NskW%w^`w88O-94KOemW6L_#Cg`T=H^0nkNUw_o(g?9L=%Sd1`b&gww$I`R#P% zmlsF(!(|{nJ>%1H4a|o22JVxK;;VW5VyXrvO#=U?`UanV?5@2yI)7%FNdqDJm(9?5 zdgCyrS5M3+h_@ZIy{%UklORZj1ncw(``a!d30=WsbO%Jl38z>lueU7T0T=UFdkIg=6C%? z(f(#3Sh|R^I0H8{vy%6K2};e4T^ejZqdg+*)Hlqgd-1pF?rb|P`NUQJ^MLpPQ>M|5 zy<=`W`}O?OuJ?DQMaRpYNi^G`ceBd&dwT+hU4uJ@r;Dwzd}9*XmQ@#JTAA!NT*v(M z54YiiuVy5jj;4@QT@bCixLLJM<+bi1kq9U6Igu&o7ZI!9Tjn5( zKhJ0cPsR1p7w6eIuwF()*9%6>hV>%Crj5p9e8niQr6uVIQM8>+q#b?Q4D8_&7M#(E zo5)7XS?u83cQA%2+X3ew(f?(89|xvjH>1moQ~MJC@lN^ltT^8o1~@QF!sl!W_F$aY@HI zTj-z>GP^p}*?b2Chj};TKS{)(;>%H1%M3!?`X8LZ8G6S`Gc04b{tF>69x|bUS@w43 zmRc`XI~ur4YV&g|5I%Mauoekfi!70T+JD@*V1TsKf6(ITC9JoU9vQKeBApf)Z2pE3 zb8RVgLfM~aB~qColubZgX@%Jz9^vgIRET$V{ ziV}nW$cVWqJB5Im8wNx%tuk zcN(i5qU5M|Nw+r8#%v*rgah1pcltmKytzafPYO?>X%N}cjQ8C;Rvm#Mj{G%-@E^2x ztmi+=L0#)q>y=OmvJ71~i)&kh<41~%tnF^k!C7Y#y(8-i5I}u_0PoW-|r$*zj{%2!%O7W<`5oLlPTj!<_?Ak*MDW(?blp>(K~)`JiSMA&46SwcZRC z!XjurSLuhQhxN+HtB$GYo7^CjxyVS~ni@y!a2H==QVlHQ8Goz)X>UEtd1AGJO;Eag z+F;dj$I5rn5Xd)9CzQR;Op3_#bh@sciH)eiKz5Wys;mi`Mhn9VDev~9-%dS-UH-I`^>+pKkRD!7CaQenMtJjlOZ7{=Lw!pPBfJBl zLgns$IQ!Xpr*?uzGyItTX;8HHdj8$EqazabJ*MpvraeJw3K<6Lh5##*7JDK zc1o3P<5AQgzH*&YD6T_uGtVMF@sG61gGVuP`p)0O3;_)m!FBE=)HO=<~6%_Vy zt`v`!Z@T$e#y1bD)|DdTOczl&Jmi_zH{h1t*+sWwcsVo>D* zW;v^qS)9aL7Ke0PUpDE26Aa?UfB%d9CpH~`>boL4@*g}U2GgeNNp<}AL=8%xBL?_S zB`sLk3jbTE=uvsdAXIegzOoB`KWOwH#OT`-^|ngI2wNVi=sT>OrWYzM)B6t!m}G#Y z4z^&oHT2pvc>6Mg|KNq}7x4Q^qtjn?QuJ3RL6wF@PoW@mYr7Rey58G^y{IqS?@#a1dI%-BGruNO-s^FH}_ar*{Fy$(=v-0-i5<7-IEuV){b!0AJ+d}yZPc4IH*ilRgra7<-rKT6d{>lP2=%#pj zxbGfQ9)nlWj~1hI7t{-nhRijd0_aL36tALq4czk$d>2;2OTAFAIjlT|zx}W`u5CTa zAcspW*aaap{jv6ilbubfwgt;|K2iH!t1(BiB9u;sH@K*?mfQYbx1hRI_f%Oi28MC%(iIyHH{hPkf6frZb`A z#6|Im5AsB`w{b|g+x$f72A;lvr@uo{>`xtAhS$7^bw4SX=1s-^p3$?BT?K8x0ER^Q zl8a)*RVwF05iT@`Ll4||P#Ar%56DbU~Oa5h>Hm7Z#*B71R)J0r!fXa#nNQhan8Qf%fF z2exPwV<00CGmXmKTT-b%?mGu(#-HILHF`e1^fJ`&unFvvQ!x6pBX~s(m1grD2Z=_e zrQ{0sK5=({kQtiIOGeL)#;=|TCy{gNY`}G#LE|=8L1@_=csxz-R4Z-41vRktniqZ@ z8Q)HRIHb9E>lf^)zC^%1vm1>e$(7dcamei_{rbXLCj1rcT7s6$^0a<^W^?923 z0E0-OxLfIcHgsIU1hcm<87kp4R&3`qvS_A}G>V!BOC@5+3kemW)?oipeyFJ_(H;rs z;YQRV&|0z)#If>Gw^Qm$)8LQMF{e}d$K%af)Ch~Ln#?8+DT6MeCakR_yO?bmJ24pRNO7KsSVnp5RS){DXE$x%#4)q0SMy(y+!wuq_>T)WL_PJ$dod-kjRK=M?`~o z!b8?zBky~xD`~G(>!fjbU+sS^mczV;$9owu4$Zn76K|~#tkNf`ez{}&W6PKJaOG>Zm9irVNNtK$LZp2$Lpc(1S0>vqff-zZDpVTM5-c9qE zbVW@BJD`bRp`O2)%FSe-mH-RC|4K z!s|D+YI~m6_G!_!55Tq;Yi%cl^yusF=n`LdYp*}9(_Y8$#Nqq67sFW1b@)6nXqs^+ zY&6nNmsE?^2GSn8R85hyK2|n;XeS1u&xi2k$jz9FhfXAwnk&D{YJ*;)z z$`^4o>k|uXpB^nvEiEKEUUCn!3rQ(qy2x|7$#d@)ag!%(X$_wcCqFRbBREmRzr_|2 zW55Nc!Y1Z!cEL`{L1luSA|Qq+gFGbXclI|=^Je*0qicmZ(w(f@$r81?^6nErm>^b0 z`ij*dGgJ%7LF>1Rm|9{qUiVgqD3gCjQ5*|vb$?L$Yi=AGr(2$Hamsg^<-5&fdw`dY z{Ki)(Th8?TiHl;slN-w4AO>fybCOWR9NU#6$*8@k7ayy#o7QQ?;F@ez#1O5Behzu6 z8I8R&u*X?T80x6f{qsijkcUGH?p`E$kJ*Cv%0gf=>4hhy<%KZPb=jN93R?6+V5L40 zN%%&Nsb|+H86(P%B!bvxJ7o*`>SxG$W@lwOdS@IN2!4A1om zme2BUd&+<8I$?P#^21uaO`?3^(Y7TQi)o1d5XnGZo005N;YUVsRk7Y_A$jp3%xe7 zNppUFK$IutJEUz>Qqp!qihbdgcB$ANnZAMM4D{1vt)Gh9SefKHWixp-4~8Ck&)cep zZra_bQYjI$%||Xm2C;NUZWLCqJ$s=`+nI}mf^@7jjjZN zaUBUKyGbcurOZPI;>2k?UtTqyv=b$otJ5_-P}$ ze{9e(G1yV|n_#aA)NVq;1p98BlhXvpwss=yO-G+xe2?8{jaiQS@q!(;_w|kBE3Egt z5UDt$eIJuU-SQn4TfrmP1>W0`!Qfb4s*Q!a%|MKCa`t|%U8;0Q)za6bpA)Bx=cr&jq|8W(&EKW@|8f^Pb?3x3^c zumz{kFSG{lSf<(0t|Tq%dFRqK5U0A<^VImDajPw8cj$sfpDk#dV9JfCs-!1VP6UIr z!8yRj&H>f7d;-U{5tJ+>iSTa*Jf6ps=d8Ze=r5=VKe9}I%puaABXH-r|u)knR04KYT!m@01>--r3H(%1Zi6gid6r7Wz)~?~F}~cN zr^Ftwz{ee-HVgdN2|qTe%&bH=m@XTCYR@v50wxw(c!Y3*u4;FqB}GKHjRrIa)3pR zdQO95ax%4t&O68{KZ@I#vw%?Z7jzfO-=`8_5{#K<7W}WGx6m3?mpmMD$+r=P?!%RM z>5K21E4?1neqMDg*PI@u%|nEB3XS8LY#-pp>&&hNc_U~vJN=;y1Uh!f)1aT-%?#*G z3e&0r?q8=`r{|#7d#QgH}XFAW)Z|Z49HL_d8m%V&UT7-C;YHoNKS&V(_j?Y zC0>$)kbOOUTis8!9v?b$Fiw9RLx_})pil%eOz~AWs*x!$H*%e0Cg!uo(p{2WD6Wqq zT?pKWSHzj<>FU(G(?KptNSzF+G5^`0yaULy)gwlYc$EJ#z{E23B*;?o^~T6toBzZ# zuQfUuJfomVNbrCNFj1?8*j0-%{A!@^0vkI)=~)(!5S_#(pd`{0BUH&NQU4D=8!I!s zDgN3Fi5}SD{BmZ8pfj!?kb3;DVAV~r`=k9J-P3u_dk*ke<%60eR9JS#?+v%o_iv@` zFtPr$(~t3-ZNosHiXZ61`b5O~33~4Lg)#LQVm%r^hil0h{Z5c&rj#HyD&igJ;|~xl z#Ld+uVsJVvMjY&YN{>0r5k8+VUDSm6Av+pe@~zDx$Dk+ZDGUZ7&o*mtZMZLq(jn9h zvwev|uAu+dkR0@U_ohYWQM1qx?CMysl8f60D=E_0$oV2i2n*t~gjP(QFwYq64bEj2fgfwOcX_2Pr^z>w&t1+SGB zBBlrE2cr74bP%vljd=%}kppabh zVl#C5CCZH-Cy}`U*GHiI^fjsX=ZH-Ealpk^xn&kpS$(u;*X(Pufd)y zui?-F+D`xCjnS?u-G)O2Y&=k_wM}qVwlavGerclBa*A@!`eUjF*fwen;hRiAN39`u z;T6CogLAYfq~0GRR-TTS+o_a3lBF}u?Pw6`>IqqVG1BG2xK{Wn6A-0-=VE;SuR+l} zh`90*cKu(J{sl{)p_O04%b&-!k!6bs`Gd*guMX1SRn{=4WgmS^m=FJE!@m;vR|NlZ z;a>*)18KZN9QX?yIIsRk{FE-QzH&0`Kxgo(Obe{tW~Zd!YQ710yi}PNLeoSR-*HI; ztzl;K_eW$vBHjnC`(`w7$-A0yxtmEuNXtay5>Z~FLz&O<1bUx*q#aR5wK<{=a7KZ$ zDHIrLK#(E5GY>U|Ey{HvbiMgaSlNY0+K0Dl4OioYNg{D!3w0-tyW?LMuV}lR45n7K zI!}zJzz&=vjaCsT9OECg*{?N1)&PY-dcOl9%J*9v)o_YRFtE^Hf6QH@H5B-`PMP(1 z5_gVXd@HBX6{XR0X>^}-F~cqFv=dihr+GI-^7BGk@62qYA)3r7U0Mv3=;v__(Gg|J zRyuPIvrA#++>zt}^ZX6{8OpDMtaQnxWOUR}t)no)8)tehgsOKELoDAZb~``*Z5K$)Xz-XOfkX4QIbUJmDW(Rl5IE`5rlOFxnO50Dxg6OkH^ z#E=?eVc(~wOA|Bv%W^X|m?%>8UjH(SP6#mFrm2TVJM*UzpSiFl5UrZ zGC1(A_gAOnG^3=5v!-le4l|+ucfTAE4{xwgj9Y0U6iegLIuzDv_}O+65#0?G+fH&o zqkU_%=Dp8+oneE#Cc}~UTVzxszSIPcFBN@>ZvwCfQ1BP^BWJ-!3l}!si1r3Ymk_7vZAx?r_VMsWt+)X_D4t^21 z%oCnVA?+t;aiB^u7OLbJGsaP^gEKIWL$sE=o}gNC;%muBtmPJ}rK48M+^|lI^u&&j z{ET#nq~`N{h3~zdgPOe+B>Cn%`?|JJQijJZlrRei_Ad?T6~lqOq~S0;8(;2&TDezY zx!&n6dEn$|neXSsm3e@bxtEuTfUDs>)adRxXI_IY)%xeKGsg;hjjT&f69|k}>Pfaz zkBUPlrxWP2bAtx)=_;sPc5dDt=LQYn6CT{#Z|L}p_CXU_)%tCCe$2us1F$1x&F!y? z-1E;+UH|Va0f&_jHsFSXsC}@EqnOAO(tR5+WO0(W4_8H8@;%z4qfGAB zRqOF0RI;TbM{ww>=|0srB~#yygx(4pLNO%79&k#ZqL#&1=z10BL!K!29)q#EgF%Ky z@WN0E+|5H!i7ERumMk_MN0yweT9b$VeZ<&56C=ic6N?yooFc~l>6BIzPLxzmAZNi@ zz#YqT4Q$PTa5!}ysa1T^y#}-*=V|h43}65Qfu3AX_Cg$za%Lc;<$oUYA9u?1*!Dp( zGZJNvPRx*f*AYUWC&fRehu3J6CgwV2 zF9?ED(&bCLxq{pSY1IkbFh`%;1X7A;4rCPqqho=?s{FJ>Q}N(THzw3wXfuK{9_h_YbmxnK^-aj zpHHH-;UCx0{3DZrO67hxoVPwO(B&(OZH_iSaF&^#j+vMlbklmox-8eQF55lEfUp@m z#^8^k7(a$xtnvZS&M;FL1t9J@qyx&P_vzd$mhQmGnJ{^^ibljbK*u^jbNY1$%dy`b z^6C@ZLTmrINa;V>6*1% zwJy#j%d3eRDdXB4a)+tbi$~y^iR)|V*oS_k-hOvZe+H2eQfxq(TV5ZV2N^|Fzm7f7 zGyGFuVd%vioz8oS7!0t;@ziPVb+G4=lL1g>LCWqNfs}buN|&s|f|d@R;Gy}Q5$&Wt9JMB{7JCSAogt!6!jJSQn|7XN?!5);$Gx(C9*3Ob=JL&2yLzHqy zUP!gRn4S||@X36^!@zrb+CCV<uZt;pa{WN1pB9={A^t^-EO!9N5n3yFQ1UA zBcqTMrASy?WtRe%KoN5tXw(=gGB=Ec>6lBA?1M!FHn$d88N4T^V&th3W?AIv?U24u z3jR2%I;4YK@#v5ye@z=0z>_Dl}%wl;(g zl@C`!+H)++8a>Brs491PHc900tVaxAh zw+LnAs2-xBcsK-Y#-U-Br*^?n6E^@b?`9i#>^Oeq)Iz9ys3%Zn-GT^A(*y?S6I{!( zwkVID$IVG$FPqJ#nDFp6Gg_4jftT2hks&{T8rQ~c83ILc^zY1&=t*P=(xp*qARvpM zkU$}Tu`1@W)zL$TBIyy>4ChLLcaZ0N&i<{(jsk|(W07TbCxx}qM0GHsH zItY*i)VigH@LXd0QCiFT&~LMRxzQDTKgMS8NV|Vdi+YC0Fo<19z;IB(d0GVu^4)i` z5%nV4M?anqY`EY@mrT=Npjd5ogwgy7*(kXl0#jw?CR{$)G>~wVemlx+z#Z$b-ZW=$ zf*ya^syZMT-v-K0ym4a>%s=Thl^WO)%WTL(C{BrYjyT%y4vu4tgC0t(t5%s?Ne4xz&$XBK~G`p!wt=- zvIx8vM?0B8ulfXOU)qP$Z6LZ&X2%V>h0Q!-jxw!nhg7dxrEGF5SUE7JL-!19Gg@7N zbD-_}fvef|fslp5A%$u3twbA73nx$}R+S)B=!v<~*G)_38hxtOOLZ<@WMjdP@@jD# zG{7qG*Ea=?H6U!2kbeCqVg`eoDR8F+h0XO}H>$qE{HIYSECHEt@Y8WJ;i`V^$b>@K z9y%#7xiI`O$| zpnq&?4GR?Z@yz}@<<~(dJ-{eDn-v`e-tl}Gp#Kr~Rjq>meGFqD-3#*yO|EAFJ8tw` zt_{b=xZ!w|1epgSFaJZ~HJu5s85DEgov9D+Ys7|*85}A7Oi@f@R0ls>~l$LDCv_{ld!=Brn6F^0%oG?1Kfq_?qQhAx{C@?I{lPtoc6?QQekVJ@{L z(R$)Nn?!j@vnWj|k|u~4Ib5EQ?viQ~^ocAEtTPM0 zoK;{mdVgD|k93UlcXXDjm!m}TbY(`ROKKKBSD1o(LWWDeEz1d|y72-%h2XJidcz)- z7Byq|H@7;PpjjOiwlQ2As@sd`%^aIs^1)|aWvrArDA}^icE4+OzZsfzIC2))?ymGBJx*wh0W^{9+qnoW- zbIv~Vlo|X_CV&i;N^V6$uYSDwQruEAT1#G+-lSrCQByEJfqyvQ-x640j<^LDrViYY zN*!2w6^C;q2si(;Yoteq|#?uq~xfVqu_m6MP$e4B6(%`4EF14_G>o%vU-F* z7_tQg_krIUP>eJuwi~1^=4m%U+J-_7j?}(? zCgF)Waw+of+HH=qI?vfIi71qo=N4gb#*8FyznS45sDCe_kQ;qO*?@-CF4oJ^47y`ZEU$y8^UOJ1Qht_w6kVp50ldI2;J!T4U` z4<3UD+J4u%O|kZvx?B$Hf45!Q=8{c?jKum_y0jazG|rhtU9h15tKt2ip<2Q!P% zTyh0=h^?T`Chc|z#c&GQzDar|zlegE6!FkV(mn?GxNRRsO8rQtltN5`qnyou(jYv@9c0JJZli=CN0*w( z9ph;{w_?WZN>$M~j;;<`cC>V?2+ zX1uWJFdo9Ye}&7*yGWF_P*WX$Ni?p|dj<-@f&+*WZFm?3F4(7d^nBEK2Zu3cGd%#J z1GV0?@CtGs$pA568N7h;>EIQqIdT&W)vaXbA{|klMpVXGyo|U(?hRx4_+|a^-m+QQ zFq#i0P6}`D$OuUMmzMZse4?it(zaIzw8ag+f5~4uPZ~Dc+ktoKX>9=hjz7JDTT7Hb zZDGHVKY@htMQR`2CPWLfZ6qeO?(24$ROO|N5gi!CnUpccq(0|qAB{Q`ww_Ujq5r?G}sG){Vq1zY1 zQJql6Y5g_qsPg)pjN{$&U3ira3w&*;sH}?F;)?#wST2a?=!@kFF3fNRuWxWlzqPV= zmAuTB5owTRA|=Spz3|GJof3l6=ewnPj4l2YlFY)Y3T32Fkg92oi$mSIgjJ48g$6es zM0|R-$X75eYjEl*e~V$kc{aZa>zcXMQN_w1A9X;NXQG=0rkT%%ZzG+6?3MI{*p8Z{ zX;8iAq8u?2Z5Okm0bkov0`jjeM;9?^)1j3iA*Y~sdNRnIjNP{!xbtgqPNf*^G~lcO zI@w;jI8xnqKHtYiuh!EQ=Uoo9U`4D2txddIzYp*1dk}#nCS;I(BA*16+MB1v?~0B; z0vaH+9v}PN44F$|gX`W)p_+mVvowQMf}2A7Y#Q*%8QcnVud?8wRD!w~GBjCd+gix) zE;i6caqHd)$EP?`F>XmwhVfE<8j_40`d%_yh2Dt{&2^`lBv-1#@P%2fg6kFU<7D13 z#?icRH3s$>t-U-rw(^HUe)f86X&EJ%tv#ag;}Ruln68mu&M+RZYa+Q89GDUunApOO zjR(jd8d6U?@eks4VWR&-3x)Os5fyFiMq=8A>#m=B%Qc?sF+$gKV$k~>MQuE+)P0F& zP1{|;%q*vW$8&S5?WX63!Ll6*KdWA_Z9GNB^p&DXPv&o`Scvgs-9j;NF6)ca`h&1( zVs~50%N>&Fa|skVB{(d@>Ho+ux47D#VHlP%B{&j(R~ez6blXO}w{&M85cPXS6NXYs zDD(;{G>I2l!VAr!LOoejViuG*DR@FY(4sdZ_ypXkR)#9hzOf!s=z zZ@xIHVnMkE9jeCvEYWmT%KQ<0Q;D3bvHr~11Q>F1Se)7~e)QQAZ<~~WC%V10ya~sS zRJmk+UTDm;`Tjc9U!%u7?fN#_C5Mp?EccPT4?FJ1uHfA;B)_?W1CO2Tr;Avl=SlS= zr~jlyD0`MVQ4uTajlfYHxOK=Q%`OHHyAQi{_vbMD1K541ynm;aCHH@ETNY;6x1J2Pvn zbIEKmct-~LLm^O`y`U(|n??SJJciO$2F3?})&c^c@>0QoZIOizsmhJf%C)EU%-(($ z;zNOS>yR3}@4;rO&~0H{q3k_n8jH9XxR05$DbDQbJA1=>PJLxU<_6_!Jr!)o3jvW= z`KD&U8d#P=#_!U0IPxd>C!8;$8@X)yW-{7W8jlS_xDQkaafPO-axzx{DJ{cbNJnF! zy+EV)BWW+e^u(Qi+rckO=uhU-@08OKigrH(<8Vr!G}^LYV^5|F!fL1Vb)x=?Y-`Vh zmCxoE`T$pQ>)j(UTlj}nijGp~gue9b3~!=sXd%qE$%rz>c#~~I%>>uMM65WU^QuoE37gof zd%Oj18Dl~%pM>h4TGje`+ZQ2u&Lpm8y$_N_hNmY*1jWYuW(QO!XI*PRY^fmQFye3U_hn5kDW2(0iVG_b+Zi2heRp17h(<^!CfO`#R1B-|FHzr&5Ry9MqMjgt89aIRf_t*if_7m>#3PofXr!?K zP7J2OTIt)AH?o0;6UHOELpF_ZMq~NX{lc84VN8km2n&j9mlkJ{O?^>f92h7Yn>ijAb1cqa+E`JobQK)FGaIU?7jb9>)tcO-jZm_a1LZJUn0w3kbV7x5 zN}+gpc$-@v5({=NIO-}m;u4CFM0zrOz-yfTQyB|7BhI943kQ5W4AnRbsyt{fy}*t0 z;)rT}ppjbSxsYJV#+xxjt~)q#EUwosF8u+K#RVI(>!=E^L#m~?%9zJIwd2iaq0H`D zO9~s?wuGqq_>(jG4=`DgHbhvJ1|fiGI&NHZU!kWr%&_@3f3w~*+D67oE66_c5d}Wh z>D?&ePtwy3(FVFu=5BqE;2jda0<}a;L*QuMfQB2~SrQ7Ur#p0beH0D4u>-nr#4qd*X%G+jZ6xSgf~ZS&*Sn<8$*E9xbQr-FM{_?%Ryt8Egf`9%nf}6|lW|q`WD%I8 z!$6>aD!N)>!HTkCauZ#lsm_8Oo|~Md2rFdq-0d#-RS0AgJoE^+{&!dQA5Q5TkboP6 z0G&^ATKA;r-$LeJLZBMa_VV^%rv*MH5V{L#LbTEY2dxXIYW@OB$skx;q>1_puOnFC zaM{Pe>(MF5A_Tf~WL2M-6%C>?q)mg<{e>4y!Up59_V5&Trhk4?ljriUae5}HRYnJ#e%(_U(Q%{(-EqA zTljf~wfm);wKO?e>3yvMY}%Fogo-X@Fu8*aRV=TT@dMjd%V5~hKG4915kvB~NI@(A z3&f%R7=@RWX<5Zp_AG?X{79&{R4=MkeYCMD5a6wQe}fSv6(_k=>Ye6%vo&!qUDtY8KtVDLHrUnlscdl>LFYJ$(}UCsw~u z_8CLEO^>5tB&Q*;k){1r%!QerkPwUTkZ6D0Hm)+00qaBxPgerxBZ$RQoxWMlyol$^7g(SIo!pz%G zDAZ25Jd1@@_VhcQ{2~^7BMQaeM7qM7;sDv3IY9P4gtsWzjyr*AlO4Mkme#)C`0~Ds zbmo;#sXUzo`e(C<#$F@QJCsQ<$MC!}?<168Izt9*OO^3#9fsXIU1W(ic$bWq63)>o z7V6w7Z=jgku%BEIwFeMHj0+>1QZFR`&)=d_HQxV><5QzIK9+t!(2q~y`S;_|2mAvXD1*uQ9T&NL~AWyT`EdHJ7jZo{=>PIym6cbdltFv zQjJ}x=%u$y-B%#U+Hf)dE6jZ34yQR32lCmquD3~YLFq! zDJ64DG^AYpKAEU>^HrA-z6%oLp7YT}5Z3Hc*#l*?8=^h(oQ=p>oPO0Pl$ByN!HIgQ zl%7@oVsh#~vwgt4Ii@$eB(D;2CGZF7m`nC5F8vWiiPwM6f-)$>x8ux7c1nxPRmNN$ zbI6?8fI!t{mtr02Ck)=uF8#rPhYP+I{D^nq5Gsa^gFoNdr7(4%??A}D^44U}1fim~ zw1upD1Bk|`R>xlagu;FA_19lmS#PEiY$+e%C_EZQQ8$5~Aqh{=(p-cvO)hC>1BVC= zPBA#;S?RD!g>sqJ@MRXaR0krPr}x|#UVSC3KW9NL;??hioorvE7p=eUba0?hw(ztD zg#bGL!U>?@bF`Z><=OZ`EIGs%;y@Pe%_%`o&9X2QZQfO`-~>IK8ivFBZfT;q%ATi( zCQk?s>+3A|QYin1)SvsY5pH==x)?O}5!Da~XF_=$v5%=1zDKw64|URh?JNi_IO;BF za0|r^kzRE0=^ht(~6UYnH`@94N0xomLUZ0yBm<9NYh>>zYu(@_mcl({_|0NE6|fFG643b#Efq0TW< zn-}seNk&y{&{!1N+^+uDMLW*3RF-H~tsg0zcXW`aSZJ$N&Z;~L9c@wB#^$+z7|7E~ zl!08$Z=yAR5!-}>isk6`W6uv^;8_tZ7arc`Fz@tUs+mQ)U9yCdIqta0HgYAtz+d>o zI26tET)|FLoc)0?VZdhFjYv zpc2&nz@+|hwU7Q~7>flqpi z(l;X-QS6hH7L_v7wibO3Co#uf&HKctMJH=keoJjZH#wuUJ+jL#yNwRi5(kn|?^%vx z5foK_OMjt!u8}N6zVAN(m~z^EqJH-{^?ZX#B{9<%#!BgvPPIl6Ix<{iL zew%RETl54eS7^rJUNi%5B-#lugMzM2sOW%(6#nK^Pd9&af1zx+2{qGIEW!Ir9@;k^ z8jbQnx1WbGztf9MagYLglM}EzIV{k&WEup4)7G!$s2YAVSqq*8{bhT5fb!%BXmJiv zT$#^88(b&&1t6=s+^7i>bIS1=B`E48@&g-Fj;DJe=rNMZP>5!9S|wo`#|C3s8kGF` z$!N(!#R^v{szqAn2<1nR(bbMcbNR{xT{fudN!2!B1zyFZ)Yv5Y65fwHWogT|G*w(l z^y9y@0sfGLgMy_Q7Id~Xu0Y#;*uF<4Y4zJSV8(C+YTs;T_|%Kxy&gnO%M@srrxScR zM5S4bEEsw=%Ddb{syDiWIL(cf1|jfE*-Tgoc{by%X!zX| zRL9p;^bO=xHFX9C(GV(Za0sp(o8dW{x97DVJZVCOy$d|q_Sz5Lzm%j54m33-nY`aY z&eA#XO6}1k()pnL95gMRNXn!;f9i*lLJ0mDEs)dfxWL#&2;7V9S3~dsD}uMZ--Kty zx@yCC(iN1D`My)Qx?8~+F&8j|Ae+4Z0nN4Ctq(l{Hj5!#LLvqrQMMRrt>16#S5t1A}pUi>ijtJ5IWfn3+m6J2m9GciJ*;UgF{St`v%a#8=p@ush$LYIjGPJs^)^j#r59F5_ zVkDcDU^BKjJT>}I8487mZ;k%OZkPv|!Y|P+t@Rs6v>Wt5(dJ8#6bsdka{}nr6UrK2 zLIGrY)#YZs@L?vcDD6P1%p}3T0CE-wjR9sd(dqgl{dIDh87jE}zrjS5wn0;FI)Zz6 zw>oJxc8pZ6V}O9$p=rP*5UnoH9&P2x*I6syXo4oy$*uOie6HLDWjlO&xw@Z*sc0$-#t&l$M zh9B?(YP~||+SvHiG!g_aFbyb3Q(BI1qqNNP7k)GfC8I39xk8`k6k#tKD=|bo>mB6+ zb2Cnfv213HBF`#!eKe5!762)nQ5_^>3r=3ln8B|fxf$NoCxW8*vUoT4+H+!q^fM|AY;!xz7_*&Z5}o2<2DOd zB`&j{ilc@8^(vbPFE+&{!dYRo9)_mY*;rFAw7@LDYnAX6baVl_a` z&aP&zS&x24hT1~($#(k4$sVRZ6Xd5@kn zHLGDg6~yQ4yWd9VtTqlE!)3=Y!pz~Yw~6M&GvjDZsNP!XusXoK>hYdPF%m8^)2<=J?F;t+o}EW{pRVcQJxy!iCmZTl0A>c$0v58 zndowaoCnsR3zpRRj-?3YPqE*k-d9=YYk>zce_&t_7A>{;7AIwR7l|8nCrV)o>Ot_` zBML9>UT__pTyrT(R4trZOx^l(QvkcA&R;LsHvfY1OZIlhjr*Sfxz$z~vA7HNEgL>H zm?ljLrin;}JvgJv<~!cFpbLD%ke>UYJeTm|zJ>4ErPOu$ncLfqpA|iS*-D!UEj@r| z58oyn^(2A(iOB#!_Hp-b7`hh*_re<{Tp4>W#P0qK4T5fei7moUXsc}yDjs3yt7Aqq zA#Bl{pbA~gxeW~m;S@(8@BYHG^N?5dgJrjJ49&AT+=cOLu+zq|{dLL%NqBH;sPbW< z#=KDYdK4~#J|;cPS(L^N1H+FELZPGCMQwS2_=QxT%tJ=xleM2|NQ~-@FEXmTx2D?k z52&7#t5Ln@f+*GRT|iWuk?Q@1II2xR^;?V}MI#7xdyUJxF^K3=7T0FUm|hxnJ&8K+ zy- z*Lj^x2So%$f_xFiNUc=INVNskv$eHK>)v z>Gb&7{$JwPm}6#mPA17av$1_WpnV%U@`ksGpVO+n(865>#LtET1 z(!#FM7B0_^w(z=qYT?HPS_@a`Vl7NbXyNq4dpK{2J$UJ#8&;wW<~x?ONB}+oLYB36 zm=q=3MA@i!fJoY{dbv(JtO507!`~Bj@_qOaRk(KPL7iTU2}5eY+QmH_d3)C2k;YN5 zb4jgD#h{?xKO$R28Id1+`9rY9?qC{5I5DzS_i}zO2Aur0GX6QX>MV5TY8EOU#l{rn zAE8rnU_YvW9Og>zBvIO@xrU8vJHva266wF!W5*Sp#%a=cL`|*6$u?QxDjf3m+P?*|~no z9cZnenxg5a9BuVe=lTmTBm%R6z&A(t*G-X)A^5sxG>vJ^`J|pgQ;@e$HDLe&=|~k- zqYEF^v-=~iY7gfQLOluBSv6Z*5pktP#6@k1xX@p?X($o_XN6ALqnVNn8rzW(v6YC} zg@N3qJuapu8vxW$d|=!O8AaA8CI8LRc$V3Fef9F_IUlx(Mjy(9MQ9y<-#Qj6)05%f zMA!M;3tgr-0WeK``5-7^a6+E$IlFrK2`v%}%jJ^Iqza2x-I2DVCmky|*-$e%KX}l;=P$ zX4h+4R1n=J9(_8cuv_&G{Z1mt)W_8HYW_KK7rePtGVC0Bc;i_!^Sx#uM6g0(8r zVpWWw{GOCpz#0Bxf8~oq@M7`F*5P9~KVpVajiuA6A)S01r?9ixebj?g6OO}DsIEFz zUFa#c1b66KZG2t-!M<`+wzjYAJ1@GgY(9_X)AgfZ(H%VA6x&z2!oD)Qu@voR44xsP ze-mNzc{1`sywhRP+l4Lnq4F_k{K$sfr=Z4*TY4^z)0aaq>`@Wf3d4XSmV~V`+!+R4 zkN39S6k|4xYHpi&XWH#{ecbJ~OG7-gm9`9GupvxO@g->r`Y=r78P4DoqjKfzAVT_^ zI}83V2^)f%Ae3cOPih1w;dT()?~Ve^}4#GlcP#;$zUUSHIH_j#_D`$$1FA zPLhp#C08c;0T$UMI|g3xpcg;EaWgctoAPi(ymgy=+(>zIQ={sd6B5}O_qz+2jpY)A zZV`cK!(PH32%<3txOq!Yeu=`0f5*dF7a7{aEgxcF!8?EJrwezFNA(OgigV3588s=N=mm;`mr9u>Rs>!lRCqnDZ)f39sb#Dr6J5=^EZzXR{xu2 znPP!Imv)&5RZI+an`C2!*!;)F3aeN0EJpZqwTWd(o9wu`_Bwpf0sh>XJTchoN%(j5 z#NhpBuN$GN_UM$r0E}_a{~w&s=R-Q55C1-jp`aWy=)NX6eFi@JI&eb8OVYB@bRk@+ zlCh}}7|M*LX5gL#LL-QG;dC}!cP{2D!;_`03Qr$c+~wNh7PhR4TidX-dujOCdzI!v zWR701i^k2V9?w_$>NYDq_F9*LFlVdJJPSWP)Q`sc`h!PRD3pNsR=?4Wq-c_!2>eqk zV{Dr+1;FS^GdZK{)G$1H{@pX27+q>En@Ww1O)8VdP`b#at1tHqQCf}joV1)2&p6y& zZOy=2#rB9(hWg9M9DHVprolw9h<1CMd7Jk_ZMPpSwik#_8m;Z3Q`$NC_n~jTRK|9V$rKp6ZE`7~7wLTWMBRq2;Etw1`PSLAJRRY(D49Ah^97)3u zA!5RhPPVu8$}%`2!|@^ZI@*23>^5Wmn%om)U2C3Ef=mt0PP zR{YgQm(;SU6T0LDUplHXv*ln3+GL3S%2U3@YAVdloy;F6Xj5GUEq4k+#WdBotq$_| zj-@V8L^b4;szDk~4vH8{X5m6-brsHYo9{$VAwbA|QpNl(nic~l9JCN-={j9}psMgw zy@*oUMb?Js<%cVIQRYe^@NcHX&Kbq@B_E!IKAeJ6;UMy^s1_htQl}{byiT>+k=F=o zRc8c24ehw_zh%x%H_VOx7Z)!)G(o7iN>^v||0uYmy{^0(XA{C?8k_}R39ARgo0Ega z3U_eicxr4(mG4;Nf^=3N)Pz+o+!RTUZ+)3TC5`7N{+4rCSR#x8b+!-~PKFMrRAzq% z6doOd*9q=*w7Vc&=FG#myENP7S1w5JQY&$(^CH~n`Bbf(%4h;s*vyKu zm10~qW9b2C-En)$0g0X>U%QkxhE*sgioq2qC%OZTi?4A>d9vAGYmCg1>7l>=IC>^R znp1G@5+2_cG_DaPdQGAX(WwGm(RQlz>(ROvkwx->N)8;C%>H}uq(QeH{;gcF2rwD3 zf3Bt}!wXLHLriXaRu{cD1%BL%jsuO%qr?#xPj6KlmiA^}jivP-5@l&>HnFspp=_oO zI07t<%I*cS+xgL^DVzF}F&g?i9U^fxhj;8o?AHO*snOnT(+k_T04-BaokwL zkr1K#r!Y&?xV!lH*crYhvwI7H#~GWrniM^yB(<&PQgua6RJXYA0oGj}eSCNI|L5Jc ztdG`Rzh_0et1gSWOBuqt>#qi_yZXZpkfM(xY(LG%Y9Y&XAqZnawxdDZaF^%$g`Eh3 z(18o6LHX+$GH0~Q6>Q-&oMz#Cpwq?NNGaHayCH7jjH*stIBuyKv7}n99XONT+?&p% zeC=%C61R4o(mrXsvb}eciW51yc>Wu|cn)ie$J>wh@{7Rg$>n(go2$y6W?*%FdPw|_3okjJ-+LF1D!sFfpt@#^7#Z2D_(FKrqPdc^Wl6&qdmtDr(dJ!~KOrdue)}Ck93JJogTwIdxwa^&kwwGr!{?uz8gcvG6Z+ z_k&UIqpJLQ?S=%nh+Tu79L|cXQfBQts!9#v3*!4L(KmBtoNuNh=0ST+hFBelDv0C- zGer5m8d_*ejiPK?-5pH}Hts;vLw^lF3d?>SnUx(bJ&ev_DX%o)KPX} zU5-$h6{0?01o8iF_>nIr34uFIq;V-RI)cTBU6LY{Uyb+2o3t$x@2_3Li`#_dRruT= zGC43}e5ai!`o-ZjXz|}uDgL`d`rOv|IY`X=9m4wkjvM!X`U&aMySfYZ3aghwIa5JM zhkwOTwZ##L(EGnqx4hg;=ftN8(p&nlf!!PkcxZZztYIc} z5G9VBiIDPv8um36zSgm?X<~3`XVG6JL`G}vha#rxai3S&t15dyt+5tff<4lj(p#+EbDw?|lQW%NDh3U)*K zCTsK!*62GeanFSJo#e#T(Q&q-qefilq(+=eT8pQ%)-*ngC)2$BjK+)3NaN?i>N`#n zjlf`gA&qX0#!QXI_6dAGoUai$f)VJ}X%zN3dAja15^29N($+VhiL@_;)nA=Z)k(o_ z{~;Bg{*Ws;Y+76=_G49?ru&{a!Kr%y0}{o0Z~2MS(Khb{UbQpQdYyqZ5qoV6-Z?|B ziLBSsGC5IaYrWQ*qE|(kkbPwz?v<}ZHcCtG0(o!seV5cKTQHiy*Ul7l#`%4MsY z)$jtQOcAo#k+$n$*uGH+iHu_LF|2p76m+<4Y|s+ZA)y8LD>;ajD&JyCXXanNvbBFX zb5d~=n0V{N@I~2F|E*A1_#Si}3*MhuLI&!yx8Ut8Z7j55Tx>*~z59vLHdb1MKpK!< zdY}k4blBYCulFKfzRv3wW$RIa>}^GKb31zrUHmTZ7RRPNsTzxpm}3?G@nK?x2a^c! zlo&m5rTa5)Hxlf0bVm#Z87^lm&}Iv2^l$G*kdo;D7|#hF2QxZ4Vk0RsL+Y>mxjMuJkzV zvC_w)OdF$1rrpvm)7}|B7s~!RiBqR6vw^H#AI{98INSzNuy1q8`3|`(^NrJvVnC;F zgI#@0dA&>9QT%!DX-09%-;Sb9eve3iSG?IcgwUsB264ROX64D>VEE7;JG==E0fqG} zw@qdWBLx2)>2YCd5Q5~B2QS8*uq%>IqFZ(y^nDgX(vdQCXPYDl%!e^d{#R&ju zjnsd0{2t)g59G*~*{0XkK{Ia!3l=K*y6u zHVxD9bu`x|m1W*U2B4-tEI4`O8s`7F3B6Iv=nbrBp3QfE=0*fp7ApMzOl7yrq8-=@ zdqxjzeS4B{eOWKIOve8R2R6T^vYT?8yIFt$h9o z9(Y@PFQVb#DK?Eo>4;WRIH{XXmw5h<$0!Eze93G$VWU$##t3Lx!nM=Yj%KFEQu}#& zbM>>g8;dGo_I7mo7pKF?=qf_zE<*oyv3fhHz6IxA7qjJb6>Jxt38CNBGq9q)X)dXJ z15;2&&Zcs^3KdjvW>H>k<6iOXS~2D0GpnJm9l$2t_a7f+q~&P&Gu!0HPI3&;;GC6z z!z=ccTLfY}&mbReEWZ@(2)z~_XV5tartK2)L<_?sa`HxFuLt~u#2&a79{84^HVH5K zm;uHQk!?r^sw_)ew&@A04%)f^@7N5aR??;@sYz5#O>(AHH=~ob>Z*H0SKaG9Xto|m zXC3hA5Alj}zH>d*p9>Z>c4?RLghGAPpVXuqyE3?^(o>{ibyS8Q*2NIo+wbgwtT^S4 zop|%~54HSHrfI~d#)$v5I}xABiMPavXEUG2yH(crCoM-Tj6B{RqTNQn{&dH(eih7h zKF@H6dx*>uMOE5q&pzTmruSsnva4+VDuYm=ADiVl%UCxSj=Q&FF16OCR(XFx>um`G zoQ5f~;Rcl}g_V0hI;w8gb1&xIXbW zr~J)~u1(SUBfnd;KhEh!{ZYyaSH^v-^+!r%0n~j_x>hM}4bR<6<_lNG>g@10bxx1g zxua{e&R4opooY8$=g$3FogHZ7NW=q--iH-&Z7%{Gc`noTlqqfYl(GK8AIw%^|n-EvEhxNXu6>}4`k@0Jd;%@RtR-$9#Uu7Voj>5#e3+a2E9{XsvSBK!m!--S45 zUo@Z&7sF_l&gVv=c^HX_`H#~z{|jWryi?5HCfxr#apRJ7(q7{73|EuXx{7P3(|d3u zj3dgJd)VOG4Do~8A5L5`3ygv`!ogsFVK^CE-3Oy(oJD<&&As3(>g$W3ua#@Q(K@<+ z7{i?NJ`~D^kgQkQ>UO*v>$?}bM)jF4l&=-A?$agVqTbcZqhws4mnAw?bbiSM7_g`0%$RVr&ze zzHt@oT#C4}Ut2L6Ye*S%5C%Gvgl-)hIhVc$&LlY2TKz-Y(0{gz&xW9Nzm-WfC%02G zT(X1-Fw(zUqa!`-uGY(`_ur3lQnY~!EYSvDVxb0Jj19bJuhzicw492xo7T4a-3=nh zY|0hu4LUJ7|FiqhprsVaH(Yy%Gzb@!XY+60P%uD*eQckZRj zo%Q$*M)&y;rB5+9GqlE?{aUZ!G-35Q$yB=PBjjimZ-Nd2g?BCGcR4l7Vmrd_{BTm zZ@AEn6FPiI9p2K7!>{iuZMd;U%J>yotU z`^Ku*v+55Etonh`>U)N_GAV61FxBvuzm>l7y0Q}f3>{V5V-qc{*~HF`CskYZ#MbNn z%x(D9pta%3PSG|LcA_?TJ2MKd`7%z{q^qe?)^*DH-)mP>r8{s%v59O#+k2#TmK-)r-=q%Jr| z%fD`*BRFTP&3|IxqN`oPiw73Yz|01oxt=ojjL&>aCgeUja8WMg4lf)6nOsSAw$K41 ze6t(tY`%KIVXlEUP7*mujEIZ{lid2RT)~U<_LT;gw8yRgObFO9N0osfsS!e1d2u)V5`77>jrubO0 zspdE@{*Tv(u@G1Hu_gC=$6j$EL8XP&{y4ea+`8(W3_{$>Ub(P=aI z@zm%Hz9*Gt@TxR6PoLeR&ES48gH5EMXb;5k^!7w#Kjb^Che1rT`D$(Ud@`{V0{_xQ zZHe>uwz4F?O55@-Zfi+g12ReU9VV1;j8vmTT+iy&XGbMIQRk*wE-Hjqw z1G`6E`9x>pR^0qZC}+@xonHL8fBPm#460$5gKm~g7NI}GMEqLOFJRn{1xeH_$n(D; zvvazKMFVo1)Zlf)DA}Udv27cb1Lwa}*eEoeN=;$rtk5QIL;kZF_Svq`2n5rWnpZwX zC;Y{O38Uoc1oK^?jG3sL4yHv- zcu&q}eURGPcjatmMz3mS^nY*A`}oOW+@RNNjvDkHN@ku1&?iclx;TU0v%>^OzzunY zvIp2oxvP^#8nX6TM4fkj0%g7a$CRljG|FyEj#5^_D4T?oE&42uvR<)Mh2{{1a5(MR z2XN#5fG*yyzLV!~Ea~SHIcQ1$Lx-p(ePstCr@-9Sl78Q=HkS0AqLak6izW%PD3D9} zl?|MR)8WGaNkF#0tn>DBq3e}quHNSd+%rSb-`^+Ncc0Z*x}_`XxnOacI>Ic8jDi-d zW1dF9BTF?NnPVnuD>}jl^W?69uaRW55AUe8KzZ&qHo2~%jayq_FobKY=hbXPB zC#UjVEmj^F3tm zZCG##Yzj7^!l6TGxw2O=BzW_caGEm^=r3g5G!yr=uJ>{?hCxOSMpNa^{(aL06qolN zmKNBHq2f9k5z)hur&b64GT}89#gHV5<(0EpKs=p^q6A{PY8|$b5XjC~tq*QM;dO0Y zQe1$#J-1Ngw=tEcR z*Cq}du$hcCUjD*_5_Tge3>f=LeoLZtlo+J1@wX(05r#J}r1+Yf@e;ymlXl>JNj^}_ zvL066-wLE*z$bLK`jE;(l-UV!S0yRYs}e`xCn3;{h1kTbE;-Bg0Usox>^SWQ@9&_V zdcTI!2i~zBJLqZbpjLQ-(H=%*hUx(3(BfJRY8yKKh>b2U2>>qqJavCg6gyI=@ZAQT z5$PXSKJfppiT0RO1$0~u3+stU4~MXKj*Ml2G3QYT=r7#zty$O}!e?$hwv9K@*#6rb z9ow?ckE-F#?1+Ai_IR&yD?VO8p*CsUZ=lmuBg{@m-fwIYF1U*(q4%=zeI%QP+2bqk z;`8<_5=N`pyoI@EHt|THK(|tOc@wh)pTaJ_*t>nTck^j0FVP1lp$)CDoG{m-*U|Q1 zaUHkPsT7ve4W2)g1PcI|Lgv1H6i-X2*i$T2TwDShp?sAA*`=;+*r%3 zbHZKS1)mA4;k#~XFm3CU;Mhq}r)q~vZB*+BU<&XH>#AiII<*U54L{4hgq*imU9SLONT8KCH$_$W!?O0%~KV1km_QTgM(DZk-oaLNgKmPokZPI@PB2D%UJ? zo6GodX=QT>p}3Y!89Hc)EtH!H%m!U?Ote z^@b=DurotIR3J2kFgmPIwhhm-E9gE&D0@GiU-%y5NG?NK@slX53x?}RgmnQS=WPn^ z81z9Iilz1xXL?tQ@>(Ai8)T)IQt48$S(GNFR~Kh6O~nKF^b9DpqHLfzcmgb-^KT@R zO{Hf(#-N>$QTiOVP5nbveT97nV?en)Q7-H>I7cH#wR-UUDF=v<)5Mh92M4P&#gxnZ zM?nRpRf{{KO|-8g!3r&AD%Q=j58Rw;rl0h1Qw+xCS@biEDErI#}cL<~krNBzs z582QVL$z%rw}QE^W2Z)^lE({^9S4p%VKmZJzxOgxoo*JjB2`3t)o#+i(l z!QTb@G2xh4_dC~7kXD$_kFLh&s1qt3L3M8rL-TpDbO-ic!hz2v)2`?Ha0gLT z_8o1A$0Hrp?Q;u`3*{?d`C<_!C}OS@Fwo2=&V(>POvX^HkFLYrjh!iAJ1Xow7?$#f zg+=&LQD{TZ+`upcW1*9@2HM&*aD=daf5Psy5nokCT}K<(AOo#b9zD1I&7=QV_Q_@B z1vXO7-r=`~=^~wMYBe#}@)wUGhiXx+{nnkKjh_RRZfqMhY8z|f<}kW}`HtlXfhB}` z;{eIX9g4OA!`mu@{zc{;fh&)p1M;F09~nd^n^AYJ6i68ONd=vY(!J_&(*@ZB2-| zv57%DTi#;*`J65e_Ujp4d$3;=UA^!=s%%-C$|5b%%6`#BD?3^VYwIGL^n*=U|3m8r zXI)DT7IpEH;oY4exg2U%<7m9)O%k{|s@50&GfWr$1z|-%rbBD54I@Y(!8ntO^xtM} zSBkUjHtRLZ?z1}K0gAI)iHwo98ptH#gaP<4HpeSUo0uujVcWVs%A&UrmLyoi@u}ps z_$Ifk*?f5;W8!egM(Ci};UYW?s7IiEJ#uWJo>ByUfo zqkUzWm3WuBO{lovN>q0>x3nL7{ zPBNM8s>;cJy!BXt^5Sed{1NIPv>!(7j?qmxj6)%NWPun=8zPogV(nFo2sB5lfxW&G zBsMemHq1~tHlkwx5Tn_1*3J@BS-sxGdWTZIo)N6hlcT84pHKDE1mSyXVBYweR24-N zdL^6-r^c;p_h%3K#*UG#^kFW<;{F`H%;dKd94$(jqs0T<=O8W&6Ga+{xkjkg-D`(M zH)&@Z+2wqHq3|m%o#EUr>V{x~Zw10P-0*9oDm6#aaR2VOp4vMo&I^M3MMRw;;+05o zUJ+MlUJ=@Q4&06)`W5ZP_tx~*pT#*tq?)775O^2Xq%v2@bE=Q36yBROZ*&2xdg8-q zx6)kJx> z`38>e@0luAlR&CP^p2B9lL`O1bv$DzG@A-F9r1roxZ!;A&T)jQ9W^=vnskSv#uyWB#v2;oEK~#4PKXV6m;T^d7 z<)d&aj7*E~#HLr8qd0E^+q~V?j`4e72pA((?xGT)S~T+!o(=_#4hCVlV>Sozx%3B? zbHw(eY;Yn6+uR?pSWw(V1?KB{+Ugt9=GrgaUwG9o!+3NI#?D)mA2&9s@isPyC8u7+ zEYg;eMH)soM4vpHROKW4wgE!mV;Tjzc9mC?&*g!W6bq7pdW1y5Syvo1+C=G5AG%$Z zlN+Tx5hm?p2)SMDXu#NlJbXyC<1b{ozQRuD<~cE5q<&GZ%f*v-Fsgo!}B~HzOG47A^Lo_n`Xtdr&sn zYn9rkPO83Dc#C1sK!eblIK*wRw!t3d6}8^KunlNXj=%8xpS8;icLVXB8nn}HAl`Sw zVKyEYZ$MYr27VzL7s2_A_nn%}<>yZ6Q{M}ylZ&_{N3&bbcR`sK&P86o1DMP}pa5b1 z^{VxqRs5E72MJhJbj$gZP{sf_Ohc;^Z#j>&ikBc%B)7WnJdq?U_iOi^OCZC<#QV;( zV^^5A;5}RY>cBz+_H#Bl^JgT#L4k ztc9=}$Nex&N0JPS0A(hz_?jSjBZM?P&`d;~mu`iMes*RbbqV%A;LVqQ!~t+a|DPK~ z`{^o*Qjc2g&Uhlin@dIc`nsd)_$uRYSTR(bOUmWnL_cCsCgBS5H**9Yr@AAI;f=OX z_z5di^6K}5;;mYD-9JpXC5hPuJaN1qO6JPJEg+cP$Z2yH91+TF@N%*5-f`*(r}P)| zsSoF%H+iinHAFfx|9rJlRDsJ{{KrOkjs*624^!a4Du#wR94h3!aOM4py>MB4SFXB_ zcO}Jrk*bIU>95GZHU7;ES!ljn`U@K5k`AypuDb51%6sWXw{+B<{j=u_sBq>%ts5gU zpT@t_G_5Ao_Ji1q56n5L7FQWZXuT-Tk+F{8G`;i?^Whs?6Io+J7k6Fc-<%XYMvt`l z#%AhJgfg8xfLF%{RBM?`%_7?l`Fe6pp(`9u9+K88GDNJVL|vNAqoX0)#0Bh5T-vj)5J|$3o9SWiD(aqpv-xx(b>-&dB9Rb}mLZ z?GMi)SvW!P#3&t5DnB5PfNQm)rTh3Kij2++IkT&=px>^cg1r9^bAJNgRGIyc3wtqH;Xg2YIpT$_ZzPYDC8;Q(6+-)}5Jpm6`63bQ8w!WU zuOe?6f7Mz;IIPAE`?yTzRY*pgw2ybprH~1N%+2g0e%OL;a8-99&_HD|^+k7!Ao;i?A zV;R>+9-qM;GvATR*yF~?<0D_uV>Tscvd1q*9)Hdruc60nRrGjGR;Jg9yl~KM)1zOsIDx{fKvG0Ncm^F!) zlgFOV(9)*k^S(6*j{+YQsHyLQdGI$2{>tF52>$ZmF9ZHk#lDxJ{J)pxd~g-bIS*f% zr_)hb-iv`WRNt;W1KGn3us`&cRKn$!RZF&AsFf8s7hhQ*`;sx}BkVpqWMxtrBuTMJ zMUYe$n*_4;l|_GwRZQ$U$+!7MHh6!08ASjCmh&~4sK=aw9J{{ci?7W)!ax@^ z?j>fUYXlBC)_pDlrnhDq0xdTn1B!J@E& zkil*}M9=G3)-!gx`3RChxgW9M3=MIH;5Bh5=6vo@wqa!Zim?}9xfp45?2vGo%e$26 zoT8T(D$~+_TXp)I6j@9A==52FXh@#F+Y)=>B1bMfhEme@eA^y!bZ_|9mYs3MUrQ@odHP8k{+~9*(MHHK)7nU_N^w)}ThXe46iE>+ z-TODWw-+fZV!IpsiQRzW>b*}Y6r4k3bq4UhMR3sA=QP=s2h&j$8X_w z&dcL4fTnk!>uZWH6nvVyc;W(ngluK%FjjeiSktR`l&R49V7RbCy)dAigIMC{)2KvA zEb)sqy*=9rYNu9*+Id6v6`?IT!ykb%lM9Pk{Pg5et~U^fq_<$l0P5SFW=CP8UD@UO zQp#zP1Zs=dNtWn8Fc(y}X0p6b3dJfiLBh+qZF*SVlPpI(IcQ5_F*K%6#s2Rq+9ig@ zCHqqL9mzCI@|nzbtx@t#5;kJM45*U@1r=+ODEm~G6T_uJ_BSCrJa*m_d2|gtiUVSP z93I&Vo1E9^kIG!*;E@TT82BT5Md3xR9LZgKLUK32(grFHjUx!$R?#~FRZz+LuQ3{4 zUp9w|C9N?u2wv$3^@o2?ZNzXcp(OZvl1|2?H;{etQMytwY}J2Q zDbQ1oCdggyTUhWc(&bQS&Gta{pO0zG-`HLIT>d@;JA7l=jxL* zc=gZa*W&%S!F_!8!UT5EP*$`UVs4B&;{_A%s!ZpC%513hr9+v9aC|BrtE_<-(fJam}V_?nN^2%GD9l3Jw)nHr4e?^M{`pi)<6YkgeA7U^e| zy0-@HDjPEt`oVUnjtT|aY0R$;ohjBliom@2wVvJ1UNAIs5#G~j*6pWdwQ?>4Ja_&g ztIB#4Gc#_kIBs<1I|}QTexWx%pW6Uq9Prh!JIL_m255ZX<2QhmG2(OR4S3<9SNRLB zvnmvVVdahSS2n`iC?y98@-SRlGL#l&SUeI(Wb~iWRJk6;#GC0?R`uHUDzG zG}oX|K~FVxakuM(2Jf&K0++K2V6=1Kw5c21oh7M#*;tF-uRAo2kGCCZ+x5M=k{hy$ z-c9fjjaexr_*RTYDN0u(`5s+Q3(7;-EWn4IedmY^YX12!crQT9^u$RSsK#&XTE#eEcHuDafx!#3#Mrq5S4^#fieOGxwe?@8p`Kf1bMtHN= zAx3YPshq-}Tu(47l?-9M`9wa(CxH>Oh|knnD8RBT+IN@wOw}A_-O6y*CFRlDNZsA- z4;fK6tfD884BreC-okU7gnRvdb5be}{%E`|Rp3yq#%DI7%4p((5&A>d_n{$?{Fn`v zdi-%eX3JvPGANtmAD_+w=Z(+fg_mLBE+Mh<d6$OuirOxVS4$u=pDV8YW(#L z*!AU*YFTe)s{H)jfy*4EBEF)5R917H`l+5PFC^_ixA#*HL@H#8tNT;^HWLME)#EV@ zv8!U>(&RY2+)KspxA%>sk$H|lKuT%*xKBT@&%X_&+=;qyQQSqi$dgpjeSflH$$796 z=B$!)rBpc%9m6SbMhi$zKelG-n2}5Rv}&@?X5zLDLocN{sYbjiyYI$S*n^PdfuHPR zmUb>XDs5sF2sK6qYeHy#9}tYREgWhKsym6QsWhl4Qkt6#2s#&ZH~O%vRZM|j>$Jh* zQ5x|$xQ?*he5NKkuh67r7fPwFKlo|GSzgu^&xEeW)cZ_W_wPZ==mC+fv}uych_dvRTFH2MUq5!vuK*6>?b>h zo64E#+IKA6dYeOVr1MEuiRF`T)RZv5ReqPF;ZPt_GMpU{9=Vebg(|8{h*$4N5T~UNN*s- z3JRcR(g_kx28bAY>BLwL{Vz@L*7qa-ht3MaaLp+ckQS?7ni$H!A2F@yA8ADbv;wVX zJ6{h;>SU5c)0y#20nwK*Z-l`E^yMHB)$wy_;)+o7Gbxp>^QFRFqUR#`qU@+Um@vAm zNOU9aEHe5#LSe1}&w=`MbE zBPziDmC;ABD8vR{TXF!+siJp-tmUG0f6~ob+2hLc%2-9hO zDht_JtFEX82@mSAHd+cBU0Le#ZSZ^Ka#Js~qjB|z!EQm_*XZSI(ed3wOU}2M()c5o zhfy$#w*1{ujf>ttDa)W3{*i1|S7F0Kur796)fFZR<(O=mB2W$vK-rI z5mOU!i|ZS)=PBw;1{ZNMpimU&=wvX^s;Zp!7ak5%Lz}r(v#Wiq43SobN@1(nv&@K# zd!(h}HB8;Y$2WhUg~=gBu0illU`%h^ES!Dt`@FUIit`&~EAY4ZRrF)T`pdayq)2b; zEJuV(cDf5LipZq`d0HJ)OYS;qk#cF z$G>wZGYmCe7Z?P+qeg@_gGj&eM#T@ zL$qyPLJx|*p2ja0BUvVlWQRH{)uB4G%vSXQGi{F;$1Ut}ywKj6d)_Lk2}H2h+m%lw z-{Q4+=L?j&8G)ppZm`C$jl6wXm$$R@w+CC*iDrr6=f@Ylk!fJ29)ZLJ*w>Vx4OLca z$UES8Ag)gw;~ZBpe=k|R2iolA(tzkmfMk%=*rNWYE)lHK`OVKdzme5N(9QW~LN556 zOf*Z9C3l-ytopN=j%>faevUz!ZCWM?P2;rYa7-45IXWhb==m)X_!VwlE73nUc%d1K znv$Gf>pq?+dQ9kVc^ogEfa$cBqzIySaT3BHK1axo2seXQSpT@HxX&0ZhySH`8$ja&3@A?{SY-vqNj@F;7((Gfj-t*HuVvz1%`U{PvN0{ z&V+&&pDL-#>zC=TUx1bg211AO#b59vnP$z~oTR za6)+hyEsxtf(bd^__^+Cyp1$k^gE36-EBr@E$O|;On0brX%{-jj6*vqHTXS-9)j6j z|3CyEQuM^p)af?2qGu=SoDgDsB_h=Ze@H|X0*&ZbiP0na5r(4f0!#i+3O3#cIh(j* zO(KnG!;gB~ZLs!B8%*92I*?9GwJDEewHf$C-W*k}^IUsp znH?heSd%Z~Gk+C6Bj8cT0nifmExKr;D~|dU&E|pg?I2kkH@a?Qf`?j`N@tkD z`tlp}sePgz=8E4$h~7V;aeY`!^u_6ZB;AOK^DrxjiF4z4t1#4hR28Co5>5l`R~Gdt z!eSMZ;taua?UVcI z20&(S;&tQASG1GTd`Ns`*1j?IG;8inOtSTCF!eljp)rV|@;x(nz3NH41H5%DS&|(H zY|S7W^RVYWvY6J@CojPH9RV z;w%4i1j_B6mDEtjS}kqD>=6bw;>PYqJh(0H-$6B9c7TnPwD72gWCkoY8`kdzRQLq8 zE;Mq#A7qnC9kD$`o^BPGE0ySd%MeA0-wCmM#P@=}M|_K%u2$f#ggRrgL=*OtiMWez zi%!}KNi2}vEhOIT{Vtjj4?A@f^&PlKQ(fodd-=O7rOoj`64E<<2T+7l38&fS>G zS--p4xGPYNGmA#wMs_>+x>Xn5(X?^tAY%W-?`xmKd$466VX*lM+DnAs=63Q9#Pbas zw1M1ZDxY;`kflpfqKvXWQbLQezR$U;$ zI=Z-M{@HB&?0fc0>VyKDQa>pvc^5pf&No?=Vr#dM?$ErS`KGz#TWFf}ZKff(qfOJO z4Z&N9(YFzQLj&N-0$S;-fu_B>Eibx*i;SDA)ojrdyg1R(_HGw?DqFlQ#1dZX%(~*) z;!Q50#Y^P$aY1r%-n6sAFG;@T3 zZ%duc4pkp*OzsWMWOaTis4tFHc_~_MnA#+-v|)ZVw*jsEo2YKAq19 z?vL-jb^=NLuJAb4wndMlE?T_NMwZjwZ`jt6avz8iPwGz0K6-`A9Tjb;*qo?)nYQl> z%O7)(!Amz$UX(ArYk3p!HWg}`1?88p@-0ej;9>o?mAV(WE*<(Xi8IC=oiS!a)wGe- zWLG}J%1*SR7;r#RaC>(+kiFdw^1YC1;|Et5jK!?rz>D|7 zxJ^N)WB$xC+Iy1JeZz3qQ0PZ+V0-j^V>kMXf++ok75#I*bf~wdTGev16`H>9l+mz- z6eCDG&l1^hm3_Cam5KTTgZqV56tMO9?l3YaAhMzIrOl+Keg#{x1LT}fA33T;P6^I3 zIJR}KUvOT^^@XI%be_kg5mMLXYvKJY?_Su?-^Bx9g^HV60_-c5+X{r!0XT;H-?i^{ zvR#{RCemFNvC?qf-$mPfn_V@~l;42L8nS5FMSHkE(7SJVJi;0qSvlSn2|@?&NVlnz z!b%(YS!VGu?Fdro;fe>66J6P@)bUi;Q1yZSFzw1+Mx=s*uelLR8*2TWDqT@Wy3f1b zjlNI6Bm3Bj#yFp%RjZ`B=E>@vsa81H9X!D!689%nv=3)%0}=q~qpzgfn+B^|1et52 z=WZAC-{D6*jE8J3EJ}6#h6*B54h^8N6;;HbYh57M9wO1U1$Vq#=bi$B<YujB{-2O6I%o3`e!S`75qI_&U)04-|%yv!a9{>`dSf7)6VF3*9}r z(g^y7+)GZ-iI!S|REIj%mcX1NMuS~gheHu6lhl$_R8?YIF4OPNFX(cAK3G!Y!n&CE z_u^!IZGq`~;4n^YJ1aN^3eMlIGGRmJAx)6Wl=o6E{CkD}-_J-%Ei!LF}XOusS4OVa{Nvs-a z!}i3eH9w41Yw|7TE$T}g+p7P<)S3@}!OE)UE?%R;6p+_N^LVyS?P>7h;xF_Wvmid| z?}UMk81l7&kB`B!qx~dw1^eXPcIHKOnJw|Nbz;CWulXXAMQ)-pFNHF#c+`$D<=2ZE z*`=sVy(lzgoElTq!QXH_wn%Cj9fwB3jIU=}xjN@?r4i0TcoZ5ErM8(+U{UHwZ38Ev zI5-HwK!-aRYBdrIyCG(!m67LJ=RqIER&&$mG+Y+o2cO&qTl%?C@fewXv2GrtUS$qU zfC?C-We@y)5oVp|P(E>x884!vs?S%`{5}ZV`pvMd9|)MBl#StS{imp9@HO$?s_-hP zq2JRM$*N->Ue_u%x`t#{0&uc1;A)823-a}VizBig6h|A*#XS{ElH-}tn+zL|FXi4# zvFFDFbIvDx9nYCWF-L?C3V${BwtosPiS%}zj-qafxl+9u~{69M5cU* z7zSR=X|*9(rKB|3Jhje?5i3VSU{dv}OiC1MYD>i$Q>s<0F_(@q^>y`^v|9KfKsI>8 z^=(Cg!Fe&(s#af55SbN?sJ$FrP2OhSuh{YYMbfXlz@Q92WXIE0f5Ed}P)l1^Hlp)% zdh?OfGrzZ9EPMNFBMckL=vcEHUr=;YA(}AJV`pzP^RW$5&Hr`^&}&y#*EN#0!z~oX z=g@-5=>PT-HmZ-7Hn5BvPbEnH@u^Hz=4uNrAeZGss6T4v`Xm1>Mr`Q%mw3Ovn>@l0 ze3OE!RD~UonO#e*tkgS%TB&eH`BAy>uq+lI4lW}h)6@@o#*TdP3!uwV-2s!9_QYgz zD|U|8yX{MP^+*OT3OfiRJBPM`xJ$*CP<1qp97Vw4lLT2=fnO&mrn+Dz=0LoM-Y`fa zg*~fj(aCU!Luqm-pE{J!0^93RiQ&4~s`kOt5v~xQt7&5f%NlsYh1UTN0>50F8ko4c zjplYOEyIZ*`AkE*ZQy``S$&|Q*G{sXyIAM2g|f2KrmoOMvI46z75C$ZP<3|~?NJx* z()q8fd>ObSh@RKb-9vUC8NJC&>v{xQ~pzIx@=pNbdGb3x=FG$YKc`82i`@8&G75KlTbv&+oOmRFUE_M z=#|`hr3!y63(H{ytEoEL)JnSiRTTnIV}joDM=}k-(mUfL$I1)9=+QvCmtD1|;#mON zhCxQ}Up?4>Bz47NIy7=oBFZ0VYP3x*x_fijm)(fS9kv+Ew{Vleh{d3OejgBH?*jrr zLa>2h_TTxOes^c4ppTDFK$gFiVcFx}_ZB)x(utR(Fkcljj$Mg|5n|URdGMD3f2m^M zI7yk9C;3aVO*BCz>Hd-ey2I>SG7tWW;I9n+W{G{>gyQ2bSwsO)`<6)Xog3$t%wlP7 z=11*j{`u~(W4DgDkP7Y64Qwl3#ufLY->qN3`rSu#Z*})c`V{a@{npZ^E`S+W$&GSd zaC(iu=}#jJ>Pk{Gr_=6NZ6CpzP?Nr?tR|gIi$27%FKd@W`8mq|#-UyThim7>w!(#} zuETb2Z+jMytZr|cWJM2|5m2_B+wR(x8_l81p#@9-40FNiPPVgs=sc@3FIDohjw>_F zcyyK&vt2P|X;oy>tDK!*8%jZw&L${Lk3o>pgGcQ&re~q`6NxYba)v$G?rt}WRg-CR zjQ_=Zj$y*={?(FDKTbO!)>u;9&4N`;0>Z^8s+{QGssf^?vyufZKrSY$wj|V>RKtT1 zEs`XBndje$`9C8^D@#h3(stw18lo=5RBv0lWhryx!s`j=P)WTqUGmx1GEiTHc0e@m zw!r;m6vm>#I(Dr=wSYuz?@z``bTQ6K9stb=-Ke*vt}bYF?-y8{PF*Y68!8Wt;aTbe zMjpizo;;0D&f!lY$**B@Z>SA*iwEJyMvZgAw!2}!sN9BQ%wXdM7~Yhqj(#1LJJf{t zMbWQsfY(D?qSt@4p2*@}&k$2mVk6oyb1`KnMqZptj^1i9LWR|mOj`uZb{9zkii)w8le9?-Q4Uv)9A_aplusdAH*>4Uh*<5k$BGFA$fQO3()a?UELi;>X- zbO2|Ci7W0R+Moh)bg{%&>+vXh02jpGZ*f};mLg?Li-JIy))w#)A9J(?tnVD7U>;rY zvSQ--?F`@iT280`1ow&xhYD2JCE5gqRxq_q6LQK zM8OJsvy&^`m_NzxNoxZ?{fGeQbfjKm6unQ<2DpMnl-(|_SRSQZcK})HZdU}HGX_>C zx?e5r70Snj%Dk?Um{t%bs;)k4$a~Shj%vJI-J}gItvEVBZzS4AE+(6<#v@$szy}_q zzWgafiR#v+nQ~p2;UjZN6Z$hqs2REpN$je^NvSUQF+fsMHI;d{OsCy;kfgfx-8Ml> ztFy#l>?|YL#k9X!x;n3P1H;id-XTq6Nm)L{pQXr94pmBZpaTbm8)9plwkt*N3TC&9D!m(Z{q=No#O|!Zw&-^hAT=j47Y66qb585O z025@ZBlzmTqx+6(6~upw)?bO5^MPyUh#SH-%Jjg{P+pJvy}`THX4mphXs?}b7Ws114825qY}nt)`G zzld}YP~(4Eh0jy3hygMZ`(7SK!*OqB>}y26Hb>`QZ?EdaznaE%;a|R0QT%J|xETJW z#@|a%)1Dp|4M9}U1qmz^*#`XK(xjvxJm#GIv<8j#{+BSa=JZO49UNs zC)9Wd$B>BzQhbN9p_IV< zxo9kvUkh{#jh&dTK1$9x_2`_lBSWEIUAFZe@gy2#_11Y7wSw&kuDi%hTd^@0vA!gt zeUz^`lpk^bEx3>S6PVa#Bi7Fk@(%4tAc#*+*2GikW zIFz4)h>4u9g>vxwN&^G`)q6natVMXf%<%yvrL?TM~=B+MtqMftcLH%9xoiJq-Sj=-_ss2j8V z6E)?#(eBtyRAzF`M;q#A=}_qArW4!h*!{ZgE|5&GC$q@N8-g>1fj5E3aw#U0_f%k@ z!)Q=dY#<)ppb)VlTF5g;@yD=h=pqi z_G!+w4B+CG7=R1s936p6xr>9OTM6X@_K3e1L=ZZz>mujd-D3}~K!lDWI_6-=hO{e4 zRmuto!r3WcS&2@3ZJ{C25E`y`W91RlU6Sq8%cL(__Hl=%k=n5tHk@P12t0*JN|Tm0 zxBvrcwAo;5=*#Bc-DpD&l}O95uRszZ}_U_cO3%86ZU;TtI^P+@EZ)!Ff7~7 zqul6=O~UP*;ESw;Zk^R0SR9sdC+U#R@cnOC@L!ScNk>Sz>C44t%Ej0Vw-2 ztNJbxvpgY+n8UZmQ#R}M;W2OTuA^F)Aql;J1wNy@psfM{i`&A*e;$6@Li+iq;eDkg zcn6-Jdh|C#Cj0_za628S`rbtDQ|i)GWl!L?uZ#p)%RI7BPF)h^s9X*dInNU7t<1C1 zRb;304BkgN$KhS%A2PXPY0f;m5@hB}XoImGc!5%fK4m%H?YtoL%Ci|lgWzZHj&7X7 zP#3_d`6hd0lF1dZj3ziSB;k(|eFjEZm=8hS!Fcxp0Y2R~1linG9upm%-1ugzf` zzruKUlbi77yoDPkXE^)WnE-tj3eYG!&p!j0faI?;VH-tjU2qECI{R&8UKt#(b?a{m z^6cVS5^99~iH!SJaCOT9+8Pn{H@r1IOuFVES=cud<{|mHB#=**1PB!KOUAN{nc64XX@lqD8fblG_9Cv}rsUn*mkb03~0G zWE8QH==8lLReIxtL$ZUCulbN$D`s$b7(k@y0u& zfx<)M*nWtSh!Lf`8DkPpMU?IXqRm`y_tz3i_Xe`j7Cw@FHw)J4{%1Ob28P)PYu_r? zoMEXrKFlJn-fDMu#9740{2ZyB-TT_i-?_Fzt|@}e_W<6Qe{HGIdX=AHd1si-_uv)_ zB8$H)BeMAOn9FGM-Hf@8TPjZW5|`bK3NLoZ23VNIE2Zm^~c7+%s*_>1U4c*XHz%_SFEeB+zO^eUfXRa&yXGi@0& zs9b`28!Ya&8FlWBQjL;c`=*z%Jt?HX)>KstX7_9oAbwk6J9 z@b8VH_hsUjH<)D=qa&0U<-#@=j+YLw$_^x}i{`}gSG&?A3A^ouwdF@0g>4S8xGgjy z=DAzTC?ACJkJ$yYSX^&c{L%b5!Cv?&i267rLBWgjjYsaX$$h$twa%=xn*TZ zYVcnjbjJ<7IlK{i^TM0QSZ_qnm+0s_#3x#Mf;`^`+dR4U6Tg;8l-ch;>Nu8V_ zsnateNx>mdQjhUV+#8uH|9q=1fUjb@Fw0s2)ydx-I-zkiXQvs4{XodrIW9`4cqm^u zRH+EB7)RIMlf9HL>6}QY{X|q+*e;pe`tZ0R(K&1 zkL$0|ak9JWYon1E94dn!8|zTZvh8YFp2NEvSkJZx1{>_6tsc4VtrFX^ncyU{wg!fo zsBg1^k1-8h29|P7Y$;2kN|_#0O8X{O%6D;8%An9>{mFLz*H*9sx3hstVk&o*wLAI~Tx@@kBPa`MU#malPnNXjSDV{py9!?e9iDw>K=&@y|!_$muz($z~o>8#;Ur zdpq#(4ZP2>0nl~&>=wHhCHC{MGT3H64Llu(Vif`ajQoI=*?}pA4X!L`OZhTVPMyf5 zCUutlB<(;qN3j7|MfM>7u-_gNg-(fm_VUCp7l zPlJcaSDdUkB)o=}RjEwc@ZqFiw&DM>(kLAZ%Dx)9=Yp-4u!#@G3H3hHV?I-b&}7M} zvsCWK3q6aw&LY+<$B-f&wbk?~*3@!_Fm*$wVPibU>u8*eN^^q9m)x71bkiV#OoJkT z^}e)4k7hEA&aVQOyhi;QB>Nl^w6#rE300q8rM&k039WmK$sX-fS=cp6eP9+IlWvvN zlDV=C z-o18pDabLKE9lIqxy}rJMZP1EB+=t%xJlK_qV7dj^A|PIHMgEO!r*|KJKI}`o`;37 zuDzRPY(9@QW0ym{7vZq>GO#YAt~9tx;4r#&ItG-^fYs0@`B-EK#n#AfmQA7;ntqbG9>w^P*Dz|c~rMsp`eKbDnt z(eqw>80?lZ%Uq$xU~_|7+I7QFm$l8I9ObiwJp!Wc)g2hv+r2P^XBBWS`0)zCGTx%= z*}fc-Y0%4U4}9}rD+}0M1-XK6pxXy^>2oscm^?#PtFSX0AEdb7r;ad1{l&e=d{V3_ z5`1M16~|k}WkVs!SJouf?6$Ah1AyDbmz%_8@f5D1Hk-@_QEg4m9-$uO!S$y!0Id#Yr?hS{TizkgC4|G zJpZwvnnbSZg6R2k9DRe1ol9en6O{q%)0$<(JE8kccyGw!k=FtVP9H|#$0nTcJ^##v z)MSLH7DVr?B#NtJ?H?!kCJ3HdXOiST4oB=At`8-5d#dQUlEwXg9^R6KUBPUED{wT@ zVY^wzCHc%iriJ|j+N9b7IG%$N=+sNWqC(K6V2hcx+&S8U@vpp9y$$>>(|Ectax}qr zy$6z_^YWuw*M(N`Iu>yvjDmL=X1#`-2e*-xYVaWndAxKHESqzB>!a5I6;^DPDN44t zv6l`$7#K2*OL@dCTsZ?vx$hVuYZ8x8y$27}`J zx#oxAO~inY3q_d5`to0i;sPiM__v+F`>Os?`+o_{#d!&KZQGcPg@3^0!7H`%588d! ztavCR(K#RfO>tgK07c%%aanGdGSza`)T#0md!fjJc(Z{uSw1jRV6UHp%y>kUHp-Jr z?UStbDN_C};P~Nps{#G|JRh^!{dI94D)vsbLJTyl?g2 zXPBBS6fAB`l33N($W!}cs*$Ij5O``DrpEEqANAA$m}=swpX#Y+Vro23-JqwYV`>6V zeOXT(h^dJ@)u*Qp!c;R)U8tuH#?&O9dXt_y1XFwQ)QNiPS(w_Jr(UY3o{g!=Jawp^ zIuuh=cxsZKnt`c(c>#13o+K;FHNlzVy zsR;2srkCjUQl!9#vWCwTy?F=$eJq}6t$-tc=nz^!R3rZZOJVOHjHpt`P4EZUqmF4B zb4d+$pjbwdk=d2fS|yM*miPIvlCRfWP{3`Ik7||=O8Dy@6pn)5wIb8l)~}>u%ou3L z8Y34`;t$Rr!D2Gwu_pd3eq@^(PbjT=l)JXT-;Ny7N*b(VX&L?F9tv#6PXD`xpf|-^ zEsXAw;Q7^NAn?L(K=*@BQ8)!SYEwl84@e&Odt?1`7_5aPGT@`|DgZgfJ-D?#AEkTG~+f z4QEX3=Wd3w3TMz}8Y_&E8hrPtrj1!FdasL$Ae+@?d+oRaJ;;UEBl5-9$7=jX(B7#cXCg)$|7=^|!KwRDyN{Y2oXryA(6T{??&GKFLt z;2Iu|3v1Bh!eVEYLoq>Qvt(s+ZFCUXPMPy}JDAO1lhr@k_9LkVeZ7 zZ_R=q9cJ2e*opd&X+xe9Tz{BcQnfdj@xoaXab8Fsc!8H7dj83@1MA<=5rPA)6Lf|X zT*$KJT0R&^ro^`$CX8f?;JboH@P!7ESDRgwwu#Tw`;xDel;sq^mvY4RjGaeg#sGWw z@~~4{gjRxvaQ~2qoN2+|59tZ49pAz4DB6M{`6QfzTV8N=3-x@%Us=!3r7jiWlUEMW zliqwxk|Ldbm_50Kzw^6Yr{dteLt#&>TUn+tkSX*k+W+1@f_UvSXTsuQS&9$o7irz- zOPFq!f~fh)SS5}uXt;yIwUJdImfXR(I6LsO2G}!WgjkymeW7aIY zI)0wyn}pW~VZ}uo@c%Qp{zO*qF-z*Z70kZcl^)EbrT1$jP4rM`V%5zQC~mGmS^a9X z0_C3rSR>}d)(?Ew5VmFM+>912ZOH(xKS8_KUm2nk@H41pj+waTY9fjbhi}tK*5AO^ zUysm@qE;)Ziw#nazx;X`L0|lIvDy;2?)M|8z$z`S7;{;Mt4MNd#`23~<@lW9$}!_6 zPZT|e$&yA(EFZYO>?)gOq-nqg6u(Ex1IY0g0Z1*I=}Z)2Ha7-idE%VPapz|^N7&sD zWfd8mXM}G{qP2!L3|AlL8eK6i*EJ?&u`rCH{91Qihr7M^!cQ!l&u0s&XbP$lk{^b1 z;y7(T>}RjPmT3sy&f?u0%l`tE+I)|;VoKtY*n$Q(9s zV=2(%W`c*joWLZmM_u?nK6B`y2qVSZE`BhPnC}%?2`{|PO1R)=vKt-*jd}F-uo`9^ z&wPNjdoj;!xS56X{)i>t&69&SvE=ty@(nzBH&1?^B~RkX@AKs4Ecpta{0b$z=0nod zms!%IED7O(&gQw6up|eXIr5}CS<kabX< zW(c6V15Z7mv!EU$lXP4fh$De(*UyN=1oLiW6w3hY=d!S#$I@p7BEp0w~kgmtSWe+m6 zv}@S|Zb%(Jm_5kW(k$#jHh*Ab5Aw9MZ1#YM`iKwC*5^fJ4+{8$Cib8RNnCAc^Ith{(@&FE$CTOct^`o&tgTm+4zx)J<-y zn;jsMCFSc@H=QBS}CpwtfkFNC5e9c%_G=8IqtZYXQ|H78}1FT|AKTAb@lkBqtV<{Fa z6~}v(f5#k@?Kykx7~~Bl;fhfiq8H;PNI9QMZoi4}8DI;1k~mzlQ7$|rRw;zYUt`2w zPe#OsQrRbgptD={owYYLGaUa$$8AV27Hh@~7(dE1)OF=}IC1t9?7jyCe9`PE++|me zyFQn4+9aU^3mj-+s)UuPOqBo?C0It8Qe6Wo3NyqfYEc`Dt$3o&T(?$mu}lB%9VB|f z+fnb&aHzM5Y+)b0!$!2JzdhcKoDMx$>M~Ha6C)r&LvbwWJQLlj(&!2^MljU^B7QR}O zd}DY1Dcn>L64R)uQSzBXy^NrK*!|ihXz%oJdqF<@F*)2`=KIta+PbKj-Tzd45#82* zLqFY(?-rweH+KnhSBo9xGyW7k%GW0IySbSAYW;rh4?;QWcFZ$*A3g&TW9ZZ5NTsf# zYTU=;#AP1l;4wq;-EYKe*JFD_$=v>0^D~^3M2ovE$=L$`W;hRmeAeN-800p|R~DDQ z&%R#QwyuJl@<7e*ZqHa)?hs#YoPU?>o2W^JU(3ozt^*B;xSx=*L?3RRpP;2x^hPeX z#2h-On}@UUp)Wpv2GYlPbN)U_xgk|zdr-a>F736H~RLl@8#=W(J>iM9{ z{-oRKe~Lyi=%!nXTB_Cc8TD%Adh+|s*j3RkxJDz-T=e}B#9aY*v+(}% zBD8+mtJG1v7c>Dr*R$O@RPx!HWHcl>j#iWB63UKqIJbjFTNrllXxV@T>&cQf?D@0t zIvMSg4v`bCmZqLfZB*mGxDK}!N0XLzG6^?$TNB^fH?ar6e!gc9TKI!k*n?&*Z3jFE zW_1Q+h?0dij=(#!KlUHdNaiHQyh_sO$fDG-r=Rbq8#Pye86aeLwO5LA_1rFcis_bL zKv8uX-IiJe;PacGr+5M{_R2I^l=_(U0sF`9Qm!x`R644EZ&$jc)kA8kU8}WucDuf< z7zG-z7tnzN`Dq2&6h>K=r`7-;>=xUx7c)tiDFD)cuxVasPBh z2|c{VXmNjk1-v@s3~Ti@anN)VwAaMD4K1XGy0@Af3Z+0tPTEIPyTxT4XfFj57D|$I zye=Cqqpf`BTgd$hh&Irl;0+ogi*fAOSQ>QX)QcW;hR@$^$9M?I(6}ee*w4BHW@y|K zG{=^@1F1IOkbaiBg9w6IHYOAM+}~)e?rW(FCG(E-kF!=^DL}!D4C);UeRGVanw)8M z2NT=}#!&3x>MMTNk<=6qc(qwlx zcSswrSa!nv+qvskqJtjU8ob38IItl-#G{oRi^Sqv$22yl=W774EQzkJnl~wnUNe)MelJI6R4vnUiG`@~8Ll zpNhqaz?j}db=Hn(`#@~*@+9HgaF<-$dF#aGPw*kY za$J3bc*m!|Kdo(n=!aTUdht5*_sKa2#br$8IIWFt-M@CAv+=iq)nB33@ehaan?v|L zQn#hzp-Z)16pI;-v^yk)(2JzFKQjX__Mxt1fa1`=kHlqvoPwnZ6aEO10}MiD9JWRD z&cnz9kjzIg(IXtIZaFsT5Dg z!K=&c{?Zvpo%yYj&>{(k?Kv%?=K^#ZQLmQrTcKsM{}T@3z&ML`0LqwQ zN8VnAynVBYSo#-|FXhwKurP%ka$$pAENLN^m@j2zH=JedXa(62c;DZ5z?(zAlF?TepvAOjj+zZq3qp#mHqJP!nM zIpGg8gYay!h-tFoQ8M{LD6|N;`m?jYCEiFk z=ta%{XJ}W<{!YyvzW=_R)`Ph3H+y@f53 zD7O&85S|||*U>^Q>;e@s#65P#6!hRd!=_Fyz}vFNag%EaJUHx_W@pD!IPF^0(t_Y0 zCRW@?y}0wc6qoKEn?%K7T$KnrcOYBR*D4f?l6f}zw=&?3I{ds(#)am zu{U3Z%^U#DEPo6^1gT~$by?Oi&7t0wA^R2s4||hhF$^^{c$qEmdWK82pYR)kfz`W@ zYea3|K~JcKW671V>LuMiX$b{GZKX9!jSuwA<1h)uEIOC0&gC!(ABvs{aRifKVxbpL z$zsXx9L4g$ZaNn@guAlR*}f&`1YEBN&x%7Hbi|=9q$YEG>jqmbhjO-)|6?Gui?{Sg z-cpD1lODT>;`~H{*o&SoSp1AmwgRqXxCyb6=WT31nyTb2+d>g zpPq{g3bN9>-d$8rrkLsUF^j91@_o?pVAm+AOJ62~8!W#Ag+9?wg# zU%40M8N@%=cCQ~OMzquHf43j4FGvM4Z0!&XQqDGgS3-$z1#|xQ1Fv2q;;5FVf}rhl zy(s%OtrL+~Rxtn4llGi%?3E`GpJqM&Ba4n^S-mHN$?FYX%#3DU6u+SvS(Nk%XHf?v zVJn>X@FI|8}cu$<7IFEo@po*nUp zpW;nNbVE8K-QlBg)LtT{zRw-TcMQ)$v3;hC_eHpJf4U3S8r$F^&#GaUHeBa z8QZ(#!iYSY!J_Siw}hp8K~xC7#{6gQhr1@3zdl7Tv5H#Fg_?4t=T{seYC}#p&uQ3@)s!b!{r&JfnaKi9I zR(n*|1)ql!SYfvO-5c@Knsd;S^M%rw(_~e?KDPTa zYnP0* zi$?g9Gffud>(CR>MT+)JZ+YOYcLjV8gRrU&Q*F=~c^e7h`Pz&|G$TiWz@jyD(r-rU zAI0ily;bzyEOa3eNAXkGnwuAaYFxaN`3*o=lY>V&y^CL>zK`ibmcnZ z?M0!!`TK$`)VNQB@4-C1Jwt!_^%gcHyA9FpsqA1rs52M2ieNyO6vXr=T=O0L<;M-( zk7pt0 zG@l25=i})b5M8~+tqDuN3K`!OfbhE_Vd?x*rl_3@EMy__XDEtWhIDT~1X(9q&}PQ0 zrIkZw+AS`NvX8mIqMN}?!N+|UWJDRZq_SEHf6wh|tJBTh>-}`EJok>c8S98TF^Gw}dXUF1?GYm{weW}8r z8{d(E!5Ky#X`QvVl35^DG7H49#;RyD$dT0KtZiJL;PwT2SP?gK;OuN>(59uG_?5MM zr$c=xiv_THj$SE&U9vh5hpKPM-L5%%Nu#UhvMoZ{C8?gq3L`(V-6b%vShQ%#Za`C3 z*uL#_C8MSN=~pBt=Kzb+K%ksg2s+vqFxylz62?G+lHhIzdADNhwF^fW1Xr%CUTR;6 zH^6uo`R<8a?z>$lCmoXNf*H;Wq-X5MIv^o*zLqu^o&(+8zI~75=2Un*{Ptbg@SLXG zYw*w=BO_!7NK?Za?)Ygt1_ToEG86B8SKjB85X5b~UlV5JnnD{p9VsX~TugVo@qQTs{p?vN?yH4)m%LcAy|#@*!$c z7n-pEQ=TDovE-X1*wq`;rNXZkpi}**akwBvE$yaXa6!~s#J-7kj#Fvbd(vIrdp z`8Tq-6zzf1c-ZJ0kl8X5-}xDq4g4AD&am6_Q;uok<^-{3lAut$R=OEe*Hw`IkJ_+{ z#ZF)iui_2A#U0)7)dzFCvp?YmzCE`8hJ&%~cit|m^Rw-+tu46A4m-T0P6UDWN+VL~ z!FtqpJeZ9ux46NY*I@{a7B_F#;n6{UHh9P&2!w1jEI)q;9GTq@W)q@bNe0>Jmyj{x zW~6DNG2N&P&xM_H#o7~f!_OpjLnB-4WPXXN-OI^L=b61sh`hfyPQu|@W>w*v7La|o z#t#MloIofbXDAK%+k+Uscs(wt;1rr9M~ftUg*Ta^=P5edwJ#N)s#SJW99UZ0oM>*U zww+|gu2N+?PEz?o_+miQipOg)LV02&<0-~#`SbEg_{ET+XY3Qn*ukt}`SbE&^aTz9 zEMr$iM{yX2>eX-P(dTG{Syv*!;&9Sf0W+k$5K0 zVqg!Yoi^E@3JL!fTcE~&RY;~B0WD4YIoHsIm#{VK?ua$;=x%=b#CEl6+D(hOlkM2J zis%L5`8k){j>XzDJtg#L&vfO_Y%zT1P?xfe>JHj?B6M>bq0_+L>j%+n1fDE3*o|@H zaM#AOdt3~EAU;*6)Z?7(Pc-kUcAO+4@1U$P4-=qXxDIx_Ko2to_GAj>4Z7EZEY|ti;zlN zp!en@8XQ7OlVo4k=xXa|0e_g`ixH^@KI4#h;L{}el1BsG#E0poY10wHzy%0b9Fq5g$&I7Iz~^~7fC*-~i(xQ8@Y?tT49!;DM1H4WRZF1k zO_}YZpgFyhKxZb-4B_HZ`xXv%Y7WCbKUkd(HcL z-YYNuK3BJwWqYL!Hmq#CN60z0U>GV{E}`vG*h#=lZGjE%M>fm`Q-LAWpGl&z+guM8 zo;~Pe{0!~|x|`aMfzX_>@dzsEjN-CHBt@+O6FWAb5Qt0ehXRBJoGifk=K!CUqtyR6 zBKH;+D($yHuybz=V*-wuvkLJ5dx!A=le@(ObO<|T;2hTKR9R_s2!7G?3bQ;L5P<{K z5Dsu#Cpf@wT-zYmbb$l?eT_hW91d_cf&49eMHXK^F#iS2WwiP3z+49`6{mWM%Vz6v zfOlm<)>9EYz=KhEfFO*#@gVahd-)6<=IR1cM~8;nl{!m-=Q&`<@N;pzq}7MclxHt5gPc$^6+F8M&Jl7>Jzl*sD?HIrFA2-j zdovSoUFR9mUtUSJbxUO5vX(fqP_QWVmdXPd%*mnDh3ydwugrEPFU)qRNe=IJS4-$@ zyMJp31zOwzEMm`AS=m(=h;uimJ2I~q%&Y8px#R*-bWy6ol?fl|20R-r$}qUjaHy#H zc6}rHmt~mr*isg9V3`@*)Axkd*`Ax9e|exKL-lKjvqS?5tFRMZ8v*oEWGwiKUef2Wuj%l0 z2>S{Gnzt{_8^*P8eO$3(6T(Qt_FpC`%L@W;g++&YP(z29CsX;)yYMG`ewN#& zS=AL&dr?T2`?K9!@_{)3lIKcxQCh^ub4JS%E%=}i_1Zl`G}^b0dOU-u`pSHw>WRXCN6!7`^i0pP z@}0EncPaBzd(H{`p7|vw3cEnR>wY)M!gn$}7vBQz`FnvyXbaQx|M2DX|IN!0dj6jj zpwsh(3)uLte;H5Q;RrA&%5X9B>{U9xnMw412|IXeU0f8tnFUCJ=Ie=WF$tE?&G1VX z;Vr)lsl!qi9I6rl)&=6-&4Sw7ykr&cj%HH`l3PzTx6>&$owH)w70m)8`AD~e zkL^U{)>wV<_*~ND-uqQpUmT^sW!RSFez%HYYGfIy{AqLHpP9341$#sf;lQ+R6pN1tYwOb= zWr^#1Gud70s(SAUe_$@s*(_NtpGC)%33yviq5q=L2jGnI*aOjLln=gOXB1tZ*PrhA zOXqcSKza0wT-_h*hA>znDJ8$_1HE|vMFxd<8yQ$EokjBhhXh|(I#&*R7M}4y^ci{V z7wn9@NZ7+m6*6zuff zKiCkfp(q6ds=Ua75|hNL2NLP5R?{yUC{b4D0AqD#F`8;k#`C;2Ypz4}kai?;e>49x z{jggRtsmaT-{?e8bahko8Jo~Oa4csIeorQoxqPnZ{U(_ZHenN6TfyLBP2#eNy>vvn zxie%XxN!_4jldOu=lF(?(y8$`drkwxMA|rx=QxYyaL$Lg>XQ1G3q?Za<8cYeSeac#7 zPZiauUo?_R^FRP+DOj0=i(?@h%{9Ga7Dr?(&)dVb?a}vlY&@O4yIY?$oQHOY*C!v& zQaV&ELQufjz4ehT$J3g+0A_U#a|5n4lafYPbw--;;%;^&7ru+T+N>)#ySa!f-yPQV zTeDdG=Rtmd#fv&}OM2&;U+>jJ&BJ-kUHpwj&-`AeX~S>3!fjwa$D*gCm)`N)dSNl- z-3~`YSdgpFCXA{^oFHF(<7JtKz^#8`E2UqrPE935VrgpG`A&U&C!bvX{Luo*U{AZK51%F&+DzJiLW<@x`1gHhbQsD@jQ`0-_94k%M!2z zru9bK|7D*ikS=hBrE*Nxl&SI*U<1%b{55Tg?JCjpuGv5e1I+AMgXO5EtPKRD*k}=J zP)1Un=zRpARS>d;NpjbpkT&SO((9$YC)vv6JBK2)BMgb1T zRtZG**?fGllvlfhs32Hv>^$Xn7<-)Z-k<8cp_4x~oBurHY36@t=lM5cZr=(PHT|$n z3COq?uHD9^jM?lA<=Z2HvHogogO|ibgJglxE`u`;1iwr z=5$AYPsN?4zHxeep&Mc0N0?bS zRtV*n$MRy$I-nm9JLftJJ2nGB)u4`>*0Me0+c;i2dcK>f6f&`Z6z0*oZIRt?$})7O zESJ#3WM_QTY5hzTPBXTLcSNrrvYvH45KI>$wXHYnoNZ)J^!4VBPF3cfj=Yw}R7u5? zHTY*ROa96*jiJSQ7>0OYTv&~?CZ5T)uNrkp6t)o8y}`|htI75WA&hK`&>W9s>1ehC z!)Ugy;W0?IKO_0LdRbbRqXcbqO-2*Ee=yY*N@17qI`hMIA{Aa@3=7ja#J?xbBJLxN zRvBX9D~MQlik!T39(_>gkw@RQJ@!zwMd+C+kKP^@f~PZyg@u4dk>tYM!RRV~)7>DM zeDoNjvPD8?{zst4-SNN1PIH;ea&|wL?>2T}72kAd8e(}S@eiUD64nODyk6(p6^Q{jgMr- zZ&$v+NUyQDgp2NoHpu%+1Cq~O9~$`nc{huM@OT)o#Q`)lEt-VpHH1moMn;5pNbVD+ za&zSs7uc@4$~nco{zY1o1MqgU7um#ATydeZi2PbYg$U(TK3H6rcxmorbVinwyz@Q(t>BsRHyr6&dfEV=7ZQ=IP+0p4` z3!fx|1>M=daV^ueLibvx5p$!pOw)O5y2`7AgdX)xncKqpo&{#V?W94!fd7dFL}3tY z=@xMvE$ca!a|r`tO@`>nq~OCZtmn*$nAADMqt?I~rH1C#aZ*Ba?!%~p`R%P%O?8}9 zcDN4dM#j1U_|5kGT38UjcICWljIKe*a^GY_j%aKf zzHQ~)W>Z*+%?k=XAJst=74~7o(CF^nH7B}zPuBD9T^QRx#GmT6Z@1QSdeR}k`bK0< zV6Qm@v=Tf=({XL1npO-lV9a`DacII6H#e?(iraW=G{yZ;*B$+fp7Y~+q_?;0qV=0N zd8dpKLK8g#y&8Y`%n=51!T|XP-mohT#D|$BB?%AlpJJBlDa-Ygh3jJ`khU>p-kTYa z)<;t60`ZIDNdOs&NW8WsTZ)+uQByhIQ2}H`VFRbgi{5U`Yonv;ndKNM>Uz@smnaB>|?Vza_iTD ze^oPSucFI3y)Sm1Zo4^po&L6&ty7)*)ERo@K3g}3xlakBPQ09BtCT)-76%v`(ce($;|dcXhkrcV34=$XoV3%c9$@7omSA6GL;o?Yp0;rxSviMZ3* zO$F@tX}wVYXlsP2f94#v_5Zk>ZT+G*M7g8(d(p$ZTBG;;hFQ^je#-})?ai3QR1bT8 z-3L+n;th!C5V|W?!nh;0wiz+CE&CvB5^fF47X>}kHSL2a`67S&W&;OSGb`0Ek|BC0 zN#}oyU-{;Z(ewD_`?>!;e&t`@&;7Ufm1oa74Sr?u&@g^wAMc6(6a30AZiwFF4DaXu zr}&khZ_Mo;zw)CY48QU&&;K!gW$q2p#4>GT?tg_}IV{rN2!7>yAG=Shb^pJ`ubekC zdX%5tko!Nwue@nP?*D(|SJtl2?HRxFWqjz1zc2oOhhKR;7Sj!WWw-d#T9S@GJq%xq z;7|XQq~lK~vj@6=-6!-Qt#w^)Cn)Ft0Pp+JBpp|J-MZXv@V@U$((%5Z!sq`b-uFm) zdqp!zfzz>l{^iXPobLXt;bYh3c8}BD?f86W=Dvmr)Zk7*k?YJ<lLF@QS1lM_Xl@PUod=?G17cOh0 zQ_gb@XhiOAi(7DJ@Edq(&MI4eD^C)ucEpodJ?uzk^u@Ju>t2jsp@jw@f20QZ?b^ro z!c(FLLp+H!rqN@vL=WQjkGYB*j9XlLp*ht_219S>PT4nR^kkoDgx%d1zn(&JiX|Xg zw@bdXH}f+Mfs0olw9(9FS)GQUMlS?0ZgSN5ZwZgjUCQEfkByIx&n@wtQd z$Haq$?#LwN&&igRpXHoS9m;R^oDOjr-qK*)Gy$uls&<=Vt9o1Lw)_pz<%>0O3L2im ziSm(Np1uZyQtv*HD89T)bmMd=<1@PS=*~{npaa63)AZ*Cy5@51wF~Xeb7Y@sv?Hfc zrf~Lw4!Tp)$5Qm(Ouw=}bo~UHxHBoHi9f%? zo7iaV(nN<6bQFH<93l&iXe*BBC~biS4@YPjN|u#5W{PEG7e>Q0WTRwp2Q17MbUv&| zqSfh2hJ`t5L{hqv3HOqTK@K-%teQM{?(Sy`4Izd6|*PCNTW!Kw$ zRNfJ~j7rdU0*Ab#YoQHP=uV=9+w=ktQ-KwFfj8*|E(jNBCrao)x;R1$#bII)P5?bf z$G)@+r(ntj9_J=_oUARcy&jm07s>rN4Tp{*9!^@l*W2np!_YQ!T{otE~_+L)5VBXbp$Aqyca&msH* zGPCPam~AC&9+$=9bRDsyv3*e4(5NvNy(1hjN2VT zP~xbQp9Y3jp)vpLnTq~^w~ob^ z2%`6EhN{Fi$K7J}4*Zh)Xd^*vZK8FuLl)&7kcUSOb2`Ei!#230B89dOK(h%qu->QXAe_=7cXZ%(aJm9RccwXz)RF@>H z<*Am|@fk2crL@g`=}yFcHsx)Awvr|DM%hNv(S6~6neMgWdhN{6QhFyg*>#6~z3zEqaqq~mD)dx$!r2&c!r8Sn*S<00gtKdL zyj`nBC!8mvoN(mXwRWM=k<$dC4RgY=i;h}JSe}hWVil7z1T;h*DXCX6HO8$%IQASG z^-}CPJm6IPJ(mJZc`;0Oa3*@XEcd|Izv8`t_yoehTf`@7E#^ki`xm0#@#GgXLQ<>s zi`vHt6Gl^bbRHc?Km0ko?N357p46@g37X90omd)x%6jr4! z@RvI)ozCxn_W_Aq!E_xx z!UcDypRu&o3eIsld%v``l2rk#&sIjZ_+OGT+8S+&Z~LfKBOo0dJqHHaVpBC(pH?;P z;WfEYY8Sh9fKhEHMNBmQn3!7G*cZ>tMHvXG%Ar*Y4ADTTo%A&lM_^byS5jxrA||hn zx8j-Pm_?axMI!^18yPUb#p!tt@9stYWu?iUJH9|%@hEMGjj$m$+8NsspQv{rG}sec zE#^IU0ugr*JVgG(lo# zWWr7zUldFxit<+g{e2^UQJX>{3ntZa)q-Rj<9!hSO87>*1AbIQl>TR76F zH%;IjSK6`fxej%Ffupc#@i{;|)~V!gL51%MXnV;S3^EcRUZ`)RWx(#O08GfyaEGFK^n#vgb5G#1_I68 z>ORn6P5PQ8#cq`&$2A?K?WF6cTisGBqF!xyh2^`uXP^&N{+}zM7t-QI69?Vo? zxaAR))A1de)@i-f6j`%OwE<%ki|B+0nD=k-AhQt<@~6MY;6cjj9jP=DcK6}}gR{R> zxh=ahvLY#l&@;YCV0&_@q)w*Q)hFyNQ$^3zm9yx0`Zb{@j(i2hGnO;4;w4&D@b-P^ zdhT7%Fp4%4uB31Ai*r`lm2Vt5M>yW3EINL|n<(;suc+p0*amCZp|9a~htjO2?R>dw zC3c~KV^0>^3%`BnHFy#63YN^0a$x_kx zT|>f8122AdL<=@D*S>TeRO^}UTS)hv>T>2=b7&(wiChkign~dm>ggbiKKo(0*rvf++R=A%4OZ0* zWzQ(%W7QVu4~=tc8uiKbTxfZB>(f2UdaN^oc$f8UhJ!~B>zm<~6HYn&K7$w%4uAe^D65Ul&n4tVAmeQo;u8J30w z=J(f*Cbx>CjkbmTfl~xje~6-xq9x{(SwQLag6P>q^pS`rw0#_^1jR_{;T!# znKEmw5JazI-1wO@=~d{8*32NV6X|5^u^ILAN~-LemWZBx+3=;AT>O}(+SY=N(b6{k znScgo!CvM{ROiof{{+mtRhbXnytSDw8I48;+O)A3?EuYz-3z(1QGg_B4LCmmt|5}X zYHJDE+>J)1WR`B~3nL&9LTjw$pe=uQ#qku7M(W+oCyIThRrrdw)lvAp=*D1C7)B%= z#<${lFV`MKJa8W{xpv6POpwaHg;R%fu^hL!CBHSS4+QqIW)E{>8WRgL?zHOwTHfOQS|Tdso4RrGkb~R zS2j4&Ir1dGKx^0_FkTdie-ecU(v3X;V%50#A>n~kySg-+AkB09&LX>dH9?15E)^b= z#F7q4sJCNq?mEv25H{Cx~NTKOpO z&3#9-4Y>?UtltBMg;$3U`DmIg6WZoil2RYoy6&W=)Bz8^6ebdu;mkH2eC`l}A0p6H z`m?zp!6CNfx0KXJON)ONk4k6fZ&w0FHD-zfR4^YN7q->X2;M%D^9& zqj#=rGVl;s<9_GPS6;mNx$xY~;C+RH(Om7A0MQ@o)8ZJ1FTgB8F%v zvhMMim}QIKXy9knX=o2XfxyP&uH>66fFLvA_^2ld&cT+tW=x)( z0LjVuHlfa@G;;kWyyUoj`Ad z-A7AUv^CN)`}cTNo$M7Z3ZMlF$=Lq8z+x_gqT`iZ$g6=uPe}^VK zkR;gBGDl8>99LS<1z6aD7HKwU3Bn0`;`xPKKwz%zR0N@>F+gFw`Sy@4pio*SxtB@? z+UG^@I@GzdJ0XgtBYHkz+;$a8XZWuy7K4=QYJhnE-It1U^u63V$HNfl)ZJmsKv(zpap~% z3rH`Cn_4w1h%bHU-UYkrO(W%CDcRsqPod96(A~z!Ec^$!hs>cvRu|?$=Vw?p;BYu{ z>KsCgs>a|UMtZ8Hz5O_y1#UveB$VTJJEu!=SI>|X_yd+uF4@F&52we{m` z`jWL-;MH|_v*yeN+HjhnF`wafgL>&SIcFiz=t2nwr;NPn=8~sU=pB7(qi56$%(_kV zp3}i)Sbg@q#TZ!fFP-guDt`$?Azl*x-%S~I^`Wd;2w_(qY1r6bw~u?^ zG1$_4m-zFwuKvi*VV&IG`s>DV*2kD}+?RGT^QhtIimo$*7#b*FizJDjpwQV58yay{ zOe2my+5lp+yQ{0rcE{nQf^1UL*QwXQv<^7xJT7F zd?OO3`ldUpAy zA4CgLU@mZmj$d#-g8x{vB=~-TC6m4vNTl)wv5uVq{OF9!zi>e>{%}#IAt01ayi<%1BbEg(NRhm{IBKh`GK4$mzTl-f`Vw~~;00MSL*>l94e$K_)9nI;Ww$>|R>#9=20P); zw`*xK*D!0~YF!LGPAG6jO+w%1FrU>Bfl5^Oe8M zi^jUu_dtg_&x|;q1Lh#8T$!+e?w=};Ga9eZW8&Giz~8s<_bCwHrgUwNV%zGs{R>UW zRrLdCVqNeI_kO|Zvvh!Hbha-U&F&3W#rBEf*gr>^_8XFftn7A3W^E!@Bs`1=_e_hYgK+*|4g zbm%y!*nYv#CyMPj9snu~6;RQStRkS@Y*ap2-o7yK%qa@ITt>qdB`*~4lV=$1v65W` zDs5zuQAKx(>H`JRSZyip#rUr*$}NlvOEd7FJp2dgG11~LrP%^%D$VMn0htx`11c-c zu_%*s(Mkb6$Ih`S3kxyF=puu~H(tOD7J8eC@s|=sTYQs>w6uo55J{I}1TZ3LOGByo zBKU`Bx->%5r5WP75~S!-r07yc(WOMurT;Pcb|GEM2CHuLJ?jxhz2^e;j?}4lfFx8A z^}5@vK)z`a^7W6G*sJ5qWMx57gnYYM{ypm_Npb!FZCrEltQX_n@x_>Ew}4s|cdjwG zb8-AB1RCzvw_~*$wntwYyImFZ>bzYI@72wA_1>6hoAU8$PyUd>q;B@But|9zH5yN! z@A#H2;mzyqB#y|nCW){-Sr}W}UX>B0?`}BPy4u`r@uK%p?nlmnw4Awiu9b)4ht63Q zg`c&eC;Tj%x_mutRl&f&{&|Z0l_pd3rv>!Flw#l`)oHyq4hykUAb=v;sFzXYg5{nF&5i5WN^_POaKYzP45Cxzlac2lU0={EJqr z&_h{W*<{ec2%xgzqhYhUWeN&lI7*^-nHkGzWI#AZr%iA7m@Zcl=ex(A(~SC`Ov#s$ z4^u6xraCOxm*yWs;qF(#N8s2yt(u<-B%<%@-h$ubsW#6gNhItd20=$6cM9VuUTuWp z)qWN82@54gH7i+MU1wEq{lVfsDTu4!Q7hH)}<+VnfAXH#~V@6zs-eT2-X1ciP z<3}^;($UCP^Zb+}DTGmN)( zo-gB~j97NWb!Wu#UL2kqe)<-5p1zbjVFtvN9t3>(6J>YoC0H6XS`7?Zg4a5Jnrgf< zu%V@}#}`jZc&cv&#sx)w64R->%ye={4f+uH2@cTey)$%|HAuGj9?AL)wiI{!pTw#> z{eJB{3hMdD7%l_wDvLiA+ep=*MfKYOA!^73=y<8|gb(fh2RV_g_Uw>d6q7(0(& zA&%eCGB$pQQlyVx9F1R`=y@vI2}*{0!z>tfx&P*xo+fw#Unss%43el!z~#35OIi-F3WGKtGxB0!;~GweRw zNmx*3aoLmD)b&%QTCSQpRi0umEH#N9DGmp5scDM+S{o2W9OZCKEt@uVd;#U~F2g}t ziA%*C%p}T3&|Q;NnVl|rrYA6JBNnQZkbP=_tm>nGLkgl8_%TeG_t!Xm25>abj@P+@ z2Lmw%`@rwkl58N%jD#p+GW|RV3E=t5fu>%X#As@3T!f~2(S-JLmg+ogTo)cT!aeqe zeT>(eoZhShUYxjms}MaG1RYG+V}HYR zwbZo1GHt3v*khB;9C~b3cydzV%yvxlEX8x0+n*Htiml1O=vPnBMG#{#o*kS4xRTMP z8oC+0k*;xQ>L3X(&%;xR&z)z44>N(4z#)PoAU|i*(Eh%mso@`#{q(!ZXJ6^N$@iB= zPr&_`(QY!~N7xtt`geUdA$`CWy52hG$T`aPljj*eKq7&o42r<45KKxhJ37OB;`%mp zKgNDC+qDKq;Zf&Ugj2bk!>Po+@h^i5uyoiJa{fyS}%H-!?}7b6a@UHO-!&IFFo3o=Boey-5(s)m7B-3{i?&{)i$ zR@%>vt|A2cNsj;wy^e@3uTYFvo&Shl4^SjCt=Ach_s>YAeL8e7g21P^k=%u37%@6r z-X$z?-rigaOH3VZz62*GzO^6C&)?x!An9-V{Gj&`xex^_TQ!Y+TiA-tFw%Lbt;_W= zZ^-ahj^Umc`UdznD&APUNoWk}i_{fp1nk~_iew=QYcADW#Aj-YeaRL{SzZB6S13;` zP8PScBrN|ZsI23@lM#Al#?N66{F|Y>&1Wx*5B()^;ExzG-X$YBx%$#Rfv>?=V@)@^ zj^e>Da(Qs)=SR{I`sgF&wgb%BbL(HDsob&!^%^i5$4LoVN02~T5buVgcBuJNPFv-| zaFyq?D%&omDv#`ERhGq6iRE9z?07E8=TJV)fxo|vw4H=AIR;USs9nK)ZVLqYLU+TL zeR=RD3%*Q^yjf0f;+ZdKWZBCi52w*XD(lBn^zc(G3m8FKAdeZSTpY<#&$2uac|VOF zUXBl6J%zC=OVT03?JPs68NMsLn9$lITF|M**dKN0Z+$cKwO&JhIiHe-V2`XWo)vqr zT6|IT!RodpJ>xOn7ROAZ2`GkLQ$mvX#8%m79UQm*&mgF5`8kdN>f0or zIf`2H%7xv1U7P$VTSPEBkCG z^0xyqo%m-4ytTVnteM)Y$$dby!`6_q+j0BuXPTU63 zd=>*dHgdx`x({UHGj)qgeiDKz;3;rgTy|s!hsUk^z zD)#pKLigCLJ-DQX0ey|Uh#0^Q`1GMy!%LqRKdC~!^ESGcXq_Bql$cJ*#-&iTNPUb#@`NAY7>bNYOn!S;tQ z@cQ|dSJBM!uzy)&1a0E|Xndgo;yQ9jopbK8jT~L*cJlk#Bl$M6xK9ofbdMtmy>c63 zXSyDAFE$CTTP0<$s`Bwna7uccVS9Trb_g$UkKMlu+l;1ZEf-Lm8*#N>$e7{37-y<^ z1zWqI`V5nsjTwAjwdpdYYWyEfxrY4h6{E)Bya>CrwDJeITNG0|Y(;pRFRoFjU9g&HE8y|)GGOQ3k z1zt`ukDy(kcHbZaAIlp`mSGxW)eqVYyd@WoGtiZQf>UG2j( z;w-vW{2P?NogCi23MBIq5kDmOGi!K0mXaFNZs)yF(@pRuDwk$~uoZQmZ?<{1JBI^L zfY1AX4;9O*3)pQ7l=1P0(Pg+k2<5;>IOZ1lzw!4OZayy~gif>Am9(FZWMCh5QHTz- z=9a?d+|ZM)=STOXxcCIhBtQaXJ8~JnU$}_SSc-P!GWFJN@Y{;kqOQ5>a;~UIWDY^V zRLnbEHl3M(@Vl~$@cZRXUHJX!{IE2!G?!Mw%v^4N`x5NYRCc1S>W}5dox$ifbSC#({EP%F8zGFN0!{}QS(Xz$^!_3m`p{r_vMA=so9qcQoLS$<=jFQv zG%sr!`Mi7zzu}DOx;;EAN&oq*SU%Bbr7R~rE5RI^mCsmX0s~&uXC;YAPE5A#MvMEu z#CJ(KFIwI>=K3GtyVSe>J-*AhL8rlYx%sOM9pB}`EBsgCLmQBEv3(2*pL9cV_^n=ipmB4 zWH3c@s3+s}U|`moBbqvS9tE)qop1NsxM0ZAoarb40m=4~p>Oi&;`H(a_jaQ)d0tbn zV!u$`r|V(9J0tbHh>?1<)7dHbBN8P4FY3Bw=XyvZn32XOP*C4dT*_gtEfuCXLLf2bHhALvq{{cAo2Lmz< zxOq5Q(EKHICgSTVx6hKa1{uB93mZgtHL1)_#fi%ZoLf2O$obiMzZ`dKTmHUPcw3zP zD%%N1WAF`i5!rvEC9XWdmz<6E-*Ta57fTRW7h57o81Z*;x+I*i3n%S4nrma|d=`6U zf^GsnK@yk!9gV4r(FFW2WCFfV^jHwagTmgT@#3(W57G89X8mG&o_>Y5M^gOJ_UJO4 zxDuH?`YDH4@;kH#?a}WmJ)+6Nz3H+LLZE}3-+O4!kZ^nY>Fs%2kL>KX%wl$F)Ama0 zGP3IN)-LG+#e)ko$Txmzyb2bL%Dw!up zXfbbV6Ft9>YOHh?s#RfM_neCYZQ9%YGnp_5=StZ(_Lcr5G#@AZ-$#MC@nkUH22ux+ z(Hg`mQMSQ6kYmN6z&S6oQNOvzpB<-X#sp75u*uMzP;JK{`zLf)T>4M?nRqee1ZW1!T^dD%DU3hP^u zJp?(_=DZ>3FqU9f1;XE7PQUdl@)}ZP-Q9xnw*#2SEvULaf0fc5RxuF&6$L|3sz7`q=LIqRC0>PZa{)Ux;d7v-#`n?8I7v(U{q|f+W0p38 z-ET={V@D(btG~sr4#Z2gCondzxVkQ*uA&`SMUeY4xte6(t!<%m(H>p5#r-=LAb81S zMPOv`IyMy^#4TwZ)s(`tc@mOrE$YoJ@|e`s4%Ci_ey zfpyz+fRW$A&1+=5AWghImo5jd#?XI?-`#elD<|xOQOldT>>7;?Tpy+o4kh$_-Oy$I zF&z;BzU}E71sadXfXaI5Y^0Cn5|M;0;0G42MX>oNhE4l?X}K4WYGprDV|@gN_rPNh zp@H1Aw%GmJ;$J?5FH?f{4~d@7Q}H^FlJQ=4;m_m6nlTsI#G0RBuUhn4G}xQPeKG~k zi$=N{K<=R0j)>lj>&NS(QLeqddDg`dVlyi@FdPsqknXsnOTgssqZq z9(6aDrbOL~48wRO6V6UaJ*EV(S?-Ch_e=m?NYbqD%sbQxdQxj438R#D>f|Eg};=k!i z=8DK~LQ#GuiM^f@d7Vv1R7wk`xNAFr`IVi`SPOi`MMgnO4hOdMjTv%mbMOlkZ%$h< z%yEwehvywbx>pY$JoriW08`IH-A^*Vjvjp;E$;#F5!krs zh!!+s#5cwcf|rnlM%2S-kt0{=1{?umMz`qGla!Nb2yTi5h-L5Cj4|)rV~ly{^K5vh z#MtSbsc|vyERKtL=OujSs<=+?knwZm9mN#$&fWOV4P+^saus}!x=!T&1DI=EHjPHy zaAI~}zMo+Tyt@A{&p?x%=>XqxIbM>J8Kbhh4H0bnS*|!wE^vk zBU;Sbc`->}?H7`vVEowOxY|w4!AVKjO3!O%6ShwfJqt~&eb-_8^acfQ?3B%WEH0|O zC4TmV>=Mq=JC;rz!x+>5Rma9H(mQ5dsCR5pHtX2%NXJCa*Jiy_=l7yc%^jw9ihid& zJ-nxx^U##V+p}oq2EluQkgLjy3U5Z8(3C zHU%HXgs7Z^2^gJ&zNhk8yuJz6p zi!{ygCfT9WQxD7Vm zhCfzzYQwUldK=zmZOGT#@OjiS?y(uCp-|6!64R?wB6ggtN)f6IqO*@)y0NFyPs1>V z^U_=6I+gx5#wttF*{reC9R4RP_oH%F^e9uOqNiig4pa2a&_Fi4-wY-4O@6)h>;k^LpG%m zI&$&Z(Gt?YvuRv@KMU6L)AxdebOo)A`{(I&`DP}g%jR3p@Gbc8VJg+FmwH~;Qg4eb^)|>F z8rD_jF2a%`a`xqn6n@PhPPQ9*9!!KB(I|e@L+?1CCN3=EY1V|Tx-C|AYdOS>@_cCz zo<*g;HiQwFd=HG}A4jMQwP*L-g;x&6bm5h=yYIr{Lor=&vRONybwR|*+jloqXgx#~ zPSz_tw~Kk1J*u+H&nDBYE_j7e74>En)eU7_A37H(zngLWD4FTI7LBhawDGzLtxGqy zAQ@eJk4{E&hB7khuXZA%ms@l)`urF*{;{)q9<2o}F{8EMtnNo^a!br;jb~GHlKPVJ z-P#O8Z~!&$@w@fr`Ojv}b3NRtc_!XGJhjBH8_YOw=o0vGa7fSX-1&PHtjcfa28=T+Gp3=qkrO*6}9Z(Pwb@ zkyj_teX3r-SLk2&=21;)@z%PG5tE5%qtn18i^vS@`>5kNs#0cau?yH$8QS>o{V{bz zvrE4nn2FW^l5b|btPZ>DF7&&)+Zf6%c7L#$_B_#pD4NmwP|a_5H<;~ipj?m1NQmEp zGe|G66B63^6|2_GBof_)B2g(yA_x>-?1y9{^NsIjvs1nf?{yaKGmwU6aKi`JydcKQ zp-N0t$!aRivpFmQd7_>hT=(nGaD+p5(yvr5Uynk*mbMBtn-nx)+hDc?%Bx@ra6^ki zJ7REmvbD(KWP~q;1`-*)G?>V!G9Ae1s@sofb5>Cs*lA-IkW{e>HS4nVYe-`-9usjq z-o>YW_B3ipj3io^_>joT!A?VR5pSaC!HcJmO`j>K?5aC96xVLGy;WP zU7s<8)czQEN|e+a&5|1b?5lV`vuz6AU?lR}i{-E8GCPJhFN|zp} zlGf55ox(xKNkuLBmluTfG4VFan0C*UFbV});Dw`abn&;JVUG5<|B_tpZ_ki@%Op}% zKaA=cIrm{ww7Tnz8^@rf(IWDPs3OG>sd!f6SFr|W{XEfwh@@(vya{>1a z#7o7QO&bjqCjKkS27Dv%%c7$|4n8D4i@PBKQ6QBT5$o|x8aD!a3wVzwTw4w+9Hg~whqZ=i%ECr ze3perZH9J)B#!3-t+C}avrgq4r~6$iBB9=rm2E|0#>#o{12nEbweYAWJq^sAhhBHu z9qMoyb6*ZRUngHAx$DqO&-I928>vR27Zb2SFNL$@ zoWLHoupW-1LHn9_Ystd!Xj^@yMiBR#Xsi#+AwgeRgE!1-N0h}}w|GPrciT|WJ5h+x z?ETP=zaSOP@e}E4$0gsh6Nzk|#pH%%6X3^Caoxk|MA#Q(LyZ>gbBod-u3I?>(%^@z z5+OSZ_lwKuY7f64CJ24W)W78EUy8|Wa~&-eUlmpW$@5d~K8s*iOj(u&p~aylXUWP+ zT1Lt`Dm~{AtfUT|ass(@VYiZTzr#_7pPjer^!M2pgz2xQ@`z^HU<$kOp*KwN z_sG~7mT9GbGWGqqg{+sTyd~lCJgmI;)57J=f%3Wl>)3sE=tpvvtvVmOfn9bZDy^mN zH*jLKP9&M&q!o#J}aCIJ0aoHP47XKu&=$0OIl>fe6`oJ!X z$Y`vxGeYL^F(7e$n@ViHk&FwhXoFhcpE)L!-;85&BCdR?RjhFi?SOwD8j3J6txZ;? zz2Z=dxlZ(igos;7W)~q`gyNR);?9NQEEOH+Exa#$qWjX&oj)PPO7z8#?3-zrq?%en zi=Yuk(VMA7-I7F|0i)jRU~U{2@fzR03AU?)=>0_=fKd4_YQk)tYz(uw~I7VICtKEFe}5FSsYYFbek)-imK-gm+TH9%HYNd+pW^XxNycu4{l);>BgHC!7-0H#rW2|5(L!wR7s~@N+xVb{4Pg9;hw&I_9mJEJ*J5II&7$?lnz3P@-$0WwCf(^2 zYid#4xC@03a=EWqDi}oXp%dD_nb_tu7IILzffl++T($|VagYI9Hkp`xucI%rhq0f% zPjGbCZX0R{V$|ja)6j@wrs_m@BYYpGy8W=nr5XFuXriszSx{GSIz2iOCoYpu@QCh~ zEpe>EW>^KGp={Qf-s<4YBWS*C(fm^3R&n{jsD1^aDD7jUw51K9&*-(|fp_V(fJOU| zUOR9cPLEhBUtI1s!I@!$-JGwm&!T#;345?~U8t5l+R$b6US~}UJYStP zzRDvgg46}#qz#`QoAUjuf7+HI9ovrvwsiqhXeb2<^QHat6r3GQ4;<09pqw7W$k^*s z`@oB{8>QQK-8N^=9J|tFuM1ou)g8~Y3ia;e7hBd}OyGNRy}MnsP+JW&~oQe6nrDN@(cnsEZ7|vQ`_5nGS=~+}ejQ2<#F7*5^dtka%O|T*|8pm_p zgbr8_Tz5pv*FaWOGEjFqK9B4)@^t?wN%_%TcZ<9I&V^U4w=xLsS}*Z}hZ&N?`cg=p zxplq7K5Xn`0{cj0A4BK^t!megXDN2}aXx+Ybe@OviV%HXX~cQ4s&F*H@O!Lw5;Btg`c$Am`j0yBZ^p;@1>S-N_vJo z=o$i7UxSp<;%ACTzhiz*^WB zn-*L^{rN3EJQzK+;`P_46=(2P?3&TF6=QiTUW#X}!0G~M<`P`_Z;O{$@y{o-;>-2o zjgjKNJ;91E=EdVK5!jA;(7gD6GlU0UrP8n9rT6cq^a@`352mOgyc0{uNQyvLMktwV zdELh~=LJ@^l43Ktn@@p&Zv#%?-7Smu9TxGK`VwFNGFef`_4-kY(WLk&qL9K742x1F z_36}p=m4-4kJj%E;=pq8&pwljkUxT!mR-Uv`p%(~R)bxsXVK-E2=LN_ARH1R*A>i7 z750}nyT1Y;@iy=daVDm}nRJzwv(cY_kpq_v2FpKZOEpBbt z!dW0qwa>p6^BOU)MXYI~yn`Znt-hsOESPzujF~Th^5nQCOYMFWyk<>ovQ#vSHghAq zaEcm33>5Kd32#T(Bm1rrtkp(Y+3gT^0{tV>sK!}Dk@$q)f{PkNgBJ#(4%~-Brap?+ z=2o9+somXp#4a?+g|!PXJi)0X*tY868S~{k4*@#re(8hZmLydnyC-)YRCN~vsq2DG z_gNBxGlP6N_b4jY1Ls4X6Mf0INWLLv5bcsA<$1zuQE38OD{7GxEir~V2BSv!RyQ$!lfWB<(BjPIxvgroO!?xEse_^ld>jf4x~but7!p|(mMX`2 zu^>2U6DOxqCEv_ibRH{1o}@Hb)s?)&SD{2I4Jou33bc7!5r59h3ap4OP;c!M=5T8R zS`sx?3O7}P(`EeRn0AKdAgWW^t@s)n;=qh@ob~wjNBLl86y+L%TQDl(zwHWkLrLP@ zn2fdUe>kcSOXjdXtT=ri`t2JU?!)LLcC$T$q^KU>;@M^BSHR3)8Ah*ApFnu&clJ?c zq|6Y9Rx>^@Aze}*W5#*UvkuhS-Lt-0|)NM7ZE6d=Q&mznL*_W0Iho+mO z{JD%eOEcII`Bo&D#C26=JRS^uRNrLOzgglWbux_8Q#4LKLK(5DRRv^WNdBoXO8NUN z>rJ|@WzbZ1aXk{7JG*L(5GE6Moe3CqVV(HrdY@?;g&s@{E@LoPWhA5Wmj1tP;=(Dc ziHJzUT=qfadvXBoN~L+hH9ZVc{QqGKj$V}uH4~FU*JfBR85XV1s!YznxO$_aqQi7L zT?|#J4d}ME4p03{OZ*VBqPqNY5Bz3RbI;Zd}(ff`b1P|jMgim`LPjz?NdxarjtT3?>FN2l@S5eOJn6R;s zD*Y74m`3EGP9yUDm87D(P)pliM$2n$czI>T)AD-d`9bU`SsQrgZfG?cR4aR7Ar-KN z1VZ&b9KDb}dI!2FBbuxT8th9;=52j=@)0fceh>1t6txa5aIS%+Xz>-DBzgPK0$+-o7Gr`v)iz^J((Q2GyEo^k2VFS6>y8`jZU?&p2h_MEAcXoe9cXKqF*-#Q+4Z`VG zL)>X-agKWny)Q0Lp`oXK6jl{syW9pMc_O^ujQ<(3wRsdciQw-D=VPOyI7=C z51NCw7$`Vp5XtX#;LX_M1(Cbwo4XKqnR~3T67QZ%VG~+U=qszS+z9+PX)YW}8$o~j z1Iafbh*(?bOomU*ZWEqQ z77VJb&)rHkcQT(lnzdgYj1wPc3R04Y;#lDd{R&y5inFp7V5!}66e{x>Ugm32Wh%?7 z+0nCdo78#RMZ&*OAJ$=AhV=|i@Yfp{F-@O%L{m#Me3Af*W^`%xV&{L|!ecThGuUH^NfhY8gjdaJBKxPZwxP_tAu}V)Fz9dvsk0uU=7w`Y};Un**=e!?(-XRXiZb$q*t)UP40=wq!1}qnePOzj9uW@voQT)pZh;vYg;)xO{t0GC`8Br+_P! z?HF-ItQt->?(q{;j{dOgl3XH2?#27$g$=eKdUK+IHDB)be#A#i#~ocP0{5l78%N%-xRKB2 z9KNm;Hu71L>SmEC5qB@cWw$dI`2qaCSgbJv0avsSU3k>9-F2p<;y^ghjY)R)hf?q0 zrB1vR_6-d3P@y8Fm@&jV9yRxQIE@)c61m=~;O{%Jgf6aV^h1gwFEU6{u; zUoR!%IrhVfg6kM=j_5r>Vb*`QYkrGZV-p}d>Xp_I{&agt6l*LP*$C5~fHYrOQ^oOK zypMnr3`Wsdpc|SoH2PQrI1fapR>ZGUU_;>(DEc_vcs@ z%{E!_r!}Q#pdxPCLxlX)1i}de0!!Hd4`k7bX29it9cl>FXszt*zbk?IgWAUW1l0I# zLugJyxk2Tn2U*KAc^L-h^@vrY1=&|Dcxs(y z*ezwH-t`6g(B{<3N>GN))Vtd?jE=Q1s&7~1GI!Cv7v>s*caq<85OSlacQcfafDur~ zC1zRq!>)9QHHGlfL;6cEUr6{MCTLXAs7n%M<(M7A2f5k^uhTmOokc3foHxpOaWFMp zH1uK*UR^^oUcmT2dSTO{Fv`vB^Bls@5t8uy3XEly-8Wg-I0_f`0}0Hj`-wV>Z(2je z@mBG%dh-s;2PmtE-Zu#6-hrTdcJbw%;<9H9jG*$j$NH0sHJ`(5yXIsV5Q5K$5PWcu zva~kY#Lcxf5UXsr*M9Ob>I?&C$c1%Fr|M9A(6Wno&E;_Dn$|=>e153yi}`<*W;Hhc#A+38#X( zunYd&c?g=qe2$=qz;8tq9S;W4lojfY_y^(jsO_|;=p$m^;;^A4=Qhlg=X~? z@3Ek>^B(u{CC;7h<2O3DkD2K*H=qN3U1%&eqd;%MMO_YgXN8+E3Y%~zYl1$Wj5cmC z9nsjxhNIv%;NDs$AXpq~J$(}zD%xAcWf&lhVKXu^xr`(>$p{hz`J=<60(nfo;)Fl{n=}V~T-R(-sz0ehZ!;!qgBxBa5Cb-Ksnbr#V+dbPw?@}f*&g;cJ4em7}OVi1<3U@m9dJGF^WWkiZWkw2EL^BIK zck?@VQ&{(Nob}xMvn}qQVZ-|~fm75hr#J)ot!qrq%it7uy@|nm!+9pa4&j?oO+j!2 zs3U(8h{jXPHXZ)*8l&@`*5&V=fin87ypi3PgyyUpQ+Y`;mE^oMG#}3$zO?$|8Tw)9 z?dy(coAViubv(!?)0qRus+QnFie%MFH4DzmS;b~N9Gs?Nl>0ZDdBuCKpe}fFnF##| zG7WVxNOO}@VgJwJl9-skFb&S z(5G#D9=;0L#{e@>ONUqr8(e45xo}3z*%}eG&U3e=I?n_-(e>>dKbsYy;x(L$ZwBPAPTjZ0OQgn<*=4E?>svElkYBYSj=Emm;W8Z z1bb`m?_*V$QD{GflGGJ!zT5`@RzRu0lGbOV>F#mCIT*6za2>0|IoyCk#d=a9AS|Pr zoS;5=3v(l!3!@OY<`{y3j-P=IxKd*9g12`3LEt+Q-cW1X5n(dTk^`GUer+t?!g#SJ zIT6@a|Gwj^`-32|-Fc?NCke0J8BP_Dh>$M18ReDh*;K}FP(1ULq+sAeil|sa&KgZ3kw|B znW`XOBACgQ>7+%uGmDO;m$0-9O1m1;EMjVc*tZHZF?f~)7Ci>~$5@wp|B0kJ#-L!* z7eg5>E-Isl?1|1`<$lA`%#@~`OKFWPO`^0AOM8!{rBd3LkS3-sCoOberi@NqZf3ve zgRJ^l0_B1N=CcBxCh&I*{f^$s}(dAMWl~A98tOji~UEnC_L55U$Ud`3~~D(NTG%9%O<0R zWI+ebOl9#wfKq% zhsM?w*{Pih54zw@oI%?_M@^rc6%&|{tXTf}+~m7kx=knyTPZL~!csMSxfQ|t9m zkawjs30C#_tyLcovo?EIF2aO?lHzWphzg|M%C8NLfj36N8$2hR5gm7<_9JD)?*t;; zsE7MJ{2RwdZ3!&7>i;9|O~9L|y2kM&P1>{+CIt!wS%MaA3u>#NEo%poGJ^>e1;hnJ zQAA%CgalAoTG9aH7(@kkecfN&cPt=~7HA776mS8mQgE9XmqM|$Wtsmu=gy=_TYUY# z@A*A{A8GE~xpUWZ&vwr}=Y(2njP_04O24oG`#IYwec_h2i4=kk*u$U}oVix}RicA6 zhT-SF1ne<>lMEH+fL=j-UY0_dwxusfuJ>Cpco@+j-;%$cILn!8A z#{-wxnS+xpH^-i-bs~_SMK!pq6!Xb?RBJ)&zv3R2+;sp3YO1%d2E!wX&#w@Ci|T-} zpGxY9V}d-X3S)~Xo$zZ6GE!lVM-eqX{qQisI}%dkj73Kd7d1`vUWN}Q?V&$D#L+{c zHw_=m^l**017Eb*0xhh87KUBJ`A?ci<}ENnjpI4LqCJ}6aWv;Ys6EEP<5j?*Xpd%i zgl{+EBUCq-^S`gXp^kC>m)M&GVA-F5zv_X3nJ~u&iItcD-nipEs3r-de*Bvj z61P^le*6h_i$x1VE?esHYA+CNHMK`?qG(51hN7lgS;k(L(Ws`L>_r*Ddo;h#zp&@` zS%Cv;>erZo*mynLIZxc9#UtOuN-m@4aaJ|;ZIMWL#bB`X&`C67?zejgaSimwkmXWWf4rUo=nb$-?O-*MRzu&DHuyloI zGKgIe!{hT6@rZi*t?i4qc$5q8_)Fbj(T)$7F*)YUf7rVud>2pey!Sx<_gen(S&(mL z`IGS)#;X?Lekn4gbbR;Ex$@_jhEe0MTukC^5 zX)G#{8Bq}m1%l+PTTz(qBF68Sc3eZ|RW1Xn$2$NX53*eiWfa{qQ!A4}Ws+H$hfSJO zyAHqtmuw(G<+f_*?45X9SH7(d!*Iaj$~|#mCe?~`v>T9L1R|j9b^t}v5H$vofX^2f^u=ksL{9vQ*&*Ln4Py=JhMai&Zlrn=tHBsK9w$^@iZ1(vfV-3(d#Wnh zqh+F7e{Qui!6o1QK6Gr(zi9VVtEo@*AR!;0E~-IxzuY$_1(z> z>?pDJ{qQ zhT*Ze|L@cnJULxWy_E_sf`Y@+i$>mn{@JvTka&Ze^l= zWa>9|&}8&_c-o@=UQSQyGddG8^64!=6vp5Al|c_rlw0U3Aug;_KpK7ct5{RdvT6L)fc zJi9!()nL?N4bm_+PZwTZjtaJ+#nTD4JXoF`2*LEeNOy<{yaWxZtWeiXBaPVREZK)6 z#?zl?yU~dE!HByifxwYAW=Pi#oWDQzR}EreirTTyd#ETEn(2sFGf|L0ZUH$|)Za2a z1)oPwfjR$gq$8#!rc$uV2hZR@4Nf`V$~Oc}oIeXyy$wMlpbRR_qV0VfdLOGBm4*vBR-jMHzk>@rXF-kjqhoGPR@nXde z&M#4oxK5o-tRJ2}LUBcq^np)SF#$)3?{Zj55-Y zpJs(AApGuxWh}%PLQ0cX@WZH&KZ$2~FGS^~B(l7RwC|xd8|PmVRYFZ-C1ydM=v$bM zXyY^;`~rf9be)z)#POq+M$B=*6bannt<<_^g-S87(trV{X=ooaJ_Wt{TPfB`Grm0& z{}(JLnu_CIsB3Nm__fWg0ROJDI^dT#M+5$+RFJThQ>KmN7)slU^FQ5;UM=xEZrvkh zSdby~m-81jBYZuAxMAoc3`5-AjIi@$9c`0G>X?Nc+a^0A+vF%a{^(5GL_oyXadqd| zZPJ5nlRnr-wG0aji1=`uAl{3|E}_qowXmQ~P1H3qdmci6IsZ>h)U{mdS}tYnYoe}Y zFw@5jqu#Y3>spx;+CQ>jtX+hP1Lwu9Jw?9=AMdx;Yx8SZdOyGL>BdZiS=pUzI{AfJ8E$!*@@ zOgvUnvj&@mv|XVC7<04G|+H@LEXifaO{WZ1@eb4_z-nvz%smOq#FC>Z|=zBa&-c ztNEk*2EE8%XGGNdIq`f|tZh@aW-RQ}h$t?!F=V)%8s5uSc z(KC4{iXVB;G3-T$Bg5`}zCLWB(nN8*>q_m_hy4oP9!K6}P4wEg5oxH^551 zZ@fX*FUItIv+l=IAoRJ+CHWcBmfz9zQWjtWh zj>j3LS)1*-&n3^FPKtA8#WQA>9;-aiTm9B<*w9svTV(1$af>Q|!f}1|_)s8GkBN#^ z)K!mF^i`4;Z^FD9;a$+FYCS&Mg3VWB3eUgw_iV*`zhLSb*k`?Dln4xq5 z^hk@OH2m(C9yO_{v$2studOUz#(DG&3yD-PTL@eQIPRKApFsHJwLX2B6Qlt@Petci ziD_R&R~-inMQ#uw1Od&N7IOT+`;6beel;|t?^!#)8NdhaY%=O z)(*-6dfw|YUaE0s*W>X7pLhyMRDz&Zu>D-)ogL<&yqjpwR?N5wV4UF%sReJ8Ywb9# z`@NH(JZ$Aw`08ue&%@G2Lwh}V=@6gY4DIdX6OZSYsGbB--OAeA=eaO4DrS9jwE3pbXQ4Xa*E^7#yy$;{{L9Fa*icJccKrtR--{Bm261CdA9Dd-Lt$pCRo%dDQ zkmC>E1QUg4axg=l2{0ys(mOm(mwY`)@E_$H*}d)t&)^(&X3Kqv3IK>0f7|pi;dmR90=qu`$9~Y=DY$*hD6g@vu1v zufmmC4{3M5-9lN|<_bOgzWEK+ir-$RH;7PE&Bcp!(YQ`Bh4kBU4z`xNpbI=V!ujv z=2=L)`|W|6P0+U6h|gl#pJt4}-tRCps=^aA+6W)p{x2V={a-$|6Jo{r`rlMQ^TjtT z)l?@vQBsp1YGo~CCLt>r?itJf2=Wz##|wzgvFLMyFn-M5Uxj|5E1>yvNR<(8Ari`d z6o!jx%RKCNN&ED87Z=1K^Kb~5hc!WS|+{&xNfk0$npWJ0DnJN!F@89Oxhp4_;q zlAwq;6L5FuHO(6YXoD`1H29cs0Cd3@%Tl}1)znvX_@JEXc0vsg!w&}Q9}H~sK~GdN zq@>dIpp9SBhv>#^OE+{~a;{LHvGyeFF3y&2WVYLA=9Xqf3b1v)6^%WJ zC%0QG9Pvg2)HO9n4ZTN!*5dm!|3w(>)mSeCt}$}!t}+%iUFPlk!DU4cng)B%L#GIF zPN*q`_cc!Sbbvx}4yg=e<9h-2k>4q5n(FBb1L`!t$EX!93mR6tOh({Sfld8^dKq@m z56UP*ptN_eAXSd4a9HZ_oa?n~k#%y{si^~uc#WeV1N+@^W@X$|=+~)`3Xnu+OUx-u z+xt&3_nqu5c3C|zPHlfY8aV%8J+qp<)yQsWmf~Jf{;1=!2bG`mFAS;sNG`qM5u<@K~xM0f6w7ka^#CXZ^rcMwdJ<&6Rg-9$Lvyo}itdE>g3YQBFJ*C4Z=!`{L={DvBr-LgVz!7%(*S z2;+loxU79dDTvV~jX@!A=bXP>dB=DsAPBw%$$8rC&Aa$k6E|6xY5U;F)^>g z(-+TyC*f(-aW&NlZAWbVq|F>?CI`Nz<#XKvUfDMIFfaRGC-3rLDf zUYvGSAQ{cl#|P3caRJWDfFW!cuMOeInbt!ny_KB66X-e*=*y8NO69A_CCNT*J(^)X zn!{a1pQaojDhng}ejY^0j2`3Z$4qz;Pur@Md}Y z@$JOC10px-K(P^^+V&`9Yt<0O==j_D zIAw_aU~Y8#?UcWRj?_-s=X8k)sRv|=;?uOx{Ms=}N-APUNi7~3>NZVIsxTkA#$%A|5& zlw1MJJE6XK@uI8ASIc2oH@*FfS4@JvVmVtF(}nJO7YI~X7r1qk6bAGF?W0yq%r+LR zSeR{U1@iVt^MsG^QyQp3aMb@LRC_`Dp(-Rx97Vo$}$weT}!4BC(jja)))Tl-3oYE>_vBjf*^lY1tnA!ggr(zriw(?&Q zZ4=66e!}eDD;bZ6kx4VX7{b&J|7`HjfP_P+bW(6sNY553{YAP3Yo#Aued7I5W%-_Z zmET1E9EQ_{(q#%8VueT+4YSqM-%e(=sX?~9&fWui^*OwUj5VTe00l&}n7yx(LQ zb6JK}O?{eW+`=+!YU&D>F@a^Isj2f>Mn221tEn?t#-%JHLrtB;GWxKLY&F%vGCH!1 zTs8G_$Z$vsmqC*iWhENrDq8sR(9lmDc2GV5j>kIoASRZpIU{05CC3p?P zkyp<7exS4CG9jb;3%T3{jQ*yLBZip_2JMBNZ%t5Klsq;N!^|>oK@) zQS%VazmAL;Xk5vB(ZWu~OF93$$aDwNI|+daD*4&CIJ>d00S~d_@sKUEV8ujB5EV+v z>;eQv0r%EcI64Lm>u26^*KL=(gMe$cCGKR`RiWB+9OmRVRGPgV z1gXL;odB#F9w-Dlp7ixKz$0Yx(syW|bQRtRK7Aq!nVGtejD#RxOCV0`fhrUfk0`r8 z2Npk&Y!;*L=CO`j_L1iQpg`Z9<4!PS zlIe`zprJqGb%+aHdKwS+>s_*UHV7WjB3IJcNGwV`YNk=jOFulUfb*X=Xa=vCJ=R3o z6FL7+TDA$ZG1eSp7jpjHT6P>x(hU^7>JpATi;x{GOz-$gyWvA)i0pynfM(0?=_N{4 z#Eu?#t8?SmpH_n!j-&5MN*%yz<`z(E!z2; zDjKkPlHuDwtNI#30aj>nOd&rN;!6Htwvkr_px~_tws=_v!>lH7OW$s$h~8+QDUxm8 zwuk!yq&;?=K^hHVxCOy`o<$7Yn0~5g1OWWw6moQNJS11dMNOA_Zf6(= z(8>JsalWm-#)Te>uW^XC3qB@7w;jI5OFbifjW>FRK&OA)hMi8LPB$slXR*`X-tgk# z?a?njJ4M zGDO&B3J-;x5l}Q|A6=ov05>ro@>;7QqH!G`!H@0i<2dwhr_@%}W1LlBwwmI(#3UYJym%^mG0zINFhk zXaB!*c7rH)t;SHfCGXL;?o8=dnC$NaVXu`HkT)Ms1OmOwkM-4WTbR@EIIr`VA?6<5 zy9@AUdzm{h*676R?5@1MZfU3YE8H-dJ4EB&aJ(q(MLrC+VNU=P^qn~G7_p7XMyN1x z^pIqu_rjuKCIiStfHAGmJTs=;gnn*I${d{YS5KeNw{U_;URP8vTl z@(q<}7*mSN$CZ$s$Lka=spAz}5fCsSQEI`~XebzZ8leC^*L>JIIHQ} z)rnciHi?0W=|)klqJYvcI7inbT^8_SP#t!B&Y#$E?{q=-76RFr0-R0;U}h7yl&(nO_XE(ovD706{uq9QL%{$Z;z)z^mHVT;N>A-IyOYwZF&|8SdS2#syMraqu(|^b5@n#@B zfeLN#?#Kuvqu%$4EjRy8{NooRbi@7n-zej=5xU|2QI_%62;FdhFUxplgl@PWWEs*3 z-EjXsma$-jZn*yf%eZ}nZnz&{8IwoohWiUyhI52&xc@K8aOMkAK_Qpn%;r)G^5M6R z%WxaGj7c^wW2&7?nFjfj;dh)31PhcKjen6NzfZT=3A2B)T~k)}J)x>axj{$l z=MrRGT&Us-D%~soQb7t@--H@;?o zKV~;uAxPhF>x{!L@s7hAV}UU$8f7-Sjsu>OF^P``uDhl=huUdH)- zbdjCMYdlWx{X%6BRhp#H3_As%Y64WNedV2kUwE%(rA4U`J`hA-@C;W{5JwI$<5;`i z6#@%SPik715hfXLmKF_5xzyWTFz!W9q-qscLZQjkvTz*KC8(8X`l063goiNwoFE+# zrLWzA@hA(s4Wm{h=YkNNYozGy$nb>R(jIgyq<-#}YPphsqpPeun8<60YK~UJ7suYm z%TdW2ih`%R#xMAyMTSe^L#T)IU&tf}5g6^JOT4MBz#S%cVES3K5*!-}F#Qf>oECkj zPjkzUle)L5Kj&9y8ci^b-!m#D#xaqi$;q6{K}}|ARbckGZUgUYy2Nu0{DqZSfX9r! z({bF=e@CiZL#ai$G!HQwSGP&8)BB)USxzcv^!Ndz_|kh`xSw|Z3a?0gP50H{mB%`| zXkkagrQQO%?sx{(I8sxT|D1r?D&`&Fmi|ma+zuW#f%jK2Zx6ThOUS8kSYfKAJ)uf? z!1D)@U7f?=K6#BC8UG1DKK=VV{h2;h+ASD&hdElHSpD5u0o9$|k)2(y zDMreGiPHO@_cd3NK$aDj=_AQ~6Dgq=DvYW1A4C1hcGARYeJIu33JRiBy~-t(5&v8^ z=Px0z3F>YNkB*dFsg)cGCAIe2DW6Rp?1&xQ!a6v*QONrS_(JKxxn6pHzqDsFXQ1oQT+U zgOG?V#@a~H%RI}k4z@ACZ{?p3^#=KL`=?AX`)ZAP0sTES1eq=6N7+dIl3xh_^5Gv~ z&V0L2nO}(4R^V5ldzF>>x#Yw)pW-o~hyU2~w|4GN%tD+s-3@>teM6S8B^@xTPVo)Q zN!nS`**HPqbOS=a&hC=k84x|ImPTTEN8&}lM> zEwZ!G64k97L8xz(2XD=~_famz)~-3C2UgD`rKnvZx-V=!oG| z^x(F^PO2njMfVdd%1GEEqag;Fh98rG`;c(7>BaS8KQuGfnhVD0!8g z;LEd4@NI>KxJ_{fJTN~2FEGW!KcHe0Y{Jk9X>(Vj0k$Abs&diotua5!c#@Tfxa z;8kGFqo?ww>ooFBodvlAR86`aZ)s=(h2@>#y&4*XF_5BqIEFyd!zIvRc$;tuJ@K>Q zBZdwDWW2H?#Rp1#1<;7{W2XiTGSEzzL#yxivr+Zco^7wboh+o%5~w0PtaJh`hW7P) z(O-72iaV=h(FKeorp5Uo!#+W5@eXgOO)n z{X>>PE8zVhoVtp=&qn`>^xnhXXVZJ3vLJ&omIb8JY{vyf%YM{$V?OpHUyGP2dlwMn zCr^T%H5FJ}t4l7lih*92v+Zf}c16oXkhCg=yhG?I(P=&H@xUITtW3(vsd1M4!jb24 zr?j+|ejfUfw%Ria?T`-}>E|(KrCw+wiSA)?n3|s!2}24{L(xYcJ(^`e=dJM?{{SQP zhVRx*kJH;2>|%JT{h#8I-!A3(20VN}h@trMWBu^E8|l2VPI=(!(`u{gy8*wEEL2wD zx~W5hD)=^&S?XeM(eQP54lo$K!^pwo;Fs?t(}QX?HTh3s-K$Y< zOFSl&h3uX};c4;YS;z>xW6#^v)R})EI0$#_*zdl@28A!YV=vBLX7wFG{B_C8usv9U zC8JS44M^ZAa){5LY{1XT^G9)b*VC1FoJG{3mRLlc1~=+&{%omYaZnhra!LmZ)hDiR zU?G1DuDl&f@`VkFZ}+qw!j@j_#@Fr!*9?i4etJ+1{~fzeYv*B}M(2TL)$5Jsg#99ro-V53Vm?rLI~m0Lci;6^O{m-yRtk*^NQPs0DL~FWy|BHL$#@9XysWV$V+3_ z^={wr9|q&P-U{4(8hTLn9pO+-KEI19`il1l1D9HlQ=<)DH&q zgrSH)3XGz()ivNcE4fs1NjIX4XY#3Jc^L^7>RQT`!HEbd+w$Akx3-N3CCUO>by*a9 zrUhj{K3h97n)N-&ggNw_dObe16Yoi9b_l6o$5?zL1q*S}F4zIR&n%-`@=Fc_07+Y0 z`R}NKf4#bl#)}+|A-%eJdlYc%ZcH@d{Xn$G91RkUfh$po9fFw&l%a3Da*e;lJ2vS4 zs54rbTb)C?cJcOr4oox}1$GVX`%y*1fR>c()W4tbzx)0%{rheY_Wk?sQ``C8GmTBe z!JysH+P`5CRl=xMOW}u@ZQfp}P}7DV^d8O$jviu8=@Il*4FJ+piZ~B{5k~QMp!S=^ zel>a&!}q=zmI|F)=LN4b=cg>9?U@=m;gs(wL}y4vfwc}LFG}O1+WR^J;j_GNyh*Q09Lz0 z0fJG1_Dx1s60dsS3WbS6w6c+kv^Sk7gG2XcL>eQ~=rF%Y4B}v~BY9E^On<3pf7wCP z-gH}H)kxN{NcWB}jqP3l5$HjwS=sT+X>`UH-Mb1X3w@j3j{O$K_ks=GSwiQbn}4_K zPDp@R3|Pij*bV34AK0jbDDEL=pEB)Q3!#tUE_s1Xly9=T<@o{``By5(CtJ{)+;oyE zBHq@wpuZg*8DSkKCFvds$JF(VHa73!#U8)jOVSy}6RB zjZu#5oW^KJc3jDC?AE-2a4UINLtE8HPz?}5@nz;J(YGy0Q1^H~z+#9cIjuxLJlhG|g8&1Pf%4JstE?B)lxWIFOGG? z`}JDfYvgQc;^F)7z08(I!fK_vX zcnvh0_`!Q@Zuz!+QC=kI_R<+nea>L-{wff)mYUsCotkR-24|}RH$-aqdY!}MH|H8y zyz?=7g!vJIyu8gU#Ybkzpv{tpX6d4>N~^6lC5e7h&6b6<@6}d;#pBzBo6U1FO)kxwx85 zKos^uD%QDGJMyKpn{kh?(r1h)DD&9^And8pbxe!W|1iDMnl}2JNf9#rJ}`DwVq&#t zAYwcH7H^QZ2E8CL@K)E*QC4p^K~5Cp&dQm0>dDIqUH8ODknC62Kk0P>T6p#_EldZ! zS9UTBT5~b-boq7!r=KWSQ2Q_VGRx2g{)>N0i-{#=xgI_R7~5q*#y#kgFTM^kM9#5Y z7;0JR9{{Wp8OTX%$o@qNkR^d+nG3HfEYFn;pfIg#;1}rv`G6;i8Fgcm42V@!~IP6^p#6$bY<27$9Cnv zk#~0NcIEvEG&!`D+?(wd0;{T+HS~%ZlmjftjV!JR(NbhkV4NRpMSm*Iu!WuyjTNDV zEN1doK4>XCm^|GljK#OSL3 z#j2hTRZsc*s-x>~VLpkI*`ai0RVTIhAw|0cR`)EIY&pF*i)};gwW!v%Tc4m;xb<7A z&>B@;FpH|24b{EFsuS9;ueDFi7M>LUto{e>wW3`*Klu%w8<4ISc)56kZzC}@oZrJP;c+E7 zbbG^FCrFDFLH1FTc~vfMR25oxOUNouHF$1zOO>v`j9EDiE@_u$Pjf_RG;8|Whe-{! z9ry)JUt58}AU&6k4J2nUeeL%yZgjnih@Z0KKd7(urn!s_ZsSQ;X1({rusNq82kL4d zRUtWG<(y@B9PKC*Wayb6c(SQ58QwbJtd>VOt4DOsY7p`kH&Q6)OTrV0osu6~p&L62 zLm$EoI_G1&iMJG&(dcr+OqG^plTgN*#wa_jRtyVvG$@kmv?#={^dJ#aqs2@Z4iGc;S zqT#n)I{0nKWhtk-)>biGZi-Z!**(LH78Wm3^?J@mIKy6_k^^~L{EL%0yWIvHDQ zb4#r%)p}A0ECTGY5^I*0owH(K$OBVh?v7}#VtqHGIO7pW{aRx&7>b5hPNLPZSZH-V zoTSfUuS0ED=T=M9>P$r|H~A3^%BZ|GCxK$|YLB1MqklF9+R^;5>$M2d^FhdGLBbo@ z6uATMtzs5-N$Zo?=_+(SumE@OKB3ZIr3Hm^NuRt=D0S0|^z#}y8jEYOW?hbXV4q33uLh*7#6GRRyKfY_} zIv2Sov=A*dYTo|(9f@Zu`XO}Rdh3D=>{ zP^aaY3W;nAJCa3aq1xn;t02!Lx4f)YbI~Tsf=#MI)%ChMGa?0Z^~~1yVQJ3nd4kPb zFUV7@;qLnMv9T-7Bdmt-{G6Ir*)v91TUurs*8=^_Wq6x2mjRKYc$nkqCCDa{^}4v^ z09zYNMj0@s&(A>8TjNP6l2I{X%c+T)qZQ~&tW`H29)eDdxso68n4g097;j7m>O`PO zYL+GzEExe=7#hHh!95YgJ1VQoTrvY{nE|!TfLdliEfY}Bw_2+>|6!sePKuZeW9k`o zzB@p$x#EO0?QVRXn0e4GY3_t*^N7-N8~yy-U}UO-aS>I4qm8QIG7&^jnwbpb-m@7C z&uY@Oj1V)`V(e4Ts1jbuD!C8+hCN1}ub!`>!Ti^O3TnA9bPewN zxgCX}^cCmJJk5d(vvIHpAbM*b-l(@0cbd*-IX@l@7Y(l~M8a?xptQqt5B~{F@2=LuE1U4Wx912yk(A%sJ^R3cBWx^fQhssTndAOJQz>$4{ z41Auil=b0WA@Dx-q4?AQz&c)sAg>^d`|taZ*c^-W=g(;g1{Q4*&(%fd&Yd__ap)ry zebeVc|A60;q4^$CwR|ld(!TCD4Qo3N{VhI)ZUh(Fich5>y0aFa>Wu9sYa>#g%s!(< zb$pCG+P1%BDYRr7xP-=NCH3bk&uZ}?Bf7)l--ul5ngQ*^`)1;<3V^$E6HC>391-nh z1c`&sxCz2b)zsVf5rmhv98&5m6+5U5y+%v22&n5KDC7;IHedPT!*~NOchT?-ZjGJl z{RXQuTTSi4>ddBHbCA{fiMDG_VV&>NuJP>sdtS+{rcU_#BEYJYhBN=^8R*X<<9_(R zVSh&3MET)#f|Bb_#3K`el5!IevKPo*Lw6x>FSm?bA!kBD!clF=ySaSUM{w1uh8MN-3rQe@7S~z(GrTwx$I~NUK;G&hGOTBXM z87_Smzo>3Ii?lKHS*#{zN$c%ZC*$#${3c$i092E6QMkG z`DrDUVT2%Hc{^Pr1pIoMYx)AE&#l*=p^rvJ>cPv_o9dbMbY}DrtB%uxz#_n!!0azy zikmW?LQ-Vx`FjjpPFv(D#0D@ZLI>CD=wQ{|xPcEw&_V6>Iy!ihPS{V@$8OU@1YDii zIsgQQFlsgyqlYIcX4FB4bX=>>2-WHH9C(Ui`rx9{l=%m07$H3BTL z#PgwNo?xLefDvD#h2dgnVTmqzh8>MxC!*#6fc+w4l#t!i7%gOTC5j$R-55Cr zJA|Nud~P&<>f4$ms-Jt_#tZs=pTP65Mmi7Ed^B%+QacZ0UOBUg<=aBYIX{=|Y(6C3 zEkF>u*_1%sB87l1)4GY+UYFYEqZ7z38s|9B$fBFwLe^W4pt)~&GJWJ3uYXX`M$8{1 zXquM+z@@$Vh8>OX@N7cQ?uz$CKG6>}l((jwU3H{K zc7?$hx`Dho!(vS&D?1tpw{nb1akUP7Y&V21(Mw!LCA#?@z!E5}D52?iIBhxnu|0yA z%9M|fJkuzBIPb7th5yZ3$k0Aj8wLH=%o*l#i z;pq|T%LorZ(9cR=cCuWD2AkLIsaM^Bhtusbl;@fSr&VbyG~2~3m!#*mP`78|&ZxZf zT)N#7bx{6vyTOiql$${E&;ue=gEJrwC`m8E86b_K5V5)v@~W1MMgeVoQpE78YGDo! z!=nis@NoJHT+A6e^ray8NF#-^rVEXG9d}gWV(`Wt0IHY1OXMDRM)D-wo_s?I&9+&K ze-}|^it=jelrZ3lwhGPcb`+Yu+%wn$x@N5WZ%WN4P^lT!^!o-z#A&sexG;&XuZgrqe9Cz!|WN zcqcL)XRbM+>OHc0IP49U40GtW{aDTpaRAFezhx^?9oqU-`kd#{Xt{;-=y`VXw292N z<=Ymxh(g_K^Bpw;7Dv&aoi_v1b3|ErHo?GXk+&-`W%5&O!`5&mdl0Q_9;1e|@fek% z!&P50mUKzC(ojp@wnvVHjwu|B7AV|;-pqIi>CI=?qC*~#!JCyMQxY)l&;r1)sBbAv zLJ#ZE!0qx?n$qQyh|;CCzGZ}_Z()j)Y^|SE1ycFPb;IF-h~B#){aJEhxD!%aX*R$e z6>M|VjAefnj5D0G0wRY%CQ67nDZirYu$KW1oAK%I4vrqW%DE!5htOf%-anZQ&q!uzx6w#hAs4lxU&3KCRY0VGIKMLO)SlWw90B><8tbHwPASk zw8g4i50NX|XvO;gFKW=YE$r&SZ=!8UISMTWg&LEQ{a@)}c8j&t9wLaRiQ}JoT9g_@ zNey>zb$*@sGgtC6J4v^7qVr0D*vIY6*Or+_r$YueH|l4;6jM3qV@OT?_Twz#I9|Z$ z7|zo!>4@Mv66eWh?mwgK30IiA!}~JDDmhQ1jw)}jH;kn-_lm}Euz|U~Lg;-uazEz? zW^zksP#%1r5c!;6F~%7EV2XZ-6MdEDmX>^Fr@dQA9}5eavkyIy6}yQMF}9cHc)GtY1(-?90tPL7(tV>Ewf%oKG;EpHOipC?t2e$_{$rtbcbY}32YF?=jiBfj3< zC;=~Oc`vGhFJmeQPzByCdTHJa#fzefzZO$`8Y{jkQrwF7pE^WM{~TKRs80rb$Y%UH zcoF$5Ij12c#4xdKdQ!3D9-rs>j^CodwI)Fzb?5%4uV#`zZ$OnM8M+27o# zLxtPracvG2TGKb4=o=oKqv&`!FRw&m)KF%l`#hd>9erON74f?#%?HuCuHigpSfSev zz#AZoT^OE&sd)4?4V@nnfdjq$Dq_-DBfcYl@)D&4dGai*cpY?@CmSwTUYTbtFIDkn zO1xv}sQkIlvWt)6{v(1sHrFYYk4sG63vV2AiyhJ^M`%H72_=>uil`;kR&-Rx-x9)h zznAu+SKpwgn_CuOH6BI84?Lj9#y$dCld}(=y>)IfwnBW|VtMLY&kn$>y0sKWQS3!D zpO(?T!&@5u;avWpb>Dcpx$*rr{RmNNjK}jp(|o)#z`x3jH76daS3@Wey91wMI3V)8 zgQmw};C98p7Mg-Rw<4jWV~Z%#`#};p_tT<);a_E59m?UJ9_Tw%YoNZiUfoEpR(2U8 zr<>?F6K$DiHpDahP^LV4HPf8GszuKuef6X|rM{;Q!^#3yBpHf??`x^45o_wjYQka@ zSh0>+Y^+u+rv^4XmOJrRq+BK|mx|@iXU#PNS87n+KaZO117$3%Outtndcq5EJa~FKhE~wKFxQz^o;{x27@cnR{TiYiu>9<-(%+f z4&0P~;2|F|$V=$8?Ra@KwTufK$PQMnw<3f zi@MxEEL@p#%7M-_4r=&9l)JGGD6fbK5v(O0Qnrmn$@E}OB!sRbYAhYGxyxxB3E=_w zaG~CI@2Iv%yx1bMlqpLcCzuG48x^A$rlg#%nsQ7f_X$P$>gLk#PCzZmky_l+US$~T ze&}KC%4utRM7ltAKM*xW3%(E%41zwYh~!Y%nVeuFD{-V_CBEi$zh4}-zid{bn9Yv}DZbc*Iv zJ9x(mzD133-b;~8aO+F~p`xg%VUC?!H`eF~@D+SfW5b-z+`6kxj=(5<`iomW(}c!w z6pR|BZTu7J9(Bd>#@35@mA06p@nM9%n1f|>#Ogl42u2-l=v*`u5u%pojTc&$=a};R zs1vF?@Clv(h`vo#MBn2@^7$)P`stZDkEz8N)o%H<1E@;MJHjo$mY~sJ&Ef`*@}VU6iU? z{GCSoGi&AVwz0+EZ6nNyn77B1>5?sXoXKMD%$mua+0xgUy|ftV>LzL_aFuChr8#W~ zFm04CN&)O#g(J;`6WSQ*EY0cIK=M#@i;{O_-eu_j=42L{5~```uV?9T;ziBxByETV zt)d(13&ALFy9*IQ^U{F1C}8I4?ZulZvj8vk zFpGzzwdrfN&N(5_(P_CTZ42!o(Xu@lm{h01z-59oNkKo5r!_bj_?iX>f701~D>%Tw zspA6aLm5064KbXcTqR z8FCkMj@9OHwTHlJSG&-eg={&mSzGZTuV^dYOKoSxT^N#Ao>UF19*4|e2UvBb@&R0O zuGMnC-5>pv#c9qkPAz21{S&O=M-=tXS4unp=l_z7M%Dz`G!q2S?RScdgof~R=1{8{ zVOiDGCtuDoge}Uf4^NR32dS75ey-%9=+K&rh(Jd8v93flXQ7;nJXxpERD6$l6Qe2V z7|k<;OHM@Pu#T>~J{{489~*W;4cX7e3WzcCcDBw<6%t(=Nj&TXV4{{rXd4|TNZ&-r z+lM-N)AcbLeTy@;rf;Yq@@-`7QwyK^P%PIp0lCWi3Cykv-{+QgJ7l@k&}L$J-w_kP zHw23{xkTTaI7)2!2{PFo_)-@09*-4fh_aC>&zX(1HaGpBYGG8Hlzl@_sO+^b_?)lt z);XF@pYi|9z3NwJm3!Ym1^ALJIsiXc@>le_E3MX@Sj_z`>t3ZR=(Z5tC9-w@kQ`Tc zAss5Zg&;H)u=ILT9~*K}4MTuTOUFX~v#k#>+uTPFic+;Gi@;GyBw#k6GOOtqE!%-7m$b)?zI{-yr0bN{vXEFzQJFg;;eV`Kx_EW0ZmH`Krdx{X zA+L9_2Q=-XvaKh5;=< zF|=6bxB`oUd?_=tY*uoZz3>8yC~XfHLL0i>D8GrOc(~a5=%c?Ncc4}61rRoer(^dY zSKA}EY|513xfned{{P)Azp9_gD)W0-3~0QZi)Uf5kR6j};sI~u{`EmJsI0}4qTdFd zR{1SP^1;+76mJvGb@A)m_fMI85OcF$zI%a41`5+{=mgU0luOcAFnhUbBpOfDB%q*B z3*gBEfG>wfZk==X3M9*H>fm#mcGd01i0aAR2=mC$iPGg$Qs_)W`DT$7sp<7P5M9&8 zYJwMmYr!p)t6$x{6vl4Pw;D8^*0I$Z;Lxo8as>!gP-{3bCm4E?f`p5BmpRIY($kY! zE-jqOjKe&Wm`Rw&9llnxr_#)+`sn6Vybxw*wdjB>QA&xe&lLY~n=03DVT}!s{CF=-SnE^Ip z&e!Q#3uX!195rVfx>yYn^Z72AQ#B^Rz;M4wd*PDf`1Q$j$3V%tGC`xLST^|!G+1L% zUsWyYt9O*XQhDh7o-I~XOw9{iay(C~)WanwX=|Ds?E(FZ`b^48AB^`NFNdKlO zp!(Big;qLcTSsW(DRM>A5Od#Zj!lT0lg9kodh5izdd?>q7$G6*#crq83uQl;UB;~u z^$MBWV*JIK(AULjqNKVrf8k1AB0o#txiinq0hDxwTMFaN_Jb53!EO9@e4y8bBKq=@ z&U0n{B1jKfwN8n~Q!a^8g0WdpD_nWIy^>4X9lj1Ad@bRlVK7%uN4w;55C}XPv8U>4 z)HFxP^e~$$G&&6RBGgCM0(17|G=xQR0TBn^;H)n0?Sc(KA`6<2A|oVb0==NTaDw(y z`yRQIB%G+up?mQ9NCLub5$Wcvk$zG5cv)glw8N81eZp&^o%5w694#A=L#g zbayqy>Kkbk0>e2Z9RW+|#~ygswi4Y$)_77@i31+AiE$66x#ja9!&~QOdc1rAFl(;B zgnvARXK2I^Xe6A5asAE{<<4}v(HUC_SlooR_bCrwhL_#z+FTFQ#;cFXKM-%Ie;uRW zkKFK%QtlHRPh&i%^8O+1LJH#uSJdfVZ`RUWY&pT~TYn{CvO?4Ccj@@sr(G3Ax2#FMYrQDb|>vQTG1I)LWAWxsYN z7Xx^R|9E6idvbtWuZcP-V16u>w_l{rcoyj>!_x-2-=aGjxDKkk<*`VW{h-RQvsHaJ zYV}>L*O%U=zRr4miBMl2)E9oYwN^Xo{3TY`=8%_?vv&+i*(ZlZ4Ib{2O~8qFgTX4_ zRo1JeHzA;3#B#r*{_at>RpMdv7QFFoSdRrtJ5#icGATYLVse}N{$EohX8`*=J)W!} z72xq_&tI~D&v&fJ(&OSq`I7_mV`=^w->0+pX}Ui-o90iB`IVE$3Chl-Ms&ux>t`xh zsHPrUtwri6m;(QVqSsN3I15GAQjyfXtJ`zL)Xx3KQfms3#b2L8oAGTe92m1>|o%f!l7i9p8?5PHcDC{X=6zNFU?W1NF>#R-@u+=h4IO1 zLwr68cCUW{OTupUXP`~G&NRoQlh`DWp91uA z=YG^*-2>8!vz9HwBQI)E0@4KE=2aLd%nP#r=BKQ*o#S#~aw_9Z5h-x|6hU5v4&0RY z%1m^|z0XNSNMx5^#~NJnyZE`T$(Y&3tZ*W5v_hcwln?gb65<%#^IiRto`tNIdWO|yz441Wp|0=I6wk#gYGQOx~H%Qfk_KVt3{EjLcj{TXxL&~nXs zu7bIbYq=IZ_gBnaq~*rzxxZoV?OJYvp8E&pPSA3#dTt%&4%KoK^;}XD_SbTg^xPAe z%W1hC^xOu_ZCb~2ll9z2%>6;j?WpHc@VYOw+)jG#Y0Ujp%jNXkvzYr51yQsaihq+J-04JP|Hg8dA}~oHE{mldBcAJo7Wy=VDtDZ05*xgasEYlC@5?Ox`)_e zOIpkBtMupF^w33sGy>4s0A(rjt|Z{{+$_^ZRLN|?GCx_`0WEy;lHDM8eF%ubEJR8P zMbbimOtVXV0^1NkB8W!>uqy(C{sz5i4Z37hhV~Ay=}v#SUWLXkj5LO+ z(Ag$z?AmC%pC!xndljucq#QI18)F zXN1i@B+?yBg??{r>Bnu#BflCE!QMzUVyI7PYcyp*h}6Vl?=BOqOOC!S8Ew|38-g6H zNZP}+B0TKaM_!~w$&K^@Q=vOpA7-<;IMt+$s7RX&TW^|+*;+`i{omopo@eXRK~1ff zaeQQ+FW;2zI|Y356|gCNr!L`2E{243lO5>!CD_n!!|vrS6lY*RD1lpE6vxs-|N`CN)CJ-eP; zLdKyTzj^|=%lB?*VAu5PE?{A1r7~sXE$n)a{De)vLH%|XHo{y@6@u4~pizV6$!|4kxA~zggVX;b zK%?giJD{=Bp)fsP_G-O(xm%D4ZZys5BB;>$n+gGdFs5t>86a553nB}70p&KRs{F#X z_((M_IoBoMJ_|KW+itFBH>sPUQT20j(9A;<3p;8v{wOWZ_`(X~rGh%9&>y`2N_d>5 z{Of!y(1BZiJD`j8X}~0Luat4V>n<{|><&Ytv(F5nj`fdpjJli9z_>YO)w-cfRnIs& zC0Y0v-rI(;eKHgUx3x_1GZS({uZ$!&O8!+u?_YY#y5af#&AmPfT&*!k;!Od zkBv9oUV4OKy-S|Q%aiO&X-r0GH@Za{ANn~j7V@uvQ8?t4xKwNackiMBU{L2@JFwnw zKB4vg<{uFa%g^alJ-7+J6JSD}zmUY7r+DOvfDVpgy21AY< zA$-`ahU;IaEa7fpk6=KygC3v4;jf6NV6a`1l~9 z2b+!_zFeMVn92PagpC;|RE}oiR3H`kXh9ClA|NHfL^*D5h|E8FsWAJqwAourR4@pW zWx{J_NYzJQ1lxNR%;H9?fvuAN_5lDwc*`*~bpQ=PL#ksBM^8N;?+AIDsQeCht zf>eh*OGx#K2pD53)U}>MHoSI#=s>obx@#HHfou(pKFnU^s;M8c7rE@km<-aN0q_v$ z89LJ*=@zLRQ=w0fW94HqTyh3T^LRj2<*Pj-5sdKMI;UY+mN&(>!z4YT=NLtGJ4R$f ztshLbw;yFf&b8idn8ZLQ4sQp(Xi*$6MJF=I%?b0xddoCq34n>i{>(s^+47itl0xJ) zC@LzUJVwDUU=-Zfcpg{s%N4ZD#~;>QbSg^yryyCt%KATtSE28(FfgG`zG;eE-jrry zho^m}(q?zd@7PVu(@OGGw%-MP!;>7*tnKu7`?J0BWhZUzVUb}s^{qmrIyn;>+Hhs; z&im{}#Dloynkyq)Zh0fgg(X)V)3#j6l~G%6Fyw~51Qb&AAIv%H%=vL+f%; zGc(OV>SYpuWz$s6IZWEc27-OqN+=q`7C>&W$f_GL^d?9+zXtUVZkTa!F(HBxdsRkb#Gg;G0p3}s4e*sKq6Rn-ay1lHKr7;s zOZ63b_y)vi3mdN(BFdp-T?SM&B{)Amxx$ONUHk6{*djW)=YFGv+8fV>>OUpVdidI9%dO^ox zaBT$Sp`$p&nmtiGZXb@&Lq??i4Ay=hZ2!?eP%=OmHS1{e-_UjCI#|+;9d)#s4UG9l z^d=g*@IoD?t$O)1n0h4>%X4~p1C~$0@(uml8^8_MVGurDM-km~Vp_d~B9zh2vAclM7ELsZ)JB1U7) z{YDlbX88)O<0WZOP8t57#_7L&InfF ziFCHN5ikil>j*@Fve+V&MW>)Pl!29(*U-XEr`jG(CKHoJm$VG8;#WA*vkhbkglmq< zFPIAQP>K_GAb|EC6eppUZtqgK1eh}l;`vYxBiQ<3zD}W0#rkz$%|DY)uHQ+~*5KvK zXy_}`0T3j>P|xG*3UeIp&bqz2@Y1b_JjyTmTH{;eiwH~Q(-__%PQg-6rB_Z*K{JY< zme2>|zSe8_5;LS__%>$;|CvDtqkS*|p$o2LBo9DGCS)X)`Hq~?s8-R)EN`-?R{E+; zjIzOiK3d)q3b0AZn1Z?_&lmtg;&Tx>emfcQRlu&P%j|fSijX``)#EENEv;{Z-eJuBznaj`Z@1n3r$SOHC32=<3SAC8o@Bt%BQo(92h1UfxMBJ?P1L zRm_VC>?{A5=My7O>R8!|JPT<>fnQN(4sNE3``D4>899HyTutML$kCq)*`ZF9wQQBn z#lDpE-?-SC62`^OdW^W(RT>w&k#VtoLIW=)s7s7s8$ugdzXF<}d4zsEZ=sR)*J?WZ z9^l8%M(g4(R#J0GWVT&1SOZwj>ggJCM$u7+XW6G0Y5Y3PsDR;VSjH{nOBoZqx(o_G9kf(V0j8u-9rID{ayLIsX zYhjFZpBL#Zra~O`wzV!JZ(lPQ@c7rNz=-y!8ch19-wp~igkh^0ggH-)-&jpmOJeHFzY%a{BO ze{9(JkNM-J4@UUoo~wvPUKyDh@|bes7gcSCF896$*t0;#$-|n%jVf6=9}CjrWyw~Pk< zvk3+b8eSaGW=ZabPDxu`Xonq0o&RkQ8up5}frl7lM~NaZy1%cnKezl~Uy7N#Y;z>O z!3ec>Bk36T_C>rfDTx$_9#e!Evl+uwXw1*ru9Mk05xGpz=?q_LVE*c66MzQrTuIq} zfNeQ{9x3Vlcw&W)Hh#`R-DXd+)z~~6m&23Htr(Dmxk%1VE}NJ{jvg5C=Q+o>v_3kE zVJH8!h38NPx}>9;TH}+7C@yI`X+)lwox=1zD>+)9Wz|LvGrpT`i0ETeHSMkbUi%E_ zn~AtgHPv)~M0*SH@$p8xA)>_fH3BKgvoaga3E6}SFFM?p-T!(MQ6Wam4DHN}W#}^s zb(v)5#)wSvxPighr$1_NR+kk8XD>l+Xw4QE=ry#ZD4ovfe+NUdX z2S%Pyi6F{iE_$IrX~)}v&i_QIS}^Vt^MV);@qoyUIuN?21HoLs2+UzBwEqY4?6mU6 zWF}1b8H19h!D3>OsR zq2F-Bi)fZR^gJA!5u>11^uQWzwkZ9^iN8=Q0sYIwUb#By;>4;nQ?wEWPeYaWyrg|u z@n;83*)rCm(Puu|8OSh8G>18Fp~hi0$LSm<1~3hEvqZ2R;jM^V^Laci>5%n^#Cqbf z#jX0WMWsJmPx>~$$j(DwvS?kF{JBiHN{cz=Sc9Lq0#u0-=%byY4YAWH8g%o0#y|*x z-Y=q1&p8h`*jFv-adw_#_wINYUTBv5Tq> z&WU0%YdVld$ILDaM{^hR=x#@?>5IH6O7qH<4D8dM6P0dwtl>LtH!M?kk%Pukw@}@&uNW0Fy&j=Le87>;=+KxxM2BX68a;8^VOLo?UM4^uaclZNB=lD< zU=z1)c{_wYwCb?7xXWMF7uT{5r{lH$+TyP45WTo3JJI3}UPz1keQC_%V)2`xxG#8? z|7<*6n)fx@=63|)DUiAoBvOZ*zLb|bg_CzfY61+`kbsQMJlxfauIy@2e#k3P`QbZqN@PI>p;HfhY&S@h4fDciGXSx%Go6(x z+=_-ojDB0jJ$xDxp_ft^RsD_;i%yZ1##HF_?}*W6q7nu)v+@BEufgf^+0t9dt&!n$ zF*FYI7no4Zt=lJXuk7WPie#RbZ_L5KU>NkP^o_oTG2A*=N;SrNb4ok;26(l3AHVU7 z&p-d%&AoR>EDK-Y$~(k8(vcRc>tkY|>je1P>I_V%;ES3Y=A=NX8iS3AYS0DE%zZ_A z{8lU8xZBA>N}?S2-WnA@EgvYh`*1_W}&zliQ7i}BXF)m`u&20q7^!; zQk6o?Wp#>y89Nx6v4fgAX?EMAW+5P`Lf%2n7qp_?W2M%nnD@=XM?)`PMDsf^GQXG# z6?_ZRmipVGzxSPZRWgnbM@iyPWTf0WgSmQG61UXUHHwA#3${Y&R7Ui+0I0b2L*S>h z-LZxd$O;eJ9eaJS4T`(8r*!(c;9N?lhffhB>bVlxf^a8xvBynKHGKfPV#Pev#7G2y zr9BNgAL`&7wV`|IC`#vD;fqT6B6NZMZ$zZ;-Z8Pwzw>C+O^r=Qv7*+S|3633UZ2FJ zbuHpjcqxqXVf=s$CkU(lt-Ph<-Fb7_G`+c$aA87Z1u5Wt$srZkPxL>q{t}YJJB23n z{hNVw)d%uUUDQBctZQ!|57k8m^7{jkft-&6xffn(W?%^7-xK;zwRlnA5pQ5B{+kP! zmgH)3)SCLIC;FvBdpVfBJQ(xxBJE`wd$~2{Ws>&t6onK>eJAGS?@spedlQ|HOf?jp zy35-cBaGierywR^XD?-1n^);WtM=i?+J~Ll%d(hSpVVGn(~DldMK2Symk($!$MtHb zvs1N~`(T2KPR-%`xAtNI&+q2^*RdpY$&cT{boRj&eYQ7oc_>f<7(d#d-sD799aEu| z2k;`{DJ?+vMlC@10RU>oH5-JyUEW0Co^daQFTuDjRyE znB#Tl4DEQGp}B*~nDP^NwxsDkI6nakqlbd;{%nJ%W6Oxqprw*0LKiAi&}VJ04jNr7 zii?Al>Ael0)7RLUTVB)+CUYF&1SI%UIWPwU-?tmY8C_SojO8QLqw7fnHnp3^AzA4J ze>t;^B=uG3uk)gmcz_9Qfw5IZO^w{r^4?_6gw7?R?dzER(-p6f{nJEKweKj$OVxat z5+@edsYt1SBtGKrO(lgu@=mDI5g1hkRq;iQC+BaGnsUp*5#6v=2M2 z^L5Zq>pXafqs&kbZ5lSgU<2H=b?~t9^F&`-1yeph)wYX zs$totF6htCe~JRfE@OTtNY4#F$PsAVzz%ch)Ja4rEr62R;T(XX$zy7&?~eZtFPpc- zz)R}Qt>C45@B}-Hd?AfUZlw8JZ7t2CeuG*Lbi8q04?`5l8e+RJv`rT>eZz-R7wmc$ z9-EGqnnrf*P`k17=oYOPY0!(%=RN)g8!!8hhK*mUiNeOKYudxci)$j-_(N|58?Rmn z*mwrKa+6CEZFVXxP2+|lkqkYhH9QJy0+TToekJq)y zZax?_*}orbZ?eBR7@6!nGb59I(StDApTR43lME=|%ocwkmZvvm860?-|A?CU$xIEu z-jd8LlmZ>+|I!C%z=^>bo9B{Ku95@f-KLQ_eH?BqLQnJC2$;WxY>)=#{s*I%-bvac zrSysh9CI2|esyGme3Wd*Ie`vLCZTdjkuPsj$rX}pc`EYp=G$6MeerzhQ#xM? z-QFQ0_t64m9*;EwYRq^byMzaG&)xfn3(JGa;o%?m=5b%SU(9 zJ)LLnrm)lZ(^Kl^H&J#?en>Fx1(3J>$8H#*9)ZG7!t2oG^u6V~d#I=l5P!H6Jb%HS z|2>qW-MdAXLnFD6mQ&> zSuXgRO{JRq*>b_S%tpkR=@MCSVnXs^FY%jFi3=HL zh+YKZM^>zj=12I?h#{GAfSnVfTKFv_)}d#K?^U&moumpp8NfpSIFD?hW3Xp|VN0*y)Jp z&=5Mf_uL^$+dvdGDK~dF8~CAq)DL=J#1d(FXq-XXL&QIc_;|9~#q^1yF(|5)qP*rs z?YQ)Os4vV#W#r|t^V12aCA;4mrGy!&wm0-lx;L$l`GcGFsKUy0FET%DDrL?OV1;ker&W8c(i#A`CM2gm5NX3(=T$jtNHo2u=Va&NPf{`5#rbkvUospsi zufT2$e@;%u$N!6VU))`6#<$}UY%2nWFc5k!g;)s1yp){)4@@974v^@O54A)3o2O?P zLN{T#N)l^{)qUmXC{#K%sXb-Xm?WBj<=Ud(;( z5{!pIEs2?BF6NpLekfMmkyB{G5OiZ~)Te_YC+-~;NG=wnCy)))wLjx$113=R?L>Vj zaf^8Ob$DBwh=@T%$J*NFhTXaBR(OMYQJr-If@x)xYZm%J$u(&j@}-GtnNTztD^V zO0L1L$UP;Yz`U(oU}sNS@ea2~n;-1Ef{CI-Op#Me>8aU>!3Ue7+jUD#od2TZZJHhm zS)qFvv7VKJBmo4Ju@%Dl+u2p3nLJVCE*K_dqfU{b1d_`gZtj&`+|rZS!o~>pSCK6P z9)??24!!O9L|>%s6Kz1Ak8&=lTFBAvQJRoteB|v!97p3-fv%D}kbE^r_uUO1#&M_=4!958q~(#d_ltB*_*$7<9`=$zWXpnz!@~LmA&~D zACbNJMek}TVcddG zutDgODpKzdX2{ZUL@2E)V)h_Cbr(vbRu-cSpv%C%jL_tt&JF0Ep_=qGr427`N__?^L2Elv7jGd@;9rt6)4J8f(H_3x7>z0p@&A z{J5_<(ery?RK+k@cM2)FMF+URDBu7AA-z&L=T7l69n^Aa7>uoZoM7xOgt4Ch#uQgh ztp;O4-hS>8fy5H?vqGR3MF4jh!vJSpsHHiaR=2tptDpOhD{t$fcrj3@h7<6wAnkWa zK_T;ivt*yhIm-mjxgY&g28Pdi9@b{%Q%wJVS5S*VP!_V(1G=T)FBzoF3-=>OqT!w! z5zBTd$A8v?w3*HyLbnjNW9jlX`ac5EW61RY9KI!K zIQ@S-XE%68$Jm~he1fzs59r$4v@pHR=>&m`PqpzQA`I;-4rWrqB z4OdVNT*+7>=$4U@T5e;t?0%1G8Tfh+sAYmyONbmjMd3~B?l#D)FJy(TrhKAr7n5Z| z0VX@`K_aqW$OOdsM;tPMp+qzNtZ!D;^;G5>bA-eDDKV)BYoQ5RX}JX4ZgfX`_g(B-uvkjs=If~er&O!F`Y#MXD+lPH+IQNxWQZWINh8Vd z>NG)`gr~I_q6bI;uY%O!YqZSos#27GXArE#6s=jO3vb@ z!pm9Z$j2%jgC=AE1nC8KDgOluxd#HYWDLhxgGUZTLybqVRgtE#w;%9c=vV48visrO z_2UWBKlcUM8TD>D>gfIGR63*n_34;1>Ok+uAwTpcEAs)?^#Y_%Zau}0Toax|j53#S zga#&0pxC1+B(rlE2wWZQWz2cDJ(=lJ@*=iOlbLp33oV^JgITf4=G_TQ**q?;(@py&78=cMB`z)hZ!6fjJEUW*5>;3Eu*VuP||)3xvq2*w5iT$b(Dj3cayvsoe5SERgP+>!~v@KNZn& z@zS>=)FTe!r30y@G4jJR~H{DS$)>6T=~~2@``LF$fa_Akp)B@~0l?JsiL40SN~t zY>+sPuM!|J8tE3Q#(yd{;+U?Qs(WJKfy)Ulji}&4uNnz786sq9Jgp9`F}6M8nPO(U z4*d%2yKVqeIN7JL1-cCnXS=h!{3+1~oclAF_&1R)>_F{NO%q; zI>OuV9gtX$InyD*W6rgZNWsK7NG!sH6V+pw7>0hXvGC=PxDOLqka!GV^#ibgZ58f? z5r?nSz<%&`8rZ*j9o}sERtKz`ZqV3^kkY>x?UaYFd(__QoPnqu`kmwDKGMNZ$Bj6} zy}OJ@2wHDQG#ZpQ6XO^gW=R>3fZV$?{&0>1;Va?cA}o0cG$xN{6Th*j6=n)Q2gTkU zr$Nx8kobG=9ygAUc=veZ7P`zeMVC{R-ByP2Ki{CLcplQq0Ro*90LPMTW1$$;hfzhN z8ywiR9`=A9f}neTC*A(EWYGo^3ki>g&r-TKrWKZ^Bbsknnz-!hvq=Ac4^2idkJ3-T zuT9|mqA}WX7++t>(D1Orh*t@Wk@d_H0AA2 zB8$6yjGq}7nKisWcf}Hd{%>B;`0ul>EJNs7R?<6(O+#l^=A##Mo2rAZm>ZwZyrAFs z47yrwe1@K~VAJD>$uoJbC6><&Jt4yHJC)>d@X{CIk^H97x*gsx7{>}hr2jaEPg198 z(2#n+wj|3I*Xs+wZyKgy`r>WqUns`QmM_@H*Vvm|z7BT(dTe0BF#6<5w)viX9F@!F zB9}3UW_p`&vBDn{qx0o@?M}sY$RB7|F50`s^m{vsw}k6X;jGj6Z&4#25LhfGW&NAl ztq|lWFvK3Wf?UyQ{un~vFmYxrX+lX~s54V%pt+oV0RAE;Z0DXX4knFq<>Bt?3>TT{7MCPGzQh02>7Wr=j!Xw8N&=dPQ-OiZaK>!0WHi>hNkC+XAn8 z3$orqmzEaJ08uRIM6q=M+(GrnXzB{jEK4(%+nc zia3ehR}&j}@6{U3@5r7P;PVK0J~M%ym*Vp!@ccV_PRC~qvGg5#e(-Aj{F6N&o}it7 z-rwc~hECx^A2e%wal&DfK^M#LTnH_JJDRW87Os&ItNsP7x)Tc`u2=X?J;?1!GjU(Y z1cW|AcQozOE!nSGBb;uIlFI&UZci#Z*c`D&;0q!&?&<4+KyGHO4P*p@Y5P&^zY+Qs zayHS7P9}aN^(@Rt=m6{faZG2Lh#HJ5WD|s0>lrKlEBoSe%zB-D5yW%``{Gvi#XFeg zU|Ff`i)Sz^hhtmT-M%<2_bmIt#suu{9mQP$0v)yPVTtkgKn`iW&d#j=KC);^Xs zjb&wE))toa7RyS-thZU#T9#$PtfyJlB`oVt0EqB>c%DBl0wAGztVl7-`W&-nu&ib5 zE6&Z<{WKn({&W&}olT_An2S0FBKILwH^2wAP%?ZQhO8W?v7K93t*II$uAdhX1NcoO zDPF?9+~LN7Gg3VrKkf^OS1_}hWgf-!HkMw+Dh(F0N^gy>l*Gw{C#ljC?iNP;f^jX3 z_*3IFMttx%jS;_XoW_Vx!x2o!$jii;S%TWw4bg3ooa|+7+<_llivAMV2MOb}`w!lz z4`{PF*au0h^Kn||{}Ww~#L!+R3B2!eL5J^cptKFsGa6bsyl&$^)S)}?7Gz2HD`-%mggKam-HA_?W2SCExl1NStA;6@{P z?^UqDwaUg#VNtknf4^01ibUtmXybbm?^EK)yVA&;oKl^#b20@XP#%LWvas(cE}3EBI+j9`G(w8Fi%GdWdzT89Fi!Is)B|>PME|TE8}};puQX8@H0n znwb^pab(cD=S7+dTDP*MPC--XCbp%ia%;KQE$wQ5(DIUhGUy9fR}kI5IgxrZMPoQF zc#LiU*wj=p9~q7U-3Lb!dy%H5X0sQ%;{Dj8^a6O7?(BumyBuIIfOk1Nl3r*&Yb;yX zi+nZpC-x#g5;vx`o7hQ$^pjK-5c>O?`p+K}NdtnZSNV(~lm15M{_FBZYbJ9WX?@sBIk&%C{)r=p7-*&M6eeLWXfHu%mw- z@&o$_x}i~1IUJP~kJH{s%T(ret5?IOoFF=vZ5=NvIzB>$ODfCR$G>k>icirY&SR^{ zE9}M*?Rtfce9t14ahcvar~^K`VHMhCTGiC0_#tD3AlpH;jmuC|?;L?{XdAecc^Oel zlg{45cVqE=$~J|BJW{qbw>YBk5HlS zhOy&ErO83D3e?mGh5Nwh?_uP2|@T zYE?E(`%A@`HQ}#5|KF`g(LY*`cREI|$NNM7@p|}&w!0qh>Q3>Z*JIWHZar=ka zko-kaOEOMdk|J$MMrcctQGxPM)VdrULhDlWU)QDRAFPX6TbKS*Tdm9A`1jW^kGyEM zOTO9emhVcRPL75dyzZfBCA&r0kq!$|lFn9S@OjCR6*;D+_JJ|D19xpVta8hD8{lit zH2h$;7;wWPPl~Kaotj#o$5!NPx9qiwl?fCi6Fr8CK>jga%K;3Q^OtOdnVe@AfEIc$ zg;!IQ&a=ocG1pfc7rs*akOk(^s77QmczK*lS~-ygkXn!?N(r#W2YI;wWLeB58W4^q zDoIP*5S8#+A}ZmRh^U00A)*p~oQO*JVInGFKM|GCgBTN!P89FM6dfquu13WZJjZ-5 z_#e#oTS?LL{ci3*o^N07Kbh~Z9%(b*FVFmcH{X{P|Nk-Ht>F8Kznkx&iP7^t;>y+Fr+E-#YZLiZ34i5CgH?u^rzy1}sv< z8GG~@m39hczm62jnl3c%6=v)ZjAcS`QwYj&4=+MPxWh(tbrR{1(m1|>dJ&?)S9jMr zq(zO$`UfV}DZia0OE&*!M!L;eimDhEIizU#^3QO32f*~s`%ItS+Wa=tyF~Z75?-jL z3i*F~N82U8j!n4zKQ8tP16EE!o4^gKX4xV}W`-^q;{Fyk=yM|E?OilYD2%>G+#|R%!aoWOMh7gLj@^1nxFg7>yPQpThG|8ho<4A;}r^w=RJ z?)BB0e2qq)45QsWf?{H|SbQ40QA+d0jjq)~rQliPW>GIdM`n1AD31Z$x?Dr8vrW;c zb#69DQGxWWIW-jT#4V?%!<2e1f^Pu5g2*7s6Vsy+?5J#pV80UO8`G_@3Ro?_*+h8u zM{n;?n1Xt?e!-ROXXkFr;SH(A(8%P{NN1YV)SoX!JfFTTDqcG44_C5=eT__c+io?g zsc&7%y0sfe{4Y092P<9!xEXkS8->q0gxZiVnpG7qvn^Yo*--#rK%l?j#6AV9!f(!E zvGlSV=wu_s+Xa<&Oeg)^!X5@?)J08d#j-T?5?e{f5rod9vkrVJ^1#h$Q%beiUt!U0Z74O+3$M9>D+rTr( z`*{Jh^4xlH7CX-%*BO-s>=;%q$R;CSl_>V&Tp%%>=}>K4J{c?UrA4ozCdPlUc3+at zleV6$@%=DT2qdQofv#ynak=4Dgou(f{B_9%xh_asDevL5G|UT>q~#YOu$H9RwEPuC z_`5o-@fDcDlC*{J$chwX2-3$?9I^%Y8AMLQJ3jhw7K;~ErKbKh5RLUq`mCZ#j!DhR zt}{q-JolhdMv$e_3z$lIx*(?jtXOeGc&#$1rmlx?rA9rrP#ba<#mFWRDQ8?GezeC;wmS7KyI zT;zs+xKQ_HP)N5>KMaDlnYIyEQiD%aSzyhFR4M*($k$mN@`NJNHPh|S?vxK+zP)3+<|v*jl5bJ~e?`UYEjMYYUr{L)u$%`2Z%8&WK6zLuR#fqswd ztj%6WE~?+ldjDO&Vcx#zr1krg-v71VuXe&F`f|&jv*9TmI_kl7`*$yLB2uuBUy&fH zmAtwWAx{{|z&6wbi;iC{?_kE$eeBgky>b3`LR*R0sUwa+0U+Z2f?Do2e(pQfom>7D z+3*ThC(h2K-ZTf$FDiOg3|wQPf-u^*SwR~W9LNfeHo-sxlh43dDQC2GeW&GIUEEbvx}1^yk!W#3Qa~|PzQ^SB#8Te zqp|#KWS30Ra5z(Y;UpKRJgyT~1gi&20#mFYrKNHHcgb6yJ0q0diNT&*+5;OU zoo5_{Q+^jAkq6Fu=}8c#Li4QH$1_mMDUY+!3Oz{y`40P3Xn#Fzw@K*|a?<$nAT9I+ zT<8Q^Xm{YI$U>{#=P#h8`ix3VJ_|ivVwCm@`+tFACehdk#cVL2^CwWTHLTbfEN0S+ z#j#>(FrD+WsMtLOGN+-*Yhe;A%><)v;8J~6b{^G%r^qhco#B=aJEX7O(l%+oL!Oi_ zJMHM6D6`sO!*rDn_l5iHGs z*DNfTk`qRE5Xz{jcV3tkT}UdhOS}tFOGCNYa~^%Ak%hd;g_8eP&+TDrTEaiJzJ46PwIp$xl*Zs~?H05t8E{>04j zBk6W~$@U&3E~Wu4-_U~=6CelHlUx27aTCzyeh1ph)B2t0fm1FGr6LUF868lcPh8B}O~4_ZIB z)J##nL|?f%vghp#Rl22b9MW!FxhgiThXiRW%qUm#Wg2aibTMxmUWF{#oyO*5!bmdR z9#5W-csoprOTL?7fh?6+wpCWzss~}K zs=HyQ!p29lC4{zGU#$^aO{Gt~J_Xf7eu0ZAY! zRVw56ALUQ(bM`yxjGMd=M(mU(FXW8{*_q`qtI~dW?1eRs#mPh;M(#A1)F?`aVbuuR zaO=h`AR!hgfjoKk$!dpmq+b~jOV>k20D>}SUgcbuOHv)Ulj>Zkn<6sAbtBB01n?me zmKJxH0TQth)b#pn}vY+AqV$qp@~~(@HN^v z-(!gFxK9r`jKSDJLEp+8(l3sF-yjbCb6lX;Gti=Iqj7W~+3J#-^Y+fWNsy-6qH~#&z#a%&VE1P9{ODXQi-lC-l95$yq$A)jt}&D3u;M| z&ho&R%TsL#o#725G&p5ikXFVyf7AR(_+XFNodF~SkVGw(0#=PtIx37hQ) z`tOjA`i}MuEXC_Bux<|%J66k=DHh&W+m{dI10o=S9dJRJk_4;k3z{Jd={0Q9PQIuO(K2b*DM<4$jS!c1Yig(l@?8U=t^&P!$ORpjVvKZHOkF z(ieb`01w^xCZNfKbH0*x0o@N<;UnpLLE1H%`*h-)CSNl*{}RGG)a%R|!cvV6VB?(9 z3pl`;ytKODM}o)0p%oZ#Typ;AYqoi=^);t({eIIv>Djjx(Bb|$HPj$&galuC96}GY4Adv|A6A8I3Pw+T5J7}1Rf230YnT_b{%Q4l!er&*Z z*Ey@*K-B}+bNv_P=ne*G{D3p12B&)2bg@8!~3?L_I{}$Biz%pM}{s^ zxTX6~tLjYNxA{lZoT52F8$6IidWC2lz+A)0crF0+V`?>esk`s@1a=)0B%xS@aO1sp zLuidPhTpsZ^Ze-1wGEyJE;EfUI&J0rZvq3)pWJ4sMFq=ZV@w5?+!KYYoqwt-P-zk> zH+3TE4mAoeH3xw@y8`1)F5^BB?rgqBZvHqb_5>?-28)^WVsWe(-r)CMM8)pyL_D_$ zEc3cCO!NdqTq_vMH!?SJbsCihip_mmE=tv6nPL-jf?_f7f+&*yhuvF-m%yhk#1V`d ziSBU?IurS0M>eq0Bgqqph{Sr@LVu0ty1aUB^!JXu{XkF;VYI1182#ojo}~cMMN!h5 z2HcY%Ic+X!w{oEFI8e=Fut+v1$YZiM4ZD{4y=ZLWGY<*IMm}@eLSmn+I%n>ZP66qq zDK!0om^m`N+}&(?Md?d={lo8gL{WfY-aH+E2`vj*eMgLv6_*D9$8#y)P+&8AGG;oY z+md-a!U#-C=IKZi#66d^OG&9uK#w6j`noN!V^dd*M9n?SjZ}jK??5tfRJ3Nbfyt^E z;EkjX=sy20A#jxy*`Ie=8Qw@m&O#9r72)QKP=wS{ax&rc2_}#hK%#;oAPIj-N`;Hj z4~B1R8VXalC)2`0Nxo%SfdYgrqEv=q+1(lXc+C!Jx*5jT!{oV)4Rb*3D9tUS9B^D8 zr7qUuNUw|?=~o@7i%g;kjH8jVKF&WM(I@uL-+}ZyJPj78c5MH4NB1uU3VkURT2byT z`_(EHCbQ07&N@5r+-tJvSbM$AWwKZrI!Zt=-C!VZ3Fz>ur`9H{1nKVC1-#Hpc;n-CcqDsymXJJ{3%mk!u!@hq_(h;|kN>AV~Y~qxw%> z>rtVgx(|nzH%9GPhmXpS)B#3 z`#d8>c@#Pm@m%4Q$EG>ut9v;!%bZfR6Zql_9MTTKSj8KgoOyd4TtOvm)Mh3B_v0#c zgtdxe=)=a)9lKA?pBt6qe%JBE(R zn48Q83XQlP1uF&`1hvvx^1H_(?_Y_J?yt!a0Xy z9Y)(pUwf|PA-XBa&Hoout}aR-wX$2x)BoI59?!$b1pk{aC7&u-~A*eN0%0jQ~~I^%&8NRy`kUft49Zs~+5 zH6T4|rR>v)5YZRkFEQljj+s%^{q|pw_UJ4LsbUhDKtM7elM94E*D*SiQp%VVljcA7 zn;#ixg7=(bIg{^awkxX8%3;gD{~Xh+)Z1CFQ2Q9#_Ztd`?aXyUxyf_0SbVy#3&AE#&ZpOpU zIWt_+{Wga*0YD~Ey3gvCW=`RyY109uGRWz_J42piS5vRCu?IXX!}BkfoG3$S?G%hJ zUQ8gv`JZE*p_5(e?x>$|IW*lFD$sslz&P%U3g{S`GATr^8sr)ItAPtv0QVTJ1s8|4^-VRUo+?wOXPx zCm2o@1IZhq$Jb$xQ%Hz&W>&VRQ3GtU6?s}`$v#gW-%xI63+GPr^6-@Jb;C#Hu}U_P zjy5NyGv!+7ogdl$a<|gGg)<{-t09SSmnb+LK117wk(y|_NB*Fyq!H$PjaKh$LP;mx z(k?d!60a4?6th$g!d74`%wq!(gF!$x-JpAEQ5yK=h9q3gr)rrK9L_P#m7ea{)9>ZBu9Uth` zrf%#I)=z#CqS}ML<}~2T&~UU_Gd5+Og||8i31KW*XU;yz3iT!nwD!=(7IJ=YyGbKr zP-WPnrRY$n5T=QoS%(f9sBtFggmw{QSLMce-K&iwr$O3^t-Yrk0E9RbedCbb_V9GT zf#D1EZ@$sS!46hvB+z1bKCCZh)7Zmz(6>%IP<2!X?t&U}8p5ue8hq)}Di)+_s8K}f z;I>O!a~jye+rjVv?P~!|qrY@WPCIrmv>dG|BoNK_YW<}tZg+A-sYae^=cR9*nP2i~ zi{Z(^LrLCu#LPazc+|=fGXrfvuZU<7Y@C2%L6Xhf7ajsqC%2{?GlwI{p}Lf}SMx=U zM(=sU>9B@-JP1_4%yX*&UmbOplzE;B$3Y4PR|_bR&#ZG8`DEjSUc7N~I=U=doNRz9 z%Z|o7jE4ZxkktcSY$&Tu;EmP8k*;v7%ZHDm-=Gz}5&|_tg&!~QImaA1`yGk9xHTBe zr;hhEnxVFma_?<^)qC@nQ{?lu(d?Z}BleERP|}%|f_z^Foj(E>X!-XYKwF9{UexU_ zo1Hm3)YK!1S%xs)p(=#e4wNTwO?JR*HFZ0@LuO?(P!^$h8=8v5Sj}l?KL|bd!TP{2 z5V7!R9d>LnYfY!BxYkh{0e~l`Av8GhErT!MO1`@Al~5J@wa)Dff6a5#LEiKZ37roBHFK3H zcM&DXFSkN@_!n%%GIPG=!jj){ZG4UPIoGRhm*S2sFQsP_H|E6ml&X6K zw8L4-L*>!-(%iZ({EE(KXJO=5Ty4aJ2@)o1`IAxT=pWJ>%b;Y9TT60etfk1 zilTZH3cYn3Zc-6&D}d%6*r#f$9g0a~>{5X%`ex%f?N#Xp_1Ew*8ge=1#ko$D_@ASY z1*bUQyChjmcJP_s@Og(3iE^WU!4ob-$8}<6ki@WEEUbv4!%GL8nT_1CFnLoIq~k(nxz@K$?DphKw?_3XNT}~; zGt|yZQ)&e~uq#KOZL7XLu0p5hPJ#}L@;E`r{9eF?JfO^jH=zU?!8pMwHM%k@;Ei$< zW^ZS$bb(e-Y^LEaGiQ+?BaLz4EG%tCCrWslXgmT_oD0+?9|!>|OPpoEP&z;)@qJ8Z zJhkL>E2k#(G^_UG8G5xrHTBY#YJslh0)Fz0#W{_dPzvDi>5SOPJQ=59`g>*|5b+Gt zm(jZ#cqfgfo>mq($ifj}(xH_U5!P7A58|-(F;rBV=72%uLTB>ZH_B~wzcyl)dmS^& zy_%WjUM0vANLMk+B`-yLLR5KOA><`_bC_AKBW^4+%k3x1Hc`&Ex@0~d&90>~fd4qU z#GKJ`iJ5Hywg1>2S%y`s)c!-X-z@F7v-W#Djs5P^e&5u7AJcws(SEPien)A)mubHy z{rm3hw>gFVF4cbT)PAqlen)A)mubJ9wcq15_Ip(O-JtzGru{yk{obklnzY|vIrdww z{eGzZKBoO%t^JPDelOF0n>%UkX}|ll-w(Cl$LJT=k5*2$q)yAC@KdlX=Mx@Qt07mN ziq{+ptpY5FAf?t#C1YRj54Z$d8NQy(ZY0U6k6()ny9saCtDZc706WMWA)^rJRW4*! z2?0-eBi<)fy9mB8h-mfRzl1=?#q6$S#tqX#`v)IWfnMYUS-p-xzELV0>l;=MBq8Xn z3%|qiWy_%@7=y(Vzm=XVEfw%=)UWfb$_Z{=75yLf&et60=?=ixg$0|?I?w2Va_ZXz zLreZDeLR-SVLZNElPA8C0%`b~O`a~kW}|0Zr0@;Xw$5B71bVMG;4BUP5P$OOJ%_1Z zf*gmFX@YsA{fXTo!6E-V(^FAnsU@Oehd^8|dph75Cizk=y8xUkxPH9xd7AGs*a1sv&9Xefd- zF@1_lf=*!!+gTJHTRHJH;C#9cM)vCfdoNE$!>2Ok*RN4~?McsI^RNpaQTRb*sQg}& zU{I{EM60y^UrP-Z3Nr?;TZFgtcljH*mE9R_Tf0aj=fSiV{!uo#^0vL};YfD`3Qzlvp7K}&g+brZE#A&P z%byEj_rT&6-Z1SZ*ii;wqe+nQV!J#sJ(n*DegdFdbC-;*CtCYqE1C=-6rAQeRU( z=dU5?y;9oC8Yn)3jdT7{^f79=kCD%FX#9v>QH?cEYj+u7+i+ zCZA&+MNDsNW;hl0)D)PrzZPI@xvu+>X7vZk!0ru`hl>EYxtN%q!KF-0&pwV6B44eB z54TN0`X_Z<58sAP90D8(|1mK{PLWN38>O=1BQQ($;-=A~#{kfw*X7|)7!1MrV}{G{ zGw)^#(1DS@#zb!UK!&k@9Ey#c@F9qFm!v#2qOzk>^Cy3d;J1-QOye| zlz3D@t!>s`nU}FNrtkg<1{mlTJN+ zUId>vj55RCzLM@oGWtwyZjH1DJGhAR---pcM)m*OgIXhgJj@^(#9nNL7vZNP^+Wj% znEkd^-jhWLyeoV}FVyPL9c(kO@>B_APK?w_pWh9ihgw>qabAac17llvLY}e~ovL?X zM0P@F`4}8D=-0#1}_fJQ^*U7^qqz~+_lk^3MzrH4rc{vkva=juRJp@hI zgOt4zW))tgn<(O*nmQh2En1h(cpo*S>_3n|kpTo&j_@y#RA3{T)YQ&q7XJ@#TL^ic z^jUN6MS>3qa<&WTg$JZkEY`(>b*kPDzJ=+tRnGq`U6gQOvNaHQulb=gr2_Y53Fek7&=UuvPNh3Kr(z!EH+lKM69Bsb=jq~j^4_cf?d zO`UF{a41UGFOIX=GeO+eFzD%Os>ej`etBt|^4I6bF;=H%0;=r>IAD45fZyYM_n<0i z80%k{Z5FU^_eXCI}Kh*CA) zZYQhM9mLHNxWQyAL%&7@u}x^b|N5`A#P;v|1g#zIcXNU+`+ZI_bb;2t3hjL-6Z>6h zWWPV_zgqt52KM`|mcPspTmEZpT;Ef@t@HyR(vxZ326U~d?Ae7oGM;>*mOh9~g|n`ow|dTR^<3EMc}lD2>9Nm`R%$)1pz@Mao6pwL|@SC$}9J-N2-|RGL~T| zC`%ettm6X*w=OvaK1en?RwSngYPpbC?ftdY`b~xoJLMiuf6e0V4!Ltq(COdj;Ko%u zGY>6rI;769-VQm%X*^VV0yvumb(_&~fFtw!yvr8;$QN%#Zp)dMw&Z|AO5tUr(FA|^ zOaotOWEvs*yayln5DQWjd|v&MH=UXL`ICnnQV(7>IP$6;oU7WAS*9u(YWp~i``fA0VeA}RQLFXy?_1oRm#X+Or7v%+;`cV@ z1o^yb?uFpgt$1&{P5D5v6bIbIY8c}Dp1`!7zCJcmhNWn{9iY#@!WOW7V)a#8qEt`ZttSE>_hpG(mzMLB{>rE4tkvtW>50enSD#19=!u?g zEg|cP-}JB0k1HkC>4m2@^kE5)Ubs?E9M`+?jh=HtPfXBX_16=-L@hBwZ>yJH_?X^S zrJfk5mszRj1ofQBdWC!S3fE8~YQ2C?0rNhjC~t^2SwKC}rGi=}s5@~dS`t8L0>q8{ zBJRh;(Y|4;44#g7B{OfQ_cv1iXfP1*Z$MfKsPcTanSXTK4f^*+`2JCYCkbQO!sh%f z8ibEDd!T($)FA{b88*^$NgjD#kdVw*J|GuY3DQW zebF$}|8RWf3DMkY2T$Stn%Yg zUANILSX53&~UzSFAbLVkT5 zS+%L*D|x9hv<#W3El4+A==<)tvSbgiDYG2%#yYzEtuAFnIxKRn#38v)=csgQ_A;HC1wBqt+U<}kpbh0Mv&L~RGiVXTg)~x z9-x1mj%!xDwQCZpejJ%qIs2gLaph86&OTnMQ>NVr3_~R?R(3niDO&prVdH~(7u*B; z3gE zjrj@I?RnU3jNk%2_hJtlmCtT47{b$NWy9Cz1RVob;`nijJ+SvyvdMVDMpLj1X99cI zpDN{9rTwBRy_}-mDz{^$iB#yWlXT*skDlDv1bN~~72EYt>}bwD$Wi`J9)&ak3sUOccR6v%gOu zb;g~5c=)1Uj0i9;=q$Q=(-Dn19WhPCnEMTm6-yQXYJoitlLoMI*%uKEfL95io(#eO zibyYL?_csgVS;ccehaNwJVQqe9klDhryYMZEyZ>^6IvTqg=1JNQV{phHoQ9RIEIxn=V=Y2+ z5-!eNn~pR0Gbl46qBGKVJ(P-^2HGbLa7b;9+Q{L z+2PBz2%H0F$*$o`d)xlE_)8`e2xmS)y^A@_4WZwt{^T6Wlfe8Nqrngi2FVn$1yUz1 zzYYD()iCZZw^Si&j*Nhq`c5SJ?W{m8B(2Q9m?wt^G?Ba3=;3(Z!gRslNhp%=rkruD$=i3W&6~B>?7bp9 zn*R(pPN+WyheOq1XeI^QnwUOJdUPNZUu*MxjgJ5Wk78HWnpuUeNQI`gR+d#5$uh6C zdy`6n3o_T{d#?@K(AndycXz0n0hoFS6&}x{!D-H{tJcT zGK3IOHm8%DH4$&Tl`H4hCKz1OuQWpV<_%mpPcq_e*j2Pr@S!0NO+OkHe{F&m?29fw zte=9{HR3uUj_!Fxd*!_gswquGfQcheV8LC4;YpA+r>n5xm&A+WN5&seg_B3wHNQ^K z!uzB}T&OXL2>Khayhbwb?rbGc4tj=S)cfKxY*4637w< zHg^oGh~50*APiT&P?R4|UrS9kE7b>(R;|{afnSEt#mW+TX711)PRH&kC%ah-cU?X=@l7z zWjf2^DoCQyba)ucCO06(*dp@e`a}g%2VRTO`>>=^)RiVDoYeA#;47OY1bSDjARQ{M zT!-#f!+N^kfy+f%jWC?`r7>AQL6$4-LKnuUrHn7JjMW%jrVO*PW3t}GtSK>B&tg_l zOx6m>a_0OPx*5o4JM@{{g;D$&z_x+)3_(6Uh2kRDc(P;teY)h!1^F5)E>{X_C{bcK zq{M%Xuw3uWgP}=a=WyIgCQIXhmEJ5(+QAf-#z86;md4R3O{tW|VJW|} zG>%6(Lg~~Y)YD^ldcWtJ1QwqJf8}X*?C<5R`}@%fRO_iZ-r^|`iIl>MinDuMPg7y;!niL@@Tav$cf6= z__f>}E7-LkXCQ%%e!Nxb&;`alMqqCE+KTv-qWJ`j)~}!qm^A# z5ds~byf#L;#s&TF&DZUaz$R6xRQ}AFR#Lvm&W?Lj)gx23i)cQ!hgef(LThBrbT#BZr!+K!PjJ+ zml`@n`d~eSTOMYI$~BXs9YzbjN_*%lgC>^aSwCK+lnWNHbCwzmR)aDj9hwf*56rd_ zz*XjIz`Si=f}w(L>={GPqxlBjLP)~yJ>bhVd%aM!FgzEZr*8c742mTS@(td3AcEok zleQ|4Bes&h=hoe@0R6TtVfHD*D&a#sYg8VG{S9B=loJf!j@9%Qe8Kq@24lD<@#B?5 zcETMuno#cQ<6CSsc(S7Um)_F9oEqssWY=v(ZY}(W5LoVor3k-^O_d^Ikn__>s4K9S z)ZA|s;&=hC-UxvSgv&p%QE!q_0z9Vt0(}d=Sy3?07=HPj@eeePJzw{r4Kk|cN%ywt ziWe}2gIl*5DJ_Vm`A+Le9M)}uy7K)*7GHgJ8E@U=Sh2t(rMaZ(x#-l8yo^%p_0Lg$ zP(9s>Hj~H=h4ZtU8p;6fex*H9wt-oKRVwEp5e9iwUG`KWhBhZRx$8(yE@D1=6=6>T zTjMo`sHWwW*{DT%0$FR9bZdGx+CVT7rVKBbH1g6x5gO>(1!r$rQ6l;M19595CPisX z200*gOQ+pHW4G-kiFOE{Z7zT>T&S-+s{FniabkEPjHPqyv3Rb8POpNx!h@kmj!UY= zIq;uGAy-|7(-iK7BV{5}g_46Ek?O(;@ODKap~w6-B6wtdqW72+wN*^ARBHCKU3MN+ z4U#7hTg@gX`kLaHGgx1f#p})40c4;Hw{97BxFpD}F3&!M*E754z0e2^FLcA}8QO3> zox)S{UO>@q-W4T5ud89J(K7~iTOkGQ$eUtak{3;nA!AW*K`vUw_NVvHaL=3|1&98? z=&$k0;pdhl7L`(2&k_t%wYt3M7|5|DJH0dXb$wA=*V$jNp*UfgQ1?-|8%b^xy18mp zd>az9OESs|RK8UBgXDwP(+i3yYc?dXC2Cg2LM7E%zzL{O4S5rQg;N@$k_!$;3G zzmdsZ47+kYX($QLb{XYizR>x2cqBYtMT1 z@X%$a>;nM1-t#vg2=Waf!+BJ9RvyI^bWz&kY2L9g23H>ABvH~6e*F|-Ul zEm#o2#>tgzh9+B;kAV;Z!fV5Gw9+r-1dG-)uusqwNxt<6`-TN|+`30mbI?$p=>4&w z+~mC!0pj9)3FM(&rv2=STecQ{NG!vXkI!I84a@MWWY7DozRb9`EN~nXC zw$1}OgMC2DxI^c%E47R%I;*`-%NV2c+plRESLjUlYAvI`&UyQ^jIKg)MG<4Um3vv9 zrvp%vTy6Z(2K#N#Qx;&)XFDY4X+fH#h{&t4)099lV}YG@uE0x7wBlz`c!U66Yj6hP z7igWc3Vs0yoYn9JNt}`sZHPN!EX0X;pGsa?O2#&PnlO~NbN&G-C~9l`_HpH|ohV~! z{PrJAh!Bm6dE>u0PeTt+x;UZ$krYmA#;4@{#^FdjgrQFaGia-N&qqs#6pmgY)E zpyg2|G{RRbe@eT6GzPd6GYm#xymhXUP}rhHp;ud&`9qc*cgrPCP>lvCeuB@?b_;y^0HDwj!CWo zV{I;AS0JYj<@~_dS#BWHxPOpDQ(P``#jjKYmaG&igNP)HRaDV)kLT5qAYX z*Mk-ITR?#T5+{H;#0%8Lo5O=?8$W}KVTJ@|>%FS(>CQ2U-}fi!>7!oNtM^{Lt6tI4 z2Fxu2@r{Y-P=0b1jQyiaOdTolzoGI{X`4w%0Zjbs67Yy}D>q$27q5?25N+j2NIH-L z;74=i;-bC`sOv*UUH%v0xwkeMXQcWC_GzdU5Qll>{we_Py96l(XL}PNk#j_~-DD9) zz{{K80|sbM8<%Ueft_nvjGgnf^+KM2W$~LDqPGv~6Kj}~AT<9ORS404Tt*RVWN$m?bR6? zj`WUUx!~O%pkUR56b0*gYwTAD>?h)HAYW}nKG5F1lL_p__^=HKfi`C6{NM+6G!*7w zeGsW|1&-nY8-|i|*ouHdeG0%BHGXYP0;W-dndtTUtG@%`A5_gJ(?nY*AdOH4`>Hc>^c4_bbSL^=o{Z!}~;jcgp_ z^OjCUB9EGfMYskPnTF6Vm|3vI!bG^xu|7-3dRQ2$jWwOU9a#tmm5`Ug4|c(>&CL{; zn;+q~w>Fb@V z{!v`Gr2!9Eud(}a-0JHDO`~XGaX{!ESNWs!`zma%_n`Ci%yOd&bJMG zoZ)1$hTsJ;)bF)*Mz2HdMz&qu)B{@hasj1Mn+<` z5nb|KSXC^V_ETdP>6#2~mx(g2^i!eJ`#=xibHiNajd+TRjhAMB%A4~DA5Kdrs`EKs zoR$tlK1E1Uo}7TJl|onx;(Ia(envOpgw9ZKQn#wkuI~W~Hr_{3@VA&8{XMLz{eY}G zH1AD-@lH>Xa#bMBZ}$Mmcm~8tS2Y47a)3(Ht5BL|uvK)28COwH3R@_r2m~e<>)A)U zNzXKs7sJ2T!TKhQQ3bhYm{dp>Zf;E-8SgVe zU!Bm;JJ}59h7{)D4$qfNI%evCAXo*|UVL(}2dK%om!c-iYFuvzTImvR@!Y_KImjz3 z+%23z(F33T41C&N9rk~T2d>V^B=UVM%J<8`#PbFd+sXJhECv~Wa0`|316omt0LBk5 zp>o993QArXoH(-?Rp&yxD(+!p0qvrEFG`JOAkW{yE;I{v8n$^s(U3m0+p+~42!O)q zl=5ada)TugI>aEk1p#LAvvfg$Kls>#j*76xdrmGt=&CB5&r|K13N5#IlCWB+^ga~K z6Cu^>v3Uh>3?Xcv*97%OD^eZNnH^j0%H=UQCC|Z$3;tl)8ql4$CWM~;qe*Xh5!5w< zefH%k((9E!6AV;bpo+RvYch0gGpNTM)$hxGB=`5h>r@G^4n{~Tc^a}*z2c`J<%H{b z>LB7wb`v^E;_3abwb`iN&&KHc;SBbUniN1gfQFSHV{%R{GhINuxkR*J$nu;_mgno} zgK|4lT_9{#Bn7A$a|VmEWFE{y`W#|LInC^t2ud{ncBHewD*C-=WDymG^jk*_ycA9Q z{yx=Rse=%$(yWo#ak#|e6Km|KT%_8-zw`+M!qk|?``%B` znP(we$3a6fkgh`$bJVO$jeJ23Q05~?;c-tD7pM)nk~AX21~~`I+mV+;v-nL-W^9&x z!+xSF$Z|!qKU2sp<+pT3VIrGBSp0HPBU#TP#!M$q<2}l^qd{0)`V;K1oE_pt3op%t zB0u~nV!Vno)0G?f;s#|L|D1A-tN3jti=lPMZVj!eHJFhFbf@&Lh(b*tfu4%B!Vvm5 z#OpAfXEz|5k*H@rY=OIjtoVO`t;1ww6ZTP-<#6#z0!M*=KkPrXWua7q1MwJDUhk&t zM03@mX`cmw8T`Q-=oIIylZVoPDW(w2I*0ywTXsUE1v|Te#VKX%F`{tsFaH zFmWwu%T=7Z%5C01DSEO2wjP_%YVz3$3CL#=VbkY>COFg7RDQzJ8_A@+DPbjENOR!G zKAP?ky8UX9CTjj!X@=OS3?|)kV)8N37i2iMK}%0_*J*)1@)FQk8e@&^dzpFMgnpVj zm=GL{@Sek)o9Jn9)H@y~Dy2g(3wxdFCM)OvhH!*52mH+t7flNh215ir0o#A&x5?A`02t*a zHdKKluVxZIdU|8ThGEZ}g_grDbyndD={B{ai%%J*^NC9^MY3!O!R|0}NoL*7dmG5w zerCHF5(J<4#PEI^O4+5GmuTfSa5m{ve%$z=#xZgB;7P7>3QBVlq9TUza=}yHH*o#U$GOq1v5jU*nsY76qGcLBesq z44S}08gz}$pdAEjKhy`|MB9 zF96B1?%cX%4*_y@l26eEa|0s(1Gprvnj0eNI@;$2H>KGrCZnabGiS=sFaXe6zjc}au8(ykZ@jBcs zJxO~4`jDeWK`nfKjUKg$Dk?CJ*fC$)`-t7-ndSfkTqtwU>O*AeHmZg~E=EDr0Y}p; zU5!@DtyZU<^Sy!@Z|$c(xJyr8z6zRJW&GAiG8X)9rT#nNU5zHCxHLI{lFhIzMmBKh zSm>A8n3wKi)S}$1(qCTJ4Q0@VoLPGM+ky>wcCp3z`Y2;NHXzhMb2`Ltjq8(Bnr4TZ zbAl$kKkSxAOLiJ~v{5gHcE%M$xpWu@Gl>{lWbO`5su9k7J)B$O!Wlu~+yHQBHNW=D z4WySLvS^Emti*A0(&FW8XbVvFm>s(cX#FO5E{lrPd7;4NqRJr<&!r#g|%4BY;KV9fL6V`4Dde;IAabd`P`R^UAFTl$=0EQ$6V74)4Xm zTqTsP+M7sE^DHIG*tFv0t-QHzQuM@LvmSk(TV&Xxxz}pAnJYt%&|aJ2=5Xb)y-9{U z{glOfd+F~8^PJL7BYJp$lx{*h6^OeD&3+5wX^@5|C1tP00PUqNH>h?v-(203U8HUB z!t%E+*rr*>pZhF3ikmFAn;o_ApJHDHL-rAu*i>Y$6Lu?!E&I*F*xc~40j{biA=94l$nUpN zH$JQm>fQ69LU#ABW}LIAXN*Itqju>DQ@wc(#I_xQ+m0@qudZ|FM+ftmAr4K?Yvx6?A~W8GRwM#L~Ozf zO~{Wx-8S)@ycGW*lNaItqp0G$0p372yxiXn@cI@Jc=jR!&kD8g2`mTnz1>#!p3ooD z+&N#lQN|7HC~#(M$uhl#>`W$j5n;#ds3zg=u*Q>c=~V2@8KM_EyQk4G);6dH(;!0x zq9w1dS%5;&<+T}9z~i1^?;|ND&JXX&H(1o)zE(@u9d1G8Wy5A&hoMZSuEVdz^&VV7 zJN(uativEeLU!6=|8&x}>d-F6EeoU7EtG)_+!jeY_&Bad0X4m^Ap1vm)x>2)fm5!? zmz<{)#6S*to7M+(Mc;OhUzEamXQP>PPkO$Ta5~!P4cj07)>WKP={AQaMUT70f96ZG zPA6c1E{TQSAPa=DX)eto!&^)V<%d+e<`*Nx8zakyCPyo9;E(;REKA9 z`ya7Vg=QiVqyS{BV=m!Hij(G0XiD2s)HJ)11TNK{IWhKgRrU95%7JrF>MIRz@In1QmV7z+Ckixj%M;jYc9r z4~-y~knXt}BSP56XWV4mq?_o5Y!6jFd(NPibRs22ZqhNG6a3UMrh|Hz-AajtgNUW~ zNh`uxpjrWuiy#fp%b!AJNR=kOH|j`N#X92#FUBt@1fG9Y*Pk~oMq|Bs`C`1@V2!3I z4lIf3g0`tt0Ng@4C!cTa4ig!A$TwXyU}98U*yEV50Wfjse0OkaUeUoha=`%Sz=e2l zm@Diz0H-((oU@3@8G1O2jBxJg37qgiCQhv=|D6<@CIVRA((NdZysU$My3GLntG0O1 znFnDcfi9Oux`VSw565SOBgBQ1Md9QFoV0G?SoClP8{zcr37qnDa5;y&gY*1LdirlQ zzTXlRkv9*VMW@UV~A&*kV_e9vpPZ7wZ7t_)+VxtQE z=f6M<$lske?7!=*<^t9|Ie=x4-gk04|F#tOGMEK*XXES7fkB9cTfip#6PDhLa?cdl zJf7?(g(KfAK9sNus$%7S;JME`;ZTzBv!nb%)bpK#+xbcEtV0Q&lX9MgmGyyd{nw*r zg86whD5W_YEMM8J2gL5+vqRY3) z|1IbHh`d-{YJ(CjLFF>qBJ9@s=NcBTUE3tn3XtI7#tF2ONCU@xTy zSXljJ=&O2kK2Ih#BOFc)#iMvkW{HGed=7Uv0Z!K9C8lj92k7^kp+7sLAZy(I_2R&e+=3TKtxlJh{DNS%dZ znAW!@&n@cne%wy-!pZ>D$6)osyd|w+J3Rk@JnuuEx02@%p}_*gK}h30&e^!K8put# z8n()iq3&8shbql(4sBkm4R9m5RCj6RbfLg^9k25&)l|E0x^+`jZ8X^A*?KqZkhpHx zK~xw#okrBx;`l%^jX>Vj$9?w1^@I$jKrT(w+X<^Dp$1z*otz~~nYWgw<4s|KFToSv zQ?ho0-cvGJ^#o*h8`Y~zC8BR>Ox-s`gIHQC^*q-l3a6yJOn=b9t*LW}`yJ&c%>_A! zJtfp*R_bx8j-4aMNy_Zl-Oze{cULhun5FkV1tEWqbUEuH5#JSO8!FMfRAlyy9(0 zEg&CY7_^{HZoPmjQt$p5tX&o|{S;EQ+J#I%An(#p9i&=xVvo0r;ZR$=vRg(z_!q5qK%fF98WAOE)WkIr zmqb8QP!+1N8c+$MBa0%43xd!spac>+Azf28uBbEPg5x;iGH#<7bcA#Q=>!l0C+Zy_uO-O803P7x(?9!6dPcHarL+8 zY2)fI4lZw5*i6l{fejARYV~Q$j0>(E`oyPbaA|CC{Q)LwI7f&Q#$GAy$=-!xgrK{) z(1Gs#rw7B4e~$sfw_?HYAKaffRQZ($6r$o@9+gsFwRAui%VcMA{t7G7U61;Qo8rB{ z#q?%yY;XE;e?sF^%tvpEGxOM{K%5=c`uaD9->ll$6m_MwPmCNNbH1@Bn09t-uh5^O zHXcCNsROswjHpVrxA~+~%vDI*`C~}^q2oTOeTrDG=2=gY)kX;&0xiyweFAwX*KVG` zMvr~HzM8^0kon}Y24t~@#Mm2+hhk%L7&_e!)j5w~_>_>EpRIjCNF^w%_DJuF+UTOI zC#|B8bxpq_)UQbW<@Ju6d+poH-l)EPiG90xR#$td?)?j}tyU1RH;BcR#(@Mi8{Z3^yWYNYT`R@PSnrPHdVD)+6C_HdBj(F%$c8 z7ieQ^{K2zPbBm`56s+p>>rotCrZ5;Kv|kte6DkO6zvv0muVQeqr8A-*N3(5#s}t3N ziA%G{Cf27{Z6}-Mvt_1eeBYuk1w3o$^j3DpD*oPMp_csky=VJO!;646KLrqiq7|YU z!nGJHbOxPJZ$bOFC&>N{9lq8(7Ljw1`Q#kL@c?Xj>c?Kk^gukiqr6bP2aFEagzHC-+CJ<=k9-=7t>>oi#JTR&wFeixELajhVWL#|gwBwZ@+_N^BMDL3wpfQe z{+928LHFcEfzjBftLqZU2a^qt%**yK?qf5HnX=8eZG}pmt9-QElWBj$#1!`pTqVFF zJi?uZ<^JJ`?t3T3DNqmow$Mov`rF!}p#v3ysc%dn`o0ShYzkgZD66Bei193}lW}v@ zIfhKr1;c88Tw@~LFl_{MaXItW!ZwM4mmm7XFi2Ul1dZA0+x?ppO@aFWLT57})Nyf) z>0L zgV-3m+AWhs?T&jywNcEj67sA0SE@v{mc@z?@{jSa)L3guPIAukwOb}clcHF^$o@HN zgF%U_7S&rOV^oZK2hY4ua?XU3M;DqLd>22;z|v97^u40GQ(yfOv(<-UjgscboFHjS zGAGNPPhz}4-(SW=p+a;%4x-T5@SfX3@AxT3Qq0F>bZqK7)WCBTAUG*F|kDxrFZ`_%2y)_`EV!`%YJ4*qa~D<&k;eMSbdh zn#&6XG(g&`$2}Z|gWHy)pVsDpi!C;CO+LD{LYF+oMql!XiqB(0$3)%E4@!@u6K;Qp zBFgdEAD7U@$W3zjPQ`Q0?_7pS;iY5D!!_WS$ImCZMNd@`A3njfA5Vm|AN^V@*k$|j zdoZ7;qK)b27mfF1UIDKx5Q7Amtb%zolmPrHQVru7cuX;jXW+4tWdLGYF`YdE9jPG4 zxvFH9J!1@aLlt>(VYfo(1Bv5rYgJTdfuhcoF>YW*BUw_k4dg3sILBm)cm%R%|0-*r z)Dhu-z5#D*=KrejqkmMgf5ZR~sK)DAhn*~S-sncFJ6 zI)W6BQ0Aq5Mon0D29#~Bh=(_eV*tz)HI%(q&i5AZ&(@+t{%5QBC(cebnF=zR`SKKa zuya2`1(;FEJ}9g71cS0CU;vLGE{FzWDt~m4DO59G{*Pq3i#uB%hF2zC70h9zucE>5 z2NV<~U3_V{&Q}js*4PYA# z9LC?QU_kC>z2A$-wN_vj8`mo5Q~P}Rv<#Znc{BifgTCScgcb?*aRm;lr1uotMvIM&(-~rq>X~wQOm0^lpNpNsEGM z-&Yv5IEG^lUz~@zB_MC{L>h zUyM^7nORYhN$|J_#?+>-0lC?z@Ac^VCY%@U6#@(P{q3{RYUQk`-X2i0TVRu*J2}{9 zHnqx@-JqyOq21`#qvDaX5K=0bm)In}Vk*3^J0IJ4&C9zcoP|!{pG`!zUW8}ud6VH1 zcJ*?Dd0*5g#4bJ5$8gp)vrl;C6!m*0`?#FH1!in7ZdnE!c2DMc6i4H%H1g+Y;NqLw z!;@DzIBKvn&ZP^>?{l(i0~R+q`>;)mt`lG~>!3V_v>$#VTz=7D1d$CNduSH=GfM1VBjt1ESCqKq%;jyeEKoeptBuXU_?>-=8nLad6b~#4w(} zy%V05yUz)2`~IfTe)sP=<4+=}2cHikC^`F+x-NL?lXF6Mfpk}79hwJ4&Cx#~i}nik z5!W8Ca~TuCm;IH+SNpTu;;E}5!v7#j0`N&LVf=tVHs!<7ruymc3`wHbtb)uLW{Xdy-#%-JlQ&A&6yoi!E5c$bxM;qZf<>c<6Fi!_|~POSWzm zE!pb0aES=o3gL|fXM_n1pv4#Hhw89rdu7eJ2>I3n^GJD{!8|1o`)^`ssoM^RZ{ME@ z_4rL^|LMM+`zQLgXCR>x?3@1i6VS>h4ZZg9n}?(O_{4|dK3aYW_i-82=f5-kPXhd7 z&qe@Vd!Dj{n2#0%lhF>S=F6`bNOXWNQwBtn>k0ZB438jkA;f*Tyy-?$|G51a zDFf#s@lhLNmQl$MEF6fNXWVPRSyzOD10WOTId}c3Atrw-n~JEhDC%*8cxBhh`7JQ0 z7IM%;js5s^WL#>ijr%q{v}?|aOg$p|JMTt-_=NGzgs-%UiFCQEmamw0W-Q^G6Hg8* zE1^e*gG%V%dGH48Z7pqRU zX8&3IpGF7$pZa5TP}iSUnC*Yc3LFitwW8Ux^dk>33VYBTLgr5_hXVcwQ&F`=C_RG9 zzgx_R#S}u~x1oP^)mzDg53$aGj1lpUvA}oc8K+e&rtk>ZD#L*#D%n7aKCL1LXR>TS zB1W_(zo6B!T9oHM3qRC{YjUpDp3g8EzuRd1Tx$F*D3%w$j?p-K9<*QW|0aR%F&J(8 zw!j}=WON(SJM|Rb=IWEO% z$BZXQr$GaxZu~?U?HLBYmkd+F8cm9TsI`036K98;wjBsJ?L(($AMjE9&kE#!s={#l zx;50T6!f4oA39gvNf0rkOTTVm{Q@k>8Qs(8y&39TN~CWOlD!9`A*g@C6$fab&#_&8 zcxJfE&+Q3wwPrqQr@o6XZGYp-UV|wg$^4mpnHa(|{)hT@tMq@7N(bx@&%*{7rvJ_U zk=%&!sQ~cxdgcA$GT$5umqDkZerJE$R?hzZzwpKeqX&f6o7X_GAVDhtD_s**Uuk4I zqU>LXgft>Fdy}l)fot(X23*%;Lo@q_g$J&G7*P9}LaHUJ<270*R~~@!q5eh}w!IPV z!e_}i`)H>}PE6~qh7(iCYB(|7XvMmWXd|CkBfC+PLQ;Z3jrejLJM2=9Us0COZI|Bu zMtGOT8H;|)De`u%@!-W)9@76q}k7%Hk@X0Q7HKLYRFuP>ohJ zarnf#Q@l&WyFc*cAC5Gu&FmbQyHi%{T7`!T49XZV!+Qb0cAIKX7hFM$qR!D}Rm$PZ zUu5f{s6_6|E{#Kr-LSofPjZlzh?LF(OWuhmxOOY)e>{={V@ukWqt!DyPi4a4p}r`U z|IEA5d61nu+A0AZE5o~q1}${v!o0(CRKiz@KPzT;j_943;f=af)y2rSQ~2maztD=W3E5_nJgmXfBSieNq;&yyn|Nt4a+~8 z46hso@#t-~&vTgK;c@un z$T3(!=f$o(v*Ua^Y;0#&jtrd-_mA-Hcf1ix*P7UQ0_U8fJx>QX6}=tcv`20)*#@xt zmVG$p`x4iPDqD7zpWKdl&h7XG(WTw0U;Z?D<_hEg$CC`SuV{00N8w23GqNJd(9JX9 zM%^4y&yW0#_SY00gP$I7PD9@B>{XkfqMf;e~pr(>1m}NJ1 z*x#27W-1mLJ5c~R4RNy=+8JSmcb39J;kMiHwEDV-vqLR)TEoh$LDp!cx8qD0yB*{v z=o<9mN!Tj>Ixb9x^h-nB0wgYgM1EyyB4gnXJVWzll=VNunW9KqclGyM^VrV*hf%z` zZ+JgmnHWXW_az!M9it&LnqKybIr=EUAS&c;5Gn4?umUSFl4{|isYj(jXaEf8F-(gh z(?GQArPUF})xVy0#q&`F2s2LB#LcH%Z9&I)q*`_jVHoXm299!#*vvWl+Jattex0+$ zu6joe7dKlR7i-GqHal?G3Tu3vmb!VInp$mCJxWd9JW7R(hK?r0seE_`dVH)11w=!# z$q&e3d;1mSG-2`Js;5$h6(+=S0XBjz_W~Zh;uCK&M-J1aBU!ckMr)54G6d? z3vM^Ki_Zpx1e0%w+AyX!VP-6I`CB}(M@-Ysn9DPuaTuQe%~r%Z4>DEwkEZTYqQ3(- z8QTTP==zu3RvXM>mgWD8Waju`ATyUHgu(iXc!pIO?nI(5ti!B&;@O1hDzOiSQ&QMn zX+Od4dLjdbp{L9-avSM?UQP^y_Hhh~+Z%IMHZ0x{tX3SRyE~mjdDr32kYX&ndLO0kEZe+2mGWhaq=xM&;kBDD8 zc`-(B%G=AAor6^^LYuAs(M^XMWN68B%c6$7D&xVos~V=JC|#fM8rp7&nP|LqXXYXV z#TXyVS9=l9Jo-A>K|PXN6<8W^y#}L4v$iLq1}an@A$!gP_h;j|ANe1SiyCQFSQvr6 z{}%(>(!~A*^)pZ7Y{}b>;oLS+mjXA@eei$wYO95&6&ehs{8j4Y86isK|8aF{7cRt7PLw5PWArV;9r&t-U;|W0-@4*0jfgGD}(?YZj z`I>pC9p6NyKGhLjV60f`91$Ol}Mb-H%vRRQ!H=-p=%)LTDidbwPG*pbkTm?;&0a6`&Ir$xY zalu1AB>5Kx3FmHtkNyYP^S|)>H1@mRmYYaQ3H>X5}XSAucSPR(~?lbCX`w%zVqG33YiVVZ7;u=A%?_yb@ z6xj4{gO+n)PbKqJ*1sih+^@4KnxGTqKAAUo$aTP(4KR} z$VcY?v%4cEb+0~ShHiYmVBGjLY}v@WT~2u5 zRXL4oILGx!OuxbqPS-h$I3npwX-aeObbssL%)zhMG zB8;V*2qJnNzY(OSJ8jHQHB@d}s0kAcSJhOrL8SG221I*7=M`@tp7|XJ-8cCo{K+#k z=^}Uak#LW)YjK9j32?AD&*TiSpoQCz!K--@JA4fG4(BVz7(R-(0RDOz^E;ORS9Dy?KOGwgvUh)4;b@lSJ00h#J7TU6RMR2} zcysI*5)7uyGb~`ye~(S}Xo*!o4rwJz+k+cmX_s#zgVU{o`jr&6sw%q8peZj9P4Usu z-a)iwT99`v7)WB7L0$_R)?UC$IHuu!3|LR|WWW>8S?KE6R|2nmMY=BFGbObdBcog( zq3t<{P;N1Ey5YTHNI6;DUIDpewL`7dZ;*@&rw8@#C((t|bBz0^UrsW783YV>f+^v9 zFEKQxSAS%Ry3LNm-Gy{no4H8Q?zhTXX%l0YF-T=aV@Un!A@+PyvZy_Q3o2=1<^(}g zGAD}K^HW$DJrhhQlDY2h+-@WdpXP3v`$t!Xff)O2 zp?1vK97c8JC4TLgbfKh)b685o^@DE~G~(ZYkt$7&=OEu8AjS!@uP}v}bx#Q*a(jNQ zogY;TO+9kEqCMZh!v8vXc&@XOQx14_2r=HJX>}zQ54dwmHinTUj~&C$w6VAwvbw_t z%c0~Sv+?8W@PNS^iUL6Txolve#--RadpfExj^CIF>s*)u{U1MwtnH8Kb8p39C?Wup z20Wf4Q#L4-V+@HWi^{4NkL)3IdE4`-XKCXc88*+InO0-V&0m!We6@q=&f)#;XEE0e zCg(s+vYcpGhc>Ef%zW8gbnsN~pN*aXR$iZI>ft^{n1bt<-`*`Upq1JFqhl`$LYvW( zzt#wzQCL{=E&9R9tSS`RjoR|#oudes6twy{M?uMFOgnU)tlcyL>CP4Ti>=GD^FO2L z)Y?E4ylE6a9RS1XSdf zlJWhcXA+GV@Ex)`#)ttwN|x188B9KJ(LZ=PG0I8u-vfWI9rFkmczSCWej{cqMu27X zoqzB-RE4(|I+C3>e(ltrqu#%?irT=*3P++Zl<^s(Fk_BOsTa-!j6NSVP)urmIy43< z`bD6o8@&8JsT;iXCI6rdP&9cmxwIYc4FOJ<@}Ey)D-$&M-~O~RR$LjgCfw5v+`{)G zv{GbnE-gi-r<*^TNc~g(sDBfC>>t*jOf|>WhlWu}3o)J@Fdty0M8W?DN!z}>f$V13Xe~QK$ z_@4rd=?S2!HMSjF7%;ClQZBLOALlCyFt_)oxXQzLq%iy`GUTYZgzk&5FwiRD3tjdU zwb_V|0uIuyHrVkRRJ;C)$UHYPr{u@OapVdBio-0Vr??VT2=7~voBe!vqM?J78km10 zsg7MOG87(z-vN?45JR#l_J?oPdJ4)gz4L;}L~hm}2#;l`u3nTZhHiVR%LX#e?`jY7Oke1@V*1DM2>xVkR60h7LdHVKkcW@T0EUlWTZM5{aBQKsuDA|R<(f$7dVZ~t41LMN z&`(Jene4Kt7)|ecm@V4?cAJ$&Q-(F6CqD*ID_OkQ#K56ec+{lbOn58lR)g2u8@|Q3 z-DH^M*AnLwan^%;HHJ~ToOBO0x@V#hP_r>sM}q2+b3?9JQjN?F=uFMH?KlF%!#b~J zZVw_CehmpP)s+|LJX?+g7R#*EzuMSW7f;{#~$Kg80g%Lom&c>%iz}* zMnz-tu?xAAta>Rd7v97Tg}UgOK4=4F&vJxmfRh4~X#QMu0Ds@k3ik3T_Lg{WdY1t_o^r%J~gpKBxxxphh{r4fvqO(vu`co+p=jDduSQ zE-KrI*kRdNT9o z*50nj_j*6xxaBKqW0G~>6GU|{lr>(P)b+Y*^p)lHk72m1lBEkx?2H}?gyj2jTq|wT zWNq9%dg6@GJw?9kX;MjFCu&P4h}x{lwl4P-x7rx`DK_pazB4v_JGD(x59lNE!ai0H zEF|ga4&%P!EqUSlif`E1eZ_2myE_$6;bg548XI?y*eya8`IF_kj;n@Y+n;=e#(mbn zcfI>Zh?zOOuaC|%dYn000smhg1^T#jqG{<6L`KQ1z!|c3BgWja=v!cyAXC(ZZR>?U zDt?@bU)no=)K_IaVqDtWfw%GFZZ(E8+7+lr_9@_r;vWPIz5|&;i1i0Fu~PD`pMz6J7PiFoB9zv`C&2 zw+`>sD%m^aeD8u=q8twVWcnjtDlvCz*B)h_H~t&(FGRlX1-x24FtQxz_}Oa= zpHj#4d?&l3jGF2e{cTFviwUMNB;pTX(AG!DE;b3-BQhg?u%ZO};DxO-vrSJv8N9G_ zD*JsX^ltnX8o%p}-!o@L=L^9v(+7x|(-qhU(*Ywg!&kJ;iG-h2GH2V=9kRN49Ya21 zW}d$5A1Iz}lxv=h`7e0kb20VbHi=#GCc2=I!a>(BIu?}kn-`p^cnUbAQ?N_%HultM z{trkI?DEPdi0-@m27Jqi`y%RTk1H5wBLZnJ+&~ z?)jTe%AWWywhlo<14pi?*)j#!0nT|bNLm*Fsz)7?rwAQT>rFhVMlX|9XI3CTx61!- zqPWhiS!!_(ly+VzsT*a_xph#Pu>Om!=zW-5Qk#iv-EKua)^sSR zXb-1|{3qKP?4arF&3{MZyC91zC%8^=&c3SGb-==x4Wf?!8i%h|G3fw{pj?h|B4Ikp zPO>BPJQ}J0IKAbP4FkrKa4k(W@hkVx*Fr0E{>hj5h%qYpD~q(eC%8Gknty`nb+?G9 z#VuNcL%6&Ti@A=hReoVAzmi2t8fOL0U$c0rs?S+f7#YSDjAM~+T|wyIRq(LJ;+W>o zWi@5~Ai(e9RcvGuCk$EgQOOAC7}G(CVU~E-H5;zMFLzcahTtlv>9MyO`M}1XRa1F=D-HD@?d@Y zF*DM)HIcsQtrxJ4b=t3zwPB&jNnru$U-05wKU-}D5Ss_PkLKxKvXF|Ir-|e^GBi() zOqe6*#cN=BhvV7DxofO^S#FR*U6);f=NXy!0v`wCFNUqgk9?N{z=%J($e9O_Wi%Pw z2?Moyo%a!2w?n@Q#vpUeaCSb2QC3#mkkGt9vmsx_|z)v*v+Q6V$ zPllIm3l>Ko?Ra%HSR1kX8ARuMj@^N{+*TQ8KAIcs(O5;jCv)!d&q%(biAQjw2LWi)U`1^UC@_*M_;NgGfVMgHSjpyr z?p0VsTZK~?tXAn)P$y<)1o~onN+|u1k$%WXPe%tj+0`<)S@DpOgrb&{Y~box%2$-* zfkU=WyR9XQw^XU=-ElV13>saE&1{je+y72jMPS2(^e-|6(%meFTeHmVxN zL2LzH_HC!L+s9I+^5D`36!owW+zwz8I4frUf*U3EM=8H^S>6~==5@l3BeG^5>q-5A zV9|W5RrYwW!eCm*7_?VhwvAVRp>kU#^)QrMT4z&F$r=MCjX-G~9XUNc#MmZpV{}*5 zCsaOZ_<#1SqBElVFvE;nQ?#2>Wo@)If3x#^Px3(ZrWDzG(1KVmWvEdDyG=OS3OPMD zbLy?B@(kbwMl=A5aobU~1I5*PMH^9PFAq8w`}5J~{eJ&d*l-BwF5CpLH7+9zTh9V) z#rgT@EQ2u1rLkGe{v)SY1LL$2P5fGd8o^qj5i;m9aJ#yJA}XtGvqJM*k_RhOz%4t$ zmrbIThlW;F;qc>_=?hsp$=XX*Mk_1T&X#%-PF%vHlu6DZ%}CJe3Ys0Xt(xZsst^aR58?8Mg-w$W77R>`1xMHk+;E z=5vizs9;A~(d&q%^;aQ-ZN{V&K^vE90}>AlnE?wasN=#bS;%0)aURTsFNb= zxae{$i53->Io)e@Y_KpOfYxffdS-*Xb}q}ug6us>|RaB^;fS3q%o=_LAGZ*|;g z*T@CNbvB@W(5+PFBUpb7CN*$AAh);mrj9t`t8({a1%0T31A5%Kh(!7l5@~_B)b{5zLI@RSjU_jjNXh6 zanZo^n~*&i>KPZZDR#`UakcjR&iS9)xgaqf9eVP4l;r%6O}#VIYSTt!qUZXu(L~|sVW_wkm&Hb z(St-9UEnO7$wWMwu?G6ufTmcP+=_=ZDePLXe#Y?^A&Ya1`t+q5Uy z+fI0EnBu?ooMXXm`sI*3U1SQY(`TV*eS2#8{-t*Yw@63=j|S3b#o|Msq;?AV-!99M zJR{B%b{v(p1i**CGki!ga4_wcQG^S3E*=OtRa8$x{-q7nO290VQ^`N}-rq z*nL@;r1jS`=y#k|KMNlyOf4C8Sn)MFUM%WcJ@MJloo@QNP&)MNT9jrNUBR#YsE-B!oqD; ze6}>5A0R34Ti}xxrO?fiC4-5MO7D|h6RLDZAr|!ij`ARg00L?gg2A*A<8k#J3S?bG zSrzR;T{*T<-d_s4NY6A?oT% zH=4K@S%m2d5BE6#t7B#4u+v~$Nxli>B@#Wh1=9*9WRo-m@`$|wkN_-DY5T-Y|D4Ic zRGm?syPv$dlyq>;G>}H|iggoNr2Ur*SaSEHAA)O+eGbshB$;4Z%Xn7ZZ9P_p^^Ejb z*dA0J@n~@u-$bJ*+wZsxpuJ47i0ut&$ttYP5hl0td!7gQf0dD%1atTWDr z=C2W<7lDD1{bUPnwC5jo*v6JF`Jo9ru;k~ln(_lp!S}cTm)^vtdbgoa{Ks*`b)+#| z4HJ)u^D{+l4J1P4hyRB*l_(6Zjui%@<2A;}CT*53vdLeG(cdPktI#w*w^a$rL!X_= zfCW7=+SEoMHRwt;BQP?S{-b)?&vg9%BSvHpg2s9E%1O$Vylo`9@pjJcR{2|&UMhbI5+r`@II~a!Ut9O`rOWUp!huBZfq~GRpzaW$Z6T>1 z8Wuw>qs-<1v=cADG&}nE?eM-nNR(t%0YP8#CA}`PP-!uopI2m<^b!$Oea*60&*01B zEhJ506}Ie6HrJ-dWKNgk|3yLd%BLgn)}sfCX%uuVz#I4)CH?$bN4BPvuXeRBTX+ zdkBxbYbe&@nG{q{xDJ~I^;f}l=#;PAVPSHxuwFJ9Llsnj;_}%RVzYDTXH_2kd_I93 zjJ!S>S7HMa0Svj;Vdh;=8gWUlhI#X>#`WadJ`*7$`O^dT!xzcM2zt0hdS@egyu#&724GNFdX^WTJpNk^P%r zE%Ku}WS7@s%iqeEp#n(MCVEzj>P~2PKCmMlqIRd}UjllY9JNPMp%c62!#wO1@@t^z zPE1`Rs{17TEYfFzK2HEh2?7tzg+_CsXfMgQ;K3R^ zZ!e=;qbhwGrHL=C7W3N{BnN4Hd>Kl^@WJ`HJ>So}cEg+GnKVd(^*HhMhD_AQQ^qd- z<|WVI5n}$Hb%RJ3J9@8}e}Yhe$QSNay<+y>`8NoaSX#<%RO@i!nn!t(2f4gAiQGO{ z#~@(2OT1^s0+Gv?Y0v+{`7i&?P?JZ#$<+qg>L^>ekqvk%0)*k^2nWtHSl{IP>YiHg z$`sk_&kFQmpLXc5Co8`a&i%5-nNirH3c>0K#9=oTm3=>PjH?@oiii1E=GOB=3QTIX zjeoB}_WqQC!D+I03OjxhxSfLcr+Ak)bL4F|z{u5xg?j_>kerKvKgwf4<2RGXQYE;m zF9O(uN=5#YW`WygtV=oCI>uBhEd5Uwbo0Pxy0l9D9VHo6YPIer~p~NBFrpo;||P%?a!g zer`_W*IMG-LShsF4zjO{{-aO3=~EN@*8>01 zry5pQC;K0LdY{#0e4|e5 zF$KzZ4(aR<|HIdD(1P)fuQx*3A@INc9KGg1X7)y9heB1IO`R?9KYSesWsP^VsT}|; zSlHepBvYwBh#IE}7IY(G5p%tz2YC2T$gT4pu;h9r*a<**q+G91dH{X3ifWx#A1Ef( ziNNZrb%M8PAmkNFn=p}b`v*!%ULm(0aQF^C)>j1o<<@caVs5=a8LW^B)dfvK6Mpj^ zfDc}^Zig=B)?J9X;gze(t>f21CsHWtLKEaQdG!>2ZI!5Q_a3#B9!6>@Ci#-KCjs}j zQ~1nWiX`EhxuqH1@Qu1nDE$#N<#ztHT_Dj2@5c#QP?1;I^-J;~{5c>cwWufI%dPsV3NQDfX;Qb{{aQ&DdCDlqehx(cDHBU-vhP)KAR#3l%bRhPP zkO-|c0dD^e>a=3RP-mf5wjQq-7WOS$i`RuQzxS7ZFiM1Psc+e}csbM?NOOJ9dyk$8 z9ZC95>iXJ6bXb;Qn5>YY0+wqUjD zv$;A__;M8gdl7$olz%-Ve_Wbj#Mk}QYItoPR)+S?uxl-O?gV7l=m~!cB>9SkfOx7hTWYDXxV=TJf!@? zeAyRN$iRZ~oaJeKe!#p1OmShoUMS60@sRsX_AG2a_1Jo}zjZWX?6&yY1YM3U^rb=I`d0 zKZ~xGrZlQkbV1#&+K+PD;-Mp`?)N`G;T)n zn>MbVTq@?)V+e9&{)4vQHg8ipJdUHs11U*$kr!*^C8-V=hu#XP4KZa9t%0;b#Ttf5 z`Y`(u7zFkRx>~ugNb&T040?3ajMO(-&~{w#boXsRIk=szJw3YT(%3b`EKjD_z+%wx*Lq#13a?(k+{givo??`)6+)^ikradUEOJPS_&9Dx2Ft{rH z;C09;+Yd=7X4jKXk!GMnyPEj5MJ+HyD+ZJ1P-) zIJc<_4`*y53BWqMk5DV%^1^+=PK2nS7vKv(CBOwUXy%Dx) zW8j`H_>pysAj!Rq{!SxM+JWmhKJ*yMv5@`}goSotr@{q6Fi>|%Y6I>?D+)xoe^m)~ zUF#`CrA2v=f&D z*P`438!CLhr#4FJL0B0hH(%j^%<3*t{b^W{K5WVn#S_1H8Dh|6x59aE2p&KHHz1i# zAGdD(bNAJh2>*d#J7=D#Ww<^k9g5>&;yU)246dU!aMi2`zp)X6-Nc)K;}`}U$8~}m zUWDLA!F31-eyx;$f=MD$`61^{8#7%;sxM#QXUeG-++sfvs8g?tY0_~8Hn*$C<~}X&*4$e-W>L-Pfr03Oe^?X6 zKg<&OW%d-2&z4Mlc5(A8ewnigI0;}Qkbi(t00rdbI>{sVhiBea2cI{%+N${FAI32| zU~Sb4B(rE>XjMEl{U@`$PF0|gWWJNR19{DK~>?G=+EgPX2N?gC8=66zJs`6g^d`> zCMH!4lQs^s*Foo@FMw0lz>a$#nT@oS&>!23)K3*|XPDWz6}HM2#%$1|`vLlU6Me3Z z<6p*XY%!P(z6`_dis~G|1;t;gQlo1B+Eu*OpOuphT0E)wkXs>$Cy=rlW$v(sKnVoBd$!%f_ zpKdI?|5t;Qb-B;30Mn`NhIR^MEeSY8CQnw|)GAl8Y;q*(FTRmz3dHMQt@%I7m7%-d zUD~4?A6!^)t(Md}{k~;HP}BsdT`jc4-V*PD-ZC5VFuhf@*WGl-fQYT6U6u(DkO=?A zb7)o;2jFp=8E>^(;Lo&p__Htp{wzy$OD4CSLpjUqE{a1?+AO+@%p&ksP3g#(*e#-a zO1$9x-YO++5#7!N!TV#1l=Q9WE=~j#4`3@MwWv~?YClB;ejTk3-Wo^ELMG`;Y%{(B zN}C4cJ#~0jQNGhL0Y&+*G4P!nCB$d_8z-bq133x0IFmEPr#Oa9i_Fk5_ndgP21N-B z3l}8<0S`O{WZQ9tq55zqxMvwav zMR;FZ(q@|ee>L+@(Ev8l%(n(EiP7hL*=7C>HV5YacSjboIidMC5ZJyYq1gv0RqYlb zSQ}U;mA9gcW9Pg-J*jgRN$N~fw;AnWJ||P4X!1?4+ooe0tYs%jQB=@jg4$ktygvWU4qsgqzE)>>UB`GxOdePi zDiQXUR7ZkVC>!GUiR>9*qk&0XQRPI^puh)sgs$Tdgk0ctzXM!u5^@`)T)^s5>{!h( z)?vjawau$rRn(fQH>e%rusIgkJ(8*euCz+3Um$hrLl#N>Nq_|ZZXy!JAg#+lEO;0CFVlL1Xq+eVBA8+#NKDUic`RcMNj( z)37O~VN-N*Sg{5EopPV&UdpMB1WP3QPc@@%Wva!!G+xBc6O7^aL|UQZ#uUC{Az7PE znWq&W2~0phw5r=-AV};wXn0?Nu+2ue14oEMD{v2YkLKJr#kp@ai|z+t!;Ov?-8UtO z>Q4WcByYfyzdYR>iH3~Ng=Et+&Fw=HH=uP#nB37*2Bt1WTigD@5o z{L@L$vJ5LaWt*{0=C;Y6ezo&6LigfeE8h@oVzO)@kg07avL+0-ES4D|=;q$HAs`vqd z0{;r&Uk?1sfPX1`R{SNVR#%eU!(tiOC>d+3P=-84=BvRKN7q{Ju77E3(6)HVRl!5JK+&7G_G7qVAT4?i1C$Cw7QK>m}}(z-^YeYCE2$RKp&E zuPwL>PBaKZn`PCx8gS>P61$^(F$Ak%l&4Oz9Il6m`lPX=n>qD{##c2aHrz zUpx;RS}$sShg7(g@&+blPY~Fa9#lm_t3I7>X5)y z13B!i?MHR4T~IsK;zK<(FKTxj5!ETW#5MNZ0m#q{8NP;*_tpi-@~gzb^iTP<*G{xy zCw^Cpn|hpsJ5C8)qdMhOFI`Z5C-#U#_lVm0qB;}Sy5{*C2hm%_fQ4225mxV6)RtrgvGI= zSb9&=37Ua+ft820`$6ZDp!?WAqXSic&;hgEa+(fEFy_;Dz<=5fD4Mg9VE^=!pv`O) zxdWc7`O;eINNqfBkfi#dEk;MSYm(l5GFrqW*hXIU1omaS(0wwzNiDGXurDW)wgW|a zU*PtQ@+6-X8n0ObQjt_G4BgDSA|}C#7Jn&nouVi8x=5GfvBwA&s%HEYFS%zbSZ4dL2!{f&61k9CEpa;pR!HPpMa>D6)yt#O2}(g(nEldfOoa_=Onz=H zHr^6$N#dGt;d8g;5|D@6Ifd#2=*9~~pR}SnNxe!^M_B}QEHEfz zlVPGIwFac2CvCwxzPzKIyq_%U$-82&_p@cs9qHOA;H+h?R*Xw8kzH+h^DmMCVk>V% z0+|iGsqX$cigx0~j`8heIOehR6)N*6TOInC+o?~5oH7PpSI10n9D0l3Z@*Z04xw_8!%&Tnuy(Gc|pc}Bqqa*io$<5J}EdI2v7uzRpoQbrxJ8qTw6 z2CMaIbS6a0zWV=gWY+DVkZMIRcc`hrrrn5 zq@!i-bumE;KSc{9p|Xwc%A*?uz4kTo?D4YK)z-%(Pd7aasMY2gY+8mE3-daJ5 ztfld1WSf|MJo)OAg9ou8J>xZWbWxa27wL?)a)av+16& z;?G3LP_%xp56m`Au>}vD4&JuG6uTB#h54C1H~KH5QSTPBDKJJ+(J@s9Syhi2NKQqy zGx5@Iyf(_Jnq_SiMm2DxP=<>jL&-R69A<$PQ()Es8XJDXDQ?kGtsTD1V2q-B|GIUq zwWrQyhC8Qj$NmM=-WmX%tCh90dhA?#FinLFCF8MkXUW?5Q0In0=jfJa6nsbNe*hTn zqbWKVk8_@ZbqCW@QnEw29Lqv8^ay-u#xHXqtHpV*9`{nBDKMR24N3vB3a0JhVMzh} ziki?Qmew>ew59`D-5)`g61yHpnV?2vRj24JIK=&U=QGs7a&%qXD*0&*>}~q1ub_K_ zkbo7fKZ5y=T;84HZ#>)*?8QGZ4SWR+d;pHh7V6%hRsjGcmF_mA@NE0zzS-%xNS<*E z&A_=ZS%h{{A+H6Uuao1=j(?D6hE@T9WuS~+^4a%eFVpw#h?N11|LGrFg55n<_B0-A z*YQw1^z-Q^_UZ7uDTLp<-H9SIPC&z29F51=F!^4`^||}et6V|gv7P~Gt^r6zKC>yj z3)x!8+SC-lC6-?I-MW5%V&A><_n3Y6pO<>tcYF%Zr`!f#Cc(e{KsYnd@d#!rnU!=> z@hnY|UCUBT4gpZQGGpEdyp(Ybp&6Sx#JEF%vg~_5w2=26fKrqezaqG}4Y1E%*j;-4 zAtK6DHy|J)G}r2vl9$rLbQ(#OV>pbIuIpzhTKt}51~@>~qGrYxY{JYepR;j2c}dt{ zxZWGl(@Z^)9Gdz*}gpjX6_lLfweǣsSvHwXAxCsMJ=o`J zLUIJ3(tBRayX=V{a92j}_thXh{}0md`h#@!57IyQgY>w2sI+xpYjzrOa*)L-Z8t^RF? z|6qRfKU4o~e{c0aboBJ~U-75vPw%z<{w=4ke_P9+nxB^5>RnGM+$J1=G^7H)`9u4yttJbY_+5o1Ot*S>9OpB0Zfys+-xxTR`Ns z32bm@keFv<6ccFwL*Mm8`+M;p>!T~Mj(l0&(pt)Tj}8-{_ZsUxa9&fOA@#r5U7zco zu*dk%FgwBHK7JYyjAp2N>`#m|;)!2)56%)WLt6ZU z@EA<{Ha?pt5#Rx@YU&y_`pI*;il|O7UMAX9|n7iZ(09UVeyQiP08qu2b>+@;k{l#nP;j z8KY7@kvK^V+)?b$+9Xn!tVt5ZIWHSc$;hENvOrbKTduu zXbG(A3J40{HD@z7P#ejMLk;9TrSW{dtjamI?5(`JGEyX%R)V?J(OFdDb#i~d} z7W_itf>`sYT1yUOz9~;8DNFb6YY8gc2@*@tJBiQC0FOhLB(i!o1_|Uv7`&Q}VGYaC zeg)=*@XdwBw)-HJwq5P442)*;j02#g)D)RMw&o0ipN`8mg%+EwvtxFzYdjM&Ytj+6 zz`hmXt?%h~yCaOV0*cX#OIa@pST8Q19A4euFBl|f2xJ=h%q(9z%f}n}ypRvt;|g^#Jp}H_o3esw?{QIka&Iv06?j*RkNAJ>?Aaa? z=nr0AzSxGFg=vKdtpdK0(|rZ$J3GG}E~}{YAQytN%L~w0$1*wh8z*VK+Ixij+1DEO zm1w1+ajwb~yi@Evi|O3}1C0g@gjlx_7Jak~JgW?VVN+{u>Ji0rxoaTC#00<_j#v4m zMt~UnsUSjc2f)HOy0{lyZTp>o!TP$^y+fv){ZTI2b0#@{`)?q= zazA5<<({>ZJ=#B}M|n^X`D{Ar=d+9F0Y;rJs~~pM9SRfe-U(L^8(|XFDzBcdO6l~F zqDq75!Kz9bbTX<+nRM`}N?GjiSGsH#KlhqfZ^KJFb4R`jzi1?;c-BvbDU&_IDZGBK zz&zSKf(4$N$9gOrxkB~``Dlxz0Im?p>MTb$O(u-W-LJShBg*Ni?D`ysVdhsX!^pMnR(OEaC%a$ zFf!RybvZPjgVkY|%=QME+d(~Zc2du>LOuImAHtuqt0unIbd_dLcgvh+AMBRnG<$|y z#$e@*ZrLKcigQdT=kG_$g`q1dsSM4_I( zxP+DKM5hC;5t$~w>=Z>UT!|3Mugxa}j4Kg1m4y(OZa|zXIE*hl17k-Aujb1>qEN+b zW=tIGfW`2DsI5eMOqbUpn^#iTv9_16ws53i^g;fET|H%2f$BWBnuTCuX3di=qS_2I zn}{>i-_TSH`4TDA@h(%M?$r~%#6^CYUb9ca^rmpk|E3W+mj*vs@kj+WjA>VnQC)&* zDbN{IqEqNC2*arW6v-thq zS^S=cb?COGv;&>Z@Z}#wK$J2``yGo1kMio`|vE_fVWjNO#YS}eB1y){3UY*^66#R>5`o-A=e=( zHuY;@kOF5!`wMaJK)SY3@r=ChFB!nYC}jCzSDW;;kYeXxZGMlmw~RxEyh13s(c~zF ztgMZ})P|2D--1A;WVb2#P0k&G!Lz#hCu!Hyp;k=&Z=|8mp*Ya)R{<-^Hq~d#-^7Z)GF@g1ZnCRK{WFbsn1QwF%x@X6xNGkKriB-qbN5TRKP%cyYak=Kz1;nFk0X-< zJ{QyYvR@5ndF6rdTpfs>tBGtbNKLA!-z(Y2u}dX+Cg<6K|02DI`I_9o=948jUW5(@ z(nJ0&U~V3>spw>`WEp32%ni>_M?-jq2C*5E^BbMp1B1HFPuq6L32DasU=*R3cHsOt z;-PxytL0Ud%t43L3?mOH>hVCI$aoPHV#Zva95mdt%t<0rNr1_hzewuh(*q~LrNbH8 z?B(@}=1g()3uDEvPGk|1vw4csLde5=B9@w#8@mYO>*@N8?L;zX*j^i*ZZxXUHIiW3gqQ{$>5;}-w*jQ7M`e}9%`{A6kDBj_^axY@?c^(F5=uq z6u-?(WEJ4O0PrRCWjF}|{0h7{2FMdAE?;&LXDBDM=V*%va{i_3@&JB;4WYOC& z(5iaG?>=2cncX|LaVm6f=_!hUx@Bqxd5*>k_31}IP^PL+aUpNkv9q)TM9*ZZck8h% zj3r74?+!EKahh|*yq2-6#2d2JXQO8|>8D=Aneahx7>0V85p-L!H8|DD@-Qndz%`d& zb{LJGIS!|>uioalGRoHpNo_&C5{-A=TBF*|B-Gm9Jn?;mb{(_ zb7ck$>r~(zkDbcr78U3 zC&V{+y^Es`qCgJ4v)Ivl4t7v?Rks8Un=b#4X#Bub?5k1X<4OB?9I4n}KxFneNO<33 zSLhRkZj}q|b(~WKKS~uYa)ZktUwEMeiQnbTfnhf9M87nafm8DAl zv84mV>}Iaczn1aa?~!>>{DHA}iKhI2P{S-fE53Fts;aZe>ps7B#Y8CXF5ip`8KJbR zFj1&HC!$1Ljaug#Ahr%m`F%Z3VXOI=SC@LqP0xqPObZM5rla!xIgq9ahvj zJb-6v_f_d;3`c}M;;+LD@H~44z8mM+%m8eHk*sL(g_PJ5I^4Gfn|e4evPPX3 zk*c1ZssMj5kp!3RHuUeEV&W@AGr54|%ZAfKkT1K+Ou-M()Y|S@8H62c)vy-&|u-@+ma9Hr%{wSffVnL0%F2I5C~EW?6zxjSc_I8I^MS`_ss z5E~TLUZ4+vrP7mk2aTu_crjGn1l++gDZ`|Hw9{fDa#5`(?Vw;?W$02%!P|oe@gkdR zC;PepeR7}&=%Uq-i1!LrNFfgdetp|lK#*`;c5=M>Ni91klY{jD?~?^G7gw~GSUk`v z6M#<1&tYqc1jU>J3+)tGF?qKWF~Wk$pnECCxaL%-==pmSML2A^fm;j``Y(9=0v zP|i79(Pqk$dPvcxOt9yFqo|EGe$*yBv@ZLNPR-gljPmT-2@BVhTd!!Vn(6F;T4DbA z?D@^SYX=LArSzLV#+@7|2fa3~QO@7&JSeL>{2$RA6;Iah`qG$2A`pSY0T4VQ_O^X(-5AJ^S_Lq5XYl2vmpJ4W&wmWn1S11HqhVu zZEQwt!R>tcR3unGQz&R-d_vGC1UK5UxA5f{$W-m^-#lVs3GJX)!J2D>}C&GngKxcq;b-nm_H%Uc^rjG zH7|}iWY3g6LS87{O6h@b;XSF+aM|wsHn1($c=L4U-xx|v-KLe+0pH_lGxKG0DB@%s zUl!olnHUD16xA&tD>WMulHd_D2N2R((MaOd3Y`vbvq)Z9nL)dNjF-|w`e^Ouy!>i@ zOf@smcQ$)uPF;!l)fJ}eNiot8k<+Z}(#-}|Uvj`;0R^OsmF&A0Xp-vFGd@L9xW18? zx+dDn%Q6`M$mFFP50Gw`^-)NtdJ52|pf+co>{*{dXvj-P4{iF+%9fzUI>U;nLY{j2 zMD_LwqIw@lnGesy^J*#rB*MqBzJ|V7$r=O$|E^?Tc%~;>sfXmv51U9k-4s%Xv-4kH zt?3Q`9Cj0VjB(L;Oq_eJ**)HZ<}?`QRW{B?+VsmS@x;&QCwj(6ck|3a#(2(sZ=8FK z8Si*QO%`_7drZ80S%Q07B1topU^SXZa?kDK9^couqAq-}N-7QX6ak!a6FX33y%*`o zPQ0iCSltm?0q^BkC#0w z8>kmbW?neJAbMw}yEu&1NV_SYGz>s8fT-xfWa_AZMixtZ?c~tzo!p-v>EuP^D!DI7 zbhC()N#xh2xH|6S%eG^rxsJc^#dr@d68;bi0!2fds=C{&$r!Vz~<{B)$r!1-gGUy?VIq1 z>r%y@>$+$(AouETvZ8zB|LAnuoorW1~iQ#_7QEx^KD->5-@*p&nc-i0A8q zb%+5g{>!uvLsv)JoWSC?KpAqxuF3IyJ!}%f5@QujPU7p;u?5EO2(6$W@CBnpqZ>_O z{r}fA-lkZERC8GW&yt(N3aPqqMw%o4a}366pc{d+;o(PoNP!0p9}-c~b{zx104mzv zM6SfBA5n35-m_vG3Ux6ikELs085YIOU=Aw)Y%Fi%eq42$4O#0$wsvY2Qm6hll_C`Z zGwrnoQWb4fip^DJWnY~?$=cYI(B=m@nvGH`$b-p~ECxDIJWfks=&UEZPS!p9W5%H1 zJ;3gWL2dbPs(}+UiYU4GliqVqGjiU=a(av=8$(UD?27@{$oi0BYZptc9_)E*=?WaD zwg8X-W#G|wKhTNKm zq06r|76&X21?kpqPjNL31S;=5U-7J1b2Z11=N=ZiJ*6Bcv;%2>VInh=NM-O*%dMc@6a_}d656s{6kaWl$lS`|oYZS&MGXo}?M7~${!i?s( z@#Pg-cWPp;a|fZZK3& z;7-W6C{yNE&~R06cxoOW5b3MmOm;n9rV?l%961`= zFHxwB?!BU&=UQYnu@HYBa4-c{XQFFSvWf27R$KToj8lRUMjM$mToV)MHq#a??JnvB^bs?YNC@Be=zO) zJ){&a&y2?$b0~V;vsDUXB5;y1niXIE4?_6%COO-#Lwy7S#)vR(G@UQTQws_Ul!Wnn zpaqbcON|z)DHKO>v!cz>{kP!Zp69X=mEWS>Z|U!!KzI3yS1gh7N$MU+-HM|F&S55j zToJ{zYuW02IQq`1sQANK(zN&okHW+gt983HlDqT7akdy$a&`lPm#fWU=j}clS7qmFON#4E4!{+XRn!()1yA8A#`CSjd1QRw z%Ddpv{qMW+?}{1lS9Gtq2Yzg&Z5RWauRur`>q)-C7@Me8i#S8y=!?tD!02;)IjYbw zKH++-wH1((Rs=Bf3pugWMa`ZnQ6#SOrG^olb6V7nOK2^~;GA~sABzIM%ci!E^`u@W zYAfnUyRfo>49|ddBXL2*Wp-q;TgtC~l@)40R`=mbqt(6S-Y9qv#YMHUK$A0|SA6+X zxDoSz1;N=m{{jCMr=$21)LpqfhT`9RW8^FkQ~dYGF}Ol|A@iIj?1!ioeeF-C7&+7o z@4A-+a~K~05s)O*acOdjU2V2!H;MUPm`z^Uq0HDUY7;Wh>CU;iJ7FVo&JpsA9d`AY zEqiC~PJ8~B{Ik{E&Ol$nuarL2t{%5%Z^8fPfBi^*c}Bfm{mqvBgfEl`F z<4(c6=BX1Sc6(5p+7wKi`6b&M$+W%LRLzi6Y#dZ@#Gd~fzx;L>B1{~vr9$vyPi^&b z>~O+9L&gQmv#T4&c`Vn#GF2MOMA6UU4EsoRSMJVWTF0&|6PAW{VVMAxeThLu>Ujz< ziPkv$|>oPB&N!ohmcL2QJ&v95Hm z6X#%B-OenNlHcsiU?MV-NQ%bxLRWvBh}2)GMs2RE?Ki*^RYWGlvTElJgF?va%SQ3? zdYK>ZrOVhVqsJ;y9z|V?WRplq;O{i4foD$dUynG0T@+nxhyKi)%-GRxqeuY&b)@eZ z#jj1hG~_N0FmnzaBBJ=EN%II(8`4&bp3C$EWgOk6*ksQ?;`A!of82B=Qfx9gFUYOe zQ{P5azGMoV$@EFGx>r;?^q*Pl&btNIdKm^BbWA|gfX-C%c#G3hCAfn7fxMN~@#X&} zCw&6I=$sDwc{r4Kk z&1@53$hX?iwcnxecrW;K5v95_Jv=%#Mu@c_WqXOFYc7 zbSdvT=Y@)PZw4&S{J}O)@({obiwtt87rse{VP)uqE(G(RYb!8q4d?i8;Mylc^?hcF z)Ys3bk9WNjRqm^Bxh<}yQ!2f{LY?s@GnVv>Y`Ydum#$ejINcQ0Uyxe*vOwE_D)cGI z99@w}cdcjlBX~kc`}B`~ps3#sz3%jzw!=<8-t8EGJ_T-Nu{ssJ3ZSUyClw|y19@=_ zp{iCRC|c<%xT_l8`yeZsK*Ea!T~Uyf5;=}<+Lpz5|K8RY?<>>6RuBH%jEmAJ65#bV zTZW$WZ{SZni_X`^W3vOL+*Vh69AEwm@k-Ms1eVZISVX&Z*ET~nmc}kq`Aiegs-(b@ z%BRF%eF+|f6~y}r(iYw||DM`{v+;^MKyfpg>8LjivZ>$NT(##3|HB!v4c$nVI%tBs z`E|7Q{ZSi}MK(UZF*4DEXv29lszeT6f8;o+Ww8@E%vt1qr$k58HK$WCyzxah&CB1i zBl0*|ykjNrp01L+zvy<-wkWESXHHl4qA$8B1omWw%L?o1SThhgwf*T^Iu{M*(7EW( zS?pYNO=BliFl~aco{-IFk^G;s{M%Xn14jNukRPVgOws4sLl!yeUh2{_TeD0?A|Ch{ z()iiBi{^YUZiWDBC{Sb^zh_XvJGP?q9R@TFe`Y5El(#GW&$7N$6dq*&B{uU(j&StGJq#$s@zbS2s$Ehoxk^j63=la5->FK7x zRcyF%;j-64*;!rU=Z;CIb0bJi$C|Y#5bdG?HM8F)JvB3xQMCKgg_2^^RA;K}TAUF- zzn`E<+;9oRtvW<}8yMo-s#O?>uNo0wg@O16{R=7IrY`pHF!O}(Fj};FK%bKs!gm|O z_^w@1f6_NL8ThUu49YMj?Fk0T(D}b?4&%Fu>2&h7VY0!K^rYr!M>R(yqS!~tcl?q&&D-4bk+fG;id zo?maE>B(K}^d?1Z3%;B=I~|u2(-FRW0dDQbf?Y2t_P!sqhv#W@h67C90KVdHgq*i4 z+RS;fr{6bPv`!H{0eR#;vid|0-N&scFreSAeu1&f`$B4eBh`);Pc2;Zb;Wg8P9)_f1yWRg=V6BHPgI zc+{}hIBKYV1&jP_&AiIHo9|gMw*4vqQYC z?4l!2_85fGn@*?VebU#BEaYd#8esa5#2Ga`bh?@fecjAmUb&#l73hB&HIeKQvVYmj z>|ZV=ynTMAVgItTGw44W*4RFg6>8?YTGR;AI?x%{7{p8!sIO;J#7;NpgY0>Ni3+DX z#b`Sp+m(RJ^y4(<{c2oCIANT`9i+Wdj2fLi%#Cwfv@PZY=niXm0BI#lPR;;^?Q~-D zc~GMAr~>cz@$@%a%ezkXbFU9`|&nf~bb zWAdh+k3ag|5LNSkPuI6IH+AC&)S($Mc5eZv0VCh;CKx%MMKB@{Wiaw$gJB~Tup9Z- zvV2=uzIjGI2j(Lx&aQ~7wZXKq~jR~R?;+W=(;?${o0-3UQ6GL~C=7sNM_uZI<_n9dlyAgHVu3al@qce~w=ujk` zUpoK;ij_2V3MFk*QEmlP7fwC<~b`R0K<-{fLB~?N&Ip@nH30- zx6T#pbWQ!tK&oEV`=%)>Q^*GEV3>9;ZjuJsKOlS@g< z>b3eWf`^ihY0eZ^FzEQ3fI8+&aMD+T3{###iBlb={xk8){t7va&7PaU^eNP6cH!*o z!ingE36YxcK8GAHdQ^*WEshkHm(^j4a#K8YN=?*9?U8wCpVzy7VpVmw)2;nOA^?af zfqxl*HRVeJm-!bFxO_B(fy+7D0I=xTad9wYZx?<3pzZ?rK%$bM6;2dX&b6K_?)Wkn zJP-J9GOuq)>CYDt> z&(sR1bB!Z|fHxQRQ46Q%2K|Fj;f7D@-Xt#*XSo_*A-R01r8cK%g$B)AIWsP-6`d7_ zTG4y)?~2*@nU2L*+-E$dxL2V1&%OQu{QL5Qw1(3SI3R9_n>vwwp`%HZCe*3ZLkoFV z@AiLH-J}xxc@aZPo3Vy}+evHqZYHf^(s^tRZ`;}#q!|fZWaN98nT>o`Vm@r7 ztCz;p_>(~%Nklcmc3969eHj`S6vufn$O!X7t_jjm?jEt5_|V2cGQ)CV z4+Tc+r}3{)L*W5X&V?%H!MOUO(!y!g#!t}3ObndGelgrcoa{-xMd3Ef`PGk%L+e&< zN4B@LodYuYDc+;zNAK`ePz|id?4U$X`JMV^m1i^(RcCqdzZm_3z6LEUtCszWmYr6l zrz=P~@@@*@#h>|Sy$VoNJ1V=Yt(*DsJBW3gqD#4lM6Jj|!9|Lj14A%gp`w0IDDpzG zO#a%g{-)$_;az8^37rZGuC{5;b&w}% z{(tkw=Q-ci#>VsYV*U>2zXIoBqN5-Do$7oJ6Q2t7#h<^HESnnVEJHVv*@tbKlx55I zDfz&-pOpDg-vK+IE8GE@tHy&w^K)p&J|#=xzK1Le2B8N@4G&T5Z8#Y0eEDcx$yqj3 z-y1j;dP_Lfrr8Y+9SenYAn-LLIl?1jI`)6gZeE0JwzqsvR=+Xr>?fyp`$0g=o;Evs z+C)D_peyqj#{}B z$l>FRnQ%<&wer-@yP>J3L6Lns#@LSsw$XlU&7l4G-XOLgU#aU1Lfe5XBiCmvR|CuS zf{|-6=JM6BMjB7&+@t67-7GHJYI=bMGCJr+UFsB z0=czU5umb5h<3Er{!G9A+t9hM3HmA@yOw>yRDL@6jsshn<3$gKYK<+G-@hEqt2S1pd zvOGgbL0>#%7d-{aQ7mOT4^gx^IZFOfg;$P-TEv4sV~ljTXV}f)iDWaG1T=iY2004= zhZ*%|Hwo*Qi-OU0A6Skdowu7yB(3g1*U`R0q$uCe^8gk&Fp678cD# z!XVp+f$T?wzMjL(l^}ZuCA4`@LTpglQSc%f8k8C^c@w|3n#B`ppjdJ6;Kc?T__g&( zUUem5K%lFh!B%u;=WH9M-a~3EaY$Imp^Ak z8W!rPMbM^LMQ&FQwJccVzn^O8tuuR*YSfppGkn?OiKG)SLWf$gcjlK6xH)tqWT{<& zJuvmu)#VA$MpykM>7tnGy76POY$d#nyWNA-0m_SJC?p{3Dgy6SZbFNhhV zg#IH{cmVr6ONyFg2~Xb5uo}+Gvyi|3Q$8w!*MuScL#+Ln+lCLkwRn#_x zg+El18ZdmH<7x~S`8V5%j=)ujZ}EaVvajLzec8WB*P=Fx*>#A2H^Ec@;~UJaGVK2Wk*-V&dCPf& z6|JNZQC3gdxV9L45x$oVsN(hiGF0&@bF#!1jp~v)JY3R6jogFK z7gv=954*K+R(|aO_j4n(XkJ6eZ{U}|2^2(IwVH6mSApTs=cO~l)pjTv!J=W!4BgP5 z2i%FhIEQ)>-GajDMw1HXM->v0y`zfx-2wtL`Z2)FuKof9m|ywk39`4Gz#xx?lwBip zTWtB?@fGLM+W!#g4Zt#v^UlAbmUTUAX+1S6uVM>Gc@HN+lpjuMS(%w zp&3}SlTvOgf^&pEvu!5)j-C<7^TG<`SGsU=W!JW%LL-hZzsSrKAw=$pfAb%TV_aU@ z!C3lJw$nuHp>Ylp8oTFaPA`UGk;;vZCj6VA(#o&MQ)BQqzI?4YWCF)At?uiXPACWa z^1L~0B<%kgwLqSg8Cq2R5x!8NlX@b$sJ4h_SLdrxU8A-I({B7A3kI>Ct;lmk<6+{n z_aTKw>Nx(d?AW`O7-D2#Q4bzmF_~Q#91)oVTXt25n~k!^`ygzO_XZbY7Ol=cWROR9 zR%O@vdCUTD1v6urM}&06Y(`HrjETk(2g&Eo&dcdGw^R^og$QZV!z@U zkxuw6>ZrN(J>#gkmK`+%y*0UMegs!%+>#WSbWZXV2GPdiuN5sp;1Kzhk8)uY4E#wB zh?SOc9&s3XC65c?f_8l%>qXg3#7u_{L=Dw$@q4J+^-ttNw~x`GCqat;;fQyb@QjRu z>_oZ!w^FJUqDu-0%i#s2IR`mhUGe^K^do_LAdX1?N`wKlbVPLlDt+)mBB|i_5QwZc zWE_7@%&TGg0Ai3vRl3^J_-8{B&kK}wvSB$?nTEyRG8r6(|7}xf)Ly(3hGSOW%`%3# zlG(z_VfLMk6zE4PD-)WgN$+Nnt5_PV$?$d}JW(ZakjaOrX9@I;?n3FttR8PL^%8HOo;hD+Mn`0GqzMz1{JI4rbL(|e1)hxh z7{95usK*Q)Ye9hZ>};DhF06%0#!J;}Ye>_x6EfATFbaqLm#O;<1D$z4qh<;!xIDUo zv#|mvt6+!xLLf!V3F*H3ePgDUX(dnD}+PT;qQ`M2jeH%r(+ z#_05=FT|O`cZF=Qv2Qo-HvS$`8utsG0`jLjyZh_g-8C^u5fu+xD}OOOmn@b|4uxv$ zb2=4t9@h9{OpPfqHDa3oQmWAgxcaBi(bK1=tM%YpQ0osdwSH@jt`*b#UlAU1;oM}8 zF7UY)g*3{jqELO257giVr)%)xw|dln)kHNq!{i>}%%GRIMQ0H2i8tT}` zsD@%=zK(3m_P~PL)UAr=16<6IeO`;ch>mfi^rh%cP|zl37SLtjCU!*=@6A42b@eox z`eG&yQ*f7MVm*Q;W-4exRF+vx;1uM`c9Vp^T~ybV5?wDXM~U4RIe;zwjJo_>KkBlc z$hv$Z>oP5TStRpBmia!G`7C%4Ty4{o%z2P_ zDFcut=oWJXlKC=20+Y7riL6q}r z@QblKYWOXJnr;VS1DIMxrA_23T@*Tac;{5e&Y(AZ>aa!OQnY_8B{cYCH2zCD)jR%M z|9`=M(f<3P>CrMZX)7fMhF$GhTJ$`_ukpolRI_R5si5<7YIa|@(}S>2{VuV_wjg4v zmCVyML1ETDkz*-fHq1h0e8gWv^H!>TJhpu+?W5DW{>px%8-n>UyUU3b60O?NHqIZ? z9QS_Wv+v*CPJG_W?tbF)MkRsa|N0OZI&xP~Yen)M*bCNb@qMScwwzHpMcFC8oG1m4$ zKhb1IVtLi#U4a{(j5;9V%Z?fs{LlIyEyQzvJhNw37F)JpZqlbK3neo8kL2VQTjh`@f5e?WJI>IT#D`Nh7V>iw{eIsLf zYs3<1Brw6)aQ#1~<-Q=1mb;2$%f0no!%l-x0fUX2VA_F?*!fQaW&YU6{0d}N8`(O- zK5I8SFThSa&n*WgHe}d-J8q*3f$XX^nCSR^9r4{K_dBkv9V2rxvmT_VA&O`GBC=jP zWBhS=<5NWX6CYzpKcfGeIKVemJ1p$~iYETFcOWC5+Y-U?m^a>?xX*Dr(MjQIiIX+MEngo06#&WvNB?z#>c#)uPFwYQGa!P%FAjEt<~g zyIR~PYQ?h!Zo7bV0s~y9NZc1ph0djTktwBA4*k^0_TcTF{ zpvd_|ZRP|a_mtq>m?COL(L)G3(K+>5nm}qm61-hjb%`+ES)uMS?(SzoqWEK9}Q_Qg3W>{`B#^;cr04%v0 zkks!)b1^LZJ!ZD{+MMZ-bQwU!og!DOI;V^3ZmoDS*D0E3!sacSAexIn-Y+T;hxGxF zafrk2u)yj$L|nLGcfef0uQugDcut1r2ZxPK88#|a95x>SZOUx;3aw9>EvWn9F+&{o zXeP}2M1ZM#;5iGP;rD)My?8pj=M0;FwK(kVJaO19BLr6!2mQX&wFiK3GVH57(anqM z7WXnvVke-YdrX|*^{0#O@n-101KuryTCdq1?z!>!!N`>0o#RNyujA35iF>?N^=i^Q z_q|DwXP%L#k9W?zbo@G|FMNFvz9hq#+{^mmn~|r#cg}<9Mk@5A&OIi@eeZxsX9kj^ zlru0P)qQUoc~?1;zMUniE$;E@?zv}+YBRY}8H9#s=)7Ji#7W_?(tdfx!K0&OX%~ZqUv{#zsx=N za#7Xk`xW&4N>OchkI!+>%@x%)`hFFCABKIr+CBFgql?$l*Xu;}fO~wNdv3m{HqrO% z>HBa|-QgZT!aaASs5a2|8|eFuvgQO9qqE={dgQ|?ZN&jA0Q1^EB06n=o^41R!e2AVAa z`fqUlV9T#@+}P?(cU&sF4zz{ubEGE9YO0w+I^=tuN1;Aj{ualXMmoPXInkYLmV;Gt ze)IemNtJUXb;8wh>BctGY4x35?f=R1LM>nio4Q>qUWC4VXYtFVX8hA6`-B`amlnt) zs=x!by>A41ud=BP>;PXM*oJqiPPy0_BIChei76MuGo?6Zo~ZI6CQvC&4W7pWJMLr<)VJ2UCQk zo$&Z@qW8!2q}>v~_I4|#BzX^7g``~q|F7f8P{ZOr-oq(LdoW`%|F6!0n57?Nez?Ej z{n3gn54_lT)#o~F_8v}80#ts=s{@8Qm>?uo3#A9m!Jt_v{XSR~G?)Guys_B~tP(Fk zm!zZ?A!&!A7FCY+Se{n#j^UIlc>D({Fn|g2Sk|J`1=ZdFA5~z>q})RrXffH}_4t?m z*j#NX{BoU4j{0h&E!wSC?WSbeRf89BfccP`ZR%#5_h5!CX{QW7a#FSIZOTxR>V(n* zLF^ybB75~g7vi(XHOt~< zJ8tI=+Btx>ZS(@78UNmQcJ4SHW%BPGgQ{B;t`*QnC8QrwxNjBi7rVLzW@in2_?mnW zOYcM0W;^$-T|J4#q0kP6+Xsk9SGZ$9@~R-~H}D01zJL<&^Q)cP#&S18?skRyPT@|# zpc)j-u0#4>V4dpVcbmd(hfmlRc5suO!>^~HOr63(F|WeymDC-^bi$MkvT?^GbvHgq zYJ-hykW`-yrdU*~Wv)Zr15-RmZIHP-LEVT`@431}yQ`S13J%KY${e zVV!xtA{{*rpdft)Irpn_HJNkkA;~ho0BUy~OwO$r0YUW@-Aca{bimh_!^Z*i7>ADo z>CudjXE45UvvaHLxtZ=cXObVo&9h?pQ{@cKt)vZ*gVl1d&UtiHtr(xe0oLueFjMv< zUjnrZtn5!lJXL~WHZZ!%7OcwMslV|c8ed4rh@y3?eQ+-gegzsD%0532TtR;y%Afl}mtk@RZvGB<=_-XFA z`knXaAa1+yWkI~49upuJv@WVU;XwozR|SUf7x+{wsV4-;KH8H!gm%d(iTh4aw+h}< zL%jYW!FqA%_d>XOap<>6--<&IOGEbwNgdMACUNLKF{xS_dR!dZBqY^HL$``U+r^{< z656pf4HA-?fzUQ-g((VG1${^$`?jW3DXBr!#--XhulJ{9N!fD7E_pEp$F~LYoWQkSoLaTdL zl9AZQNbHM=GS}cPOm@%eXC(GVCa91HqPV6jQ9O;mf$bv2ya(Y}0fGn{exANQ&%#dZ z(CH1vHt1KLXwuifS6OWr)q_ZA@N;WfA{saHWuFp(A85Gqg(N`Zi8#stxU&pTn^mQXNWf+SL{_nNW2CT11VB&E4fxUB<22`3lvxXEf&NU1ku`xV-8U&9Ny?snM~@CM>DLv9ov%Lr z82W&=6wtW8E3b0i=zp5xD20mqOwq+Z#^P;D!o}^Z`06;LxC5g^EP~0Ihi*4FEWz8U zcv%;Hf$o5}|8jvmy=@uu<1jZ;?*mxx>PWr6JxcZdGgPm0P40fI@f#>wwjb~RJ95eU z5T09Vb_+H^CY$>3za^r{1w0*?)e_8Yb)Do2_*Jzhz73#Xe0?i?Bz3U-C;6F>Ud@i2 zGsc?~)q4F$Xe6{4sC@9D+UbLr6A238@yFK_Nh5d*f@?_O%Z6rWjuJ9!648l|GmC70 z59$^uY&c52@1IzBzavd>b#hK#R)^=d22wC(Jf^@P?)^KAF{IOu9YhcPpN;*W4)8?Y zeRpHLOg;YPL{gQV`zAKKQNPBA?=|{2SJP(EzoK90P77_zHa)X65o24y!UD&tpIM68 z_flNUW_>mk7D`WT#S3d?i2dPZ3%odrVfVoED`=KOMz8ws#lawYOQKM2T*%Grw4Y)1 z|M_Ux&FqOqOcy@F@U9!>@#4Wp(NU|jim|x}R*yc4Kz2Z{E=Hwc%cnTkesr9rKN;0n zUD&5>`w?jDnn+`RH5%J)>eg6rao5KB8I2VgjiFQ!n66(GZpm>sYvu3Q%J#+KRx+s- z$DA%Lywt6Qw->V(jxS*?u$_s9VNl;rTrD302O4qeuWU*L%p$mg9KWjS1aj%KV*mo{ zd3y=n;c#vbe05s+2e?KX$nM3^wW4{lC;pjzu*CV*=*rI1??-ysEbz~66s#M8%|0b~ z4_hSlMb6Gj*xZ7O^;&%82UfS-ll#1%E>>7&ZTF~l4U4q47m&y+DWn~n{ zB8hyUct&YKp=4`WR{V58!u+BpM?fP0xuy+C$c1Z=WR;w?L zf7UC}MFmN15=xpm!P+2L>ztWTKcI<*Y)zZHJ`p2dm)6u!MmW0$`r*VgA3FIoTT2$Zy zlnQetl>7=k*yy}g)_CaUJR8?yG@W8J9WYtZfF1qPJ-aE;U-%q{9T?1hfw2ztM43^8 zy60c-0+vnHdlkTX-0KP=z-_YO%LZ>kCd$6J@VQ+lfz($p7=)xT2uadi7~s6>SJ~Cp zvGAH+Pn-U&cDwHQPHKk9{~8hYRWFcHl!we;wQ?l$u94N}X44@<{91TmrssOtGwnlv zW7k}srV=wv=!xqRyS60LYSSiWrr0z~Ch#)oe=WORcC~}N_%z7*JNW0lqSfn|*K0pJ z-QD^*Qy{Z1RA5S^Fy85hfBeUCn5;UHIMX1n0ivQQZS1dv?xn9n% zg7Z}&yh5JW+*8P(KJ zqu7k&u*EaryLNa8wfF)1el4*wDu!@pw{;5ePxm%L4UA0*HPBMQMmC#OB!n8+Tfv4j zfql;oHPCyVg%5E?ol|~fold2)j+q!wam`c&&bBk0`LI~CsnK@*_*BZU6g~;YrzZAk z0el){eENcYnk}kLuC`{rjB%jFbi|G4uJY)4|P+%8{hMk8ajX2Iiv>6(* zh!nnEU*X_bf2;7C%}r5WHM-fS6&SZix1i$-y0_{Yx&CYe2Yh(8fdhPr>|{6XUx$X! zLRlPU;+U?aK&J6OJiwXABHD`tV6Xl|KPwD45eeF$^C73}M&Kwek8%%6h>gz9M@|T} zCWcz`q>VJ1Irphf#t)Ex7!L-5LAOZgIt93&E8`KgYY`!qO=&@I^?W(Ake4cUZ`ktYsV^4Gj1K0IhX+2C$JjL)Y%UGLxZr+{=F*tD zGMGBN?v}#toHAIv%@u-8b|Ga9y!&s9@!8U=d`isho+vW64z1I3cj|)%CNi7nfz0L^ z=WbTA)kMBh$ZsZjtyO=*W&RH&(6^V^r89?w3XF`9JNt}K4C4PRCqrt-V)Er>M{gg^ z$ku)Sh8b@GA}4>3>?&@~a89wSPP*79B4~E6X@*e~0=iLC8`kta)zpeL4T755GMs1F z)r(02J(L>^B(Nv!vuz;7FeZEAczypr&FJ(YG_fs={*`7CEj=qbu8$u+2I6TNdh>4A z#XrRa<{2ln#SGOB84+$IZh57Ow-C9pRK+yNM}5u@zXGA!MO5mqjfwcD)Z`btZbxw_uB+>58%azB@J+j0||qPCp( zY1(qT57Cx8`5oJG%N{@NmV2S3+m_q&U6{*Yo&a4NCm3!e!dvaO@K&=&Z8agZ)yCjf z8&?8bEoCwhFH7$JK#oiRCwAFv9mZxu&_}1ZHKAF%ts5N(EQ_TB`{A9sSO&DJh;AO( zn-P%WZEF8OigC|q1Ue*Nv>Fu{{u~4xFO@-ir=e)@u(=2Qe_f0}>o4qRr1~XpR8R5y ziszbZ0IiYlY>c@KY=0*634q5D3)z6D)JpG@qb*iLoBqaRBLK|^wDm21-{h!6fO&Ef zbAdUqWJ&yceVl!3#rXGF@|&3au#x;CCiio$qU69z*<*h{T(dn?^FfZ?wN%uZIkM_3 zplYtiyn1%8%?zUSBqKeUwG&V2NW5UYc!N1RT7N54vbg5$0Bz%e5z}3_MO-*ir4M1> zKQ2OBl-h9~Ky-kWvN7n4O)E%Y@o|D_=Pu16T?63YOUU6}#6F^^06n?GrVpl_C=TUf zcV+O}rm^>$^}jZYej(2bySR;T#oo47bN1N(AVQ{Mf)hY z7{(JAj%9k?la}Ic9)bS;LwHY8JgGWU&!JqR?1OHV)gKH`p7oAf70m`1=;0Ja8(_nO zkzMxeEjElf_jHXd|2QC^8o|2Xd6}f0ZF6}oifXgkvp3uFk1ae~;J4WG_st)msC^Xf zc55!Wu6CI1YWiP7MoGQKegvWIVnw^(s%WVx7tWVKGo)@6qJY7`JYp05(EjSlDO zL&zO_tQ+ckHNJZYxeXq|fM0$`7;srUGo>o7=nRGsSuDMfv?(T=YZDCjekdxNztH*kh0sD=`t`s<*R#fyMYHwzzx9cdbnYstL z%__a(B{Qj?wQ0<$C{msVqCAZe%F|#_9>>f-j_vr+qun|_F4FPb{r*qm!q)NEK28g9 z)3>w`{UMuwekbiNQ5%Lgeq|N9mE8!^=fZM<-=^d@^UKk9kfIiw#(FHnFscnAa>eeM z#j)F9i~-OWGuC4msn)&Zl3IV}7W6pKPQF2#_41orf}?9K*O{W(wD++b%z-xEDx1fo z$obv{8RVuy&AuU7T zQzR4ov173__yO_-vf9@-IuWx_&_|?bbQfPe+y8OoKElSo(v0u@nr57t&wBOcWt~A- znG6=ZV`E%YVCls9AO&%uTQPegAd5rjzWVbPbzA*=p*sKXzf;WW`=YCU=V7S&9aHp` zI@yo}vlrn_Fm^W=?J*3sPG80>Eh2VMR=L0#UGAl|EX)c82}0HY$|MdmELP(cH7{@m zq9qU@&&CkifWy@nh}`#qS7U-+Q)z-K_tONuZCKCV<-!TVAtSqscMkP&P}IPiz*W?p zjCGYd8#>~D_hgJq#xA^rJBoMUvx}SgY-f{!4S^AS6t?3i#D?hQTitBS?y$K!2pih+ zt6@7s= zcO@yJc9!h&!B&0LO8D-iEx(4Zm_^8OGax;F`5o{))-(7lS-k@=QU@SMnUEulYG3zJ zId1r4?3mPjRC&;6KhkE{sTaV%2RQiimpJ&dz|2qyG|rmLuU`0~s80DB4FSF1!`^qU zmeiwy_i&1o^qr_-!nbH=AtiMxX6I^q{xN>}Y*Kiw!U-Se88J+O(b`csAPrb{yMPR7 zzSkgAchU%Up6&|S7-zQ;sKFs7|BTKsD5h7?nq0n@)?_lK-rI?@x;9a8$0-0JwxAC? zBD=^bhKXXa7(PK*Xp3#MyO65JDP5F{KvkJ?aj!Aq`sup+f}>k^4|hU`K7xI1s0y(s zN_HEN#)a>ZmT>+WR2&d_(&&n*%tGyqFr0(}NvZ?V)DTR&-htbel&R#q$-}g(oDrvX z|4kSbLqhWiDu4x}Xc-c+HvO094MGO!c2Ef29$0{QM5-c$97mQ5Gyey~V-3)Y!f1L? zxxm2M!|9}k(F|aa-$%Of7o{aAkQ!$YpK{H0yMUGF2Q0MkDI>38&&&D?zA@(^UglF0 z`IPY~@NLZb@Mrv0n)E-xJ!X{To;zBTzJ^B;7{b-?E7>tX;On@Z95*5Pad`_3$`lw2 z>?(+~S7Q%to~2w!kQqqBskW(>Ob}Y|Y4L32_K7?BPVUo{mGDUl!{|n+@)RdLo z9LB_K&c1!v5dI8BoImGec!#ZZG5?oe(IC#mLBxlPL)m{mjBqId4YJoESv`viz$%0V&Nn)czCKM9=pXQWdV9T^kcRQjctig% zA)e_UV1DP3`M@zYm9xYe*Gn3BbOjI&{^>?#r zB<>@pT~RO2tqNSDs7o?sRFoEANRPa*7>@2>>2%i<|F?PPnL=WDy?*zP#5GUub|RPk zl-YE8uaY;;>xNibwh!sqt7PJGTCTxg(sFIy&NLUB9*glR`6uE@%4!2T`-|v$jO*E6 z5$FT(#Am#1sMVPEtXB3EwUJi>ub%fNDWux;C((+P@wEq`;1?pIa~HA zJ3o3W19WteG!k1&5Q4Rk4!k++6J1nu?A%dX_II!anwV(b9!$IQA;yd6;wii4T!en6 zbAtw4w&}kYqWo`o?AMP4J`7vZvpkFNT=(A%7u59#lsQC>X{v}xdhC9Obr*^NO`?K{|PU&9%1z7*INc|s8?pFV+Q~qTAlY6Lt^H!)oczd}1 ziQVfLdaXbDd}M-g+8%vA^0LXmUQe64o{yAmVFwq7?ua=b*>p?n`N)O8C5FyNI;^4d zk;}TCk9v>D;^ z5tt|?`=HFY*(y1IGcdEFwfYZ^M}!BuVZSw-qja@t#f0%L*-jX5{APync0F=hUG0(k zyXk7}zYXc>cw|D<@ra?~N+ zs=YG#wXG(#=>h%A7nwcT4BVW1$`efNCfCNK=hn0M7tjbh|G21oo=|9$k=PTM+Mg#G z*DvyV(OCCFUqWc#Ku5?~_b0zr`5+Bg=&S=E3t(}p{!@zqTtBlpHiXEvh7j4Pzp0|p zYfYE$ZTekqGwp3aHLH+L@~gZV-ja5hWELl+9p?RuV+lmI7BcZs|Bo5XrIy~#G>-Ze z7J40vhoA}-NKT+HdF%)@7dB;sk*K%C(^;)^FiT6bqjiwS-arhbAG95>Hjq1ZMVqq-P_|x!MANU!x0=}uK11X7 zp&~XE1yuEtrqlq}Z~L0r#K1f5+Lezn`5Zbnnlm$#>Bo)zf6Gb?^O(Sw&4CI=zJNBA zWyA0h#S*@JDJ|lXSaS^~@{+CK_h$5p;7^F_uBGfw9k%ET{wub=s9iV zFDJ4X2XPP{3=U#{HJgmj<`M_t$TqkKGEJhB-W}f~_dtWaXasT(Fxcg%_5ahoS1;E@ z#2`!|>D}N9es?hc4?f}xGAO6lzstntDJMKnQ9cc$=Iho(ny=la(@*P*7RvTsXhKR( zH?0fr?lyp1A_EA_mbH;Gbei>lkLz)(Wu2>D?=pwo)cjd+R;y|8h0#KU!T z=i$mFRJ&%!QO5j{mc`tlG0&&H^Fj^z=fgjZwRPG5^r#ep$oWQOxFDbKJdL-VmS?_#!MujYmM zv!m15rVZGQ`v9Syo4qfTt8xZ z>~Z~N@Q%J5%eS2h26LgN8*3he5uzdoGT%%yDBY(FWdS{3B!3n;T1od6 z(6I@SIzY-}%8iJ#n`n2;Yy*J7!@o0_wvZjp{xwvkmDzP0=QZl&&?yZ}2)dOLGkL%X zva9+Gq@&QTu7?8J{>Xyk0E2fUD!&qeKC;sd3ioGdh)4~pX8WH!-Ol@cYBz;lag+h* zEwblapMMCD$74|jc-?CGWGaSNTieAQiTX0LyNfK&6H~KHJ)e?7J7`wQBGVb|I9~|7 z)oYXD)NaDhdH!(6qZ=JGHRQnmfd7%OlBXBj?(G!Dd>7s&!5P1{%%E6tv{tn?P0X~e zOQe}S7);wR#aPOPA;s?$RKqlO)ebR-m#{YE!6x^0vnhPcwj&bq2rUnEM}ozq)_6uI zx@!7E&9+AGNv0M03ntWh3KK~s#M_#^on}w+Fqb!tIz|1tlJ&>2j5z;dUB;U{i3qJ2 znpE&fiI>k`a2K|1_srylT8TH=JjE&Kq2qt!Kzb-CPBHQB4UEl`XPks7Lk8x_Yg&T- zcggVUkaL8AML&6nu;|t*!lLqz42wEvgLF9wL!6?$74|HhF6Bb!p1w27B(#=gvIRYp z(rnt}nUmv;*?jm;0~T#+S*Ee3%|8q=;cGZdQ4gBJ7JV+X6|UO(dSG3!26~UK$fooK z`FaG10H_*+!QMH-BGif_&oJ4zQy{R$|Hg#~O|BBw=G3qYLMvPRhZrATW9Jx!wm+g)-4v0N;KjLzi0jL26sERtL5fD&= z=3Io!a^8a|fuI#@i+W`$Meu&N~cX z$EX11tvIK^z%?t-#{ zxF^iySH5Dcaq$K3-&|$b%RED;5qBcFz+h}KwXj=tUcE#^$+n3ve+V*<_l&pzhdjtXGa@C?2IsT|1E*%Vt|9Uy$dQHNh)m|w>OnP&{QLl6IuX!0ZS=rxAoS+|F= ze1);GetqpM46%n(A&6 zvb%r5Kq5s5o=I@_(>-+eN#A*hNxcJ5>UHJ-Lt7SfB;~dS&V&c&3D#GP`V1X?XmS?g zyJGJXK%3>0!)*@ByW0QG@6f}P_`gKHUUOBh|GBWcr*M4QVEp|@vP?<+rXRr|iCyGt zj9(i+_6WM_c36XTYWxlG9Cbeo(p?>9$2qQ!IOk=u=czAAW$9X{Gym#RH4?6;ju>B) zx$xJn-bo|%iJIC#m=th-CdV$Fz&iJlwbHtfn^lYng(~{?zWnl&Sm&o9G_GhVHV`U5 zqZdFu%CO01d(tkx3gaVpM>uP=-xNv?c9iH@qP0S^RPY zrsMov{3j>Q;vM}G-y33r-*}#W_j_mYd+JKt(aQl}_7ALg-CdV2n0?n(mp?>ZI%DRH zdlt-+`G>0UPyHKM$xjQa6~l-}F6Q9Ot|RXcn6fS*{A3P4Swc^L5YIB~#|{ZGs+X!ry=3zUL1fFH zsj}AbN`?4#(K+3A^YMt)9f>|TJWrRAtjI08i_1`XMilap~#M>uq*}&MJ2(bZy z3nTW8w%`}AAB=Lk{`uv2a$dsDy~VPhpzw~LQTeygKT$%yMNfhnAPbHSt2ZT*1LIN@ zq~Jq8o9DK4a{s+>BA&`p4%YV-l}6^XA#(vfq{yDDi;&>2pkPAVrz#48e4l1D#>}7kBp|`>P0OO~#V%T{rAknrMj&nnz32HzU?Ms9|ElxB>@Odhx8tI=KcEwc9V1Ppkj zt)C1(Mw~tI=eW`~lS99Uevxc;_?G|#fO$q9H9D#2Ib(HlScb?7j3c7o>dp;?_OUWLL+AKyQ z97T2e!&F1yZ0Jjl$S)OdAL7`!}+f3OU_+mxI02hC|OV&88*5 z+T_vMj+wb*Ya1|sEC785#)JVXe-y1*=I3eC2Jle^d z#Te07g^lR{Vx<8iP;EGgEB{O%3i1_oTJX=Cv!Z6FSFn2Q<{rHs-*6xdS_qou+hJ}? z{*Bw|DD&XDh+;~`TbSp1#{}6k(ge@B`wjob8kx(Sr9YDe3(VEX=+_7bW<^`*19EVS zvE+`S`n)VeKDE#*oz1CpTHuk~{YD1ochJna??#$A8=j@y)~@kVjP@?T%D7q^u+35J z*@D|5)jQ7Cf4`XUU0^&O&PCci3{BngpU{b~XXLp5U{ibAYxC0XY?)@J-!846X%nIP#M~~h2Ud*q;AKhy8R*p zO{{dYZ@@JdIG2zbFgF<0jjvqm-3ACReme_9!)tEAA6{(6{fOB1De}TlYXwN{34Xr6 zFa)nq0P{uQHM(ubG=1HLA+R-qXEU1%{Z;y2g+Z=ENaP(NVTVDO(p?v#Ie(K~Jq0{| zfvi@O@)n^zW@xWQ#__>hIF6BjeT&A?W`kvc`Me5*3M)Ww*#A}t{x1x{KV-B;!9T)h zE43NvaQS$Q!jv1`*Yb(*DR(E(@9Dr6Pv+|2uPky0IPWNrOe#Tg+Bv+Qiirvg&r0N3T!no{XrwLa@)9Md3uMEG#&JYejq7`HH8P^+Nk z2|PBKrwRk0+B6JYtN$$%B@_vRV@;5$xitTOXlh1I_*R=4Acl| zgT_dq$_S&zNTEuEky*?c81D$PMOhI~ZMN=*Hn&Hqi5?HUj9rF)4S*?_pm^eszDb5u z)AfWqIAB*~Gj!aw6l6BlJ{{v8Nt45aRXLKzv`LHf4=$i_PLGV!5;zlT8_H^%tXJM{ z)HWSB3q)Ba2kK>IR@ro{%m&;f)%P5x>r;&?ZJZDFzkze0y7_C6hT11Xm9jqbcGPeB z6m#)psB;n3nI)=C0>4#KFSdEcV^xco987*>ph7#TE-Zm`sO&OFK2~&?dW98@coQo+AgVvY0rG1(vsAj3xtB(IJS0;Q=#bPf;V&cmj;?*upO6Z^gVUvB?H9&pPA#N0IM!P)OHT z8wvl2B;es@vtD5&EN87|L92MIk%1nfva1C&Va9V8bb7#-PodI?0PR`)T9dkhDa0TA z|FHMw;Z0Rr<8acXC56HXL!k&lRghLuTLx_z8=908NTAAiRTM=K=L!kn02I=+JsyHM zAie&6%`@$-2kr)Tf8 zhqd=!(_Vw(63Cg)xs#E*of9Pv-9{|0J*S8jRTnbcctRUvo1neT|i($#R2I zde;9KFZDucSe_wahf;Zxjl^cpnRwxu%FK{yk5JU%56ai2aPcW&KG`%nEmGu&;HA|% zhx4dT2Cu^rF-OZ}*Wr)l9`;3ycv<1}4i5QqnjF(%qF=pLzOTUUS!~j|2T;x^x)`$J znnmV+SnXz!Xv!#Uh5xzUNbg6RtU}qLa6DrR3rntZ-(Zv8{CKFIR8l1pg0A>uC9P58 z0oM?3#ezGn+4Zh0Ak#Z6a@q6|dTi7RjauaKru0hv3GT|dcx?G;yhqHUoL|A=EX4M; zipvPU%v#X$n2)Ro#_f_aIysqbokSEkuC@CSYtSu6Th;9{WC3mTM}S-8jBH$2ZzBJ7w}4}A}R&%f*OTt1CPEMQRalQ zMqZ{O{lIGC<2J8md|bFT5TxQ1WlY4G!DmV-nl~W`L44wJ-Hu!iL?&Om{dBv4&ISaR zdwQV#eTZ3);Dte9mH=2lr@xLlq&TD|5&2npT0`(^O0G>Y!$M>yc>JOhA+($$3oWGd zJpitSLv<`z1H2|xk^iM0jOPXJ?qa8O(w_buV@KVW2H(}hqhECq$vm84^@-AHbR|~! zZAG{ciVDd7Ee)*_X5uii>)rLF_5T)8;A1^V-?R&F8VAB?9nv3x8Sq6j`ETg7hIvU< zxgi~}>H$o=U1iV(Sf(~|!53w>KSEY78ih=iv!O7XJlI_iYi@RLry2;_HklQH5d=+V zGl_o$)M=IVykwO2Zu523EP}M&M|Ba}g$7HE*1m$m@*ksGyE&pYED1cvJ*w_+wH2Qw z9JXI+<@49n`_{>=emK#hnal+EkZzFpja=UebR#$94Z4w=^%}d8JLFJ<{EL5qucPgI z=_Wiyxe5O&hY1x)qQrdbb48ZB9=l?y z-ca%#*p~!A#r{rEf0Zn@u|E;U%hC@^XOu8X=u;vkC7j-Z2`U7yo)mb39lhYsqF(yG zOSpmHa)XjLFfS)?X&jGIfmcbVma?_PVZd5G#@6ziQ1bo}IF#S{wq441U)oQ&ic6VQ zFct-VGGf!$k-1OjSoTV#BQ$&Y*ue-JV>+2n8^Z=mj(pnKx4lXm`~8D#W49gC6yiP4 zrk;g}kMVxS;5fyW49 zy~$Ged7M^jDLFnE9>x$#N{+i}tdx=?uvoRgdSpEFfBGj)=+}BSp=>)&h$jDRM4var z>T~$;FesHicR_Q3ODLb;DR(=Z=!z~}Q9?Tmy`5=`>4(!6%VBYTlr2WFIp6Gpa%*1B zs48OynkO_+%(f*L=yW_&X{vOOaLDcgWzYJ?=|jmM4x{EoYVIIw4*hR&`%Px;iPWA$ znwQUgxoCoq(+1`)UVMo2VTdO}$+xgJr!r$xy<&rlO&VB}Q=!Q$XmZi?;0+wQ7mp+8 z4p>dlJ<4O092kwzB{W^GuEYr^)lFb^pMtu9Wu!6Ao64vp^ThIvH;K|XGxu5`2XAQ{ z{6F6WMAVGbO|YF2rRyRbe@+0qG`l))cGHe`e-Nd41@h$ns5JFp%FJiE-!iis=FO^^H^VZ(|&#Q2X$w@N(l5+;1WF^EK6X)mFZXZ+lyo96>|@vot9pru4aAIqpwl4#pK2jME{#ix-9N-sEuB z{63)v)xLw&EsdTAgFLstux^*`;C{kp-Td6H-#+EA4%=PQi;-i!Xp{-+${gE zSE8MNWPIGS7O4SkT@GK;MyJ>ei1H_mJQdSR9ZrN4-@Xd}Z+)QEWmHRd6wYX1OIy~=*5A}m<9ocKOArDG3qIY zfX#c@JuT3PCaz(5JY*2OM<|FOTe=%Np!3LK3h=oVKjh<8y>#y-+FeCcgtw zj=H-bu$o0D#eMDcRuC$1jf))mGtGu>kqi2>!7o<^UqTuhyDw+9T@n{Kr8Q(UAgyH- zB~I2#AVmBq0U-GL!DU1$bpd46xx8gQ;Jixs(Hd@!l@B+c|Eu< zVi5A|9I6nwFVf>zvCo+n7;qL}YxAG&bq!iF1n27RFUoUF4mp85?13S{lOxd$lisP` za8;OCa!olCMM6uf>-O+KjYxR!N>#8V2KRuvcq45Dk%`X|L`JP-5V8{v~1(d zc2A{=56Jrf;j%olU1Amlqd+2w6RStDn|L`}OHqFw&=N)6J)k9ux_&@Q6!oIOO=D1JW3`wKbImkh6#C>ApCZSpWn3 zlQIA=B~GIPqZ)XBVBdf}>BR?z)u7JFOdQyFG5YNf>}^i;+Zy&ZBl_)!>@7`rN%-xH z@HX&3v~PKgeAO1u8NFM~JVpBmMMSY&#}oA0FtU3%A9$WnmUNNbbLKLkWF;AEzE(5$ zQ8BdJ9@^r}u5;H11buk#wI1N5DMO>wNPN15_`joA{NJY;NBtC!{|o4qG1TO4SFQ)X zz{JNQEG4d9`awMXjYD5G#%H|9mbq8lpy!jZ6rM?)cUdHU&;G`hH_n&TX*8w(u!lBd zmHB>~P_`W!+&T9Lr~WHP`aZjFQ0HLVSu5B)U7be>Wj!zQoJ(~5>N%I{3INw~g(xTD zH5-hQM)xWH<9{?g#NydUCN*|SKiE%y_33Z7Jf4AOiY=*{{Qh^}hVt!n1AXW>tIp5Eo`d zhRnPVZ-bjl?6jr1j&aS%COY=?PjeI$|~%_ zYgKc)!Zh@*9HDHKUJPxvhjtH3op&gBOqBKoujaeQmqWYf)hB89WPQbU&)6Y=v1sJ` z<4DcQ%-*2l!&j4sFPg=5XoDOV@QFx;T=ziX6Kdg!1admL4c^|VzCFO+PQhTd>f3GX ztrOnPP~W~!Z_9Dpt|tz{S|j-oTEVLosP)tZFIAq+x?or3xeLfY%5w@58`2;PYW~nr zH2}kk;dVTYiLM6tH`R5_=>`7g4ITNYdC6F6N+@DgGAk^Fjj8k71O9@2U*RMGi`ko9 zcSA$gHUMF&Fz=_}F?)Ko!)I(W*4HIVl%6ruUFvz@RS;0@d{o#&U%2vMCzw5FQ(eD# z&L+B!*-a7d@@**^%y-;)3QypTP#4gPi| z6fSD&@BYcY~BTe5XcbNyB9X=I9lgUO(Io zy~-4%$6e1>#KA2O8~o#;$13Y!Wj)%*!7~5FqOgltWi=c=Z@s!Gu*}MW3_gbX8a1qy zWftu$|ABI!Ox_p+FawIzJ-PWp4f(N_X8|9NwPc4;1 zrIpWTea&Qj{mA?3fPIlur$S`XSiRw_-b!BY2yDy^tdkS|{W^@B3L8S0h(us+eDM>4(Cv(*a#3G7 zB6M(58|Lx*d%s?~z*&OHwXsEk2l{E&^Wn#u(fKP?z4)MP7XMtPIp;sdyDqEvNek2E#(&sKT04{kz54*%6SbwwYw*k+Lie6V+Q64+p zuKyB9!Yts#;@r20atG2H$hjECqQU=)34z&xj@>dHbG?%%WI%Zql>7aQO!sZb*wY8apfDl3JOF?2N&0v1ms4F!;h zu_+c)t$Pl?eR?#)i58&0X(xcBy<&%W4dV1A{BBH?EdbCb7(jOsRspbj`jXtjCH5s8 zvOiLkmL=*1<*+zDl{OrQreW9EvMU>BLnygFHp`baW)wt2UyZupxgE`J zM>pv?5GrA90Fh6C_1Q~iHkhCgV2BxHZo_MrtmeMFY>W?Ki>UnlRK*^PuBBc3R4MJ+ z?b~4%whLhtKAn}iS!pel1|85THsYFuJ!J%^Q_!|&A{@}etB?o%kHl)kbRpamWP8-p8XpPY9mM+U9SX18Ca(I9VFuuE1z@LR{xqW)I7hmWUn=A}AK!V|Vq=(E50<8n@ILqi|cRICi;5VN#dE^Y` zc|GC3{cJ;sy!{ZxI^}Ee+UuWziF7aq(m8l6);TzLi3YtTcvZI!LZm{tG1tAVHuT{o z8v2|_yjwv>1FQh(kV64DiC8bV|OmSt|$1WeJV zIVp~^oP(Aot}D2ebf&{+nO$w+cVqSft8DL|Suu;0A3YuN^(n#b%yFqM(pcTubrE!(LvYiuM{Utn2xYSvK#11p%jTwgFbvDcJpX&(G(b(pG2s zal7ZdVgAnXGy1&h)cRKD0QrUs7WyWb=$-qk}j6Fg1IxG$rs`tB0{~FO5?5;i71zYB0BT z`R8H{ZPYD|rj5aP;P|A@E#?-Cxqc31{p`{%do>B&08Mv0w52b zv;V}?2kmHuw&$4W8)J0f7;`V?#wf4z&{TNaWF}Ob+vM<#4WYixm;AJc4)BURp{!>& zXZ9X;;{boTy6K(Swal**{(Q7s9A6|$-mwzb95x^i9ubgrJ3;SN`^&#P!CT%J6lWt5r+@m;K6`~@OIB;gCqMZcVTb=sd=M; zWs~YGlzE!>D3lq^)>6!X-KBHs_4*Ho2e0E*Y|;r!MZk!A#b(-RDLgci2E{*s-!1&v zq8|lce^`2bT$RNz9EVV)S5lES>prmHkA~>{OcAQ)9bxOIP;y-lX8P2D#akDvbIi=2 zY-?(CKA6dX@YEy--R=5698#Sly@ux^*eqr@P>|SNiqebbJvB`f~0N}DZf z^=Lu%))Wd>iFUo7GY153-?s4G6FrsLbYh9iFA_=&onqjge{~1!u`ddH6uMNY97_VJ zJ;~*!zp8gCOyj>6bCB(lV5 z^S>cN#_C=y*}Gne5W9+*03<`iis{ zQNcB-9&PPOfAJ!PGtR)hKg?43v)NL4G{u(qTje2>HSwG^@sLBd)mbqbf$XfuNc)%` z4OsLvwB1H4d%OU7AtgFMkDSu->a_~a8{q@8xK_crWwDBku_W-zMHH!x8|$vmP>dFP zrEnzKjapj(qnHX9cmbf|^q*$o)^m7fSDySrfqnmQcn=JU}p zsBi2R!zy(+6qcWl0?wg@DsZqQP}`ji$2++V?&RrN{J6j>$c)yit599MdZ==mHm(_@ z*ICL}#VJARR{YjLsaEy;Sk+WUAD2@JFv;7yN1xUgy0*OD%%k8uoVxwLajG|b<3c>X zgNM(EI=*Pichv+k*LSCQHoikH-2(G__G9o)0B3Eh5bDvj+4f=1XKdemk`g`GUz5`! zfWc(MCsOFto9B;@thqI+W~;rwl&lfrralTXmp3wCT(zx6#}BL%<8Il^a6mia0Tt0o zV^Sj=$Qu7+tC-irqJ-!%5BYl|>8u?|;-l(L!IHq6-Ds+SKzhUjik_lJPoES1oB=%O zOgy}uRh@IQULQDXq^fbk(gq{m1Kg^IzY^vQRIm=rAg%=zv+dbv6!XcmwAs_B`8SOe z8|*Jpir6Jh7kJ2s77Ng6M`7vSt~i7#IE2nZu>rPu+32{+dUIl}P&VFBdC-(t z32%(PE_%;dLGYeKD1JKYfjRSUn{&rZap07A`}&!8T;-Zka94q2;P@na;vT{KO#)iE z{8sUYu(-GZ0F1x&{I{0>R`B1o{C71{$LeC;P<_PFN+J^YCYD)%Q+5q?$Yoh^%$&u$ zqhrKg0Pu+zB@RG{vzgx=&cmqtdvmhkfU1^t`oQomxPYU(5QIJT=b>sBcM?>!Z$RTu zs3ni?BGgDUTBw-9DmJE2r97;3-i(z}u+m{xsVA@06EFp?gl}*zR{YA$0i7r;y(<|% ziWh2pVq)e2%V+H7wsNkiaF{^$KR6I!X{ZaH)^>mqx+vSIeCC3?TvyF?-6jqkohYuS zN0)o92%r{WWr}v9)Xyv3b!WKJU3cDp+r3I9?^|8Sy2&YR^S^UVC}j6s=q@aMvI|8# zq8(J+1>w9n*&^(=crb=dW*3%M(Bd1fr(=-R2@x&PG@+;me(D?F-H{y-O2!aOr*x;- zwvGPR0u3SHxiiSVG;kGbCzWma2Mt^)carX3rsyr98W>mL0RtTh0Mr3}#QD)(!_Ut) zd^GRE2(++nZyKfr%{#*RMlTCK(D3Q|da}vh+ z`VS1k>Hgl9c`EY&MxOEBPv)5>N9G<;&S~SwtP>M!1n*ROyWFga*09t}i~(5>(~Af3 zg;dOH0<;dbkF@vg><20#Qz^3|mTeU+K_+mt33o=g&shQcr1Hj1x8u7O&EtzMo*cecmLcuf8q!wW__+ z*F?KKWwxc>qi;1JpFLcK`f;y*E7z;<>2 zS*6`D|Mr;sSlxty?*$Up#>XM;L$U|-&{BEOY)RY$l+c>EJ+TJuP`zIw?Or!Je((ai z%pc#zb0TvVV%kDMrF`O0M%l9XZyNti;lHM#MDeCZQM~rV>%NRHfw4vzXS-0e4r;75 zik?L|I-zJNN;zlZgrbi4HqL_qk^9B*G_WZKz8!B);v9T{1-!GAv!Y7iM|D3V<2biK ztjbqNE=)FpxLk zqCeZSyzrkB9V$*C80DIkfH$)81{leg>Cwk0QUQ_;kgV>aJQg*GIS!eY*D5b}V6TkX z0#@t$ws5jW>Z2JH&YZNFpD6k+wtw7P7tG;Ih{=twocQW0d9(?qh0ukPBv-OLItgD` z*$cDaeThbW@o=c#DmuEkZ8Jq4iz>P{jsu7R`DS@J_G6K1ES3HgYbimS{bh!~I>2A0 z?+N(tax?rptD4pTj&gBl{4Fi+LcmXETe#aF!UORgU{tufaaqLjdAHql?`^l=I}=8c zMpZKuF-cvZGOuIGtx+n@A4<1gCLj?M=a9MRGaln9a?@W~X(s=|LiJw*SDnzccbIspYiQ5#N8d!S%|xPr-wt_Rgm?%;9b^M z#d#|@ZY$)!1^jpVP<@0l2oT&VLU7YLg4?1XI1vzBk%1$)6cxc07@8xvN7@kAgYB@? z1zJ3pQm^8CIZh@N8!2KKVW!n-w%lAmi;&J+=@s%cSi)Co2lZtyHq@P zpNi)mBoIzl@!TD);RK=={@hF=a>%pn;tkxgtgt5b5H~_JAXi{EiKZv^e<>BXp=|x#%5M9TzR=r zvMrWuf1S3O(sxyjBgyvfG3C$Dzfcn#H$qcqqMAy2Pi+cI0yEmgXy9$52GP8vHV`b3 zM_-0Bdpf)ea6n`mr5qe@_4!aJXm7O#yS9g+@3n}^dK(dy@h!%-DNu@KQIuk46s4F& zl;TdJ6tfwnxQkPYdl;p-mj-?xgJV~u6m8yPl;XkWlwvVeEs04fx}@_hj@XM)is>q) zI1?YaXo0rzC}04S8~EBEgN08s0D$~a0P1^>%EFKQ1F)zII z?+%;+!LNbt5?1qz4$Eis?>aqMJzy{^tNb3qE!bh!3TBuf6g`AmpX~e7+`ro8TQEJ1 z|MxmT&dZ77W!Jd(i87al_M?5F@7o46B(03lD4|J|P?ScuC+GF6`v*H0JP-2paSH5S7NfF(gc5{xu{_W8NJSrZFFc7lzZA*N3!5W1i~E58%Jz=m3s_ zj&%w##^fP(-?)s3djh*mf0|Heqaq-?irN@N_xa4>Q)ZhzPqvP1ql7U@o;xvJ*&Kpf}R( z0RM+5_BF~gl$Q~cNLF9a0DizMl}KWVt?00O1mhGtAi!*2-64r*i#r<2MZnpY4J4^dqY)Q1w4Mq9&6!oFMF(q$9?Rv0Up0&kNDX^_GpI3BkVC1 z9)s*L10EaLV-7t2$sY6J@hp3s4v!)BSOAa4N%%++pWv?q_SXvbmx=vF5d+Fk{Qk$u zKTn-*6eTaZgtj`e54m@mF7Q&wv_%u~4>w!rfY$xzIJUWiUng+gI4RdDOcN z(N+xRNNWc8P2s<(y6F43>56(lTv{7Nu?w;mHvESC0GJ6lu@>j zvEV|O#X`*Rm+z3>sThbB_@MUlS+?wDv5?E%XZkhIZ1NdK`bniJCU1NV_0t_#+;RUe zdyqfiIm6q;qB5Pe%`U}ex2txBhuf0r-ISMz(5nfGbMKlD!F?ALy0MMFk3d;oXmcE%W0x3aFR^T{d+93k!Qo4neRwH>c~DV zlypE6QzK?q3rh`{;>4F^#9*ZyRzlIQq}XsnMB{#@XTOv;_Z}<8!F+_pquF5cDeR*>NsMH+pHzb|y6-^Yfr}0K zXx%x1&(REXobF%ukm7E&aJtTw8&&oKm0`v_**P6RMKQ}UK7S!J(+37pf&v{nML|ezOjtWiv6tAzZ{SujHC1e|es}c`Tu-b9}`Qvl&Q&BN#Dyl?cV52yI z)wU##XBOzxIEb>Pi)>G!NScx}M_(h^hB;<5P?E3T{WD>opsfT>VhlqFNvqiswuP}! z;JI;nrYy;0UURho(guvTX{X@u?sUpfgK0(NNwuvi)+))8F#ev^%};2+$Vx7QlEBFG zcpZUZ9AFYTd@^ZlZo_murT{D*#>9tx;W>Do9&s7nb1-_Rte5RZp+?vaqR(wM^n3n= z#j-&%GrNvoCMD}xxI*a!jJd!+{TBoRvu(XBP6;%W;gD?w{^L9Gnh=((!X!$gO)SmW zXtNzt9n6MdXRKxk<_X!{`AZW&B|!(2-TjIN9oe8p@CqnfLS?nQ41fLUIE)A;`-4CF z={PXF2LNx(a1KMf@uPw_SS=Z9;hDwq91OM-V&zKG*?Xw`uu${}CX=7xOv5@yl{yEh z&S}bHiqLiTzJ@FhYJ1mBn zVcD9?lIYNt;+2eJhC4^u%QJHDB+cfVus+Cb{f#{B)r^H{%$&);O)2`5MNnh;EAjqz z!VWwt-#YZa^Q=;%@P+&gGm098VPhBIy+al}B;f;dQc%;zJ59v!)Q6JA-$9z$c#VH10P>?O@Ux^N7ZS$JwQ zh6Y|)QMB1T7bgG4i<-&naPl2Pp{OCZGE`dzCW{Rv-_g*Ikl43Pk)NqhvO;-a^|{vD zj3Z|fv(hr~0@R|bH;l2XW*PlA2Vji%VP_s&zB#z;FY-GBcj@Fwi5XRLG0yJYSe|q% ze$y~5E2qM?VR>eEQrgr>Kr`I==#B3iK5%Mp@|X$c&00Z+3LPu$r@y1*vy9U{gPxl@Bsc1s=xDym?1>=F5Nq$cEt-`Iv&rV697 zJAA_uFz-}f+_!c)#|&r`P>%zBVG>{fEZvU#@<0U)bp-}Q2xq)L1HAArN)4gt6&8C` zbm-yh(?skW{2u7Z0W3bS_gNgUg6E_T<0c?*f3u(dQ2{Q-gHqw!m*Cr*!FP8H@cl8^ zp4QuSB|L}MT4ZZ|_)lEx3&D;W_|x)R$}eSg;rymd?yd7Xs@VF!OQPX6q0F`xfam=Z zBO}?=*r9=@e#lESw^(85RvZs6 zyAp=($fR%>Ix4{ogO3EBVYvo{qAyu&vI?EzzK{I?A(bcP03`rSA^QI~0n}T>f>!%Y zIo_{%_`CNes{OK*gXeLt^p>iK+~R5@$<1XX7uxtwu%C{&eN8%Z4yLy*5STt2PhjdW ziGgY6X$~fw*sH-!{Cv1tzg)T}s5u(}7;NCj^WnuB#=5$mb+r>q?`momVWtKARjP~B zxVRfARLG=yQQDcg-9K?_1I38+dCbF66Kt!^+%8hWbu{w7t{aI_wHG5>3*yHl;N?!V z1OBw!;d@Ot46lbh`eF249cmIJcTKbXDSP~=R7F9so(7ZWsD_%k-UU|bI2b2)|pPmr>Nel_F_}j0hV=7 zPK5ymFx#6?JcqZr#W$h}OJf_M=x%(dZ}K#n1aEy?q^TYqRJJc^q%ao6MR;#e-8RPA za0N7b^oo@z_K~t3<1wG`*Hj>KtHz;HQ~`KjgK|eBym#n-6QvC}{%V3WY0tu1nL=`@ z1eh;>2DJxmh&G~n-oG`0y2Pn5ewz7;u|^EU9>@e?1{^wtJlmo#`3SV;-`kr6)e)3) zsv_q3_rn|yM9uME&_aO4D5Sd771q52>WbC0xcFa{2X`5tn^9d37F8j0F9t0=GnA#b zr@(A9nrCA{JWe~B5ipwI%;rPce>7?+0Sj6eY`{;Tiynp;UA%Hs)5TLy_h#_{8S=@j z2t0;~oT_QRkl;j9jOQAVF3oq+jrta9n^+jXU}}WEt}#(4>IMbyCB>WZh$dAP#!e&J z>+Iuzbn5FBSo+QV5Fu`}crE}&-%Do7zX+w6mrN+SiEb9Ce}^we?~v%Ra04z+uHZe* zZqMW9lv;$cB%|j{TUQ6qnf9*4!ZW>v;*-p1yp6CFg9j8s;Q(cLl=jB*`C+`2W8ee^ z=pO*AKsm*W6j?`Ns75GTX29OC*#LHMxT?s2$Oo{?2CNe=l)P@lET++o4Zz0kiNo-W zRvpV2-z5@0Z=&f6hf6#rz0$y?QMoF5i>``<(*Iydcv(guE94JrTaPN`Cjn!2!+p+s6O{0t-ge zj&8l=5b6&7tm$fxdM8Dl1nOb^3l~g-t@V5Y51J~(3Id&VNV5P2T=tG}F+MUJ(%`1s zSHMRz&Z!&hVn@_RN?7-rpOEl2YKHHNw_yv<>(zBsmoM1fnw^v7%2o1Zfy_NaS-ZPa z?VbzqbAk?eOo~mm=q*BxO(;vWc+TA7!aS(Ax@+-c_m08^x5T-(IjQy0I5L_n(ISUkv?&Pyuodn?b0YZn2PQls2P70u2A<&88iN81#Cr zP78>E2#9^>n*pMnHDf{Lue3P~21`+`;Qb^PgK=> zsN#Wg5j<#l=l89_z_?Cef%P0djPIl*AJ4Wh!)tJcf1;iOHwC8It3q1Bo9ns*p`Ah; zH=q25by2$@Af}%|T=z;PYGr?jHTz8ML|(*+w8e=;@=u8^^H1vs5dY-5lz69`^pSY( zSpcKp{RXyE;ODcbl|AJeDRi8d3jdphj@OF(#$24iCzF>3k3HEVNNrrG$V(B{(cYRR zxQ`F`r*>pr546k90?&GO72g#Fl|_FvArJm7UdnzL>@4(V1HeCDWB%h3>rbNo zfC8ru*HU1VCp;TivzMW6q!(v%-JRJbhrcWJBNSZ?0%~T3kmg2-xU?lhgjVuz?6gVS zDE|h=u2|rZXBNmy(uOO7;g`&#IR`J}W^`F1>UWF?{e+Uwu8&X*H0ES(cSs>e;!(sf zD1ho=XDrVmWQF+;L45B29g>6M426k!kz$10XB54FV^&gCU;FRUx}lr+l*)@S6VP@b z8pnCSF!#$SDZYoFBg7|vge$Stvyn@RYe`c48Lj1Uz0&K+4&s>q<@rode1|y_izD<* ztLLdW=S)26noP6nlfeA7{~778-Krj7#sQ6uN%vCKhz~PgQ>(kke!Bgjs8${F@*EsP zS0jr=xBNpcIsWXxlpu6lwfRGo8jp(7Mx0A^F)l+K`6=FK#D$5<*jq^QUVaH(ozD<3v3||$3`)+ zktMpfW5P=oz^W43_>={sJm@b6&Qn|kW5d1ARyv+-KztEi?cy9_`25?i{HsO&ai3=P zw?v%5!7#3&)S2MD#h`4i1QiE3d>f;8R-^ypZd`_J%Wi2)?;x@I12pF>9I2x#_InX9 z=i-zG+c0yiPp`qlGVy)Hg!y_nYj(lu5u)Qg3dXPkFH`&`wmMgd@_3cs zz^Dryf-1kUG1xwm-+13DvF2Hv1$4X^5s7;ltD#Auf|2$Bu>^4g?<`_>^f&|mmM@z^ z6nYm5lDw<{y%7BW#)1s>3ghx4q!k~UMN(iK4_tQmM-T+tvd`~i?Mj>d_v5!G*`4k} z-YDG&Pr`x&P!KDBr4>yPSOUwLz{A{EfOh=vGM-K4*Y4m!ZdsUI3p1ts8F;|36=f>& zSUoHX78bZsG6VF#M$C>Z~ro#GJ$EX&EntPgZa{9nbKkv(j`rciZatdGMeo zgG_h5khTzGu}!_HS$2WQd=H!d)ewsOdvCM9Z+|=TZ_nAp`Q4;i3{#GQ^5rg@McLTV zAsIVP+mcz)EdCeNmzOx=FmhcB_c3dt?_}`=#3D){ zZ~BTCu*VvBT*w~l;c+&5gmD!Yu*XJtT*V&iP+or)1UR(uTqwxJ(=o8i=PW5;V;iAl zC-N6Fj3uJJky3^_0caS==_1NVv^*z{OqQ6^AA^zr3->8yd?{~ZCesXKD0wj)zs&9J zY-rshEzgHf+`|ATv2STXK3z1+SZJ60q2#$o=qkRaMcT%3n8Vk1z)}=38xgCwA!0h6 zXGOMroU`R(bo7-a;`=}&+FL&?W>qy5Kns*wJrBik={H!?(quNWf3 zp&96j2Bi+q)eWQv`gF;KP;XdQ+SI{IR;a_l_~#v0z`sxhog@U0#Endoatj|F9BL~R zEuhPKfseciMm}2^IgXTtCjeAI;~lb_9pus(q>cUv|1Gl#!`j0_48t4+(6rlV+T&h^ zx90PqIJeYzHO51>##b@2q3_K(ljw0 z-rLoW$8>NqQv1>_635b%m<}fmY9>R!f8?7K(;5bcw|Jw!0n0g}c0K=7qbmaCn78{P_S*sWz9#W-(n3;kgN&*j|c zKU&P}v^{!iMBV$R7BeMuG#Q`%C8~+vYwm^gCb>W1<&3uz%9xCru&`=8D$@Ojn4I46 zd?*x90&1+<45$51)T&vFHp92nEN-wkmOgsXCrqBk6%PI@;$SYugNauWf%_TC_*3xS z7yg>6uZ3Crh{wE260evp~ada{i3=eI8Z?9|-GUzQH+-x&G(K1M|V-qG2;VpRVyoq&YuV+U%kB_EEW#c$glF{;_`?u za>8FQ+!RVaUxOICc&)yLO67W9X&uzJ*z}P;X=vpvYHhU&7~^M z)hf-EvPwBE^(iWqX0S@Ld8HmopPiu30)5!3Zy2kV-%^LumA1N3rRA%2&FNKBb-$Jg z+0U$Cm8ReeDi~J~{kDv~T@d|tHEU$GrjZg>;MWw~&k7ne1(R4oqo!aOE6~L?FSv{q zWN5x<%L*1~3Qkl}L7}Fgjun(@3O2EV6`F!KS%Eg_laCdoXbN1cARl*fRKZQGV78`U z6e}pmYF?1e=bk}p zQ*awA$kG&utYEgL;2Ku2KvU3_6|B}2T-eGcs3|zi3K}#8J6VBgNb`aZSwV)T;5k+> zT~koV`xx51;7;Du@a6^MSV4v6i@{jn*+?-SK(1y)CSS&woTQlu>{mR`+EEi5S%A-w z>v~ZhZNghdz!@DW!gO0~8RL(eg55-Uidpn*HiZk^M@4zOnQs5Ei}9@Ybz8zFSg{3j$@!zw#U-QV_ zMeg3ZV79pAEH*Nyb${p#?Wcp>%`z$0k?t|`K+u$VfQ?7=87~q&745NF7P>@>03^K? zb? zw4me6rO*mggBI4aD16YsWVHc96;0K9%GI4^;|_MTWuC&n4OZz|nWZ-1$soCJt3w)! z?binnVv?aGbOkd|6YkH0|7ixF&<@%sp0jcDlcZX!RJ5dsVB4ZUGt`%!ct;o3@4(;Q zz2&H+62@B>wA}=(${I>g9J>pgCs0nOJ3-}MVnS}TjG}yQ9FDa zYvG5KPklSw(_6QR)cMu6TDk`>E~fz4uB#pLl|He_bH*T)+-;!i#;1$uPV+HQUrTDK z;u@$LoXGQs6jy`;&Xu=p@Or`_{Ssa<5`rdT}fT{F|TS3T@=D`@TTEuz1>lbH>lO+E?(NftJ>^ z6#pcuksI$;8yRm@2>P2 z?5<$c?mGBDcyg=}^xFx{X5m6;xn%0a=`*&mtj86yr{jWPB)`|z9)(FFSHqqbe^@!vOSMA}PRoL^}x3qN~<20%aD zsg8Sitew{%zm1OH^y~dCb>2>|96nE@+3nzP_MiNfDZ0EdbH!DC8VS^y5rg}fDT!;t z*%s5{nf1ztahPY(=WO(MoQi#Z%bZ1UFMg<;sbR5Zc0*L3gVjj|b756#!nQ_~=NMib}eY-I6Y*7u7M{}2kx4@Rx$^!r*`&!G`Yv()IT zczzS#5t@=33H!Ei8-Hbst^SPZ)n#iR3Z!eG+$=(FrA4wO!L$>EWd(H8x3JzJx$8t} znja2m7rSR`Ji3TDBwI}|h1+{N_2-@0Td8xwGl0ITP$B~??S>~SyH+UafLx-_)yGJs z4fGDvI$7kNeT1E2cAc;^NNH1zy?|X6$paC-zlgryBb1Qes&6`cUg=0bNUxg6q$SHD z>~>_I5tjZ&d}_!wi>aykjqs^;94!t}JdJ@#`3bqS7awm30f#b@g}~>gW4FGVpp$GT zBUMfxV+%4&TDH}A&ZP+6c1*2lJ4w3>-<&~MmZvb)cEP7aqm450fjK>o4d{-!+QJr z=FW)R+JOz{V`%wSmT6GpkX9Q$c01=0B3hqzUO8~n{E^3OI5cdRZ2-#I3jnGsPhl6O zg;9r`44DiTp`$G;kb9c@NwvcNl3DphbV-5wz!8s=K9KT>Cy4U6>7qQ9R6oh#1m7Dz zLEMrzog<%8&bXz7D?CpXic570Jq`wy5? zv_#rt+9|jI+IpX$mOuWeAIP^&PI&|+YQlU>6>gJV9%n{PfWd_SeXQUX3j3RIW}5A4t5Zf z+KI9~Y?;y%LEeo?tq0smh+SvZkSWE7F-<92%Ky3m$65eFu$4?a(w*``GKj>GQ|Y#P zC4>+NG01_-BvD~%fTF29_(lbhxGmf}y?V5$<7)VBu&}T^&IZA(6U?GnNO#s_vp_Lx zY=CqsK>T%gmu8=)G7l`ms-zfTkuYy(n zW}=>3gTyiQ!z!}pqv_f86;?KQkOj!F+ke`?#etC&2xSXpoKo^30*K&fP(DP0RNPu_ zS!NICL;QVaZ(ZPBMJ%8=mh$5yM&rdOJ;`Kpf)NkA`xx9Y$s$WZ2#vn`J|dVB1=+K) zQ{?vYn1gY@-%oKwRtA%XgTXr{Zr_wwN%l=Qb!O3-u=LhAVrGP*$@+-KFLp*XF7iNl zop5MUgN1cqsV<3N{;q=7>?{#v0Q2L@C2T_*1g{}Zjf`cLY4t^)yO9hLL?vq{jLSex z1ki45?F3@*T~=I*=`=v2KGy8#zo%J>vO8dYmy#3O!bTm-247q4`TPPsiCp9ZzACT(2;=OG=mwJm8`!IYQ6*Bez%1k zKxVA#)#e^%%{|VV+X2l5p5lzDyLB+-zsqHT2r$hEFI@0ugiT@gOuoL<-qoYGhH2VyOgO%CMe?^66a(1o$fP`T|V*R6q!uBO+Fx4#O zUl&I00VcfB?x{F!&#rX{xtkqQA*KnZw1Jht8%|CXr7iyDo(9%4S?Yz7H@=N$s!sHc z&l07vYCLNC6KLzLK=Y>LghPa0BubB@5IgG0fW`y=Vit(^-p(dRcip{+tiqmmb&Q(h zgty7~)O>pcAl`btDHOQ9DSV$DE59EgROD?9i3p%7plm>IZ!IG4`cG)kOU~$Yg}P7i z9}(aoO15(Ns?KNpnnF(64)c5+HKMO%0fEL=Axdr-)cb|>=R#AYzluCR#VKEI2iXzG zsLgDVi(e;{5)YzcqfmtQvxr}c4zYvlooB)`n8)a(ywHTYW-}w1x8ahB*$ptP22p-C zA77_$77fpew4Bab42$WfM(I$ZbT4cp}h%c^88mB2PNZ(+AEzO5BD? zoY4?S!mhL3bwbGt)> zfEZP)@Go}H;tZH|Iy7&SN5f{dHK>XkX1YDCkwp&ZFdcD%)9>Hw#AAB^*T|iSw#eR8 z@=RErvQG$0 z-=?om*smO)DwNb4@WM*eKaNXc_a$8`N;@1V@TG5_*F%(^#f7#>RhINq4(WYdQ-}Uk zu+6L$7T}Sg3P%RJI5(5uxPZTPRVEjNpyCh*CDd z)-HVyET(U~DR@x?e;h7z9}ctNN^56A$uB``;!wA4uHe+4v`ZmeckiMm@}Oh8e41JC z{s>HDU}=1$J_@!S6fU8Sh{i!}pxL#e{t0|Bt9mqS)6)5EOQ!$>jHfUUP)`E;YzaG? zD1&^kfE^&aVBIE486@@C)Au=qQH>yOHwwjfV!SFD#gvy3+4&yn&IgaS@;Ra8AK&C^ zkwIjhQe~AI5g&=!H5MUv_mVRiZk?_i{}FO)>~e7y>lv`4bFCT(fOruCUYmXhi`yk z8EHX^&ZBl*x$_0?h3=FpO@RvbgZiVjxS7FJFhH4Ma0F|kMwQ=E&VZ=g_DOS*_9Wf$zRs$Ut;p1$y@oROcT%y6_(S|GOSPI}{O;ZZB@q_5nl`kS*+)2?2n@_5}pQM}@> zY(u=e13<_%CYIE0t(36~y9pwdZL+LM=l6fWJyN}brt zgK96hJ-NTXr|E#;WnMGL)##%18&w2{N#*`e%9(=W^V6^r5e&0E+|y00rzQV@p4vpr z=Ve~AcerLItNGMasQLZ7;hKR5>H4t>)fj=DjK-Piiu=h}-qm0IQ?m>grZ!)O;39Y+ z3sW~7*VrIyg#4U=#Pjszd4>JwR9?D&EwU11>-VLi4>x$ zrO4nh^)WM9U~r97%gBexsRiTJH1}uWp}}pmw7|Fbv&-XBFphtOLZ&l%vm7cTrf5?z zo)kx|>0w&bzc{6>%qe0wP^kr&?cO2Z1tJlUAo;-pMJknFA>uWmy+tO;2lvmnOdsRE z$AMRv(l<`oTf=?uPWWs80M4p<3sYdBQTH=O9t$E58drl<*S`X+K($xV$~v=83*H(M z6{#QQ+=}A@79GbX?X=0>T6O`}*o=?zC3~k3166~5#mlXf^ttG$p51&E?bS0D$}7Z$ zMc(Vfu940f8c#lqCtyWiQXUP@vnhkvR`QB;$m@t7uHJ$ge7mQ~C@lSqSScLdCd^rG zldrJ|U)nuY=bhO<3r|%z(|;A7tTa^$-lr&YWi>kfHn1RhXrKSeyao)0(O<_}L#jDi z?gMRn;ne?z)v+lUEvD+Oz|gFs=WHCc=)S_9{U5=De5*72h_G}Z&4ol6)coYlL(>l% zTK%W$oas=Z6V}vY;I#!ra>p3B;@)BwI_kx03z^dguHzH3OS>tpr}T}3TS5(d83Xot zYZS#7TAO;dBue{{l`!Ftxm47bE{H3gYN*OFCRu>N@?EdDNRyxyAFdixfaS+C4Oo6c z>FhS8A~0c(;~OZ3FAJdS9F{<$PU`fQUOWE6;$cgRJ;DgK1`V~I(#=IDiWl8ohW6}zGOKr^Gw*B zh#~%<#ha+bybLk14kR9-Xaer!d~G}|boa!m=ZH+l@L3;{n6LbdI<^}=qgktv!Kn0} zVm&{H>5Z0+T)WXA8t^{;jS?k(Hz(bKZZnd4~pK->h^Wt z5;&-jxc?L7YiSFeqKoozq)!TBW_5?pm|*u*3?usm|JTPzFS=l`sLx9i)AKT1Re>$= z$%=@BQG|9$j_f}i5^CJGi0NDG5-TEZ$@>8bNOUrzx%ga)!*JH$@D5|*hokq|b&SPv z4^d}A%H7YoA$8AiPaUvxnD{8eQ#J*ZbR0Msmh_H zzAMA`DPE3U2Rczz?q%4uf(XJL$yo%Z;71|do_Dc9!jkaap^N*ZN4(Z3oyjsXc!%d5DsxwP|U0dTG2OjLhB7> zYa4nlYOX{{S`Z63;rQiEA{=pNh;ZEEWQ61G)j&8lH}f}Ft;u0~xlzNG{RB~rL@|3M zPTe(KlvXmbv63M?lnPc7=459HK25@T&`6PWBvOQC{St{E4TK$o)ns z2>wlBSFf?kcLG7_fSKPNC~@Gfev;XT29uke-$XJsaL5m(S_((bbpLA2zAeS=4_?jv zzu=3`+WI1|f2UGklr3Bt#p0McWW7U*!&u`*Wu&mJ09>gHU^wsS{ymG+bi58)e5Mi` ziu#|Y2pPJruu9WYP|+qz`ARM`QErQ=%tR@Ut|+V^S4sMy+Y)A4>?9E_XIl*#+x2Al zSSd_P!&uyE%n)y=C|^%{6Lr+yF{GV<*HWCF40q7~>B(rrg!%Nh5aEhp=I$0f0}}vO z(t2@E46c$JMxoj(O@Zs0S`;c2R-ZakR@qQ?=R-z{e@FT zGXO=<$1SI#3T93td8>wEXJfCN3twgu+*LgS!)}Z=lP(9|Av-wbg91a?|h&ycCMwh>85X zE4Wyp;;cq{7-t2@BVKA!Tg|Kpw{?*Q|3O=9CDya8>0>RnpHD4PMa!nM6rUtcD4LGM zcLh3k-WW(wuh)nN9F=m5)!4o}~@FJ)JN)1pXHK6S~qUT^~8spn%t zxi@@ZlRjtH+ujIa@GB7r&8Ub3S4T$P16y zvgsh@Fo?j%9as!GLO&Mn24-hhJbJkpZ;mlPo2OClp61y|dKcG3zA2F41xGZa2a_Z4 zm3y7YEWeb7@C6Y(a`FgI@_t{xD3aOrO!)3X7j?=Q*TfJ=HhhHJ$2~txQ^QP|3)3_C z{kOcvII_z@m<~Gmvi$k7vMg;*(6T%W@bQ1N>Ox4f7=rf!Oc<~auTnOV{Z~5+nP>(L zu!r$lhy__uF>nj`cQ)eR>EWB`IpnFoh22DdJ(DCu5O*b8oz-_wd#i6oqE)H~4jqs) zJ(wliae6QTnkL>|vYjN}9cVlL!u#`T{2lo^yF3q3cYUPPD3=^oEVW+e7tg;%*k{2G zz>u3rqYlYrNaa`bN&C?(#_2CL$H_FmCi8ibYGgDDJEa1co$U& zfyIQTnm`7=Dcl-YNx52g%6s84jMq@6(MQ!=RWE-}(*f6rz(#!-W8CRR>P#gaYwV;Apk2CnSw3?ZwEpNRzgni6r$pR{_`kvX3Xi$HChpfR3t%f5Zzr z!|I>`Py=r<&;?eyRcv(_Z6%H3X|e^#!C+j+$*q3&RjKAPUF7Jo2=n22w$6@11h&jm z!J~XxJpHw+3Ukv}P=?M=zn z0Ie*#jpBET(tfM{oM%f%sfN(TVf+QO;m2P<8^0R#0*avrsMLsP z4zQEdKo!p8FO=&le>F*Nqr>MmN5yMJ6N32#O3q1nbW-MaPh-6BRHfC|UlzGjmHarm z2LK63^_&6L@h6fx9!GwFg5gHA$1xO!pe^3c6Fgfvs>&)MR7IxVQi)E9wS&qhV8tBL zA&bv>9#}xMsi9Jz7%xiH4Ir;h5w@L_Mw1Ods6pvSsc+=co&cMCaCkj;TF^cQISJ`P-)NBP^y=0Crd5xZ)2$?j@iqWS_~Wx zc4*MS8?12kaY);lm&MFFY_n+^dQVWP6O;3>Po(cWi<9Dk2cMH6+s<3C1D%C>Fj}Y! z+$5G3`@m(aE;*^9Ua}`d`%=`NJiA{(z3o}%Gn@1a$G(jU_I=w+*tao^eSZ_YK|&BG zRqSihGlh3E%!^6R{J&qyQSZO_T~-Re8=|m5tQiIEj%zjfF?0Fp)@_qQN0MP0!78_;|wJUVt>p2#B_yhPR@R2TZP_4G_^=N3p&=IPu zI*|fXtN~g*8p5<=xY_{GrD~N0Pke?jZ?B`YnoFQ&;2Y&OK6;NUu+$s&gC!ES64qxQ_DR2D z8#r%zl9<~Xt`Bg?*EnT&K}61B&Y$+zbN+M(=TFhWhGTy_@uvq#hmyO5E4gnYFjmR7 z`qBj1cDOVT@SMLiFHW|7SDI(2$}`re2%d&qk_9bljQ6Ya5Dj$}%<=aR>#Y+y=C!ZR z>v{Ez2kw(?$4m245mDz|f|xq*($ZTlBeqpK0qDMu;`Qc#a4NE`IDTB1V3%h2VO@rv z2Vl2jZs>!4`+u4!(mf)SXDaAMy0WOooh(XJHF$TFzYPm|K~onC3B@X&M<~9QzD&pf zJLf1iOW)!>JY`0EY$(~P``h#-RO?P_hP}oi_jtuhhP`e;p-0*l=o`l)zhQnV*R>YU zg>MD#a$Wekexsg`lEifw=06t$KA^z96m%?bn5B_pCfewmMps8{(8?6)!`bkmG+%68 z4L5pmShiIT%v0CFk#>iHz~FL9`CQ3;M# zKjs0v0=me7wcgnMi^6IlrLiT~Ml?ov@kI{vn}w2^NU&wX$A71j#6=qDP0B`_CjwYf z%-MdqQ1k8D$N@4g*sr;?<+y6;w9ZC8gb%Gbw>!VXa~!&7^D z$_L)<`egQqZ!cz#u-UHf%N|qV@hbKR+xhyz>@fo#hqK2lc(k#{9HH#`i4NH^$u875 zq?~-uPX>4^h9PYf+8w-O2(#_=#@zf4&{{gXy)#|g?QgfA13xs%lgh5 z6vg@u4!oz2V10j-71sB}_q5lqgX;d5ykXXt1hW;*Cyw+GO-GdKlSh~}Lnz3|-C@8er)a4Ip*vst9X6$7-L!&xX(~!#SUluS;Lm1Rh z5Y1TEEMS_3<$s}RSiL~Q*B#GLG!0W*{p>F7XT1hRvx7n!ppzwAYc#=UDuRbO!s_-I zA*}x2(IS37kRhzEJ%DOIYndO6rJo#py~6snxBBi$1Qf4mCjE+L(jQwh$yA$vt)F!0 z|4Ki}Jl}KYlhB{9kFB4ajrvKUxqcG&=Ko$lSvn3GJ%>IlBz9|mhXdlS+lMa=Ao2rkgpZv1(U+X6w`oE)}Jm+p%KbeyeLqGXxiGn1)*iZYb z6V&!ESn@y9Pu9r)$NI_PZVk@pklC_+((zYFRZ$vHi@3%Qmw}@(}J}IUc^!0DZy5W5@Z9HARD*@$@rd=K+!9R@2Rs& z3lF1>R)qb}P?6~yNuIQP#`v11ICn2h8!zjcyOUdeeO6dJTa7mT`7rYF+^isX}6 z!wzkAZY2H*C0EU%)VtFa^~mf!5i;#{CsNh{g8N+T4V=T|?Rs>FTo;z|C6F66PWdi3lqHKsn2Tn{PwZ4R* zgG{_?bB5Jrxs+_wHHgf^pH=0}Bl@uZiH$N7Mj6;2<~7>IDFb9nH%V7GL=ik64x1nE zVexMY@N!isLhEzsk=D=Vt^&;=y9mQ!Kc$cA3+1SnBG6Wk7UK~uDZqF{Eih;&FAptW=0gEcf^8%#I{CJd(_CzaV_1mELG^F8+Ymc8`(lq=ci_rmAF;+Xe2YohOS zFapL}!km2#4oTx~szlj4NpyXj(QQYv|1 z%FdKf^0fPi%PUY2t&KtxZIPYzrS0%8W~?50zOiw#^Sjcq2E>(Pjm??81x$Ek%-)2A z(tFyJjx`}d9h-;rk>9gt(mSJtz|$Ud$mrQpq0&<*oBjCrH9Qc<_dhhN>f~8fWa6Q#aA~^4B z`ydKgLg@dN=;mX#nR&N@!lQ=i>=$m1S#q(!k1?A%a+g9_qMF)rc|=o0T{h|?z$@(! zCBFk-(vCq6-YP8?V|TRht`_Olo6C3E+8m3*fK*wC-vr95WA<#TJC9GpNJ)7GC^ZYi9!_r*N12XDIIkPju3oLp8vx5nutUX zDe@$vH$T;77Kbiu#A*~TR&dlPi5cXaEXl!LK1C+mH#jk*!H!w|h=#q&xLZo))981N zK-Y$IPJNRjJ+yd9pimbbFHIc}9|Q~Ti~+IuNQBJoI2Pf>N~{&C{L6t@Xdv#3)j|9= zJaQ1rfJx~d5elBgKZK9UPcnW;j1ds51%9P8TA$rOk{w%$z7}HlWoTb4IB(2+3YMm3zYJN!bEK0 zOvGJA%H)gvvBW?durJJZuGm%go=IXFOOXIazY~vc>8Xyd(hWc+0u@DvOT{>{=rH7z z78rs04`41UK>1-rO&BpwI*xJ^y09!8MlLK)>1U^O-Y%VH3g%jjV6N*RmSc9M84uil zzbK71iskp;KXZobt_Se1w$-CMVOo-Enh=ZT^%M>a1Th-65`Y<3)7SoAeY)xVjS^3~ zgkIXnP?JYC%?4*@xr3y#0zQ9l$aQC{-rLD{gxPz=d;0+5*rjnXT)yjPXfmij3?Bs_ zV3RP!$od3A-z1>(eiSXQe}X)qCzAH~8-0upADE%Z96hPFm*QidS;3PtvsfyD9JKF| zyYwNihedSz=+p^i`eB0wZz3V(vqqtKC(3&d=|SG}Y(6JupPlOrha}L=hyq}%!>YR- zhP5vmc&PxqI|#exnkb4Y)LVNyZMQ;YyV>KytBe8?phwL4Ic5mj0a2|gW0tP@s@`*Z z)S#+tzy2*CA7`p}@3T#4s!c#~-KPL#kl@`IF~J_qCwTfceM2u@;4R=IBlpF;yF}mh@wh<$%*G&BHd>vqen}l0tQ~f$ z46tZDw~+N>a%`S3oDG{N4L>-KajxkYIa!J|)(56*Hd;k5%!PZNHd@p^$({Z;=RaL@ zh(}G*%~4j?_rJ_E`OT1{F%h%PcsRgI>k7;i((v|q8LZ_gof9$hHHVS zz+dH@B#rVJFY{FN$DEOJ@d_d=Ku^Bo^rSnFZysJ}3_GxV4dujG4gYQlCt0t)g)-1!g8xdYyIwN#DnrIT%4ETyA+%eEBwNtJCq;pY-t>7AEW(*zlzS-FY` zO)&vix`X%#5I;e#_3)sp->cdc(Kq~!o|w1}bw+`E^vpllCtkqR1fJEH#NG4x8n*Y3 zD^U^`GDli}ix~icOY80Dc3hQ0F^Z_&GXh#nL{Q3;0Byy28V3qR`grVN zkWlmxQF~fg9>YBRgcC*5Nof-chYS!f#8kp<#39;vTWsmS&CqKsF`-CA9zEAaNDc#|NH#bZ5%rXdvBeTaF zl$4AWe%~C1QwHNr>*+WJdOPD8^Z*F1_Jtd9*8(&ej5@xBhheyJ@Az;MJ*NF^yeSG2 z%F&1yiXMiRKV^2e@ZB1tG61>kTD;auekrqSX=d=N&lCJEqaUj;=)@ja%a8#k5+b;_f6QinR_YaqIxdUx+C5>jOMa`oTu{F z$@r|A&JcQ31=gKM7aY>{pqdmlK^MmgJ=XId8ol;60FuDMIF5YWQy45(#6`oRRL5Z9 z-5(cyT6Rp0np5F&;(r)mSdPU|;ITLbR56wAi>Knu6bLe)gTU3Xt`-hYfsal^ebiSSm1Pqa1zyu@ckA0zqIPTR@js?$?k$g_K#(mN61!DO3KZAUiTy1G3t#5nW+X;Eli6*7K7!JMiwvVPjG7X554> z0Y{Fg_UVd%=kK*XY_cY?Y3C1msjdIcR6M}vr2?N<-ki_-i$lIvAAQWrr_7i~9Ci_I4J$)m4PwE@5wP zhPUn1xA(BOPI!BX`gYP)$m5;^^m2({jvxDRFSICb3y;^*W5R}u&_pFvZj9Xn z-B;_`WX{I?dbvslh(S6IH^5_JK~R0b|B?nb1V){AJDcWf*Twy-p@tTnAi7 zJzgVkI45K*Z>c*Jli#?3y2E(>W|2ZQAEX3pf8Nj! zhv6XS0c3g$S=x2xF@_3EqM6A%ze#_tyn2$d9excY=IqhMj6fCGXcP62aap!eZfC zwiO#uLS&CMzTE3jo`W~D*&D^s%*e$<6BiGYn4uYnk_Fk6b&bWJkc+2hb9wJqF7HiY zOwNkza9ZWn$|Efc&-Jwi`-2$^9Wzim%nnP3wZPsMW=F8MYx9Y{WqC=_ay}ti-Do8C z)X3<|18;&c}kk<_TU4>#7zz;(vUkvzRbl2+9m%HwoH&d)0eFabZoE??` zaZtdd(s&~{L_C5|xJf^EF>$DmBhPV7JU8EpwBI7S!+;NS-8!D7n9dHTn9h!nnvjMS zb&uo1;Zb(qRMQ%d+JNEKWm^L>seKmGV9Yd_I2_CjBifrXCT)t5T7r{g63X<%r`@Co zh<#ZKY5(SU7NF`umOTxZS6*4lrjHA31doiSHa>l?Gkb@y^h-R4`W>QYvr&{* zVoP>Uh1ro^;oj36obGY`*glfkmZJQ3ys` zlEhjOZ`ovG*}j84xjx+<+QvQrVaqH^jrQy>=g#Ca86!{3Zp@SWWQ)E9MyqrXT_q7i z?u4C*;?JtSB>n_9w918)IW?@=K>=9IBjK%Kq}%VA^%xTy^$D@JWD|+EuDj7z$lYqM zInHJRvoHSaTVdWOEH|gbsdDqA84REOg1R^iz^%q#c!zK0;7}Z2tDWw2XibZSh*VC| z>-v%->X_i&4?KRVBtsb+UOBWj&cxiaAU-hoU_(hmsFf+$ioB9`YPE3)ThD5~B|X(C z_U!68yOeE-79^h3!8YTaXWek3J zN=mm83FqEqb;{K`D>QYMvN|i&I;%BxZeev4ybMdqpyk6j4%bA-f7=`Z0B;BgbLMuu z8Sv&H>6%9Aw5IcRC`MUeaoALh{D#7%tuB4-7>!i$Rub&;EA-lhe|<~~_%UYdbH->k z*2PK9EU>kE9HsVAq@?yQP+wRLd zCuTR!ZM~^|q6V^0VpC63F1}miF_CtE#s)Cgmp4U1-77fBcoS`J(5{Uvv9iDEI8){%srgJCc$hi4vwZttXAmHJnE;C2R8Kd<`W4sP5K{2>E%_*EE=27 zqIK{t7_FJb+D`zygYlK`RyNu?9PMYaAZ!=2Yvz0;>UXvbtk%2fI9jtImSH!$Fy){@ zs9~(0r}2(?t+(-IUigMaX+y#`9)mUzMk4_hmGuVSu$;*4@N6FUgzBdxo5j4_Qni0X zZ{&G5t|cCYuy5s0Mr2|Zj-*VzC!MhVYYQ_W(iS`2MgIFYR>n5F^_A23VVh@QryRW2y>jdI#W^f3To(9mVQAlbU?|7K~1daVTBc zt?nS%3OneVs2%j+$KfLzyo6iVOr1>DHTSI{>zeUYqtf3s|3Zj;%zBGykI(&ifPQxt zt1Ark@RebdNgUqvVf5aiA zo65I*B}GZA3MC)OrvyG5u!e78?Wf(CD!>BM3dJMUe3Z)tsVIw8BJRS3qefz6w}+Ci zMd`{X>P62Py-@NIdA<(nLvxrHOOts~t_I*^U<_e%t6wJ)qz!Koq%VBPApOp`3n4bY z8}$)A^^4Wh+EJRGKKn2XtpHQ1hZ)@}=;l)vbFP9W_)2`K$9ZEh%lI#hf;o~qHOi~|!%`GA4f=>+g%JES{^_DG?Q)2L&Dx@%7B^v|M! z_zLJDASqT5@+ea%ImLpZ(QRgu-kcOUtP=f?DpC;p!gSA#=hOWVB#OXYs@Lz{8))!H zU#Gzj#->M5Z}3r-^3g(P7)Ilv2I-+0T52-{(9%VraDFPZhpV=jXlqwQTU>?DZ&W-_ zRN*}cNBETcA~;-4YkTSZFTet0)L`G>3u_U7p)h=LCnu_}2JfVw;g6DR&a+0MEwE14 z5r0z+Ou|C(qk`|cuYhQT+_zam-welSuxt($FRMmq zzTE#lcF!`=4dVlRicnVanpbInrSC@^iv_I6$BJHjpN;)m7(4B$bP#+t(D|rSf_p|A z>9wBELfR#dNd*vZ$NTz{3Gpl%ERawm@ZK|$N=1F;h|ocKvgVqmTK?Q%i2i&ee%_YF1vfk7J5#U; zXZ9CDaW&PPr)lA59c#fM{Z1`h0I?;&GCqul0W3B-vv&){lW;_GKkX1)og%xhfRBUS z$NIV?*`!8WdW|UE+$R;Vq%o8{&4C&FoJNNMnw7? zN%Y3rE<95?{IG%2UKCXd-XHOlpG7{v*Cm~k>?qL2jn#rSAubXMxQXUZV{je*70g1T zf28?nJ0KA6Yu@<3^vxPK&iNcr2!%fO#Thqh0-_4AtjZO@&)Q0;d5!ZQ%%bFPsNz)Cy$$B7=<6AUGufhdxuUfy)F2m%bas=KHM` zc>E{2$xd2mY_gMvIdWEMq{iq<6MKWasdXT1NtoLSsp#Hpq<5pu#G;&G-YPJ6rr1-D zaY^?17GZ|re5mQYHnXt(WTt@?_N>5 zl;E&X@(X#|Ze7XEw|CJqIt6@sWloxi%gV4mi8ZXpvtU?XM-A)if2qU5lHePhKuj4! z1mfNo8G-m0BM`|}5CBLO^e`Epc18BydTJ@_uv>%&fGB+vO74|~YxX z;>W^xg> zVO>R@P-Zk#{$#dP)|)JewH9IB9xSpZZm#^vWEIv`QUxfnW?H>#LX~2uLLA-+nsePg z%X21YPM6HRR^KT7EQ_ZxXKt5ZGSNF}NBG?w1M-p}DZ*c8a^@yme0Dv4C@h_i2dpdA z2UM-TzZEyq_P|uOpQ%<)}75L*zEKJ;!S!oGvlYCZ+oqdAmfOaab1%U9 z>pUEd0`xW(4s}~%Exg;FhoiG4R$5@}0Qb#Q$Cg-Q$*c)&wn|YOc%b zvv9!Av-xK0*|?Ve1^^4rkD}KADs`kwCj&qu7e!b)f!=Ia#w&Onh*Rtsl$zk1xtI4j zXIbXWz{d@2+KQH%hX;`?1}#EzZ8=0;c2IiJ&8+q&#V=hr_{kMouOH->CKnxAGln&to(ed>$NI!y;edq zYG);QD|0GPh|+nhD>d)$p0Ake(=$cK>(1{-^6@*_cDuHSRS^zMK=Hbk=Xv z^T%)fm?7B`+U5Qk7P3F%!uENI3uCMMF6A5YeKLst`h=1Y`92@UYJSdYW>C5o*3+~# z(f8;3Mc*^5C2t?(;=VN~Z!u*9u6d1t`!pTHm>Wf8U1V<-J*3FqVf4@wW`H~y=;7I#o^Y1 z-Dg$mK$$f&sW_5Hy@eLt9L0i~gB>kWP55tQP`BG~>sWAacCqlS0{jdzsL5#mVawdB zzK-BexjA9A?L4!>T-XRJd7kYSyqN0~hY=hbrD9~%W!rhF*l1RE6P6p5a+6Y?6jgp$ z&&$n9d6%g2tx9={Qr{iDk7P|7ou@d@jJ!5Yy{q|%mg3cZ;~CjZ~Kxa#9nj0<{vAtjy#|E z{fEl;MP()<^@)#3i2UZzBj4goBrr5E`;|bhZ z7NM-tYIt#p4*IhVgl+$=P5R1G8BDQCwUz!3^od+V_Ftn6#^+dJf@R4eEEqMgs5`c0 z6Ux3FWhip%&2w=HvzP1=c#HJ{to?{i%#-3INwm;ACG;iz)JQJ48&Hu+U?DF57 zVak7VhCTmFGfe$&&alsabB1aEr5X1BZ_Y5|zd6G}|D_pb{WoVgOqn50ErrdagYt>| zVt3Y9&nH-g1ZD060SB>x?a4E|_ylY0xg46|7HHN=`Q6&uq?BeFE_Of0X?`l{Bpp(< zg(8Yzj=}X)m4p>%FJ%{wZc*Aoi5GKn;QtKxKUEF-mCtBKK@NtKAvefebZ#hPk69Qq zYOcc<|9pB1@o?Hf#gdF53XLaeojS;Vw=iO@V#5*3G>;Z(9+JEh&C^p!)h>BuKWb{6=$cR`bn+?GZg^FWS@{ms`j^>&V`17jn;_X%x5R+L?;R1bJqQv?ztHLQvyB zYlU6figp$RuC*u6lcOa@+_nIa@R@AEvqM73Xg$lyTsng85&MsXw#^ic8oBCF@;#~C z3glj9D<*~(IlE6)|>{$H0HCt~!G!VFm z+(XZ~Z59fYewkDurdMMcdr`{Dte^->d`X|rq$PddLrdE0b+)8auY@I~?!V(^s7f&3 zdA<9^$bZsXyRV?dU`}KUgJQMNP20lZ*HnlcV%cURT07D!Mr+%9X~47bwdj+nF}l?H zzd58TyPSfCcbB7?hqT|j*VV@V^YH{-Fy8;eMHfQMvu8iq8%*wn799zyr5QPkY49EJ zbaqS-WHDKU_iG(;d@uY?+T)OROtXjTTdrRN^-~;j``<6-bvHxZgQ~q8>nCi#BHOay z_<#V_)-LH(E0z}Kw+l`jS+D@MrP~{v$+C<2_Qq2wJEvn(rm-SsVf8$ck|TIOWpTJ> zBTjMvZnDWHt0bn`WYGw}{oxn?&Vb(}_#FhlfU3kS`0WC}!{8Svo|pr_J>l01qVL{$ z=slN{0eDI90Tz09#vL3Ht{p%iS3duI3P$MOT@5RFX zw}3wDa)?boR`b>rRcP8NNWjdls+hN48{zx?EH>_#uA z#r++5zxWN_eD)Nj9hkWi2HX+vK10dKx&jD#R=7FN^TZR=@xG1dIv{3<4nd#!&JK zXi)Z10}ebO0a4lvd%OVsp1xR?fG&;Jq9g86a3ai~qH`BB_QT@uS0rFqJv6y>8G*p} zi^L9D7x8Tt?9cXLU#04PktO?r)3iX8QmW%3cWnzgYS^_cAsdr z%lRgo47}Gw3{3{pu>*py_F**3tr;r53o{$IT36$$$#KYRT}IFr&HlsBCFq!SRR@~O zz1^eNFO_eEmhcN*O**9Q{`VVx3;D)}vKuje+l(`e%|flz4^U8L9I7KL!>AM3%r`Mb zulgn;2T^U~0iVa19P;gEhuq1j|H&cMis?0IWo;3j+~UZt7oM%Kn(7!|^k}Q};<*%! zi+1flRlevBtK41mS&X7I%H)74rB^$$kIsL`BJ6Zz|2XG$TjnpKRBZz~F~uq!2>W*y zj?}qx#ZYxro=R_xzKQ-Gi3_*$uHIQaI13HMdCLJM?wfw^RDY zo?d15G#O!X&g>%=;n^yS=?9vfP*fb#{;!*6hNo8p!_XbQL**>dQ^9BVm6#52JA|{_ z?Z`ei=XHnV%z@2nmF~O4WwlFHHt7u0uUHC4=-d{2sLB%B?*6^nTf{M6_(J@;begN< z5oTM5-3h243)h6!f^DpluZS+Q7Zy15jcl5G?CF(g14Gk12-B>znD+B&o{o9{-&Hfs z?%3~uCYYvBW`h40=!LSWaquwPV3po|nz`c{S-<}eYfl>3RJC-{H7uGUEmlA%QVSKI zwyv!RG}7P=++clzB7)++@OcK0V0c(rY&vRqzDQXkb`~u;Pnp=xDLA9qGuZf_u+Kn~vBhO~sWOI4ii;|lX`5E`; zMo)x}>MUmt0JlKJr*dIk$W%IT((UO6r_H~`=HCd&wHm$7-=GHeVK;hNH}-uP0w3yk>s{^ZORP^7jgowZPXYye*C=8moeF3k#%@BiCwb!LVkV$A%Ek1nE!3({q%lMB0-J>h}4N_ti>sVMvx)8tts@VdIxMT%3}@m zlClkS=bBHxD(>M~Pz8jxSGhA#_&gSNfx=`cOu)jtXV4hWK+UyiXc|FEiRxZ6UiZXMMs-`TP!O=`x$eqjf_XL(A zuEdcpRomcHVVB2%Qj;Yb{{WT{(l=wcL6BmlBFKojrMadb90e^u>{*@=CcrH3hd=Cj z?J8R0vmCUf2Nv)`V5#5@^a!HUKs*oe~IXAq#Ht5^>iuGtxvn8RlL;ClhL|7-muxvzo${%I7Y;SJ_hBT;JqGa7!>;;Z0k%n)j2Jz(mL@csO#olSueKR~v`bH6SMbYZPd^f2 zK9ACT{@K!e>MsqO&-`}-^BL8oc}cEKAtG)cPegngDtT{dLWwvWPTs3J16+IH-;qZ6 zquOd-^-L80ik3#7go#w!VCHt1IbgvgrtcOp9!K^c=BW=51rH^|)Caj!I|4Rft2&w+ z{rE{No_sr-a5ZgG_7ax*M~oh=KtFrr(I=sw2D|aB-S{&GN)wG|gy@O2qH%Yw(FcE3 z*`-6GJ2l(pDsKIUpQk3f-gG$qDG z;rQhY>Xfo@E1z5&#RK~%;7b4XCj2=H&s5K`votqHvKY>|r`0cmJq^TOdjzOL>G2QT zR1g>p$}q|%wNLf_cuwQR>$>w)IePg8zb_F!d^KD5PV&WA+%4@1Ow?ec zfH$EdWk7PA!8;NDg3)eFMtSOWoD1HAc{NU(?j^d&`GC`2ripCn7 zv>8+|T#BS=|BNfqV*1(PY*~&z(=Lp9jkCk$=&e^W{r`EI_U_qi+NV0Ha@18mB3OvZ z394dNeW&SIo)o1~JO#X_=36%Lc) zNQyIHf)ZFhDT1r7!O>Z7c)7GqFDk{SM(i5Ca3?8TxviQqtc);u|uVkFTe&t2}s{-Sg@FcYXxM;t@#>D3nV ztTJ163BNbUgxTzPNB0!<(ay~O`#GBE!gtt2dn8`KN6|?%%Bm>KG^60Rz&fLN_c#a4 z+gxJ7OfV*ob8H|&*YE~qIHg!~bb;<1@932HvBoCs(?bE=SVyu6uhIHw(Tono<9%>E z-qv(t;Wyp$NURwVsKNtvzz|39j%MOGgM*$KKfux{4#PyJ$``$&=<*9=@u57rK1z#8 zMM^)3KBGYm&4O_@@wla&_@c>=s`aIC2C+!xO3&U=80(jYfhmH>o(-zJxd>mcOV)bW zEDCILOsdV@J|50PF${dWLR07-&u{Q{UBIQh(GC?wV+n@wH zR3^a$DFd`48_G_^>dPL3GAOtX3MzsMhOmO3?1FMI6I-P3m-sqc)@;Ejg{zGCtG#8- zR{XULew}8(8V}fw=P^E3`aywiY)Xaf8uMI_X@{dj*!88|{Yq*KRc?e@`3J0WYO2M& zRm?s(ey7cK-sIe7Ma}nDJaZSGc3cafz6!F$Ds8l^HW9RqR_S}?z5R85tE5<^W0HrU zDB9$lX)P>qTmud6g$6;jpQGA=s^%h$3U9|#1OXBZwYg{zZYu8k5KbX|2Y#Q58-i7i zx0tKMY>#}BEqLYn> z!@ERr00=g&leqego!iS`aJH?CeHi{Q>cjHEas6jy?i(yV%V0PxgM^&tMR!b!&w+RD zjdGm9jux_Vj5m&l(@Nl7(7{+bh;fdNc#@h`l4GiO49zjGsyMU9mxuQV0_t};cnHoS zhXS6GDTBwdnD;OW;v=v)@D%)L0ZM4J9%#Kem!nbD27}TS_=rfC^n{;)6tKA(dX670 zN13Z^ZsEL;?HQjZxEeY-2Mg}@QOHT6u~g7sU&FbUZ9~=0G}&mbay6L7Uy0YyHt7dV z<0-Lcmokl~)X`p5tFj)z7%~<(ZSAzBgHBYI|68tnH}tvLp1pH?4bxSiXp7Btj%iJ0 z&_|iYwAcBa=)ONjO#fNTF3n$-D;tUBOUEw;`JV&qAqc=o(lF#SN_ax?3Q^aw!|{K} zgeG^bVG+Y+K~o#jWhH^fnzRw9ay8^7W%US8n45d z_Cq;kF6u#<&&M_>&mOzLZd=SO*CU1*9n;OAbo>i9HdM-#r;c7=;Y%rarW3CdU(L2k zhi#t2F(A@{-k%JWV{RQR54+WbJJ5zdS;Lh^a@tFy z2l{n7&}Rg}Yv%CAGy|_W0PnDR4(}dAWO#8^co!Ntys<&>E;6X_PIw65U3yf5_rei` z!0~D%Sjm161n)yc7{>?|)Ge_OArQ^zh=^%*9eAM>@Xe8~4 zm_wlz`=#8Lk|QaewsGMm%K(253-;OBZpVAeoq|s68oI-gl0WCA=pe49j^@b=Xpip+ zJD|-y6!!Ro=E-i_XLsL;3GYNa#vIGP&MKQN=1pSurtv*t6Em|-tY&nlPG_x$xe)NK03xymCW3WBig7+;qic*OU_B3<>uxE+rlp?pW z%N^{p4OXV!F8%dP)h?}WVi^(VA9;O#+$E}o^%;J@tZC#L^K8$F3RS{kfld!q!pFZR zy7OZ|32*P{VR8B6ozH{hTX`0jXFTGv(z8j!u+;gamw&z8MsK{{z6bue3 z*u>ggN!oOiAT@~T^?WU3959NSmK1vVOz5|{?+qxbR3m?%RgPnt>i8Y7)kgs-ZRwl1 z$* zep)dG!M}Ox2Z4XcQ9oqy4;ku*-hAmMD49>9GHOj=y0VE0gjVE%M#`80&B%c+6D~>) zT)ciufey!x3#hhI|0tbm`_7wOwVm>2B-Qr2*O+SChpD#ff1%iYOtCGQgnlWSR(os~ zX|>MWi_l%u8ZaT$5gw-X)3N$Fx5Zf8cIokmT5Fg;35b=%3GH<25tlNoW6%Y09ot+b ziGr)-sGu$6wK=2>c$8yLG=(qWR`tPcBI<)bft*EM5QW&ge_ZefjA&=5_i|W0@%MqQ zarC7WwLdDBR_RZh=QmZoi>TinR1W;gdYEZY^`%p) zzH|_E5G;p-HC9di19gx;9nT_V?o5j^!1+y-2bw5=BsrB0KAlFCwUNu|D-_&2h6VSA z9@l(=M`#kX81H=exmYy3-3SLhJb#H&5BR5EkkINzpsoBJ(;P=qUoeprv)B2Pema$A z@a<_;UMj!$jf&`fwe|ml{wXT`AG;X(tMTt5QU0Uf^pyWoqr86@Q2vfX8s+EKGP;$8 zQ2wT1%Hw;jAbQswj7;xpPH!yd^uFmg9lh^MjX>{_CtIL*^_m4l?-Wk&#~X>>8O_qW z{4miwEasYy*xnOB?7dqf?2jSzGq+4XQ2t7e>FAfp>6iKF|CN5YULw)&wtIknlWR5l z?f&I|N5AW9Tc#hDbNV@c)zNS6RT1d--tiXcmqUJjiJX3m&$L3nm|t6^U;6O~^b6DN zq-t}OWTenRXayfdTiq5Ly9FK!=*C3Wu1XVs&nn89X!OcJ<9p7gI?6$y>?JR170(DEU;|7C>Zg(y4WkUt%&ZJ;+A zlP2P!|5a+{U3)Fs>u!U|V6-|IqpeLkX-_}uyX1)(c+?ZB>io>lAMe9?;>CsUF?c={ zYG7yX=V>Ho3cvZ~~=m$!n%BdM})+tn-W6wa!|W1OQ*z zcHTtl+V{ev_awuSKtUG^885o+k<}Ut2?9FUNmgph$pcpP$?gV0HSg72s!Y2loju?`F@W$ zLJ%oNJVDo+pmVMiy`KyOWXy;zF2~h95h?XM;r0( z+m1>M+85v)B;TJW$o-N;PJ#CPnML6!&Jw<>g62!&!y=sl#Rt@udUFvzT(t!7H5-0T z>I*1+lN^d_7;ki|L=M=9^S{(C)!EVy_&TWXL2H!W6GZ}r$_9+KBhWZ)={3G9Lii2FXeh^8p1?55 zy?l($Hur-7{%HXJ7v~~hJElz+BwI6iwvjN$<(Bzl3wz@Ln^)5MylxoAK-pW4R-b#QU$<)fMV+AO z3w>P8h25x^V+?WY%QXhO1Q^Voe#VzT{DnYOmFfA5rGZv@&I#r(3>zk$3*#?A?#76= zm+_Y<_d))0mIe5W3-kBN1NXFT2}`{AD-io(kqK$K3$MX&VpVr{nKiasRjp z=V2(*c+1X&%7e2R-7nSg);3?fAidnX8IrT{0{tT{9Y1M!#Cb8#H%F39siG||>-;o}!QmF&6JWd8E1GjpI2UFz6s<3Hxy zJ;;WlJbny_eIkDsm510XuZgflmYD=lQ84L}@5(1;=z(-L)MMWM_SZ{o+=(Um#7HtV;JVUOF7$ zrJ<$7OFytjV&if^-nV1&lCg{IY|zcF@G5*8h7W^u(rO)f^p=^Ph{R9k!Vmad{!@bc z6rTvPRJ)m)xav#D1(w>ZimNAP5WhU4Va)2e2!0Vth+ni}luzH`;!4jhi%DF;bPIAc z-VNW`n&F=(++V#e>%DCdKr_#9wIboY&B_rRkzur z?I>#`IzkXqH+tiPKEP2rD$t)ViuKn%tiNYie~yiU>$TnnN3nNBlrCQ@8gq@5itIBy z;7mdXjgMGgjAAo4)TwgMgxT2BFZkNwKnsf*?`vb(fi;_Eu(3XaB{?z|R3PaLEV5vJ zR=LDncq_qwE0TP8G4iy6@{vWpQIvmg;PTP+8fNbXGQj#U7Y+fupSEItDIX=PhB=uF zZ$XCMYvg3nkH==T&8VA^r&!xGJHV!CPjB=k>hgItDpl(>dBt^sv>BWx7*@mXeiipj zkXINFJxpG!_`Kh!j((SZ^nt~Z@p;es2>AT!tpGmT4r~pde;71;#;y;;=QYI)pA30l z894F+n6)4h=NO1>9gp&Oe|mnKs^j06RXfIaq5O7sdVt@ufZrI~ed`+#(x0O*>&tN? z_A@N3pXI!tZLFUPSnRMUSFfg^K@mKWFY11Z^7Udu`D#?yx5Igr;Xp$F-J*v((g|8>92M4>4s*rgrE8~ zjbBY`S;A|et#7#Co|8x6g;{zd(AwS^LoP-4ww&*M5p);Qnas_!x9t8%*vt2g>W|c)JvJ`WI!JHr@m^)0l8tt+jrr*r6w_&TR2_MmPkiMEm znUfM6Yrh6>D?c+~vbze(EEb=PuRTtii%`$6jH4j7?kOoW)9D$60Q4iu)owv`Da&e> zcUP|bAkf#k%XwdZf+Lot)ySZv%ok$vhmg*dZ)_n)d;TH7{^=m>?{VnRbeaObb}|^y zB1Y_SAPK2nOaRMEh(a=Diw2&Vy;S2FU?*T3<$4KyPNyJ?Rt`!g#*rps8p1vDT}JaJ zo7;L$$gVQG1{m3+iNX^tLA&XoW`|Ruy&a(SI-+^&Z(GVoFGK5GX+;=clupnl?0qYV z_cX1go-EDu^pLJ6Ym(;G75VJ^JDGq)Jx&-YDuo91&UD>0A_b>8p2k^@_(5NSCI|K zRn3yCptYvY>N>yDRLz|YYS}vtpz4D;-3-c-ZFskJ4DUhCZDDs*tEl^#Re_FB&W_#2 zO3Ba6J#!cPjCWTPphU8w{8d)NDD)E7HL=#<{I~B#)&KJtP4U=3n&KEf#rJ%ODWtpi z!;USGhpM&J#xnDn3;kHkLt+aytx{E8zq;5Taby(+VKpV@e2cB#w)jKGj2mO z#{7GsvwdwVmD~U`JsOy)v{jqw_uKU|ZSSL}JZrYIvFWNncC8K|Qjl{J)b8CYO4zEm zV_g1izog;)+#Su%{y)EjE#=8Cgf8U=FT)pGb!3XG)y(P&GsQLEcit~y3-3OC-$a|J z%kc0&EHy?*-z{d><^R_r$E2F8gzU=kOUM~WvRA{9DbA6gN!E()C2W>oDa@i(MJFLe z>H09sz}GA=W&6V>+8KbMB%#eVnjYS0)i`LhpB&bvuO{N1#q6ZYkbDB*_GbIK1N%A` z)R$*mVCA1oV7cj#vAR!*GPs3!SIMPCo6I(kry<%^5-ZFDkyvX8)M_k>!oTs;(s)N( z!M{n6rq}9M@AiGTdZ+N!>&Rr4U7qupF;VSiIdlWGp(EzhIdjX_z0WL3!R zpI#;utf=$5N}9}7(ja`=ZD4`q1$nrl{9_ZWok~$&H;?IviU@T@cTN*KET8rLtNHc6 zH%(2ErA}qS^ExiwP3zyx20}0modSa^E30r|(zx77_dkzz>`wUo1Nh#f!BuM{-(4B6 zPn6Zm>-=HBPgL;9##rpedLAawn@>Pqu3kFe6Awj%3O%jop^ofYiW)^oKhQ^d72fh! z=JuR;9^}FTx(TAXSWRgMrMW#CdRiL*BH5J{xsTr}FR*mIGc#EGEVccXN@`C4;1Z0` zcxj~`0G-UE4&Kl@s2qgW?v&uh&*~f7xrqoJt(Chg5yiPZ{5>Z&gf~U%U(ecFdiaBy z)+(LUrkn#oZL3w`Ia>ijxDq2+*r^v3!Eu!;HI*Toq1X>HT9vdpy)i?NUAD5fm!z$w zFi|VYcEz9ca7`<+HU}!KJ{81i{m1G!4U4?T+r!csRFDLU52e3x-&>$5h87m?f~kjZ zG+oeCI^`0s(jABl{FDiodTZuk#ZtwUmnWiC_q`>z!dC7r*WCB|mofF^_GnF*aaO{M zq-Eu-G%Z>+ZDKQI-8sAjGpOKWsCLvJ2Bh^}$B2m^+(`#+?rKn;=9LdnUe=k+AC54E zgAC!N9&+dO4|XT^;vRu_my_&+I&&+LXU&DnNtZ8AQL*=^CDE2$E=qp$e+!^%ZJCBHb18%M$=FEfdYvQl z?$}UtJ;_UMjSZlSZstPJ)pd3!gK`_M+%`56y1MexqcN1^CXM6j>N1iPSmT)rw1fh- zHpQsen#r(rM>1f`Joz$0)g8SBx6F7_OwFR_OyunAU?F1&C{ROyV{I5SWz>&pbU)AJ z=0JR$<2AJ5$AhUY9S^ShG4k5+%UdSx;PCP9q&lz4 zBGuXSwC>XR^>nOB|^ z7ip;++rUa6iKC^`pD&fO8#G7b0cG4NdO#d5mC6(qVRoZK;l2*-G<*#VIpj_C}RnR_ULCr4V zZ1Rn^SD(Ee$kuPY#wPEqV>Egp;$9uYnaCL(vY>q5v4T<2Eib6s9)sbEdFAV)BXP+B zUfLl#XhD7UowlI<+Q1joUs39Uq6q`C+uO3Ys|zY8L3GR26nD{D#oSl?NoT)L3s6#R z6oHaId`}d}3!%^$l|svP<*iew@Ow@nF-oOSUPKC=DCQLEsJ%NGaUJG?T&Gc}ehtIV zc4H(8J;Ld?(-=Y_8!tf1QcDzi?-3ZTE3fP}Mxs#DT2_kr&~y}vU#C$>EansvjT(jW znxW8`5DJahrlU|^^AyV1Mikg%WFhSC1v2$UGW8JMaByU994y0BTyV{6@l7*@B@3&$ zZ!7A*c+G%jmc>lPeu}pnr5|A&d)Ej}Gk@?WE!vu-GU?`* zXN{}k0sfMiB!gCsThg#jl^SJmP_iy{TN9{R`>ACy-ZGh&3_*)k8N%pEjgQ8Ma$LWFM|G?BB3QDV4iON%vMeF-!4aG?qwE< z!OZxOF{2fO)l_D%N+t!qhI!rG_Fy+ME#3JsnW_50r~CM)o7ksJ-KQS($z1dSCPT*u zd>D6=3_)JBJgmltd%oD!TL_>zSnfOm3dAk-EKk9nbEOhYBj3Zw-+72V@a?>N`qktPSfbpupw7>$+FT{EqC`+L z(^a_9su6D`PW}n1P#Ik!ya&aAw4&etzR9X_d3WWR*PGOy@_0}87*&H+5M9W0xMUQ= z_KJ^~C)78LR2%r`5BTTB?DIPQxrl%M2@Oci;dNSN7+!~r(z55W=YR6_oB+RLs7q*< zS4oVT6Ic^jyiS7h%Fb9U%Zj*Oc>9FPR@cj^f3>h)csH9WBCQvCxg^kvA)_?<4mXQ| zDbR)V5gjV0>JF8~BQz{{&o(i4s;8Un#1graF}hB^flk)ada$p>_23)C52KB{=`ecf zHFOvqG(vYy{e=~sNT;I9MzC}02Rq=L`UG~jmGL_>Jrd)Y6Nn~)Oz0QfLzB544!Spc zK?17{^EOLmw5zzz0q=Fj7w4O_7w2K|LP@*`@*Cl7VB6R{8#s5g&IWBZw#o*7J=Z!L zl$JLmHYsFjh^>EVaQrcRFO@%-UhwZ}DQ3%q<(j=jee(F&{o0eq4P;DG`cMF)r4(#D zCY4F!2l|jSUi*e7jWhky@U9?|MX5}bwkutq#qb=BueETD@$<|)PCSJ}a&h6*@lmOk^wvSfzO;+_|R&^n- zIvA_c4AS~gfOZVS>mCs+y07gkN@MG36-{D+!cA&S7JFHc1*RuO@WU67%8B>t{8BOA zjw>ZANM&|D>@8~vxyG`z&^X>#jR+u@W|4c1K~H2pz(Z^R$CG#!>b|7xDo~KyEu+A7 zsE?2Nip-G~u8Zf&Q<#0XQTgd>D!Cqn{Vr9;mngMgqm0M$v=!V=S+p0el=!LR3bIm8 zAq(m6%Yz2K3kQDZYi-~^zHDyb(Sd=F1_pjo8~DrRVFSOnoDIy(qf_*DCo+$+zTL$o z+M7;)(pMfjSzDULx!V)Q(8|3b3|-wDnXsPXwU&zMM|gmt5{$2d0ftH)LbLtC1KbygkVdZ&HKHu&FE@Ta#r#9GB&q+0X-{ez;_DreXR_3 ze1m3BRR{ZKcwn$|y1}mNg$`5HyHfU4MBA!ODylLBYR!jQ@OM?fwrZ2yRoddl_^&WL zG+M@2_KOx)n;Tcveuh7V##QF_$-mj;*~_?rRXM#3jiKhZK5c2;x7nZ>DAkE3!9=|; zMzzprS89uQhl8iXClG z!5fR=!j*6Hn*5d47(Y9W7Cwph;BpZ=gfHF0HYzgpx=LUJwI-0McMa@sihDLU^$M~Z z>q{22`K4$!zXYZ47bpuv`737e^(rH0YZhM^{D{&SD)iXn{U|N~&(vUecAG8+o?d9W zy)dgac)s{N1fI>ag5i1NbAsm*V*sA}g5kOIqToTZpfa{qc)Enbb6W^JXFnr&np)zb z>EDI1-hFuiF50c*qRlgjhRWN@)RD~wFg!x>pA+cJcU`xBlZS8H7q5_EIsza zM#1dmQ@Fi6McKQQpzCQ(2IxRjY_=!6bP7BBf;y{!o|xr)N|xHw+e;Ci+#V;`7StR( zN9@vH%Hw*F^m`(9B=C-WAgJfjO@Pwu%M809wjcf6h&FH^=Js@|@mKSS`pM;GZfA z>-Gva!&6L_6EV#&V24lj4ET**W59+b5g4%J+pRI6XGtgn9+(ltfD4vfBm?FzX@LPp zF8O;5c+HaL7%*YU#WUdH#Vs&k<>J4`fO8kO!hkO>{`(Ag$KuEgc+KM088B`!XTW_? zVGP)Iaex7bF69ikGU}oj5Ff>Q$4528fHM~98Sthd8UyApiok&HOmB?=a~5&YuJYeQ z(}VagWf4ktz-w#rZ(&RFZ{gpRe+!$He+&PH{9D+P{9E`p<=?{AG2rZ8q=ck z{LM`&8^Lj;Y>X;-vct;zU*XEco-y{mO@mCERMCtCX5t_qF zD*A&T*<-2YsMKV;TTCsmxeHTkn|Dn*hOS9_l!q{G2kY*0>dtx3r0Lu#3Fp<0#Xntv zPD#b&lw>X%z;#v9N()b;g38oZ3^vcy)}jO;>IT|8_NozJi(1meUxN{(V!FYaqPxL5 zW(!1hD(g%gIUZ=XliMP9GELXXtDUvG2*XCYi%7bh?jokzbQfR0l~d8#PE;h=*fqt% z;`4rQKj?tcCi`MHq=Z~atX)o55}JS3Pf?7N7!wIECPu!27ZZ$wr-wLa&0&r($NWhS z?1h&zzlr50v>vAD{3bN?7cp5dNasZXfMh}!8#GU?H?Ckwi&&q`mEtHGdEIm&XEmX5 zan2{)xHw7kr#RQ4n?dRSk!D<+IiH#K?!_ANtkh-n-o7xkiktqTKVs$mT z(3I)mG@j~}f`QEUc6d|-RLNr%gmV{1XC{U1$Ou?t*YN^;o`ElAHEh)fV=KlC*qY8O z`;3vWHIA3!>oUOBjT~Dq!DpLvK$L#vHrdq+$R=x(_KDIt_L$V>s>le!T!ndZ3Sw?% zOOc$v{W|P$d`m8zsQ-J^?{BuzzXYU1%KMshaK6j1RF@c8I{fw?E8m?MDjl})lJ$u# zdml`Cu9HFekXN3O7>VB}@zU{$LEZ-vd=~V0u9~mnSwMatm>4Q4l1WnF{egFG6c-O( zOQI$-0yi{8o&JZmYmbYn+WzwZ#0LzhC@CT;Dw-N-51#}HHs;_DMJ>D9H4VjAnL=u& zfP>&P3_c-EEgx6Yp7yXb^M;jzW?t=y*~2vTjAY?2e*GZPxqGd(&uh+^f$qoq56tJR zz4zJYd)8iioxQ(n?Y10Vjx?c6R%7?89OeHJxgA_f0p&!K8fDbf#Cu6oL;YBe=Q-3@ zj7rM^Q08&TsYZw#cgaHwL9TBzC>b)Z_1NKjqyGpL`~Ku__ZYET1I)DPU+!UWSA>hFq+Y{|>Fgr2 zZ5Z8MhO#mm<-mU{X_QkNgRAsao`~R=kyE<@PFA)rjX_>bp^_W=Bk&RA&Q$G@Ic$X* zZm8V9y?fAy@#2P-Sw$abwL(rl&Xs1qeVl%JK2F*mt}na7ME6E!ie{SS2|zfwksGf$ zVWRPhY0iw-v@*$f?O#vI@Ijcq@ro?xH{d?u z(xVpDT>V+8#H((-k$*eyu;Ba*_9{s^H^A`&?oqO56DwP(Jd2J~(|k9_FhX)_lB7x0 z?CsR-7);|0xKh5xn`gb8zgXqeT;hUFM*l!13}rwa;DsO8wM?71G+ph~{DWOib6n`&RxT!TQtr>2A90lh_kSDAcL+4FZ{IbkPPP1Nor>ye2o&i zjP){f17tTr3tcax9!NAYC+y%L8I4+y$nW<8$#yq^RPJYVT31v5H*4I4eyf$k)3=+j z1mc>Et9=d6%d2R3D!{2-r3B~hbs{)0JS&pCfk}Yj*+x0X+P2F+z*^k@D@&4n0IN?Q zz~JQr1Z>Bh`Y7elui4f^^f%nYnk#&RB;UTl2ip|BL6UFZU_G{7M*Q~sMD}#qDQW#f zA-6vrW^krOSqlDTmfVBdXr0Mnp890`!1zn zZ&)qQbV(-3F(CeWQY(3;yUU~khKx?oR*efF1EX;Pw)St_1!ySt;R0MJZkh|w|4s(X zyT$%ofDOgEF2J^8B`_CO>AC<~U}P5nfgwY4^#zR!AOoXu0WK#r?gCtJ`fve`JDcVL z+y((oTb#aZjNPem0aiPefP7w}aRF3dXk7qd3%CF@|I>yc4O<}Rm+sUE9sM!OgD{MdqW&@^(HejB*2$%s&!HK5ZfVBZSHlX7cjSWcmZ3D*N z(YOr=f7XW$sBD(Z@POhsUTWB}6T zR|`YHj}0(w*4Th_-!@=#zs7Aq-AW%e;K!9svjOq(43)Q5`m+J+SL)h;Ei08O|D#ja z2BbI52DqQs*no83HsC_v#%;ilMLul6(W0i=fc6lRwXw*T4ahCh*nr|9B_JoC)!2Y^ z|2E*~jgk!*LIl8c*#=DUvH|aHRM>!Y-!@>?MqB_8!*0ea!e8dF?gq8eIjL#{hT^2Fw<{|M0F{~QI+rT;6*C661klGguPJ#A66r*#-^3uHQnGI5O zj%%pHUU9uTA;DAK7jS*bLCZFxm-G4t@}R^AeqjUe+(>6Jl5B!7`Jr5NOA05 z&Mm%;sH?H#Iu`yXroR2L}k-4(ihmc4R#i7SQx-TFy6 zkEPdnACzlb71I%5DJnE0i?|p9FQ&E4w;GQpdd>?!C1N%yIQv`pihf4|TKl^iU`5Fg z#x6i8Lq#E;?`JT?94+iaClp}3Lx>a&lDr>&S2yF~8$LoHu6-bdKtM(Tc$!)%78lI(XxEvZ@E2a$n%3owbpEBK`fFRaF^)RgdroZY}OLeQ) z_K{->p1{E$U;-v1QxwPPRAA9<$3qs5OZf`(2C)hGS*Yzfoa{NC^P4+Q=8i9U33pmo z*LQ-Q){j`@ZeSU6>12}5C#kKEVvF`Z598+ot6(QIm{0%fg@c#*-!XH=8N^3*D^vzrTRgeYkojlubPpA$``(i=dcYb zpZ^;B8pW@0o}kvU;vE?Bo}->h2FNRNk7w<|9_Q9!kAJbMLO}8j&Fse zqClD;3n|hxl5)?cunDa@iLw{*(rhF|()59y@swLBWW?$@W^;{>go6Rn;X~C5qn1s- z0{o9V%0_S(_9s3D$1j@V`eer$;SvUszyMw$FoSjwqDkCifL!4U{Hk{}m=aguIrifq zy{URS?KGD;O78b=DwFu?$D7y(8)Tf_gLQHKd~oA9?^^2%=XNsAJXFLzrlTA-qMu(_ z9Y12}l@mti+rjzE&MkD9=RP3fBoh6{-Ao$ z9dYu5g2bKGS{m7_x8um(S&JikVjPX^(VH7QgvqehV3_9CT3wK1EVa(&e1#ZQZ&T=t z6Q1WjSKEuQ7s(vEm)L-m~FZ zVv&GBko0U+*6wE6%`oHHs4R(+e{L0cGjPV3k&S7tVkyqKwamo_1m8ts`^sPlZf8x{ z4_~(&b6AaH(|ZOISN|A3NJcQfjtuy;d?MuRWuaCps4&xaT{2X)#*9d@HL z=wWRTqtDC%_(n>}P%L3y`m}jgm)##1Y$OGSjJ+QNLoBTIoQLr~?zb(ZlxfaBv5>>m zQgmA6bA94(Y`o#p7=ilkZ1(-*I*^k7pxj43Yd;CK|6f&mQ+N3lfW#eY;r)pA*N>hq zT}oKr?h1NID7>M2t&XKtHpg7S>bl>^hTl0wq+eIb8?P!>NBSXy5<|zGGmLP)qW#GA zv_Tgaq%*ba)tye+289ut72e>{a1%l$HC^@ss_D8KRMP{oq^3hRFg3+Tyqy(wRJdcI zgZ7HR2Pl~69AsL-p(&n3eP6LE6wZ#Ja7djLrv2urzMtRDLbr>h+x2F*bI)onb>`X@ zlm?O12GU9JvgD^taqQw@OTof7oo-TQVJ|M}QVbZYUxZ(wJ=MW&=Eb;P0R^nj@E|kx zDVk#vgW9m=@BOy?qTI3~dTq}lspVgnc(?plqSor3#kKIB41wj$zEmf%ALY@}WMSZC z!hd0K0dpcsT46p_{P1?!%c=WS!mlCN{b*KkZZ}c@2+k6MSRD##8_y~_*OjAbx6^s+ zPH08=eJOcNy=|@?nE%rC3dg&Or{Y{gjkjivr$G0%u^+MUV*_i04iaBSE#gGTrv*G= z2quKC58#A=U!Uy;_(+6F8EJW`n*J~+I4hNjFrBJkt)mXiNw-%@gz2nQCc>m<_VmX@ zm@#rM#W=0%UhEOpb!EzS8uMG)_e%LKy^013-IkDH#e+#)bX2{=PQg5-#9F>4M7Knv zSWrgi$eyw}GAntkkIgkZ2IG9t0a!6bOnEsxhSyI%5J0T}*85t*sq$1B&{m@RYOI`6kpKuXtXLuAGi`0%kx|zC>+U0Vx{jyOcy>IzDrpDBN$Wtxg zA#32kUC#Vw4;sfGbQ-IP4+)16LB8|tE%5#+-7;%L0=!PUHfL&`un>zLN$qk`?5(qq zc$n6muzGNV8FF?HI4UrA6`_Sivv(51_ zQoH;jw?(F=IYtXs6`SR}zo@ zl+9^$rqvRa9!`5B8hxE7V$%vVu0tUmUS}Erz=jv9m$3nW89E0yL$yA^2hVYkeg@Lx zxJ1jOM~6>|s4xd|@6+na@IjNWcv*6-YJ$kM3Ir#>97M+*N7`JY7B%7(y%hlmD-27N z81lP#OY`AGD48V>hx39dJXj#JKgl|+Dg~D+Aqrq7;O@+< z!c!rp(R?Y=)8H7);qBB_gXOCIuH!L`hNP-91v$;Bk))5GkeB0Mz)_?W5_-LUI_tW`2yjcK~i55gepP6PELJ zWOoSWoiliI_H2&J;(j{;7`q&nw3NR3X{L;%gU* zx)1R$%I<5@#L1g9&2v?IOJjWRLjAZ*RkEkJ3l*&?xo?@Y3zajsNjp&XWvU&hfvO#- z-s&Bw2bX#8KsCpc6DfKE_TYq8&0u%P5|<;1W$fFE*18(*Bi6P=GPl= z3mqNzyvKpc9E3C0D!vEm3OWCMCqwnb{CZd<%pS}tu(y-5K**2^!-0`dumTFk3xj1r z8VNRmpuNyV7TigK5+)Fi&w{nNGeFGkJd@4-n2n@7hj|yFLMT+>=L*wVk;>d;xL#^? zT;xw=fhX!fPn6xdx-)e(JD9qjW3f70*c>0FIVvZ+N6dm8CmbK;TCjdo{k@uEiWbV6 zf{)RtS(NEKRG2#V26Yh^bQ8*}Yjw{1qW2)36whzh6K!)rv*@cT35*H zXW5IrmIaJ!Oi(jo2JLru3y?nYm;+kL*J1Z(krd`QkyugBK7xf8xu6zviC$&a#@P!OrlmQm_9o1@gzETUBQEko(k84^k{ z)2VAWOnNA-SskWhMZ z7Dox=-t0$`6evwJsZeT5`QH}nqSV(UqjX~?N6BasQJQ>)p|o?lgwmgn@z5fp9!hhj zD+#b|Wt1|wV7F0&(!l8)rDCHuN}YJE`9?jIJeedNXY@iTXu5>bsF@t4JCKlaq^$y_ z0Y(){@rcsYMYm;{4* z@6an>r;^(N8=RB8_GVqM%$*XO&Oe4#yRe;M7d9F{k4>}-djNh2lP`EY%4~k{MeT<3 z1ci^IWOm4VQ8GJ(DL^9o6nY;%lZ2C9P2hg_YOB8s?2 zipPQ0`eQHLkt1#5h{eL0I)me^qOdLB4^971^uw}1^OD&MLbP0^2z*Y)(HO93ju-Cv^;+!LzMk026tB+<}Ne*WE3Kl;Ix zBOVXZX5VFX$@>kM&xb5dyqCQhFEYudcxlr_tCu!Wc2G&1fC3Vi0v~^}K3O3#WjRwN zxZ(f)pjIW=0doHhSF1lwbsQDOM#>5`B2uMLDUw1>jz)zVpiro(;CY3ELP5=jPjuJ3%=tKTDJ^|~D4!(QF&sB5nlG9&yxwjVO}Ke1PTe_W#-kF{u; zy^7UV9ofQhj>_7DE)swlXJB6oFcZ!-T)M^5WW|OG6IjL3K z#eVEn6Zx#a3{de|!`sSlII!)1pU>K5?XBXoKG*%$@mYVLt>HKB480Y6*5|bi&kAia zpLNn~T|#PkNYnVNo%E}}6mm=Xtgk$Ss#<;$RrT=@HJ{Z*((NP-3Q_3zd=eFrC_IF8 zJpL&)pVdaC9;H%!Lv9J5)jUh{T7GSHtN5(XFToza@fr5GtQ9@iLpi#9*8Ff?(=#i) zanqAHvni&h=9F_GhNLOC06rH5fBsPv<>6`o{EX?b$YspOc-Gl}EbdW>H@yN&aSXYjbchG$hqBY1w3p~7>~ zxJK}743GBX{>|N=z(-Lff#djeGD#*7=mZiB2$CRZA|8onMiA3sCiFlL1eHStWDO#& z7s8C7D-Xx_t5>h8UcIXB@xkBK4L(vee8d!85Fh<-?-3tuxBYMUsJrbq z@Zq~H3Lo=s|1aokI^qF%!smRJHJ{J27x5{Qo)*D9rA4iQWh{GH?Dcv_0<<q*H`&({hl)QcK9{XofKmW*7KVNmLCE%*vyTvTh!P%z($Qt z-Y1lv<@gFaN4s3EC$|-z@k7a)ReCnlG0MVkIwZKxUhe#ztAlea#*6?jQe^YHIJ>!q zcXd!q!)NXEs?d5-{RJ1xD z3N`);Yy9%Sj8F@!^cGl;fpOZKg^Tg&FlaY$yfB^ucbC}Il6SHv`w6h>3*K;?_ z5aI;cA85dTV>TEA9d`3fk=utKhTFC zYQdKTPt|_~kJBV6LbA=}F)^4NixHl{;~^kcvc$aVKNuUSWVvn_#tv#7&z&1de>(o$ zI{pIxiSC21Fj1bG$)Fy@Xs*J6zS?h_B7iKgE134;Y&_+)F3zpDnG=L<2jLS7KlTLX zoa$`67UbH%58dDY2-Cw}Ny)V-kIz@i(6|mtjboClEtao%81)k}xHI7InXOElCybhU z$K!<@(Ax=NBZsO-?Tes#cysqLMYsJBzqZ<)bep^yKXeZE=f-w!g)V@i;A2rH%@dVL z^Fi=mIEo*N5_4}`cD;lL)autS1OFy9#LrY?zVZ}J@TB=7=N08i^YL@|bU~fy8#kNz zZGA!c#oFWeWv`)b!EXXO2F+>ye8HU`bhV}OuD+ym`~h^1y%yQys*7>8-S5l-;V%b8 zvY}D)Wic;K=gX_;xCtR}9=FS%*ySBIrO>p69c*CyyL+^&y(j5#eR_r@&&#sNi_=B- zB$z-kS@dZ`r=OsEfuM=8UMlKE-U`BGf+RQld$B{U>41X-AP7m=l8DP8+sm-g_!7g0 zvlpS+e~95^aS60Ko#A6Ty%AmQiG0O}7+7_Z#MjG{=9RT`2BU#rwgvASZ{I;z0WMO; zP3G&&E0A3}dzCINn#Y%?PAtC=tU=d4g%jX5zV18}q@B^oHv5SwC!?>igqE1ZUKf#rc0RXu(;+mr!5C z#R@6H49xJ&csRzwWH>@)c78z*X5_&aQlV=$e)8-y5Z?=>8hWsWbUaF>`&GP)&$24CgC_SS4ly=j9Yz!Wo z96u=qgIWCysvj1qdf>Nvy6(SKZ2SF;ZNC;71gFnMSIJ_7qo1h6i%QXa*H+qgoI?Uv z0na^i-Or%86)ui`36*_?iz(3}?#uq=Tq>va8MTw5S z8U+p@3QUcrOXsl&iVUX3-brVzGzGc!cJt*`xH z=N~}SJ`XlzgS~lSf@VX9&25n2{U#m$j^_mLkz^>`79)6%nyiVt_)QC9t%(PP#9u6O zN`7lC=e$*N-)2Nn9e%|)?|^@eEI=*Lo0R>9=n5M7Kh{WQUq1i5FW>aF^94bwiGu(N9gyUjBKn z#dLtLQ0TK>d_5uq>B|XF+2!5#?EN;^StGyf_fP?KhZVoWg8MEb0e2X>=2uLFM^>eu z!0(dGpYzLZ#TwjxyS&SuebDAQ17BZBUsv-hE~T$;XJ3C#UnkSo7YqDu$$Xe!#?jXY zgZ0i*e@hqk*O}k2oSHZ*jGy4eUi)I$D&D(jfI(e-?>S2QHQ0vNoxJMX*HBW-33y-Q zZCkv-|0ms3`ox9y+2pCP$F)RVuuC2QdlcPB$o)xjFG&dLYvk7$a`3==g8#buXB2BV z=Ma9AHNn-^%aQ78>*L^U!JP=l#SA7Nl>sK3>paJ=peqLOWF~%G(dsbw2;9OcU4Z*z zTFCo4Fj})L=HE{{=#(wAgU(NjFs6=RuWn|qZcNkef6hJ^WbLx_j1lXaF4Os$|Mwl5 zV7Q)n(rjf$Ia`%t9->Sdc33!$0Wl;yZoc=^q02aC!%u8uh4%8e`EPg zN!J9w2t}$5eqsymaQY+NXv?6_9?>!9jxOl%rNUhONbBi{ngpHqeE;!|E|*ykZXcrK zlI`O^bp(Tv(44&eGMcG(ue?CRdv5OnRUd?EDiXWgY&+cq&22?9jv5&GGtulLk{pz> ze-MKnyL{f3y%VoK@ZnYcesytvaOhLH~~+E!s|hWtYdmyh!p$(9l%< zqBELY6#INA=6d{f=cDpdMz2}@jA;)uW5E{t&pa~++sl@G`U7&&Y?G+D#!Jc#2j0HS zK(5SQA|iV;W?2;FDJ_(7(S3^--Ulwy>@9W$BLPfm!+lxDiR1xRQLrd@m+yJ7L6&LUDTbaVEn$z3LRSHI9Iq&I;%7hcH! z!X|!>YU18-6M;-^wJs{A)w=S1c2S}qTdgqc&SgMQ@*#@-^qWC~lDTlOUYi(M(qM`lSGXHhzMO_Yz3(GQfJ^F>-J+Q2FeuCMPU zxK6!CaDAeQ=r7LDxQM?P{>cSl5Kuau1{rGW9cT+^rhtO%1V_Zrz09y?O>o3N?qh#f z731F!|DQG$<2q0x2YI*paMsU3P4z^Ldlgz|MuE&^*R#ueKu2=51^IFpJlT-UVrhzQ z2M+t7P-SG!;%Xwr<2j+ecsZ;jcjW{vw3ob7J%mr>YGQKt(~(!Hg=S|g=V~+Y%ibV~ z4bkY{D$%*&4}kBdu?`4aiqyBwE=wk0d|olTUCiFYdAf15b3Q%|W zr;^wS->I>HhunQWLnx+_L?Hct1?KjyL zH?2X;39<>g1yr5GPS5#|09RC>)#~9r!N97}{=lZcNSppgE{mG}uhAsnLX?DTWtdQe zuUJQFv4R*^YXyvb;S-4}&SL}(%kYeo{G%3J5(|gp7h;GoWmRcKuQjM{>xn1h2gl>S$BaT;&$N-0pf}n;%b<@u3#f- z9zcZ`=d^=a4JPS=FinVtsmyvlh!^f&Ht1Mzc{o`|$Ld+M0HeCMP|O2pwLilR)4-fMY7tLV-4J8y-O$cn5|0$!!JcH|R)E_udK!uSMhL zK&YshBWBg87sIb@1OX%2?;?~zX#aNdj)mq=UK-hap4L1z?!36mICOW@yKB^G&~M;y zcsy@hs*fk|Rb>0mMzx>BCRA%r+F7<1zhv8Rm z0zd-qgz=*c!$Azt-Ik#)<0}h?h3Mc;=yZ+tUvR`rGuXcI)?MuHrfKYN$DQ~$e7;lG z&J}QIEc0VrcV6<6QA2+(r&wgch%OD!38v2Hm#D5%j_YI^83!t$0qO)t^qa-{`twZo z_qIFP-z&7gpmuY{Wo)um1UhVIoPJge^{+`kL>!tm^t5dyd?LC9< z<8IEw$Wca+;QxI1KL`HLfd7;EthhnRml*gIj#QeNHC@gtnX9;67uY3SQ+vm|jXP=9 zIU(7i{BAl1;dlzP)qMV0kIkKQJV(gn&IWk+Fl zKOQmKGky;0SC-rHj1sMyph1jxr(P<$s`I7n4$V{t0}=R?!W{f31OG{ef8w$41;cD| zi_NRXlY7H{buzVfkW7)y9+9hdeSa&8XhY>i(?OL_CvVCYb>GmRgMr>ys)G`@XgUJ} zS7Mjb%P#S!Dx>n3+v^BVg%p3<9V3F+&Am5f+ zl!6`bccWZq$!xO8yDaj7(~X%YELEZiRWz@m)*6aYSF z<(h;t&+$DUc?GX$fR$^o$~D%^{TA7G`isoH05iY`b(<{i>l1{s+PC?qeigj630AJw zBDYvFJr=HBl6Ql6@8P`g#;uK+CE{v+puN7!_m#cj+3SQBTimdeH4hR+c#tAMyc*vINHAErPXz80*?YRtl6eG50PVAny>K3(6}X)i*-uqr zCO@{y(B#MP1ga|i#<`PXB>4*Rc8<_TytF8t3RLfdH}vgno^506BZ}H_lZWW z`qUqYdGvl5NMC_w8)^bsd91*-P6H$ISYoHNAdlj90enwOSGXB8N1<6u?h)i{xt?)s zK^BD2Ox{aAIj$yxh@nHZw zSs;*d;k{Sjeqo&@<$VV$ruri29jFdI%Wbs8KHRK9Z8^5>HGmpA`;l}3OHIz}X6 z+lVA%p*t0jRBdkf^ZTg2< z@MQe55$8Dfh@?DR1zjv3P7URL|ZkCRqgVwarq)vCIIr;RhqD`3Xkuvb6;?SF}$+&b3jq>>Gf zVwV=~uvOdfs8g=CthV|4D?7CQxD(+nE$+cU{57d#xmRI7#7+&+slc7YZ<}&q3rsSU zd0$B}P4s%xpyzWI?f~|hSZB#?g87Hd)U&MQ_R|1RJOC8y{L!MJBDaofiM!#Kn?Le; zdRe)EAOlwiiK9_S^jdShusaL{h(Fl(#T78&8-O4hV(mah)jSM^EnjP51FTMxMV{He zJRm97QY%bT?3Bt_>l%Otc1slNFi?&~21aqG(IQVa$wHD0qC%rBSjSiFYXxnhY)56+ zJNw7UUWeWVa^KSDpd`~ppr?z_^Jg6X1L1lc4ey;O9yx&C*mP5V7j`(FDyU_AS~ zN7CAv!2Uk2JulJz)=r52d!zRJu=e}7_WK{VMd~ae{mUJ9-`I-`ou@mjzX8wjiu~Jk zTTzjiDKdB>zLy*E;XCy3<8J(YqvH+u$kBDTDA$QVx%_iJM;01|*LqO1#?x)*g01rh zXw%vhO#5mSor^eA0(Wh}=jz)2%&b2F9X&AO;6YSIFiG+Wbq=)0ylX?g**(xR3j_aHo~S&LkA{U_6aqDF6hcTu81}`O zX$v-YiV@MpeqZ(@rRLUjnz5J&+goWn}TEX3-y`uX-bNQtoQHZhZ_bHB_>}D67 zYi#nTbidgB0y#ZBw+62ODOV2He2G_3_#K&ZZ6^!D;)nHw)~-B*<9>940JZLBgL9UB zBzz;cZ~c+ZELA>>`r)&vR|}s-P{3aT3;q(E@RtC`upeAB3-Mom5t>^4@5038?i1zb zSX@9ii!3{-2;sX(bWamSd0M*UHu5%?N30@)W~!+4w<$@(wKu)AgTQfFpyGZD)xHDG z_Zx{HTP?aLnV`uk_8OGvNzj^oqv&4EOxtb>*ymntqU;-X6^hBM2ux{p4lA0VxQ43R zTcG#?E4D$gis_s4pxD5Qv!ST6;(YAINJZ?Th&7haPivjaKYGg`?h>54M?ny0g+5tW zu=0=Z!(T&s!7umf^cE0Q<1(4C>A?&;nZ9MBlg~=6M%uQ&NYM01akB>>Yd3E!m!N%A2cj{;b)bScf4+j4{auQ=9G!>Ko5H6kKaYj*D>BGh9 ze<2>xVnjy9e2UC<{K^}kmj7S0%G%X`WZ`KLu?SZ?Ahhs&FzAoN(58e+e;YAC;s)wg z*bub3cyM_!RAsf~I#=`8@(LpbP?=_uK%TI<^I>A(FUUlVeo3BWYORLm=O-8pWk-g# z1cPPu=x69(4G*d?o~mm*nN|799p~7T4jvhAXr(scI~S%EO+foSqmq{?%IKtIpw4*S z6{NvUODE98QPW^`l$^s8q!@93v)Fr_Np#hl#9%e91pk+eS8AWW5!2<B(9DdXdo+mp5JYYk`R_SKtQB;&3u7r7q0#FP=#KY~Ug#f6&MbNHi1!%2dWet{OfL~^T)_fS&5Z4iPu)o>mX_3dxAU|DY zQvTMQ96VQj_B!0Bfv2p%U90LSU4Vr##UeOm-t|L}!d9C&edcgd@6U>dU&hedCc4^} zqG6~03{ceb2vciyJjO;wxzsDVjwJBq$0$hLBp|N1Vf`+F-Pl-X&#V(&&222jT&mCOcULXLqli9JQn)BHwz}}9XD=NfuL|h1XT@H83Gr+U5sYKWli~}3!bpGm=NKsH+1bHBX#`MW z5R}rRvA_ti<;ql!F4ZyVp}0{rH!R7~)?duRt-veNrBUNx+5LdD$!|&)_a7B|Pos5b z3&LhQEx^b?xqTc!Exi-F}UNVn2IafpDCG{5b zc%!qNHT+nk2|lQ!=R&I&7C!QGOI`s`-7Hp$~FTo^)|0RZd{`AY5yoZ z4NJHP&s3ksDR&oe!j^Q*r{NX$ACVNAcSgn;&g2R1>j9^=z>rV-H=_gec3|?QLRlNE z)}{Q4wfJZ&@UW%U>}ufyTt6%^f!qj<3Hy%;u4>~J3{Pi~_gm!8=dNiyE(B{_-Wb=} zSo!3l6S=Kc{?&u|{2yz%J$RN^em(jbH17XiK!i;$Hv6i=S^�A;rElH0m?;qQUrq)W=Q zEW5dpFAu_!xAL2Ek*|C&^&UzdQ#w3=1)M=X}?8AO{Z{rdWT-tox)21VzQ`^P%X%NK{H9-Hin2AFv!&cBcYg}-Xk%Z zYfu}qg6)~wgfBmZP_AIg35by_#t92Ng6b;Z3=ipk9v*KX59k#X)RWcp;2PNCiP1Kv zDYMl&s>VW0uUMnkWN+t#poY=dUxPZ9%;pWSd}k#R|4%0eWJzw-1Vu?9O+lZl@;jKL z9?;E-`M8zSw9##6+C?~Gy=)qnJPM>bpQ4RB7f0V`;x~h&x_N3pB7Zw5-XG}O=(3Z9 z1N;o{zZO4_?TfOp5j{|0H>#9a$G|XTjbtXKn(LnWHwY!+jm#}@`qqOI%E~KG;#>_R zR=R?&pWx1e9QpZViiT(G1?_Gii3irR8ds>4uRwJW7No$x>Jj)qdM)y5)NJ`pNuWhP z&j@}6%L|aS3wEycMAo!#@SBXBt2x%&oG8Y|Ww1aOERy^RrcJKcNRD$@dO?#e1`a1- z7Bj2hR`%pCgojdc#NUkEkl(!e4AV4oNJ9XkIx5Oj@`MkP4VohGXA0)l5&QUXpe^8< zNjZ{YPoLmUJz;}Yh4=C6VIbwZSp3r5db`{L%*qC!I_+Go z06CI<35lV#IQj(6ci-^(KY?<2qb|mr&u6Y$8%Zv+F803=%ZB1Qa!zvJnGE3bkNP6u z7kowvgGPIwz@Oa(g$5{my8ooWFJ0NN2G$*x);6qrB?)aci7B(_=-Q0qpY(? z8Z|SAcTs3v#SWV8V;ua=hy6cK;u_Hl6Ml;0-AP!kv&x?duJ6tXuA?0^<5s*TO8dXW z{bF;qa(4NwG-?Sni19k@?vfZ#SoZ&5bNS98pZ@{c83T*zai9WgzMaGAshi*)e86UI z;$8Jbz}9B=T*T)R-eP@++}IosOR-Ce;Cb zC&|)|wt~vkSo#h7!X!Cq2e7^vySdu=xt*)A%U^3;M4Pu(YaVbCye$lvzFSgs{eKzm01lV_zVKaoixEXe`R!-xb9h`Q12X;Tc{O03$ z>%-F~ksjLsJPr2mai;QpeC1GtXMYMImYE} zla#cKxJwKIuuMzl3D=ROHg}Q?pF9Jf!2k8O{l`T#?~hAHX~W8I7GSIF^PTY$Ljk|Z zQWjIlZ%!(so!nf#@CHc%p+&hTYmLo($Wa2aN`G7cM z&xDV=p`_a)Q10=^o(={<{{XexbzUTGFQj`)xZMy4d0*+9q(q-gk;dF!L z(s4u~px$JO*oMelFX@P)d!cT2A5ngW^5<}6Ds3rG6w#GFAzd6LWI0WuPaqV!#|LvguJ%~I zpt>i2sfhc7qEd$Df5kRkDxNyWf&mxoyTsxH694u(I)KQokvJgBYi;JkqWrauFX(V> zqbXP{!2XE->Nc@>;yf|4PK>3Xr8b3Pie6>I13p03PRir;vHDB<@gSw9Ib!3MKrKFy zO!w6M^pVU2hjvl!CB|-JCld6>4sFHSWV5o4Y;%oXe|$)Pq`%6 zV5DfbWZYA-nFWA^dY7xD`$pgOn`Bb@Vha8F$hyc@?uB^$@ZZ zmal*%B>*XnuaHo@ckMQ6FSo>z-tcq_8G3=gqF5ol@A%1aTieZ}h`#2n=@Dkv2=>0l~MdTu=Ec({noew4>YW6kI>PWi7gs zHUa>U#Q|mlneZ!Fq`vrrQW@0#g0#=t|^HVj78pUYYa&8AhIA-Od|wQn=#CK z4+DAzB`4)B7|UJIo)k+uX>Z&9BiJO_S%A6UmF$10BLq+^DItMBSQUoz)*6o8P@quC z8mN4^Lb7!Xz~aY^OdGo26cdS0iff@1K=%b1T9S2slY#83F(ETgL9+i@YN5cW^=Xk0 zc>PI0YvwxM{W?uYfyv@dsv!5>ffkt6{of0T|0$ z1tYk`f?Lx!Qtv@FSDi@=){63iutARq=nXXpl9AX5%6Uvx z2NGbb2gt?}CdGK2Y?g_nr^ev=WGY<@`y8G$$MWSEwsQ-vX5mr-%-ful=+%f^YYV%? z84b_lKf?1!ez<|*q5JPLNG{)4d;htd0=4~Fn^u##Wyv34N=*x|4wEpF0MO8Nc#^*V zd$ISmIHejD2NE^=o^mZ9;4l;53QQtMP@;To(4(P|KssS=ajpOXbHOrPkaWIMbzYkr zm~{dnSfc~O#$?bX7n*CifSEG7gllH^;pIAuQpSkK8$On@DB>JzMLh-96?kjCfSbr# zuT`!FJ;f+^kHuI`yPUU(t|}%n#KQ;E1F@h;TVgBADONzeg`ZRpbC>K)kQ)O@{7_)@ zjb|+8T}w{OmAHDl_#f!}c()?A#ZYJ>JZx}GA!3C2b}q2v1-IKw7!k+SP7Dc_kn&`P zhEH>c<5qrCyoHIlKv!}MUgDMH+w|20UoL3!do^AbxK}6q!5ZOTFZf(-8fOY&ExZO! z7LbXyD5df{f^uJ|DCXF^pHPuNO0G?b*AC-KaEJIRi}@E*tm?H(%O}&$u`#+;KO+CVpFE3+eS^z0`U+HKbvBJAlQsb@&Q}# zLX*w43(vc3^3-(ySF!rt*!$R(M%mtEQ#RpIh)sE^6wgkTb(I8LM+(2Zfzn%?U>Wg7@}OM<-xel1^&(E66ok7cnx zp*T;oa6u7)H1Sf8QxMn_dS__balqA6sFsii5bvWOW-mfwA@xnvA5v3Tn!0P`UIsQ`Y-_v-F3X{ zXQHhV6VMl^4`(tKT_h+5#wikgphRW>A2!P1whF9mw&0H3 zLo^LD^jve=`F(CZw3-ZTR&<>JX3*!$UxxtZlIm@l?FtVND-v9Vf*cK#nz4Jr=qI2*NiB?J5b#jQoX0Bdn zwJDFM12Jbs#}9-3?;+S*##qQgXzyJDvNsSsY=JbIV69Dt&&<^eJ`421`!cZVB*iQ$ z*H=rK9VmPLY|F03s`!~?{+@SnaR{dT-Ygsh8s^Nq`Q=aI9Ho%M81W8`HHG#}N?TV& zspDiLS=RtPK*GN%ggHy;Ogkdm$$cLNVH9Z2Ve->g;^ArX;fjB zqXZu2k(5Wsv$4$?C?H+Kmlg1pXO-IoS2K^%7Bb);W0ox&zWCWLPb9pJtt`I;w>b;{ zs&Bzc7PA!3JMp%E^W30OuxD3`!5W*p;A>d!&AjVAMAY1N+>YuUgIFhqP!Be9{lWqM z+vt?Sqd(!739$wp9ty;yAttn6`*~!$GGn_kF=3HTqKNgvf|^I~Lt6v!&%e+mPe~ba z?};IXxoe1jK7*22t7EK=B)pCE1ZppjPQjXh652ki((4&*Z3Q8 z-im$BA5ct0kDQ@^7vQtB?`~rTr!U0pz5Fsv0b|u!tqoc2Twry{w*8L)`(BPaMg-NM zy}~>}XTlbFxHwMZ!FD#+sv zmE@zqr;sNuJAn-9DdaT!{o^i`YS!Rbam4^Yz?GesXnPu|&Nee`;EsWSZ7c*vY+=f( z_QLrCY=kr;fY?OQUD6@${~=(^4d%AmlvOx7yW41n?Fjf0jnbCgGQpjiLEO1g3k3gw zp!}5v39MVn-Xpqd&s$`~Yy`a*ADSzVz7x2!d^YHl%zKRZ-Gk%7Jx(m1Tis--CYE!7}+cFxryl{7Bim8!S7_y=7^8F zydf6rUY<@o!MoMO4&>B-gS3U4mk8RQ92*dX?ZF@)NuyQmB(nvbH`*ByNV1>4#v4=W zTRi5Rwl|T10-NBpH4&0)F`{XdAxPg>*!r-`Bq>I)7-n#+t2&1UJFoU4HuU0cJHw2| z%n(`vF|h6e_BqPG<`d=pHZ0Vu2_|+*^(VC0EkA{(2Nd4&11UcG#Xu@8n)97Qf8s4e4nGg2>Uk0y=hZl z`R;g7;!4sL0GU(e!s*I7>|1WMWc%e+SX5SN4wNB_p~dWZ>OO`nd=e4USE8Jbc>3OW z41@M@&T*m7HNP=);T(2urxebR3upURP*fR$mR~**IrCkpa(|E0+6&E*$N1+wK~J|f z#ct=@qP&7&Z__fx^X2Qv4!T!VY{?Aa@6uZNMDU)EwVJ=P^7bEX#b2TI?It}%mwN&T zZ~N91R9eyugn6%Ovbk^L?5LGL=OJ{1ZrEs(_c;%uPXk)NZSrAT_UEG8c!iF7FGD?g zoJpCJOxALb7TrNv(GtTT&JQT^x@UxLT|El$DoGVGgoYe~RvDk=Bz1WJK)ghu)V_lUi?qyCh|4 zIOKVLO>pEb9Y4!>|J@ifuj zi=2Z_irjutz9-$9eM%dUBaXuLb`w|ex8r9CO4%JuA29MO*3z*aOR%`t?taW9y8Bcg zBVD&lv=EXCjMUg!xIi)g#m z=DL+zG?uQ$U>u(L-y9FJW21i)mwc-d8t|WBxfn{Z{F*@*s}AI~&^yEcOohp0pQa!;AaX3c8)KCM!^;Bo(Q!LE{-G`JsMs3~8&fsEDvV+M*U*4&>0e-Pz5e$y^ep4>(mI!ltn=diF5;EAfJox{HH!w@=$ z&1_`Hu$2?xlLGvN-&Bt$h5L^oWC$gEH7^G7g~|7xwwu3t{Bpd-n%#tYLP4c5lSHK- z(4pj<%^c*H)#I9ajS*|IWL6iB(J{vCaj15e$8yYRG8%U-kBJb1c6Io~tS;CWhy|pG zN}un)A7YrOB>8QbjZ(IXwJfq9zzp$wY{1UdO>&RUKrq;%i@gsciRJFI%U`N9nvVky z|0WD*26JbkJh~=~Y89*t4ABYQ0YbG&>^)H@?kZ-|L!8u+6}r$=rTJw5eK<1kSW-TN z=AqF;HNhg#n*;)3n~|)K+E$wZ^<7_@V6xahk_#m^XYvDiF$ zjvl`r_KiPPvRKi;A8h$zS@k98gq!wyJo1PYm0C96d1CQu{Jz#=>Oi(j&qI%bBxnuS zZvqsLn~oRih95qTH|_Gs3s*iEOuHT1EM9>h$>Zj@#h^TCo*2v8l2_pQW*||NU&i0L zt>K$cJ;WDZjN_Wm&L^{C8JKZOkueaHyH6>ZuFRqw_w3@`sKN~16%!BrPBDsZm>bX; z)h~l_1|{C*X?L~7E*c1|^$*`gvDRXr|Az4fB5p zm@NF}f|w6*+PMRwGGy?#L(pw(x0HE6bSFJM-kn;8E3Zsjc}V~J1Cl(;#BUxCyziDT zKN*6@UdFw-hoJF0_HtH!+nl{I@aUnvv9LNFdyVk#Q+t8+{-chz&bLyzP}W9lI=gb! z$1%*|q~g)u#K$rgU1U{aP*njvtp*^?ARjAaSW2HKzZnACyRp%l*<|I~U?)eQP^TlX zEb{UlmsiBg@U#Nh6chzkoA zy*CdTCa8*_(PRIs*3+3%1C03@z}-{N#Mq1XSmj-Ud?iQQaU~*oWekAFuF2F3m8rlSC_{`=GH0wiDJJMOxAWzPQDX{vtmYcNq6lg3 z4Dc7QUMfQ}y01;@{csx+67(0(`rEu0=Jq@=vJdU<(W`CVpG?UAjv&?C z(ddyfF}7~f^FS*w65{PRG=LnwyyN*892CF&a_m?@#fbA-vTN+}9>2)4#Z*%8>WM*R z>b%TGvA7=g@+1>H=%8Qt!(Lo#m45+j=k8$&y^?rI84j$fM5l-3MQM_f2e_9K@irCUz!Q(mHlN?*gRz$* z-pgS?i3_e}0`AYa9o-)ze1xkBQ~^o3>XYUn2Ag8pX%I8pKu=#W(LH)S5WR6dzsVzJ zdy%vd(Lal1r`>x)O>6tGTd+b9&vY0Z;@r%d;*ZMaSii?86w%d7I_`k^PeTrV_OzOdpmhAFIP#srgbeT#yX~fX*}v; zw#fP+Ss%40HZt<6ju#o9s*mPVxr|Tw8J`liGSoJLl(67yL~YV8DYL#uPUS~EkKcS- z3}7;gQj?{If|Q-%7d^(tFxPb^mS6EbO4Aq_fVM|;K2r6ePke~0>ojglwpX6`kpDd0 zK>M5_HG4nclJ)|*WV$@d2z#+>$Kt5%5)fKGpeR=3a+eTycTdj{ltD-a-yoZ_B_2Rd zC&?hg^l={^VklHnz1GZKbkOdXvOR1?!MHZ9DkbaAQA_OF&(RApaKC^d2txC@ItShV z;?Y-&0zKv)@}n1qyP(xQ{v5hYy3X_xK)B?`)_IS_R258~ZP>56niF8a7S4;e5RSwu z(yI9|de8X^kFXU!UTWbdHE2kHCO`$XC=+K3X0M~S*~d#hP)LC=m6vu9vv06u*YU(M zg|ahv4}xDU0-%cBDDTRy=G}jXTJ8zws!q{q>BantT_pCb%Ru8zy=!Y5oz&X2Rbg@8 z(_v8_pJ&ZHX)iuh$Zr}v(BfViv}T^R7oWz-&y|!-xa7z2oBnzUE_Q3L!F_S_gT>$L z96QBqpQyZcCZ9=oNrUko#mFf}D+jV^pP^sDW~L0Tx5}Rj`#Ug_5&!lfYwV1_W=vGx zJd=;Q1y}fxRk5dA&3l&g7D`7ChSl{P(>a!nCZj$^*>{nu@~|q&_cdE&C#Y;Q+k|aQ z6#QOrecxf_-`-=*-i4BJMznn$y0!&(0*AAkRla;Gnt04VJNy9iu@KC#`!`KgRvtru zgb!G=-w3X6u-QA)p#^L9;U!yS7*U-4OBzuFj78XgCNvxzAOjvvuKp>QB|vVoW;a+a zEu3dBh6VdlCAl;`BopDwK=>f41d-<1J_=%a>;!je@3DNcvA4y2{U|=$ih;O{u~v6d zx&WMNm4d@D*Yc}ylas4QmdrVQP;QsMkPk+TSKeQ-uVk!3=L)Sdf}2mPyvjV(tZLQqPZ=<;!puOI`1 zA{wpk$;?d!_anEMhykgAN-A8I@~Ic+Jwv?Y54ZZhUHo28;{tOuCZ`GKnXYjxiwjp``I;Kau_W3g?Bf5 z@g$S2cp6^gT^+v0yH~r$ySm$Jy!PT#Xh+H2cN{jdMM>DJ1@G}rO0}AgJ1d0XIFsNT z$L{bt=%~j}RPMaWzwk^jXl~cB{+ zP3jc}y5IXNU7v9Bz}0AjeS%+kxIGxmCIcb2cT~w7e&uM)&JoXt$oBnq{EfPu|L;)b zlVfm|@hKeecs~!7S*YE0@UH4OmR8aSm|PP>CUH&Fj76^TKNxy(dLMU?(cymo6ugy4 z;&x~QN<7p_-0t0k{u+b5QsyCT@1c!|gl+tmUq1O1hWo`ELLhex9t^;qISl~)gaDmw z>lD$w=h)C8{mQK58)fUMkk)jwMR{bpMJdshsy5J~tWA+xl&yHDe+;M&J}V{&4e48t z*D|%Lrf)dk5<@2lEaWWgOhK62Qpi00t^ZnD=yOey@^~@|@@N*o^VaOMz>rvo_7)5o z?ds^eXr^S|t6y>4lwgrhkh0Q@_8}W(BL#8CJ&6MeFCFT~FS-g-fs%_A)StxBHClUO z9oCmn4Q19A_#_5DfrVTb<*$AnlY>;|uO2A}{r>YIn%BCwtJgZo;VP3D3h`T84Bq7k z43^y1X1aGWrA@8u%ZxbJF;$>ha>vDa(CK4SY8_oO+GMFiz3z@W)az!{pd7iHPe`>H0QH+vT}1#XsPAOsl*0n{GRZ5#?n%o5#WzXhVlC=Wxw6Zx?| zc$mS?E~h5xemMPLQa<|>!Aq^SW$ud*^N*3q3S&sE+d;`NNkg@AAl9EkA%ZajtGw4L zA7>(^Cc@i`4_jprBZ87V6S&kOrYxau(AhtNMm{u_*|&gd*Xx$SxeWDF@z$l|0l+qq zAX!O~G{Tlaym2`zWEtG=xCQD8Tx8XdWe{&#PE7CQ?`v<96fTexiUUhDhUBJZBr!T0 zU}VSUk}}f}xL1_xu<$=n{Nnu=pm-#ACjM&_FNAff1C_?!8s1=o)bbYtcR}@PFzk9} zKVSYS+E#-#=CApRji^|i;G+CbULB)COgRR#S!JVnv-vy@44wfv@C zI7KX*>ITx8R`x=%wO3LMzsU=5S25kx2>qsdH5H1-8?@oMeE7ec%Xv7L!f(!{Wp3yE zZavRuQ7<;1x6{Q!`~UHLZfN`;=5rHpFg6Dg*HoDl+rxaO4h9|Be2gzQCenOb&}Og) zXZ1;#)xfHAEbm1&@Yy6!iq zE<4kX|8Zwp`+t9DYS{a~t<%6YfOnV`VyJ+Be@p`2fDLa{Unekvd-@D2iO4|KA*yWd z@gRG2Qt_F z^i)u$tDUn04{8LYBgB6yj_yUm1_)rrE!=}UjIqI<*%Yw>GSjSX7-+V{me-I|3j3^imdpdpeAioWF9}*Qzm|%>1{q=W#h_@eXDn`IZ@N<6D`^z7)sec+ zZ#p0bTmz8TV`zF-Qg>P98ql|_nbn~Feo+{E$My_KdF>$6 z)Eft5%cO`(A$4a#GPPBOd`B-2!Tp{Fy~QgZiu>e*p^m zxc^Q;7lNM%?rEr^*9oV;Vmi7I+{?~-Z$L%y^jGjZq^3W5N>|fam430Ljm|-k+z*qQ zUdOxVPy);#=;_(9VLct5fTG?9m$rLci#m7*DC&u^-74x&cUIIR*7pVU^{M|S`npB_ zTK4V_f@0WNUEg_Obv?AdM(gVZ?xdTU!d?{f8w$HN?Oio?tGqa*v5QP&*A@0Pz+j*N z%z!VKkvH9woW0xe2Yd0(u&OSBsxE@6UKm!@$7`y3q4Juhs()%ReW)y-6xQ ziHdq<^>Nq<79}w~oz(R2ovT1g*Oc_YGP`_4qjKDS{DW}&2D)TwI$oA=7qz;@bFQ{t zbc;@?>P5R$frlTvE6QSNi7k9cfOSxyNXtX!$|}uV>CxC9>;Yj8$XA?!UBn-A7B6wx z8$@ME6RkQ6$Sw?~a)t2qe8?7X%n-5#+?l=vmRq%M2e1`?60!r-IQyVikm7~G%k6gUYnB0%?kVic-hhO>SIo%9U#q@Vje`QdAJE!`QWZM2% z?4&}If8t5qM$pWsaDsf^|HpHhjUZ61Y5)5z+*x)gEq@*OJ6R0^|3De&S?1GKp@8o0 z&pxRs@PVhh+;<6`_O{X$91|YNma*gAXXyH9u`nGKdfBV4@Ei}8{sU{B*7L&a@i>*T z(r|tO_+4d4HgNEs-KWv769Omi2aBXyat|&;+diGr4M6wO@wpy6wJkLp9Ftfv*JDF* z#4jp0O!Ltp<{l}t(dK@l4TOt@F{0ORvbzT>XhD5fH1A#DfnV?9Hf}?Ice-gP$^9hx z0E!|uIee|;LiUS1%HB>%5O&*?$|{mZs&?Q`<}1ZN1}-L+Vj{K2vIBI=oY9m_~Ay3#0C$>!P_Bbgs=bH3GTHE@ng zFVwC{`^5Vr=rsSRBDi>q(4z` zBll!b_3niKpGcOJ-+^%UK$a-C*)ZjOurF%ti)P!+Kl0@T9Ep*};c`1V6DBq>Wo;aD zD{)K1NhXJn;ul>bp)Q)jK7bdILOHY@QrqC8kW_95sayz&<=5+Cxs~61XOviO-qBes zpXg5d6G|?B>ds;W`m=0pb8QO+dD=ulo^IhZ8v`h$yz4d6VMDG*lHvsZ`2sWRq-!@s zHNm+X7bJegY7(_~Ip#tA>0FeY-N_Bf zbT|Piz3A@UMCQ2KoxO@~;wfn}s*&}jR!fcz#!(PPjDNrM4On+Z6%x71h?hN?`-_o9cUBF z^#rWY*lcJZ02`O5Bez~Mx53-Jhz4a9^&+pDO@COQ$|@GJ2*di3XN&ItoOgk6-yct5 z*<>X}W-AtN*luGnKepq76=Nw#m89Sros5^Lk{5y2k)IA)6e>*L*b@(eIGF?V6)(y8 z>DzE&3*-hRpu?Jb@M@UC)in86Kt-7RW4J2*5M$xIqB7)1kM1u6TTPMz^|wI%En@6O z6M1~pW8erh{1pMxig4!dj$uHE%HniU8HyKuzOgYNn3u(3T+O>g_vlq2vdh+c<~J|G zj#2;f(D8R2bS%07K=wZ<7=H8htLQG-AcP_V=LOf3#Q1{6geTOWD;H7K21CFy`DSH8dkylXSv6Mq)F@@G%~ z2>v`f>HlZ>^Pjf;|0#dYX#GFq&+4!L7x?qokN$W5obb{Ab^iR}hrhv}vwnj=FaE#9 zpRuv|J@Mzoj6ct3{F#1vn`6Y-&DQ^kU$5NyKl1D1t-r;uv%2u>#S#2^eoy?GkwWEs#;EBN z?>8}0> z6wkK*HqYk%AK}^GRsG-K*}Woo_QEG4UHKRMSA2TW!^ooxf0IYsG#+h}KUb9&j1cw< za^Z*QQYYiW#DM|i1DJSOo!i1VFwZ!!ia|mH_h=kgavK#GsPY>OxO(&d&VZM1?v?>x zuQTAeYyMaMJ9_hP@Za=q`R`rCe`f;AoUZZTDH{Jp>q{pdT=?JeVE^CPiDFStY?uWE zUB%MhE{_Tix-J|Zba`}m(B)migRV-Zd0Sp(U{OMm4?(jmF6gQ*aY0R+Cdn~To}Zh1*G z7q0~_K40VF*N69y2rgctaq;u-MRM^~P@T4qZn*eFG(t;?pCz zcu`MWoCOtM!$@dN5o6uc>CZvYdo*5BN|B&|-$6%}NKkh900zY_R903pg4$>0Up)W> z1u(5iW+&LG$uJ9zusbkPszg$vO~7>|)_VkKsn3V+A}x_Io3@0Iy{~sRMbioAX9bkY z{Ii};0z)Xj&#u!4wK`*~yUEW=`Ca=`epmB#-Q;(r_r2+TcI5lui1;5ybeC_aqTVrJ zu4~JCbe@&Ojsj--`_RqS&h{ggCr6FQlVg?lhHlJ?zKYq}p=55W=yv0x$la&@awLup zGwV=)VNXT(bL8Y%m4g8b%YI-LUS}2X4MoRM#h=)VRd@rhcmUd_E0={Usae|lN5aoU z_muTQ6<+mGuh5z;qR8-@*S$xHXYA`$?=kk`rl`+6+Gi)fXKx46Md+zwZmYE-=!mm| zBx%Id@z8`vy~NKdor;NUqFHNVqt?XdG1Nq|9q(Sa?ak^BDtqw}zHpI4zQJ)bU-|Ed zX5?c+)hpP_@3mI&euYh0N7i}SuU_{fdyFw%1Q$8}8yutg$_JuA$q=fL=c*&LMlkWa zt(aUe0Fn&#rvQ6?9W}m+VqgL#6v52k9IEzdWF=qKpH9Pk;fC{tDvXk(e*7J4;1`zS z2tTrdY~i-&tDH8ol|@J7cwwUoe!v+2W?;t z^`F{=l2?gq+h1wq1$^bBk^MYZO6Mnk$Hua>#wKz!c)FzJW(Dihb-426*}d$kHbP+T8&+d^(vuh?)rsDUowoivZCYLl^zVv}ua zpic9`oqDL#e`1>tYi&MDA<)(}Fwn7rdM$zOcnZMwPz%$;Ei_XL7?fEZNi8_0z{}k3ak|6Hy1MvaGOqT(i!`Pb{m zG2M9C4pj@g8MTFK`MW?g&LPu==(D!5SR&RIjbi})EeLUTfTu zmE6uI%xm@|%o@xA9W}})G|rcBf)KqF(8&@iPbpHL{e_-AD7uyuan3p6SJTzS^a^7T zDc0%YEer+Krd`f4a(uX6i#EsqYN3XPiEf?swW#sLF&%yB#})($enB7hCiO4yYh)~J z8!i7HVgTGcScxnFIG<>~2}TJ+FegwPj$!&G{@hl~FJ;&o8R&q~7#+t_>vZya>+^LxIM(H1J&^~PZnZ32r+o{PCy34xl8#JWe zt9^VKrfjcQ6(9qViH_l>W-}g(@YbAS)lbuf4C`#1zsh6q!;zqU<|7F)HmZSnjK5+7 z%T9%7WnRRr@D;Chu)Of`OvV%$pH)+CqpQ+uw7{O>Mop5t0(qpcg;?xBHr?ejp&8dl zuhFs?4+Ax+LEx}jPb+SPw>BB*Y}*<(%OD@Bd|SPTJ?m$CjR`F7Hu~> z7lB=Xl2Qq}HGT}D#zJk^n}*%tLjC3YI2Ldq2-^c?ySmA*oa^L%9+vOenRSo(By}N= z@#oN)cWymMZX4d=aD^6=Ot=-7vw9znj@T1$I#QZ)n9lZBS}15Ep$k~`YX4V5>&{2V z92DR}2Hx#KM?ZFzSpG%*=GQnwU`+Qs1uv5Z23?rnyt|C?8|~aZntyBAF7wG6Lp(cT zEPr|hA!H1DI69pqARC>QEKyhwr;2R*hVPJVGakeE3qB2M8+l)nxu%KmMLs@HV6};z zvBiN;8@1Zaw1-Ta54Gpv^8?>f?fJN*!nI%3YX65Nv(P28i`8A5!og@Tp9tY^`5G;$ z1^b166iRfVvz!%7Zq(*MpC5kn3fvRs%FAhMP*`3?=q62lbv?~nmF~lP1;(^FE$?q(?H-b5$2`HxyNfH-!hI+UPCRch7@4u`J_poXChW`+m6tOpK+_?|y`r)m6-=$G zGphS#8g+&izzH~^@m7}3RQ=aW_=@h^2CmR)u{%o4E@ijcQ3T#%%S?O_-?R?JL3rySh>%#bmXPb}0&Jfd66G9lT*^o+43_eF-dX^IT$}jf@WbpvvjSl(|Slz zH@z51?2cZrG-umfZJ7(Mk=${$DQSk>Ll_j^f=*kb$i>}n;lgd{)fYArX1uT~PMfDb z@mC7fFk6&Ccab-f`y#NG@YYBUG5)hO-*K~{7YaMRHA$nRS3pRUl=k9jMI$8kdm%q{VeP0WHOKv$KmM#=p+up_IHCEJzcwqV-89V2i(++b0x zMvTuEFPRJT7v2O-eVVL~_!^{k2_AVvk1$wBzzmPxf=Bq^DtwS7$)FQcs`uFneg>j!5zw#ji7ndgzAt7oxmdP?C{K5>t%^s}fJP+B51O zF4Y2Xkg`s(zXxEgZ~8~pnxcW!W(ZZNj;e6IR^f|qg;$~~^w%nE3RftNs_@G&R^hpD zg?pkZG*Sh}V(n!?)XVqS%e%FgBcfhD&t8tvUYep_KFMBYYA*x*B45rNX3&(iwY9{E zGIU1Ny?!$?B-L7PsqMzy{Q^x!OFcO%rN4#&~m?#KIs{)bi6L9onoJ^m%g zpxsng(o|0h_N6|V7H*!C=#GUQad6A7q<%e~E_B>{z*rCTHkUU) z4Cbc8xYXZoW*L8`V8G16dD5uD*?f5}9+c!W@JIK-6?cO85H`Ft9>eJ|w7=RO3@U_f zIf0yhLGzjysd=GLQG(YZmnUmc*aCaCkq0h=#=lNVGemQb41WkW!O}Yj{*5o_8LlwA zn9sVA(?&4o%QzUW4~q{#5oTc{&G#8W_DGo8`;F}*7)JlZFzQ;e(crku=3dol-bm}Zhyg%I~Hrz6doYID^B51vZm)v*jpKz@Ucs3+Ty zKFbgB6$d*avEkoM+f0bg{UbpwXeGglbMzKnC9^db0#TtlVsX`aCgSG2fQ+7uF5<{# zEO#pbESlR&1_jH|>|B1xQOF`KsD2D1u?OQ7md$1-5|w0MI!%c=*-D`cKT7FeNo3j( zav0B|M8%Ejrqhv-!)oIhtG&24Bak$W(ati431k_3gQNZeeT`3_*AxX^{%5ew^h?lY zm;F3CcgYvX58O|8S`6!Zby*B+KxNsI*l98B{+{NORvIv0Dbk?8VH;`~yWZx{5E=D|Ke$K0yx#=0!({fU= zD(Y>#r2+o06Xlyh9%b?v0VB!`Rv>_pw1ho~@Lj_VhV5*FESazdU#5m%{u^`M)pYve z1$bz#DY-;c)-kQ_1iVnMWz5MGTs{Lg{7pb^Z<>H*^onE|KY@&mN6VogQ|vtaj>!ES zWC8Rp|Em^D*7amQEUZ#3O>>wSU5eVG(mSsj8z5G;y)NcHruJEG{Gc;odYt{Rk-WI^myWS zj5tV+qrmG=QrLf;O8D~MlWFSzIZE*-20JPI-K^I=NU#e5)%@mOYSIImKF9RN6QW$L z)?Ljc7h-Pi)twl!FFuWpFp?|3|4m$oaiQ}(5F&A`6=9AQn5b7UVFllEU493|uh&O> zLMIjf*sE!ayEC2%izl|WXmj`HV4NWklY1y6C`Q>ZI_p!)VUnZq&J=sViPQ1eQYGynTWxFaW?=V7ewqbPOaq^TF(S6Iy zacNQ9t_^|z>IkZ3X*Uuo(ZAq?+6%}wOr2W2_pu(RiQU_ussD^f_FG(FLc;AY7Ox^) z#;&4m$Lw8lC#Bwkt?_SZ$oqL%#5y}&ASugrb~+cB3?oaK)_9qhk>xH&h7FkHl^QP< z6;RBcAu1e+%YiadFeb{`vE@I2uk(rB$n^iotBF= zf1HF36oyfu5a*kitnSN=kC@;0Rvr)b0M8JG!=Vkqaa|!Qf=RnAlyWm*azF@#&~sZ} zWW#rB4M)*S==3aln1i{H3`WD`VVJq~7^3M#F9qky>7Jf-eOqgku^9A510n9gNhCRp zwC1)_{5ko61+d^mESdB8^1XEBu@-9zlPE0AQ(rP7#QeqTEi0Lw82DzMs7xc?oK6Nc zP!$@2Y0teo!hpZp08dLqd44iY1IsQ@z8okh@Zg0AuIeE`=YvX zi}Z!sH<*_CF0Il)EMorWr;i7To8*MFl$$s^54cGnh<70JSBR(@B%>q|fU< zh-E*DF%dewl5MZ}2?P~R3xW(oL1vv@v7V`z2Rc%pd) zN2G-ti^v}w+(A{>N=U3bmfVcLEb>wHRf+9(K!}GVWpaicD0LqY192-)|(7 z*;c#U5r_j295)DTYBO+Z``B=)G} z>_L75IOdD;=b0)hbF0JWXxI?w1PtPSX# z#;|!SVsk7}{*TuKTzOhcUyC%qqoIx5E^RD;HmI9G3Vj)K9a}SlU_22jNodUlyFxAG+nPD9UmN8_8ao z97$YfVjNeH1mQZv@fG_?#<#AArOD23tg~TVu7`Dr;!fbAZr@qwOS0~mf;PrQR#F&V z@M7A+wR8&l2Z}YtF51@0HG#|Z``wBNJNI+go|Bg>Z^n=LxQ_SejP{3#x zJAZ(YrZX3?O}i)R3C1(*RCf?esDjy}9Ty`}4i%LNCUqL67(~O1^t2MV%KJEf{>L_SI-7yZC|9lhj+sZ#1m_>{kWM!I7N45Y2IckaVsgD7e zeQlkWSAPH{a1%!BN2dIrF7Ho%N}A5-TqgXzSIBt#mAMf@U>9$o9?pv-C6{cB{b;NB zVrvXjl+;Jtv=gLuc7ntvCK)FtmDc>W913@h#n@}u^1s-194%v9TUYGn1IRX|FJV{j z;>~k}-3Mf!D&#Zl-mPQzCcrM>^H%sqbrd3PPp1{S;f8n}pLkGcwh%tEBJsKGbZ30k z><4__hEwJzqjUZW%g z>o8*fino{{KwW0VHORZ&>^BT#jg>ZH#V{(t`6Oa`7-BldM$v7jnN-iGfbEN;=`Hl~ zy3c5V7AOh$WjcOo4!!)x=g6i}o(w&Dmg+mwg2X?6wGc2X7h?1Qptz{B3xY2E+pk)} zIzcz`&-5tH=+h50I2O*rtC~O4O#J%l_o(r$*e#>ARrG8JqqVs>jzxCmq2VTsz+WuM ze%1UuGoQRnHoLJ!?C8ZVtHHEQ8%SQb4<1SA(1~nV%^pwWQY6V&j7nB|k z3Ty+r#HL8YO=|v?@rFPzR{r)XR!b_yFbi$K@1}RjY7LEjMAiK2`&#uOrKom}GB|LT zK7T3|<1a-of>Diel!rkv`H1UtjPs-H#*XSy%Cl~e8AdbI-wV;j} zOHvi@-oipY1^R=$rM(-*-YvO@{YIJV8hGT&NMsbcNsFy+Y z9)@}$yCJh$pbm$xZu>hDgmVkb-_~yZeaJE!h+&x-TxJ7bekMkXIJ$Knl++iNgdKoh z#s}k`KyJIdj?-+VPtz&nxW({HW!^NU?3AX3Y@U_mk5 zX_PhePb|CWAOip8HqA@NEGe5?^xFU^RQ&J<=B1;h6rw;i%u5Hu@Nj>?g!h|hB9xaY zi8wTJGch*0Oc`ojfo?EW1(SM}sa_pQbx9=u!kqtktsM0cN>;r~S5Df2KF1j}c0t3C#pY8q>nvolS6}y7ZEG#ASHEmo$*EEeo5)tVbE5+3QS3 zs=h;_HI;#H)p29U7bi<&FzN6RYSy74)~o*BPO^Tym`YZ*_=V0#vUO#tE045+3Qa} zhcEI*X)GSdt51l9Ua@|JZU$GsXC`r^UG>Z&Y5=|D)Z?t2j}6D%U{qhWmd^jqu3;k|%%LI-K|w z>!aKt;Sk5cqMMWjqxaxXWm39mKH%srj+&GK zFr8!1;DZzJ>o|RI5A5}eGP<{5gykn8J?cD85i%lwv(qEZKdke7YVo)L*h_#~bXVDa zsP+6+iF6AN9Tj!s|BRpXcRi6~KpIkPd7@J8Mbt(E906Y*JIhi^5$XD&VJG{%2Hs*W z1fFhW>@O-sWDdWU?DGDxyCV#A5q$X_jW6$?g3F58@Vl#rPL+YryU@F93k&=`$tUEH zXji6-k2nHfDZQPIzwp*-84;IqTb3w4!|b$lB5{)=%;t7$tN_m|l>97FNo)Me2<;$E z3?98u|AwCWFY4TXPIUj97l!+v5Y>MU^gsDR{mXlPvtw*XW*tL&%=uTfguB$%&c1~x z+egg5Nr{Z-mN7Wuey1+&TPr+^(?H%&HaM<={qw0GfXx)(L?ywmNAMS~dFs5^9A{u| zTObAl$IiVVmpyXM)&lJ?*I&-?e5<90Pn}& zN5Z@9`v`cA7lxP9;eBW^!Mp7HZs3LIzsKizh7|Z$G`#v@XEb~^O>1|@vr&6#uow;M1;wC)JN;GO!$-I7{NY=ra%8qgB6<|{B`s=8QB4INIUofkzEE-UHAM! zAtLJr-x2ztMXq%hw7A;F@GB0mk;ObQ#9%8nmP(vwOt4v!>7qGv|H3f7r$4{+9d^{- zoBqn|-xmKzsEd@LN+G|4|N7t5YGaOozy$Qb-u?xqX2|uJPw=Z((Mp(PB88}oX&m|T zMs&E8TLKG}GTc4_53;}VJM?R2Z)!|t|F#6|tUnBW#kgUbQu;CG)w|xkJP4}vEkSQE zxNvZ;CvYhu&Xs3y3=^0s2d$#X$Kw&!h->$x07ld(dB9-kUfTsqe==N=+kKvX<-vP8y1h1UG! zQs;oy{M3ABGBXl3r(-w^dT|d!)UP`T2Fy(*{d#*+?cok6~lG({Lg3O zL-%WYx@4*My3MX<#GMs=ei-4evZ?s*$Qx($MA0Ke71asp$7rpk(C zwd`g-R&7zwZ;T_3QBlvY^#tPdbsF|lijs$v(k2Q{7Q?t-Gv2tD4c(o`gy7?|oh`tc z=$={rA2?F~y(BFK`SMS7xq2%pN-Yl_XC_%vcH~-h(koC~gfe$7I(vm2>o zv%;GuYTzoI@K@Lc2XY8i+xn8JhpwoW(~X^VmlN=%oNfW2SL|j|2hU z44tJ!_o^3Yysdo7rk2pD=F3N8@zn-S0Es|$zkjd_AAs;x=B)}ndlH_(SExUhu0sA~ z^#7wr>jd58>%ls)!|>a;{5}~Eb;frm|Mt-~>^H{i^}E)>_sV!?Yx?FykhxOuS5730j16d_+4Rgmu-0NSJ|x~fIBO>zo)@L> z$dl(s{+1`_NOD=T;kV=mWUdc^#3mY?ec(@#!5Qy*V!FXGds`)C9T76N8jXyl4Ttwx z2GHl2`n~KP4i9rZY68Eh!Fx2mY!_7|<8&V;1ID{{ajrd_{McxDa=uTU`(W)@l&0VMNy)0x?y;3F7<|CE!3`z_;57oYh!M>6`UU zaeHYe82O6nc<`|(*zI{n^!Xw46H;zV1&F3&@0kFHBWWw6hQ(P1XFmXE{XszRA$I&= z$=xTqQ*RTM84bx85C(Q|OI!lsCLPat=(MdanD)FIov#uk`Njaw(M)PWl22@%r_Iqz zbPC!OarW26-*@u#DrEMqC#T0a?q)b!gE(s~NHscdRIk+T-d{@21F%>I;l^>9u)cI!WI=316wg znXUMOFCRyVTV$M7D*$z=1nS6Kp=|45cwmgp=l@tM$Y+GIqquun6C0hk2U2odqaWo< ziVeTn!oFEB5N#KZ{x(+?MHFx*ww7Uv`FzJk=%XWh1$20*R!8o^Z3&(D^2=MD4~h&l z(N)FFop)8yRu@Y{h_H}(n^HAxT;3n)2>#~#XyMX)Y_)4tr7ZdMiD23$WdxJp0M|l( zd2lh%#5+{Uy__ykx+&Hd5S7SVyrp?TXD-Zo^Bl5S$<<*mH@{;a8qj32z*g;`+-ved zXz_`+qFv#-S-+sMnHwBq$)`~!tHLNT2iValG0QP3HwbhwYP`u&pczUsffWz%uIt(pU z{~1Tem6wdb)0Eu$Ti{O&zt-zEx+B>xGZDJlW1SNy^)fIta%tX?g_#>DSsn|KYYb~s2S^R=2M%F%h0JN z^#;n1(iV$DNV2)Sajv!)O54s`z5c7=GuAVO@^G~q`SL+QylzFt4qTUod9JE+M3TL# z&^qit11q@-4Zr@Dj!ynr6p)QWqcdojG3X#L*`z6G-T6b%-Zlq$g?SC;EOE|dEDk6) zkLBcZUJ7d_w_d<_fxx(6vEWg&GB(d9>s1^NxX#2b8Yonu{3P##B_ceCI%w)M61Qti z@F)g~dK8#i1w}o|Z)6wg0;0I!xNJuPyLV}eKE`A_#<48x>r z;*MmxH150@9{&NV<4ITC6MErestAR5zZ}F0)%4`!9^-3dG4bEoKcwQ8)@f$x-jdSi zU(3mx|44W8Tqx2re43-#inAnTX1+y90gjnR`ho*pv!&r#5+>M?8!hs_VA_=BWQ59_ z6@`zmKNV}$F7LI-welA>B=dT;>TkHK)}W8XM^yCMl;wK2mkY`OyF!|i1S$$hp^o8M zq#n!dg4|-04+PV`t{4%Dd)u8q7t;r)ld-#J`#F1`Z|eU3MOgZ|;C-KpeU1?}S6jw5 z+^B4PK?{B8@(d4O`8hG;crXyRjor2F93Z3{{y-Zg>=jRBp`&0bJ51c`9IiHB!?ec0 zKs6257sz&fG8xvEl0$o87Q5%ph40c`c_q0_ZgqxkpWxH)M-rzTA}Uie=x!BWUCR>9 zXJDPdtR!5c-N~KMm`d0A5_J0C6=w*fK|LqkgrB4Xq+gH9=;8p`&3VbSG&);1hpNG= zBMw!6$%r^q?X*7eJcb#H!s{<0ehj_e5S8zw^LhmpvVlxoe*x~^-TdqCM{eo%eYAbJ z)A>=9zs=`#mSsy<8$ZFlYEgQW$RBavr{O~Jarn)`Q{9~JD4Ye}JSn+ti$Mu|Dr81_ z|0_H!?CHJ*Yp?#t?Vx@+ZCD+Y&y&TZ1}06#=5CsuQ{dG&H;LBdO(7>BxiKNUE> z;y9D=zy4VB7sJ$F9@SOMuwtR0Vz+qd?c6n@G9ekAhVR(RA|xjQdV)Umr@;h(`qy@h zZ&A$LDq%<5rH%k`b_AMWTx}15QiTWg-VASPJ9LkHLfv^2AbD8#zWFg4^J~n*zpdEU z=SF74nK;-GzHZF6B5erjHxDxSuR$09Xw-dP2Hi*Y1wQJ&pE)?u>$-Ew$GcztCxT&* z{pb(TpVEIZDQs#{Av#2%Ep1gMMrNz8Ucw^EY&N)cn009~U`)-0tZ48{TF9 z_Hpr1^S2;AEgWbg;y% ztDYePC?G2^w9EY^x@-5@MReD0$^F`WyzeeDunXzQC=vC>JHYBYyJ0M~Htp73Ej_#H z6MPmxJunjM{^!m{Ag8tS>;)!Ov^s}%|GrY2-Ro{3d-%s$Y$Wduz{^+NO-7>j0s0qp z^<(dPe$?tZ!#U?#$5G=t(~UVKc!-zKZ4vTf`hx3+HV~(#}NY{T-z0VyqQ<^!L}} zLOy&01=OV{=BvqLsUWJGS)oY1+LFM0{&r5}4CE#D&=h(y4^Z{HyAurRoBionXTEyr z@&rRCT{k$QUj?I|Gv%G>2e?Z1te)h7==*5(j0xXuI}Qz{NEo-Mlj{4^7$Zhk6b zp-U*(8age&*cO{`!2s&TRb;pdua? z<$*RBgUJwml|5oCC3^g{9F3v^lc51YZneo@+qu*HA3e6RpdPifnrb+&!Bl)R-%ddD z7!hG{y$#gHbem!vF2+tb>DNM9)Y%g$Lb7JJj9xcA$P1cGD=ANC*x8ZFwhq{f0Xtrk z*I@)i--IA43CQy$#gJQX%WkmoW9uaIiG_)v{L6cQScZwQ7+C)RLh`x&c+k!*GIip^ zuBAB!$3|3Jky)#Yp)X}oPT;`DJ?d9-qgr6sue}LmD<=nzJ{{e~C+R#s3j9LX@j~PK zme$QhqB0KHKravqvb`*ywZxD0Vm5lKxkccmx{CUe1!8Q031l07sKsC?9i7+9kt7Cv zqPgAqi@Y}w1JaH1hdlH>r-l`57aX1M|g6Lz)jc*(gxqmhJyzh3MS>U+W zb!H(;^;&iYqbNEbx5z?H;6eCzc;G%eo;%a!28aT&gGIc%r6 zCyzR3cWsZ4*H&go2I%g*bv%rY8go67VQ`EQm6ANP6y4w|84d)|T9^&`AMY@UK7od- zw*4!C_RKZoQS~g$GZ>=P%E$xAZtkzKusr(xHTyG@rD=(W?kD%bJAmr8OEg-VZ$$ZVr$`YZfgx%k*G-b!o-8VMRh@H)1=5>@ zM`1Hh%?xF+R!=y0%6rnMum~&OmaM{Ectjw+v_v2BA^WJ+lt5W5NT@{ml$Pd(Z-) zOaZJ}H!@Vp2Qcuaq}Z#}M~<>e|D;M*ShUt=i()rg%fEGukYqn5kFa96qPAe#lk+KH zo^yo%ZcJFC^>4vQ1jnGkX7!bSCa}pHg$b@_p2BGM>Xjlg0J}-OlogWIL0IUCPD1ky za~wJ6s^dT$pzT*YDIN$s+3JHns87yf*$_BqD8Q#Xe`=PU4jod0)}4uZbfAO2>x_6<^+ z>WcX0Klsg68vNP<7c|LAy%|=&jRn?WUPW}-aR~*y?OTY~GuwLcE4HJ$=-QbsY>y`@ z`xd}AyqRF|zi^&NtxL1t{4=822cw(aY^7#)xV)hYY$DXiEMI6bdz)R zCI_-6U*Pm62W^2Se>n$8c2C9gNVWbeM&ykwpHwn5nWtEd0$yy==+0ks9&cR!VGCWZ=}D)sFVG!3vx4J0CR_M=I0_J%)sFgI_6=VnJdo13R-s6YAFM7tm* zc6B9Mb{W92GSW{dG1_8)m1bUs@cjy_D=-571~TxUi}9ZU_)iMP(^ID>Fe6UGKxUQ7 z13ED`E&Wy;<@B(W37hanQ!Cy+eG}{8LUmcRh5DpLTd0p&SZK1c9a>7z?h;T%+Pm>s zJHaPt9Dj18{X1%Z6qP&ENxD^!j}6~+d>ThFRV0y8q_ITos?cv>p^Uj5^Cra@u?Fq2fAV3FhTVz9~+Ktqi?|7+@EDbxpXXxxFJT30km8-k%oamg+zH0`Fsqg!3fC|*KvNj zCLC=E4@OK5^g+ZC*zYf3uutv;d#!5U zrorAKVtO{bO&0;XFF&39_PT*T6avkwX6u8<3i-=K+EYB_Tj9?Ff?_;~>tcW{SYvZ}+U({7&OmrdgrOdIPSeYGH;6B>Uka9{r&1&45_-XwyQBR2)p z{&GKEf6aU16RZ3^)PJf06o+CAf>$y`f(4daPxEOrr`Bn5W6&#_>zv1#KK__17_&gK z$Sqd+M;o`p7STy?hfO{nf=B*Ua68+uX9_F;J!ewS&Lms#W1H(7xAaRGhXwYaiXb%& zq{E%YJc!cB#lXFOj^a|yT z&P=hm5tdy;&@1=V79EXBGt<-uPQZd~f(6^e7A!3+^^GwR3$`!1c>dOUaNGiGAa@^d zhLY=W71&@!1nV4^BHdeMPc+?2V|2P#1_XD>DV>Qv(ten#q*UxH=^Na|jDyAoIVCDq zXAkpnsZ`9_0ho*NGp%=~Eq`$f%t3tA0e83dwdptm95ew+!xy=S0%;NV6M{8jah+)1 zy<`yWhnUkFzEDYo-#ll8L5U9>qFwHfqeEK-#ROV5nr#+$-_zZFL~O)}hw57J$8O$7 z@ttIIN=Xt9P;Law)P?X8vNy}f#0C8uuhryrUIgFt*X0M8D0!bK8yllh8gJR4Qq4=octRDSyI{B~XMff!=rx7lcRs1 z-j_K!E5e^cZn#v4{GCW|qt>T3Lq028h%i$RSaHBBv~ag~YcW+zMAu@V)J3q_vD~Zz zP6S{6jAlryaBJ9%o{-(-2x*nQHo3)u(gDW*n>_;b(MX*kg1*M;@lOZoM&s;UPhdoM zRiDtRc7Qfe)xn(ML>5U504}h|KIr$qnDO0O+^Uvf+JxCS-J*OzklRW&l4WW*B7h>T z?1p)VMuTZ1s8-44C}P?Ta&=&6ci=5X6>SC{hyq7Az}Avd5nRe~|KTuJ90n@)H}Z$oy5bJmkrD4A1F2uyAXD z^95RK2Uub@gNQk~O8N5o$Ow87z~i@mM@M9Q`yS{8xS^NiS3F&?;_~A7*ANAHEV$#rXkMEI6!csV6r_{I4;N`<(LMF( zgyy-(5OSpqQ;%qoYyUgy*=y6Fl;oOVTCZ7*fDVe}=vVTuNE%8e8v2}Q=*Z0fnue|k z)6n$arXg1Z4LvoJ&3Y!Ip+WyU4Y?v{=xVLC{hes2=0Y@t>1!h7n<6BiqL3vG*v%ap zg-AdlfGTS=gK^x8oc`W!h=a5~7P*3;TQh@UzJ2NZ3$u&8X<>Fzq|f*0|7NBmx(ude z=>3&!ra8`Jb4;cJjLdDA5i!AS7o6a^+61?A(_n({feD_56YRJiXZQN3*)5M4G|K;X zvnk1C6MTg>!K1XUcYztEe4?q^8uD)-mT|%TwaL2|Gxh|IH>5r*9IM z-PL82c!*7YR>US@pjsvIY=M*KduZu8?!=kBvm(e>Vl<(s8Ll9Gt6g8hTkd32Vr4Tt zCfNN<5FMq4*SA!>H$(v!THh5B>wBWs)xl2dd)IHwen~%l_Sb70MyLCJ=4uNsp^>9x znCMRPWu~F@_x|5g4eIS*81$=tFKZs@pZ~@;l^s0LkwGm_Z9#^mXdP`Hv?n>mEDkglH{=xfwE@gv&+#bHA|_ z%}CLR&%cjln%S+nv`bn?S+WC!{LWMu-79gOe@$a^^fdEz5|vmQhkQan^>4TQixp#M zvqez?bt8%HawNLTu{R5KCm-0loCWOE2PDB4fol;fSE1KBR*Qx#;v1c3q)#I^_WVev z=}z*$BwG#a$dBQE09}DVnc+FF>r7vMZMCI*m-B`TVQ^4##PW^S3hsmfPNo5}-LNyq zup#~LAw&vW`qD-XL;c-U80sxJ)QJ~d{e7cb&__LNDw~Ig$=E|N(P2yyt{SL`9|hAo zrXc=j0eDjhJVdPX#>mA^4WA&4Mu1j3WrVIXkeGz&NpLzM;p_?@Yet7}S-6ev^?8x> z_c~_pvjLN0I*jv_O`e>Of`6K*6yPM`5o|t7&?k=6Su?lu`@Z`7iWEm6a5$vGN45_WE#!Bym_+Dv z`8vu(gQh`U+y#*$q8N|~dyr3{C%=`i1kLX-VG;2hl#(J*c|2czrX?731-Yeh7#HG) zE|$)&@F_)EuA@9?f=d3CawPsb=f4ms|HVjVYUm4~M_AcHOSMlI%K%z`A4-b8CDL>J zu>1&nz^gBZ>;ZHWZrxLz;)nHBFKwa-U?%nVpKA#uQdX0zSf0B0ipWER-(L|KqpREe z1L!MdV|jf>saqRCzh^O1uXzciu|qiMhs5yy@72QEwh4qCRsIX$y^V8<=ms-Nz4;#r zdd$_IU(~<9GU|Ix$<)5LY2TZmYT{}Bxf;59(tSFD--zc^v9BaS-lyL5w^&1Wn`g8? zTzlS-3*5hQ$Jxvme*dQnz2`T3!xzW~LG6*F=;m0Z$a&e#v0e0emz!g*o3smK$Mizk z%|ogx#BQU(g4roLT_M=b}byz;h${%C-2Uc#t z@*!6K6w7;Axe3cPto$XGH?wjxmfv9IZ?XI`E2~(3mX&|R@(NaN!SWwi`4pBPW#u+3 z7qjv?EKg%)1E5Tuz{*A}-^$7+EMLdUNm#y|m6Nf2F)OEHnP=s6EXT6)U@V_bp>hV6 z1FSq8%U`o{7MAz3@|9Tjv2qTUKVaqSvHUhGi&%b@l_e}c&&owuR#^ECEH7o{=~!OK z$}_NhKP%71^4+XF2g{RKc^;O>vhqV%zKNCRV|gSiJFq;Il^0{VKPx|l4{sWH!QQ52!28)s-Y{wHEmdwIEq~%*&sy8Ga0Aa~J;?h1B!=J0l|2D`F z$PMk!;T)gUx0x`OflW5vWOMnFgFew!lVK|hwt-aPxK5Ctx~a|P8hw+&c|?+r!t)Iv ztT;S!yZYF0+#ae?#CeBmNV4kuFt90@766W6k#m%|_c(merLBLW9 zlSNl;GJN{I?vB`PzLALJKcCBcgK3jNp&Au;`s4_M;~I+1<3Q-$akpR&XBk5Y^*Qzh zjy~-#Jf${kBN>0!op|7Z2T>J4$8hft>1z_(7%)z3B+tT?pLO1l$*s3ApuV2soTNI|HtxFNv50+tmP@YmC7$bZ)2k zQtAtRI`!XK9t`bQ>Q$8Za}7p(%&j-CNs7Vy>7~*dBS(89ou@_ZV4?gR`4L%of@vo} z^`L~c_KoV6{+cZjV-an^0LyCOFfG#2oh;H(FwKJ>#EZV=rlkV7oya1!%rvBDXrCc8Q|DU z96Ie_Ka6MlY8?3)%5l3-Xn9^)3XxlC;CC?YBYf%}@`rVLSamL(5p>IfxQNcQhp#P& z(-Q`_zea6$`K}DAgr$^rP5$DvSDTU*tXN_;V~`%81jAQjE)+ELTz> z^6v8ub|()?c*UtkkUtlYA9K@j|H)AQP5if(k&avB+(pS1^}Maob+qO5L9QX_k!iT2 zmLpv_FNPZOF3*_+&oQH6SLxA~tVVuYy}SxvO2sOW#9Krg0&r@<`+bs7_PwDcXs{-B zlzoGHuO;zhfjr|a%Xs<2<2Y8uI=?_Je+x$o)bbXimOel&$B9}t4mlnK>N*}luW#vd z8%!HB4L7Td?zf@t?ziZEEp?(iB~OyA`I2lGb#p9iIryxN+)1j{osx-Ch)occC9r>= ziNI2YXA4hZN9x4l1FhvRX;1^5944sG494yCL;B%kuklPIAgTF1HPhb8h?X_eLCw62 z&A8*vU5EFh$~#zVR4azjULKilyPS`!2QhJXWfHN1QA8zci(5#p*aw7Etr3!i z^9H@px8kU>$W=)cSHFsuM{9W%gQh<~)5e1D)TqN~TurcG+CupxSVe=O^G&zkykABE zQfh4S=Qeq-n$^zu7X#WeYPE^@7hYm?3!Hm0?C`v;fk@JAObL3V;%4ASuUjng>-Ytb z-RlImoo@HowH#8;%Ycx65Vh#my$Y1IuOp!a5;2%mpM21+Y%(v%1Mr$aCRVM~tn%YU zxi=*bD^OOxj^mU21||S~zRr-6qSpoH-uGhk?*|(FA%aF<*Kra^Lt%3@hFqWq<3qk7 zJzsF^Bp>u?gUKYZAh&)LF%L(kdpt~LL2?(afU{YzNR^gIsi9MQA7N7PPV$CPk=BI1 z>9Stry}7L<6jh5RgPvHs><3(e@)D5ShMZm%&V&@Pn_l-IZt%C9^N;AdLtljNDsXkV zhg7l8<2qG2^?S^QFa_@ds2kQtL}`zx)9`!Nj8Rk;nV69!uZQ?Z;qjCm0hSa*k2Cj> z(cOc-`1b_5&>iSAejf(?yt`Y_%@Lsg^m6y0r}YGSSN!jh>(GrkNK*0;*`3-|xbZze z0IyNI0r-svSWhtUr^~)aUXIC%-9yf->=uJJGJt|V zbOX?!2f`TqU}d)$JUuTA(i<;z57Pd5zdiX~`A^x8>kXZ@xzifPrx-sZlkp z`d}QtjBd!jAe!6wW&b8X29FWB(;%IkMRW4a$oPj{#ANm7yjX2rb$O#RzBb`zbZQHF z(0WF-&JECNRg3Nk=R|Xzz_0UI%B!I+cQfvB5p^3P>z==G-PZ<$dUw@yh~_4!TJCkm z*2dlpBJBE*BRR1y7^L9!WAMP@tA@Z9>hx^AM9YRUN8`s8djO5B9*6@+f~4KWji%~L znzicf>J0{l*NP2V^-$G8S0SVRQLA}G#hca2+oXXRwkTq586??w=bT?~~{p6)EJ-v*TeqkzN9G?8g|o~8bK9Z@UjEwSH?p!}zD z=kEs1WrS-%`j@*|&F%Na8Q8@~b>a(gT^3Nt;ji(&xUOE#q4R)5xz4Mm=hgw<87_0Z zRl6U|dRye*_KIFLL*A8L-FS?v_8v33jr-ij0({^$-sUzg%dP9CJ#J)7WPBO@s$onp zEpzmUo~*5i??`O7meC%{SER;J{M&G1Dt*svU7o~hWUv}*LN$^?HIiA4D_M;fLN$^@ zHBwoPJXT|Us77k2MmnouVKp{{YNUs13}!WoSdERL8iPYMGFXintVUI+Mn; zt`F77V>Mo5HPldzyikqNtj0!Gqa{>hbf`u?tMMVL(H5$aAF5#?2`UM5&7exPHzo3* z!kcnDloaQEEMJH|%A3zq+8m@0bp@;4Gp&?=%4#F6sCTm3J=0Bj9ji^LZAP-%J=0M6 zhpaZmEjgb|wR@(g@{O!E(v!NE)$W_ktai_IR{jF3?V)@~tai^dSH60P}@K1d@$Jc{72#3N%?MLWl!-a zltfT;dUZ*k@o|^j>9|9!b#>mMKD#H*ASpMzb$A42t}ZWU#<71KM&sD}!(<$rCK<7M5WMOn=0A)hXu z=UJlTuYpwZpa&%2w6iEuan-pVSGz^z3#z+~m!+d?u59lBrTKD$77rc1{{X*t+dBm6 zLD+(B18PZM@|DjC$CKkXbGh|%N5$~ZvuF$aSa0|DwJDJi#=+b`4&kUU4ptu@V=|1s z2qQI)(_g6tW6(Zd+bJY;5Ah22vP7abdCyjgpAI5wK%q>l+?QAWiWV7Q}ZAr>AX(wiIidy0Q21 zApDh=ucvf>uW{jAkUzZ;3~px`5*+vGABgUmO*lM55vc_USia*n8tSde%r?qb{sP|r z^q?cnT94pujul*Wrv$Ev-!vt`!fs8UKvMjuR0~R_?q3p*_vP`bWQ$tZTg&M^y?gyJ zQif4&FOZ|l)&ZIm0DzGI+t=S7i8sKX-RHW-7mT1E3U8stQxol!(K!SCAyA(C9W;P{ z<;WJg_Rm}r+VFbxHNA2FEX>o=YEcqPmIu>)?TD!8FrDx3Mcp?mpT|-osli)JGz&My zvv6AX;9sRMMAARsY|?+z9y96f(0kfNZVmsY>}|>#RFl;7?Xmjf9LhIPi%gb&v&3|_ zOx=w5IHT_QIP}Iq*YD4$AA}#7v_~7lk5I)@=Zy=2g%Xb1M*2JbUQg*3*KEMY&uoh| zY*~yCVkhRQ#qFU=7|~XBy%mC;ax}Wr8t;!csG~oo$yPrtVyO9WVyG|7O`#?w9@k-^ zSbfSG4AQ5L*cMB^7;K&{!e83$=I9b=;d*U% z2nRG3JN~VK?<)-@mC$D8pW#<^;a8CpwCE!?L6omyBYVT9%Dz+U##fpXN_VBt+WPm| ztflV`RcZ@Y(kJlDuFzXUOz5pXmtTh8n!;~sTA#6+bhu}So23~Z@IajY>V@!Ek(2$} zhin4)ly~THnRhYeLp&Wl>+UxhZhWPAp;V(A@eQB6ShVoT`LlJ}KY3FKnhg=jYl$A< z?`u*tU7U(%bOFs#4wGo|h}WPKs*pZ_8@-sISI2Hspj&8j&A)~dc3k)$#&CL@t6Q6%KEoDF=|l4c8^Wo^+tyDtB=P ziENYeIEH~*YYQ(roV#QzS_B=*qCASuadLwJV=mpeZdX5@*!{UqH~vStt*+`07CeSu z@og-Hs`>7Q$WS#PRXp<~T8ct}n?G9^XYf}MM#~I(#?`;l?{|o_$~ro5dsKcPRa3K z5zAa~wKwm=2t|aOT-4VlW4t)~kG+fsRzpi0;*Fbk#UI6eu*` zFZ&a52D#RMobndHr$%}m_v&JrZ4|gEY~#e_6uQtLb2#t4dv@_yfXCdje??mG>$B?|3xg5o%?a33cRl5KYbQsjzoTT?u}_xoG=hUx z;Df-Y+QMA4n=MNE%75lHyh212{&kE_;q28lH-}G7{R>`0KUX4=3 z5VKb;`T$Q*+C_P67QvRuU_-p#x1EJkMb*@w*g-SV78-cl`Op+j;G(B+rCHxD*`U0J zuG=N6`OAVh1EC4cYp_w|@D)_zlQ}-64C4(!5#ykgZP3aYP_7E`(}m}WwL2X6t#dJ- ztbLQhL6LoeVN{ao6D()2@6aA3b_OpbI55~+0k+Vt(hEL_Bw+t5!Qi$WN=$MtDvEBz zim@W+sz0amK=$G68+%HVMlAEsovJ@`Q%}{2FFx2~=fohTbHpGo;BQiE(_-b{3ESH- zb=dqkq{!1NnE5RqruDSMTRLpKr4^UfZAcRJc$1`w#as$pE@5!8U)1RzP;6=WQ;G+& z6DyB^%7S?(@BSB)!!6K3?shuFQ}Q!57#+PZ7ip_7FWK?Q1{2XX{mkIkdUL##w+352 zzKXc;zwk~P{QUWkuoRTJ$$~O9)lyMBnt#rtOvuk{q~O%8)%nm)Mja-rN-3{*^r7?J z1!NO>&SNeAc5$C_;7lUkZJLTMPD_j^oR`<}71!gl0=(K-FNQ*7ggsVZm~yqcU>mKD zz*iUYC&DWx;Y=2-`N<|nigq#hgqo8_8{gF|lNLM}${q~any)?Rn-`r=u4@kKPW`#I zP(njYvpG4hY-@&=-_JRKr9Y01$hC@1uq+N6IA@Nlj$^q$@e+_0MnIjEZeqEXr{5DpRp;O--NjD{MV1YweR%B%J$8~Z7TPnC z>NEkjbZccW_)h~YV&`ajw|IuZd97=)!{EGX=kjN~ zbNSCpS+aq#IM~^elJ-Hy2)c82QRtqUe)ebUk}tSZK0DZwHQ0*K`1H>eI&1>kD+#un z2)5k+1-1y+z0URwkRM<=K%O*oPPg0HzHOEFSoBcS!L$c+!w8+2=h_lN=n3`Ia=Px4 z#{kcBJwXV4f)H930=g^$=(0{g({CT`#4H^inaieY7XVLah;0(&_F&q?p(7XwK!E^9 zGG)xZCde{!Ug*O#_%OH%s|9+oz6?=fc};Zu6FnQ!AWRUS>uKdUC(j1Kh4T&faDOT8 z&UZ%`E_~lJbiaoPR&B^P83fP{oAOPR{wGU*3hDV5kWJBupJLGRdaBc|IIACNObOpq zm#3slvNZ$G*`fF1k?87RZQ+ySL@4sv)@I3VhZ^=KkXg-Fpw)d!^A-$lp}w9^r}0G* z_I+1-+@gNK3*CK&VME2nGLfsJi!EPX5qYgfuV31}m|yWX7RT0v{cWlT@#(UwI;CSe zbA@(2W=FDC7b6 z6&-luovD_)y{1$JR4b z@|}suFK&|LTYcm5LehR9-=bKJ-3eTQOFG3MiV($;w8WNipGIg-OseSqgVWl4e5wI= zB>)%L*&}~u9#Smfqgr~5q4A$|FTa*1;TLt+NX2M>sJJT%3Iw;vz6 z*}(D#+>A&qF-h`uzOfNl9d=s~_B9rud~P@n?gUibws*s7EuUpq{k8+H?1zb>mv{$Uh+a z{Hr5lr3NG6#tYAZ2fBYpi9zg=GH#xvOq$QSI~=QL_&~k#neIM}$nYH1+*2Bg0u3m3 ztEc|T7T-fKbh4jZ@P6t4>3ozl{7>_-I-bqPMel~@V@}ukFmI#zm!JpzwKdzN%>DVq}79NtR42FHi*efM8&n9=5#U4>FoKS{L&2C1dYL%LtL zCbp>6ZR7#47%H=es9|AzVR%>^zRw@g&Kiw8erJ<+hOLrMQz9?t=NL_R&z~raa^O;Z z#PB0>$a=1wb)T>yzw{?GU8r3&TD77v7$mP{Xy6u@f<$M7n)@;6>>m+VuKDlfk+Uz5 zJaVpmur81Mb9FcJ2$NB5a-&VIqmvKI@I3qnRoGTN{zXmz+ee87+``4jC+jghtj7%^smN$#**Om81FVxzS_gcPvrzg4#UVfqZnG8 z!Qz`_v49+HHkje3xN|`*hGuu})t%-~LQSGhqTGB+pEZ}F>#kQd?F*;qyHNcit$tJE ze^)NHwSOb*ADx!_?>QBfw!?83b=BZ=gnM~=c3?Qd|7fd^n zf%oHjn4TBvx{m^-<90E;k2G6-e8GI(2yhmrTSAzJ5_vVM*6)A9P}H!&=Y_0!N4{r+ z?~1>v5!NXf@8`8Ku$2gT(2!iMKAmF<2i@*dI>x|4$ba+QPd&odStmmy5{c6m_iaJJ zb*A^C%YdcbkTJwCu{i0EHc-9=(7r>qca{Qf0nC-FdY$Xc#r%r5Y5k>Lmq8h=|0r?$ z#srVLo)~U$T#v)%*H%*uq_x$8X`eGQ>L^=*QCl&5c{?m3-#Fq;f~%Rs{4$bk%kv3j zLh-*#wnnc-uC|7_6$9h}#9Jre9)@Swg8wNz7Jh8F-@!gtR{~o6_fvR%|7^PKQO}o8 zW2ZNMjDk&2kL?O|b`;c~eHQ_>sOfnc^Z+r-yy1ai01QH_$K>n>KTkJoh=UeN4Z7eShr04K7p5@`O0U+*~Mix4T5;N^l zpX+A=;y=xHebsjrV_to2^0+*~H;ynEa0Jti4T&OqU>#9}|ME`aOP(P^=o|@^vA@># zycQw^rzjqDpSDhlc6L!(L;OcWl22fpw@+Xg6tWD_hOutq>5SKM>A*bY(V`lO#%o+= z!|153QN8I~q=*yD2B-ODX(w-5zunr#d-UI=Fk`hK&sFSO%**>RSxB(PIoR*jF2gK3 ziv88F=Y09U3_6DJJm8?ZVV0J7g(Apuhs3h8cwqf_A0)^(;9K}Guoy*Fm$$<)RdnBe zUUZ!q^7t?mG8+Ap+{V7Pphq%$78Z-Hqa7kwExM{>B=awi-;T0hOXU6NT4S=o%5O5k z2bM}HnZuf*dDns;=K3t@9h4!>5hD-9>x!|W9B-3-Qm4#QwxHK8@3Og$woGuR_Jhs` zuwePD{gY$)65}QKuXKrNF8}ksx%}*glLh?J)amfc1HZiZ%Q8LL=Bi1yn-4lav6~zD ziaB^hvba;S%cv;QMkn&O1TP-KQhh-AEPhnV z%8Q^JSOkTauhmYu&w8OS!%?MLD~*pBYH3=GsB3@^@Pd5m$Q^;dngs}XQFHuCFP?g?RMMcXV2mR zW+g^skgapr34(}u5AuQA0`5fjlzjAmxJvUbC^Kl@1tJ;Fma1_%n3;4(g-32%`b1bc ziyGbvZFue5VJS6nVKu)~y#;#y;yb9MXSHfFDV=-0EPd0#)$ zWblvafEiT&-mJl7fVQ?^^!;qFSnL(uqq9VpuLa+Hzmi~(+|C?JZ=D1K&ih(-E%nr-$IAT>gd_Ac%5P+`*k(@mBW(dWxy|iIYCSg zM#jsIUQbOCk!!5-$9B0EZ6Tika_eH)Ku(`#>tzmTX)?Qk=l-ZpV?AeniAB%9DxK{5 z14jX#$LOxlp`U_i_lmfx0+Wg9r!PGoOUDP_$6^AKiiQ}?rap55Ca3tLI~Y>6)CSid{3)osNWp{TkI+#Q_Ka01-zqO+MM3^b zDEqD%qz^&w4yu`%d@nm5k5Zx1??g#E283) zy^5lR6-arsATF=H2#QESl!>wa3U@7)i{zejX1?T0@}=ng13H=c&diyaGc#w-oJZE| zl-#|+vAKSZkJ*xv2LCzJEatIQMr_MGcB!$M>*QcjXDE_9{wzoSZucR3{t0tc9!4;b z15TN>?96lxjrJd-RCUBk9JwiG3|r#J|J)sP%8mB?ugz5>t=L8nSM;n8_dkm(KL13o$*i`?!!mwgPQ724-srx4|Y zb~=-3E`hF*>jhempqWRiZIwk{0NkIBDpKJVBS%YBJ_WWZ7 zay<|-{ArG%;rGRytuP4c{XwPP@0+m1RT@XR|KtVt@T|rpt`~BY=MF)tJ^m9??QtiK z8O?-zjFlg43IXLgl1|#?X8V9+967TW6+1X}c9DEOPJajwgU;2^eejEpxMS^NjyOC) zXgGpL+w@n$^*-s`|0aCyqb8CA6;ZJJ4dTuv{|i+a__^L1KG$1e^M3PMllGmmo|NcJ ztg!^CyU^@qVSNM>+gE~qpqcFvaUTte7qe4%WmKljpzT`HoEEgUcW@0D)^jFp*nj4= zjW*$Ky4sUM&vu_uE2&Pvuz-6m0Kl*8uqhnn4|)-2@%jwI+D}kAOv+k6+f0T6V!DQD z`~ie7f;zw@pPi4MV1EW9Q`;XF0|J2ViO6iO5yI8pr5{e^gQ12@2s1cD)>e&n(FMrL*+w(hT{n?nMBcN#E?Ii8Qgb4;u`=CBObJIvMRywg?pm zx@et@ZZ^W|3%r~dM|Ex*HX$e2s23?P%mg+hsAE3%a}caSU-h@>?(||xSx+7s#%KJn zvsU+a^J}mMgO;JM;kN0;|2Zp^KarDqZb17utaS3^rsl1T3&je3z zHsSQ0fS;S&V+w;!Y)-`#hAP>dhNyz_n70G`$fxyNbZ)nnD)01;jVWK2(>mLq3+?g6-n9p7X9(9RrkGVCMA>YtAs@k zR08{Y@j*^9u48SM}MlrHPazq zR<^z`#JRJ2n+##!F_O=H5cqBw(VDfYQ}A-bFk2^oohFAZ^zmfvyJA3W%q`iC*OkDu(lim7fJgTpDSv;*)_ddL7cmSJVmuli8)!vM0yv@ z+U4%d)+<;?Dh=C3gK$52o^4;wcg(Xqp6mPbc}um`q-c$xTLZIE%TnwAlpwtVa-+(l z0KE(7d0}XnO6-bfu))>e;Td8xxU<;TWb=3x0#w@Q;WMpRzQqQ0uq1k3YjJHv;@Ti^ zU(SAbR>j@@bg&QsO`;`B1W!hBCOFk;`G|g6@wWf(*uZfYoHQNSRoyskr#qAk8{0IG zYlLl>M^DJ>=kXSLRSSKO=tz!;

^6K%m)?-5EyH^^zE*Nz3R3eBh@-WJ~ zgV&gQ(^Ah9g~K9+43Ov}vR6ZPEjL++m!ImcWv5)+Opn0#x1y2fF+N$#PVzw4!8;rn zgIvMFRwtUr17}6Ed5q>dCO&5aqFA#W*H44l_Yz%a&K1C^_UdxJe&o6>FO$6q=Ym}s zPGyoQn9j!sRw68mEo;c%qxhhMq|7h{)2KYR1&}eYP2&s(<722Y-fApU(C>7*R(Ok& z&#Ia9;&un{7E>XGePG+V;oDalnGD^766S8A2VwjjN+Ge`_dx?g|3;k20De7Wc0dO; zF|g;K31vc<*zS@t2AH>0WD-Yy%5@TViH&e@IJyt6{?n}2N+jVqHW*9;Mal8A!T(6b zlTgB59r&y%REXZh$bAQlG`=TaJM?>g9!gHKS;R$W$m<|9*?08WnBbB^~_vBXzI zQg_^A<-G<3hjvHJTZFt9t4rnj7hGi{FGl3o6g-O{pOwLfC*t3Ot#6x9@?N?j)u8JS z-+Fg@EWb;qT&v&UyS4sy)eBulIOY;dxyEQvhJG{pT5);M6a}s}8oZ&o6P!Mya=YpX zB}1HHpF^Q%=ort(2WOyoDti&w}~FR2h!VO9WX+shGBEKEANiG$Ds!WX;Qj)Oi)Fl2hsFnL5czDO4~yfaeC z2#MginQ75z$QZ2@jgv==LxUOo&`cQlv3u;5Z*X%S#qTAOJkr9}pm%j;R3@)-VsDD% z&2K5(`^Ts(_2VoyiGydWIoWIi2hYKrPArRq=isRR1+bX}KPD+f)8rA;;MWZJHKSn! zjd0*aLn7NHH7e)-yai4)}p8Z|sds z3ix4Ct06qA*9$!Rb3C(DJg1r?cq+2Mvz>~kLxbmZIV3!8VYPvgfNrAr7Q@G((*&~c zJuIP{T8thWFCS6Ka$hV&L7l{9AV>_Wh^@&Z{!rne!kx$v)vCo znrH<>~+kqQhg<53Tixz_deP(2QImW+o^{epcCq)DIE0_Pu7mf)#VW)V`$J_SnQ zCGCmdReR#^U(cUFgwCFhN7ndw=ON^Ndr`#UI#i>2jKaU3qdRp6RA)m(Qc+}ww)o@5H%0ZFHsZ=zKu^vd}+8o%IM{9Vr;aBM| zDpa#Ek8)k=9qjt)=wM>3geUXC$1%N%TiqY#YCJs?P*p!&beF&cu0$sZH?QP_#8d!Y~VVt%DA3VY-6 zSzme*7F{r(Vbn3!tX74gm6Y@NlC%r*Xa6T%i5^C=z!nx z>%9fXdID02XLAJ^Lw3hyKf4^K2-f`K3W33GNJ5`lxiIUa-l>#%EzYR2oW6nSoc^>B zSi_dkp5F7|yWEyU-m_!$8!CUCmZFti?j!Z*FQf+Vv1HYqz4xFZwAtQI`g7%wHCSX_ z*xp3<1Mbq+nkllYOQ_am+>){882PM09(bzivE?V?jcUnbk+}-rF;O_J_ylf*0IdA9 zK52Nz4{YHV;9p1-?&YpxYW7gI?B)z1L48rR`}vY>Z*L;AAmG|NV9cyL$o}DWEV9Ap z!Rexw+)$*RhdT00$lVSA^cDNJ7*d2h=1cOl$KUyzL)L+3ZPYu3yGipqG0d%>m0p8w zqD?OwO;sH?duO2OFEDB$cVCSvd3uD}I|^#Q9ZiH3AI-_eZB3Y_xhSF8Vh3iUoUm1@ z+=X-y)^=b;4jSm?ZtZf4YG9gZ;KVB-dUoD~-LHv>=awd^4i}6I+x0Z$k2Y~#2l(w) ze?QNE`_$k3=3*Srf4kb{EmQiPp9WX)?uDsim?fLs+ITLqXX0J>`c(g?s@ zMd1{cp0+rkfjU5kFL0nd4s^f}3-t3p;(^u(pkxlTE)K}A12jzl?I)KIJ>79YiVo1t z0%$b{lH!2I=m1@A;Xso)P`@~!J~}{q1<)TkP)n#s4A75T;(?wQKo`mRXV1NHK%eLU zO%y=8Ine8IKu_xc4HQ7t9B67BP_Yis&p&gZhd9viIG{`&Ain^*jssZ*klA|`WT=2A zHxr=Qd-;-x`Nx4h9N2pnvIA!>>G?Os71UD_PXb-hMqNm5tX)pq4CAHHX}%b>-}gu5 zAs)IEj@0gwa?dnObaE=j6Q^vjvmG4o2sK78iEdk%iu6`C~jCWW#(G#pV|*OjN>$g)Rjxje<%FpRAD8-``-iB3{=MJLA9 z@uCww`yx+Wissfm>$#?e@7f7pc0EJza?IvZINluC~bkPvU%c}k7UsVg=NW5GP{gb)*0rtjax?6UV z$KE2=M*4sgBP;FK5Od8YPRyf#IAiD;Z4}P4TX=)Bxkf-mqnNcj zC1IC`XW7?$7k-xr^dsDc2I}`!y)1=lLZRRyd+lGfLAX=3SK<>jLjDs)uD1+`CfEL{ zNUn=+PE4mad>v1xEa%Z=Ls=aQ@tX3{6~-&&*QoJgI^(ta`0pLB1J7S+yf!?q zH(n{((c^U?sLDCWtf&=yfpg@={;05i^{r(tRF&6>J4(Bz4l}5W@>a7w4KFH zu;;`Q$ewV;{fxKQ8fov&-{0PxE48ONorhM##l~esoB#G0c%E;%db|B1HGal(S{v&a z{FNlA$(2U6qC4)H7QFo3h@-tO%aBl)UafoE%1|g0VO!T3p%6xQs z);5aE1d5d_bWqf_4``4z?!ff7$oRzj=OowB7j%fnQbi z@0y<;I6paw@Eg0l?fK#Uf4)2qr=t`(#Sf{!#VH<8e~VLmGyhGe_$HCYQ~U#w##4NQ zNZ+T)mo)i!ioY$=IhuSt#aD|op5kjnIwO*gUbkpdF~YeWX7VHP5~BHAm8IzmyHTy! zjk-DHLr%r|!4aE*e4e2POGoH5v7c?zgXEc;X>g@_7MW0Jh`J{1!wx8Oo-deeV>kQyvsAClBcrRfIVm; zQJ}G9clrt&RaNu7?Cl+BUEoSqAT!20c5M6EiQ~Uhx#|B`9={(TGl4ozTUQZl5dOVk z6~!){BYEoQ@S)=UPzU?SyG^0r5^qsB$@pnHfABFcTgjipg1zJPInb{U+dZA0))qbi zKal-8GM&Pr!3uUNld>J21vVfKlO6sdc{t@$FbNNvh&;CHP|gTmw63@WrlnwTQI>m^ zLvh-OZdm7cQF`q5I_1k!#AUd6i__l!yWpV0%mJey<%|!UnvBsR6VX@v_cKeb@O?)< zX*rT+gNl0(*oLIN-7W4Rw}~chLKk+>3d<{`gmcSo&cPP3F!)u>&hW!fSP>4B7CWKAkqJO z0dmyky)c8FEkn=@0L_Qrne1p8Y8%=Y4AQGel{$4psqX=B4_sR!_3*c9UE{Hsy z!nWM@Pzv2Po~FO_mRANzhg?r>mzE*n?Xvp{Y-x7Su1;Qmf!Wb$ue+4&DEVBHiy2E_ z--N^Jg+|l3Xf3?h#@}CP zA|DyW2K8WwD1U3eTLQ-+Z_?|Rl!eXZ-f%H{&!5ak`3cf78*9ObuKx2$&1<+`KdMyw zhi71-@-+`M+K-+>ot92`p=>Fd+|Jd@;TturSShk>NhdX^bF5~mc-^{yQ7KWph)?CP zSHV}AFptyljW1ggHnteFSVDJ{&wS3Mz;&0os$jW0b}1Ifr_fsPkc5GBlD@)^{;)0C zV9(!GZoP1@AgPgpLw?C!d|h}Qy&8NMm~}b&JvQO`KtD6;`e^6=J?rDY=W5nRgG*f> zd9*%0aq;yru&woRzDjuE2%wWZ_T1PM&6^|A^1^0Z9@mWH6jd^g)&wTUQC0&r?Q~sf zdHk@B+)LDQd4QcHrY%ThuDem$!HH|7$X<(ns0#CcTri{0tfADPJg-_pmYB z1XcAxy7k<>HK(KplYAG|=NQ1ym6A>g76J^g7_ZiUkysf=xli zf>S}S7DPQUq6M|IO!?MuPKGu`-}n9fpXc*=q$m6Avxl|UUTf{O*D#H@2U;11Gq*%2 z^f2(@nyXWF(L6`7ozfN74S86_x`)Y9@|0L7J2BBiB&W{~Ql(!jFP!U%q`7BM=k!+A z%Q{c9;AzWp<>DOeF!6)`!GSv4u#-_#aUrD^S-A=K^v%?63vWFOEY{|gu!FDK!mAo> zcdAag1?qbusjeZOh~6#6f9a5II{b928$QiV_NM>+XjfjIAq7Jyx3Ud(XvIktebn7q z*@b<48`88Po4Q+csMQ=^#oH5I|GnbCxn zJIc;`5c`4_-*`a2AR}L!B@hAR`xsEHQMq%?!3fgf8xYm5LBV6HL;6*A&h@mX303t- zi`#)HKdEDHR_|~k$_u%_fK@u`l$w#`dGC#pJYgB?uEH1bZ^WB$3DiFokzP_6Po#^d z@x)4|5EeEfke)#2Nb@Y$L>MU9+O5d>EG5QOpZ&LRY z-=ZQkucAG*&`o>Fb}CA}p#rcALw0vDX+no|yfcw!-E3*ymI8-V--J01d0cGge78j1 zIX|7`dKe#kC?BfnBak8Q?=^Ma@ut8;n%96V}^SySB?=`D@@AP+&?**Cf zwZ-$j$TP_IPK1V>NY1`-8-xOs2l5Z-LmXG!8MOUI^r5{>r4Ln6`p|^*p>i^BqwSLo zo zjN230bthJhjleGSM{;hi<6U?u3=DvyZNg^QghV|ad6YNd0Hhu>=BlsTl;8dX4ELD9 zHP&-1)iso&l6r}3F@J4h{z^>Seh+Zoamn8NeIC3SPH&=N8l$3lVpT&q#V*G*5X-vQ zg~YbMKXD2Pd;6*O@2g$y-`Yff;b_QF%)9bmCnNo^iP1eefF8HuqX3Vv0fol{=zH~e zopA>uZI%KDI?hRj6C!Jj|5ln^=y@vgq4E z+S^{KY8xacPK0e%8f)XoVzpM7Y(i%=Q2wL8YH_;NVcY}5fX@oie+94X4k;f$ioPpk zI`~#fY);}|X$B>+8C*=WECqy~SjY%Hu{?&*9D4vbLL_J97Dne=;s(+_yTd?~ztTVo zVgo5vvHV>A%!HrS&8ATl$40U4uhCHysH2!0zpZeU_VCU!MRK~SL)ojwv61$I+@c&` z%RFlvmnx%4AaV7>@o+6=&p)}!KlC(AF*Z!$RUYP2@&I(UDT8P8g9Ed`(ipSUxnWzr zsT9KV))oBKWVOrfu1;OfR=Ye`-*Jil_AmaJPxE_-_%tgQtMyUw0QGZ;>U~c?CYmT# z!X6#N3Scyc1c7++1Hbl0azgJhfHv@Mhr%6r!rrU4{T#P#ioQCe{C&APfAtIHB(Zx} zc3eH>sh21O!fdLr@NT-eoM@N6f^}Vo)Bo{iTGzbTx;EVsU00P{PMni~T`c%SaxS3} zySiJ*sz01+qqJO#IKcpfuPvEZax8y={pR#8^Eo8scNJy(9A(&jm`-xyTxB3Xlq-GU zAxVOgB(dm%WYCUzqp!=8pw?!h9*5&HZQBkPuyRA}C}Z>c$n{X5B+%pq-c_%1q+NdjsQIxkVrPq%ry`-Iu1yZRoSW2lsH$;v_B11({ns~G52~MY(sj-8We@{E> zY&8Q4r5&C?<_&{4=2H;2_}c$gm^J>mqEkHDB+SlwuXcZWO8>h!d#jmo1{wFJM-4J? z1j_7h4V~<*`SHW=Z8FH4?h$rjr>rk1o@#@ z*~||m%G>-PDzDN*4SDDJm*U>7LHttQqUVWa%4x0XaYkJqEl+lT6K}5;Kg~zdqV{Su z&Bgl-f687hc3Ut;!7JyDYH-@T8KJN4O4Q)T^x+hi+ybmHh28ySORim_fDrhcXP5NR z`;kQZY6sd?evGPrw3^>#&)n{s?2sqrIx_<<5!>y}fdrI_8)&CGqy;7?<&lL-@Jg9O z0YPraWpd|j#fzLtdCKG)v|Dj$L0;#~vR&GHJLJj5IFe7CnV)cIJ%{|45@+UCS2;Y0 z&dd*7cjK^5C!eleY@USUYrdYwM;<=y4rzWdj&cZ0zJycuaZP2z^>ocbneMJHp%EgK zPJ@bKw4(CZ_0iEU61y6GXZRPy!M_mTe~S3tD*c!31vuN?&deRIi7@vNgX|?7LED^j1<1}@jTV!i~uBYwt#d#k8Nl)A01=B=dkAwdm z80TKDT>JtYR7QE)N?d1;!L1E{Fhi4jgz^=LWZ~15oQ?2jfO0aDstfl~{))e{l;tS~ zT{unI@Gp!Ck&gWgj5K)KhAcQ2ddT=Xp@*s)jQHhiFCUA*m$UItnzH3(yvfeMyeD+m z=($|yx=`70p+WbuPM4>17htxMSK#Nc44r^^Q(S$6saKQNj-dQ|?J)ptMqHY%WG;>! z>1$jrXt|oeM{%QVt(Ji$uFGY6Ze_d91OUi~zef1m8~y@0cjt?+VeU2QQZN1XI7)7Hjg7> z{G6^v?){$g`Z}aL8!gpeSpo-AY()oc7+VjckXU>-=!L6W!Y6HY3< z7P7|UC#!d6uKRoEtb-_a2ll0jlA&kN+SADQ@$U=0Ts=+UdK(-hYqshsVsS3n5fUfx zoY1Q|k$j~foRpes)#6m)AqrILvqeN-S;XNJPfEKy`%=}2^q%(Ac{ezGHRKHE*?(L- zvR4>VqI3FIU<@s%GGUGDV#rNSxwr567B;qN*qYl3&p@V60uw>c$yi`^5d znCQz+v3u$ac8?$aKdN{C2Ul*WJbv@cz`bGE#B=GcHF|a=kxut%W7_|0n;n2*1W}#}3f%rE19ZN0Ya~;w+lU-FlQnM9~1|dVHj+9Dpes3ms$NN$_ zv1J5LAiQ}0% zB*iJ);KXz%Osb^6$@Lx0=^N2p=h`8f19rjskwY%QqngX$l;)T)cILBA$(9>lO&zaK zjdnb=>yD|vt%?2Fgm+4EEl2z_vtV0(P2DzOw;y)Z?HcO#DO5v?($r?$c9hzi(tmsu z&UZ+dVYVc0HT~LZ+RcqZRV|754GuXIr3~oa4&4W+`)_zDn_v}PA2`kLI|OSeZYk{) zyWsB*$(|d2GNJ#{SpRva?%y>!);Hh}fI5ahe%I$+b@~c*`T~)QD=0J(Y=j@fMTz)H zAOh&vgEkZYRxClA+V%S|I@fu2*=e$P7D9&yoo2<=>@fcb2)oNEI}-%z%T*1-jBlBDcwrQ^_o+1=7#?%N^V6A+M3z57>^cs@$!CnsGaf{-ewYmV{g)$CryK6SZR0mAHvoSm(wjO}? zi2lKn+&I)%NvBh4a9xBW;Q<~*Q~~^}vlIT60YrA=LR>*3eG3?bDg1hoAA5*{i|Y=` zOtmXq00;^&u>(vjDonOpf)+yd7`@)*y38pBoU+MD@EMzD#Qk<3@3-x)oepyY#u#wQ zlXKPXd1an+0$PRthWy7;Nz?OyL(0-DXgi7EiFyKI;oht&!!0%_q}YUigaQa|KZq0z+ww zk3ZX8l#CQ`MZVUA3X6lHJY%lq$fqDP{=)JitG=9t!GUT5 zEb^Oth>Y|u6MeR?M0P5_j`A~2co@@A0EzJdiILis2hvH6Y_wD?%DB|&o1X#5dq|7* zMG@hKcWi?{hFthedfeYv;^ojV8{PU|4$@iT{NW|WZo~KF z&{(G&9m~P1{5mz-TS)oAO3~gP+zrwn#|nhyLLSH=$`4rOJHHC|EAoTLc(p~hW*mB$&wpF^4F{yd}mqgd?pWKzOkZc?QLlo6WaT~Ct5KhP?N z*8f4xl$&VESXI__puXQ9!*}p|2NI&>6nEP(yz!1BM7f4ILR9yMgvjPS;5H&mwvWX- zcR}ej20Oh3hL$mgz0SW`OnEnyFBYRkS&LBM#&gM>#JIe>fn0_zIi^||#mnwxWOw*B zhi~w%rYHcw9MW9?8+VlZI;5Yivb#J%emo&m9irX)evuzrgL8vjw!RPKX`ya5 zz$JaQ#VokL@P1i-uf=@BNcTrj$skni=5gu;Z#r%S;@|&vn16N^JIy~jWjB7G>lCb? zqnZadJ?f7$2 zu26L$*)QBO7gi06{yI>oI-P2?;?D(nLRD`qhdCMMK!*k>&&Q5AL>dL3q3#VOt$4ooN=%Om00rBY^!X`waU(c%0)oWEW&ylbQVrnzbaUhT!VU;A6>GbP*{&P z;k0m7pJW5E4iVf|K*{}WH!`3urPT-Y}6 zLrRY`3KJJhg}q>F=CDpe6-H~H;4_>{rZcuChrCefQyFUP#gRDT`Cg;`*v+s4CA zsYO|GKS>#T$5xEKSm*vk9&ZBd>n%I8fp85wJs>%Okll~T3dU!{i=lAhffpC!i(GdO zn_rZf~`p;BBM9yvM^w0 zi4GH7txpv_ZKD?aCJN67?)^E`AKUajpa<+TEEgm7!g|9cKC!W)9ndWx)m7~OrlM|3 z#Zf@FI^z!a*RTN+(Cs77Nuz75=VUimrnl97WvDKC|3P^baxMm;SaFsU;#?@KAJ>iA zPFqmm@i&UHkK%k==7cRg6aJ_edC&vOsL9L^J>2~9mcM*2vL7Tl#azsI9(W$ zY`(*fM-5Y3l%LvBKy+^nZ&2gGMz)4tITkZR(Hc+Ic_DU=@kuMUt?hKNoWy@69sL(5 z@%xcY19gf1bizA&3^J73RlZYrpCrFK<~Kcm7lU6r~NGgK189R&%T6CHjY|{(h=JS|R53NcuifV)`@w%MsD!>aO0e z-RVY&6E8EAx*_q=6sEZ2{LQ9CwZfI{Lx89*7>q(QUYlYH*Q^Sd)B(U4&x1QmI``Z# zIz(0#(KV`TG$xxJZfl1B8#UWa;3q*_TPla8Z$wjYG{qqQn`4||Ae|!IUKGdRjGYbG zi>ASL?Nx;N>R|*uZVKW->%suvlFqrlL;kzYPwl=e}&6D?_%J)I_AkbV;3do;ry_7%m^? zcgBx)O*@aaCyo~7M)gBLYG2v~RG)Gt=Uj5zAQSu+iLWFo+k*!w+PHkQU`_{r z^seW7Vk^v7j?VXPf_bMTnYaJQ zDds&cZr=T>JIwp_d;VzNAD(*t1GM?q;ryr685sbB=Mn(2zas$rA`k$cye|#_9p{fZ zFfnE@$6L^5AorLulG(_Z1T1jJP{4*NLIQIAud_+ngta%EE2e|{ny zu-oV7GAO#q6b$5HI%D`l1l-evC zC_s6){?I=Tf)WLy?=fZ#vq;;dIufOnTkld~wL`Oi4_KxBu?Dv1vPSSD6t{b9`7K}P zo2-{|*8hevoiqclfn5U%Nc~FhM?;7HH0Of1IpmTW|;J*Y+uQ)89kNU+*|b$pg3aB?YPSPG82-Nl;GiU>!rj9}r2)nad+E z(&siZ8|x8zAVMOsPScv4p_*LSr5lWZxwjV#gFcQbk1>Fi@a^b?Z~#3qT=|xuA)oW1 zUzd-SFQdx)mDy_L&9@^eL|mr_GiW<vv^decx z2P=O7lCXFa&cm|#U$4CK3bZ2au?uhP6a%6Bz`j(gZ?s+7Ywb{$Z-)}=@O|Tj_4&Ol zpB%6bKWZu32B&yyFTJ$ulV)pCv)xmd;@O&Rf&U%mFWj$KTK#(0nNTIW*EnC+m6lrU z%^|!Ium_ZUOQ1P*yw6Z#9Uk~(e^KKwfY;@6&%nOHnQT;+U^fyMe-7X=BE^+5W2*&0 zH=W=nUulG5;1vfl2kY#!3>6N&AHX*wbl`a-0SC8P5mv+dlJjPS-o5o;1i&<6tO@B} zrs}re8{hVt5qcKhqAxZX1;L-r2DF{*k2p~gH?$HaPF^Y^S`3Z*7!EM{@9JiGQPKv-0dnO7hf% z_Yl2{Rd*(}{!Jq>n?=fl*J(NT7B=B|QtnRi&qty%e%r>8YHH7^Y}7oLVn<#Kw=ba#LuDAg0oqO<$&u0DjE**&>z_xX0e0a4)}j1DQ*aGHCksINzaH*G-ck)c zF>mS#0`=Gy0?4oHuO%2K{aznNN1+ zD&NdTZax~Z<`qh-=r(~cVzfy=TLQoIwM2qeX`$6BH3JWu2^9-P*;WQ0=II+GTXE1v zTE?PQs1Q(kNwy22PwDWH-KkSYTaE;EI+ISYeopr%v^{gn2( z-D2M6zEqT_7C7Wvpyy@+`otOrdQZ&GB>isFe;2-2)fY>@hvy{ducw*-ee&qDe(+h; zi?r$sQt#QyDDRhRz_R)E_yB)IAp}f#S$!jc|kvxRWQF|MQ@6I)tu%?W3-^~^lVd`5c zmO;1|##=a~eu*~Tm>)_hznM8W<)YO<9DXDoRur=i7fqMqGTVlKzX%rd$fEq&%Nbr% zrzgPcjYr52;XX^`WB1oqba>|Zk#FQwn61r9^_EgShwN^1IjyO;SmA%sCVeN{9JV6A z*KZLX_XF|Iunq;>$!udE8H{AVfCRPjJ{JA^k$S+!QSQ-#_a7%Xfeb|pB~RX_Buc3y z_S(5tsb1MOl4D(&522kMTjwRS3G5(SmSZb(ZD_FygrlL}mH`-e(jwnuDB5mm4VJhb za7fNJyy)Gkta#SQj#mLCebzxvJ%q&3hFcw=ai0tje^-O}2##uAbyt5KhXQEV06c@M zUjfyNwnNpGQ2PXIgzA7*A3`5Lj0xc&4@YNss`@XDAaax&&cPCSYWgVFEZBrB9}TUT<{FYQs!ZzH{!-18MiU)3p6OR#hT} zp3B@#c)$nVTfPPzKVS$*xi-yA@X7#D#0@KLYbIp?n(JJ#22UOl*HxZ{Z93OH9`@Th z9`^G8*?5;!6QP)VeTX{zpUL^}Es%?CgWdDkkJr`}E@Y=>E)muE@XIMNZ4Z_kRh?&T=s}2&E`N%Qr zs9path^m-VvPJMtBI9kV6t4JI-}e0(fyUaAZ1H*%AXe0}CFXe7UFbdyjuls`!cUm90GD<8lQRl>u7 zA6ccN*5UinW6@_bD9=7iGGTQX@0a{`{WjTYDDnT0R+9IP(|o){SRbV1kAkhy()zw$ zur^waKZ>%qLemAoUY-jyqFi}j-DuCjUwu7%iyKVvVwCpKV+6<0BPuwRe0^(EwJp_- z2^|-r}X3%fJo<_8Fli`c`krY`||B+;8bra2MIIrXA7L zW(W^W1hV-V1~Nt_A|PX;8~?XyXUs@-NiZ56DzCx7Hn zpWo3!m6r-tU!rk=@wkKu(_lSe>p9LzSQB`uf2f7ZxE4mowUDm0Fe$Nx^iVgnlc{!QKr1-UdE=zUe8busU6a-t z1#czWi~Tk!TNlSgp&4TpQ_D4+AtNLDRy_bWfJ~ePV}Z3Z<~6Rp(f#Jybe9DNxFBwT zPwQd>Ox0R`-IFlD)bJf>rqIt)uhWNnSv>960n=`+6VTN<;2M$8H+_Fs;`jRSNIGGL zhrv81OjGBPqSY=*tep}~goNuA7uMJbX9xHn*gj>_QFL;KuA@^{VthdH)bRt2GeTLf zrt7+jSJzh!K8O0^Jc_K@ISa=BrG7uPzM$1lkB^M^f2_};_Wtlb4`hH?N=4;dDTAb_ zft*nBkVW!?Y&qu)x^UGgi~n*kk~BVSESna3K-qAuih(x3Uyv8#+TU57tbL=_{t&JG z;>7l0J`P`xqN9`_F)L|)M8N7^^gcYIi~NZ_4z=U^QI~X;UvU?`50C2nzN3#S<}BLo zy44|lYyfURk-tSxww=;0CHq@;Hko3_z*aq#x5&ZeGP^v{=s6aFJwj=>Y92#poq%29 zIM!!z;O8%0gDJ$e^37wI^H!;bKlWg$F?u}i;J*3?{&;)`HcO4n3bHI_U~yfHBNzf= zEeHupI`m+ZTI_ftfsH3hoQv>0v}YS&mFh5N)|EJz9?G#tVaUPpd_yk_%9ljYE{TTE z?cipYa9?f*B$V{zUZ;AIq28&#mg%}TnL-++ZdfCgobN~@UF4@C_rdVbo&E3FKNwR% zoqq4J2&eN}08d4cwMMsy-i+ly)x7(7IqsnJP(2lrQ>DR}-H%to@TigF`0z?tH*(fO zzj7_S2p3{Ig_z${Z6{xC=fApWJIcNl2pL``a#&B6ajuJax#-={TRD&X?cKd87ocIc5bvBStq65}c-IbZe$ zc*~Z&wFb8UARfLJ&cji^-=50tQ!$Mafa4~3pv$LpxioLB(e(uduAMb4TPg3B8g;4) zmXfs;R?)j^WA+01Q{&^)Mpc6{(UK+-;H9Z8l2ZW*{J-PMIRre(ZlM&JK zyG3~t-dUwz!yk3hC&r&87(r1Hpc;;6Af0A4%ng}*Q}mvee{QuJS!o?hAT3y((%_MO zgbU`m!rT{f>Fp zvq@pQl0tE|T(>!VZh-T`3{Bs4NLl*?-^^W4T|3a!jRL){Gtw8u41;#X-;IJ*d>B5n z=*#dKmfDBoW9-KP9>2}LFv5ToqhxmzX)1p_MgBM~HlxP!iduo7mfz<}txuu*ue&); z_8edtRwTrzbs-IMGa%SQ)ub#o;~~|7tg%U%#OQS<)(|P~3E;a#)p{cbwMjIu+=>jk z*MnNhNQp2(r+hM5<)zaT_(p>MeWrS+j4N)#r9!H1r_(0BnF-c2m24Egr!Iy^L7c|cTj7%-j4!jU|)t5 z^!%_`%>1~@U;d7`LBmT_%^cY$27XKvJx5bEk(elq-3uK4ox>=%I-Bt>@;}`$MrB{Y zb2F(l{0KJ6zqrhxoOFzhNs3c%c+x?Sq`C~9cXV{nky~J4wmL+ve6)oFu_E+Gyhb6IghTN8kO~4 zmHy7adC<0-8=sFU32i`0=mybqKhT5e>J1pvf%~fry3MRm1cE_0xd#Q4vB#;%7EcUn z2sD^Mz)h6!E+=;1&Nueqvq7kxw_t#d!|vvP%jqT74~e>XL0F>m_mRi?jw1ylTMffzLbGeG4d^8*JmfTPOF#~5e6 z|r| zh(oO74o0loINiLME0t%1K*r{@>^mQR0Iv`)z>4w&qjI)Gm77u#N=Bh-Kjqe&0J76n z*~(}=%1+~0b{faB6I9a+-Yuwms)K(vS>ipHVra@SdM2DhhpQH)Zo)yfM=9%c-<&8f zSt;x`Z&YnjUFSLEi_s4v&w`?xfenUmEm50qs3+#yQI1^~ zNx^ejF2})OL6$1QYMj8;&?V*vjqA;&QjGUTAn9$36VQqxaLVc8epfqHThR;u3y>O6 z?yIU+T?XH*QF+jIRsVy9UlHZR(nEyfwhT{Oo)$j*T%qcjxVm$f$Cwn>^ojKq?X7}m z2d$sr^(E#Yikr?u8f+;YHMe#KwT79yTdczRbiDo$*6*@a`CWod*zC8O>s+Sr7@)(~ zdXDB{w32h(=T#HhC_bKu_mX({C3Lt6S8G7>cODhCH=Z4rMLVYSGc;D)GGIg~R4EJ9 zuBs~7Bp}27-cwJ~fBjX;@${oKjrA(%T-N~DFz7G6ylff0d@>5H--RW+(Fcl14D|#Q zCT~Z@QN2)gKE`=4|8(!L3BIfskjeYBTQjx91<%4LZw~K8?|$xA#oNqNzRhq z-Q_)y=LD4Eb$WNd@Fg27SrAbctDJLzo`X3Aek>L%cT}ivZ}i3_rK_>V22N~z5=OTZ zrjr){21R0!?zkSx>Vf`M1%R?q85+nznfreF*^)tYqF(T#7WhcLPS-35-j)39AEFby zFVJ(v<#?I&9|{)9>OUBEQI873z(yR^2UR@gti8_0ag&KJ~RX`g&me z>$~W+>o%z+pyXg#3>sJQt4a8(XX2}3esv+f%1C@Qh+p;he7~6auF}1#v(yxqrlkvg zW?#xzG{0+oCdjU41@%+i`*+q)CFnEi1a7}nJr`>65Rx~Us+^(sJc z&tj9#RSxej!S~(b-dpB#4NmlrbL;*Q5E8ShtSX?$s z)Sg^VGl|!TCec^zlow7H4)Op9c6vg?Y@F6lcPcqQ5^ zd)iYmj9?0UYf|ocBoc|L`8w)jNxwHEbRs8#(5pTCt7KuWum!yhqZop||b0d(`W z(xrePw#40!VR{^px1d>b{le4W8MahyI^qd}N;&Z$Y0UP7vq(e^r%}3?xb*I^_w;`Vx5#?37DGM26AB~wGOFnopwgWO_#m3qgI~GQ*gEb; z>=6Z|)trFH;Tsb;AKM%D#(Fd|KPT^wr=V@f) zCir^lRkN|9Fczn@Pciav(2j0U8fH7jv@#+_4o5}qYlv^TFhpO^{yOEWA7GW9i;o{r z7p~#+EDkWx_2p^fZF1(zr;FQaMptb<7rW!iU<9!^C3AuhQj$^ZSzNibo zu4&^td5a}EA8Ce@J8e?EUHX&)D(zBM)~FGEmvZb#%+_S0oNSV<4b%Qokk?1asa}ug zTOeKc{F=rwE#Nb@g&kigYKGgqK#`o^{+h2gOg{A6G$Z=b{euvxUU>_VYL7)~QO16c z(Z%&_F^gzp3H)rbc)l0VXkfuTqA$$>-(11we3wP`K_j_P5Vk?TdC^ftavp*n)nR#W z#c*@+&A<^f?e~2hn(^3nh#B(hSg|mJH8C5*-##vU23vm+)MZDeB5FK)g70`691GCE%Kx5%irx@}taDWQ;>pWiN z%+(al+ZyxVPB`y%yg$GbjWYJK=>37g@Tcz&ej0qr`vWZrE%nemMs*#L<{JK7>otQr zW_?U@KXGQO#bk2l(C(SlOZ7%H98QVzMywxwFmkH=tZ_267O0Ml_l$mGQSQ->S$eD7 z%_{k=!yDY^+GydSKZksUkvoL*8Iqb8$7uRApwsEH#V}&5AzA*yxVuD3)_yjrfOe97 zx16e+$%@}>d7MEiHOS*kp5|YqQd5#!rlj|iQGP==e-DC)wble&18^ zCdZq!t3CEH03@wEhDP(kQY1`P-vjy$Y@BvfIRjxRji>9fE2JTo&06%(nbJ1|0E|lO zL?O6dNx$Q0q~36uE^I}#hdQH?`ZivQEo>FXkosiFEy%!!#)7mbRk1xX5UnBq;Qli) zU$;=@VKFxj^==u(sCO>sKPLQ!ooAIZ5Lw>gWYHJN;|bj3Rd9z(PObiHISnQ-u(cGh zFN9#%f2-I;(H2-g9)) zgIiSn_HTL$Kr~d&z=mIj9k<8?9A_QEwu#?mur`g4SmmeU$ML!pRBc67u<=1DNuYG! z0}L8iiDJE%?MZL!f#En+Tp@JGBU1+ScPM!W`M^T7K!uz9ex&g)`8jDdHN? zI-aqF7kBo-6q0bxEj}1iStRb~j`C#Dm$V{hM|G>7OW{Cw1kbiLIm|PS!g?KJC${MwKH9{V9cwwWdI1%`9?)L#1=Tp!#WbA1TU(6JeQ{kkJQHuZ8v{r8T6^c zw=i9kr>v4<7v89cgEe4oXn0^(NDn=x-5&U_Rj;@QkuPOV@m}=Uqt-`q>+ZRpttmJ} z98-a6U5R5O)5`b(lA=ZZ_?O5@`uGC)*dBRboRwiWzb`yej)Ws0`nf!-ziyLWn+;u2 zzDu9zU1^)h2CV56qFOS4&9MegTdqs+wDogmvy0{ky?Ou&oz51`x9q{m^~BC5L1%ox zPu$>YU8dvaq?t@@cMfof71o|HX=cal<1MZPm`ozKYX8r^~3yd*Hq4}** zPSi0Te=-|Y$E*~)r>&dt$mc|R#{#mNtiCJiEvRyQC_u)6>qWiIHyMhKLecA7RF-1% zT?0kOpy+8Xnx1O$-CJK$aT1EENx3uE;9CR*k=A(+!0R;M1N`GIs602_qP@ETe$LFW z_#VvX-;?0?9HYgzkbjoI&+<%*Z!!NY@?}42@nui0JUSLFX*Wy(Cb6aE1jd;e+dkfx z_2_tC_5@31-M3ieIr`hZXxt`#5k-#kPpHU|XoFZPte>KbjQ0(kVD)9KFZE?X8v$%~ zobST*7T-WuFjqcax_ zunFt^Hobqm&ro5h@aN%AsM})G*IO#L{(@tyIC>3W(wCnP(oK{NO}?s2@5ms89{vT2 z<2lRL5{m7%O0N7u_`d*y$2p`a`6U>H2kNCmJtb?emQx#!(V@W!zJFcdKYK3o`ezA` z97wkQA9r5=cRR2D%bnMM6|MhtL$tul2$7~OdO0j=y4AM;nmE}y?>5AU3>&<(;LB@q z$&EJOU*YHR)_D#@kW7bki_Qi^hO!f_^NO(yr1M+aVrBVQ);;z++c)rOt8e7>mdf`T z8%{7bT>4oQ8}g5-*pL{F?bh82#;m=4`^^^pu5l{HS@nA>>(-qIf{!ozdccw`<9&}z zL@WRzc^%=-7QFB)_5JPo7K$h1ZX?_o?Wzn?f$yTam-^@!XL~@XhSWavzkM=3PMc z=Jki2zEU{P*iZxj?7l-MSSsF!c28t3xWgXtJIpqn`-gBkPz<~D8*CUv#)@Nzi<3Sj zTx^8L7vND8tSx|VqC>hlzXZ{+*ovMH==flzNQO{U24Fq>2_T~9i+DtQ9<7EWei%^r znN!(2#)*Vi7DdlH*~#psQj?xYj`vD(-of}Tc!Q@G)j*pa^h=57l}ltx_SzKpKs3>u zH91QR>`ze-Et9?@;ZZKlrXgY{YxVA)X#e$AiZ(#_br#g?MwJ0c4B^cOSY#O&PZ2e!zui@HPdg+Z16OsU>H}7%qo~t06dZ~5qe_v(<3Tk?Y?k9pt+NL@7-N~vDAowr;TH- z6MSgUKL&#w&C82BV5BBy+6vDqY7PIj)smg!9!e3_GNm94Rt-pzvw_{`^Fij69>@w` zmb{@`J6@Z0Mr!43AwhxKmA!Q3(c|&+PlfrX!2CNhfQ0+xxFgvLK0L(jzuo8X{<}uo zf94j~TzQ(2GN}ZV|L~dYR&f@YYzj4xkxzJEQEGF@Lp<$9;n6y$)Z`rA2y7+KB0LJG z^+wlxX@^s4bV_?d@5EmjB$@UFJ=F^XExaAbQPDT>J@WMM88$k7S(|_i$Kl&J!DKie{&Add8YlEJ zTmb(#E-=|W^?4w~x%Y|Yk6l9|bw%5?`ZhV+Xp^!tBRlXm!gEx=;2@kdpcBXdVR;bM?aL4hZe=q@vc)gS3~nS}MOKI0UT2_gvu{h_}tU z3BK$nC;1FdAt09H{EKk@MKu5OasKDW=5IG|h4}+nkDfQ=tQ4D+rHgDAJ${3y9p^vZ zC{N1v>@#Fe%$7=xa7c!;I_mdZg_Zt}CdtwLKiNpC9Dv~BtRg>#&rhR_xk>Xy#px4f zS+W2eiv~eumAFgL863q{`hixk_wsz&rsr#>y(}_o!Ak0sIdAi3J%_FcGlJu@NRM+k z{QCcX*SflE(HWEF3&HpS7C5n9!IQR`8y>uj1_e)xFN~*uc(5J@b1Rh{6~{$6rBt3$ zaoiqhu$gzczAf_G%sV`d5l=((UL@{51fh+3vXy>omEYahR;2xeha-FX0|$UFU>qjk z0oLJufui1_>g)qVeey#uvV<(=;!MwsH>pQ~z(~ z*U_FHX!sqlYot#C;WYDKjEl!vq|bd1=;`dFbUUgEBChe`tWu+S>w|+(9~Rh`BBu6~ z_71Oe_zWuz6f08684d^jMMkT1*t35KqY3>h?XrB*EXq*bnrT=Ohs05M&mx=oMJ9)= zhy8eOmJLz7gse$j$~vo5XFWZ8Iidrs z_~P#2BIM+__yxrB&yDFX{LJnLTY%j|9gHsme0A~ncwO!Zn2L6X9-|XVFO1lDuaV&F z5C1g|#+A+ZhXK1A0UOu;uVVqej}m<0Y09H2eCv!(bK|Mt+hAe%mUcHhtid-rBDBq2 zSqJ}E8>L=}ceow#1F!ON+&$qd81`JXwp3TSpYg*FzytgvwuB#OG?(;#EFq^7CI$$xOLEbdc63}s74%nB0#eUT zJ8HakNr#nZTG=ivz;}{RBC92DAnM3h8_kCoXIg!wEU~E+Z*J4;U zrxYk@t=GHqO69D|QaSq}ThR{7>2^M#cewQEC z*bh7MkR=dG0rZD;8DbCYgC=$(dSvw?bm=`?xO*=k(4N`Cmrd~Z11Mdb)eD~X;?uz1 zfd3|^d6)YGySYX1qSAo0b{+B$Cg8KmYl9Z!sn1g=r+IfT8XRNK99LCMbHM!hZsN}) z=z=AIJ1ZZ(#;kb+sh!h ziP1yPeMY?-h-NR(rFwTJ{x<14Y^H?s7oJ<(xxgMQW|P|l?eP

HL2>-bPWpv71CW?cU~mHE-jsh!axUO;{k6PFE8)7D^L~gQX%zNocWq{AHB+ z6HUIFTx0|`T9iwtYnD=GN`p9Cq`ZwI!_k8trwdI)nYDU0X)tm4qd&UuRP!^6ai&S1 zJl;pk&p3eMrQFjoKjU4d^~DFMZ+9&&;KyLB8C6z-x7%=CYz5_1jO#Q z?8X_PpMOcJpG>f!#DHX!&nHva0@bBpxQASt=k;$POJ>+=Ta-@}vUA$m1!%{(C@4q0;&j zmMkbtv}OD7)c2FQ9ex+Y|32mZo`c9WZ&1Sie)=nIe{bOZ{qR?`zh}nwcS*3cEVjR= zZ%9|SMcdry{+^k*zn54$?eA`#_jkjIlmCnTT^6@-eqA2j-^dS@@9*rmzh@@d-^w^O z39B}d#q-qtJv*%K?-^lre^23uJY_;y-RNV(>P9#7L$OjAj^FX~PCFP$vftx}J$iX` zztgbKyYtWO_c(uY%8-gq7&dkYYJ)>mTV*;L`A)1)@DxAQ{wD9{vqaA#lg^c=G=*`S z)BHce$94);NBjC55IwaFnRyBJmj9Fe9alduu71Iv*-z?#IgTg}`zju`1ODXdTsGy3 zHd54F%=DRm3>W1^xym|9INXjZhp8=eMcxa&ifMhVR8W47g*b4WlR~$6YudrbPDbMF zOQ?&ZM-c61lSPWVo{FCMQ7amQ{Myx%vUR#L#$dJ`_j80|_fnm|Vja_2!0jIyLxF@I zq41XSqCC76KSwzciVpd?U)X~28md6U&Qp9`DA}m+`hqP?*S-|0rlP)UGkuO0U&<`5 zS$!IRZXz6>_zMnVF2_Zc(lM*bphS&je0+d+(Z2e$BWYd52cY*K97{_cf1t;k@6r1Y zy83uhb)4!e-BZ_yR44s?o%^a0nKG~*Tl@)0F zFWG%MTJ)h}`3Evj`q+Wim7kNMTXOSx!g2{mL!yN|a6L zj?wK*vbD;k+*R$$2zZ0Jt3F5TJ&taiD#~Imesvyx#U90?QSR?Krgx9R&5CKWV1xIv zOH(Pd)R`K|>1&tjl_%F3b*L+C31^W}LilWoav;G`eQLQ%C(!B?q;Fq^y6K^)Bv+L5 z9L5YGo+1tA7*UBA?g{7V%Acy^;z8n(qWUCe33G0y_-8`K2It*(2}*UCPtFLeB=+Hr6Lc6>i~?7k2>{ggs3 zzY!n@u`%dc$<6@cC@1R)AM7dW+u1PydS5uOGeRLMO>8Aps@ztshSE!JKgRb@d+G-1 zJniWVhHgan1L64{_x7g{I=i4;lnnuR-08ia+O z{`Nn3KdP(#?WP%_!8dgzNXhKy$b3$@2{j4YLE&X+JXWlE??5&u}d- zPL6~?^<||1U`-~6+#_%)3W7&1u}d&}WM5}V^%VLm^zpEdJQ6@ID0us2pzxD+`BKd< zCRHVD6|)Sw*3xtIg0~4IGUdkejzvH`D<{=M9aazuh?{4luz1xwXgHO6Z!Q`@4Gdpd zF>z!C`L}cVJOvBjovRqwa=u(T5(6KWNE1f_Wfnd673a~XT!X{$3ML(U57@WZQ%iQ z!1pXPMBGEdc|_X6>DYeJc4=Y(UZ551G4iI(EFGzJdX?JgPbaw3Vc6-S5om*N5!M@} ziG`k{de<57T&54~H)igTrWJDS{Se14)PT179o!@3hT|%qGG6R#4+DkKuC&ytdthi1diF)NT-R$YtqqWc(JG@)uD{D4kVaA@<|*)G*5 zU|_{a2$>|t>pi3t--tt~!)R3R>C$0}I-DY&Y|E588c)(3r;-!>#4>rRPAP9ZNt5Ip zG_H}d(Yt+7DSAu@>rr!F;75czFV`fA6y!i14$LB7tK$#~4SE?ZVXh-;t z&mD#ppc$?sRNaA8pctt9EINuzGAUnt%oOHwirABwPZr)wdzH_ihNsxz%8qQMFJ6S- z=B*Fz3uRFoW#}U!c)Q^N<|xf99l58nImk1^(B+svDwDlZmr`-NB78)D;mGWU_At2u z6khQ$8Pz^`zG^w!4&6_q*BH1Agkoj2jl{0O5elv~0Ny#JlQ5c3@aNMFCnK;+!-N<$ z@PnvR_tKF)ke1PIO|w>LZkHPC^Im7r$rDEw`Kz`IPx`yG=8v;y0!heFqH^pnHUP)g z*I|UfOi>tHmn5EEg1vh}d^^PsXJqKRHIU*m7Ws*^jA#w$-RD@O28*XT#j;D08jds; z?S8og=ncDlxQ0~M5dj|Fs2)TDA%kb1p0pPDvo&CJb+5%e*jieg;ociPuzdK3=X*5X zR(`uaLcS0H#9ObA9%7%p4%LjcgYdw*-IW>V&U#3B=m@>j^E>p3QtnPD+9k?Yi+G;M z!sBtlqX&#Lfrv9%YfB2uL^dH_WRK2TL)w{$8%RIQDVaX*!PGH512O z_J`vhlVsdRY@)ctHAri1jjOjhz}T?+;jnqULTtRQ)J~)AV!Y)Y#ybbcJN z%3KUVcol;1{1^z4i`k0&F*X)(4YpMKX)M;^aoww|EP;#R2vUlY@1GdGgAw3J#3-F& zGeR85xKj;8sG=y=vB5;yXo|Z(Ad36!5aLJ&CX1_OaD6IYQ3x#Pqso0KKe^urG2s3S zOWf~?(k@Z@oKATbqP@xuqysJ=fQDIh%00iZq}skEYM>>>r$iv~5uH3cFLz?&iSdFd zG=gbHX#QwTFA=9d-uD*jSHEoTLjT(1AM5e`rmo)SRMPv~zw7Gz0KI>p%kR1U5nX&Q z?SLi*Q;D-XXH47Xg>3JopFcYeNu~6 z(ibI?J4jGLMy(WYBj&Gaex^$e;d?r^`~Icqs&@~R-EX881JpVu#I>QqMDC|NcPWLI zxR_PhS4Tg6Wi*~;?#=RN2kn{Fpi9v@60D55bk67P$m`C^mB$B2iw>rBmXRC#?X zNJXvXIp!9;x)G$q+92NEs(G4q;r~e&*rde2jjAT_lf?UG@;LoK+NI2VSdCeX(MaGJ z9*jlg5arYGHhD0#Ws&L=;&WKdtr(bNk91fWvh^ef<~XX{Y$oV6Ckf2a*&er({tN~` zQ~KP_KzOQ_;q$WErgu0gCc(U~|x45RlV7;xbT;DW0 z|15^LR=M0{i3GzyG{a`A{D6tuxEWuKDmMww_$}sE;aLpN+7I(X(c4mtt0tNv_3+O9 zlbFm<>5u&VC`PnUHJWzF$2MsjUQftoyYvx`?EL_AZ*I0q-wKWPB36!}VRQZ$dl| zC&u##M&o(F3Hz!?cr)EV=kYIHKtnD7O5^UO?3t3LV?zYhGhObftbB>Jc>lc+Z4uJ( z!@s~FXHr;|qZqB%!yy31VOv*XzCyP{lr9L5PY${TD(GhX_ar71ed*0Xl=ts?fMj?e zHjyTdy1+$-{X3r>WmA;+fZ{*;Q^bxTY!6XZ$`3@!yMw_ylwn(t zlT)BE*G+7&=Q$a1T@C-9bYI7tbk{b#S5uSRTxFE5FoZ8bHth)*k(^2a=@Tcc^xmbg z(ijAVGoMK<79ea>->2~3Je8FRZXogmqgA@c5Dx#3;seQS{v3B7WLwaiu5+%0LZgJPRi5dRMOvq-p`0vb5Hl1WM}xPeu-f zE6UgB;_W^PAQ8$gp(+?)$#%aLrTRw#9 z6#xd-CfMI4ZNg^`>6k-aI5RxD=*tkMhl@p`I1oS8`RY_tV5(5FA_ZX)&VT`mg6$i; zAa&r5RWK;=#O)k@?ph91x^5$xy%YqwbS@b!&zO#(6L3Z?uNn}__~@=TP!Jt>e7L~? zXQcx;FQH~KWxgW79jWK*rSHjC;B@^a^%^{+JfBWR65eJ#!pUO(#{HEj&zQ-PIxpTt`av9C_f4ce z6drkw#^Ibv20lvmCb|f5NIyEIX65q~PM32bsd&rT#F`A4Fp_QY0bKp@BMq)z8d8kE zFi-HJ?QJr{08Le2(FDj=(nY22YNczT5+_UweWqSuE0@3msAU1I?AvVyowPMsOIiZo zUeFRunC>@xJ)VDi5IOU7-vcD|mSo>)>}$^#h6kK(@>kNDjODDrz~=u67!G?b z&;6{r!pgTBioUdK=} zfOW8Qi1&rvB9UJ$!rd9OEy7)sOtXc%rs`%3E?W!yvun2SW!-Gy3;&o%1lULshX9*U zOS}J{#O{luG9BBsMSq8~ufP~hE#bW%Cdt2<5GMr)F`h)4Rh2285RJ+$m3SmkHZSHQ z==w~R7IG}LtynhCbPQ!{K4PJ)OVN$tj8Wvbnu`Rlk$;-#$1(L1=shul_k4Z|xU&}_ zFsfVJ;YX<2&4Iy;cxPaf&|=Py(nOEne~PI2=}~F>Dn~z6gNdu*@{2M#93y@TXoH`9 z{@YKQll9~N@O=(xEAnmQJ11jm=S8!MA_@B2J#ZRGe~0J_B?9m(4RqmWXPmRGs`|b8MVeMPkv#L)Sfm-ra(J!?~Fr}lL;tIri>?zJ3hWMKBC=* zTxVxiIF3PKmjGOcVuzN{Xe4fz2*=Q32AXoejUQdYP1#tC>d#HM-z)NWPKeUsyi=}b zr1;p0_DYzmRk?ppB%+CjzpK2iwCAyC+Dh~at7C-~-B&)z{w_QCq8rZMPJ@GkW)~Xy z)iUP7M$E${`lkAo@xactaB8acjYtml0Q>@7Ttmu1BX;bXi)Mb&&yDoC>sll`Gs&9p z`_bui(R7mjmgeI0OT(8YTg&n;3EpgVMlbJX^Vk(lk!Z-IE>^qid@3>RjI!r!I*Rtv zvZ^S>-_rPFNmXE1k%^#sxX%6d6#9_P?cc}kpAl`pX@8p5A+@Un_jl?r7hdFQ9sUr@ zG1U3|g8fBuDu(52!tJOYr+t{Ob6u(in0;z6rshbyfKUbV3il{@As^#-1in0pv;p^W zB&TIqek=@a+`%T%o<5S3i}lhrevq#Qxw+#SgYFODtp(OX?+qoZHYG_n9sfS}58fC4!TaJrcwcg=_eK87_P@jXMdw<5QV8P+R<@_X z?*$V8;IrU(HE~v!WY=%M%z_~ed))K-AYEt`NIjnR;ftnOefG~So_6Pg+u+sDZ*;7@ z{57b2YYN6!lWwMXA?>Nc(k+}O`N%qomRPMtOYHGI)*eMoX9!hzKu70y@3<7K-lG`b z4oX2knny@H9Kq$Qu{@2RUHIItk3Apc=aKllkDrbB{8`-dc7D#r=l9~C-;8_afTcaw zz6#GzlK;;d8pA)iJP+$s@^d2s$j#3e;`6QiybYgc@bg@Jp3KiB_-u=NHuLi%*ycHL z?VQff4OpJT&oAI}X51J~5NLZ`htG#}F*tk|SH6dz4cO*Kx>!3bF!uNx&hc$sY`$zA z+2cce=Ai05KE?Vg;@bD}^Kz&Yeh?ncgTnB=@Nf;5AaXp34>zi75r&gNkE^j{5rl;>v8(&C+6&l(|G+EIOm>XF+dYAN(c?eiI@4mF{F6J~X127r2E%h3Js)?S z1lV=H{4s17OHT{#xHm(+_2f71%x;STZf;_p|Bw!;DB#r_#&1#2O5 zP+yu&%LWN_ul-Gova^?*`f^n{=|q^xQZF+4AeFut8TLi*d|d|(e@wsMdq!y4k3U8J z@V=MElXHsk?0Fx@b8W(S?o2wK@qaL$NQlN08Fted`MTxHyXH?y8f+WU2kgfO?5C{^ ze#oWpZhT%xg51UTFT(c}yx$W9wpedcc@3UFPZ7-gl<|*IL2;>kjnN^`15x7sT!(xc zbUC>ICBlnggbv?q9Ih2kqF6K(2ThSPQNMT#R*?2Nq{B9;O}UzW-IbR_6__NSq1wmp zNeGgO)Cc~q!{5PD5<_AjPx8GdP^_div0rG^!$$hiQrn;|CfYLszweHQ&>gS&qxzqX z)8Pb_f?-K3=MH4mOr|JT;N1xUQeI)iNP-w+r1Gd`tNZj6**RU5r_Qv>Q|CD38FS?s9=;kzara3zFF!)x-?-_;;|`$P`gd7fcy~X_86kRh@^%S-mPuDI|>sEB%}( z0Ki!}ePHx)4m?uWz9xZGmpxH(tyeDXg$WE*qU0H3sSdMfIZ0K486p|<=?F8=#ou>t4(UJ3qKSwKI$h18mFE{sa?oUg}t$e6X< z=WLXYiqa7{_bAt0j%epCq}YDG0yJUT3t#5JmrCOos3i2xq)Z2`ZliJ@Vucj6$}6WE zFl@5jGdf=Bk*$UYAZJWbqcx5=s zIrIY&;`Z<1_sqWP?+1y({c|H(IIr7?BrcEgDg6kwn$=pqob*lHa?fMf8$(d8sG$7E zC+wd0MT9jJl77r7DUqDfJ@R1;L%0E0z*KHvMg-$M_0!tjxsi+4ABEzIfzd&JZ^+bb z$Q=~@{W<)0$UW^osTRJqR|XVpLOX$timDpO#Ve;ka|$e12H}Su7O^3u$H-<|x?_5oe`CD9%B_f7(0s`N zY`&KE`F`cyZ-0u|W!&7r>I)E6p8HHim2N4N*d5;%;@FE(`|t?V$0&}is7jR9&4tFC zfUoOR>EJvK`_R%*TCEHqouepM;}atETCAw|E3e|T5D&f6X_0$+HZ-AcuRBZjngGsH zCH{or>M}6^3ZD0Fl>weQMmNA;-rR?k!&r=4mB8HBIjhvDe82yvh=z=8$pO6AegK18 z2T@t+NymMDu|2q?WeC$Dcx;2m2<7crG95=NEuomLyA*grnhRBO^VBNAC3$(#4-2$X z-;z1_p|55wjM7rEdF=qoL1zuXAR6sptt1lCqo(a#hh57zpEyCg@bGY?#wMpUX z?G~X|O*NOUrc%9*YKmMoUG0&|3c0LA8wD&?E~1xIY04uIihxkcgl98#7I+1GwWmd@ zY&;zmb15!220fjOFd5Sghb}dpPKb}Fje)6MFx(Jj7H3?#HVx>c4_8RpQ^ug{4*Oe8rY<}#@wL-eiOZnYqOjx+c_nUsr~D}KC5iH$ zOvx`GSxI@LPTQs>`Sjh~{Lb4HHH*qhJs=11Uql3s5l<~ETbqB1IONMLfV`9kTk;}8 zsa~fu)0u33zS{_kwRE|**A5YRsdq@PmEeS*A)3zG5wk-BHSmt%8bd5xbOb2a!WXwMHGUtOXW6UBxuC~=avzNu(84)@Oe?5Fr5g`*3qc|P8OcEWv`@`Y{c-(3F7Y;Co=EHiql zjBYj4iZ5M#$u#?@GOI^4x#ygnF%e05`oBj0Vmb0qx?jXmW1zxz`NwQ+) zHWW+~PB3godzrSiasOQnGr;L9G_;cl@HhbG&O3rjJnSE+1(mxk(6+4``dRI*kZ@X3fz zMtsV`r!45h;4p7@?+Q-^sHl?(&rn&-UGDs$Pdr!3v5eqT|9~g|>tp5YO(ANg=ee;4%GFX3!(lKeRl9oHrIJDn)P{0mNioKpfFet@$O0mL zWn&6TqQB6Tn^JhyeAUQ^5cLLB)DFa>y2~i0tv(I2s)=dSPowyhHc3&wJ0la3IW*}Q zU3P!*E`|h8o3>?;ZsSG3MwJ%7&Dk1n*mY;@yq-yw6UwIm> ztY-sO(YZ6~D+djv#od57BUd7708&7$zZA7v_>vN6IEJmR*g$nG5*fC9sB(rq%KHt> z8O8x;P!Gp+PtyQm3Y49a8<7DM}JoHpLO(Sg>ex5F%6;*nz`nhLHq&ysgR~aTSgG# zSu!|^EV^-grY>e7d0p4{UCDBS62sU|BF;{=S>>BE@Ibn%wm+vAK11}}Z_>F=6Fqf+ z#7owp83yq2GfCMK$=QBlDA1qH{{Dy-gGJvee1dwl9qRo9>&dJ9gZ@;j_j2vpKUdqv zwb%W*+Wolpn$$m4J9M1pw>DLq-`doq^9vlOR;&M9tB-N3%cHF>Pu}Y7+$u}XyE)0K zLw*=>3-|9xJH}IU4Fi7JxfeLFMRLxLYrwOSY(ibb#L7Ch3+U9}v18Hd(2b(|v)ybx z7T*o!`-N#$*0t!8cJnw_U;e+I)>Uy0{E2Dh$EyF2ruEa&_-_7iTJK?X-{v(`eY0_} zwz&9|1PN-W^%_#_%Bzs_DYJ@E>0VPFS5#I^Ds82hsBsN*m{khkx-x8=F|Mcyi+U#% zp)jdLwo(!8Jhjb{{kvgNZCp`*E?O5?l&;q5A1nGbx108ilIi0#rp=6=5%lkSR(*vM z?tBu5N$!1s#;|#L@`}z_#VdKRYf(9pK7jgPgU=fWc8ir( znWvn`QHe*GSwH(m3F(-qC6Zn(hP12Qw2H&_-au1sBFP+)bU{^X&BYt zzQqH%yTu_dY;(xB0Fygtk;j|t=54NX(I4L~mzLXwH?{$%&&Wm2BGgs5# ztCP2S7qwbLV^#6*-oAte%VR}qprC8|cGJb%S9OS0&X%rHn|ghCMhAHtGt9#>r`?`O zcg9i}GLQ(0RKiTHz);=-Z|LiyWgsMf7FrtsC!!VkEcm;uoPA18z`>FE10h*B|pp%@~n zFKg80BgJpjb$0mZ;{Gm&hfy25$Qk;cQPEF4Yf zuXGAd>d>6TUYu}Iy+gyxGi1%u`=YdRCZY9CtFZpP7J`8nFZQg$J3hSGvv?vUR>|ig zliefa;uY!bx&!_-3EuK_0-bh~nO#wPF|AYgf2X!Cp>vlz<==1)dlvbGycy4e@{%bO zSxb04U~c1ViVc>EHoZ&K$bdxmZLpJ&ib%n*6}~6%{9#A(<|)KZJiIl%+>T5O>|0Wp z!oij$Um;D?N0H}Do+g~yaB^Q0Wx0i*;mf06HT0?EE9PHJ0DP=x?k+~)Y_Y>J;xSV? z9%}JOY_B|u(Ki<7S!z?&p8)Q~y=+B(c&?0Ye@;t(#6&XEnhiYWml+EpvhL!w@WRm5B0tq$%~i zPB&VS)(%PL!=Ye4y4Aa9%IY*@Xey{*)@rakfSX^mSug4 zwhDZAv;?JQ%q>)`E{VDp@)8n@C2yf#+c?T(11Wt5IA%3F$XFT2n!xa^(tiK`l#2ZZ ztMPD=KQtE59@>7pO&>oQ(toC9;zV%#Bl^Nzf;PI6M&|;D^x_<{H-8Py&fOP4ncjUl z#^&%epA)_nkIj{m%~H ze^_;XNZGmr->+;Yd40SQiwYYub=2|zXql)61{whp$b>;@M!ycvcWG9c;AIo6CxBRZ z*$m*lnY6bE%He_PZ>#Ke#fsJM9P-<_NMBn02K107$BwFi;B8YibNN643Nq;u&?eO@ z*ZemUu}LlJSBRP)6E}}oC2GzEG#xc3slrOXt;#Q~4pcR`FA{moq|Juyv_`YXark(= z#1zp*<90$=o`u7=h}7eSv#rsq0MX~09>X`-&pe6`9eaI4sS*F-FyV=41~uy~H93RQm6tM3-P4Mf$ZiVpcn z)TG)m_}@*=;d?Ef4XPOyz8Q$f`K2qQgX2u;9%^?<6Cm`}BVjx*HMQ_o43m%na>})XCRjt9nH8J&gFK;u?~qe-k#k z&jfPRI&Q8(l&{Kj^^}*AoGv|HUzo=ymhL{(-nVr2T!=rflu!y!&6G{9Xd`%6qLqZh z3}@l7e$n?Pp8Vl}iZ&C7GI+-q2?(Z2HXf;De7E8~C6hL##n??VlP_U2`JPfxdANHw zofMGT;BfRks@~!6*UHYYC zkMtB5w@(q93{iom{5SrgdPXQjkXi%Hgf3atJoC zLT9Zms-U}-XNghBfU`ZYO}*rxE#7s0Sf}(Mx72?U#%MGM+cscj< zc!uM84mq4tr^*b6l&?X|Ci&wB^p{}C-rY|XJ&-7#*v+EHQr^&j_KIDwZNqIKFY)t^ zP8XJLArW`sT+5cznIiw?)uldX{+!7gPU(C^b2TH>)1! zF#Z&hyVC5>4p$IN_%@v+?ihiM|da2)7H;536ENHHsqd$Z>^^xx?K^T&O^3W9>+hf8vzn64s+1m zn*oD}ddu&07B0o4xRu8-j*LyP9S>i;p@3SlVM{KPs6V7Ua5^o4ci~A|^Sx`;`IDvf z&w9GHJrtqJOP1Mm z?_l?AA^I;=k?X&Q?ik<~#rg5osC)eHAPezg>-A_n@&vN7IQ_48x9fI?eA66D-b)&=K8+a3PPd6e!p6gk zEm<7${eKc>!yi*&_DFs_(CX$R(B94O3Tj8)k0I2muvPo4`jDK`VWx^HZg#h&blALC zZQ;#Z)r;@s@GgtNIhM9DU+qbUP`h#o0ajcs3f8Tmp;#XDBjFD9<7Xlu-C3!{7oD}a zAS_2*Wg6DGN*%uS)M6Bto~JcfR-ZI7Wj&0Y?NvBi(@o#QR59!G61?VsKd94`YY;tJ z1AreJbn*D{FI@~Nger0v3;Ktn#1SwERd+M(R$i}R40#13&k{c(`y1aXGM7gAa4A=i zbWs#iVQ|4Ra@@FARsXv}Jj#J9sQ9{y&0h_muE|GE+FWvG^rj%Qk^md}k@sk5KM$3x zq1|Vzl@4GKTr(9e=&P3bbBTy$h^s@d69fJknz0Z6+9BW4;*gzf!jdNvw(^8$25GGN zV-*uciPRiGsgiS7fpS}aJU^&K zn1cc4Qa*qI-XCkBw*^IXnx057VMINDWxjhhBFyJNaX(Bdt9Uk$S!PG)o^`5oPpc?z zXkbeaK3g`Yh-2_*xk)`*Hi@Zkl82A{k80Z08_1*~Xlr9t1V^6c19_GIz9O{RFLaEm zTn*STZ>U}R2(v*w*Nx)c_oG?5Cpn~$MfUQ!{P4?kayN?@Lu#O?{~DdDk2H$rpzxSq z)Snd1p9@da8S6ka@@$}Jv+f?E?@78r_KX7dpCnVg=&Qt{)KoWKa0&cgSxA?kv zCJR+%h#Q<19=(`~Q8q2KgNT8q+z>{c{$6=^~$n#)I~4BQv5IU_Q^=3i+tL=xFEpq&`T@u(X)YNu)f=9Oq_~WMAB}Jr=#VWh>G@Wqg9P#yx)z!WbNLW3mP{;s#F8Dp zcj)rXvxRTt2BIrdt)5*(cu~+bFOsul4?uzs<#t)X{dXBdZzw~rDt}$vR{%fwFp^V- zU&#WpC*ma2+kmmFcWl0Q=qARqg|F?B^(ih2Y5 zXU5}i!nR`LX*iOp-TC1sQN;xcw^38+sG;?xt%Tg?1BR6&kL2nOwYqwzb5M-?!bo4Z z`dKhilL9+UOx$TQIq~5++b;Jb`X|G@#{v#dZ4>3*cBwC^05e7D3KJ@JrS$MSU7r^l zNpMr|9hcF~mSzSrMLpa(C|=rb^Xhf*#PKV-KOFzdzjZZ!L=)|-LqW37{en^v zdnTZIm6nwCi;0jz)uRbQNnKRT`^Rs_ zsP*J24GWfk`sWNM=U}}cEf>Ue*KeRkUsfyV7T#Q@1+iNXd;M?*TzPWDIa80N>#siASx2H`1Pw*|YM%OjcIiJ*^J@W9Mg!XB>{~WY` z-E}HxA8hG}bZs%D3wD8YYj(wu?s-PK>Nuo(vPDC>>dr_Phi^%xW{2t$pNc*$9pz=q zM%5+0(XycezO@b|GwRw4BNUH?oW#9)A|4x1oCG-kO0$ws#-urYOTV8)ahz_2&T+7F zy;I*f$!92WN_F-lyPf7wEW%@TPJI(9kDsWs8h5Md&*VzlUQ#8>bPh>kIh`b7f^Kb0 z1#c;Ueh~s}n_9rOsg=Brl?>FKWSd&nIF!zl8W>j;YA?4dj$bm#;FL_q381iC>jp&^ zlTLgQkhsNyN;+%eRb5;RiLUZf#Q}dw9Pn#3;KQOW>FTh;3Q9-nW?h~tDWgJ7IrLj5 zU2Mop_`b#O>P}hf%t8374Nr8wXUQcT;~P>YH}^n%?!TE7-i4%y@8;0Asb9beydjgX zK}ugT>aOq&EEdh*h{D)!uqGVazCqL6OcD#R(m!4_vNFHt1Yg!-QQsh%x8iuUZGM)v z`_O20Nn3wa^>2!=J$7q2wPSc+F&O0Nd)mANFWraWp|Fd5ot1blR=;bl{6_}*IRv-j zFLx2z#G>n+r#<3=v&||ak&0&tmI3J9b4)LKK7qsaUKq|^QU8HxZi1&Kl233i@vQJC z1|(8{vK~qbRPHOGz&pr7-KQfd8>04wmMZ1+<7fm3qJ9T_c2qPUgSL;Y)w}v@x(SRV z$a)D^8c3;O5$*8@sNW3{Q&*MYk6?gcB8=N1nm>jnK3=PLXNRY0*Yo^IR+M;UiV1XO)@(M2y(Wcf~=aBrE<%8?TBIc5Px)xJoWH<-0?G9CU5Ep8L z+lPkXH2$c18sF_;%(eq&+bi3Mu53Wub_(MfV0s*CV~6O=z7j?w3ga80kiC8U>YVGs z8QKqX045qh3P=}h4e&M)Zbs>dwoF+g}Qt{oU1 zdYdYO*4bY?o1^6C|4}bvKNh71+`MfGHm+U!%Wxn!X+;BF#~)(}-d# zly^xKpP(JA|3qG6GCMAtiHa=^BDYNN&sOWBygkH!o!25Q$gP4Z=xK#LAxe1ju( z8KSYBF&D5sP}>_d9Of2b$toCJcmQ6DzO25Fy}O^7(o&*Rfge-JPS~?sN1Fo%DQj-@ zu2ELuoeEtV#-{ZX{W;qqR~ylk8t9Kjc)ZSTK4cM|2-u9f+=8XD0qe}RO7w{+Yfk0= zr)GqAmafTAHSg|o0WL^tF^T$-T~2cYF!g|4--xq9roO|SMM05BV!r?bG`5=rV+rT6XNi|e4w<; z_)>Xk)GLsKDOm^&mT8xLMl3sV5ZV1Q&0yg|EDMFAWy-=IHJhPjF{6gH3JP&cqeczp zcStSUN9|{LD(i^k zEOzq-cBkIJ7EOE)$zMMIrDndQ%z27Gw!p`pEzEo`hHjbpjs$=a^Yvw2iyE{ey8)9x z+9DPV3*$F7x{c^NapSLO9x7_;AQgRZJPy_gl{m2*L(s=&?rw%;?6=m!zMw;`(Z=-m!jCFeZl?Rr? z&&V=UKZeMwwLI6KQC5cEj<=0;y9x4)!`vo#P-!gcn{Z}Jcfhj~Xb*^iOQ)+klVyOT zEDNH2ZzRWBKa?Qs!Y!zY&RvJQ?=n6mvlu{+zr+#rrO6{tJ#h+ByHt%l1xQk&@(f(! zoKFZRSO0(7$-3Q{fImq{azew)xZ!=!a62}( z{VUPR0&ieE{$rjt{eshA#}!0<8x zrx%dM-RA0zs7%%?EkILSoWj^6qWt&iRPw7``W?7I*ul{>;I#OX2Q4G_aWL^?-vYvU zPDET|9KK~_>!mUn^RMt#i``elc86{l1z94H20pEkO%w4r6xxNC3rnx#yw?*+tLWX0 zU$};eo{a^l&V^%W@S#FA00-21&<+#C7j9>GF3iGpl~&-g+k;E7CgnJta;goy624J* z)44H=ben5{`YoA3=K@$8)o>T#?qaY)djm`p!EKKO91=YNOkR5^4kkbBH|kX4H+r^e zozul8N)~TbHj6%In{s-H6uHAN+q4+8nE1l+zFa(>(>+@+dLz})FEylU*Z3npiLnXf zOELZ($Fz51k_1jKm?O1QmZQW`I^+!;*@RmMKdIcsYhXCD2A>tkEd0rXen3>M0F zAX$x*v)&lxG`QB=J=+XU^KbLMwMX8!oBxZDb?*p2lk9$<$0pAxr+Z)@Tgp0Q_guWe zg`t_7&^Wunm1dO!;d{~CxD3yR(l1uYX22_hQnO*RYrkFk)FCy%7?-R0_ol*l#>!cn zM>%z_(RR=KFrMFWJV79#PV)~KN*Heh-Tv^vB7gjSwAE}_;(8R#Bh7X0!_uB4Q2FrB zWI^C+4u+++&`j2f@%k%!g8s^`>aWl$uVN!w;P8wEuYlQEHx466cvI*{ zKL7arB>pI47%icJY@~QG-U#b5Mc-z2tyxk+jsY(flUobm_zZ)Z`?7aaCSb!Y2G;|O zKPTpWA6h{Sv6k=9y{*(xHR|FVa)stPdG-mOUnc|=}TMs{+`rtlw( zI015uN>?{LsA=I|`r4=qIpGUgsO^KwrBOBbq2L|JY#wjBdt(q_DPWPvugNlM3D$6@ z0iJ|kgnyjAB_;}evqYgQrd51fb;yb#R(3^luHBq)H@Wo$4G)_N&5FdX38%*IQx)x8 zm#8+rl>rmGp3GFHjLD?jntaE7S}UmoOv3tQxFYWCs_pKKaG{2x#dJEY+V1)lPG)6v zk@5tpCzYNFt$bFog%%e{wyJ2UtJp%T>blFy{#*ne>!_u;e(o3K8jS8HKZ~F+?{Uqs zngb}|Ji%+f+vP#!2O9_?F$6+hqG!{>JT3INa?LRcV2|yZKM=f5++0Isf>WeFXD%Z!n0Wii5U%dFHuHj9$?I7{BZery& ztcki}c!x@sr!WLYv@{lvwX$3lM^aF)Od8CnJ)`P@P@#|ayklpB544NjOo#7380aFL z;gJ7Bd(k&_Ef40O&FC*?T7p|s=;f`}@lQYfw9UciMt&{_{9@-c?^?Q^T$0PbNK)bG zDy~8JK?}FFn%Y{w1j8g(d$*IJopUV{2#%p7OXdiXTyl=>bM2LFZyGSyGZK9reX*8=yJL;Id$V zS7piPDE>3g7#XiAXA=nbht}Az zxq=Ow;WrsJ`=jpm4zzG{MJ-k--e)_82p;kTId(Ttz@;ZB#HG}xJozuOXFkn>0R!8W zSDqjjUGx*)vKT|iw1oS?Fs9R@Wr!X>Ff{r_VyGBZD?8+c#1Fk;oWMmY#ri||V^m!w z{WF69%r4}?>2`28~>lc|L-f4!N3123GhFARTTc0FJk!T zV|F3h6bo0=^~s!s#h7!7#lV#Gp@J9#PU=rWYw!>qfmh)g6m1uW*NMKddJ$E~(R8H= z@w+PnIE@)0`BkIt)c)EH3I5t2+ojJ)CSQpGoviXd*raO(8^Dv=5*6HiMc*p+rwb{{ z^LTGZ^+kDQZAy&50Feg1-d~HKz(2c*<{fbA+yMi3$m`jMrv=ZBYM@hcc0ey4ySX0d zVvAL34k%fkX1$h^%bi-Ep^G<{zcPco$s5RBlTg zu&0mn%oyyDb|H>GL?hPMba2pM151pJCA~+XrmD_Bk}Pv}qJ!*)=^YD4V98fP@|c)w zm&@{$U-xHnhOI-&^zG`k&UdK&@&x<@1Ee0zKl8s>`)$i4)p|nb}Hc-aFSfIh7@py5^=;5Kvfui-}ES; z)itzBUpiE83p%|wp{=AV3k1bqGdqms-PG7vo{hWVzDVnGBo2zAT9OazWj)nfl{INe zdX3qqR;J_CFZiz%xPl}pvji^J~ zj8F`HVI<@tJKqnC$?(Q@^z%5@j06u(l^k*5_~CBXG2BRvFJ9oHHoqlHpW!NDqBnr zI2@;o9<$DsBMNVnm5Z{qS1vgXNz^tOL|UsIaVdRx)o~brLFC5ujj|;x=7{n_2Kk>j zh93j$e}mM($3*EFircnyo?aIp`u)bujUrEW=TZ{owCU62tDNc!5Q9Gn#g7*!03hha!NQ@5Y z?UIh~F+5;sLpu63S*4Gm5^U+BFOLKW7pgYXG@qTxL2PD{MJ{=j+0C$_{zb4mWFNjq zl)W6m)R2piE-9&gkfZ3czYF@Q^@_n;sqGa5^B3gtaxC;fN;0f0`cfTq=zDgm=XoXr zNy4;{#)tOD6FDOgIg`@!>r75Bc1XE*o4VC&C~CH_{yl6=gMiwHN~L9LMS}|R-OzU@ zF;^eJw2t5w1Df{(I)y4hPd^Gt5^=z&N?L;{?B9=yFYjVK?M{3jIwy^S zUS?X>>1*?Jylx3&QD+UXY@lDGQ%ZD^l8PTvN{k;TjMF=o&gNcPb7^IC8<5#0u25dW z7C`c`B{Sx5U?w_%%p_0nq6eq7+k4oQr6QsiydNeQ?`%eeDIG(-+uiAWHiem~XyLkE zSZ`8h*)w&cO|Vr;jKT0kQ6j7gU1o^c(!0)$835gI#~==VuZ+NGv9Z|WVk{y##$!C0 zirFS(%)KBb8LB=s^#u8ev9^h#9;99B)_U0f5ekD}F1mvKa13sXSb2;Hm#_;?MA}_k0TMM)C?qAr9tY1G5L#Q zR$FK~6>Y{9C;DKmCi;d1ncZ2*nE}Z}l$|w&n%U?PHQqY)1CCovd*%ZYeuEq=UG~m6Nfro@RjB?X~ewVw2y-@sPFWgvqwG3HPO6NJ_e z&QZ054$LR~wQ@i9fw@$K^~8It$!GcIWQz>46%AW?sXGC>Jk72ThR+elAl-DGCXOMJ zxt`YE-KRB>;?4j@>&^;iI3&U*J7Pc^Mr}yxl-HA}{A5z&8F7lWq$m}58*&!`~O6k1Ev zc}fQ`CEp8bF9hJPl>54oQ;8$9UGSnwA`$ciS+E(2`C%iI$QQ^Wu>&2#VTCrfF%L^9 z#j$0P#)L-P;TxgqJwk~lZ23E+s-6vW%>_IHKdKB+)VJ?fW@^wCqd4!~L?`2ukw`~m zYYQDePG*zZ{plH6L(fn{9XHQY#~F5c@esmotoSa{b*PUXQ8y0ED3ZEVm)=7Mz3 z)Xf9l)H00kUEX*D%I{0g5OOz1eg;vqUVxaLNW3=jUPBZGV|FDlgo&l|e9 z1J9oueeZ5-E(UMXZZp~u5#O&D81=$1(#@hz>!C;C{UFV%CnD=UwK}K^V2BN$LFWYdV>Gy+WVz= z$)tCmhIiQPx3ii^&q*}ero&cxhX{sAeVH&Fmc;6a_H<$CFrsO2tlMgrK97bIxTRe6 z3Ke}hd+$K?L)OEheitTL1c+ESXuHB8*qXKL6taf_y4t`-h_U#uFAQZLL+v_edMbOW zl^`c5rXU!&qNaFqN^8)B_<<2Tg!Rt3s$2ZBY0yh3CpDgg#}VyO3vch^!|I3tU&^8L`|`j|WHODSX^^Y@f!+=81`2|*jB{sNW`YVhpB-l&N1 zp*vFkF9Ur?-(`o(HF2gJ9hSC+e$xL>pjuQL4Kx6-6{@#s7m%;h8SGof@E@Gs1Hwwb zu_4-M9dgVE01 zk9qdx1wv_-ir?W3{gJx}ZBKYFxTbbG%wRx;2;6*GpVzcbY0b-w_u}q%1q%%K zMwlF*RfjGbD0F8peUuqf ztV&za?kLxr8Tv*SJ%Dw3J6278TBF8;)X~K|DFN+)A5-m~qk6k%HxxaK>OrUZ6Q?lt zlNh%o9f9(~IOG?rQ)1kcw~wYNL|(T~`N#dt?29J9O1G0AAG6GIbyJ$}8GqGPn&0$BVGGOxg^{<=*!TJCe^a$Z3QaH8z{8eTY9Ir)ggHc`yhCh zQQX{g(px{qSr-@E<%zkX^od=bmIv~ca`}fCV&Rb53TEyGTq9>Td2+EhVsfEl#1ahj zWS8n3<~oNkwhp7ta6m5Tr??NDi-F=fy}K>KEUbqsAxNUt@PG1T2SYN2kX5EM#*dHLxCZ6 z*`y(Orlk+vSmh0-kgbh_=@xrB6)u^{zh?HKfM&RKM}nM3Z)HPo3To@8Kku#WO?L~m z^lN2PZ#+rAI3B_4-A1~cW4(l`&(lZ)u+`I60#x>lF5=6si$*pjE5jN!u<4D(7XN`1 zOT_^L08cP2DL0_Jl&S?dl~*k%#rLYh!5j;b{wygOj8`}7Nx9Ua3O zCB0GPZ;#|W_ViGlWi!b=K*4@Mm4|sDJpGqwtFi+v6JwoyRv z#H+Ojv2s|yOY{WtDCzvY1K48GOG=fnLw+4IbJ!#AJ0yBiZxbmah_e1>)mGp9O8CTARynT4w#@=jAG%K9fb+vZy#%V#*~(I42jL zN$?O%HostUHVVDOVxd<_flxpYf=7&Q%o-P?_Pw-(3L;BrB_khG^dw#YnHNB&1rWUV zsajW=5F_-VA%-NpVi*)*2n8^GY5EW{gMSgJk-WKV2t{1RK*~gyWYTIet-;fdZ#wsb z+Y&xPIM}5Rl^*q(K(`ih9y=VuN{m{I+Zd<>s{1(&IEUn4C-XJ%+o;c#OJROxg`!-o z-qWH|3Gw%uGBjsvx4fh0JE~>mwA3K142WY$(s{J5YM0WPdJF<#)aA6LWWbN zxlVavo|;T~hJPcQPwY`1BI_`+Rc!JGC69lW6pHA?C*4y>VYmPZ(Q$zEK99_g5JmL6wI z#93%C`ssymSS8vHKP#)rr5-4tt*X^2opkj?%FH34^$v0%S2rvYs?Nt{#I@%|Z_yUrjj>&EqRKK@O3}=S;lX6=NJdb| zX(ei&0%9UJ@OS_XT1(lt%HgGC?9eUVU<6xF?59*9lpPM&9StNG%T8PQBK7MEoSvw(a7Pc zz=9pV&77iWNke~?l-IB;?W*Sfain|+lkyssl%td!8m-6SB7f1jyYtMe?!;S_DuBz? zDFooq%dm&n=`{#>TQF0wA9yC>Lg?Rg{js@0&-d(}&5dj`Il~aeV5CB;-evUdXCx{_ z#Xix5l&FZzzNUegP?n2~8U6zPP6Iw&#!(ZK;$WIJ+7O-lOY-dG4)K0yc>MS@eYD`s zOvBJKf>#fJwUzY#X29UW2+LoJzO>Xbx9}ldD%!1Fde={p(5)HTt%}~&GaCKK+q<3U z8pe*$#RXVjA~KApbCwlKsWf5V z(h?-$GOd4z-lph3A;4=5#A$K ztpoJiKtZq62>XLJq^iF#z`g)tCdbzoo(YJNfHkI2i|Uqv%aPU7xLK@JEev)oTtvur0Om@yWs?1e);mF_cL`M7<&AadOX97z_bbA1k zjng`Nn)S?UgWj?}d~OHqZ|+B%yAK7pUXQ7$@xu2IY?k+BBgrY6*+HE$tAYbbexF9- zGfESu(N-Tn6L_;oeIFHl@0Ik9`d~%(xw^^oN?3jT3Lt{C6&V1{G_*R_BvX%4pc>w? z-YORdu^ZcD8Lw+LR(CnzY^4uT*Q(bzPI{2$TI7$SyXhFJpb6cBOUl%&%)&c9M)?{- zc^{#C4WYb`P`)M(Mt${=HLO(mkM5-a!Y4(tTj81FrdF8>W) zR9dSv%H}p>;)B8Oq37Jz0c45+D~l{NJOtku65gmE3En43O9tW=iCL-(ucdXHLGZF2 zX$@ai^PyPv9t>E}LQlU#9JP}9Rh>1j&REx4r)QE+6t?Pz)aa@Zy7*QS{8>^{wrwP5 zl!c!6=#=Rm#>Y*4To?(UgFpY9G!vBk?aDpIsE)|@Oi6E57HU%ZzYwj2F+GpIWsK7K zS_3q=Aq~f4ZLnm1sL7L}v>E5ci)wV82ZuyYv%z&%!rsA6qx`f9w+rJZjCW$_5nYsF z#A>_xD6`&8s5mSPtG5!*Z_3LFO}Hi^c-?70p~9&sL^6nUaT+jn6UZxP_TlUbmpmUg z!=p+r&XD`&&;}TLNvYeA8NK|kqt-Ta_$SwsY>iqwI#R8>8mt~Ets(e>(E|iL-w~W{x;SW~Qw)HG^xU7-;}bK;_ZPh)q|hml3F* z8U30O#Hr0})c88edKS+QThwmU`x*FC!S0s0n%De<4w%FxLftqn1M(ib*@kgYWC9Tg z?jQ`=G`?h4Bj~Ba!gL&r4zMh^YA{aEW;#M+WaK3UXYe#oao41!X9VFt6v=t<5zGzb z1Kh0cw{{ix{EVY-+)=fnMOD8a+%@7Kh2IXZ)3QXg8oDydx<;s*&;| zW@Hes3yaZ(_2t=Q*t%vgiVv7r9?EiV&ZOk0M!M%$l+XSii7;!^(FK|4V*x;mcka{m ziPKQiF*~{;eFf?}ilpK*_KBV-Mc*p+(OkK%cT`5PNXM=6du23eZzC&s@@S74L0-i` z=p#di=mhG7GCj(%4lNE4oZtVG$!{p1G9j(SNSvy*#He@ggr6ojt{sQ7X)j@E2Aytm zez=mXQ6CcZjbx2F87NW~ja9>;H&$G$bux1;gfhvHg9Hulh&=mK+hd~>B*a~b5yHC0DJf}mL+G#ehR zeqBalpn~zoisHXEYF}?ZnfUeM`!*qR2kKvT>#5;Yocv4lKyprCF zc^4U(ohY;Clhd99iV!vUDCX_f4GETtI_--70ajP6rkK?~+v(6dI0JwDuC}itTBtEI z#(9svg(gt-*uo92Ox4h~A)Rd!q{BFor6pXhb}v*dpxo*zYOmxIzF+a*hND!w61-O& z#W_4f@-rHrOr)qVTQ!IyZ{GQDhIn(2D8xmUW)lPe6|z7a555uu`s7{4xL3%#hWsu1 z7F*Z7hCiR-;mzm>dv*LuH#Z~2R<^3NOaCqUGV~b0U)rikUp$|ufq+tKGL)aP-6S?E zqvsnn=vnYFm`=ebq@QilaV)&!J|n^(CwV(6yQCkmG@ZWMCes<`WxSRVst)QBj>MkV z7&HdF5#m#b!#9_X#FUUrek7mOIcV?g$e#lbdH7I>p^}hDSSnt~M+cH)aTtF6o80J* zv_FI46)(qtecy8KEdkD_y~-f@+mR@oHPu5J!TE6&&ZvHvl0TF54{_i<5mg+^D+$cZfHc45sdrdV`zS|#vEY3bf14foB|_Cd5>aLPzjz9JT02c4C&?6w zwJF#EUd49cnkA>6L+$xIhsRU@M|0>Uc(2rRNKs@2_7PQ_N*?19nXB^A@j> ze6R3SdeT&utY$@rYc2vpq%cpnz!*um=%C-Y*MVq2<`m|J`ImQ6Y&g|nB-L!FY7M)@ z!{P`%UhD?JBSwK*MnLVQQJ6J@pZ4nzkUoRg_WPq|RDWXRTQ&C57;`B8Kq! zDP2K09l>AwCLidyv=c|Yxq%qX#-0}{pBe9^2`59m3_Y>bSz z-^@)v{96p2kU&l*+g?@k+vQZ`LY~SnBazNIL@C@!W`(1!xjQp%W@uaiv=Yegb4MwP zjPmtdBinbkE8pT{FqP74Myx2PwPU!FukJR+wXlhs0op56ErK>e^}nKZ8sFbB^U}!v zRnT?lKcqxmMcK?ptwI?^<&eUXR@S#xs6-|=KIY)!N+u=Grzaq9<3Aa2lYi~B4|}sg z4W~_qZ78LS67_fLop;%Jtl_|YByA1dq>pK~+K!+(edy2;WK_&=LYZw*sUbW)ky;~r z)U8ZlkNaN4RKc&&Fl7RvLn?@I$EffTx)U!r!Z@@2ZKN40>k|_nHocmuEm7Vb8dBw? zsByCQV!vWBWo_VBy;Jx+9m6;2CI;Jp!}0P$RMt4C?<6)np;C#LV{A6RczW;@$6auAqq{A<*t(pEH>x!R?**K( z!Ee+>*HNgtE+tMMUNsT5`x{h9uH(x>^_or*SFpKXHK&cCZUwIcus-xLe%2AJ=Mq>$ zQ^)~?E^1yQDfG7Egu<6&f$NB>=f1$OJoHN^SZ1pRYyB9OU0)3R zG$MLIhCsYL1%ViMp862hEA&z*q2IRWx!?PKL0Y>%35#{gOEhNSluO~1S(4Xr2x|X# zB=*mFX`{VQd@+-vF3rC^Q@4pj(Foo`HMPN;KHM**M)fd>0@v5K@uluJKjWE9AJqT| zRcGQ@<;|uu$R^Bnjl=g69rgL#E2>9)SuAtNCDY}SIZ?f`YO{O?sblau7k02^16{qf zM2u=uPuR8&sV$N-|G}ZUxGaf6)f+#PHnc;E#L#Lewn~xE?fW^3)O@#5Gb}Oa*6CIK znY*uMF7SB3UU?k7&V|SP#s+j+AZ2sB`Y=%?tZo&%^o0iK)U$DAW2|BJ7K1Ld2%uuw zj2^xASzm`Fkns?Sj7+dw{t8V_R)&*lc)6RtTh1NBB(-87-+_93rz z>g4y3*i?Q1F+k40On5K7H(#|b;ClkRt-y1|M}X0eANT`Rv7C;IWe~wiOSB5(ejqb` z+J#ZCHWWmZD+gopKWzlAixDMGLX|E0mwRHeNy|Ld}*zx{Xg~p?xbki1(=F@&+uwpa=TLbNL!BUx(#)V)xudQxV(hR%dk8X+v)j4$9Pr=v5n*n zoGI;1&Xjg?UY;88S;dyL9E)ngXUBM|Pg2Hk^GS?-r-nEBu!FC%5|?AsA^(G7*#&Jg zIdby`^}eH(EX;R0B%A1voFGh3Efalj;`N8a_cGphpc!V>lvJ&qmiJtL7Qm7b1jLCB=W`d!&rsiz$(3e5 zjV?aQiF+`b7GKo39}8Ji;)Wp%v1PNo5>;FG80Sshjx;6EVXw?*R?i3kcdu^wahQGod$m7}-7mgBIkNO4yX#Mn?<;GiOGtnKu@ zM835T6MD3V@Q`I!-zs!;ca_Id*;zm>H~oCQLYZFPdSwZ)*_r|1MshVq-MWZb4%HlkH*+%A5<{G;F)98riKwkadEp_t z2*MF9DxxUI&N7PHNcrJ!W)8IFZj_>6E%dc?OfqV?1BKJY%593SqiUX)vER7pGKS3L zF9IXyMGp->nZ*Ah7Ars(?}35NXe-EY8hQ#kobo`u4yt2G0+A(MRD@KvZcB7#xD_sOxME#ZDJ}69BG{ zkvGdPZ|iivNhxd71nb9YL(<0%-?-v9n=(wjo5vjM5E^Z^M{-KsaiNjiCD9=nuyu|f zP`Q<(x9nBIziSQ+O7lR?rdYXX3Cj=UMX;Lh;TZ_GKS|*tl>a=L85I)&EivXmQ-{#$ zwXOuKe)rwz;K>Pjng*~yHGKfu@KK0DhjeF&duE);$rOkDvWenn8hYD3&BxVX!xU@S zj&5xFT@HOHJi+Nb=;|$2)~n$gP|i8?Cg4Qz*?D7rUR^gv*63Y_&2^-{&VkO~x0^q5 z2&Ex_>sqADpM2MWUTAAMrqx46=k9x8QHwR7jvY6WPsgwhJ{@B;pAKIQnb{7-;2-0( zN@_#7qR&GR^vP>^^RicmUJdz8c8Pd~6)Ph+8jJ8~z^VUT&7rsl*9mVQp1_bFzHzw@ z-|fZtt_+Zs!tpJO8Mxor&B&8ct)+ zOq#HOp@r4>0yoiD@N*M6M_(1&qg~{mj=G=364EL+K1NFGUKkS#f9oGZ>#DZ-7|rTa z*7UAP*r{90(TlSHa34kYC?5H3&3p;GB<5A*b2i5Sk!T`aMG!H>Aj0Tt9O&AD+=w6pLas|M0egXf~%oub4?@y#C%rCoey4#ID04#Fd%0V*@J6snbVlr~PDYSdRG;qt0&|6OtJYQM2Ba zAj)>>!lD_k-{pBsswJ7Tnr+DK6tQrVf>=WGG~ zM8OzZC|;#JRo5XHLybN@7(+DDLa1CHpCM1R;xD2r*O)IKc~G$xf6;DS>8GyX(;()q z-ay9vspL+;Zy%($ly)HAHAtx1L-{OUT26-Zqw}HUw*=%jjMQA%GMA|oe?K;O?S0I9 zzn!1Ng^hw1Mq%@OoExI*@akF=bs(M-7xUx$>tckhtaGpraSXZ3UmTZ}a-`<_a(hkJ z{`&_)JJi2uaIj7v?yvcMzIZKjqq{KkXVC#bz9^1VW3D&!EJ8f#oq!&bJnS>$vg@~L za_8;Hs%LjtHrLdsbKnHg_iUnb;45cqkbT2vWIx}%2w8nOLsoJpa}G=eymUy-o$|tU z6;DjtF=dodG@2s)axK%Cwx=U5*b9F2=XaR<303Pj(`>ZRY3?gjJ2{X-l~m3F%y}iopUgGkn!dJ)31nAGm<(RPuuF646Et{a2M&uc2r!7t$pa zu!=*-cI2ru9r6kevA)~Y$04>}F_ z-zA<6? z4pKs?pE1#1Az80fPr(3Pbxx@PPl+RRjDy{R#N*RAXHQvDXVFv3uMYV&ifXw2nRV=k z?Pot_cD7XI*~)li0p2%|NTyqX=N3*XJEP4ZP1O~(Rva@4RXtIqz7bou4yBBFg7+8? z*yYw>bO+!8`xjxVTM#kSRM*y1`4rnRFxRJK*!YpMbUvtSs|_Ti*k z!#EK%H%tauajZ9a;IvwVm35Z9I!nb-z57;eSzI^#FGkZFPS>c~A#76G-OS17(=hyi zBKF|{QD2V+AJQR>FFo!D0AVzJ7(!x~Gny%>B6Vqn#V)A6uCt?+@|fC-Nz}K9!TO6S zGls1NGceR+ddVcRYZ7`;`IA2m1LCQ|o4n9ZGF51eqY6L(#!!ThFXN~}AEBxsr88B? zPDx4?PIRCO2cuMh4pH^4(-LTdvT7QV16a{^A_rcQ%a|gd6w*gzih$1U8QQzk36(dSv5MJ9T zZwsMn-4Xd#3wM)*HBKA%W@yi(soKckG%W?C@b;mi5`+(A0~EW<+% zvK$KP5e(tJK|PJ2XHbu(3E}jhJ|)(;L$c&LBzs;oWG4ub7$*%649bb_dQRwz-mjck zQ$!VauoO+Qb>TW~yu$iAk&;>Pz(vVoL5=iD4!pR zM8X&TPri8T7<`dJLV8(TIDqKXOt}7JLXHM%u}@-rSd97S5BXbu`4-^ zC`E5pZ!zRmgvlK5i>{*DBRTTT@k)z{m>q)y9j~Q)^4F4Y@FgfuZMc%oeF9V=qc=G3 z_nkt5mva5MObmL!VLK^i_Z=gQ9IKMmubuKe$PZyIC?N7u{NzaE+I&}Ttm3#UGu0R`7&1vqknqt-QbfdJE+ow-=0Ktu z1nQ|qxkMM|=l=o&Z$*gCuuJup)?kV|n^iCuF$Zx#T9xy; z${@9ZIT-&vx@KeOWvQN$ImD86B^ldRE!7W(zEz%vdCE%=0&8Z-(1UfR_tXM`@FWK0@=I1axZh@c+>W~aFNSfzkxpS~7DNsU^DNZ}r# zZZn+B`B$@PW)7zyh|BWP))9&SxBa=|`>UJQRe$9t{wMvxzS-GYm*VP6v3R++8thG| z3hJUJwaQi49V#j4)cqR1*%(VU*k&g*bbx%Uqlex0K&ZDp z@MCX>Ij2EW>Rfcl1GD7*~Wj^DW%T7>qp?%Mq=Ai zF5M4+$Q}$Wi<4?u%V#$?qUxBlajJP7ec8pfqV1x&&MA~O;K3Q4;v`OA|0FlMQyl)e zc;suRw8K7pcXSj4q)EPk*E)o;pF8z?VMZzHIIi$r_z}q5yqjP$Z(j9{W@5>Q#c4C2@yc`oNJ&OAdSQlYRDJ9S5^* zr5u|yY=^W5k40}5LZykm?4F|MWW*s@KZm)wyM>3tYnKmNq zMkl71(Fkt!ryL!qW9ON_E_BFahu@ssbNc?TSL&7UKx+4Z~Zo}&?`VB4Xt zghOf&hd0jeBW{eL)qX?~Ob;2o66ej;dw{mNR@`swl#V#LJf!B&y_VxnVYbzyDXuF# zNA<4Zv^(L*>Aj4jFOa^|_xCosqg=*^$n9=(_&RvEI_bMX;Sz^$^O|JuTxTvv9XrTj zawb+iEXos1;)n@(qPd-u6sDrDRUyWcuZ-YfWTTGme8zndHL}^G{N*Dyn)w@%gH$?G z&dqa>Cnw5Y6hBn%j*jvoUsoMjOk%@bs9P3;|3Bvb1U{=SS!W4l)?<)f+kER$?J0f7nJr}msV}*qNPT+q79NM5H50VO)_jnWt{Q09@f#oCuJ$3^fKz%R*TSDbWt5Fspsy{}5fOLw{>w!msRRg)luwt1X+^H;(k> zojN?xwhotN$G3i2eCvnH;s`+uyevcm-((CtBx`U|FDu2Hs=c2eEkdrm=12>J$E7DL z=H_r*Y*FDH>3d49;^bA7OmVbxgmKkna^QImS4K8gE>xGAblXrD+R2fYkUyfRny(z;Z`d1dXjfpXw+l~TH4^^}(y4M;2c*ex| zkI~@M2uHlk907ki{AeJcb}>v5H6`xF#7%8UNHGW7UE;bif-GJJhbVyTqrWRWme(bt;DIVs3s-sU7^Dk;E>&cRjdlI)!tHL0UW#C z zuOK%LX_9TSO|tzoN9wTxW0^}ms&x7(#q0eG?sqKMqpTIff@6I6GV4IjoK*j+A5nkG z_or8pb0D>fe#+2Q(8ci0MZc$3tdpw>wUK_x&~e3i@C>9RcZB~M23+jB`t(J=t54eo zrqai$?^RFtOnH~qmh~KXQF{B%cJwwL@FCseYciiNze(a~>x9ffAL(L#3|NshYvKn4 z?D^_k5t!{RBR&(2W%%ZnLXlyhX|*7cxWa;ZCf1u$<|oPxN1V(C&IUnV;|ey*23*TEPDCJ}U~h z*a(z_TTd<|d#DRT>jL-fZc--H$=NK>I!opWskwgjjijoPDVyIV89AzxEa3o?i)D2d z(8GUcQ+aQ*q8@jt=T_h`&CzFEYAj)#O+*N4MPn=b^y@4fa>^fE{1eXv*?gKjn74{p zH4*Z>g9@Ft0jL_M|8kzyVM zfiuMlnu zRDMSi>Fh<_)|)SxZI)gQL7VfR#Z0nRYWV2{ZlO9Gj@FoW477?7(;^RX(*yAaMRLZ_ z`{eELoT#uzQiame@t6hTel&}Zc}fYmLxMxXmDs8|H{7$ z9Sl^A7KdKHWYw$z$tAsYMjW0X7OECe1!}}VPH|wvF?G;`*KJt`9J*vNb991IE<&ZD#MXbx| z|1}YU&yzx_Rx%H2UW{d1XS3q`bXMg^?(f+{@&4L3VPzEd+(8&k?r4wFd>fLGJ+k&p zqqqmVTG4Kwi;U2I&v2KvU@mfp*UH+h@URPSK7pj%V{iGyj$SZ&MlYAk>IjNMfu_MU zz^u?BOb)y&Drfsn_SMX#R`3pD#&kuSMRyP)Se#IKx&_rGi1xv2OEqF#4TbdCUlJAm zXW9sAC+73p&wpyHC+2T1TR^NyVu8BJd)PqM0ZfqVrUbcetgCkS-RKwCxb2kk-wBdt zG%JN|B%i_B>&5Bhp3qz#T>NvF?@TXg>6Ph5Jc2Z-yl*->V)BkWZkK*-#y>9e9LZBZ z$1Xi=x8dKLdcb?b9BKc~Inv&maj_Um5)X-h0O|3lrG>%Bi=D}x9Ff}rayswETc>Sq zwMqXN!wReK17^VG>h^ypRXyC9qH#Qj*57THLQl--Xq86df0N7kc;WsHn!6KDl6eCJFrs5PxHhlgpk|(y*vNgcw0x^ z>@)PcuB`WoG0)YIS{I4Y_BriVKO~P)hR#bvXR(E`Q1!297cWj1o6$*DnbTmUZgr~> z5duKFX)eXcolJcDqjNFm%Ag`SPPH_mF;zNVBuM3B&~@`dbCPos9+u~UBv1^y?dlK+$yBaNUaa!i2eTfc5)1v24nI0*ncs`34!8w|WoQJVnU zl)ndg0XMAr9)VI#Aa~Zut0J$F8?hJB0jpw;Dn(yPl}}?s)P&yW0E2mvHLg3Q`SA;P zL@Iw7gT2*Dd0L4h3&NzVn#Ygp+%QiS%60R}4UB8E_ODEiVA!17!YosND?cEnS> z#V%iXu52*>WO74VCrW&{?s{+G< z_V5S3wo9b)zvAK9)EwHu5_8pUNnNN+bSGqzN$ukN-fYM3*?m>SLV} z8h{$9w$SYZc|lhLjQCz;ufwZsA`B@7Mp|RVt7wWNg58eHN=qm~dLA?sj2|(&K8`gR zN#VS#F4?JcZ!3x~j}nE&fj0H5Us_F(Pcjl&<9k5w4xoWTw`EeH$lnv0Aa$8Y-B0p> zjf+_!^D1+4o>AOfctSUFDw)$5D#bhhxKaG2xZh)*NX ze5T{luPNdM{8E?|pvITw@Gpf3M#nj(gywmCG_hXSPi*H_K59Xus)Sx-d^I(Zo_WTr zFhq6(c?gMZwK1~Zk_cR+XoTxMBYD}7Bs{TpgpVQ82}Vp((v|I+s}>UR+ZcJ+5+9%T zBCQgN^Xuv5+jI*_qq`Qp^a^SS`uC(I6fFb4!-c^JgkvPb%E3kA9RXyah+SJvi{@Xr zXrjXsv+-yro{cZr6@KZUq|9rp1{o`ieJ=l*grM3clko57tFh4iWq;n*ACn>Y>o#7q z+0?@qd9nJMIlNip0I{PKjz-C@kzR?1%Q4Q#Hhp1#0h_IKy!dnIPT-v?MhA20?Tu1; z)3Pacp03Yt!x{0$&fyV)Qro)Zdti@Y0~$Xd01f>H7;G&u!QPVOQ2gmM5}m7I{Z|owYQ+WjXj<~_*pR{V zadTSAF~17E?P?VWK54C0Uw?*8dOSU$$OjpT(dg5tmjoZ^;A*NxmWBKDk%RcQP_z?? zqULA*5n<5LQ%qwwa+)H_u4tr*Bk-f!c%Wqm(8|*Xkfsq&#EUkHX>cdd^4g2l;@P+e za)^r{5np3O|G2~c>FAT?9TJWPF*-pbAhT(w$pz5Y0a1{pb0N%72I9iM|qOByIH=)VT@xw*r37|9J z;G|IEamO8iAbOXyLlCH694R{!iy7*`qa2LU9em1oa*fT}&!G~MhYo~d{b`P98vcF{ z5<_csnoK_td##svM*3Q9l7DVeNXZ=IjPwF7vLz94+k!-8-=zfn0+AK&(qHdK%&*I? zz7I<}^Ba20aNYZUv>$Zf5p&Wax#}Ji;_^Y7M-;MLwgqY96h>L}jp#KL!vPmOmMv{p zr+G*E>eJY=)&N5eB4Jq|;h6#nXJ;`ICT+98pV`;j0sWCmtEq6mbX!Z9Pz~u>UCz%$ zF`AFK^S>vT5Hsra_W;jQC!QmkkH`}YQtSAf>1RX|zcDj?BKw-oq1?th5Dm|y9tGO- zO?|nP{`LvJbQy7yJUa+rDgkG`?z+J$insQcDj%lMZoL|;6tQF}y2$4Bi6*|pK?IN- z!7wJcfPaTxALs~naBupCQ}H$4K0b~GR{~YqcCVA84qlGh+T*cF;)_<8)L!1 z^p&0MZ_*dsO)5;<%C|YvR5o=VMmD)0;%NhV*y;u}wsj=6YAfA{lX;0ZlU+U*CwT)| zZGd4&UsK%XyL=H=VTLNk0?`#3NWy-Gg5(HAwxGqlsz=^~-=wNZfzp7idO%^^u16}8 zvC{N(1Kn$MOo>C&Ap$P_VF2SH{|UlF#LuY}XwS`E&k@%exRBPoXcc^0Cqu5I1?V`D z92h1z(x2wC+ass@BN!bf!0el|p^-^qnZ3)@lZo*@qH$yL@f-`6J>c-P`CKsneHaqC2K$7b3DSx#Q;e&R-JE zu_QU5r_WzF`Gs0ehk^ZXpaY7-fn5;oRtp z(E_AF$Vr-tEXzF(ITmsiedIlk7*EKJhPQV^Z&V!X)ni=h-9~gkVKCYU0QVu_HN`+H zyYCdL5wNI(a?uXFofh$@Pr<-n>jZ}uN;wv%N;z1Uko18RL&*zFZHnreeU)mSn`pLfaNI{xBJqmY~t|$JEGDyxEL+X%ZFIJtT2`#K5P@o04 zcK!$PTtto+?W{TMo#4U?XL*8yC7<(iep*P7!*iOoK!#`)Ui1H%b zF9)8-dk;K!2I5Q-8*z(>#0}`8Sy-F=<|t0vkr&j_s-XE1Kwj^+hDh`mlgiDn5Qi zKI?eRY0neuaJ9wCYQPoq`o=>T0Orlse@GWT`rcqmK-9j9Ya%`gS!@8&Y?%!KuYZ%I zc3cOh661n*`QLrRNFP8{b0A^3#VlR8VyIyi`w-se z@q00lP;1d)I}e}{{c+v_Lu7=3QENJof6Yx#wpT`(j1e*JMMS(|{~yGOYcDM_NmWys z-eLI=g$$>Fm5sXdV+K!E0Y|TE@dr?v;+blYC!>KtcnXdFo5!Xt8YXBJ?+`&)_%_iF zmHca&FQr{7l_S27%VD0Q)?VkxnZzl`>PEqP@RFe5A3)LvnWSIAemh^GBY{Gl0#UJ= zSr-nsPT^r??Ip4i2~4t}k9j0mi)tj_qa1j#F)h9h@RnHi@1lSQF3H)z_fP5`*}ThD zR5$;G;8@Vl+;wSUwJfJ@*1!tDPcT7ELO1K~mi+uw|G4Nt|M*ti zBF&NaP00++-ylomB~udjcc*X$KunXOy-p+mi=H@SJsvs{-75m8SCNGStYU3hb_Tms zVwwS^1^SawV)?FZV#hN}GRo?TUJcfp_ zLV-$$f5C!E3QBeA=bj~OzV20m=9KmRsqu@BS z(Nb%c{O=PL)Cy>aLlVDlEC7Rd^z%FhD9$&~9K~X3I0Vzk6soo|$kAhw2S3^k5orj$ zwK~gN#HN$VH`CT)PGAkQj0UH?{5xLR$Cwd(rKLZ5&cX5XbPu}48s|PSMyZ&dxR?=< zZ1TpG{9m7ChsZ`0jLXv!$jHED8`)E@ajw-fm#>Yi;R6@`W!HHhd?9%nu9G# zyTE!g@8vd(ZW_pV_+&e<=|80yL$g`NL&4IECge$^(~fSv1`wuM#6WkpFa0+v{SxMi z+-eps8FuJ5HztWio;-t$1#g4~fhs${e5#QB;O_W{DGJdIRDXS5V;1_KWA>O*9V763UofsWdtE5C53KwHO^)A~ zvtSqIjb4QwM&9CXojcL4TT^bblDI@|jrh-Cv}1wLdwAv`R`-|D{l@l0wS~L%Uy6z+ zqf}Oiyk{rGTMr7^Wugp#wmOY3cedNGEK0dtTO#38=w50^LSjLIrnA@ZHr&MmPQnO4 z4D;5>PD^%OjSE_zxyWiDD99(|-c(_j#GFhY0>d5{_ab1!u>UoY7$$~O*n)?N8eq$- z({T1iCjjl%0DvYvD2#MH2^JJN$+Ex43X_eBdR#Wwy7B>CaY%K*gg4AU2?R{nEfgK9 z&82=0G&4#ZgCAPs9`28%x06B46?5t7#tRwF(GM)~SZLDPD%_v;YCRo2gfz*TyV12i zxUsY$ojP1!xXX32S&{x3f}Xmer;6%qVsQp^LI3&?OEc~wX&ueJ05-}-7UvsBP7fet z>%CXVzEg!#r5l^C9%+tcU|>;MdbMG}Ees?aeY6MU8nEa{HDK8S`uL?BC_$%*1ybb! zJOb{uRLbU7blC0ND7-Bo;Hw#SG&7NEBv8$whWVQ!`$%E}V29Q-IG|l z;QW5Y&*aZ>A3Q_X|B&`yrc1wUxNt&_r5q1eyOp z65OeQu47!jkOd`&Dotk=3LQyri!R?MecCOu@9)^?ZHI-9+h<_;>Tuj;hg z;*m0LZ&#a=^}D<_1vOP`WpyvA5o;S!FImcaX9b<2fmi6~b@H*O-IAM){`rB3 zeW(Gwjy>zlA_w$2=p$0<;Smaeg4#vf5)$jV)g~8OMYqO!WnD4UG!D5>PiJ7RC3)B) zYt$x(>nMCkCOmW|BBNQ#^V;OHEvq|n&jI5Rw+Y4Vv>yXcQ&8G~Th~{0qYEimC+=oA zoLf^vw~irKQi|s3kqxYk4du7%UL(F{uw7a^arA1lcTiVc1*2WQ@i9+6(`Wt`uPtgL z>39?ki~TJgi%`)kCP6aU7&rA6t}l=2>6em#`-|x24)ld@Nge}<7dw;O*fmDBN>9CJ zI7_UP)!nkTWHvCoY>M(*YZ@E(&Nz#*ZjA-GkH_!Ok;%aOy(aRH(I<9BkZzi)` z&r~_=BezoQI58)O?=G$|j`u7MJX!4Ni6l5V4VKYnP+dk@Sx)=gFj@~s)6{xn?02Tj zPY3(o<$ELt&c;t@Aw5#yN`E93MDpmD+BHMrzZu zOm^R9KCmX(wMsl{)KJ+02N86&&&p6t5Q>FEsSpGKC{-X z&C7F}_qesW1@8R+C}th+tzZIsS}5u)RMSYcy^v%R1DHa%y#s1;_YlN!fihNc9RyZNhh7D$XdG?r$FU8@QAOiuOIwf;`S&?7ipc6z_o6BGW#KY9bOr2h=r64ds%2GZ zb7Cv8N%4{7orVhNFN*pq^eemTplMI0Vvwk zY*$$u=CfDhU$ll&)UwqSgY~C5Sn{@&R#UW#9HvB*u@=ani*6gDM=xYA!283IjD-XD z3vml#*>0yYIhKQXAJGN&{W$cEGT%z?XER}lOXj%)e@4^*SZR`*)wReD^(xpdPjtq+ z-j7eC*wz&&Hp@k=o=ecm4_!%qb{fW9w4`d(43GoB=NeiRI0?W0n8glLm^)x(jz^@P z(Z_14W-SRf)X>&ns=R_m)oZif9~CKnE1P$s&V+AcF^dkKHzh;|m=sYkenN$@Bf=F` zVl7HGXFWQ_>yyOH4re*9u^}!uf|KL=*8AwV4~&med9|5Ky2@Jd`+EGNNE2WaRPZL4 z(S)1er_WeTk?^^Wm_<@6M4R6+?t1AdH;3k9Er)~pZ(B$js;3z$qME-c%~1K%{G-zn zB!2-HQG`YnoN*6bLTGI9!&3S8bbZPB87u#yfM~h{2`1WD=)gIx9nHk(=kp8ND;bs%yKxf+Cg(9mbDMO}WJ2DG z_L$9~y?G~vR*az&9CVa3*irPocV_iaWE-nXNhR$ErD)SkczW{J5p*g+-yj!zIL6Ov zi(7j;cl7`kzjRB@OnzNaW5q8naTzgEl#a4h;amk@n=8CneJzY3D+ zKrMxfb(`QqbHFsWl`uoP}HUIirM65hFo+E5GZ-fX$e^+e=!DwC~EfpJc2RzFiUsJjQN%hJx33+G;xnoR3|+jbg9o^ zoxTIsP$V70s$7Qq;|k1N*>V;sp?|YGGo5MM(yT2m;@lpcj~vd0bcxu1%{B_Gt`~`HCp&6>F8Vs&V9vv zTtPd=PxM$DYB!yVc6AoE@Hc1SAv?R!T5aPHVuia_n>}3%ce%#=o|ffvH6nhwOKtP? zH*9F&g!gSCCwGC8G|5?`)iv@07aQRrWszT83{_|6fw+lA-hM_3hl=#u=a&j`WduJ*et()bnv`iICo$Z`RB z0edQ*Y;|aav+e2!cHbd$ODN4d&{=fGE5A#)XHzLf8eK++=a$I7VO;OxAqrWb*j%Vkd$t*i-1F?03bA^^OPDQ>yHZs^d3O$Fj&tL9)5~KUi1iMku^(iS(}!PZ7jX%T>Qd89#-*+ zXnN@l=Mt#$9Sft%kuX(Oa$r~|Q016w2vrV+^CFHck)QW{nrVulMdG`JC?|4c-#8+C zoeZkgNl7DP|S9CH#-QI~# zqh2x`wZY7AI*wGW!jY8HjAQ}CY%;4?+-@-(<(q6D;` zS~Zn7UW47&L^IIGUR3XO(!nklJ&#*XT827m(SA$_0EqqMq_F7ux%BZ;bHY2=Pdd{+ z@s5w2W-ADeowif|w15tFI@0B$9n#Xz==;s_9dEO> zrYsZJq=ruJYzd`%?W?UAIHgU$@3=MYws3fo!@^6+-oQ+L-A(M*T@rGWA#cV#LKYYj zBUp|7dANFd7dqp6(ix9F@8V~C^g|`EwwloLQN8~sEcvs`s0}s2%9Z27T{@f=uA&%+ z`_6rMxJQ@EftT1D+CKdy3pH{tY?%kdRzT%Pdo}vP)lK`6+4MZbq`)ohR=AIL)eG%c z__dd$=p>>JMr0-l^7iRpn35f??L#Ph8)JsH1)B&^l}jkBf**BpqUGnU$GsO_kCRf@ z>omXYoxo474>Y0C%|$3vWcV@rW0ipL{&2m-G^ zcS7H9O`-+wTANG@a;T7(cyaI3kM8BAa@Bb_?zXFFsf=WQl~B*0_tH|i?ff1p zeo-#&mQ$B_hbTp5XmY>cQbnZ)MN>!9fwt8<1SKuAY9R+&*e?KFO%ITxm~(hOm$fqX z_EJM}&+22no{-LSHzWMYw(~~`5Zh}wGwUDsxxAfF?J524v*&P~1AKxV?3?)f9dA0{oi@ zqZ4+vvR>?d&j5DpCS@&#e(&d9_i@$g786u&g?LN0OU0=tq%A(bfhBQg+UDln7{ z#zaX3S9u6n1)RMsQchZ6Qv#bP-i?T}E zi)}WRK69X8^t?Z zzSWbP9N$QCqg(N*X{$5rlH(&$wH;-Q=Z82Fu{|7QTp8&&Zpn>5xkHD|ao~YMjE0fb38C%&#JSy+0Ge2)LV3 ziZ!c%2l~)yQiN&7fShCstj-2jo1ImtR{Ek=P?W8ByVgcHjc?bw&Ft!XoUn zh`@g$DBL&fc*IIak5W`(lPdSIDGOj=?&hP}XaEqneKb24M0*LB#!}ojO$k+Sn2q^W zZ14}QkoegDouW2*3S9v=FhJ9-qHtF#?Dax&HkKMor7)*a5Qsg5qe67kon+x+QSkI` z)1Ta%Dctl`%`W=TdiO{{b38l~>*!VONJmSJ#uA-py zYz>Aa8w-za&26)@wXyFL;M!q}m+W#EgZ_S@ zZ0(1_J<`zgwOKLbq@joE`+${t>HNL+N-OJ&8(q*#GEIWpG498c;Zyc41-cP8L)5Tgz2;v>TX2V_qFAdiSiV)NdX19ylx;;nvg-1g zgpgh+#vkA2Rix)LLJqvlmq*LR^!={Jpq&<7Ze_7K`T5!^A+D*!)26fOU&gxke14jHMS9>Bl*!oL1c28Q2>flfM`YA#9_Jj=?~?goR39(VQJ~$ zb~P>In!LY&gzN!=;7tytlW)vL-j2Z~1^bcS;o}Y5GYt6*<9&T%7&9 zQ(QZ)IL{c%0YVB6!VcKjJkDJbYFBZHUJHgHB>;bilBksKG6|| zOH&{h0XjxB!QSy`f?W%D#Y19c@Et^ouhK21jvS?Ss9#j}ttkn|8oP`+MXiiZ)iGsw zs!G0}5IaYadvP{1_Zd`x++wzvzxL;#he=%iMT4N2yS z9wG~){ZjeQ6C5*xa{y&Pn!ji&IID?l^9)G%ODf*dU&OTibRduw!vr^N0Qlr3$pGHh zzyLl=_m5Wqa2F$Rhg{CU{hIZ}7he##i`xOW&z{UU1P5@xI{;yNX##{NpG*PaB)nf# z0#mX9coe?~fcI?3baCKyIhO)FlpM!d$-y)P>O>rd-OLG67`ouu!$|mTLYyz*B2Eqk zyrLcJTuMP_cGyGTTkOdJfm=8r@G;K_gK17-m_Hwf4D&Q*n0Le(<{h%H_B@6;&0v^M z8LC=&XOo8Ly-9Fsle+`4?1)DMHli2a`x;&K50e8+*09J{Fa4MaDzq1W!iaRJ|NhUE zF^#ATlet|`sCN1`qmy>LL)}jH%jCW<>|bSAhHGkEgM4@zMcLq4pwOSd_n4WSSbCU5 zJ>{fG^KRU-JHCd$2pMZQyFd9;z+JV02ATdmwxBmZZWY=TcrTzIconaHH<9Dh|Gfl9 zR)3Zv!I9OOh6G1eUrLqW$l4}eAj{(m=mDL?2_-=}u!)3C+ViW4Yg|U2_hTW+R-u!MViTo4fG%8(PC71ri#x7J4Imu?z>rq&*(UESi+dQ0ol ze65#xvQeYzn)TWJ&=%X#kE&|&UK$;=K97=|BFWQTHXqenMpMiwcz61Pc4=j><6ih5 zg@snQUk)&jsZ!iL7^7I>d7IHc#{t3r^+9{xH;GFK%&1n>2lhF75*bcV$vsh4Ba_O&j-sx-hK)jGSz>@Lh3F^ z@W$R(ilW|XZ5hfLeQoU|ji_RTl1B6*D^%Ujk5Nt`qh+b2K}lcB;>SHkXmze{Sx4^m z+d0v9VaRFoPT7pEV_edtkKns2X?Ge9Bm=AX1g=Knd1{}mIBkV71#;MTZMT-CjI;fJ zK|cl?-zGgjzk?O)R&g}LS4`}CVFPUL2s%AV4ABtGj}p+;dw-uv{-f0p6r>CCj}OHK z^RhZ=Haan*oBK&~eH)*n=AJ{pDb+HY3FwwZK$g)loB`X-+Bnwim6EXAS1-ccRwvwp zuy;rfrSRX;|1L!LC5-M%MvLRX9zPD$igxJVK#6fNd{;fUcN~*B%UittMZa;msIXEE zbX)!^yM91O!`sKasg}RXn~F}mt9n`g|98O5`pN$<2h3l7NZzW$%_#>=O$Hw@mzddU z6f=1^3^;B`Ow3pF6;{J?9^LTTwJMSjZ!^LvtPm1n7zakIVG(hP>!Vn&LC_DtyVMil zl3OExG{sk@qAevcO<4_+3VMG$VKnMS=_}aM>G*QS3upUUGxRPl^i|Fp22d9}5&t(w zVgF0%MyxL!Vd&|-Y|ChKI~7ViAphKp56FYmG#`+A;939h(!>GzK5A7Y`MYA-vlCqw z*Ae%%UD5uE@glPhg$oDSa))gZ=(04mBd)0JMZT0R^ zH1}-s(kcfsp1cO-dIYJ%WVzj{Ke(A>!T(e=uPOSXX!#_!91W!E=Q}8N9A0;lXFun2J)AT&Rp2+#izDH~(&*ic&gsMYplKmiUqxH4<=n&l9Rg4wMG58i6 zt)n$mcLjY3(;FWm%QzfMNLJ-Mpi9s-a;VAHg*4~7q1hF?<2yelUWfOsajT;>W`l$8 zCHpor2j2yrIK1q00QM*50UAN?HLMh1ll)JTn!pif;h}O^Q6FG1nq+$~ZR$MY`x^Cs z4HG6BZsGhUFg&|(7uQ27fXbLRg$kgoRVI}BG`GpOEls&lOwiHjF2pbx;^?4+Jbu+Y zgf%lnFKChfhi2vzG{@UD%m~J4Q`D$b{!`TSc!#^+VgHX_CHfyQ{V)1Ij^iu+FFXIn z_t<&wIMH!Wj_CA&cAcIjT*e=AP-ytnD{%XJh_IrEF5+)J5m@kMy2bEh#l7@n;*rlX zS>Yw_U>*Ilm9A%s_9wD-i6CeDBRP9{HIcLHiJbLZ2Bg8P$k?k*rfMQ-*Aq$WjT8ni zAm2&IPd`fVbe_lMz|U;3gR)JYt{6{C+~VI4Skz$je$SU+O@wC4pQ1DFUu^KxN#yrD zB9BS;c<5dt)@4U^mA!dP^=3pL48%H(kwnv$^InTmNYRkWc- ztf||25)!@w*@&ZhQ4hK?e?{DwQ~Zr&=^KgcE+p(|6~YcC1rvkzcfpx|)vaA;GahvW+9bzC7Z=8=11?XMdbFQBZsth<6H|_I*~gRigxF3NoN-?%_7O}i(TTG2!G*B zdb|q>O*r&QOe)`HHoWOOH1e+GBwpQKRBxA_3)!t9duf~5dn2H2G**aSA#*T5D*HTf zA(gt}BBR1=c;QD=E%L8diEbUE*{B*fC@HyO)ga`}fd?UnHRxE&R!LE-^8L-kFH|uQ~YI-uqjwR?7!2M(oXJHVY%Mg^(i$PZmc`8lPjCjh4>!0y8;aSP~%iv6*YkLg8o3M)nqS?*}PX7=1GHPcI?iZLep4 zB3_SgBP~8}KCeP^GAg0o>K}HFqY}Na(Aw@ZIt@CF7K_5Urg~Wav@6*s>d)1XLyCEr zOLJN=$sDwr3b(>$cxN7NhO*P>#DCGH1nh2cCoevnkifUJ7XCuMlHzuSL0*-N*ZlRo zbcH41YAWy!?ynU32OC~YW`3TVT4>L~+4C>L@SAfwF^kD>1^k8)9_$Q3EkNEFS?d34 zn{a)29r~hQ9l4%;Owv4MBG-XR`Ums}cUj2`o>Xooh=)kL+^9eIl99fU)GQ7F2piE? zk{Z+->-qS2hx{qMh{<%1p^&aZtt~!%pXlG&vf@(7j%H5_FpzlmB-GW`0thL6!8O)) zpRrrxPGuT7u=;^r(3$rejWoAc&nXKaz&e?6VAt*@Al?=Be=87{TRjrt3%>TXe$$px zYkg-c`IMwuy{43EKi!2UHYadQv&bHRA^J{_I7IvIG$2QT4B`+idC_W0bcQ?+KAsBK zQjWgipOu~rSI@2OVEQ{r+^2Vn!&LI42GRxLx-K&T*M3)9O_8>9X!da=^82$`DhWV1 zfFc-Tq!c+-wKno3#aGzOp?Zg(X93w)4p+uaB}rC*8(;r(B{J^o-axq7Ti&;LCmIXZ zGZs!2Tbi+X*{v9>uB}|m?$(-VYY?Wx!|#S?*egvXT6b@xzS43xHl|cwM)p&6W|RhR zm7c3Dub2GOPbYd{Op*;2BkkTN3`c_+;Z~^}B~sW=sk|g1R{|0j4 zM^|PjNh}MI(51eCEpX83;(Ee(=~RLKPo}o-$(^Y^883P=rhQLNY)I{iR6c}-eMA5trDd}!O%%;fXF^d(dLd-p z>B)V|OuNL7j>QypQch$B8OlyV2RN~}%#n%o`oCK%-B(~y+#FUE{`fw$7~M1~j(mR> zJww6B8|c2-h{LPQdW_lroMHVXPC;Dlm6%$HuMq>pqJ)h)bSbcv5KURR5|XT?3~ z!7+7X^kJ0af7BZ9KQp$M$iAB1Mw!>TC71DxCGcecV;N1izim!Ew&VbXcp&_DA~VVL zxIVCxm1NI{M74#x^zB`;;!g2uSRIfZNpBR#IVn{(>epUnt!f-S!TW z%r;)$5q@qgp zvcaJq{>rg(=O4(QQ|s&fO&j3sHt7dXBl*+q z%>Ph&6Q)NoecS2efYBoMEGv+e74#L#bjp~exa$@zhQvG+jgDE0%-*88@NVOGWabvl zg!gQIM+KZkGQ8*TJ8Ebz8jS&k`5nati}K*z%I}EL76A=kHk$n7%VU2ksm*<>SkXTn@E5@SHb&8hd_HT8eR79 z6@3Ra6x+x1HTX|Odm5!1PPRINPL5fM2aoq2MO%s>cd9$>z5{8~wDPKYGRw4&Uf@(z z`{4&sB=xQZ+Tn>}RKEZ(> zY`ndiwIk7e-kf)$vG7DI;oI=U?BWsoE`{IOY5bn|j|}>q7fS@3g%!5*&$Plmg`W*S zLz(>Cw!{iE;E^K?VuHR?X*daJFGDvjW~qnW2LEQmza02CPwG*IVrTTf!apSA>tUY` z|BB&XfgC3Oow!lE=&N1y)h_yK7k#x;Uwx;{-b;;f)==Y-$KHz4w&BhXig*6+t>?#6 zPrwf$Hj#ihleop50JOrlqj=qf7YQe0Bsa#b!~GyzY36;%k!tbcCFTU=w!BV_@5Q}2 z0vo?Nweb&<;`b(a_Ua@Z4HtC9*9zQdpq1zW_VeaJuA*y-fILFW@(;;B@&- zIC#zBH^BvyN?hRn+4j=)SQDV1;hk`s>cdWwfs#veoAg2S9G1;rxYC!HN;lA zBWwB0t}(^C0dK1k-GH~%rg%5tZH+134S0LS6z@hM%#-&O1LC+$H~$+UPPH+_DLX@) zYGsI1l?ZVq@Q~3v&tUS`q5q88th#2*mSzQP@NJU4%R zH<}+VrKlTiX4cK>Peo6=0%Q9_*?g#?bW<)hl+SgaKEVcE+A_N5{PqOpm(8_u`b#{> zFG@EJ6(uChvNc|UZc;ZSmtal2FW_5HD7IXo|Bmyo&%oSIonR9wb)Q}akBa#lF)(de zeZ0gkMG2%K_1hCArnM{45HIl)Q37wO^t?og0qsgO#!IA&5-0)DTYiX_i2jgTqA6Zt z=MP-MiY2xrN~~{JLXVetS(L!bDE*m4iOSRxyxue`5VW{lB!3w@xXcsDzP5D9{}=Mo zKbR)Mw!SOYSd7&}1+lPkeXW_~_4`My-MjSjeiP(zxU@V4^2q}jMmiL^M3+Q=x?t(F zM1M{mPw5ZKoluyXR9m8!t;e|*Qo(rdc)XT>rPe}w1G|4Rbe5c;O=s4H?JE&HrJ^Fb zc3zOEXl`;vrJJr3WB&J5kWD#mjJb5vblwIBS>Xbsgu2!5mB0g*^*yl0!Ca%FzQL}} zBX0Gq-W3zgXC?>64u$<-p`Hd9`_wC0&1`lZ`7Q(XxsGx7(n(+7SiE~%kEMj zCrR)+vhg`7RbESh5D2A}jy8FQ0Ya*1Mh`tR$RzR6X6#(ZtvM;QVplnE>s;OIqC^7; zjRdOv3bWxdT!s=GY%DC$$H0rdTD;*k$qhzPft5yKIl@LZZV8BBV*bqVTKa^7G9kjf zx8}0^5o)#M#6IhH4^l(M;X-J$$$INIH+@v zrfy2H>VS8}EB3#@AJjn;2ZDME(q1PA_`UkQ+~1Vw*DRTa03f{7=#~FhM9}s+_EP@@ zAoNl3jE9e)BGtmF(%SA-RvD$HoeVfzF=uDF9RS-V2>>!)zMep>?><5i1z!>MZ#iNW z=0c?R0u@SffNYcX^+x%jqC8>gXSsZ-C|@2gUz${&lw%&5BtESTa+qw-)f)&`Pd{R% zdre?m|MR_-uiw&dG**XDmKx)w+G9oI%^-kGRv+jsHWu1VCE zYt%+)A4hbuj?w-N^uCsD7!Y!V?th5JD|{qT;pfqKg}b9-RbMB-LFj*DGzlEy1n`t> zAbkJFsDW+}QR>gYtM)u848!`*jao^|!fY&l?fGKy=@ImON4hc9?R8@|5bl=~ef{v; zcwa{*`g*0&a>{g;7XnV-KxaUwL=9S^hUUZZ8ooL#Mk~&Q7-FezSe_7D-QjroDT(rH z66Ie%Y^+cLXUYE@9xEH$xtDCuFA&3H_S|StuO9&dGq3(%@(b*bm-PWU;0I-v+>V#{8Nm7 z3h+-3{=qP0PLnI_Zx;L*JQ~A-M`KtnK3dcH(HIssBb&Lo(c(8x{34L21;$!kz@|z| zKk9;%#|N%}b1JX|qlr&(TG4MIKaRv3Kzr5o8MU7-anV$n)q!VxfnG=0()8Wqc#kKRx54=&#svsCc_Y@^M2MB$v1%74|F#i@fLuq}$VNK1c4aqI)!%rX51u0Rk$ zvadB~(UbDM7N2Zx93N|g`}l6uBbs&H1#XQ8h(6r`C5BQmCdB~ zQHKK9{AP4*xAb#T_YdTV62qrJ)9LSE345I%SyMAhz{Vl|LQfyi_}`#R>3BQ@uyCvn za$ZL{vy2f|32zMJQoHvX(#{Uli^l$W$jZHe42XRw9rL+J9#|Jye@@glTGaR5H!1ZE z&Po~X-B6!W)GC!{B@a^`LjaJL9=CEOtG_|#K%D6R+{#MKcqMS7(cD&%^NG~v{%uWZ zuKCM$(0#_*9=fGmd!8uqkt-RxxdgNSoE44UA{xy~ZFF2}qmO+l#(254qcKXNk}Y2+ zjqw!O5d?4>M(!}0`-<%w^xuD-(%eUxDa~~?np>OMQFE_|N@gTCr*U(L10on?gPL0? zat=#v?(Wp)UOXt8o77=*g`$$Lze;MZKR1V)GqS{JE>q-u@2iyNnmeU5ceT-6W2cUq ztLem*EJ|+f4Kl(AAl`~}H=0`|a=KHSD@$!|^MQ5?=AKUN7tA!Sy}*FSq~rxNlorfu zr$wVfMWc;}QX1{rDP@yQKERiggh|@+rKR6e6eRTAEf;N*mVTCDC{jQ!l6}F^>>rDT z-mwW4Wk~t5$!eP88*ifc3z!Y%yj|zm!_J&E=$lh93#LE|tPzzIb0yY9B`+D3*nrC6 zU}l}=E|aZXQNd+ck=yK$*1~z@G}!}kw6yJ8Y3U6ah)4tj(pH2dN)N>Y)b9jsMOxg z|3dVxe}}#6Br19LU{ddn(v{oBQghr*?Qrg$e19hOM$L>kjc#lamwt~NOzFlO=_%ca zelEJPGQFd2JSi#}mDG*$9j!px-G|aYZ0AmqrAKNz&h(UJ?E4(A{Ws#PO(G>Cacub7 zY|>IxF^W%rwwV54kum)_H2oM_h*~@>0*<|WAf?6KX(=uCz>)Dj5!(m1%bRpx+-8CK zM_)t-fbIDovSEK+Hs-uWfBrLAjlQwDFxDritvcg$^R;G3OQ+Lq<62s~0r`weT}EXC z=!t*JnN)q1qOYa$9PZc_(Xr8=(YSmYF~Q{hG}1RsfU<`eSY1=fz)qP{rVPu|lpQp8 zG-V&~e$~sGl2*<-VhmnikyzKqJ_X_h#@JJ;kWONVC$s3pQ=+^*wG-adPQ3N0=)|lJ zJ26RAa^{PqPK@L`_1ScN-y$Y+fXKP)iKTmc zmHu5`tG-;zcu|cm+VXsb6uWo`qOvhfiEMsKql}L&AO8&9E>c+k58SmAq zPcL|%shNR7uuJP~M4-$W)5ALtdo>7q^`KoVwm6_eQoUW;TDZ$mR4=_y-HlrBzSx2MgRGtIxt_yczJm4;*&lJBx zZy*1`lpIfchg01mRN7xehFn|O!14On>wvpJAF+Ux!J3$gvXx71uUPN=u*QQOg7r*s3KE}MFZ1{HxeeB?Nkdpq<$y zv9rfXt!G3+Qe-112y4> zEKHt94$*JL=;yOhC0KiDoq*-tsffhCpqrL%rLo4%LHB++=9Is!`>_CVzv zG(LNtQ`+>!_!?M-@YDZsA3fs~>$ZF78D~|u@H5V*-a4C}aVGU|`5EU>Z{la1J^f>T z#(C50`59+Se~+JWVd-o58JD15Zl-5krTStFo)Fl?%FVrQ=lB#Dv+s*Gb_cZ%e*;sC z^(QFdsJ;+?wPg(J=d;oC=gsp>@gzE|(T*W9ZeBa1xm5hBzcDvU1j9-G-my&`+DVeP zitP^Vp?OMRy>UmcpRo%0yFVs97jpW)lb)+7-zoX;6^3yrk0@meO)P_2YdPfo3N^J* zZ)^@=_sB-1r{Be;V)8h!%o7xexGe<9EQ>iaOohemOvk3QJsz3)fn zvCh5z4^hV#CN_U~E{NS*8A2V_EriuF@-Ih_Ia}qxgko9K7=m$+k7`5-I9thNZlAvC zK2{C3apX}L+^TxQGt=`B5dUmt1>-~J#7Hj1UVQx|Deh;=F<+1*LQb>;#+%w0TI*u; z-5YTzrOPp3c8*Z%dptKMLY{vReq2Mpc4H_<$x>l3LO1T=;L9j>_cFz(4-RC-{q`Nu zYoEqF;3He4qGp#gwN6%j>T|92le}|6v(Nz>~{muC4-cW?)yZ|vY zhG1>!!!ic1Xhm0xU!zxq*)Y;^Lx1#0cil_&VR;>lGTcJC?>T4+sn+Rp??bPi@~ZO; z7E>T_aLENA;83eks|tRQNRO;LlYHeN@LdPCtuUHj4>3k#hta4Vj)t`3+jI+$=4KvE zHSwb2%!EPdCr;3aBr&4re}N;4Uhdm027t%-;P?P4jRD9a#2(v*bxiLtJyF&m&U7H? zmo*aJx-C!EmNQob)QY{ji&=Q6E`5iT?H)Zt%628PR?#F1kNWS0C%hx<$*_3Bdd;As zI>2vi2d*ud*Rr&VqLW{TzRFex{cwOjS7W!7$Slg9IPb$#|X}GW- zlTmZhUK%hU?aDtYl^?+y2;8FPX4HUAT~8Hjc-Uu`5F?WD1TZ4cA~7-PsVvil^cj8M z&c*c&RPM(Zxn6V5a|OnlN!8ZT2Fy+swtq5&?RaHCE-fM8{50=kS#4GF>lM}AES0Y& zS)#L14){218|?gmZ*H1_eSB;><7{#ke&<#{iay~|ExD0rP-+{t{tjA? z+t7yU*B)4it0MQ4!jF$5iM1&xGO0)F21#jfnfJKN|ABSu%5P9q&H`-S@@q)L+zs^D zJxIW~iq64#Xbnl_m%<0lSDeP8wnc{kT(g#7gf>f=Y_7-P?i4~1O}OlMAAXP63gs5` z#8Brlzc2gV6&rjTNlV3$ePl|2P2LY>!qfygwneGWi|PC=QL)FUSn8nS-=tJL+NhZ5 zPfeqS!ok1LhG^?1RqkcNaKMt3NOS7G!d?1C4KS+b4@yy!A}LKYB?t8#FK}&p(mAB2z`EDMndjD)GvdX-NxlZc3FH(9 zu&)~<4<3m1s{bc@D0l`f5X@gI`L9w?K>zI|;N8cX7+rAAakL|6)6A(qIMgGG_K+UA zo@~cN=i1!)M+=d2hwjx&FNLrjQXBXLedg@BjF(i^)#-8QY8o$~Z78r+pT(CJA1-d2 zU*g32{w{wMoeV0Ym{$KdM@X>Co?YCtN=IEEGUi(B&st^!Z5$Wk-2|GyJ!ly4pO zu}+F*J^=Ryia{k7#eR%YwB-! zDDQBD*+v7i{gyoEci7dp{xQUqbXI$x1Ui(PjCz#(lZyF!8DlpB!UT*Py+^bkoeALf zT!-L$bRJ<6Z$9K^m%)fSNBx@Uxoe`ABz6#L&0u^NWtbN>=fmZOY;Yr|+Tur!wA*u>{sE@{3e!L5^v5~LpRFL5e#m?QGun2^RtW{(>t3WHIGw+@R%JxRm>}P>APtv+3I;(9*0-blqhf0zh&V9i}r9cpK0AT7@_wyGWHS zT?vI;y(k%lxN+WQnTUnjqo}*ws*VoNUcB8P9lIiZ*@lrGe4E5pc@P~Oo9hf0RcZx~ z1(xh~ebnt3uM#Rd#(g3e{6$Bk^6N?NvmK8FxB79SrE86rW^`eZqq#QGlDkX76P8*L zKR|cD^hoQLA7Yn`*@o+{ORO|hAnCp#O{astt>!tZ$Oe$sOp!D2EUl}wk?3f74*ui= zP5G@m|6@8LOPb{L<=N!RX*cx|0Q8amLMdK70GU>aB`9DRJ-IP1_(F@%1j6tq9w3&Ygk zoGB)ufgr+=PM(M@D8SRY%dwCv973cf7cI}T;vM(h7_HG9mQ{Ke)#@W=X3_6Y;Mc95 zirjY=4W)Pdn4YC9N4=-fv+EK)Yrh^pJwuhJEXf>RlKN}6p>V|5D?cY zH$_~L%9l~J5z)`XN#Qd-@C+#8bS%9tlK_e_TY8FPSe z`QkLi4Oi47u6)0kw>YEc|C2R&1LYYTXxXjgr7PZ_eVG(5(rrElhmTY~l6;>+^R0Fu z$(Z29#uass?!%($F(@W$I50esnnj1Cs+%x=NC)d@IQGL_ljsVC5az|=Qupd-XHeic zv_aIL?ra3FEU!o1(CO5<|HIm8oFUc@`cuWbi;kDii>G2SaY%T3%UTy`OCRtcuG=>9 zr9rzjT`nSFw)E7K+?`UwD{$gaGA^|uY%cC_#WP4T2!$6o2ki7^uklX*pH4(MW2sAL zU`xkv1D}o*pGsPL+at$KafDzj#htR+04pQ}BXD5^TPViRF4`$A-`$3Lv4$sXH)5`L zZb5YX3D$l*a932Yepw$yhJ#kGus|CDklz z&oi`+xy?0-xmH2W?s<+hk1mOf4&;YBIt4fIEfpZ?Pu=P{v5@@#gQ%mX1xfr?3(x{m z`RBy09)n>p%iY>-(ak^)O?@~;Y#^rIz-Z-9wqQ8-IP38Tcy$FVU7>i^{6hYaL0lYe z*ivk7oGDX+j-!7;d7K%a{Xa)Oa3aBGR+DVrXOI?q5Z4qfM(P3pbWEHt7;aijyx6Km zuyAHH%93L@;LHX^avVio+JMkv?68RbPm$XS1Pmd#y(~9bCgxVVr+edy!O>O6mVG^EJ{SVxApmCj`fM+4L-;Tu#H-BaRbsG%S^8oxmAtHx)npU`z!vX^|eu1^y5} z&UrQ>Cw@r!y5WZos(U?N9o}?CYJR|#yf?AcJ^kBn^Bpho+Wk}nfVpiN_8;k+N+@g( z`weVXn0z=!enqWsrkH@MT?A zGG}2d?k{_m3B9TNUl(gVI*~Ws@5Q?|A&X-$Rw2))cSR?os6Gg7l-l9Bs7|VUnCuW7 zxj|wSq0k&G6t?7&NLgA}o{PM&uj%_ac9oyq+S|Fp#!V`Z(L{VLv;WySDf))a!tdAy z{M8EfxTGz%k^S8y6v3Y}dwV#gwf~?x?WJGk*n{6?*rl}}Cfz!<$$=S781@cum;O)$ z*H)MyW2X2-aMqb8*xde@rwG>UDzT+ThywwGcj+$esoWJwtUIh2;Q#-J_t?Kg?AqfK zSuAoHvv4*{dwC*-R@VRG&oafqu-fMBkvx2VAM{wzG#%z-j<2;?^50K2GA0`LJvu|e zNs`LZUyfZ3yY3BR{Awqvj?FwzE1|uI}|ubezD;fL4W_CHGWSIB}s7cy{!E- z8|ej4cRcw2Qo3HJ8egh<8Xt`8&{6}XS5SWcF3(z7eYzphlAf1TxlyN7iSdQ2o{l8f zggsSBED_fkNbHYWlH;oJwV$HRrvP=|%+4~si#wBo7>FC~W4OS^R8$kU_!UQF5gG+} z#sBQ5BCd2bZT2nFx>6M87ViHmVtL8`mRWcPrZrwg5DVK}0VS8*HXkbEZS@pcRe$aB z)n(f?2Yd@yO65S$I=QTd)Ow&JTd^ZrCdM}%jW^}4nXEE!6Uk@mFk4Ddw^p9pDhBak z1&Xz>A=J%xh4~A)o3@ctVY=M*NQL{AqP29bz3ddnFi6s7kSB1|SBfs*ucr}Rey4C( z_p^tR@9|InhG^%Md;AJ@W-*rlpG~#2VTxT7xZl`WiR)k!u_br@f)I9_GrH);dqE;`{*yTnpAZI zy?pn@1^i(rDvF!N#}2>~b}O1I9;(rN?OjUh@oqdpR> z#C@l!1gFLc$nQQKr$Gt4X%p+j37@n8b{YL6C*lc^zCpl!87=z5`uNMmDWY&JY`$W1 z2bI8mtAL1;^5FDk_k)uv0Uj0(F?@M*Tnb4%+jOgdW;KmK_?^cjSuZ zD9j<0b(!mcpwp$b?#o(27RkR26*NL=l0VIGn{PIgP|fo@Lwwq`bTes&Nh^bR)h?|K z(qaRuQc({&G^foDi21tTu=a{wt@E|MAe9%5T&5;ifzu(&!y-Cs5 z*;uyACv%&=>_&8DT>I;D7@4hZ;Weep=)y?$)fEf-i2h@!=iRUZ8wLkCJp?CtmM#yQ z)xhpLSGCtxbKU!S6fYiU%qH66HTc;u5S77Rewf7P<2d~(Oh15P^~#6iG)Fu>B_Akm z^cTkgOJRZ1@E~jf?1#>xRrrebOE+h+7u>Qi=13}| zXceu3@JL%qHwxX*bXMRn#`4MGAwOvE|5qhV5{;Y);VE{dp~k=$gF9or{{3vKLPn~C z--N!%Y!aJS|DFSK&ZP*j{<9+7Yaqi%-npC&9qYQlnuo0f6S5a^+hxU!{5NypmPUcy zU_-?fUM%ds@)B66jcT3#x}5^^Ev!QJ(RD`ZDIdC6vydf-(6XYIsUS#@Q0vI6jV z`alN2<}tvIvHQZs{C0?rkU9XLgNPhF8tlc2R@RUyE^r0WrsK)rQnwPxzFPtAbN6_L z;U7(gqStv!L&2RXN<;S)lhV)vIDQS}&>I(41Vyzdw?i;4WiYxCt+mSGGDD+6R)32l z(BGR(BfmOHC%Wwu3b56W9d(x(8Wq3_<0$ptPR8TWP(eD69x)t+-8WkfrxAS|W@nuK zLsEH|!@DYKtq8-VsdJgB@pRJ%PiH#dEta+|j(@O<4|V)uUi`!N)A&P37=e5tII??@ z1Wv?|!9xQ*@S|SV8QwRGOJtxlwP|_!ySLGb8-~a5W~$FS2(M^;As}ETwWnY7u1_Fv zsRndQ;kLC-PcZl-8ja*9QD;8fkZ?sN^LrF#)Ch^Gi6Y^oN?Cr49%AAzJMk#vZY=0K8Fs44H{q?;kBKqPJAB%rZ3 z%@j$0=cEykR4S5IaZ+C(URMhcvCkZ=JBC$1aW=S6OQgY~lG7f)5t<`G=V9 zc}$R}Ba+Ue=)emXNQVM~yi7i^&hr;hXAERy18Xg3%js*H4dWxj%Bj~> z=Xa`~#sILS^pzv|dl7;1krCZ*dy=m7dppR{MfED&HF#eXVI}0(S`GZ%kz#5x>Ap`N z&8v$1i8Aq?qMe%mLHuZI1+={F20GfxDD!=D6>Z7v6us2RH>c>O0?E~C4_C|<@+Ekj zY21aWe`d-H{cj>-Zd#CKLPkE5ynse~*qMB?Cj5{a>I!%$Um^@qQfdDg$ubqZgdl21 zF%I|$X)QMD8Kisa9gXKDJ79M5-MI>s7#*5N^_^q0IE*KrF4_xN0SsSzf|PTacc7)8nREc*7J{M0mXf4lXIWV<@RVUW7UbmP^{Vs)eivIS4j`4$7fdBfC z7vLm7{iURamnMfxTjNf$9GZ?IX`-Zr}dZ zKem1UqKmbkicc_TiRi+cuvF1fFzERecH$KT!dYth?dbyfVSHAZo+r7~bI8Zj{V@Z4 zRH8?<@hPb^nDYYY6tV(H(^kgkrG-|5fg>*7zwRCM?=S zu!u9NpJ8vLMvvJ4ZXzL)^=Z<9e*StR?nT|HA7t9XB`8Sp|FMlb-al0h^@_5s_&Z0X zL||G*$L-aP_4d_OhTTfL6?b8LUm_X6u`v zy(r4UhS{^xlY!kPk14T9e?aCJ;4==*a3Mdv8TrfF9s;`O$q{93FTtcdF*Q(z+J3%P z>!KyV5zfCY<*q4^F$5B3)dp^w=R4J9(RfHWb4!0@9Ur2MJ)f4%+s4NZLi+X@n6a!4 znJbS{)`qfeiDNhhGTLtCj}K#Lm2zZm%G!|E^*#U}|0YUezr43Y!d^;%hl#g}hg##| zpV&xw*m8j0* zw={n1#BUb<>C8VF^mD#_abd8m?QxvzKk&MYUEck*T)>yB<`i7v}tsGH8(bifQvQM>#Tv~6;KMM0Zjr@;5{^%8mI&QmzJbIm9 z(pwiT#4>%D(x74`Sj>jSa-bObkK^Ljg+{!}81xJq;Q~FdfE5q??{AOB+Q~dRv~PD7 z?sEFK+NI}e@zQ%`E%d!udae$DhYV(M`R9@!Z`GYupG*$)Ur9mYi)t6%?dBjozBaS; zT*w;oP7FIOdGB0v7RWn`jMv~{-3dJ?TSBRxE8+9>tK8ZAnY2EyfX|xK;%jOihhHSW zo2IQXGT8{QNj{!!QV(-ADW|KuusKg(ht}C%)`rze{v9OC?Ag~9+Xh9Q(%Q~Wb(`IH zFx{zcxBI@#aj2h%j%3Jzaiy?ZoD?E6-R}E3TM3L?1}XN^wqm>VOvs*dbaJ|7uibar zJmpf$c&KNqVy;K^w#xU=Ld%}*kk&f-0_20oknJW5i9bwfB3}5WN1DT5S&w96cU-W12(hT*q zU^``P44UiF+d0{+!tR%rqM=;a-jjs7YyR`^Z_?9Ld;hSVWS3fr1s$-Yvk@KE5@};S zOQ%|cka4KNke=piGCS2;dnnq;0jFAE+$%E>n~Yi~o6n7peeG2D%YmQ#VFsF{^nb}^ zK0e+a`_dt;>)BWK)u!>+C)$10=%a-{-qXJ5TKF2P<&TckkFIcSjDect83Z}|_l;&d zH28aof`7Y0yZ!sR%4$sl-fqdc9Y)U@5q%WZWd(Sn8-Qy&)DFXL1xW1=pnZ`=>PS7S<)KDmr4lJitE^3s+H5hJImL@io zwZX$6u}oyCq(%;RV(wuguo4qV_D;@HVIu@(j;?Uu8Pe2H7yJf~^v;mYiq%EuXwF6@ zFe+2duLXwb2Zckl-{zqkl&VD&?C;TT3@rJdM8S7&kMp97vFsJRm-3g)lk&Z@Ns%KgGiRy2PR@a~cbZwI<>`Z$ zL@mF;OXTFs5pjRc~DKgqq+N$S6janBky&IW|77nWackL5Sf9Lj zq}y7KOSW-ar}l@zp1@m)dseu7=PdJYw`&q$1jYnj1=0WkJd1v=v_%&6D6GOVjLllIjc!@SSxPlw0T+V zPv(HW0w2xIsFLPu^x&09NY%~&Xh4_0c#(>X!#N0W_7exI`kFk%$m&v$d4RDC@ahPD z!ajstSNK2dYxRoLwa2@8UNm)R@)`k%fMq3}FZT3n4Hu(LKcI0)3p7T6k8W`F5FtU3qIPSx67K>RyO|n z*9yM%PSPe?RB9VIdZ_LgE)jiL7rGmVX`)am=4Ni6L8=u{ZeEU>Ru4bXOsX81D)m{M z6geMbd_&d-TC%=+kGOkMeY}YGk(Y&5eaL|5cOYG@@g2;us}1&$o?%x*c36~fie-;2 z2F}5e6I22j=4t&+?)2Px-zhVYu9xE5rMX$aRk+MsT)r~^fgM5*BpueNv~)2cC$y?Z zec)%U2AqCR_DR_b@m|@}L(^Jem_;F}Bm}^P$0>oXS1RgBCI1^)b<2QX0dWr3bAOE( zq?T(S7fpy+&3LbwlM?^K7e1@xe<3YBMV51MV&QWfu=ma^tGBjqfwIe1vikRr%|svzrms1H_Bbq1bdtFdrAPlJs>{<;M7f=IXcCSwu5&jn}(yJoj$lK%Y+$F z+XjZYaA@R7aWCM%gJNhOqT*fM{{52Q#VNjbU-9zgkmkD0fyX+CvSJ zKT32A&iUuqM{Eg}Uj8>7VQ~8zGpq-3G8m}R_Zj*KA4Yn_KHWpOyn%wGb%nM2Ev@JG zy=A_4tu(&tA@MLBa50Ot^p~hH^X?z;i?pu^Gww>c$PA#Nd?5=gg)=UUTXfE? zeoIb6p^^=_E3V{cY$eigU#vy|tZE#)nlCzoxpo)_{v zTz3$&Hm1b?)yj|=!68You)NvfGJ`phwX$Zf$#7c*Z^WmtZ;=0apkp?sL+S5%{D5JT zznw0Rmdw`5hI@r^UfP1ezD&=#n+GJ_M4jD*t*|!r=llWp#7Da86e=Ga# zBbCgs{^F;2q-?^IR;w6JV`$BkILv0C+l^C_*;%auTSLM8cw%|YK*LDoZRm@lH4RvW z^dt`nj4qD~f%0YkEEemABN-H5%6Vo3U$O1e`#q3FqH#h5uOTXVzLmTDEp>UPRN0%l zOe4{pXH@D2a4E7{(Lhfe0PP{}6ghJ8HJVf!P6RFZh*j}z;&n{E`m`=^d{<|Xz=Emy z&U}BnWue(b9t~RczV2v@=zBRIV*q38VX6~}$4Hn%b5VY+VuhEp1-f>U%R)(&{6|3~ z!QTlS`W@*8-n@~6lw-x|CZlq^tBm5EhMeC9Reg}C>bFppR#8t0NxeZqdvvUC6XT76 z=<@}+=O4y(Ca{KsxXp^XNdAVjcyp$Bb1X@Yyv-)T6ku&NY4x{C6;HDpYwSC%9$rKd zl9{RXkx~(LRNI8JAcw=a6;Tw*A)?SLV?gt9-%8D9`q%j+`fqePKq{{2L zB2pdfNdzQ~_Zcn$7@|t5=!!bNU62V~tE9)&ZNM|x)q1~TRF}&8&jZRGRXVPItr4vgtUT#r6?B^Ur5@Jd87fV7IcJ{lWGwnrD zfw>KK77-?-nN1r7du;LAQ4r%HXOuBd&-i{^hILE+rKb46J@+IHnqh<^kKUbF(MiiZ zDkr^QC~5;lUKA!LfKnI~>9bPP6YEx{$l!7+BiYg2ym7yXqj6}<5fA9)M~J}#xL+ae z<^+z!JF`o1RyW%gqMX(L24UEjtqVnz)E8;SHaGK};{oi@)>#n1+GAFS>OBK&l}(7ji7I&_q* zEhk~v40IzEuGGcQwMuMItt8@AeHr@_uEaA2cd)h`Kl-4a8ur=&- z3?gEtS-~B^SC|cQV1@(EmSR*4KGbX!MQ2G4&FO%R4-6TqPir%ZeW$V{-!|Ivn$`CtjLrmig#wHREehN zn!DK72A%n<$>;^%6bHJ!OubM#?!__D3pmu#i_*=|ktqSom9j6`6?pzdv)$%zT={i& zEt41)wZ>JnM|!5ly3IRL_4S{Nyz?YW`%lAEUk-n=w*O>PeYtbdHU}10xT~U`Ll&%T zOZ|miyCv3ZLejdv3Glssy)()dVqemjN*j%p509Ss4OUsSr?iUG+rrg zRru+@5OWPT$iE(?Yv`~n4T{QuhY6P&?5-17$)NNnygmjpY<^#OuO_pOt+3Q)EON*U-;990uVdbbIO2WUCymC8kx~=E|>;mda!Z9agl-R@7N{7u7EW z0=$-}_2KwU8zgHt_%>nZ%--vLn-ESW&()BJG#83CEnbMn44P{wMHN-_a=bIXEGwm# zukl5l0Sx7gnZPs_xC5iofhQX6GH+MZ7pqv5qE8LvW&$tRq?mUAGd)iZRA9Z3e>OZ$ z=f}D5NC%zD(HsI5OawR=;|DKGwBV7&QFxVK!JIr=*-y-YUn?ZBILc{*M;1ppv*D4& zQO+D8N;)?d_ecdxrkr_-`pzoq=zY!bi0)8UXchg5$*@R%3U{bIPrcMO&BUMly|OlI zo|6BiTy)x{o&}ya>h^!<=_98%!+3zHpW(3%WzHO=`@B;eaSbU^kgfLtWeD87!BQ1SKLY3Snjz}k3vX_xQX|> z7V1)iXybolGQ+^tbAZQ+f;g|_gu?T>k|fAIlWsS)8M9@z#752_)8N#MW&+JTdm*Bw zWvjd#LY0cnSgddVngUz(xJU>U^T{7LFy@`jSOM3#2=!fbz zunMKS9*=0(2*8A~9rEB-X%M;-bZMR7d~Vh6xeL!{ozLf1IetFV_pz-&iz(WY>3Bx- zh1I`i;Tc^KKcg$?jIQ7_nmWXMAV=Rk4VZU`l_P}D6T@|>pSknjSG0GkIFc_e4p;sj zchL!{vIXU%>CVN98iF~7GgN=17^Yc$2@9f^4|OB0C5_fmWv^NoCxV&Ac7wx-4L}-ub zRrqLbL^)`MAqQQ?a?t1yV>X7~nap>?sw;*Sx5n%&{Eo*{xC{0CYve%BmCUR@&vMEc zfTZW!q#h&DUI%`{6>&LbMM6$Vj5iRaaXICTY*)1*r&QFmaEXvp&aldAZ}yvb`(T#aNirg5zLM#*!qgXm&5V7^0gqzfA z=BtTZR+sU-S2TObBoz9#9y=&YB_YT{sbebesE{hr4pUp!N}L3V@^*Q;0Pj6vn@Wkk zwv2aiXwrmzJkcgkhO@9GItnAk(`=1Yx1v#>R8lV|-TcT{!&W(9k%0~}SR)EvA_~HM#(MRmvbbFLjm3Rh!A${?v5~|XFA)gL zjqrt0_gbtm86&fn#V`t!D)z8F;695Q0J(9=5AASoKe?zDoiRuy$I*z+<=bP5UMfDi z)X#};d6^7)nAf{l!w{gc&N)xXE!X~o^)cHyK_%n{&A z@dc2dtkTy74@CBu4MYQdzLtf$fK!^Vk9P9^t4PkEu-1Tmbx_d)SX6)gTRJs(v;3Wy ziBF07jNCJqrN({wIq8J%YSUV>2paSoH!9S>j3(6x%5NtnRx zD$Q-=rITnEbN0WrEua>sDj1yl?Bp)Yp)Q>L5nbT674tjE=TlFN{?3=ok$$AF))bv9 zKJr3jX?0WdXL6BPq-3)RXNAk$N~d76zOX17Q_|PY<_$EPR#bE3L7Kl>5}s`4S}+0= zA;v&bC&Vxnb*pQb>JN3=ZEy<_Du&Svj* zS_P8-0oklBdytMYKpp5R-97s8T4ZQMAe48U84ozia682I}~AeBk<%T zcuD6wykdFSO9czrsf5}ns@M$XZ*50M{z!Vxck1a2~vU04ZJV(k9tl zVP>Y7)@RF}6Y0VTh%F?7p7%81;zS{JNjqaFgBUbu7 zsxLt@0}UsMsd5Of#k|1)dAK3VRR@w*Wdq(4nNKR_FM;ZX4f$oVn2jl<$csQ4eGt3+ zE)VN19a+G?&wKf|(}Vc?!GH62iKoU~McvM-l1?@3P;2bf6!AH`)7e;I3}EjDW_up8 zAu{U;T=UskNM3v$Dh(aCor{r|GPGai=YhcJpSiX_Db(Nc8P`!Py&R5akRM+Xccpsc z!onLe&&7PLIZxh$FE3I}-jDJ5kKzOAY#!=~ALKyB%)j@5BX``le}Ny#(Td-yx}1yI zk;qjH_y&3{=6;~WaO)G|_c3pDUt8SDHG_(8Tqk6?GGhHP7f_5~d<2`S{-Jp+nG>!c?QFlF;K~K^IL`ptI z;7Q9!-7>nM71r?}3rh)$YZ#^)wU#qm%ohfSruK&#tQ*5_g z-2(5OV!IWwj-Y|HBT)^h2_T?F!KD5@#${kp(U@sspI%Gs1MrpTtXkT{r5oGcX%Vvn!6|)X7i=% zQuJVv6`EDcQ;rvx-HBD2RZGGxnq-Swk2PbZv4}Oe{B3?;hzlt$ugNt z9p0xV#UD~X(toxZr8}K)HE%j#HU+B607?1UIxXtFVFIb-ZkwMuE)30jhoRmVMVr2S zY8xtM*>vS~EIcur&Lb557_nXTXRb4uI&3fUmw0qDx zpaj#?3tP$Fa5kof1C^)0jh*qeo>`Dt*b+g{_kqe7q`>q{NSPj8h7LwA)t|nrlPTI& zzY4$;&Cs7s^m`Nm&UH>y4lu(W~@^S4BQIuZGYv@&- z3V@lI$6zECe*O3;f@4D7`R{Xad1rEbB7MUb(8?+!WX1X4|91ZORQe!KShcYh-A9Uc z6>@<$Loqmg@KOHa;_$>9Cw=H%v*}$D72%;$X<|=f3Ckxqt`7tCj;<`{?jf9f7o0>C zcH618V)Eb*DS48;>`W=HuDk>ZKk4L2UH(8arE#b{y zia2*|`b@bE9si;{93`+3VV!)>F*7P;NdB$jrid>1u=7GYWCN)fSEESEzCIJ?K!5m< ziHkf>uzx%^FEQ5C?CF^OM$YbifVo-sY%*zNi}Td%7R+uF*~cPBn*Z2)A!zIUgV}^suGy2ZIVM<>pF_4NzY=9Wx#3dAbimvkPj1dS2Xuxghf1${sw3GX>w7r&1ln~;ZN7g_s%#Yn~#Z)`n!zfa}@M*c65U+ zj?d60c3>D_w;y2Fhb@dJ%9rNDbC~%g`cg7|y zMISE!KHQ>i?K--PP6lC@24)3cB@M(a%~Jziho&NCeP$hJp$KFb25#9lg2b!~0(UlN z7@G>*Q>ba+LZsnS`n_s;=_LX zqxj14jK$rSK?-HvT8E+U7F2E{_b@Ng&^>)+UtLC0a^3dSc^#b^AE*6!!n0}TBjxv} zfZIp4OWzu{uXn%}3Urfz-_m-P$>{U989_4S{WCE&gqON7=VtFCXo)(|L*j*=IL#yL z&LER|1E%j;aE|t6cSuuf3WMl0OvZ$VYO#{oR#8o-1tZmZXzaHz%IILopw{Slp+nJr`|*=RmK6e;-04_!Yn_p*(tl^BO%|*wsC-=(}J|8i_X1 z&3(Bt1SQ9o1xwJFS6edM0V_JtZSYknff!YWqR7kf;4L7$?m*FR;r`@>dk1-~^KYLOC-?h!|g{Vj6#u&(qkU{V{qr;NH9IQ+i)FMfAQHNFna|FZ0E^-6#A2 zbUsQm+#OP2hQB>|E=E?yX4ZQ!EbsI$^HTT$!I8Gt4{@lq(2H<5r5D9ha3(_PC;FRE zyHPW1RGc@Td+gN(CbHY~bisWz++IC|4_2sn?a*jUrUeN9-H7ZK+9TN#s>FeAf5{_f zPH(}_hFQ3jHsofRF0|e-Y-yIF3g>ymqng=X&z_Uqj#&=dsU6s;-XV5rU2)DF)t+OQ zY$o_8Lw*<9_{qishkgv=ehiEEVPEQ6he)HEMrjGS(;JXVprq)B&>{dnV7IO{3 z;JLG0u>&j0QP0w065+Orj{*Jc+^0BY?+mV+I(7tfyq`IrCq{Ien>2S;Nm z`Y`R@ceQ)384`a_#kEHKG+#{)MhHg31&TEyt3aP;%f2A6k&=wTfHg>%XA2i+o7tg5 z28A9?4*$@xzm$&@LyOK8m_Arhx9TfJBjaQ>T~Q0TkuKawx@Z8~k}+^C?A-3OmdVS; zRSlg@b*arKIXE%K3xLN<{ES#owP&A)A7TE1nYct&w~2h2v3j*6+mnVD6P;&8ddGe8 zB*jCPwaLJ#KnEwITR&^N^DD_eUy}Zj6U807iH@Tv^KKONE(y9Mk{>te-HxDz=D8gc zu0<2{e_l>T?a$(m@g_6Sx|IDL_4(Ct4OeY z#*8+-lH;Q}=&vuQ&UuLxc3$dva6us?Ty`z&uX`W7|GtMkIrjr6)CbZAKMWh@A)7+M z7NMzvOAY--B&|2(kjoPaPr3Ivd7!$F8j&2wFWAC@`{pmaZ+=P(7pdJi%iHvY$1!kC z>|~>}Ps~B_x>uPm60bWI{&Q2{|AC_V$)BFOvYu7IU@GRajo@thd4mIJzc}59&x5MA z$olWo-=xP==*0S6(vOfPG^!0D-3mN8&6&Cpou+u7sB#9YW`ydTHMX#`RzM((5crMv z{(BdW%z>QFt&q0!zDMeuyPvhhZ7ijmA_U)cLO6`uLb~Cx%yp(ni^W`MQA*@;w zteO>a2E3gdRob0Xl<%+ zTzmb2qqNo@hgoYNbEKH(A(*Vjc*_@QRn}HEiN-%xjK(`?*a-RLrzq*7;bYCzaJsYb zkV9>PB{;XECD_6Go0+u!C`e(QOZ|^a{lKAZEGEX-UvDzhGWD3+7UCo^$)ZQ`9e& zz7g1itplgnEqi^G#Fy0$${$jeH zFnezHwWfI&!uBB-*=^r3O#ftPLle%W?XHNDD=wVxo?mf3yd!rOwm3-NdFJ_w07hSEl%F2sQSQgE1mk1LuJL{h zzNh`R1w($SA33ylrt^Ml>|no5_*U$W1#YJ}R%?ARTi(pa4{@}W6p^IoNk#rsclyb-F%i50=p_p@j2 zLoW3QwE9C*2jUy}s6Hyn9PFL&>r&sx$ETZM!;p*1$V(#Ek*KlNj_OOBcv;Ng$gujZ z!|{^8Y{ComI+t$=?AObnPxTar_nkwmdxAraPEG7VT4h7OreVOg3zD+SH;gHgN+$KT z(_!xIUEHQiJqP#zmx4QRA9;~=e#0Acvp8j2VK2^(?@M6q3UHm};Ywzoy~m(}dXgG7 zIbryoUSA#p-^?@+YY84(8>IfyHTK5o-bf6d#|<$E8t=SJS1Z6cEVzzA(mx3N8+ zh|u=L8uWv@QT+vu1C;*>;PmFRV^8E++NaaSKD`F_>0^QkecW(C%=H`kUo>p}KG-|a z2l$8%tZYmnj*8~+zPe2a7qbAUuxN2^e=cs^MK^BbyLSHwL?;s|uvkYGR*MQdVYag= z;g->!wCvkFbF#(P0d)m_^|w9>{YB@~k%U+&3Nap#B%Tx>!lwoAWhF1$-OH zU5m6bNR*4_uNFHbho!Et!eKA0K?Ol|hyHUoFV-6;)pk-@d!vcfiYW9_VB;%7=FW>z z4)`g+DG9sLP9}#jdLs`j$h!!3i4&HL{|B!3VQQ?+rG5_d8Lz7UR$mh%5uNJ$1`bV! z`jP$dQ4F(aY`-eFhffmW*Om_GX}&hR3MCSR{_UkRS% znjhQOPaLETx)ALq0|w!Mb@Zn?yt4$X;b`EQ(BJx+(Pu~mRxbef>!uVRuQGn3+>fQze-R7i#Q!i>!B;&Q|Gj((VV3o%9@jy6 zA+LYv>voOgbmTu2Hd#}W(W;b3m{!UQu+r^HGI{H93-kw?FUCWQby7(oHGp1Xu|xJV zDQ%T)X}X|3(s^_?>Is?m5Cu*CjGF}8c2w^|sdwhigf^xNE!blG!(fn;uF_1cvDmwv z$uiy3ok9l)nhFKDGn$yhz&a}*Wh!GoCUXp2{nBp;QP(F|_)k6n9F6FSy1o7pJLh6q zr+(jmphjO^4z9xs_B3%daO=r-(=t0n-bwPoowFjFKkt}dF}`2(MaSQ7P12;OCkd6i zSU*VX&C`$WkG}wd1!D#bi?5zM<;RK z^WQ=BxuCu?BrC}1#r0K;9Kwz`KCx36`3uyS*gqS&_~%a#q05t5a_sUFsN;kG;*VAL zbGbL4#%435kwa4btGZ%M=iisMgJ%g>v4E=R_Ceu~hNr`TCyk%Zi;SN<&EqdL#_zh= z_%AR&Sl>UmzVB90eb*(|cj5U-)d#$vtN1rmA#1&k7tpmHFFd*3?L>#=^SS(^T>h;e zQ$8_2JUw62$&+y-jUr|Ch)pSgS{moNBVm!HGscPyv!&DZ?5@~PwJ!oOe6 zz7n_Hu;t`;swDs8#<%*%bIX!yeA0BfnJwaV@kL2?^DV) zNE!MGru^j7PbuY?Z^@@9#T{?}Q^(CYK&hv+8BP9Oo)JLuecap`uk+nsp|=e;5ZB$( zqV(9R1bTh*J$@Wuf{)Q*ka^NE%3N?dp85S#@ywG?Q|4z+VRzq#)&|IwGU7Mu@aOVv z^fu0S4u5{~U`7`-d^UNUz9kJN&yA3MU$-vU^PhIdpK<+q;7_;Qo?WnxZuE2co+~gh zW5;FqHcr11e|{1g*2Uz|-1ScXR?kqVAT)|9_(YjGES;{5Hvnh-DViq$Gbjou^Dx>;94TboebdJeiG!>}WB zd`pI#Je@anM^f)CPPhsaPz^isCr-%21Y~6*PjkW*n1BHmBc+^>Yw~1nLapxTe0Upz zZ+Ptz{RO<`;2ZKL(OcndAij}}s|;`b@eS$B=ne4J7vIRG%y4+i#y1N^Yk;@j_(pzZ zZ1C381PmqQ+?2+_z?$tv#~jjxJ!C&a{#WMs9$#WJc_ld(mWx`w&GxsKlY+i z4r$_EhqTUnNwp9@rb(4=StwrYlAeA;~6HF65lAU~*r0Fo{n&Qso^YcYl#oELF;!yA_iM!b2l{DmzOwY2{U-K#oX7 zVos{;$z_`G%Mf^2ZG1&vN#w#1zvLRJ7}~C~DV@r!!Y^0AgKm7KPI_3X;UdC&BCOWwdCaZeW&#^ zM|o88%aG_ap9Bu--!M@Q)%&*7dD==tpsWp49fKgjY+~{Y1qO?wNu5ku_W}Y)qz0Pn{An7-ja8l2u(Q=nEJ4N#nP~FlY=lRJADe{f6-JV4?MX4?*c6K!;7}FL z#;_AN6xZ%hckaeSJyx$eSHZ|uC|W_-xf+*t;ePlkjC`DhtirOpNp-#gT!R)^O|FyI z^|w3J#$nD@Y3W9eP>6qK($ggK9t{SrMKIDW%b*p{1?ld>yoCUgC zCshq!HlfO~%sgk3dgrn#cI{IIWfg;^Y$q^DV3jLg(B`L0N)Nst;A8ZSE?9`cO&X)$Iw};9Ajp!mdcU9 zj}Ed2CYZ-KTdTRg361uRv$8G6?gLmK5M|Ij)DEA^T7QE6V5Mh6X#WSVH>J^Q zkmsh{ZS~&i7~*X9-l{oYaR)|K-~`E<$*DG$RCO(#SanM&K;Wo7AHAEU!D>=U(;Vuo z)sgAIGf{xotI%tZQbzLSWd7`vlhJ>!DzkEJ-e^zTwyTU4P$$|ih@%4Npusxu73&Yj`fF? zq0E9E@EbF18qcgXvi2hFfD+X*MOt@fNgC$b(mq#UrdiS65nHAI)aa{#%P%o`1_8I| z-zBXKZes5^`|WB?;eJBq5%;NB%%z#-fNXK8Sz!|iGupk|H&E6?=kSi9&0c3&R&1x0 zXb(G$mA~um+6@>Ci#*oqgU=o& zc>*A&Yh`tw6-cVRYPG{F|@RSxY$|KY2TMgO{jn#!d=lWvbs%Xt~;ceiyBeE%Ns@D z4n&VH`e&!Hk5JYIZ6?(W6=vK6^+Z2Q@&$`-7zmD1Z_xQvQow-crbR%3sqj>U=s2w_>cl9Mqvxw-s*HcUY+U z(Y2WGu2ISM%!R=@Wkv4WfdIPqrm?blXIas7I0ih{S}`vC{z!Hg#09koZ~0z3WD7~_ z>^))A+B?YshdFx=o`oar0XZfIx~fV*sn0X|@6d|7Dr!h6s+n(1m#uQqw)tHEQ{*W{ z_1-TFgSBG)A|Lmgw!Ib}CM-+m_FTLO(Xl#Rx|c_+^)TMRw& z0%<$FryRJ`mJJV`=Ab*?KuL^)%sgJ37wty<_0{IdMW;Pi+Szv}#$ec|k3V%7g zdtf^Bt>-fUorb)``eOLhC`BQF&vby#&iVgHh7WAX-`xZ4Z=F*%nx|=c0u-JswZ4}9 z2nv{dFRhb1aiZ`au4Vk}9_qiHD{w&tin*rjhIaigdlbtzOY2H-VoPvh(|BTs8(o(J zw>0F5{4K>-=6J|tXrt_ln6b-pQH@uJE+_5KIdFt!?3)ek?~3vq z56$l?`)UCG+X((zN$$ypkUq$0N6`jkL4RP2L5pLsNA7zkjCGqEjUIJZ5c~-Uh<-)v zTImY9F7|v*U3221HTt*9v(*V}cN+9>YT%aC{!Q-cR_kFo%+GQ_2bH4W{7bQeuA*Ju zgS6A@ah)pW#%O2w<+w-yNe zkw=b$?A0S!G41f#ekQ%!)Gns=m*FYW1)k8fY&~wL5A$QamJJ(X+K^>21p%eUdgYA3 zT9WI3X&BePX*mDBDSn?2=>x@Yi}>x`?svTSy}E#Zmx=!Fxh5W8<~(_$c1h@I{b92nuIQ+GqhW+6q1SqI}L|C7mr_N#FH8cIYT;>&4kL*t0r}YA4}Dw zZfJ@@_Vw`na=_0|s*|jBle%{to-Cn1>nxDf9*!z|S4Wkrn`*b#*}I!k;z2nJB%5=z z9HvY4I(t`h)lJHtbW<|1+K6fnN!2Dr!CuN!wws%c8K^L%>&|BMu#^1jD zlz=6R+?=Rp7^?-w8n#<`^9*{ z%VaF9HMR@fhb84_4RulA$@2?bH2<^<=Px~w6O3d?Ytf5+Y5Vy--(D)nctBb^xf_&J zw*?PpI17X2D6R-j3ydn2)@~!xM|;xhN}rbPQt4lgqD{%)Omv)CnCiXv9 zZ?BqYF~ZcK&gJhF6C37p{BXmz<^lnA&Knz9@tSd9cC9$arOnLFZ?pr;UV7lPGG>z1 zDXl%~kQ_&~`BvceAMGj!rkr%Ca(1Z6s@CX7E^m!FsvbM#s9JCuD6KPSV{=Szyc~V_ zWh&YtIIfyKkIGuMQgqx?M10Q8IkNUxcK#_jFzuwQPRT|@{TC=OCp_sCM$HMIA<@77 zELGAE3VOG9SZKac$PzD=6+O?@)8RHDC!>8gesudoFV=o1YJUp0 zub&!2Sp7-_PLL*#c$MiMETyw@v9Ic5sSK9yTQh&04fes$0&o@BgKKq6rs3 z=cmS3!rY;;T%V;!0zz?9U(zObGKaigqRW4;oCJo1j|G;H2p9 z!21N%amFGhMHw?@{>RZy_DyJ^%8pXD~mY>npTd^K?B2rY;F1TPG!BXB?0S?>$}W6R<88=3IRKe#Cs#4!p>G z{CQvkzy5yU{~o_SKQO*t+9BDF@vE4j`8Gu>a%p#qS(+xgnmzC$vvhg@&djtNU}A5z z>L22pZ&FU0OY7~{CKASVVORqg3A|^EoA~&lJi?J;t({80DXIxrds#&)y4dE*->Cqh z(P4b&^YIZZPYqD}G&nS- zr0~gMr&&3w+XmoF0EW6vhSg@L%SlF63H+^S_gW_a4j+XomYe(IG)}`+3%g}n&J^vI zQLWQ7%P2hqvAa4c2hbM~dp1O0??=;;V=oKL)q%ep!-m`4Dk2{usf*54%)6b1-?`Mi zfIsc;(U8^8mHcxl@xWX~U%-)vH4CsYUR$S&V z5~MNs|NZDc(cALFZuNUt=o^dMd=78RQB8HPg&o}f937L8A^kjtVts49b*Ue(ZVN1DD=cSQ`{jI>z1?!Ykp7aa{ft7y ze%II7sK9}REl5V3%aEm#R@ryNBBL*4^)cwi0^0@1$qvu+(AVjBYmkRW8XjB6^y|`j zf_lZxdJTEUEr$-rk^@t zF-HDO^K^s17VkIFUgA8T-mI8+$*~$rZcw!1R>fQc@6jzl(VSozcmGn^{0Z7EFG07s zL>x%vX=e86WUhrR7rm0{gUOoXM(Y&SG2V(#+4z(Viy8XxkyQQx5maj(H|9*Ja*WSe zo#xG%3b|}ZeqB9T>v_%itFxq=rf6Nq!)_jL)5r8_<>KgxHCD^bt+q&hv<<=5vaz+EleJrJr1kXW zL2fP^wmZ~$=XmOUHdac>T#YdV|2Vv#%ycpB)ZPTV1AZ>WUjZ`tzXrZk33Mwz+|Oj+ zfOiei+=<$qA&b+z+g^6sRBVdPmy_{BET|OKc#0-!{X=$N?K!*ebmpSN)9&s6JGXf| zMt&{vJsz^8&EFfngq}=~d>FOTlX)SD4?4upsrKmrkA)6(I|mUZx&RIa%_^;(ZmpW0 zDXVgfQUdS`ltQVTPE?s5x{L&F=2mHB}Ie}cQSF7BV;#`C|+YCU|oB1RAw34lhu{25~9V~@Nb?RE-Mu# zKFRUUQS$$wwAS90ZfqtgfsB!QKa=ZTOQ~WGj*m6XiX8kd7Mm4OzQw8|M{Fj~q&Q_Nt#xJFH?vN}H}>~PF{;a) z6)xWvn=7`%GmxWFU@&!06iw*W##pa)o#+;Gzgl-ej_88^_@H5Oq`(06qCa3i*)TOQHVYjyI19Jh)lZ_u2EKBt zU7YI8z!Ti4s3)E3VW)b)9t*{49D{4n`X%%=R#ph53$Zj*T4=>82RgN(PVE7Uv*^I0 z_v}TVdAC(}!JFP*P&tL&7PZ3R8=Gi5&w<|s^+%aDbFr5pSc0TrfclmWHMIL6`>R6A zFyo9cN+km$GNcY zj#60jCW{itO;@xB(=jTt=TCBAEYc-bZY64;vm)M-qDpQx;#5!B)jE3&{;#zU-kns5 zQPikRDo6WCyJpFCYLDky>_v5p-m({+^wv_07+LErYg4WI8>e`%(nvYf) z26UyVcB%Ca+}HOX!_GR?t*|4G*f+4v>sI^jgKiBO4;i+E%lCMe)x;VM_LI95^Hw<= zrmm*aU%+aj=HeGpCE7w4-DL6fjnz2@?~&ExGW6LM=-LOW>SHx|{}c7X7qww9(3mwc ztPM!-VKsTCy39M1_!)JZQ_I2|)8Y2mR)^Y|jt+Ay=osAK(ySOy7OI^J)lQ~r;TZC6 zkEYA&Hn%ntNn8VMx?P%Z}Okj#_k~jj4`V?rNR);IUVSXo+ zobfbvz|RveLH9Oe@dBg(6(Bd5NY65)e}Hid)K0i8W~0yBCyfIEut<0!J7}CZnyK8W z#fAIXysH-^4B*xlR{8ODw>`HmwgoE%7M1TKt4fpp${3Y)x`qC4kzYD3qy~QQA=1lh$td84<%cw*b&Tvvcsc9|QLp%Z~k>kpJ`I*!V%6=y5yK=I~7{lO;o$b4(I zu3ycAZMr%>*p)xvxd7kCOe|QKC2O~4BTe?F0E<9$za)Cz(7Os)YJvPOmQ|}OJduJB zy6|9m4(f7g-SwxqPLx{Mlk0p()am)hc|D%0jS9K7PFT$adTiGwD!!&CWvyo|R`HBd zbWAG8_-Gj49{7Tv79&i`7g0ppW8NsnI*QyHOT^Plf$63;pbmZO(Z_;Ws{9@8sU5QV zbUlfiWA>0OT_(BS)+Nd=4klprhbx^TSDswDe{Y80E7J~GxM z`TvoL7_*jaly{V_pHAVU%3mTiO;UBY*Huy?*}A&a<(THurWK$dui|ZzHM9;~bg80# z)HSEd*~A9{Sr)(`4#?y1Y5qNS4nG4&oEk!Sgd&+hAIW8>VmD&)wng8$0`fW8*Ct86 z_vpaiR_AQGQ4Y8dkiM8&V+UflbZe=jDoYOOnQ|;73NQN7t?rC=$K0Y3C|fVB-=)Dv=*Zq2E38=cmu)1d=$SsV3woYCuTz_O*vSD*{Y{jb6P z7eoJBrTLc;bfdQ<_sDr5Iy^ok=K)xc+v4M~A~585Wi%e_zt!mf@~g4`&}&a;d)=h5 z=16M>`cc>_m462huD~SNX3jN*K}B8CsHkp0AG7Ke)!UHVU)8yq)vR)1UoHY}b!@Gy z-C1j6A5i+(e(3%6ee?;JTZplT#!8j!(*!k_Gvz?HtM>OZX^&eUkNgYcAEJ(>B>PTV z7F@dd{TKU}!71@`dWgIsv@U%I&WJBKe|BkY&&~!tRo8s<=LR_^BqX{T&tK{3wNc`TR^{AZ1%!dqXaNQMLWHbxV~N3X(8~8@+pxQGUO2?$~bEv_(#F8fY|7~V{SZC40HmUp%=nz3$SPa>{-=*{) z2z!9}qHKp6b!cvj-Pe|ezFd|xM$ohq@E3aQK2Fx;OB(Ikq|w?``Q*+(f2*%{92Rh5 zJmhCEwEF3B($WL8dox`qcQ?aSglb)M>RR9wvqnB9UZ+va>reOfGbw>l0FJuRD5!?| zqc%7%>H-sEF5i(-U+dT8f_x$ z0SkJS_qD=$+5w6Gwvn4M++?8xFohY*_x3Z%<`6KN)w1et(xofAn4uo8Idy?WG(!J(L#Vn zU1-CY;Vj%5wYz*xXOzG*D>%FY;wx8rNh$oRf`6;w-x~PW0RI}{U#lxU&4u^BWi?1j zyNl|*J5k(q^|XLRogC;{Bl~KyLkH4P@yc2F|FHM=;Y}S^;;^qJ+cFrg2nNhYh~1hj zZlLAHq{RdhU%1y?B@)I7PSP|G{DKMj6|iHZ5SlpH$SRt>Q8#VqM|QK#X4|xVcHi!% z`|e8|NI??BUnF3el&>^kARiKL69cI&8wb7ToVk)^W3%0T_IY0Zfak%QJ9p;Hne#O> z=gyq*8{Y>^N^0~zlNoB_ChCCevr+b&jC>w*y|}$L7yh`cw&sI_bCpK$Zr-e!Fk+dtXdXxhy_^*QBHLyZBc4#S0x-tp#rl z?s{Ooc#PI#FbzJAbjU!+aRCZK$pWjYlZjXMh6rB-w zG>=2S^La%$CGOaZ#Tq(9?_Rttm9=0D4ZYR^3;z@R0}?RfJL#NA`JIb$MNj)!^bjET zO@khSh!1-4-=PcMK{}K!FN`%3&zgtPWy-kg(j}UeOqUB;Bhe+_9H&cL)~Iy(_pCv> z{36Ss%RQ!1>2lhHefyK6;0svgufa=Y>6`pPySTKILJW6?F9^6bpk$39#V}#F7o5`= z5ehGS^WL4sC9~+P=&1k-G;zVy?kIW0@GQWJJ}2_11$7lEO?Lw`^^X`5Z=&R{+ZRdU zVa2+{wbk0U2B?fEta_k2H%@J*N9owvzvCu+$^ z7ti;}<}4TF#@kXj?L2#V0H=*+gmWnJpSbk%J!(**3mGOh)F!C$t4u_CRXb?x-7=N%@hh2w$~ZZbD^?gP>WH}G zxCKF-m4%SF$EG8mk%A~vWmF=c$QYH#7@s;$ zR=I=l{whEHg_Me@i$Z$H=u|+UZH>z z-%pHsDlzdB9DX*Ey*!ir{lU&k=AkbaKS}=|yS_em(EtBXlK*q4TX#{wLB5Jn9np{H zp#M`0Kb$i*g@>gMXPq8&8gKn)E)@KB28~@oexQs2x93NI+XucNZYOA1#%cIH`c|~6 zlhg6aa1F!AA2bLZ5_goElNen=!9P#ZR+940$h*T}f);LaNci%Ovyn87;v4;ZRDv zg{D*pyGqJsG}PsMiZ@b` z8dt6;jM9S*G>bb*sDVyZ0PSBG2mY%81RhAE@j5>a{O5d70s|UZ+m}fGzMqmHKasXC zjbwYIW&nc}hXLuR`}e;glQ>=f0kSsMYKRQRB-x2OTk1qXD>wn`rO5Av#I!2%TZ*-M zF!H*PSpU%coP8EKX!t(#a!~$m3{k$1w(#)D6#NAy zv)(~tY%6*PCeBIoSI#jB=^Z$2<-Ju5eN-C;P=N)ArP(Z*u;nFVxI=!)>ndYibpWxXbD4z3qB z2BcQH0~_$VEN)L_ORV1evc)%5^Ln;qlDJz<_b!>jRgzrFb(YkwW$}LScyf*?Zf~-$ z?QAMpgjY|Cvt3qkc5Uv6fj|M~Pp1*aYCi>^d`>Y-<)>|l(*YU+%yxU(&)^Z_in zW$~p04smIl=38CtCuK$ilTy}NS=^_2WobY?8xDtvQOCaZD%~y_h zI2vIm_h-?KRCD6K77PZ)O0A+*4T}>pH1_k~5WL-Q#6RluFQdgtAHc4`?>K!Gt@m?F zvbbh0e%{rD7LbtxTt+}@vI3euRhL0Z%BFbBuZnNlKt3D;T@wvo`RzfJj~RllSe}8d zbz&HnH`RglO#KTm|EgE*t=ku;!WT$a&jc8;^xa1P!}0#k;sHJ5{XIfAa5+V+u?1?- z=k~5UHC^r2*fO9PMh(iqSV-__8QOo)^?yn@IEE47`sWi22U+TbK?hlnHThflkWqEm z5i!2kIerNty5C?r28+^0Ke~+ecH`C=Q8}TqQ*v(y_hoCW-CodMv(RvV^6!FkXa`l` z#rXHY#oQg+vh}k@V_G?0-1#HAbI_l<#FzCR#Z4+sv8EgiORciI&m=BsQSwf5;9D{* zA+MvmOHt@o^EoaW?ab9!Fxj6k!vZt@G4TR@Of*_<-}(`5n+bX+0FSzH+uVeSB#pp^ zhhbK+49`x4|2&Q&cg#!Z1>gG=ysEkTr;0oAI$JO&U7a8!*@Esu9cpMZ6s83XP^D@BMvW5wFFmDSF<8?{0~+cS4##pWkm6;Eh| zW$9XGQ1nbf0M-;I@z!>b6bW4E?vn`(I@ngZ=;b_q_jq{{6N6 z$I27qt()Bbe{e^$#hv$BC^|yQStPxA2aE#u#5%<{g}c^O;FdI7s{5jIeP%%POvd`T z@%rg*|10jODDI49Q2n~jzUortzyG66PLS& z{c!-_gi`fINC46EHLM}UYow8+&ZZhQV#7bhYnZXr+N!GW0;hM|%5lQFT$K`%83ineS3xo(G)DPAW5&n4*jGuuFxs7%%7&6R7D%6Kd$8diDp6&p8JiJre;{KHASd89wd zr`dg}8ex8cFDsv^u8bqK7Lf{K?pJsf!~!f3Vq#dJU*g-j{4Ln0P4IS8g>$X(_WStu zcB4Zs=9iod`YGOq}LE938LD*1aizP~dL*jW(=>~wL!y97@3Cx=(O4_|zhTLT#C zHa;02>Ne9*cL%_p+ON~%;u`im2(s06takDf-9}Y*+UhwCQ%IR zEFaErXLRF)L}QiCcw-gR*sJ(D?^?O#P|#ch6xVZ&w6QxdgtwC1(9VC}Cq&WiVdbN+jSJwScP3^*5%Lkn1t!#Od7|4idQ zxA32P`A-`E$>2Ye2Sc!oc2<;cwL8vFx$|wC`WQ`r0M;M29Qe(Fr6W{rCB@ zQ}B9Hjdt6$iQivMOGw;F_<`79#|<|L{~B&=ycb_zyT33$;Ly$aHr<{-+73fmSMrm0 zPTp@XI_I1-WWQTt|D^Nl@Y3};?w#x!mlO{V_j}^43%KD^$v1X$#$`Aj{ zJeFS`axUy>Gqx{c&wSaucib63`y@rrd^~XX)FAx-Nw>nc$D6)&u<4H0YnsNLtkkUQ zXRsP6IxOzI2$bBj!ni7?uGKgs5~8yL@7NFvrdnmunjwo5RNQJs+kTh>SXi6`?`A_8 zi;EcmT;K~*NjgcXd)Lkq#L=1q{9I0X3VH}^dGD68IiCXmbM$2k ze44;Y7syQ2WL9nmogoL8GaJ8T>sd!}&x#rNQ*38*j%vcz*`pqAN%kkim%PTszWfwn z_|L*vIul!jD@F~Lq?)_$`K?oJMLpt={Qk}iO8}Om#+I&s;hRkBjZLQFj_tJV#?N<| z#`jNOyT3GPLHt8<#35{?A;8bt?p0yAt6q%nTrC-P9_70GO}lauh!UX02BnL%2eljh z5@XG@3ZACLZ+CzyTQb7GgpPNmh5u~g>*0j+VaWMKnJ%ermU9PVR1Nn>055Xz>>tHV zfbNFxXiD5+GeUTpA?F2|oQuxGA#pHBRRGbU{fh;L_LR_`uWiEJ6=Iifp{e9YwQD*h~!J-9dXWxUl_JW`$1nv6$vmFHi zn-H+G`@zUTDWMy~!FHLY4*d4u%(pu5rXd@fk#A#<d3;h~ZaM)=ARt{?IFu~VuR+pa_eLU56v<=P zzlob}bGqzECjR6sPTt>nI|dW5>(Aqk=C+tH949j`VDbSJ5vw%)G$Wd2>6uEo-Q2Y8V z^has>YPwJM%OGmYGD|$5#tvPk57QdME%YO6UK1}zR$uaz14~#9Bc)LUE>k!Z}GsJ=eu&jnApXoJw^nI zs?)tO8(WrZ7kcdlJ+1>IM0FY=HkC~A6#*XIr!MtG-lK6(&fSM`XtcZK*`SQXE}~+y)H7UFKS-$RiEw{_tLme6KC~uO_2Go7mL_DebT)Zz zg##LU+)!0pY#E;=FwoWQ7D#d#D&;ctaIPUW{o&j=a)~Q-t_?WA?dgyMLAWb9*Ira? zb&59JP{p)d*=q%998X7t!f){#sQ6)gynBjoWX@%$x{i!`zDk}4#+lBuP>|Wxc5H{q zv+bsm1sDnv59GmI&25$;k|R1ygK~X$m>FXlDz6A^XTiZo(?}FgbNsQzFgBS zhzm>|$}j-f-DNrAkNv~W)F;jt(m}@L^Wiu;#N#&&^^emb@$f(IA88=EPJ9zSlTW9v z7MyvK_SfgHB=yN)#qjX^d06=#3<7<|*pJP74IS)< z4xWllda#*#ZL+hN!}olu{qET zD0nKe`{v(k_bsaBA26;U*cx}_n>1Sm7u{&jsDb#~>D@c^TGu+z5CXM^(A5At>?HtFO$)Z{EKZ{0{n zkhg9-yEBQ5tXFei0eKtEfW_qvO+B6<-{l{{zKw7`SyvY*digxNzN(m&tx&wOQ(>7+ zvJ0&Gw-;~?FIHIDN+z#^3Fsqq6i8mfcLvMz_+z#4Xr-luamsmpv%E1DgTGH>kqt)Z zjoc=Ao2f~D#`M?5&$X1fhMku#D;}a>%`znfa=N4n3>Qsx{|zo#RYa+373IK??u z^7qKjtR%BH?7c2K1L0J6r*O^twem`BZHHs6-x##k2Kn*pqIOpr&@Ha;N#)mFr~JC% z<(q|6-n*+K?e`zHrZVn4wz0!_LjJR^4C|W{ErfJpTT+7ILK5 zYeLICu}-;e-xl1L?iy3~Y*w1+xq~j~!$VJU4w;-^kfz(LQit7_wzzqE%JB1JSreAl zEfP}1hFeql<}&C~IKmCY6ivSmz~Igt+<>Alu{Qo0R%3GAf`wv32Hk-7fR!J1;P6TS zUaDLdcwMgR`$TkqBp4xm0&Yh_X z?ytkIm$&l$Jc4rzh0U<>z4V|0T@#Z0F-RY08PQGkm9@)t{bOn(xX&9P$p8v6rq!GP z1ivosJVcvdTOHyrT58^j{6682FgP4LN=P>R5(6hVR>WE96r~PGKQ)Fvs0X{Uqz=y8 z*Ww4ti>(yisxG?FB@#nms`^|{Np-R7X+kvZs z$g#8f^6H*|;Ia|v+~3Pdao*!@71;9X$iJC~;rI_6N6%yAZXkaTfv+oC=*+BJUR~Vy z(-_U`<7;3l^azl4VqJd{dLI&c$3d9g{yukfp}6xTeHR+Hq-lDJ9mLrtv`|^VuTw9n z{!OmvF{Q`(R>nO#m!OKfC6|>{YwmuN=sAZV^fG8{j8AS_)Kily?p`7&zTzgJO;61& z;_e4h72gti65WsCH^t@>FmKdQWEmjdQ{pU6?yuMofLGynLcG`Oap!Uxb?|vBta`JF z3Q6R7m!gLT2p|si8g3-?Yyc&UgmIqPDtf*H4?QI-1hJuvQZ=cf2S3}1yC2%7`Bp`7 zURXIcPIhDWCglAtla50*EJ~+X2LrLMmQ;_!Z86aONIC!@E&{Oa&=5|>ZGaGwY4cUQ zGTPme3MFkIEFde3z9D+>RiEZB}an#MoG-7YR|uj{WCJsr5|;3c!s zA;7WZ%V8b53vC-~mEEmo1$qxX$q*Z=5`Fri!249cKvQK!^q^6yZ^gs1NUAOHi`4Ii zc_p;49(eElXkZ9o{{WBmt$4*4R#*}@OYUtsK;A|wOGfFs{d^H)QtU3f4#jFj&v$vD z>rku$`p*lQMlbZF=*i=S%%d0DD0&92P@%NZ3ss7ql|h-7AzTdA z^=|e-O@_B^wvNOMB-2mTWue@NWe}*WAzK z2%_ib^hiqL)AqAqU0ZHl-!yS|o4Ax4q`JO&qGvj`WW>~M{0ZLLoq5GD1po%P_izG? zWn|QWbA=?KnlN$!==?3bK&!78&BWL^YSY6%SkUR#-$Z9YeKJAtD?!I+3v(gq|lnQrr z?N*Vf3WG$Q==rz4xWT2PKHOTrOqu-xjEIZA1~WcOyXZ-|iu#ml<@$7q)cL>1Qc8NCHBIS%X=}0dhq~`@JrHVcl1H$gYb8y z=$VMdsc~uP^5sfls{Gb+b?Hi_@II4@Ul;L?Gd{-DL=hNHRuI@3v?)GEH2e`5F>lGX zy5%)Oqzy6~OINJ40hmTx>GB7a!X+j-6NbAt$Ub3M0IdAa1H%TpGqiC#fU8tK;L%`r z8;+4zdQsh4-DgGd%?|fD_}eP9`m&h#rr+Hu3N3=)msKZ(*0bdssVcC)Qfzn!YDLa` znRLlneEzKHa<#(zv+C+_1{I*qY_9pT`|Mcb?#n*G^=y3Y0^;?(tTfkm<@!!M5vDK< z6Ubk!Iw1FkhuOuZo%Y_18PH?(>Hv*qnA|^%${JbD;2-M${S%C^2&M{Wjn9_9O6~q zhWAafvIKH`t%XYmnY9D*vHci$ORnw>;%6z>ZHl)$-=^pI)ka&u_myCmDP^@LNc%6j2{8X{)7MxIlqQ#u)=u&c}j_6O) zO!QqLXRuxlMe4)jFh34xMM3dZe{PGo+uwU)#Pu%VlZ8|5=`d|@Wy`c7jXpdt*UhOg z7P}?`QD_SZeR?-?ofkAnXl{Sb9^9GMHReT(_iBr^I748DqZzJlyRL=hx^3y}Tpz3Y z1X=1(amRqncdx0LA=hC|$KIKpUx&XLu9v}Pcke-^DzwUtT&Idb8Nj$a3q5N@xyzKR zaavp49Uu2A@C~wv-dsN(bo?6n!-}4#=-bSiuhviTh(E)dnOB{#`&{86->dp4WT*tSN1t>ZbJvDbTyqt@w!5nh(gJ;gaOL4)2%CE# zfS!yE}Y=OU0sK8mC%eE zW@Dq=M-+Fx#wM)^=HWL%llIn;-UrXW{tpLpF|I#rhdgs4DAY*z8Oi2AXU14zwD+t% ze>+Gg6Z{u4#N9zAn|VpxvtVcT{Mil`;P=&O%}PFfz@uxZC?1t@cOAb^>a%z9lJ2h? z;vY2Biss~B;(SE_iU?(j*SN0~I}6=c*0`4A<86WSRv2`)2y);Pi=25HihU2>Ivs8!ucu{b04Rq=w5~Qze@f{Is76n9=z#Z zN{;tf)Z)B@aL3sU%mIpI-{W2u@v!TKH|h?og>|f&DwK-|K4&iS=UDTp6*_JQuzuDj$f5pC5%!Un>6$Hc{pj2 z{N0-PyK!&BTW5M~Qs>*~l^*w7c;u#S((?UzDR1Goim-*2u4(N5!s|k@)J{yfqo%E; z7?KXmg8UX9h7O-0XUVt?^g2+?=STXuN8p*eU{|0UR*O4c^|Wtd$>x+3xako8XaxcN zcNh_`nd0IZrK|)mWdJ~pQ}C|M^UwwU4Qyn4InME?=|O!T@|)P#|0#U-b01x>d4reZpV ziQlO4v*g(CUx+2XQC@`yO*o?!oQ9?YYY=5TJEk!KntltOUB8JuK(3r||GEUa!6Q5x z9xN?3s|Ki)eBNUP5_ScB=1HqTaDdM^m=;^KqKo2AJbKow4)D(fj`lq`VF@4od`t?R z4Q`+TWAQ?$mLfLrLuTXdLLftA=_M|7Gw6j@ELw}A@vr#L}dq3Pw_ znzUj~cnhsJ)Bg0hA#24eu$b0d94BPk;|W4W{(&xeb?)K3?}$yxL@{tLe*JMo%JW?y z#U3ji;*=XxVA3U%BE%-$Lei49{qe8x&sTV-_a3DC@Pd)ORB&~?;IGl{%qG;W@Y_jW zlV_)G{?F-nlLBBlk7MZoN!1n%QVmb51McHF?!3%m3qJWuixaU*Z}R|qedTz`77>uN z_5q9-ZI1@i_S_$Gr+=qz(XI zhkcoaeQ8en{%U?XF2Ah!i#K~?#{4MB)>L8{XC^eW4pLn!K|)5PV;fOE?OUr2^1Lz{ z9be-GC-Z`!fXvS0(pZ+CzQ*(W>M=r$C>F#U_d-#U|1Prl!C= zi>YQ^wlLMA%UMj#f>i)ht-74e)NEbOVQP*p&tU2d3WajkWM_^Ox}3|@TwTs*YQ8Sd zX6kHRp2O5R`cv~1-8Ns*D;8ipFPJVbQl$^%TI)xOXw7ATAB!~*+bSb{X?YDImnk8H5& zA<36}f;rAPplS*`>OQ}Kz$}P=-&{0CW6zDN17ir*0_z)gMhkqJuH8`^)&!VX#0Iu5NVdP?Zu1zgGOkYCt&9;MQICmK zNbJCb2@-C)!>Fju^*$^;>g>z~^IaFxK->Q(e%CxxAJJ7{>q=b(wrOCSOY9(uE!Kzoue?dn$IU|zknsmBeHNr#$$hd zav)$;h4&OG5(s2LF3+-H7TYvH*%^B6N}*Y0e~_gw<-j{oyi1Wz1pHY-GtaSL4qFwa z+zdr`ZIp%6Dm$-Am*v0#tM1yM2&bjXfdg5XPni}Y2TH3>S!h@E%5|!AP!1flLMN(K z;hZ9M1cFeZoo8F(Ss60mA`MVU;S;GF@PHiX@gqFf0Dfk>kB=Q>3GS zgm8w{u7pgz_6zK)!VcprR$fi70sb*n`U`ec0rRB_5k+bvOpYncwUNKFU}SkAqO$ks zCDdtAr32Vms1sF%lZwzN}PC zwPqm6M#ZE8V(_awoQlbjWpY?eYPM-rj;VYGD~Bv#xM@|sUcSLpJ{vd=G&7aYfj;Q9 zj|o@x@-?#1p_nQ`b=7qM3lvmc=WZ5Q?PKna6jr_l#2VD#l6Q)CtDv%OIS{rg-eswQ z3pw70O$zJxK5X`GO~Z5N{7pK&$Z^kO#(kz9wdAE*JS&Q*% zyc~$+zzfk^YV}r4kP|O%fqZZ2MDMa}?-P?)AP}*7OD6}yIo@ScypQL2w@+m!prCiz zv_Mym_wngK18?aJZ`G}=g|cT-_1hE{@s{R#tMU{Uru?r^{#O-t(p#GEt(v76U~Z@U zztJ5Vyrr|fRRso^uTl0Lx}(}#I>%cz*U0`lWq*TR^p?)^R!OXza_^+vLa;;L()r%1 zyTFD}{x>QATM9etEnVQPDpFV{K3Vvq(fzLoQJRA9%N$S?X~lJ8p*b4Tyd^i`UXE$(bHLN2Ib zyxYeeDdxL=1NUlsa79o1De~HE1?@I>RG=au{CZ*$chr-6@>og4zagWz}`-=iWAHe#R>L_Ryr6^)b9G&R&>C5Z%-fx)=TcQ(fIyhJv&2V z*(S~H$IG)_p95f9(IMw#u-is=@e!J z&RJzCs36Ny6{&qzA^d}kKqox4a7Y#oDV7pT;gBo@DJX|7s8X9;f36(Oh zZ8;D$Q821ynJ`q}sYr(v{ZVND5SWG;GN@pEC(Z4BX?_1PJw?^cDXcf}xuyP7%w?AW z!}{}>416|Ch2>=ZCj;~?`-}{QWL^pkj2!rrRj&UCpP*CIl){D#JhuMlTo{mh#X#;A1G!fWNs*o^_mTebXw6LfaSy~m>B%^ zGIuP2-0>mEy*~uG3;z?Ddyym8qSsWD%sl|>mLNy&uVm|AkKBKotp;)@?Y;+|X?za% z5H7)KRLwJ7cb^++9`(D|Zj5;pC+DNi8&ZWga24Ko1FP_(>uyNP{0L|3V>cvQS8%qj zygA_hciCFZ*{a--Y+bC=>Gj7Ovl$Fn;vTw+F z6nCIJkaYvjqZ-Y0T)acoZ$SynP9;C~428AN8lWR!w{H2_^pqvKIY(i~0-sqpLJB(` z_}t3TK?K-Qjlgnb5WxXhX3jg$*+iPx!qJ@myNi@Dkz)&(jglrTE@NzqcWt zGQP)H(1F0MisTRYZ)L&I1;CKI)nq9obQu0Qi_|^~op9)#v!ExA{L-niXR&=waQXJVg5ka3^iw=R}eA+o$%yWSSFLr*S#Ot@GmNQCVKeL z$@tg1_$L4Kri<^Ui|?k3@8%rlri<^Ui|?k3@1~3Iri<@?;^I5(yXoS)>EgTT;=4KE z-gNQZbn)GE@!fRs-E{Gd;^H&o<~3lh!aBHC*nPMDT?6{~vZr0w$9Ev^<7*n?<7-a# z@r9=?DcoiF_;wjSzFmfoZr)thE<19O=@Rtp$k%wdugS1p#v(WvxksacGiaE*>@pMEQ371jc4@Z>sK%Q z|4Xcq8p5!r%c&x9gcGo_WqUaM9{X1r{VJSw3b6>SQ_lS*sXk(uz#dBhp z)xzw2weYcgv*OzlwYhPJdO75;GUH9=2|-!<2iyscFD5JcDv;~dfLoKreMQ{5*Uq|B zJoAMCoF`Mwd=9_fDi(z}R{?;ahq*frN)PaG8WO28WAG5{Y zMM8+X?L2+flG&1Y$^^AYDwYH3l{|gUnn}_yq@KcpJOh%zaTPT96e|ZFM+W<{_5FBX zP(~DFo)!DWIszARuy-mu0WxO6J0R)RYIEd%gM{J>bU=&McGGzUg&kGdhj!+Q%I>D9 zsxQh{SZ#`|KbLPtQnFfVSugKK`H3CHa4}a@)?c^^OywrCcc%Awf$st@NyW|Nt4+9T ze7V`XInCHLUXqSmvX^HNv1_B^Rv&U#(`&nlF+}^g`L&Qqg~oi(jr}l)AV%UvmC`c(YsXe-k<7y(4=_3V^+LN(-iOh z>Fi?H*Ps^el%MF`BJhTm()RxcP2T&>-tVSy^p+BJ?$5X;B(>BL`4Zzq{5AS=MAQGV zjsl)Kp0Vp{wfpy8ItMjTzaMm`Hm*BcZ0yf3s_YB7aEe@5YF2&Dd{CEW3up^-fU+Q^ zu{weYf7FLDmiPlmn(i=rCwreZdQy^VP|?I$ZIC)0e<7E6ExQNAtv{66A!0M$j3~2? zB;|S~u3X1Kxqj{$MY)!NUL4`NRZ2-iwdldnETar6*29z>)T_ZdT&+q$tKw7w?LyU3 zQxe)0{yb{v6&eWdWG(~V5`l|>cX=w81n)z@?A384Q@kZFbg{8!_V zU!-^IFO5gWAODdaozFw^?|E_yB!9}28z8xhCs#r8hdlWJB!9q@%i+Aa_qp z1W9ScQ=O5$@dMKoOj$3n(1B09a6n&S0T5T}2@%iT(0@8+xd#t6hO?1k9>22^Zzp6q z8mqS8$!80m!4Cg$Af{meaCrZO#`Jl=L8CdInGGBW-$MVoC6Z}=LP9{B>qMEs04sdZIk`PHP*JtNPbHGL|D zJEz!%?q{tjV#7~J^^YX=ezNTXk3dcAK{K91fzj~XE=X8f_~RFOPbkD5oD3}j7`d~M%pa5gwGSi<<{^iOaPTHEd$#0Xo*y0?+t2KQm-7X5vJ%HhR#>jMmbI}yn8oeyX)8Q;o;LjYpUal#+TCA`(2Mfg} z-2zB)XfiwCj$U<6>Y67v;yLxMbh#0wcprjEL_tZA0*SDA_5jR)E-UQBkXr$-8=pX7 zO&Ew9mQ}6cKY!;-68kcFNUvf}8(xV4y_4nPtB^w|4c4j0$%6k5ytV#3Xr_H&?IZ_$^_+4+t2T zzr1Y+%mxBb&r}{3LiGX62sF)vX&00>xw`3iZ?Lx`?-Zn1TOgPw2mCWjd|7wOyfAB1 z@`9#Sxx!J_2E{H3M-?h2oT?8Ju)s__QJ>dla^)z(F--S%sChw1!>}(Cz`#sdxFqxP zGAwNJ4k;!zTNO^ggWP*m&N~EYm7#|)4Rbl(f#6Kc%R6dv%uw(EF_y);m_}D8Kn?=r zLvsBAqn}D%NHIAqvd{_-y`j7irA{K*gjU`k>>f-()VzSAS6UU}oWk&@4W}i&Ar$}! zZRAG@0Qds{K9od=Q;J?|R)v08itk=oY!G;L=`}eE_hX;B_V_X;{Y;Z z?VCTQzR4g;-buYSUl#fp{!Jnbi4*+FgM?uh6{L%6KoKs1j9rA1C-IDUE0jd3@nugi z*oaf_KpJSs3FtaV#Q~BFA_t^=Go~6$(baBQdIwf-QlBD4u+yOc*j%7}80N>huwX=) zWgh@H73rMHj;VQvWg%)~?_uNxRp>^aVec_HuLshKaDYP%1pz<~YgVLBQ3k-|WI?}R z0)9e~0vL5D(3B?isqBoJcU(9I#vrT+SJ9Q+dtA*s0%=9);q(awh|BD>ns*v#0gZO6 z!bJqp3#c4}v|gJFT+dddSYa(J`acgf!=x1(fO=TepdREQ1hA!Fvf5k~@e0)6I!6KPjz*M)Ld8_m5zs+09HV$zk#+`Tso~v(EBT_pVj85!e#6`Rl5w-e68!` zW|a*9E*4c90OIA#(z|l#piIJcSeANJ>6jv%2YJp`ur5&nQoO3}uu3h3>VP7JLw=cb z>ln1AN~eV;nY{x>3uq$8D*<(|lEPwO%_X37GolG21$G*UB^?7~Nv14Bt{#r(VVT#{ zYqO-jLPw_}odq#L`kqv!ld^PC2B~sjNCK5zL={`+TLco-jCEud(A5;&npo%vs~{_( z0H_U7=AtY?{fnw_RK>U(<)DIx@bY;AkPo7EkOSz0MPgKyLI44zE<_Lx0cJC?H3`E$ zD8dH{Ta~3?{j)OJg+rV^(7d8=%7=!bcCIY7LTv@@Kr__t!`7v$*%bM++g zJ`4sCM)dAv)i`a4954?E_$SZ{kfHYzdT~gWfR;yr44@ae3dZNSOhZRPr`TcLF+)0B z=!!~LLrtug3<^7jpN6C!(8byu;WDRXoHPpiOfR=c#|mBfiqr&kx@8(td+=Kqb`eaF zAEpB!9|jK&CvXHxMijJ#XSwCUp-4jcM$Kqpju|QrKcpKf4LzJJW~r^P{DjmW3KBU^ z;YT6ql8j^Q`>fnDl3)$m6tJk!t-Ld;)T^-1_3|u~8qm#VG-Zduc*0DyNhx%NWvNLH zfuwe$4XOn-y)wiC{qgPTf0tx!z&f%ca$YZh6%N46M#17F4kTT^MKeLOv5vxyD$*e( z?*qfUOQ&^56gvdMbq-89y8;ZsuKahIAS?>Cl6Mt`2_^5S1iU{8 zNQ0^##34kM27ueDa26PxA`2&h4~POuBnQz9Ag$L-DpmL-DYIzf= z(h1}zSozOFU=F*PE1yhNR2EKwS`ibE#Zf|g0(1U;9CcyMk#|Lrj^a=)e1P9x2gmkl zoMb9~1GpsTfw&)1^DculVzdXe{WDM^a1o5c+gp>Mx}P%Ul<%w zw?RSj(X29PK?uSeALM|>5;Va_hj9l5Aub29aFv1pol25}I}>sMI*XG)(4RaUt@T=~ zOhfqqSS~bKarS)*vJ94>7p9s9BNGEJR6R`-ns`X)1&W;6}KP!Oi_Nd04pA$(8* zR5SyiVNegv0L+(A{yGb5vqR0g11#oyKtWad7>Ed?y3C@a{(XsoeNdTb+(1JPJz&SV zRpE3ulf58|jtnEqOm!H_JWSk4f{&}x869Rl(L$IRlJSz-Lw>_5gB<~4XQ3tWEt+mf zPQs91R*`jwh;yL-C^;arpuy-21+$4Px`JSU<`X&1b;p2oq_8%J&)edf3;NiPbHM+P zw?Bc8qD&sg;pxl(6AbilL;^-gG-~3RQPf0G)6f&Tr3Y{Y!~;bU#q~m%;ZQl^BtY8^ zqJr0Y?XK>+hb!)`7*TO1fh2%J0tx{X0xI?}iU~(<(r;BgJ(Ec?3GVOv`M-W7)BW^w z)>BVi&+}C6jsV<$DX2S}cL(p?inPF0?JNUY;M@(QfY7EH*Dp|9pyys-#(?rivDjGu z;JyVVSPB>=&{OD7s;Er|A#pGEsWl?_G@&%ZZO8S4PE=5684SyUN;0+#IOuGw3J}u^ zZU%Do$k#44gj@ln7_QvK?QpS@I41=`YEpH-2a}xs95;QdIF%lWIKF0KVO3mmiB<*WhO1Y}&00G&bP+B={sm$Ozxna~NOrUqlJ z!a8#{sEa|o0#52}H78o&zJ)OXeb=Ucjq3>)z_$RG3)$$Z2$~8h0nj^OKQI-VcQDAX zg0oF?g9r=!XBOb_Pfl2Cc5Sf*$+`2Sa|Z|yP5@#CVw@AmRk^wgbp%{nyFfA$RopOm z51+ULpl<-fD8&|G{J_jysB%1##5B(Uh;gE`3L#k$Q3ityhzKVrAv#^DE+>GwgtV(l zm$L!^!5 z@ct7hra1wL)F6{SkK-&Me*=ST?}Iox4%BsdGgKDO8mM zu@vjZ# z6bHst0h9n-z$)>v836`rF%Ttc9mI2i1LgIQ=mhL&BHTcQc#J=lV-P}uQ9c|*g9__) zBDX_SQEC&Nb=(dHEubd;k-4lo^-AmQHZ<9wUn})?n`oVD7ghLYeF8L7_-DP>A*%N} zB;Vp<3tzPA7sHSWHoe!?&r=uwKRd}goLevjT2xpKi#duV4VZ9sSS zkKQ#tDA~e(X8wsm4j<#UZD#HagHkYbE;nxQfQhg`AGp(9^n>Rq$=8<0zZj7HNh2j+ zQ=S0Nf<17PKj|XL7fcnFHFA8>S~^j)AXWGR!)Up)ev;H(ZnaUjIgc7_SDd*<)yMyA z7;?k6H~9yjFZoLHl&rS$ad(vtE<^Zjqq9cv=pAW1$VM;bd2~JfiLUh^w2-U z9d{7o#$Tl9g8ti6wJ~=}ehGBCgw$n{uQ6xtg%YeVib*bK1)Mwe-m#;{z@u)c-nm8c z+s+b-b0}K{c|g^_g)U<3O6}_YXgM}^tK%k7J>)GV50 zgD;urgcekLO#;=;or0ECQCm1z)aJnR>{Lm+{&KW7YtxIF|4C5eEcLEpt9F(FP<1tG z<88(s)s?M{x8v_fZF~~`=4j&`_&Zt~KNx@WwDBqUD{A9Y@i#*opN7ARHa-J?@6^U; z;_qZ_{H6FiO&gz$zcaM)Bk}h>$p9(U`<^yF2VW;i>hyKm_|e85AOykSFd{F>s!MXI zH9&d#fZ*+{R6rUEis^?$bbNS-jD&Rpx5b6AM%|5L{DTt)Ap_VQEK3$qltPBl2Qs7J#mtlH?go(Ek62wJMJ~YAy8JdP zkop}hfsfQOV8iMjRJ9l{rbMV}kh2XLcVFiTc*#4ZB3N7SGBNxRWGWq^1>=zPtaUklIGl+!2ryfJ_f^p%n}LVD<$u z!{uyMf!(CHp(QoF0_q#0~b)yBPWW}&K5LOpsLhBroug< z)jb-dUp(?jGHnwb`79qqW}`bwrsmS2&rN+@)F?W&cY=xwU1<_PGXh=#jCVV0?+^-B z)ZSioTTFYX3*aYg@1SU%k{30MKzq$DDg^EADk!ZRP3U`-_iQGhz5S@rN84)?Q1LLRy&YC>252VCOfcNE$wG5zS^4I! z)PKEK!aeHAA{=E;)eBVe>vTmVTbCA@O23+K9_5?szoHQ8R4zh;Bx;Ww73uz*N0rH@Q zy3IP}PP7)Zpv?m35CJm?r6}$W-$0T;069U{JFb%MnI1tlvWkf~NyBJ6W+%`f&=<(W z-p9GmS%pWI(AKaES3{|F@njC@)p1za*ew{rAg-w(xUtBYA*v0*^1jYpAOfn*&f_B5 z98L@Arv&FWAo+>vJ|H*(cN)*a;6!~za$g_k9w(^P`^5B}@S$Okn7%`_x~8FbTJ2INO$My=2QG^G+2*bD*Xv%@4*1{vWUMB6o<=^N)VGcCXkgz_Nt2X_n74?};% z^af}jrvu;$_^^YVwg!?(P>VJOUl9h-%f)HbU^T3;`*7=~nc4#hzmc^E)719ifn@?2 zA)@Ua2JJe%SyaCl)5ECSY$v!6Bl|Ip4WU{W(;W1!*+qjB(raOLO#*2h!9F~?moo?m z_D~?$f9?J4A3$xAm@(OG5w}AQr|$z%GyM>H(fo#{0NUHaV4h6dJh+e2ryV5e#})Mv zSQ$Eq=Xc7u)GEdEU1;oNTY7+vWhM`BG0oFc_lKb7oy_*RB2Djuc|=a0z7;wu;SNN4 zBYxsQo%tH1dd)paDtFaTaMsm|It$R_kvoBbI)MEmJBKEML0(i#KyjQDEa?Zz3i@)z z*%&GW^}fu$)1Ne?Etnj#g6s`KbEC-p3fzF(p}9ulUgb~~^sxTy^sSXm5RYC)K@3_9 zFTs8^ZU8FJ7)Cz?zV=8Ci!wveW$241_S+7*GaWnojy5u%t~*yWN(`$sGEi0=Ki3? zP7*aYaGIbtWd@R&{!B>=mhmoJjPOat?K6PlXdss`98mr56L9~hq(5VMLy7G6r(;|I z$~J(b!l?OB(Yg3%#<%bh{ccY-pKIy-eECq96UO<-myAQfhbH(dIGeR8QZ(s%fjCcp zU<8^ggLQl;D-LPDy45;G^ESFvbW1&y=w5%(`76EuVilaH)jir2R4Eank0b?u1&IFy zNTx29M711VfkdK@XiS*|*a?}QQgCpYg6*nO2B9Ydp~E8 z1IW^W#=dAaI00F40(nHJeu(DP_(B*=NIflB2KeAC12UEkWDK;^N~~=d#<|`V3?@U9 zfFUPHjN?U=)KuUVQ|^RGbfLNnD~kv2s+PlmCbOyCgG;H8Gw9r^XtN+oO?tJ}l}3UW zS4vkT`a0Xt<`95R!XOkn;ao){HbJ&@s_z0DrMQ0utaUSkb^R zvRzhXl_-NQrn+nJY{~ZXy_IO3gM{fRAfmzqgCLrIgpj%nm@sh|7&;8Zd0bmO!@77h zSB}!MTCHfftJ^512L$yySNdtexfxbB?oc9oL?Q!ofIAQBbOjbRo}b@|6q)2?Cvs~= zo#H?M9!JOHiof3NUY&U)X6fM~mMGy5dT&5Gu(6zLTuS03adbunO6SwGrO`x>Ur zS&B!q1H*~r4?;&TIx<;kungB1(AD&2H!z6wV<17a(W zsmU<(q7TG18HK3;I`Vfm0rhrER`)a*pz4+YT3_9EjwN67sFP&`pcg3TZaQwVmqdbK zLlsGV3dSM8vlZKM`2xJka4q+B?#23&tnNFpx+FXdQH2{B->2_#!V+_Fr$pRh)Co91 z{ga&_1|5Tmg!$VJ+UGd!spqD-)on7gXk85QI;?0N5f*!{H&mh!H=I^wdL_;g%={o{ z1*Y}|w%#Z@VMVKLIQlXd*8m;nnnCm)r+Hqz6UGA6ZMO=jsbhB;DWNW?l^{l7BV}x& zDp1ZDZpzPSHH6o`WH~EStDTMMwY0xv2+nd0r@)M7G1r3T zpf-XknqGmTJSb@hzA|nbPH#0;S{;)^Y_H9>g6dJJ?n`gRzYRN? zxCo;UBAH(X%uzlC~BjlSO^Gb zbxTOCpl@5T=f@j%viXB4Y38bs(Bnv0T3>38N#e9_cH=N$F22IE^t}R8kX(tcJOwgO zk_h8LwiOat-$OK{qvnu84Jb{eiRoLo3KY`mJC5x*jjc8^w&Rhpse7Fu=6W;J>r5eB zKq0&WlrfkmfeU~ThgL6GHQFPSH7`)`8LE34Pohw_@bII#Q>@H*r%Fkp6;DP^UnluW^F(!q1Gpq; zP74Q%D*Us~NfA}F>tQgC*{Pz6_C4==Qc=C6T|e%&bPHc}?$2c4*1I)uceHQMh-2U0 zcMI9K;i-n61V_2>a4H7k>}2Zxzu3Fe229KlwFhRO+1{Pm!QP$O+1@>PSSNe;KaO^_ zchCOc?A^1Ec5CmRE&0kbO?&sNLnHR?=Z2!adv;Iu?&+Zfy6VvF{iUdtJ5w7o+q80L z#~5^w6Cd_9rFw3{ z5K2XOLrvq2B!^{Jh*+UQdwEK7@qW_4I97L^;LCEW-wV^rG>TG9v{ifuTg zUBS{WhsTT9ZSp3-_;Pci!=-~JSDf26~HK@Qhpzn}&WdC~fN{#-hH ztt(oZ#I_0MD4GN`Wm1Zw&4IKznTj?$8@}ZL0XZ-k_X*B5;0LHqjTtXRQC-zYn^4$R zR5w)O&8v6S^ikBs>wvJr_m422XPm5EOBXtfJrvegtuuB>Y8|Zp;E^;~^J&H|H6SI{ zN@|%~TVQX`ibU6Yo1%Irh3D`iEanHO4Xa7PYFHhDHqq8zM>N|+yIBWcbO%MJc25dD zXvN@Ok^8XG8sy-yH1^6WaZQr71&-g|>68wg&h`$5PEQM8(((RUPwh>E_R@ZPdzl^D z%c1rb{x9tJt(AXuYWisXdCCz-_>`pudUCU|D>cx3Z3lG14HP&aAkf456 zy+YNeL7BXmGJ~PajPS*s?(=nDeg>46I+p(kcV@AQ-%!2?^FkGqVyYMbRlJQ=T=W~t zzs<@|i-Ax|yzFI4Vm(a9jP`th_>$*bg0%wja3nvQKd4;B`Fm`3Yyt0VoWJ+iVdpOG zFn@8TB+|omw4y&+$vQeGratWviQx6h{{Sy`6ONWE3};~sc7ZDHJsVc?YP`U<9~f09 z{0jX8(qa~3Qp_5PuEYh7t}AwMycL@gSwO&V-P6KDV)CcPESC0))4Eoi5wGIR$V$PA z7j~%l(wJ4zUU4>7e0B`TAm>PP#?4$Xk2%zQ>_kDf(UFDI-h3WnAT~WCoD!Q=j6wPK z+!E$alvF>V{5i1&l#V#wUS?9H%-dbcOzw!+?PaD#%B<{C=FavqE8EK;s^f@9-Fa5Y=osxn% z8mgr9CW)((xS(78Nl|McXNF{TXDaGp2{Z}0_`H8*?!jGU1#{HM!N5?-St8?}^K_u0 z`xMPPM{yok(ho~&wUS;dIV%-ymP6*gWHnr=Z~<2CatSq+L(r)qP+S3}7BZwC$Bzw_ z?(}NOx_FYr?NPXLX~S2uem$S|ow+>{w?jgqI+!7;CD4#;t8d{dqYZdGCY?<5T=1Qdv zSB!H1j9bj`E_2%ybqltvs9VjJS;A1NqXb%3(znWLi95YncJ7oh`1t`hw@)F^UkQCP zTV@GESbwGTeQuD(am+Q6)jLh%b}L+&wBfV;Y60#eON@hshc15j%lF)LMTdhRk z%P@=32Y_CB6?QAV1ncKYWUc|dU*Lc_fN3KFobqDY5P&wMxzlUiYKz>kOHSXfSZC$9 zxlL~FTbU}(kU!1&NIHQ#&y==H4wepwSwyKlSU%M4ELEHbp$~3ng`8dq-BQxG;2d%_ zvKo*P-#E}2N}<%{3U>(a_y)^|uu_o0o!*Ea8+N(VPe|733l*+Z;r7eLLo0i&$IWMW z$4OHws3+<+Y#a)+1ZW&2v^|P*kCeUxdge~wB|BSSwq$Ov%>&y5D&19Qpz7M8mtAE5o4P&^U!3Egw$RR5O4# z;(bIXRInc}7^Lr!oCg6(-Q017Yhbeijqj3h04Lg%w;da)_T(!bA zOVr+#ZoJR5TMm}NR3BhzFx4j@&7HnmR`vo<55+SSGq5PFH_bq}11}t-% zFs>mC7@C!^=i4Nh9mv*zT~Mq<{9&HlT%Gjk#>eKkaL1bFEoc%OMg1OX0t_!@39z=P zC(afn{d>2%Sx!GKJHL~;&2Da+oBK*ptC707)x9!MHyNo&HEX{D(*P;e{V?0m3&pw? z8HJnMDs%hfPoDkv4-;@Fo8C(lRmaBNY6z+sPSs$-P^#vT8pqQ~u=ee~oW&e;eLqAlXRF zxDrN}hf`rp8_K$&IBO(asK?ytM`UN2o7*mPu;2pJGSY?;Mpa5!+7P6;kcKAwpxjUe zy#V?>8)&-1ZDAxRL;mD3^~vM7>kVmcY78bE8p94ivsKUs2`TAOCH=Up9(Si7C3+U2 z;RG<89GLK}CJl#XkqW6bN_qgZHSB~gDAqUD(S*a=+$9x%_|n;0LGKH6I*I+p`%M8*)Hu$uHf3I;%(13&aEAo2n{ngY(oWjdszCcePNhMffMee0dpN4C< z3ZTDF4wmG|!Jm7(otxawtwe+MK5i!v)n9tc&Tk~^=j@L8lpJJ|Ra=n~6Uog{xSy!4 zcL^Na_X-y#R13jqf)X$s>-5=dy_kX4nvjx$;oiU>-0EpJ*9=RAD9nCFmteGeVQh*zeOeUwQzQuxAF4F#g6^Zc zfGH9+0QG6^83b4rFKfR+x6i3ENO1wL4fm0Qn_&2}Dv-Zw?-D?0d13|-%+}Ie!vfHN z4iFCH$Z9#P3pcU#%M=u;a9}{Msd{8pz+lxWIY5f7iW7LMZt8N3LgwHmkXt>4ase=$ zDqsVpkoQ*@_d&p>8B!H+$mzw16i!zlvScW+0tq}lRU&t&+9m`0R2RR8G#+2}LVuaq zx(nXj#JzyY03Z%1nkx<2Q`HW}nsR_INt!EDrZidIgm7>>Tk$>kD`3e_fV2{!=^ng? z0NC9JWmD}VMi-6)kQ<5U;k;D?y&&x7s!jP@i6DOkh^i538t_ND%KaWJ1xC=DOg#Ww zRIXYK;3j272AHy}6_Q3;4e`q@SfO;4i%lw!19TQwVI~%XY>Z+g(s4*|R--HoN!s*< zQEc36qK(WoVgz%xK6{fa@6E&^As^YpSixmveKxVVk|mU|B@Qyo=d^}lMY5F+%V81_ z=}zQTZN~hHvxG@Mmnl|vHgHr$eS_RB0Cvb+6%&UqBl!fTmyO?C>OhQxB}1?WC~(&* z={krXDT?~5)UZbZ*$K%oj41>|*o)FW0i!q38+RV7ID-jr!>KwDpthO95KOKeAOs6& z4txSOEd#$uuXdvp+MsAe7bSo4lh>bPxykxj2|36D=xWnJ8)-pFibR*aC?JsN(gb4! zaZhH_3rcL(#nWIOK}J@rQzl9Ne%Vl!VqH_U(!@`7Ei*wjqbWW;B;%D+q#+K_qnP}e zAp!T|Of_M+8;AiDVI?Q%CV&})I>4WE06R=XQZ%I8jWC~iiW2}V?LtYXQ4-a~2?p5D zk+~BL;sE;qn+1Sm$=7|MlxeofA=t73)76*czQa z2jP&uN9InWunuTN#32JW@*~NpeSr3|nXQYVNTu+2$-A$xRwUx8O^S1ik`9Vdn>&3w zirFCMfr9Mj!k{FW3kb)eGWx_8mMMQSHQ{ms4b02*JSGd^nS++=u+y(M5DBzS2fnlm zbDzI>4yZV0k3n}<(ht)6Pf*WgZuLi$HdX4N9NY{`=`^q`S^XM$q3ryUiE0^4kz^B4 z8=Zil;sjhqEmT3-X)6gSAy`x)l)Tliph70X;pzh5?^7Z&`%#qQv?+}st`Z;M4kL+- zfZTuC6)+ZAd;QdVY%HL+?Z;ZqpOPoxsJ4Q{1{7VFMx8hDeJn`R%iv#4-B}PQZ){$Nf$&3XK$3D=fp(Hz30^UjK70CC}8zfwBKLR~+bFd(O zRkVMeD5eJ9e~(lMXd?hpSrntL>?nmdR7N@wk;sXVg5XWv21@odOF&q#9)XxAp;876aKZuH@8)Rup0L8LNVu}Q;6QJAbkEGjyV)qqjD>C;Dn>9;1o4L z@Bns7`VqxhhTs7Thk}0Dc&+eYHC4{+cw8+)3G_J5oXRWZh)snOP~q4a{RllQp&eE< zUXXT04c0Q_MFq_REVX@P?m8x?gHpd6#CedWk>-%-b|srBhEX*p7LC`|9IRn;LG+Q^ zNi@7sLB2v}Gp0<+fXA3r8y$6BbkwzOrw&kITAdq2S`tttG;i(1QR{5fOk@Pwy%$s} z_R!UOW?Bm?+AV3OrHYB*jAQR)cwR#0zOHH=O!Q{b{<~G{#%s?WtYvJnQR12qbVyjL zn4-rRY6hZjL=qWJ@=67>)?g3FAh|W7%k4qqCeHG96w>^?Zoe7?1g)^T(R76}$#6pZ>Ov z4r%C$HBC{|6zf7eQx)OYDmfGt{#hr1fCm4pbJ9Q2>W z0BIZitYbfKv!B)MXBqtnb7FU)rSgJGQyZ3wtKaMuoc_kApxSX#ai4FVy5{1n*Y1^6 z!7ddK`EE}3?c8n8!<$1Y&b_UFL-o&BB*R;ZRO~z}U_5Z)RS&>hnp8X>dD`q1H~n`N zyk$zoe|@g$zJ8Y{?T5E)sra3V%^S~^J{kvaIpqakL!;SUce$hc*Rej$Xt&x=6Sn=P z4o5|{qX}|3#jUmJOCT0s?hk{Q* z3+9_UTxOcGgc}08^^a=|1GxdW&-eXODQllpwBIv;RNiX6v>{}uR72#DKqg(-!+DbN zU}UZSHe@MZ9)YZzYlxhrKnH~S?NoWQ+4Q`k@E_yt?{_^9GCA&@$4T1LG-!4pWD*_- znPVOZSsFbM!o#RLoaWelu>C;DoY(^)KSI~p21@d=k>n*3_n|zgigtbPtMP=$9&`Ie zo2bAG$WDncsOJLFeV62qS+TrGu^l5j787HNA*1ZjuN$ym`^i1#X`98Otw1dC1%3eX z;A>3eSLikzYQI~riaJfb!2peBgxU5eXbam-hjwp;XLWCT%Th3$M(=WjzQ?7l)o3CP}L1wz(5Il=&onU+|pjQ1;WSfZ+%G`-RqZ`ld)03rfe=$}`c-Ed0TeXPH6+_(3TB+CAW+G>%~KA^ zJFaXm7{2lh1yi7)xwDu2QcS^rpQ#|w_obP!z@8RU+JmK=VoU#;M(=95lGq@rOEN{uU;DZSEphOwrEwsEmzy&|UY zc;{~)YeRN>xk3NSSU1KL+?V}7U{X;`!9QmI516FH6r7!XW=y)GCkcg?wXUw3NayNv%=J$>Z;rN8TcGvogw9=_p{ zXJ_~N1LOY>eJ-^8W3O)nX_t4!k-w=s5p$~2}j1AR{6Y77Rhv~H-3gRF; zc+LI)ZvOw|o;MA$BAxo(h| z)0NyEp21SlPJT@Q-P^wsv`YY;=aH3RX@P+phM`b${MLRvCWRygkbWdU< zh?uBmT~7dB9_G4pt(>*J#R#2~fIgeI@P&VYe7s{ho+jfRtI(-3pPBrZtaB{vY?AyuMZw~mDb{sz1u=&h> zE^08y4{~K=Y7(Z>YmVZdpRLduMd|;v(O{r5awo@D>SBANq09_O{weDqlYTkZNT08d zH>kSI|343Eb!HEPn$|w3Omk2xO!D(ypALh%&4PpSJS_Pq*do4H706 zZSmd`o+#$lF1}0g-)~17I;*y-4XgExbg8wF2r7@xvzpG6{4W)fg>*e5-iJ_Y`ZxR7 z%cWft&T|HU_ywZ36o~%`#pwNAC}<-DTk+Ou!+@$K|0=2rs?R(cGDMZ?jN~f(BjiFq z-u|TCQbDkg6b}62%Bscl?@%JNaFN$cVb8u14 zp{)1NMTR|i`O$xyoj~VzwMyzxXK6!ED_dsrTVXy)$F#HR}sJ+%;ZAqdJ*DF{; zwuwrT|K)Z((Rck6GPD(lQ|fXS{iBbh_9n58B(zQ;5Ze9mGm5S5##2u?q~mQkl8Mt` z{(r(pU%8!})FUN_DndIUG1i|tN43T|&;Lq{;N!-qHk&A_%~xebLpX{(P!ELJ#fwKI zKcz^#2>9>L)YDq92a6}+8Xrv0)6oUIZpY_xS0lkTLbIVnBdm0nTH{tj`bSL$k%$5U z|KdiA=Ly_0r0Lv?Yj0#Lq3=EHB)_v%*sg+3FG>9c;1Mi!KyUg^P@79W3L z#F|)SH4OOzb&7HnYPTVCYZov~! z!KND}?W|WDo=lQvmT0yDsQaJN%ssdmpMTKk;*LL_KP(oMzy;H_^1pOKyNuSvHht21 z8j~+TV+sZvt+}=QbBN_MwuNYRL8FoA&;JeM>k}E@P5;;N!5V;x{P%1OmQ^3d8D^0e z(mE5n4(lrq2b-s;uEwIB3xS?h2%rJ@7uS#}sYL&CCPz4oAv-7_)_F)r10GOWy^Z07 zNF%&>*c_gimJo8Jz*d(f#u5>wnfsa_h)lh+`9>YKm z*P9FCyo)&two!^R#;<>*j|lqXt{;WOQv#3{!Dpm-{*6VOFQT@+#o<3g%jM%7?AZPT zNPTqoe=*RA3s!m#F`AG@QD2bP++g907Neo`@%Bz;tnQ|NYcGoS?+vqmS6+hs^GxWb zZ|kwxU1r}t3;z|Tg*EH#i#@yQ->uY*PIs_kvV9-k)5Tsq4d-i;$pe7b^^>&zEFR3D zFJPo7!2Z>ga{hfN#A3=&xEcR+J;Hed`U4jt?o8=}U2I{)@HmZSi~C$A@N3Gv0|Bq} z4HQ}Ks|)GtR7`<7D$$53$CO^2N#7+Xo9!I~xhnCCem_fg^6OoFG7gTO=DkQNs)xGE z;cF$X^(hGW3!MA;^`!uUX;BMvdo~@jtx7r^@fUD}^1cgbYCZQVs-gHFsevqg6z%$y)N~*yKinUoClp3)pFZUxR^N@( zqPve^?18cl+1Lab^lMpN-kowmE0DGkvTA&Rh3DHtgD~i*^9SdCvyUS8y&GqFB8PWk zt_66(YJK1XT&-m^+bvM;Cja1fEzBaXYagHooKw|G=uInNKwK93(^@k?(lYwESYX8T*XzhC+Sp7|BHRb|_<($z-|^6P`58roHp zSS$E8+XUa~G`?^VfJFASa^BUUNAXcLaIFFqJQJPp;YN#h91isGzW^1kch;L}SA~z7 zBXQP4M|$V2EJK$+Fb;Jbk%lYRQA{XU$vRLoS-nv`NZd#2vL2x+@7nO;?(s{)b8lZo z*2Ld3Blz`}r5(R$WibT9OrG-@oSs5rwbI*LA<9moM(8{az}cjypHEo97cL?A{tBc> z@z1IOWCLndAHAQ5CtUSY8LYZ1IReSbRRa2q^(*hg=mVnvQpwov-3l#luxx#8lz!`~ zzF2}+C`6vV@L7EI{z=guX$-ZsAxfQg8ljW$6vY+nwF59pAq*)q*@&X%i0V&q&;-C3 z`n)Y(e8z&GS9b7cxdSB8S|*7`BvO~o&=kmL1t@J>2C}*Q%p~MZ|7vA~{BM!qU_pI~ z$$+y+ymVIpU}`}jYt+9SM1|J`=-iI4`85Ax&>r;817*RA8TE&#cF(<7^J5!mT9DpX zY`6^R{ToB+t7rxpYy^R09p=0`jd;KAPcw1yy##7_9nHu^Y)1Nj$PpFvdn>|spa4>* zyZ_N@P_sWkvp`E~v0M7btJ$VAh_5R<-_*xeE{e1=CLy|YR(d{i;3jD1uQ>6evyo2- zX*+~v2ItwzudhV1eISK8QiPQp9${88C;<`J2(K5u_zG4qbP@OH8D=b2`&xXBNKY~P zmRcsLo80P;ZvKN`<=`*pkMY|c!Kv}vmNirh{=vOL|p zSe(WMDDN2m;7l{`cr))Y#Ipy#9#Is&SqdJ#KzgvGLz%1+-&V?hj+uWW%fHKguLJU5 z*lqss5SD*c8)^iHi*Fn9ah1e>Pzi-D>$cE(v(Rl&NC+P5B|liU`Sz#!LdJ_8toRD} zKrl4Wcc{&uq-It4Dzf>HE3wovv()+2wN1VQ=Zu9CS3X$r+E6UPcP%l&EKzrwN<6gn z?uVenH9eF_HA{TKN~oibOo0-){-kA)kqZVxeSC+8!((PeQZ`IF773lriadLoh4sq) z4_g~UpqrtCz)%UjaW7uqXlA|VG)slm_75{@f|-P(2dt#`^rt~}3+0^d6yPsLpX%VZ zpo1*7;-gmD<~2N*A|_^5lO*OD0jO8oE`=RR<=CG2KK(DCeyXLUZ|B6(x1*usWVK3B zL4kGdM2X+QYz5h|0)7v)M^U$PK5A82$EdRu~)`5_nQE^u0I3NARBQT z{W>5$E*RP{7}447lw)Qx%l0$fLiYwR>jxxzn7L>It~Ya)VGMQcsSG>R#IG6!Z-TJ{ zv<5|;)d&(R3O7c%bBp4?`qRPZp!8Z1PKH-)R-uhAOl}-pfSEi2M&GS_2G%|$iIMjyn|!g`H{%J=eF23swfQ$dIVsW zn`85T#PVkez90GV{Km;wlTh*&q>`Zxi8%uLxi@ePy^gZM{?Nb#b5ur2RoSsBnuEN;?VbxF za{$A=W*|B(o7L$3opVd5kX^1}{fBnp``Pe4+Q-|XZQ|iPY*UW3dBecSlrX*4oR(~Z0H=IR@w*u$YF(N`_ zbMD@hh#J?V-=9i(uEOWnQixLra9;>s|G-}7;AK}JI2?!C{VOgf4U`reg5%&Oz@ z_HOAJiN$6x^XpnDZe(_hJ$h<8we_Pej})+8Rzn+@Jusm6Zb9>%#|F~6h1orF?uspc z270~cgAVk1;m)}9+BqajuV1R`kzU8{M=gt${xt7w3W=-bO~VGxQMBY2o6{@+t7RSb z0%YSbAju40(_C*V2J-YZX7ELy(INajZgu+?8APDNi$n~Ty9-jH!lWPFmAESOukS?d z23}|_A@x}}7^uls3<&Ddd&SHm6wz_-7Jk>!{;oQ`SOuw%;ZUPKEX{@}xAFtDj-m6y zMp-?Gd^VWXYWM=Da?6)Yj2Km+ubew{i z(T8_TbnpYlqkkf)oXa5RL8g5ih}4jTcEErZ6$|qPCd>;yY%xN%4*5FF9tQdil|Ypk z?Yn5dXFlj>`sh0luY&r>A4w@ek`dG!!VMriZ_->gA$QaKyl(2lxem?cx@`~VKJ+_m z5B>6inlE$Za@LN{sExg-zbyv4{}9FQZ_bR}in_R1RA;rL_o#CjdVfLzfH$LaR~pA= z?@&PvuuVk$rDc6Fa#vs9)A&~~I zCI9JE8cMBsNaQqEwxUkX$Wc@!BNOR*w$wg~E&5}v#0v7d-;ZP4f_Uac-}x1z+IORh zto8Cu!63uE%k%9tf?|XSGrr_sif8YAft*kJ(ED-yfplVjLosAFM$(4oQ53Mc{$v_j z3NFW$jHVR;^La5*u^nBbVqf~N7Q>98eOL7SLQMSXNZ4=c@`$fY6K$cX*=xPNoc!Cn zy)KQq{b)?L`%$-Vq;7kr05AJ;Nnb2WA14CCQ#2vd4bN`kWOzNrNOrJMUdIS;_hXy% zJ`m}?2#X7uy#k(6&8OO);$L^%pS{@Jzl=1d`1{Swb3kJh06QH4Gxb~?*^)jc7~_XB zzwJaCl+AC4M{PPvArl<>$Gwq`PDs)3>O&7{`sUYK4T5?5?(CJzqUUR3=7-4!{MrB> z6j>WAtngkGA1Gr@pp5z_P|=^M<~`WY+ysyxaZ=Zm*tdE+b@?yH5%-rmEFKqiv_Exp zqC@Z1#}b()zVLMbTR^10((9I{SU>{7QM^LAZgoJ;6#XAVDJNArpT-t?6^LPZKHJsQ zCK8PM>!q(FiOf&Kd=n&X94xQ=Ol_PUW3!AKspgNA{8Muj|2PIdT|AF)DT8hQl5hfD zPh(&=Bg^Y`geM7Sp6^(A#v=UXTiF_Yj3N8Mn}0j9m!8WsmM+NtJL;9kVIDNQ1Zb%g zS+jWb;mm7x;ol=`w(E#G%B!8w_Mg`S+A`6V(DtoiAii($H74+H1l5Yps(HNnG!6!n zN2F2Gl2_EGF@;_-4o8W7Oox}49WMV{3)?%&?g9QC4$@OQIZ`{EjO1ap1h)$b#jd7P z+EX1U{>noT;z2|*XoMC+n4Qi@>pJ0a)U1!lj+QUn*&` z1J`En>7ldxM$W*s=O5W2f8xy@-y3$OQ%Z;Za1)8}nAsbo8~|NiVU*N*GpZ7AusF>Ae`z5T<=NeG%`W(ildG|- zL4ZJcdJDFzO_22C>|v4~Vh=O)x8JkDB3@!gMK%*SfnDEDpMbw?W)CU)XYjBg)7)9O zViDTmVfz2Vsz}k_U=Ki;rsn7l_)H*VOp{LWv@Rr(EJ_LD@b{6hR_x~aD>tjpp^K3g zMzwb!!inEwb&|l;^}Gtym`8(8)OkkRJey-UX@)-HuQu|_*T%rH+Jg(BccxL4Vn#d*R;BYPka0+P5fR=~Bvk?$-%a;s`*TfUp z_#YrAfOZS|oUGF&ON2?;5gV7|X^;$#8Rq62Y)PS&sB#U%l6#HFG5FXXhMtEa-OzK- zRG{UIgyCH4^#M~+C}1>O_ddtY=a^j>tKaurJ8`-ikXpaxxhQ?|TquLkr1lQa?w$yT zMI^pW`s-9|uf7I;0kHn(+E=S?@%|QR>f%2}rK#@EH^txvup3CA_YA$B|o3}xq zu5Dkscv@)(S%IY7D$kF&SS0NhyFMMLi?bevyc3rVBsuh(UL?#4;_`un6g`(EtkcG( zspHa^De2E0_D^E_N9Vt{0m7!}>i}W(mbo+oPBtHcd62Yd9{c@jo`r2XW)cT1!&3?l z+)IAv6^0AUVl>{N|M@u+1;^*CZBP{U~@)R;QkDc()^LH?8{1YXQ2W<2J>o(x4b0?lfzJD)_`6}$!!>NDqKIXd@|zK@q{^r1K$GeaWK*x?BRc5 zVd5c)JbrCC0`9*i06%-&Vu>CC?9M*N-Ss%q)HNabLCR#b- z`BrvD85z~_mvB;?0ibtl0w#NM2I8I%jw2tcH>Y)y2h%#qgBhK^XPiNvjCt>P9#Sz+ z?;%yq)-U-CNyUEbb5T90qV^z(ZsW2^?D1Zv_!nd&puhh#1o9ebdP9hq?ZY$Kn?FT! z<$|0D*X(jgF=o8ko#3AneeXj5(Fc@z0J`P9K*3-z>?rvT{a=sK`4A~$>jifY0~y52u# zG#GdkdPAhWQe7%Q8%j`Leac{~er4n!MhiPF`O~BLUP|AXogZ{mlBY8y^-jbxSU`u- z#U?7Oe>{we2%ZO$a$CF?hqL3coyb_e{X>f(tmhyn4rj0aIyB`ftoM)^X2&Tc$T7q= za+6>^2hRy%|aS6Qz}7+B1=~RgBHz4r2rv?vzwFq&29^jNS<(rbi2FJ2!9CTVQvh3MP{l!m`x|KRyr}th@pFS{Cg<`x65Arr0 zQ+ict-}h+J!z^nd9%ecRb3OAQBl(Y!R1sS>qL&{2581N|Cy^lHw&)iV+2)IGgoMyp zM!fS3UGZOHCnh7a-TUG8+14zPHLLGH^9o)*cudxAwF||Mo0q2Umo**Ayj zeZ4akbTQCqB)@eKr;A^;$2=a^P|xK0tI2Wr0}eWkIFMuK4SxSTG<#JGM zQHfc~9#ZuA%T2Ked12@wBSue+Ugmko?BQw#45mbaem>3O5!@iJ;GMLwCN4LzW0^*B z(E&o_p)5(ii_X7#E+RY)O*atSp{Zmi#leQ0^oU>&T}Y3}Y(wY7OmY`_3%G@%mb+mk z3^k9EvSiX;ZZSSZt1iIRJ20F=bN}b> zfR2|&A^qip9qyS>b|)1$6#l8JK4H=#^nGIT6T;N(M6b*ByB@?VBaJdbuMSj^jTro`QR(KAGOJShA%h2DwP=i~C5 zoR?zwP0MVP-{f@QH{k;?-$3&N?xLOWQ|hvpdT*yT+-hZbZ2SgrV#9B^NdjTz$^?6v z_dG0@O?xJ|dy+=Otu~USZ;?fY9yi)|lRDOikD;47kbtiCNSN=;9`tJcrnT+HM@hRW zg`Ps2{EU;t;UAKDk)ezo!#1&Rfd1hF?L;NpwE0{Q&=a(AX=r~IvxQsWxPWKyGeh5YzPb2;^qFQWmK$ycCC=nUR<=3FMI;};ntR>(82Ua z=w*Hi9rK+5FZ$4xi~+d}JfTQ*t@p}SVjTS1($MIx_}Eb&R@m|e?Rx~^j?C^ad1gg! zPLcOYqFawCTA~bcI0;?~Fq~fQQFhP0|8K-=<_qn_i@`O0mI>F0UTaQ3_&XV8kge57 z*us@(*bf27%_QSkm2RnJZ0{D+oCR`Oc~2{^^7$5n%t8%IO|#IkrKVZv$E7i5p=q;B zJ6CqZ%yj}GgduRWsdhcLkkIHOrXf#t=$S0x9i|~qP0@$2gco4}N@}AzF)jS>?(`={ zFfw}9-iJWP!zn~8)ZO}n&$b%ob`>e#F}tPR=?}!H6wNzBQR@M*yhBNgDAymIY0~?M z=J24TorPNi_&i0}z$6czFIp3!=#0@B$*Fs2WsYL`iPgCyk_zvYqPJ9y3EMKs5 zS4;bcC1C?%NH`yfx{_PZh<@*xU6hQD;z&nXqt9xPMK(Ot4P(Ke_mJuEb1m3__pR`| zXO`C#q^qSSfz@WsFz4m|p3tcP8&Hpcum!|8<6frHAVu3u@m5f1p&gssWWdeE@i_{u zqu-HCRI-BXYwyQLh2NWvCOwCSekJ#aR}N3?nXMjL)j}E5!WYuiG1`HitZ=#A@eMLN z_|9ga@E&spVudg^M@PH|!aww&->^GXq6xuoK+B=16%5k`=zZ^Lhs?uhhu>PX=f3GbD_&Q zeQ_kQKFW>i^x2WbLzGy;7z7vPNXJQ%BTRi%O ze`QL;YUWsu4!r>jGQZCLJEm}>fPp4Pm9an z;v>_VXMqI$myJN1&aT=Vj*Mc#d(@G&(C^v~J-oq$%R*vZhZt+e4;Ppp?vD9Du=?!9 zzNGk%#Jg>-J}XO6h4~5CU2e7aMzeWh=hdw7Lwes9P#?-e$=ynAkD}C;!y3}>WTbgS z{H%CeA=EF@CpxKf)+fvq_)#0H;122wUpS}R_C&0t!ZhmtZ}yx6)8pE6yiES4{pU-R zQ3Jhw-J=}HodvB|``+7$Qb?)>X9n?A6(uLeVgpZ!dz65J;j$CfbAeVx;8%Ebw)e7ep z*_Ugf+iDvrIwSFN1q5zIdt{-aKAe%+ey1O|n1Zsp$EB8GXGvP8>#J({C+uKJiT?M$ zhR|pR$>UgQl+9(dfa2jc^thpx(*0B^x6zvkgbhl;SVw1&u;SbjPI7Lc%fdYTB8v5a zG^=^@|GPU3woj4M&7J%n_)j?w$iKn@3-fvo{><&2S6|)~Gg%!NYUHHhrz;pkJ;v6- zQ@692k)5fd8*O*n(D`HE<9O2vSky6h(J#Q?F222;zr9HG-ztyl?aAnVVPdl)G#ggg z3X#l{LWYR z{WcfP*v!W8`Of;#P%>vh&WF0>Gy;%`Oh)xY<7yC#t%j&JRfbUi38Yns_C~zP1RcWP^S$GZH)#kP5lc-3xuw z`@@HDZv0^)f`o3SJzBc2KCqV5%`331bEp2FLu6V?!&h0=A?5k~?Ba)%yVwHAWKJse z>%#pE0R3+#pSYILvyppI@#!gXgk3W8CNM|>&M^3U^SCKdq}yOwO`~)C%$E)tE`P`F zoty`s$WUYF*PpfQP}@pC>l@fP5+FP`coSjW0ZqAq(VN8w4WkRu#B7Jdde7^PS&ZoB z?siysbE4~E*sbmB;TTE6y`@oB&qY12hmnOXM(9@)PZr#Y$HQh-GcGKn{Bwldfb>BQ zEQi=6zswvPEbaqSYv*4G08T7BWL?(8@oR%Z@%?D-sPH`LQd@;(KeRFQ!ODMsD}e&d z6#%6Lm~`u{jL!X@0?GP*;&9T?@3)5cKN1jmS`+vpAA_)H%7t}Ij;nP69Dh7%7@@yL z4(nXZ7D-&?1jZ`)*eMpvG?dCr!egBpS1L1a&2O$l=a5 z+uI)nQ+++Cvm%h+%R6;d!H;|E*m}Zy;e?%yKeFL>v)&PsArUeY4GN8kV{eGZkMN|w zxdX)TBbL*k)p?74MYCbvyZ8LgG50HwyU2K6z6s3=wcc}q zgY4A*HpO5U(b1_?>!v5XbL;^5tqqyS&L;%poyNM*KW$w zFM1qzZ~f!?_{#eOBxTYn?p;EXKRr5*x3kD6VG7}v* zG~#yE`v+)lQ|LA_h6-)eFWz7n#7c7;Js)*{lpy?k$MHnmp_tBIXdHLX>C6k5TQ78V zp_lwbO;0mjU+5*@n_E$P_44nD607KyU4Lc+v%*}9K$yO`)nJ1KY{fG;G`3s4k<^W* zA>h(*e}-6RI`Ngd%!F57oWl^Y`*Hq$uYNnsGCdT2D!~%>d-5Xs{)dA2--~v7dZQAk zCZOf65AKi4s-?U0p&jH$w#~z@DRI-bWWX5^?3Ld0skUvn@wws=G&7C2>r3!K9VMyr z?6KaViX+9?8_ue z%r_o-aW?cqQjgMpc$r@NSOVw_&MnxLiiSPGUq^Izj4^UB_wprp$HHl-XTf}J**A;` zc4%or`;I{T^RvY}UyFiI-{-s@}nSTd6%Bp*RZ=P+vjEp6v`hCBr8$nDIOXbik*v9-)+%%D` zd;D-U$3(E*6WQzG)Mf zLy_+vY$c|=|3PwEq0iinmwIZtFl10%K7fDkqhlk@YYD&K-oGw;Mc9Empabn_?}~rs z>zXI=4ia_{>!ck@=#%O?36N=?!}f1mnAORmO*yF_G1GoxX*#CuG}Cr5SV4K_jR!@9 z0=V1JsniOCK9o#u^T(SClU8?g^A(#1&ZtVY12{qG?g~X*-cp5F28gQnSOpx zTjj=F+Hon2wQ<$yxi2%5PChx3b^$)PEW&5z$>#l`2RmHe`XL?+hdj|jzz$vCeO@av zlb!L_&um;jGk}5D#JUY}CsugUx|us%prKPxBQpp{im9TMTcZv{zE+qtnd&ybePfNV zM|RtF-hWJV-()45;2cD<{*`9pU)ec*-46>T_>(oOe977D=oxZ&{SJ0Q;b|+*mbXIq zJe@=)encK>m*(wPzVI2VX{b1^_+2#$(0(Ji@C#<6TxF%uS2cJa5Br&+Ff@O5huH(2 z?ZoLVd(DKph)%Xw-xJ9+gfoo-b^28iAe@YD_QCp(BpzgmWSmWmByMGiIV3+U(&TbJSd$oizJ!`Jq7oc4j(l31eszCOajuCS9Ca{vOa z!g{{wZgO^O@I|NalD+X2UzCgogwJQ!S!-z>qaORkOty@h*|JB4yO#9iI{j;AH{}Zt zMAc~XJ~^p}hxA=9FpKNP4&TvgT#KLoOP{f?d|`1U3m{Kr`>rd7Zq=VPt639MjfH6< zI)4A>YN7`Vqu(MYYYyo*Q&G?K*iRJb1ioF(z6m&G2%3)`ZN+mbAWxBe;pW9w_;-YS z1jU0quKrN->Fz(${-2kyBXsC=EEO^05#)CvtFu0|iRB1=)`1ThU0Pn#4U$DT{Zy!~ z2R;$L6~xzlRl_X$WpfkQG_oTUKLsrY%b?R}mWgY5#W zmKpxNGLF!vM*sC*#(?!B_cEq;024^on*AI02BP=BpoQ?8Ah8Xp8b;#Aweu4!VL#J9 zI?Br16}1$v;8*Ck{41(9?A7bHvX==+krsVJG?8o;Kp01pnF$GFL|P7&Pwi`oZ)S~5 z^^fzQO9{^XU0kqsvd6Qt6>fEhNV|XSccuG{uY~D%69j3bQ5(&35}rBQ;u#qGQt|h@ zxDp2&LeEi1v}d|#=J2kd8wK*S@H1YJK6+mQsA}Hpa4JEwLomO54&KG{W`R0BTP8_+ z4i*(*HIQDl&q)64lQfH37VZrboPcNmQqs&l`o?^AC=Fo!j~&pz?Vbd-{VPSS_B{*O zU(E%$eAt8h9PJEVHNN%}Q)-rbzE8JcZqN7WV$R37awL+`XGhxDRs7r97!<#aIQ)Jg zd0ob>FuIS1!GYEW3xj;&1th(06Vz|qX!PHrFRd{7oVjI4D)&uWVvfX+F9=CAc~=hC z&i_S||AWN+Mf4QS(TKQPr(0cSq1`cD@K~g#U<|+98%g}9rG4XaQzY@_2)o5~I$@{T zkjYxfxQ5KsHG@{Nj=VE8i+JZ?S?f>7UiQvn%yUDmn!P_B`}|-Il8SIvd>nep%%wsu z8Zx_XcAbksV$4`3VO+e;bVIu^J_+e+srY;RUPbuuP-ri_Rz|-cIMmzkZXasfeQanK zpkG70VuIrhu|(Cu_VGmZsJRf3t?TSajvDjxW9H`-<_58T*H`9z{V}q;g0i=UQ!G-+MkXg$10|@?CsmV- z{ZORZ#)yFt_X`fvw~6LnuR?Nko&Nqx;+ywjXW)ze%go5NfHmczyJDDSS27uTJLYr9 z*KJ;MW8sPU9R4WI`ZnVaOkV{6{zyGp_{9nc7cYa0r_w|(jjhOs@WchFUs)ziK#N;2ao$_z!DgX5``3qS7 zi?{cXzh6xLI+p*np7MY9YUsu&b{?B9bb2};j-+RjMkIDZy%Rg*q5BaCZ zHh`s(31tPp% zRMr_nyqeCT#*OyGNS(c?PVbE!>U);e_wK)A>$`Sa*ZR=Eb_h?_=|iF0v2{QLUPT}K zZ$u7(VaHT>31{lR7In>ejh+>obM(Js@o32*C^u4HaV#dsO|_6VP`~BZn6%z?v85{N z;$h#J(Ba-$u{(VcUuhlj!Htrf3_4%|MJq%9ETVRsi5qve73P!;>>Ns}T@pv)5bvJ)M!smu4YQ=PFb-hGCdc{U}tV!=>J6J~3&J=&uR+==a{ zb*iG9c%%yX6j5d_v?*C_bFWkAmTOYd!eCyD0v;%@6?!E z7|{yNiJBy9A2yoWLXH@>=8DGlnx%O6x#QpWh@1k!i>Zrd*9)`K_@Wo6rCKSdk7mBl zW&gM|R0Q4r2PVm%o59H(G4{q{Gp$zQ$^>m3s7TMT?kX8M=rBxC@5?YxX^D}e0&=9# zGQ7R;U`t;B|1pINOT`BJkC$@G7Q7=B)q6%s!6R1egrH5d%f9kSlJ+vIe=^jsVEs=; zv96BYl9egGObkrU7=Pve2>+Hdz`sNNlDb`!C#i0mqD`0$7{lTSPDoSyQ?v2j(*=k= zIf{R}jqph6Ov8WQ2K40O7*y*a@2XZHU@n`QKdI;bbvVmksU(6%xu0~*$7kcl_3t%d zMz98mU=?~KD@D4y>90t4H)7`%f3G9U`dZA>4`Blz_W}Rrp2Mf*ZznJZb+R&Z`RW97 zzcAq}OF1n>>{j{mljc)+wr?XoTRc}vej%O(_EZLWyAC$rn9@#&@;Mt$yhYAUy?U<{!MwS29RezY>b=WYKBT|C?&D zs6lF=Xv>m|CI6e)VYh#AHh}H*glL?jpRH$EBA0Y2HyfOV28a1DEz|&IO(^k&N3kLx z{VobW!s73d?18-jpy34ZgpwBI4 zOp(;BXu7&>2u|*r1a#zVv9$Nk83^4?7P8}#uf&e=r`&!|hA#LPV>gzwZv4a2;p{w} zK-(*`tFw972fULi6_i<+V+ZIUa0=|;E_n5Zdu>mGa?PFVG z!`##WUzCaGBr$9^gDRa|wVr*JMO14-NpxZ`rlt+{Xi0BE)CWhb!~U2~`R%Mz!P9sf z)vO-z>Kz#134wpC&xx`8V@V_L=RFno^Lv8V8wM;ihs3UhJ!iBTq2(;1UC4L3-9KLp z^{61CVJ<~qAWg~*dV1+sKN&JMP)q{!&jQs%*I!(I)!~d38OMFi7w{{-wxUl@SoXKg z##l?qzkW#vRiBo)N<64q?mHQYo~dzKUJ}mDBe=`zBf0}ZkECkYF9MdN`f$?AebH4j z$BMERIy`^Kio*SXx!2}?ibWS+A!)vqkveiK@I+luzvqdN0W0^qC(tDW`;0AKfh|(8 z&f$vQMV$EtzHx|1m6<7#gi&o z|HEk8i!_v(MZRC{_fcAtE$!cZ{C~Q~<7D5+Hkk8aGdz)xCyqWN~&3hjFJ?%|} zzpdW0;ctuA0e_plec^AD*9LzZ%Y6}wANm99tI>}yT1zo`I9a>7m!#f&HAX>Yv)>PU z{;@FX{$RjM;?t*V7;_jJp_F)AVJmJ9G%pAlA#_mHUKT+}Ws8nlqS*l%^zD#WrK&*V>zeyo+5s7!;;au( zl{Brxly23pg7WPc7``ID(o$k7E$>fjF~SZRP*72y!e9a(dywd=9^P)H4aZ>5beQ>nX67vJfNg3NUI3EvuJ@qZ#_ z5JwRCrm3$bgg*UZD$*_QpiFe`C!bMO1F@?9`ja*ECLZoGEBO4u+q2-)je--$e@z6|A4R;}Et*Z&ik~6*vsB9m z*)V}lu~rdNausdyBO;K z%yiwy)Xl8OCIio!%LAM6dv>GebB7odZTdDJCPR@Ypbptfao6 zQ+&&U+DL9U-SaC5BJ|{FKL0Zen$KXqPWOM~ug9BdE_cPE$@vt&0p0aTEX^g53hPl+8$BZ60!%%VkdO_bEl$7eJHmka1F-y7l80|VH=tkre%Op3lCS@q zOep}tmrZ<%sl(G>pZ+$LpASFbB>isow(xDjC&a^!2q9 z1#Z?}vXe&IYrwp|OsvI?z?1x07BYfWyNc@JW8qSQw|fb}yHZkLlDJr6g~Q1tQDf#y zSZgtly~(OHsnh8>vD7JQ;pw_SyWm^I@PhV9H1G%}QS|l~qGbDD$Rh=NQGgO#S>mf? z&3MycuH)O>5g$g7g?hpERb`Dvf**G>cR76FH5@ZIu&YBz;}9eRQab1ae@BC5CeyX} z!V)T5?-@kj+nXqiM3kko?T-RfLyvK$L>hX4C{AbwQM4VB|K>D#=BgOzRX|BMhBpXc z`+w};q5X>qk7@*FS7w0{o6sWDKBA(_DL&thDEaO>s4vf93IaxM4KKwBlxGrJ2-F8T zD?l32Ud)@;u>%SykW>}FgtKYFE}_nVs2Dzn-m_}eGJk%9ud!(!(D?9K>c=)N zMkt_5p=74;)cU@lmE-wI@;`^GMwwZLy|^wFDM66jF?+TFO^@0iRz$!X{@@J$MokK} zu7gD3@h|~SU-)QWM!Bt$|1AeQ5{|cgiCy&9Uww_J=)Yeh8h*|mdi$ZeFAy*qtoAZt zMN}bg(yu)Wx?H|O;vyZ5QYp}i@y@g4D+5CHT*swWXVR*h9|l^rqBE`P$^T(I`_WDQ z(VIy%EilkWmZu*)V1<0qhwMhJK-z?xch$+hwgGcT#22K|J`#GB;I@lMf$2$^B=*N1 zHrE7A9EF}@re^U^qrKNO>tY3M4+H;I57UOnUXqP2fk^f|;Lt?Xqn<^6b!6vVoMAXzW{z5e-dUs5{% z8z$NLt0!PmuZ!)1{`Xht%ghg{1E0M@QuPJj(A%-yF;ey8VUns*#}!wuM~PTg7uaK5 zn8Y&!$H-H50^;=0CnMtd%Z)^vS;xi33;O6i5~LPkXey>LbG1rt#r$q&4@04ZSODNX zFnf~r28IWh{mi88cfThTW5{v+z=Px@(lblZJ}M>^XYFc6>E6RjXt(~-m)xHXf%J7| zI=T(r@oQi6UewyRN!MKwu>$;#Ee9%3B=%%8`Lc6&@)sLNWoy2P_L&Mct>Zd`<%y|m zPaU=UABk&lMc@Em(QKty&$7h8MpkX?o^~W8Nt}2-)g2)GIlXGP+4=Q8Hm9fMtj+Vf z0WjSi{sGrf?pHld0+~V8wUdat6iL*^M-|lai=8Ip=GizI^`7}K8BA{eyoSw5fUMuM z-cv9fPOTmY_q9YEJJjl9a1*c|z%m2MRZ;;m%JAz+g_g2*u$#7#iJ?QzMUyyY4?fx2 zm$`-hUC*;~r)}$qUF%$ZlIpA!O;FMt`9EU5y^iaDeJs}hA{NH3>k zeg%f}`y_$mEc~B?^PYlahZ-z6ga;w&^Y7zWD6oR21mNf1#qrlGo;(OCM3gCd0rO2S zp~L6M9m1?<(^#zAuo*pcfwbPw7dDRwuJwB%Fk z(NdoDjKo#lU>qvXpG0zyiv&E7+w(vSsX$S{SDxgad86zz2JpT@jyc)nCI18mc}!^3 zT{F>IH~|ROR0q6=PIfB_(8=4o;(zn8fLq0d<^|oN*y|0wW3T5f7F)U*^76?2H!;pJ z2*4!<@^? z&o|f8Wp@ULZpJ^hyYbVl`Ia`rIAc5~$qcxHj!Gj@Uf3f0SdFvD{{Ex6$O`U>S!8Q| zjK60S$KM=t8O7Y$oNFZiPQ{xBNCd8AfX1uYK6B;^yTKpwe>NuKQ@(S1B(HH=o}>MI z8zVa=M#IPYyn%V%L@h5V;s}%V=TgP*ZjE4qk-UB-EjiD*rdkU0)(a%7l@Pwi zVzBKbMix8vhZL#4%me2@G)fRXP1Db|M(Aj_=QBj~ai$Frv?pwukR+Hvf9qX9H&Z$RahwaehU1jwuo8#1$95XUIqUJ!wKv`5wh0`5Z)(-++pGDL2E zQs@b~YXDh8UzmVx*zZdJUTrI=N4_rPo>-C^zg_abzg)pvhW^{K%|_faOCsBNZe3RQ zD7fF_s?`&rJz49m&2eDlE=Bb=f?n%Z+t~eB@*{QOa`e{JP)1+)n43UFkoy+eVifR^E=G$kokewN&XiNa9M_ zRe>gKTT~Y%Vd&}MXta=LZj!m6NE=vmvpk^pnT|f~fjFjwdbbh%v$b{W@4Az}4_ptp z=%?8_u7%AsW&4Dxqe8)9Tnm8kuB=@yNGdptYXA^E!CV(Ej?#liZ7vQ!v*oapEr+A9 z9GbZW3!zpJ|4Kz|l0#JYu%!Si0dG8r_Jeu25+(`_B?P65>xEgIcbcyyeeUcYICCKx z9sigg5x+XVs7R9%eqHZ zTq2iT4@=}lz=cMN8^&5#qZ@0QbzwM5Y;l_>sqj-shYZlaR%Y`{i zaImrPns|rP@3P4lH|85X+r0mBB~sEBZhnpebM0G_1Tvo2=Dl3VI>0}BHaUfnJZ>~5 z9aXpz2~E+B`p>tAjPkK_NUgA8e!#w~8K#x-&(#2$xVR&d<^mkc4t?2GkI;%(_QDU zqm6;m0TQ0?2~Tbl)M_Csp!gqeClvv5;~tdNuSK;)KY~!`!_F!85w+PSrC>gbL3swD z!um8W(#?c^*%%Z^9T6@hS?9@a#X~gMgb7hGM8^-j| zOKly$$J|%UCIbL;CzF(ve;$vGuH8Z2VdP_rq9q$k(=2$Ou|xb3N1XWG9qOljH>I2U znH3SGz3HJ$7*r4PjeuTESF$YUwDJmv!=p7MB&tDP|moGNO}BHoIQfAy!Dt@_x)DEf-zW($Onj{OqK{?&vN)3)d_W5Uyv~Hf^8CkS*Ng|=2Deh!JegPy}o*aC}s_a00SJ}KBTctFP%>Q9=`1HJO~<)t|B5J3zi41juP5nY$3k^nC)-$7Tg|AuFIP0t+wkdY=d$aLhr7>^bB z$^aa_2^{mt#Y2EWq(tB1x1np_rA`AOk{^MH*G8uiVju!*`+`MLhHe+eFuPtM#=xgicdED1F+#`l?(fF6o2gdGe zOk6Nq^7s4T&#?|u3)n!Pj=L_Yrdy``Rw>obgXSI;Q@vG@67Sot5pXhwwtW)d&XT5W$ zK64f8^A*fVus-jN7V_Pw?$xVbZlMjBfp~6%mo#3#=5zdbZ8#e0I%?|gwtj1;`v3E0 zwEl%%>ObevcymTcBaKMuv|#7#hz)2@zEB8nJ<}``T7+t21e`bU_a^< zk79w@!ea{XXo`sATa;qsi`2*+09=v_Bz3o>4a6gX=b=N_@7Ln^O3b6qXJeMhxKXP0 z!CEM;e6bf9>C)?QYgp^Amg$eZL>R(^{&vSN@%sJ4yzdeA&$W@#UtGEL;`A zCz%d#_a}KX<GX2yXtqugV%Kts`o^+K(7iC_v!*R!(M_?D#DytDPE z)-bd>kDTfBCMn7cXnmW9zmxOJS(Fx}*I5m1cI@C}#6 zl~0&FpH1+crgWC)JH#*c%#bKBb(+QFbQ<^H-{HO-jVY;7&p4-*?A_%y=D@}%mqsl~ zn_B~jqfZ-;w(tpdeIh(in=t{2AF^}^NZg6uwh0boAKRnYW9_IzB2*S#3gkUMGya8v z&g;du2qveGGZ6ZPi9gF0Iq>+rHZ?^WH8ssU2iL*HC;!}U!YAyaPNS}UV(${2~K|f1V`Z(PaQC4ip?W-nE$DE{GOvY3_MuSU(%Fdqwd1)p~n<$LQ0uvH!M`v zsKAJ}-fdW*ZOh6Dj&9~Fo_kzU>+1qeB>$XD% zKxy|huqED?N|Y;eQLW)C zRF{oNB}LfK_fBVJ{zw7tSYYxd$v?%We_?)EVWw$Q<|vwLq5fA&_smmr!*g@l-5G3r z9ZSAb$qIXZ=jM(H#wIGYb{Ug^^bxFgMGKHrUJXsGgYWoZJ}Y@1NKNZly0A73f?SgsDX;4N?cA459(EY23a8?ILtL_XC}`>ZXs2BmQr(8~ejEq?s+B zM99{4`OF`7COT(i-ckiXuJdOY7!w8X;v!kSfn0M__hbFR{Sa@cTQ4MkaGKi^8q{qJ zlZYR+Hz0F|7^ofnRZ!?BoUP=uJI@MpR}m}kF+8TgIuSQ(roUR|c1$u!?=E%2xgHGv3Kc!Ocf%!MY@7;Tm zK$P)6|CKH*kw^%&lk-1vqwvVskP*Vu!JYg`XzpnATYW&6!yg^vap#yW2X;^-`8{N1 zqhN2|VJ>IAf}_{pXl#o_J?9Ja=qUDn?^Pg{X?ZqZjm?{hbQN9Li6Ah6)HPOf+w|Gn zQ7j7TGo~R=ETw7mEuMh}D&VgJ0J^>nZ_`oL2SE6yOO5_sFWL~j^V7n2#`?yM5uV;O z=W$p@ixHx`E!r67_jEbC2xla}{CgG$m0ThMgDcNV$wSOY)Gz3bM>Li!p)Q~&g-9c& z{MbnHBUyC!HMikNZeiTj@Bo$R0|OR_T-WE>Y~E4q7!wlubEh_#eku92W#RK+V6V`? zl3-x=$fZ-g!AeffpN5=b`?e7gium)#&cC#EH2uaqpUZeLi&dQxHFJ}6iVi>PkiRUL8%TP^VySHz?aEpaqdNQ{&Mm|U&e(pyc+>fSt zK>;?TKm!vATWG?kF~_tsA~Anz$$(NnJB`lR z;0730F?TBQ=nO2SVG_C|@Vf)%all;^MPW%VlS}W_k57x`(h=X!znsw@ymoVnTN@^8 zzE@1g=mTMNzdVo@J@E#EGL2SyF!&IL>rl7hhPPu1P0OmH=&fS8UAYY%$1B10V{M>q zjh*35#+omd)h&uz<=kl`KMM_nMMXQ;2M>|t_7=Y4rDSq03*Pr=agJDL&xO*B+;q@qa!L(-J=RZttVBvV`^fZ7UZf{?SIIX!d zB2&E1ly2}oU$__3xI6Z!)ENl>9B2P0p3?kbWdCbKJcpEV68OSWc72d;@*ugfWALNt7`o&YIvhw;IM>SiR&;yD>{!ipuxX7Qz@TG@V035##Y%qRfg92ul4POx1;*&uk^bR5`rY!N6Xg8OL{OoF42+ z?O?>}39SE2?diN!XM5UgW>2$lzuBIqq{gwQb;Zy5CVoB&_(`r}XB8|;Vb?LvgrXak z{lB2-f6qA+ioS5p|B9kB&N(xR&Soh3)ji#yXdL{!#+-o5B_D-zXDDj15sEHsN6|(1 z{ALtgKkT=nDCIw$IOcu~<%blqbhD0m2NI5W&w`&h7QV2RmeI165g#Hy)A?c{ zMJQ;*x%Hfl4+(hr1|MuV+s%wW$Z8eFVM4u9!LhwDBMlf8GRtowwp?EmV8j>H!dMo^ zvl>tISw{8di*$1@bjebbTD^lY7z=I&y-DwUVG|V_@6h`dv=|h3ah`(&8rD~JFE!3g zNk($o3?_Dd!gkzj5y&e3e*6B(V?*SzT`2C0V%=8N>|oF6b=AeV&6I6sxc86Wz zE8~56t)ol(-d&??ZBL09dS8{w$2!Q2{9L>Oc!MeYRa|>LTb+q`4GvZ(ZTS-e!39cF zR>V%E-~!!f9;`xDLk5WN(o+}X>IAKVFD#_h*@yQPopE)ZopPqtd2&eX>SQuYPiu42 zkjUBu+QAM8g*TCVDh!uE#=m7`r_%a4?~0Y(4)x^UT2upqS}Cbp>9T-xivU_t-wtY7 z+_Q7EW#__p2Lc{?UK?=XeZx0P1bc}$CuWm1#>D8w4&NC68-+GFAC^#)VJw|{b^J_o zBk>QFCbl08UHRjt*OK797nJQjv>^27Acrx# z`XSzFY~>2OYD9ZU_$F!%#LGTm2ftn%VXU-`kc?6cg}R=FOo0LY@K5Zjt50EI;r`KC z3woE?Mp(joN8hsG8+bCpJC;r4mi?O(>h}m~d&HGD!nk`aQ?4~Q3PeURSLRM657~65 z!UTz-w;7@5+PcI~>jr;FKSdNOKON_X z1@-&-QFOAaV}k|60C--+|Ht4KL+la<8traZ*)S##=XKz8AK_aKfox9UDnTt1{8QU7 z&vR!{{1*qjpT_s4^zLyBpS_NLlSYWtE>s|@#|5H8(59qT8_8eYPIj0=!PvySq?l(_ z&P|LoR1{cL8oCFSccYBe*G*MV-_9bSTpfu}*{tuelSg!>$J5b>St7f_;b_nFZqzsNKL+%=a@1;DE#_(~ zGQ3G)J0^u7iMet=2v5<72{HDHj`#nHV{|?RRkv~$VD)snmkdh z+x3&8J>n2meOJvGe-dunSaO^A2|Ku;-{wbCQt(iM>K-Z0tY8G}U)kmb-n(#vW9DWx z=sR?y@JSvatUE={+H#YBa1q<5@WN`YlXiis>&lclJZxU0a9e?z>NojqPeW>;+*QF& z>(;Uok9-OLPBM>;3DKwlKuR9KdH0jcdpCw>_1e)_*z+TpxA}eSI%GhJh5~*0V*CP6 z!bWyc=7f2s405qR;re8=a5;%!?pjH6IfUGx$h#|m`AF*YG?*0(5nRKsdWOWiDZ1L| zQY%CpGq8as8}Iu&Vf%hqd7;a>SmSnm>;i}!^0?Un#2XEBLd3?xfcjukt7({VSL@FL z$p~3`lWmwzL~4siy3hu6BDA@e8TF=MQ?aGvWy+8jib2lMAA6DA8%vnwkw}~fsl5$lT|svKRO#auHXR(e9M5hO^Teg8wRCpWE)4ngop4Wma&5fWwNnZ8s%Nb zXbr&J9=TF&&QXPevEzJ$7(x0MdWe`pbCX-byDN)!F8LJ0eW;bbX4|}e5^dG`YOLOy z!+!?ZNGLdjlcA_bA(j7ueuo4L;c6;bnYC64k*k0+4JH*X+&>daEQ~ zi4`j23nyc+5Y1g9`v*UNlRv3|Y7-G&Nd=m%<8##g{OUTs*M zjXMH67hVcHTrkR=`w{1W7y&vKuO=3LRQD#d8vfL2P((0xc#nn?qq)p0X9NyyiUTIH zMgXQf*z|GpC6Vpvx~u3He&wGSaiw5}5%@;oNip}#U|-h^WWYrCIb-~TF9!e?>vh0& z^Zlb28rz{wuGYJ$z3D)tX^dt3DhqQwMc__#s$KEB0$BZ?0aSg_1E@b;hKtG^40JA> zP61?rP7|wg+x4MCZI z4xulN8ynL_ds-+#Rp2$GjS=pCghkT{>h(=b&)-O5L7P=w{4@VtF*`WB>c!p!#u`bp zsCC+up9Qr7w463rz<$Qfc7{hp>AjG6B415i4Ri~5f}Fb(FsHZ4a`vOI^~>vnoaZ}H z{Yi8h4F{d|VxqBd+Zb)+pTnC8pP;;u*a9mi!JWIwvr|-$h|ac#17czuvFe33%q#ex z%HXI1C{6*;7M73Ep8B&b9B>9g4am!UWo;WG!#s?m_zF@*|4oJ~y$RBUU4~0-7JSEB z1*62Jo)&zkP74MoY=*C)%_tW>C40uM?}g8-^zZ{Tw#?$lgA zqZs1CQ^x;cKwBw8;}iTN|11S(SrR7rQ~#j&N5AOY627*}`6LQmRIQF&DH%Zu|HzdA z7nHeji7S;xxf}VyfxSq4s&*QHK9_YYFCHVvrkIq0$|Hf!ZKKQqMEc}i=E9q%b-61;55pi}v z^V<_EfO09hC0<-uFc8}(GIWOqQUU{!xH1~Z;zsXZLYmctk2S&U$&&7S5@|nve?~8d zzWiVN(-P^1r~7WihsRk6kJ10v_MeQj|8h6&hcCK+wOP%FvQgHx8ZY3-)d?n$!u?U6 zi*&$K7CUp1UOKlxKNs$Yq^HB*#BH)Gex9NIkGM$t16li6x!H%3NFTbk?+brJW6$pi z1;ifa|Njnu40zk!I=K9|;9sYU3u=|%JJd$KRQxF0l-NK(`vVAQ@O$Z>W#48S5!G0FR&HBoie}{ZAL$u1UM_Pe zr!{((I|IPUJWiTl7>=MRPq)IK75Jy9Ra1OOW1oh9D=-1QNGHf3OnqHn!g=0;0w6y+ zv?LA0s1*27xEjso3onn0&KH~!e^24nQo`S141c54t{smzbi&^;guflm+fEN%`D@f4 zcD(q&ZoFr`SwK(R+d)WKDB=BnHMjvqWBtNflpj1f-JL~6^>!|2hQ*5$KNC;PoYxjB zgDkak-hQ&ii)xK?XM+>k#q)OCp&ixrb0nLq=m);=gt>Qd@7L@w+TXu6kKcV^et4BW z0Gq|czen!BvBVlmTuX`5=`hb=h1nvlHk-u^zw22Dc;;(NP*iUv|LnO5>{Opo!K|hr z%SfuXS}g@#pq6~)#T*%nqvrqK0&0FE%-R>Gk3**A`&wIY8y|fD>VIv4EZ^V_^DUsB z=kE3N(le|!>i5sk@6ZOi4PU1(g?v;?=sk8erUO(%%iuGf>h@NPfYn9&`BjVX{6b^H zPmhmv6$RAkKcnm4W{;q+Kfz#s3Hjf}`%#j%*kXFelKb1x21Dyhn_g2C@ZK7_11l;= zBlz`zrCxo?jzkiukCG+p1c0K3ok?)BI!>iT>p(4YG5Q3+;K}OZTIdE=i-|0#F17Dw zVKDr?ZI(QY6dVAML(|&ypS8ucd|?Fv-c@UC1GG^0=~vgY0q_PzC2#nNFG!&9hA_Uo z!g|j&`hT`3Qq$gQzEI>?fLG=e2KzT91!eF6&LyRLYXHr|S^68tv0hfHKNkT`B)TBV z=d2V;`+vX*Gs4#hzE%zZVDa7tbye!kAX|r)Q?w<{dnHs|>mo(Fk@9>SzJmg#S7Qnt zIwS}A_@Xw2+D^mb1|Z*o#RRoAQVf6vvL^_#hxL{^T6zyNV=5e)2{ik6@5!Xi@^?VE86FkbVJsRgbfuW zRT&g%*tWZ`B|O5+W^S13cQ@ie!Y1fis_tvRoroIH0jG8GoYplhzstn*vVjA@Hr0lt%PXTmR`+F$Lzzem~uX|9{VU|;?lwFx+@trSX#Fs`ck2k2ZG`uezk83FsLWK(QUow|J5k~EO>;;+<)^oVFXuN1-a2#j3>dC7CkaNm7R~Gz>5jMi- zG?LGl^?%_gvn1}1)FG@xVivBrU59;JxuSrJcbyh_*J02ajU8fc*!yKTk(I^C1byn2 zfM72Z>dQE9mf&B?nO&vWq=Y~SnvHwws700C?5F5FT&B8qKRO=R7w^nu+dB?UOXptk;XD=zPC$ zX4$znA>j5f_P#w-*2cchy($K*pRlh#5fd_-4rL?da{dr`O~-1fZ=thKciG>Ix93Z- zu*=B_+crg8+%9Wu_=%2-levUebcoiNCl5nSaNb1M%AZ|l-S6<+jFFYnq=@H$$bJxw zHvb5*%bd=EMxr^ocrM9kG06Fiqf4!3m8JED5&lQ#{j1oqP^_x$3Ps4?qF=>&eQC$~ zA~B$-%C~=P@1-dwwSSHM5L({c1O0s^A$C8?Url#Upf`J{H}AhftNmT_-mkquo)fi? zma&LEy8k5g@^^|#E+7^4^9qiU-LWtY0#?Hud_s4flu{gd|r(vl03jRkPd%QLPpDiREe$Ij>ZYpk>Uvm0}m`pKmp(`R}L`MU7@( z-eu`-^=EcW8_2kWhE!xXgShy%MhQLh@h&so@erjKt&5QOWb+P)R%BLSVJ=C%=a9|s zxW2E+8k5Wy?jbP0k1jTa&ylDWv#mG-$?DRqVzv`!5G_52UDWd#6PG%0BhEu(&Hm3z>sS9m(94WK@6@jm=z-Ms3(>&{6hq%q#G@Em+n7LN*!P0( zbb{$1cdjRPaD|3x+x<(-?#vC_itOg#0xBx!5DdoLQ5yTfRu76!h@ zjE)@iWBu~)@eYWet%(w|d$%R9iOEA*TKillyPLtU+LA!=3N9h|Gvvgzo~5frHDpBj zrJS1NXjMz)MFG=aHHaOl@YV2R5yOv}edHFG<5!{W%J(@Ivv@Czz<~8MK8cZRf{yUG=`-TFQrPep;EH~=YH0A z3p=z>bQ?OuPb6CCub_c8>s28pKA_KOhJ>hGy-~rL{-O1Ckimdqdujnmv5Wp`ZKD5y zHk1#(=U2_9dI+BEbcDh@_EP*6eO?G}Sm9}yV7`C!B4ZnrS^9(7y$CijWKqX^7bEVP?0#A>?=ii)l1rbh3bUUmA3v+{R|;`LXt%yZp1-K!^fT z79dhax^C|GOU`4Dtk<9GF}=R@!MME!80lhl1dSv`c}LDgw_ z=4M4J+`O(GjiYl_2*f3dVUbz-I}{7w2gzoG*aUiHBPlng2efJkE(f4Q=zEeh8F$jw z60&KZTgW#vEr68<60#=K-)m@i3msHq9SJ#Fh}9Yw^dFaIS-pBHa#(hJavR=YFWQN> z9F>f0Be|c8IcI#>*O;J9&dBE11o-s<^=viYh7M(bLH0Vfo?Vu@4U1$NmC`4cWxu@=((ipUAplWZ_8~ z(Qo5~g21&Ybe$_((kA3>U`KA>AIT7D)>wbi6$Qb-5DJl{mNe}19llZGN|c#fZt{=r zE338v=q*K7#Q}C%ojf2#nz>Els$^9ekSWhBlekL!guV~W$256nx%udD?$mqrBTv=l z?f%T)bU&BDN5sRD>=@T}QJb|8M0!{NvtCSt-v4@4nuVS1#Z&1N@TWXKjh(7ql5O#1 z!B39GGa3XWgUM8&ef?Urf8n*h7ROw-ue4Sm*yEk!e%CcLLH8zPLlt>u6*(5~Cis%a zzT|{I_O;aUPcMUZ8uo*>_8}+uT5a=(gdUBOW{h;)YU5Yj$dU(4RGG?%|m%=wf@0r zJkS*=ZiS&!)RkZ8vgagFGM=6RQ|Q(vr6}s}rnxmKQ&Df4A!`z>9XBl2n`XPUX=#dj zyIoSJ!jieNd`vboMm_<`#2C^ggvco_Vb@QhI#+~mdB8N`2Xc^yVD+_2hoJ6`EL&|7 zb{&CiDQ=7p6{LtBYl4D(i{x7jBpOr5XSiVB8gW8*3p8pak*wdWyMU}{GW2dj8k@5V z*qjZQHHWO_;YIsABf0mLFwr<#n4C;YOdyIV64AkUfKrXZRZHsA*+Xyywd^GaUW{$( zYa%87eI1SNPyeNhvSV^AQNIlxY9u!Z@%$~A@lhDsp%V$;BIx#Q@B`icouu8INkQ2Z zjZFoe+|BLl&C%v&`==Vd<~|E9GsmWALY{{8YB{fnFc-9op2iqMeI+HSANTrn#H}c6XpT0p>n1 z);~FqQ>SKo&xNJi{2VfrmzezwFC-hu7iA+OX;KBHJbxq&1V7a27nS#g>K9~c`FUJG z&7X{(&xB&6d_YqEZ4co+v6-ug?FSFpfJ@E4V;HQNkHrBAqPlzyEufEW1K_!sJ&OZu z@bVdjJyZttE@@h8CwM@Q;$%%jVpeFAAW2QQcnJeDgC}X zLMdA$^`%!xs9Da=X0CdV0Hd(Dw3COJVL43~*yzkJYx%O6m^0m+S9X&pUtiNSZxpo_`Y`eB7PZJc;|3x!EI?7+QyC!R^ z@R6&?Dg}6pTw`ur-GNiS;yUgzuGGs0_!^L?rlAwnoSF7eL+A189 ze=z53w$7cwMy{4-Z7bM_2!*IMZ$@r~XON^VN3`(YV$isAp%qbEk7c1M?EBrgFE|2Y z0W(^p?sMUlcn4<8ie$XL7eHsh4U*QM1-HBj1=cGh4S=F8MjKPUWxU~I=TG;fAK)h0~RmQ2pwF@Kh*%~wS0`a+V<>*ie~W;GNT3DCr+ z_=g{J5Kq}!Cro2k_g%fvXY`5iB|<@20%=Lx=btBJZO_^vY zwy1YaI#ayGIQF|JVZD$M))9=brkKRb!$%00rxy?{&wwuGICYP&xz_?62$|>~(;)a7 z8|UtaIvf_yd7>uUF-l`^$(L*K41#IH=uaCt zDL^7~>11R6NOj3b-;z|6**(8U0(JHl485~g%TLvANy)7QDFx6L5A>k1RCd7RI9zHQ zUW2w-@gm1wg`4M4xcLr|dlHL?SUYN#JK~ce1H{yOF7__4!9W`*js3s-AIDLTx7^hjUXOMQY z!f(YfHtn!T#oEm|DJ>are3W1sg1q%BDy`Vz1(zVjYVV(T?yd;DwAY`h` zFF|t?Qpc>cCD1Uiv!0>+$9XA{EccI5Z3zHb`i|rBoUO@9g4KkXGD+yKpX$=FB+`E$U^7Ok26lPTVLz)i2qw zk8JQ|w!Xjw5OV7he9Z*3A?-j5fS3Uw6YVe)3Ee;@c5cdSj=mB6`fu+Dehu#(#jlbU zTw*H@*~p{DmRr!v;o#L03wVc622q=wLJUOHmbN5C)b39O@nQ}v#7Mo0*BW*q1l;B@PB?^<)Y(2*jreiO)57=TZjU7^u%_x2o&Qp*e+n z$l>N5&LG+&W<8nW%6cjz)!P?c1A$H_W;hre&ZgOLSuSxkirS+ovRWqQ>ilwcCm6So zC(we?re;XiNzj08+Br{RLyy5QUjo^QkaAieHyeOTIZ*V>ip<<5arTbxku)o1H-^LjMk}k zS5_O80JXF03hK=S<4i^`3eO_JCN-Rmj78KYWVnF(i0ae~C_5TsKx#Zmbw-V)yvM3scBfBRc9RPNdWE=0Paix?o0sg{RG^60B*hs z+!I85r)JXmp-?7)b!sN|&T}sI7&r@H{CPdk86Q?bPWDEt3I08MG@44_+r zzZF12%WnqIPVRpK&=;rM0hDbwAw#6vg_Lko!lTL~^~%#RJaOB3X%S|M8*`hO)tOaui5auq+uOH9vA}?5E|2UBq-v}FOP9Z`o@`)A z-fJZ~?y+`XUrRWjJ?DOlF$?kV^0%0CNw(FyG4!P=!8YsH)nK46DOdxFS-jnQmCwENn(2{0O-)@E~7_ z4UkwHn-sQ#7RFaV63IV11=Z$2`A0vG_+J|O%xS1r^V49sI9Y1~p#i51qsMsVJ4i^z z`}hDTLg)p6(6xZjwI(f{NHQs?OeoaPX#|Ak?siDrU4YFC0GlCu)_lO`h)&;4@bGx| z*G08V6YOGc02+g~9)aFu)v5wiC8L&xpgJExH3~rW)6%Glrf7YzGoXB(mj*f-tp8rG z!dGpg(*DH`U(|6*7!)Z;YS+rvHDLcoa0`+;`l{^&AN5BNpO;)fSB@@pId=;6LBK9F z0=U#|kP0v8M=zAcq7a`)Kaj7(c~numGa*UyB-pjl3GirBxIHdyvL(sQ?Q>}!i(TgG zU0Nz|FptG1aR+2jY}JEO@YghnYmn47DR?YR;qbbh6b!@DF7-|>NmlpC!J}!ahqJ3s zaW+v+9x&?iP5Z zuBaY#s5YDGweda{HuVSfgj+p8M+)cDc-La&tc`Y7Lw3i|{zI>??z@mD@!B zLonZ)5Nd^gA`@rW<@^Qm(s|>t+Q<)JLSerDC2@E%_yep0ruqZhIPJcF!2nJ|<@xG; zAK1+5W#8rmJfE~Vd@FzpVYQ-(4iD{xrLkJD+E%N!=K)NsZN5s2Dn4(+XFGcapiN$# zB=~k(_!n^VN>nF5pM=OMVgleNIcLx-xeO z{Q48VBUTr>kZiv%WVIFZFO;gbPn?03)sj&T=-Hav=KU$FS;^Y#&Z;KVXl`8~8C!uT ztR8E%*M8-c>u<3-Z# z#-5@6$kg^#9@+qCvhhzlNTb?G_vyxHPYp~Oqj?6}^R?80W3)R5!aR(0z+5;$mp!riTTt)Wx+3Y6EB@4ZA7lDKYT~=1hW&4V7Ygb+B;+G$p1V6S)?y z6nE%r8un1u(_-RJRL`%$wh`EV`a!IkD-*f4;IB|Ry*8+i;2MEk3`iQI-Z{XY4}Wa= z>c{~|&}3hUgI#Ryjs66Rws>aZB}s0l!d1D{El85p(oXj;#%Lp77^{t5t=48WHtbeg z(oZCoCbp#?2p$`umWx>jp~vd}^wPu@F|iuD4y^-HkA7Y@N-#7VVA;lwa~1b|l{N+t zbs;dVMv|E-+Pm$oqfXj*?ovx?~CM(d;9YF8(l{#o_Y z=*d*;FVEZqi^5mKiCm+aZ!ga$S1^Kkajv7s!Y_YY{4ebZyD(~@oqu*6JAcK(i-LUh zLA_>Bcm)y9+lp!^tIj>Me7t{f z;lkk_VS*oooHF1m-W#Bl_wf)$0Cm=f?&atX?s5T&X6b^lS*Q;HL4KDEhR67#Dms)$ zq&g77GtMrJa{<4}DiIngaT3x?U5UGd#DFWkT7U@>)q%zqyljhf03CAVp5hC4qqM{@ zAkbm{flv*=O0r6ErpwaH#KZ$)VgL}WaYVkFI&hqZwtOytZKVgWepti;O>BD(@GrSg#-*FYe!G9#(s$ve}3i{Y-OP)J67kfsjW(FVJF!&Dj+f zUpmE~Ej8oMKH&hgad;oYn6T&{f)tyHHF#dN0C&=svXjh$e{u$gBI6|iLZ=0Q#cr*) zi?n>Jc1sM74{bDY{Obsg*TmpB^IDQ)dK8?#iQJeD5wsoUBB zJu1*x$0vq?i@(B?s8+)=X{b|!YK6dm5LCCq-<>SXn^4e**%nL__;+d@Vs6R&38G&x zkeBlxRKq`@&<9*u2Y{c)taoDzh=}9-qlde=ZA68khCxt618CoyTv=bcavNQ0%>v+b z)q+|H%gqry>=4uwLe?%}0Ic0o-(CR7q(q;{B<9oxSHr$H(HZzSbTPN2zohZLrwUpvd?8*v z5}5}asoa&#Ji632R10)}+clJq^B!Of`rLR|KpsFobqgJOtC!U_?;yI1b6DR%OPOCe z!#w)?_c!TaZw2iHTw*4!ebYQAJdAnS$Fu^Lk@<2?pkUFz5Y+Ss-o$emo9RP{*-Jqy zpS}*eI39qBe%D8UlrNY1YHG4dg<|ZikX4QDQp{ex^EY-O3U7!A5vsv9YOc|4}1y6vED6u>VC6|QP+Vp3L6b$_dk z8|bzh2sWb?I$m$eH1sT^==hhAUI&PcXWoX!UH z_8_WHfKd4qdfRuWiB~Oh01^}n{(M7q>B`I+Iru|@Vm%KH?EXm{-HCKps8fE{|6x}3 zAyj3~qW4f%6A zKwEq%x~cH=m3^C96?Il)n8&}Er##QW*3;sX=;iU*tFh{tD1ZQ%Yy~(u=(f*g$B?P# zVa-&Tt5HqC7!JNbEBY@GN6pfit4GL@Eoc*3DUh0&8}fKu+LA_5ZN^=K+nX>BC-RpM zz5*VXRiW;c_z$2Zb*mISnwDF+Am4N+mxWwnvx_T_^;e))=T>@q3!^5SoPUlh_t&|D zL{86Y^6j&@xL*bTG$XfU-hPn9fNOz54CC}>1BI)QH6Gz7YiHvB7r+Q~52v|*)}6;$+=L_?#kO`(12@#){e^w2ZDYu8SVBM2sqMu9+{Bo_ z9?wNDUWfk9&lR-0925kj8Lv_5zlR0OR-OZ9(wt(*?C_B9u2Jjhj+Qp%q+a`3V+c@Aa1-@aT=J1RY!Y`xV2R%)2TS zb*s#aAl2pLIk6l`otjrpr)bzg)d_a}817lI6ReUM#lAd$8hfQORZs? zzuX4o%va&yZ>{GCtbdPUY_2b6Kb7o9XFnJk4c`*z=Op`aKxvig;4^!DcI_}o%b&v! zm_Gx)S?Da{a-78*S<{(T)^wDC>N0uiU!G<)oqA)d36!@c!R#hUiwVvEpXsgb81OH0 z|GK=OFgm<~6gE7J1)A3WnA!fAV;-}I$GrAOsr_+M`{Oh&TJMbZ)YZbAx!Z2^OA!7BvY0)%E~d*amCQ?imKUs%V4{2Syy^^XO#)_@%TCIhK)!c`^TeuEjjV~`VITHnDfNnNI_a^^fzYf$w z=0DhNB>xNQx?g?Lalblm;QgXH52QHjP5z`>2@l9`k(lUP5pNeHuK(UylJ>kr+vgw7 zp`T9{_A*cSH&Kw28?f)%i_?0UwpU&ZoZYQ(~M? ziR_a-&L=zj)F;lTKI~KPIG=j6Prc%N>cu|U;(W5PPu4h}tn5=loKFet6Bp+bN1qa; znUH{v!9*3Zl#6RA5|3|jE$FPT(M^Mor35!_;9=w!=T60+T%0}3;tbqR_5)G7bM4z` z6A+BjG5q?Gpf}w4;X?c~2mj2*KQr*pH2gCO|48^J5C7!gpKSb-iGR}YPYV8_TI`~l z`XOSrPhW=nEo%s0T}4~GljuXm0l!Jc)J_u>}Cma9d;h#zP zX9oV6gI+@J!iD188L7`RQJRV4s<~oV%y@j;5~2f|6CK8+Xy>z|U3Nq}8psojE#6O| z;z_;HJyPL%T%0p^3iTzNx4#RW@icSZF%-8@)D&##5VW+#s`$^n7h2Ef*QciBtIDf0 z@J}B8Ny}H0US*Z1xnP>G2G70F+bbde{i|d9YmN4IMzoh{*f-4dPE00`BP~uY33XK* zf-l(S{VR^aPGfj8-WYPo)n)7$Y%qp5FOL~RUVG0S(VkC+o-c%4G5gWc{@bGc&+FW4 z8}+*Vo7vYi>MO!KuP+*^2U0%+oY#Q|KhYia)#iN1_OuuD;pAo1)4>kt|(U`9eeihx2 z#-yfJV4~~`Cb)7dyxT$#7~S4iZ;z*lK`Z3)64c(>+q-|PZ}cR??f;$OIVt-}1~Bgv zWb=ZV*>y-%t9E@aFf9wlV$kY*Y#b?|4dB4g<`tj0;*xGXYa zY1dHzO#nTH<_7sy8K|ht{QuGRCh$=dS>W(YE+!$+!x0E~(5Q)Lq9}hT~YEYCK$0MMIBtZIm z?^X32$prWR|GtmkFHCn;bseu>y?XWP9S4+oyWr$pqt~kTU$!7e#vLF!)YEpgH8ech zpO^WtW8aUu{TF4->>9~`l+2V5D*BGn3EmY`5=`zd)Ponf4$$`fQIl$CF8{RS(#ARf zyTjYo%b|WLJ<>|YC)evJQ9XGOy(&eGr?MT}_bhYFt9ALatDvK=!&w?m-V8$`u9r61 zrXI)s0BY2yyn z-pEIe{<@6uP7>qAfnvuM|F~(;2N^m(F4FPo4Y~V_jwiYr)%4Z*`!NV#s9%)7yH@x% zBhr64+<)l))uQ{Q-S&YGd{q@H-_d=QTztpr8WO0m+Dr%PVG$@L3Ab&JyuA< zu$g#U!|Pk}I>872vxMQ6YQT+JO`yJE`T$JFqSPXkfbR4T4d9jG8$rA%g*yFPQ-NKI zor@^=8@)|2-qPPe{w;J>SCA$Vr3no+^mWt&aBy4WsB20<=NeD!Lt0jN%5yAia2n^l z1m^|CpIn$T*c4yCE#7^+4TC)HQRdkfy0qIYE={(&v}su=2UYxIi(uWQUk%&pPz9cx zSDWq9#v86qm?Ui)TLP54|4?EKc9D1Mq@i*}d)DH9PW70Qd(vtCQt|3vN^8(IFJHI& zZ`NhhfpG%CLr2>#^|aGJcD!BvMD~7@XwPryM9+~@<(Vf|CyjRK_4dMFJwH0lCtc=d zd+rGrs;_>4f@0ZwDsgd%(?4{y!@DEVu6}CI-!I^Y-&^5(TfZ~(n1GKR^q7c`Iz1*q z1O3n!qP_4_&j(KPXK2$~(U!U_Dfj)5M&0AOP5;jQa^HdzfE)x7X3k*IoP4^s7@M>%02oX&kwHL z?G92yLWzbe_khdaAN!JMj0ZLLBJyJBZr?L9j)xvQ@Uep)b$ry}F{!T%!y%oy!bZ=B ziutqPIJzqR%zF$7jJ3!N|0#W>J}FWkjOnarNmW~@Zfns<%*vPg6lXzRo>woDs-6{D zGG@fcfkhKE3O^~cfm&1R~%dHcoKDH~G;s5k29NzjYSK$fI z5qsfw$#*3=k5~z~eeqatU5mFZU0QnyIdMxqcmWdc^lHUiH(o!Yw&osCHo#Izsc73K zt;K!aKkeCy_CeCxGZ^>v$gS1sDZvwD)GX&H^IWa4b`%A8s(HKM1aGsL<+>(|oZ3hg z&1+E1=u=`j+CjZ*B6kk!@b-!~qnMjR1J_q9Oh~5ND|NSGZp?jOTK5>8jS)pY3Nk|5~wA01jdNi)q z$7V^Z(~()q{l$@c+L<`tV)1>iIALn?$)HcA>dX5El#8ekx zs%?B0=H_|Z09XGmG7(o@(=f9LGfTW}fUOUUOvF~#BFvnNnF}l12wxXMvQOZvpW|!Q zc#g0Sk0*?6BaBtBoWNNB8=~BEq8#CD8{upgmJ>MZ-zUn|igM(S%)A$P&Z<>tP}<-y ze+ZoE%Zcs_fOj2_p6b0v67fvB@rDeuy}G{@4kdW%{SlUPZX@u--nPWWlYrM9t$6Da z)$PLnJe0R3n{CxL^BH9+PZnbLFi~D%_6rAwZi+K|C!$w8d7xf%#9h zSM4h6XE!y-6-}#b)n?)XU>%L2=_-aJO?%L`;*|l=Tk!xg2ovqqo zu1OH>K`lQmTZr!c6QzeA#5h44iYy4Qy z)FcN=5eCK4sqY%^*3dwV^eL*rm7>86Ma@*yGOK7Td|?znzHF!ahE$YU535+7X>#|a zP{q@%=+ys>l^v+T#FjTe8{tbe>sjKTa`@#Ru2??U#5EEO7kqn|mq$IgA8O<+VFXE( zLhI7w+b!GOJwi9Q(5%p7fwFjm+C$M~3r3CRQe67HH}(?a5sOZK9O%+X zIz~{qrL0c(WpVVQ@>|drSgN|6Zq;Qg>26HJE2)h)Wl}gj8y!_YP!eylAavf;`3>+D zq=LQz?a&7*g&#?)&mmjCCWn@ut!My8K)An)EK2Sd(rRSvE6N5zWo4OME4!#dH%q=2 z(&|7la^u@pf$rS3-yWJ?=MGL^!8i@y@_kbEtk5sFr1RRSjA?m(9M z^eB}{KP6fVHd^6HR$I`|e{fNZMq6jxs^#$!6J^Wdg-$>LS7GDQse}=?De7mF{iFH< zBpp(5v&*+1ZM;MZcomvVIto8tD$5nC07&;c0Ya|A zZ(UOHFEC7(r2OL0Bn}%iPk(J{6ksMe)PXK_nHB2{B_e*C_qo(NEELX~UHu-@X=sU3 zpNUq~9#Rt(^;T<9^|H+RNrOx=APXzCMaG*z;~g4Lf06PNDgSgwclwQ8{3q=dVNRvT zYHe!W$$c$#Bc#Xc@>?u*l5ZjfROGa%jh#Hj*X||UTOT_n-iP7R)h=+MTkt-(+|eP0 zL;cX9zb93hDB*@|0Ou!59dgBrZ1f259jP7+1*{7J*8La21}OJmTvr^Zs98F5N)mVN z_%0=&lZjbS4OSjX!qw?g@5zRBH`c;q*1`l%B3+QFqF+8fw=STCD{(S#a`m0=MaJZg z<&%3G@5tBCkMKXzmN&`tb3Ag-0|M6{NXN0*P7r=3FREpTe1k?PNNXj5QRdmVbfeFK_W zIto9-QI*4}Y;c~2QRy%$osUX)XuXY5wX$|6AJtIku0t)iVpTY*6qj0VsUB+S)bUQ8 zj@#exjVb%E%~)aXGN*P0_I07rSM$lmw;O$xd0%hfGjIy}`X%q{mr;E^z@|8(me&PD zbmoLRJb;#0xkbbjJXFiVK?&l-3yk02VUhkW7X7`;rIlN-v$q+Y9m6|2?Ke96{NyCM z=p~X1INO_dwzng33iMIJu5wC{R~N6RzljgHrL7eBFu#@X;XZ*6r3e!^zMNS$%jsX9 z&H1ZU^swUN`+ug#IU}hw8qwR^NaF$?Rqzap=2(V<;j7-=p}aH}S25ooM64@lhh; z9@Fb)^cU@4*%Uf2#=lRBqRs*0da(saW_~T4nk`b*K{LheLL)oV8wEN09O@azM?bu5 zma51cwCV?`N)-?4KZKw7?Z2WAl@@IBuf!yJn#hUPQ}lvM;(bNm0UvUkZ!0i^OK(Bg zNmWa6Ujg_z3cqwp#isy%PDweX81O@*@==P|Bd(?40O2jSl1l;{&_L+=>t^b@4;B7{ zFGWU%bUSLi*wf5NPkBUe(bJzyu|56L6z-|C<|Ei>d2h*I{n>lFW|HXbpG{qQ8+@1| zinIhPctp%5R{e|Uk9(o$i~Ej9Kisz%&>BOS=0r?W3cpl%+e&oXh-qoOZFe@btB7_( ziBZr%yBXI17o9tkM)XpC!(I>hH?W<>*+gZcZh_SIYH=o$_~+xH!Gz>q@c>LTfhK>QQ3p|2{MGG?VNe?QBI z3S*VE412#Q|9DOeAW_Gm>ndzmb`Evb%#F#}oGr#q29W7NX7Xz97$0r1?dR7z3uP<1 zi%MnZOhic>G2@Tdiq^ZH4~9E6v&*l*Nh?*+8x)vVS=wl-P7t#jU;ikA58l><#UpXl zegzOQ)#0t}K-`cvnM&(wEv0HgXDsRRed6NF`S*$Z`!n?YMvG0_SY*cgeUhj)z*~YX zwYE!zUFu6(JdD?u#Opha^=T%lp=)1azn@0mw_6skpzn*|dw|RY`W`xCf{x(tOtW0~ zwZ)#g1D=%xd+I^#Xrj|U6Bgkhhj)9cQ=JC=SCSyTB$)>A6%1fEB&FC=_thP-K=~ey zx+6J`x~42wYJ(%S){)xajNiR3^ECkG3vUZddUXP9dDhPJ6d8{LF)Fui@o*T<6n}r9 z#IS4~(G=tC@F0vtV?n3Z$K}5kF~p%aAT;dK#=b6~1VbkKllmyC8Pl9Ab_+c0|6i+)mLJ6+l#4eIjZo0#!2q_!IC<8(Z!NaeFCgi< z1V`$L-)e47eELhC+a!SPS(i(=Jc_=STN4(eK&$)J(RIFYDZ_M|^={e-pHDZR?Ythg z{Z_P_tcv$kg0%X1+P-!xTA{RYwAy^K@#PU*!Y*x`YOdNJ+P3@7yin><2dQ$%ACyI%=fPykL zJN)U12qbhs0U(lAPeE4b<5&Sf%zntpj04?*tv)~-A6~>}!jM`B{5y$z*#n5Gz!XT; z57QY2rhzVZ9J#y2wE2@P#N^Dd$`vq|J}Rd+ICC4M)x_llNKxOt4DWU=_Nx75_bR9d z)fXN;y(U%w>u#dSS$-p3bRsWa;Bh#BQaRPW6Qzww7DwuKcy#D>G-nt%_(14FS=}Xj zkF0W!kiBiI+=Cqc2{3UDFmbYf`Kh7`{j~J^9hM#Lo_yM9${haX0ILR=GR3PWE=fUW z38BF@b+7kWQvTu6^@?{#5-?Yuld`rVvqRd;_ayTUw3>psU0-+1QY>v8dxb4kcj)!b z!e-A8`L+Cla`7Me%&4b63i%GZA68poM$CLh;18jN-oJw%M$bs+{TKRnvN6Bq#`yOWIc0;2FjPGN=J`B1r3ty>=Qc=~|(aR$0vpi^a zlOM?~J4VRT<2z)_4#}qxA`F5_PsB!7arD?ss+t=oo9&1QYY3C;61FB#glQNV3R8h- z^(3M-4TzSj)scH#T5Slq%|AQU+0A%K4=isp4MgU_Iru=1k|@VLoxC9vF2JzdeM7}0 zLQ7Br6Rg}oyoNJowQg9pd7%qz>K^a6tK7r99jn}#hyY4qGa!J!JZk=KpNd|0iH5Wk3NLa6nc&Y=E2}{fPdAR;#T}e|ic6 zO!3yEA14A?DI!BdT=|`tts*+vMbFlb*xB;j8J?+H&ul(ZK0Z?uVWw)!u7?drELT_V z_Qm(W6eWhI$lmPAZCE_hWqu##hLMV%-^JKLJ{3hU6|Hb(f+MS?+f_!ouOT?YakL)K=}>?Hw93sg}-swivjF&&&J4kcBOKtldu+#jWl zqej?LTi`sT6doX;6GdG7XOwH!HUZFUTh*U!Y8|b;HEOfVpJc|t6V%l<7`?RmE`)en zN7wjBG5oo=J!fgpDBc=Q3jSe7eOa)w#-1{Hu94L}o6%T|&HX38T$+RaY|uINV@F4r z@@tzF>5WmRZ0d1$fAVAN`FaG|$WDXe=qy%CI)z>&AhRygilU!)?@=rlo92LTH{%}4 z4!_3qsQp!KY?kWG=EncQKL$VZxX8*w{YdeSTXk0!%xQm_qD6Y!dP{52+CSJxIw*U| zSMnAb;5B@JQq>kZbk{rm$;;1?Oq)?<-3Up~woquqaTj8xo>WD>awI(Ew?J7JmQ9N; zyRL%=jw^l*LD3fJ!P@IdDv#wVGeic)z?IqE*Bw%GO2uDPj|Jl8cU%lszZowfx1iD+`}tM$ikA`z zYZoZCWQp52BJ2L-VO=^phr0#cyCBPSt#@pb$&+%eI;x3)+nm+8XZgJFU!X9;kAjJz zLF&02%=nmzQSg8wS@BA+?iEIpvH2B7#^Gyh=bwv<<$}3|2 zZqspJMGUAO(RosKog#!U#L7Lun~%$bC*bg)@GT=cPs*Q9@pywbKx^<(5`H8-UKj4r zT6FaTTdEJk^Ev(F24M}!Mhz~t6)U;%6wPcyX%@iDsbx28PU%$Q%2OEO;HXqZdL-&_ zr~k^m!((e|#&W%|99msR*FZTxw_^>ud!AkFu^}t!&%!R}Dm*Dw-AYR)J^NZM{W!|I zkKvgH80#-JIaARbSqgeSK+9MR?1EBnJKE_t>KRM+jeui6)#%&hc|C}0kKQN{XLtBS z(HiV@Q(W)R3h)-Z>N51gcnv&Q@BxX&Nn&@#{cAn~l{^Wc6`TLckB3P}MY@b$BJV@V z6;R%$9&u`88@hnu`!)iDRP`rP1G_--?V-haWyP>K;M|I(wL7{(^Chb0sCy=!2l_?H z9|@knxQiTG4*+E|g7SOgZ1uIG-DtU1>wm%)4OAP4>Ol@uJ>#6l5vEX$qK(I^e>hA} zwZLb5p^ca=78+iT^_?AFXq{G;;_vnEp%PM@3)2Rp%g51gwCmmP9})R7F(EiLsFC22 z(av91KjgRSSCFOmXrwNaxbIuB`X8DV?$mL%au#-~2e+mV0_R2Fo;*Vl%{mJrqbR`J zf8!KjhZ2VZY`{!T0i>#%cytq@0*X2s9SAtJESL*u&%KV&W+H`k7*{rr(1wip{llIc z5H3$W5Dzg_}oGtloN4w_~sM;Q{ zYA;o7Z*^*A)-IKnLgqW1(FIgI!Ue|A14Wx|3Z08yCt*8iHc37nkkj5gMNMipmg>K` z&3&t)!9I}GjJ)zua$bBbykVebiWh?M$z)B*bZJFdPC&67z%^XFPQRVw*_IDcTYowZ z+*j+-f>Xub{m@H5Hw%ay*ibP-h|JC6l|qrgyKFHMtRlf`BxH(&Od}ynBxD&0IU*s) zNXQcjc}7BkNGLE8ibO(@k)VhK#YiX-2_;6tOp!3tNSG@U<{AkLM8X0iVWCJ^Xe5-0 zgffv(Q4zjGsH`BxOrBgFNv@7cULQ$bACeojQ(C<4+zm>i<>CM=CWezt*?EY^AzSDV$QN}7KvDzW`%2+h zp?>5tl-Gy`<-fpbkQ|Q&^?xBugWQ=>^au6>^$@nS{K-%sTt1Wk!VC&XEKfXtMErgP z$=Ty|zWp+Vx^3|E#jYyWrD=STB{g&_-|KX@=`A#QM#6xEe%?py4(tQJ&H#q})=n3V z@#LAE^x@Dw`M+m$aQ&8)Xp8-B&ma8$-T!V2UONd5J+yW{{5b47kGvj$fE+qR3HEa3c>|e@&ZLv;5-U$xKs(}-pX@JD7OdC zof*!RdG1{9rigfvr3=Ej=knZzl>0uV%4I=qP@j@K#bA$xu;OMJ5hr52N%uurRBVT$|~rCbR+S`wwUvmbfVIp{^{_fU;y zPjVF2dn832u9jN@#p$&8Gce*IELDDx2(krG5>*7^DffieM?u(E3q_ZDi0esaQJgC@ zwX9>6*W-d|k@_sf{SJ1t83pWKOzX2Wk9%&Ip|Dvz0e7hXhs>!!;{wW&EiQ!ANCKP!;{wWjp0c|8n&M2@T7Ho6Cj@$Y$?y-N$WVle-aUd&Eh#c zX&vE*_9UVOo4|8;(mE^8A%w``IhaH=1?EmTf+?6YJD7&K;n&}|AMQS$^tpe=Q}PPo zzA(nUTW0s}-JP;`wwqA>f{VP5WCk)Zge*RU<0^2C>UVvVAHCsW8|mUW2dtRso9 zeJ3S;O_AbXq`+YqrctuWSyCSx zdH|#&Tb%=M%}==0MmGP?Jp6kL&D&%}88bOY@(}~%e-Nse4C}j}_dyGCF}0@$Vd%7f z!jDU`H8}kb=JA1`m$@{dlv@~6 zE}fSv73E6K2pPOz<5Z(xq}?98s3MAe;C*nY$%Ebq6>R{k9)^KF4g`uw zuobOq-xcI>g=j0AwZ=l&ggVR}0 z@p&LWk(&2F>^!8Hjd^H{o(B$>-_v$;(GX)En!1^X`Zf-!%62{v|Kjt|+|4|^D2iVv zigUFrjqfv2#nZ&162;GL4=)yLH${IZing|$Wy)?DET$~8yD2-1|2mvFcQM@)7U6`s zug1y3h%9}S$~pp&Ke?@SkST&rf;Q}H#lAJLS#5^@Ixc{XuP^Ywwb#tsQ{%OFn`rO* z*8ir3IPLyA8mAF9mX#o8A_hCk!_Gx$cC!D9CyW1#Tp0`OlU7X9E8j%YO>_&m{ii;y+XP&t(4N7FV2uQVF=vY;3LgemlUH` z6{+9muN;eh-YZ+tfP2}9QaJbmp}gp-!KSJ6k}6&1hVioARJvI*1p{ORjEdA!)h2p= z7N33iT)KInDfm}<=w%8%O%Fp&En1+{YA}Q@Yt|3e7Ct+}9Mku5|MNQ^;Amd5|eoT)Np}3Kf-ZPBw+E zF5R4A3XLk=+|v}gv~+X2DU?&XInxw6r*!iWQ)p=E=2TN?KD@0iD?SlfM`> z7_;~;y0`oKvpUzG8C8FtQU9Yk^wdYxPhnR3Kr5?7D@f!*yCC6Ckw88;YW}zTc&hCN z4CPaa^IxQ>(@mbqinf;b=#e~%9k+qbv&oqx1KA~S#U`DSeG~S~=^xj6#bA7G<2M|h zvBC8uRt$3av8d`iLnfL2VY8rbP^afr zl&0VMkd+edW}0Nz34Me$(P{&_WWmIkh)=ZJRmZp3gFKjc`B#jROw9_SA>m^1F%r zl5oN0IA-1bJG>gpZ$Z7H&i$T@bnE1?#%|C0=OUH z;Kr{3+)KhJ)|N*o=DrP)b`be1Kzu!L4#LZm>(JkG6@KF$HUVILxA14s8D9_Q*M`o4 z0_k@P&}9JV{&txF9Z>t;XGhv@;YW(}!t9K$_E0GC<3s!k;W~#Jz&nUbpyMv}bWA*# z^nap%`;Y0&;2sHMaCmnn0M2-hDq2sL{t${a#whA&KAmZ(TyRoldf1jdwvT7I&&4@) z!UnqhA))lJiSTV@tD<`Fo)Fz?v;4!bUiLoTALj91W=Ha%$KWRyw=&F6Vs)xvg#jG+?t!S&p(TB1r@q2htG*2rkxHMH`f$>0mnw=5l$k;pPxb`8! zK;tPwZ$Lq-QzKkPq&*LsnhJpMuF5mX(&P0&{_nbUFk<7~_#@d4IK1_V0H#nn*PjTu z3On4p5eFY6|K(Y-^mr>Q%;!0!F$YSU&a+627U!8uE!yX*&YOx&|Pd9kfy zrC+r3DJ6*^Bs}q%Nch+!;xp7Sb8QDts}+T;??ZxrdI~&FKN%%nf?mIElzm(zd<+TR z)&zh+owUiG5~i7tT8T>Tcjv+WX(7)=WXw4bLwvTBuAfwpp5RV%=(Wzm?Vb}Mg$&{y zg^lj=KHEX&wUJEfBV9xKrzcThoCZDPv44)h&C#7J zlw2?f=l~n~b5oDgx@WsyOfVS{OmfIoB+n$h*HoUe1p!V4p9UJ4U(Iy_rLU`V7d7s6RQ&7DXXv(@pJ z1QQQCgotK<8QOkL@owf5@&aC4Kuv0Z&8-q10M?iiqOMxHOiIbCI4NqYZ+Vj zuU-E;3M4#tAsJoVKp|Y*vjKjMn6U2y+Ja=Ke`TZ7KR*R`fc2Q6h?0|tVt>WTc2mJj zdi{<)#lK4}^{z}g*Rv;dK_KOF@&&4MI|TsW%orNX3w}e&$KMBd-51EDTdsKDLHGG4 zPXKzwxE7QHx^Nz;xz&eW4|s8q=CH5P&@-|0vr~MX)|eZZy)J~{fSyvvYD zYJt~(h40gNCbQ-XQ3Ix)P#<@12OItr3h(TA3G6ObyxUA1znrRP0e(3mK#Dtxx78|n zf8{|ugSe^CMtT%B|NNFYL(xE$mCGoGVAyhSuocg==t?-;jpkaYsO`LS4(Q6Ik9WWqPR+AG^5Lyga3G;N!3BrG z&b)_umG#)a6Yo*Hj)f>E4#(f%wvG<9)`1r`t$N0&zmGt9arI|BY{~-eQ3983T4d^x z2KLM1P}Kp|ZYxw+0I$$BmP2*AuY#mzN@`^pJn3BgAoo2H3khR%lBfp_ueEy@V*f)U`P_#t z7Kx#rQMrU#vYH|kc3VQjWpyX~Vm`ZVZo3{C^ES>hQ81(nuIwPytow6#m;d%;hYkz8 z{L`^d21~POw1MJZ!Iw%y}D4M*Ls2s+|MLw9Y zlNu9+Zx@Ao@WKUH!Wt=@5mR`yD13;owbz|~`|a58YeYJRK5)*n-;Smtn9u(D9-qZG z_#I{edv6C;y;EqkY-dlb5mUB{j80*I*VHE!Oxih#Na%x zdmX%htM1|B*p4v$j`hp(siB&)1qFd@cexk}n$&Ez8X885x`X`-v+y3}fTH%qZD&!b zBHb6j|Mrwh_cWABKh>5>OY2Idg^h2NN{1U2e=iI_g#}O|wQVKS@%bPWJ^=ZLN~JIN zl}e$HewJ31Sd`7!j+NR{GWi>AT&j{CD7qN2E|i8#r+Q`7aibf1O};(fim`&EjcAJE zz8-kD{9QFzO|-vbX=^Q-ajDyFYF%A0!Ioc#&eT4tv!`xP#J(pM0R}ddGm$6*A3h-V{2c%Q7VcegF*?uE(%Z27chUY3ZnChy zt)K|@!1{ZB(uy-fyYV#f`xRk1BMv*b8sEFXz!<+Kk2;$_E$*!$AdjM0VvbCkR-B_1 z=hZb?^7o%SE*I8HYw=D}uT!UFYE!aoe%WkOi?f^>FeOv6?f#*ulLJYI=;JvLTf)4?)DsnGmFKgp5$4c zZ|sE)i|3dRqhEmtytbD|!9wP-ohc{qBa}em@MRMV+Y^&!R@-U{hJ26zq z4}ZaJ#Iw(#NjTvaGHEXiUAUPv`~L6%Kb8+r)B+_?M2N4>v;y4p;=E8IbULD{H|u{q z|8u8wVune>TivH;%!hse-x40J1^A)p;c6E*kVNVuA|&M&r$4&^P&lhJGT!eUnjMC_ z(_%!>Lm!p)LXXw+HCeEzhn%=^o_d}}yqBPW8cF;zTehHsB}FS_+m|z41MDi!(;L*{ zJa1c{#lHhIyf}h`i?4%TK~k1BBU|<|v)!L=y;d9AaBUz7uVPJ0io*!PZupgB#~u6b z8w$0;SK0DD1~{8d!N!WSaQcU#dxNe9CX}tE=(_;f9rGGtRW{-z4IuyBYJ;LVEb#96 zMNwy3LR%GeXk(}b<|Opy+13~7)pUaXvF8BQ0x-HI*<-FpRBOd&fPEsteryBE?j||4 zB^>UDL;crdSaNNWfOh~#m@5~qvU-joCaEU~xz;~Np#GQ~$w7%^Mav8&l+vrZ)`Z5_Y(`Zhe*fLivz_M6V5j14N~E6fL_I*A|P=i}Y-lc6+vk!s!4Wz4`126UyDb4efNQ zJ3>P`$tR=gy9nyLRvX)jb_py(PbEcLWueeH3!o~<^n^mY5Jl9baP;gWt$q=ySQPE6 zmsUT@{kL?%y|EG8%ZuRNffF3}ZaEw7_2>r6vO3FKqw%fG5=vFnv5iCn;!=Rl^SO^y zPqy%|2eoWmM{GE`h<-0Lovg`uaqZ^~>ueV}X~HlQBjwGUCETB1%i~LuL`uCO9206D;u4}dA?yhUMz_Wd1gDthTTYZME_CIu1#Ax>i5v|dgAD-|paH_jp z>K^t7H`CQGl)`33n$S$415cnLSpy^oQO(V+*0YHZkVMkyANSI55Fv6VyjxrTem2Czcu?zT%N#h-hB}>JqfG4VaH4VL0DqdrZFMug z8aCL(9yr$$MKR*Ww|d`ZxEY0ydIC7)8WZ%L?d@q6kDMuHTOk38ywYz_B%S>o6XAE{ z5~lmp%PQM+4CVI-avwguyst8^K~`J6y4lk^e?Q$a=IgV| zy3eo&pwp4{hK9ZUNAnmM9C#Fl`O}s^&)F#xDo}Em-A%bA`%c_>B*SQcki-HOQR>n`*~~MpMg%8f2=6~B}?*si59@#`d@6hKl)mvb&c?vzssq9Cj)Vu_iu3n zu!RcMP@GAr>Q#6PJrKb!HpXZ^U3&PDGo6}mf#!P+hQWG7^YzOd#ITYgC+a2pQAXSD)LdnZS*V;# z(da~(jjH>^MMnyKbseNFc z3Z$tGt9}f<()qsJ?;66E-Gg%&Q0k7s88vCNQr8MNl%4|!Y~`x&XbbYty+jLsuaIJ9 zDt+6(hf>!LTp|q+VLa|bvw$B7mkd{i^hrAf@Pbx!B;-R-3|Nc}!-=~-slY_4`%X>3 zG00AQfERyGjiAPT9^y%^zVkF(UD&P{Z8GDSZzhRuJ;u-Sue9=bcxrRSie!L6UyPM) z_q9O&s_(dL9a78)(=^#zpD>}`cBR!+vC^6*Re6bN`N`oQHQql1FxroOVz*I;#JwTT z!e*LD`xKj!-ym&tWh&m|Sui0|)z_x*NF0eIIRpTrkGdImGo1#Jl*dK4?P3s~0%UdS zW%XBR;Ss#LfJXsW7#zjd6QB^OqJFvNo~U^05hO(p9AY6v#>~n zc`K^YrK*d~JiwXXW97nY0f8l>Io_hWXcT@LDBL@Y!ZEAD<}bsU8;9#+dd!TV9L=8T z@HS`V?{cIzN>6O}wq7GWf^My=_u+{U?_X_Z=B@2XPArbFM|aar^9skj4;_ilYzs*} zTiIXkWV+pahD%N6eTW_*RX>i`;niiSYBcnw-fr!LlrLR{qba}OH@Y8L)K3$v&kfHi zf;@O0ic;0rZlD$MHOvd2DzpbZ&Tph{oh~+_Ze*|g$H4Ti}0+_PxPFl)W;DV1@&c@nIzYJGCY+Z6cWPQo@~Yl}@q2HH>f02y$;V_P6kuDP9)gz8(72+Vte;FpMw;{C4Ip*+gWSsooO%I?$X z^F&Hi=^4OGdmoy~KaoRqrzzTGeB*>Rjl5sOYo?Luuf?y;i2N1;z(HnOz#VtA-obRb z{0g2TcToT3-3xAnwZK>)ma^jElrs`JI_HPA(F@swD3_#Y>2SL`8 zs}`^s3kYf##NTG_7TXL{V4LZO3#z5!!JeZeA6*Kl2Pz&+zgY6M6QxypLFG46Q6v1)PKN;DVbZQed zpjkCL0)|6FO~aR0x*?0yWv3$ zOW&hGm{7bHjc2|kS! znPE4rss^rcqN%K^NsC1OVU7%|kr_CGC( zzC}gRp$v2M)OFNwImo0$T+(9T>^M84i$QHc)o|7X2|nF@pXSHv68%(%Mi5gip_Odz zPq=L%a31-(Bcci&J6{VBHSMC$?CFH)7FTs{@jgh1U(I~6c3!muGnyc_GMwpn_NKA; zFf%!tzkHv&;vq}8cQME`$}}h96y*0u-{h>3jIJ{YDxI{n8q(?{iMtVEMjdEMO>=u&x+=Wo2)+?N=JO&{7>+SJxCQ?2NkHk zkCTM63$D8QG=&Gpup(P2i0j)JCR^5SOjo?^eWcZ`Q9J_lCc5)P%l~DL$3w_uWq>0q zwzcc1o*7(c?zSR>X&#Ja^&kd5skhgf#5H0qP~;lImnU$*h@x+x)&~s)YVy^}(zEXc zFC`A{Jy?zuxLot`$r1=63oRpINUdiSKSb99xE%L!K|!reW#MsqEf_Dz_W>=f*Pct_ zjOFG-XLR<~s6W~+Z$ZCdyqbc0s=^a7b`ftwA&T{E(z~9ZA zny&bh6eamw*iV#k9jA0%TDz(H8Nh8Il!x5a6>Qk|Fhl!V}v*=^d4bw#s&GQaa)AS9q6P^*t_pqDEL?ek#faC~(dX zPGee-KSqj|Y2nWNHJV9&!Zk=x{k6zHO7dA`2>AaqsKkm)zAvLYQ1z3++@{OiFalRF3 zmsoIgNx6%?bjZxt-AwA&?P&po^B0zAO9kFjUF|L#yf z4t~oItf>Ext*D?WCX8DZZ_u4YDH%Tus}? zXEwDKb#l~w`THqEO)dL!HXdPg*{gHY8d-7$^7n_%lSZICxz45@Z`oIIBuW0LN!_06fAGDj$}{@s$_4=CwG?Ey@N* zZap_!XFX=o`Nk?&lEc+mZ7peTz}O8ptDl24(>dRXq~4JRYdOOt8!4#YP;AKmKvcJjwTE{XBd zpKQkJZw@=&=N>t%fnwgMHU&DCkpc~~H-~lK17?82`>qrK>*MkcrtrNcrkdyAZ^l6n7wmCxoUBy0xybMJX9<09~uqs zl;@VHc#5}tsL6vdo3%+<-c~)5oTX!O7JT$_0$MR+Jgq4fZ_^o!{M=HXSgZ_ ziOi-`Ta}0G^1Up105E-r$q2&G9z+&;_)rpq*nv0-f8LO4Q@>*84Q(f_!b@)ANIVmj zGe{d_I|~k?j}%$oiFF);2Iaz?E8gR)tT>NgGu7xSseaHP954vQB>7MqE;Kg(aPV9% zYJ#4hPx{2LzfZ)D+71W(aWM0I8w^sOa$Q1cyjk46oh1MIw+oHh4-C2Wiy zzfth&`$&}&4FrI*!J>;HCv+Y=*C_BhS4P8q;Tlm3g*m~G0Qu=+o6WxwMHA(UqRuIy z@d2{kIukoEi^kRq#x~RBnHox>bZymK#j9J{%G^UOi|-e^7%tew}ZljX~;@Qx}qVt=%`yS3 zwq^ntD|c?-VGtC5FV}dF z%9Cb8(ngW=6eRILC6GAQOh!F*(XA%mp${^}B-D3KIL|aVHlZpeAx?Y?f3JgygH5x8 ze*(raZv6F(&6I!3==k{}r@^ z?khK{z`cmAOs(~!LZgZ( z$K%12Sox!YUqzYm?eoL=S-+8Q?Iz#oDk@*42^)W)xfm*FySFtN2%DwRla80qaFAs+ z>FwcodRhN7|D;_l?6Z>HZf{$n`wDLxoDiQ(6ah$q6$(ruExN#@QL8FYTZ8PUIlDZm zAb1b*UfR?wwtS))A99%0Mh^w-*q`X3h4sEO(k>$BDPu=I;Wmc!=dCM%O@?PHE$?A=H z{7|ybTb6Drx9IiWT^1;y?)L76({8P|Y$%+Ho~@Op?6aBc@$&?4M}jOpRwqr^ZMQVY z6|H9AoUq1BQ+bMaR~9@I4g!mIrFT~myxOz`IEIxEQMBtU(#AA(>L?ivr+P~puQS(u zWl7x^O4O!~syu?gf=pUZJ+KZo8X*Lux;bKO^!OMW6{$_lj3lq*$!IRH<>5$jDNjbX zjqaYn+yR@HR55jE1vM};5BJH(`qGM=3)^fbduiNnpXl38;t9>dzB}BmkGl!ri&YG> z%HCBL)2hB=w{`X9yKO^gpttpAci(Z?33tzNI3I2-pTL{U!NOU6`IX*m;=@{;{*_7j zEf`HNs(t)K)P1}U)h+pX7**=mnLb?js@82uObmPP9tgwb+Pt1L@5&^d2R?TBesGUA ztoYG@mfhbIvBgLb!Bvq_`;Jvf$P)Z$n0Pu=cXlSQXj}XdAK`CY-MN+ZqLsnOLME_8 zps(aBEyzAOmS{o)R+Eh9JUkhpQm8dxPvT7P5!SB{0%O%h!QPM=rO&0^nw25E@X#V8)!6$CYM^*q6Qrkk#IwBa{r`2<-v+*Kxz(xNmWOw7dBhWv{v9WI~ZLfdL${S19t62_ijiB^u0K!XoVX1X2H3rIr9Z_`n% zQB;!%JJG5!fIqgvpFKN63GT~)&$TLAaS@!c$`rgJF^#85pK?$BVLTe2&@=kDNdjN> z2NMs#tKb^G#--V^OYjKOhI9YxJ5+UU*Xph@s^gXIT!NLkr(i`h!xha9S9I}zx~r%t zwxS1lMakW<B#y1t!ldZ}~#mGlNw=FI0*)3*Ai9 zqkMh-T^!i8Y1wvky=#-EZU@qpyd{}rMb1X2KlwlCPHkTQ^-lBl@%mTZ)~QRE249cX zJm?t_YoOPiP-eWGJB7fb<)U^yP`nVuU1Yk&ZA67&W*o}$mJSTv;BCEssWs&Cwys*5 z8Y&(~0e`PSJBUE>Jtncpd!nDu{Qd0XUbxhY%b?bY+*+b2Ul*XwT1=q*BaX2}9#G=$ z%k5G`gTa}?B<}Uu+$et>9M_;8I+N=Z3lN1pzq>WfB;-#w&Pg-bQDw^peaC1l0B`_x zK#IQ%F&G?0?-*YIN(9e`x462G=t#i7d|^Od$VDKFU@N()h}EXx7$%_uUH1fXQV)}K zIE}mkT@EZ;4F(WoTW$r|O`1hZUYnXp(~b`R*zqL%dmg+OWo zJUU+exGAww5;CUiE{!HxBiY_wc0rrm$w8Vc`;n=fwMyL-;#) zkverQY}@ys0QZ?ENnQASOw(?>hh3UZBP>(2Nx0~7e%keniiI>kH(^cxSxZV7*Wz>I z9rQdNpR3@Y#iPOFX%N28(~A1PoFrADzrU9)lJDyj#Qbd=xMRGu9w=!HewjkUm%Z1R zJUw8rkx22eifO3Iwz3s_$?oonnm7S`mi;&C?7^P218K!sw!&6LwKw>S%quMzk5ndG zFFV6+gDacYvZqI#(&ZLg_9a=8Z!ifRCgrshWmKRuok}s^AJ(}Q9hZDO(o9U}_ud!o{9Xe05g`@1 zG>ub~fuziU{T|VYe;55v7X2S5`k#@;+3axtUD*FS?hE(d8Seif2{%-X{`#gd1n#mB zW(<#`|L8#rW){hN{IgK9I-NTAJgg6W(k!Po-z57dnQdcMHo!znzOmf@KZBQGHpK^6 z*$TKafg7U2+JLz}dRpfaTIbJgdZ_p}mexSLx8SuzFR$P;Sc?EKis+$HL?FFEweN)V z13b(_i%nhm3%oX&#HiS37R1T-@Y(M7=(s%|wS*ZX1NTN=ehOHc`HdX^JVQ16FL3^I zYWFtS3(rXY*SM`^V-PhNWbYZX=hn!y0#F)hYJa(B1Zmyf+aRs`#7tMz06t_xzIux0 zwyIYGviuAC5?^yinN3}GkGBI(1{=*n#+G}cO%J|o7Ja{{2V$nZNuN5)?q8&s=xzq3+9;y4AJg8d_Q1$NTk>K>Rpl**@sxl>#QXz6h zRXs^N(*oq6Fw`A{yFb)vKw$rBm z3Y3!dy-;S=*8owQ>iLDrJO-PKI%!t$6*v)gnm&UP13uR187J<7#r+?%P~p58FX`(! zgQ?mNaGatkdL1eX&Lo}gBkW3O)rrS%Xv&6WUiL<|D1|mEGP;a>wj4hj37^4wc$}{` z7SuZM+PekU3}E5`jOq-FCU{>P7LyUZ9M9+3=o<_GE zrXnYZ3XZ&ssK|u|flw1UHlV*;Bm@8zMO{_~K*60wHsk@ZL)fRwWaW>O9ANVI|{$>d<_7>6C?5!7T|xO&!HZ`GtEsm z2{Qh8tpQod*Bf02VSMsb$_;j$#3k}Wr|AjqKgpwVD;@f84aE{W6i!rwk3t3Tiy5KU z{-^WBwiM!SH`5;P>46NcR+cGq$0X&mOwzhVBy*TkB$&c&iDFkNhP|x6)pNPrQhZ5* z`y#IMcn;xo@jV!bz%H0Yvb$@(gC7viP2?fC7;NgCckG|#9)%%rFXJ_2c2~ncMGZ$1 zIA@JsU&~z>^GZF=bsF3kqmw6hACwS`qLCE!_cmp@b9l{zqiT*+d!wlKp#&Om0w22c z@B^f7^aG6U;w(VKoj82%faTqU?jT@38w7qV|7jJla+h+&OSEIEVJ> zrO>0&*dA@1&wCUUhyH(F-aXtdhKe$~tLR=)k%(Z!f#!fJ!$7;@!U)jvqJWkS)ei2i z+5uFp+l6Df7+BOFk?z8IHOJekOI1xB7%dmY59>a`Rb9MrPnA|C|gGqGZIeSOkyM9I8$ND|m&NWH5vz$%jHo|S=aU)rS-iD+HU5c!S zA~;*0KoWP;h4=rX>0s*~?9fSYy8$ydI11|*?+c~m>!FMD>3maZBri!rdiT5QNRtrn zjqV7xQHd`*+JpgiRyY3iqh%jJbsTe*d2?p53!vu09nxy<9kDo%d-!W98erkh!?f~Q zh-OTO`U?Xqt`X$QY7Bx#{Z)r>i?WX6z+AkEtYt%}P#fF9U<)ax-BozVJ*A{^w~5zYlAvOLDtf>MWk#igzm~9cE-q67 z6mo_id?>Pv*v8OpANP+a*!6(DwUcQgGu(X!{dDfu)}XI96^*NkDTqRzLN-|F*xPS! z<(64!{x-eY>9;d9H=Np+@6-X#nm3axgVRKWkeQ>tY4%ng^G36uR;dZtg5k{h&uWt} zL;a2olz2T&w||@g~w8hh7G!J$?L;)l>Hg!ABBV8v{T4q^4ffd&}tCx-eCj-V@HrL zMzG%$HRAJtwU0mG1X272Zciu%eDoU;Q4TQfQXDaj6Nl{{(Y48~w~jCwrRM-985bca z8oujm&LaN~emRcFh4t=1u%gD{O@QQk>I^Yh6hrmP5Z0b3YDZ;a-oWfzN$(tWieqa} z7qusSZ4ly_UHvsi`NtFJEF{L9m2&q8d#j_hN_0#s$+5wff@oS+O^UCBxPr!%GPQW2 zx3!OFT-XOShjNC+JzNPCmkDnrMPv+4y?=HN5ud#=p7A2ktAK1nHz_WCwNbE=2qkH$ zOYjWm8~4dNlPL>;i0a0`YCbWVl*B?wPHmwD5B+~WOc$aKm60HiU96D0;p5wJFwVl` zc7wyj4_p%iLOOlks`gqlW52x zH_YakRwJY(a}T$Rj&Wvf{iHM)gR{_MlAf*e)!O{-RNW@onxTI^Wm0go`&!CZq5@FY zmOp9@x7@o+%fqQ<_XPNUIeiNs_7)%hkv@dEpM&3~b@}$IS@dm+V3Z=8eFVQ?f2R@5 z4&tECb{`&zZH6-Ix$MlzHk7uZWWZp&(nNo>;u1wfp#g?t7Vm|{p?(?kg%|b!i)V`L z)y=DBhDE|+U@+BnC!+_JAqM8ulC4k|-x)ixEe^d2>i6lA4=>MyXkpBS6y^8W)efVB zcb>#e@=K^11*6r&$k1ByeTplx@Dw&rtD%Uy-$K2U&s4*NfK*<{eq5nL=p$TF6M;sQ9OYE#)L*Bh$A%AcMY60?V-&&c(^{8PJT=7|=srz^vPIQFVsP2Zv zokzQi6L*%)y@k6ysj8EAktqJOvhF#;;8W{j0?bGJQ!R}2m-tzEZbUyb=H48LC%W=t zxBbA`*6D(6?ei;fHwv|1Lq(%0J0Rn623DLmvV{J?}Kc#7i|HMBmM9f z;uv?K$%_)thijMq5O3()@1CZ9=AYE!ZEab4o}#|*pQ^Kc=bfVdW#AsGU7zQDAk*Z& z()++rlP5cLRg}JN)RBI ze(=S1rHh7d9De*WL%mF1DD^SJk5%eJ;i2G%M}(5+!e0se6~SK~`~lxkX|xfL>E2FJ z`#4qE>Qo(>cW*6E@%|V-T6``QI@=opX3YRaVLK)g2%$w zh&n0oxRs}tu;h<)BT%LLX1dhU-2?cQ*g$zki8@L&1YBQW3lQ)Y?R#KfXn#} za5=vLE;nv~S6vfltN-+;=&jz~mH)Ycb6y{!BbjrWxTaVg8@O8Bw3myU_9qvSz;-d+vOBVUySC6Z z<&@ptwq(imKEUDO!=2!;)E+9Q^DkBY>yK19+2->5@$*Bs;{EuD&`i7^&kRlD_v6=g zx^IK=IMrr!QfM%W|M)S?4A{Di?APn~$k4}_>`xj?Hz4F)EUY%79;X?`*=CnM!i{(8 zQCkJ(Gyd=#^PGN@(;Vajlh$oO_F!j+7>Ts58sFc7|6oAUx(D#>uk^M`T6Yh=;RiH4 zX&rhF4dMsU>}Wyv@iD?@iOTOAVl-^IQNW^mXb~*Mty+7gLZDTt-hjY@bJ|KPDwhD+ zaQ{FU7McL0Wx)^eIMglEh$$Nha2*+jYm0#E)6+Oyl>}j?S(rfAy+tPX)D}A47kLIz zWrlq3=Tv@f{|wLJ{s+sP{$+~r`2X?~Y21XAE{=aP(;*lQwStJ>EfX(Ja9_|eF)xAo za&DKt^bvi*+X{`^uBt7&0E%ARrRcXMyy&ChqIlI#VHm~cCHXd!NP>s%)do1VDVcDj ze~x*9ILc@y@4l7`MC=VttsKslu12nhzWPHvxvp$fR8IldjIlS-mxKO`l)JnikKj7p z#5VLqP*Csy@pXU2yRrZ`&T${ojcTLtu52=r1n%y|9^+_eGw;D4 zMN{UoK0#O#4R9nX+#yR(yeFIgt7x+!Yw}#wfan)QXzX-oGcfccdvOQ_0YOWHrYv`= zckj^PG3dy8)SrMa*iP0)3KZjw?>}N~LLq=1Sl+IS@R9yyq({9AtHlGJi&wkZyEi@f z2O8-_JgZv8z%gX)9e$Z^_q#-zVUV6z9Ecm3*Ib z%btc7`C_Xl^<|5@S8x|3y__WZ>UgnHs{MOK^B_epVg6$rwI?Nzb<2?T+H4C-#6|Xf z$4GGR&*2u(u`oF!G2>ZsOV%ypW}Npjm8z2uRy*M0P!N!!Tp zxUjg%TVVE#Lxpj?q^GY?(&`-p+}r0o^s$u;;(C#+-*tewJzQ`8H14NE(T~X(GsX^` z7_PzhH{4M^C*>H$!mj_8L+*VfgSC}dM14OLj5=Xy1iqfKWl z|62qjRIW|7uq3Lkd@H~$R=*!I5nPy$9mS=(A&aiMmUG;?YpK zOp^Hh;~U=5bAMb=~;h_eRg0|8g9}43KH3joKH3)cZ;$)j zkg)z51v5xK+QxOgkD0`NaDw%LG{sv6EYTrOJ%Pz61E76CDidGt(K(BMoE_N1PkBf^ z@jhoU&C*Lq*nwS;Yfz1z%_Ad7_aos{R8eOxVH)Y-cV0!*idIs<9>1HcS{|9jGYY~P z5Auw46LoR4B$7X!%leb#3Mqlk|1o;iRgcF4b=e|a=MtOI`L%N8X>?5_JzXp8n_`&P zxbo7l{M%0Q5%n1!J7{U1T`TP`x9m*tN!)-!^@ZJx}y+29&SXmbNAOJcR z>gV#`N2|q&sH4`ov~tvGbf^qYQyA5;}t~8ZjjZQ{R@Qaq7q$!9AM|pzOg&}&Y znDb6Mgp51=Lw<5yjxYKLG>6pVbhLXOK^+PuxwMrg-aI)()3j+^B+wdwv6x}+Z8WZY=8 zen#qXmP4u3fFBOVF~X6~0TQD9KWBTFXIVVMH92z}5*zpMaV87KP8x@T;xcsgr*F<`0Hj~rUX z1`%qiCmsiz^^8|0jxbf6y4ih!wDFWr_v8kOXL6P8;v6rj{3gJ5T@a`^9VNQEg-1!6 zl7m5IRSNy!{{tiUCCPc~dy`P=K^0B?d(HS@kO^k`UA)W24MCYaE0q|DCN1@R@}0^`ur8cp`C^QPK)C+BY4k~X(m0O zQc*=+!+|iR4E>S!VgGt5%|yItaT$(nm7>j9$o}}ZG*s;L+(qU5z?fA3mFV4EOkj7z z%h)9Mt-?6f}y8h-g+WA+r7Yt*gS{VU z1NPix46g=y_~<91wk^gcg8{vC3&jJ%$A8dc!0EqVVSBD<;jyh0 zBfu0O%}_YIk^fT0dSBW?Rkfa>2tY&8<`7WJ!X5hjgeD*F+`?P?Ll!8H_zTk{v7)$l{>7IvjV+@^=b(W!cyo)Vd8_lpq~ncLBd{H*2cY#sGF;en=)4V z2H@Sl& z5z`(}{K>C!I!EN%pWMOUxRfWkgqS`a^w6LDd;Z3$ZSu$b?REb4Eq|*aE>7X>z@{d# zIyV0WS$Fr9xK$6M#pKDw=STm>F`u=rp@%ZI?YT75mReywwSU(cz3Zi9WIl>0jH*Lh zm{aZQsGbh2{?(AdGsr=2iyH*~jennf96R!DuMRULwvXY@2#lFv_nIe52AgZ0!soJyFcW!ij z+n=TSu#ZM%QrA94?t2_Lvx9Tqiof5-;NxCuGbXy?JHoG?yC^!&BD)$n;j*5d3%4MS zyuK*ZV+-DmyEX5TnXRzNa|yaDDRcm-Dcxd0e+#7e`f(wNU@;UEGhK`3 z3BKAQ=?U(qbYWCz3ht!6jom^`diI9?+u44z^84pvI3YeSu#&2$C(sV|3U@jF9MIrQ zxu!_0vj=YExoD}(KKyeU!rusghUaD&2JM6$todo$=I(aF?m%jGP#3#pDh+oAR&~uY zY24V(Kf6gN?m3@MB6)g-aP#nNAwMRGk!GQ{k%&02!Fwr z14KW$@MGQU;mW?E5YbIMJG|uWb3<6dF#sPm^e~{( zkdY}5E4l_ZM5>E(U+jdI9lT|SwjRgpsI1LI*G*aH5sWV4%o&wn|GA(=r}sdGC82Bl z+D^C2(e#Tiyzul9#4&)~UQx9ORCt>GollL8=1??ir)DQbH*3=>u$Q(m_S5M7sM;#( zV2?^nEVIYOGV4tL;^>xDu1B_FUgeAUlUQW2Y3g%mB>U>QxO&RwdG!IFkuaxNOquuO zi?j((vyivMFcfuBCOD!xH6HyB#Ioa(EsZ0Nt*xUY>+ z1|8W$z0GT|v`RH~jRF|wetrRtV=j@iPaPP7W;!lTcDaKyL=?OTWiT(0{rV~^p51-_ zrWd~VYh^i<_6)gjl3UjN0uL6+hrSxvgP#kv^5x{2UF-tWGF@5^T)xOfBQ4+gU*4LV zJMv~Peo1noEoisS25#c){{3~j&f34{3h7@R()p=A5PXtU&+`vcI8z=bm3?FbV#!Gb zaCpHp#QnOo(P(-Ln;iRSGYJfkwo=4xucX(HuaqVK>q`|icNg%wW* z(dYsoeBEKOTQ2BgihLw=1oqbP6}|DceM?WFj#9at033SnEdIE7ta=+oFp?>Pkxg4U zmtD1iSh``{S_1G?2Er*qyVEgx`Vu;L6nJZf(mE~LT+G_3U9$m258 zqQRBmtxHnWbr^J)FJ53i&4PdgZzf~Q*R$x7nj)8KYxojcXyNP1+m^U$W@rCCTCqjZ zie@VFcDejXz2(gmGb(piID{?$WB~d8z4mgFG_FHgG_TKGr;2)$R%}9tc9IXh_{tUI z;fbtXE6UCA*pELZz@vpfCc-0PWPti_GV~pI5UVf?<^m)e`%0T0?!C0mg-iT#McYa+ z*gynK+lbk=+@F1i%ZrThxaQS6%&nbA0n?yoROaJA$`^?bWplkvrKj8-t7^Fqo~`K8 z56-3|09OK$;;zGr1`8u|vqfALZ{`__6e1W*rS?+$x@ z3t#2?-Gc>sdbcOB+6Cl4V4^mga9gG6QERfIfmjAe8~_;61V*NxW>0!#Jl>8ir*m`i zzgF$;H8*`_U16kmVlB4{kb{8Mk zTh~!@DY;|HTb8aizzOlwnn5NlsWPrV&&c`LQ1o96J(>7Qk?kpG4?_150ABRDex29 z6%CHS+C&9KQrXq}6#v){6*zMUedBiac?#DO1yTlu)CWuOh-;2wT4-~H=`uaYr^`_0 zo9ISexzOhy{O0*+59XKzYa;ooXfx-x1pcI5QA6LJUmHDi=dPKg_URwm zNAd13hJJ|UiU!YfsKs*~>YN3kQ84Pc%X^b|mB_fCUktPq0b*Ys3y|u?=v5_-^WJXs zYf}|%hJ{Vod`2gHOo>Lo&gHd51>}WOn^D57#uvp(_>=hM=R)}ftf|H*Keto)$ok_a z5cDv^MkaAM%!9?plTlj8(vp}kM^q^inr{8*}Q z+#l$45B&U$EcQBnN4Fa@^4JUfrG$O=j}G!q%JPTcnPAESlG0ag3d0uuO5m>u{_@~2 z3;wJ)tHMPOfhy9u$(v$i1_u3r`p2GUxTbbeyvx}TK1%auALp^rd4Iv4{M=2JPm%)yQY8IHg9{awE7hwDi@~! zS1N)X-#tOsy{nQ;?!K7FxyWM^=wNmZ7qzyrzfBB{Sac+jd^Hs3}i(r6zhc`Knv zM{y6&j~&G+o?u6Dvgc?=agyiDj^aemp^oAN&nF$lW=~^BO6V--Gp>8@qNs+X(y=#+ z+?zU%(FQRM<4IzddmMF^=^mMNNNA<+g!n_!iy(omW~f=Ay@Qe}Ri z1a*P=<4kz`Cx2W3k1wDMO5Nj7KV!Wf#VfN(R+2zyknYk-t?V;*hwdoc>F!N$LH_2k z$bm^1UX_=bcVVIlQk`n6r$?ZO-&y!ea-9C6Je)$C%+DXAN$fSn$`aS789dK+_Se(L z;9O4zDpFN{qe#;u)R`=L`I^5JIRcXkEM)k%N`Yd4#Z@gNDVdt36gH5{=r)V=dvcY6 zA*6y7=M~}bra26Um(5`~JZ%oc;rDdY^}b!*=}Cm0?TJf9X*TA_1V}o36WIkeK9%mmLnZtx8(2i>&wWab8a@eJ? zis^%c>;>ZkyuM{uz5sKe7MBpf4pDr*el3_XlTsRlcF!EFlpGHoWWT$Hhj)eZ9qUaUZ=-i*$BI?*0*awBA1{c6WDCi*VdOOB^%v3OZGYsmd z@m#SM27h!sBJ%CoWNDv;{%>3u0aHeMlf z-@xoGe_B{F{@34*-|bRAaEX}H(G=mwwqrW2GWY$_G(ic|gxjAtQ7Wyuz-DfjKyx#~Fu)5d%DgY3Xq?8%Hg3_lG-xmi%^I!yLI@lSy;eXrpwx{>QxG%Eh- zrEHu?#6EhvtJTFrgsd)kGCkV)GBta?7b9h%| z10!^;wDIYGa@BV3bUol(ANCmG3oDgDVZ|g>{gvO?G~-S8<-KSD_$DHexQ$4iJG;at zZG88iB*AUr5?ovLyZ`F8UalIF1%Fof%Y(ln_(SJ8Y~l-u#$;&2ZNp`993=mTtbRzX z-`koct$hI2S!v~XbE4!+;%h>70g~%O`39>$n}DqQtB6|MNzb;cN%0y^1W)ja(eJG4M25wNj%{zx26l;J z{rR{Klb>tqv-ky zc+5W>tRk0d<$185m0)ZPJhOd5_C}9I9b9rTn>9m{tiG4Ozbk^lX+~O$?h@?k5Bxew zp>s<<`;(QQTRwtczp^dv$8B(qK{>x#OAcIA-*Yt9do5G^V{>qBN{!Cg^N&J*(5IEl ze3}4xsz9Is>{dW54MHNGxD0O$e<`T|Tsi;&>!iGC*-x{(g289)c1^?A|Y*Jc$ka_PeL> zwh;B;191-li1DdY4Y2(e;{J$an*Hr%WT*XH|N9A2Yk3@#$nzyrvFguHQ((jetY<+K zntt)KK+{XaiU5RW!O;;k`*1XE$c$bZN9%m{-`&7tI6KM9WgR>D#}3_yT>|*Dfjjp@ z3oON^&L8C^KqV~h54FI|PPaHUnjv<-YVcHibZm;zpS2>O2@IFtkp7ZG8;}QQbHk$% z)RKh3k*mO#=o*Fe1r46Gx1Xcyoo4p=!)YeXJ__@5n^pTLXr9(d0kXb%d_D3=4AZS* zJpxJfAqiz!X+T@4VBT63rIYElD@V@gkrbEqkJIM(R4UU}%#zKJl-}m|Z|UN1mI2(a}aBZvd0X zo`-inMXWf7=3lI>-ul({|92?;q7s%J7m0+ z-3wc2k+2dg5TVB#x6q~?IG-z0NL2y4V7jruCT%*W6MOKNQQ{zXA%2JprTH=r=ihVP z%w~SLOS_V%u0Y>){`s_#Y#fD4fQwZ_w#b%El^5aQ3KVq~ZmK-~s1>RCPpi{R z>JF!df;pE0-<}~Iz9?i1XP^1Y89j6*9}(^eY$y%NC_03lK94%o z7m=28JZ)^jPrxa)UY3P}W8axMzZjmV0nm1E3_9yl=EYYp9@XiHFtT|%2bcU5?=m7UN8mBv7n z2_Bi`Ge1Bg?e*K~z8=HPp(A3xP+CzX^c@2yxdm=3`Xjq>K0qxI*$eIM^`ckgvmfX? z?1I|_H@GNlFRD$1(G<VL|KNQHH{72fTPG-dNIw3<6N2(K%41VZ0Pf6x{1c9?m$nUlbtG4 z>R6UL&55=#%E_NYJ#6@N@@I^Zo%^X$*+GW)FA`9Ys5G;`T}VjrsDB1IjmD%|-yhQj z*fMd|v3}=rxZO#fj_t7CYK?Yk!|l{!JC4d$TnN(I@pPBCU-Df^n}~mdIBl@e7xKD> zQ9AI>aAt-rHVZiymIk~O&Kxz_u8I?-NAQQdb}2WZ9k5Z z50dpQ;PNF;p3}c-f#DE{jR~Qsr3ao_`x_z1n%V5{j^X)oVP~V7E-PSqjNC~m^W0Q` z`cdY~h-m|cvG9Fq?LTOq$8Vh)al5+9`< z3iWi`*e937j=^(*P+$&^;e{-WW=$jT?eg%xT@%~4ZsmV2^#dF2;;4?KdCC-RM&oX!w03F|;z1^{+}Z z<+oHBMhhC8kp1?i&fXp|)}gE(K#2?-*RlT#ohV23PX|D>;eN7$kNYOr!{$0kK@PHz zjGBLTYSYUc=0gr>&ZW&z6&c6k;?YkkpO(k_ZS>&2|M8H06143q0OPz+m_%S3*DUw zHJ6~@D5o}IrcJwcF4sK0K^$p$RPAbFp-DhRA$faoIe$s`8aJ-LPCIdp4#c+)qdacX z%&_k|enlZ*K0kPTV+#A6+^7Gl8-5?1+DpW5Z=7BR&|GLt3C>NkB7*kV)h34VvGAK` zID3bblO&B-o}#+et>G*&SI|A~f-i zAUpB`ow}Z>6LHF<$G2N{doHm1THO5vczV+i;FYXTIYX|Rx0%Jwu7pF^fEU3yY`^>C z8NIuxW^wf!3}2}4vrW0kZzG9@Szmd82Q_22<>C^Z-5jfr1!Jks6zJx=Gx;`aK75^i4UWmCrJH_qfNGwfW}A@)I5z2czN+bm|!Z*L&4lX`~roDpc{g~1R-`anu=9ZBh)6dnu&p~=|S$8_&Ca5$?M zm9r;vgpwpz!3GfdX9Im5*LTDSyid6xzeTP%eF?WQD(wQVnfz<_A~-D0*9Fifa-QIJ zo3zz~j`GTHwyDQu{WIA=WnV?xnPo{Bx*Sjefy@R#4e+sts!5kCIxh8CLl05BzKZ&f z;5}jS5O2r$RReSqh9A3tPr@Txg?O!nreSUzp{;SB1_!L|`L(68x3zHDaME6N`g{Fh z!ywbtc}bNnbHjL9Z`y*YVWC^)%2qQ>g=fJQ)CUVq-GUlfA%*l3Lo!7p3|+ki{i=kn zAnmBo#aqxIH*_BD2%+H=M<_Iq&Uzv17V@2$n!i7kOb0e(Wwq)8(vFp0*eCtI_BZTl zP~!-tNi6THW2l8)D}<$+vHmR*`FFt_Zr?)FxG0G*#B(Kd>-;j5l>?9pM*yscWHW7UR{QG5&F^y?@@W%=c-iDQg)<|CZ!iiYOxf@_g|i}sZ#4>&75edqx)#of6u!$Sj8n*V#wnZ^DeN%{ z)6x77aS9hi3Rf6~Db)I1aS9hj3TsAT#4Zk&}I` zb}c+JQutM)Fflb7;}o77DZI%jOwNVWIE5EP3U3#Mxq|9JB3)1Nq7y8zms(+IT4-su zS%K%y-&JbIxQ=ypX_E=pt5qfxbV#;3$fXfZ$*DaJb z^)2|Hx(bf})Te+M<>~BAsmE zbYt>Zu+}95I5RS&zpe`x2u}zX2n)`_aK*9b;Abc&N^f>j6kvYAixIY2ug`I#s<#Vn z7B$mLy{F8c@p51d3f6S)2&f=X(U@r1AypqhPbOC!K1Mlo7O%i0M_`STV7MeDWs%#F z&pjT#7?y!w`&<}9P|QDdWoy8mbUEE%%_s=09&2dq`p3EbgG}T%``6I0*!c-KyzgZy z-avuFt4r<@ZFK=TRpcJY+T@Rp+N2j+mwbkCK+)$n2KqSUQqlT6NzZs9f#&ZVlrH9v z;9N@vHf~G(3$`A5mizS!rIR~BSF37PoSr^1<|G za(;I2LU#RJ3XhCpqd-N0IpR_MkHZavY?_ksi6mq>fLTACqwAY57Z4npD44}NhYM!0 zA4ZCjHtkgHr^h8>oZQENdfR9|4dRL~Hi=@W`MOk}`vI0(EES>&)Yop_gxU-=Qd7ggz!Z!}7aUqf#J$Q??)9|;YTc&TrUQhl)0TFOe}S%du|3uCqh@1d-o zJZrR(br`dzQC14iN_tpiArBY4in4n1tiKyyy@XjqD60q0N-@5|Yr>$3veJ20BLB*> zBp9TN$zD7;TO`j4?x*Brp6ue|@z{g!P_l(5e<6}D4U)sm|D^I{T_g_-`gyz~Nc&kG z1QZvO-4B+k_5_&0Cb~$ycv)ZI7B-{b9#enxocluE;@@#oWhaG1NML^p@R@&+H0bOJ z-qtJJ*LYiV(KR;(fcPsF@LUvJZ8993LX*uZ@5cHl{Hk1e8c}m`8q||g>MKrgyKxC< z>uD9&@Kt<7{-_C7@mGtlvZZcUDQmJn>2^AL`uo=*f{hwNH%RQBA;R&+#52aS3H7Em z0%zDV)e;u>#Rgp5OhzA{cis=tt8RO1w21QT^fb_!p1%7j(NkKEKbwe{CU|nyDtz+ZlYY@SygCYuAq{`&ulUd}%=JWMamga41|<@kqw zi(W?S{{qulxp^>rnv@8nD@uR5vwa!Lh~d-*gy(hiUI4!}gZZ@)LyyO062E$Ik14em zo?Lt$8WV;6uSuIeL%G4I{#-yQ>wB@#l4IE2f2HeTQFWx(UC*zi?`e2^-$VMI(>t)` z;X`y%mPThm(k53&WgGE3mOu*On-v40m8#Y26Cws9d2#$VM8jif9C)C9v0AqU7t-wD zUHyIoUuO!*8g-O|?KuIqmj&1kVCUtb!a|ZO(c{+AJCjQi?nRsf?yecVEPG(nSc!3r ztUymFKG{HC>QbTVkvW)PJEYX7d%mP~ZYyMJK$_G64^7g9j?k|B!=Vw74eU-cVvRc; zctq9AwR2JeDaA$%;+gUN^~YGtwB6no5yM7eiD*+gAyho`rdWFxLk1Z@w?KzcrU|Q{ zHGe-Vok-5_T21a!e)rSH5_^klUYbVALLDIg?8Z?47=ESRS?Fn9>OeP~6QoW37b2p4 zdna8SeHE2>kUigri0Fp^n+u)(mwZRsf&>J%q>3T@Q##7S5#;gRUh&;2iel>u= z+n(gP*oph{Uh)S%Anb$m)&bE1Y)ha=iOCdYYZc>fy!I^b@#*9Hd|}X%ypp2?zfGvg z&_!?_b-QJE%XTwxyyW_7>A84FAamW18;=3y_?Ad_EbZW=%e#%b?Z$}ifYnpsxc>)~ zxOz9Q;6j~;(9F&)p_p-(=e0m0dXovgjxT>w_A$P{p~p2lDYn?1X43qeNz8Byb~Dry z=FU-w?2Owv#XokbL;Vo3`|5#w;?dp#_#YINx<3K3BIWNd9g{x8ou=s99fhBIPK34v z5^>oFb1`~CBEmK}ROibD3%Ze(#~1p17Z9_`1;${gPLt-)F3%y>Pu2tebTgMW-P3HLVF$`D)kSKd=2yflckM*Qa;@j_DjG|j{ITrNxLOiLM zOOcHg?m^>yRCF7h&L>!^6bPlXxEBbS4cXJ03 zt{Qeq5~od-){niaMXKT$F}ntMgA^1caFgvmefg&&I=JUjoRUjKbv?;9FHAsX4JTkr zl3nVVP!5Kq=94qM3BkGEQ5cZC2Y|PC`R_NEP8gH^fJ^rO}Ff8egYxq*-^#$fI@_JeU^^}Da*H}x#N2d$ZjVe&sD znG!Bnv_BbE7Yz-hOVYsI!Z4M8LL0%o=I%Cv?(K(RH+W|uw-ToTU`@oStnbA)07)Ir znG(U}h`rybZK|d-5Q#zELy=^DqG*p`C9Dei2($MdH*?+&-~0A^-Z65o+J(ooItRa^ z;jB1v2JawjL+j(v_xxJ#X3lXWAaAKw3r=ZsO)Sif@`goU%y{RD8Q9BbpaBOtq>q?^ zECQ*2y3RHbYw4Ectw=a4R_Xu}n>spjr-tk;FWkfqTdD9@oIcqd3h+>S>yr#5C`x&BY@H7ZG~40ztlm zb2AO>+n#v%zD&rhd{cE1<0hyOck>uE;@!ew<+}nCE4SAeep0H_sphxkt;8esiRO92 z@vkaN(3R1SIQwUP6h5ysi)|rK(XNM+&c@Z%c&@J8t|SUinTL}MY(37lb#!z+@5QrM zj#@w5k6%GW4OVOd9=4)p7k{cPsB`y}17^WkxSiCkX6)9td`1@-U>i%k8xz>7G(NrAa6EYKYQuiL#LSNeN3PJh#D9VC<2oY_0BTuUx?mDS z{w|)c8sfz7IKMX(yQ7e3gJ1twe~@UfMNdKdS>g7liS}>10@+;TvxA=S6vpL`5)+rD zcLpX1Qx_wg{i4wJZikg9~F038*v9y-_G=k8#%W;{c@ zxrVzmsy2c#&4+#M-X@Wa{?*@DBV37oAe8mV%hBO~w38R=s*N}x)LN~j_=Fw23DTpV zS5GcLzhisMeCK}16qZW=3BE6E_B<%-^+s26){t}e6<&Tv)y8h5%DBgF_YF|2m3xJU z=06{dGEm(;9?r+}YB{<4j+Ih7sMtwGG3iYx2<;5O`qs90MDAq5Dur=4*iQRhks&!G zopkh$#GDF>RBK6Izjy$gMLMjWi;?<1mcpfNcZT|Tx6)ONdr@EwGjj|g)CqEXlIh4@ zv3V9AED^Q~vu7F~`9U^}FXn8bvqf0tI5SkRcm`nBoU0501L`b>E`_AY;UtXc7#b4j zaUc2cBDWZqhBF-k6YsxFnCBIRccmvy$RbzPa}R8;Ce)M5NeRcY^)w10!{JbUe18}+ zvSZ>9HBI2I2MFh*+)>zSi(sCv3{)~h?y3Er`;6S9XS~IRqvR1ozQN|qefp*GqF7p^ zr_TNvV*Fu7ci=|aUG|38!;fb=4EdhjxBwk|noK>fP_#do=w@WCF?M!8;hj4Zi(TJ} z&$I)&Q=@}N7j=!F81D`V=#KoK%Soi%ZkBwPkskdHPKtV9-+q_E*G2|;fbIch{)-w* zq#w_3R;D*ld+Js37_ewO&a`qs-8}%~Csks+%-Qtep#(k}eEuSVyi~R3@50f{ z9YE37cr7Zgz_&~CmEmFVKE6d7^m=yi@{%?^j=mhH$VgD_tqwH^By0JlA`%B|E5fhn z8bU7go;tmiYXQPWe*9Di=POV@_t(fyM~nHk%X^cJ?ZL2g@h=zYdS~sq?)JYhW78`| z@LP*%yZge-k>z%J%Sz;%A2AIE1L|;cp3~u9kBin(S!*$i&C*0$v*&^un%$w$%Xjk8 z6VJgdPm4ZwT&U~huS-o4+6@J_#FwAX4t{mR{|L|AOS-`Gs*`cx`Fwi>p1xl?!Lv_( zXLw$B;r|6Z-%W~v=Q>j~JR8mbXYhR8)ES<4=f%SFpSk}NJY)QI?9Ff4l11OwVikY7 zwoU&#T6}m0BVayoktCwGcUu*mmZXSQW)|m4*A@sDsNX2wGKcE-?hMIW%MW-y-Cg9+W?0BCM>ETy{5KoKO*z*CuZH?vYOB~7 z`rtgyKVfVXm>bSJOyiS%oW${c}QRG>*z3?7%YKDr}hZHX#-BE9Vian zs{i{4UD;jE-E>4xRkLDDRWGa|A8NpP=od)2kMH&*>_n{;Yk(Zpn#1u*x;2^Tj33_3 z+!5=g*!te+))$9cC%NMblTnb_N$%La|CQMDbUb(k04KO)<*@q-G!(%2A7=!-+So*R zbZP4rn2jxoT&*6^Ggdbdyh!hLI200*K_=2xAGsSz3Ez#xKq0O?KC$!tWhefxURY2O zi=Jj&V}>mFG?eq%#9BQ2Ge4gq&4K-G4sJTrn^12T&*L|kOvXXB<)=;uS%V>qM{mfl z@yFwc@62!Eoaa;|K-kE`L^H^(K{JzpwRzd>xtv}S;6?Ga7A-s135OXVHzl0h%rwZ2 z-1#(B(4GId-@4z73ojTst}N|@fXQf-WP~9GU6*Iaz~|rBN8t16kG}z*DE~d-JF80L zta%L`91~83fx+0X?PmoBW1~)W0)}Ao!sGXDCUXMRwMR(6`^#o7MnKnB@%D?j@{Z$S z4ACBIC83ztWb~o==Z>(bkyE*MVOE=)}OPs*OEos zu{NS4p0U*ILH_2xRDgzb!zyc=j1%~v_NcuxRSuZxjKK*&Nw@KL3@9B)>?&`IE8isP z+U#c0^CBTIW9;UisOOjQOA+dwQ>zH~?wu1IVfnzb-*=o{n%RkdcRow+iNdBUB1eZA z)X=|MIhcyMsC9M?YU$60MBu3#OC$RH2WfvHfC|C-27cn`g}nAXJkRr4er?nNlykP) zT7G8Q&=_`53AFJ5)KAxGBWYX2a9r$stVMf-7grC&Xl)@5`0YIuv=?e4idk}aIGmXi z-IJl+X?V?GlQu#D8p1*Lz)9Sgy39P}Wbq>q-^Hikr6>{ApbU@PXKx`TmT}+yTQ5Ln zrEN<{Fe~Pfz&2;-aqPdl-iIz8hzp8#qF#hH&n0vbHT^H^YnUJ$VRU(pj(8O>i*P*b z;pWI1Tln2?iW4K}T@eKvb^*m(L%s8)!4vPZ6;{P%#(q;kuK)HJEaG>Z4LyqHb^zn& zxPx`kp=S0@ODyM6FeiSz@Be?`^~3kS0k2sDDNjX-&|hxw~(M(OWJR3>3JQpG8NA8>AGL+R|Z&uo?T$&mCbA_J7Yc1WLDw_J0wsQCGVHAX zb~0Q;BYQy9FcNC`Q@Dn?qK40h0tM+o+EyEJ!qRWzL7K*L*YYfVF+sbMM5;h=hc4!T z9Eulwg^IuF>6vB+k&|C`_3%+4MUpq}q$#D&do z=@1?>RO1%stK%KQuP?rRe4MzY``F!gwTUCFx`T4I@N(SO0^+yRKR?CkzqeKBleMu8 zqNe#y?vSQ|^D)_U2djR^T4zvDppWr%PX65PBk|Bq^y>suwPqyWHw>iOHJHnXp1-qA zkE1`&S%u?l!mnW@YhW3o3;m$Jt48vpeH$TJ=v4&f+cP-i*ONc0I`;PcgjP%Ks1`>t zr;oGe@28m4D{pi1sEBXeFXZ1db?z_+`m~aN_aXW!;89?;``frU2}@oICAA`pJjRx7 zarYImV;%SN@UweDPde4VAqw)lwoE-7e<}w5?kpty>yKEr)oSK+{jBjdqON9Zfr47d z-A5&tvDUGt5C^$KW*#%~toCwF^?fcxWk(9AA7ce`z&LZzoXAy06ZuA(O*bXldL#Ki zKSgb4Axj|fK2uB>i+J?9;Q!n4{+<2bjraKIvyHdkPjScl!H@sLc*Xwh-CV)Bh0cm# zUC$3uhpB+EhNm4BwB#IImt5_n*Rcq}c>YNIBTU@$+*$PlyXXtXobRH@%GTqeOH+wd zJn{oyg=10H3T&$$BEdzONIp;S!wWblhtSo>7YNWmMTHPwg!V)PP(_`ccmJ>boe}Mw z0{hwWeTUGY6keY*piBQR>icWw`riA#Q+|=zc`oJO(oKHy z5&B+xAa1_m?{yn}f7sVeeuhl>+C%a4)!k6Va4J&sNTf)-_+Ojx?vm~QEB7`lD{4Kn z-;Pu-1>dJ*So2R(Fh)Qz`e}8SDuH5hG7~7y;y)HHQ6J6K{mYD~7Wpk?M7Kqk(3HUN z-kw(7riX4Y%ET+d)_GU*XuIlTfT%dv^5PsoCdht_9M@=?k5j ztIVlgUQ?+d?MX8V5hNx&+foV zcdpnUT2GDKcpFCtDUn1>nSqJijgUG56}kbB`OW@S2s)hQRkH`t0eI?Kz+MAc4@V=~ z)dJCG``S1I+#LfRhd&c1Nx%TD(7VcFlB%-t7W~BAHtrjjyoj0kc|(&}+8rFC$^-)syb>>7Kk`650l?XMdV2xR_szTYS24d+T zRl6tKDtNa)i}ZRPdmTHVmh$WQ#}O1dXRrOU5JJKH{qklCG@ZN@X!Z_VEXuq_c1I!w z2U!NB9cHM=g8Wg`$0ht@xB7PC}PaGBbf^{uEA>0LN*@pw(0L+ zhr)^)T})tN`42!JSZaN3nv%pO6o}B&&(@iDg&B`1dY^j>65AouyQBB1l>aApcl17Z zGv#oC`kDlw6}4bytE2Ly(spiR`c zIRd*2 zcSpM}t4Z13Rvr4{Qonbo|3x&DsxZ*A8gOdo;~M3@h&^x!M$bi_CiRpK3+@Y-`fbFX zX=`uat};c|Kf}G$0ZUBZqwn?V=2b^SvrE_0NZXlxUc14=Mj8vAFwCE$^jZC5hbsEs zFnyG^N>F`1ul_=Ru@0Hu4zpUn>Kmup6f_)=MA?rv1s~=L9{tf@2y{rUPRiDIIP{%` zKd-zE13XpLmN98#tJ=nE9V^!-WoJP_eFyP#vHej$Ro|Dkra>p(h2jqX46}c-8BTlO zhF-(^)iyojojUqoSclB;esaO+W>hoV(Mej@-<3M&~!6*SR;i)lReF zGg)&rJTRAfP-k?@J+2PxWT1gN8g*1qdu-zPC)~)7Vs{P{%XX55L`vBl2!5h%8 zo;C>k0fR^ZvB=*KbVZP-3l`B1Ta8ZbWOKca>P>7hd;?T*Yv{7TM4~8Mr}%uOzLrY3H4UHk@ptZ=~_B( zV}A#9?Jq^xG&;O=A$GW|H}7e~TYgxyia2_^gk* zxexMZJo>Ay13kJmCWLI%ef~|Dp`W)AW_$hmv&54*U(w_o5hBC?XXGQM4 zv%S@z*c@08~ZRJy>7=x3F%it+2yp;lFNmUml;Ii!+4-b0tI`7SK z_ThPaSiK^{+HzN$o@h6nJYX|7duxC8wx+MT0*n4d6zv%)`p8{;>70|mE7mHo-iz$e z;h%X>J6YXRShpfkR_k$G9*qKH`u4le_qL}?>qcUCxBsG2s<$qkhueb>63}{g51`_H zyTAAs0`gO+;%rkZD@Y%$Zec<==$fqVb0#Vl^$@!(ft%8!iznIJ(NkLUk4S7b=e#vW z@J@8P-EN05?U|2^NZGYW5PWx<3Hp++fyXK;@^1csq~^X&QPBqHZRNF;S%4Y5)8P%I z%l;|9gvzB66(SNJE6e7Px+nsv`FCIh3cEfA;S91?&Ir3RPx4a1GJ=)m=ZFfjcUe?eBP*Hb+4C7w8(Csy&qyLn2CI=IE%; zd${!(54$-r5_Z!LJ8myqVKooD`FwKcz?9IPI0&^KSKNGZD&I^B$L;L3Lmjy3 zEB+@?n#6iT@onfwf?`A>>G&)O^(g$La|NxJj-l4w153SaX32*dOWv9V+~c^O4##AB8Jk$)l+F zzDnfrSv5b-ty-PMyT6pfHi8!b<|+Q9d8C_i)Dvr|4~@WMYvC6#YWP}x20O|>2}R-Rm^p` zN*vns9QNg7=;^_g!#emw9{Uv@kdOP}F)lhuz9ubd3?lw&kPKx46hs#PRljyAJXQP2 z)e`R)KnQc$C-A+r>1mFJQ(zIOvKRwP6JAGeqMQ5N zlb)^e)-$N@dI!802Bg*JA!e>=Lcc983=8Q**TNI(AZu+!hX^&W1^u(LMUM&R{tG(D zjVs2S_L`z1NtPfqReKH0|OkDX}4JKh#OEOpXqD zC|ma3zsx3%_d(R0^1eGtT#LXUQ9^VdOjhU>-nP28w|^A|z*IkD zuk|5`Vjl8*BS(<1`R}GYjM*y$!NEUCXumj^vx9VJRX<;d+A1hlfp9v?0ltoQmUu-5M9JWOY7A_YXaq(+;1ud z@s_>i{Y}JmQFkRKBULcjwnq$EC+>{r&Cz1%K~5uIn=11w}UiCzRLxq>g!2q!HuLFfp^s@hWdN z3b9XyEL;X3<^L}ta*PXq@8%b|Qr1v99-$*@oAw5RDvBI`w2kLoMj-8`LHebRQ1Y~ z>e)R|EDXIX9nCRz05*;RdV#|3hcs@7GZcfuvfn){LOEehGFf02KD!p=vvK0_&kZ>@dKY zl7BdKZvJ5e`DkyTN8L|};Z1Ndl`PJ~VndMX{81C*cvR!#P_<)`c)W4r7o&Zxy}+hT z#}JoA)sHUZM`v0LHdQU7*GF+N@O2R1UNg!+E-hV_C7?cAfsJLXalbG*hn;)~yEr+I z{rC{4l;1wYFTOgiOcQ**g?)7u5~YB`ZBcKvcpvO7!9~VH zV}VnQC)>N3ll&pT3O#xiAJn6xaE0sJ@ez|S3zIqz{!u=7HSXZ!>8Eku<#g7WV3qnL zD1iwgGRE{CY-^)XSG%1%D?i9C-bW|98_?+2Zpjqm9^e-zL`d_BXn&qIaF z>J-i1N{hvw1n6(k?5EY@bj=P6$VwD3o{-C^bTMX@JA?b;-pw%BUZu1&X_kJI^H zF5D%p#jr9qZ5{G#a%CHGZSodm+w9WBeYV1V(pt2svtvLxosJYcf$gagPLUnzXVRt# zmeRUfOR4JH8hefd?v)%V55#E)Y&R~76zxHaHYv%ew#j2ACAril>Wk#7AltoFc_zbM zC}-qsnw;)ToRrg zpPpCPAo<_LYp#eqM6Ihh(nGkf{HO`YN1m+K$#rdsu6etPElH_*EkMg=K3>?c;^SZ? z>e&*{hSy-SHZ_Uw&?hmbrj z3@1?6ny74$E$Jq0Lb_T9VAJc0{YiPU-XKGkt*~z870!8eG2@w(H=#bsq&onz6Vh>3 z^j+|sGH;gyVBBOgH-}Q-KgYZVZxc3mKW{F{gw4s8B#TX(kYvXb2p8gE$bN{v}y_g~=vG zTS1@Zv`hPMOlOvFi3zPZ1>e%MjhF*cz zEYKR_To2LUWNeTO(EQ!$M?SzWU7j$`c3TeMiF>h+HZ}@MzmolOSsE89sg;VbA6vk_ zj3kzb#OvAaaH1I#Ca}$sQgcPAODKj)TA&gKXEKME5nAf%84F(>9+p6oD>>Li`-j!A z;^F)6qPvJ6-p80fMo{Z8wE4yM9Dr-!(u$#SnPhNa!8buSh z`7(nzd-n5g)s%?ZuE6}OFEdU9>WbM4oY?u3sNfrd^4R7K(a;k+rxSA8R z$Efb(?7>S7HpBB#S9P9v=O-!G(`-N%@fM?GNY>X0#4s>z!(7@g!*?ckk{S%0GHMQx zD4sQ97sMIj;YuI^wU`ads3?I80b?*T_L}M9K3wWgS5597Hua5rNTB)#HLn&b>Qi$? zyLDx4dLTu|Sob-e=BP7RH~fn@3$#ym=Xu+&br1KpJ0zbfgxZf2X$vbZhwe6D6-+Y= zQ=uj5ByxfXio(Sic1qp`#i!X6{Yt!jo664gc+k5ik%%yy&7(@BC zk~TfO3^}PX+Who^Ha)&SP7!|{=7x+*Q@myAyPCX|C2n#j;|YCrz7v zy09dDRdOgFp15jBN^XOiqD@K4-KS1TTHZ^Cx5~Pr36cq3(f>_l+aInrnO5~M6tsx1 zCNG}(EurIG=^LJ4XXwHr{!1bwXlyJ!f^IOpE0f@9yPyu5Vm0q7^|p=OG8S=a!oE_q z#H#oe3ymcm$KpvT4HQ|;h(?PRb?98;4WB9GG<upV3Ow{RQDhK{$5j;COg@2*0M*Q+_!ScNpUkn8Pf?qg+FA(b0cm2@8 zx3bPEw%Y1iY7CkovMx<%P#>x#w(nYt_W>Hw1AIgi_=uie*kwe{)c7N^P2rk&Lx0j^ zZgS(mAJ=JjFubH|i-#<6TNF3PAGq4$*dK+l4_z+Zd4?Np4EBUt8IJrUTC#=ttKk*&8d{k)Ul!AXn%1{l5L~`EYcbmM(2_ z^e&YPcT0cRQEDsPUL^gYKEJle@`b0k6cg)8?S*h(8Vu$gG5eK%gP-2y$QhVpkQn!TvhuJ$QaEkvFuOWhYb7H2$vqVe>x zLqB82^NtwLf!OhU1m*64W^OXZ^L}_dzZc_C;I&SceqRf}hv0XI-LeBl1cRKg8=EPX zHtoY^umQOS8-r%x9b4FfZ9y}QzWtsw>^8QNzn=yqtEr``H9R17cZi+EKE0ko$GvaU z-oQI5Hp4>tlILh%eD$ZB>e@zB9)ZXHvbsmE+yhVPzFM2)I4+;W1D?f`DOUoQX+pWJ zx5Hdoxi2xX6ec+|Fu%5ROHyL#=A=YkG)wY*WTNx=n~eXy^BpQ3*$X>xK4IYS1N)L4 zh4dIz0N~P2Ikv*%0G~R_SkE&~z^tEu-!_{xp$)en7w`B$j8Rc4Z%s-hb7zBJEV*%nGMlkxyJT+|hqG8CFs2UO`$`k) zj2fct1EfurD9|f~0Vd#FSE7kP_x4-{1w#2nX@JOp({E1!DtYn@4~~ZryE~;#M?)NV zKNq@}uaApbIG>G+T{mtx9Q2OJB67}Z-xq0LlcDb$u(y?`u=Z{EpEThV`!TtVi$6BK zAG>5Hh$Xv?H{A}vho;BJvJc(xbAZhhaI%z+w(KF^hD|+io=G>E#+k52Uyu%bJMwqY zWY8>2_I-d}G#l?E(EA~ZQVDpJm{?Wk?i0EazTj9zZotpyuZjHCJrJG~633Y_t0z30 z6D8kjE-5+TS}*W-M|jsg1`)l{W2(Psik~ zIwu1sP=J^X1wX|P7p0+igK!-cGfQpiRndNl;&F>z`7Kh7Vl$GAdD)9yhyoFG0UO`O z0fh5%S!8_2+0&=O;~Q8yX65O{ec=C&Wj)DD`*F4>wX=`(PWz?$DLa(drmM#*kDSqw zx#o>ak8iK6#|4xR>{Lf0OcO9)_T78~&Y5#|`6V)t>?j#cmFEeCsOb1=>LK=RAua+_ z>6jFEUv4k>Rw3C7Ho+-4xhvM4Rezhei%xxE!*CEc9dPgni2mtGxCGhKc78o}5%*rf ziVL}VP*3s(OtHm}hB7HW8@D|>uaIodB>!%H(T4VC`Gswfn1!%}lWba1mh5d!aNi|u znw|nr7Iz-}pXAvhZQ51YMj=FgUkBS3-%X^)wpZ;ivfN2KMf&ah~!SQ5!xAB3w zxd{{Yh1TPnQSf6Im2!K^XM_*;F;|lD<0Gg<&w7#JBdVW={vX!f1HP%UdjL*4Q=r@w zS}40HAjL(UR0JAG;6@XMisAs#3gSQ!5{6P}NdvvcAa30Fx^TU2D4@_5XbUJ5Tp*5u zh&M!~AeIzL?{~&?Gdg(x-}n38-z&X&_BhXZ&NM*0Wtc@0jU29)K?#Z%675kj5AEMlb3%i9wA&FM8?sm@oN96j# zxesF9_c`}F%5^=&Idd@QNzVC(b8g}soU%HfbJlUrFwU8YIa4@iE$5ueIrn3Zm2+OE z9QTb8eekt*v-)HlI&v;0*|TfFKQrp%x|;)Xw6KbRe!-`5v}Z27hk|QNP8F>3U%T4 zCe-4FoQ%uZEa)7vvOTW$hu@z0Sti%7V)!R==or-myP%26+zW9~>}U(xO2FyhV5eND zKee~?AH##QBE1{JgS)7Q#b2mt82LMX&SmJCYAlZVkuD8d&<47egxxP^RmL5+gB~hDf zsn1JKkh~#!E*ammzQQPZ(ccGY&mGY;kPJ z-c^%RR$mbZWF|Y%Z0=74~8XeUih6VIu9bSXrjZ+HW8kP)44Ha`sqCQw@m* z3pz`y(K6i6^ftse4bkNrx_3;BQ8{ud#wL_00(A2>vB7qH-Dnx-acg-k-kZbL$Ue&? zyDx95)0a03HG&62n_1yDv8@!nt^H58Xscy=R^K%jv}h9tIxu>C@v!<@#-pt^`2VH7 zIBM^zw%d#GFGcc6*rQ9Fr_krld^!oy+k`qz;pVr=$|*}Jq5*x2_B_S?+}k zII#V3liF?^&@K)?x^Z_*<89ePP<-r4rken>PqnbZ30gA0RNjEmg;(EDj!~rGb>SgWt24=C`*YlCYoih^cA^$-&|*XlJp}+^xlufn zojqQP1u$!zVRE2@A;!EgqAxRxEC;O^CI%rI6)LiAHSiz#wMUz$99D{7g#0A_KE^8a z53rB2$@LuL2fb>|dzF$taXTK{opSb0M{cFN9iI9N?*2myj<-r{I@yZ%pqH3q^2yx}W4Wx<1iMLn z47QRqs4Q#SpvZWmtd(K0ZW#RF_nhc7_n*OdsAH)#8szL6*;pqSXMH~WP`ir4$5un1 zZNG=I(k@2SqJ_Q{2t?UGHj{rj`PX3nHG+T1{40llP32$b@~`>)D+7P|mQ#Rw-?J;p zpFoc@8mZkZU7-&xBL4myGTV;-)rv1kWrw=^UF`AN!T6%T6~8^3r;@ev@$fs;f8TA= z{;%!Hp7Kn!fZLR@&4;+n`OVtAC8o`@_~Y5-6k=Ghvc`9LWo5-#%PB|S;nhX+QBL`p zQ=orm9jENz6qp%4kzvX@PJwYb4V?1!J1tiGuI|yRjSfmJD0es$LLO?X>izkQX4!<8 z(ve%|I!Ap5e&biB+T*D>L(YB&D*K@)CCerX)jkTCg%PsPIm?NfDD=qqbcHSFkg0;b zwo6_cQoK!t|7vpnUNpr%H={{&XgPGghPSRdA2OqwRx%AX8uc1%7%ol2eRc!m8GR8q;eR?wd{D~S*+s3y;=2eDl7 zYT-HbIBG4gd7r)4dxaNm3}=JsuTZ+{A(5s!6;*wd(9^)9G$P~rHUx$C=3Np|o@(;JS`fc1^9cb3` zF99&`^DhA`ukbGcC@c7v0Fotdw*Zn6nFJ&jDJ_}oX^yKGLJDztGtL$dvNidbm4F>3 z&fA6w$rRA-lg~kG)?Rb*k2Gqp!+)7Gg>F6I`i)uLfcd#__Bj|5^H8v}9&cKycIFB%H6>D$ea zJIlQAgTNEUh(8MdlE#x7uzbn$ra1GhUW3!9=9B@y1-Dk>;4G>k`O%M5U^d(Y(^o)e ziP+hr+!*Y~rEKtXd z?f|4?@c0ddgf(0f|vzpP6oNXe$Ks?H&%MT>MkZ$aS zVBFIv7i}&>*!Y$e0wR$J5ZZm@WENO$3t&h~R<)%tWW-nz$J8-;-!BM(XywPEZ+9`A zj=eBp+7ySckR8-cR!KhjdK0PH419zADcw$$BL=moO!w@^TQy_T*jR)OJ!HR?*NsoP4wAEyBD=8j?UkrYjd=~8gX>Rp|C0y>JXt2at{ft`CRN(5q~0H^0JJs zrY2RyQ<{w?X7}QtwGVU@V!?^n+Cm>)yWx?z8qh}-qL1L^&|YD^p|I%gZYzo=7t zAC4moA(5#_NLI#~W#!6XCg!VY<}(^Kix?~ce#AziZByTJsO(FF{V)rc58I_Py7Md| zP)D0(Vg4l=*Li~1q*i!>*7R|pb-P)e-DbNj^pD6t&ID77_&@p*vNxRE-L90m8FEzx zd)%mr5-aNt?c?R#8n-p({V{vH9Dl7D7E?xr?yW_=aX}Z&l6{@g7nfbBv1eDKO7Pog zfT~=J-MF_0SIN28n`S?S9=Lc%pdeAWmFlC1;`q&EHVtEx8R#^Jaw)dv$UQbUSyrwG zmSVS@du`U-B4{xyFrNxmP;j@1zQKe{*st>^WC2pHXf0m05Z*&MhtHlRSC!$ko!Q%G zUjW~z6zw|KnOotMMpiiD?PeBYIh5@V7~-pw&>PddEV*TnfL8TWfNjPVcKRk{+5HPL zMPGJhhco*dX~|ylwM=`MoU<)B-VQXF*;TV1g6c zau~Pa`YgT)*XK&Pl^_i*{SB(ynkeKBa9~ffL(3NaFk9HO?1JqzJA9T*ARQ=7z%wr* zv40basMKyR5joJAV%7nT|2*VHD-sN85&s0?g~*t4C&tivx&qaAw!5?W6vx3I0Azz) zWeguSNUySFgmi(3U zc4R|`JT~uNi>{FKtL^cQewjAqC~*JCy;V>AL$hWFt;WA?@whie&8FNh+OjDs^DC&h zp1;Q)e?z}a_0`_|?Efe|mq00Fg+;-_G=%Ij8%iYIU!ljTezbIb$QN6JH8;30i(104 z7kky4sGUWljgXa#Uh)P`$ zf$QynDoR~WS+u@Pg|sHYSd!57>UOSkW&cQ{Gau?Zazh1)a81qrRW|-0YgK@Uy8;nV z7EHq;G$zjY*l4V@WLI&gM(DH{#mw22lJ`1*%*tdSXb=b4&TGIQF!}{4-g>JvuF0x2 zMJyg~i;dUPy8ZzG-GU+hkwD3HmMGyeug86UQ~}`8V~m z$KRBxPVBC?-5%Nouw32=6~&D6`dPB)Wd+w+eDlnZ>TQgR>Js%@*5l(|Ktrt$U$R5l zw%*N=E|7>U%wj{H&za1E-V=x%r!su)skd<%@9S|wG6g+l1)hoH5A0Hjbm@A498Cq- zewdSP4J^UVbCU}e@|^AYbx4DI#tRYNd1U@jWk+L=<>S#q#9{{ zX$UW(@BVa!Xg`CQ~Onn+Q5+w&;8Ia9rmk!)uD>rc|v%B2)dziL)MK5>XB-Ikl2gGi9>%FU2(cPgas; zF-2L-qH0tYThKf*q-qqsk~7C^MnTQ1PPT1&&iRMdy193&{)tD*zK4d81svWqGR5 z&DAH!N#b7NByl%tXoQUJj^w+1^9tmslY?;!6J=kLSfQz{??>!?#BnunNcWIq4Aca* zN^9OMBwK=+^Q}JjEPa#(b@%|141HOojaz^^8E8ckQXeuY9RkG`Lg#fkVtg6o=Hpx% zUsCk`O=<_Trb#l&PM29z&}UXPEx-q5!a1iubzFx4 zMnJj0=-XA9EZdZ?V0Xv!)OQ0Hr(XTIhyXX)jHiCsME<;W zr#3u(7kMa|nrZPgK+kicdT!n=w)4-R1{!kU>tu48WmTNA!#6#XAKKBEhJc`nW~4q7 zmgD1+CJzHhUo0*AG#NYQHQnb&NV3&Afoda$aIc?N1GN!`SW8^}1|v`o^f_gEK&MD^ z4M4=&@c@Oi48ud{aH$F<*xp;X;W~%UO(<<4ww1kEhzzbu<{iT*{&L`MbMC(~+> zN8#|sxl%}nESQ8>)d+(tLjYU*i>Z+CQ;zy$npLs})*+UaY}Gy+s&(Yaep?=X08HAf zr09WD7((h5I5Yo5ldy%lwS$2N4{QE1bY}VDDgu5DI-ih)7Jf+bZAA?`8{CV3k`*91 zH7m%%v-{#>2uNG;bJb(CZs>^?p(qD_2EHab(pIAnW;_iBHWsb#af62llr)&6NIbSW zhu>y$_?>y`m+k4yvuBq=8p?MFWn_~DY^mf8B(@2msCpV`Vu75UTp{gk7T`M2D}~+` z3FN$flyf4y;Cgow>;2+|xH-C0_$*8+?a$gZ8|dZu5QVGBT9-glsXACwhf=F$1Ro&3 z4aI0%<{NEBDmI_!+-aF`&~x^~SOHv3PX7fx`Q#l@^XgL!;f6itIe1C}Ey8$QgirhNB3wwG`)rx)FTg)>eAGf{8NbiuRd^n?8yA^@*#C}T zXC`E$f^DX(ZN|yiJylt9?q(<>26qOjX``#E z$&b>=y!Lqh-Rn`IvObHR7z<>(@~iBhJf1F+gX{-GRZj>l>*c~pH@ko@hhzfXtu|kW zeiqLGBkY@2?NCm`GLw!Z9JFfMAn3}e)T)n@&Zg1fE0BTI)-(zP?>$P}96;~!51bFn z*^M#)hWl_}LpX{QcJ;MmDF_+9$$+<}Wd^VHIZbN8;y8nMbOLM3S|P<}tMS2t`w-{2 z`VApno=D&WTNXj-k7`CoI>mwggE!=%jL8~bWY1*qIx8njOB;cn2R!fIIk5{{}`rt&RC{ z>~3v?rbXeA*V;Zr$mRvsG!lBMQ`av89R9`A{8lJ=FNAtSrGB)ti># zl1;3UeNHoC)~-H2k2?+GJVG8q)T?!@yvJ&Jd?vfmnM{m2lN0Wx{Y`-q;{!e5hPHfx zn;4vK`2wxwgHve3yyGb6RZMZTwulSFp4@vb?Fk`;2L{qs^wYQE=6KkOn_<&1uGC1& z7ZyWn8)8#xv7x?E4fP)wCaF@fjSOzXs)Sm>;+tdi?_%h^=y;Yy>?IJQsI>Z~&9eE- zmih{_yFdJ!Bo*)HC5nnd8NMaP&_%sVr=Gr6-||LNPpiEY^s<_tmvMuxfE3^81k#;8 zw=osNs>l)qYzW6IWd_9by zi#Hq!vxk?Cmnuf`elc9a=*tWyX>zv%zMcIZw?p4@MF-31Redzji+3TF<3RfR1`2Xx z0Y+-m3G(VjgV|{mgDKt;b5iPCJEu4H4HL)r4S>V*MB7#7Q`}5er>_kMIlY__L-938 zcO>(XD87T^qnCEUPibwYyzT8M8CN6svD+LjRZv3esbs@Moo} zzx=~En__SyZ!r_s7ESz|s+yL_IP5Jw9!!mgmbMx(*C7uM(A`ZqwujvRK#HYQ;05=? zq|)??hcpz(z67&3>ZBj3(a&n@2FA&C&I&K#!2bVp!GG`5pan0olq#(sFetIPPq@9k z{e<8B)_}bk1KR97t&HZMl&|Q;90j~K->d{Av;9j1yK+o@atW`N0K{{b5CL8|G*K#k znl85wuxsC_1W%~ZJqc@!r^=P&FPtma5`$W%9xkHFo<|ZICGU;ot?Q6f@{yrUl)V_C zs=tvO1p_1Fd!~>)Ebg{Qwk>oV$+4aTkD=2{WIcdApHBwCT5%q)Hb%(fpTmSP_UyA6 z03D-d9O~A#xS6YYv5|3|pTw6lMXmS#2f4AGkGHZu24hLs4BXIAy&C2@GqP4Lla^Ons|&$SucbJ6u&d2P~AFM^-@Zm!no zAif2w-Rq%h-F>!3j9`jRFx)ev7B6UO?buEi%XnK)UPhrM6!E!Al!oWa73328=QcKD zHTi7@^wAMf`S`_f2!`6~X6GaBpFf#=l6JtHD;6`$ibe^^9J47N7cUXL=OyF1rQkHn zYLiNmaOIL=G8nFfX*pOvsrV+;nYV>3ip>zX7Q+^|J|c7g5jZ!ptIc!^Fg|Lx;;_H? zbfC|Z4DQtRal-K6%SBDGItpjSClRX*V24FWs@-btB7sx(slyk=;FMhj7^-=M6J|aN z8PKDRA$+{L*x{e1iuWx{R!@g;wNxM|GAaH?A5Jf$;){R6Z)<%>kNxHAqSTbv_AC$e z>06`h_8f=yjwaaG@@oIDF zBXLNlgy`|cKgmJEZGc})6wkXM#9k!@7+}*Q#pt{X5UJ5k=P5`xxGxWs8(JsxbwPM_ zCR~oQd5wZeoZk8+`3jW8{@*%9fOLhd9BpR5fVnFhLL8Y4;0eXm^LugntW!EX9aB&I z6VfQ(4_w_%y`nDM7U&gc;kw3CU^XBF4f`5T8I)oULKlN3`$-Zkh~ zQMpp+jy-QFMWQ{>oepiY^Hv>o-mDnu6OPsQcI9iU@AHp1#@;{?Yj3cwyO3?G6ILtL z`$xrlLg~`726oMtX^>tompnn*$C&_W zwjlugc}PrKaadUTri4MUAA6dXBY7X-4s2XqAwgwOy?Aq6o zcQU4aq_!(Og?e-0d;#bFiNx0C z5%PfB-sJ8S{2o)W)F4WARZ>sG=EsO}51`k0-{;l3<7$j3UTGVGV&s7&8+eEDuvtAZ zk7-N%4$VVY^3z!mG~f`T0SPCedV&STMYUSSfLnVTf{QGkMG1}WX?6@tMIqqsejv_Z z7vzU})dNER?1nQG7TJMrM*nsyzuP@qO%9)&i4%dAQM=*+3fSYCXi<9h^PEm}oAg$k z%79?+oHEq!)(hi`4Hp4^8X9@U#?I5@tg89*XeChp=$Wd(-bN1Y_4Uj+Ltsavru|>| zVZ~WzRe&(?G$bzS6MjpKIftkg8@QXahk*V4#)?=EuH-dy#fd1Bdz%|$rr-`bl}2$D zZ*{X7i32sC{-6+a|Kdy$Z0!&7xGum50$R|DSEB2N*4L8+EZtkr)35MuoybVP71oRc zmi{)gyW09}TQ=uX!V7 zf9mFAnbBGxuos_WX%cF#HnMMMOnsGisCW$;lmPvyBnPhHrUF=Y*(+>t>}krBp00oj zc!RvRD~>qgC2d^d#bQAqXkve7~pt6Y|9WVKX;A*`!}Oa&try&j6!gRsF`$t{1e^5H~cMa2Mi8g z(R$wZv2YiYcduCC*Q98D0lrOP>g{0a!9Qe`r_SnCLkS{RiXtkBDc35kHD&g9k}>yOPa1)l5hRT7<2+%P}^dzNTZ* zuELgp>Pw!jS=#2IQ_KrL2;Ln90{BdTPC){FG<=$mP8V&wfVoEGu{N5NIs*A|Qxx z9TrW(_dZ$!CW*xY4Bsaf;DM&-1?ajjdI8wLR3HAeh@d@N#Nu?*lOqjQ*ob= zY?X>_3)vS1iOID=N!edeiaNA;cp+l^*C27YrB0HZFVwvT@Cs+2hJhQmvSXr!P%^i2 zVKwZ%6=RFpYSeA8sr9x5v->jHS5PZ^HTR6btE8AdI+MmpVZ5voNX$Zk&w+#sS$)o*)I;|{!8)wtvu%mw+Y}YD zYt*ff?etC0gmJ~e#RLQ2d?ch{kTridK?ZzsB*ffD?V=Gm^(c;stjC%ov>w&87Ie`c z!B7Ic9^Fo%CNDPe;1ODk9RTNE;F{@n2V!2SRG$I5Jg>geEEPY&X@O$i4q5rZs_YbN zyhC4O+)~_Y^-FxDRJLMZs=r*5d66w}gs07nBWdY1JmV8FGqwP-{Px~BL)7l=lf$x> zdmHeu)_H9Ss7TnLp1PloMa!7Ca6<-hR?i1u^7%EE(o9k~QTM&Z3aa^Et2_JS-Mf|c z2E%ZXWRacx&8&g{$V~I*0KwT^0B2~RDJxAe{s{NMl+=j6 zAPA*5s5H79po?K(E6{S>?(5>rA8k_AelR=ukc~D~tF(*09#v_RzvrPQ14O}91-!(} z8gvN1Pra8L9B5aXpo$sV^(8SBt%4i|l+o~o?Lj*Sa9nTo5;KBgJ2m<-9GY-V~22WEP^^ftyZ!fK(L!U zLjaS{jJ=bd!~qpwx_!<7t=xUuRcZB}W;?PV#kf=9j6Dz)}OYw^qg) z5XJbSg7rk3A$mpkuhpGQAyFZ%F&3A(`Z|1Rc=r#yI?+AY=DRMzrkH~x zb-&{1kILe+B;af1AlZ{^aGP6ZHM)V=OF?hTidpuQn}YFp!D!npo>M9FhUJtw{E0gc zWg5oir>}4tD~4ONgE$-S9@!7;Em*%b8h5*T zi`gv9Hhp%J&lo({mqMc<@@OnwWeXA--Pe~m+2OCl?@T7+mP-WpJ_woT{4zFh1MIe` zuh7@!ewzUPd0kMOCt{ua$6qeGGY0z>(Y1>POV50rqO-ZD;M4O6(vFiz$o_~aI3OCImZJLyYHq< z)UU24%U}1aftyL=bQG&^KA=Y-#2o-Az!;jg7fnh61E|#XCS(vV^~E9Ijcmm` zk@!2^0!;1ABxAm%hyx{BG*mbsH@-# z!}v^TO&pZ&0}zkf=RP1n-+iU$;RK_*k8fm_Vw}8LtM-Hv=VfA;&e}|aJwKt)VJt&| z5Fc3Volnf)00&uEKRx)Hp7tZDCd0>Whc9ubt+xS?XKm~L{4rj-UhPV#h9)nro1xls zw%)@28CCV6KGOxJT3qBLlmHk+D9{Tjr|_yo_xV6!sfT}U&um@=M{wEG=57`a<02F}i8v{Ek z0iJDd7g|FiZcv&Gs0`Aj;AP@{G^gIX&3&Hin+F>Y5RZ|>>XVWruaT^n7G;Lpa(@>5 zQrqTfNR*b%AdHu>?U%6N0c8$KKpdcu`bRZM2Ob|Gg4|@SL#XNr*y+A)z~$%PZAS6^@*2WDe*-017wn>=p9Z`pP!nnS$3$r!wrgJj%P5y0 zOqAnqGC?~iSB&35tfT8YlHdmL9;)3Ah_605$@MuBe-7V3B)K;H!f(dNeOsAa|52^{ zg}^mxgbl~ESLWV^Sj+dxj(9%x0A{sev%*)cMk=Q>*AX=9{7(? zRV=1=B0f%1@#{3=L@RXM`gq}Z*?k4{sP){>v_?a7_QPhh=1=_DpCd1#xL!A+$_e=u zzwKvUFZ{0kKBNT)(A^9hlO8)#En}Ufw*lW+)Ro2mlSL7a#ALc7OCIsnhwb4Qif)z~ns@?#w!WhHC zY)5JF6(|dshOS7aT1v@N@1U~}^z)N&6fZlQD#TMKk^0hHiSp1ZT@+ZzxG&;$ePFB3 zFH*=Q0+a!iK zM)32k#WO!4-aP=l5huI)w7x1RS_`oLFEG-(9Ez<@-F)G{9Qh|_KjF(7jv8$Db?B!i z{|B`a0FM2(MmQAmfK$X4Avp{HikC6IJF9uC*vZe3L8qcg=`B8IqnbXw0fTOvhFVOL zmk4>3#R{i(PJW0l+jE8<7XQ=6(^!(&O!eQ8mZJr3Ft+uUG)niM4+X`Xh!D@I5A-4B zc^gyhq>be(tkExw5(AHGAiv;}xb+x`WJ18!YZ=K`^R4Cmlosa*U`q5Qs2(OZaXAVU zFhZZL4udB<^5MR58kD`PB?SPr>f1A#ZVdJKv(YbMTJvcJXNU9lN9Ww!zuzE zVyw{a;2>N~7~$TyFQhqh|8$%1p=Js(OpDUc-@_JZ37Xh&A3)?moue=gRhPP{!YS|x zVElhlubGH~mr7f4{etf5FgT3;afyb#XwVrpbqEX}$e`?yoF9UwEcKPZ)qPJYvI!`h z2i)5c?v{3*f)fVTI+IsAlml{h12CHQ?60Mz?3VI?!x)gBEVpdLw(Uh{_%Rxd35&P! zDM00te9I<79(?A)A~iXsk^f%nPal9Qkv5xG0cppj-Ple?ar@x8-~uwQQ`CmOMsC;f!~W^f-n=B&jWCY83(W@8>xcx6q|+ z4~#}ziH*zKux=n_^-;$el6pJ@ke78f=C9lFP*lvZ*cT{Xo8a^OSEj))p7*GX%6`h= z;MWWwfw{5#MfCeWschGnVFf8jWPwBX}mm0ej{D%|=#Ap6Fd(Nl0Q_QIkT-fJ|l z+Y=(B$+dz@j+mVX`h3&Ceh`pCxLEcT=}n!hbEVyd$@#>4F+Aro%CE{Ji}$m{EB}8r zzgzY+n_t79ZO<<=dVaImJ8XDe|La=KpB(tlo(3)Y_nw;A-%EB!{|0{jd1~*z+E&{Gcw9jF@0GPNo>U`^_r+ja z<2^w2udQn%Kd}Mx&tl(i*>l$XjF0I&1dq1W|1rwn(PsX>Z)tvQ6WwII^40os*{VS`FlSPz6(WK&H>JH;|RbmtFuW8dH|5tpI z6}>-7 zkL|z*yH~;vtHam)IW4dGOO5~wHW58L?}KrDwks3sK>86tKoPPvy5_T@W+)Is`3U<} z@nzI zD((NG&!p28P6MlxBZio^gF&hc{Fb{ecz!c{;hWs3 zZN_!RW$m*Ag-5WLl7Fvm#{Yx*{2rpDl*x@ijrZKahuLSwYqSGCaX@$K)&!JpjY2Ib zS7+Y&O97sc0a3RlqU7QcGdkDqA4)a2d|aSA6|fob#q!M$(4W<< z-%wx2hC06o)CWJH_|X9S-t8exD63qxF;0JZ`E|Gc0BqY%kI3Z#^lz=l+Z)oB|B`6g zLD*@&-8abuqxQpwahMrww|_FdY8JmA0S!#PBIyrdq9b`9M3VjUyAT{$azolBHxnOt zBWYZhtP!|lBCAFasz&EV>O~I|FChDd>K0qjxN;YoP}fVv=LpZyGq&-9brQcP!EgU~ zdVrq^pUj!%>_>zuc~K4-9Os0?ZNbxBU>B!5ehqr!uc9l4-gVI9;61ZYf3QJImFwD&D6l zq*v(hUw-3GI061)lfKS0MBw`voU%1g(&3wGa`-Mr9w}XY=5}#k@eA6ydbqiR>W+9+ zWoW?ES^~nbf~MN#ri&+T-W{Zd5g#y#yL%2QO zTcu@~5da*33br@OfambO_K%4JDp#Hd2v)bugzoacMig)i1p+mzNo-XsleM{JU7z?R z2KB|2n3$o=qrlhd)o^JC6viIiaN7RV`njok3(Hp%S|kT#OSTftH`P-WhgXh&*uLY0 z+N|C||wo zD?;Gp7*Rcs^Dl?|?Jsnu{B+0RopD2pI%EfC%@fD&ts-&u(Nbv!p_$)5IRTRHN6h~hW>J5?N zC!goy7B2ppD1M13j^a19f24S|DBg*SE24P3D2^HuYW;2D;?IlXzip@D_le@)@&&mb zWm{@hr1-s}_-9-^Ulf0nfBxo56%W8D_YXY2J!*NE+{P*a@3VCgFXBv*SSb=|sV0fU zT9HT#GD;+#5{WeJi$r3&rbQ;#O(b3<5@`wvB2gwgy^OK1bu|R83;UN2v--X`jDeTw zX)wA?x}ZS6{reHv$q~9BtA+faRsM!>fXXR5Ey|=*-Jm+l`BYa2{$>BZQptY7O#!~y1|#>KIgCue za!!&kX+9@i&q)I@X&NWp$VmoFx{i}>=A@siA!!69u{9i9@4)>OVz>48;hWW+JTFz9 zIF+qXCSt0CQ$y+qk&3Fi!7Dh`pk|BIY)s8M8;L*e7lPWntqjEGS}pv55{uGWYeYB8 zXa|khF0boscAMPrl0P)K42U&GU%Ku&5i1 zD7l(2d(Vd`2rg!S_MZmG?!ejcoPB0iIQtpO&gASfRh0cpBzrDo1G#N>lHVYI#-CN0 zoOMjS^%VBolWQL4nr}pEUX4#Fo}mW!5FFg%OK=Q}FTk!A48N_WT8tu zeIp+=8}Yd(?Vc)=E$1(xPmB_UX&Vu9RUu8q#JhuRIhJCxcbq0bzT8r33TMp24EZ#J zGpZF+B}?JLekR~on%tRz6?~p3cqOJI^<3}TU^i}YDAQEgH%6TI)O%rB)X(>lELZlC zGXo<_wUPV5K!COC_n&c`gBf-o63p&Y^{%yez=?Xkl%$EL)S?Y!q}`8r;C<@sF9i>b z{;q;!bF`qDJuSgkbEE4RB076NoswIs_>>&^i7@EqN&+Eu|4(fln%3i$MZteN0G2Tb zGr+$9u;kDzuQfsHQ0nUxruK-!z^w#4Zxt4tsIe^^QmYStL3B`WviOC8tCa+$Wi!K2 zI_Xs+d(`n?2u2d!hE+1vbm7lbeArL%oehdRA$V0w{!$HnNE{^If6%D<{N^x`)U-i} zT{^~xMQ!cAz@6H{6>Nc2bjJ+i8H`nTzJjlg>HR!cCA;55Z7<(o1VJu)C0-m?L*t&N zEZ04rCX?h{h2k)2O+r8T$I;Jdk=9uI#aZw>9{#z4#6u71g|3bIwX z4XH8os1oHSgnRi8kfAyn#^G}(1O{-h^n`xX%ganwX>A#^)9Qd%h%`f<`Mrt|7J+`7 zm5Ga#S*DjsXjbNzm&0Z9^)gA#%B+u+8KIXkH7oOMq)ZRJOuJ@fW=G1LEEi=uG%GVU zQsx`IOvh$r25}i!D)0JE2K7C?oVoe@BW*3y%XDf!|Cb{3*UO|gpMRvx2)#^~=JSt~ z>7kd&Y(D=;nUiIrO!wyVkCgdFFVnO6{3B&P)XVg4Rwn5shM&W17mZ}*W&o?BFLLs( zM&h|!V;iFI{}WpY|L={#|IOleqU|9{w07$1D`Y}n13bg^=Qn8<|JXC0h9+srX@0~m z{)cRIj#Es{Cof}T*q?<^BFooVE;@w){G?^uSYf$FoqP!wDisMrtDsK3>;lesRX9>f zFC{E90r_-yX*7O7{=7?Rh|#%0e`&|~(L>N?8QSyN(6x=a`zmrxU}N@l^IB5O+5|U3 z$rf0<*Y~hiMh;&KSkVdoYcq(7Zr%{@&0>?2YhcFndcRi4vES4Yq3ICmxtE0_rdli{Nxll_YP_+O;2 zMw?jD;!x(BtUl*d@()G9Caz(f@@&~xAf*24vd==AaOJf)4VoHJ!Bf5XdmQmu6=Yh8 zZGb^Gwn-(gaxitHtDA*%D)8zoB|jax)pMi(ewAkN&)IWXeTeL2t39>JADaf2!#b^L zkgOq;ca_72?y2Doy@q96uny|4PW;QxyRWk;wH8lVvZY*&7kY$)$I?uPpmTYcRT&Wn0Lc(&6v*Rt4FpJmob0h&Cz~vV;u| zEk6+N-L_zKaGJ%_Fv2we{$1?8ncdq4dt1msWw48doW}+`T1Yn($VO6?wba*GO=ZOu z?re*{!#3}>`F$}!60w-JmO2uF=g}92zhEyNRx~(P-@X(bG)_wb`WR1q=u(acc%g7+ zRFW%jE%_KuGPu)4#^NgpW9|re*>me&^~+1y=AX!5NI=gAsx0c?F5DhKW)I6}8ts>* zX$#OrUrDc5&p8n^;cHL49F&v(WhUZQ~{s7-zCPl`F{zz1H2)B=S2aHd{ z@lnRFSBUZbZV=<^b!n3xZeUb+e5*zMO$HvH<#SV0nQMTwrp)rW);vCQ(^eSo*F4^M zG7U|g`X!ur&sU623edb>NTvO$Uw(nGZwsk+eI;}`71mXqMCjVYTcmz(r&DyN-PaLd zQGJeoUT-HolT&y>sh@J%2uwo`X%7FsnAC-J-FY)%pc?2@-3;ih6|e6&hT#6Q;#&&N zTgCyLDlDc7j^VT!V>o>ydE1k3!ZZMCqpOq6yN7K|WZ%s&(qDq@WuM)I7P-EM;F{=+ z`76t9x!Wz$tD7yR9g>&dKiOR{+Jg;|)?8~YJdkYpf^3ApImFW1-DLX@=e-7Sfx7t5 z!PteSsFh`w+`ZDP z6{ZU6%stVrG&m`&<(je7<3{fBFsVQ(+thB*i?R<&S?a%+^OLM5SF+|y3MMG~U>#T5 zjpfu8l>9_f|AMk%@l$jJnil+VtPeL*8+bQ?<7FeMQf60-~$H zb@pNo*LYVH@adhQ3v8Sj@?Smxo;Zv0l`VUVRdSTeJ{f@OIuqI@{uV?g-zwQ^$;V{{ zYMo7is%oeIGWY0+C%>=ha5jT|_;xJL#^5*n6dnA4*>Hb9VhKrq;p7K`JTxKJSP;*| zszxRrV_5a`IJzk}dAGSfAh+|sk>iM&s>3(KMB21_*r~Pp*axhdP$7OV`~csRkzjcY zofTPq1?kTGlUAh;E+lK;5E_wd)r##;yMGKS)PIC;X@EiY278s)#zRBO0@2W=A0T)j zY}6ZdGmH@*5Im6O1=1(61gA38!}6(z)vSY&T<95W_y#^b*-_OF9pS7CadNU!2B#xeL4 zX!Q1l_a`1T%KkiU_Avn!fZ_J4DWabhBozAD;<>t?!8iGkRD1>r-7=e3Thw(0@YacC zS2+?5c*B?3bF18cp~Rq@_iL9 ziJ{V_L7NkRaRaa^Kwqlri9zJ@yOG}GFC^zwR{;WQ6bNYch2$0QqVpO1qzON5n%a}g zats$qWVfS>l1wG24PY|T;K;f=6N)FxwqSeStpto>rgRMMiW;x-yOm;hAnf&TMlXy8 zf;46HRq5^A?d@8*11QqJEK0cz*yi%nK#^{?_~#Hs8lgwa7In8N6-rg%)wuw?HvdS> zFTDCH&GlO_$wtQB^k{C&EidSVL&hR{%EG^GK#Jzslme=XH@*53x`833lWk6>5GyXZn3S{rS%<3tZzRrJxu%K<= z&Sv_j6FzC>J*F9dJcA=#DLXi}shqo8db-?HPIyZ49@700?c>OUB!S|(VK5=4#`tKVdG4DFMIgY8n{S%4c9jouBu6~0^sDioTv8FU!xt8K^ z9#h|<%C3og#o*>%a1d8)K_~GTGL4&9_+>Chpk@MrBr3JImxjLo8`Kd{$~Q3~w*pRr zt_LP!SK&!Sk?Wzn}%8}A#H zcI7)Vm)otr@Op@@*hO7rrOuI3=ROx`xNT}@fP=uaMDhrej4*+*579weV0e@eHiw~^UPU?<5|0kU)UsPgL}cC1&fe*JxeX89s)f?r&=;0m&I zokyhnqWLoMKH0Q!qwfcdm4}0qmE&5*y~(`|N;%=f1av+$Zw5+^?#bD&>J^TkPx zJPNyB2+`liUJys}XF}~{Q#|B92rOFwnT8~PBJm9~_Xhh4|C!THShOujt76eqE-LvC zGTDsWbhrP6m+O`98Z=m=%V-)i<9Ur>hS_vprpGRjJqdKb%R(_RY+&)Kl< zR=5LHZDmMj%ps0p1&6kFLNznV6 z=akWXBT4~+*Tv93PIP^=hy2e9P6|D`K~s|V3u2#1dN~@Ei{Fp@z5<^}pZ2Apkl|fn zV2F-12}i$b6j<(AQl6b}BKJxPDQHT7Ne-!N#U(h2fc$oO;ltxO*07k6vf-8JC zYv8H?zWOSozo=%1Wmtj^3*HyV&Pg{ZANYT&-W1QCP0+;$G!qzoCgM;&XMby|5tn@# z(u99G=q1BQ=qZhg!%u7+5B$*m5cCn3{sXaK1sg&o&S z1a?!)Ask4-AtYO~Trh;>vkqZvxE8ho*I+(S7iuju;2Y{2WiJ0C-cy^L4KQ@v7e{ON zDT5>~9v{G4+FZP;S6{ykOm%)13wzQc6BWW{!yy~KMxx4U;QuB zJ3sP}y-xBOFcOwIv#p_iP6)5ewc!6W%p%kOb(q1+!egw{$LN9DR^O$tx|Z_8xV)C^ zN|Y@$FLx`J^I!Hahc~a&sV()zy+~@g6Rp`NBi6btALRZAzlK&r{?wC4(O>CPd}_}l z<%(nKk{1{ajY}XR#^JyG;A*7EG4Sd%bI=v>F?y&q1bAsF&`(o=RI-%U0xybTRD9FS zMC3aa)d?LOIEd&R+InU?zYt>A z1u|L)TmseAgpsJU2BR~%?kDq3f5v++bTX)aS}5Ade38~3%kHH#xPR#2QTmy;A-#;! zW#6#ZrQUFfT>=BzfDADq71kn5eE)5J5C|^h_bSqSCafe1%!dNO-eGw_iw5o!4M4|c zbu7$PR;rMWhda>wH4wd zmWE`Ezx-GVx4O|t9>T_r8UFsAZ4j7A5&B*+vppon6V_J6lyZ@6K;wG=gBp5(a~ zBXnusDub5@nkC_1E}2T&X5N z3X0H;C+zuKq&1f%kE~3%(jX+B_Esm^QP#oyRV2pT!&Od|hO}2QNE`%BMcniS| zsTEJt#gcaixd{%LUG3oC1YqkC+2?;H8ygUEbM`p!-Rbk<6rgPi_5xVEXrzE2G2jek z%G9)4*1WtDZKS>t`lEUY)$@xmOnX%rDCn-laK0#+=D6%6on9NJq-dCd`;GdLaBYp> z(xO<6haLHc?HEJy04-MF8(zRuP{mj&=U2kEz<7gn+}$6^Y`<`;6+IX_4Y}2lcMai` zY8f>;++}#$Y_thDHR6<9GZJ&s(-`9(Aqt_Or9>nw3=}PFRnyK=igC<>nXTox1WtPO zQ*vlzLhp^R{0`Jc_NQ)q8KCd!&(H#7nmO=P8?C_<;G)#eC@8+(*%NmyKrCb~0jRh4!`of%)}$5%++KySf9ff?kDYkp-svDGGhl zmF(G2UGtcF=Tp39s8DZ})&}wIJ7Wbo_=a=zl;C5Te>;YJ?1ZO6x{qgA&$3ixZB97+ zsdKHV1~q+dgJ$t1p?J{&*LtblH^oE-stv&U0a~}idew@+C2NT-iYL;cmPv;)ZuP`# zFpF*O1})%1f(Gypw&U=%k8Vm`DcX6^s3YLzc`$^&$in-sHE}`9N1FPeC^$M?a3qd3 z1XpsPGj_0ca)MP_Gc(z9I?k2mIc;=ja;;1cZ4-<$BeqjHkh*uf$R13USiWcARCpIbrE!!&8m&gA5W9gzZhz#86oLP>Uw_>KLN!Odh zG#jAb&s?x5$Ij@i0?31E!^uZ7dH zF|8KU{Nc1dnD!N>Ex_xCRBEiGJ~QJi_C77+4Oo1+Ic0ERmh2~C!Va{H0>1io@c zOV^lYmX>WK%kFx*Su>0gN_!KNuz!R}SfVh=gF;B%c;+9?qUU{`p0tD6n~$5v-VTHS7pYPG`1A@C-njsU<75?+p1Q9U?uwuQ~JQs*>io}qCI zui{83;w%!gSyt=P{fm{QW1&aPMVfIyK$> zp@@w`bexQq`mC>!|A!C$mpy~-d2XBQ9Pb`i3QD%Rp<6lGmxE&4!JgqpH{is%CV&Q4 z&Nfu<%=iG$>i7?YPnuYZML2R!yeYo|oaDuFlU9?)Ct}9;*lQN#bVjq|DNAvS#C=o7 zntSXx6J^V=@Jh&z_QpRN*I+a~c7-x5=-vi)WZF-x{7T^Xjp`a*u6OJx*8Ri{) zn-!Esl2nx}3x9o-q~e!2`A|vff71~|Tny}hN&OFfFJ`-1yK)9v8=A8%AhF9YV4GfL z+v!{0rwj1KS6IvM+V^pCFxJ5De02qWrssPl-l5!wC-xK+1bXFMu6CEGmX6i7p((tq z4CaX1Z-)IDNBckZ<;uQGe5gY<17msKFAG^@KAQBxEKo4&y3yAKQCt`A9`{02??FSK zIp`r!_N4@;i0~h-JM3%~f3uw=OV`oj_)=80GpSY$(A}PjF5K^;)0Saqy_uK*`v}bS z^4)mhk1_G%Ho9IPZxXcv|LIH`V0*8o3bVMvWT^1fS^RP1OnTF!MGDztpsE~E!~9Iq zJK7jyityeX^Mc;0?|}_rk0pPSZpBWY5drL1^0N&5!Z?zhjy0(}A7$;8;Y3vHI^96W zQSL{N;-e#e5}7uDq7j@@*F8!!8l`JhnDREH_&Vn72WCW83Jk76Xjebk$dNo8%2CoV za1W4)PR&9ZDL7F0TgAybeA%*Zfr*t|f5f_<({tZcsC!sMj<=P1tKfAa%kzRh!;1kFZGa2)R)V?rPGN2yve~n+Pzi(M0 zE^hi0MZbdqCNo|D%-}dS6;fX=VSwqQCtQsf3_m<296#c*3*tDkUKp4TVLpOMVTlmK zTx+uU7aJkvff9Pa_9c-AexpN~W>5-FxGqFS?@{)+YqBei7C;k}T~O=JM(=zM-w;|z z#ij-a@K?!ks(*;2gGM&JL<`7oMA}Y% zZpWHsoTRKI$aaUE1Yv`oY7i=>Qt{h*;p1w4R{|ObLD+MwO2rVCI|m^Q_$^@9mqZ)| zoYO@Z%{^d@xXC%CUQ3<2+5_#6F_Y1(jmiE?u?<)dnO*|dlZdh7mcx9{45G;m!RQUL zBAfV533lV9l1=L89dU8znj94Tfu1v9@z7(5>fPpZpMYx+PHYGAgeW{a(<^(%1<%9P za?@KHZ8}Wzf+hO?FV!^^9_xT7;?n5AtgY~`quv0LWUT;@Fx*2!S1o1l82CMQDW9F5 zcy_u*pPkD(3W4(CX?Q99dy0a|1}FWGUcY{w*mgtkV!coN)kY=#u&sQZH8l!T#YtQH z1ja*Z)dDZtzt!{q`+Z-3wcge0`+k7ko=L^O5QZYwyN8$A$Sr#03RV^E2g!^;`yvAU zfMzz|Tof?G|GXe+2=8yAYtjIZWEd32Oq|GADA}~fdql_>kbHg3vz|I@+(}l zV1h7n{%^6~YZcs=Ls2_Y;OnQU;`}NOYpZ(c=VIXs;-+GD1z~CS$Um?xd&U;;`x(Xm z|Ge+>ed$EJ{)2emU+>`s4suv9dgNE7;-E416@NE}cX8cKE}GpOtF$}1FjZ&pk5qoB zr%ehzLN9Y~8C$%d>+kCLzP4YyuWkCH7xB?93bwul>knnm48uG^CQznVm? z$Uy;x9+*Wp33p6-s+X}pQ;c9+C-iY#*>Hvg^yAizg{@0rDnqe_a`p)Kr|yiPC1;Ob zP$ar8qPlf#LGv9}&xPte^y+m%GagU9i9M(`5%#OtpiWuB8~+uFw*(5O9IMFrL?}nh zvinBQB2+dBZzLbld@1O~r8q7=DzL&;@WW?71z~HgP5A?N$O;|jiKk0t%KZ*y?tENb zhcEH&!@Uf&#LX{B^eYWDlLg4Ywp+ta93ue9^4S6dd-8s=h(_$co@GOD23Hk@H>dyS zqeAsH`GluwEIlV3?s{3 z=AMA7hAI(Wq!I(|$QgbCztTU~YV-QUL?563Mtyh@$O6+Sx^ICYP@xa;`u{P+xm>;Y zqGm%R7a)xo*6oi#r!&zEa-067(a%=cWqIo5PXZZG_`G0g{TXAPfL@NgjBhd2 zc%MZ=V%#+@EHOTR5s{GMZSUEqpvJ%faRy~G>mi{V6-3IASAcmPAdk@_uE7cR@Q1-` z0e3lkv&^h5b3P1PO5?cXU zfR*e2#$}M#3o7p(_E}h&FofWxLj7;|I6~qMV-OR5RA26n&bv?{RK0H9VJ#efFfGo& zAze(glE>9U2?oLTEIL2X4Haf}{*07AL+Vq#_!0D9rjywI?{5cLBVn91e4%~yZ$7aH zIApq@uiR?jY6_j5I`46u*K-1Dt|l6Fvl{4ZgukO0$++RFMPDkqJGGuyLN9^8qxEOB z)@Za7D06+C5T~SeWp%_fl54bM4Lk2ry3gwax5dP}tZ)A6f{nfXe5{L+z_*5&I)NYC zc=RD>!~YoC>;Qc>2Ya-U`MT&m`+0iVsf&Htkv*_>z40L%F~D>DRN>F)x16OiTV9B) zP_uU56z%R_*;>1GOQ79K=rTC^Y>!n>ujHOvckrT<*AJ{D*A-ot3;W*}*a%J?E%d2} zlZv-|mY8K{_21&~r&c|V&&lPw{|b83@m+5cIl{q2SHy?x-tU>RDB2RbX+!q6M=G9T z6gspR>&n65b~DZ|Cg&CL=cgLf*KTXjd}yOn+?7FzSmO(gf^S)}fH7Yeqwr>NDA;HE z3OspxKSvFPEmZ2Z1>&LSsNi?-rRVMi%myRx>O$QYdV~cC#3vnC*1Nk1XLT$h+$u-h zM}%Oh*`dYlgJ6tjZf($lzNq&sJ3kR}JAJqv*FsW{47af%+(r*oks16G{`70|7b7wQDes25ln2gx@sr)B#pJM8o0E+`QFq%p9Wug&`4AI<#_ z=PpP2ZI7qg^6%S?@^?JfdOk+`0djGE(&WI51r1tGSycRq2tQ%8~5o1`KOK+8bLP^5fzKM0}rWuWFWj zvl{5~2W0|bG>W$8R?W_8J@y5fXaw`2c)b1OuMXXn!8xrt;Qv*Ze>@q|4fzL0J-9f% zhZbyXy%W9W6sQ@jY}3CspBE842VV{Muz7hjZE-_;#`A<#UYq_m$n%o z{vd8z5!)1@;hF4bg|PJ}&XB!rr+;y!(Z7Q0D%oG4iFgPs;{CTC*W2|lgX<9Y1bg{m zleEUB*;6Vh-o*)C=NgA{X|olJ9mN4L^Sho1#U9nOE%233-~yA4S=9X}Vwpv)j%y~b z%=~Gkcxc;?OrTZ4z``SOzIEi>^cY=X6>9lEfMoU*J(55x_jHAfwwxjLUZACv%KtU~ zH&%%8%dtM7THMbuJy zC{FbMNS3m$A$0!p(R&01$&+m5!R(x}VE@*3OkW=F;}KW3}C7lhZR z;m$VJ$GbmjdG>RV;^^gB(IEUMwpjliC>-?eL1!PSam#?9``s7ucZl9gJ;11xyekyO zOMMOOQRA8N@&hK%wm4;M0@))hY9Pxeznl!2_UiJ6cu#pEzNh7OTqp(4Ba2A>SbIx@G3 zd>UV}lpo~}KCZ=tTWa+_NAQ?zS8C8uVg3y)Ei|crR5j8F&n;R+tLyG8E9L81WL2qV z7dME2N(0+Cr}v0mf7~C^nmxgts;PCgq!JBD7lh3{-&LmH*1fL06CAMU^ z@{*`gasfKR#cwiXC}#2OjPs0$lO99s49k}s$hIKKs{CWw_?@NKw~P<1zzs_uR^pv) zRRY=Ny8}k(G4a0gpRGpK-IvSCCu+E&Do>Qsy(A^JR@TMzR4xjXadifpG5c8 zLL$8B85)Q?8~W3DraWgq`Qx?}m%H;VKvjCGP5m_#dWG7#$HGpmLYg}jI9-Q-nugIA z3;EThL7ntBT|TZUx__2`=(6fjSfCl)_Vq?l?2f-N+5I*8RmP`vAQ+cVX+-j7FNy+| z;5SS}eIBL(;9j()FsuW}u0s6IRqCIAabJ(%FMuYM2&gNdY1E8!s*v@jrG9jxQIE|s zu@1xMXw~y)xaQfF-FDA`Cd)@g*tmAGr>x2DDQ|M!2^7l>M%3=;X|&XTV>4{FNo&xh z!)9v<##)kK#KCUBd%<$K%vmY}a(zH@OZMxz}V~WLUYquyVEP!e5#6 zL^GsXx#%?0o0^o7QBrD8>nUMqx=%MoN^}D z2F`7wcx64A$ZY0MN~akF!x3@PhC-j82*kf(bpyndo#AYKQwZ0^(nqy$*hawKe+18H z;ecnTKZ%K*jxkA!TJT7MCfk%IOIcI0wZx6_+|^I85~6}7NVZvrxRWLC$D+ZdkVlg7 zeX36so1J7S9Im+49*S-CYjKpBBLJ(;q7b>Y<=fvm&;QNn}NU&20`Y>kEmX%uhDMFk-WE%hSY zu&WlM|DR%3uX$AO$5yN@m{*lY7Yy7$b~+NWUD;#z9Bi_DY|PPu9j33a)1jzna^;Mc z*4$>)M&hBU|Hf+A0cTQ=g&qWRw`;6Uh0pGCVk-^&KqH<9{p-VHnFO=@8=WsCY)% zizpt^ytd*QrBMFkLu`Q3YUP{yJ%tC8nKn>%TfRAL+0;aelU3zG zG(oaS*1E#!<~mk(%Gj>xlVvUAnKoZf zpve%w{e|pej$G74NR}SW{iBUUh#}46tzVSwTVT$suQItWasZD&@p_cHG13}GoM!WG zbN8|MXKCnjaIq@;+Ep42fD-7%T-ogTBRM!RN3&p*c$roWKI7cOHn9hc@&xxKo8tM? z1J@sM5#(|Z5M&)LJK3<#TMWnTVQg>mV#bp9qE3yh zj5pyOYE{CNleEUEc^XW!ABq4NkmSu{ks^$BUP9We!G5g~=qp8`zl(rCXARBM4@39= z_0T<_5;0UXQQQOM_{Hjz&9EJHmXvK4&o+})k*8dR|NT{m!(m-x7>nc<2MD>4ON&BLT*%q<1^cq`=LEBeLHy1Qjhcw9 z3{2vEuO8N-8j0YeII?kVg@61W`DAP^_xPLt_i*tjDVzvY3Mpr?$xtcUi0lAI=rQhwnNZ3UkBJLb+D`i-zN)$i6sM zxWKr>6B^iwEPznuRA8w#;VX_Ol;pY>pK3m(q?M#Hn&7$#lU7ku5|xT~Tj_-nqoAy& z=~uy_o3hu){zY%+@j4MvWUKVfNBTnnR-(BX>0PCF5T95Ei8>Wf$4c6n09)v4)JSpd zqkM<9cJklW>AwPG&4at3;o$aGn4%>{Uz~&`XtK$*w#$FeN+RfQ?o|4%c>4v zj$)M26xiUd+U1z0Qh=7<6|)Jmp)kEtKN zcv$=2LA6r~bWAb0g?ska@Wmk9cu)Cwy;UHUE;Xk@t4LXtQm~H!M0_vOQ5Atd)J#-o zj>G^rW6kOfe#E3>Gu7a4_z*aDAV07y8f<`4Cto-mg@FR_t2O#-!F-Arxu7lj>t@P7 zUCb{YBvVjqCSjf_la-FfvhX%^RR6?mzK}`!(dzvW)|Q91-5v0d`{XS3 zc_q(m!aI!H+ejeB9kymAFCQD73xRXs6A21uQ9!##q;K6ayZ~)YQOuCyP2P? z#BUOUJJkZk!&L8Cd)3ze=U6aTIbpL0I?bwSy>dU_y?vdY2Ex>e_MbW&CC zKr!~_y5h~?b)$gOTmW2k@Ib!r+W|R*=3}vsAnjUWs@v!5mwN2_ob5ckx8SVj;kJkW z59cA4zS#jQ{O>%H3v9IOVsY0wxD1N~4M0xbz589)%D(pMy4^@m4Gj*DVtUMx$+>aj z-CNIFEG9mE9!Vn>&tuW`c?&eb*0zYK(Te>Zx*Lh(sH&(BFdT(nbWfou`=xUlG~Giu zT-+DR$*dW0z@Ue*V$X3d-)<_HX2bD^~ zY@a!&9_?JqK5S&FUXjh}KAkKoX*4s7f{Etf~4WcdMgqnDRs@=(fS5Ds9K+d<0 z-iZ%EYW2=W%~q_rp9pLA!s=xTC&04brm?OFbUl#i2PZ`%wH$3kdfFkanMeaI`o2-K z`y3c<5tcjuFfaF}R9)4xiCV_kb3i)up+dtCYr=NIofh~-_jYt#S207`GQL@&ZrN`& z)LQ|L&8&wT&(tl%p};xci{0@HwKa9s&PF1yOk%nQp6Q_jjUYx1lzO0Fqc76;0;tYAb&2w%ZUHYZ_tK43pi+De(RfpetH5Osg{Ls{Xbz^ zFtX7~2>0!ZIU$l)s(*dWL!NjC@01h%2I_^0Fgb6>;>&QVv}_jX>8e2AC^28Fx|{f@ z;ZHp_8|{l9j64kX7cQAgzirf38znF5QbV~X=0LeO9@H%hrQ!*YUX@JG48Fw}Z$Nsw z%qcWh$mmt_?uH`k5NoI}_CRwO4ug3Pxp*F%2TN%E4R>0&1nZ6+`yMothB`WUvwI2< z;hc)2Pdvm&;ZxmpdxP*UFBO~6=krELpkJp%DCsawi~B^@lI7|;m<}Haa(_gVEMO&g z#a4&oQK!SQS^zlxW0EbNs*b2WZVy??wRlJ|%K0@cIxAZtxP<4(6v+woE6~9{`gech z-A2ut3y>L-yo=+6o+L_}-7oG@!cNi_DW4vy+G zE4t4s^*&#*VxLa4+CQj;Ln7OeN=E{~HB9~M2t~~{QxEgw=$UG;%?Er7EL>iYpSC7a zx)XzqpE)92hsN<6)0a~k$Q0)DDSV_p*ewp-mAd=BW2&;J5#M^s=*BC{6z)LKAt!r4 zR;yEZYu2&xlR6(7AvmIzmKr(s1q|rJ8H7;1bLjnZT$b9j54C{M5aL8Fg*A6||z%o&NHOo7Xyka_g!)@hta z9)xSGN%S{%cOxy=-+Vhio+-c;QJem}GTIctXT=SqD~g&{9M>$^kv%^K7c>(D#9Rug z&|C0sD8>T_UXrs7z#-TTx0hV~cZQ$%BWD}=y{2z_evMi@Qa==}H~iTHAyWGL={DZr zZ{cq%(^mEp{&|4Nn;8$Xnx{OAOnaYrfT^9_S&@hOSS3%MS>Rz}JZb*uN^rwNIFl!7 z2ZFw{$4e3KTWBw}EiCcr#%h~t)+R)Y=rCE(crKv)M!AUc+cJVF>8k)peFkLkeb-WG z$(z*$_4*}*LD5kbq|V)f`{>TYJ$<(dkpIx=D}8@!SMQve00-$r8|CZ|v}X-bhi?&T zl&jOB4f2fm58X|p7!7WsA4p#ybusd70jt#pp_Wtuqf&2$p;%bAKJV5B&4#Ufz^!CP znHn(B;*-tF_Oc`K_2tRZGvzRV;_Yq+^6!z$Jh{bX9#ZH1L3ispvbX|IR?zQGaI@oM zy*dxazzPef%`3xfY_RULg6Fk%G77|s+;Kk&W7S7*X=o<98i@Pk&v<7xt1hQJ&e%w=A-+YvO2Ntyn8>2A$_BOLoO(2jb%*_0$&p!nB?gcZ1 zc6>)9eSKq13fsG|-Af3eR$UD%s#N+%CwnS8qM}Y+c~d+-bm&)z>CwYv5`oQpW)K#s zM^Fp*@7Ei(+&anoir7k#d~&R~Kc)p#^KQXhll8ia4>MQ@6XB{Wd#&f(+Yt0t=>__+`Xd?JjTl!~% z!(en7%FKOsv-)_wP9zbBzT%!t-M;+aTTsakrZm=4x&SA1LF+W)DAD!h*mX`$y`^-1 znThVxEFQLy&~k);1>F4I=0kh<(p+?C-;Sd@@X=L$-W)susvkoa6CnwW&b!c zO1QtQqaAl&6wI*$$G>wOAB+n~Dq1dk%FRL){xlbKwZmpc;q&frUdW({_asMaeHPcw zARnQK4u-qP{4< z=Q1xUkw9VNmBE~|Px9mG7`h~wDl1*}K`Q_789lCAuWIB2)l46>6@RHa9X|KeDBX8q zhd{AX$<$dXCrQ{3>aW-6p$!3~asV^AZVYx%8pdW$zyoXztUndsb-&TCyX#At> zVsE1P9)4at7atGj{)UK%R`^P}YP5+d&3Pu8b8u{wu&RAa%(?C^z&(S`Ugnv*SQwEC zz4Ad7P|zYC$U`RKB6D^kjPfrVGPWJn%YW0NUI?m|gx8??{Br6&r{dh#qCXIery<^b zt-AekO%uwJfLberzT{nrc(u5r&u#mba+Y86Ls2-AKn*ylYLO7=lc>A>J*)pyV?;v` z-N;-_1|B<hEJno!pEsS} z|Kc3Vm-t-oo?ulzHxMfo0yx2^qxJ1||E+t@5bG)XpTQF9Q+ecI{2@$JD%4^t0+81P zS-$xR!D;$ zwPU&{5T&YXunU?c-qq*nn-aD986!fPSowCN*oQ{D-1!Lwc?vB4&~=C))V_;_q+uvo zz72*ftU|V373!yX?CE8SF(w{F%&`CbhX-^e42Z0p|4T9=f)#S~NU%phde=xY-36#z z3zekDTo~YJcY(D+B&t@DoVrm=HNz)FIo1{ zVN{IdvR<(WtoeG5CiOWRe4yJ(tt$BQ*}J(Fx`CxCKi(l~?Jy&5*BRg|wHU+JR_gcQ z`b913SL{54@gdZQ3l3|6e{>OGYyL7))Ef&9(=#rhWsL8w-k2APLdQc24r?v-*Uq8T zR(UC_VoM;ks$ql+zL(a-6$7YTOxo_d9LhgeU*$^E<8zjw1m|DEc5{q&^^u-W7t=4{K5jUYjfeDHw^urT1)9zW=&ujpK8hWMpn8OGkbqrn~#f8B$m5 zNw&COCi`1bD^o(+JBGmqgG<7nYw2em{50Xu($gn3yT7=ff$mUS8Gf7i`y;#G+HVF% z<->OcfbL%R!8n0x9Kt#s^$vf5+2Nn5>ig;Y2#qm{n&P1|>GAROt(nnCV<|!Z=ZNwB z%MC|0t*GG`1-Bk_KI&?A@X5w~!?goApp!|YiA00zak>eqRkI<=oak&V8ZJvgo>bhYJN|wMe!Fst8qkZF)LVk>(ArgWwV+z4hcXa^ue6^=xlD`68@dDM=kBnS8bLkQN5AnoWMSAO6Uz%1ft{1J!g>(ZH5oTsJ>~ z2k~_V*UYObtPv|6*pk6zMo<}7XN%_xZoo|-JSo(q#ei&4DUSCe9bmn0i}7t5ltL3b z*&qA30ngi`GQ9;Y!DugXQN;|zxrK8Ph2h}Wlwf*ENlCnT3pwTRdspKWK2BF(yN5^o zj^0{qGqT^0CDrwxvHt3k{(2kgNm28`{xJ*uv4GUjy-ZMF$u(3tK13*W2-c~GwWum0 z&`U$3DzOq$aRX(b!#R|F1#aqz^1I@GwYvLvfV=TnqjUoPOQweE@_PvumVezZGLSgl z7+*SBZ&8j?um*<)b4Tik>Dmc<3yU>?O@=gOhlUJ-sN{0&&U(seT z>hhL|PsXIalBq_aZY)Dl_0rE6sHa^ZT*(#Wkw4iFd3S!fpjk!8TlG0txrD2zweNG; zbDEd+KeL($QW}D4UyC#2Bp)SFK-cqmfo?rNg^(Hn2Nc8nz^LvqGthxKvOc~^>CHDY zk2cd1+0618yqSh`(Vp+I6Jf7_uMI-eFg~heAGTr;PT=W&E2F@)bLklddQT~CdpAeP5M&x%LB%H{=Ir?%n+l|?k z@6c)!qju$AsrXL#6}Y$`iza&uG&+@5;0{^=^lPkcx|>&^ zsV|?5RqV#@`*V2d4TcD8etV*cr<=3QQ%W!omr417grai1&jOwKMpD1lPKK)-`=?cK zUP0h|Z+G2IBLT6bdZsZDdwI%O0d7Trh*>7#q48Ln?ue!zdDWmc9m?uFqtG9z&zk{k z*qn5J+Z(wB4Hc6Zqy3SIQ_nL*(2}2E@4`}swuJ+*$$zolpi&?_bbwK#N zbl)Zs0`22$^wUmIh%zvs;BD0;3|lvwl1`yh_x-Ps2ypq#Y;lfgAMvPRkdG`S@%9Y7;LFEa9xV&p}AL<4+~;w7(Sik!bqml(t$Tzqci5IX$)*0=n#GaMl8 zh78()J4+qyAaS$reslzxa$z<-CK>r68lKr}oUSGffDRU!KEj$>t5bW^Zwz5VcwOBjN{_(|AEgQJ8Otu~je;y* zQ=})}h$2HWdCVhdPF87c$rUiG=~kuWvN(c1R+|oMZXEc;NbjG&Vc^yStiIO&fIts? zGrz_+^Liv-)aUd0dS2Np=JrN%Bbp!*$Xi-V5Q>Ltx>6*b!_=+sK;bZH_Vxfl-@L=r z=-bdw;K>2p-eXZS8-AK*M)d2F&pGXuqpeauWn@iR?`ok);LgjUYLY3s#B&ilKcrzdwzO9{W3Z%AYw~aEB6f- z$$yWFyp|PCL;m=yw>kOIEWQGY31%e z;yLYUpgB2cPDQ17GRRZSvYUEE^>{?RMf8{{#+qmKE#YHSk%?5p`gb`$)Ca2xY}w%O zf6jYyTuoWc1xovH$M&X^v{Xt3Mhoas&s+7MJ|d>Y#A@{qaW3AZCY{x=BX5Ws`blnN zI)Jf$itc%aTX?mnfPsm5s{3|c`20RGFq|eR(7C)X%Rlcf_}dWg_ha#bILAGfiVNan zY9m1^Cn5zJn1w1^%uGh3`&vSp2O>x_bt)rGNB3svK0zw}Zz6uAOWqH9M3bC>*OK^P z91@Hmc91oeJIJCA`bIi<|90*m*ez0tP36P%5FxCRKf6WIM2H_hJVRoO9Vcn(&s4+= zFCL8vEm<{!<4j_D>&?>X{G78arNEG7(Y=3(T;Z!@3Jd z=Ns?cPq@luqRRFU=*AN#Q1bTdLv8@d96sAeYU+Q_XdA}UkSv1mZtNXJBZ%7{F+em4 zuyX~I07tta39!9)3|J$f9hhcf_(ADIoKPgq60*=Tiib2rgxBd7DQGl=7Zp#1LXwog zwvGZ?sw~6~%Za$MRbhTA_lUTAs8G%x0;;Dg$`2+MZAYxGte|G*b`*`TBljG}>MBE4 zvnvSEQ5LDZ=4j~Jxp;g>#0OWgNHHs5=@`DI>hln6D!Vn~6!tee6@LMel>Mno&q4Wp zKS4L{>ZYqB>w7j@Z1bz#qDWcS9BiTe`?{I_r9FiM^dstYQU1K1%xN8lZZ;tkjcTD? zMdI%FsAitDEU{-qJ~E!=Ba@6=sDrpUQhG8af?clUibiSai0-1xQ|dp0@tfL}XEx_O zK}e13%BqHUz9-=9OGebwOdLx#HeM5!9P*w%rN2l}K~s84wEtTM4=f%FDPC?XpeDR` zhMc6HvM6Qhye%Ri)R!4dmHXb*%YF6k845&)OjAJJiNA~?d+rv=`$7g2hCpI3JCCvX zo7}zn_Pb)}y?TwyH0U$%O*0`cfFK_h_@n*Vk%GHNEF``DP8cavi#@xpN6f*W@L%D^jg!^g?}!~5)B}Uw znw@~(N{DhPtRWYuE66=zQ5h+)g>PE5L0pZ$h@D=*J;SQ1i|BK+)At#*WcO6c>I+3D znkk%zb)TKE1^XX4!E|$19E2K1?208%7vZjUW(w(G4X(`B?GTLuC+AMr=SM`CMGzdb zJ0lTBX?XmP{K?mKX%|fPSL--rx>C}c{Bd{arw$+#;lRWqj6^q`_^$MD1@-r<#Mzvf zj%O22prD>2%X_C-^?y3G!m|@@MYQ%4tWbndZR!!0I+k=Nsc?KeI`5;P?YSjADF|Z` zP2_KwNGwwe<7+|CzhjKq%wGL&w19)dxKP_XWtzgGi|fnZ^1VqDFQTH9~Av+>K1{Sj=JmnN(<`;&y4+a>x)% zxe+J5;X$39&P!{_PLFs~$h2fnDSAN$Ql?uP54reF0t84&riu&u4JrMI?om>8o%SX% z;w1AZQ_mA5{vLDqKF4)YN}eEB@Fi4HDN%HCxUz5?e0IRo{McU+0n*fiOrFnQQL|=}Vilj4pv!@g+766Mils+# zv|w+KW^{L>ph@fR<(KsTe9JHCe|^n9h1APZ$s)w8KC&9_7R}u?>c)r@m}>Cb%_tDW z^i_u0X)T21?N!%xd_~>YF}%Cflsge!E}2L?=I{v~mGILi6BrNXb_~nSH;G0Dbc`X; z<_NB(?0P1_wA7evls5Fhnrvw9Sc8JMYBhI?khvvOd-URoJF#vs zd$h;{5VMQ&IQ%1>@YxIBmi?cv7Chqb&ocxDI^hiv68HY?FLCNOotRh{@vLw_ils^i z3)NdX49C@j=_q(!KUkdE-wvE63!e>>55xWfoE;yX3BXhd5EV zE<<+y!baSP#YmY(ZQRKqa5)O6n^hsd7nagEbC|=~DM}~f0{Q&B`QBBc&)`d;AV`?$1v-_vI_)c4w_9&nvNoD}#nJ{C3SY>S-!XIO?!bjP^3 zaO9vh>9{ZY{g?q5BJfxz9ZgVSr14a#n@-WE5Tr)20`o76Cf*Le$|RIHs>yGjVSne4 zb^a>hyX(g!q#*u6Br}JR%&;0pG9}x9rYOCH40thnHfQ%1+4oR(I}y5s8X&)WMGJJ9 z83kd@c)}FY)DFEvq=ixpKWyH5fa5_{^!+?jm6nh1%y?1_^I@(Ij1o}n9Bdc4t#Y(z zv>PBF#Z|UE@vyYI^@k;X82c2etKUD*aNj|SEk*L77dfx4V~ZCiT|(3KWiGNmEnH;9 zRPm^L{wth^Hzh!3o`dC}m}O4mrzB^dcy3aAON|;DXqY>Nx8CREBXA}y1}PQ^ocY*T zMmjr8Ixffe3`WjImlU~n*WrD|9Bi{I%11f}RJnaAk_D3Y#$PqfM`Fm_lTxt^zZBA2 zAo;2}{P?~2)JeXd6)GF(0|jFqhaXC0WHtJ|kTz^3SpuJDrk9QA#}D$~@~SYm6ZiXN zuSUIk%)42f$bGxtQof~D2*|{gg z&h2sV&ZQ;CWUp!_1BmQkU_AM-4qvb+)D9zs;)NX}vekJn38u3_y$wHetE6SObz};9 zC?@y;AUg1H~nOHT=&eG4^K#phNj zm4&ZVEn~r=UXXDc8y_;yC$7JF>D;LanynuLx8H4Wl~u=FWi2kg_-cj*Ak+*kO1HT9 zzN_NWZ*|~ld0!Aa8c-jF&+tX&tR_AG2&wy07aH2~5gj7nFzE%sc;Au2hwG*XfF9r` z)JG;Bj+Om+o`y8Z+o?T)9w+tn zH1w6co!cWGtKV#riXVfvPu8rqN>7(rO?9gQLVNu<3@wES$4TBUr=jnQQe)%`xzCFm zuPiRicm7L|1~-HXq*92CMpYx0Q*0`JCq5q~{wXnrB1+bFWh)1wX;5ochL7QQD}~^v zQu4kV(%4P=5p{V6ZL{|Q@>_pky@hYmZ>#wx?Nf0^3v7epcJw6`jagmY`5`BD4GZ>{ zbckX|{S##14)a(RfW7}9s86juN|h7(=|@p9>OAW2HZg^9$#fd(^Rg0L>Cw!6T)ecj zDv?pw-M^ni9~+21zxs(O>h}|)d78D!dKa$L>ACc3CVA(k=z1q!tY2QT1=+_nS(FCBPP@PS(11-!GJX({XN~ekcWr4GWjnNN8w9j zn2)JJCeAHc>WllKx^aS3{8Bp}R-do=Fzrc-njF4QhmT8*K<3kaW!Qc#6vfNAq^Od$ zqU46>(Snsg>VSIDuP1fQAh@fEImCDA0IDkTPZatGt_{V2$LEy{9)>bqwnKzg;7u|o z+oul6AdO9L*`n!)>2jA-th+h*p0L^wLBvYYOSnYab3&THi66F0L4|tDMv4N{t={6< zX$-!JJ*RTdLq*R^HzA2P2rs4X(CPXr&h9C)?}qF^*}uFLD+pefSfE$dr?NL`#FVXH z%C!z}Kyolp&&G*Q~) zA`Pu%122(OA@LEBhHtWg5)?u_Nn~p9%1tN^4knVf3HY6|$su<|O zytV_ox#4F-4Rpj9d{Y;mBoJ&QQHeR5Bd|gI>=)4We#Ri`^ZQRmiA;AS>5oNZ^zc(U zW9-k8{?{|nlS$DF*N*7r`>FSTEA)j!Hvz%BAn9NQ4+!5(0-Y0E)Us2oT}@1*KFW(bSp-~B9OY6f#xpJdm{E;%F8}pq_s10<)@&sMOtI+ zXDqKZNo$CJNhwEZHa9gIyDm-?jDG-qKtL<)nziDLZN;f_6PvJh5bb*Rm2(As%srt( zz>*l&Da{n>jhikuL@g3vjZ7Z)^W_nsB0f;OCeolj=0Um3^_9WXAFyH|J6Hf;K%l>t z0{|iGKj#&>j+?;|ys(}LX7x1>3}sD%ejLTx4HO+>(8a()2EcTYhTa*1x5pH3DB~<7 z>I2T^jqMk?XgUzMm>a7SX}@8O9-Q`RSp?tV80**R9C_gGxMpoG6J_zSG_XIO1CV{q zdH0FD&SHE13+)84dN0E|{I_>Y1F(Lz9Fb4aR-OxvYN&(?&Okhk4xCdVC8F?0~`%UM<*# z_F+A~u?O3g;=Qu|5w2z7T1pl9?^sJWby%|V_TA#9UQ|e8ceVbG2!qkxepm}EHZ~i@ zu`hWPZXB)67!3;eW~bh8Hx=9dW$Yc13O$p5r)I_bbMY5N@xOKZ%{3Uh1wOW(IjsfO zx2*TqbgGx%tedyiAf_zK*(0ODZiTuOss|TEOKM!0azCDbQT0)Agzj4twL9EN$#jfd z0%aS&;Iaw2|IRf8xWPVX|0nVWiM(?uZ!$)g8KQna<}jWnv)XI%87+7@ujD{p$+tzt z>%;(#e11j~f{gG6B~8~wZx-z_-RfmM@|!lLPAyeWVmNAPAlb^uMO)@Kw}e~&x}g8Q z2%|;M=gsFCT*>1aulr~rd!88Ed*MXZqRY_KpMmUJ*OTe>R6B2|Ig{e~EKPZ6Kh209ng|MuU6Q`kC|zg#Hk&xPoPP z$J9q36|Y_Buw?^Ig!VFM_7o%-To=(>xGn)5x}gJkm_CLpQ1lrEhSJZW`r2KFh)+b_ zLMiM^Ay0VH`kta4O{8P8>9I2!KZDH?4}CB3lR_ir9(at|9C|A((Bj?mA*U8|-d;}f z+S$_DiH+oME)1C{Msy8 zkta#!QD!MEPsTL(9w?cwg}>L!Qd$Xaqm;H{CH={pPnL#FqYl$kQkr;YKOl7FvjFYhks^` zbW^?l@{I!f)0ju;=)b+p;%;@ zk27v3u}Fa8$9|)5+Of0p*w|qv1w?QIbT|93r$D8 zW7>wbwo{n8(6f=$3egY^kBhHM?skjxbh*t`ZYgXqO5Pt};foF!fS)Kji2vqpm!2t? z)|L&kzy&QmRc5Nb+9(x&Oyb#N>b|8cC*t@Zz8j$Zid5X)SvT>rt%<{Q2c(y$=2lDI z`AtYQ{K|`1XNc_hVhga!n{CqC_i4PFP&hx`lDpOIBA7K+c}i!HprNnDv#{U%F6dFh zQ=sBAQdT*P+?|4o357$9t~A+yQv!Ji+~1J`Hr#?W76LQ&CpiZ^2F?ELo~*tchq=)( zQv4$n2;gS=M;Wnm$-54tK?Bh;-%}Rcgbz=so3-q9EO!?y_Q}1TP#B@VUAY#Gu;G+mGf7si&63O`;Y7koHIJMx znIEN-X?~JVCY;$cIJ0Tj!;y#MUqxp<_JBxfvt_wzgtx_-O52i6bSA7HZNbc%c`3fGO8GYjJ=={+R}Q`lvl^2S z>_)4smugSduwY78+_^yiMt1p#aSJf|SSd$O%h7^ne0=kio7L-vA~q|iM*i=!4s^J6 z^5^Xjn4rFW1f!>UM@$BaRwoT~BYm*a(2PEavfm|N99c1;{U#(}BX@S78TQs^2vh5# zPpymWOO}<<3BgV@t?2o5LANJS_i2nT6QCs)3=!B~TH8hKJsjsmhljCp3^MYS5b3th zhMR&uU+AW!_wcpP;hfZ_S<(Bv4c4Wx6qq_Ju;nXGKa;X)6V>57aQ?1Glhf-x>dI2dW&wSb7>L7bc={eJ# z6YP#SW#JH-3{yjTUWS_SK={I6EqoLY_wJv6uEo>TbzU!+Sed~py})Yt#C%n#^Vr_uf(x-MUM6Lczr4b1`7o>37!+SXU7Wa7py6? zimb4A!I4eGW!FV1I28{)D8{>M#0IJT9$>AiP2#qmO8z}nK1T1#zWIDp`;^sehp*0= zNwK_XT@-G^{2(t1T%Rk23b09ilL!*F1T{V-(V8%)0pCtLv z@*WIpc{(c2jIOa9YFyn#@^($or$vu>u5`V?Oi|zsd?{P{7(4Ee6Jq<7XObTTYi^xX zJgHgU1=v7_I|GN5$M?(QtI<2a1o($rgbS=bKDJi<{k#%aca@4KQ;W22>MxLfb-Ls| zD0XV>E!^Ub*rJ9vg>O-w!#90MDbgBt;}+TXIPJuDe;}g1YvFm^OCh#Kk#CSptWdkW zM?3yFdb14x3#YLMkzcQhIGVF0=r-hP_3r|eUzosNS|cO3D^7!4Rj9w{JC*zUnZy{- zfkMZ_qGkxay_)Z9eh8#ubSVcEZ(v1S?1~(^k2m5iBxwW`dygR&jVkoueN9FJ@8(xQk6%PUj5SJ z^vvNMgP`l#Si(}-**IBG=|DcfchLoMOntxlq=x$a-s{C$cuEs^aYjNyJpxxQ=j2V- z3WuPuVQH~`kfHw7Bl#gSU9|TYyM^(hljVSRTGMEL#VPSze3;%{2;B!QMPle3R9KU| z_d<#OK#CfMp(s}>z9l|-@Tc|d3{L>#)p$z3LiFRh1IFpTO&Gak;Sj@403w6+EzM#Y zSIbyDl^qzQo<`%0_VKu8CwR>qr^PbNzYPX89G?>#K)!m~%q4abeW-q;hNf{I`dH0JLP?08q0j4{I zy^o@6v`zqZfz9;bZ>D#%vATh$%|}mLN=5mR4px6*-QW076iTy5PnKDWE8Jb*!99|m zu1Ku=1;bmWA%$Jzma2-(!gwR_U<1we{r7mb|B|jMT~>#JDR!UJpt?vTHSE#%A~%_x zePwTdgZLGqpmk@wK~eWDk& z=x)9q+C>O?XbzumVW>tikh{c{YJDS$Yi1e$9XG%%p5fwq-sR%@qen)|;+Nb&(N+U9 zxW=k?WAE(WfF8$eJ7*V(Y&{h1me->jB$$M@&-B}`n#x94lnJF99u|+2yQUuy{-B6?%^9+WC=b`-X9qwtY5N@Tu z9-&0C^vKu|5XV4GBK%LJKww6*#HI3jeX#>9tBJ^ePV*G;BQxL$=}NrHc_OR{Cx*o@USrNUBv3X|=L@XsxYw(Na2<8GU>!%}`4lP4rdYi1`{ zvX9%0KU$UV%bPIq=6Gq%!||5v(-z}DR^``n%_OaPC=RN}W&dJqQvQLe(wYTEC^_3` z%|2=TRXI&bDbkuw*}IMVip%C_*iy=EDcfx+-&j+ANjaIa%c6vW8MeOFw!SsCzI!cw z>nwdkmcG@NlQk%I&@@|dnY5;+lq6o(ij?Yzm(y0{V>6=sA5E7Qe_lg7xKlllh7ORf zyia$4gy;5yjilb*0q<`gQLq?7Q(KxTgrgsn>BkdYTdS|oPjZZeKVSXiBwZSJb1Utz z6@^++3b4r`4*!LtdS}8Yj@CQ;U#_4-GkI1teQjljNEY2A(k=u2(C`LWjsY1h{^f>W z(HWAFjCYTsd4ImcZ*Uj`!?godOLg;Vil_D^zp9j_^6x$u5ZQ%iXz%%)^wKA&!{2Ch z_rXJ-6|w*OZPQ6@UFW_?Z$PR$aoym)tQ`r5fF5+Kmg!xuT5 zZevZ!`&n;%6z@;dF-(Oe8)6YIi7vM2K8gAch$cpYU9dzJGE%r6xCGw9{uCihV7F+` zLvg!LYH-9!{#(j-^BiLZ@U` z4dT@FL0k%5k3?1?GH09*M)^6W-tq-fpJRu>O_=IgM+BHueC+^2!R&enBfzkBOBSqD zKB|)Ei@bg)=lnq=m7E(r z=)Qfq*L~-(;^&NW_;)sqq7>(}?wr14PlD^GkaD-M80j0c>QL##`jf&{lcOi6>~S&E za5el6{5CK$dVMwkQ#AycWqcn-xpp9X$-9Ix!a2gV1H}`+j}teN3zmkQJs7u96(!%n z3HWTYbe|5-!*7K~S+(?ysIkiHPjX~m*pL6^&H>7^JBK;1(S9&g-1sV=FJ8#qypZh8 zVF$1E^6q`3*Sa=#!NRT_;J`+Ca=^iz2C6Lr?jN7WsqVY+@Z)m+)g6}eh4Y%(XTOrd z>2BmO3<{olS>63_A1r3Mc+_TTk!Jr|*uw zVHleu3XYALw?)91JBwE(Aq&}ARj2=@;$`V!&u6e(fhFl&{>{?JJhr`mwt38oJpq=F zJF1g<^H8483XkqPk+d``dUOwo(fz<FiJJk?%7@`h`+l>EYseMPG%cU)3C4(y6_w|pS_jo!w zeNy!)0?{kH|uU1kXIah$nDfO2N83)wEiUr>5*K)dm1MrTc z33^KnVJr$Kq*ND?bn8vGNS@t4J`=8x%s4?d-!p+NAsc$>Ye4%SuTJVI_8*Z@WYR`m=6QhnhN z7GgewR?{0xg=mEyM!Y4cYG0K{b~%AZ;D>KH4zRx5=(?o7Ji(O)i^pCz)|1w#yJvkl zG}XIvL=WAb?m3Vk6}Rt9xFSxskRQLpO~9lB6jeB}}@5 z4ZKef0a;3m`i8aeFYdvD>W$rb^`d-huu(XG&4Bj$G*0fWFOQeJmoQ4zbz)5~vUcnB zPos(!-gSYi(#3se;*u+<-zTVF^3A@sJNG*p-M8e^p7Rw&ma?gY@tqddarQ$Jw2Gy&EQVa@4$5Qc4)tyiArzX8-v^Cp$XeYQrczW{Knoa3Awzh&M(CoqMIKaiyN;@({TbK%}p%m z4d?bq(_fpok+Cs;U``*SJzf4>X7e|x813F~&3YH)t#hjxHSYw`tiEuX*L`gvdVF9D zWA6%XW|Hia&7@F6zAf8#Mf<^7!usM&7ZK{ZT>Wi9NORHU0raFFr{nEEzpl{cgbTuJ9WXRJ7%3v zZs;0^e{SoVG+mksS$DvHuJ5Ny!3y}jAAZAsu3zBy4!ftq}+$ye}0{b9%nUgVAG;sJ}WwLs;#UDNJDguRrFxK^$Z z_vwRkL&A6sJ?MW7ha4F}&pNzyB*}XvVU+zq{{on-1`2g{7nH8Emj!QS7aBiX&80i& zU8+odNe~~|3@5n$s4elipw6W3Jf6$%62P*%3lF8=UF2B>FPC?wu^ruJY1vm@$d1ld zCg{z-D})iGTADa9uw z*|?eD@bUauxa8jp`wfh8YWbt3v>zE`u;Y}*@nq;(axjw~@DQV-0Gv~Z@r|#V%j;bt*a&FO}mfVRi7!AVW?;1gT?(C$aDfVqKKE}6&EM9;s z3(*&H2SlnLzZ>D6yue`V)Ea;Y;1y#uevOaCpg*+N5qPtVjqQmE!sE0+qI-Hpgb$k~ z>MN)=puP;%hum1+}n$i5bnw50pQwzMVYp(namF&B7{I2{P}? zZiG@4X<8__Yso~~hPRQAo!lRa9Nv}{Kj6Y~CvX4QFO@XbKQr?+ipIlYV_X9~8_oK?=ej~z!pGix!`ek}TV8BtRy+O9s)@}=ZWo4FbQN%M z6pVgxyMVPH)dP32mjJSVoGNT4|4Ak6NlLN0mTblfCV8hSVXFiO%S*`MCD1>Gp=^}2 z#&K~C(jC&;C)qbrjip>QSq4{+X=lB7*QiTwxOlhKR3SZ6K|!lbHLeS$OAiuENdx`N zzCZX3zL@-Dkrv;SWs%axnej6@un(Ink)R9f#k(yfV~q5*2fpIy>l^rrr>}3}D}lbg zgReyT`X0WL=<5ggN~W*9@MWT}eejh+Uq8ZEJNnuWU+wAZC-~|>Uq8cFDt-L|UmfY| zSNP&l)xwvVz7D`w8hssvuTJ#!8+>)9uS4*aPG7&nR|b6@hOaL4^#^=)r7sn}GU+P- zU)|{I2z+&?uONK&pszpSt0#T^1z)}B>u>n#OQ7(w@HK$GPQurD^c8}yf%Me?U)l6^3cd!>*J=1VpS~L5>jL^Z z178=?R}*|)L|+E%z>YkBU=i2uHwNoR3!Rpe;w+CV6Y-^Mu2i=LDM&dy=< zlY_bzEBNYoG>Hd;uLOaDB%MJp6C<@@G9$&S(m3*`mT_PN+NCcfPgTfA2&43a-?58> z5m2yxRHo5&BXC)@XR%0sNMV#Sm|Bi5+QJ-tv?!X0q%+;eNpw>b%p(84w}xqjzivh2 zbf+2G8!Rl-50DJAOpV)1<9mEEuEZPWXbL??i$X>VfgYoG4rqQbw)ybV$hWAkTndC~UJ4YVn$AgaYo$ZpjBkskCQY6H&7RxA4o z%4GlTS?ic7`%#s;3gS4eJrT!1R3NVx=?{i974LxoYj~|w+q2SA{te!*0S@eeuoS83UTc6!W6R&B0T)$_5W!}n%2fkUaVJ~n<1Q_e5rQiIis z^SQm}+0y~tg(3BQk?Ilt4|-mNF>K4#Lpki`?mkFYHtRRYJvn=Vb9C!~JFeGlFaEf$ zxp@Fd7K`sOQ~D&&f=Mv09}*Z$8$J~B>w}W0=2MvUuTZ~)HUm;(L%YndosflYOSl6ZaYn01x|N9Oz%#cO(F6)0L0hwv8L#j zVlV3)#BP5Z!q_d~h|@)3y3WrV22Lf(!Z>4$XdqSfB=M}an8ISt z!DD%;J~o8~&i+g;^@=Hq`54C3)L`|fs8DFqUmeMn0FLR6btg4qQ3j(2g)Sd4L3EQz zC&g;jPekQWLPT`Q1i>7Yt2cd*6I?VqXFuQvIJbAhZ)CHSa-g}|J=BB&j{)D;5(jjz zXywbWy)arhK ztmp`69Q?GhCm?#7%L+e6yFX!-L*WQ$07XS_P{-zn{r+@m&rIKrse>WJ8j@=nw+-pVIe$`*6@nX> z8WzfytL0<)=03N5tX0-M<2b#2`(~2UQ|iv~!q-&07Fpkjtnb2EVGFkE>p80^MR$oQ zB$SiXVPk|NU#i9FKHDTjJO=^st@V#wn z6rEFw$6(kFzV2?K^JFWl&l7}B=~)P!l0rsO=TN2SqAduW$)f1VL=q`5wzf@@g%57> zHa9~Zvy(@$n=ZPEGuTVj?v8?b=xU0l9-`~B{CtL*BpS#v5n(!*DXCNHM!WFoYNF}S z5YqT79cRdbIk4Zvu{qg(YL<})yEW#zm>@2m*#l0{1@l7cVg2G!m#6Y&b7LH%rQZdY zpM&;Ccp8L5;8^^0`@lC5$`^DSRZk5G$l6U2~GLJn7M{*$z(u-NdeCUUs) z1v^|hWbu4u4EECP>`?!)kbB7p_W~p7gu1$jx=QLWK3_r;xg|Tc{u8eAtf+Hf0sB+g z*?|63wgkRQ3e!-*o1okSg{=8V4pPRjapx@}jU1$0N=lc90!K(f`WMa*EtRh*jMX$< z0R04Zav9n0XMbKJ+57&>pEC9HUEf&h=khY5egan{#W+Oi3Qeph+kwr-W{yqD7UQfA zh0RXm7sQ&Ko|_G|j@MZE3yOcPmS&!48$H0_C{V{8Xc&MCSMJn=faN%A?$H@o) zMjFjSc;r7W>L3m{d$8!p{vI|j;^xVt$*ZLQ^X$neEv-`t;vs{~Du&dsGonKYXMMuh z%5C2*+D7a606%^uUN6!x9&2zh42ZU3J=zxsFNXX}MgC7>x^w3tb#gHU7l;>YNvmo@ zay2o5i(^U0yx48K|Gcor^}ZWVYk|Q$s67STfmhdmo)>odGA5o%d?ZTfX7B&ZjaFzT zyL{(7OeKrwo= zAcOG+;s1!+3fy)^(>MbOh@j*D;qFhsqo}fm0k}KqBpnD;A_+tc5EPWS4N+9WW(vAP zHFg8as)C{*qPVbhvnT;#Cz_hF5gqp#w{diwabp}sK*jEWSpXq`LI9P3pw+fZKutO% zr2ccxz13ZvbYR~1f4}d0|9_q_bk)6emvhfO_ndRj;w?rmfX7WnR100*ZnU>wNNv=u zVB>jH&)*6?g>EDlYVu*n_)jY$;5_Y#0cYqE)SJ35hDvLBJ9>zay`ByR-wgxl)+-X_ z;N_2D0p4YEzP{b(PkJJ{yh_e?EPRs1)gXH#6SJP{_GXhomiKO^t2)mFc4udbI9zZ` zFUG!~yYx)nOx|#QO3P>==2y z594KaTB5v61^i|dP+P-oSvMu*VnmC2^}E+FqD8$hh#5bZY@KKB#ACIc?R3}>TYx)W z@^nmS_QoU5W)OR1Okbnl5oXYJ(K&QoMA-UMm_?A=ny7zbxE&Hdjo5TNlW4T*kdP4? zEg>AHEW+RW#xaIzJ(as8WQUmpJvvQ|y!FVpEtWXd97b??I#pZ#N- zCVc2xgk}6{P|t<{ukVw)t3Bm5jeBNB(jl05v3lSD=K+7FMJXbJ^V?%I%1hc=arb!w z4b;(uIzs}s(L7Aws)|P`SG?cR90Aw%4T374?#* z)Ibp}kP4EH8-{_(q|4`_`NL6y+mInoj9aI^&lcN4@uCBw{V`Gx-I%96Y5et$-;;BMRGFk|40j6`B_Jf$Vq_bbP4rv{b}{RK&^1aAufdRLICWjx$eRS-?h_nxo2#m4V^f(P(p2-YcR`xrwSy^y6<%=;|rsP ziVhMunBPqPrWalYRvZKP`g zaE#9<5ykxpQWQ)RA8zmbP8;ku8*Ad-=>F>N(E;%xC17Yn=3Ups-cB8F=3h<5E=snL zR_iidtM&L6H1Lm@EDtA>Wp^G^NKM{C3aKxn-M!>yShXKJd+ju8YCLnuDQCKk?}Fnd z&ZN(*b^1ID+40FDpsQCFv0X3)zFb|r&}0{EKcWnG9{bo+XD|CnC}nYg>=MU$OjD*l zcL7u0?cn=ERmbSJET?s!(OTvP@CnDK3zspnILXX4$lid3<(YeHsct(Hlb~c1Iq9z@ z;!v)k;SFRH+p|q|@Zcd| zV^}=9n@seEuo!yR@vkZN+V$`?<7n`@UyD?RdKWB?GNZvf@`vqq0}KYE+Q?FlzUU9? zmXIHozfb!NIDwU^Hl=t@ zZ~`0osT!7g@ zTh*ijd_Tc(!y}ZEa#Ied2Zk|BL*v3tiF}7<7H|%tU4tJN;FN2zig`Fu<2%v+9iKC< zrsrvf>f{=K?g$FWbuHGJdF5$M4$!)k)p#xsp``NN{fMf~n}+k#Deo?Ft2fFhE$ducU4fXnB>0IU4u=GX_7n&Y$C3HqtO31$aHr%^7iai_wF z2T?FEKsARt@h~qYvAxD~M9ccem3>U!p(giWE$c=2X;UJOFdGv{mnpC=r=Uwe@A9Ad z{?P0C!wc>FA3K9bZaa7+5Iiov(g2TK4i86#5gs#Q;o(C5|GrpwEW0xbkIP66L0rtg zKIPMGWz#)Jo$yTz01WWavR=A^L1Mj@_2d<2fW&nNo3zm5?dBVqt)wg*)ZU^quevFU zb1PG@Pv|i^&eV3}{6_uz*Rcz=L(4Mp;a#9*{hoh@;k|VrvQWIEIO`LQkfW5;^YARa zB}H1G-n+Y`ldqKbN)C!M`}-Q%zyeHrA7^ndZJ;#1ydZaiYA>DQ~eU zcg%7qV+T2u2@909=u{r~A;EjptbRV+@=0Pw(Gc8u+P^%59Su%w*_ z^)3DI1Xy_^baa(b!vq^4mHfp&Y0{$mjzn(LJq&3^)$2ycq1$Z}IM2XqF3IVeCV=Eg-j#qo1>RG= zJnphX%lfhS7a#;Zp=%O1pk!TeSa|pic5vn19bL-M1S7KK_aS5%RCdT+6oV|e3=GeG zWCTO#Jh_VW7`yI@A`C9tIkQh|pK{l7jp8g0A~$Hn4~H^-fn4Xrloo#V#svmkiPQ-m z1)?k;lJZ*IR~YPp@k^In{r7M~dL%D3w6k*UN zN=~J4BHo{?<1c1S-owQF`b`*OMhy>UZ>Q>SkqK8%UcufL^0#pIzoGtgIeU2tcPIGd zn$sGk8a<#^TtoMYZ#XexgI}GL&uW_a=lOfkxTly8Af%i77fw&&mrD=f_qY_|j4E+i zPyY6v$lDdhpoF5tqc*bWUP+{hoF2)ZIbj*Xq<*Cpw$l2we60Pi;W^|g)Z|I1XLrww z^_s=h&2;_^Jv&ke=B>NP4SbeiD$L4kYim5 z`1yIKHNcRPt*g1jiHH&p->Oe*dO$P8w?Q%Z#+}DILp#nd7-F{Vl-MbP?D4JYTf3Pl z!544gP1Pw+4(p^4I?I}VZXeocEI^wCBylz|hRZM(jq=z!A|^G!AR;rDOO`rvrBklf zviic8azn_qk@>5g1pbBz!u_~~$7^q*gNtXinzN4%Z+;NtnepKrvAWVzw;0Zh_Uz$V z=eMJl&2Q^xvGW@Y^IMi3e}2z4$C+Qcaekw+`TWd$ex8G|^BcI8&u_$+?dP|DPVD@8 z|3~vH`7t-aKro_HO!aOoC*iYqRmr3L9AU^%vK2qU78NRa!|b`-TWtmi$@GlmB7cwi z{Cpl$iyHQZp~4CGT-X(%RRqil3)HIFNK7i&D9iS^{|1Mq*)tO=@|b3xtEt{&cQMKg zGatx^(Uh0P4M_IYA$Ri-gHY~Wh2~~6@UqkI-AIELp7aMX@+VaZimYCA2En8-Kjzx+ z4|!je-Lil{;sBg|oau}nYG7QKrw6>Mi+Sa~(y2Ve)WB0LT9&&ftR!O|z0C<8L2+5~ z{UyzK5w|p5fr9b!X4=IXWKa_2{bhTEH8NtH{27m@i{bGkOz=}IDk}!e z5I5s^#JruN_q!B(S&dMJmxGwBtei0o!c%^)mL$ATkz0YmL8q?<6j%m3X7z}SUY`3U z^ER9C;poJE`?g7)O-_UTI+!8!N;c<46JpJ8i z?IZoV^8kxt%_Gy(*`L|a}%!IqVi@&5C+*eyNwCO(}`Nz}eH2*j}3Hye;|Hu6O&cDX^!^Q#HuqPcRu8Ep+zH}qK0 z0(hZV6Oki&U(E8e3C&{WJXt}`2NpMwK6(!Mm`%0RJ~gJQ&u92BAqNXFRAbl^tX z063W#CCd2rNE_3QH7#Wv@NRf+I$ThU-cP*fEx?oD#$b-o4ux%N*q-ak#GK9b;#nrig5| zJWUuKwkZ_-$yTt-CXC)S-e(!kVqB@2X66w|F`-a^n>v^L=kltA($`ITz&c>qpQ9_b zt#)&3hqf-jh3G}{8f~5L%lxZ84c!tG|1z)2ebX5}$DzoPkN1T7!xHzrB^KLnoTkTw zy524m(_@ogA@*4m0hx$t`k2GShIiOT;o-M*iq+LiC<`+6-G-TlcwH~IlM_48H$9eW zB*Yd{HV~6Z3mc8cWLB<|0=FVGX_zS8v2G58l4J#OBrhGA5TIH`MoeqFW%reyn9J#QUCdC^t;J0w)));~Cgy!9dXEELxo5xvr}+n0o~nm1`=$>Y0!vdB4P#aWovp^;{g?2! z(MV==AKpk~@i-#5WHvMq6Zh<^-%q!Xdvstwh1IAU#1VS-v;|V)v{^P~tXs9e)1)aA+<5_^)W?u? zO$CmB>;id$Th#W&wCmY~^8Zb-O2OHaI7Gaw+?xA3p7_;U<(4o=$_e$#MRb9?vMQ17 z`vy`79lVjXvWmCTXHuMae`DPyHWq#`xHGZAqYIB_Puypm2v@%45tI`7~%0PsFVb@7)Unq%5lKPczJty--|RuItq}w(K@{FF3VzpY*Uy_+e)wJF#CW=ERNBbuWtK!XB1E`UO&5wC=tya^C?& z&{_&Ss?2)3e{!se<$JCUz1@2D-nzujg@VB@OEZ~b)a!;7`il^&iz+#?3M$H0y?lkB z+p>ov=j8?p{OKNuZO=HDbgM5@yz?imrpU#PP}T#F-$(R2XgKcjB=2&o$$fq_{F@=} zTVij@bn|BL1}2!yniLC;SDhe8T-{E49yeb9bh?a2)c*Z=5#Vm9V5 ztA~wxy#717cZk<7mK|DlA;s&@jmGQGvMI$2c+7q~2;WauSSvjFF#K0;h-JEuU8ft2 z+vIwH_4F8)16t_mxfc^Ba8TW*jwz)R39oNywW?WAXEbz@SkcONqp{e@#xI?{_q8@}h!aqs3m;ITg2f!4SEQyYZ<&u;(oX`T<`Y|o>dJw+dg%E?b@}3nwD*GAs8stSMiaS|QaiK0Aq z8HfdUwA$r6^+Y(rhjxpni_*OyAe6nBjB(dBlWC-hOl?*sA-7iVP$o>2ynz-8>OAyN z5{A+uHHLR;2d$c4P)vkeSyYg%iQSPnUz?9Bf8DUDRb*3~7;v40g!^8akRS~8XE6{rs zshcqW&-ASre*KrpIG7?)boqG>uV?(N4G z;oiu*R`uFk_U^_OO3`E?)5&v~W}~bmNl$*TG>K(#6UyG|*w@XxuPkOa70rXttS)$< z$v9oLwzvanisVAL-H;2xeXq_exM$;)$ZmO3~Kkx7h*2j1L4k6Cmc$SNu7XJ^3P)jkt9JWYW5c> zA{3{fa(o$-d9|KGDLMmqwM?N5Q&Dd^m$Jn&rt-USu~JW-?X*_-VVB@yR$Rr4pHILD zhB&8>xhKKftOUqwFcsbxe%NzUCEL+|8W%COKQspTm_eN7{bo)l*&U{Q!FJ+C%I*NH zR!n9GMS=qz7{*=jW~4zHsg`ssrq~=mTP|+Hu)q}N5(-;W?=R(LsY92n|R_nv4bDdJp6ph?;WyEOvLvi*(d^I4LkdK&QHE{ z3@YUOZsgIU`hG)>FkN;vQU3W`b!DtG5p6wVm9g$+YQc+my^FfLmCJymkEmhW+m-Ep zrHSgbSHnuNYS`x&H|fy;jcQm)SHlj2aycBzR>h#+@2c`xePJ|Rm{Hz$!DtH|T6O*& zqdiMOt-GI1Sf7?|D^JUivK5!E^P<{%iWcF)=_lf6H&&DCj0f;)Wu=%CEiGq=oL1?(>)DADb~JD%d$f6a?(oZL_JZP%(Hh?eUXC72yNi=P`Y-l zalYc@DbuEs?$w3qW3H&ar2Lj1os|pg&4&CL zG5U6=ywfFDVyfa@JZ$DR_4l2}NjjbY6Ci`728Ud!_QJQy1en~kboF*GpH_;HF&1Vu zHn+T=Q(g)rdTF}kt;!}}e*99Mcg|_%62p_EhkEXye{`Zk9_^AP@0M)TTmKV3 zEofNW6(3%pcF11rp$sPSqLE*N`j;KJ=^7%6#!mH{)IP2yUjubqwEbpvq~3nBdOrO; zz}p`|?Kh+Cjw1sj5}@JBxiwNM%&FSYYrOqJx=hqrscmy25=SI?P3)eDlfR|hVEN~i zce!wQ`_SY-`Gon;zp#NZo)lxyC5P3=Xs|z^qy1OcvX~I>ll=SkI{Lt6Qn!BpD{xhd zgt9((t0#Z$lz)|Wha7p|sKZ`l*J%qdM)5rU4gQ`bDLzt00ZEw-zhCCRC&KS%`EN-N zwFtipdB%7A4G{3H=D!ES0G2Ut5)Avy2o#XBlP=sv&1xPK_?YFN`5W~)7%B}2+StI` znD>8pKx`;5EDVq3V(^gU8IgX=Sid&xx9ny98~QDKmj8x+S%hEs4gHpt^WV^K*=qh9 z`n4~^AA=}s2Ab>Y{hm}WVE6Q>tt;7D-f4o>cDPakPjnm){VUGw)@brpSjpAcdIVR)7P#zRRFXKW0ebdl^a~{|T@+IO(TCYA`ch`8GIk$e9}1`+Hu0-v zJ63X%WgyAR4;l)_g5wrTannjU3)JLYU-@eusZWljU_3Hc7p0Tnj!mu%}7z zME;@G9sNVQB@U;&XT=}(!n|kYyP9J8t#;<#PP{%)O3LZyL^xUf=`P=m7Kb-5zzKU2 zD97Xh^N7^|dW3%@qmr-F~u*r~F1_9lr-2q_Hrk zP$>I}*4q9f5m?-h4jG-uRpdfOT+Pn!ui1rXJ-)LJ#dq%4CFL=u=$;Z*En86Wtv@#a zzSlePoNui-t*Lj;Xwz7yOE5x`Vh=kpOS)n=u`XFSzkki76o6C6Ur&A(hfh;!d<1VO zte#=W+LkQ0n&CKDby*c9h+*2Wa^|gC6Fw)-KDtjB6_U3qU3=JjohOVhHVSvm~K6Kg! zr)nEHDY$cm4~yFj)%RCK`dwy`2OIm1BM;pPNTbU_KfMx0m3_8)jQz+}uWLjH=<$Qp z(d@@y<`-=tzv%Hp*;C^ZdMad3Dm>9Zq9W9nOIpt4e@6Vi#mMg~W`q1e`i1MQ@%aCI zzqcUABTC-o>6iw}yFALD&1YmkX89O<5sS94hV_&w<1Z?X!K+|Dygb*}7qLbF@s*Gwd1ml$05V*w_UoUC>wmFcaq!HbLRk<*bpLku z*HaJi^*)V3#T>c3$&9a9lV`K1V<_C6p>PVVvAe553nNBuHe&bm&TwB39Auqz;Wf z2#uRyj%1pB3lbGB$lL0yCjKF;AnpvI%u5_gC0Xw5$K7~q0!4kv_1p}@mb?{(s9!@u z{5llKm7yu{;UJT{3nE!)4E$$fqPW_#LC2{+N)Pha3ZU`it%nG$dOGFBgLJe?6RVO* zmtjR4Qr`)V27H`bI6YCIfmJgNi?t;aKxUrCuKddHY`+k6w0pl}2(YL|?7D-lOxdv9uPsJ(U z?vgKZRAH(%lRoi6a_7Wte+?dIier!qlNwx18{$kOL;YQJ^Ix(MHvI2s+bkam{TSUZ z!*V=bB;|(enZdk?ZBepz2Kz+f_E&uItFCcqh}fC`fJC_B58;Syt$GzzqpRWuUF`dp zuC0^IGuHfBw?#ZMo87$r(WKiV9#Fs5T6qQ&^{9r4nEd?nhKSn{ zw(%IhyuGFNS3@{}6&U~E57AIpq0tc^>&&Q%S--0o{g);!GzdOosm8-3AfE%XT9e_p1ufg&%u2#SJtlI>Lo z|0$Rm#m*-#-Glc#`M}|;b7n?tA5?BYm5K8laSPMHd2Kc7<=L0oI=_F|=WR}K57bFSmKu5rnXo{FkCeNc{SiCE?&@EjhTG zI8J#T?+5o2E53Wv?YMwnu4jzTIT7VGa`C~}e>kZ{L_nV_jECVBEW{TEZb0eggj#}? zaHF`w>Og1*VAv={Z>G5ZF4D78w!`ANfP&$_co&v+Iey(@(g#CO z$R|azbkVZ1LOCX`YQLpZe2v{t(+soR<;3Cbi-HfN*9-rObZ*&jgcaQ{$snEr0R$o- z!jU02Xjv^^VXp*DMAanqiY!etfD>TLiaf_dYCM0~we1|}QOye<`CL|VEk`=@3)eiO z@w)m%YZD7T#(K4?3q{iU$Q9~`r^&+SF76v#NXO-RlO6?M%NqX`S;CaT>xI0o;M z*ASk=@92!)-bUpgm3FosB9$L{vXk$-y~4`pboM>#|IeL%e}t8H`h9@PZ|?N_+X!E7 z?(}<+%FlZ;9zFqtXEB8#tlvd&CZZFj&)(qlxmwj_pR=8P4{YlOWlF0^xAUPMx^l0| z-b#CN50E{;B`08)O_@1S@kmN>AzkP=<;eqv+T z{f-umWP{L!AW5BX*y$H^-05YHH!(SBRy!0u%YC37?*l)h`%HCVHQnk+ddN+u^1)i} za9Bi#zObg5T`J+Lz1!I<48<#3sPRy%?&C`9fFYN-YMy|%U zdAptR9rZ};NBb;h*{({ntKn$_9DlXyo_Ba}TbMDFGGzf>#VPh`^&RNXC8LJ3)?QWv z3)CR2>B_>!)!WQrufJ`$y^i_1=GQ>Q;67rn?fJ*-`Hl8`Ekg0)EXAqEfYPD&w7TG( z;}m6f9*zW9?pgGFM4e90C)C`kUzv)(!}T2ND3nP50tYzL6nYeI+u(;&DGmo$V0d`B zS}dstL2p%lP4s?)0HcY*dRvxBEVrcjM6>aQEzK->0|~Z*fagn?m&05wVz%USVm~uE zG{3!U4|cV3dVY=QJ!N)}vdg>0k|S~YYibeJTY5ofR_siFvRQdgHJ(G%O@-N=W~fbP z9ZR~0(&6L)yH%>8Rp8g1_6Fqz#8SLog_ZG!6PQ&$I-fh`d+WrK<2W8b2Uo3D?I2Hb zlsIXPZ>V4`Rx#^Ox+=48P>1u^>-5(rvHRov?ep+fDXvxQ%b>Fr*Ts%;ou5_mL_UQU z{c4a8{g#*(|HNCA;H|dH^MO+QV?m1?7Mxq0v;DZqF-YcxZyne2T7)&|OXw}GH+wAk zHKD8WYf#0`{IBKe{5?%gurQXM9KwcY4r52b=brtI_BvX}NHMaJ<(4kqVif>dyl&;# ze814oGls@n@E2ghO$qs}J0iO5&Ld29)hUMh5S=6e-=QJYcmc zS0DwS2>b_fh${yH^};$KTZEo!#!b8&8LJUy17j6ad=U0ph&J< z`G9=NC5LT_Yk+!tGYeKxO8%Ap77fLHOsHgHsZjJ0W9Vd5xyTJJIjFw%af?RxHi|tP z0ppxaS#v)7lwRNJ)U6E2W?eZiE~#< zp*6qJHr(Wy!hK)T*P-8T)NgMO zNJ3*!ndrU(!Gb^Xh&4n$5rG&<9j;_O|3WVlcR>I2o>ZOJ9cr{kBK?8GI+M~z{0I6h zwoOZhFc@4w%=F%=Q6Tht!3c!A9zQb>{!wlKf`Na#@de`V{@4ls#yR9bqqjM6>5Y;v z$@h2Yb#_|0WDbndjz|iy<=0!)?K4p!yJ~1?q{HV(M_w9lo+?1jR43kr_Y)@_ax+kl zzVtx`5F~XTP6gwJ!*o(&4DW6|OMFHciYJZub!n)Y|4UOx9=+50x$3_rby}a+Cw*q{ zoB65#!TO}C-(7)uv{2!78QVQpbuYfciy=>M9`_6W%W@sg(O35s*?AriGx|}+xzf3z}Iaue5`)zZHwp!o$_FHRXx+ZosV@uWYiXKlIRe^{7nvOp)`mfmg`1v@0b{+rDb;hx*zR)<9MKNQU!=Cs+ zrgj*}-^N7;!Z)NiEzX^M2YpEXA@3$?$i0y3CY4l4IY&)&l5x`vNfFfjE*d7BnbWM& z>^i)sdi0g!G&*=Si0-Y}vjoo)KHtNh=fU$le4YW%$|IDOipCwiSBPUz+df_>Gf(&2 z5C?PJ`cSXnU70uX5lHj(|p`3poY`8QgZsP zngO+($OJZsAVKz(_@en%T3IeP5nw-$xIS1b_IRUy35l|2+5jUguwCFXjUfE zy0RqLO(4^T(}nfth#MZk32eeBcXq*6>pzuZ%iUueysbRbeDf{n*dFe`I0=RwT49&B zi6uwtLEg0IADS!NpY*R+dzse$I$F3ttvCLK?(v@)z0>iZIlVLH3Jdq7%oPsR&J|i~ z<_e*0@Zt-6Q4cSmh0s?}aaG#6_;<#+=??FfTvx$C&)fEbZ9*wV5db)43#Hr1hHx+I zJ`CMs-&aB3B)`GOE2;mL(0|7sM+^JX&V`n(*z#U#IgHZTk~U*}!;bgq-i>_!u?)GD z8`vEjdh`(uA_I6}Bwlc|YADFeu9s#%!r~+~jUL86iUm{5z6t#+e6Yc|D+D5w_70zAUev*groT{OS}wAJCu>??UI=1B!7VMjQ9 zmcGt{fbc}1bQ_EGgDydJ7;?p1pXf%98z!IIh4s#!R{Issp7U(wX+0&a!l6}rf>PcA z$=lp2Jc3bgjPMbuzKHdqIz6T0(_Q7xo@RRNf{%B@V*)*P#mD*Zmg89xsve4)cPb&w0D z=E$wET0qFi>?vf}dZq)cb0wfi zwNk+Wq4a*(?2TJsuQ#L8MBau?;!X#6xD;s4b)~K6Jg02w37=WwKvw`C=s$TV{GFVP{nJbAe>4mr8UEOkf!z3Wodp%1ol?O;p%kquX#{t-q3?bz zwumEGJ6>^`{o}7pGmn?klHnUGe)9u;gHaKK!`kA+1BVlW46BU(RwSS7Y-}I@ByRjr zJNL2KDdGi3vQwEoIMm&qe@rBw0()7_N{dr@a1fN5;UInaWxS2*_746d*sAdxr|&X1 zJURt?Q1U)#H3_9ZGS;z3>zkUQC7V#ga0~3WZ}>A(o`G zk{h8U8%hR8OB!cU$+aTU81I9*=;mk~{lGg(3hHY^F&`uy_NlsN6pnP&MWLim#~7~t z?D^Wpq=;b6V%$wy&Jqx{j}5xx4EI}lnvm^iF`jG3+fPhaW&h3TbD<~Us!3ty_OaQ- z0s9l#oI_zF_YOi{<)N@rJ;r z*nf*u@||QMCQ4r+MH@(o69%bo%nhUOCtC8W_xymFm&Oi?RFdQan{udfSiS#9lZKX4 z%%)Nj?9HKTBbtaPz&4<-aVR@p$vm#3NLtpU0X&%AUp>-Bx~^GE!c1#4QI9lth8DIg zr4~Y)<5kl2P%lEI&|l6Ff1lZKIq+~^lx{FGH|ba96o29y7AxgV@;+5lr*mbcu1O^O zg8;IU_uU+h+9@dG2jLX=s8*E&{bTx|k_^HE>X8Pr-&*r7HM=o~{7G_o+fQ-FG4d&( z1VH3^CvHgR!8N{}NO!Rd^uaRJ&nKuJqGY)S6-ik^LK?&>OdO=H=HCcU zZiyp#wbvKjkj_Hq%nV|D^)u{uiU~X!CCPT%-E>52x81|>wtMObeY^kp4BP$JLwvih zJ;Qc?@n?>CZ&9T!u-yl%8*dMjSbhLdv-msO?t={piJH}A{mgi^dJ9G>)wjO;>keCg z)PHa5cX1%R)MLVxaTzXJk2(8+#pRyQ1E z`~4%fG1Dnt(qz6dckw+O-So?+88`ie!7#Z!YUVKx`D(sAY|sDnBir)_40}E=hd2Fc zbk7fF?vW^a+Vgo91mIRgHkfM|K`K3I7(CzqjcotFVv4zviMRh3p@9kR=EY~Oc+(=b z{~JT&;;qWvyc)(6W%T51)FE|IggTs1S4;{M1{^ySr4G;9BhSLUexnwNB^fNN1NrX(-mAU&WJt9yq^) zKCFHG+r30_M-zb5y8%9=$8nD(2BL_)o_z~C&=jRRLeMh*ZU*^Rhr(WwfZ=8!&K z9o7_kE1EXm=nW^iC!^-2><~K&>Y_(M1LG$f;FD*5V}Ss#iC|Kfj%4$R`*4HiHwICk zr&<!WlUD_Qcz2leZ)a0XkbvkA{)9jzb zYDU|;F0nV7SZBe#EEmc2{VbXGI@okJW+fCs&i~4J!tx7yAILVXOhh>c1$4j)P$aFFWu6PEu^D?xy0-$B8ZQOeesNIO=q+$N{FxrhG3sm}&;l2-f;;zV8WZB_&qq4hxPg(4dSWrd z@PUf)kn)jlL}GE05eqd+EXel%2dH#U1K-hVgl%j<12ow8t$Lk#I`7ik%xMD%iQehR zER(ypI`%7rkeFj;T;oIcG5;2pQ+7hGdOduh?jY`eETa$IDL?XvR@S=7%)=Z6)S{8- zNj4$Z$%46LJC(76$h};3E@bxrNoE#b-_7~aV|(ZvWyTl8j*9VcyB#|khcG;N7sD}) zNh=@E50eerfKjdV@1;0ew8!1s#+);zNATrLtq#;%4gJ%oRA@(ZLg#f-sN?lF^N>{v z&PMaKd@XphVO!-NGJc?Qy>G(@!68~4d!hdV|2yyJwvPO-qjUb(8N>e$V*Kxc`26pY z82*h5CXjsHV__@=2kKfKV$4^NuZfges+FP|E2&pD^7dC{8b5zg5%H4f*j-EdaUInH{- zWtdBEjOt5>T~6oha=LogjWPO?C?7rX#{ZhWg!t)8VojhrxzFD2(lead(89XPfmT>> zEZG&ZK*3Y#iXcO%rDOn;^+r=y)J^h$^jX(oKvuKo8i&%;>FZYhST8DsgW}LQQVsWY zC{t0L?2eWMphOqMPz{;i!)yxWLDMeQv}$rS@d__hhSDidI~szj^R5HbtBiPC$LOqL z@$bGnI+qs-)}*;a>ir$t;4e4B0n{O(H$P(e%}FIJfgb^om36YK?!g4Lj0 zvt&QmzyoC1Rq7PzFZMfZY@}cJB-W?3m~l~b8(RX0u~7J$MC`qh@l83Xbfsp@c-Hq(V_ zvl@7SF=Glh9SGdW`u!WN#Z+Ko##^1VTUU_!R$V=hu3v9ar?DQ;JgapI`{+-`11sie z$K-jTdx4XWZcVlw}%a`r88prm)P#+>iJ`!xzNAS z6cNvJp6I9TIyC-Ud47}=Yfx{hiRHvj1RpT4DKXCX9p&lcZE^3n+T~W}5#;E0YpPRu z5ctH|sEEd}PLpAtk!zk&E+%1Z(eI~5PN4g#{bju{{?AwiH-9tUQ9U^T;SOuODl7OD zza&e>rqPK&%ijZ}VxV5TL4CUDltx0U`yMDbhZPVtXiy(0A_6ms-&eK#G4jKd!r?n>OG-&Z0q2j-=2OB)s;@_w;!|+d7SEC;q+$n=OWHx|LJ4) zd^PM69=iy{Plkm&e$(12GIGx5*3JKVKWg1<(VdjjHnwOH_vg;?ClP(qFTZw4Jfu&A zM~sL%x^f&voy9}hMkq6J(MFerP$$v|t3?rXrqp2w1$8dvA92q>WjFeRl0W?8zq12k z0D1$U+70aq)Q>9Z<}Y9Gow*1Z-GkDj$iIdo|J<2P#Eq#V*YS7?6OH*^+TZWd?NODz zl_*zqwhf%AZYA0cz^sC3{j-=fE(= zb2>f}ISuIiq}pY03uCk<#?#Ps%5RKISL@$Hd%-Ofk>&k=w`fd(l&-!(zYmb#Guc$7 z)U>b&k04X~(p+tnW|B@L!5)ZZG~&tE&t|macmFH+*TC^_b`_H;UN++2Zyf)YoR9eT zTLk~U>rM-~)P~Ztj(-_HG5ouhFlWnqwBJ14=*dp`4c$dCsF}O;=$zq8?GIwJp{<$-Q*KBHGrsJK&ABg>aIsd*0 z$$Tr&=Z&aY8L7daRUe(SMCy*fa=Nkq`I{fZb=|Id~V zB3vx|M*ZA&cK9uS2dRe?UnAEsUw1muCfhsAmYF4~zh!1{%sVYwC-)85N#;9I`emix z%?yXtE)^}Y`oLS`+WYJBP$;dVJQTI}`A17<`HmROnU~LIgV1oyif2qx*o)2@nQJ9; z1s58eOlSc5WUq?|4KuGH=DmS7>HterXvl`&s%B>K;c5~=4oJ3;;2@NiBy!ReTxN|3 z51UDNxD#Jc){vu#tajOCYn0Nu(6hTnwT?+;4zBM~9-Jzj{jk#w2}R#yDF8I6_)*LS zc`0T8!Qce0I%e`4!rM~CgH*Yp4M<@@rBJ%h!on;LGI1`tje-C%GAnK{Suno51?YqN z_N6TvW%e16)b0}&IX=!O4_w+pDyx(KNhgW;g~Yxn_gg4A-^Rn3dc8L zKVV~yYo<6ICu1{a)=cSgN+D9LnmpI2ryoO~>`sosTxGRaklpypk)` z@6Y9=e`g|@8Q6gToOBv5QxfU*c`2B`=WQ$-V`U+3Q>b~AfVSn5fVHMEne*(;Z&P3o zPX;}0$Iq(9SSgpQVy~s+Rz8UCR}E|`Yd%gU??6-*Mi!_&Oi~ag?_SJcqEJ_O5<_hp zeb=sfDpp_3tItR_Fb{P49ZW;SkxPzDhA{Ynmj!O5{UK_DMpV^oi#1bi%N#q(1( z-lav=5Q0q$u1%m_X4W}^pgBpG$m?{8yum1uzY*Qk28sNNwkCr_Zrg&(5o7}Son^#4 zUIfFbQ>K_GHE2{SzmZL?%nCe9unfRK<-rFnJj8L0dd;DwpjoNXFk#Y=KLiLVp#viLYTAQ?yh&cc+%mw5+=50=Lr+S+;q3rfV zb~EzE#T+!>QT8DzU9J3kiw1I;dih^lqVE6IR6PJijTS@1(;w!8r*Sy^GMYv%N<|@yd(XX2Jw#{~6&m^Do{rBV4Q1Kywq( zpN(F=*Pb)8xZYu=J=Z%~t=hm8lVBQ|06dyd z)+K?*2WF#31tWJe8Ir}+PAc}POtoUCt9vs_`324UfLfo8?lWfuJ(0Z)0~rMVVvdkd zIB`#+gUs6_842YeQHf7yF>2!w#QS+ebj8QFI35EjnY0^J^__c;^B5eFn_VM^{v_wn zQ^u1~OKlJS*;4o{Uj3(e{rxW8o!D>*f)`_VkkkB>I;0>s@L)nEd{9?h5!R2XX;;uX z*Wz+KMR^6`_*sG zz;9Q65Rczp@Y31%?UnT%^l?T#6ANP}?{X+s^#W*&2m11A$?oZ14R#gRG(%+hB{EVa?MV$TMEyXX_t%3NN%@#dqxLxRELH zMW$yGs_@v|O7*X#Y?-GM+%rS>iyw>n-El{hw9EBm|L@Sl)GWV-88m0WxFV<&6N@I) z2c0jVaZe_WM|zoLN2l+yN_Q_)C>u)9597imsFc3!V*E$2sp!`D9bmUI#lp4O3$AX` z#E)~iD0DkUIfd4G{}XjES(f|hB8$6ReAbPzqa!J@celIUR4B=(lwu2Ry)Xa3JTCgM z@`oUhmO64aMHL#$n3O7@9gC{DFN#MW^!te|V{tu#7f~C<^)3uE8)llPAJHM- zrYx|EzK6#FUCpog2b>cc2KwaA#lMFQq8CS!rYB1D_Jlzm+?)#x7Ygz07h_FBm=+tsOJRU#kF`hzV{-+bk!8E2 zjJA^f=Pyk>fbZROYLXF8uAVRV_cvNK&Vpl*LG`tNputaZ7^>e1k_+WzLG2*fr6XEK z7}J)1;TZj(J|Y$dxKl#)8lU)I?4Z zz{_yJ)r+0VxO7C?{to5(Y>a`I?NSPJUBks(Pj~f!pIT$BP0y@9quZ@r2t`S`DIFpC zk6)Ui5jI)q#&-X%sG{At z`%k^AX%R!V36w3^{v#Q(p&CAC3ct|3lG&c=^dUP+AA(&NeGtk*Tywp25NEXy@)uX* z3uOWjf#pC19wQ>KrzyawKtwLqm8yq(D z5-Ub9hnKnP^F3*cFUh8%;DJ-#6EEUIm&aFo>s$Q2(fn!$zL+}+t=0H;pKiRV>p-uW z8A8mS$GuLM*xps>3iuqsV3)qp9|$!u*u2J0T=l>We94~FO~a-E;K!yT&(jA6LU)L) zL4I}63*L%Y5edMuyC{$oZvR1s7z6C!CYvuL1?rf$>7L+DeUt>%(4_dg|3TgVOVoEi znT0uK??WmuG>de+{if1o}oe!SwC z`g|*HI88Tv74hP2cG`YQ{PuN6hKRnOahgPlQ0HIP=pI2Kad6*V(}N$ZORSjuL&9x$ z0lw3B9bgCFJVOCaRxFAT&*=!1?&rh;MLnH?uHKyqSvo1YXq185D2xdp&;dRZqbCN!hmz0%d;mOW zfX*RiUCF`IVB#?c_Qrz8KjV0e&1wWX#JydSfqe8z#>x$Z2ZvY7^+-vUGG z843H|pX znzru`$FI=#FEzaOuLQO;U%pb;K3ts7UM5lt)|ej{6joo%?Wir zv@gw`YC&P(*6xJTR)%}o5!@Two#Wm$5!@SsuQINT;NAcn@1Y3KV6+qCJ^wWYqqyB- zWt~k;cgjn$;on?9$nU$cF`&O1{B$TO3La9F$Me-F1N2JpRxPf7n(=;CwDM~VmVsuR z9;$h!9++>kUbF;JDF^X~C8Tl6l`gqj9hZVPRt;p2TV;x542cP6XxLPbwhw0*hmDw4 z!1a%V46doMRWUeRXfJHu{qgPH^8MaZ34oS9OQF}_7S~=Gu(xEn6<3?kH@Ty|k*=fS z@vpkNC)gJNTWrA%?;B#L zm}Y4_hY#IQ)7&JU3=X}gH{n-N>GIywWH)?nqj#q{v?q>zF5SD)2wHIj_v$0~;;24? zOT5Lc8m7#$OU8_yT#vt_M=N!pd3Pm5Jp8{WN5osOd0=f3!B~ zw|RxQFV5{y;}KRPX>+0ulJ@a2BgjQ4;XT#WZTFr^al`7HJy+v8T#W%9cU=rCR}gmR z#oq&Z7P&z%lTZ@jO9!9Txc1+4tyl>hj_O;030)>yF@4E!G}Mrk8>}S{(5~=|mAs>_ zT`I=sJ?8Mv-@FPszZv=S{F;(wd^-gKN0KGEJ2R0Rh05X@H_*cCtw=&H*N>oqWC3iS zMRF^rdTD-2xzxo0VjWVT&_B)`?<;QnMxH}hQf5w6-@G4ZSV$3faTo=9?}I5IYwVbv z1t&br9P?mo9_fK!TTQy5bd3FfT-z^6-Y$BZM{F2D0gs#kZ}{{^G*%Q`)!u+bcC|Wv z_ts(d;_=VGS?e45MO9aj2(HS$C4-cr$DDF;L#Tk_D`BnjXGkII5^PO2VZ9yGu94)xMTxt#q^YC1y4dr%dh;d)&s-NB@&gP&{F_+=}+ zzF7+Vk|_BspTd8IlDWZC$`g)aXQ$@$!mF$Xo8oF!tHWq*-tFnCuH+XB-O5vt5}b=c z^Q)LG|KGw*%u45_fb241CdT*%UUA`v+yNuG#(eB2k~=cYUnet$nGVT0pA8gU!Bdq3N4pZ`V4F6dAaYzNe-@3%!#5gg{h6&E!&>33#m0@)4k4o1z#EaZirWpp!gH6Vx+ zYsn`mP!?>HPq<$0c^1GXSG|;4DPkAYa5{IxT1|JeW+qWHOAyg4P|vGny6;m@Jx3nl z#I#KXU<2;|{bdBS=Y~*``tk2gI{%yRq?k|YU38l#l+DLIo1;D-t)Vl$W2uJcN#u9` z{5wmK;{A79G`MJVnd0~s?I+XMF6wRgWmSraXUD?E)yrTe`G;^WS7B5JNfth0>E&Q% z>R{g0Aov$6*QRqXifDi8kH4|2;@g<>30@CB*GQ)=NY+_v=CTk~z&UKWnxUWz=BBRy zt%-T1xW_QdfK87j>ep*XL-+lLJvJj$?!udwg_=fDBZ7C(59Z@IgHHEG6gYwtwf6Th zvHOEmQ{%{ob~_KriApRpyF3OS%yN*77iQKmO+ z=;YDso`9d$9H39n=b!fGpSm&i*tG^u!4f^JU+0H)+hwrUY)OJ|QT!w7D49C?GtcIU zyXyw^-!H(POf2&+cg1fKF9bug&)nT()E#Y!P+?VKChH)3v!0LZQq={$0K4WsKYl|B zZ>Z?9ChZLVU$OZCcg6a4Tb#(S*QgJrumDaNl06b|!SyeOCBw*Wo@~feIi1eK^P-w% z)a!ivRFkGF8!p97`OrqZfH6ckFpS&6$GzrKK5psec>WAJ%S#cKA~rQUkU>I~x^=c)=4;zqpc3Voqx;T{}>fDh%jMe$*4 zew#6{*>y&o82S$3#7$^YGlp=Y=U#>r_e#v`Ck&k5U<6YPVxR-T3H9QqGy`s2AA=j; zyiK_Ax*-FNrK3akvOIQ6K=>2t!tv*nntqz&&%}24gAskX?@3Pg*d=b~fBaI@nfMd z^r5@Op`;B^&G-$TL!RLdW%2<0XeWMD@GvUCh~RsMgf0Ruz;gp|))#$D_XX;~j3(V< z?WM}lO^&LuxhC!rdHBsXjYWaOIL4GRAx+>Jk($*2mO}5?B4(OyCbQml9&f=GA*>k{ z74hQHM(vm0?;Ktco}Op6=k{wxTY4+yw@<3SrJXIkP*yC8J$Ra-nNzSOQRH2#nU} zxG!qg6JxgK1c@+eq~3vucH?qrO0kE%;bfuo4+&)L4zS{ur(~lPGx|47`WT&T9-e!v z?7ta?_RTqwp$&wg{nqKwuA-r>yb1VEpQ~OU5`B+Mm16(R8@33g-%&(iv*!vJPkktr zEF9sS?@LKgqd~Ur3^idoW)wAEPT;^JWSbWwGr)f4=7UQ9p;&T|7T{l=yh|;~JfWSr?==ilU_FwS51j0Ck--{XC zEcH8Pz2X4Lnk%E!3MeDWh~<4LOg)R-GQaxXh7;|8@ z(5UVdH+DrE);CX)vC|saY|u|K6blm%ZsjPp=idzb?_m||&e#BDK$^dF8a6$VHC=wW znS27wf9FSDUovF?YFkY32Kh;sL%4fd29m?S&Lp8qD7z#93ywMEi(nLQsZ6I!$xth- zYR<200rQ~}2r)OR^Ra?FHl2FPhPSHYO5Sf5Zg{LrspGx~Yp!H=;6EoY)_PNYqRt+= zU}6tsz7T&BF6PayXXeM7o{5Mo4oqWFsphIpMrQ_>U~dW)#5;KZ z%J-etzex-Ji7xqA1RmgDt#(5+o^M`bnMkH4vZy?3u4vPOx3}VQ6E3-LM}SJ7lK}F{ zb|!#4H-!Wc&%}^Nsv4WEn`1ulTAR^G$}pT)^!Q&e9L77K|1?w&HnnJ)D$ih9n2!-G zQ8b$c=I_I%#$fOs=T2_*Dqbrf&vIc7#KDN9K^azE~#hoHHU^|X7ki0l_x zy+bWR*+6=btWM=Nt5hXg8RJ!GwJE?19S9YucYW8yts31uxanC>wvc5TPE%fUb?$df z9L7PA&NWJt_fy2!g67N#tT~QGB?lc&=89|E?ErKIEDSVltk$^{#f#Y3&cE^1wzI^O zBvxXVLrGO{-=?1@{XkNZ=-5FXzjqhZS1?dn99p&EmccN(KkN3-eVa60aXk3eGsRns zV==@fE}r|5zP4(=bhe{_zL+aqffo0grw7X4KsYxjqX@S@-|U zi1lB{ckSK=)Ovq3jpaEk*HeQA)eZD&<#J#X7Kpwl2h2K+QQyqENt*Xm!qR*^14Q{V zbp_Ow12$Q;$w%|IDK3jGKM2!K-7SJFI@*_JH#0xE1%dhmyL=(L`jb;c*%~?*sB2b4 zmxuOGFSoHEW%zIeo$R`w-H(NJuW|Hgb9~FMA=g#$yI&4{3^fUItT)VU zNxk88&vj@m1^}Hg2>`llIdf;Yo4AYVRul|oNlI6BZj~;YT#H6fP=5&4e`z^!6(pGq z4P9!mkF&(OSy24T^FYe$D{=7zNqpf;ZFJ78oQS$O4MgOQB5}uDU{e;mq`bbi&_ZC6ECJ;u^Z zGczqeMSEvTHj;g;@>aCUFkWRpNi5v-5b9#Jwh57FO+9$Eb*yv{l%9x|{%&HWPq5O# zP0El8X(C;K_C=_KA3s znQ2=$s{@$gCMhaQ#7`R#N0zrEWvdbqJ9gUSZG8D>C$r_hla{j4J%G$KeavRCU;@i$ zFg^h*t?GscJ>__UHD3bd55Cov$}dk~>xU_xMBl9m(2ywD4rAnlgS?-XB-W3{TF&Av z|7K=iQrJkw1PznW%HxE37cm>FMhADWPkiG6aZ=#Nr{meT8_dKPl7^rvxQ^BOoEQF? zH~biTz57iz(o%Z8a)ohdvuJ2;G;n^Ae?8O8uJu;lkBToG)qFmxz28#1wLsQC}58C*&_udD<7E1QX?zZhPv{3jbke!D?r&>-9sp~^b`Rd@E) zNHpKae!Aex1DGFBfLedywN$MUYhlX3^Lg7}!Yg)UQT!wTUvLY#h{T>3XyIo!^Mpt{ z(bMPAUrte61uluj@R*FxK&_*=u^W!~mme9AnZQIc9-l12XX=t$_UjB{hnNY9B~mS$ z*vu4O?Zj(r5#A@S5xYgikjq7)uQ1UYHZOJJ332%Yz{HW|h}vV~uUg&~@0K=srUi>$ zT@F%neTt0^G_xm#a&Ox$_A>wSjL;nVq<+G$K*aqrrd)+1Qkl}AUUrOy1s_8vT-IDC zCH6$|>eU>^fR05DYpqeVLWjQ3+J_C_9!k!qH|nrP7PWZMvu#G*K6168qdPj-=2J|D zh^y5UQ~T&R=-b!ysm^L%$B(#Au7l%t@FI3RFCZ>ynH5FXxei58t3K6_M7x6>=TBjM z)1nA}&H3AU6LY@-2-rDSv*3?)kX;HgHzI;oGd^WDR~XUgS+cM>Hq% z;{SpBcTZ_(iG+=nK<*B$ir2f&8Z3?U-pWv>J_Z**;xb`JguLYkhLE2zl~-8(+Vv~5 zYW$>8PNt}!NWq5PxX_9`cNiVN@&=Ba7KdqZc3`2}u_X!c0 z0T`PhpeB6W!~!DOppVbkgWHNRZ{(`bg}_9abvBc4-w%3Rio8-nEi9aF)wtI_VtDNU8wwOFw-eRlCBeZjFf??u7 zF!MPd%lnJjSkl})V&M)JH5kVOoY)-_oVgbW{Y*C80zi-Nq4AUE2{k^?J*a0JMS@Q2qGdM&arsmvpHZ9{XJnY3J5JUp1Wt^}% z6D33S7WR6C=shl6Cv2WPkSa^}7z}ncF#dg#FKKyEFHx#2nhOuagCc55W5J4yZZ0B-fJR+cdg9*F^0_pvv(+45SvTTYi9TGJ9 z+oW;3>3_2-qqOawP^6_7*~>gTAR*l=oKlD1O|N>g8hBFQHM=#U#exb? zFf=V5<<@hre3-@+ml4}eJ4lgn6_I!1F57M|JLKsn76d#);?-G*b^ac&1Z`DAK5sZ> z$*bPVHYu;NVBg9<@hW0e?BH!MB8LwXVpk+MXIHB8Ex%2cv#9m(X>BLhWmQTS0^8PsSO1#422l5dhdr)XGhv z;iH!&uZI9#J*!m@0IE0NXBPVLy4KN1)x&R{LQbJ%D=t}ltx>1=KM3$Y!E?Tj|6@7+ zi>p^a({3H{8$vh4L$CRK^){!*L;QZ7BR=AM?@n?4EyV1K2xj;046{RCBU(Rx5uo*h z9Ie~US1j1QGN*H57s@Ff5Wn;RJ^zojNelIG%*LP%$np%hh(}n7HRFzNzrj?va;+`T zKyuqp276gza|xNEBbZ@OZm85AE$o zb+=OcV4E^!D38N5*v3paU?ge}X75-S&!4Vy{u1!Vh4kPH2?&GoHWeu^tYyZD9;^EG zXpE1x#Z~qbNYNqWGj1MD`qniLBncP}20e_5(?#Fp0ooX!bx1GY=bOe-<<<^yE#vOlj$G`G2CS2{4w_Ayw9ybCFL zY*Vc{jJ~PTvz3-av)l|H02boHC?1oPcY@^1(*usPtO+O8gD;%YY9M>a7 zZgH}^mjJo6*?|fr;Ekex*(&&^3}Dy>eWb(Wtil>A-e)#=+pLS{d)Sfi?aRzj7hGK$LNK2dfRdrTR?anCkI%jSjmic zpBd2XXd&Iw75+H8ro-RKT^fXGwfL?J%hd`m;IE~N!yCwT7SwoZ3j*%(Z)Br2-8O8D zvO&k@$95`dJzV)|>3XKvU*MDT4CTW5%&y|#Osk{?q=ITR14ppIoNO2+!{@I2XsX+vBi{^UzhdVrte@O%9ZaY@pU^LIQ}D*NIQc@N z`>))v|LpP(+JE~o7omFpaNKQ`Or%A8KF;Le1?urpwCl>h;7Z*!7>wO9dk1``it=Z! z+22dgV!A1e;uJGJxlX7?g^7%KyZ}$3yRZJ0Wqn0!;gf)os`~e9=v5KBbi=y7DHio{ z_IB`SpXCp>g7B)#Da4;Ib11jK%^ynT>Dm^j`4{IUcQn`vv=xtqu3)0^WzfdUyk-j3 zr1$PD(%qPwvDhWotFQJy&hp@>j}QBmoqpw=2`dJA$ix&NhfW}eHf3fZCy7IC7#`P& zbdktn8Y7DnW9;i=*TWjaAE7y~JjLyhKX)phq?5$^8rE=?9Rqs!`AD><-RdgST!O6? zS&Qr7jcx|A<`lqBuJRVUO~Q-*vO~g)0c$`gJ4TWI?gh&IHZl=n!PhI&e3s$_qJ!$n zxc7_8`AKqV0`OC>VzWS~V1)~9W>qeul(e&}VfCl0cjqD*`x(lX0nSLWXQ-QG#~X4P zaq1zN8{`8H^G*zt;~5crp;PM@-F^@C%i_m4CyeVuP1zyfw!7N|+je{Y9$Oy1u5ihF9ZgWBs65RyR#>0b7mICqdtG_^ ziprfP4G(>X*WU&^?R_Z^q`Qe`vGFsryKjCC!0)MmBX4K4SzEcJVT4%?WVSrbKzA-R&>fdz$#CXF%?P=HN;$Fl)H72DPwv*B(-$~!C7L0{+J=b$8*5WOC?(`Q ziB~0Z3klN#&X7-UDBzk>W+LUCFU*wWPQ@b$YY-chr%LHs)C$MMo=~y(R4)Cv!6yH} z@_M5am&@D$>x40PF`Kuw0sf|0;ZLT(6MPFW`M?+nNYu z5O(+b95dcq2PgJ2N}JuF+Ww9@lBV5Sb^q!M?2`lGexwAGPuY~$2v&JVi?4Uc4KOXb zmJsC{yL<}JDcdd|7QIboQQIX3w0@$tT@1AJv&s9K_5q;tYx+Iq7uM(Wgsqm-PaJ&6p1U3Ymgn>YcuEDeo(*E&jx*7lk54yh zxXsP#74QpD2zL@=I0|1rr3+2=-KQvIGZ0_30Dd>^v!#9q9Bj!}YkSd!sKh1lbKwLQwHKyKxRn5iP zzVW$gFZj_2O?p!Jmr-Xa=XuAq9cRy{gW7$=Sl6G&XzLUha8)6V)#+PcMLme}16mI? zIlNVrqh!SoZ1l{>Y!ve^Kxatxp&!U6MSb80HaOJXo=`vTeLS8U&YA2tBC!O4JmCd6 z#?#xyBC@R6)xvWr6*^el+7-K4B)Gv8CKdhN`HO!1w(e&BEC8R3#uUSUYhrP>pzPM# zmUt1`B;R$p$iE3Lr-(59kFtb_?s;K~dpVZImA5~T(I0AAY(46G0ua^@8N0JKy zD_+M_^tDF1BV>4%eS+HX0d$x$U~GtKu9u+#M6sI`%o?Mf_?f-Eojj+DtqCqUydsOr z3oQ=CDvNlNBzmV?HS&x)ihg1r_ey3)mzR>orprXZv8dZ42a-sLIER<0g}*j2RTVt2 zk*#cCUH;O>sxa-?^cwcz0ep-1CS>|OGy{}|FkQw*EUy|fl<7t7Chsz_!FV4GBn#%GXXo1J#H3lcQ zb<_vN_-E{dW5!*8C=I)dY#^8YNb|e^_lo43maE>$UYw(($jQpsp>oksW$XyKXaw_i zXfV2HbYeg6Lb?Tn8WG&r0h=aW01mV#% zj6q#6)+&^tSXfX5Kbm=-$LF`VXreN85Xg2I(%{jnsOmH;Gh8j03O~+IV8Q9G<@TiK zB(P84-OhtGn#nTtGf^oTP2PzP}!9;-e-B6?c^gMGymQb%_Ir$o^+bOu>%_mV{n*%Es}GrjzB0^)T)8Qq5hU`aVAc& z!cblEmpCX1ZFdxVu1%i2)*=CWgX>!MJ{bXf8iK=l9O_qUDD8n7tidof$0&peEFue8 z?I>t+XEq$DzZ!?r%z*1{D5Z?qSp5JdL; zpMqNnc~J5$_5(AyL6T>#6Mc@;vTFwd1aRVeo4nVFp)hxbh5{Rs4m___nVI7>?*vFV zC5(g&uog=HY1W}XU89>1ksWXS#K)G9Z1dvLf9=(d&eFkGRag6)Ems z7Wm!lGB?@f?;L?20a?B;Qs(rsI)ry?oaQ5Txz!Q)CD&c$XN`tp2oaQ!B-X#HI zN#>oBGSf6#N$UX^5Qf6foo1MF06;uiSu+^Zv{t9jk&d1gUJOBr0|V5o!#(VVXNUO|E(b(HcDXlp2%T7ft(6FEH9*^79-Ualxtv@9MAktM8-Qi=6RJLG z;wuU3YQs=6iVL`Ld!2~uX@zZ@qg6z9HGToZMa#@^k&9D(t zYR_o$!@R3B-iD$Jc$DUxT>y#z~UT-FY|FY z94(H5FBS_gXmat9Oanne3}24;Iq6nSGX@QS6JXT!H;VAQDYJV zKO~AJM=>yjBXBecF#Xpt!u^@&;@=tPrq2}))xv*u_&6X3|K5{>FOSR>LPz1>Ap9GG z*Q*BL7pv|$7euNpxvqkPxIlNLy9$oG@3YI_+Veto-xQFVx0v01Y)Tige~n$q7W;3p zr*5~&y=f9KGZ-+45bhE7ydPn?ij>Shiv732l9W@;y+GFfSfot;qlMniD7WaZXZ#U9 z4k0nTJpKZ$$jbcilr z?}VA*^cn7>^_U+RqsM`IYI1D4V=H5D-`+|gzL0ia;NY@YdKpN+=Lo4Unl%+$R zzDr+V((f^lSB>}U(|}&4^|uS}0(CxuVHomyll#y(UuK?Nv1H1Ar#b92`vE*i4n^6L z>F{o~0Qz_;LfzC$fVU35Y$mzdA@6YdhCGKyq61lDWo#~wYyV|$ye|s^4A$I?M|@tD zQ%NP|Ic$G#OWLA5-y{&rGkZ+%Wj={?##OLe@M6@1=tkNncx8g$Hc>uk&#SQeB*5AV z!rBC}zu&I(wD&({Ppz=Y=P<0T1gx#L6>MkzS1=9|sr^R%CLr=dV*d(2~Qh2GA1*rLCl@eu9NKG6dmoWsK-eztR2$QdYj%pX zEScLXlQ)6HV0O%Irn|JTTG#csR%sh$-k}e5aK{XH?e8y@DTVfeZJwE;u-+tBtUlVd z`qbT?2_xovmWtj}7U9tv(reX<-ip)wj<5|^G2burTTS~xSTAW}Ni(WOJPS0xgWYqg z4!PEzx5r+#XZf(ueevKR>-pb)Y>YT?plSdcfKK4cWmjXzt4El2crInPg*JJg`fHct z(c4kzcoTMfAyAw1ML=ojZ(F?H@Yo2gjaPy}o`Q=bm-xE8QPPZ_ldCel&4upE*n_9< zh9MNQrKI^4cy#wEX{I1wDI2b$*E9?G=Suc;b!>c>_B72Y?_$m#Osz4L;$L>*QTVnq z*A4ZS15GS4FN+|70rb>y^sb1EgFWc<4Cn6aUp475N`%s_ERHS7uk1a!mQ4WO7W15v zFVyh^M4`I@O<^x=2hqu4=7OrC0sZizJ*(ffIVQ4o)Z8FjtQ?HK3pYygErUXn7!AaI zG3o%*p!ufxIe1$GLz%1|XPeo-)Oa{Qjj_U539~w0&j!8KNo_{`$e(4&F^Fd@< z-Hb6hl<`*e1NI|beT)6bR$r}aGQ{LLZauF3r}xWFgYUVh6b?W#DN6$!iq)kQW_!c^ zR?J~~2md~1lu1ShN)L>4?o`HPqe|e*WUl6TpUTDzCVM+cnKTHk8?Faw5Ch*jF$_Ap zLMCg^ZCcjk!8s^vTo+mikJ!>j$z*tczur23{Wtb{x~r_wb8%>BOoOZ~^$6LFy05Al zGeD0KlTIOb;q#=gX#LN1Dv5?~Fd(QpEGg>1)Cv7Cc$?M2d^{FRZ|zbhW;$u`n`phWvH%PA%*G5jm#(n&CycdNig%apJ3Wi~&ZzI`Uo|K!!TxBbJ+!T$gx0 z89%&pDoe6)<};kW;(A2Y`TGz-Fx+D^yKYl&+>dXHFzD4hry@~q$6OxEXQXaYA2#u% zHwV-Mn0dCKMJSsN{RD5OE2<^H3g0)#smvXW`IesagKQ6zu?Aeg1wZMxRtse(c!2v$ zXrKqw#UF9qL2b0d5N5pwFC>cl47;gmYkI@JkLk54N!G`?lvGf{-aG{ZCOY&~u7t{>a z|4^3Y2zaJY!~#8DpQEAA7^=r2c%Xvk88)#aMqu(JE&qEQn+V-gfd>I?9E z?DrwV_9AD&x0tT2AcQxr^5N2IPgg9T@FAsDV_x;lIf~iOxe9)CU+t1rT=fTfk#_3J z&_d&Gi!;I7z6GE<(Z%-fACU^HkSWV+XqI8rboK2+6CHrN@BI2`_-D$fOp92j{xKcv zcoOX_^3L`Tb#ZP`=lNv~`;p6@wYU{`wY3*N$}UPcn6a{za z9++5cD4VB~46;tC|M-&T`2nkdg2BYO|CCn{tB%buY>SizK|;;56^V^Z?LwK+Sat?;doS57=af1uNTq zIc8;%RaA!Bm5Erp&0%h_$={G_*&GnPdriU&0F&J0kblLgqvqJW z7Y70jSaDVL#cOi_&BCF=I5VKMH$Vkf97Y$G%x!X0JA6rpruRC{`{m{7IA(K`0W1?U zp>Q`8igF8YcC>FqIt(_Q!-cN|!KHM)-mQ{C+yfR@SEqvP1p z4P)c?S30)P?o4Al^VjIyW0qoBI+ULxQ1k5_yA%sD5$7Yb(y0P~E1NCFK6zm_4$0ic zm*OT|iX65S`|z@aHOrSG8-Tq1tV@x3#-&K_WV-1w(>?5zzrl~83qT(oj<~rPIXjG4 z(!v)KW~_|PwkzrSE|<)|;^!gi`w;6pCoaW`3L*DuTN zjKuTx!l|_*@wrHel|?{Mr{_dzPP^qi^Ug{?<8o#imNU-I%0{BbSGAL^l@r-o1KMvb zToeFJVfvZ(R(7X*E0e>OkIsl}H>Gie!>>;mhE~IfXutqedEp?oLkP>#`I6_v9*UxG zL_Um_2IDYq;mershoykQh~^XCS|H#DltloO>A2}L83k{qAcnhQJBKcEIvm>2yS(sH z4wp>c*RSl*=77h`a`Scu*>Rc51BfzJ0Ge2w)v*Eh(DK1L9j=8>vaw?*#=|lv0vO== zaa{mq_}2SIUO0py@g4vQo!RhJVGcX9D>1UN;mjT(FN_=C8Te!QI7aJRlSZCMH2^Gc z*s|!Jxod68IWD^1uTVy(0rul2;3p*xobGSw&|_n4lW>Cc6u=E4rs1I{FSG(%VzJ3+ zS)ML=1L>mI--=xt0#0+?Xxa9-g<4T&JYkJgobk9-ubF13NrT1P80_pdmSgVLIQlf* z-i-t8T^c=J>Eif=hZKXqt8%UrcrqX?0643X0LQDc9DXmv)NmFCr8?Au;dL{+aF@*A zVEz<%!RQ3w)gh;Rh`)f90NRA?Od291fYmB5w8-WTfPI(%`x1%}jefHy%Pwz0+Y8UI z;2LrX3!?f7S+a9+6hMw(iJfvSLV&H41@FD>zUd&*R^XTJ8|`u(8i2^PvG+;Ok5+~} zH(FWooCWZk4e?}=ocSCPH^ufmpJv!;t_2`JXJJ6zl3*{W^Y}xFHo4Ydx7TUBC5gi3 zFAxj-#WoQI^F1)ZmE#<89J#{6nrFzE=$!mRqW82#@RFOq{IiQh zc~dZju>3O@-mLi@@@{Bp)p~o`Pr{nDEGw&J(UqdFxHa%gf)x1P;`EJ8X9jBOz+aDP zqW5?ri-bu%n?Y9fr=!MC)ILY+AB&#(d{6seM#1k+9>Xj**<^K7b{Fa+neU%Iw6%6+ zxRZ{b!=iFCoEEczXg_Fi$*1XVA4;6&UmWZS>K%2Ne{{*mc^S}ykbFxTVv0?kYn4~R zjvED#2E?cY#Ha+sXtOMS0sR6=TZti|>~dqw{pc8F#77eGF^46&1)CZzkJ#+cs_X@A zxc}PP?LR|(tcZJmj56aRJoyhw=9ba&jLjBoWsI`oBWtAMip^HNW}2ZU4c+0bvS4Sg zF)(?GI)sG6ar45w&=I@bgfIC0mQ$HhFZ!fbo4hO?*9B@NiE{PIO|ZNxub^bwfZ9%Z zifRW+hD*KJX_G?$`!I%R`;t4XMCMmjXfd&m(Ms!+V_2Wp+OJQ0cq?6;z@EefH%gx_VnKFsYa@g= z02@I5e-GZ>fwOlI=e`qK{eJ;(E8;Hf6IFQh6^wle8zYYc9S9D{1qk#41JM13^Q@{c zErR}~6baL7H>Kl^KgN7|2wp@#r1}0YSdVhP9%+&FxIDDPWoYno z|0y!VYryfAVp0fE>1tED1C+MuaBf1Y8k>AId~QKl6P(*nmdbpHi^_d^ga~djmG7N7Q{-~krw*I0!`S<;$5q7+M&j9R3eRoq6 zno_49$9?hWo;(KaU>kG?MXer=z6Vq-m=b-Qx1C%$>W|rHr5F@Rh74%Qe|V=Im3g z^5g+Soh)a9lRMn=`1%|0V|D$rr!=Xg5~{D3N~-XcRI-Kr)26j)tCqfj5o(6VZ`|Rn z%w-+8<8&Z5sMDc!eOgjGpP=^eCnF&5sbq8#+{w3o^}&VTK&ilFG zS?2vFWn+#%Z=Ca)r#mbdoo-xA$oj@5mkRyYzEfM8O_J3!BnU$?Zpv{^t|Xza|_b ze>ze7_j95sthZckms`cv$5L$ak<}+sg!MJTtJT62et&&Rxjk7@#>|r#d?epm94#J{ z3|lE2pRMB(`drDF=TBrY5?GM8AM0Rlt2AU=kL(Q#>(j33UoEVklHxtO8sGeoT2Y>P z4T!(4g4047rjOMDG5rkjX8sfUc{ih<4p`^ddEn0DyKY5iXt=>jGaz)oxb7_I{ue~| zvGF@XT6(rE&N>4;@b5p_DP4`nADr%aX8xe<%;ouKDZlM3<&U4GJaCrs6K5&!ubsL4 z`m>amoTdC`738B-+h*Hv$<3L$Y5_+t6V=Ta5T}Wi1W~b zH0?91i5s~rH`=KtM~yOG;6@q!{f%0OC`Ik|=TL(MDa+J{`_p79TvQb0Z;<`Qc$^eQ zKt#=1Av3R0`@(2&@0m<~+;ms~Taf<2v_97^_2b^VKyQRN7i!4O5{Z(TiCVYS8j~nI z{&~{Qe;HG@&Tmgxpl1pJT<8);H#>c|sp5YRKBiUt zuffNK75^jncyY!5ReV$e{}1u8?bH7WeBAKq{~ml?@#+5>d_3~${|G)l|LOl#d~DhL z-^0gv>${@k`dVpyt(~s#c%S7oDX^Q0=9qFxG^sk%nycGCiNE0M<1hIC^YNbd|6}8w z|MCCac>hnFKOg^h_xt~y@!j*$|L*ba*!15RAD91rKZAV3)3LY97w;&jb$4g(1TMK+ zUApI3RB>VOAK~)b?`M(UIxTOfPf?c7Q@<#t;1uZg*q}bL$!h9EVbU(YJw~;50D<3z z=Jkcf&y4yrF3+81yytdW9_xPrEBz^@b`b2%l2^-EG$6hl^*1g@9eA%%3k}O}ba=zL zo-0_^ppE@edD3t9F$y`;M-GnvePgN>kG}&a7tw_-R(vA- zM+%ccJe|7DR@8ybh=XD*^3&#p`(ZuYLFkKb21?c%t$Y>R)hsjI6?fu;i^5 z+~@L)8+n+08t>wr_Ky z-ewgIr+Ajr=UFHDrp#h09=zdto4)nTihcVGyj}fZZn~#XGB@#_)Q75}Dk{Mh`vOTG z9GVh;5$19%`qMhVqO0*^=yetbEE2H+bCZo0lEpBp+<8nB)?WwfdV)0@!Jv|@;kZ#Q z&k~;!@P$EqIpE9KTq&<|aZdbk&Oz^m>!O%~-Ff;u3wAD<+&OlIdY^gHFTP7Eh&WN+ zFd!q~-#kExZ1PC_pn;)bGRMNXh=k)g4juy>-0Dc(fiC_rI5>wh%N=pBS$$;-qQ%U0 zEbxtb!&Y3{1Asc|9QpiPJ3+pSPH;qdaVx_tr}8#az5jp+R=%|p1pB3de>ay}E?xj= zw1A-zUZqZ??>z0^4%EF$6weg>^v7tngDKtToXH^wl^aZZ5!Z*iah;7H2#TU?FT_%hllDjyD|Tx@?I zL6dnVn?>nj!Q<66|F)Vi(qwJ@y_##|5o z)jEB5)QTH(S(-d_pOfp=9`7S6K2}aBepD?5v9|ING7%6mKAeZWQcg#9A^*s-=7=L&ex$l4u#_x$#XGZxU2q+wD3b*6#Pgi z-Glv?RF&&6IEmj1@NJO%jANP%`{`pGD;o)+|5^&N_#q1w{>TD-BH6|njQXi35%~4k z0-vpH$DARxQR@F3D_jt_a0L|Nh~2|s@h6(u%R6x^Ry~6E)7V$lBl@P28-zigj)|=$ z@29gUifrlAr!kAz%vy3)JE-=>hIqRQwMY4IZoqv(OX_(y^h#WRV$NRybF~RM0QG(6 zsrIbkneKxJ3Xhy7z%867?{WIF2L9O7 z@DsAGCA(mZvEf~gtNAZx-|Q@SnC|Q!qTC`Sl?+~(m|NXZbxaGEP?wA@jD&HlTDn}6 z&7pfmU*WIb@NbLe+b|_8m4~M1`>}1$jiOKb#oOGlXd+Dy+4v&I?6Blp!&={l4u1Dl z>5Qq*!)lXnCk^5WoWp)LY8O=b9UL32Qyu>n-D{eS02-NqV;8xGKrGCbp=F6@7(~Et<1K`D>Ier z(q-T(F;;alMpU4l(63hYRx#eQfPCPA)Ge_}N>?cNtP1*!^voKiXWckGOL+r$k>U3I z#(0(VFc(Mv-blHhZ=&Het2fZUC)9E9FH5l*QAI)j=v_a74zf$h zDK@}>H{5qgD#$rILg^sqz)oN-T?{QriY3razEirL0OAI4d-b#yH{Vd!ZYtmY_qgSX zS+4MIvv^M>d0;Kjlp8m)t)dfuM}uOok_D%y58MJKrv)l8<;~L+0zxkEYG%(l`Kb4# zR6v5QR=(aEvPkkmYrGW1k@1$*V1`}TC-6^zpl`PZJXhEhvu${S=VG$Z?~B&X?o9Zb z?CFgX7NCxGX7E`cs)#zU*)JIl5RaDZe7H&5arXUf=V3Z`srP?)W!h~Yt)_>6zz#EVT;DJ)d}QY$%WhbVaOwa{9`UAxoxOx^;EN0cy{ z9`rDj(gwn|+6RMDe=ct#G6IxAttiJ_iME0Uo8WA4&8}o=+SJ7r$Dj{GQtECU(~mU0 z8jWexE`~}c`dd43RxA$);NbWWa035&`7{P(X5hIKBbEW5a%m=JymwE>s5cx|^82Up zl^xFCp70$7^GDvOKjH`!TuKzJILzRvV^EKO5Fo=cXgo3c(4AYYfo>-nSNv=@8_XA$|Vnfna zKN2mgJrg#dx?Wt}T(RgVXFtsDI$^!Tj6~4C0d}ueatc{pPlf0`(oYN=N#4+kpOiG? z+eL4Ak6bIJ)`%4RIrJ>G-7vDAR2>*&fH#`B$SbVB-Ym*{M7>#&wJVg(#VBp-9SNem zOl;ll&oqt^zGCfiaEQpY8yFtxhy&|qvA`j%_N)ZOAHj1_>H z!wy5)Bi)hfZllWDeteOL@%X%=#H{ZQ5#R-q2M7 zeLiywZ#Rs9Sn6O|PJp$!R$rABS5XV+q&4ui(s*0Oh7$}8CsG@cm}~L$m)&msj`rK1 zzPngl;)+h>VYB!94E^i>Hg4rGSYS6qh*h65(dDaP{u z0!6g{M#)ztS>^e}?I}*53mD91pu)Z+3a@e_X3$(V$%$!@e6BjR5t?umR0+=nDCZ0D z?!q$_)@`d#nLU%@Q7}F6?1~pKaWPX>*~6iWj?aif*}Oi$FPeR|70f`w5q6lvdQeyQ-O<({zRelFH~oX z=>0a)C0C$-i5Li`*yNpst9Py*T|Ok;p>1<$+dV-Cxq%7YH(4aslMO?jobrF2j%AULH&n@gZOMgBE^U1OMZls51 zXrh0zZ-i@qVl%U29G%ijckPKUR{Mwhz>!<@3Apa3g4d_#sx z-pW?VTh&U5G$e1EW!0yWxfZj9$>#V5fKmS1JhzHI@+UxLPQs$)zR_k8L-X~8C72t7 z55W|SC>dU5m#dea@HQuSlDz)JnOihJqxmax`;#slzI@ml#!$hxw@v`7U z7+=#VY`!DKRd#Gyl2g7Yw8SRYH`Xmo6{}LH@40q7?vAe#S07vDo(gbS<(^JyY*Q#2 zI>q5TewyZANb`3^=3nYJ%>M%Bbu`q|TWs4QtoJ(t$E}Xk&+MhgJR6 zjrU*Hh=4cA36u?{B|p zKR{q$_rX&HkLz$3CF3r-5C+<4H|2VUGpid^Xa9|@YMxELoG(mY+GYzf;U8EDyZpTv zXC(%;TZyfqS1}a=G>a>7KkIonn}JJ5!PuqvH}mZq>iMV0m*N;K#a25k#fQNgVzc8K zK!lr}RxX(XqqHM4gT4P{HI+2~06S~tw2hDN8Xxqf(fw zSJ1M0A2`p{F~skg?B%L}mb*~2`8#fGB^hHKCs(Dg?2nD`GnwD=2&L=UQ7p<|sKf3h zSH|*JO*{eX3AsXj?cOF9&DBRIJ6X!j!}hx14t@qofuDwVi8gr@syXf$NdUMV0Pq9P zvolpvuG0Y!)&Xz>&d)a`3=nu?_GvA2rO4D1Ko!eyZv`i5l#R$HAH~RgFW!UAu6&r! z1f{NMNJ~BEI)@sys%3q<|2$LZs~vIU@5koKgmD3%wjJ-$tL)WG=(z$jnT*8JmAycu zI{7tIza&p>!jvk(XH$@4t)$zFhw1k&I7M8u_c_cb%W6c~Zxd_*n{59=^V3a`3s0$5 z5RvLZL^=lDa37v2bvC@9Rc|>7Vx$bT<(N?Z1hl6VH;8hBQ@Ph~zr=2`o5Mu8vYvop zs1Hq{bz0*FAmlZ{IosbeniW3=#Wv*8KvYmJ9m3i?aik16&qxJ9E#W+@??fj?C2 zt-86RFKe)&p&q=Uq<9TsZj8UCupGGW8RWjQfSj*2} z(AC8JiqtMk8>!*9C?g37j>?p};A^PDrt@ZYajTSA%s-nQ{cP_N_L&DhgF)L08idD| zC!?qRZ~ev8t#D#BcoymHMdxS7xb4;UOI!fWW_H%27^~Qqp%AOsYx#`ukOOjrtAUex z7gOMPTS0Pbp`aP8Sy#bs>}SzGgFl)0c(KS)&@6aAr|lE|k2?eGN5AP$gMT}X6ROv$ zz2QE>BOfFZVPF20k+3shcS85BBayIP%zD7(8FV12s+n!+qS=LN4xqDUcip>%!fHn}=4EZbXIyiLl+ z@FxpUnM*val#yBdgfP2cCtAL?!+YVO?$B9qo`r-2H4#?W=c0&hKi7?95G69Lj(UTqjwQ|y4}D=*K-RB=|!CpnbWzyBcY${(+1+aw()r&T#- z+f7nI)rv3BBI9M2W(%tJD(eYNQ|`I0tm((R7#ihZVgw}7No;)KG{5^3NH z%|=T2G{K4qwm@j#Xu1&g@;Tz_@XDnZv22V&>1_$b(pfU#b-$(G!ryL7yV!w?u?w#T z76Eg0!21a^3MgHgK)^BOMrOTWF`M;b7?qO3(q|V`i*mJ1aQeN?2!9m_oS!HOnn9@V zScnF!5qS!#HGes+1z$fMXJy_`YNJWAX4+POp`&2yiZ5|l2AlO|S?!H1 zi<>q4SPzUjbUVEA7Pp#(vL~40sX-cUuM@nbjA7puZ-@fkqQ2weY&55=t} zVa@7RegFNrZ)65t`3&A}COQ@u$_=qlmJ$idkGY_|pr=`Hbl?7-+@dDb4IV$D$FBIn z-xspUXcz^Lj&_!KNm*(XKc~itV613=-j-Im;iCZIXK$uV6?%8CYr>htOPHuj=2C24!~>iW5lQ65>)2p zABzr(k4PxH8`+$@V~c|h{wx=pg2Rn6hR&Zdw{XQi7`Z7tRBY&ms%t}$`9Te6_a?gP zDKz9C>X=v1CT}6luht~Y7dmuQrh6~KQ4TdlZ(aBj~1jUZ_xuUM{3!O-3!=~dO0 zba=Su$aPJ%Z}>f_PG8b9@LlMl(nHI7G;S&M^zv%`R!oA|ui@)-_)&^KQsBoU)X&V9 z5tOhDW7y>!y`>B=>MKsnYeX1TR+*PCMSKyR7QgAZ9`>Yb2v8 zVL~NHW#Y$$L?4{>qR%$qbU;m@#B?9wpS&&JwiLm60K--@!V7KG2U%*=BESxx$LjQX zHmqe?)YUtFVeOGfc=w?Uo05Dh3psQS*dt z7jLMt^AxHl)VV>7ukx9#AOyn=xn>_{Y8n*0FX0_LXh!C6FmWu33#6T_nP2oYVWu;u zuiK<^yPDJ!vxm!Uf>9;WG1_uW;LKP@T@@Hh;Pa@>bf6Tg?bh@UVRxVps=175I0^%y3}T?JDC~A z0hzX6Lz(BZ*6ju2VdH~ElRY_5asme{7VH!r`xEJyT-W%nFIj!+W#N(eP*Q2X=JJ1C z9-M_NM#S3i9GZiBu3Tr!Qqk@j%P+8$tRREt*fW9(-B9 z?4j0o_Uei{yFs`n>Kq4d9yTwVZ^Yn&og1+Mn=qld45SjNIg}{MO$6uW11uI#$<_@W zO@`yu4|bWAXa)59K#X!~1z|3f*albbo$FlcWjW zMh#PMQ0+@Y1!u0^A8NC@Xhe{;h}+vfKc|tz=kqY8@+D_QvZIR45Ybl;6Fg>X9l~swNq#9Fxu*%?M9Uy4ZTh3lM9>RJXp0#pscto z?*FMDr+P35KhLxlY=#NoywE&R*PcynAEeNZ(WWf<1*4%y3QX|wGic+&! z5gK_GvQp2{e1foaChn;eT=SO`$6R|^PdWx2dCBrCb6;6vH*&LzdmdKZTqMr3yyrr&M-AFU| z<-R5@l#p+nMTha1?ZN(bLw}E-Jgph~TlgRMH;wnVs?+|WdVlQjI!WHI?m-ogo`+`* zQNe!s{?#p)p&6BLNXqIFDT6&Dh4n>dZ*{IWyv&m?c`FknIf(nzzWo$Rua||cG#L1w zA8UYuiQuU6yw9+*+bTV~dPK6xJ&D+{z0iI9Z|Agk9EdaHJ67pAwphSkYO;PQ(7-Al ziS)__22CuuleAflZUJWJsV>tzTUU=yGKV(D@8b^a|M@f9bMA33bCAjnlZN2peL>w3 zEgOPV&*}8q&0nu(XX%xqw{1C` zt=_g9J;|$qHvls3%UZRAsmI1rW%o3A)$J7feh7PILnCV5Q-9v%6RfAYYuW2AtmZ0c z`#yJn_&eTn8TD{4{GH%FFVwFp1+OpJEx>hDbOZdo9|w|Pau>zl8}m5uh8F|yl%7td z$m&FmtgqWGcLF~!1Yl~+d$Xk~1=|QccUFHkO4FrWpRT^bm$-{0r?6Y1b7MRDeJ*sg zy_l!r$-VWKGx->F?RQg&hK4G;5pDwAQ0r+jn|JeR^U1fa&;wRlUTp;%nnN+e*c zS<-%IJ(kyQG#jpwIGat#aKo1 z{8H6^O&UvJP8e8ZW>Cu4D19fk-Iv;~a%j6E{+qyiQTx|Y`@4Ai*YfsPL|P)-vg@&t z1J6bqq3?Tl_C01SYR=z-Lo02>p}C#dm=PWhS(7vjqt8}ac=#MR6@tCs&qt!siaUz= z7=*e;wLQ>C2DR!(&mJTB7k1oQn7;ba%^V+NFD+qFP~Yjfkgu=%HMV|{^({24Z>T)7 zfDdAD-#F{%o@~U2DH>BDY<>noQ|ZulM&aAY;Cl_hXD5fxH5|S<@F9SQEn#RRt-qm- z!n1wbnVYKzI2sngE|xHA{99baW{V3M}07Ml9( za}WkJq5Ob}DZzI$?XTo3UdOW~y?TgcV{bXcg)y>`Acw+Y&FQjff<jy*f=dyd$nJp;JaT$tfzZgoFxoMcp-w1ih+`o$7>b{x4Q|fx^#LZ;A>Pvd48*45k z!GIdKB*3d*Qt2`(j2#I!9Cw(RFc}-|tvC9S$ivkiV+sn{h-U75E!1NzoCx^( z19&YxD-~2No(hjZ+!g2A48Ns+9uILnx^se*7tV^hV>tW9n5Neo|zDa0#ayv#HN z8h=B?WWYz%uODmDg0&dDuS^q#r>L)*$C{W**wcVl-|v|z+BHDhRvLCHo;r7r;EV9C zu(2u^>j-6Qxtm_$cZ~>haWk`^FJ8v|4ju9@p>**Re7hFSV9IW#4~}3qxd!!t$C;*S zEK`f&`wI1UID6R_1ggu4=mpfxYdP%tP{Q<|B=0h-$^E8xsLB0$^tQMeeFH9-PHLob zJj>-O%oYgv3b0U}imM*Cxt67F0OnBstjxc%Kb`mh)=wT!W_Dee0V8ZCZRNRsG4(T& zi(XoLObZU9v-y|M6^tHY^A*^9Y}=2rw&}BZ@EOe8Ge0uthu6~JrbXtPWSp;iG|qL; zW6aa-s>nP)!g;RO=P9vy4xdKglQD%gYa#R}_`(KIoqSc=4PoHL8MD()B)HC zZ#YqS>|GKm5`@x!(~m@<>|<_M_Sln1!Zx!`TiM>{rsrsBUgz|=e#0|1t1EtJ@m#Ce z>qeqKukfb|#r0cBGerOv{uB_cyOk;7l2iP-0&mI1k}!YVVz=(KTerKj^ACjv;`luM zgminIkdaK<`cOuBa`||3`P2kkc~Rm=7Cmd`EIpGdIYWyDZIlz){cR{c_KjzEnYQd5 z^k}E6jj-C?2QW6bF|D{OuYoC;!tfS8arbfNHBzJqU*;bqZ$+J$*T(#_)P0X0(`ZD& z75q}DqyB3fVMt~h$q#=391pH!en=NE%mAJwfN^=RSVeACNg$Dhy3l>z%G2DM=GI%< z$HO(|mD#oF4~QoRALV%BLl|vry`|eP}#w_m2tb^R%Uzd0IpQ_8q%MhC!*ljtjgmX0Zl4}M`!8bb-DL( zVLblCptiT?vO6*S7xs`ZYwxC>CUw}Rw)Xj=+e7tm(;ov5UxL&ljGUgD%QSEmpG8vW^>^CI%i>H?Gd50Vy; zv~A9UQ%f5{y#f8qh}UKKv#$%Fnl*_o0- z@KP4Arokppu}JdF`cMz=cUF|&9a@#6;IQCDu62TMz^F0E{CmR}d#0{4y9y4wQ^nOQ z2AD7BDd@|-g=+sF=H3K8iYnV5@6JXC0@V=$VNrqvA<7_eBh4Zy(oL$QT3`?m6+sb( zxFU2zPzVW457d<9#-cv=aT#@dF5||c(jAs0=s*CK0FDMkt)^W9N=O2v{^y)qy`>Vo7b}yktI8U!DX!S3a3lZrN2|Zsu0`P?odQ zy#}8jAY8-`_2`@A``~(7pZWDW&F<^i5sX{81Xh&nFFo>YsUOZ?y}3W5ogb`hZk0ki z(=djD0hy9G@1M;0h|!QeZCu zyi_E5c3a|<5cmf~Lu-;bFK(Y6J%M}Z1G-@OnOpTHHRrgLbJ8jQB%c1lY5rX_e=Vv> zJ#cJnl^kJ5AbNThAxq#g z-Xd1u3*3k9c<>(7*#MIeeZuLiP2rp=Pa+vAVRW zGxvD8Lmju3FKy_KQx! z-j^_FD4yg@gxfc6I`AD*k`HMc4P60-apP=|x7iu4*dbPoB-iN~4?;=uPDu8gk8CKCY`Cz~dGeoHkpHXkqgzJ%Xf z`7KrKcgn&Y@cVgw%j@iS^5PGGGh8%}_xmmL9CF%l-ji=l2wHe~K@VQf&kTFOi02O? zTAvFk1@hl;<48wGJ1xb?92d`%`Hz5(5bVSkqWn+Ay`aKDe)wRa7WeShyZWoEO?5=| z#g_&?Htu5bOX;lZt#==(a4blHs=}$b)$IMRYxO%}#bdi%f304N=2qkp@f{OWCR%<> zlD~7vr`Y`|^Tvd1=VBkR{xxfHo7^e;Mf2x;&JOoC!4*92xznMzz0G!Id9lN*uXr%< z9vQ9fOk_|}@yvR?xI~wj<45AbGH_EHk!Z{v7(?^&J7}_U53Jg+jjBt=*lo?r^WtTD z(zrpj+=e%(UEh4Wrzuzn&Gt7ZgxbB$u8^K57G#5hO0J4m&=W>MTW3>2_d!8+xk>Xu zxq-LX*>*wbK>c)*LBx}I)=?AipkI79G+c2m;6FCQ;csJi^v~u`;Jm1-w6Q1svT|Oe z&&D3~E6M%fX+L5Pxaa!=7S9p0THhT)oc|prh+%eYbRbB1~cQuEHip=ZdL?9 zqNPU<{^JB}+eJ*oaD9vO#HrkaKj3uWnkXtxQp3pPLl2v|CC7BdVG=7G%tNH?NOH=* z^0u??F?7du2yc@5jYB;qRJpElE9?n8fR|&kUwbT{T_CyeNu7L{4v zQ`V5@${G^r#~St{34eIcl2rz3y9T*=k0NTQ!}cS$3US%!9oK&(6aLx|hj+$>3*n-qF~vNOfYqnnX`7T?XwI}~S9sE8g^1o!Z@N z%oUEDU)@!~$skPTR^j`553clRLupfu>k7f+Pq0b!6WQw|sR*YdKT_Z&GV64XoS8Pm&7Z#B=^{hmfR4;A=%*#|}Z>S@4z*oG8Eua;g-!H3ykx_f=QJV420tt#Egi2eZm@$+e4}1*xx72!>wDk z2%dzfR8jF<6-6esD5919-&a6^+^Wsk3XR)BB<^HR32pyF;^M=_<`kr&r2rG4$H4XEeVF#Hx_gPb#VXuP~bZH>26rxBb)^ zpX+_WDf43V3EQFH-OTC^=;mOzd)g<9nffNWO7m&@SR_q}qb2P?n8Ks<1veAjhD7Lg zTq~IsMYlTF$`H*Kw@I@w{tnDiA6r7)S|11ps$j9p<@=ArPC;-c{&8wrrN^H{f#cMq zN{`QiQ4pi1t?~Gq?6Pmamb(v_(fV?^+EZuFDL3ze)hh4h_XlzjlEUn%&dNau6!_4i z@uJ{-fe3z+ElxP9!67NtF7NXkO@xzL(xQIQ0DMUF1((A=n^80%oZi6uv}qiLBmW9G zwue%UQ?8P|^*rbBJ2=O-amq3|iBGNL)%(qG2(#B=AfMVWPO-}tUR|01t+h9^K*;Kn z(|DCn1Zmb@!2;_<=(5wc*ZntqavAE#-8Zl0_>Ncl$qw&fqr!4WYK=$-VD}IH+GLL} z3#E<*M%8lv(In3&(ECUdDpl^Z+c#~2W=~7#GX$pU%pyXQwCFB05`0B4Qy zi0pd&5>%tv2HgTOjF6Ni!x87VtG16nO)sCQsVylhhB&=Cgnmq+1U!0EePN#2ZAC$C zD57EH)(1W!v3O#>q!d~<_o1iogPM2~>R4?TLiiAZXT@-nyAaY?@#QrW^##brZg&0| zrZl_=iVNPWOwaP}b9Y6PM(yeX5c|vZT@pe4VFwaNlX8k6D1}JKOiTtvW+J>b@Yh=q zfl4y2A3=UPp=Si1qC3`}lDqiNgu%O*;&yGP+}4M|jGPB#A-QUwIgxgpD8IBx3T!6?fXBKpgPp_9kg4fbx)?{7%7+qC5u zQQYki2WL56b#&rAJG!A2mZYMvWSl^%f;?tvbPS!z2O(tvQs2t%-C-3rh;l&BIIym-iGSbh^#e_Y#c#D8eyXK~6sH7q~%{skk=NGsvlh!oO-!Yi<&+MPz&l`PC;m*<|v@IM;ieeoSq zao}WSvp6-6&Ef=RH_EmpJ5ZgkcjTL07m2D;oeTTYzvK>x}Scjl1+!Q2r>#SyU|$xrtw(I8eqga7vtt(;_NUVXt!t22|!P z^sY+&o&*wWX0RTdpyhT@>v;!F*#ZpBts*0#gW7F>qBZFH1KoEn*93*rp3OruBAD7R zF7WeV`Z>ZtF2kq6!{P0)bL;K!^6MC6`}8~}*?fz`ZTrn-!5>Ha8GGZ6?ZC;k$Im~L z5b+sUIys5&&aCxUkqkPopD`WC9SGyqC;PF5GV($r?jm!TS6>ne>&)g9vEcMj;3=j9 z+kh1Ki6>+peC|x53Bzf&@l><-cRHSPf-=RbeL03{71o*vDKTutU@ zqDAScEhuGkt8ZBe1G0g!@^5C^t2?!S0J(z$<5gP3D#b(>jt|*U8aIut_4OkN7C@>3 z26%>_7YOox?VoR>+2bLhB8AB&0qwJo4Q)M`ESr#y1BE0{RcBd9666$ORAHdL==&*2 z?P^<(y;#q}NdGjBgW!$$Mr%=q~D$Pqk?cq)pR1E3?}Srp4{cXg zJsFl72t5JAtmeB*7>dbZ`n}x3kWb&C*PABo`%CH>?|Q?;5Q>yZc*ex{|2{oUOw@YB z6ylAT<2{zcwG1k9qJSkI**pn%wgdYpjF) zp#q^xP<+)^_cy4K8rlvTwU-7l`ngCGUXQZxL2A4*h*a?fwd z{fyB;1yVle8(!b(oKuhNY}{>3SbGozCQ-QoEAt~$eBcp8Iy#uUPaA#$8*Nxvzhlgk z%OD#KN~88pwlOHZa8OFxw|HJOu3it`gg6Cj(I-(ryTTrY{U4Jd>Qo#R^N3N@ka0A! zN6xan;`M={fsNfI;uW&QDC9ey-nLh*MHApd+OcuWMp>GDOb`C`JoQn>LT2raM_TEl z#`>>}cb~!>iKtUGZN|%FssQN-CQ7RkkyIoXE_#JicmALn^oWO+o~Nv-~IRxIHYEpYVepl5UX1_Xma#;li23^|zS6KeeF_knWL{;*Zk?8w`mX&--znxH# zto9Jf%CSsO(-rDE!Iuoxe=OVre>kZr*H@;S(KW&9S3<=?|86u&eI%h})hnW_zS2l^ zCqo!>cjDFYj9fP+giPc{mlmjLC1w8a$f1g-@po?Jn5cT{US>rMj;W_tbUmLLi4tPE zc+wo{Vn3m58+H-VbPhpyp?XybU$zs2HolR8?R%+iQD@JY{);aR;C{GqQfC&(dC-Ly zL~x$Jnj;OHZq)g(xn;vj%ux-y!bntPZrQLIk%j>U1fGp3@6mg4kBo_`YV>47Eh6?SicU?{nrp8;j^puM6#1YCW)-~w5T+)NrciZK~ zR{7R6yIf+i%kz@#@-U{P?#QpNNQ9;o9mu)mk@B+gNgFRpmiPLr63QAOAc0%!_wPz7 zYwB{~CDX!gS(R=WunQM;3;YQ&ZqHoAt-Lh^yehPFAc=zoqE6K{?_bXtN_DP6pquXT z107SBjDpB!WW96$%HV||u36=AAgIer`k*bXnpCPL@ySSGIVD=*zLoc(Ht*}VGSjCj z*PV9qwLo&)E)WPbJUp&`o`8$AZ=XjPCN!DSzM#(vRPbxyP^grT;9JJICOQRV=lVoX zbJtD1m;s^a(YcM8^zFCRarOp$(P|*MDnG`lP0Rbt5JT583=79r^3v33J6^l|nH{(7 z-LP|48|J}ZYn!^TYq{a37*DG*QK7uUYxgzt%0v$6UVE)CzA2OQ;-`FFAZ(<1FxAG;(;NI+7(9~udcbJ z78X1XTv=mX4Y1ag*PymwneXmSn8f)Lulp5;rZ|r&Q@^$=Q)}fLvhz^Mc{rYC=pdtJ z{P0jul3No~NQ7cuM@Wn+o5ApB$dnFbtxd51nKEe`=K_di#abck_B75}av^K}HWWi@ zlA!q&gb|wSqdyp7G@VyVvDssOg$6I_AB9~JC7@%M0?Y{Ie`hxJCC=N>GOlZ@M z%*q`d4htJ2ok(QY2I59Oz5a<>t^n1BD@N_S41! zF1|UuaN1ZecIEygUY!?Jys?J%xo(4VnV`}8Pd3Fe45&apT9g!3qG>SRmU+5@5vf^F;Yv9TIS8+ zW$r!f%CyzEdgSVa+!ewpq-HX`b>P#-P$3DG4?SlxU1_<%Mtixd18dpkdZn>&8lq<) z_vhzYOtarGq+X{N=SX79=5#rI5u0 zt37|Wr(w>L?gAnr%O|xr%(Pkt;b0rBJnuE)`S%-Nzs6|%1;&|a2sM1&)HWJU#0{)& zjy#mbUjX~Bsn-LuTj6O%?i&o_OV|_opliycO!s{}jV>A%BK*{2gqyk-b}?4Dm-4xF6)>5$Lnv_Jir?w-WxX$dRfDTj^bR(A zR=f7A*hRv3JJqP`ZR`(GmVsY|n3}@(P#?XMd>=i%B--0}?0~H##ZMpa(eAKw<3LIg ztvG0W8Z3CblCFqJI9_=$Uc=#UXv~JJW_)dyi4EBx8nPo(LVOK}3~TDehKwG5gBQnd zMrgbSUR}>#b%hobY5TmQnLVxHB%}2&NX4axQ~e80N7%5-8o9wJYP$&y`+h5I(rb!n z+u+j(LHrh!MVq^DtEb?V_8cF-r9VE(ehI=V_tNQwJ^3v|5Qdt2={L?Z0(Z78q-|^4 z#;qKHcinT+c~27vfIaBPj3nN327aYbb)p3~)<+tNSACnh$DVqi>_?RMIPdpl#<&xh zVxs6dXi~?gs-K?I$$w2EHx3qP+5OGrD3#|#|C2?&2YbK*-Rb|OzrP{Fj0zV;bqi3L z)V$kXwC5?ZxbP=9xUE%=qN+d5BRm8Dul;#{V>)kc6z4QbMZ578K)p3_9*{u%hTD4B zA50M754W|xsNNey)a`m6D`@U+H`fbu>V+cTyCV}!qPamd`<&)V(Oe^%>%<~o>14A> zD5|n{g9hHUZM0~vbegM$O{LPoKO^*^WcCa2f4MWwc|(DNuP;yJabGApm~#t}W1fFc z0{4+#ray{@jJ4bBS^MYl{?C#e+(-NQvZj}5b9lU*w;XbCA084tpY=ncdlbapcq8um z#?c2EkL2WWASWkOjAM5Rn@d0KV%mYc&Abcd#HP}5PyG2qY^iM*w=x^0q|MWFChvZs z(vgWy22URsKvMK;V+DUxSHWB^6qQq#bNp%cnd`b*P?w} z(Mi^Z=+Ziyn_*5ki}uZUYFH-;wq5_PV@3b*EZ*PLnKw5%=j?NucZuecPV=EcHSO_2 zwcq2sXIp}E&S7WK;RB_YeZ|`S83u;i-bpNLx&jxKy6nnChbmop+RjOPpw*7t!@Q>v zX3R6&it2HCBkCPa$@-_@e}a4(s~7yu1I*35`6REG%R9I3c<--|3EbPw5OrD6X`G!o zbwzbDoV5MFq~G<;=$snvBcFLMbhylq2Pa;y;$>ij3zB%b*y4~Ur8#85%F99zu_8Z{ zIUmZW2^5;hZR?-nv2XDik{`M=cGyCDH0)g>R(~mVW?<~O`0t4={mN7rh%Lu8j#V>K zpsQ+x8WrYz29u0tW}=h)>OEgBtpl-4SVtAbaq=ih-t=Z4wA@xt_Fyk(_k{S21e+JVL(fUoM5IWQvxqQoN4__&C zJ3Yx9eLH2 z3iODwo}{~rGQf$~Ns91330VT@ypo>9)Tuthd42jt#R%Q<54NRwWg%-TvhOmL6 zHC*0pe`n<(oO$3*mgmb-s@7K;srCV*+5woXz$i{qW?K~4`>hPTjjYL16H!6@!?bLk z`_P_khJU5(1o-!c?8Io9Pg0Z1S0e7I)3=%0-5Vvf*AiN^b52wPHod_bfbji+a=M%9 zdJSu5W>m6$ud!rHG1=2Ci|Z4W?oOjPR8t8oLgQ#m7jDhp&#*h|8LT2R7|Nd%FaIa8`K8$WqeA&p;^ki+n?Ef! z|Cu93eoMUkV`B4vek3OUmQeoAar=K|Z2x2PKN!lN7PtSg`K8$WqeA(+#qED={qV`a+Xx>Z`ns+Hp#s|wIb8i?Wb0dWQ+P|^e{w-Yy|F3L2 zGLqIFkXzx!DhZ5nbR)C=Q2*oZ1VJA@C~m4ACEpU2millp8~<|Jl&$ zUudR#=tTH$f|>iUAc6aEN@CQRVFZ?VJ(hSwtJ;2F260zlTpp{f5&{B)TcxYTbe%Ds zm345=vgi)h{T%L~medHTjx(#VAuN?v4e{JZiN-kl1a-_NilKphk0J{a!m%v)85W!r z6YOQdDKWwKvS3S0@N^d3IVL!t1*gRX=dj>zF~Jx7Os_<>TRM~W#ah_mf@x^v)&q!g z>Zkhf8+_i)vpVz#9>x&Ylti{u-fq16{XLbv`#r=kPL21z4TcJW~7P;b0@onLSodwN>|)8Kl_64{bl z`3P@$UUtfUcC#C4tJb;2)oP4AKYI&}Re5wO_gl#=*Adb#+6I$HRF>il{A_7Yf++mp z9i~q4Bb#BHjo{~uVDtWfTdnw1aD@+pX8=f@C+mP?=1L2BlS2V z_!$=5%?Q5C2v%Dv$3+p?Z4lT$h+YUgH}xPWvhqt{g={dll`CX%sz9#5eJGfdVqEYt z<^&};kl#cQt9|)RsIwC6&Tm5Wt6&#?Qyzg8)PiYUwLd5YP=ZTu^(5u=GD! zeFlX2-MptcgVdiUJm z&7@GGOeM6fq06D1RI2;MCD>s1`1T4N1BKd2JrjyhyG|+YNrhiy6i$j?Mfs<7g!Brl zC>n0npo_q1T|dCTR#$DjS{56%92f`!2$7^~ic!NC*{p_FgU_`8USjYE#XXx=0AW@j zLen1Pv)(FqFA&SMSI44NLLEa#XPOe8Gq5TBl_7JfU3(Wt%d^_FXPZNw2oQ$8g5K+S zGF_9b7JndK`3Mpe=$%0Oyl44* z!)cnf{Cz#_Lc#kDzI+T}vH(n>Bh~eWX$I##-G=f8j(Y%&n4PF%d4efFWbuab!(&Wq zQyW3r-iD)wWwh-H7R|g2&fn@pGpaj!-?Y$$E*d0Ls%fZ}k#icDtaHwf$TSP`jY0>8 zR6)_Q50z1t-rKA*Z{U|#*XyhlGv0C!hb#e|FgLbqFFkjb<*y=*j0)1fJgF_KOCbh- zKeICAH=;SQcFFsU={!dKvBVNU5m>AHM-;K%ZG$4AIeO&)T3%l)MD2-_+Eo|VGp~cF zkP~>ejm#U2%=KB6xxmdbpB_+8H~adtXJJpouT$`a4U1O@KCT9H1qB*vxX{H<#6C=t zFA82BFU#7H{YMtH(oG_UfAs0L_oegj4;$KnQ_r4al7QDIm*uw<~~}W-;gACM`Ju=jINaM>u^_=*;7~9o1^^cRiiyTnl5j zbhHmW)LPJKIUWBX1_@^nJ^WM)aGNE^d6RX?l>D;|GIJAAa;rK;NZU|_@N0Ho+V`zTgW{SuS zZQ_Z=9UK1BAqU zlxKM8+$vO>)h-xmD3NbxxUanaPf0GeRG7>WFwfoRXb`<v4$@){vI|ll!#%-=Q_%M_G4_PY2{};(X7WE=yv>V8}?tC++eJ~=OXLx zm1ZK;!*3@LBs#b1bu*c2yM*qDp%$~=j%({7J*kDW^|pZ>2mcsZUxIwdDc3m>Fa4CU zzQ%>^UaV;i9YGl#C)_Dg84y@Cm#wlCo)zqKTEBUNJH-@dg*kC+LNNI#RpH_*_O z+ytW%bKfS(-;w=HllC~I!L*(8jCt5CR0j2L${E(bbBuq8^4BQqj5&9TSja{O&UWvJ z)4KLLPy&YdcK8O0Clq#vSvu1c_%Zs)FD@sj?E{`m$gU7Y+&qj^c zN$rQ1>0I7BL|rSi8X>cN%Zsze@c_uG!U4eg7*_#BW3^P1gvrfZ{4onrT$js_%7 zfzk^$>Y8)ODsN1g$SM(g^tbDmYZ zuErrdlws(i{?!y-&R;dL<=jj`zX_gg7DTvI$9N$}y!+!FO{Yk|73K%`q1og6#GT50 z$iv50S2nYTY|@TgLo4rg!!q*rr)dsd7+6EPVSEDosCkqkPim*0qW&!~?w-dtoua$v z$Ab5@Kc%~7!sa$1o=9@1ks{a&c6y~pwo|cZTbzoNjh;@rBmg0fWYVNrcn{riXpi?k z*Ri+~de49ffbWg#e27KxoSz_%9H_X4wqbfXULO&d$Y#Q*OEkTJfC1TT=Wa<)-S1d+ znCAq)zRS~OUOd*$eb^g9T-WgGqUZBVoBJ&M8os`SFYCg6eCe4i*XQtiE5($<@3Bi> z=eZAm6SP@ggnlFOqpLof4BbKzQH)q#CmtmH!A>W(+!Eai>A-=Rnl} z9xyi|Zr8x%8$Ri4V(368wAbDv>G+YaNa4tM(uO<>FprlVN=@(`T!!u*p_R|s;p0mDmrtbSeCj}*Jn6y&ea!2ddn_DntPd}DGC8~8oA ze;(3asb`zrxvhj+j5i^+M%SHXjaa?wc6}RZM9hLzwr$HkLq~B_SV7~Upq6+g-JrN> zMsaU#4TB&OZHzk{vG;Q!S#5XtxFnV}nsj}|!tqYEBx~NIPUZUfJe=Rqu1_-X zPZ7;!BPP#$2t~d?nx8lD}Zd{|J-j*e)MUz_0hp7ILQT`B#L0vLDwg&B)k1QrB zr&%)VlKG5eYnHfi&3La<(V~Hojla$PvNc5~BSoF+yh*X`!6w8Z?u#2cAnrCKZZ?)6 zs^hbOxRWG?Fkp|SF5=aP8sB*>kQ|L?4)yZ8K`Sx@&@|3}u-rPcqd>*=mN|I_spC^|oV5Q19Xg95_E z&?re+G9N|g?gyH5yPCAaaI1q7cy)IRsojF8GtD9>6X)aFn9w6?ZM0VCXl2hjUz-t~ zqaFN@rA6(p=hr)kKiENh>YW|z-yOskwH+VfCe?y6c|M9BSN1y@&x-dy%RjEIY1IGU z`A5TnM!jAB5$+$|eR!Hu-05fn|H6eQL&(nSeMUFi(0`BD!x?R@=Lmm^yROAcPPX6a zE!gRyp>@r}s=~F6I=AuGchjKAK;?J5zW;;#X;=sSI8XjGEYkk}1^#sAvXlD1%b(); zTX5p7T9(-`LH-Pgh_>W7!8nl{=NHtau=%)CBz0~lL0+x}2OD_Igo*EH5Oe&Z*(aE{ zi8eo`r{eY!?}7xzWywBr4`(nngen(2)rhQ6i{3aKHRPW`J}vrxO+>d0dAxjzFa5rg zT@I9<=)`?k#l2L?J?`_>c3R^|5tRa%mlG^Fiv)avW%#%X#PE zm2x*d0tGNX?hVv=^OMPppNKGyxFXnUSk`hjZM0B7Xm)nb?qGI)fU|R0s61jV@m3fs z6Y(Slo{Ym~qUE`{=P9q@Q4*Q#32k>zXrxj&pFP5@A)P_?(+WS=gbvA3Vq6Tpga~&+ zgBOEdCR6^xTO<5eRLe>UD@-P!UuBvFb@&A~6(W2YeGl+>X3p1sxQr3cWbz@^AP8wl zf6)Ea*d?za@kYfjoJbi{fh$}AtoSvTMJOr6<=2d!cXS{hcM!j+gZRK5ZI2gfayGQU z8NhoChqua|jpNp{yh$I_$;6?m69O%q(2^n{iS7#pWf}=3C0~U^hqCPrAw^+9o%w>{ zcJkJ*@EI4=9@NGivY0m47*^;zUTxHaJO1PQZAry{LSE0S_`f5s58d~FMqba|{~wXp zkMH|`me;R5zx`0Vd|y~r|FMm|Fk1e+y#x8PgZQEj;-BguzN&-x#@pLl&n-0afdS8$ zFL<^kX`E%VSK<*tsELd~?4{ayugB}6_^-#G)b^Tu<8TMl=3|^TgQE*- zV_nWZ-1fR`&;LA}q$I}Rat}+Y^DLo(l6~gKO*)T&ONby1vdCFa!w}cVF~|^I7kL`; z-E;X*iw&p9-9Ks4Jq^~y!-565hl6AJPe&RNO&_y}jNqmGr!N?R-?P9ay~wW~y|IYs z%h9h*xEVdqk+M_BpCfagqrGbs^m*_|8~tIBK^2a(CgTQqB=csgEvBsL3vfT#KZ}m#E*XOzboKBw z6mwqmcCsZOiKn}J25no0u+J{RVOvV+(=~_&Fyv*990VEYs*aDE=yep~U|9E2!9V0Y zeDD^Gr3RGr_6HNus_>9Dpb|T2cJ!|2Q=6G9pGgJ<<8}LP0u_!$tc$T<@iZm6hI*P3 zT>Ypv?>_hCNY7U*nsk3{BFHK8Wpl8Xpz!k*Xq-8ShI1v|@wZ(zwPWVeo_rnIFYf!F z?H5t&E$*ICSsQ=P*w)6LaX$KSaX7%#w)PKfUmJUf^GFBGU@J0%A)!**+eZ?Pw6~A6 z*`Ij($*A+&PehL|iOyIDj)eD>Z#y_+May$DJCNr(h!1oS-}~0~sZ*;>_%^)uYtQ$7Wm?opwo+2W`I0&rhI+&(EzSts@O;-70fo;U-DGX9x? zhQTNGIQ5scS$~whsB*s*WgYKtzvF{>KM;>@!QZbOZESH>+2)oS$3B!C6Dl(hd{~>w z%DoU|-&-ORXLWSx1`>fG_{M*4vJwtLllINI-#*f3iiW z;H~U(*`Fz>8GXH-@!&Tz;QqVG6#xDbw&^JZG76o;C%9O9Yh@(rrhG{k<4vd=|Fcjr z-l$_I*74CQGFWqjxkAA5_sA7zYkm{1su$@Sv+~_-mp{E#`LDfUGPTbi_cQ+;zc%bzQc>3~zlQUcJ1wH8K69IVfZr%kk3Y-Zr`^UK(>=P`-J9Q- zPk{%c?eq(}9Ya%yv}vftmYfNHHjl@Bd(jlLDMlWi*3SG#vpFRl4sz&G;PPwwBJ4jp z6=)TY9#pv2@lM$VA)qPFqr$OEo_B#+;UpRdhq~F>>`e=NG-C7Rf@_2UU zMf@W?aW;Ia4V6DLa0P)Ww9XGxKTq4iur`hSOU|{--y*%Fio=D_ftv7{`Hf`ETlNRM zFMfDI3Tm}I{6Y%a4~CK@MUvgblKE08SzT&$vV=&oD=}HcpUL-6l&`Vy`c=v>YU3~+ zolZA!OEN??AC@$QUMH{fmv+HBjCS}7rNl{n5iFIkf8pzFEUT-tsQV2eIP$6T;*%+;dVkF2FudKD zZ9_`u))VGKv^@nXaGx5=bm>)L2nr+{NdM5?P1JWfZNIw@1v}-|2NNZ^ISSaJJ^3{1 zoPq*SnIEgxOhXyyodJE8{tr?YCMQRDOOyVdVajk)dzC&zj!ojr<1scTPUC!mx0RB* ziDs4DsErSqxN<$L77@iMq@rbW7rjaO}xAvNLWDVZCLl?mytOTHtO`H z5fiiH+QEOI1=&ZBGM9At%<(ry8Lj_i7<4TIJRj2jdtlu0|8xYo%RJ`dqmGF?kv0TL zY!6%UpSqL`7??|FZSeayAPTN`cVRRzZ#=y5@pJg0P5g}Pp-euFV-Zd8uF(vf{ z)`*{jJzMUFqQ1jv`^7bu%;%14GsBc(qPL_t7icyAAj_r)MNfrAViP9$9cr<^B9V-2 zH%aKZRdEl&8gC-koLv7>R{nOU?FZL*a@%oKJC_ru{9;yq->C9mdAnu#8?Q!)WE^M#^TFLG@BGU9y;9(X7%ddO5Ka1{) z=}UC}aDP6G?$452+UU!pQGKxuqrR+Kic_OcWWMG4h`1|PHMcQkXj2Mm?X71gI-y{z z2{zPsX)}ZwaqD23mIEYZ?rdgMJ9Mx?qN5UevwY2MXNi${Y0-6r%E@cd-Gh=B6iDBk&tI)s}n;#g6o&5%Nd1O6g z$$ebgH_%vFuulMQ`WEe=6t_w11E;Y-GU_oI{^Paz18JHWWUubYvUfm%}il^eLD08}wr||u20Ix!nYe#B9r6>OC(As{5T_udx4d zK|T(rd9+~FEjaZYaGr2ll}T2?wij5sCl3~Vv*C9`;NHHjn6ug~SzL~zn(0~N)5-?} zQ%#)J;e*gxWEtPXZ)(^Mb_&2v;sk`jxT#L$KfgKUUqEIhf3FQ%N_Hyw%y^4sbLEBH zhSq5lIJOt8Wl^I14aHKU$@Ci?GC-Drfigq4peT~E8!HFzxD&ZZ-vk|2NvMlREY6!u zR&1=zjm@}vA*tboC7=<~eQ+RWO-^(4G(jg#ggMiQ@AXyMngj-_{$MkCd2ZYJO7wj~ zo-v(vYc`IZlXCN9(lFKf}g4 z-N$q3Ta;ss8*q&T#TwZeZh_(xY@S@|YpBR!$i7(A<1 z`V{g`kT~%&L0Os)0-q}#9kcVE71sWo7ybMMC(K z1~T=P3$2p8A|L*n1pf&lp6tQ}Ze*s@cog5&jm-Y(;uDT)+^Rn&B1^aj$UZAyP?o@W z-ZzORgaT+S6D1^Z*LdXew_r*woFm6cgpk>Tl>4;4;50YeaJY3cRGWi zyirgmAkKiE@nsfy)0N>^C2?>6sThvvnG@80gE5iQ{G)MVr=)LWG3nT~EmN2Edr%=3*BP`1R>qH51J3(9ny{N+HPPWTGo z%&C>|C-?Rjk{Rc1rlvs^NLC2@oza}p6085>G{&JnQ~QWaUM~dRS~wphGW0lHM1T*= z;Z(8Q;*{rF12CRB#+bnHeRN9dm z!x}n9I}6=3)&3hOe5;P87aZTWMSjz6BP-@ zZz+u5c4GoJGM_Ep|DvIvWyLYlKLeW0DwfP=g0F03N2s4&%LLB~SdX)T_>+{$*5GVj zSz?8BFvVl2_FTO&30qLiHHudzTJ@?B%|zIvf`h{}`ROcluruycYS*sSeND)nmIFPV zkZ`KCjW_?udsL<1c>r41Sx~N69i=n&az#S`G}<6Yj!B(t;tLi`P}7D29WC07Q#gzTu;L4_>^hz2G z2GQS_De8V_PNfsNEt(reTwBmzq#CL%d?m@dw1=T#`b3xk6Xv7%JA&?ofH6+9Vr_Ul z>Mbdq@H#eKka2iGCdnt6B-jN41i2Xgn`Dh#Qncg$CRTq1wt#y+Z{_*;c3gBNc`|9}Ir1l56C`VthY>p`WPS!DaHw z4cS&YR(|MI??Zmd5erZSvuLa0JWtY1M>&kf-U*5;!(<0~^PVOvw-Nzx#;ZdSuZ7?H zGoSM%jAk`VqaMf^CA9=ca0l{)f1UhJcbMsXp_Qi18@Wz0+lk`<>1!*z6`C9)#(#I0QJ@xS}3V= z>HYR7MP zPzjkY;yg&|;(WUY1q3HQ@Ja{JiT{~rTP2o|FDgk$T{5T(Sjm$^DY9!#xv>5JNC3zz z!u{>5ljxk>T_UH6>Fd2*6+34QdZLZG1nW@K4N=-?qLRRP5%hdd-l5al= zty`(1T^#|1!}F}s+1GTgh0p$e3%Ye*UN{r(D}kD* z&M6O0!&u@z?PIMJ4_j6u*0xoxhv9_TUK#a2F%=da?>5{t!sOcw%4Z5&WF;wbHC3h2 zaI)p8_E7T<-3s)>gLpgktvV~RR5XXNi0gPP)9Y$PU6opNgsL%=!dC66$0S1O#~MMb z>Ox6aB^YnbXNU@ZcQxB;;HkfOx$E+Shl{IY_<`jFwqxh8ehG&wmE49GE_@3_~-#Fvq41kAZh z!~|81B0%{~xSmm`=rQ z#RRQx3wV~4qLY#r zkcwv}x`M~~blqvG6tLVw{DKXV%U^w7RvJnsT`=m5z$v_eJ292(oF_p`Q*l7TIPr94}7)s$B)6_rOUtSnOzGhsJr4l1G*41mHz z$`Y%nir~wTbJr}IFCq1%AYES6AWB2P^R-byYgvNPd3gZOzh45^zC2iI{N|%qyqFBa zO6vrqSy|vT$TyugV8oAPSrP1PyXL&1Fa0RlF)>qD(t6mu2>ZZ5s!ZZkYfy%w=iaBFj8JSIGp$d!|~W5!MqJZnqeQQRxzWS71H$BTl{dyT0#RC_WW-Pp*?d5m~uT zviGNtRv)|e{4>VBDe44tc2iaK%LZYWK$k^OX0&+ITCS6@vb3^ zG(}ryY&wlVo6^v4*x2>*%hIyJfJn)SNga6T;2=tcK3hM?;Iz-}A7F1TR}+ z@hBN?r6K|RDDb7G<@2kGWLRyoai-N>q_(LWHl2}Gy}wDgb1jb5mnU) z51Z(51#4cHTuUs~P2>`WaseCQj6t!*O1Ut?C3b%KafA7rc|8ZJ0fA$0*+WZF@xYM# zTTW~B9Tk7T^Qm_BJf9aK5Pe(hCSm&+D)U_Cr0Yc-FuX9BO%>^Pmr$+=x|s#X%H47b z>uM>UZg*ERj#qViXo8SyDmv&@j=7aox3W3Gt8BJ-6|mKr_c&fbP4xn_>ULrKd)nev z;JKP6$*i=|iibW&K};HDELp@n9bPp*E;^^+y0zn=OD$*TsR^rOHG7}Ts`g=-iYf*_ z0}kq}ggms+xW3)266Wtgi-9CrF;Obw3rd&L9QM1z`#pId&QmiHXbXU9K~Mm^h1bBC zg!!M@P*-!!TVB^9OZ7*=2{Z=7D8=DlTF?v4(ds@rji+u)`S;_(Te-CVZ~k4R@`~_p2&(j?FD;KOs*2kyIFMuepY# zkis8$m8Gx*BT=l;`069=;qW#0+v%rz`B?qrL-AjY<5_6X(R}?3*~96(i?px@M5e#i ziqcVJ!QuA4>*JBV<^h$PO!W~kJb3{y?Y8r6#MwuD016#OpM(1*=YbxE7F(djh*b^} z!}S270H)P#7vs%+#uoqv{5^9QP(&>_?de`Tam;Im;dX{Bc>D;h0@++A<~8*Jsuw(@ zrA{1$hB!8*g4lcv+JmUSx}ewpO=3L!4u5Y%Wu#Zc#JwP51%_R?&+~5{iF{aQ)#c#H z6kt40hKz-$>Mel}Heqp>1~W`eZo?c49zlV`)WC4pIQxx%!S(I}-@4OnNvH;wS60*a zjmGTKSO~WN`-g338x7U+> zi%cesT^tW8{GGPqUB{mKe8eoV>lA&=Q0A2Ufgz$gyFgTGClkc75_jk9hp=+p>~%sd zm4odr5w`zlipfMt5QOcUu!(^OLT&0GH0>NK{%x2kSeb%$<1jqPN5F_Q0?osrji)ng z1oz8yERx*K0dD30aFF}yQvyc{g2WdCfb22pApc+ld7BaB6CC6pivi^G_`<;81f9Y5 z^az6=rbieoOQKB0kK<3@Cu(Mhbnmg6sFB!~$Z#zIXn4!$>j7vT879-V9uBUJ+8kaA z!E;PNcrEZep<`Nt;M<>wTW+1G+7w`0X4&<@(aAvP*18V&)^6zVMk19J1e?OK271hA z+53X`r5Ss?5bfd7d%T)9Ai+OL)CkTIq68-kQG!1jLEQ=1g9SdPDGaA z556`qvMD;UTMWn?24w3vvJ6CKgXdf8JGS-!x=#`i-4R($d;ri%EW0WAUo;s>9Gxy2 zOAP2_F3_-G?DXenn72%*ZAs8*m}8(J%Rs~5_zXRJ3(zo57*PIxm7vSttAauPnllXY z_ggN1w2L}0Q1mychkk1-HuI3=WC<2hL4h*s+0whamS-G!E$) ztR5+|5-SGkNWN~j@RSXKktrCcuSUI7xB9?V1UL>vBw;{W=0|9etOi=fS`D=PCXr}K zL|VpK2LzcD0a;}P`I(WuRUG7-lL6#i)&XVpT)ZYHJFHPTdDt426K5jH$&V3U<-jEF zjn_#$Y$S1vk?Yn3B2hq)zaJPRi-0_D1i9J>@_7z&?<4?ucwmsrA|S1U4IpccAm?$A z4d9{36&Th12y)vMKB~Xt|L{@$ z6~%QrEH}fbzCwui0pcrw_!*A4O;o3^1jJ=5`()4;L)v3e(q`zS1!Hq26S0Aa z$ZQHGWEcT_Zi)a{q62sD+W}(p^f$bB# zEnvHZzTI@hWBV7p-SrK$<5Q>|!uFHAeG=OjQwU}Ywil(+^8?sE#@p{=dwLqR-@rB+ zE3o2U#P}gnzY?>6F2z9Ra!ey4Vt$emOsz3Rro4@;mTIqJnlV_WpNt%461B>$AC5%3 zOy#<)DQp|ulLfZ&e2bUe3%@-q7oODZY!rI1wWY2vz`{oBT4J*e3b8r|^j_60uJfvH z;rgyR59>H1S4CU`Dy=a4FnXKDqji=;iZ3q{^K9 z=qEhfZ$4lGw>Hb9B zfa>X_=;=&Hwf(eUnC=OTgeT+)RL_JL>)}OExb}OsgbsN5b*ErL)A#}giI8dhr$U-M zfAB9?32r0w2sU9`v#fkm;)UAxQ?;!qDm&tyD50nOmZC!1J_A2dNEnB_ z$=-(zBeP8waIUk#g5jo%>f{y-3Rd+5$rm0{IcZP$$v9J~@N!ROK9+DEL-_}u0EXt@ zm%qD=P3!TR_lG9P>gW&u25WZ|#zt>DZ9*~I)??yjo)4fftD}Dd9b}>OG#;qN%IQ(b ze}0I#Ega^B%D&dXNvsT3lEwQ3ov5*3>F}oiWZmbeaO~ z0^uBm-=q32kI z?Lv}bN5!ZCCZ0AaQN7zKvnMgU%1+Yy)EfRhJzImRl%|NP+CfrIUr8%Hfgi8oM6N{f zU5ZjdnZPtoSgo@k;T;~skexH+ass{gb2spJBX30M2-Xq{iBP}#=J#1fM1wh^={bPt z6h|}@5QQFr#&QO)&(aYhWrOpcKu#)mn^mb@Q^wNHl|5!pDRm53;bBU+WGnPET5 z(19jE2bwc5!d-->;9o zU%(H=05)^LJ3u7_Um_>i@olcg>t$$AnOS&vF878sEq<%a*4lA<2vj?`wk^kX)W0(L z>?R{UNm{w~9IP^Yifeya=?+>r(<_m-jd%o{`@@L$y)oGN?YvEaAqwu`R?7JtEEvL{Y#6-5xieiN#_VL*p60!SYC`sg$d<&{9 zxRcuo-Lw&s1#;cF{{<3JD(rd?ESQfh(Aby z2TRxnKDU_r%b(W!e(2RyydOIE*S_)<_mxi+0SMb2{M&y?`4~XO2|Mes&c;qZR<4Yr zR~QZARksvi9sqT8DIf_|V5w?gNUN`#Bx#vazD&K@{m%h%zuheDNd7i#Q!egL5T(Hhr51EBsv({BlBL}R8J7B3JA`aN25eIAr zy!bn++X~$Qi}k<$Bgp+P%qPPAuj$#E|E2kLBJ>D4`Sq$eaK4vF{MQB?+ebuJBw{E4 zmPVv;r7GYU+aiv4TczDPW4H*r+Ijj(r|7>hgl-R2Pdm42B>b2etI`L4Qi0=AW*51$ z4uS=eHdNc)!4yh-C3#px0{0~wByh5(7T=_Yt&-C1#Vg{Dux(Q?3qRZ35F3Tm$M@C8 z4c}MG%ta9}Q!VtZH85utwokMmt<78aIB7@vb7bC>yUMG6B%%Q~ehxTHHBPbXOG)`e z@}C_ds}C1Q>T_dAS)ut!Ux&Z6BD#<^CP$UTm}J~iE_#)AFGl=#hi!WUSy(HkTxK)f zTi?ON6d(cLqEWwfqYTX#d8rT$^BRu%Q^|i0FxLR)1>l5v>jIzM8$sx>5W?kz(3Gt0 zVF54gVPV@mKq#{LV3XdY!zGxSF87oRe=Hff+Fxh+fAXF@KB^+k?oL8FK=PV|hJb;D zAV^Gv2!aW6bVCBKwG%GMlWP%=EU0ry0x}v1=`f_XrxkT(;xdaMUO2zeVU7)sI+_Lz zmyQ8vB%mV5^_sXNct8jvz28^$UcIW9#)RD<>~H_-u2)}Gef8B>Ro_)r(w2Hsp;nU> zYAVvEemsx#vZ9WlnMcrEvcN!df!#p!3%eQ3=T5Yb=I|(Jp0XQg-g$zdiFFXX^m=&Q z>_q`9pqHVZm}8)~HQqq)cpLQM2zq*dS7;334Gcq`K=kC`)MAbyf~;n($^)dzbA%J1 zN;TsA!*QMyGASpZ6O`hE}r87HFS~Zt` zS1*0^2%W#igOcp9>)GJwkq5ui& z1Ka6{4egbd>Yf+?rTN0mdf~e}&~&P~>2LJXgF4XkC{xpP zhd55kA3IDZAk6fsbS0xP;|DKVsXOp^o?c+jAux-1!kgkK9}jeR&8fH8KjZ*b)q5u&H0NhOcaTS|ivpDEwk$=cO7a5CBl}M|fv2@5U zfa*+Sx9|M;rTE082*u@(R*;!_g(W@AIm zw*xjWd<;C931!ydp9v_lCQ+YE+}T9E3@CRn8?~qld)ASMTO(fJB0PqX~4ue0t z6VZ@;8*#JAXl-*Dc5qe*;8cJkm+<2Clmosc*ZFK_6ZyN|uZ6;~-{SaYUl24@BObGd z*YCz4RJ+&j$rIzBsdlyU^Nd*Y`1{d0uAR;NEA)6CVd{zv?pJeZG_3miR5ExYL8o@V zdZQN3{sQ?ZTMJj6X|Nz;%RR|th&kBPB1;90?pM*4rLF)lk}q3vrjRPI_i8DvG>v>& zpjA2zKL%0|8Vjx3D^(+H&TO@oOLB0cUG}wF%g2QOgZS%jvxma5K$MfIy)5`>q_sx2 z;#c2cX_8bIOHNJuLNNt3E*q3hz_Mlc;$4S$;y4)h$5c)K2Bx#Sp{mJPM?p;jNkb)C z+JjsvTR8}ijeg-^VxXm1*;j9q^Bc=wDcx?(tY~oCDzJU%r8Q;oYg{Z z|M8%L3Nt+CBQnErgoKDzalLLRj99dr*`XE>@L*x&HF~mXXT+%<=&LWA9l1Xe$Nwna zgNIKpz~a_=qqO=MN$-%+sS}L*U2oU{@9w^)$Qr`6%^PrKc(QhQ?=N;;Ulg476VJ*} zJ-tpcrbsH>Rg}L&s(P{;J>LL(Lo)UojppjoVjS7!sRl3XAejl|zUpF}4x!TRmdw$d z&BEUzpFJ$EjJPI97RmQ9xzlGSlGF{f%_SF`5l39sE@*$QRMnR?+@EmOP^|kx5#>|a zH?9{nF0BfX8Q}b73W8uTaQJ6JMYE-!jB zRW0#obZ%&f&%_x2ptEJ8(?Vw=PUJ7WTKpi=8Lcbt;w7Pxde5KV(|ASppI!rl?*Y1p zPR2l%>^qkr`}Zt8=>c^0^XI3u{9tTyFt*a||I(ec)m^zOx3I?HiR_Sl7of<8OZSDB zCGdU7m#Q90(5~bBQmyL;owV3^fYDNwVgSrc1AtGhJVpDUC#7nH0kg6fz`SndE154< zB^v;Z$pEm{YHH=QodHO|o#AByzyhhN(ExZ80q!sW@HAp^Ft*T(0z>{*sp>fcwhFi) zoFkx2w!*4P1LkS?8@3A#_L8dR+o|Q9EEMSc34dbYL8im_8+H5!7(M*90MJLOx`x(~ zL+U^$T=?Gw5U*6#63^-w+!p{UEhf_KGXRbO6`Sueax0{&KO4D9666*bxp`96uZ>(k zNGZ*Ojob{Ws)7VPIp67l*rgMO+@>zLm8|>Wl6YiH8hH^3d0x}m(F=sEr@->O zBLB7q%N$SEd8v9CUK8`Cfx~|D{hWZ$@o4xI`433x7}TTX>-g+*XMxQ0KH!s2@M#5n z_QL!~qaKe`GGa-H)KowUr)Q2FSYmH**)m~I!5t)%fW&Fr}s_;$*C zeu=J93zHbW8|3KtuKlS~J9vor{!}*MdwbmXg6}!HLXRTEL#bFjHJRbNoX7X)-4Ud# zhVQP)JiZaBI&5i!@3~9Bx5b2Ss|nu-6xj#(K5EgoI2&wn)?Ctd3ak|k)|?_dI*8#Y z#_TBahw!|lm(33u<_@&)!S=luogW4M?OEGhz>cn(eA$>DP0(`q1%g3{Zn7?0E;LL= z)@{v1tWZx+WP|_gB-5}~#6%g^PTWtjpngIZK&8PtPxdXxpt;u8SD=r7Fo_uN_UxGUcS{By4LMBdd4d{~6fbcXMXL?R9D7{o4?cmihO2W^B4 z(P0t^!O$}PBKlag_O<)x$oLBFhum2qcjZoKU-CrWXX{`1)CFuA2{$fATJ@L(scFNh zFa+?)BqA)xGYL4rvE;l#fiMrs7MbUOHh!JN|IJPuu<%4{6dqij!SUcLc7|fQ3B`GB zrs@bWsgcW}m1bvRe$7N-YLu0>nHHw~q%-D+8NUi(7Q_;ddEb^BUPHXsp@`~49Fn;Lf0oH;I4%H=hgQbGp*IRFX zayrU*KN-iy`%Ra5yi4NPct7L1!sES!AMfq4jJ|f)RYYI$tShDP6oPAS#C7g?vub=R z$t3oZ@#Bq-7~30Ccn0ZG3)-9O`OQJ=j~txEuW!fs{;Zu-lOWp?h1<66Y1_7K+qOMz zPTRI^+qP}nx_$n`ji`s*wX(7z>S;&iUSBr0Hk@xIapm%<&f{lwZ`~e?@37A2gkTWZ zNq~j#+~%n2S=S*9IT9&)VJmuV(ZMV^_Gog+lDtZ1?b1p)e}Z^s+;$jyLW}uNne_z9 zTEWaC1Jf+g4I>$H!5IF0Np#_#Z`bWpI-Hnn-+=gnDUVx6{UuZ4z6u(`{M~cJci+L{ zO(15@lO#YGTv*VTTu28tQHzyF!k4vH^Z+NQmPfiQwi@kb+{BVBJvql>kDeb`76S$u zf^uq2T*p2Dv<#GuZ78XVc=M2_F(juGToig$VyTA^om>Hi zj?<4PB|`7$9z<$wRq@5uO13yO{`3uEA5rKD&*j~`JS#fHVMu#~V)&XZhIG9hyAW%( zz3cO-b%Wbi-cYb`WmWjC{g`ym+b`V0ts|US^3p8yJ}xEMzGEZr!(~ckE19m^0=o9c zn!|r7dZ7lcrJ-9SX$Q*E)7hR6@mOr*>pc!SjG6bgg!Cxmiux)NA1<*hY#`03h^wkVDhv6kozEIwzMK# z@BJ$w&U3W1LetkbCYBzVL5Fu+NXNyE&YlFYt&7ztw)HE}h+XkiWm@0;_K*?S0h#UUWce@5t=FUjwbU zp||oX?7j>Cy+{D5mP2aQ{k;se<6yMo;=^(FP{db5d{K>E2A#0Z)AIydN7zMsii8U0 z?M~Nz{2q;760WmCeg7nMB@G(G4A>9)JRaRDKl$E+I5Av{f8mp=p_%uh850A+=@4hkgRh#48lK57GUegy3+Ueq81_N3JWp!R<&dTvS zTI}4J3XlCfrz$Q!I+1UV*e%l8iM^pnuc_wqAoNnKt~1Ac0bLg-(8hjGE;`V81aza_ zEqvinQg~-uc<19@^tiCL zo)A`bzW+VAr7p|wY5q#Ha_{iPMCbed6^^d)LzH6qb2G0$RfPT4=*RAo{F>aU#KWKl zx0!qbTj&mq9O_;-^R-=iA%*wacS_tfl0Awj%7>)FOvin*VSbVa;lrk@|H2S)q7%{> z&iE0Ie3QE+12h#|C)I*(d-_w$Ry(;jr5n;0Jj04&J2?pK&S-QTe)#7i_JnRYiI^t4 zVPw`nmSg<^tl&>H0^{A24wxP>TgDfS*v8&T0XLtW$>X)b{)rznah4cCbI&B>>l<v_~;_Q08YkimqFL#9s9U4C|`CX`mZB>#A{WA5|hO zD+BB5TW~K}2JQGS;nVt7XdEnq9Q(DWb@CltECxn02Hf0u^7+6T8iOS@h59+lxI(z6 zFCU!2eMw^ZBoUf35;oP-xf+FFgbT zn`MK07|0cHAV6NhvnO7D#((;$LdKL3i6uS;2n0bB2X|1Rk3IrH$l`Xd(BtgyL-Gce zq4x+B>)>F35z<%mc>QI+`Y#jo_#UCF2_6P0F?}7|BaHVyy<>FFI)m5xnNN)`vJIp$r7<@T_Wh!_$%9EK8hM0x3@hGd)t!l#J zn{;(4U&_pBNN4hv&t>>qgqrq3Yjk}gidGKSKs3cBt#j_Epx$Eev_8jP^4%!pJ+;h@Q@R8;YciKUTpI;FDMuF<7qkL7%Li01EP8<;HQEZs z6!-|f%gd~k3`qUbWu8sZ$hf|@kV+5b)rjF`Y2yzu_k$?XM-lpzY9LB&M5*Jbeah7k z#f~EMNmK!4+KB%*X~>#V>=G(b(lQCswKhdKT zs$?=Uzh{qdqR+WO7FA@gTgJM<)*&K;>hy|phxrDns4csdY!)MB2nu9yo*`h`ZMVJSOe zp>iWVNfmC=adfT0oyukmg0*M)sZe#jh21XjyZlZ)B^UK zr;t39W%9%!e_!q^4aTn&LI$!o@$Vbl@wfZ+O_+sSH0ZpNwB~8}X;AluHQddpN3&ER zTUyW=PKz61X}tS#(HQQ4(?1C<+EeS#;|D}izV8fKsiy%vTp{~rNC7pogOMEaw?kmG z2$u5D)_|?*8vW$w1C0#nyR_f2TE{=B1E$O1(rv4U=4L!y(yx^@h);FJUDiA<>GJ7h zr$$+SV=lGs7LywXOT>PWyC6uc(eCQxFcUP3SD z+@PPV=Z9J%_^MHxBT8>9=DYSOu5GBjPpPd?HFI{sqqAeENhNjck@@k{g;B(4Wu=)LoE@7I>b z=^OqD&qudHA#p-}9bYx@I|!S(CYM!hxsNVLUnM-`l`o*SP5?;#=aGvDF|c& z2%PeqY`^HfOqjVT6*aMxN%qWi-DEr6@VsO?&2+tFdL)pw7k*_qBsWGsIO?5vJ}3CB z_N!Qb*&!)qb}4j)4K=p*u$Rjjo^;;4$g7xbS3jn>rd@b#5{~oXPA8v4l11-GBh&=ymWJj^l8J2JkQ;|o(`bvJ$P(PW#GMp6#pst$8Hx^IcZV<`on7UU`?!D`#!K zWhs5wOWEaRucNdJp5?)t71Xq+o`Aa7z^DvwIY}C|Z@xF+8nE1tNiT6uH{y0V`V*AS z^7L;kUCIMxuiAk2eGJr!BHOXV(rUsriU3DCgUyBtcjpB2N4{O zkxM+Apu@t0o97OruNR4S;dqhuesNaF`d8=+7W~h2c8t^KpUoqioh+qC>yz0^ZA(ty zd(;&t${BM?wU|7h8FLF3OrD%JqH-xyr)Tw;JX@>mXDZ@5p*21bl4}|$3!=SA4@0L zDSzbxR)`z@alh3VkCxvP87WRwJYz`&FdlIE_%B-Ut1cFDmjH!yY&qEzAaeMj0Em}u@+W&l<=L~D zo-u121fjww4CNG1JJXYB7ll}lECWuo#ZAOGXCvYfCA>_p5jn3p5m9apQv@&skX|0* zVLqYo$Eu3JIkI4^CZ(v)?9>@q?|*)(iC@!6DqTmmaJeKOIy0?zx!493;c4p$c+WY1^w@>`l*MUA3 zN7)qAnKqaLRi!3%r1x2yT%K)K&om{GQ6f*V7(G0`bs;k-qYo+^TtBY(QvW>$_aeYD z7Wl7~Ezyov!I~q3Lzr^KQ7J%zA%tU<$%GEct~J2z39(xwFQ0aXf34~2ahogj^E(!3 zysd9)Jlw5!b4nJAr3O(O6S!nO_p8G9e)R5JKic0&{}`O!14e8N7NHH~WL)5#-Os%u z(qoBowEv1}^w9QTe+3N7d{F{CssS`Yt(>ih)fmL^Cx1G$0j$XX)i0uRyGKvMk#6aK zXo;v{`wU@60iJ?KcY%`slkhaJ)**@Ok||$Ti}X7iB@0Q1~n&=T78{6<8bh8Ny?<`f4ExtU|;-#46`#XhIU4}bSdJ=)x5v<{FJ>Nu60xuxKNtZ zA~GF=Zxkr!+CNa&#(|h2fk#D>#(7I+Ed^M8zs*^&0u~@CeCQV=w^&4Wocnt?x-7Ts z;B#a87wxQ{%A#qf+$2tMMptm(;T|XF114DBg~$e{QdFxZPDAYttsHf1? z6+J6S%xIoVlkSP+BrNJ@fxjdv`^m(IhM8C+SU%LgaK-<`0)S%d<|l>60;hdlg6HW- zzb%W&c&Ub-U0yck(@AJuWH4`JqbkEY`6(MZHz!`R&>V{m$*$nCv?7e|(uld=7;Ec2 znO^09yZd24%FSm4Q~w5DJWrIT$W}Z}OeuX%jP7mX4Id+a$DncZP;XGvK&7-3x4Z`q+0;YnPExd<2?#4FXp**3NdkA=V#c zm$T6UboCzQ7AZCKXq}-{nnP?p*nYjYC*FCI5zg!;PY0K(=GdY!3QeaH6$=z)daLrb zO7pKK06o&|s7-p8!Y2t^#2Sq(JrSREFqk0iSp>RdWt9wq#VRi#V{}PW?7MZm(Q#(j z)9iu?7Muda1KGDH5@;Y~jG1CYr>KYvJ^s!bdek`lc{!gPJ1vTh+QIE@fqZF=&pZ_5;WIlqta+EOs#GEz97VJaFT`B1ZV&e#l6~QQia8G zibmFde{}Ft#W{eP;cxuiN0nSys(A9OOn6SB*$*E61XO+m>n}oMVow)Su7ZxHbGz8c zP$k~cQ6nhJQqAZbN_Srxhj8Ww8VNiZAutm#VI5fK^gdP$nPZmoyOaVg<(js>5ozc} zvu9QrNak%wJEmX!f;|+VKHkC$ra^geX*cUXkIBP#YIWlGD1KVc(TO-Fo-E~tNedm7iw&ZQ= z+q1)kN?I}$PzM|YVdSaE1l`VQPumGtmdH*&x04ACNOiCrw`&=30bQzoJ+T!AVo0YH zElC@N_?}XOSknaei3X;9!*G4iP$4A;9%&X+-_10Dw-^$!8BB!gvSyb?bmEhfuK# z-U35ffHpWbA_691f`L_@z#_M0p3SC2P7WuwBJ73V!cD28AT{1koNTU-ZJwSub7pif z89XbB>JEFhK)6Hao*E)(s4yA}-!g--8w7Id-IpM^_MBZJ^ZFrrK%`j!K1ia z-Bm%-qd+2uQ_*!1=gqdAWl2)OXHDV<{8L73?}v1~$M;0LI7s}_K7e~0Yfd7wmFr*F zzDK$Zz~=Dkiu~wB%?x`=7xsZ0;FhcpaPv3)(>E1fyj$HJ0eBI(3G@BFIdvsM8TR%gH#N;Q2Nq?#saS->I_yE_YgSXTzThRbiDzT{=)(Z81$Raup z6L_Mk#QQNrRH`I3Ki~46lW$7Ra*(bl%1&@L27eS$>2)IwP|*`Lnjkw2vYA1*?L_3$ zu+o||H2!A$8t(k`sEGT;n%H@Glgo5oMqyHz;>Wf$8+vpqi?5F*tiE9J1s66y42ToY z7zu&`IPD*W5l_!%;1$RoR-tu(qLt7hi+r*#49nsFgHX zRKxK#zuDp^iMUZ`rzXbirDlc`;ysRA3d(%mYmm)#k!HhN73| z3sZZU9Ek0u28SG0^7|Vsi>t6%QP~=sF{OSZ8^dIT>*X81NZ)#T6QW;u^=0*n687K< zTr~@`KHo$}rFbFoSm*sxvuke+N;T z-4JU)?WsTL=|Rwx8S`4f=&oYhnLk-dsA`X=3Q8eLKc1Py9o&E6$<@QSpJJ}ndUPwu zsZ26;mr^xx1a~_$8bT@dnpsI>8-GH*J?ovZUmp5Tb5ppbTm%rLlW1HxV8_M z&kz?ZM>2gUaL-`$LaW(ejn)BE1=;Z%fPC#Juk#%6>=V5#^BnN*6TLSpc?^hL`wsUo%5i!uDg z%KPbdH({HN$27m!%=Mt6cU)1x{Xrnts(%Oww+gH+XY%dep?Mn>qX0#zB}#D=paPZs zhRuL?`S~WVN~e{ziA82(C7+@KPVX2K<#TBz#!}UmZ8`H0oOl9`=~kg5(+Qms_7ZA+ zH1>h4yOCr6=(jpWJ9Bf?nLHu@&HR@cnz`=*^O!hwK+Wo}>Ux#wz_sPhu*U~&!{28! zjfx|VCaZKQ`Hk=#`w1YY%);jd_xURGn*Gq1Gp7=T9T7=OcqNy;bkOz>waO1l8hk0u zD@HU1<(%tSAKa;;hzsz`*II$TZr$+7o04vW)H4{V^Bud`rS&CyoBVUY5XU1CEItq5 zr7g-3A;ApS?@)h#hUw`$2Uoc0HL=vdH%*LQ`j&~buVe-&lBfOMxs)~jQg?UmkK8Fd z4{|Gdc^`bP<-;p;@z`rV58t z#j30kU})>zR|-a z)qqs>wmgsKLL2gebt?Djr1yVp2i7Nq8XMQUGbHynQJT62fRl|^>WCCuefbQ#)@x(Z zs2}P~p?YyDs5gom##Pf=C}|)ROl>_6uwx;9Uqjd+$kU*D0``uya2)~ z)}v+fuy)BnMS*Y&Ghvbn9sCFKi!US?7$dI!@qq$Fbff2M)Y>i7!OI}E*)Y|U)U~ly zj3lMwb2pNOG!wwPN`!AnNRa%Fk%2bRdoDKE5LLNO>SXbwHJ3b4EvTY=WPTCJo;DqO zDFiZ_bPm{PqJXXp`GEl~Yh?^?3>P_4c=v(eY$@l%-0UE2`?tN<8+DP&{ zQFOTbyq_xKxmuQO&!K9lZ=o%h1 zV@M8yLArTT>j^cL^5u3vjajbN$>-cbcSnLgrGVTn{z8W0R(7VW zM~}Ur$d;7-D9c8Q#^G~8>7;s#U0#|P)BFGv5!zPIGvg+chP~+_x5u)M+>OKW0{I160xwoRLDYM7(csCj z<}0o>sD1_7&3h9xtw|`h;Q_#NjvntV6!MamzSz4ohOck!w;ypo@%e7%A1~SVx=; zors!&Ai-eY(KvW~ieWKVaTU_Sa!CI6tsv(Q5P~gJ!FC&|%^c3uJ#4(>}@!fJ#MZ)iV%%nL2%$GyrPDKB8a2xQ{X& zpwb&!^&3S0NVC@Qs`lEbHbPq60UAwG2pw+!0pKZ7>h6#JC~#=iMO+Xuf!KW+AhZXF zCL018+Am9hO4l?*0BYGde2rq9JppM#MhS%1EgWS{JtQq(fGA_<-?rWzO9~f~A4NTS zTN`mAwC3%(GU5^teT#q+sCOk8`T4N@(?Anmbwjxk^Zg?hxCccs7(Y0qvPAWi0F}qY-e8LTdZM4;>6*Hx*8)#?r&GybAYPR`KAw~)#T z0+nLFe#?CSwf5t%Z<&TYTeNHKzZLjbD4P1Pn)tQhrh*Hl{+E;f_`F#|S4R0e=G{vN z%`Gyz(Wr6?s_+z+B|*#Ufyx^Y`Px5r>)RmRWt3hxGg2+J-2_!&!Zho1s@j?>!}TPy zi7&fFC?-wwxr^^JvjJ`be3)eY85XhR2f8+MWO2D;dX*@qo?S+pI8{WHA;K+9BCltv@mP#xSw)+q2C(G z#TIuqcq2%$CJ&z-zOh$zMZ2r@eD&Xu<>0}s-F;@hEmrtO`7jBBefWO*NN`8n?~B){ zA~PSS^I`*lhM=yVy>dfK=AGO)1 zzZcBNyK2}Kd?^u$J3axuT^|Y77H%S_(ZMIuyZAq8_|qpt3j9ntSD;8#NLO?W$wwOQ z1{gEQ!v(|!OF`_%&AdgoV-;&ScmrFxa)qhE`F?;tSEFH%l6m2T#9VcG-O9qUC!)v& zAs;eTdy(#0Ti~|kfICcnQ|gYdHy_|82>o(PXf6F1Cg`mkj*$rtP;oM>W3p>)Y6hT7 zjh@w*$YV}M5*2v!n}DVwmfb4sV5bBLY4TXOdT{k|?hu&CXr?RC+k8Mra*I`Av7381 zgCsMq{0{ohny*e2*k-YI%!7!UN!`Gh72`C_vJIa0fFMXe zERI7Ph^h#rVIvxg31|J%g50Vp)lWprO)cd^@%%$EtOL8O;0?V{)sN{=8Ww*7+=HJ1p!ceY%Q?E;OS013zyc6@CQ0C%q&XalJ-Au8i@r_I|RWMaBodA!ch<;tYVV1mseocD|Z|T?f zTz;xGU~!OG*_U2so_k|{yQ0ak!S?fNJHXKUt@;5)kjX#0zNp6AUq(KqiXTcR<5pwL zH4o-zFQ2qIM7_CR-U9Ly8$<=Cz`%~G^$fEkyxP$Rc zc|vaiy77ri(ShgVtCfYr?u?|Kcq{Jh2C@AnSGast0gQlFXiMM3=AiS3D*AeHk5yU? zQT~`l%}y@{HpZF}&{j&46Hjdbbcg%i^nJpBKjx}vZG9r%`pbs4d#iuDy7Ypf!;ggg zVf=Ov_#$pGC9y7koEs3IHaZFCs$D)U)Vu|Ul@tW5Q8XGKN zyuMc3(rJ1t%MwlQQMzF-6BV@ly71#%&G#P9V!yC`S|THMXH*=gOcGwl8%3TgEfQo;nC*6pAUoOdg zZR`&vvbOm1oQ*k$*tU5vNl7?m_Og)ogzT|PTq{;7rUF$mgjk7{TfZc9OEfs;f3#&s z3waBdtZaPQ(Oi!yFp9|@)5j0nNuu?U0P}1iQG?s`@tHQH#S3O)-+;ovi1Y@myPbTG zCErt3a>QDrgrCDxWzx{-hxGm;<~4bGYa@9e_Wh#Hnh6^&ACT#BOcciCFm~rqu+=j{ zdWG^06raNxXZuGs^EZG#Tm)ksOB*Y7>c9a{P8FfI3%fNUjgJ$_Ys@g&=KREf z0s_%B1h_;BQ4Wdo;G-rbQ|#PBZ9AXI{_Z?M{0*~;KRIEe%uKGr?Bjxcl+)3i*lfG~ zZ0JT0tPNl1B(lE}q!0Wfodr+*K&@o1QrYuIlvQWlv$>qn1?yD7aNW_NcgLBipf`3^OW1POKW&sV)cgasglZG0a}N zC>adTq1-@r9{_|KKX$nNVq|A(C8NB$y6GukXWuRTEI;E}F0nz#4GrWU#z(vT3YI|T zJMYSHhV^fGy9&~H%=_n^H)#F5bKZ!>ES5I>(}(jm=3-g+cthBxa{|5K$R`o?CevM! z(l!({f=JBf)WxIKrjjM;+~!iRt#^)u*#%qDHXsEqq;F&XZ%}vfB)Tj>GBQ{TQ z_BGf9qJ3US!{<9UON~!W^~7|O_?r-zbtkVyzh$DICb7p$hKOaql}VH~Rri8!`N+oS z5M_qXFYDUBWrf4?x)r%nvKxM%-I0i@9IfSyrM1%kJoRlOebA z1e91{>}^i*pS2?UoLSqYqv*h~N_)3&iP2s52yZtZ%XA4luZI2aT}80m4I#^R%vWA? zn8ub?5Rb)J;20=8eGkGHp)9|>1L^iHHKgoUk0U{{m1y`AAbCT2mJvZI@}pS{GnG30 z#xSJ{byhDu%+MKXS^X?B{Af`#f{Q3uzpCJN$VrN&57zO}uCEmL+mHTLh=tc^R-^uR zQGFk}r4SDn7FedF5RT*Wm_dzGmem`R7J#h39e@ls|`lTo1e_Ync1sOUZb_j#+1$@SJ7T{%Ipkjk8g*zV|5MX z#wB+FyX`gVR>9Z;#i{Q7RYA6?Wqg%}w*kzra|@|euCkpdt~-7^C95%FufL}94Xdqp zh-hUS>CV2%Lof<-7B8paq+2i&FQKPcdGIo}O@14%2E8%Tj>9s1fB@iSy=vmu@KB6^ zgY}f%7yai0iEPjJc{CRI_egKI-fKy*` zpbbESH(FGsXWmsMIjXzX7OiA3XnJLI-{F0^A%3F12Y)g{{64~)N1XscDLFEy_zq}q zRqUOug-4Ot$hNkhM9VuczS-JS(4E8YL;nTD{59Z*t58>UYR@RnxJ|H1=M@Hs4=Y{f zzn!Ui-ywtiWr83setf)cckQ3p^CT(hF&Ra&WxoA=m=gg5;QXr@cz!m$t ze;|7^QvCqZ$<+aW?CMGDkYpYN$yfh}GwxmXruUs}HzG5FuzC-WLqL*{qwk%$TubpH zOB;I>5|_XreHD~W9Nf~wM4CBlSVXGVmKRhc@R5}EkbzN`N?;EKD(#)GgQ4rE!Siq^ zf%Ee`Pk{6D&rmE5@;I|)%45~z?*8mk=5`1z+RquGC~1;n!#maI^dDx?fGKN3%9!Tj zC@2~F`tw0P!KZ=qh@kT$cm~!aE@(cQbL;h3WSa0PzztMcNm%z zZYIexs1IAnD>BxY=rJd-pn$GJ9S+tv3<&Nri@`&5u>ZZ6f~l@~cGmuvcJM;Z0waXGCv=(_9@m4r9> z()Gpia36!Nlv}Hv3BLS)5JhEdS1wILFr@}fD?SNClmR0ALN;DoT4m=ustm4FSTH3U zdSrbt;ExR|%A&~PDkK{2;PeNLa5hg1|LW}2Pw zW|B5spDw+6B}_%~w~d7ncs(+;c=mo#5iu1(z2VCGH8sG+Jbbfpn)dW-Kf;n}>`;_x z49rI>qgSw6!HTLVCG5OC6Ib2)I7&)TqcuY^6VleUG35=awOxV7EQPx1oq|r6VBdD2 z!MS6st^UJXSvTaThIclJ8$?LDz#xlvcD<%RfCCL1)TkJ{n4uD^ zWln0t48q!F4NbQT#oP6a2ENcskW@ym2O4%vt+sLA6XQ6bdgc!ll!~&#GBGTKlmkwS z*QlPzhL5oNPk`Gh&Esw$GlwWINv)RW9aO3OHHpXNUS}V8(w>Fg?E&uE>`5fo4TDoN z^I3%piA2-;&RBR+1y^kF^d?xoYHKfopWip&=9+-^RMJ!c+ew|->^epv9L9MlbU3pyPnTH_&sX8v5gM#Yqx(72nSb4Q)^kd@QtmZ1L#3b z08NrLzP19H4fasLExXM$7Rm5_y%X$tN|w}hW#{E-eReam#TL9W3v(Y1P`O2Ww?U*- zVRDIYXrJHXU*c6ITFfp--dG3EXxt-Q;H_?$>N`?*e$U8{X85!2y1kV(=AM!Y+JN2Z z$UIdiLvX?HmYG$U&d;-!&!sC{_$$)w28HcWKb5Vay*Abpat&_Lo|A8v)#k(Z z7;EfqIkK!!%=L5lJuL4In|uUc;<|f%Cl~bFNfaig=}dGKa;{9}muZic_>fY@c39ynQ`uvn*9MxE1rjd|<^LLNy@rI@40ZM%4sNXgB9~h#>K$I= z<2lh3o|pvEn37$u<@vTN6VnH7U^uh8JBb&25MYTS|yV&NT%mgY~0Z`Oty% zunt!FYW-9ihCNMHbo~ubg>$NqpZb(Moa*Wl@Q2P`7{|T=J*yOwI7(TTEsuz7#ReNkJ$V_zcXdX;zV>t~yhfl2Vr`46Ii2_+-Egt2x=VJyg$x_ta~ zFAT7+Y1qZpo)shg(Kd=`6!Cf~9KL;@Vd4$hSoC5p*!px^UCHSkE*M8AK |u(#ii z0ai`o8My@U`aG_z_>xKOt@wiSt#a0y2Mt42-9*86!}8?zTO9;u4Gv2-onbFG z^Iti6UP-7sk-@se?}kec^=Ip9bsF1slE9dk@XoV-)sZopl(5eK9&&i@9?4Po8ZcDU zMmUp}wN0

wrgj?En_q)2m-FpVW2s%I)hxMy2gQNb$JqeMN)C{n(It%1fE-FOrtW zf#xrzbE9Ns)<@#hS7-(qk|` zYo~tK#OP3XF_~h|!GpXNcfw0==8rc^hIYTBovB3dX0p1P%976Y-ZMlXXPAIpA26mX|+H7>T>^e8o43vv@P-pg4bIs`R)SDZ=MWsz6k4t#-M6|K$2 z3h~1rjIX!2vJUuJaHrGJj#YWT%9y46lG&o%f+W8^i#KOJovXT*P`M$@3CFCpSvggQsl=!(Vh9MeD7gpu7@ zCmNeWA8WX4lKGZPmM??as6tE5nkpoR+10y;5w7WZzI%atc~NlNM6-7cOxFTm+J7;^ zH}-i#$ND=;XSCmQ)LuJp%DsHF=`n-Oj_VD4F(o1XU>S;iVH9X9<-OXM11WOqk2ynI zCAf(1yMTZ%^#(@HMF?45-mK7^IHfUbO**)%p2g^XoJ))kYMh>>(?!ebI<;uk`)^?coDo8uf7!P zl&O$^`|4zI3wQ~7d+ym$7x@J!_5ra)l$<sLJ1fOUT{3X@~SCfIRaQs~0Aa9t@#-tDza(v_Yj`NX;C24CUC`oKf4DNAwRaj@*E(zc+Tj@X6iJ;>tP+557)NVCrGf;;S7n`=<;fER@oaU(lV!xjM{4CS_oI%JQm&uF1=t^l>FmQ8$O+6WU!$n$V@0(q|EUPh(C(N0ni_Q zVXtyqA3-KY03bFbF?d#9Q}hzs26>ni?Bs>gzv`Shk!x(v`e_`w0+>MB`NzD76sDXaX-oz24__mNLX64krL02P7jY&gTNs> zlEuf-?x}t3Z#Z|g+-F!7Em&2}=MIeDRcqCHGbYJ^?$LtMcF2i1%qyb_5&K;0b$8_uGqVT2lHkNDq|H^+deinJDMB4GpOX*&5TOPnr3hgSUTNs zW$urQ4`l_=&K3ysqfTHRT@gIJz`USKpvFHzK4L? zZEzt=<3*kA!Sr-$W_E3$9eiD=i>J&^*x2n24#XJWWA^_1e#SQ~g>U}&nSR}hSZ^t& z)6b;QXu5QlF%nKcrqeK6W3k7_BhR>3UH|_4PeM#mUyAXa{Vx^fi$P)4H!t`bv(>$> zK)9RX*F7E`uFmjmdSRAf#HWA8!Zxf}NYDHTBp4=ALC@?bSO;4d-5O&1R_f>|i>Hb? z_QMNK)sB_ljwtaWMBJGCZJ*TUoc;`4TAs7n9m0ZYc>E8;IkV53@iHL{JPIpdW9>Db zOv9Kl6aO zn4iN(#?nhfFamak*4+l0l=rEEFJ-eNug6qe2OLiSc3Sa01$B2)o+4c^#CTi^dYj~i zJBmd!bqI^%j@Q@6><-E0>zZ@5Fm@Cb^M{jLvH^?`+`&l^V%n7)HUo+w5$=J)9Tq9vIp5q%0KDH8fw^NQ!7PU?NLQ99ca@J51oVG7!}vBPv)&rVVHNTUa5p!DVVrSo~8r zM@;i&u$GQAI%sES#WQ20M_so?gLj!t5}q0Apf$Zm#XDUj^GpSw9murf7gBI!hrlJl z(;LVv5DnqLst*1HvFvH;jH4manlRh9f>buLjFeR|tcLX-7*n^)LCBjMUNqbE8OHI< z2T$?*2FlXY7lxE$KL8+`mQYWMg;7Zb7RhWUIu50k6M$%!%iC;|O5ob~VuhbR?z@I^R<{T~rHbCtzaemehoPJ`qbS0Vh_(@D%kgU?~^r$HfO zQ&^Y;%Z-yti*hiF`4*+DNz>E0#w;KYaE596zvSfX}Sx&%(SLZ^5s1 z6ZV`}lIO8j4k)jGE-bjpn#Gk7tGup0nP`R_jc5~HQrEB6uAbW=PNqSi(r0>U3u9yz zwy98U1Qshh#a1m|-B)pdSWTdz`5np?8@-APJMb4VDj5lb_cR7lCc(`)=*`X1fUuvm zgkWr5Lnh2`!M0vLi3|(`;2^k~*nGJPt^@B(@h=g{Uv~oc|Bdb4Tg&-( zN2Kt*l*;yEU)5~PBM(ZA8eD>S_X%=?=1`O^h5`?5J_?mW&!9?=KsLPnz~(IHwc<#Uit zv^@0QJ(_}JSdw2r0Og&RKzEJWHW2^mnZ__&*Dfj{=@Oi%XyT~pmG#+peGB>u;HwOW znzUvjIQI#vQg-^RUzyfyT7?(lKJ`NI zFK*LbFo`$4yvT(Y65mzhbA)HB>}xl&y4mnOoN^ACMvNe~T}Y^vPOuWmTWM}xa8yHL zrC9E$?c6$L{yOFX42(H8r@c4v4DGQwCyDD%FkVSOiECTm6UTZOB`R8RsdcHeqH=jN zVlW zd)955+hh=O&UCvWVecLy?-UctYBx<{+3b;+`Omm_x#4#vVWCGNAH~_W&cy!!OF*>0 zT;mDU?!p4kXmn_>hb zxXGk_4Q|ru15_YoN09Wz>|K&#cT+wW3$d`-#)_83iZ0NLj@pC*I((2GfB?K$xPO}2 z0Q*VUdEoNiH9u*aS&auO?YxX|TJx=MnlOa?g1E?m9=ITGgi{%h;vu_r3TX6ng?N$}ijN6tQWk?Nrq)$FdUPLOY8|SX3D{@jm7eDkqf~8Wpf|IRHuiBOVcf`nz?8=8 z8;tr4=o(?DK^#6zq^|wklpE6-Zpznnbn6bCoO^@*Ee`b3!7_|v$)c2l`A7J#YG z6>#6X1S>_w;5{DZm>|jZ#6AqD$<<>q;-Y$9t7T{5NX{m}oG^Awi zWfN2TZ;CT$CCdfhdXWDX>T3U^BJyN!UX`Hs-^6&blI2N7wqEsLsQsU2Y}oeB*otUy zLvz}3Na)E>#27~r;>3KfJ(`RufLbS3>Zrv_I%=iF>mh#;&WCcN_4!agn>iQ?*0)mo za<>r7=ySg?=zSJ51AluLCJ0i`ecOxfjyB0xS`oY8-IX1Szo?$Q3~!7#SCBAyR}Nlf zsTV|}03T-oj%p{lJ>6s?L_=q*WiUxb9cfcy7-dR{#ZIARG^fOuG&_aG@XXgfZ7Bm` z-oW>R-n}jWsh)v{MxW}H1j{LQR~V9Td>^F3E2@5c}RCTgAEX{HLtx zqw0xFXcxWF?9BV9LzKy1_Kx$&vsD!oXQxtTM$4C>f~OGp%l8OT=61j-KciMs)|xC> zO}#xUih(mNqLM*Ql}q6W@8BEo7MjV*iUU|2M>}tJbntl&ASq72`f(=p;s=bYh4vin z&|RCL6m!tb1wyoino*FqG)dMIy!QzrNBcx;yE|V*LnvT`Fsl^2_M!Lf(Sn0cxkp_% z99MT%A)3-0=fkiH;--9@q#GpVumd@s=djEM0c;17D zdiWVhS-I8e{es;GhF=}%{>}5bjX8n%9wYSiIaRfi@Dy-#wi&^k8*vXo3mdC}#W}Vm z*$ef_?*aUQO&y<&8!KOsYfbU1`@#K-a5v74NXoq?!MDaHDQlKH3c8%$sOyU4e7rqq zzW)@oEftlU)(sV-txjvV`?GKwaHj52{Wv%DijXEOD#X(K<`-B@4jT+20Ok27&=%oM z@|^Gl1VMIoI(@6rk6x2toWN=yPepeNX+q9WN&ZOi?Curie@hdV3^gIj3f80RCnUh< zw0_Gs)I^!(7=tx*2~H#x-OwRfkFUE-!YzWCi_y)=VUUXKHr_Lpg7NlN{y0<^WfTcL zH~YCMg@zhpm-TeM4ltK&5m-PxNp4Z^LkQ&EPTy-4q!wG+DapqrWGVgXnfoevYF(XdveVQxR}QI#jk=K^4y zo$4KC+8v!V$=dEP(6$$pVG`c|b3mBPu*=tHpyicZX3~QAK7TPq=_vdj^UxT-x~%@! zxR=lM3c>pLF;cG|BmLvgDD`Z=9Khf_);2UwVFB@;_Gh>8+x>mwfz-*^{2=*!2J&Z- z@IZJE)}X-ORZn$yA|P%+CTE4HJZ&H^-@Rh@0m-`0&OZ@AifirRp9vJ3_VV7#phj_% zBSTv==1p=&{m)38%!MjYOrS6;BX*@Y2d3@~_b|~jF$d0&bK33Pl9A|y?iUq0Ek$K> zE{%4dFr>w87Co=w*$Kr@v8%9PI?J+Jk}b%kxlk#eN|)pd!4k4Fk(8OW5(%hph>Da7 z6nhMe0ST69J>;J0l;4*o%r@cWtR&wJpQ1^K?uE7r#poM$MM4<=_e#9u zIQ*R~=C?1*pyV%Y_PVn+cUjntX-c3;Nt6#_lK_i_V425SO>UCv574gGp6d!SMxB<} zNU)@kw6gL+s!ZL2Jm{|QF0PL`YB)_`x2)dcJePBou%A04q7d> zIVX%3JuSVZ@|<+RsbKMa_`M8<>QLt7n4Q*l-T!bZnK@4HK_~AxfnyB+ZXgeu>)=8_EGhdv2MeEG!fhx1a~8589c@ll&0#p|)dS^IS>3y-<@~M4KM=7-KAJ zQJ~7bh>(qk=NM7IsCephzheG{=?{ z3XQA&Rv=?st)!WKy4wX$k-@z$Y{5`PUcbOQj=*|$Yj6J^?jQ^QXTC%7IxklXgsf(q z#NWVh1NWMxigPs8q4qWuqPG_I_QD>jYti4n8S0G@(ZTHNS^TOBq}fA&C0-bM?@qF` zs7>$}9as;bhy>Kt5~ff&g29HvbMUUkeLuphelP^XunUt^z?|lBxU^FP;Zi4%Mh4w3 z6y;P?h< z51VVqW6gua>q?FlMG4^)F&8@>r~aJ8lK{=0P~YB3E-?*5ET zqJRdkisn&YO!Aj$D9K;rhwAbda)~dW>BYdUxstCWm)KO1$v~uEy6J3hG;wnK#P?1( z@0ypxTB+~-s52_$?TKZoB=-hw41B{j7Lr$O&(I{IU$J!G&6hCdR!9TsQQm_$bX$n) z`UkxM4tZz&hR&zbemW|@{&MqbI5Qr5#nJOq??O|GO6B$8~$Jc2+2pThptj#9EMfY;O*NiOOH zpeG5P9zY+Q5TK#ka5grU>b^fu(fIPd0vVQc zB`^3dVI8Y~P17*s9wS4IFUV58G*{w6$fS9vv*!RYO~J?%HU*E6KJ*2A=JbBdH=u^g zUbi-9i~%q~1Rg0LTYa)6dtV)^M%Q8?M;<#29;4%*pTU?FuAE(F5$H-qM_ zLyLmvgm(vp8Ti)DZ!gXn(^N7hwiGeMQlFWMlT84taN&S&-_xgu=j zgmvu*9f_s=`a4AnS(}re%5S3321%$!n6b&m;QO_?@;IVPRM(9E9$|<1*XA|NR_K`)FhW+=SDWqRQ?a`5BW!2Y&SaaJ*SQJQEg}1`K`*O*3M0ElNUV8>< zM-A{Xw~-I$rGgJ*51c}}vimf?bE;uW62C06TN(;AprpgV^Kp|s32bwx$d|O*K|HgY z+JL?E&9VU_1}*jR4^s-9Tq`hBH8+aUAbeIWN8cJK_Zl^CJzV+k@MQ`4wm?GYlB{Q3 znc))3kDKRrBInTx&)hfEZ5U&4SBt|kb9nCwIu0MnH}KxW@U_c>r+FRk-PfyyXlL!b z1(Jm`?@V<$I_QIFfSwi}zs)Ishp+;_Xp%S>&EA?Nz}&+dvnaPo)|2i};Zu~~#iXXz zldf6e1*`*``wCPVsl_OpbJKH$;PiY7Rj?XLl4j{UEPqKjx6jI5HW>=dcIE}J@nLY7 zy3?K38**GXOL-^V61FJ@K1-e9%bbGy(TSnHJ5nY2koxeKC!!+PCCRXE@;&(iS5qkD z)!0z2C&&~hbi^SiMS^+~Zv}x1;eUP9P z30i^g`636sh!QRMcE+#8Y{76Kooq7sR8D@W98zo4mXoj%5Z(<#ZT^XYin+RIdHlDuSC zB=oc1zVSr|(~qHOf)dH$UfetGPKu3#id^5SY&%Yrb&vb%@c5+t6y2k}aaHI=hKimk zu!9@O9l4~I;>{~-Gc4pU2!nu~3gZV{^DXQ|R?$M*$_sJuxFOYMjYtdDH>)S1!MpX% zO1t|h+$^pwU7Hx%ZVF$63Tv+)WYtJBZB5?Mp@G0RtU=XeJrE|mAl%I^o{kKl?CHyo zD^o2LZ;#Z4E$X^2dv(WKx_HGXwH(Tvti`r|9zcEcooq%`)k_i=Q_52iGXAA9plZdV zEOAxmTmAhLbvFHc^_z1DNC37+LL#_kPD@HM0RNn{wz|yOsL7zX$fvQz0maUuB!AUG z1)`M;MxZ$3Au%&5yVqzaD07WjUDEL46GKDhEg;-aM+t=+p+q7IQF#-QQC>})jH zhokVxWUs9RdCd}+*KQ*Hqdi-fPm}!rn9N4vaISjQNn-cCJ{AtaqRs@-rk_Y!DOl%a zyN97qsXPxL2`^&N5p^*YwGHZ`_nCxcqd)*pKd)txzXPRLdA&sAnd2 zLk+I{zWM@tG&F=kwPX3Z2lKy%@hUWJe?WfJeclNC(DWMeWBz{n%=mm0#tk~<(USvC z`BMo~K6rba>ndGn*4uk&rXF61+N;I(9;?&b2UwHw^}E$fubar8M#qa$eN#5}EkC<3 zUf4KTe#id$iMN@GLWD2Mx(X3b(5dgS<(n_c>HH4oa@gkOaAetv`5iM?Xvx+wY1=Z) z+9t@g7D286p}>~QNJ&{fsjqB>@F&3E0zCxvGFhkqj2SP;C+*F(2Bv<^I!p)57!j?$ z0nz#?D%dSqItmruRY(i}{k{3&0iQKF>+DS^VohhEpggUG?4m%sUSEI^TTx0 zd>)(~sAtOnU}9>`{tBzX&qvfW{7t8y zYs^SPF^txqy78=B*NKNV1_#qM=C1j4-yt&k`G%<6l?p`hd`YP`0SP7Om6;axCpS{q zVw!HeCZW)f@2l?~>Wz{fT5D`{OcDQAQpCG|AI=t))EsvHb?E1x8Y|WqK8(D@UlO!) z172|q=-;f}$RlGb`KFpsvC*S$WF%%jDK#|9K;l9|&y!s$aB?1I7KmS&F^*pDef5Ul zz#8qCUa>XRoxRoQoN(s8CxY6}4{A|;H>b2m6**|E$QBR9m z&FV@#x4+-toeaBU_wD=9YDDod8^Nbo-kD01B>#hr?WfP`c0mp^{K3neWI3w*IzrXG zTZ!w@V*5KHLeP;-8{8XpiAv*w%Yo1ax({>*3?|OtzFAPVG^J2Zo7}Zm{wNB#BvTnl z-qLmvP2ls)NMruK(S}`Q0P(<;Id>l}(o!k1UcMx+10H>0nION)5cXA4 ziz{BTPn=L&h`~>S-bb}PDEXF_7aR+ZO}d|uZ^rha&kE?nDfh|;6FRz<33=tf4q@iD zIb612J;VRRLb|TCoW;%--H0Zs7oi%;`c#wVCOiw)+J`-FO{GHwISt=x6Uf6%k+0t> z4uhkdn&Ee}bp_1s$z6d|_x*CfbA0GBPmj^<7NVOGz3egka@`M)+L==lk`S@TVc@r5 z?1gaoqwuOTR=UnerrZ>0bTh7hXasyuj`tDW?AOc3I&~@R;C&{khXWV_9ygETqx*(D z$`?dW@@PASULwApW?%5s+R!SQ?(PJk;2=ocu-LD%#daCc|xQ(Q89Tlu=xorL?XkQ>HO9&5&b96+=q$@}e&A&=q`V~3)+6%t9 z8qX0<4{FbW`3o4V>w=-TB5dzCK zq$S`)PcJ%H^uq@zABUp>`8I|W-oAbAB)mW!V;{u8M;c~4g=K<4O1O)z?5}6Qw6OE% zViE6dl=B5;y?*kj=U+>Kn6*PbSg2VN-19Fub>t5O?=g2Uv^IlIYnxEyDCD2>V{m55 zL*XsYKpWoW7a+sba2u8KF_g5X@ZPEPz@9ByH`&q*hMJ2}_zM{SO7sSB2#4abdXKqo1U#ku zdJ~>{l&KvxTj06bl47&q=om#;pL?;3wDTWggBWi5cc~QJl5hAKd2xD)cBYwGU{K&@ z8rvv$s$+qp;A4zAG(*I&MBX|Us!>!X$7c8L*z7i6ojAL@3(0utw937Ov)fDEq6aR> z#wNgn(h7NB;AEQT1ShfX#Ufk2T|3d8EpVh@XAOJTxKKAqI4N(ZW`d~IR`YvWb`z3P1Q02#tG4IBQ{6~)AP+01ncZ&rSCIVn*rTHETl3%jC8 z`Y!o}X9?NXTf)l(ETRL8UnVG1Xo7AatIg?T%|B8ROkDxa{gG!cCkrN2*-#u1 zPvq*F{eo{qZ3+4P)eBr3`Tcp>EY-D9R6@V&PZV2=4Ny|*5$I@E5rN~{5;~te6_*OA z(*E)kS~a}EG!ggYk~ZSX0#bJa6NBa~pPz~n$e*M#CHOz7#vTke+h8LS#!yIkloFDn z(49w*rve0bWD9w_F?8`pve{FN02Gy$$!awQc~d@ss6K@FlJ{@-pF^J!-H(ky&5*j- zHOAZUqOJ*XC0j=hxkWAfB}4LUs5zWSj+OKE_v)K7wYrZ}GRHki9afhE^?Pyt?eb4@ zNbiWcmJuU}RLKoF&6>*p?au!5Gc-SOe%|V2^YaE>8WFk(o>!PpOG6r7*+4UmP)N#C zdGDXT1NfmU-ur9#7K&2FMm7o2Cd&nc4x!J#(?{=IppN?&9z#y%I% z{M6`OiAg9T0=jOvq!99kW}ZU|3R{D7U;)^W4ztFaO3I6jUpNiW=2O7RBkBdu02x)_ zL~(k*fbE3X?ONcZy+x~AtTZjafTPMh6Ep{mcqzP{SLRUeUS2HU6-yr|Y3T#WVDkC~ z8awgKei89sjb?2(jK!m%q{7pYw#*Yr)d1$bPorvIQ^kg4_<_1;BvZE%;t)vT8T=&% zjRFx>N+Lqn=M6}N)&_MVq_x5~q;oM&T~hwqe>R3ZjkB@TgyCZUUuWTJ56(g;VHP@~ zS=*vxl4gPTk|(@AeB`fS_!x6nJC4@Pk~DuY#mgA=;v7Io@1xqKG%&79P)X~J-%{(O z^Qr9k1fo>4f}^ww?1Aourr5GkdBvtcQru;z>Tu=@R%fp35|}FTFeswa-OZE4hJsKu z>$Bc52DB)&#|0#{=t<;Z2&bK--0{sdq2Y3_Kw>YZj3pYNRvL*CUm`7zP*g$G@7M1^ z;iQkfp*Bp1g-{x*yes(}5gm-9(X4U+Bkaet*Dw+rZFV#Hu~HIi0GtHlpPY-3mKX{> z#gZ`7Tt>6TL-o*y@UnR*?$^Z;L_F`y-LOHIlO%JH_d4LUSX7eBHx}VHna+AKxCu{r zX8uHHJf7V*L=)7{Zw-)Zq*!?j&w9J(jL}shDGPyDbeB85$M~mq;}wl3Vzlv325k*z zT{jE9dW~DK*s?SOYsNFoxd=_tb)KP5EPV{c;C4#N-)(fruLtI&x8`NoExCgAXT+Gi zC@H@wqk~|5zSDZH=4mGeQ9kF)`^L$gb6Wph=|!ffPAGa9hFnct)-gN(Cup>@dFFWINn1^jTg^chru6J&Qh^z}< zD+e%nGWBM9(|rxbtUJ$*LHy&*CE5I_jcnj( zDzFhNhK}iX0)1p*Q<5y~tN^e9FPQ(LmPgeA{1kMmP!>{Aq2y?|nTNEA0TmE>uGuw| zyjTReHJpx)EOM)G;7g1Og=yJfO9Rz&`n`EEL8(z1;f6!Wl)J(oIv*dfencWxpG2Gnb zk9wKay6ni8@N!Xcx8rqx_W_X8N!w;urb5%Lc!zNd(8ed3$vlv}ThXxeJ*QH9p2gl} zt1!FQI+coS(U&K0IByyrTJQ7YcO zK(w}t@&QVm?1@Arz8Drx+Py%CwrUXYUJQsN0*^o{o_1mg1>Vsax}EUDQ5#y8j*Zm< zL!?xUV+`RCU=H!H#pvsBCTKm1%54^>GBZ~QoG=RYXK<$M%{WyOKdnVfnQ4}|fS^2K zL&bx2pM*JCWsLPcT!dw?!PJy7QT~)ZOW3_6yFq$f2x8*g^6;Yg{iwTEWLgWSBITHN znV9}!(!?x-`qCJ}>~g2vX|I!VD&P?IMhJcIVl7(7G%0RDf|EXBCK?U{lF0sqWug2y z81#wR`?fljB}NN|zBLIxJ11I$?vW@SW#b+!azv_zf^0+@3e39aSfGo95nET#%zGK> zpIadm&B(X&&jsKqoIwYPEs6<>AJS!4Qy)Q*Z#c-Fw==a56Woe(O#GHNV=|hCzzJfT zm{+I98fx(KO~0f0x(nVYO>CPv4Vt)%8N5S3HR$pj9H4x|=foX5Dm=}IS4NyK-g}IB zI7@kLFlHOS5mQ@-FpzojeO=Rl^5=M6{^Y&a5Z)yWWiyJEtcIiDSYHU;3k78%&;z=d z6_q(TCI_0Tm>u%J;ER+qidKS7VW<3odiH!wm;SXw4k0E$H8%STO%&)ArGg;~6H6pW z)))o{wso|Q#Oj0EWSWQu7S*#u?Vs^kp9?_!n7P5(D+FcZvrKJbhDCc?&yPU%Opa_P ztKq09Zt~$BS&X%T(J({;+yd@qPEMIq{*MC|YH${3#=~UB4yS4-ql|FCGw$Az9nIR) z1uTLbF6OsWM>xVHeUZ)oRa$ZOejC3%2;6F!#4TK&pujNk-k$?6+ZC|k4s^<`u1w&r z+sU1FsHm*XfdeDzzHKWkD3(Ju2v3H;b8z4Ql2oV{4P|}ewGkXGvilse>-wJK8#cl3 z&{c?cvHL%i$6Pltp{t`8j;MV1NkQ?jxC`?wlHx&uN_-gE$&|9v;s#Gak-p%pQ0Pb3fPCw>!yA{V6VS9%Rs~y$h2BQu29;! zsa;kpo&{sEJG&Vp{mFIi;vDT><_*~CA*4-{cE$Rrz7u`3{{5d`&HE(gd4iTIOVImdOY$j*TGYRw z(^GUyAC)2Bu$1(LTZpjT9{nD-l)>l2Ll+TfIYn5}$`Wi!zK3XnQ1)v-gqK0DXvN;5 z8CusFo|mMr_c={uUU~+>eH*7#87(P`VR}4ldYl&Z@K~H3hc-ET3d!5&q?)}m-oC2> zuPI;q_kgprf&(7PQDJt?6y#2E0&Godq;iUOgg6yvjB7Y~J#Ykkge+*5kTiNxDAEgVjM?n_#g@bs1bX5KB*Z>0{=OW|* zU8#anksHtT1bq&$KFmf=BD0-V?b4WCAhw~)%>&qljG1pXX==v~NnWR-`keF`>;_2T z^*QTfB24>6yqobMHx%2_BXF|EHpwB8V> z|02_GV;k%YULrEJcKA*PAJb>!`}m#8A4H~6r&^>>|E0+E=?NWe7)t^P8pJTp2!D!9 zpDp;-0~YpxtlS3l0_F5#Sdgxghm7uB)onBl+DQOpV%j$rlY=$NEzCawZ# z6egBbcg(@d$C8SzaDM&?&Xlc2_xW3Ge8VofHD~81-|%OYc75w%B3NZcfRdo8S zGlY3jhIW~9@&Xo72bNH17hu4ZYv9aD=Nn#U;ZRKOLxPea${9j1gPoxm#s8>UR!FKh z*9Oe4fb!ZIbzwVGm%XSd*uMKW{&qi&#mAevqR1JWG;L}9Q%tRg;%BIb*2reiPhyxX zR37v_k>`FnhLo-?H1|BnPUt$TobS}GpkZe3I3G69rBO|P)(3EB2ST}HKS9}W4ra(M zzmZ&jEYuI@#`y)@A9f2iqRb^7Cml6LW(@fS)D@NWCcQpd%*f{_B%flJ5x8gv|ED+V z@O}Z4uksD%@1oJL+5ReW1mRZzhVXW1tXNk2Sql#0zbD9#buhOb)sX12_dWh~aT^c8 zH=Bs4y7_Ii@#x|key;oPE1hz2GG-{xxDDR-6Gbv zA^|JtBA-*)-4?#Kpet09O00GpWgk;k8kY6-U(3lMo5fkFIy(<|oZe+Kaqf?tzO^}K zwDQxm{d^<2;`>HSzBW~bnDcUxWvkhj+N&GiZcDTdN0V?(5SqJHy`Ibu=9+QNcD%`^vV|nfkUIYe`@K#h zj)>${DM+mxCgu#UzVj#}R(D|JJM=J(Ez*qZwFTfPjX7n_xaob?;36y?`VJ|$R(hOX z`p|b&T7BgxD|!I+wo}U%J?u;T;_3uwt`t$^<(!|~I! zT6;fDSS?`jdOpoy&KWmqfc0I4HlD45%>8e!0?y)JFVq$RHV|@~*X(11w^C1lX;Df@ z7}|a=Vah@U+LS$iE;hkwY}Oil_(-{c!2b0}2KGUw{?Ndls)IdM2Yc$kVBZ0+&?jRC zfIZb5zLNS!$g?FpXd1W0J;b218+hGq4@bjd{laxexVGo z7v%W~3b|EXfbJ%XyU3&{W*=$f+W->Z)YO6PC;1)5W%S-SV7~VR`?_|1`+0V`-5yZW zCEtjO3CRiZFktYgaM>0u9Ax#4v499a1W)Ic{}1pquKK@&Ck{v zG(GcCfqa7b?Hn^~=68(Zx7&?@4)c(9zAd1d*kgs`+w=n5vVb4@(u|_vcsQI#2}C}C zk6jq0RGnwkV;UsOqx?R3?l~aS=j_cG%Tg`9y{{CSTz;86w-<`{+9~v|dP%?HaeK75 zRlVoTl$vx*=NPUQ>d#;nikeGtcAznMJU5*+hLmRi0?bN(e%(G>cqSH&MyJ$Vj4&F= z_%l^2wpA}y7tVo|Pz@`M%+|~|H=^f&JEd;aOZl75NBLwx`&)ny+fRk6soEUOfO>T! z>yqqi_3?{QR9C0eEQR%YFE`6jx;V8?KCY1|EFF zdI_JW%|POGw$CSe6>9`mazrkzVU7n4jbc43_0hP4=OU@sEKXBkGoaz&==ywckn}s$>cw&msNH zjw`Z&H)E!h(_i=+sB!HQyBxGfDMzt;*9qcWW}|123RlxV zcN$4O^8hM|1dt#))p<~&z(0^9_V?sR(R{~Q0w>_( z_o^8*1T=ZG`G_zW2}%T1#;6jgEEAQ& z0{_>4WFb@TSr~f!kG;`B-`n zyhFbL8l7Y7m8=J=j!V|r`IX1u|HA5bl2&rY}7g#R% znw}>!Khm7Ug3OsH$Q&g|2RY*j(hT!t0}l-J#|x2h&XDAM`oA2ICqt08(X~LZ?%7z> z!n)^UQ48y~8T9~sbz8LpP0!-#lZeInN$Eld#^3v1Ovc}2`aol62`how*xAMsDUtby zyyEil!+h|qi|L^p3UCRyOWHTZmMG)eh&8wCgb*kz0P z3rN1dJX@KNF_9ROf%$p%E7PHOZmge)mrXh{?n9JZtl zW1pSkpY~H=-~JiM`tZvv)@fHguA9+)al%l~OBm;2RP-x`0n!!rgI`Q;5wN>nH=E3n zwBbbCD3WG?R=Gu8gRRSF$aKj7^sFYMPHtv#?)oQC8!&#`epVqBK*lfuYU3Tq`0aSs z7+;6}_474`nmki{GYZuM&ohUs5pcBA$%OmrQpN<=YRbtkeocN-nL@IkR6Yx%3oJ8n z1#W-%lR^7K20pEFEaeSF2V&qScKk-?C*0?Ui*WP#ghJK+U%<2Q{|cTyF;4Zn9bm<0 zS6)Dul)ibn>iFO2j2b{y4rjdR6ARTp{fa?#9lT;tNy_zNu*8fSUeR}VF1ztSZcBaX zL{yaT2F|NGI~jDOq`!HdK)*nXzmY`0V$f6X&xTJ7zF&Z@m68V~9jqoGa-K*Auw@vA zxLEM4&rhqIL@8(ir$-CXq3)3q^1ng#-e05TB3(twr*(fc=da1XiBJa9uFkI7O{up5 z(DQ|;$vrBLwwL~zp>42)1&o5VBr!JD)}mkbMhA$OgM1vDa;9$|qs`W(YLKLAH%NnzcF6=rl= zomHkTI}L?Wrk4pRXp9Sg=*f!f=JBUuLsH&uvL}wHS3N|{)s7Xo5@6A1EfC~Vfg;B# zFgm%UEPgiJJ%B$q-ZqnCyEc}6l2V#Y;}9pzHdUL|t2VIq)3N;m|G@s-iRWLr7V$!x zqioE)NMU(y;9xXnNm*tQ^Y#d6WlS5L3n(Q*G1rkY&BX6$SJ!sZCDQ^ynFhltvq*{! z4%5;y7T1vcc8zZQ$7{Vy8oRq z1~C}KD-u-e{g~p$e2M|oCAk_K1>y8I*mS$IF{HFoVk`9x=R{8+6>kX0e)WoX@V3Z( z8^}KVc9XoX>!AN+O5HyG(z%`a`$x|5;UZzc0ZWO=_cJdxiMCd>vfMRXg+V1N9ymO=clwYi7Mdnj9& zaJyMdx!a_kD1nu<27yZt7LXbt?9j15@;7h6M@uqup2WW%bY-HN zkrH>GNv#@I;CB@44HsboV!?CboaCEbNRRs11EoxDhrbT^>l9Orh@K)!@z#CrkI{bm zDlu?8RpR!dIBFjtf47j5O8L7n(D2tWeItYCTC7yy7h^eh`AdM@4spsYVqOc#ST*NK zTpKd{z(ct|UAUV-W&BZ}`A@np)MRR9loR?W1OcPM>8my2*p5l^r+w|6CfrJ7WE1Y>90NWeH1vr3X*bvbJk@!-_NQx0dsW3}y z5g28wbh~)<(chnlN_oqmz009J(dUR3%OTJ46cnth(lKpd_y*DQ38r!{ z#9ztyU;})x0Y2CO9}IdvchUMT=5ybx<#XpwV}5DC3>bg%e9uTpH6k6AtO57e7#9~M zcujXO(4Fz1>r3`vWPFOogSa<$!_m)z#mfD)3obs}W5DiMcGP5wj zBFXK1!!fe0wDO*JNF=?*DSsyhK1nV0-H<0K3nG$YE>)J~MP?|jyiN&dxb;xwEXn$T z>u(aSW5X}$_PH#A7QXT=cHV5X^P|$kKNCGxgXOK*3v7%z`{h%(IyUu0@p1 zp~uL6EA(SZ)A50;1ex6N5GRVKbvSyc0vA>@GGPGwpUS*7n;6Gy<+QZjZ3ugf@{E zpaR0vYIa)RtPF>5j`?Fs*26W|V8D&QXQ{k7ogbBI#USVt=2%UxQBViUR}B%Y?Ulbn z(x|21I3MlZVMH_JOs-U(!vWvs4}X-L4<24G3_bn36Vbu!+2$nk^t#qki>dg{4hn`a zq8WoBkl**cf9Q?wGHY_gjZZVKaiRzngPQKaMuvWlf-ZsC5cpA#@#Y_hZNCg-h~d@j z8FdWQb;zHF)9tSj4-dTkCMXoXUhuK}uUb5YhZqPy-Vp=g!>!0d|B{>pNsDD8{;py-)waK9BEBPu9XIeEu9i408H>zBhHvQAH{pZsIcPK%Py zmx1~ZKKXy$Kdj{tn$=S(x0PfWThe3>5U*fsf=vdW=QhWqrOI>LMecwkJC8`d5$A2k z}zer&a!Ce6+Gd@~!iu>3;aON7;or1^PO!e)wmc1sW3?9CbcHp)ER`@;Nc@ z-y(MoZ$uP+pU?URdPwOzn4(%f#*TOY)8M0c|p2z zf1aY=LnoVp+Le0|fkM`WkHa(UV+Pu3pbObqN$y5#0}6 zOU94?-isCiejt>oIVjFv#>${Coctl$pSxD@x$bS+@L8yZ{f}$v@V7}RxQ8E=&*n?p zTdQBBy>)%)ADWE(b}KdN#5`lMb~70i>LLUo*RhR((05*+Xw~Oco70UH4bweYpHI48 z)29{Zp7%aRexYopytI`m-~=IR$OR7y{4gf7P`_tu-%D^NP9Bf1w%n>39;dLkN&9zj z+bAuz3m{#G=mVxpcBm5D$$)%Mz1&NNN0{6JY0gvIG{dQ@6EGw^YT2VGp>Q8bd7ttP z=V59hhBWDjG_LIAVDV1x7p@UbWvRhw{gn6Av;0;Bz4Ch`NuqB~jzzujF>TF)EP(@h zL=5SmJbk0#JLWI?20GUFb1^=$cYlLvkMr6^v|Qpkm>r7>$GHW*nwceHrl(UYp5B_*+`Nxv|wN z*el5Gp$};Z!(-WEjn;=txh8IV6c?+XDOaESo&~sGWxB0&%)GS=mP3yZk+fUc#4kvg zc$di{T5qaykYla2v*uDV&wHPFu&IC9N}5du)@k*%EpU$fS&-dF$c)wJIHE-sSo#tw zZ*CHNztTwk5wzG|y-kaX2Gb6k^9XGJP9#}L^mYLFrX;{efgvd)u$Ype0eDm=X+7%j zL;%mI7a@Ruf>~SeeetUG*|TZbu3eSsCsgxG$-&%;F)Y2c1%U(p>rRU81`{_5C$3r& ze9!2|o4Wp`0mHyaqcDRPs-p5*gp}EUJEKugpTZIyYw2n8IyK?UmMDe}cKeQoup@?f_^(eRXQF_PZzaVGm zA00bUzJ>V*26xmz@u0N#XqYGvOWptePm-bj?D*}SCjbXr)}Qzx1`tUWhSFAPW(x!9 zLvLd$Dl>&J?ISOuJgAIRpQ`O9kUkJext&djhV>eu&>1y8N5Sl-%Mbu->~VQwCbpp=3=!iXJ$GRuq?<}yWHxIpl9bfS)uSc(?)s+C&A zCmF=KR$lOY3gRWSUz4AtNN9fK98jvnojL|(rk~Pa6(pyqUevHnqMd?QaI<%d` zXuo722cihx2A7J8twOW1vz2RBcD6Fj%Fc#WY$&T55f4k5)ii;TvSIz97U%*8pL-|jqev5n)0-K60l z;EA59AR&Go;K2w%!2l_yg`pR#yQ6*Wlaub>fXDZ&u^3#_V>ZhCb}`#dl9~O`XZC+0 zhJ=SLdsOu7v53+Au8V;MouLdTd<)a<&5>x<&3@GPxsJ)Lbdn5o!#1eD33ZHGCyS(r z095K5?EW-^4%NN(LmiUUk5PfEZ*gLvc@YmkU~l%RdBiNDbvT@X=&L$rmu}fKGU3&y z*bu+H6u5v=GbS%-&b!^QtnH8Me*yF&09|w)6%MI(Qs%G@$%_KBJ7ROXo+@<_XUcd95?n?!kH4x^BOno$sn zi{)bol0y#Jqk*Wuc)VZoWnvcxpv42&B6M{CyK-IVP_A)ULp57P>pYXYz4_-TAYTH# zL7z!otT)ri7PT>@^PmCR`pi8$&vmV~-K6=JJ7CHKhfe7EoC2!X)y=q|Swyn&Zo~py z_~q!}2~$eeP&i?D6p;&LXEWwuvF~IKVNO7z<3b)f%SPo@QeOGM9op359Sm0{W13S&Y(wo`44~o9wdj;lj{irfVhz14ghkWBtDJaowlk0+L zYw>tMg>ltT@F>(hYBsnJhu6YmxqW=60DB7_9x!9f72og!ef=x;Ig}v|peP0Q=-y&^ zsHDsQ1|5jG*$DI;cW1k(m|&^#dgJH}YF&^IxLd<1z>PSS1s1%f(2i*_`leG}V9^vi zedEE#oTIe#e}<{zaRRgwN|XBI8zCVQ)qQ1!!J;;sn;BOhdk`uW7v^>Ye4-{C0AT z2yQx}r>634UXVgBo@E~$@X@*n{pJnof~8~=QVTy+X(_$l!%8)?kF6=OFqyVKcOJ3x zOyMMDDA5t8wXG(zzz-kp5qNx|+0G0T|F}Q#{-79^3D1FRfw{0a6*FukGu@{~{lM|o ziq?S3B3W-W)qLrOCB4J!ELvcyJi&DElH4{xel3yWx6UwY9Sv-Mi)+OqS(@0Y2E*#+guV4J%`T#D2+Iu(6Brc?Ctf%~%lmU&>Qe;(V%DO@f zv;v>z2;T2i=ORtJr9ktyA}zT(_qRwfF~q$|y}trTjxtPLM4zSk$Zi(FhOtp2H_zu$+6J2 zmIUtvx~1*D4)v~v zddjqXPsfx%2NajmD@b#S(E z{h|=+#cq?~I}XHld=N12Er12iVp~lm177n(dT2yR6#;5rZ7f(@DRPqsr&=UDSDq# zPSEA|kR}fEe5%9mg1(5&mWnFOm1CWXdjYgV6rf!u<2TXTYUiH`lDca*9a$@Z2lxjI ztc9r&mjeIyg|^>{f&LdVhZpksabbpmbL>=5oY`oCLoxJ@s#CRGG*7Td!GK3^OY&## z*I1DLmDv=obFRfH!!M^p?+YXV&6_ zsT=NQ33x6fyGZ8W9lDrI`aag0cVKz~^yf)#K0F*ju(vvvb9Q+TOKH?k=eVm}QsnZ@BEe8I<)780sFh~JMRbbusqKuOkh7XEQ9XH+S^+;e-Z z{t;lBO~fucIz-=d#1;6~fsC>82qP_k0BWjNn-DnjofsKqWwyF)15A7>)+SR)9E5W@ zliDkR=hspj!}D4*!?0-<$+rsQx~gf2%n%Saj%!uV&A??DX{U0Ee`ddkDT0vZJhc!f^5ODV~wi0v3crIv+knyr{edW z3)nnW-GIOTv>-Myepq~w=A}*BVv^6{2To|m8nzXFf}Qz%MD{(qO$g9W=CfB1VLU+> z1_^|&L;sGY!1w`r=R|sj5w7N{g1ld$&_J?dcr28hqeBbP7Z1bM=2ULT5fxXCS-WKk z!Pby>ON&)X*_0i0PmhUj9D$b>0Tl0kyN~xowJ10ifm}4Q z(ddf8IR!$-f`gdp>gg7FZjR^dV%|gXK4Sfx>x%b7jxwHgIYz$W0Sel=?uaC>Yj^tG z&&4ae2^A#YM3d+Vf-EpeGLJQcFG#q*M>~gTE8lPtCSkK)!h16*^l1$mG<1Pv7|eGT z0if>pP(U0D4}%CWMc%=rw(9Pt6R2+AA$WR0lHX6!EOE=&^z$H{d7Zca-H)4p+%O)#(h^c0({ngbk^u7d?$ISTV5$|z{zQy)e z|329r#nQvbsQ8?v^{r;H5XUs@neQ8_$iaFW4JG zaoGOqq-Mu7y`85M+6f_%y)hMw4EgBeC-ov#2}RKJDRdqc!6x-0WeG)oi$%VojqvF? zy=RaY0S7Zj78jhn|KJmxfy2m5BRP9PyZ!$5*l%N>-zo6haleYc1+)&czU|(LG-ZOw zy{(z+B*@=d`^ER4qzcghV3#|jgZP)zF%TPPa=^J9Ho6&XNaPEyXOp`14c*mtc!r?c@1ig;K0S$MR8}X};kXT95{1ZX1&GH_m5d z>L~83l$vslp)P#}p@%6dA?MYSORL z6iLzb<5VD3D_~Zu@a_94aq^)!@KP8WUv~s;fnY8wPGuS#%8C)gWk-&_q3-%BzUN=U z5MStT?&*PLTn24XdC@>_oreMZ`7y+sG0FS~7W0 zX%G67>4!>nXP;9DbI`*3L!xgg2aQ-z{b2P={8azIFndc8W>J2hZ@7n6`2Z%uPMK9c z2&&d$X0k`K7`7IZQ1Cut%qdm~Xc3~_>zS;;Wh_f1a3aq=L1aKu9IA+CY>Nz8S4|af{wXS#IcdU}!w+hU4Dj8+f`i#v&K| zZ$P2eLzf|e?$fcnfgD=2y)d;+#48|uBDRml{eK$gg2lr5?{>}shM#Qz1gfr2KvWys zO9P=R)KkAj*f2XJR7rsyv0au5keC7ZY^`PjD048V%>Xjcp!S6dZAd=hzv# z$L!g3mmzT>5-oONSaLL+Xhexr@brwQJn0~@1js`vARGt@L&$qPpc;iC^av&|_RK`j zT7sRNlQD4fE@#aApLD11naqnjS}Fh`4X3I z-Yi_lJ=JdfACOrMxWNccckpDr=?f$oVl29d~GP6fN49v z%}fYoQMZO$%6oqcubRIE3Q=cu@eQL?Lap2#Y`VFxvIAMaH$eMIx()vH`fSGlehuIGeZS1(<)c=eL| zR|(h8&VU8ry?dZc^NrL%-I_~a7%vZr_s(PQmwv{2zp{Vtjad0&z4zfB|1Ufdo^Pxe zLN^`bX*N?g3S2v;cW7R*sLFNq%GFB%5cI9DKXw1I`E3r%D+hlV$tHoODkMguVAyWV$rJm+>7pm z*+{3^*lxn)e;OcTSMlB#OmRSlA|Suh02$XGkTqEOavhKq0wj}fyq5t|lr$Us4(`S! zix7=Oqvw=s8P0+g>pS%N=^p=co`{)myp+|iNg7D=q7|;Iujlw3Vru=Vs%nD)8;AgR z*?g4-{fOnf_p^+C2mqfemae+b1w&4wA@9aYH*1xQfbf{zWm&y-5g^d-@!bR+q71_K z%v8iKK(j+B_ysD|W2yU>U0r!Sx2qB+^!nK;*zg1RSkfz-JQ3JF-%_0we8c~wXvkhn zATC>7S+l5e$x^|}0sdn}QLku5RBkBHJIl;q3xaD9`2^P>Hvc`q88*+*Msgl3o|?|e z@;mIXAy>6w9T(McjaW;c$KcuF0IT0HBej3=rCRZo{fc{kjNRR?gPH1yEaw~kY}CM9 z2`}rdI2*io5f;2vFPKJn0lQ>II<4zRr<2xo@#@tN!n$r3Q$45d$3?viYZq&y8U{_D zm)>tt>6>d!1uSX`E$Wv*0-CLQmqR@MUwI-HzVUDxb=h_*c~2}|RJmf!)k_u$)G_el zr(Coxw_+#cprs-3Hyc~adX2RPFOD66mRdA0eh(PYd>Mg}MA=``I^WT+bFT}l%uA@E(eQCv zm7M-n>{#Ursv_*Fs9asU=IX_(h3iM*7*;J^?7Dxoq}VgW0>3zlErm-r2-n+zpttkhuQ7k=y)gi=PydOeeR2Rxd`=g4_10S|7P)xuYxu}Sm6}(q zUc3l)@*?P0+sV)4+gS|2=34+l*J=O|x9TQ*^A$DKTu})XxLvC&?{{hSmgC#b6jpC( zZ3T?w>cv#A6yFG1i?vs??N6wTRA31_h>_&Wu;@KnQH^>p?R%E7q7hj5<_qJkRxVn( zlx>iuSFf&s@x+V%3yYSs0aq=ptk$>OQp9@nQTwP z>9OK|{q$Hxr^i{~OqxqspSM&kUXF*u?9}?xOIO0-(84!_@O_25vO<5cx{AFxfiK(@ z_f_i0$)Y9fIQav<_(EI0MQ+z}n2U#Fa3OvWTpO|2)yWG~885c#K6b|6iN!98fxpzH zgTIKtpNOxgYv8Y3>e7K(zM26u4&QUJ>iC#ducGSTp=Z0w5V3OUvZZ?U%B8IOfAIZn zvFg>aqqmZ(V-EP{yY$I(Ez+yI+^qU9$#Gs^No`xk$t6yNdtGx#o2v(xF0HtF(F#^z zHWWBr4M^vDNB~rW9RL(QUiE&gI<GjuZ6T6rwQF26 z^LA_wvpE>T#&VK=p)E%9>;d9q4P+mvV4A?R|9qTDzGFc<>9{-{QzT_=O9ffwJxcyV zF*_P(q@YVTe`kV6_!3F}vR}N=4Hl|>1z!4EH<;aDP(}nV-FVE;6}k_KDf7xv5z1}U zG`gjv&=reH%WC`{%5MnN>q(Yd5wGKgA_}?5Z=xG-&pLy_{j7*4u8Pep6-~3aFLt5= z>(3+~-o~yauBtdeTCHca%W=9Yy@%9z6?W_NeBOI2T|sAPjhJD7lBpHcnM3wvqp6*b zS5rIQ91QAP#BLFs@^=#N_|mhk*61EW*T`BT$QVSt_e3u>=DH>Z(a)eIm@jPXFuDt5 zVhrQZTfOXJ;uet7MY$X87-`gK-zam%@*)bf04+?-rC3K~4_nwbUSfn|`Fan!4~PE) z4TYP(KVDT3RY%>2g_Jer_SZBO!zGnB3BKva?XM*WkvSm3^|f~noCJBYRhK8*L7vof z14cW_l&#e+{BfgQlPOR2ktzRZ_+QlxjIfhPIbYWcz(6jpNdp-^Jh_#-MDPTU>q>we z&7UGBzYBxN?>3U((Z#!utM$O~@}<1Csvn8n?M|*uQ0z&UUh;vz*Qpaa^%#VhTTwHo zNY!4O(VSvPXF`<1e(}(Y(Qk|e0uwd;e3{9q*et4jCMs^-bA;|gLdrem+BNW>*2gYB zWM?Pfqo$!(ABW-z3O75f(yWY_!tKeKn!-()*&R&?m_C3#*E9Zp`iefZrMStFffocK z1-_`|w>vBB|0MI2LmxZjPwn0By~Y$5&WI$pNqL=>S07C-H@j^5pDb8BS`c>satsIb=+1j=_v%bdNG|H*iEl2_> zT5AX$z8t1+uv$zbgS9IsB~ShWRpVKu95b^Gg3$rcTS(5SMN+aP#a>UE7| ze&6|)55(Fh;*+ptKhn2s6VgQucGo>3hC+}7>fbCzLwI&87bRUFj#489c}ea67xVyI z#OBqJk0HvHe2-1|Ah!7X<6Gh_K$8j#Z>Y>Ot0NxGFzjLp=GR5!o}JRZ3d$$jZmmS7y`m7Qp*^7~uZ(Nc>)-oIs#qh+b_e`iCH@luES_gmP88cD&i9hPE# z``nD;CbMY$u<9lj><=lY{m^lT=>Vmh>wpo34Ot0Fd$vSv2}H6CPh*fW#v*`uw!+sFu6pT{|<5)w-^Ec2}WhiTiWA zW((L%=|(Yfk_~z&X90!gm49vLS7*R~8xV^5z|hReF~>9W$du$w%E@)eE=-;Vy$+@B z5fB6Qe@eAfvkUBzbX8fBiw19#(0_PWoo4cerOwkzsag^sliaF)FjX7MyHjIB8EU7? zYitbnhc7kAZl7gS94zYo*Lvk=LV89h-Bf`~PIlc{e)16z8CQu%HYN zqMf%#vL0vogf#q)+XLf6c&ph1Q_dWWBkMv=DI25CjME##bWg+gV{>UZyB0~#34YD5 zE-73l@~i%}jIY>Ryo`UR?Q4ERX~DM2H{OaeEQm5sdqHj$ zm3#6fUxkShVyHK`7~3g3I&e-zD;W{-D6FAjnkvX{sK@d{$c|3kZdvrb&g=$Pwh0&u zK}$W`ss0ZL!r>obJP9pT4sR|tWs}JbB`_ePTUd{IWE_#0XXjt&xax*8%nfhWsSLcQ zs>qI1ONOL=n$OHJC&Od0K8Oa2aMpB)zPXqmK@H|>hW01be@+I3@T|`_xJF~LRHVc9 z*H>cRGnRVte4L%>Z&8{93}%v#>vR>G>&N12qTx^$>mQ@wUv132}p-R=(%o_W{M zFyOBi8?e7lDVoL?bUmuof45Sz_dlv$i4d{6CvXh=9wJ~-0#rxByJ8ATHCWP>LG!6l z)}vpOcLV_R?mlh3N041qkk}C zN;JYuXAMr@UzzEwvxDWsJ*n=$olJ!b4pJBbkZsg;b7)c#gwqIuCkT{%RX&CmxLK@k z#f1X-Hkp6Jefy7x66W`mntm<%4()MTKf(F!QM<0vQpdvLOmGx*^{Ibabw3oF-+dDk z{V96X2P)Y7LaCP~A~N*x=>LIyX#L}X2tmJYr0=o}7XN`15r>VM_k@fpFH8a|Z&t}9 z$&Vp7l4fV& z5oMD=*6XhGJQ0rf{+3LEHgChsEH~Qu?dbtEUGR-)e=pNetPF=^dc?c$p#jkFK(V}8 zq86!ekeWfxh}2YvIwWN?0i|qiX8upjnmxKxKJE1Gm1MWco!i~cZ}&U+?dRL&fMfgt z(Hh{rf2LGt^EjvVB;UZ3&0v7Oze(0Y??@AtnqYx}KD?p_3lk27^?C91Oy(QWnHO5U z&LMwo_k6TLvL53%zKmzsp^xH~q`YI2^-X@`&nWWNQAb19noJDU>_@UqVZneAQoEgHBsjXX8k6kwmH5k-$ zcTobOi`eta@%h#G{NuZr8`c2vS_kzPG_2_FFBmM*;&tA=0KS(~*!hy>m>;Wxp0f~5 z{HX1I_Ce{)gPZa>HfQSEt698f{9bW275SW%>|h`5WS-N?LOGn$eBQJmuA#|SCudjq z9{)FLK$(}X&bXR3Af~2L|7u0{hBCsbzp-}5yxk_Ex0}ZQlfT>26>)#JHCE|0<0p8jOaT9g^(aI>VO=bdl0- zVPF?+-r;MzV!?#FW&*bQFemfrsrAfXK_W=~}SOz)(kAs`OG3cSpsa-OLqihq{bZE^GB$cgV zUaz1$&HNxXv8-dFwUvJ&Ao0^WDIK}8ZX3`Lkx_;F>N5=Xf70~9G&h|dqDAKEQAccK zL7hH?M^egPnUB<86BbF-CsWNHEh^lRvo%Hy)GT1~Zj!vK*5uiPAmaJ4mExqIhCgz>PGbIj&Xx#%t>tJT- z>W*}j);6*C+Vby{^58gsnt}N--!y_?`wY2p?|DNEB)%d6yYosU#e^NATw+#AU7jAG z+w)R^Zo_gFz-MU85DI;ep=>@vu3LNU{BPUr{Ns2WM%Y59u%WcaSF6LIdwT5+U%_fh z40t#tJCe(YFb-g>@|oMY{ZNO!yB*G9^#0DUk8cyLZM=6f+HCvgbE36{Z@AAy-r@B9 zy9_)c4~gA}MDDC8e^@N<6%T#I)>ovXag<3v8o#xBKH1>3e#LLZT2%5A9H=qhEl!5)wajm8>*d$zO z??$`Sy)gC*9CDjue7h5e|Ch9c;cuWJv*BNu!R(3idcyKa0r44{zO=)rbnvl{TzphJ5AZN}0EjfF3Z4x=7m95d4V^C+g#p0lt2*lQeuFYP&e?MuZ# zCo~0$%{JiRy`RShzb`*&@DA8xUNl12I5a#)?EEM<+hku{rmf(|m+1$R1GumX;9o0% zf6Y%mfo3d<8j^0f8LAy zLPZ({x$sl=>K5o`t2*pj=B%-Xshy#C8C@$AxOZQMxF4#gjt2z8Okm_|U;rF^;~n1v z#w-TL5FLzDIv5StFfdM|!~_C-9Ex`J$fX9u-#8X83|JwUoY0ls#LFi@gyNlVQvF+* z1`v^+kE0CJoJ-t(rNrflq_}S*5u-&NZDfMcYHpCFntG|WRMtybWBry1p$V12h_wCY zszF7i(J-h_``8KvPSm&Wqf{i80Pb1&sVeOKgZ{H1LQM*TTmV&ir0NmNSR%(4!Os`{1Q2q_W*a*tw8@U9a?rX zBY*SCYMi{8V=jhv&BbsX%JS;I32_(0*YG>t=bzFD;o8sOcxc6UEfXm8g}Q4((uIDX z_io>H%KXW-e4$r&)_qMtt<`ak z)Yng6N%N$}=V{KTh~+duqvH<>E@V8u$UuJo|rj=6|g`j6^tm{|MX+7xKrajKl0^s|#8HyzP12(LUt`EmqRHP8dN4=9x7At%*fOgds%vQR@YD|2QoaPwO~@WjzdG zJq%&}a(>iyHiQyw2%GdF1UJQDe@%nEgU?+@kx-NDN$Q^+G~Q#fzMv^tUjV1^$_hzY zTI=LKcY42Y^2MJdXb^aB?{J*R!^{}RvDMznq5Hhk`Z>lC;Tx{S*S>pT_?XAV(F~ut zOiem{0o`8srkBCzHdK(xDk(>|Y-L7EBlyO(!^pDw^c$H8kpcMav&!wSFkbp2NtwR@ zXv%USIDI)=(-x=qpgYgreF#|MWBhirLw?^r{-D$PKJWFC2SphtSx!28?}njdb)8-AiU~C*hcTfhR)b`l!~Dhr!;tGf zZ9}g6cJw;XWt-j5xBIzJg#2D$OuN{aP6&O*Bw}p+gOcoMN9pV!jO!rC4whp1VDWf> z{~+(Rn2_sRz&WiS@eM`8@w_=m-^+&5AjP~E;Pv@S1|84U!^n62`osZ^8DKyn4#+SJ zISMwQY82%#mOKuq1^RUVB6MsB4#=#`Dt8ndW%G z5XGJ_)8f$mR0R`zj*u2-b+#n0&StrK(D(|@yagC(uW2V@queQRos#tw@2wpg7jc>~ zov>{T`GWyqJz7>_WxgQDGt3P5A#C!>nd%02DJscBGXWLq3Jq(91}UF27aOcGdD6=> z5+>iiYXh|ct5!VzAfePxQxZ^09TG<=rti>DYA}5IkEuUC?KKU8Puom!d@4xkk55X* z58zY!!1xrt5UL>h0FmgkncP=uCM4Yl`R)6l@$vfv>ptGQ-k31zwhX2~kezM7!eYE@ ze9F`KKM=d$6S-FLRednU@&WPC7c>Q;=L}52`x*KablW|j!4!PQZ)_#44;1`N*crbQ z=|Ov%jepF*SvW(pU}Li&dRkx>-o{yYI`j;Ta?tVM)){O}C4T4NUwV9e+qwSZdxta~trSfCBOz}$?3irY`_@Ci4!w_-T5<~- zp$Z@*(T14L-plQnH3N1P=HO^rjNQl)%JBmve>$poIBieuRzJ^T=7Au;ea~hR(Z;Wn zw$nL^u(E}zlz^itno-U-?n&1%FNIFt>$NQ_$#234)Ql|J#D29m6Nl6(;&t)DBea8^ z9sH<=K&p5Mq>6&jFQ|2A2c`v&`a^FUl76n>D1Ic;`}oFexQ}wyQz4dPG(1X>fjr9d z7hpP&CJbibd3_t>#tCrOa9n^*#c7PiQ8rLq!&pe+rt`ljA~3sixRa}D;WUN85*RdE4WOD z^bIWU1j0eDdT0%F~u|;2#8(NXVo=EiM7%#tw<>sZt5Q^c7vgOZ=xk}+1 zZ^Sv^+CdWB_fNX?Xp*=99GspFYYlwETGAnGd7ku1w{o=cCEUkG3LORNDI0AMms8{TUg+W4hdi)Lt@0*hAlcGDl-Hj z5K0q#Hw@AGe2?F_nXaT;g_IfPXu&h26CMBg1{QLv4LFDHu8>UWt{6rGRO~R)L35%9 zA&u*0(sayKMFrXd^60tFsBMb_V$lo$@)tO97a7?JatB+QRDEg8ur$HxYxOfUCAKW6 znh0U&7zC%gOQ6{ixr3q==BTrJh?sYp-xTDu(Y{7^X-6cPz+)|FcU6eKjoKIl&zXCx z`H(`U%V+N88#i%rG8HFWtQKNZxQxM@qQh%q@N)g&rL6PW39raTo-F0*iA-ELV5+r) zf2zd<$H)>?M#vrEavkx+ygh5mLSGu(A1A3r4u3*xjuvk|E5y+vz>#UP8}<_4*~S zl&6O8#2_1jYzo~%iMn@_;EgdY{G!Is9aqacS?}a^^?q|on%s8 z2jdSv=9>tikw5G}8O6Jiezvm1%&%U`S0! zCS?hA#SmZwo6gkGf6yvI?m-4JRL@2Rd(#{;!}nKE*%UHU9E6WTCQ3DPDs(5^3bta( z$yV*8dvfGp(EP@b1kFr>#yuhQGo}%Tt}LM!C@`HHS#W_IBq*;$2h-$@2R46m??44! zB8{H=L+v-3XN;rRmpm8F^h8qKtF%rx8S&{zF5zqgYTmIG)pMPpe`6FGD7`={y#Px0 zEBx|S#GB60OW#pcw5whs71|^4vFl}+O7-g^QmtjO=Zo=qHOz^6j6Fa1S9(4ZpU=kU zyNgKWrpxD^hu0chf}~6Z-tNcGlQm8m*Nlkfv>vD|!JK^E2c1Z7Zv}e$IBtNde2}@z zMQcmdrOv!IOt)5K&#gM2vh+baf;<)IM`UqTD*35lQ?Y!k2~k#Bv1dWKwZe6SuKqbP zlWYqq%~?9LDl0K#)`izCq~$PaT8?e_)0cV>hPN~@MhjDQK7CNwp?M~XSXE+fEy*-! znMC99k~h-Hk^%z;KnXmlXd{j5M>H812+C|2U3=B}BF1ZJ5sGH#R+_>l5yxcIBYF4D zAAwaR9L=qgB9?0txUXt0&E5g2NX)IO5ajnHF{4a`=Foo)mS;9t5g?iu7Qy$mDd7bfka1+i(#;uKh?=Z|E%_!FT=)yF3tW(9f=wR z3~?FD+B>LyJhQ!$l>0%T+?lP%v{i+?2;Ha0(PWp2r9Zz?R7xzU7?+gS%-XwOnuxYz zDk1c&d+B2i?_({Z^}FhYqUItfdd^L*Nh@v|A1-R;rih+B0kQrZ3pRuKM&;wN_&%Qx z65j{#xec2YloH@QHf6KU`q}Q4p1UJIGpG zKBb;YC3aw<;5i$0%>sU@T*!MLkLFy5W;_?WdOF|1=(=^c>sl%0k!)!~Z8o$Sz6jg7 zozrZkt-E1@k6?4|zX{fwGX4oarj+8h`v={=ee)+_8XK0o1`f&D*@NY;`IPUMzh)r( z6fJ1Gt=tWu9j&=Rz^uMKX|HH;h>zmQEBR9YqiMO-<2;LPTrJ3V!^UJ4<%vfG`4Yi5 zjl)B`Ac`@q??{Z_?yJIBkm7-_D5FOSP@v)O&rmYYM6;~7Q}&yy1j>vP5tPg$Gvv&O zB;P_7<-?)jF_L^%^z?Ey&Ed4y5piP)nUnG}YWblQL%;lM3AZL33lch~Eh5Nf8n;2u z+!@^~$fafh*~g7f#!eweK^G=c{jg6yC>jL-dUFUiR+kLbQYVeY#and1|P2x z*J`YUxh|2iq0!F)YOur{>g8C17|iVRgEMk~>pvrd&&T5V|J8g9isuS=Ll zxf|#Y?5Dvfj=rCexUK<){K>)ciz{|>;{ID0y7Vd(FcRre`ohq{tNPpl_RGJp2lgTOD(wqPPK%+JiV zBU$Z}e+FHv(NAz;=%+)wqXUiKBurpAY6h7f3%oaf&wHrPeSbbYXhQDO#31>|B&7gb zl=3=(IRhD{M2{)3$PDM41)WbZYw8ho+)zfuv+=Sp?;AnR5I8sx?=gwo9!b8>EOJ3f z-e3u*y+-7=Us|%*{F;rtd4^d_<5n!&vzZ+OH^}*wTs~;eX8yHogbCFK^{o-EFs3f0x(IHn zh(E10GBMsB+*B7Y(4ZB7r#~_3_5c*bf9n)Q}{c~xo})vQiRXQY~4=08GGzx zkGIj|c;dq$zT6J9KOWsG-n=m+w*qjmK^wRAD{0fb4t1flW0M)pd|YbH`w zMqO753dU89#q&U$oPQK)*C_9+cK}3*{#$>%g}kD+u||#!K{k7>1i^L)hLyD4V29Y_*yPUp>~FkJ?Ilz?8x@J7gvNjiz~i?!WV#xe|h z*3=sKhFfWW?H7EvmlbqLz904e7PWxxbKwbeaJHxyr89lSkH~wvmq(|xU%d5d|sv5)83 z$D{0nIg~jn;IAD1%HYoif3SBPuy-70A?RpNWnr$4kak#^3d3=9u*4e}21tdUo$Npr z@HeHg&S1acfOVScYRALkzQ!6cU(Y@*oYp8dP8TtCKnY#r1)rls-WNELDg;x_%>1j^ zY@))HK>LW`^N}luZ*IFfu}C|{TGWCxn$=mlx0UiV*;PgNsogg+Cu85jt>kIjqJDz* z#L6s-qpsTaKtZ?pr)E7ur}NaYun)eV~it2;g+Rgw9Kwq4X;cQ#^p^PkAre zlCvIC3yy`WUwIU_&}wuFT#whnr`7ihV=K5iWv~^z@dnycl5eSvPPi8JvMvm-Hp^0Q z40(-Cb#Wns65Aaxh-Umzdokf+uFdH*|MYA;`3aBqBt13ZJgd{gx&L z&)uIf&*$wSHzG^Y`J>TJEmgNOqE5EP=3+6sH=5ahF7mFYl&%10yOxCc0_;thX+cwY zT>2d}r5LaTbE}`iShvyJC7(73{t}i@|-~1pv4aWZho(hDg zLe~}zMKfmgPdCLtvT=-XKbhcS83)T41FKmBtMh9H7Lr|Mx>?P?DF#-%2G$pBln#84 zt9=XQ!}hJ~K-{;Tj_T>^Bd`aW*&eWy&$+tz>)1Bfib;)GuJ(!n$CoHqF#mhx`&Iw- zv7s$B3^v;n3Upf5q0zE2Uo%<;g{YaM*Tv{qM1$yjrlJ@68~6^WzY#Sa;%|)k+__a_ zYA+Ri^C@P?i}@_g@TyZd=s{ItXPt}>tHVZiTCU#oMTm;!ZcC;EGbVFHFB zwuxu;M%{l(3QRIUIEBIVS2%tc_z@N%OntGF#wjRIkPOxwvjNO&Z+?`bss#8(hK8@; z8H*-IGL;oL<%lL%T9xf7bMCR8_3(ct9h^m_CihS}GK)&hI3d9QT|3x> z^r(xjjq`38590@TH%(?LdIgEPJ42FRW~q%z0Z{}?`0$|i(QV20(fQ2i3+6~f0sjT! zDRTe8{G8Xp;XK!GZ#HY3&WNv&N>9(_N4aux1!hrtid{RSfVkd=a-RE6Np{15_m5_F zd>v75!fI$+dQ_e872ZQ12gyav#@sh@aHj8utF*8szq}4bO|kx5JqlfLTO( z)XTmj5fUA~^MUxc^)*%y{U z-A@I1?^NPHkE(xwR>PB=-jA`a>jt*fZ!?qsr`~%)KUZqiQ?%+=eu<_8FxdJi0am1U zth`F7%1-g$VJR(t-8t4k3*$)Dye}x6!ppt*0f;Op&(WGU{F-v|&>@HNCe}f_1x;-r z#%Wf~RV>Y;Z(T%VahHCH6I-ecB%&_e%TeGv9Eik11l+5EQPj)EaqkzH(XTJVHQ@R6 z_Uo7!Oi00X4tE0m<+7(U%aiy_-k;C5~s;NkHMeH!3Yaw=BR>0{a(~ z6!nhOi+)URHC_kmMzm!~^{Us<6e!lEK<> z_0~{KNi`Z!%Y=$5%3du#3|np(RXMJ{r4kKN-?;)rj}M7d?C4CooQ(|cCd~&+^8JlOM&&V-Nilk|6$l5y@aPpWB$}(Tbi&qF ziJ$r@$|;)1{@Ohpi7DujpZ6(1iQ%1pL3e(5wqralb@>%^=wA%%26e$56g+3r;CMTX zZy&fqOEIeq+hwo;@VB4tq767lWDd$}E+@wfdo#Wz)4mg`_cNTPkoxLp$#6M!xIW&E za5*%%crOy#?~m*@c>HJOZ%mci&KLE+|BIi`Ea^ zCxDVh1-fI^)m?q;M~W4>oU+FCoX0nIVT_~S!*OSCro4K-td_?z4YL*x|FM%hFxehG z&RBEL86)q#A1!g8Lq&Qsk9L8NBcp$iZ@@T7o-?U@!*5tgS25tn*+&UK(xA0n4?@#w zdKOkh3&POt)W#_MTB@~?$=Yz;OFh+60n~nU)uWVC$9pjXPbizy6B~!J=qvft4%Per zC;r+^3iRPR&=}Pzq#9TW+G#MK>X=KJ*z+_M9>Vnap@4w_^D|c5wVGN$Azyh6ZviM@ zCRV9$DMUXbV$nQj7W0jbdL+cl9z%HD_HZpA^)hVaN^0ai>c|`)k!$`gY$HW$cuD2R zumd66FrE;X*X(iZ&1fVXzS7=&9s@FbiM@FwHRFYf+3v&Pk?cV@osGI!t}i$0n-^L@ z-`y>=7Hi;RS3a)A!=uT-a6Ws!2%jIo=l8PbQ`mD6pU=kUGuZPh*z*E>{yThr9ed8R z=VS2sYxsQZ=)_As{d{J4S8&kNV{U#5gDV!dczQD6|H14f085#p3i_?JR<~7q)B;a1W(Hq zg6Bl1I=lwPHs5dON0rz_Ef|$3-@QPT*O$X@%>$>p!YQw>9Z0T9wg>U7u^I3h_S5QU zbWr=O7=Hq1Gqa1ap|~^(!*|;~8_bvR-XSPa&q5n!<(^u>tesOir(Qb>BWT_Qp8XF`M z$z(o;qKy<#KVX3U2~B)&-2jnwknuhmo8OcQg`fG00cjbie+E@DxO#^EuXi)kDjo4$ph~Yea6-cAC2O(o623x!Zs_hhysn%>=!lAS@9>v^Ckeh)ODT7rLM_bc4bu|XUt3n1 z3-ZpTw2@PS2*0yl?FH24>BpEZ5Lm8`ImR=VB`>ii`E5x!p&@*C-yy+ur>6*Hib6E& z#_`eDHW zZ)t*mM7mqbI~YwlYi=)b*-vcfrEb_jcDRTOb-kNL2*m8{-W}15dv|fK%V0NMAj-OD z50ld}sZa?97w17 zejDfL@E7nu#OD(9M5WqWl4h5!&z(&Pmk*ff(GmKBnAL}?FZ)o;2II$v)D#)0l4|y` z)%$v}f^AoXe12flees#;{#(jrG=Eu^{=0q)i#7*zgRlmZ3tvw-wP2^0VT+KqnS#TT z42pKcVoeCQ6whcmsw?Jdcvs~0#D!{F#^o($BhNnuj9@C&tl`TH0q#Tz6_UTJ`#=Qu zW!Rls8mN59Y9XX$Eh;aj#}#Zs+Pn9U3?ozqzz*Lo5sxQ9mU))?>oCz4=|o9pW}aL5 zYqAT)O;~O~>d3&e-Zi!R83#)v0=o^`cF?lLKNQ<$Ouj1p4A&Q3|FuFQY@b=SD!+^6 zyF?y`$J-K>wKxR3D?qvzjO+*3%(C7ayQWatnp!;iMf5fEAv-x(1kwG4ML0vbsd&0J z#UK5|00v4IOyo6k!JnmW26_mig8=yjA{x^i9#pDmqKzA6m5Ccx-Tv6oWX!G<3iTgF zfxs)Nn(mq@F)<)=Rw)p!-JAtlC@Ujz3K5lY&zkNtB?D4g^-ko?AU@hU9Wq*iLhrH( zDEtHaHzpAkduN>}6YMGS%`7?E+BoVB!N@#r3aXH}{XsAyyCti&+yE9RF==Kh8(bNJ zVnf3`Qtm3nH#PQ!9jg`dim*s^0qU|MKO5;$dd|K1G8Rsj<>RshhW?UuPQS#^;+%5o zEk+kJ1?24;oI%spnNG}Od>P#(D(6CH+6%7?u%wP58^W}zu2$&pbih9?RK`v_!FKX% zE%zLO&yepftk-r|edd+Fc!uOU>5ixF0EfK-18Yt=cRM=Q@qV}3@v8$JL(WUpl&2lX?HlgV%m4rf5MM3DBMxG}1nLLehsq z#0>;cf zBWN(=CgF^>BOShG8fYi#bH^%UA&06md-AUyScYWpr0r{<`(^ZAwZ{Tx00!RO1EDLO|Wtlf24rlRe@Oxe*> zShjLHeX)FcFUGipXNii={K?psPk6jRP_t7MD8F5oz z@CIPxR-?h4bosz%<~vV5lw_?sJZFNKBN6n5VQPo{ozSwymR+jSVVzFqy{nWH1=}Bl z2Ak^Q6Z-}h-|(cq;R8QC@2*mk9Ust6>K*~N|TewzRbaXBy#3bG&)sh1-C;qFd)_+fqTFE zr6^;7K}eMrR*h^Md-%%lq2*SKmDB?vdNxfh5;B_MivP9#W*A-dN0!5nN7JmG@9hPy zbZ6}{rte}Id~4tUp3hpc8ERcY%WEF&53&-6Us*)@i!xLcGG>x63+XF{t5t6%z^K?J zZzVP=@rx>% zqpMe9ztGpwG&F#N=kvB16xwMu7;coiyFiCKTX9UGznsA?Plca;!hq+9fvRiJvf3B5 zdywTIh^8X5ijlmoa%{G-8MSMjM(Nvs8)ZHRi|gX64vL4qh%#97zU(fM#AR^4g5QCi zpWO_z7#^7->ZMc(0uRCoafTQTp4&nrRJC&w#$YsSX;co9o&k|$wqo9OKq%O7Ktndr zD|nyp#-sISWlslmBWa92&rm3?9{fttfUioAci{J|_+I~s>RBop0~(1HAkIuFpOc5G z0OLm)n~|iV$gmBFzf+A)_qn?pE;DlG5nHh3PM#NY);zZy7aMM zXy&vKEMQCF&z!@CFx_W`AsGsO@27iFTHlGmq@KH}VS>7Y#cj3CfOriqS?}Xcye_64 z>*raSwJsfKM6)Lg-i%thpoU@V3Jkp#s`q_3 ztvYK&t^2S50myd)79w7>2?y{nKh2s0n?BCz1(Ap?yUQSFG;$+GNnb;{u5!nbdXbkz zI883^OI+N0;mGOSP%PTdhZx1Fikfo$pyyUI`Q7eXyRpK)bXF39z5?7!fL zohLdO5U@_Z$$&;J{rM1b;0|!N<%JSh99eE`2SrB|E~eB13ZT%s!1H~h?o)9VNEeJ_ z?zfqV9aQ8%!l&?L7+`qT!6Z*b=0)^a9JdN7TIj%UZz%{a5r zqg{u*!W6;KS1Ti4LcN~U<$BlaSTy$Bt02#3+uZ?3rY%<>9QFay+aJU99 z;K~s6_5wG0gD}Mix`yC4IioPe@VbUnH$BPdl7wiIu`qv_y$3H&fiv~iSTKsD<*bca z)>KBk1OgAZnt4SGsJe&4>r`oSx0)GwZgEAlQA4(eS$^g7vx~B5ORv>eLr%tqtO`e} z10zK`HnQNT$lmrFgfrm+#hUQ3Sikpj>FtCM?C_oJTf7(hVIzjB0ALI z?ICGf^Oj$9fkXOmr{h49N5B7ZcCNZ=;Wk{eqvX0WX1}bTAXyE_@Wfa+Laz^5;noJx zkpGmTog+;8NEety7pR~y6rW;%BmrJ8t6MkG24s6lkI*j5;ouhwR@1aEY$QssENvS- zZd#jsj{mLmSvE8xd!I6fyu8mgJ~b}Q+Sc$asd-R&GaN+vuxJ~tbWuz205QcNX+hLJ)U6mbTM6WP}?M_qvL5yXAo%YhNbn-l=00Y{HuW&gZ@Lx70nxHOw9fPOwc`jaKl&mrDGs5fSf zw#jl=R&S^?OT>({qHZ~`YD{u3lzI1#>h3e+rC}@r-qwlFtH^kB-SfdM?n6TOMbEJrhP6I z1@P7>99*E_{*dU^4bI92DAzL?{i5iF3lUFuA1;>qunmCHDRT_M3^cY7pfUN}7WOj(jEu_XLD!NvtK1s?@w3Z*OyU%TFR!M zDx_+luxdM9F6vM@s3y^iuAy6@$$X=In|J<)poSr7wT8wNrLtotR@GTAMpG5Ua)Mrf z=XCCYg@scbD0MP)*&OzC(5S%rB7VPO?QNq`-o?$G_eQm!6?k~>X1hIyy$xfDU?Fjo z^(ZJ)ARRm_?WUpsFN=N)Fg&Bd*bAOQ!hQONxFESOaRm|zBVGoLQPRVYzeB9CHU2i= zI0&_G9jnts?@-Lj^H;RAf%ktLncD?WUEq-;#{m;^Od-GDqmsuo>BZkAEBV9~50B6Y z5G=;|c?`}aR!3$rKTtn!PHl|ua&%~C+NyQWe}ALivS>uNc2I-O4JE+A)$)q8tkp;v z?0*jzL^onKbN<7zRQ7x?->=LM#e>>K;sKEkx`2P??a>FL);M8ap*8iY*!bgJT}NeI zXwphjDjI}e26$m<Iiucy_$77+onS&rh|%Do>!o-kw%CdwaIgMK^y1$qdjqWi%K2fBPHrc0Zf|Md z5gk#TkDGya^jkgQzm=OjjJ&f#YK&5P8tQu_$o#JHhPB;PD!U<&YKz%((EdXv)VoQ# zR}<8|EnI6rwjOknc7t1YKyJ}m$9HbiRQ#vO=!%i9j+J28hzBa|S(lwMB5#9u;#oJq zZ^8~)xxM#JfpnUyDqrLIQg^{Tj@XL}M1?H;K&TV5X^4D+BPa;afpu=>?X}|yasLw5 z+Q_sF>ko!Lf5bz5j8Gc4q(5@!#r}X~o?_fX7R`Z)-rO`ZLCywRjp*4f!Zc?9M~lR% zuM(BaOpwV}eZ4t0eTShk+`iBrhzn+l^T^Mlac}CF$ed(Knd&C5gVyxZyL%n(q8qoRLa%ya$h$io{8cOCTkGzeht_vyZOH#7UP0K8hu` zzH$v_Px|I5#On#;v3fSJ)B%VP)`e#JrEmI-OGfrPh-Z= zhJ8s}=!RJIv@~iN<*Wv^PveGj;{t&1B5ns5lU>x^8W|!unGZ-f$$si+VyG+}Y73 z!nrSut^jji7zlSTLjEU>kBZ93i1wA2oZu(_HeSZ`w)cnbcbA~@L5$K9RV5fMiQG>x z=@@1WVrd^|ehA1UB)Rjz&;AktA<2GeVF@U7S&@Tsl}7xb(~wszHj)E}fB|i9Z0vHn zQ;g4h+*4dEd}RH2*lZ5@Lr7mNQFAq`dh_J>Q3X5vrW3>|0DjT4Ta=t!H7JKk)Y2M% z;*}u9^;PAdbAh!oJ~fwB#|7*g=BCR{8L8 z+E*t;DA;>dSD%4(#&@4?E&LhpBwINHelf7Mn)e%$C(vNuP=D@mtHcu-pxpzV^@Ggb zpaW3bPj##3k#GMg0!~9bFIRcoso;l^u4i9P_JXb|JuKr))|@)a;`U{IuU*mn7>NWgPfsG)HFAme_VuG^ z$?%4(7Iz{3yFv<9{JE7uiEa5aL~iWN$>5v|pg1$9IV%T3UY?wrv|Q0r1X3LyxzUhQ zCy5y`0EJyFcvK@pHvsX|BMTc!i}>0A@9A8InPS|sTb=0!)*T>O+0#ZcFXI$fJl0m* zC~F$ctzq*)jv-5Oxj}iQRE7u9@Q%3Am|^l^`RkN%!_J{^x~mq7Q69#A883rOfcJ&M z(rBjsYB#l!tjcUkz$-?<0?0Bhof8!P`zoYi65C-9L8igZF0E>!%{fIc;4-S43Zrnr zvUtq=)!Hmqn`jVhRFgNw3>Z3JJlB=~Mu16>gs-ztlA#y5)TxdeWyZg-H^v`$X%KFY z*<^59-`_0%!ggiC?#AjuHC?i&VAiTqI6nWVr)+@TBi#FDjyyakE7(ze5flFlkR|Dd zxl>hgF(9@3YW7oT^7}ci-;s;ubpFLl=JZ7)0Ay{tB^Y6!+Ta489+*>OJ&I_~kJeoq zv{Mln*N>~?>p#YSt!{aAAPIRx$udv_@JloEWHQNi|?NK2Zs}l{kpe&iMOp1!LHtDo1t9h-G>|Ex7(yI2_;K zSHjk`mT>mB=6*qCrBHW-jSfnqF3D|g5*}>M!^aE;x71w%Sp$d2Id7l*^!@9f0M5(f zOtori)ULt1)r+dm1)p~`K4+3A7OH~0 z5d-L*V6X%k!f5^nax#~tAc-8jWd3K?XnGK=irexz9?~=gGN9KY$G5dGdz}IW`W_es z`|6{%mMYeW}OF`C|~GXMs;B>c_cW2+n)R8v@EIivX21wS%}x3>#|; z+MIIGsvJ2y&e^J zjLq;G_(dWCW?vJ7=@IBn?J+}nmwc8#}XSLf! zFx8&HiF@wC-bRGSwBMu1{ACR^LO_|io6-H$lxJ)C4#57+WWw!gDcnDpSL-ERQueNm zU89~nyTDcQ{O)fYe>d{9CE^2Ysp@v0^atZcdsm+@emW{A_{lz4WOQ3EWA-Io`{TyV$DDTJRK!pDaUfx{@4-F0W!p=C zLFlg7cUJQysWPiKvCEdQw7Hk}a5UQx&GKVY=@X#!_OD7OoCL^*2Ji08|Kd$C;qOY_ zXI?d|zj92$&IvBKG7hpOq;|ISq1ZQHkuL5$tn`HZu}z7>2S7KV4v@%KP$^!)tt1q+ zftA)SR5h`IMzRS6diozKZXnPMNM^=e-JN(}N|byFFb$0v=EGv0`h>Uy1Mo0@_RNLI z7I)h)%w(GW42CY7&PSTEXx;TlY3H*`y||+9Br*JuyyW&P7QbqbY~G}uoe4dmi+Hco9aPM^PTyB-m`2q$c9jMI; zpRa@0V#7=c(Qk_O4a)XajA9jltq>SfY^Yp^JLRB7Xcexrn;fSpTtwid77uE|k-bW5!F`Pk0eKe^eNS$gKkkl2;)2ZrqRH zqeWN_Gp@ArJAZEM7Ww4O(Y9*_u#7MmTV-Io{V-Ao5pUZ}D?f{NnLRvG6gXlKL|~3Y z3!nLCm3IsoeA^+6o}Bi$o=8I5blBEd$FwQawqaGUf;SHL+=FS+i`{Z`UY^l&;kF>fMrE2;ulZQ0f6%HoRSC z4J+^!zGtXMnQmX(8!2Vt?dat)_a1Sn&ClQ^`{q8?Q)#y!kp{sEm1Ys3WlX{VNjbqV z{ViRV{%2~+dVV8{W9^RE>@TRz^gjZG7kv<;z7Kn>WRr2%SdrJttiN`7P;jwPqiQr}s`wmm^O=bd=_ zgzIpsnq5Blwx;~CEC1dfFI&1hMgK1C&7FI!RBa%+eGl1%56ufh5vnZpOPSMc%r1kf zu9@X_*%-6pBzLs^X8ZCIB#T<^hqHZd2y7zDt4rfN**Uv!SWPAI{rC4muh4>4I;z73&o*(cC9cR z6B!Z6Ci@}zA^?BMtiAJc13iEr06ml0dmi*ky!D-M*;^ZaYoqKNi;VPZe7)0zZlIRV zg^xR)SzJ$)FR2q3{x?eE83hPmiSeE@Ab=~2(Ts`nNDz;76Qs|Q9IzkN60la(_EZFU zErB4_z^1hHBjsEFNwBLBn6GKMpn_QS%Z2NwghZ;?t2%fS^F&l)E0Oov$dvDRM4+^c z{fwK=n>DA8!{JP7d=d+(nE0w zYQ`oTj~J7^J~uiM7OW$k&pmO&r@ROvqW3xNfmm(0m&CvHgUoYfuJ%yltoUb~4CYZ$ zP*isbBy(-QLLhwvgQIk|Q90*1hj0-;Z`oB2H(VYG=qrRrsGqmrqj%jrl{T#9*=F!N zuL4rV9Qdco_ktd}RH^hlt?e3=>EHoxx=s@xPbVvm>XNt2VH9GkNw5f?rRukl{WLAh zO7_UEZ6dG>S>484B&tb2)ZISz9aP}o7{TYqVG}HRnl<=Ao60^`Vhz@CR&IXRC_=<7 z{E~-~5R`G(j&5^SB%SR~kAfLWpBBTX);+mZc=f*)ggkh>$1r%Vm8&^WP4PN`Ltl9o zK3RRDHE54|s@Klq+>(3+wR$oq;kDBGfmxzw3RsK1o5_-GR(j7?z@vAu8Z|qz@iZpXB<4O6&SDwioLPOdrco!KP`kzSKB@q|M@LzC2q- zf3td5<120d$qNyR$;BU&eNPAbN5;|bi^6}R0|LMX&12J8=u=pF6DZ6-BLhpBebq(; zD4h&P>+WC2w7-=`1m=_bcmDSg$s5P-fYAC)0{y3-*X9-XM{`P`@)hzpdFa0h#v`il zQGwO_IO^{J#iIX9lu{4>Um^|fzX>4+g4_STgWT!=B@#&fn+Tv9zvcLDNcB^_LmcD$ z{@-wz$Z_9YT+3%sq@SVTr1@@R*tP5~GyJjd83IgyW;uks0Zket^ulvumYssz>&&vj z`Kl?P-;`gnL1x7>#5MII`2v6H9G%gQ+OBVQtQprZHxP!(C)CWl-6FmJbs6x@btm^X zwn6*}6_U!b0E8+w=;8+(v`%jT+r7kwrA}u%J_oJkRk#kyKTUvy2so!*@LTE7yt2S~ zM2{}5XHMyG=@9Pq2gI;IdR90kJA|4GR?QKk@{m?_LaRKnNs-L_|IY=A78HhPg*>z` znDqKby>N9_;s8sBbuK@e!<37PVg7p~ALk{E` zZ0|(fz$k+_ZXc%?O!})9-a;vKw4uO-s{Y)_Ri_Gw6`r^Z-0UQcnq}BIws5%(_OZhq zmgXWwAU2z&SZ8M~y9hS}*RR=Rh659Jy%Zw4A9#B6sVqGytFO)p%fHs@ZP(WBE!DnT zXq^XDnr_B8o|cZ5efzVlj*uaq3wmA-z&Bldt1o*^Z zLLjO3PJbtu{#NFN^XKnHx5U)C{t!-sJ1XQWt26zZFl%d=7^b zmI>-7qi~jMh1bd=#g2K+;*Uf}8VKLur%_aa=y>hz!@OaG9ept` zWW%?*5Q9~x^v=kASorepriWcuJ45?;WVUtOin<%gtGNS<@4O1i#EW))Z6BvB87_0| z+Q(r8IJ-=0CjZ7N*D8oMlCGQ_wU4vNbf?R<0c=!P*}9S%Li*u+27yiIuuXy1xg}aN zh%ga~?6gqoydYrcVZ#WI)D@L6yK3miDMPLTcvVV3WK8c=Dj{&^|7_fR-8ayi6@V~{aQHH?rY=Rk1tUG{P>7~}4RiSxMz5%`uxE#t-!Z$1ml`;v_m_*k!Pa2tlu zxLf&rB+ccJl}6M1}t@#S-68$oRI_>)(`w2e1at_7&V)Udu z{2bWBTFuWXpE`tHgmpEnR8;FnEgXJ5ltPMcYy=|de2YHK?`8^2n<5ROj#yWc*Y0Ds zwKkj_AF9V&O?XJ8!(ddRx*|Elv`MtwuUkp|8_7&d(}RH)uPsT6$q`(}@ePtNePUIwzgA3Z~f0EF3j@-iA zA9s=FgZVST8&a}ASC1a~4+M;@Y@%j{&GfIbBS%S!)IFyVcnObpocz|k!Xloho=CIpQ8Pxw@PHtN-1R~) z?E)@Qg6;U*lE?USOOzMToQY~17C8C=Cu!53{!9He4Ob-31~CXl8_xwBJGJ^tvlFme zr0vqr=Z^B=DYjSnxppFOYnF4$99q^3#0z3uT|MsPgtX_mzugcC1_{n{ao7sN3JJh= zTFcqI9XGa~!UJ|{#k;%$I8>czV#3YiFvbkzY=0Bbms- zz@KoKWH3dry#7#*JQHdiPYTu%^PP*JV4%xM6&TpGhuTRuP7Qn*=jimONH{B(AUVUy?^C%2xOA2Ak;)g7J5XWzn-$&| zn9VYGd5i6XTO`bRTP6Bqkax%XG+zj_k_Nc1C)(Nr(QA9G5m-WCuG=fkp~L>oY_?$U z1R18HPKz!6nI%#ffAROdsI+tJhLnPsHsYjO6lK( z5IT2Yq@8cH@|HuHxC?@Ag~tBp=rNws2jMD-u5Dsjsuz{V>lS@VEdHJa#o-noP$r8r z(A=1ZSe44H7>IBJVkZt2z@2ZW*Db}_r0m4@+BglrMh={3Gr7&>Vgf!laSOxsFDfe< zTt~>eb=fg!zIeqpn%`x$SDllB$(I9!Rqw8q-!#WpSO3lHOvcqS?+eX;ohs_6QIxYN zByp>Vf1E`x9?o+#LrvkF;z9tYKHW~islr7pH&=&FN*!^hYqGG071zC0B4zN2!m-lq zbf(HkCywy20l;uXHmIr~u=PewAN{Yf<5~VXhGw1^=Lov2I0iIS06;$$+iF0YA8d0% zoq-P9P%1*~CQGEb?~<}&~jEVu+&8dpvL-Pui|ii=;yRh>O` zJbNi$scA2mt7KJR$*p~4wJIjyILn1Fny1XK^q+3BG~y1%F92&zRH9DX_J>y6e{L#T z+SY|y+U^GEgjrz#E`rH#i%kp}TKHrB=+OIR*ljc3 z6@MB-2SJHfL4j(1moQOY#9HO@o4BHQkHO6mZ1Io++C%d(yp}H}^i`SEZ(y~GJ8*Jc zRrMX>mZax0j63+_>?3iBrCxpOR(Ar@1qHSi(V2M5;Lb#X@Fg%YFnM*e0+q_4S8jnR zpm9r7@_F8PiJ^Z>SgN`D&r^pZIRrO4wy`Y%#}{=%7lLenw?2qRT0ek*=f#vQLP#f1 zWmcGJ+Z-*z>#8deU@FvI*CbByCDqGN7@jdxp4<1=jL)eDXt9=$&w+iF2zA&fp-AX> zUn-Q-OH-(NyQUUL-?WM@LtXG|Pn;1@z7i@6!K)-_8W~Ap%ub=HV?9E_aG$beNv=Rkx`mAN@qJq3a_*}4yDtz}l=bMgew^?= zjZGE@1}$2;be90jW$va6@nW^?3ZVS$#a5yBa5)e4*Ex)Sj@!=tytzNV>vk-CWi5zn zvk44!;)1aB$(yq3v^RTno)CW_Hm&Dgi<@3N-tF67!1>!PZ>X>m-q}+{t-zWrx0_^s zC1VK(mjRD-%^i!)hc_mf1|C8|L53t+5g;=mbQ-K1*##+dDZUtFS?r!`9WkEe(&Q8&VWC_=!Ae3v)yKUA_t9^b(8(D&j&K`1b{ssL>i{ zeg{82yj1iq1!RH&^l*C}chT#wm=+^gL!{bV3A*rAfwAe7<3?RL4Hw+)%tYf(H-q0_ zWJ^Px@hKkWPHilWQBZNb_f!}! zA!q$z+*Jm<#R&Do{(p4C^-J7sCPHGn-@OC08foz;C$BQa8oXaE>M!#7!Lqm~; zX*SMNT-()K+2~}mGrO-_gpP@xzL2scgV&46mrUM1Jl^tUGxa(ZpANH#sk|-h8EqLe z%9J^yO?FIrx3C5AZMWFD-+yOUGml~tWZY<*s8m~JR2Hb1&Xs^o@Ma^S_tM?2V=X7Ks?O%T!x5^f*Kv1Qtu{yS9marv|Vx# zmO__v@9bpPlI4r6?<{j1Q%T^VOPHfTnd}p2h&;0XjukA0ipLEPr!Y^jz0Qy~paaKA zWXCV8--neJCKUFk{W1le*V~;vdL0PujcAZbtEtHm$LNi=rx-)QE84B&ZhcY4b#F+q zk_X2v%q7wpCSW8hGtv=Lq! zr^>x8>+z;mT!QvKOv)8RH4`*n%$2)Afc0rkAX@^PWx#b)K15sK-ZC7($>(TYKk~YI zf%hrYc|Na+F!hb_1EJk~Fw>7HsJSwzr~b5zU>SsseyFSN5a?9R(b9l0u%W|+9b%x) zK}(}YE`%@)Vb{k{mUx$1zF)#_A1s+eL6Mq#GOG`Ixl1HafoL0F>K3}W3)J%EDJ$HS ze~C>fWkYq&RUqpKMh;)TEALq^-8Jmz$KMr@jg#T}1M%XJxephDE#MyVNh!QjxWr$E zPTmCg4N-ZU=78?IZ=xN-0QzmOCm~psJ~gnZ*v{ij0lpJ6LhCA8FGeb4DA#-)j%H* z80}C9Kll!q{@^g{5J+zq{IkY&ca%g8mzEtUR?Z2 z9TdDuKILwa7L7=5)x4xa1hwUYA=LH_GD^}kvpAVYyY^tWqOn!-;35@zuTb1}_~y}$ zf#3MX>87VI{oXCO_ZAuOl?3VZ*r%32i-xLkOtD#_x$Hxk{0OO(kG5b!T!K5|Eq%>W z^gQytG2(AbvfAd7J(*?e^~X|%>-}hmIO&My{d9Hahnt*9WOaVQMOBopO2Nhe=ai;xVW7o<`2gb27EDzchO* z1YK2Mnya>bJwzIlPtVKKrU*O1I;=&@)bRPXFq~Xe1?KedFFC_SV*b@KgcgFO&6{DD zXt%HZ@I%<=9+%(Lk8L4x->UJ@pQcD7#78^KvnO1$)a;-}S~?aS^s@{UMs&>S=Pwl` zwRTXgpZ}a3@UrHQ2Ki$9rt^{^Gy2pL@&!f}=g8*7kMB>JyB7{(H37^D{Y=PT;-(M3 z6EY47GiW|Zw3h`QiY#hwvJEcIKj`%j%1wk zLRO8G8CMCpWlg}57hoRV{!H?~UtG)Q;P19MD;VtAZ1#t|akBb8X>fV-dg_ekx0&Ki zTrqVw94sE|oYhDA6Op?0_YU$^F2~klxDNKemblJz>MeF(b@E;W@2v-HV|aX>SeUUI znSgh|j&0PY>Nsi-jT9zneC;i{B;v!#CV@9 zxf#CokQu-rRB8>KjZ9>2*^T zWVK|7=5YnJz3j=}%5`vXeUK=beO=jMDn7t8zUA}rHyVD$t&sy= zo!{Zb%n6DJ0WoJ}qB-j4NK7F58hjvhVhJAoMgGlr;d^1;cJ1+n#gc0X$^T#rg9j_X z`geTW(}BcmPk^b>c*TK-=R-dM;08tx$LDhlV)j56^n+hD%Z6pnF7Sa(xk@vVHG`S| z2l2Y_aI1hS`O1r?ErP_bnD$tFvUkFy*yhbyeY+@WL3y2ddUA?LOWe$kzZ}f;8770G zdg}#3aiM54v}K%JK^bFKh9ZH&5@tq*g1a#%;?M&j&PHeBO`O3NGT&c;)icFNy-wJy z&NX*EO1ZF}=}}DhK`8Ju5w-YECNG3Y;A2q|j43qBPNw{VB+E`&x%&*l6ZE(<`N6I7 z{?d0@t@t1lax@K12B}yjm@M!QeBPFGQ8`eB_|x*)V!(qeM|L5kr_pLDfh6k||obq^4F08nwR48=hN)@PsSu+E1>tKWi!bn}QKf0NJ)RWrmE={4e&*iI5O zYs<_b4^``^Kw-u-%S`x02O$QJEGDQ4ILjMj#)MwO1hko>`m*eGWL~x#vL2>>e62## z)NA#xoREel=yw9-M?O39J{g1%H&p2Nzu?t}kqdQ}lLfL?4>QTzDTMHN{mB@urr$N3cw2qwpHaUW<8A@fH;3QaF zCG^r}sb@?GnY7lH{f=>c)xa!gSMFwaOqk!ugzW~R1|i3nqa}M<)m+}_)yU2X2r?*o z(dYq7CeB&TT*Apb$DZHYCrd`kY|ul57a!#@#5u=4{QQej7M7|{vwDyHX$J&`H3faw z1P~YQ13#f7Ck&B1*47fo=7QFk@I3Npm0t+pt>wHn=yH|d4PV3Kb=4%bjS&< zb;);7gQ?U)QUB;t1YSEd$&3W`o%XC@3m^eT#*5 z{E0d_723Mqy?Y#^CozIEn}>8(6WC2^W2gD5`PYypLo4-ZeeS;?J}yi~(qgQ8RGm>N zQPJ#CH;5^Mf6$=can69M%HtQ$p5&=*JkKpOC`#3gFAYd}0)HRTJWS&-2%uA{S?3M+ zrJ9AfNHo@3;Cz22@}w&v#}P$bWW^C>sAUS*{~rK%K#0FwVi3K!#2|XONO`-wq!Yv z6WX4RG|u%R#n)U%WAeuo^x8BBdz=VD>Is6*EYBRE18gOWc!lBd;sH+`-sB-K1q*cZ zYHTgfk$C?q!(5g&tT_kOwqxft=ZwlvYV#Ip7zgLAEBXppPQ^-mLlkz>@7WH`@yRng zbk6~*I(W$G_v{;?K?#j{o*%RhIenQ?o%1$!@UcKOW3LDwvE^-&iE z2F{i@7dI#6%bOP-#lXPSAk1$!4-T9uzXod-^XI`czGi1W{CX5YCyzP{nmjh$q=dwugBw+Yhr@DD4;1LBw0SgvrQkxPuCzX6z#LI)ldj&i{ zMK{-Tmt~c_fgl8bI6BTg)v-j@2RH~%7-%ruuBG?y<(k@A93 zJVXpCohp~llhFB)K5ed*o=y>Ax6+N=Oxs)P%GLsB(&X|3v{3e|o_>3YVkZR?VxWch zz={>*l7OWM12Eo`DIS_{vzFxf&_Q_+dYGkJ>0W5oEznbgos&2Gn!FPS@oXHA!+5l^ zD}vrw>6nISEucr7G1xJMor3udlZ}cDUlQXtgAMSY3{1QXtxgs$i-Ga0zhOwdd@3Egte-rC*5^R#`CK`Zi0 z@@8477$WiwsI;1f^1!tQW|S1W-tk`mZM z+zZr*MO7FJ4Cyovskl}gOmRd*D*n!Q%KOxm9ig+QDWu{iYzMGQXfM&LNeLct(%G|u zMHsIDgvMY6Lk<0$AexgkhI0u_mL&3K@EL7=3oMs;Zj7k&w9F-Jz(KHFc9I+XATWc* zI>2P9155CLA%S|=p?P|t>75#4_cw#NQmuJ949al|=E^`uVF8qoRXATmzK>LK?xaEbc%xbZ{Z!>zxzUi?UH(*o5l^oqWVUeTZHW|Gb%Iu}MR z)?nes;qPN8!E+pIKAu2gMc|HNq^A$q>Qq37^dEka6hm z7-#!CRBv@*hmh={ARRuqjHWY$dA*Kj9JVc`*#wp z-FC3%w+!o!PFSS)E!}gt&>xe`pe&AGeFH(mfm9ohLz0d|!UGw7>0lbBrfVeC$X8yt z7g!3c9gPhdQmy8BTeap$n)hv8o&~n^E-i2twEeG<#4%KML)@D4gDK+vP&foKi^4^ z@UJeV;WQ@k@`#=!_7Z|6??EHw(iYlFsLkMq|8;g)4ICcOVJ$IWP0`Fu&`vVP&}8@S zL|^~elI5Xi>B(xoXCZvOCXJOJZ*tq~w`(HJuGcZBj;+a? zZ)IPN1?y4=$EJ;s@rCvLV>c&Z+$z?| zlm~12b+D$dc-UUayLzfCa3wz*UCD(!u-9-G7=U?v>E7y&E#0Vaz}h_rX4RIoxb@l< zw_dw&y>=z8*I);B;d-q@t%)`9H5<1N45=M8M!9q?=D>@*GlHIf;jbbdx^mdQ~A`mARQ{aMcz3bdY$8uVS4pa%WRI1PGXwks4OHwtReyGPcdk8mye>5FR7Z=NA7 z`dBL0qKD7Z4VcM>TR;ybSU^*43usE51vJ^VfcTCmT0Q<=-J&9UvTq~f$5tXI3|&-R zhk*(G#n#wq>VeAsb;;J%_3W6k?&8Y&d;FAd73u8n*-M3YAE@qzoL{ZUv-iPF2i4v1 zH2+Uk_Y=D3|XzK{Cz7(Ru>7=+e*WY3&6pK0dAri_?G zJx8X|%;BQp+X%km8sLnIW(0J6oxP`P^Xo~9jh=@IZa`(iecdz>%sig9b<^x%=J9Eu zZ;rQjTMTb!;f~PezNlfSv3}&HI~C zbiBZH-W;3GFz50NX`kjj$meoB%;kfI)J$`EV4ju!Ihbl`BTweLXfiLn&}1eM3g84N zAj6I=J;-PCLB4CYkC0?j_wjABy)>KU(jOv?&Y#htZ}uh5Q~6N^hvGBM)zG-UPrG+B z!v2jKw|@iT-`>Lc92i_MvDM+bI73U&0L5J+R`v>Q`H*^EoT8gA6SmSNV07|bonAu% z8+R)|fGV;t6u=}F85r6Pb~v#06%H}-JfZ)UexFVY|1xoJCoQ(OlX3CAou}jXb~ZU; zK=inspwq5P0dNhvFO5ZFk7p_FI27i^?e8qG_jmH5`#VWv?ERgAl=Js@e#Li<7KqK5 zyy#}kU8;52nq>0(tXC;H%>SvKn7r6F%(9e`w_!k7ft1KGXT@!M>?7QpVcQ;Upb0*} z_dI+lsN|-{@4|TEc41oLc41BfEf);mg{j7yVp~Dg%`1r-fjUqmOO})QW-d=lXwZfB zVV11o4XQya&0CGz98IxJm=@aRXp7&3*+(@G--L;_C!sB`uC=X6bGbXNITzZ5Q9%!` zi0%vJ@h0i!lBv8|{={ZA$M3%I1`OYQNgxwuZ)JYFX_f!f47-s1rL&SO&6?E-h4qR( zngOv#1MAq~xO{j12QU``*kzU6E{ikBRCCR$ndZV~m&!JB@GG#*%;GZ$-cTH8n>~0Y zYMb>W+Gd?#o83pY84RPp1E%R24&wl}*^)dTSuW=RH~PQ$sggmG7uH!F0PB?2lf#{EKwwhDo;R zmds7JzmVy6O!XXu;-+9sH}DwluX<0exRYYKVJ*Pu@FFzYXgeiCSZw@U>%Wr9_O5NT zg?jQ<(wSBQNb{W2*l9zm2IElYcwq)R6dqd{{Zg%BE7q@!v*9q(`toEu1zbjU9{+FfgxB{vdDnzk65qJX38S8 z;nMkLN)?PO5E~5k*d7YdAz=eWC)`vFNi0Bxuu8X#DLsdBa7OYm??5AFRE-MhyZ-8EStEWuFH@GXZqX#8EujlXIUbLbo*xYXE&$t#fwxNtsA`lI3C`lBJ#M?+|j1}cv~ zfG5q=-^A&T1!Bj94x<+2LC@n%JvDj;^-J8;d)hJL8Po^4sprCWz+4Yyo*QO?Eg%a_ z>LFWYHDVg;bzEcRhXy)ec5CbtUCuwG%Ck?RUt0PEjBsf8 z05lY=aL`h_HP0u8=UvbXK}$WGQFte5so&IsAAy!yi>}o~lMBi{t>YeI`^Y9&J2$!7 z<4mr%<>uJYG=P#d*T3*x8@>-Q(d7TE0_R4c24lJtC`Yv(AskE1* zVYqg@O1md?kQ-eU=aBZsg3$L*qm9u^{&ykV7M1)sutv=jDqhKQ+%I`LZog!5Y`0^2@*z|%0p|gGTeXIR_75zTyg|mEGp^OVf`iJGerTmhVCQ|h_BQTtS z=&?^$`P~gA9+5{<1VLevYpGcmX(kz0p4l()T>?}crteoI#q0aKHMY}dZd^qP;s_^o zfN)ZOPrAH}hn<3hGis}QPju)~STmoB!$>vEa*mM-a^o`2Ny`aHwLAeTwOl}@KF7ax z#DG(k`tlf5YPo<)br3L8*#m?cRnDPO5h`>!zafSCw482N5*UeLkB5 zpJ0yUvgLTL?o{YzxRHI#)lW*+F*RX$eTx39K3 z+}~Q;J#Y%Uz)|@GQqh0{t1tyAvLQKe@H*Pqtf1g)1QHo^ugRf-opv2oUIhvap2Gn> zdK#hV$}<}@&kmhOa`GmG)A@6nr%v2g0-d05mr>xnIZ^b>U}(z2eAvj5GdB|Of;k)3 z*Lu6RK%Q!xKJ#Bd;R@uFK$rN*-H{Lj;#Sc@?_%g0Wj zcI9mWjZ5>i+imWKHaCyl=2&CF?nIY7*KY}-OJ`dLc!S*+X|U+EI2{Qei$uFYOYWhg zCBN~+n*a4!^NZ*I&zdeOHZTH?pR(YGdpVd_WvoklA7$%OIxC982)9;4bG*5^AYS6P|v5PGk6zmB z9#Sg|KfW@DExx3A4qJFh#~h|#(g|uxhVHevmOsly8$Me&*l#ZntKCFq)bmdh0N(0u zmukNHG(RSUlibvYT)Ig>sEG84aj$0adoEz8p(I8SS+nHLi@Py8-}fF`Rp~>}5DY8E zq&eNfv*wpyTlgMMP;!)PE*^3skY2YF^K!lC1o0wJYYP|DcE8@gm5`{}Hl^=9nh|{b z&5c|5F)a=c`zlhUw)=_xh%WU5^@&If?E3BD8S!|fRdU%K2v!=wa00fyY=54-u^twq zI?xGDJ;3qyNNSs}oO^&rA^Ys3F&vhY4}ierMIiFI;+z(?b2`BvO&uQPtN`+kK`#Slj*FsVdbe;Q!+VmtX3Pf9z>`Oklvov6>&D z@nVl{qQ?lAIm(#l36z_p7)Ra;GpT|AVTR<=s|a)zd5zH2s{QPw;yI&vPop2i@Eow& zk6a;ObW~nc4vrS6YjtOq7u_(7Zft()eaoZt|B4jnyXQ|$tT7>8J`_~drVs{7VE z5Aai4iS>Z;8>_208QzIwB`B6~k0Lx@t(cIZpW?K#ZrXYx)|&6ZEpuZj#~q@hhes+%O-#qug!aykk^F;@hL5ymmvxTEFbm^`Vh_$>~16tkMs1cu8DflbPG zaL=Wv#(aS@@kS1d^n8b8M-F`c+9-SJ{4j(jH5lGn(RiITL?tSh>bisqvJkASHy(9V zWeX8?^gcu#-K|O_a3giR@7_AO^w$%p$Gj}c_B?zuwrXzsN_kCm?zVMiD5Mny;8?NkCoNrkh_jW{=I z?+Nw4kVe>=pD2Cr*5?1V{{x?Ng3*tLbQapMJSJ9kYb(y2@YGm7M?{$YIc9`u_2)za zB$^%aM$ogKteN@GQk-yaD zb3U6vz1asUVt2TI4~ocEU9xfS{ZdW*Z(B~af@%uCkrpFu_puHxTI*}OdqK3K=zcaM zUY?!-adu}iO{gr6LyC4l(JYu*lQ{-y@!e3v#ehe%qQIlu!=E3XFLQ4ccaw{iL&o<&O^JJ(9Tj>4#~qVTFChV%|O`S@9`G`V~d1^*q>Jdr4} z=0_@*Bbw)Jak3lH8=kXIcHf5Jnyg*(?9};zT&QCzQ0+>JZ=Xg**#5o+_abz|IZZkU z_h8Zy)C`6zYOI5w?EcOeeoigw-a{OxK@7;0dTe;hH~}b6B0S6FI6TV>c=&>a?G$GZ z{Rw4rlHs9q5yrU0uoh->(8(SGoeUSwvAv(ziZkO^=kUYjl{Vfa))xmjISS9|PL2nh zY>xw+!~>ihaPl2po)t1Y+qA$rcj28ez)6Fhl-K8zOg|TkWdx!jh)c#j=y zJ5v_GUGtX`KqN80(QqJ1-z9h$U%w=ZBzXWPXz|YwMej_A*a*jD&n#)#? za@YWpM|JN$sIcVg;aTyhkt5?pc1Q6dw;{N|`FN3Cg+~o@tmXmnJ60D7s5mDm_2qV` zqhWrN_$vyWuy+*B`^+(#<;sjAMb^Siz62n43O_U{0*{c@(kS3BsIwsz!CeG^!nr87 zy`y`Nt$09Z1M%F}d?ig?70hYQZJL#i?)*!M+cp!mIZz7dcsw}>YwPK_8xa-2(xN+> zr(c)a;W<@+J+YG*Bh}0~@Jl?_akOy!4~$YT`alC;*1Qw^yk0CQAi>usIXq8<|*~_<1rg}l| z|HVKg!cM~)g^6uFyZr2w-*e9Jo)sJlOVts>b2O^`qmTZW;N{Tgoe0l}eWEi2KJ$6L zaQ~*C`xSymK;f?SvFG{1e;U&Ohj-v;qr69&5O`mCi>t)%Ybm=zxi0e7A2^Ke zOtAopwXQTBq(x;+|Ksr6#R$K>dSv)*BCcE>AYCYZ;(W_>T@-iwM-qqekapXG)4_p^ z?o2v=Niq0ZQZ#HWIdM4+7%K3baSYE+Xva$&G6Xl0ZlsN*e-Kyhh%GGri)mpoq<+dK z*3T!8&MoS&951g7nD-n+Bx!`D=CMyMywt?-lRw>hlPIydfL@3|qd&P^zzFyD+_rew zgdb79i;nOj#$yp*xtvtmUY=ZIfcs~7-ntmbhd6{T5Hj@Pm?9wo`Jh`o&w+r)m4nA@VvOfr`nDi5e0PtP?1=DRCG`4)!c*2yUIJ4dlEW#J7RSrFU8zgfy2oh z0VL*b3tfIH4s--$fFp{r!Ldim$yB66=D4_h1_%-{(+hWoW>UPM#p%59Q_wk%6vJ>l zyGA6p&JOnMy$lI)MkN$eq(w+RV?%KKCy%q7^*%X}5j}#o+Z21hO|duJl(-$YfkU|C z_PS!G%bK)P<6CZ_`)MYb#-Vo#+Jf?! zFHlXYPyKf(4%%6nfbv8zJif;pjf3-L3q;Si3Hb!bnS*&w2qhq`bW9Z3Q~q)3m0 zo-TYRWDQU#+?FWf3(rF_s;B$2Q1@TDN20Dylasa=c{tq6-e_go@GZv4e2a0AW3_U` z#RCK-(W%S%^&Co~mkzFgo=o0GL+TbGafYWeJ|ynDwAuLW3x&jq3}J+6YDoJG&%1`S z3%4C-(zYW4O6=jGak~gmVwb(?cz`0~{!VY7zv=kzq*^@dh{Bwda8f?o#Yrh|9;Z~u z^5%I!$N3U`0vYEg!6#60K2mXE7g5nnA4h3V>lF4aSLo}*i8v$a!qj^|Mm=2saYU(y zv4sB*P>+(8j6l5y_ymuOE4+i45_e&h_-$C_V*9YWLu4=!+E`hn9A7N*_a`Xe^<5eymwfaWv0* z^aY~g;sGT!9Nl^Bkjs}4n&-!e=1IGb@5Uz|Of<6>Q z1l=hRL6hK4B|(BNPlN4R;P8o z&#$wv?%A$-56TP)@Xf>_f-X-)1Pu@XX!f}I zR{9OpmqOlb?odjKZ#K7f-yI#Z0)*ld7WSv=IZ3Vmi{rf3ca0@;bwnE=q4j+W5)FXx z_o90KC8I~s^IxEu*z*S0^Eo^4_%YP)FOS1Qx;#x_A;BcOP8Ek$Nxu&lM(e0LzYZ=Z zR?i+*OXX)M|59NjT(JNT_deSr4c`sW0%t*I{x6J1``TFU+v0e!Asg58KEqm^-3dx2 zzo&bS72a+GIr<%RKzAxf_O$uaM)*X*8VB)t2||2&;vqiURcQ}Fe4aL>ZJK8{hxpvB z%d^1JeFyzp^7@;GL41C}c5qG3X$^m0bnlk=!@I|67n(>1IF1NFPcc590@rhQy#MOY z4j#2gCuLn;!^*s6nExvCQjKMfk2^MdE-D}&LFxMEi{gF4IAQ}XivoV~m478Qpem#I zo8p-6JS+XHI#fQ#%p5b9ExyFTQ9pN<9M!x7qQa6J!};;xpXe_ehX2_a#s7QIMpvf_YTa%VJmBQaO zq=9$_B%CsWM7*5ilyUyM99>kGC-9$L!X$D|b@cp7A9cA7iS+6Y&w4Q5iu*<5^cJ|fsw;-?;614vHL`r0Vm^XPR5GXC>eo<6*7L3 zU5poG7~_R)8Q;<>$hZ&|3F#fpvyE)yoBx}(@&BuI{Pec5qu-8D{w%g}6M=dHv25eG zn5>h65sl+36O7~G^lJWe^!jIq6FH&caB`4PyNOV{FG8rdE?^t~@qca`kF=Z#-BLu% zg`Pe&%xs>*&1S6S5@9!EC6`>taBd&D5+00Gh0=|O28WC6_$AgFa<-#D+85f?PNH)Y zpA!^z97X>u=h5R7Ys|_y`e%6@`X>hUmR`RLl;b}T-si6Hc#XXqP89|=Y7?Iz*1)>j zis8_mx^>f^cSHk%ut9~pDNN|s@pt!yQrhY6+SuLDmiENco(b{YfsdxD)`QtoG}dI8 zQ#4S+bm=6a*|bEHcx;!;Z>2Lr#&W~->YhOn*N%Dq%CB|eMq}!YbFJK)HMZTjei3fm zc7h6$tg|I}fO+5%AA(apwk(M-2Mp^juvrhlYz1|y9f9{1`BycF*yF*4Fe^{~RlU!B zP%d?l)^gThyF-*4%G)Au_yg@HwgKrt*E2kAh2MZt$IXu<+7h4kkF@j8zoC6I1E<9; zI74RO?y~O|m=w9UsDV0|6!kDE+6(s@h`a~I5_ArwRfEQA2zbzD;L&!^0c^f)PuM+|m2^bl9+M5BhrgB^}{-sC2YkLOpIge&cpi2Ob&4NaRX(|~?gVtcee z4YX%R;a=`~#OwpEoJe>&LdgXVgTB9Cyq~7it60i-{mL|aPxl@y>7t;&)6pyf|0+eZ zFM@eIX})#CmBZ+xnYlAGhSaEcYu+=Ie^D;o;;{3B`sK~(*;=I5Us2%DBHJ|YJB1&G ze&dL1++5K(XhRxk%Q_6J)DPlhncZLC<-PDX^>Xa$1aeDG&`7D>L+ve|$J^?NZ)^JX zpz3GJlc0UYx5A+3PPZF)6dG9kxmdiEy!lG7H2f8lv`D??-HG-_!GOWW8>X73VLHqE zR~epe5ML|4i(jwbh-Mpn)y*}ImCM9=M#FP>E+QkDs(YT5={CG=D;67UQ0w2TvYi@h zS6Q{r>c9%>$y7k=Mzi1qu!8RVxm#yHcN?gYcZS{gz78_J9`rtp+v>TE^hPieYNsY1 z_{W%lhMt{yU6JrXO**Yfk6@Q1KytapaMd-#$R6OZa@(?_cys|*GZu(i% z1jn3vbAJs>en!O=@OP0^aVKg5i;^ntL`7hcv*J$B18%($9-L*SKQ+^wo`!3Xr{gZSz+;XWDA2^ycx4pcYhOpQ3csb|F|RC{zO(diL45{O7oHGs9?){+#i4O+%Da5~z@+J-COR>Lxu>9GL(aRAkts2JvU&tst0Nw0_AJXXX z<4#Q)$Z4eU^SN;VQ{B+AF})z|#&FeRN68@=#Nwq&Urk2wG_c^cK<5A~p3+<^J!x57 z{8Em_rr(GMyfOdEF^nm?GJKsbH5yVwXbMIPOD8nxxQ5EP z>{0xxZAZI{O=E+ah<&_?n%Z^aCmegB-sM_^ENrROe578ndHbxhoLsxd4ue7)1 zR--H;KQ@{4fjyd)FKOO-U7j^yc=piKzrv?cdetfJI=S>uw7Bll*tyV4{2WuK#%c}E zE)Z|uJs*PZf1_q9ZV*ICxTb$wWxZ;D2P`uNtJ4_RL_2%tdTBvN-?`_w=3EK3 z82$tP`Y`M=OwDaC<~oPA{2^rlz$JZh!jcZf^+cw^dfu%{^_o;2noW!NMey%IQflmN z^I28mAeg~{8MV~|CmIj|(R?ynoSoc6LZLL9!h4y2O4)w7w1Fcr@Y82cX4AP&c*I7x z$7>tjUa2q5j)I^l^3O}Nhr^%{U^u)X&Pr0s20Wx`A~roUCL>k}KNsm=gxnyo9yriF zF#LEt%7~y+bIpb02RLR*iy90~l}pvj>_Y*!QDI=0Ru7z%w>AcjcLstfp+g)5NC~`^ zE#jSTrr0+B6gv3WpnC?i`fbsJj}Ah*kI1FRQjlUbs4lR<9(FU0pe7v*?WG?K6=u8&g!DASsR^Fvsqi(OB;Lz?(tsLJyQZiqh%>2;g6qkuMAt63&Jx$o zU{{8?ObT|TiAyQiUcb3M`jLFfx>!sFwtPW80I;^~uTwj#V1 z^Q)r#uuM;A{3abR&(q8_>N=<^V1qqim{8BD90tTN>5`x&R_OlwoZfW9YmO6O<4?+L;ig%zn4RlziDxM5D z|3!;PMtny2N+I7UXQaPFrG%0GPB3Yq&(FVP+jH#Mw>gT%QjmHN=%&SS>j^XlZ4a2t z%V(Ot<1TTm*z`5IW}2&O@u11-COl}e_&9>uKUhnL`I_+jNfRD4Nj(mC_2bUj@@u)Z zh@?_Wz$iK^Nh`d?XZrJM?|HqyWU8NiBo1u!`K2Bo^XF;OkPV{AxmmRcmofZR+`l1w zl!slYtykql@R<0&K=_7`7EHFv+>zh5X@DznVPnEVd^TUlV5lqS%pCi2X%p{-r!rOE%Y$%DJu)8`|h>xAYQ+9{&Fy8<# zV}MZVZx$ydRVy{g5aLhw26gjUj$pizj+$+t$h&WjjvFs?2^4zJxh79x14>^{q9AR;sg(90q9&e&-Co<>bE;8w8fgr{>5b(SdRxvt zA*wpfSX8u-P%+SwjBiu%eONplbZaEglqSUkif9W5O=&?v$(eVLcmc~tCDWK1_AINU zKtq*3hf#*n9}{aCnL2X$j8S}t92z)9F3+Q!KR4hm$5#ye`Kx49O&={hXrtA@K$={> zlW&;mo|6JiM`sb;a}aFv70YSc43-o`zkHZb>PtYiJ8G~G5XYW_U|xX{-+T|>hE(a` zyJtNg=U_l7HCgi<)TK6bWU@mB{{JHbapFtT!s8O+VVgAq$E@H!HfMB0ZFPYi;ynzX z-WiSWc3v>PJDd^4J)+3&0%#X+0qBshK0QAUqqdHk#LbcIa#=R+Vk6E90wjS*8_-7t zs2ADc{Zs6%t4(%DLMGLk)EjI6aX|_tYRsIP2)96LSKE$_Z=58Fjt8i4xx& z(e=KEht|R5NAOlTzfPkB-OXU%8H7sTp-HEs4)=k0hkF!f?%`9m~G?ti3So$%7(|;apEzNo|8$-TOrL{u`v~{&S_w@ao3o&GE zQ0R;(k;>m5Lpo#eL=`h54WgF*-5W4!4cPx2My-9Uc}|7?oz9sxgz9Zz`p3q^g0(m{ zwlNt~(eaWgXsd7xDzBKvSr=)X(R8w8hn1bPf$0m;-S=-K?Gkg`5;DCV3`2PFv1pk0R7ANz zWcobv`SPQR{qfN-=LNv1VAXPD`r%P8#5JEvCaC9iL4i@vQ{eJt{4qCHb~3h%17*cBuB$xR3@zh-P3B2x z5*P0ktD_4yEL}ah*MU*xIiNb9rM}=s@*%PE@b!76TddE7rG0w*>UkjD?BzLeeYVrb zIB_-djZRY&vd6R(?hjw8V)mHkp1*qtMv2#Qu0l0mC2Ew9rf8O9X4%_>jw8vX6(G_h z4gXAs&$}T0A%fHRpbS=aG5y^S`g_4h`g=3#@At*)?+A4GT4od2RPOV1c(_b&#(Z>y zh{ypBzizL91)#$p#iP*qX8(zQro-Pr`ui!0=&S-p;0inf9L_Ue*=W0>$q}aPYcG!NIU@h?FX7uBi zzJ5_9TzC52|6?uO7q5kXO=#f=B>(C3ZmJ!!9-8}s^&c| zm%Hf9S$1*)3+mh&mCIk2IFNjtLVZ~G>>*ARaPq{7lL?uyEshfrnQ%q1j-H_o0VV%m zUqmQ*WKG>Ekf}}z#^9Xzt2j+rq=Qgw^!Q3!KX%3G$0Omz%UIQnFJefUDEeH5;6%B+ z+!@Dykp{U8fj>f{$PG@t4>Bn((uBZ%M3YA9n z<--a3@;7aLnfZG_XST&e>FwvDdLT$F!&A-G<{o`oLC^X6a-4#gLHU<#m06@OMxFWV zgibgcbmsl2GhazMa|SKWS8|;>19j#Mt~1vNXnMzxtur@soq6JmaXK@iThF!8t>@b4 z)^nri){TETPj5y<`bW9wi_@J8rfPH+Q|QhjuT%a-b!S1V(6d~HF8GU3p_9&CRE4%* zJ7#OrHp=!p=WJDa1eEQMILdb1qWHh1SrdX`diO;&>(i1w?aFRP zB*VwgQ?UPfHV&J6Yz&)w?1izpAK?o2KmN=WY@6y26N3CUjv(JN5`sLu^b7G)DCr|A zS_xe{K)3uf(vjk+P8768{=8Q#XWz1FUq>n)p`+b6d418 zr4SK5J3cKq^3}qA&R3MEw=`WGnMiL#{4b@C)>EB{0s^{-Km!X#;R-<{! z=1`tsoW-w?Jd4lrSzHUV_^dsPJ3&#OlmHh$@L3|V2zeIyI0hHLpU>m{7lVs$x&U1K zU;BoGYd(kQl6F?Iu^Dz!GMJHMW~jq*lI;uq_%ngUe>VJhmF>~kPSctiI|c42PBF~a zY&1!}C6YgIq8Id`D4Jx!6wUlS2Ze9b*jaSEr-3QPtXe)mQ)pM@alR=c;3WO-D3+u@ zEe=Q$cSOpEZ-{Ji#A8QpiR~_tTfU8NF+5;c-^FyX%lVdwp%%`F+Y4E0?}aRg?uGm| z#oi0~C0!+Kggh=X35$J;1qu5WFaPKN#=gaZ*uI4$1^Ml~O^Znv+_P9kuKT0z^Y$z- zzt)BJES8S6XR(x=^^5rS!2-T#LD1rc`K=4?T0C1}?;iZjjj=qPpJwA?>G>NMOQRbX z3&b`-C9nB{TNjH|4*dv~!xA}FXKQ-pz-ZnG%*<4jgAMUteDh*ybn~J>P1w1J5`&;# zMU$TUtUDK<8vi{*;Jg87{S6)pu#uZX94y`3$}@Du1Hvn&Z_tIX z-rPP~-0YG!7dH`t)*zZkt7GQTWNscQU>*&^@A@Eaaoo^sn?{kO!fBx3EFuMGfsaMd z&Zw^GKg~A?7OB!fo#!;v1#?=@BFBbvc)VI!L@sL^!9JQ}zO{Q3w~scFeUw>Ex($bh zrz3U;^^}`hA{1}ZmyXs2OdQH$-d&NVy{KtQtY>y zedfkmo)Q2oq-t&bNCT$lDhUs}CYAP)ae3*>2kg2o)v60bE(!GP2 znNBXBKsM5Jw2`Lk(~M5JT%ri)T$gPmVG2gHk{(j!@+T?cs87TE+{P4gTZHkP&OGj^ zaMK~30O4n@nQVBDLSHamILEe;RvH8>gRTm8MOQ@k^uY~GI%cq=qVX!GxuoMc1k$b` zij1A>cD5#R-C}&yXmU^}93W-{4+Yvs69wO3g&9|1PA#fKqck7W$UZu&M4EhzZp&r0 zXdzAJ`v)*;elY*nbl6brs9(8lOm=m6ZYRuWn*pj;1L3mI-4%&e#_Ge5nM)R_gi*Gc zqM}Qd>eEV=%Ymi1p0CJSt#EEsRlONKxOz<3{q z@jioddDzB5JkY^6hHRjN{bU7^5yWjEGJ$kq0;w2-TtR7AzM0zY)8aR~9mMk*N(K>>-UyCX{!d{B3wwLfs zWr=E{NN3v>%_Vf?f&u#o(w-2l-}9+WobyBV+uh`9ZNG3{EV;DcTy*w~q#@qQ_Yg=h z4x^P2s~oHS7ii(UbDo7Wbk%6eOtjf$$^1 z08245pj>953|q4(iq(D}ZXj%m!)ou1VYP2bz-kAM??K-autkRIX)`<@M)BHDuDr@9 zdmm4(cOit?l62eycvokg;iQ}@)iW>>K0EFRd>;)1f#kj)8lG)8d_g~TB;Ef01_x?) z{hq8W^d_ny@4$K5GvT$z>%{B>?e+QLU0=HOFMqAp-q`lNJ0^Y=zG;6SeE8@f`bj`}O@6UPH-F-WyT=Xbs1~f7WMKC2JJaBo zy}DGR25Tn4k73G=^Nh6-od-0q!2+1AM&jIklxq3vNr+f>o(nu=Y|- z+6L7c(nso+|9tRaS^D|=zu1Az z(4;=7dcU4?5aKyl8h6Q8byI?RgV2jf)Mt!i&Vg1}eGb3k5l}>#-v@%&U35wKF8nN9DD))> zS`k#?O{A=v1MRE&99>GiKsz_mF4p9FC^`+keoizUk2R_on*Ex}z`7ZLl3hh()Uy30 zUk>d@_p?Of1yeQ<1Z}_Sa;!{;k^?nhk5;J|9rian=)BWeJcFWn<9*_rbH~FwC-j^; zHCQ)RW4+Wtj2&$*=~kr{eAClR^^OhykjgpZD!j*z=O6w)j1K5?zVS$}YApvwu4*in z2#VkMq>&zU4to%K?83VLo$S4yYoKpLK+Gi&x=PIn!nYkNYk=Rf)SQL{293*qAb+b$ z9xut`l{EMV>ywfP|E8$*$^sH;QLa!WScw(4y2a)>egl@}+cVTHHmmTPSvgg4k+j44 zS47liQADkZ)=xRPed{nRO_EGS1?i1x04A->P7W(U{g1OQ2TN$I?_NnIV$v~kx)j8WOCLPR7xHe}`5%<&L z?x(^1sp5V{-2Du=pC|5T#of>HUH?5*m%8g`t0Ec-*t}ORFQYHBI(0CXbn|Xd>gGcc z^Rqy{B*CcG;hM*pr(TEF=;k+2z_g>|Bv_5N_vq|f@YY>vaDBj#wrgC<9Msv}8M-+q z1Fm-A0>4Td5+0)MoL? zVo#Nk#*cjvHxu5l>91|E<*;s!=Ln}9qWxje+RmsgAOwGshT3beE?GD4%rMwNkZ7s8 zsbyg<7m|C>sk4Uki7lbv^R%9G7(diEqvBgS2se6xKk)YxYR(XTfB@`3a;Or@%6(eS zN&1lX!$$)W1U{RLoW1y=NqfW41T6y(zytGIKbfq6NYhB9{U-`M5NQg^v|DuZ_Q~){ zGY$ZJw!*xcV&pWz*U#Zs?RC3VSPr7u?ZZI%B6s+Q_*rJJIFpv)dxMU`V+2BPPva|SHVl9rBxCkJ^Q&OhZv(wt2@H%? z-Wp4>O8K2WbBzzQW7gvHbgdY#uw6cHwY;GKr_0=6y|%BpYLi= z0ugsna!ysKkUWKvEc&vZ(3A%Pot?`R`A5NJ^3tjkpdgZ#=%Djw#~PPaqWAR4iP%59 zdS>GLF4QA`+`UXL?ph`v?1bwuT!-MgXPJB!?w<{#BK=4Eok#vm@9-0A%_T4TyaUCH zcyv4uU#_M`3=D6?u|}FdP{PmCCqOOxpq9N*O9#}jZ&|+Fo;iU$JW%F-C{r%mNR#)Z z-`iPqjgNJzmTQBbbA}YzqL49^0R#)Aus{Dv*_lW)||$0aXdf! z9c{jfOs5*DqN4ym#AI{w=5#0UgTJ)3xYN(JhxhxzWD0bi#kYNC>aP{4k?FtAHT7S+ zd{UziuBZCoi<{q{4wtFoejcv&8g#kAC~Gag4$OmJ`*W(|>z`$&u7~&XnZ7<(L))&= z@K%?EU_4>qUGk%tv`w+*pJSNbkIpk}=ELhVeZS82TdIWhtbAz}gEuRn6sP!g_j$kiEJgBF zl+q(0F40F*vRMh7Ns`w;IEtSOFh?{0LLX>%16O9(spAREr_!#=ZT#Ktt86SrJ$c zT)>u?rzP-#6SVuY@DP~0enjw64XMw^dV-y!@brXXxl~MVlfJAHQKY34h_T?^E0_Lg z2;Ufwu&y2$XSAvJ!x^qc~3ggHB2g}r6;J2KjG=I+fC?Mj_`xrfNFM3{W zK3jZG1^%hTKTqSI=kU)a{PPn2*@Azn@J|E&X~sVt_@@*9^x&Uf{4+40W!|F&YC%Q> z&zAfLWw^Qxh&tCwT?#b{|Jyva_?lk)Gcb>3UV|5Icn3stXUY2^83zjF+q!P(=OfV6 zsq?H%2`Hic-R>FgdW?7Ec9==;AZOB#CxgY$X}A-Z7ONPiBg(#4#9YX`NWY< zOdW+Us9Wr!`63R*g_1EZ;@)*#*a{ersfLxBMvzf?j@k0&g;K;Y#y+{qqH3pum#U;Bcx@5yZO(v{4V+wGGX5+)plz*W8jvJS2a>$w-6xlhg6b&70&{7)Fo&SddewEcsH-KI zup{VmQ{(qYdA4J9-B!YQKt*Z&PcNmMI6l)0oj44JuOg3M*Gvb3$FHjrpD&5e=fr2F z_*^SKG4~!6j(Q=e0;zI&_NC}g<4N#dr_6j7>!h5bJG6DdPLQFf9O~yOhttnf4)aJk z)Yw4Ji~nV7h6vqY8q438>`o?yCb?aAJqOqXVImgN&FqxpYTsrRulRhwkxs|Pm#k9Ien^0j!+?geCDHn zD@LI$wfNYRfBQ2Xs(uzZ#dxkFk70=A*OcKv@UEmpOuH>(Hl%4}aC<)KC{|QL^5}i4%mPDhA zzc9 zfcYP&8!BlCyK^GEFa?x2MtM!K{l%`CZ2Iqf?D1jc95Z-_ic z$0#eu5isi06yS_U@CS5etb%o0=i7OPH7^}5DFf#ZJ8~)YY!?L?7}oTw4J-Rf04FdbX;##v!I8(v8UzI6$qAk?_0nA zBl60<&-@zaIj`2!j2XaLod?wEf*wEEhtqgoVz$IB2Y50e5~Opi^h#w5SFSOKLIvG( zc~xmI7#|?|2SL3?uuk2&DpWDSG5_9F(~$PwrbN0F??JirAs}k-!?bmE*gf0<@C@)1 z0Z$UDLQ~O1U24;D|Bzw>K+*Y)4)*E87=;lyGyv8Ai!Q;M`J)|RmNzYUidEj3%9_(y%_Pd@Rt<$l=(|EnGJ7S$u`5= zA(!ri0UH+I07|VxN$K^mByucAs#I@7$&t|W@FYKv{yHZH@7`m$LuvYZt@P1>(@FG` zY&5}2{lltU^s4iCWY!z(OdEw1VE$s<`<_MuS$+)9ZNYnMt_}I^@>QzX4Id!rwMf0s zdqyt(5^fvb+a$&WY>^5~SW4$THoK;d^%sMJ1zP=JQgJ=}brrvXG0nP3mHSOsrN6A| z=PzMANd#R)V4TC!IB-P~$m^=`O43`b%nCeCzU6F${+pp+Q%4G?V=nUrD)3Jw{&^bz zJcoZa;h&fA&ldbsg?}3GPc#1Mz(1Y%rw9M^;-7)J%oX6lcy*wk2fCedX$I;h!LB6G z=GLiBBP-ZFYM4Dghxw!){L_nn2IerAWFH23KeQL<;(V2+5-V8>Vy}}G_`)|N`WL}! zH2n|EveMnUxu%0iy2fo5_~cSNj)Y{jrd!-J;pAn;1EApnJ^ZT#nPDx-oC*V_n*~c( z-(dQSeJLGCatv-EvR{T|m&;DMM8J#KCuNe()^wnn*ap+LX#xCcb*RoYi&VCT5=)1# z#2Lnggz6m-qDd~Dg-6!!eP#o4E^zP$T6S5hry5ug2i447hxLGo`Z6%GrzJWog`iZe z)JeJ&@moIu7R5N?A7Dfa>(;F=Tw8`*n)`|&eduSqut&hGAJQ~ij?CJfwhjYKk`T6m zP^*&V4RjdEJ5Y2r@ZSTP)Q?9oIl}@YzK*Av)|b-q)2{^%56rh*TXbmpA9OWy|AK4#h)Ku8Vvd=4N7Fo!M3YPqs4KjhLRw6r23VVwqWFN5<$FbNx26$;~yJ2tBO+(@G_O5V^YM&mjlD2&E&4HyW;G7C^V!pNlI$Y@sX%b?`Wl3%-T><~`b_u(>oEM9%| z&qoG|dw&7iG575Nvu61Rbe+8eR&ST#-C6RVFh*iYluJ{fW6R>??eOtZ*m4)4Kk+ep zFVt~XkYwlCk;mz}i;WXoo(BIom1E=KjRoa9)?PdTUB??zGCy?s47o^il;DSMutxkTd;OvwEBB?!VQt~(YI{q1;=1zs znK*jNo398S66N?(wgVyFGc4EU7(NiYT4UbYZMkB4sI7WM)WE~uP_n}oW7#SmD3tt zNryK;BG0p2>k*af4SUT|uW8R|)tIlc0{>LvpQrK9bNFWy{&@-iY{5TO_@@E?G~=HR z{L_hldhky#{u$7itC9zg(0bDa>&-)_F~}nQDb-n!73{*b23D0MTwjuKeM!RgC5f*u zL0DgIgU4x||M$KGHRhzkI{cmi1$W3{+&W#rI66BZ=2M!IastM0_dJ$9W*%EO#*JqWt+~Dbe4~jB2S9m%1?uTI1BTVV)wG(A4Wpv zIb-*xz`v=`<2>~Epx*LtAw2v_J$V0Aq9Udu9<|WLwg_G9`gvCBM!sk+af3wJJI~5I z$0f?%s6=Uy*OOI23K~L>?c)mCc2v+7zygtGD`<2Bw6vM>YsHrj!6WT(l?!^>j}Dx# zt1WLuY1Bf>S__Jhw&?ft79Nw-R`M!oZC9L1lpmn4b%4I+WBD#pow&~SVd(fLqVGMQ z#PwYaU0)SY;dt>iLf?xczD;nNI#5<*yN>Mqhfh#oIQV!q`BR!lctwm`bNm<$8y5^d zEO{eTV7E<=Z=0W0DKHm2gCr%~csiK1hHr*q@mh$Vc~<)RIQ@o=(b*hm!5nD8oD7ck z-HP%d+VarJM0&YFG+;q>_``0l`5bFq8CCvR<0`dgJibxKa3TGpz{ z^G~Q!on}4aQcPK4+m&D#0jQJZ$I~du;SI3HZyO+tcshc?g-Nl*>crp5O#)O{Q7qz2Ig6;ehKQdNd#X*^E<4&Az} z@n;mL{|jAe;c@z^h|}MW*CI}zu0@CbjjoNx5tQ5Ls|QP0)Z2gcxu@u zpoGVt^FEM*&L>@n9&Y(jJR!KQ%i%Z+U0-rm>EEve4$VNY{Zv%Ed*uM5$j`d|WtCds ztb5HZK)fs>*I&?O!`hYLQK#WKl>_A3CjTnvXI*}I=8job?mOgz@|-~9mHYwd#{%Li zf$rp-Mn8rbzdhH?q@a<&w{erBQ7-!?K|j6+!=SZ&;A4BWwvR!w=r6jKF*hEVeQ~s3 zYC%W&i^+HdT4M)%tWj(GkRCmXkG|$wmd{f0IIZus(LSjG-+C>XQbMo;EI9nxnJm>q zkBn9j7w|nQE?P5`kqirFl4yfn@QZfAFDAn)Sg3eou9Z4&w*1;ccy=~R&!L7w!PWFq zvMMzwfzx^NhQESF8M<4dNrUTSDAh^V1f%D`h+(!3K|;WW2NMLSgInQ@y9Ebh>wV&Q zTurHu+k#=I=6Nq}IA9KM&$lvZI26ym@MTf|;6=t`yMvEM4e1pJXgm@L$H(I}dpur) z@yJa(kAUZsO=J6zVBPe@k(oq9!@2>q>mz<3wEr&v|em)d8`@xcW8Q!8| z%Ky$S&|b}2?jDYh>pfL84ar>ks~9zTjvGHa>i5)v=HRUXZa5ADG0RFl#TlY0JVD^+ za^|t=-{Qwu?A@BV1eW4~mEN+(lADHgJzst;^);aUEbKFS5%O^eoY6l207Fs78tfxK zYeLZITI?|twqg|YK0I4veF^?y(BY_jmC9G!j)H8HUvohXlFzOIiHa3qDLW9_hxHK& zy}d;W%nG&bkkYrG-VV!~Q-5FKUc37DPN`%Jy!ZPgnEBz)LDOceyv+WN4c(GQtJTbA z{30S~RoUMRw8RgMwP0G*VM4Zsi)PL94iXHh6we`E*!&ft;UD< zs_ZldOtRxW1?Vnys?>ui@ew*a9?@wJTk*=1Xs<1C#XD9!;)n;)EB$+wK-Y}n{2PdX{G4m$PNk5dR4K}m zx~C6$w+{H$$A%PnW}nZ>J!P+F6YTvS)*fYFJg(9|-^`qP$9bm_azk$n-B3~D|6bYtYbP0s}ALr9s6{-Xm#XrP14UnS8 zNs7YnNAUL_!tY6V@y$_K%r~(Z)XTtL;KJb&IaQ3Exj6>|pLipWRH0z>Y?hvm&h^hyEhC)Urv3Rsh+ zn)taDLkQ)qef{l$x)k;*8kwP!@Mlw2$@M~R?ointoz)m@N6#hq;}kiLk)CM7p2kS$ zvNI`A==q1*L(Mbs;iDiOre}+aU=a^QMy>n-=pd?fRrzuZ2%7#T#?hM3;_tUb4#VTC zQq|yLP`uCJ^;ozD#hb3jz;%|mP6-~)5SQ-Y;WTlX96St)_ZgK@aj?+Kn|~I;=`=qD zyBP`ePZCnX(;uk!u&rcOv-`6QcFK=2s9&Mz%7f6PWlG?TTbwK`^ul6$cZ8l8&t=zS z)mjPkD_O3Z^!b2a-nw7uZ&Ly_DLzKW%|pND7T?ztt7s@NG-~CyRO{CN`Z0Do_cc`- zx-Ie{3=GKJ4?*Vk!6k^?4?*POB}m*4v-qVm_+bXWN&-`rUrE6aLEQFI@wx0 zMZ+krofHkh&JP5mu_U<$Jkg*)^*KVnU?>R2-M_-4O#*AUQe)XKX+ zobCM41joF4Gk>Q^CvQ_Chme$`wcw#CM#=%a9tGEv4T-K@aGfQtol5XfhPY0G>ojpK zVZal=Uc`r_Fq!(j2*LK)QN(k$+YW7Qg9RwxO5II^-ULe!+ekT3*h5S4q>P381qA2+ z(${&og8}-u`TScH65_L9@GN$E}!`-G8U{si0nQNhCWT;>*5v$?QNp> z6a({2zgzc!Z9d?ZpQuttk5Mr?9iLp%1I@{h%a+j&hJO_vAoj7| z{*FNB4AtDo_XZ1^?Ss6uD}uNly6IO1<`k$Dc{)1=t$U7xcs7tY@6yJz%gCK91Bt zx^y=da0Fj_3i^YcgqEjflj#8!?KRj*T9gjqb77xUhowD*=aF5%U*>17RKrS7olROT zHS2g>v+&X1v0lK|q(=C3eV)mVI%}gbK7(#~S8EBrQD;m5_lcVY|TiAz6o)%SE?}Iu<0Qax3R=3v=74>smaP#`tf!GqIn39F@xg3 zPtemr<{HtO@Rvk%5w@43Jqw8lG|7PGRN1c}wB0AD6ir(KhWHUF4$A!n4nFlBB@VWB zad7w+ddt&*GLaQ5kk_};9(=0Ld|`{=23C=WSKF2Bbq zY7bQPi-F zS?Sxj-OwJs#LrLIE5OA$t$tQzc!GwBiF1*g)oJ8~mjfYmg|*6MU1Wpp)J=;^TTB~5 z(l$Q?4N61Bj$HzG5jh!ql5m-ce%`8kP({jDVPoES74z} z;cUP{pNbn}oErQ!5dEY15QFrb!pB&V+D91Ux*>FQ5YvWl*ZFECzT*SoTR}MybYWGh zS&*e-Y($bO2*Wnw3*pOE_G;Xl;bfivfQPH`fE0-VJk&r|RpF42HPD!0JLK}KD8N)m zM=D444i(K-K{+>CKijW+4u}@(2q3`wBIL98_{uv#GcLJZ=avc#ZH(u1)&k6y{`+M< zhP+n%dqGy-47Dg%Weq+Ax!y?KBsWFhUX>QfbN zW$o&xoM6=sQaT@)Qc!XoMpx6S;prf)cKuT*zSk^Bl>?`Fa>~zP$2jSfz&RMkgi2`mG% zwtYBng7{4yCaHlNK~nD_Nqrdq9K%Qd5tY>c;F7v6QBwcI2?qZ-E~$OYl`~9I$ML*s zVG6d_azQ@l-hzmwD4(~18IBmHPdRbp3F*Dzzijc$$^Uf(eFq}TfxqCndCCAudS!?l z;nk`K1WT3A(}1ai2BNAwcA-eJ~6$Il3Fy#W0ti zH~{bx3Qw`>dG_ku^fAmUFoB8gty!s*HJ03pLlGkdsr=kJiBdq1qX6ot;cSiVM?jG9 z{U9M}VzJ$bEJx*sPUG$o=J(rAAfijAuDlrp$pb!2WPTiL;>L*1_Hr}N$F9KI9>?0q z)^lpocEejkB9ce}N^H?Qm?ea_)Yi>O$%3|6bUme1IJsOb8EZ4cws0o2c*e?!(HqzS zn>%_4it&1`W0S=ELsVjhNMha;T8u+<7KZ44E-Ev)sPsROz%&J5ixdnLfyCU%gA~(A zv+Ya}l)@k6IgRr2%z4aHi=5LeQF^{7iLd2j$Iyr%vJL30 zlmu{E87Kcn(pkIE^-NM!pceT&Rd{MKPLjSITEhq0@ojscS98gjp<8OAWLyG+yo3gs zA6hB>suVZK2#M=M%!s%_KK*G1xeXW*26+MwvhL*p{DB=pOxAHRxrhYhryk&J7~q2! z9bld9PZ(BQ>|nT471ESIPF@ooU~(oT%E@GCKqkt`%&GRU;Rx@twW`Ent44Y00q$QK zzEPx&|3H+wAwAyBG&yhwiOgu>*8w?kgCwk^QFmGklD!KNP13h_>hg z;?yx*oYtZ^JsT%ZYq4XtIPLT?azjwOqu(vmP(S-bUjH^`gDzVuPM-y?Ny5`QFnqrw zUNhVC_vqjs0DPPG_-syVR#juo;Go~ zxC24usRA(}ZD|uF?yllWWD|jhZ&y5Rnzt3K`VQT*H#$y;-q{hdBr!qm!OAW&F=pEd z39**@sFoUJW6E}W5MztB`#f#_9FY5aU|LjxG~Ta9tApAQH8hO#qKdMtvbi;E!FlJ7n-}0GJe$he3;ll&9 zILPP;zwjWZJK`tPOnaf`6Ek6uxjL&$Z8XS#;)Cp17#-yBBvx$$Q`)rPZ*q7_Oke88 z_+_9Yg#dj>+HL+&!a&jRjXiH}6wQri<%r|I%gQhlKQ%YYTD?jEK#>$|iFz1Lg zB83-b%61~t*HPuo2NL%{Q*FTN`zME<5M0rNWMr?B?mL80p4P1|e1qHw@`m@0f!=ay zFFvqWw=UcG4TQDhsWsVlC=Qy41!H+D+`R1YZFU_6s}d%e3%v<`KC#Yg@l&wmykmH` zt!U7vJ>)LRQR!`z?ldy-vfXbB_Z3Q9QMxI%t2i|W>>vSM_IJPl(zwB8fE?C&{4QUw z@a`FYCu+w`!LQ`Ef=|QSi61)a2z@UciHOx;V1}r2rKxbvX@FW^#}!4+Z(t3fpU|2) z>btj3u$_ycyFR8{^KOrtw4p~&(8@XuZiU|Jw<8QLa`u~_#@0ud zEl>-MchpKsQUUrq$UL z7EtcyeHe68m7qBL;@TOQ$z;zT9P~s3l0h4)906+UGZw)K` zyOqGUl+a(eG|kNxzuAESKLTFfJ3ks2AT<2jA|KLdP=tV*(obI~MnIML7m5#-yr!rDaZOPJ;+moc#5F|?@M{q@V2-BR zS4Eo*%{-|D`l8VS3dR)GdAO$qdSe-?2o)%s$U_CVf1*<^pEVjO^gKVGoBky=P<;+# z1++lTIMteo(Ets?35wTXj)0gl{Zn*LRV+GSi{@>%qXS@BX_m{5kcs~h-<%W6Bb_wo z?j7degl8+^^Ch485NgDW1g!Ub%av!R9%4f|>rE9(-b%=b<O{PMH{MUb8>7)u@4y@1!yB33^GjiP@HzgVNbEy<(%o3}5lqfXk!rkN z3^KagC)JBnw{aWyy7^ER8?-lm6{?Y=7DJQ3@XY;|AM6;D7M}bHeVoMG0DsfJ=aX9D z);zj3o7z9yFYVR&K~?x=H2v~p{KfTSjh#}Yfr@!ay4~30@#Kp)={8UQmJb+`pTt)w zioqrs^ec<}7rbAbazX>0S)pH+6s1}2-HOz%vmdcV_z}HDO?sv9oy)~e!}0(+3@0(q*W$tUCiPbulEl!>ia4MM3&CI{t&rZne`}khOD||TZ$i1#)(Ja**hiC5V{U14m{v#dK zr`_M6&}LQ!OxA(IEZnst%;#Es6UCHay0T%ylf2ET@`0-3m-gA)`1kih303m?az`xs z{#}d~^fMsf{k@u*nT>)VXTQ(+&~kN}|E0o7es+ZGea-0P)Xg-V?}LMut|FKkdmF_3 zR6%7-Jr}5U>C+0f6fN+L^?#(Kbof&`RIAX1dVDG7g$dsbeWLC6FCoMjYp2H96&5`n z{#PmkVu7n9 zzAJkfZ5p5OnPt2YL0g1y5deSFfg7tewy$C=@FK;_6DuMX5%5?uFg9^yyaZ7y=8%Z^ zF}>M~%pK#AALGwSaomFLPT)6W zQ)K9L7-4_$BO2Rnl2RsiL_0K3GwT3b7mw{l_t8D=TyqOw&oS$TQjR0PFPx8MY@{-p zkZ}fm^znr*A&_fx`fQ)HPs5>(6Ui`EN`>KwidPzXd$cMHNegUC z(!B2#{uhtx!>wzV{OA|>uICs0#4gy)Km?3Zle3sxwU#IH2uQLbFN|2H;eA&wT|(Xj zp0x|}&D9X%%sz~3-#^T+>+{ry$57(Cz+vIl-KCl7*>-wLFaiVb3y(df0i$r;}fo9#9;Xi3qfWBP1q58QC#*>j}D1~;0u zYv2-^R1w=zm&@P4WY)XJql9wh>;bk7Je8@j8d+2~S4oDWnH( zkJW0h1gLxouphV#<|NN@5??cl#-izoq6>zK6HL7j!Jtzqh{op)7VcL`b!+BRz{97& z=V#Is*c6LR>6OdZNj9X+^5L>F51LU`bd%u?$)(>UFMlte2is{LH2FM7a2|xu^Y7Q8 zfByve_dgUfp+z$>@6amEdqNHz5VN42%T7>l_u)SONJ8&~QZWX``+Si{#{i;HcZniz znA}<$2Ub`*wc>Dt%Z3q{O5ECHHPA55vtBP&`QsvQB@ESVYdHmuV(>uZw zbe@$l{Kfbvl;{TODxnA9=)bUOgwZdUQZ#MY=)=mmWR-d$LQ!AFP^Q@G!o3*ir+SW? z{sk(cjyyWUb|iYZN0Q3renexDI?Z^XNTc05bRVuFWVMs5E_l>Q&Zv_Ld)x2XMc%_U z^d7<*_@T}Yh&JnYJlK15@Ya3J~@aPOfCYStDxkS+=DA$rE*9Xmn? zcR_!uD#oEvL5$8lfeM#^q}xeYCg{i*T@2mCGPq|kVM)Wp9Sca^{S;3*5vB>AqGj(8 z_XqaQpfnzf!uJOTl%k_ia^0!|xiH<0k>Jl|J3Q^0w-uP7S4CHyu?SN__1eSA2^N-P zjzuC6)UFb9sJe)wHVZm1jd9?2bYuq6bZ4+;D95@(+9VZw;=AL!P=7#2ZHEUt5a{(A z7|uj*P!LVaFu7693h?=V{>(fHXq2RT>k9vZq~OF#aE=*Eyug!qAa2`;Ol>j%gemVaARBMfEmTVK5` zy6T1ggP~U+sZkKLd zRW^NsW45{aN|#@LabUJ{`jxZg7kyWz&UX5)bort!8$dmfnF4DFtD*f!8qQtbvp>XJ1$)0$A3sT zx)?3;+6x!?i!c;9($U2WpWmk=`_I$5*Z_h~oZ5em!*lD7h#!CdOOg%t_)A=ut>pun zS?m}%smNOg1O1(W`V++e?{OmN45KN?kUVegqkbDr+ zr%+~V3++Gy{Y@BtOl!8mPHP?%rx-wFc>1}=y+8CDXVh~U8p99iPth$EfgUND-evDk zCy=vW7*Y#@ocZz0q899$qNnV@>rrq$S(oVA1=m^P+NlJ)GQ@QfT&Ia^!j<9IHXZ)T zlTB?M40bv_^?`a1LAeh=w+BwN;&vZeP^eO8O<5_(KCga=4 z>mqnmUk?0?$Gi?0)(`r{`9v)+MCZe&Pay(5gXai_U~$kq{r;Ty4R1ZH3AKK966kaw z-^zWDyC-Ak!xeT0_o6@tg2(-Azu`GB*UX)wgH{pn^6bxY*%Y{_y(idzpf>+Z|NdF> zYpZ|jTIOTkS@P!9za6be5x7|V+vGXc^ebxbS=av|K8El^3;#gJx39ocet#J4lLqmi z-yf3aS(%sD-gCTv2%n1}V$qwfWqy`@3;z5jlt)LN-%Qr5>0@i}`On1XX0dE4?@cJL zgCl0Jz>Q)r1U@LTR z@e@e@E0F9@0KLv29iBk?kFUMwU(ci0c$;2({|UW@(ceJ&cO(7pIn#eQABO!8c+P)1 z(tkCM=N=kZAnYI!wwF%h-+JfN36AhYL#i`ae|Q|Rs|Jj4I9W4qMiR!+cD+l?dd(+d^>V4{h>@C|Gd#O}Y{=)S^XKe0yxU-r zKLK>F@mcAoY=X;(??cQ%)ZVYKa|)iu-vjMZy}^|?`OEf~OsT!+mq_PB{jC`E^-Cl( z9zywLl21B@8{)ro>QW1J7q@-Fw-`_>I~KkXKEq#LR;l0-@$E>p9ktzu`WqGbwdrh` z!lvPt0fR#J;JVFtaBXk}D9Zgr6K_kAzqUKrUkBfMmA-wo-GAz@0;!U|&Q~#BS-W~2 zp0~$suysjNefY{iWX8(N?61(8Eqphsp5d2-)AsfFfg))5QF|fpRrUccrZX}94!b== zw-63T$wIGkp{82|rvyW$r0J$F2`(g{K~e;r`rGN?XKR0JpgM)!?p{(uIe0JukEGTs zSq?{36r%&;_B5Zo88eVY#qon6jvu-?K^(&)b4VN;DGfRS6wD!sOvhH}D+%S;SCY%I zuOymdUr9O}cp521w7S>>Ee@QR1lG_tJ};{AKp(cgUU55OTMO~uKcep=tdB@Kkodpl zDR;0(x9>NECKCV6^R34R3f^h1Bn$A-5K z_<9>V037~_ePAC}{_uE?w-Mv-kC8SfH4{qm2Ias%NSJ;smu(ipw68Wl(BFq4Nk18d zk?%ioDbkRy;+ooS1`@A3&>sQzyYJyq*qw)6KB?bV@m=X6FMc=aVsAQC+nsSGs^iv8 zU;7$HShW=16#9?24XwY$W*pr&SRFo;M%hkusYV0K4n)ODfnwrgZJzC_rAU1>Qt{O& zKMvG(|Dk_B)W7;ptbg&HF6p4J!V5a0=B+NCQAsiepQ*xM6@130xTJxKD{8w3vGsrG z$1v^1cI&13iaRBqL!zaydbn_@6T&4yun37?M-rdUMFT};^$7dj6>+(1bW>TXnhI`5 zJ*S%*nEBrao9icFoPKwaYDy|5(KP9tY=>?>oQ8>)RP*61)x2}EYTgbO_)n&S%?1jp zwj4e|nw4xpeU%lw1pjcOZWH1Ovl2q=1?!|4%tHP8g6DMBs&08ATl*FMzqUKv*Q|M3 zwU#63ln)+B0)t?a>N%}$c}GA3)ZX*Az6K2uq`XaroZkcwyrg>e)!y?bcoSD6ZwuUR zf!kZu>kAwsJYJ=GPEbXN=BjyHG<>|Q6$D6!Tv~?NW)S#swF{TKo$~r3x;P`R{{dyP zaQzBX$ua-as37WQNoTx10==%lEeV}1S*x=(ofumhJaQ8VqSQ(}ep`u0f)-XfVO^7T zb_9O|(*U)G0gT|mXYQkCbb97h9^6TqtSS?>5bRxao!zv=JMSx60rutDh+SXl+;{nRU*s3?xrrR}&uQ=327 z->y>zBx?Cu%p<%OiY&pJeQTYdt)xx^Au$a|)>B*ka(_f)gFxe(V9lOhfw9>Y@bnS~ zU12|_->6%u6KnH-)BmyPHMJJ`1e?0XZYs;YLbtNV!t8)X9Pe+{DSbCRT%l00FpmaA zi=kgrKt~#lIXIAe>Qz>!29M&?(_g};U&5!6Y{f4*m(66;$Ii7fub?L9zuf;Z0+8`0 zXI7w!fn~38&=pc6^Yez4nGUlBS`z9%AqE1-kzGkcn8ce5b9(@lJg;G;%Fu4$@Z zJnc9>Jv~NcA1B4tbRyJnUCIcf0q z3Yv`-PH0ZWG6oam<^CP>tnBd`9=~toBb5cV%Uk>CwZQf)u&mzNt;qRpI9qW@ilY-~ zHp{$RVXd_5W-e(qJZ-i4js1ONds9qMldI`{hI{4O8ss?GmpKW#jsC&<&p(|GY2%^QRqP=O=U zp_-Q>NZ2F;<3`qWDr?_QuB~qDALQu`v#=HwYQvi3x2oj)APW*;$)M)hiIW3kb~5UmJ23;Q7HE`sGBGT)HPA%WfaF28Ixg~! z*JvgzNe$B4u4FU?5M#MlomTR+y#5VLU9tN#fdGOq1&f?5$kW*aDqMp&S+GE7OBbmO zv_uvDtpcNcQHIJ^WvOh@WR;FHt5a0Ae5$&xw!(29O5jECP%aYMwBVnHHhn1yeezSM z7CeT~Ctl#T+cfE*=8eeZ$%)V>5gyVs8G}a<`b0IK#rSQGfP!v^`q4fU1lz04c3jg} z?3kA?pe1On1XZ{Mq%VD{Fip1hDS^IDict9t?M9u$*nsR@*(x_SQ;__~HPt}Na!YEZw>jucNHMxpRk z;TT1(I8u0`JZVS-BT+C>;cXb_!ed)zkYToFs&4%pdbnnRYOcU|By@nDB%qSO$xcKn z(K%2`=udPU-9g?vUkC^_y4F_*~`YEeFN3FA=>H4!FQBNT({@x6-{}&8Nrm5x z1|{7pjy@XfFd}^rCWyw`MRd|45uKEW-kzqw@yhehXpEA$7RV+CqcKY2S|FPojKwI))WBliSb-j;xE zqOy%!cyuM-%z|E8#!?ZrwDUOTd&a1xL4ytG=2reFl`NP4i9(o8Ab^UMIv#Y!K@~F{ zn$I^=NbE;8+6kr&yCB+$`OwsO#1o@a^S&ehDwq{qJ1FUliqbIy8OT<-EYl@U*D!yY zk97*P6YiyEMl+s9G7(?L06yn|q2~R-?j@UG=5Wx0H7Y9YJ8Qeo^f&tC*IXuO7HB&9 zOoTRpb;ZQ6dC%PM)@7C(WwB-oZGoT%*ar=T;_pTMJp?s?X9#2s7x1a#;id6S%I zDeOScPY@9a12BoIptS^Fa*Og09vHKvSD&^dLtg*=Bzxmc^K4fLz+^0pfEta$DOiBy z3M6q~T)=6M$Fu?%PJvzmg|UZTlGjg8ih^Y{fem4wtz!iXG;@r~Q>`HGn<-{$N!~E} zAaqN1B4rTB1*vnu9>nQ5h|^Qg8^mlH#Q4WRZ=*r{tr*1O-_jsP>r2ORPX8i}pHHfz z>O`nF%;q#y9^Oe9yO$EiP7y6st#r9I|MmXe!^RI=_=MfUC!BMv=}D-##XshUX_k*; zmLxTav7<_(V~3|TZs7xfr39Qh2knT$lq}*fC2x>Rt(S*JZG&M{Ip7nF%OV34%`tzT zKc`9p8>VCv#$>^(FBM*8bnlW5>EGcFI{ z)}=0uy{$`oU|D#HLZQw)%dD_3Or#;yQSK(4>}$e&X0PdO-;Di{Ve%?^Y5cRV)C zCr9WQT~lLu)L7_SXl5h3$GAUy86N89;wmb+y#jUs!(2QE6xO78s$oP_@`_aX<(X}; z*MW`8QuOn{yFSO{GiF@V<*z8 zkpTlC2VTJ4cN~m8QY_G5AD93dtMXx_6o#7ElOsOlfS=$TKIl(N(Lo;^dC>2c{`Us` zZTpZ=jpNe~`n&%Z27TCA?y$#luR(!+8L=U4qwqH(cX*!8(Tc=(d?0*FVtfbLJPZNP z#FPFh2r*I?_gXkve8;Rhm{7~p$j=Wgpu~9U5DgH=7tto5ntxj5l0^3&E}E|5#>5{T z(O?|-83PZ7Xj?+_R>PV_*fa9XUcNiwI%UV?T;gMWgfxmnwjbU{_a(;M^VZ!AQVQg& zy7DgErFclJW#O1Yl0!=q&V9a=8B&nP%`7IcrafSMR9!s*JxfTM6-u~BV`t&MePc@a z9zUxCZH){3=>3fF9QYRdN!(wV3u}PtLp0om+It3JIfTXtwa3pgX3=t}P-AfUm4fiz zie`|X@nba2m|S!nDqx0+J04JgygA)eD#ou}Z91ir415;~*%2L6F2--*s1o#LW%MEJ zEgi~Hx`uD3QI0Ceiz_{)j&tZmiYiYlT z!=YFoR91@a!qCvt-=vV<%k`3Gu?wXFjXdoN3;M1nyc=ZEX|M9}CN^!FWu?C(cB3>_ zE!HkE-NTszp~cUF9I?AISs*nK3pW}dX3QkfZNu9o2U4AagPpWCvxbwx8;wk8g4+=r zzaOXZv62HrB(Gt-wkOl<;Q%;Iv}4$eFj1_*f1CZ_H=CYZP9(J_-?Q^`_^?))T3Y`jaZ{b^of7P52m3l@P&aWuYZp=D1_Vx z8M^w4xCyZIlIVdNu!9^$cOYg)X)Vp37x>`x@R-blx~Ja94qX2#AM93j8lT#{e_}nT zj;#mV;7y?rhts2-sG|jfpC9ehaC6HEVs)h-ai#KbNodBgM6)gz&AJ>!l1AI1j@u3( zg@p@*76uJBWv&wK4}TXHcR?H!)nmf5;0Bg{8yKM+It65X6V}p^xbWoD!ozFPap7qp zSud)BMLQ<$vqU^?QLg9{&X|S~WWQX7us%YxH;8s2$OL9GRp+<5<^keRNVAVB?)M;x5ihQ=K!@E<=K~V1~j&z7( zEC*CiFEXvC$)D4xdK(nP3zuiM=Uchrj8}j7G9JGKV}l!yjiMY-yL8VUl|esD-XQ$2%Yphmh9R@sO`qj@kms(Zye;9e1w^k0Ebco4w#4+OJ`TyOl5%b%g6?@>~ zzP~v&>63VhZ}?kmR)l}%BYzKe83prpZmQ&k?=`@f`3{b$7=`fd8fy#d8aorxPe&I3 z4KexnGX3?D?uw;6bj4}R$Gtu30eGJKX#7)kbZ>U)o^Ca8I*HU`|5SN>I;s2%hK30a zYt*U<6T~F`3zz%@MKgsI(QxK&qyZC=Ne2wX4Ls=CnbW6vcZeQ?z(1WQ|EkVsrJv&h ze-8%bM}o(Q2swT5I*VwYGe8N=i=oJQD{n6AEBTr*z1|e-u)+{moRir{JW3`nkeMBp zH(-X{@Hm)memqls7>`bMKxr#R!4wVSA(A{FI&zzE6Yt~*g(}j{s2z>(wb0Z)403#G zkzU)quD>A9rcGZ5zTXOuyPoh@NNZO=!SjPGd;&_@6TVu(fTaxkJGSr*!IOIw#3?Lr z>z*SR2x+i$^7;dG=F9&8>gcvP9k@10to{EVbMFG)RFy4`=cH+yLgAzcQWPa9XydaL zbcmq#v)mz1Ln#yMLBvW>nqBCWnGQpuMp? zk?z?o%SMMHB!qeBc0>gQF;e!qZ0%0vGr@KqCnVxhPUA#?#Pzkyb{MY?u{cnT;Y%35 zm29n)3T!v4&7n9Ky3`@)@=Eh_)q_loiZP<#9Rw7;sEsd5gm2u{t1ruWS7Xc~^Kr94 z$&9jR#j{Y~nyqfnn+FTapu061?U6XI~8=FRJA1#V$aU=2v{ER?to)&?kcns1V&>~M9vXI|OiciY>LO1z6y z!pHYm@Wcdk4v=q8preeQ4 zvL$V^TXi+KcxM#|IxFxSX*GVk>__lR(|riSPRCFTs9Q^_z%N;;3jOK?dH{AVM5zp` zDR^C@{l%x$N1`KJ9N*Kg=ZmMhUvJg>~KeG z1yO4!9_Vflx*M=rlgSMXB+kpKXZDkHi3+`ff?)2PCv%mO-7oS}Kq!9d^9Hffxdd^9 zoWzX9O(#|Ue7guAnW8t)K~`&n@ver-VPc0wHaFHYPX5D#WW3|xKWuXHIY&VDu)2KD znMI{jwuRW<+@cx$`n$;-q@caWp3PWQznsdq;UC4u3s)Lt zC4_^DHkml6`gG%r3R!uFnMu6KLcz?1|2H>j0n_;PP7b|Ade6h-?d`1`R^^VX=W5y7~2q9CK>nn+zm}6MebxC76MM1NuzCXN%-BWrQeNB+<^}P2V+I?gRtx7nM0Jq*7;s0IIR%=ResgpY-ZxsiU)mA_6 zfIKyH|58?RviYsK09Msjw>FR>tGNu$&u^{f9aRiO*~LGsYZL&?cG4taNysLxOl4_nIe!aQupY!YI zAP=yI`Stf;F8e`#{nP{<$riy_vd_&7ejS)T!b%oYu;+oF=rV*PBX38haOMj4iVG z5o15)8NZ{vgx=*P#Fv-QPk9O7QJ$%Hd8XL%SOJfiTo`W8@4}G_-Wtct2@HQlfT5o& zD*=M)WOvy>El-5`Eq>etBq}J|8qjuFR1HwAu=aRzTq$URiYC2Zfh>3scd$B?24Dwd zYH9;oT9JrRuP`zM+NvH&F3WFfZ${)}jU}sDZxxmIrGw9DaOl|$m>tdjRW#u5!0ZC$ ze+vk?Qsq)Uk-X)Ju|<%LY!#WulCP44wN1&G4ef!@_ZBSW%0%efIow#XSMuv;qC6PC zzR>&@J=I;GS1a!5Szu?{s%c$;f`p5#CU$|rdXl*YT4x?mV!x4<{p1m4F52ZZN=g@B z^fsEk42)TF~UXBA$!~jarU^QV(oFCB3Fas(_|lF?n&d_zDc8j6J3j3NVK2fH%^Q3 zF&NWaal40(OB$w~e2}zoPDZgzwh^_CD85}U6r8o6> z9ZaF1r%#RPAa8?bD2!dBw<1Lg1w!610eTdOF=(PXhlLWH!;y*VyCV0Mtc024yd|m3 zZ{8Vv9?0D0(enW2HIJTC$Y~xun#pG#JtmXOyfZzmnqxK?&?xsC-}nnm20F_;BoGD!WP(-V(sA*Q0yQUrR?SJEUo*-*B6z=T6uf0Ap+CpC3H0}J6ZnE5 z)=i-Qf5T0nU$d>$O{O2FQ_$ns|F3&o1bzWcwV^LL7E6#B<6<^Fo}jEb90UfmG$(45 zdxHxD`|cHeD>|3~F74{{V}twW7#rN9Np!Y&S6o=ZHzGqW5?1g~OjyA~F<}J{#e@|+ z6cbkPP)u0C7~|W=$s+dOYiWkD(Kt(`J>CI9Z}tNUFas1HDqdt}yRd?p*`k987pQq! zjK+=ij(1wyP}X4DO0;oimMt z&(vucQchjeF}ZkThRnR)0rYka8dfYNVWxvxtTf#0dJyxDe9+02<`j6 z4gz7lsF_^s$l%Iy-aYUO>@Vh9o{pKlmMY}mClg{Mrd%0 zhW6PoplO~}oS27ZN&Nb~qyU~_QS=U=X_eLwI!MzDFAi#kO@O>sCwEfVL5-NWD#)+@ zEvZI_DFn1=Yp3{on$a=dbiht#wF%q-SOag%6Cc}-%Vz0FJ%;%%7Q;Ms4BbkkAb-`O zQi>Dq@=cn6?mgv+t7?}$>KHh8q>ysPnX*&zWt)g{Y(#NIS!D zJ1Wrt6hF`cPR+AWl)hgur+^dqjhkXkW9Me_8#j=3V-5K^wbhBf#Cto2pcfbIl-|U@ zxPsmDw|FUDZZ^NM!5EF|bV1uy)|^yoE_EclnDHJntypAPcDKuZfiHZIiU|N6p;I*F zkPtYHaVoUbm7oX-)voYxJy?F6QIayUFD2XtIOzOG;I78eRb0gD-*5eT8@E?j_$m_i`o0 z_rux_;jLSibB>mit1Z4CgqSm!b1&sYHX6;AUHnV}&KjT`wv)npx6n4`tIQ3RGn@DR z0WW#i#5w;HdmFXV6&K1wF~T=KN>)+jFu==lU{u|!7{cOhJ9L>9bl5s%dsnReYEAfR z5LAkZjg>%eS>5QaDm>Fcj{XqUap#5xPlIJp2?%w)%&2l)+e4@#r|EAfX)n8aLi}dG zw+T0n8^i=BXouwvn_u$H;NIpuiO``i+5DFxA%WrlN@FZAe7Rh9@p~*5Mg>Nkfw9b$ zl`~GRgx^Y7R-7bZAevgq{yAP9a4!&)61nG^1uHUcerttdi#EGJwm@8Dvy09d?iIKa zp?EehhcHZ)QL;BLeIM<0m{U&}ckI>r>nL)Yb3)YV-xTKYE%Pj`5rj?6F&PVikBK1lG#W%SUcX7RKT13KcG=g4==Lqq`(kMic{sSDAZ+qjt z(1Z9N^g?`rF#kQqN$9Tc*HlV$WXIf#fjf%tCoh0(cQ2Vnks^m88Cp6&^ig!+@?hYm zCXw&RW({W9Dj3fhqP%+&qOK-%s#t85xz`h!j+&@B7p_!s98nhF=vNp ztCZDbmwl(qym|57b`4uj_nd0sEmuE!K#4^fu30F)1h)!m@eSY%x*B*s24SA#@a9T1 z-}5mD^PEvuB0YJXu^FAk&n4ilpvIkn%IS!|;V7Q|G%+T+oy7}aV>#KR4ca|u$Sm61 z`NDUZtq2PrP1j_V4$05Y$N zj@QrO=`7hiF$C1^sDbpb5XN)GvdJK5FOlt_(?3Q~4Ke6-&)uXz!edH>Zx|7;u2t&mP9g$=FB9tt&Lm}zI-amp7nLekdrOP#!gs{ z6Pee-1*f6}npI+s9(8|m8lZ}p3e->hi90KPNEW_+G9&cci}&f@3C0M#fn zkvLBNfWoe*{}$-)_0V7UglJz&F`#L{VGFtJVNhtQ9Gb*}y&S+~cM`v=MOzj24P}t? zycewyl@5ok5k%$@E)X<)QzEjx(Q`+5Wz2aEcD$6GY|6Qb)HjfLT|RjXClsfS0pVE7 z=gy_^>>pkzPC?cjGlDc8&|Bcm0xaGDEZ$B}31N|(;Fg`T0mRTG%RcZGulo6auGAN`ml_l?6Ev z_IxcWdz`+9IKdl8f@KRmtT-?HlY8GpTNp=0Wv)SJE8+MelwlUcop*=Y>(*7n(^_(A z(wV+gj`J5}FDp(wo>0v5G_W5${Mcg@gG?w z)CH&bOxaGZ(c9DwB>>+@a4ILATp3s6EipO~8AqVUGP)*=p{~Mot7j)5tzPS7-%wA4 z!Wz^%Z4H9&?ucV_$YBpGGxzm1j2X&2?19VfO3fe4iwZ54V;eC!N ztVPuh{_c7ww+AF_AyT$L89KcPw2N0uoc1%Tt^(d+bS+5Wv#fC2WlG{Vr17Cxf< zd%lK7FMAAcjdUi6^Q&=?uA<1Yjo4yHr-3S=AuoIr$@xTz0X1|W=oHI8x1DkNOsKHY zSbZYrFTGvXH6w+{F5J6u zC{}Mta-a*ERw8nxqHU)L%3D8&I~O}&mO;wH{pfuXUXz;(YvNpT!2>;O0v&}kiApPA zd~n?T{VWKX0y4P(yOpNk6X&%B(a_(5Scqo)>a{QlPNfkR17yvr4}J-yI@C*@F!{Y# z!jFvF{xf%mErk;%K}p_jrRz#rpa=V=Y0DrN9Za0h-o^?4HnEK#1rL&&v)d|RCEzto zv}f7dzIWZH8aj7-Bfan+*jvF>XnRnWb4k0UH+0DuZ)AAE!SD#d=AYtwsvN|&W20~b zDT@C}cilI>@yofr-s9b6CAsbO-opu8tH50lyyZrR{V?wxO?-=jfgtzac#1AGQB)AB zGsic6E~37mvVzFu;w5!L zTfKnBCWf*cTl+z1`m)E#h`lSpHNPH*=}Kz#acFfyyTz$opkXfj55#_qO+U>y-Xhw+ zTE1VfHB9kMssvCPs#@&@zaa^Gi7$HwGSu0Pi~fSFxp_ot)8Z-eLgexqGSWb(JcCcI+S*kPmucAbQ3vXa`f_xS2* zzM+?iK*DjOdY6$XIn@7k2=91nT5vf6py@= zp4T4X9mR7l<**#=vAtyJLEzO3_|yI~0>38PN}m?|GzgX1nFcnfC-p%sr=YluuxHh8 z0=Z)RV9DE^%5OxML%9*t7EoXZM+vu3*X`h1K`IikuBw9Fc(%BXJeAgXI|ml56qHXf zM3?YBqP_4jL;iM$GVuc#F~goCwmrZSsJ1P`4L>n1b2+P{E*W{(LT4#UG|@GuWj4mO<0;n$2@4Zk4yU?cu|bhSnD zR$4$C_q>O96N_fzYF*XcV}cszTRmH|K3cUzcO{NT^A3jA3jw8X$u4YLF<-QI^WK|` z(KUcZSuyx5qn?8J%*EmJZVKyHilQVw=5X zh^F3(bvk!J-}_q#b=&yD7w{@~cLF-DFrdz3;B)tah&O8Kt&;Cq4&Ly&6_F~X6!5vR zTjurv#{hKR$-iDIa#bQImAF2C<}WPe3!g+}_5%|)qf83?vF^0QbwRJPA~EzARNdPF zzl-NQ8=+^w@8Xfq0tP@?_KJc-z&2&&tM9}Fy(5U4$JzMJb7r++kXi##U}sjnULR-; zld>dl1n~VshVR?)X@J?l-Kp0<^^GN$ar)>{r0cmMZ+a9)-%1Rz-|H@%M=n);Zec8p6(gdhlLw|}h zVGghbP$DR4Vx$5T&F@(Nfc@Dq{^lb!btfVv${z2LX3=N590ox8I2Qe{Y8(Rm+ogQ# z8hsvcd3EZw_&Mv^?^^)R#4UhlU;$LX0yyJ&&%TE*x)SmK{uunf?_LTjAfq@0V$|N? zz*iA5pGQ~wEqE(iIk3Yp4;aP#2NNKDzfuuwc_q;RS~Yslf9T=TP4R!kKkmH`%CzEQ zvdRjK%5UPxjp%@U)`uU8+5s~Dq#P6VsZ(mbjR~j`ElY&z!}p5b!{;%&hi}j` zb%P9>@JN~h-VK;sJQO!xW^wvYc%t9N=x-zaPKf@dy(-yW;@JVD)qS1J1+wa8Ut&5G z9MuTrYBKWH!W^?U>TTQ#50b3=_kPc-Q7w_Bhv z=;cNEDMoozK6TowKz?!ZIUOMU@%)BHE%r!ZDe<*t+17}nW&3`S7ptJrE3b5*_0|4m zmx^c)co-#Ag~s-)5FJaR z&bUWJo47Fx_^17?{1U$*oCc7vGD7VXdYyk7-(mVdD0DUZ;aI@0aW>On3Eqfx*)t(J z0{ypz_JQU$XF(ra!8m#K6A;>6e9l?QB-%OzQifzcw+ch|V(|6m;JvF)Vf>At%(cth z8JF#>rxF&6v$>}>hpibaTslSx_=XyK%E$4*-VPSIy@CyI>WwN0!>48GWl8|XgNi{Q z!B#1v(~SsU5Ox+t+{19ZedsNc#{9gDlhQ5HLWyU32z}h4bO>#g$!;6oxT(eoOD!Hc zSd0YhRh|}_1V4xhFbO5LDv8_0sxmMAhZ4xblYyZoV90o~VB(5rC2{m*geP)}YD$2o z1bQ;TlZl=Z;VF@xlHiHuO@^mrw3dNs{c~sxl7&9_y6$9E%$^*&s!~^Gh-#KYz27W& zOIv028H+=e(jDjsv>8op6z3MF@8t_9*s4<|KtPsBevJK z*E$sEP{jCG0w7pX_-}I+dZcuxR657wjD&|vzMtYwH;yPpy=UxjauJIDgEZ6Gd zU>&%uf;v50aUF#(hvKqG>cg`Ib_uWON^&<~P11&b7nLNSh`#7TRC zw%rKc&=0sfO^Q_XfGL6SbS?8_4rnvZn7~mSD7;rU`oP`3)K|44a$%BQ<)SfkUPUn^ zo2#`|_TXz_wOeirSUiun1+w{~JtneC6pY$f17o4)$Xu|!-Z8oa-5PTg;XHMdZ8uQ4 zP2rDv=~r66pv@q!$e^~Y4*{DDp@xa^1Ng1gps><>qSbeaxaWjzw>NTm!AMcP5(9r7 z5mWZiZDw?c#s(5SH|@DP?`;hHB>RTGETC(8ijB5yrV&&=e(M12LJpQs-575oL;k5o z;RDhPp-{*Q1EUD-dxX&kaWLM*5~llxzG>SHKU3d?65J&i$+Epx810upRpYni7@@7g zhpddFLi=aJ=r1I$3^L+$wOsGo;!qlGRm&fq=sc>rEbQ83QMIhBO6Lp16erzQ!h3_L zQ&y?2q4*P8Vivg?r&0+NfZssZ%oNn>L4~sh2ch$7rNXInV1P$8&m2Ol{k5yc8{C)S z_7>j3V~}SaKNSJU&~n6Vd*kvOo%Y9PEWZ|{L6@yb@}37ZYduHvktU-qbl#;@2LC7l zC9k8cvKHCaB>1w4lJkqv)N)Od#8tq&!J6WLgJAeZsr?Hygh8~?_LD(~UTnICL4#o6 z^*4J?hI~+>-o1o8Gwa*(+o@lTVtWI%e=@b)W2KPPWx;XSey$99ie5vI?6w3)L0ah7 zbYkzvJQ!>da=9O+9&_+EoKKFFwJ|tESDMfB1$j>U@#QnHAQh>7oIh_EY7}J_o6JCV zIXp4u>YTRYQ+#9aUSV>b$(uVLbDiM1kp|7S@>EWxPJeXfJ%)#3@9R%=H4*<1J z8y!S+?|yQt#P zPopObu$1fJn2E?HImRUiAeZENG0E^ML{3?8*1peJq^lW)BgF;kzZ14ctP;;cYH`S5z^zM1 z63e9C;fHCkgsc*;HI6C>!KY!m}x zHbz`rH#S+H4xAdKJ?P{p>}U&EJ(miVQ_M5(BKv@EN(R9sf@T#qW9nUZ(e8G5WDLl0 z9YimZ=sOU1Nf|%JrMSmf1lt+lUxU5JlZl!soqHOcpt+fyw$}FA(WSz=k_6hhnl&a} zQh=Q(YvzgT%Bp&A$;Z^GK%Lm~@P_ZZ--2P@tAJO!pQUi`fS|1)mcoRUNO;}48U#Lx z7pp-Gw(#qBF%SAcjr^#fkG=$!{I* zK>3~ollkyEl#ePVh;efnjAdzV4=G9R5eWnCX&@5Dtw#VbB}c_U!R}}B;80eO*_{cW zCif`#Gy*~2mfVBeye18z*%PEDGb~Rz!>>;6BMEj`mpvZZzhv5*%$bUH( zmH#l@%y9`S=YNKQ%izmzu5u4VP&{WT3E$}galqTuIMrtwJk^)VJCqXd;ZdLz6B!(y z!&~Ix7S!%cm*((k@};2Sl~`T&I?o}Oy~_QP?8}K@92W24WcL-$EHuU)nKHR}q?w{` z)_6|KT$RjK%eES5L^8krLELW7@}spbH@P?!Rc;wnsbbl{(W4O`jr5p+j|uc>!bcN5 zCgNivJtpB}5UzB@BH?)|H`Q{MI2+K5ZyNxJ z9*Cm;|pD%^w?y&h0oli1suA%eHC_dY&0OJvxPXT%kjl<>4 z>=<0mMCBboT9m-s$?hAyP3ZgqQEUjH*rigW!~uwSI&SbBwmO-sm$7*B(j7{5mLILF zjgDdyIZ-o$s_jT37n(*RK9Z*mV*)-V(4z?-P4t+EkBRh{gpaI*WPH>$ncs$<=)tpo z^qK8(`phS?`UvPVBYO0il|A}Q2h(S^NA(%U7*uHFF}*b!c?_vE?lHPf^O>&Gv}-yI z>N7`4pGlW|FEM?_F$NTxW?i8Z(sY|Gs4N5SVpu(NR&51g;B8q=ARWh*(%hrtl#1TcSRH2rOvnaMZLX7) zy_yP;9H-hiMmP6>p-NL3r_#t;rYWG(RK}|`&e5$Pxxa=EnqOnO3_Pa320YnHs!Y88 z0s71&R0i%NMPQhvk3O^EVv0;TizlZw9vbKZ>Do1bj)Qy3znK04T483vNLd|+WA(L^ zvRBh#c4`9^PJofQI&TYzOI1-FhC=(s=`eRvvp4en=r2{8{^A^chUqVmyRZJTsIUI= zZ&t=Jq5X5`=(7@64jFMyI~TdnH)3{QP+0o){+>KmGZ_MicN1BRPYT+ISH>FN}1b$nrvZGJc4&b6(> zWp4!5+ej3+78C=Zz$FsK=31XNkOF!ExlYC>kZ#%=L|zPtMb*55p)qB9Bk%nKsVrlmiCqIDjMo|(`K5D7tm zUX&5?CzHJZmcbVm8CY}C-H381c=UddSd??v>HkQiH#Gdr?H>+*oy*qgvIk)J1HFd7 z6NcYq)`vgW+-LY-C-=O5-uqLnPQ}?Ayk{beKSow!Rq2g%Kk`GWn;NYy+l)r>$Kq;S zIR$E4mP7MW7Cdn~RP=5VZfI172AJp@MA*P=GXzj|(K5vKilvGmavxKGA&P3c5V7C?ggQr#yh#*%)fzafebHIvZ`* zk(inrgEp-BQ}z;SzLaX#G0jNjX<{?h$robOP!OM)#DI!YvMw^81dI$tjCx7u3>PiQ zrJU^PzzL2Dq&{4v(7A~;FlN3mjnvHxCcdzXMCuDhzGx^dnQf*XsXTPVpts`p)C$L# zewxvQZBSh!`NH(X{`*u$)hkt@?TJ(#G+-`?Ssl=TJJ=I605?1MZN{GJui`ta_kKFk;XDuI?z2we;? zQbn_(J(iq{M0(`Kp*@dR#)*zvSMKg7G1Lf{MqLEC-#6$$`4B{c)ODIfd70in6e#6& zas8A2=lyeE>cnj%XEV|nMT0te!u}Gfl}RmfF!u8Sc=vJ z6s-wECo8p5dxI-V(He2^iK6XIz}N+xCxhQ=VJqLId>Opqwnm`OVIUDYr6d}5iUJ*2 zmd+G>@)%8-F!UlpO**vOg?Z!U9YV9=y@=84`svE;piK}}9*GJCh!ln%eR>cU7J7;! zb;3Y65rYWR0TB$n5CKaH-}XLXLLKN9wWWj!Ls7TD{R>N(h6zT*gyLS9aQDLW9pL9|6NQS>SS^c zYv1kTa98R$QDB@uMupLvhqp8lHww{hF_C2$3>BZ+@Xxtp!dkgiE$h&hSZUd^W=1^*TB;q2< zgd3t*XNMK~$&eDBen!bvcwFH<+&Il=8a~yRIt0!AoLL8HkK!`iqqxih!qpnns9Zix z9%YfdrB;{y0Pa!LG5*M*jreqqeEsl+uLF0E*0nHN*F*o)y7hdw`tg9sJ=uA5c3bU3*KL2u3=a0RG)-s29tCOF zhR(Rzu1%G;Yf}SYF2HsW6YW}77|YPsF1!`fAp((8s!*%(9!_R)d9{*Kw36hQ{U4NC zYr@a>&3EhvcZVXBwM2^G!c8W8Sl`n5f3y!p zL+0(oA=6vHuOEK?|7sWP>ND{*|D~tj2B?{;Ghoded&HW_lmRO(#_I7AYv!nC1J=w@ z%?7NQqnZs^GZ$NP00;igPV@m>#qLQ!<%!VktZKA+7~m*QMYoso0M1b?n>l(k;-irs z6Yw#C9!>aYqQ^vhOr*yod`zOpWPAkCFkqGdb>9-Xs<4x-DO|$IGCKBb@-~f<6I^~= zS)hbD(qJ`NQqyQ1565*pT-(>I#g$dY7ahQr3uyOaSXtVMfMbll_kQrtxZm%zhEpgN zj|4#f$0LCrm^~VdPRq3;fl^7C3&5)^g6&}66M?yAr>zTh@`~t*Kwdf?Aj}q&=f~iY z!1lgJ0zGwl{yd2B-3{^fE)ITMHQup)0|3-SDGf z*p6q`Ca;y&`DdI!e9`W!;LcmUliTUw8gSO@IVZQ@L2zKh^CpMX^GLaq-a_)O9K*Z#+6j?JKR}c zj#t~gO$lxrj?pICnT+;D1~Pq$!rI`DBxEuz8yI%T#CA+eC$d#I6kU8fxLOQxQZ=^}h53A3vR2KzLcT89qFldLjHlgNE=)oGy4L zQLOX&9f)MW?0M$$lFYNQFZRIl%b_vNsL<7+7`%W#U7c0!Qc6NkgUG&v9S7Apl)c_I zUQl)l-XjU#?u2EDqOvz^S9W`kpNA)Y>y-{}C)WV@b2s4Le!{7TjM20N(OY3+>7uvt zyl1zo=%9OKR-|YDaO9oZ>qw-bv2uZQD_mmmi=Fx+t6xQVKluVw^0*_ zZZ|St5C6qkP9X8&zdy^RoKApl<(T%2gWUjhT*3eX-lk^sfnck_(PzS%O5*P6Qy_HS zI_LuwUKign48I-x;>3}ZaQY}(MxuQOCf4A`5d3(+0*luQe4-I5S_~wu?ehgre(@1_ z*LDn&y6f=cGyDiZ+62>H_&mE0e;)wA38n`8eF%Ra0e&{BU~|}vHL)6(HYYCNyG!A} z49|ObZw@I-OIu6}usnWA%{TB+1G!gM6LCeqdHg>DVjy_)6MnXS5v&Tqs^B4z$1<+= z16Wn;ng(@}@HQ0aCfV7&MxVM{kPP+cd;h);m;%j&~iMV$Xa4#tJ z%WLVV6usX_>pF>ozK@?SKBrDtcer^JTgqWr${o|Y2!PU1%sF48^t)P+w6 zp@?q0!!fGh-^LZq%_^-Sm{oD+Jz_!1C5<&f|?eFis3MBb!DGn~=js1oAer#z3aS*n$dx?S?$KV2AJnm!@tvY+W&`kUAlHDQ)y<%5%o@POBp5Nl7?Y5I2?;C#J(9@w zYR`KPWq-dUX6HpnOv4W%F%QMNh}GrgGrT1+^SvPkK8<6h*A~t6Iy1{3nH&G6xD_!(hvZbsBd!4Cnb!s2JF@Ub#e`slS` zM=Ll36Iu!~>4r$YiA=FJ3nYX9<-$|*`k8n#bO5(vHdCRYH3@7L2C}N1Mb!fTs$Z!^ zw{jrqq;PZ{ZSfFz;l3X#JzeYVNGO<&2rGIc$YpUaTjHPo6iT?=QH?#h-7)Bfe+@C< zY$C!0?2)8{S2UNX@^Frj_B-8Av+LlKAkq_;8Lu>uI#NAlyErrE971+Z}Zr zcBC60J1yAcE~v5#{es$dXH|zm(G0+Hc*QSbjG6Tm?ZjK@$2{L)m-bWFzvQrI!*0Mb zo$$K`OIqBpfW5*LK1 z=?AERQ0(a+0|K0$3bf!flzDph7LGNqkS-ke*eha7`NiL2Eyp-`I=3L&*b=QR4jOT4 z1%G-p{NIo5n2F^}=tv-2Z>`owtutCL`O`4`r%~oPjTG`U(2K}j1sie0+Z)N`y&I?% zh%#qM+&LX7^n0*_9XNuB3cz_5@5BaFVFPZ*ZUK^2HWJO^7vI?M4x6VhE%;eRpU1Fb zWF6<>e<$@O^dhtC2U5yL9tV5zZfeDPyd{o|Mynf^c4aNAAF|>eY>nOkHbNcP6d=#>TK{OFU@4|OT%nc}whN~#CjH;wGfe+K$ zZ&^zw7=YV{_u>PL+TzEy;1eKK_&D}#=@!0O~$(8miD*oWjDl8NL&`!)k{ z-NGtFBo1igYSlk9a#e*qzJ_Q|$Qf%D)?=@uS?lonUM*? zPc|;SI-2V$j=t(hE^DA?KTFz=vxYsORgWo6l=2OxG_#Zt;{EmTKOY|+#078iG&|w#mjVVMb1Wl;M%AsBh*1J1S@;Lk#T*|nTkq1RZ z4aAvlcsfkzs3^d03)t|!4Ln1 z)&?mVh8k@ckWj-q*hz^cG~RkzDL!H6zS8J<_#8eUZOhvdL!TE98uk}9y;VJHquD~} z#Gh_q#Mq%x_7)g;6u4%ISY(U_O|eRuf0}i^K*Pr7hy(#wgrnWL4Tg;XAR|j15|=Yf^r0w zfi&EM)Z9}`tVan12YriT#$wlI9J|eb`kt}FN$+>;T>iMRbJqUAvAg3>(XqRIa7(Xo z!@+b^;J8)5xY4h~k$;LCx9~j4Cq^8&TbLOT$$LPx>>D;5Ivxm`bH|xpz+rLU&Mv^> zc+h^3kcp7>4CH0n3*zF_&|Mhr1J$+kL_%OEX_F+NKI%W|Q=EC<+?wR;lcvzS}8p&H~j%Eudu{jan*JCW8 z1$O&kF>oSL)Lb#jzSOm#=qt4_3w&WMZ5g}JH-0k(D)E`h8^~Rg)8NdCh`w9@4RkK6 zKI@>Y%niDf{d9Gx0k0FeR1Urx9a$KsIxtxsvw`1w!7=Xl9~n%{$x$FUSXkG19z*ty z`+cUtYyd1s2Y{a%QZeAw6J|$Nkl$M6P{;q2-@3~&?q5H}oEUd{@VX|<21!|zEeP5E zwSi?5ERL*FmpU`ukyY{Z>?~Qdr^A~ z5Jjco~>fX5eKqsLJCxDTmcL)NWFYny zJ%g@2)ww}AVJ^DvYet_q;gl?Y*1@cLbPh6Zprim1s)kz3KqOm#Kg1xYsV~S3Wkpyt zQ&iJ>DGSKaR`k1P{(ty3cU;FjNOX5#|JET{9CyiKN5<}j5bGhCutT%t^&3t-um)`87Ki+^|{P>NF$%{&x``PTa z3eH0}$h_U0=bG>nqHl79HB*X|LN3{tSn?JzZh__I+)na+@z=M8#QDoZces}bnbjzX zFuX5@NBI&iK8<-rss;I?4rqe6Y{JE2eChISrGODH4e^_`-*f&$-q{j=_VeKeRm#>+ zfsTyBQ=rM&(PN;VGXUl4OXBF>} z^AKiU6lNZSnHLAM1YsscVU{qMC2=q)5r@(>m_j3IDgaiaA;L*CAhMro4oP)$2N`fWiE> z0Lz!y%=C_37r&2J9HS~a)OQNWQdyeqP}jXk(W3q2+)Ch`{^`D_-_xN%o_PVIBLiiy;>KQOj_L{rHTb2m8^$ zkbwR8f=xC1(Wp--{y6GTSBef*kR5214>WALYRbZk)-Wy~(zrPPDk`qEs)F?>uD2aP z`JDC&e#5Xtyq%g*Fcq(jG5a%qTm1sTKIszAK=?{cV-CH5z3_!W3@$#p3k}SF9QkyC z{XoH<&}Sw?FMbO82l_#CDIu3~7Ak7-b|f!dBddbe-#cBRApgbp)hrMxMLFHZ9PkDHe z3Ac60%zCk$W~3G107@*Z>%cW2E1u2nG$$+|0ak*O|FAh!Ly_4`X{ek-mBldT9c2G+ z2Ik;)48mQ!ea$c+!n$ronTzT69fNY1Eey;;V9=2*FjGCSbK+pF4A!c{{woePGY&SB z!Di~P+v8wOaj@A8Hd}}NFb=kXi-n!RU}xyC{y5mb#=*{Gu=8}-vN+haaj;7m>=GTe zDh_s53~Zr!Ejy!f7Y@=65Gcp4xExo-<=7O>u_-1;ZCs9KLu`)C(Hxs&a(ot-N*;OhjerX zs9d3=vLnG`aQY@21-pOw0#S9YRW>0NcT99P^Ba$|r@!*v!*uhkJ4yI}M9UEv^70%c z7|GNP<5fB-0N5K-)k&k!8rK4}TBMkr7|E4rwc?jm&*t!8@2a;G@ri#CtyUtR@`V^K zLSL4!DEW=E&P5_&H#t!_Equgy)lv5hNvU;lRkFJ14eV}Ft9Bq$+^X}fm{lt&7er+@ zUpR``Nzd99)>Yt~hcE~Wg9)97u~D7P;RJNmwXUqV-|)u$@w;FQzXN&Hp}xsj-pbjG z;}!YIF(L14nC=@h3fSE_GjKa#cF60_nFP8E?cj531@6E!)pQk%l-0#`F{UOc&{pPz19W)Tqrg~a%gQQ?tjtXp)eS7-(C1KOR&`|9w2a}YSn;N+Iyc>+x*iQDA?7HZ{I-39eGk9klO&3p zHUrxawAZTC1Ws6#JQ-9!KsA?N^2yNT8t-9V_?St{`vCN9<}XsP?Q2!18{bh-<3`)@CNZZPI;0?&Yl3jDBm~6|!Ku>XZdCajIPqU!F6r zJnV`48dhF|ssHl)Cf0C(-;AUn88Xi}(=Qu$^Ei<0^&rdEgdRp;-r7PCxjNAsFhVci zCbf!NkPB*6GUlb*N=y>wi!RlbE6}O{!jVkuyUL;F)ka}jbwvfVDuS`Z0C04q$^*)T$$j6yc+iV#z&2y#;lWOEdnHACcSNid)Q6vI)+#dt`12W z(k(&RjUF^W5+ZI|0Tz+Dq@G8Pvww7y<3wLv&=|_U`+3)`y?bl4#%%mhyRZN%9|3iHOS}1PdmLPs zpnRoNVk3Ud1TbPcI1QpY*CN{X;7p0i+!+$ay=2S=s|bAqT-Lj4yTLt8gkdDfYD}x9 zBDeOa$aU+wNIlTzdk2asd|@J*oNlXU=&&w8vPKK-hsS`04nc}K_XZR>&M6IH41Ald zl&X_udnun&3PMP*j}Q{Gp9SJfdFRvqvcs!Z`rmJia0W49=0agRZd>)x)AH`cQybx9 zNcpM#wdLJwhLoS(Uj^S&(K^g8c>Pw-7osZ7i-DJgMhys_wEe2!-13fsp8Yf3yHokf zHO}Vp&NZtV;loo)7eM}{-vC{U-T;+q0T30?zivC)mX>#(_LpB+JZRWELk!sPVQ3E) z9vK_oqdL%Jair8y5qB8%%OnfgH3lp1MR75taGLy4UU&MGWUDIweCgT5^3S`EmK|AT z|B@?jtoX9HymQH^;_{~MFX17aS65e{I#0N5kn=nr}2 z`&p*_XvW(s6W*2>#c!Af!W)1*eE>h2vee+ijzXN6Nw=m-8nMYjTZz>( z4hH)cG}4oOQe*iiZ5=Q&;qr2*^03R)QvS)=*78rfk4oMy>$3FFa12yF3Iy6}OyJii zv)@<*{6A|gceVM;@8~XtK?r01{pH8b9wkhiEvXcdB61|NH?%b?u^iMx>fRj7m1ojvSi1sSH-{2R~yHpL`Z@4!6Xn9A5 zrxrc{3sz(}$*B~gOK9^>ycp@HyAO9|RnvT-rzj||*2&>n44EmH;8h2Hs{<{Rqv;7O z9aypnD+QIXc86x19A{Hs;^^m&hX5$#OsNB0QmQV}xYGXjlM$B@p*@X+fBQJ?M!+`0 z<()zx+!vSs^mh%H8{r{rjo%M(DEoDMhGLemiv@ts8wsB~b$s3ukI&Wr%lLdyR`&PK zv=f@s8=sHpmk&PB@OeM2*EFc*ypUvMui4P zV(FEn)L=TlzMYKr4OFCF6cll;4}K%W5;XkE29TvzLibMq-Jv>wJ>9Fy62IrKq5p`Y z`yoR2Dnj=uS=9^haAv$YyLkKnfopYgdo-L6Aq>NLypz*uT6T4K31U_wVpcOdZ$OlH zeS#=YAWNrXd3gR}b`+-q&euSBc=lq(`?!es(FDAei`XAcz`MD)1TaBg0`Gmt66kx? z1mn0nQ})1gu_e%}p{2dgb79JC&+%7JT4cBMe{WJ(BLUq4(d*rus}H zvf4y-(k-GgDNFQLm?ire&uOQ9kGme7010jWWcSs~S3q(W#>gC*<|rO%5hEpnz20+L zu+>UHBe+^`XEFvKEy=<&EmMl47$g#)C@JWP&dkvxdZIHM=@C8AnG@&{J<*v>^oXA5 z%!%}fp6JX;^oXA5*v)5qjpw%_R~5Q766^Gk`8w1BO?Zzs;(?T{F5Z0-xsn92WRT{6 z@9maDk??SIN#q&LZynO(%ky=3p*iMLPCm>g3O!0L&1UX|MggTa0+vVJd3wmhdtgBv zzc(QW`7^X?{tUx^LuVQM#y@G!fzW3>xhE>`g7Uh0${X9aye=%SE5<)!`0twI&pa52 zw>kb5bb6VDhA={5wMWt%VTis#S!nLH&9n|HfuHNwAemfgFqyG2o`F~|Ou5CG)bd>g~AwDUkl}&ydy8x_?9v{>Z(cL!FWCu+=j^wvez{ z@ck2gBs$b-6GZhnk>8s8DD6~1bJ|PVF%os|in7D@b`WwwWBH73z`WuY?VY&xov`*( zDxD|ELE;G6w+uG3|&68P6}^Z2BM@#K!cFiTtws2Gg^kqw1?2;UC)Hp%L9 zATB>S4;rvgR;Mii6=#b8l-W$d}1ZY2WQUr*1+dG`L zPr~<6u9+O}6GY$mWyNE5DPK#<7qYU4xqJt@_IeH$gQk411K3}n0Ip6_fLR}LDc{Pf z#|#DH`2|!osjUS4BbH?IMX#iw7M5+4eWs0NB@55)lYAy*A@U}wD*~Btn{89Ls^|W4 zwy~HK(Wl54{Q6)5@U+)bP&tY2=j2)Vt@Yl+d|6Joy;87!E_g3oE-Ie%f-7*$hQgSY zU;w{BD8XghrH@!R!3E>NZxfBq(aoTiY`NPvaxF9@mn$pzpuGgc)bU#{5wPWx zVqZ36`9KB`8bAT!@KLAo=Pkza^J$#O1z=(|KZmFB+En{j&`c{Rk(MZZK5sE)5wJI4 z#rucfh^i-@kl`Szm`bw207F2&4?9@jmyaXIhtR}%dgJzDkand6n&3p5A0sdu2BodyZQ6;Jer}^X$EbsTx@_wO}CwI_WdB@a^t014%>su5h7&*rYMiW)XuFU#m2;(kx;nv^$~2q9qjoGc|<7% zA#E*6XDFpH`D+bOk_Km1ec4;jTTDanQyyZ)uUSK~@oUbIdGM8HO2bb%4PT|rO2b!a zbJFHX-V-{PMec8PxOAX7DY^$kp{l-4h%r<)T_TGw)**y zx~`i&-$y|J4#c!T27MTXil#LZYQZH?ZeU(kTUp?Fi{qBf_$A-s$FEtpG~(AtXknTo zYcn;-PYr5>&yiVrd&;Rje?tdar-^7k)=X{sWzRG%y$nNT%3Li8*#S_@SgiWvL_Mlp zN|{S(WFDs;Fk*cY>loWLz)rJnhWI!zJoqJlW7P&HJ&gx;p=MOzJ4 zztf;KJmAt@WnoAKYWPrS_|QHLuhJTBqA24~zna$|MruTFS8^1m*58N@ka}8;LVOyk z0TxmN(ohYskQ$JNYJi2*fHYJCETjgcp&DQzH6RVu01K%BX{ZKRlF>5_j=@_n26~O5 z56|J+s+S^w30=wj`V(E~f$4uw55d8FEBp)&M+C2gLzM+x|2IybLIb z@-j1!7`p8Af8ufK(cUYtOz<9EBPZm&?aZn!TL)`zz-IiC2l(-8)__L*8aaT-QVNl! z6h@X(7+FdIvJ?Wcw3EmZU-SXG3?u%hF>{*VO5hl{TbEv$t2=?ZbKW2W1!-4utl{e* z9om{DdXn}T49nPufFQJHFS+K!-;Du?ob+4d;~Q7y5Y ztz1`uuBnuz>7tT5+o3#(eyQH>wHb`sVNaXBcsQm_KaGi35oe33Go#!pyklSkY3t{u zQ-POZ5W?3>Q5gEU|8C#V0g}B&;9oBh3J-dChqcx-0MISi(L{Qyz0N%Z_W+5HL4BXP zimE+ViLsWO*fhpJWt4gMLbdL%WP25DqoUWDPRr6f(YLah*>stNh+n`h7(5X)p@Ws4 zc;0WVAa=7N&2%YHS_`@l3zO5lTAAC6PFC=;<{rEjxNLa%kxdesnL@BAD4|^bH>esuQbyw_zBDrzkoa9 z7qCYO_zuPp1o{em=OOgs!t3)@DWi6E08Q+GD7$a$$KQ<>835o{eqo=VObjFL!J6e`il6WkAOtIb zv)>(mUyL2)IMj7LmYOd!OU-)S zQnO^5Z#)Nxz$`UOgur1?(Q4u>H4g|}DX5i=k~#_Wi!LE>!s1Z!nkA)63Y@Tl@K{Th znlCd;&AqXfnyte7%u;h^HXbc1r4HL3NdC&9J|a5QnKG1fQdXasH(i~?K?%&JG4Bg_ z+`=9k9AxGPnjyMIMvF!fMC(S1Z`Nba=(JBt;|o93?HS+0!~fBTG3rL1ftdl;hc+8~ z*+W3d?P$U{g$}I)hb^v@yyN`b>xS4!(9vR52>i6_YgrMn-Zk{|3_azkh`IT14G z#W+)1b$drA<;T{!ucZ8!_m@A3bW~3xZg)=x;^vx_w$1vrnsv+NYrr#86pT)hH`-YfvuNgNZ$nw2%DA?mC70aG{)vpC(d@~?W0(lXl(m}tlgONdG z_WLxl;uw=p0QtQEnlymIG3%Mg5G8#8wl)g(QWWgBI@oXf0sDCrtV9PZiGul~U_un^ zunu;(A29S7^FGlzi8iWm+2=LH*cuJRedNCOMjd_ajRumv5eXK$z0uI9y%DTgGsa+@ zbUv#ZsAgo?f(w`G6oS%qbECU^rR%0fw?TTmsZlyq3%qkXFwSnos)W2PXl=C2u9FXD zY2>QaNrtjh;&$s)192jhhO~X|w_&5QQ!@fG#~A^=(U0EO`#zjnGyBEZXK`y^#l@-c-7fPca2KdngrImk^|4yE{I|xlREc@Kb-jsK) z4#A+x{689`K=@|o69<_G#r@FzyZ8+lgdQt=x}?1G=}`aX41O|axQdxG_?^lD5MGmn z2<|W@xSs}TEs6CS)UHkWfo^f}(9Ha%ZgI`fTk@M0Ww$ltA6}Gg+Jnz$Kg(}fgyZoR zj7nAhTaRUT`$ca>wq$Shl#5&|S~u8QC9YXocMj2iS!U>+c>PElUw~r}{Q6DZvHB&| zZ=vdk#ME9#bv01Eerib#LC)X^^v9ewPne@BCPy{QPj+`H<*26|vyGJF0r+|>yR9+* z@MGDg{Z#Hzg005%vnBLg!sl;e%+et#elnOq%}r%qmZj4kIR0@!oZCcjOwrpn&+||khue}JZV*27y5v#e;je^p_8qL&GG92kZ$o1`h0+J zeQ`b^@Zz5&P#cyhAoH+4LzIYQZMFao0=%^L466#?O6hZ z`x?^cH{}tw=jrQ-V@ErkD!j~@ z;)Jq7m$2>i-VTa>h`q`+n!U=EXcxh6q^MbBXRe!{07Lqlvq-YM)4v1FZOaa? zI9m<5t0A94xl^E7khc)qSX52J!#e|H$YJ-pFLPkDSI0%{V?xu&sS0&rAao%#p+D1> z2cs4qgYMnPV!S8P*gU3N2Lmz$Kn#x8b@WTFk> zguX+FVSt}UvFnGJ#9V{1a^vXN|G+*bsbBk;(w#7#!3(kWG3gun+Q<9|(&s%0gSKwf zVpCdw!#V(sW-h?MmmTp;sOFf}jNtV*;{_@PTtfCtdWNYSOhoE~%$#N@mw#rF`L03# z0R?bC!cz=2{n^qS?H$qfd+s+&K&91{8M10u?>B4KG*0#YbcgLg)RJb4)Aue~(x~@M z5Y+;a-#X<{cIT_Cge+;4yeeQ$uat=P78YBymfw2cin5X?(6mNWJhf;^v#XaS&3%(3 zuGM9))huat$=o>!&1iOl(%I-xr(m4XGWf*h2wxU!PJv^P6#pM__~o72o7I~l*ItZJ5(-7aOnQz>R< z1*QBBO5qN;K%Q1QLCeG<`B71Onki(5@=`+7o~DSrdvn3E!wb*u)y!&Up(V;++S?#2 zGph+~irUkJu0rp=pij?j*6e5U!|fF;F4N_*;xQDA#8DgNN-1?Jhk+v|xNQ6MF+=m2 zQV=U<7#&x`2&>NRQ+*@XI&}M)QYVZQzx8tRc-`B6rWD%U$)u88BkG`cll_eKY{N9) z$Ty((?l+*-YP;WQ`xbtUd;?2ySC-{3JX_)7YMJ@W5gv0iOWfYF!#Gg3FVK8uiv#Uv zmM@yJ9IkD7PViPBNGAsSY+!@$Cd=2em5NUcLDwUzQ4Fp!XDGBcFjBF3|1 z$?li=T=G1H3;q`vhzCz+l|ZNkPwwr_SQ%(=&C9QK*b8PXA5HcVt+KKc;eSH#bDJe) zKf0TSiDN^1XVLF{?b z>cyrkdhZQb1+$_Fsl_zE|47dGs_*aX0B4D-FKIi0J69==%IlOK$>N)%3(V*#W&tSk*q=@ z9iT>A@*jFj-iVWz{vV#7ZZG?Pd4Bp>pYzjX_rw2#^V20DcK^DMz8^hL4XvkNc%-^y z=}MN1?DPLC=c)9ZP0!i%JcFKR(DOWco=4A1=y?g64N2ZG{QK9^`Rk^>=dTC4{|D!< zzxw~f`RkSco9C~A3;$Q=ulL2Bzjj#?H?JOIDDOz)$~*2uqbC6^=mcw)zwddZ=HDMr zdvwXFe1)xuzB_EImf($?d7!Rne*Nj@4GPcM^f@EH>4JIj=<=0|1q(gSG?sVv_3b~6 zT-ZK}p^km>m>IF2t|6DW=Fu^rIbO(EGiyvj@L0>q2qxl|w5S|_;-DHYt#8cFg3l7_$v&vL8%xYTbJjez>os)dt2_O#n+2lnTPqjKhGtM^(@zguf#tQ% zH5m5O=i#!$c0(w?>2q`VC_Wy}Z(U?Cgvw`z%jgN-3)=h7@Ugz^uw-DWNp^WlxQ5zz z@_7`vAAz=EyT8WA^U&H;=CPfxF%SPR3gWs5YQM{dg>dg&D6Y~H`1Oy$Z&Y}Y*_fa& zRryV4#nS`wTTnyi=nM39{CXe(1a#|!-CX{jxz-7_T>g<$;_U$t)h~$m5842&$Um|w z+fm07hUMuAC6@f(Ey^Ancun+eM73JHgH??C8ts+%?0H`Fy+F$OVJs>abN-GM^}9UL zu^+zXijF4udQ8NbK&TtX>QLpD{C5HB6np{HF-!gts4d6zTK<{Gvd8`;@wNPSA=j4{ zn7{0?`ALxM$sYSaGPMR*b%LnW;hJ36XrNFo9R@rGE=1o`;<^Ct(y~_l?YSZBY1m($ zi}TM-jo8nc+Qga~Vohz~=v@hG;0e~i!_Yuzn9%tewdjd1*1!YMz`X3SkDP;KSN7QZ z&%gHHEcb#|Zue`fz(`N|Q0|D=#6;{ibPf9{-hp8u`Hjf-X|iB+wK+Qi!&DAsz^_nG zVxBm*j3sK2Sgl7Kd*rqJ(p4GuMr@gAKWv0|qWyRRIymRL5dV}))Id>PM}Oy?q@Ydl zBgTG3D=W+)GLIegEMg7(J__aDVRn>qWk>9e&u~%=j-99>8XUXem(%Rn1FrU(DLe8EwZ+BSB4JyOd~P0_Z_;W^ z)M`x9YD|7jR!YK`makk>lK&30v<8-2yQp-84$wZzaa^Uu=L)M0J@JfU8&bv^vNN_J zdtw`MkjpQHCKz7J-vc$z;9kRaowVfdf%--0`5qXMg$Y2U{A*!~Xh`v^zYg}4n}_9= z9hr$8EQMm{K?nCh2WLPBso*45@RH=$q;>waY*Xkieq&CA!fwKk%%xA4H=RCMSnWX) z(*V`i;?!4Q4UIJOH;!EatZ3z8N;+%7c2rSoE&#(gWg=ykqR0N92&Ly2cC0Dn6xpTqL4vE_emA)4Cp z8ZF+FqTHPqU!0#g{ zhcLP1Bt9M?X(j~I^DR9c>5*HG;^RS_=72sR;Zj1uLbr~BIA4eG@f=61yyG=3Hij;v zWF%c0k%_7lpl*|7)Km{%NKL@Br_yVW~ z_=0z}$n>e%?*cn-f-h(G*aNH+xhDFWmIwkt_Siiv@t!35dN5fRc#;T7N+hLITGzy6 zo=zt7;H4m8M^xlVY+b5}JcF9ysptF*dNyl7Cwb#N{v1F8vSbQNt`Q=4YNdmJi-z|qQbTu0Ws?vCT5*vV%BLU zW}TC`4j|b~!1|McsWFwb)J8lrr02dN?zLO+V>W%xv*PE%Obj!FSM;Ge1FO|QwSrJl zMbb@+g+!2ACW$mLA*_Lfuui0^m%#sn_%I*I>ys2aCjWQ9G7(pgA&<%b9T4Ng@CziA zbFZ<8F;7P$#wc3E7;FwTQl$3Hz|s;hY7Bf&!}3|g7$O?PSC24eK7NTNI+n9mqi6$P z$55~~pkRbwXBodc18o691Iyk3*?l#839>%v$3F$UtJ4HVYAh zeEa8zftjG}kWI3~3_K>9p@oY1%{zy5o_^j*yuqRI^f}1WA2C$rx2ysMclXoC(;qP$ zK(^4B-}I$99LC23Jv_a!e1G^1J{&;Sz+i}B)I+IrkgGpp0OlDkp{_oJ1%gOeuXBlK zh)a+pMqK?SQ!SuB%ZNRa@>n>OxzF}s>k z{D#kU3mfkra9(STnmulQ%UrShAlk>k!_u=!`7Mu$-CyJ%UM=2QhF)uqapiU0Ab~GA z`Azx$?qlV3%RaMW3VN++>enXb%ms1c7hL(5-3Kv0Jnip3*yHtP|FS(+-Rn)iu5y?e z%&nT&n-ICaxwsij`To;Kg|&zC;9W6 zJZK-%v?{y1JipbGJ>x($=MfAv?VGt4J){J}$wCD0x+S>h3V|cZG5gI_Ug|CMHR~3R z3T)7fzuw6cyMt8hetHgT##hV`rFBvEj3)iU>2@?mv$aU;y4JFNx~RPkwU<7B%cm2~<}w|E;`isHJyZr}Vn=qIGGuHOyj0gMUni50Pz+U$@AC3Z|M^t%)GyQ*PF? zRcLkd-94k+NvyHST0hs780hY700ku~tCq^D?^D(ZYA2Mnh*}OUYyy304ZpDkFCfUh ztLidd&1WgVi>GK5;QX zNezH3*6uG^Egrp=BUnDx@)*`~coCG(+G}J5C9npwcK;ZpE$ztb;N&>!7+deIzp zF8GRl->Ln+^9cKXh|=Tjjp;-*LyPWFDk^(LWjD-52Jp1tFDkx`h(&&PmZ&6)>OfI3 ziz*1T>Tpq+Y8Jiz3{mApMSzrKQCX5+nQi4LkVrUj`*Y_}TrbO@u=E#=C*s0*A{C;t zPgHhFz8N;)3c;~jrMaS#AgP0)Qc1lVs<@=5(t)hf1g%1>TU14h7JJ?S;%P;EGkSv1 z_p`oL!HSm?5+i;^u=b9JK#@n&*c8S^jM##(o?4 zv3sbX)Z#r@(c5KOmYRik8^RA{`6&YI;qxFSsKb8$=n#~$7R1U|DO1#u2PCdEhpw6n zs;LB?+$lyu9p5T)6*Bh~y-C0~BG=3Ue%E-)(8};?nXAsKm(@Yj9wqq$FW;w4QHR#a zT&)->k?ggelQ4eCVj!6CP+YvZS+R3MaaaVi3=f z!WaIA?h0)k0u@YA=j;W!f0|Wn-!JVslB=ffl~WFh+)mMZ&bkzRi6tz*MpQcS;tXFc zs@Yb=r^zs<*;W(uqpnsI&w}C!CEG`8{sP0ohAC zpoZjvLs*#JY?sm~D_x=4q&1#1FTHxfrkMOqM#?|FSN@`d?oscUGxn2#%AUhw;Piy{ z`jjrr@eh{6nB~{esZY?zXuQZu&X65DzBszdF$a3a-j+p7WIZhtS-s+od=SD0v-4sx z;+O0J_Y(rYb&_G-*Aa5G+ARdWF$KO(qM6?|a_fSkgDZzm^^M=kZ(VMb)urh!-)c@) zo=q2uZ(DZ+^LUT*fg=Eakl!}`g9SxxEB{mUP5OY}`Y<5tv+1(00Kk`~7mo_Rv_Q#f zuP|go&6WPM=rV(M2AoCp67LAmdbvovpe+A_b#?>CzvAyF9(*i40ZdW_3tEdNfK=?9 zA8P;!YaYl=ula4sst=-5WohAMR_{+9!IhLhlsHU?P~9c*R<~)iatUqLR`a9_Xz~fQ;L_BQdlIL0jo8x+VAk zU7>R)QyJkepaxOB7u`fqg8S;V_B%XRvJ%ns;{(JfrA03)^dB^p7@(`ux-vTwEPg(bTJ569D3lM~B4Ur`6hb2--Kd;L`rv#~L?GtTdWv z3n2$qe2Q!fpu2>*rE^0apsWD>Ou^4dX8dfUXA7mj04aU&E0$0JdLfPV4N8A(h(Vlh zS|@TMef9#LX87P~H=jl$^jku~eZBAzG`ir`ur>fKP6JB9 zj5Dk(2+sW@@F~Q>$z~1b0`5nE6rwXBn>!Oet)7|a_e81I?Ln$#Wv~mtQb2*=pgHc7 znCXVKcAMvN4SNwccXYtV)puLG)tqv-C7g<=c~>{J!Hm=g(KgG!<2)j1!*{Gd7#-2u zk;-p;nZ~}79XY^gb&QtITsy2_h7or@S30?jW^ky*^KC z?Kkj6E8*9s9{5Et>}Z{Bb)$WAiu)KQ&c>yw90(S{I4J?jTU71I=~>k7yKp_1I7dArr$cD+ zC6FLV0Yybv(nw?V`Iy3Q9X~+uRx}FU?uQE8ch4WcRpQ!U!G1l>H*$a&DV1!5L@vhpl~QT%O59(#qdT^&02c^d_aT0=Zzk#7y)50OIBx^C3ZbXw(s=} zW$QBqui?TQfi9bYid6jgg=1dtc^g<>i%;MW;xwc zqqzoSF3R#+|5R)z{dw9Sxln~|6#`m zxCFy@e1L2=eA@?!_;vFKNWsDxA0TlGkN&`nUzdGAbm)=~2H;of2Ltgd@dKo9&aAfV zwUL|nA}{_ZY~zd2^k0gULc2ueD{R_LtTzRksZ7Q(BRk$~U4v!5ltF@G#FvC4jri_&-yytjqLbcRT@PvU zTQ0x#dCLWF<>%hW^nxqI`I9~px%N9F$APi}U#1)17M>DjC6P}(k;WHP-jWNFZ~O$&TX6ws=QQ7Vi){bO z{kOGu-tKujoW{H~CxDE`x!*)sqS!E~h#`_MCrYookY3ZAKo7$SE)M1q$Tyee$Hqa< zZmnp~A3`p2Q>)37u_GZ*l+5m1K`=}cc4*E?GTo{0ndKS9I1@!bS2%3NKxhTqcb;m- z;G=PObFktC@--z6~J0nM?`^Kb6zByw!;7l&x^J5ZR_Cx%}3v6jl1Ux_F@I47S{DlF_ zZWR2-P2q{oB3Ke%0KjzLq%dx9 zia?GS0YmfX7&OrRLU^y%x2)FNJzyzM84~%8>oCK6e{vd*In5WS4sRte7`sDhgB)MV zzFSw$8e+(SZj2MTGn4tP{~Bjt9$Zr0BFs<%bX#i*UzCE<;VsZ)&y6_PRv2tEoAU1H zlpA#xEvtZvl~5I1Sv@f-B4fLDvc03$8up#@3H$!ZuGqb#e*EuCO0BrA3maH)si@ST zs}ErZPEPQHwau^qSEfaVId@-bs5Brd(mGX|^>D9|vH#q~>iK81p1$#7gCkly0f8r5 zalh!2%E=VRmc#?C9Maa~;>X7654hJA{JaIrm_lV-SviHu00|L&r3O2peAKYeG}s^3 zl>di&#iJEf$vQW5CxGtyzWBK;a&9mms?4HIu5qGLA!(Jp2qi$$Rid*0{naSKD9yq2 zLoJc4>MTgl=3lK8d1ni>q74;-PoWH@BX)1A&-g(1>c|&E@R`4y0*Ns3c5;U?*%~`U zedSTspPSnI?N4m^RR{@$!#&sAmFm9ZBNUFkT}gbAYG9k?ulUiH^NkX7iD#u#@r#v? zF;)sS+$JkE&aCR7ox1GF3(tvp$CQRE*{j>bf~aPjX@W&{h6QJRKFwGQZh7_2hJ_w& zp>a$hB8tP+gH{)xALcnLtBp4MyNS<~N^CRKH*8kUKs2uk9{AZIEcsbTn*PubN~)wJ zzL2>&A9k0PyakeJJm6i?Kj>ZFd6?MXl=EE?F`7XsmFGL@`a&_8m8sLM(H?>Bg1xyE zaixvszal&ji}?0sta8O1gdPi3tclGcDYVsyNEE#MKU)dOZiy?G#z_Kv`>;8taVx$534Uh0uP6 z`#TK4GmX@6b7i)fbpckh*AF`HhI910O6X3o}=?vbm z*Mz%OS0cR_X<+msc%V1EKw5Ftl2%45vST+c`@w(FyV7iMPu9rP<UJJ`;|Drn6tV6)Jw@OAycw%-{Cn*mZ8z$!2}NFXw_eH+3jfm{X# zU!8mwcwjV?{M^!u$8X<(BOLs_kFC8)Z0&7kYfsb{UuAZB%tE*PfQ5e1{XbgoRA;7E z=dACkQ(yR&eiy!|&IFvEVTO557ZowR4+-e^{D{$mPhb3AdcX{CE=~{B@1X}1?~2lc zdx0KE^M{Uc%?EnmQsptAm_I*8#1hjSV>0oBCNx`{&>;U=53z7-#Nva!{Sk}L^`*F^ z*D1&M(u_d_qPIT%kbuBq>#7cYEaGW1I?2K1#D-#isdFETGiFZ!du`$To_Jepfo zu*&MQ7OB#}DiYV7!}U?%a^ba9F`bV3T*|Is_J5v=xRfUG4bk4^p{P^RCD8LJ;dR`E)zBywiC)u?=ubasVPaW$iPnKBe>fHK zc4WH;-+}%@-N|?S&WI71MWrB}F^(w?#UJor&V<_zbHR^xyoC+IrSH^OdZtFursnm9Es^ii z58}@=(M}%$Nco1_zry zM2N{G)hyz-=8hjD_0SdU+;9l$A5RvfAx4vBs>Dd{$XO}WHtp*w5Y7k>>*;Y<{N$aFVG9zJG+rA2KeBd z0CYl~ZV6ufK0Rav-!H=Ebq4>5-<6XY`bAl3Km0^ipRr2bI}ISWD|>?1Z$GQ?li8#u zUy54t)_>zcyjw&@hCxt~k+tsbqa|nb-+5K*{N@F*++^vFvwgTpA9|e;qruDAb>w}X zB*}Z1!EFz&*`~ME*2DX*`|?-tVkKR6qewek1gw`+aKxCptw7=J_q9J2RVV!<}T@11x!5Aunu-if-b<7=4C zHza%Ivdm~}BeAW0RBP=tXl?i&%#ub~!gtBQ-6WJw5Y1D92Yz!3NK`m+2Xp7^j$x{( z?IP#u3_f-oJGpwKif@wW#Ho+&qEv>%{qs{<+0D$DWYsf|@lgpnvI2Oiq_tvJd@F#p z0|$i$bUBq~WSwJLqeLfe94|J0fD6LfH6u9BCGo8cJ%@qK(Kfe>ycrm>4oVZJOyG;A zQqT**Oa$R1t%;Qu;Cf9&gn`SKA(p{Pg7$h$WZ8t;jVfjbi|=WT_{3zde=yK^DG=yL z5a%~*=-RAODd8bF*>_U|?#2SyF(K|b$?8&ztEkOmqN!IUOYl0tshG`# zP7$w&`9ahOTJC5=p7T@k@e50F=oo>wOv#W`6sV&DCtU%+A$)m4TO{is?g^BJX93Uz zNzu+LW=2uyU@Qu~sG*Q~KA_Nz-wks#za_#N7gTNoq;Kej9R24;vKRhk*1>SuckKTl z{qe1joJLlkQt%^kfi-O2bUH0xFLJeaMj8P_e?AW96^3;n?We(T3=TdFOH)#A3*CcW z%ew~g8?S)wZvVX*MTJ^^{Ul1}_`;tX*!!XjGz*i>A#`@@Qtq~f(v6go0n&`1F3$`N z!aR{~zKEl@Z$9+JIA7t~)kUWMm8- z*+2by0fn)vslLfp=uc=8JQqb)4@C5sJRx)={3MAgltDmuXFvmj>Y76^hRcDQwXx7M z;`~Yg&kW&yoNr3ECWBqz*JIFTp?Gz=Hxl6scN_EpL5VrnLQ_MMD~Qg)OXs%ICfxfy zOTd$kba>HwXUQ)QW4nAIZr8t$(l6eH`8DZdKvKz9if_sVt?urn&qBQ;!iy70$i>SJ z=pq|hZ4N)!|5*6w)a|?JeA+xfd#hAAIg@;YrC~#ZU;GnLs&X=!0raqBokayN0LKX* z2ObjqA@bxDnMsMmS2N-9H%xfU(UJ{X@G!G-OpvNJ(6crC8z($F;=lV0Dx9WAm@$>|I}H4tag zW5MScsWhvFcp7t&LX)BbX|VoQn8?prALdRQLM0ETu7PCX8+MPDbnf|>Zv9^0kO=<> z-#z>@rknq`k1QSAg+#3FQK&8alPv#twu{8u+YvIme|q(LJlY)WjZ%m<2j;dg@)y4` z({mmgYuj5PqfHldLDKinvXM7}6lXyx?mlGx4>B{_JwYoj4iLC{ItrxSkL)?=N5~0Q z&sO~5sr@6hPNye9>%zB4$a{TrNB*B+LiztW zCjSrYU-BQ{kNi8Qm*n5OeBcElSsve;9<*lSc;G(Ky&1tv;0M*J8UH;rH)MdM{`0de zjW<(%R@k1Kd-4ajc7GfBj`J9jw`X91Ge}TFVTMiPd>MY=e&}+Q^L7~d!ZL~$0zBrY zB%#4lSuLtbvN|(ER_}+JpGg z8+S&Ua7d@g%5*bEXh^2137sR$PCU#iZr0Cf)cc?{I~__zFySVUSliI;W6?qWm4La9 zw&A8&`NB^rU+6;$!Q$s%@zbeTz#O1r`J&(TluMx<)R(Z!?;|m>)i~@W{EK)dEOMPV z3Q(1-)S$j|`wH~Ux(#7N4`R%gzGZu+QMoG|sF6Wi)3vtVcO%eOQhF{FpmK)hqY6oy z?h$l+)ExYRUKFH<@Xohx@ur_L%Dw_C%l~hdUn0d8y|f$L`?L~%!Ai&oebn7Mp6$i> z)9%UI{&xZ6IA~R~cH$zBW$km^qn-h4pEF{Za&o9J?Bnf&33i$W+r%jQzqKO9Ysn2P z`SoiCQt}mAvXK??Y7T==(vmM>$x0(n$)}gIy^iH>~fQaCc=*mOng1{}tMx zv#CDZhD>}lzLbpIX4g$In<)r^+$x-jPXx6c88CX_)L=pnBGJ;}r~yd?(Gi76$z%|{ z(;tEK{_J%%f{jPgcP?iHJEJl?l`LmyUmk!egGXM(Qde7J5A^%lh5ruyJf@z#ozasD09X8?bpa>b5 z_rixSvL6;_UqCemtnWtv)vtzzcd85@$mrnw3uJVVcrl}c{`4>0I@yC-7-}QWy>tpG zOz>U!Mt-*925fy2UemZj@>W=7pYy!TjC|)QXZ2n9xJ`rD4ITabTHEdJF<)5j?Mimv zxm`0~@Z3a%v;?T9!2hNs3td=8o*yAt>peqpP=N*qA9<`pU!ON&EwG-@NP*5GX8>9l zWHp7bS*H=f#YNP>5&9@V7Brgb`9pSa9vt4m zh}HE=V|Ii+i$q_Z39+^8AekVz?GDvx%BrXCjUq_}LsBXwpwR}`K8hU_mFBE^w0(iJ zfU-Au;u*9I2wx2pC?-P}?e#{2@}nI+#xnhgaQ)j4;4lT(Z9Lo8hTvlI-V7Yi$TN(5 z#b10lL8JaVhngiORm3)NyEvO9(T9agTnN?7elqAW!+H7!No&`e^ zyf(Wv0@|QCI5-#g@o7KDJqJ|!bSO~ZEt9Q$+GOj;%(QNGwgH9uyR(DYOF)%Y9}=~# zp##C)OK7J!`(q+=P)53>-kVMQyCHaDF}{3A>{&PcU6{KF{j!PJyft^VBK?{WtiZCc z3IC=-bt3kU#eIm_cbwNLJNr2wmAuc7fpN(QmVVJfbAKlcw-ac)_qj}id!lwwik%&D zRa+!{WAMp4VeEh}(wL<|U*G3|Fa--8q(^SgYJ<$7BI4L&T;Wm?mKj&<_S1RkPk~%l%%yE(9!~Wv^i8Nx-Ta=QrOIBAcVcWS+SaCx{Qe9RQ z?j8>=LUR0uZ0}%~UIf*Z?(GC^fi|je0ed@>_(HtHVP69;KtL{tl6#qjA{0*i!?c!n(dwdrMi@k;Jr^B zVm1Gv7`Ll~e}AM4e^1CMHre$?CX&eF>Il68WTn3W)pgx>TrC%UA9_I(()+lVA90n-F{ZeSFq5tK8xExOZu1Ogww?tU|;ezN`i0U+RuzpL- zcno_oc0AnkbnNUIiz6jC7OQWDLac!B8G!H;;t-yMq}Je*0h2x=zbOl&wXj2J)K5C1 zOYFOv{KT}DNVw+v=n*4Evg%oaXCrh*pl`_vpo!8xIBxG!yiso#4ExUr9j4F_pm~=W zD4B@S#6JmE{3B*8Qhss>u&T+WglI&jFbqkL?uchw^kv~dZ+JCm=2#wJm{N}`x-_y= z0_7c#Bpm$K@#(=SMYOtRJk%9&*qiyHEkyRFTZ4DP3wtSF^f|lZ#cUEJ4E%r;ydk)C z;USney;?z?o{mI8ueJkgo(455r9}r<-W_^}mc>r$)9zq>As``4G#6A{O?f;WHs!&sKSGNy|cV_6qJf9=`UV9{{dS8rVE${4Dm~X*x7z9qxZS=B);gd5v_=D?}INwvmP}! z6VJiM!C+|iO;;z7eN+CAa077YCXp+-Gjdo|IZbjeGAHy;++RVy`4ttJ?yWKc|KN)% zIjqf0wKWh$$|bvuEAjm6V?4`yE*<98OJD;D45JI9Oo@;ie)wMveN>Pzh*Aj^;%s0lJ!^N}{FaCynSYrfT1Mn}s`W?a>J8+~% ze#I7PHZ)9KCWbg8o`FS>LvF04jCajbR&9q@QBc=nKg6<9~aoc&VO8_p^srhALVG|aWWTh ztj(Z@tJ9G31fBB_MO?TY8vv^P>k@MfUlbv(zAPJ58zol^-Ext#ku-(O7kT+he2L-# zn~p!y2u;ht_9v{-XQXpAn~_?>#b)FU4dF*QS|Xu8(QCSSu1qBN0p7?3{zYtuLtQpr z!1Lb1Gn5Pue>Z5yyU5ABE7L7}(Y}iaA3q~mTvn!8!yy0dv4zuRNC-esR}#+E3Gd$d9@B{gA!4 zu+5K~9$`DR_p=S$Lt651E%_`<{!&XeXvuhuH>Qx#JeK?>ORm$B>$PM9l8@*xIsxJX z4PuK1F^33DH2F;}`DvECRZCv4B|jdY{G^t=ht>WUEqT_wm}AOj+Fd(=$ak_@yIS%( zrB#BMDw1^z(eak|>ELlYwprLQ05^m`NXN5Q$nnyjjqJEJ1&St0)W2}>a}6i*1wh{A ztX0e3=B>DaQU+#BxNl?QAc8+Q5O7XP}lRixp+gOrzv)A7aTju;lkLS;b#! z$#-ylOeHZKTJTrA(ZG(n3vcJXV_Du7n>njK_*hTAl8Y?om$h*}aaRkQ`A}!{s(*O4 zSn1UKErie}@Yr*tix$4DsVbsA|0bG$JT<_w2G_P|lm9oSMFKwD*cu7_h8cyD)qKn; zH#<$B)AY}FgA%X`AK#UuQ@Kw;s+xpDberFgOcQbhPp5LX3(?jM9Nr;TF7 z#_cJ1z>p)5b#S;Cgo(H!(wS8#R(=0&Y;??#cTW|Gy$&yaed$?1BE5bAd%IkixO`|B{H-{n=*q| z>PAYu-zxg@I%J=-S*Fc}KyW5c0_+mRJI}wM&lRZV2mid{RK!++iP@0oZA{Lp#slA1 z0=7?8r^(*DdQAT`RyTkC^BpjAmn*sBu{0651AI5bcZQN1WArI%`?fKAee{wHhc=V_ zQiA&`(Azvh(7b}wr?i<}5eolIS6H{>0dzQtG1UHAME8HNEqTGp0^knYF)Z92CV0Q* z#yfrkD|pQEYico+B%qq@}6h*AvNB zsl&9)_nr2wsp*I;^OvKI`%=EhO1$!GvF;nm z_HFQs8@gyqD-##LcDhdE5|D9Up%J$hR+yM60be)(@@l)u7}@PWaMc5vv0)dx$tZE{ z!IjHVvGsJ2O@YX43VIhg)`WCjR9cx8+Q$sF>iNQlNnY$S^WM)j_gISzA$zQiSzjxJ z+xma^S_^A{kktA+u{IvDz!A&yh_gCrAfM+07r z3?E|QF1oDPt!1VxKM+c#R`fPDW>xbR(?H%L543<5HfxZ9zpoY^9D^+UeF1?_gB19L zpLC*RukzH2_7eB_wvu$b&J$pzbjYe{pexHU$UuiO0QF5cmEW40AY{sk=voZ&cuu4E zkT(d3Rss;M{?0e(3J6_rd!F6Da9^oibTg2~a)Kmjo>@hF*<-y>&#WQ<+3&MxmIkL% z@$__hIx~iVH?Jd}1}hGJ8xbov;xqom*-g0b%kq=E%>E1-mNJ8eCq?z8^f)7l=Vvnm ziS!-=i4pgafds;ZW}sgJUx8U^i`vPS+}Fo+VW?)haOhq#U9f~kM0$G;?EgIOSIlkH z+S}1qVGY?TtU+6auh@~-R4Dl)xL^v&Zy_U?vkq&$KP9}&vNy+Xt zkkn*jkh3+&|1f;F{ek~S`bC$EP_YI2{f8gvR7~Ti``@QK97Cc{6YJ_W?jhI-ifMPDCQd0Ix$|u2B zo;ihMQv3&Um{%73cF`$Dm|h`rSP?v;ClpZv=n8WU!B6$XrIc8T$3u8oFz9^hRAdL9 zm1otvlx92&+Vh(h1}c&0S3we$6P7jZ4!e{f**m3?fpp=`Mn>a-K)(1iwX1L>#n)tU zL)1K^bR#YABD-_Z0j^eb)>faD$oXT-c zfRre9B^84u2H(`GaALZBm4)As%juTg!IO*F%M7g^Xq(o|;3HbTLF|>RoPfr41gB~( zYopW3$2zbet>M9&w0C&VOSU~`adF4A#uu`Bisqx>`T@JEAIUn1$6t|P!7tI6yCwMW zQ>W;v$bIy^KR6w~eXcF+qRq?uzKuA5Sg$L4qgUX^Qr0asYOo$0M%B6VV%q&PnjCjd z?>0Zn(yxne?`Ka@0YhU4a>hbT^ZZO!T0%}HPR5Q`7QGheaMhC-z7dflW=4mwdM>3j zB?JXqg3EslN)9nUEc07jt7Ct?Db}Y(WbD_zKK@!o&4!u*aLA)&qkBsxzmQ^pdx1ggJ$y?g( z7RA6}Yp&{e`Mj7?i&g=F6IORB!JxM`2g0|v=s+DkK%Q;*LNCX&9r;tB(Mk;~d>q=7 ztImomG=&Oftz_R9*)L^#fR)bko|NNirLB@r7n2WRjrYaDHL>N zdxH|#bA)EMRZu#DrD^2m@p*YZ$x*8x039CPpZFd-FZ(QRM9%Qe?N}jc^5@iSy}Xel;(ugT2qMI}cb8sZu7JmCikj&VvAm zSn$h?)`&y(oX3-wHb>8PO27BC27~uhsk&&Mz>_ z_U2W?MU{`3)``As&K(X1viyR*!t;K30G&YK^WO#Ey&RVQlhM?^!4YKl$quDO8Ce|O zl-0&Ia{BO3y>}0?-u==>xks_ae>H}F-GSt`lazqqgV(l3!Z%Sz$HjHD1huvJj^2#0 z@y5j7HD(Uqs>!O^zMtZATWf{2uym4aJC*eC>q?F7z_ObZiz=E#uir%dqneAVJtG!u zsziIpi1sp4g5H^-hI-q6#q4=Qonnqufr#~za-TW;LjU$V4p9H7&lrPls(@CkyP^Bz z$%}GLF!g>?`m&T#^*(cidNIOEgD?^uEYF{A_RZv=cpTJJd^_>_K7H(Wzl>a%yD!aZ zqll}+U_nYsHLU;8CT5=c54wR;DtV7|O!b*AyW5vK!U>ebdpLOkf4Uky)}OA2e}6B3 zyy~P|)H%19#!bpvz(0Lx+?*^Ed>>iB&)dI%e+2%+d*HbVp5Z@SCVDH(=&rsRev~ZW zmsEWN4^{9G$b*N#0)BOc%UchU-kEA z@7|C8G@DLXimF#nRCfBj`R7qV98hqZ=o>Wcj#w9%vTy7|R}V1+?Oa;~ukRtdnrzfA z6r+{MVvr<#-U&>@Tzk!QG zUhf=pAU(J(CPx|ONQXDZG4SSBF>n5iiW42)|1<%u8OJUe3lPu6Kon!%FLZg!8E>J# zP80rqabrs)^a?BCQ>@({Q^I5{;TQ1c=vDA$RLmRP7z?k3H!olx6Jy@sDSK!>3EX49 z90f0fk+ad46cuDLd)bI(?u>bf#=0RJdzpaU{d>$y6dFRQ>}3+>d^zSNUeyVm?xvR# zHpm_G5_=k|XD@$=4Z1J-(z7tMgS}XWUB9#E#q`i-_Tm86HMZx)ZJ~|qMH(VYYR`)+ zLQk_76R_!Lx}yy!ytkW#h2RO0x{$kpPlty#8Xn8y-3&?3busI$gclsprf#k~5M1~HCf z7C;#)zUT-(ufMoVdyz>mg2DOv3y#ym(1EfX#Cw1{eyY8hr*|{}kdd9t)`3&POi>@SE>x`DtEaRTr?{J)cIjyul(woF(GOp|tH0oNV4BP( z5Z_^NvbSU~6e-mP zx)PN8ETV4;G%^H(CMo{l?nHLFaU~vQ-e-}0Q!>cQi?bp4FYQ%={%Q^G&^05@zp1?n z8uVNf5P>0Eb8waRZddeOHoObMyN=)^+Pf|69R(!!i`ZItZ3yOQubH3dreF?Rm~I~T zqQ_p2>te+UWy(+)1`Xd|#YW$qqxmeEqwTC9-6;t^I+<;yP9|Jv3LaGucREqrSLZgO z?aZ@Iv{_h_t~^X@XwNx@Tn9VPf`Gin3@Zi@{X+T>LwIr)y?IB2*wJ~Gv_!lJl0{Eb z(Eh8T&q9&B6*IC9O6$6_lMDv;UT0CnJrwkmYs_S0EZ8eShA0ep8oXh#8I zmyCL?!619c2p(b&nZdp6VM6eeT+Q&ej6I0K4{~EIfd7`;%L2G3o`CP=AE9K`HLPF^ z2u6-8hJZkl`1v@r=oq?5W=0vlL0>?62wl^z>wFXU|K004(d)2hIlQZdcj2GF!xVgY z1RkEo2cU0*ocJ&u9-haC$?%Yi4|l-BpYdTlJiLPs*TX}@NO-sk9uDEd2zdA!A7Jqg zx)EWLwf2cB*T4K3cfJ6?kI|uRYw$NYY~yY^ZT1YBr6m_@$pTBx)smmllE<;+TeRc{ zwB)fYd9;?Ct0fO-$rdg71}!;-B}cMY@-Qv=91~o>(UQ9bmVAmOf2k!O*OCvh){@;?vL;y2*6uBzF~pvR9m6&+NIb5%l{?SJGXKPN1Sr5X%NXcor=bJwP!hk`kF!9sV1T)$rTj z8GqvebJ0Qmr+;Fb)aZr11@+}LW@Pgg?cK=~AT-LMq!x=l z`1c0R%l4Ax*Tw694t45zhdRW`|Goy}H=TDVX&Pj~QFRDc4?pdJPOo{VGwnk#_ef4u4_~Q1;bRuzzbs5JX2dVx~@lKLc zscd)eHLEQ=4YI$Fad#XlhxIl( z6;86(El=0tI|$l@Aqb=woYp36C?B1$>S3*so`d6fJL3ND&wMJ*f5414xUQwi!Qmgz zli+3&U|>q6N>CaE8--(X-yyX(IB}058}K*Hq26zTQ8fV$?*VjA z$DJK1Qth%=d731p-es#1Z3jee*ZJkcLTAW3OTCuBZ#+W38(g+pw9~C#uxYY7RGF;K zQCMk{m664h)me%OlgwJuoMIEEnK3Ojnr6ndR7|r((^4_C6RfIcY|9@+Tb*dD4KI^@ z_e5OE9^9#seD`oL_is#t5deXSA7wa`%P%%D^G#q|wZpO2%1e)6%atw?!(zFAg|%eDx=;c1$9SF_R;ymSy-ocSc^!P<1GH%;{o z{WnFR;!cnSgPJ9JBOJeBHHI-g=shw@Q1%O40B9I2+zzR|*2Ogn@3T8n9TtB5m82DT z43m8$shsJ)@z>*VfemC8jO^D%nB(lo@um9ME~Bea=0Y;JUs9SS8%9nAsLwR@QS>%- z$iA7J=o|Wi>@)ooat0UhPw#>M1{e3G(O6P;#0peEa2-KVa^W2H&hW0pUL6ZjQKTwKJ{yuyHc}k z-|yKb+Ce2yJ`=TLC{aE3#PbbRJn zg82K*DW+=Q_RU%S2HzJ3w)3J+%Ldgmc!P#{<;>JGJ1de^AKVALLRNFLW%WrBk8;pj zyd}tu?;_A&5NLv^W-k%xzy}SaPq599$gt9Rm*Tm@3N8N(%6}O12gcFX??V^QyOHIc z1RVc;oW$Tq)H?U|GPF$F{a{uK&A|j}joX4d3{!@HGMYP^Sy@0$k3)B3&V=LqcAkJXi&^cPUMgVVg9t zV`O+e+u(N6;-S5v;0M~OtI|gYlMmyLp!<>U80lkkDC3<}cJ7Q`Wy`9|5E&L=Fqg#_ekPMzTU4O!6_=jST=`At zXZ`iVPsw>#rG~HUpe-CV$QI6?poaHpJ!|1( zJ?%ozcK2WOv=A3vN3ZK?pOZ*Xf~~<_Z}$>x5j7D71-|gF#Iskybguz1;;{}y*7s9d zW4ie!VezU)EP^krC)>HFfijMls?Q9+N z#f%d$?SNA?00)KY+dQF^i>{l^T8YOAai{c)Yp^UzGxtp`Yz>}p58l; z`dE;VyD>6MpyIL1d|{y>cG<@^nyR=|16>5ge}N|b_W|ywUj+9<_Y+=^m&wOdKdZSj zGOQe6*mXy2bzUQ1gtu11Ni2=%<8e@N=|WOys?_QMP**B{mp=u<-!)1KDT$k8KX9uMeg ze`NkpgPj*zuzhUqOK?`FWH3pgkdF6~qbrQKb5#0Hq5iq^@zm&j7KN-O`23CRoI|Gb zqQ{!iFdA3}=y%chn8Ai7Y_aJOa||3QmF!=6jw6!NY8KOj|Cxk-GkAtGC&Cl5kn3R1 zj}Eh=j^#HTA|lDr=2TzeNCnME53V*4&XmDwY?Qp+9AAVUt){B8+B>kvIGNbr`>xZD zp2=-vPlxY9f&)q$Er|x|^w3#sQlBOt2n6~6QTFWdO%~ZEX)38AUkVnY^2o9%>znH8 z%5`-cNg$z(s8Gsq-Wf+5}718hjz z{wj4uQnUuy+nMx%VW6C&;7w-PmN8;S5`WB$jd!jFfH5d4k+M=zdkQvn!h)nUpUOxtfTCD2zb?H|o96p0eLa*~RmQ-8z(F1<3wCrR_}JY)R_@PoROu z|1H!!6BxCh&iay3Z8}wJA5>Q`>Q5&%RIGBFc;OUP`8!VFci^F|)Kdu+)2Dvn0LwJl zdB@lJ&XY4B=|(ZYkLL45WC?|@p{a;gE$L%V-TD-6OTt>D-iP_lr>VUcru{zBT#K9O z|ElK1v}(;t7{Ko|v%WfM($99hr~wa|^s^mHHQ;uWezxOJ8gM-UaaNwL0oR!H8Q7r# zR}e7dC|?2=a2p?Tu)xl-xa1@?^MfXW!sd6I$YbbjxI}nj4CHfD=ncpg5kGem!tXF! zu@$c_wK8zD374xlvBLPo6B&!fkP^<;6GPC^u$wQ6IZ+t-nwrl@)Bgejgv8wp_<-HT z<;~bFiGCBKpOn*QZGMOP7KI&QW8+>rtAg@Ab_&VbGQ@C>vGkt81e&ouHxc6P6kW#F zYknn*cqgM>$@DTziET*lJwmMfK+3IZX6y_MKFtL8qGjUBz+VLE-NAUDAzsm#z8JiQ z@%}>eGELb?ZxHi035@l*+&fY*w_?v-I~tACDGYBTcud#{{yP#7N6=;WO~h!s!9p0q z22tM$N6*N!W)lmg!BaZ{6=K5XS-+cYp49mcn+HZ3>XZ%QX-O!2v6M3#xVsj^ui=^d zC7ySqmu;Tl)bw;ZXd>;RkzQ(-N9BCMETwdYtRBsN$BT5EN5>#j$7Mj2?Tm6+0wvvi z5^%;Sp0}0}&A6LiXo2RWvLd4RS1kWHyG^x_?b<2U|C-FT{ zIv*mPyk{rmaJ(5X= zjj02FpXRwdQasZ-Hhb6hU}N-0<*X!M^E5!3h>! z-^Ik$NYi&iCPhb6Y$4Gc4oXGWtOn72epkv9Dup{T`d#~ee-2I;h#mKXcJZH$Pv3-M z_~OgiiJeirREHs$rx$oAwk2GKd;YSHct8H!dfLx|kU#8?`NOxk90Xa|I1m1;&;tfTG`zq?taanY7P{=X@F0+1=w3GFhjc9W1?HBN# z9YfnOw2e0cp6O4bQS=Y`7bq3G@#36c!s+h5IQ&x-j{z=|rCjGSKZU0UH=$+eI~V)> zC|i6BY{b{gcz#u-1Tpz?nqig^l!(4aL}_nAjAfKN2_;x;7Aud-I#nYHn68C*^91pI z9V)m<1G+! z7`BaIm_Pm#!9F3y?goVz5h{hLt9aeW?c60+&!m&E&r)WVlh=NPP={WYlNab0%SpwL z(YQtuUvt^Nh)BROZO`2sVWLAnhish6?aH(8=5>6lY{GzSthqmf00>9^Mwk}Bh3%Az zFX#tPrMSN%nh3!SD+6#BJ0YA~R7~NdL#P>~F(+k=lYYxdUsE7JdvJ<9zuNh$z4>*H zfXkjg0DeG$zr~*LAMm;JPBDAo@x&3bWKWK;ErKJaa|C#{{Sl>dJY11|IE7WYSlJ+Z z9G1KX@cDw;uf;%5#snScBpQ)A6CQJrqW@IGnksF3N0Le1hUVkf4t=GOqVzR7?;?WF zr%xxzW;xP$hEQ(FXwBk&MJZui0Rg)EATq(he)6=H#?<=c=f8UU%TwRcsMlVG{svyR zatA%L#EqvqNriNY|2Ty&lF!QD0u6Qn#*)O1>7yQcFY=n!I0R+pYh^>+!JB3Y6J)BL zI1By5ReinTl@`AmTAKC(z`^7V)Ir=72qCQwF?Q+EK9ihF^VzxdW@jYcJKS^{eK>+8 z>jrVUhH7s#fcf~bp({>V`zxX#LlK$zA3}5?FgY^+(t!S%KN!o%{4b_odK&sq_fJ35 z`4ha2PUlbR;e?y)*IaSrhiKvwkhW3r*fzTEv0)pJy)(7(*d*T5U>yd&MM3u;A`n3L z_1rG~aMZ{_ zTB>l{!Ku#ht$j6HS@oM0T z5VQ$AO{}?d$<*o;n@%3r-g*PlXKdw}Y+QN->%P|Ns84r#=moMF%;BoK#H4kuzMUAT z<3W;bWYg7;Ywm>_{3k==LS2alYofa;23r2}YU0kF7(cDz3*3^EN%`AF_hB%Xam_(n z9O5$`cQ5Hz%v9PE!*1HzjgE!KX{>UdV$1`tP4KNG#BT%qi>;Vcn3!kP4RL-9nfBXa z+SR!x(L*7iMkSJP358_#E2-<26?GZcEq$F8L0$D7#wOV!4sE9PzM?kK-l3$eT3anQ zVvT-G!>qynH|bts`(_5dV&scqbK0bln0$WF5tscH1>^O`!#G-xkQ}+B+1;>%{5(p< z9}_#uB_SX@kr{keDq_%pPR9<)*00zHl*#(S%V&0a8GVUbr1a z_PyjSVz|@={H}{3zb~+JKjNhaH75+BQS=C&^Pp@7%2o&2hMZ05Gm_FHN$JN1cEzc~ z*GhgWcPkZFqo34k5ZBT&sIr7z|2AfP)<%{V2z2BqKWS2yjbOQfZ22l>%hC1}A~fSw z#;7aNMSbah5`?NAAhEH>6*xp2Yj{>_7gw&7nSX^RoYhFlKS)Zuqr5i0XuJ9ro0&f{ zZ@wD(|BD*!5Cvw126jUHK9)aEkJcK1Rb)tB@+=t_eFJ&?BA0;vKee;K355=kta7$tv7Gb z9?HEI^+`3xxA`Xu)rI`f{TtZwPY%`wRY=Sl-jRADVpUDA=Wa9DXN!RkcT--nz*!Y;J$fT3mFs@12tHMu7P6J3|pYzQqJ<8K#w~J2i~NJD3yL#wp%1m;lc7#l(W}=CU_*ah}bUb$EC6n z^Q*j-2j~p&;xyy2GrW!b1!7VwIy-Qy+pD+^h5yl4{HZl5@u$AgR)O{9>z~JH6}0^b z!ZdXkO4S-MnYmf^6-m|BuefWS=EOSuV+}UW%rk5W%En(cxXql9wm)kyvpHcBJ*>eZ zvcn}B#@qeug8Mqtcc8TSto6Pq}=)%%2sZ=)Iykqm7`=c3mt8V*L;5EXeX zl=dFE{7_XI8TJb7I!HZ&Qs;nhEPjRk`rou_V&`8&Yh@Of3wCLw*?0G$nZ(YE1$2rE z*2C+OnG$3OPodO_N6#m3-Dq|{Uc`LQF{9_uTBNVMqhco0J&ta;5}WGGB3-h7J$26| zUvdMzt)J~4rosNApIyz;U`zD#-tFrdcArUa@m(5lnn~}QP3x0Ri&KL~#rqoY;>6BB z_s{B`+&@-I0h3b9<~ic8cT||w z$6*I9K9_a?ygdH1sKMwwZHhS7=!apvcdjGXcVP0#^>{RX&u{|u+8fBZvW6G~DSOrwNoh_W_vNXk(PE5e}P1_L2nh))O=<(%+mi=G{%Yo7jsLPwNsT$3Iu z4cws)8h)N^*J$YyaQ0LJ9j{&WXN7D{~BN8&qqD}8ycS#W>Op$zAurFtpfE_ zDj^)8dVu3**b-z0$-m-N@FL2aI04E=o+of>FAj;anz)u9BYpD)ja^Mx+A}X1QcA1g zNwdPy$?sc-X$n5|zrd7%lX2szN6pvzCyp=cr&HxS0bB*gtR$nI0|f;`)} zQd1OLa4S$1w~y57>36CIBTsHacqp{%Y--Hdh~hByTj*T$gt)luYD0p1@c~h&yqx?s zg!nZnygcq-F%uX2{zVw!6tHmmTTNIt#$tDi9UIg?F?@#vTFW1^82w{4IxD}&98MfK zK||0A9rfJ*VTQc$Wzc4Lazo1hFqHrENXRq=+31?$ZkLg8dP~eXbjy zoAn01Q3AVRIBe`rId7+j>C;|5{HP-y&*V6s(g#RoSsga~|}U9lh_t zIi8$dWzh$Ha~^Qz@6Ks-C@X97w?htkMfnX!V5=k0=&0U5GSF~=gczMUp+I99oRqWX zR3mJuA*YT(rkrXA{$Y0HY;gv@FFOc8clANLEAXwOY`+PNq!SQ|-{P}L&VVmt!-)n* z**=+MU2}#@aqjZuL_O8}?T+%;fJMWJ`A-KRGbbSSh21w`>Dj^0hZ>CDoNXRu-QMvJ zo#_r{-x|p^EVUSm0wY5I7;5+C7c&Itj8!h}GXN0nLp{?%Q*Z%NPJnjycjQ7BfA)xF#Uxs(|pWk#EX zV)5{4ir2w^djSdlK*mCV4u1fu|63gyQGruHYYxGut%m(~rz@`oNVHISEn0akSP`wf zmPC1sjHpmEKx>8aT7OA-Geo8;!bk0+p74Q85brR(vU}9D8pB7_{DSgRs|+8tk9xx= zQGQzGThz1`fKTS~OO^HzSD?L(E72~vBJB~bOnZ!4B+9MS8UD30%8L8av(i{1>{f)Co~Ou}S4$bx>QU{8f$LEkHK>Z@NGKbp4y2_w;>@ zxK;Rt!u|h!nto3zpnn+voMt54T=xsw>z9gy)?O_s?bU)TwPb3qe&r=S@9AX+aj{x0 ziT3JGj*<%KU#0-36$!WM?FEksS-`56%e6M#>i)h6_M5j91)XDl1Fh*U-xpCTUXylh zunguH$&)9r%@KgNw3Uh?SaXzhfv#1S9mEcpKTQ6+(<(o6?ea5!ocugeAU{vte9WoL zpEL`;Qx>?Fe}$VbWryLv@I4ftSjm-Z^ClqT3^XXYcUX~@l3Qv=dP?qtr?K?Gjd?EL(%WB##we;$M#xNcb#eSp)uh>Sm?lATu^; zmN;K>BpCrNGP0mvD2vnOO}2iDrbGKcvF1pC)gNK=V5k~3!HyZU=Zpiw7E2VNhD^!S zN}m_qCsN8+KS@D&UVI+w#h<#ul-Q3`X2iwI|Igml0LN8b=UsU*qE5N1049_sY}0MC z>Ljf^fyPiWvpZSAs;q=kY_ACh)Ct~k8>hQLlH-o;$hKs|j@XPTNv3IFhR%>FLraGI zKnX3a{3l!TuO!R1yw;D6E#7KvJz>d~Y+-HBckaD!f3&h?enO@b&FJlU@7SBH^T^jxny0jvz(2rN2;xtgA=xUDEsVyH+r|_yc zty3$dPW@AkPQ7I5)LS_^wb#-q>__nn=lwOLBF6bkSJ5ig#XG#y^{FpUpZZy!{?(SH zPYW+(^a=Y^a`fr;3pq8X{yw{dy*49tVH#(t`?AuIK6xezGM~DG@Y$F*F=NXD&G2Q- zh?BwE4xL+2fce+LCTDQ|LO7Y!LQHs~$veO$a7m?zyh}^Yyaz6R| z$X6H9Z-)_#-!|$Kk=w#_=pdH}=W08U`n|06aZ(P_1nQXU50ob?w|hd=<*D9jR~fiIUrdhuY-f zHhH*B9%>U>yEI!`8GHYTTeCnTvjX!UI7Of=F4-!k)bAMQ5koUm%E5OKaR62Ef4D2e}ezs3t>D<%T`f#)0NNK+^ynMA%?Ju%<5pe0-`?wNmX4qdtD z^CNR)_xnUUT{chQa25$Zf6`VN|Hd39Q#N0Eo4jbRNN<sk?&+2D55$wJ$^ zpjWz`d}30MM-R2&czivMr{E3eijDYwV22^Y6H4 zy*MAlVHi3{zZYsg5#o<+_(lQNe;869HGaolq4>0BPD z{?wy<-*{x&O^ZQdF7=hX_{o@O&X`^`NVdiU&){Lt;9<|;Vb9=U&){Lt;L)DJqdkL1 zdj^m849jhgW_zmHW!%n_0Rc!eioj)?p zSrG|yc8-HNI|ssK6lNz!!k`iy3WGYuu`tXXXJ?fUHQ^x5v~;1ulrt{mXl{1r`b)aB zO!^)<=BD!}+^)=21^cG5Jg-R?>)c*FchRucU9CNql7H&YW`Q&2Csa$U+%tCRt&lpH>MuELsgExZ)gD-Kyy3B48{y%rxiQ!9nEPK0iD za{(f>jDc9Gp9oQ(A|ww{UvgX?qW(=%Le ztC24b!yrg({3VZzF3ayL(f|l=%@$4T>>p00Ns+5rty!B{lZ~DsjNw9^+-F22=%3WS zVLttyrQgR8v0oqpW5x!I7aLYlL943yRe5>-7lSwo5K-PNz(7~qMdCx`n!KEkFH|0e zgH$FW$xg6m1dI&Bhj2xWho}S>e~T?E9##2yAQ^8c(`BHEhApd{ZhbXtY(?djrT!r| z-p(pdwlPBCYJ*qjhRBSkjRFFta&a?z+(zYl^W*u7#uK9M;b5#?ym7sFqiTc-w?BQ~ z$kR7cVmo5``oUo7{vdV%9~90dBiA5k!oCr}UJYOm@TRfGqp`-LvBsmZ#-p*uqp`-L zvBsmZCJzGh<}>~u;NgOn!1y+S7X7d#uyw!@DBU(4B5Tk5_Cw^G*${ah_s=JQk9`I3 zu`drF`||LyuMj@=W#MDr%=q|`t!GTf$36>_`YcT9voL8|Ju~2ApM^_(7B2N!xRlGs z%=kEaUS`6_ev6NOi;sSbkDRIWPYNHuTBPx@i}CTZc8!k@F+RTVG2r8mPf2%vWoTq! zFg|k2Esz8^eK*0a%U9&)x&z4B>`!8&b@;0IIels}8$a=ToI&(65QQ~gJ{><-pUA^c z5WU$Tdf1l5&y4t4b|McySsx34XmYbvUVi6L`BG<`s%x%@tUt@D@o;{P1>sfX;gRf! z@AGD*b`7JqQr527i5rp@Z`|(`Z`{bxJoo7;XF+J5e+^xTGCzJ`z9u}z+X{c>u&|Qw zt{hJrydZJY$&(hBoKHSZ?RI9*_X_77&|lSX5jrZ{-c@)mAa;-!3pn;eNwqCx=Fa*X ze4@meyo>jUcLbgqAAKpjg&%7Tly)p=8GVI@+3|)E@DQ7#0s;#QkwCHJKPoo+@qksw5LF)K8Pw8Gxl^}h$B(5Bw_lVX{F04Q<{&#& zuAzhu$|aQ0Q3;EBt(BqC0ynvoVqu$HN4fUJSL3adn6(kYNlHi_SA=?m^FbGHAi1A- zNMc4ughnt+B|>CQ4`QOKg-%JcLT!0V2g>nsFTnTyuT;E}`)a7cQMIZgp2Fjun7Jn9 z+D$za72n6^Zz}6+asQ|7QZ~2J&23N$vH3q)5lBp)Np{wo2i01R@Ql%gGO_tOyIjs; z-@W+@c56weT5NvUE|+w8foJni>}pwu`^Nag6W7vuzt#L1R!j(Ns9l(VizYYNdAu+i zi|r_9K@2&QL3{4{53e^KXD`*k)9fYlNiGM3r%UO$D|wrA_A-Z&O5`LKp?7)lOnCMS z&mlNt%2Sp+ZOw1}yDA(_E6dF!Lc`oZPdA({eM$fMH*|aSQuSJStyhGW1>Je03(G5%M~@LA~Nj8lcHRd z6xYwCw5dNJ`@7j4*tM07KQ@j}hQ#l5!ymw5I^i%~Jb_on6L{Wyr?*9};GZcr@Ew4y zCmoww>Z>Z^L8lYZKlQ69v6HjmaG$z(L|vtRPQVNkZTf~N@llqNz)0}!t>5iIGEPI; z1C2Y1v%Yts>I>{@Q9BexQyOnA;-}#4a*8x`s)CB$aEV7dO{H|)aEX^I*uSb3;7wcc zQJ5Rp;g(Qs_w?_!8#`Ech%7RGp-G4FZ<;JNp4X()cvh1xW3wi`#u`noH=>%n-B_;4 zzclcyDpeS(u3pfR^yiK6seRx3y7R4hSzNW-jVhJ9y~tRrNr$mOlf_0@lTPDyO}dO~ zO?r*%G`ZfmN7r8#AO^PQt*;6vRsZ|!=)LF=uu<()eEg|yh26L_!_o~InSCz9-KfnH zUvY-fUYjM!b2f|TT{cUo$88q-Ket)(ZM9h~`H4-j?i|`y3 ztz^R`9?^QNN|Y=m?e)4+zsT$daL%g!){}Jq5dA#EKW(p&X>aHL|JfVo$9#|amOc8&-_Ks9-w)>L@S2gTgF=tsfMI z&bD_!A%x&{N831x{VNP$zUD+#`^dt(5$;9Ev}?QUWY)v^M_ls?f<^m)2*9yi`0 zViaqGW)g>E$kj&II_z?I=@Yd_kggq3LXAc7TgX%DqdAWB^QX&VFXXkzvA@ZqGJG?2o0~3n`P=skA_t0hiPQVOEz(EfD5X zuharz)>KO^5ax;+sRhD}Mp+92@%8KF6cs6hFi(e}P*nGku zr^rs?#y;yB7YfmlK9xi8<+Aq^!=O@9oFal|ME1*OP+HPK^9+Q9eG`eZ>dZVL1qJ;r zN1v6$_Ayz31J~4z14N!clh`mRgJ0TTVhRU{H_dtMZOn>dl=*TFfeP1U&W; zkC?$W6Ja?gJVTwt`yN>*#HOpQQBw=j%FI zZxOx3ccD_z)+%Xc#0FEuesqi}YD6?yr6d{MQzcal^NrTzIH^peUrN^pJ%#fv6Puo& zOsARlCZ8p8OCCrlCr?x-d?S4PUg;p<4dE3bOn7+Z8tu9Ys+w}`k!;%!bdn!#!gd4h9WYhgPzG*hB}j0mB$N&I+IqNJu?L!ootDe zA5fa;R%c|4KGk89$_e+g4ogHhs&so$MLwJW;YPOv8OrICInHtX@pB!20MesF4Cfqw zNQ~!5L&gdmUhJ!qllMe+G0C#Kj9gH&XpfE-OjEjP1S(as+kD{Cr=oR4lrre(wE`B^ zG9Ox?BZyN4gQIR}+Iqe!%aI}Zplph>*&oVeVQ6M;?STA~!@1Dy9N8K{~ znHC%!vx1}UDs2YRab5tG(!mifMb63y3I5mzw*#CQ5u4t-q(Y^E7v&{G<$%V67UOG9FxkVh*UKG^m-{gZD~Y%muaNjPVk)qT{7@D_+{29WOCX zX5yvxnLuqjn7Nz-YDX0;q{ z>A(!}lBvw|fHKu1x$#og^UH{b+UMhGsJpQY1Ce5rNrbnrM;^jLe&i7>;zzzou(#?g zC0q~|4GVdSm=JVc)_NYmZp^|g*job3C-!SZt80;*Gg#1Ro5Xby*e( zr?9ZPgp`>=k;tTkKfm(Y0I39krU3|EHy~w5rva#GU6R8KZk!)Z%@6lTcdMZ}b?0;# z(y$Z{9@I^84{|I07)bbm)pWPUi{pxF9HTWju8t~$X7wIGr8(931o_xfE8E*!g_qwsP`sIqo;bJ_hL8sJYzuSqQpxcF? zMeZ{EEOUGD^Mt#aN&~ghT|*^;s&hvnzj~MPt+6yax^0pA+o-bPQSjPO3052Gt8rXh zgX8jOW&G9k{Q39cV$tZt3w;|~i$&8=k$gzyUN<$1+EdXuRU|h4vWSZY@1kjyIw9`q zu0w3RMO~mKh^CkA@`Tzzcjty-X!g6K@Q$kkv7I^3 ztMPj9Z`y}KrbPuDDT$_>41S_mZ2SQkd~ACGhkDG2O|V0q0)zs}9Bu;OMcd?r#5$J@ zxp?%sON~LP3mop0L-(&tgHR{}@SkF^MzAm?5gU=+l!R>z3#TM@BUqXGCiFjosfnp? z!ThFbYa|PSIMj_JzmIYvgj#l~WxgB&qwOmO;YG=x^7B(Ux~}X~tpm3jTRLUp!r^PE>Wbb9L_w{ZEcY(uQNk-#rF8`uH zj9gxpmb}`;?#lSLoiV@rixuhp^*escynwa-J+u7>o1b^T{PFpLY}>Dh&y#+%$ngBJ z!{%##YJ@jIj?NHPHI8MxKtD+H!vJbOQ&=>C-r_#?JAU7sW*=*a`GJJ zJY_TFQL5jPo2M_VcAgi^qfDYLH_ssFsh%N^GMCQWJj0x)W`;bOan4d5SzXCeo31&1t|lr zXLmS3^FT9 zY6Q#tF7ML+M?_BY7%z(3&aMmVn9rk}v z8W0~>EV=lmj0qpd1URY*M|I*uvS&$F5k6OTx$vWVJ`X;J3@{x8(~%0Zbu$bI>-Pn?gmQxz>DB$dCo~Sw5&+IVjGc2Mk{_ zQ>b<9@%&8>7RK@~UX%@{4>wki4Cj}^nK=7Jjgr1_k)qetDf%MlQzLY4i39{#B5OZy zrM+5;!S`uvcG6*8j1JGo>9C$}=Vn6x|Lhq2mAhnl}cV!U!PlVPtrXDb2ZbTsBSjP=`N4!=;G?Rx@nLXn%YGrbOz!Fx2Mx? z$I|2C@-%*9)zstG2BLAZ!*h&ItPang=w!0Pb2Rx3mVrW4lVSdG`0i`WV!BHP9Ed=i ztHX_a3@sxtbe##qZ?YIBwVo~f$_osC^R^2M|Goi|*q}QM0K?aQLsnlKaPC&ZOH;`zz8=cDhl-|U%jTrwUwZ>9T43!9k3sDK zy1b50xjtR|HMiq_82_p4_+#1e$Fk#(Wye1P*A2t-sSw{wuYa-l=6=EW-rf4e;``1Q zjPK-@KOY~K2$h0hEfqhwl5}&F3Nqeg_D_(ozQ@VvsxLJvo5xppk zB5Vq6g^NA1+F{M4zriU4wsTKR-M)8WoMBntwI{J>%au1ARvjwqzYAtgLlV zKM9K*Jurg4{Xj=q{lozztyq^Kb!MMCOg6})2ud!?|=`)7e zsUZ$mKrIn<;&ze#OQlN;F~%V~JDBQx$1JbE{e zNBc+N(GYu(i~MYIz!08F_Oe#XM%PDd{MalFy2<%?eHJ_S$r=N=Q@l;0%C9%q93^2kFmh`oe}u* z_)!gR3G}D)>LCE~&Sg9%v9W8ApWrS_e-FFpa7VsB$J^5vGdHqshKYDtgwZEed#R?3M%{!-TA=aO+n?Y{13HAE>U7dSe3E#sP+tIJ6Hg4&=k=j3?HlUSTNKY} z9VQN(yqAgeq@Q^tG=_W@HmS~UQaehMy8I@MLrqB1hUb{9M!v0>^{-N8(G5|F4XvFkjUp zeUh56vWKk#hjhM13L3&8O&g4Frs}dM4E|e^mi+iWT)q1{;}`!4m;HtmP{VW!roh7f zERKO+H)4IE)qWsebBx|!!7|ivJpY+JxKrl1FcfX&@$|MAe?i$Q8*az%lp4N;F?9{& z@y~ZKeH~g@@b^cU^Pr)rZlwJ(#{IJCqwJSmmYa|wXQPaF_rfNhc&zgb8(*XN|Jl0l znd;bBW?f&pMA08;RJ6FP4p^If!vykaMOQ0YhP?eRH)}IlJyoVlJR#F0 zDcvr)`T|KQJU0!`n-*J>56D_)Vh;`OQ&ZF3SlISB)ydHMcs{?j`DQ_^n$H9=G{0QH z%Oboi!pkDOG~%TZFO7IKK;zlWJap1u;Yw_c@Dj>AtXOmJ+s12ZuDJxISU4JSB=NF0#iv6jujZ6_s6GB3sq2 zxVFMy*|oWvt?KkqgNV;{9GaK+31^*SCJ-5A&1y{pKwfzVS zhVjl-o>CT6;ml({%z{6{!Vb7q5{o%|>ht%rL6l7l{wU1Ktn(+NnDx#Hc=Nsq26o4O z5${ttman>fD=Q(n2T!9-;O$VJpH!I)o`TwN?!fmqVrMCuif!A0^8V*S1p%-dP> z!lvmSXHV;Fz&E~zO*ENlFU8dpI0PX4*RC_O;Nu8EfF<@Mus=gzeD8A!Oh~s)Ky9O* zWKAE#tebhdJ)hI+PndtOcH;^Tvr5wMYIN&UJ;6il(FmqSdo*f}2CfBpbAybxnT%DX zQo1WtBBeWh;kvY#eoa*W!2IQ)Z3Uke3+zf7ecEP4e}#Ylatb8opUF7i#b>U9nqt~- zK~t!ovF1tuD(M!ZG{aIVX_gYWS=!7bT`|IxQ%b?SP)dLtn^O{~VwiYVkMj@$ZMq5T zIpl(T`@djr=>Q1elt?-#0#NS~sQ28b;ZfGyei+fYQwYP z2T(D@U##S^<*_KT<*|spTO}eJ{LYq$zqyt8V=-1S!5Y>HaB@Jf7JNIL1+zVYTN=P@&gEYgaJlCB441FV=dy8#(-nD~ zHlCi{HDqt*0zdfNFu#p?EUy`z?I6q_u$I3UM)vZT&t+JD5wKp-eM^Y_Rf)Bj-ExS< zBnzR6GA;z!W~}9*;qQHN<)LgektoYb#qSeyaw+%k1(X~2T!wNpIOR$uy}~FtLGf3V zAOVSZmjLmAZu)$n8~!xEgcETz`pE_Kd+J%F9{?_soKXoZBA_BHc9MRpnQqJ@N)}M@ zC7e88%?I^&&t@oS%cYf@6MS<3~i(`(b4M;naY76Ii&P|<1|e;6^CvkDKkG2 zEqgrLw9#hQsPk(f&aYa0eV>9qff%KJ+)2S~Tag{w+a4#n3SW0LPXv1TdUNLo*dJ2# zk6?M3oF45naoHbAp~uS(m$J4V&9{d=*$pdGS9Rn=psBBszKF%QOFJb!h?6*NyZ%3I zhHBQskG^zjCL!5;QP@3MW%SX&=-W5-8;w0B&)7^=8IPIviSr&v%yKWl0r#-=XC_i78z zLjPp!F{H{ATK0zwvu%nV4$<5D`x}+;1BZc5nE|jCmG57YC8l{&BAQ~FXFz1Xb5~mG zHP0!EP$&<12I+)_JZWAYUPb}xPTMYh#%9RCr?}3VD$^~qL#CV17?bq{r7}1R@W)aK zi(Msy@hPr!pf&Ljx_PA#{u;o43pBG-I-;{fmNR!De5U30tk&Bgm0HyA zT2i>=P8-{LyR;D}`r;pxmYYP(8?u!%0{Fsjz`J5Y`MzqoAqrlMi~$>D|h`~&TP`~&CJqc>Ybwhg>0u&dF522Yc< z+=GkD9TAvwOTer&RVvzpm3EOFWG=u8dMjB%zqJn3aJmz~c(i6q;Og~d`SW8``XB26 z4pY4>&{XQDaDjEiC_+n)eqd6j9Z-aWitr)&du&BLe#xxuk)t1*WEfJPOTAz{D~`2Tu%JdyS^ahbM8>IUs0M@{VoIVJHEj8 zIs2gdW;)vgJ+so;@1a{*{XucQ3&gO~SufCIDxJL#{dCaT4(Q}edSWm1u$s=^f$m8H zkFZjlJK?EXY70GGxsZgb_(}tDZ(z^}L|$1(R_=;Lcr12!i}6_E@KXCyhqn}uW{1~|$8iqt zI6RJbc*oopQIs1b$f*y!b%BGA$;l1E-qnhSpG|8!OaXGL^ogfk=V z@X4;%1AR#_5MpY~?Ci;YPppGVbD~;{nsM);Uv_O~!S9l;{AL{mhrnQ;eF79m^nfv= zM;5QQ8Bm8zQS_UC0_WN;G5wAR6C`@jE=7}ey4E_Bai2)eZ<})g-4B5Dd6u+oAwJfX z?t&lflD>kJp1y*Vo^}}4e`u$jNZXv)%xeL8w2vO)H6)L@w$gf@qWgz44J`OFL6#jp zA<9-ow{Hoj>p*pmQjL-iGmjE%(U?DmBY7H%i%ddR+#zixG9{W zZ!v*-R|=bEi0VNGVEh{ZhA%t^WA4pO*USrBoU$6N_JzUb7vA)_dig$CHyom#mMyI1 zag;h|k5Bu=2d;>E!05jmPO{^j&Dt)v);KQzAMXAIzKJRe9LFiKWwq3qY zoziiKL}<5$b%l$@9S=OrP6goNcY7pg_F$tsl+zo^fhxJ5&4)3(#nG<`{$};F^A;Es z{;qm>aP*zX-xaa**^mN%;nn4@1{&Dw+vc%t^M-`xnmoP|9YLV4tnL=7Z@ipunP7$P z`m4-9GSFX`x0Uxm#@IffvaaO&qez3(QC>*9-Lf#u!_@-ii5nV`%y2Ai^+0$Dx@%5B zdGZ<192rTat)l$yA|l#9FY=8^zF=pyzTbmS|WcwF-asOO*;v7W={ z`3m&2DcK(yCbB%a#RF>_oXX4Gn;yoXg#ztjm%4h|*WUe+Ix* z0zV*GTHOo` zJERD3UTZ@~dwd_>;_hwX?*bl|oz)wdL2uv+5#R#7OVIO0wAK6exNw`{I;biBpcuMC z1!c38U*k@*jJ+`{eQYo*t+d#kR)V`5t(H&_a+gnkjK4%d>H07DOPWdJFBOcxI2Brx5|0t( z-~Bj`nE)ho*K}HX{QdX9W1iD_j64DO%Wqa|{AIpDeop5vz+0Xo-ZEb2EuHkY9>7ne zDnw9ki%?wa45k;mdjpe+x#GGT`^fV^odDoFg7{jPV$i@fh-O zljgT*yrov-E%n;W10I9BY{)}2KC?&HhtSLtO-z26Gn4CGQdpb+zsohCt*?W9uLJ)H z{H}fe_}=-S_zzBdv7$<6EVqZUMu`$8on_4Bp#*dBNM~G98!!*zFMuYO)at4@h&;yo zOwzPxK%aOyH;Lg)Q=nYaMf?V)6Jhp~my_oI+e!Q;%_XHXegnKl8f(^fx?TQHK>fV{ z{07F{`v|O9EzG01ou@pNROf?lcj77ILODga@1^k+Kqv8(STaw+RZ;9#ou^#ScnZca zgTmLtlq#7J%DTZL9i0HLZsHlhQ+C5&H~s~lvWxMQ-NaM2C3p&6QbRoDJmV=IsgVyT z#8VnO@st6;Q#5_sV(Kk0hGLn7f9~sDz*~L}EXDG8?}>PE)m_4>jf~_k#&$+R&Fxx&0^K>&Rnev~lb30A|3gwDzqrz% z6+>B%<`BsPJ(;1P{SaN53WRlGqF1zHf~;+FNt@N&XQ6JPB1(tZa4A#%4v3!me$iTXAq4OJ<&Y2uTikmww za$8}QatkR6+;)%cQ(U1SvP9cHHn-2ytUiFVTC|;|S^XJXzwGn<8fLUF0JGV*C|NaV za!ALSYH-nhy(8CNg|{L4!h&CjK8c9@^uM`&*LOF=62weV}Y!Guf_ z_YNlRVY+rPOLyQb{i^dUErv!DGt@0V+!Fhvfz=K(Rr@gOJ5AIZG*M5AHD>NK-um=I zd%Qx^4_esvVs6Koyq9dQF=PX3?&=pi&g57A#^|2SQfwA}Gc?&w* z+?OPkP03Ojrn@%FZLt1i@;ED59>a{*1aej$pZ~puZ+((J2yFiC`MZPI; zMZPc4-aqkVeCvvQm*NhUmAI|HEYV6on^bxwm2Rcn&;XP^R-nB{JsHQ`)?bMXh=T;j zFP9>l9Rs@3?Z8}X`D}nOpz_PZIJPc-OE&)-+zacE)^zD?=Y6)=eUE&p5(Ddc+rFbc zup{1T7}~52PHR|s1(#R;YT)Z_7GWK_HM)6w4U?Q&)ze}NAO2GP$@8PKZzcgm;X4*D zHflTH)pT_F;khUICyf}N6DG1?7G)t%40#$wH1|Ci%7xjoph;-1;XS;g%^CQ{!#mqt zkTlfy^33{*8J(@T$OvC+f>xKP2hB-A zS&-V~2%6G@lTw?cS{2>(=6tL7!r7SISwLG8q3xRIfq)8~P5fQXM!pDhK1qEoZHlFk zh4vdh@Hhfz{l-84sA1i6w5jOY4BV&@wKaEWXokyLE(Mjx?tj177h`~+5# zqdXzg4S4ni80c`ft%mHqp=nJnTQzz^7NCs~8>B@DniVqZFvee>lG)oa$9BJ!e+0@G|yK@2LtlngP->S=5#? z>l(LI3xqZ-D45w(aZt!$PlZ7tlRXs#g>G>(G;3yRZka4;i8NZcjze#@HkK&PLK&sF0(1<}g!0%) zexW#R9q#k3&&CA+c?C%=2xs$M7JkiyY_F$zM{q(mT4f@!VZ{@AvZvzW3BA};Vey2V z;<33}6o9e4wYUId`)H8@#^$ZVBa`d<;%UZf7aebd+Vspl^~}BW%sK1QFmo=FbMXjR z4o%3$WnFw^r}cr;`aMixw>-9(ab4=-AD?4g^hn3ZcfnZ+{P07KAAaTmrm%rIMOOh4 zi_#7kZ?8p1`dL?jmXro*kWdc<*4w3mHWZnCJIO#U?B=RqI?f*9kuJEUnC9Q#TPV&! zM-X@DF%{JgfnTwi`Cp@Bg~)Uf$nN_*HklG4q`Dnyf?8Zf|KTlZBDV{cIaz7i0*8bH z)dCBH%7IvhtB)`Jul?be{PRfL$OQR0tU7>Xi$wXELZFCZM{q{E(ELe>uaBmRqBk3w zvVXAzkyctD_`gke1g{6R*X2LXqt)nE0dPaKF7RU_D)3BLq1`VVX*BT{4PZ4e^| z&7xZ60`dlSayV`T4RFmAUd-5no5(ar+%{lX=gHbUo(GyqAy4^~@t{_Z*LDRH8-UpR z=jv&j&!aFQ{u=E%KVgaARNlcq>?YtwQaU>=a1)-yNBh@ii)I6Bg2MdM53@4`r55c_ zL1`ZPze`8-?*B57OUAa)W)=SN?r)Yn<85RZ#U%8LjBrLS6ce5*0%7kx~E`aKN1;G13I}clK59JKS z&XOZM@X*RCzS6}6bAwvdnchKdH93k+oKz2}w$;q}L32n%fd5tr5-~KRiR~KbsV`RI zPI#Mnb|#8?1TTJB0-$z@h#$OOrVVtk2j`gZ@PZJ`NoT4+&730+sZQjMGyTk2RBLTe zj^6jBinvQ6sJ_syHOyN|VdV~LK{ouZ@uUZPTqFeXJVj9qnO$qatVM3=th?wC2{O9O ze(?+yMMRS>$vWc0Bb##EH-Q-QNTxozC_6&Sgqv{_@MrCXtAK8oO^~xpd7iVn9e zjQi=372Wq^?_XlS@F(Y!k>*pcPV=dsAKiUB&!ypA&!wdEI6pq0N?|_L;(QW5ViT%~ z58T;dl1Ta_5pn&MG(XyjUz;NrPlEErNGhFX&hSptLRieE#Tz&+{)p4!_c$$9;IvqV z(?W)6;adVzB3^+@-={Ao$+n8z_Sw<5i`l_fzGO(A0iEdoMo`Y2K~sA2MEEvoBD_{X zc0&d937t%ZBEa?cK&ke7E~3;YD{$?TOs7s`Fb(||JCo||A=9mz@yh~w+x4ioO$g-= z_1L!aFF8{{8G;{^2Q(3!&7Z(as>k+~pwDeQ1ryQM*zofS=t%UGb`ABSE?ObT4BOMxg!0q?`sum=y}R=NC* zDc;`jP`(W4KdXkpTTR(ID`oyhK17_f1(rQ~aOWF$&QZ_0bpcM}$pGSU+7O4N!3&V-Q`c@l zjf@VM70kLqcWZLVIlOq&r0$I_sokjw`1NM*+$1ln0qA8#@ZfysVZL{7#C=-L$?AyS zX~#0`FOQ#vAaky6+^P9MRev&k6>>$k^{SkWyu08lQ0-kiJ0u9m;6nL@XEP533zX`i4TJTBWe-jbR z5n)j)=etq>^%pX`dhly%++3}j3kQWBxXGx3uAVUx^UpR;t456-mPVj7W9IIFrm%;r zWi524>?&jzSOc@R3zUC{5Q*ghG+BDZSuUyG1w7Z6P8HAko7Q-@4)t{trFvYu__}NL z@r!>2_3MykLSDVXOjcpBuiHqL5#_IzFQY@H8Diwfu%sG`^cuM;!yV=X8ZUX?qccBp zpcji!$P5K8#*_MKJjo-~l9#2lUCs6X3PhaLdNKR4cENtim;KN3xRDRwDU0AVVkxt` z13Pg`TYZybpRq$nMR{m8riBH6lJldWzkt|^$w@--{naicpG=37=8Fd9w1ZcfNoYGvfJ=>L~IZ!-oD~cQCYc)zPG*HtK zQc)ME~KNB&D;U7JADEvPd6n)MRA?>VthiKIS%peC!SKF&iDp z+&I3(_zs|aOi??@$98)FzlNg-bLe(%M6ucj?U?|x2vj2N0G6#ZO#D&>T4@$35MIaC ze8L_ITtYUA{5xTZ!*O!RMu$Ak5JY{=A45=;&` zQ?{G1B(6_k=^r^(;NKCs4oeGl<5SwwShasz|QIjw$zqg>VS(}}297}8+|#jfNT30Q zrrChna{z5@Jhx)wIC|1qXZAj585px*JBw4E#&joiaVLTffLW5DLZEg7mJuk9fMPHK zK+fz4;t*g&1q{@^|CxOJ1SQX2! z!@E0y#GMBDMr;Fdn1}Tv7XfJDBTX=vGOT-5kb+2Tab|A;B<4X6^K~jYhb_Ptsot5r zhfrAOB;zd+31YBXBa%E!@&LwXKB5MDIE^3 zz8&LVGK|+JV>}PWbNL`U{l04w5= zc~5GDi;XbC&HG;n7v{!2mj8ut2Sb@lPG-Q0<-eTF_hjj_Ilt3v?!fA`*^G=Huu@2b z_^hRCewA}+ewFvX$de&NjxQPa)y5-xPGVdx2M;%Mh1E1pmL2j3DO>= z$DOUJPH1q=`4kUb{lzKN$*Y>f}#VJhLn6twPVC-MkV zt73yJKyi4MyoW~hGCU1k?o1*2By;dVHrtX(ds%fY#KVNKA@-=es#GpQcn z1`=k5aYEMS*p-FuIQ}Z5ZHI5Q9;m3JsT~%6iT2V3`7W#q9S`v+9JB&mXb^CX1bTox zCCkM%$WuU0UoI~&xw-8wuG-D*bxC!Y)y1`HG~(jwiB!Y*;^ykn@dIg1Dm6Q#@g}K< zQyy!Ewz7V#t$b<===J^_54Y8U@t8QkW<+bv!|lCfYx!DhdC*#pG+y&guPG4xo6iHT zP3($W+O{o0E%*>wiMl+`L$R7EwuKZ?_MJTiW3|9+STI49&be)8e6W5zuJk&0N)@GQ z^lX0?PnbDEBMgEqI&TILokKdS%us1IQ}Vr>U&&8NZtZS zIt+92vR&8r^n-KIDe|q@kcZ&_w>dF}dKjbjpihFbsSj2e#Yh#9dIcoG8mKiN6I+#m z0D)9$QHpZ#z0?d@e3#>gmm$Ggr@RP1R4oE!I(t&p*9ZkkEThwULk!e;uMsiaHO#|^ zG9Igz$D0*rQeAA75qq!oqCGm#?id59}Wv2{H2k>dA{Wo zA<@x#3NgV~-h|dR=@U#V*3$-1+GZGQUk-lg)2fXuQ=tz>$cp_i zj+Sy5x+6%NVFp;ngiHp9tC-qYdF>+>BsX~mesxNX%6(eFA@EfrHuT`;0=mngH{oqi+#?-!O9vGz)iC#&sAF&e+nQ}& zkK$khdN~T~9%kp(lwVxYq{dU6NbJXz%YXn_g!qoc9G=AmsZqd>6XjD9`jo+DMltT5h@vM@xCMZz7M}d46L&JB-QWDN!O*aHza}taZ?k zOKNe^RKm#^s{zJBoACt?biIC0=7n3yrD;3p4$8K(Dpe^;_YE#cs#ozrg>hrz_}sK= z^~x`w&NVDsmhe{yRhY=juOiru&I12xI0i4Nc$wZRS~BR{D)wz5`?i{WJDN$~*0FDX z_N}%Xo%?;X4>Nv8D`sj>(_&DSp@Y40oxS}&+w!ObV*->%O%=#6!$xr=I<@(}D~}Qo z_^IN&{$R+|9!&a!S%1jVA1wMqj{cCRKjiBV1^UBa{h?5Q7@|KE>kmWqhhh4|2>qc% ze{kpzqW<94A13M#lk|tF`on$t!*u=O=la8=`orV;!%_XANq;z{KeXr%=k*6eHyu&> zgIRyb(jP4PLyrECr$6ND4+Z+eVEv&`e;A@a6zdN|6OE=C3>=b!J3$U&;;BR@jOs4w z+sUsrJGr`YhvYd_?o1Jl+RHciV$xm?<4c;)J!Xb(VqlO7y^S zt>^GRCXkv;(+L00Qx0cMl4z$9Z2R#{}L#?E2(o)PO_|MvA z-6Dc6C6CW{OIc=rX}&prhrgwSU;HmJL~CF2>5H%d8MQOeu&{r82$b#1`!~``<7@^W z`hk5~&`T@i2;IRsq$&B1V3t{oE=jPIB|1yd@&U3I2g3Lj2-^g(Q_;Uxmrm(Tss>*8TBwOXG>;XCd#5& zo(N--lkG2oF(Ki}a>j4ySOT*;WD(F{%Ama3S44&aO;rmaSGu&tk+B799+arr#A*)R z5fy-V)?);D-oC|Y4NE~rJc|%k&@89LQkYb@s6YO*#q&nWLCPmj1Sm@K?NXKzfbmC6 zl95Q&lb$j@}ITLclyto=XG4~yXC)#7o+h-=~IUuGRD82m?&Sl23U)qVwD&cl!|hif39fsdDkxtt0%1u zaSK1d5Q!OC=+3hRUTbrN^L8uuf4I^_9^;ngh|&8czMIK$d?%C{8oC`1*h{ss!+5Wt ze^Vi4&4Z^Q^wa~MFw_XNei+7=R5od%NSbwMB`Fi2e>lyk9IRZWz21VaWlNXgLB_R9 z($L2_TDcU@{J>-g)bT+Kh$7ViOALfJ{2GVl<8%tH;5aMrE2;&5bqdsm63`u5f`Ug> zBWyzqV7038%M<=uPEe}Vh(r3$Dg6ge9aO$XPM%f3Us;2W&?8*A({_G#s$i?~*2Ci$ zvooF2&herA-^YbzFzLK~%7qU(gVT1zYlaWycGdKIk5nBWj6nwcYNo*drW$g;=BlVh z(MOq+?nmdY0G89&X;lUERb3txHk!zb>73v{lOE437dECqnU8-B%IY_(wbSm21@I}(gv}7n<%Y2OFPT*{hiXXSlZ<*-%3jB z#?snYzQvT5$)sAb7Z+$0Z7nSwu@?U0sWBDcdI=^u%u z_`{hICB;_zbcTP^zoDqfXOtqi{<$o4r^&WuPH)=(Jt0VYoUr2Beg=fkWzdAJ)_0w} zgozsx$UlFW&q%ozqkcIP2?Miu$?cF61u-8a|-N(Iv?M$aiiY5TP&qdN9i z^pI{TnRR1AUobI!f%+8}@Z0oG-$<2+Kk1ToXsSts3GGslR#}`bw8foA0K964v~(s( zoR!3nL%FY9nGI7VHTN1^wH%KPr(+xYblCNp#z{F`yZDcT^w+hY*RURU*%D-BV%cjr zah;&ActWdT#;PHEsuW=|I1^>*VNb@F@v;81qo3~INh4Z^1H2)V1eRNBl6HtY8{HXu zbp2zTWMcXUiQFIjRi8-pp^2%wR@U7m?bncaGCs-QGWzK&6ZH>e81zRjc*^QFU^DA7 z=wSQ)_((C))f4S4C22a+e(0?~{E1Yhl@HlXtV1QUsY9p<#_cHddw1>-QfT~Yw^aM% zeTn(2HcRymsljP&aEC7Y@cL{+JU{t-GhyvGEMwIwx2?hZz!-i_RzC;7_TNj9wEAN=9!cupr(bzKUbojo4^ou;lyj9^1+ z*s7R}6BD~($|klJ#=uW#0w3N@|L&1ml#rP*swy>>EnI$8bk(~Kinv3HD=5g1K|aI`8CNU9U(ht7p3_@Q+C(t za%XEZ)H81#h?}H3%31TEoxIJI8rERADG*-xV*E`jTE+bzF0CZNA4qReReTMy*OoKv z^?CLh(_WXc*L`R3#8t#3R5G032=dP?Zn>YkY+R1DnYrGLBunD5Z*mNVkC`BB@C51>4vjxW=e5h| z3&YtWdX$zgI|YMkuc@>g&7mVYyMgvRwjJJ{<#zvw7Y)8G<@TuKMZA3JutTQupv!X$ z3MiP4Jh?@B)-3Ee5?hFc6W@*V8$)+-e$~jk&+?vK&h{2PWmR@*`Jz+ALK@1WrWZMb z-nbe>cI^r5_kJMoYbX82ShNfg75|%NFL6q{TxGi)(ksiFy5R=R&r}zH;*uKpr5H1z zRAwI>@;Yp3Oenvn!**_AovZ95bSpk!nOL^lAyrZy_;`z!&mo<`Y=412^G6EO7lQv& z&Qo@Dd|Bn2nA2T$Zd}>&byP9GcIb=crM96JvnP3^V@~OCyl01a7-i=K>B~~Nl5)Gs z>iM<#FP7W#-<{?3`S~@k6k{)Mdxbj7KlcQlryi1A-WMt5*HjwtGt}d_jiKe~>T=|%7n_ewexe@k@g+hBA$|G`YzcnyxyeRrnR) zl>bd7q}BLUAhnj+^!#U2_~&u+Ni1vINXZnhE`Bw;Z>DUgj?b~75rEHC44)^Rw(s~C z{)7dfFZ=f*%Y%6Ft&qr}RU-N5cQS3^cbk zz~?FrpDeS(mcM@17+-}0P&y1Tsl+ekdN~B8+b$gbyZv^LBiX2@UPZvV&G? zYvW%?fdaO+`6Hy0{;iz5ta^Oe@|l%aF4m^)DN&(Scj5HfV4N8h`E|9@K;J)dyg#vY&c$6sM|=q@7^ z!U_?v8N^3q4TNW4EN(f|A^*(GxSY{V2lee{Jflhe4wAFQA>Whd4lSzhro~!Z)QC^n zl%S0i^qufkE-)tME?bAmt_l^kAO3~E;aQO8_&`Pv!OtDsVGMGpRtYSJOWMs>%Fvhb zW&d1 z3=a4gdOPo3Bm5owu9JV~J4ewWmJTSr?_Fd3<0yJr<(2MX~-!yZc~Ac}ZrKgt6dD z++ecq7ehDyb|7fKp^?i5pe{Tzb_M=ixp)w0Vnq(r^1gLt9B`?iJZn}PvRKGLtjA^B z%KQIJ!8(G)q~ZsM!A~i_cF5hJspa=|Qe+ku8FA=MkiPsqlZi4s{~m^-a)ri!Bl=s9 z&dL=chmB*d&A$o{`|SMMm9cMZO4cYLG)*bnH>vxc`D)pD3oP1+m7YeqcM4}|r@u8c3qk~S5!_`Z~- zc^`a=_s0-=JHK{k>~xbwX(qyTBW6Ga_j}OQ!!b7rMGZO{FyM8I4JPEvzc!k1s^nw{ zpmt|$fi41ggvLfsh7z}%+29Rw6zv2_Y z|4E9VhONz-s@DukVH5Dj7XAKZLE7n-b_&vVL241z8iy1GmBk^ox-e3Yv&C(zfjQO0 zSGK007}*2!^Sv}@sGM`!KAoQ`*y_EToVKHUXa%Vjk$5f}1}F`62>_DUQ$xkoj#IEj(R^2p-H3I1>?QWdxwcKjM&#c&A&&1Ni|3iw-9Orm++jVS#>SvH5XHDjy)+~_&; zT|2+=WPBdmK|9uwuKJJ#eb_E!Y#03M=s7pBuG5+w>mADKy`^)#rCPlW7@GpReb>cw z-x~ipd||;3y7(F!#ftKaXIvt~)7(Xvnv0maEeTVRFhV(mpbTD5>-3xq^p?xmj@@DO z|BWl-i})C#|J;k`JWK$$^d0f1@5GF+w8<$-BRbIkQ2{1^tL#hBUwy$DdKNU9RtK{I zm|^n9zGfR8CA0ds_hc~Z2@8B&ORMv}4sCsXkeZo`OH~`@a^Sj|dQ?^Aly=8{M@Of> zYwtUN^cLd%^7+og}|x91@qkkA(aBRUjzzSRZ4!cV$f`%;%2BgJyG$T zF^q+~Grk6OAkg3)fNpm{j_3rsJR*F=41S*p{^RMfIp=}L!ngG_nLom2V`Z3zV<21% z7tZ$hn>67VA3Bu4PmYG4I(@{e<5&N88G#9GCtD-q4WdNiz#*+8;o#qF`SJT1K(Iy* zrt)j5Dh@WnqR(2}o=5*K)w^ZaRJSZVipPRDqeFJh6rhm6iU`(-Lvqao31$+3$@Fr| zcTAUE;=mo{f@B(3K1RwBJM51_jX2ZGMOm0CHMm1r7N5v9DeOn;=o;^{LFMvzw_r{TX(oa7|^#G0~p(? zXKn249|WyGR`u>Px4srpES)%da({)X&c{p!%!eT1*&*zo&~^WWuKIT`>mT$@^CyFP zI`T)yV>uRVL5Li&{A8zcFiJ6Xs%lmZ>(oX2&2+#gKCWH=FZH6kQ1ESBsyt_5y`uLl~1R^^>m@y+`<2Evz@ zR?_)f6R7h`QFW46qCy4B|2wdyrNjE@W{D-39yDc_tCdTTm&=r(j(0m)%OLQEFL4mT z(!1~Zm=kE(+CZm~1FCmmbjc*m_~TbizP?(g=32E5#jmmMCkILYCQUc2(7F!&gnUjt z-zaN?-eyr4x+IXVnsV2-osh8dN*xK@Mx4?9{f780oysEiF7I4$TB4xAn@Vdvyip=) z)B2MBWOyt~ek>0ZfOE1?BG^80@M9EF=HwEytD$$!EmO+Fv*)5$(i2}`)ExP*}| zd`+Y!MU;EXHTv3Ey%;P4JT<(=O5$sZ%v*<7^x*S}St(LdfN?R*h@vPje)Q$M# zu*GK=`sbTWppAqBb;#~2Yx%$yC~B+b167EO`6j?HU01uuX;r)7)iTSYfDwvFIe9RR zgS1!VL`%`sJZ@@!YzJlO4Is<&4c9(v_GM|~8EYUzS80jE7UlgbDG=Nw_NgdhYn>xH zio%RC@v;dQSL?BBz`<%Lss(WDQLa`Z>W^O=rRt3u98e9`@jBH3u(Q$*me~RH zD3?xj*unx|8kR~Yl7SeBrP2@daK>pm2UE+NN3?1-_;_;gbPO-`vWW2Vf=P~|C?Hh6 z+iW}c^u6+w61miCtDkpAQ9V>G6xBQ0F(PtXl>Gi(;v!{1iOc|E-6VjV%y2vcXC^#m4uoU{5B;|9uGZ^K#yys@e^g* zDe*_HiL|B^ZD9vO*W(}Fz6FNG9zo)AO27>p1Y6bYB8NQ9B>2ynNW`P0Ux5*W0Iow)t2#yPpzW^8VXexH)8QN@(0 z=s1|m?KH!0*(%aldjt|&VXdMlooYEGM@fKLic|dE794zo;>=-Xk zGQwJEzsI(N4=gca==w>$Ev=`p(W0l_uch@9HsROxQS4PurxW z-6L$As;B*3OM6JzI9*R$siplw*!ZZPwpdG>C2X9jr#+#iJu7UStEb&VY0HhYk-Kq` zo;*fNCOvgyP){DBCBH<;%k<=2E&2D9{IZ_hW?;#GrsP$6@^@M??J;kBQ%|nflHa4` z)q3)JEqMbauhWzNtR+`ba#&B6wd5_7T+5Pub1{jwzBkruNe^SvK1$l7CH)MO4pCC0 zmNXiZj!=@KB@Mx(6O`1XCH2K5+JWELLS8j=r;Tlgm-kq=ob>P?R)IR0;>_41fJ_r? zwIH)1g1;qY)>A^LfsiqLA#3SvXLlvWLWKKnWDzz>v+kmgQPsdax zM^UNUkwP;oes{#PZ6g5)vy?(nx5 zz4w4(ZzXj{c@6kyv~&c;j!gz(N`E}U15f^Ekj?%ng?3ft$p+=aR4PFWW((j|Q7~48@^P8z??!0VZW;WXqj9--`4{)nG z%y#$j@*^B%O^%Kx4a_{eG>`Y!k}YyHMhxed{0He_WuV?w8xmt<&NPd3uAX87l9!b<wpR*~6S z2MLizBjkMzri%0095b34V1>K`lJ4cR4MIwe*%_LI_vGzJm|k5K=Q#==e*)l$mf?EJ1q-ib~qgA1~!(l23zF7r)9QRb#fVJsCUMe*YBs zo=@BA&HM0+!psy)nL(096xe|%dzv^dR>ag^<=Z@@c}8x5E6~Rh@2Egc9n_i4IILf1 zf=DlQk4z(p4qE-EEEFz^>E5)=8v&I1cXD7c@&2Q@H-!7kNh`e^Gt;SbpBcd1N+)1! zrP0o8u>!Nj@=Kn+z-+_=we5Jf<|yEhw#266rc%=VCz{iX8_zgF)(KLUg*v}iBui|p z81hTCj7}EsftPhgjNrQs!#S`y^(gLwI$^Cb0y@ZmmBxFC+D76wR>1{4jX8zf`DmxsCVMGBcU9FGG7U=@O{v%yI2pF5b&iPd>Q$?;ytSOG3SyJ7{m z_eo*}-rtj+9si96`P&>7;*tx+&YYt|5Z6N^y={gpK zVe%Bs88z7+4bwKY444S~UN#MWOG84Id>|f+C5k1h z+RS`UlJ#CA*JS_LK!bOp;BU3f%kJb@8y^hGedpf-e>3Jk<_y%K&ot#=a#GB9kQ2zF zgcHaj-3bI3xt^6(W^&7mnA5RRptY-Q9{@m&8bH|4yx(dC%e9im_L7$NB29S7)e9I) zE%vLVcov#(uS0h-m&l`~%IIWH<__i&*3F^0C2fh9lG9fn!($2a=_=7Z$m4}BsllN+ zYj5d{Ylr6e1$9?D*p7rK(ExU`&voTrOREN96B8L%`b@BPn2Prw!+e%@{6DhVFnPkX z1-|kH_*AjLjcjGMJ+XlBrFGyom0S71yBf3kS3=s*48{1naX#T+*)E4>9R)c=Z{=8Q z3WodLiu2OPx#X$WH1GUS$<~AZa51RJf zq3QR5I+wJU58RqUvlsQiIS&8)Zw%V}{lIw9{C&m5=I>i*Gk8s#P_u6aDJdlN-#@=G zbzVQ*Rgs+rV1hE}tx{Dv-57`qQdSbD=RReb0wYH6PHRIs4m`|s?=*mGZM|5u1LpXG ziSm>ZVI49t2gZ`!v2Zj@@bI$a34W+J*YMVPl^pnuB-?0mmpg1bsm`afq`iU^iKml& z0{5jRe}R{-@N0KcoUX=VDAMYd=GVI--xatrqE6{kA@YsIlW`t*k0Qq`@coz&a+++V zZnxxVc{*Q>gvJsx!a2b|mu_TRyn$>ZLjeE$=Zq_+lhP8!9Z7!eaX?1B5XwoDODChjG85_*%S8j(1Me>Z2U@{M1=^$-(c?6fkT%8&& zSGW8A8rzDe<2iy8TZ(;7r{(LQL~NSMxU5^+j$F*9bFmu%-g4U>e(_z*>sG1)(PrDr zFFuUw^x7Rb!u!5ODdlO2HK1DBkj#;{f7*$K_2`~pVJ@ka58MGD#LzTT4tiuP`vTGm z4F5(PekZrjDShoM+9}u?U;uUs8(Dm^F+0os^P7zP;$O9q1l=Q4oWpAj`R9HC34piz z%&K!3{NV!_2OLWC{)rg*af{0zZgX0{7bMU=U;^BWcR&m^J3>#YV{aR3_Sx_}xWKiM z3sRujTLeXC4~C}qLknmqn$yQEPit~;U#Z)nGPPEa@O%X~=Uwzv7!%4WEcdr^bFL0e zY=g;q#Cth13s_;|TGz>ai`R?@>SiSS*cR-m6p4KZzXBH)is})A{E`>W(;^`Dw>Gp- zknHIgA?-(G*Zgmi%olz25$vgpv(Y5Z;{WI*mxgTZG(^Abc9C3)&DO|+$+%=O+%B%Z z-qNX}L5YeCK7XuO6IGYg@6bLGu2_!-I}SLqv>TKNP){5(MsjsT@X8p2@Udnwc>1ix z5Vy1S+>%wKV$ij;f4x>$jvU;P=#u9Ry07&j?TIla!S)4TX*afu3Tr~qd;a{X&VmAO zr9wgRC!?lwaddGWU3#5R@6_CDplzv&U%Q03wNyHfEwq3_t7xb|%Ud8Y^{xffyM;HG z!#bi^UW#gyZ7G5}dl23B<}|3e2d=@3JW}Ua*f9`pJ+0Lok!AAA=QW?##RsuqJ^$QZ z+DmXJnk$_roT*1w6E5Pfy5QC&^=l=}Q7!8px2_T1sY~iH!JNKKQoBRl`<}C)4KF7X zMDR)!)vy}o)GaLBWV%ohZdVN*pc{^XtZ43AiPD;@^@lG2zsE}D*GNBP!y(gPI75#D z-M@{GD8`HG`6YLfPgl52u!Z?0*W-&6j$H-6%>M4*L__DDg&Q-PI=KaTV?qPbG~KAl zj-#^jB3(DjSgvzON*TTs!SYU(2qLEZ1EWl6RtnyL@GjB{Wni?!C1;I&LYyvUA>DL5 zOt?B!21{X5)S@yt-ixs=>gJZPiLxbbvxbYd5Ld*=Ef{#PPI*7tX}+9DPg3v7poREj zNosDbzW>p=*hVNO?TKBF8_fITw`lnCmHfDtJ5y&1&sL6AVkNN z|MaHNE#6{`PzsvOqw-`Eek|6qO&VO_rb2ruhDDQtTuG{l57L8uSexk>pBC$b*J6Dv z`0AJ{HHj6Q5jFxp5zj`urAG?mWfk&d5rCZNmM53EL(@!d={~JxH@1wCZiZ?Ac9)$1 zSQ?Aw@e{2ZSnK}H;{BJ7CtGp!?7*Y+p)CERnkJ5i=d*~Kr zQ?FC1mBqX{N^+paEe95nuB$-?u)8t#b*u6oe~Jp?ZF@D&K6uA3yCTpne?+@iWk0w> zzSV8cK78c?gMOq5>O+yJywQ`DUP`++oEGUPG`WxRYx?4y%MLx^9ZD~=l)K%wxJNqb z=Ivi2{B$C!QQ3MMMRXbAF8bO#Itfh8+X2v)L4bPu>8Gd^Pg{OpX67 zX@2>S7PC!^Q0ld8_n-xIgZg(c)NSrF-yH*;z}W&N)!a9&XaH?MlE0|m-0}XF#MZNN zpy8OR6oyg^N*Vrn4gc)LKRHX`&ja}9_xR^O_^03n_;WA*S&4sk;GZm*y2@Sn=Oz5} z8U8W92!F=lp9T15J^nd`e{OgQ{`?*O;C9Wl*mQUzc*yfx=8&Fmc1aNrE;*f;=u5v) zBL4X$=li;(`5tu+B`e+CX8$>1R(^sk_tSx2jVvWP-QtiR%YwCA_N-xD=PK8T_t*P? z>+Aub)^#R&K$!PiJyx2>jB9V@`Rt<s77pCy#?}Qyj8_p>UeEkUrr9FQEvd z`!3cm=pv(H8W%1qOw}Xw{75{>`7?#6=7X*-7=aPv%3LPV-+Bihx&b$E%hK?YsG_Jt zI#+aV{va`wm4*TNop^i07Nvjl0oB2civ3`u>zt1oDWDe)gww!ReoS+S6#$v(lK$hy z=-@5NH>VG%Zb^~HgAhN0Ms3{Za)(MY(BK%#?f!XBL+5zoQ&p$5SBM<6_*;!nKLZJc zLgZUB{7&S?hDKcD%=k=*#Elr3yjN*3t5}G95A*Qb(U9QIHIxS3#heg1mL~YW8%>uZ zV2V-jAELLO_?F`G*O*}OpW=^P@GZqlqCnSt0=jM6%7@TTB(@7fT4B(8gAi#nJ2N6q zsTLMHJ#pXGQW`WBvv+8>akQ4^fM!>Z#A_zI3y~N!e~`Xp;}@g7#!;Lya$G2<7%y57 zpm~pU(8aaZ7_}IluCi^QLz^=Ji8&ZlUX8fRjswyFqUZ7M9~|vP80XwSobZ?Xc|%VF zyU%zxGlU>+6^a4+4Cl1&PuR2gHBSOQj|q|Q2%k^#Yto@hko*W&8Zs3)GFkwE#_JCAz@?Ig-5jH*04~3ww;X%}Tvh`SMG2QLxuvf}Zg;#a={#Kq zzh-pgJF}1h3q3V*tS8hwqK_RKqSq`KB`sxMKdxl0jzBhkWArbGzNysha$sBZ4$XZ%T1&(B-XDo)slDAIKcoR1 z=wi?VKNxEq#*~rnP?piocR8IscqK54?rp(M56Hq$GF7PuX$Jk8pGxk+XVr4&d zpV=p9?RCfx&vch@V(1PtuwIHn=m~@u474wrXH-Y}`qIJx4-|)s*30Dq{&LWfBSjDPn@=IOZZo#PTLQBCEkvG zJHN?PB#@^Hc`8QPwM}^ytz?F*#0ZKbM*33Kn)v0*0?qtVJP{&o@gF)`aki06(32HD z@FGgeHY5K6lFEqd_)1js{RfY-Q}|vU`Y?LoldiH_K@A5nR!B<;AHeh2F6k?`bkZYj zbHL=2Jx#(ok|K1+rZtQJp@UdalOUbrpO2EKOttv3$T^#wc%RI1cCYf6Zs}ZX04|-I zM_lK7E}o0w&Sv4gmKgdn{%FZsRl71mc$up5{Xu&QYWhr~IgmW%FMB0#W< zFi2m=cjceHORTdp;>!U7 zvWRLeakbgg;ov!3noa)8ABEv9(`T>K^@+AezIjDT9dJ_?zIke~{S z&NX`X(rrXSb0o!^k)VFuGg|sC+a0ntYw-fc@tg8{3h%2WYk`>d&rL<lyhv zE8{De{%MYk{gGpqlHdqyaGsTOn!j?uuTk{Z0DrGCIc;0`=O2O|NKG;HI05;8OS1j8 zW4z0#re-)~j%FVo6uA;j4#0gCi5@!()o#LIijvK_L^1j=F~S_-atsTFTL@s5){rz%>}`<;KK%HPrl zM_Z_@_uZ%^z6t}G2WgeHz5$?0cE|gFm60Ke0osFI27FfWyw<8pHOz>RWWPx2e^PYd z)!#Ea&M(n+Q}*{`Nuhy@DVW&?JZPmzn2p5)_U4IF^?F*%yxt#KQ>g``1P_6=&VJCA zCj9;w>5I{K@OQ8B&d~!HICyG4+gn?Oull_r8Wuan3U=T!GnAV~6;a6GUtwKL38Bcr z_d+FNwA8F6Sd_EKAj)Hl zWw8L}oxf$kx&m@&iijccE6{TrXXhf8`f00>L}XVp;kK-yOF3R1Im<(6}n*ySI zyIE;Gf~X&(q5gJ@valb;=T)Nk0a}W`iz5QRHKQj^aww=|(stxoh z+}e41CXr2$g2Ysl3E?cBmU$zEd`o|Zs0`)a@>>{>cmLTDoiD~Zp|iLzL+4!h5W5#I zfJT3zw3GaTlE=&Wnc;)w{4Tr!u~pf%tBIDLKO}(XD_>^EFlidyu55={{DpLtd1Rk;qtTT@e$7ia7~+q?=oTtg2GU3bDG8qOg$T^hc3^%tl7RUm z0R!b)|G^;noUJE1x6m)0UDjQB8v@{8P+;H#H;}vRqX4=jJdR6j|1;A;(}|F`CQ@kb z8!KQ$2K)mF5Bob^DH~1G6!{q+SOOV=HnQ1Vf0O~*TMRUKuVV{a`XbpM7o+yM?5n*5 z+Cht61D}iAZ-GhJ7>s5=^y3a)z)k157EvxKhJ0sAatsDDI(sPbH;&Q4DM^@)=$(SY zd*%XS$~#Vj4Uux{O-i~!2!aBW7A<+4IlIiAtMohDPKSZHxIr6DqdSrNVw+Ig`sK&; z&csrg*QO}#!^Q8%noHPSw3J6e4MAST{P&K8svPb_sL%Cggt{F+_(!2rTLG|cfNvtk z#S&$_#Ee;ewVjdNOx9B1yyh?a?rBwuP!9A=`2+5&KX#rJRPT6!vHMtn?Jg^dR#>FM zz5UO^)a@K`;=*eD604b#D;JlN0P_n(!bGY zjfPj{Hk2e~wGQCp{UcWA z_{^~8U2RBWQMh*}YP1V=D+8cLSo-+uRhp^yf%KXVL}-RCEB?PBHoGZXhd1G%!(_wx zAxiTNz7d_L<|U^jl7c;p=3`|#$0o6~L%HkC)1bg|7{V!VlCt(tUVokKlYFhc-+9Fu zdf%zNm!+`xYVEyx4a@&NSwGWUFi%~fi8EdP@Z(Co>6Urp&PH(Yn+~W?} zKGPwU&J?Bbj{?ARbwGdD4FUB&jJ5ygP1^Oi8=vp~CqBcfFdBD3&wJCvfBI3zkeC%V zYNup}H0yCudX{Q*%c&w%Xszq)SM5?8q3-}1NjvXl^2EnQ|Jecjb1#xPcZ^w(vX+Tu zB~Vl8qoAXs;eii$X}P8n=RJhB(G)YAlxT&;>j;5y#gqkKA5igf1ps{pzK=Sjsa1bK za$hvxaIbH=uxMVYI?Xp#sBxsKcr5{}VBFF{tn-08QJY=(2#)f{xJryai>wj#8$3R( z{BZ^0Jn$z*Q*y~nKx1q#4Lp=U3W$s79tcyOjuA!XR$7UAfB7|80 zVSEx5r!Be+dK`t^WWh|#5I;!zX0i=4v{+1kX8gf#Jwofs(CmuxrNd%J2v<0y>gsxd1U!ZA5IKBb_#1@(z9pg3f*N8y) zm_P%#b^;j?mp^qO!Qi^|t#s1e85)c5+YH`rn%umH4l(k|5)ev)RD;XlX8w<1p{T}F zcGztzpE&2X1O=8SC~&Z;69wLrpy^M{Z1SOtj9Y#J`UAv3m#T~ z#HmhIgIO&BOpi4uRYj`Dg4dC4@=NCt^?&aSsJ<&=$oJaU z*P42*?4_>hNdS85)3o$*xAmGVO2W9;LDG{SH29L3qgQf`JX0` zk5)PX4pPVavQu^p9wJ1P?t;IOqfKwz?RJ1RRH&;&RNX;kTn6;yVbUHQ?eP8k&l-IH zN>aK${&NDp%1i{^=O8Kgo&v=t}Wc z!s(|PP6sD&s;IgDOeLHa#@{aQgG znJ#v*W?0iO_tBYv*{O5mv(d2>vOVg147sJZ45$4ItB!S)#0!26lDPGcq}M3I&}2#M zv;I#~_(K!zb5HGjXw6|-}{^q7+XuYNAy+B*T8t2A5fBYk9MYF8?%iGr@W6iSZW$53XqFRlap8X@K zJ+|t3U&qD&y3Zhf>ryoFtF2x^@DjK)rMn;3ZT1%(icGeLupRewSiBS%yjck|Kbi#m z&sYrJ?_o88{oWHySW7&w5eZwAglozoki+>2&kD8;1>V*K%5$J*Y9Si1L-c)l|MA0HC`J@7qEKy)k_BXHk)Kk6zq@%gwu1aKBdsj2{af6<~P?vYD}tOo_(@D^IUe523mx1NlnW8HBIXJeg>u_U5&=W2{WzX*a~uI z5Y3`AVVGNNU4>n!5e8fK_6d#UYDmGptuy=aa#Zue^Xe?w)VD zFdFg!bhgw#kl}E7*j&q3Zeb2E^$JHFIKVBz0(>N+RcIIUyK@tUvK%QPk zT)$)C8xn>2Ku!D2PScZIQs`#!*s8Y92X;E~YnQYw$)NneZcW{PhgnfwuzKlseN&QM z`KctkvUPX6$@Fefs&>hxX5LaVlg}PA6Mm<|?{xT`2)`5Iw*-Dmc#DCzh!);5v4FQs zE#|ZDg@1Pz@Y%Op`0NxHa=vTQE;dZB@iW8p^}l0=>E64@F#T~VqxAG$?S|=29J$NA zJ-4*gA%T=-kwN6Y;LeEboGUp`x#bx%U8qYqen%QKJrDaGF|naA+{-WluMcz(BoUPL zZ(YN9*nQ~Bq(-SoDi*gz=Yc*}3S3o$g~Ryi;z&F|JU*yv*3877o0- z{*Bx3omsUz=l?MeR-?^8&r85rMXW|3@(9WYo zDbDsfilp`^qI2xEO~jRp$OorN`7TBszLr(Q^e<(W9ch!QivOHdgJzy}_$S^E)=VwY z^mKilb{18d5-5Q;yHOce**01*YrVZepXMFc8cYQS+XuoJG0LkA8V6g=IGCI+rO9IpaU)260P@~nfci-R68(ESh<)WD;SUw% zyYc`&bhv#9)A2q>0KGtY94kbHi1E2@@Wp~Fne6yw*8TBofjhATZx2PFti-syJ$cL6 zA-rY62tIo}{3{(2AB=6@zeDT(>BNp$Dw{`Ma9&Y9LL22Bq0nJzJz$U?cX5=wF7|P+qSmv{;ni zvxhw8MR?$|=fJSdfnl2i!!`$o?N;Q|Pg9;!b9^-#z#gsFhZu*IFZAj6F9Nh(&`WQ0 zS$C+a+D-sh)gMrQq<>xRC!wa0N^E4iDBqozgtoc$8j&1kL;?#cz}`Z$fdwiSrD^DT z=0xv|Z=BZe<5wiD?{1g!54-SGRk_)ve&Qbfq?z|Kb5{B|IZILQBLh8NJ?b6l9{#Xl z_N^Yjc}w9?S!xzLBZ-0YSY;ElKiZfSu9WNrMnNED;nm;wFj z?FjIGuZ_(4een&=_!jn%r=)M!5IhEjEDXjN7>qF}QIY6k+d7g~hxJ?g{wh=c*?KKB zSykT4JFP8Yz1J+7uU_vR98i6|^+S~i*2G??VN_bKf4V0N;V_*oaHi9yXJ~R0=E=$- zL#Pd->f(+$9V}9F@5sXQMjYBHD1Gz#K9p`_>Avpd<#7W-9*+NmUIxKSd}WvNoK`C} z&UD~qlNIF|Jn0NX_%8mAL?4-_(?N5uG-}H4)3n!zryL(6Kaj8+KbP5t&l>Jp*Xr5I*=*6ttCOY-M#s^R~^GosGIDqs^X|I}lHS1HB z|J-!|%{lDTP$ zYPbXvdUfjlYlcMkG5#8MKea8n`)4k+cfXKqV%{9={;k-f%c0-C(XpKvc?Ht0z_d*0 zrT5y{#}~BTc*mf>?I`SpZ*lw<>ffI)5N`O&-(Ap=@xlcS87~CziH0gR0V9iOCIIo$ z5wY9nqjmxTxEIdG!MUeZbcgj8(Okr${I$!ibqqf&yLRi;V-|qidMPI2|cs|l`Z8P z3mZ`i`mp9zik?|lxt|XPD4}}Mx$EZ?h#NRqvKdOC82@_JtQi{^zFP+QQh}kze?~iA z{+1H&WPi(jzMI;c_zIhd(46ru;Mauc-AXP1-YZFRXl=rJ2{>vW3^mmN-!g*JRw0%8 zimi3lW@TX=6XtX3kmE{Cd?8^|tk{e=?&xeLt*9q)yB)7bLyR|Do2_;6KJ@nkYaP36 z1itf?R}jP6+6f~KJj2LzI<&v$U+XA9<@dnx`QR*-DE$**(S`1FdJt9sA^hTd=!W%X zZ$DSX`8GPkEJ8|Y@bN2GflxynEhYDZ#OI=ppJ_%0=)TK9Gau+ix3hUxDW%Y1{EYA% z<20eVH#Q302mR+ucz+>0`9G>>M=RH}<3yo)+Elu5A213048t_M(~w-R&Epu5#iEZe zse})Ffs_)Z;CPw`GW8v5%HS)JjC6o;+p{^go|x2y`@D1Ejl3G)A}7vo_)7GzC-|4t zY8t^JlDH9=28{SWV8rhO;`agZ`+)d;K>R*bqk#B*K>R-Z4#e*R;`agZ`+)d;K>WT{ zq&_sq@9Na4yR%uRa*)njU+Op`-SBt7XUUatK ztbBgW4u92G{tg*^*_+8cS!@W% zr5$2$*h}lnOt(OyKbtbUTar&6D_&GD zP(-VEezN_4d??G}QX?+4%H?l0daW3`GrP@MSvPl+u&DJ0-&giU^Rm?&e7jw?hS~oZ z7cymAn?L3(i!A8<3NznISoJ{nmWrY7{ckgY!WdN!e}ZUFkIlhtq1V5fHBxH=>bMcT zv9pmA;^g*MAMl^MY)+$ZFWy`d7z;_`L;2Y*wHhjCC1!2&AWI%X(ax(On~QgXx;9^7 zi+{XEyiW!omC)I${G$h>Rt)@u=;SL;uvw$vRrku{&1}7W024t)&4CprepGs8vT~c@ z1EZ7;XpHL0|1D~yC8qAxnIVvSUFw`W-J#s&Zy=4B7Q4CnQD}dE%1jM)xX1 zqJM$e;C&c{B`N?rtqmTjMwvLMS*1?FnzzXz^MUX)qBSh|Tho1$X#FFXU`<$_8AFC8 z*H2@6RdNbhI&#?Ei;$LwW&Je;4yjfw>*12jUF`>4GCq!5+aCdlC)bPexT%25V@t?7 zE=s-@Y1%2ia#;%5FbRFIC=qCfyyJdT(%Sb=)dy%d5V0;`;8^+c&=^D{|6C2RpY9L5 z-qRqKnJPrC7Le&8SD%SycNv;$_b3DLKsY?Or9;Yp&ah!UiAE{sDTA((36g0r`oM_8 z@5*C=Sz@~&i${LKEcoZ+3hH)dB!J%RC}>szhCq1kIFIbh^OVgfVAazZ&-c?#tLj$& zxitQ{CQ?AU@BK4D_d5+b{{@rxHu!7d15=>Rb+|x?U++Jc&O%`!^k{&0mlY<}It^;Y zlD-;t2wigEncjn~?wTX_(Aki~ee}TeCXtQLN`!V`yq4+7E29qtv#m<3Z&M2gNBw#Ug8D+AahLmGyvLLdt!R19M;3m<8-5f-KOiYKQ@Wk*kymp*Pva*11d1?EMg zf;SiR05{3mk1uP+5ecp~c9^)z$C~!Bf^OH^>?)f>hvY3u-Qp{MMP#X&shX7dCiqx3 zwg58}2vO5u#+6w2W|!;Zc}2(Zyx?MHhtf-orGNe@AdxI0&(;maw2!MOyEj4CY7p{c zbi&BDXCwLQlrS?eSt#S&B?&~YN&v8*PgL~=J9Y^aW8T!n`k!uOQ11RnOK9fUrP(kI zacgCv@wA$Rx7C|8ylv+QZ{*WgrS#P%8L~}843~r$-v6(5V&?;Qp%CnVpf5y5@Bs`U z6I(=c<+Oi3p0jyK!%BAzE0K@L?jIb7rtBKTO8m-Bz3#5{dgVuYuP@{DUiZ{H`A4nk zgCA-MOAQ@*Epa%xQH7a6c4Y5gl5p_PkC+K?8u@`#AxFV7D~z<38HfEhCKJZ6MBneY zsPBzq8FAz!k7KNeE>ilYeW>w(Ybl$*OFz`-Z{>&j{C)OAGDZn}wqtM!{Vk@y1@zYf ze@%mNe*f%4H11sFQ@}RE6!g|e-Kft(DGwU;$?@%-&zJj;mM|?XOuGtrO|a;{&A;c9APJyJ0Fa=5D)`TX zfc-snB=w(v=xG>NmbFUcBBRuUU3Vm3rGN^J%50Sdz!2!|VSGb1djRD{i^NMNCbU+P z2vk7?KCg8S0Gxc3&B14w^urbZLmO3nyO0@!qG=Rp^#b$g>H?N!Z5k}!wI#!{x9uWW z(ll5y6R;TCVX2EVSiUzTVA-`H0gHEDG!2Dg%%_!5p3z#nHBtTFQckPFheNeh7;d9M zBPG7xn1Km)U)!m6UkI$kK}^Uy4+ff~Jf;~`3Utv;b7Llh7!7&+-Y!P)r3*w-UK`7U z$~7KfSI(|$-?zAe?R;VO{gk|*Ac}#W4KZ9YGLY$H#<%OVjfXGRX&Vna*Rhq{)^#`y zQIsxpN>|071q=bvr2B5_dQ8rrN93z!?-g3@ezm~&3RBK<8NyM-{|BJD zuWMjhMJcf(YBVjKCP?B4Y)R4%_D`J8q6&2~nC~H!&XYCWs|aC{XD9-S5bw`i@)Wac_!JOBACfMY1~0&h=Ul{! zC)+i>3spjwztjS9J`GF9ZddV6(f0E{xKo$D7MZWdqO`4{hdkvpJOHQlAp`ay|MemJ z^&$85(H83GkRg_d_8Z*Xner^dP;bIevl~`}h@o4`mx=x{C<;Rwq{K#5$dX`nw@dJPZ4Y zEo?ocs_SurOFgV%ZEx(S?Ze4&7dXdoBOf?{x3-1_wN~)A0L%ZDj`4T@&x)Rg39#bx zz?w<`;U(?FyJJaK{+!cKoLQ7L|2{yXh$%g%02^`qwg{0DN9SRO{dAAU_Z zdCT~c_c3TJ_8C+pYDo2tx{yhFTIg87WJ5fg?o(Eyp5Y73y#Ia5j_a2ppo=BVr?hc$ zRts%+<}@m3V+@3Szr-!k;g6VSfqFC7|ZYkq|!+MH$_9k6^iCib5L_txq~%gHs$}0Oun&l@FmopIn3M%A48-0f z+?;z{DUQKr^s{lLl$gbl7?_d=^w9Z@dMLF=L_-|&$U~~~HM*twz~*Mu0u`fJ^)-q> zU2Yi?OGKQoF@JZVlytJSisLV6`@xkUx9h&x;2{-5&S zs5n~NA+F$72QsQ%E@``qh44_`dg_>pJ2^06{?VPC_AdV=9fZKh8i@HBSyS^L5i_MN(-dmt;oFdG|;U9BPedH0NA#rWVyqW0kW}J5~ks;`F(s9sZm&`myW-BPP-`1o`)wo>64>MR*F1e5L z-r*Jk=bCN?L&Z6)lihL0JIMR{3amJ4v_EFU@= z;E6k`vHp0~S-U*g#ONu1xN|cf_@tZ8q)>P(_5akE)W5nhU*1r64-e_<9!2Qc*@%z3 zp^>N5OvY&)?E$F`Df5)Su^^(P`se2x=x*qOPhvAM&}(^zcHh%5Z&OEkh_&V6ce0+-Dk6s5))RWdjCe&OY;j{ z^5v*mNKcUW=CjO!DSmAy`8&q!D*F_V!AK)&aj63(?s|fjI`hY&1q7(zktej%r3T{Z z6!>wEa>p;Q-e*3-#nI_Wi7p<2M`gtf*2VdMhb{v1`Nkn#A!w#-gjSwk(19E(kK=CQ zJCA50Ek6?nI7;i$8H~LDNCEHSmvzz~REnDXSIA_mp1**_!CyB+1J|r{zqLsv`uFZa z%=UPKA!twrGx|YqAenmOe+)m(<#7nB6yFSj#J37NSJ++i6pEWk(z=;fto4^vS>PFz z664Hd$5ZkNT3=JeErGh_BpbWPV_I z8Ys9BkmfruDV35I+-X%Wy3ZWhOxoj&jlziCd$TrTeC0__JFq^sJ?$$hrnw0E{4}6mKT_R$ne2GN078tX5Q%5gqm1OHsw@^kk8T7InPaC7i@g9%>BnQ& zcWVy~S*L}De3A|p9cMj_y~}P#=Lmi3x7;Av`LNJjS@igueo}_)7vp?2|m-5i_SC)0kg~^W#IBrVDPf zs%&O``dDIS{pk_bkC%)|GwX}T^qIBzvG$pD6=a2)<1W@#>>;MA1CwIZwDPZ@{aPN`B9P=WlUa}Av2mm ze1~ADm9u~0ShX*4Os|)_DTfcVsAPZdrtGK3v1UAB<;_I`u>f@xpcQi!q1g8dqVjX7 zB{q>JkgtGs>JH!x$}7{^6d4S8lSHfUFPdn*jBTBOXgvX}LYej;idNHL7|DA04yfQO z)9A*zQZsI*g6Nr1fJThLj53#g&nN~(q*|kYOsDSh%m>3_Mc#V(H&ks=_Lb)zP^v}zWk&^Fz{ea#Cmcya#$S*^=t*--d4lUPZ zLnao#5?;xL=`*0kX6LB_A4bv!B2hROZ^sj?xGif)dZ&Gqr1us)I0DR{q6TQpf8h%{ z^9NW~qulmoG6m^8r}6w>w;!V)(QHrU_`o=3H{YYYd%PKt;@Jahd9!HSA@XCk01xJ! zJ49)+S$TgkqHKy8O8WTtDD9E2#C!HwMVwyIqwN(LI#*;+ezBNQ^oh+JNw1?x(reSw zg!Iw?AEO1C9ok%qZ5-7$qH+I)Yj38db2BYUiq=g3@0(TBAf>bX3ujKMnxa-Yi=8O9 zhGR{-78}EfqO)U|6J2rS15hjCHMUG&FU8nNg;wQ85UcTdKgP~iX&|*!bB6egpJ-_| zWR6>Zthzh2>TE}w)%fLT1p*=j0>cZ6kYpp8bS-)tuU~c6ic;RXYpCq^QVnhx^rd-} z`wU*6QKP(6h7@{Sd3F^pmSf6G)1Y`L_udpzN|f1UT4?s#&S8o%zLJSyvo5|)YiX0# z5+WsU(EG z){ZUOj0_X8hseI<3_XDy0MGHCd5D%{bO*KtIHFSX5aVSgO~YCP?@T@ZCw*CP108vG z=r=*(ckFzRA-ek8mnq8gA3{ZW-rj(^Af0(5WHQI8f71Q~uiVG#yV|PVe*tMAS;`?b zT9QMzP((4?%@2_IUtKO z4;)K6Otbfuq{B4r^v&VwRW^#UWm;^_E}hD|{=PEty+dq1X}j`#kxqeAk`9)py~>Q; zb~1IeDrx^|Njg;8L;367$MpSJ)LvSZ6{StcJeI-_aH?Aw{K|k=lFoTP&<=mc{trP| zS;xn-YR2LZZiD`Ce=;KK|8ViCqOSY<*Z*{h50PbW*6v1Y0-3T={y~!S6Va;^Wy5mj4mB)rPrz~4Kf=PT{{j6cB1N2 zOfoc+pC;|d`Z0{5>`{~>S5s7rGN9-4AU99p{@Fh%X`<{o5BPgPx%#RmVkZMuH)%WJ z@N#HPoDPLX8jX^(39^PNrjyT9$}GlH{H-OvRJukLw2Sy%(7ND1%rOgP^2V+_`4k#I z>lDKmZ2G|LD#7q)-t8`0B!D=kYdACj-62ntnmfFTPE{7;K6om|*GfS=!P6vo{>u^eq1G9?~Iqe zunXtiknEAoZd#GI-vrtEY5VcbsXoAO82K>@yffSD6&7RBfhFF)a!F!zxz=I0u8g}^(vs`(79eOu)*j(tEBxib916~u>;gLm)TN=kefJXmafjNXA`DFNg~}NXUuM&>h$q zruBe^+ys2p_)ty*01ptE0X$2rkOBsB8gi5Ph4d{Rd2|rowLV$!R$i$daO3SJ_nEFuYB8IZIcrXGN2gr)ON28@-c0CQDy(8fIghasGCnEvALj$~y0UiOsw*so%Qg3Zq zAl=D%KMwW8i>An>q25YRGYaWY&HcE0)DRon>AtGu^B23^ve7O747w6#NA9T07%+n7 z6ZS^#32DC59$7HM)U^n*kcUoqCKmzJK4)#2?Q_=XvOQ&S@s1t5C5^X?M{fxi{^8v6 z6ezUS!wT(p*=}TPBOka_H@Do|16&945K}eb3m$6L4!hDN*HbKVX&!#P*(22xqX*!6 z#&6KRXer(S7mT`_TXWGE z`4OpLcsLc(4n75GzLDz-Y5({)n*F5*rw5)@bAMi!W3YysME>2&K7h>LY!Oc?me%Hw zWBDK~B6t4-d{J`+NOa3LFMyYg6pK7li|_4`Z=r3dSBSSvDQ3~yQKhD z5Z}|zf2Iu6^Bh;wD9_vt-tI1cjXC}vt9!aDR9fJY$HTuVh3=40h18}1;||P;gDN5&-&_kHJkpdxLB78P^6i+3J$Vj#Lf66RM<>>2 zA%f1oc%Y*`mF)9^@%H)W`jGS0$j5FWT%(!SK`vh|JtBaJ70EAYm{!}S4o zK#%OqSMFlgH-WdL!@mhYdzQNj;Liiad^QFunOMMQixxiHkW|49tb$=w0os%yf11F^ z*D?i5-`}~k1YHOEcru9=ieA(p9HedRBP~pg>a;NOttS~Rw5qwc)#T7v_I{CQ;e{s= zgEwQMeA%;4;?0$*_udRYwrYOybF}4nGrfmKPJ*xTUzRU}94<`3qc3uvD32)+<=X+P z6ERXY4Am|iLlgvfY({B2hw}6GV&yN(=&1QHb$6x}d0MyU%GinCQiCZlwj(2D4S6EkLbafYcBHfWhuD^Pb$dz|X$AMx8 z#dm4zU3vVlcA8Ztzlg>L$T4>fU->V(o@Bf^{&)SPJL#L&{Z{4_X5AnA1B<(8iIx&u zK2r}$t}A4!iTBV_#87Gxf+`h@q3#3d>4XwJjVGQ`&Db}&J2#Y4MSoQRhJ4f}1Y~cz z2?(D@^9797&HHY`Y^8>YBe}Y4J|1j+MZ7(nk z-}r(aOgqt)*yWJM=EoOH52%;8?+>rxV?_Fle z5&8)z_fY;NtJ!DoFOoiuW}nt+pC*(?(^67+3;ch(g}2;Uz*{h!&k|I6`Rt|j^s|!A z6KB7MW-{J_0ScDT<=d7q6XB7?dD&C|Kk-c3uTF}d-qi(!y8g~v>`=bKLRHzJ)(Tdu zk++NkSbheu+yk)uj+)JWkpUqwkSfAN1r^w8m-Tm!H~(FGaCYU|>r*feOrahCUFpXX zinWBPAXla9LfqNR(I7je0M!Bt*M%)g~AMdDCibwRbaalAIWb)HlJb{4S1e z&lB>LW$-{@9mWFp7z^AZeM7M}JDgP6rgg~`ysK9*Rj**er7JK&1w4dhN=60M?+t*iqo9Z1x>%ul6-B-{ir1|={38}u`ZGy>{ z-6o{?vf2crFTG9Re8x5oPk$!cBcwY_9qwmI%o$=f3*novyX1%A zR%Ca^1GWj)s?Sa(*`B_+kaWKZ&=ctUKu?OsS^K-?7a37qHU{8!OLY!BnOhHp^|dGy zWkYV-1CuM*20~<73<2%Z*Aac?-O^Ta`2+#KjklzpiuW*3u!g&u@#wlsHY-nEhP`>j zj5g}r?@p=i(35#+NzZ`ir1(Bc(Ph|PI?0ZYG{w=EuZ4B3Qht5-6bmq}$$I#DSH2b) zwMu#XFd=9@CKu=HhheIeNi6+gcW6ev8;|UPf_d{}JvDy@q?Cu^lw*wk)q86OmDWCw zVV?)%=Dh4|bju!vD1$DXJ)xNLX{UsRv!v4)H$sbezoqJsS~S1wM=!Rpb{wCki^t~x zQ9!Q0^>==1eAemXGaaTbzr#tF6)nx;+M}&>om_HtJ=t7iP-m)C*?=DoA8d&dZPySk^%3r);S=w;>448Z$@rvG7?iOhPoL3n_1CzC*xt2}r@iyy#qpez?(VHm^2GH&GuYtG0V1u~TyN-b`|YB$ zeSEz{StvoYWQtLtgpA^#C<=6G(z9-<1~1QoN%~?fi=m_GOmsigm2{i$g1@;?nf`1L z-oAU>rRmd7eog5xVb~sDE>tE$)wrZL)Cj{2F)wz2^+Q$WsobOe7j zj76x4Ej1=)cI;a`#GxNr=+u8v3nB@>7VS4rzfnqyBLyAjs6Vf)LG7WLB93qxm<;;G zTJOK*l2G!|M=Y_POLVCOx|F9ZX9!##cFPavxhl>Zar}P+Q<4w7K?0WsP&v?xd3bW) zi503rKpF{XRc%Pc3|VVf15fIyc+ycR)tbFqPfY>LCGb0@9dKocmUaWz0p}Lwq*ifn z`fwK;_SZgOiR22y2Ejrf0$PKLAyG{W$#V@U_3i0aq;+7^21~%lzjZDYjVHCukR4bRH zpagij7lq35h_?9#-&jB{)#r~CDo2mgIoO*tvf2Z+nw2vHkgU9y>-3aFI7BE~>?`c} zybn$#oQjkQH{q(+Bf^VCv9p&Fc*#?4h8HAIMvdsDP*)B>=F}(1J+BUGZvAL4?EA9K;(zkBeWwwUh!^fHV!0%`qZL3S& zN@^4zq`O!tRy`*BzityYP;{9a@qE=7evQ`xwch6DwhK3UZ#yH(Hhc`igby*GIR4RgCgk)f8jnc2V414b{~(q6U&axQ$`+8qDO1Pu4%uWk{VBb?8I z!j?6U@7^X+#tU+D`eDWCWAVyey5e0Zt{3Hu(x9ntXAQ8^*$kz_*^KQVqy<`0C^^ST z&Tu|6-bCWpD1qrqtLdf{)YcN`siP^^HVSUE*Q zQ*(Vc`xoRGyf?ry`Ay9bNYbbe-OaG*EQj~JV}J8r zrP|S|DEIbfB8i<6@+is{V1e2q2iD)uYPR&ZG`CUA@#ZF6c~?PKSJUWEFK`c^Zs7yJ zrYYL!QfozN@>D)}4SAd&!%!Y*6L+2B!Q*6rl_R%TEs&e_tlq7=7|2s{|%40A{+VsNF`A^@(=(t%B zz&u6x2<v(eMGZg2a{+fk4GFvq?+N zsmhgoaUyO8?U+muyFj7AsQvJ`|3hNRQytPF5BmQ`6zQ!qD#3z>d}1G=y$XXj0Rk81 zB_WVmkzxS3YdxgiJqBB-#@odwWocCD-}-w3Q6;^=vD-*4MqQfZcwsH3~(O)sSTN{4c$-ZUl-|qY?V+=i+2pLN9n1z4Uv&{U<85pg}ZD=Is z0}Z|$%}{Jr<5!8%D0S&FevMNdVf5W7k~YKmYH5LH2ZpgmLNX*9k^lS(qOm3Z;s^}e z%w`$N7T+S8`?04wj8G^02-{r3E7_GpUgjeRG+zU2u&?u)^)M&C8{oaHZ!V0WxFG=7+plU(I@h3!>p7Mjls zPpX%+&(MAYXi#^U-LhaITi@rf{^+n@wT4TIx7~3+MK5+-c@0X@cy^Q}{=bwAp}V6n6dQ(jz66w{MM09C5qW*PVu)gAWVyR!dv zyrnlX43=wVcc|2&T=#dX^D@9;0lM_NWk}ouYmej*o5_}~c6%msjHHMJ-tOzPIa9(e zOvWJOi);q(XnBeWqt*DUOzu$XYLe-#ia8I%s4b{RDDW%j%obcB8u~Yrv$emK>l^mh za`CtED-@ig-&umCxAdXXFHyPON9ajL;IX^JW4WMrRAAJP^##%>Ewi~aRT2Y=a{JDXTFZ&-7Ec*Qz5VgBRqHdA3TaqP3=P zQ#^xKTXCZnF}e$TSjX{~T{Fc{?jP>xX+Wg^@(^w@(RyEbAcu5rB|4NjcJ?Q+E>&Uk zWoLi5BvD*6pAy&8$YLRkU(UBFh7Er(vSSPPe3@*(D(G@Pb}Ik*H%aCD{dD={JG`C( zIb3QX&rl5T{_o%7)jL|0KfK$E`T%Xr{094eJkiYi2a=oVc%ONK9&mk%TL2WAzRsIL z#8K3{SrF<++8d>{tZNEWbE}#c%LPwJrp+`)|=()^|Aow)<-YthK%W z1Xv9Lmh4I05r0f#xd_BUk6cnLNXrT-n32okk_EbyJl{i(v6&wEXJ)hz6sWl?R_5RU z7f-8pvD?r3dt{?W9%n}5L4gx5B$<`S!Y;(^V*l+D?GI^hzwi?6=XTLPe7Bp?ZUOCw z)!Y*+ezN^e{uD^__W&7;1ALD`eCO%--YZB=YVN8Pm-*%7J6lnHcjrZgl-s9p| z0{W*ON}*#)I{N>x|CGwys(Niik@}udlqbx@Ac226sH((?fBgOrk%d8s3Ytw#u&`In z571Shv^-8%o-#XqSN`o?#fO2_yhC5jyXE>q3hOZ5ri2BLrf&Xn4EQGRMwmtAzEv)+|1(4t89er_E zv6F+`$0)|Tv=?0=Ta;fQ80@BR=How66CAKCnG1-W>6WKWb<4hqIAPpuu`>w-KKvPm z+yE%7s2X|JyLdX0q*tzC?tA zh_I-Y^9|~1(Eh0n+Rtu3rpCtuGCBdv0lWnWAcI#kcuu+myl=di1aF^Y{EYj>CGgWl z{F5ony0$9Gy5``E=35*XULO9;Xo5cvH-}fP2@1#m&`<=z7e#@&xIGP}Ja%?l3t+<5VXud7VY|POesn zv*VeG1phfs@b5GT{k5SptwUp7ju(7mc?+vgh@!+X-CU1xSVxLy33{9;G(R({P%w{6Rr zT_2MoRodnl7)6cNzl{@MiO&l1m4nH{v!UpOzp9NmDB4p)&vN{l5yKqC+kwo_NV~Nc zw{4pME%0McmhfxTGrRdQ=b%!@z%!sL8lgPaYdh(S#I{rTqjUFK_2+MvOoPk{XIP2Jb<2$sW2)} zrVhdvfsf;OJ=uM*3)Q9iawq?EL-Kwfe%ud#KK~M*j>7k23jBHUTX-!$glQ)+tqIfG zFzqb-dHM+cIpO4MemH<1PQlZepp&2U0~R=i)ip!XcL$vOly4Ko@niWBeBFbu=MuG@ zz(4z-z)7kNO4WRYwVi~AV+W)&Pz#oQ;=W-Q;Ai?*(D2Ot{UPfk2>G$Sln8$w#6QQd zj`$bQ^ZnJVQ0sqN2>}z+)?EbyQ9HSu z-(L%F3u=K@9Y7<25NJ(OOGGgZY>}!WM~nljr1~Aoz|7S6Yb6`NOShVB32KB|hN z>yl=*(-z?uKTk9l75ps%@5capPK*M-O}3jvX>y_D94b{6oyB`8&g}Ic1VNQw1Pg#w zQcHJ(c8#_4sZg{TX5zO}i@$L}q_K~qsFAC;Hk>&F@*7B7SigvNn(K%eDSK8NQJuE) zvmbXzEur7iT(<2Nc>8XL)LOJdEW$Wkg{~CQ;<$GHP@!nIwV|Cpp*APi0&|OV^5Q4J zNu1JIA#!$rb6{1eIj5UiB}nx`Q48`7$G|F4jbNY%wbmD9N5WJiKPEccWUY(OkgEKL z7Fg>##RGBT)_la}KVDD@T&SC%*1)eR#St|1fKOV@&Vd~=;hz*i4LgGF9vm!3jj#e1 zirR!o8|17JZCiYAy~%lVk?UeaiHDg)-JISC*=kG!2aF;Wrc{5L#2*(g(CH zDt)wvem=lcZF44xq14-*7|}Q@s09KJc?uQN?I+R2`FnK5kpf{BFnBa3N`YE<+f+b7 z6)BYBN4TrInv()}CMtFt$L`cw;BPVU0iT)7@`cKs!Vg&CJack|m%D#RRA{+Gg~GqN z*eeFDmXBr(J=k*7odpd42pE%3D=RdCzso>lxRc zH~$gwoes)+dpd=sUr*xeT&OsCi< zABhymy1Kh4y}ArO+C!#m)mjG^E^4yYflxhjT96__(HS8$w!0Mgw~-|6nbT5W9-T3d zjtQC4{o(Ff;v&Rq=MD9;AOlt z_mvlqs6s_s1@12R{dhI2ykaUH>Hil-_jPi|1b?(UOw|tMl`EkbNW|2Uc9N3x2_$1J zJg;bC&-I|NXz2^Jv?oItlugfPF}CMp=?f`s(MNq-?R&tF8zxeEIDFK1}%Nn!nL%Cn*by%>J+!V#7Ae)1~nb7Tpg&_P-{<8Lv} z8j1(&1DMql8l3L(Z$2ri+uWfUg|t7-HU_Ai1m!&3dHCv!iL5^ZiB@3@!ie|PZ14lC zwBKdg?;_d-`bmKzNodJDx4i4vZ)|#zv&~KFzWV*IzVb|-eKM$?Uz^l znBiL_fO>=q9IB3v(`OPMU|SkLND)*s7oI zUm7yqB>2N8-6@1e(7(;`47R@yD-%b^t`0@eHa9p5ws>qm%#z%4 zh)uuaAPk?UvF6t_lr%>{y>ae{J&Hl1S^q;1(*-D@6=WEei65!C-&f`sIwXfFc^4#u z!W>=n5wRriKx^0~Vo7+V>})C%uJKHU7!v z-7V||W@-HS?u+OpzP!6O_Ik=fmIA`Pz-8O+Tko_*I|9O24r)Wctya9CxH+8Xoze*s zZG2Ah3)>&_5!XgSb2U;WiA#kDQGcQ=2CXN zMXBC*n0D2a5#Bi4aK24D$R~$T%qreFads`1h+!ndiucJl*^@IEqe~q+^8ZH|qs9cG zCorre5?Y}vkh&<5ii53u4XN%>z@P>Emsg`(>^RPye7j4}SUu?S0{=Z_wTke)59${_ry(XwQeA%Y*jI;ODZS z{c`xp584NGIUecM-!#_WR7Mac*5MS^VI%7>M;+!^e|gs59<0CJS%0%wf4i~%X0rZf zu>P7^fBUfh_GbOfW&O=z{q4p2+mrP-oAuYi`a6L2_j19MsELx%8ty87 z3^2N@M7g4b-8$?w;x>H6D$RL3OOzMYGKU1;;jYWe6?nPCrS2z8-VeeX&?(AJ(c z3xLdvl3A2yn#E{|#gKfsL$7~YtYOjtwQKwI)XAOf)0F?u9rDwDcQziJw^Bd=i;J&y z@moNB@!0Cg2J7Eza0coY^l@4nC=x;FXBf9Zy~@E z1spVa<6 z8@+mlXW~8Y6bi<7ti$O1Nd3@{Y^{=vL?fLFcZ?^7fd%TkeLKas4daCj=)!pVBKXV3 znPii>YyJ)OdCE#mcG<+)r5vtP|MdM1)HLY^#58Xj{N;SNc;pfa&TyU3Tw>v$hT2mb=R?I-Mg z%p<$r@6{EL1-2LcF|S#Oo4yis4RnTBu>sk5$AcbM$jCcDo?rrenjr_Y;_I(G{wMVLknget8W#4CUoXmIackN)DLzEu4jj`zEy#rr zFyLXcO>FVr3J-TcN}Iq{cWnC1@6Z-OP{ zYM1Rx{snRr4o!Yjlv;&#nJ96}N0T$=o1(3iuauBBZ3dn$3>RrH2mV{=4lU%|wie$& zQHrX$=3owU%Wm=82H~8swec%(_NK>2yKPPLv!O*ZwAg6HE2e#;;|>wZ4pwuw18V%k z2BG_%?Hs=%VvhKFxuj!|wH`C}j`tUBdluXR#akdPOvSzFcpZc&r3vz_YHkQ>kc!cr zuVVAEjz^gEilivkwI#m&BK|7d3nXsc#YeC5fxxnNowb*-1AV zgMbV<6_IyTi6NNpz%BOwt(k=SWC~Ln@-!)ry^8)ycs-J@Ni3@oZB4%JDW%_@u1c8T+!I{(n8C;(E{mj+lEes_U) z6i}eD^S9`qS7Rk$2eaF1l=~T|xt>5Xu{Me?a$HIObF&uC@*^lk2g-{z4$;xR?vRaQ zD0gCUPlNLQ379K&!0Z1Qp|hNtCA~v@n2vWxi1OXT+@bd$Mf>zK#lTL;OdR#U$r-dz z_;i39FL=i5spw)<5edOl!lH|~aIDTMu@}#<(^2f|Mwk3scB~sXn7_(GM`a}M;77I7 z##8Z+h=15I8Bv-yxKM;4nVCh+!`SdlpuTbgbj!VvDyLHTk*C z1FvGc4isS1ntxCw=Xo4)6v{D-4;@ReCYs zgR%8gtJhmP@?}&>9Gl3S*_6mJI)-QLHqnivKb+Q6i(+V(--Ng0DSHyBz2Z-7>Pi0L zdXjgVJLEhMieQ6MF_ofpx@G5ie~W!VUw_LO?^W3HK-Th272EIzoA|ZRS#PSprI&9Y zq+n#7zVM4C@ob7ytvs4&?{#AP$x2O^@wT)B|I!ZSy37t21+x9+VVUd#0K8xLJ{H;k z^efB*^a|~AfVT<9c}TlyBXgb%YclHTf1grgYqcP!(kQyz zGx#w(27|;SRlLlCCs1UKmrvqWWA2OiBWsaB)-7X~v=0;IU<;iOGasX{O2c2pIOOAD zzE!j&js!sZ6|XXgN0W9ERZga}kjleZyR;79nG29rji*|flT@o> zgc6QK93wU@p{wGCMECJpyIA)w;!StN{Z{6LdIuoSZbYG3TSu4sJ}Am#iutuAMk!5{ zZ=Wfz#GtQ{BS!xrPI0bRRlI-;uLrXI?FW^e7`lCC`35dUX<5fk1vSYuBX1;hz=UU4 zgFXAv36&zf#QOrc=|w&1Ca>cgKGw!&-+QN+$nGjUQ$qh)^vp1$FKt>Z>!{H{9(~FF zugU8RdkbD$L26&cGiDQTfO%KJ zs276(5Di|_qVcvAK;BGt2duDGzb4XXO|;W#Z{N%%F<~vFz%#hfxJ2{i9`S4DcfOc} z-w|P5f%c(VW*;7-8YWN2v}0P@WR_NpY1cl_(gc$ocOAQ_ZLT}yLoaX)D&T$& zV?|9?+(Zv7+t)7t=@Y91qA)DW-6&TJOzt&%uhtSmkw8rFW8pU;8giC>LxO9DM09 zR>p#Zv_70tT-6Fp=nyF7TBe+<)!OuZ@m0(fQB$b7z?=M&nt|g?7YD zXvry6^M`+L2{o04Gvn}tGeAJ`3~QZLRqEP)P-)SCgV*UeYiV(Lw8Uge;n#+61j{8c z4GE%rLrRMB;s_i<$|d!G!72@G>9%y~S#uLuuQvKyiHufyv<4PMG` zzL7o*T0b4>BV~NCQUid-@!H?%$}a=jU=K%if6WcnI!AB~%C6YKHdS@-YkYaux_BJx znaJ8bK=;#~XP4j|M66VNg#AoO;R9bVPmSqH4y)G7(_31Au5>Q&z2=t37rR0);+B)E zB4S{NWT&%fpggeTRMJU}$#^JkuJY@xh}0Vh#s|pFxEjY9Suo%515*s}icn?87{=ir z#;|SZ2}#-HvB=YlQA9MJM;;IF(#yp(dvY@d_r&%^?Z(C%pnYPEv=9j#!qbaC;DOpT zGpu#7Z|JEMp7ym-yucDH4GI)#O2x_1Z$K@2`-+|<@_G?l4J&00SQ>cY-q;`7RP|E& zj~?zuD2^_|Atbn-yDq^4y8*)j_Vf&}Cv*GxuL-!De_k2zK08k)d(Llomd5(7V&&Pl zF_G+0-p|clqy_g!Ho%rNYSELxO-wG@TlEk82M8Tg)v zd}9e+y0C}hB_Nq}UvMfx@p$kx!!2KF1I)xtF8^ke&i#m$ES^WeKZV?i?*Eue?+?1< zyNccNVj`7_szy#b7JMhmZWs8qwB~$${wXHxNG1k;rA3R9TFIAJaZD%LrO^B4r_uDL zo$>H7W`3zFdE4!;&}%>G0tRn-RG64Bjdppy;39eRd8?`qVFAh_B=@S8g={P$Ej;FK%K=Q!F7Cp;p@p53gAVKy7DwJyC znfw}Odhodlrlnsb^*gQig2{^vX?wF^Ga@wJ>?GWbov7V#+QF_W$`2GG(3%NU=>-d8 z76;@`@=zE{M8&V=MEN&CVzrC^jYPU}04fb*rzcc@J*#q@eR(tyXBV|DRHPsMy~fg7 z4eVY)DB+e?Ya7~1j4jD4_iK{(ZvPn&hVxfp9C|%I>0Ue#TVKI4Qt)SKej}{znncN| zxa27X9=Wv8P0`7YE9+JB!Aap_I;xf4f!}ee{#q?()$X|%^UDNSEh|=pFJnwqf zqx5nWy-b+t3awm~kQhq%U5c%73w^1mp@YdddFkVr_vvHbMH6ha&+h-^2euRcCg(Fj zqKOR3@??Y3dh7(dnI+i83bNCAD%|yP6_#%>8I+#WPBVkdie!V##r7`ZSE0#tY2+v$ z_3~=uNaY(WbbxHjeeE-E>8y)qUdaPLaeiekHZ+qtL%LxudE_Ujy6}oDApWae{`rLl zZ-Mf2Ym-_Tex{F0o=o?ORqj1a!XVA%|D+&Zs+BR*;&LxtNITyGl6xBs+5LseU@Ff` zA5qNY$reOu39Ex$Mg{fYVMHLLw`LL{2>^)CV%?A7m;>KYvFBEiEnsFLrR`wue?s$f zsJNT?z(+*SX06f}m_vzHO2mi*KrDDyl(ZN1aAPLn?MZ~>a5p6N$OeO<#Gu^$HR&|U zyWgKul@Wc}vS)DmX*?Dff3Ri=PG#T~sn=chBjSmNkJkMtpmH<;Rkf8}h6R<)0T>-p zBMi>m&Nt6Onb71~WG_FPO=JBjjS$XM62LMt%7UlqM0bxF&?rBw&=V%1elwNp@_brxB{DFCcJ)Vf9yhA$MfbF-S;t5 zqsDDIgJV&S>fs-5?ZM=)n5iwEi7$~$6A*1cNTolsxGcKm0DAI;DS%Q~5wu({bNbaFSpBcON!8P; zL!N^2lzfIOs$ORDG_0g(rSH)akWafq&PL^$C)yVr%5@Vocc`0KIBl0a)~x0(ydS;I zevSw5nl*CJ#^9q9ClhW_Li5->&N~G!DG_x_+(1U=b({q~C-E$e((O%lOHV$5nw&L{ zaYo9D#gxXsv8=~w)*-iZHj3;VU^9T;MDaqEEvFd>v;vbSH_=YGGU*mAkjTH8jOb8a zD~#)>=c%;U4QfUoTE8(4Hv+mDruV1leTW-n1E3AdtYb3+mte{(FuEJH<3oMpsW^kw zMVoMn8hq(&u1>@`1taj(<8+)?iFx8G+3hViQ}AoW48L@6aAwk$2Gpe2^Kp^__apXM zS3}=#*_^ zR%O@ythns1?6MD6c2^KoG?PFQ-r*sHhZsPyhv5+dh7dyLckiv9=}8Fee!l|oQ`%t2ut@8Rry>9a ztW@sLgJnu3QJ$e0=qq1}U91n=xkLm^)%@}le@_m&h5jYG+G{gg!@Dk^@5hgbtObZ6 znYUS1%lWZ>H}<8O{HgwyI&u~2127QetQ7SDe3C~W@wZ6CFiiAl@9X)#N_4sLa9XsH zSGeZfpSGgLy~tN_x8qaht@wnTHn4BgG3w~6KOQ6MZ2uPRU~N5LyvU~qj(74pKZ80Q zdix88c7|40{mtXYsD%&c<*3&?{cyls28eoJwx- zoJQRJ5&pn>`3vNp1<%Lo6)%w2+RU{`7!pWJ+qcJfrQb#cz|)lRz8BC($$m5u=3#lE z%`<9^=(llSH^|-zCy&t|o;jsjT|QL>j%RIxil ztQZG1l*^->95fiaP!76?dM5ox6fGHndGq)-@qHJAE}V2J7Nt`|2-~6>fbI0T^X-`z zS|4oV`_^&OWD`!6Fa*7ETr+^W_!6L<8?%;T?AR!KRUG0|Q3D9^>4kh~xAFP$SQ5#c z21BmgYfMr9rqrveFcoSlxP|7&2E#ru^qFYInpyGWr+Lwrxqv%=W^B+yPsdx~$k`Xp zjP<(n=R9FFUzNb}rkp#k4pc_ZkPO91v)*q!gMFD`ymdN0%_V;7?oIo@TMd1%HGZ*D z4AQ~7RNwSGdD%vV_Q6u93_UUzX5t?w;!He?9@heP-epX~ ztw&DA95zd>xiAfn12Sm7$TVEBhz$CLU9+7x1yAAG?oqVTr6>&gJ#RR2I-y_sJjzg< zRlW7Nvy{SDRX7qi97k~GxVdABOEdSBe-)h(iEnNtygxpj>$$sfjrq`W^EW*#WO$Jg z(JEGlKkvz29X+YlgFJk%%N)7WkjP4Gj`Ungb0kdf?xp;pRhT3{@q}?W=pELFW_Y#N z_}yOA8~C)iW&jdlNLMR4k^BTHVc(dOe9#68(HYMIGoItT8Sm?R_<)_X^hlQYeqavI zvBj`0KIk^)KM&4-`bz%F*kS$2oA?8?X5Jbg-Xz+ML#vxu1(RkE6r6u{DIc4 z*I**>p#D1`zAuOtF3H>jQ>8U?4_D^(jra}%&_J)@-_VL=-s<z@xSun6>wnnKi7AnV^RleA7yIED(yr61A8;E6-z-VRFETbpUmQTIh4G$1 z_jzImZGz!G2~G@W^c()k2dD+-jZZP|gkDp`>2M$C2tZeLYRrD9yJzs!DsDz6W5hq7 z;BkMa5)YnlL~PRg8^stewg`*;VmeXoO9;q6K0k(oyU2LFVD7(Z9eXcV{!i%RsRfXw ze5u9f1KeRWZ1T3R zM~!JvH|+L(IJ3K8W}e)SX69(hH_vb<)+BD)^)Kmq7Fj{BN3!(zK!^;V+*JJp`%~ng)zP+UfYijt5%&PE;|4LsWNughf z*DZ-GPUG9vxudLnDfis7r%CZ$xyee4>0JUBAHEg56GJhpSW#^}y3%!;3fZ7{(OsED zzVN#x^ef?fL#d*^(8W-CxQL6IDMoYLOgg~Jcft!LR{06BNqHHrv6)3@ebHEy%Ppoi z#Ff&&;wdv?uCBSgG%LCV)NV2EI6;2)Ub(=x16Tfn1F+ZF9!!6xyS+U;eVND6Gr9eZ z3JQ7L4H);?lRWMLyu?-KPDNF{w81b}Oer$Adj+GyEm2RZmq6N*AvON|i&HVfyUEcwN`;?gTSC7xq6_Dh z;iNcOW?>|&-_O9l=iwS&Uo#_aM_e7)nJDt=@i>$&L-o?~TW}56o2T#SlAgw!_lJzp zl4qPU&L8Pd8})u2gRH=Sj6b`*nP9Xc4L6Yb-KMuId@}o$h1=c==Y58pYPU(tb49^ybZ>#Z)R0D>(s5l2TRUd*pDi6 zmTnAxy5Yj_b$HTnB_n=Xi7PAJ{~Mx=pYgc&_-ad*^@RneBZZ@CN<7A{j;x=34D}?; z6`+#C=zDxjZyJJn)5OP58+!_dhQXhr_}yvaDQ$BTtJ{2u8ytMfgb}jSKF1^X{TMml z;=Nw=Vl1oasGf`iYMsk?~!6)J&IX2@EX66 z*%T)z8F=`-s_Xk7yY$8<3_10_Y43TLm#g4AOAb8n0Jurj-}i9tI!v-@zy9VEWb;YJ zaOD$d^Epa3pJcT8h#QY}G5W#;g}#01MWhFxAiEDNUiC>B6x!rbZina}Xc~T;`?=v~ z5*mKa8LpSl9-#eB zxhHh74{fq`u@Buaxr=>hiIv-jvajx99}*__U>_R&=zp{it$p+Y_Mzqp|DAnk$@3Sn z4}D&B5&O_T9*^0FMojB!AM)MSlYQuGSC96g9lQUx_Ms={|5x^*yXJSb4;?Lt*@s#R zE@&U>^UZ%_ACeyA_Mw#{4f{~jRsV4&#Gc8VWt0|LieM%{_DHL{XkjW7q zh_xYpc+S!tnN?^C13WA2_tAp~d<*`BzWKq}V>&Cjib31$^@iM8Os{u;#}`^&bylj= z>yMOPBC9@rPN6K#tJ+h6Ht)!Z?$w{sAMH)b<5MV8hU}%e?LOMpy?OxTf>G09N{v4+ zdd3AKJ8p z|Nh1O=kLE~O)&T02ao%&_uo$_eE+@ZW@A379LV?I0|Wn;`|myNH~e?|@pqN=KW{(Y zlWFe9_j~@l{rE-Q_T!Z^17iE}{mU-8AAkIjxc&H?VgL1h{2e#+ydOXQMsq*DW;maI z)Qs-?@tz0I-;clT#*6O97f!m!eth~PJ?+Pjn929!)f@lwe!OwM^D}y4(pJfhQJ!Kx zy-W!;s@=}(MsLp)7&E~peZit*++>gIgL|p`ua*!ePic}?^fDm*-9z~5YH7W3Hh<|u zWUL_?`|e>vN;<$^PiJ{AdxR5l`RvH$rI&)je=gYMxQpML=EIrm5I>a@3x6v2=Wi6z zit>G^^D`G2PTP8k{>9Pw5^M|K%jx&S=>dQ|yYZk-$z|U}K6{^EhIj>1H&H4FxLu!k z89mZI1rk2*l5iJKa6!V7xcb`lR7#*4ONK$}TV0CvrqmVqO8aLWbX2$@+>0_RTCe`E z(nd$EkaDjQ~?*n<+?>ev5XZMEn-PvF7vfigC-R$4)CrTaz+xE&w0 z7wCV4h2l!IG)4wKabJ>QS-m-(8)>dZZqfz@S_km+ET0}H+I;pmZS;G`j${0ZBmH~l zH<1k&xqq(p`l%&)D5PK2Vd~S`4%(z>qfWKuCRyT7ZDw5HJ&R~G=`*TTeZV2HtrFh) zci|qu7B(SuQlT{OKxA%d30}Ml9!^PUfRz!wLoG7&jUZ`nSAS((i4nir3I$#B_FKx4 zG%He(MVUj^T&XfZTKfr3Q0Nm{Q&L?nTu~|-HRMXoanOj3s4S&Mi zO#<5n9d517E_JA5Qb&zRn{%nG+R6{5l%~kj9!w1+Iw9IuC9pB6+G7%t0bE*P#NR5;Pp9+El5e%Z@gsgZq10kjv|<-+NX*B<@#%txbt>Ad zK0-KI9AfF-AMdEnk~`D~9Ufn;5RZWUlKADg2**OnI_%}{{&Bs8Vx?CO1k z(<^8)7?Y^wMc9Lhzz8WEE?6Y2BpdEKon6xB9->3`Qy-fWRq<-lo7tGe)-eh8(mMfa z2=ntkM)?Q3mM=YIVB)P-NC+>E;yW7Kgim5UnJ9!1F2Ef+TnxWiSjmSWMN+e!Z0D$I zpeD9S9JdqnPBl9b-wF1#k7^U&!lSuTT{fXydnkg+BHrp$$2hc?1z9*99wH7Yr}3XQ z2JmTBA58UC3+%yE8Spt8vLS9-S0g?jOda(g;FF{CvewlpCF}M1{Q#E_riRy7V)O-JPvP$isCEz#;9N&M~Q6IQfu^&NN?(6HHf$LHi=~?vTEoSRADc@L(7R^Obnm4 zbKUUCyXn6Yjae_o{0SPdy(0!XpT-oE{3|CKmfl_mPoOMY4+0ohLem~_%A%_gCN}@p zva9q%3$3{QiP+vn=Gdtre3=aBQD1+_H<9o`^Sx!?ku0~G=K$n85&8bLrIS|-!_hEY zfIKL*R%e$K(8d5tkDC;2a_aDaD|NW!JCKsOR$OlH>udVfmCzss>>FGL)6Q}C$&^3siZpXa>3&bReRY@!V_Se7u z)hm7+^aS;xE}=?&J`sdKX@}^omEV(nRif-`YSw4|^f0WD*2?LtCEvMc@c~*z0~J44 zOWfFp%tu>A{})&>joZ8*BBx=xd<8)e=Wim9uya7OIOMAn@RT>*hoa` zlu?JoiY2r&)vS6ul=LQ6J*r-O^K)xV_+Z1L|058go>8Yn-=uw0aAnQ+b}%`yZQGvM z<|Gr_wv7|pwkNhRv2CB&oOqJSm-l!5zx%3o?XFeby}EDqu7zhki>ll6BTB4@dW|A0 zUu^J)1Js-9jT`}{ss5=LOD*ze`ya;;Z|0gIpX)j7bI1XGRxILs({ONcf-xMS14wG> z#OyGx_U20jgJnXNW_xw&)VA29p)Fpo%{^iJZ#Q8MS&%!6OC73_pt0_|-AkPqK zihCtE42kKk8;f{~O@6jid?0&a*Ca1^bgt1yvM3_?zBoa|k^e;3j0L}1hoM+wHNxqb z6|kQO0OtSm1Khdjdj6vsg*LQ2M)4-iniLUJ6o;ar5Xy%dOZFT6R)OcbnsK_#eFM$k zMe4s!yw+2q9>7nkcx&A9XdhsDy}So4Ehu>;#Q{9zqnql6w7yoq@YknT@5mF&K`~&) z^6{^!R`3Y?#;UQMDlq5FR(^!GDw`uGMjn{G{~nI+{Tkd)LQX<<#kCQ=!%(_Pnk3eD z9y5`icXrsqP=Jm z>pjyAt;51L>oXxxO|*+ox|g)LJL)PlZ$MB3B2v@nWvK1;FoE8&srpFU#w8SCwqm)+ z!JWE4`Vas|hC35`Zg@N9;KmMJRMJl~A=D6jOUG0h2v~2) z=Fa1*%XWBp9kB%P(W`?b+%!mH+rY?8YNq2%L#P~|=v>IadbI-y$)4R^B}~qOZi!=F z8?w9Q+4)sEmNFF|k7yKv{vB0y4v4(~}b+xPQEPy>G zhM^7x{Dlzu=$BoyM7yjV<`XC(?_c+9&Hion>;nZtVX4frc=rhom9l4ABb5}&5P~oH zRusZ=svssbzyMYthh07h6EGi`q=Z=6DQu1my%q z^#TAeQ^k=9wk7ci{4qGJ8KT@E{>2Fr;Y7KR^nn+ft(!kC{L{=?VC$z%(BlLG>4Rzc z8MCHfPc#untp8UEJVv^m-!0G4tE38vekMO^(|0ke*flVI3P$K0>(uXOOw9G+MGDif zeZkm0)1TRhZQ*T)=|mOD3D$JdoySLHWw^-_@Z=M@bw?F%9xt%jR2!l?x82qz#wa19$%}tU-YZ_kZ)j#|0z!g_ey(6*G0;`~t z2RGsAW8Dn0N@OE#i>C~+D%IA!lOVhv*rb-Xs3{-)%jtWpe*(V?p^B?}L$XGG|HQ)I zgYVNmc>tCssy^u0QM7>-`Fu!8e0o#>1x~-~DL@n&3_1(I`MxoZ}g0zPP(B0C0jwr;c(G}Aj0<_pj4@C z!MLM}|7HBn{+=XdNrs@_=ZHo7(|E2B^Xfogo zR6v;6351$Bs!-Sw2a^#+!S9EHkh($Ya3YFz<2ynu&7L_hw@A$BF-wkT=~Fe;>lEU1 z#Z2BW0FM95FICf^7k}i=QMjb zyK~_Wxrh9~{ok?Q(Jp;p^6gVHQX<~LhL24`iHmp_QQj1wTVNUv_OE{% z2n3C(4V;9nd57BF%NK{+9u`dtF*7iv04-|WN}=Uy0q=_NfLVk@L(!DzN>A<0ma|6& z&9|N`zO7X(T7~M#;n6QH99cZID-{>?A0&}G)(WkSc-U34b?K7JbsVkM$}I8looh^K z*%dYxMoS|+1$3Hk^}5tm&sR!k;f?)mE7Q(|-upkANd;)yLn0$Re@5l9Rs#y5wNZtZ za%Gq}M?0tqm)H_i&5|im8pDq4MXdq2oX=DHt$d;GxDOjFOO>6sP3l>z=Csh5k6dap zsRCQ86G#V+@)o(vDl$@@<#_HrodgyRjXTA8#Qzj1nU^9$6$ws4S4J?;!F$u+hR;tG zg82azSH8k^*Wh#I^$OlCuIbly)RoA{apU397p%{^y78}z>pj~K8SVcNS>CWKV=suy z%e!BYqJm%uC)RgcJOmI11;WAKw3a%&P%rU?N~+?Vbi=)Sn4RrcOwNHbKln}*2d?n8 zcBCDk`^{o7dYuNeU6HFz2W7U8##;xsuROrsrU9p3TbGALb}fk+&gWA*Fxc~Y^t*HY ze16sn=}9!Zq&}YPF_cbdLW1keRPkLgPNz~XAC~*#(>{RJ7ExMdQs}K zNyUHu3M>E4OpCK0K9*Wk=Nqp%<`J;18L$?!2TAxhGEuG|6bf@oe#79F{NoCW1 zv3~PO%QftO6Tnx$u|e~@x_yOy519uJPY{HEGsUw)s4IBW zc#=XDbs%wo?O160_N;Scrx2yg+!$WSWA6`p&UG3MHogWs5j4y>Qdw^;3!D5x`d z`mewo=~Q16Z>dz`vWny!HIeS>tIQmo|`4%O)R*iF^9k4gO=P{FDAS$XBxRHT3* z+F=^JrcGD03~~IL(cQoDrfF4yuFyTT>U0)(fQa6&p_cc+-mwAd{a0g~t3%M|zXP6h zdj)}D0zBMYX2P}`?tuD2MqV5l{%tv1rsT$dvf6WV4M*On=Zex*Mm%MQbZ?6)HBxjh}`T$ax(}BGz|%=ZZB?<@|%Qy72|fBFSg3b z<6lxM=EdNi@an`?(Hr0(P|plK-ae^7i{T?3Q52OHP;`}hmNAmS=#1XXEXJecCCUy` zFc>|+Y$bn?lp^?CgoU{@sd&)s?rpyEq2b^&4-jSY&BN)>?MPb_T7s|qB`ygU%4_@v zkLreFexwY4M$GE_THl*({8-2@2x0Jht}y!mv`2TKQ!x{w?pkn6##f=WUpcoQ$8`KM zFv0X!;oY{b=$`;)C><~T$3|#5B=?y?{sw+fD1Y@Syd$4{OZ~IzYtQJf;Hf-WMyi{V z64%^f$U00{anhzr6j4{#mb__M#wwT6nE`$`%wG=9s?nthJ#yK8D37(MP$F9kN5{Sm z5Jo@1-n63Jw@36K8H|u8K4E{Eom2n(mhJ~zEJ*5kjG%1T$~02bUVdc7R}#1lJ2l`b z>C~YB5Cy0aRDECz>^kb5u|-I(9nv^rs%?36O+9(7Yk3^2dze?Hty0*`8qVK8N$Gd1 z>-H|QGoI;5d`ICyX<=5scpL9YbTs=ZG=q~%(wirab*PyA;%zV}eEIwk*$I4jdrm<} z{E4r)E=8i=ly1ZHOT@UfoiXI7BM@X_xhYa-o_e0WgsDy}Ktb3?4)Dx;7Pr>=Hv9K& z!_IgZ$#!zp9+RHP1%x*mYrw+IzZlMd+xw)ye^007s!=Sc4B}IzQ!n8~*<|7;Q>)oU z45oWX_w)+6mCj#>5g09D{?Q#iSGB=U*%E_PYN<-lef75xah8L*#lV@z;h9Ddh1wr? zD9vnMEj~-8A>5C=soq`y!cJg{v8L2dsy`wE)7s&_OsoY>nSOHYQUuCB-ZoRRJkup~ zo?Y1aVNcmNSSb{VT2-5&mr|9;Wvki<1lC{~r&s6_O}j`h~HDyT21 zw_C|W46Z56pV3h~#$UF2ZE@3b$(oCo32y1iSOT{so{016>X(WSaA3e%$DTX4fY zujysqHMB61ki}YheFn0l75BVNKU2HPB!A`Vew9*CBAt%$iAC0OIALQJ7;m`TyEQ(M z7*d$Z^)kSKZhABR@3#HjqJYYPwy*J}YcXG;KHRz37HsUoNiJ&2BBu%qg3X)ToNQr0 zJWhKv_S-%mN+!KJ!O-^&5hX|RCeWmR=pQ7hYgj!S>IQoW;{l^z2RSosK42DglyiFI zlr4b(1~6BsgGbze0g~#^53q+PFARBQ=%+Cf9Gdn~bI>r(E+aH))fVcNufOlfO_=1< zR>ZWaDyp(=)8nx!OV+7*WT@Co-lQMngK{nEp?`a8_!jd+N*D97f4t^v1Crp(cf)lS z!@_r@-X9;@SiPK8j`dV;&)_NE`W={bP$u$b;m zon|6rOcIFC_;e9Af zKWb2WMJ?KeFrh9t5Mn%6 z4<4aQItYp3cCe!ss&ZDZ{r9eR!Efgc%BV&fv|>ME@c{o3oKjIRtwQ^TaZfNa(Q|1$ zmh#ZJUmzV+sE4dMSItyf*%~zd1^?u+Q@|$@f;r?*JW*7A$Y-6l|7l!_~1h3 zPPvRpGUPSD|H*s+mFNlQokaW!`&#zu9rxc6o0B`#ccU?$2DNthxV;&oqn7)G%{7Z^ z>eWSxx=0U6dya7Ow_^DH#|GCaT3 zC*0r;Wyaz#QL_1B6`Fv?yBOu|F8@-!L4Yo3w+r@-%d)<)u`&GFHpWNPHoDgf@_GH^ zg88L^H!}xtwQv#h(joa?L!=&E5}Xbx;uZ!~so#*tRHUo$%wu2~O@u?)C%Gs1Aa;HG z@K>Fv95T}cl#cXK=IRC0E%m}>R+}2sAUvDz_3PhAxjMW6hl-juM$sg9!eL3to%urh z9C2)kxU4K&vSbK^BpS=T{Eyuh{-dOz(&~1#tc@Y#55tom@Tago#hpUr1x%o%6gHxWek>*j zyq@Ys=CbM3@vZ(b%KBEZd??6NQ{6|*K|G7wIlvN7>LmL##hb^-o>h}!!55UdbM#D5 ziIP{Df4ev>ZK=Xy>~fIZ<4N#Y|L^0`)w>nu;xFP#xGdRHhw^t^r&w$H>1h4Y90|7+ zQ@MUc{2u2RjV0uZ=sNDW1JT!__IuR|UzcCW8^i-Q<-sVUczhMv=9!Wk35!5l_)R0BH>PWtX<$L_G-ATszP3KRR+C0N*cX;BY&%*Byq~Hf$ z;m=Jn7 zbg#IHWoSn($T~HjW!IiVlZyD)0gr<%qpyg8U1XC${-hHcEUbSNN8J>#ZPITC^k*C-t>LLpD=}^M?&25naZ{3;b%WXr z($9-#-9b*t$-{PI_`2mY)ti-)p*q6}JaI_g%zUc{{;aBS+^Rck+o(+7e~UoO#ZS zVm*=kc9lERK>g^hlXrKQv8(wpr&j6t9J+L={QaSf+MSw43AWmP=I`0qZBWmd6fK=-%%FiT^5 zR>FKBZz-rz&~N>iCe+A_=?X&Iiy8{*_l?yw~)G3>Cfaq$#N}?iJm!C@ZxaOC(LgkWu(&sUs=!SzL6EP_MR*L%k%-<6-82q z_T?EL-q5&j(d(7y^ZVSP2`y&A40wgM5M^F;`cr-1=Bn^a4c8?$;zo8c-Q!8x^K|l$ zY>?~iV}|{!M-;l|objB;3e;aKB+0I62N2=}25bBY1?nm3PjH6_n8J+vS(NU>bQX#nIh%5mu7&?WRv~_^IJal z_DKYLHXx_DV<_(X7{b4Pgnt_dy;gve%zo@CP_lXbZ-nFQ{s!|~BKGeK2xZixE7~Kz zPYJ_^pQg#5(}owARG-=XW%Q0%A`ao=RghzF4V|>!4ryg)_PuN>Az!cCqi+r!9@=3Z z+If0Lue3W>$pkxAW|45&dZ0}8;|F${eL$LuGq43p$+OW1Y@72 zHP0w$Rwdz^5#j!%^=q(O=By`_6ZO)I#Ipv2(fxSE{M& z&~oWNau4Ro~cUn8NvU~p2C}Cw*iDjhDsCDtEs55JG8>Ur1xvi?L>O>$4 z*lfX2PC#oi?xnj$8X^38W-pg=zI}N$mJ01SzOZPtF78ujSuZgr9KnqdWK~9@P&1FHy-Ou4zBthbCsd+<6|UH-75qT+VSP`23{AWa|$zbQf834 zWbxI&gcn@=jvDP=3>01R#bxuq3PM#cFE5zIv$oAOo^${PC8&PrZ<_W;{s%6?SbO*) z0H#vBK<`R(PPfBd2N`7_MpaqBm+e#vy~{`HOCSRV5F**!TGLD`LUbRSgWYnfhj^EB zGK=uBBg}ii3uPR_>fSJWXpw z?PtAT0yGK?rrt!82=M}cb<}<7swk&Mu=r&i4E3Rxh;>9Uk~h+T)iyuB#CoFs4Q#6( zkGkCX!8}@1OpN{>Om$5x!Ug}_oS*i7;9XWvorOLoc!-6h)7!-mVx@wu zJ&@ly0z$=A9}#+;9;qhvSAMsQE_F&XH<@y;4@#h$u$*<5%L{#%cbaH?YQJ zxb(_{mc$~B?+2{Bqg+10qtG3;9L;DqrF?$q9BS9*nf6afdd5j&#(Co0UAt%I$kZ~I z|4g})0dkie7?A=wa4rF|&)BHkL+jdW&rFYs>AZ{AD#T9hOVDV`QaMa+wn=i+GU^6I zmns2iMKkhHuLbKaR)>Z#x}rMub_sHpWsc;b_$0R9E@(U91~QO?6>z@F95XGS_-W!a zxPgfx_Iu6QZnA-nZS}L$in1*H_D0#+S82gl8nOfS*qeYKOh!FJ?lQs@_M{OfGzEe( zmM#s}V@GI6^|{LFj=Ut_h_E&7ZZp{VZgV&*sQ+f!@?`l*2sd_U>L}k3CR}2i5+``e z^dF?l^%B3u%wLv6syJZVAf5L>s1UOPi^4I0pHW z=;0wy|3!iW+w%iIW5cdOKKFxAL4z6!8!w z1)sZC>{-36iF6cT_`4qSk*3^)h+bp7=pvq7W87CpE6#2_a-$)BT0qYs{2Triu}32p zz{FZPU@}0ggp0JeSEXg(2}Phklxw4sB;+)KB&Q9kgwsQ-vd+idG6!5tgDU0r>3RIw)W^fk^L8`(U(M$%0AI$- zqWP_b`7J4XMTQ71)=+EyXlu(EA|OqbInr3GZvo+n8_31Jw!)3YZw>geXmZURfw%}+ z{YU1v4(5)DxVnabT^69rv|%JJ0~=6v8U*x<-9cM_(Ls=JyYP65H9Ev%&#(s6aR5K2 z3#JiTDTjikra|EB?d+ufDd^h9#qXt=C%fj3k+`~+fL$(NU3R~g`7IB-rX_%w6X<0= zX9u|90JdfH|77sT%H$0lwS+$GvJi z7(AE$e=g=T{C{3div1-IcWDY#WqvEc{*r?0`(^lY0G~7aZP`8X0WIt6x=e*3Iqn=( zq{%+R6^+Dpm^q|F!(-#jM5ti8c{*lUTCK9zb3iC@L8J znyxZIEeWT$?|jnn(i!urp^R=fwJQ#bzGQ}p5%1%3Ha+!8D52#1%aqsnAKkZ}Pr|$v??sA<=m#CO6z%wTD$z|B8xCA3wKW#Pg(Xp8(mp%+D0c^G#21ch%23 ziaZj0&p%S9+l<4~OAf5MYW~1w6l2>E$~gSxPr+f7uT!!3HJ9S;8=LlqaN-MBk9H(xFF#tavQlTU~h#MvFPTOSQ$wdDXp)b zox>)GyY(=fn9&Jx`>5O8abmkB!8vRO`pHO_u zHuS6SOHV<;5Sl)NUUwF!U32|avOZ~cY#-*!BZK1QReuH-aYIh|Q)CGeNMh|+Pb&jQ zR4)g+oN#7M^EQT}**}#U3|;slO-ye$NZhMCJUo{g#nn!yfzJ=y`0NHtZPh|AZOdHa zcv2EDX}(#QGz99OY@X+|ZIx(Ros&h~4yC!IFd%{_dSb*pO<8yrd7=kGLqkaSf!+4r zq!z~#jhK5#4{$H=`zk9dLwhxsRPhfG#W%E?`Ecs#5%;@bM(O7CjolFOB$o#`l7c_>yy&G<&+%T*m)5$k8%A zeSa&JyAE>fteHOVx@`2BJhD>vW_8*icQ@OZL^9i06F1wKq6kejA73=5qR-l9BbuwK zr~AUfAez?vEO0T6HmItfCTgCKCcb%s;k5jtJ~pBm9!3_Xf-PXc<^be4cd9y{&r~b~8e=JnRJ+Z#gyx z^xeVZ%kX`=r;#9v&_D0)G?-AX$!hfT7|+n$MqbM3&3~=^*h`HV-kJNH)j^k5dQ^XI zaV6HqtAsbtX(iSQVOqf6;E>ltf%?j0!|@)Tq1MPP*a`X7eMH-+>=>{+k}oG5?u?CQ zr`Rs#!U8rJk5<2bjIoUFmajj1w#=JYQj1O3okYMDEyr?40k+M(HXwi1%iAaCZ}|zl z8K@bwsj+7OasQMD}BU z%JLt+%_8EJm+ln7jGFDc_LFn?Xi_(D!c-wO)5a~LLDLLi*}I4*8_6!w!SbvW4c`jd zxdKS~+Kl9fM@Q{mk&vq>Rjs@Umms{*>H_&a@LGSmxwC1T2vldCz!t4LR-5->0&blL zy?+g9F;}6Wf!gW2MZ1i;Q|wd&W8E`GoH`nQrxTsKXM7q|BWiAC#JWYf_+v&k^I10#pcVx`xH$Pi8 zoEI_*j@RsX1~W}HTnJio5U6;Ta>R9Jq^T$?c@%XNv7}WwsmIgUvt(qf6&o3;vt`Du zXAE_a;50a?httT}X(gs*T8?PsWz}33!n86|%8n6;(@ZQD966~?G~<9WxYjdcMm!|B zQk6VfgU&hf6Dlr}$dfY03znSJKAMVb$&JedtMxhk^3K0_?(1_fsK%}1*chl&Wui`} z#?f<4;7I@&KYwWwfM`*mrM()NHL3nqP72eG|2qJiOqpXw8WI}Y81!P}xh~B5q_#;;C8zcCp>oY$y`!5$+-GY$zB?}B}A5sNl)Qn=v z!tG%yB#&ROcJ`pA2R|kw{Om07-Ev)9>I#f6Zy{QN@C>46VA{QFakV2_U?m7=in8M7BWN-rfkngb!`7gbbqCe-g31{|bg{cA&?IZj*!? z=IQfJ$5*2+`w9hdv8LK|Yrf{Z-rP-~MrbwQQ%m2UW6SM4na#OQOLx8`RGdS|C!x zAXc+Ca-5*Ucw1p=9+qsI-Oo`7Y||h~6St>)O%T|wAc&#fpjrT?*$YKW7~2L}?1d$S zFJ3q-z!B@T8wTFh-6CikMmz<|ogDtsV~;9Ca}!358vvAiL?;|);=h6z`DkF*t}~bJmEBpju1R9 zvo6x<=cJsl#9Vf5W1FqB6N*B`=}-~IsW90^WZ400PV6w3964jo>xaiVun0%D9EJvK zT0cTx1%@9kn30@d^`ek4y*__Hvo8<{D#&~8Rz_MsaVlR8>L-`q>A2==kL%3Q39bFf zvok7=Zz#dv`E$S4l(g92p>e~wc=v|(ORiu>&np0eyRPfP=`18)$jHbZ@bqHKC3TE+~U zWBjrH^9wwCKf)qx8X90i2&N)d__C$Ww;GVQ85VRw^nrQJjr|il%10eL%H?DIaJm8P zt)b_;wp!A_7y^Gz$d&A?j{xitT5z!o6U2oYweIh$c z&#E6RKHbmmIYrmPuT6u?Y$8a$zmi?D>>Mm!%A$YoC=JTx7Y~Q;%rw;P@l)D`^J@z# zBQ^(i0A-LMH#g#^sYsE0_D6>m#4P02QNZjNusB@@%7idmvC7$G7TO}_#ZOw6zpY67zTDzIg}=`lO=He|EpfRO7ssHkQz~6E zy6V*Sat`mwtv9WZ*a2(c`h=BxkYn5#W^T!vi}2*h1WyPNq3A>R{zD~qAB+tY4awoE zb>3g~t{eo^PuF@R62MuKa*Yf3em^yVu9VwjMl^0kfUwXC?9|U9vw^RSxp1_wUHfJB z)olBxcXUzB{)hcy-AJz`UI2tcl)SW8CyvioE$`t}IN?Y)b?dPH$a^xQHZ~Q9Jv;rL z!^pDzh5ieAljD!{fj)sc7QVXMX!E_jQ&;h2h^<#XD#6CsR-)K}39f@~D9mmjoh{{g zy`()9NDd&;7JFeTtsLB0U&bd)^01#X~>G2Xsr|Vuzy&J^MH9w6qm!5qJ(D& zlm}0`UF;9k^;_4Ec%1_gF~fk4RMj6Pap?0d(&B&Ai@$f=#tCofsM7D-cK!Y+C5f;R z=CrMXdmgWzsEvqVtB&B(s%%_5546z<%4FNyby4h4B&)4K|E8jSA{dVFmw=^u2v=P; znu;V{5L%ZG(`7euS@!G8OI+0>-@!HPP?GBew!~uS79_}`IvW%Vy_rxz+<6ouLM~K0 zSxM&<7mxp`%pO-5l-6k@08SCGf15D6Nh`kk$smP3J71*}M`#`=qdqa;r4y$#MS#dJ zm2c0p!{su@f4qLfx^_e7f8PqRGec$>uhu#Y;U=77WZJC&I|9(h5`2@8@@Q z{`Q~mCPym#`}gSWnpir290+BW)r%@rww*0?(o`OsUm%~&CzJVfY3jA{LY-p8Jfo~> z)mTlbHDdGhO+rpqc@08;+1tPOdjzvF9l~sf20a7CAJvV=t?#+z^>oZv034lf({MJ& zWoOpRHU-#hjuxQ8a#P8b8%Cm5Me`kq&{n|8#6X&p_W9yF-ZXf``u?z7auc=JIxbr& zyiST$JmwezGULtDT;vnuoISqKQV*=;4H5F-pPG|y&nzD}7*F0SL<8kmvCJnF7WzE+ zaBaDCn)AyTOAVMU4CXdvu`qIdqhbxs;`;L37dBQmLm@ladWY^Xs~wv={*G5~(OB#< zF=m7;4**g7a82-Ej=uuRW?|t--))ZGUHdxp>X(aSXYLy9;3f?UD_(k?Ftz6IzO}sE z>1(Y?x_?+9r-0R_(J2xACIrfO=52`iQ0njxsPlhZnvH@kDx@?IP`T(_4|nxIB4a>( z^;pf}SX|y51xV>tV%rxyKmWV0ShIQ^mv?oMBJH1|;auB~$EZN*O|abBKMNhlbg$!; z7f#}#l12FL>U#pB=-swJD+#w^nZA`t#R*YF!4w6~npC?TbN<`9HS+`bf@pqma5ofj zeq0>@dkiCx>)%r)Hta!+EpX3RAtidA_Od3y4l1{_Z7(`yZ)a#bij&D-ooA7>kcilLcgT(u6s%>uK9yGDN^<=uygQv|xLI(gZA|nt4SQ0J zI350!a0Akr2wY2YXhUaqR@&iDqaR#0*@2cF5;#ayc9b4oxwHpt0%M4`5y=UiZ#$M5 z5j;tanaqnpm}kW@-=bRu90{+A@(8Cr2ttj6tP)?nqPRx+H*Qsj{>Zeph|~rrUO^R+ zts?GZE@f2+_Y>a7M?tV6)?C)ua9W>?kb(LFG9!s@%nB0I)5hQT2){JC()DiudNHeZ zg~q0>y~-4$WC8|mu~f;867e)XmDEPtq~s&fop~rYw9;DiecemY|Ge7Q3Xoq}u~5HpXr0mqy-oog#o z9}!+cixApo=4X1^xperEJ*hVGpS2~}ddr+|RsG}jfeeA6hv>F52%6M_!&F%8G@x3% z;~C=~wdZpqd-%zgs_Qo+d*MPcHwT@MC*-&na{3XF)g@KMdp~LIHxN`{)S1(o6S4g*vhR$(@(3i6Ms;u^ooD}d2{+kO+qqUPfq@?%jL-Iwe4@Y_3&4K=ody;!9j#U7yn1QA|A4F1@?>_FN|Rr-rNp?{+re6yY2($<&P5!n5=fe@ z`?JlgU>Slv1pi(b(c8gFAAPpQoa?q)_ky3LU%n#@q~ zT9iA@DkUZ#`g>B+#~JIV>eL_@!fT)smkQ>RNOzJ(Go*_c%pZgwYY(zx7V%%CsLF%< zyT^>ypbxu*;L*YsVwUhWOX}djQLrd3QczU=jH+wavtxdnC3`Dm?j4reojp{KM0tZ^ zd_8OzB|xmltF2qYEdvq*Hyolu(&>Ui0X5WCRh){pYe2O*GjQ(G57X`ej92s^q)=0- zn8r3q!}vG?hIe<4J@3IgwBv#_6@Z1Iyx?!>AG>mGSEi#TaRCdPwM{yj6}Cr7@N4la zviL=UO@LB?agQ!h@fwX`=V-9L))&rZYr=pX^OZPjU7e73=o%g_)2f7O~aZ2pJcZ+x2 z_ze&&MrguIQRvh~)h>!%0K5zH*AD31mK0C4Nh7ryDRz-@?A?K1il;&!2rG5OoecWq zDdd4Vf@r`BdpMxVgvcFQptbM6x@p$s=qpI62xsBN#8=AyNQhSi>bi!(V9i=$T#W`j zz~QG9wS@R(w-NbVqPmYu=tS7ro^o2d7egz_b4aAP@<$g^|Fo|9M6EcP!+J-xIs>eqv07a8U;A}jGgRqrC)x#BSo~sw!0oVT zK1rx|5cPp6A$oa50sw4?LPuwZTMWAc+hrv3cYPMq*nznbqqWODGD*}YpJ+VRDyfP) zN2262`y&;Z=@!7FzAi>ZsX|^6VYh8dTSYQA;T?wCeOZIx{%w&q5;)DKaL(gWd6D)G zSalg*YLQs?rF#M_KmCrZKXUK)0B8YMajVd&OdOO=uq~F~CAP_^h-Fc5*o-pbJY0%$ z1V^lmSawD8i%A3tjo;ROMxdD|c13y`;9IE%c6;At0e@`#3PrHXD1?voimrr}&c>fL z%yb2Cgf&-zp?bFLsb_%k=PcYQqnE=uysZ}Gk$E8l&{j;+{}iaWW4TTT74UIwl_L@v z-D39{K~t`9$_4fPog6t5k>3S<@ehmhkE{_?S|$S%g90NN=1Tt#p|s+foZZHg z{=O~pL=Q$-YKWK{tdmBY9R8!kerNE5d|Y)C$E z%Ts6PA$ARk=^(1|JAFs`&{_pzD5UGPfbzNnCty1I+I$my3&8w_E19MbeIYZHr~%^> zy^&z8JOsmMVi)+<2Y(lm9xM-h;oB;11vZxU z4gdk-rfqK`Tk1w*PVQqps6Ng5zP^XxfKcBZW;Dzo;E@Y&Yg~~$%}me(Owa^<)oR9) zFJ^pW4y~Id^FC6J_ARaHpO)3ma~Rd{Ozxp7<*4%){$-GnjpvE~L*oIFWgHTWA!K<{cdok z-wmhki3)-W1m_sR*vftaY=f-o(>Ab|a(l~2nXr(EE}_n~3@ew19}4VM*JNlDY>MOM zNKBzy4%o(@d+cJ4watPe^xuidL%atMcMR@7Sg>!N9-SzgMRbW*S|!2_pv`3ig+*^) zz;=>FtX{8MKXKliNQ{qU62pivOCf%Uui{`)?e4Of=5W_sC2OBj^4ogO0yiQBP z@VqWd!XWV(XeW93pw>V5;Rk)Z4>eXM`0~^C+7L!HzphLt zaqY}T*p2{%bcmGbR~5}{XdL_J8(X>6wwpIPUxy3_r{+!)6fAFL@$Em-;&P$UU0}@;P z(7B&4WSxG6*ws{GJVF~gMZ0}?$mNUke=Exbap!8hs?y=^X84(Qh?@a;ggnJvZ!N;x z@CUpefa#r+f1V99)5qM5?ib;`(eC!LTyKP3{Jk!&;unLn#ko2yW7YouP9#q@+zb@b zXHu8mv2!oHgzS^HFG~lS0UQ1-NYLYzX?9Y7Tl%)FAAa^Fy+!P`7-@(mvoe@d&^IYK>I`R$o#&5rBgjZS>f(?=AbinValdozxeep2|4xO z6S-vQD=A={IhJ@R3oz<6qYZXKJg!gYJX7+Q)H>UPzAEOIg*O_2%=n$gScnKURb!!n z4mbH)2F%k^pczt%6AkhD?nzhwVnpGt_*Y4l~mJ1H3Qjez6gJ_SsbJgk=(2<1@`a>(I3z1abf13AS zXdVZmGxNQ0=BcE2GkPr4zIn>3qU@6 zjF?j1<0;ly0Z1hO@sygvQ~Siq^@^5j;0=kflz!2adY+OLOSv?fQf#BnXoIOUlr{*1 z2|-{7+#FT?I8;$B6?8Jy|7u(WS=;bPceNLWn+)w(vI(;svl@$3271PJ8EwLp2jjj6T+JcS75satY=gZk(VEkXnWL z7jZyp$!X1Tg?&_SBNrWOX}dtH;#Hfb2{cg?z)gG@&M9nFhK;{03;6U1=sN{n*f76^ zQ2G{i$FQ6*|5BT=1A2m-8ZlT`5eE2POaq9)Jj#KdLwLv7S-jYxupJ6p5Fl{2xzq)m zNe}mqYGvvwLMfqso0sWcg6?Y%R!I=c+}iGC2Nbq=64e86HUhu^D$PHtA9;w}&{K%^ zbTpX*7gW@Ri>Twfjgf-<#YTP_Up(KSsM=D>RFC~p)Ww8N@&>b>tUPVxkA=bV_@iuF z%$*D10A-4VHYarfM~k5@}pB358kvm3&XpD@*`pwOd`;BD(Xil z<#7KBw01@HbCSSKp#^1x+MTfQ1?Am?_cB)1Z1g9wZ&2Oens{7#`~Hsyt4-rxl?Yos)1FVdz#FRDISf)VWmuLqt5F z?M0cvpN#41vPrzeG4431K@koE`Z;0k0s=6G42E(YuEc5B9sC?XF;Ch6W4?rt)TGe( z)#GM6l1X&QZirm$0+AN1qS*pE$x9FWU^T z;uaUDGGZAV7l6&6DC{!v*s^3^S*;?pK}QOR+QL?osSBuzZIERT?u?^_OQ;K%@~mOb z9sX?Ufi81G#d8hnVuLQXlZ2q2(S5~Ll{|i@m*MR%V2cKqx@2?`Cch}Ez9P8+XoPH zS#f~RAiJTL$-I~Ak-WUZM#TV*9BIKKw-a|oRX-m|q}T#pGqBJ`j{uOZ0o)PJ)CEr7 zOf~JE67UKqGLSn_0ZKdIeuKf+#Y6-;y4r^1%W%KcPu=1ZoGAghh}zE`d;us#+eU!^ zA2o&Mo*IP)!NBfL5@d_Hv}gjXF6HrSfcg;Q-l*Ja;G(OZ^V+VcP!vGG5uO#^L*71i zsKG$8mmP%O8#5O60?;~xGbi#1pMuCM6-OUl#a0&^G_ry0RSjI;m&JNi%XffbPToh< zxZpi5R{}PJXxRc|2B@Zf>t1#kP-3uC&`S=uuwT$&E?9M$&x0`{XhMq+2?IlDS5hZe z8LV`g-_Bd>WgBJTga?(|Hd0Nnxki}x_(aU1rtMx>C(L}0_5LHw8NsIOH?^|B+J_TE<=W-lt>Jyjl5dq%KIKV@8Qq$WU&uk6|2CKO!B^_7Q1|{=RXF9FPoZWFBp#fEOmY zWlW(R-+{7?R3*dsrKE2H1dyhzl6EZxL%pMx9GC&2Gh@+m$QCvb&?jP*(aHm-2pnA7 zvK0bXwy&UN2Hyq)hQY~roHqIrn3q#%{@G<#z{R14ldU3X4*u21VX($vpc%oaBDs4N zRUB}x;fMM_H5t4bomX1VzXBxWX@*vW1xt-~Q6gwb3Aj&Ym^xJ&d08Mqi|*&57DANI zI1=Nv(Kb}$@aiD~P~*X?hnS;I(O&0qB-M;~CB4pr2HIl-$7@L=$7}ZMV@2!a;Bgp? zRV3koM9tk2Mw4@_=4w1_gb~3I)M8J+PfJQSXn+imp@E9c5SpCnqPrqMv3{=hEWkz5 zmcs@CYIdi>C(js-0wu5DPMNCy0;3!>MkA@& zttfS^T^r#%!Y2ZrIm68C=mrrVN)jnBTqs2D)9gYtxmpe$9tgsl6TbShaJeWfhyie+9$00_JB zzOlKrXUHsUqi74?lOQ*ord6C;Hnx&Htlp4P#@-(7>TDx>c~OLKb?j95Rw3=@(*B;Y z3+!PXKr0p-SHGD*jjCy&94e`MG->ha2QX)l9<3B9GDf5@lXC4`^^)yTdD9ST7N$E1XghHgC~M8W+B(LSLaV zK)gb&CvFRGlUzhoov{-y#{{V-9fUwQ%IM=X`ygP|n1G=DAjQTP18iY^7qJ=D`l8#- z3%Jy12b2uH0&+KS$#I1TJ#j#7+OOj(9jB#UHC7vam27P2^X)luj=Yc+i1m+=HPVu7@ zsL~aE8$01q7o`RC3xW;lGM7Ri4-9~5vMSoa`D>lR<%CygFwS;>{HA3Jh+N!1W86Mr ztVLp5n})@dwxKwg;i=T3Wr!QTJ->`bm+z7R&7eP4Zb&hy%2RZb!?cX1;-WoVHrIdv z<{jE%Y?i~Q@-=Xkmwg`Ad!)c(&Q?!Oc+Hl)gEipL;6o~^vGQ7tn0}W2}>{5eVM5|xk zL*%d(@l!J%9 zakO6!LmS)9UqB2R-SUR@&jPM18p(97Mdo$}MH_jCESxsP2=2{B1xF`PKH2CnGoLA8 z3L$PTI!44{`-srNcE%X>Yo(}_@2+zdh)<55^nH96xD#ev&KrjLZC%{nIG-bdw`tBo z#~~QMU#8vQElSZLeyD*AQ8A@;wXvJ52*+gB!nb@|JRtcY4%*{RejyayaQ6z|<7+## z*I$o^~iqPf-i!_Z`vg>Y}ZjZ(3sK##%T>cN*L8-lDCXSq>Z9?Ox#< zW4j&Qx%2IIbhRBtP-|?veVbt+H1^uPLbVj#d^ZrcDQZC@l%lDJ)0DBhZfvb9+_GZS z7CWU7j8;~UbF73b`-Qk|78sKfm^L)JOkb=khxdP9RG-x9*=C;7J+j%!- z7Q`xhCDaGT+=2B#KeO-`x;ZL%_%h!C^o#sPV9cGg=MH`RDXcG{kNb_ibr+T#O?&Hs zF?aE;^}v|BacA8X7;_KZK9uLJ#y!~o&VR$aBgu(z_n2JbT&?^P9`F}mLN}XM74Y9> zdGMRrDwUVrGemrS$rUtz(+0{;S<@_i@Ov}xu>R1WBj~5j@4tdySS%FV{g{k*CiyRq zbMo+7jK}avagINQ$8Cl5hC*@2f)t8>)?dbd7X)}ZI($Q~8Vk$J`l{jEA28~9kK*w{ z&kha4lIZL$8Mgw9d(*AJg5DIJn{rYTpBHL}>ZcI(2l4fvP}JWj>Q0C{ExzugsP`yp z6hyr*zJ6{XM)@f!3!-+2uOEh}(ih5C-2tDI#Mk%W=g-Sm-436Zimz|L&q?L0ZiCNh z(0}~&l&=~IpM%8L|AC)(maiHCpOeMce}|vL%2(YApFfJPSK{a3@>QAexlMe19)9*K zUxg?=BECLzAWkvUm*9ST%B$wq_kP?lKmKx;h<1J7%Pq!TL)-^%cp3M>mzDQ2cH9r> zn_g+52YzqgN?xjOy5`XVmdq*$^;-Q1Uh{pn-v<6Wa6A9KdN2RI?mPGuhh)R3^)D2k zIZ-GUw6=)Ft(bPMP<-xmuR?K8TcH~X%OyTh2cc){A@uDgNZesBl*B#FkmCdd!ce#) za-po&Xx5gVvI5<;6^h?>Vot%x89oiUPXgI~(rZy4y8P>aQb*)St$Y{0OD+24NF+jx zz7pS{o7k)Rx@_C%^Y5m=

UD^EdeM*zG(a-xL;@qp^8ly5$%Q>v& z?eG+#RZ2f8`Oco0<X0jumT_K&8e;6pPopKXWrQegl6uIzb|T3 zExtYipZEsIes4g=xNF)js=v7D$F?dRD?Fp8q zaB4JKh=H;MstFYXJm)1r-Ub-rn?Xp3HN2rCzTx#|!-INkIP`u; z92tb>cW}A%+Qb1c#qw!oZI}Dc;&La*pO*i>lt2B@;kN7x8uF(~o_B@|pnLzb0J@z9 z)4>Ihg9K3d|62YyO!?#JE`J=|;-?u>5hv%O8iyd5)er&(Wj&al|vf zqX+rJ;rOHD0`kXU%Afxo2&ViwAB0{#f$*W@0`kXU%Afxlgl_W3(Ov#Hy2_vG9_5e2 zls^tr{x~iue;iTyW1M`HwFQdUwKS)*Rd)1AHf0VpW(36II@ zZFrDq)BjLuxOF3^A|wAnnBk3wjArKYLfA{A;-`6xrEjd_N3j}haa!~x3937nB3JQ~ zqv#An|L*VHUxl^+dxGvJsz1V*Xj4h&HDx`osphu~C;!yOfw!oQDzlC9^V*o&rH!R; zb#LQ?x4O6SW|ubR@HPspu{H*u*GBu_?6fdQj5~~Hda~qGp zk%E+PE$9ZFzN$`NTW4uq$ckDm+r;X_eObMSZ3^2o39SHuP;Zn`wZLta#Q2L5y3oH# zCqPzTYP=j`q_e|_gi~*JACCiXc1KhLk4cM`YSX`j7-`E9?~|*`WUZI8c7TOWhlFq~ zSxu+Asd2(CHKXw=mh_G_^9qk?Fhxlb#CRf`#Q7<`V+Y6weu2V!`G>dt4tnjb_)eVf zqXXix&hYAQKCc&p&+A3s^Lo*yQZMe)>>mc3dMTPc%`>kmc6z;CFZ)ZhaR+bwt>rMo zhKHd3fS-XM?BrM{F2e%I009HXB0JehjdExSRG-=%)aTUhpgyK{2i2?MRrm#1N~O61 z#Cu*}JO}v+eQ1;5!zDB@Kep>q{d*xgN3#pe|1L#nO;mIRFIv!-QXS0y9;Gh)j#9ti zsWW(LGV{NWO{~%>v5F@aLzHIEVt#xjNL_e@(pK}dGD?GTA5yI!HB(|ePb}xPrZN8# zEa~6CqXU$6)hP}y)cbc#UC>5F8+aakmp}o zEm%QcenJcLe?ebb0exvz^tEsXeJxxKKf_jGx7ezB3@^lPu!S2a*GJ`)>!SwxT1C*Z zRogM&0tAaKXoRrTx>ssAB8kga%TG3!4bu=PS-b0W^#GvN)H|5AmpIaXH~BsVDZ{5^ z94mb$qrv8rEy0bq9wt*PxfjZVR6bk#ks@>nl2kud!D#?Sdj%h3>LxznQArs7j}47h5jDQEntuHzDLS?5pe;?MF;X z?5u=d1{czp+c*{&$AXQs0^`WAE#PBLJ+&>vt}*JGp#j+z(!f)n3{}Tv`>2eMIlY<1 zIT_y{f)Q=07XGWDT86#=A-oVNqyKV6AJ+XE_{O(5&tyC_F>gil(_zaw*rBVZPv=pO4 z2ro#xBq2|1#vK|K4BgyLGjNad$0x6K7iWKXt-Cm@e671U zn*%X%JfqpmdlbN@|I}Ro-*yI;V83lA4VK^TLNx#<5&exh7`uvWdD?>V-p1vtW_=0K1D!In1@6_mK5q{#$BL8M$>jh-b=C8$oK5f-c zMlxIdRoUXZwX9i8BkR4GM#g*>sOH7|m#qEryw$i1(8G>F5BmjKUHmP2n?Fx$G-P=??y`fE9?mkYJxZKBO&AUip)%w5xC#JY?pL|Qnu^_qTsUR#zBt-t{ybt!>R%xggJkZc_~iEWWG(dB7I<~p`O7D)JhLODyi zq-SG#9#3CE>1AEgEto!ur+-1|v$~|)Aw6G)L>xBmbgD~w8m8w#`f5tA=$1~~5||~$ z#l11A8V(PucV#vWZI&`uXVx?KBt~QAQkT6;Ii4^&*@Bhq$XutA6H8S??{pGdC!zP{ z7FT8ib0O;y=LOCGetTgnbEAv|^b3I6Vj8*+hC`TFPK*ETUMKX+{sv$`X z^G;%P!BTZQ(WNX1XbTlWLP+1jG<>rOoycl9#syof-cM8?8_={*aCfSHZ)rFs6H6(3R_h1|O^aOo`_m1AavMr#Y zU<;7sUi4V~df+UsVN@eIh4wh|p9^5Or>MF$e+9 zT_5t4JYFV)xl4e8%VLa&2atGD3UimK3k+gGtVx>v3g({0X+~YRlADS$gtJXX@0tYt?RQv&zZIuqvUCRKDGp)Cw(>4NLi;X zv-9NbJUN4sYoU2NC9iVu4Fa8fHWjgF`BJI7_1>^CPP?`|?!camaLpGPz~$wJ(hs@!aq3G0q zup5W(Gii)J@3W4->fH$<&|9iT-0%;7q+Q=TN^lBBU9K7xE;H_4Q+$r5_+T`i63WaSW zubCO#pJMtpqa&MuTS&05k7%m)&)@?0Db7~K#6l&Ucgi@^AUm^VB=i?n(71XFa8T#J zjh1Y8Hkar88AOoMoLxWK&RxJ|*@)cv1BkF-;tacrNL?iq*@&dM?`YeqJOY5ffVhlv z?J}Ldrh_D2j5KO1&Esz$+NMlm3;E-XhV0E>1oF31;F|o+FLUAAm7kL#RxRyNN%iyv zBjT$s{1}Ox-d89-vk4YHK@0af{_TQA+_CzUfSdP7%JbmwQlG4Pl6C(#$0EMAfu;RrUu}x4_BLve)p5ys z5vEmzeQmvGCdujxDYCz{j-bjtTJ+6VExwRO~N{NHo2DeuPrIXPHk9x5~R>vpn?R$?!>h4X%T-2&vd_93yB;P@&OFscrO|#EK$AFm;cjnQ|t*~^; zTzhw<3H_ui>I{dhPD+#2`;zs4?xjA7{#)rFRZR+15uQ=!N+oaDnXM~_;$|{>o|9I* zh1+j~dQN+p7F28XEg8omp-wyZ$gZdb*pic4x;NSq5f`;|R8}tm2noE<35(&zU6q}R z`cksjA1Rq6t9cGZl^g&SWDl)3^Q1-djD$QH*e4@j=uf!9G=Ow>g%Uk>hwv=!1=33} zoi2i;Q+w%10N)WBP5$j6-_vHkYoqzD#C%DZ4?#*I@BBCv z;oj7hh%qDzOds?`u8VDBi}LA`c;5nd~>!G zK#kO3!6HZ;RWs{rum8J}B#^|}Xb?YTv*AkJ~Y7CyF;2I3pceF&Hk^zm!BJ>y@v$_38=Ont= zVQ9TsPpCbCG9v>J&0ji*Vq9VEP&txH?GG)u6*2$cbSuW20b+Wo9&F{2AH*WvAa|f_ zv?73VDIrgP%_#poWW}~`k<|wsvVUvoK>ez~=?Gp5V`CiDy*#5f-FlYF1n!}TDGv0@ zbF&lhFl_@2K^9gwlx!95G)^8+%`O+ny>!gP)&Sw9=&Sw!ea33fkl?HVWM*#F>x32_ zdywXt)rjJs3^++3a%VPArKXu!*#8+m*&waJIY?TGr#19tcHW^K0-qwO-;gtNtD?D+ zvE%x!Muo>|2ArMbVc$Z(lJ(E-+shmOg8@=paeB|dDBt4b2-$WLLGK5sLPb2iGV(e%DHP)+#u zXg}kbE5#5I{}_HOT151Jg&g-4VWc!0h2}NUq>2@W)c)XV%wL)v`ZIAqNWYGqC`v9b zy&fin&#atWv1WTB(tC-h|LvGSBz_sd9KJ^O%}%kD48dnMRi}UJoPqSO2K4LcBdG7|Ps3Ys6{fJ@XRn$K*am@gd(?Pp!{~J{{iAD+MZ5sI19!|9!3QL= z=APbWlvbc-6Hbs;NYv%CQ9MNn&cqisS1}C0?<2D*X^<7iVB6b#c!pV95QS;_0nc6& zm(K%WA^cMSrPg{*Tg52jy9@@XgtZtS}k$EWkEW0B7VURmkQ;a*=o9VdV@_r#F^YoqbM z@fbfJ3V3FXFfC>n{;Om*g6au}y1n<@!+aV4&I3ZCMCZwp$8e6+yi4@ulMhFTTsD4v z-ekFkG@pKteH5E1X>xolC3K}des+kQH~(FAfyC$p*pLn+BKC^TQ^w>s_G@GEd&-z* zW%VkUCd7(-do*V@

36rQs*#W&Y!DH(*Le%GDoZq>+Bmu=wHh=B>#p@+90Lzcvs z@+4NJ@3qrlh!sgxJH%_~`O-a7-#X28_fE`r=ED(+Tm*Au+Ve77rM7 z1EBSH;QTRv)Q?=&d~P#jjggB@a)x$Wqf>t|MyADz;&USUgVCb=K2FUFC$j%lLVOuR zF-hLe@h~TfEgVT3MP4qF88!5t<$^;Mo9L;o4cnpGV;QQkQpFoPhRD4He4*~eIZCo;4(M>Y_0?#*AL4IuY zacc~$J~?kV}v9oRSa1@Ft~#SFCJ2Qf%`(!OB0TfFfZhqA4pJ8 zRc9xML29qY^!x;r*sDd&%?r3dC3qa-WM5g9rDQivXE?YH{cl^l&<{FQ!Kn{N>Zb&3 zej2gVn8!HzTyN#mhu-4gAowgi;$QlCUG&#lEhxN(Y zlmg;6EpNN9*ZJKtm zY5*ilPgX&?xEnxbec&?Y#$rAfLp7^(!h zPiM6-NjKn}V>5KHw=aWU)M0k?i>ANRmqcg$lvI2f&W`y|YL|rX=Oi4DgkHZeV_?bf z&mb~9{Q@~~W(sFtAn{2|{E3mNx3r@7g<3+;)}#_uEzyrWd^qA_ZE+8@#Ad{v6ouY~ zDD`7`;DvKJdn4iHUEcfYGQYVHL+fR>7|G= zn!qyjMN<#cj8_l8quNSb$T&}3PO~7dE;2BxCYOF1?)9bXf~yPGO!EIHI7K(dO>15J zO-4Q0_NGg5;k{%WJ;+YT}lq!?{`)Nzi? zt!6~%L&z0xUy*&mqnb+;S`hTt+pV-1nDuqIpZ;YB>dn28+n#n|PjLrh*Kb-$ zfqWEEr1r-VuC*Y2(-C$5+EQ0I3pLqaLcUm`4~;_C^Fl5(KUL}bti%xf79EuAi%vEl zhO8#CCiifkj`yBha9pewJ)LeQGtQSVaK5wFlE-{!1<_CDK9J_m(~OLi`7zqSUv%P3 zyN-}y%+jx|H*`3krOW)CqQ9RJQ_#|)3R<`TYrWd2wd5sCgLQ$gEX6{b|1UbjclT^c znQ;*_%QFV${$dE=5`|0}bl;Ss=i6k$TfP){f5MwHTf^(S*yn(?OZtHL0a;@80+1MX zdYHuv)Pdm?4-;bYD=t5%de-y&19!3K?IbcAo2=iz4hKE6$`=g#&e+7)-ypUh*#3J| zyc6G$g)MhS_M?Uqo*JhHJ8_&J&{J>u5l0@zS$znS9)NboI>Wcc;hr+4>t}E7nlX(s zCdM=;)suo0?=1H?op^UbX8k!iaZ_T=1=kzKYNNpt?>!ed2^NOiJZzIoU0hE#iP=kW z^*rJGmIy4Syui0E_CzYI+GZg#cEi-5FL{JCC7S3}G6&-tTF=y5B0{4)tzJLDg=nRNd_p6s`9k09KZzQR}`^|H-Y z*eGgYKDCe$dM$pT*1Ga1Ch0s+YC_LxH23GC)OrFy?l})m;o)mBPxb}#lo+)9!C+Do zmg??ZcySOH&J8g&f%w{_uL7j60v9^U*#QziTT#b4)JqjDze8aYQZpdXjDa-xhZdtO zZfmJVrS=BY-+;&;S7+l}T+R6I9KM~66KLjI4}jY1*eP5X`y(a&$lN_GzeE51mnWc9 zYiUYs9*OJ0bfX7*ucCRRS%2_O&{VGNxx1xC=8rKm@ovFmUF^YK=NK5Vd&n%V&p&q* zrF5og4+H@S^U1Fup3f(GxE7|5WY?TfH zd==2&K>7Sl(Ru`a(Ln#~2ye%Fl)&(S#W}&S^u9+ce+?_rzd2%9CVh5XBCUzW zuQ@_M)<-LUf|sFhbpf`iSD)!1k>a6~?jdyn0uE}lv=YZipC*twvEs(qd3*FDIfOf1 z!}2+|o~8^5cH^8Ly-2Efc(Ie*A6Y>P0svZOlhHfHXmy({zSQON$w+7&U&?|^B`PuC z*kj=p{u2t&d?$XI^dc(D4}8}Fb2i}P*O0`ss%}T-T69egfJX+lOu5Vw>T8WN^AjBANUe+*Q%Cd`NsGeCDmqf{W$=-D%xXAV zr{`Gza4$!!$4c&jaHJs7i&2*v9@XdO!mx+}hY$E629=k=+Ua2c4Ey~IWC#tUxK`yt)V3wk1}J@YznY{ZH~xVtWXI`Zd; zfENA!104~G)!`0Gi|)b?Uj#7pl7NVfaGQV|aQ1GH^ms@8XrXi|@4tZ{{R2100k@)r zOd{7SAccbji^DfUc({SX{P{r+GvbJbKAhY|zm5@M$(>P3U9#Vx)O~!+=kD$bMY20a zMWyRQE9vcIk`u@Oqwip)D3!Rl5FiQdD~Kl>3oRPs=_s`&fD{n36>@>8R@0SCxLs3ojG$~Ccy z(=h7(IKY1vYKf5P>WuzSh>NtxerSOeK@(^JD8;)N3y^lK)C6@+fAoVW+OwyOQ%mg76pci=YSp3^^tkK84|^fBwYm;w+tPs}vt zi9MIWJn<4N`LRmDCTJHJ-EYar9!ng-84lm{2l?^k(+!+{mH^$+@_AaFR zxf3w%MvOxx>aMpiE*s-6$2h$1bJrsnH=NEBV;nAx?;3$|$ryLcdK@U}julry^yk+i z-o1?yo@MrS7_Wc7nP^4Z1yGs$%2wAUr5&!W28-zYuL^+OB*<2J&5AVACOr;WwZocV zMMjs;%&IOrbhrI;-zZB-YMfGZvx&f21_J-*(qobEO)%R#44p#;6~3>bbI7m`aS-hr zN=G)#;{sp)nD&+U_Jq^%2_5Aft ze0!q5g6J||R@5okMhgzFe@{stPaV<#G`$tWR!g)So;rbV@?(Fa@l_a4GD3Bry7VmQ zN+l0vw!$h$#@hPgwiT@3J?s*rLtC*!+0>keS^raqZXFQUp%_Y!^3p>1JA@|M1`I$9 zY3t24Ea5Ms^nr-(YjidvjtZju$F+5t)l0$sHc4FTVnBi`k^Jran0h@YN^e7*yOArl z`ArJwg53(sJkXoFFW7o`FLDw#okv>5KH4j-K@V7Lv&^>W zH_dE`EP)~W9=9YK4zw6sfMUgyR?fMT4{{GCA0BL>ojy#PY2~^TL~92PeQK)J*y%l? zzZ8udOLe%Zo+qM_xA90FBgaQ0Q+Q-ETDwvdcax*r#YqEzI2kiy{RVEg!sTf2#jeMEHwXup%j7MwEKFbmKJJi}>=^fP1e2R0wkD$2uL9i7$N)*Ost2dbueM@6b0>%Iya3pe!K<(J zmIyzwT zz_YZTiN~VYew2!xpkoIEui%yHWn1`g?1pHr^rGHWWA|wHqLCT8c@+JjuVexKpL}}1 z96W53HT&D}FIyRybUm< z^}7FeR*NFK>hBeo+lTYYZrhk>(f2lxU3H`WZ zB~;7lDAd1`P8NiE!*5UL>7dC`l>;n2+p8d*RvmHk_eH@tt4)6vlKPQ zF4jvd+wM|-;gH0QZZ^Z=QXfc^#C2|#m*{3YT(|G3sPL_ z%Sn>B+0DvQ=bb@2ROtX0J9K)7#ER40tW!F@BkWXXCX1Ue!llj}EQy=kta!L<#B{rq zS?9_;=FWr`4$NzrTlm2u7t8N(iOaVt+SRYVHNe8W78Z1|w%gRo4L=o^?{lkf{??Lc zvD`c2&3ABO5toCyvsDTn?k~+d&|#y5L9{qn-r-i?{T%bSM!jdXhdc9xD{}{Yu#@vnPSRgqE-v5ZVhy+b>-oPb;_?W9 z@HrNA$3SRfyW^^jw!d9c-=z%Fh@{VhVQl}mtS)%G|GXbCW6p?ohZyZkM*A+_K1a-U z<~=24ZgyvGmNIv`*wbx*D8kY$cO0)3m$w5_;_v~$P+xER^40MnglJnZ+<)Fd1EQ-q zM0?%pC%@$w8TtA77y(FfM|?7fSNDm5kxd+;{0_VTmD%dfY+)_)S{6STnLsc!+&1{x zZ6|sF|;ZByj&C4(nW}bj7;d(p` zjHz43QEE0MY{ArKOby1$Mxd2Bc?I}4`-v_!1hHIpF&_WLhMTQe!!^;Wsm*eJpm^p9 zEYuLKxQeIoE>%>%GeuK|_})~W*BkUKYFUYwe?D75rV^ZrrO(hV9{K>? zRf5*<%G}S^&1-4D;d>{r|2lDbt)y1?kQBy@s8ETG*cS4{IB!1^3dCMX)S=3$$gm(N zTx|WklULs~V;?c;7et0o*ZO-$j8=itq!IRax-jY&oYIgpzxXZI1=1*3?~q1h4|l6G z(xl8E-I?dynLANPvBUFPssj_3#=(VPUK}x!|FHN2Lbw#aSTv&wGOBO%t9s z4S0e8&j>dNhP4nzCyCi95|hzk)mk@`lR#1f)t3!M8vhpmY{5U@yV!o0_~8jr5wS=ym$){MP8l}N2y^XueFp=X%OnxemK6D z8HLsoi3Kcl<{Svb;11%GaD9~gfWHhXo4FMewnX{KAYFu`0pX~QBcf+^VSf%mmotFL zM*@>)0h5o$eqDq8x&}h)u7RWyNGgM*SqMQERCV$ieqMfN3)K1S;gg~>Y%t!;?N<2O zAWqy^D9)*eTAByA*-~ONXltLumagV)A9AzGdL#NU;H(k;9T984xfZJ*0Cns}c9)AK zaX?@L3Z&ZLbz)k*Si5n!Si80?$~q0#K-PM3;(E-tmvqkZBL-6=8++TLOpPp_Z$FQz z5!nrw^&qMW&g0z%Obya_lp8EcFtiLX#<7~lv3#j9j@K9xDO^p?!&Y`6i?$Jqo+1`) z<~JAW^9#p_a}u2xJVrqW21)8cEc~@QKnG3k>6XBG`Um?yxZf^M3wpJYhu z)rS#TlDOVIViIT}4>(Zu7?I~tA4wF~OCu&FdVE!iqTN*d`T!6X*{fZdF!wcs*r<19 z?t+pJ-SpvopBaffr3%GCQH|4X(@vnA@Q3hD@0E_Dbse3whJ;uZlGtKg+*= z3vc=y0ZC2IGMb*;wdpU+roZ4#e;ZuyaAoen3zpwP+uNbvF4TBbxiRxhT;pR#z^~D` z#A+m%cO^dYLdr1S{?~5x{RNom-Vu{~YCm_x`_cB@Bi`4z{MiElWS(?q?uH-$u$MaD z0PQys;!gnp%Z%PH;L>eN7rejU9q-bJk_A0>{(QXe!?w>#nWr=NLDS#Sm}ApA;vI(k z{Z-vtz9`yZq!;{e(cVsIKN9P8Ghy9rVBHC!YbnPVVb zGBA#1RXQd@zN{>9m7=|@b8bAo!EAUD^mvs z#_acU;q5IM~4WJ{lfsdhi>>!0}B(lQ{;`B?IH#`4?{r+;OiuIl~cSUIYkV9M4>X zp+wHVW7NSJuAyPhzqM5c|E2-|+JS!^I0e$eJpDg2a5sB3KEUE%E52LhHTJ<*;NC~+ zt@GMxAwQ7&{w(RYq7$O$wbS~2AigcTPGPnBSH~j}_8Q(Yj@@aC+86NUDz;8i1DHA` zG_cJuV_YD8@!2lv(XALfUErIYWhog9qT=^tESiv-Mg}SUQg$xFw{jqDao4ovZ$#6g z^<`sy**r*~iZzt1nGHqjpAyRH5G?WETdmf( zZ`H~qr$nGCrCrmFZeq0LfzfzjF_L(PAGF{AL*X;gVZ~ECwOmfsoi6zrho~)fm zerdb-y8(D`Cn6DMIwobnJZBFl)JYk%*HOi!kqB%S0Xw=|@$Toj%rlXj_#5bWl1p6v z%W}SCzI=?~XgXBoH>((K1q|Oz%N{-Y>k#+7-TS~uovl@5$HYvSc^0jq{ zuf2)eaejDI#|<{v!5Zf|;v$5&nM@wKPSeA^QV;L zhZ;m@j#GRnC=R$x95BY|@wKIh6<6aBIqyw@Tp6PCffSxCgR(uC0{Jo^U$$8BqlNNi zL%ux7m(BC#@qF2kFAwq+h!q=oz5>Ws4EYLpzG9xQ0P+=k=CzS2rs5Bj^>zAizEw#- zZ_^i+d6got*gF(Az*k9*eA{q6SyBWA7x98idBH`of=gos7x98ic|jCYCD6&&t9Zc% zUa%@wupw5kiWj7p=7kzXsPm2rmb{<{)u9n+frYu2kH?EYqk)C7tm<;!AXi+TWX-)b zsZVYo$p#-2tU~Us6Z#0bfeAK&zODFe#cwNp+wj|l-!@Rj?Cw#)($9F)KpRdeZJjIN zl+!oi1-PF|U!XXSZ%-L@NcsvR6)~riu7INREH|DvvhcUUgtJO|XX(xhoQLgpcZ$4A z7^kA#c+>9H1iW)GK$YywZBZo$bK6xZk+~hJ@OBpWp@sX;O#oWVX=G9ecG;?Rr#?_Q&xy~&U zXR!Q{K;-u*th65Dn_e7={t_X^G4oDY^Ono$TUOA;df47n+N`ivIe4hIJgl@C-yHRIcD$I?)&ID? zZ@|^BTwLzzD?nf#2CNWx6$3U1_@HIGXVm)A?TR+LTw$}b;UD5a{`?5g381wA{rLb? zK&!vFOH{WVUAef?*Nf^+L?=h?$*Mbv(S|i%|8%MOgVFVknxD$@pKz&DGF*(@6S&l; zhr8JHNo@86)~V*FvHW7gUpSjGOPyUHfZlNuy)Ff7oNl(mE$nk;o(KjLA)X=~(U?BW zTc!di-pN9}n;pPaO0e4L7Ph!D*JA#99^=3m=FOwnJ}!0kQ|iJB@(%Q^n}yt&XQW`z zsg^$B5;kR?4AvxKJViQ;m_BO$43|*tQpvZnl=-z3T;p`9(~I505qD;j6s$^wWFGH` z#q~jW&rw$4n9%_?yMV{R+(nf^5-WYe=*(o*TPA>tRzp1(URX?ZbFB zy_nMaFzSdpWtLm0b7!{m?(cACHX}?B=VG&;;_(hQ+m1=Bg{Srr)=8OLsORoHmr$P> zL;%;Z{24qN@^6G_i3KsGkFUlm`lo;pQ{5v4H_$+djgvwCQ?`6N%YO<`WXpFzaT^fB zl*zU!fFJ_SWt)=ZvH>|TcZbV{p1SheTsHKG= zf_|2{Y)C9m&r->SkIkLIeffYc*ChM&Y?-+mMBj0`l~Ss!?t(yWcA!v_*lHMjf9mIMk*&Eyx%m2b&5}PvF#rBMN1f;^j0DNyV-a zzZk9(?Twh3!HG~UEgLa&Br7dbOJ|LknZ-(HspRl+#LUr*0zUTy!IwV?i7z|QJ5VT? zz*=Dq7s$1_SXCg`9w_YPj-~Xbls+z2AINnC3KQHhn(0d^m$+C%AU82k*v}msmj09? z2F5u9&kQh$?9yN;IWX=r)jc_on-nM<$b!L;GcfLQ%6&y(YI0!Cm24Nq4GM;n15>Yp zDJw8;aNwD%>G>;XAom)oVhB4E7?%=wW+*`z?mL||NM;F;^_xhsgjp5kwC zVfM7ZGwCiP|BVzs%*8^1al-@8+(fT=LHx}We+zdG7#NokcqS8#Qjl^hrHlZP7Z^7( z@XT#S^z9UVhw7ab7?%}zW|R?qCq@61J0T2=8y$G&E+ge`O1Vc-y-gn9nd}#`V8+ds zebw2DT3U~usMRSA9@Y$GF;bm90i^b%c)dV;JsB30p@XL*5lNFGzP7t%b&3p`A?K7y z;_H7QS(D!^YdNsWX{y4vb$#suz5wdmLJQS)$ILPhuBUd(=`Awq(M6~tKW_(RVWf;_ z%A1-Ps#+(#7S8y#t9hIZ~yJs-JlRueiaQ2auS8gJ26e}Ek%$PZJ}3Gr9UvvuNvU*1F2~8F zG&LuQNyF8gWLOodIfG#(DA!4J@uODCv&7jiCw5)?;T0Z!B`k~FP2lbZorb}uGeVBQ)seZ?7+=ug6E9QLhq63Edu~9vG#et6%Y?WX ziDImAF*y`ti;EcpL2X?02H!Ru*=yN&Q`dF4%sJSHP(ksL#eTPI^_%22)H2azW3!R9Cwc$rti|;^U=33B)p)2-F6lmNdoXHKi z60rZSON6)>iDImAF*y`ti;Ee9I;}iv9rhnRPvBdgARlC5J@0;;K5w?SB{yJCK)rfY zJ@j9AF)QxM%f-$IMm;;_(?j2Q1rFNGmbIzbwXWXTf~?5`piq1-8m6nsN6Vna8i zL46QDz8JB&Y`Lj!STR5bn1Alol9OqiQaO2IHhu7}AI z0>U<~pbV0P4Q}?m6g)a8M;o1nuY_7UBw-B*{o_L-pr%LYeM+cgXs3JVS=Z3B?x8=p zh8_>L4UvXcyAxWZp+R@TuA$WlyN3o{31?hGs}kB=Y<=+HAXmaRfTOp>8l+%Tk~^V3 zcsLQ=u?F||mlC$96Nd*wmj;_03H7$AY03c5y>m0XLcKa}q^!=i1cn6W!c@BpYJgdA zycMUm$85-V!Eg#Je*+KM126WXx^>8KZ*Np;9_kZ#%n_KIfM|3E9)g9|ZYp;PQg-lg ziY%-PJd_xCu^(Dpoq>D%Qz4N=Lv9NE1F79xuFK8f#7#FOy9v~8w7_p5)4#G%-uA<)WR9OBJ7`(UPSBLLJ z_+4szuYhj{{8ky?^{~u_p9a-q$MdaPA|nCJ^528CTO}yd9qOQ!I8sB`3nyLbBQ|wr zZy0i`K~9oT6Fg?e$47y9gkvuCcA0|mv8z0LG`dlQuC zfIJ>{0&4>C;AI^UI^Y#Hc!UlQ+XQ)Ayuu+Fa;x4d$bQDl_Tq#L2?rpH%uYk?ZC-W` zis>HVoLBhX!#40bj!-f8QV-?$1|ma{gBNM{vUaGW0c50CIE?aI{CKvm2s`0-$`Z)h z=n?in!4r_F-6Nd#3g1FXy&{}}r3dt)+5^mJaMU)ha1s#W0lqTu35zFsYc_;&ZnoBg z#q!_t;(M@%A!55n*g#JLhX!dQnE*2 z%ys|;w$TZ6g;ixn!dKwk!vkL)<=$uAZTzl#$v8!QuE67)vM!u<*>;WNeJ z)m}(087Zlk<5|^TO#Km$z8>PY4$;@`lBsyVsC2um4eVEd-nq``x2--J0qx5UBh}V} zzl1J4nnh50$dzhMVy5f;_xqaBe_DxUFZLqEcwb~X{~VyGp#0S&Llvc8ho6M` zPkpdSQKzF*FMjb$e{%AVbY%4RB!XViEhR1~QtJVV2HbpEb2K820`=pp_~ygpL$1^k zE{r?3f9?5afnVN#G!o8Un<|~te#zP^w6#qYK3lvt1d)eYhSr2{q=i%7W#ku{F_se9@7U(l>X#_^V2Wl zACYJ^+o07Npw(o3)E7voH9)A@hEs-$Um5ps##M952#_}&RBRP(cC(^Q&o=Fc=$|1M z@*#yk;9+YNl`f#=;b8Xv7*F$-{1mU;0X^}^GykB->!XiXHR*Mal0%0i?$BXZknZ3v zhGj~2cmQ-Xc?u``Y)Hu5gHpN&|6mu^S7P+9kN^BAC;ruz*x~*sgS?AB7x)FzQcD+o z39&L|Nvv@cV_JG&)EDejo9(RiCRFZYst*;p;j2TJ4R#rsws4XWT#6 z`uSfTV9}fQoQixd8QxZABI;O%!U`NP?N|(Ng&V)5bMTKu2-dHv05i4Xn?J{!kjuLr zX77On=k7Zi3E_?P?B#+x^QapSoPHM`$iKq<44;Y^3FNH}TtrvjfZ%t2bu`igX>&g* zH$tV^6|E&#$m$geu#Cc4My>~zx#nA>`4jq~KXGSk`~E~%0e%gV6g?1q_3fz$377LZ zsR#bJ^5u)m=g0p;`d|J-`icLLKI-E9*=ybf)4Tf5SZ^#deRo<)?gwoA^A)@a(riU-08#r7@4_@>|+RQE+gl{e3A=!rt^AFKO3v} zEvk3UY*~HCft4N~hq86f(~#NIrNZSkbWeVQOkT7mL3%2$?5}2JIlQtAsLY9#<({}Rq0ah2KaQtTJj5s#jF0FX|=Loll_sB zpUUix@a=fDDpJx*9(6|v4ebQT7dH>yaK12@x%;T$JRu`)k=GqRs(|;{hN8nF)r$TF zaE-@6{oRQVp}*F)Cn8VlEen03n79~z%R+?T!lz^S?fii7JDB5_zp<*1s=5f4FS!16 zMR%Z~p^7ph)^kr84K?cvKHwbn8FAEQcoU7Cp)1`(Y_D4MiSv2#2V7%u=+j|lkfJxu z=acvGRz3`7w}egsgqCd z?JH?|-vLuQe9bxvRn_(3WGlz{<>~Q0GI=lAVmidt`ptXN8ue1LrA3JOzsTr*{sCsF zUk^zDed%wldwSBRri85bw?;0|-y6bR`+LXAZvD+&$@@#bXdgb-rN4c<^!Lpp|4o1S z`s9WGus-<@(bHQ}vSB}Fn!($t2ot8MQGfA)cXH@I7 z7|Wwq$p6=;gxcpw+g$2l$GiC};P~G0Dc3hgMKw*lW%&CKX+pXVT|?7F{o?!M)yh{t zrE&NY)JhAfmB9zNS{Yg%RV#g~%Sbf#q)*1v1YU2q{nOATYxzP7YZ~$?pO?QTb=mM= zhW=)*|J3j|!@Vxq`Pxn&@8j-ruOmr93g6yONa35p-O+4XPB4EK@^Lj_{zAk5>+++K zo>x6lFIN@YaZPi%SIvbr%{Wxh{`@5&6sJ}7JczDj`@w`a?{=B z(#ov9Dmy;#1cY?c!9r9}N}FA5wk3Rh*Y)ZY9dNCdHX|0ME<=2a+G|$BHaSIy(VMZ1 zyE-Nr{x_U!pan1Jv$wp5&Wli6&|QB#7U3C=LtFY{TvMqpIB;9weXQ9|0M4mI1$=xL zdd4#Ipi-CWwqvEce|-!`4l6zWhiIk$gO%n%rBa0MOfUQ7DECiFp47R2(%>gCr$(30 zITpDK?an2)+=Xu_mA>ZzLQv@%Iv#9GV+u+(toaAPx|_9yUK8m22ajyxkqFLx1Wqm# zO(vh5HwpY2wXE8DtZ(Cs*p*T{C@+e3*Dt19EnetJuU{jkV0P>H_tA*2&8o0AAj#G* z`dDPq8>B;sy!c{jxf#oB`IS+o{@;i@7{+tVVG-xQYfQtyK${>Xb1m}CcX_9&^Qc%< z>(_tI*CCz9_wXwGyxCcg@=3n?eBPp0{5v|Iqc@d9pJBcDG~Sz3Z=F%^rq7Pj{o6l5 zy;7u>s=o2xWRsY+jCY{<2^gtAK|Yr{oA2QxjtKlIkR(>ziAM~2!rY1%Od|Mt!Ldll z*=amWf8K@Ui}DATxqO#KpZs?&Dep8c+kf%k>6qvGk-fMx+!_Dk%;Ujt?JgPMsB?eE z*Of=Za=fFb9^}HH23TbNfbU|Xyn}+|zbCQ=YwrIq(q%;LnB8#Ob66krFV0Q0jP{4f zanc;XP(-XC=gT+(?fS@Ldr%H8Ex#vQ^xuH-kve=;5R!iLK_{2Iv(Z&Fj18!m&x2z1 z%MGVu?g;Ltq$%~tMeLuvduwcX+|f7tJB#>km1g%}j{7q1?c}I_c9p`W>#+K7Lj#zM zrmuFr*qEZ!Vh25XGVr!iXy$*8?xB_0QbR^)18>3T2Os86fDF&a4v4=Bi*oXwPT2(<&n=+zOK9IL;+lw$zjbjn1=fX=COZ*y?YG6ywcNEv*ZxWaSGN);5xt-k zr=vc4RxV=cUPs)}0?Hnx?hZa2-`)BD;N6{WGuq*>1I(-c90&7Q8;2Rla_`^x(A|L- zS?-8pH6I=2FDN|T0ci5w4Y&wUom1*TV*Tp50haJhQGE+K*!q&u!MlX0h#2!M z^y`^=E+SYKQA&&cG;hwYoFz8{*E~Cb?4FlzJQcZ+Z8x0UQ_8i5G)!C%(r^X6C_1n} zK25Vw0EQv7#%h}D;tRfJ6x_BBN&0dHFr;vWt@RU7*fwB&GtjZwiZ>0%(UPU7ny`+y zunujY|7SVK>qK*MH-G^w}{BJdQSVMl^{TE^(7Zv=K?B3F0V_4YnU;6~CXS~E zpx|iK{{*5W-miF1HUF!=hnlzk3u;~hZH6ub`H@LDxY+PMT~8#j{3-4Up@aJF?@6;5sSAyUklSml;I#ZI z6k$cp#<_d!Z8g)isIjHsiV zUsF2#Z+944q46}8TIP_aCF>F4aD?l^_+$^aaJWHp^xBPQEa!BD5cZj~dB<5X-PtjsW4#P4T4eQ|rifM+hA{_uZD z|NVbR5B-Pq%x5p2{?fDmmHo@Vwd4_b+O4>Q7wYKAZ*{yq>zV(~{<$-1%d%&-h6n2H9~jmFH)nG0+rJNv%5CTl zPIc-(cnlp?vv56F>-XZ~exU5@sI9KOo6J-%pzQJP-@`!$Dg#}>ZOPmNBl7w?rz1xF zCF4<~U?9_|{0&}t$w*%DRey?AT+A!J8Y@24w1@BQz49Tc)4l&6_Pzx^it1{7H(AIA z1CwBos32(@BoWlCiJEAtnJ^P(?MCq{SZYQ23R-;BqV5VRkA&UTT!&SvVDW+a)kl4` zT7?KGm`xxLKnU+g6v9KCWetQ^vINNf&pCHycN2o5AK%yh{=cukN@nlO+eH*!Z|>l>%@;p!h+U!`2kXwtB0Z}M z>f^Ot@_D{~{yK=5B>=%4GV|I_V(DfxB|464tKXnR$FxT&Cfluj^+q#4OpJ#upc8vF zkv_kayY}wpUM8(=Cyz_shNhWQ9znME|?mV-rU)SZ-z@~LE z%R!wwd`$0fJaia%m=?Ve5Z5m-*tw+pcb-74u@VsCX%*(`2R4YM9dXVZ((7E;X%p9> zS6yuj>qz7@{G8OB$*_G}X)*l?pxP4Yx@&9L|j`z1BMbc0z9)FET z7)TAV){=p1P$kTnVGWF>(=zyJROsp08oPJ1GrvHI-xjp$kJW2W0yyX*-Py>`{d@Z* zo`1Te;3%b-_hlX<$@<6Iqmfi|=k;$CjX%Rbx{7|X8-44)@B8zs_uh~B)8AE|oJwbY=u~F_kCCZAvS-C>AMxL zky^l0Gl346KswS$YT-%@^nCrQ?xXz{TrIr7&xJ(gF}9GlRt*R&q0iq6dHZ2aF67yq zHz=1y5EZ?~^L#!9cW?>b7s;4FBUx#|9?&z zfXY{wpceD>-Uzy0dv7Uu>G$8uefZxki#loDEE`7sXERoJ{hsq1y6AVkTw}f9c?oxN zvK912z$!FU7lJTA&}}QDRWetG*t#NJ@QkN(F?)<9xbS`ozt1aTQ!cMcn^vl~74UMK zDE8atbJAZ$kBtrC5i2qKaSmZ>Zqs}W9L8Ds;b}4*3W+sawPD-28#V;@wq@;8)ZQ0W zoNv;+)aQ(0!3kZ~lTd0WZfoROpWX)+!n41nXQyAMjNgF*+{i=@8ZV5@iPNslhC!6eiHBE{R@pRs;XIP!7 zh;}@fh=s!aj+?N)`1ET4`ko)2Pv^s=YQtWjl}v^8IQ)B&rIgwwYWvL$F;-G0w*?8&ILvyBQ{ zOa9ikQ}GPU8g9sT85moNc!>;qRr#@|t z)JqM!=t$9wE#&BH9{{K^C8+N>^ZG!i@Att7p(sZ`g0ZvJ4)vD@K0Y7I-~%6I%+c3F zdTjrg^TBU8(;+Rj;w@athSMgxUD|E%+s=C0>alT5KsS)NXH?c;d3^-`u9Zu~t!g;R0FX1`Ld@ zRd}g!jOu@legFsv*mm5BCGDUi=02h4@Q1tFtnfnP%Jr8#yhBm%qzLmle8Ai2?5(gJ z!ODn#!uNX6;CJ3tJ=+*xy@)nNfLg0m@>jWrDCWi`SQJFb-=GLZ+tEME!1Eo^9&Y55 z7_6{MjDGHk`aj#W(0Y2nwbND^+<~r20)PV7>xDrkanxviNZiM@2}UeotKG-L&N~qV z0Jpz!&Keko-&wWQ)K{bHAZR&001#VHR6+X~@9^2!)uasVukf3-*ujI2nc!IQj%w=9 z!B#3Pp!qs5WMg6pvCBrSV%K@})bzAY; zd9hFdkNB~|{uT5%JI{CnIvtgfr}f!@K^*}OKciiis?-}rYQYz2Jqi3#(Y?#;>H|o@ zLrIrsR%3hXOg`2SyF1hD7(WvM1X>j_$4slc(#)uVp4RcF_H{5Rqfonet=Z&I;R;{m z4@9Nsp4o;fBC6>1B;5HXItOpPoqegWIT>ScDSl3sgLyK>(TUogj5-tlpS1yhHR!+a zdTY#elYT9DAGwIPwCF9`>X*%wdIT6Jf*r*l3hrHYCfX`X^G%8%)hVin4_#sMfErw% zhO_#dK%j%yTR}vzf;Kueh2%TI-7&PlGBra{e4i6sn7SNk(l0WNi*d%q7|yg)fhx?A zkqrZto8w5WCD=i=6bu$T_r_5nVqomos;IWOmtsYvByJ*Jatdwbaysy%s6UqBXmtu8 zCJ*Zmuk2wmN%?yOPYNw=acn8RG2o7PiKd|T&jTJFKbJG%EBpc0AhQW`k+vf9;vM(Y zj6xWqn$9DBg(%RCyu7m3kQaD9vlFer+ftzoW#`eg5!q4HSwtu8_t1uXVtl(w^1;j~=mi^j%a3q)?V&VyY#D+_ApTHfX5iCrK z!NRVr7%VI>upqKKy1~LyOAHp&1vCT1Mv8%lIcp3&(41q?5K$lxt%)K5^yTm2XW#_P zMu-2n*7PO#1wPKSda%A}m6>*Aeg#AaMWOgOoOa(G2_W`|kssbW5#@&`&evJVU2Dee zG2Z*m$2vqiT^j@Ig(ur_n?PeQo#VA&h-(KaG7g2wXZ4-9*pSY0=w&H*jjK6_pS>2Z`9vS^whFS->{KF#RUdzkM8z1JMTo8^TSfzhI=mZJ^~~>|9qlKorl%jtdlGg`AjrDR{?1cP@oHOG!1p z9AjUc8B>Ic8;swDnD%n~47otcnBwqFF#|KY&hw2}S};_2a!ou|jCqAVHPQaO8W=oV zdm8?T?vr6jBH#&LKYm0xo& zBL?3ovppjFO7B}@cVtY`(qKeMg)0n&_%H_7qXY<^8`8Vu{4VleSQ;KLc%*o`dPMN9 z0M2c#hPck$8^49vA(rjqg|qQ1=hoVuf=9aqwNazs{dp$GkD{n~^kF;0YlebBT0-#r z>@o<5CLorsUxj|fR9=Z~oWc_L)|~!a&gyiZB$>9EwJ5%ufC<|NJvv}9)-}^QRyKyo zEw`;VToT;2z`KKCxfH_44auZ@C&XZ$G)5KSU%Mw1m7$(P0lz!2k8uulLdFbTdjGpm|E*3*5XA zwIzb5_P8;wp+_C{x*iR@e>}DaEAL_2NnLO03?IBu_v?As{NQICHNOWav=r#doo8|F zjlsy1M?1QJARQ;Y81et=jPZveY_pXm@Ipri;8zjes1jyg0sx?7IInVUT=^ufu=@36d5OA}K)^qR9hwA-d=Xh3KnGO{PUy zPcnanaPtaf9_1~7%e8N78|i#ucpKy(k8<|SSDckZeNfxIL^-=iloKSX8$lX)EGkG7 zK#+VcWKoGVNvKB+F+#b@6j_@xz8U#@40b=MY!8Z6Fqh-2JkH^J*o?=kJ>$6$2Sha} zx(@=d&1S9QXqcaPHt|AIkzk3}pi}PfCFMKvSGxR4{=t&*ZK%A*upJJ;(Z;In<_?U; z)jEpFNXt}Sjt)j@287_|c08`V4Ivp5oOuQ!eQantJn4>z)c@iiBGR>kyAa8jWa3m3 zYhpCtNJH~o*Y~XGWT`oO&DRZ`Tt}jGYJvd9H!ZB2AACAw(p4QyWQsEWl&u*Znvmhp z02RyW$-W5EJh6&1Vq8D9XR*xM0ACn0BWKs z9f`Zr%ngKNs=o$J0GJ}k$L#Dl|6~jJ0zI;io`tZ$9qJIg-y}uU_OA{bm~tkTduU$4 z8g1cn&@Jd1)|xJ(l7+9dchM`~9qpu7oXZWpvf*f~|A858iS5$%`ppqvJWzHNeOzF# z-f3rGuaU@JBY`CcfqDw|{CaCJ?(3}>c4Yz<3Q^hf!-aKUyR`+}2hf56^(d(?P+ZUV zBEy~`Jo`&f)w-Lz`FNLETzXX3x5hj^s5a(t9^L}o44q6AJbQa1LllFij^mnoLu=&r z1A=F}e!Fz7h2LJF-)13qQ(M8WoxQk|;cMkezjUqM&D>7iydN1w@8*wi+g9mq21=pt zGevlbMJSX$8}SbKHtCZGfpK4a zYl=w*>wc4A-7zQ7iz1s?JxkmW8Q*#!%6`zX;CTbj@-5tC3*)pr>p0iVtt7ti4hNE8 zjB~xf{rM>dViezGGty{kf0S&_FMtk!8132{-$i-0#*&w9U`2ZxP^B{~4(@#jUI&Ux zbS~8p?4nI^hs~~wl?VY)Al?DUk}fcrz92gY@ynUQ=&hHWMKEE^!GN1I?r{oNz{YC( zf*eDW45$@W1Cuae)y!nkz0WFmf+_smwd>QcRt~_AN>0;b=>s1g4lCC$px=>x<`HXs z+fD~#mF?jseBnV|wJslsynu-tH37KD%9A+i=kyvlO>R(^X5<0)L2{HOTx|-ZMdIe} z0-%H*x?Av6-yd=d(qZ_;V?6=G*vC2o zhTgH`VP3nmLm%>B=GZ`7CfNRrgd0itC6H=n`q*rI**8T!K!sZ)H@@c~<! z*!OKM%D%-HqtzV@nu1)i2SCFt=1$&z+?A+li2;as8(O(ko4D={+}O^4qb?6z1wY(- z4jEGKUNtN*NWYH<<_7w`O#>S{4Te>j$>-!_)8GN3x z#Nc!H{)qe5zw3*C*xxn2{%*1H-mlY_q@Gcd{8Cln6r&W1TKD12A;6q3xhzg7bD~J=%Up%qzy!s;+=s! zrlH^jgB_Kkk^CCLvxnTL={>-JJNxU}@9S?OjO=}<9i1XQwgS(~dmm;YRMa)Rw=r?| z)aq(s48HHPn6&TqpmR#bO93T5lD@GEe4!b9V60t$VVfM8fE^$K$fxj0cw46r;o!Ir zn6+O4M2zlz!1=)d?}Ed~2_2mvtZU^EjzLd^gGo@`22gRBj75>aFcR5=LPZ0*mJ_A? z-GX3w=~b>EL5^Wh5*}H4Ywocm}sN-;4ul6QNhoC$i5g;0d=@7dm@EybvdNd~?jfVh zKp*S+59k@e6UNx>a|+}y{~E@iQ0K6a432@zdXMm%9_3OB$MLMF6-YQN;NjpSIG%~c zBXJgfjXZ~@rIqYN+vmubqQ~TsV6!}lV$X8uRGMvY7QAm=`j< zXDCcw+rKj^iBI>9Cg5zCk$Y2*naK6l!+y3^Pks+Z0~5`@eG9r^0*n~rq3g+x;N_9^ z1B!2jXI|{hwF*Xy+QgmFm5I{c=&aOAc^SZ*mh%DMjjmM=bry|`Drh8<82Os4vsBK* z0?j#<`|{3rRZa@SAc7r0-g&SGXYWkhQpj_EXc=zuS}&jR z$(MSgw*6y0$@hGJJ;`TBtvWShjKqSra0xqRr1>1?N^->mxPJ%Qq$RyL!^oT2s0;~% zSm4?;9$tIX^z=))5#mtp1#>F1qwxX~W2;WKNcuYX$C&*{Mn>bQUS=|)61J?%Z<+Bs z+>Hc?im(-+VhZ}+$G^&yAC1(||3AAggrN6+{RD(L3BI^o6?Q*azml5op0(2)IE133VpUI=Yd@Tv&E;!=OHZnG-C((^cBZt(>X z9F+Vz!8?Suv2~ETExpm?S_u$(n-$;Wuq51kOk&3Zlkuo;*3kuT@R)%*M?P3x!Hugu zm`0r>WBG&qMqPT+>D6@e%@)l z8{T7e!8%-ynPhM#Of{O8p?r@vdb^&GsWD}P9~5w)TTFHcg>;;V#S~Bik&}#(1kZ)! z{^?7ixWCZa%9B##467}8j)Bjv_54tm>2HsrEF=VW9^(cQHAmp@`#A?s>YC@F(u|-; zw9Q`}(xZ(kg${W^o2UGO=X{jJ1|t^~O#?M)XoN}y?}D%K!U85Z5rc#{@P1PuaNPre zn&$!|TDYK_XrVkVpf$(%Q}CRScm|t24skUOx5n=RshFTe{ij=emJGf?v4g(M+^)6% zoiEnmHxj;%+0`ZXdZ!V& zgL`Q??;C;FbB$3`Yxt4esWjAJr|^4y(piMxfhUgXG3)0E-O&^kYZAE3fqDCQzKO56 zM4S-s8cZrYvG26JfFW77dY;QQ1nlVMm?eht^wX`thAn#17-TK*HHK=PVwk|PBd0aJ zaU?<*ZO-3f){|bNeEbPVR*Qp$qgZ+%(+n=d-Q2mW$NYsm4AEe}{T#oYa>3qkK+mQG zdLUOtgwoG>;3$lTuGxNEI*GVu_k9y}&4@Ex3E+=euQ&X$-cf(-NGE@6I>KiF2 zb|**h@tD!5f6y;`qeHslwl&c}f9@3>s4*`(O#l5nfk0WozZluu>ZESOpT%J^_|a`q zpI71AyD!^xhQxcy<|qXtD@1AOkrkpTg6BW2MlRlEHL^>%mNF58V{%vSq=>04a4R_X z+83LmuHs$rEZeDjE4t?g{f?uB_OfqdT|@MbKvnbAmf*GeLg@xYO}yD>u{pr~@_c6@ z*HG~6jf-&%Z`q_9+%?!bz5%?#3k1&`D}|G;wdL`O@7HFy`aAR%tkfK1I>KjC$hsm{ z@)zi=amyZ3$ee24XZPt^`Q> zp2}D?^K0Orq%De?0(v`Ji^yeHlft=o^IIS--LD_~ZFe|qEFJ`aode52x1J$N;v{Q0 z9GeM@T`IY<*I6u;1ZKngy1Jm9k67XSwAB;sll8a)mM*Cic#whjgOehpo3laRFyBprhE_}O7nu0!t>6ED$v`P1i14COet9G)JNB>?=?jm-Es!tQD7Y-JF ztc##+*%-+X0%&;lhs3OyC`9mdugsZlBn%No2$}L507&Os-2*u?3gqJ(b;=bcbgLf& z^?T3K>W>S2)q2(rLj4w04RQQ*Od8+WoqoOt0NA?WhkMNnTp0?7f8|TP#=$&4=&I$v+Qr?CtN~rRt2;I@HUuLloLU{@ zESR$CV_)4}*!?A6r{@o2eD};v;E}L{?t|cz)xf2#nS94U&DUowJnMkgZD8@h0R%2JK}LZ+QyMady2Xe!CNT_aud3l^H=MnxT+z>Deu+~|9!&Q z_~GY&+nHF>rY^)9cPdJ(L9ZFax`}@j5iz@b)21p9KlQQ;ozIe}srCaPjttA7l9WAG{pn=T~TFt$^o+&YFkf z&OYvRL9g12^BeW``oMkLc)ouml_}jxPABnG>NWUHS@=~w4KS?7>HGIkF~n}(3pDK2 z?a%Kl-P@mSU!L`x-qFy^;?8-bM=ko?`GGE*z8rcEP*YZR*}u~#fM1ztj#S;3cjzfD z+U)f_)$Thjg`_=a^b%OBorT7P`8@V@mq7cA7rO@9m|8%!4jj_4C1yi6*YQ83lru44 zbk~}N3V+~FO+So0-D_4&6s+ZM61!m;Up+NQY@OCotE;EyS0Tj=P0T}ZU*AKKk1{YC^FFv07fv8XK1>@1 zO26&UN@}A_;a*iJm5(!j5vM1XNNW$P3x{!Q-=rAD9T*-^_fD&QK-UN6 zx5a{?o!1!xaMe$74ZoLye;(Vp>%;m|j*Hfk!L6%A%ZQ)bLBA%q-&|B9Wrt1O;zB!7 zqoZK<%C56B;DCv_o8xF++8s5qd5Lim$3h!k+s#A^wixTZpyrhP&?DExd=U}&<=OCg zVDBkD*Ec)ORq$RO=6%zSR@v6*01?pVdrz&D)&XehMH~J`m>u~og8QPiC@o1DcEI!b z>!V9yozN1yC>FCAwt0n)r2Fg7PBb5^M+!?BFzKy=+o$t;Ce`>90)xMcCSuNeAx1&J zek8h!1fzO4FbZW~euZ(%6I;&)UthI$!a2-*Ki|3&c)dL)|1&pc*kwD>wU{0c5k5~^ z7?j7)p0sx7521J#&xf=A7Ee{f_t zO63tYj^R2Yrr=bURzQ zIG)POu05i>?_glpMrEXH*}ynT*>Zg0u4>&c(ck}O#Sgz<C2DyUIc(l(nrzW8rd9)!JpSRF5XY*KdiktTrU{?INy7UHFMs&jcV2?RAbG- zOQrquHY|UqBqKhLVWJq{QOuFrI}eTGg|MzhAr51CEbY$QsM^}prHXIvB>tp3oC47o z!el;pEFADtd^2s4q`DSp2fu73Dn1T;RN@6KFz|73ee8m~Q(S~cZ23ln-JyZPQ?JKU zX<;c7bm@3YnPRTHA>1UoJM@y7a1|$bFE&%@Fbovdcdky@J6a9^TR^10qEash@zx{F z;lK+W;c)kl8C8|0KZ4cITLtf8fFLjdp4Toua4bwkC#Kw>U8%#L3-H72CyhE_6#jJn zg598~K8^#$igk-6mK{T(U>s1HKcLO~GnLOXV{dGm_TnggQ2cf@aPSn>(nzLHxxv}A z!ayTdw}y#_sH!I~94BM_)nuwV^~`<1I50l;VZuJ%KNVAJH)fjuM15BsM;L?{nXhHy znp*MUR%0fv3USc_eC}d+PP_cq2cor2A2aK3dTRJpyx>hI;V_7=jcsq`eDf5=95;h2 zD_T{;0{+5+*Tq&g#S(bY=*!y^QL^Gc_&6~&*C=U21qF<#Va)}Saty$U_|DXrm}x`!3zCy;!G zi6AZlN6zpj79$F5KEq8cycbw(>Vje6*K{JvCGId#_I+{_=-iRo{YPnD^Pnl1-ld{+ z@7Pjzznnw`no2X!3)-&T@KAF&I97DGTG(;-p?E3rkn2iA8~&U!;@e^s;*3RM8YdfN zU=bDs49@Eg`VVz+UHd0qX!g_kR;*!$%JC!IiahO|u&cLwDd}Lr^BS$c&7ElGrrTa;i0)}8P0lX?h2?}Q1w2w8UV{1$R@ho?;oyCeTJnyF^<%D7 zj`2<6(j>k==*fX8reF%L zdjm3)#j;ZaKrI8(ub*)BN!NFF)p7MvI{Ujx8#N1y!nwAJs&q9L1al657r#6Zyf0HE zUt$9Nsj$bAZCKFKb-R81n$m*vOwL=o6N{xd&FAB~m-s4OW?p`PBy{-zE}^gdu{lh_ ze_Ev^k=2TATV!(^SU-KTywVeekv+oU4lvdU!c+aZu@-(7Ypkg>n>!Ep(4GOFg$V3E zT5T;c*~gc?LmV7R6+9Sj%c>c88tMCIy5X~w+I`TuyE09r-PAi!F)vENPNq}gKsn^_ zm7LU1;&>YkqMzo4+iKD&tSteE^05f(8MG;#dN9h^y!kE-+wYBwQ{Yw)z4++cPxEsv zzUDU<-)1%OL+R+;5W0yK)df!y08o0P;_6pA!z{Z5bSHq7;>HM`Z}_XXQojlMt2gWY zesu=Wstt908nUp+zo;exvhcLJ)3F7jCwTG^S?aA8d##zWUD>Cj-C6vDy~KCvrTuhx zT!XuV{vSH)rQZim*s~ypKSW)sz#2Q$e5xd-SakB%av#8p$EXHw_#S5`Sl$U)cj4~3 zl8`$3q~t3!%ZzS0VDw+S*a~}$zqHC8=gzy$I{!@ zOH8+6Y@|hEcvMdfyE%zk0)K^Q8c%sK1;3+rgWtr&U)|IeB=s+N-lnjBZ3(Mo8|-Y2 z;u{?j7vTm?Ej6zLtKf%9ynCH#VrfB!Nto+b#&2+#58LxM3V*5ctaIHD4y!D(1bil2 z&f3@3DCX~QUMdO|mJE007l4k*_kz?uHZWFdYZD5o-gj*R#yY%U;?KMHm_IYlf0)=D zKCPT!Z36n;!DW2KD_GHe7fbXm5}^xGSeBXr@Z1P$NweMyUc-B5JU?5o z?6h9fft9O6xO97ADVEBrDj8qnFjp)2+px&uI;;ph0?_j_ULg@{F6;ispxx-_xGsy< zJ^$mOpL9((?z!oHEzIJL+k<(P9siwpz!_ovCsFZu(0#Iju{fu)MoS-lis zhvIn0a|(Z=r&zX|ZspACtKg;)p`xKUe%5meSQXLcm)T0}Mq+h-toIDLTr9Su@EGpBBRU z!)znl>0quF(Onag)oCVCSS!MKg!5H+9xoe9;HaZR+AYWN!KxqHR(V# zaood2`8{#v#qlTtg#J1m{SWpmznReQp4K8vW{Ns3L?qy!IejIvEu7+Gf#Sj{k*z>P zj5QFk8PiI>;;=i^bMl=4LC$F4%eyW1@oN+_L~6aar^kj>1Vva0uQA}lYtjE5;D?&a zZ=-)7#ea3K!AlT2xFfOs#8427PC5&w3X1eJTL(B7*#BbjP=4bcxn@bVyZj^YokkQx_c?DaXKHPI_Wz}oN8rTYs~j*_VLSs z;~YIqMOP)|6qP4kE0)6#F}z%K?@h3WYvlYko(_<`dtK|1CPE!%>Qvc+7n~r6HSb}N zKD;NwO}Ymcmf(NEz|Q;hL5E>Jt_T9)9Q*jy_-T4?Q+AbDF7-AQm8V|YX-MZaINXLa z4tGKK!~GTKF0u3##<&?dI(qp_YGj$#Xr z5Is+=dwr+V184#Cm^MjP@1|O}@ZT+Fs#OVU^_F<}=QkGk=dK>`&*Yx)&y0j}+2n6Z zD=#slQt+3Ljsu=*vVul{|Cg5lvy8Tg{@uX7V|$4HJ;`$72C3WyQg_I|%PJ*qlM;_h z<C}F>YZCBjK`#SG*_=?Q-{K`iLm-rO8@IR7S;=2_t zsva3y;=3I#svmwYm>sSE9MYeAc&nWq*B^a&lbyBePYW}r&KiAhi~ApK`Ex;YJtjX{0Gt;zTN|Vkzz8uDTl9L?;*efIR)k7 z(1L#!#TO)tIX6N_NotYR7NXunHMbmk5?PH19T;zlLvz*P@wxvj%E?W(?NE!7vs&P_ zRC+_G*ea?6UXH#Y#t$eTo-^Q|^k&h}0m-%#YEc?NJV1W~+>?UOx{d*04cEc4wW&qv zwh+9L(LGcKKzs}xs!W1vSocuzF?7%jsIm#F-0q<=0ODilP~{O+1wR5;g#?xKBXFe< zR1O0wSFX46kyqMQli^iD|2NR4L0emladRvF@MT8F?e1Kq_ z2r%mK4Iubx3`!0F_zVo>a12b!LJT;M?EdE{8Fz|oGWdBnQW~_&i7Z{tli?DVFM+j-AmJNA!W79|85t4;?UVi_ zgAI!B>UTgKi_`%x=wt@5dtp$l6b^jq7bt}T*zlnPJ}!zMkaqf%Lz0@i%$TwqpUVKJ zOX&6Dp}A?Yt%f5Mv8yAsfDtQV&=Wz^(1K@%#}~{j$|*=gg4uQw?dSynwX#^XJZX?Y z&ap6gsO4imM!W^aXaPQvvMM8t0+U>GL1dEE7j>QFKQHMt$-jd44}@jF-X8;J(PElY}Xbkt;X`bTt!TCl8>>Hy*zbBQlVL)2$x zg<{o{I^fmQwNnIJlC2t5;MRx=)Pah=f)I^}Hz)>RiM9~vSq|2KZoxA2EWu`gl}uoz z{s^$Fwyl8GA`4m$9kyH!+j5K&qA1G+0CWFZoP%`fP~#+Xi^TkfjH;!_-|YT{DuE!`1C>M z;vjbD#yJe1Rrni8-MyiMF&DuQ^Q)W}%pM_BBqbNKS#z;7d$`Jx-{1<`D&6hp39nQt ztR#(<;k;Cuk?O;pPT=a2pR3NtT|@po*2Gn+4`F~PSe=Xe(!g6wT&a5N=wS$(C6z{& zSUo+mk^HB*Bk9Y?2Jq{W#l$+*$G>^@;YJ1Ui`BXO*l5~^lDJMv^fRB6KD1d#AEKf2 zoF=Jn?Il;a$>?RFM(8^X{z?9+&8Ka6q5E6x4@WummnWm!+7B)ugA-n~&RO z&hxIuC;3(--{|z%^AG2~!$)xV2HyfI1vt?o*-pqt4Xt9J~x!G4n>_y-_*j) zm@f(Uy0G0qn@@(N;FRXDxoNZw#>eNFG>iFgJD9DG`2lb{#M`Xob=1qMISv^elV}Mlyt(6Cy_sI}MeQNUXoYYqwZ0uIR0P;>wYJLuJ170TJMOZ!sa%9qeF29IhHP!=X zZ-aO_4(2Oy;RkfWd)JF>CG+K)xkfPtN4`W#jL5Ofap=p?H1M-notq2pu*78QcY4v}pio|F5oWb3eP zR*3-|>R1hk_abKpMIHURgH;2OXFF8+9q?z?55yr;(@OAreYpuP%Zk+j?+X>DhBuF+(?&kOKQn+=p71aaG^4%L+m&d(XY)vL4n+9}fxQG?`vrgPFAjAyxXPA`fT|e( z!7DJtJYcp96m@JJ(BygU@r6q7dllyb`9#Y&0hRArk(m zh+0mGY-Fm;lr-E%f;kYj(!akC5PZ}C1e}x#pveqVDaxQwcBZi&P;i-0u};ppV=kV- zJ{Z6QvVbDIYXD%u0;J4Ynn`7()+>}Kwaf%4hXEz6Bh=io5IBKj<_|;bin@HELL#{b)Q1Q3#udYJM$I*0Vw6)EuxaHgNa9*v1c3)*!zv^0 z6$Lo5Iu$0&4ix7UfJ(0dk=-r&_r}5e3M8%sgo@1~G6~xWM09c@P9!xL!gUF@0brIv z@<2;qbFpt29@%Xgp-R00zEyU12zc{VAo4hR7i2hRVKy3G6YiH>FX;j)Wo0bcD9~kF55D-}{DC2AjII=Z>3VWFrgXBCAg#yJV zr`z*a*nOi5RU)V0`3-(dEdxh@yJlA9aqgx;?v`XGT2wg$_mj&LjFu!-&SYY;Do-?8 zQdM~v6Vp`r0i$JrDrYk>9oKyHmJC(SWn!i(JB^lMs+`BfY*n6OwB)LC0Tc67d8*M; zpvr|zEL6Sp4WQmAsj|dGpr$9L5m;Yg;z-q79@98Vl^skRqk3n>G~S`gBbhi(_0EoI zoS@31m^e}O&WUM!K$XWZagyqt7t`oeI)%CF+f&bO@u@|)emG!YJHCi8= z7yQ5VF~oZMxBsH`v7ca1N(_5)2iOx3L1VrWJ0kfW>BgLZU(?B+;Ad=DtEvIX4ptbH zTcu8VP+BL1$qOY`O)Bg9)2zm{SgY~U&;G?$<2X9=ptnP)myUxDV(p}sLZSe#_5>B% zt%^eT7&ZQ#mcX=#rQk<@O>4O)TECRri%^WcKr0co84-KYqWy_{%>S;v2yuJS(v7`9 z2@WycZmf#hi&m-(d}e#m_uTEL0K533>_uVJUa&1^V=fBIr=N|vI7;Rsc7Ho=8c$Ji zx8*wCHKtFJ)vH8yL>4~WCSwhDQTX%-1VzbG)((*!!pDME(R_$@vP)TOr1&DM@M)!_ z-kv10ZIbX|9V*K6W#LnTR?b>Qeo1mLQ8I58Kcl0HvZ|%{|3K-nwMfFJb!t&EL|MXz z$Gu@^ituTz|6p=fNTh99G?t&&vCabjeVc4s2My4By?T49#MTNQo`ARdK{spRH8JZr zwDF5zl4M@R&lM4~wn=6XgEgY98iYakv{ii^(0Lf3-6DI}JNv^N4~rQ1WNoIzCtU>- z&22QxtPY60g~fMwk0~!=?|S4Sthj`_)Sz2m<_*Kt3dt`l{-KJeq{Iw6LxlYSCio&O!W zPWiEPok>*}X{s-I$l3W()SVhj-I-Lj`zI3krCIdyPp0t_ZqR-tnP<+U3hXrfS7`b_ zg4oZ^A&?Dv&%{!_KZWEky-EH2B&x&1o7E*$!VUI0#90U9e}Gy?IJI_&<`&U*7|Bh{Qu*VUMSTfZ z3)Llce9n#PbE|0vn}OGlpaYKfd$S0jN?C^?`b0~P1lzEL6KuP!#@q&sCYh@NV;G`Psg3%cJ(y>?|NQ^Ec(d@> zzcAk9xK$9hg_4j}0?IKgXlR!VevYaA}4OAOpyXpfgs zxaj(~fWJL(<94f1@lX#j@d&>ZdtxU=N$@~I;#RnTN9|S-vC3}3r1?XMa^fMp7AhX= z<^R^o9#6eTc(5AoJa(Rx7{;HX@Ze^6KMDG0x6=-Yo%mvJDe(yY*oXhri~goWPzDL0 zH0tEUZT@|UplfRUS^|KMZwU_`gm?P*_gUG)0{{jgaSdF+!08ez%7EKP;J*&_D*vuT zb_DuK+$MZ_oIRcg9f3jof4p4_a8%cM*3~Z7URbz`EjMzjG!mvM3TcOH$rDJGS_hpg zUD=DJI5?&lV&bI4v5n0*QcXLCAa5u-zOyxr>)7$MV^7=Zw3*D*^|ZovX5ziOcvlZs zXeC?dfkBuAgvr1PQFbL5ZNLBAyLy1I9YmPXJ z`?zYKLC%mmCN{1IKTzWob=+g99bm@>Z~|HATHD`As}%0uw3Ta5BQV7G zkGp_r2q$e58@GcisspHz!?i2Wu-}2ev|as7g~?c3g^baBfa>5{Ja(RG@%}RHo77P%Ut7_M z|H%TkBb&Iy)d;|}$$aV(-SiVUh_N3WA#UKGBLpUdi?cNVeWn6%|+>a2}XWs`R5 zhpZmyalaNH_>~s#ghoEqT>w;HAa1I}O@L?vi08;OYAf)9uGk5uVudk`KkH}{wK>=7 z!8z9JcAL$1MDE7MaLO(9P3IKN_Qpr$`6#gd3Z1Qz9*1jrABBB}m~$oXFQ{anAtvEv z{S@Vf=!7SdVB#n%OK{PKJlORynth9&Jv~hyu<%}LV(iH>tuAqTVGcgDvw*@xE5DAp zc8_?#OG&Rx`nXl+CuF`o6A$f2f1Bropl0DB;axL6qShap^fgvmEF)?I7Q1AI>=990 zXoeC++4u~`XnRH`v)NOoTrln8FWWX97=xl#d7(LxV-R0om6tMhOKIlvf&;nV&x zW{P;QEN+G-ORBUV$E$ot8VmFbr|5{e&_u~jFHF>5anaR$f)+{v#U}wPUDl zK(-1n zB|{TG)SkEKG>q@WYT&2kWrN>|8fAmXZ(0a-yAV~H9yq-%7~Y`3DG!~PG}A})9y9#4 z^ZuoI5xo?GEUxCnVX%nIbkbI*l=-Ny>pTk^W8-cxlVR);B_*7|~+{FQc?;lmwg+`0ab#$lk2jmRDMagw#17N+<`1`?daiI2&^@|AG9@(U(WxX$3mu+Xw!x=h2 zqB)bHQ+2))3|D1MC2D3npx-rj0CuiLZA+oA=8p9XvomrCM#!FQ>KoH`nLC{Ijo+rB zsU;=t!Y*@rE@RlucqEt6?PhGrWklSJ4Y`ch-He7@#%pednakMcW>n=ecDos?-3-#k zUFNFX(-wMKk$Y;Or;^-L6+IQ@o>tLQAoo;4Prlp}UY1?C2j9#&#Ak`$zh_#TW&EC7 zw{Yu0ulA#_fU`u$Zf?#+?*Aj7RxME0 z?{WF1^jlLgdpjsj%dl~p7G+Hb>>tSm?B6%Tx0WrsO2D2khkCq63n%FcLYY41lOcQO z$qm@&suj_k!%2S>$VKgEv~$At$dEyMep%H1xRRry+a3Xl6d)#wXw60u(dA5PeTMse zm*VtnDo(%CjnnVrqSv6i`*H#L%H>XU{+Z=oVx8DI6`aqfF;rYM#6m>aN$cxr4Lb^US5i7%*T{|reqBA(P$n0;+n7*rLwc5oOz_c-di}Fe z#P!ca64(7#&;w--z<_Iewh&Q?&`BcdZD1i&g-9KeDKAn~ibS0<`Zh^w>pl@r_wmv` zksySXqe_~2)_|O&QmcrZZy`lh;s7Y+lK?49Ip4oy-v&r9WBKZCixhb1oK{f|C$+o zRxXpY6nLIqL$0R{NOn4^xepj69ju1zS?Rc;jB<~UsgULnFY6?^ z%CAqy7DKr)Kki^+oTZbjbbyITG~u4@mkgx~b&Rr6CMJOH68mgER}WF>HQmF+5vNuL z=H5{HP{k-a2T~>s+5>SyW62RiO&Q{dM4`_R2N{Iz*>T6Hp-;B*2n`+J6Y)X zU29hszvAedRMnM!S5^7S!Z%RNS9)Lhg zgKCuWvV$ahgW|SC@)?laMPK%a|H+2wvP(S2ZEh8F7$|h;PPSM_zAoi4pspHOD2`9I= zwAZuYk^(jzEIUe}VOq#|d1q2Ou5LLTn<{QX?^~`n{Lj__TCwP`@jB07%8jXi-(5tpM6sp=dF4l z9$xzUo!f;ceo*US9xeJOX!$KjwWOI zYpqTHlv-Q9>BSTe-ag|HYBS=Be4oL!wN13o0yaGQ7SMjM zv_~Wgp>cg&x7{v3bi4etzHYywFWb(SXWiHfzj_bx1H741etwh-~_xBHH`_R=6lIt75+$4*-)| ztN2ww^)Y>nHd4{n0X=5b7fMJ;t`E!s;sZ2)3C*?EB(n-%vZFo#($7(Q+6@*J)XsVc zQtu@`_iL>Qt#yp9Ii22GR107v8(JZcxzb)c5@1&Geqf@T-R+Va8k# z4B!m*(WeU=D4~6Xm|^Js4mZ0Q-JC%Zu^w2#^$s2GO|RA(*ILg(=RnMHhnR{#V|KiV zPK9!aap3}&m{DHw64QqaeXP9x%Onu!(YspfsQvL0cV~%J_*Lk^G$*DQ$;t~MkxsqW zs$a#440~>QO5RFII(*16GU@Ok$%v5^fFM~h7X$;X!MoWi!S$Y5I?-;`uGaf?+61n( zo~Lcva|v{$$Q4Pg1C!(df$oJo3_V(2U&-CE;$3I^*C(n(PPt=-6bHBn<*ovRtLgS- zI#F#E?15D{HBujl z7g8)PSdt0!VXsu~(enBriKD||Me^zjG0n*+sf5(*9;?1#YPh(HQVh&giX1C@9YTiW zII({I<3#NSTEXcm1)V?fNjd@5epSkYG$J=fZ2B$6hzh8798|=eF`|!7DyZM$j1i+( z(}$c;XABYs-sBmB#CPe<7`^Hs;YITZ=|p?(<&rvKJFKMli*_?&kf^0Y6I^Dz&u4R^ z+NxMRODRC#tE69~RZt3sK}S!O*FR1xdtId%n4uIEU!~Slyr{McUj-qg5*3igIsKef zyPZQj^)|p0G3R6p^hO?e2}SoX6Na%G${9)+s~DA)+QTqb{cFiYsxi?ILoWu%)RSF} z!BP#{u_98lA(B_GRojSOAo6}DqR#mT{j++x!X!qgd+A1Y1xz9xppJg%i#!?pb7Xfh z?(3uU+CZ#K?=ti*RMPvc`W<-PZ6?|sX(ngc-^)xrQ`@KQFJ)IQW9mWj$jSbWlY1ez zp5hsHKEvz;?C(K?eiG%i&(M}N;U4PHHjAh$+?dETQITruUbUe+k$j4p+L48{e;0k| z9q=S*$dGTUo;0mH-+2_CTp!JGfQC$X!3LS|i2?cF|J&ThGq=C^7mt3rzxcp2S9cg+ z{J-Cs!?@#yJB*Dt+F{&&gB-@kXF7}@ou7xp_{eo|7{7Zx9L6p4br?6z*J0dny&T5% z^LH2&f8%$uZP3P=kG99&D&wDoS(zE`Z_s`74vr(SIx^|{PO%A#ueAWVO&06 zhp}Y74rB4W9mb;TO`u}9&yg^>>V*Bv_ZOLGBg}9m1yY1U35X@7sS(> z%uu2j)zDyMpkyd}dJ&}#BBeaNDHp#jnQ>;=WoL!GoHu<|m?_r1EctZ)RyyRvc-iuC ztHEpSz(3P(RRw^5rP%p%Q`}ES_3XAbzGsTf5pJzLz=ct0J=JE4rq}6v8Vy@rOzAQd z__y&z>!35PZX!c;igo|$3@4_DDk;nYFf=JPtrf7B*imvI4RM|;Hq+l{`g=?{Y$yll z>=`=__xykcPt}0QRo*l7kAm`Qv#M@7I>=D)6Gbl|WCSmq-w-FE{HCDMm!-Rznh|57 z>EAI3F{Q^)`h(WyJZ4q*uMJn^HOEg_|J+~-<4r?9gb~;U{5}BpGo{;55<#)8g)3)( z0bXbc&rU30DvfCb$gm!~6cn3>4drxoxU#4@LGTO#&whBF_%&U_rNr%oikA{x0fze& zc;V57bOI8A!kDk7n4WQPdT^MBi*KtFhr!@(+EmdTall=K8*f@556soaOggKe`Y_%s zuumC~{E4VcjInetQ!f%j^ceT7E41wbLm6PrHbDX2pkU00;u|8R|pnWz8{yCOR-SbER94QY~&h_A5jAn2T-a!DBg6 z*s;Z!WTkt!+QF1Dt`B;eBA|Sc(&z9T0uxaTByr79CJf~y=?Qse${{W~(ml!~R|oZT zfaGA2QjSV2{2*hoa>(H`bVrYZ$Cw~GwSFTu(??pS^wE^WPH0>Vrh8N%n$Rb>2Qsze zOSlqkjyfEPf+HEs!|dn+u$C*wKs8OspoAg?0db`R>O+PMd~&+TFmRMG8L@4k-Zmwp zQOv1GdE1?O=f&oL($AGP;;9Nlz@!ZIDIZwx}>_2qS69_aROF4>RH!~7aVD> zv^U#7{p)8p62Fx`LwNz3xi}^K{laGHBA;cs^d#jP+lbA6mSR@bg_sF zVtAp!mAM_hxP&g3f3hf*)o|1xo7I4X?sB06+vfr*A#Z>f0$;Y7R07OFS1z{O(c{Xj zb@X8JD`5x96M<4I3blYd)(`TUiQdZ?6kHjQl!WBrP;}z9I-x!jx7UF%O!H5)#ga#K z38xsm>qO#|+JQM;C{eu$SOlnyoPzx90L-?*Uzc8*CJUe*gFrp(0mh#q30QMGF zdx=Pm@m>Q3N$3O;VL`SF4~jKr)__+f^cVW4UNC|_DRc>9l}Vp?Z!dRBV~7KyNQS4z z<=C9L4gP5Q{I#;Mx6nWNQi)TC<8+Wu;2?qI%#A1`Ku3_CV3i0GG=&!hHH}0T8e~pq z0R$|HcNk1Cm@Kr(tOXTt=EnGv07=j(N!TfI^r6xUjA5Y7kTxzNPP?$f<M^1QZ5eCfO9}E0kz%=2u_kXqeQVwMiKR+oY_uvMQQWegMo2i40Cx|8ATNo zA$~0eDQnWE|`2tg9?lT>;PQ7 zoLW^xEx>dD&1Qd;O0;K5SWg-k%1KbK%+QbQYPgL0>o*=T|pD|T+yu;Q4WYk za&kMEnt&{XNT7O){Aoa@DqfZwrA{IxP^%SyYQ$ZRNGgJfNM!@MkC!;9*fI23s=#)F zgM)Tduom^~VPm55OTn!;BP|4+=I(8(LfaMODR05+0 z4srE(4AX=?v2lM4Q4h0i4qJ2sMq<{8RJGYQOmRH(nqr?R2pK_zkUKv&f`}LG7hW zQ96;)CpF!Qr0xa!;0=b;{AszIQ-ZZ)xrfhsF~MqPBm9kb_X>3h*aOmtyC5uxCb}L- z1gdu&d`AKi5P*?mGIz$4!H(?Y$}UPCKtK}3SG6XS$jQfnGzM4_S*SLd1Oh6c3>6{y z$?PQ(9W+Tq-2|digjtInb)cLvVgQ09z%P?TR1g_vCn;9Y@~x=h^~WGg3riHAgr0cp zDZqzlDmps4-X&*(e+w+`=$cOcB`<^`)=ze{37k(Uv)*(;g+7T7-K3K!VN|%qh1(zx z#LMjBS-I`ts8nGXB9(EI~wV5)+j=3CFWcc5MFD~I&Srrus zB!iYi0#)NgU1kgZ75apYWz|Czs)jc9vNrJ2i9!ad-QX~VNSGnul^nRS68?hQ0NQzP zk$)<<4YhoP)9yOv+ zk3yy6QCrNZ27-plPh>EmHC{RS z%MmQ}PfP}C&pds{A7B_luZ#6LnlghBH-TpYyf5^X1vx8#PUzx7O_5h-J^5BZn|Lph zI~iyV0Un_xYK+Wa5Ht|PSdOw<>;>@&Ui?s$C+vC2FM2)o+8aLrs^v6KA8)i&Q@h}EB$z5Q9!Q}+JH&PVrXaW%sfP&Z%1?Zgu>M?S1 z*8{%#SVQ^Z83t$utq#$u67L48S zv`n=PEEaeDPl3xu0U5@j`Me_fkl4$hjFUj__aMB+4VK78wJE}Jnl3_ttc{n~QaFoF zEASKdm)pr8wxYVS9XWJDNSLR~1DmIDB;+A6y5A(1As4pt^@h zxRG-Z;lfb|ROg5QjCFtt!LS8FAI9BYuZ@oyLwgtrdZrYZaR5+{aG#kFg$jX&?C6YY zH8lU=C*V~`U=<;n#W0(Ojb+d@a7=Yk98wG92eFdK#i=7r)QUEQh6Elq%`9}`f`d>` zbfEc;WT+gJ{Sz;W5)5a$K=rXM;_e_(hg=m$8#f~yPs9^|k2EwB5saDpF;s)mvn|BZ zEe_moy;>4J!@00{cO{=4X^Jnl$!xvUvsF(1LUwE#;^ttLO*j_s9iSC;_5~H#BssPM z<8urFK4Da29MIo(k`K^qH89i~vdx5E&~nGYg9hlv5@)1Pc#YxSb_x+35dqzacWELl zzWC2Bb`%sdpEHsGH$rzXFqYT~TvfuLJ`87Q9MAZZ%Fi<7BRj z&9<^7Hm0Pw*c`iy#tLnEQ3@+e(TnV? z&>o%pj=ei7c6|Y_l$iJABh+Xao(qMK0RMQ8f4t2O~(!n%x!c$7X6ZdKT`bM05 zMPV}7#2+sKK;9PpIb{^Glolf8`RCX{WO{)hMIh4iqd|7taVxt2a|Td1(& z3`KvD))iQBx}v`y;BRK*vH^U~fls@_+;y6+&c!R%N&}blA%vF3#mE`dv1t)v7p}Fde+xvCHk)raCse*ppY+5cRNlg`tkzk@om*{N@Kf~rdrKWtvPxWM`@$t0ETl{s_^0Hhu&|(4EVPe{`Eq8KrMH>>iEpfI@P9t+hM3p8&t=aZYa!3U(p90Sj(7iwq@ZwCAWxBy{#34j3Yz~5Tvzf*Hm0qEIU9>1VXMOK<=1MxTLayH!! zEIHGz1_SXLyDLMZ+u4q(!Sxd~wjdo;$1Ct^A{2X12?npx=!&`qQB!U?Jd;Eeb*vaI-!Y zTj_E;g186>-+`d`s!z>qbvt?$8iR#%gE6}QL7buk z`vhxm0XQ-gU_e#^A|L~o0QFj^KX@Jdrse=D$mt3@j&%WFndpWB%?uS7x2M^ic~E16 zO3yYWbF

xtjSU@ENqZQUTs!-fTDUWzTjkGom(Y!M;3^W zb}bNpvVw%(<&k_Cp`rLE%xbY)l)R~_iZ5tW%KAuOR@^jzSNFL= z*if!-o1-yxE@rQW@1Rzk8bhs844m}h+qB}!wF)z}N->b-#Y%d@wF(2R!njsprdE+b z=%j`43Aiicn#I&A$mXDnvq6uQt*^6;k~7`3UopxSkMk({Ggx}%;U#}gpeqFp4gcZz*{2t+};ws{ifNo=Mt4m*E)#uoBC55@u z^(A(fzA#N!($T)?1rzaJ87K<%<;D^8?v~fagOoN(x*PQPmG6J&Jc|_B%H+wI-I%^* z!#5j!%Y|<#^z94yW~XnH;9DAf>xFOW^eqd%O{8yW@GXPB+2LCjeVYj1vgw-*zD=TU zo$xJ}zGc9-$@r}X_fbUL@0q~m(_75BJQcp_#a7&snZo1&yeX&A(HbwO`_r6dRTs&d zmf{qD6HcvkVjx@$F>WK?;37d>A~d@6lF8t<)4teb%yXFMo`gr{1F4b#-l97lQz-;o zc_nEO8A8zKIEES7t1fiu?k{kj8n+7t1ERTsHm}5nDxmS+U zX!*yHIwt=p~bA_Ie{;`?M>s zxYKbA%xAFne9Bh|@l~rV?1$J$W+7aRD)L()0tw7da~!~xT#QK|T7({Px}^@cB^WN& z4bh_RZijFTp$EJ{BqQPKATAQP^5##3Ar9c|mW%CoIX1K7!5TmwE=tt^^15-|4B

#tQ1t8MW25!no6^>KH)tBeC>BW;FJYw4%nL`o(SQ-;ihxa2qZG z1vdah9kSz~vdXyYfmW%D5sIIG^UF0<<{U!f*}D#f}B5Qb2j0mvG&0DxE+=M-@DVXgry< zx*QOE?!);W1RDbWT1@AOY`-0z;cl>vz|I*Uh(J5s^{@j2K-L1h&jx{Z4n%+`JN8PB z<9Y4@+;RwtrZ`JtTlG?#ipAuIVyuUDYG0@G? z0FQ&!$q<|2w!J=FG=`s&u!;7O14LW-Zdr)|mz1QqPo9<&^SqOR-I*5*hMWd%Lld32_!z7@9~y8p;~F=JNi}W(!HetyDUv_UR#x@z zpIp8lC*KjDO~gXDJbcXM=pdQGJs~dE0OXT}YJA+lc7gNjLN37_5L5v2fk!3Qn` z8oC^{G|S7muOu5UsVgyP;vd=lu?&|Z>=KRxCC%w;oTq4Tu`Q$u+E5~8KKr&5)Y_0l zRuMC?c9{g2Bm=m;8YeDD8VLwTBOA=~4!HE^1Qh+urKqbLA{ACwmq*j#U(_5sI-nwOEWV7`<`Q-gOs8lwbXWqS5QcWqm1yfzao^Jk z$+0z0&ee<4P%|_^8Qf4xAeC4+yKjUy4q)aTK(lm-Xa*jDcQW{rlA{K929YH8(Z{LLW`fAd#SS`fW-}^^+b~H)bt-Naa_q!izH&RTgb7cJ z2@kDRIT}n@nnBRAKoY?k+5pmQy%d)LaNQY@4Z!TdgC;b6g@zV^@uyu>R^g zY7>_;4!RJOI*ISZ;^#U5mW{Hb3OD|;URRzB`p|B|gO^IVSgna8@Lh2C1kMYJj(%Jc z$#WZEw!ye(=%u+Je-_$R0y=d4`J@+JD0o|<8WC`mVlN9W25p7Ps!kHNkTU4P4aRMx z&XNVbCpA^5b>^D0s(q7vdbvC}>*!G2o(u z!ZENfE-(bGXzUM3!g|(=OK5(p4R`8*cEYAyxW2U>c}8ZfxGL}H1v^VDRE7HifvrJ7 zI6%%0xY&_AQi3+FJOeUY4;2`&Ke#)f0CG{Q*O-b^;>KHctOxc^;evxZQdnbhuPd|F zl^lSUCIPIIQOgRQq)s;@_h$~041|T_rjed}3kc$>r=ELrND%qq6I7uAylesZ9Fx%? zqkjP+ZRp+%Qx$Z(9EPb1(A5f(Dma3wCC`g@Ujv^{M&F9nWCDiy+vK$yb!sh$qvgkX#>^gkxNNN?CAAh<7iUK>Epytyb}-~nfLVP2Tz zV{&E{9(K|n11~S6m$ri@Ya$t`LK~O~+}j}u5nK|Xo#lYew6SGXQ@7r6i1a`UZD|}N zNSjDZ0MItHl>KOn?C5!$=#<%RKquNF6PsDX*aV#+p?6rCAv<=1m<$l(fC|Xmf%kDH z@02r-V@_94k9sMn<9^%}i!LKy0d6F3dH{ul6bKmi$@a3ErSJZ}m52_mzzHrf#1|wn za#UmxPAlpz4ksAb-DJ_LCDS^|jtv|}@F~N2Ai|E_tQ36gWE@H6Mzq1nxOgcix1w*N zm!{K7C_3@yBV{&|v}_i@lN-d_kx^i#`KR7eR(pK*toOlZa108)td_jRYPw+q9kk;- zNN};9yiyy+dXRv_)I@9xZIOW>WD}R)Sru$Pe%YvJy-@Jj;MZM6#wgYfN4MvB+eVf7JfPKIq4;<}D zq@PJWg9Anyno=uqO#{Ya2dL=0(rm|eOmPQ9Wu2}}1ME@qL09IETkB+<|5;%-}7GQ%FkF)}AZa4ij%(&<1 zih60KR&pe_aOph;?4DNwTBHRWNi>!iP-GrM?<%=V&J4-PP0&&Xdd0Z?ZwE>*2n{;z znJxHNXvHNft_>ys)bq<~r+_-7cmrtO>oQrdfgj~e#U{W%2Xnt0$puPmNHBIHPqIN% zHXs6sI=rY4fniVOl?;$ROeb3f(m@_-GKgp=NQYk9sh8M6z=fmaUbc|N-bfl7qK+?d z)suo;pz*}9Wz|oBLL@!56W+VnUJM^_#kHOLyt{En0T}YU$FjjkLJ0)`*=`V07wIbW z<}zqYiDMT)sv zz*giQwkvaxwIzcnG$nU|!-qSpAV$RHO?3DIw11!#{|fy=6}dA2U^)QU3M!BT2<&^z zbUcO4Bq?D2@YFE}ZUAD2VNa$Lf#afbgu_-tzDx&(MtP_~(3i2J7ulKF%8n)P$m~z9 z0^DVzH0z}hw8JY>$ z39zPfJKae~GfshZ#;khD1T^|RKq=JpT!8Sfwxb1nBZ=?o!y^W#OxG;FtmZk;nA|l3 z;TrOJ$onUs2lO9AR)Z9Fmt-ImE{HYRZg7U!MhZwUfc$LOMAK{uftSYJh@DdADK0-< zc=Le%75+n&i9WLqDB&;jv*nMXopBH4b&x%XCe~Z8WK|g`ld73Qi{)85ErT7%hT@?&KD_ z9xvo3!2!P#Ck&$!zL_R89AMnK07kn^FlLk3fVJyl!Q?J5*2(oCGeC&>VEp%!%piT~ zMwiScGI{N|RR{zFf|!&G!Ku9ilq8=j*n($w__UZbBs3E4GvPvW0O*F(H#~9)LQ!y* z*#Nk7WE8W|8QH=kmv#(+$XkT)tu&V;rW1Gh0WyO~>I}UtUh>Q1Sf!~9+6bH)L68pU47!q=z*h$tAsXFl$_hwxGdkt)SJ(?O zZQ7eOus2n+KwFygjU?^63Brw(_qB@5O+V-@@N~K7o&DblOD7i=+c|_~qD*Ma!f6xS z1oR)IK(lVA>KC`op=Bc`w$;_?rb_bi)RNBhX!sAW+B|h$5jsc?&-Mmuyt5K z(BPne075pBAcV|WNe2iC#L?pLtfY&(-gQIskae`e(3n?}HXIbxV^Gk>)lH19kuXsQ zLh=gbIIDMkJ? z0ptYY=u3xu@D@zD8Y3n&SxRz3?yWmz7)lo^oO&KYXAFhVs1`v(wSngt4PMX*Z-YP{ z1O=EbM3Ca#PKgy{Nfr*!G7kXQMH>*iTo`qJfjhtX3~!NtB2c>;g6OH(i%e65TtrY< z5UJoz064oH5JBugGU|8|j8DWNbFfXMZH7Xb`lx@_fXh>SLJl2V2s^-jus$#`LG*Xr zIKg4Z94SI**v4eijG3@YW?$kYAkN*p{1a~i5FvtI%B6V+%~u}hAl6G@KPV0arT+y@ zj~>h`&Nb&Mxz5?;Xky!<6B3;}LOXRGf znXwu?^uIAGJZZzi!&f4BJdFaLfzrdeT$%L{9fEA53etcm(z1e}6L zFdAsC6AViZ$P5J12e@Ggl02cTB%|=Op#RX|a?p7P)|!X0raW=T{#D~@NF5=NtPRe) z@^whu)Cq((_&Q`SX$hRU>tqli;J$7&fO4)bchcVYUW^H4b`T9xCivqWLM=LgJl2A^ z^&22F5KnLBGSfouBHT{bQATB4|7fM>LfK&{iha0*(B{3+*ya^$m% zG(9HcvQax?aSLu3rnrAMtsd?nI;WVSpNQ+hFoaDekxOzpA69bsp#`oZq`cR= z9JpqXjFX$JJrfk$9yGH-?8XbB!Eszp21gku3qj2Z8)=9s{*+ukHE2#uSM#munK)%B zvTC6T&aW3MS`kED*`bTGa#|4~sl@QLYqFb#MzHrbGIuB{H|^mWvA zpv(54lBmTq726%#g*nGL?1kiz;+~KM>ua~hag<2<54*1F7%G}kOt}}nzjus4B?EG z=^8a-!h$L?=r~mX&2N(de2@!_L(ni|sM18r8D~j~Eo7EA0->X4HZhJzJ&aJ|a^dwL zxj5g%-I@k+YpQ5YY@-fvNuB2RTRIF6|>yg<~K98BJoS(CgO6eT7p z0~Z5Ne79i`${oi-Zl(Do4=v>3ykreu^8+o5*=r&Z?q?-z3NDJgTOl)MpqFSc1Pw$siP42w5%_Zr0yPnOi-S$|xn;Cdjx zEQk|2rnqjV^|WMC2oOYIZWa>HP6g45T!TWcvTB9NZ<7V3L(Ois6>UEV0Yp6sIQ^os z2HXG&SY+}hI-UfUHCcC0&I8|-&txHsJ2q;V7obKYYuD(&6(Vpw<;f70%D5N32G=8n zT7{KD7=_0)PUAe0UX0O?ENs=-{7xP+HRE#LMi7sx3w1d=Pqr{Q8@z6EWWY}2Bqti= zTvr~1#0)+`3)AUfM-6R1skzY6q!$m6);Q#H9MelvXzvZgx#%mpzi{EK{7E_aGb!`5 zl>8+c+8R;Qi{EzT6>ma`+?-c3F|Q=UaXcOzRUwQs4#*~aS!5@kI)gD`BcB14aHox& z?ZTk57PwH+OW&1+-Oya8E53L#VOaw=f0{qVRu-fgB2FMvand0XQ<^rTG~v1;#0cCg zgLswfeVz>Jxlu2+<`skAQ>F3k59hlu?*!Typ_W6oWZY*F+ z?XJ8Zr@7dV)AFQr-0sSxbd3e_B-%^H;KNt?o<*$qsEsz(uN`f3;<@&Nn>*~Y^=S{A zJM6PZ-(kOh=Z=v(?7wV1#}4~{LrHyBmZsluBptV~ZDU1q^;sG8<)INxyw-|a?jJtK zmU|IvBA>poDDINc0$DF6YyFZ{6{l_-NHyDw`mx79On2$O~^WT=O`R_?r^rh*FbNk{6P!lgrf>JxtQdpo$&^+WeZ zU}DVVB7NcxRlsCmu4F;dt(dUOlN=}MlaGOPX~Hgg6OV5c0q=CNYR(4ldOVJCg(lQH znl*h~9yBaoW^svY(o&1`v?fhxR3cTXv(bA<@dc8Upb?Lp9NlkB9IQf!<*3*6OS<1d zsG6a^=B)DEBCfd}>Pq^u<5tx_BSYzFQ(6v4ddhJ%xla`uR9}C_qHP+hSAwAou^#x_ z7qF_qJsGO6sy+O%ikI#^gSTu#!$g++at%%y%pg?O%1XjcPEQ@2X5! zA^~W_ruqUl0K&W9ol~Xw`qCE_j=Yb6dd;u2@h`cRiom~RS1NHPNR>)_EJOfL(v!7r zpwGoBRDIv(%5GW*w2icMP}ZMHJ9HgAg%hRsf?B~+5XINTH=tnn4d`zH zbE-KlJ++ns=(0BO67sYtSIZTkcU;wH-ls_Ci58SOEy7tUWQe~3J=fvBc}GB98{z+b z2l)XcoK>kgRc>d~ljmtd9h3olHF)=zR6C$8=p2iVv={$>tRK(F1)NKFY=GwkjulT>A^bFFtCQ9beHcCx4||Jx@zz`v#%E1s@3@qung1=-!9J zIVQhBEETDj{r3w+mG?cDxBwwrP{_0=;#6NvoZETQ^H8DqY04tW*B9|zAv?E7;><6g zK*|&FSX&f_&%IZNKOE9W)Lv1gXSl7{qMp^mO$_(peWReeR`5;;-!cM5eCWA)xO<3@ zcJk^w!{TWD;56d`nT=T>v3uh*y`&R2Q8tB~L9rrCy+S3M+0|fhCc<01~0~=RiY)L7u}<>&1&#a zyc${WW_wlN-hr9^lrQl$9yAKzEvGI#)ilFDImc0t_hW*Yb#3m1zt+tFomF*i^d53M zzd(FxtV`3qtz!AZz$i2Q6R*bdvzT=(D0~o{zD37FGwC)bOlldA8NGagco;WbXfICR z%`d~bc;tByycX2CTP!ySH83){BC`D80?8K)?c@@b4rKW>9aFQ;vKrS?pc z)Urp;=~__4v}depB!IT50er*U(Gx_Tl}~)+nMU8ob#!nieU$S+A^R9SwfH-Jbm(LB z$n}5WnWI{HE2Rq@OJ2AA2* zf+`ER*=NT4i~1wrrB{lpP9_2W;`UefzoUA|*(I*p1&`NpC0F0l!JTfkrCpiVp!(A) zA&T27`)3O?{Asr=0MIorL{{VA zxzaGT`a@aS3hTnlAAdr}nGmSCQ2$nc+O=-h>(0T`>e+68+C>^G&RyX9G%gN(1;2LD zX^pu9o`>oDOs0VTfI-)O7N=|e8Q>JS!Q}UX`;jVO_i5moRQ1w{PF=IX7q4{>!s;#XTMl}05AH)J0IgU)~w`I z(dBo2nzJ7?S)DtlK??4Pmvib={U(UUq1t1ucz6%mD^T%Q#DKys?Wz9o0yd;ipPBD3(yRx z#9K)<|F}c1+W~D`LT_24R03ZJeEg&#dX%Pzuca>4oS?5G$!r@>1BR~Q_&2eN=KMly@^o@o7iJy^D&1nsf zqZznRJi-R5j@1L}0F2s{`2o?F0c`;lD$)fy(^!D<#2@2ncl@%p*Xc?n>%x}RB6qEVfCu49|lo}`tq0X`jk^v1-$L$u?0Jq{aweW<3!`T-|u%TcvXssqq;V*jzYrXT-CW%T=nlbj9B)lIrU)iA!=bk z6XUF2C3Ms2*yEb85%m`su{hPQWyL{ZphGUuS6sCe^`q`Cz(C*+80Y-~@p0!L;_+-7 zr^ac(q-u_(Np0CH!Pp}RFUW1Sxauk7OyrXs;1kb{{Az4q5hZ6EE}f(97!;>B_|u3t zq@2d^n6m*zc*IqQ1Ux*68C!{@uL2;i##I&v@N)v{T5{Rmda?%WH0c2L0QVMdimM&@pLHQeeDFXKSjmBDV$a~RG_)Waf0O)85(~r1H z5okE|uWq&tsk9%csQr~ns4Yk6M_lDBhy*6S?q*xD#8>#xXO=hw9G>C>d2spSRAG~= zvM6q*-?|1^cH&xKS-w#zMSKtEsc&x%85 za!P3~kU?d~pZq%@XzFhOSl4gj0Lc4(6CWKYYoj3wJ78E5(%z?0dn4Jd0fkqfI@>%q zQfH*5>qt%SP@SzntEOQ!9Ugl&K-j;yYBCLKmz!aNf_xx@6-DX3Kg6Me`9pjZbuQLL zSaS)-+`>TRWdus435w_&$Nf*>qAs!gJYsGFsR2X;Pk7}VcRP=X)7#XXw&33QoE@P9 z=)vf69r!h`fL{~07QK>i8ayh1aN}Kk1fsq+p3Y$>qiiVga(3uh6bJ-W&W{%3HSO^8 z9sCK1jn=9ZHK8?hNA!m1uQ^W)t|IpizZ%Uu{A&_AN3|-RCwJ#6`kU|4Y|F5pC~!aV zD~7{FHHIRWZDx_;-DWqo-b(R}T))R}wge68Vnnr@i0P ztfG(TPkU}OKXC#A=Ks?fej>6`G+*u}d~0xIn) zJPwYcud|&zMaz(TyGBPBV?1dD!eu{0H!$TnaO3dG zdvNP!fE&0cS4*zP@8AaR$<_q=PP1#~cW?vuq?_O4@D>30Zn}XAxq-c)Ba+AsthW#% z1F=rvnRu#C9D%2GiRcAdxEIK{7l`T4!FvvZ*~nd7f*CqMrHJKsM7=+p2+Rp`wW2uN zMtXl(N!6W%ne6x|LX{lwq4y=3C{xhWWbRJTiNmg)SqZxf9gQ1y?WS|r4&av|ZYd2w z2SB{}jT+|p@Za!<7wr~_h-2H0`|&hwEmaxpPj^wcp6sUjkoC z;`Bk6e=@=2$~hJu!?ptjLBNo&Rqzn?9PlK8ud7YI{)i@OKA8Fu^7TiE49`dL>!*c! zPUA@kV8dy^hEnAi^r_wf7hu^t=m?kyvA*N=9^mMwgjxQ{|B!*B zKfzh0PvYS3vQMb7lR|$1NXfM79?s48g3n`p7P_s3f|bC`u1ad~GocEl?k>8C(xl~Mq9>ZA43UhJvC5l(x(r=57+YoN!b`e(#p#VN(W>kTLYPrjisuYqj!5#f;d{iFCo z|D>Db%0&^bq$U9EkdikLB|jjZA;v`($T^PZql_@3JIBp0-YXBP5=W@=5Atra{ zbfGx9b+F3bUIam0H4z58z9ZDL-PA?M;!%pZq7<9%Pn#rH#*wmrjeBZf1QTe@uFZ3k zIercNn4DVh(XIw4rj%v_N3}-1G=wU&hkW8e?Dz>i^lKtWPpFxqy>aP3v0Flq!}nYL zDZh#F#^C2V?!yI#eYj+B;c`QBp>)()8!r73FI_cUdJL2{Lf1#VH}K!0Yi+=CV6`rG z>9^ZxJ8lztrqQU%1@@|CKLyLXThY-r{6a13$qE~z(pB08 zHeB^m{Ns{zjICza!v{7+uKeV9s%7=+$dxtpIkbMl>Kp-W)kg8x@JC`nnjF+twcziT zvJUuRmDubIR(B;jb`mSd!mk!Pe$8fezVYKlDJU^z zGJM_7zvfH6z9jLPH!)jW5@wI9k9LbKTB&is&XUO%PqGVJ&XAaezS!W+M0k^L@jU2g zM(dA&3BbRzt)6Mo-*Ncc7X4)@fL|#?zgEI8JEk&3NaG5;DLB(!(JYCsDsZ*f?6k5y z78`<~q{plmj$AV`?`7AeIf`CTpi~4r7i;>2Z*-)dbw|7!=>RRM;p!6D$XY{uyep!h zoAh_u?f~X6XuOWkSeLPvzw<1hq-kA7i~0L5m91BOr8bLqys@S7FmOFMk?{N$c$kh4 z*YStx_%O#85yThJiGm0q1NHBR;0{{WMMN0W+W9E!j(Vf@wL_8Udq*U;M7&vI4U|A2 z9{&*s?uo~`BH_!wzRojH2R!gIP*BZ4FZTH&37$+}Z=5%OT{;vuZhZbQxr^_Vs9?Hr98_Z|9 z-4Ogdvtp2n#gR^KTgTxJ82!un^Miv_J)QL%zkn7$#dXAtyS4;eFW7+3?u$O#K;XEtTwCkML~Lyo?}+EF5|1{LpLwH)-1d!`uqmo{=2j^ zxBfe-@2ddxW8Ak2xIeN9-qcYD2$5u!%-W5#Cr?FW$6>5_J+`R(A4W8<`^?na8f#a2 zIwXG~U_w@u;K3w_V+yAEt>o3Qil314*Lfu{%L>HiOBIb|DLcWpyA1jOb3I$j!EA?f zfXhJnLNggSkEozGC}%q&sG$twjb)s>o&d$xO>GFCREU1w!-)5VYdblgDePl>B}Fz! zA7)t0@W@~K9ESD?^Dc z962Ip-CWGK>#YxAri#GD2omlk8X3@XIQ^cC#>$fe&m3hB=Zg`=uKLb3F zZ2Yk}0r$m7xE;nlN6dC5%oVe>goWbWu7pnUZY{wg=HRm&c&7LQ;2Q%50?JCCn4*Wx)JVo_+$l?yFVF1#x5;g#;W zD-j_pwS>6>y5IW8#4W7X=-$%Fxro9#y@Ggwxp1#r-?{=S1d*K|X<$58MihI#B93st z8HdylYKu)zaeBTx;%!uy{MCG0N!|ESNGgEAKE|Yho~wq+?%-$ifU;%~5yUlOLcA!MKi z#0p%?HtV=phw%@cYw5?R!pE!4PV|?tfN}C!{&toS?He$J5^Zd(<{jO@JK~F{FC$@% zf<+vBcze{LD^(JVLMN7e66M}IEE%+cxp1-;7yOl2Dd%W?EiX2XvRBaeQp$l$w#!2EWH z$I;(7_`4JP19l&eZ~*%!(r26T)`MLTn{`I-1LcgrGrV=v*X{R+y|Yqc+i548UhpuE z4{YFs^R}e|{`yBrW)9(in{9BjO$ys+#6O48ow?Ak)J?jYHHTbML z`s^JlOfkaWsJv{a=g*ssycR83iVu8G+b!PnjF*?;fT#145Ahcn_+lA^yy|{?K$i){9{vwxNSon*4e38yy300i9q9Tiv}YSJB_;cDNt51@sjoIcclfQS4P{ZSEE0^orE)DRx4 zuscBU-{Pa`qNL)qrfp_*iMI*79p2X$mC=&VmTqF3@StA|%h?nU&jo@{W znNl9)sxMU;L(lTkS?Z3|e9vq{wHqq6Bs%(E?AzH5a&8sO4Zqv*)tW+poa(Pm)t4 zR~!~!s$$hSxH-cn^!b8u&W)w#sP`Dw`xU4k>9sQy_os6RYb z*3-!3i9)q9?-Y`2_V0I))qNDXQ1e@zG%3OZ)gZ7QlW{w!aZfo>x{{GS`=VkePGIYD zI&QFQ<)H|CYI>MR(dnYyW$T2$DYj{%JuO+h zyAeKJ$#(JX;50EcEgAm6F9;$t@K{Bo%h};^O5N+zJ(q*HQ@g#;?kqheex@Tuh#pWl zise#eagFtSSFSac4qI&X9tFaA&cibXp>?<{-*ONk%}AAcc0@KR^IFb4|4=BdfhPTP z1i8H4Yg3(#;65!oD6Q-hF!#RqdZd0u{gPsr(5M$r6smF>oI5;4=Vs4yA$XOE;DKik zq0-3+y#i{;fk@U!K^u!d#8}X?SMg7%{MZgPY~~EhAJ@@~2AOqJ>4R?YvtH&8|0OxU z@LZ(ke1Y-4BJ6O_TaQ(q-qtpob+BYOA@O)%)VwWQPd>s@3t&%xGs#w%0= z)`HYUNRGt%lf(0^bI_-pt+9=62EA`r*=I)K$3v1|0$OmPyCR~Au2U$A9|aJMC4~~J z(b)WUU0x!y6TaSv=N5^r_w^2XZY-S~1qZx^Gx3W!Tw8%m8hTEk67X#$=>l)B3UXxJ z3#?Z($$HbxP)hf zZAz`oCkk|LFYUkGfrMH50iOlXNsmr=?xR@h|9LG@ZIKLKFx1eC+l^QGqkEu#Pa0BO zclRPejg|aGfr}mQX^Ag6fxGfR(_qrz!&HcK+C`kxF5;6Dtc&dc%Ycfea|J3I&s|W~ z626-L=9~i+QGIbuIg$d$WBmHpTxUE2eCA>X`0R5=Xbf4{ua}%)t*)F-Utmz1S2u0t zs(@C&;ztPZKm}v*`O9?JP+X6`=|qE6yg- z_XcTe+GJe?+Cs&1PHA|kOOSK#5!6UfjRe$4gZGev$C>&Eo}8xT1XR8;84p82(L3W# z7v5R^$ZW3#u>S>-8zH{Els%9^n;RElnYihZU&F?E*XK09c}DjOC&;;a%Y4xyWM zJ5IR^jiE1w7Q{x8--l6t=K>8E;#QrP1K{*RAYA1tZ}d(aQViW6+J~t>9Tgq;6oN7( z&O2V6B6yR5!Ivmgk~}wzUL(4+ak}hKgyOk}M_LnxrtDuUX{KV6#;V+`&JDbDX*_pR zXssXOP;eRfObWgf;;|Qc{d;;{tLZ;4xp?GD%-M9o=~F1+6sO6TZ^X9m1sza9#dP+t2xE{c^-zaad&=#OFN} zOg7@s3cGp7%dw>MsQBzVq&1KkCuhqQ-Daa=`7ii1c+g0aoVA|I!1iLRMvYnj7W9<@ zGR}_&BvuP01HDO7ZjF>(BUa+}eQ=6u6sK&6&z_IJ8jsKe-QBL~DM5Edy;y$AG6XE5 zGsDCUxS_qqmJ^*3^EWvC6GB_~l`S;hq-Z7QV~ygoX%usSKGZGIF^J{8v_JJM;FC?@ z%Pi*ve#yfo;GIw0KMZuM3AAU%xd6U27GSYrIqrM81bXnCZ$3q%$WCJao&=hxz%Ap7 zKGs2xq@o-1U>S7+S+a;u)Q-`L*P8Nnk-&I8_~5JniQ-rPac z87uG;##7!$cjAb~-0K)#Ao+~x|$#iT!4Y+28o^r}qP0iH0orB(^SiOLn=`-@- zGqi>~<)g~7#x~N)>f|10pe}baY zCm?H;KEcJwn=bCz_{4*GiK72{+_x34!%65p(m zA~j&oaIz2JlX1rAjPs~_Ai^~^cn(L*qceRi9RRAUF?k!{PIE@QUr6M?&?&#QgLv+= zoyk^TX{SXjZ^I5tPgp!lz?q#aUS<($dRoCG)^xW4yY^P5O3u$zmDtI-8G>89QEPP==>I@yzTXTsLR&yKZn+MV-%swRD>s%9g2h=r%)z* zW6XG>{h!tQ-o+z(_heGfBJ|u6yS^0DKUSOcD4_r2gdy}_Cw*)kLjUCwo`f{fKS4t3 z68gu0wdd&H@DWF9h_>`&l=(pVI_{ga8M9wU?kK`ZD?B)dXUD|y*GPwhQ{rvM+2KPW z;9+LXBKG;6>D2VJnJXJFQQ=zhg)mQpfyz(qBKcbmdJ%l^b`PI1G|yWiSFUZNHcy~? zImfNLPV}0Bj*E-9l>F^ZYGJAZT;n|M-H1`=^lhDy@cHNl8NIJ^IqHN@bisSivPZyY zSV!E3o*UGt!IIs09#GX&P8dC(!*kyDQPg#RIp_IRz83+ovrq%`B=js!0yFRj8V7fm zi|J65iPApf^s781{62Wkntv*7(VFR>w9jI?l%%2z9OK^l1Gpn*zZ%>ReoVdFdDJaV z-wZA#s<4`RTzdq!3QV+Kkju~WXu5kzWWxEuR0~Gm1>(!K;jGcEb=13?_0%CAqZk`r z*)iJYfl>VlKF6$~0@_a2JZRkI=F?|y!RMzaf;dLaoH=D~zLR1q8F+|rI*ex@r6quG z0hd8|WIV}#egm2A)OYJ^hpydcQF=ThI((03B}1-d01=LkUm(CNL{sra|7 zGOSq&H6?wP4SJpchVcqjPjczGQqMN5>dgpW2M;gj59!HxFo%wA^Svh(ns({g;S^NI z`1&Z#-?kB#(PYw>FY;NaQryg#iMhCXS^>5=7z~(}J{alKkMpVgpDo1s|6Lk8g_ifK z2yV&mkv=g=5QBdR3;SH4IgUNf@vq?wTR+4<#>#tXvate}j6!3%OB=beW>e}J`5>gc zBq{F!tCTm(Cgt6oBI|$a#Fl-Bg|J0j(tRv!@9&ycSam_(F z@6PUcIq$x~cv-i?nCbaZN;Ab6C=opd^1RNIJj@G{U@mcvr|Cm!k@S z6)R@p=Jz3hAtr%d#5LHBxQ6;U#+!qmu5M_4>Y$`gI#PDP0zpaHKKx4;(}Zah2osD! z(kFLg$+G=aips)}B)m+bH+E3bg4E=G3zUPx_;(-vrCh?NB*!6f&2e$fARvjCUp5GE zJbENX^Is=sfqO z{ciuWwAQ09St;oczb)&t1F}A+UDEU6X9oN%fS+^2RxE!8Zy+UI;+jVIw-f&DDS~M4 z0{AoWQuvc~6+Eiq;KEO9BH%gYM)))77I6)5#|gkIxSo@)g+G&T1l)>i`lR3rmRM&9`Faykj+;$+QJwO&xEMyCYd28?| zZ9M!*xfJ*KLnn6l9~1at3r28%dhkGcup=EP6WoK>CSdL>W@1g7vMkFEu?|jN)Ue%U z`&Yt$We4yt<`Bmm(g%}Veyc?ahT${i8?KyfuAJRcS^FUTCzb8NkFx#Wfd9%4;9orX zfH~}erhRmY)<(9OZ4U<0gVpJ=t@C%7tLwBBYyhY?!oNe#R;Barl76EU+++`a2CTlk0CV3Sly%M^!A-W{XEs@X z9#@CyP3X{R&_6>QwP5ub{85cd%r;zNwkxb1&%fb*!7AjsJHX(9(Ys5!TV)-Je@0O8 zeHBo0_F%S_vONKGv2!+2(k85}u{*QU!62H-NKXQx2bl+r0ED#O>YsF-#-?T|?9nWn z=D*>_-=9ZQ>K5GflXFr535v(r<;m9?V{vIh*8m>fla($pL1OnYM@ zFQFT*GD!goq%=WaV%EeVmAQu$LyW$3``6$O(O9*ahB78R?Hh@zzYfSy6a z#-F8-mP|DD;ofx8gvUTDB8D&*V2m>S70$QlYiK1rxHm%yc4VmfC%BfPB)2NbO{)G^ zJ54Nu5@^8F%bCYiJg2u+4Th35(3L7EGR;3RSUv5@>n}w5}A~kWN~@jVA5( z^75*FqZ%}za2Sxfyg&*Dfo$vTfK#rC19(S*-L3zetKvGKj9dRJ(t=X>?g-5TJqPjl z{~h{x|6k6fkCouzcvU!Jln?wbt7V!$_;1DsgRmKSG%p8*HLR@Zk7lK7IxZi=w`@hf zFDn@~f80+8L$CSAD>&r8tOQ-E%PaMgw_SKs zZgIOVTlA6)_)(x2&n@d)N!K8ocRiQC1%J!>EVKnKmmhk>XfKpX`z;gsMeRunyW58R z=co@S0OC=@gHpclhLz|7?M-*I(ht%f$IKt}#uk0E*Y0S|EBCL&zzywn#}ap*w7efo>-7(Ov07 z5Y7T%?@o`!*~I@P7&8dQEP^qcV4URZOZ40eFtRGJHZhG4w+xM)(YSr6aR7i7<yTpLkiblU3C`A1{*n(oTVMva_{%%u4GK_#tBuvp$0=Boi2iurG-|JivK)z@e70!?oi z_~m&Pmp)#}wn zS32L?3YIDx598-*%$1d2Tb_kw`CRA*I=j?GJA1ZB`l?Rag46HLIX2XNKf<#p1-{te z_o8oLPC?NA{$*LSHT?78rFbM<`Q2)kgck3^^C+;kxb+L%`u!PheL;a+e|#>unv^~( zBzX6s+u4KLRZjs*m!a`QlVH{Hdgv4>4@~wPu-6LM>)BxWre-17>BhVxD8eqJD2(R} z1L^h`K#-u?Ro_9o+Edj@$A_Sp_dO(iK9eo1#LC<@R-6*L5p(ek=dW}I#qw1&JNjr= z0mN@Q_`T4-4*lz~{hxmvmt3ICFc5jNC9lMq=eFe)rvNUobB!Y#ik$;O?_0=``IIk3 zFR{5Gp(PJlGJc9vM)@<@1a#FC}s`{--xb$i> zgEGZmp4E#&lhdhOX?jqJoR7BRY$vCDEIWBtkPkRIPiZ_u1&rG`d3Xqu`0T%9G4DGn zmul}tXR}$JK=f2uHO*l+X}Diy%kkfW%Bc-fI>MYLMBE=2ti~iNwN>H#AjaQzkl3EzZXr1?_Zwc z-&5dwpZWc2b3B;9WRM;$z88iAanpqH=5HjA%^YGU3=xJm7l!vR3~ym046*Ki(-2jC zDQL=?4{;H40E`+YqQ>n>cL6UZYT#9C`d!(Y|NeZ&byhWTO_8YiFIoEA^H8NKj-9T`fUB}P&~62l zF`nWzS0X@?lDKkjCwM90xCN`hU9u{^4$;jTp0kSJU|O|2*QGW!*fCYhOS!bN+MSou z0%f5Q@aL3B{gP{9s+i>yqvf$-vjUV3|9V9GUtjp_g2PatCkX{ru}&51HC6;_Ohk7K zJnDzQOZl(-u`@#0vP0>#-DMlt4aIk4B}Uh)&ErUgD;2%4va$+vrxlYQ!w1lAb)drv zTI3Z3sxmE0OKz;(0S>J-3NY>6DSR7CF&SHUmrCB5C1}YlBOAj#!}`qksAvhO!~55o zMdL;H?c z{{gx#{C}}^HdJMM&?WjW0V6nu+T$QVqkEvVp^|EBkOKRxru83hqs~khU_5yU`*Ohr zz&^x!w{uW@<}&mEO?SZm&#ZLX*ZMzOfke09xcH;<7KjU*XTqP3$O7?4I~ItGj|mIJ zqle*3%Xb!t3l71TQ?>h(eqk}+v_bj3(AZ9BZ1Dj6Il2-4t%s-Zc5x?mT8&>4qFbGxX!QxFQvAb%`DBYID3$;78ZkVHkYu`IZg;_l|?WgMkPTuvz$I z+MzjO&g3jHXIYlrCFZ!YGT^V4l?#9G%qqa4-S8?6O&A)U>I>P$atVU}<1X<>)9lA3 z@ki0PDwo4 z4nc4RfRZ6Tdl?3D5;PUyA9eo~ehF;&QUm|CoDDvJ?h+Sno{4{(@$b>i_@|jyADuLO zU|&NZKIZ>SCK*&r*~BrDk@E7>F~*&r);N~ZdMaX!I0%6!6=5NxN%&L@l- zVE>XeFRZ(8_5oO|*G1eFEUoI2InxHw^DzQub;V}a_`=6^gN zTJ$Qk4=tUMamLy^577qFM7%PL5~@A%tleU~KLZ~7$2|w%=|$*mcyM<83}eYz_4oe* z>i?M6@Bc-#{@hXP#~b-)*MA-AJIwm8N9$*dT0hC?z2nUKH@*e+yHu(_Uh5Q7ii=Qg&LXgH~8MD{5RuCFkZR+ zOn9#P2ULHNH+9oLqVTL#M#JwIW6oLiZ(IZQZ{zi6tclhy7`49LNI$FovmZeHR9^qJ z52E!gqt;I}T5mhEe&VN4zp04oU;JsbexT^=`U?{$8?W3pDn9qrK_frmjTG0z_mxHe z4L)s#auz(#Hb8ZWH}zUW6rS9o(Z=&l!**8vcd)*|>#rNC-&r_X{bZwV_F3}28R`cM zxx8?>TlbMn!-Oeo*G{e=#)vQR`o4RGwA8a37AJ*S~k)(D+BKpKT~- z)&F@2$It8kF*G#(QR|O2Y-iPf_8^X**MIHc(D+@W)xX@Rn|T)g4&nG+9Dj#~#viSJ z*U+g1ei{n1aTz~-ct`Y%vP01mHh%LwJZk7oF+vM)H8EiwK46I|>r{P#^bg0F>5i`c zcUL4lbVB&U?6XfzT!ea#C#|`E^!w0;;ZZ8;JvUH>8vg_b^{^Q;0515}p@`-$9PTyY z6FNY_+YEjC`v5v`ew6kKyQO@=Y?U{c^nE&->$@f1d#R$U8AkU4Ja;xT+c?a>I^oc#mku>SeXg)7urR-`|NO$95GDX^Jr0DWo-91Myp3Uyc zU^BB6R+z2e){TmKZ>q8I3M52O!30e} zJUM_On-QG9BZ4UW2K>q}{xRP~;UDLlDE!rYegOJa_~c;v*5^KO|7iF9oq<11FQK*K zf>97j_@n$=m@xV*{0-k9Snm;aAyVh-6`o84+NbmT0f+7r9pVsR2|5)-I7tP7BNHM& zNu{H(7!!3DW(pn%=f_QC@*R@fw2T$VJ3jb;Qa-3IENR(R7T#V zp=XKU&{-YPaQQs|h-mizuWwTSg}nca*#6gjb435=Q~#c~p(AhA$^{vN{5;ZdNA@r! zM~nXUoJX*Ip%d5%1lG_YBNM-X+_`k{60cm$k?~(A{A-7QjkR(hfrQvyhj$?A1$K^i ze{n!#!N>$3HSEDejlT7BORA%sGk4^Dm`Go%E^wlrgZ>G+WIwY&?E6H1iRy>~vG47= z;H!)C^~QU#WX4&2omqaY&lyKWvxke0nr}?Q^I6*zwh_;Qjd>8oB&gq!!5V$-gKT=n zuuQu!AxxsnUx3%`#4VoWoS7j$kD-aLL11@`s&(;XdFTx~xEL>12(-nokY~mE1fJI5 zR`8^9__d$d=l*OZQX6yL$R&Q#Ne8};8R~=lcx=UAXsK>_u6Yp25q4?*DY9xS3 zBg$Vm5eeToT6;e*+xz>pXysIKO?=oYA!yJ_r9iBd9dilkrZdkcj<{VDyPe_!66qy# z{Y4SPu|G;RHBDQb4js{v{7U#H&} zN<53Q@c^Fg3|Ea}pJTv&a4rWs55WE~0opL;T8|^Vm^aOP8MN09za90CW}`N(GeVWH z^>y$Av)hgC5R78KuLFt7H!ZgxyD)cy8Vh5ZH4SwMJQ~q%R6fNI_}#5Tzt>1{!}rlf z{VC*>rRfQaE`~1c(ps*lnm|<=lYi57RxB_KFWT$^Y@q<v%GhgvlCD889KI7N%$B`eFZ&Lhs+4;Mgbj*SHYT|Lc1C6%}^!yVTlkhuO zg0Ny%pJ!J0Q&oSlVF*wUP*qB(@)su=_TLij9yK3WjqmUW-!&h^8Q1a$GsF+vR@P9~ zfrt5^<38xPtRFX6i51_%y+|Jv$HC)X949=N@EW1>=xm{!R9P6efNzlveFNWfutUeq zj3LA4d+!`^2R+Z5&$0Gs^q!-Qnty4=f-}zN_ZiBs_yON3_~UB$p|bV(H5a~8Mvp2? zmc}|G6P_qfMJIgug>Ya;%GdhK0xtI13p0a zgY`uwjPn7a*^@RL%LoY^MIT*&ZbM|kj%SEAo=Z)AV|3kbo=L~I|K@MK9YYFt{8R85tbK`V;4I$248hCp-qtl_-&pbH*RTrt1P;OVRXk-+qR2{O6Xakv*fq5jCAp z0uV&U-2Wy%n}A#}$+-P7%0=Uui8H3*TVjmS89l_L02}e{hi316H^rg=49~GM`;U50 ze2^M4{dP>K_e&0f_Ypif4=(O^MjPa#W;Z{@ZYm%mo^bLrs3ywWff26^;mxF-Mg?FX zCW?)z{)k!q4ydjTo74Ma=YvMvvw-o0x&)LzCO$V(_6>l+dLoggsn_YN-Y_gaOuiaOKss){6YCWeaj0hVtHE9P-St=OsBY}@TQf0Y2weSriv1{ zK$5M|b3xP{UotYKfd7W$2kaKjf8`s8@T0U{@n7<*BX)2P>y;nYPt}AjaZNyerg)V;E_h~h_FTpMBlUA0-fwmsR3vt){98=$vH;WYy zB~pr>QUPGguapxD@@u^%zU7+5%t?!F_HP-$JI@5MVy+bwN}*<<0nUape-rS*>>7az@6KY zU#GF-NFz_`)Ujd(-XXfOZ=6{1k2pSDgrcGY$3z_fZ7HGGxm0_>73=A2+uFDnD-wL~5Qz znp__$kHhsJ6aQj)zF?xee=kS(GbZ{p7Kx(I?}ecqGhW#<5YY&QUB;$YO%!$+O|PPP zjiNB`%@HWX>9n!zRXA>p|paCt09@U88LRgX)>JO4}q_dZRbcrJl{#hxLK5X%zt^>HRV(4PI^8LfC`ht8uGaF(pVR<^`u zMH!~_NNfA?9wbrgrP1%(HB2}SoHKx(pC61-PPP0})ZY6blOjT!)r+NoPBk@+5h zhYXl54YaVe8k6!V!S)2GlRqtA%MdhCu9AHD7SH4ugOKfLUfBmWqbk^uQdT9{5foG3 zv973*=v$hKfZQ|~s4To`Ds*pwo(gU%P4wO%uDQ$kA&(>a&wug?<%i7x&@mV2_-T6D zGvFTBS+f%CNO06o%U^ambQEMWU4)Yd)8^aYDA!4PYDKg68{us8d;tuMtRWv6H;09}Y<7%AgZ^%W zhNp_+GbQjD%IO=ytxn2^3__L(LKaG;mjowR!T=2Xrj`AsIW(oA;&3mPX(mJGPdL~P zTq^)zDXUS+8sR0Y16SjxU?71?LB*dERA?ye2~hlppl0v_YKw3aM9!kzpbN+&9;g<2 z0{+w%77U5~iuD7Wv$BY@9>Jm27TDtH{Rk%WULBtH9~^@y%Xuz}p?Sg*bA>vT4t?`) z<7s%rkmw9>Zj5>aV#UFpQJC`c9?q00)yS9-CDL$loEhdgoAfy7J88(@IA{CM4Y#if zHGtOVhqR=phvRl+FD`Tr3iF{S?1pR6n?Q*c;vp^l=UfJW&^O|5*5qiGR`!mN1%=gx zjM#XO;-_)yek9<8i)m|r!f|M~B=qrXqF>E-Q*$oPB<3P!3m-P?;s?%%10 zBF<{juTnzBF1EvHfG3*%uuaqF+A+oWB(z*t&g7Ff??DVAt;K6TRxS|$M|&wC?}^Dj zB(9kysFB*pc3`SwlnV2u8nU7XF?Z^ly9tPwf-YN^=lqHQZ%eHBAzkf?`PXDChO|9R z3b=p(zZX36C+w9oXYj764|UqHfzo!o?>8x2z47){ZGW<)X{Zr zf|_^Yxk+WUZhxVm;9b)PG5gZ)(gTs{HLh<97Ts+%nzp0IzQh*Vg?UHU{ux7&L|!*0 zAQ=~R_0h?H{8}>|=g72PM3nIUSbiu8J+ti)kUmQ4;=AvP-iNH0XJITW={dM^p|a03 zfRk;3$9TuFxuP*!f#119*ZRPZeDg;(Gkon^Bqrcz63#xBe*i{`g?)RixF#Z2WW@1I zopa;x9-Pdz8FVWhW>#H3MhN(Vg5+GkqT9%v4}k2FQ+!%@|Oe!NrFZ|J?#;C}D=*T0z$#JDb+gr#P(&Sykv%gM)G5R65_} zGpv-natZ*WD`|LzneT`IVd6gbyl!?^8Y%3LU2D>PotNcQNf?fI8T%JP;rjp) zSdNL`sy`;)Gw#a{y9FrQ`5nBM7;gqnZs4nKa!wGcKVDS<#qLXZ3yMK;`gDmZJe!m7 z8hn?^LN~yO;b%~;s9!z-dp#zZZ8NGgCrA%n;-tm};&pZ6syMobuO4r6-;?GN>OlPk z+cT8pDi`a_sZ-cXln~zKpA(UM{TGObwR7>L7Gsx7I^*8^l%NBx2KL zrpG+jLV96^$VcJWnGIq7Jy2u6 z*<-iVg1qD07r)^1{s&5;ydIi3!92GHIB%SXHe>^Z4IW@>Ep>0&m#Ze^0 zph&LRxpe$U9Lb>U*;dM}+UUx;Giz>7E619n8N_WN0GR9RO%_+Z7>A1{3E~Tt7-g0P zPGdgZfK=Ao1Edgt9sp*=broLT3SNIAFJFG~Sn8jgLtk&4Sk4m7<(I-Z0(>^qd01%m z&k>-FSE8PJ#ZEj9E6%D$$NVKa?c-u^WbvEaUdqDk-llvQh3BKB@@Focmr+=?q{}Ia z&a3(i0Y-DDCyTBF6;=4|+lR*$?_@!-{JJO2!qTF>y4y zhsQz*v0?yY4&FaqNb+dbvSXsXoVXZs%EON11RZ}bInE92oo6_-l8ovK{<)h?`JzXU(S zvxe=P$z8sHVB*?oi2fgr#Y*?!#>QsQjL^qD8?nD=`_m%B9sEtCfp3K;s0bRK_>01J zi)&_pp>GMNu2!7AV)@_3qf4*QrYrYuq(=B@`gDp#5)tRxg}fd1!zjkp{% z&+GdWRcrJQO|L~~qFbfJv-m=VAwGP3lzWYk$-i4}olf@UG8y|a4$ z#rH<*xd!#*5UBJH2C$Ikw_Vs27Ue0#gQx>5-b(;3TLxZ-`24;EyrT0mGKgOQFmol} zA*N1zm?qa{?IA$Fcf#uheCdU023tgbE=F*l7qvAm{Uib{u+gzR7Y3wu~;BpB& zDw>y1&{#b$Jm*349RLD#mLUvrlK9IFbeDGgF!%fdXC%rG^ShzUhZXb5ldT7Dla`B& zKbG(XKZFZ}!x%GNjNtSQr;;&E-^?V=~1Cl^rG~JZa+> zcP=Cws4`HByRlwAUYquC=$+`fdDdji{w}!YWXeH6Di@(_k9{aB*E>e)P7=iO?VTqRblz)Pm}BwxG0E%RZFXILwu zHy@83Kdj=tOn_3!*Xx9^U<}9D^T9F1AH?^vztAC9LKJn>?SD|v*x{l4(e;LL56OdA z{!c4i#p@ZTIFF)q^ckPsL%g7|y`e1w$iK$b_Yz6~8==E=X;lMhtUEEwI>2K*{QxI? zJ`#Q|jFeqEK*r?ZVT6)8QHW7o{)G`^`#m(^C0I`ZTIk#wLFKmsQsxF^n}Ch0hKg_5 zxP%iY@^bK18QQ-BvZbhO7rzgjZ3$mt#+5O|f0zbUGi>_t#;YMhs=gY**f0iN^@3cv zvM}Oua(%e$BbD_zA^_-}IDPQ6m4X#te;h}guUA;{Exj-u0@f=k0&aFfd^sSl2?X0w zY76M1Ma-Y!+$ENOim5)>3Ag_VoRNnJZK~6=AK-`*OR7u^&Ew@=5a6&NYTkv$>hGHR z8 z9>+b`>$f7@M|Xx@s28E+dQ9hrx|q9q-0Qx-;mk&r$Z)IIR%44ejiK{O0HfmU^S%$C zcj5&MuOS0R1XBgD-NSaEI)iyRf>>&5?JHW?BvLyI< zk;m%*$3bz`6!dMyyT?7-LXII|{TXhl$S)1Clho6wKG4tR4EsJ&UkHRabgDZNF*Vc; zoLLtFG!WOxj<0eWP^U^lGjb=|CdM5VNoWxoP-TVA>qhI0B7*lvoFO8=88}-+emcPI zH9Vg!)WkcYA{+WgKf)0Lr|HZf&S<@xc8<~l%m(9;yG;LubBpoFo#@VjN1*8cG(EhL zfu2}?AwU`0eUb)>6wzqrvdg@d0uN7N_93Hl4sz<9IM*1&y#<~340}c|{Nz+5;uX>H z%$LBDh!szt!expyAxdi0ST7s~a)1sCO*v)8*I-(ZM@E<%vNgyx`|+MNXhM9xE}m2d z7~t}JxcR4Q0$`9X4?a7r-MsUH8g-92>*?`e@2i}Tu7zae=L39~( z3aZxl^bTxlhssWyBf2&L)$+nz4ee~3+rKPJFvi?N6C>}qab2$s8l=Q%2xC57e?AB% z@wWJ3O9&=V0s?~x1bY}7z=W}=;baU)F9mN*|1&o}hsEbH=O)Hke`}=RaU6akvtoDz z&+BL+3MJvK#;=WbLsxb|yLd4lT1a*qPJp1~b*-u^ss;o+U?z_mH6~*v(We4ai4S!O2jnZK{2X}^E?2JTA z55dJe^iT=Ca~yTp(RxRKuV1m_Kk?xwy>P)>X2^)ta%FrLW(8~s{=6r8_HJkhy)8pA7R@}}*?uW@=KEt^Q zy?i1H^|~0S0VIODY80q*juSZOR4(*Si#UVgPxgR@f{>J}K-LIKkfL9;yz*?zT zH5MqZ_grAEACEy>jQumYBix#Wi>FGoGLYV1TfdA;Be1dmzY*SBXr=NuqrHE86Shz9 zeWShK{2A7d!}s$>d;ixh_}+@|r;mJJ68d|~>Bxxvr)4eY+J8FQdZ~=J0ktS>i>CiL ze;sBeG#Y!t5m~=Q((kfLIop?Cqxzr7Q1n>^%DiSpIEFXUjPDQA-k@gU#Jj9QmBg@c z?TYORXtbAt7#F`) z7tl_grTKIX+dXs%`cm8rI1{Jh=*l96xqJ0*S9C8gQsxy|b81}9Zb@`^EB>@3&{`SF zyj>dJb>C{R>vlv`VYigCEB*m1d%)_v%$uatCebZiUR)$xaeinkExPib;`24Ml>Yq; z&Hp33Z?PBT!?(f)QPul=$3p?moUBDW8`kb{gjEBst_2LHgL|1l`?z}DEMyp)J0rD4 zHk#}LK)v6=w!)wCxF1@f+oX(NpCsO>z)OuW4>B~vn=szp))`?%_Szz%mi}#XgfQf6 zc09Uctkw9#wL2n$*UFx>(kQzL;ukQtW!P%oV9NP48+yWt!-9As2dIm9y~uVJ#pspj zs%Aj3>inC{+xeA+KcIbUywC%*CY~r=U1$|wxSeW1pXdyQ z9;9pYWGhM`1pcw|=Lld7euY_gN}<(zv*cTz0&vh8du?Hg5F^GoR4#@_%T|yF~;#N&y=fOR=PERq2$>hyo!$ zwD=$P&u`&pejY|Ce0&n$Hu5d>^E0>NF%vpl=DDP{kmRqn(9Ru{C-Z3+UHD>0Bz%Db z@6bLEic>2n8vklP%1;eujDFrF=EOn0$Eg6bd4dcLPKz>TfKn!gN48I8CP$(tjAt3(HO0L7nt z#~{9{Vx8bYq;jsU??iaRSK!5CsH|}V*JgSJZ1d+%u6x!GhGUOqe%*N@+|K_!+O|$+ zz*CGm6LF(~0XB4K(6<}`4FXsHvMQrtWxwD}Cn)OOAmLG;3bk&)mX}Tck)w6jvJC;$qdtvZE+wGoxZgN0FBFhRqxFmY+t@L+D}o z`cwG*j6N9tO}?dok@9!Ata8s+!VETDqUdxJTvu2RI!2pqNPv^qPPf+??n`C zrX5TTShbX@F2CJWnqd_?@<@sfnp_B94}Z*qGU2P}%{Mis=7%qaHdH_zZY(<`(QVe_ z%@$$>A^TkC3+{?N4Q>1YTA+h1&;;KST9{v3m_4+^IC@YcFxmmWQO=7vV$SbfgKgIq z(%~Mn`LAz!6nVX;_e^;m?oVY+=xbjH-O*fC}?arfChj01FCM#qD^eWoBZ3>q3B9$FzxzG&dP|!@jh&~?8oXjEiYNZN@WS9>v>|m9q6X^qBK+5Grr~ zI{%m73GBu!<~2OTP*@WgXJasq?pPdKn?x>453M(!#N$bAC|k2m(Qe1*+f3w$@%(Da zdSaG{reEV{qGg2tP$YifDYcjtTpZp;%vXm!MY7{?_+IX@^G)!Mdd1o0NiePga9pF@3+t!{Ai_J%;RS@l z5tbBQud&Ar>;adejX%LdXcwBF=3?K*>uURwPSRzpMgYL_eaGUtm|GIOS{mK)S7{=! zPhz#u?!cupR(Usc(Q7NZ zjdaZ>U9A~Hz<)t>^&G()dvRkcxQ|%}`uQOpPHIIjwiv4saC{iBL~+~8(Re{G-;4W4 zBGscfp(@j6&Ro2=m;}Pb@2-v z%1yfXYUMWKWlt-=64_X|jo28k-uB?3D83)$wQeHbKZdDM$)Eg+-%CrL!|;3`?d*8lB}cFM*xI4}w&r<0feQv*|zFhwNsbxy@J`+=zdzG*Od_*DAy368I!p_bkNq z0#*V7QL@BH?HZDWH8kSow~+!pX8fLhE}f?66@04@hJMkz-w{l@G5J>!;;e}{ZT0!- zLlGj0xl;se6|fq^qd>+*+eW1j?Lr%WJ z*OOz`O5h~A6#Kph`u2qd@uyXedWe;uEpPU$53dBh@(i_0f`2aj&7rh0biez0^T;); zH+ot);=Z#Lwd7%v*+&F(t7?~#z17r_cL~w!wv99jW@I{`Q+^9=Ihx-o{d>^75qWri z(~nuvp~AeLL!d#{1HgxHleIvH^Nv9jJ75?cTzB-4SvaiFy}!p#auv~G9s>7qTTNjJN`5;IXE1}c@%Z~zTdgGSe#Hu43DSnM?#95#n##h})d=KUqB)ayYh61M?6hNo( zdrpq0Dt4~eLiZ*24$%l?-SFN+9i|RH^%eoyN(bT=eTU#Zqgh<9!)9mmX0M>yEj z-t;a-HhDLO6R0UBN*_lhdru1*4Fgj;o^eU`x#fX-aUc(T`VW)g>)s{U+7->5rax>p zg@I>B;YTMly3pH*Y@-X2%dh5#ALyV&CvxAj*Yj(c&!aup?uDi>^l3aT!jl*C*T+p| z&$Yw*W@}##J;iy2@HJc=)N;BlG{%^8TVpx}{r$w+7xF5gLKYeyn00bf&74vT5$qY9O5Yj=IiD9w=XQ(= zUC9e245{JC&7Gs&6~5^VUzewWP|=xhGVCx?M>jN6hyoGE$9*0_d<=mLOrn0X`4gk* zOB}N2qM-s9Yc0FrB(+f>zFae$$za&){o4Bzl;m#j*qAiRcVL!Kl^w^c$v~w#nlVAA ze}&EU+}*v;%^L81igRM%etpx5Ga?E3TT(5GW2ZD&rRB7^bM{Tst-nxvsype3V@o{U zYt??K_{t3)|dz z)~s2~#Svixoc7W|xd>ehcFH1Fc)?JIR$K9oqw03T_q;elvgo<-e}-T*nU4C(wi*7( z9C+L*4OK0T`u$dMO@LisXo5EpmZ&MFHJnxf^8PZw91UDD67J(1HI z7|dST78TTrZ((L;lbDT2zgW5uhXBh%sS=X|F8Bo;4HECi2-3UDK+m%)kqNizwp1Ynp%d%~o?l3vA+?FnQe`o;{FnedC3vgD!fI*d zLBYiUQ$Vc0?(Su?1~h$A7G7>=<5&Cm)~AoSt1Eh5`ds&QqTx~eY1b<~yTHIY0&Yh= zSR}V&Cs>|O>Qc$Lq%E2i9v6FIn1z9W3XA)wZ~%T60=v56tk=tyM#Wbn6zUUKDWa>Z zkfp6E1SyeL28G2t!|G6cQ)x{aS^v2-F}D756O$0Zn+q$`k_rLm)WD9~Rb&|>w3o4{ zmlX}f4E0>|-#lNG&uQ^Yj5$x4H#~>-eVn){pFd@fIF604l8I`U;e64I(K;YzOCRk`luuqf7LL%w56?BknMHqcHpqn)vj-W9 zK9;A2^jjTaJDoqYQ*K6{6PLw{Yl;dgL75aul@fm3Rw>27$LvZeo=)`ZcPpA+G}~AK z)xxii1`AFrhkg_j(4LVWlFtY5>13r==2N(pHX8c{F8w>08xX?!C++TvZtv}(D}`u^ zq9GC4Iour%`i-tI&6cJCNHq9R7X>aw`HDVkw&I^`gW+H2#uL1)w17GuQD8$9ICh4= zfk^mJJ{W0+dsgtHrdccT%yop*Py=Jz&g{?fH7 zJG5Xp{~YFaF>Wwb%cC^cwFe(veu`)DS&EPJ$1F6VanShT7F_c7T!kUt3%q6TIs^o) z$P^mh5AZ2V49%dnLdFj;l~P{h%zSxg=R=6$aoUTr&b;v(7errPFP2ZGxGNCHIj_%X zZ{)js{)u~29Nizq5f>gEnO_eeSN(Fd4$kh@HzHnfj=*?+fY0+eSa3lwXj>owD=Dui zLbc+nj*}uaL{BI#Ict{vODQ`=iu>80Kz|>h?8xO`i51_Zj4|VlsuU0lKA9OhKaOX2 zyv2m@qF4w~SS+;mKXt)s6&P1V$rI{eXxGtdKqHPb*q)&Y?MkpW1HdssIl6^F5&iu< zdnAtL6g;CjtDv#a%2yFSrE_DT7=JD4MRrW&`+jH{pF}tQyoE#bq9q2RkB1<-X*76_ zS)%Y5BjI@<3Qz4YJU<+Ur#+s-vuYH0FgrDM9-cuTq4wy5(3>&pD^@O0t%YbO?LUPm zEmnC3&D6MWo6LfA_TM^KnT->cm5P8gD)-UOtxLnp&($ushm=XXT4?MRNgzDD?6jC!BfxZZN_Jjj^YX znQ2zhD(i}k)ZaX=d6*sXcBijau&;KuxcW07#2W2Z6%!kO!(!%~PYg4ws> z1_5DmC(6i006{0FDE$Gn1#S&CyEz#QTf(pr&Hqp9$>!b>Z2I~!eD6qFZNVHmXKXQ3 z$>GZC*Ps)(nru55K1T}qQP!LDG26Gf-h4^2nT$M*e^HFF{EN+qOODO(e!@0-hWFw9 zAQN5$a7#ivH;&jbbFTc(s%b7%#dsB(uANTV3DC~I6u`Z9F9k6-cItG6R%C2J?+nfV zw1Pr51B$CG$;{gqq^YuAV-mv0o}N7->+dMM_vcV}*uVLje4vg1I__~L)hm}4SiQaC z8cA~0PZid^foHMhrm693FUEAKa@9HN>jLt~bzlsx$CSAiPZl+FDK?aKdaB?}gU5;m z9C_c;*%p2j4j1<61D@H2o^AT?;JZy)*>M`To*d#0@1tD3)bwciz1eN|)k=i(NQ19G z?nx2zj!yXNI?Oxz43p+WGmD;;&y^>lcSUndx+&qMen+~dPtU-$g{yOE%^)0)%dh?k z53i%NhrfQ>T(j(SvpvSQ|8gke@;_mP_di&N>F@ev{^C-2;hSRdO!d{+;bjR`9yfoe zvT^#)xNbS!=F)G)#H8#PCb%D7+YWt6X;CKR@>Y$_P}~hp*i|^oUv^zIn~Z-#I&XO_ zZy6UffAeR&4PwH1^y21YPg#b*>N8fsJAeo}PKS;&sAFRh@9Nlx_L!0-1mC=DylLyd92TW#kIL`{-9+^V0n2??C8#;;-9Omm{aHHRrkADB zf=I`ECvln0Sho@Hc9`D|ZiosJyD^T|M{tiq#(Ol~J(fI?exs}D5LIwu*Zv8Qd`Lsg z9vX=e_!9zmYd+Ep2b0SO@&{DnBGh>FFt>@X{E1L;6K~+a(xC=c{E1f7jO_yy*?a@Q znfM}=9eAD!VOV%C6bfJD64y*GfIqiN@b)r}BjY=~;bUv5;pc}NzKS55t^jstbD+}9 z%OB3n+dJxd2rIVY*7)bqFw3~g3MON-MhyDqBPVoJLFocauKym*78iKa1 zm(kXdgT_7ZTk;nPlCRcY5paoWuZ#8h_H;_DR?6Ap{R?l!2BSBwg`(j%=z!fz0q8<} zIS8umVtBpm1VS?IktMYJfZZ7a6fT5*z6q}vU!OvQIQ)l0k+T;izTRJt>fp_;=wgNO zP7Uqbyazzk^!W>MpTl@QA1FmO$j+ml?`U}B@SyQ#O_;|zJ0#p&yvO*0u5|1&9)cH< zI?1`A^fO#W@lQDT6ANXIy%it~e|Sz9i(}H(y0bMu{A2E3&7bhq8oOm3a)H6Fr|hqM zOIzg1$8YB6R<_Znsghh-`E5ruzm_!_tqKV_Yr=&Pf5MJ;QY|}|Wfd4r4vU3V`8tw( z{RvMx6#uxl@g}BuX)h{5L!`qzzaV}9ZTMfjrNClY!0yC^D|Cwe&a8rWZJwkBWm=YE zS-F!EnYZqoLL6Fc<|in$tcVJZ#4$c%;eF@QH?6nJ$g?tk&;{9Aso5asz8B!>N#!@7lmz zEf62C!U>@2)eu7jR)jl-;vM+Caz(g#=r;~GT;Tn!LKjhhWWjVbUwb}!z4-2cksIOybi*hw!a zoC^h>kK&<^gy=mKedaP_Derjym%QUOkv5tQdX_)lVm|&QKGw$t;HU8?v&a=R1cA1? z9FrLCTn~kb0WW!ls&yF|*ouF`+XJWo+fY|uOF4SSJ&6rHXg0Ltb!zA%zVd0dW^PQo zmhYU=NPoVHo;7U_xDXrW8QA|l*oLNIlBSQ##BTlL3ZOgMQOXl!83zXm_;~E|2z+??HuwhMjJh4E z9R0>SP#zv;_-;PF4KTLsLKFJSuaD6gSvU?DIAYY$RvwMerbwhkjB`Pp3}buGL1XiN zrcVg2MF#APO!)2fbeGS%@S2hKO3vUm3qR#vv3F~`N_ywg_vc+5= zFnn>(DDmP%-1PjFd6M8ze_Q11b~&GU9|Cxq#=G|6?aOE0h;YvNL=Bf5itAMN83f<0 z+?4*Yr`R_Rm8%p+W`CeoHBoO8QUm9t_^c_w5ah_n$)fPO)MvO^W`=CSks8m-vCT z5Razy1T2*A?EAFeC?s_U?4IjYf3Xm=q_-xHiVu~Yf?-vp3d?#slt=^JFVhgdT=7eS z;=e6!FM)P@o;Wrb7yI4|BoBn2iqU6&oVveF$gjdvE}j_xOxj&8 z*6i!Bd2bdkgJHu^sxok<8)1*L09#Vh_-RmWhL9hmY8PO&nKCZrG)ca_HcuViUDBZV zs^aAGdKHEnIv;oB;+f}Q9Ds<4kfA^b=k7<$@7BbP++Xbmv}00x7(m}N=wvxwqLr>j zHZ1V<+C6(f{Y#it+~Sec$Y&ZefY{%4>7`b0YA6hpSdH_`;u;%*Cw|ZjBk_*wsY(L3 z!8;(B)|kwCZ&f-OydtUVNg=x}Ac5) zAZ2EEFvIh0JgrUfF+3d;^Wsv#jIi=4MB(jmAgE2@-Ld%V2@>o8@R^hA zF0RB|O)bAEX-La^)6Hl3V`DUbhN<+q_Q&<^J4y3bWMEFHPjRzQMXi->e1_9q(e1fd#o5|Bp?&ybH*SS5 z7?4kgPjU}NE|Cq*jz(fHaY-`W*yp!~BV^NPq0Pc!7Ar8{WvDPhyWOQvaV0s_IcWaE zswQGW`zbZNyVtnt4jj3=)%f^W8&BCCS{R94{Ap~&fx zOQIwF9hEgIx{8;xS`$DMeCO%2E=3!@U#$w*;H{%}3&Kf4W7~qyNyqQ+pa{4-;BD`d+})Z z`79c_Pax(^oXI3VXbzjVA)S3(ZuI@7!&?%?EoBzR*z*>W=$AU?j+EmKULD@s>bCZ<4@y@T>_r;OT1B4?W441drSkS((=ozB)#qs%#Si z8>x0xT2nz8pHY4Sx-&bad{yM{_uX66=8v67cmtwmkFwalYO~o;+Xg zIl3qX#PjYC0ejrW3>Q%F_?r6ML@Z` z!8AxJ{T-eil^uskXp4J?UV76c@skE;omdf}m>IkUCL06y0<;FX8=_nQf6a~ z)rMPFjB5|K(Ib`NrZ3|%_{oo&FSduQfu4x=RF ze2n`z-yMI}Nrp4dFSABX7c@|jxCViDOWXOi&Hf2*&^<^&;~PIaWJb~O@Mq@3#G!}L z_RQNPE9$w~1c}EBN6c$+3!t*8E+B?9xJoWIjO!M6MfmG;&)1QH-H40K`crn5@ogSe zM)_aDd~cV2s|^=@%YW3x4I3)nNnG(_O14M;i07qe*^KHiqI#CySchN0n*JR=!*P!8 znB7&Q+>hzTP!I3!!?-}Q1w9}i;XCjMdX9!C6lpk;jc*6!2cv6^yBC?Kc=70$Hxt7A zm$#COV^E#w@N*aOjW2(pYyHl?OLLU?pRN%Ee#8Yy?>C|0NhA^z<`3UJ{@kP3c@XpX z%(T(9!m;xMXXi`Utmw(c4Uct!aS9%Yqow9=!Y{{Y*$&QqUtu!tG;%h1l8qS$F+TQw zo9^+(Yc~OeR76;s*?m{&d8HOh+l(0mMH)FUc*g*jfJS`s=BILgG=$TKCp=-8OE zA3PZWE`S<`{!A-3-)3N}(4Y3-F^G>({y9wNV|B%DI78$b+Kk)~cMY@QGqTZlN_esf z^BGVg+sW@B-;Os@LT%=%zu8%+-)M`RJ~b20+4N@X0E8!Vf!_z_aLO zxkK3TkIO5eJ814RFoCMEwrhAxf|;L8Px!~HsTQ`Gt|M5>5Bp5ToA$n?=$D+hG<7K7 zI*laKq9^!X#fd?|bA+l?m`)u}Kjtzc%vA{`uhLYZs`xK?@KwCj?B?B<;4ETWWV_nqy9d#7r>iwmoA9ky`8+RTyr<2#CtDHP%x0Cym4BXyvzV7$L_NoO8uf(1R|p8P z922V0!9RH42M@y^oAEG>j&3qomC*PKugF=a+RXQJiA>FotAe+Y7WlH~6@;*r3MrBH z1ta!b^Q>rWBdGfzx&fz>S4;(lzY^=r12t)-aCoVvTYNV^01x9dW^M4^&W}|3$CY3w z6OLn#m=iqgWNoB1TlV`4@!Y&WrQ(~kn<^B~>XqQ0c;korIlo-!yII8c*c=;MnBw`X zQd_{oWlByqw7=YJ4~YHK=TpyWR!^9yr&8-6Vp>j>66}vxga)OoACo^k`Mly!1NocK z^BiFC1;US+y>27rRRO_EUOtWx6FR=H4f74-ergB-lzDf6+$UW63&8Nr--o}T$Wp*} zoe2NNdd5T%UVwby>6UUO`|INhbEE8^d( z6rq#hSCDB;ZyP+4;oP#KLt$THDuoHor&E?+sm!bO)q=0`CG+^w+0)RTL6+uzu*Adb zd(&-xMKG?Uw1OMx^f2bxROU@jQ~Y<>hZ1dm@l_i?JR3GbSoVyz!@rKM06v>&*Or+1kACr780sNux=o?UM7*vhmD-utlABNM)aE^V%gaGt>O{U1^b= z52TdF12K%&frzR3#PXxWj4;4?;NnmAsm|kzuK@L=VP*&=2W*^ikrFiGH1p~p!}Ar+ z235QL?sT{R$@E$NtY4}ANq==a_lQ2)rN;~{r&smWUNltId0O*NqS}-uLldVNc-N2_ z5BRFBP6$;~S;@EWGO_#_?49o01HaVKEax0VeW)k8ScooR^wn5f+Fh(Exe+s6>URya9Mqhf z7wytm9R{%%X*umtmRFtiAJPR|(F?c4X+f5jRMG5>V_!<_@ibiMoYo&PFCfksX2t5? zL7R(r;NL|j!kAxh-n2BAuBJ&jLGQOw3b{=QrqA$Og&F=k^H#TQbpOW#4O zOFz%$w0pwxMfH-eUU0FxA^Q`nJFsoqezMIerHK`kEzqCFd+@920DY?Bzw?6h@cA+E zoHHo;ifAJ@?@PbQnePcvRJLd=Xbudpc469HaNvH_izKNclI%z0w*(Y-VVdTj3CiQa zbeeufx`67LT81iJ^SgZMJg?`ZvAT7j?tu1dBk&QqfA|HIvz z$4615|KmLnZzxy{;ZuN*KQ#JgS$TH1X2aW3;P%yLV7&*t~2$S#aZy4Gxfcc?c*<8IN*7pBKh1zFX%@J`kDzsjvg!9e6XCTc11GH4A$*_q77 zH0pEb=easR!jieI_RNfQUSSr^%enT!ru8XMkv9#4^4@E2pLfccj-OJj&%df}ewywj zIyPKUHz);NcC}Bcd(hIm?CHucUB!pvHSL}*yv@dAFW6{TcdBndFuS@DnZ9%Tr|@gw zq3wG?E9|0+*wCTeRlF%)WN)AG1%yzxXYB(wIR|dR4VlG z3GTZL%wBKJhw<&D%vL&popC4bbHM|@58={JXI56!jh)${3OXlQB?na3JsTt`Ujp18 zFWGf$P}EJ(UbjQGkJzoxbzl``&>7-ls$+-xs=WZJ zZX+aswVqaFNNyO8oc}CMxAuAMWOuiE&YB5ytx`wNGz|JOPUzA%TCA%tSf1ayEiuHp zdI&qexYL4!|xL^o=WWj&|oM7CiQjvtYj~ZGZTbT^)dIdo`Z!ynlqY&i0AB_+4wNuA80j4-)m= z*a?b~_b`g;&aOTRR3J7!t`zVbuX0dLZnU-*(C(K#`+sk$FW*g|cq$+q2d@GRsdz(d z$o?yk4j;$UQ;Rpmzh!SHznB9E&N*UzPO_|3x4fh~5BLmco?u%H+>*RZx8~6|XU;Cg zp|hwQP2@B8IMwo&{eLyeOcR~FAsFY34&D8#xg}s2n;svVN%()PLT6%DRPBSUb za}*uLL@tmC}0bkCo-Qt%ue-qkyN-PXl=_DZ7T;I zx4nsusy%pw9gO-2uDTq1!(sWDV$zXQLw?30-%Ho(AeC&ZY9_NNd#Kx?evC)y2M)D6 zBx@V4Hf87XfOPdM?GpIvhwR9b8$=Q(GQWT_GH;3t-TVOm% z;OWz+oz^Ed#lM~X4?A1TK(^k?PEa}i%$I+GJRWJ~XQkoJA+;0aZg6csB|nd@`^536 zL)n^9EFDT`rk`Tj;9L_r{mjA5|2}=E+xkQYNRxW!!5A`HNkOdr@|~ z=qMJ=6>t8j?r#0zin;R&ExPjpb^8m<=cu#~%nbPXemVnXsnb!^ZCa0awV#jcsQrG9 z_O6#L+K-+vLGAAnq1KlKz--8RH!nB<=5PGnPSEo#1#J2JwUkXw(qzI56^NpzHQd$Yko8=b$EF3T5IdhKIjP9og83qzY|9JPb~aU|6Q5a zyXX>#61I_>-Q`fSe=h2c4~+OLJ5CD3;Gopf!4|%>53xpl+RYDIa`w1?)!yDJBH|dc z1@F>w(sDmuN6|hj4>Gjk-*hnAR;ZQ|m^V0zUthA=-X6|(fX*6G(zkcRv}hnXQhrJY zHFurM(!}dOMzIZ}>S6VB>U5na`fcBXt?1j>p(^+>+?p? z1*L6!EmR9HR57pY62)piw13F@(xGhW9|Phm^j8>V}{Pu4MOe7UHEjqada1fz$f= zM2>s2kMi%ofZMP#sgraeNeSLxG%8m=di`ks1@)`A{GqLZAb-xqdl?e@Qu{#s5I^&Y ze)^8#Ah^^wI=lN7w+yg8fIC{%Lr`_8kB28`sA%k)F$@i*L+^1GZ;jiW>1o|~?S#%W zg%d$%@mjJmJ=4t$O&yt+x1tc*DQw@X@VW*_3R8T@1*y3pwPH-ot!{L)1fA)U-V=mr zd>4x9=vK6Wb-FCapJp;*XTj&n_TVY~{T>B*4t7&A^GR zBYw^AY(vxHRJ@5C!{cRcYxoO$`&cwOsl3-)SEEydvaHLt=n`l8ymPkYP#5=)r*zVT zUraA?Zo%yTm4&xJ&8J?1nYqhihp6ZsPto!0&D6;OOJ7T!wBEfrJ@mnJP1TnD>qJJJ z=_m|Q{}e@-itYo}wgt2W^*O34T!VrP(rI7ns5Q8=+nUd-I$u_#1*tDm!SiF-t@%Nt>BUCM6obhDEw-*yyj11Y6;rrv)qb=+ZX{e+z>OZUU# zUTMd`-PX1n`>?wx+AgO{2ZPquD!j9MWnY3WYpZf0{;06Fp*x5({V)~TnZEGmEwnEp z6CBPw$==tsh_n4UVh_#^WOr?69MC=$uMU`sgHeAcm!-?D8)a?VXkme(6#vI89Z0`e zri-h|re;cBmnNl`ZL@GcRlB;!K5z@neXXr7%GXmo+YXChJnIV%OUX6X)=R!6NhLOG z+wa-+mQHppId1va!u7GIom*i33~W()0j9>dC)G7Jc|Cfx>izXw1!JMFWqEq41wth< z_Vm=v=tP+68eqNuPP{xEQY0T;?JElK-&FVt-W~otU4-t2X<1t7gY93M9;}MAVGf4Z zzSz@l$dvVksojtiQ;W=ZXRZ`p}C*4D@c;@(vDO}vH|J1Ue1`(NS{g{Dfx^vP2>dy;68 zTqpRJXk=_O)*1RkKK*zsNa_J<)&b>oWDnG8loW!)nZS2gEn`xdhd!c&QbnxiA>7yGrfpt9IH8c0qkM;`-htN_vKcfxd~sXdOQ6v|f#M^|qtEt0n3tZVw*OZ;IT36n~?h+1RUwIVLx32gAPx$cxDb;n6b!F=X)U9^E zhBsp8-HTna|All1?9&(0n%_S8o=s>4f+_vBg00T>3;$BbZbN(pCM@{vwazr}CwQhW zzqo8v5eT%d3D!rjgfivK&1)JPt5Mh6GM|1yXLhtrq={U1JMnnf+Ir3@VV`%ZtRsnb z=5>$4jh*vLu3pS*z|p!fF`V;P*>#{{w%vLXkJsw3Ot-EcoCmLy8Mmd=$z?H!;DtNjLP*Q1-lXN4qKRhmpyetr+;7r;GK#E z`|Rn$K6D4q5AhN}6_g`uVi;8F&0Y{|4`H=_1a&%ME!NmaO6sFS*0%pUM`HEuOtV|h z+)&@R9X4~}0btP|({FpOm!KzYt;^Qq-4n>^y+j8M=P)PU{0Vou3nk_V%hgNAY%RdbkzSIcP7~0YzIm zqd#=O63Y(Jl_2@wvAYOYPKKJpvxgse9KD{Yz4*oLzvDlhsxovH$W3u==2I+Y>&El( z*xFKykd+Q~yS;de^?~+tsd}g4Uf1IeJiUzW@tu!shZoMy$^7MFx+yeNv<>_196BY- zJ|YT{+;~mhd^~*GZ7=9*>(;KOhk>!*s8{nPt8)vf4|Fr|5xaHidDD>UT3^%+lqyJO zu>#@?o=ZS)$``j`uEMj{qUa&v+k;C={GLy`DRI4Fw)pM!=zqkA6X$@;cpiQY509C} z^@`Nm+@kL%>vnawv$kXRrURh6n=jf6%GZ~U^oS{>1Qnd78>g$--L_SByp&$CygV(P zH?bW`3`Jj3a0q_gTCh*;Eco2AwRoMia;qbK?NG(C!%_SxaHnFeSZ6QZqgX3nhKc<^ zrC^;>@QPCKGNuQFt5Nh%#r=dIpuV@8c0R$EGw!|JY!bXKa}$>T-r%X3KcF;UGNKXZe-rzW>aY^;;Z(a| zdZMnk7kvWdgh}mr{382p12ic!giUg8E&eevN8$$L93hEPUBj&_es&(e;(PxkOkSlj zGTN8vr96oCBRJaKtA?V*_Jh=E%iZT5MK-p!odT||SFHJmfUW0~Z2&-*@&aa_36gf! zHTdQ9mbG}vA>_tgyyY&QNb4-zQ2?^xVJ;gUWB2K<%Y69>$%lv8{ohbM%m2|2YkxBC zuWJ7_<1%$0XwfK=TJHmeDYNxMcIBcFBzVUi6nJRcwq!{vV<}dKF8wx4NnnCweZJE`40cp>k@?Dy+XTeCOP6}?rVjiZaGBBo)r7AQ25eBzwS$ZueYJ_dj?bCr>xT#p6PS{AIiT2 zGKOngOLrK{uO9rm8ervrg$7S5e-}BwJn{;0&ju_$8=pn_2bjy>y1a{Si|)+c-G%Pe zW36p{2a{tV)kiscR^u(aIrW?LZlz$OBYhL71e;UGLG#W>X_s!?qNJx;@P1?pOUL?y zJafC$&(nD?;{E68B@QY3#4$RT$xm9u;KP_>K8)_eVWCXwXG=CPM^s*r znW*|Id*MmF{Ux*iqFiY}0<}-Yi{X`GkV8v{pHcc)S3Gg@S*93`Z$I|Yo-}S z*{mI8&MK6L53S8d72krD{$u#+Hq1G0BeGqW4c@IKvkw~GabzA99q-?FMdtO4s5hO+L7AZ zW$75WCAAl1(XTCR7o|_Nb3yxtGp2(EG4=nSeqk=!N7gluu-%!T`cHw2XoOOSu zfnayM?-=p9s_F2G`rm?AKsBp=tGm0vIMuMLzotHwU3{!tQ)Y#&1YJ9r295W|a=^ce zhVjfz&*AP1KCPoB$xb{Z@~h7i@ZX`Moc~xqtKY-=Su5{nt*oDA-rd3a*Bd)X!)Sfz z6jm;C(47t8 z2L-3zTDU0>fF=EZCU3mW&z_Dh)zN# z$2CK%=Hf%9Wr?UVhzSu!PeOy9n8u0Y~|++@JVd;hR->7WXN5nE^ly%4QP^t$+OX17=3~>;Rcj9{3DX)9j{~Jj?8+MT3~#^!K!ed0{_B zcBWYVEtw(oJ~_~tVmgh5^8q?oWDoCSW27Gk$kt8JnAyyU+#qIM@okWjAa)Ah%<&)Z zPX%2?f?2Z{o}emlGt>Hq*^Qsl5@+a{ktDnJsvC+oSs!>6sB5h3bf)X8G__@q(?@2f zO&Ft~)9LFZBUE+*NS~+C{HPRfgn8>mG&L^S&lI2RBXne{h3ff|j?|v~RL2k@I3veR z{R&m8Td7AM%=H5lkuYeB!y=+lZ-2>2ubt?bv57R>*v~1h|4o)oX1&1?F z?FP>I;53#Kism$0^{Pa|=OU*3;-w26A{u!Pac|KHPEKkzH~G zpWCvRePM_J->|Oy)$yDK=jb#{d?hi**35KJ*?EJtFCHqoM|w6}Shuelrfxd68#D>j zW!EMKr8+Gt3$1T~wMVs2T66|cWXQH>PHXR|$Y>q0wyipfZMGP4;$T)al|8bHj)7JFUwA^qJ zZWLX9@v@~B$=db`p2RWT5^$$$`?9@IHWXCZ{6EZ6?PzJ>Lm-jSYF!gE`HV8if8Au zDCxluS~jwuuHxOvH_=b+^UOy}ySp{_6ulp<+jr2JuIh&cUGZ0QK@!!9b@kv8?sS=j z_B}5j(7G{k5yi8v9>n|_*Ag}P8H60*N>{Nkm)7U@|C++7*>w`s%bY&XT!V5iYq6?$ zY(RDg{JAlmH^x=G)_U)B+Af`W1_#_5)0d5*b6=r#>Q}AnD`l_Ioj=odaA^tUxeW5$ zx-IdXw*HgvOxIdc2Z6U90^AB}?*`T?64Xol-`Nk)O@0*>kQL4f86QIVUC;7s#r(Pp zGEPeucrKia9jM?pF$`_?u)y4v{;YBe!geABwZf=&w`f7LC{%@{g@Hha6&|16&k zQ^5D2^#5E%bS!}jHrROg@wSTD4=TiIW zOwHD3k^9e8prP6}CbHAgd9UGk?RBV0`l1nR`Y3EV=X1Z|MDy1FTNg1HKe{h=<)YQ&>c}i-pwG2vgk$ri- zvv@=DBic2Pc6PaoUrBCos2g3!cHNjR+1%cj{6f~EKRHC{%;aIDFgSAS6_7ow-vAW;5ujLiOUPt($eLMKZs+p(5NG^ z{Sj;LK9>bha6Cfs)FM%?#Sq zO-E=J?@#V^TRtfMYH2~iS5C{jtY7yGzk4GOe4YZDaV|xC`fiL3L@BRNG zeRpHFPJf>xE9_Ks*k*@W*Wgu$n=>P}l3szh5a-}%nt3U6K2Y1I551-gy{7wu>WAdc zYwRNm+d7tB>r{7l?iq^fc9ym3PH3pky}~&hbm3bLp=B7IqsQXjV&=Gk_GuocU@c@m z7o%hUe=xu9cFX?DkUy<2NcQxc7wzdPSxKF|RIyH5Yll`J4iz#8dm~!IfP0c}tYQBA z7VZz<@sh#+ZT776v~E{AIt(U?uV7(Ck=Pg^h4?Va)vbX1}Tc2Ti`&MOp zR@wf(qj*#Dzx!V$qUPmB5_sGxI)x)wC?OS6C0?tMaPAFN}1lej$9B{v^fc4BPuVtSF<^Ipju zYwK`4@|yc?VJfb)(}Eg*Lm%cqvy3^kIMl;MAimeR+b19VYd(mGjZXDb)F;?we*5j} zuAKkWT9jBM`fjIVF=gxhPDrkJvvtK2I1ed45^n~E=zn)qd0_xwFdNa{7kJT8@UHT# z%x{z(rKqpD`68Lp`Eegd!4cM<+N<;II15>u=TNtxB7z2^4t3foySin2M(yJ)J{;R^ zSF@<(jc~U^N+PGO;IXMhjyrMIMm%}3Gnm04gw{% zzjeiheOUa|bL3m}iBskM8~Er07|)Z-3RE{-U8 z{+YUE*$H{kP|%GQAnt>;M6~7uC1aDTF(t-D$v@!lz9n+=ugcT6W4ONAW4ZANDlNX8 ze*pc4_vbOkjBJnweYWM1?Yz)$H`JZSc3YlP-H|=_G#e+~*d;p4)kCbQQe6efZ?|

pzFHr1)p!?+x6rk+yNd{^{PcGD?^vig>mYe?K1{AiVkLmti=Is-ca=CQ`QWl%DfeK9NX17L!G|qL+N(hSIW~v zTXXe2tv#=AS^Ks9*>10nJnO%=IIREvsxy;sx13NqKZVCWyXBCg?xuMoM5x5l2u-C5~bm!Q_I?fBdFjA_T;TD!WtU>{03OQ+ki2eR>?yLe0dI)3gC zZaC|p4QC4EL7@!nQ@4WRajG*5zdJ!d)T>VZ(Jisp9iYcuWWWBF!HH{d^~nkUP6OK(Vdr1A^Jw7CVO)@<9@ApmBB`*CXL&;&b&-!3H}X zfZ9I!wm;@Wq_uWDnQ>W3f0&&}n;YUu{VSYc}a%xzC~{nN^WIUY~JNk7qHSVBY*RqMH_*UL5EFs^QO>6Jp+G10_0ryc3upP^PFS@xa*5_YJ9RdyhQY@m=~xt9#>N9ESY!Kqe+mm8G{@@d%1RQDVGdx^*Sfl zSM2Ioywb)v%jdF7a#{|-1f6rYwRITVv%c*3*yM0NpPyyH3lLFy9I>w6gdwf15wcUz z_`8)1>Ufus1#SH2^Kp|ZW^P|zF~dZ~d7zk86 zeFLolX|#uD(2but=Zkg0E1{T9-z&wRExjP8uAsJ})})4EI}8xA^VuOJK(nvv_cLJI zUaj|kh3d;d8rjib@%E4Q!K3A$IL`NDY{wcrsqW4kK8)vdgP6Pq`vxid;e+j3ZtrkLf(TP#e+iCO<1p653vjM`U2$zTJ-q}>#99(#Isly zbOGzKwq1D=&pGa*&0ag8lBCxqk^0j+!w1GvHOG_Z=p@%!ChJZ^XC0cfJvu(~BE%mFfK) z6Mk&M7-N1vHm1MD6n@QEQ~dX?GnUVUH<<7m6K4PBPG!$MrL4wQPA#2T?XIkdNWW4v$AinpSC_tHC*y%FG()xY}tBrP@)gk;@d9yRyPj zU0s=@RXc8)>G0Il)+p7}9W}Y{RkSS7k-6I5Rzt>Z;kfv?1p7TtZX;R!6zSUFD9- znKiZL9?9noha(BODY#g+*?f_3A{b5vY~F;tD41vjlHZ%~YVoQnJvC)6huiMyg#-;y z>&ANd+BEAUu_i5na>xrNVj%P=qqC-_3R}rQa5@ybL*F=1Mjgg_QKma8^z}Ep)>Gwh z*lXRca#wG3teIR+lsUB?Xf+Xs3a5Wr?I@kq>q}s_nNW(d>dJD{n;DL|Rf@->Yc62V zIdglXD>cqq#Z&9b)dF&eA%~^a?lKMBG_$hCVQ3f=1-VyGz@$nmE9@?;YXfzb;-2X+ z<-Bwzuyi@^0UFg)15J>tb5});qqOLvkjE4!ckhI<998UN~b|gl+{#0Z90@12QZ+=gdB1XbRPphV?N+nHnXDCP;gGSD>aH~ z_^K^)E7Rc%mF}74ke8A1(IdxB4Ebeg-pEkMZ^J(e1Xv8eY|=<+Q9>&7215bAoQTN2 zSiqYIjEO`8VL6gaM3V^!eMeHRYe@v+G7cmQ20^kTFKUFEi6^|VM8H2GkGK|p>H6E9fQMo0OjLC^WtO-JdM$0qf0r?7>jR&+{ zfhi^ep^)rL#zK@ldlO6`FhrKU;g&_-mO?oalVRYG2cg1sX_a8dpF#=7z0Co9dMS^i zrTJr|`SWj>54uAr6!DEJkOQ$;Bqq&<9vJa03?ybV0+eLzb)m&lT@WhOKxqgh;t-N* z$?zf+j6)L}XoDnsG8zi{fL)#5us>vqQA&(l(+CgKN8*$hBMr(K4){#Ocw;i*k1R5N zR`LWAo`k=*Pc}kvCQ}910xPuC2E)O`sDkSy>FP0348Ev;7X`im4Qdp`fe<;m54b3t zjB+|lv0|p%eZ848Mp7TZZUL+stfOZ2Mf?F^_d${@&0%c`Dw($`0g>!PyG6Cufiv`Mn)Ki@cl=YPug z+0*(4jZ*6{g+SBvkCi6`J-Kv(nbxl^GbJ$`k8S7 z;rF!ieT(pC8YYiT>4d6^-Z5B-(_qGPQ>?rhj4|K-glYhK*Pfc2Q*;B zg7E)o??Rk-mJYJPuSxZ<++yGi!?le^$(H0JdyBi z8vZ`(4_f}NBYdBTUti4jYiQ|BBK%VgUr+cq8ZKe=E7B{Q%=le=MdE#xgYfWxh+jr{l!m7hE)IzHax(t}4ZE29 z35fc>k;!lE{S3yh8g?^zBGR8;PWWzt8!8CjujRjz@UJvnMfmSp{%#^%=p4l`%zN

GFEP-wOy|rQur$kE<8ot7Y}?wM(fdUr zKiAT!J<<|^Ck6=LqlK?${4TzCTLa-=)C>9C$oN|eA0+$_4d2H2xnA_Ah3tO8dQrb2 z)*f2;Cc@h_9A@%H!x3gt)o_#@sV(vsx}CL;_CChsPXmANjuRXxu$&-#X@dyQbevHd zZf5PF;YEZ?G`yH_nU-D);dug=-$A%e3x6l!h=!LCzC+-qy9lQ^9wIMgFiuYIkl*z9~!SDaa##=4?L#(|t{4>Ho)bP*Q z_a0;Nsn6nH5dNk1{f7zvQNzC^{O?8~FCSt1%^HP1@hIW{YWOk2?{n;ve?|C!Rv(WO zKBeI&2oDO1`0QA+VL|cz->~sFDDwX#DvNVu4Ve27XKx}{}j0TWwySi zy?=$RkBRi>tYh+5%MWuQ`$WSVSpU}WMkar?^fod5dZECtGJabq!vBZq(;9w_^=A#g z&gxr>znS%C?fn*3-wQ?m+)B7sg!gP?`kcVQ?QHy8DEMIq(?7)f_@prTStl_r^zoOx{3BReue~0NC8h)4Q7Xr_HkMVDa(Hg-=FYmfold3 zUaO@yknm;=4!{-uyN2EV(FyT))z9M-Z;R7PPaz5c>T6`-rV1#-6=6u2f1fDg7 zaDG^Xzku*}1ztoRGSVm!UcQiUU~$wN_S>WyZcio)t2fq=Yzl-E@>L__SIMDBWMNzm z1s4X;o*VKujHb}WKxFuivo&C^JTn|blcRilGLi_OWjq#;o4hS`5GyPzo>G@fzCvE) zjmtqa(E9`a8>FUSJdU=ZnbmH&E>ItV7&cotus9*vY{^(iibT;0B+T9L-=LbtAS4i% zaW$IE;mJ@)ZVZH?*8>DPWG;#CMp2u3NOQJUhgOver1n#YI>C?tKrAMsI5lAQ}J zTTp`y!Dd`&p`h>$Z$n@bv(WSC@zJA4FOW-sGDU(fNumUjE9{HJVra7FHAXFpCe6mk zBB~zzLZKWF1XzN$#zE2`8UEQu`U;`WIk1HzHmqd?_*C3(nXhC)cv>yxA*Gq&g<-UY zi#*8DSfn`!ty(Bk%R?J@S)KH#%1MKy*-CYVt77^j)@Z_F4L|LHx@3b5II=E;N%HB)Px`Qcg9ee6T)u8}(S*@s(fDx%Wc02M;5tme zW`~bYBFeb2<0ja~e&1F!Q3^)u<5FWH5tXW9kwnB73B@N#u|!i;!oth=8vcaiQmNt# z#1c|jz?(?MApa8kY_1fP7wA%2Nq~*w*kGanP2PmBakN~P3{&>Kz??1EIb`e|_4Uwl z0srVh(zIkS0%uU}4vEBIXT-u=j9Nssz=S zWUYcfy-jt&hGZlemtuk2lR?P09QDS4FA{+mzOVE8LoHaderhlj3X~0KHmK)lASQ=_ zL1RImH>8WG4@IkM&4FISVc!gfK|qAixNfQzsFeWg!n`!Z29j48e<4Pcw}?!I$`!h< zMI=U_(DxXbJE_#6%^AOh3x!NH5o1G|f%@QLDG`aV__>`s0KG2>GA)K5#05cN@@6YxQnNP}M1Gb@?otKd3Iec_R2TAw z7v`iY6PiA@f{8^J)h)$aKvXPdD@@oGY&I=b5nJMo&)3fjNBW5tN~v&M*Nq{7}y(M z2z8A@vn~P+JTgwLHZndMOHC!E%wv9O{>Z;0o`2!bf0~|8^XE)l{tLw8xVVa<2PBwn z4laNqUr=re@tfGmLfF(GZKtXf1>hSq4Bydi8t6cWhj z2^?T0S5=uu_9h`iFy{C`Y9s>q1wZsxUqUb?u$s+=lFugIm_fPzsr`vq}_M+ zzFzrWk9@KS88e+_Upma`kMQpf;IEJMNQc+l5=O6D&cgF*milq}O`I+o?7SuBbXbfb zoL()$^FYHm-NWg;xYA|jba+ND=k%K8#&)#z_%18Jb(}s^gy+SYY7WoWE8RWQp)c3; zptB6!%IULm`N=!mx-E>D@p$7niRpOWx;Ur~zJx6q4lcHF|A&&OH_&o)Hla0>{dMyV?3 zTZm33D4JmKOz@>&E-xjU7e^a!GzwD&NudX=H8Z(J-Y_)gvhfHcqey;H+!hZuG+zrv zW14BKXx^k~tl1wMH*Zob&@gXOJl4Em!GbB0GTS51x>knJVN&oYCp?)tZ#?LeNPthn zpR!`eB@gBEf{K8;kmQC;$fb&m3S(TZkAd_@QC{iMLgE`%V^G~JAY1Pyg&p*kU_B_) z0TA@w1~1BXEhaXRT;dPLC?Y(erBL%eLo}NMYmR+R_Z6rFZ#)izj30_#8VaJOq0aDR!)edJHs~jUhdmyr76+T!HlvU^Ki3BvL<3gi z0L)3$*j_!0b3YUBpv{gKR!h&_bv`LC4o0k)kpuRMcmSxlsX<_b8jv=r=*1jXly;o zQCc7)Z!ZkAfYR@4^oG$lCWI5_L}L?G5!Vx?oI=i8W(pHeq^*;aB>MpVw0YycV6bN} zW{oiiu4C?mJwkK3Ie5&wsP_yM%2!RjN^rG42F%)UuH+B&9*@jGEPxg*fWALecO~R= zK1G`D@z|6q$bIfr6djLPC*{$C4Oml@yq$iV<+km1s>EO%ySij&PkA&>EMq<`6{6Y# zQJDO@!i~YYV1jGkj;iV!oDjI-*&}qkxkqTvEL|w97#oPH81lO<7$#GfoxhO93uH0W zvU$94+=h0uSUn6Na*6hH3VcdXnE)hKwpVxrzr^(^M4PX*dHsIqiuf0L55%v6F_NQi zmc+zfl9>2EB*BJ_xRyWwlE9#RI6lpDK;DMB(F{XlOC?#inu98`C~Px{;&C z+n^gGbfL+AmnIcDNqN(NT`z-eT+qHGLjUH9ox%5>x8BbMIZ@ukM#!0)FER~ zF&s*^da`)H+?QNIVHOYyod9)WRa-3>rqKL~bx;h8SIF zOx9Kx@#kXbk_FC4@B%_BQz#KN6c5xMl6n)0>u{wSyn(QOCA7JSXY%Mi;>yQ zapEDH&*x)lmzI`tbxS|_GPDa1&($WF4nhNs!Knc}u_y^j1mBt?vFaoB8x%8QSOD zXQ(URc^5^SCwQe1CX_9 zK0&>g1f#4nM9o8fok|r3l4&=fDWWiMvt}@a%$dHMi^MLOoYhwH;EIk|JVLu;gv_Rr z%_)Ll$6?PgQ-w5z9C2GDdowCtz&ze@+>>mLEN%!25>M9M2GSJtEGUgwIg)ut6rv9Y zz-Y3r$v*+=%Rhnob|9Ld$}hK1kQ+fzi1~*M0Yflx2F=zOJKpFWH(?@tk)DP$JWd5) zeN8f;RrF$daC&MyXR|xtg3s8|#as1zMZcBz2 zg1Spn6Fw1+i|XfOZ4yjdlgx_I!ayME4dIyR!+{j5uOSf2*$>zX7FLxO66Hsomc?8G zWNOGMMl@|`hFNn$$htG80Cfw0K#atK%{ZbWMRdDdAcKv^9JHsQN7#23#_C`a9B2-N zv>rSo5Q9QRxMKnF8!nfMP%NHUQsfHbbheAmxci9>FC+z+{DQaPfR;d0Fkz!OCGlt= z03*H|Njde6sMz?`N{vIZg$gNFJi&ULo7T2*#Y#8$ks*SQ_c5HqGxqm#3kAL4ZH9$| zQG)I6wYdvo-+kW2Uv?0eLs>9ufT;8B`Tc|{dLr^Qspf(^LaClb>JJuXNh>`e%!J*ZXd zk|6fZB~ecLHnWl9Vj83CBgA~sggF9Qf6o%!M$>3ix8q!9;l5?Lrcz@9NPyIRTX`Wx z3@5!b{|3dfCFfMa=_2*TG+QEhSwb5+bDgkW+a(Gq;}$`kT?ivmGeS*6!}r#6wN}#xbSVB+m{0+$FGR-%w2|=zJdlv^5pi6HLq661|rAxQElPgR9udS!vhkT2Q7g%mXr^GW5vw@lKFCIV$% zvv~Akb*50di7K}q@<|PPq)-wpb$t}Zz|er0(?F1V0skh1N5hJ3QlaoRD)%nLF={a_ zl#+5851=mtl*-rK99Wz)Dne9EifbQ*=F`dc2vekU<904; z*i^8J9_7-4!U)lTozKR+J$OFJ+lcgb{#s_QwP<|I3;MP1;LdI_K)UR}8Z_P1Vvx3s z4lp*RH#2Lgo4XZ}RO5bGI!_@ADw0Tqn%LM}QR6N*vt}-gZBgABgRyaFQ80{KlzE&8 z1{r6ogGmhP+lk1+Kp12qS{dbW@-#-SL8@enATx;l(rmcm)|?2F9lB{?JmH6s;v*CX zXS00S$F5)VAyWZkh#-9BX8Z~=Z7387NmXn|u_hR3MxwoC$qQ%;HZ_3^!fwqQQnQpW zt3e2OOluS^7RV=)OarEZu{Rb7`TI?#x-ucJ&E&!(W8NZZcoBTsUoNcV_*?42#oHB$ph&zIHN$(U8PMX&c5h|6VUNv zi?mMyCjhTO6!fm)GiMnBXhPf&Z`{|#8`pch@n08je2;js0PiaE#Po5}m@x~mgUp+R zTE_yWh|s{vLXxdYvRz4RBf4{)Hx4lo#V#ADMk{Rgk&6_8y0? zNb$ueQl+_#qPO<`AI&(uBw(^bu#cUoUbHzr*${Q1*s=;WuW`s^@y;+cJWC6Fvw33g zRhUyg&!%{uty)PLIO71{dz`ZlRnc!)?A`|<)LzFp6_3;5(OI{8bSTW6A+ldW4D#up^rvk(AS>+4UjsqO%r;5=kZ^-1(Ho~Z;CjDAr0Lh5CM$Z0(32D@?iOrTMSoLE( zZ5s16@tTV;cym#YaJHG+z{J--@UP~sgS`c7hF#el)gTfOaX%dnh1s1Y@Z!wWiZEx zZ(^2F%@r=XNSUHJ6vYICL(YTVo?33qy9gCI=Edw?bUiL8YD$$K=Je#QW(!az13<(k z=L^l`PR!@2Hx~Blkj^!f03Qo%VgrV*>MM0IiNfX`d@drUANansAgxF|TZ zPwGNyERUN!(83_us&$`5Qw0r?x+qu0nFRwqV#qGW7r=AhY!299Lde!ns|kxtQ;s8H zu@q~YQ<(G0&aK@E1A)whj~;FG8Mub+b%>ZuS21A87Cx1#rr#pl!Ft9pBv#QX8wxbV<%kbNwLUI3 zjg40bO90z~uPTq?M|4ui0z))30s!MBnU@^KBYU*449NW5*^=-FaH^2AP|e1fBQ!iNH8Y3!odXgTCwnhb4QBXd#p2$xrWi!=0Sc$LkQ|a(U{ko#~fPByM_%t`pDj1V|%}0^a;Ji zp72d0=O$(}f{)Qu0MaOlt8(e(n3+dzh{wIrps>%~xuBi!At0aHYQFdfueW@Z1>_68=nQsl!6jHZ;$t+^oYkm-q^oO4yQ$wwmHe zM4~$TQyi_;F?MVsZTGUZ@6y8xDblwD=sX&)P7>yOpk%c*< zEKRIpInPjEV*r|>_t-ER_%$~QkHe26b{C+Kz%*(HeX^C))V>|PEh?gL5)VB zh;dy4-2Q4oKNGlbHPH}dOYCIy+j*8;bMfC0GR<2{TKHHCm{(Lzv)n8_%4Zfj1|nsntacn{$! zZ4Y_NlS%lZHuMO?Qx>V+(VAX{E@G8P$ps2WXecCA2g1}=RN5VGWv*mPU^OHHp>QC< z7bR%TZE~|W#B2xbo!IuvQ$#PCy3j(l-ULCD+|YpM%gX!&-(I2sqlpCzVM0Vj8*Nk+ zQ@pg@LAiqdgY^T0DgMNM$F)4IVEEH$1Z{$a&2**{lVAI?Nrg8L| zDdVHYR@Z2g28>FkV>~X}RaucUABzPo9Lo4k(OjG}&le3dMWc%M&8LdF2xp%Z=E9w6 z`X||n3Rws-(Svyx@Mr_Mqs4LwH0L}@7!tvY&J=tc4>0ab0me(B_In11*~qmThxcA~ zMC5!HMIaH4JUR5M7G9XU)Fm5a_6q8oPPx|w7hdPw>l4oq;BVLxwQzQ63@kRPG%U8* zVIivD9!TI~F72_8G>|74h8qJcQWuE_dP^eckLPof#jZ!m?k#HB$+@%tI$#}nSB zD1G}ZA3e)PszhTfl5F6am$tRGXH4rh3szCoV4sP(#yerXp_0i^?E9KqD?! zs`v&4P{bR(%|Xo(m7FHv&lvU{n6dHsH#z9&j7<;*rtN{;jsUC_=A_TaQSv;UMg@rT zRwo%r+Y81da6L8W+?V9xdYU!3<3UfmhD{N1Y~BVOXiIb(P*7R3DLS&wp^X(l+aX;t zZ{z~W@|dm=nf=SzVrMj6hZ{Wizf@Tb`5>EL*-iGDZ751Qz! zIo@recXK?X(n$Y4#}y`eGso>F`ky#{q0(4CyE*<$3(wAhJ*SG{OZii5+8oDmb(N@p zwqZ2J@h|!F0v`TFj(1lX+v_mL)|-s^`98-U6MZSis|1~Iw0)N2UHmCa?A)9$MYw9w zzN`e_;dorNv3@Ezt~1eBaQv8{vm2bGzi_->&=p31o8vD{^m9E7U+yu|Cv!a4L{D&> z_89r?j~uV@82NcS$M1WL?e)39HKHEazu_E@GtnI!`)iEp+{N)P`BUt3ev#vMO!Pi8 zd3($>(j6T8O!PZB{-H)^_5Uo#ubb#!a6Dj^F`X+p{yu+7_ptB{9JlhP*o^!qjyq-< z+x>NpKjcrb4?J%+!^379!`nEXKHJE*^Ei%~=s)B5S&hzG;2n-Lg5Hns5}(8Qhd*0+ zex`8j;ZKPjqb#*>+&;&c|HnCgPJ}OI=SuD5c;6f&AD%b2_wY7OFXK;zr++iY_s%u) z)ngp5o@A&9@lkz)_C-)r#`6^G&bfcuK8t{Ho#j zHWU3pj{jI|Z1?9lUSDe*A3x#vu!(-btqhO2)z}}$b6jz&v0Mp`AH3C=pMP=u-&>9R zc8ufxUQu3l{_ABNkMkPk+boV7y{7)f@e^L7T-wZW#%s(^zdD95J;>FUOyn((fB!_*(&E{Y>Hb#(+_;NOJr` z6a9A_KX0PH!SVY6V|nxHIUm=HaxwlX;#jFS>Tiu4x0vWpaJ;(SSgv9M=X#d$E4Kl;f2_V|%UUcw5j|KVNX% z=Qd6Lu=CkDo@Ao?IgXj=4|BZkHe)@%#qp>7xs12hkcGTH`STo}&uJWcP4sq-e{Z6{ z&heKEjo-}+as7=yIeSWzIj%I(lN`5)jP>&`jyDVXGDbhfaekALK7r#|Ci)_de{7;Z z$MKscdfza^-whk--{<&76FtE3{b6H0JjwBzuu-r0FUMI^I)fuzPly=lQ#iiaM8AXM zRS{!-KF9HECi)?c2So*)*Bi&PqsH`896w>AKhNk?!EQ-bBBb<6qrw z%+E%S_nGMZW4wN1M*0mL-(;dUaJ)QbtcS-qem-VwuXi~^mnGGP3G7W zH|pDWas1P`QI4(Q_&;%>PqOfzb8Jm;y`G0J;`sW6ar|1q@$Dx1QjY&GVU&AoINp>n z%E>P{9+WhOAH%U?qBnB9)I|RU$A9O~X;(1Gw}s;aNn<|qn;9-?HtJ(@IbPUol%GH0 z_$d?pKOBE(qFWbnd(k36XXCqrW50=hFUOB9GLFCNIo@HSpXT`D#YXxy9G5IM>S^;i zjx5&dpBjE8$G=`|lzT68yj9TiSon81{+vJac>Q12!sp{HM!ucPaneM8h~s~l=sP&h zv>5x#1$Qv~y*rHba*hKg`VTn%lZn2a<70OizkAu83{Sk%sE5qr`1U)EdfG2J{w;q> zSF@U4!}05P8td~*j`Nq8?0X!~Fwv77w=OZJ|6`8-W(vQ9<0B^em3J{b<}RZgn82}O zqEF{|-d)D=I>GUB6aCK|zjl|gKED*{E;ZKYr5qQU=p`KAyj0|$F;4PTZ@>AA0;B$A7=qD1X*-{Pw*@IeduY{wd@9`ZA6S z`E%+pZinHxmOm{#p~W1pN*V2Sf8%&Z%J|*A93SG(Wn6w<(8~F+)o7oY%<=qIV?Bg9 zzQ5Ht-+7YbzqcC4!885ihxjx_{K-&&b}q%GiU^)SEzS1E!ohF@{K8$z+5>&xu3{&1 z(>V-R;R3E8u$`z^u?<9olGJT=AS3#Riv(o>|e)IX$S}J(4W?f z$HIf!R4Ad}Nhsi3NbdLch?hHn#+_*o+oJ9?yNd^&#Q z%+c}eY$+NE1$`}&H?+vx5;rEHJ4URRR4BH%Q5H`nFn~$2H_9#@h3I4OGyr~x1%LGN z9v!G8<~f!7_t(cp8P0EA^O(^N@|=cQN9fQno0+|=VRj#(C_6eBpj!cY4xn>@INmIl zkZSqQk?~0*{gdQHf-UJ>e`1Mbn0&VJNNaSgh~l9QboxG?Q|$B7CfT4rfG$V4dAY{{ z#r{YV*Ip@+_zhAC-5WVYe2~5~GA`NOBjuU!zidaB9(gAHokI>|vK#lS)Zv$hy6DJZ}4P)1&P0i(>=-TmUg-^yQp@o ziR95?=80$~Oz06p=@FzBPioX|0mrMTYn6(*2H;W3bZ@6A9#?4&+FjGd&FqAydpziJ zTH{h`bdhjJi#blMOBbNB!maygMP-GHTg;dp#poYbfqBq&1kCTGR`5T(4or)$kk4jpXsY z(X{%j^?2NZ%C7+LK_?HK9#rNN*Bfnba+w0m3?rH&piW>%cxm0R)Dz$+8AC%1!q{Ed;H z@A{3ApC975FUNoW&DZm18ORKeyB0>H+A784aq(;Hb!4TqMo?#Z97wIHo~wtD-J__~1#S zeCT>o_#K=@9#lALs!MCx?Iem@Ppfv^G}Be>uLH^P4SPL@X+rW+y4)vjO}Uuca|EZSCRVq+C%}~ zzzyZ8=Xa(^5jvO*DvYiqz{|RECk-3Z$)`CGlfq|78+BYrPw&r6x~Fy-3GHZ*N3{eJ zHx$r?Lk2|=j}DSY;&lshJRUM80bzsTW^X9ym*b7-+=~9Q6R*{rDKQd{p9@HyS!WJN zIS4keBx=r=Mry=a)F$N@b9>^k3t2><1U==({-`-AYCSU8FDWmA%T8{wF*< z-Y#9B%g-TB#|v1l)}?=v(^0-o(uMEy14h5bR1bqW9dDn$RF}>roNhCPAIa(8C(~vw z{CG|uZ3=$_r;jm}YdWW2`~T?r$0*sBZ2{CR+qP}nwrzWst7h4@ZQHhO+qPY^?%wOH zbJuC>y_>(XeHqy^M?~Zpk)uUK|Le7X;^_bF|II!v^ncvyZ~t#rY5f0lT>qQz@xR%n zdH#?8{<}QWU)Pd<-2ZQ9{;N*^i60&D|GynG|Mvf8r)K;=aSHx+-oNVlpZ;0*x5NF_ z=l+S)^|y2X)wllf@xPt#ufF(CoaMir|F0Q@|M=10F7Q`h|HtqDcEP{;=s)rQH{YP} zzv>@2@_$_9Uk(-d&-tC>Kk@4t|0fRC-wym&oBiYDe>>G*b^4F9|Lu%_efB>t`L{Ft z)yDt0*5A(d*D?I#rhhxfUw!T$clz6f{(8?p9`d(~{nhsWc>Lck`qwf4Q*Zy9zYpnO z=Yib6%VYn`tNwQMe|huYj`lC_|JzajEBNHFQ@<83I63ge>?uaT9_vx-0lCJ zVE*459&}VrvfQ~JIjw67M zGk}f@DFcfefF}UaUt^rV=bIC80eAz@KmkB`19*A@czgf9ITej<{<}_r+}oS{zgP3W zZp;}On*6`t=zo?3{?Cq}{~xdZH3Ip6<-ePV{&!~=0^9%Yj`!b1^8iBsU-2kNJxnP7 zGbpvTw7387S`xMYE%euIpT7q+|J{R+=I=F1&H#=^0RKNDk-xsce?R2^%;o=|L}>rS z{;SNt9{7>}lcy61`0Cr!6MHqD9_okIH-c|0N7fMxz%GGiu_4wnJb@!#M6Bq_#E9Pm zOCZn&T7Y;PR#ArR*4+29$BGq;ghYAW{MN}aUn0*_*Lu0)vNl2F=P~Bb58NN%A0N`( zZqL_U$RG5cPtZTd^eu^Z!@j+nQcsaTa%|_3zaK`7zrM4ZUZ7h-_*?Ej^>_Ab@5a?@ z;q`I7MPp&mk4er+UD9VN9Ms4xA6}*>YkRmpCodBh8xNUZ=kz1pv(X!&#DHQ|dVQXk z7YiH7?PBC-W99WaPamML$|H>uNDd2{QYO7z#FiQ^mJQ++BS(hVjksJ|7bo z(Z%gL9_W1@4sd!(Uhdf6j^36DdE|fk^yzaK^xxpWo-gE2=WHE496NT4bJqqkAJy+5 z{v7qr6m>U}-`!(A`@CF;e>jBjzXM-few`g(5?kD7<$S!;NSYJBomSnd!KBipqpNGC zM<g7X{2% zsNaV_PQs{jme-iOe8hLAxLij!xU*rKHg@EG6>E?j;*3CP4^<1K7FJ=UaK;0|c!*th zyT6dE|D4PVr_bGUw1=qYkHf!HNT=l_RCe{ypt1hp9A7}ZX?pgk>&{jgoV3YsG3BH~ z(^NG@ZT{_&zVbrB>YaS>7Gq5Ug)u^bT^b3wAR+jf36q!GRDrfwB?aYH5`+o2K!vU7 z$?#yLW8Sy}#3xA?S&>t$Oj2!=c)!gc7e zb9>jb*tp z)-`3{Ypp?+BgPk4T-DG^YtZ=MoX`i&%pvl|+0ws#Bta_5Ik3o@*_W{}W^f?6a5=q* zbVil=q&SQ7Ov49NU~mP~ z))?1eF)ezdRLX~n96{9O+tc9S(Jg2*zY@~Carifhea#|g6Vx@lf58H@M%$MWSk|%W zA3o%W&x=aW?8%OtLI3Yd4$meh`??=HPxyup$J5noxZfTi*511M2PqKX7?hf$k3+a3 zJAsMP*t?9)_m;GYI4|V1^m_)=7q(tAXC?jadz~(jR|tHAgYf91cStMy?~{r6zC1qP zUEeTZLVL6UGX}KrI8P!()IC&AMD>z-`|52b1Mgs_Tq1bNWCGdfci6t-xxKSi1Ub2e z8)IG8Bn30WMHn!7<#JA;WxsZ!J{qPPOp;>#*9-?BAG0BCfLI;(Uh*a`tA60umTkRN zozI7TUkpi2sdLZ<@GYW@+eA(TR_km{`G%C^%~|++Tz@{OYqa!{HddhSL6h!0o7T6rkrd<$0+;Wum~DJ^ z+TFUS?ZaZ8#C|2t#7m&8mr1`4HOGP62U7uGfa*a>Lj|RK2aR3^Y)mfflkSrG0Dn;| zIJ%|#`hk9&WQOv--A~tU;zvMMt$ypb#+UtxcLm?x=l@K7c3#kQAnkijn2smxD+Zv6 z3?kP6CZsz`>AOL~IdXZxLW5y*5};{4s?1%nTLu_>!M)npsP#cYdorNkAUc{5qhVVrG63&;>})%j8lNzVgY(nZE5T>V+Vm1+_h8b?YbxBL9IZ59 z^ke>L6;(8MHZQ`5GB9>lRZCqr8OTE8o_5&ZJ6c19y~@jFfCtwKs5~s_D;_E?z7AUM z0eRsh88Aj8LZ`Ww;yQm=A4E5aPKf?#pO_`myg^<=s10Uzwj7x|QO8UO6cXxOFBCtvQ6I=%4{P{`Q z2xqq+RGk>zf1bVP1MoNJdXRTu;(R|pmq?VGr|Po=hYsHecKoq(d##wIOS;WVON+?{ zzh&iudhxUg{wV_{9=ntCQOz7{HLJ4HDgIAi|JP$K?$sm+xO)}|v&jQdR`gNN#goUD zTP^V`GhURGEhZ+YO;EEr^Q}Q5E(YQq{{f&EDm>Zw6|Y>1MMMWKVK%|&7$1?HT)a;i z?=NT)1uN2i$-cXN6}Y{foD2xC$uVaLnG|vX-~R8SRXTkldvz6L4VC<+8Tz>_WUR$~ z1W@)O=o}XN!u8ND8Z$RSE~>sxtE^N8jW{(ZG-X4aMZRX@g=vr=w5=H$^9%ZYkWH!uz>x!*kc56B!kh1ND@xmj{bZXoPR zpZPC;WLwOwr1UYscM1gn8v=*A46UttoF#)OrIXM`D< za}j2{LE0hK*vHHq7r5TUN~O(XwE$#Q>@xf4m2f;Ba?QzW%XvF&#XQ2=vv(_uz^?bU zL00t`51f#Bfvo*`^LyU!dU%GLh=KIX@9um;QOVsck`$F+`UXGmBtyfQvS;@roS`*Y z-VtskL3f2(?G@+JM^Up-1UWJ08Oa_fA0wrc0^^pTxo9*4YgsuxfS~Sz&^*P|ANMkD z47Ze&q{F2bM8vDQ?$?!H_+<<~skrkQukqs~7EQM55S@9?^MCN^<@9iWy;j<23@kdM zEHD`LNCxu)WCj;|f~tg&NM_MiBkuw`kQ9ZLQ`HqbJ((aGxe{z!iB56O1NVU*l^D6sA*ROA!MCM>gS3e!_XJi8_p)G?^eVs53TIHQ3w}=#{8nf&%c@boJK@bUFTHNi#UT9-y zX_HAp&R`iR25SqFLUC;Xh~JMH;5U==uH;e&v57|HTERmn4gVZ=EqHbF7@=36{rFhf zXz%akia-*E@lbbIWU0zmp#cV4BMJf7_qa5HOj&R;r;n4PucPttNws_y!sL1l4raq) zN8|~!Rl<_ZP`WZp2{}(6AgPGQ{DLn=+i6G z8rTTz!~(b8G;(!OPNnwxw0RT*J&sTm7fp9e*nztT>>{BpK^|W*!{e-#kwd5x!!}~@K!M)L@RJ2pBdle0jfxJcq)b9v7noy#_;DQi{O=cd z_74pLtVk#KJ7S(b9quilhrg;gd%mMM_S%u2$}gs{US*(DHHb^$q;KYgpe zo~h#CLA`Q++jWfF`hxpjxhC>@xbquAv)tClMdC^}JoLG^*l8q@LN!pIrN3=e3S<7! z-h?OMiOZNM`PL-Gz@f6)w^1shFgYAV#lG}|`qba<{3SW>zo!4wpRn2NH!VXzC(l3l*8V354 zPpjl?Gl6ZhAyGs?b=|U6+G+LIjL7I7j2obDO#3Z=-@#w^P;d?&f{*pU!cZoBpdBDD zX>sfLx6C+zl$M%Y#iBs&1oG==STFKpgtgVXjf=(E{qXTA*Y3pwjpUQ?x!K)yx?8|L zobV&RyrI_y9<1*S8#t+y_gLXu#s;Q3@tR9%yFTi#uLee6&gkX|7Xf9pMr~!!-hC^Z zkW5&LN-_D7?MNeJ3SYXvE_Rr*8=YW2+(K$#J>Y8-#$kqdI@HGYg$9T>T^9)Jm!RBP zGsfOSMk-ObYx3Y5s8^jQ#tVf;U@{1HD^NX?B^qG4 zbMKYDvtVbSn!Y=}1#4QnH^p=Dty&Uwg3VFh?&%<6v+qs6zNQg*J}=I`&Z0Zx%|$tb zr5~_3q*!x{R?BJtpgSoffe0F9^{dD@^S#aer%w3qbmxYM1~NV;nh^Tw75 ziOBB4D8mt)C&<<@SoT0(s_f{7i}TMY!XLFNk17Pp{hJ|@x($K->cmV+Cx@=N$;@>c z-g`2;F34s($KBaEw~f4wf1BU(aX+nTmb$iYzq&2GYun&pZFv`aeBR7_i^KQ$Q0%$^ z(nTTTDO;w3!!pV80goHnSF-^+@*iIvm^hKM7XqPoq|YH1VfUq?Es%dufgJ&fwnq&i zT}F2-?sS;h`sLRr$roDEF=P}4ij>o2xO}C!u6+vew5x+sJz_gG9)~lGDlJ0NVoCz2?qegfT;#N@Uh0T;^0Ajih za*v<9YHyRu3J$sPwl(=vt<|5vTpz5XvV~fUiPK-nBY>RN1zi>7=uY}=7f>jk(Xn=K zV~)xN$zu7nRbD7Crbz0?p~z6Lk>XeJ>;#r3E9LWQ=pl@qNt7k}MXgF9!UpW&0vbZd z0ZvrR5KMijfqn-7i~C9N-m;pZhLv1`ELhVc$g8m!?5k`%==K(y46C7s@{Xqy>gthmBQs^;-N^%@=EQmpOex%V zA2Fk1CNjn~*8%2DC~3%ZKnvH^$eAHG?vc@=NNnj8;Mx?$JzOpwWz`vmrUinevg0TP z852i^I$v$_qdLzm-4!;Ur-NjVuLlQvDbO8w#itNfBGB*jZUYuuEVg@i z$kGQy>IJ-OAyeIU2hl+#!`KxuOL_K0S#$g1eLV#F)3W4|l#EgGDtOFQ0obXrfq_q1 zK9!z&tt_jPa8^5tVV-b-JmQP&zMHzv-d93FF*qA=_RilA4}lFwm=q|?&PT58@q&td z<*c7y(Pq?dH%!N6Xssc%ar@8#839owmfCN2uZW5ZK?4 zNjQCq-KAmZx}A;&0ZLc0irP=q>GxmvNLcEGpL8E(>oQs6g*8OG?enjX38xq@K?rhzwAV zC>vWfABG4%+H512b>u=@!`}4WUvdyk3RK*%HD+L2g3u5wl1*I8Cp+9Cs@F=$B-tQ? zI*0|4mw4wMROk_0dzd|_2h?UvPj`f;*EcY@K4eL>o4u6032Gvg7_K8>=q`fOCqTRL z4D6~@_*xPA`^zPjKdx-JhNGU9rP|!9=#oFX1i$l7y{&LU0lnh<+{<0n)7YngzP}WN z?^x}seUoTak-Qbm#d+~E!|e8M-P+-o(B|Rn1L6+q1NepL3p#TdUPn+Ql>62GWU8d| z^oz%N-hlb#j!}y5m1-3$Ury=s@vHv!pg5ai$IgNTb7X{|qKF=-P~dNWvl2Itw(uIr zY>A~M1qO)$u+=ihm&8@kY}~nBH?Q#YG50>iI(V>T^z(4+1VOg$dw%DRaZ)Gxn_zRq zGJGxaVUQX`+c06iu<>xlnF0n00*!huqzb8mfG7zfSNrG68VD0qcfn=P$t$>*y`10N z_xea*TRYf4!jtm{De*5e4N;J^U|%~qzevR!31%)Er^45F z1@9RisKg*njl2ZUFYr9q9ocrzH|;~=j*Dv;gk72Ds7OMGCgQ})I|!)Dp}6RY*nzA= zePZLw%h*tQkkayX3y8P?_5-jp(1@X&mQeW{&r0OTA!%)lsxU@qrs*ywX>*W+pUZTS zJlKBd*rWJ(H|loLRAm`68l0InFt^Yb3%XWvEWZul9OWTNSu8`eOgiQE%4{mKWK4dU zT%f)K03|yJ6thSRVZe9Xy6SnGIwEC$JK@x}8t=-KEl_>o3pd&lObNRH`E2{T_4aPQ zCP8^MqHm$d4jWEqYHH(}qdG^3rw?prugVLePK5A&e@b5d()z>z)d^ z4b&@=^14OhfE|V(JdKRN&Oo=PHG9=Xc1XsJO zW*CrEbLyu_Cbm5chGIN%CWy~<5I%Du)fyWy<{)U*AzZ-v4eIH|(2G_5+o3P{ z>|$k-@A2kxT;~4LIfjmjGs|LIXtgf|%)$&So_=ykmWVD)rwJ)E)lOns+um|;dvqQ> zrea>C+JDZf!QnJjPXX%1-$}RG8%~qae0(r~X)p4gq?>^8!$?iyBT@?6UN&wu@cN0M zyD=Yp)E?l=c zbh<&#NKn@iwHy*=kVBCt69qc&NY;`Yt2PazXf-p$Mv5Aq3vqwrj0&k-Hp_MNn~(m6_5ThgR~b8JaLNs zuVYMPAkT4)6oJu2RvnMU=!t^gIXDBHBV{THccGe^jf`Sg4ARMUzR! zwfTmtSh@s8tmRCI`Sz)k!%^KeCIP2$7$1HR4P|3OHnj=u#S;v;!K8qe5;iR!vy(^8 zw!eVQcUi7kcU$PEoq0-X+4N5WnF441-F#@`7WZ!(W}oe$yKj+Dm*v^M=eMtKZML@# zRT(jjV{4*qACTzAV#iMwZQ@GLTs*inrY?e?-f+-bDLTd*ZB&v7$h+Mgo)T!h2NN4@ z9XYU*%XAlDAg0;dZmFN!scqDsjlJi_5Z7125Y={cU#11YkB#DAJLwCY{!8 zDwuMg{V~@@O}lDhqMt~3@qE5ANO!7iPC_RJjGXv-)l18p4KmiSYL#XJ5=C|a0psG5 zGgE;^i8j0L6R@znnAS$BHSN(yaI!b;*caWyR+g|I+9k<`$Nlr#$`WjHeOC|m@7&f zi5Q9$3%^{Ln^ml4)r3DCnMeWX+l{(Ww~U~Vh&s3~%bl_b{4YN(0aZwrWW#E^%hM5U z#xyZE0tvAeiWYh)6m97Oc?g8zU-PFH`z%Humvvb<>O}7`M%`QaQKN4;0$j}@>GH(s zdd0^QwbhhydVFK#?%uRF9vPfasOwii-8#D&{(+Rc+7k>GlCmw~G0uaw;*Rafpn73B z?t4lIoNMXur`suE*ZLzjM6fcy2KC;JuBpd@a`OTu(dFUBMI0iB*T!cj=CNUP-&z}- zM%&KQ_`y2bg6%w8u4mMA-FBv@Hf`P*wU4Rc(L_uZYC5?bPzW&yUr_d0Y2#6^3XfPQ z5hKbrgM^+=F?wQrr~NVFM_-p>D(T1}XC>Gg`Si|luUuaNd~fDwzv05Y?8fnf{tVBl z9YX}{ex~evs_j509Hg`|46%s0sEOi-JH2M{E|J0&1L(;cJuT*i#)ISMlW#1|#kBlOj)u97^AFLja3*%Ncth(YGX zpX83Au>LGxrJFb@3QFJ=%oUG>|75SAS-NLd#cdj@ukzf`OjiHiioFv|S=w^^URHV5 zPj%}{xD%5LNW+{PsdJHD1YBz9_Z$IN1<0asI*DR6>Rb#np`hb9a(zN32l;?o=0ps4 zv|2vN7UQ#d0hcsJ!^?AGd~|(i1tqcy!>&skChVSLO7G6z){b&Pav^aeJ8#gjK2b}s zl2!oQ&wLGoAc;Xw-*`v>ia+dSX6sz^ne3Ub?8a*mYX5bW&#HgAv`J0YpFL3!v-@<5 zEX8u_Mm%!KkcY-%Gf%|a6op^;@sT(q2!32KLw`pvIe>#opHMR1gfc_k57~ul^e{p8 z&QhA^&n$a(7*m+@F6K&rWD7BXRe6-UDQ>{PNvE}6iMpD^wAuGdwZv?nIK3BNt+O*r zT)bDzY%f9P245*{5dil+$~l>=)Yr@L1>EiWI@6fLAgt^8IdHqXngc-on-k0lIT5w8 zxL`Aw%#d|HYfBz(*|wUABUGtJ>yfS4?lGp-|LRj2xpB+Q81x|0L2j$RO z7^_4qmy-MGxHPd*?U!X6KMa@FWs*>|`e0hg?Gq`>EWb1>l@FLXhHGsK&$h1c)+?i? z@MzwsvMSL5`5cB?P10mHIrAu zE-M&xM4Gem@N*Q3I#R_az*F*bo)T~)>gm_syV4@^0sQAbqZF}U zY-(sk$n^xwX~x3b5+)Y9f3oSI^-v*qOgm71A>GV8q^kSAA7_4lp0A$Y?Y}907(DG= z+P&cMO7!;d%i-Ucb?!#JzK9n(yjVQBY@An)l@X)!<8~4l=+5ZjytpP#UKPHVa6k}N znI*Sl4j*&~Kn`qU3w@j9r^3v2XcCpQL5?r!7vw!q4Hwbt!n&VDeQQ1Bf2q2pVtMGH zMZQ}CdYrqg07hrvf<$_Ja$N3qhmHA2z6V&EHF;=t)s1pOc8EM17<> zpdz@7YZLC2UJm(69|3lB3D~J8b7(-E8>S!3gGg5>q$Ad#YCD<*Tf-Y?l1EA8`9W^? z!4NGvp#1k%pe%3cYT$9^K^LVmgRrDj8&9;#H-mrFJC`E1ZnKFY+^4TO*~#3|wMdP3 z?P+r$HWl_XIxxXuTEIDyZxlcAHjrZ7n-9LW7z+NXsY6?AfDgNS#8@5V)@OsP+ck1^ z_RS6Ar6UnO8}2Y!S%bK@REdYcweu%IJAVIXWHxj;-=i7B{C|G)&(oQ*6sYZYexPIt zaRyucYGT6Z@L`P{_j_t#)N(4}PfFTH^!XWDhh3l7F{Ti>t3&Zz>$HTKv0_T4$xekA(D9lmm{M;~Q=SVSu zK~ir9IMD-DqAVftz33t(5UHgLk31m<%1xb&Rq7axb}OA&zha%wY3^R*_Rpi;YM9-b zJN7Enm6T9H%1dU+(+c#ZAjveeKMv_EDHU~fUho>d%T@Rw=F3^YS)Y<4r2OhB@-(>8 z(#ik|ud_RE2GwI_NMftx%Jt(zK)ccgOzlHvZK(o;L{#r$?NA&v0*TAovo9(^;N>OR@O!+;wdbjXV%@Ln}_`FulyIV=aTK-;t5hTy@ zqJoSG5hawn48wW96e@6C13+du$6VX4Z>w`u(A12FisFP7$wo`8MS5^{vGK6+5dxaB z+>B9X+hlnz>IU&HO zmwUpK0$|MEX6D5|VRg+kft#-wZyAkfgVNS9cX+xdLJbIj0$khY!knRDdw1Cc*ncGh zz*4e*+L(o~x?EJ&9(>{rxU$7sRSW5^Nhz2rw#wk2(J6(Yi~1$43X$~sLaoa&ig2b! zrR&P3yI1U&0FUslAr=7H8UVk<;BOUBcPUrcZSzUgObeY0?kly19bg`&glkI62HzqR z?T>xbJX$d>R6R?bbNx9_1G8+=Agj##15BXb6f8hV7yX z_YgL3=FcmUpzm`|*6Y0YGuGn+SnyeVMEi3Lyeib(<~;7DA4#DZWwyP zowm_v#aKW~qkhXS&@#Xvqg4?Ly%NiK_WsEfTxnHl1QVk@#h@zPG zbX7eEU=1CRuMDNM3)qBd>8j+^uQ6A3lPE@H2T76*@i7sEFF(M>WdmnXh=M%avm?@V z>_+tzn`?<4!rcaOh02CD8k7ZZFr6wPQ2xBh(0-#_x0U@p6m{luKnJzBQcH<+CXADU zIdYuY@wU5HthSnXB|n4R*FONn7w51kVfW?Y`b%U;ki|hSTeK_w@}TvgJ$-O-vk+yR zT>z`U>AM905qrSuVVt49tg%^0F#&1-m+KjNapl_RB3AyS>{Hcc?m&JKIMH;`A&0!r zKnVo`S=um#BOGuWUS#!Tv#R^0<_3^1#}XTyOeL_9-oXzRtJ)iQTSOwyfKbR8*NbAt z+9E-xPOP)avNIG=>~A{_V}3jYi0V5ooV2UoJtIoam$&)C2G$Q+eaWuP2T7q)v;auz zREXTzl4k!1DjLExMo=rjaX(z+`Fx(1&hGMZx_@82aq<(#4k>oil{w+-TUlTKNde=) zA;ASA@(Hwd*L)LTaQ~b~1G@}q)2qiMdBTFuUda8WDzUZ4EoK=E_**PY<&p5v z=|-Z$0Bs8?enbYdzjP=d6&Af&NM|u57N`^cEs27RLK>BKQNrTJ$a80v@^?2&T+WH!T zg7ZY~C!RzT1FWQv&upqe3gk)seAKHW&GC!*l< zc3J{|k;h=;^3a~M)MCpFg=wU$k%&zxW2goR&Dv1@(P(HD{4@;^-*}huy#rFTn-&m& zP_bSLp5pR-sZa023fcu9DuPb`J=%+`KD&q@h%idsH`3PDn^#1+KMf=OP3cQAajf-% zkY!DaQK2(Rj|7loG*m9Qxv-p(flgJ{wfNg)6c7nRcDaN#S z?LfM~`=PXTR31s4O~Qem;a7XENXZHqp?5|A$$40NaQN+=GWMbpvcHm+n`yI0HZsG204?LPf?r=034b%Y1AMvL-2U=%=`?2|G z3SJO9_tEC<`Mnvjta?29$eIv3Wg(vDa*%{C+^|ro1xT*R%fv^L<0_DL{5GC7HczKE zs>sAqR6@TKV3x+{5I0CX9#8MB=q$M%^Cr}&Z>Y*cAO~QaMkJtGq`=AFCekX$nR zk(RC~Sah%su%t(NDGICW+n*i1z(3o`ehCWWAt~w!EYG0p^t_6qlC1d!(o=wBTxhqA zT!RiW16aX}2E-AA?FxTfCS@XoAD_^B?gN3X&j~ES%k(|>V8&1{&K=U)n`;@Lb9uIk z8C&2PJw~zheBjAOBUC$meSZXgzH6{Rt8+>BAv*3VUf;dsq>xeTBM@=w z!VyAE?!l6ZrkNfHu+fXvqVMOL#FlWJBIDSz?88ftHw2lOAj?4YvjI5?G=yejel8`# zsumpmOjJm8IY~OnvUd`TR_7DIH1_%m5{+BoEFl9JAc2NoNG064G(yOukgtWerKGd> zvkjU(xO4Lzr!AOQ=F;lbF*=+L#c*VAj0v}N9pSQ<{rFT6h}+bR6ie-9gJrF$Jf!xw z8d%Vw<4X3Z)L@e`8ilehTJjdaQd|XR$R~D0I23^*7~&uKwBR0qW7HL`Lp&9U59jQx$ycj0t|#%jJRt&mjo!V{B8o@=4y@UR8~wI;1DV!ll8Y z-9FN|N9ncw*aog|NEt!KWeWvCX~-%hrUfk_G&m}GLYd&<$00ljJ@f&Bl88^u6J+0e z1J4{3Qfx`U03wMGZ$tWu-{i#$)-?qsMZ$9708mdE75Hh@G~ctFXPLUhYV)0u`s+(2wYmhp}_(C zBDP7&Mt>X*0wz>!Y)(FD4^_c|3N_+y6#Z@Kl9gic3fyWbK=5wN9Y<_XBeiPwnT@Tf~(UQ-%q zbg;E)h5^<8n4wC*6(!Wf>DhxhJPm(VPh=Ia5bs|vKIgAq<`XL(0r0Hs6nT~-fzTon z>M=(E69;vL2SOikRo`1nGuM;`cO(_7)ZoE8nGbi0-j07z z1#U;5YIV=xs(PeuqJ5LlDypVHV3tPMC=KW@gh;Le1hJrqx_ncf(WcU`ik^kanM!*X zfzGnI-mq6^?|PmSS4<8lFgr!tX)M~T>X7Jt*BWkyE5EqWz_R2o<6KBT?i|IQ2dVfP z`j)!Akm=u@2Vl=T-Xe1wa5M_c8~o2Hn8d>* z8SwGFBZNvvl}0nhohRxqf=%aoic5c4_14CEOAJ3<2g2tdX^^_-T7k95u!^Ru$j5-X zLq!8{qj%&?0%-}Rz{{Y@qsLe-}5&k>D(for55>|!%`fB zM^O=qB=nCJI|~r>FHq49Sa#tC#5l)wYR6?ziSViqSkJxVNPRAJNm5ki%n8O4GXpXS zWa~GAm>C{3h4+mp7)X5Su?H#zilKRFDhq|0dgYOvpf}2jI>*HG3qCy)TL@6#VW1wF zDjac&RWPW!@Ah_YmbFU9Ge0usmtsX=T*k*=t;1K|@=^;=K+q+{*sh1{c&(9TC%1G@ zP{s9&)smx;^!n7eLas?^pNI{W;I6VjLIoL&BJm|OP!>Fn?&Tz8vPJ3&f)K=Mba4L*Yyq;Nm zS_}|dZbBZjwE2E%JHM)aovpQ(1VF8ludnQ0p4`WhhR}%-I&YKevepup=ekW6uNoM~ z*JnhiNt+6^eHCEq8?7pXtD@KN!69qA-;1W|JrFZ#sM7Hg^fIcz^EGJc_GmiqZ-yOB zfJI1Bh5+H188}s;TNCT~!QxuBSqjf2rrPt0s*1%_h>)=YxhJ{-*V08w9%=qkiQMNR z(~yceC=YAk97_V_TbM;8>J@1vGw-J+MwPH1F_GK1NY#;2s6epP^k}b2mrDoXJAzQH z49YSk?x6@5)=}^vLFYmo-^lyLcyWdl=w8vK2f-YMtCX{4JLBfKE|+@~ht&YFQWzGm z8ncG251tny0^$n7KUfxliXO79sri`V`l_n4;6t%0>#LuBo&8M88Gdb zLYM|*qy(v8VSh-T%30;a+0{j+4%9)}pvcdrHHNvb#(F5MMUWC|Ma&cWiFPT^)ze0( z)Eaeae*<#>4pNcNi^iF?*;jmSo#wh?A<@Bj9h!DkWlw;QQd~~Dvb{ztp;LlDGz==> zswSdb>;?*$nEdTSWX`FD=w+J`gTiSLL7I}7U5kIEz!nUC3bEFl)sDGTDzv)gM{vlu zW?EH1iIpV@Kah4tM_IV)F){MIrL4i6!s*qBGWeCQsZ~>(*^ORfU5F+ezoy48U&<)V z=@{dT1rDoyGhf3ql1l}LxJM6`VvG>$hm{#rIX>S(Z9}$-RNa7Bp`=|SCIICKYSaB0 zS7d$C3?eykOsE<`W@!UF+D53a@x~k~vnoW2G9ze8fMf5-L5SN)Fw_X#r z7H37X-h8efN(N1^(gFw`!)?mjDq2#;N?}s~_X;|Vo#cmX416P0Ia)qbtCu_HFe4^R zmk1C+0le+q%}X-)x~W0xZa$%ajEZZ+cNimH0Hb(oDFi+^E~K1=_s5+;@XlSFtQWki zYu6SLICzI2vTw~iuY}mO5;;AlW*hAn%TkZg@^&;?rEcRlER>%sIswtOC~jG(cNC-t`08u!2sMg)H%n0)Hge0*E*D|jV>z1jj94{$CpL@Gt9Bx0WcNB&1##=EjjgKd?~-ND&@;yk7@j%hKh@5{Obs^`tj`R*Y#UZH6wYxTMGo^Q)PZ{8$RRzilh2b^ z;)?=kYV>eZTOqmVHnG~<2(JP?f@lX>s)ftjkHGZ@AxX@usOe@VMZ*^`x!fS&7Ilt{ zj+z2gXP5+qkJ$q(fsXH6?et#U8e%S)d6jcuu2B@Gf~eQ_O@pSTB3qPhY@{%y)u?oJ z*^$_UFQ9_)Eoyq%X+jxH;w#;pPTj?t!GRzXG2Jqf(E+14pLx=-KXQ3p5s(^n5p;Nv zhrv>cNtBN%vX8^^!|_#a{f&AvQ6euqh~ts^wh+(-t0>_hUX9!!FKSI75EZD7rGB-c z{gm2O?f;3>@@wXd2NvroV*MtdsV*XrI~8|iu)U}!iA-t^CZkq@=cHS&fTPwn4;4Zv zdd?Qfwky>d-0@EKSXwnP)R1Z%na#)xm%sUQI%ToLe za`$CzQ8n6jrt3|0H)p@Loe_FLw@yRam$Mvfn`v%Rp)1qRBsk1EdaR>5gqOm2jZbqj;>qfRCC`~z)J!21sI=Jb6sNSe}1kIzH>8kvDmYOrY zyCrpflNg9uwq(2~ty7fO;Kfu#IFAYqs|WK8byVt&F3M({WxbRCyPWB=-}=1VI93B6 zeR#6g13+z6fXXkqmQ(uF2xX>4i8vQ;>SR?h|~Jd)%tZK7k@;xW2-&sCa*T z$;A+p?j|h1V%4okMgI%cm8C}?{LqjC+p}de(i>a`- zd>P^$4yU(7;z`^lHM<24=`^vEVtj8Vp~T{){Q;SJ*frA#rY+x{2Lah?!Z*!lS6L#$ zpF!BPU-zAJ3h_r>^>6KU;5_X!O^KKI)dzUHthCT$&?)7 zGU^(rfRAxyfOzfjnjV-);O!b}Of9YFWEz*mZwPT9xjg)2UGQxKX3b}iJOU~(lM2MC zKu3YD2s$%p*&J=IR>J*^5HJV=V?1U$Ncy|(XHu2SNhzyD4Y(OHoOGE)kAderIO7){ zYNhy%Qi&m~0*{rRuUS$jgaI15XvL{g&98|+Dsc)13pRG5_&?pGZuxnER^4z9@5XN= zQ*DodVu}SGK?A3}^*lZ3(^=xw>3p_)U8932tZ#x~%8S1~Y@fYs6q@E(2w^2smti&F zIfN_(g?LEG#EoiTeu;*uMXcnBxP59Zl(2#c@@P8=?$AkO&lqbL0U+06?bX3*ggm4)GXb5r7OGhV|lBk;y6+?2+rMNzH5>V82 ziaHGP+PlpZB@w6hqJbBI_1) zK)2Qx)*Fg-&bCR=y<`1)JD!&pr+=36@NsSV=A#DJ)Ks}b%d3^tfWMokdyv;!kTIRM z4no9CGYrp>Xy_{?q(!-}x>w;b?d0$AQiikw!ElzLJnlzBu6(X9o+wwda2c_7 z0P}e61pMoOlcSHJl}GL)O3l~X_v|{KR@Ml<+u6Q(HAxT4rM|)nsVt;|X+)DIqJCtY zME*RyD1OAif%txu=o^lnc?w$Ow^%VG9b+9|D%&ALS(nKY6qKnH1W6S>(-DgwKitl5 zKvL$4$YN8z!UWNiu)bQF_f@d@u$aB(w!%J$%F-{&VscZETyqyo#tw;Jc9esd*wR9V zw;{%@FbJtkcx2d=IMqdut+sx(b%6$FMu27$?e|*MF57ovFgQkoJr-0 z9*N$vMgKMfC9RO>Nd$K*(1>oaGqv@fIknd6#a8{lu0sy>zAT1hia z2kb2i0&*wT(*#5eBi$j_xF|;?#lfO2RAd(`A@qiq)w%e-?-<~unM@Q$G8BkA={zAQ zMdWI?8Hx=9pKwNF8r*fWQiLS5u<6!vS)zsMpb5eVmv4l{!t4}^Vu^C+wIsosMXnV< zXr}O24AMZ~MP_h$mcb>@PmFXmbB9Zp7Wz2 zDc}`~pU$4H$hqIW?l?`w(eYvxh`VLsda^w^-=t4-Hd2stv+#1hmzF>3nm0TSf$e6} zu^^y#Uq(Ssx>g+g`BGye=|*HnLC1`j9r{!6q7XbpycDj0<^l(dA;SN(=Ad9OobHVa zGNx1TQChL-yC^-`NH$Sox?I=Y<#2mg`a{NyS(9d5!y2^IENNf*LqL0N`uhQTZTQzo zl&t{!19{31^Tv63qUriRF`{cFO}Q#CEuD@bL>U1i;ZXhxTD9{#w*q1dT;ZKLIaMyQ zk4V}|o)2%J5>%;Mn?Q|ZRG@1i^R>eEWVKI^GHSLS5BAHax zwO=>D6>b>kDuk9b1R&!aXCSEW3sMS7aKOGmQY_D#BOyPx6%$xW&}b)}SG^b7!ZHzs zD*C|WqXc5Sp{S&{6B4%IqYJA{4(Nr$DlTO()1;1u@wBwG^!|fl9Qg?U>e&WlHNH2C zw_wibu$CBWI!v_i#%O*N$TGx7j*nU4L}ZdRDh zo_Jh;2~T_O(fQv|FKURpy2|Tli>%yO=u@ggBX>am1 zElpjOB;mD`=eA$gkvZ<~=H(aZ*s0XsCC#%(G)hrD$$Zesvn-P{7pofUjeB$-{1s=K zBz2=8OKP^q%rsCAg{}7ABM@)M^x1>EPzpZOBzf>vzH4!t_1nc(SAT?U4@RvITXm<@ zPnQ1pQBIL(;MPQRAtL5UU3Imd$f4Z^r=jyqWs@`@Lb&vjCN|HIB~lq+A=nx~zxOFl zoFq^RG5(rJswM(AlI+`*oa~xGJdZHL@I&OJSRJ5+@Nwt|XQ{eF z5@W*E+l#ZOnU~iWx5YJdwrPaVg+uHABrL1rNhAA_0>Rwu6xL#Yv%TD5DZ4Yz)m(VSgJC=giwV$%oSQraLs{QRuXYU-l+vC1oR$0iQe*bY8f;8J2jkU-1kygc+tgpw~rF(*Up2+iY7|w!_n* zGrXOf@ni{hbzlt>fg@ZW40d3^Ghjx4DR~tZS=D5^iCu{&at|ML`k&B z4gR3g_z%Aj@+{_UWwV3s=&lr1GMItcEw%*Q?Z)>}1PiMyL*APp3;ANvDW)9zz2F^AO`MSGVBenp> z1!H1FohvhCw0~ zrAnAcLI*tJQF6Nx4pD7qM1_gC_fs`Plx#y=fQ4v87CQy@qTj#&R3CcuNvshXuj>-H zb$ihKVgTY7jZc#)-Lh0mK`f~kY+#NHDd41Lhph-ZQf92nEs3kl#17qwXT6c&>;UDL zWo2mqML@d0m)MAI+#X&J(eCn3CHxd}IFYErD+W#JtN_^ojo!SoWB*CWXkZ!~o09Ub-@0IkqB@cK%b9XuqWMtccWDbNkO zRVA()WhkSliS_PXL)Kmf;gh2M^{@dNN8T$=m&M}#=j80}Dh$k`C8Bm|yDN_zUU*UG zOu{}Oj)25`t;8U@ujno{Faw-Jp4hCj2 z+9IIEF)UUJT&w(SeKla99D`#P9aH&L*DMvbK2QI{FpQrH3s2KyUUdH98D7(SkZTwN zgKb$bMmS%t+6eezl5uAi`mMH?txRnU=Bk1mlvLl$wu?C%FM zdpnqhCfxuZgx*9h99z+4LtV6+scQzmJTt+YWryWghZ955J%B7JgpVnzPqIvr zD?gBDfbXA(>Wd*GjivmVT!m@Aq9Kluxwq@lJe^VGh4 zP)$MV)IFI1fr=`)A}&Ju$F&)0lDllpIP*#&B~lx0%19}n<1RYqV6_w zb)QMPCaT)3xrVSs6jt+rQNeo ztz#WDi)$up&yEu&=d)Up&qnP%czq=|iY(|1zrn#ExCYj#PbCyAGjlOb}F? z2_UCsPT1xA{n)*S-wL4OE-e1Y1bsPc4jLN5I92%8Hit}WejJrgX67jLMnFT^p+@LN zCLhOBI=((AO+tZ+`i6oq1{pf(w9rEG0>*`4tH~Z1Y7%P_X%iZt0%*myC@`G9kw92Y zAQ+E!-4|L78l{(}3x2mm1p+W(8YO$i*}vRa#YR}?hap4OtLVTw_{FkJNzDqOj7h>) zlP4p~Erv}9P@q0gYpu0VKlm^bpa~KvIv;5Pho!>~u=q|}kG+|_l@}7W00Y_A#NP!E zs}|1J0#Zb(*s7Yj^Qm7cyXpM-=WF4M_-L~;`Wh-5!MZo_k(wJNhKBU(`sS*tLe7d^ zSEq=jMhPn-3F~G?HDgs#*Z4}f5{#32N)_OIs?37&y&~2^V_EPkBdpyBJI#R-!*n>l zasj451uBykd#FOo2%=i892E_ASqe9Z!hcJBi)Z{z%T)~~8&1gda5XMF@UdmUiaSw3|^RxgO^Myg>2UDl^BaWm;KLy&K01%c3a9vJf~?Ur zUjvFCMaH850k8y{G%~JW#^Yl}4d`ornkM+dkTQwqHhBSJmB#$N12s}>Z&y+5O| zOt1D$kfkMnk2CANf8Gqw2@eLFUP%V;H&)c#hm=fUuVqV!TCuJ%ZBp|}#0jC7tUw?I zQg%jc&p7cM*l2Vju2P4BpLae3?ib$mj-)bhe$VuYc40JG?Y}IGcp<4U0lS2xcuHvV zZbXr)&`tnPT}&F8lrZd=x51BWpkn3^OKQRR3$;~Xt0FgjZR<7X*$@WEg#8AGw`bkI zgN*1LNq7JP6Uvj9uoc=Zpm zgsrR2bccL)m3}$aQvEoCn`DL*i-&`Sg$9Q7>79&kXZF@+TvHK2~IrWY2LqL!DHknB%&4El%W4sHnIV;pgR zYs~$*&MkWqC#XO(bm=0mzg-v+sZb`{T5VXx<_{ULqbN2D;)*eRa2%P5@lbK6VzgEy zsZ43wfPnA9hlZv~J8Ik1=@dsqVn(vIPVp*;+bwj6t+cTw zA9~7aFr(|L)Idg*e96W{JXXc>e#CHsyA|Kjr&VD>rI69qQ9&ODWXfJK6Tob957n19 zAhg?fKgkd>voVFgw4O`^pcJ2ojuLfs5l16IO|gnQK#HHY2K51jmvjq6N)qc>MsWIF zmxddfZAlZ}`~2X&{6^beX(^y6%?X+u1#YW*%@ebRJ#3tX;Dx$g^AJ4ojTyeU(F!)0 zO6+XZfgsah+W|K1QnyY|zJsxXNx-Y9#z0mk8|Qcw>;gEhfO5I2S^UX-f^6FobGXZDipUWqF!j!>$>C=$KgD> zq=4Up`EQga2_jD&X}i{qYLu_ODYFk3NP%Gt%`ZfkP+2u`C}p$um_)I`o8w|E%2g~r zCQ%4&wnB`d&8pqlbKt9czlzX2^rU60L!I0pWucRFWK`~}sMjj4#FWBnDKa3WHAqHl z;S}9b@r8AaJ+lT};D7|#iaXksN(~dDJ*<`r@Fa@JZ1>`)Fw1mAm;tF`<0n!HC)(NC zlmtPkoRBX?&;L^H-2#)IpI5 zxf*y2rFZB(HF$UBorlDPl(WA#N2mvFQH2|j_gxM?y_mAqs;-sFS(Z;6uM_lyQ zfq12T^2*4;D9ML5ph4U31#FkfYQx-x3vJ9uDL8G<>QNkK{5Sm5VHlr!dIn6Q@ht@L zt;ZPz$-e|^z=H=`5dA9vl;i}8jQ#Fdc*ZZq7V-hm1P(VaG;x*?gB(ECTIJdw7ORKc zLvARWl94Sm*@ux?PNK$$nGPF4h8EvW-mdU1hIv5 z>FTyZ%M7**K|YqElYJ#$uxKpaNzD|cNulnbuy$DAlwrLJzT%1-Cw_7yqaf3@lp|#Y zDJg|7Pm~El(=}k?byPAV>ZU;FNAO|+$=(TOwhXo^r&bnHU2t*R z8VCg$#1d{#kz2ayGz|y*sR=JzL8Uoxgc47LGfGuol%~@l{k_^YCSJUh1)!vpDQFrEhzQqC` z{e;eJKvyM%i&V5C{+bW!1#>`Tf;*(~r)KdO6hXooG^aY!ElGWSuM>Z+=C0mXQ=WWx zp|cHW^Ua)GGevMu;1f)T6#Vs}jbdXb`t(de2PGmmD+Wbv#8a%^X#RPxMiT0`fpx9p z-ff2tJYemUTY=1t8r7AyC$MiHpnqrCuc5QSIq}x<$|(YL8^(RGo&-wTj|U%@Nyn_e%pa8Idn;*LnRQnnH7R)O61 z*PSPYE8N)DEH?-Sl$u5DQe(aYNGv70F2jf4=xu3b9V&@U9VXF~xvWrI)-g(As?OU$ zn~@WtKOnM>OHBTW^W{SIQuSOH0d`CUbma#Ga5o$Q#SuYS$=mW^7~Z6e=oc{#qyJ`y#yW|#Y(uhHUu4~`0VM2T_mtQ zb2i44j(=WdARth(!4MDn|B^kvSV`cZnTDy;0>^wz3RY&_=p7$%LdsZDwmjj@lR%6d z;#;9elG)#-il*6{D~{&3dF#;FZRpninhXH21K1$u1s0%A%zEuNISZnfgn_|REyxer z!211qEk&vB$0%Z*rV#l43h{!8 zkS-E~EWo2I&-i#^Jc!<&NY@(Y4S|uQK66gY&c?Q^CPKFKs?{`7Fe08y&YG8DwVI%G znB%76QGqc8qkTIhuA@0YOrsbg4#TqHetSiX0(Jvs%!uZ<3ok|u!1<9f4D`4K^V+ah zaDj>r6m2eIGjkiqWYUh?q`?z+NJviE zmHt6!ZftMqM^wh=xRTq{<}3`n>i$!k=^+GhJfrC zUxVg5S();SoY&)OjuE0j_Dw;Meyy%~^$K|kQ2p_|OcDD~KrFup@iP!ZR2Zk5VL-(X z9OrD~ti{+nl;&~+yl=RTj=@S^BCkI~7TxUcx!caMa|1jc%EHwsL}|BqOefctW_+s} zn#j#dd@e7wlqM=H&WP-#%`D-$?kU0}_o$M<$CBDwP>B90ImaD=@BfZPtruxmR3F?x zR^;Le(JFJ*#DgflERg4{xM!YTz`X4Y7HgD5f}JqJe`zF1mMVzGkbl+^{Fw(zM=ooS zCf$p_gU|rPfGh8y$K`!{IS`6FNW@opm%ytOjwDPmX~g?LM2o_2SmVnCg(A*x3g&TM5|MdYq3EeEwJFGN;|VFN}UVBrMqK~ z2{6`FZhoNfcyzQT{Xra{)?D1q%}^eGb_OS)W9Z_Hg;Pp$OS;Pj4V#A3y6U7qoKs(B zp9`$oKFEQNAsnDtSSgW$Ndyoi{sCs+Xo;S%M=dnEK=D@c^y=+P!u9U@Ju-%fkhP)( zmBa>6)Ev#vA{l82bS|RbD4nu0g}n!A!^+#+r|-6ckJ}FaDwURG!4VDD;r_W(gqhBe zKtaM0EnEHz1ULHac9WgHmG(4d{z_RA5dl)m9ZobQBQb}Gi$+7*8zh2YG!8EUS~iOg z#Q%uUW5NnclwuR27ybsJug zxGPmtC|y=?hqUmBZJjO!xTjEVutpl;+V~Iq0jxX*heXxG0|Bfob%msuvt$S%tD*9Y zAIE%t_H-ldqgdXt@P?xI261GEm62fa3V>sw53~GS2u!V5LYbZ3Bso7n?0BBD|J+*` zi)=rfXeGw>=?-&6N&Ix;B#s_!=w0kkd>)H}LrsEXUk@lUAq*hbVSey-?JGX1s)ug9 z`!ecN(L*ZHugdx%1#>WHY6i9Z_W+t+ph#QOkO3C|4f}v7l(pZ0TjrxbE=#gIIN81D zWag*jc60Ev2Z%F`33Ou)64Hp`xFHa{E+eX%P8~KOM1kN8^)3Dna6$bCF$Wfbi`gHw zhOhp>Awk5_LQ7{_73PlgZ{J){qwrqdiIIYrbX1rmD4Q*&fVnJd6=`N7y(ZeKe}n*E zbr|AMKjEtF$s_h6&}cFNL6sOEV_sInk*>BiJ0`6pRH3EgY;ATXuK>_o(S5IefeV{S zL$jRE`fjs*zL2G?A)4vGlH@Wl5Yrg#b0SFYDn`RdW10!l6%7%8rhsGX85-drbK6NZ z1k~1Rbch;ZZUn$8U=YrQCOI-a1niLuJH)iN()5f|)P^~4lVmEAOi{>yQad72kcUpi zK*gL4-YXaaJD+f{PNaN^{VYmC(tXHQJu(m28{278$tdST}iV-Tz0QPp1IMbGhx=w{Wmu*+~ zFhQ0Wqcw}i3cd%+N(o?No)Xlw9#irnkd(AeiUeM1NdqVBGfc78#?svzRYm`<>-h6R zLqlp+rQQpOcgQ=a(H(Xb>kTasDiX66$RNlb)3z|itFt=Y+W1ARX@Uwt&STe2!N*cC z`ME>!3IrWCO7H$9Wo_)SJv#eQXe4#=+?Gsf>OehuB<&s{Z!5Dp%(# z4N50`+eSXQQEUw4Q3S8R>FYQl5+y*3L)l&?(PPZXDVqAhI{=p)E&KhrjiBsAD$Wd= z{|F>I0n-u_zev$p$1$19Scb%PUSq(4(>TZ%LF2c5)JQ0(P+q5gvh10aMA9Jvf@!#l zVv^Wv#xq1ikVpf`3P#zjRN{asl}oymMaFA(Q)xde_wKy=5H)J6@6n`6SYj=zAb;4Q zCPzZqShj@&u2MWs39%95MS25AKN%EncxNVRh~hs@$vR6VtBJ|R^W!ENEp-MdOazK9 zT}_#kZ9$Q`l6p)C^6ox>Hyk0|MjSjxAK6ZJ%D@ny!RVgk>`SA5JTKXLLIkpPXa-mC zZnVjwXJZ$wjpwO5x`j%TqkuvQi_YflSGW3PDIa)Ltd!PQPPqjMJk7;+K_@%tx@zMw zSbO3n*Fcp=*t5Xe%IboMP9O7p?8y1`VExCiYt_)Q9nu-oA!<^a5td?$4<+ani zlhcB0?@xouYo2VDPR%h3lx;l^`lLI0tJuBA9hWudVgvT3x03I-af{ z9b!k`Z-HT*cz|@Rnz&=nVPnN4pTi@`ma8zlN-jh$PseEQ0AzFQ2nZ5zn)Gsab#=@} znkutkJ=}^^`Fl`jGj)uJXi|$;!)tgWT0TB>PCgC+ojJ7vX2HAUF1+GG8f@iKc+Ziv zY%rx=!ZjUXWxv9#M6hHGr-JVCmkF+Ee?2Qa70qTuRc|sG+s;cFLBS0#d)r8h^z31> zL#6HHzTv3b(K4RXqA5`xy+93VzPGm8-shVb;wr|%sEQzvVfBj&q77uKGTpbP96nOLoZXsMDf`ACkTpQA>tJB zIRy)jR!=yK8{_IkbT6-{t^4CjArfAY%pc}6@{*|$ocE!Tj^Z(p5#%X-DRDa`ogQr3Al&6J)O=Sl?xEV;y zMZ}~)F~z-J-f(py9_&9LBQuILS*8h~N#-;2s^gEGV^tB|<{v3qTa?1Gy~%GRPnP<} z5KDt#KYn3>?4Z@@!mMyqK*|b+rbLvcU|Mvj7Q5w`Y%3{Nr#O~GRA8lZk}ysZ+3|_mXLptWLJuUNYG>S%{#_bK_L(W#R~Kpkre0<2Qd};IGAu3Ne`M$zZX?Fa z8qI)5r`c8DMpBfvmJERoO7vPSn~m4B#IV|7Lbx;$fhG6 zq;X6@*qyh_zV_yDN%~Tnr7J{qNq^o>^?hN%KBT3>Tr^Yc2Tc+gvArcS1UAax+F2=LQXP_AQOP|% ztvaqvMyt2S77@z3NeNH!eZQY`?{a4<1}^K3Y}l7cahfjmT(e>QtW_iMmowGI56iJc zn?te-l=rirfOe&0j=BNbZ}^wBhR%-)C=6qi?@2~&b(qna0CG1j__k7~)b*1Xl*5gi zB*@F83%_Bi?JQc_#yCawcOdR86Y{H~81GCNhZUAI`2dSE6?Z<=l+!mNrb`93jf~^t znPVH8;EN`3=6}YPay_aUfN}|Q*k#2v4=yj;9W#;glZ=v7*c2JJ`l~r~>}R@ziDOJN zC|7k5rXw}c{Ea;o*jilkeF!5MQ8h|4`XZ`huqEybP)y}Btvji6;?3m~LgDdv48$!@ z(>y$!o{o-|D+^cUV{@=70^yd~a^rRv@-s?*<6k|!;9ZdjxKo}o92PA=8ZnZjMp{ap zom$|P!*n~REL(^P=TqW7b7z3|ySxeo1(eZ=*m-iVfrfE&8WnlTXjoI%>nOMpS9D5j zHpb?eE>0APso`hRgTHom%z|@sUv5J#J`s19zV%+0IjkY8{~^!^Dw~OYbO+vHsT6*j zxu=Z3h#XY*qW@VKRw(hT_!j$o+hpiEv5qBoTWQ0utJyxjxBY?o^A{Bg8cMf=ag3+| zbs}$$Q5?qmBg_3bI@;uTM~;vlW4)cyhK5sI*ciddRI1yBgx!*wHXf|kX*1G~Wm`#jdlCjhCe!Hgx9uh!9_) zpP?VUDs4vG{~StsAl^5>9kCDW-7rDfme>9`cy;KQ7}&J~e2!j{$`x1687L(=)xqf( z=-$y#4iqv}*0`@~jQ8V+c5&W)NIo?nIlELrMaY>5cl=3XpF=BmcwSLj4n~{3s7Nq> zM3U1>m#?{=AVY30iBe>Vtz^~*(Xg94ddx5BXL_FdwClZP{a+P!O#UUMXG48Un9|s2g$?=Zv$#CaYcsKu8O5 zGgla2JR*t4Q{E`jag^mU)2QjG{8G`tAZOCSp(I9k#L(0O>}{(-DU(+<5?^ z!5|C=mmX$e6+NPJzLXCATJPu{y@X`0vuQJ}y9z8|N_#=VFrlvwaj(Jt6khu3DH$O`WgBu4`YK=cNwCjQK9pf z<6*s4JaALq&rz9AQx968zZiNWhZPb8A@BPmV9i;QAa2Dfvpx#aTGxhC0J#=4zbo&K za$+xDE@o@YgP6Wa*wv-O3*QA+8!4)CjOR41i2Qhd^2Ksb^ElzK6*jgoLga;h+^nKMq1AKBSzf)2XO#mMlnswPg`RJSj0p`1>gtC?9-jMp5uj zCHs04L6%pmRRapfA3`mUiom_R{Whg~lMkpcYH%llnEL&RxTjUpulsetth=Jeg0hQ1 zxWVPn>sb)EffSKFQKYRtL-*!wKR{&RNCx)AFjzf71h={)E||mFZt^ANThQjm zU*c4NmPWdd{=ku3#k3~COvzM)4@Uwvn8^Jzv0|H4XI9x@(svAsz{hrH4eC*zNg*%^ z1D+@~lp&%N{sd=dGBILCDdi~QloeMM)I^<*2B=ea!hSfvhv@%jFaVWI%ar##OI%i%$Nh4g3` zL^1{41B{U3qkFtn3X*w1&i-kQ-js+hU6_he$G(&llESz0Kg#H44$<*);mi2P4T;0EP0-Ofk9!<-;t5T}U5$uWeEh$8m}#37gw+C3TW zErGD+NNOdU3$gZ%KE%J(1gJrF;%1=MBUuomZK32q(Rv*6>Q9O$Tyy&E;kfLBooArm z)ZzM-IV8b#%p06W{IuRqn*`=NdrbPE!OW08X?8QD&K)FyeXSX^s@3RV)j1ji(x6p_ za?J>jb%1eDweAjGP`o1p3#F*Di@ojwgAiLA6v^)}9*_~0ZCI-1Fl9kkdl~0@utCGH zfQ{+H2c;8kXr8^xD>`Qo-8+IVxp~xJ@Fv5I#x;*ai&^E5R^~Z^nGWwrs+E47!E6W3 zN16<l69O)Y} ziY*+;a=;G_PH17wGaOqz19j0jqYB{LRCJVO4}vnJGyQPO3RAv9rVNX5weVRQ;s~H@ zx9F&7PfFDnPtmv1=$!4)vL=%s1@B2xOEzJ+D%~@Y^-JPAC-Mn)u?GsJzt1y3e z^1&FLG^ytiugQmN4yG-&O-hZJ=>DKV0MM(Bq1APNhpn9UCV#rdJ}2PspV~n0h2cV; z5k{gDKTfLVE*(YGlo>&e#Np^VL`y$`h4JM$PiS59kOOcT2thg-egHAWEGRuJN_cag zCI<8ad-i4NmT%f-Pf|O?zq6u%8sKw~L}$%{Vh8t4f@=|bOj830;X4tb<<4ihOZ!WF z_x5feLs=pbZhHYK(z*GM{qN*N1!DJ;OtZ8(1E$64*gZna{ARS33lBow)9M88aZ#n< zVU?($wx-oE`?0GHIMu5$*^S}srQ__qXzUDuG%PP|1_mV`0aiFVD^zVXB{CPWQbhn| zR%HirB5wH)L|e43ql;Q6MqRKG!^Dk;7*Rk-#CMQJ3??0+8I^!RMzvwu8ZWG9McF6I z*@*2{Z%(}vVxwpXFe#4s$6*65k2szXd@IMisLe+5um%ALjB?1<12Xc4wOwoGMsZW| zcT&^~a2wUFZO^28e-0>hc6M3b;{~iduzc)a4iGkl z8i!1ag2q$sW6sU?ZJ!Uft!&f=GY@`8{W)oz!9IS*X*LQOn7L3*_9HR38mO(fNSG97 zZ5SHoo|Lc0aB_VSa@eT^vmE2{;e54Rn!YUM@Ah^1QyN>F^JDpXbZ+r+(aL|_`|<1T zwfD=_&D-%$DtK*)-A?bvb?NzKsqcqeUWi&^M5uw~MjEgr*nnX9ZM{`Qw8xn^%5ZiU z2RA?SPu%biB|ZzS6WoQUE~HFt(A;{p&@Tnt@u@u^+FFU=Az`#zWi%86qY#9u?uP^? zW_QwMAywDb__}0v{6ZyLd)xy`0^r6<6wVeZz9L!)7YQ8z4gCz43nPT`yM!$C$sVQX zypwk@yP8avO&#>dNG9Czb$eDTDD}LE6}-xeyo#Gt*dQVlMmkXw;aymTlK_~kcMf7> zPHTyXt=z~&fsSKs$s5JtCwOTGGfdHJIRRo>wt3ui2)5M}r&}no&z6+JI&D6ZWW+9x z6etC%fMCP3>ocb4ElI?#s4Qlys74u}3ieX2bJcPX1430V2Iz7Ro8>k4CT~*j`@kJU zj}#Wj&SsxxiK$=JT|pk!lqJrIa&(mRc?y!ja3dNd2UTJ&a1HE4ViN(A z1Z5$P7|O~QX=I`iLPC>>_)2%c8b9uj4ZN4%Em{S=rk4DLOcN190G4-XJM`T(r(`xr z;62ToyVn!7o&|&lx1UnX+`69j{JO_Oq`y6xA{Z`< zV$U!Jcd1(juSab8Rgfe4dEDL{nZpNuPE1ip{iOIWNjj?PFFJqsTyXzxzYyu1Ry_qi z!_w1oG9vWcDU|$eyDHo;$2297e=>#aE>8a6ZAgfw;R63~~Be%egUS{grtn$BSG+pq%(V|`aR zS(hnd9oa2>nVPmvx#%fg?aDUq(CDGQt#lY=j1FH1mKS6}#C{~7+FQxnZ|0M_?QJJ} z?sErrsYV`zHpr~10zxkP89}N8ea@t~sbyhQXR!5qY%JZ)yTQ9l&xEel>+< zoi*lVAnrm{>bHuqgHfsOmGwkuwNO6)eTA6C6F;mo z|6AXhBY)!;c0V)Lpdadsqed3%a;%VS@%d9$iHP(u;G$#o5diC{ftnBq$7ex8~{ z%!k1Z-lgue4zwLL_4hSN0UCRINP|T+D~nPb+NJIMk-gIE3?EGOM`MWIgG*I92NREL zvf>)#0>pH_)}D*HxK{+=IL#KTx4tDbl186Tu(WH?Xne}mXxUC=yf7{D=BFAex_jMF zn$uS6v9pL6XwZ+HZKBo%`4FY}I!NUj5aRd?rfOKS5P%CME3-{%2Sr*j)SI%PjboZ- z*n|w&fBsIWfXk6GE+93E6c@w}6;Z;MbSD}7@(t&}JC0<6T7ON83sY-~i#1Cq4$8x3 zIbew@0UZd)=tQo~y#f+0uKcn^}A}twE3|gmvp`qFP+vDTC9$TZYVat$buW{}&ziGx-a`kw zj2vti4?7Rni@^!BR`n6vi>*m-M7oC3a2*7&PkA!$Sh&kb=mkhKd^tmtjsyD8UXJZ; z`;RzuAvN;?CryOB0x~wPv9(QV2~S>vaOlgPhHg>dC08U-WiIAq7*XxcsZ)q8=bzfb zy}VFw{8RKZEa76$@4fMTt8G*iK2Sd5C($62PVRSL6q<8p4hn8Vg;kij!Ah00hs z6eCiWucF;Ycr3gH70iJ9Ob(Tp-BED%`0?ZwMV;nV8D+W-H7&K6frjB7c(mFjSpHhS zRFs;y2r{*&=ekxtv@t_XOL``1JPDI}8Z4~os;ONTtt$jYx<~%7WBIgwpjxTaaPEo% z+>J6RXf05>JGOyL(Z!cGQ@*|7)^JZr%20Qu=omuc;tm(!nB~6&tvJOa(SeI~wIzL1 zZQ`L0T6I>CtvQOKl6cP_n`=2^QZ$C&)ejN6sZtyrWkahzu`IsoH%f;w#?i{aj-C+YRN+7b|4=*?<_ft>w&%1%>3i~W^qM-xNAXY0% zooHP2MQZFFp+EyJ=u#Nb?T;H;^zN|cD?0`ZtQ-pq!LCG7yFvx=-4K~qv@cM*wZ62Y zb)H~YdV{+^F%%Dyjqg(qM1YSA#H+WvMv2g7HJpqYwuj8)UC4pIVSD!CLsghDJ7tBQ za8A((-52f&7aL68E6k=L`On%;hw3_&(SeM!i>ygGV3cQ@6Eq$ENSC}UcYBVqtW}6DFxXh3X$~*LTK<;Al)T|T<95^JkBUQ#-~-SF!e->R<@NgU z>p++k-q>09{BT}H7meF?D{+QPS>){EmVfj4QghTZjA&= z!wJGVi23X3SrfjSi+4qSoIlZ6W3jC5N-{}$*h1)4&TL$|Erx$5O5Rq}jv**_hX>g3 zytGRM6-dhs*eE1rD`4}2inK0+HYtapvenujLklz(W<3p65t6MzBwi_>B&3|1$NTl; z>}xx7FgG55M!DQhgtcakFS-yopC`X!@pYo0j96p6?xrisSc87x(+|#{jl<7*fy?LZ;zb9G%gY%`zE7^T zl!N1vn0ohfbUZ#QFE=yO`8K&&m>TNqKRct}#p(X}HGHo9#^LVt^ze2!dYC$T>Kh-T zhub@%9yI0-ZbuC^PXTZ4Vrv^Kp9E*HyaK6AsD|TCc(IQ|0?I@=3H!$|VP?$=;B-Cy zpzT5z09f2^(->hh87o#k7jQg#*zfWqFYQkdL2kH$tJlYe%#~eQAojj=+7||qE)i~| z(=^Z!LCeR@`~LgL{`%&^P zeKh3iM@wWO?_gnYTzcVnKup{KcX&f%%aXP-Bf_~<&ZWKqk%cy#bE6Q~-$LgBvPCIz zfVeyx?oEs5ycC!my4AuQkJW5=5hn7^9>^b+@(?W*i^GJm{53=kcmBE zP$<>->_v&D&8V5AmDFU;#v))RuZ1E=v9${ae!^Sqw6I|>30Wu|f+x$sfYnBb;*aW} zN{Z0doKtFOX$1r*bVLb6m;;(dcIt%n1Vqn!_E_P4A#rc$KHpmX_f{i6W310ISFlBR zz%FDO_%B4TCGq)W3;kv~DB)L{p({AXHjfp`m@X22>x~yUFyLraDwT=77EvimiBj8D>Ha~(H7v5zaD+#IkUx=N> zczfhaADRcZ(ScigcOE{eoZm`3M8}l~k)g<460o&Te3%<2_&4C@I>_{q+tgVV<3{wU z%xaGU>~0z<%MKC2WQK)?vq5y~V$Llf*jo*9b8EDO_Ox^@CBL$37$bQ!iWKAD+E)KwJ5 z^ihkYMWj$eX!WLWWYbT$DD~M-9KD6exb?$g zboQ+#SgH6+8Jt?QpVw^rZMHFSHNqrvK{%>g8)Ubq7Gr*uPly%)imI=xC%?~z$*RpH z$H|EIOW8~@fk1Vx6TJ}fhn1Gzr&yj8yv=xcN^qIu4pDZKBTVjz2E4PC_qZ5B?pN5= zq1o4QmAMXV^&HeH!LjU|7G?MPqm6Ul=}_rn+yv6d9ZdUOJ_zn9D;d8tYiD&tJax@oiWrDHAt&w70%8wiB|VzxNeJ7B zD5JzAET}D^1Y9+}1)dO5JpP+veH}V%oe8$2F@bKvdUNcRO$ zDBD6Cvr?UUDW%Tjd)Fn@xYv|KT|UO2Z0*fA@dZqOsqY@AIOh{OQoU)wEP9gCiB z!(4AMZhnFk<%p77*4*3X3A|Y3FEnHeKIR3S>b}dQgjirzJj4!t;)$)s`ZB_g0-4$* z;h&JzXS>MtPrNNfjI=pyBog7~sMVTxvlM$VaWTBrCNjv*I+=Dc0eI_L49a+Q;RyBN zp}Ux;>S!00`@YT?UY8U4L?miUQmspxPN9v{*Lk@xo|uLQKgrWFKe&m53Zl|B=Ze$d zUC99y5i-L%T-Cdf#DJ)Xqr@9=MzoHyUze?F<1yOQpv}!*kH2=gQg#H$+xaqpdkrXB z-^6cQS(e0oa{Kes4bG1VSLo3t*1)!&S-#Wc(Un8F&1&-_82suD&l%b++ich}^l2aL z)q;-bqhTo`-*sdWrNfZ?x+B-K#{Bt6m085v ze?DW)whmQJ&!0Tnb z?EFdR%SmW;<)pAJUqMim(pU{ChM9z%!eIft}K`#tQYWzs460VJZX)eh;%sl#27)>e`w^@{X)c z!&U>XmkxlXAH((@tRO9b#@GTBjw_efp`{>JT_u>1p$@lCeW)H#OHX-+E;^x2 z-@wmo%COjgWeN;pJeOpjuqtxc+q)eHRc=hObMR?`H!MZ*Tr*ry)^s{EuuL}Iw@iX{ zK$DgUZs)rOF0&;L@j~&!Mr$fnR-?fm55`2Z#9lF|%=AjMSs+@-r6Ay6+u4?6GX-qz z5F$XC6*^SYKtXD%lUfEH^$=k*92ZG;+6tdh5}(5%e%=ewGHrc`P4l-ijf4qjR8WM)O{>79w}a<_W>y{Vc0$MAuHs zcmND^xC2zp`p|Nd$fGp<1LG5JDf||~lwb{KPIy`hGA>Pm1G=8oeU@;JcTHmJS@iZx z!1i?eVNXLux6n%jGawvfhymsUke1j3sN%wr8^4>na*5$|pp^KF<^1Uy@*S7o&Yxn> zPo9?39;o!}>WZ{uXcFb{SCXh%BXk4(>@Ixewyv`MvAiZV)IPhN|8f||_hDiqf1k45 zE)IF7hT{Guc&DefM@$xsfMIDrH;whorL2Sjl~yR*F!L0v1g?n;K&KgE&mb}H*&agm z0aWmkN)IQ7@$L!*UI#x46Z=N5o;(`)OcxWaY{w0QVBSTh2YqG@L%ek@nf!S~NQ@r; zZJl=6e=}E>!gYq0$yzNncZ|ctTR?I8+t?&g)Vok~l9($+$d_VEI^am32d>@w1-q5W zj)TZHc(jp%nuFq!3OF^c;IL`IfqjY=any}WS;AoQfE@}6`8Ds+ZXkaO_vKo`f?ZW& zxNP4{**zY6x{Wm#kw-8+F#2v0VkWN`xr#v$?VHz3RC>Q+_;SsN*@N8ljRou}fBOv? z`em;L-LY9U5lYP9hLQlEEf%tGA3dEVLm&%8z%-T_v5(SD8_`ob@VbQ$7dKU)DKGqB zMDLb7fGWOK!(;rMUI}ZwI>zykEuEI(6zr{kF;WZiP*fBt*3JOEkWhwWS>)X+rD34u zL&W8o{2<1iz)~f*&dahP+@SsxM~D-5}jEr8O08z6>DJ7nAAI_%PS zfXE>uKJgAg&Z^Y#WeqvBMLsvM2(7Y#-zM58RpdWyv!Hn{47d`Dh#zXtoAhau8bzfW zHvCzAE#ko`1Xp53yN!QRW^}2 zypK9~1ITb6YP}$J6(p%Wx~(f2WO zk++msU@$#yX7ea{tjEg}N_~Z5*31gXT3A^)q7_u&Ia8^NTmwKkiY-;5;Q}-Bd@j+B zJOYlbAc$JpdmAMmaE)xi?~LDIh0Xyqag~qiOJGd`#GcobfTpr~Ouk`F`qHFz0rTu{5o#`BF}@AP>yHZ>k4Jh1s5 z`hZ*SIR;e0Wwyn($K9R1`>=$>8!0zWouIq#!_@Ghez3A*b*?{lll>{}-tP0bS{aZO zZ86RttE3LqafbW}56*?!4#F18(rfNCsE$)k3=t?{E@KFc5<`R-og>9`*t{T!ezSwB zO4x8pvB^4=9tReQ9rB?G7@k^wQpZLP7^|%{8-EC}> z+->xU*N!J$>ZGcDS}bOVoSvNSCz2>4#bG$fXCeX4=(neDeO?Bzyrh+@34?(Vt@uKj;Rzg( zi{M7`P8~`Ig{c(;T|Z5=8jZ`jAXbYqKy0rari>>FBYOQ3E5Ev&x&d1vYlTDbZgO8T z*=7tKsgW^-d9o1i*7tl?yR};C|;g2LzB*jC?^EiQbv^n$oGav zN|UXcE5!}r);CDT&=ft1yg5356BaHyP$rHw7f{y^h$!RGe;XtgtVl1iUOq|`Y0@WZ z3yD%ebmZ}r2bv=)QmkNcDP5 z#R#1fC-q=|8i}Ir$5M+IZa#Z+@~U@!vPH+41C^72fTJZMeZ)4`z%kFjX0_$3DAUWK zw4?@=%~LLk(vd^2@HP z(hy^7j6DmH%yt(NC6t324V4&3@z8(p$2A3xL8wr(I?*nY%}}*dffioMcL!GSkdOKP zpZ}}@L~=Evg1yyk$@`Qntx@5JX6Qw;OzL?_diC+x4A!92Q~e5MM_2=(r@=j3^ImGg z%ZC!JB|x){Rbak|ZOmf4p4h0QGAic?aAbs*MocwmLJi-&7m~>$^*qE4K_?zxs+eC5 z%S=p4l^P!MS&n~G^rs`!)GByL(zz+X(T+*^k_dW(3fKoMb=Rc?)Fl`!K$e=e+8=nc zAS@CU)+XFqzbwnoOin}1f0eM@{ZRc=L*n30|wpQN>VK(x9#c}LdXP;yNjR<-Zjh zg#X(2YPiDQ5LcC})K)+u^0aDzKI^K}x$4JcG^w(Q7JnxjaCF@(M{B$8O`l&oh1#kR z-Ng4_uBk>!BsMQoI;nfrhhcQZ`*V3SqLQ38p<+FUq(p_L7!6K%EY*g#_c`#$vkDxQ zR1K;!_@c&Cz(SDJ=!=kRTm@T*ax*MN=xv}BmR@LlI%`RFS&SB>&L*7ZkKy8jlIzu3 zN>`QFmW!ej6X$VCU($%!;X<|P%z7N^IdQZvf^)NpdB!uNEFI1>5#tIPa!ZL}1(v1} z`CW$|Sq(2Ujm3j!o!FzX3T?(;+H-{{&{dyP1}3el2CC7K2-Tk=plXG}X`}DJzSjnC zUWd-L+1uFzU;v@Pkb=T*Wnb^vH&VEd(~G$bQLaQJS2p%3LH%G`Tgs*3z1~Z|TOTr%Y37(owGH{(8p1s^kI@AL7*D>8!&YmRodyRke0sYt19=^Y{eNRMC z6>p`CD1D!C3AiPEl`aKZ=yzkWAA-G7OLhiA;rRFe$K6Fy7HqCV0_eMku}l z=3lu*;f3fVn_2&&&w)O;0CgBlH7g2?V%=)!X8w@gmMHx@BBbJuHfaCHL$p z3K}eWxNpg0$%V4&J;XuILZppq{F)e=ZS$u$&;DYZdrN{n8%_HF66dnlGT>pdcz1@G+f^_sD2RF! zBh;{-mDsHI`wz(Y4EN-N{k`3-8zzv1H56wB$c%KWZXW&l^!2(Eh$0Sxo~~_E%Pjv= zed-V+_pHqEg6VLW+{Bih)yVkkkB2f zV)K*{y?Jtao}8a}e+H-UB7HaTX|p78Rd#SYF4GS=Au{m(@D3#wZk=#p9?Koo`?+m_ znt?E!S|YfAX7`goMhBnEN@fH&EoJJYwjJ=oeAIHHkH=h2)31y`^vbf}x~T2f#7&9> znWPutMr=k6GZ?n)5CL~C?Gop!2+&jr5n`+P zsuh&K&QbGY@h5PURdsanNI}F^=g?P3YG$%nt9lw=bq$TSjHo`V+vC%LdcUxl?!M!!Q!3A0JeM%WEgQZyCCpW4q;Fb zTM*|y5-{i}OCFkK@5~%IA()G$85k~2KGG8?ZbIKZlo^YuvsB$y;v#+QPuE2-X$TX> zFd58<1~R!wCLhYQG2O5zCKsL*!kDZGA1t(lGDVS0A&}|zprh9(=SK&cCnfNA_faLi zvcPuQPiHo_Y2A)nBs)$71 zXs6DQG%VtuIlIg$8i`|~4(oFqO!Q>uQ%%~%PpK)x6|6L!#GSt{mzEcGvoh>xiHU?r zqKILzvm<#7#MnfD&_WZ998o&yYU?!95Lex0|v!Ur@ueKKA`` zt+%1U)=#TF?YiuzRq2zumz?dG&ot;S3D{6<2Bz3v7e=ZF9j!ZP;-w7~3(kPhoPH|? znq`hcTFzCslS@RIf>%qif94b>v`f~BtOI`6;1!jG{EP&AYN)jr7>|N_3;O|+ zpO{mUzDwd{<}99H$Y~vT~GQKA@3<=QYIQKYENT-xd=K&P*^!YLDd@b z)ne#jiZ;p@D_dTyL5=FRDcxm_>#F5sP$#=<1WDS%d;M?r)=i$LPz-tvO~o3=;`c1@ z$*fM1M3>zrl5fRu9~`*01aJCE-VQL{;^wh0)V3WJ9?gTNxeV?nxRok0V{;`^#TCYK zuaEjWTWa0WmcO8JN4ua4dp#^>prgqo3+WZpc|DZSUdf=5Xf?cIUXe%>Qi(TS_e^cKl$hUJ~=T|vfZ7s;UJXw*6D z%PI+AqU@GDE+C?6ovjZiXd@bg~Wz(^l4YbJ0$&SF~IF_ zw2Srz@{~ralM01hk04P>U-SAn7X8!1EH*A0PA|_LCFJCdcJ8VJz^g>Po? zgT4TRsW2%Ez)}`x6D!$J?)lrNQM>+n5T}gf7SSVYYotUnj?!07Li4O0JL?^u9w(F;4*%+2^?gw>y`V#wE@yI) z@kjlG($Y3HgU!(hBWrAn=M9CVKq;Enp2E(*r^qJ?clET2mH`B_NNeWH4L=X3sX;sQ zti-wlXBK+4(OV=38-XQfGpgh&P(fyICgYlV+emEW1ZX!9hWN2`Qbt#kYqkN;Xxq6e zZuV0l8bgCPo%L?GL0TawKfGK|NE`3hlMjf-e-{S24;V2Rl5Lta{JR|vXh2qwwH;H*Bh72(pqo#h`x7Ce1Tgv>ROSTLmukM$^-ji%|BM#8^VYwc6<9>_u}ly%L_H zWI2w%BdM0+h$<G9sB7{y7k(d<)>S#Pg9dUW@aAzjz8z7(2(w-U+k4Gt8e4{ zLfC2)@8Ft#tW@2EkaDNaf-=vvj$duPb!qe&;&>CQfg98no6{SVfk0tmo9Un`CX1Tf zsu;w8p?v{e1J2-p!$t?!OH<`|LUZ@14a%?6mog{1KGxdlwUB6;tRg5{UQ)wLtRzBT z_p-5px-c3o6*kB1&S0_RikG}!+Gb$_umC5XeP$?4T=Y|3Q%TWrH2^fP`g7 zq2*Rm4S_+5Ayq?9nZ!DA` zaoWEb_Da4b(Fg&uG+YxFx{j@2&;75$Qhlu1ideBfn2m52iAW*Ls7)&DLNO!4k)kzu z>5MX%T)6->m!Rc7Xgw&+J++!t-iA&_3BNPBL}in3mL$)m*D#>OQbQB(b)>(@)o90; z{_3UGFwf-_qwf{t9m9={PBB|mty48BxCFeUH*k&)BuC8{Y zi&_@Chf+^f6FY!s_WEu0PwB}!g2-)ym|bTq{s1#r4GOJmiKf{dN8Ji+q84#1c)e(&rP^aZm=52rupHk}J_j2{iA|MP5O86zo zf1_f!K(Sw~{Td~$goTTY;}b80%rp|)cqi^603O@9W&#Z*eS;o-;I%$E> z!CPxSYlD}6-Q}+bi?J1Yw;PZvcr6SMv(PAkVo}c*wVGqm?J(1vZI1QTaL$?yH^tWz# z#|sRT>rR>q0ltm~4;0?sN4sCL3;N>Dj#nXDq z?uoWe7DNFSQLIdP0@klMb?0_h-*QSz~_h zTzd}dS26*}1gQAJ9x~h+ZbCw(S{>nosf!5tBJ}7$W|cZon^bWAZQ`n8KaJqbxX3^tHlr#BEF3D*9*I*(q9n%+zusSkJ?E+ zG_&&Zz2WX{A$4o;Rw@r&uXXXdviCZAaug?z`NVv@CUmCn6~JXWO?zrx9dQnnKmo83 zlI3=kTLm2nG1Q?I2BQaRHPegpH=rQQbrO(7sPa!m3~1FWxfu_qpB#~$c4n1>6!nYeMCF*MY0g{|KW%F1X);m4`u1500Tw}F zp@IXo=8C6r#D0f_W89ujgyF$uO5L|GweZ)$qn(b-wR3fK)sG${--Jaj(D(3Hc%&_W zqya7Bz0K-t)7;F&#odYR0X^l{PD+U)nM}uAPqQlscUxMCTu$x{8b;wXZJPtHn3MUXv%sPv0mg zN-aoGsZ&=_fIPrinMzzuu*MyEdn9_@(prM?#|O4+l;42xkO)OUROyhCsi2)AEI(>loe<9FF{ACN}9;`LHai zVjRl7m@)bI7?g#pY@k7lee%HO0csHgm&!b=sQ{bCPINIw7az~0ngd%8v9IBTZtG;8 z6?B)Fcfzh(7qd%{z#7$(m&giHMG#lkdyES~TGK2?*>{diA%nvJPyeVWIc0)iV^Vq}02J3#D*}xD$>?oOz?9L`DIOXQi_mL>lw1rc0 zgNoc()z_2ERt7a4x#BKUVzUk8js{UNC|vLeXCFb}srCLs8JRA4`V`OGm8B425=0#8 zXLGz0vcPsefiiqN3NAzx*5~)3z!li*4KmOW%H(m4g84F%j{*54yi*b0{Ez(ZImz^R zo=y-0BuV!AJ2xTuuuW55mbU|EBp*hwfH&+B7VRYELBvrSBM2batX_$|9;y7w!J^pB zD0VrT46a&;0xdP-kGRorNJSJ#{UJb}hhIO~>AO1S@ygzm-w@w_d;vyY$D7F`?x-_; z_U@bhj}OMZ`~BVj{M)O}X9R=_xr~&F(vlV3U{>{ICVnmvI!wM0!+t2;>A`@jdIXR4 z173TX`8*yBE*Qv)jx)Rv?BM7%P<8zk!@#cCpT=fzL)RW0D(U>8qu~a6MW!Z5ZaCxF35su)D$FdwE46&ju>xUR51S8$De=Q?LGK4 zh)vkZA9mmUVXxybwj8LiOLMCzy{OLd za(qP)?QvX)s;>a&Va70(G)7J_$)34nHq zDBF$F+2g##8xh*bt3V3;sf7?>pc#r6ir}0MiVs0Lx1bK1CLK^nUlD9@^}{RUgAQiF)n{jV@+` zk;M0|d=1|CYPrx#C}K|cjfMnG^VvdEjmaDo#R?d>H_ey}N0|Pp#y&3jhNfJtysWP? zwiu$Rn_{}kWPoD(qzqwk70eVum>r_y zAo}2jcs@jDWhp@E<}}J;b#|V6>{Hof+pB9c!S#lx-|e*pLAk@1SU4{KXURjq!atwH zamUNv;vmVb58!azRtBABJbuOCA(p|N|^^#X1*IJ|m-kF^o8A4=`W1EE_L z?E?XCkvqViDRo$%PA;(bbXjCnAC{I;D_NjIYlsZ8{vr( zX+RktRthNQnyjH~!I@Ab&h5e%3xsxkbn59GsP<$%$Hdo7FS*~+$W`7#VE@&1F?`MZ z9|hH7J5lgE5F(<*{Z(pwGE16)tXxoLCCJ*C06N7Yj+l&bs;^oyJA=&fb<1cf3;cUA zH@5&`cFj~M3qxrnpn42!$^_-S$THNronce%eJb$-Z%q_-2F+h+pvSuL6cH=&R2W>E zs~<2lFwSRrWl^^Xj2V_DJSMcb!b!-9*HNr5C8SZuBZ4K6HFOO!k|oKnBL@6wz=@bS zuU@ds5;Ru7lXfe3etzzOHxflLC##X)hiE0a0y^qCQN)0*2IjSMl5rg>0uy4!7q15A z)%UPDcMuJO9+Hq%e#7CmUT?T;c3Zz>#3;Rwnx`NAk`MLxhg_A997*PYo1$ItcaMFM zPp2Szd3=`TuUtSIlVv-tHskBV@5-1%g8R%oQ#0u_LM%@PYJd)S^(%_7h# zchimo!LTwMzyKWpt55cKcGO8vcv@BMa1cmb`qvZ(jTzz{LdmQmBJ2mFTUU_K%3`yg zQXa0L6h{^yTs)p%mT6^Wna|E%Boupc3SaV9!Gz&UEVGSv%(dfD86dxcL!YMB+ls0F zPSKaz<%ClykGwvr3qIYFhlweXy|n77wEncv1Z@=cptHX%5F>-jwQcwN+hlm##(y=v zowXgZ?qF+ujW@wWfQb~@t^T%1D}rf5`6@$t=CIJ%l&mQMl`AnJX73otx0a%-RIdbi zn3hk)Ge+`pTWD37>`8?|3N0za5tlC_ThbUqcX3#O!po< zREsK+lGH0DAM*x(zrDR75I7olgWr9-5rJ-~6Hg(KF<=!3L}8{uCJkGB-5Y(?iAOP_{y% z^=n16M7pEsCj!%Dcx~R$u%tR1ps8)7C%GXH)V>L0!d=DXd_G&iMuQ+)Ovdn8Hvvi; z(I;mJRy@np#>telqN%R5!&Me zyk#eCnCZvE&6PjC-rL{Z ze%Qa?-%|;P;qw?=xlTAq)zW=6Ktk$Oxe8WntO$v?RK#jGfLJP)2tw{c$Lh&aylXQie4c2*M~Lkc6iR zruzMuCcY$5?B6v}?5{%<`*+E^c2^QbnMvIGUp1Z*8vm8tfd?p+{Q7-B2w@S}l!vpE zCx1NC7-qvG7eSH{p($9IG3+(oh*Hli>Xh=t^^^}$$rk)n@@7SdiPSsw>0_t0>enm@ zPjA+jC85{x<6Gf%9f}OYHPlaD5d0%7NTLC;W{t5AHLj(t)QNbD-7>PRHvee;7>)2q zC*;zmGJ@Q$zE!b{xhjV5tNYLdF=YHb#Xm&;!w(){`v@{ie_T>;#6+e3t=p=h?34is zt0h_RG%)ccAd!U$xjGxl?4bv0>wd$-$W`7%VaugttaCexbwEgk7m*6g1_;=yT1+!7 zpuW5F$Q&GR6?MpB{W$B75s-brdEAX`6?(Izp*JrPcDWEO5hu2cQ==6WbH$wjLECaD zG}v1rYkvrpX#eg04w03FTbJ?=!g$sf9n?EWR!sQBC*B6slarIpk(qXC7_6KlxD&v}I4?ouhibka?t zM!&OU#IB{RcA;lMH=uGO&6ndo@$;Bv0`67M@01Ritl<`4t4@7Z&!i=OGu4y z6fZf>S8{_WmyJO!2wXTSgn+RP?v_f4-e4id6N+U*>q>&r`$=^@9TW`vSQlT+x6$U@ zXb{!P+^|n9N7{g)Sbe7caC12CR8!(cM zZopuhTa7T_1ymZ3|G$1(@;X`H+s z0*vJ9(oyRE2mZsWq0kWY3DPD#;otiXKj9botlje7+Zppx;zJ6~??`7ZRiaZ(9@k6| zmIR;$VD$N%V=bz5jOmaF4|$!ifs~YQPK5}`w;%=8i~);|;d>)2dRC&M?N-OQJ+;RE zdvaoErCh6mjvKDj!5wl23n^S$?3wUsqS9>lBK&l*(TkHRc5`&;d|B2&rFn_>1nWTp zy(RcKttf;Ah-4<#ZIQHeNoic1sd^7DY68lao0^B?WJcZBFCqXn2&P*B6|ODX)CCuJ z327qmNx&*`99=&RoZYEPwsm9iX4o`Q3MF)7vfpswZ^O$aK%9jTuVNM9Cl2*K;u=!C zFR^-Yl5h;Y9KCz{`t0rL>B*b(qol#C6>Afm;^G z;T>{awIN+BIBnF8ne*&4w!NABOMxhyqC!VO(58d@>{tGa)%c0KVZJjC;_?mD6VVM( zQiE!kx>iU7Bn-r|fQSOc%$G=Vg1{)7<$M>rygYob%vcSRi0V;Bb>E`Bk_ae$g%pS_bv9{|mK_%LcUDNp1wGcV)^0FPpE9QDREtyav8wyLCh#XWj zq}1?UQ7YMpO(CfnFAc9P=!K|K4Nh-0gLQ?G#T!_N0XIx6W@9nAd4-*YH6FiPh|aG_ z2-qqD!O`go?0sxK>VT;n8s(tinv0`YFcR<+O780?R1-Z6)n3>}_xyHUY;%Ww{O2og zijz%I0YqxTSW1`Dj9Yl#5?8Ze*|o~4+Z+_mEz-oyH~MB#)g%v@lhk7S#E}|<1bpo> zUf<5(&=nUm(33}kmk?c$Vr6m%mM%#_PGCVvuG=9MF6OJsVD7o5?8sfjd`nAsKFd-< zZ;@f*UuYC-N1zCCkL@rNjD00F0=*TL!4diaX(Fd{)7A>Uuh9|=FcD`OV)NE00ZX)D zN*rROjwKmr6gyv959BuXHS zL+nPyCPq!}PgRvwWkI+-Yf`DQ6-nnKoSX%ccB1BJ+ii+NM-+f?%!JGG8{U!ezoQv+ zr4`f%%JcAugM~0-pQ=J8Y*Ie1&}3+p(47IbmCU<>h^@JJO}@1$XLrkmbW^A=awi5Z zfu;VBPZs4JNaEe-5zp5)GYQW&?cD z(LERPF+^V3w)D{i*wJj%1I93KF|>vWtq)yz`z~0U`Zpc2fZ;Gg&jjz+r}`qg@#aL^ z73b~y$AZwxH_MOwZewG}TO991*b3f@$cgxt@z8i6Y~r2?9+U4zVAm5)F_S_zqUO*8 z4FhI7!cG9t=Js$5IpP^Em7np;^LrsUd|O{~Guz5=wQlDy?XfSlE!I`9b9CBXgOoPi zfa$X5HFToF62@m4=Bn|mRu}ZPGnwHuy85-k@If6u#G)0_ovQzzB@1h1vC1% zj4df5XaF2>1zPMDVHDj<;fAlWv?K^Nyn@wyZaC94cb&Rz_1_jbFxHGwfqG$0*^{I| z+|ewMm$R?tO=g*Mg#H)3&#Nm?up0VE_U&mdP>21bHTojn-Bqb)pIWS?(d;_J9>#E6 zZYeF&qy8SI93(EkELxK;|Ahq5m2XfQ^WZW1*KXRfL{#%f6@ch~@+9@l2YP+;zp&1x&5x`h^JAfet;CeELnSmvwM#x4Wqu;tb*&N&ddlp%4`Z5)av>x5INw;5d{24R zm9-hMl{T*O)ylY|h@O2aJ8q-PSkOyZq7dS`xng{>tpXKBykMd>NHIB9V3N(wK}X6V zZjz-X>0mp%2l#W3e(rayAz*Mg2WG^fdf+?IbOYjlJ?DXf;<1 zw-@KAPN_aA2D|rsUS%QxW$Y{FRN9%hgcSUWzYxY2fJGUW2TsXS zjz$&PX`JUGuf%uZMXy9AZ--UwL#-@;9{pFa0P1Ml>H`Q-d_EtD*R$)zG3iWzusk1V zo_e~9@aJDe4qR;;<{H(>^4+vb;8Px)z|Z^h1BTt<1>r7V(h+Wwm+bvdivsv`W@#NEKUjlsKb>h}Tb^wBj7PK0=a(4!^w`0I zv!?1KBY9>`(Ma)(B;S%=CL>c;sVJQ*Y>;L5;ocF*Ym?gfEMW4i!kSi0rn~*UWOKK_ z3*2xQy)Z=GieN6?nnjp8CkCvs&ai3uNFVEis+f)tvjPF5-H6T6@8FJrEZ)9(sgYv3 z9b~Vrvh7hZthULdC{171(+OYdEz6#KQD>{`=;+DQ7e_t#d3M-4JUZLmd(?aWh4>q)h{ujA=DvT_94B+haYitm2!%}1F7cB8v5O`IY}jusZY z)S{IIKk4rA)1 z9IWtujaHyd(sXWKXVunH-57;AwLFzL4L@@|DK2{MYdARBwXm8$J)Hv`GeH8?lVvo6 z+yRfEqMH&bZ1Uvf_3NW2=gr(QLooLU)zV8P7M)-jGH*0RSCNu8GkD%~h*;lBV@zVg zZjd6_zg8_uDVM_W($W3%pZp@&ax})fw47)Si}w+sO>!vlIIp;%8Nj^hJIkKmT@#BYH;=HTsNlQm= z3n~r?uWC3`t=<50Yd7L=)q+i-{(*qDDcrnSe$LKYgC)ely|He`k@L$ay0-uV_~tu* z?mfdKyxwbA+k@mk3xovy7&%jKV1GBXi-8Qi!waHZI9Q+-S9jI)3pl<9%WZu|6%1(? ztD8m4_I0yLT${MzV%^v+%dizH+F}$rRZFENb`@Az%22?g82m*7Jewln=!h~F5m_il z$nn}No*~C(j}um`s4Po?9D^&JEHu$iDlN7;#Wggz&Q;4j+l6{lfd~JB)p=M|$j(=K zkiF_RprIc1cbmviEi|Bxm!=t8KVMf{JHpBziM-De2LEJ7D8xmP|Anw ziXJaY_8E&#d~mY{j4iYJtGjae=JoOG=LgOQ&_WbVIx3dKs{&xpvcPThe^-#8QLF2) z4jaMmusq)ET_qqb`0@RXfak<`$);j9UPgF|tcz@aTy{qA5(JZsGi*o3Vd^vp*ye3# zFt>K6Ws40ip4=BUieMKMPWn4`2peJR-D+jk9*K;>vRg{kerLoBPR2{#xoB15oRaue zjJN40Y!zk$F^2^oy?!q7s}9eJ7TgNTImZIpP#A0;1AJH7SZ!jl17K~Rw7q|WiS_yrpKZzjuzy&_0!n`fu5kDi}wt!ugnS1rfe`RswH_EXX@U`UwP z>v%-geVa+6g}J)s?=S=}w0ifJ4K--o6pV+l8TqhLd^{9lYDVO>)s_>U+G6s%+1Ny- zd`R=NjiTn`{ow6bB_!WTT{G9zO`EW$F0^7VTxGJG>`gKDCwZQ`HeXOY;; zel~Z-t&X^%-u%^dBXe8gZi=jWi?_X5PwLaTTMV^&*Uaq}&(XgG*3(52$GDz1z2wOmW+yuAioyBX^< z(JhzXy(^5%sL|E3jK3t4$N19+H(YXrV~(|y=m`RzCgCFSl`n*OHtGz<`S;DvJ|S-D zGlNB7NRV@Zvv-s6 zB)w8i9(c(v9EFh4E?5(Csr-0!cy`_@COy1@BGAzlP8vTMQ2)6(lW zTplg@xFubYVz4O{#4!3Y@6a{cGv18y{x>ur*Sxy?g zC5(8IUa;4ude73J@LR$NU*RQgP|FPg@xkQRa8j>T6BBhlSHF>G{HC-AS; zPxku{`;_BLPq&GRA}JD;>s$DOwbob?Sy%BRQ2{b3h$ZJ#*to!AwS{&mnn{a}7*kri zve=?6{th80?hz*Y?(pdB-R|C_ch8@^dKbdHKJj=WSPA*7+HyBE*lX!%-Ik~UPos?3 z8c9pY_6_q3JxE*YwRAo&%xjI&MrgdSex0*7r=2ccyU=nE{z^6xcKE^0gZo?kh>RIA zf*Z`o!4?N%PF6B(mMiVf#7%?JhGh_|u5>@^ICwR(J*>8?`UcjDu>P!S*2{h2-0mdK z8X8?Fpn&_#rMx$$Yhm(_8BoB{NdP3^3Xm@LtA&I#)7h*Qkpp>o%8?f(COTlW-V406 zMKnWB>bMd1ie!GJAL9S3=_aHLd?wvk1OEcLvA$x%;vJc)WQCV$h1R{Px?1u0vDE5b zvK$7wp(`V%8wrZhGc)IqU~hG=rAnog<#93Ey#>P zR6C0Sk`gWdjh52W;~oQ`3DSTS;3j`31|4QO#wkdNFLN$Ik8Q3S&PXw69IVx)FqT05 z6If<<(fcWdIWYn&iSr)$g_1V|f}6o|v3c4-&^Y_SLDK2HO%6J`4kt6g2dI#GO9t^L zIYhAxF9~AF6*&t5kQ|NZjJ=YENh$=!R;oK+@!_%=0|GJbIu!~Tmf48WLo44 z#GngBU8*qp1STx70=QC@W~4D(4$mVogA_%3a^WO$P=Cm=$;@JNrUk8{MArz|=nzge zCpn%i6r&mKEjgvZ6Pk1Y!7nq!mHj~RJ~(Re7#Lo6NwD7eM1j0`t6^jjqF1{eI zU3dX9YI-e35X;m&qUrWS+Wq>9GKtyJujLgQ_*=f_rOB2O3r;v*HBjJO3O6us(NJzf z!&-_q3i%)k*_Xt2)&~B&WwGhAyQ{JTu$epI^4QR4hL(1h@r1I7@6Wq!AYcqSx1<-Puj33GUA$%SmdP#LO+bkBOcwv4f)WeNslmUD6nDOI)wscPb%Yir(H9)P-G0 z?JH#4EkTp``$aaxONK1U#&m_$sftRSDZ!(17dn?g<%C5mC&NOPT{RZC?J%oNp&#%X zoMW&!K3r9odzg#ae-z|m;kGDP)F48QHF+j##Xud{?{};B^>~fy!#DAexG~3r zCaMHE1*^rwV*mSA-XsQt$(ML z+r^)RXyU;gNh=VKUcEpmLBEak4&>?%nS887S7jRPL+m;w*1(`~LO^`}aEc>nVQ?Kj zB>I_+MEIkQvX3Ov`05cfUWzG#7OAjBohe>1RgBE^q~rd)15Fj5*xcVD5FWfyFEmVc zL=my~TqlO_zv&&3`~96Qz40$E%6W1D65c#o1^zr*1&-IHCy$>RS<*~t_T*3E8W(>0 zCU)AZP7#yk;;(GMWDNYNHbZ1Qf;XorQ|SeqZf(;9n9FG~VvyK)Hu$m5Mk>`*Vf^&M z03*+oD>(c4Jfs{``U67_wF^; zmRgTib`XqL4LZb+TnnwsD(&eMCWxnw`7`fmL|hpCouAEQ#+pfWJw^G*v%Dc;#Zy2d z)wlwojUTbZqI<4ELtF&)B%f(u4{;PX0#|5}xypOQ;Yt$USgTBDds`mV|D_~Hh77#l2%S) zj6|8xr|^;a)ktR#zuMgO_GK97K~+o^HDknae4Smwi?ZY*N-Fl)!s}X>oDU?4Tud_B zrF<89r5ne|M}?z~C2l26>WMIhHOkPuDAb5UZk$COgdHXu>NFw;_%n=*3(DEfE}huu z=CJl6@(%6d$8AlAxnfPK>$sODWovKUptG=j3$;L7em&VYFalILCUz!O&5&y@N~5+c z>hy;E>4xgVt#zIry*#2t>Lkm$&$uX-)gLjPn1YRSEvCICNS3EqgJnn|&l>U22>#I0 z1ySvU`-Iw)oR)bJKw3$2%%w))Wy(dQEEbOit#Ko6q?n8>HqQ_VRK5Ia*)b7L5f+!p zCzg?k$A>4$0mp2NB%`v`0}g5P>>w~mczF>B=Ymov$1QQ)Rpfj1>)8r6-j3Ds>DdCl zBaCg$LGxP6z>-~zdSd3FA(vfl4fx$-`o}|luozBqWAg0y<`wYKI}T8?ZUJKf&ys)-QGz;0#_HTnX!@IO%!lIw^nqKiXoHl)e;wn zC7&jQ&Scn5A?y)}$(d5c5XJf2_w-Ipt6q+kyXufNGKFi}S88oSR151Dj>w`;&Bz65 zDRE$=cd9n6hJ^xA7%viy_Pu9A6Xi?(&Lsj`u60y~SrEQ=f{bvKU*ODr1=vlXzb$c` zQJ7z-p14uL{Zem8kk!2nG%{?!_Ggok$?5z|kH6wGNt*aavd5)pNSyVkTP%;I{j#}{ zGY=)EkzbY|HQu?6%5MQpdogoPpa|D5dJXntoL?+TlTq)zLVJp`05y?S1}#GnvuxKK zgKSE9-{Kr5yQxy1!Skq*7B}^R;LL3TqQ$c>=Ry@Xl&mfbtW+zkiH1c?j$|I@cgogA zpoUC}bW~Z0uYo;qm>`!C=3NOJAZri1>I<4OeWNKO;6@7X!Zj_V>Smu9Bi@7!G{@{? zjd<@=am>Vpv*Z6dqA8FE$0y>eNm=7x;AWZgT;wS#c8^qk`u4nw>fK^C0~rJB{0gjgXd4ggO;u)qFS#9}I0%Xx*^7?1!QpqT(5!7#>)NhoXSR3wH? zh|KfAo@znRge@6PU^NMUo?Tb>dObDo_0sx)iImh5MScq;Kz1U-yW=p96C$4YIn>TWnVm?b^&6`OTaEo@E=z<2Hh#>rOGBv zIy-l8a6}89YN5f->+QE434eJl)+4jH@V18djkkR0Qn#ZNEMjRE_z5F@!6gW+catTy zEm)4wO&aA||S4WDgXZX}zq&m~u7N;XFD%J$|cMPMeV znaM%}=8x^d6H3aI`HYfwrqxMB{eixgW_)apZ~s3}uUaka=IKeKv& zlCRJWp=st~;-l+GC7)(GD>~spG>gq$u&}S#jVFb<_^kRBd=PIY)6nh%BL-fA&V%jU z2UUlJ0jigR%M2vA-%7XliE<^Yud}~>|FVN#Y4ujf2Co1gznByQ)a|HbwnnSSwF8JX&S7&INP?PQDprp(b6(crdh6 z$~9%zG@MDe!NcZST|o5`gbJEcV}s;2xVyf^=$1~$p>u_~&`9Zvsqq@Qo}-W$t@mly z2*1f`6*&su9Grt!`AZp)B975i*gPj=X;$xLo;v}_83+a4=34(!G{>+;>CD0-Y!b#T zWKK8aM1)&(En#|zUq}xfrK2${npOks+zt$Ifh78Ws_qd|OZ-hOpb@TitWV6y{P z=?CWD-oq0`vj7{_uY+?VjK9qs&B134*%LlhQ3bz96P7&8zwJ8Z=A=Y?X1 zARm|lpzeog`-0eDF*;$I9R2TfID>f!C;)DgxCAj?CC-i{Wowgv>s2hBLU)_jS-lk` zu^72cd+%aoUlh+r5DG31QRFSSuQ{q7M45T!5L`4yBody~5=K%s7uQoVr$0OTT8E8- zv2q|xAGvdEyRz5*y+d7Rhz`AJL$HJ=7~&)!YMHxWJ4AQx))IEY(Z{SDlEL)1#Ry)b zi-4^j;|7jQl1Wqxno@M9Br&9)942LPv2c~vFbRNTj3~ZS*8wA4lBX|U279e5E60G) znm>@B`3dil=;A_8pr)f>qz%GU;7CiwJUD#SNjiOR~yR zyElq1C;!>T-nYdex#R~lrmTGZq#J)Odr@K*xx^+Dh_rZST&NFYsQYkg<}euNk|{R9 zCRx3M7oW`fV!77%NoAJ~jzp_m!6XfueB9q!pT{nT4)!e*31hs&Ex|r$Z6r-xZ9vEL zNCG01c2eRl*+?8fVH@2B&$2?w&OQ|M4cl)Txk4dDo=jaWto}T#SKxR>NOOb>_hOMD`?`V6>paiE3U1#OfWFcV16}$oE$ehnyx{9~1r;6%WsQlo*P^rP!g*#>n@QfGV>5@+B)^1WwpAUo4zml@R;G2r=?`h1@Iasu9JysIu4_ zkXBN$j+s+hHLVY9pM-4h6lZj|Vj4K2}#Lab3}M50;P7|;;2lp)!u6P|<=NFYTFM>WkkY9A@QL%~Dp z80!e9vjXbmt)bFZR-2ZoH35lsk*Z-VmXU+R33_rd%qa*%f|NDUkOW%F=E|v_%rGOX z42?SY#SE1xGCVIQz1^tJoUFW6!X>fRqc?rOcjFC(ct72U8JeM^<%Ud}E80sH5dR5t z>!{rIFnGw&@WG~fJ^^fu8fB?sKG<2y$Bj*6FcD%;R`daVJbdm0hb+v{;-J4dIZ|Zy zA?+fE#4k;Q*atbYtH*c7bBPpwFxfq8r@=P304+g{#Z*N`{b== z=h($9wwK0aTVk4kR(1tSp#9suwPc+)PSy#g)>jsu?==DPUXutUfo`}gHT2phy|`WF zG#*Z+RUb0#87FFtLq<*dAli^U`@CC|*?`>PaSt_$uwy21B{au@0Mq&g{bZe0K=lGG9r zMq@)_u<6E^$=#_)zRO#Q(GLL#QWkG5$g)TK4ZAxg(I_?kxf_BjlgEr5^8M1KBbXv0 zu5+0z6<;K2HriquIGM|<#Ois%RX)JH3^R}7?Q%i!2f34wBLB8ZBq;U)Vc^|@$AC7m zO2-)mc#Npf7IH4Gu7vOeR4D@iq*4}>C=Er5IGvxLQt+!cKMmn#f+Ju_yI~Q+ zD#Y-W7@uQSZZeEp2F-Z{K5UIDSc~Q>Lko=zZh685a}hCbvH&X50B0UOKRU-us(Wv= z1QQK`W0mBNW>Xm6+lsG7OdZW6=}eI<@7;R>vnqnN0*Bt4`75hqh0!&e0j<3_I(&)&LKHAWg=ycOhtgZ@dl!=y zX}FR)AYn#uhzN-oH^z&e(qk3kZcGjKpq~;l&-K$763I|8jYvW)UpE3ePRP4N&t0J@ zjtd|xG)gWo_dVk(ceK88 zFx*N!?QNC1_|e2@|hWp~^+*9J|@EA{abDY?u`6)_ZXH zW)fP4l`nhDe5=I6`?+WXGkh4ExhFG7heOyPm#ab~zrXV_#1EpDTO~bCl3}n8i zGZ3FWXxzgbj6kR_kAXBLI^`Z?6LW$L>GZUY(1!MOdUCqIsw@1?MS!V!#jzCWjPgU? z9G$WF9Uve%h+BVy*!n%{q*M9U*Z@tWy7rw^Usb> zZzzp_=G=tyqubqGe@Oqc$7nK)J+FiyHDgAA?D>PHYrqru z^p;;f=Ze7ZLR^<6gv^3d31fxpe25YkNA_W+G#wdaA!;Vbt4dMT;tRkm1t1{OnIW@C z5-w*-RA8aMVa;b>swf~V@}c55N7bdAb@`I$oSdE?pS(Ux{=M_RhfLvx3Uk;-+uMq( z=_;1|jwr~uqt3r~kUDh**VJ1Y=`|Pt1*`b@umABYqVW(I&jH8-VWlD#A|fffp8Z6)=}NK5bUJ{P9}Q7W4|>T?!BpE$51}3dzKQ`lKwkL0W87 zQN$>6%*|a1;oMq6a^VaEik1pMXpBoRDKM37F{6|=i@SAUeKN{PL1t_eeaOTi290V# zZj=f+WWHPqfYy`4tcjoKxJ70O}CI)qE9mxZ_jUn{Y00 z*l@x8bpU+-eO6b$I%Fkyn~|F|;ZCxpmgtM!z*?15Kj~^w0?wj(o=$QvMwL;A%^O;yiVCVKum({(Rl0Y2kmb;Mqpb) zQRBsoVs*%R6|F9MI4dhmY^6xakP%L-CQPr&N>#RNkU!aN@lV{YyD1Ou-`_vj-9ym# z9nhoK2wiG#;;(xFNCV)??Jo1B<Ggh64}KZ%RT&cA0K+Kb3eSQ7yKxTLbo*_J{=Ssf57_#Iv8a34|v zy35C=XTC(r6gB+yx@v)6+nCp&r;82JmAWvnWi%VYRVJ47MgTo=YO})o42D)TX)Wp6 zsV3RzBD+kd)2!?euhGK*T^uil~l~fxj=& z5L_W$M+8TYlvX$#m%t;aRO7Xz{J`i!=_0xX37sjahGjk{m}i8e&XoO$p;*_1(5RNe z;>gr!p=?vo)HOx81#3|F9Qqh6GH{Zw!>OPZ1&{m3{4^+ zd1G|@;^Kl#XU=$z)2K2jZij|x9q5NV)rLfb%?aUXpmDS=^vj|lIT4H6r?bO{K{B%=!;p&%Q~n|s2Q}9t^jNvnoPo<(lVTUbqinE&OgBn4 zRUzUhQHTOE!_9XwOgBijY0idi7a@30gWok*sHzzXm} zK-pzkV3NQo8=M~#Fl*?PM4$&BKW-&5ccQ~AcHfdav*ELi@29(}zus(jotySS+j!P1 zHMQID+v-K>FJaURKpA7-A&LFVU=bRshms|IQ90!?IYQLmH%HIjo*g}9UCgmIr#aL` zK?hOCar52YaIn)0%Uk3|zXI>~vv$ZeyT%qpqxc*FDau}psKf6R%g&D_dGY&ZIN(rDe}suH_Ob0arl-PA$pF~a3)6tSE8HQC#t zo(u2UT1vRi1!=-nRHXci3k^G?VdL~DCXu$sDTVmDC>ZeV-?P%PzJqcoLY@OQH#LDI z)WmG>VadN3629-`!DmrUgG5Y;X;8_z=v5N>Dwy_k(=Xx3qCV-;=tVZ`2N9jTa%INh zzA0JI&^x_}xN8AB2=E9nkH3r9s1L%;E-$0T#erhb+aaQpoxVIger*Yw zt};rO)wOW7aRFBjuV~a?v!2A2ir){RH&WF+hF(vryGN;LahX|PFv7>?1OF*=Me0jr zLQyH}ERl}8Tz&`51+Fp5Avf?Lb7*q&!a<`Fvuu77=v}>S69uzX*8rh@Zcv2Ip!nEz zVV#B~YN5Cn1dTJYHtK>akYkZ?M97=MH3E$YoTOlI6P2(_J|cv5OckG1F)-?ddYYyy zT<%VILW4@2Y+hXCvt9_>akQMv?2cvCyxJWv*lk299tFVF*sFEKjDYK~9@)i;YNRLbhl2 zdZWd3u80njho(X2Zo%bN4bo?1P!`j?^?=q6t_&7vHw$#H=2AH)@g7Z>_8F#+_E9~vS51k zdP-j^&2vInUm^<>lOiN8sh1|e-nATaooUNCC&)X#(btSv_buLd()0C>wQeHwUq?gX zF3K-J{cJ6goz=mO4v)<^$J~_F%EAjpyd>z`ih+k@-c=1V&8thQ>lVd+Qo-H5`wzQ7 zN%#A^^nVpFW?myE|1h z(UYfVhyQ^^k@xO*wz#H5UJJL=LeZh$3iPR|+|S%ZCmZcOc(D6T$1>huDMh#?Q*U}u zLa<~Y4@`g=wO~rpInb0r?m!3l;Nd}8rSIldMgIpm5>7VIHRLG z-qE-{EyCTY-f?yH4lO18$;YabENXN_IA30;7h2&$TCkkjPBJghwJEmjFsg33)Ji9`Yr zl0*$r^G6%KQ4tNsr8ZMcVT*uQhhSi9q@td*yMvZ#UjEWSHXH$YRM~J2bW!dKfvjT= z1%}v!kJ38t!Y`_>2^PX^SjeFB^0!6K_-rGz5vdQ31++xP3rg`29OuMIdm^}j?*1ys zcGCqy4jyA8R5p_D#&9z-R0!6$0fw$ce2SXg+dxtj0wy7B(CHMeo5^-nkI-1)z(#@> z#-h#Mk|Dy$Q+Q!FY`*T^hY!rrt~0et!7y9YO{MZBEk`7*R{gkCpa^bur8on{trgmq zZWLlf&N) zQd(4T2s@g`mCrcbfb-KROhD~pq0iuu(#xM}P+Br3;=g8HOY~-t0~AsPiZjXTp|g!q z!71#jlDu%6W=JvDS>`hjDj{W3^(0WH-i%5M;KZs%^)FIv62!BP(sf%F`)<=ZqYiH2 zME+4r&E}=whNDKgxVJJSu|}zs=EG8GOx$X>B}Lwxgfwsg3<_k4#V_x#DuB8a?s|6e zlZ-v6;P>`OQ?Y=vDsqG!;w)M@AW)eHp}~nON(l>TFX2r3+?kL=3{-{wBPZ1ruIS*hzbE8*?MJ>tdUm z>El10Hhl@PGfJvwOre=3g)1IVsOif3&@};|D|rjbvSBQ*(D4!0C@aU41-9(G=qQZo zI-t_Tbm1$(3LoV~;y^2X4yGI8!#Pwl)br4isu3~?DQpHvMP#KlLB(X_w=^gs7{hI9>O+r~iucu3cNmy&n0NGjE4JKJ|+BQ&x32 z&H=TPN1-*4rKYw&`F8Z>{P6j=_t|dNdidRu`GOW{>EW}_|EC@Q2RD^T4~L&t>47Y3 zkA(g9%bHHi< z#9H+XU&7a4K0Q2*Il_Z47abz)^I+xpAAF6V@ayx0aQHn-xSuvyL2r;&S{@u(0J?ec zrEQeH33j0ABj>~qv3ZekkD^SOTX?bDs!iV59)k7>F1-u5?nm|t9_d9@rSqH#0}eT! zkmqM-y~ESvWk)_f(;N|nP{i7$TY^u++g@Y)q*>d|&t>ipnmfkp5Ee)mp|J+-`{bFr zukf&Jb60 za;!JZPu_eW=Gdkc$~U_fNyrGk6ixJCuf^6-DS9Bf6Pb_NmN`L z&Ai=M1&JzG?|$53LL)UndggVRfEZCP|V2Y?M6JDE^RXJ)CMZMsNJL(X1ccxXmGaxxlyf z{wP@Fi>WStB{A&dE%l|zT z@>m~lsN)a9s(S<24RZVC|EmS})p~iGV(!k(7na9EN54-nZCV5PM z_>An}ECGtcl+;izO<*7B6_CzmQfAfFklIoR9gNcCsOErvEHUGB*r{Y>I-qzImf?N$ zb0`hrfx39y{G4EYBB$TqNkYY?NW4#c0bxJuFIqs@ceKB=6Aygdi01H0x2+ISGvoET z8+X%)&yP123wuRd>qi{6RBMfSsLV9+o4}jZZ93V|*s42w%t6KWieJWV94HX)&#pR| ztu#-xvTf{AppGh^ibqshApNkL8p9X1NH%PsKBZiPucD%e#yYZk*takT_DBv9k)sq~ zV_?QGi}KpteGUpiL+cg&PdQ4o9$!qjxH~eGGz6l&K#D=KsAR;O2wp&FY=rYhfNE&c z0B-wpS|Ys4fn}Cz$Q%QkBTQHZ1JB~pB!+J!h=AA?LP3T4R}yHtQ0VkzF~2C&k%GLC zHp(r#%Hl>m<+b76VUW!>1}iC^k$WENs{jM5sp1`#n39U-nr(7+e)#4bU&d%-{1*mA z_!dLsr(ACd(8O&|VhDjpyIjNmxDHvT zil8&M$V7{)q82cDieUN4sn0<{`p`u-1O5YQ{bZERLv9!sOXY}5N+qX5Zso1hP|Js5 z8YhK$uKkYZUWxO%tXuuzFl%2842-}GpbW9=Fs@-nLZI!3K)1=$ELIFPUzlTEROCWd zW$E>j0xo4V#tVw8QlzCelSDPSIkU7iz+Y6xrp8#^0y2)B&5QZ|?ScJ5d|iqw6>?|p z(g>NNM@irA4KgbQ%Q2Qu3ui}7OU`gk_^@LZ&v=66?IchS-T>+gQOn#A?+mQRk4J}R z=ly0po9ZdyuEL`|Nw2X|DAJCV0l+cv5GvhnJk-nrT)AceB{2L05pB4*GBLi%D1=PM zhKklG{20vjQVaSLjS?TiS#z=G%9Wax&SnW>;Fk2HP*Jr6uHaW>g7rRT;zq@{bhQP1 zJ>b#?oC~g@$K}K&+Kdx*G;lGkmr&MQxBZR{AaNJBlD2<%y}MIVHX5%ooh#YLgubXT z;s&EGdmv&&)V_I!yFAM#TghQmV2MCy`S=h5n}lt`(4hrJRL-1G-bh-z;wr8#K-9&A zCugC2txx+xjZj12QT25_F_RU3Ug=nx7F7+lCsuzJ4HelR74sovG6fwZ>tX&O#oE=N zWKX0Wi&YAxz8X>HEvtG*(dI2JuR%l2v8x;Y|7uOK9wU$p-C zifq*IG6U_gADDqdIcabNR>jX=I*vf1hO0n_#nzM;XiW9{L=bO?889zsZlF!$ZjkMx zCU4)e(EEBYXyt^ERQx{RUDp(lorEkR@*9?}ZWBbcRM(O)iezkZ=xRaKB+&@?6TxIT z#{5O68P36}H*K@Oozh-@+r39|%=Hl1c8%kHC3v3t#ngJEW`7~b(s$q;!v6wITl5+5?GdfWql>w z8{tb?xVJ#rIjKQBK4*SW$0+x$eSIXQl z*o7NJWuu^^8cv^7RAPeYQgWG3(joZB!ZUFGih~I>>~>y`&I~ao@YYv)^H%^i}FH?G|HVu zYtP5U0j0wbDyRFrRX>UBB~M%YzL>#PPpV#q!1S0%)1jkE#Zv>sNd(n_)Y#eS!PVR$ z7jRb{*RVXEW&*IIR;3-7><+r6&(R2AU!;k8YfwTXlkC?+iugwZh(lTk54eCN#npzj zxguO@I2>g*1VN5mWd;OhmU%fkMjL)6wsmQ#BK-(2ia}as5AP>dkg*0f()F3){2r>N zggAONbCBff8R1sRELDKeF~1a52uNgN)qX|ky`+$WpD(#yZB$7LwQhpPB>Dgf$f=Di z(`3Tn%j8riDq}s=T$*dGnoH&yX0i;zwuGOo`3N;Zn^F}^zK6-2+g^`YWRS{(W6VZ) z@zU@n`GCuu;-X?AooBX;n26SSvK~xg&V=#?(8)HUnIZtPbO;yN*~_!u(VtIG-kfi# z@sFZ%6i&ml$1ew`;d{|v`t`?p%`CjV2G5VqsPmW-NPy}tT{5hc;2(qOJ6h~8mgLS&Bi(xb8d;QJ2FZwu(+j`q6=Z`_C7@EcZ% z^4UrJ;a;@YI0Jl;?|1xbPj`G@cYObM?D+oY?D+mC@A%gb9zJT@@%_8q@%>wOeE(my z<9lCV$2HZG1i9}OUre%95%Cd`Pz6$49#!GU<)&~EZ1y&}(#%oyTk;En-~n5|(c92q z7Ijf6;3{`hEb1=}r^3vdXLJjjHqYXxvuSQ$07`CV&nr>6$xNluI)kF2P? z&UJvLBgb$dC-hP!rGZL@7Uz(T2z8~A$=sKyU(`x`ue3`*nhZBSrJCqEi~oOnU;fob zmaO?R{1rKx@iDxX#NyrKs#h4ODyA{e2;0@KstzYXiO9B))Jln^d}{vox$(tvu{y0 z7RQ7rWEm+jY$39;)t8^p63~^z3_BrfP~Q>_(O#YrWa;+ik<$PeC9p~G#xdwXX28Kq z`c54Us6Df-R6<}Ph2UMu7gnN71L z5;vYbUV8+rRQ(QLN&0>G(9SVeT-U1YP==vHG9hN*VI*mn6z+8?Xh_bCEMksWK15e0 zwi%6(*~aEym(}-ft}K*T5~n?x926rxrXCbsC%&aF1ivPAicuTr=ix&57VoBzr0;v} z`&sy1v|trVc6Bgx#VL*meO&5y(GDH&?Qd=GZu~t4&LG_%OBe=n9CX{8<8aA`Zo%ZO)73DOeI^nzHLKS&%g1P`=Hy3Wm zklgguV0QCl>R$%a!!`Knt<#?G3j=pDJv)nF2@^WFlcGN;CIai2y$Zj-2||`urX%bD z;hIrEp%;t~x3y4F(X}T7>wc;C{n6hKw!e8r0?4>9YJf|d*FGP3O{!C=*my@;CRavx82A%|FaaQ)?xgwv%N&iDt{#InKAp4rF7w~+F zDS3pVJg;~E+S&P!ZKeICi)qC{IZxKs=`QP2b;I#;BI-$jkdv^SA2Re45mu}mm=$YQ z^DiUL3U3ujVeBeB@OUi4;k7RzLW7YYPBy+VinR-bO{P7!Sg9xosUhd{17VYn)>hXa zXOr1tq(GCI*(tmlPE;KZwf1?kTN)4qODr#uo*1posG?MPL6a`3OoMZrZwciJvVPG+ zv;i-2WtBoDc{9l3gW(m5zKE$A5k3Yju8})D4xI%Hj*~gC^tHvZMK&C)gej(r@TH0e z%&z&T_STI-c6RN>dVB5ZbE-wQa?7sD9Cb^71D6crZXw$E75(|`3{d8wqHX8ma)F{{ zK*3~HXElZcnlxZtt_lyY4OJ*S#4vSai@mk22wbk|C=9H9#0Xljv5wWKDts-s0^cNW zbp=Nfn4EycJF{ER^fB0lSrP^{64wsnstng+0uKr7=ME6bm3U3KNl%y-PeZ(b7|7BE zjeptvA^F5%Ihlzg6&*rr^sb5xEHX&xR5a=qK}&E=JZ5Z%L>UDgOO{N~|GQL|cd4~( zaChY-f~zBDDFrEwg-JMAE^f9u<*1_-4xKl)SjM^$X+xxh7grIE-Rs2GkORDnWi%12 zYe-F8@djI=NNafzYY_D;VwEGLv;0&lcaDb?M2em3N=AzL?yV3o)2@}rNZGlaoi9<0 zt5$OGx2*9#w6?ky$YPYOudc6UYwIu9p1)jO{d589@N(rVppaTf zDhGPx!nLhxt=>*nmvo}ln&#SdyaaXSOZk~e7IXMvFhv~6)v$lo>FkQj^q?40%M<>E~Z$% zI5sQ{^a|cc(k#gfSXz1H!Eib_WsYb0#Ts&&HN+{@;H5$!4;;y183+`NY6&`}MYfu{TK2e)Yc!-Hc*FlHS^mP;|a8hrR zxCG8utE<`+>oY28B$dO5B3=00fl5fqtKGDYQR&w7dIIKa>(oj)4}LL(jnW~Iv;b5c zkZVefnUW9fve~N%JLYc?*DyfQ4~o7T3$PGk98e%G=_~qt${#hRnJRQzNrRU@^xr*5c0a^mEiYoHJiB`1CxuWlquag1X&-1-D>-i>b)0E~e@@sXwI2U_zInpDq-fbUtcJ}vX z0IeZZO2rv1R_ap+STMc_ypNuc;}`*y6;!^AmB%r@)u#Nhrhh=2mciGGpQMbfJJeEZ zBqiattCK^_d1$+vRM5<;>~C*(Hd{=I&^A_roEw9%7L#heWbpua%}8xERGIMNf=h4u zg^>5c+|qZL{jbLF*XDh{7QbJg_x*bO{?WYe{hGyXov-Qt;hfiM4!u%0w0oZ{LLDD| z6y3UaI-~WCTiwyO_@klB_+q?9bLL}ix*_oKh@@xltUc1yq+8J5)vdx$g+Z8W8LV4D zYwH`?DtOKE40>UlTjsR-7QJAt)s{e(Q6zV|*11xdT}wC*mW~$f>YTuv z62w;n1W3CHQ#jt(?i{bJKR^Cq^UX2C+27}CFyCjq9OB%XhS5-;mW#Xy1G+4dtAbK` z$h4fjqMtLz0UJOmtB6l|Pen*bpwosEdGO{;-gtJW-60n~L2EUhw0q4O0_Nh9rJ z(4NqFJ%om-Rwrg6zAzMHcvd1n4-D&fbKh=9-tTAjb@I%8Cp3n8DeSUUo}z4*Ua`S! zmc>ShE{(}z?aEY|nMAXTB8Udv8eXglWNzSX&AyR~CDIa0EBC_kv#rROe@Ci}1OJMw z!a5mUb=?HGqS_za6TJLtCI}w8p~z``GQry8c6_PbaN7}2F&LOb2${D#F-AS&EXJ+T z)1h1ZbpTht(57e`x-n5=sV63oNQ5L)%v1&Lwe~gN$d<((E;up1W^5*lrCQXfg#2`h zGpW2}i*(|!+vjDEuF<;6q$8SNw=40{ern+^*FGf=h9|y6aN;ZylcUJH<-=LHg}b5= zMe_7}_C4?=lPFWa*t**6)41}eMs}S5;DR^N@86=;TBZ;*&FzLDiQZ~h1!@x4l8vO@ zWyf@n9s4Rit1xTk@Oqx-msHLQuTx!zK@~(*==*8W$XdQx*rahzwU#;jPUU)%g{?F< zr&Ev(MAc1C&uy)y^kf!=5ZoYg^uN^*Y6d9X3VN z@}=Cet6GPANcD#aD#CQ29Z0QsSea2gTpb0cMR|$J^fg2TH~249Al0?_i7jwl-wzDI zR?)3}PN=RfC8I+*qzG)7Qi(5qAfxzKb|?^$apfpUlkFmIx;L~SsisCS5Q)>LfzD6I zWjGR-6s z-CC&{M^#M6MVHIJRng3VEYJy4s3ruH@h!`*U`_$-4`m;Zi?D%`(@yod*}F5g9NYe| zS25M0E^PImk_98w^wp9Tx&1J;Ph`Nb>S3k>2Cj^0Q9ds!CPoH>@5ogDVP>7t;4R z;ELT?F)dGmqbS!ZR`5l{W0=ieZaE(yDFT@W3WyLb3MHyjEqfSN>Y?DU6oOa5T+UNl z9FbGge6drWqdmrm^??l3d)EjoS;__zfiz-aG8E<&5!vx?&gqJrJJv0ZL6=40LO4O_ z$9RF_I4O+N5@#3P_s|Yt^Kqv9f-@0E$Po z_=!&wyWOS-W2nh#_$CMEI{ghyFD%rUJ;St6b_B*2C4oMH_7igjBrW5s3r#guLn&@v z*7+Y%G^D-za5(BV<#uwy@3oaPAP{r7Te_7IvR?Nx&m?5LnuMM>rzzR7+HOf;a)hk^ z&)T%vJ>zkIA??sfh@adwbo`mycF%2^4$AA6RC#?xH5$H6l=n?OXPH*tl&A(*7s3id zXktFGCTQ?6rC($m(H?x4bFcJz^h^Y;|BM^m_rkwgG`;(+SbkE`qD_1&x@1SB2TVr< zrqn_#wHN2#;`3U-yDKVfAx?j1M=fhTG;c6sER$}1#`*6wuF$}^-2ejhJY9f_%||v z%pfNQ)qLWrP}89?6(O8NHt7WV8hjAf6Ni~b3Wz-@K7?CKuWd}LB8esrCuO2xk-9?h zgJONN_a3c%ED>UXvYJ4Oo>z7}a`D*qx zx2@P4$2sV}URhR#^fo5NKn?`;DSL{KFQ_65!m&?-08f}oV_!Tz=?ZGzQjT(@JwhJ~ z<6E}Ks-T;dgDg4Hxlj6GopGa&yqZZtVJAuJjW!yWwz;6eGGl6KZha(Y?S;CbQJLk} zMuD6VWc#sw4)vZ)o`WHtR5K7K2ObN1gzZn-AqOTvsQBzg{$Yg(W&*A_%AD&PFHv<9 z5C!((;O&uk-scDO{k>k_6(;7CaWG0NU4A%|<_HkEOq~G))U{1drEmX*-x}rR*cKD$ zhdD=uF(-;P4q8=6_if>k;_|no0$iOZY);i384EqM0G!-`>Pj&X=5kBAd>durG?F zbaWyxK~Em7uV-vE;mT=(%|J~Xsuva~;*}!KO|>ZxC=jm5es(hK-ozHe_Kt~l9t>q%@pmUI_7bXF_-`x#Z^#Wen~sTB~|-s&Iw5%!zpHX(5?A zP`Uxt;6RZQ+5F!V$iolUaOsFzeCnnMdhkjq;-R^IB_db#?XE_Gr*+2*_yo z*-kQ%)BD~{yz!BKtu^WA`tOZ<^oiHx_guZ^esV*vKzce+Koi+g3g=Ctmq$vo;r8<$ zfnw4x)#|kplxVwoKY9|0xbi-kr1Bb;I-It;Bib7Ajl%+_iHM)vD;m3+Ma9d$BVk+RFl$bjlvrSmi@oVl`HBo~P0qcwrdjZhNNYL3*#KLLN z6v7M|QR8o%$tR(=WxeovQ*xVC7FMpH(ps#Ba5TH-kxz^6St?QxEsC*-S|_3eLFiE= z%B`Kvpd);LbRg)`VxT7|=_Uh|6O1_BP;_oGXDJgoO2A+YG)M&!%@L%Nd{qk1=6kH- zGHYa80(6!#0?)yGD#-MOeTtEGRed}nIuqJ+})kx6ewD}E#9KVt<=z# zLa~+t1^Q)?miB2MdEfW{`}W7O*)wP6$lT|;uUpR93s1~bSY5)iuSJRa$6Uwm&FDY) z(1hq7WJgoY!>Xvc#g2M!jk#NO!n~gJpwhoI{9O zdg+vn4p%+AOZLpyL!j_6OTDk&ZAm#laX#r#XR;~O605dby!gx5@O8-HdJjfi?5q5! z#Irq>-(EILbJ=5hX6`aAO&}=!E>^ptQ!iGj%GAK7_XoUXk=TvhYfX*tN@elix-; zd;i1<&A)#4V%IN|dn-xAVr$JN`N{+LRy)@$mRG#1s^6-Aqw~MC@Op&F|IkJ*WKLA1+Pb-!8KUo_exG=RlcI-6z`1@5ls|hu@hH*Ph?I)jx1R zH3$CM>11%u5^sYK zmUq25uu-k*%3Gec9nVdq-PT%y-|h)|H28Vh>Gg|08&k3Cik>6b8Y_j5*Ou-5)%V>e zeE4=gGN*1IBHup#7_W|6`Dg*8g}M`xuG%l4u7#cenx)>n>A&c zzgz|W54~Hoz1@Eg?+tjQrpIIJ7P0l{usz%Jzy8?!{rUYW@ORdDP@gY-HfUxSd!NdC z{1>Z!d@uJAU>f_CJ^cfE|8{W3JG^y!wwILjjH(2D#ZN^YSAWKwUi#hsF=gQWH5W8| zV|cHzbeW;SIip4_Ne`X5z8>9VQ*UqLx7m|Aeth1yaf7ny!{r9^*8cImqoGPQfzcxu4&(|FeVNKG=U|_N_ng*3>Oa+VN{^JPaq^vSh`NigmX?9NI*yLFo?W6Sex*eF zCe=Q;J(5|kdUt5i*5;=2k0)OG!8~Woh`NLJ)DXv#16nS69#*uH_rBM)J zj{r45%D-5-c<01Ak_WMiO9YJ+eri{j*>@XuXM46A-UF=dzeU#nBE+4ms9QJOG4$G3 zO>Q2LKCF}5T@IYmvAw#*>Eq%iPI|y(eAjbfmZJ)YfrRpJ*$rv){U_8`);Zn*&yEze6rKR{5iGJ#yo{^IPmq z`~-eFvE^}Vu#|Ds#z=h0jmzHt`6IuWF4O^kTs(iW+u<0s@%Z9qXM0{f^Y;5?n7P91 z^UVp-5hnx;3J%s#%M*~L3@V#&-(CtLOi zNT${Qd;+hY?P#dYqMC2Kztht_x$0r}`u-l#=2YiOi-$>1aI?#LhA2;*IyiF5Gw&p1 z#WKN&RW6^WisZu;%;5X&zFJ*-;4Z)SXuF-y{O7-%ez)D~&e1hpn%=$Gy2rIH@_SE4 z4;dR`Dlc7k`ZPQCS7OVmjf1OBAFn?zJGI2tt=q%eZGkV>@V?IRl;qZCT_?}jcxUYl zsNsS|!&aEbhOp8tW;|@LZq&_@TX%e(efHJQZ9khZ*6PkVYTdJkOV#;)+nDO5Ztgub zXnC~*-oYOjmo}|4xa4ZQ);S9`an4T7hOuYf88Uz6>bfC8$pLV>VJ|&CZ+tf#P zug2!NxA$F{^^0svy(I@q&Kl{8TO9SSwau4a(qV~q!Mb1EpIVMQkhlI|hdsR1FKgxe zA;0Ugr1rZr-StOpIPLv8eW*h%YK(pR#Z7w;Pdxsaqvv>tw^}tQVLR8b+Lhfi1O1<9 z-hBG3Uvpa33ci}RobNfq-+nDy`M#s>(rw-7x5*Zz@OqnD&pQ7=gl?#7e5BYqZ_aP; z8sDcC7k+3l*^ccFQzoX9>F>$H!m)W$fHK9ZC_u zKHgsMr%$F&TiLM67G&Fs9;@4#`)f-xnb7N2AoR9V!f?#Gkx56k<`$lh;#Yw+4& zxs#)7w#o4o`@7bg5UgLrXnwOyL$UCNeWbnUT;pbIsn0u?nj7sKw>LF+SB2g$S)yF+ z{lnh}o0n-KpIv9C?ruvz@O65`_(tE4*gywRYge^I7xhokG|njhO9rxs10dZbJ#q4&EaesN=oBQ{#_{ zHAC(nl9YEl0v$)Ki)`H=@~|g&t=P%!zrv@@gHAXO*JyQ}+sSoojS7~{Fe6W~A>#(k z(f-hG@V=jS7V%a*0N?A{=;BW2yo=wLdUMF&E*;voU2tpI&CVq{WXc&di&hSb%&s?N zPctko^W($XKj^Y^@rk2foxV16Zn+gB%E}ge^Tvt+)y|Hvw_R6$b;o?|y7Q+*H+BD^ zeLxN$ZgK)!UaHlcnl;wcrKZ2vX*u6D*IvDH_m4ZaTHa-%W_QK64m6*$uTd!o+5GU5 zwd;UN+wV^5`1C1Pe^u{{0`@M!0g`A474YddmrjT5);Zv6bTs++LdoMYqP z{Qj)&Mw?@IZUJStu7`QT*~F*d(RY^+)guRXG0NnC72S4Jx}xr1|Km*_Megy83*XcY z4w^h=*3<#N-Mle;-m0_9#&6%(Mp|P)zB%4{QOT83Dzo*jcw1zm^!C~P^XJyMuzPWxX@R@uL-)(v<(oDynYvu@HC6Yf zJ6t4e9eX-0tLiKYuE*PaiQSz07Sn*6x>g7nxR< zm#cxf`hH!yJas}dF3o<^IvX**{kzw^1Di8 z7cZMNaKwhv@0Q-<8(MaSR?(-OW@%BW4MSt`Ym+PoevN0*%JN0Jp>Mau*|Os+ z4AXqqsFHhkx2emo-TR(NPA{{jzppKPM(&(Gz4E4-BUX?9rF=iUPuUaEJEt4e`Z~6K zefb6JVzNoPGHUordGKlc9NSu@vl#rE~MH`05kE8G3)S;>=@(~&J>x_tHl@Nj+GqgOtha(8*v z<^G6U|+K2snQ+H^Va z_R;l^zgso#?adW>5F6gV*q!J;ppv~pZ*{Zx7q?37J#b{&_4!w1{KMZNp>i%# zd2HG7f?jn8*AMo1a=p$2OS30q+Fs_aR{6BnSKCWN-`~Fvw!79n<9rsY+?w5A_YyjG zsbyj0Ok%?1x9n5;w_3=w%YN9hWzCPi`K-+Rhfk_VzMA$ewz^75s5~#arfyAQesg`9 zwfG6GW}P&q1fK;}itn>E*SoG%cO5Nz_m)cVc*NU7GTo5rrK{8Nj&mQx1MEW%OuvY$OD7ZWhzwukmi`@@I`j#3bZt~%0iSL+WXHrv+ z55M%mnZ@O2^~rT?S*^*?1*6-{Y{0pu{#17Qhm)ptVx=)zleP`3vcpDgVK=rK*QxFC zYhz9Y+!H`8GsmKCTsPEg;?H~n8+#(#y8Kqr;*Z-{-kzKtZx0`P_gU`JhGZ|%70-b- z=PMojCBAG!zbAS3{WV|o>oN9GlYv(c59*#yH8}KM89F>>+Qs9l{#ExpHczP2^WeL^ z0y~<1Tzy-({FOz#_x1?S%)7Af-l3m1O)0%gR;6M|Q3q#_M~k!P?S`F`_CJ~1rW3ZP z-Kds$VsyE-XNly+1|vHW7n2W~b)hapjYO&=2mGFifv@gJ7j}N&nKbYNBptNDwI=@j zpw(Do-FXYV%Xf71Tc)o?G!yOj)!`v)I!<54x4fN-_$HrzfA+5LAD!tv{HsrQecJt8 zsd<+Vb>}bktnJgjQr~mS+P-mbY5$q=_PfhGbyhCZ$oKjB>07>5^jbRgB(?Fu`73i6 z>-vZOikHi`T49~HR{eB+*CYKq)~~U-%hcPIH&kEW>ci#-j$JtHo$!Wi_+Z_JuWFq0 zm)srgTyaP93$b%057lp7J4jd5^)3I!8u{jo>~zodXy#qzp_!k)eeK6B^3EM*O|S4< z&zZgwOEnj}y?OY97}2xZ;_e$|rh_vcHd=nyIz2^-sAF$n^t##HeYJhG?46Bm1~mgj zt-pgmYP;rf=f}{QC20TmH-MgU-a(@;mGPAL@mT9&Or5)}uJ{@qg(ZJOAzck*^tXcQ^jo+R7!55RQx6Q3? z^vN>(&fC7O*m&GB%`XF*R8uy&mbjCt8ossU_W8GKeO%$}yjo>y&mLVdKYE>_+;roL z3i#D!`<8z0y-&8A*RJ!eQq6+1J4HX@4t(DnE4p7cShT*y+@0{=_Xn8Q-`MAGakoyz zAG+;0Gp$sKC#tcLb0ddUm(05s`hI;ScKI(olz~fzC5oXQtF!rjpKoBl^?SN;P4en5 zMU`v5U9)cw%h_?6uaEUBzhnESvyLY}z1`;v-jwgYICT0@jZJKf95(sw-ao0y5k<15 zb?UpGy;r8A>}Gtz+Rkr@)(_}99$iu;>;1N_DiyhT^W7i5OfLofJC0_mS0DW3x=%=l zXHP`xka?CIg^qXZ4Ew5gkvOS3yN)Z*eeuloX1j*(e95k3jLSb83HEf4#+mpcTj zR6hIGtOkqFGqOe(tK4&TnzR4HE@beG8bd!hrd#&m)04ZNeLJyw$e}<$YL!3x^39%)CLY_Zw@AMqR=@t!d7b<#E)HU=R9(NM%G5Qy_3*G!;Lz--Jw4}n zKKVe1!OjJ3%U$U3Wus`!W%^=E;HQ%7dU(Ei_p2(}6SD~WnBOE{)!sJsJIgP3(&c8r zQ+LGLS5sLIPBI_Ayg6_Juli)ieS`6CQ_gpIw?4Mtv+}y(vb9&u{1IOXxT0&uzIlM%rfU2NT*>QL>)~uL@MF5`)?t960jxCTzEH z4LW;kAHF^l;VrHCBv3nWBGTk*{`B9_BP-40oRi->{ob}_mWu(Eca8n&vop#pva4p% zrc;~uU<)SsTX?Z6D*`P7N7i4g^WOZguGd2<|A?-rwTwUfWBMrB9%-|417-+sX$F@&*8S-AVeP=`HK#(Nx0etV#Bu2-4#!Agi+0{g*yL4L zFUe{M&Yz!FZEJlvx~@9ry)!ZS>8zgCe zoF^}Wmd`8~hN<$ zu^QZ2w)B04Wb*j!#}8$i6|I63WBw6biaJ(VBn4-x`Ya|}{!pCRM-WPKTex|}&ZvEl` zSEW9p-J9FSZ}~}5MRIhfabU&e-*I0LIJAA>rS|1{>2Yrlt1Q-(1V4;t67^@)u2`W) z!*|EjTQuV6DAj$@Pu3wTKO+02^?3884XumI<}cT4b$jQr*v&xt%l`2iE#9*TH;#U9 zXSMI>4r3}-JX9?*gVlX`uafIVE#yk6jSn7--_(b!vlJZBcVLf711275j9;$6E$P2} zi>AiYC0h?C>ET}tx!kB$_d##e=u+p$p&W$IODe+!JIBopm zM1_vC-sz>jb8~04)0eVZqC$(UhtPM4p`VYadv)=eA%~DI-L3XcKg^i7ySD_G*?WO) z$x@Fw;E)ZhP|HiMJ$psaF7(O4p1JxX%?C9<+RGolo2z7LHs|W)^(!B&Tzo8|uQ-vc zI_AqF(XhIA6??NyON95!Djj^MY;~mc<|nkK(#KzOUs4!&zl@;q*~9(;`QGPB*IIP0 z^1Kf7-P$Q<>xb^KtDCo7wc?wZbE=`=yh~nQ(PpTs)a(|&c2`i_<|=q~Eygb{*BV%H zcZr)Vo9E69c+jHC(DfCm5{u97o-$fEf&X2@2g?uoF0KFa%#6etcc#vX)$NZ=ntHX_ zFTUkfZgrfTs=NP<*vw;>ruM0(P}8O*j}JV8gr}NpeLAe?`jT@xSk87iH->3Z@9?A+ z@75epWpKXo(7-qMy!U1g{*6Q`HLTOVvuN^Fi#1 z8u>Lg_nU{apH09&fv4SOWP{r2zNxa}i*pq%7pB(wrONE(mnOBCzSe%5d+^?oxkDAr zLWaK965|$rTlQu{_os`-Glo*vPMeQ?6KOb04o&XVR2`gkWP+4x(c;a|Zx3k_*F4hh z?KEuUrMlkF&ySl|si~sn%GfG!L&HXmI(2?j4l_>znp6?*bxzi|H?`Mp+Ejkxy{}PU zw{rWS2P@(O;MTvDM^0{O{n^?fA8+mJRaN9_R%>2r!KkiTR6NJ^PK^~Kd!7Dhi0jbLrlSlOL5W^DK5@={I9t`9>9a9qC$MttIS-Ht`GtZq}c2*%Z02 zxHov8;bHFRgpR@Qs!rmzR*RRf)lq&}JZI68w$sp+>B{rE9%^#DdB?@iwse|Vro&vt zrj`a*`Sv@ju034+7sb8VzxM0*#ccJoM>qP7+t2&z&YhWPY5OPpeZR^_64$C+Xmw)z z=BL9iEzL}tw|f8N(tA$El_$WPjf$pJntGV3So744(u*#%8PuXgiVz;@v!T5-H)2if z`ZxE4;WAr=7qIIsw7y?1);>Ju_)@6x(x+gxadZ9s$nodaEPJEnhWEW553Z!mS-7`q*$?xfh(7`Gd ziT8%qZ!_xrmHQVa9F9+&n|rS{wX8yVT(q)8&9d}mH#;7vHhF#AD&6S z73GycuFU9mwer>FV~)1|;ZV3PTJ9Dz$+)z}{`DsZ&g=dJ>$vjxgGH&w7kuGo57sr3 zTspPtOO@5qY5m0p!s#pm{yJUWnm)QQA7B5W2B0!^ z7VZ3LZK&3oki7M>N24X~X73%^_?8BmSpD2*eXE`yTK{gfy64tDy0y9TuBH#pRdk|b zmQ33U>3mJ6I(N^zGom56y|PP*Y>ZQ}JuB}(w1K)lvKjCFQwUjU$c%O?4+w}6SQhxA zPn{zz-g!IO)AIH<;NXVYZo}mbqbK|})!sW+?t$$7=oW`2e!+Xv9QnFLyI$|MYycQmo_@1I=|iSleXGf)jBQu>!`AJTb3W+tuxwky zmVxzt;Xi3SvKokp23%{XS#vNv;e720Q~N%>eLP)v;wa^zud{oa{`TvM#cS)A5q0^| z_;l2SS>Jx}&hbuzYAt}eCrW&sFE!kM^5@?UH0;yyC)>xVN9x=CKgxf+puB(Y_R<{; z-p2PPSA93!_fi09;#xre&~Qd>Snav(iKW}$J&pbNPO3jYxbeMtTff-b<)E{xRd2lo zJi5T_m{DbhZVQ5aeDbHtb2#(1eG9>n$JU>sTJ>#t?e2*i-?e??Sfhbkd$zLvRJvOS z;r7oPPOYp>4h?rt_8?1qdvxigpLYD#ruvosvn$md@bz1(5%v0>zLE6WXEzgNtY6MO z|LL4Y>p$9}crs(d{L)=};h)y{b@kAW-<({$7|pGm`_cZMDh;{Vba><0RO5}t_GgIO z_kQg9XmzLjj$4MwJpAYK+dh8y;GXr<^DA|R;oCooe6+(S_C`BA7_{Wln9s!b%QWC0 z&sJ^JxY5tMj#OVdZ`%)ZdmZny#dt__*|(6aXlQtE;{9^(_nOk9{N|Z^8;nlQ=|(7c zAB@cZz>FB&xZHu2OFLXnzI(Ys8ER1ZF7>N)V~&<=S*S)+vybx|OcFgf%_0%&eReQThxCydkleK%r zMGJcLp$0VD{%CO1^`(ba>CyH?$HTi-nikSpQsDY9;=DNBWle*AAd6Nd~(Vj=+c+XI(=3v z9v#u!ylQ?EkMTlmL9)0H!4 zwC26{j^m55J2x)fclf99gOP_yp4?rr*AZ*kj>obceZig$6HiND$hB?Q@a}1RP^B@6 zT7w-$+Gdp|oNCoGR_B{GSJ!R)TCDnEF|vH8rBsa z=^ zH{AvFzuM~lz-rU9%>8jg&%IM^ay4C<8p9LiR`qFIH#gxp)=2#Awa7@};m5ws$*pGw zO!@Y-{?3ST->hl5{pYqkqGgkf7kb!~ofP&Jo&giZrnz+c?D@mtO{r+UPu-70zTr(3F~ z^sg(%H9t7E*)ijf$C-M%3(c;so^^l10{Ay7I4b&nd)4012h0lJuhoyuk#-MvOz%4^ z;rmKo*!JYt>%;UlhMa#NoAoeR@f+%fa@$W&9%SluKi-A!`u?ct)22hVW!^t?;s~&0 z%L<^~JNMU?95ZUlmH6dv&i%Y{SF4P$qv>1uQ?st5Z$P-i>X~;he{@Rd2|PXA?J&pPd-Tz%s*iS< zd*3$oOZ6IcBetf@j!$>}CgLgPH|&46_Kw-Q{`-5*NI#U>8<6{V4P2r95Xwyqb{|#c zNZYfYJ!}1W>xipCpZwJy`@VI5#W&+8f^$DT>=yNzvA5e1F0yRYkeXjAKU}+{_v7xh zE`P{1Tc1Og9Pw_tu)BHRIni>he=EJU?1u}>&tDijzTo1lp~;a1qv$ZW?TiE4dq&&V zzcOZyxZzpJ`0MMJD4gY8%Rd+@DA9r`ajoB8K^v&kuT@0p);m`9D8FXUm0st1NSN&l zNoKJjm>ifJ|FWPW(;=ZB%ed>{=*4R(jh3Ib zwdt#*zB1GmPH%JV#O{yW*CywV1rR_ST3t z)h4zeeeK_h@9eGavY_b?Z=L*U?8fF_o9i5!O%ClESiS2+qXuKXsA`;25PwguU$|>79O!k)`g6Mc6x{mN0p@G{$_~SRYu)+Yxaz&S53E#G+H+-{ zSPx%lfwlX{dhoQ~_8!eQcg9QC?S1ufiADBZJDvEh!Hqu9ZabR}O>MA6D>F|WF}7aG zvOm_S{KmRL!)_nlvAelrwEx}E!(W>99O-7deDS7a>6P-g?ma#FV`jMj@oyh&T=Dtc zHot9e$!#q4>_lMpV}kT1``!NX=(o?lntkh|=8W>c|EZJ;JuFJH!Ay4&OEg0AR=kRwI-r4o-qJ;~S zAHMa*2NT8aF#z>hU*?Tc^g{B(ri&I2Sif=Xp&RgnJ6|`s#H<}l9I6c0>VCVHRlA8b zv~Hl;QfmLeTNB@{Y^yRy@cr8#wN&jM`I)Qh+C}w$m|?^K72DxEstebeB;d!kYM$_&n4@`>wA zJR|c{_^>S&)f7aX9=IoZrp!i^v@42n4wYjUXFejCcN8pj-*P7O(U0W zS@W2NAD!Q|>&*V+st0Y4Rf$)f|87gCgKPlJIT(8b-!E@>x9Yb|3Ej7kCLr%D-S_Ro z{lJXz`>&R9MUVgT;l*AJ?xw1p|LWSaAHR_In|rhNr-RA>Tib4*oNQ1eUg5RsdL_3p zd&?efcm3c-C>)EIXy38XsU7^C?WP}Yn%_8J_2ixtI-jexF1i0wi>d?HNfmEQ*|>eZ zdfcEIB_=|>8%@kk{n|IL)7l*}`M5rxeEG$NFOT+)3+E~L9i$6SQ!^@;IlZFZ=%w!R z@O?#-_!sNteP=#tSGMX|XR2@O0aUjiKRGXh*50K$JnnW$U8>EGI}}e%EjPYv>29}d z`R!WuLG61VSTOQx--Dxv?_WQE(*VU+7r*{>!1Z!t_E$c-YrbdA#nQ~GN&YEx^(Ey^ z)jwag;_X$)(2YRhIDAj+~wSc_cV)OY1@U%8Ly% za+{FJzOBl3pB!HQRo{-^*SuVwU3ci6i9bY4mZwEM$5!9|Rg0BxE*E{4-1E$Vwzf>r zUMIdr_NbdY?xa|I`R|Ckbl2a?lrjosC4jVgCC!1^RLH5y! zB=q?8t55Xm>-n+`c;Q*idLJ}fP+c+aqvN%_Wv%P_x#d+(y8wxjgxU#n~k~N zJ%^7D1U04W?)il`aO|WXewiX`|Jj<>=g|aWzwyhkVe3bn8wExa9i79EJ^S2Wt>WnC zn|HcoYo@+kBnK5_E0!mmSor)=$RmQ@8dSte)&Shpj3rsCoEZ_lOS%maFA$wW9vL zfeyIt)}69cnc=g*z@y#3+XldfRN@#P;*ZB+67ZI>lS z*N%;DJhr*-ht0p1eLu!LBsKk9e&JW4-nc-r?n&?m%j!qxx27f?sCL5f^Ok2d&bM=~ z8`?D2<{|hSIpFr@#4i^n|N8OIdp}7PesR9vpWh+!+s0(ADet#ee{^|}{4GthQkNps zbo@Q##y8$OwZ}Db<>KrCVJE}68b`6foPHG=m6S@GE}SrV!iRcbvu0PXo=*qG=IqrT ztUd-Fdf4=&9(BO;>ByqmRLS0;an&T|;J~lSQf`nIc90G1R-)uF{|w~pxyD~iZIl^3 zZAV6>DSji^VhW71+;$0Tz}Fx+5_7X z6Ms4X;r?<9w$<0)3s!{p^q%wnZvD{7vUXHhA+tiv1kVYIgp#XV1~_ zvE}W{ui7V#U$1dM5wZ@xKjdtQab>2=V-D9nJ|@|Ikfhe~@CT1Obw03SVV5_4{P3sQ z?UxN}aDPY1@A;uwUy_2MU3&EGRBb~O#4zW=$<`yC{_Y*LU5S6=cuT6Z^KX9rj6-@HIjgQDt#uPTo0&I{M90--RKkhNOr0v`lPt5xUiV z__pvVchdzF-aIjXB_Ig(vl>H6T4ZzZaf5yxwsDZ8~RwYPTM5S2sA zHfi(`vCF5@%yi?SpsWdRqb>WNVUG!u6w3|H&9#XZz32*Ze zl{+^W*lqt8<8QUD@%gmrT)pm}jIY{b+q%9hc8mvjBi@=fqD+sLW#lCv+fP<*+9!J< ziwt?#@%H|WJ?F8zyYG9a#LQ-I{?eu+ztLC1=G(B|A4tkA)t8-RZuQQ!UasZDm=?*c zr8X&wxY~m!{I-1~g6N0}!)n-vogAzv^W^(e3sMmOr;pl>ncBD7)6L_-I!^JqE%h6} z<#e^KkUf6`Xw}o$qv=;$oASDsX;G^2(AzAIuvA zuD?!~{~)S1}Mc#m@)9L&d#+Ddls(d4M2)R_{KcDYw{8&HBb zWcl)1^E9UG*v%7@(-q212zDQ@(2aFHEq`n4*(u*uozY^aXUmB?&a$hgR7dA+zvcQ2 zZ`en_)~Cg`Hg~UV`DF&E>?of!K+7F0vE=BlhaZ)1c;jHj@6PvKf8nBL z?fV;*n=(Vbuhehwz0C_7@@q`#u41KM?(>sODi2!3)@+w$(RjR(Ho6Ry*8CzzSiSAJ<%-E+dL*Osaezy0uh zU`k+Ht%3VYC-2W+^3fOHn_Eum`cALw3qL>8xR3JQ+0>>DOFr*>B6sEOZPO$6UTfC3 z%)1=(7ry;v!$i6Y^LTNeZpm6}O3p6XrTkToj(PMO_aV064Eyu#GrN=L+icLy7<_t4 zI|OX0D)aWtY1zSm_|wUIM4R5NlX<($cZTa~%d*qf4YN#Cy6fC;8f*J{K1gMI{w=0^9TA)4f<5899w4i$8Xx6K1$YZ z{rR%NRWnz06(nDleEVUUniIsU?Hj}9lyJk@Sl4Y0c3Ox2q8mG_>b|j`&RmL(Jy@a* zceljbwOcVe(~`C0$FZUvbGl-`o^Pt&HPmD{FmKS*ZC3v0-RMz^7FzEQsqvuirH-)w zjfumqT>bP(Vs))CAG$9DZq@03xAdmo(Gh}9L*$65`@k7R63f0y)dB;*IVKxRfT2UT z-YS2tNbzfHAsE{_>s0x>gFdS~px>LkzPsgggDurdyxAQWg7GSQ1}-y?l8!pC=t%sH zCHqdVpIu>%zg=QRvR9d0Q~k)Bdxo{2wCZ|t)pdWhugguY^Wb1jjRUPvuZ|kKY8$_P zPx{KWo!0nZM*Sy^%bK&1Ll=zzu7)={j$&QkFH3)QL{-?VC*1ew0o^0>%wDKf7skD zb+{(B+Z)Fl#CQEXB|64rzt}hFmUh`%H2tf0#ckRdTXfcu*Wd>aOv2`raG~ZP_yATu zis$d0n3MhJ*jGOdfe71j%d>$G-ru)x>}GYhAKyH5wK zn(f!=i*vVb-apGuK7QgtqFSckz7|i`ZF%_H8^3mIzkE%j(r*Ymh&u>74y?(bVinu~Qid^Yb zH0(+hDu+V3qL-}~di(l_TP2GU#WUsp^Gp?a{e{l7E-o#eqzO=UO{bHdggY8Zc_OI} z?r50*^3L{Nf5PL9X8Esv7XDB2eI6H+EPM=kT!pzzdJ41ZPv!WLWRhPH2EIG!<@j{k zA4>Tng;{>B$1mp?D~zttmaB02c{l$wvxTmkP`ogXL}8|iT!q1;ir-=3cTe%XFNet# z`r}R&Cb7_Qrid$yp{V%X7V(P;J$U&k=8N?y{@AW4ns{EN`2ND}V9e$Ad3fO{( z72XV87<@rsirXwQoApKRkiRew#c#`3_*vYqf+%$;zFV74KJUBN&!!9SGxhuIyIzc> za5oITCK0N_wGOZ3JQ{f^l|@W6;(5{OaIn4G)&7O3b%=#t$!(FagGl+jMY9GJNo5_2 zq;jQKES9<49+5{X7s_dc$L$u#1Ok!UBXGMtN|{$Kkcq^MP@(V$l}e>sETIKnxm>1{ zF=CIhxDxEGiIzp(KLpaWJR`g%%X@;jq<;XH@~v z03h(hvhH z5sM0EUG~DaO&XxZS`H}u=VR2?Ag0zzF^x9l3|n)~!bK;AdT~hbya#X=x9QY)3_~yu zM;t6^lM37sYo38Q)?BEo51=U=PO5?8%3u}`{!sxk(;}q+Lk%H!gp4`Ep@73q#%Pg* zCG1v#ORdbg?4%TjBzA-XML31#4EaJM0bBs!p=hBH`@PUW;etXL$I@UH&V$+)Lv>JK z$V%a)gHwSH#7Yo4loP6cA2tkW=`fxKa4N_dxaSr0XdV(XVt3m4doQJFr=7?ULWsiD zp?u*x?GPz*?n3Vhy$v~G$nP;jg=uky++k}PaEL5fO&(-kO}5JK3+T*X4o5%{hW_h| z(NkdJMO~cI{&AhPgq0bfFh_{ft`)d!&X_}_D*RNYF;pdF)V_>691?hn#m0aN#oqfO?lT6*R!Sq%)-pD>1Q@#En+BN}e=GQHv^S zNQ;yFSQHA#P>Ifz7o(^%tPcu2>ICYdk~GO_ZCDbI@Nq{n4}i+Fm=z~^7)E;JwAQB6 zc_k8k2y|0kRZieGhH|ke2kWd3pPeR^5upIi@Y!HSo1o+#%8({l708DjaTGLi8~_Id zj=VRc)P=$>Olq;~QJY62k|G|P0Jm!cJhRTL!UT-lo)M;{S(!i?_NfF87h;p?bOBlu z&^ZvE)~?19v`hg6WLa}4n2uW<;vkwwoibEvh$z#^q$pv{AR&v}9g}$?JVI<2FsvaA zrG>#T=hN_{F_T{@L4ra$Qo{VBvo=9T|M4~L= z=P@Ri2v5Qwhk~HXSXi4dl%POk@f+0;3JCNn(88N7yaWdaAjL993Mi1!@FCE`6>fs~ z`4_KWLxQLl0sSnfcrGfhOFJHlL&)>bjx0`LVmtr}0X$FSYyr^w{AM$bsu9q}LS!^( zBqK4MlVWj?+8L*^N10VvjW&#HVYS4mkJ@Q!eL#f>tQ0R4FWym_finMh}j}2#K6zvt*vbf@Xu;;z{P9gjVKEyFfKa z@x>6&o>dvlWIC_1YUMdAFM6Z;WsI_EYd@vy|F5jh1xCKylS zJYI(HNy}8`I76@|IATZR7JW#e3R77#;Xw>3waElpjIs!3atB19Tp^4LfRrYk7O`o< zsIg~QQWzFw7`q#BKQpEXJGeNw(HK`34*6V!nGt11DAbkyo%3TpO+$^wf- z!2hm|RH=LcHl(~)+6ab-;9ns|Re%_dr2edlh@c>=ra=1(Jd08Qs!|DQq0{FqMou&v zqirF9(?(>~dC>U^^w7|2byV66T>w8qfU*TC_oz4lX9%EKJV0atBT^831acJ$^M%`< z7Z%F$c;4W`QOlokKd3d}WRO#FFL6H$k&I1gbJ)n3I|t!_%O;E!t2UfWa%$pvB?QfC zU$68^J3+;&jb$REFw$BNX(wsOVlacCnLxNFW~b#T$+rOr-4`*VAp0@RW2%HFg%ZIggz^z(aT*K zR+`fJy%}qQ&ichLn@sUNL7tpTsFPVFCdRdD72n73U6hM2m1=FVd>H3BfMn`hyv7K;d-3X&WaIDm|{OI)RwNDw%+a@jx=KNJn^f ztshs~jTx7mT_WJ zyeXxQ@^vPchDOMw*vwD2`C!AYQD>IQWGIGZjR?fd8oaB?)8zge7bR^mqBxI)xeK@>+tj z$Ww?2R1i)wrM9^8Q2Ldoa^|5B`)}$3E}2RjL*4%oUj7?&0sawQqW_3%1?p75Jw&2Y z1w~#cl#V7MDn`#)GJuokph$-aH55dRgB>_RTQyFVSd!A{wPf6asA0zHxBHY#I&L#y zpdB;hBP`!<;Da8CD5Ny#!=9YaBzBUftQfFhny^<-X%Qlov+#W)h+`m9>L@4>7}mxN z)__Uk*A&FotKvtr36mI)!48Xo5WB5*QP8iFD5X{@FTyn1CTftU?jK@BWyYe z-{FwwTnSA^t&!?%Hj^&k(%OVBcP689c=P!PB*`RoambSNT7)u(!kG*S2!$ZbN6bFA z4&Z4KvsH#UEiOwcB+$4Z0WW4T#EF2DR7)s17cvP7vlI{-c|K4=lWD6j%I4KdN5CUU zlMcR3=EV6@Ihqvb6E*;g=G{Jh(oZW9i4=E8WrP_s;YOKEXqC|p*r_#Hlb|;v3CUrL zjh9gtdXZ&BtifO-0tvm(8YN65Wx`Ds+0=*;b z2(T_6mzT&)g0w&i@gXT1*Dy|=9kU@}8kE2YKW5Jag%FR@I>J&r;FU2%$m@~iw3%=q zjzL+*8P149K1H5$OXx6cSBY4T7jc;N0%z2RTGTdK&gV--O+i+yj{3!Rr_&R`y&0_t z!vIMPb=nR3EXIgrDuE6TiPexLuZ~6dPNgHE%t>5EO5@Jyw4tchXh4iYP6VnFq$Ebg zH3dUP7h|mI5FbmT`mh49!g>(2LNP)r7bMfl6wjD;gP&e z8BK~pA|oBh1x%@goK4#qMJShpC_}~{pp62^VC2h{IsidPJeI_L87qidJ?U&(DwdO^ zG^k>vR?xx0Ov0`JGeFG0k5Wq5MRS>q&4;K$F0C%W_<~+hI1!YCxhxq9A&frA(wTyq zL$C-IpkZ+uO2|>AE=h)r5x+>D%7IBnPlcVFOdd|TTymo!RUj7;Tvx!SWJZ-xdt69T zP0OUp2tVMF<6I1gN&Nw>1<%O&Dz7%J#wf4PL#Mn>m0IG&Md651V%7!~BxNOyK8xK4 z^7H|1G%b~0q4kBPkn*+5uc^im9U+)-5tQT``@- zY>^2Pmbfab!~M94)5>kE-z{@th|1!#;dY-frihE(3185NINh>TlGO*Iu*ghBwK*J6 zdwF>Qn@k&dT@a3k*n@P4GiXP~z8PDLomalrEXq z!t&zkATE@r)oynv52O)=JYu%$MHwY1`<)tKP^j45;6%BKLixJTrhP({YDG|mz@+A)@dG7s{#&@m1ESZv_oWJX_13v)V>g=`UmvLy>O}k zue>US)(BdZjXA_YR-gMDkBbV*Ic$XnZHB@_4T9oM&^BwDfhC-ta9}#l0RaWmS5u%w zHq7P|Fd9&%&ncfflH7J{h6$^JF1sN@tCfC-jVpE_rSu{L=gx!rm!5*(y#xi*8vzQF zXoMgKsw%ugv_J=lyj(8#Dck=U3s0U8CoF~DTA%k8XDM|kBzyX$9grTp&-oW1^&iP9oegTD5s`!-{bo;?5k@6KIWGzLGWoRK zVN^g#nq)*t6Ky6kW^pVT<2<%p+K5JEBFvu^B~(!%?erA@AY<0E20g>mYegKNlc2IF zE)HsAI*~jNn2c#qtIP;vLBbFb#;i6XV@0f5EL&JD3O^6bdZIZCVljtua!BIkXEBM7 zG-~-dXUHj%a!N8Jvzif9sI@pPBEUrR{AP|LG!B=O(j^LXNKHwN2~k)XkJ?>~AtjZ- zi3kqn4AB6{3rJ0~DX{Lj81cCuNU`pan zsXVCA1ar2a%jAXbh5BOhB&N_s5(rB{ZWmV z#I>?yUSm%KEZ@dC0ud9f^7<)*j)Xa>PzR-58NR?p@HIMypOgngYKhCt+6b2PxZ$W9 zWBeuwEeP0hLII)GJ001e!L1a=fQ(wJ$rvGlPOeXQX(^IswF;QlG}5$cdr_ejFiq9xfOZ zu_`gCAmn+_VXy}rVM!V-W`iKtbH#U*^u;wq>+ zpERe}xTGq#J*$zpkpwIV#+|mLT$Bs(MDZ9O7H3^7KSa_5UskZMIG-0#YZw#A;t&X` z1CD&bcmQ80I^=~j0xez@z5r-?;Wo!#_}D2BDP|+D91<`55u^%`$#fZ|Ryk2bJf48`+TVZ|Dx0ior$tCg_x&LDU61kTO139^n9^9Ogr#22{Sfb z+Q-Wj&^O|-CXC)ZF0ttJK|@FcxdAkobw~}kk`;thHmzIeBI8k#7qev};RKrUMOX*r z^>RT)$mo)2{T!R2M0p(+5!?9+za-{CHM~$rF7dKrg(?D=X#*pZV_IE08J64qJTIk4 zDCF+2!6x+j3AM;6lHjzl;iTwgn~jy zGOZ9RypAmB0eDdXt+ff00hvwgAkwE!{Tx4ngsp0^j&oyqzdUTw>moch zrqavwoPzE0-(jyh6s29E|Af2$5pxsIG1v1u=E6vZwZR z{}JYb9H99fy_nb0OY@RR{z1Q}*DPWRdlu6Pet&jdAz% z9Kr(svaryX3rhhOSAbdF^F<~JWPGSy?}_UuDk}8EEjpbE7JG=COBa&+^u|yq3BhIr z2c5abr7^l#r}X<&-gee2x6!7EJ;FciCz$KNh}tgE)f)26bcz&0co*59YC#u zP|{&W9YVsK@*rH&7=;osUOJ;9sh9|hKxxXCl*Cj?e?}Qh+ub2+9s$)kb3nr6V`2fL zNYO+PfD3O)4vUnqT&cXAyB?6rZr(;5=%}O(p{|;w0e%AMb z=(-|qPZ4VUZ>a8ni@w=n&q7@EJNkn0tXmt7>IrSSu+Ss9M9>jp@_&oI$^VbgH^~9I zSKhyz_H{tS3ZJ7Gs>-{?)|{g_AI1!+tp3-q?T?g|>?@KB;Hu)36+HWTVWEtp|1O<} z0;yM?QUrY+NJD8y9(4l0+w57KUPTH46@=Ifql;N_Ghj5z^972V4ceuF zR6HHFD~v&($!Bte)I1(;Pm1z>vxK8VuolI$un)3&GkRMzX!S-kQ3I_sxY?jG6NpMI zs+1VO$+RJ{_4~cN#kPG~4UEoiZ|0dbvMXm?vRKnNGg&sr z1VI9@D%3iKIN?NXHlx8C_wZ4hFp>)4xFszKdVGi;ljS|QoR$a;Qa3|~Fed?tLN-m< zPX?9ISU7KxxeW?Y)Sy?zfN;))MIx+UCx#G-(5k_0s8cQssC;In5jVM5oOA?oMz7yV zI`TQW!ljmhN**5b`15ML1N3Y41gEyEbmDBm_5#8N)M}S1%$W!$a^(F=Qb+Qoupfvpgsj^P?OLe{s?-m*g&?G641ovx+aRq`HGKgJvL*60^MQDG4(u%Ud=OGnX zz><0Fx%&Wk?ms{M-`yEID<}ulP_1v zb8_wcQ%^~eGU~pFLKc}iJ3MP0|+8a#<5uY|4w}L5E zkdOysT6ZqtV|-dIjOOABr_}=!h}5pdg@iw6i32GSUm=$jL=sXIpe#y-qKW{@b3|<* z93T~LbxcA8bn>(^py1htP8$y%KAu}f;|iT3lLtv7-->;2$$bb>@qoB@f0C_>76U$o|881M`QBN3DxKe4aj+gg{ zS(Hx)#UTqu>r=V{Aw>}tkPF3eQ3^|Vb%AsyUV!a*)EHwFDocW~W^-Bw56A7Hg4Pr% zBD9Bc%6(K!m$mA&JTn!E*gY{eqqJ&t)~w5%Apy`&<&rtt;!;LYtH%z(NhXCO9zvHk zdsK+Qqw*CVYE27sd9yZ{Q8U^o&j%?fbu!{3L>!01Voo1GHTJY8!TL_B5-iTKilUF>pDJO`7{g@Uxh9e`<<(}ihix5jTZ z8l|~l7H2V~*du~nniNl@2(lg|5i?rVB8SAN_5H>$ zVgiAo_&=mC{?!Zs{>~1t<*f2hoD5m)GKtY^0zGP{M}{OK3Zvv-%z)SH0)MScvM)nP zh=Mawpd4aDtj|tBHUcfS2n(+cOhPPM99dF9gc}A)2kX+10yh%P0D7@DUZ7ZGUQqLy*P(h4vEE~-GZMe%NH41S)morn=P%0Ko=T#h?lz>K4QY8yZ z#5kh>9Y!yJ2R$;29}{ROtqiuhB3{@cic>UV93Y<^@(I5zKg#InI-HJDFU_B8zIX1?3#&yX0~mXVUUCG=wFbcF<}G zpe`-0%;07Np^;=wft(3pP*p&qvPD$}0Z*b*5qUmJ<0^+Sn1Ep)<41BiZ4k)7B8ir< zTA~S7EsKlHG1$y<4wumEGsFw;DGdu<1FK?-9vL`LNII7CnaFjxfo0_^%sZkUp26oI7BmU0(XBAJPpRcRjQ#8D`c zj_9K5xC2S@9S#$gG1Gw{kwzs3k{0CDQj=1mvdQ%E0Fdz;Gl`5a1M)!Fn1@6>Un)ho z6;RR>mgH=70i5W(F-{5;!C=s)2y+6J7b*@GNt|BozoiMq8%{jb^NkGuVyyi~!z^9Q z_2cj#p$HRfw1ccI<`TkQK9bO8eNMsOZd8Dc z%9;Ph&MJ0T0j~@#mGF-iUN%rb4=7Wxk)DTvanjAHUQq^4N;z%MBM6q4n;D*)O~8L` zH|f#^aJE_VUb{$z$ze*7ut*|)t4*7QB!tLGz=RzzI?=o{9p*_K#*8DB(+a#?&?Zvn zB@jvyB*)MhSd!)kJTZw{77GT{k*r9WiOOOGC6k1Vf|xpGHVRmr0eQ+4fY{t_tJ1Ab zxD%MtD={WSj*uBN+hCz6koM6CjPgk`!&>YnJ!WUsPTDKN@|Y{i*%VnKoHd)m0lgv{ z6o}<%4WL%JKy8vD#5j}@D`hMfLv2wtL7D|-g(gEscwv*r8PAGh8g)R9xGXMBOdQi| zB8Z;{dD1$eJ4$Dw;j~@>@@YUI4Dt)BL_xx4w?u5rD`iT%UVw!ou8<(jLS{uUW3Y&` z8aVG#Az@bx*1Bzmg7iBx9#Fy)a#q|!NnlA-Wesb9bmEU}{0Id@;Xtt|{W1l?fr(Wh zR(Smq6h!fY3HO)y`(M0Wz(2XW3T#ZI%0yAVSIU^h354%uZ~_v#2$_O2fX^S`g%ufwN zXVL2{5NS>WX1B*c5N@+uO7ajG_wi|t@QOgf7SRjCpe!lZhxlT9EMsSIx6;JJAX|aD z5e3So_awDxHl4zAoO-3&sfI%4up)rz961N)k`@@F7%NV* zS4)L9JrRu~0w-sc=nCqV<|rEvcj8fLJZq4f4N|jDuW?F}T*4R47zMCAfOh%M2>U7! z@iz{!|A?}g=O}Cb9c3Y*!yhvSEdFT7poC1A!W4+d{yyNV`@crnKV16-xKzEwKr^HP zUIiKc9Lxp9I29D&0Zj7T7z-3QXQ0@t6%^tDP*gC+bbk}eWr6<}J$lt4ptwi>L!35a zFv}eYb=K-4oLMPph!*6{B*Hl#$q!@!2jbWI2~#ZNiFwEnt`)2DLR&f@Ce2Y;mRI?N zxnQ2cw{)k-=Oou$U6c?F|nmFkV8nh9UUhm`w)l#d=tqnvll_r{DNX!NkDM-sfLKaXM zP`h4hPblMdC>S@XxVRg0fI=36V4KG&u^Ei6SSk|@kyHfJgzeHG-xgO`_3p5fRmL0+ z7lK&wyh6JL``ij>5H%>5MIA1MRxVT~j64cwg^8a6TCh;t28l0UC}d-eSn< zTwnx!@(=n%- z%;&un&2vWp7>OCxq(T-G`rImoQfiW9f-xl?#-xHUBJ{=hD8oypV1r+3ju0EJrahp3CiaJW#X8`X|ef1 zD4r?MFsl6e7)knW(?tl*_)B?+g^vOHzQnmdjkY9At7%n@Zrc zV=QGW&Q$b;++s514xq%#32$BOzz^mNVgv{6o*7y>H?`zTXQ%GzHnU=ga+jp%3;ffX|XnllTl9n zYEy1jg#eU5Xd+R?^9;?`G7lp-YD6IF3^?@Ln5nJ3S zZ3WE^fh^4DJT9G`DsWw%JdNd9aX_C}s6!dpud~9=L@FtdT0I=2Qf2cVAsn;_A$~l9 ziPUj5BQVQtHkaL^k_m)xmLqY#%OJJFE{fxTtVW%;WI!L~(m2wAkV2!C1+-dmj?KCp zai3E`NRw8Z+>O>O)lyXar5uFtS68dCV`NyUrV?l=Wf6mPz^fseSpAB+WgNy{@6dc27sm2hB z*$QO)PYx*HpFB`6m^q|aQfsjj7&OKFo-p4*%NVybCHAK^cFbXBj2bCwEYJtO zHlDFXQy!(&3#-gdZ^VjtR7oWw!-HZYsb}>l#WGo10h<7$8pYy}41$wj27{H5U#fAN zQJX^HrakG1Gl45uP+w3flu;asxOrH}q{wqBI;zDS;k1F37!8WJODQntaW@|zvkV?h zV(JhZv5EK+z6o_gVqw5Y znuC0(z}~`c08@KWc_ys4iZp^?#Hln%%myp%jY?g4tHNt>TH{U^PYSvdQd2@o<}FSs z!$6>n2TP1$mBc8;Asw5ga4SRy4FFH!RxxRl!yFYW43H;~^`p^Du?wG+Ydm_X!$J9z z#)6IEB>sH@&`Vu_!tnpa(G34dC&2zb;c0@a?d$mrAsKpn)g z1@QQ&Wi$8+KQpu+ zf&j)&MhlP}V>H2+G@s@0JSh5e&Ss&ELL~*NFEmmXsV(rYLo6O4@c(Lv#Ulj%Uk$N% zgutsIGJyhnW8E*`76w7ACBYH|h_MDgSfHk)IGJJGVOZs`%NdWERHe)bM=T;Vg)lvo zltQ3}X9pxiG-!eZ5M-1n1yO-E#N}DWL&U3{U~7nuS(AEP8u0^MUZmyOqDi@2PeJK$;5m-{IgwH5cDV}{P*@Qu*zttL z>kZ)~#z-TShx(tu@-KqQ8KT8G!(adf<(z@`#B*W~7|W$30WV)}RRbz8sN=FDnt_p1E58z#T90kJMW1>YEo_p6o?&7C76sF z@qmDZFJ~|#C=3T^GRvu@(o~*N@D+?6iQ25nu-V8s{{4b4Ugd1W1^m}$b-dWDj=_J# zG);21ghNd^OMw5kF-?T{OH9*gF3d9rpf8yU0)|jmft+}3N`cFcXHn`!8fszEarhM} z5lMY7{gUE>#av9MggAwB2J3Ubq!{>1A!qoDW0DMES@gM(KKDx&2oM={*@RMBOvc=K zlzeG7p&-X$z)NwD(Bc2ZB1SNmsbCAGTzP}W5@vn!WJ)iO19l@CmXj)t!=v_lA*Y0Z zH9?0~>dL82zN}tt3uY7!+7=8*%qhQ8DfS!uJQ9+JuskPEdT2*dnkV&ckPSuiISruB zMsh6SHW{^`Q;^m0dwXcj67hMW;0?m5bzNNniO}*BC;$d;lep3pU8 zI?qb{0fC4RiUqj>^U&+naeg46u%M103m_4Il&*AqM^`#s8}ivuqILr}70!eVL3vnpDVTqT*5*Y!Z@X=OT$PzXg z(M%wtOT{v>e6bHuugT?;JOB%4Tn@98FVtX4F@^Xv!7QkDa3*0v8reJ~533?>uiGU> z;1C|AjDDHOEps|3DwNizn4pyl$SnzRCKwO~LutSSnT6SyLZ}HL1m{r3-6#P&lIgU@ z=7VCgm|dna#vvu9R;DZ#h)t8A*pj3*I-$d9D|9+7MLb@iSV$SfY1#n@*&r4YnL?ad z#-#*An1g9BA+&IjK*nnDN1c#~bZatvlV0!T3rr#n0cotL*(f*TpfBzsqI$2u%F{ze z9iQL;TTY`uov0ua)MPwTk)84K>>)R7v%&m$T0q;=Jj$v64>{8wlMeg8Jk07p=8+_e zF<0vUoiM4~ex=jGxD#@}9aPDKP)etW{JksF^H*1<#hOP01(|%o2w2WVh>HInA`@jq zC~H+)lTKSPk%tgECrK6vg1`w&vIRC4eVM6@V>T;c78I8JtJJoCf0)usn;0qBz5$SX z?$!)2&vU3>F9V7Tah2pRIn<;bH{%>eyj)~Z3~_0!X{X31c9GOcKx) zH1T~RyE;WCpqL<=!Xlv0AJF7NVzU+|v9Lxf*NI4-9|%!-m(1qj!#XG^Q99w2z@7>5 zDUp)#2+ckVY}1GwHZ;X%aIqb6Mk%~tnK`^6nUG;5Noh2%GV1iS;FR%2i=q~f%~*lf`C)Opiv$#C@q5; zM+!J@2-pFkD3Lbi0|A}VY)2A7TFNn6Z{8i}*%?V*NTqB77Za6$#-POn2}3EbN+0*e zqJkhPfSegICP@aINduqf6j%jDz(&LqF0U6%vZTrrBEUpKN+}ceh{Ve(qIr!u?v?l~ zVMtH)gj0XS>29^6jYm33RT?Acz9-h+G5iPc>qcovqXmR(@?;c=R#3aM443j zWF|*k6mlq&+E`ZMCxWPlmWFkvlvipJKr#;vhd`&^9H9i5%4H!yvnY>8Tu~rIhzhhU zA&0V%1hw&f0fk3~$h}O7{KKDYBpj$S7u6KleHMomoSrB?-lKT! zS`rA0!)mrb{Xn-Gvbp0R2ZF^LhmyEn1Hd7tLLN#<5UpLRR+*rfFYiE+f8O8<(?-N1 z3__-uRh#yzp>!rB!eFCND}n@oP#t#~RMI4Wd2B(hOF#K{Dr zA_D=#8nq{p(JDY?3JIFD_EglOA*~TG>-1WqO2SEmENp-!bDR|?Bi0PZSb=OJX-+x4 z0=vYhN=G!1$d-dpyF&*jU_Kl3ie&+@jF;w8akJlI6w-_!gce6xl`v$(86hSJrCfBv zfHQ$GY61-QG@S^9Vz5Zd5-=zV$oO(YT9Sg%D3jLnXnS!ei%hd_8SUVy)aaIS>VS|)$8tUoiG(#) zzd)RESkaIX#m%{#o0IBP2DL_y$o;fAXfX2wgv?6^Vmc-(io02k2a#ET#T_0)&?mrx zDz{IfkE%6lJ>dwUQnA!wlldh9(iDq{@(9Tj<<&8vKM@tdvY6Q;wgw4KCT1i-aR6uR z8o4o$1Cl10S>to))S0|f!Dl0>WSFO+$)r;Y@s$Nr!KQSJ6G6-bV?HDhW+5ot71|3{HcV=*1@|89b*G0>q>ML_uP&9CHNbgI^blP``N z0A8e&`krUFTLd8u6?kpudKM?1??X}EdZ~4zzMiK*)0zjKWlbm-u8-5M!fA9@iNVX$&r?6id|X5z<0gkT8OBUO~|ju@O#Rm+wo_uV}$XrG8r<{rmPpEZONcc11q6K)DQ{&Q<$*8$3ULIm(%J4 zb_GvkXQUBj$ZsNZ6dp_p^ID@qDR6o$9%UeqDwv8&!fYleSC&w_(+aIXruIn$Fq-qY z9e9LL0A{ts6cJ=B%B-9UN}NHfmI=5+h}G)m%P=htM`IZTlNyYwkX01bKvLQ*@M#o^ zjGpG45(%5-se&%H@CrjRrvS)`5Y(o~+5-u#kWVIIm`OQlv5s4;6Z4o z(PK`zc^P-m!1?)+g1YCZctmCn3mGcNk8xZKHR9ed?G%b*p@7e0mmBf`6=khXrOdn0wN)UGA-k5L8+Ehkq)~+hx|L-GI&z@s5@8$CR~wRQENElN+zFY$+sy| z?VFf#MfPkkExPmPau?8J>DC8CsuWt#$5mXvt&}_ybO0s5=Q&2D@3Q%TwWk;l~YE_z( z$MT#^C;*tG(MLx@371V374Jc{a7F~nzDOHki|wf5%)OU| z0T_zq|Lh1et1PcMC)@=?P%Ct*Rh-jq5WK!$6#=tGz-cFOT2vSwnhG-oGtiI+g|Ey& zeTekYNu$iIC}69GMxr*U)Fle}oVYRX$`z01&pu;-_Cr)*jzrIQgyn)+0|n+^xk&V{ zO+I1Q77vrvp@yWxUeF{clcCi_3`1#E(Eg%P;PqDjm%wBeCOvMsR8Nx>67^DnkQ7P- z#eN`7AfI+BLqQ1?*Lf9DE*CWgFkBN*A_*#_Qnz)%1@vy(u4C>6;F@N8ae(`y-xAQq;C!Hg>bd6G(* z%c3`g^{#>ddJWOE$R1EjbeWV#8PRx2*yYI@9flxHqyffh11+|g9@n`zM_f%QoEb+x zNd_27=_KXkA|84#VT)c%U^V$|FT+1Uk(n#hN z&VSGW@ZaeG;FX8}Uv$9BQ{JEJ0E;l@5Nk8VxlONJU$3Qt;F{oz>%j90YD>x@jupFg zGk-Z_movUR%>A|AX+hFKxNOoeEr3FLyFpgGae~fCqX6@gQ5&BpT^FYV;v7!-UdtN+ ze=qx|;k_Ci@c&|XuSN&_zZf3#lCcB-6=gR@Bmur5kYM6!kOKy@! zy-|KppB3fe8k_xPk##uT>1)CJ;+L926a8HP$@U)K#fs9>Z@nWDk ztU@$|%_E6okk6`fCMjRRrX(a9nL8}Qd0rl;vPAWu4g_M^h%l1MS_>-J?%^1WFOA3z zl4vliir^Lq3IyWum^uNY>L@L>%hOqlS{4)#30!Db@d{6)y(TL~`?cO&E)xcXnk+DYtqRoY^4dn-Z87Gg=jLYurL;2u4ZA(6~mbj+*4GFD*@Ky#j`He4TC1d0MG1T?cG6r;n=3{em~_e;6chke4oTjVd&1re=)kb3kfJDwDCyd0lX z@;N~i2sv>yr{}x!_OOJIB3w)_&nVIgUs#{F2vq{LGA)JW2vodpIF`$(GyY7J4~q?P zQ#zU^G!k#3Kx{moWEw`ib^zlW@rYc)Bt7aN!=zbBh_EE-s9WbE97>-~7WEMpNgfsE zP=uf2fhs2Cg*2*2j;H4bA*zC1Za^?YmU zYuE7KuK_PFz9id04$q^KSBJp7%+daHSpdR|PnUUlxQrgnGA~oBvlQ@rgY0VF)hvMb22wi3ClBlixM;z z5Q*o9buuXx3q);hNuD7H32RKk1=gyGC4)SoK&@Gs)vHezjDMFp5CV*_lVxa~m*MkB zm64am(1;>o0j*{O3Kws3w0QFfk;afsBHoW#ykklg!3tPOk+co-hT&uSl$zfd5Zr!74SbqZxzK1NE!a) z92Pw+w)vcxUC#IA_%^*T8wq>=C3>4wfe0x1YxGuS$)gq=!d^vh^=4~KMTH<0ros!- z{wFZQ;b2JSv`IOq`T0humssX5b{yn^Vn%61UT!$azbM2Jw)hXE2yKBsxBQFzntb=fDv&*hh$~Rn1qh1!q#}wjTOvwZ8pS2c&I9aCwQKahftgRZj(+CvSyWH z508;jd3T&hk_Nvg7)x4=aZN<41$6)%av8G>8x9#YPO}kBnNm@mJ0%K)NxO@6=`>1B zDy@xpv^JgCCgXBB!XC@hVKMEA_#heKF93y1qYpbshbU_Sc=;UTPQnU(h7YHd0t1uA zWkSA3;L^+dN{nmQ2jm7E;(0(Vi3$x)9PuI6xCTq)Qfirrr%hO_3Yk~ogCa4xPK~8d zGUmffc|W5PK=B9;D`{Bl_oyr|tpil@fYuXbYO~o~ zT#%A#QeL%!^*Ws{g~Dm!g$*iqN|%#`GNjQ$6K=lG7x(G_fjaKZpg98+Fu0;odnkz5 zSVxGnQ5hr<%|sD(f=Ie)gF|nS%3)>Fh43;Sj8v!@&VeNHNG9yfgK3LG@AC(EfFKcx zOO){tCtzY|8le>?httm!%H0MxEKG|uYM4zzFo`of67%~KYNIq^K@Lz8r$z8Ts(iEX-e?q^KE2`cM;Us@pW%cB111;%#6+;mPgaHyzSg{$I8S`{|2Y~j3R`*$aQcvTc|Jx&gpG^r8pw9dCc9g=t_w>|{#U6)!q*I5j9GLU?sW%46wqr0)X53Kh>D6c(+O zyVUo7LsE-NYra+rJ<%wvO`&#-q|CG?4FkGBGDAEL{WT_S9u4(STX7~>=_mhs>qfFu z$}2OFJ2FX$TluG&dd*AaJ0kwbYz=~~q1;)%ss~57pRk=Te8`%+N5dC=h`H%%!65N= z#e5F4+r{iuu3-(Ysy3Z+`e?97-sv(kNPSu?dEs(iD74ZUpHUB(P`M-Ed`Nm~Ww2e( zJq32LdUFKj#8o?o)%7Z!p)@_Ccf;=wCU)BDoi(LU`N=~?1{S>;a0K|H9_@TH znR`fUzLtC8sW!SGT8stvr$G;Z&v&`4E{Ygm&Xo%ZSTze-i`;!WIIQK@Y64Zho zh*c!KyYUqj{^&E~KHnD4)sawtEgk%=aUi=Y>vxa1LO9`w4SlOl|2T)M`CYczcXOey zslpiWC316q_`-d>;?S=i2I8SPHLQF6nuqEiICuW2uoBtzNuM{zf#j2fY^f`2elNWm zoO9^VQ_$)&%xiurzY-G2DkA<%waYuPe{^pAq|5y1+}K;lE&uj88B&-Vyc^K*ktd4}RVX@`5?)@W z&H&&`2Ft>GW#m;^i7?`*K*m1?jFL%M-MTZGN=2n2R(>;U{c7<_=1j$w&rF3={h>o7 z%+usmHkSDbWNL8(32Jn4+dkRJl1#7QYn!g_`(R>Wh2kroN4+jT+{Y_zp28TXT}8?I zgV;)uA#4~`)n(_xT5SN0l6-09t(louxgwV-EgvPtksaw^2&~Pagj^K;8NP@jv)+fk z(Gz1(-Do@9BX;BC%KjDs0{`R`{EsN`3j;E*xG*1Pw3i5RiAjKVxkXfY7s)T_pND|= z2!UY?&f38DA555WpuUFN(?$wW#Ed9RArg-tz+0;Zg=7+cA&jTE9Wzthk=!FdN`e;y zX{KkokaL!@x6dgwE?YAnfa7D4H-4-Ys>_Y8@8EIJFmMDgjhv>d8*~mDNi2!gPT&Wt zGv=Z`wz)XZ7IVf`j6e$-MFe8g%WXzT_!!f2?&ai&?uK4yBoB~XHuXDwk@Hs?*`lILS=Um|XE}HE9?vMT!w}D@Q`=8XKvYQj8cvf;Q(=^AM7w+Y(!@x@Z}PO+rtAr9Uf!3gnq zitk}Z@6VzE3B>Q6^V=+1thA3u!M(kwF^|E`mj;WrOE>aJrGN!Jx?r5W*q6e4G>Oy6-F_!l4-R#h#)4sqzqCcu4<$bJ97M;e~GKgV&(^0U4HoK<@_Qcbi4crTpJ zedfL!ENovRa2c50y_YL@65Q*}v0hzjXJsF@ZW>O|Bb<}L&Fw*?38j=HblQMx`&cT; zWuy{gI=A1*9ETZYL9f;GB91-PuNdLJ=W#jSEQB_eGa)9)KLq}f->k0Jr~u`B{W)X3 zy8;~6*Bi~`w2|ev?&7}k@nRMbN<>Z*akVW9k1KSDpe}N7(;0Xyg4=$(W?OpToj@4b zC~WkOoNRiLfkC;L&FaZ-y$@wdHs79gz1!RdksK*JYk!iP!gx|Lbysd1`d03~#odpY z%Cje#F$&zOLs)gtix}t#cpwg@byh0H0vzS;k{z}8vd1%MTlB*3pnnGBb~?VxM>_rY z5dEJ+JMlUDnA5+7_Llj76592H!oEYh+WhX1e#+?iW0(j2N}vBDn2+)wFc18dKL2-N z9{3ru{~YG0PpbP@m_MZ7!~7@1sr~pvtAAV!^G~$x@a#nx=M15-Rw zBUDUSPcDgQKU?Is4gOdz$dh))<1)3^?S%_bxWv^QHew@q?_1ML+Uj177$^kOU6C}U z`5Z^D808nR>`Ww6JMYe$L+YWIzvTh@k`BB&K2j zip00WlBI=JNEsjL{V~k1Bv`aNjx(lyRY_9732v@;Op!#> zgP3c)sX-Z=O1bm^SCx_8fMm27qY67qq6tlgz8 zqcreEJs+!llwv;?vppO;8}UD^oq<0(zR_MW`$W2@zO`Ajt75WZ#hxK7%3VUO7c_*P zX(b|a^zn$}6XTLTDayNH0H^9^4p4-q)qVLC)SU_93(-Rb%Xlq_RpZuq=xgm8Tj7mZhv$38cG1yuIaj)eW>3_&Uru3Ga2QP*##jo+{R=}3MZ2=E_`9(tZMXmR~J4hqm{ypvcrU+RXUTMm=@V)7`(LG+H^ah~yRl2%? z=wQBBs**%iIjC?X-h3!guaH(TWUgVTv$rs)30JK{C8XSz?D2+e&E+_12;YJt#}BA3 zfXQtH%S|By=^^&fXzjE`Ga25yX3(R=cgNzL$qD7(k{i|K51d16m{#2C#7DVtmLSt_ z|L=c_Z(2I9{aBY>{@=p4jJ>hCb-1k!{c&^R|1!SmQDC8`avEbF>;3@W@?GP8#kVil z{_FVm`;q)R_%@4Ofo9(S0|UI>qxXHVVluI-%kUuc)1c@Ahi5 zfKZ})C_$?;?QD^X)3M>{rHV%teZZEM!%fkX+EU=mTzMAGz2fj4U6ctQyC#M+$A2VC zT;H{^9a9l_iVsz2K&&fK`~|Bcs?3NnXs4PfRpBL8f@Zx&TgF?HT@pV~-lf%gwxyV? zz42sLtbIVC1$8k}bMF*$=UAj0w9E8*KOob4V13w4IL(GwSWLs<{UVusL$fDZ_7>H;=79Dot~8Zn)=r^uUdC&rf3yft|W z<^4)~VU6z=Mqa&Yznv0v%sCeko<4#Cz7)l%kJ^;XKrK{) z>yg$=mE@V2a?RFz{d`^eW+BI|!fKAu9$a^okW+Zx(wsg960)~vLf3dSdL(d(xOYDC z;9W8jj?K2d$^_?N>Z8AFVgXfj56g zwGXHPUr^1Vj<2fC{0-HA^-T*~`0tp9V=}1j^S- zJYAjb+Kxwf6G*&g)E6p3xsPAx1WX;oiPpHSjH)>!4R7uMTBb~iC!eyY&<&i0_PuuI zg$HXF%?fjKc&Se%Su(22y)4YPLf)GT^s+*tjI=#|^(i(+U{$3S_wWELE7e_V#A^=u z(gvlwsB==1;;+V|4@xcV9kHqtQp=cZH?X_NV0|04(VlKb5lg!S3O(h`1ms2D1c1a) zpOJ=wuAfCYm&ZMhTVi>Iy{67ogsW;kyg`U}q7)NUbCXFgdvmJIVSD85P5VUHLNyC#=Yc;P)z$Kl?)K8b*7MrB`6|L`X*T<;flvC z#cSR(W70J2=aLka0^KH369F4kL{I?jmk{wCD>cT;Ojq;4_;olhQg+Owzk9auUgk}u zq>SJsw^NBrZ$eKV%FBprDWdHN8(W|&fG;a8RGaA4_4)a)C?(+{GttM@CtEy_1eLj( zm^m?fG~6lv;2HrdHgU|ds~F$mj`bZ0oro=uy$}N~iOHw?;YUmoz1?aqXc8Q3*^tNL zPKq)LbGn(b*O`AKbOJenzH(4gD>H$zYkg03sx&3{j=I^6- z^!#2!Rh;XVbp3HSX^%ZQ*owF6=j2V`Z!_e7+1+KR?};k+!-F6*tgkpGAFqYp-+)>g z;siCZ8*PXz!q}^M@*Ek!?mI>;Jr^zI78aVQ1^>egh}S)XFl?ysNQaydgWHezsDYx&~v0 z(Kp@SAMb(9EA0;8cQ_>BSPd%>H^=*f;Wkid-8SH~Gu)A`+3RFx8_^aT(fi3>FFs?c z@+qGwt9(72S$kr5146pa;WnUP+B(GTBf*~}yTRa=7vkh$9S*ailyne-yuDY?7~Y=6HOClI=V41m`a76at28}i^uY@|iHoA^DxC5pLRTfPR% zWH)d4fWEGMMqjP>c+>VvQ})h*Ual+>bA5lm)z`fB0DAVlePQcnnQ!EvatjC_xQ$v* zrwg#%Ne~vx%qy5ew28f8Z?&Z+P!sz>)US}j!c{;ho+zg3(sMZ=Zi5i^esj<@l=I** z(qq+KXu_6Jk9s!U{A%_Z?B{6wG)y;1Ls8x*vcK>(y}S8{xl>((D;x-{E_f=ZcVwZOp10P}{F_9TKcL}{ zVdQ_B|4&~&bR7D>ZKOz#rkoy^v@zFv9*Q42J}T&3yXtEF1qlLwNX5UU*SK3_J{CoZE{Nv4lFYoqK z$pW>mf$2wW97ywbzjjxUn#6D5#Qx&B_@|bNz&B4tP35i$7eNdpbC{Mqa6^*ty>K6g zuN>Vyde8^jc*d)Or`5*arW=5z&d1YRsjGIR3nrBh6VPrtIZe=n)mh0eQMEA8qM#M) zkZ*{=t={3hJ;vOpQxx|ms8sFPt?Mv1^8T-uiU3X9@whkmO0%$LN0v%4O#H?uI3|39 z`IF|-e^3ufSCkC=;;GnC3|&(d72GpjC^^8mnzg1==*aqZZX1*E8e4A*^vIJDNgKjC85JjjkC@A1VIlq6X5!N7bU zTq0u#v2aSShz`!7pe3uU0_oqGsHWq5u8A)zBz=Al#s9LY=ij%C`5Y9z^zVy=p;?Fe zL%R>*R|~CAS&F!d-|~_Gc5A$(ZSXUueV}>ocFft~UPD7anV#!t?!Tr=J=i_JW+Imp3(=PD+EbH4*R_^W?tyI4`U*A8@ z*Pq7`K5PH)oUecT0Gadi`|){vUAk5i{j^8$Ya8ZY6*cfLZI~}J*`qSPz8Q%VGdNy3 z{pw>BO$@UH!xs{s<_R7J*8|6ak=rm#kt7FssG{ybbE$&ZOADT9o^fkoTh2uzvu<`( z+@RdC?Y-(n?ncnKqB?<*+;Gg;;KcJ^sb6N}@j@zByhf39yGejV>{HUojKI)43f@cn zsT5Dajo$VvO*hY_>33ir?d;hVcP(B7sWSCg6_R?}kRrNa)>E##w|M?mxB{7O&e_GE z0&wy>f}NpcRBKm4oqHhFOz}o8j0#?_X#>|F?9)1yyFKAH7z-`9txaz*P#pa+f&!UC zz~k*h=J__%!fPo@TYqOa@>!$qEimi_7}2**z#Gz*ggpbdnMP$ zxOSunRruQ;*~N3&*}7LiWoPOADpin9qzv=KOm8Zu@gAGr-ad53g@jBI$q!;~zVa~+ zFwy8W-iq8~BKqa`7tBQ=c?7Sc0RycKbA>oIX5Ix)N_>;oE^O2GCXtpoGLs&H%2D?U~#Mec4+^{ z&WqVEfb}t6v_D-jzNPs~fOke99>nR2dt%0KC)x@_J%4L^Z1=1D4SSe7=X#Jv|0pH= z36FuFeVKoCp8nMNsLW&681?vC??ZiqSNEIq^zTOt{Lyg#)6oKdG~7QL?LV>F1-^Bk zS+h>Q4wUX_6z`mKu_PK1NpasM{fsUyH;}j-V}RIUE+z6)g?mho zO~lHBM8Vbf3HCCnnf!=tpz#(j@CfXnYm`T>5&3w#vgqNsC{iPhcXz+>0dv-R z*D66zdR;7*$L-{rFKzQ6#sWPa*d*Wx(-Z~CjIOJP&L->id`4P?&<(ra>qqKe-m`I- z_m>v}4wPgd0%LwAvtlDJ%VQ{KbPBC8{S9JL{W=_|cH!^t zkrCQ>fjRBoKe`gU3RAcW;|?jO%*oCSAoCf_REq}rTdPWA0WL`$p6yAgL!@cvjP7m%ZYye0+_PPu#I~E(QxlC9uB_+AL?ojX< z1|GWit?%LQudTtaoe1oP`Zc$T`#9~N68mf4Lr%j!QZYHTs0rPcQ&+pz@9Z}wNBGu_ z5%`GCkEde{-@Nv|aj-pB0~3X`vR!2VtxZTn z#%(0-eehf$rb-}yGYPz za9<6+JgPAshNnAI^Szy5F0ai(qhF_%9d{}AwJ$8s(ayQ*tXYr)y&m~ZrlvB+Wiqfv+2(_7O5Ba3Z4xe6*s^Xg)4(SCf#6V zf;o&oiFp4cI{rN!0zc&tsrpM}N2TGWN9tr#uH0)Si}e0MG|hBZUQ&RJvOV}|+TVoj zIdG3&+L&sz4<77hnXQ2364u>q3NHQL9+P4tw_Upk!j0NHI^m$>h9kPePg@Cbe&_P{}MoJ{NGUhBvRKObRR+~x~X zmA##hybQ`~D`*D&qLL+%z3?O^3O#mhy1DoZm^+JS+ub56$0MYdg+Vr0Gu#fl^_|R> zhNLfJrnSBocNan&vDVEln%Cc7xucZLB0TKYddD`D<_HP2Z!Zv6N)WBb#jZMwc57uI zLNt%PXC?PX(6fCeKS>FksIiC8zuf$K%yCmrU-V?!%|8R>Uk3R9uwVQKDDfZ4QuNl| zY9NKZ-u^hJDE`&l%{vLNqEz6!yBqDoL&9^*FD}}2hQ| z>EfRb|DTQ?_$R~vr=thHMecuj7WVT|*lw;L^Qq}kCO*z}Lo-~$BcxBUFnLKA~c@Wl*>#DcW=2r6b(t~F)}qVfh| zig043dv3yu%@@t_gzkx8hkeV_L>c3ou^?QM-Wq_-!rTD3MABDw+*sJTn4M*l%Ds$k9GbDH1z;}yW2%yk3)E~U}DA{bc;J1~1 z8TMdYt-DaFu2;D1)kJg^&e%1YwJZ0=Rld8G@R6Dsyghg(czI9G)nfYNt3l6YB*F7l z^79ol1#g91Y=k(FC^KvZmFtvr*~$0r&8IYu>V1QvxRBDIriYqu8NE zOPmoxdK7D;)_1B(%s(|U`K9^1JC~w9m08LsGf-w4p$m6+H^sX)Q~&7P?6(4MN=Z>! zSowQvySoVZdiX4jha0hFi*UKj)Hg?a-eBSB%ycD)xr4pnCq(d-veXP@K_vlIlU6CE z)=qp1CPYH9N0Yx^A_Pd02D>xfbupwD*T#PM=VwgU&r=x0vhRZ=1I9?k9De^O9wDvm zAa!jIkN_8IbsiuOA+C8wGgh<88z7_7J(lkne-_6ytRmkF!j*`6{ z!o>z!nKI?zOHA9pSkk5Hwi^pMuR1`5LOpYFL~5-EwY}+}-n& zEtQF;5Q`&heZZ-SaqvB-rKW(^2YrYw;xrkAWy$oqUgA4&-S;4Xu4k0s;Fof*5Fv~g z7TI+cOuzybL!oZ3Z-ab2?=ddi4LcZpEP-TZp61&Xx!@JOtT{g#}!P`mcA zkohz?gTJS<{O;Q7RKMqbr@n21^VJjXbCAce5)Ax!H&2~)CqGmtJk&!(e>v5=KZ9od zY8CsHG|}ObFf?O_LT1LTW)84jiY>qUJ)GP`GuxA&VnW|#x(CDfs7Ps+0r5H}41_q&tIUsJT5e5E$Kyj= z&MB7l)0ID}_THqCkzNa2HeiNMo+Y?KCk(y>it@NC+~=gUc3Un2hsE{qqZ!=^Wv%}5 zm@^~vP&LIP^VEYE2d%1f=8P$}_A;An1Ec44%;XZx-YC~vZ5)x38!I1U*bboU;R5?R z>?G=O<%Kawh@qu!JG{Y)amQlHldXHEWO$E;bWK;ULZ~m3igtx%8yBZM45_F|fsBxM z0JyIcfaIAnaXQdE?Rw*kYv_tXq$WXv&8kkp)foW2wSFldYp;>^Cmm|g@J?jx=UWIi zxD0O@iAKT%s2~9+iM6PFmF`;DPJ)-FgeizpS)9Sk)$upu_gi*9%ZOaO&I%frUso37720jX@9LKo<@r`stP@MmBq z3N^mX$$v%yD^`c-v4g4(dGR9o*M`n|v#gDVu~&!{fqoJu;hB&Qk@yx#x%b=H?xROM zQH&N~oY{z2)uVVdu$VS|GC%pZ2eYYsJR5R4VE#?m?1)hh=6bV%_;q;`1%{8gB$vfw ze7^C?6YE-GZ~(F z#+M}0`-(j-w=NycU6eO)K^W1#D!8ylBQ@GX@D)#s~ zNaXA2@qKC;2cUR37Zh3?>7YR(ne=4{9GfIND4qwbTQLBWrjW zFHBZ1!-XtRgNq%1-9^Y)M!8yuy0?M5vppXV8BDYBULg7Ne);rmTzNe$va^HJV{{~N^|3AXh`(N>NmBTvs z3r~N&_J7UO>VL@7auDAK*LQW@yEXXpS)IW|_eyRSjV#nXo;~plTP*>Yq+1v%drZDZ zFMXC~Sg)l*Ua!V8$zOW?P_+5VrmY@xtoN9*Lp}9!&p}F{(*eErEBQcK4Sn>ERayWx zUOe{=Z%ROc*cttoi?Pbo8+s09QC^?kRQ1k9d4ST9>f)mJ&OW|FWg_RJW0;&1S`V@v za%R9LEdU~GpYMVbq-Jtjd46*JYt^>1!15b>>A4%1f z@xd;-Np+ldy{`Hi0Z|{?xCHN9q1En`4%&8*dBw~Hoj*zWL>iQGD1F&TN5gG0@<7Vh zY@}VuMD4X^bvKSX9Dh=7jwt}h_P}6r?Nj6pcNcY8-CH0Rr*c-u9>2ijYscemNA5}P zxNgonii7YMfw-X{c^BenB#1iS-YMD3sRvx*tS#+xK8P!n=whXiwau42=0)85j&T@o z?z1W8%0riMC?~?0Es4BPF_xQfP zHyxL)Rf!5)=6$U^6+Xb}TG{3zbMNQ7_qmrPYWp$NsC4HLm>>gm3h3#mo>z z<)p2pbMWvs@=(kJCM0D>&I&GUJ);0c%T6!a#)^f#VYqvCFH8_Fg(=oC8x{O}H%CV& z`%T~vi<8#s%CANcP6ai*#v2gnmJDN@L&bSs^7tcw?338sj-_4{DHeY3TeX9PU9p)wubW0UuhOVB;&7VW<45?`*Dd9jj4g`?fU7lIC!(d%EQrrE!&^6|#whgy zv!r*i=wuO;ULnTaH?-t&)F2bTV(Ekt4+$Qusm=KnMs-#Vk|hV+$WgK)8Ce^w>N*e| zL5SXJ8@bJsS763?JKjJtkay&9qfj@H?0LLV-poRfO{&R!nvs&ey%@$|QXth2@m9ks zKjU{ft7v~7XJQGvU@1;Qf*x*M^e@P%AaQlD!Nt@J8AOG{!k@_o7e;R%|;w;r~i{wmz>|MpuF>BnKf$3ES^e>!ed zRe>|-FTFcGtqFJfyYuvS%KuKbKN9YMPmb${>UGCOzGj4|U-Djm?nVB0kN5rQfd9th zeSbROfAe_1W{?1X-mUpgJ|kldOX)4iM4oo>lqF~+Y5sM-9NLXlavUv1ufdbHF`tgP z%K$kW#>24e`B^%&uJJ|3(RTS><#O{VG7?vi!gL+o17^Kg%I+9GKROenz28(W!MSb; zHrZXdf#1`NmA*Wwi*v>z94Mi#;?O6aSIlu)a0o}4k2M+fP(5V+EJS#K6E7U ztlCn*Vnmm5c$YLth;VGyy}YwYAAnM344PSGJ4#JhGkGa)K@THcKP{J~hO8C{y?^h=^6Y-2Efox)ypsin0Og`WOjiIiSZrEeE zim`y^R>WMm2CshHOeJCG4&H#C^I!9E;dc?<$MjXSxd^Wx^0 zHyxv^k3x9fz6nEzvDHt90+(G_@awCfJ|zQLp08FiJt*}C&}8tty@!^{69r&Ef?%x_ z3}=Bu!X}tIC*%09cmi*xktSn83ZhtN%Aww9HBus8SIc)^r+kIQ(_)PbXW^Nv>5JGl zKuV^i5ykvrh^=;qU-f{*{7kLa2G(hX&dQwzpEs6lLdCL%o-l;+n&5)T_;#7n*TESK zX5dWM|CEK&nWz*2h4w^3yk_fNC3;oh;-r|1lY6YAS z$12}y1HQx3?^~dpNW)2<3;$;0m3)c0sN+jN0Y?1R0fkC|uT5J%hn=5(TPm#m*0kk! z*Zyu)pFsitol*Tey;d}RwZB`M;hfDHqh(B`gbxGZzn&b*SY_>3se9WxIS0n^wSQgT1Pht=;%LDg{%(fs0M?(QL zM<&^{S6jIZCQU?I@A$T%+d^gW;@zPKj@RvCe7g)e1Xgpg9)>`Lq_x{d|9Iihn+v6E zQxrkr-+&xZ^6mvHL+TK}z=GxtG7)VDeHYBv2&pXLQhOOq8$YQH_wpKTFx$6q8SJ@L zV@J|uCKD|1dbf!K7{H=)UyCPzG;hphz21g+b9f48%ecd=;Zk%@M9^;e@>um>I}Lq3gUe`9P*hP6RgtH90nalr!V}&q9!&pM5Nmj}UiEQx22vZVmEh}KQ(CNf z-bu!(;LobCJx_BbM_j+oF?UzLaqH)rx_|jM{pJ75&pEsJDaWrT=YW4Ksn0Jh1TO9S z#u%=}8OZP5pw3Ys3G(gWz1@ZfYOW?u(>-&>1BPEfPl3XfokXALV~OrC^i>vMOB9&z z5S1ncG3V#kwEOJw86`(nUseKqJA(7Z!69Xzl>q2ARz2GF&rK=>FhCAQL~;9(*&Ln= zjLy;0P|~&+vL-z$%Am4f;;K>$AOfzbinpri8GApnU+^x~q#J)~aSJ4U8SvaP-MgGKVj2CJ0r zHiM&`jYrMb6|y=J25;eo58Q?z)XV)UA9weqna(woSPytQFn!t8jDHjpew7?rPHN{a zX;rx6M>8J;Z@DgyS{)Y<@k2${>wYstzm3WdWyU)JH^*goCOq#60()PC?8PxherAMyn2{S&JA zCv0JU*kb=3TR?xv7992OvxQty{dZgz-M`0W%M0_bGxA59ukY;Ot{M~l!Wdt#{eOF8 z|Aq~v)NKW0txE}_s(jbq!O9*4R=%Z<%!kYd(tPNeDwoKD)*D+o+VDg*8|~<9jUKy< zRzps`nUx%6ZUV^&liX##sauWoIVdN&aet~1>KJf13k7gk-9QwD;c(@0EeN0CCeNR9 zd{NCXqKQf+WVj5TI-^{ohM$}Ux!L^%k6xyua_N@GOfuhv1tk;E0SG_b^6SAr99wXT z>@{8&tFkuVjIX5zU(s8EMvx6@3es2ufwe>5DR!47!Y;x`TflN;v! zdrEbbdDmD$R)X%|rr=!!_xX(YZ$fT@g3N@>ZMJhnx)J^CG|_$VaOD-6K?u4iD_w?V zOi>JgVF8Wt@1A5QYuM(8HS&MN8k+8w^;WWbA1TxR1|I!DYI7P3+SdIUYoO*2*6>c& zuus+ydXZ<(|LCG4r%y*vy}Z4Fh;R1D*PsNIFs1#Dz2=g%9;85;Zu~aS8nybm$NV9I zZ~M;YHR=m{m=N21dXw&77{Uubzc?v`!W8yKTKDe-nIDSzGMOjyWEIOHtKa$Q1yb{D z$uIe^A2;qP{#1Cfac;@+3)7PEmXD1-q5hS8_4os7jL9MFZ?U^T4o zX-6Nho6HOo9mNRJ4c~IHITM7WymzXX+><4%2-WnWMqznlAI~G5APndxd9DPuxHZE# zlDC`F`0uH=8cuAn=WTka31RdIY9vtUs&(|nP+sljnB|>^aLYCBZZG^ZII;j~0)W!y z1(Bm&tY`C#L_%){QQjaK6TUBLZ4o!2v0z9g2U4e@3nMv17jHw#L!!c9tTbOnri|FD zE-gf<~`E_SW~i=jbIoE_es$^gw9v zfjY`d_1<#TN{jafR&u{myYT9^WK%f%FFlw~wqVMs%)fGoh5XwM)VcTrcrgE4Q%Ola zAz)d{iL3sYD8yf?DmCR}H3|IWHFNXHZkEL7-&k6xhghfY>+8pyM7v5qjZtL~(RF+!5X%Y!$O<+J*JBSlH zNlhn*@cw;+(wyaZb~Xci+R&%I!<-AkxDD|1#QJT;?+*u`H$88ahb0r4@7=arS7g?{ z2VhZOYo!U*ltog?l3N*n(2R+_&!8`S*QoqkJA&mYBM>7~43i?>)8&bMCrKd5Jndt!TR7N%R3y z09BKXDHIP2X2cc@&(QH*TXK;U(O9C*=xvu8xA;iG7|G3aYw8qLH>|XrD$|BLe1EYm z0R??;DtHNS#U;a-N5%#QQBy->;-Z!rIZt`+ktLM27!EwXyt{|42peuhFqupjZdmsR zg`>bfEL;Cw7vnkVt|M`G$yCkZ{52mn<_~8q1DFf+CvnLMNB8j5(o7dQhM2cR)X@)| zM~8OG1tewWAt*1e3q)YDs)usRsla?U?XrXC6X(!Q31n>CQ|XGS{G%M+!AQYJs3)Pf zpU}+rEsB7hR%OJtq-Or;!dJ%kgEPz}fjFKAOqRgCO#PE&j1`hv1|30@g=CjtKSjg= zYV|3A)QdGit*w*lzzlWLyr0FwyxBAIz9x!UB^QQ-2q^`g78o^gIg#^NYz{|&B*#yr ze2WOH^psvA5q+(3IR?|lR{A+-U+){~(>}4$kMd@o?6@;NV(L5L-vGG2&>6EWm8G4e z^&VA?c{uTfgOj*%xOv;te0wkXm9EQzUz8U#pG(5aUW`%-PxRna(2K!jE}17*_|Ci5Q}!rZrt?LL4WUcQY=&xbgU{*7+xId;7hB z(G7xuWfsx=C>)&$i32$X(4Tb3m{^=8Q5bRQR6G}WbuGd-cL`Be-6N7k@Vx6gA53}{ zgm28qW4ZA-0|8*_M|Bn55Jxb4x;*3FOfN52wr>bkHlXRA|4y7Pp{foghkGDcAbJr{ zeL7UV!Tp$|p z79~b7@Q?XffX)DpPJRS%Vle6GP-~Y#r~c4;(5!wdRi)NdGF^@F8i@vMuit*DRW)s> zp-o8hRTEn8KX%}(Z`XcpdiTu|#Gzo|OMv!qs6L*bpzZi(3G(Bb%8DEN#kJ#G6FiqY zl~rV$ZWEtmYJS5E_P(wH;Ii}AVOFfBQa`dh*l*W$pzb>S=@WM^W<>irygPB7xcqVS2^3LciycvNzHS0xW(f`-h@X z1g;u|N);L@+bUCu`Pk!5+VSkZ-A$!6^^X4eL)5sdN3vB02oS|1>}_nr(8 z$6JsDt(ofn$I3JOw3U-(zU%Q6r|N41*{_9&uZ%brqe$IWnX|nNWR@cz+V06wihnIf z42oCNjR2^@Vp%$il~D@ncTu3m z8#l)NV~wvjUT3Kn!vp?uvY$q-<4b3xbo4hY6>2==%f3GvghE*c4~+IYaL>44NM2NE zIZNUe%BrCIMs!WwluE+@&~7qO$!#=fh`G zJk9Zy`VmsHQ)|bas(I^&{v5evA6JDn!F23ecUR0&#nY6vG)l9?H*~lD_qR?BpK$4IcVh^{m(hIHNvDrEfpK6I~SAkMJ@< zwBvEdiV)EdrS*mziqm9a z){RWtQ^(69AMb@mn|2itDvxMLmtCFT zo?;d6pX(fr-zkft0Mn#lN-(KprFV+2spx!4iZ>~dqHBtGKR=nz&qq!}Uw(gvZWOOl zp?NBu^WV3XUZ^`oxj9_`lnzm8PUW8)MCRw`dcN@d$+DEWo;Tvc^M+La`FFI^4aHxn zaQ)nn{rL^u&rcxy+?l^o2}Qpt{y`DuIkNMe(l0ku&o?+ne2zRe>Gm^{^Yz7NWUy2!a=D$3`8Ou{lNU0RHQ4C9ICWTO}OUWkn zF>mn&1pK^n{$(bYSaZ(oHuksXoaJ-uU*G1(q?>P$1XbVRPi_nmf36BtD&k=H zG6+ER$T|wdZ~GsAD0PGH9WFn8C~|ZA@`on>WBL6{cQWpW#FZW!HC(!jt9ABCc-Xxa z2zTwH`EF>>K?{?o+&~D7U`$TiSAFX`^ENyOhJaYWB3lq4+yNQh(fDd3_^IAh$$-!2 z>MvBRS%xEXgLhNOtt{~z1@BpSx1of%<*u~fhlq79${fM3cGH0HoQt-rxgj~0hcdL7 zOR{P6j^dsjP3>cI$(}LHArfwBWenI->V=g9^^~AE&pY^&C|a2({gnu>B+%VQih1T_ zw5T^GLA{1M%IoU^^Q%db6&Y9Qz`Q+B65@`YP8E2qA?iMlk_5jy7NZ}S;U0bC&8SXE zfMbK3)J)yeq@<0PP}wZ9u4$*a!{-h*S1~teq2ubyyT0CsFhot!9q)!h7i&5Qh{imx zotc(1Qurt^-HoS=R}ND80+AM;#UkRV2*5%buA}kLy}H)nN^RiYGR=0)*#dgO34XhE zcX|-${GI!7i(Oeu!3sdck72NFl@0H%|B}na?dVZclCrCpCD$8 zq`%4*{@ZP-FDbD5k4DjVM!EiB*{}Pn3m*6QNqF`Sa4K%v_MWs;!i@Q|^4wJ6w|ran zq0;^L9`laJJwIDf-*Ri#AEyR@>3q|`6@{qPW7R70svg?U5_r=b7t@?m=5p*W8)eqH zT*Q_AVL!Gu?x}|Z)4k3n#QxO8W^!own@`MnU0|sA$2Jsf1?RQgLbi9O{1O}E@mF}fW23)SuYd40+9j+c*JtMn3l}Ml(LuSQPUtb*TTILI0J~{Pecxo40@Kjae6j4+g zA}r#(G=4rv5}0;mN}_w&#EO29uRFFrAU;Zl<<7t40B>~#*JZaaqOQ)Sn-1UoEQM!N zu-@tmS;A677$r|aqo*zduuI?^b@^#v|OI|U^nZPr?f1Dwevs7@{^m74y;TbgZv%ZG_V?dn0 zSJPi(JO>^e-;vNJXpdZh_na&PA$nCBjTdH;+)v);w>ux;S?o=@IfErMk8CDAl`3KS zbCxfIU$d?GvWM5y0ZK7wc>=PqK&7Lbffx7nR6%B69u{}Mvog{)!vhtycjbVMxXkNz zg<)J~2++N5xX%gr+tBp&A{$o~xOpk>OpQlwhl|J_Nq55=e%?&<%ITu-Z}Y+iY2>FpJY_0i^x%FCyD0}QsgvMlSuE0(yg!}>xF6RVjcBw{@~fBG zovGiR7y))=lae>i3h7IV#b+bH9622+qD&Mw;C2^Q=$YEu_{TO z^@r&fFlNRjqikYlmgCEB5n37?{$5ebbtE*as`EL0mn0J7IwFm`0Z?Qv-_DrO8X+uP zd>=ooian=NlkqbFULHADh`764@z$U4Y^UZV5Us48*60!~=}?v;!QR}3VP9wqlvl^^ zCS}aGGKXEK9*NL?a~erq)E^+mnM>&K~n`KRP7ZcnvaEtuag% zlzIbLq2zhAt2V>fY01sUQonDCic`FN!K$#ndMUnbxcPi~nSptQd}E0t^^cerOsk9s z(US%xot6!pQQ&xm_-v|&gC-URZ!YDbN@_R~qg)KOzXpn}^^Km6msh*XYhuzW^w){N zX;a2_-=$;xoqqr44gZIIFF5@ZHtqNCBy3TV4{|RCRqA9*kM{m}zmy~T!|nj9cCfBW zi(hRs?)j>Gl2&7%a}wkf<1PDB2CS-bjnyQ4Q@99u>Sd|;VUu=J-5G{{%hi2sC&ymD zm}7qSpT6emieE1NxK>f~9@vj=HIvLlXE10p zp?g(|e=l)NoL?&ipu7hY_dyG8yg=G?BVYO6I&ewE+?5;X3(h?RTYp63NOBRuqWl`Z zE;E6R0>XeWe%=NQA_7yY9-e)iCbU4OZtHeZYjjVtSxc+*H`72G_0(@j#tT0D5JD%S8@jaRIS}+=*GihZM4j zY!7+4ZlCko+Z&Y&ns(v3$4vMjMMCWvB>6<(R|2dSFjs++-@j3SgEH4K1iK7s&~cFP z#S5uk5H`qNnX4*Df_ONUi#m-HAKK@P8=DT!pk}F^olI<1b&?i>feMQ0B%t@J(iPQZ zIwAdb#QAu?)CnToU9-lFes-2*?vQzNmLQ6>0cJ3p$0x5u%Nkf-3*b;zFt zkh>v5i^(%}0->>2Vv^NBOT9xNtcRaoV!WW66dlbB1CROMqdIz5T6n=^BAcd$wHsI+ z{MlLAf_VVWDiiD=zQftP#IAN@p2^J@T)LFtkgMP6a*82qF4fDQDD)y?lVtf)VVN7YF7J zTm69-Bkc1XS;SRywr;#IO(ZEjiNpEPO0ZKo=8!*HMXSxs2ZrP# zw*GtG=&pT1pDhUQt)|jqKl017r&?+chbxmHWJx>M?YU}n`V5ggjlqL)!uZM_)H`rP z?fh6hfX9c38JkCCM&cOQLU7A&>KV1LpdyGSo?hvzc74!d)mVTcwFH*Jr(u7VBDBT3UzYJ-lwxx0^VihFb-g|ro=x`TtUfnnBxi-TPcDD(= zn*|yh&@L0^gp-eT%B6BN+XG&O(wdI&i2yGv_2=77tKW;x%WY^s`SjA#?4#r{K1J`O zBW$``iuK)sJvyF`w{wjxtJbrnT9jcm)kh~N7uIVG90-xXyltz_y}hw$3XRvCnhEiy z^A-yg!rDEf0r~xoW^9MyB{7jSkIK#4Y#BlExrj>5Hs4!(AZa@RzR$Tkz2o~N$k(LK z9r1?O*S6`^{Q_Mgco2L)@xuSK0tfm3SK$0niHi6y6*wPbdFcOFDsaSqs{-d0kbM$> z#Zjk092jz^3>55x4w`yxoA+{>(qq<-pjLp7!cM#sJ&sO z<;o*#DQcBDjevVn2^X>xjE}9UMGi#cPIwvc`aXtq@}^h78Td3`-~9c(kpu)Fj|I#s zy-5a}xiJnd#_w0v$+>|$smi_IMGe0iZ)PkxH#zHQC@1Ulz!C(hy-7|0pyKbOZjkS`#BK) zTNOAL-=+{sXivE(jg=PcK=_oein`qGzo@`bO}z}wDSPV0u1(Plx=0F^a(@ju|F|JU z2foJIs;|I^4>!(5kNKr*Lv|{(+8zclFPazvDPHtTgSs#8tq{TRXb&2XkEl#>h!w9^ z7^O-gU&l`JR5Wa~40vlj9hPl5l+O*T`ZAliw-9-&$o3x<^}1|6g(YK<&PDPJRxT|Y zA*=7bYH8@pdidpK-R&Egie8ya zO|}L__2jBg4+^z)x^Ym~cn+Glvit`^n;JlNz2My*Wxl$zAx(``LE(fqOr}=i3$YF6 zrC&OFd8*nwhUj{ERmTP%I`v!}ZL}JLwo{$Oxn=zue<5n_r|(S%z92CI!G973{kx8> zV!#+mSZ>*Lh<~^vX)tW6((CsS!!v`=vD$aYp}7nBCrlYSdYu4#`~- zuP`as>P1w@nUZ+>9s%q+svd)zt_o7H6cG3sA;Gl6%_o9LUY1NAgG@YK`@t|A ztBxis0`3*|ehSL#RZ*`8B7=6s6(>xC0F$dP66tf45N7a3pC|U7K%WCpfsiIhy6ZgMSbz>hSH-YxN~zF ziFgm27p+SV{w6Rpq&x=XM4C`&oLkSlQSRxI4&2%Cd^eXWmo4Bx6RzDb?yegiOXG`#Q=%cH_3L~Zp)`{p=y`$`i;p0ubVQQGc0;q9TE?&o5 z)M$)K;48Uxp>zs}b5!k8`0=`D4}`rL2VGPbtp1eljZZ5n#Ow&A=_$;3V)%lzW#d=? zPUH#tt$imk53T7gk)vtoN>E1H+8lV2;MnkJV}ZMC1c}X~2R8%9s5ZKeu1gT6by=_8 zoCPp)i%9^7U)_xh%a^k?o*H^D1>w61VVbtUA0aPY&3AzpY!XwI8b`#`)qH9(Vw*0q zaPL?W2d#L}lw^CLJbVlA6rB4|M2L428&$y+5CXY@382mT#+d+XyV;>rL7NGqt$+n5;uy}KZHs9 zTW3<>JJ6Ul^i#%d@30&PCva3mA8%H68xp^PqB8>e3Edpd`{^|&vH{;Wjnq$j`Qyi7 z&8Kvh-p2MhAKZDwQ+TCO$!*BJyE$3 zOPWf&D2X3&^KrcthcCn^nd2st1nY4-aPSeS*h4>;^-JT>D~#WQY+3QgDk8%5nqLb) z!vSMT$1ANrXsZkl%z&pzhAwx*Imm#Opf2yKJ-N&0(z5&FYOL6+G2$#Z86t0-HwSUF z3Kn(`D$icjfIh42ZL?4xqY(PaCq|y&Zi7`@98#B8Fu28R&yk2da#adP0lox>$S!0x|z8WX*-IF;$^>CmZtaW z>wPP#rZw#5sKe;hK}-EgMc6W&-UEo26jiV0fldKd-%l!Fy$y}{C=p(n;UHng5y-oU z`kup=`)=I)9DIpgIPWoQ3aR5*cik+dGe%vK03f5+;nUZ*D%K(o+vObP6+soKAbHR5 zWU?~avc7&^WtUEPSgD_Fk3bylj*ePxkx4{?$RGkAe3c8DX*%)g} zOIA$SBgPYNfLV#w%K3|OBrrH}zKVe3GE&Le3mg`wVUJYq%`db+} zx;~pP{SK&3EFNh`Y?STW;zVy(h(6%ypojA-?aZeGqVznr5aSDKh!TO)rD{{GFA*um z!h0eQMs+R=XAGr=0=&`3m0pt3qce<)BXQ(0Zp1;+_v>txFgj3pQK=mcJ6yD>BIm)54x6hy;dN);adkiw|?VUxbyh+oge{* z9OxvbTS^+XvbS{OY1|eW4mP}WT0O$!k=^T*BlR&<3jnPwsY;7zl+gXz^vJC+pb?~` z4Pjr2k>y>C6Gh$k$xbY@&}lVeFcX^KWJXV&$(!JSo8++V2b9IYx?O6`rkz{koZ^aS zhFmEn=e)fm&OxV}ZUf&p^-9{HfbpUEgk#A(Sm7jIhj~8}$$x28l*`oHba6n3(g#6N ztz-D2n}EHD-a?w76e673-glhP9mhbrq!Uhd6rpCQ4?knS7+&xdCxq?PtPi4a@svwi z2;kfc(*#2Z-cckH$|RWO>OF>YR}?iw76K`0tr*@u-{bRTyLlPudqSZoSYflYDrDNI`rUP`_U94; zCq;+q_UNtm-t8G<&zh&*14#liS-9d|oW&d&6Cy6f&Ft3p1S;49l6(8Wcr%PchPyL6 zc1^2NMrNQFkIRrxjavpCmkZubzEU)Z2cu6I zT+mW4HNL+!FwgY?>;bi0&o8llLKvhC!SQWD5S-rPmI?RdMa!iVk&Wp=8vMl` zD;y5D&7L0Fr~7I<>P(Qythay-;6a8i$B6oZ{mW*|3H5|3G5(}Yo(hKV9l|mywp=Kb z&)OzYG@+Ch`CZVkp~xJSYGvcvTid~l81;YxYw4uPFY&>LSjAKk90)CfPkdZ>L+$d= zUBwY_Zca&Ju^B};w_zq3hkc~Zh2lmekgruJddDp_O<=P91&(Bby|L<*>EiiBhdG{3 z#V;26RfVxb$kLKq7Df~^3)*YTlTT7Lu4r1kHP_3g_Zklffz_;^hWivuzc^pBp zbDMCa`hMc>4)%t``+HBst-s_+RgmtEHbhh&jj#3DrG`lj6gQuO>xsU_)>Z(Gm6$kr zRmS7WvaHwm9CaO`YWI`Szg4SNQwsmMU+K|VJ@~)H)kOMyKbzMj)Hlh$#m$qLcdp}; zje-7xt0f`J8IrjN*tWj2ak`eq)#LX!1H+(QJa=V}T6BKCmh+=GM-*2Srz7D`4R9Qw z;!!vyFi~r!7${O656rrsUq$$C6(XA#d0u(PSqJ7?`(;z8Hg)L>UU(UT+&)3;KK5m0 z!UdMS2pJeWReL$``nIVkjIBvGHbz|p+PYk>guz;3CHtMKAU@Li=}xI8#K-<6iukZf zy)Z{zbG`;tpZ1VK0vm>i%#GPoN~}Fef0tn@?(T~c($P#RtWc_$(9CPsyx~@3=Hk=` z8`o?C-B=PO3?VyGGI0&aDajAu>AxI-R!&;M-a>GZgxydIp3j6{VnGj_!^W-KMh*#2 z==w8U*O%}uY(nf_si}zYQL~stY{=K<;Q`=Y#GT6PwTG+oTM@j+6mJ>d5bMQ7tjAU) z4W>4#myS!W2mNv(Z)i@$r~W#O#iJ{bA&7U@TcZhTE6{55^O=a6Z>Ah)s~G$ivX>ni za9s%#9+sq|ei{S_9lGE=?Y%E#=tiO@LHW>$&&kky?G!OeHAOxH9HHN$_RYYMr=5(` zy9f^0?u>482^pP>kw239<%AsfW66 zlM&dmbvaNJ8G5<(67xEcpwLehw+pnh-paO*uf9DZ)&WK39qo&hPYKZ#WuB zL4M)tAJ_hmxmx|Vx%$}Gs~KI17bm5iTK2M6MVFX8gbBIffVkP#Wos_O<24bZhIGL= zl-n}Khme5z>^Sm;8>|5{#6i8_MJK+TDNJ2KLX1o^o^K&Ck{oB8{OV|2`Pa0 zwM4l3m3Cvfczd67>Lgj&f>k>5^%VQPps@R+ceDw7j4@0-g?gl_8+5t!c^se)(F*V~ z8l9?9C?H;=J#^i{=9)f1(^lzukcQy*cq3TL(k)J)_-X?)P<#%PNxau<9pPaA2(t}O z#PI>=s?wD)&d#U{cuYG=FZIAXpGHblW1ve-k;0pc9!ZQb95vjXC>M*#J&6$;Zg)y8q8LZ7*4|9^s|3_1*3w2sJ@sNkKlPN4-IoekDIzc6U-S4h zXV$RT-Vo+u24y3HE)BtKYADi!cjPJMEt;2B0(xUq;JK@i9e6i#$Sr(FQ^I8zj&koA z$bh0g!Pv%6;)DgplaN#%GO25z-7-++#(Mb*a6uW=OEizzDIC%*a%u4b$P z@nV?mpPutXD$U{e1viDqxMiWQ^g}i&+Np--(ZJ;hzEE$!-s94l(P0B*zBL{oXV=>3 zy{oaA(dgy%RDr^1i#x9ra|onwJ3-E0E6-*RQJ_iprGkEN(96_`oJ$vbr}z)~uz~qP zJuopGZYuGPdBdFTyUh7~ob_=ytKI$ieydAG`G>3(TW30$|9=&smc2 zg5MbodX?b$8@agd?CsKRJzpk(Sm3mDt~y%cwv`GqRA!vTi@Ph9&)HRfqStlo7+F^b zXQiCAln0VoOM+>cTF`~}Ey(HnIUjbZYZ;(0lIEsz7CTXjkee05*^P52rOh3!xy5qE zf8XNk!b!Z1mL@(*?lUn|60{Rkz|E0I-cOJz9wG#l0RRcSeWPxeQJsh+py92Qmj&q{ zm9Sfz3oPcdm!|K?eMh>&3ABsXi5)3uM$-?PQj>*>Z_(3=>WK4!r!CM=jKI=`%e$vO zpR*Op^f|4sq+^%j0G=Fd)CfOv^JPCLtM4GjvDx@VgI|M2LAa0B@;nRo(# zVsQ`4Af+U=e4qhY#vUmdV1SycaN0Wn?#T_G4?K?1~0S63+5HKTSFxqYP|=YfUfy#!H~!^d3LYn|YC?29(% zZ@dBDC;v1@+`)g5X|caNuhI?C^szz0pD>%=ZbcQn0cb$^l*ylQ6qj{dFFL;`nd!J? z?4L6{m3LcEU&x`A+aAN?rxCf-u4fp2+iy5=JHri$=bk|H zK`K!7ZPfb5YB2Y=u95Gztb_77sb8pbVRz|@4o};&aAx+*oC5J>Wl0~cGId447ky6& z2u-iyJO!Dw_9q8vN21TUh!THSpiTQgwY+lnK!J zs%sFg#Focn-ifvKDluuG|CL>jx-E2ogly5rw!$mrBF^PU5E_lYut3DdGE!w*6e zJ{9Zjj;7jMngH2p|F;06KngNkqnrcWnA0>|X3__)3HDeQzs{#s>rQ^Isfua_k>jX# zvTf9ZoLgR9QD%PzN}7q?dSKiRgb|jqk`#Gk%WNCd>3S1NRYbz62^Cd+SA`XEFVu?p zQl$@FIlok*Jsez^d$aDiw6^pPjjg4g)*XP~ZV^q7H$FsF+cuFVZGuzA@lYom>rJ&VKORR{2wVAY6XNJ^ZEJneEzjoQ&6jK zyA%g?{gP=_QRia&nl$xwMY-O`TNlB~zw5KvTtnfTn;EvUw z7k#NFzhhN`KtK1QaX82tBBWtHHhv=eoDxJTlKc1VjK}^lB>3KN75JBqtLB%EtMr$S zt0&(rN2Y1oM#Q&vkEQ!;cfrLP`{JIL8fi7|o-HDB(U)8Gl7QOTaO^eleET-WJK6_% zU0cdfwjJU3cmZBH3l=GVa+UNEZo{N%M=WgZ25)Cz`pohjvl$I1CIQlP01c)I8lh#d zFZC-aXMMJ#K?xf?nn&tXV4*=8qFaX~lA14se zk|*5`cWxF(57XeTvjMAKxOR5)a5GVU9)WH{ zTXe44T?Jf?H-x+eIb3MP$4KU&YraLjxldMiM)wCto21nxOtIOL=vdmgk{lyPQlGqt zPCezoRUL|N(KhgB;r5?J+r=-@wo^*3NS7YAXbXVl7aSaGn=r$mI_f`n;^pa1maI2Z z7ZrX8PrQAECzz6k>MM448Q$|W0vrjh0ji;LB|3V@b!Kl?x7zEpbQj;3(wKNw)nt1S z+5H6l_f<nY$L;pXx8xcS8? z_rHakAJ_!`7r1$-Lij1F7d{K>sGu*Ez?^(#S?Vq_VNS7VoJGs^b-iDvGv*QOn}UOn zi+Tjs>!#^rx(&+>k^tH~nUj=pelz`1dD4Lu^)>awbj9u&dvSOWZ~U^0=jI2diQJSMXJHC=u_r6k)T7 zpA{HgcK~f;hq(yqWVQzC?<3gGm!1+=-H(#BwY5dU%oA}uJ67h6JS;o71yoXrMNjG< z2dkI#8p-N16Y>d13w6oa^EN0tq^@ackJG=?FrtuyxvIlCExliK&xBhUb zgJZGm`2oz}{kEno)|o^S2&H1K2~jfMZd1>2ujgagQfDe1@Xi&dP9NzfnzR@sefl=I0ehB?l%NEq!b|`Er7J*Q+ZN z&jTLWW^KvwIJTil|8wQw~1 zHWm}}^x$hW*EpcMcC148%UyfMcI@1-SDQy9QcJ{MI7bV!ULKIU^{{%fCU4wO3UTv?Movwh~D8_Z0+-dZ-Mm zG_&HJWUYyt;UY&Um9j=dt%Zvu~-Gx=W;XXXVjdO*ngEpc2B6tk!zIRh6maz4kal7%|i!W=5+@GMGE~@BbWc$?g z>XVdMmoDUtz|KL;zQAVM!KG-vs9n%nD5kiOyYxe1cOzb*iQ_*q?j^%7@!DqEwY*pw zRG##ZJ4+?aLLP|PN}D@C9CW0-i2RXBKE}U-1e44pinUmH#Zwi!X`bwoQcJAI1b2nM zmcfe^5$-Ohes#oRZay=s*}%2z9KEC z;Mdx}im*1(E!lYi$f-G>BI2OUVi znCCatz1PO1-1sibQ>Ulu;o<#*lg!8!!|q$O?tWTC2XE=(JKW&o|Dhw`ji3GQeMN z^jxN%3zkUf!^xYk+;c%FZY=p=c5ic;@r6;pF)Qgj?e>Ki8j5MSn%n$LZ?wS1h+vqR z^-K-}xFHevmxkrKsx$ikST^-PALcK!@)6Hv-~A7@%tb$z^ZxfuFaBNzARifU`(a#R zI`W9^^IRn$m5~r}>Rp}hoIjEQce?n=Q407{0R@R0e^Aj^J(@dg{oEt}W5F-xj?bN( zSu~&0sz>#kyA=I#mqNHHYRNrf*!WXI^Z%jlKbjszw{2mx&#zd0;#>g&0gcXxoLj!u*v)-PgnzAgO3N3#>l5%R?rIo;KA>31N!S; z+VXdzS-^km62FUm{Fg5A>k5HiU*bO~^ROPgZ9~Q2&+(?q`kg-^s{=CmJ?RgflPy0@o-h{kTQMre~O|~~87|we=Q&x$82&*ApP+6l2SYs&|JzHIzB7he@ zU8fp+FUgN=B=@)ens4U)(Fy0{jx!8NTOgR=+)$Cv7uMXC*WO(anq(=~ukvM5_2*J! zManA+2w=Is-t?-+Wa*8(^(mZ6@0L&WM>vq`rWtiKy<21-+E=HhXG(s?4=MX9zKzctv?}*Ozpan;X{vzn>3S2A@+zyiV}I^Q@+m8yL2IV;C)&(9 zYUtwC|{h&nA!o1SW^z_yHX-+r~Fb zD?4s`#L0{AlLC2?)cy4_&Az<#r}j{rEjKNJ4hb|&{dvNbSXoX!HQGT$H5~)|EG&fa zcEm$9rqdqSi>!9ZY~EB_GxJ~(9XMBHBt2E|bhELuK%e_v`^3-C0rw^TT`u-R` z98pS-1+S|R*WZV>n19^7{3p?I;E#aDH=IFDJM6~X^1!SWIS$9=TuRopPWv<)?>u|P zH>giX&WfayHWNN+Z2=}eu4X*~xkw$3}C_k(s1M-4!&}tuT_jCf8G(4ov*|a>J6l5w3 zd$R_A_w3+JDb^|C@?3~i`i{K}o$HP;dbb z7c+~(dCosy)&sgppD?W#Jd(|O%LnQ-y^FQn*RmhE%?D;{jF`1_RQXz;`3^I4Z$|N> zN_ZM?RmE@n=LRuLg+DBuiG(mhH42lJMSf3Bhp(Ol*4%LRD`c_boDYEp2x8*&KHngz6G~k9p z7DphG_XlcA?0B6r*|5ez4)HqInT#x!#eQNM42GSTrOwflj*cFUmGeaoK>)96s;k>aF(noEz z-V;xh`2q8nA7Fd6J5yW&)Ht$Uhe+$5!PD;{>mCR$z~o<+dARm<=qsx5zl0ip2W{NH z5+%g15+yHq(Vj68=j~AYA8wJFmJ5M4qAx<`HX`1&a+?b z^*;?Wfrg8<>rHOcY#dnFuZkuWfZIJc7Tm(~blz>g544lG>ttf~N!xi>Yij=Cie=Ap zEKmNSd+~4X82I6j{}6F})qMU3#PR>)%lrqZgW_5@&3{2$n#t%^V@dQJU<1U)ZBO>QAnnbs~7wq+@J|5b+-PI#^o{tY5 zg|G-`@p8Kv0O%lhRZS32zf0IIJ)9WRswqp`$-YbMU3nc6G<7H*3n6V8Deb%?r#ntNqv#Ays=RP|ktKUj(#I^UiSh?(V6^N4F2h||q{S>y_ zDcjMcA@_Uoem$-eHLv2)L=!i>ScL;Z*q3+ePQPJu6D(tf?$CVzm&|B4IM5dw-qmX;HTU{sbl2?aO68HFU-yKNNRK~j+DF3 zL-X9F$-q+z@D^CLit}b*^+iN`P##{+ zi3M51Yg4UD^zv+c479Mnp3KHb3PX8xha;yceGZ_Vp4 z^fDH?5AaXkeloe(F!dsyJ*_`vq#__-2CRe3+~Iq8dUv+Uq5AczuhUPa(UUi++>G`O1Fy2Y}X1C z2V)+_O|w)dA%R3~SuqjvzHI_rL7obO^JrxmH@=>Ur^VkY<$N5V0WA$5ngQJ)V4ro$ zvqCpy!U>&DvAxdYHrdH}==f^SYO}aY8bJ7|RhdW1LHnWWAOQ#BYwW}fO`5r8H#_iy z_~WJaaJ zG>B5_Vnrpf*k%-rB=-vN)}p=O(0x<*n4@-$NZ7!~Fjibujf;in079#TZCy zw0onwXY%eXxL$>gZJKZtSsL&Wj_vdhfA>6ia$ z1y(%qRy@9%UIMcRY+E0fh~mp*P5a^_0F*~(8sk}~hg$f$C%yD$SITv9{$=0|bVDoQ zJU=hD>bjywbx@67W|%sAn{Cb8H>TJ5WnbB9e{d(zJ&l{%?9S|g=gX0ARqfPy@KXiW zZ>p-y2WqwgtP#;RL`cRp$lajez18cs{w~%G{93K~FT|REUxC$sRY+4cg+vd|XY}*k zY%~ps?gK=9jXuwHG)w;7%ZO{3l9hWqF208Mnxnos8MkVd%dev5wiVhnk35SPVYRuOzJ9k0=L)8$I~Y7|7+exC{6T$X!ljPyhA zJ^_Bn#=A(;|Jy73U4_8!3j{34HJZ;t2FYzOGOh$=LR}UQ7YFG9*!(*s1Zh`O z`k_40cz};{nU4U20@r^|R))ZAKQm(Fn2LCxvd6ided=dUY<T=8RA zNL!jIa1EcM0rJ-)>GxSA;lRP4q-_v-#wa~w$m{NQ#=afIfbawHN^#VlRM7sM(Lmk* zYC}m`-hKC{Oy9QolvcltmG~D7{4aU??^-QQrr?=^y8gIseQ-AX^^&Upu)tCIqhf)d z=dLlOCfmN%B+d8vx|*GCviT#Uj>(bWt=|RN%*z{)OX7P+h&11-T7X}v2L0sl%rEDL zXil+fwRC=Wc)vSV|8_+`76kk^R`g>*z}JfY0UPdIy33!~n}k_iAbipaL**D<@EM^^ z29$c^+|8{=ve$NdJUsKRL}21&FKMF9mD^p>u?iC=&WntW(6gEpI4@iLWWxUC*9zIM zs|)63%B<%NXm#b2CI;kUq)~#`lciqd@szfTn}eWvaW0`E)R60lFHN7re1-k}wc*8J zLk;?r^`c@_qRo2b(3A>*ncby?6izzhMm6;|==Ww;q&A;TbphyjA=R={pfF2m76ev>M^|YNHkkxepkBf0jqoV&BU@7z(;2zQb`B|sIXR=+sWA4PLpYVm%$6Pa& zju^M}MAJ7#ART5u)WVr|@O`$IxyZOw#6cRKnmIl#K|2pX&pp{TYsH)2B)AdbE1dDo zdNNLUlbsE{KP<3h+vycnxT>3xmD{HzJ2eEp*RJx86k0Xi2qPsEPY>|J7xRQrE#Ot? z`O56#BaZ#!G6IenD^LAGW4(i~b$-L%S%6RKgT{~5ql=9dofHf{pOIa(ZGk=&RRFt? z%>-4jdE-+rC^DMy1&K9Yl1m|@j{a7VXP`BY7nssGdoMo?emL!?O}T+a^PUm;EIYnH za3)rlU0eAzrR<0EU>>oifFs$`qimMmEzTtjx_WP zA#he}eAB?4Shq#BJ{qo!@%$JHpeX0XAPny5lGeof?Zoi@I%F4+!hC@j?oLVUxMt1T08#S3+)~ z6Jqp-{6hXagU@4$g6j`F1 z14!UsoB=XR87@O@$-pSBobVB1t9~P!6`$t2V)y(M6ra=0c}M{pP=36k)@=+>@hRkR zpQ4~w)%-qz2$=~^`jYy8^rsaY^@|eqyYM2$4`IFnx&k*!hankr9~6EY_kb;g!CDkF z+fdax({Tq)VeypiOI$J)P7VK90Z3PmQh11e&wD@Dq^Z(>*?GG3)8BUBf5(SMU(gtO z{Gks&p@{ekAFlsHAKq`u4?%*1|Bc6VMXySPrv8$d4)4|nNUPtd|NYL7r?7Tv$8Y`k zPsi%tuIfh#@PB1hUyJ$;y7&ja9FYcx7`W>5;IfJN%w4uR2k=CDJb(AIW{+B(FvE88 z(Pd>ZD|{CEtE~&zICTZ25k-F*ml0rwbR}T@zPc8F3msLj7}~dyI6+{^7DUC-Ne7Ba z`@`8UU_8jFxT~KmWMjI%oP1ix;RTM*cyG1zZr$sL$gxSe#?}KzXmg%F%FrZ*{s1SP z)-X9QuxPczeC%zYmG>y>LvVTt+hr64_Ws#8cfR+WwdBOw*P;l)U%YfaH$Dxgd&32D zlxZ%D?2XqDbO0?<=2D-H?|{C+@S!;m@=*6Tg*eD#;9Nh^UO~t{kg-?lB5LlT9-~7E zCMSY-37ImVOmR+>DY3*X5B1``p0FP!piY6vuL(NVhkaRFgh~at91xk^X0+j*{;?eS z)AkAXNESGrv2pe&hqtGBaw6na2kA1W9|0jF@Ad&I)*Ykjwvv((f%!;{);c?UXQyuZd}BnlM81gcri@ajEZ+9deSjQau@oaheV}bI7IC(!DbCC zNS{gktD$_E=1EOP?tz*#wwb-qxI;N*TkZk5b*6upJd8%=xQ0&R5Mr$Kz{wLm)?$~J zt5P+HQ$SnPo|#1{Tk%8E(K{_$3m_lHu z_YtrT7~1 z+ufLZ<060bzVm64YXM>34SoUI$E|zFB%E`{WYueYP6RLTu+BT1-&X|K!UR;*a{KGr!CCT-M@jV4GCy}y+X3C;(OglBhr?(ulzsU+L9A8oqdf&Bxe-E$ z*-aOtSHvvcE3cGa70(L6V`rt$5EVT3EYxTZ{k>OEKr1^8Od9M?-}J||dD#U@5GZ)( zYs#R5m)(SJb1zoZ1Rln~n1|Ix+9*w=VYrkA7WRS#dAaDy%CZs=*EO3Ac&YEnNc*zp z@3M%;IW)tizeC;m+U1^c_?-~$sPlf|a38F@S5iW3X2Y#f&GVJU{O~-%4+BJ^lP`1- zk-X&!6_H+KeD`F=Kx`&+kL5O^x9U+dgv-7@gqy>!V4G=U@4Lj3Et-YW_nbz?i@@5| z1nz!A#xIESM*lvk@v;y-NabMqSH7IUSMIOIok671Rv+tg9mbhjO4|Kmy*8XTk5n;WF?4OGG zeGK{@vBlOXFh7alUE6hAGQm55B+$M>S@$0w)R?kX>@PWY3X`~h`;tPn={C7b#f6Na zSRju$7@CNo;S_O;%N=8L{uMK0sUOoP2kYl={~1L5GNU=Lh6F(i^XHRUn8ZNeRS>?< z(|B+CN!>3*ap;cw(>RTSFIuN;Ie(!=rXA>h}SOAiJPDpxLit<+QXUiw?AxWIgqV~ok; z?r?&AJ$nV}Ees?)Gr7@mQPXYAUcHc3iuPkMTw!_qDN6RKnX6TWvH<*PaRiss%b zq>ijwR;(TPt!l&{su=x=g8i@457wAg(F1^J{PW6FJoZF4k&xG$mfP|CbJd7EBC=+V zk=!AwI(#|hrg5P#Ol^flKow}##62z2dfsa1J#9~gbnc8c+P9G>Ox2TdSHR*>JCAlCu()n`tG8>ByLQ?oHU9MVp>8^5cmj2e9QqOYMofW2%KvG zQ9!Q03JIG+5*Pc~`K)X+quNtwMNc%|DWNzwm@_BZbE&K*=tPkF;DTS+Aj9Nt0698H z3A*s)e;Cm5H{A)xz<=ML{O3Fh_%+b4|G6w&r<7RD?e{m1=<19GI{%(7{ha@9D1l#F z%KxpQ1b%HP|JYD+$KN%Sz^^UkWhlSqgZwa*<3BZ&z&A_jYWpvloi7z$4%TY-)SGXa zo%@etmt*-lwiOBS2Q8uD2Jk=fryKk=o9P>URloOyu9{tJa`B@tjdUX4Ewby5sqN2~ zy(X;(eV+!;&wv_OP1?ez=3MUXM?>35_2KdUKH8+B|Lse@uI8&)UAn+#CR~WUZ61+t z7C`njAxa?EM0|fGuJ#|vTjl-pxBr}r`f5Ur{jW(UgCZ}8I;@90$jfot2s3C z#n|cNax5B3eig^i_DWxduA&f$q9xNgGUk!EJdU=f`GCDwR7kP>w35niL=>-?*GoJA zYW83KGfLoa7KAW*x;wqlhuQTpi^6Uih3-xsgVsGdQ^OI^XI@y1i*%-saF;!BxeIpB zV#g|kxfej@dIc+uNT0YSDLSKF_Vu3>4~yove{0Zm$N{{X)!05|b^exy#%BkE9$k)a zI9HZ6suvjM`=wv^k)@E7(gc&y1Rg^SkFiK1of;$J@#rIp_Y(N*f(x03l;yTw#kP`N z&^__R5A_M~CA(?2H-5W~T{~>j=3`w@I;pS(vvkYnu7XAv%*DrmqAg>T1n_RlB_+#` zJZ>d5Rnc-pw10TTw9t~UqQYNxr|=B*FV6dyWf%_dkK$1Emub2GT#dmA+@!&O9Cz}6 z7vW)@n%gu6{drVsXCmd0v|M4e*G~7b%YX9of7-0SYP)7xYGu4(G@_bD^6oK% z>PUm*b`uNW6`s#`uG#V?d*&DLdpz$-eag}fkK=w__f0%;<=P1v;hlHsBl<@0kUQ)a z8E;RbHFvS>@xbIe#_GVzgW!{Vl*bz?U?%8Grg0Wrki^^Vfeg%x8Q+WPfIDFo7gdZR zm9=DHECl#bNl>95d97BDw$zjA@PR1!DE@0Y(B-~r%!!{|JnzDDO6~-roYu(=*6mJg zZTI1iz@r;KB!?Nza;?3wf;7TS2yS`(%Kf*C1N)hjIP$WL%n1CuUI}iol=~)tcRRd1 z%t=szE#N}Y<7txWh7>1F4A(UjE?ZOGs~c#P;L4wJ0Jt?r0nT%!dy{fTzyd01?zr3gNTpB{l^=FTQW?`TNohj(k z^4duTma%l*<6;4AN){anLC;UQ6kf3gY*H5=jDs&n;9rky$zYqy$@pD*MJJEmu#m5R z$ao^!c6r6u_w2o`aRN*E1?|+g>P{*;r7p>c^s{}V$NqxmPh36!vj_?BXPTer4ZVJg z+GKG5v5YGB+2WB74+lJm?ayLY0L28t+J2^z_~b?1`p*~54amx++cWR%<+)b$?ITvl ziRGJsohN*MucTWc&}R-RBXRQjwz&J#L@ROx@^q%8qi)6eaoa&NVC^H(4;(hChoR#ylX4eU33APd@@LUZsGIw8 zPuCp~i)6-BINn34@r=VdpF?^_Z&EOkOTourRoM>>9ABs-S=~pp9h5}`i1`>YYPn)_ za;2(c?UAWcc>qtAq3MCE9!09{Nl2t-9c9xM#QU899>8aha(O z`R#-GMl4Dv{Ky605;(mNfOnGeg>tBEB$L=f4e4!0WH6I*pHVh4b%JMkm^!H(1Q=0N zPkqgBM4E`F&_d~umk9^$K1wi^n0E%q-|T~c$+v~6s*AU{pJLBjMtSZghIjB2VO{cp z7y~yR4K|Z5qoj!3W8u@TgU)%YRF*>G35N6IKCge})eXsZxPSSQoh$kATZI?;UknBO zFKGq4eEI(27pc1JYlLp+Y-N}U^R1|bPr__}7`LLA-{+uMoBgH5k|{OOgBmAtm*xWV zmBvs%DyAamI_`1q<$*~!X{{d}ll=Ai^HsVCL@d{9O!x!+zkYn+=M&ohF8*RxG;97e zZczW4EXZ=Z?tF>8eAo9r4d=(f3$mPitO?NX^u2XSvwp&r-@twr*q+|lh=*ymv`N%= z8JY{_H_z)0*Rp9LxqE9Q{J_&+ugN1ty!WqI!S$8okAMI33BSZ(fZwXYWXxA`>(@$J z|4B#-q4T@Q^>1Z~17J?4O8hLOVSpi-NLb6E-AeOWPD)K9RSa)Oqi_oN$j_x@e?k^| zy!?-_`>Tb)wNxu0?_4gC55(mOOv!O8p1mgF zxdbo|n>T#u5XOi^qPU?XeoNrxKKskMYRwxUK~XW?&`<)=TjXV+Xb+fOdh2X0nJ=1O(5C1x*pnn( zg)a~?dTaMrrL+0v6v~gMDcNYWBcu(L1jY zAa=`Rw7Vl|R7JEhus|kOH3~K5voka&atbgIxupyZ_g=iYZk}ovz6je1Irws`x`@8YnopzzqcRX8rGTEoT5Nf)FfieLo%4Vg?mMv> zPgfs0c?coK#P9n;H6031p(r|?@Th3*FM~aHMDddKjZ|Ic_TMrD|IxmtUwMFL{COn8 zvmY`V+&!pPy#+LoU=t@bJKykX{^3Xj*ZJK@1ee=>6{6`i5n7JWA3hnv6?QOGp?%qt z`!L78{)l{RNbXrF@!D$I=>7%Qeo8868Vl>O=|-|!(Y6DT?lyR5?cF}*;81WRMVCpzpa349v6W6GS-i;ynfz#>t!U0&8?bM zZ2S+IFP0)5|IG`wCl&6Se0pDXw2t&oM!DWUEM@{D_t8x?Fv2|dkI62PVyouo2CE!R{&O~i0$UYP><^GdP?U+ zyj@U;T`TxisBh-uj+wB5&_<|qv^}#sy{6B^*zN_DkE|uG*fiaW+5I>%2OtGhd~QQ> zJl?*fKv-y?pDanb20O9m2L>IV)Kw6aSbuulUmTfKOw-c}k z9dbyNzEwb#vt^`T(2V7=&^hqqE$V^LQwO`DbyI!*iBdA~=R>K@l^+{LPy_XRdY9$U z>flyp*yG#|_K#!Uz?a8cf+tFmd*tsh@`$xD$EbdO-zg0O$957g^J;dtN9%tLjY0*O za1;q0sAwae7R}|`%|fAD+P^TsxFPT4SRBe=Z${FL^oCEObs~MImg2@X(ie#D6xA zrj#Y-<%k-Vcpv)h7=u#LAOF^V41G(R7QgSy{W6UgbSi#Cw*~JqGQrSf0#SH^SH}YO zxlm&l``-D(B+BPywthsr-`|2jFp${)Az14C(gAS6)8t!MjOZ;A|2=B^6`6Hf56Teo z0OI3Y7r=3SAY@Nz`_^K>Qi#SD7bJBNzbvk&pMvzSNE#b%2CHHE&E;*-ucff4(Ws^B)GIIxk)k9Nfkg>+j{t7ce)O#CV;s8DpIR|@y zDVU)2#<9z`;m9SJ2A9ooCx1(He^q$ekUti9^0ykKUueSJSQPbbpAG093cffN&suZL``?sbP@TGoVxJdaIg1L%Tg<-wRuzA-L8(Y+YH50q!!!w4<=?^CqM4D zwormCjm-BjGpdRV!0K2LGl87_xxH?a@p_PLj><)iE76qg;fN5&V(iDeBzGZ&(I{+7 z-UDs3cq_QMBwLuXbbrEa58oj`FdotoLV;zsk=D74mZO6_mlL(daQOCa`tHRNQpqrj z=T4Px1V?Ef4hjwkspcIw>1N8v;raCLegu%OQ4rb;opI2=)lT}!GuvDJ6AL^Xh6Ibw z_AJf~k97^~CK)a{YWjS)Gb^(_$>G>}nsG zrkmIgPuX!+82&p}jdgCp>M1W1Lx0{9H9YI<3aE7_Wr19MBYWMCQ|-(W{%Dugpo#o5=IA+Oa3#K-7vpu1e@|5%Y*k51 zQ09%UK7CFa$v(@Lm66X%0V;-Rp=6;?n}5Tfg%&B7aF z89vY4^0tKI)k_TB8Mok0>%poGgst^J+O)_>C|Xp7X?ARFR{N@=WJCXa?V8=VOj||Tdn(d>n28iZNBxP#!jrEiv|pD=jPX^Ao@NK787W<3_W=VME+WOZp0){%Dpl-ZgoQSa<@5M0&I6neL7(d+O1OwWioPR zB)ypKaalXns2qJV@AEuv!Vx{%%6+xNNOkXdeBRc&{a~loiA*;~2O17NAm79{i#wd7 zc;)+61ss)*8siUZTJEbs_9p{_WKM%Ds`LpSKN3l2GXhcG7s2kD1?6j)M{E7K=X?ts zL+2c++ulsLr@44tmNuzXH2O@UK$Kk_P^zNp<;N~w(cuKKDF(-`q)~!l3@4W`Hu!3& zp3AlI0-&04ujO~YDV{vurGoytJuw5lafrAgWWSUzR-Xps5U7UVFr`e(7h&OX!5rtl z>lhnTji@tI~f_X`JQl^&;-Fe_8pQ$5UGV zOX}vOTGp?u`uEXvUr+;rv44P zpx+l@5WF=#c~0Y`AFdj=1#eD-FWRGB#z8M5!CSswhd%ZtN!p}{SEjArf2GJT4?A3L z8UntMM|ylmBkFHkZTHIvfj`o{I#f1^us6x&&M%}=hhKHp{`Fem*UMF3e)016VIbG> zS3{GHnYeBFnCklSNG<$V*-j(D;g7dVKiPnQks-bB<)A0Tnwv~7*h zLXbDd)|~~r&arEwqJ%pUaTI#g^HlNlS>EDX0NMT~uq@tg0oIj7sjvkH3C{(bConI8 zN|^WQ#;6cooU6X@aqU1{o# z9#HJW7Ox^WFbN4Vp+-bELBqLwbc1BRU>*?6c#*Nj*aBL-C;qGOG#g6<&E}!q++TIA zMUN1RRK=l%Ljqe!jQz?|AbW_Xg4y~3yftRJr^#Nhbh&%W8 zsQEAY#zY@aJWCx*I<#u%2$$5?8%PQkZ$6})To_CsY7u=I1G7Y$?`22H(n^7}JP5FG z8K#JJ>|n{)%P|mDc-y;Hn>|g^P+{{*1H>9WMdVp=pf&Xxjd{2?g!S3cab@ozZi!@z zj&LCyAiF8(`^oqFt%+}+ej(MHOuBAz)`h9mxst~Qgl^4ThOu))TVK9cbd9`ftFzpC zdFyd5DpFT)mKXltg-)0}qmWqDZ5UrX?=x9(D1Sf|GR;ygy zvdyWPEFqpq<$_FcO$f6vdmTU^1O$DCGepl1KQaBlg(GOpHZCdU%q9T^W$oS@UnmkL}4p4qV*p1jyn~cwnmDuw}^>sUSj&z&$zd(<6MqE{cNk z7>ip&2Q_8`-S2D@Wt;4c7jS0C5t?$r*MW&W+OrpX2 zVR~csO3t49XfRrttHB;%J-)$8*d>xLN{YSlf}`hSzST7I@fJWPQKlv)cCkOoBmYQ} zr=df-;fR>tHAQ|R{>>uZ%wh(8uxF8?hwa_WybJM=o)hZIa8cfk9Y61<5CgJ=M|CGE zIbI3Kq&!;(&A1J+xg2-L8$0kp$Y2Kh8Y?RI5rL05W_Zh~K6y{uFA?zqI6>qq(5EFw zV7R%nxkAU3gk?89i2oL>`JuD$zl1h_t9)?#f;aE+*YM`I<${+hAOD6c2mV{o=F61> zf9A_AmS%oH8{==fa^R1Ax#jBYcfEJ(dl2TU0`Pl9Agr|E3e5r@jM4Q8fIC{yh{flT%f*SDtH|Fq9L;}Mj{ zS&!&2cp7O;Ij%>v?>_Iv8M=?kl^=(3hlhTV50c2Xz`ZZ}>yh6FrW1Mv@S1^$&GmX> z-|s}kX>0tc>hF)+p8k+c|ET%{zRLc1)vOp)iDZg1I`#8rKgbQl(&CN1$KO@`F~3y( zy$rsU(0<%2E6#_;b|^ro@>Huo7Z&y(WBx*EPIt;2v!(2jk+#o12Q0LYTM+Gq3(gCkv>ZcPQtF83I_Yaol(M zquwCYzA7gw>G$`C{t4PVsV{|&qG!Ir9Od52;uGT8*V$s|1b9c0mN=d+B!RxAeSI2H z(2MmwOO@*O@y6s6QqEB)_qGxe&UTiGuWy!V$2jqV)_!jf9)ui?Sl=}a+=K2l404cx9vDy$v2Nh20zr%ZS!3Y8Ncf=}jm= zf@&+|HbE`X(6aO&h^_Q|(>KXlV4|i7um{(BHq;jc@Et-iIClZh?bF|I@2-CABZsEK zp{0fu86BXGwm?1YjnmHvFWVcZ>PpRm@&z`m`*?^n=0M?HoYhtS_*g}wVUy}&GiNJ- zzXch?mi66MM7w8{37{sPBNk)upY={Y>iZ7542@M!y{J44l< zk?E|W@1_qaOGH27jm`#FVafUhzzJlFr~6UpY=(xK9;xP?A(*J+lQHp49?S48U1E7R zBU*8==(#{GX*)6(XK@ehlnBLToA{m4@GDT(YyJw9jw?LW&mqta3Xj>0XPr?WI+4H} z>Qno!@!aPW9xH8f_nm#;?eplIt}Y3h(WwpQmtCJs5m@KTCGoqopc39H5gAHj)gLW$ zsv}u!X43Z>YsR8azqn+Zl5G?Z!GPl4W=82Q#&I?guXuDxA-qk1@zmelkpBFAcMI@8Y;VC9zH4(lX)uaE zi)+gq^bi8%+9t`L4MiF0Y9nL;r!!=g?Jm9?h~ z3UlL!VuB83zf~=USMj+7MlWxGb3ySP?Np}7^u#E$dhR~w_z_p!ot$^z+Y8m6hIbrA zISx@!^RajzjJvGzU<2O3S)ru$vt;-R>N}8Qln-rLZZ$fgZy8hTPp%nGuT9($mEE}D zs?}lN;yLf)z$>1Dk0|)K+ZwEsm<8)e=9hDtF$ow^fP8vse^hrGy?3=^nAl;wK$uB$ ze;44y^kyttU)No1E)3vS&<$=rCAig0`9$BNV#vt2kEm6Qb6m1O=zScK-0(U`4mGdz zEF%I9*+}=c;0MINZsbux0*9hej7~hF>SPAP&XZ~_VeMRzPCK9b6f$i#WCzGxQ?pMH=qiEw@ngrpPEq&tT)R*8P(o zGSGtWz$D28fp1`4VnIK{R2N{Cv`o3cq<@)0r7o~fNzuRf%a{Ehi_w68oGdNAJT|ia z@Yv5FGIUKyk%Rgw*2~;dc#FS}Q!$%MY3%$P3=2^2uf7)UJC^#Y)SybidBd*i$*kjW zkw*XIFSpG!U9E86yzE!>ul~)qGLg;rhLr2~1s~mSIm@p)5$$XE6U%*Oi&-2CgHQ$zL`Ooab!&?Hpl)zNQ^f6rR7l<~qqS3gKRM(I4*yr?K!5cc{ zwx$R&fa1G1GB4i-5pxPZkMQs!H7?+LItChkHfNe=P=0=b0#n{p*oF@TLmYRZ@d1hK zWA;#zB&pnmQH}wc2B~SN^S-*=LF?09_68m&8Z+mmPtAG=RS1hy9GVE-H?@3mM@hy6 zP_WSc^*D+y2(@C`9690R7^t8G{^5CxP}_>|f5v&fcRD>Ya(~^qhukL_Vt1s46sHP` zp*$=a`#q*7QRZD^-A&sfMZXndHJW=(B?K2e z{H*0~BxOAxxI9#kFaeiVwUhVZf&>j)!QQaX>d*;r23P{rliNEY(c3J3LP zcw56SwHC2dOpgd+d@vqwgRovWE}c!ug$vPK&a5u`hm(S3jY0V4v}g0s)yVE)VJ|eq37FrU)MLBw3kWu(pR3&YJjU77Bc2QHR5;P3aU^ z`2ZNoJj`}QPth5S)$J?7x|A?t<&#g0eyJMsG=&SIffGhjE^HdIM@-*S> z`$}_00%jo&NP9gzdfal{SSOs%JD$e}co_HgHb#`)#6I6I=&f@T6K$uIUv+gmKx*T` z)~}Isz88l&z{`GUH#h@`iXpRltC6a{Uprv(eaE}=~dJ-O;?Y+}E_Cw9^f7Hu7gKNJCh?Szh?5Bvs?vh-ZMOFI>9U1*R}|6kYII%v0d&hw zlasX(%RE8b+D)mgY~#}M(S#1ZUc?OZ0o{a6M2%x0%9)5LQ(Ob2ikx?^g7{hy$&y#;VHQgu5MZ*n=8Y& z>5faLQ}oiW;VJL~pMKTvQYI4;brzcuQwsBCnC+s_E6teJuwNe&+9;Sbu=Gv1ZSUG$ zp+gY@a!U5RVF3b;|@#>EU4aN_1Y5D^Knt&YX#1kWtRXh_m*xNhFxA>*dzY zA83g)6W-ie2MgAI+=noxnB)^20HOH@?ydLxb94hS&$)+pb4SD@K9ysT4>jOFir>gd zs1Pm*eLnqdeVMYiXr4ou%Tu&UqMow%(-xT+KmrduiQZ<)(JMndLz)P;BxZ zj%f_6SJInZAI$FXYeidc0Oe zKmTZo%zxL09e-iNzJmL|Ird++Vf8;@B?{tq2a?+FT`7XbYV$)mkfm@fgK&IExT%y> zXHdimlPDJ(jA-;nk}k}x3Q1``S)W{#hgPG&TTCJ!x?PmJ5cKz5yId#9%GC5;%!^Af zvkqBU84Aqg^>>uIYh4^^ZkLQEhTLhLH_0X_;7n=l>pB4)?3CAtrHu#yR-Wi#T_ES~ zyB*bWIP#wEB01^g!Fz9xc;d=~K_hZP+`w6H^s59RLS9p4 zZz*mE-XB8sZgxCRP4I|6A2vuV!oZ=kk2_Srhec@1JJKN<5e@2)I^F1tGoP9lU6Wnh zz+bo6hN9CHp0<54xsi1qQQf*n1H$-6@~wx&lXE1w-f_N$@G|L2nWU7B9!QO;WQ0D* zGNT#;%-?1ufD=}ae1GEF0s$r#V2RM!`kW5QZTBd6dx028THvR%-P~iKhb$G1j6S_m z{9I2-KO9LjZqfPs7T5ca|is1KJ$2hy9W6;@W@>3zEEYj=?rkecp?N0sg^F&D<( z0*@O*$a6~9PbFxD*H=s2pbDXVyJ-)M!WxUqGv);X_k8_FmH)pK{tLe={I@rNebSot zGumELvP*s4=lt_T;B54>A?3-CHs$9|qV{0EIIFI~asN)`%+Y zNBL;?n@FBFU*B`Z7yXpjP!lreQje2Rh2u4*x(CHGNd2~uj~Fi?atqQUUEL4>iw^2# zZ4NR;%R&!{qU%cU?On6=dI~C*38TK$rW=?NZ9B*qM!@QxXXQmvRpRls-<68M#`eK`v8cvx%W)&WLLb^zKwC{u{HR*Yg(5>-98OA z3>AAek)o9P!2W*rusXNx+uMTit?KZzvbwpu<+MQb?fv8w3^`6jVC^kqV;`%;skSJ+9mnMj(H#M$K4LmjnXnI%K1jOvfUtbrI~*lvyZuBD&L*0|6g-X9=oJpK=@($$4f6?9>-gM<9Ok~4)iv> z8QU5od6j3y^RRzENTvS8>Ha!R_CIyH=PwC$_W=G|PWQ{_0{_wJo^mPaC z3$Kb4BvCZe1_Ke%z>B!pC0Nh`oCrjtG;4(%+*;e}@_HO;5RNVMO3~{H!pg}AwsS~5 z<6`v`kCc_=Wu(Oy*?hj5Xsah6S|0yfLpUwVC!h!P4ooZ~&=|k%*vSbAk8Zy&&M0)5 zVrhY@xC<-$cE9KM`t_dZ(RZ%@gt5RM;3|~Rb54O=U|JLF_*F9*$z)P$z3q*BoXw}3 z_G&_x>I98}a``3K!o!k8o!DNP*Bk$#1?YDVEc(wMSmNt}4XWQhu!Mkf+%}k?cU{yx zAM`}C|2FyOzx%*K|Nnbnb@o5hS?J1C)!Ak1H66Ikf|5gPpF@!v;&eq;P=ajbE@cw+ z5Dc=dUO2%vYmoQkkhb(V>WL(md|)NXEicR@H&WCv$N;q}fVk6d?ZK)tLvCwdmC8uN zpd_qek#N^@jU`pPiJyKAl>c030sJNX)1UKx4oxzjCDO&Q_gPZ{jTR5|>3>&ODkwk` zTt;I@ReA~Js}vTR-x4&PNaStDSu0AjG4IqM*ev2c#L`A)?^MH6ccIfS zzD9x!@C7?jd}l|O8${XX;!LviV?e94S}o09Rv%UlHAWVhYqWF9Uhj+05sNt>u;LRO z_18PVacRk+lz%C4yZ+18{$<jOyXZjZ!|+#0$WPs8)Af1mYl8xg|MjijBmNqh!!704iChTUze+rQRAH!|<(cos zHQo7IJ-=i&?Ksz87uvqAX8Lhr;HNVWUzh3Lz2mEQP5Vh5LOZ!#tKH3DC0KX7udEfM zeHDWJ>X;^p_V1ag>(*ST(czB~;!g|ls=WPnxoU#wWpv#u&6PIuhg{s*xYsS2;-G0H zP9837zW^!X&5{^35^psz@~tCrjQzPV1G)Svj!Rp(ye=P3JMX%@ujxTQU-GUx)byiU zQNC^w@a-P`Jd*t-n7#Ejs-ZZB2AR4+3~dHC7$=q>fKm2Q8{DizW|sSUf+sM5+0` zNzlbW6iYFtggXf_V^bWd$P={3^Fw>&LxNyQpY;2d0^8>SQ{Wz)(*Z4Muuv4~Tt-4C zIYKLLt8fw@u;wn7c5A!p;Db(_UKEncs*D6-oSG}|o39OBkY=Q30v;vdg{j4S1cWi`^2KTHie68?fvd6Z$N*F}jmPfjp+Ei^e&c zz{tR-aYdVRV})s8_aVltKtkt7UN$vi0r?%LBv02$@P06`?YYs@lSWssK7zy6n9ELV zc(`~<)ZF2%!yC*;xU-_x?9}r`8oTB`i9tdG!iQ>L#HQ|8?3yU@!RftrMGa9r0fl_V1E^{~&xD*se~0 zY516)=h_@;U#2ILIQ^+syXJA`1>Am;Y5XR!M@ORd)r0d>NAGp<}xqY$0%Jp&!$g^YTYg`c)^9%Pcnv^HHZNplhe=E_bt%eS_@8n`4v*G62T- zoO5%UFDqH!a*%o|5Y+DDR520mjS5qiw@D9M_638h;-ciz;`20%n~be1dUGz$jNM2y zB-3u1fZ?@7&iI;|aI1`S z7sxAmwUs<>j$_II$sCy9hT}}=MJsrim&JG!_zB~EFBtKb#jjc4M)#+D1lj* zS&o-^xvk>}7?*SFJ|#phViVW{ijD*riB`cv5LDa*fl?=FRndJLNDhChhJ^_aWM`L+ zXb-#DI^DWM;r2A}uDJQt0~MF1f1bsx0oLQyJg16$rFo*qblIE(omnqU!J@k|NTs;6 zURKdvtP%PryZPeQjP0sw>0NlMcgQZ(%+a_gw_!U1SmY%SX?;kVz~C}u-3f^S_a29G zsAyNRiDb!S?WwwV>@Em7Qww6gs;8x5C(e@8gj)-;<|gL7Y82=#1RZ;dawN5zJ3?O7 zZR;6ACp{&vKe;_`Jtdm7+iXcOo3Ci!$TSKdBJr94Gmxgv8_LB9&wkK5K$d-plEX$< ze8@{VpWWNB=-$6c9{q+87^-Z_q<*ed+z02At;uG$TPZFZ3;0L;`44KFzIyPkw=LUy z6~I93y|4B(d(6=pB3tPCGnd1)D|D!M2SL8SkzGEkV=ar>B6qTZkS|s{nqv~_Flt#V zBYE0QVBleYgPlGp5}k>06LrYsi#606}%xp4cy)1ltm1`VOh zQ?^HV=9-T9d@2m7zct4i!}U`YGXQ*U$LGuiOkItZ$-uQFd^DgeqIkY!UpnL?47J{V z-8SmM;bZK)tmjHwn>2}vg0Y5@@*By3+3Tj5fVf2Q9nXZD5ewk_DK2RGSjR*qgEJ3D zf3HA1FWOjf>V6YXkUAbvw-$R2lg#eT!#zzDIE#66bZHjg38_a?(yri-6p|M69H}#Z zhby`Dh1FPK{3doHsgInx;L7TvVK6On{i-)g$GK?e^e} z3tf^TS%J?Z2KtC`=fmlBx2$B3-#O;+{>`z>22Q5Y3@ns8&(}*F%XSXWRuZNUaN|lN zlS^hgnvdE}B6z=BQO#AS6jHA?W?4>!K8|f~`!qVl0H$w9O{Jr?)wS&{=c|RBYb|>n zi`4<*m>OhvY>wlTRc$EpUEz6mF2SFkSU!zhbFv2<5br6siQDV0CH=E!mFjN#n|Mzk zq8!o>^dD5lFLL?+N&EJ%RmLrw0{&YRlfQo@@`#^hfTjF65@?SpZFv775_qwH5E!W` z?I$EqXtZZFxxk;l64etglzQ!6@5}`9XVItcRewhiz7rNbliEMq*DK@#w+x7Rm(qVnkPlou;!!A4Q!ny{i zt^P^uzc~bgmmTvjiXef1Yd?6tpZ8dsUg^hFKG&v0{T4gWWbIxhdh#O}%l3b z(jsffJNOKvc`!+;>^6qvH^w4clgI=QgO!2edQ7_J zaeEQ2)GAV_axyjFnvcO`s?)R3Gvq~7Dv3vV8cX1%u8pS3oru$_?kF{|GA#)(8C>Yg zlLPMQ!Z-Hy-fmIGPiUEv51aW^MTm?X9m-f$4|a&%|q zdtfjbpN~3M1OV?#^khC7QFhWBnY(cBo;Ty&g4(dRchI@jR#$S5=y5yFoO++BIfVq5qUymZiaS%LdETp8L(B=enOuX{NGndF<#pd3lHRfj0W z7ptBh&$aI5&4;hkR0&!R6620AD8#uw3h&omxRQy-jPRBgTNEWT|~h#~cdaxTz2 zH^2%TGK(9Ot7AO=wr&@HMI*U($g0jtvfQG;!P)8UJRa#YjNeBypZN;HwL@3<=(6{o zw^m6i_sptCAfHSqU8!2WXX!GqV_A9B2ofhttgm8vRMPWlwp~lOf zxv%VUee{Q{r}(jh_jRuUZTIieRz3Fu)J<>7>euV%Mskx>^_e)+~Dp~ghde9>>U{>sv{cvWK~5E zPWUo@p+df3xjkjNwtapbHs9)xJb0^1U*1?)mVjqM&WIv&>cSh#T@E4i?KCfp8*g<` z?aSJ!+uZXXFD{r*aK1|T)td}frRAEoHGyxq@KC&MrBLW`0GmSBVZ=N0xU4~MM zY;+Ug@<}>xkr`+j3uOHLzsDXN!~EB<2lH(NLHYBPcqz-1*Fo^T|0sSp0$lo2-0_q6 z$A1TRe8CRje}Ox`hQR-fJH8+W@HOvRXQ}hIxZ|f|{{VM*Q*18u`jmxEB0d4E35po^T8*ZQB%4Ede`yEw`9xb&1;ECQdNY^R%! z1Js3LgP{M0QnP$$(4X+tKkF*Kbr1M$4FdZN6UGN}5aL0baNgOuV6WYbcV4h2EtO2V zT5+7kz*?uV4r9$FOKY4P3uzPaW3Vr)v4#k_{4@pRdy4nxjEVk3)cn`F28G*v1qh|f7<`Xkel=cv z#VS$FF;5--7QZ~c9baT=>&Q&J;)K3a@9Ib{OTN8d{d+&&dOtDG^ZDc*1Bf=TKVifd%nyg&)oIFj zQnX*6_d1&&_%j)g+q2N`G&F>qe;>d>c@u^hzr+4f7#==m1esBM`;4j$1n7rS({^aZ z(Q7P|^w|`PdT?y%s{LBcpF4~76?O+>eShl28*<`9v^H(4h>;h_%cykPQ0it%C1g|r z3@wi9R3nc>FEAIuaG7wUxe0vzqnAjBR()twP=1R_9ht<8)ES#Ehh#i;gKCw_l}BA8Vs;j#Gv$YLql0%_+}q2*+|T#%TxrvL`bt{Xg+K|R zjqwfQH&2Qhs)}Ql9*dUNPo(cH zZN$aKK~6(U={FKK<@r(IdXL&6%m!P7!1;i00%LNQ+Mf z>5o|FH%Id)l@hP-MC6w#DOjj}T$FSna;jmvr<&pZOsux;yWc4(fj)!7#?#ZEF-n>- zCCAx`K+ynY_JrN0aBb|Ac!z3N@Q z^`+>u;ygd>o{RUo8)B+RRf^k_*F7Cyxl|yec6dT9*tWcCpxPQfGOXJ3RfJ5IvZsg$ zK(Vq4O=Xs=zi#iv)o^kYI;;yGc>akE36lr=5v%#FAfIF2rexUWtDJks!%*M2g4*PJ zo}Th;m^t+%?BG=Vr~%AkCJ-8GM%5a5N?u^-yMO9)zbtrH&qP3y-b= z?X^tKwaV*aa;@-~gXityb1CNUBhavfd%P*X37ylA+c|*t@{QargE*?j+^V6?I*WN= zNTw)eqPGk@;V;{0h;rO+pkTbFl{a#rFoI4q8^qi`=&p&oTAW2An)14 zncFSpg_-rIyH(kAc7M068CqxFgf!$yL?~*{lOmbh!09khHd>e${mNJy(qST5TwBm4 zIm2aw?ASDoCt8-GN<()Mr2_98HCV06S+@goyQa(+#$o2AL=!exWGvFBHY{!v7IX0e+?=j`Z&|uy*n^QAi@f`83RtFK-iFP=gKWe4WuPQVUpF%J=GbbWE=Z zNGQT~ER?LozojbQb&B|p60AWE^}=|@#S-xXf&@y^fYI~sQWc*VasbP4yND-!WZ<`( zBvCr70rn>TCRHh@Z*_SlqhN1F26XTRp;3HwNQVTYv3Eo|iq_GhqQtZoXmJS^r^zSJ(-JlOAv;Ga^cT>)X*P?T zYZOj$`KU1(q^q{yQ~N*UO1_Upva8~k^3?zHFY5vPPYKBHgcb}dk8ujs&JFb%+emJf z$Nip&Xy0U!Snk@|=nu8^0I-n#6Sn;9B2Ab4^61jvs?zFk=T6G{QAf(Wv-#UVAYLD$ zYoGk`p7!lM;8$<{v}Mg*tA7YBP}_G&q~9H@zh-h!oA~p9((K#dBp~#6C-$@76sM{- zZR<7XXf*eu6j1ri75wTwYX9Xu;QO2ZKn_WE#fSJ*qE9#T+JHZwsm?qF$TH^{C?-qV z*Clx>4|e6QCvvyn$^AAc^C`?yIqgX-Luq{6cE@lnv&6Y66W~dJ``79?y+^O`J1SPY z&;|~;cZTbHjIIjEXD(>cLCa?1%B>0^SZ7^|4rgoq1BO7?) zJu6#0G>%Hq8xkKG!h@(WYQR$&q2ZaFjoaHaawlt5kx%k+B*9DaMSFu8?LorO;~3SX zGrK%+&E@?R=+nz>uzL_LW!1V)PVc<}f%uFMBe!Rnjqij3A|kB^Z#>E8PhFKscJ@;N zkMH0>WeDkg(yc!H;kD>mX`W@iO|LN?_3l)D3tuVaMoH4YAT6tGEU%7ym2Ru*UAzN>h`9+F<=Mc{jE%j^#B-EFQcLvXES_6*Prc4 z!MC)F6$y&DFuT0k*teaVb@eFFCX*v5>&ve$r6aWS-5oK!&j`kTiAdTLfL^zkMvGXP z5~uyVY@%w@Rq=S*|0c!j*65ej#Fev^;*qZGm4lS8uCg!1e6 z{;c}-Rl)n|?>G8(2$|Ef|Hc{q@*n?cuT*ga%R?8*##42mn<=iB`2lNAv()i)isk2n z%TT!W!_iy&r<4&?KUo*A@>4K+ZM+@Afemiyz2YKak@kYT=lo&GF$6RoPUYw$%IS#Z z;3$|M%4y)<{m#+Hq&%ngbivsy%07Q_=9yvI^nfvJn;ms$m8dl|-I%4Et;N?A0`#dP z-sOswsnI0{+hToc+}pthx{(ndl4CimB^I^*xFIF95VKZZR>$1#X0U6OyN+P3kMDg- z^G6HtIfbVh{JI=Rwqi`5tL??kK>_{K~H4hZ2S+AP|tPWMv(DCF{P-vDm@+Uj;_Tzo3vsZb>L#5m& zrrEiWaG|byT9-@|(`W~pNu5Le|P-_ekj@}uTk)G@C-~!0(OSQbg=s8O|^lEEU z*DI+Gf!~e12|kLI!=8*xPlRf3IoJ#rYQVHPOM8<%(A59;e>en@`7aDXWa6*vLk|8j zg~q;Uor1@#vQSn+Onn7C9{<*q^4kH3U-J)v|JDG+ula|-KOTU1{AvK=Nx>TX-VDdQ zaElcK-)h|J9|zs*p#DD^fcOO>fdAG2#4khx{AvIq`)vl97=De%6My1UU!pd=f^rSUE<0S6uHj>o)y=`;V5z8o}3e9FJHJ#!+ zljQZNf~Xe#jL1G_JIbmQp#FduCRBIs9A;>+S3V0<37|XaGoF(av2=Zq9;Ob)q<;!l z51X4?|H%N4KMn?Ez^?;5wv@V)@npM!E{x@+R5|WU;Q_fq_@|Qre@!ugFK`!A)E1f2 zCePV$A!!f8)$X7Ut=67d9&SlU2C_R?hI5@S-5*DBJ=JnbYkmvMicg~)D1)}KyaB4_ zDC9H?t*CG9`^_wUo%0HrC33UZR)4F=SJBt8AW}JFbdhsQl?u;Ee3s~^Pm!v7w&Y*! zUiX6IKkZoo`L=C={{beqzVPMo_<4^88Mq_OSmPc7`mI|;reWgeAIhYV|2C-9sX6N> zF7*`=m%hd*eV=S(?!rk$KUg)_Tr~1mTg^J9@7s<2zRkXx$G+nCKZ~7x+h$+GN6%ji zp#9r6Gkzz4<|S?80%>=Vf0j!$`u&6b+MfG0XZ$B-aBXt!Cl>KX<;1^^umisivF~{} zCHM0q7jD<1+#6|cD)nlkc6=XOrHG*`SO)Q7V|o^L_ZSp{@AyN?6!4BIVe0^WSCQ{_ zE&2_qUi0Y8kHo6kz{_6mfSgHw&%FmO=1wmW^;DoSbq7IMXBV|wC#%wv+i|v@IJz6t zdjO%e`YiUiY=}W@Nc)AJPiu-?E{+@ZkX@xIF6N-_VCh*Aa#G-uBf|Y6U48Kp>QOiF zmEm$)ye{4b%Et#UJM<|F3)MMR_mS?R8b+Voc^IR!1@;}>+T7SupG}#Y_udGM{Rr^B zW@;|OtMbrmVOsg`4%Sk=wBX&AU1@eLqYSqP z)tH4!f;SH$aATlKnBZF7GYecxZ-51!AAcg%d=?gC&&)tjLl#<;JM(!Y(|*3^`@F+! zZ$?Ql2H1ia@2o~gc=alKeUG-X?fxxfC+11#fa0TxNFARVGvp~-$sR+?qkl)Z4#L|$ zP5kGAFz?e(77FC|!{m{;6`Y<{$K{{5F^(iCnFnFvhaC!Q3uWzj@KYLsWJ#i9d~+Q%+>7a9yp-Wj@s# z-t+)A80o^*$~7GG5R09l-{?3E=8^oaxc0WwVSZ`gGjnIc@k-IOgZs$Yk`n zm#K>^^Gbl%-3H*?deJ!Kd2$9F^Rzhl_=v>#RU{Q>xs6u)V0G;$4N46cc{>cYs-s|3 zm3XB5y1W{A?DTt1BCP~b06RkoSQz)Zr$e?%Z|-Mx`+3NtwDU`S#PmQs<(YnFU`)%T zd^fP(P3|2;E^G;57ntKS>tm-pn~EfG(9(vtpw8K|)MbwQL1~_sN6FIr?J?OM3gRCh zRlVmDFS)EH0ehZ^a(}GCa@*OkUkb^q8guScDgaUxH}!|+KIQ7d`P)EyYi_&k9uTkk zAc!ssQJBZG;9%Lv^j3^llYT2eSBrDE)%Nj$2c>*-&5;s&pf2U=A=TOvkU~Q+2`7Z8 zP)9;=$o(_B$$P1FBdiINA`xW~H3`mxv)yp*XgqBH-N)fAz&voFrRWVL`&h7=D~0oe z>Phy*g*yM#Pmzb0TcKH+qY7;)O{{?z@_C__wXAE8Pm$X)e_mW(8ue2Gy#lv5a0iY; zk!d;XW6e`nCYDz+JXM(WZo??AWpTV4NAN)=13kQ9Z6zU>sX7?p2rJ<--OQo3juQ}d z{VMqmuq=YVtwx38MnB(lvcA?M9@6Uq%g{=3P*zhEX6xwi)n`eA3b-ZkR(2coA9`26 zoG`a9d6(tczr47qvhVToKXJ$Zz%lz@ju}#ZcFYbbP4#7I57x+?(+ZxX(|HS>(StWJeqXTY zho9y7Lj0q!H45xq2p-%nD90JlF1FZt?dq*&Szf11_@G2jjuFB@*&Q3jbBiyqz&*{BC{2WeXcA#Q*~shUfu0uOL6}cD7)HeXU?ArMl*q+N z3;6!Pr#s`UK<@fonS^|$Kcoxv6AfZ@OxE7~(&fvKCX4GHUO#|E+_U#AhA)h!V1EA` z?8MIlGuG*Clf@l91W&U7jBHPp!H~-g*7pt@E2`^>B3CXxs&mGxN}=m3x7vDwBEewx zDd!|HEH7)qZntKb;CHZw%>CuQ)l531G|to`$}!#E@Ckq5xFi;choZf zzPxGp@AW^x&y$4MSZ|1(;eB(^vAI?C1fNQ8P=z@bKG|#eyhVra#>?+WYm94ag+1;X z3(w4*G9KV7rCbY$2cmH{Zb*%1!y4k~cV}uRA6l$NnzSM{9Ym?G1#DaH~^gr$#pg#Av+Wv8TmOI?*IY@_Z> z;C}{m4ZKRa`>F~~0{(y%DYdU>dA*5uq9z$po-Sew;>|pQO8&G0+BmR|YAUM(Z>V{} z-36)PEWSUNS90TmJ3}ybGiA?5&mIHV+|wauKbB&H@LD$*ZTJ9xpM__wE<2tvA2F^G z!9|s`fL)t2*p^szTBlHZ=~w|)Oos|3xIet8lX;LL?w@4NV`%c}wwmm%0))XgK0|B< zt{m*ow@aPwBr>q&ZB=J1=nc~H>C+J%$b5kF!(e?1VRnlY+}ub3 zK|Ayoz0Y>Oz^?9V3g0Oi>%=uRm*b9)0vL!l%LO+&AHhRk<#(cjpLS2%WjGIoV-V>% z>Fc z?A^#y0Fsf-97oDcKvtGW2gmz=8o68*UHl`Z^^f&d1pj0hn)}s+4{aI*wA(#X(|a(Y zlhmn)mHWe*I=}wigb%BccCMz(AE{f$wffkHvE)m#;N((`?tiFuJKvmYML`D3L0lrMSj?*(OD@_jV?cY&5)R2sG~9dU!z4z13lt?znlvQ{BAIyF0f4_H0}OqO`q+LFL4Z_AfLQpCn;+XzK7leL^*1+1DRvJ>pnRf z%W+?<%Sr?D(w+wy25u+y2#Oh9KO)Sn%}aUEvjwdb@3d!9y7nQ3je%Xin=tKtQe!H5 z=??v|Xi2OZW~S=L2`D<{5bxcf-fih|OpdKC-!lkzJi##0*{Lc=j-em-n0c-e>1}5V zTd~EieK0YQE$v&c@X$y0vW6xAIhf><-_%Km8K?Sm#VEb2bT#LNT_t>I9d)UOXXE&- zg}>zb(L+_vV*WbpH59MgN6ptZ9DFUixzKRFgJeoM*!7BWq7l%{F%VCxc@)Y{l}8y zNU{cu?(r07Px}oZ2!O!iE}*s6*g+GTAT*x-BCETqyQ{^_oH=&In2lw1kco^S!`(ku zpTAke#-WVwsR_TZOihkl{?t4EatICw!5%oS&1~ZJsqJ;kM;arorl|Z8p5l<#!1k8; zWNo+0Q4?OMo9x0!sDbiaZIB+_@D;2#vG)0JmFF`^q@_Cg`z%eZcTYhk_e7D78bPA(jpQ$#=yypx-yz3e zg1q60aWBw@%0!?(6I96p4!&XI%k`++1YuUf4QL&y9ZCgHT1Q`7P48sCw@5h3?4!z5 zCf>y}dEDd|ckgwHYaumzg8=AIGn}2TcoFd6yE#WhivPm+R`?$gkpq7yz@{p}Tc{0zcl&n%`N=36+^P-Tc8?{;jzE53J>tHhhtmr{}OL zk1yKtbO|qw1N^FTmZ%rkFz}#n^{c#hDknAnlEK5-sHPf~zLiQ$eqL2Od}luoAJX&- z`}r>l0Z_W=P~hJd(l0&6Yp?4~M{@0I_ zEsUmM!`XwOQLqcbrM6i3n|^ESD#WX38(1NptW`D-0+APrhNcNVkfuP z-g_`H#sl`2p*_fhcOYK=a{z06?d_31B#7E%)c~g&FA3=li#~+=dZmXJ)ur68tTPg9 zmjSqEg*TsG;aAlt$BTOiV_At&hM#K>9?iWp_Qph=4%zp09U)!r^hn0r+pCCn>@qrS z@yu(eO#Rum0gPT3^c0e%v@Q>>zAP`e7I9h;n-DrhCqX0@Q(o8f?=Oz;RZbPO*;>CQ z^lsfy@%<1>Uy>TUw&M_(+vRbp*hAY2LYlkqWjmm6t4z1RSs&L;P}lnXE@}xOf=R-1 zG1TkTo8wc^ffbM*(nqRC@$tG)iVeg8dR^>O5bCrqF<;#`rQy`OL?+ZZfe*f6-Ye9d zvwpj9Yl2ng9ac#8-AS&sJsR@zvo?>w6y4CW9AJ@y;`TDQ=!61(#*y4m^U9b4-e zw+e1yPi)M^=lV3Cn%*^@k7tbu^;? z$^Vxw|K9)$ggkG;;6vh<_d7H;ycANIGIl;Ord*YUx~} z9tTznM9gnM>1(d?Zx8%K6^`(osY++aZ^d^P-uW%PaQ?Ced|$kr%%3n&tE-l}vF5Ke zKij)ayl-_wrOVEeYP*~GYwm&F_tpu#28ade^~FdP!mn@iUJ=~3=|QO%#QRc>jcRQh z|0A8J{r14$X!T~1O~3I%0slk{^?P2Z23nq&AIs18J-Iu!15s1H-ST|l&9i_tBvu>^ zPv7+WSTFedYQbym^!x+^YqY$>e9gIPhm7diW!WcK z#vC_aMQ=pH2Mr#X@jmwxm8XQge1}Q|V`t^&m%9#Uz{i&&^DrEJA`cVLQZ;0RiS%Bl zR_!hH_#g(mFy=V2AX(dcs$!QB4MlQm`De$J#V28H)3S;S+OP6>fRFab$1pQId<1Ul zrvjbsVLkg#G2^U=fmlz50#?j*gHYt0MiX7L!&x51`BZByq^R0IS?#e<3PQh3R_3s* zLF&AE0WJ|_*7?1%x%?_(My{Xd_vo+o zr8=)Q;KyS9_uKz>cMtqK+y8fW4}5Ju`{r+_zkbLfMV0QSG)?mISu2t>>$iCzily9T zL*J+QQIRj1?CZ9$UAQ=G7xDvVTDC9+P@FnGw`x&t9Oa3rJF??}2?vd~^EhY6nWdOQ z%``7Q3H}};hOs%&eLw7CjoT1c?g4@<4#tMODSiO89O+1a{D%0I3;d7c{_x;3D=gut z)qA1NSDGqSllScFdheed1>hfQCjNN8Htl`c=AHZc?IISViNn$jc7v#=dBeqL2DNLNWCJ4#lKjg~;uXLS%)Mp9ZOX z*z;5n^C|vi&Cou|weRk%{^*87qGeOwQZ#29|=4sPqhF znv?N|3b~=>vxZ+f$7Uno;B-}Co?wgey;TT7gM!?Oq~fz|TIGS#0qTjDLCXx$A6yU! zrW~ej$Zb=x_=D}fSq-QZF#h`Vp4tdcL~o>*7+xNV-rkPIc6dSE+p#J;@C#bMt7h|SJTS*e`7O+BZt-t#`x%>Au` zbUn~ot;1F?HuiiE1jVb~NHb~%TeGmXe6_7H>;RL7gu&$`j(0%o-}aC|J#jfK;qua2 z+H_EIU@_}X!BY=&@aI#vR zon@M;On2eE>e9P$Zo4pcm8h~-F9ffJav4T!U($l&GgYAMb7=C1Cz8p7WYq4>j2o_* z0M&`As*;{9=Yt=duTLdcNcqMX@Li2}Nks~wI6fG|xZ-~fOz8hTFpc1d$pbWSTWArJ#$PB=ev{Ge+Cq(|7TJ`TFJ5G6*gamC2J``v3E(q|Gr5mJXkK&0@)ZN`&nsf;-Md-2I zUGtwSJA|Pxo9qAoV+_;$5A!7c-FlAmOSqo-cj0nrDk`exXrCk_H4szmYP?)lF7-$A zFY!n6YwsiQ9e~*E^t;T_^+CC>HR;kXzV0PDS^Mke{mQ5<+5EM3e9=#%y=sLU_iG*p zV7I&YwHU+S-e4vV4f_2ZzpnV7UjO5yh#!T~Fra>e|01d}QT%IRH2nKDmB)XIsJxWl zWtBvBYrp+5k)2oII?C^km;QV_U!~0Nx0y2}$^)t-Ow2!KDmf&QIaaP9D) zQcgb=kerv_Sd3?hm(J(e-AiqLwmrVJMIrmutK5)VtY(8RZE46ZlDQq|o$`<8#OYby z-QPE`#T-9E)h$J#xd3WMy==GUz;XP%JBU*+P4R-d*`@Cn=B{p}S5@qT_7|iRy@5(^ z3N#ryr+P^Bgr1%E#8-ishdraK4nSL5B3yPq7PsRkm_`I9){pLaH;sFD0dvB4tdPXc z%I%PlfNZ*ydt7c`u2&YWmD2uLMs4X^NRcN0Xt znTaK2_y)gWs6J<03+G49dQVwTl;f0)YHea?1=GskwINFO2l1)yZemYv89ML+9CzkL zGvjR%iQ4qkjpiD>qwbHT)2)0OOqZuYT+8t`%#9WgZY?}et*qfb;%0K)U=U}&AgA5? z0(t?rwTTbq3Pws{{HB;c; z9en4S72@%Ge;+b+xp&tE1HPd{SlvSB@09glD)w)kQ@=G%nL(dIIZzQHDnA$}(Cl)d zZX0Qw-1Xo;z)lW*Xu`1ix;<~u{d5PVEGCk{cmI!>ap1QY*QFS_#LMAlCzgV3zNheR zK7**zQUt`x9aU^BvS%Ap_$MXdndXU5+qhlIe3nf35Nx>tJ_h&RLyyMHXlH_5eA@~i ze7Pu{62^YzGLMHYrItj{3v3P zX*DJV@{zM29p=G#Hq9rpEiB$Z%u!x z*-?=?{j5PaGB<$eWp@3_S(6~29-ALWssMgC?wKr==Z_ow@no`c`&X7fW+Y;{p`A*4 zy0uuB-YE(QwN9U#?@JiXw()tUvd`#-8q$5GoZ6D}R%iOxWFccK* zvzdFz>-1Vq!5rU&@K(g?c!ikD6|4_w{qB1e2{jaeK}G}{RsKnDd$^$-AzuhXn&v%D z$WQzd2s%@B5?XkudAh4JT&Vuz(Y1@$o;@=%6LxLGNPOC(#Rz0nLI^v{ckdPYClsMp z>1UXRV*VXU|3R#f|BhAxhVIY*+u0_x|J8n#{nmaJts?P3ioAMq@+D4zY6|r8&#=Dz z8P)?AuFo&L_1)Zhj^Ea4N1O>9L4PJZ3O9}X6+9ewE%vqJ0u5`_o8K@p@YkeA?jLCe z7;*bzPWmOz*zDipjJ3LHwR!&~&M0o$`4wlZ)o*i5{QA$^{!e!e{L{AolU;v>7lFTz zFFNkZK(yI=6nhw2N!mQwvTHn6R9MdKX(V!Qp{w0R)=(Nz9|;&Rzv8{-pLwA^k~|LA z^Rw!y4Yu!i8lJq$M(-ZEt(RpXgI8(4XatW2LJyM{Psvpb&bf&{&sBge!=->+rE8C& z?7!0ZuYar8))5c1JyK3oftw!RrqT*z`(v0dX4af9#MXSMlD$x!_~1C0qdR#DG2h*8Olx8~OSUN$M7wB;lEW$oxS#XT zC^4<%0TgA7npnNs7VY!Hj_${N=74?qwXZF=S(GMA*u3kegQIynP0z4!B@>A}D!o1t zbRPV>ptu31MO>d%hxB3OU7+MoM>mheh@Qsw1nypTtPCg~iIUs!iiq%boz5rPw9wLX z?n>UN`EgrrZpz_h40jLXo-&XVaet45JeBig?Sy?7WQ*WL=^!!y@8cV>9eB!z)gvh1MkeluzZuCAjM0WYfS;o!K?&E{~ z_?KBh{ZE@#uep~1XchuD*FQQQd7y>p(8H9WY#gz!L)xP7ymOlO?~!JIK@!`Tm~G z{=2^0@G^>j*LeGTs86SJR3Pz@ig>)8eZ6V@dwtH@RH=XHy9IvVc>5PbFTc0|^06B2 zgJz>xsz;-5<~ZPz(iz5xRxSX|m0l#_LkVEYh+x!ba^foRMzl4byg^E{eR_fBp6whq zhr)O>t~54S?zDm5b-GkFL!YvRb-)hUW9wzi^Gm=XAd_L~jbrGY$cq>w;lrsR8N$tH=q*-N7MVaA#5Lo%AnC~6+(z(|s+@|#kq zIP{hW?CdVuzwF+mEjTN%4FDFUCho8HZ^bkLWc(0qW>{~!%C@pe^`F``h z9f|kk`Jsm;RnTrH4;Fadd<92U>c)@e^=4)2s(SWi19NU_Ue7sm%hg4VE*w)3nXZV= zsU1jUqDcbTpC_U^J%#h|O`A^H0aD2Hle~tA8|{_i%@3TaA>=iuYg%ZCmqrR)W!agc zH!|x#h<1ik$gSX%>y}GuUe5uN)HF@iqsABjm6LVe*ez)JIxoB}jw8wJ-3#a*Tg<3gEAg@o!AZm6Fs5Kj9?I>t5wIOQLsRx`&sALm5ec;uqI1AzU4MiwO|r ziNaW!pXBZg^C#EebQf~OpniPb%x;2z?9aVG@q8YCrOf%Ik?!A^^uzu`}D%+ zw#aKgq>hLGH>Coc^%b^1emKz*Ym(61JbA5x;J@m0R@tAfYAYG4Wo`ibgZ*P>EKhP> zs1=-wa!luUO&?1M zF8*p0z<;)jf2Jb?{=i43GF)bLR^eJuCKflQUi^nvQkTE7gs9NdFsSR>Wf1z4Mz9-Q z4@nRVM1T?M%P$}l&>(SJTV|Zg+q=@rMe&;#O0W-}MTsVJ{Q#a5QWa5igW#7Zqb}?k zf~&MOj&soMnKINTTErOWb+>&(Mm4 zDfe_tIDGGt z3c*Hl_`AVPWBhE-?Y_w5h0Q;K>;^N!scNY_zzbOiFE;9lyE(pqzEtY41wYz_5*I-k zjQVbT=;NsjNi{rT1C7-2#Qe{}9h$u*Alt-Ku1+p>2IZLD6fDL)XOAWS`GA2sjiS#` zam>U^*iQ7j>+9G49$Gac(V$zdJrUrYdt{ybdh+Sb7=6S(p;KV1+Z%&Mlvd_JR90-?EPuY$XqY$FtW?@>2cN`bud|GaV(YbGxvZdYz z@NT5t_(5i;U1-ZwSW5w_;l=jq$U?{P{LV-ApG_hEO}7HSDpy*x@7+GacZpzfWFP7$z{YPMrVlQ7+S#Eqf=kPJKU*}#OWx+EMSh{f-4 zMHN;_AtcSWLP-u`@LETbrD_y{x)p@J2B9n(f2L(3rFl&4K|j-2gaY_WReB@Kn0{)S zrzOHjR6JUm&-IK%Ykp{iXba<8svVm(hw@__kw)X@gW((P^tyuR`L!oki>_-FpemVh z4_5^_fki*hN{?JclHnDKf~K7_DB|bcDMfr7f>V?=Mh~JS;h0_Li_|z6n@eg#!b#tY>$Zr}P*DO?lkLyWZR`NIZ#~N*i)K z!ph!f4CHd)>;m>))X<|L5`UHsyVRB5GS}^lta>nCQ`Z}}u6zpM=N)8W90*;x4G(;X zr1*oPw8X&VD{71-h#dh@0Zr}E;2EDX$M^4J8SP@!BD>WQcyivTT`L|p=j6^F1enu2 zs1LCHfl!~lE3NGb(zC4sb>;io<`E5m)co>0#_>k!_QQG>A&TEeD}bLYG7JaCS7{`8XWQq1%mYmgQ)!-H_@NChJinj4LiTb(dw={Dx^A6 z{2Pq^ZSDWBkNF?apek+V+AqamavKU2eYIc$xIAZM#BteJxD3sXkxtrxte;&73k6=@ z=n%td0^3h0IQwZ^R+=OwKL9n^9>oSp172k2N|B-YMHYaPMVD(WIzcAz*cSO!Sl>R3 zoPplSP-(V2zl!ySlIa8S^?K7wz3J^kx{0#7)J@YEPmMH??#?<0H3HM@^aJ^J$Yj)8 zl!KGciQoMRMjKkZ_tP3|!JzPvh2QdHeM_vP$-&!r+UdYC6nef{=XtO8cT`x!0Qefj zlJw!@kbV~LGRm|rO^GI48$r;7J|cL9HlN)oJ;~|-8^WE^&3YP=@p+BNQVeB4<>oLO z(iq$TeG<#$vm)H^)EK#gczB0doeOg}ym=}{j$A5fN0W4xZZK-?E7bX<@=|P_duz?- za{7Jcgf~HE5eT5qr@?96^N~bmH{Kt2s`ug7C>|`5NRJ?#%6k6{>b6*{eul;N5+N_` zkJl4FkBa9pg72P;xG9;JvcSS3BS#|yvv0XNMwPap9a6~%!A~!fD=v zb^$kpW|h<>5D4Bu>%A_WE9m!nG8?x8ZbThRfx;3cy^DQEAdfu?n=z$)oH&=nw_rWm zD{D<(iue(3=1eYDs#g#66`HA4=#MfoY?dQ5cdUV`P$c^?Q>=gQ=dB9A$aMJ_rAzI6 zHe}%5I7VIK{g}b%M4bAI5n){p9dWG+Hvx?U)bgFIQ&fMzQ(sCf$7&ev5_+3V>1dN#a$E z$6WGbtK3~T(}!LnQJ8R9oW=0za%)iJ%h5bc(iJw;vU~j9JPJ0EiJhlkB&`;AIVK?i zh$N;HR(BlY>bfHjbl6ITHP78RAhYGc8&casNhAhpP4^@d86+XKQKm<$%4uy(y}7J9 zv$cZx-Npb?&S;}$0o$^7K73Iz9k|+_vs^Jz>3n#PR_sKn?2taWOE8F$%q)jlqaAnN zkyps4-f=IYLv3Gw4p@_fofOVJXLK@S$d4Y+1axX`abEf~api$R!Q)=#c_$yzKtOG@ zHvayw83GOkX^s}#aMYOYz_ZSP^PmjOd--}-Fi;UkT?Av=Cngo-B{)b7TFgkIOq#ww zpRq+t3lgo$g3WwfP;x!(y%z}`DP-H(Z#saZSnyc&F84?2y4Z@eXCkJsbHvWG4S>KIix6$$SNp$o~0embIk)73qiIvp}cvhYvIFaVg~-h%GP zM^3}N-s@=~n|rT(3HcK*gZJHI#2U)CA;3-gSrO!>W5ZvPwe%zZ1vWyHHy{bs6x zzZ`$?XGC&W9qMO9@@?(+M+Sa>=KuD{!0*re-yRwG{h9yz$p1zZP0XF|XKb`tt}5#@fiu zBE^!rMJ`-orT>u^Ho6IWl7MlBwCh@x^H!gLr6S{FD_;zg(jpCYBt~+pzgk3lB2jwq zNusA3`>J1L&(%R1Bh!&0f%W{)rTT#*{~wg<{u>hgF;Y>b6_{(`Ba$$ijM?=0bJg?z zKS;HTX!L(B)v(5BKTGwuwf}#RY83%A`d>=*KbP`hon|-zpkkEkykNf$x!7xI zs(ebLUpI0-QmG~`;Z{w#+px(e?GJHAL`&;Uw~caztsek%nhQyA zIXE0k?Q&>uw&ht>ZwPtMI1zDoLk?fes~u#GQQ5y8mG$e)-tQ@0Q)Q?v{JF2t8$(-y zCiYmZT1n&!B20DPCm7xQxn!pYNQP?2ntYIv99Wig8w~aKu^KF$ACN1l4EsS@s3EAg zc%;2`tBFarQK)pm220)%7ksAhk$xsx<MDxB3&e`M9Cw@HH7Whzl4)zI?*xiRR_6F&A}Rq~USAr?f;h-KEHAjhG$fe)xVMx0l#6tPk8SbUmdXX}HP7 zS#i#=iLk29Hn{|`+CG>)PtfN}5GuT7g~4`sc7*zyYe#%z8>K&rFJp_9_K~ITrv|MBcnGDzGy05F_*J7%fYsxPL zH$P3=9WNXMZ3%DkLeWQ$6YzvYch7-(za{EP+I79b)!ppn`?SP(PB1}Af8MTO1e~^| zYA3#{ha1D(>C!PDnrOk};s+T{Z$TdvKteLsYVTr982Mx&`3Yrj^1!Pb$PVX+$XwnZ z8Xi6~g%o$}7@&N*^~Rp@gSyE0a>pS%)5kOjqqqXnOxxO*r_IoQK3{FRd(+JAkzveUoa?+N@x!{=`$I*cNhik=ys$v-m1R#v(pZB~h(T28`edB}q{4$#X(K;Gy- zG63HN*Zml7JJ_wyQy^+Cx&U6^;mfB`XMyKKTks> z+rj114B?+~hM6bAKaw4Ig-$+XgZ;#uij^`f*AUf>@QJ_ohUZ+&lE~KFZ^A}bb|&aKt8b>Ig;GNCMyKSvx>3G zeF^2oZ0|Hk3K-w{T3S3sgx7VZLo9n{a#^ty$^jYsb);`U3CcdHTss8Dk&~7OXX76b z29NxujW=ZObMfJfO%hE|qit^B(BOQV0#wW&X-2>9kJP)fN`SBG-g$8Hu%g+x4Ll%% zFMg=5?+r|{ZVAWNlMg+Etq6GLkejS$FF3AKldqll!5Mny@!g}YPw&mcPMPF0@wqoS zu1GP{l|b`8HBF4I#&|bw^tge`(h@Y z7HePs(AZW67$$ZF2d2uCzu0UsNEb+s5LrPyc$j$Z4G0Mv}!6_Vs|T;|ZQ88ScLv$8N-! zcQ?diTnnvv+hT49(4h7GO0{lAGg?&@_GQlkQ*-b*S{+hXsCX-EByf55Fqy7kg1Zrm8_~A$uPy ztRD@c@=KJxZ7Yu<>j^S-<={(dS*hhvW-qlanz;i5oRn_%sCYeu!R&4?E5SIQpDGN; zUYBtts>WzjEqI-z%Su8Zj}XEcjwueJ>O$RjiS)BKTS~`zOaG&>g%*MV{|5~0Hk--M zB};2wLdjqoGbLjR$uF#*Q6@uvl>vo6@G$TTAeK1QYBuf%L)dpT{_DU%9)*=ad;P== z^2hgF*cbQ$ziw^9ze*gcesQ+`%C`P%3q1VO+GhR4U1B!wHzro#yK~L5e;ATjCVe=k zF#9`RSJh#mKfdQzAHvp{@IPW;pFVB08Tkez|VkEv$JA^!ftP6n56O=LL1E4|UPh-@}{+#m4Fk7rcu zbl}EL!4|0Bdom&xo?hHz#TV^^gMTi&G zzqsFjC~^h??r>{xXUN{tFUym0k0n%L;dxrgtY}RHhaO1NzStWM8rTQiSV?LP zdm;Pk?gy+2^B_If5^=jlnTtg?t~j1quxC%BhPnNmc6f>oPrS6A4P+ z9in4FqmJ~2HVHgY8NQgjO96EsB^p0zl+jh+j4^d^pE3lKo$IkjrI3_#)?+)t&8;MW zH5gyLIm45=3Vrb~I=SSxwHybGX9gv0)6u1oKeDU*HG%r}73=yJh4SS6_@oFgjOwwy zXWvEY*tZLu>n>aMGuZx(fnC^S^s5mzGe# zTIqRm@Z=t*NgK1+y!-wwOjw2DT*O6qhBQlTya^bf>H7y(-j^dcGT4f#Uf!F|*sIye z?-s>jfx_OP-QqawRY{a#AJ9V&M1#^+(VR_8Op^NLy>HUv9d&^2W{tw5+NYDAD@;Lr z^722DJaM%$fBcsRzAFqmot#kH*S29i(JXAJBU=7+4`1jk&ps&gsX@YH904gpvOC5r zOM0i3(r%(b(<;Y@6S;)#zIo-eVw#`RG8x_+5`;bRcmFJct<<#g2-Q(61Cu&ud)({JoQvCr)P&OX!hS7~m<|It3z+HzOUPU35h z3C*n2U(BB(^1rjqU#1!Ozp~9=rWvrD{~O!Q&0e{_&YNyOcFy>p8 zyM1=ojIp)Gd{$r0F_ZaQ!bf-6PMdx)0z7nEyX_mhHJ2AY*Q0eCZ__}2&SD#wY?)Ts z=D!AK(Ij=p-l~!xsNK`rAZ`)!l*H9Voa6?jmyviCEuUpaFj59h*T64D5C7YCRCA}_ zmyVg@3~DR|C>6g#U$>oY@Z?X<)Q`4PmV8_u%`;lp3N`8Gy0l$_oqct}G|H*vCh?mkxHbDEH(#JHhiDvkNKrlfDd-~ELgtRH z=-F0a++N-;K$H2Yi5Gy6z=tp-OZE8Y`JB9>Q>1eFShn*&Fa$%ue?D>h3&O%bBGQWA zEQG(#M%AuZl)HaPG~+lwT}aQ|0r4bXKQb|$JAW~2C%$)tuv;cRvBZJ(6*T_hh!GNB z5`QO7%$GPhEJ2&@?z*k#03Q8StuAiAh>7^s_qqQhCfC2i->?1UuD&(}{9oH3jJ+D89{jO7A#!6K*RKEuB@!#1qx{Z7xBO75zUChOvaYF9 zG?1IGD2vb-qH{||rC^;b1dq5mqm<`->OA_WN+Jr6M0+0}9q^0=K_&{faI`F#+mV6_ z$tSVg4C$ST$YEGa?~4X}8NsFCp6Yv;&8e;*rfZ&;;8}6be~`IMnl`y7nf! z$GzeDkg|_)eNNB3R->%{gm}Qfr;y&DrsY?$L_a3b)tN-e%g#-&$#$E0#00aJl*4r2 zsAvaCNaS!YXE(F!pL(Z$p8!~^Jo{gS543F&2=1jlE{IJ8-n2`5%-qLV+N$r92Y?@= z2ma~Je>*Oaws2OYW0qMqxF#>H0TxeQVKx+#2ZkNSLD%10?6WVL_da8g&XTJN$INGL z7W3efW0kNrpXZ$MEwV{;FrS0fmV#!A8-OS~WKUnUcwoZM^!9;I227We2#A?H(8zm3 zv*P&bG)D|~95y}8876Lq{h$~~RKN?tgKxYSEn>kBx4RGYR(beDdhB+f$05 z-&^=9Exik0R#e-Q74xJ0?^q<_1<`zQUmT_&Xfebz8KI4?^whXElS=Olkq zY=F#}WIVUeadTaVd%|TaAxwS9jLR-(^mfurdmK=ce&V~r`(;iHfe@N@Ox)g1eo5YL z1FNG`jtHU;KZrOLmL=~Jjmc-;W@p~{%?+O(`M9kls9IrBLM}ICt^}h#D$wl0ZwK3B zwCd`&J8{Q>A%>UxIF;;z%iB(?b`;(pRC$b*cQu=h(}4E$+&4Y) z>DNP7V9jo^%=mBxB62`DhBDSwNA9M4vPu`MaL;|s5WBw9IXvIMHRG{a_|(fyjJb8# zvUV@ld-DW|-a=lXWaGEjb>v4NCJyZt+p#XHkdxCS`gN66)j7uEW0KGN zp}~|doDse{okjSNwm#ONDgQYuO={f#*m=5q^6STE%|CxTh3Mb6@y{<9O#CP_6Pe7Y zSN=rf=UcXyD6-mA_8cqdzsunhi0XdY`> zgx{rOL-;ElTmO#kaaR@7Mfq=RYn=3ogG;g1WceMv^6s~XI+3s4)6Om3uZMNs@dHzT zO$GXuL1NP#5>lNnV4xzuOdM>sZ|3vhrkcq9L$193#*gv4u0Dm`X3A;8Z+)R|$G!9Vx5?z>u14P; z%4u!*@Q&+Y&h;=j3dG+{XQFA~-!5?1)=zw_UBua5`KIg3{zha3r!>M9Db!(a>^uRA zMW1cCPHavk@7Dz=2vIBd?XyToRy6JrlDL2cSy;S@@!&aqu98c-AE2Y-(DWi&SZNU= zhTmz@uYhwevv-CObk!MblXo92=|21Bm9%(&S|XSJ<Xc`(2FBx zcc&cd$Pw9JH8coWqvS^6WK(6H{%)fgP5Gn`^mbZ1?eNmz22TkD`cH#0>oGY4=dx)80n z7J=SB8bx*VPGY>|(W8P(;?Z=3U;fNk{N7~N--Swr=7 zK&bEYVOc72pwxm7=z4~@{OU$C%=CAPDr(3*5goE&n{4NZJdC-)msF-<;#E zhqMft@?TZWH?DoIF8mC@0y}6@i(7jJY8!>hf+{53eJU-`qTM6>mQRt?XZ9_^1yG zTgq^I91?zc1;z)uY@W-EOhl*~H`!DWR1zIgYM=s_a{;Z!*;98B>Z z+K7?pjxImfdC{6)rJ{_;$A)C z-Jp#Ye*oq4$?=~{o3?#AAm#mu?yy?#8dWJemj_utR|Y&k?Vagc4iOBUEj|VEntf|6 zdPsCX{nHo~s*AGW0esNgXyg|tn4g~Nm44Z-8Yropq9sOp6Gavef zH-O*QfBjVc_4`4C&aZ<8?}<%u<^i2L^UI*YA7d;|@r%4RJv7FJe$27B7JsbOe?H1T zodoz#kMd6^0sft%{PRc)hm}R_!(WO4SUa@QV52$n-G}bPuMP{^@kwfydJwqJ5;P4OO%#d+dRVQbYVsv-c+iDReG*1$YT}QM_OH zup5-SJzIRf>obPS|JYA0n7<@Xe(@|th>v=+$?DHp6*+$Y+=arv;Vefef5TGxrx+jb zOOTIbJR9!NSIrhWD7jy>q1!EeVZ?H`CXrWQTTX?wl{f^dhtvz(3biIl_`I7K^#_{Y4+jN)6IvElov*+ld;TV~zgw&Sc%;8N5%Axr zpPx?z{BMu+SCy*3->}SCN{Bt@GZ_;nw|WS3-doVfrrMsbgC-tF)I%(P=5W1COhVfy zRcQDdD4MxdP`$sC+=o2Ma3HFTO4$)+gT2X~g-*~UIh=-0g5&$XBW&zYhv=nJW;oN5 zw&%{dEjHaZ3WWhd$4M8((FbL>3N5zNLpneaK2Zk|g_k*M+aen3xDjei4>5*s3G$Ba zK?Tb9C@?U>JC3apAN147VW5yYan4+(t09kZAZ(Oh94>jfdPeizV z0$5s}?~=veZR_VHzV|SBPuzG`dt~HipadzIt)z!QdMEN~cXMK<%#GuQy99MWK5sYN zC=rRKS5dEHhZXl^mq;U+Dt5?91Xi!F`0ny?H&&N7oD8bIN-TfSB7wW@{e1Aqi87C{ zxb6Dq?w+U`75LMhX2kENAlM$l1`&E!jn&i3G;xvmuEveVF&m)pg1VO62ef}S+MXup zI?_x+m)4bvK{Y9{tGiC7Xc;fuWQq_MWpJS`HeZK=MsW?4^EVkC8A!m=fq8YdP zuOpK`dCl67+&NoScau~AWhTLuI=$JmB%ytO2>mj3Ecrmx?Q->c=~nyq%*vg(^xm)N z)SSIV{Jo=aSiNmHn$)1X1|Zl^&@`WB*5Dr0V%D~oVQa;5-u%tWc&}d0Hrrt$cDCrRg=?SAr((r{ZZ0~wX{rBF8d${NB6YiC-fF>tASaYu=xF8Qxk4XS&q5{ngisZWC zmY3x!HWSmN5Pf?GTdTsLT)3Z8(7;k@vtmT0tw(XteI7krjJBdwYBxe|N@#sP0KRX1 zBph5NT&N|*=LrnGsSUj4er@S_W%{bltRz0&-^J%F&zGnc@q9iR$F;;|9}F6!f`!>)Mf_=&;mhkY#q!cJ9HH$x zs$DKoS3aG?@}xUVssXbwb@GoLa7+IUD*UgfmvhrsxDfpTMp7KuZ0~@L~9KlZwY8Up*rC@70@1!}XDm){#x=VPL%z7=0zY`=>DBuXdA5c&`RB z;j)KayJx=p#~I<=WjEVjn%#bHGrvazHRcPYmv`-S;a^aIxdDGztgk)(5eB$U%|2Ad z{a!u0n10qKoz{vh`pd35Zn}2=E$RpSxkbjCF313--B*5*yGITi{eJekCwR**t!L&R zqI+M#J>cJp?x}_bfd@fxM#fxd?jDv4<<1ll>U6PYQIBGIczc}yyoUVf;>BzX=&Y?yg3cERNbn{e!-vgqs;V@^R~C>8gI-b-nS>W#7rl_;4)@H=p9dr ze*#)w7Si)FDQW(+sU-8}LUl&wwZvy~57met0;`pZ;25=*236!{%FCmO`V((JA{-`b zAERV*H83MHpsWR4PB+q*^6NU2q`>H0TY-w1$_gtw3~k$z@N^A0YaiBL*)30{JK8XY z@qDy#Mz}IhZez!MyvheWTS#7Q?|$$Ye}vpZ5px-?&xz%qaZCzOxi4>HloFB1ntcY- zp?`$-bEKhGK%x)MTZ@ItRS4%HUI5O!$)*8Unb!#(-h%`q(tLl|2aZFS#ADDaqA%Up zsI}%N_o?2!8jnk{#l~Dr)Rvu$RVi{X%JQm-fO-kU)rt1%epj~_1YX;%&hx%Gab$LM zkcwc3_$(`?31KXvUDg}ra>ZdKUe&kt`mxclKmDZ|!gvChV0Y0jQls`}t`#4XO*o^X zL6=Hz*ynR7&W(DCM1BUKEwdukhM%fEAyW(>8d4C57ehLqg zaop{MQxwAet=7(~#$M^Yg8%|DUw`8g{%v$`EWKr(A@4|T=Uy=|)#Tgjt+vW_e8-elqyxQr_HZP2evY`De zGJqVONNK;)Q`_gy9d~=-9_Hi&F3AqXOe~PC4w*0e!A-NrE)HKLEBiF6yTBs1=m~Pc zKF^7p4r6JBK$u1FdPpEdX5$;S99+t^J|w{fX9XDcSM)s{-K4n1E^{0aX%E+oDY_JPi>M{kQZ>^BpfI7 z;G`ub>^EtG4+bt53_tsF*h2A{^d9Vv%DqHknal>BVZ>7fR5p^3^0Y@8{DgsU;cBTG zi!6=!qu_?U*Q$&o%=Wp0p-Hd&R(lpxlQuS-;EL3Na0{F=IV}oOh!cpsw7f-gpLfw9 zu^1U8klC40gm?bBsFARMu$hZ9l^)pYSzxN8(vb{~1M!^7q&w{0#Q9~5o>o3S02w_# zu)eY{sef+dsj5p|XT-=@;*xuIO;-2XX&6-JH)iKzn32(c9#1Qf7X~N)$5HIxvD1IC z%))ozzv*Uuf7vAD$Ea^pPe(`42?obwy}=785*wtb|8nH_^m8oXt4Qh(CfDY@=`#Em zfKx9mp}nHZ>Hhk6=%Zi0aht;4EA6yFWZNZuSeH-j{XzK>HseoMmrm>73_t1tSc)@c7W9nN7l&2dja|E1XI{_PFtFN@lJ*pi>Kpm*^n zi1TU_e!oCNTZ=4LhrZPUiGTeE&n*#6*-@aiVIb8pO-V_wL2+Q+zafiW{emyM#E{i@ zh{HoK%5B;&dQI2i)Nds9z)w80hx(uJUx_P?Vno|*Uf)iQ21rV8GM$5;i`ek=!4{9q zI=0Kee_r|1zf>CfY$US_BAgSp>1J_tR2fdmA|6kJ*lEvvpDD{`4N$NEF+4pT<)+rL znfDftVor_bC8Bn^SPL1ahlJBFEXUs9%grQ)0>XW(;+Ce06syc*Rrjj$-nGma!y(|d zuLa&d&lo3$+oCr?{pM1%6tEVj(-~3UiC%ohCYyKo1jToRUMf0@A9qzUYYNn9u9@zg zv^&cI$^goJq8))UP^zNaaWrMOZu0A<(|2MIxMMN<>0O0_LSlM!3{_4;q+~iqg0?RV zjIk)aYz;$%&Z}ovAnSU((H@E7KP~*d-uZ6HligSIl~QDxtaOoV5+-hRP~4hALs%T7 zjMM+%7G#M}j}hMp)qK*BTwDu)LM7o$Mh%^UlKUe@G8&ui7g8GJsdohAb{G}8QDQ2q zlGHbz3p1zA9kZ^F6v?aZ;%NE9T$6!y1%R(r>Bhp)dy~7kaA@E3#VGXrPqQkBhTw$_ z#fRQM1x$O{b2zft{oznU*rBZ9YbEcgesGfqP!z`wc*W6!7!zF3l_hzbr#xupi~O_> zk{~YYA*3jLe7LTq;i2aD-6AM+G8H5asXLZ-Y$m|!T*)7OXnYf(js3HJG*fOr#K@MR zHOHnY$tFEmdCUk1c7rr%fAB@rgq|1nk&S6q>NZdHS^vy`1^iu{__zM0wvbx__8%(IJbr8%HxOAxsT-eS{r{*(pUGmj<0X?y?Uy#8(?}Y z+6`|G@zrEJzp5k=($+BV3}C+PL^K%dOq7qp8MOO&$Y;M;)vBJxDW9s~i3K(*qLV-04#kU9UkIdgd%pD9Rz!-y0J1H*C(bG} zO7T6_ylZV=2loArBl~gfssynOJWJsz+D{@jsstYcLv>y$7k|2TV=l-tw(qkWvCskm zgX0H%?pz-^KxcdHXtrEn*RkI#LJoN7?;ALjDw4{)1@UI>n2Vv4+#Q^<&6#wTI|#NM zhY0HHz6YA(0s2Jp_{8B#Zu5-XGZ%YA4lhDhr~KQX;P>NU|65Q%dtY`Y`z;X|J?yLw zicp6?$>qL)elCM&{ij6W^pguN0RLBj;0q4`{{j$jKaG(6D?sp-GuXe1kAdF-g0IC* z_x^W);0q4`{}+JZ`}`^3kAUD`kkc@w2!8mooh9re6OukNB%-QMS^n&4cW(ib&Bd2- z#8S76_VYbacVyewPVqe4YND+kllv8 zB>+pi<0zE#`lcvfBE59XU-RE|sQy)B)L~t!)>3Yi=K25>k9gPJ9)sjY$u#^0X93Uu zdA4jys=P_7l#qYcI(3F>8w;`mKB;7xI#H(fW2rZV4NPsbW820i*R2G)gEn{@r(rUs z^NEGh(v{*SLwQW$iM0(Jew2&PvurYe<_6Fab{CIQ>vtPAIK6Vn=v@@=sY%1pc7yJz zqz>Y|r++K~T;}0ZWpVaDS^gU*P5Q-2!&RRyet(7{pRWJ>BFh!I{~<9Ldms>o|L0s* z|E^T?+?P~?KcK$IKbSYP-j+o8>k>lO`E!-vm*ED!Ut!(-*Y$HE8@;ca_(}z7jXLlA zTKnRrF`A8RW2^P~vRQC)EZ z%wOqn7^eM~#fwQr@o^x{VL%-T99_ESmzbc)YSLHnBcRnHte)nk)#dh|jEHKxMaS0q ziO1p{xojD{Fbv?%88N>Yk!-QkJU*-gkH_)aGg*2gto45TUcSyYMWf4Oen^Qs;cdv)YKVxN7xxnZ4_Y;2CX#QP4H?uNdOXf^#q1l}z}#GR@Tk?Qk%XG{y6 zba-bHCaXU7hG0$v5%FfNx6>k5B=NFHheQbfK(_`5u~nW`t`8b|M#kUcX?Yz)d@d42&&uw^-~q>0&k1Xz6w4+ggaA6Si0{6)I)^ED zGpEQv@-Chx?ut@(lL=)d`lA||%;WG~#e}RTbCIB;bIV)aUh-|_Fs-2~rioi5YRt@i zzP5e2l_0;mr33dYMY5v!Dsg>)j~lFEiA?hxX_%N~cSIUuKF@MZWuG zxCqIX5wZbgG;L*6@)YN0BKcLJjBm;oir?l&nXYjCk}tw9C=*CbIfzI0NSCN-+i)YDnqgs;3$;(VOB=3Ix zoW9ntpY+#yQc^FHM@S&qDEOBbNQh+8U*B*&prq=rUrb19{d!|)k|oJp-o&+gl3_{h zFFGiIzerU6HuzSs1(_5-*-mto@67eXT&&me9E}>GcbJ*$vBy|nrk+J3W}UEG zjmR>4p9cD*?*a+k<8 zZyVL4y6g9<1w;fjyaIvs8>!CtFsdwD&LX3I)*X&|efV_GSD_6ICYdE#$u&gX%)q7` zj*bGjwS&hVvFwFTDn2%Vw62_oO+Pf{8Q?iu*G-1XWP;=OmXmz4Qun34+&)a6huBE( zBsQE2W%=Gcb|;a(^&MR=R&nl&Sd!N<2^ww%uh(5C7C6pCmYhCV+`ezzgBpuYe8#K& zHE$W7>1kC5I8S83VLKv?4blqVgPeWR?3sW!5@?qmsr`}QB{Bn{CT=+K(HuBVwlJNQ zvxV-7;DIG_iwmtgB=-sH8|UAh$kgPZ8Ov$Rb=#yOT?+(&5UGanG0#;>t9W^v&W>9_ zFs#~Na#MhkPD8H3Cy?1Vofm}H{qzD5r~5ZHpyOOS*JWC+|GDw{E&xqT`tTDF)#Ww3 zB1ifhCau7r|L}_&@}#`WBMcqPqP#_RApSGlSK}GwjGm?D?wjXQPNf<$n#?C73q(h1 ztgMu+w&gPUmZfA=yp+Ck}k9)98}RX6MW4Wa<&dVvhy_= z{;0SMqHpgLS&#XmkO98WjsH%0qcZ8KI^^SmE0D(h%6Rj~wLk3U_nQI!+ui)wj1X=B zONPR)pTSpE1ScbxAkiWdmLwZ_l>8ZXv~4b9OxDbRDH_Nqfcyv$>iz!l|C{ZgH>5EPLVB6A7yqH`92Ku&RF4CEMPg zyb~{Fo+DIdBSa5425bJFtL!`O@0ea&=jy19{1|WiEXl;PkcC9R@xSvMbl|TFKz{oA znfOw~ktuE-`pCRh5RhAk*dF!i;GRitCsWu#vYGDPovwfCOb4*@Z6+RhTy>04Gd_K%H{tj zLc-Og`~6xn->>EG+|(cCwc4rfzf{ta_wSW@e^{$2=BM}o{)pKI+TM+;g z^X(FTaYY`;^y@UYALHK0UDdL0#RBS|Qtw~K2mbZsh`U$tg0oN%85fOLSQOSw zOzFed%ROr*>3vu<+SPkzZ)?=zNDS8|z zgSAk~n^9IH=??OBG%k4@nk0QhAQJU^JZ_G{7<*4_Q|N55@u0j8gGjdr4NB>6+B#mq zC0@c6^Bq>Zd6s?SKZc#8@|tzA7a!x+3ONS^rD=q(dz}^82gT>4>zT>uQVur|;Zg^N ztWDhhGJ6Gy2%Ii*@D|-vsP5?<4Iw-IxEmVST@YOGmjps%S69Y!NPi5{L0)m|zG2dN zf8L*TqGm$Tj_%8jH2wMcIC{0wsnl+7IHRLkpQDuf7%o2;DNF@V2xt`Pvnvi7>7O@W zencj&X9@3J^r@pGB32EZ67urG8~uhm;G?1|yMJ_U^X4AocBwe%k(oCVVms7?0WvUT zs;#<9eA8QL@$B7~57!bFjz#(EIcU0s9`{zJ`y2jV@PdT1(YL2Id>fIwx1B*}l^jOe zn_m|IBrJWIeFzy)@v=A(U9cRSV%Ag?AIxbDqQhAeeS3t1aNK20r+Wv%B67ZD-E_zC zB;Q_nGk5j!1s33LrP@v4g89-ia*nn^3|h~63+Vfs*<+u_DmzC?S9mZM&Au-%9@vY+ z@-z&}ovra_2dd||>fQF$U_%skmUTu)PGM!^yl330M&X=xUP)X|iQo^B^FMO?x?xY% zc;K_0?B1`0ivM)aa`kkFYp=};IQxe&u^zg2o`e<`y z=QeNe?H-d59t45ob{L!SC#)Ydc$@THAsQvP*U2kGp4=U;)cOO|Z3e?$!`?o-EkOQ+ z3nTf|_ca?a3*Kp+(hmE9F)%u!5`=RT`&v~w{-CrRRNC&yQ}XJb`$(e(g8+D(`f*Yu zqtD_!=6U< zNgYrW@k^jeSx(>B2Xqn=(ia~Quf(XH2t5d2)+$WFp(7Y3by?t0rcs2kG&)EHzm*S^ z4*OHg)cE@BhH^X?1en-_NQiskw%$El>0l7fKsTWFfx~6DGe-3+k)VBYvmDae$mYR* z8pu1&uFs9=WYk6qjdIuJt@N@F^ha@dEE;j6hC1q}=Lq|oT5{LDMTnunRr&O*eQtZU zcDFMK7w)4+eRDUQ3VLd+@#;$ClFK+)W-$fqW}D<;QA(HC`LWLeVSdu8OEOMIB9Hxf zImGMBBVc09`-$2EZ{iM2hN}+(opv%5)qHlDu$QmyCIIbY`p3w*Xj}X*<~aD{#K?aM zSNSiv8vo#kkzkZUl%j%N5; zbJG2b4f1PEW$~XzNO}&SUSEauoh9e^3T0bu+M(_B@L#)kTPU~x5bhQ(5B;7ptoJn_ z;a4lI+MZ?u)_45MmB$x;{U`W(MyuB&G(#_&WUs1k*Jye^^67DzHO7JjV4gSsb{`c^ zTdUM(*roA3Htck)ObX%{d_lI+J#`O+G)iF*LtR`0D=X!=dv>HyJjs?L#JQA{_d5YH z0^DwmFzMNTKe|$2C~*8+@-H*|#}M}qTHb<{{m+alHnU>QTIID$%oWxi8tVQne9a%N zZnZSKHMU^AW)4UVBJ8p!1jdf-#bK!gj;|>@HQcF!v@?HJkUlfxm95ZwCqD2m_*#M9 zBhef&ia#ZNoC_yGy@oj`;9{PI(j9XLD^vAmy5Bx`a74&h&sE#J!O4A2xI*dwG0{{R zviKvv^#A-1|5y2?e+gvcFCcsWLA7Wq89bex9JDgWU<#vU-8&DNzpOPeey%lfy_2m~ zn*E+yiZAebPr7W#V7B!5Z`GS?@+*WCzx!Ax8U3g^ZC-Deouxk%VJKh2Pk&`Zzf|_2 z*5amrqjR!;B}8YBuZ)rA{7Q)allTB+YXz#UZld{}5&g}?g11EQ>u~{EH}d!Pi@)ZJ z!(FMi@1u$nm1@4{wQQSjO&e-T;CIQa>lf1fKjEw)C=_&i^k8=|8Ad*g! zkkv&%U16e%Le(Y`;H5|%LQZ*@*6d;`0h0N2SKUXstW9f{kt`~n+-R9Ab04Z$!^N3-44$sD90{Et zt2u7l{R3Jo8K3ID2#~QfTdf*&fEwqaPr(A9Y+=D^5EI9c16B_ER zefqVn75sUpJ_mJ=+P6%+!RNTwk2IxW!MRk`!F-OJi~vN8+0$CQUhH}dtL$`@oI|^{ zYOPHOcQoRX_8e6XPac={v7*Vkzgv7mtPV;d(0`=&_estI+)f$<0$z7}-HN1Po0_0{ z-1eUFTZD*&#Emkwhk6F{ZE_a8QyzXNmud{gI@{$P{*gkI6eadN-pfuyP)%_Fo}Ukr z5{js(QyJ2{b&rFc1U-f4*|C>-a0#(u62T&W;>vE`&>_fN{`RnQ=sRc4kA&jCq*}!L zG`O|c0IngCX5O$&EzdA@_<53lN+<%qWEB67hlaXzH+6pqB#VHzG0Uudn3lZ8syBoY z_xJ!5nMX! zCPJvXoG|W;qsf8Z2IcdP`u02j(k&Tpj|&TIJJJspZZ+?w&mz@Wnef@(b3sM9_{cnUpRnUX)&}gdC7T|WKzmNj^>J?{EbHB|4_!cdcn2G-sPOI6G+vTa zUJ1P1M1wBR{Bp3J42^H)6G7(6(xq}$pTXPb7v}9xQS)(kjAUP|@@&avS8o>}Mf%XE z?CKpnW;Zg4PXZk6EW8F)F`l88^{+FxrF;s>;(R_W;~ttFy?8H-EqdQ{L#COgjq;Sm zxlflvzDpcMN*jpDL4mCa2pk4IC!RcT*ph_BX1h+%NCmu(-N@_zVmkWoC>VcV9`gVE zkA?g<^;OO*y2@|Ah3(CV$ z`qt|&0`_Qde^R6(E$Q|I_d{rT*}e=d3yzwNp2L>?6|((TQ-bq($6=$M~G2cK;;b^mzp9s5^K@IS!Re;sK3a_!FB zAMSMnD z{EbHGa-0edqX5X6fk`Ypo1EuomgWPD8O}qpZlo1^I$-BInP1GDthwTvO5rARFyvPfnHyF zud}ah=)BB{lMy)(uUb)uNNctQdzQ9H3gZK5@qxDFqdu+m4h|dzlXPe}AMw+V zp|+P?YyNvQ;9u$z_$Pgd$`?NF*;t0k{$&$(RGlj>Hcsjwe>rmp_?DZHZlhTx35_l{ zaL4?nLT*Fn$??0w#Azlr=M$FY!0&6^J|;?k!4WzXUFS>3cuRsV)Qb{R*c>n$_N330 zIEQxQ((x|IwGlr9+obvMJVfX`S56$9ayK!#;9wDD+~#~wx6Aj;lX*E_Sb^iiRt$Zl9yZ*2J!yPn*mQVr6MnUrItm;-z@sF`K0CZc!fB{1tR(mWf_j+1 zs`$8^y-g|W`Dw9EE)gGaw#}^iyp_qM#+4)c2x76zyUTCDb9sg!vBgS;AzCj~moHRlLej|h=mBsF2*O);iMx)A zTvykjX8cH!#K6?mkT%Uc)6Qz{53LZb&hWIJUp#Pm0A=?` z|2#Vtsbp|pc7OKVd_#th4k}q!x=VJON&koh+^mEMyrq3n zD%`T7qzyXP72<0<#F%z?N^T3}kNAal9s065q6*L3Cx>9H*KrUrs^jsXpb3>H1mgN( zmKp-2e1cknm0VOBqd{ZDXDXF#-4{FDPk@-fw&P<<&+;mOAp|Qh`z4WjV6d zPZ6T@?2|tmD_A72$YlYR>=z}UTSEs3G87idcNzDwf!pO}%M^`FTZedkMh;aR=4ojE`iJ4#j`S5;^wIW%}{PmG!o7>i``(~ zJK6AV4}pZGbmQ#zfgBk{loyUTcZ z4jD5}=sr{_!q}>jw&s*p`Z?L3C|veQgDGq%=hKtCTW8z(3+8%pkB-GJhOypJ%NIYy z2-pvV5)-jjXRzrSYxcc4BTTv!q?OO5Tx*P5a>yg}**Q!1p3x1?=esvqy(7o`^WiP+ z(jMv5#-8Q@()}!tI#DWKcnY7wJZ^}8BlOPEF#DZ3)dO^SPeYd8U7+Tq$1;6p{JdM~ zb~jSJZ|7I|;)Cu$heiQ1-;wX}g3~D*4h86XGS3+XISxBnwsynvuwS9;-~ zy$s)^;XS&Zw5K_2{*x`HK>3^>!aDK=Y-cJ>Y(YnHW2GSk+H-#Tk#oMm(!0Hc5(g*o zW7$+hl-3Mytz``RPndv%iUUw5y*AUC&xPTRv~<{e&|lvBTniHg_UVSC=+JEe!Y(NK z)mdvf?m+i^Be6I2!5lPoC%T6KnP9oUfNAr+=fW?gc^htOZa8sSlU4K)Le2J4?5=E# zT(V4w1ojjfzEDc=qII@)8LxrYM>$N}$0!x-k>)J`a-M>N6u9^^}9Vae##gAyc+Q+m3`j-e-S>qTlU z<||*bHABbqePkxBTT?=8e&kQn%}}-W0U=D3f6o>_fd6O&$5(Yti2cD9FQW1hjk1+s zh=~52?)*#32mD{zVYgPlQ-uBZcKB;Ez<;}&-!t<8f2QU$3+L1Y_2}dwbn*jFUp~uA zSQ}?Dv~c_Du1e1xlv?gcZgO!S4f* z-?(YTWTrdWrlJj`1gbY`LBgyL`!{26=ubb9?#7ebaY1f)nC2PD(|0$$x<+v8i$Ip^IU*ea8#xcKF2ghETSAy zRJP*Ycu#?d_D5F?@7f9OX!z<}V+gI5nuWB&dm+Uu^)g89F0Ymlj{mJt*rcN+pUfa6 zZ8SXCIPQQkc_S{FS^W<}fw2r&5(q;`w?zoXUioyZ1IEmSR_2$D6Smu;kh51!>- zi>7yL55=lfh?9nuC-*JikMk`42JNz3)Ym;UvlNL_B?e_pTKE3h)Y@_(NK(&AMUTCy zegVj5a`W_~iJ9%rZp-{50ae~s@sEVT3jgN>RM}UK;QvkBpTJ!6y$M3l+w1gHPj?R* zSyaO3NHg7i`|DfVt$XkE^vu+HYu~qfnelJ!xAwZV+*(j%Q<21IOaMuYz&O!C&|n|} z5|Io-`uKtPMtb+>YQgi%kw}VHk+xq z6UO|}-$a9&w<5|rqZ55?GESnkFT*xncuB9v(}x)2%wrb4IUB^ub9UYH)=~Pn^Rh2I zG@b0ub3SzuK|D5_z0U1Fwt;5(B$*Z@oBGSrnC0`dFKhB;MSvftCQ|mfrw8D>7p#h! zIz|Vyx@+F9LeVO0b_XnMaOIGc@O4`=1q+T<%c1yiz3c&OA#SUByo9Igrn_xf$Ptz( zJ8E-1!aAvEVCFXz=fWD|+or%IK^dn4r4;jWLY0)uWbt}jDKFJ{gh)7xlc;P!ZaxO4t?m z-Kx0r1<-T503>J-f#9umi&l$3-jNDAm8f!>y6zCGc@?t5vLpGm>>-ht`o`_r-&KSj-GBL+r8!;^)l<16Q=VD zYc%fdN*-bcBV*4i=a}n<*m8Lc(WzB87j`Z-3Sd|gtB8|8;Y8kwrH^}%@&jKYD%wfV zfZxa7Nv5`Gm#l{T>Bb5i(r+$YL!Y}sxz%CGv+1;|0pQj36~QolZvcqk9*kBKW!QK; zS$lHt5Rh=Z6LT)w-{}dS6}lZI?{2xn9`A6+UiJCn7t~!~%lo9vK?$*V{X1$iKrZ^$b`#YLG`Wq)EWS0BWVC)N?Ur6vqRr?<1F8RH}$)MXHg zzB|+eD)d}$b*Wxa(S`)(J$i^kHjOdVfr`s{2d2nsHbSQ^A6!mWTvi zM~r^-{lMGAtI2nYT)XcNXItX&IUxZ}iWXRfgW%Mj1W94ANbFCIk|6nTu4`>WxB*dQ z$i63WwPHCkx^j2OQ!vX-??T$s7Yl>7T3e3+v;(d%-6A#N>i)4hTn62}Ir*L`I2s4h zX-{DzsP}|wqZTn6MRE6zeliTjUERgRt+Kki!%Dq5BQ#6xL7-bUEu*3PlXVgriE-)j zGMQ>)qEOtP8;h?BGXw+fU@!Ag5#aMhj8J^nn085o-SJAEpocA52iT@R0#nsA(;RLa zH5CtoVO{D_#4Z|3>ijNk#WuvvV7cqG6XDL>S)C&Xhv;xjuVu5^1QvX`#d~=Z)YCE3 zfY!5{g4@<(c*r+I$4cjjfEfhF$n0zs0^SnpU=dnWO5YtCnR@>cO^(n%h;ZoZq2+#X zbr*h&$Cl)WwR^Etssd`d$fj0j$MHb0my2(zyxbQ`CJpH3$3>#6mMQ5Z^x`j>e2v~_ za3hDmMQ!`y}x<2q(gqKHcU*gCSq?LZME`WM<*g(BFYyiI1V}s<2)12uW)P&06 zNHQdK)!=>zJ>(#a3JtNI$%l`P%uL};`%)%vdmvQL#xh*{9d^%E8r|x6x{9&OH19V? z85=pYOq$II+Vw1>#VM@nY2;5P1j(EmtvvZSjWej(!pDU8b-$_6c)63$kc(o2T5_j556qcw0j$N~B9kTkU zq=)+%;XAR^`tYT_2f#0FP=w{#Cm)ObUu+H+=4Tgqbh{p(VJ4RB!*f(Yv0U>}#I9ze zBs^ah|D<07s=kY`-UQ{t*XZduN5<|$LE`fQ<|Ach&$%#h>l@GjFH%d~q-LH#egGsaV1@WmthmPzsyc4h^tHQE9H{)UdgYXjC{@vpx z?#L4ma${q9q-tz-viQCQsozyzVmm(oFQGq)Rrv`oG4r1|FJbH-iI=Ffh@3Cf!{1SX zx;2;I{ACB9?|Y5myGlec-^dP56tUfudL`c)!2wubOK#;YRayH{npGOiM2HosSen9c zipeRxSNFjWtT`=&G1)XRVi$%{kC&~UACG4*Jhs%>gjcQV`Bh^5u)O4;;rba-Zd$!# zD6~=I&RYa{JCx#I4qjrzzpK1Nx6l6}@{&1QPD169Ze^#6dB)GoO&l-EWsxgiGrRqD zm%GZ*mCQq(9x)Q1woO$V@p)}GcU>GV9b|;rlUqoQQY#zTg)%QMccMC0nCEi zZ)*;z{Nr22hqtLx8YJU9@*lVzM0-xyJUhK1KlLz$KSz^!+grfO-_OI8#L#tc&R$p&{(}y_A?oYkwlI zP$|*#o&^IzJ<*z$7KcVl6qFPjaIx#9=`)~04XCuBbIt7`TZ!!XbwT)Nd_-b&-6k%# zWnYO*i*Y1p5GcvT1ate8jR4;OK;sOgUI zo4GUZVu)p;UVvrMoF_S3zgQEK(>2mOy|U8n*rIE#V~TNyspd}?WePHG88LWaeCbCZ^cN2*0lzrF-R{&K61{R5GdiDw^3iv9*kJ-oewtBB6wH@U4Z z*2_|ijD9TXg+3kaegs5+giDt)2~tdJ=VYJP>IWzEAD~u`N&%nN>Ie4~MJ}Lf@{xWD zxA9aaQ7l1`aRBxlz40s1)ov{SOOZt}DfE3vpo z_vzFjRf8*yI-Nk6-0;kOumIeI_u@7&36DWp4y{qzO_HsCIqjUKtx!sjoXwbvoBf?T z^tEM{ln^qvq#2VgP~s9P@$W~1d-m#`>4A9 zqGD>@N$hctHLmH+r)Ek)A)q^|J?8hclwh3e7kj)Ps_mVLHHq;?p;K9tvW_>vbR!q{ zsOi#1$TDn|y)qYJaO=ZcGKd1HpaYl?)B9f2%Wx%`{+*anDW;Q`6 z-tRN8VEzG}w6189YbF{xrWb1maHB9@7E5-{%IG%}T1#hctT&9{`vVJ`es|*eyDQA+ z?bfL8LF_ubxZ48K1y%hhRZS4i)a?Pn`Xle=C-r)-rVuH_)85G3bi3CRQM+8_$gOR4 z>91qT-WA+;oZ=YE@nh+&#O1&k)P!PfovfZ3$8+F=sV@<_84M`nlG0x<3(%p6$)kj!>|y+}(y< z#-PWw#%FVAos+o*1~jP7sY4*g`6_PxzS$nJRX-ghHO=u*U=;g6l$Vu(6#aOz{LQt* zH|=?4LLs>0jpI4q-;GeE5dC^Q0gBb0ts}LF*{TMH`hBa))eetT#5iBjGvse>ib-GY z%}lkF?WA5lFh-bVHR|7v8*ppy_iANu(sbasD}e63O@sCK{canZ(t#LG{Eb_XinL(- zgmhygsUd+J!23-ryZeQ}@H|9k@_freb-Qv#G%ZHS3bvt)TL5#fuW2IMX;NC@yq_H- z6=Q}p$nt_JoD5B(?cE6WvU7%&fzM;d~?I0-FR5Z z4Dji`77vYetQSwZ?%CHNSA6^w2av#*MB`@>wG4*T)1`WYV5QByR?+{^C)QY5a29eY!#5 zA(nxMT$ZUd+ZS^Av$PC9eq|Q=LsaKgEc351AYb0{$^6@@;xf;&`0Nye|GZEBS)(<+ zpA&W9^B~JO3=!KK;@xx5_sh*J;)pKEUe%@aG`s5Qnq4v>!1s>aa3>0`l93L!L6;7j zyxl0kPSVW#O|MP4COzT;-diyw6ulLC5Mg1wgSReHyR+So(|AqylQJBQ<6$w&Z7JT9 zeJuG==rOa=+}#2=j5XND$9+8*Y#n%aW~A=;j_q&yqy#2nr0~oi+4Qt48@`q>2yDr= z-1;Cy?z7;Y!_&~&{p?7}eJlXVm(pNnz?r@|=Zgr5V|Q+1qeq7wao3pLrtzdq4@gNg zcP)~5nW(|5qQVj`r5&l$s++USHNEV*>xl#0&K=3Zlnu|@;>}{{LfoTBcGrttAB4;< zAf}TGvCVA8fs5>#2xMb<)ie~;1nYAx$PJ1tC*DBMxeN$ufpL3UR!!L3USMKB&)UfL zwAuDNithxw5f1a-4I@3`^Kf@fUBkF3(tP!I%GJ|FC+OPAO_jhlwbf{iE}3HU*g#mp zP1A|=AZ8Nd-&^O}G4fD}*Cf}E7jK)dvQiU@z1vOhib6zRSZyQa#YLAr0*A@U2ik&% zl^Gm0eh@&KcX~16aL-^BNO4x8cCxKp-mcL!!BjF@5<@AN@4&>JC}!4~_sqKIY2X?badXzFMIn!F7NzxiY#gw zNJr}1XUhgVx(|ft*{Gs=c((woCYyF_*ny(8s*mrm?TtU*5d^v>v^dis5;OHdb{wbQ zlZl`bS#Y@>p#o{IcD_LUj&Q>gs~6K7kq|i8c{iF$A#u2^Yaw&W=(KM*{I)Ar@q9#D zEKle3n9Wz$nGXJ_I?I8@;WK?YMYPAI(Adto+q8;?-T_IHVB@k)FzrC<42~3xeZ-nA ztn6=AV=c{{+UdQL33+z0e0wYexeZ(0Jc65j$|Y_KssiE>qU+QR0h~I|XzY4_25t4e zp|No0?yh(|ZS0!5>N4pb+Q>SFY44pOLgLx&t~y@jW3UWGl#o~AP$3oDP-hc4Z-68l z<*i^*o2v6*%Zko&OK11$ARLN)5m>h^cH})pMj=vnYm4D0i$?;`Y6TUR3B1KdmwJkl`tVgquxE<)=d0}?xs$P&C9B~PrU$MS9S7Yp%z=5pzfqu z)Twd#W?*A$HQUARH|kMd9!}KZFRTe*_Us93LXsg+G|fL~1Ra6;RR~2AebN z4gOZzd}BoWo5BzHn)Lf2gdg+jykcI@4|AFR%=wF);ozrf5(R$4`HQ4;4;L*jzF)@T z!%G1F5pMZYABCSP2FBYkmoI?pyib(7rqd^>TbcD9I4LwX!BW}iJdB#xQJ5jYb$tjXu*I_8JmZQ(m1Wr$rU z1hZFXoC{8jN=RYmaY{jFkq&>Cj~Czv*$I1?lk*Jg&_2y?*ajXrC_%5$o#T?=GaoO& zCr(}_Ts$dGN>SalNX-x%&Es(ZSGDqRIc~gqDTf}Tyr5}1ENA+QXE10?f+^F~a+YG_po)XE6?u{lz1d^(HW~H2nK2uUn=j0_u5mVMHm%K-id&Z63aU}%h z+NSz<(SZ>KL!0*VJF+gzp-KaVeSNeH!}j!zL@#%&eqL)vrLMBvkb zTcf}~8APg0mXR3^Jj$OesoVvKUij`KLcp`zMN22qNm%gabs|YJxk4_^h`lmGefMx2 z<2w-ah(YiYcM<&%I>1NtN7STm4HFK$th+Sw#yPGXpi*~}1;Hr_1XPDw#XYKaI6$zn z-6aN}*BDVLYNNw@AtywR-jG!lheb#nJ6aTLV5d}f|7^{rWlZiJk-{r=cJ^>O-77~M zbT{l*tuAvK15FNe9`>$!;Qr=POK7dR=q+<$7~}IEOx)i<>o|O#N~(b z$0Pt>#tDB76K=Z}cif8pa9oB-9@6O8=_i5C7m&G9LMb&14NpCLO9u@^8yn(;J0b#I zC5JVdaML)F(puha1{FU7&voCMnBn@imL-<7#QKSLl3UMrqCo6fg^fgA>PpV1@3mtZ zws_uy5g;GGJ5D&kllZ$Aw+(O8tzW0QA9nqvW;@3M-J6&ERQqJebZSR*+}C|ASziv| zKKyi+5~;oUS_-w?=8b$6*E2!sHg6f$h1WpF(hY*JZJjeAp0}BNVoltC^S8v%yZ}5V zTXlH4pC5kqKTg2D(b(?cvq3TOMKV`fgP!L`z-K=W*@v{zroQ6N^y7?7EwL8Q7*@lZ zd9W648#Y~>9&ti!+DbIrwha1c7`A?qbZ|VqxH+Q$iqJ_TmkEx3b>={R;&%6k3CpE2 zB|wVEWzy~IjB2#z*^P_@;ph|lO(!D;kDEbh>H|A#@&!Cc=PWBm`ke06Md|F83RvHz;-OgT)^ZL_bfkeB2F1!y*uZw$~}P)5RUGJTu$JDH#vS zZg&VPo|M(|*ks4@ax@^P0#xLh8%}N%8$zN&iLWVcRPMKURE1#Dxtn;MA%ar9hDvm= z-=9wEg;i3XxX$8X;_}*-Q>ig=VM7ECFyBUG>y}lnhp57ry`#W0(#?FVDM5!8#cm_* zJ3}~SL2PWIjb53I(h~~Lot+T=13w^o{pg1qUNoVV&SOm zZ-)YGuIRA|mU1Je`dv3p-4yB#uX$AKHr#b3HA?ePpDmoNAXk7?vyhFsf(`NwW{>$f z+NKh5RdoJp`$$XX$K=xYyS344-OLLXo>L1?2Fpm79o-WuMllC<;b}nt~OgPAXSUcTl~bA$bs|>0wX;U-vF*GW!i8!5ny<@+?P>fhFDoC*L?{{5zbB0zXWwPOBEW zRk@3~t&qZMiMC4sb6lm%t99pHHYjk`NvzIJXUB@`RV1%!qfJl>ezU`srFVC9CxuNt zL2{t+kvlWYnZ5?(dB@WdO(Q~)dZRdMhpSSVR~`tZd=41BAFcS1wHjRYMsN?o1S(Yi zB$SZd7I3;-`) zeL99!#3rj53@Rs?5e{ebaB%nc%fqz1^U<=c8;MTQ_Hc|9)DyRe+mD-NxB{l9XZRgN zi=DM4Tr%;F$274Nv1fAGs3)tEoPBcH%CYC($=QmOl=4}1jLTC%lD)p@gz8)8mEUNx z1E4su32}d`Nczl%O0B}l@OwwbJ_<9{+ZYQA6J4u1UT@m5_nOH0RCqPvOiZ$^hS z*A1~!udvzVjXqGM0Bj>RIuV?3%p+tsMOz+iEzO!8^+c{>5VTq0E2|u2Ug&IQOWY|v zxgHh2*tE%Z;s8h_^>3Ry`{q0wefri_4#e#MILCN%3wevmn-DDFNs|{)JGzF^JJHExr#OlSN|MRj73$)YrH2= zBtx72BHk|pn~mE7Dir6oESx4c*CV84$ML&YIjn|hpC@B%8M{F-;3pb0i&P%#Ac9Z4{oX|hzV?j_>M;}VpojZ_<2RQo#@~p9r)Bh6BF=9E zJLNVONW(kF5YV}tn)6JU7ng^Di_0aNYlGg& z9@auW7=mx3K#zHr4{IZq&vybouZ>t91o^Ty0&uc#R`*A(E%3GK{vfsen#l@$+$yNU zo2G31llZDqN62a<~#E~0nV4OIxyJiAO zDc{c(JlUb54DEd=PQ$(j?+b}fY^&Q-@*weems1W5S%86`gy1Jeo%&CjI+^rAoybRr z!r>V?rr7R4j1+b=oC*!1o}s?FN-6$E@amrwg#teS&Ko}{g#xe3mwqA?3Va(w`9W&? z<*Fv&JC-$>_uhi7>M{1HBrF}0MzqWNHn?sB!-lM+<*U)MCd!Lquj7!+~c)Xags1)Q3Wa963WdFuBvpHv?7ZP={Uuy62-P$a0mWML8X7JrU2Cr z7GY_37o8;)U>L|}lu*3)2sq0%B_CNw@#w2%l2ms>9#dzIvt!4AG}=4p5EojK?*@&D z%hFT{B66Zl@`uIqclQCfP~>VG!{%i*Q6%5WEJ{MSK|=R&GD*_JY)f$m+Ta{n0*k<{ zWM2#146xg~Kh?R-3~{ zL`In=)^3m#iU;C+evG4#n#>FcH0cl`C$zzDabPr3u2=G4zD3i)_K*lHBqy>G#!FWn zzrqw=Z^}GBWd|^hbj_ucnTmQe?k@4LxrC@7n4HdwO>CSQpee3%iR30sFmc;i=sDBt zu0D_1J=M+^boNz?l{+{!Px~&-{QfX_msR&1M`S)!RE75n)2?bq!9no_plhlyVgjNz z8yTBs-zHO#GnYe*x7$6^w_&^ySr5Mu-W}VJ1ECEGy0W(Y?G7GMRTU5rbBnp^57X5F zFwb#X5utKEol&(+A>qPm$kZ?2vaIRZ@nt2SFTA_UueXs-Yx-Q3SB-EufV1)+YFX2_ zu4*EW0Z^`=L=>1*kh>A>|SWD zJ2;`v$1CoM(tIiWpxIP+G|rd=1)}Ljb=u~@OsD-W@ulfq{zcan6KVxG!QT~*l}a6sAVQig-ciTJ*4TR_HsV z6W%nOT&3$`IzFn<=nNC)HNBFWKGF6jty`~W(0Sz%a<{oy?EZv#F0~nUAzSU(b_@Y~ zgxK~V-77RaHJh$5v9@kC_Ek?U>k^qr1o3`6{_pf2B*C4U;28vgOtC8rOA82PA=`}@7uy2_EH zsWb)Q4Wx!^y}vrFt$b}=@<$n(jH(66(qn!lsEB(|zRU)_%{RT6n3HLN}6%V5&k4>61_lR4?~t16xtXA_0E-F^U$ zm8ptIe^vwZK6-`a-}ipyl_ZFM6D*; zMJ4&LWkc?iJETpe5aYloN6cZllK_1mLbhFk7Gkbi#)W9@RFIsr%HB9%un0vw9{0QJ zxfA1gyH^!()1v2N)ANvmGJcD^G zpprWf)9i(5)S=+Vdg2)*@G$d!CqXr;tu*ZYs)RCi+Gi5&0H%WB@qRys?T)Y}ZfT1e z)oyo}T6RR{o>{4P+BCi>mt#3;m6iE-Rn}VZV8^z3or3*H$>)PD8k;kj0|zA=6|_Sa z!93;cL9J9+1U*%SYo+pnLX&$tAVN;iT+=^KG%|WlQsiBf5oaUBFiU2;C_eBdt{68U z+1!L&KomLGWzc4uJF#87#66Cz7V~<6Th9KL6bz2+h8;=PC%m^ZmQWomy!%s2U^CKH z<@TOH);S0EIw79Hp&-s1Y{jCsx!-iO;f;H=w3l7jmnj@4D{r_g;@-fMEo?X_L0b3E zTn@a-VBj0u(OyijY&9`QrpB$!j3WC%p`$by7CnbLbH$9KPHS!c`CyFN4S>AaXIHka z#16d3KE1^1*3xNV_bo1DzIDhuI~P50rLFV9+AOtltQ!drTZ%kfU~eot7{1Ni<*G@V;>pYUiT8s{;-S>ZX_`7@9b;JIy8y-9A?roWpz zGZ8!_H>7PZIA-8zIJQUb4o|5}2W~^%gHY%g-f@1YjR3@&{6dz@LGHvQvw#{AENz}r z)Y=771|Llpyy%!n8Bye@=*9z=)kF_d5kD?)UlR67@CYkbuQ$TJVH;dL5ZVN_rKFp; z8ldHD9E`X<9(rs)+H=vmbhf)JlX7)}-F)zDCc7)gilrsbMS=@EWhhHp&BiJ(g6|os zCs6X9PI52x0ZA!tzNlq6Y|*!gU8pN$@^oRc9=)xs)Sx5&xHc*T?csFQxzS2TV_}P4 zhp9IEmaZ=9SP1*4P%cxcRKahrHovMn~igoZe}2vm*!)IBs-**jGy$m#P+K?2cLW|1-W} z#jBjls&zalW9?$}T&*UNF|Thpkx`{90q3Gh+cf1e?5+G=E1#l|+tmaBez1l6jU4&JAAXC35(G@TjXPv_DL$fXD`VV>g` zs`CmOp}_sb>jHyRi-_!0&Lx(eq0Po!$#eefIPtL{1MR|1DzO%7MEc&`-63E%W+;wk zNOMpOV=An~lQU`Un{Qdi5x+zam*_|HB!t0d^CrW{Az>JO4;&y5<%?sb;6ng@VX&p= z!@b@lZB6J_w3VHKyu_C!5i1%0s=Wq$>-ae1W?bPn(2mO;`VbWqr&2fvk9W8WDPCF4 z-ym5vfuFp5H_hQfkpQ2a4I9?3q)CD|T>O}pwt5NxJZ3h0h;QVQxc z31FXZt#j;({VmwiEfc^3el3t?+5wjeOR(g-N8s?j?%qA(%l1+DGSK!)d=El=5addP z5b%>34`-gY*?ydmQZLEADbL6Jq#|*8aTVOWx9SNSk-Mg(ChEImv(oInHRbL92fx!g|=WKUuiT}f^#CL zi7LKIT)>06zJs`)P3a$$xPX`Speu3x5Ha!k8doN^JQC;W*a=E#8oWGj2?8iU=z_}Z z#;#}g&_~A%o)Hc`#!z6MwctME*WI*>D%kBhPAJgvkV55zYW{@@(8{%XyF1^{(Z<=5 z#0j`ZcPm;B+n5eeLdgAFA;znvU^2R`-0kC`#h`3Ls(@tgcCEOGgE(EnIG4OU`HNAz zaX6?)an*gVp#WUSYsnZzhu@hN@^6`RoV*JbFlc)$`l~n63L;yS$_EV9ozB=eZF$gv zdwQy1XSgJsbQ!jHV%BICwjA={tK9X@Vyi+92rTn5}^as7bHhJU^3_+737lL|oS!#7n=C=RP{O2NW*3IY@Rn6{yNRRFD&u`PFKl5&;%jPB$1U<1TTD8EXgagoruY zo5=%WzG!*R(3F}2IUe?wF6cKtFA5ij!c0eQz=CVWqjb8k+R;B~C`*4MCf=K-1bo}- z^pGwuV7vjN^2&sPyy@jdTC$Y^Cds#qR(}ybfWqHm;^CPFN%^^$`mMPq7s$eW$#zmP zR}iyJADa`5CKeK|8iWoiHge~ncxeDAk+BhYR(()zM~fw#oa(rEiU7`*$c{0=iF9OIj6=_=B6BbPZcb%YFb>BH+V%>34%lx z=n1%Xf9zjpy0w#Cxo)vxVVGb%+Ez5q1JvfH5T(-n7aWeHnGB} zB)SRcI!ocqr$%|ZaGZPCcC+TI=k;YYJTeLV@OLi7dPn+qOS$Y0h9h>nc>X>y@t(yw z-lg6b3$)&ykRK-|9@9J&WAwugAnT%@m5Uo*y<4~Ml^b&vhbi^1Q$Bum9%yv3udQnS zxN|^aU*);x%FRn8S-JMhW9P$Rb8)4QE-NTJeG|LD3Ht1z=h${qM)S)~j8&#QeBRn8JM&Jv`}*R_bL{2K zR}Jt<)VV8u*@avZwoeM{y8)cYCI`^lxVOrPPiP}SXJrLp03Yw zaV+pn=c3L)-2}WR9d@K-!eH-2iGtSrsmpwNCNw zn7GUJ762639uQiu?NgR&=CTnv<0LPOtj?Ph-o%KF%dr!xNbY8Aii9_2u=(qSV1f$2 z=Qe_>rHzwQd6|uK0yt$x$o^4nAa;TYx^*_BSEb3G%xZx>oQR#VADgylnsaLH%Fc|B zOs+0)5YT>6*Y@7wvF;%?3YaFgq<62xvNB+L3lqKUs!JVPBCY0b3o^o9BgDeb0+S{@^HwruSJD? zY_R#(`ReoDiWpf@rTHWppgS;y+ZmR5G^(?wqN8+Ja7}DRtcCz;d$MRGMC1$F+XX}W z1A7wFWR(DIrypQfCt?Jp7ZP=+gH$!;%-mp?kr^9m7zlSR;*4f?w97nsYXT=Et>{KO z;jASGwb_X6S?pm6UJXkQYSR$)TjQPf#J&Va|*mX2Y0{Up|=Hvj6}h!M3r~s zp%Z(txi9SEz;d5uiEt8^OOaCt;da}z!qHig9ffI|FBiYV4dBvWM_Q#%vMEzHejJ9Y zHZ50T%W{5}ttQZhjk^-NPa>>dv|^iFP$tjglPhkgfxn-ZjjTW$Nl$MJqXWFgV;dQ2 zFQMI=CdFO+re;n~$B#Xj-UaqYQwn~pK)Iy-Pzu5iM!jXuaz1dFd*1C&7RnM~z88f` zv!Oota+u_ULh$(_=^s-ec<2Mb_frUD>MIIC#(zU0c%%V8DTUyn4*)-$LZE%?M#smZ zQ2@uysXKt^j>m-O0}Ia8KTj@X}oS%0Nk~-Bn^s#J;feg_z-O^x9rk z+aJa0%x$jD0Vwx9yUVu2O<|-=bxrx6qpsJFWgf_A%@D-U^BW&;5L4|e!QMtjiE@1U z*;M4)OeFAaQ<06|3&jCj1Z0y-A?7AfNj2qhnvdw`Q;~wRUkxv%oBJ)$P;6A7@+HA8 z_aL}O-{KJBTUMA7(P8LL3!P6Dh~t3oha34$$h5UxW;Dk{Hq|Xb_D89K_`9&p8Bk2> zDG~VXDd3xWr_!XvOlPXNzzdX7&_qf@jSc92%7M^|8T&$ITfecfF{Ul7Lv9gz?NY`+ zbBCjJXKik0I?ng;a`)JeYy@=^y{$2QCf5(sOz**;$i`&$d8@^Tpw^a#kYso`%C2cn z^9`NFB}R_y5vqCg8?-|a<5BCY3LyXF}_ju(?|B{F}T%}F)**!#Ae`3O;bvM}?R z03P#9A10kb5*($^2H}!vwe2C9l0RfJSH+q;Rt4eX;7y2PN3ZTueu!NYtNsLh66{4GU=g=ue&uk1_m z(!jU)Fdxb5ktY9TB`@y#kryg)Y<-^g1%@y>wGCL}Q1422QXp+B0V{%v8SJgHX>**; z-f`ofkeVzYwYq#T#F0DJNQ=L4}fRRYq z$q8@%ff?@jc_$xF9C!b*$;&KHth?RARCE^wKUBb5?Y}yuCu$Iaa1{8?mJ#N-Oz272G?zg>{{~5+h?!VQ8p(fHm)W2)Tt~@ zLA6%0R|7pP-5x*&=(0WalEfY_OYSxSjN4_tjJpCYxU1cdb$9_qLGh9wNqW64i~Pw* zFUEh~?r(e`FEx?*#I>A|Iw_`bx2Fr<6rHuBW$>$h;LI21HR^==0_zl;6Y<=izMG9*bm{ibu>;+M(GfV?wB5^&PIN|oQ-inC^(hC zlk3CS9kQMK#l~$(J#@2FfSa8q4GV7RPH~5QL7Da;ey_B$x0kNCc0<~0)QkaxMGJ&= z@cG(NwY`n^XIF<K;c2;$L^3EmdVv@rW8cUoRo$!FvdKlg%rQgV zGH~9;ljb!}2i!?*0ezT@Q6D<`{36uHLpx^ksY$lCGgGLClavOIBk{GcY)xyX%vHPI z95ORKSsTo)uyQ`{G&j?>0dPs1gHC|b2=g2{W6{)A>@yY z#(3~J9-@wdqWb7nJ~>ZyZCKFuqEMJ{Y?cINx4EVqfkM1LjI=;1Rk_;tb>g3B2Rp!b zBpy}{g&3FK*vmZPRIpxI2&ouIKGY)WZ+V4Hj>;}OUK&FU)N@n=0+ZBWO#5=*tCPCD zW=ub4Qc&V^lqp(G+&XfW9FpR0j7ldtL3;-flD2MJiYB2&pyav<suHqDeMuv3v@IDM71yo?wLn`$}kx2On_nS~Twy! z%(EZwE?c)ku)^1>@@i@Ip|l2G0+4y*HtE(Nc4>WpiO|?JXB*A#$>3rwJQK!FP&NK$ z>P02GNaA!(u+frxEXd{9UXlQeKy$z3p34W&Mmb1O(!TAV05~<8m94?L;)vaNN!H z@q}-HdP}2jjhdssA{82J^R7W}`g{jP+~=>@CQv5qXewu{Shm90(PplOX9QImaEIbM zYXhxpzR+n+Ah9h_Lt!-2M7EbdsY4|5)u zgMzKjac<4G4VCRT_fBgrZa4)1v@x94?h`h=4aJ_@!I}?+32tsqSBdj+Xp$$p>ncLC z>mUtC$w!RDTV%P{=z8nHeX0lhrn%8~Wsm@@(AVqj^Gk%ZFI}rDjqDj6oi4lV0O0%PDA!*b~tRe zB?lS|tM?qVvKh)VoSPlUh=D7jWWy2(L_0q;E}@_2mMw>X?~I~2@Dx2!W&q20iQa4ctYE(We0G;aHR zU`#L^_StMfvA;+cP`HfeZn;1TiK@21qWN{h7x`unDOiY^9jvvMpv8HD|a#>8^^FN773$X zr$_QY#mu3-I*7JQ#Q^OAyV}`@TSy<%Za$Jqt#2|*NEmd1TS~^#=n`_>F1}&Xfj;S~ zUoMy>H}IL0xwEdE?ZxLT1y>`eJo7@l5tra+1);dp>#Y|WInFaF@t9rOs1aurIn zGn4%(4_a;?W-@`u^Q}q3J8Ni0by!8bvAtw>t=qS;p%8d37xW#4rVvPsQw6uZvfZ57 zn~LoyBkTr*@NBm>v6z1BN@ra(bWK{``DRmKCb8niz6~*Zq3f)^Bk-^bjG7%`1z=B* zhUbU!M5|E-IZUT@2;oq?ZRQ3c(6+%ZOc0_3n(T7z~b^x*)>2ubY0Q@zX}@4-lur z{SDi%xPr!~qnaw)c?qgj5uQ^GNOfsdp=ewmOQ*~dAMsh03ItGB6{iT$S*Z_TrQq%a z?Ugn`{OghxDs(@VQ+1Ur1`C8b^G5cnTZ;@761uNaq)KrvJ)ZXUtSpYID!Z-^k?1z< zzfaiXD6h+RA6#L6ww>X-qn`cXLt)zUj)wBXQcpR%Ihj-hU6IKk&V*BByI)yDoqa9* zS+$Drw;c_UezKvEl{4>TJ?2@ui_<^$2z=`9@--~lM|YSM$v=V^7l8M?&EXSAlV5Ck z2+8NQqMw9Fd+c_=5qUkohB1O((zpe9i(__y9zUA}2u^r;mIBJib5Wv@C9AVpS5!Lsjb30C?xA==r zd&2Poic+q0_KBx1bq7kT`rWGeR_Q}QrM40Tz_}vgHM#L2I%l zCtEa;DH!61V|Qw}NXr`&BtuG#4=GL_PHwmFApTI1Crl=RZ+QPv-f-NByf4^}y;Jdy51h{n4NQt$LbRXq3y%~%vDR#B)YXe&f*_niI#BeeX#r@b^ z0IA;Rn;jM8u&K1ZPUtX|E?6wG2{+2%NxJk$!aI5tPP0c5Y7tA+E6|whAPlLw8CMQ} zq6{2SmpHV5#M^f9Mz7#~s_lEQ_@U|X!-nFO9+97fmfby^H}5{~Y2YrCB}N&%XBlLZ z@9PmE++z9a((CNYJ;n4-iY9>vQGN?eexi9l)8z6>lZ!-2vqI6U7Jdfh7w22(BMp$3 zkFmvmT$%(PMES$g`dSov1eTkEpX>5}iK= z7PY-1HVFs@+b1^HA(Kd)&c`3E`sg0f?RX7d`pWh8N)`*+ChWq z8$)#hcGw>;cVf@0DsYOLBCfAv&8ml0H-YR@yasR$mJ~(~!fabxji||h4Q>){VN~AT z21;Rqg})f_Jx{_?Ib}n$3l>eE0Lz7-NVqSK*V5>T++?V146Nm8rrY0D2|I7fhM`?| zSBSdbi_u+CA#%BwsAL>9STmb$zrHx^(#ENQ;&5fDEfLY&y<+uc)0sm;m~u^6Cvses zT|CID41`-ubm7J6={}0XbhF%eU&FZ~lsoY>O9AaH_w5m2I0MnQxB1{w5sdboT%>s{ zN;Aon1i3E{`KU0NmH;gm z6QaB4FZudT;*=k@(Us@Q7A9J*w&$tdMysBg5VN)A_mX*N8F~SOlmde?W<#Bo$$T^K zab;6WA|NnXA%x>L7See3&%%KDwSGOT#bEDurv@`l5M1I;fteJe|BN>~@*EJt>eA*S6gFO4-5wwj{b$h)PI^Z*1X)ga);sHVTxNn>o00rR8Ux zi`or&%l%VnHyyeen3eSzkT;8QSckPiNtZS`vves zsGkJRq{`qjtOk5sj#61-2~Q%nuHSwZH>){ zW%q66c|d(T$NJr)_wlNdbQ-x-At!S4yq8v)z8O1P&xrV14XCl5+q2?Vx9)-*JV8V! zWakIWo?3aCh@CprI{>2^2fIzBEqII2~>Qd{_l zBpQ#@%-BfGaBJM=&h|Y~FVL4k5S*1nL9q%Z7$*8q%auhMbzDTv0~!- z9Sc2hlYk)=2ltvW#3Il5k;i{zW%P~V3y)OY5wAvutU`b||Z^%cc@hZ%$NSYF%}YvJ9) ziKVHTA2%+awNbTm##&A6UNg`0+6kaUozc~Z4MzS=e;{@z!{%kpCJYl?O+Bzs&76^* zg9|gfYC>AC8HB4_+^Z8Z?h%#=mZ*G`ObG^FypRQ>v`EuiqLY2|6Mm2{0DjO<_(8q^ z_}V9YpQ&-y+SDEG>Buy6{K{Njp~&EzL-SqnU+LDzbNj&M2wd z?zHKB-$YIBmhXtIfaM3&NHH>)@9d@Ngp4MGm}}ufRwO{z@5Q~C<^Ja8yMAcqL^9if zmGnE~tE<4iZ4p?$VJP4XjfW~cuNWnE%wA~Pc|pQ^^0|G$t5*${1C>V{ek&V$BARdB zp*tcz`qdbyUs(nA<{CeY1${rF1te|g{mpW=`cO4>i16IiL-dIjVg804fhz909<;6v94g7F9qT$Ik zJPl~hE;G0{ORZPqOZ#r3Hl3A<$umLgZ>uwbA3@j8p8W?oAN_gaG?+;o{^8GD=IQHk zO|>s|earqLSc|>(i48J}Xvu`6zwR~HG?5;|kDh4tZalq(qL|h)K$&=8^+n5Vu2i4HTZa>@*+iWC~uKn|FcR(B?BmE5` zx$wBBVx1|ddVi(_^~^~^ElV5rUI{r1aD#ktKvIS46!EmQ?q_Mx@!}#wcNU%EnH%~+ zu|)lM!uZy@R#NE{>73`2yj6vbX(UgD~pE?;I%W^(XO*U7@zS0bg&$r8P z(Oi*0S<*ci#$Gt+AlIHcZ{}uRmQkUj@Y>i;R^syN<_KSgRTjcHcx*2&H=%hs6 zYA-rSG_VKqp2MC&tPPNphYn#}I=g_m9Cx}a7>=yub8B820%Q&)K7O_fLjit>$Rl5> zLm%DtS31%P^W}GowKP8sA>mos}%oQoiyBfRq z{%|~3a>$2Q`c$(5%6MRnA-kE<0q%t6H%_Z+JL+zQeHM?)Wxh8x!S8#WG3 z6R1A(xd8jN0WoVo`r;|sh*zR!R@M^o1!1-~VB0{~JLg~S$GtgZw<$(2L+188e%c46 zhy;5MXIhOrBCy+&qlz4-Rkfu~SiUpQhpULDgR<3bn+lRZ9bhJ()2^U(Tje8|lc$=HjMerV&~nJ7-~#!oDMXpQ_fh<8WCjy&X__lP_>ptc;EX2x0~0@M;~tm57U zCm6b-2gJ>0sgm~jK|-Yq$V$uI!*Aef=Q2JtI?N^CYn!IOq4FfeLMCSEKDn-TL3`1b zJHYiACz!niZQD)1Vc2^!Zq!=cTQ&lDYA|qTH@I&Z53Lq=iVSLW+IFZ34=KhzV10B} z9QJy+C6&h(0C(jo3e=9Qv)mv_5JmX7yCFxd>9k9OF<8IzccXqxof}UPAQADM*X_OC z$aKzat^~pKDHT6=lnU?N?;C(BGSZ~_5c}pwbDK{E4;8(*ecX(Buh`Msc4Kh@_qO8h z29F%)F35@VSLe+w^NV@&M;Iq=!LM&&oKCsCJD2txzAo1^N@hGeXrjS~K_m$&JZZzH z>n%fA+o$1*L6zPB?rP{N`=$oO*<3OGbIswq@$_;#lE}G>Lf$i3NNf6H6L7?KNiG z)KHPbKSHy;1el_mYj9$Qho>Vk9TSt)b1|bsiRj+qxLUyL&|YD|MYWRWCxLGs^XK%p zNqgc&+S3ndzowC^!A>K&AYpWskJ2Va+B(t zRf6cD7|f&PZ!Ysi-rTok-|Tr#7=r-dx3+X=aU;YG#unXU&bE2I(RBw`WtuH^`*JW@ z*iby!XzNMMf_Qhl?Us;-B&5UY^H}8Np6Oz6xD-IFY|MLjJ-hfFM`8QE%4Wfd)Qw+k zx@5mUx`wR?X}*V&p=A~xZ4`P_(B9@;Vm^|4b*KB))!Bn2O)voMk&#Us^zpcU$lccT z(c0MKK^R3@;%Z zV`?*OpO?u-H^TLJ>L;CEzm4oakNEk+jQxMU2hf#Q(Xx!X2pMj9ut->>mx~ycNo#)H zS>0L~jjQe5UwNHzxM~DPj%Wf7{k^*}QFDV!cqq|$E|lBc_hf>#$ACz{ygg%LSeBYn zGSeM7WBatwQb4q7^MLJe?bxfiADvFai1+k~Xy`5G)dSZdXD&z^UXxUFL>;~)$f9x% zmwta&qtdqFC2m!&nWZL(fHKWD?HMWSsqc@jDbkU8^`|FM#Au6Gk{CG3fsfkqsxH|&fa%gZ1An$Gldq1huUe)Z~jyX?eLxVf3 zh6AF&Tu}h=&5_+pHtbbdLkD~{P@=rOAMcmgzF!j$@H}ppgt>S0`t7W!>17R&QM^hb*Z_RJ8WPZ*-ydlX41m>e|W+O0gsd;AgX4_)`w z-RXaM8RCZxXm8AK!Ql@((#_A){&F)!?T0ac7_hos0jR!hnT*v+nZ^or@`e+dj*f^l zV_oeb3KrW_G^kWkz9&aM53`$cua4m9I>DO~5P#!B4W5PGAr(c^n1IaY*t?th^P#D`n;EXyw>wMT1-z(}MAR&ZtsOG7%Hgc> zi-KEzb=bzeKwiBixak+=>JiDj^#bUSEwjbo>ykhi(i2*fGhUAYmr zddQo0W##7g#y#Iziv<0kI7V95fzAzfjoaKfD{nwu5C|EcIz}O6rAgPs$5O{!YkS8c zTRawV!a5SSDdc8OEn*oI4krxBXG7IIwUUe*`sEsu^F2EqpuO9j0i5YpNjqs&a5JQd zn)tlv5yZ-6luMya>TGpe#GCVmKmqv`j$KIdS{D9%#zOkJ5@F2-gakEJIs5t|MW7&mQ`e~K66|)-j zAPuzcrqFF%yW~4T^Ee9D88ynHov{&5*}|8h;qF&EeT&a|nfZys#^+dqcie8sPa*umF!;no_v=h#)FjLC%#@ejvd}^tBA#JK-KxXgIuAML6bYls+l6!hp=dZ z`DR37YS_DuJ7jGk?wpk~g)K+uJ)<0iJG(#IVambj7CU+FKHU&oK#A>HKwVlCmix(a z3{#Y^#Bq{YcyA=S9F%v-xS*<9E*r7h!TI2&4vw_UKBXe*Sl_E_gN4NYy6+|rP!coj zrkcJHde({|OV^6$t8R(umYwT2`lMl&t^`Jw+J15hF33qSX}mAQy2Z##qrmmKj=kn8 zhlv6-bK(tY)gk;|4b3N|sp?zif4vu@?Fr!SO{49GFyb(!nkjqyWD@ZFCV35kag`@{aZpM>;&2yfu4(%bx8dMlJP z%jV@X>HU`WCcQs#>GtDG?}zXPzAnA3?=xATi56?fYY$&aUp3BnigNYt1cc;-j$}`Z z4ivLNIT#R^Bnyl(C&;|QWc1jQ0gq>^h$vQ2H{psEw}Y>Uegvr^c;}5~W!9{_!J~x$ zV5P?j_UfEyIrdOiJhqG1<1;K=B+ff;eyDwPz&CY#v(M-l5Hx$YE0Q>3t(09&A-}8&Ux+OQ+o0;P6tzM@=`BcvC+3*h38LC_ z2VRbNM$jdF_LAC)&Q8e##u$p1)`@QIEn#!^g1Z{#=N6Wp@k_J_XWLO)43>u+hTGFv zB$9=Gr!q{vH+9P}-x2yp=fdA-3DEadi*JwFfZfMv0>RRa1by{k3qr+87H5wQF5j39 z03Wjf+}BqA*b*VVjk!xY3B3iSeqG_ijogRu?FB8`x?$V0#nJqy!|MqkrC+Yw=kBXNq>`nS!cuZwq5iNxQC=JKemRoJFY5~TGB z&2SX=VZjdY14j=K_FK{}^#pGOPdVr6KCO0Af{|J6EJ2=~J<x3Q5x3#m8W%TUuCaBm1W~3Fx7XVvxB#7VJwW+R z+NOOy1WoA$X6F{+_BbMJMV;ZD7AEc5J6Lk<_T%MXLR}pt*&&Bu|Jcl6ih3C5SKvXp zUH~UeuQI23{N)7q=k2|_m-yzMA60^xVMV%ME1!vsg}7ZvQ*W--jLNr~!Lw$$!--iX z`UO@$Fc^QIPqgf4pqfWQ!UHeZPU2 z>-FU6rbNWC4}xXq9p-i?S|Xs$dSt-8d^v8N-rT7Xv9SWfydf2JI9$|C)yUqC*S!ML zB-!m_UqNwpHamP@lSkJFtE1uV&sL|9+#Q&X$vwO>>eiV8Om!3<4Ywz&zUn(XjLu-- zY%|rU-F)xMe&+A#3waH-Kp$G_>Y1|)hC*(PTi+OT+6JUC(qXDYlu{aro@Kb~T%S{E z)dqd3z!pb+k_Mya z?hsOxs|ryTYo$cgqGy?AFJ;SKZX)hGJt|YNnRW#TC1OcHoZjS`D25>^Prh{o$P3M9 zlW}EOeW&(5&**UO*m;Vmo}ioHf$q;6*W^A#4@l1Fn4G(Bjn(#Bs3Wh9>iSscF%5k`m5ctA9cEiQh z?q`JWL|E%zM6@2CD?Sb$O8{3ce6|lW;4TlZsnYPs_@#MDX&*c~g2%m#SjTQ;+PrTJ zcG5@&!Ztm})bugfkP$z(Ef8Y4*_>*@DQZhvpqfQbgBQb61>2oWix)8@wh`e?%5BUf z4~k-JU$yBS8}8$w*x7gvZ7ESxvc0F@0qYoJ8jg-f4NpXzkTPlj>uCeucl3P2HbyB+ z&aO9go0%wQ#)dr<+-{__1H;c4u^Bt4h~6W$VCW8k_U&HUXsrpQo2H57P`dYuGJ0Gh2)iNYD~1 zlmO40o59FKbV65^^)8z{lugvZhIqfih!QTL)DhH_5zo*Ttwuv-=D8z>Jre`ldrw_8 z`E)Ok)11=f_85>=r3;9fn2diS?8O%^_M)>UgJ6bBjeBmEkM30BRqi_qP72*AuUQLo zNfl_8&AdN*Qc~8?O!HpSGsY>mRK~OL1F!EdM(8S*s>bZLyqnGvZRv|Cqgc^xn{Ys> z-GQg9Y`P^;MgY!A{Im_5-uBM!N^Lv9d4Pprkzz-1wsm~&29qA!egk_39kkG>w&w)0 zs907RF26v*soxp+`Ia=dEwCFphe~+{_m@y^H1K9xW!gvX5TRVq9>BaJsYK||TT#@A zMdl}-oDWBfnp0ocA6*vZj%IdW(GkmfpxTywxWU^qxQWIMiVR4?UwLfj-@B%~P<0|J zG5>u=$=(zL+Wy^B3_Rn^$2B3E0$FA3HMO9l=P$qOih=F?Ad10Gdc@m>K2r={(u$v~ zV!+rxwqhWsN{yB{x#wN0pBoDtk-99T z^0!Lh{F6Z3_Y4Kb7De7DO1--(N6(!`PncNVl2yf5&C@9tjQfN6tJ}!kKn8o82s6I=z1iUgyYJhd}($hg259O;aAwE=RN;aoEZh57xtrF6bL zDfSffy+Oz6Aw|z@k59KF1Oj`t3NkSXvNFkro?0we;9ra+AC;m&vT$8mOea3?=*MgtXv{$9~)FAeP8Zr>r@^I7lxN zjOdPyb>|J*);g!QGG=-Sg%11%*Dn{3xKh%dG7u5>0Bv!HCcHIzF%Q?8S;cY#^1~bx z?Up3WFc00N@l=F4M)!@rt@5i+U8Cg`Hq~*i_Z2OYd#SVoh0`Vmz%P1%!4^N2Qc5l| zpXbS8Dxl8nf+X)dw+t$pgZ>b_vH7{>*Wj zuTWL#HSLtHLUnO;ueOR-576e)Z!DFEvD#vUG$e%mi2ywj1~k@bsO~=5R(9UYY}aiv zg%N0IFY%GA-`eJSCWv}}L&!~*c6FCWy^$3MshnbUMkMwW=(n+wtvxbPfK{r*D!fSD zXF&y0A@B2KSQkBahVco}b z0EL&zvxgc8<@+Ix&%Shza$dN=Js6sM6yh_igcE3$lMTVFEG@#pLrGz&c)%5>6Gj_k z8PBT*Ygdsbd}kU|%fS~GmB7axL6fkxs>+zZ!4}v047(5LvB%kJ3MiW+%hf@%@a$#L5 z|0b(R9lJ7r9gLm4JF|8}ZE+8>RgBXXQr+ZRfSpn)FCer*F4f5&W~|ya0bV%vO&KY? z>*Zq4V1a2ThvCHRg3c%8`xUy~4euPn2M{I5U5w^6M5T}jYy>VRIOL2va)dV=2shWO zOH6l%z2x0?BnQmrTYpC>+1@6zsFn0B6DMB%%%de>jqgd+8Wp)Edt&OEF1 z=P8y!>#9S2e4}ZqFIg>lH5@+4OuxSRv&V7EWIv?H%I7(ZRo~TV!}uPltYwjJpJRMp z#M*qi&5`u?WL)}KITnAuxgJb~RKzdSzekFzPP2Be`r!_vh@#?%%8F2*HlZc2RWNmq zToL1YpH&xkjPDuT$woh>Sf--WYyZ&t=XHFk_!r%>UVTWBa95`(?vrnOG~@$6jZZ71 zDr;39`98jqBZAD~5d5CWNwi|E6*iuJ`&YZCE>D|g#hMkL?rFGQ1a+OK(QmFe6un-*yGC9ZweQAy zD8hG1{jPq*3;)&Ooj>hg+|zy9>i+u!=!Z@!D`_CWws z8g-u)^5Ii-@v|;^{gy9Nxs}OLFTJvM%A?w8RYhSl_<1yc@$gqNKY!y_A9JDe$~0E`nBiH#e%dAL6OXhn+3y#rukbfT#aHjFX^;AUBjcxu zFW}b;{PM=*t5&YbF>B%{6!tOsfvO)h0)_pyCqBRR*;5~0{c@67Np;mfC|bnNpQSOlVJa&9G2;U;l$GerZ)jVO`~pp@xVSR;Z=`aR z_?1N2w8d|vlAp+$wV57T$FsorOv8D*vC1IBQFQ7XH@-qJ-&)w`x4%*3=eM5=Hln_N zFvNatqIY%tu8Z1x8bt5<`rWUF?_w`~D3i}DIBMJKk@$yJX8ha0)31VX_=i3mp1$~- z&hP)&Pp#*_>Gk|Kzn=fr*Yn@;E%0x=d-}ugp8m+Yr@!gl(|`Wm)30`q|JT!RzWczG z-~Adm{pvFP`lA}?GX0@Q{d6({BpD_vz36mwxZl&-|I+`}C*(-@o_iAIE^Fzor46{)Imc zJpE(;7Vz{h{#C#D^z-sBK52jZFFyUrf8rOP{=#4Q#izgaul;>b@8#e3^!xwj-}m%S z{3E~b>96_Me&5rt|NJjK{TtvfJ^jJUFFif|ZNK#NC;s#=J)!^NFFpO|{@q`C`py5y zFF*Y@{L4@Op!&;CPWj7E_TTx-Pk+xp_{&d!#Xt4SPk-ir{mV~(^56dDr~koU{N<-V z_p`t91ph~W<>|lk*Zs;9_#40S^smCd^7P+0{>oGEM}Fmr#ee1Lj}pJ~#INUgh5z0) z{oh#cAJ%;T$eRBTuh0F3_4)tFTFyVZmiI5M<^F-S{6D?ECtKfFtnd9N*Z1pdJ*c%l zf6rPkWv$=5*7L7j>r1co{twprbL)5f_WC{l+WK9{`hEKPoy7XRzyJUAi%t~++Cg*3K*kApbC+si&^po+=|Mb&;|L^|kC-(Z&Py0Xo(@%f< zU$LJ5{7*goiGTK|p8kJ--%maL4Z}}8{hQiPJ^d#5Q&0cN-~Urj|M>s)>FNLTudKg+ z>gnm9{s*3({^)<@>FK}PJw5%y-+Oxc`=zI+;&+~&{_5@1)1UeSPfvg4U;Xq{|H{+T z|L7N=aetmvg%lTW@^8Pbx zxxa5M|L<7e^Jmug{WI%(Z|nR2?63UP)4#p_si*(iTCYFb|J2hzwAS-y*ZThJ|A(J? z`s>&F|JmRE>8F1u`RONO{jNX%&;9h%zwqz>^wa1UtNwcY;c+J67ef8pnze*fB@|I}alxu<^-{`sfhS=;$P z_=kV~=`a2HpMUyKt?i$!{qWEI1Hb3#To3QU`dJCPdiUsE6SZa9b!lBaI6=@xULQS_ zFmtsB!nBQozHaAtl~+DeABJaN*YAqDN>*BZ*GAoHM0D@ghrJc>!uNGm%+I>xyKe6K zsC<&^cU|MHe5Q!v{*m!vXnc}kg}r{|J4LaYA64(AFF8KGdaVoHwyVbWT(<`Y`|RFo zYCfsD{DfQXlWeW5c{K=yzkW@Yp2XE&^MW91`Ugv^+m)YzhhhSry6ez~tE&4&^7c30 zu~8d6KGIv2(yo87$-3#+w&`B%qlcCn)M4~)=vHR=T=T%I9&MRKk6#tFYx9K|-hy!-I)&)4u3TIn(=#U z73c4D(ZeCsul@RmPxjWf2YRAnvM>;KT>p=;ka-5=U+9}oUk7j0j)_ieEKvZ&v> z_GR(($vc0%zwOh1I<10YSU>j!Edf@?6vQHW4*rr zjep|T*Jgak#pi}H_0Pt?8o=v?+w(=$4a~aI@ z6Av<6d;CRFc)ZIiih7J5MYYi<`5r|4%on~R&+BWyE6eMbeLaiWu6oHc&980t&WroC ztlLmO(DAwMjn}RDAzUxn2+NyWZ=E?&bQ?9Zzq1c2Ly5|0tp^ zo0SQ#+~||b_pAB;^om{Usal!k`#vqBdgwpG_2Y77r$hAKdn7+beqK-SGjA>VSrWWo zd2RQ0{b;-Q<=UTXLJ>b79)koc8Q!Dr>Cr>ahxc9=r0L70pH^Nwzg)N8_;Rt5?F(K! zg;5bD&qVPQrb*QGPp`w8Z|C<>)ApYL-TfJOpvn7{WwsCed!JU1BA>#lTQ65!h}YJ9 zftow|-V4L_4Z=P`5B2xal3{&)|7lx4;I!(VmxVq9&qWVq^M38F=fQ**=#8#|>r<43 z&uz03S+e5K({r7l>l*c5^8V2=D=U2gx>e>rMN_l(0R(~{y5*sMKOf#lUR%sBmk(w9 zyjEOA9X9jL@(DXMy_P?6!*>hRpiyfDm^l1{fo zNXxW;|IiJd9xBbtClqzy6)zq9xO^tSw~P1vOFZp0Va4Y6ugbtv`M}6$ruKaG5Irwf zZP4@|uiih?<^z2nk5q$Ktf%RjJi2s=o`E)c#=FPm^9QWRw|-8QKb1`%G*4BO)P4G> za254!@N#@1u$Rl1Dy=0~(bPXx^)os=RV)9k`l5V3ydV9i`cYf>y}we_iXAI9H7lXL zoF0h(^pG7z5fvXU-lt``R_*cT4@qk!SD@>j9-MjQZ12lt}k ziRPtV>oIxo<@f%|RX+ePLhBiYUykp?DE5Y;e}$gg=w;UD{hKs-fnG$&+X(5K1bKs> zWyfd3r?0>#=^v!Y=VL;z&?{GefnK@t3-C&3ufQ|Oyj*|4`4{lHS>CQbebdLDeT5(0 z^-9doZT!t4(U+vxv5NN(cK?>Na*-D~uy*i=Dn6$UYx})$i%&oM^MR@lX^)ouq>5|G zqbg(Fh96U&+2#l64!vG~On&f^=Zk(=>%L;tOXZ(6m8W)9!Rzt`f!FKgaePi5pW0~E z1J**?Rcl$<@k;~0eC2D>m)DPPeuJNh=W)Gqf|YKcwV4&Z4UaB+J-=UN#)HqUNLLs4 zNA`Y|$Ir({Q7;d5uL%$3V6D=_xOq)k1+@2;{R6#r-b*WAmo$6Ur+44r4m5=|?EdPuQ{O4XsSC-3FFdp*74|0|Gmo!6wFLo1qn zasLf}-clcu;iaBUw5m(bEb{gGOp!dZiZ_+*t?5=C`95B&RIj?_Gf>qp z-PA|L${=6a<5T~TwSJL5v)yN4t?3&#e|+Yn;P7ch=og*iS$}2>{iv3yD%O@E2fuh8d4+%B75*cy@IU$r|Mr7PJ*#?8hORyj<2?+I4}&_- z19U6(<}ZVGk2%uS^tE*HDfnb$;e`%g1{nU}uXcZM)n@OjjuyVFhSdaW->u9tNLK^< z*$jUe(Eii766nWi-IYvMdhLJfowXw6={Mg=zxhshjBOF0<$C|Dm_FxxdN#Em!s@eB zoPnUn0e&2i^#DIW_yNKX5P5*e14JGm`T)@fh$2rU{X`nz`h(UVy#CfC16_Z+^@pv$ z{S!@^;Nt*2(f@z;u0A@h;<^vtwv53^I1rj(o@K8s8Lg}jV`JG4mZi0})R?Ojah zjdZj(Z*K2s@4HO(ZSC#uZ`<0_-={9^Zf}W%n_D~E`xJLq)KP^Jq1u)7wR>jR)M<LkN( zv#f`tr)jW7)3mK*+!?W|!qv4_Gq0l1DiF~ripgw2h0^I{ShY*Lqy@itf|iGn`60}I z*)VDt`OfH=Af|leyb8`=1(e-X-l1?Sc&fc3yn;sA6}1+9MS8(t1uuH%@FnpIE?ZuS zszotl0DxW)Pi1O7h0CRd+_$G`wIfYyS)7eg;k?g9*YL=@@hGTOkGx_*LE%kc^fB#|ntRFj=ubT3j6(-b@>&p0JCkGap}eBed>AgrwlnUii&4)^ zHKbwHP&v>Z1WM6eSRkf6%AEH)M(Mx)IFOyloAvf^nC7R{8|k;wLW?#|8O-KKY87kR z;ayZU?%+D>_-ooZ`hXg$o*H*?0*R`j22jJQ1kGTn^HtrhC@2!UQrUuIk)4+%YKW0% zg~BTx3yr73l-J@(UA{{v{o_uPxFeJP@ngHVcTD>0WlG%FPx{-#=f!=~q<>txQ{4AX z`p4TuM!O%L^pCqwi2J9L{_*zTTB_LnuR=E&_>H*VHFU|qDO1{AA=o7Jm0|7vsG&h$y*x+F9u?omURgieY38kepU`UP>{;?i|V?-lo*E?sBf zA#p$A(sc%YEbgDVbe(};i2FsCt~2nixR1DWoq+{cYxjq*cJ(EVq`p>^=$wI&Q(K`b z_?I@|=@q}c?$C@MT6&Z13%yq8n5ATDrk(K&)M~3laTG5;^|4W5a1#ohteqZGB^_FI zpkGW((z>kbLT~4=Qmv<~ysAlRKJBMi?q{_H--_!P=Kl$=_;3Nsu~Py(HQZkR3{ykma(uM%B~Z(^z7n#U33G8G4%WC84@S+42~gDJPLr z(H2h(4$TXqzKl4dMC$aBoDmg`ZY>e?EKl`CI=Ui#9x_Sm^GP#{%Y7Q_Qst>4Pw7-& zM|4#*+JS;jb1mqJl>K#Ek$`(k8}>^gX(l7!H5 zqBfDNO^oGL8-_xf#Y+44?1W?VgJ4HRy4qCxP`C?fS-3NvPmJ(hT7Xhn=~0DfMTI_j z?>=1uBQ&NNJWG)!#`vHK<8J!1wn^+xe3x#2nC>^R{s|3;HZ@rn!)TmwhJ3oMJ;A$m z9&Jj`YiOICiVG~X`_8iS*)eovY7h#Wu91NPKI)T4~oGrcO1QQ;O7}U9_A>h6;n2r;VkY zowWOz%CiDP8U`fm$yeM$ABOoBwKOh7#6m?eL2DNj1@H43m1#VcX>5pbBr$61G2P^4 zj~qeTyDn|+Xm5>alR9e%IipMr;wzw%97JX*Zi}~njwuZq5C)bZ(xZ6pH>O)xdly^S zlj4m!bw=0{U7M`XTmWh|I%jQ@fw?3?H8!9eP}C@cxV0^nNoL2%{(?S1t>CjlPv#Le zC63KExWcnEno(KR)*d4-Ly1g2ZS3SQ3=SnXY7;sA?X|dR%*DsFF$cA-8WRHY93)1s zOO+0*(8m{TzdRD_Xzp!`P;bHw$chi@8FI2Qc}HxB@Zq?zCvmWQ}5AACFUMh0@7Uhb>i*vcXB2c&kqO=#%)sQfWuF;)6yX$!x+| z1=W^jI}Y10KUK;tG}+XUHb%j;2gx7B5Kk49cPCRkAW<&tA&N3#im(E+ zDVpnG0vNYM-!JJFB%D?j`m!`z9LwlV3I&EQl=}cDg}JY+!zC+5vf~s24IZIttQ^fS zZEIHwT%43~doV}J3t71!41E=YQ1qb(QHGiNVUZY>Wuf$qLiykgCrO ziS}+iQp$Pv@=V_CZs-fu773b{C;DJ!8g+9y3dz)XdcDjN$L!$(KA%$HGS8yjTHjkP zxK40HaIfGhUhJnx@HObnIn}DkGRj1gwz9&RXtNZ?p@oO26RM1LRpm`iE=FqR+sNQBTaFXgU*#usfT z#J&;Q^rgiwvqsLzrFCcS@tcmtKphLUuBD-=LK7)fA+1TTx~R7P!rD3&YCsCf4!49< zs1d(OOS?u?Xe~Ka=tA~ejo+O*SZ$~dznz-a>7})4nxH<7dN|_PD3$q2`VA%5D~+v< zR#$&VhsWu%#z-}(8p$N9*O$V_hQ@5WN;7-u=qdBoO8O<)8vBIBlS!hM2^w<>gXHB@ z>0mWh86MJHU4I&pYuNBBc6p??JJuKJ?QHLYhT7^+DphYV+zbxVB3uqCiy8685`!*7 zxW2}!Vs9PzU_85~FVB~@W| zU)i8?85~-Lrk8rKiNkF=(3=WS%5*N-*m9+?h)8yE%ZVZXRpRNBI^IB%XywanRXhphlXgV z*~OMbXy54EV{Fx++ggl`XQ(=298TVNe9{iHt;afeER~ZNHhmGJr%Yiqrc=jnI<$6} zEmwMHiwxICMj!=+fd@L)+GA(~F|GH2!4Yc?&}Bzm3y9HtO>f~-g5-@;WR{k7ZXDDQ z?MA1j(50Yd@a&vjGEL%lv*FJUnZom4wkHfbjo*wkq9dV^JuM+GYJBSZBP8Rn*iIB0yHf(fdb)g1Z}cOQAZ}fnL;|P>QudIP>sC(p~)c{=j$5jmmyui zsJ;eBp^1*FHLH_$LS4a#m%Dc;WBzM4!Al$0wD&=qS1Wjd+9;|nAJ1Bq`s=ff6dwW* z{vqH1;6=bYfN!_z_0+os?-P8$(6_ule1q`6EO5f=5>R!+k~Q|19`1zdOH zbn!{RMFNKbZvcL^e!94K!`#AM=g+;&)RO7qYk)~>x;PD3jQ6iCDbM=^{2MCgJ`L{| zRv_*}i>HfcBYnR^T22H0CGc~N)5Sk;($FdIZ?B#%e)_`cV!`7_@Q%m51UyfJ=LZ-1 zdA#swgT|k0oSnx&C3se&-YtaL4%z9|GkMz9Ocy`0W_B6Bub(b%3dHqK;GYMXF98N5 zJ&y%=wl?_P_phBU-UfK(Ves#lytD>*I?B}RUm&eD9=_cYb}4Xn z-E{HKB>tCx*RGuzej8}3QP$sIJ9~b5>omRqGOqXJ=XR9;Y3uyFJ4sI6(aYyovy|bj zlD{Vq{#wZ00DL>r_SmYKyl27h)_|OQCHxTlMx`$AldxY8)&u0;0>0rgbxm#TFv2~K zG~BXEx3Q`+d3u3p@NWj+!F4nJuaY=_yYAR+#=zbH?^8%;|53s}7)aOKh_e_dud9*A z_o}9g9|C^uJdFv?SzLN2SXez>{5$kNBP+H0Y2ZWW`FVZ=+E2l=0e#i&%chGr0N=b! z`%zy?_(sV2CHOvh?o4=WgyF_jgw4M;!>f-WwDhFSKtZ#YZr7|(^ zT}b0$T|FeKkh}?1DC#7sJSX$!00QK-N{LX>ApL^2qS4h)!@O!;_X8g~3XkQNa zuSS@EfSjULqAi8&A1;x)u>Aa0%S-Q9Azk}XcJ-h=AM*2!!0$6?e-9!LHt+=G++OW3 zOM>e`>+!^K7u+Wz{>`5Hz8JE4Am=jhJs>i^gR=UWr18JNn~}EuS)`*+%IoB+^7U~p zWVAun&jI^9ao0iKS%~LeX^Yv=%&>dK?*L@q2bi~HCeIGYe-mj~zHIh3aib?~FO~T| zhCSsxE$R4E3G*WSt_CfMxF13s?<|=;o-cy;FOil7o;Gv@wCCXNM!Xe}^Ay}?Nqm=p z{(HzA@T7gQ#J>Uf(`^`EwqmRXd<@W62JQn-9dH^j0k{Y7Rq^{UU;|(oU_M|E;3mM| zlf04XVl)7ouY}$L{3XEcfE{Ic3T0>n*8pD4pfAss;0b9f9$8I||&mRh2*_4*6?!fp7Xa#fv)&pXI5x}K@!rl009zdUW_XiLA z1ylSl+>ieK9_Tc{_uuou!wVAcJAg|bhQ9O2>~QLLkM4iGaNhTzLjw*!iZT5A(2D_K zz|DZ4$opJE0bo5gUHmoROMo=s8NkAQ`h70pyMWhzjQPq>{BTo%_N2J~whZt86^=Ll z8-f4F0}lk;1Ya*hBe)OH{Ty^nz}kO@T;Oj4ZhaAb@k`Uib%0L5+w%?<2j?FwUg3e1 z;6i{tmyiP-MBE$Zm!MYgIrIJWxr7S=&j9Kx4i@9{H5Bl^8?gM$gT?I&4;B{!pAER> z1A_Abrz76MGyU-B8Kw6p&zR}&h3~-s%0&l@4S=@*hvfZ_3I72w>zHGO3~!_BU8PX6 zBDm1`$#uT<&#%69kA*8T z@R+rD@0z?976l%YK9gLNF5@=oGH#O&<2LCq?h1K~d!9VTT?{3 zF3Z#}n}mjuFP_%N|GaF?e7UMHHCeQI*c3|2oxzS+OxwvOE9J!G5PGtzx&|T0W70}y zGl({saW;k=KDVXFrcL>{Exl2_kqkS$oMdZcnHc1}0N-s$hEsgM2wnF==GBlPrl%fr zOukNKYkgQ>V!gG&yfh1DdvdwTT0s)qL&W(mEYx>^&=4fl^93YJRBA}$zLp-<-wNnz z-%gIOz6n~9?IkLo%)-c^gA7>gjImuMBh#s*mC9|@S#obKVAN8_A_?RH(1& zLP&icFfqdNQWj!<{M|rx-Sx@Cz_0=3@8CAQAd7Blk|It8sJbp2Jc{>4GD= z#QT%Kx zr+X~r8ls3{l1hveGCTQHV(9`i*8o`hKkC&ubhBm5tiutx;lQdQpK9*W`IAn{?PW%A ze+Io(Dv=_eSwrh?uGhYj8o7J!RBXc8?3vBwLk0KJHgm&*Q@V3IS+y^Ri389xieDB<$PwNzuX@`w1D0F1z-EZ0^hko-8f4XL9hCga}zH8l)es$ z4NJ{wb8cyTSAEFY$VV;6BblXJ0Qrt_GQ;5)dm@)YF>&MSwR7os0%gx*mfF_b+tuFH z*5nxy_-KYmc8@pH&AH(gCN`;deN>sOmnY0&czgkJWfR{fUQJds(pHv~i-qn0b3<@~ z*=QU6NPk~z_qMJbmg&4pJ)*}m!~rH1KP#VDP3;sA*evd;5KoULoC zF&!&XFzQQSveZXOH{gypoc#-j7*38CAM?iHy_ zC3?PJe%#Fnm#^_tm$XHfY+AZ3;*zdWr zA=(`6;B!O16QR_oQqHI%U)BNmWRXkfZZJ!i9@0q%8p9LW;Y?}@&Cm@&8e=-1LvNEG zxA7Sob~+fKucIi8nIlWCU}x4CO>ljvWYCr~;BJh}9@)_{M!nY+8g z&MR|g5<*BPvpYAl!_F&nXUHzKy1uHdRN|wpeQ49xK4~$wB2Y_RtF53wW6=WADvwqW zYfV%tmA3S}{{P-PGrI(^C9CAj{ol{?pa1;lA#k#gBaKqhV>Gtg#@s%#XLID^K|3mk zPdkCjdkw<_0@clOXSP^?ecEi7d#)p2h@7xI4&%Srt-*4QGr1g7!Lx(qR%&xyTF-s? zHlKUKP&vH+ufN189@7B#pr_xJXibmHU4!s8d?RE%x{#~RD0QczG;}Q@V&T+N49^b@ zDV3t?@YZ4$RuTUj)VE*$5Rb#=56gJm92}RGn_t{Gt^eqY$aez&mm_`gkQ?qc+6J90 zDDod6LzE=7>$3}R=w7a8_aTNW4@9(VInBj#MwsT$)YkYx4Wh>7liClyNfqlA! zj0hum&C$whmHx7U6!TrWn|O7`n<(7Ex^1M_kS3|N&^(y3J9I~I|E@pt#FusdPI{*v zoqXI_*LdnSKr4LyCLgfNC~8ql&&c~M)v=}UtJC38VK zJa_!bY>(@jSF&9X`BwDCCD(>qP2?Rg2pbu?>4@nClS7f(LR)m^NPaSIUV6!8my8Qi6x&K}0cd3rRnUcsb#jTv5xR)hnNZ{Ht0 zzrHKq-xv6-z~=-W|0S{0CGbZC{;0rL2|QikSpv@%7;>+KY0rzHT7lR*BxK3ChHrR- z-+@$7^Mc3)G|HwCt9QqXs1m1sM44j`(Y$#uAG-n?{2%IkFD{My=D9y0YR))Ldpw3F zvY|*)P4^a}SQ(^)mhBDppR`e8A6!8@L%9D@rHcoV(lUFS72E z5hZOfAnCj4#sH}gTno|!}OFcartZe6YcWc0y^42uBuyV zmzPMp&p!&qcC`a-9HW{xj*9~*7+Q(o`3XkKoXu~Xqj8IDG?I!P$KNK|Mm4p4bVXIN z-5nQh&vWyAyeWv4vU*hUs?jWyfO@vA_L8bnbwf{6)W`Y9{OnD^MEyq}HteEx0W@Ji zo+Air3@uIO5zQL3Ve0~s+Z&@ib*G6RFrpZ)dQYVxPpJzeaYNM|WO7L$^Lu-0taW*8 z1qMydkWYwyW{U71l(lgaE#aXDiDtTOd0JoEecMk0McSzT!Jhm3TlergX_WSh(R{XoPlz z8lg%dG#yHZ>}z1_oD%pyGTwb9!mt9ViY8LjRv&Siq@+xg*Unv|Km+a!xw{D8U!>J$ zLv92EX5>%cicC; z9@)e!y^bTMe)yq}&8n2N<#}WeoAOSM?!tjH3{jw z{uWT!JnR8?9^u(fye z(eTKdwr5{)hdzI7weyW~Sz4Am z)9#OOd-e-FDDYarhw7bVt#p{?)m`C}KfwHr_Ja%~_l*w?KTFatKNt)*C4Buu{Jr^M zhUZK8e)-OQ^_6RmvL_0xuUhB`_s$Ti^G! z0?PvT3cOxmxLVtTo2}|Z@K^Y{c2z#FYdcl^#(&#Q6^g&Y?)B;ue!Xt7Q8&U}z=?<$ zBkg**)-;d>!QbTcja|Qm+m$`&150^6i{N({v-<<_+hZa(&@f#fz6CfF-7_J_W^3Kmqv_@y zV1pYgJzhU6kIFiGjN#!YWc@uUd^v#!75oOn-A_rpKy^+k`}q^E-+19g7hiJeWj|A% zovS!|2KbmdKDH&EuqKVh-Y!149FhHT=m9Qo;vvDOkFJd;a*qY$CyxAZ@XF4U4Bv^M z;M6)>bn`B?$mpDNY@tC8@KxxokHp*E=eOD}bC`V^t4$J?L z)DYaWcJ3lK54mhAmCTF*k>6$0b;y$iQUPunO!pHJh^E~5QsDL)#7%FMI}2!PuTtv( zdG0S(zp}f0`JmS{6mN=zD&|NhvTxL%TqMG9`S#^Bk{KggEUc1v%v>X9APWTb`V(j= z2B4lqGz|%T&Vw(yn7T9OSs+A5moSL+`UV+mF-bV$O~gc9>) zj>?q=)X8aCFoH=uPL3W#OKg;gJ8C2Y)ReZQXS#r~mP~Y-Vs0Y&H|PP2iR=tjcCqca zI+`NxD}cl-hZSJ4j0wd9?$To*UO{+8al5@p|E(2P&;+6`yt`N(BQi3&CRowJ+@{qCI;ytl0Ajt&l3MkBmb}G7~9bX=6uhX z?9>dq+%@c8)3~bKG$x%{BVFzov33XGl5rJ=_v&!Tsv5S_HnMYFBhy0b!*hlhs~mV_ z8+b_5_M6D$zfXi|gj{MP<6>0HRR|rq`<8W#KMyiIc-y)FK0SCle@}dh;Ufa~uLNQL z-|kOy`0mfHJ1YF#RKh0kUjpb{w04bjtMj$%7V3>=tG&15c6-OVFCs8Ftz4r z5evd*V{uV3=Ug^t>*eNxDS>7(LBaWgo%4m6DYV16la2{I=0u_yBB(^7dhit?YOpV? z61g@QA=kB`#WBU{QX;gH2=<249b-?=9cN#SEWFdJWiSDuQHgRTj-R^6g89&E8GWMs z9Vg=mc{`-7N6bRf)3{OS`%6z{`d;8cc@JHV^7jFOD*`uPF7OJ5y9FvbY}%7&WOI(v z2pI-?dkhXkxiS(QA@6-1PJgH6Zqlh$hnkL4aaHeU*;;Pkg#_xqiTigz`ZEy^_D}I+ zauR;D{20ZTs`Zt>yRZDs2^k-O%K}#fu2%kKzVXAOBQSb!hVbCALuqqjF|=q_kurZ(KhtYLiSA@Sq1h1+9Ho;-9v9+dFhw8YQIc;$oerT*P{oDtZ_&`4sn&41;X zY$u7H9Ov_6k(2V*7i52wgY}se`Cef7h`>XQARNGh%@@}0*ZQ<_@LWO{2{@1kA3nC) z`NiWrO({H=&_24&+_xP@XRc8(Vsm?YKqq=!T6dahLZ5kjPJ&kNRhlr6po~CQ19ZqE$w3GGg6srv|58!1Qwk zUojeZ8Y*YgVI$aFU)fHD?Kq=648Gxrql&OGBK8(X`|^rVt*cU!G(5g9;X%)DNns#- z$&+xE9u!FqRvL`o+y|cLp&cO8lLJe_EbFvk!)nfTmfGDk9RDbHGHd}joaA{IiZ2~b z%&HR-C{L}AzfTC%|tFoRRv)UorD2yH= z^fVIhM}K*|IsbqM@&IfJ3 z_vzoR|FIu`)vHf?&FN>n_RO<>;wOLVY;(go=bjh(>GMZMFL>S9csSzG#?d!izUhi9 zH?K}$@4R-`&z5$t9{+Q1{P{P%dHF4GecRjL@eA*K*DwCkyKnsE_uRDqz3+Sf2Y%&O zf9-?6{u{sfTOa!HZy)%b-~GLh{Qe*O;UE3+pWOVXe|F194}R>=|Kj7fe&V*<@A%74 z{?(m-{i&5t|IKGU`?r7hxx4QE{1@)I_rAYB^u>R;|4U!~#|IvK=qnHZ(?5UpYmYqo z*yI25uU~)S$!|RM&42sWzkmDik?(x>dr$wz_n-OCA3XbC|NTGDz2yF{evRP%uO5F) z^gq**yQyD@-}7?ByGZ+!VZj)bD`KHGptB+(ey2Rv(OsS2deLiS%qQ5i$DyaiFPxI-fK%d;1y zH3nNsh-kZ0>r_mA$8Xn{NMglB&7@{cp%}E$Oy%}Ea}J8vMtx2JeY!oq@)?!4SVT8! zvKS2Uk2sS`ifkh6C;5OFD7sP;HVb8^EuYI<1?4j#%o&tL-(1YLr4#+(+lGa2+<2*n z`gnplfyfiE)`iKgHF!XI${bZB=QS+lmjt6oqy%n5QrzO7wL1m*3NOptUO1)5E_TvM@q zemdlUsql>A%+}n6i0_F)TxMx*PgyRk5xJ_>y6k?XwP(+0pVQ35qZnj5qZ6D*dRo&dc65_(mA9;M-KJQe-mMI~2XcL@?zOgZt zdjvp53X5oa)+7f@PC(1SJEP13R!(b_Ccr1d12m11(dvDkoZ~#qrFKiw09@8JVoklB ze7FuZh*%y3W?I^1q|0^o%cD|?{0^lq80pmBQn)>;Q&HPff;?KWRDF~RQ86_U_JMPz4g!7Nu%`MWzfg3=Zn ziF?6oE=sxz7m74L*_RW|uE@hlu2c(_i=3b2lrU!GG{x0rH3wAX zq2`cJ?>H)EYm}$PyTHzp1~qMK-T^`Tq&Ev_llDWU~3L%1RhEuK}l@6o~ZG0(b|~C>r~so^Hk4h=) z0lZa(y%O+iCyuPpo24m_Zg>cx-!Gm>wSc){v8K0LfYvSoHAy03{sRV&Ms=w9(w~n+ z)cHDUwH)4oq~EN|q*kED*~ocjUo;La6G`5H4JZ*xXLo`GJ}H=Vh?*;(`eCku(%2ji?9N2+xo1Lxza^&h|D=8?`M zSOD|2Sv0!fKeovaRWjkvs0YHoRt-cItQA37ywWj-m_I|pwWqHkamuIWkSL#mPx4Un*p?CCCbm<=}WM!`0e_fxui0+ASgIIM%v4m&{uUe^4V+l-Cu;K+BVP%F@kj%uh>0AnuLhG!A zl_?}+DSI$7ZP~sdfboU#PsWoLdOEez+58S2!zKwzRz9E2>p*t8Ivry_zJb78EFVil z75#||usYRDByGD0ivfKB7c+%?(e}DEEUGkvLD>h^LBt(%fn*pXBHOJ%2U$y=GEE z$&!sjpNXrH%*`Y-$wDcfqU9D`zY>>$CDe~ac*B%3sY1Gx&FDI|W^*)F(ilC`gP5!o zUp>kjclZ|&6BRiLGnDXxi#XO$pIuTECdY^o7(|XREK@k5Dk>ez7viyeV%VDPiwv$@ zFOt_?A6BpngvJB`4eNdZ9r*TRKvW|v*)!I5^$qAY9n0*1b^~rm=DcN7%uK>W*we82 z6n;b;<(03t$l!`AW^`Lhlf_Kjx9a>+IY6$kfOU-8>-lU}t*GtNNmWA-;c%>OIfW)m z8pA%^xs|5zWsNJU4pv>exdIj{~rEc zxli8lAC&Khg7BsOSxOoL{@V-<461HdT627#s_{*z2^T!4+3Hp2pC=(&ACQE;*FMGd z7hOSi&t0n{_l+L}|qx0nO$c_`LP>qQpWSBPerh$7oyLNu->N^i*R!0Q9u>zuCg zY~QFYnrO{tGHIm}HWvZNxd=FLGM`QR)RaWc6wdOZ4JZh(s})O+nV#=yl%;~ppK?Fx zGe}sep=mID1wa{T>awe3qN>bq?6n6otX8zi4zKZvftpnrWe1ET(}pr>Z6&RxWV4i9 zTRdo35nVzzNEvt*_p_&q3+>$4tn_KTlEgKj2-Gpw$vAu@-+gs$?>`4-22?; zK6l?UcBo&j7rCX&hp6)0^=Re4XPjE6@<|E*RoT$0LG$fhTlpUuA1{Ak8}%o089w2= zy>5-0esz&@S3g}i-+A&qM(nTBr7lo<7>$b*o^tgru5{O3qWp`lP`LUUiNDf=^-ug$ zuGwX9y&G4#wf+{2Wy`zcZDUJ494fQg^4cwXFFVU4k1Y7BXL;#W%tLwM zN{;BUyl~}PnNQE0*H25h@1rpiuQ*`WN%#~UE_xF;dh*fk{=EEEfZdmee&N?Lj*9=gf`2LaSHs=o zX{lC$;b6I6mQniG=7uYTFNXEwsvAAlWI8vz(AT7w`s1p{Rrr)944TrdBA$r#eP%H! zg6VaFdT#Q5kKQh6XSWN!_fz4o*5%alH9o7Rd|C+z9f!7(9)VaQYOh}CK$S|&Oz9P@ zR|3nK-g2ysBFk9EEWHI*b&(A6i!(!`Ga=zqNO*PWAzjG7J&2j_2e?Fm121; zon*bZk!8LfGH%WZTm>!HS3$gP%=C~a?K`S1*MV0!N*&g!H@2jaY=JvpDji!IPv$b5 ziPB`dG-H39Tq4rV$`JS}N-kr|^hGvN(={mZD##+c+z9xm`|BI=9=S}HV%teX@x%&U z&8@6!nMDjp|23YpL-nq!-4X&|IlFL}b;Nj@$c}0C-j8+H_=>V7+tL>#r4i}wF-RDY#NTo; zBg$oK&16#X8s99G$X0ZrHUFxeHt%D*dyVPXj)&@Z=nb}&#A1ovjuiS%%}S#fFLodS zUwf7p)%&1|M4V8SAYwr9&Kmj>0_s;5t)iplgRdT zSMp`98kpTN-mt~#wn=$(vCd?X91x?z!r_LQf%y%=>C@`z42-k}+g+j^&6;$MXr5{= zrHf0%QiG%K6qm*$meNAxHYd;&rjt6&U7<8E30n)__N!`9es$X{LhRl&bmTOyYJyIi z$zkuxbl!-;GQo#g8q3IoSx1}dg{0vo(ydspGMR2)d$!lUp?CA7$n1y_Y^>{#v4G{y z78+CQgROLCqHgbfjV%og6~2aeTRKJ=$wgbnTh}!Fco|e!2fXdAQ95CScgjE&w2_p7 zQmoz>Yz!5QY-d`)c$K#`Azb)Z{r#!82NbrhRWPi0m;oAl8u~A{4;E>=&f>VNxP4fILl3%~V zk?5INDz%D8eFf_o2(~n9VfI4Nv^Y_*7>CDCI(F<>!AkxW;OPe+lq3yaLTUwhuY z?$mavR*c@wy>8!Sx9vI)Ie%A0Hz0V*7=^DJv)c}xrwj;vXg7B{d~MNbWLX?g{Jo?B zf|^-{=tV9X%@%Id5uU#x)L4V{F6km8-Yq3KN}Nd6a#EPHlq9T&C!6Is(mlR-whF8N z4mJ2GCUEKiv8sRe0a{l*=rJfAHF)keJ2@3b9U~GC4G-Zi5-VGaKi{(cf^nzQ8(&qn<~gZRp90|8Z*z8a@4rJSi2{MNMx-{lvrdFvPMbw0=J48#P8*GWpl^D;zV{JFcIMx#bjFz)EJD;!;{FzPPN`zgE7=*1Ypgt0WSj z3RHZeQt^pww7c7A%68A;g^iq2QCGHgzLLUam*?=(DCq)LT7q5bfe&Ze+-O5YnJRqC zB4YkX?AT?=&RQa#>9R@0j1Q)pzC=5>?+Tj!)2wK-gHCvOW~9ci*5Ep8);Ox?Bc9ku z_YTRkrgZN5v7*|LOJW(?^U!qILS@{+q+A9)G@GN71JSQ^6px0L{oX~F<8dyBw8(BEFVdtXpg+S!!P1jI)D^K@a#>OxW~|{SYIzj^!F{kW2SkYhusZleoVpfb{C>Ds9a z67Qs^W*iEiS&?zfd8f^iJ&LZfEg9|8Bx3!{6De7<4lFUZRw>fLN!za5+_`fr{SKjU z*_c*FTwzvT9m~X|QJ1Z{#G}%@##X`Xj-X>t{l2Bu6YTQ3Sa3aQm?PGyCYp`$#qyP< zJ06>FpRVYW-SyA*2c=^2v~(MCcWv8su*6VfKCS#(A2ehJqtdFfTe0i!iDxaX*k$F8 zBcw9A+P4VR3W6wGS@NiL8MD~5(m`#0vIW%(`LWWp=>$Y=AUy3_2|lv?Hzi3dBmJ|A zl^~s`^o7r+N#oc_%(%nOboP#5=|Fss%J(=n^2CeEecGt7TboGM$T_ZkDO441I@%i zi3dl>)MkFLyO^Pt@C;(@n^hkUl^EWb6Z9D6`iJBOsJ*W!MHk6gXFNvBbEfon;b*i1}tO`sj z7%0d4mI=owA5i$p)TmNP-$p&WgS7L5xRO4gE7}k(m~_E`^^?ko&i<|W3eV<7Rdhm= zem*#nm-mmD@YDj8&u6G3I&Pn3yb>`}Y>u=nny@SKj-|V=#vW#K<%JWmnmHLdS^rY2 z6jvz^MKP;YtZIx>?0>OJ@oCA09!HvLBv0-_xP-@=zxdxwcs_i2GkK;eK5E=<2r8d868Q1pM=9b`N>_a(b znZN@oeB&}%>s$p7EO3CQX=$ru?>Rk>mLptsm1JNC8`Ya6eLLS{$+fy^Gs%wZV6>>o zE@?O!5?CZdYqC*x=Aw^|J+JQW=_;1h;bxS9Gs}3H#oZaLs;V*^dPh(fWLw=fjqcDF zVzY!=HkTw5=S8Rwt8wOIC0&d)>H$_5Z^tQwh6m=*Xr(=1nbrH`zJM7OGLcp)FB%BQ z64_+R8rsx}0P8G8D!H6>YVJS-Y;6qI1seSGYaH7x`rJhZ)~2^umkk9jm-tAt$hXQf>0U|uv+hkv}*%yd3Dif8F%Z5^u)XS zsB_8@2xs7q%6~wSY#X=#zvMembCX=V+-U$feaK zcd?1kXu<^KqAWTi#WSruG}riSZN3%62*p}Wh?(0%A!Ce1!*LEG&qU2NkoPwfMs3EDq*~U0wklBrX$vt%!2jpNmdoWeU-}; zr`riSXVi_9r!RW{UeV0p&R%I@a6O`l`NdenA{UTXy^fWt)2f_aePKyeg(rDe0cu2c%OcGyC9SXc5<8hVj3}iPO6*@JV-;Vr!s?2s z-Mw|$>$nI~Uy(UfY#oSvHcazg8TI8;%3U|VS*`V1>|96X`eT@u&$?l#vP-V{3eMZb zWyikyCKbQ4=0m?(`3J;4`Xjd~`=i=k?IOWmd$p)nd08YKt1>#5qf_-(GHOd3?XgO&hQ`6l zrk|sqqI7Fo>b7zT(n*!2MZQn9VHb6#$~bYWsx= z;z~||&XiVm%Xm#sRZjLSNRN(f^h{Ys<(tY;_J0gR%4rZ=h|-dAgs%~`+#X5Av_dR? zH0gU9eMAwP#R#mFGXEQF7mqd;Xp!)RKAY{QySrexx;3?r3ZS)9GU85zy07ka)@R08OA#;ox4aG3mLVYKy$)yfG6>XDS=C~{?4?3ls=er+N z;S&QRMTo15la6JrCN;o-Y4weDH3sdob15I|<+6t_L#ary7B^+ zjK=zytal&gz5lJN=c{jJlVfaM0M82Gk$B$NhG1}JOQ@#U6BMl{|01*wirDg=8Vo{} zDLow%Bl@Zjq=M zYa@%a#k#c`T-H}>G*A#7n55X2Hw%mzO>_}1O5C+}yNJ>u)>Ip;3t(MqnR;VgLk@p! zgFhT5wFa_)ReI0r)OjECktE5;x#7ppSb!>7=xc7K88BxlUss`i3airpJ$CLC1%5TY z{|h^uSkY-Av0764qt>nt(_C7(E+_i)T;|JUE@gEO)CRy!K0-O#> zO4bv{#*3^|QFW$83qKYO78~;XiLoo@{!CrL%@V^qVgxrtu;8DCT?T1|tzlMD#Z8BP zG||gc=bJu@`iwAeQ91cshZsrFsHg~4Mu)?!0H4-r&32Zgqa^2Im#QVV42;Ec#(T|; zG4DpiH*x$pU!}$J#p@h(hPF_?&m(@d|9o8V8o|F6{F31Hg0~2MRq$Ja-x2(t;12~~ zCHf&g6aVO`3LhZ&LW%#f_>UG`C3u41;{{I@JX`Pr!7;&S3eE~XSMWsudq9N0g3poX zT`m6W1>Y$67Qx>U{C&ZvoN|g0ZVrZwx&Hd*@#Cuv)@_6tp~)a6=!U9k2r{d4y>^Xvo>2S4KwU&--sujCAOsLv?Wm&na zhh@b&nBkWDeqZXXxgjj3z?g9h*UgRv9@$k zd##jnd;Ww&LzLTA zfzAcZo<0Hf21hQo*&X%8g_;%V)7zp!Dh42FX3PN7O6qaY#5#!UOzJ}mXz9a5Zpy)q z4mye`W8rCTI&HDOWFqQNey!q+X--wldNo2K9ilxxMz%XM*>sK+uFEqW12UbXC)L9! zKkh@y<-DYfEtY$Km!+79QsQ5<2+BexX@?DkxH72s@tt1-`Xlvzma3djk?rzi`KsL1 zfprS@=(-Jrn$WRHbzh<5cc(O_dQoAgj#)R#mZEsXQ$Fg9Ufs<&Z@4@k50iK+eWJX} z9=xgvl0b>G6rDd@-e*AHj78f$r znR5xQ&OqIFesumyWvBBiRV{{d(N1fBdYQ5EXqB@JnX=Gx8=+x^&2&-OmGcr1Gm|q~ zh9u5fcwZ{0zIhc{AhOC=7tau;QyJ!ky*W3@gx zj^MW@GhL*KpSqEhh(;&Hi;e+GZx6~W1206arW2wkgAYA1YU}h+43d#F7aU6i-{Ga1 z!wvsbEc3jh5e2$NBN`XdNtdM(#WBE41=?_q^-&yKecf0b?Ia*Z74UhJX|w`|!3D!3 zIEk)D%_lgsg7-1Bwvd_9saeH6(dVlyEH^A2Ids?JGW1j9prbvw`cx5zhC*)hbfn?D zWaV`nnkV1%y4O=O@6-h=>6}-VgfUwQV$_%$?~c-KHFjj-WRz6fgT zQ!2+D@u5hX>s9W6`Toeh-Lk${7go$zeWf!}and=Jj(IKUsLbT>@wu1>;Z~c8u)=xd zOZw?G&z!A#N4=%IAeRHLj^?+}rxwTR@}a^zPB`Ux3^!#&_YP+g&x0H%N#hLNU}>LX z$sbu9tKMeKRL*8i))XubqXKLk*1+yAf?Rq6qqJ+Dd+pE!$CfT^cm@8 zy_MPKOxU1cEdORX48a*E)zvqh>^wbBJuPO`ES@U&Qgl8J=(Te-bN*V6Tb#(BUUmDk|J9M)e z%yZ+$A6He4f8&grnsNLH#YL!jWtpq3$|$34N4ZhqBS~Xl5AjXbhbpu%T&63z%peN^ zis3A@bfWMxVDcG6$Z@o$$iSIPu*ni)tSFYiXpHF+*u~9BN2V2xDnbyYih)sl8%q`U@Jo>P)2;SP3X8cb2 z8sF4NCf=@eka=UY79K>gb|8;&6l?hy7s;(ETZSu|Q)jejFsy#b$@gAm)Y)N!=cfv{ z9dxRw+a?TKdeWw2zvQt0QR>gr0Z+Cm5VoPi?tZuHJ^+dEG!*tMWN^%dgZ zmOb^`TX%KYJ8w@{#(GnDvQb9|I?hSYRYsO!a0zrOu}Qk<(Ty#hC@lKvYLQMNGCMVv z+FL`P&AnJ5HJ)DT&@$}I&bycNxvVH+0Jm;Z##N7VQyXsOh^o`e8c3c*Qnl37*|eST zA;U!tqRQu2tg~uVCdO{oNyS$BYTd%Z%KRLg?}}lmip4qWA)>*qOn0+WXd&9c7aW#y z#*9yd*ZA;~_5n<-xu_S?s!M13z zVz+5$Iucqo`S=ndsSG|Xi}cwOLAERA5p1TdKMm5f;c=)f*T-XyV>vEW-YH-#*2CXK zP6KHqP*-%BDqpR&5zevk?08SEoAsti>zPnJ(QZLn6B+LzR0ZmZ!VrxLwkfqT9{srS zsB27dmKW~=Wwf=Amb`fVwb&bMYgSeeY7u7pDoZ=xGW!tK2O6S`G#i zn_EOIo{D&`h`|n?a)>FDy$hweFn0HElV9J9bujBJWhVT5w1(dPgT;x*;pV z71q>52U?aEob6FRFo2|uZ(fW949v|E*d)&}4zZ4DfFdME2aD@?%5Xu4mJ zAf9g7%T*WnR}>7;*PES-vC2`cy2RKHl>;KpPRl$MO>?WSc1BC%OwqKU78go6NCXGfyO|cWn5Y*F>#YDusiEQJ8Etuo#4|G+S_1DLz@n|Gt&B+ zI#}XedcRngrh3#0=IJuJE0PsW!0JqjS-Mn7l#w6JQBftsD!*2qo&&t5YB1D|?D|%p z(a~-cwL^Z6`m5C=^^sTrbx!8t29>rajGYOr9X5Y|ClB1T(K;b>q} z;lj#6a{yg;$wETSt4*ZG-&K#>RAk{^7(2U!&#_b{OHsmbZQVuiCnxS{R@g<8l{YZZ z)a0Cqx1lFPJ^`;0Gcr}@5{64V#rAjD?a)GDkGObrL^Q4P93bCX1S>HBIW7}Dotroo zwnzPzgLlND>aC>ST&Z=eDXqmuOCwqB3)EGH{PP=v{<^|sJeAB-F?A$oCseHB8&RXj z7+vbD*f`OsQ+mWF^Hs%UqjY?=QCeDBJ${~%nLwv=Z0i_KS}7&TV7yW|*A?s4ir9jpoPGy`L# z;e&T5yQ7&?^yRT|o1MJEc~+-x&K$8?7~VSEtM08PeHpPBH3Ga!uGe01$i-%tr9-b$ zPGWVxE42%vBk6Rf0dqUc{>eDT1WNePT6Yw*P=`;$f`{~2i@nP>R%Zlf^2(3C6Mcb* z+iDCoM2eB+Mn}}|Ko~Y90y;vwZtGNdm%SUj^XUNXV zNvZZlv>HLhi&X_g7}aA&BTxJ#jpt(YPpgw8`7K((itIYiY?hvWixpmEd7Wex>Xe4R zoLT}GDT|byD_$rw>JmbvQADe@>()0AH zElA-uX8G$I>Kp3<^T^~V8)^;to5-fAAt$B8c-UCyUL@?Gbyvwlyv?3r_!F6BWH-mCiz&sYb!l`vV_J8lvy*O%W3fb@J*y8BRW3QJ&&99h z!iFcSTykH#h+o^Q+B;d;Ze6({CFZN(vuMCN$H1I$R_W0TPe0r!ZD(E^Vux0&7)Mhz z`lba$AZKc@Za&@apH!MTxp0h8m^PnIDo{n(^^Z)e@Ui?&Os=WIfd*OXZjX6 zdV>!`64#i|8A$9diou$iVYgORLjoquA?ldVc>knsCRn^K8%y{c5@4Xz!z-~`@#c}$ zX==6^o8>JPNn`3$-(6Qr6?6UuR5OupY6Rx_XVo_bq&2`BYH6GvFdD)wQ;q3?X5vNi zvo+<$U@+vAERx$iRY_LOJFJU~yV!~TYCi)X~khYBg;Dy{<73X+L|e7@DZI6q`r#Q+hqR6 zl>^?pJKm1HkZw)3Sfi6nx{^yf2C<|#X;`%p?IpXTkrW-SwsMFrveKBsuTa-m<17hHkbo_W@OlftUF}k$c@44_-d>qD!ieDVxXfoZS_h2prZYAv5Wox6| zT3?bnKB+E3%_`wQz)AoW>A1qA6-wNYmz>%rV74b!jMxs-Cq-I*mtxeyH4vP}V_k*f zjkH)TXsIY%UD^^eM!bT{KWnvDq!?=V=%VCDs}lshh36vig|*V=o=ddLxFs^d2ubwG zy=9>%S%ST6?~Y<7E1?kQ_F8LRQ*Wz|812E`(z?Wjq0JYsc-S?l+=g}E%nV|bdMu~m z_bE%nyUV@uklSeASbaKIc0Eh7S%<|iM<6fv0{XCCU&qgy-Q4W6m0~OYv|9D;v09OB zqQ2Bts4D&9_q+x}>A&DL07Squ2jE_UA)i>^f*ZA=4eNrAPS!t(6YhYaH6a z`3j63Dux=fMMyW6e0HF;b4|8wkux)ZQ*jsFJ13HADz!79L#e|Y8CD3dc+SIVt}S0C z(`|93C5yN4N=3Q8qnoS`vRXMq^z7crZY%3bp&0RsDK1rgBan@>XQdRxoa1nobwt%+ zxuwwyqfj<3H>PCwP!a1jr&f)s#hiI#f(D%9^?_;<{Nl8d?7@zhxG{5vxcDZEj!Lyv zqFh@m+mh!bddRKvlI!8D6I4|OU*jvjTczmE!RC-L)X9R@R#0#fK!sN7qjhVTufs~2 zSr#%DrwnbloA^0exJYsAJJph*1;n*zyGMoE;Kcbq^-<(I;GHs&zKpv1=u%RqEJhxU zr?Y+bF)wN-k<^E5>fK{YMe7>5NUkQv(xRdp5@AliKDmdb3N)8a+u6B*_srj|oF37>-X z?&@nDMQf&`s1b>)j8CwA>9Nbo9jU0Tl2|r{g+;uk13<;ly@ELVBO|9P!_X`oZ8|4*mfV;k~ zVJ_?1A^L#*zO!8Jxy`m)<#RdQwGKDJPt)#cbM3U#q-+!(2-xnqQi-R3L2gxOAKWCG zuid9g+SflvTA{y--HN^&?&(59;f<#$cQw0JgmNqT4?iv~DE0=ZKr?bFR3l-sXv$>T|xKdwxX^C~$toXII{nhAP7!3WoHtiu;(#x^If+6`xn}aB1}gl=>LT ziL*260%%#Y!qbhWFxq*z8J&-GP_&@MVT74>yfLr2vCe(Id9nMPRO|E5{+lkc{d9a# z<)PPlFm{sjzzGsROrRz0rhmzk|M#c5{kKeYKkqot^G@>kAHT@$_j{fnxY%93-+G>Z zswcnT#qQ^i8C^xf1eRtjQJ#17(Y_|)8J0^4HKFpZkXdoDr;Dr0Sj_694WF;H)Yr^{ zTt0SNI~Ta;A!*d-^P|;}kYhMSLPS1aGwmlGSRA#ausD$&?c3I`j`ANcAQy?lNXHJ&T$wNd`$q zQWSNxX#ew^JklBWSWE4VQ>H3k6iL0OM_Sa?Qsk6M-PuQc)#`+SnyFH@*W7(ejxV?=QMz5e#;d4Ug?`YQBzmhuR(Eap`3) zllZh1LQJwpma!t|%ua@=$?Bk!KdsV^KpX&GjR_T8h;|kx6&(teTs|Lw zMtb8txgLwL&Z|ww`!;kS9#7cnA)P0(rRkM71_y zSw9U!VyhYq?G)R4cAQW_HY4PAog(uExO!TJJ{zV>B@7!?q$;SDsz^R8s}9O9zGlNN zl1n_*qGMP5}tu+kr}@n%Y;l%Ti$6rh4C_8bM&wcTsq05(_+@6K+QNj3){h6jiHUr zzJ^)8>Z)<$X%1+&!RS5y*w$kwRxSh3I&|5D@dgs<)sr&TM50y1nrG?z%cZE7|*|CHqt8=Pr0QW$mA?UarQ|>bUw|dz`883c;zx3V$SnF73tMaqOSG z`Ks%Q84W>NTYC0YMBv?5@$RUJuUA>AhEvB_)Xgj4*mK!;-n6dkqPc~iX^YzhR0%wc z1QklAl)JN2CmTO(PSdpcK5JgahieY;UMny!)Tpg1Q^q0Yu5qSpstq;!nu9ebm1d?8 z(}%+^9xt)&_m%Mh8~4|8g9J$Uk28f+U*lcZD}2A;hXfBmlgHw=96pXOqFSc^*4lQKS z!_Gl}ME-auovc3gw5H&!8rQnbr?|0LDcxklm~w;gA@!*KvPkfXCGK%?N_xk}#a??{ zlmM)$(z=8WneJp(;Lz7twepzahRVXKw*$!4gXt3?~ zNwzG9En6*ep0+tLi&i z5o@*54o#8j`K_WVGG~ZIUuD03lC?_C3)a%>UMVbxhK))YT8!Hi4<2=OG3+9<3;3wq`Xb5{8BZB zn%7tMYJ9Geg(q!gwXS`Ai%hec`qoqg2cbTtFG46!&*a)FEtz?~?^mCpXtdTiKvxh- zTa2w?lA4B2s3sOHX-J5x%B7D{sYheRKAw|R3TeaEhwyL+(a=oXLA>Hq&9b}zsTj!H zHZfmmCG!j-6o0za2l8^%O^GI6$(i!(!}c^z=N;;M=e?Mxsy)GE+t{!gG-(&4E3;*3 z>YdW`E37_%Ntf2cXgHIqv>G~n*5WJj-c>$cZ(6^70Q&>>1MEw@o1{k;uos>E(p*%y zELv?O8;2?SE{e!-_jO+M#@S4r8%U zaD=>{Ws^fu*Vtpb9`L=T*6p!qL!7uH4Y9h)`U?5qyI>Q|tCDDy{!a!jxw%$Yd0FEQ zDnzZ${=M01r9`SuwW+r}=EXRcvRT@RD)|TAfd6L-V&|{qEJ-yZ`ic}lboE8!B=y7A zp-|+?cr^1b6-LZT;Zue&zF8)~otj|j5MP})rE|<3N^GWdUcnBviBQgTC(nG=9!Upe zw1$7Bi8PjJPsdZ)WLol828+1k8B=xlYgbRTBuko6Tc=TvQrP6ae zv&d6`W#%QM)l18Y3)woBId-%sTq&0Eh6XLB4R=%zu$Y;rEl)1NCURW_U97@6mJo}{4*m~b%g9BICs@&96(rU_GT8XW95rF{ z?rD}QJI-Y%SBG1rAW?c%XiJnk9pe^`c4ahcmK0}!(n`sX(U450u+?VecANvdT<=W! zZb{C@lCfrGblPyR{YdIds<{wHFs6$nt?%T9h1K=xO|z14taEag&5b9hA^MbMr9PV- zBtj-)Jdp`L{O8qdJmW~L$5(d~;5VWm#Uc01FCOmFy;muo5`$|#Q^ic zcNE<>g#KHCZxei<;9m%SRPY+XzZLwF;Prz01-~iyUBMp;{#5YL?G3v-QiK7Y8jzTTKRzd3+xYny^bUBK5IAlqpE1}aTmOGuC} z*g^+!cr7GD7xc3@8__DuIusn7=99b3W`C`}HcY}khDyh!X4`Ge^Qi+*7=K(fh^N=% z_2y0Rh4@wHhE;~)P#{oeG)!v<&NUk98w0b*luxjst`c3ozA4z~6r7<_1R86b=7*YT zRIo_GP7P_!5ru8KNk0is^%-SZ(#W3B<_C?^oX=3KtxORp2T6d1GO;IC+@X(^U8?#|RHm~nQ?nUSm_i35rHEDh z45dD~h@lw-rSFOKDwokr3a+hlElUfL%AhAg>izU2$c8u#jIxnTdpxdFDow|>VI_U? zZe)1{*4Dk4F;mNGBCG8@aamQ>XN)Y{2_Q-Lj(D1G$2EhmJib;>z_tJw=5|l8sP?fB zm-zITPkhDj6|Xy~4tOH1vMC)W>4oUE=rmstN*GUcbb0R7CTKmtUpuqP*A!z(B_-Cy zubA%5do`;JNaD)F`B0rci}ampb4;es3O$)Nc-t;ofwE=u%2uIlnxmP=?PBr=sk>5wt zb}Xp$*&@F=ldIEAEGdHalbv~S!?ZFZmDW~f*4>I_$VHMlpD)_ic~oLMDVm7o6UBfy zKbr-V?acV4ba}b+_$q5kGc}cki<~W%DL?c?I)t3e8e2#&MQgMhBSs=A>afP99D^ub zXQ%0A*vD+!hG?~CZg;H;KxtBmvyD(uMJURjEESf#xK4IQo!ihdF^i2oEh)gJPeU%s zMPm4_U$3o6<5!_vEL-A|Tck6oGV6|a#Mqw3AQ?8rDi!~WWfr&8r7KCRa#j;R#(Jd` zkPm9Y;RcNP(t+H{f?X%j`V!Y?$vm)9w)Wl1Ik3@U7&wlWb`ulCAvW zSnQFWv3c|9gghf>ak0cw^vZOccVB2ZlP7B};F5?nFW62U%r7I^p(RMDzo9|GXls~p zX+BlY%b;F*Vzy!E0u*Y)B-Ww1#`B3Ns=_iviE3wC!WIh{9Y}Er<&#VDDua(a>ANvQ zl^Aa6AT|aq!xLA>Wu?ma^NAu$8I5&B&?7QN70Kwf3vx^pwjqot9Ta6nz&+s;O7wg> z4a4R+V?+|kL|;!bmm!lKQ)0alI{m6@Pxg2$rResh4zpZQ!WI`rugg|umbN<&ley8+ zWrMmMkedf}UK~OT&%~T!YNe$#V3wASpTs&;d`;78ea9Yu+{7xYU6LMs+XR!cBZRK1 zB0WZP9LJAbp<)R`O?M`@v@NPlm+u>+L4lrh(=piW4XJ^?+QwUY`N zB|O7xK{{onsY~BjhU!BBGBhaDnBA_&7C4N^7k+ybp2LIIBy1=xWDnrasI_|rVFnHyU21U$!Jc{NqGkRDXL1CGF7;B6@z2@js z4nOJSvyHK*96?>A3IiWqCXmQ|l|f1)s`zfYiWuW3RFVF}QDbY4IOVV@XPvWP;ps;n zb@&;Jjy~z+$tPAE^X0PgQlkx@xjR1AGNrUUla1QGx$#7OU88}qB$eqNt52G3Im!nV z-^-n%FQYx7aHrrCA5!=af;ZQeFtvnyGsf=bz}1q5M_2r3;mls|O3;KwG@iOB38S4eLrPLZm_qDBU`CBI|;W zMZM;;DV1YmW>*Xe<|*^Qs&b*c_PG zjLzP2o8g-0 zG8O3~_Bc^JCc4I?rfFncKqJsX!`B#WtenP&N_mk=KCwJ6Lgzi%Vq9HFx}2H~s%Sda zHI%wNdU=BzvQm<#wk{P8g1(H=6?uFiO1CO?XEc`CWIaIJ>O(Cf1F@l(fs-mj znRVapEDF7jBU2+kS8c?u7F!#O%=LC6`DGCpK5|>M;c!EZPp3H48bif2FV0KG=t?+I~ zvOe0LDK%C4S{2W7*>ufXLNcYizeH|)ElY;9m$Jzw#^VH!7d*izEA1^eY8B6Idz?+h zWw01A#2#mbGFGpSBx^=fGR>i@s5vCk9ZU10Sknr6!Qz+-PownB7Ru9>_q2lZMZpx#Spcd0-iY(BVac#~Rjcw2ceJ z6FQfSCvrz8vfrH!y?-rE!_i6@n#5b7M9eGdz{cJZ6qcNafnPRZWTCvOu1+%L<}XA-+)dqP~lc z6X^n&E$|{w3D)x{2ZeKObVO~GcK2%2R5S<@>v^M6EgU8jWo&%J-`$zS61}U(2&qb( ziR!ik!>rqx4xdO#R$Q4Kj$yX+**xpq`y8L3DeU*znHlL!#E2PD{7o54j7|fTtwa{> zGH91pV;6=8VS^NHXUd%x+px0orDC+JR*Lqb2Hh*rEBd>$jeID|2aJ3;F1pINeH@kX z)ra(P#i3tsT-CwX(vz@1vq=QDW?PWz(FUQA}tyskVD;nY&a{ zuOjs0qR?MK8){UWTvY>NnZef4%G~o@7PhLOERMPJvsP=aP^I^ci%VJlbbA1cNh)^U2O}ez=y!Q>~EG0!=~W+T7CA=*>baRP+S< zYik3c{Lt|H#@d2`t*2sXYDHLPqIg>@pPug3W2tck!p0W}o8Sp!8$C3?VThxPzNDCt z$+%`zYkcD?Xx1e&+TzL9_KsG}Pw<)OMr}hqT^cs|8|#9z ztTq%&bjA}g2m7=uUuq(ry07&b%<@Ir=p4VhPqnXN7F~#Qz+q~oyin^Y(qvri#PQ2^ zXGC%w-_7ptVpfZmT%qI}`EcF4ZV5p;c1L;5ZlVaTmgoe_t+!mqjvriK?T|rp$)|Ho_HsFn#R{qVADc>I<&l(4YEp6baZlh4Nlj^{ z5?`2*Z3{+;1gYzK>xL@RPP_ngzE_&k)+`NdKPnvajS@rAi@F7v%xh-^7W&-gEj4+E zoau-WR?aNujrJ{I{)Wk9-KRpaYv3ESXGE7tq&t=1BWmlLC{-6ra`E=oYzk2eE7Wq9 zrcP=Al0D6}%M9*o9G&S-X7wW@JxLksWn$X-l68OGLCMW9wp$mTEESqLUgG-&nx+ z2D}y(^I>@{Tu9V;6uy$Wmr%qNN>ItxMI2T3{Wt}E5fxe%Nu^rlqjz^(x_^k9t}Pyo zOJ*5moC^dMN?Mzob_wakLz`OVpj<++)ADo3VzjHqnLjVmzBuEX080BAbOoJLREsa%_4Csd9d9W^h8Ld8ccuC5lvnlU7j*|w$qxZBNOc2_l}y#v%CmJv|f zkmz>hYMUcf#EEFDWysIc&tW7wv+b$zt!#rM*-EVlivXJEI^vy}s$10|XRAJelj&AH z+4?@!O{7)by4=tUOxLQMPe2A=#KY&w$ySo)p{?*49>3enZ_#`l7Ii1^bgouJOQqv` zbSpW(gSVgQn%k~CTu;P+FAH+)iKw*s2}T>1=~f<=Qj1l;m(9NO*<$yQXP>@8&$c(c z%zhvW8l$8@Nw4{>NmQ|QXRJ-Loz`k>`I+#UqoyRQkF846S(HG?K9+b&KNIP$QYlatgn^cFJM$PqhgcT;tI zwysEO;+%7jq>#f8DLfx*6fCvmB?ehpW4WU;i`a#9CMigQ$MP|obDF{oory;!afeIK zg3G|A7#yapS8EQabDmQov_@JT{e8u#sxBq#l)nJ?hKKe5ft6DlRK}FH1*EA(HJh z-?~HATbU)1YT9vHE{-M*A(I@{bm2;{; zEAZgSr7U(=ZcrMv%hThh)qI>LAw68vEM8r!*HKFTfUbJgZAY!rFN#o7geqJ(mbOT? zE3dTqdQ_}*$J>zkc;-Gxph=>UvY;aRtW8N{Ndbad336ItPb%ec?(`k$Sj>7-raeWM z9GSjMR;-iIl$YtMj77&!nl$bNBi0_xMA)KhWg?!*rY4OamlrnS_=$O8WG9yLq5H73 zjzM6B<(V{Ye1)bU9K{s0u*SN<;H#DtsbESc>0lB3_t428(qg+=s|K<#&@Y?oy1%hPh>q>CkhbQm&R=|k&cKu z%iy5hzCvg#N(D+o;*_kFp){jE4Z2FCTeRTG6M5{)B74-Gqwsicgu?qKDY6-NBCHi1x5=sQ7x(%|WM!o=iON;rcc49iYV~Synl&+!!>u^UTHh zOiQVo=V|mI$Y^2IaZszdGCFx-tvDC-kl|K~#Uxgo@RG556Beh+#+3yjMb?oS!=3kZH+C} zMWR`}{Lt^K^{p)DuGf)GImXY7r9gmfLGlGYooN~4CmpB8Z(27i>jC!MTs7JV&8-{l zR!bsD<@QpmskJt|F5()W(xQ~kIJU&}3AhoqcXg&yKA@gtln^y3Bf^rcMvp>Xg(xJ% zN?9sXO^&B#`g*$KiN*OTx)Wn1u1LzB#du#I7B$S@ke6PC7fGA$;k0zRv9u%Ov*yV# z35H8WsrNJdN;9HfjxYtKb19+X8u8Sis-;euJ|o)rx0i_OFh!g{*0HODnCmt#36(VG z&6n$6RX-V&OQxwU__TBxx`^5m(Wwvz((x=GPoO`ce{`uqh8U4_D>6b>vGj4atwu_Q zRi_FoUe2oe(Ykybs+Cwk*%4XmTIV`q*n(9tg;liQaOPqyp?GC)Orv+OkJ;li!EjhS zBO7qhkx0VANt8SqkC3*c#XjO5R!SvV#S*JiC*9;$)1b+(odo+-hJ40Dr(YO9v&cfP ziW8Pjr$+udc5UjSY8@0t1GRg;I^)qTp3TI%JFMr~9YHO|oDDHkv?1#5)b3SioRR)g zAVPXjp_raxNqP!}>h4rLs%CUYYa8th*n&q6zK*oZs}vvDURuH1KAwQ>q{!VS?QoHH zct|rWb1k0kNT=nYSMQ1Rir-Qm=TvrYZ+=*HZ9F|zvCi6WC+1k}5K5V2aUxnuX@wvz z4qJO8)nPN%iV(1iQ0e`&*ma$xz8b|e#|M5pkj}A1Qj9u!k0gBZo^2E>O|Z66JVEJw zlw~l+LGDm!U?s9Q1n#UIv`UOe67W>Ntqq+!Qv`SN>9m3IFiOg)sTzpI(7qxyg5inP z)w63SkU(f{<8;H?hVrp?XF8JV>hqEAe9XG)(`I7A@gq*&w0NiPjAzxXgzuFu03|eU zze7yjgHxf>j;lOpYNvEB+LgW5&1mLt$M|U3MRcfra|AjRD;mb>_;(6GxvCs49jCBO z*U078JX0dE6#{@WMkVSvei5MT-5bHMF@egFQ2 zSqW$aTm-li@Hk*I;As=_|MpapOl;9kH6z|P2PZ$LTV6hJHBLco0hTJImWLdgYB5IkM*p0Xd{K&R8? zGx77@{}XwdS>;`4i$EgZpQ% zt~J{ae%V~T-^=EY4^en6{0)b`Y?du~+5AQNW%CW-V}QQ`{3&pK=4CSl_%N3bHATXm zFf(oA=K)8+{pak<=0f1R9MA#y1mP8)@c%0a0D1vQz|$z#LBQ*P9|JTNNi!Gl6~G1J z{~2gs1w5X@JLBD71AGlI9k3KI67_cw;NGkoE<#ur;DogDU!KmV*&djWbo=2uPRtGt z52CD}0sjzqRIV^hkA%MnycMw5(wEKQfcG3U%ZsEvMZ#YOyaV?~fQqFmtYoR1_6EQr z#GkNq+vV1T!olmz%?GVB{|dMT(2jJs01iiZ2WX!@ zaGiNM;Mag8U|-P0cVB1jR`Q>L_YVHg^s_tuuf2^L6GFU3FMgT@$A}M5R-al9q1J7mx-KP`bOjcPSC+?h+7{ zSUMzjX=&+Zmt2~q7g%;bzCZ4B?=x}c_L(_n&iq(U^*{9q6M@293vc1nhhwqWRamW9 z>a0T{xbwXa8zX+ZYmhKRG4?VP9bB0E_#?_8LW)=#^+QQliB|DU$wS8v{C0nc?NRE0 zL{14$a6$ZVduTDY^6YYL}J5)FVmSyX#gK_5z{~kpm_I#S~0ECcrLT zQe;SOMVu3n@b-0-6pR_NL|G%j4jc{t1ru)TVEOF9X;dSjU|a@EnQK`g9aRh{?^i(1 z246_%@Z2m!K+)qZrJuTEN-pSQ-s$kJUSu%0R+c5ySFY}dqkY58p#b~)Vi~+9nHR|* zoK`Gxtk;HBLRunvMF81e^(TO95r3&a(I-rV4F#IHZRoFM9Xoy3kk~lM+FT>lke6; z0urE>MOZhl`fp*~#3vf5yS;I*`FlXLZbBCE+@EmTp2A!j`$R)0H{_}Ref3rN#*I|& z_m|nA#97A3sE3>pTpVkN=TJe6A*7%l@<-HYw#Pn?1i}D`0C@<3$&f6o9$2-w2}^cm zOO0@qi!WUgdFeMxj@`tPa75znh}`pa^FCpDDKuVn$CqX#bGV7j#k*;-~}l8`or0TY&hBSj8iDV zn8GZD!iBEHn#lWmEn*o66`JC_Xpb8c*b@RopC-xL19z)&u8_F1qfsRnLA|Wcm!qg| zOolPxI&$>f7i19O`z0$}&*UMQs~4y@<;Q%8vDJuk?GQ?|TqU!y?1|6pVHeORb;#nZ z8f0m1613N{^4A=x-635h^ZeA8uiI-En7I4G(;~is84nYL4ClQW*HHi|G8#vq3|T%P zgSwuEKXa4^-e10SyQPS}30hu$7l>X-YB298d?=|^q@R3i4q|`!lu=4~Ds_%UjXvuc zxG41(CcI=-r+<3C=*12TCpt^TJ+6bQ-#SS4zJ3MxzBYVTz4Tt;?#bL_3%ro1c6IU? zQ-Q=p-?WcRiJMT?tz~*bPrioyw`s2Y8Bmuj1J+4__C58_{pYqGu(D$;N;FRT*Ma^# z>;c$&=1{@}<$nTKU2Oh)^YPb=!;Tr40%Hc`t>^s491--xyR2Oh@!yyPt#xhZ)_dw} zsm1Ig3BsJi_m2h8p0 zO0iKFP$HD%9GN$HUHlcLTB@D38J3kvGjZs0z6xT^WDQ{4bpAFw08Lu;m$Hy@9y;9j zQoWt*Z&bK_EWxMnZp37V`{q;Uz0FGMq|1l(QQa>_Om6#5d%)PflvwlD zVZH_ZT_HbZCaIpTN1rq4?zvm2xD2P>8R-gGf=#*(`Or{&sO3e-J4Ech>b!7Le4k8;O_(Za0@hOrvBjoi!VjlZ=-Ba^eNEbux5r3M2bpvh%N z3hd)PX#d?Vr^ISN;|f3o#R@IZfkzkggFDHkxvH^`|1eVbZ^)A&1YmlQIpC8Kab_W6 zAtq0pUU}6&=^I7lH>cRKy=D|`&+7zH7ZHyxHtC)?);d-}RGl8tC=MZzRrM1G!UsYc z;qew(1RQ{_q8mIYP2*ABu_)F>0yDqZtzl531$ZLP$K>d!q);mOI9 z)#ToXC+8>huac9ME|~vm5{$<~vavu)i>KIqR2W*M$CrDLuOYO^LkJfZm^_q%jUs^6 zF&yXSX;3mR5P%zqyRn7U*lmEirDQ|1!AKxfz}u2UY@ELfl$~6?oY>j~WT`hf(TERi zqY^ieyg}KNhR@A)Ci09-bmsyyaYke-$j9(uMDgVSo6Grlic8*U{;x1 zXB-^kf%ofv?@oMT0CNeWCB= z5q+H2uB2i+R=dZ^lC2>QD|Q=CELY0K_A=UfYDmErJ+4W6vU|@Rtfl>aL5w-&U zQ9>O(@UfRBM;bvIBLLS(&I>F^A5e=oBOk`x=3?mn1{C6*{^$mYwz1-e<9cGP=0_wG zgp(kJU|{z(TNaW}SV$VnMV9>W-*OW9l{ipJZo=pdjM9U>&-K{&Zk@hFz6I{8cu1oZ zxhGbMC|SU#cCjWI6o!Z=$7kQZalc`F*BI6n0j5A1z>+|2;=JyQuIm&iHrN}*Cum8S zUE3t#3Ba}Sma4=+sHZX6UEBiKd=|Wf5`b;;lUzsNhv4RqvqvoS0U-0^yWt2h!Oz7s zN*(s_y;F(&MBuH-dFc?g1PO}Z3HC$W1LJ1KsVSk^s<^^ajISaf+UR|{2p%)D=kTWfLYLF)o5nw54 zOCFTaoHCST6O1GItd7Z(0hSLOtS}kR$1Vh3U@z^MjI$^b!lp4j7^wo1Pb4{nd(;?L zND$CaF$ikt;{cO+jQyIh!n+?GG2nFLKLTJ?R#hAN(NLM-+m%0_RkwxzH-TRiBHVq; zVKVN4os1QJ&1*7FTI=8E7dc6=N<>HbX)nUP=K_l!67ABOXVDSvi9E`4n{gGC8=#J4 z9>!QiSWgxQ9U5NLuC(S&LR;oSNfBZYDnv0E^3k7;0N^p)A+Opdan|wPAa zq+v`DG>}B`vF;vBtzUr%NwIniS-^qfIpXFZK%p*Gx8B%`Sb-+1ti+*RozPHRq4T}) z3mvY@{AbCh5;yqW0Uy9YQ(h0dgEX&CQm47`LicOYibB{lACp zzr!#1+B}$`9!c~o9<_ug{f&b!j&w7&D)sNipJlVL_77~VGdlrd-~zD#s&kNxTINpd zUk9v9f)Rf^KX8!PG#RdWqC@x8l!rSX&QL2a3dJVMa8gjJcn=kP3cBbdtZPt|r^Nms z_h2tM?IHd=Vu+TTi7r|NH;fYJSfS>9=R_ler*}kX5^fU?TDB63l8g@?zse`YCgeMo zNX9nByIGT>2J<3>fpBbgs%)I_Xh&==TyuOBx#w#bLgap&ClHQh>7v_Ciah{WQo4x! z8p-q2Ul#Ev5WJ6zra}Z@OF`^_{*ZAmY5)UFS`kZ#(Nh4%qbN~=<8(?G{v07|36eVK z3MUMF{shwDif>NRx$uD+O7u8)Vu905f;I?{n6dJdy}ZDT!Jy^Q&~P0a)P#lE3u_0MsW|knHy>!Ni^~P|4UB zx;BP?gl$jj@Ss-W2q(y-KX<^35+otVxF4`(CZpqtE{errS+r`I+LUL1Zz&$zMt6Z1 zdjV?~TL4=V7Z2M3=jBs?j3raab5B+_TuDYxT9^tX;&EUumZz4{EqU4O|8Z!t97z+V za3E&OugE3>lQA|4mzO>K99ou+K*a!wf$`Wzxb9fCA@}1&FFk+5l9U`pXGt6}pOrWL ziW;$N@XvDz-{W!?J&qdSsSwFqKVcyM0=#|%qBV!NGs04EZjVTj`%-kO6NeJ9G!bYY zYV_smrYOUFah2lz4e#S44}FI0!@2E_uN%bzeaL%>0K#YqOQ$@Of!CN{kB|F;3NnL# z9`v;C2?BAOQydSOi#%nCR_Uw2Sq3-!pHBb@Al<&;hr9ynvv^Mtq3G#xj;xME-q;+8 zeaAa_Ua~BtQX_OtC(Ll7jKzv-#eMd03*)(DLIYLR$p153h5ipB_7eh1U( z5@J|Wiq2)2J&8~f^!EuwePQCTSIC8}uZW ziy>;80iJ!eh=ZTv1Texpk*9bpByCTGsL>0lEYy%rn2oLO2zd}6xlp=r-Hj2Q|CGZjrAJ_zzdXshyhiQ3hAc`jCEY=n3uO`4Xmvv znCMUp5ljdPCVlM4u_2V0s`CdpE=4pZ_!b=odh$Nq*Jw|R62!-g;iRTX?SeXa~ zGR<2v@*I2&*ZBj__nD8-jkju_dteFi= zV<^TDt9#|A$u;&+&>A~c3s2ZQOV!~o`IFcz1W zn0wg=jNr;1#^rJEu7d%r%wRmOFEQkgk|~c;or!1+Pg)LNLqfRFbvCXbEiJ+eX>A24b<7;xXCjf+bRDCiEO@hIu@$U1z~5_vpk zf7BX!)Y{p{KXkFBZ}`_nthx<>b<@vbIZ4)XPkaqX+zU)C_0*zDNnZ@VoQn zqmH*-Q+v(Jf9z%(%CV$3Y*+X7&sKR`ZHQ}WwV%~$>B)0cM(1~|#U<_T9L+Teow5*Qrh^MAy7 zVcp*zh)al_!U-_-5HPqM8p?>kS|v35680K#W@JhE<&sg+=V0K$exc@JcWmWu9L!#v zrcsZ^Pw4(w69qk02>+&U^!Hm$hZg;t9PG3k9T+k-a#H@?##L?TkLOz5dl}D6Z|`Rc zrCP99v>FlvD^OL{0+OQ^&`<8FGpdt*s?+87b$q4@%w8zcZ*L?T)K`Cv|INmS|RJ~ zB${$&#iyBbx#8!FO>?ZIuVo4EO*_sx@?tjk9WyNX?I`X(hy`vxYcyb(CRB!IGOESo ze6~?GfD5rnE`6dd4+d5IDV^u9N%J$t8JETDoJ?LEz*>?Ula9bgrxWe#3hA4ym?9pvvL*%`=C> zu!(kfA)qIQ)+}_mBHJu{z^JzK;J~G}>!fM{aQp=X*c!}tNAI?}-(J_WuAvK0*S+93 z-I%CH6yc5Ja8!Coc<^bM!u{<7C2F(BLjDo~VhOsew*UpA;<${^yT1&o7GxjB8YdsF zZ)wd@YZ@*V<~JjEkZ8S*bS)r`i{|~`zp2-gPbT{f4B%a#q30Z!;!6E%vM>l z!tG__Bv`0V{l%|}XF@NTSD(ymtLJtIrhjW1`se0)6}zFk7P_X(Bn`=6`6xyn?Hlr8 zZR~^0`#*wV!`H5S`N9W|fh}Y7r9TvTUsI_GhkV-i1c7|G?=pox?AKEBeRB>l)c;F4 z^&f>9TJ!@Vs)=*Bt?yg$WxcDBEPL=4`Tf*cLZ(}n*pBxro@WX4;kNIt$Cnbm1$PLj zZY*1u+v)0`KL{Uu9xg6sX4vcxb3Pv88jSj<{^YyNsy1t5mYV*! zcleiMnfcqBuqh^9bmfGyGgEqw`wp(2ahLI)CC=5Gq?^a`HqSyLM6xs&7e|>hXGHU` zoA#L=u9!Iw{i?nzm5FqV4(3VtDJ2@4`QG*aB3gOwe7J?9{Na~-&3(&fkmqLkeM2Mf zAt_;A{vl&!Y;#=QM}fZIf9q9BvijOn!tkQN&%0aEM9T8UoD1{MChcnmOOFLSwVcda zmyHw3e(meLb-ppR$3rIaxit7}4xfCbJ3swqMXu;Zk^iMJ!HK?b4hz&Q0gj zp}S1<3#TIIzYM>iyNoyCcG7BcGrwP44N`Zv*?kdxN7MgN#@_D45nHqIn8r?YnAB>Y zdX95Y_}9QnQ15r?GIgbV-5&vaet!o=53L9CeJXA8$+I{INLZbY|Jw-mrk_u))%x}4 z+ay0({BzsBDCHL3G#F_1*?!{9c5rpA7ERA)eZrcxb5!Er$^ob;tLw)gJ49SuUX9}W zjuaBlL#3Soc+$fcI!rq>?=u=8XY;d>Ldm_pS*Kf8}&n zrawYui}?wflls7%{j(AqXBaJT&mhC8tR*UaYX-1#it(0}Kx-Us1HhP(FTV+_qX=z= z0z1dg04C|Ub`Jn_aJP`|9!EwL#Dwx>m*}&8|}5=<;lyO@~60z zviAH#8u`_=ZLjoy&w1fl^~IfdQ=imb_r3+OjA}d8FKo_Cx_$V(5m)ZVZJ+H;f-|NcKGfXN@M?`PJSgguS!d#h#p1Cpd zbEvCEqub_H#QsS(zxc=COg!l+Z^$gBnxXY7+lu-(8zG08w*QP)cA-s}O_-0I`0)P$ zdg_#Ztesfmv*m-Xy8{v5?|xMW3sy_OSGZdX(of%u2kE$zwTNp~$+=JWJEtrV)_2uX zMl%x=aLo?V@BeL$7a%Mnn3IqTG7OVUS$MOWy880U3d|({uA)iODIFi0vNMUN3TCkE zdB1=4LL7VFDd*rzrDNRyG1ahbp`EUQD7cy9BiutkmuemPQM%~WO8RK#)mx{e^}`>X zwkro+8NC5bObbQ^$@FsezJW9kV*M>#E5$9Y7-?x*5o^A~m+ZQu*7CfIVdWM(7ctiR zweMf+mwJEWv=Pv6xciP(%tNgaaAU9(fFrHZcj9=E2h4Tb8;NyZ@FLBe9$dZko)P{@ zTj3R8->v@l>%L>y5X{X$`NDf$NmBL2sYI!c{rG>fFI_|y)<3^L7o4x-m_Ji{Tt;Sx zHXt%fSgINIx~;7GS6G~2_6M7XpwjU7#eCp*Ic6JwD)%x0b#YPE@ej4L)$hScewq@R zr7WjTHxr6gI)88~1cQk?Uam1`zOL1z=jIKValEj@pFT*VzbcHg%>x}?5`LrYxT{JX zq3#%JCmGgR$~B;Qxx|U;B^kIZ=~@ZOM^3^g!R#^M@0y-5Fz23U_^b-cT7WbdPb6h$ z2Xt&T#_z@B{H`)E8ykdUND3a404#c#lhIw3gVaGM`irL#v=7zLP6Rsq;=K4K zpLH$viWL=t`VJMv1}GtoSdJvXggJz5$ED#HvxIl!i{HY1?nc6W_B`&!CGcI^NYQ3M z5y-E~Is$w?eA%`ZXs0o(Et|A2fU1?C&gn_sTOnOwQBh-%8Tb|p_8Afn^aI9XgK!P8 zig0|f#c|MNNEsL@#0mJkgcU(x`Iq-$*B!!&BTtiO^f;b?CRDqh4W1QdYb}L#;t653 z(V$nb?|aNB_gJMZcd=$-$#d?HMJ-QIUJ8BW#idCU3_<`YTgZ_Z!B}eXrAYN1P7wRa zxXu~HS193`DjBPg!n*?2eduZkL^I(7GHnWX*8-~*f@z69Rxq{_%s6^uDc>Pdq+ks} z(I7%IxNvX!Q*j@28DiKCJ`on>{$>!OB{nt3`-9a5ydW&)!CQDvR0h{9k_~dU3=S&; zbelhC5|;-!f;vJvoX6?@~-mxnTSe|d8fDK_@7qQ zWG1mtFxCB0IK&_fp4pEhD63Z-m)ReANKhmnaMrm}wAgHecI#sS1^QG*qyxJ4j?$2q zU(%8s4ChteanwU=+wYr8vs<$I&5gUx6VetF0@a3~1T0Xy(SI87>`r0C_ClVzwE4>U zq1HQ)R8@J^;cVIjzKFUsG`PXTSj}|?vb98$v9*c(&Gmad@Vo1X6NecqS#|pZWuI!& z;%%C%jv72KLTsTjE7Q00-qz@y(J-S#6wtdB6OO_MN^ooe-ew>5p~_D=BF_<9|3?6S@feD*nCq9Eh`;n@@um3ip=Z*qgM@f%IE zmc8GHEhy>wgSbQw@~)%mw8a_RD#60fkFeZmNM1`4+cbCsGY#2VP{{_%*4g`$89Xrw z({uUps>O8_!hmVg*N_$mFG@9owrjX*gMC24GKq_RvtOy${aL(VMIlKH?W1;Zd-Zje z;4@y_Dz0i1YRSV~uGhgK8q$Uew?_@{)nwPro?6J%**gYnt2vyGM9i@Y{8qNlM|XOv zsa>Yi-pGdqsSV8=T#*KAtOuV5_+)4GuLDr&QomNd9Q!(EfdwqnJ-5B2d=wlG+t0hp4IF{| zwwTN@o0h^&zC*>ONU$g7jO>!AXHxeqt=EvG+IRTJo% zPkU_q8O44aoeO?3M=tO_<*0|VDEI`qsqtOhM9guO7$_?Q|K@CLDz|}U&Jy;im`D46 zz>Gl-(x9L=iH}cN-JJ-vLsihKjw=g%u`=) zE45p8dj|^j+2g1WAaw5nSnjNFkDeP5%ri}4X4|zKujI%%>Nx=PpXTT__3UKj5qsG( z^5Ncl)yrwMOWZ0yt=!dA-9M|XKE5r#m!V`Uw}Yl?N9p900bAqJ5;dVRG$_Z)h&jPE zA3BCPh*wy=o(68R`&Ahz>7a>t+$#81qPFVzoP_H^ce!Bgg^6 z?+iFW(Vxra!X(ovMesq0Amqr{UMh=DV}CoZDfg zG?|jAu+=+7r74HaL|B+l-A+w}oHj$lTQ4E1FZ{kbVTFe(htdA~0Azha7>e+eK?`6< zV^w0OxSTQuO!Ps`6+8afV^@K4!^=L67j_&a5B=gY(r(a33@SGNNqJc0U%ABtxfuPauB7L&=MWGH)$ zp|`}3XHRD|vpsQFJ}y}XpB8>rb5S#F{$|2P+%|3U7U#ta^69##!3T+}doP}_DYALm znk@FVY`=eF>79OGDBON}4*=hH^t`TGTgvq*x{wudn8-W(s!%Zg2>68z*>XX$uID;Y zpv@vNc9@Gi^neT98KFEJd?wHpDVK%0`DBr4crht6r{M5r!)sz7xHFFh^kXO<8eWii z+HhtjUUWe9vDF#TMF4d{tnkjqMs^|P59dBTadlqJh#8WNJ|MlDNPbV#!bS?pyOJmf zD~;HH6Uca-OQP`6s`BT1KGXGR1;dTh*Rr`K1;x}F3?;$wzat`+ixK)Zd`gr*YXvi~~Zy%l8u%-W!<-bg?HaOI_UZZ}N`?(N3Uv)4Rjb#6|Ac z8Sf$`PKneV2Cd5)5FKyt*4%zpgZW94d;aeWp9J$$*Uw`2DVFfx z&OdY8tvPX)zWL~~4_%PY4hgjSn!g~OJfCvYI`YPq+xiy2GYN9;^;guoS&1~8WXz1a zVeZ(Joh1@2gio9veT&yU26K>5$G8~{379J<|Fa9J29y@pgByO853$ zOoi@jZZZ>-#}s0)S71Tc0U@5l-+yngSoPNb!lnKK<0;Y~p;>9z_PAo?-W^8SrA9K0Nq7%ID->zZul ziT``Obzq`(=CrmqKv=5YNZAZRpUEntprhj9sN`^1b$(QDL}@)ra@Oa2cWZzYvae;1 z4K(NfSd)9t^^w2$4VQldsXVJ5Khxc?ermK;t6vHaI3S`xkfpEp)-a#-O)-*Q(vC7k z0vypJl4ljtCG+1)60Q(TCzw-F8z59;k=d9T>LTDym7XYKH4Rb8$yy+T8g$^9nBWa4 zaU1VPo(gr^nMa;>hs}$n#ZlPgEC5TjCFXL4h zyWqak@=Vzz7qU!Aju12#;g>N=dC?2K*QhpXP=An7e6K` zk_&uz1#DW#$G77YfyYc^ISBi-z>fcGChcA=pUu%CNN4Sy^iKIM`NsXz;8YZ|-nrEI z$P-Rq$)Jlcx|uzP9bfuZCTXkMWohewKrSOFd%U7ZA^QT|U;q8Xej(SZ{Om1col$2KwKz|K8N6>e zlyt*I-7{7VvJ=~UwOW&lq6*nRv|9WZsxP8RY2@{WspzM7r)AtAu9Pw8Ys9#=#2B}y zaGlqG>}s{K(;+pHPu-rVGe3ffT?wSry3-qdS~YI=kd{E_&#D)FCF6Nz@&T)U!# zYF~42?_8jt-80A9KmD(gqlP7#)Dv4M%ukQ4*i4wBnc_#vJ$uey3F4|AYazCl?U6UO z(wyXj(t(Gyz1vUfpQ`;D-;88UuTkeejkyt{kvBU0A~={QrNDQ`AAg~^p;0T4Dt8}e zvmMg={oVH*7KD{HON+dWqfe?-zS3=oZr#kX0C%JFKRoRL(LR@}ABISA4z_P!Is;Y) z$ZmJbMMepOVi_&tw4=s(LFauEWudR`iTPHKsa*}vbmD#qjMeqq24;mLlm4vSBhFIqn}dtkmuPD=5OHvuE?z(KyQUWhZg0 zKZK2vuV8$xXF4tv<{#e>7m<#gT+)dJ@VrwxR*NFt<#@du=R`F2Q7+N`UH?Uh(1z=) z*L*_!`)sj~3%?SgFPmntEfVTDeeSZL1i>+24h`PH!4a;T>|sFW=#EACW6|)~SAQ!< z11bR=3fy4+VtMs&{ce+R`|qLMsBvF4=kK9z?+av2YFSq1+D~#Vq3@LHcNQxE108q+ z?K*;Dxr47dEJ4PptN;|r{u94_8epz*5?M=Sd>)dV~ zPcrRC?f;KHPkN^EinmatoTsHKU!|2 z25w(9NuQyBYP#4irhEwTMx7NO&Eo{aj2w!+RrXo4XQy!{E8e+V^@kXm)c#TYJr39I z8-5e7G|pHz0_wXhSSRNwVA6t=>7XrU~5(HhsJMvtr}zFY{9xk{0pK zzT9eY*ExF0hqp17kEo54_dghE(Ln|QTdD@I-f4f8r;Tex4y+Gip&gVQ8Ec_WyO|5z z^n5-j6tI+%6MZAq`RK6nG#TTo8^><&A?4_gWKY&%PFVJ*p$D{$(5wH7IO3khWYK)` z;h!EtR7?rdJZ4oCPQIb9o_5Hduc{H(=C~^EyRUQV>iru~P2Q{VtX#Zipgg+>JSc_v}K4>u_SYXya}-xYiCO}c+Ig?r@k5vvWsOj2p(m^v!Y3b>10 zIuUv;Jz?SB#JQyS6)JJNKUdGnMR?c@_Va2RxRLxv#=^>#m0+p+YIcl>q@`4ENmE?( zyMwk(i}FA-QOjqsg7t63c$TwlPOu|lg}$#E$2GKQn~i3}g(XT)Ax3A+Z$&uw@Q$=Z z_viA&iDWJ0R^z~D8VfCchar*u3jSsu^DlP(pXyol!U$f&bs6V|F+d>+|030r8054%2@@jh`3oI%ugGuJ1h zvFRPN>psr2yYo|JUj6c|p8Rl%Uqv@5XOabETM6X7q>~Aqb9sq3HqLlUn@xW-w9sGo z>R4V9^PW6SrTYWI9k#7)Y4?w&NDd0!aISq5kqjr}f*syt_av2+WTeYSe~X$1!A6bz zehlV)jOX#}9?x*md0^=7^x%6h?f+}mvH}`tjF;cM$gJXYh)-|c!HJ_)`4_N3#3hGs z@k2sbc=NnO_oL`8U4gp1*Dr429r{o?b}ory(a;&^>6P*t-PG!LtRv$s8e7Q*-4l%U z$N1Aj&1DSHu1*o6>mlLn$rAEtuA{Y*BIqY^18LKt*{EldVK2FcvOJGg!zz+A z9HYL8I4$A(!2#-ee+o^ObN>GI=56`0)k_re;R9(wyM4o_IsZ#7fiuxgZ_S#zK?%sd z39-N%N0B41yZ*E~UA=9Zd^!C502MmLs#fHLInlhPcz#f`GRIXx@h`(BgJpwRcJH)< ziNt>r=0DYc)0+FzZnJ^|Uqn@^3h_1)rIoWbC{u7wyfp)$bIC?=L+;{ZO1NjI>Ef&p&^%6_6+B%5D+%>SwJ_>G{Y+u?o zYpo-XUy0V#UDPRJWSo?%p-*%BkF}?@~NRmJER^hOs!9Darrm;mcQR9rZ81 z?{!<9H{0C~tIrvw)RDSXiee-`IyQb_?d5rwM)KLpKdGCo!dy4)Fj6r58+@=_HkzsU zGk~crbJ^B>SRqC~dF~oCnF#0KwRLZLO<%UZ-v)9iyn3saE9H=|d?al&Sn;!{=T||X zKq7B-tVqGzbj7HX1`)Agf%-O8?$In-M^962{@EYxcsnr%Od^}-#bvjq0%+dHkR=_$ z;na}7@htacJ%u)Ug#Lr6*e%aUU`%hwwQZV4oy={iWjdJKicIbp%w*}Ty~*11%gf2s zoSBJS?V}h3e(bK)ULgW3C|vUv=TiF>H!1HGuCEa-)LF$HeY|e+GLFX`luC#{(Ahfw zYA(bX+NTHk3+y%uD#p>qk|)h;`?LJEM$ay@rN@C%%)YVGS*5ImjC}s6N{st?0e^&k z7&#XgY^T~kI_JkSR7xznYVJUCe{V}jHbQ{le0{_tqdlv<|4ZHgU0z~h^XPsg_1zAA zVA$KpL)S;RmpR~WU3Z$A+)E1zV%lt3nlD*&?b@dvwGA$A5ezzpEyRL{HO!XE5?L(^ z%MY5qf3IEB2|(q;ThE7`l3}kl#0q-2-G1IClWgVS_eEoS?T}5sEHjSEGB6TrdSNdmN>>-uYEv@fVD z-$m{Hz_U(E;R~Wc@`<G<86oA=@ZvdC19(XjzR0c+ABbThlUnJTt^A)y^F-lzY;%qt2L+a+Sr+s z{+2I&?)A77L6U4#PuhUbSN9Kx!w05?+AjTDD)4sLwx<|K$Zyc*ir90^kFr73HIMIIdA=lHt_|oA-NlBKnje-){fJ-d95?=lZ*1Xj+=b#U z;NF>2b4R*{;=C<2zpwVM9yF0r$@}Wnw?ZdfSCvD36-VPPZtS+K(&OKiC912yDv+i?QMMJguJGOnmY@4T$T!_OBG!?Bd_Li}iN z_NnE7JOIu`LrX1#M72h^cyIms$bWVW04DjM@noO@L@gio*Q)bx`be?C$q0B{UE^A! z*-R^oriX^3Mj4`Z$O~7;1l`toyOVljI?JbqV2f7i%6CLbj^!~wKbZ*m!poUJ(&}0u z{3O0hqV?M-s<>|?;0TcaC-4`Lc(MQbdreJ)B=<;=I9->4h?rk%2#?!vTp%z=Qyaba z3^50F7k|r_w3;@`*gTD75k~h=OyP{jeVed5(9`yJvrfya{ z@}plwQ^(Vw$m5B~Q$5YaEF6G=PJHCdhL#vZV(mz2GT!6-;BS?9F%CVk!F6nlu)dv5 zu@qGMYadmcSsqO-DYL6*4DEH2pTxTH#3PrJ2Pj5 zIVn(Btha>YTX@+_Yxi<#cYP>JfVT%Kf0s_x&|m1whC2ITTX^FH-NTz9w8yCT2H3NvvHd^ME4$=I|d+a?UAlG=2O)PS!g&0;DK|$7Fk0h zS6r24uMjgi`7(VL?(A#q)T4$(xn!zm@{4`at!0+0o#o)37V`a!Oh_HdTrs+^`rRh_!;YLT+ZTjQGHWT5H!&$9vsZi!89HEoM-XG~T z+ITgwnep8!*Bk=8U*VfNM&b4o&9I!wg%v)VBpF;}-+x9G-0K4>Um9KG3X{@A`HMyx zk}Xt}&+xjBVEKw+T(L&KQOZC5`>%$~Abh4~oQW1RwsTN;%+nGm;5DWO@0`)hDHrA9 z;`d8pVY^4;i1BsQ9x&U3o>>Rzeq?b<`)cH5keq zqXR2A-t#Q0!5MtKjpaVBj251C4Sni==oqr}=9 zXCbJX{ug`a#R+l!rzbB{UB%%m;4ftdoP?~P_i+li)cOYV+qV5D9?uP>4OP{wYo&O) ziIdRO9!isvzh#n23%^r`22Q7paTG*OIw!}y($llp-rnXY0+xaIeQ+YDGolG3gN4!2 zKH}$GE6*hFq6AVE2v}n|=Skm5u zx)H^WKRm3~AifAn3`i*}Hq!P?k?7E2U+^yK~+&g*L{=E6qGqtnHBbc>8PZR)) zH|mTbaFfXyJwIn6V`46K{jyf-UwpB^b_@G{@tG}w%xH{3^#19dy%@X2CFzLf)%hA? z;$;naUxErFaC6@(YXsxj`Sf?qxal{LipWz0FU^&|(Yj*DZfG z3R(COF+V>~XI6tr&qifGI_04}e-8dMG|@b+bD&Sw_HqQN* zZ&R~HTd_4eLDvZq2?-x7PB|EZjcSc%tz@(Sppr3Dd>l%WC=ST%36pu-&bl4 zyZ5k2GgqeAEhYZpTc5b^xlZb4rU+e+ejNT9cZr+?2uc1ODY{W8e{d3&ix3>_co*Vt zrR=J6tJ+bcq(|i1Ij}-yyjpi(hWASjD`+RUD^gYEv*Vj{3h(mf^Ul~%@iOlk1{p5_ zP#@5{Qt3Ii1#03E%oL|7;!xkYR@)62=5x^7q47uKm8$~5x^!yQ&P92_+{j8bg_WO# zz@)JrbK*N^*J$Q^96Hc=!8Ccgv}TL|cbGC`r|{q2s-|!x>`U%eHN{`!ss-`B9$c-+ z*04S1mI>CuoU`DOu|uEW(QHHJ9h4B)S9I9IRJvW9)mTBU?LYQ*6LTSh6m%hq&_OLF zl+#~4c=&#F(&8#5Obh(g>DLPdT#NTkNmaBI3jY6=+61i+U_P2o)A(DD7)@)a4_zF*#O#FrH>*dQ0C!_!B_Wfj~%amGJdan zU*YABL`oAZ;!FVXPE!t1fNJDT^N`W{#5K`36RZ6l`y5|kUX4kc)3Bx$C4$P7g)fy7 zGzup&pZcTYa?$6*e9yQP1}RdD9X_d`Sx5);t*ex~*qo|N>a-?Jn0kNzSsc~@U^-G0 zW-4VYhutT>yGOUq!&@OMv@CsHXJTpF#Osw*YRPv?fXoyPmWQ7an$o#Cw^yw78rh`xo@RZMd%R-F^6?|*}A zKz&VXDa6h;TrzC$dqP)c$l2Le%5HR1|9h46iUW{>O)D-Rqr;-Wc~18|e2Xm&BaO7R z1~SP8*Dnb!IyL(6f2V~V>&?z;tR^DVeDdFu6<^gkCkh~a%lYyv_rc4-i))jkD$0<` zM02Ij5#;sXn}`(n!{s&;Oa*sT6nBz z%?p3;6HG41lo|I{quJ1no#|G2xHV-~B`5U*;mr3=>n2V~Q`YEG9ClXV#{U3AK)k=t zJYf5`o9Hbt=0Ez!cSbe}ieo3c%Uvuvta9G4ST#s+;bWC<2=ot;e9DVt=g?mtwUb%4UuFd1)&KgzI!L2!z9QiLg1xi=3vaYxR6VTj3?fHn zIV7Rs%!0Jb+svHBRv>dj`Jm3SG)mqQ1j9!U;m8oqipY)x-7wbCjc9>_e=f;1iOr`HWOu);3 z@W4e5epH#|4`W0O!-yk*+tCg)>oM5O3iHA%pR_>Qdmeb@5Kr%J_U8(%k-CK$O=z2% zF3gZI&p=68t)adh-gj9|Xg3{gAuJ;zAB9&++vZ+^qLV(*OxAngV;UP|I<62UC{O7y zqF14hOx&=x7Ba7T!`U#lA4^`}3pltgo_&C@=wk@vxo-4FBgQ2pO4Pin34Tj$B_ZmT6RY%^-s@Z{# ztn;^s7|`niu>B#rH-g;a1-W?scRkH)NC!9+`-qLp!*FIe?13fUX=O%EVV5bn0K73uBlW?~BaLFB zo&XclJTP);Ry`DNb2Bi$jII#AvrprKgz5$fLsp-J%>6!?HPu5l{sjGpC^a5oL@^CP ztuSA~HNgCx&9I~g9zUpHnI*#o!}ya0X8HY7nDjn?Fac| z9lZ9YgC%=5Udy3@(}+k^{@>sb@yM<+IVYB%NiSqF;=A+@4SzXNt`3o3W+O7viFwL= z(Yzt&b7Lpxd%=9VLmU$-goF73mb}4UTJV^GHx|WCeh6><$IPQt!ch9*An(sdFdXhK zdBT!i;n&w2IIZ46UawyFN7d2C2ooQ$Ra)eI>n1tESP5BigpBt8j8yV{Uu7Q;`5;vO zhO@Yiy#43&E63ZzB%w@LpAho?#divLV-B*S9r;9}ZUHm>uYi zf|w~Tu-ZD{l>;6aFv<pv`32Au$RNc{g^NoR#c!dD};G?Zt}fVqoskoY~`;nS=w1f2!$JhFm9Od>Iy_7 zC7s;N?_q6%IZM4X-p%Um0(FdmL#D8}u35079j$C%WGk#YTLPs9(g<`hAB`v=xKhf%eYel!e^4Y_}AtW1hJMrgv|L zH(&ONL?NPLV*|VyY6y^R$7eTH4bleTokNXa{DZ^KRd+ptEjE);R)~!)x`U41|68}9 zB-aC*CmDkb96GA?3j1#Ku|hE%daFWE7U<4|!0uL;h#V-}s1L${P0|2``Tvx(3pVno z@^-gY!0r}T$V&_=jIi*nXghn7_!eZZA7CI1kc=C!cDsWdyqR&m?;kwPw1@#H{C^LU}81H`vq|MjN1DAhx?K z*G)>!{r0!xw~2@|Yp1Ms8r$H#W4_*D^3~m9q6Q5J4Iepzkt(c;y##==aXxD8G*k{hhwmNmkeG&waK1 zu{|%$%e*+Q8J6W~5Iu(4UGPSd3jyZ6*Qgb~+2cZfGraNE6TvpL?DvNn`Mdz^IgHIs zeanu-_T37t6$L|1fDAj}T!TYZILBtPXdR?D^0#S$5cI%VwXpCdjfd=?<$PP|g10`v zM(n>&ja>T-;-C7(*jVU)svRai3fw9|6nuj;Tv>w$y<4o&w!&&p8;<{1$l;qb9=(tHTbD^3_8SwVLFp7aQBIdQ*h``Yr5k(7W}&vG$UI@Opl)* zo9eExo(P5vEnC-}^bd!mcRE1*Q#0heOE3184tr=@O$!vBZ-|3vi#pPOH(zY z34!zVE6{*ccOO2wD989kogk$yI zdW7HoIn@HwQ9dUkFT3V=_2M-1Fk*!Ll?Z-BDv9*H=F5r^KN;wM>3 z7;%PT-?c{AGrtuM>UbpPe^&2O>UbM+=|`0k7aYuN3JsTZ=}F#MS~c5_!b-~O+@ckFkk?X;aJ^ zlg6Z^cCuqR{&>Y9qq-fIeS|>y?gk&EfjhEyk6!)y4{#^&qVj-d82W`9wy$ac*`QXz z{x%`I)oy74%^)r1CMJCy?0dBWY#(xgE2CRjvh~Mn6WoHG3at%C;hjRKF~0*|TPx!X zb}y72tQU&jH2T0Yt_cV7;ANvp?*rrSGLr=Zzy=oe)2|t_b3B^m0Uk-WRa)Q!_0$G( zU}{xXy@VVnk^j4LRU0fF=IYIag{Dg4M6tu<=fx9*kzJ$6j*l}Z*KF&6?Ngs3;mY%n zcV4VqmB(2)nsl<_MvxJO9jbwNaSli?x=`WM{v(FAS)j`e} znryWFU#6xTAGi<(O3vNbf@3pfumS;S`0)0)sT zUZ30wb5zaq&O!3$&7s1WC^9Vz7N$2}X!3~3!Y44nOo_}sXFI%xfnqb_PVq-RSTm#P z{8?8d8`&*JB8rG&VqsseLarI6Ms?mD18*;BBztyk58`OAdWu&8GxPNV{qMejdrIw2jVgs;WayI<-6G)l6dqd;t7vpL?}MV@{t$Yv9ATiUU*ZD zNc*Ik@xzQuW;eY31uDx~d9-;u4_we?dtg^+78;JdrRjW6wM$G!-Gm`~vwfh9Y7lJ2 zj#$t{)7-W#7%Xo{zx`5F7x`+rOEz|Ze7{(}Gvmt;QF?n1c~exzVG)q3*lN*> zuqFE`gF)Rt<+acmO0d0WRQYR;w!+SdjZjp|wU9Eh=@}Ao*x%9&@*gnNz1^yOCMYQg z!n#>}J(Q<(ghWXtWNVKrg#kf{%?<0nljSI%!q!z@!G}J<0li7x!9dYrDF#JbP;1rE zee7Bvm_L^`fbAjW8V#_2zD`%5e+*lCHo*37Pf2Oi_4QALFK_X%5*GHnU^LmYt@XEU zyut@%H7cWrjN1!w;XH3M^X4{~V?vB6ay$+bg^^WiGVbRpp|Jwiy^7(z1;}~q^){s} zOKU+{kae>?rb}34)R3-y!@@$tSv2jp7h>pLFdJQAm#djf?FI9J=B2&)hrStxNCJXV z6MFcLx6%C8J@KP)ZT}kwb@!D#w{z4aPiu) z+btd_)_cVyb2`kMiLkVLZ-L4MJ3CrM(Xe5IPf%_{*WEpbytPthrgM`I zgI(pT2FkN~Ny5X$B(;dF{!itb?Sg$-59#$RybJbRlO{{8oZbz}j0Pm!D{D)&KG9Hk ztH}`(LI&&&6R{uj_6joK+ptlmu`>p~WUdgAf#TyKpTEz3g9^VT6P ztzjF0eQ|E=*|)YUxIoQ5NZRcf1lZwY9i+12`@fMS`Q?>W3gVI{6pR`p% zJq8%9T5FUkRmPMQTE)B_Hb(hFmMkK#ejZjeMH7VA!gB1K1)H+3cM3w%j!5T*wlFqa z!iI$5ZFea^o~iv70p|_Q5+rZFSSiTn^*ZEQ@6fczDKY@ zo5|W`FmlNw*jcDX7SpG;Gz%k)EtcwSeh$jXCFfPV+6D5V^eMtEIkjmN!%^VHvV<#r5^Elie@E>dijkFNH2x{f<`O0wrVWVY3fAXZ2>J z-g{G9Lq)8RAqD&Ic1L@>bvygTW2-Ts zAr<+E^E&Mv5|%8BfeDFf^l?>(O8Xd!fAHaGE&a0r6u0XyP1n0`c^`>b(7l7V0h{08 zEssgLu{y#Nf)d{*UsXBQYjiy=ZLl)T>d%W9jOMQXJ7sMP_6LwcTj2z$56 zf`W2d6WjybUWHU+vIe2FACBg>T(17gc2vWSFl>*D?Ah;ZHJJ6-l!0$swYE+~9dyB_ zG_{i5p;c?p!*~7p2nK!Zx%FWqY@2|`Z4Jf2$i7gII6Fn#Lbi;pdZj6X5zDhPaO^gu zU`&BM!|Zf6Xm>YXShQ$t2$5@Gs*27zq*VQmfj;-gMdj7R{s==xTL_DB55tcONte6& zx)r^9$iOz(K(w~NZTcCE?&}C6Gvt$>k{2*RdA2wS_hb!H*2ybB{SzKmD7L~IDN!-f%RRV0qnt~c?;IxoDo zzZu`Gs&M6!}D(Ximf0u!Fuh5~BF z6q`>>#=i}-4>ZH}>7De(51YrL=Wb6m8LjSGrH(Ub)xMiQKf)N*4EC!S$V$J+__^wx zM!{w~z8))Yto_*sOE;kHW*s&njj4wn@3u1XnVWrKp~5IJ!?G}7HxeGKOcnxj5no`rg9!D}i!V;O@~WAiWCLVBtHoUd?6 zB;jQG-e072k#3R+m$+s@(Qkzj&234e)%EU;s4&Q^`?X4J&^nskZYfZka_L6I z->mhZTILQ95s5-#M7@w&?zD0iI_+4x41HXCE646~u0+M2_3Clh8Ph5#F`s~)ty&|m zw4e_cy@mFZy{t*dme`TGWc`fLw4;U7XX&*Mp?shkxyh`%S++KKoF|$;&;HmVcrPH>Qed)M zG-%ER{t5>2|Hv{~@bC7H7RcC^RUot4On%t$-6OK)Y1IzoGY<0VO}f08ar9ubU>gdQ z@$+HEO{BdBRf0^x^9m%rufZco8|9Hm7%~p3Z(4k0f){3g(gbtSEMe1YZrG-+7j+Z; zQM`<_o2TV`ruCD>5L zDl=N2fbCcvOnV6pW%G6~*}BzvSOgcBLzHZPqz_#HWpOw`Dg-MQRhLK>{ zGK9#d&Ags5tEe4TdV)|`9w1v+%Bw2%EoAGGFFj;ywlm;@ZONRTSD0|TRt|7PtT{`D zzfLB4)4!>jg@=tOtqUa<^YWwe`BlAJz*ghx6Up=x_vt%0ypR0DfkWlSK`{}btfUWY zX~2Fh8`UXxHwDkXiGt%YQnnH?ja)OWQk#aC=4p_QZyVT75*uLjm7tK>7KGFtR=WY| zxe-UJ!8RIi!w(BK`$*x7Q~kB!ICcx<=rm1guS=W#1Dgomzva4JjzNlPIGeV zV9UF?Jl*2Z0_AKgnYnd`5`&7dl~bD#uKF8V#Y_YP%WK-9EF(ape6CHYM{@ZQYS!D7 zDZTz>iv$C@7^V-)*tb(F7Y(-7svPE3!K)UOtD6yGTa- zQMKA5*lf@mIhzkmMGium$bgR8A2g;$*t8vyzI_e&F6zzlry|!>mcP5tA0m)T6z`%$o4M< z=LYgBXVK#jl%H~hhLDZqhkh*Lv8{Glx4JU-o3`b1J zOXxqaiZtTcx$8(ms~I32dj06vuona_)!?djjRwy%GI!X z68?@QtKW5It4)ucI?h~yWW&@Bn_`V7i>(P(`|$t~S-qhIY30UxlOh}SfmF{K6zD`N zP8$#sent2U2%R}nst8xFaSO`x5$nCM@jR-?)dnHN%~jFILMb^LuX13d+PDoH2^$Y7 zjnaQELR^B)*s#@>t`OI|^Z7XRff_-<+sLt2%>Vzp9WNgioJEj9WJbt9CGR2V&woB4#4jjvqaj_h7UGJcx(07gGDJ%(J?OUi~< z=AsTyEo;0sAs}W#L{MJv7)o2MGDCsP1Nlc#xtfnTSP9w07NIe4%KD4qI>_(h2hQ*7 z5gpNm6-J6gOo({JNFsYkQsM054rGwB8_ke^p3_&rq%n^LB}m*1{k4ryDz)Rl$PAp3 zQ}YI@9R5qAU{R$1&e~R%Y!o>Q0%X+z7(5fHbZ#i}&*@JaVcCo59qUmsl&Y1@Q+|Qh zk0Tl1xItLtA*BN4s$t$T)J5>hUp{!HL!-5zZEOy$Xe&W@rI*6Oc`p?r9=^V^ zQBWL!F-%HQTwN&sTyp@_=V4Z7pli?d+(SBM#>j`WWwa`E`K_ZqA)6HLHc7wtX z$}}xHDvs5g4ww~N&xpc`k+&4}Knc(W1&rLRpYrbm`i$g-7>l?+HYA0WS`CBq!{sxso2G4v|pLhcl!usIvcvE z6ljs_`d%GSzd{9z{%dcA*JAy!YJ`_XFMW+IL?|zKqVvIPk%(E#e{6w)wYp}QGywZ) z_6;xOMl}gaFe+}aQ)lNM!>eyK()g$Que6he35ujjjjU6uF6~cKuxMh>>(?5@ELop$ zF2YCh%{5_K6ko+xFsiLN0de0vgkmQuQIkw(;0oQaarJS?>xD>7tg>r4bmry^6u-`y z%~rDy_=|r;$}<^;jby^v5GZEbgl5yzpJk-9)z-8PVUiR~g^$#zYj86|%t36bZ?i{wjV zLgnVr?jdCHdE}ALVB@_GiHIyV!KifxFO03lb8Na|)2dAtYcmw3J|TH`FV#O5iDBbs zHV0W0b_0dzruprmtcYdBBG{N`wHDM@m$$Jnb(ygMqs|+8WCuCx8_8S(NdtIA%N=bU zE9wPBOKmM+ENKz!_H^zt=c|=cEnVLqJHr8K(GH>W?*MH4JV?xc{IWU_v2x!0qh#0= zGWg%;Cm>hO{I5Ss!p6wWa*_}-Wd>|GUdZR6=MDNZSJ?r|rR~_8Md1kT1B5C%xbuJV zg@uPQlJID}pED={O5zD7Y zV1weZ;4>~LctcyrYj{pi^CqnnY3kv%&c%G4jIPON=~3D0e{qD9tij7Z%lJdS*Qvw< z=~Fq~5Fck$YRyPuDh+5co5tDr7Ra9E7QAZ>pa$MF0EyF7j*R+ayF)_EN9M#-mbAj_ zIXM_awOIuQUS>0)lbE+4cnuYhxdZpQ(7ZMjK84rr8c>F?jYsk~OU~NylzjZ$%$r*jo8f3}qIhErv_DFd|L)*80 zabL3GldAUu!jQ7q$s8>!ka$^bv3uc_C7iL5*zeY+s@yPZlUGnmvxZiEtmSMbq>lRx zCcp6aE7oQwX<=B=ZX0^++WY9+f~0hnQ%H+gkyzBnJh1ZM>gCZRQdw!h?fY>VJBJ zDz#3dSG@iey!yn`9SxI>5r>FlqR5~NYdl1@;_{o%5a#nu7vrW2EP%pR;{ap46lLi)i3DR!azS2wqDU6K}cNdclE2?G}U_ZS&Ctt=Jtx8mP4KU?EJ4thcbS7QX z-)-};WW%f~t=htwk>%%W_1ZSrFp0AmIC^GYOCkII?X}QAiVo(JLE0rtPUn3sto0{Rh!Gx z>8$*M&is6pR8b%`Tinj0D$a)Cb`qUD=>Sc=gV?4{7N?VHfp2J+)DT&8Ke<-^MtZ7z zZmhgPzDh2aD?;Ok$rs3{#12UAPLkK(PJ4!tqj0(1L2~1&iqT4UbV$OHT0+jA{}mf( zfF(naHI1!QyMD8}#H9ZpurkJgVJPQ^LQdxaQ-}-$`|zj8iIMHB?RX*#*=v$1O^7T7 zySyR^%+lixBYm?@kfB|MxddevE%Nx<1TT!=|CpT<35J!lJ}za%7u%UIak0%>fVXJ~ zKwfbxnRFOZiyL6{I2^akUxJ}Mdx;rRSmw;Mwu{0cZyf^9D_yim@07nTtcPLeeIX1( zQjUQ1W(SNN>4E+QS@vci-)eY^19CobgC*QW&3xbsFk!2oq6u{}4Qp zg_*Xra!eqM8N~JoVdKF1CbH=xLBYFz!CoIbbv?|T^Mrw{raZl_4f0BODWX8iI5!v# zrULZe`XY5r$^^P@bq~e4Myc_`#A_~un|d(qqcdR)Ows8$B#pEG zakB>%ox ze!o)aCHcQ#gtf@$RxWQP)-#jOrq2+Hg*|)ybLd#-f164Em%^7{d|AF;uB=S+kd;5K zY3V7HKR(n%@;{P)Dlh)F5s95Vz1Pd~RsH)9jK!bSlf0z#*=aA!cgPofTSv^Br(JkS zDDH`^T-CF0;vwvwwUe&@Xr$|vh1H#jbh031X&v1~Gk+#SoO8H&_g93?xu3p8KG|ss zlKhx=TcP0HHl|D1rx;bys2cI#M|5!}SLLJY*OMgmFbU{>W6q9J(o#!(y>Ok?q|_pR zR}NHKxGWoGrZx{`rQ%2FD}13egLeE=822U30ZFvA!P;%81A$B^htb^i(`^Za@IZ(>?_AFuHPR9)UK!uk*pPepqytE+eg_Yl3r8nAoGU z?7DVh+fcm{qesDSS|k3T;JO2nQ?k*PGrBjDu?8~nUzMvK3btYx)u=4m$DkU>DJ-aX zrYu%z)mj^;Hz|1+i&f+hb9_ni*-o>$o|76C^y@*iWbQERB5t!A^Slq(o0c)RtyFIYF~n6zujbWUtDR_ zKDpN7k+5MTt^WnF4TaL^A2ghj=7V9(td)6*?PBE^HNwT>Zf+tQ0Mp)eiG;A=4foA= zm2}C)xcJ<*7TUWaaRlTIwiX6qwW7cJ&X{uaG|u1^6!~h;b2JGd|8-<9 zO;s&!mh^k=x9`-h3%6X1D6+iJ1;aPe+CTPL)O{`Q)^ww*Jo>Y>+Z(TT%f{1~nmb_F z8IJ_nNjO*+6}DeHMwcS8W?Y>ZU?5GbLD-aopT>x>ZY}`hZ@OUYy{1qR8%a`U(&Z5D z$@!x+g-8A^o^FnwZaS80VWgNt!O^Qx5*;Rvg@u#a1?5KU82z#8TL^!a%|5Eq2M+VY zD1nEhZG@zcT%n;XN!>f$^ve!fqi*z<`yy+{jU-tIz6*i(zpKg+j)69z@>9hKd?UMdQm?*=x?DVoei^=?fM`Ej4 znk+aa-)3`f%JPGujYrqNFzy)xxg`#w{pxIPM~IjSU78Fl%j`6-eUdT&>di=-a(P)R zD5710Qty;eU~Y1qRkw?og{8CPr&lTZl=k4{Lg-3eMf$w@)KXr@WJ8feY?q*hDhYI7)ck&ux=8t zDhjzgjy`_E3znasgo?yuj%1nj+FVOJSP5rAnv~TfrHKP9vG}U6>-ogT?80hTH;-5P zuIPdxY*cr-3#=0Irjw&mIv1^WXo?06)K~MdpH~ zO`O)k2d*MFE2Y)1Cj5q`ZuyeVl8tI zMsnVefBJ=&s5>rP#KRT5i{zA4&1weCV7i*NRe4n^aTx=xKEVyu_z@#!^k6(xi(tUw5KjpErvd;!YUBH-2 zlL}|Z%t}*Q zllquw&Za)wpzVM}rNRB%1D#8FRfVIf?rlYg9ru&xo?pXJh}BK1`VJvpQi2d4AD_oj z1lE6#H?FQlvaSyxgu5<$YoXK3<5{mTtQapjVmm#tVeca_A8jJCEJ*0tEDmFk)K}oQ zIRZV0KJ;QU4mcvYIX?)BSGXn^XZO%uJ4Mf6Tw*I^UDdgM{iEs1_v+3iYeQw#d%VT2 z)L_f4N>nA2>QUaBS7}h*8gXPheyYaaH5jT>f?#^DNy3VVen9mktE?SNTKz+q{khc2 zTONba+$iZAO_ojlZHmRzEZFIg5LLwN!A_$Y?`F+WX_kdYeSeBJ^GydCAti~krq4V_ zG;UB7JroOx>00Gyfm%ZgS@7nA26v38iT^RBY1+CoDMvN1OJZG6B1|ISf{?_zdq@hkqLbZwiF9~(7Zze{m5ZUB|%Ctws z6uQ$x=8vNsR45M|Y9z+dc-%k4^C2+~+T$jw9hs$54psh8PYh2ebA3)jvjj*(LwjPI zI!P!|Y2?qQ=k^zlk-s}ozQXxm+Rtb(vjeO+4EVWL_rguEG}J`vwUQ5lK;Cr-wkYgY zM5A`lwNg|HT*~yLb`Pk`CcVt`7)-Mb?VwtwGdW=TU0NE8_dHn5*`#QmTCpRHuHq(b znWu4LFB$kM4W0O`aS%nw`O|g8*lm-mFB2&m5FH;Ok!Q;Fth|s3m8&B{Bt$o@O4tF) zzaC2n$()_#tT3UmePj>7h=!nK_DLf9^z6Uve!(_{#jdle3k+UZ^CyNjlez`;4qA&* zc^iGqL^ExaSN&p1mdF0X2S8@m((HU!XLUg@80MfGT{-(@Tj!i_ z*0(67m!_FIeU;qwhKj-&L_Hx>UVyskhagQPNok>5dYo;bT;zqJEe2EbtsiwJWPO?k zk8YV8L90}tL|wSi$+_f5Vd0ckQB>%p%>h9)kY4Z?4>3cXL8p>x5I5H~9f1>-)y zb0^)!Gh*ZuNO3s2vSK##bCP&>NrrsdoT2mIbFOS7hM|>F<8vI5uAez5FgylM5b z0IXZ>3K2(#hea}XUbgu%j{@J+xxkz?m!s*?3rFAi7VS;?K2P(Rr3X!Pp;DWw>$sO` zL`tb~J&467Dk>3z$BfXps;?<&#=p&KNBdKpszcaa%K3i{qtBGjc3=G_xgGTXJ_%#5 zx5f=j|1?A_KN!<<7@O`8M@O&`lShctCxs0~5%AFr=j#3GBi}tFD4tSz@ttbH7B{7@ zs_d4FH&KjqR@jQIzObX^;_Z%JB2hp2vi_ppVzF41C>avbmnEu?&tA*(z_Pu$UYIr` zC={32_2_51I&A>-6FG&}CR1Wx=ugQ!pce&%Dcj5zo>N&hCbJ__%#!7q%nZZKk>Ro} zUZQi$^Y?p*ex!3sJxf+gfBu5@VnXY*TcG+_V?uG5T8i3i?k~L3ZqeEblz6X5JeTil zW9T;ZyB~O9QKp7Y^^fV{7L?ko4w$>!jNbYso$qUF6_oQTE!PH`3!GMuK~`xppfX+d zw$6mwYko(z)`-Gti`K01LH|&Vsr5?fLsr5@JIiet$u++^ms-$;#(ZM3*bVfz2D=g8 zugpS1gN$Kr4{ICD&f&ANPy?+iY(UB&W-rxROm(pKhDqUh@RHVQb;F!9lonpT#o4f# znpyRNGAfWA=N2~Hebq%vlA+(P*=FFLfu@hrMjx<(w5a~72ki{1##gW+HuUV3JQrjb zX*q|1p%|<9Jgx(#_omt1d0fl=!59m4vmBsSJ|VIQn2^>U(RFM;Hk@S^X2bGHK|!e< zCGv_0iX5Zh8H|VzFkPc*%8m$hky;mI-a|WI?)_QK+gtHe|8kHSV^{v1neqjSSTtpo zrxk`C#rBLi$NPn$#XgEKL)HGDF@!E&>0+2$7;}>3Ix# zqIpFgOl7pq_g+$akQE2TL_0aQa;$@>QiQ_vmDK{u#x-NBW;Y{+c92Eo^Y;tW*HjDq zEYUoueA6X3V3u+JXKCCfvnEN^dc?jKP`s}8fmGQ>G>+H>ix827B_wY9mA4-WO6gke$~8V%xq@#8WrY$?v&zr1 z;mqJ78-ib2FSO)gFQKzG!@w_4w9NM~(M(wfg0HpdR}LLrA#S~T&(vHwuXDfEx)Ex7 zJq(F;U&v5li9;ycLNQx`WPU}ha^B`QnJH!Wh4&<{rciN31n*37_~9d;xS z@qHR3A*g7k)$~UWPQGb@5%0Rl@N+OR*>OIlUa(mwGh1z~F!`j0O7?Xg#GU~oP#|VO zWx#D zc}n|HS4f0NEa?KP70-lM*-kiKaqn_5{=Q#fXEEM{HB{`b);f{FeS{}4`mT*|kc1sD z{89tV=7Vf^9D>uTDn5_g-=WdehK6AJ8BoX=yc=A1I-J=VcuH- zh6ydVH(p)wd@tUbu{DpCCS#U8@Y@DtzcEF4@sU$(CPxSv)k;P-)a(tAHBmJu1HVkr zX=OgbRa7@yI%n6=Khxx@-_yL}=pIpQRbRS1ubzq#e-V!zKcDfTqF?v`X4%mtVWbS( zw5smP78;b|0t{rdYHjX|MM{i|sZU*EiF^Z$YNRQi%9=_`tI%olM2Ct+p=`KV#70Tx z4XWYj1|-@kH!JKWqrLU^BAW}yE-PoW&|KY7(@bi+_vio8O3X&zFS$6r=RLw}-2(Tc z5g5nEDNGn$t|CnQoc;use}gA#yc30ZqscgOwvUw4n*%UWff{^W3O4ulZ+IHhGg$f) zng#a)G8rRXVb4PQAgZj5j(%*YgbfJ|36bC*2^k??(K<;!ZSLHui)X~j*Ey#>CM&s% z>L5{G5+YkYbv!_nA0rto@Dt_tl}&9#xlf+n%lVy`C_hJnx}$PSD^V;?8$8c_ml7h>rHSf$Mbg{LFRLI<=*9?F;7CW!X{a zuT4jvQ$hwJ#Vvi#$FewUiJve zDXm)ZYSm(|pe)OT?0c4}LQs~gMKn*JtnHLg>EqS-`?a3FZa$dZW6I!k@#R(RgnPFrNVpwUDm-+L^FESJ{!i9+It?2mj7Hi^w+1eMT;RGIkEfdE2?(~*P~E?q+6`-d z;+n5c@!oimZuO&%y}GeF1*5{8<}0`HTVn%RySmC~aet_JlVy+UD7P$yndT3t8DX`U6*T&G(1-L!-nZQDiufo$Z1W zgUNs6DauPXEH1IqG}L)-qlPCzqYKHo4y}CY-$62`$D+YiT5acshZQfOE3j&i!>#Vqxi4b| zsCm5XxO9WvLgzDJ__G$VSR#aBpVNx3K;AK-qzk~<&+BS(pVxhDg_WC{h2k>1g)4MD zh|wBNO)#L^4Z|*YLPcTWBq<*T78ct57n;4)y=@r1)`(g#Vh)iiOiy8G6RNKZeH(@B zR+_|~5r#~{L~|BlK?72`)o=0&&f0V%T;+!qz3cHPI`_QlJvZG^Fdu2_l0+2o=-R6i zg_Ubs`t^*7kgpxxJ^e+74N314AwSkv{)i-+7Yv-ce_C5*bZoUStoW%YU3_<)3YAC0 zLr7ZXsyW($5V;6@@+nMzrI9T7`8;{dlBqA<9pE5Shu=8e9uv}q5k!T}`<)DnSaM{_ z8$X>#rnv5KJ4}l5(!jLDOhwgtg&UGnnqe_%+S-VbWc8x}tZv14oMx#P6xYK_bhzmU z>JWwJjiIwt^O8AB@a*ZJXb2ET154Hosram{gb~D)_#O~cu!WSco2o;G%vYvg#;&I}Bux0}aj2TmN z-7J{~w|84TkoIqMh55}vvi9yy1faAq3yO}S<(_7k)xxz1o+n;R$fT=TG8KxIag#Ch zP2lRt?B6yaW$I`li*{U`ia}aq7$@9ET$ z3!^k#>w^o_-Ph8r1SKtzk={kx_RF|V<2u+5%e!cTFe5U{jV85rJFP>q`rYUGK3-Un z$NR~2!Hq`^uzIAz(JPFZJ-I7M`7KP0imz{|fQ@FuB5s`bk|{c&P#6=|wWtY}ywQ+u zgUN#$>89+}Weze~dPnQ-O838qhK3+R>fW7wmpk^O!>S$e9LsS~m#Hf<{mnSo<7Ycy}IgC)~l zB35`m5Fm4VU6FY2KULA3z5q;lwO%YHs|u=wb_HJn$&0Z$gYH>v9OC()TdrPgbXbf; zEMi1yU0M8}mjhIij256Ph4w9Z3QP7N$j%H}eK6;b z2AY7e8fc#Xd96|Hxb@Bd_R;qLROx~laSBiMZ*=}-Mvn%VDN>j$YK;fvX*$#$t4`60 z_SpwC=z~jQRCuGyk106}H!Ghg95r(|9dFIG^R2M_w$y6I6Ly!Hq-v?Q0+L>D9vCw= zbWD132qWJZkzOhbe=&Wxd^*d>=ZGeM)r$;`f*~K$DlWt3a+c0KDlXf1KD7gNOnS_c z4Yh~uG|N0L#V3-0yeDNGOMBK3)WSZpGPm-mOR&W&C~CZT*9CL#8R{VJ#V0uaY}@48 zyW+>JxEILJ#!h}X2xdz?g6;UL0GU6&I)V?}J%|=Fu-RK#;zIA6J*@hf7iKSNfy|=z z7?CJ!kbI_O)Yy>7h*|Hzcvao+Q15WV_GDm55v{|c~@FqrY4jWco{SoWAk z?RkH+E-9^ji%#tzi}9;`R zFMAQW2Tju!xM1$RMwtD#8|L|4o%_+J#3IdZhIu{{(oG)>2znWzc)#z)N+aDnzEtmF zBqF+XVA%yC176k6!1Qyv_S%~bf+Anl zuc#wzfnVQNYB1aeVL+oz+qoTSyx;1$_NPBQMD$X4=rFSET-EH@YQd(b@420;3tC~) z8XpEwb3v}R+DmuRt7u4HJero{_QMbpoYOtoYm4wF}dy zS6l=eHC8@5q-%GPNVNGGofTbi*CitJMin>1g!3IRPuk9i(DmD4(GLY&Yi)xO)y~A% zHKyj;cd&ma+@aaW?KOo|QqDq3x_C)dSb$->6xp%25_C2(26pPue)!J za!nlw)Bp4fiaLI+)6$v2x$(53SHGZ-l7|`l6k4Oq4P!IBD1o|!!L$tpxxC&7%V*l` ztuX&UKu~JebHRH;ohi@M0y7t=(O^dYnCpSbVRRW|(e=%(A~vi`SuTRzw2wMZI`f3l zcU5VyqirwKb9yA@C@wNu@oybWd)>uG%?w_uMC)V8{IAX@&^hB@lGGfAttHiZlfqKy zhLMTQbYGmp?!EK1$>^({=z>LB1Y|diucWKTcqq!&Ien`C%4&yrx~+7XLdAJ*pXy98 zSh%xhX`N79q~$Gz9lwXTop(`lTAQl7dg)BZ@>TiI7goj&LdHyUC|Y28tX8eD{WBv( z^O9O&*}YblOc;5$yV=@y7pWS{meP7#^T4DkZ2o<3r{V8)!Mv-U9-{7{@?C@b_vsSR ziwO-8hmyr@m7m}k&bZzoyiN1>7L5+DOMZsI3sINOUiL&-6Y#8KAhj_lC{{K-nCA*( znb0sv&**NFt#pLu46*yK)%n+4?scB{tjsOstx z-q=Ien`Y?F*E9(>Yb_?4u|jKM&AzF2J(ou_=AD<(V`kr~Jg4Hc$SW4!K&q?r++OT~ zxf(oR*i3JwB_Qlp?n8K9oM`2Ao-6NX*>!en)6caUZ64PEiKNB~sT83*6|G z<92vq+UF>$7Q9ewvT-1F!dDf7z_M z4j4C2i+?>ZZYj!5l+EMjxrA)FrJ0OND>7;{CIs*!I(oXr>l(?V8NdGh5EdPCBS(rw z;g=+b0jCQLG~LAuve#^WNc+@c=@5pMKYy${-o?z9^d_~|8oVRcASO-P)3!d(@{p#w|laYTIB~O>DAaKhz9_p5ro8O` zb(B{aUZ(AwrJA`k3=n}ib|TiQBY!6Hk}=8;_=L^^EAa@uCcbR4rb46 z7i_kfbUb#?>>nTAvj>I!w^-X5vG94}sNwqdE18|4WNw{>qZOQHPOO^a6BIqUqwquO zIhRNb3;mtzOSAr~=2|Pu0%G>%ScuOowAVq#(RM~CDeJho#GqAk=pvJK9EPkJO0|p3 z2s=9+V_%4*B+r$Zx%@IDe?X^6W;9kuYB>Mpy1L5`Tw+nW6XyJaRyo%}b310=pp{}~ zZShMYkdufcCGCQu*599K3sLc<{$jH~gN(6e6szH_WcrTk2o!wN%RIu`4>}-qF(S^w zi7tkXE~Dp|@mc`oZ-MJ*Hah!^*P8BbRa2h2@Fk_MW||oV$D)tDp{Q)dA~vRW6>9B! ztq88umA=khl5_SMvptacK6d=Hz14XJuKAb!9y0CQ>QwjtD%nndv-aO=E^z&#i(Rx6 z#*sogH90H4RTL@TyWPhKuOD__`2tmu@o_P)j6$Z6=D20XL3dGu!X+e;^f?{s!pw8v>Y3|x24UWb*PKPXL z+LEe{M!`1IKXuDy$JNj@!ilVw+% zAB#xp{8A5@y`mO%a_WpANokO$-_8v{>KHFcc}zve%S9fRq=pDTY9X@|YY`?>UwqU( zq;Ic5^7Rb+a*X`l(4nylCc>y4v6G()ogez0@3o5=Rs?B7QTz8YYTIB!fNzBOBpJr* zcWKJd?E1<(d1l_IM&)QWp#*|y_BLAoW7Jvb|GpQ7l^RTzMwl}kW#xqTr&YC5;lZI^)PkW#eIbs9bW1{WFO~)$s)VONQ=VEU4TP0dl2%G1%r6KUEdCA zi2+ET?nmnRb=yxGy)_7#Dy=b>*7Zm|sNsyRJ3cjMeFpQ|dFn2+kJK?C*Lot6m|yQe zFfu)&(sb^DRx&B;=j#{}Cd|DiwMwlvpHQ&rL@`bE>8vaK6z1=t{C1$x%Imbq5Rn;X z&T~hy7;jkl+K>f@VWKtIw7S=v>G_KBc6&M)O{wlcDu6v9F#hz^JCtW+BZO>lrA|6v<}|ly90mvde(p z8Cmi<(s4sXF>Hi4EhoK=WObu~!LZ@%WZlUm?|ne(0qiafu@yChvDA>ran=Yov*HbM`c zV{#4eSbi9i9mod98`>{dw+b(nBRQRX5{2=kZtcR$ocD5U=iK$=MJig6`7yGGOFd1N zj+@sSVfrGDLQ^jK=T&Kzg)`zQhYSgZi@Jy+hP_B;=2w4jbwHxoClbPx_|_W%Eq!n# z%$%%kM1iR^+4U+#=O(4O-CR`hhQgdB1t^vpue^XhKmCtZm{E=mnMkKlGq)s^%@ad{lo!nv z7~BvSO-sP@d@~HM;*3asXMGtE>@;u|8*&8n2kf!g-_kHR9c7rd1!kSqyY4^Jc!ZK& zw8)3f^J_X?yq_IOx!d$*@*7nxY8-C`+ZDW}|n3QDoxg3kSFx`>c*&&4p6?^%MChwBAf z(McyBwD34;uXh&5a6!hVis&9ax{r)z<0UcOyY!LEKMe}X=%bd}DyZr^(=z3;cr3*iCfKYnF;PcWy7O?A^vN;oJ2tC()ojeZB=JV+rMt zMow?Da31ITE|^@lmI$w|cF^ny>BU#qd zy&o#fo( z7YrO}vD1Z%5o1jzosQ?*AbkSz-$qCugFa?a(q~Y}{eJY#nUC8qa@qjtcN2!}Y!gNo zdjw_Z&5bZ)d=`%TjNH@E?^_uyw2K%ZKjmY^_?z#{)`9@cTv>Mq$<3I*77VB)-rgcs zEMGk~N?sz@N6DwYI5mtU%V%A!$|`h$tRxprAwASiRg~<@pqLSMhndQDn7+Q{-b&tr zDu54?xMMJ|`1zvQAeu6S(oQ0`k|7c^D z)sv~~(?4?VK$iAHWuJgxE3Hm4{Rn5Q|7{BLEUm2_CKJw!1o-(p=m?7v`I}W{HFJ4h z7&1=Qxshj(sgWhq0+mlV8?B8nz5XF1&n~5qd)v{Q4Pip*d>kv8WhcX{yUeqvua}>4 zE_h6)r#mx(WZD$@DLH>A0Mis+GO=>{Rk_7E7u%TPtZF9HHag#JBGZ0#{@YC^d~q?Z zo=ix;_mJZ0Q z;wc08o~F2HtyZlMh7>#Ij+lKceI*&8J4C0er#CjipvST%m|o$cE3aZnNGYY=Bmd0n zTpEVSOKqLeBjIqTT#!yOpjepjrgMEG1DRRelk@8oyaOhbJIKVb8MkX*b%e6Zt1{o4 zzV&WKJDEDfS>+{@dQV#}w^Wu?h?tPDUAboOcDe}yvF%1Tl~s>q`JIeW&JA@8`(UZv z7KFGSmO6;*%BfWT`|+*e-NG4$B)qnGUzN~IpLvn~na!eoiY*_eY=C~FX)&+qgB4o6 z=jUD8XV;<{U_zCPLD%$Oi$Uf)b-oS89n!xU8Y=KX`;K%QYy5Z zO5v-V;UMWHl`H?3F%6TiHjBhU@eaEc;eO;?Q|qUA+ap)s4d+#yV~vdTKb~2eKIwfI zD-^-huqWr=qJVeZVpqFhlH4N-6R{?s4Yf@*wAY;Vo+d=_`4xa^M{?BqKb%+4-u4HzVVUXd#o=RF?o2Aux7;YM z4+%|AnqCOwen15>wb{}RBgUa(>)E@+=o2zqtnRa3gSG(UUHX=4oyL7NN9Pjk&T|RM z(1y6+)kOTlRrMz#tPBI(*&i?(rzh9Z;uCvd@|XFh08E{yZLArC5)}jDWtxF8@oDA{ zpV4=B44huiwO)%&Ogahi98$jcJ5ye~meU54e{Jd|6TKuH9Uj>w{W#0^jEPPM`58&K zUvI}&i^a$mrtCw~{jImMIIHoTK-KwRIgC;_T|!}LTkRhPLu~cgd3EQ87S=;%Oa~hw zg7l&7f)Z3)!?idlDZk=qU+?9DDH9)GAKZ?n-bDnN7yLvLYbhQ za!)jl078G-O$V8jJ$2kcjBuGh*vtwK#N7(eC5g139qV41{>s_!{45!<=C>)FjP7v` z!jx8D*9c~ad}?gWP&qfScL*}Y^g<->qt?>_z1QCogwXL^5=UYVKkkLwm zepY7=z_=Nx9nv;jyoLsIHz4>n$cl&JUD5rB!TV3O#zs+h$b88mC^h9a!GJdm1=)z! zG91XvNU2hfjmJPS^cBA0)}l7_mv6Pf2lMw;42-a4+1h^H(;&RN7h_lQ9EBa3&7>KQ3x`|6!bBu~$4u|Emo^3kC9#v;XGN~F zl-wnMucFnW(yN*UyV{@Mz>v$o9YWxnq--YA3pd_*$Uug@9nu3zjLlo>ge=WDg7M&k z@%I!3Qo62tPr%hd@>gCGuerXym1NAQd=r(`q@hm*#V24;II{XdBE9x8MwDijr2kd< zZ~R2wSWhxusZ4$(DC70mkTHJF5`^((o^I@*2>Cp*s9SU&5hK6WB@`xx(v2>uO=vu0 zuAmDf>_*xn4k6=yJ-5dv*c2=`Xgi9H^ugWZezCebm4Eer4W7$e{DMP1Nr;4`yyI*` zeKz5DuDR;A(d3w25Aj|d_oVucOU#4`8Md?ohB)x_DGz8)+QgOq3pS&xszQfoGvo(t zp}qC;mksCEwF!TI(DYj(s`qgpQa3NsxT?D}I4{U-J~H^(?W3p#-ont5+}4>mJi<$7 zeLL4L*W=p>G03W(RL5F8ApaBrEdJ*v7>1hMs_{hh7fE`ChWF|nE)j3(Ovx(8Ga#WK zJGOHN0t`vx=oC-#TCl2pEj?l;2Qy74jM`QZQ3x<&%8 zpvZkG1POoO+^AMTx!pqdX^u~z%O%3f1GJ$RKWwI-+i?sg-lt_H8_|=KerpGLvbGS> zE#(UXUTKMjPQ^A|k3bew4}-tv)O1Cr71H8xEGI1L-2IobrKX*h;!6|I8ipwe6Q^iu z=F~GV^iyO`XR91!e5G@>JDiozkwk<^#2`IIr>2L@^@l|EXXb8!gyz`E`2~2sk*^!j z#@bRB*0pwxh|Jz=0Zi_Qj&jA<1V z1#Sn7ZZiI_s(({!{LD(HIpYxX&}GN@)pi_-)H^Og@nc9W)Z3cqN?v*or3)r5M>o~g zbf>|Dx1gW;A!U&&tA5=x=pSB(XUdV`O-=eC~e3FxS9 zwBGJ8lLrPNQ)NXzt=3`$A7|w~Fh0&jlHWT2cAKEYY-+z3hxU=Y&C4>vkcb@}FsR9Q zJJu__@EZ2c#OaNl&#IcZOs)6S-ay$uNZPrr)D4qZYKUiAQD&#epR3b}UAX28J6lDf zZlc3zoM|^{YOy5?xoc`FM;~MwfV7WLHjWUxm3b#xLFvpy4hH&t z6eAM`QBpr}6J@4D$9iZj=Lud^HzT(6-Kf$aFK7Yj?=-PIwZV&* zQ_TNi%=N&Ss%-vA)iTs_yQZv`FRT367cKv* zx3p^%+c&aLC>tK}?PK~RxAA9#)o$K@rN|L0VZ*ydM0D#C5za(}M#jwlVCGukc=@yy zx+zP0I;TG-@l`X`PNe)}Q=C5r$=D$;3!|QIDw=+F9YtY5(kV zUv+CuOCR}edB(s)$ko1WBx&2^Q@Xz_e|KQ)w{8+Ya%P-7qwDh&a7)H9f}|nn^C^Bo znVvGsG2d&SL2_N&%wrJ$gHIF<;}#*Zj$5mDvl&T{Hn9G3rmDaV!xFvh%+1h0%%nk) zm6*{Y3WK!$$ZEzVXK_Zy@1Y29k6IDN!Zmu zm$wr~a;gSwS{;28Ki|=Xp?Ngy+Kic5(-NkSasCj1l)-HzHDCVY7l;l^urv2JLRuF$ zku_aFQk|OXh+^1zw^xMC;)IibN^u@X=s`3}<(xZI1>S4FqtT9iPsDr zT|&F@0iy6#k5F8iN4sq3n>GwEgGM5uKaKr4Hqq_;+y#kMkA$KkjJTCYeU+cN8A(+? zzwn%_0S1&IMt|>#V&zlBJ)%V6Vbc>JVccUf$avxHph(1aEjM#&_q+7@m#K9cdmT$g z)m(@%|D&cyj^oT`8G?Ua1%e1~_T7}wd>*R|d8~|YfV5GT7BcX+pW?iN9T@QnT`)R= zJ}7Cl82^c{q>qMfW+2f@Yab-$;8-Wz#Zepcy4^wIKRzerH8%P^sRpHG%LIRJ?-x3CKz z!oW-IFy=iE3~fm`4r6YiOd5RZT28LQV%A&he(LqGuO#LLCjI?LVft_K>Ym~9T}-q* z__92kk(^6Ff@W!eG3pMCqoZ%qsml19dL19ANzZMB(e>@&31NeyhRc`B4ZXJpMLk)j z#BM=wJ^uowN+q4E3`VsBQeN&1__wX?_hzA9AH5bWXk=D^C9;O9JpoAA;}`ZSp~X@X z?&`QaPG+EaJR>D4WC4kx=#R-K&_qVurCHzDx1$DV@!$9-UU3*1%~s8(b+(LFS(dl@ zJY5dgP>%gw=QdUt*+;Pk=8N$RT%m}WkS+4avgn`+Jj#^7lDWV@Vq$eh%Xvp#FyEg@DNcihK=gR z;-xx^XRBOS-nU`cyZFym?!n&YSq$=Zknonx_se@ekb=>K66UDE(^-~r1aXj&iRYH$ zox22^)pokG&39#$V`b7czgETj?+)jYD2?pt7DYmW#YSi05w?uH?b-GIS@z~D@hVO$ z)8=7FPuQx|(6WKUAEQEv-&U265iQwm?%XjHxSkuhwZb1ADv@7(S-x%p88B>qMAf{` z+@iN0!iafxtFA!SaC?w1gb88gpTp4I9Wd%1?WXHm@AW*R%>x6bw+c4n`3D|rg5+Hl z-ROh*ScVn%j1q+~0!9@2;PexDUdHMrYp;LzSZ;(7Gmr%y3(l#&|3YB?Fz7eh4u@$aXc%yYYKNy@-q$bpXL+zDq)6_Kf=K$Y(Hm2!@7H zkuHc!(AxDL!A9w0Vc15uP`uH|7j{U6*JC3_EL}v*k+8`1tY`2OBPdr2bC?CFtDAbNIU773R)Od&$EMe8aD= zB}i3#XR2<)uelY1H_e>opK<}nTX_R-<64}}39`;dA^xATOWFoVPVq&F8TrPL-iv>n zZJqh>+$K9Ma6IH#07f#yDJ zU`br{PX~?0&Z>;k-L~f`&N74D=(+l`PbBPhgFLC?{F0D09rQtU9u&zd+F;m8-dGPK z2ecvT55Z7s^oS*-U+A?j)S4iPALF#u--~vmIyiekr*p%=)hY{yhMd9=Ml@STXucD8-@(T&Kxq-6CTOR*9;iRgg`<&-Hw!a2El92BN(W# zHmwlXKqSUv1l85#*+2MM8^ zzD2NwJ}1$v*9Pwp=|8(3@9DjQVw4Qad7G^Mu24a#OhT4d$nNlx!S7T@&{`{gBTCo! zA3c{hIYd*sUaqZ&ggY&Q(pHjyM!=&i@C)ySRZvzV{OO#v@!kvBZFm1t*WK-C_~|0o ze%J2?=>X(Q@kYMo*Z*MT7_qBnH9g}l+S9azcxMIigrX)E@3!B<$Ix#rB1Zh^X6Uy> zYOwQ09GQM+-Qglhv_!;a_J`rCf~%A_PSe^H9*A4-7d~+K8Ib*(^OF&hnp~qztLFW; zzeeC38qTW}uA0vp*xn3`IBl}HXjwOtx#eD*)|h4Cp088L_B?`7=aJhCyWt0!m8vxb zbwyuggbQJ8R%F*0cAK3BjgJC?Z-Q)u1QL4YngfCo$0F6);)=_y&kGL4x9d9uC8%EF zTPp-x5o0Z!McWQTX7Z{=7`9N;S)ec8-E<$)V*XqfTf{&|uY^8fFR~oD`*H6P93$|x>PUvW8ai$R~d9OH}4DMDt z>UpkmY$nFl7iikrkU!f)qS+)e@@AEm?(w3_fdjns(crQ+n&>&o>Im-=B3$#+bjj3@ zs?N6w?}ruGG$tcwEXdQiZ`2_`@;E>;;yItr82xxCS6YJefiphV1&!QY;rV04oq4Yg(UAU(uoYg;e=8VF5h zLPF+FL;I%bgyH1|lTnJuh{Ip&)bj{mHvdjes;32O1w~d*k=E)v`z;>4 z6#a5&sTW2D9Lqk*ESl9rSR_r5arvCZ$OnHt?3aWucrvTo)nt>+BiPiuN$CRV`p(CH z54fug?98!i%?92WBqO#}{cgq{W4uuVVwjhh$bL}_i8G#^5)>T7a8qXEP(utZHCwb+ z^o|ifKi@3*d#&T%oq%8q&A?D0S0Axd7KD)v7}^^eg;6D)WxPg=;{D5CS$MqacbYr$ z5Xni-iH9)qJ-495f~4nL1=kD%SE)=71$0eHOP}drbi<%N&tLI22O0i%)zNyIOFMF| z$-;AOFz~hu20f5kOg4%Tg z>O0v3Exdp0RqW?-HQHGR4EwtthUe6YBrr6R)8=z3*QHDuGWErr2Zozl#7xx6;a75V z-8Tne5I5RP7FoUU#y7rm6?KAAJ=X|Bz;S7j4y}i`I$)?21>7d=+H6ndlg7ghqSe1# z=|U^e^!r-pgSd?f9GAFP8bwHDSDLieRv3Yw{2JjFFASZv;7Wixj+E|};AOtMH4WnQ zL1M|Ul6H#FBL}HHcg85Wpzy()zH37rec2E;^d&Z0(mg6BL=w$Jh$FhpOrvuYcXZFl zu#?U&9+Q4A%~Z=XzHKMNoV4`Gu#KISPmTw=lK!vI8HRrfpJ4b(tEYyBgto#@hH;gy zHq!6z^cDZ#S}4Qbd0q!)(D46H9h9WbvVASl7`2UvX^FNs4nbm(y zi~I{`aT9(c|I}IBNQT~&rwhCPQ=9MGhcHa&UT4fKog9>ZK_@U8$k1#3o#*Pwkd5iH z<;(slmD2Cl^HM4QE7-SgJe|ZCB!BE&(K-1ZC!){RdkVwl5(0ut_?!mP#Pz0 zfR67Vas6sPqu6Q>-ki_1-9N=Q!>}X=%dQYz?Nd*No_0E2Fl=HyI|8ZrE}u9woQ2`< z(B~ZXi*JP?j|~RiqU5Dkjqi4V7Qi0TAgd!oS2!EJFf3K0E#!?dI=>D>3sBt0okiy_ zbX@L9cjq{K_tIU$o}W_a8BS0g_5TRYLi*eK@1YNMe(-XKXm#(OjNUK_BbIAl620s^{#fYz z_h}e*v>k?h+L@z1xLsuo2!;EPoy~WI&FYx-O8TF3dOMdk2%RP9

NU{`_9AALIw>?|WDH`$3uCKDff`|LNcV zr|18_@%Kv4`2Wv)!r!8&evpUN-%|B=62G2Pe^)*IgM9m$A7o$k_m8LPwQuhqwJC{ZRoW=zs~1Zvn_wtud{2= z`E%&?0KY!EfL^b-2GpOc_`9pi9HY;P0)MGrA1L#uUztDPTkoURznR|D z%=7nwr7!pu zc{G2nAg=tUYnN`F`ZR0VwL!y&`ed~4)3r^r27Ml?f5opGHPl}>YXQIYfgf9Ev@i2* z!}}k=Z-wZl#?P<*b}RF@K>Z!9{szOqyX+SQkqA|J!*`f{c3C@1f;5i~@aqYFy~wX6 z{dnH>r`L8JJG9p4UUh}%KFa-~n(-Wbu0ESS_wtp#+g`Y5E+$831@oy4kg_1v`ps=b>yuwE=FsZ_e#HyBx4Uw4TDR7d?sS8p>qcIePjG%JM4kdbh9FsD$Hwc_RCV){2BTo?+eRgfUUqELj? zf3PGv_&SKT;cWG;wBC>MXl?pCGKpSiCDQBqMEAFP>bC&@{)sy0CqD1G``lyxzx|uQ z*Eqnh*Q)zIr2Yo^{>KvBV{fSYzpry9>GJP7)%pK?|2lll&Fb|Xb^Jv2Y)`Ad_o%-u z66m`UzRouF*{}YNOrUGu)ADL{!DZkezmB7@K-Ug_)*#L+c{E%_ZvC4zu+8SQT+e*&zRK7#;%|5 zk$>I0&**#nL9w-6y4=^isc6`4v2k*7JK3)3B3YPzm+1WBqq3-3WwFpYEXz+!7DLbc zCgUbf6^(CuLzMp3PK=mZ*Vz5rO>)S}!7_713sHRNW${Fyrd*ISTTJemA%8l(+sL?X zvv}*`1pCL9JLUNSY4TqAuxz#`6t<_{ZC@o;m75TQ~nmUJGGO$yBCTl zPOTJkjvg@feY{vsZ{AL>J9&eg(katu_r)*bt%XsM{P|2V`@Wy;+4FPdhKm2%{_tm_ za=B&VyPp=xJ7&CQ1YU}h_S{x>>%UKl9yJ?^7ER{MJ=JrK5zR-)*Bf@16*f+kwJ*IZ ztWNXAs51k^upTdqUM=1h|FxSd?vO=dz$IHWe>_>7`TRa{deC;`l@|Aj@k4(!cJ$vb zyWRhXY*b*&Mmv^>t8QE;ns=LT{Mn?YsMYL#yXA#FB5CaJ#-br#3Nw7OY+P-L*nYUR z_^za{_~oYujE8$p6kXNsJ$}AlJpKG2J9p@Av3Y&Eyi~Wlm^reZ(f8j!#Ecn_*guU) z7v@8AMAEWd^7%0vjZsg0Dt2s~ZeLniS+*E(i~MSPs%(Dk&qmAgZNw9ELiU5pdWyWp zU)YsOs>wGK`^lfCwU&z~50mrO7@|?#v*N|{yT!!FGsd>AEyW8~vhdBgK~_I?n`m(C z8!_PV^Y-3Xua{fu_m!0^-6n?b``d20H&u+jx3fL0Uz#|4afPw?+vehvMIFSwjc16g z_P2>2=NyuUUO#BGP3|UcZdTWL;G>S>-BB;uD z(Il~kc(+cfvFoOPMT66y7==3u#paErhKPP4>i2$G{9gAVF|5)D_HSzjio`EXyW9Dj z#ozPaGA=xOUQSK_QjF+%SUxzZoZaH)J+kr#8;n}}j){~;9~rg(SRy{Uy}Uj5$$P}H z#xKcXLypMqX?Mw0m97<^|K7v?w^o{X@bG*&Ch(9rVculF{OEac+lvd0Xwfk7*T0uU zp!b{dttsEwjp}U?a*MUy5i5`rFNgm(1*G5 zk-}HS3oYx5TBjo7^}F}V{KLC#Yvv45ExU(k^w?kGo42RhA1n;W1HN6x@3~dQnLldE zYOk~u;U10cZ#MUo2U2?3(FL94-35P%jWeH=Eniq~^!V{M*~A=R80}k%)Z)f+=8s)P z;|hDl**f3Jx8o;@uUf1TPd)sLef*Q>puh!YqzE2c0PSvnK59WyHyMH34jo2*@HS28`jy)l}yj3V(`|`M06u3w1 zkKQYCS1+}%+ag5gHan$n=MA!D`8e_R%P-0b6)mIL;dS!ZnuDU#b4$gar?0V>Z5=9m z-SL6FF7=|kuI^t(D4~&jVf{XP`lV;Z#HX4WgVMf|zwiA?+|(P`E~(f)XU z5+oJIoP3`RW+lVRG zUMIINJ|ylMJW!1JDE=sMr)8FYS_jzx~&){d2lVUpq|Bjyxmd&U|F}_9sZu;92f5RfjBR1`$I zVWiXu>6nPpogy&>1(g^fIoL#+5hBvC$wtG70Sgwq{sYgC_j8|f&i$TkxdCub12aKv zmc?eKTfE^>oc_sHQ1+ch|NQxtXh>|#K49U~Pv0rp{;olbQ3E@q4erp;){<%A;w%KN zd%-O?6Zg=R@>fjb{<>i&rZ^a#e`zw6{ZS#dEpFOi^ZQPSCn;ua280sz#BHU`A z67zKJ&2OxdQ zN(nfm+elV@KMU(w?gsAmc)#p*Kv)-0)AH~5!j*H~c&#UMLNXOuXUA_{j9Y=rv zv6ZlF&4OPm_f)77z){%vmi5ZN)?Zvwx-aP+Os=?8_X5&;2Af44v9)HoSzN%w?F!Yzb|9$$ZWrC-1y+&z2G|Ve0q= zru$?|#a?*X&gOodngt`nEW0;eQ??q}{#-b#%TCn#nIolzUAAMM=TeLp7up2IR( zrfQ7AHkag^w{|YzCLZezjKQ)wwVcn4WtT#ioo!o_m(dW>eMx_5buofs1ANDRs(BhZ z*sEimzPoECZyLL(#~Q0>c5{M9;=Pk9u#8e&Ngg)aeCB*>6jBkPp8|xi^(JxX4-Jw%_haZXo>~RoN}%$3 zc##PPD*-y(t$0SZRxg`;e$;taN8r35=Ad(FO{r=p-Jv3NxO%`lv*=)1sC@<{Dx`xH z+`V5X(2^ycXBKa5AsgRW#^VetVm?!sM)|bsYO>D@$3OilH#^&57H)S8K6-ExR&w~) z0&V<7-@dw$Ty61JhiNd9&RA~ zy--plZ@kyznLBLnpW0EH-d{EeYu0b&3Y?}@NC=~vPKDOD`Z+b@$7WvEMXX(3GQZJ~?b3*lB+e=yDC zJEe&t8nv?Bid&L%Q3>=9O16Eu_7n=3Qfi(Wm<9Yu(OlR^+ckw!LjktC`k1ybcp6g5 zcfK9mX<=D%|CcQ+1nSrWFQ*WW$^k!rsTh$q_ckS2br*rsbR3hC6jMgsv*Lp|8Cb@gctWuOh5h+8e9GE))E$>?sD4KVvrFjNAz+cp z3au_uhMIB>6=mq}D4Iz}TakfLT+@4k0~HrYt+fN(;7JxKxV7?nSan^Gj)k;KEab~9 z#@_u1-?$YsX&X!{o<=`EdWz=IaB(jGz4V1>5w#GtSBqagFG6H|6ze~T<70{V^W=MG zHzq`HvI32YSxnsliXg(VLV!KeQM2iR#z33$rl*vrciA{>HV_ovY+LlZKXSlE7}!Dm z)O1qyRiS&earwUQ$9L-MpUk(985PcURt&xN=>SgOf7#-vFz6l?DA!ZI@mnkwf`g?X z#$p!Jvc}B~khB-+vpgP2L)WkJu7}cjBMk7$8ud5`xSSh zB_{Yi{%hI!j1rpIatSL!-9*R^oh!sUt2lSx`~2QfzNz$`&c{Sb^_P7ASh5ev81*P* zD@`i3%`leI8O}7iI4stm=bfu4+3dgA#35LHRh%(meAC3D`$!4em*1 zdK9h{ZQa{UN!`R{uX&RqQYhSJBhD(zetYMV!h6}!(X^iULO89>etEVp zkDvV}d(6ZhTPbCZb7&tcjeB08X0ISrj8D}b)5tawe|%``Hpqwh1zMW z5KA}=-#!(L?z?&kn|EU5S!}2>3I@`wvg#~*`QrC%IuFD9_N`7@h?shvwL}%xk%)~R zQT7#|lo4vW0pW^4bK5)7jZYMDNm(af&5BMt<=DC;A7>GRC+ccu-=SwwcBG-_!7D=q zL_GwkVqN05UJ>rX1!|x?{A0WFOWXQL3^o4#2Tp!8m;aeyIP(|f+X&N6x> z6kmVJpW7aB=Y`lF)WVUg95@$!ekB(Q=p+*1?-f)&wylsYnU1Cy`qsUf7>is`(ay0w z=l?j+8{>oN3kK+)wS?ixtkztWxrRWqCuSUqVlF}xJd=5YGT;##q?S}X_wyPeRaWbR4`@T2ePZe*! zk&^ZGV6VLSW0&~}QfNu!eSzLD?Q7m8XGDpZEeLe2)C`y-B&H)!a}qloNvaRQQQ;el za?)jj4Gz@IJ9Y=`FQiK)T{<@T?BGLy7}6+4u;tY4=ubixz!@5m`T3L)QS^Km*Oxr9 zGU##id~R|*mw)L_A{gqjCuu7Pwepc=a*2DucO#pbTqMTz@8*k@om8hO(^UGAJ$#L5uAX$7o|qi5|^Mm`RpQnAIzW+QNg zu;@#Bsp6Y{|M)EjY-BQ+b{q3Jy+A9vif6gHa3y5T1lXSr0S;pKM5Ce? zxWnBtH<}kn$$NV36U>Uw!A<%59ZvrSV$*%Zxo}0g7pKd8*ki9#C*PWbciBqBng`Ur^ z{Fza@9zYXq_81`>Vk)iC_S0>k7Em$5IZ}_2``ObXRv-JA6B{ER4NIa^}!?vaTBQ8Qx$tOA;R;uti(Zu#1gYJCTLSIRx7azYJ1>s?S= z>lMIbLDI|&EsG-~$xpZaiUew1K*_dbeLBpP4mpj4QP4l80~N}Fe%T9o`%UMOISFB5P@px|n)(Sz&G-oIglS6eI9V)p#QmlZS(L!aorNQ?V~OSDyU3s~s&yM1 zr`{VWdoeg{t;@u%%&&#V>e+oV=QqjiO zZ{;3-JDNo#QN%G3Wb_OeQEkEa2sIlIKy@BqwavzE)9r$M{(*z-oOw=KgSRH408^oI zh{s?Zp)MPsTYFb${<2lzzpca@QCFuG^0HmN`F!(=0w}2Y8qz0CWkW~MA=YY0^$ax) zh&$9%!>+_tB1d*Tem*p@>~3qZ#gRDv5vqQ|jz5FeP58n0l{0sx_U#MgW?cwxc|xhq zWEdlZLCb{!!<{Ca!ZNfg7p^YYQ2*Ozc{(n|M~liH^#N;obQXrl(1Q=9r+HVf(}N*G z*(Y629%s>MNM0Sb9%rcd84qZ7Se9hCY;pX?X}4jse<8GJs%O{u=+P3&bM(&_|0#dC zaX`LodzPKMj)kMJ#au+urb9z6KckCW*7>aQGJZ+73TuO1ue=e5-JaHF3&j#L=_*Qv z*~^UC=GImu;opjdnYs&P9dg0`Kh8;DK(%!RK}nrS^P^4cgLcRSCrzkmQ*>RQrnfxidafwNrNDP{v>IY#pM| zRWBa%~l?Gv8KZ zbe5MNX*!-2kIj1wJL^^ChV?&OAV3D29gar?X`L3h%+xt9lRk|B8I=iTFKoOC-+qB) zt+R&J_s(N(4Avc#9!hV|Jsl30%BtUWXNpwQGc7x7Yc{_byjj#RXyomM!18}e?QmOJ z?}RCR+9TCydO#E>uvqE+4q#SX9O4FgednJp2UNP{KJA-Ysq=00s+K?bkId3~kr!!@ zqn!&k>&=aDBB87d93O@ej5+goeuV3pE076&qqX zSWxO8@ZTTde|#ehYY-UORlcab+(HuuOID=T99m5m+&&xe(s16SUs9O<-M74Z5|gpg zHOi%;fnVQCkcDYpCri`L^D9#G$$cWt*!QJ-Bp^%%v~~J=9vb~B)*By5wuHzHyt$gq znGV+!WZIV$OXT1yINj%R+biVI$2HxTZyI7GJuRkh4n=U{NGmFL3J0xkO)@mdY3QgM z)t!aq5kJoI0}lW6;Jp)FZpZCB#*9p12b91oB7xntiC^-+4>r&!@(VS9C{n;2PEaxI zQ@QhTpn31vAKNW%S%^%%7sqmwBTXqdX^eucoOizeT>t#c`RZJ^`xyVCJs#%W)YPzG zf*S(cEFScA$2#6s?5L6^D2(fd-_WCZ)#M-*4V+b(AY^ zk9jzY2i^5UxtP>JN5o8NMDX5nR2gwC`~?Wr2LE!{B+{j+;`|cPH9#X)AN_=@-c{%I zkuw5O66-?3*rEu(8{bXWK)WLx`rjcTMULuKh%yFBThT6jvYwe)wcAl1vOQe(8 zIge}(T5HR}zQ_itfxT1*EF)(~mlpr;A(L>2!Lb_CQ9kPJ^@M6)t^0hE_+@RQB>oOp z%Z5(N*{FSY%*j$jN_kEAB5e-F0g8pqY=L&2NmCT<$`v!Y^lT2+G(!_eUM4+euZ<~A z%6nf+!jQlxcPWPPM$7pN(rjGm&2upW!S_es>Si&@3!$^qgGajg>-1CE>+o3-&U15a z`QWk8=ATI)2lKPZ`i0YGOB{-ZU#WWzAqTjYeW{vuRNzo%E2^7lT?R+8iba-6Qik%hsBq;1}nu zyL7o)F=>&6k~rMvqw^8T+$WsAZNn8S!R`Lga0u1tVcY_IC=4G1+sDC~zKvdh-{)8* z0q5zy1#*-FAF*hJ7LR;1iNlMzS8y;<6?z-EIVA)Y-`~mAvsjy*(LpS(qY9Q9cm?wz zWIYNWkB?=iZ$jOnd0yQa(!F{28G`6P>R0LaHW4rENmn25nz?c~IfXuK&_lod{eieh zGZ`+H8}-##O7Y{?x*I+_@4=4}_Lw87q#Hov3!gH=1i=2KqGwjXyYc7bj*hT#1@o6H z+ELRjIw^(p&sq=LTm5x4^l@t1Qk{{UfK3^ zC9G^E46W%bJziIAF&lmg0^geuUxJSJG0k)THW~QAw3HH{LlrBvCOLMO9OY;N8x->3 zsv?YUCJ?3kYGTF9=WX&EmTC*cJ{r1-UktGw3Tp(}_vq4EcKw!OX%?iY!qmY@VEFBb z<@^_@Xj;J3NiqhPoqWJHi6VB#%21VqQQ2{OwKKHnFM|eE6GyEfv&pB}Qpp}!P&(*G zMQopcaB!$v3?6yE=_OGKSHZ!bH!T-0a8)VV{AE;Yg*@q}N#*%8h!cu#V9(AtH;A>b z>FU_-xia{EsU2aaO&n>63HrDUn9Q%G=Sq)Lb6MbTd%{LQ+0PNXY2205V(=8R@ObHP zXB}FVA!IAcdJeOLE%*@X>?G|uGYM8{g?M5#}de{4_dcB&8 zahGfILa0u~Q2z^dnG_14z^Q9FO-|SlxJt1T*B|*Tm#~LK!#WPEMNC?C#Dp@^CCpKK zJc~ZkE8u192Qu}YmF>FCQroNlm8Lpfbs>Ph_y5n6EGtL~>kij(n$j|3zc&)Y+pW+A_mn zM$G|>qR_fWc`Yb!XidZpXY5CsKfq?1_|=XQucAhE^3HQxd}maWdS)&0(3->(r%0;| zl)N$H9q41^%dK~D-wC=TU}tqDVdfyU7PutIzY+?rv%|8>10KheXl>bJGQ;x+Cc-k; zGs|6=H!C84soH^B?>ImzC{1o@w&pYJD)73KoH(74B9JwUP6eOroXRi2yyxTRMym1#HBm}O7%lp;A(eBhBJNM2Iq6iOJrwuTxOl) zLMSe<6GmzYhX;%sBu*aOK5r(vwiPQFA{ z{^f)lzgKuP=1Bc_NsO|nJgpt6oM0f~<|DzHG;4+!DwUz%Mr&|%)#`Wu5CoC~;ovEt zs>k|vhx*iZy91!ajss^#hoj7+6OdpYh^ui}g)bXv80dI)}V9RMlb%1*f;RdbJe$ z88whzL-1ZYFF$+cTz=MIE~jW08w`}`1h@oD#cVmdPsF*TYX=O@Cu%PWT|GE|)PR~Y zUmUUFEH1*buNW>1Bl#OGX>oJ1&~d+mkxTVUquI6X%)u&_O4{4Yrg+uEu2}pW4L2l_ zxVAK~x&CI?VqI$}dDup|dVvE1x46%tjj4Fw`q@)ch`do&NZzdGg2=(dkue8uc5wl5 zQ!P~gDrcw=x}6i1>U*k@4zBR?2WkAvN!au%4*r@l0Ay0T%xUBXh3@^jqe)(e{uDU4 z30la=fmN%ov8w{PD_ib;jyK}I%^HPn0fUk1R*tr_D+0v-_cDh04$=e6IXjj z3j`6@&XJG`Gc7on+!nM~F;_NunZ448M*wE0;sl>neKUr>)Q?v=iz#W@kHRF4nx#ub zyv6c^O!FXo_V5nQnxg$v;0#2PJV;8X^~cIfAo2On$x1o1MExmUg!k*y&QYc>aCQ z2+^Qu5L)dy9C^8ODsl-cg^X`f$z<}a# zn#Z^K$a7;1G#;4h?w5t2OwX)$*-g&Zqt5kaf!c=7TC|Kh{Q7@n@~}Wt$TNO2SPpXg zkmS8*MmE1U0v<{?M zgd3C0!^xlY`F3<3{rMVK?h}f5IpyVHa^yx{z#qE@GS>^$Vu3rKM>EkW!GuHb00|_; z`I%QLC1|`2mn{M9AI;WL;VYeaZc3?2C<{0nXdJRcMF1uJ%AMt=ld**m?WSoTjV;CC zpkaP|M`G)GhG^>Gv;w2a~)2z z&fS)>6ZUQ@aUTm~<6c-zoj(t4g4^l2`PWH$HV7QVv=;5L+R6UhElTg|6($+1Gp(Z! zM3)Gh2EIJ_R0gMwkyJCrA~1E{1oq7Di<3JJa5R~#AM>P^rf?V_M&4#)N)tNeO4+L3 z$L)u+}ak=^ACLz78PRF6P_SR9oO zhw|HRbQlKVurB{K&Jo zat8}+{5e$+*hzCI=^Z;&&N&=#irMJYoD>rJ^}G$~F{$-}zzD4)zw}l^v+tV?iEy{X?F!=j5~Fv2IkZa$K$tRNb7$x-Sg!A$;p`#i0O;ozs9Zr|ThDbOPW( zRUe@LYwey92E;~%Q=c|q30Zr1U#Tj$dhY(uLs^R);Y!62n$x4Qg`iAI^L}>a))HWW zJTlUzb@*ZmU!$}4Q!F{XR6EYR!Hi~87Qe$(wSK6x9)sn-C+TQo4qJ@)su~`d$wNM~ zN+Q~(IQfye^M}p`mV4k_4$U^H2i{7zCyTiSr;7;pv#jFnkuN*Sjl8j%7R75l60YO-0doE}DUz082DO3omgD1dRHYaZf7F!*8tXXLPuOKLBwVN>&b+wP zn>s2M6)M3l)BDX=hX z3)ZJ<5tiuR;#u8sR{va0^Zd=KLy+OTU8`q)6nP+H!zJZUk;Qr&1wQbgH7PlRN2aKK zUx=?D#}7CB`z?y^JDCN}x0s1$*NNSLTIHaWRQ=CYRm}>3E7Ki^+qaG!KA+)# z*hr>t@tO?}fxZa1XvQUK{RF{zG~#l4D6L7A_N9(dmAak+$;*=7{-pvo;gU*&ft_}L zPU$ji4q&?9OWEWrh+EyUaWp{8NRIcX;FnG1!5H;UbeE-Cd!WTaxVL8~gmO7*7ZEX9 z8ro3w&%?21G`%AWd-OGMu4{-@u^m__gM!-aakrSo&TN@A0jz-TweRHksg2*{YyAEh zu_GwFj#gi@nIL<_8I7U!~2Gbo-w>uN1)o@^)flRPW{OpLol1O*&CO?MkLrLuxZDB(iL#sETQZ34*fUztc#+Rj-uPfXHx`pH zl%1OC4Z9CJ=rOV;x5AE)=?4gPgHw;yg7Y^ru-gRc^fS$WrQcIu2QD0qlHrST&Kjl# z?Qe+@OQC`-Kd;$At+`3tT0@y{mZHmZ1t2rTjb(HQ@f3%*z+?JTxIq5Br z`FES{_VC)Km%7|Xf#=0o{y`m4n8x(vHOU3qR_gnt;4|M`E%)+R%#g)z*h$I!kzUg< z@n6yjz7YoS12gp}Yl)>9!Mo>jT;>Y6cR-S$_?lwJ@J2{%Pf(HorDj^P?|8S+QEF3C{g7ZgfG#6jP3hir2pN7$^kM;$!}JlPWiN zshKzE0y#>vt#Z9<%31Q|G^L!s5Zk(87%%d=%)v-0u5I`#xSTaxCi)+gXrC?EAzr8{ z0%&08xr_pwwF?cG0 z2@}VNL{;=+gvvMB_;P#!1rqFO?q`s+^1+L#^9UcamiLbflJBIbpACHz8EX(arFqy^ z7k?5^MI2x9SkF3G;(%{U$Do+Sp!+@II`bNj@eQ~)M9o#DDW3yffp|N)=60&Y#s*u; zBBtWD3#3#uOGRak<;A9cCX6tepUA;w6fRvH>SDsqRBtan;dJv(BCuYZ%c|P|>4Gte zs@qVDnNPFP{~Wr2E=(h&iNGWVznX^)*jU9EhR<*tkiPS0#M?04`dSr{T664|_BTPV zGQK@C#OTP5jIW9cSuLhw+jOw`#rx5=rrdKDfwf+oHgeHVt;gZQzM9>7vRhEwPs@k3 z9r2?&;e({-cI`VCn;K$W)IeeG(C86s(kya+@E7`eh+*Fs&4#_~Y>=dP$|7|=Q3v1V zFuo_l$O{DC>}vYF2a9ZvJ&*M^hxYb7p1dO|`qIZ$?z{!I)k1V(c9b`zMEKT4zTC!C zhAx$^4}tqrkEzuNYp3>4O1&iuqxmf_v`9cugpvW1iebuy1gW|0EAg5*lue^K*${kXYYr z5-`~j4EBJNvTp&M-wS{=BWz7|h#xyJfLx!IhT33(T?zAp-{Muk86(dro7VnUeFuo% zOD3MjrTfhMnrH2iUpIy2mE+2C$xaXU_QFej4hh$S{~ls+m|X1V*8P~Kop0AeR??R; z=|KEq-daryhbkn!jh=E*XzV>}z867*?_$rwNHa)~$L5jM+TaU%&sOz_Q9rU~;K4Sf zkk}b2w*c>j;@ZtzSX`b~h?d43<@D@kJBR4)_!&~=xYEanLg*~+h~Y4)Z|OA}vN;^c zsJ_Ukov7fmwbnt}df@;eb63A&NwJyYrMVeTDA?uSwu>~XL=1HKo94eyEX zcs^|7pt4HC*tEtU)D=~X~;K5Yh0S*0)`SyWt<=j}a2C}&_zrydp zSlHJuIv?IU(Nc9o{wARY@`aFW@PBuE$n2u z$3{mN-SeJgTY3F-;7mnw^s^TD9^Y1%9;N)5_;G`_-~mWtDpJ_9DiX6b6TTjZ86ch( zdX&1fBYtuxkC>IlN`kkEty?pg2(@ij{kAhngMR9iIV{XSk%(UlGfehY89gCau&F`* z+!m6QZUVuHX+DcvQB$NJw&tF%MRa&0btlMFxu}`>Biz_0(WJ#ZE7a3mhN8e+x$iq( zFHs@&#;|iv^Wg1^qz}zDd5Qm zz2iB84*zb$TR#>H&G=0*{ptU`A9=i+SovtFcy9rrT|iqd34v3a97CtU=%EfmznNk@ zbC1RDaC(FnqNB!pWO@abLvQ%GyqVeg&(LA^4y49 z$F2jFZ=GAkjYfX_=R}`9=f&hM?=-)B^e-zzD5;$O_(V+@`)I)vcQ81YI6Eu}%v92T zOny|Rb^g7ZJXE@tcVUuSPL~{ixr3?` z^yIfx<I=?h^lVL)J>&5)VTAQp( zg|*?Va{TW+#)z6u6Wiv!#83AvkllePWBbweJV0yLC-9e5Uk0V#`PeKw%fz`Sp1KnMksP4ZBZ=c;%o1Joq7#!>WR?9_r& zDcfHi))6p`ffFX>^z;1y8RtFiXJgUc&<N*dU2*^d}c~S*L#F~LTP!Su~?bz)4k+{|Oir8Yy5weGWe75Wc_g%#qt))^GlI{P~n`GsZ^1Zu4MhU{a4e4eXW0>_X#V zm75%9O=f3Zg5Q647X~E&p~%@KgY6%RxObiZigq>&f7KCk&Cy`7dY|)F#px5dK%yNfB&j*_w7`h zz~w@g^qk-gh63?AL6OKM`K3*^GdZ=3657}A2w;-ZzuE_>jJ}rQ6$`!)r~25dUiWP+ z`VM>a+wY&`E}e1jxc)h1m)(O1&jY_b0Ozv8My&?wMQ-RfSBamw>?A;@r(DnXWGj#h zZ^M#!`jh6k%!kvF*JMj z``0W*B4^nzHT}wRJbr&gJ05VkL@6^UZCk4|)PddSbWembYLXC(ey~Ox(?k5BTf3lc zBdz)&aWVX?!$d8k?6$=PC{SR{GEXS5=*8W2UY*|0lwBWuIltzc>;I~5Ph?%iTG)R6 z-6{q)x)@z&jo|IAvfBSU8N{IuS9wUZmsc?Gxa2VqbNlw3=DiQDmtXEIJ|682`0Jz!ejEt^8Tz0t6!(JZ*#ou=^<*Ock5oz^E~$Z&y1wb!OVYnTtB!y=8jLn^&`&TkuR7piJoGIi22HES*r{_ox$8)&gVBrc7z+tK2i|6 zaUq(g!e3UbL=G-n3qjH9kzQ@gEcN@Y3YPAIQFmhSE`1-`UfBLzVEFjWX!wS+R{`bl zhVXkOw>ywaE8JehyDPdIVP+pb@A;u)1bA^JE@D^vP2CoL#N@D`68O>^e()Z9*ebcw zD_8eE>ycw@IbrHGTe%N7J^au4FVaL(I{M> z-SWlWcorO~va0BuEg4npHu;|Q{x5qISDO>K|3H*O0W4V{LvXOdY!(O9eq4^p%hpT|~ zOKXw~z8zJ>L~+2`RTZ9zDr5!AomouDowC+#-Vn|<$$0Q4 znCA^snGw=Sg;sg&qDeK?$piT2uduO>3VZH zNcS%dae2}?-XCawA^VcRhoHOMB@feHwYh&l7u5pP0Ay!T}qN60rx_$+=~liJ&`uP(2ic3vAO5a)Nb%F=@D z{}ml+@gU;G;YJ?QETpvIh-6r}YWH zZrE;?CfdP6%r!QYIF*I|vp)l;68MYJNgVCJOuboaqq?SAyKY=@uS=c$ii`Y(WL=Kg z{%~L+=BWNR8>$JZdauSCGE{FcWIak?Qq7&K4*Zeuf?uIFh7DGeFBIa!t>>yE)}V=I zqNU$Xi9u^^IUc8seLBAA)Z=xl=OtaS4#Qmr2y1VAR>*6mRZiPX5lm%nd7}!F|5(sL zca>;id~p2|>`>^FRVHi4O=WcW#&O5?2Aw8;UD{IRQ63=QG>DokFYKrMR|}=_;p_Re z!H6S0z+)}VnD?enMl&vu6C`jaHrHc)MN>F`Cfu?QecMrwdDGrJmwS-nc#?;HvqgIx z1ix#-SJrjIk?Hj4^}bEFf6j%w`I)u(_}5(`bhgqj#RB43j%xP*n`kOan006W^a^!t zZ%NSTaCrGua+5~mEvb*ELyXUnaW^h@5OP$u$g3Z4H~!p7>pwW~G;Sh@2B`*f1>7ia z)bwE1?~%ADwS7-e46npj|Fy3afAry2sj;tQ$`A8x4b_>oSMBh7y$`<%{TPU#e?9d4 z&~d>elFK)#Pb@n4=`WeOu);SFVxoj0Q!M-wsG(UOwdP~wqdJwPwA$H;O8eUTQ}eD& zF(J|drutXAw5~o%uwt1fcc<~J^So+n+x5T~GX0V*($$2(lNykmmrKL0pGj=}=&Kz$ z^a>K|Jc^cQcPS9mSz~t_TyVH2NW08lv2nMqK}u*SnfupK#w9^(pkWMyi{%}8Ap`vK z>+*Gt#{Rtif&* z^uSKgm7<;h%K9LGw5)_;zr>ncb;R^nybXUQYknCyCYJJ%t)|gH>!LE5f8e2mgz+-y zR`_Gay9fiF?y3>`l4^+S(pR&4U4vH{T^i_?(ghm#pV4ja7AC6`awxJkDg3kRxy_un zee|;^|4tyin$xczt9LF-s!F_9$d~HiTnEstct+|p1hewab zt74!v%eUbFcCrBaNSeu^>`RsERAXJq&By3@o9jeM<$w8ERv!-YLmDL)FU;M}67YJw zD#>h$t8eAo%k&c?U3U5F>}7a3|18nPG2nq|up&|0Lrfn|dZ2K`2k|KSd6OLc&@J@V zw{GyjN*L&U+Y>U@<( zM*tTllMgM^c6#T0mUAMUH=+MMV&0M8C}AXxk%`ROO=1wZq^^aGGP1B>vi73 z$StVgEzcqPk#O^-MQ@E{X~?5R z;Cd}rq2IFRz4q`_ni!_UGIY|04*47)zWn043tuC8x6AOay^cY{g3>kfhT7DJ!2euy z_yqyIavAg{Vvc_RKc0QzFp42JH7I3_UHd*{bOHR}PuMNX5)XMnbyi%L)d)rE^Sxg) zCh-TqUM2g}-nb=6M_!SAdsB?1;7*H>MJ4hzomcKIxb0zGqxR9U*Dc4kN4=iEc_S0V z*p-1WZxK#M)J>7a$CfoeYPhIYF02O8<%P2vW3&~GRM zV^h>S9_rgjM^1)hhSw<`Nq0J8b+3ZYp8R}QtUTg5oI3Pc`(w(9`~3X7v|=HJRauPT z!-a>JuRMKu6bR=pvuqXZiLvUX)?O`HbNkP(UB?}~DnK5?>Q991{?HA5)5tj(IY-MLY23wZKuYeyUrsh}}b<-Xj+mzFP`U_BK zAS#s&U1xp8-MI0P&TR^HlYQpKCv+-T-O61i-KxOIgGKS+jV}WCj^C}eNTDOAo->Zk zvL*y~U0=@BxvCNp#Yt zrq|0t*0|l(x5L9@x()XtuC(tI|0uY7(Jhx6S!a8>$6sien;G%L)Lro&h<_ki0e6de zBjq;*1Gt(47c~n188{sZS7V`16A}oWl;3zKbva~qv$V)XyniaRi4X; zG1hqp?PW3pcd{ZO49ZFu__9yA{?p04J1b@=pg=v{I3#Fm1g zCw^^r^--}2N3GRs92k3l=a9GlZS=j$4ve^$$UDn*3`3!2&B6D#uOH1uUCO`?3vX}1 zFHIse*2>lSjQ^$nN$dd+I=CKGA4R(*=`uJzvcFs`c$yO70P1D0Vfl-ragMG05%IiH z+>3h!xtwN)5qK;98$V-adA6Nxv{w3S7peSvd5vCJdG~hn;_b%vvx_{D`B%9hX+eN< zQCmsd|BT|aUs=vZ19G1I9GDbLppC0%ydD)7q z>6Revoo%}v)0*}pmSLgS7DY#{fB0|Qh+erin;9v8uIRWvn-qgI8^LJNUHAuZm&_OA zGl%rQu9?|tUl-*Y7X8sOm^123D5V4l6hT=&k%3o3=n2OGNHluP@@3_hOgn-vy&vhwA%*-+(hkAj@Q zlwnz{*pJlrC-2|n|BYw03#R7_w7WT{z8Exl@uJRJM_wNT-47UEtkdS%e<(+Ly_1;< zK_@%*7ji~S>3S+Z6v-<=9|JFA0ug<={HZ?8^>p1_p2M4Av>(bn>CfIXTvFN;7L;86 z?}QMbhf0td_KRb*N8i!KEHMiPFW=}>^a+o8sROV86hVWm}b)&VQXWSX3p1DxrcXvOVvSqbi zeSJu$BZxd!j9fq_e2SawJt+~>eEcMNe75AUDoCOzyj#eCm7|ZiaECZg;5v4`_5rBN z#MMR5!Y#HC^p!b`zX)*=Ma};2;1{D0?ft8p$mTmkYKE}CWdmRn(W!}un|una=sz41 ztXvwYDw@E*6~9}FJ{!`3GM!f#Dq8Qgegy}``y`G3HZvccV|#=`-1VBss`hX4S+t=u zl*&k{RgVh_^Q3Rm9AS%fryt1&-qa;Z(no^7yltpt{Yl-vP+)QA>Yy}7_sO2REktVY z4a>v+7--1d=8WJMj z{zfZm-iWUBq2qNiyv*U7zT96q%|G=%+Whs{zqhBuZo>0K?saVWr2f+m zj&^yty?8{;BllP(WWq1O)apdCIci=RB?|JjJkf(`-qr*n0AE)gTWToL>n`b~7OX8r z7Kd?xIBQ<7Dk>{L2Cu!HO=qUtZE=lSP*;stVRvr7_aGW5o%kPFJ*v zD^V8IuT+d=F?DA@tO)Akn7M5GyIkaQdtg#7(sHaMV8Ezr%(Z1#>P_v3RYy3w#lJ zH-#kK%(oc-2WLQ-zrvI)4(B?{33jd9U~+9Qx!rCviY_lDSG-~eu8)o6549?=+xZYK zJr}~H@cE=mYWx*_}bO6i41N4Of@NKA_2z+jabd4{F((pZK>Ciy&Q51BZEGMj1e8bF)5)kw{ z120q=QAjock{68=AtpmO6V*&Sx^o!zzu%1-KjJ~sLlP`_3}8ago4jUkh`di05FtAR zVNPugsq#4o(>dRgO8IACTL=T_dk%wJnh2aTT8JtuMzJmX4C+~yAtaPz!p>sypl%2b zUl}H%Out~m;?KloH$l8--wyY#ErD`(W`a{Gkn*1QFf%X^V@vmtJHNUjujeA{YnQ?- z$xrB|?}~g}-uU3F9rT%=L#?(S=$LIqge4}z=m}P$uTB6OyjKv8OrOBh>>LsMlMTM6 z=8^WE{!kfnkra_N!hixX*eIiesgEy#`5OzkwU~oo)au1LG7$_O)`LCsQPR&L7k|A3 zGOd0q$ZGv0WX~){7Ue^vxq~$J-2XwG#t0aQs&4v#RmX z-}@7tD>{i=>K%~rP!P{Kp2REEeQ1!VEsPxKA!R+&P}66excGA$hOOr$z8Oq_sRlP; z*{_Xysw!C7HwZi8P4U*{W$5YCLB11SgvX0dfMs(D*o&J(9hr}vOWu;V)LpT!Umt}( zw7|8#3nX9p5=bjtM6m3)#P_$&;9Ap1d>$Xd5yyRI!i*kgn)gQ)`4DICbCuiMCO4xd=)hbD}F6R z<5w$*NIFjtO67+^^Dp=~rw)@Bc2Yi10-oH6$04r!=yFyXoj6t!b2XVz)y9C*Ww97| zIgK<8-->!ib|9PV2H@Qggr+wqp*2$znzI*RM^h!Kb>KQaTkC|IC=ET{lLr$nt3X}7 z2cnG^W4N3Md0JN%j4#N*R;w!zyZ8=iJ1b2DEWigSW}c@XVWL*jRQAUTl=a zg9pp7T)hp4xBJ4!_v6GfdIk_WvXx{=iA2F2xnyRvJvI-q!T#GU@UB_~S?QI*=dd^a zaAJbNpe2~L>KUwgC_r>+|HQzhVq}!85Z+q+k?>Dnhm$+B;Z=|)oOF(awy8Dv9_ZF@bIzrZH7y#d~c5>IsG%UXK9Ctqd1Q+VcRz29BcF%Q(XSo+@gcx(D5f2f^Ra85_=Q0$b)HeB}^{OB{s3>e&r^`7Hqy z8{+W9)GW|tv%%u&hj4Zw34%4t(Ck$gn1@LtckvoH*WXA?fBJy~8hm6yaTJcek|s{; zZvxJOHj;l_4ZeE}!)5_y?DN_~FzjSSVVB3S&{q=o=yQOQx(Z$qbVuE9^w=vpOPu9> z4Mzgs5Ua>hWDE^P^Uk-J!TuQbe$|GkM|;T4->yM(MT!wlFKe(wSi%%J)K`ZY& z2J>9Ocx!pg2uLQ+a9BYVSwk9L$N>LMab#Vd9^UA_3eH?#a5A_7d*xfex9u4uYkh(D ze9K6-{exKAtV}34Orgp0y+GV?gLor;Vs}vm_L@52 zEQG2>tl*|PLIfR_haDoa8c(219zBx?**p1zM!GtOXR(TQz|wbXq2p?;DY96j5P ziIZb+YGVy)AY_BbJhM>nlqrUq@BMJHuF{!9EF7tr<+Ia zyU2#^Wm#}&SRMt|j#IkkiRmHwL|r}$h;W}GoqhV@xz$NLQGOHSGd~dz?AF7B_ghKq zJOLRU0i@E{0_btvinB|mfMH!25hZvWUQ5ao>^2V|_gxe^ByYkCv*sWiX9er(gvq;S zjF2~M9Cc!a;Gp0N(l0g-)r&vkq4X9MyQYqbIdf3L$qwylnV2guMOZK9g3On`(0Zr> zCj##f_Vmth_qz?w>V#vH?nYupUlWxk3)m zQhW$H%Jqbq&C0X>ro&{B;bd7bKQ&Ji^^ecR|S_2N2s5hCE}9sQWn#J#_1E zhn5XKZ=1!9Z|mShTrJ8C#1kX-)ex^OK)O~h#UlMiG<1rFDc1s6$Eko^yS&JoIeK_y zY$+ygxCz?>R)KzDBn}2d;q5oJIDWJoa&NqXW}hvv+Eo=ZI*SN4e{N`5{}aiseteKw z4JXRCz_A85^v^dz<~ISvmfSL|+8IeicSvE8c?>CWRSN|CCegFF59Lqt!O6|nz{^R2 zWNNtp87zmf(pd}MANRq#`WEnVriDE4qzuDx9obx(1ks#Jaj659Z?A8_$5Cxe+C`5y zP2a-h(i3!HS)>LOklhIoLqx-prU0?+}P!aH5&md5BH(!vIhA0 z&K{SKtpJu`MGR!QORNyQjs6|a3DIliz;SaU+>oorRV!9NaONP)y4vH8j{&&d?-c0N zbHd_vp5#7`n;_KSf&#T~QRJWlxnRr-M4WobsStNm%GwSQU(W(#su_l9r=sP)co^6k z4@{!BK%ctr^)8+UW98$Z);)*yWy)}A)gD6h;Z`(lrrkelW7ygeLR!@TXK!CdhC(6u zbo~H%Ab$?3HB7PlpcvS#ZUn_rFWmfz39|F2ahcmm{8+ReDl#p}NryIgY-SBlE$#5& z=ps@kcpNMV2NX-7gW6-qFov}q7T>r+Y?=LnmuHUQ!SnH0wD<+A+K~lq$xP(?a8axo zKw_JUDIR!iLwe1!0l$j{v7$Z(me(&Pxh1z?@p&I?+SCI=>oUmejT=#YnKc%*GU24} zNmQ+pgx#!0q`{f%z?>;a^t<=LH_rV8uXHmk=wijw<8r`ycsDWi;4!v5*1!Swvp`fm z#Z$TBsH}95;K**p`rEREnf3`RI&lW>u<>HTLm6c0OUEPcCQw^<7_N+-CgfFyL38#U zvEkuGflCfHavk77i7>fc?jhXtVgqi_o%mLF~KkX3)8r~@W7$<=*Q7S zJo0~oeH|gBnagL)a9@UkH{8+u^9NM@h5{$|3x@1u{cC#MUJvASO_TpPR#g&booD8GVlO`PVUi(;!r~Nh5t1E1cSTmoyov zhoSm)AR#S@HxBPZ7SVU8cxx4SWKMyfw>gFyD?nE4OE6tL4m@l6i93hmF)U|*{B;bqOZ-PMt@0p-bc&dUH^ZQ-pqwOx*V2CwaHg9E{?7NsahoIMC=!a`4`Q z!D3-3J9-9Z7ki?M`vI8M%7KbyUAUb71<`Y$A1)?5C*5**;0L8)caO2+UDA=<#-IX0 zt@q%8bpnX`E+Zoz|Acb|FUjZ!TQUCA9f)_>i<<+_5o_NhL&g3Lq!D`%w&WSY+w552 zSiBDS-`Jz^lApvg&d=CZJOC1D1?b^tgI}CSKwsX1)cCmw1@d+gTz=}%c`Os}sS4oU z+f%SND4<so!y+j@LSeftdQ|EXm&_;Nj7ThTi)9vGzL6wd!}Xy5-hQ~fa0d8pE5L@_ zHQ-}sh<;B_W67;*vfV=#9tFOGpQ+LyeeVF)GMl5U=nXRB@=M%41V25j=TY1_ik5aA#jDF=R;Hr*G-Q9PNi# zJ^PFD7wh1-!*SHQSppGJL3qm921g&>#Bpb1jC$9Lr(?fB>B$R(f$SOFo1KM~dc63a z^B!_8egeKHn=z(42_z=+sX53;F1t$vswiSg<2L+0L60+RiI8g6hF9t%$=RV*AeJ(V zxv~#&OzIPyJ#`#;$#H_Ewi1+Vc0=P>22|AW5x%YCuzY7Hxm9Ecbsl(-v23Q;svnK- zo;E|o$}{9~#yL3V%7v@m?gpLCZRBu~5~$}sCZ#<(k;O$94RS`{+;TG%9Snf;Vco=z zDPx!u>%cLcwIFeR2{|C70cw#vVCJ@Ap=CJ=K(S;)E0 zpU~+Q0Vuuz?_Db-j4hLJ-y1{nqjWa5d4hj3>u7dlNyps~{dR1cUS47(S@2K`O=^K}-! zmF6ZZ_$fc>p#ToMgptSGm|VSTF;)-0B_}S`K-bAH&=kQ2R?4rDQ*j!Hj|UJ3mg&N) zI%#rGSv1`1I7OUWVhMGd&XA?~9pGVm4wIBJut{Z#!^z*H2>3=ROX-b;kbiDSYI+ z7uXn?U~Kgc;*04C42nNV*4^v^G3ws$k_!*KZ%)TU8q4uy`+fXoT#eyJn=ppyB9_yB zE3xk`AjcN+sI?3FZXLpP!7f;*b_0f_PhnF6EAVbz2%Fj8l2V^Vp!Jd5 zmx~AAb7RC62S40utOKteElo%gvDb7iR*+nS1LlUq^dfd#=`Q;G3w4-;<)gpq@rFiUy}u6+CeQfqi& z=EF)tCBYQ+1D}G*(=OE6%t@GhQ->E1exgcqGcvEeMC_C|fc#2%jL~8S`?LudXpjYY z-rb}@WhE@3uOZW}dPBsyX~N@x9B%)zh=}Zr!lTz*iNHxCi4%^cpbH(|7%JJ?=xMs9-uymj{h5ps?JoD~eoR*uDJJ-U`iJwJdUVTve)ji?y& znY^;C8@<*~Kt<^c_Up)it??eb^>PQ9Ah`|eMjnIovk5TU)I_d)><^`bmq2w-I#@hO zBWC)JK;X7sc*v;*CvLKkJW(mQf!7JQyx0!KiF>d#atuc9myvC!OL5m0LlA5K2xW7# zAo-CMn_?alp%c8AJ$RJdD_({X50;_O-3usnat>v=k9?I6G&gClB?{b@0ovZ#WcRiZ#~VP{+3c8fq2;caJsZr#yw}hG0;9I6>0o?g10; zRM@I4id?6>AZq6;=o3#M+6Pr(?#(KgV84Y6*!@V33k~>)M-umX*5mHOZwaONO~}y0 zMfNRIL^f9ZuV(eN!!{+PzlADYlJZ3_F3XhO@R1uQ<%3*z?~35#nkxM0l* za_H_397tS_OC(aE-+l+_Gd_#DyDf-49SNv&jU;1QreH`YnY7t#54A#)MDv6k+|GS~ zKX-Y;jg&Re`N0Oq4``FK4)*x2?EsReO7LvCG|IocgEf}Y;O&))naR#Xuw5_uU6~*b z)o{R*{U0Gm1{gi72hs~f(7h#-RH&Z=#kU$@Z38GF`T~vw@ZiYlEkw2GIxLc0NgQu9 zN3pG;kRRxR)iHXc+Qb-6ZgnE{guf%5#ZPkfwke)giiPE_D{-CU5@H=sGN^v^BPGw- zL2Py+;kPCk?lJ`sOjnn{eun`JTkQ|(f{Tcu2iss7T4VZ#C#ZC~6W9yK0qxn*P$mja z$|VwZUvrRWpr4euXNWrtH-YOigQa1R?Vp1$@1Dje zks{1n`~p?(o(HD-O>k5ugxHn71^QY;$-Rrl(SGkjVp2U4cWmM&l8r5~Tw#VB^Bcm} zXd&XT&LKSDY){0#UWV=$E)o4skDy&bl8n+ljgJUDfb{cdvw9fo&nIHqO#t)ITwJh< zi(KR}4eLuT;HjZR@KsbtrFW$`@`;~ZEtiJ8tlx-ig~z~uJO;m94MfXlmZT3!j~0bC zWPptY=6JFJcj6ED(MJyk)^4!7Vi&=>zZcUFsuK-fA?URc$z3aU;dJ2zGT@8?Bxu%P zt4KPgm)2s8N)&$g{soHSFW_DxlHuFFKqhA~vSe36id#E+o(V+f&@S@MSyv1Y>cCLl zCFtS0j4-d*4YwzGkm0i;Zc@HT^xY!i%h3oTWM46!H4G(x8Q+Heg?EVYR#S9R$iRkh zHe3{b8eWHWpk>6$Ud_mS~M)t;M7Or^}+$@^cWz_hy9Ux-$H`UmVooSPN3A(J?y{ZNo+53 z#mbjoNbWaPkia59?7h+peAiBsvI}>k;(i~vuaFI=GMdRfS$yznzbCHs>;t1DU*b-; zHr|eH!+|<|uo8jlA<$#Go|tuIg6b#dh=8bi z%;V7nNp&A|$QQvMF2iu+=Uj!4Imy`MGg_!Jji73bjhc>S|@>Z}OuI*fdf^_CccWxY*N8SQ` zZW6Kl?Ihk5zfOLOuLq5=d!Rmk7-D6#$XQV~Smu5c)YbLTUDJxZZ61qjUt8hH4GWR0 zLh z3-DrM8_REu%h`hUbo?ZYWaA$w(Kd$F5dz7ZJ)qw!bh|%TTXH5HGVRjf(K5* zgqva=uzc-?cphIod+7*hGz&n3ogWc^^r*F<5_~zIVG#Q=xTJp(S}mX9qiqSONa~Rx zh8MxzQ3+iQ)6u1*nJ_rD9u)8ZYOxkW<18Oho)wGzo4LqPwIOKzd5DaT+lvum1yEMf zhYdVupsmRVB=;1Pr)T(JjdC>+b=e-$UN0j{GMbR1R0+ri2{18!4Bslg*{S$qi?Z+{?_ye?zZwlu^fVGT1(k+M&=92zGw-oY&uM~9FoP`3Grwhyakp$aU+B>EaCZ; zpXBn;5_~0bmppKNBX05^Aj+YJyM=D+ZHCl3}*4r9}|Pv9|AfhNY$;ILg1kKalm z{Y9nFZF z`gj|*YzD&1>jo~+?!{O8Cg5b>ZsNx+S=e=Ciu9*ngnN!uWAss5jQ{q5aI4hAu5X$| zYfU!Vl#8Rd(`~e~&?5bY@8J`HVRFSse(d~JP2J1w#OIXfj&v*sk5L=UMZ6` ztUYjpw-XL)Na4Aw%OUIGE?C{|L#8$i!xNuiY+iH%dA6S+>I9{5Xw4=V(Y%k!vhig0 z66)TMSd2B21t{GzN#1;81CMuZgLQf-FciC;c(khwiq9sJ${Hb<{xSgzk{(0!;7jsa z(Md=To+XF*RYAR871pd0f&*UG1Zgpin{zebh5sTf^^+vfC>nPft^mzGI^Z7(AntFt z1Un-?k}psYHY78`B_(ZKS9A;lK3u>RbuGk(JjxSYiAT5arLgl*4URjO0Z|o4ikbNW z)9XHX>^_HXp-ag~6Dd4N@%i049z4#`fB}g);Kj9!xM9GDhrb?$p~4wZcfUtA=J-RG z>vgQxAI6m*d&xJpdr)6}Asl~X4>_wdkTc^D%5g6u>}&30h{_EjGqMhxvu*-$T_573 zyB#n>g%+%5#tJ=WrA+jl(vs0v#ir{abS?GTZD z9QGOiB62lD@!F4)fduYQh0^9lvrQdB@}S@sxT1|*ZByILrnTtZG>8^A{geb7kY zDzL7lLxXjSz+rkDZ#kI23&A~PnnoQe_msf)*Ost1RvbR=odl)0azco4J-E%TfRhQI zAR{0SV|`xZv!O@$p!^JKvyymv>37W8KZZ7{B{+FMitLP*hDk;#@};;QBs;tV?PWng zTCXKW8ntoL8#7{Im>V2*?k97;zl85~QTSrjFsdvFfvd4Q!TyXD=v`P0vxoeMqU}LQ z2)klT*&AfK97G(xW{v^+kSdJ2D1YSC^xBk}Dp1Qwqa_ zcI2uT=kd0{DRf`1j&vIL;gF*tIDT0O7J^^!LxvHt?ZpC&`V@uBXF5T}@+LX?qY<-Q zYe`J^fLBZ;L@)LM`+^AE^fnmpoCwEM{qvyKEkv-s=0?SJ?!*`8d^Cvgz_Yit!1&`m z(xvbWDF0x`;ZqzisTN4K2Q;ISRXfpg;v}9cGQ=&b7Quv94Dlvk2d~_}fW;r_@%j}H zVzBHq_`fK}_Jhi(KB7cgugJp^@kPYjC9}B4cps>54+YD^)O|@<1KO|~k<6<~VT}1Y zD7;FBifgv`aESu66`ck*`6I|sF$>v^Ur{K}f;`_eiG?cCFt^wn9^HOTc$FsNm;JY3 z)AI^6b3F{w0y?0|dmcY9EX1U5UReHS2y7*vL(+v7T(V1$kP%r3Tu~~xB2NQue=z|& zs|`Re%K_`tsQZ_L?c^hMV>B<`L8_gL!Nn6d(9WwGp1WVeCrgUq*w_@|uFeB=BVt6e z!Xa?k=t8g!B*Q|+;}GL~30vqF!14YJEVN%m343IUFivBE^esYunT8Hwh?r_)v#IT4J0M&V&gI~qBd6pH#ZGJxllJwK2^l*`<=M1 zi4*+4J;RRz$pp8C2;S{Yhx3I`preu`L|#kbpv4TKb}Rkx8l1WV8{GQn05QFimsS)V}8Je9!ALU*!D zvjln01`(GEPoZDIMuO$`MM$x5gqw@g@f-&~%sjh?FRyJTO!);N{o+y#{KXEueFmUl zb{05!YKcp)baB0sI4~WJfzV||WZil$Wbj;#%LLD0<0l_dMp6j_a-A`)!xBsl*~r0- zjF5Rcgxsqq4B-l@YI*k0TO>tx}1~-b= zfu0X9!O-&<7bNtgTI8FG!8b8J=e#18dhs%K<`bqUH^sK zQZxwawi<`DMTwG`gk2D{A$U){8!O! z-ATfvsTf$EJRy%(Qs+17h#Bp<;M$f>q~@%H0`bel{r*MBlmfu9`vAPQMPmCU0bm_} zNUHg&;=sp1sNLuek^OhcVpl)h&UFb5vlY?noHsG{R1$A(d4dUa#&{tzfwUUZ2Dd(G z^6^O)5UE>3>PXw*^^ss8kCno%B5opJwE%uwvye1tZ^ebi7sx#;eKGB7GO4=!1NN~f z5HV4X&`@@P@GZ1}2%cy>@_ZF=hv}0=%qq}+EgPm1s_~F;ETNbG3R@XxNO7~(cwM{> zH*H&h$0O@WANy9YKC_!R_&ye@_*W5mdl>O~p)?8^zl0pm+pvhi95g0Y628YRU~O_f zp1F7kXQMWerl%ON`cncKkZg>v94-@An0Z0#ASda15wPrIF+5=^z}ty$U^IL+47Uao zJ9-^K?ivG8?IDGt`g(+SBMY`O^J41hYHTtrAq`F#!IiK9V*ErTibQjO?je1AU}8bs zse1v}b|zr5Mmgk3l@c?JdD!&*FtKmn3RG70AbpZILi+lZxYdA!gKxYEr(-toVZavo z1{c8HiX$X@+eopfL;4x$m3|}Tmd3zDyg2dNUJ8N^ohMgT z=|b|{eq!OdSd41&n{y|`@4SI@J5KcLd;vj)zlgxC z!5Am^7`7D$0L%C(c-8a~gHpbc=TjbGA6F?J+rW=}>t2(baz;?cBZM2RZNcC1Awgfh z3fv9bv8Jv9YvcUDw=Nzc_-%=b$^bZ+{)6~pb_|v^uYgy%`|-z?cSMZP03Le@Wa`Z| z*!qJTJWCeh?h|9Ut8W}<5;URpNCspv7a~vU5@^?bL)f_O!HKnnC?_q4DtV3gbLSg8 zn>`AtWf$=_=|tMDWrG-<0X%$K8riou!_Bv~_@nME(WRb-a+e;E;)B$2+&Bq)qEA8Q zCMg&^y#wT|9ZZ00RV=Xf zRS~qZ-NrECL6j-#0^5yOaeA=`ls4WW7H|XNj`QS6(J0gpckWRGh3Km6izMA(jrd+pUK@16>j# zlc0F*H_~#h3pacH0@q+UtQA>|>p!l<^<&G3qyQbU)THJOhyyNut?00?kg{Bm3iz z;lrtEQ1RW1bB>K986XHJz3EY5`8$YQvKr)jZJ^-nPFVOR9mqS%+(f}}1B=?<<#mDO1#JBY_u;Jwwj0>*B4;$x@*DeWc=DLVo z-V(SVUkl|6Uc#{lKZ*W+I|yT~CvR3%VO;?SnfxgibcIZC?U5)vTiHkOwQh%&k{}!s zQ^0bcjbzeYE|gOILe_nL0+mAwkhks%mT^2Jo#?GFW>}Eiz`F>!t8Rebq$sGhB;r-p zC0KI3k4WQX1XjH&V$-u8*m8CQ`Sh{^c0FH0#6_pTFW+o3u6Gp1mK_4O`=vPGDM4!I ze8Is7eQ5B0DO4T`Awpg`fSB|%qA^zx&FJ@|Y*GwZmmqG`s{v9|lb8s)33ckHh+}Ux z!BMq_zos$L|ECL^J*pOrpIU1Nz0c{Tqx~{XJl1Tq<0eAG=<2#R%X;vizMPJ zT5+?mC#XN%jj#95LgGja+|St#J`-bLafJ>XZ`s1|NoyiR;w3O%J`c;zGh@?HR#+Fg z0z2xWA(CkWb{lOXO?aolEdP2JNSht>Cl1v@eH{{w>W;lIK3=e3Efa}Jyq{pwb zc)2SUq&{Y$_OHum>BEZ2Y3-OYDujif>hT#A;-%{`(DT$8SOj>MFxiDkUshr7sRXunYV1X;eG=Sp1uNw zFFznYIt*pKd3ad06<;WdqN6es>fPobPxz{1+I=Zy+8;NU)E&i)-J__YGl~vWW2IWI z;V7;*9>r3lQ5>h*PulN5EJx9qYCKd^q8gaX{`PrVNM$R@~4))sajvjEx zA>g;AgS(H5Pk_m9@4bCJJq>(qe|xWDq$k0zudTkFU&xyU^t6qP`PEDe_iFqeYq~hN z+VdL+csl$Z8+f_6Icx`&?fm@wp!(bYzV3D&Zk}Ea-rf%O;2dD<z=byIJR931So(~e(EV+ymEO=AV(Z_8KI@}JF9XpGSB z^EAIqn_vF37t@~uPft$>4-bdUn>WMf&!3^Nun^X-Uk?=(74Y%nN9gbGhZ84GfT^h| z$jHdRr%#`Nm6a84-@XkhDk>l#AOK@yV{quuAxKC_01XWd;N|6o%*;$!yLK&n`SJzW z*w{c{Umx`J^kDVs)!^XZ0P*qhP*zq3k&%(`@Zm$q&(DW*=gz^gW5-}*WCZy5_~7;H z*Py7V2wS#nf%os(V|7LV#Nx$apMN`^z?w7oE*G(@d8>}T43kS zop9j50obu)2eh@d0YMP3fB$}HZEb};d-lNIy?epc)fIGgb>Z~s)3A8)Vz_ka5;!_K z!tCrU)Ya8NK|ukCii(1dj}I(avII75+61%<`t|EqxO3+YL_|cu#fulAtE&ribade5 z%a>4DSqak8(hwXR41Ruoz{to5Zfle7VxPXCy0p#T5Ktn?Vq@|@nP*4!0r>DcolPAH})|L{XBrrBM26J>=;-L+)vH&qYu7G_jitaSB?aEz-r(fq z1XEK}Fg`vGSFT)vkdP2~{P;2S_V$9Ip&?wpd>P)odk4b8!cbFF1KYN3gX-#Pke8Q- zu&^+=aNz=YczD3>-MfK{iwnxj%fZgh4#dR7V0d^K0s;acD=Q1moH+wmuU-XrcXuc) zErqjZ&%%Zc8(?yB5`O;t2}MOkATBNrb8~ZW@7_Jww{IUDIdTM&lapb=f(3B!;6WH1 z90W~GO*nk`FccRTLvwR82nh*6Zf-89s;WYCbTnjSWI#+z49v{TfR~pSEL^w{9zA*l zCMG8E4+LDl9*$sNAT6%BG6x4OK`C zR1qzu3TQi3Je^eGa8gAhNfk^ARV+qSp?s%`gro|jo+^$isxXdHMIlHP#1K^s)>I+5 zP(_eK6+jx5{OMHU+fqqyOeOppD%rcKM7O7soP$bmT54aT65E$b>Qhug4^YX>OeOLM zDv6`01U^nB?<*>CW2vO|rV@6FO4ch>qCTdQ)R0QhcT{rLP>EShC1n_ukRDVra#4wB zM@dXO0;`ak{zKEYyp*AgH&Q2rjn|eN~l~anWCvg zilLIoi%OtJRPy|w5+{#JnypmAY^0J!fl8EbRFWuD3DQI*M+ub}YE)8iQwed4N(O%_ z5kjdX2&drxnF9ZM3i=-@;GdviFGGQzm4dtq1^6)v?gQGisZ;CPn;<9!N>aTE}lC>Y+PK=_M-paBKI z1`2*b6!=b3&`Y9#XHLN`kpdl3kZYs>_mqO076rCx3Thn`(C8_cwNoHdq9Asj0+Sz*3lUAB-py8e-Sv1tra7U8> znv7AX`Ax!TGDnkX8WL%^qDe0el{9ImNj?pKG+Cs{J`MFWJ3x~x8XjrbreT>T*)%Dn zNi9vnX_807C{3Pdn5AKxhF+Qk((DXPR%p1UA&`b%8d_;`L6dx%6w_=3&DzjppC(;2 zS*J-c%`(trlO~}w%Road&1%r3gC=7%d7{Y>4gWN$q}e1IqG|FVGgJykbwvHxcH0h>EK236Hl25a8G&!Ql22CPq zl1`I4nq{EL9!+*=7KkP(H2J5=EY0H4ED_Bv&|WmjrdcnV9i-Vrn(d*<4^0|rvQD!l zG%H23M>LtDNh{6T(Ci;g0%?|rCgn6+K(mfCJ4Uk&G#f~>ku+(gNjlB)&@2GW2GS&u zCigT;Mzdiw%R`fIn!M617|nXnY#hy2(QE+CBG7CO%^uKf2Te9Da{+Zard0Z*QPUkqmCQ7CY4200 zsHMs)gF5{)RC+a1=@3gD(iC-R7gC3pMd4vRRhnn1X}e1ux;Ax5I;nJ1qb`F5Rq}7C z!+cJay&^R&lhh%eqfq2TA%Ty=&2s9Jx>MznPo< zrN0A}cAuycyGG&aHiev2sti9HTZrF4Tzp=Z=oMN$~i zrOH`~DyKOr?Hnl_no;R;fx^{xs??b&v?Nkx#6eB}5egmeD72|kxTvF2eT+&eVX7QI zQpm8OP_lwbAtfqJ9ZxA+Uo=jb;iH$rMh8D14o!kVHqN)d+nI^ z!axCq3J)rEW2lmjrqY6qN=aU-q@yS#>roh9M5R+Um1?Y1dInIb#7UJw2!)DuRA~%S zDYK8lQxAolcIwjZph~ocDz_z6Sus#}@u5=4m_o-Es{Dc}9NweQBSMwG356_YDuoOv zyp~fb)X{1#Is`-Mt%4N6MFsPy)x%Eyf=fd~p!SE)1{rOIL#h3+Z}hhh{~o=_=C zP~|>ANrMoDEiDSe7b)yNq7Yt4Nkt%qt)CPMUQ@_@Oi4}`B^!q+glwSD@`@@GR|;EP z6fW&4gj}W&ZAZz+6$*D1loaizQ1pPpRVIb1la$n0QMkB6p??{L$q7nQN+}F9QBtN! zm2W+TlWkO)TT&?7NulUGg~b^P>A$EFGN&+~MB#^|q+vfLBY6}S6)5cJP?({oBt(Y7 z#5jdr0SajkDTzElN#;SSeB&wEY@v|0mO{2Vh2cFEeyS-91yNX+qssI+g`D?P`R7n_ zcZ@1we@brlQnJiQVPYkPxa$-~xhc7mrlepEC8w(>nfyVa$&kV?KZS{pFhtMnIGS1ne=}=AEUjb=KHyOet*72H{ZWx(eJU?XQ{tDKU19FUUz=U zFy9{=_WO1w^ZktT{g(5w!~Al=eE*^O*mr)paK1liK0Y_U#DDR;$;e2DU(MCU!QJP# zw?+t>i>W8ik0~N_%h~~f6Qm$d|WlZ{9`^F=i@$!zdnx~pN|wN0X$EK2holmRz*lm9K$FsMi^KrD~e?HIZE>12!Hm<+TiH(o1 zmjl@U-t&(RJr8$&LkCY^dlwrY7Y|A&J>35s?sf>^*KoIU@pN|Za-&_ZLkSF_f9)Qo!^#! z?3G{N-8BFl=A+*Nb%#H%vUm8?s(O`Tmlyzt&UD ze7tjh`#-M#`}zL;^ZkEZ|H1iwhxz_Lu0J{7e{{b8kL!GI{y0y~_cPD;vxon_y})k6Z|e>8b+py?S?Q`67-;M5{KxkOTcrP5zyGoSKe#OY z*LwZq)iB>5I=}qu{(n~)+ME{rn|b+TKQ7+hz7AgM9u%S64Ln?3>;k~s_cu)ar4Kyj zcNS_R`9GTP|Ihd(|9sxP<~xr(lKNj62g?5WIA`JiW}Mseoqx}l|LM#6UyS4ax6X?B z?HcBn-Sf-P^8Z@CSNx0Zy#MI5{ogqs{>T4(9HEWgc3!R~Uas5u=ilr3y8Xv{W7_vn zzXjUA?N`Ed#!{@3!ydVW8l zPyTznnfo{A6Z_DNXW1p3Yk;+bue{4(B9sYlFe1Gh3 z-yio43fum7IP&cG^HQ$)>-qitd^qOEE0|xZX&4%7Yig^h7;F3{rP>-se>tD8|K@x+ z{>|}=DgAZ+82{!Mw#~2Kvg6NsuC1r3|NHts{DQT@f9@C3{>5>q{%w5P4*%@A`2QGJ z>CfZuF;UU^{TTijzx&^e|Hpp*ehdqg=g&{^uj~Ife~$U}M~dg~?~F7I_4JLk)inNg z{yYB7`S1AW=g+0|*Znj6ZT#i)Z`Pdc1$QuE+JhPOs-(3WL=;+r13n{JO;? zBUrcty-gT(^2h!dtp5PIYnupzPW|o_89L^}uyS#=OWtT^@3%c`$hkwPF>B7NWr>1X>%CQfDBdFW&JV-Zyyy5O6`W#~*jFll#U`{Y00}cD;>Y7x^X-G8(qn>T0+h?>+#7 zP9_wc@paOTw&Hiajmzxz?>^S&s_`Ov=SQ0f^0cHf0zm`cE75^-hy7h6P9mHj_$40f)U26!3)6f`lJ zPql;LRM?J0Mj|i*cSzqzHqz7(T0kIxH6)D%p(lTA!?k!Di=L`*g@G)ig`O_5L*QAs zvA$_KJ=mU8D@d3&74~Wluy5Lf?F~HJifJ{CRDC_tEAfBt8lUf?o7q_BAR-86E05aV zIBqR8lcvMT>~KR}cJJ$?L^+_$?c0t?dfRo+ZDJ|0E??=f5HcC@u`}(O%G=&Lr^-I+B5}M)1-s%>1KF$8rbE{839qT=x#^UXfQY8U!-Aybcy~*7z;V-KrU?_IFGw-z z*Nyicfq^tcGL9eEzi6HZjBv?#9Znt^xKae9|a&SfA)4mZA@OWk;iVDGWkc7yANN>Gs;5F@W}mT>2`jNn>)Fw_)$ca^)n_M%pnk=AMY+b+BXb%0$twz; zuZfdelZ^OLBdQJ2H=X&@A1{8tvi*FWB}UKIT=(qN@|py5S4sk0|3iILQdE7^+_4Lk zZH*uvmzCdfJ3Wj3)bPOlO>zB&N5fZL6KOZQZ#7jQUX$q`)Wl7-dCtyTP=|1iTfZV~ z-M0j{PG|*j^5v?S5c0K#vlLuk;qNCEkeeAzuQal}JI!wEE2SnuAI*o(Hyn{cOtx#& z31D8t*AGJ>gK7%Mw|ljLMSA;5KVQ-B+ZWo1On8aXn1IQFor!?L0}Gb?oKS zR)%8U%L9Gpm1^tg>c4xaL{e<<@psB!Ma}TUM;*eQVsBS+O;#Kle>U1X!;D3QvAsgb zqjujV7KACaZqriiV-3aKf4PI7LvzoF4xKf#PZ$W&kPZ>?N%v#~5hpz=YU9dgZffij zB03`A&#XH_POgKmfKz?%q<*BfiL15@*pv<$M3XoN5f2}%{K4M$d=*SN_esqcr68lJ(-3 zQeQ5WAl2#E)#a`Do?C}vwUi^9RfqRka^}-*q2zn$v>uayaIP z-_Yb9C0w%|!6?XWtwcU$^!=6y^YqW&=RK72JlGPo-2Tx~EqU1THfQEWdQ_4pyFm$_>9UVb0=U*q2Z!r!UOXB$lHC4Q7wW0WdFo}APE7C}obo3TujGL?}g|I4+9 z4;xm)srZ@SZj#05ABnYBjwraIaK=0#+ zE(a9|aHv-4BnmYeB@aseV`z1^#?nkX6#N10?DTr0(iE$NoD=EJa)DN-k~UU$&6l*^ zDOxu6{ilKcx;rz>5=xnQ^^d>J#~aU=fj_Jq+`nZ9^{sxHT`cDjk{xO<^{Q+!dt0a1 zTx^;Tk3Grybbyyta+cHQwCm1)Gz#NN4IcK<&_D)_9-P2{cq8v;XO9wPRb5Yk_S0IJ zTRD$9I#|qT;fkdUw0WzuXLKbK1V=52hy@(OQ!0LQ&<~NG6P^@3!=!iw&!GAK>0gZ?hAi&IBP2kTB?m4bq*xtt zi^Z*-5sJQdC?KYL;_!pkLgA_Buu!X=sk^Rf1Z23NvL%OEm#i+_$*(dza1;;m{z&D$md8SU%Q5f z*!Xm_EM8is)3k}>H~Tw4qe5D#RQ?R0pRZCA4wD*MrjY6-ML93z405W4xW!>I=pcP% z3%}N%?u+x#?Uz*(`@LTtByOhKM)jS4rxRFk``VGf0Q-q1z(aS|*I;JSjR&YbqXU6&MF3t1Q7^~JAUoP+SKwCMn0|shUZ^eXiRSy56@}v%Q(QmmmFC|&9JL`rzb1iVR!H2g)Bgm&bN8@vN!`~3l z`B6wg7Aw7p;p2-$AC6GUODpC9QAd zX+57sZFtn+^$6Tp6IiR`6&KcXh&@&+BZIEg_NWS)ZwxI zSnh8Zg15I->NqgFn%EY5)5m=pNsw=1tvuDQV;YX<@F`w7zS;wvROMKkBIcl>#v492RTCk zg(TTcwwh?ba-vzJNT)cZFX~;&yoXh6H!UDKB4ih5Nm>@Za+P8gWF*t6o{25)oBD94BLzY;?AP>X%17+vimtLWm*J z)DxlZ$-%b-%S%MV7v4UqfRV8p1*{=KBFOdU6u&|?*A)dNk=&(>(7(t3$>7dk?I~TG zadp2a&e(tfD{n)NcDF#W?F?VK+#^Wl&eSy%|Knl1qr+#f`5}?E_7}TjGj4n#>dKb? z8Ogdzy6KMU*%P(gi23-Z=luC1+Mf~WMlYT276Y7mWc&<<$m20uB)>^i)Vs%0g#V1< z4Jc>>O{w|r&t{`l3u;=FfSo~W&0Brig9;UQ*+tx|o^9Ui&rOIj-wN_8fQaBWjMt@p za942ZkrrdP)jPvXk^NA!d_`jjy7p!9?vTgpI}BNGSVP~@vziq$CeiSxLlPD6N9)

d3uBqNrH}jp(>+-Q2^#R%dyhblt(aI;|GtHCt z?bJ#{O6zD%J1CYIJHynY5sI1td<|6jayzcsiq2upqhEi7r3O@ZGHgdRAF#aSx+_E> zcVGTdb1FJ$E))Su0m+Aw6q&aMX{5riB1-0%5Dl*r{PR~~eu&NkjLxS$qHtPrgVTcM z>6m%<7rzC}_}k{ySBYW<0{BsYUX#=12DX~D%7(8ICgi!)eRtMETBVYF+^S@dx^?(V zl0$7rKh4u0AYP4=Yh$c->$Mw?4aUcFwFUcR{%hflA+3qyNOk#d%a>WyUO^;KyFA_{ zqXV^ZrDKRR{a^q0A4%x=t<{NIYd^S7ynouoMFkx7@lyDbUR5WkFms{h10*-_1){6) z=M4vLYq(k7x{6SB?c^@7VJm0$n`fl~C+Bu7^x?}Cbj*#o1?3z23F5>1 z3V5yX3?XV(xwJaJ`N8D)AA-l*#DQR3Sn_;?+x*4k+ld=C5Va5FH_yC(nlH>jwzKm~ z>4&R^HlrH>6VtRcnb4_Ux9op9g{3MgVfx`QDr;w`Owx9M^DEs4MgwI5;mqjK?@%XR z{f^f7$N&%`w7-Z4h*spQhb9{aGw{-Wovhzsejjr;*U^a0s5`LzO9sY~S*uqX@)yet zY;h0kLReWM8D^qs$9x-BmROL_8RHIlvR;Ui-+-HFzO86Qb^L`l#!PVYU$zUgyHEfR(U>OAF^_ipYB27V06hcy z(2lzcvL~dgIi@OBQr=-Qa72V(sap=zX9z|mBmn%N^ zSBeidX!eRU){R{_e|BVrbZ5CoBT8#%4<@6ynL&#YCTS`_^Y@|Ze&a#!64 zE5KC3O&+vVJU&H?A2yt!_xso2X}ti&&pM$k-eYlw!;6|8V1=1S;wPPud7t^-$R}t&z?ml zOZA46r@424q z7P^Mj5L9_1FjLEMZVFB6`vW8?Uzd58Y7C-H=YLZVESBtkWU)+*J9r_;=QV~Tl{WeL z)nK!&`@g?f+@*JkdcH=c`ilp5mCz?L?%ym}*~f|P6(yETxS0TJ&5vu^HHV@C#*jEs zFgVD`cERN2^Wbbzf&B%^(Rq}8hi-!%4$unQD8(mnn9DxTvnf1lN4sqZSNxaK4$0)! zTwZAnx}zA6FX`gq5uhF9)jGq$hnA2`SryA9d0YOck7m;LvFbO&AFf88-^SFAiWbf8 zZP{;*pbI+nMM*ARa=r<3n}s{GwQN7ftuwx>X(wrLP4a%J18*ZE(=Url7{7bu`@cW; z3pPs{{D2fqL}Yg2#C68P=Zo4;#g0WpmXkTZRYrziQqo=CCs z$8=ii-&(j?hbT7G({9(5Rr3t~MbzYSzt?*TJDT_ewg@yqytlXMeK7?X(l_y;Bi zGxZ``q7SnE1UE||E5cF(Y$mfQ(I%CLb=4YT5Kk5M@}3LjF00a^b}%3|7S!1}={Wvt z%Ns)KBddw5E;hp|xauI}>(z&YyQ6->ebYIFe5L&O)>f~e!2r8AuYZ~BMSUI~`M2FN zFwCmPq!WgX+9QY|N8VuRfr3?6j3WM_z% ziI~ZaNYAHudyx=4*(S?3M2-($H&zf}Q&(vr;~W4YNSM1YmfF^S(TkTHHcXU5G} z+bqUVuuA->MJoJofyneRY1TWkFmFw0p2Y zF0&c8d|cI)B0*zMANe zpswxz{!w=sdLTCW@Ax#bai;Tk-A{rh?- z>_*wc$lS+CR&&?;nA0xyTFGy4?4Z@7l8&F8_fE%X$sP;0(5)){Hsn*dI+C}ttK!S0 z=IhZJ@w}gi6DjuIUncgNK6tkDwN(hvmdoy?brCa|xRAVhldI49&nJDA;K=k(lPs&g z%b)hH+dY4-t!W#&X-V|2Z;RO7obT^vnYW@Z^xZ86jN|7Y()w08kyGN( zVJ_1I6q@h_0WXTj=i(cJ(<12mi#<+fYuIgOMwVw^{&m^6su4lIWHMmgMLMFrO3cC%b4M;JC$F>pg~RG>tYDC&o~^dT}YKSRjGp3o$Rw-^CI(sYmNQ43#=Qg4A=L1run}oY(K-q2&EA@L)sSi za|iYG4Z(|*SNgM+?cZ-2JX}rNf^p)c~cpmL7NE#I>8KLvJ%l|n$)%=*b)4p<1SU|EMg8ma#c>t)AmWgnnu!GiIsF} zRF}eV`$u!nZCibzFN&#ON}Fl+bKqExAdnT2GA~3Nw_0P2ESbh<=+R=UPwOocnUDBg zombXp+V_4ANMb7^K>}7HvWpL@xp`@)TzG6AZ+dkOZx7D>a8lDV7(6 zLbeF~mx)PyW5~)aPE$9izl&JoajN$Vz**u21$Ex48+gY^mSm=E(~_>M$^Cv)WKmH@ zhLfd;XFIYt;i@V&tGevb8s&zF$hDBb=YKn+stAuYMz~YtL%>c{w|OgviW;m}YA;wd zkBe00SG`*c$Gp0OWvWRY0;%&x#=LKp!>?$2l&y=lRL@Czt4%<$_6ut3(=-eIk%_dQ z`)@0%Q+tlWbj4)P2ON~-@dwLjq3(U^RtU?vwz(|-TOxV$g3H(rGk5$kT&t+VD3s~1 z$;a9N0kzxX#(ydEI-*SQ3DtcMbesQ9`)6319tmbWaFTe`bk|N!RP~YbfM$t!L$uCX zAbvgnASzA8W-uZ32$0#N)kqJxJr2CNY_cG&KgPQqW3?54Vt$-QH_te8h={d>E77ud ztloS_u4E64(#gqOvx_2DZD_`EAz%NxAXY~`=4h;!!$?Is=rgap3xhzk>yVhX;l7{I zT7gda9Wyf6w`!1ynExO9y6jL`201;r)&RuAdOo{3{xUtt^$jyJ@aa$Sbc_Jvs^vZ9 z^BcK#c1FRJgml&SkoCfq;%;zIU~n=NF*UfO9A3Fc=W5BzPMQ=#4FNMptn<8_1@4^{zSv{ zF;)3qXu5rf*NNYSLpqQ zdm2s7omAGcx`mOFl!?4Gpz6LzCBnH#{e5FV)LtQ9ZxWV#Afam&cO;<*o3*WUwc~zl?7gdZ^5LiD zifywahu3d#dpmD}W?*32P?HwP`eZg|TyEMogMaU`lY_Jq)P?rYJ8xz;Nc zxG^an2Tfar&de0c2l za?a|n7EF-x-FwmDZ|2kwy6VGjtCGh}T`IO$>O6xM8;6hgMk5~EiqRpD*qz9=Q|?ytw?U`&yh?>zvTHzifTkt6Mt=c7hAiK zGV&gr27UmWeZ-PpO9ecc{WgOiDOD%TBU_EjsynRH{iR%E7rRW|>v>*;m#JAOq+KYx z=Y#qR`F#1@3xK3#a5%C<)R`-%n&t5(&woFZ*7ERa*bBu74WAv|o#+w-f5hlMS|rav z;~F5+uOr%fh)2%7i@0}bQt_W}^InQ2mpcWJEyQGFtIuV5vW@SH+VLa*cGsYH(VsFj zVqUH94AL&67*mQ79NT#F4arFTUyGfV zI1)1?rn-=ckI1|EyC65P1L$RY`{rNBc-z_>f5}L(tM=--#(EKQ)B(#FzYy!v6y(;p zC>?4h5Hb36_2uM%C!q%Jg6?t=>+ar~?w#i_j0XpUI0 zdIFmwDF=-$jb!CrDaz=GjGgFDn81J3)hN8m|GJ^{h4GVP@8DcV%J<91%lAq^8DUG- zO`zW#7w`UWC%i~5^CU)=ak_$?-(wgy?WNYioinf2X=fpx7!>Ey>fJu_Zr$1c5$-`H z&2jZ22;wx7Ir6r!(>u*?Igl%GMh&5QvYS-1!n^<*di?aAj8(+;OZK2W8Shntz|Ptb z2SO*O%c4{UWIKZO>pG(g5Ui)jm!G4kx{Ou6$Va@kf_G!$XLmF7sgep&gf{Q>Vur79)*YJ4BrQ6FQ<(z ziz4fP?NzT`rSv8J#{!nRc+FMGlT>%361~nR$Nh`pspl#lvXZAl1uwnq=z1JXc#?t; zDqw}6Yn47(+%eFx*Bt(9dA`}^B+$ItmRD(H(|f4e_3Zfc!bgL1mOfiaYUKC7Yq{g2 zUr5=%k_zkNxjWE%^vUhsq>Tf=*tO?{#U(3$lVc6u_ZeUY0;6GQw-u?H?f9IE8oo{wh&e1z!E7-EOWoM1rgfSV_^EA3>ae4-B?7+ZF-O=LOHu4@`N7o3b2gO(qKh}22GPD`*e=scs{*qiXKdfc#Ms39Y zU5y%$LT}GGUR+3_{*HX-GOuWj>M(rAq&qosxygB{wcN`DaAN819e?TF$UlYQCeQ z(0be<^@9oDlZiUL_{eO zh#{LhGoAO}7LY|$5K?!WAg?X|jZd0~<2FNj3xNiowSpoZtH^eS?8Li2edZ*tJ+3UF zp8xYjq*i|(uD}E0+Y&jRC$)X3;)fYO1#fTuo|*qKM*yNoEdlwt((aaXJF4ULpiFcG zCDO&Q&y;J}LEz$QNX^%bUXxj)ogx}<>CeI_CZ5^5`23(%WEetjgYEHZQs;oX-fO~jloL6b3rq$e!lARJ+)2;@G7Wg?C-OJWiF7zg{CloUW z5-o2C9*?Jb8ye1G0knV&TykBTNSd$yl|r9IKj2k;Uv)%&JRbIfNOm)1pm=L6uVqfO2MMW9WIWW!Qt`jNI! zuy+#2ut{Z&yNOBhv-9s~H~f2jj^YnIY^*l|<&<6KFos`N(lnmju7|%?Peb3b&lLCG>jMyHoXH6}}#Jg=NwK&yQ>J*A~u7tT)>I zlc1{)vu=eqpa4kO#o)O+Sh4Nk=flPuidDKbGp{dq8lCKQGf$E?{~aYA|) zuFMyP@gA5;4RQT59j66Ct@D4@u zOv3s_bRz1*LW*3!*tI#8t?jq@&Z$e7%)3HUB{6-r=lVp@MXw9p@H6@ z^N%Y^z`OQVp*2pyGHu|wiGcofw}NNtq7xcTUJ8_kSY%c%m*5Ib^+u2=Us$zuKlo-} zQp}6JmPgX8VS8NbPHz(*dnD?OeOlWm!Gud>NOY9FQX2FAyEw1O*IeVTypTBiUJFus zuT=k(vQ2pN52Q9GX8J|4-rU>5z4GCcA3_+srRS60@kQYRj{-RXQtLiY93Pp~o0W-& zA)deG5=x!Sa@RVjeVhdo6TK!};AkeBw-Z7RVj!{Z8duh|fPOFm0dN=(bF~H2{uhi+ ztI9O})WN%`0WBKc%VZ>WO%r=2?PU22F8kAFedq_Yn9E|RH4+1+XOq9^o6IeSNw?J6 z4~d!Fm%O8nDJ&Xx^_g+p`I9?YmuE=(DUnk=#tAbNu_19+vZP`v@GGk)nU6jxVpV=T zD1I6O?KqW~FHD6!yMeMx%MO!*k2Loy{;S5wE^A&7D~Q4O%x(c1b05jLSfiP< znzi!d$8GjH)4{*vFD#aqevyv&Ld2d$<%dH3e{*wq`+ij7{`QZCLYD-9BUkQg%8|X$ za2}=6%@zg!8b8xPT22knSgq>!fDh50J28x$k_6p659(L-){=d9C#_~ROyBMJuWFsi z+N^oC-KfR`gI!pU@#|RZ{Exl&e{F}>+g)%}PeHAdEMq=!Pwzb}?fZ%9fsL#YF7te! zk%Wz~TScx*2$XT#-)LtQ-2F8t$Nhh`zS0VgNnn|)R}RqYmOj) zs&l5Iu{ojaG1G;$ZidKFr}(*nD-#rrulzIcAf#R3u+Ed*$?W;f-^Tq z@aB?-ZD#lRC-NpI(?VQuga;Vp*sSk}r8r(93k)Z{U-H<_4${}K+nw%`ajb}jbbT&b zRFN`}@!+<+Vo}lbE|BMKQc@TnK(+Z^POPuSunOo(Y#$jM4ggI5U=JfWV8N?VjIH<}&Gpg={#`PQTxb#^N+S0CZ(Oqiz`! zsp=q(m!4cR8!xF!4qWqRa*|T4M;^b~tCb+bz$ClbSn>Nzct1pjBzE>am_1`UxwJqvBSpQ}a0*a9Q zqz_&`QMiCB3jai#qcnF3dGlE4*!agTkV4@bOi7ijz0{N2uxJWz{!pQ#otSC8>+0H_ zd>=c7uFap*{i{`&&zQ3Z7HSpNp2U28)qK8E*8D5;t&jR$S(jIXImT--Ag^l=ux&L~ zu7uLQNR^qLX5qXCEpLE_o;mI0-ru76!HJdQ2C{XnmhWhfOOAYM-W;tf$i?wzgKH32#&tpD2$q*VFOS-d58Vp>{R|aQs@PN~|uxg$@#*_M< z-PalGpK!IjFwTNE1%ttpnBxI0WHMo2cJ)w_HMFxnoVXw++?*k+`NwW)J7UGFrHjBb z{;hu~nm==vmJU_?hCA}z`91_>$T4$jwZ)EUWK5-*v&79^@;s~;a(n#0JVg{pY@ZeE<>!n+Pwf*I?qfvREIE}rT*cql*Bx$1rKWRt@ zPy|mVB240iK^>fV9BQ_zzV6NSS?DW=({3|LRT1^ypcbpfgW1m#o! zw~dpIXKAeiS zxmjYJ>wW;icJzR(4$}fEJW!Vnp_aYH+Fjm$|KovK^{+nN62qBX8)q;Pu!&r6iXKxK zyPE&<-BYs{n26vGixBHjGMtFko>|O{D4Ifsrz73I1nXE03%LRdXKAK)T$DSvUU_%Z z35|)iBmQ+;w=z+E1u8AcF`-&j+Dk<)(Za?8roAOQBm2is=Bzo2hQ%XP$C)tNK!-)o z`{&Yd4ez>>jjZUXD!Uw&d>mkh;)2fL_26kbW)^Lj^;4&jK@Zeg-fS>7xlL*ftC1zx z_4L%7{0I!-?I4=-pt|MpaLwX`(!mT}&6bwDn3Hl+&VX-2`^`O-LgqhT5t|p_+0i@t zi^tWS6R5KAwt$1oX)7^WjOX*k(;hxv9lIkH$a}c;9JOuWUP2$5Ib196npik}|K-`O@TE+I^Q2_8k(-aMj5br}PRx?h@wZXWMMtyW+7ZGs4ku!6iB zVtTHd+$F)Sz=|FwW7t|aK(*kZ5+HM?pv&lTvPa@537Zh{MRBQ;-e4q~}@nKMuO$<~S>f;)L2y4rzsK4aB zEmT!s7KnQ8XlbR}k|d`b-ra??99oFqV7M+Vj3;{oglYZodV+n6hD#8{p-})mgGJqR zfAe)Qyg%_D{-BS(GDJGRif<0IGJ~8Am-wmse_y3Wm(=8_+{UAEE6yqYE2Ap(%d&9U8;WZbhKLtW zt#9*FRxONp$g`P_nw#goboRm;SIfzb`4uv$?tWwbw=vhN)3Fqspu}7AmHM4t?+=b8Fx>9}G zk3{MGHh{gpLcys!>DL-#>U;k0r}{FKsADYOmFOe7$9=x1ET`?DHh|rU+BrxZg9t+@ zufW^u))$zcukH}%LjpR~e6_2R4%KkJq49L>88kdT@rAI{I4pQB&rvj=b8%sEYx?fk zPiSB*8a2>+cu4|NE0r>C2u8hIBSNn@3kAYjiHlj~JJd5*Bt0d+wRilQc8_%)LEu_P zXXWMRH&V%kT#g`%2-kMXC-yR@SH`f2X4^OHMsNSep-J|oT1>^-J3=GyB%nOYI&5@v zrqB3F0U5!Q<$&Fp-E~;CP&sYF$#~enE=P8@cpNfw-ZIjAbBr%ZW4DH;I=cH|3T>O< z)UQqCKdK{pAGt~x@EW)=kQ}RUVbQ)S0y;kIl^(CD zcCyjo;kWCz&2-)&X*>O!mgz=EPKog8wq zgm=2q4Wq<$sLnsLxF|VYY0VPQoKWuv-ew;5?_!p7u6Q=!h}7oqv7oN~+IzwL6kGf0 z+GiubODCP5D}|_RuTP;Ov#oRhfCH0`Fk-y4y2FXwU)c{nsWxKv>kGvTAEl;?qi zf?By9>>ZLsM|45rY%yz!ZPW~wVeru_`x)QFW^2B6XpMXjBs38WnY9I zR8H)+wss+0hFfuEFAMLic6Ae-h6_*&;ftL;-BOl8YVX|D-uxXe0-tF4{Lgc>)pwVo z7L07DHOzWzu)WCIY6?9l+DenOzK|vhlzKasFAKJ5a<%^fMyn=|6>uT3hz{H6ddGOr ziySg9k-Evs_ns%Z(-o9kbX*U%TqHO|wBTz!vAt+cA)5dO5slE*3bWWvsjvSy@atoK zyccd;etN|7Z$e+99LIMp-7i-xy|I<%id9+=XKW3Ky`P(tg<{v<^0%legAE-sM>U!h0kWR|$mZP5!{_AkSKedzFndos&j zTFiiutNn7a87T_n)y>KE?Lg8-?qZW0ccf8{1z)YD_rgeb^iagO`&oNn`~L4nkGXMm zPGP$OCFkLqsbNEO4;a0e!7slOR3>9PXxP#;EUe{e)5Qfqi3J}W#3P*EHJNny6jI8+ zi6JatHqFD;c5TOR1BuFhTvw`afrQcT{-+*9%E%6VPerk#Gy;9f=j&X?i1C1kLpbMgF!`=g&)>+;G;N7%JNiGn;)tj zEzAliT|RkF7;OQR8ovL#PMS0F4Wri@NWF6C8Ptha%Xh_wPRN6B^W=a2*)u<)j>SsA zK$P|sDghZOVH6j}TKY}1h~`9GlC>EA*;KUpThSI?Y9HXM>QnUQ_it`YOW+pL8;AKo zr-X6XqE6O9$-?H3bH4df3znADG#eT<@rx)NWQIl_%Q@J_&J!og1}|WmQ~_N$_D**g zy{k4XbcW=*#FP5aqc=7KaDr8C2B$VCqv~dj>3qRDTw}a+J(nT+3zy_S76pL+v8xI) zz3$kn*wH(I-(+seVaKEh*FWjTgu$X?841snZ(4U6wUiu2X98^L5i95B+JiFVH!Hq0 zD7Mr#!rniq%q;2)IGh$bQ!$hteV(_H=`e*2J%_Blr1$#7-u#)fYd%5cb2Bu{G<)an z?Tc4d!a6ckwFcz;@C3Um3EDqZM-!~~e`$`V&7HgBDxEqYLKLWdkPA_|3G6GEa=A%zm4d$T-P#QOA?icJ+)Z+2dlGvFMqW| zr;}m{E@^A0xk#~W#O7(i$e z@Gv_6@aZ6>_sqYsc^FZD;Lng^dz#~8-k(G+p49FW{gUz;PV=Dm`puX5|4-Sy$20l= z{{!zpPL)te4ogl+cq1Wf6*=aRLz2VZ6-k6bhOruj9Of*<%2|qva+)oNoU?LBIc?6F z*oHBiZNIBN-_PyS`tNtUU$@8YbzQr5UCoX5dOfd`b@3wE))S7MiMLv7Eq^j|FiSYids!pA@l^hk4@PR5x<(13S1{b8#V*|$vxU{tCm%cJHQdIN7 z>pN8ueg?+l*;BNQwk_W?LOnj&n$Y)8pek?Y0OhGwu9beiT(N%_ociuuh~74olN zlgrn!yKEqSK8%tfe$g(h9TT)A`%dXxSoJof^2l4`6JPRUl|N)_uWpK(Z(U3J-)6fGRQyZriD zT~Y9$R#86hq#50IIJx0qwA`dogxs8#!U+MNmbd^Vc$_Us;$lboYx$P~N-cR5g>&Wp z#%}g4sjn5E@`to!@z1gnU?8sfJqzexoBM2I#PI&L{k7p__LW~dWSuG^{N4d4@d^IV zEqWPC|FMN)tVpnxfMrWgz|k=Q=+X2It*M9$f6nW4_Wi5pk*w8~eZuGK{@Zs7PF{RO zQ9{PvHU8&fKELd_xPKUFXAzn|Y<97_?rTk6&=u<|s^kkc1a9*4v8x#1+39%`x@)QD zS%gH5depk-XYB5gtg}o_N;drhToEjWj>ETkO=*QfgeUM(8>>W?0dXqePMxl+l-i!G zN0zO{lbQh%b-PbA;rM8VW#qFF!lZCpLKH)0aN~n`2e+*Dzcgq4>8jM01Rvt=KD}7i zB-bRV3wsr_l(Lj!l8ri_&)D8Q>50JeRDdBa+ZDsz7Na~iWY9+o9y{Z6t$WDFZ>_yAy9&F zJKsS5N=>Q3lCn*BcdKjwztoPH56=URNeRZZTn#uRwJYW#&Vbfq&mGf76j}N{I6s&N zgcNR$AsSJi({16$!23aug+InjwNkFq|A8L@?*=^*ZjI@}!&BdXshrxh%{RWdKn^p* z7bt8MdF>PPb<>82o$LpV?@=m(oVIhEV4u5UHu~tMX`6_2EKh-4im|+yvhm>*YY%UW ze=2G*tUX?a{7R;&a$UDOZ+9*M?#$@kbpIP37Xe*Zf3`{9R4G?5F3fWlK{AIu~Yw?jF>O_rxDAN<3N+ z_hL;cjxGNMEzd~fQEKf9(0sbP^n-GM;L{zY&E5frpPDdJZ$d?vEDIvcYt-Y`6~18Q zN3x=A+Lfl$s9kgqxF%QvonX^kO0=ga)Az##!MtdsO>61o0L7br5`GxG2W=7#Tr6~Y z$-LBXA>iOsUaw~7wZqvO;ZZHzRbLsc`;~H8hM&FP>!}{1(8baA$g1i`U&_! zun_tozQt>@n&OOs@=jFkAUi$SsMu!Od@*3Z6t8LPmw=N}dz>Ctv^ZW}V5!*RcF?#3 zEC_mtYB8NGq+FyQgYO3)1|_1}O{WW~U+6dCC$Y!5yeLUu+ilYVJ-wB|o)Eie&Cplx zul^MG*jQnKd>Xh(>U@eN-Zd*<>{vuZdM#wj(j~FXdhp0C(RZ;U#?l397g1$4CyyK! zO^j_f7Rxl+-6Q+RH4%^phytVm;sLpU7}pqT!c~Lohwz8mwRTnRa*C>G9wL$gg6mGZ zN>^?lzVGuv`w;q2yV4_S+*SCsKbn-Gzfp&{Xj8b{w6PkoPg@@>GSr^D5};al&{e2% z&+sFk)_0Sq1ElNry2dcH%b{u9AqExtizJjAAM{T#v$k2lU{{deHl6#DANJgYx{Wwxtq&DP1bhFlNu^Q# zLZxxpL*a7M#%N?9dHrOO;hss80J%DmF@C?@I*%k<6DJh|#Oegbq8WS23CY~CkHG(z zLj-O-gg-^&|FtiW`117T*`TAR#oS^mjdcq2zeLep z^Z>j7F@P382%u80GW{i;db1mL($gTP(m!$>c@Y7%Nt!qlf#w3<^hdk16bt9?;h}Q{?9at6&dDv)& z6Qk*0-GX>N_gzf3j$>8(`58>xnr#9|1-s27)!)N;qx($=vpZcOZhCq z;)B9uYJhp2ysMxZZx+(B`M~7kfb(@nmsHL&Ek0vKYpQtuXkz96vLDOsD3;68X4LxD z*>LtVL&OI}%WrRAZkiO#O2&PSp(wn#c{mnVb;R)Ix7f`;KV+E6;GZ9gB!)Sqxw%fGp4tPdghw?^Gq{i69kxEn8O_xmkrDur4%u}e1LWalUS@_u zEh&`em9oLA{H85243l0ji_4;4qs1nz>7vgEwF;7yubN*LvyRrEw2ZbR#5R;fD_phG z6U-vN%w_0kzb}WNF zWc(EqgBvAS9a_^>$T#8jDAp68WZjg_9n?q|1Ou87CdX{FGACJO!|`EFzvE_=_!8}? zlVadtSw@n`=BWx#ujjYTYmPE*Ua=@;&8}}0M5>eiitvksc!vAn22!OpW3oHIb8h2W zr21b0_vAKG{yeWg^5voWLwZQ5vwr4)^M2=-jh2l@UBsHSUln;>>{&!_E?2al-2UGm@fC0Qj~aug9dKb!}=1M~p( z!IbDS#ic+0QcdZBCGYd$SDGV;-~dpaFw4&h=aLql7CsPy-E(tP)KL5O%j5{c|soV^yTxKDz zS74&iZ~Oh9Q@X?cfW*^EjNCUX437Bp>i|E_y?Q-dK=?w1*@2c&r?F{J*Ii#PN zb5G_?G(Bd0_cOztH}Ts>w6^67<74JqS0_~|2Vp`O-U%V{!;O}3Z^E__o%`#1o<;1u z`M)M*mCDV9!Y!Q2#T&0W5*WWeR$y35)Tc<(_rhZ$Z3+nkovQ##04JIAoUKYC6mUli zp_$7htArXk0K<7>2q$4O2EzG#_^7N8mP7@LC>`|6v`@rn&%6WB09t?^ zfC``yz?@+w%pYzK+%sMOi0Znt>fvyU&*VEw7|akO<1UPTfdAk{)Jnh~Zui`e;4-Q*L0)&mUF?Cb&D(Od#`+zQuRs5RBgJasF8K~ z%nA8#D?ZLqH7X1Eos8A{Y=dVI;j&>=7^`z<*Uqk}PC!>wml0sPYucNzb7bTGy5X}3 z;hXIafHlB8Gm{X+(8^<9D1{76W>YS}6b;1kh42sOTLLF}DLY`>G56Q4N+Slm2|*(| zdH-ulL&W|f4&j2^#^wI{i6TQGZ~VED>V59J)T6SRdx*1?yD&YBl)FGxv{Q>pIWCzY z^jA=UC(d)D_Ha?5a+$@&XuEE?ja}?l(CsJuOl7MHX*f5en=mBRc+du)u3dY$rc)f3 z*gtE#vK}tI-MdzFG z3UC{+1jqxp0a!Dvg!$9$fzs3UNmN%p|7e{S$;m{@C7254z=WWGRBiJp@pc0Kbi0@I zbafKdxr6@lI{d2!c<~TAn4b8TS9ET->0D~O^q0O{hrb`lU!qvUlrUlw0%T-Jb0g7> z@}F*m4QpwTV9gy#gt)&vByd9!{)E4)+j&>l3~P!tjWh;ai0swWIih=O_-%=|^FWQ% zo}132H7{?EXspd2Vdk^;AJ4d|EFn3do{?bbM3$^u6-gy2I zE#!K_GebFI3dIa2Zy+kei$a<<7ZNonhhV!69x>#~AV}`m0TKO+AcWg4$e&EK;%|TU zT^P~2mQQEC?k7aL9d%PwayzQTvO0cE`^}{WhxC6fOTSw^O|3=vD!=pnQsb-o&UdH= zn51TJmA@>0n|bTX`=?i4cz?fptGsBo)5%g{>BiS6ftP$@ooT;xrFGeN0=n$Gv^upq ztAFXLmcR=n%=5Gd?wHowp3h^0RBBEmc2PWFng$a2J8T}5ey~4;7D&MJw0rHC)_OqA z{y@L*FI@2-uoxxnZ`3p{_7pBR@eU(e8S58{4eci-D7#_140h)8;*r4BEX3~=U)U*w zT!wu)B!fE+Kz9B`2*OPg@~7O{*RjBac>+iWJO<Adob{I_ zh82^0D7#=gG2172{E<4%xx`PD8!#2|7F*M3G%cb(t!GZ@rD0t&76sVshd4;rF+a0jXQ5 z5~{IZcuX%}NqSu)CEz{(kBt5ylypMJ-uCN!7|Dq}acit1>dCf=bK z!;Tt=D5Z<1vyqod>QNSsH1VC?7@0~OA-OtS$o7mEX z4#D>8ywh)x)XUq^(KanglW7zMx+q)#%R_kN-^y5`TzayiSn^ci>Hk0w3sFP3y} zqjWAc^Aby;CgJ&C^1Ud5biFO9NNb$%7qZceJwORiI#W7`FkyN974&&-7=r8sc^^3> zc0->BD24v6jEd0(ws<0UKpvu7Y=BXM@I}r(8h5bw|3!e!O_}|t@*C=lpTSf2gTmw2 zHuQ=|FBiEu#ftU6QflK}07ovI+K1G3Sha1)INu;`1dhBG|H4ys=cQA;(EI8i#LE!r4AXM%pej+gc~QBEQ@C8->*T!GscX1% zxKkZa1@Ql+%fCx+Mk*8HqP28~5tzYtErtMhn|GuihVQ}df<{3Z5hc144`cWG%%-m#^GnoI9FvAGysF11WlRDfnJ6A36#@$wE=t9Wc&y3`c{m3zq`#wIm}F zHc=WJjX6mBR>u?0p;gdz_I3I+x17NKrJMb#H`){yzG@(C8s{2<8lMF9WCclP1udoo zN#+N|=LC(W1@)u`jizH*&ybmdSB~Gzw(N1elGIyM6&KPLj#N!tFAQqU3R+DKD*R81 zOv94y7?^@>z&2PjfHmMOz#MBHX$3Hi?0`MJZqTP8Gk*vbNC~AIz-7R~&}j7*@yU2f zF#R-K8rw&IdL7=U0iHjE4otx7wa-gU2PRSVVjw7PxY)lW;r?VD?)N!gvSxnQQvG&9 zw111vWG=;ruDx|Qat|(w&`c(V4C2nRB>xI}?q7!K+(PJFPQ+{g(~K|x1+W3A1F8W2 z0P+lZZQhU-YJ->BP9r>lY+0)$iYm@cE_U%P9`z}9Q7;}tBONTYPfZBM-T^ zBHy3*UN|M2n{3rp;-U3cg2g<`iTsQMt&#cuXwvqS`tkqQ3aqm+yICt>Y_S|#}!zB_V1D83f(70hiZd9CcbE4TT^>%qwDBuRV1 z6Gr=>P6<|nmRRne@T=cqMNx!_VFZ46V?O3iSy4-1_88@f{r-=2T5~7=)2oq~*zMo0 zo1>L9=b`fUfF4K>RKKl$+xHw_tM{^_$+x@S&mcX#H?s#ofsE_ch~BFz-vr+yUlHK} zU|rBtVYO}I_k}+2-bCvyX_ZFI)!?75XAgh_N4%_=z107Xs~*<2xJF*P>o+aTBwD$+}|p~hvZ^U$YFdPtS!N6(_T?e z!6Y$zCU*Vb$c^$I=7Le3IOrc=`*C#YHkFs#=I-wz>(M)bKCp5 zC5!IVpm$}}jlDJUMrx^Z-6Q<%&hHO?n%$GvPs!_i*!8fh&%^7j(D#Sb*Vhex9un4X zZ{7PoX6b79H<^3)rT^vow*6kT^i|VuDeUiGAo>h1Q_jyHXlYh;A>!T|ey=~Owqta9 ziMkF8#~4n?kne|l&?ib$_QLouJ14f2V?)~Xr=+P#FjI`&M9RAE7a66IY2)yx#Fl`o zb^o{?y7wsWs@FH*Tx+*~#lJmdSPzC2V8v*8Wn|+BC6fL{f&laoH*!KqyZ&?@wGZZn z(VCF>@0e2!CXNxBcsOet4NN~R?kO~;jCU@3gxrPRg|6Uc5MAgl^lV4#Z09iaz;np? zA2uQkd!Bm_-L5))J8&;*{9m1Kd+x=IUk&+|w|?Mx#QB?0krAip|228Yk3&8-PPtJl zVNMv8i37j-p^cN{6hD~G?`~;QNJr!JICUAg)2{wR-uhaxVT890bYwuB{a?Egk07l- z>uWNNBMXwZY(f8jXJzbut197dc{dUu`*vl*?$Ffl!wJI@E2n=Q5SXMr!c6=+;IK9~ z@K9tmTQoCTd(ya03~PLhmQZ&6&m#^x1(kmsabVA}*tH%0>;bDj5xm4_&z-Xp5-W1% z)=WX?tW=jv3`aH!vDNBg{++K7 zmH!q?2H^1lsOK|BPt_@h1`$8qKK+UGC%kPtdN+C3>RV_ zfu;Rh=p*QV(A6ve)clcGefSj$$rSWchQ$;2H@om|h&@$>H4qWJ{`<#lD9+6+UdRFX zxmvKmgyJ_6^kJ=#+EM!3e<95~c}#_5j@6YD&mzTmg}sIub2AUP+1kj@RHsg8lB2PJ)Em=WmP;+4Ls8;hT z&+tJ5Xh15F7g@~<5;bt7xHn7kkeTJ|b8bvt^?n*I?!lW*?aiBlGkDPKDMu@*nr zcB62M3Gj-_oI_ zUco>1p_fy#b4V#EQn~3x-smS^Qv{^1YZ=(t1-~*&h_~sw@H5%Wa-_6>bUE8hu~hzs zV!NWkjkXT&scTx-he$bf^!4(U%g5Z}<869={tzKFMZn=t*GAf+=?NE5-_mtaeN;mO z&G4d+Jv7a?{rz?WTA}CRf~$*<%-A^7bMPA_4jNh-dhQo2ED|#a@=>Q0OG;wP`+pp_ z*D{<+n@aO;_(!53`iGo)f>qz=wh)`NIj@G3;5D@eeskH!4wg-v6xPTOEm2lo%+E~! z2G+3O{o3^I(dnG;*z1-5mUlII$~#|nUMgm5)|lVv_bJXaTG(x4ap^6_HTBwn*pznn z<7XF=O>{MsmBF&7x(eN{m0X^Ywi^g7b(OtRHoY#rpyr>M|J<74os>i!A3`W8&c8nu zQgBF0x|G7{ZL6fpxLr?sJ4I9U`mE&L7j4{>S>o{~Y@yYrI_}~n4XZ09TXLt0J8Z;& zpQf|jOIp1TcA2+7cV&XHY8HQf%mjED)M`Li_xc@xW4wMhe8KLEr@KUf414{grvyi&feZ)c%p& z>>Q>=eeSK0bZ=+n6M1V1---x2YAV%6W!Fx|xzWCAzabq*gTWKoQ|P;^-;Z~W-cP?! zth8dxQq3`#od5Ln@;k#R`_T%{-1Xd?g7wQfj?Q*n1t0rU?ZTg1JD$4Q|3dkzw&%c$ zp!2niFL`xz`bjH66`_jvY(8Svth!aKjrk{wA3tPocb zJ>4B(u$ocW`55Dg5;@7csG_$0#|N6AkZtL4D66lkQ)8;Q%PpjP)~MN>!``dPRdOpe zNpS+w+S$_68QR3G@r;v??O1)v<>PiU_@Eo6iV7Xxni;{HrOgh6OXErl8<+Ds>557g zE?}!m7QT)0<;pTEYU&eFG>60M1fizc7NPVAzKR!X&*__mjMXW;#YN^3ZHJgHs)WQF z-^!rI!J_EFwYJ`*E|O4Na_9BR+|10Oq{PMsvSVp=k=->dXD5WcDdV+gaaoV~NQ(tX z;NU+lkayOVUZ2d!vi`4D_xD6JS0#1^ukaKzNtt>f{rJE+zddcZqPVFq^)j3#xYg5@ zn`WQBHIg>Pv%SV0frFA;csClezIOyzbSN7|aKv%C;k3%INRv6QkfBv|&3XQ1`8v8G zZ7aT4n_N!7doIIm3_)^%RpF$K>)9P+_IRC63^D)L8ziJH7O{}<9|(k*2*woycBJ%$ z|Jthhggw6Y7^}WC-#=w@)DU>oUaw_e#@9SVO8tk3UmLF6__e1jOjSN2MQ;il#y&p> zS+1CedMuCpV-^C;)i6n$0@-|HPWX;a0~VW{h45vrOFbb;M~0YL#oMH;cTqL(UHH^_ zA~#w*h+sT^u`TG2eo#@dQJDdJeowlRIGyd-Lm z&@#_4_2yBDFuBF-qh@nxjt#>BCr-S3gDeBGyS7;OGovOf8pPxN%%GvS@}MdAAHcQ2) z5-6&p+CH;(kz}nDviMz10oS1be8_Y~2W+m20-+*iKjG z^9I8dz2)Z(tYp2VUs+E!qOGc|_Qn7=^fW_+e=(=Lh#_s-W`}?sAY@HYc$pu<1G{BA zKGC`L<2hq9V{^$Un0X|y?{_{hC9Rvz6`z1Kf6@WT^6<}6dZABgn7;l>WO9j%2TlNN`z)(lLJIu zlds8P7?G`la~Sr@4tY#aZ{V+F*|7|Iq&9%;GT16+Y$k`!S<+V3Rx`6mn~~Y-7zap| zCIVKzO!jyWD+cmjXfb=@NMM@^ZDU`y3)T*g>w3CkVaQQj{pLj41Wv(%md_7(Osrds zL%ZRmj4%V))jTH>nNJfES}Y^nwY8MN2!Ghi>t4~JuBnf`w1L-*!CXRR0XM99#h$P? z;lP2b0V0NnrlqqNF_#d+$(#6L64|nwv3|u6rye-sL)*gk?&MKFXt4AyjBPtNR5e6! z@t9y;VHuv8yAI6k^uRK%7$T0X76R|vsfmbq#RflvM^2Q@i+ifEObiL?frFAXIIcGl zShV439Z{H1$f_qx(zcr3VhCmPi=O!#CWfG@gn3|5LvIYQXuuP@X<~?0TkX&xZ3bn( zBD??=`RN**2?4v!rTP!8&TE?D9Py|g%*Cg;yyJBfF0`$>UIG6hLaoQL66_K2cYli5~hfXp+#79-PetJ~Y0_VNYBrgL$ywU|SBF|#|= zzg^bJH+7<>sO{e2JCDwi8{dT06zgvuS;{?arlfe1Q7RW1kvEYw?NQz+@iT5V?}xg2 zte4J{wzD+E%F0c){A!ZDW`xmd z{?1Nj0p_^egE#w4(g)GC(Q*fuat0Dn_^LiiWf21UQ;i!J2|OqR@qw$<+Jj1TeqQkVI(fgy1lCcH{q?f zneenfAT!%!GaybrFF6(L5!&~KHCL0@ki2@q(FWORPct!N3(7@CrEp$_XqvW+1^=Vq zsADpt=6ucF^Vn+s(|F57r@aERwHu#DPu>hV(6%7wnf=1*;EDIZsWjjEVI>oxrs zoFz5PG0!C|%|e*KMd|H!bK`=)@!hLI7oXfOdrJ@r_5y_DBxk@Mus zmqMdUk5_yO{TjA5yYh}l2q)rMr^|5RnWvyDxfbMu>hEtz2RV=UQU%OC^q-y}^L-SD zgpSHaPR^ja$#S@-g647L60C)x-piWvr?m>dIIbq+c)iRL?Qkv?)>5U%{ADA){FA{s zIs6TE4KuLc{l)YyLGqV7E)UfgbX_KuPRmqKl%&y@zOAJZ>jg&_VTmmtgI+r7(gzTi z*)MZeXa~@P_^94jVAe2!toQh)7@=v8+&4uH1vP9VJIMQ*D=NKca6Rw)%$EF$^(Wiz z&fNDeG=_l7WM7Sx+-Q2Cf#`HFEHTghaXKYY(&xpH@8`P2prngAM)uY2X{Q`>Pu&z- zHO+mIVs+HB^6N20MSOIa#wW++ZAzoQ!#b zC1qx{D4O2&nDcUa;BoC{iJE_Q z6Ry0+Qbv<{tfCJZfA^)6y7MxogokxsQZO(>(%kL-zMx{X7Q^=vdY zu$&khM&r=VpX)~Bh%VQamn zqc!oLV%4EZ{`<_!1?uf*6RR|>z@oS0mh?ty@INb^3htya60hz5BAarXs;9$uG&YN{1@GUD1@D!Cp8zE=gj)f`3fCsIxi$CN;jzYgg>tf^M>vl<5_T zmG2h8BlxN==5qg|i($O_@782)&&Vl^d(a--!voNG)+gGIv#XX17Td!}9@?p_#m zT*fO+4U0A{LW(Lp(v5^>V>CB=Ds>;GJZC1oVv=4+9hu8dU@XLBu1inr34YP8NP~q= zl)J55C|+QIstv>fN9jEtRF`B;XL9KQma@bf>8aHV%LNMcYs-Q=lMvX`0;hBYhnDc3 zYDab5U*l33n{Nj>@M8WXO*@FcCg*BVDm$)&wHm{#cjEzD^DJsWrrns+$dJ|&q!%pZue{>eTBX;@MVv#blS2Vj>R;S*3ZuM zA;pDc_8lzJhpGjFw1PLk{UE4oxl>?T!Qry2g3X1zi6jn_!;sqTXGo`o*(N?_*IZWn} zX8(sES>RQvmy)0!+i|jbH=Tc3rLKhH1f1(au+|XqAH3TRK z;zfa?+$-WkNK)NHc|6Jn4?GNS@Ad2Uc4=b872mIGiP9=B_v_Ot-8oP5pUl6@ zn?Bt+-A1(F4C-G_aoXqYHK?i`Kii*V7#?=%anOo^S_nFAeg?ZXZEA>hk1O0o^@$C0 zWu>K7=4Bz)Z2P)neVE^s%yBYi%qomHc!8mMxCHmC=eS(C%h<}bwb%?B`wmO-*IV*M zWbuCI?p~Q|kLxC)XJ4KeO-OpPaPkZ|TQzcrS!$$OvUU88;vZ`BgAmFWEBk{b%R7g_ z?~HuIXL-AM>htP{pFS2}WR=NPo#?i?aMykYD@ zz?5>f`8qFD9oS$t2?W`_Z_9-K9a%d&f%kraXtFH%H_@$ZnZcJWG*Zq)WV=^$e3zfefVzLqJ(Kb8aqT)@>kK>-7@ z{*WorV&=hObXQQ8fX5H3fzkSa8pViEr%IJ%tUNoYIEE4USP|=!V|tixrv-T}@&GI;3G5B~S#tquwp8-HG=1e=oLbz8IrpX)2DF>~&2c}~0;{`jcd|c|U&5V3Zdt%hIt&uK8nG<)W3f%w=#_KhVdXl{ zral~a{3#h6-(ME^;VW3qfmJEHERwu9Q{QjI8O+0W23AxAiNKdPcxbTWs(5@uzXfAp zR?x!quK!NUEVXT2o#Cy0hz7xPP0h#1??j{$%@fnroj$YbSgSrW)q0_RBy%!FZ2sQb z#-7ettM0+^cCp+{X6p@KJG)!8uyKvTyAqc9s`poz&U%|(_2-^95QaVcs;<9k$v&NA z3%j2rdCb7Aqjtaht7#`evg&>Yx{{+_iokriNZC9`Vqcnbc{s>Q>;(yxGmWyXq=%+= zW-mz%O$%pRo@TRI#nAYXpqWuCN#LR6igH?R{;8NPpcHJT@)ntGF7e>@We3Qo66>#M z$2@xOcjtn`EU0A=r?2thXBb{AeRtS97<#lysC!RjL-;`&R`>}=c;k8}mgP*N zU!Hrzxw;kPuf~EOC53Z@X`Z-}*I|*LTsUF$y~x^wmrxwf3Fu`*h{9@O3yJ!;7cE%P z1HEDCMWY+dUF#z;6atH?8zQ^L+MM0c7+O{7@`=kK5qDFG9>3QB_mQYEwQO3~cciI) zMaQTnKJXF_)CK?S%!(|+psN`X=jXioNE^c0d)x+BUuibhmvy9R@->uo*iSHqAsYv! zmI`E`$`j{V;G==acn0hIT%{Um)6SnodyXbvRO4*I-^2AxmxD8=e#oX|C}Q>XKk9lf zmcSbw6Km8r6TcW{9Z@mdI1CINB)t2rt@G6)Zk!DB9Q_!QT#4^dRYJQZ_xaUqn4$1y zmR1-2{`u0#uo+P@-`J*9a!g$IxVjzL+Zsjgo-nU>a+OoF8f@I_RM>aK&Bjz@^VSh> z#XI9Uu1bcE4QFiiz&#i6-L}iTbNWqpzrR{;L;5`~qch7HwXs5_W6v|fLkm}gN|$dM zHv}rF7&XKyYq()uE}N7q8%`Blmdt>hGUECpPiiYKL&lCX2ZG@%wnZg9rAupM&^tQl zJ>OgO;tN0F6Ki;-pnaG=M;5#XGwSHZ@dPiwh{UR{p~)Ev^o9yXX!2%8MFY0S_eV)2 z*5iG!Jy1yMsViT^^=gj~E}?ptfXwI}AN!TlKs&Kl=y&>z53+LmAv!c>YOfOTYGUv3 z?<51S=JnoKCT*x>=Zy~mTL3Trs^pyk1{~L)b0XB-0z5;2j#8lg24^c2ANc8kfkJ-O z$(6*Pq5;I0W7pKr-u2x9I)7)r=;Yb050%yy7YCUY1>*!$ z5%(=EeeYD&-Iwf_?a=;c0p4TL*V!Zw4Jod17b;FPH+iY}%EwEXHh*^3t=PO?-ruB1 z);9m>kp?QWu?L~2n9=7K_!FI)EgKQp#E!vN{nXAU&7ZvyZbMuBNgJT;c4y4vMT35p z13$^VGzSP?le17B8R=oY>HvXgqSk(;&F{84^;f&K>$+8K)z>dq>|@s&jhz+@Y9~*XU_QMZ){ zZE`I8r+e|Nx2jeSSdqmyD}%c>vyDh?1|e^MSlQZ)E=Gu+U!74m$K@mUUCORRSm7$2 z`a^}9M0!@GFNDTzu{c?)i}{?T)#jD;K?qh_=Y?h&g+bccxnxn&=4BfeQp-VI+upKmyTA zVQ`h2&%n=1%G1v+uW}4%XnfX@Zy#L75n&_{LRjQwBl^zcf5$h+7m(6TLj)yY1(eQ( z*UOtQ31n2$&}xOI&g!L&Va?L8iuqwf8W|!5bb{ecNl3oX3MRC;X@W!+&?IkM+CXbU zffezZ5ZWa?=lJwwA=_QGIuXSPPv|`#F*q%5!y-!pgNP2!cckR(1maj=8H&Md>J5$< zB#8g|R}I^|US@Y%Bdg(qORsvbNBm05-)+9%>GUi65uo7k#c~AXx_Gk*mb89p?i`kL zm02bwy#@bjUK^L*_o_SBU|jXllyT)ZDr>9l5ViPx({;5C_bg0E|Ex6!?bl}azI94D zq&~!kwLEzXay$H^iBl5|ndp)ex6Y1Uz`W7-HC-&SUn4+F*AF0;6u}T*$~DH;Lwk+ z%L?QvA#Hj4V}G(p)`ayHtqhRpAbE3&?GpNGmX{Qi^w{1u`$clqcC()3$`f&xRtLq) zx=QOLPrh(+b1hMZ9HI`hs;QiSt>a8>&p~z4lKYm;L__GaSUc@uNZ5H71!It8d|F8 z)d$)cy;(q}^j2*Rv7YzNZ6}czH5>WLaQJR1c~~a!i#Vo%%;hT^=IeZV0#-?M-yS-u zZ*azNA~`hdK7(1<>%)r|!zi6$H9_Z8wv*Tw<~p{MsHk4ZjzJc#ckcrdHMtl2fW&s1 zqnx3^&dfCcZP&SPXK3`U%bc*E&8PP|pyt!rye|k|3A8Gup+v&g8K7snT5^WQjOjJq zF$8QSWarSdb~c1}&JDDZ;kdEU&cNA}3azVGup>_d4!tE&qk0jUj`)qPvF9%tOkD4R z=g_ozc1OA+0+Jc(?M!2)^fG&15Ksv;G$B`ke#@E0xOkmKs3_%+bh~8ep7~w=7@2-r zC||uUC^^h9rdK;^a9S&Sl(&3%XXlu{SrhpDT=`iNO$peqQjpkI)1A*`g#TC8HQ*9W zB>bGQ>y!#aL*&9t+{j|beYdwjPGh_ zp17i4;Tody{)v;MK~nBmEbtT(!+z*Zcuv9b8t z=@nNw`sj@kPmis8?uwR>T^5#CnxagAdmfj*_b9Q17|q`+3%_jpEbPs-teKN{=qDhN z<_zVUctz#)tg9LNYq<|!x|`?chbx3GH?gSW8CsUzg*|Nxp`Hp~Sq>Sgjf%>(`%1rT z3$2R`lfOIBYD;DJe`k(?7J~~*$AXSTMhr_THfg(Z=7972B#ZpY$m!J8!c&2!I^^&l zLJN^{?RHIDN95$neUeSXUflI5Un>$^*lRz&{omz-a`-z}@A{g|qfwyXrXHq;Mc78} z>S`F_Vq|@}x%+cNO}py;(fI=_xooznm-DRqgY5Z@n=}}w^!mkFST6@Bjk<%83rDSx zsE>NtvqRHX2-d1{1aC~H(}ud{uxiyZFv4+h9|!e}y}|&6!qA(cG`h_kFR&&ASX0s& zxsmRK;`78hxf{x)Z-$2kbJPN{`)KfDjtx$|`=?C7GJcDO2L*{q?JrnHcvgZ6WNf;} z^o$MJlwksL7E8x`N$X zM~w|5(>GmW!!XL#x66K|Pg$5jagDlz;RJOU2i10aokB*iS!c=N$y+x!WLBybix<;B zF1f-Fi56)shbndBewd5D^19K9t2D=34MliNPi-dL>y5B@^e7R-*mDUk?PT-LB3Hbr ztD*GqOw+(m9h9_rkA;opr&y<|y%ra42+2pt4omC3_P!0`XdTCoPERY!h$urcoUj$C zi7xZ>bTrPdqYKsEwd$GeR=VbKW^=B4Z#n6PX2za-sIgjm#GOINo!qWryPWh4S%}m* z@*N!utuPO>kk5fQS@zV&zGWM23yTTOm8-8%Q;)IT;mHSgN&qP%j6 z#FT7}yLd-V+|Fbx7?9RG=MnVC6HKS)r1dj5a{r;Ns#lvnVT5Ms9l0>>-X$eb;s^Ec z+h5`*?BNGm2laUsD=JlYSudSHH{1gCh~k-2VGG_uVWvU#FMkfDqhA-t_^BXD&d41L z0q(8VeWKo}OlzgwTxKfAI2iMi9YY>?i*r0bp6|Rs@JFlBtquemc$`YI?QpuW!4K>@ zu$(_Q{8->De=zgtYS;0z4dg6ModnwrKFyF=+u9Ay5R`2ex>ru_SDCB&D9{znVADE` zc&i@UX4UqZ0*kYIg@31>2x%qryM~=117tVW(GxjZ1qFfD>9b)_f=my6e9hy~LEjFVu z>w2q>4y|t20yy)=l&mecO4Z~ z-#`3bML#X-)A2;9{WE>{C5VrZhizS{92Or{YYhX+1$k^-ovocvnBIuMb>vnKTlbt z`Z)i)6UpK&9hJ*D)%cs4QR?Gd?;uZ#*Fa&Lh|7GHz&YvSZd{(!=Rc3H*w$AQnT@Mc zP&EieBzaVZyTu{EE_K<+($6m?f}nM>j_?!} zU$y1lJVSdI+*z>JV4{zgodJ3_)=hGB5%qQ4cofED!dH}+0ge;=l=AbUR-aOTnNVl* z;OD~uu;nH+@2hH2VRsM@S8<-LUD)QFSPX-vj$#uiw*Y=XkB%X#u_Fd*alys8br3^E zm_<=1+v3hPSJJsMzh9oTs}<`#vqh3RG$b**A^Ld$dzfY*MN8@M|)}X`i#`og2>oC8AY3~MH zJK(fJIm}T(l3x_?p&*%epS=j56 zDK`~|FJFXe&d{|be3$e=Ez9L5^~67%EaX@5Nif{Kf7Ev9fzXfNOk{KG8b@{5XB8FX zs0h}F9m3~h&e0tw^Yi4{>IL>!=7kt|s~h&mgPoZ^IG+UObmuN-@EQF$fOn<+z*@o4 zKTt(aO6f)@I#}%z#$>GF&Y&J7_|zls!FP_Xe1?-Hhri6lIo##AKQfs3Q0$VmSRK49r1fT>_?qu-*u~Sk zg~a=-PfqEH43jS6jdww~Jw4C9$ZK#wGMi$@vm!E;iZ)i25}VgHO6J8{!grSnyqfkb z%HL7CFoFEi4>MQs*h;-U`Pua9$yo}6XVE1ai*%&VinB)@sz`?=3qm*cdnIO0#EwRa zeeWFD!hFdV=HymBbZqXh)cJMEH7UrgIf}h+QBWDPy)4VF_j<;2h+x(VA7x+Js&rHm z>&mWmo@zMsYqIkpi!3bv+;YE3Pii*0+GeAK!Y(9@W1kFIsBjK%VwDRb3^TYCTeI3T zfajI%y6n&NEp+iN>&G4$m=&nN%>&9;5e*363=Pju(ayY?hpoOFj5jyhRX6&>4$)CD z&EY4PW_y08mv9}wqd6F&_vBLS%okD8g2EY&bB#2^uW{4A3iLi)U$cl2gi+vjBl*^Jt)_lg$VhrrMCpkkI;fCvrU{9#t-|1 z5IR{CZCeFjQAXQrdnW3k+bUc?3R7%el*lVD#tf8 za37I>-q8soXNLHBjw$Ppmh(NGZD~tugnu`L!rP}p&aH?-prmiP@e(J7h2d?_rq_Gl8L(y6h ziQk4u@zaga#6GxIQ(>pkeMwHD4<=5r;UU%_sOm|@!D0!kWdr}(SBDwwkN;mZfQ5 z=0|ro*P3TasA%K^dsO!j?A8GM*6h~j{p|5V7_LKRHNA8sA)b?g!Y1&!-#E@jp%2Wj96l-B>*VCP9w(q-d=L*I658z>~>sA~sGv~Iv^{xnBs(#iq zk#j^80)g8-H!|HS*z~N8L4rz`Y|^xTV99 zqwHXP^0;X{!Y%@?`|^qJkQ7(xh)@Q*5!tIG!owI_F&$c7VojeYRKU_0ev! zS14KC&Y^DhJ8y|p>`2~HBiF|>r-@hC%6U;_PCnrIv;jnv-bYH+6TQ7y$Gm_M_}mJ@ z54z7!A<%r$%tbzUEXP*9cG0pmnN;AqB$K2wzGp)tB(|b(Ur(^XApkc1_>v9C1tBjp96akDqah6!xvRyQ`@d>*vaWrgl>-+JB6!sYp9 zk{cQg9eCH4d%mEpZE`8Ii51qlpio~t)BsOb$}@qV+JA6K@vAC4JGav%yDKnO)U!>5 z8+|zAvOc6!X6kps;^)22X*K?KK+x~PjViE`xKW*j~IhDKpy0+ zpt%s=xzAfutqU4qL>$JA-wKl7&5W$dr#I;sui9W9uBnLsNvCYW(D!C3{}>3>Fk7h=`8zu zREd{nYK$^ZZ+c{USaJQ>-ahzb`z5(1{iH5EWsck3y2?#C_$w*s#a)pssn{HOiF~U* zUH7}2ZaMbwt~o5#BIWZX{iByNR9u;q-{zIZU*g+Qx!N5wds)dPS4)2`Q}*%Q&D(Xd zV`&yk+ci)U6uU1Y$VI^239D%VHK8WWBH4tNyL5pbOXf$Xq&=%0Du*t|O@0*+6v5GN_ zv5YbOHuAo#jXFpLZ3!!nl>MHj$)`!flD3yYJ7`{5Q6y>i1WfG*=kwYmg7VSqutmwd z`9IyOET0k-#FxYMEX1|N%w zbdXoqq_*9@X+fz2I%Ugwe?@V|GOrm=6;t3hq6vtAx`2>v|zb+^AlEz~)jw?{5G(I@9G(1*_h&5Y zXAb>0ZjU(SX(-sGH1l1WpMO7WD17}c{awSm8m$nm2rZk6^Ox8IDJc*5!ym}=_21ii z!Pjn`Fu`6S_>z2}I(3Iv$jG&QJ7Gew!s=zsKt_rPKg|54k*&?H;jYE5>8=fMNiosy z5*}{+;9-0~v|93Y>Mc`>8#l;Mw8J~ebwG)X4?g`1-rY}cWqQgvPva=!t;nY*e5letJjT&28?35?uBy`@v;+XvR7zY zIP@%rb?JrY6LE3O>UdY4+P*N`u-&jAH79*ZYO6K!xz6;XsaOBa{^$Md{TWF<955}M z&lE2N+Z@AI?)M8O^|Nbe+Ez|m)OGJCtPu9Yl5jaPb(*Watt?DTtyT46iXlr%p z`piv)lz`A+aoAj)Hg*?Viv)SQ{aV0g;&Zjx@ta^1S1M;-F;cR!! zD+S`x9DUZj%G+a?F!!)U&-dgaY1cKiau5 zfLY1>t?1F(4LuAK!gW1EnE-B7M#8r$hBg5MsMSP2H0BioFi}eh-Sy{91HhA{yf;!T%_vb5fOIA_DddIKtaX9NQ}4*S4z>HTD@i z4?8m6N**&PY0)8{(44BBa-SrqfmYnExLs3dH1dsch_NFtSW!7uoKM2~%Y?$GccvAs zFJlKRQ>*xt0WlzW&TOsRo=;% zYN~=+CmXLBK`bD4AQOWj(J#%VKA5n<mE}`f>L**N?d> zKXbc9!xh7=`StnTr_*iYZD5*CnrWJ0n#m7&66C?|!8d~kahfR4A7a^)EZrM?5!Qhf z9EmeUc`QI-FR)bLMuutvMcf{lASEf{MHQDSO;Cw$saO3baUO^n4alW zdr&@2L!iuAf2;BPS;zs)8s=bf8suS%3w$$e$$D{d<=J%C9K$z;&fF~d9C?@Ib52D) z?b^-;XV+f)jV+#5)3ko}WCqR#J)GJ!hq`6Qu9e(=Y2t8NS4j+FDCeR^j&tmL+676Y zuu;xuEixmtq>|@^q$(!QV=W|!2(+G?7y~QjM-kNNE!)I`CE0cLbVc-c?DdwkP|lnyj*{h{xH-GfJEEf@^V{(w83&xI}Hyjx&^Q>G3yE**7hF4jff)d5wch z(QIGZs@uBSM%i}FTufigv;)`n-(89!N!w#xHgBg$YGiE>rq%0h+@_XXTX$lnxNEj- z-DdRbeVk#tFXuDnW+rF4M7}oVdD)!2*}c81wJS1%UKj0@xhOi|lLVtZ`Myg&Q`3;? z)UpHrc3BA1IiYaV!6nAkz_r6Qh#saAr}{3k>3RRqd}(NwZkBE+J5|~)`UTa2u)6!l zqaT~);3fZVz35;nu!z2=_fZeD2V${Cx=p&FHB!-Rh6zr}uo31J_VU8nPg@r3a>`h< z1RrIPi=4Pq?Kdua%p5eY8H2|&AR;ZEWQ0}BmU^SP1!hBwl9ypB3 z1I#IEm3BkolEDO&8qVrNf|A4pGrG=ZLspV@#7zc=9z)TRk&Wz)9~&E+yqhkX0viLH zj2g*29~@gQe4j0@7{6A=tsmc*9y;U`}+mxoOfDiV_Ik}3BbzV=f-T*T(&e*V=S1Yst)sna` zq1PF{B)nBIQVLCE7)$=4u_zO2%)psYtG{R(dcr`_gz1Iu73@BKWV<~x+7Rhx1~GwP zL2PGznwUJmdl@TDonBQZo{*ARuSQ(=Olb4gSM;W>t8Hg7lB?m^SMSMNzF#CUG4+0F-BZZgrCL#r{z zulJlGHOX3)r`cpJu9tyV4u@Ir<8nxxs@x!JUDfh&9J*Wvvq#hNOq{ZOGv`@VPI_jI z!Fz)kgIWW^mPy~E%an75a|T%M`OzWy3V)Yf%G`|>N#LMV*Yor}ul18rNXeX83&fWw z_oKXE(mv~o0c-7Z&BC5%1M*eOiJC<^g}%9O5>lR8DitQ?jwMg(ZfX{)=9VVb>uuT= zcIWCR^|6?$PgYfWZG`1!%a60`)i_&koDS>B;j)PoA2ts6%aw68l^+HS2g_x$`BYSj zlVVQ6tv1)=AsCunsG9N5?TN<`c>Ks<`5>nM{RqDR4R3{5P+tsa` zTG3DLXED3GO|ng<`%r+n*2vz(zGMD$esrF*Z6?qQ?F46+SeVsaVXtzYwCx~}A02`< zOWDYE`greXKDdo5NU<+9v4#VpCi=pQEok38E`ncM-C0+*iil zQhzbFKh>Yf><7Hmvmf2>$8LAWh`@+w5$_oTJ!8&Gnadb;nsOQ~8XpO%*X*~nh(6OU z%k;dCNu?>1n0@1o#eKU9;|L2I0~;q2tAt8hsM5jw;2Ylu=!e1&dXK$=qi&}Y)zdpW ztp|Lg`;h;b>y0q?e$~#6aI_wj@@7pY%kK|2VV<-H{S=HJzovPjX__X11 z$Ip8YWid}_>K;d9NU*XOefrqGiowLHTVUVNeu<&X)>yLF6sRIO6~;*@!se;QuE+h+ zNTKTsq0Vz_)pGf+3__S1g}Q@Ommndrn(i|P)2;!+8ue)nsAd;0A(vXC9@Mt$gwTnV z?0KI-Z*`n8!--sTVj!EOMv+0GLvB*yBAZL;XzuWPxeivv!pfZCFLDiRlts>Y!$)%b zY)z$y<#8(R@V)j0fN)#LSjg=NYL{p)ekC28|HkZ<+3S;A5K>WQZ{5>`J*@?{c8y>= ztU0P?rVE+V!o8XW#zYQQ9gXUeZS9HT&vvGWKJi34HvY2dW=HQ8+eDZe)iV$Mm6Aj^ z^;ta+gB6s-=;zJP&$L&j5<%*|T7vnX)e3&m~{4293&|57bts$&;hwgIUEul4{!=sI(d-EhB zT=PyjyOB-jYDoIsaavm`;mA`Gs9-zoFzYbiFwHP84>OOzXCsru9->%iY&uYxkW_PoH~E?1Fnu3;k$nR2;y{93g5PuJ=Su~7DjeBH**saE(%2zn z1P|CPbw?8lv{cBmah_0yKO}Y$*|Z(qVy-aXGCx^g9GV>xAEFt0F?0mn#4|}nhfooU z(0HmGeqR4RM4s&?1qu@-^btCLaX7NRHdK}^Cav?ls%TU5dvTH7_b|2M=aGfl4VE26 zk;T;oWCjnaHvNl?iw2A93pT@w*ot>Q);Da%79|(y7oXQ{ju$a;`k%nO#j{M&HKfhIgIYi2(>+C;Enl3T59j;m7ij6F?JUCeNj>{ z|2TWf#OS_$na@J?^f($LWzqCTzv%@_5P?{x0h#`RsS;VNB0EE6piA?P!3&Q;bhY9m zo;5+Es+a za?2B2E83)>o>khZTOcM!>Dc%uO8A1R%e%BEJgWOd&}M^@#MRBo%#uT^Nb?%0LrCQy zF2R8vzDICR!;`VFMvdi5S`fk6ryglZQO9JsOg5jb-wmx>Qup z$rG`b+rHGN4Z~&qg06i=gqMxE7f`Di(B(JtH>^ts4AKz|@oz<+eF~m05A?aIOyE(} z!}}Wd&W=0%KK{a5SmV>>+{L30z(Lz(evIysdv|Ha?~L$=j5pl@=qkG>zD)b*xdw9y zsY9nXnJ;~rzAVJ2uBQV&9d$L#^Q!~3ovzyXInqQU;zo4o~x*EDeXDL zDu>l`y@oKa`q7_@sE^9xi7I||(_XGvJhCn@5#`cPW^r^=K_t4*FsYO!zeQyAB)=XH zvF2O_6Is*gyQwLFm`@F2?Lt-_XpDkb_4%JImoK{1T>aEwKNLi&=%ISF%1<&1xfOF-^IjNyL@ZgMEJu{ zPa|J-13@ou{G+bJ5WB2Fa&9FmT3E;lf_4@X{-b4?`JjsM=(A)7Oz|+8GFBH-GCz_f zay_dBQ}Xg@EM2F&@Eza69z=-48T0vxO65U%4@45t9C8K<_4T>C#Bg3X6q#&$@x<%F zT$lS#Dr^d3gkU*;$B_pn)MDG`h@GHd-8n7VR%R)q!oBdGDc(JQv=N;J989s9+{iV? zjJwFrG9$z=17@g_u9uS|e{@e$CnkFXuzInexYaJ`l4`*xNrpwv$0zot!V(u=3UEx4bzV|M?Bq zYiKU3e}02=yH4*vPf>(!^UqT_iY&1DV}+o`%)5|3R}5-w5qCxFrwK}v9W>FZ$TJVe z&kf~yC3g2o0$pI}{*zmGUb=Trhx1d`yCfbp1vq}Tt? zS0&16{z+2oiN0x!zS{A9(|F}h?KQt?Ec^MH9ta>aMeY8-cdR~N{{Nn4vdG!_Tp8(_ z2!9zM5j9#!<-HN&rdQN=MOk#|p&=#o+hcUXEIh ziZBycA{}&p!<(^SPfu}Mx;@sOycT;J4RD%*rrLJqT_cnQmhcBpU-61A{IUBBX8PA@ z;yXpo^%SW}rhkwobT@yYR!YEWx{-E`sr9zKbS>TV-Cdc#eWn6XFvK6ZUog{uoF+&J zQaz3`MuPOQ@x8sv1dbSjk!ey&O!@H@JzDHuW7IYTcNL%KiplLl}#VAG%294ameWp?6?kkw-KTgx)CF`Cqp?eDkKs5x6kj-(v&9AZGwt*-?&gb`nxaFAyK4x4c^w`tXTf7L`h-`J?;v zWOpM&8QFtL0H>*r4Co;c8W1B85fC2`P94q?X@~oldl}pjW>~t|znP|mUrZCq71MN2 zlsiHhYYD&OwDXVM`QnAYS}I1$Y96U?87Y{J_~6dQKFQZn7Rids>My#qZ!y#u`*JsdshKkH5J)$0N3)gz70i;!0RlFhO-L|}`? zAC%fQFu!W=R4WKzP1kGuby_*r4OGv^6W|YW{S-I;-GvV9{S|ZoDULm)%$1oYM?#OC zvqaM82kp&jc>%2HhFd^GtKNL6y+$qDbmDn>!CWZvxIIVuSEzHy5zhTt;>x#3V4F?{ z3YreO;6Jn5zy;m$-Wva$|LrsXH@NskVIhY|kXAiB?(AxjzlU!|%dhSykUj%n-I1`8 z(Yv~#Z~k9d>2KdxsxkVHyBYg%vCoWlcdFKA6lIX&-JX`M(yFsHfr`j_8RQh#6opK0VDQ29AV0 z(p1{bCFW;*IXk%)>>^;fhu9p^ElfK{IZYXrGV!4`o9APFZ` zUmrjJAfmQj#(#Ol2#dY!Y3gZOuOU{^8d30c6&QN#`7-f;1J@K8LskFie>>N7_;^HH zA924@TEYt$ivZPBOQMT)g*6G>0H~%{I_(@5nQx9Q%#nudk}8$~Qoop{|ENuKcu2(^ zS7wQnm@BhQj$rJfoCLsHeb(Kq&Sz4lQ>Rm#4{RPyC9M})&~de>kJ?FIB8}IOAf!5A zRjZfU2fig9Eo1g}wfxiMy8|%wMIW}AlfkXyZEh59DC zx5zabFw}BP6WLA_BpnLaCcAwI)} zNkmN1Gw=N&h2X}713S8?s6Pb*E_w9Fw2u`C8uLE;+aIqqoHTv|7@7Q z+$PxkFI6(-d}0*Lc*1m&|39!zk_bdQqyxFkFG#IkR(K$+XT?%az;6JzX#xJ}5I*rW za{zdx_{WHZL?fjvhW0J``tlhN2T&7`4v^5YPz0sCqENKv;|mEdv~L;LE6uL$kY4-c zHl6);n{HgWO$$wxcGq^uAHmSRHDCW@_w?+qI8KpkIz_5-jcBJ%(#v)zL+8qELT{F6 z$sdAPEPDVk0QvPGo+5~j>{O7)0%RVky?@xISvxY}E4OK_?aFO(zkPxGGxjFL{Y~X; zIMV0<{}opoa)=;gyD2s!nOVe1)l=#H;r7#wv+!ZwTe)kTa$ur_3^4Eo70(1ep;>d4_<5E@SB(w@_Fo$_8ohuoHEz8FwEp&w9Qv|8vh{>i!ql zz~;dLB;p}*h6Tg}gaO0}Bzh)#WjA%Wm%b1lZ~dt^X}fd$)SJqJ$2$PMX^-?2>%Z)# zU!;>S$6tx~A_d1n?jODhkeq(%O$GsFtv~f9y;Dv=Z^E4mhNvQVj=26BOJ(!OK^FgN z3G!zZ6jYypElsOPJE%fRY(Se!N+n zS=<^BaSTu#aa?jNP<(Q{MqKU+|1Z921MGaIH{Axm`l&b7?diH-Z@i{|jqCk?^G$%{ z)D7^2#_Aw?SQPDbqGdQkh zZtIpzL*fr9YbIAb%^lxGYKLg|C&Eb?$!sEY+Ma`-57|ut!RaIVRu6eEd9M!8R1Z+^ zRIdGIUZ<6;Yd1^DO@pbYtUK@Iyz+)K3V%yZ*MCV) zT33=2d4}R;;b^8D@(9Ze_^a2M$VF!U*?^;Fr=#W*eFY#nAW0xaeZ|>FKu>@aW)=L1 zhB74&&F)@m-TWmvb^Vr{Fs>x0dEhXQyE{5hU_?XBl7H-;cKucEDROG3NL89W*wIq- zQXk3q{#$ao_Dgb7ypo(qXB95Lj~XZ>xjzp|7}$=*%5JOhLR6bzKSocz^XJc3c6ec16; z?uv|zP%!jIoBOt*uq!}1&Hr9FU-TNtAGZ~KK6p>!l;$D^zVqHsXnhU`cr(MlyC^N> z$oXAE4si#mnB&GA5iSd`{NzC#T>F~==DsH|BKufE5;dL>KVsJ6m)|!$x!)mb@>{W zo-GJQQU}JqED!^b4G=Go)4r2s#j(}IfkoyWWzuNEe>A5XqPKrxPV&DoC+sWCX=4uK zye1G{^4^ba{oma^CMa^rd&t#5k+J~uP98)Y3ulXf=hv<&mqUo<3#T`-M4S{KTAwVW2EH%_j1=VEHTj3*=NUkQ&h6 zuq%`C!_}{Ek~|lx9=2g0E@A7uy)lNr7UISZvYhrc`I@66HZ4zU`Z6N|GYj<-FF zvt5d_6^XO$h__XVxAls%)rzxCjjI7Y|MpB=9+kt%0uY^I-yJ^y^c3Y!xkJ7Qwx@Bn z`f;|0SM$CR1(-W(t!J%wt(O>R9EiUMsF%OD3<%N#0T`!bx-k>(HkF- zoZc98lr6aJ37t}2M4j^&_yr*k6hD0A5M+OagZQ(k72rU>y^MCPy+8i&$DJ9xN?lCIdQeD}#D-nDlxlD&~XY3XB3wZ()Vc&aHVkFU^2w>@6;Hl&o z>nD7)Stb&!rTDV_#Mb9<&rgEjm+$}BZKnAxI{moC7Z_m7K0%r++1< zE7<9$Px(`FdUFLkkw`mz8A`L3tfpO~TcabUCZ^VjFX`noA^*%Vk)#{L&LQ>-bJ~a& zv_{owQ~yMmhC7J97Ie^tI)B6ddhNCU#+)oN1py)Vx8!v7NJ|uiT=O;Leq&B4$C@2{ zpRlb_rdq2%aadzcwWBTs+KbmxAC>%<==87T^b2^UsuZ zZ$Y8Y(deQCvqwV;Uh&Aq12hJyy?Q24ZNpIG>h|Sn`+Xw1ByU+`p33 z73`$9_e*m6^(gccMHsNf==GMG@P8(sNZ(f4mEVI1MAsw3TJIcGw=n!oK~xJO3}`bR|3eOF8|L zoqkhJl#rjY(?~{hWj@!=hP>B#JK}el3*bGow<5`7aXrceai9z1|FvT*#H$&WY-9(O z2bDRWaOS`lxFi~{j(d10p>HNGfG65G8#AtRC+Za#5!}Rk-Kj_z1{V?figic*g~@HK zd$s;|pSEQU-1Dctm5&tyqvwr(apT?cTN6#|5|+g%62j!7?;+-T1$h{jgb%XRr;Jjy ziKpq*bo+{jimJv|U?OY6?|QKSbGoItsnmD8e?A)F#09<-HWO?6D(G?PNHA1J(Dwls z>&;#JI|?84@4Co+pg3MzBe&QuFT@&!V94@4~f`VwvZ@Fu{>h^m@_Ehov@a zW%cL8Z<`H$E*qzd#nZ>+=SGV;J2++;GtqZQUK?W(#J zMLurXjexty$i`EK$-Lymh;^*At)#4K&YZtibkEwgmuEy$pF{kPCDcDm`T8h)u-ph% zce_w2L)nB&xA4iC5%nQ1qAwfK$WU!r;C`psW={)n{$lG+QMd2+7aG&%SFlm> zGCt$XXI(mU)GBZH_{u$a7QQwxwRX%k1pX!fYnhR+Z;4(v(V0n}@La&J=7hBm|Cqd8 zHD)Y-{y?k#IM<5(NCfurnVCe^)60}qFSeJUT<4`XMSP=|gV?2!=H93AQ~FPsqA#sI zOw&7gq)U9Ws+I7Bz&bo0lIg;{eil$nc=m6105Mpq@g(P*^`2R~{>_n{{Kl#1;wiAojBh=c{wK-p6E%;Z{nl5} z%_SFR6vvbbr^HaP0++XrqdyF&y*`XD_p;YLT25ShmI{^o(3A*ZKaSkIhP8( zVCA&?XCZXaDLmh&esuO4G^w-qRHqmSwH)Xf!*z`ZFSMLi!CKCrF<8nRoypG*OTkM* zrKP*(Yqd+OT%tW5r#Voz%Qjj3hMZq793ad(nIHyYuqD_M!l0{S+E4&(ug%bX0*@@kuwWFw&CM_rey;(huF@NWr#}j#geG!vj73h1^PY05KOEPwj^SiRbtdQ zxM_g{aE&EJ~;4k=(y?{y=9uhY~gF840Yzgkx-9y z6bG)O){!SAE1i=)w^h13-56hCc7?=Zh92~YWuBsrHr(=}gdSBcE$fQUVXv!=))66; zdz+#hY`dC+JnuAwms54mDq)8t6NOfMlrfSB@1#(tkGfl#ekw&I>-s#_y(paC;c09R ztz=x?-MLmH2Q1d4n=)$U0)%wH`w}Dlyvt3pyYOJ7$B~^7)+7RfU6!O}yD)}J>vH$u zQ+kM>qpLb`kr+jhbXT2oAfl;q&XDk{?sr0U$Y`x)wRsDhr?nY2RP>pJ~{uy^N@!mk%5_c0th*3q{@ocl{|<#_gdZRlwU zAznk|G3D3mJZ?sFuYLF*K+GbD**e{Cqpm5P2S8absgKDpO2>PBf*fXZu%TFdIW*On z`W{ zN#y3(GMVvCOTgfAy`qY9b82#q=*{=5;4-^TiE(eX<$nl~qEm3GLev~v-GiF#Vr#29O=vXq3_CcpDMjodGnXKC!FCFZ9 zALk_~ABlL%H=5ZwB%BbTJfkLTVo;Z*m~IM@K#Q2Y7YL^woQfoYZ_ne1-(;LxGt1&^4~LVNA$1r4cC=FD{M$DbKLEPr<>lrb4PyBH{t)8@qM zAoG|^xF*Jp?b6QJSIjI;Xs<~e$9?t{Ry-dK zHR{C9X~sI+AXD$_Q&k@Z>_LN${vTz>gxyx7?v%6dmC#@u=i6D>FF14TZPg zxsgIdydfiKC+HDp#H%&vF!@Q8b6F!pu~OJ&r!day5q?KBCxi)F?Hh-Egr7eV?L(}7 zjF0=a_*@q6SusrZ{G;#UISuzc>hh?IR9NT|(M8Peh=EZQJWeEryfX!k2O2jRMn6hk zZoBMqG4bPG!w=q$gD(nT+t7|F;Fz>61QBiL{wO&-8Bu5N0KG3WqC7r_$4$r#=$wa> z3)d{6cc-7Wp51~Stbv%txoEZ9?HtzV;c`bX2uXKo;`&*%z-2O1}`++`0K6Y7OL{R8a zp!6Os^ay>&Rv(bDxOTaze{FRfZfO2SOVDY>s5{7O{ZT0ciq;xRm&3**2l0!tN=)=n z?w2v0YdClZ^aK%XXtEea8aQ|p_hcxjHL~Y#5|g;aU|PfoZD5u*?1|$I&re6-D#!#Z z5eIc*a|3_wiccqF#oaV%^}yw$Z}s7Fp<=Wn_lSN*9MMg(IK=pzbH zYxmO!nsMkjN!xpEizK|7JjUqZYx8Y*!2~949zBNK)M&Cj{!8E57SZtWV$ev%Gv)I zuvc4d1y#;hru3oa!$+`RRBSj28xJsuMtk^siTYr#qLzam;d=~>YQN#?{879C!~Y_j z+-Oz6|1zYu8z+{;Bp+vi_qGk>jsxEUIjytkJu$RtDccQXs z@Pe^w`LGxCQ;z#b2fq0cbKAq;oyYhm4A+E80Pxo04@C;y7#R7u-VNL+-a`|B%VGEULrI-Z)5@uj`6vCP+n@}BF=$}1Pc7}ZtK$(c zY!{mArFMnaE%sy*JE<`<0$D>P)Gb~l(zmI-B3eRGmQ6Hi)smyg`55LUxlLuRyy>5y zAzO5#q!V4XC$Lx}k)9g6bhZp^X5LnxJbHVEx1r*E^H0WViLQm7?(QrGdQKA+qX|A*M`1gCf@1(&j3>uOcl08gS zpsI~(2rZn`aLo!w(34QAh2`g1kUzrUXk z0RE034(Kg4`rRNBdTQTWaOh~z{aU?c;W2Bp^Jr`WSZ+ADZ$IkF*})q^C>t z=Z}cen0RsMsc&znep05x`LZ!866A`4vG^gQUA`gqJm!rFelwBfBfQV^ntcK>x=Q-~ z+BTIm*e_!=Z;=njpa%Eq4w}4c)rE!Vi>(EqvKW%&1c_lGP6);${R^5nuxj4dqTvbX~>pH}a5(HQq2 zkH%g{(;n1uo#n^g#5-cDD2sOS=s&NvDZlvN%z5s`e?$$XI!0eNAX$>wd~}Y#iA%<~ zdcC9bf&1GW97@J_&<=W$7jH@M%bARo$-kJ*zleKv-=xij9ZK5K$&ESZux{-=pT?_T zbkOroOkrA#gpo>SR27{fyl^3ZjCE3s))l8pd@vhS`}6z{@DTMNehP}fET_Sdl?hs+ z-EVc`zT|pAAroLlDH|XEDrpQkG=N+oWbTQO_*`l)%7hHX z^v_EMb+LC%46dw<1QA6l2`+Gc0sjVIzXlH-MIl525BP8Cw&`rUhCkfWg*nK!~QXUN_sqV3L)iOeS0^~ zpIyLGO2(4&n25k+>y|@R6al|UawLH=Oh&eZg5^sWUENw&vv&?XjVmF>>d`44-P!ho zI2g(K%xi3xo7nj|D#{Ep7Ns6x6s}kp&pDZk>(B|M<6Jg&smSO> z#KSN<^W-QzjS1%1jO~CP+Lz>v(@u zOdA|;)Bhc8h=F{F?{AFr1$kdXLA99W(7#&Z1F9umRV}We)!a8!i!q{FVqiFlfmvP6 zcCY3$OtpB%R!aiXS5-?E+*emi3Nqll2K%SPHq!47bTfVLs}^~X7-SxEuEDjL{NnpoV`mpQlH2Z-^g~ z%g9|$JVM`9#8y-1EXIK}B!5IMxX;EuhZ<|hUrRn@&qps}97wNY9_z`6#AU=b5W9-L z5Wjjf=R{)HllL=f-^3Uj@j>zymgQFZ+{RqDQ~%O25{CrHjbk`Rj*;ZnG3*Cp#PuMm z_|+ImKTQ0QG2(#~q#*;bN3p^A7&TJpgztHB zAn^iYzexXAs15Ez#!A*TR#Gwa;<4f$StG9M8jk52?gMMYb7+lZkF1g8QM9MjNMdS@ zq>iqUOdahRHEbW^;4;XmC+Af9LJX3Sf($rL!)~pS_%ix|v4%D{&Se}(ttIa~+80po zLTX%sg0YS~FfJty&h?CO8MQ#-_H zE9ATiuaW;2^LUqd**HE^jgu5OdXD3B)i}w5v-dbj_8DjW|HdbB|Kst!-q!bg%s0D! zpQz(|MSbNv{d;{s)bZVUsW4#Hfz&oA3b@(bjqF$cw27E*DP0sUWR6Tra z^L&o-sq!OyoAP`fd^h0xD$lnG->3Md?e6sLz&ANNMHc1xzQ8vRUm(vnrDCcynyFF&%5?p)y=+G+ncl|wLYpf ztu>?dL#@Ssvvq*h(OTVFPtv+f>l&?BYrS3TLt1xeeM9S4S{+~5I#%m6ttV;?XuVkL zby{!NdcW4+YJEj(R%`L!ZLQLJsMcv(=V?7n>k6&sYrR(My;^^(HKX;bT>UR?JyPp@ zt!HQrYW=a+by_!Sy;tiFt?z05RBQ1+Y#pw3qSoWJo~AXR^~YM*Y2BoCi`FN#?$Y{! z)=#xoer2mu>qMHttV)TrQX#HGk?x(Q8wg+e(t#zW-d0JbwuF<+)YeMU0ty{Ei)B23o=e53}b+^{6 z)-Sad7TQ{_wV&21t)sLas&%r~Xw2x% z6?L8WCT-uVHKlcj)>pLd*7|v_f3e;^#a-(S()PhxCwGfa)AsS*{HJKUMQc>+`C4z( zdau@$))%$z()x+k!V+5tYdu)&(OTzeZPXgpx~8P-ysp*uZCdZw`i$0$)=#t+mrm6$ zKiAt+>jbTCt@E{>rZuc}z1ADG-mW#N^--q4!kXl>NGOzR4*F|8MBy+Uh3>*lhl`|tbq-}mjm@7sUhxBtFx|9#*7`@a46ef#hG z{ukc&4U_40;nimJIA3s~H`p9%lYUa?3rFh$p@^?O8VdV3mMzcBV0)WVe~Z7#8}&uz z1nscfip~oAe0kBjP%!FS6;6NoXp+KuIU{0D?AM~1$)=*TP!)N#c zK2}oLA7yO?>U~X7e<&!^3ud&N0c-u~xgK9IQ$3!dd!pQ2FpD)X%O8$JPYeax+k8vZ z8D9D3v(|I2`z()bS!+PH7t9KU+q}^ed=a&#={2~JEx^`_gjl*zGh2Ijo~OQv%^IBE z-qPX=&k44K)cIUR+rwd2l@Sg#QAnod`RwJN!x}hFd1v?|%hj$?Z+e@2GgmF)d~fXw zEBxV5u#Nl^y=M4_g}#V-g2xNWt5!>Gb8}d&8u^Fv)JL0hGp;OBwzXSZE7Z|xTXXK$ z)vk?nEX`yUS>$h8UKeT)vKJlE#XfSf$oFhdo9~oRFn@iCoS-81j*#bHBI}Cg1pUzk zLA7msO{{X&l*=uz-y2}1cHi}`+;@!izqM#iMDG=$@GSQK_OQ=jMX;geqoR2}?~1(& zO21-`suTUbl?z(bvT~)eSM{Wc*8VMnJM8(^8RbCi71rjN$$?j0d;%-pKYg`2)Ry?0 zeRZwguq-Jye7@ys^EDfOw*A`TAGG_zs|{b+T6h-HT4}zpoVQnm-Sy0NU$AMlY%X5N zzHCiOw$l#yyb=3=7kMgY?{((+xOibSaH2mPZTAKi2Ul_gay2fg?>MIFqTztOH-x1s z&u<@nhbzy_V6$EsGDF#_X@smN)o?|~d91x+fwJs!UAFil<%6MbQORW$q6JWlXNmdi&a_A_|+JAzLwAIEIAM6cZ1 zKp@m4^4FZL&NK3P&SExEb}{bkavp0#i+o$M#Osf89<+8GGvHg$xQs;RT~Mkc^_=5# zekuGeFKeXC@^|cGoD;^E=61kEp^m+hJBuak@;<$lmq@K`+nZPBGzS-jY9md4zk1e) zWi1Z+o2-3dl&E8k1Erk~tLNk%R8*^;bkVTX7j0@)?*;a9HB|4WZEFliLo1u)Bw7*G zil|Q`ktp7PNP}(##ACPG1LDoK0_uH_E1PJyHA;Y1M77i_;-sO$Y-sS==WF%k63bqh zbMz6WfuWwm(a^%K-l7g!buQ{@+fCMGM=EVA$N@~SA66vlwekkiW&$SXWEmn2Y|-VU z2CSuT&`IN@p*@%vnQPhp;Br|Y4Q& z+FRQ}YyNDFM&D9SG}d9O&T|JyLz8cnKdRPF11q7$zm#)2cVV1XR_YO|@*^ub1hjuR z{xGwQHgJ!|*0bx3$ayWZTGUj6+*ynfJ7Kak_&Y8!xq*D0cMKv&cFC{?>=Hl9j&r!Q z$t-(K=`m*8mOr?HzReBX1**GAU$}GoEEaELC>-VUygl1yiLe)W1L_T|ta_h)HdV)k zS1pA<)X4rDY|0%OO`$ex=i*ql>=xT9QfoQd><`%q!G;wrW|-C7Vr`vnk(D}RZ>uh` zhz`}LBZw=UpQGb2>s-(finO%qbNe)oqg?d+(qQe6tOx5%e7v;=>{-p1hNv$PP-!e( zi#}Fcq{SC%QEzo^(M#JZEiGK!TGiWKTNo=ML20q7n$lvnN1NnKOCu6hM-ro~P-K3po1h>*hu3cw5of-XiOzJ!t30 zr9oG?yrY%SOSy?HAMr+`T)V|OS+LQ6(b0OCJzxPf25uJy0AoOt!nl!Rr^A_I>%B;z1f!Il&PurW~$><9mQu`Ep-&1W3?h?P-3cO z^*C3xf+}&X-6HXP)iN8y%UNP|WYa+|5l+&fm5jVWorkS@*Ql0N`Qr`fxjQ($XUJt3)~A0yZHRCsvn=+=iE3$sOSw*2 z9_xz3*+hS4P;W`j^K(8>*ZipMQ^!fO+A1B^3UxygX;3ToT-&S89Bdh@%|^E8a|bcU@2b9*&MId{g&*~9)BBmBDsZ?ceFPWu%;tf+inl) zgimeTn!UBUtR)yBOX_RuxGN2^1BlbM*x#+swVYp--T6UReXhr&KGx6oMOTKx%Pn_A zJr7Iyl~K<$C08)fuV7yi-}Np-9v^P&O;e^!dV;^-E=` zdX{x>&I+kf?~~SOC>W3}mPX`3@dw%7CWib<{A!iynLH%w60DBvhb0&dwFYFHr4f0A zGhovS^|nT(E#Xj`dV5(!Z;cc!wOo%|8fE6&)p@dG22V(&wLQuK7F6$%(SxafbIMGS z#wPWzJrkPMJ>O{T@1kzu$;P5d6Ro5v*mI28^Nd(hZwy%5`L`p36L)I)2=bAK|PUELoVA2@vc;p1Ia&JE=J zGxn~r!iVNn5lNDlqg#I7y;#>iPm=q8L$`YB>K(B@e0D7-JIUP_-Dh|Qqg!r!)F1FiS9cwB9eIky^)nad z&K3#me+5hC&8RhW(Jk2j$tp`o<1yVd+Ya?1-D&-SPT_v7kv&bk+_0)0K z1NMVipYJd7u6k(b?%tMmkAI44mNWPu^p%_Z1t|QwCjFDvnhpQqfv0rMvQCDz{PFWyMlrvn{8+Ab_w}7W)_2v)?Gw56nxDU~M~-*jpL!Nc z&w^p1DqD3I>NzUyKA-N}U}0`a)xVL6^}AR~)$e0n{^TfG_Ee|+xN1Lb+v<0=usj)rswv;?-+BV z9y7n4e+*TYN#({Kt};)lSz;8Y3e&mcVc_1!LvDHV$H;H*>zvW$I2*Zl-QGpgyP!v* zb=>5&)p}RIi}m`L8aa7vO^4lfNR4CgRv`XhWWMAip?^+)!U+oW# z|A)OZ0c+xF_xKyKlaK^dKtYXw1Q#G$RJd-@;*JtU`{AC77U~+ct$wb!)32?jVwIv+ z>Pn?n+^Zr+t97ZgXsuhR#I@F9rLERozxQQMDw&&rQF`xp@6&mn-}8UZnKS=$X6DS9 znUHXt^auNRw6NURS$^B{~)mqy>Mq5rY2 zje$T(3<&-{H2?1x`|m$(7ViJfo8RH|^vhvo>enUA;rFAX$7sioA6a$v7qNN)G_C+(*Zx?XwW?HzFQ($T1Hco9UU)F@%PRUfmv}}$S9P2|^TFcZJ z+Z&7ty}`zOtW2N&7?ew!c5vEpt7E%iJ(rf-f0rBR!L_?Kr=}=Q3!8CjW2$Mvsex%K zQ!CR#rV!2in96zerLz1&riLz@<}x*O<20)Wt2drgO9E?OB5PM)$NEzHbLzwDv(Iy5 z9>C>m2QojCOz<2Zet z)n~8Mn99mC&6>m7H<#5n&vE~3Z?kgmGT-?u-{M%GaUrLpT-0a$;IFA~?Emooz2%}l zOXgowUo+nIxMYK4+9DBh{YA=YY9OcP+MH_YvV5)3t^TU5$CY2ptFJVO%Qppcn$agC{3Wt7F+Ka7!m9>8;r?wQw`m`fix%Iw| z$2*5hYl0pBPl)joF5kkm(4G$E${E5O%ct_vdghzez%gIjkV~5ysd&#xzE1n6Ib7wu z-$tk^?9Ucfe{PO%h2@M3x%I|KM?Xts#r|1Mxb?YBIn_onZSJ_8iKWf0o#+3#pKTq} z*0!qWx?W|r=t}?JOZoDKpB?Mr*J)XxcDx>w^kwPJOeZq^^Eacs^yfplv}_osiA=MZ z-eubPHBK{_USk@a%xPM(-s$m>jo|W)Of#6;n1+qy)XemArZ9@t%hba33{&lBPE(lX zj&@#u>KHCRi>Z~VjVYL!A5#NU6Vp_tSxl`=ZA@V-+kUL``m^V-b~BaDWyg(a3eyax zhvz!_STeo2b}i-9_7SJBf>Zs+oLbj;KYea%F97pe&gbQ9-u-{2&wuYvDgl`G>Yr|} z5I{0ZQ-9Qoo))#T>oGN*UAK$a__V0v>lhZZa!j>M_4f3qEX~x+)XG$|fl~w1RHjy@ zn$I{jG0kFXW2)WA)-%mw>cMNKHP6L29Bc9I<=2Okh z{fgrG1lu?tm7DG1PuM6);>trDXAo9M=#kcwj?_XLM zJ~iF+31L2dmH3Qd`=xf_(~9}dqJO7 zRpj$2^YO35N5J}r#)Xgar3i=j5BvINZu$W85mn;js=roty~nuebCCJ?zMxML^U=JZ z&kg2N?*)Bs9}9PSeYxu+DscXu=dMq!f~skcI>PyN;jWK=g!AjdU7uD}bbOjTV|zvq zulRkrtBd2)i|3Fn-Tw!;>9Z}u z`TGUmCojVJ_+nqaW$XFRS%Y{!-@7;;_N9ca=idj0xcOXnKcZ@$dplRrb7ou>`8=+o z{pwvs?eU1Ln)XPl$j7sadqZMLBX_eo~uYP;}p^|`5z=QD@- z)N%8DCyeK_x{~&|I?fH;^l3dQ+-d*e`*a^t@#h;~WIMnAH|F^qFMhtyGsAg4`y-t{ zXWN%^Y<)A{dj1Ro8huoSpC4{^@p*Vho=BsXa z8TEXBx9ZP-4%bIL*ZpfS&u3aCKJ(dn{qrc<#YYa37?S1mZ z+V<(OR=KgB-fu==-6`OFeb(TZXZfCj^~v;de-EaAsS1>1Mea@q-f=ItOgHZ4zR%E` zY2t3j?>7u!>0wMqGo8S6GSlh1qpRfmPa1EZYSnA_`uW>CcCCQG+I8x>-k`Ge|J#d( ze%k@COcg_O2|PqVsQ*N=F-}D-!~r1}W6~Rl72{G=uj&9c+7>m0zU-%tq3>YB zw}=d58*0~W0#IUXMBRl1Vr)e{k2Iz-sJD?QjA6R~B9Lf|^{B%T1IA|5wMb`-b5XA% zMv8w>!F41N<5JXqG#5L@G%x#fWF*EkKl?1ijIjlEFY*Sp0kvJR3Z_uoP!o_e+7>m@ zrh<1VMomIiQyWmvBH7et)bM^7-#75~!2={0W3R?K=!aM_eiWgDh$cE5BV(X7YDse)*f8D@ zql5ha(!n*13sA4N*TG$kSI6q$Rwo_Es>hVgr{~{Ahhu0=*<5*HGZBnw&b)bu0b`mw zPdQ5moiV04^jaXjF{Zin@@MNH5o4ND?+RkZnC8aIN8X@()PCD_Fa=}%H#(3P>R>kc zp!Py67}MN$-Hz)ZgX%@yf~=-(QU7^D2cKe0bKO=%;#FWjQ_sUrvh%lx(^v0aSea4vP(wq4`?mNa7)Xhi~#x%d)<{}+L zQ;d2a>5MVWwzGG}dRbIt?r+n0h$Qu~b+s{!C@+cnunaBdQpY)Ft|pZsN<0m+84@0ZedJw{CTUw;4W>8nyn54 zjc-iZoPU8eu?~#Q#nCVpDN)D#N8SEK?46t5PdoMKLw_%_irD+}f6}_Ym%nCFtGtv7 zPq|Dg5sQQ#g0lBVNxAn({xkDDUcOMRkV-sMo^r9kODPk9S|;{TDMSJZFBPAC#fq*z>0wr^6QQsUv|DNxD9YMIFKZ=bw<<9}CE=;T@{zleEh2`??>rDaZz zpMbY`@D>qok?|Hh{6du{?jfE4+W#cpQrY=W70A5Q60ypIdVx?XN|h?q5>Jspj^|OS z@)GjT2bdf7%ec0AzieVqFNh`XhEH3H2v6btt5Ko;}~5SH3LemG57)Ify;gBDqQ^^YV}?1ri0wJrp7@iCQM` z6e`6kDd2@55~vh-IMsALZ2x8X#+~oasyk!qlGG<9wRS$fmtVWz>PrSG%xb>v)`b1->MRe-x&C_5VEE2Br|!}C%n##^1kO!3C4{aI zx39a=-}~^)sA*&Br=NvWN9rC86n;0?82@2h=A49UlZ)cTi<_*RSAC0i_`N{|uor(uJBTI-H@Jdb@=+xxt~5=@%cM2xVJ*o->9zDp@(;!c3o@0FtO?C ztV?qj{rdi`aefng;MCmA1YzKuBXJ+b8|!{|6uO))dE2k0b=aB*n?GtiXdJBEbhY@{ zKc>dSHcYFwbo6cb>dTNj_b;~k_U8E-Uj9uQK>MwW7Y+?76rKDn_m7UDCP?mEur_1S zz7gyDG;O1N@;els3|+kNw~o1gY#k~xwZ{kX^-l`c_E9!%(>G(p@5zh6aBo_|^?B98 z+blY{bJY4nP&+nV{mN;dW%Cc7={uv_QFq7BFO!ni5O=3cnN9pMVZw*RACo7)M?CrM zH!tGUh!J~;^JB(rBHllEus31S>y3nmKp-T(PEP)Wc%@OJsl<U4y7P+F=W+HKfS zLTovCGMN~>a^)kU!^Vx*iQr|+_7VxJSKlEnj~lm`SZcNQC*It#V?S}>(W5}3b$a?| zL|ka-aAIWh=KY9iZQHgZZr{1%LCiXKES^Y-iW)%lT(jmDas0}aDB|9)zsiVl0Y=9QKKy(6N!|>2Zs*zB02^K4rQ@9!T*v{=0OW5QD`Ruhq# zncE1JR4OMze0-V{0ja4=iQGEEiTA$xsw0t{pMRDZ7ZcNsSk$%ac_Je&?j(_$n0Sqt^UXJ1iQR>T zBZz}HZ#E?2*RQ`q+<5T7mzewV%Lj?f?%huluf6nAAHsXioJGXHI&}Dk`03s~4I%RI zkPwfjPoF_#8I7gH#8$0hiTW#6>>|2lXI~;#_U!pPF>uwY$3&{ZU?s#07W|87yKvzK zqTcf5d4xGSx-;?X?b{+EDKD>>n6Q2OK4Rm!b8iyu>(xslv>J_`xboylE#lGdzpIG7 zCr*qaW)u{}5&lYLbt1G{wPwT@B_)wW{@}qEh-OQctR&K6V~-ILett1T`hf%gAo{FZ z_Z#tW+O(O(q}HuF5r>Bk{gl`>aNv(b)0#CK5m(2L|A4TXOj$(D88b47kK*Hx6RV1f zrW3J2L9Y?L8#bIqw6s`q2t``jEaKgNvv)0UQjXvM-R(A|%ODw4Mv5u5rrj=6lIbFo zOGdhkBvZOfbQzUQ2_w{WktxaKlG*#a_dysbMv{?al$h=l$w)E?gXI5w&-1+R&TiX< zAO3!ypY{2c-F9c*_dMr0=X<{AJn#1Fw*h$j(4n@#9l_uhz|gd551?@O?is-95hFeU znw@r93!rSrj_JUTSnM)jbY|udU|RR?1AwLt8ngtK^zXj|Xjr#y1HjU{^#mX|eE2@# z*|lqL0oH8UG70EYTKYAxZq%p(pxffbGSKny$Mb+K`}TDOzMU~+0kHM+&ohAq;cy>d zQrE6G0ox}|d>Kf4S_pJ_>ZzB29xYq80?wK{cM0&$7hmXsxtlii2Z{#|{td7i z3@#vl&z_k;t%VC81#ZgDP6GAk&2t0iHfnS>Fy{5ww*w#V-`^28eE8hdC8b=S>N{{Oe;Eb-Ciljh*s8`{vGQ$Fpj`ec_wBWp$pc zcZU0uFE4)nuKEwQKli*z!~6p;`{;$XpI-XVjUPx~>5n{j^X>1x*6r$RZSP0EF8-y@ zby*Kz`BVD+)*jEwH{_ZhUGj|S`_(UPzd-xjcbng9c;>-dpXht`y2AS|AAQR?Q|%92 zzq3_4uczOkVAI_rPTLX7?B1Y%-PXg`ZYdqL`0;%+J`Z=D_{i1)MH7Y`J}_oxxn`BC zO-A#AmFwfXrk#Jyng#QnJzpGasr5tSk)4OWGUtsJEA}RRr;p#ZXz5ce=YFwiuwl=_ z?0Jn|-{0HOYk7wzfkCe}`}h9;z5oB^`&VYHYm53`D`tbtyva#(`Cah;;^V0JI8S`s zaJbM4+}CT&jlj8Q=e-GZzj(wl;IfiC-UZHo=E`q?(w}W5z%`%NdJNDTe;y2!O`rG! z;Mq8RG4Or*wQYdwKl}Iy@K(EbKL#%9+}91fI4bv1VE1#w`U7oNoi`4+@<3xBaLduq zUf|73?@9+AxHfSH@JPQWa)CRx{InjZ_2{ji17|IH`f=d(i8H?h9v^tqcHqO;9_#?v zrd_ZF=pP&37FhI7xG!+m+IhDFhZoIo0n2SY?*J}-<<4EeYkRMM2}pR#&IaDmmyQMQ z-PC<0aNC}%b--umcAO17aYL3J7lIdPn&~z|jZ%&4HgZmn;RG7KaUZ z^vYk)0haEbFc%njPx57;Wa^d+fhpIde*%1Z{-Z;Iv4cz60ndMFs0Up7;@VokoVV_I z64=sJlMfgTbH4>Hd_DhpAidV@tAMYX%^nWSf4})9K;ev)OMvg{eVYIVjQ=DX7_dfDp3FQ6oYfGR@hi(@G4Vr8l z4LF7uTmU?E^Pmra)?G5X0}UIDdk%PP=;uv%(){X%{^U44?A-YM}4f%iaQR{^h<-z=A$)rvvX^xPB+_ z(pN_uKycqTw*en_+_?ehecQuY;LImlnSqDapRNZUzPk0jz~)ykPXgsXWu6Ya-8Oq7 z&|<}<*8n@8H+}~+nltbqaQ7RZMu1CRXf^>Ta=x-0IDM(*XW*(YMz;dwBMa97{=^mM z0z>X?9|c-vdA|nc_8;&zu+8+r8^FR1IY$BCho^M`3ci2feIS44ZUeCWI0K*(j5j4KKXJQ@Zj}N z%E11|CyfD$f7^c_aKY;LHNe+r#rFfNK7VQ(aP{Oan}7q)*8dP_8<_PG&@u1%3ZUH; z7j^{J=Pxw^opZ*9fN29(cLk2j-cSIoW1ym zOM&Uvee?*>=j*_Az{cY11_Aq))!qZF_~6A)fopH~oCmzo{`?@&Z_Ew%1J8^&P#Z{F z*!dRV=eg6S0>7NrD+738T#I4Ak{z1|0$*r{WC0UDy6Q~e$&W`a1iEH7oC(~NY`O^e z^2{FdfK5dg9|B$;`A%nGZ}ZQ-0%l(ITo2&s&3kSF27f#C3P9I%(+pth+g)D=Zv64R z1Hi4n7T*l)xqNa{z}0uh9AHDmcMkxsIM($9OszY$2iE4AZv~pQcykJ{`ja*d0Yi`e z3xMAmJ>CoGCa2vAXd1q-8;Gvl_cSni$QxeZo_8M_32e=L$q85{44(!>fXq#y&gwU`@R4U8 z@qgqQe00MVP14_}SW_$Q%=ve8UwnG6>&NXp@Wi+8Z%VA( zKXqB@v{s*&b$_<=kJoUJoVo0_}m%Vn=W=Ayw!fg{YB@zcy*%=pUr&sv3H*S+8?{@y7G442f|;z z+T+0+mybOAlG^vJy8EMx_Kt6Q+u#ct-g`V=q{RP!?enjF{*uDco85P|*)+S`y36Wzw_Gv5=f)n5FSmAC()Gj6%{tjSK55*U*)q%C zI;YLPi!Zv!aba<*gZhjMob8^!!*0`zIuAYX`Aly z-Z$|6ruTj{%Qs_~tNF~`_xLA_n%H{s{z>v3x8L60acF#C)Rfygjr_qL95ZutkFiI` zg)Hg)`(88W>hSdq23&jXqU$34&bVsOmCO1@d!1_@-g`x#*q~N}M-MF+62GzCzzNp! z8xq4ZZ=QD3OSa@K-G|Q_@!GA@-nFrZKI!+VX8(rI7k)NipZ4p`hn5~3@|7;W{fno+ z9C1MZ>nBI@j*k7!@biIRN`IP^G=BH(w<{CVzcC&D`TNyB-uHuf+wADN?R9rpcF*6l zaaZG=){mEb^x=oiw%Q_3ez0>(%gy$;a@Orzf6?2HwZ(59d?O>|eE0bchr?aoacx}n z-jVlvZgMZ~?XA6J{bQbGS3lA4@l8v;&kkJC^y!bD@%e@=Z~oNoC;g9%TG)Eg{zv8c zw=ZZv?~o_(;FQ^&+&?@Jd}!vwJ?0*r6DmrV`xehB370phxVCIjX{7LsfAu zJ^ReXfX}C~_a8++kLNwqOL@H^4D|a;)z>kx@8~FXW`7##^LA1l_Wii;Y4p95*lSHl zxg+KM@X=kW&%XD1y1H>>Ief43UXzabnGA7_e64YxR`&JD(rEVYx3Tw2wcDxQUnbpO z)z_(hm(}la4*M)kx|V&{IJ#o2o|CN`zYnaERKwTwl7W4-E&IDKt@C*H^SG`X$x@Tp z72#dS(MtDV*HZaCX7=+V+10zmO7|2`;jl}s={m-Z}gk} zR=?fv^t=6DzuzD5hx`$L%%AW}+1hM~vJI|Zv&kN**@*;V$yhNUqug%xz8}rTi)_i-uGvA%>&G+XA@ zUnP%SXrV>D%Y0l%Z=scaw}VLXStiLxu4cN!d5&{ zE>&nN^cBVmbA`3SUg4~8S9mL`_<`9Vtv;b|84FF!dKP9s8?#!N*)7T}7cbNo8JJy6 z%rX{c8ymBZgW1Q$EaYJ}@-ZvP%u3;+D6>+sNW-jTA}cwVjXcFZvQn@(Om<2ZYfB8w zMwSvAvyrRBLsklsm7*naW+hFjj#2^U1kdy)kj@*e})02XkN z4|xiG(2LCb$+u4})oHf`l&MXK|(=jU=g&plFmXuR$nGn|03wy%v9L%O}vZ_qJ7cPyG z_a#d; znBrC3pQMPT%QjHVvSiyRYPqsK6u0E;AVscdcAR3DCPzon%amiG_~poPQ3Uhl$P~lE zIZ=vY$s7&EF+;A2BAG4ML9xt}>!WBE%negKi{~aOqUrJs6w@quHi~MlJP*Y+IWI_& zEy_F=u}#A~7SYYbJQnfI!8{fb&c{3!F)qwJ7Evyluc0_+U>=J|XJa0VSm$9Li)a^Q z9*cMvXC8})r(+&#q+M&HsOMrHi?}B)51I!QPagd7I9N%9*f8sWgd&zsVSHIEDy36QW^7(&00#PNzEh2 zW{4B-x2n7C~%JNAX-?m*8Sh*Ol1ay7YD@;L{2otym5N1hiT-wTuX#mN7Xt_!+0mDe2*R^ovH(_bkX_tl8K1CCl5CB%3rBb2;)k5I9$znIfKOVisce9Mo?;o+qz^q^;e?}DY zSHwm1$&iB3G}u1&ibxYq@d0>%UX3&kiZMQ_LLw}>B(t?S2Fl^6L2Q)8QHOZg&Iq$A zglBLqi{>U4&D|_x2Uxa_u}oc=r)_N4c-UG5*)EB*ysTrZU}5%;Q2vcm29`v&l?$Ru z%+zMEY80^uQBy~8(@2riLb20M(bL6ZlSGlyN>S25*De_|Bna+^oDLQ@-6?k!$_`U? z6{ox76_!ENSh&C6U#TGIW=J;nSLI#{9(T8KTbsz*$~8NyT%*jcGL{pkn4Uo~OGoU) zNc_Y?3XVA0Y zY%C{(f4Oo`rDEiq*d#cyqa;i`G)7D`srshm%^*Lnw2qlLq2f<2@+dGve-3zFf|#C$ zxSpQ82!4=3;@k0m609;vyb^wiY@yB75wA27v$PPmRPGM^(n}0eCXN{*mKn{h`Tb3K zQXqq7+J4W^fTJRFU{6a4?jzi9Q#?g@WHiMmH8tE1JVMEWmG=cv@>22vRAS(?*i}*i zJQx3Fr04vbDdu^I`|@4KJ<3i@S0;{|pe#-gz#$FPChR2Hjgp;lI9-YzE3F7?Ail8%us8`A(&sD>J_o;C{e!E;xlzl9?YMA7Jlc-}#9jg~>PJm+(pW2fPFO zi>pxB5!emb2`o3p{;-nzxNI$TUdf+1MKqloNO1goDR0AF#9aO=fdI?kQ zg1SpbRTuY27gby``D2uPQA4$siM-H39_XVgD@-+(hUyd(RVfatQG8gZh>AC=Fv}E*A0Q#d>xfUiSVHdsioWuUM&$F-Z^e=VY0Yy^5cdT~$2b3Y5QCJq}x{H z5X}f^6H^Upcub8SCVIq-;be@5$tPRc8t$+EYhG7Zo1feYM2LWGVMlI#B z^`*nY99_)`9<%ND=XnKeTFd5fHHxon!e42azLIiR6JqWG((V214(8`wN|!!!kkgFZ zaG8>~Q&0x!aFio0xprE^&aRAKy|lw+_X%`1b}WIKllL(>I-sP4u`^ST8oE$#bM)g1 zd2pTBzz0T^gEIO!Unk()4Ni#wyGFg`||d^f)D_EAf@kka$9cgepVG*B~&R8+-Q{ z6{qXMm~mkdO*1wX;`&c&JjUh1U@`fGYI-bZqSq}yT}j1QYV;qnTekvTWfyY|3QqTwsu=P* zvZ6u*S;T!CG#grzOl4Lrl0g;Y?9hR8mDZBLNMkmztXRHeY4GbO8zm$8Ek&NnDpQp^ z78Zez9xaO$&Tyja26;HFMky_whC9i4P1WWurks!VBG*sK9Tp3);}!fHc|{eIj0JHi z!jVA1vBZ}>-5B{pyr!xa5Q=qV3Ikt^xT~>m)dZ9#0ClcPw@mTYM4&1e!5@dlq3kdd z=Xa7*B|UYANvbFLGOJ<{!(Wv@SI-uJ_QbjSIkwB}#HYtR8mi1$+9s>b4fly7=8x9l-h$3Z)j8gTU4`BJVg z3ROiB*|XAj`9%j{&5~%Fc!E*!yTGEX(Xj9;b!?YQCfr4iXaf@LH{m$lun<39nI5&4 z>xPP>PxM?-RdZrJFE~$t);q`vOm*N#oO1~0y-UK!FBI{RSkYG$P79MX?|K@kCxDyq*Y|i}EkIl47uburBoSgOtq*G@#ZlT)4 z52oU!ZCT}6mY57hzxG~tph&)U;k(@E02$w+P%8%>#YidovG8(a$NPoq3pRSX==fv}F;xU#ml25c zuRcV^pGtW2m*^M-0I?TAf$_Hr{b&fbhKfwnUy0>(^f_|~x0ujKG1dT9*1SWY&H^(C z3y{@sXrr83*G6CFzZ6n?FPyuEYG)Z}qU!_Oe$PYe}qlG@XO`VJ_L=2jD`${42Jv+=?m!z>H1L5=5=_xzJ|I_sScsF9R#aCJ0}bVB-WR+%?*Lffqu z9k??2FQl)PO4#d(%XRES4%xlN{2TJ-%;#cc?LEWTMX_->{s7V&`z<++JPtjP-cu2b zWSuSL;FQ^+eY>O5`)qI?htvtV6k%-_I*sNF*zt4ua)u5DZL(4C^XEbv{*rQ0O7&@Vp%by5pb;y*&P=S7rKEvD(hU0yGMeJ0`sldWX zla`V_LB}jNaqNplcF99SHm%b7;?#X@4z=WNi}bXea<$VAnyeauF)&X1{;O#Mn%OQXM0H(U=#~4olL^f~q(pRJzRz z<=-2ldIEw;VHgB|W>R&Q^sS+?cH~mI$ql}`fuv_Uq9lCyMAY9Z*4(frQ}J)A=Dk<8 zy49ph09p{rk+|O!vz3kLv-ss0zZ70;3$m>)_)dWds3^*tbiyX-ExFQs^~Nnb9g3%} zOO>um^JQi8{>clbC3{m-DJ?Rv2e&Cy%1&#fU1wvd+a+_z^TpOqY9b2ECpj-MQ2r>F z+D&C{Stp&!V=_sgg%BVl=f(ivFQU5rkA4f z9i=njIjsR=x&v;fB90A~u(BCB%DIU@qMyKoFP0##M#lEq;dx;b%yQZK&dlyXg?5=Z zF{2Bq^AY9%7*$2MK1bdp|HgawRj(D*@}#oM zvkBiS;+KlJD+%??F7>j~S@3LNR!G|DO@~4D50~H~%P}9`pwuJHZ`Q?`-`t|+@6p+I z5cBOY{0JLNgyw6Ef1{l)GkYqBo-s)VH6WcASD+#A(K)EL5}u;b?oX_Ds~={e7jA%N z3bVzDBM4BcJgb;g>q~9EWZr1_!oEg!BnitS{;df1ZiCCiBpJV>TRtZ%Bf+eRo9($i ztbOcYmh=if$3maLbfvM4z8=C}rS$3s(<%%7_6mi{Ili0FhdEj}xDpiBC4+4$A+eUz z`+{^gKG{v0Mk!EWTl+;#w%epnoJ`i@h9~z}6`c=Uig{3FcdUan1icWHDGA%&gxR&5 zkA(@u@17&qZeqMvg znY-c=Z4ecHR&vQk!<=@!q1Wn-TRvyjgewe<4)!K3WR%U&ywPDP*vdGYyxMc#kjgPk z<7QZ_jyYdqP|Ak6VH&MfHPuL?U#!U3ExqTtqiVs+(#Tv$fpjl?xK>Jy7}hZ(!aO6~ zi_P!*)7_D*^O)LEzTgtrCP?L~`yyhwO(32+b4G?Ct{#{VK@3SCmZ@}3Rbj!V3cF8fTkHX!2PA;3 z!dW4@56@HW>7T1GQn@LP7R@6qnP3!M1fC*)EsmB3L!&?t-rSUG9s`O7M8i<1A$%AR zaq9b8r+zr`F<5I97?5#nN%+n+SUH;T6Y(Oy5H^x@t%)qTCD+9crs>?S6Fm}Mr{!F` z3=~v}lz78x@cPF^%0<`Z(9U5fH#TNsp}z<6{Ij$rCA-^DP>yqIu)?6tz|cvKs;zG7 zN;*^JHMT5v4z3E>h*N-1FFkdz7qZluSOt6X*%;N$(3X>}(+@^h@QN!>$d@utx29)S zB*h)C!lOE|9nxO9Q@x9E>_kUlggEu_?V4L~#dv~8(A8V*ggD|i0%d?((lGm$wU77= zb%1NXL@aEsU4XFourg-0>}VTU=8uvqi5f4PT3(v`jMD83rZMUGhV1pgh**@kS=h6t zS9H9secA-UkD~@}&OOc?rCb%UQQ0Uez4%{w|Oz0zRCLPn=0 z0(CF?_T(Z0I)PT3*9w1!AICbF2W;hKoqh~Y)^4zE&#O;W<@PZjzgO*0&5vJ1zo#Kn zu)p&|sbm@NaG@_vQX!!C-nB$&uj%1(-`nkY``&`fn=TInAy5*5qU zhf{x0+n1lSmJG{@(C&RXDbNn%t6~^tZ*r_)$QuSS=&F=32m&tyz(~m^>lgYTJ8v+` zSA2{^aUW0gDXE8Yt*JX$nkCc>DRCda^73DW{Q9K-CM(!5VGIAP`tiQ?`ukQH45u^0 zmef0KD!%wq#8#B+@x$3wpO@#tNlHm>RetHkZ8b&ujuN}^GdT( zUi-(!=lvU_%bV#vG|A8S1AC1Np{@lTSRFxY_4%}pgif3V>T|?#n`EG;Pt!YH+-eJF((y^gU@JY!X-~h zD6M!ZT+{D|!ewUpww0BdhT&kdf0eND-s3C<@4LEYyzub1SNw2HMOGqZgr;&@Q6VrA zV&x4GTwrCx{}VWPMS~a5-G>I!FTNfZ?VjMd&r%%?XewtD;S~$ft0BDK@0&VwaUqXIA7tsDFq|R^drV3Qr?jtwie_{qv2ijSR01 zNn0hIjR@T9G&wJomDVQI$3Fb`EAx(%WxJ4oU#HA8y|EdOn!|^3;*-sP#+}z&vL?IP zy*OKP(wS7NkhMPY9WCExyW9%_c`Z*{kxk-QDl%HYbJ~;@Bg5_?NO%e$i z&jt1n_sCjlKzu&hQz~5Nc99|s!J9oiFI7on_z$_6Aa|w16?yHimRC;FLNdWoNq=)3 zZ}F;+S8k!Jjo)~E{jB=zGY)puU;8$QCUZ#%OBdxIW*ycG{EjAWTUz23W8;pO+GiU} z;wr)XJ(|ShkNxUygnDY+weEjT>yE5j-%uGjg;-}-==N+CV{sSd>JRQuTy%frG+&c^ z=(EHnm&v6Z886Kr8vi*J{)@b5(AD-d$6tPea(3Z!b-Xw2;p=PMBXt);lir)CccnDI z>1w{F&zms(+{fK})Ag_zC)BZBTtwHX@*HZefLC^}GK*gsTXRa|-fG-RfsPI_$CdRG>%Db*sJ$xke$xQZ1&*#G{v)nPS z`Qa1CbJBkA#V6%mw|DG4e zRBy`Du9x&{CeGee%p6GvA4>jmv#g;ukQ*kmFTlk%>YBlzkmH0a(DrX;t3G=`vv#H1 zGXJ(au~@WQjF#wiGo;J(V73-cEV&cBAuyin*S4>!%3mo-w}&K)rr9vHH?6>)tEuSt z8*#Rpt;GwA7dZVzP0T8O=k*_^e?Qf7^@98mA&AH;HUAb2JI_=ut(&z6U}D>vU)W^F zbxCx{3~}6BV1*_K{Se@`VAVj$KvyL%QSdi{yL&lulY2~3+}yIWrVo~s!K4FR zHh^{&K7yvSI?S^qz`!><{ZTy9f74#c6!L&0=}o1F;xQ58F@jeD$LmDQ;!+XNL`GUr zNOGLshjEd;WjI+-^Q$n(gn69S$$V=#!qU=)Ueh*!F}@<L#`#08N!8@rQ+EY-Fuza~0@r1XoMe+AX zSw*-~-ltqMI7Ge;exDy6&-tj+hR#ZE+4Vfl{8F$}IgA-Yd1NQ0t0kWrF5>J-wL&N= zkS74Fgn{;{0$7UDeO?D{$r|u+JjnwzBF6*WVF${#D4*Gb9&y$TJqbjDVyUj8v><@z zj1C$eMZk_{)}kX)DJ8}zvVeQ4fN2zfujt3#W!Z`sS%(K1yg+#Hv_$?q#MW(Y>I9%y zt6vgjLoy*xVgBuH?NV(@vCF)-zcxeAvAYXdLJ+|&T^$@za~P z146ZKM`-AILjV9G$}yG(ZF1tI|B5?Mg4+teQe4yXm09%({thHk3W-JgYo>} z2BsD8*Lv3%UX7|@=6*=RA5L|jJU@2CAm?1*4NtmnD;XSs<4XCZ^YsMk8^8Qjl&jcI zQOr`j(%B{WfWbG?EKh%bx0aG3K6YH}DE{3(G(PiOltAbAMqDrRM;QfkieZb`5Fm=2 zi)l}_$wMDckC}}N@C3dNo)UvK-UgU*$u-@RH z_44{Fbd4$(iO{OfV^vj+jzE4^BaMUPXX;Z+d(5;{%5bZ0@H~aMu6Oif;cxa^qLgP0 zdJ?L5IvR{Jt7%&qi}R4})E0i&5D>cbRfbZTE-FFuBxBa%+gm3u+@Ix_eQR?6 z{5b0eQ6+tL?BZ;)K`4uPKhNxg=M8bwvn{EmKgglkkajNn#C$n|d6mpr6nB`R1;iD` z6mww&z(A~)lB5znJ`@PW#NHk_IsLU)j^k7hz+)JfG*A)IZ_CL2m;~ z+v+x6Tx}-HKkuePj}o%YFRmMm?$FneG`DarvC^XWl)3kXWcLisL_tZqxk085zr*D2 zh9ynQ(vGA|L&)p>&6q2h{?4573Lac>;X(;H=boC2qp`ePFe6s7;v`R!{1YV7zVR6N zPC`UL2Sprhypm;A&4V(J*2(vdP|bUV9p%idiveb8psQ!oK_vCwvBP=>B=702dB$&l z-JmY3O;xeWHT~Dt|2Du&=GFewvDLLQr47BzX|~w4KbYcrTWxowjtmZ670;5j zu6&0fQv3x}D%3e@mnk0mWj=Qb#IgKe5mI#*?bwnCbuYsnWZ^rUD@5bUK#hA9)GvZZ zJixhRLZX4Ud&Nw;QTh{t?$LOP+&$9_oQ}E@_0)*`Z~TE81Tv+}m!zUA30&0c61!0<3^z>7RGa8l-) z@MmZ@X8H2H*!H)bEhP=ID*c)B-SseoW7*ZoCG)G)Z7>~%Az^*RI|aQmxQOF7*&g|D zgPc+TU{^?VtceIgPHeLxMy+EZl|8Gt>&>LoXX}*Md96EFWiY58VQawRq9F#?hg>Yj zuWT}^@*VXbH6+__sotZ^x0VE?{jsDqTC1$XCRPG}BQs`vKpu^B(hvQ3Cp7=DJD&0c zy!TDgvlxnr!(!3i+>5WY2*^{kXWp22-~J+A{({R}V__LeX$;fKAG?BRR1*F471)5BIrZ z3_YlBHn8{N+FC3$pEgLlhXEJN`|Jxts>nmbU_n4Zz(WkMU+Qw}%9?gTK|t6eKtM1- zKtPzfIomPuFtc$nvl?1N;MG zF6*-uw1Qg-%ol?+QsV2_An!^@)fR~*mP0`eX$uwQ5`BX!RThzT_>icHT$zUxk(*WS zv30zv*uJrAn7Iw231{CY2!*~%FYn4%nI#Zn9jyC7AREFjIyXJ4D5U%{%KmvPV}%B& z!r$XeWa>cug~v#{?m7kKH55noT~vE*6+`IOh-lBU<*Xo8%2*nD1c+y>pq{y)*&iy! zdc+N37d|v=^!2pU!)uISn(|214%kt;s@l`VgE9Nyl4XgPvEb}VE*$xtb!W)M<03rg z)W9z%GO*S@%|J8e@>^p!R)MYkU&+9Xr8qkx>&{3T%!Y zoBb5mbN|76a4xy<{CLF2a8v6DY0+z2?Y`P>$DQ`%Q0`!-zrOdSPn$@^cCAY+S*7U# zTb|D5xKvnM3bO6!=Idb+TlB_fCJA)a(I61YEH_fwi%P5sV|B>40K15MI|%GL5g0Qg z1!z z?D(R9vi!>%#PfovtZjIn)sAYt zy%?OU-r|nLQqc=ej|n`5rR|2XTh^_~TAGa07)tGkYDjOnEc$lw%q?491_!op!W}wE zrxW;iOc3)&GYCiWhq)uik#_1-Ky<>&NTFkvSnola-HGL}KQd2(G3k8wN6+u^h~W;; zsUYW%JlSAb5!G|_ObU2G{lBZ=W5sZsbQ=%CiiqR?y9(^={=IqmVwq#G#w*jLm_Z>3 z5LC5l&(YG45Lt6?6d=ED3FvQ2d|J@CtxKdpH&2MX-mPmez(F_Hx=J zo+Z>jh%ht(6#P@-E z*;IrDR0gpwh3p(8DQydQFh(nCz0+!L2JkaD{vKGRCJu`0Tw9lY!P)d4-GGpBfp@X~ zLEzu+5y-&y_OTjZ0&2cIN-C2nO|;&H!^sJ?9$1_&GjvHid|}qoxbIBUf0w#=vzhn? zaSfNDe}d#v^rvrsktpTwOS@AKE!_s0yk^8}=eH6%n^hd8FIg~Wf~pAIQLnb9lBH6& za6QJVOx`#`YV*EKvc8hYz8&_Uq5{2K>px0+oRPhGoy%LE^9nlv<9!r=BiPnikK`MF z|LThDh<~QGi|;Alu~hYqoP1H;_Kots*tKhG4{Fs6nyh^>!dmiQxaz5hCkeePf7a#E z?8`nzy~akJ!=w@dCcIw=a!7JfrO~tfY|mF{$JmS?qoJ?W4Pi0ARHslRYULrf&IbHl ze*Pz;z5@MLp;(NrFG%l9_HSwrj!&_y9gY2mN!@Q!X%)RZB0u_j=Bl;~gP#-ZAJD?B zmGC6JK*X4-VfLl=Y1D^N8?{E>q{`G;DYiSrMYot+*vF$)F*{P5rV}?f0$A#IRCI9}9AVC$~jFGi+R1?8iB80YJci*c#z#`)!6te;?|aiH6J(u&4FMR|-CsG>-rZ z%7#db2z-$B4#Y~*I%0_vJ|2k*%?992R^4&q-+o`(f)XZ3;DVu5f8tqx;hG6W_QYY; zyM4N{jUn=cZZ5v>bioXVs2W7={WBz_4M93~{1u+|$)-ypg{oF_n_JoHzO}^1|GITW zQ20@o`Eo%EMzD+ZZ78O|$BT}2FSH>peWmLXZvN}-EsilE*$1JwcXj?Iy`B8XZTa18 ziubduF`)xIdSAXj;v5I)EwzCOmaq>3Q~4ySJj{MfNuqvqh{Jmq-_NCc9oq!b6xTJ1>+ndkkfwMHP>Y$JbC+$w*t!G6Ef2y@DrYFkUytv=)Q6WXzb#Q;L$G%UE}8e9J30&HWT(vgoibxblS&s_((FCA zdKSvcn^DD7tl2ZE_ z_8jW0Hv|+nH*Hx%7+3^Zr0vrRgH!%e`!Dt!OqrE=3mk-hEXqvxRViGQ1u*yf=Ny2q z<;GyiO`fQm#x;n)$42br^%%*g={n?7WTVuacsgr3C{qrsbl#2;t{f#a(vGKz`A|pu zR@M=>8ZydJ@rQ}|fTPOao5XWWiTTvc25Bs^!PXyT*xc)HE7ZirFv+dE6=voY8i8Z# zo^0az%evMRraVt}wuHH{em=iK87T1fnMZoUC;De`M}!Z!zxvi@<+~c%;%){Ie;L7* zi^ip5=rZmq99T#8HXLYdRpE6c zQJ4B9K3{RGHg!B1Bh+{%3^n>FMexw7M(X1p%*Y8H|BuEjmSN{eueV7jLq(27NQB^v>VH(>q%D zj>&CnWI=so<-J=@@ucRAigUtk%OLfv6hTyKk95rUDYP`grb)BMK~@pXx*6ucfT!ow z$<_YQF3CeB$V>CD)W}?67u}rLfKwkk2E*T^x@Vdhy6eYzI>~%LndzDNn{1Jo$IWP+ zfG6#==j>okhVyDLdcI|aN%(HBD0XeMPrUBBywh~@!qJkwAH-5EXPBe#P*&g(4)mKx zU*P)3fr-&=4AbQh|LjB%SwNU{l!rfgrJqRwR)eyDJ}7{~my*E{={OXKH)?*luSwv` zgfj~}R^xWls@)^_Ph>)1EK+x82gg??B!cj8aIk2X>05PozhjnzQziEurf)f8KLAQG zgy!%@@pSxnco%MvJE@usHveU(8Ge?vbr5YZyLg@=mUw% z{DElJnImlx+|Y<=>B}rIF`=?kDkL-#IJjlxXOb+J-G8fcGvijeC=A~cHZZA24s0}1ggX9TwzO~$*W`-xj`3T8v%YJz*ihZWdRMZcG*Q)L7)y-Mo+j;3-L6(%=qGGrDwRuo-fq_w}Y>xtf65io~q`(>zR zO5zqWa3AxNc8~*l<4`Gxv8qc4?9xD4R(2Y_tY%=PQqNakO zocMCZ9ffD@a*jh5*r(Yq7a9%KCSAxwg*7uKZOx8sd(Om=A+|;Su&ri6%piW4Fd%FY zYvs$>4eL*#C8A4n0(U1D#NTv=aSE8ozb-nCqfpF!5c}Lj+f#gDD_Ug~M;Fz<#K4&U z3b}WhA2UQVgxQb2C~?ENmQAGHLFV+{2z~yw#^f*}_sK`~C`F6A4>q9KD}Dr%=KJzZ zb&UMuklK&K(gi7Xgc2Ml*WF<@-ltFeu|6607mc=){@1<4UNhQAEBN<)_@&Y1on?eu zlr&9y)~njvj2C@w%hQAGTlZP~u#eiVc6wDw6@!)lX!l2U9b%02?;ah>N;QMd&*(PC zcvlEVL)J2p21`=COLhT71Kx(S-lXGMeFffItim!qePh3Ab06`^ZqKzQkEDlxwYw`5 zq~TA4AoNMFZ{ih!w-cE3)-g;1Vo6;QU#{C*tqht@9QCzPf27~3mU23tash;q{@oo zSrNZ3{y|_SrD2ltqI9Mi776Y?QdxIFPzgF5K5%00?xIG7{-)*JGFMi!l`G>tM8)NhOOQ zV&PW7ol8n>dLV+%WymAVLS=Advc%A|MnTl<@El^9uxd4ELt}Un%po$Okyt^gj4;M= zq9yE+8lf`SG6!O4!ruTx8I*NtrDPJ>BJ_B{o-_c}X%Hj4F}e(eINC?7sK6j-4xL;d z1dA+M6D7)Mil&cN6eIFX5S&RE(h(%;Dj8V^b>sv;fFFW42x3Pg7hl<248$V}88bo4 zf={Ben`H$luti#sCz)@c73DMt&IdkDnTd3df;>aF!_GEeLaL-9_EOx)?9Fh?4Tu5uM#d;X!1oIuvgYYk5XP zPkBB^uyY_BZL@K_;>xDHV_-Q=+vo@Cp+1pen6p*ZN0NfXQdDS7H9NY_=ry)Hhtrc@ z#MlqkD0?GjO3s@uBd@@}*xYVp@DfX5<6`E?kZfcC)gcg?4sLeXgc-Dn3~<*M5cK(h zWCbT7+BjR}l54PtnSLg{Mj0NO^c->|Dn1PP$pB{|`(mIcKi~=w@@cg~r=JIY-W^6u zVE?b(BeBxqKu-|B3H3kYie!ZXH>fU7RKXZ6vIeOOF-;#BIcb81%l4lyzL>cd^Z-uC z;lzJ2SRkh11BR4wpvg`CH^Pn32?c1A0ANwND5#0~U)Y2LV5pic^5DN1#Hv-s3DJV^ zLKFV8oic0aB1f*7qH%M;OZ*8F44pU!gkpts1dD>MnNR67?pZj6fx%mE`4@FW~V51BOn03%g^CP*QNA!vS~6Pth`LsK+DdNJrj;P22z@h1en$ z06||D2mHnMo&ZBEl>iCOG|)4J#3$0b0MZErP@M$+^05J_3 z80p3aFC5Z95vpH7WF@kWACfr@0+59=pQ8_z;Dz>s02D(;h0ckPNw^_+V<2XcNTkq- zp8$!^HWUy=%_t<=RJ?*9ufWlePLZNO(MU2e^ESvv3P59==s%D|ybAA7pywCB6&`;_FBqxdYFpS3zVU(oGt&G6-T8i;M}K*Z~ZkutjFz4Z(-vk!cv1 zi3kvdXitNfr6Oa(CeQ&x8*GtZ@g;=B{voB|5~7{s4S51~MBpP-vK&Q#F`_^dGzxT+ z5|txX(3~lnF1u)~Sfr}ho(%MEjv4f>I=~4*Opjb6o*m>q4B9k9D@HeIQSpj`yn4VJ z!UXQBg?4CE5ZQ~=M2a$6pkeVCw0 z!mCnh#B+d1;zVhIyUw88&C&-a>Z1A`tv{I2Kh1ZDCyPsXc z0>wn&MJpJ;fPRdCcmS%wXjEdQMj{eC(7P^b@`l_bWFtsvQ~(Kk;4TwjM*_ZFg?BU1 zQwVTH8S;%RRKCKM0Ie5q$PZYAMJ5*}mjUVY`6J;A$qYop44qJe-i^i^vI3Bihtg^& zv4WmQLEh}}2xOFnYMdaYEMTN5<%}LTIvF)$S~BF7D$s;9Br_B(C3GSRFqDo5Grwg> zLlMfTp~MdQG6K>7>`1}4tI%=4&zel#twZysuvs>#94)z6sLi;JWd-x9hfa)p&v;JI z1?RF)(P7e;AM$#oxDb1-)OZ{O*|LVkh`Olp- zU5m;3!t>kT3$jE3y6+p^yjUR`ilTL9nTUibhm$S1}{)YYw^a=WX5ek(UBad^boswxmC$u@5H}WWy!nPg5nf z_Bd+hnYTf*TED)NmuKGc_~^`m4e(QB;?xI|DILkEOO4dhAk#u*D>GZNsPxayqGUg1 z3O-L>0ZaRt-HclKm4e!%oRdP#6wXLB^L&BE9`L>^3tl0s81l!1q)# zLDN^Ed{o2JH?GaPM06W?xXt$TpQgIe`@TpCyTUp3I3W@C06tScBFtDgoZ3JFfQ@^!2-+*4N!aJcxwsS zs0#tC@3!(oVuc@hr5&FUwV_)jt#D8%4W0q7A%R_6djhjY3|xlN1wvo4=-(VM>VmfO zD6GmsIZ+6W(<>Q_H*XMxXp2x8K55X2YH-AF5C}O#Xb=peuSR*%mxDST1f1dy;cP7- z8TlZ9H{4c?$WLnlr#JvxXzd)8Me&G@MEI{({Z+s=?*4n6D(~Zl8w_I(4>99YM$$QiESu)h6F*#y*VpaG;7)RC4+i)M_2;u_m>)HuQVs9{wMj$H;2PdSt9toPYa~{%pxyaG&QKfP z!m4guSL88_g$c?AQA``4A>0F1+M>g1<4fKvn$Z%0C?2Jz6UpM0l2vIq?i_zgaI zb}0S(@L=4-1{UgpAIK|x>??&3{2CP#OU9%Mp~PnW%q9(;5IGDQ$iIyzF^mJo=Z$Gt zR|Ep5F{_+iS575XyrJ)X0X}5?2DBQ;i^g9&U{=bJS4g9Xd+qW1Q9hmARy;6_FW8Jc zSXXu+`1L9#=8X$vL*4Kj64+K^AnwTvkHv_WQsCE?1AFp*#zU;2i!HJeYbu1k328<2 z1phPuHsB(G2i;cuqZ-Jd(;J`L_n_^1Ros$LVsHl7R^kAs+(YqO`w-d@DqI64j%xge z6afCMz+v%n87IX2_XX;he?Z-4AE@nr05(9$zt?mQvsnqvW)~$R%boGI92h4;jjpq-#)a9eHadc;#kRGn zcF}W@5@_W(;H1WwQOv1_U72jhW*&4Z?$dMt?GJhfh-x==T8pguaekaSuNHnZ#iXB6 z|3sE^@T9)6UN^4)jL!sabjv$XDH`;U`yhw~#3mT83B4s_UQ|zIYGV zg_r?~sMI*>!yiE*;`Z3dma<>W3juhO%mt;wI+34JEh?pUwN&;UKAY@1tdz>4(j<}* zoI5P50`QUd=8MXW@GjX!f4yg{6e!D*l>KghQ0AR`+$snKlZ$1gw7{uOJMGCwqqTr& zW!dfqN#UY7qViefC2CSK-~C?b3tHKKhVao$QSB)zB~Z=Bkc0=%N)mCjifD&l3))89 z(_B6sn5JUSJW(yT^rSv|QhiG-re)WNz;Lh30g3OV#WRFtIUfF6y*(f!YbDxK!9x#x zNP~wA1f?N$X6NdrWOx?-9i+RICRueK3=hOJi1MY{aNdt950C=^bu!sbN-MDlHc$Pu zI+KHzEQch|{q&jyuS@Wi&aE?XDcy~)f1p=fO7rn`4!x$p>l}Qg1MSRIc)bZa!=TeqZpa+% z$Bu79DbXJ6$TpN3wXkE_P@0GsyPPm~Pn6f?9YXd!o|1OwtrGVRh*X(qA5f3;#qIW> zt$wcz1c@TZ*CMxP9E{J}pP+?#P^zSyaU8;w2Qj4&S{Tslo%l+op1!3PASq|a!pCLN zXBwD7Jt1MnyWouTYa5Ax*?O!%2OhU2d^hmvk+)2-qW;sqsAtbv)M{4L%5p%D*XeW5 z;)G8ut6C|DZ25Ad72S2W@qG#`FKE=$NO%7J3d<*1hf zwyxnEQyYCrBhc$!Jxck_{kn}G)2pX=WU|Z(uht2%Db{ss~mv641{ZC+ILYW`WF?9G)XG2*>-&EK!ddmdY@v|Z2w^i zr!LcN&i)4P3G+c`j#+`U;s;Y}Idujjf7@3we9cPdf0Iuz|K>(kMiY8RR? zR>7m&|GnpYM}0~8gBNQfP@9qWu2i^7P(D>>e&>BL+Rf$oKK}kV8gUX4BU4D9iR~5} zs`<@)MZGasvKT0XX$iKO516F>bHC2PZ9k*$1o&efKPICu?=JyTgcgEnFf}4qQSY(H zh1G7Q&ijs>SLf#5!KoQZzALt&U&mB08QG|N@uU4xv=_}!P)a`y&94Xn6NrvHD)Y^H z5zSZ&^F3LTI@yZ5k6Bdi$%5hXWQodTYZMSOAK$EEZ7DgmM!UhrVFB`1TWnzl8)B9K zdk)mv{Zdgawoz`k=E*2s3dTIO>w!_yzrjD{SC$Z=Fi2zGERar z7wwGRCI#ekxu*|Dh*;Ne1#Y~nIv-6QsIH+ z!zTsIPs)LQFr&ShlF_Ow8Cm(&i~j3Y`ihE!Ox)9S($rzW#OM?5!mwgaCh`7WXl;Va z1$Fzh{P~I`4qZ~SKOZOZ{(-1SfD{Tm~_jQ8Kl(#>dqe+U`) zlNa;43(3?JOl+h?Xy90un2L$@lsJO-=di>yObi;3-B}_q7@0?w0pqcWi@ZWoK*|I6 z0lz_ydGC!6Rg|IHNbfDiFpY%LBA+q8 z;|0rb(_sqdH;(4uP?GwVigltAciGGx@XhHZi7il%Cbqz8wBUVcK^~2e=*4pm0a^f~ zzlvJWGRiv&M;I#oFBBGC3J)(WiPwHvV(oUlcF#&jkm|o5>sR(uv#?u!^vsP!$zv|_ z<)zrTV1$gp11VE=SgQd$24Mx}D0~@YI+bdw0bA$qkD2$e%sH%}=oomuR(~GhA|>}E zc#RHb&&BxMn>~-l=PvB|LU`6&2;F`GeTd#h16+phzVC`@W01+iz@3Zqsib)YV;u@b zbwyjYVW=EHI9H3FBO?zgDp%v~S`GEVY=mFWN&+@!XK}j))~T(ptn8DO9g^~ar0j#O z<#ESI6IqOIFC!z-;x8Rc7U)aNT@A=zwEb#8W-TG!zn`@DXOkE5LirWfd($P5ZhSRo zqus}sKX{oo0u%P~75^f>N=sgtQ9ky1Z0LJkwR98P5wzj}zPP2XZg#*PE?C5=H zYpa}eD@~G88_r4AZM$XVa`@sg_(BX!fiIr_f|}+TFRO2$^`Wf3g){9`Z(ZV4?_7XJ zfXc@bY|qM$@R6iUQ;m5n)NrHKsoa&}ROa@Z>r|Fm;Lp8TQ2}fAg@FDuHvt%jd^G#* zrrECeg0|c>^gbE(;1MigF(#n#`v7=%G?Tc~&fM6bXL3NY$m&#!q?Exw*p`JXY_~%S zTnQr30k^*qWSo!O>iKSEMwVMCvwAL&)gJD^bs+vUx-m;hhV3HSM^-p~Ixs%ni>=Wv zz>LWt@kmO&Tj5CT6SCS)cqjJVGjPt!kOu*=@;l%?1m%56c?U#XK%1XAU~tiODMZoXH`xdaWDpD zEg@2q!JxPc7u%PP7F7%4{lCRR&U2HfmRXTSgk5@J7Jbu1JJ>Z=5(Z-SnZVR!c>g7V z2pHpQj+tV7&DSQz*W|V3Ye0@s98@St0Q!a>X&~ngoy(DxpU^8rRF@v+{S%M|_%)9g zxE;@ePB@)0I;R8sZ+(of5s0tpdM>`^y*OXv0NM%kElX!;;H&q6I7H7Am8q8Kxb|$# zHZ<(#w@k2%b$!SC{{?TVYl+~W(2uY93w}0PtQ9PVzq=-7@!c0#`R@55ir}Pyit{YD z9tNJJ0N!Etol1+&xy)#T!XR!ekd*>q3m5$)zCXiEc}11O*54@>T0H$kb*fb+w1!y& ztjq$r-O~^7-5Sk?Jm9iuLScQC#Q3YScKj8Fw&OtAUojgwaR5H=<}!?72u(SG6Up=lhEO zJA9u<%o>zw1X@V zLB`~rPWT&YZ*g1{P`BAxgMncnEQdZw^RR|RY9HT8&68J~hV_TLO;5rjyD+xd2Bc^n zIu=GSG2jk|%dSr{snhfEgHg2;@+krY!az9}gb!TP$)~RvpW5J4SO;19lK#suq;yj( zn$7u{1JC^U?u%ifCK&n4Sbl+K%f|ffiwhuA)H83U%(d7h&1U`#$7dD35JoZtD~?G@ zIxifXKJ^JUcZc|jztT{^hP0?a4lJ^gm(lY-Ie@tPog&#_b}`Jczzmc08o5y@c};;2o6A>aQACQK3$zOSs_ zlMA_-kgM6YKn{F^`p<6wqFD5`YMxZhwy%|n2UzsS=4U&uwHe{VUlW7 znGCFX2Kf(p`;$uZWEc@s*`Y7bsO`-p3X7q?I}RZ@?4+x55%H8XtZnWYO;Zjg%x>rX zV@nv9E0f}yS5T2WMeBeiz)%_F4HxaBA0T_7*^V?hj7)VKVId{|5jx=0;A1pAH)u(q zinWURVMXP(x{69w%S5E6(`0p3J{Gj90R93SXs-cQ5I;a3a3Jc071lAmHMIg;rgWmn z=|xwE(Y{&Pfj%5)g)ORSI4tlMq_uO4HD!WW~DhowN zX}0fwbo{Dw)`&OBUv3Mk(a-}e!Ana_KWTVrL3vR#<|nAbhpiR6!X$5PzUqtTpWJCT z$%UciMbg$Ty0aO)E=@r#Tb}N_HEdNGs@OaC-dMD;LX|J8 ze_T%vVRih|A>qJbVMWVH46byNw8<`Ff*D$?7Z?v@}=Gh`){8+$XR2?5ZC4i(17wdu8+y}%a-&YjOMq)D*@Eve)`R#~~Lwu}!@lxr2W$yQG{ zqx1=p`;9%F$oBbj*X#S+MHk@y_Tl@9`&&xZ1-f|k_WP_by)6X^Z5d8&$$_?zJk?)T zOJKvv48RxEo;VGcv?HAm^mEEbG6h!?m1!-_E3SokE9Wb&Ct?PZgT%8m2{8+$rZ)at zz_aFp{EG*5KTCm|G-PBhpePJqdh&(lifo1hLnO5#yDbtR(^=pgiZ10Yr6v5uj}$55 z<(!cwr*c*dWcCD zS#>tFxS`XsVs5}wgTnpZs2KV>3EJK?M4vzHfZpb>*m>q*S-CTere`3gMSHg$zr4@* z3NsCKN?C4#BmC2J!gJRArkUtK$!CUF{1G4_X3h2_)PXye7vNNv8GVGIot`Tkjcv*o z);MjL9|~I(fMN~)7NPU@OWgZn;3`e@olIUdG_sJzcY_=~jbC{a1siKuo-1A)yl{yx zNr^AXl5dweUb8QB+FKpTL>|4?)uOX4-mbC|3FjZrfKjT25$I+|nmpaE`|oaPWZI5= zisIy6qRw0Z(i24=A-q&lLA(?(Y)`30xiJe1oEG^z<+@uO&BTgqfY&zodLOR8e-Fg< zH@%UqGx+YC=v_c=zCMzXG!Q%AcYr>CL3{_{(Elxl(EIod`t5h5U%Iz; zahvFM2S}E@Zwby?YV!ox1A2?RJ9ng$Qg(7yUWKc~6~dfXa*=|`CS zA`OweQln@LC5Kt;g@7|#a{$L?`^&p{*p@gyE`GC_Cy#CC8aZHsp(tyV0ola-M7 zuoTD`4ydyULz7%F)WqCAVN0!m8sym^3Qt~wXu1*h;)fZHKgn;XwpW**uK6fj^p_-BL9(cgx1O^yM-Z!f zfU5ICEm>~ZtnQFiAy%EN)B&Fabvc63tIk;tMe@O-@~Nl`jiLs1DC*O_4iiB~Q>Y{2 zik-!=@IM{Sk4S%zkJ}Vbg1zNM1FkkW;moUviEGhpv%hlaM4>~F24dpA`0}@zxZmb~ zm2N;4*wW1>nZ6A_!kXyBSOFhWFbVHf)KFO+J?AQe+uZ(TjN6pcj~NY>PMpPtUZ~l| z{6<4_kQy|%ji+!t9#7$HG=%`#@S7hYzlnA+Ul50oA7={A$q&rsmwTIB%3ddhlc8nh zT2QN>xz>A@87yXg2YGgYuW06Z$lcjs#Yi_3Hz_Fx1z2Kxf6+7ngEXP<0>@YQi6WQI z<2RQtfz*ni_ZEtp!~D2W?A?H;zrGgDQzT-%nfD_O)25{8$ao2Rel%j)KN3P+4Y^v@%^}Df#0}G&~}NwDpJ09#u{VS zsV-npUqcu0OcK)tJpMBVUpp2Kevg|c@%W^F`v=O*XO$`xg`LXgaU}MpG-i=HDxcI* z-aSNGZ|tvYN^Zq>g+yrPD@)COlkH&Zvy5|)7pZ#%dvrGDNv0MT+4L)0pQ53dRWO&o zxA`Z2`GSJl^5^t;owdbyh62r5an0)eV2kN4Ai@z>oBD5sPRIvxO+=U7xeAT675 zgh}^)`(X!&dp}PZiTa5N6yR*g=Tm4A9@cE5kI*7K9FK6qlom#mlL)yYy+x!+pEeeh zGV%Zh4H5X|mt;q?BsC+ObW+_k+t_bVA7jqeD5efH;OOTx^yB;B>A+-*W{cE2@QL(X zgWB;U{rliXSX&?G4*)Wz@A~{}DypTozCr#K;Ed^O_FQV9Q>Pl<#@>d8_eB$-lS?@q zEaHlX)^_ly111b5ukACLU|D0B)pX=hG}{xO{|*B6YXM(~K>aK!YjMvOlvQg; zySa)fC{dk*cobW4DTVK*V?0tvy`#}h{MAvmz$Md7}`WNiZmaw)Q!~%{Pyr2G&j$eE3L z3XM~^8-bR#BU!J0rIV~niDWf>Nknd#qq!a2Y6H$raCHDzyqSykXiMFS`3*JfWbQ`& zJdSZnGum)U4QNYh1k3azPp!-A-fn>Lk5h!diks-nJ)lQJ+)BKK8+eOAkcH;0i%03D zAiz|Et>vo}42Kw`)gBC|AAnbNBgLQuX%?s@`+V$1{M_58M$k-Joj4na@Y=_j#e%n2 zbQs`Zn>0_~=2htMZueS|!3kgab%v>YEv3w@brx;v5}TTe7n!jLpnx@rp+JstFmR2! z0*$zp9lkHjzB;o)Z#rOftgNnGLw(3J_Z!Lvp3$iAoUbxWv0V2iJzk`8GCT<~qGKF~ zprPwY+LN>Ga=-usyff6{*jH4i z*jXIMu~Tvv9v0rWatq3} zWK1v#KUA-=Bz)DhgMHNtkkEogR-`DJV5j(Nj$i~W!G1+Q^S{qOnu7d~^MCaJNAurK zelvJxJQj?1kFTH&J08mr<{_P*-W<(X4`LX~a(xWTCZ_Zgtg?C^^s&}6MGW);@x9uP zhYXVP4)VT*+PzsQw>KQgFiG6FY)R43_>=TGZb;t>=>p&Vl5Cl~T;@*6d76IA@(9Me z2ZS6eWG!3+yddm0QsHEaXN;tllKSm(I<_BMmbK_Mz)dUPeIy}PcToYfD7H%4WIHR$ zyM<W zbe@=3&9A~>=oom-7li#NZ4(!%We$^V^@Fjm7VbuNT1gfQCs{m~iRyS7!m+U-oYUD5 zMz3#=-{UR%r`}!g084#5j9>G37`_YO9fwa;CRy3}qqjUdtljr&%4?Z8e%A+KQEHRy zy3H+(pMJ3IXhfA#Z+*-P+L*bvmq(dtYa{bmCtKfrI<8u2z7SuVJK!s`93bn$25$z) z)CIBj6*h_d_!>DNS<%o?=`I&md(Q*xbl@3$UJZ8Y{OC*Z`x^3U=5`ow17GoUuW*V5 zsp*8@gRi1C#m^-D<&my!FDQWV7BX??FGZQJ>kXgRvLo2ZJgC5aY(<^B3C z0)c5Qk`fN@Ijw0GLC-PQ93%GxEFwQco-#n&35)J6b!w2kb4+;o;;EJ0E0AE zok8IsR@QPV%ll@uudih)vn!+aze=_&M4!;gYGzngjClQ6%GMS}-><@Gt?E3TzVG5I zG_?N>WSAL!KLhmrM+z1i4!{2i()T;Efx!PDb5S|(NADY06|=i3Nz@NcW`tZCJ2`h@ z3DPClL;rzLqaF3pe(%xeSBPY0tuzP|DxCp{zEM z(`>I*vhA}!?%=)1#0`(T@+2oag25I{*{d0KQhz6^yG=39~hk_9>z|3p`tpqCI*&g0=xGmW!3 z!#XAuN;kdpJK{~krq?WFgVf3lLePCcR_`HWqF)pBL^YXOgW-_>My;WnFaC9diR>(x zDkBS;23w(KyWvd`A(dT#q$RM;mtVno$JC^u&4Q>bZSqKhy6Q#p*fH}JcR)SD+XeKR zBC1Q9_=+YQh)Gj06nPp4pF5TCxm+-aR;%Sf5Dc5k@iq*QoQ`xSx-iIMs2esBn^eDD zS2tAjWaFqo6xk7J1GAt%fs-&jYP;q3+ z1&O&PPo_-nUqInZERO_Pp_WEce|%imR7i2fhEV>Gm*MA(tSkZs7e))C52*BeSPGQl z@n{%+i_r`be#_vuP7JIfVN7uaajUuFf36Hfyd_M;yN8`2gGj!K3!i0&57GbhSdJ;&?>dS|-J3$4HoIHR(NS1^+C9vU?Zym>>!OO;KYyetZ4!_UL zJcGNUDx;PaJR1vM*`#TB3Ti&`oJ@73<)x%N0IDaKt4kL+_vbtjS_q1lqR zIDk$}_2j^4;Q3@jcM722fvEfNFcGC^%|Km7(fh8@1l4@K$w&`(_eJWn>!fb<>9}E;K&b|u9qoQF! zlCDP`mu_IKoNZ@FOJOlw-GKjjgT{rg_&MFcl<=!3ljsaLl5S$yF*u#h@mip^!xZ6= z>Q3_JNGdI1Y&NjTq9!S8pJ8j0YTbTo^0H-7S1$?-c6LZMYhI%Vt=3e$7eE6UP;#yY4(Ly zjF7(F&d$NBQGu+29JbGsBdaOjAps%NdEllsoBzN19xB4sE&T~OU~p7!r~G+enZe1Fz@O` zgyBzQP3CWum8B+cj+0I3UwWpo{&z_P5fmUgOHG~|MKuZcU|E?%?#J+v8x=$iuj5`^ zYm8E9hf%u3SEQz(>T;M9@9kh?cH2L4;45n5Z9O?tlxL?IdMV!Rgit$EVHj4N)?PK6 z78k3lvY_ow?y$lhlK=4?sp{!RSaF)$WX5X^OuVlikgv!ToN2musG#f=w&7#6r@9IO zB@PpGQ1piLKbKB^M?(eQ=}b>5{O#hsdqouzC5#@x`|nP}W}&98ocG_77Nc532N+@# zC;xD~`M?C=jX&{$(A`e&qI-d``@Zi0WnOs~F#kG8b5(rFBF8!!oyuW;GlniY_6j-O znNgkh=6C2pm(itUj2RfK=g2Y7*@r_06PWpQ(RUJ;h_^=cwRZP-p!h$+2O_sWdZn=v zm_;>T@ty_ks;P-bPIcDAJ*SK&CSw!3ViUKp+l2y|qrNl3DP8qSoA^+@*nm9@|GXBL zLyN2--*0##K;jfU+0cVa_$Ki$Bv zg^N$1_d!%DE&6jZTUl8aTv_#u(JR z+-5Q+JJnSb>^M+fpy4e^v-#D#5|OhvQyRCMc~cT2hymL(P;$8Y9+>&>ICiLEPa$1$ zSEix^kbU2h;oW-(+2{Ra3dH-W@Yk$)By~sv768TaLq&yM9xCEQufd-iV zMd;8ST0SPj>K)(7EH)?bL|1pf+!8i>*FurutLj1IbtFt(_t?~}j?mQgMX(zV;M92r zgWP~*BB@g@EVAVUY;EKO%1W4ypFZ(!1}X{O#h_i;XUFAxca$%;*u8II7%mv?^49dl zuko9wbO}stC_kCL_<4Tw^sdf8NrO<{lD_ycCq>UH58`W=g==mP&Ix2F0kg<8q~u36 zO`)zUtKNYQMs6eB7W5>IdeS4-jvK<%ld~>p&LfS4gcax^_?sK{AK=4qejP@2qkeOS zLY_I$6LOPZ|(JigC`4 z{o_mml)(|x4@6{tt3#J3?Icg$_p;6lyiMz}7LcXtnH*;FzT8?nA&czk)G9mzbNe;a z>P~>&e^nN#iPD&~e2mCXfiy4>q&1Eg;+hz2u8wX&owKN0IKK(mPtV8*2I~qBevGJb@fP&x3HNGZtf@0aXH6w|D6Rm?JTp1Q zs3!xj@;{4#PaK6d+T<9Yp8PwGu{)MBZ$pi~)|Mz1OPC(sZ8 zWP%T0a-a(0QbT9KCUGrx&3P0t1(hxl(;52eWHWk%X|})NM{kqa{@P;zq|`<}i*ZFW zzJzZr^ewg{vJ-hDm+j_mth)3zceCKFNuD)PQ9oGErui_CnyfzVIyFrUD*boJc_^Ent}_Z^8T%a%#; zuR7N_CF_-3vV%qhh=iT4=Q*y~(qBX(;XbUcKn#1)?n(C@{#>CKlA2NeIzw1Unm7;( zdHQbu3&j4@D*J+wvTnbS%M6kL&Gy<0q!uB1K*KPej!38Zwj%DDQRB>S05<#H?=-D^ zQa11cYngKBczD_FWNPiIPgAjoHC>G3`c+$vM{0a{$iLG~kApI;`+}CF-ntS`nA<6lK!Wy@~(DO zU2N1-?)xcWQu_U)&7|n81`N|lR(06-S!{V#%FWZ~bbP`VoFe+15(DVKyCjDIPB6K3VIs2@r-e;u~ z;^$Fc{kBfsAJ=V9N({|@VS;8~k1>#_&41xgT$_IY*T=0cU7P>0=v$7XE2?QVxR53= zUtZtxT;O)_e2k^Cpa|wgMp9D37?#2A07jRtEkTOV{5OZ`#6hvICU#wlPOhFy zd~cHK(mPM|X&MW`rtl9$o$dlGf$NL~V zelNoJ_r<@@H@?5@T;CgwI!AdkWHmF7m3QR#w0{=#xAmD{>962x>FOOwO;e>T^I-D9%g+JXT;!em zL0Z3K1^H^$D>tCGWaiWrIdp68BMJsQAnBDcZY2AX(`~?A5WcFh2W+^qiv2vrS4^jL z+Xn}8$YkvO_chJYEUQZabKM2F=2F5p!xy-e#{5dW0ZBDyGhH8sM*oNkla-?`B@!Na zISP!;e8s{pgz+L-d~f2yPb}6C8Q)1K@3>qku$l$#bXg?TnT_$+Hwo%$#32@mW#|() z3ZoZ(hSx6MnuQaEC)2CfXP8V1YVuy$lz23WlZg$#+-Ugd4h_E`*6_Y=bsf7F8ygP2 z=mmR!*jt3EX;_%X62viteDd2x4lX=u3>|e; zIM3wY-zb;5&Ysw)GHlf0ameS>SROgYe`}O?R+hqH^2M^Kct*Uj z>;LCndirDNQf9nMNwHXy7N^R^m3E7-C4TPX(u-tuG)D7) zv5}OY@DdAj`|1mSdb-ABoX1y)NVCwvvYM~hgW=lMar-6Ta;w!FajSjYzQzEf7d;xOu`xSv>{ zE~ACFq{do!5e0_qKMhc(lUDwXi??z}LMwZ8Y~>bcWvm1!F&RpPw)N{r&D`EeGrMCm z-+^ZK;42ErcHFiXrrFIMh}=Vd5nk9PQ*ysy@f!5|lJph5G(VDe8f0p=B>s<({LF`dh`EI^BsViTYXmu~tz&Z5{>P9dS#8K! zkrA988wbPX>9u0(_zKGDfc8e$8T;RbE^(h?i8WysQ04IR1;*k6QPmXriZ$bfFPY#z z1zN!N4C-|LsScgKsY9pT==?%Dl)Uzx{_+E;aa2J(P|ctYU-N98*6jtz$ZMLWt~TQ} ziib}F!%dI+cqOxjp8Xc>qJJ{;gM!*L+Za}jq0P|iz#7mU%Gb(y)BbNT)kFh zu}Hk5Ur#qhMxy3@b0B=8vgJj!?R>(E(!k;OE!8OL$XExB+`KsG0DAaM>4(W#81dL|uZ5Ns|cEIXa zTQHWXfz{8#o8q>Hi}HXcK`}Enj(-DE?}Tc?)uUnU+}DB{(RUdp96SM-a0l{L%F?aS zx=ly0QQo?VdT;?T&`Z%x^xYenjbRSEXPvKjhV4c{$#<6Xp6{rS-T`=qZI1M4iD|~_ zQPftBi@u|0-Aaq(3yMH_)r>lUw{jSeLJ=jT< z79-!F%_>dS()`$V3cSE0I?G@;ScZO3#JoL>pY+rBs3eTu`#-Y?c>hbI!Agd|9o3$C zHhrEz4IX`@Ej92%muKdBa#5nvxycz8W}sLsuGo37y@4W<55}M+3;c#u?;fFC&PFBb zx~;m0PvINM)F+`X6^TvsC1jL|jZWZ~dH*{<1Gc?Gu9`D*W#uQz2-vQFI^7h`sqJCX z-w(BWzy29`FO9!`Khed1 z0wN=bS@=ohL3|;`j9xFHxTZGiZdUeiC_92OW34O5HirrG)N-`IQd~Rv+!T304v2%U zI#I;{&NB2t*p^IoA>pYZ8iAfl2>KBIDZ2*>Kz*RiQD|p3N2ALDuz;hf;Xc&_c`bvi zXOO*F@7Mx?Zik=6|3YNTm^buyqSx9Lb}e* znb!j@A@4tYC^XCR*I0faS@U&WXrlgiyWo3bdOaw_;6~R@= zl##l!jV;@96&quQc82HwlS=3HL)hIfq~o!AAI$3ZJY`*`XWji=x~Z9Z!Fe+w{UVHW zRFh_kroms1`E)`33t9cq;!T_m4OuAObq$|+i3&73f_VKx*YLle!*`4h3ni^dBhL=_ z-W23FH#mY$7+Aq~_>7R=;8cX{$QZ4?di&S>9d?Kqp!OYEop0z^F?1o>7Q!|R9BqQ4 zH4s2WtGjQr+|?Tvnw>zwyrq)rCdbL5a49sqcngPo&r)KVU1hrCooE%uidhT)AgTU? zx`E+zBej@+v^FZM<8w*#?5M|h`EubUdpzeG`cjOcs_E5uFQ*Gqoc!hoyAF3MT5-dV zMoxAFPyL|*#pNeBObmPfj^ifq8*7b5dWGg%&YM~ce?9YYJ7dIKEwkWla-!mG5&<#7 z{a!;7v{O(w;!fdjstDz+RGEc=A=Z#eQ{#};hnuzbE^tr7lI zX!a8xv70Yx;9#A;#+gj*s)wq%7h{9ilZy{xH)FW?m8WTJje+DVz9j->4CW)XkwdJl z6hyTaTc)?jI{{KXR%-vBU+94i1r#1>RFR2=KpIU|zl5pkmQZ?4G|ACiyvBnhOH) z>>dv5S#Gubaoxu<13?i22EBhL`ux6sJePjE?Rs8<>v@5syw8GYEFou(TEoKHA}QBc z-n@(*3Q{9v#U1ATW0S}VSKm4C9#~nqvjx2~U@e&3fvSVl%zDqwZe^#e?2Y*cwT2(x zN&Z26#bcy&+$E|r$VW)b+X1Vj*5d#MI2V0{#KNCMe*9;o*E$$}?L~BtoSDU3rm`gN z6EW{I?<;^-n&H_aRHADS*#bLx*Wuy{&B;3t%j%siZsfbXWQE~b46BOG@ST9G#tdVS zHqQ-oY&AT3wWN{)mtEN{jU{dE!p*R}pwCv)mZ{Mf$OA-FQwbvmQ6p5g#{e#v_n6u&C$a+vdOPZ!-jyrWkhFZP<)At>ilO5e9J{2l)k*5F5|D_;~Ua zWGjF!QM7K?eG0Ep;B>!;CPT$AzJ?q4px6NPF`Cv*$E;Mo;$1?c@7cAzMn&u{uY}3# zMV9o}U`ufVyG15(x^;aC=_FDawLpUams(|Kwl-|GTxjd!gxz=0zld~W|F3~ZN&VA7 z6LXMk^kl`(T86&f%13;~pNOYudwwSkE3-<;Ww35>&3c}Tn*`1+mm6MI-7 zT96wSAWxwOk9DiJ0tuRCVMp=4w}=Gs{;QH{{tX!9aXFac#ogD47N2o{zex`BiOt@NRjUMwppElb&nGTs|IR>;%Y;PqLB0c zKf*_m8AuS-#}I9stCPGpQ-hnU&Ak5>j?^=_kvE4p&-s!%-AX>W5`}#!vC3mhVCqSo z7E1E;0$7aMCX6L%lYa;U(2~z0RfbngN209AY|{96?)SB(@%|b;)NYX>%U;q!mK|&m zs{~PYPAxIII86hG;3!PaQXfXnP49r6_oMxXZ?|2cWNHKs1X(;%2MZ02;0Dri8TA9I zuWK9Ka}EeHq?5ZoUjJ?J`v01ZpGPkTF&;A&mpLq--^1uAUFsFEeN#j5PSs_WfI`0c zrlxJZK_8ro0}0`$r*x>k$f*7jy?S&`$D7w!bk7?I`7f?9+JnMXMmBmNG$H=L@_itt z;s2+pGgapXQv$KUE2vy*fYp;~tgT0P#k#xc0-%UNseIrGf#gM7DQk_7WFg$x&ZwpvWzkJHP4mCNJ||?`Z8mrN5n>;<48ZZ(-;b+ zHvIR&FvBf)orA30+>u$r3{h1M>WwQm8prz<68)S$k5<$l;68?3ilkk z>yT|Xp6pxDx~o7;5e)=$S3qJ=#5b&o|TNXo1CEXDAWa=;923EG({wHz(_a>!Ruy;W{yZaRjn53mCel-<+R#yeYxglI9tT z#x=bEFHD79d=3Mf=n@t;rK}7O{kpi->#Xjv*JUm29cP|AH$pb-o@H5!u0|BS!Z4q^ zw1fFvwqZVZKHk6_!miYj?O8R*CgGd`WYa6uavZzzjs>SOgsMJq`<|T-GSjykV@5tY z?78A=HF`v&Radlk*B_y~>*r9&HKT==+LhS$i?dcj<#)V=k`Qf6YPm%zW#q_x;Mj+NVgx7l=sM6 z|CI+=u-}z5dg!hHfS{)NS~w8h_zJvD9&;}yucRBHfYL0{x3w76<(|26;3|u(-VQUp z$Swt3K)dHqB=shK)gjiGXX?-%y^B-X;Z{D-YywoK9Bk)K@2HQQWd8mzdn>il(rLl~eXC_^PX)>b4_+Lw1_Vg+2Ykw{apr3TLM#!C)T6l2P{4qX19JqM4`rg6iB{ zz3%7QXNKBP$q1_9)OOUfMc&(&Q=ACueq?f=vN=0NvU{J z7474wk6ue#7(A2#Ner6UV#~wJI?zx6VL+b0_;Y`%3D5dX-dw1d8C<0Ntp;Zw?>-Ul zBTR>BpJ0*n%TEN~6-hvX9lt$Ilrr zT zS3$(f$wDkyWTm6k)3jo|fOKS&NUP{Iltcr|>@LTb(NS&W`&t*XUuVEVt;@=yTexzO z1(md&QsK@;Ug`FCV95;UB~|9B-yi7nPJ8{`_achVwBQnZ#VFB;rcmiM zlBBF=s_peLP(7 zr*t5LRqM$yY$cfkspN)OUbM3n2X3aUEIkN=_iC##cqwX!!MmP1hC!QWluyp)U;s&+ z{0Mg4$e+<`PFfM#v`a|EQ0C@SzUTi zRNRO0maD)tXj`ir%@Z*;arkHDe^6GqRYFb}zAjs1!?&;(qIN2$2ghZ5jRA8h}*q>&BOcx;Uyyf{OkL*(3Cn0P$mmq{))2S&`aiTJE6tjeyffh+ya!e7L z=wY{6#H}avJ8OV+Jec8D*O5yxiFL92YanZBhE!>|YD9CT`8#oLT*L0RO0(ZJ=1$qo zZn0_2;r7e3k4W53y*PK_J4^3!k9`5hm4E1M8pJ7dFG@aiOEle==MGE}+sBti1q8)I zhdyhzt@k+K;ahm7Pxv+0lTz+63S6Ie6y}Kqq7EstVnQtjnY6*b0MMqq*qHuNhLzVwXA-o3Lyi%v!Ck zBD=+C!?hjSFu`cUnIW(R)WPc^_!peZ-*wA+`18*h z6vFY2@8Eeb{96bRclit59}mIhCI--3i4bNK~z zKfpuXT#;Y4TP&1cs*orZ9(ckiZ+)W1&PQPd z41xF9>&C>R7CagD_2{iAe&rgvt$_gaY68%Q;m>$n8YdIx21J_4`3d}jQ!T_Zmkb;L z5eDE#_zb96vZ3u8L;5G<;>UUIH0{vMGpA!lczi|E>CQ~kK0ckGjDHtiV9m1_f)nhp z%4dkA@7H_zHgq8J^l3w@^(*`q*?o|c+Nzk7+NuP0S@Y!T>@r!m!?u?e+x7x4<`^2s z?cI>9E@r$IyF_$p8(!=A1YT?C|2=2`{*Eo0JwyVjE$(t6<63R2OIZ4|ksq5AgaoAZP6~4P@ zQjIH({8`?^4u6imDW90U9}3N8UeNvU5%JKA@hG@9&*vVk4sG z#p9j&s*@yNXn|DNz*pe?L_)Jr$9XJ5Gsk(4M!Qne=;eKSjP6B}GQ=P${rJs6ePQ0Q zDN!|A(bZ(4!?%LABmoFKG~}Sswe>FbVWi}+n+Uw?W0yL0ef+U5_Sjv2lJMG`6`{kV za0z*qIacUj`c7L~o}$DHmq-l~>~Yf4a%k`Tf-G?vGPGAR+2{ z@*Rwgm*-9~a8tg^(H!lQ*nX`>^zDF!SF^}1s*_r945GfVChym}VF;0mv$vsg+gqTQ z7Oju#^w4tT^VXyp+85Fz1Zz7 z(}1)81I)T62Zm(S0IN8d6cp;3^&ROS-eq36Z_!-o_Syos>Pf+A@q8^?E;o6C>L9=~#D@6o;#<#S= za>p}4=p^$tVs9{Vc!gZiG(kEhUefc6hVUqt#<>_dv7 z-pXTLc#EQ8lAcR-A4F2M5tUp*c?;)#7Vk~U`&iog%XJM8%(fuatLE1|h>XP6uFqdw z@ze=CHLT_z^5XH~Y!Gl8QNWeCYI(NnJ2{UC|{bompCU#V(NA3Ij zlIgelYc~2@IOqSczuy0`zphw+54G(S-bo@VS*rUxMYO2yup(xhgLVDw^#c0=onl}> zQ&$~Of*$`tUyWOX>K{>q33Tp6h(&z7#Y_wdh=8y4qzvJ0#MRe1IdG@>MKg026sl&S zT>Lg(b(HG4LsTE55Wg#*BJY0Qt$gEBc8USp{g36CqQjd*N#65L>~9XGv&*Do*)L&s zX6*Iu$5_ya(kC@duV1Jl{i<@t_^XOYK5UshlGCG|pQXd6*dQl#@SUmdiw`7etpq(wB)z*68iP zwCA%(CmQFOsk%-Z_x!B+O9eTO*ge@;T@R?(dodL7cPgNCM)X1q>Snz3hnIEwi%>&4 ziIk|tPzO+DU4^*gxm&4X0%yw3e;Xr^OCxZ{Ed9J@Hc!KOynRBUifVDO(b$?FY6wR|A2Q`2NZKGax)obq#UJ8*j^RL6spKE z>8~UY=F`LJBj{b<+EKB7+F#u3Q`Oo6|a+(DJ6DE*+9v^ za-o^1CK3AbsD=ZSLcFD0*OX4FSo`~g*Bc15sV4H7!`ge z2ha~^W{dubtafp$-JR-0;7V@514Qy7t9C05;l+<|#x29Yd0ty1Dtp{`UU}z>vQjJY z&NEJRq1mZi#z>IhYfbiag}lFhIa`<8M~Zn ziPfnTXVBTKw4#N=F06h-j|-$61DJR5MiWuJ(jK-f&47vUwKW%w$$=9kGYjUrPc~ZcZ z$ZS5Us8c1yv@mxV8YMD@({FQH1p8EH+7dmakFRLXzmY@_fURYYq#sBf!=qqjZ}{ji zihkwBplB&$C*`mR)^)P72hH9*m!#r3tA1}2$SR(+@-_OfLW|UiqO9!JY_=QXcRQt( zKSN`gz{g`>HU_cT8$%T#5aMq~p=GYo{F%Sn_7`6^+Ww-LL$^p%+o6Hs9BMn>@QGJ= zPmH&HFSdQ_C~W&NS*edVMbw5of#;vta5d$|>yc*cZX%E5GJUwaKAownCzrWt=E?=H( z^6Ub_^E!rD3`{<&*+SRFH>>~BEyy)zJUv8TZL%RXHic850YZ)WQWF|Kjfz&B_y~sc zbuo~+?9%%l@QAoEtrNYgX=QwH-2aaDXt9bus_(LbFvh0|=8UWbC( z4r|a#UY2g2_jh93w1HPJ5 z)Txwsarv?0BxOM4-xQ>&HVq&_oNe7ch@|hP@E`8W(8F3%!p`y~oKfrj@CoozQXbZQ z3)C$Ira&(iT+5tWua%Tt6bxG`JniX)u0?1QbrP>YdIKmX>@eeNoJC0FhKbx+F>fzQ z(bqqPo>?KF8F+eK&--nxYqw(nG_|W{>w%@$CR2DJ+I)UKqiM`8Kp92eqwGErWguPU ztG^70yo)c`?#PZa?e4#7s~6Sp^tFcb@o><8$a874FLoB_`<1i6kJjZF@$H^(rABXl zUJnB_b4HsmKygR8PUwH)y?HUMof5n52kqZ#l4HiwKm?iNg;15IU(rzOs3xeli{Gz58^IDe^*+$xx2$T!v>JHCXxq+`uOo@-trcBUB-G(_D`C^_F`< zDxHqHg~v&~UeZhSRcC3ot30SltkG=W(ve>+$gox{c+ViVOhkjWUD1KIU1Vskv)zHf zUh=K?Q?y#9m`i;+rpx{TcYZ?a2O|v5VxN#Agc2qn@ z7gd~C=rBdrQNeHhO2PI{3vO*w@VG_n3R%tew}m*4ei@1_5{H^h-k#CE!22gAc`P_z zcqCh1blxF{ezkD=Av&cFYPOq5Lyc~`onI~d`R)Htt`?TqwUN*==IFsDzHuNaeaok0 za|W(n%O&8d%yovVL{$x3&0`kpqn?Z*!1uqv6!*Zn4{T&?#xWO=tFKoR_PYGd-YlGX zJm!dx6bnT@}eV*b>vtm&=6SiVP`0eY{3=fbw$ZV^r?!t2< zvW7;c2+hN%WBg(L{>h!qnkLl}{^QyNf`bfn?C!{4*Ppeer+Z^D61S7SY@JajU-6P2 zCvm)Cu{EZHp=Yi^Vexb>>nZGt5hSsgoZmmzOC&4A*^}+^*oW$7VbrUhVr>OIk?lAG za-lav8G2v}m zHqmU-iHiD7N|MpT;to9=Vc4M!k(pft@K_U`#Lx)4p@Fi}hTCwq%)UC(grwv1=CFPm#FXYjBO-;In-i$A!ezwuFE+B1MFW?kcSHv`b!omcF{ zF0`{zGvp)2KFg{E((4LiQ)+75T&$KD^@$^ik5(7I1j%m;xX$Qqs`Xw@#IEEl<1e-g(6=gr)aP-yntw&j(Z zeyuz%UY_@!=zpNGR`1IRrR8*J-zUGfJl>C#IC4Fp&3Jw@}0>^0taOmQiS`*;4^WpKHKXZ@79W z57DcvR0~QAq5b+ha1UHkr~u!aT3%HA9`0-p$ZFBW@6pcIpxOMl($3b9V1Kn-H!Q1( zE;Y_IYsfW6SaEjLP^A0I88vQT)EMN}@Q7>D&=H7#oESq~#GkA}dw|z*Ct&dgrqB-m z#vEn=cZ^xU{g5Nf-)mUFwa{L9k#4?L)6wLui{7%@s6_{=l|jrOMy}@Kwr1V>NGz=5 z*RG5E5)pxOW)~!|4EaDq8i;qmmvVi7Q$o0L=%6vf~|K*UJoceS)Z}ZI!5_jdR)Iq8bp16-X!R37r*O{3nBh zmy}keHvHN5nnq4cfLYhrW#zg3v)Wvt{A=g$I`-zb#a>CjU+;Ok;~Ec4Yt7kA;YS-3 z23m+A>c07es1`(2b9S_cX8V4g!&HSxSA;0%wUN<91-n3r-NRE9U4qwDGaOVxN=^8s zs|X4IyAj!al{z%A*_8TEqYS zPSfyeG|~jJEf)5IhsntC^9EuaMYU*e11+#knl1YlT40;ds7Xg-U>!wf;Fzb`p1b+i zS;uTgV_SbL4r9{n`FDVp5OHfwhEC}W6s9D6v!nRDW@jzRBYStIP>no-NrYD~$JGDj-q$Fg)0XZwJM|pOC%tJzyt)0T8e_5_4ub zl@-0<1KwIv#&=&~W{<`2_%qgHP2#N+t-SS0J8!)%pYQ&}m&BMn{2u)%JLzWysxQjd zVlS;|Mb7)N`;n*hJB!8Ia)ZZ-pghUA6r@_d`|QvauMX!_%NYS%`Cu=sx|{`lU3mw4 zW3gXX-oV}{+N*U9#eTJ}r%15Y$5~w1Kg$Tx{gH9>^T*-zv$9_=Myu6wj7h4jEQj~V zNmFbPHgT~*c!rA&!un1Jp_~oE0yYS<*dUbAWj4NLmOlK35MK2iI?`3xs)1&~HzDm=@1ttotii_gAy-uVCF@&APvWbzfoKf0%Xu3D*6; zvhF{|y1$Nfe>LlVvC;k2*nQ@pM0{n3_}4fg>|f{kUSbYWl51 zlKMwnZ_=+II6$ekpIr_U`LapsN|LjbWCC{t1>gO+B0y;61a&0|kjnU3 zSbP(^nRI*^z8uzHit*(c)_^~5V!w|B+3%kl7|`|k@aHN!{F!8p=1IP43$qfT%iAU1 zwOdlULfzy50>4-y(PO?lYZSDDw#WJPWaK|=C0$_mIB)=Lx36ZqeM=740I6J^ScJp8 zjc$12UgVDDeWaxC7ib`7ReVQlqITH*~5RIjfX5L4?f)X95LHz9I_#5_Z9=0V;;p;TSR36 zj8Gcd3+3qdh{NZuhgpQp@5j?Y-lY$d!-r=36yDhhm~m8aE`FtqYb(Zj??NYMq(G$1 zmVA}jG!)(&+-U2w7q_-={yXAC}~WqT1VcKZaJpv$;Ur z91gjZMPCA|)f7#Q38Q6gcWA*kE<1(yA2u02hbj|jugZeK?FD@1Ec8#)*p27qDt=84 z$C7du6+6#m;(Rud8sZKv&hqdTX43Ti$!Ka9Y%0I@2dc-4&E?nPtq;DjDIk}B5}*sL zHhee)eFW=7)yG=#DA~vde0vFj9;NM5eeyJ&JKli4(pP5}IN?ve%pB$!yLn4MXQ7UV zJzt=N)C8@i0EY0$SL{qQW86XwdaPYDpG|D$2C|QOC|mcfXncr9IO^4Gn{Om>MF^~V z_aFv2PFk1>h}+e>5J!h<^IR8W0?QIcgH7D!dKJq?8^sIgNr?luVkdSPJ4LrlV!VZi zVx9WyQR);1J1ZBnxkxsNfh~w8vK}4EGhS5Jv}MvA;))&2;xk$>A|1Z{R%x89boj}(<_J`pfzJjBN9-? z>>zn5U$gyuHOWi)B=#SPtJ+WNs&>!SzeCmjb6ZvW(YUJpG*h+zEN+i6Gg}SzMON2s zO{dsj%N9!@yAJ#747}x6X>=FvSniZ!JdL~Xz|vGXa3vSL*ggLc?dVFibJ%0E0NOpf z(LKKr+vZl@lS1EJA%#xnxVWR3&VB68+b`8tW3_JHwcm}l%o{`Q!s7z})DBn0N8SDh9IAYP^&dqXm1X(FJau zGv4uAqr9<#!jC{HHL0eEH<^OtSo8+(Sp*Hn%fTWyChIrdb{fAsU^}yleUWz!&cZrf zpS?*A(DKr3*Uq4$t-b(i*9*T33m<@mbIEvKW~{@`KL2>SgDJJ&mg3{oc}tG!E&1y- zO{;a~)8z;O7aEz9{#~;*Ls^1KS`gpiR$rZ2Q0N6HRhEu$)FpU z#PjG!0vq$`7>vr)Y+a|*C|;o1R$N0&0}N8Wp-l?U6lfP71_KbC;to*Dq!l&TFm>Zr zVjTndq~kjlet3onjnXd#I`;LIP?YwbQ_Y9JswG}zID-|)u@QA42NVi#xd(N}ldQ zjH|}&DN*m$ZvQe2;oQX71AFhD-7-;q>Lj~Q?~rH0#M%lCUkrOf=%}pD?$m#2{$;d> z{-;9sU%K`(Gy?hpuR^GY^hYY%auZ`Ni(9NWn~0V-0;YfWCZT1EW-DJetv|aBfg~+mo_`bj39_FC_H&s1 zG_fBOBak#Q%me@^V>TgZ>r|qQgEiZ2Q_)L8KTKtW(K(Lj*qjwW7-e;1Hr*`JDl@J^ zS`lKmHInIKc*#{n7)Oa}|91gNv;%4Z{IkT%3pbCY(u!8l$-SVoAXR+!4jB3sJ6~jS zal3f49ph`XS{`}jn)vWell=E;Et-p;>9osjK2oa}4i&>&#B1)UAQL)W@s zJ7g4;4=M6P@-~B4J-(GNKdjlriG=y#bMdNm(*Gkgc83*Llc-)}mqK5gCkM-mRvC31GfmKa-yF4dthv2{)^$W&Z~)%@Dq zQA58z!A^gC2YTf26}7BHd(B)I$nSxaPj?PMng9A)QcU3W=#E;})IZQ7zsAm6UEvbG zdj*XQly{H?LK3z%q>h!$;XZTP+Ly=Um!VCG>McfEAkK!zhw2zDsQ1{I|1_!mhUv;>FW%pL`z}B! zWq)|^JhYObqjm}z5sRs&-~ZVEzKd~xZ#1H*ebHI`G*-X(zto?i*Z;TMex?3msK0f@ zx$19gUpxa_Qbwn+w=O{y`bM$=-x#W>^GqOv`wwMugu)OfGsCc|`3*rgg?P7wyyH>N zg;$;&W|t2HQX)ne=iNx9|8+N@XQpwg%Pf|CJ7=^xEH-jsfdOU5H5UF7h`SPU1S{%2 z4RYYlCRk~Z_2YV3b)!Q>3%mOn5b6#+D3=j6D0u{}snO^uK}WRyM$Z_LYrqp@Ecnek z>81m^QKKci6sm!(=Ox%~=hAg&Q+fYPJUOqIeB-iBKw0tDQZj4cU7<*c*6IDYFo^kd zIOWFJxea(MuZMrS0OLsNGZKp*=2rG=w(BpVXju8!doFf2C`pAu3-FQb5No>Tmd7S~c5(;WQ<4d`p3f z-pC4Kn{L#s(@L~WNMru1VNW!nAX12LP2zM5tszvDr(RHY(p>FJW*)R{;|E|U66Co> zb?E}~y7*xjif%h&$NJ*AkM;S@X-GoQV$dGDW&O3#5WM7QUii~@(D(dH-jCL&mMU zxP7cCLy5QRoz`FF!u1#wgwiMRgb|t=zVsaw#Ale;jj2}nXNQ0JVy&x~T}FLI^YF5A zr?tj4E~(a4K<09=C(;e|Gp!hn{_jkGQ-*@rY74W2{s7?AX*2wd!dBe7Nlih!tLlb{ ztCjhZ+VGp{@ooB&4qkhMCAMoU>le-&R%2EKap9H!_VDCBW0Bz5lk|MC0L`uA-b z*h1}CW-l+=_zH5HQ-E=+nkCvAg7Sqbi)R6+1rc}y7^|{ z)GFzYC=V=-=-omkuG#2qn(fjne%spQr?%E6AIGgtPLZ|APolD}AsLVK4<^U3%c;8V z2*1ddOtWhi=jo2|FEI=oppa%O%|*5HVLq2pwG}(F+S?Vybn&y|Ug&7HC&Xe9i*LqM zwpE5(Fw#48I98MNh1fs~k%b>ka5=6Ss++lW?ruCq9JWftD>#8D6gDj%E^arRjK#u+ zrKw`zDlXbboLw)^UPbr5&TpXM;dY~^vF~IOsU}3;T`h8}EL~}B9%gueZ91&CskN=! z_sF4o=rg@d;kIp>q_+thG^}ldQbcVBwMU%&C)S>WtUY_gyaS@|RIEKapgmS>4|8pv zm7vm($CG3`92;YG1v0FpoCGdF!0SCXR$F#^M|U(Z|08V!tN%+Ufa|Pu8en@(V1CAT z3BVlO&Xk;UIxO2O)pZo79q}DKmSlCZ74{jDMM6@8VKILisV+Usr6^1r+`- z)vk)&-s_OFxj_zGXOXtWFg|W$fvR>V5wVdj^?Xq|Ar9My=M=z}$%P;C>rnPjw7>Xp zsYeP-<>+oN;D-K0$Ba8*uFH!q{-wFAPk<&;XcM>?xdL4 zAhL52kw?4C1{d&dcSpXZm|$q<8A8I|-UJTnX=4Qkj7^Jz@i*9r63-bu*BGv=1bG&! z!Q*=zNJk@l7c@l0!;hMos5tC3wgx{~UK)>KCl=N$?J8-Z=txH+h$>fz^J}QD!=Av^ zD9zrZ6Ie;9hY=z(PA3P%qh8`d?z}p&Hb^0$co&5&O@k#(w4=?P_nn?k){sr`K2cqX zTSi;{2rzLXD)fs%t^oF-l%liuAd9arqFvS-@kDYckc_vfUA!0&TK_gUAzln>%dm>J z<%`M=Rz3yWZBxFeUQh9#a+=3O@yFIP-Y7rjgs0g`1|wz>6qMiofbpFEk!ndU>Ny9; z{K8xqFzCzZCGF!&4Md~aqh?td*K@8@xud5=3n^19lD1O`Nrmt5KGc7e@|*9-87?&M z;@$uKob{dI17*QD`%r2m9GY-Z2O?3mE%Hj-P9j8pN zs#7d#DH`}kP;(PAu#0c3q+yMQJCQfU)I{CmK9S@<-AULxQ277_o{$(i0*edy8{fD- zn%5!vs;y$-es2?c6u`7xhbMh&kf>}si#T0aC-Eh9z#m=aFhz=z*G;g7^PSSDilfDZ*-@$X934a$wqv zP9=c$p-NyY5zz)`dR=;*w^SeXcTst}=I0Khu8nq>VB~oJ4rFz4tK60|6ji!aK-GzT zio8TOoj@r|uB4cuo&s43ilK0_xP6}PD0^xlTw(SEjuyVkUy#P^S2fk2e;AIbK6p#n{dMvsBtwpm~ z-&xN0fk_N~ZI%Px7v;cP^l9LE7DeUz=+HLnuY}*?ytvC;;81*rG|9KiDi{910us$F zsf8SqX`-5OF*y$%LEZa|3woh|X{YZjFCmxVNi8XtFYd~{L}T`-8 zzaI^C7T@U_w$eA55?A^MbXMSMf`538sTHJ0JCi6~&%nP;c(p0rbeiWn>}WLPBh(4( zVU)tqU9sRwgYnh#dGx$?^jO!GqRTGRmE!G2ftgK4{K7Q0KeUn)!a>b8xSzxL%6mk0 zWwE=A7?MtN)FTaPj9TOLHzXIUdFMw$=qQl%qt>~u^p8Cs zOjd7rw+VI*L@eco(a*r|` za@6bkyb>6b0kYb|rCw~TtrE!Yo~x5ZCvUR3ySqE z=~bCW2Fd;;pFDCNX?H9bS{tuG6v-^8pp8Gb&Yu_}1YU7!NY*F}kCy|Ze_8^fK$n<& zoF9{qn>vw?V*;D)Jf;tdUa8C2_^ne6^nVVE>pHhXd1B$gUn_4{U%k8}+9LDY8aH*$ zZ%Jq*aT~wcT_*6GLr#A4{*r*X%&A_Pi_UcYkb8&!P4!Moz2lHvX#N<4e{F|U__6mm zDN$kPNdY<^5-jyz`((x3ShB|1W4I6~;gpixXt(D5gXQyvTk6(0&l~RPn!peR#&gcX zhD8&_K*q;n;F9x1U(Ika;QZL4e177?(tx=SunEcJUsE04Rghtl0=)*nzI>68yet<( znkX&dR|+ufz;OXs1FbH)9_rMhf9yOSzj5nK5V@;E>|929nQhngt6V)8Nu;^lU?gA%{zB3x}y(`KsH{F48L$Gh3l}eScp&>XEK~k zJKk@Q5}8dw^dIT%FvUaWcNX6fw}i9AzwK=n<|XkJ$5;rN8I*&LJH}B^Nr$7Ld|#3M zHarR%D*BeqLRaAAm*`}#`DJ#pC##cztk`zKYk1vPq|BRzpI_EoY_@wGRE;`y2@>J# z<`PI6AgU!+gs{o#MEiD9eA5AnW~;RU<6JrqIp)%NqS_6~;N_&bg0C-=lm_X@pV?Qm;l9iBVJJib&3$6u|+3yxTGRKZy7)zMG^85#grlgoZ6Sc{?vO2+ntvx`O zV8g>3Vql6Lo#Zv!I`}5~A8e$Wa^PkMGwx7uA*LNajWOML4w>aVVq!O9sYclU0x0B80yc})yN9IX!oZ3 z>g)==;BYgNhsS{yN?{|qG(Msp59$m~e9S0StUYq51rM?>pB%_Y!p3Mp38V9V9d+q< zfMrXC!9@j-9)s=C0k*GOooZp-_S8x0{nT(jUeyNp7WpV{qTQ)%E31Ru{xA88QwgDp z7tR3bFzg+PR=xx1z~@ui|7$@m!SMewonE7kU9qd!nuu1{9 zT~eoI0srL2xv%ZPM9q&en6y;*3GY`-j0Jal9*>-}J@18~`QbcuN|8+qN%3r92 z2|6qK9>_9z`WbH;Ec5m|B(BZ)gf;NUC&VrvTleatk*iGIp`ZE3`n(nI59j}D)t@j`^ z#cvEcEp^Zg0d`EZq5j-;!FuvF3?1q3O5g2L=&d5?y&7218FIj#M!qv4JZ#20%XYYx zy0Er|6ooJ|&8{@gn`c<_*~OH{$z50?BS#D(S7&g#k(0aV_90jv)vmZBVdRV6%;u%S zkNb_`;J<`+qCd7XZ@>#peMK+Mf_;ZyJB{MZ6qfOG^3 z4LlV$aPK%#y$|o_#FcR0JnU8vaYbz%&Ey2!WW7V9w*dWNYp`}jeunPjOQD(r_vho){(`-LB;CFs47ScGhYMK~W>1VGF-T*9-NroB_|S%RjWsm-M@lmkU|@dCV12?*HYd1T$#6X90W;BdlJ`fBnS2PMp- zf?!C**^gs9LwWYradaMeP)=|0_KqA%Wg*%%mcm!;PNkid`aFvIe9`Y_#4gW(ZD2Bt zFYaqANa|gB5D&p*bph>rONW8rqUK;Y&wD%H^G|tZsUo zPB=B(W=6D+zg`NGav5~uNVpg};cMX}--oDB&q9Uz;Yk7W#UP_Dx(v;mG~+D~2fy$j zNQpK4N{ntB8Ii*5jpIQ4O5|(YbTft0irS}HDM(>?|D#EGqcWO<41_`RhABwG!6Xbt zaP@jT+8HgYMdQ~Su|A#{)IQdSRB0TJc;wivOOj^e2mR_Xar`s4nhM*e^tN%b;&st= z(!ckbC1`TH0{Dt7G|sIJVeyW}=v4RoX69kD!!_*BShjoiA@}@4%){n$DfHtNQs`8U zi#ruB10lGd+=YAG{FFTsKcx}J6DWNa?(~b@YMI3y_;V98Fp1Bf?*Z5kKY}0F4;v-q zQM`L3j9%c~$rw}bCz7()J?uYdz2R2Aa2K9k{-pF~+$rcYJ}?D6djdCPbCG2zc(y&C zfh}rW{H7&Q1(Yi4U{F8ISCoDoibaEgUX;N`m_?TklP4gE=e8q%1#zhSAnJ^d;{rwp zoT(I>m?12pUtun;A>xJRV`M^YS9}c}k(F;X+ZIbl{)v51z?RQsVxHU>96F-e)>zo$ zITSlq5*1fiR_A3!d&cAW#^QxT5wLLF(4L!T&>opjwuZ&*Zg@09Y_pPpG@U`K>iGIG z<#t>@ksnTL8h*h2C?mHYTQ1tS{6hHB#cixNDs$mZC>mK=Ub?PM;_<&xxSL#lYpVO zP`^>dEf!k&ioX%ZFwrX0&H&uDtO!}8*8dAJ`l2=RYA5%n0C9ZWth*mJCHQ<5cDTcO zsIO?(bP91QqoNI(%_5|c^M$0;go{5w{Ar>MfS9Rpx1`vxdGC%`$uf9iN1p#Y;`w_S zJb&Bs95IXUz7QDykp|=6)ln~_e}t4uA}Bm#RiiRvRq+-7IGcbOPtZ&Inc{sLAU&Fj zNiYcS&DX=3-GfAmP<*P-8yx7nwc-?@zsC2&rEB>4@w}MX2bJHn&pXSuDWJ zmkaYf{m?N17hh+Bn1lg(eup5&E*mYi;zhFwvq5&0Z<-ytIWNw}^Ih>Kn8@9o+dm@z z(MAW33`a^*%pymXmJr%C3ykNuaRDCg0?%>dJlf$u#;IJfL+3dH*TS5xM#2mGm5AgH zzM<16s?qK-d%XNC}T%nO~#Ahn$)Z2`F3;4Rr8uxqfCm%OLS}vkYQ&N zkR7F|{B06{@bu1QslhnI%&r8xe=9Q$xx9m&%W&Y0ollZh%LPBK3XJv~l+`I^K*{?& z$*i@;4?wJ+JWpH^B32hqLt4-qam;ayz){P2CPwgf4OYpJ4wdwj)d^VMu|Ko&e(Fy? zWiy2GW{&#M6h^ZK8a#LTY+NhjX{{8~S{Va%(8u+JK~|jjM8{2O^53iEh766dhl4bvz-F>3EVHjiS=f@d_inYL!{7NHNni0FCh>VwJ%hM0>2qnzyk{ z7IrCi%^&Q^g&1;vLG)|gYXTU}7D3tN8uoHF<8{7w&;Ono&Fn|xH06*4vY2v0R(=pe zKLG1+mK zo2^B5pNDTLAcQPJAAdr;YLF{a-*P%mJS;2S+0h zoNY&-&S@{gZ03@1bl*~C4K8GyG1L&+&wGDfPNp1+NGPKMwc*#5~NgwW7V z(J5;acMG?&%+4;c$d&Of=A&p#-_#!?8^n*+fQN)+bbY<_U5=VD4Om7CD$_*edW)=# zk}yUot~Du8mL)0s0sGy&bFW)Xmz7CbvNGQ4DU{VDcR;ja%zxflFDZQi$DYM%e&S}rb~TAEhs6aS>-BGZWzh}DNqcAZ$bgo0?f~p zd^{;urr^C!x*hTG4%W-(`HCK$j2u&UbbZ>$2k!W=&HLQsZYQBG5I2F=Yk2ys>^fDCp)=EeV~h+xeU=n*@Ja-6V=DpP{$65yz?{0(T4rc z;=-b{Gc-w}t6zXG<^6dab1(8=f~I53*)7m$lt!Z2&&=h07QK9f(xLeQLgD^`?=WY0nmutMKQ=}yFqC+)lbtr=KvjH*273Y5kNSXm zo@D_85`(d}yE|dDuV}Q0yUTFj+vFGoV!^YIkXXR~5f8g1LngTO5u`F7h5uTE4AXc( z;x&)!Ry)07w;p}0*-kX)V+aj9xqEHeM8Z2kukQ@H-hl4D=@|nQ8uy?WSdR>#I>{<1 z^}>oHsL_^`2HjqwP|WpYEY5YSCS;+Tq64Jb5E&aD2!$faz9U)gL9)e?aDOPCC*_KC zo-|0L^Q7}cI#23}zH(&$R9jB5a|va}Gj4+2*uqy-nGD${{P4CEyl8h8@hJabS0@0m zUQLmP0!2T6ImEO*gLKEh2z~cUKB=lw@O!cMYtn8$9!NzxS)VrNw0ob-T3b0@LBdu8>WB{(E$0-Xv>mDPI}Ag`DS z5A$evpG=~-CX8tqct0-P0#WVX?S5nF&gmLkx`x-$7~SirHhQV#s{!ufoBNPMfZgiD zE^HmQvUU7p&is9eVw>(>RGTQSu_D{L7cE71cl{c4&lN;E3k^z|Pp=nZ&`Oly26fz3 zMBF+XG+X0OI41`M^_nsPunhKmL76;H8n#SK2>Dc4%dgF%YY<9BbTgK8^MRjenJx`W z%t(Z!dEtEHo=Tl|n zPE+(UELJLfZ_x$rfHRwea@S8*??4-a@4eTyw=qDCYRqD<7^H;)(r3ed)lX7yvY=pR zgmP{PkDi!@JJylt`6zHPODfpzG?n|7ln3aXjC2F6{r6 z`&)4rM0JL!-naw_b87Q=K>dq#m^+Z&K7XjZsQ+TdHs2@ub^u~` z!&mPeqFQw3Uc*7=DoY0knJ%$_&Z)lUgJydq z?KjwL=H-HYSw`D5Q|DYtW1DY`?eF2fHZ=h^Jf6&=#?KSgu7vqf!n3Ow)_Q}!J$Al;b}kPQEk4Yu@<@ooecb95_{+PM z)6p@B{M=QrLOxhD$Q>xf1u|KE5Z8z19p7<%XfDT>Y-!};8r#6`|Ciqcs9YOE;G2e8~i+0bUKfVNtAmgw!G7dwv*l(P9_m0kR z1S3Z&w$hTAI>PBjhp`Qz*b#S~*TKxqE|heI?;y7-lGURSDpkO9Tm{#dNL#uQj(<*J|I?*c4k`gQxuA&%#8+OE|@u0Vuit`jo z`XPG0TfH)I8r_Ea+O6!PfCJxtNAu}cT0!2SS)D#l@a^WD%5<32fo@X7(~4SbCrf~L zY2benPaIVrSg`Wg!R*(lo2YV`f=X?C$JtY8`MD+{vN0B)wovd9>;zYcba z!sbQU?!aB#T)n(GQKAp$LwUofyj`q3_5r$Zb!Crk<%hZJVH>lwJt`qNw=-tqg+-QF6HinjV zN_IJLPreTA884!X@P;7v2SjbBrP}-3?2v?x2EY#O_!dNMr9~j~3!^g4_A(?3c!Xx` z(ZBCl!250f?>ZJ}Z*NWpaqKcmBwvChGSWW!de$!W|HStT)Pm{wu#8 zVw$_2-yAIAH=DEI&m}!d#+V0quY*TtcTNf{gwH(|cj10XIqv;X%4-t2Hs7Tr|5l z)rpq4Qx)RLiEo|i?HPEMK*5ksriom&7%+Et&Tqt>-IdqiVtf3AKrc>MagwgI4tTnA z69P|h!MB<;7cYM-^Kui)u$fH6>>rC?P-ZDyn9o;y$M{5?E$_Et;4uUQx^R0Put#QI zOgWs1d+>jGQ#WkxQ@n+KU*~3`)?7CjNJMRN`;a+|%25~@RJ*C(J6Po2#b~ANvqo`QjY7bc{ z12L=E>RBkM-Q_@uRSrB>M>RLPd1tkxn4+`sTYwf7>arYIhX8Z=AA>*f%Zshi>7vTQ z!z24D7IHwG=zyr$Dyt${e3;z|J^;vS3gaPIBS8Xj9h9JMN!c%|Gh1X8`?fUfRPX%R zsm?S@3Ww(T3L6Rau_dfofHEM6W@6Y3T#3$#5MS{!aWz{I!m0eVoPJ)dpvJzihQe{b zy)~2K7^2sidp6x(TH)a6)8JtpSuZx^`*|GIW2ny<6?W5W&%p~#_1Fg%#U6WA{zXdXcGF7V6E*%7)gYj#;Kv=Y||cAxtQ zyFy{_=JNL%YZ3->={}H&>ft6Wssy$>qXykXoP}s&?74;R>=;h zIxAO%gr-zK=|?mLynB)1-6n>2|D}GtKphUO zW4%1wzJqK2kr;9P38ocm7vBLdqxTg(I2v^n_s6~H>*16m|29IiyCR9nn!7D{AAuz(yid%VRxe=p9Tn+r*KA(;7V_v{1UsB*LuR{h2d*XzjK*8D#f#A}i7j zb7`eVD(Il71~$F&qEBx_f%$Gx?f=eg`p{g^nlLm>+jB2zdvItLsU?5_wEGQP@nTX! zBxng(O^Tg>Ap`5=*>!GiKkT7$ULEhh1xY;%q7b`2f~QSw1{wRm7QHB>?eQ@_&z-j?z9G5`_bhkCBP7D>()39nyu!W`yz2D947MVSyJFmf$0z9~Gk2k}gNh$D<3cqQ_rD1p_!4G&RgtrOL zY3?+kgW<98yINORiFLr)U$p3MLO!K6Y&GFc%9?jT6j-FIEW)-CQ1rGw#EiCtSL)Fu zWPZz}B+a(xOumWV5>!&7!+a-`AM7vsb|lGx6z7s5rtKq4#&z7`mw6x?$u(&v=6tk? zi(a7F76We8n$R6OmZ8~hp~NeO>emewcX0JQSNt_gn;Xn(e64*v*ZNvvWDc^CNdk5s zekKBwSds+4$q8d~@cSJ2c4iQ@_fv69;PCy?*sk>_}LQ&q1cjSKxC^cJ>*o}m++exreWJHo`J%ecgb@@b1ISOFwHiy#Tc&$ z@_>R;4e}HRW%@LB!HsV}M_2#A_t&Lk!Cj!>B^XA|rR)_#Ut7|Da{0f6&e)ZicQ}<> z^F2cac7KrXq~;mzYtevJ+UYEe2>fF~m*udNcfq5pI(nXlKC+tbLCQPpgl#CXxOmrY zsOFZg(C7?c)0Q|{FVjEsExiKWC2bu6L2U+b7T z-mwxM#;?Gs9D+_cIf{todyAxACRr!+X<)n#S!vd*k(6emSIILAd~Xr|@3}vrX}|GV zwf~T3zCbaCA0-ly&<~Kls$*leq~n;S=wlYI*}JM^Z&UT&`VV;@ODqFQ4sD}Lgn3sz zt2g8-46}N7yLjg=0B|Y01mBq?)*mN7z77DLQ0(|XMjl4%C}B;fYi?mrTDOiufAecs zv%6t~qPlbmu=1j;PJ^At3xdF{7W%}00{Oc0IR<_kbfv}>9OG-{c>j_V_N@!!0C|^S zfI5+iSXx$7%#EQU%1>MQmAz7t%{mf_n1M)5*fqoiQfLMz`KpuGh)JR^m>khk&|ONi zCRV?Q$HGBOl+`i2t-{dKkxY)#u&0Zn-iYTDtTS z>%!j3arQ}en^yY1MtJK^>T~aS^Uj06Ny~e|pJlv2G_jjTP5tnk_$ z?b~w{%ipwvwWo*Po_y<~RG5vj==u0J_O-Gjv1$6Zo;Kf7BsGi<%gbf?C=F&2MJTxykJ!zVG+{{r&!YXzsmdoik_7oH^&rnaPFUxMhRj zXXyZZg-)FT1r-Ute`s)M6jq{y7#g7BFk(>?a@Zpb_GVUlay!_m*MBQ-)$7Ig670np z2zzlxH23G_tzoCU8(QU!BG!nAH4{9q)suvMUhXCGP-XVZDv;lA)12CNc zOpoRs+!261+5?D$X+pv@5n-AH-x>{4)slq1OzF8KuU;#WGy+XcIqM4sRvon>&n`8>M<;Q zDKES$gXpYf0j!g!=CM4twE_nwOMm}<1mGcTKFV&OjKEdatC604`=y9@N$Czhokf;R+||MRZ9lk5SPCrJA5(zMmf5BtIE+M<&+82F*cVv zlb4pV+T3bR@cfLLV1P`R1q>hwxzc%tY&C;g7_vqjEq7SL{qQ$hZOfK6)$$U4*wUs1 z8nk!lh(q_IUG;LP(VY_>ht1Z+E;t%3{9jvQvy@@AsNvkHE4Q?RFvqf>mrZVBS?9Kg zix4}J=Myw=(Gcj)V1hxAO}y(G5qZ~CwY=^ffWk^Vx0$+9hyil1WkEUSR`VX*+y)kw zaa)^=MEy;cg}15Lsdg_!E+u#rMjYuO@=M!fT$D>jOx_@I|BQ9ZUC0!KF(oymW%6pjmd^R)aJeJ^h&L^7XJjbISF>l|OW)rCL1Z(buZg({U?90ao$};i@x7Aerl9 z=@=qR1)mTijQZ7aVq}}j&(l;c)&CQA0KsCBXic41Pyz*saxJWIv|QT`T)S6zh)q7g zAoy-mD+n0VPOaX=@Sn_j5SVrkQE}$6EN`h<7!#YCN8(NDIu@M7X^G+I%mH-B0IWT~ zW|1Y5*8eAURh`=qP62F{p>ER1`eZtyUB2Di)^;zDL@2(Ef__{70M2a54}UUR!*vG5 zN_#z1CZE~}z+QCHNG>&kSA7F73WWLgx-57_QXDz8-knlmjp%Tb0WJMkL{0wx(S9C3 zr$t}YP|O%^6983+RU~v`sj{^BU(g|#dfz>2E9VdP7aDb1`|j={N#4f%=Edcc|}cz-hD$%Fe|NpXt~WodfUBKdQ#Mu) zXzAiRal@cwv~3D*%*~gS(N|0%O_mLjH2HhlncEQ4%EYCNo%9*K`cHj(-1?UA(Y$8#>E&4M-lx9Xh^S^kcNpEL;1!Kk0|PH~EN_~LchH{;*fIi6xyrFGD9Htd;zrzFNg&b|XNa-^MiI8f zHA_{BoT5>R>?wMRMV-rvhd|4^hVwU(i__(JahM{q0XR`q63NCqtTfCLcdztFPa-;C z8e%a0z6iTe`~jh`(WyK@>T#0tN>w7An{b^|Q%ibl#J#dhi?}4Zuj~Y%p_+MskNJR) z`G}t!SxlGY#W|8(l*hZKF*P zYo3adTQw*diri}=AtXCI&aT{H%#9%O1@DIQc#6d6^#l-C=v4$5QUlXVA`JB)3{4>n z%}i&*viTmAIZ6=|C8Mt_R4?USQmFEShmJ(~ff&=$=9+B-BWX=_Ie%(A{zA%cbZP;7 zY=dksgINXYIR$et+bjzHvn~>`R*ttYj|ENKLk(Qe@KQU z20CY&I|*Ae7+N!RlG>U#>)N&Eat6mR)DMfKUDmca09s*dW7gq;3}ky@`x}P5Q3;p= z@3YEwSj{w8Kh)<&xHpDy|43z2Kboo9SR1zMt)H^3zP}nt>*ja7mglOoDwF1*E%dJ& z0(w`a=ZI0R3Iq+S2WS4wYOA+Nl)}MS4=HpubZQgwo`wyd<9j za#+}XfG+sUU4U&U8L9ncf@}O7gW#Kv8;HuJA}B6JUW2ZNBWWI*C024H<-(f3Q3p*e z6bC(t%J$;M*fH|XrOU*P+;wA#7^%itD)bR4Uri#{Kogl-db(=zb68alHOkXy7QA@a zg3c(qqg|DeFfG1gz?I{qIq|t=Aw31^1mE=l2T()kEnsfMq(eWD-D9jPd}FM7t>S7q zMlKm9vV$fZ*@MK^0o+4q&)`kBFAK1I#G7EdZEi*1@Ycp>c3gn79+> zu0n}B4%iesSgTnoh?`lmFngvz$Cz&1cB#Wo+B({}#*55Ff;i~+GAtg+Iey}*Xg4P5~Z@6Ltw;AIeueIjh9s;;i+xzSJ`u`!`GuVHto3lACE~q6&_g4hb7W{2g6dKk)#=%F~k2( z7@Xam{wV<8%hHQ$Ikm5boUw^JD)~8G3U+>d6#qG zzNmj^+d;HIBkyzy(mtoJ8Upr_zvh|oG8*z5aOWtW3&5 zRoMhg7S(`L_r&AvY&%-h_O*x1iuvg7*W5nT{UF~GV;gol=)-*wD4q&)`k2J7~8xC>+ z!)^`cnwfMN9a*D(tW`Rzv8r7FMd2VBB|))>^;mKf(u z0ft`j?Zh}qhzXBnC5>uV(q(E%{k5F8t`ih6>UJ_Hq|uKp&LG11wE@jU5a9$Hh?C|} zfei&fH@7m51d9nRM_MMrK)etWa^_u-2{}ei0roy4ddB?Zd)@m473eTcEbD=6 z@+u1~v(I=F*#as%;=IJUNan>h$4qmW(bR z3o^RkyPvcZN54H*mDA(CYAdG;-d(5=!&e?5yvyb(F3>H#2xR@xy(igB?#n=HY2VNV zRhZZRuJIH0Cr*ujNFJa%6J-0t70`2`FgC# zCvHL4pmX%DWaZYI@jmT9Qi?2QmKJ+x!2Dm-V~y1_nAanCx1nj=TW_XoXIcfXvZaF@ zk6 zwBrQgmdyCOQh^!iT?xvJoAEdbLNnThnm$Qj3yU1(ujCx6KI$AQyNz=w+`ivX!<|Ek z$|!?P+4L5Xl@l1y8XEZAG42Ng_f5flDvu zPIvLWJD!vM7Ik#H`$lA_lZd%peA28dxihn+ax8O>$=zPu5xru4I+8YbBQmjD$pez4 zTHkK(zw(g|{l^ca%%%nL+%I}h{Fcw+R$_J3mTH^(CroFRZ6A|gR^=fJ0FaKBeh~>RUugoA*EUYeTVKsCT>K$lalbmGmB*Ei&V1lI_#z|3f9m}7=gGyXTF-f+QEtrcjjWqP{xJw4uA>11sf0|h2PFs>9Ns1r?r_p(wwU3oAF z5ZRa!p7V3d?A~fuPt5!mt1{+hOrC64#@=j4&3xurYl6DNP*w_|Bzs^}mIm`4f9-tbax_O@GzE_d^z# z)rl?Mt*&oxQ^d?R>k)M21w606YH~3hlHk_RkKs;yKlXzDylNw9drNa-{=A?{;<}rs9%yFm}PRgm5N)TqN>Yue%MX3;JN}xh(F$BRFn) z)SPgK_laWmgvlq(?Q9q@>}Ha*0>s*zjnq6K&Pdv)AK~CSEeF=?z13uSn()$3O`OIP zN7DZO5zd;Fj5!Se?{ek}-^$?6v!*w)MxeF0gtEbTkb(FM&A5fogy;ebmgGsIdbCM z%(OAX7HtUXH3p~u0@I?!UN3ZxZ>u}p#=kd$qB!V)@fwxO3~%3tizP+J+K`SD%uh(z zySb_CyQeVk28wC1j*b)iGr+UyB=LgwUZN+5{Y|P@JaM))L-c%Fj)#9b!P~`zD1E?! zvz0KtVeVQ)(q%MAGTUszzVSZwq3;dILi?^?po<~Jt|J}sV>-4g`zYFLRf^44|M>Hs z#yDZsK1e0w{kqEn&@;1*%O%BSHq-IT1~N!%`bQ*(AF>n>u~^?n`(xXg4H+X|4jPr| zlwFxHo=o>e(`HlJwD)t^SeLgSU+^MQ0W50dfZ#nsw`|6zHShc+QBzb3!fG3pQg8&ACOC|x|F!Yq;zFDdB%Y5 zLj4Az^lxZrxa4R{NwdN25NA(^Dj(gW+J@=J{e^T^t~WQ78{F9q<$An+&OFiohzk5d zrkOhZsW`@k6vE7FW_D!&P_yN{iW&={X72hNvN?yaJ1LXt+4HTjH+DV8-jF!LUR)gS z(Z%h0lm6gN9=O#HZ(4H*e0ngaK|`50-kUE@Z7tpsi}5 z^Mhvf*cP4{Iy0eYahozS-sLDdPFgCdGtTGy5sKDch@On?5Ylp1gOF2a8A6Q0s;_7x z-EPD*|0b%^yW)00s8!)pB=d*Z}XveK= zUCE?OJ!&zOh0u2$J1`2cqx~n&F{3+||IiYlg;R*U4(oM%OW_%vW&!1=D%%{kJtA_a z=L>+juR5o$9&k12pBQ0z}3^zW#aZLhGNl_86S<7k2I#ceitP@H+pf zkhr|kOxGowgIQm-L?+6g{(|53+{ksFPs2#KI>DDk#OFc!_H4lYD&T~w`}q1`st7bB zS0a_3LT_QQd}uvEDD~Wr)1Tc4aKGQEj^Y#=#W%hQY-wv$nc#h9#7?o#w^kZ6i58pV;?*X>82~dcMi5RNVtCzfKplq#V;iGIURUxMYNm857{P1lVgXdvs(kU?^2kaxlI73JnK zn_trDq1Ml=S;+A}#fM-6G1pn=^gnJPBl!)Ye{}K75U~X%1-%7Vle6k=Kz%mZ3GY*b z;eIHt2Fwna9V9v5X8skO&6X6SBv_q*>w%M2p)^7CG!A~SCm)Z(OBD-K9g#{kV$lhr zL8pA)o_ie7F{rh?A(Ym5ng_emM)j8j=Ml(c*P}&`NB~fA3=M&-#TEEWt7-;slB2B| zywRS~{eX?>mR?Eb=p`8a{LY--~-yc*VQYU5Eg6*ZfHsWwv3OxA2O zHT#EapxL;p0&2y(?Y?q&51CDL2h*Rn^_n)#hQU`s>7K!Kbw+eF3F)53Viu@h0r(0( zLa!wlF;k6r9V2e1*LfIGpho-+BOLTvh!K~n5f5QR4!!1KL?<=kHjL;&uNfHedmN8& zz}E+QbblqG-GQ}gFL`f-PiQ!ixw#f)?r9Jr&pPK&df~h`5azJlvbDK;ZTXIL;fZol zU!%%GVbN1|4#rxuu<|v;6%w>pr*^Yz0-clDfrEhj!_fthY#hyRS&T4_aL*Vkl-d&X z4u2sTJ(2M6sm8t6k^iMD6Vk>OI|2rkD@>G66a1SakW# z`DflZp){q79V;&!53u*pJN?%YzXjlHobpchSI+#;Tmv2YJ>kx+^aaX51dNsfKZ#UG zG6!T8)jQ2hy9syGjs~lIoE?1@>)O{Z_{KuAj$zmXFbLjsJURwA5;1?r^$Xr#p|?X# zWCV2hBtT_&cuDa&9n2ok_xFi%t>QFd|4I2df_I96+3Z8<{Fktx<)@GgO}IT#hVxM% z$$8Ekz%|C8R{O;k=!s1uvvk2<%9F_@>roO~ZbAXe{VmMdSJk7~I4zr7`2OzS>N3nV z&?#T-l$Ti)ygfWVoh(}_xP8+cN!##mv{wr-CFULqr+?C$$(W~4avAd<5Dh{BW5H8{ z$cAC8B3J%1{(jAG#NVAtCv;lFIQ&hc7>5t`GIYS+WBPo+3=Yy!nE}sH6?d&W8wv>i zM;}jXg~#9w#!)3*PS_03sKJLti(d z=aW6TWsoqmyAka~0Em~4fDutjgMAvT9oT*+bmxR@Kq4C7JPf`80xB3UaEkw1_=A z0eiD6>7%YJN{TWI)V%B}DHH@U>>5-@u$F~TIV`w6tTxz_9$VG_3ZH?d(^N; z8GF>TM;&{h_663*9y#oh!5)R|QNSMa*`tU(*0M(ld#q=V7ulnRJ<8alo;~W=!xG2p zV~-s6$Y75`_9$SF`Rq}|9&6d7ggw@?$BXPy!yaYqQO_QA>|rso`q(3fJu=v%kUa|6 zV?KKnvBz5WC}EHF?C~Od)UZbxd(^W>9eY?ztUmV0VUG;Ezk*e^Nb;{}41J)x z21=|`9n!7tN;{4x&*oX9g5_qPqoxW-r2;!YxIGflq zGb(JEd3tszX?;&0yq}JA(WP1N*dSK!t0YC)Ymg6?3#DdnwQB;&^6L7z8n00f1o^#N z#+VT)m$~nQZ&>`3C|~VLba)z*P?p~>dYY4610?;?utn>Cu3D0hs)Y!pU8so5U_p@_ zP9T3{5s>rEo~8`f@1CYaSG{$;J~SFFI>*`*8iGC*8^Q~KlbU|O2^zgZzWFrq>fj?6 zGkdGoU^i5JoU999sh;0vwsTX6E-{j?$YREMYJKSD0yr%q|9KHftF<%NkqM@ zEp8R&}}vFK}`v z7q-=YqBX@7|GheaET&oWou~K&a=0JHZ$_r+JtWFL3vIN0gv?ixKMEoZdlz&eYec~V zrO7&RG}4x^Y6Rxn67~L69XwZxbPB7ll}BH#KMy65xlezIZiZlhuNwB%55G3btJy#C zOz1kl(IA>A7z9^l_{xO0GVduH1=(te-h4PSNCRPR{0L`^aA$|y;_xrkTT8APDfj~E z1RnIvEkPJCvrCh?(?%FI{>%i2d>)-^397#*+`QT4nu0qyFeo!zzjzuGT>wYQ)nWu? zn4WF?V??U(CZxXHl?fEA_cUj?e)cpcx_%V(+n|gqGYd*uM!R~3*3ll)_qm6nfr4*2 z)wdm$PW@?>KLT(SA2HzWcKEv)u};ZvG^0glxiXx}&hsMM9g#0wH{u1?OeE`HkgP)v zeTAeygKM+>;T~<^g8?b(1Fp*z;6uBVgT~Qg0EjsH067?MZiwKCmoIEN7%|xUe-0-(1+A>`Z&yvgn z9XoKN^P~`2?>ieWc%L%Rn^ExDjl_NJ=ndAJ#`a|j1>aB}Oq)a-6Dim#_U6gZVy4)>$iz z*FesXEHwBQ72x>?T}_)PM$*nb4uyCkdPzPjdiG%jd+~yje*#oc_c$NTvwM*5BETC| z^5y`lq>eeyMRt_|l~fo}MqVn4%D4jRXljYzy{i}UYQbAADSjONxGh`>@^nd4qOh*K zq$$HH{JpHCX_??H>jo?)qg?QP+>Nq8I&Zc6YhwL^cg{JohZx5#py}vNN$TF{-x4$(EwGNB zD)=7e!L%zlfdyYL_-6B9+8O*i3${ncgPq65)ApbLI8evZ6b+1b#Hm}8|I%w<9Kk@J zB>4WS*TDD`1Klb37V0%H79^{rd$V2x~c zCGw^58sPqwpbm*U<2Aq?GONLb@fzU1Nm7Sfe!K>_v}Cn~7sulmL8IJJ5Z7`LIU1cP z&wL^H8ciHtOjFC!NNv)5${ga$W}7tYc^bASt3L+qelwYE!KVIpl=cE4{Bl3p z96kUn8i=@RoM%qs)R$7rRiZA3LI(MeuHK zj6|@3D3kIA0{I;@Xd3vek=F$T7%*rWn5#B$28=Zx5r_Mb&p`t{%|is=-wm499W=+v zd5A|)3olYzI9~7-@d#?=-_?lNfGgnfyrs9!g_bT!@5kuLD7U>Vw;FGB^|MyMninQ+-0{t=hQ#S;z5>(Vi}Q#7k(z>%NaBN2 z?P$4t-8Q>-uT%aVcmM6)U!C$Vf^Q-&?xB~)`@8)evVRB98?4KlQA!t9Wsaf|NUa;QxY zGt5gB!it4PTwJ8|a6|&QfgE)UD*8uH*aqVAC!ce17V<)Cr{vY3*)fNIY(&bf5zibG z13$$%@@s_0@Z@5G-&o@G8^=Jm>-~ilCCv>B1b<--v<3ZQ3NP(nxRGqMwvfUN35O1U zicZS+mFZip*9565bN~_|z2o*_$&v3$nqbtH{mw=@?R>5>@CYF4S9yd1Bi6+62w-(< zctjjVY%%c&;KXhoVZ?|=H3AsG%{;<{5u@W{m5=2S@ffj9jR4MY8IMSK9|+y#Jq(2Y zc04VB{H6yEV_(8s>b z)j?Ocs`a3AUlw{uJ^ET0O|_{_Dv-hARe9;=|60>2^# zelV4bUtiHt8zwEh9X=PDn3=4{&Z>r1B|n+L4%#O(Q{^x05Ivh$lLmvgH@j&4*f+Fd z^ul=~~+1_95SJ`cu%urg-MC z)8FlCM`Wix_YhF1=pVjwB^f!pd>pj7r*%ZP9Km-r6pjnvo=*Q*V6kYl|DaRe=HBg; zk2nVg9QvxzPdYYiO}=lSVV|hybOZ3KkNR~He$_;Aa07ngmQk#YSCUcU1Du!P%@oh; zbcEvjAT`!%0m7^w=^gpo1+NKh89$lIab9@{id6KxzAgB5TO8L8VuYdi$*)JgpSJ7% z84yR(;!b#>j1l4N)2LNQE4NUIP6hSfMR-0OhlNyOqkYw`zQmkTpY<{3lmvW52h7PV z_)uvDI>nV#@=ydAT~i8{aw2>S;b$(w^eoqeh{VmS6}7QJ&5&1cJB!w0J$ZU4=|NXbm{SZ z$SHLUEJKhUG4TG#gD<4Ke7prCw?OS8`X(i zgRwQiQ@wES;xs^4Lz>Br!IW2VO)wImzd5rI+y5mienuos#^RMF5Dbg|Z(d0Tl+i2^ z5cOY(1FKvEMZXv+S&|UBSQPA4CD#sf&&Iv+9_U%dKNDhv$S{aG5Kh9l@eqtIYD~Qj zsOy$&6~;n~j;)XmxjIEP>w|xJg|OC7hsv@u9CAY_p&n_=R9A~7q+ZoOOBYEywlaq( za|V{=`~D;_l;=`;_eN>~m;Z_qVZU48^IAP0X#Ebr*Yzr?Z^fh^==j$L{JK-GX8ajH ze^evifUodG7W3IGi1}F^yPsjYh??#`OgEce@4|>4(ej?d&!^OMH^G;6JxxZ#pqoRs zGb$}SfTgcdOMd`!J)`Eb)Z+OfNlBRV?q(pS&A2tBb9aOBhg&xdCAhZ)WAf1ynkg}D ziRdzfw*JCL!``m}L^rD}F;*Z-OTK3yQRu_pRalPS9F4ZVuP1rxd4%@EGkDPpz}xe6 zEWvvuNL~jLb*QL`*L5e>l}N9%Vo8|{k1g1Z@^^`p=`x2d`UR=I0u3}mO6!IsW)C~~ z@qcJL0qE%xclS^!-UjnjCczjoLkNg!c!7IsbW`e(V{=qW@ejXZc@_w4Ur0>s3-^)_ z(0+@g{}C3j{+W81kP-#o@OX7INr0Mz-T#BTTHA%vD-&Qn`rt0qRM5+{5Pke<(*9n7 zY7YLsKkU!aT@$IZ=SD!fgc-TgDSz)AcphkV@O~gqzZ0l^gqKtM>j`{Bo^W+`=%JzL zP1Pv}gC#E|!*pyMr1q64&nUu6K?HHEF(HxsinAn@1zcWB@QW2CO(3Ve0NC=2ATCuq zgqJ=CxebrQfG5zVEME(iZp^~-Fv(JbrradCO3G~%H>pCJc;;wSAe)>N70BAlW9X_} zcVoI~%}(;KrOnIKO?2OlVvh2dEMmE)vtRPF z(5PYuX5-=2VTW-2um1} z=0za1B__tVFyS!4cW)f`p57g&7XL$-A~iBh66{T(_&7qaw~QR;90xhsyi@SuSfi`e z=o>?$FGl`)a&Z4H9mJhn!S_!{IEJgQh+KW89OgmyJ`^(s?iBS0LX%nJTlVDuOS7!t zEx*UqQOjrkt9{E00Bt~$zvve=4OA^vG(dnTXpPZQfK*~~xV*&fL|{4;^&eSr+t6q{iINbXdkoW`Od+Q-RGh^Y^? zaOiU0Lbs8R1!!T6SRQz)9a(FMz09W?L8Q@3>PT78z&{{~lTD-d- zPaw3u%aWTY`TMPs&tQnAbn7ro8RL=zo+Ibw>s+)S2E7f?F|ElOw-X&#LXTIsIp4@d zO{Jb7k6$kM@OmkpaR|`glktoL#JwtqyvMx{+U6KoBkB)2$)$1@xi723do#VD926LH zh0-o$Ky2IyBNTPZ*;ZWLPh5RDJ4O7c&*xOo40>co+nPMkq@?iqxNsplT*l?Qrauk=~gs#ho>6dofW!8aK| z2?b0svYq74R!Q~-cVCrUr?|TS!0|)e$uUCA&=6u$Gg?c7k-o@8w2Hf(4JBNeEp%(Vqgw;9Xa#*zzncLchX_>GT&ls^A_;`@L9O2=hz*4$IHtj$@gwjMG9n zpaUqoTnNhFX)a8A?{nO+Jg=S83#s_84BFx=4eg8nz;J=$pJc_ie6B@8aMzQ70bF08 zP(GR@^3|WK68V#l@LvCqu_KB6yJxsW4(pg1;r@_yDrHT5GYu(x2IiK>F_xO%iVpEe zCq4#j3#o-3%<&iaijB}SxHd7MjBHdE$RKcmu2nM_ZJm|wCvLc3~aBv-uD2J?l^z;=V5 zD2pzpp9q)(f^R^~ZK2@psV6-mwlm0lCF9OuHJXzpjjO%kz7mr*N-!XK*vl z(Ef!rC}}<@*-;fAcLrgG*=B`!-%I2?qO^LvKShRohv7NFy1a>P38FrmZFM5%B9r0n zm+|Us@d9h4Ec^^^2)gftIM?lTq1Lw;9Uo5vJQ@V=W4c&JC}JTl(Ut*OGYslgw^dROIDjquEuhYBcsrq@hw$smZ!cx1YOO~!=Go8-E;%HYFJdCrW!}|hJ881r8 ztwo|Ty--r7&qITid8oUWBf%n^>0O}dGRP9_`*=%)m*S3(c!CMcD?CJ^DM^ z>UyB1|DM%ZgqkP+))KKs9mkEv;@dfnyOgYxjw>LCqP!1HEWgBiWD*n;ik#DGc(k)^ zfqHPFW|3$r@W;#`lqhvS`CK`=P%V6OHJ-e-78yFc>tx5f{}rl7)a#0Z z`;97#xiTIVv~=oa%YEo*a8PYEERg)8SI*DURic&y+ENbp(&|IO@LrTo zc_)!U@WYcIfsi$ zzdb+!qc^K!(lHh=c(W=d?PUSIH>+Y&fCVINR>h?CETHLAE+)MQ-*_)avCm&^hTmYj z3kw?rj^}V)8+%k!r^O7tPzP*hI{ZM6o$X$3@kI2G!|g|qlF!k3c{nXn&h_zZY#c*U z*FwAh#u^Z16Cb>e9h;ZqE;9_v`#^d4e@2Bp=f6afi`ui6rlpGBPOT5%8^?m=I>r`Ox)PnXtm&fa?5=Le+Slx zdxE%&9SE982lGfgZkX!JLg!EwwFCXr*EIedxDR-|Z0(8{mG}x;9h;fe9QTWJ*TUj) zQ;Ci(J=gj<+q_y&{@GFd^FEr4a~g&wQ|NX{xgUsdX}Y8jq6?4wMq$++8cP$&Kph}| zP%HZ)HKKm6Bfo6H?~eRNhcKowJh+v9q$iTGpqJ=r?7u04Oy`X$2T4jhAH|FLU!Z?? z)2S^vWawOO2E0Vl{(3LFjy_$K<3)KXOin*a`jZHi9FW*Pn~rf7l9WZztXt9@{&5D7-4@*gBk)18fYvFJ*6-f7#t(8Maw9BU zUTf=n0*gV@xec!GAScy0resMj)cA$NKh1zOi1`PFl~1r`RvOe0et~cYh#TOLtJ=&T zK$=cHV7Yw3?~o7Bb1>Xh^qkFDkcv3_gyC##Eum?bYXG2W=Vp$kgM_Bp_wX%)!AP2j zs#`1$|3v+m3S&+ZA!nj_Ooa_tap*EyoQxv|*V`cnP=6cvyi;H8$gjcvtA+lnjn&^A zt^c5yzYRIA$w`%iVD|IfyxNawh7Lq)9)~sOLe0Qu$6?L6Q1kkzR&@vTyt=i2l6tZt zwZnmC%f675I~Kz*45rbhDqgg)3Z0Fa@MFug&^%63Egc&LelR&aORi1_i6|=`PnKG6 z>CpQ(x}!N&2P_Vxyedg{Z(v?^9ez9Kimx%QC{pVphhwy#RN?pzMK9Hea=TFII8Xs2S@iI}r2TSwrB`2NcfLnC3`^kIR{p7u>az|&T z+%X_R;>#4gT|0(rckFS(g80j*b_c9t-KpV>nC?RwF9vlUSSfYLBJ%4HMXqF~_pk?o zfPbC@`F;jJ0y+|$vI0v% zB~g+mt!DBUted5nb=kk6wtlt{oK zBZ!K#4((2$U!>(tPf|w~pA=Sni;^Yk{755%?rE(R6?Yx2e#+R6 z^=BJ!12W}z<^y^ET+S5&Y>UI87&Dn!Be_Xk?-l~GI+GzVPk`AElKiRPA-VEJIP9kg6e9MhGp3t_`=ev3I4WTf`QzC@kt-eQ*Jb9^v^Sc1$|% zp7e3Zg_iITh)YM1$oEs_m_J{yVjEhoSzTsSLa)6eM}^tvB3_#y`o#=UE&$pn0`g1A zWH$wKun)|*Ly}Hre>^P)VZ}qlk|3Pf@98s_+dnjBBA9q|C6mL|{0iKfNvU-BCuca7 zDVb)c?8pYvPj})G&|aXnZ=CXN5Y^i$&&+emlXF~~oQfG_9H6*rAgetNxl6Px_lKyw z0ZlU9ji%4=;I}h0BXmSHTZ9L$UbNSw_C_^fS;}N$HT6cd`{EE9(*yq5zCUGwJE&DbB4Ex5nL`{O#=XoCKjYzb#VTsp$nsy{jb573ME7dmjRgZo6S@89N&N-tQc(9UrG;IAu^ z*`?nJ6wo_(6a(@r1RvUh3U|qE;8E`HbEyL#g1oqy;OZOvIGUFNdIVo#dEHZaJ`8q; zSU#(Wd!Z0LHuPr~ub7;qQ2I8L9GA>D$;# z;yY?Nu^lyBny`J(-MNQwkE|=_2a## z!l{e}z~XBz3wW0Wz~XBv3wWLdz~als0{koh7GGDefFlL-vb+<*#ldUP9{km@-z#qb=t^txfo}0a5)l}o0Dm|X*K`Reiw3CTyHi< z($?JuW6uoVl`De@%!)bR`O3MFKlzUFo&8_pTU3mAi`@Ni_z3WK({1ml_)fTua8>w@ zitmOZ3b^(i72n^pfT8cG`2Law^nFLg_cj)g@(#!M2Sw_BBp{m*e;2XJ#b!yF4|Bq@ zc{=y^>IUTf9Qo<(ke^P-@81sH0--xmMfci2!FN^>$M+v$xr6)S^AO8LqP*+E_v8<> zx+nkXt%wE>-Hk^WdY~T22I^zMODewAl0WOg)0ucPw9orlxG0ln>B4R8^WshjPTZcR zYei)ixz)k{-j*zlH?%FDQIf9 zJFa^rziBbl3bV&{Sk^xI9v(bgUkLMw)?oz=ZBkyAHk}?n_a2Wr`B~6yUi^9$H_@!Lt_igeCQ7NEm$cIz6*GhR2;S zF4yPiHZtRm@-1ALc#f{sGR7~-IcVb-%4p{H5%#Ed`hF8-t2vY$L5CGFe4$)LC=h&T zJtg!Bu2)dT-Nu{@=-T2}z&$5`1nsFs(u@cMGp7h)9oB=GjKMzmD{hv2c zZR%7cZ6C$}gm+TeYh&dlQF$NE(w5io1~2b9O?kM*Jb?)7aw4q3s+ogJ@E}GdtVr5j zkS8o)>RCFT!@XN1t7-H8$lS%Bt-siIg0k^7I_N_3228!pH(iDjIN2(lU(}I3h%awO zI^Xgd+0@!XR2jP%-KbL+Y;VS~B|-5Ixbd9e2@Y`^(Y(}|S}3>}7C&{8ABdURey9~& zB35~aJ@>c-Q!2_3#5eSK0mFM-@HLVS)~Vp?N0N1+uz@Qzh-g6)02aL0&_+EU{JG@X zr9I%i0q{^ah~zeHes$BWLF?Z{8 zMF7|*dL6$iVE82yO?bTeb{5bpNbK7c(IqKj5!wZ^IOOK=6A06RGZ3(}U~GI4ctSW*^?Kn(EO z?2uc4lej=!9^LzG)J)tDtOP&P&cB7)6XHBrFccsM5s`Tmh#)`biHxD#jGht5@Ji~l zkT-baIK9>aVkPd4LqXZ^AW&t&36B_Q{(qILIbL!jnuv*PbL8)kU;xUeg;kAoAYhvL zDmP51gCs)ftOQXht_2FLw<*}o?jR5!`e$`EhQ81-3XFd!nQ>?&zztOYZlvI8juwzD zPLXB@9@{r82IAR_%lq&(SQ<&BId~#E4A1{w;T5l%$tuQ583n0TQ-%mr#(VD-x>Mg6 zNt-@1hn%bxswP#&w==0SoDWVLEG^5JLDCH959Uw8AqRqkTrCmcD%DW%j8~9j8K6+_ zA#|!RZn4ORG`ceoN0KuP7dfL$M^z3TdFC}$a&=^KHpZ^^8b?Uy7$3k5You3cD4H_==DqfqnbF#A+EP; z8r#05t&>DxW0|6C4iB*kmIU~lWPzXQ8A9hm_!G%;4sGp0T<7r?{K>#ufwD2vCeP0% zjT`xZxbJ8n9OpTfE+$S%2j;hhTIuQp9a9#^j0yD&TS-4dUYSA0z|{!XWuihBc(}PB z)8J`2e5(PCBr%d=WLDQYppC%YM%HF{voYT>)-wU}i{$IA*VZj~&oj%jOkJ>^c*VAc zRa?5EF)r^`>ZVnAbsx>1l#I3<%0VBgk}^C(H(i|du&%k6ycN}x&*W38k5tE*7W9#N zStRYNdoJuFm0TS+w03oTI_B!Qg}FLz5aq|vkCwcO9Ae3j&7+U`$pm3zbR4smL4$0{ z8fthT)Ys}c!VQ(!Q9yT@$%W>DBz$R0G-B-Q%R-ts|U!aS;Wv&}5>@E7- zLwM&wX2n0vtzj3VZDrSkqTfzN67+<*O62113>-v_fX{Vh=4}nz^zK`PQhVfLdy93o z&OI%B6Z-22PZgCls=erE&lU6sihxIkGd`B%{RvBLN%w=O?QN8z~F&d-bUC-d>1h`W+B z-nY?smv_nm$G&ZnyeANh^VGq(zgcfy>p)K9&V~n$cX;4s;{S&UzZoTCd$U^aa#Ko{dBj%8O$v*yqUfP4x+)fZFN;Q1ib$HkqVa=AJ6Uv)a@S9$=wK}O zP!?T4x%aT>f>>^WMVl%5eHLwwMb|%1(IQ1Z&Z5Ow^d1&%p=cM2w#1^}XVK{tJ(WeL z$D$u+(RBp*RV=zL2DyvpChg`PJhvelJ(WdgP;_GumzH~lA`+Ru^|P_hG)Sic)%?SD>H3fN3>Ojl0y zZ>cB#xu%|7dU0K>mG67v{fd90P$EPlM8WilkgTI<#4?( zDhV(r9~L8PR+I0P@n+n0t$`_*R)p`1el*fQJstS}L|B}@OK<}HQ*$;>BpehmK1E>h z%1%CucuISEA~OKa=iiR~ku3kYvGsXj5w2Kq1vU^6uZ+v~)aeCpU%J=wwdx`zx1A-a zi#(&#UqIQdyQGXu2ifg|5Xx>%XteR^zL7}DXnCJH4KLnD)9{OtwB2)P8h%kT4Ugc{ z@V4;PY~L9t*#m4E4iC6%m)5U0I_u_IjP5bvyV;z)E#~7}EwdXhGnTqrcod(YqhTo0 zv}shjXY|Tujtu7lqESwk$5Fv`b0RJNuH~UJz_Xdo%J5Kzi2( zdm+%;M)Z?%1;?lL%r~$WD^RA2*5&80!VUOi6P$I<+1rD^To#G2OkTFe{QYTKyA=Tc zn~FIV}!^6E0@_1r5rHFQ*rb}Y{1_g(M_S~{y`Q%u-HPjTd zsLY_Vpo6%lo7Lf&To#?l^!0)dAOXdf6LYN@07&Y`uBe<509sAhE`2dkw3H@@?jyL{0~~l!(>p1n?=W2 z2dwFVYA3X)Vb*lnycGIjA|Cm{0^dIYdSt9wlow@-@+}#XGJ#GqbJ^+tUUtO4Rg zQL?v02txWFKJ0bx|oC%X)F!P3Ebk;Bs%aZM0$Z<%*3dd}-fRy1=-Cv3M?K3Qm%@>inS zAlCqRnTIcZ`4+qTNJvLhiMl`v&C-)9ON4xneT|gz2;D7jDk+ZW1mEji>2K~y)aak6 zl21aCi3m>_pFvu~i*V!7znZ9MGEmVz>+)laigw!bZ{+mT#p&D2=%<3Mr*_GE9Q!IH z`9R>OIL}d_BUcw(Pd&uw=OIQv4>9_Ah|v$x;5QEK{)ttkpMh*7x)zD~>1cZR1{ir` zTaUa;Y2*#lED#|X3_?r0L0H&E0~JqasQ<^pK#bF9p+?eH*wvj1MuRG9Z5|>SFi3yJC-s6aBSMa>$zY_Ep973l znP_n+(^{(>_aT+zOCheku5oA5HBMH08rRFv+2}vODs*0i`&?J4eN7r9PmaxDj+UE| zJ3&Q+BhhP)WIO zKJ>Qacdri%fS);;>6GYmw7R1#$uy(2Tlg!3zxC0>9WtU2d_EkB+Eb_xuD^)S7&wL> zC%KAkg-&R_71~Ol9`{3gJ(w5W4{dY4-tq3JR^Jr&M+dU~(TmysXm7SZ+O32A(Y0db zSQ_Apy_TKMkgO2y7Lz9eVtzpI{)Tr@N~ffL(@?H=O|>ZrINk?H%9PL7!;&FZ|HS+$ zUzlAM;M&goD)%WnP;VSwMa&Oag>?a|r?J2)JYH@$?{owEkUn2OQI;yr)<~I6PG~4M zxF*{6toA6vgS|K3I3rGbT2hk7s`qqc`t6ipZ-Vm zBFgBNfziw^qM3@^2+Dswqw}-AGDb0PT##avSwT)U^Fk`sz*Mn5_)uRB**qE}8<3NO zila5@to{F-UQj*1vVhTyvo@D*Z+PQL2R+<>u0636nxlx7Z_}5Fk#aGAC-e7c6H0Aq z-#{gf51SHi)99Mi9YGqE z%tYC&I(zO3n$*J?t@W3}IDoSq^0$=wXRgCXbKd2_sW&I%5w#UUjGiWgYp|!OhkKWG zOCPRl2WYx9{E7CyTr{owOY0U(G@0v3XTB@bvfwd5$m%sX>s4IGe5&OTS{@z6l|SAk zeefR?9T5fFSvn0*AtIWU9f~7GBxjI3Ek@EDGwJrS4;3ux++8*{U548k;Tbu) z4fu)*IwL!Dho~vT1Z6O_R#uFwx}84HgJ@*p#A?3X_Qc4jBFOPvcE2k8)P?oEXgj~c zUaxC&=Vv_EZm(zB?Va(?&;JYh?Mq$_U*6`v&!6bGKgzBj*Yi6+%|W!xg}2y$<#wh{ z&ZL{ufS1qFM4A5vCs(CdG=ft_HQ&?pi$E@@VjBR;k>E9*nMx4l%HVrg$_A{1lx*ek z#>(*)Bvj^Vd3@g7%JDfpbm9AK3QlcJ!Nt*Pr?G0SyxK@UJIkEbuF8VeRbE3?8d_J0 zL~oNHyb`N3=uk)K(&;43%8hg7NtcHWTCx65_$|Am41>z}DL;|$l#zYv0>GF&kQ>oKh8AQl!Ad?7}#kVqv@LemD2&wUSch(#; ziSUxA$++aH(C;RVzBCj>)>6?qg&lWkzcw*zsovf2f>vCS8VSZw5eg;12nX8h@iwJZ zC_PQ&{2$EHGQyo&^00n{;By(Nd7{6VIVnt?cYl`7u~DaM)Z<_7A<=IfBznr~ox+yA zoW_$D^n-RB1ZX_l_F6q>^Mq9sp;V{v(gDFUMo+Drl0;Tfh0+E30&fFz7%T}}4tpxl zWCSbWES69SB}AZv6jnl$;CaA+UA#Z=gAvO~X4X{`PeV}#D(a}=Pl^f{)uOKc!=mD- zsHgs{s72ADBKi)C0^HtcBm$U#dsaXI*h!HjVZ}%!h?28_SP?Fe-}S@pV64_&g~ z3ZPpN^gaOAY4`%bTLAFQaRm4&!P6M0?GPyCVT0WZvc>Z#PzqblKx1nVVk)5}*7Qf> z)TWcIKly8G;74kECo0I9*odaJApo#o~Y z{3$T>0;k3NCSetA6~xGf40J*Z-$d33@$5z3DGfZ0=QnHClObVacgA%^oGLtIJmt(D zNq@?5<^bOR!OQ68F{`JfqHQZPh`-fReziLk;s)Gzd76eYYwo}qkRVqv`$>C5x!eg1 z`ur8-0(#A4J^5SU;QmGwi`&GoVrN05n(UiO`o{ojH!3mIi?W?|oZ0Kp@09$rK&U<} z4csr~9~M?&TBrWBGk?FZ%0Zh`ryT<^QN2@t(BUb!IP%M_!r#js`7Q7OK6_B`^+(ZT zQ@v_1+0$%UILMxRC|pE-*76bAuQG$>yU7X7L2RBEbA=uw?XrE&{`(}q1E#P2Qvdzp znZvjqD+6IEC0`gQjjqSra`~dCvR=$@aR;URgDz)7d5WtT;7M`x-|Lk3I6T#Q#~I+6 ze>o>^J*Ps_|7-EgcVm=3{l>^Q_dPeJ(%6q}zHU1w<$ve?LCS}bKZndR*s%`X7ShmZ zZJ|N(UpdI(sQ{_;6d}`$oZ=m#z+HN$d?0iQ-B-e9(aPaEJV*HikMm1eDDT3RqcP&& zT7PZmPj@ew7%w9;LGCWl#gbgklsRXGx~sQW+RdkJ&JxWUUoJLb;O6;cU})e+MeO-@ zA$z`Dz@E?Lu;;oA_VioW(?{O925u(LT?0R=qZxl2tbrWzZpmM~-nv0xMqYCF23Jf* zZ^9p;cH*x#VX5iH@=V=aoA5x|U--+A#sGU69^o&27xAdn`*=u}3tu3~5*{$x!vaPt z0aPK+sj+-m`-7!uJ`z7C8s_tw!RvE42bP8_$T{Hn!guT4MwwDO_2KGG-Rtw<7NrI z2hwnF`4(fSsVnNASW6mja@}Vox5Kjp??2Lz8;fVGB~2!)@OZ#lQdS2^ZpDj=c5lGd zFZA~wt@cA960+T%Mm5(|*wWVPv3)SoeuYLPJLSW6xe8@0Ul$z3Q+lB6mW*jg@iF|h z)pNeTyJtf{4-yi30QYwrvYsxT{}ehz+u*n8$5hyctk+xpVvXHj_=446xV5CY*8-uW zDQQ6x$lpDMRSLsdGJriq@C_!zx7832j0c*~+=~nl+JrIH_-^3ukYSnuVsD0Ng-Jxy z;$Zw5-_yeaBCj081B7@ZiyB9lx#j~n1^~y@9-P?-&MgSeq8Yh+-_wWAx1cS>^-Kd| z9X?&Dn%2FiuQ2FCHFy9Tz`fUQh?rDF%zJtgFGG0F3ZE7B6g?F8dJEm_r6!_n#Q&;! zajbb_V@} zK+Z3AAsR^uU4|yHJr!}$<`tihMC9kbAtPuDwtixuOTsO^7W9G77f|hseWt=^P3|F- zEn$|jNzR|7=3Z-Nsf39$U#ayAN?6fey z3_i}8(l#S^o4-?M9~f?Bj|XZww+)1Pv*7iZ=<|WIzy@m|Q(FC}#1fA};NiNtg6pUn zafU@4oNE^zsKwY?h&>1)`{oMYeFLG3A`p7=NBsGEt`PnbVA+e%mc!3&<&dxrD>{vp zW1&A|86hYGUrwHc)F&YH`?%d>kDDRUBH9y0?6;ezB}|S{DcqB6%GMnzWWM8z5-ML zh8FFaE9^K82;A|FfvSNTwz1l6XoYU4vMr1EJejzz{p zWMe0aObD$=Z8exkG|U4*@yQ)_^S6TUyn&WchpdrpHu<^F$d)<{tpj#>hfRJPM+*!q z^8gu_GbqmtRU`sKeESD)b+`tm~K>IXKi z?84F=IIgS>JM^w3z;Kw&s(fTY^jFrv2@6GEXlR}K|6piY|6pk4w;5X24u;kM99mbm z8C8{kFsim{GM>WdU-0c`i2UwHBxp<+4?<{T8T@auF;(GvK@+-|~H_)R?J=93Baz~vuh>e>;vU6_5G zr%Z1{<96Y$GW@}I0h!y8%$1`1cKwV@dD7BI)I)UUPft59W((Djc6C{I*ugrJrWC$z@cNnS85rjK{6E<0i)UR zE5R4vrV>Peu&^?rAORZ(NhDrQN@FftF7=qskJeA;m^BihFM)!MLCwA@Aup~{U zMdviki{jfp;EUoJ?*p&ce3s9^&nFOH zG6P>i^Yg%$5<`8_9*{zlp)LQpHtebA`+QBE@jl~I+3Y#G;CE6C$KP31_y zXAWmQ^&ZWF#9NTd97N#|SrG9h)6?&<24Igr5W)EGFdhjtd<@~lX|QNJ#$uA&REB1H zfM;xkpM#_S!oFOMnB{B6q8R(S4Tr{|Z#ZMpOu`qUxd)B_cgp&VKu7vpdI&Glq~N3r z@(iaeBEFh*2;2trph@r@Pq6S%JZ24qEf^_aB)rE8n0<&vr$_U4z>sk2ZN*E2nlTK# zbVqay*XppGRGNUJl|Zx0v}2^!z+q+Sv;(=;7!8lpcxyN+PC1Wg^9w8)3%@&Lw+(0?iurfvC$1m9U*D`rGosQMi(7drF~ z=R$kmW-mV=3;CXZM39d(!bhm(L?i;t&rC(ERErRN({VpVR~sw8udJ3>0{N^hW!8p+ z;hxd`rIxbs{yqk4$yoq@E67Jy|NO1i*lPYF_F&)?D@q3$gW z5`KLP&EuTm?MdsPJ+6ZPMO(IN+VTN1X}N{?^kY9m&mw3e-zH{0^~I3?B%dLc=-JK* zwDvFLO750qg?4&2&AIE&yK?skAFso`8P91~;!aUMC3t6|X;PNrwtMe)Yf{_?Dg6HT zNFDkLZL0b6G^uW*R3B2R)L5#;P+jgGWgYDgZMgF;m(G@3PDwwYq(^npr1KZtb$=Vc z{Qi$9)u*vkcP_YXz9!W?O0|JfJsC^2aQ`NTfoqrwzAnf8sqRzZoN& zSuc`nHq@~?gKh?zE)#tDp-3e3o}M{B#uzluUa};0JrvD17+upsc&DXg^LzBw$3MBI zq#4%k#q^Xzi_W&$z*R2L(ap|T+EXTDE)%_V`FlBT5a&XUa^P{4q;HOBKAVE{!SA65|`ezs)uN0hvW zfAX1=xNG8P`BzU%1YV-=Ja zLZe6p3|6RCToS|2wvx@II(A#1N-9%J3ea9WlOAj|XFqV76k$p>({(u4K)?0OC{qWi zgcW%7TN3!Lr0JH>?%3vTM@fBn#Wj34Mfnc7Zqw|S<2eJM6?)e7D|Y68*r9?ut>jve z{g&z7--a*GErSnXU0FCAo~}zGyO>K1t6Uo#`~xanx&BhJOwW=Zr%HruI)o9j=}5*V zWYY-^Jo$-DHb241<|jJY{Ddc)pZH|+6QFE55fYbgH@Ed*kXsghroDa!x9Np8RA!n* z<)QTJ{3&syL)x?m^?XcsaEqgF^=NBxbi*86=Xyyeh}r1u;lM-7Jx;W*T8;KOn;gQJ zCbZ8PA^V(7{kL-aoK0wMGr!U`$RY1{qR9)>f9^s(qUK22*d9!GWu$7PbE(BCH%jv9 z>-?kQa1TFO)E@}?u0q2VotP!nd>v_|WJgc(pgd^~2mIIW?Epu^6ye<+=&LOMxvKSD zy&R?)D9XEpQmau(1fdxO(fcQWoKaM@+L?{B#v899!~SabT;VT!%yWf1t3jx94iri! zn9Aznz{^x zPGa?5#_H{&Oz5Q6D_p4Fu5Ih>*1lfRKPwvz-Y%`~#8k0Q2jj4APlcszv)?T5g!+X! zK+{$H(vw!jP@`YA{O6k1y;s0)jt2{`BpaBWtQ$HZr|-n<`qm(o<%s?<5i|mmI<|9` zj_I3q6UGareUfaeZ%)ld<<=C*KUpv4S4r|7^hS|#ndk{*I|kO|?hVd`l7&+HUi z3Ol9vHFm8$cnDGE@B8ZdOuB1JPE$ClN&?tZ_A3!wr95u>HT0_d|Ewa<8uwHa@#TiJ%*?~r!~|9yF~ z&bn1KKeRf+^eF`|v$bGKzJm;S_Ku|W?8=qvzTtMWJZCKn`iOqxtqy-mKQaFcm=dM@ zdf_Sbdg0y4%m<+sT(utMYzw+zi(lPse1&bio_xaQ?{bYrKYa14Q&=E;Nb&mB(s%=W z#sLkL8N~c;?nB`|0LWkGkSik>^l>E3-zA4Y0Fs(4`kikDZJh+XgfrCUH}-~}e2e$q ztWJWedb>AG&|=J<8wtl-w;EV0{kL-c$}6E@8<}=qt)+f(LsSW)e{C-G=*cp69{sCT zSenuaf2VXJ_VBB)EM*eB)WFM>Nfw}83(&IrYiNkzos1`>!4{3l$2Rs>**K=W70G z{V9$UO6TO%SUtxDNv;!f8y#nU6azm&&+Qi;>q@r#jinC%m9{_f7rt-dCek)T(v=2Q zPy>WVzhh#QnBO9J_t87d4DTUQLR;`N>fszv0Alg2x)&;#HOqt$b2qBSwVhV_O*$=WVr zC24dun+4COOufn^_>inZef8R+tdOG~asVHA!=Non6On0Di`s8ci%N)#0g9gCLsy{b zmr9+9&VEy;fKX2fz13!| zW0EpY;}F4%hMq%;8C}eez252^; z$4^-5@bj@!2cpGlcRUq$@-?-%Inm+@ptwdXuFQsP657r#OhM~2cyZ~P;?TrzXh3{B zBHLs5BOk zt1E>=>-z=G;uA%p#*a#o8yH1ez1sdO63yWf~0hLk#?lRH#$$c|~n{Nu1jB3n27S zPUBt;jW0$TAH$0K`DGQl+$eMxD6WaO`IM&3-(#D9HE7#>I9lo$A-8jt5kVID8i2ta4 zbhZA!==qz^vUX278*8_S#Wk@8fAW%w#-L6`;{}SVGJK^*f&^l$6r$M_Ya-g z*B28P^$s3|D7KDaoLHe)JiaqUUyN4^y-SEgG0!_$zMml(0o)YUlH4 z7j|k+BrRg3dxYe}Q1lenL;hE(GJE4|X4fFdc}J_9{~VOXbMD|d(e)!G2a&dpnXyJ2 z<*wPUk#QzdRxH2d&x$*YI?VUwFuS#pv}L@MHAa?GQa-_(apX9y40XrX1u_C9O?r2? z278lU@F8bxus4!80?7e10#Zb=rn>12bPd?viA97Nc_jGDCCpvQ z%B7?-zXQW|UJPOSIx$k^$loD&=8%u0mvYE(v%L-qa>tXsnEoY28RwySop|%ajmY?t ziJqM1xs?TdEV_n*R;~O8ci4j4i?k!~B>B^J)=7#TAYJ_;T?$=G05hUe92uS?hCLxN z_l+ic^CVfy%vddDW{Z`!%p7hbzzJ~Qc(G0=+q1)0quspKZP2mKkOR0g>&V+YAYkHj z1bV6tAjSIU%GN%LJ)1k~bLz-Z-?}nuMh%Qv==iC0*<+#w;7k{lPPueJfb3T{SV!oY zC2>h{W}uCh+eN><7D3I1mmJk5`QWRwbnlN2+I4tO#62InCPz~4sD;Yt1}v01m8^LP zR(S_qR6VB04TT_5fh6C7Ma;CfpwB`}_;NLICkgjnA#tgmu9W&yw@#zZNXK!jXU4IK zcmOc~x1`*bjg(-wlKEm?@Nh=5PK>i>01YgV zbPu{06BRwcI1f1py5-G~{7&eogVqhnbQ|+8I^+h}6<7liBcL)zDY@B*2&@(TrV&#S zy>^ghaXr+DInP7adUZ(eI(-{@C+D?zv7ga2P*09can@QrO@*#RJ8&7_D7q(-`bjqW zENlukgkhZLGY>d-``Xa(p2#pL;*%Waa@CzgW=#|b%4>s@>;HS4T*`4G$@jLy$8AvG zh43MvRdTvXoY)2t1#JiZi|5czKyeLS7FX`gEOPozxNbzBI`f>0m(5`Q(Qg43Hg#h> zB9eBrWth(Czjp_)g8R_Cxa%@ZKi}bZW;m3o>DGk0$eMBxf876od;mB>P4FyU)j%!v;_T4Ba5?2S{dPU09+(JHS#gA|lD61daJCiM z0Db&00O_MKxIe_ezm0j>3->|O6EvA+NWG!|}ZW#>N&}opD=l>C60$iUXl{%Ew zIpj*LL^B;o{_B`&xL(i8Z|A>Kdu~P$Ed_}5uEhYzNDc_QQXNOsJ0_dM zqi66Ws?dxF(FiDeeY$GGa9{A%-gu$=Ao+lpkcYVK0*P|Se0d~o;JINec0ryfKU^SI zj>&0dD*L~a=XTlAmjBlv(n-pK3`yCfj(c>+2xDGS-o>%!P{?YoB%j9GXXRG&`%`G) z*xg%HEXwufGkY7#ar9R)Cs{RUY~nl0(TXY7s7&!2JOkxS;O4U`6PON6Ud(|;HaiF~(-f4@s5m;mdio@FEy^`P5PZ)sLzSc_m@@pbTSs4Jx-_V#n z<@Hm)m{Oj`lN^$ob$n{AXF&6UJDSTYXgcfBjANy~4XyyKlBaRB;H%{RDwSy#@?VDB z?|2iit4}SeXBM0*z6aSQ)DYhWXVm!6v3M$?p}W#X;cf)}fp{q&MZBXv zlo2<1n(8@(smNAEB25XSz_ThyHh&G4gqmgrofV`!mCIZO8@dUzx@mx)87gO9%sW zC(RJB>Vbx+67rJFoC@e%JvND3k!eC>9cU0CczF*3HwD3UkZ=3@X*!PR2(fX;aU%nT!WQ>UMK+T_kPr88#Px?NshC<6;5l;#+O4=i&rN1QQd@F=P$K zf%|3ti8vi^+a8;apUqIGV-)cJv4c1MQe)fh10bF^gxL#z+J4c!y!eU5c5@Jb5}(rX)7&l=8Mpl2^O zw(8mBhIT#MrY(M_h3b@Xfic1tAEAW3)Fuyu2ucY?;TRs;I16G zJsEOyG-L(TY{v@GjmP$$07#d!twzPu-Tq)yghI`jaBdMUI%c+_uhCokX@$Mte?$7p z-0oB|GcoaCMqW@iS=iACd%J#P1ojnK0K*A!CQ#UUYikO7`8TAnO73YeB6x3Y#{1zF zNMW~?$0#hnUrgXTg|u?zHjam|o-^fw7``X{#_-*x`2zSJ)*9cve`|+tULFc`-*+Ml zHNLVYBumciIN8bq_J30wn%ng&gJDh61z@bOfWhHH_w1)!AI0q`HDZ z69ev&SXCQvqT5K`#cWlw^GcW~O%$u0AhMx4!1EPiR)-U2Y^t+JR4?}b>0#^Rt(Si`mKrckiz)eDn8zT{QsNWlV$9;`nTS$OCbS-y+vjR#b z4ip;Oh_gvkuyHe`*mx~BLtTU^kb*+}8?k$))K~#9JRSWy~xj*y=t=c#udz9RS0v4N!jodHbN~sb}AVNXK zWVNYWV5=t(IX|Y?9g^HACDw_7;5EX!GI8U1RZ$@SbK$9gIY5g`!MC2~+gZ4)+Bm`A zXB1FW1h~_6%>GAQBrUOi7-KOjDP_fV{!tK9X#hUu>O^KZPa|u%4l14Kzw(+f6~=2Y z_cf^Q2O|R=ln;ft3R^$DZh}AMN+{KU`z}s77)-+mNKc}lGJ(v7cH#zR0dH$g;?iUx zECL>}0NxU=K)l6~PjYTy<4^7L#nvlTt=211tbT!hwSAq?7)9zkU*R-+&?=V&Ke=6x ze$V)v-ynGJp*=O+<8)^@mGR_fHO-++hm~KvLz!sC?W9QBH^0EdpbS9MrnvkEj!~RL zgL4~1kW*eXo@$4e3=+29;=yQ7)j|oM`2|^v>DWl_Nbj%kEtJ}GU~vnNT-iR@CX_la zx1mOsP&)NWc$qpJer8<-KklpHr#KIO?#PFq`$oXmNC+MU@uMNzHIVCC*_(+Q%<`km z)!ogRi)B~leBh+>Z1TOCMK+K}X4v4f(1xB1ZIGbA1_Edv{N>n?>)LRV1#~U$mIack zJ=>-@2Sbmh2Y)!A%goR}L{WE0gcj^|zc<_YZLrDpV+4qcp?i(MQK z%kY?9UPpc0LI0*3v^rnA*&B!kQ~+Cq3;yU0F%r zB|u4-pA6@SiXZE=DG#AL#48p=x6LAH&;Lw)zw8>$(bwR&9N56NfnYIoklN;7OU10y z(X=@ZR@)^nvNqj%JX04es^v1l<4ng5N(g?Ij4S~?Oa3*V`;Ezk!qI8ydYQ|4~piQh5|j41Uy$)`hb~CGB!nE?+`^8K#!>#XyDN zjii-9m|P!5#~vna_-kQ4vq7Jyx79C3(`Je(^)Hwn)|&p!%$w^HSUmXsq?C+4@aUw7 zJD@;s9=h}B6iFKd5su1u?t$Yz3Z9q&{GY

??7)^?#0N_ia#LHbJ2ZThB_rc2c`9qwEaKQXzK~p zecdUG&d?@gsN8g}ft_9|R_MWTg;30}`!qc8nI8!aj}V8LSQtr@F+d(SgIHQ79S%0Q zF1D6jqjU9<{7chGefS`XAeVM$3jiY|BH2iimx@r6{wa*8{y?!{8?0>$xmox6G^lTml#@#huHO9H;3a-1m7>mJuGJ#byLuEm?Qu&oA z0xmIOwx#pQaqUU$9}V+?HICnIW?TCyjClZhK_FGe71FVY>A8D2*C4?LB@!Ae(3;HnHV)7%pWIV1XvA<@c%h5;w(4RQ>7pL54!TE3;ySyPO3lLNLaMb%J=p$)IjP57D>=+Jtcb`hTjdpwOnVrZgVj-#oD0U<- z7(ufN)lw?$ziBA1ktnYo{b%0QhVqng^U;bko})v3&QbUR6zD9JXy!r+gs%eWLh}_7 zpOqkVIZ>R+Rb7Z=i^^jv=Zr_rxwJdr{MBUg@dN7s=)wLi=Oc3cXrvm#`PN%#JE1Z3 zH`=BK0xd=>iGU!*wBt&ohDksT`;IbdxE%*CTPYnNs%Q*m7;w=u67qhup3qGbox58& zBll42Fjpr>bn;tq6t{?OF+13-cNU~m2MEfMu!)@#0$2X=?RXvO^w+hy9npcmS8{zg zvj_=#9=ZyZlvOm~{KG@Ze5Xr9fiM}{;qSApoxSGXm~{wb1r9bL108&@T`vcorGIsV zwZ0bpq@dJHvJD`}I80@UMMO4l9pQ`1%ZcSxz`_#uyxx8{w&yi7S>5xZJ-t)Gg7tif zuhWPLm*MEl3nEMACk(8>Vq!KAeIlK{M$F{>d(`31GNDk|nzd$eu$7F3%b5hsgeT&w2n4-RZCFSKRZi?KZ z6TGkU_Zj?tuER4b6J871YNM?6ECNhwkf>Z|p>@du=GCnc7y`)PIIp0MK^;53hqbE{ z)~?TOP>h;KHS1| zF%HjW%O%7ZNHg|4De5g8uk`#XEF*b_yoIOb?$2z!R!TqIN|?Eum3dv8`cHq$>$hc^ zqX786M4j3^CgEj(gon{cwbE>ji1+cgG}fLTmP0o6LB@OeTSPz70k$2LbQ!9CA(M@J zbN4!NkHjXF?y~EvCI75E^mh)^!K^;`0@J}PGrmAuX9e-408h+XO$QdubP!1!{w*~z zCJzW+l-amUV8)iL;}-wTzX}i7gYc6$S8!F$6}}FPjzn}i*F`A*-mWs7?->Vu!Di!jp3&9ZXaQ4q;y|g|1(O6V>$>(L@!_Y?JJLNJhkH6_!PHv}oU_Cc5tv z+x6*Szvnd#M+0$#dqqP&wozTRR5-YUI@4!GOk!~;4qzeny4<~yw46ijh~QIB^Y2D^ zoq;i}7lCP&!Sl6B`}QOzx1a!BrHr%45K(C-i>s}K>>BhNOVyST^Fi3=Lr~{{_*F6FG0aL zFH`NoNZKGZ{}bfmt%7wS)3LFy=hEs1Ra%wZjfy=8V9U<>O1qH@&}N%l3?$f%9o@Lo zVQzyeX5K=muHt=Nzc50)Ixls@P{Y;Y1 zrrc2v-#VxM97LJ%_~{V{R-CxKYmxLvXm@ws8A6>yg|_}{f-YZ$wvK%dRH3c;dKlZv z!qX536wgQg1_*b`#lRqnkwN74Mh0QWEtAn~%jCyQUc(wz;@6qHhNbMgGLzSE|JUl7 zSloHdWz&x2U7K9ykZVMFr>C*dWrURqtVB|Ojb!SAx!aiJ3BbYH239CQe(r`O9aEQT zdn9pof2$)2S1)!XQ5Nnm@m=w)5wzqQ2p%X`%XPn|F4m%QT08iNSs{E-!m9|@Gvzwf zU;#-oM}JRZ8v*UM#pdmAwS|79C*MK`p3u9UBG(_U2lfjeKa@TfC!d#5?fa64da=8z z=tAZ))n#7)b}sYKQRg+TOqx_0>d!|C8Y(jc-`Cu4_Dx!esq%A7_ERLS^eZMXnP5CX zdJ8ixLo?Yy?e6+mlDk-i{4AZbq^`}vAYBi7A-SEj&0kP8EPRuSisAy zI0V3xK^B){p>foz_i z4ON_>>x*dZ1VAS{@$JiqX2$jJWdq5XZdYE$MXU@%tc-2uTK90ZjKS^7=mll`kWFQ5 z%VuR9`sI8iZ1_MAEiIU-C5i`|IZ^y;AF)I;wAt*=2;TrHyU%Qclj41Z6SHf$_mKO( z3pe5p20&L1z>U8UZ5p8o0Q{dIU?9u8`%;#-ALK>(e})$DJKo}e2lo=-sZe?WmcGrE z6`q3oax>aMzjZG`&l3F^2(Mg9AVl6|r1IH{EpcaH*ZL|Fa2s!SIh-y&^7c(#y^ zvpY{MeptKW`$F-4R(v`=QootcY8ei-U@^}{sqJyKn7_8CW*3{)XR@L`AHa}x>SrM8 zndGPOe*n+<0aQo{JyInO&&xj(Jc1Xk#H%m~KBIP|o#}9-9bqGFGb?r=hixjthJI1o ztdCd)CK+ZNxChn?FjEF9TOGg09io_E`wNP^LRGDX&8pwS5M-L zbKn`#FX|!AA=q|H{;cO`XX>1S{Rc^~HRArn#pn?JwHiK2|Bb|n1myO=olMfn<8gy= z0i_#TMu)sTcoeD{TVWgpGv=KZo4gG7!-K^qak4lN{OTk@hN2~I zArHNnPo%?nQ82lTM;A^(FV#oJQ>^e>IeswRfM^JtvACfaTd!_5a=9F()$d!+C$ZTC zW~fQHzV3@dpfeuF%6lSdTfWe2s+e>XiAOB2Pak}09MvghQ z8sLJn;2mRNN5RT+i-A$cSSWWMEtS!Bz4DJG=)>ihQBs~n`f=h`16uTOEN_Y=kaH(I zgCiOCG2Ai@o!2qn46A;OO-&M>mwpi==c_!Uzsx`qZP2Q(;S8kIOUYc#Xhm(6xO<1rq)Ga=ZuG0vx&f2)&&&J}~pAP_x z1>`hQl%2t-x|=+;5g2E3I1bwv3|?FtN9zUVyBS^jjhtHVPN}d)bdf43xnS0|3cZfK zwDm8;$7Z2sY}({q#AJ8#LFzW6H|6Jbtt7B?2xDyAhvRLu4>*NxS#tPc&*+Eob?GjN zjt9{5xClhNlA#p2Y?Y|!(fSu+6=`@dZ6gC-YBK<ZqWt? zKWZkrq{|0;U6-o#xq;DVouni|mK~S{#_{TAM7Be}T~a>E!vxA^;!3`VYq(0$Y6-qW zOH<{W39v^IumpH1h8G7=d4XDv!*7JdW$QPx%tu7ow;_Stx|AhwzudCFDuE=xn?l%M zevF5S!3j+JuKn0?>nI+8?=C77D~?=;x!srZ9;AwvpKF1zg~J^FC7I|~C2M_Bg>CeD zRYZ0>$P6a-vnKh1J#*F3SK)gbpIdPRT0d=JSTXEruYRJU=ig=wg@+%v>8`jcKr&Y7a$o&vX74_1$!V`toA+jsCx??`+RMuCKOdw7$>J{vXx%>;>vu z9IJ2E|5be>FHm24tiBV?9o5%b-!m#X3Em0GIN+78q#!QG)7df~_n;943e(Kq$d$ z(FD)41ZZ2Tz_`h%CRi0sP|OmTFo9{4Nlh>}n&4)ZARZIMZ;DqF*rN$XvIGg3AYoI2 znjkZppchME#sua~W;H=vG(i*13Pp*SAaPTongD%PvIMm(0eZ(0Nm5HNnAXf*O{f3nu8Y zsf(ImV>H3LEJ0UH&~;N+HNn%-1Z!A=ZkV7Ooi$T}2crq@V+qnQLE5G?HNmuK0*NK) zjtRPN>aHdj9!)TaCFp?(dTi>UCg>JTki-(CV}kTe>1qP>y~`4WNPsQsi3xgc>ZvB! z8%2)LTukHkx21OV9@s^x4#hC2%doNY{N3(HA57 zZtBY;Zls7Q5YZ1K`fcjRBdioL5+W|bh>JE|#3QmP;$n!%z=(`Z8N6;+Cj`ZJ6zxNy zeLpsL0#6v^%7ot`?rX%zPV$>P=Dg@>G%dO|^!iziKXr(WMrDT9U{q`U06Cz>3#%SL zZadq!O4K)A6R8tQ_2}|0f)ptStR+Xjvz9bj1z%6*Db=Azw{YIiaa^)EDeC^mVW7BV zqc-jckBhT@pqKn<2YO`b$j;ttcn9fMvgSh-&S+KPM8P-DpsmmutI#g^q*fIwvA8LM zFGsDA;)-IxOc#9Jc$|^q{u7Iv#9WtRoQdLIip5&J-cKyeog>R5v+pZEq|kT_eL0%;7z<6n&}UgF(9q{B)NFkZN$7<% z!0_rgIu3WrXUX%kP@0kpFI~rvNV#0_{*#$7ixYg0L(cGRs0ZlpI}h@8koY)H>>9x= zfQ?6$f}0>8~P|wr!oeF6}2k7$F$C72VENMm4QUqDMV@9AQbWPo~FM3q8Cn<=ZUqC@X9itKm5NdYe54 zuu{HbUqSXb#U9P@2wmTxQbS*CRZ6sx`yS8Kg|pdv3P!ErTBrWB-@3r(QJtFd4M<6D z!ky=-{fk(0wkFaen?cZ%wd1es>k;@0ef_(N-?yQ_a4swSX)N3qE&Oqe>dvB;;`@Cp zd`TD9RbCUTv@^rS!|ZX4JtWozJJ{oXhP;>9R|*5~d%#-A`MZjQK3GK(d+$tD0MogT zRq+eU_#MNujo6 zJ8t`aAt}X0s19nylXC%njjjPqqtNK;%kCu7#vGefQD^NfBN@`kg0%5%k{EarnI$o_ zF*@GvypG)q69&5LMde|Os63c~8|~K#(;Hgp=k;S6l%{7AaF5xxX_!vvyvQt8j!Wme ztjiPlDQfm6JU_e@06HxC4!O4r*>2T?aYy#B)r~C%!Fv{V4(IAE`b|&HM8ni5Pl);P zu3nVb zw8L-zc#hwy4XE&cwIny7Q|BFWZRi&~oRD_~rzJ3Dufxc)pj{dOci|*)W2E){zz*;q zMF8Tz`wT?Ye&M432LGc~{9oA){}+2kpH4*lqXvIuI>Y~g9)y2Uc}lHvAnKt`N1P+R zUCAo0PlpA}usEJ{n1H62E7Mrp8p@$*^YQei98iBp6!kmlMnYroD?=;Pk86W^8xlFu zR}BA~jEMg^AGgE*zlR7~zXN^g|ArrQtbYW3VR6d4ZL&Q@R5q_=+o-7iXu-1w zLRT4XvP!bO)-_g?%RLXL#}x=qRJamVq@8g13o~%@)!|v3p>y2>m>)k)L(djhKeAW_ z=sX?n>+l!QhC^-xC3mNUM>G^<15R(D{jRfk!7_M;*@+9vl}KcL*v0-v(UXVgxF{`L zLy5mrW~Ioro;p36#VE))y!_ZQnsdt}|LE;g5rhI=tQoF;_$}q0=9TgAqj2@hTRD3b8+ibksh`TbMc0$`kJJ3Qy zLK?cK#~ZsrRP{Vd_5psB2388*AMl=uz9Nb*?^!x!bk~P_19o!}d%kkiy0NFo6`mjT zxKxtAgYGT!8yCs;<3OmQ?5>Zkm#`oOH8&*Ly+M?VYhXQ$RNlbWgHTSs6{I$=ssQ*R zbqzC5;D5+$&pqLke{;wcDm}N3Hlz7n- z$Z+PLaSCHw*s)>o`F%+`NxwARsXy=3pK}gualae7vX#7v`b&CM;j@r*CiNfkW6IqG zTDh+Q8$U)AIxonBzijwRhd=WMT>)Asw^fSrm^`#5#4gj1p)sY{kIQ2U=<2)z^kxv{ z&eYr`Y{*oJo^mq|9cV9%SBKo9winI6J@pGU*mW-|_d;VOr6?VGLmGI@HE@DIe(k7<-r;7}N$o+MA?v=x9haCeCyGy0qAEm^TTS*;vGSlP_PhE@n^_^%H zDtd}*bZETJStTmgY^G&D(wej2(gtgR-c=L62r}g!YMae_h}ah$@H&Io;RqLb^*0;3oGt{Vf}#~p%=XN2%le~HwffLm?SJ6X%Kd(FQkz@ z9+|sVl{a8S<}rSuryEv^saIqe5YP7ahN-Ih?qlJ!wJbgz@4vNR{C`+{I>kp%d@ILg zb7K4wZKfepc;vlS!pf=+wVTxQr|90Q$d9?u+TRzPmqG7g2V6$;iDz+ooK<+D68SM> zY9|%j9PvJBS6x2mUb^ZF_9vD@yn4D$zMqH_6H$#M?o+0)9`|34}TJXNX3^M^`$J_9p zrOLNSf2=8zcKBVq2D%+bv=0sNhtP>TlLuK2JMc~U7~_YrV#n&$VyQf>8K6koU#ZL; zRAv?`e*K3-=2(6nrx-rZj16jw^x>+}`YD?vBCg5mbsqqERqK&=m1lHDOo3{f}(5dLmg5-X;kzH7&de6B~Hq#`cNtgv95v9=s9~ zA6YmQ(nxVN*0Li;c(WzcSWD^zySWN7oF{0Q$MnVwVFl8NPqmM;T<1oQDlFUy})Z<)Nl|vwz2SdJQ!L{UdKiVzIRw)0#LvW@mV_SdVTmI zD``N5>Pp9p&#ywELX)C4Qo`wSjgNt0ljw{?$y~7@;&pFO+r}Ga>~RdjE{0 z9Wv{vVeZ>i6e0mJ6uKuO`mlM=7^r#f(TF!Fe2Iyg2Iadtg{H^RLHZpg1fA8ivRzG= zvziu;f(~0lI2uRWnY-8~=Q#Hg2%(+0acnEo;l3L}XdCkd7BbO2143vEvx7_~X}Q3UhC0^gfP;9=tP)k&(Q&Z`{$ zTVd)xz#@FrOutNoF^%pFNvDZL-OZzNATT_LguD-FKdB-2P&f-U{^F>kv2(qCT#`qREPF!a4&cRoU1BB5KZfU54Ls=~JRu;(6X3;Lp8P1s|h%?wGG zv#g1^d*NdMeBjRDMAYe5iDGJH5*aB1Fm7`AZ_bQS(#T5In(27!BT`9})Wo7PSd`!m zGrh|;gr?^?FR7r(&z%vzo~Ug%qc#xQpk)?#{10gB9z8=&Ryoqvah0|x7-_3-lS*5g zSO-mpm|#K^r;nF)oVFsaENjWNNLzFDL|c_eZ+#iPrFLp2ZP49e5fa!jfv>@R3?hDS zLPd23ui%qVRDXo_N>W2QsON=7s>fv|8ceNhLgfIHkzl@=mJ2&|4F2KGM2udvTE)7( zj>mj*_ z*hS1Or-$*S>3mw6&Sl9m)MT0JT_7Y>x;hIoePsdL8LBMEKx46$1vwPkxd0Za1tO0s z#3*aYW9V%cgi%(rJa(S45+Rhw&Hn#6MzW5R zimlzX1BMx1OpS~!vU*zdu7@z6P`VnAQ@qvg%QvF%#N79zP#I%<8k}XALyv3St*SR~xI0>giQ9QtP z(z=BXv-9ma?m2d7tTj?)m+eIt9`bj$FcX`XZ#f^CVyWF9sZBg=_2zBXzkt! z&9gWa7c|tL(hFF(lz(awdXf0?B+B-QlDsRDru>^<{*DtX$I=S&6LOGR#&1riV=JXdnV7$G!S7Q3X-OD!I@}H9Hf{-^l}^LRRHxxR zp8)3_42hp6IACzU`XU(;;>HO~!4t#SFnJ8ZeTUr7TRp`^I#=g*%Pv)c@dst1WfP8V zF@KNifV?yCQ~b!nf`wo3A>h%s^gHh$j$E`3tAK-OBIT+82wJ_By(AO}rQC=yF2k)y&e`rWZIB z4Nv4oZYpf@$2d;-)$~<#v#W9y8C@r?yb8Avkul@N#DiOs@Va`*5@Tej@I*j7b3oKr ziJr19R&sJ6j>at$VbvK_nU#xcMR`^bcUJW1$i%4AOa5gkmE&lu1p-hHu7r#nEX4rr z_&Ks^C`uPEZDH5$0L{G}^0&@`-#h&F2yo_W7G;Kt%{rY*Z%2X!TTr;!p~efVZb7|b z|0KPA^)T9a4Fg05oKP_x_EefkWR@M!3nAIHbCy@MAseAj-;j+2HBJ8aKGyIg~q`-8v zx)1#7#mbU-@TA_aq{~mtVwmZ!m3Yr{CA&Rk+Qq)svah#KnV{sAPtyk3%GY=%c*UXK zgIobMScT4|1t}C-m=aAe17FvoPu0$)8_1D%=h7U=`SpEY&7_ zohQ8LQnLCIT&+py*Cs5%50Ic3`ZkTiadnd>agjFh4Opr|w1|l>#fA;lB)&qMcmM}s z3Mqx7VrkHzNt>We+iYZMPs9|+_g@i9d&sCsyPK!|h|;1^7JNgK_FZk-fAh4@qUa{q z1($0QuGA)ch#kNMC8c07W^iHCZqTHjp-nv@ntB5&xZ_&Fy3s&G_|^}BZ1OA7V-&`h ztme2Hjs+St1tw?51oJc*M{6_YbeK_(84ECD zBsZ4PsLgoB&^BXtH6!wfV1*{*E`uiH7K7RuB|7qJ0n2ED6EVJ4lWUze*XmdOM16bF$!(zFP>NL5&(nWLCn>D#cWaE7kO|G}Jxn7`L#X*}; zx@s_INjUig-I$|f%@!D97F?dl=ZQJweaBbk?gsPxe7r4q z-C?pV%{g{ zByPql&$F|oL$0e(e?v)@&{UUVy89R&FLZknPo(0wL^|yl-y1l;4n@;nai8LIv@?O> z${J>D^T@hkstA`5HFTwzdL85Y2!VCDkI=|9QD(G~WUX8KkhcRSGX8j!SGQ&zLP2u@ z+2_y2t#cH|73X4EkFL$%`D6VIbDUN`aBK$g=UL8U>b-sL@vjx6L|p1g=V$+I{I zmU@3rpnW6H;v${kYbFtD9dj@6cy=nka!Ds`!SS$Etn`Tn23@7^UW0lo>p(C}cix;i zxe@Dzda{)oT>BwjS6YWzD@jopt#LCu_v=AyE@Q&3y$YA+5LTm#((nxOu&A>dc$#@w z%uYZ0N2EUf2w}2*1j4Q#VG7^2RvDk|Y3u_;_s<{k(n#tT^+1Axt=iM52RURb`>Jv% zW9F$|p@51y56{#EFMjuYghTC+Pi7d*D3eHsiQOm@@k4C#PXGFFg z7V`Tg{nwK6poJ!7Sb3%hD{%8!Qf@VGNTEBThae~E5sw5s|C8Px(Zee`c%|)VYs1($ zLGUfdDB3Z=$4t6XMXUWaIP zr&;xt6g`BdgJu|LpNIQ1o%iL9Wpt?=_0K)!2CMwFBY(fJf?W)$G%}wIm=~3k=SHgC zEA7I^W8>#q17+s9?EVJIhyL+;SV9Xc*u2pM5Tqo_JC`4&`n&0?DDoWx8|T&TFL?FK zn_2D8(glr51B?)=%nRRs(csA6Ev&%Jp1C&JhrUzfawxf5*T7M9Q>q^?l#YtCCVp)N z5zi&S@1?Fpd;U45Fz+ukQcKW58-Wuzf|=sR6LJ!(=2|`IED)_7T|~jI6P&Ec2;7|IR7Yp3}015i+JnKmYGdg@Z{$T zNXG^(A=(r_mJ+=FC$?XnN1F2=QzPeEBUPN{I0;J%Wfgo+;PI)405Awol*vAP3nx|5 zlPE#nJkP)=#*7p*7Y}}LLpIt&1E~$oghwmT3a627`WlK((z8C=3nX%JYZ7VDweFNtW%#n}@pt@^KH_`zik(39Z1J%XC8D%fL_<|1VwVeP{d ztlw#!{S8B%L}b;nV$#!uH7{8lrspn@aNDK{;!`X?h?3-S>rBf%6%M3P9c zB?k0+pl28KbIQkLDnspqNR`_Yo=&CBT`R{&Ej%@m_ZFp%d9h<>(J94lSY><_&eVAt zQ-xKlAxK6qj|zlHvyICg`l`^vv)I-qyom}j>~8lfCDfNXcMs3zbb9GTuDm>(ajw_7 zRx-7SkO#|;wkU-9n;UQ=CxpmrO)H^E7)d@gP|JlMTcXhD*-XsZ)z!Ksp6VcuE%;Ep zQ%zo3Ma9!vBp&7&J?9$~i3d25Kl;-wIc#?Q`s4FxV|hKkze&uEu}NjYJgf5X9NhLD z{7w>d4K@YI@D6su1+Q!7!mGTwfDV#Ann91}$Zj6mi;(@KQ@pyn8dVLjrX%I(+SOqbOM*nB&X%uQJ(rkmm6F^ zEN1mU*~m^~BCcg*fx|&Jy%#DyJk1f;z{&*N9}31BxjAa|r9rpBp@~OGoNzVW_G0(-XSv{MkffGUGU$JcJRlZ0GZ7-1!igYH|j3)zIN~gP<7=L{7g6v zFTcX`H#`N3=`OYW0Ak!tP*?cLs6MKYZF&fR2k|ijUT0Cz1G0%*X*?nUO#28>+yno@aoq=(DjeXc6ch+Tgi^MW8e-15@A$flhBF8PfocW zgwj=g07A#c7IJIU^jZ?8cjznIHYb`z^bhZPXC~d6=*n|#)8_geay7Keg~^X^V9B4* zCO-qo8#_$?5l?=HHhB{yZ|*SpN}l{GZSu2_{9K30r}N|q+T`aUc}s`Mvw8B`S2f8a zLTPe`shdA;iA2@Fo;DKw}tsa=J_!Lsu3mmPV+`V)KWbZm?_JMx#N zFY1j}Yw+?xpDJ9krYs+cd(h02HLO5acVIKKjf!o$XY|looW=35Z=V|t$}|Q)n${Ar z`5)9P(#AB8QAB0~fW@zpFGhk?GipeSlwDBfH6Z1+165HK7W7SmcL9 zU*qKQ^-8Af8m>l_iQ0~gw0C&Fh^^qso-&|!d49h)lR-Ga3!Ef{k**}pn9D~{7-K_|i9>LdBFpZ)0)bhYj@qqA=(~A~%aw_9zIFxQR zqVQ7r0;4rD$tW%lltDKJ&wYs=M9GRTidFtxa)AZ~2D==i(i&DyA@{e*qUWLcuqY*G z_R8PzU_!(hqzg!<3CH8`?p*MNrx4gvs9x`XiX7VH{|$Fj+{t3)^7ZP81qvL{lnl}- z&A%?2?mMKDYH&Cijq7aq&v`7yraXieMqxz}oOUn{w>Sd9co-}r$L9zuN>Q=8e5AEN zSb_Q|BdvunzY8mVp!cGMX<}tr3rYV?;=VFbnKVP}Z`|XkESSfRHwr8?>%pLZgqqn5 z_1V1*t}YmqH%7;U0H(3IWh(9GNsRV!^D4ng#GmCEo%uh z!#H^RhL%X1duL*0c@(m8^!THU&vx|hR>oT6xg2dvMS*t!@R(#$o)h5bt@QMwG=XTE z0Hv8OI{T;Wh1LrzT2Sq)6SEkr_LShYLuhd16LiSs$`m~taArhI3*O7<;#4`Ff*o8+ zofzstL8rvZl{x&_DP(MSz2^__PvKyD6m4KAxpdH6g71~I-_)>@w(Z>ARiPsl$!+X8 zsNh3p0hnolGqd??>p>trBzgl6nY?m6G)&a2o5OM0dYo10Ea?K65x0YpjQ;H z!`17AcTl`nYeDSi_sP&!@B6*~_dn0?^GI{fUVEQC ztiASHYp@$iJW9`blb!^&qkd^T6z-1~(izrbVnqK^E4~ zK@IQoSa=31;yZ0lyAGPL8{-&s8BN4NFTYM-kIz!<(h@5CQy;n~4`rJ5ZDc_7@Uk@4 z(API1M_5CTFbB(V%xJ_g*`Zu*b}1{#{+oi8^--3Nn#wO+$sY=4)lPv>|k z(!HkvUjFf2F0D*tK)!eRl#TYX1xsVSgFYQ*eOk)gn3p&H<$8m z-s)5?!d^~@m#3or9mx8Zt6FQ<(x=T@|6X3p`gags{`}53o`LqWylJH$8hbh2m@%jRyA!azcTA z4t6SzsG%ae-d3%{?|`$jLWi|n9r9(1ODGbE92EzRhGDo3^nLD{3{uh zMuv4CFM|MbU$R^9tszQNMWUfH>2oyOog6uu2p=_%+ISCTPSMPxTAKN0UUttot+xBm zl9J+(jh{>ErtQ@B3^d?!w^GI>`0=t7oCBQPf*jRa0@WffYeP^>cQxY#=FvyiN9|RZ z>4|p#)y(KbKb(Nhy9shzzi9DAthkJdKV`*bvEm$7Tu#Mru;TJqac2`1OH}+gE0$u# zpR!^v6<4rgZ>;zYR=kjkuV%#yW5tiN;>A=vg%vN36<4t0rBs~DikHTUuV%%|s94X6 zm&J;wu;SHJeDp3VUL7mWWyKq*csDEF7%SGZ;w@DCEGym;D?ZxD4r?k7u;Qm;#k*PY zb}C-Ninm9LHaw#pk>K;yp!Yjw=;sfpfPQKa%`GcjAL$gVciH#34zc@g_&aG*>=p`)8 zD5`T#ouLSV8cO_5{J?{v@K8MvKlsy7TxU1$69Rk4Rm|Y)$aSasI#Pu|5=qA*%YZl& zQQ<^eWI#OqRT~^ClohhLPidmBGuQns{G00jiYKGSW6NFN;Z)Y(t{Af$XYVqLQ-2cU zA&+X1d<}UVlbSpnlP)FwbZ^PvP0Orl4=M|GF`M>|kQ-mh_0p(M zSoqraSe8jtPOz2#B&0u$5u5%ChDGCVPlyH`mhFIIt_jYd3;!OIWLHO{oz&LX{E=e& zcAz!#G;fm5TcOk8y_W~)>E?RA4Km%`EwY6w7djp6x?W3VCD>N{Zg>>&u39ulF-k0XX!`?!nl2i^qrvsd_@t)nW`SfQu!UbKxSHbdB2h|Ye11M zDC%X?RQOR`hnJ6-CK{lij{l&0x)d~h`A3{k)1f&WkHb6DsuaF!_>4dXZb50)M5ULMuTUmTBzR zp@1%wFL>Nk#F8TMQQ~#ulAQ*FYF)mW5-w&fsjS#xFtEfssx=+nsu{zf+e~E`t@xYy z(dQ-RxU5(zDT@{_aR|59Es=!V_bm}_ZN?wF@znu%YDJ%2_=@ipSYY{rh zq^otZ>1Oy{+#V@($|LUCjgoxnziV*Up6#Kh3qC?3BbU~~ON`_j`Ur?3dNpO(vAwTW zW%Z0w-z~l?A7(J4AJ({;dhkm&^&m}cmQ5k}?asv1FgZn(U2{=52+ev+_d$W)b2i3J z+Do`lz_YJ>yKJ1U(eyVchNiwpiOg5Js2xzj-A8INmE$k?Z@U3uZx4>sh2~D}qiZtN zCKYi8Bx7UrQ^Vm?-S5+Qk7)y4ox?WJKUZZjdFMr@9Q<}=7W3uF)h@bv(WkTXMt<8F zyr6#$CD;kwj5GEL5zb?wfwUR%^Xlv zuXB{txo-zdFEO)Jf?Tx?!jMWlzhoxi;W#_`)9gS-&Vw@tc!R84fj8Kq1;oR^w3#!| z^)}E*#}eLlr2!<=@O)Za=Pl6*TkFCsFoCHZ@S~dLe?k{lo~H167D((9#G&BX|GXt% z7sRSsntMoe;lEmRGG$?_j^e}vb$^2b8ep{YXEU<~DX z(X@$!hj@VeHzAPP=s)B+0`f%A>V*$z=O?z-*QppVo(U@aevG7nEE6)-CG&;qb|KJ> zev@u8m~lJo#jN$Yu|Bue=cfAHQlA^@b31)* zrq8YPxsg7%(dQ=m+(Mrl=;OZF-%r;IyUoq>xplr2v(DG}aHyG`4~O^gok*|Yd|KJ5 zk~8#uluRV!3)tkLH7l}M+D$D?T5NwL#2Uc}XOdF6jYmyN0`zUF^lMY$yKAY=O+ljf z(w%VmB%Up-1jzI{L+NI(i_Ul+^-N^cUU8?pc((Fb}n-T+)t0u6Up@2|H6X z`;^dt7w9TSB2RPAFqYYC0$bBK{XTEcy`y>&s%tm!>naLSs#KPd+7g)RP6`tpIyl4# z-Jizw-*kof<3G`~);$zOr_RtTuO;bxr;=DkH3QG6Mt;|rKRdX{7)e{Q1HJPs1c^_|-^GFH_fy&^fL% zdY$^Z$?9PWbP_DXth7274M*_51Avtcs`{hqJ6S4hc*{sGxXxh4j7qGU{eV-yZ?bw+ zQsi9H2Vi7~4^QRkoPxdHDeJ=bL4_LHv+J18M%))BFm9>xie+*;uq^xd0gofoL{XVmwg^FxFUIyUGRY0%kQocadn z`Ef}YU3m=lMYzDwYX>Qodu7AdYAv*qC2ZJ5rqiaO6(e*Kv?5U}&S2$^Y!sH^JHlf_d#-Uvyu5Pp$mz}@%;GJf7IWCcc_d5{d>Lrah=O$npPZs`4FY$7F$k=$wC z3;J+deR{$#9*6A}p0AZ#uzU;gFO_DRUmYdTrNU|re5CfK2*4xP)6X3Ic{x$AY|-AV~X1?Jz};Z=<7`0*Xfw{uM#;DgL^17>(!ba6D?Yv_dtl5qHD_zX19TuRS#Gm?HoZh4CH%;|N>^Dwccpv+Xa~iH;ze9); z|75>$tl{VB_-jDa(0ai*%gXv4SiYY9#$}FFzzm@Q4!`nFv4H0J$T@@Pk&Q0DjPejE$Z>24+fkUkf`mW=5BXf;rLoxA}zz0|a!nqSsLo>D4X zp@Y76?MplJEz+>1LP+<(2K(^stB?R%g;fIX(Qs z_VP4(=wJ^Q(!*i)Fp3WSN}QG&^qG)K@!z$Rq*9FWBVn)*_#?QE0qhwJ%J|CP;bRAW zhzy{PRqjM;fj-3UR958sMh~C|3ADpR-`GnJ8`J5bx+`juP@~aj_q#}&pIyOe^DlV0 zO{5v%H&W#ZtfhPCA%_k3c6vC*#_}8+>eDlbm}o1K>lr3g$<@gGws<>DE9QgL z1w84v6(e9z8TW$l`6(janGBrjK?e4x&Iiao2jICsn!$Mz^^7_myTyz zK8Q+#so2?4UDn+?VZ(Ofa7?wY@IVHQSV1;+;mQ9T@k?UuNF3*zXrUYFzhuj7d3+c9 zCTg4oKl0kMm9hBUPyVibcWuIVzjyDa?823u?4#$ik50t^k-qvIvE6RbI|SQ1s&&RS z9CIv27C=a`TO9Iq%g>^4hh0Yr$O&5Td(hGxgbk?gko!86`8tbu>o1MxFZK%)oomMe~t*K=PkLK8RHUAv4G7ie#>y(eX%m3B0hL#+r3+?K1@5V9uRSJ1)xZ^%Klp`$v!Mne8(_p zSp5&lqVF4n@9=3`>M@z#c{kD5y$U|)C7C`Cv#ulCwyy-gpG4vsd@eo|$-sz9%JunX zj3aZCLrKqv?oE0b)vD9APBrr+--_w1m!lC83bay+Imja-IOQU|`THBpII|}>pap9F zMUq9c_94$B4tc1gZ03@I8^7875`OdGRV*e^mM)fGoOy!k0lpv(ejCC6g~1nS@YhG- z;Rt`2C6YUc=IACJ#Y$y)Wf5{BlaN*GHCK^ZI)DyNu#jZZ<1U99n_kowsfb2=;Z=OZ zXxh(xHp_BIJ=9cIFoC35vIv4NxA8BV(d2RKq%&|B){-rbdjYgOzFW)xzLK{*f)KVr zYup0=V53XZq9#Tt!ls9kj0wg@m_xlO8HLF3KWME^I4YZHzu-9bZ|D2PL!UY1zBpzt z&_`14A^V^0WdCzzy#MOM+quP2DZZ9Zp*G@ON7OuM)pmACo`xeBbS0V6T(>>WmMi&6 z=Guy$!8DMjGVb0QHPu?BnQBd=`=NOIr|sNctL_SFId!{cuk|u}(eVQB-Jh?B*=v3I z0=L(?j{&{^0>5s&`-%j6tvEBR8@L%(u`o3L`;We$*NY^H|~m<{nd&WH2bT8 z4C-3#gQ-^}+F!vcea=i~ro6zf)V{fVT!Kz4F-#3xM4Vk>l-MKoKYUm85nB)69JAZh z;;|>@d+lkzDesq>NVJXKzrTXKGW@ZyKgj#Lcq9n^;UF zPTr@HP3&r_%*ob{R$@ls4{~g1|3y*KWM=O4&BE^HPWjKrnL9Ntq}zXdfIqjgKZDty zvFy(z_Q%QoT$PQ-I&yQ^nWpvkW@{SS^&6x1id(X~n^^t@O)OUdDFiwBe{ElR^K<0? zy)fQ>?y~1NE}U8Ld-j#%o{O`uJh??aSZ|Kc`dv)CHAEgZa2tM)7v-pXbfTqhA z5Sm{3BJbL@_$+gqTpx3X-oY3`^w8@Jg%_ltJ;V-w9SBQZz~QQ`scGjDCt2N|Z_>Ve@V^yJ#BsE6Hhi^|37JA;E70e!sXI>#mari`L0(4&jJRXC;Qt5D9zYBr#@k1bBm}{H4FvK>x`nn)G~(Mf z?d^U1Ek#gm(B7`&Zz;;|-`QLD8hn#NhdqCDH@-3Bn~nU-wZ&va*%OzivS?h2B z-Alt)(v^U5qNLVEuAv{kI)kJ(fnd)blAw+uV&hLncuI;~$e&E`WCX#UJtf1FDKdyZ zrNC2iB%ME*;VA|4F8Vq$&~_tD2pl0xkOqUeQ_mBhVvN7DZpzY8wpBQzc1Sxtx8Hix zZ8y1Zkcyjy*Im_;@2Bgf)Ou;B#(cRYKx2$9Kx75lkb+zBG1Sjt)cHE}?qL#(eoR4P z6#~U@gga>m2=?YkilhWtB*Y+#uT*8%6{{Nqi06|E%Y=uTT=F-LQC$xGnJAWH4(Fp; zdd4AyPb07W+A&gnEz6~-&nHha{#y><^-$=C5)vp<6YF;`tiQ=&;^@+C-yS2y9^O83#CnQ!%NQSt>c; zlpBz~QTxtO^_U0(zH$}|ynE*y7I+sb^~K1$0Xrs3Wt-Y@@zerg)A+a-^3;NGK0TW( zPm!B!9WhG(x`Ynl(4jli*abh5yWez=>Ww}wjmxTx`pAQVKfpA|l2W;5#J$ZpAmDho&?18|P@+!_jYy zQ+W={P|%{(3QoaxIAZMh z%z8w|RX;sxUd2Au>A^#Lz!S`vJC)-9&0)sesZn03 z<8dmUK*f)-;t8?hPgrpo72nH>%VNd5Sg}OKi&(J~D}Ia>ms9a%R$Lw{zLym*q~f8h zcwww~5i4Fy#X45JI95EF6)&aYBeNNwoT{;9Zvvx*r1P9W=M{gx9*ojbt^RUw zYMV*oUN2rm(_6=Jhn-hv5>Y<$NSqhZQ!~4J5q(tUm;=G9Z%X;b=C%S@;6Pd|ED+!Fe1TQXwnmQ;2%!;e&GD2WDKKj<=!eKFhY#3%QMZH6dTM()qMY|yHm&Uq? zAz~;#WK(L47%b?3?}$;9o5lK&K@@iV$0YjNbRH81Kffx_;&IsIPT!F)Er`DVSj74t zjq(BDpT!C9xd(cW0w4X8+!We?x1aTLM?e*9^#H0+o%VWzC;h~M_WDfEP_jX2uh)Ch z+Us-OmhhMGh($#py|XY|-qM1%$LaK*F|d^eppRhCbxgJ1h6-xMehiQO)J~~Boa;VU zdQ>{0Vxo&tz;|Cc4!$hi)bhUTS_>49yy*a1U5#qJsSf`}@{13iIDr5SWm5&zLrbYA zrTTAk-6_;c#E9jR>^g=KWPM+iuGcp^s;x7xF_-)ZWU!=e`Hj#4=XG}Ye=|jixv2$*<zaGSD0GVruqKTpFIfLh8U2;w_>N@hPgRrdm5(26j#OS^j%b27Jhay2jd0g`+i z<~lSw#Rv@q>X<-jtM?yrTQryyugt!im~+Cn&%!-RzCgCV3|z zvwIoL84Ceo@m$aG*ob^l%PGWTqq3gi@#@)uy49D$>@oa>y}C1ozxDC>Tfcm)be#*3 zmxVaGsg5CUomA57$%;CSa6DYSh#?_0D?dy~xQQd-dWMAS84~`aT5lJ}=@csU9XTbl zA013d;MwkLv9MPZPp%gqmEXx$Az9oAG<)hM??I#F<#YWbD06{@R$MZCocJ< zJC7Uwy2m@1pdN9c)*)tk0YFaqV5oid8I@VqCq(XGp~41+(eB|BNx3waw}LGWlazJK zm~zN%b;|Di+~R`{xx<0eIkXHopI13BnZib%|GoS!4i+c_r^%{K1*Y)2?TLI{_;sCT z$^1H<`ycZ;f$}9!usLB4G>&eQB9^mBSsFJfPMDON_@sCS@BvN;MF)r@TMQ%f@{!HM zkrg!J_J|FyY|1!BaV}yM$JaR*{>6l@@ly+*3O%_hHm|YtDB8qe^~l$~@rUu5!lRK| zVRmwyiessZ{4*I6u@E~R!6Ao3PZLRY!4&nyWsKt|qN*W{jc||T2DU?BE|%h;`!XA7 zhLoO^(DhCp$R)Rz_)3`H7#iuz8%bUiwrY#ieM9tOpR*df0+=mQB#3lLsqSFu22nvQ zE+s*?g-)XC!&(+wR2NrHnQQH<69P|ap={Y-3M1i=Kf)EYqJ82+budF9c)o%CF*hJb zU|%gM^Org4fZmVxoesH<0%0Bqz42}`kb)a@@^0wNZJ78J{Wj)G%Jeeo$>qdh&n}bD z1LcoI=PxUFD$^Inn@|h>gLKJUZV5lavcG*=ID%5XK`!2znR;Ez%Yvs0hIMB6dXF8nB}%Ebj`u!=#1ilkIhd=Lh{7Je~lp) zv$9(jNGnFfEWK&dIE-3H(UO%E4B-PHXhM7k#ss#b#`~H(@<}qj(XFcCe=}p)X)<>c z{PtoJ8qcTa*+r`L6ZT>_dy%VJo7sy@nco&y!*lpq!urb=Vh{sVT?=G|%PiBwY4AX^ zFZoWE2^3dZ!y*c>8KkQ-%&1J#o8UL2EK^&~GJZw!CAr)j-b;%G$IX?UD)4!pixAc}F_%>-!o0>m3wLBvCE*USmnwoE*|gcptrK@p4y9|!90Jks%Xf1 zZ3$r2?99u1K^G@O{Hsn7mo(%ioYHRRoq)Z#-C6Xm-hhn2aj z2`QgDrK;^yjTXWG7zMqZnnR!5M6qb6=F%2dt)U6<<-1QM#GLwnO>Zl|3&q8xbm9H? z`yj9^jM87H@>B=e!F}Z!2t!<`#VZ>H1&3LI`)sjtQam`4GzrO1HL{0))(@uvv*hh!nJoK;?#OZXp9Hga|a2K;}Nbh`9`R z4^&=;H&hPaz4;cMdy*tCIt*_u(U9djmW#Q`PU1W;;!XB)#?^Wzge!HLb496%{4#(@ zQX1xkJdcIo|A2X2ER4%#!6_Ve&R4oYCJOft3Jz-h>}JZ;wJ`MP9YD=c;Sv3w;+YV$ zf86W3_||-j;QKe)3@Yw?^UR>}9|WckN%e&$aPrry*3t`^ z82A|42->fgr=wNX4qlt;`IEFvDq5XXUgt)w&OE#~iLX=Mqt1sHusY{!bzpH!Qhc4k zJ?cEo>!=1^=PIa^9bboOtm5n3#_PPT)d42ZbXbn7^JfMTo(&bM=+4Is^OpS~|{ShDM=Wtp-Z98AU zXAI1E6lwh&BK4B|sfantR*y$gKg9tD7#)DhqFlQETRa~7GXn_y9H8?va>;LN7JCVF zeu0IcCXQ$Ezbbj8Ac*K_?i9_LuK?l^xO3v0Za23*HHoN@$< zPOwN8A#)b|pVT-lSBD?)q)T!ebxuAR!TYp*fpNNBqK@BCUw=N?9dZD{e=p0JmCH{d zAyX<6GRtxs%gS^+StVE5&NB9+92de@(V=svpw6i=E{8hM381@_CjI7j=)j=#%1$L& zC;%D<=ch6YIy@^EPPu#x-B5-n%>*ISmR|sEm9ujPTA{$so$%@~@IU7<#CVa;HoFDy zb&&`J24HN#m8UROXOj)n4Vipt57K*LW!V$;|70hrHk6`@xH0QNAz7 zNWx`$2?bSV69v;4n#^tlNn`3k%?D^P61q*TPVp zOSz3q)+rp0D_D{1fGrREkHz>q?5z zIIBRl-o&exN=?zLQeS;8$p&q3iidX0!Pqia=Q!k*Krrmf(DdD*81o%+vP&MHFR3#M zA|rrp9tM5Op&OO{I6OSKX{UR5E$9om7WEc_B+BmuP4!3fn9AEn=Gmsxt$BFvP8^%B zi<}kpkN1}7+-`Dd_0^F#>rHl{%Hoh)?EZu9BM!9=e#X%oC_D)NXJ^4b1ML&D`+0Ud z)OxC-)BtwKrJ)zVD=A`PsgXHSQc=$2CHrfpQ@x#>WSd z%it{O5H?&&9oUBhA02-ld?e`)f^fC`S64}wOPF>dGB&=xOYQJO zrZxa}^7!bQox8@pf1W7tHt_)9Ll=IkKoM1iz)wIab1>G`!nrGqOxo)HUF@`k$DO53wA(CP`g@F)*bM(OfjpcLy6-{FU zDR%zN9R7a&128YUroh7#Dy)l?v3!_-Z_YlgV%-rV?9r?Gwu;^_1-toeM^pV7Ov!C3;W8gkPsk z_>BO08YX-toA9H;IteHIMl8q44z#;RIz}}(Do>&@;VPJ`{upP?`svDXbfn3xs&&n% zadF{O;;%G*V?CU3h|7%*mYp_m5J}7@p>0wccLM5<5hR1NVe<1w@yY)WouJ7ilzoj> zKd!~T&Lp-FzD}bM_&1Bda_Z{%71;tKPZGTyIE%X-zOLS8@e9w*0ClA{i-%|yE%3yq z&_z=?13>P9DZCLuRGdNtVRN@?G|tunnW z4_jUO{X$?aPJ5dc!Yh1+?dotN!?e7FaV?39&-eeU@j+j5myhZ>xOp6%kTq1@`OY!@ zo$`RlV6=a9bA@HeIZ^vZia^p0onQ`zE{dOnNGZlw`5*MDM{oSgG4lEUWajq#-psu~ zGxv0lnG@D6fkvXU=ViO<5?tOp)ou~cd*o*!7u%I9H1Dk(Vrz$t#J$$YxMs@Z?)%XT zJWStpDcoNnXx;0}2SL}$BA#Gm!dHGlof~Jy%b?YQ6)gP$oPQ&<5OT_F3*HQ;ht9XB z>6)fncyj17%ehYY*%5Kf`Zd27uPmw`ll1X9TRwIwuXve1s^A}^XR-a1N|rIal5C5D zXQx8ncUd)=v1kNx=;IraKVr$k1^-XXwuq&mpUo47TWO25sn)K1#%dpMDYu&&Q}m?4 zt&heGHw%FSxS+}n7AZJ?f(^B(V@k)doRM&7?nuJyTK35!bjNhMQq+op;8ZR(?WWlf z>|X$%y;zdhqZg9otHEIGAcEJUBTCh#*&vYl@qR?2(2jMYxm5@}$GqoI??4L6t!SXr zX%GTFd{fdOY{nn$>$#@v_7oZ&X~}}tJ4^F*VF_NrNJMhhw~>e_b+<%!C>6NayRJe7 z#e>t*bd3QLHN=_`Ox@&e^sd(H+(4OYmSLx>^>DK6O0C3ewpN=$c0hRSt+z1ChYU>8 z2VBPb?U~H2z&%=XR6Ro~T1+<~IN)@Dv~Ft9C`$6f7(GE=Pu{BhBf`e_$%=3OYG*Lu zzyrvWp8r$I$Zpq%;z z&20@BNmSoO4sWblj~X=dL2FAV0W zU!Rz*WV)~PDK{o;D3uiYo=`=NQk&d!2yaq>A$7?ecIfKem#b<-5NihMq6_ZXZb!9( zE)_@rTD7)2mNP8CNyHCcg#7cU`d!SkV@|8cjqK-OZgt@3t9e1Qr2kZsH(@p4o+C*h z<;tCQ`IxAFAZ^2ImB28JG@}32DZjLlyK_Fbg!v?Ap*wHsbjHy^a1r1es2i;Ya=V?j; zU)^N|at+&j58l)z-B9k7wURYAI7fY1u^1NY{I%>VZPMjuRIw%>4`6ga0jVE%# z83`zT7?I@I1m;|TH-DHHX-b-o!;R*xv@gU~Fls?qL^l@v{MI_O`DFLSuxg(G8(Aj& zxv4C-sm!bDJ$)tlNsI)+EL@FvOE5l4lUR?4G70`4PpK;NR&mNl(PF2$4EUy!Jwo6^ zvaH=ov^5ym!nfYe!z^KK4r+Gg#&9T^k)Ysyx|Ba8Y#gVL&L;>{brt!Pj&@f$k=IW` z(wr{UdEH^yXDl-rteWj!B#BFr84K+wG zb>=LZI@W?qJ`ysl?NVu*s3-AAihcV-ee~O8Xw#p%opJo$xCT^fWJp36F7DBVQNGgW zmthxjwJroQ;RM~;pG_OjT7K^u-iy1a7xu+Ah2fnXU}qPhZ|JSkG{&Z$3!PKUO1aUd zl$mWxdAjqug%+D4<%l)6BGx7?%NBiMJ+lZBrqxT^pzE)9<^cw!*Taea9sHcB7~5o2 zTh7Zbv!U7&J6J^7I&JU{CfjuWy_l-Z!`28LB%gKR8Z~S8+vvG?V27Ue_-kxgZ#|W# zV*ySzpwP=4;*YxM`YY>M7=lxFyn;gPc(mRjNL@kWMoF&O5heB~*8BA=o`w*(x)b)~ z-KW_u>{Ef1*)uI}#R3P2VELj~vZcXuSQYv176GX-3a3#u}JPMmEA?jvwn z5<6N?jm;t$gr7pmbnneK7rMW4`1Y8cfacF!oW`ybwCVB;#y;-3haGUU==xtPLt7fY z>F%YYh9#GFAwzTWEJXOd+7#G(ApH5h(${W7gdc5_Z{@L!Kh+xO3_W;H7oJmZ#VwQP z4H}AKi0=dIUq0{O-xA8)E8{n&UfW6R6TnSgme5DRe~>Py*LS-ed=tGpOH*&7+rgK+ zFi8>gSKP_li}pJ7#ob+McoQN~La+Z3zPl@dWCY$l)dK;)gID3B~^RJ!;Hd~t7zQ=yVFKZqE%z&6SO z%c%9q&xycRq6S=T2a-8+ke5;`W|=H-Z3oD?q`c)wd{iJ*GOMR4I;_xU99>S;n#n`FYb-h z{=Pq*@+b@7afpXA>?y94Ua>MNuE6wG<{-~BcsGkbuAGJOFBWiFMGDS>7B7v;Djllz zk{l+hd?;aFcM#^rU>xfkG|}w*oF1atwu_>oSu__|V*G{P?n{)NI1b7~i+NQ&6i~g} zSb$`0^6;@x{EpWKpy)NJDXL#^DO0faMN!#n4#-{$_;_4+owIHLACF5}Yev{U4&M}= zI|qc9;zPZvN}sf3v0UsgT&O90M%<(+e9j-h6+Twdw$&47{3%nefxHjGc0UK>`4~Y! z(Op>gB&i-wjt~M55l?=p-WHtM3cyE2Z)e)_d6hogA@hO013~Jab^hI4PKMpEDnwtmmb-)*VG9#Jr4F(R)-7 z%?F{Mq=eYX6h8;u_c--$yMmJ5zR}{6n_c?Pg}_+Si|BQZQT5&l<2>h*ympRIB^i93 z_qt8K&WWCZsE|~5H#Hh?V_|=o>I{=s!da~FDJgeK;MDCgyRhKB3; zmP%O>zoiPTOaq`v|F5wsy-EMDqjXj-{X3MEW-_u15WMN4YqeeVS$5*C68zT!NNDo- z=*|kyr4VTUD|#?F;32UD|qp$8Rz(0ZPi-Gd%%JpaGYgUg~;q0Ai$4y*YE zad`*ex2qah{5nZ?9Y#l@QJy-f$==E>f7&o^SED_IEBVfOl#<{unltVgiYW=;wE$~C zl)vIR>_+VPcrjPqt?8GLxwyD4k}LVvn00QGq$Ec$kDc=dx)! z@8lb0Dlt+LN5jl&=9DbTY)7$rq5(alFyI!tjFbb1H@`!fz??@u3Ekh1f{PrZ;3A*H z8~HfdYJ4?z91p7gZE+e4s$SHa$8|6Cbt(30F-x`q-C7LYf>$1RL$es-?r#6QM$_Rf zCV}LNEG_yN3&7=+J*|>l(Ht95#*Jgp$aOEJ6K^k8QU4{j@6o#lq0ZEbMxd)O?u12r zRqyM_^ke~`k_^8DKZci;e2r#iXrwm#I{FD424WzBXw*k+$pcMXh;R;H#RSZ+PTZyG zGl5(e7_sl-T_;t@{_nx^L;F`vy$b9?TF& z!CHKUA{F!?O$c=AdmBTmiMsQ_A9!~T3AD7#HnY>jroj+?iX!Dz0NWjSg|{R4Q}r}{ zb9l`ew&F$rL9u94ub;ZXMBuvc8~_K%B7nR;+Soh9D0qs(#k{dH04W0yvDe0OSYu^0 z|6Qlq{JUquV@~)-{wM?rXmpba-%LLv3K zpOME#c=*jCui|tZ)69oieMY267yoSN^XLI=Wgy*90)uAPU;n6+e}=$(|WbKk}D z12sy%F6inZTJv^C{Wq{IrV+oO1|~llCGt#Y3e|5PI7*t9zeoFVRJ~A@2@Kq8(up=H z$=+7n5{qAR5ZJ7V7`G-}oR~eq^CUc)fdlg&^n3{)PS<(vhxYgWoTqc>8!_)uWCbY?GH+;I{>S=fK|__`B4Bwsx{qAS$jRSt^1@kcg!T zurXW2s78U-7<+W^-Og@=e!#C@lW*x0^|OtKfNWmWpHnGM)M zf!ACx)E`sFMg2}9{l(g3$|~UCw%zht19g%zzf}_Ktxowoj2{Ur6EP$D4!j`+lZ69ExU{E1 zU7|fh^|4`ql-v7f0g2cXi;2hc$2o(q?HG#I$2;_#*o8(EpgVtH@i6AjPmFz_C>M>B znOz{d8nuxhvL|2Dp*e%5fuEwS-d1d`xCLQssR-j9j$SE2d>#5{KXQty+=G2exHo?S z%PG)Q@U1(BCB|=Q4B#8+qb^s+t-4SdctZ-tvhC<{e}SUOWT_O3SLH@sn`r-n@E=Ga zkZz!v8IHyU6$&o6Wg7-6 zSe7GIpUeMq$TJFD!8?j-*+s$)dupbchxxfY4c{7dWz?M9y_Q`II8mW>RJE>8rd(e) zDfT_Sj#H}+%Jm1rlJN3=sXm-9@2fwWtZx~0K#zL;XHVo|a5BBP(T+Y0lKP(KSrOB| zi9G6xus{`s%(Z~L*l}q7Bv*3Ytf!n6a8g z+^l6-KE=Vjyx?SM!UVexd9B5%++volyOdnVw$>p{+gk6h2kw_@+|~-8pGff_=eJ40 znQ+3{Oq?oDqRi}jDW1^$R;OZb3vJ0q{hz%}Y_u_E_Qp%d*mtRF%`j1Dk)?czez*+h zBdl6~HDcrTHc7^WEv5@E;qO1g_r8iYou@3!l+LC>(Z=eGvBuCA7?X)TuC@3KwK#*h zQ9eStl8QEr%X(Q91HDE*hSgns42xQEDuv7nU6kkwnVtlkvloCQSM&zQIUq)+`h{_B z3-e8y+k%E`gN)2N{bCckI@BS)?L&Oqh1d#6x34GCjr)}$-NqD*`lY_@d9*PF5Y8^~ z9#sIgx!TZEjiH*_WzdP}#r#@j%e0nMG+7Uh0*~_;?9@TN}P^~R`j7s-C zH0QB}-y%OclL<&n6X z*AVlz(Q`n{E+Beu$UfBzlET)xepnjgiGwCNi=@K>XsC#pDBmyvelH^(G;D9=$=aut z8{8OneUA$jrmn>x|Fb?UCMIkYbiF{CR^;o@Q>4y;Evfa+>*{e9(yXX&-Gf_u!bw!3 z-m(znH^jVh!XZyGG(Oio4e6gNy58`CR2{ANV!qzr&gJXyrpaqH-CC^X9q^k1!u|pW0JC5LJt3YV0yPX316JFYyLhu)bn zd9?*II)l8Lt`jGwX9@w-K}-{>oXL8;n((){QyspJRF~ZBdEepd1WEaGG@H>khwDgL zIHMe|;BecLUs2Fn(3XcB>d&2dx=79z?_KE=1^?s8(Tq}pe*`ToCQfrlY(iBk=9HA| z#fL~9kLHs^Cz5`cP}0*l9eOhmdUL7X&bo7|k4t{v^MS*6GTr^8Lw^tim#BSpaf?Gf z7~e`3Wu^3^Z&Vn)H+`K3_f)bF?r(_ArZafKjbB5@l^Z9Z3k3+TUjZMp2Q_rg;2jc< zlQzak7<9OWQa)6GI1Rf>22lZrMRvIgh;QaFR9O<&>^ zUC`PAQ#8Pf{-Jm2xc=quZN9l}CyAKjn z5!Fl;(NWyeEuQW{bc8q$Cfe9{+QjT4&l53)#8L00zBH%ZjyN$pCqchL!wEX{r(Ng=jOv0clH@Q>!UfxK z(kbmYY(Kv0u)~~6#bLgK{544R$R<^}W-*BuDw=e;LbTZOC!u8QH84c_w&)Ce3Cs{K z=FdlP_@$@Y^Du(s2wK&3J^gbqaGviJ?4lK9EAoW{=46&K{vw={?E{(JR@|JlCd|oS zV{_6?-=xjQgkI*urSHP1L^y63Z`jBZwT*-2DsEwUgl4oOUkIDON;fgx;z4ht>1iPD zUA$_Dv{OHl$g^1zo~d8a7ieCJ3BQUkSy=%ymz_f`W}oD%7PLP81s#cpkHbC~o=6Ww?_C2Y zvP%(3anPX%`vG&q(tgN9Gl5yf?MveQD`%i*8=%v73|_5A=v2wq z1zhpxxF1dp#QpGo!hSgDkl&BC0zb~eM&kB^q-@^8qZkcyDtg?R#W02wpVI<|BAsk{ zFVtfyDxi^D>&NTO&7KUrZ}m-pWA#&wujvo;09Z<5Y^0_Q8#(I-#{~tiIKhq@R_R-w zqUut{xWGZ$=AKgw{Di5niFVvGKQX?g8^7YI=)tRGA+Pc=@GAY>V}VbJWMUW!Pg~?t zXzWO1jOxw(DS_&phg7d0z#`o{ryJcH0HnPi%s`|stmA(^%hQF!U6>pJ#*(<6(ZoiB zVV|(H5onW(&d^W)igDB2pOMpeM~`Slzh!@fc(hvclMopr&QzZ{zZ5c!;q+XoX?hX! zDPB1NezTyyP1DQx-(^fu(>Tk=C-+k!k z!npXJkkqdgOb@<++d9 zfkeudY}vlheJgzK-6@)Wdc|>~b#G45dVDQ=@wX|Q_+4^b6Ah5^PsS^Q(8HKjaeDc7 zqvvJRvrN&9KSly9ypKG(Bu@YS2UeV;T2r7nQW>9K{&)P9$+76IX;H1!zMl%2rh%nY zZtSipHO=**rnD?hYbD9k3-Hd&*H|QywiL54i*KR=${9Sjp5ikqrcQfIUwS#yVXJVOjr<>{uQ$dUpHzs3rDD^$h-^9jbSSKmEPB0_D=$RHy=2NO3 zD`aVodOE>J{kuuSwJ1FJJAp-$#93-bLP zy(mee5}qVqgcl)X^l#fQ$#z8@E&}r?nj1WqNb>tOxyd2#kHeR~PA0F8F2()!!H@CsYX4F`gKxoWr`(0S(YtWW z*_GMZB8F@DRP-I`vdNBYNuFCyPP7en=H^t4j!qsy^tI@*JYr(8@VdL^_BOwwW{PNf zcoL$D19r)zALI5lY>k0<4=QqMFcb?hRt@F7u8X9zXpSb$F)g>dJ!E432AsX;==^@$ z#qVailh(I>_`gG1y-TuB^&~D7RmeS>qLwK0%boH{*p62NFLhawB+s6J`OKky5*yQ) z|DOK=^KVJ&2#a}~E@8ZjnPn1=cRfol(sQKmfB*mGNXZ91Qy&+pB{;tW4R(z`VD8#Q z9sW9`1%mx;D5!&ZH<4*F%39Z^r|GKEc9*P*-(v`Box)LI@b`txc5!+R_kx5${*`x> zf>^(9ZzK!;B`4bM>_-YNdHOP70si_Wa?I0VCz-DK%D_@l1x?vs)6XIpje&jYuao(w zUipq~_AAKY{_F?oef_R+s3HG4or%Pn)7^*ZX~em1rQrNq8*=w~PwGAAfTZgXW;9|B zq6-mvW(Zr+&fr%zRxtNQn;T0DkZ zCTZ~)?)sMF4I&6L)L?OOIzo*AE;bq`!w^>H;C2TLJorTv8P7Q!MbWF+&m!;aY$J3_ z&#Wo4*@R_iLyAsZ4?Zyc5ObPz-b20bg z=9%aYkj-7f=2xpM-EuOsJ=l9;)M1$p%-h18xd^kwo*+#FaWcIW*Wh2@%;OEZK&~=s z4Sq?eyNQyM0RGms@N1nkBE&>Iu7JUCyDtG3>Kv0dSb16%ff*F}#ll)+231oboHuv4WPSJC3 z2D%JI?uPF-T|gOtfN{Gmgxg`7mipkO3-~^p5AVYtatE!ao=wq(SxOSq{TJZ9!KSBZ zS;pZASmt9!L#-8WpfuJQTC_V!7sf2-8ECE@F^y1bK?J1^HBIA@`=)W7{Q6@&jhIli z-iZk{Hc~)scv_cCPni^6TXPGU+QTiR$XB|j1l>Z;0a0mvUlw0MnVye1sOwROFh3uo z0%C~vmQd1A=txKJ=YMbdb!M6TK1Fl7E7zf{T8#SjI~~f5r7nf(#)B8E-<7A^m904^ zZqp*`**VT<}lEQU&n{t?mdU#oo|b*_y`EPgYN zbv%;)ao*>%VPd~v8GZGh@x&@0NA#$CJO!EMjPNWIpdqiQnN24KzExhR>qokRTl34D z!O}a_e9R94t9AJ$=$B?)b_w|?>=nIdQdXUGTxZb;gE`BoR8Zq)Na_rd^|Xr1&xe0yFJq@N<&hoq z#}%?EVgZG6o&Hs!P6JQzK23x7b)c>1Q{}X9ufrerI9~^hdK;Q!zh)AB_vV{*q~;E0 z+|8gKfImXuUwB9MYcfIc-g{CJF#IUP>cnAu&4+>U%0KEltwKAFa`gPo$j3iW5967Y z=Q!j{oMej@1US;yAwzpX-prAd7R$Sgel#pDFKX@;>pSC#izCaRR@M6MQ9L8;=BUpuB8rGH zK|y{Uml%BG>7)EC8>>b6HGLEXSx6vjs5zKU$~i~Y(>D~sdAI+G6tbuH)?y+UgD0hN z17(DXZSu!qSw*>tB2`jA)AW4eclOhg&1Er|ce68M={T~SIV>p;KE)y=0*`wD_@AT1 z{{Utk7BZPnN>k+yT{QDg(KtL7KRtrD=4y+qX1gBNXaQ_(o3c9H4y5m)y7Xj<2rqi4 zu*7JOp3jYpo;nhntibzd5>GrsNgLbZIKX6rnhgVZZZeH!AN*{0 z(pW@!Pw3^7r(q@!N5=X}|5i+{^H6?w4D^%++7$YwKb!Po)qAntGfVp#Fd3WK*IM9f zcQGd88fxntZInUlIk6_+iGBTPYVt5{m3=xEr$mdV;9ljcA#rn!v-nUqeWR&(EK9dV zPwBvfwSJChww{HLFt$b0F;g}X-3>*8j*&>KLt88Ze@`>Iw`}5qp1%6Aj(%4m_X>^doY}KLL)fgvrlV3H98q+ z!#JokdWv>ub!IddH>QxEQ0K=Y*G};=N?tJHdZxDlT4> z$A?e<<)ys1Pme!@+;#q*Zv4IAAH*v5;PI&sU7xZ(9N@zGk7fi0Mv3%MN8m~HbW-=eYsHD#I>m<97+*M=G@;EN_{z5NwiL#7 zcwfN2oZ_8Uw-Svx{t42U4Xx4Jx9_1yqmwIqwTw}2Um8iD zU^H?r1B|1Qn^`fVk>{~ujYc|rwcA)SuQf=C{NLMzDx8*oQ)(}q7K0G*Ftey|6Nw9X z=*2UuBbBrFEu%H#%8%O$W9~F)$OG&k8G?LHgRzH}Y{84hd`D9Q8TY-x9L&!o3F{sw z&Zu*Q5O|O!)pq9VgLBbWywiI!ZTVpFl@Vfa0Xd1U>E<4|Fi43@|8G}twcftb?2x_#Bj5bWoQuMtD!Yt<8s0|atB@6 z-##^;Md~;i8uJC2uNTSnc!qz!rVG!AOIbNO6~8TFx{c?Pp}H@f?^Z$M3+0pt6dL$K`)s4W8=5dyE`J?AFWi=3#(?9l=R;^61B zgnrZmf%+kmIZNu@8O{-w-s;vsE{{ifmOhaS!@MdC`Wf1=wJ=YNo-gkks6{}95y3o#MDM%YrV}J zcArH~Is@W@#sx4{ZrEg`1hrd|xdp`};-Jnx`}RCCD~}9b(*3@ACG)dfPTqKhXlEK} zvj4(u4Jy!pM)azqMYOZlhuJDPTbh0)Mhq)-%3nH_5gk`h&@d3I zW}|9avA0stup_acVW)Y}u>GiJ{+*ye_b><&0oo8X_LmTrXjm3Y{ZZ2cNsN{ON zF%;^fs`9b$6@;B(mIToB*f6rg4yji0gF>D7W)i2TVGG4|G2Jta@5bRDbff2AiLdDi zGM~(a*A_`lGm0>!Cayu~V$&H_u-IFL%o)I)&u@lF`3f;MFB64a0QOZhqo1d*W3ccL zyRQ%e8<>{yv&js*FG`Q@Nz4tyHsw^HHr0c1o*p17y9s0QIVhIG44^~1P-mX^FeV$T zJc1h0)B~`=T8VO_<%g@JUf47QqdpyH=@qNBTO8yALXRI$1)=$HWHsdq=nw*95-U57Qj7hO6RhkwNe`*)0XLWsFtN3`h7aY|KG5sw6flFar#pGUrC5N8y2COi zs;P78>l~w+rZpNTz%a!xEZWvVtzTBkS`T~=%&#A$G_$}k{&#)sB?qGX;#H`ReZkAK z4Eok14~G!#CzxGq%q%o#KRy43du z-6(mcHYIbJN0L89+qv7kDR>WNVAnbEIW@aC_2plvsVts%@PM~Mg|5v&=I{-qKRWkC ztXZx%c)vACSKPwOV86?Kp@WaL`*26)G8Q$++CuqEziJUL5(0%74N%#PXQ!wgo;RRG z*fc$d_dc}uEi!}iKdq@Nw9j7EvvN!3!lI;M+*K=y408; z`VP_2&E3dz6~zwA7)Ipz#V)-3@Nxajfpeq!nc)|cjEWzf1uGIBrq@<@<2D1k@&m&3 z0Dex)2m1IZeJitlsu>u|C{a^c~TohA2nF6OdnTX3!s>(XfZl_jmh~bg|jiW)BIw zP_+*x|9Pz7t0fAvI>oCHLFKEv#2#o_4F|#-3>`)S+&07r&&Wt2@8$Pv*>|rwgETU{ zkhMlom>iSW939{50nuJZ^0mY|MZVSpyum}o7g8#qcQf5Gyjb~X=Zey}77UG5z z7&dQ_Zz%hkxI>R2qt`rnhJ{e|yeE1$V~_}A^t%J`yY7vuHT7uW|DDLMvvTEW1*8L+ zHUXwg;@6kuc>NCV7Q*kP{M|Bq=T(r0Pr|$POZm2*q<2f2ZgENv-Qu~v(xkIdx0o+f z)d2-~Z&Z{5yn;W289$6>$|}17FqB%#l48M6~W>h}ee87CfuYPU!CE z`{JlUa_nG<-O2vOc~6n}_p|eU?P8qaTN8KD>Br-Hys3rG`=(;`ch7t3^0h6|^Zs5u z@1KtgOZSy$Fva*NR=d3y{Hs_B=r}c%GgvxpboAu!RITO~e)2EraUU%BFVe>a4DWva z!l*gv`jKE>?mN%rA0>u*WYIDLN$2uI0Kb&kfY0p>lNs6z+LlLryz zp*@9FzAztZ1Kwpg&*3PDaWd2{HN2U0yI~xszeS*U*`jZ)y3MLk%_A->YcKm@n$@8ok(u3cQ* zP7}YGS?ciI4$9P}PGucq8cSdQQ(oNiIhvx&*YiH#$u>YQ3zyXt#V6EV!!J0tF{+wO z>Gxzo@~yV$$lSArD2eSD(Z1YX2lPARvGW0`@i83|2lUOO@dH}j_&fN>l9>`PyMJy2q7Yj<2+;Kh8D^V&&(tb0gz)7jS>3m#!kUS71aw=Y~V$-(f+w zpT_N7ANutc(tBORs-fQNec*Q(M|cW3Pla}Gdws4a)z^|M)04)!LKp0DSCQQgxzWDT zA=Iy7u=?K*kFNfE!|8-e$!9&i?o<~);dDI~6GwiPcB1CH=l<@A`ieE~M6HN@?;7^K zO8&i{Pio)Gj|}2Jh}5n@C%NeQGLE&(eUbLf!X6Vp*jHLg-|Pop>0iv6e+Zf<{WVQD zurJ6;ezBYBsLnzi6*~q!PlhvMPl8`Z(PD~QVwL_%mE50&zs8fjm-`fnPROY7p;NgD z4tLLDhr;rG%JvSF7w>f_b~rBs46jGLvo(s>M^x+84TTiXQga`P$8U^q>CSgxCbwv4 zONQ8oRqKcbe%=E+VQ#V;b=-Eysm0(O9KHy(hOERMwdNB1xrSIu2}HyW#Pt@M&`e+H zcl}U6+WZ|VaSgBNIg>~0gW=?uLk7{I6MFQB#NcA$o5|oDY<@Jbg6r>Ziy!5WAep)Cm%X zooRH+b*eS99{EqFd<^>JZ}D85m=6u;nVw}za1BJ0hz>_;v&8iI4%mp3j4aayx-+@2 zA?oKA*dRj7`cT}RyQQH0n3l`IiSZXY(4FTmbQ$Zp3cY2?j@BcH>RuY2U9kONlf#le zNtEC9O#w7RT!OyCA&=oYU;)F`6jJ&nrfB>4k9nk++23)R>(sWAp{MA50a@HLUW&F? z8H=^-ULB{2WLt5GuXJP+T$GAPLWl^q^8$)-T=u$xpo8&7!ovBf-8T`|i zLKzGrw(x-zQjJy^aoGc@@St&zQi5JdwJ!a4A>GnPKNU*GabQTMNb7&g$Hn9~o0iH^ zQeJ7LyR-H++yIh2(}-qH%J=WbT5 zw|)3OkWEe`$|fgcvWd!MlM{|wmHoHY@n-v_Uq1KPo?J{+=NdCT7ZIZ5@Y*tISK8kP zUvd4#U#O0f){10DaDhHD#>GA(H;7{{E0C@`DBW}rJK~TJIO@Ywr23O1ZTfxi-l=bp zMtvkHk5tpx4~oK*b)vb=vqT!Rd0`(q)SM+p)=qI$Yaelz)K?_Cf;04y(J(sv$e0a_ z0aDr~-BicEQRk=+!8bbK8+Fd>>KyuJNp5wHs*_k!BT29~OC|dy!S$2>5cfh2927SF zjikGar%?(JNjZD;G;QX+A4F$fO8tapeu4C;bmA1w{H3Z@_rdQ@c5HZSX7X|2pw=V~ z%I;8`A~zQwJn?htQV%h?SA6EuUOD1&In1&&tl2rNPNHN&A&p(ce5n%Y$B(n5*{v8_7bq*~ zi6q}C)txQ3)*m)X@>QnRCYy;0)dtDe6)SPG5{r>ag05DV+#H(m80nX2=^Pk-ncQ21 z*X^Gcx4f8yoWs`o;9bTSjhLax)>$3>-blH={)ka{-I?)eaDn+mJ;B;OmOu8rXFO5Q zz)z}m)B_KEUwGYS`V{JflYB=Esqe|1z82$)DFpVO{9fb|^z3YL&strw6Jzf=N?IJk z)E3pc`Cy?gazXJy{H72H&XMQfP1yx)g*w`EWI|jX zGi(1Z`Pbn*_Li(9}ybA z^urFa+m-JZ{9LJQ>xnxs%S9RQy2!We0%fT&pr3k02ogCXDR|Dk@Y{Y`E4JcLB0T%t#V`RaR z6sDkV&0xnZ_1DuG)j+t{AJ3?cNVZLGj-*8!O~oS%1CK0p=|6`FHoBKUgLP@RYAtK7 zfQj9~Cf3O&)_o~Wsskr=H$Ya$K7H>c|Dy?Y&w$^Ni;E9QT709~G!_vC)2+pdm;NUM zS)4eK#Zt*9lp;xPbB;O&bR=*H6JWv4J|6m;!;D+}GzwXNX1|j$xx^pgH%neq+_K#O zSS~5|@5iMoJ_rKdLk*JR{|M(n+7&(8VOXP@C4If41dagbJ}28_&LrA+Qe`L2NHK;_ zPnZ;%5j@ZhadSFKo72c3v>M2F+){TvQH^~x;DLn1z`;iPYcmx|1^zXXf*2qIXRAEV zHq!k3P%{pT%_7p2o$QhN7QAhcQ~oyeJbP6~uPO==>W}Od?Wy3R2{=7o_UbUbs+fxA z6u03k`QH4cz~dfAYO)x9B;${T@Z&W8fb;CCdMDBOFrfdy7EK8kD@do^oNg9@g}90)aJeVmoY`8Q<-TYYyY9p1iz7MVVZqR zt?tr%j$FzXuSQebiF`~oFQnOJD-e-2S%2xon>D9u^5&2sOTu1d;_w z-kwy&Wt2BJ_rsK`M$|YND4AmOC$v|&drMI6ND_%C(P)_+I{BRE;W+En`}(hk=O*|pK#?h zz2=Wk^nL%xsoc331?`(?HpHb)rIKs5hp&&x<@>N~X?fYQGQ;;kMhV>7|QyD=UwMK$veVKtV;5=KOg z9W(hiKOnba!T&2AYO|RAYKX3um|3Ut0C$#ii+I{ivSaAjx^DT2<=s<-s=?;zLREH} zU2YYN+U!D2ojtY9f5@GUsoebsJ)cI>F!y6>t0-)xB+7xc>@)0={Q>T32XYyF<^uK^ z9zXSe)xIYW9nR2Leqts5>*eR3J=wBhuR)_priROqFLJA(E||gE(>Q~IYF+Yj zd~}cP^cs`N%%=A<=^IncdDB#X+@p)%^(a$X;DUA6Oe&i5dKITv= z(F;UU%8Hyyf#|D9*SW8CD8Qt{P8Q)?L#ZR1nX_fXOME>xFjUwOhYIbdc&DCtsW2MK z6=X!-v4x2SH<-%0-91pmTnU~mp(@GPTHG=z&38aA$}U~Rgr)tQvMU7Zi++=y!x&gK zQU+|m-{`0l(HdWDvKtL7Jfap{k)l8^;qmL6F#U>DazauTwF&+^SSI617rT@jEO?nUSGe2n;vVY?|pNMYZRI??b1eq0k~6s+g#J!&D3o ztZ38dr*1fdrlIf!$93r&o%;I8>Jj)tj#?*zQ0eP13me`>CWu|Y{3N}97(O*c*l}&GhBXU;Z_uvpx(pnE%k1lf(Ug$wy4Dy}%oPH47_O?0;@RszX|$PD=!XYb zg7N3WNEZ!4M(%j%vA0v{;=+keox$|;CAB_ciCZtV5#9hfPWE-=x_^SXa({=Oc?B%) zXH{~rywQ8IU0C-aaN@!8R-x*kqgr>m63|qSrp>Lwx;N6vN`~PxT_aehAIZbaUQSD^ z=sO~Sa3SsL;#|5^+$!z5kx{`Vzk1m-yL$HBBR7P|s>`l?;%fNzM;>7v?0zc5P~n5iaw559+5 zaVyoyv)Ev@tH|M{D^>7c!hS&m5?Z!AMA>w38Q$mvp8^~U{Id`3L?aph+ze7ACG7m~q*~SMlU2Sj84cl0CQ4rpG0;=VC4rYzVUggvVhtP-VVZ@|{c(HoS8R zv5q6Za=(UkNA@7rWp8on8z!qq**MXQhIoi=_(N@R$gbS5%YeLfQaoP5?x6HNsD8s6 z$K)K4{B13%EQQCFm{+kajj)dmhVnf`2QxoMZ4l-8d@%Qt&!Y>F&}fzqPHnUqR2>F1 zv<0U&irx;uBL%TPI2Dtt*Tt69B|KBVdA`Dc&f}P zD5}j+caI5T7M*0P2t>prY?yPBh{!{`6Nm^+_V|-*U2r|b;G9-(XPWR}y%=2ZXYa{D z!h;wKvajfEss-qQ!iJ5^y~ML9ye2g^v;GVN^AAIRzwpt{7y?m(B3zAkJ2focO~0C2 z;RzP-qSP1>A|g66m9kn=@Ld?9UdIU!jcP+@42hyU=7fRon70iK_5Tq4)`HI1;HdTK zn6)*rb&XhtM{CsrZ|fK`0OFN_G_8NT(Uzmq4v9Yx!=30S2PBqSzMc8@qzQh?Tj%S_ z5CWJ97MnK^p-)nE;l>X7Mw$?qOrAlsWeURca0ngn_W2I24@0oMMog%zU>M@6Y_w)P zd9JXvzWzv#_vCUia~5p-Fyo(2?}HNmld$c4Cszr9&G3UI2npXu;oAkaL4MAL4U*T$ zH^@ZzR`_*HlBK+va2Vi556;!o=AaS1mZXiS6!$bx02*=;>g|HSsPVH*Y_z4o7zY}E zn`Shg=#6Gz{AOdat|vPXe)vSff+w`qLdU;7cV;kKC$}`(GF9EoU^<4@h?qfsQ5)bF zM*D{2;W!=--)kp=2#xlBBAjyqjalm0SupX?|M^+)O}nc0I17Yz2Ta--)bl)eF#I7U z!J-|JCaik~nh576CybX?A*ii_KgWRdzg|; z&FR#3!b(Q%R~ZrOGHgfk6mNGcwwUXGC~1JpgY@{!|*bfP~d6EiMaxl+5 zL90<-3oipuLc8!1{DpWGz6yU4lW__DqG^-xS2C^g&zyhwG&(8k}F$~)ugW{;fF2I1&_(sl8Z&rjv0B;DlD=j z6q%xZ9*un-07dYT$l2KEEbKGXFh}~vzGpV_?2}NdTcx`|Fy?H_a zl`l{XYZn>lJLz`!g>M1}ijH_K^gTTkRl)%dT-$~(X;06$_+~CP%QJH@p3x{j%;zs@s6s*WBBz_69nq1(6J;savh zl*lytbWO7*~ftmxyAKQHN!n^rVnqC-^AV z%V>4egk3Jh@KsfBrea#Dq!j>BI=U#2l%!l=9=0(z)ZrBD@qlU_^+chLRrauedEte4 z9tE#4pi$#3Z>I9x(cvEodG6>Fk8_p4NJ_EVmE+ z=xrMfPWhlqzh4MkKrX!oonzEVM~!x&z_fUg;KvMk8UT(`p%n#lNv5ORP+3j#4{@njqA-VPX zI_3(2$I0ix9z=a(bR})jZEV}NGqG(uIk9a{Y}>ZYiESGb+s4Gn&HLT&uDj0pak@@* zuj<`@`l+Y(-VYpcX4SnkzqszaooQN?V#%viz8Cg<;ruvll*nis?iCHGboDjzOw4>R z$%Y3z?W4`QdQ;51I1)o4Lq7-eV2V;zqC7R_r|(m~@Fo52rd90@Lon9+d2{W@$-|De zh`+~KEFkG6NX#`xPrAO%TOV-VpMnG8tkJ|>ep+CtJf~H}ubOMDsJhM4i15Q+#YR8f zupPx88?7~3ml#z{b3GP%D?OHw3wyPTJhzYQ802;6;sx-}b(z7_(J$>%R?y!Y32iuo z1AZrLDBG}Ef2>}qiT*}Olj_544cvRL?CSraUCxTix6`xaO_skTmh)J_e zWYty+-C2OkNETdMRFAW8k`h7fMR ze8>HRE@E2ecZ87BCFm>5fpD8F2VmOLE?E|698#>Y=CZAaLidjF`|hmjtm?qkr>AG! z%lJ%l-0#|A<+C`ot4FoHk4f6OFJ2;*vRADDGh#M+HAs%gf2jB%GZfY2f~duQ0dRFL zNKJa(&3`o^I5y{sH)ZKL9a#_-;WZ_=18JQ-N+mpApgz~`e#1Vc{VNK-hJjdMG0k>h z!4+E9s(fmcFnV`#iu2)G(a6Lf@yQrvO!G@Pph##T<_H*vIb z$cn|8zj>omN9$@)F*-8mQDmG0W`D1LtF9CqzR-qHM$RKA{w@l=iJ zj@V>xN|}cKxAnM`UVVcM+L87S56f=TKpmBel1E?owDcK7O?)|OE0rH~{yCub&Ve`8-myHhQUmm&XNh6)_ zO=pn43B>I6vwuetUuA z#NG(rzM*7RBf?{MByKm0H(GP4p!zR~eS^}1FrKPzT4V&>IM_jgcAiO z1|&1&yny}fx{ND;XH)wrc&`(uFP}e^A){sasf0!q7xc22ewY>JWsSuRB_~<~(CV}C zxJDYPRDhI@I4@BwPgSRn7xtEP&!I9#X2DL=NK^o*KMZ*q#_yhFw8~S(+NqMU(OQJ- z))^L#cXKODGRp5D?#= zHDer?!H(IuQH5`Y;xfNlIgS9fgH3|n`OqDv*B3Y{yaFcolDL29tM8QFFU0t3W{^qn<8otx=PFR+_U++{%@v`61mws z*W(VqTi4Q#!Ni+nAx(|g?!{IyIyxWnt|izDN`sT`+bcNDICo$G)Mg;Th43=I=lP=0 zWzu`jt#{#N81LU@DxpwjPPlW*2J&ZjVKo>Ujo5-rauT%_BHK-0RxsM!jMca3{*;yINIs9y^n$3ZdSlVz34(^~TMu$Rem|?l!??OV3Hh z#|TxpdZt~!=@NU`62Srkim#KTany}6NkGxX%WtjIx**7|&%po1$c)flIF3f$Kax;J zCH}kLVXhWMXCPH<#&LpkdHL6MrKpUA4-uTVNZy0;;YWtU)6ch7Fx8On2uE-tE|n`I z4*g?XW*O0zPbZN$?oc3Vg_40hAjUM`S!X^26(ffwyxhFEqr*+V2^S3)+J%r74<91h zzc}G>%PPCv-8Z!_G*jOvKwYn9WCkN(OS3c$V-}bEm?xZtX)G(HKPal?VZrFA49U@O zRM^JNyU!RKY?Bj+6278*J!RlodssEP11`^p7!U+aIP*c8g2GSbeCt!xfXKvkan=mS z-<4@W^qFwjVpf(NnChSvJ(!@=pTWiOYOArEFH_&rp4^muFN~x+L4S>sR_G2sNiRr| z6L^&`0zqxBf2ec%UMZ6Ojtk;r#(Xf!ZGw-8iz($y)hDUY!Woc}3NK3a_xbS22HLB5 z(4Y7=U40%MPFCD`>8H_f&q6t(uW@{ABnrl7$Ei(NR+QRtomP()$x2 zirPe$rj8+!4dw9l;+BO>PRh?x*N;_Co%C~rmq4cq)>P6D6L7KuE=+$*d^1@uv{p*M- z{qF>)IS8Rk}iZ zMJQqfW-2hsD){P*9SZaCf-a&>2P-<5wnj5Ke#ShAd_Ylkk>L2?gKkFo;6o7a7V#19 zQ|p@r`;no36L$OeD3h8^Kt76h?5>Ya(?5JH@lvc|Mt=K$YQ|x9A`q53+E9L8 zJ?fZpiJZE$pEk`%~R< z5zi94!;7FqNUB0LxTrQY9o}~TZ0aQ^;h$fEPzn;w>PVJ@3eaVums?GT3W@&8$8>O8 zs#0GZ3I0J?fX>9MddGfu&2y}YE83`WB@c%+!a=q2MPhApIfU4?lZy4;5ytvJnB`)* z9CRIU0%do`KYJ2&Wy&;fjGxUh4f@5uT4AEv_iWMFNyvrpBsp6w`%Ui~dW_#DfGh%$ zXfIap3CYtKAaN~7Ip2f4hRu_=U)E0+FMjGS6;>8rZ`2%$KA0Uoaj)R0X*f#P3#odc zeUZ@Tx^7XXxCt385Bh#UW4CUVtZKlV{C6n_mJ33foRY8T4ENRFfr|<^=cw4B>Jk^l zv-;;9(t72f5$|GJuO+LtTad8KdKA^2dKkwi?#h#M(_mR-G8gocUTxewFAx<gyocA0F+4&T9L~zJ!Pdo$H^d_48ZOeaq8K~#9?uPI5q2;C_XIX;&a-u{ zod%4Yw7JE$wYgw(!L9$Qx(XJo3!-jC`y zLQ9`VzZhn)ZNYocL^*u1Ux+#HHZ&!0L@BW6iX|6cl3-SK)ENUKzMW0Bg!Aoe2Zj-kUfP6izVe6P8f&QPk&LH$D6pT zgaaEJ>%8cgtJ#hnJnald?mzVNcWqm}%&BzzsfhEeXd-}7r735&Na|bZ%BM+JNhb0b z1K)av00V$FSHHKjF0pR!cseVd`<}gG^-gqa^uJNJ-@WjR$NZ&Czj%Q){q zVF{&>m#?VQcg#!zuopC+8uj)?vogNRz`Iugk%)mGC-h5}4uD*wSt;(O2^ z9s2A*F!R&-9Fo(w{Fi+E;JCoHCkwPE3*&)893eK?YKY}*|IF=O^qRtF)$_{9s{jn8 zH5jOX_OE|ypAsQJI0Xk*Gf+6)x6eK=JZjaKeV~$S@xeIhF`m`pjoBw!J5ohR9|)M` z#P^ckUmHmw!n>f-4=V$BEXcnc__(2ahm!_s2Xrcn7tI&aK~bTbgWbA305PTd`VtKs znQQbO7GE-D)cXWcV?qf*@Z+3E=$uEC&>3=!GezE0!n^$}XmJl`zh&Qvx_trgh+^7( zk##_rHDG*sD4iO`jkNrHdz28-e=f$%yF3}lm8uX0EDcDZ3hAR*EWZ82soi$N;f={^ z+hLzCwH505s?rI(aP6xw+uH8O{)E!TeNCa70!KV9qjQ-=v)-cG(3gqi=7@YqN?6c0 zlg#6TL*L!IkRB)ZWfAlneG8)fDpSw|v5$l}9Wa+vTQa@PH+MQMT9vQz&BX?X_sy~*NtYczmOh>g2RMAxU1o6!EDDZXzF8RN~oBz>j!pY z!Qa1EXS`nTFlxEWoPtYLAhdk2&dS>yS1NS4s0ipUGt8=ewxo*63SEvnV8!Z?3ku;3 zAwRH$fa9Lv`79IOLQ%@~)$!}J(;o4_XCF;pQ_e0u(P?pn-h~-`~9pKVRW?4 zilLaiap@uO?^pgPXXFw9d7*ugZIknU({j1re(d(O@4#by`OvIhQFs;g3-3aBctwUj z^JKEiYyPlUcTC4LHPh_y*4P4-HZLDAYW(}S5?Yb!Zh)u40rd~;$9H$K5D1~i9eH(I zc%)xm9Jw3np<;Nu1tMy5_53TI5E759!fj_l`c5`wO zdg7Nq6eURYrwBa5)u+&`i-ZG%VqehA?%%xXiN)cgx;l{ z$JkvbzUqL#T26DsgwNiWSWijC-_RBJSZ0`SyEL-BX3c%C5Tj6!ARPy?HKUx%Wa!82 zgHiZzb_@U|U3J!4`mvn*fVnk+1a%zjNR%$XFkDoJS)Y_X>7dlUO3s z%Kmxg1k^@xzH0FL0J)s0zk|$S$O&6YjD8d`Sk?puQ+2s{`395$S9%xefkH(v?Y9Rj zI#rh?>c}tH)Xo>o3xm%VMjF}qSp3a@P+X~yH4343c&&t_D5#Zm7s??Z@63kDpG=Q6 z1&IIXD=cx4!FC;CG_Tt%=SKhg3Sy*=J!h}7+VVcs1OhS^DJ&c@4HrQg5)QSNW^wEN z?ju2@?4pX%R>cyt$$FBX#yGG}tWS6>Z#P3IlhN_%LTGNRKy9lUlHjfdMD3{U%IuQX z5n>6Kxnb%GeDEv1LW8saP9uUAse@#za4-cyqzV}<0@;KS8}*6aG^N>955>v;`WcX^ ze3Tssyhd-8@V(aUStl@`1jEZJ=}ruj>0pU4DWQefVCI}~m69#M?lP)J%l7<(A40RL z;$lG%eHd<~i{E+Za&=qih17MVMbT?0Oy_``z$xuUbI))2$R~7~^B|^lvrL?|M;&`kE9p zSD+Q};upWUv8GfB-=2=c(hS!#g?Y&ncPiB-tL4rVCMQ3a6p6l!;b49=I?Uy z73R!lTaZS`TSIb(^D|uS_Qcc+gHRwx(!OIkgv7#*{pwmSDKS%6MiL~M+c)?qgQB{E zp~ywUl7d}4@hgC8Uq}x2Bjn5)<>K4e34Amzi0?0rI;Qx8WZ2h3PUVcc9lb57)ODUq z!oIW3{W>a^uQ59pB0UY?N*p%m3-3MMQEIf+hSC=mu!DzXZ*F-{C?pJ|EP?=hpaEwq&Sb=mk{5&lS zJjT(Y)?^~WZhhFuprGUfKG#~L^y#Vo$*1ik4VZv;ma~c}ASSt`T%?;!WjPPr~Zf3(K2gzxNYY&(0j0Sm*<0H*5YM$cUJtRY5ZTxPry3`LLjamQRs!3Er{*o2BB9kXx98z1liYO`Y+Cx zx!dT^1=3^#B@|?+Tg}2lzyBAD52j#3br#jZ?;kAu=5O=*jr~n5J>+WtOZZl*@V^YOa8B-ckA1_UoQ<%0)Nb!|2yveEj{Q5;m0tLr_Cb% z-#w_|eDFf(hu?;<8UKF}4v>6xrrUA8p08rRaXuJ*pnIV9qO25$3Rv!PdNi34zS&;* z6p^;wNZj&hTiXvkZz`B`RW%faDQkayk{Qs?#S;>U@;UX&028di_WQwqIDp&#GKdiJ zR+;_4{6OBE(ey>TdJg0uh9#khu*dOu-2nUsrIjEMWo=AW)BNJ7`CzQZ%RrhZ>#;mM zid653O(Df3p@_22^mwHQytY*1{Y7FH^Jd9Nn_ZYFYjipk5p8-ggJC2rN7xm5y1KUbQ-^ z2aL6b`!uZdUAJuekpO5#s$7?ZTjITt!K+Jd^e!SaYkB}Ry-k3z!SElM0?8ZoixEwF zp{ka|Wnp>osUZMl$0|+ia-&7dgeLu=`4F8``KjK;(!o3+15m@N4%?2?KqzK<{j)vI02p8;v3R;Jc1sXvjE@Xv;oqb=*B zVJoc`z)1sO>?$0zK6R~o}nMK5j{Cx6+>q$U0V8Pcd` z>bix-xW%a%p#4*l-;hwTWobEn2dFawLryRyr!YYLYc;3IH`<)fi6F`%KkrtzI>tapKlTRxJo+D)fhG zLwlN4#a=a|MlGS1EngE>#H(b-2_Z($0FEIm_*JWRE&9WpA@Ayx_3o86%^KdC6%%z> zE-FW`l{e}d?V1_edB7`xo~0_pJDC&3+UKXrYt0&DKuwTOIfj$UK9^=yk5`RB^@?Q8 z%E3=jsz$&oo(*0#;6LV=7A>hi&s-~_sD1@>%NjmvnP$!k{Rd$Eh@yrS-7RY|f`}EI zl4b4;@s{{Wl+n4@h20&2@!0QLQmZ1i;bYVoV#PP;Q-HIxiV2~{*eUT7k_9RBfR@@8Eo#;vW5nUYiJhszM4z4S+s*`D6 z75ApMs-v{1lS{0dKNUFrdklpWMb;AgIDf#DbD_PX;yZ3BoZ^^nMhDM_{EFYDk|sbctV(yqsWYKZIi*pJ-(0WRnZ^#LCG;v^Z5QXx%uzMvmn zK(h59Xf;S?vn3*WGgU9zkTNvAx~3h~=WCwyc*Z5fBo8}+FMNc4s#%0mg_t<}6l_c$ znBJEC8-KR)#9E5(W~Qt3V6)#IsBhaTzqby!3VrmB;R7Bmk1guwduXirl8l2F;SM>Z#a=~a6S=@N~$1{ zUi01%E5`P(;&@26UQ4P@ib1B^bJQlQ?V4J8>^mC-uE8XI%@@7ODcIgo805W+uz@Ak zgC@>&;J4LV_1M1TG`#Vf0W&bN>P2tu(2|{b@0(y(C=YL-L8p{Nf@3$dth+!w5mU%b z5!4F~aL+k#qDeQ=(T`e3eTc?|AtJ{BBP0sQ3*j+|A>%jt#MlSP%9uYSN^#XK7j)j~ zW+IVThzhDSqODYX>OeyA%R=iPGD)#LcU0-`E^?ta=-zBaKs&k61hhcBqUTmBm?cFQ zNx@PNxsVm~tO6CExlEu7N)J^5tE)^P8VW(WBF^7zBHLgE?0uP?t!yH-_`mwqk4Mwc z3nFdo1&;yK(8|IuXTb~TS*XPU^^65BU&mmz0^TCRXJT2XZSS|y!3zODKVELjgBMh? zP}-gx@`4v;*~uM__HLf;N?LwGH@9BUB?|V^yN!c&WXW$o|1ItbP$X~HQwLZhc%ev} z+eq)m4#J{HOV~>929A?6sIQx=fVATB(-u6w8-QrYm>D)KJO@H=TE9dEFK7fp>sYn% z7d*!GgW0iu$O>0bruVsqfJld7bms{AGF4hBTA^3|FmhPl zgI&|ih^(79Dqi9-dePc|wdJdB>WNlc36ZP-!K>PKRzfQU{F@3izqQw7TSxmJM|abc z>upn7x_Pr&VNWnvyZ4uGBV1M@2p1cQ>{Irj4(+doe?AVU0uI#MDiBepSI#JU8vl0o zbAGLmyF&+@sHFdH@m5a6rT*AXnUeJ17b!JB;r41cw-?&}GrY>R(!His@yqUh*u?3; zNq(uQw(%FXYrHY|x7Ae(u)aWH_jYl&{P`yvUY4A=UzGXA)NXOaA>5^)h-@CWnC3Sa zLC>uBuKNWg6f3w!N~jR{k2iQIRPyN7Y+HxjfIArVY=~h?BU>6qy<+rP7Usc~-7O!W!Z^*W z5#o_wP*U5BFQX0Y3&140)mMYW3;RUButXsQO~PBw@JLLeg+!@34!3-O3+ptq`iXH4 zhyYl@KuCd_8)+iExR7@sLG?hvV%6xJLmiwy%bGE;aM^~H0b-0%A)Qg8Mj#TI>ghwI zqyr*RhkVO$;cKsj4CpS^XCX6eBS7a3SpiDfh0*N8aSNU=*j}&E{6f4f4_K> z4})kVvc;HlsE0G$9eb!9$gx(FCso8IF6ad}hzcxRxZ$6UE}d`#1TjmvBM`HEHN6S> zH7+yInC~)>>T>4>3J#pn+zfg z?iT5NSpo282Ng-%w^%e565J4@0K1xb%4!3<~kH5(#Y+Q?DDp9q+>WVB*%Sk- zjsJRP>%)t(CaqOaBma?S%HQRh4~Y!Ei`jb6)scjsA1k`U+A`{2IU{Y-D-ISQpcFM>zupVc}}3GCx|%kawN z0%K0<(m$~Xcc4#P7fV5@ttD|Q@8gJ1v|gu75QQ1`Vg=?sy<(qjE-VoMrpmVuRT`J* z{p5-hxN>O(_4c%7u3Bn3K&98gX$ky0_th2QHC^T!&WArfWWS88<#4G)I`ukyE6dLV z*znPz_T2$-NX&VHUgt!K2bGO(DROLHR5|?9O@Hq+mL4UKgW3YX4;Q1y@^$;yA%|@3 zf*HvWc#wQ5Z5R$}6d`Iq`Ny@c<0-Tpzu?ddc89{shT^x9vC0!OL|#s^008O(-cNjb ziSPyMDuuR4%LlWM<)8H0WuX4v5n&P_0`Nm$87G|-9X6g)66#F53VJA-AhX{Gf)uKo zg%eW<>f2lU2mSfrxeiU1Ol3jqg=5exyx6g5<;v{7lZk$lS6MCUHRs1WHE1#AY@j&n zrh4g%&c##E-8o%O-8l~a(Kszk#P*ItxDe3+xw z-+$jx%#y;i*PR-8Jz|eHx*kjm;v7URTc;xUE{)#}WM}g(p)guRQ#S3DjZlW*TBvB`rSNhstq5p?c z(U;Rx*;k_IFl3xS99!xM1MYg^71246xyGMmt&6fF~0o! zO-dRA0RD}uNWNNL;**g(`I#|CYZ1o3WR3$quq3SF^02ykAAPrZEq^qlV}BNRgLeLy zJ1<}I_~7oKG*I~zSVg^3!oU!5)Bdw=E>gR&j{2%Qyow2_NFK3CW$G4xs?%uRcFw`B z5c*tajy>m}jd>986)st7qToy>0nJ{urIN^aD8;bKFjC@{V3X`gf=K05b6}HvgYV#% z#9Jwnu**2P)U588FZ15ig9AHHnrjqDxWO9%h3*E_RK|=00vpq{-tCVu-5n9XpD%~? z(OZMJ+XF&c!Qm>pfPF&UHi9dA-27lCpJ>3#E=uwzq4XK}v9PzZ{LJr!T-wQZk};mA z|Ly8XtmobbQUI@Qgnso3B?1q4koAL$p~G&k()C~cws z&F#zc;DP1)43HWV28#QcQ}qkkwIcmp{4v0%92>TMvsg0mH0)Ym!p``s(0-N}@2p=^ zzEGg^EjLewzIGS?nBZ<6e+=Eo;}05~`4g)6pEvpB3$dF7#(Y|aSvEyh2}FhMA0bg_ zeymf&f>8#~Rf?R8enETZXuNzZLfJ>A!63|e=ft!AYiz;2vUS`?;a$^?pE(a`;~9sS za1ki7rYzpCg1^GM8Y7i=adN02`gfR8j|0?T+b4``WhYH=!40z;!F{wJ;5UIt9+AD0 z1(<2S($KvPSJpKL^@|sxDsp-5h<`fK?F58xbAx!ZAl{N?kZI-={3f?tRKsCCkGr?| z#OrtgF_De+(+%};UT;xXUIxGB7NICeRlL;*84mdKP^rANbLtL^`UO&_r{MTXUHLmq zWL&zzqA&iTihI1ztZLDKF-Ux-IKo1(p;hW|Bg@1_K|SWsa_S>K@NSZ?2?S?q^=HVU zbD&g$nI}%r@dt>qMERaU%`9~uA_CW;+&ts#TD+RE9VOQr%0~+@_A_d@1mp|kQI!yquAR{jc7!KG|rBt*?#kF2l=bbf^HF4w+OB%37n zyYvvT=1n|I^!uQU8A>AcEQ6y=Mgdtpg^tnk27d`yEFoe4j$Zo!l{em9U3A&W4ix&L zHmC`WIb=M7!E@p{5C;}@T~c89Jef&U$PRqK`Yna;K4yE$x)o+_ptGNxhEAoNaQX=| z4JL4lenW>+met=3(vR*|O3@t890-Z~ei`GtQ5Kg+!b0E?!m#=7VD(^Bh zYCn_-R$GQ_`7*7j01Ij!5gKr@!P0>{qFRV$zDO@@<|J&xQ6*_7s$oy!_oDODSz*-4 z;xvAj(ISTRPEBvlJ!V9CW4yz)!PON|7L7|9sv#C~8@tK>Y9V*IGb$eVXQt_)R(Ywa zGI#YU;-7Wi?cNADMY_CcPyX$VQ8z#N7ej&r3~WBw%%zlE zN3OrB#pB>%1CJbD*gygEST!`DTSx%Gh~To)#7Ud|<{=rQRrDbNT5SY6{Z%5}BAW{A z8qy&j&u6bKM+RX+d3+<$yYB&cdIvb{%h)BBPf%sKJjx#EeDEa)OYerTdXcYTM|dr- z)KFlgZ0IyJEklghnLL!eE54|ASHKfOMXGA0dOW1#HtZHC8ts^^bXT_>lH|91w6f&P z+?PhhVl#@M0A;B{@Vq$OF#XTg4_44H|H7`oF50E5{9j+J@=HWck+0c?GKFj*P_*cv zg{qAg9_WUPbQ!Et;u_<^KPq;CR|bl(d=)>ALc1Kw#U0OAg3|LUQ;&x}fa+dox-V_& zXE$G2Qnu12_M%f>i8_FUWyt0IY3T5&JiXs}JdZyvOide&+NwntmX$7iTMt-GO=j|6 zG0BzlqrYOYyQXHW8u5oIKTncaj(_Td*Swx?6#NS8Tqn@BS4PTJStsBu)k-?&*K$d^ zu8^u%bG>Ht3D;5R*bh(J0NUk-HUkyMG!aAEp-rSGKB;P-8*XAvKQYbNgjCWK?^8ac1PukK~uo;zpJtE4$o|fDR<8)(MCw zM4ZMay~3p74)o}~st25|V~UW3?Uxp&!o0y9Og1_3vy7n7hX1lHtgbJ3NTqX~+W$4p z&9a>sa4CZ`Ih4q1Tq;a9jaqI6(fxCF(QLQIUVxXS^nUGtU+vE4CZhU0G2<710!s7SWD39xM~^V6;8X5PY^j0v6ye zjHbv_C$P_rdrYCY^~n=D45Go(`O4=*P65c6ZuA zB9s5+6H#6fN77(W8 zm~kaLe1C_2XuRr52>YgdV)5(2B`Ff?K2q z_I|g)Jt5^%C+t&raUJ~F9gH+P3Tde(nmtzPR4& ziMi0yN~ z_XH!l+<@HCVAla}BCgYqVN8K<u}B;nC~P2dpdG(1 z#Cp<4_Rq3;uDZ6?0-;vBZ#Gop>*-AD%{urSbOZNt&Hi<*Jd5C+7JOrOd~^Jpz&y_f zzBtQoNd$i-P%lbup5{kRR#!8vt@?Z*L31o2&AHS zhyn8MUi#3Bm8oUnGgCep&bFNy?y9U>UMWi;oHR1|bU9S!q8$H7JsB3kFVrN2$NzD( zS(-tr%;xGV*RO14k^fY!{C`eK)7|3*J3pF8Z(>MT`1d_8>W%ft{eJj`J2}b5gO9&L z7&lbK-|rG1ECo{UKB1zt)wUQrk`(6TLo2GCwKrCa!k9e0*dh;`>`-k+v!$nF(FR1_ zX+XzZ6>Rl;_2QTjXHbI{)daubo#A;~97ZZEUzwnj&QVd-hzZ%2^gh%MLCou$YwUAt zB^utLRP6#2=b}UupE|-qppZXUWLd4R#)L$Jk{iZUv4kyGpx`QcFvYu_>A`OmYocap zm;Qq8bWXE#q4B#UmLA@Nx0pS z{NIUgMgM7s^}_zW(O=wqcKG+M{jrtz`32%v*04j^XAc*P=>Zbd$O~3}Kl`YsCBFNdqQP|z{@IM^LrgJO6AdT_gENEg!6`Y&Lw zRv;>r*3l@PkYMH)x$5w0r#GHqJKFF)RzlVg!hYFb7aKy6u}?*Az%`p_C^0%9vRwp@ z#Gp-*D)t;Y%_#!=rmW7DI!KZHA8FsC&@OBnw@2>DjwU?9Ot%~F9bmI=K!5%n9WD2d zmsP!T^4`*7%?JPWZzUkTZcUX%+fPJMj;piTj+Uy)K1f>t zr?P`gG^|~TBGI=w7iBv&mG}0}g+!*;?C+U&bDx<9-V?3LLhH5P(HZz$!ZMU4A`!V* z9W`VAKA;isC+%`J>^8|QP?ScjQ|sr&ujir|keEOc@Y$r*V{EP=oc~w| zN|Rvt-@tu8tl|8CydtLJ1rP<+VoEn8EH?fexCNYG>}h=9p3>&_NWPlR3bA%guCDYu z|LLtsJAw1lu5}NlU9$f!V)8X_WGS6+2W%|f0yO{=JM9)=5H9TQJxMrfwY@hj@~iEj z>v4xg#G(7e3ye-Kyib%@-CnJl5pOkWwY|`0DjZ&QkCh`j$UFqT%psb9-xEC>?OlcxBVh9jccf@OB zDL}snrwl3Jcj#BOsrhTP1@@!6gLDpi8GsO&RB@d5VivyYms8~Xr)mYEgYfgj3uar> z7z_xo4mt-o7&>Ck%rg%~f*c6gr^wS#F$<90tme0wade%cIR+2N7;{k%=x;ffqefB= zRCXORIV7Iw8)ENE-^GE8&Uhp>FA+6?_B1;7c~>7;&#KbJ`-z@`P^lra*MuKqXBS~1 z%E{p+b{NF{hIWQld}jkMQ=%#y(W-(+Fzku!K12jb5S3DRa-?6){S_!tp`^_+0ja$) zAL-fx(btFS)4K|wLSOG2R7wt){zG4G$@0w!tw#B-hct*hvVS&u@8>;29@wZUA{Wp>!wD%v1T})E2BFgfhduf;4Igob# z3P_r-O3z`}0x()oQ&W?#&zl2QvnCC}Zft@Td=@9@`vrsR*&a8KOHl^E(pBU*)w@*NW3n7D``3T!MwOV6k$;Ka?ua-97*GZ3q<`g(UotW9Mr) zV>=#sqK*q4%wi!v-et$g*+Q{zZu92SJ+;?+X(c@`FM)57rW``SY57E%`%d1k z?)6{3c8+Y?zSuF^8O@e#?uzKO2M}HfB)eUP*uIQIDruMTwi!_*y;`!bQ3vR#%R;;G zOCN4++%-16$ z{@l6J&cO=Z%Y3W#*E;8QcbG#RI7P4WzFx9DNAd=4a^J57Q%fy98TVUQZJM&Zf|G78 z4~2BIVw9i-OX_Evy*7K9vOz%CI9!wSmRfm7qYgt#VevbL9-I2jT!OLi&6!4rE}z z@S1pfxqHj5H1%KXzl9hX-R4$8ERm)LGupaXl|bN6ax{0@2wk`qXJPAXHIVL>TYzSS z?G>v07T3cyIyq~r=mdoETb#$Ns0JmJH#|)8(ZW}vf;nJ)80!}AsX{I3TcO;qRERb6 z11YLAyWyzucid)R!t#ks?yyh)IZ{=SPo%ys_ke+|Pi#&bInE7(#@ zP}+D>Iq*E^8-*=+uPEm_O^e6iqR}d0WYS6@ff_a#zwsQDdQK7cg*a~~KgxN#N{MMv}3CDhSFQST8j z`AYi|a}EN?#qvOcr2K z#9|pxjsnLpH3`LH!iH(w)>gLOsDq@G7Uy@Y;s$w4prFClB!W3TKg)^Ux)5OYKj?g~ zQS0H=78te7T#}GfsNJK4?BSf2?FqLA?J=e)JzpIHQr~jJN4a`+dF5~T=5;B%dQI`k z{&g_w#y1{?!;IFfUQ^jcL<>zzBe;tjsp5i{+RG_{U`evHRU$kUBMuv&L#EY%l_%0q z^j=)?ELk<(AXOg}#p72kQb$cow<&SuQkuxhriy9umVqj7{Wy}CN)is;f2m8FYxxyK zpLjv+#eyvHwT?~JW3x7shwS%E%FS1C01K%KB3Pe~$9TQul918k8vdRRTu7VeV3;%d zZT1G#nff@L8LF1&9`z{q>Y7JZwBVbafI7J`g6*AvG+>e0`O0z;wqOp__GE@k`8m%| zmI1#*XRSL7owr42tvv-DlO0bu*_nX4y&D{;xow(#i$?hvcckVp;FHaS_cjYXX_xBD z^6orPldXs|c`*UaVxOw3a1<=X0ju&i6@&}{ko4ErOyI$hg(oS;VTUqgC3Tec? z3CypKWaPbLicH!pYo%u1a$c+%a^8oW$dMG}sM3n|S~rgArmT2e2JS!{4gbx-JLM#O z0)L%Fsh*Y=tJ>*Vh?eRUpu9hty8D`e4X)b=3Ek&)MYsGb_H!J?2AA?=z2g6vqQNqQ2$J6cWxS#5H#8Ah)%E;Y3Y$q6~z-Jiv630NT#pM}(wGUBWZkW(s zw~AQE{d(hrgZIVRbm_Rl!G z`*JZ5Z<7*GNpOM{9U#R!Y;ONS%v)Y=5k%WnHxSVVIKu|T{Y`D$m6%oWqmO>Q6_(E( z!-`BnYh`4wSvWn8d_uE$aev=o42Jm5iKe6+Jc(t?@adlItcCNCosPgw|P$dps^lJPNd^=hWQ2YNN zsPplCG(230^$dcC+4xWh55w`H8$4VykOd&NhJh>qu{|-6?f@S7gBSWe(-OCfBa_4@ zaWB!&BzuX@AXV{It9cNXb3H2F@1Jud7QK@KBEy?~EQ4qBwc6v)j%EONHs@xOKua&v8++ zPF!yR9oBDjA1c6ce`z`;qmyM57t=zkYJ@`Ty<-!-AAB4o)Low5p}Yrvr{3#L;akqe zNb9~0Q=w3bcZ%kxs|=F|N@L{*>rJKtlXnz`2`(_{lqSE>@3=2?hN@@9tInmWgAZ&0 zn99TGOU6@Cd3Y%P_NhEP1W&8sO7$wdX*sslcgV7^uw}WM*r#sM(McKUoMG{xPo}_Q zfDxjF0-!vk#*k{7KZjwgXnXWa*nS?Isbdd4f?D5$wBXqABdEfIk><}EPHNw+sJSE5 zzR%VEsj=GkS+Tqg!~RH0dM0q!z4xCXqd=?|cLB@}#hz{};i9Y`j)E<>uy zFZX3gnyv>BhKGvlBDWqn5&sMPpw?tDF_VgfKyaK@tq{T2sf-GQtt;D(=->Kwl0@O~ZLFnjfQrMib* z^?h|r^|g)iyd=S&kl+|!0k4B56vt$I^gR=x4EpjLF>?H<9$mcK0OseVvUZcM$F2)_nlcTN`)L74}^)$VsJ~&6qPfkpt{+LmK70fH{3) z1{`vHyxQPBC}c0LbLl&^gP*IUf8^*^S02=nMNvZ+{@Z`}8imxBf|YoLRMjafAEd2# zVS%f|J$R(Dxsh6Vh`5uU!eCP7OQ(G3l_FC{WzW^H6HmRQUr7^h&ev;!>xk7005N z2MN>EH>cOP_Vzb-iJ}GP1HP+TUP##B>9_W z#%We1fO6l`su;%}0VGUARoTjY&Litk6iS*o(pO6*suNh1s^4j&SK`@+`<@~}w%U}c zFG%oZTX+o~Z}%{l{(**pL_M8IVQGBck3^lTN*NG$J@93nM0{LMh~)#tF~V0_j*mxvWoTnB4p zH9XwuU5_iT?>)FwJ##dF?OgOo;pqhVXzJ`u_tn<^Mw~>xVC5kvfEO8+T3*M72WO_Gg z!AG{og`oXOefd3QD21mQup2t;WZAGwasC3J`J`*oqALGva#kMOj#{0{eeWPfEuPKs z+)FuX*ypjl08~>|=UplTx;IC&L}lvhW=Cdz7kF zlD*+X0vqnh@^7Furv%U>#lLa5m6@(J;X;!)%fE4il{8`Brdt62A=uR@^I(=P(Bg^5 zyBT;KE0XUY8=Z+_NeoVU$if`je#fzxp?|^UxbdFDX@}Ozy3RO`?9PKKYL{>oj}ABz z<8shDMr-sYJ6hEhPfZM*xDF#SLYuwm(VTT=cmP&}dTaIe@oyYSJqsM9Zja%Y@453{ z_!Qb$?LoC$5o2;!w*L|1&0D|OC%jMT)9yZHg>l={3sBHCCP7S}AXIxh{rIFc zUXCG=G5m}xM5mD!A}ksF2iALVM@zlUYg2>vXfE(rwE2Ro5KO6h3M1cc^(Z|0CU2^~ z3Lk=YNQ5aNJnEU|3ND_>b+y!+J(srB+m-w4N4e*CCgCk9X?>ZAq5agYzk`M_`tI;D zGh58-zarm+9G6t197^H{ofdjh&E98xtMC%cEFg_Bo-9g$V?3>5<=3sAThKVz6z(U@a;y+~Z_KOzBhlBb1-QhcF ztO=fgJlR3&q9~FchFxfs65w!Q;E)7%3#t`J@EK zz?(Qw#rOe5x$y+?-lT0UU1xo$R9~@34VGHRQt&sr{iyPhfx{L@@m8Qi{fE+&6+e>O zu)Godi%ia0ng4K+BoL9+4S00(*#(pVI>%odXO>nZGfTN?>f3mCUHcgPsae}uDDfR; zVb*DPkY;g1YG0J@@x4*MR=#5EMP{>E+g>O%MeyDZX7RGll08zYoK*c3J5~1rY4nli z6RLNfh1YAEqxkFD?esfaU_FfJ0)NI>CyW}=)w=;6J$=pY(4DC6*MbU1M>@InBi@gk z{#a+vU2by|>io30^`>}fcsL&mD^-6-l(vXXpYbO71~~1o<=2q-I_t~*(DG-fW$wA? zYyb1`b5#s6jv=-oM3tF6@qZp}dxCR|ICm}P&L#$ABW+xz>Ovy69>k$l-$soAI!ms*bZ>3oY zjkxs&jkx(j7a2!A$5FM@Q-*gdN;NXdxt-uok8H=N+|J$)C!mjH81F012nEA^42Jtl z)Q4-!@;u@+Z%fiY-s#l08EZKWD^aTO`Y>9B^xrhHCt$skPg3#aLF^xNduN7IFaI3;F;}F+NkT_wO_Nn~#P7F&?n!<1?dH z-|WnzCo*j%k}~WHUQ2p?*P;Ex)S;$|VCJw`-ZwU6jcxw|5{jCFHv^w6K%Jw*sGak{ zFUMjPx)mcPc9<%(_+En|75*{9Omvm``xIe&`Y#*$h0V&{3;VMH$WO8aiTo3vNcw&^ zlcaxfKl_2IRNGPO*q27ZPW6vq)&Pa5z5`~|Y@8S>3WPi3<>M!6{Wn%;<@n?!0%!3%8{?}=pfA6tN%+qEZkOLn;rH~=g^j+$e<&+{6ROqqPx}siqpU!G z0ONwLp+p)@bkhCmcCvKwt>j(x6nc>fO>d3m4Yv-ZTX7fc)fbtGd744VL@0=o)l7h) z`T%I0FY|P(f2(zz4)5dqcMi2$y$fBz1so6^H6`&14Y9+OIwD(7x{qYbzUT!g|Gv<` zAH9)6{Lv%R4gAsLDakA?vh%)YumT|a9S77VYbsx`IZU%x!xYOI>1do07%{VPMqEnZ z7n5N|+)7{{zgy)9?noZNhQtWky%juyt5zCE@WwCX2>xUlN{5Qhqj%lPcBA)!C3*Dh z{;l@J=-IuOpiupDj6<#0g=_DlK`RkF0TjXb@9o%vPUM_1Z{2*rC@Xs&i2;-xVpy>-zE>0FG8d!kWXmyhTaw1` zJhWGDDIaRLc!$%qYS4DU3gZwi>)%%l;R|M3gyV5qBgm-5FO|smQlkGtBZq>z(inU+ z5B0Vi!<9W~7$RF)Sh9b4yGd}u7jW<`<9smk7W|Mv5RXc;g!1^lG-LY9G95;1kXTKa z{yiKvTp3L9X< z>Zk{S{Emhk^3cD!Orohf|5jMOTe}~jhKcpt-d{ehUpTl?qw>%=CGdjDu!>dIy^OD7 zSfxSZE_ZsD##eBecRr3cuhfOt#aHRV%W+YdX;GMIKbpPHaZRvjO@{l%0mpTrD|g}P zxqV4vAZ$tQhOn2A`wv=PZ%RHfUNyEHdh)ojI*^!fE<$ z7=@+Q^P{QQ=-T6%J*+*xjg613m0ofhZ|Embc-^ z5JXXF^ghuZ%X^6vTAY-S6U+NICw#*R`LVnpCw%Obo=9%zgiV~#KbChrC%nc9!((|f zIN@qi4*v?ITa>2pWTqSW4pvev5o3Gp zglN@x8^3ECf*!pnB5`CR=k|@)y_IuWZ*2CoqmhRh!t9iz@GL{nQjIL-T=u7iL!xso zX^=&(=G@Ji?Ar~TJCbtCIQLmijQ2#!Och^li}dCE6`CB(AzYd?5F<7_iiokh05eOI z!Km`eT)v|kDX{! zJP2PFb@s7TQi;l4(I7{AP9q?vgR}atyoqlaAoKzc0s}g0crmC&wy5kGa zosg>f&KqXP@yr3%*fKvGhWfwbheG|4k1RAinUG#UZhW1}xFblok3F9{#;=emfTAdjG z{YK;Y7t*%-4rM6I&^MA^PiTIl?@)JT*^_h{Z1Eo&v-I}Rg&+A3Ta;yYlY-eWC2$$E z-M4rbkP;{#i@1o(jup)7m=siA(?4A83f|PLl{9$bMk;jD-@BTZ(_S?PGyzfZyFIx8Kov5LGFayJ8U zyDt3Qmq%mxIq1~W{?==1&;xaC8u{ng68UEec^wUBbU_b%buM!l&QMoL^8!>B`ld|i z?cLP^ry_-cxITqt1EZmLvsY{S4j3P;q<-EXu9AH&W!%2#IRcfKQT-F1b732n;x>f+ zr`JdBID)ZHjugzx*8Ht~IC_LjDQk9?9Ptcsk-pzTjlSyA_s8-&w}|2EVd3F}af0D% za_X%YgvOx!-jnS%ABE8dWDs`e;jQ=LFpT2)IG51>Eaz`PP_928K65_BN=TO9ptu8R zIG4E&{Rgt5yXrsG&--;bQcJ>-V8*;$;MsSm{)UaJ|8T#B+g-|&JLkU(Ad@YQ(4_#< z#vq@o{!IYV)^FiU0P^|#XC0wSHbQQ9Rk?4I8oGUBsV~;ORJpH7t!nfB0}9lWg=6{3 zQWOd_$QKJwVdPpe`1dxu11-v$x}ZC^pq@0e+3!SYrf>*W9caNcp-dgBpXIBsgi}{Hs?!rcSfF-i+Eft!3%YP$! z<-<}TBwB#qK_B_iiy*m1CSS#1YssCNmq~yNC=F{*#rsfOP}X@S1K(i;?geQs{hZ>h zaFQN>zMaIM(j0Sw9-UpTEG1XX_z=J~Fk4yr_B#H3gFRHh2C$GXt44CMgg1hMR`DMO za`HzwH86&SFm_aRjO?{I2Nkt)?{k|!KTnPAcLi_DcLmkqT2sI$Zn#{*3$@ZW&F;WX zZ%3tComOPo9xm5Etp7Q?v;g+FT1r0d)c=@$BTZh#p>I>`quHweD|30_B{1gQC>R$W zkxF%E-~PS6!{fa}mFlTxdUkpX;n_mZE^iljPN8RqH^X-aDjU7n5nFI;0dAYBXKi>W zUva0tc#%sFpf;#Oe-Bk@LMo6Pq$?4z+vIKg`5mRQz}fheMLnmGKD|iHf15_$)$yeU zFU8e^^{AwwRHb&r^IDyzqIasQ)*R$`e{_Y$o>^6Biu{Uq*_l)qg+tm&t6UukqW~ax z1j*2{mCiI*umqU_fAhu~)VG_BC~7704v0O`kiI6H>Y=bZ|DXc54M#g~|JNI_X>01# zmU=V!H@9P4Mbzh3q%)JNbMU)n+KP8)Vx1r0_4zgwxSKkOJ-Q^5+}%O*)s{w!rtj7d zQw^xH^rmyNqh#f3l9yw&>u9fOJFu11w$nHt|*ZUc88RU=TG_ZE6kQ0JQ*iKM(hZ+OpXU z`+u%yxaM!OD}F!Q-s-t>!CqvV=9)y5^BpkrAk#XA*)`{!EmO+{%3=> ze*hA3h9*LL9{O1vJq|j#n`kk8&Vr+=etivx3JjLux8XqO;B0CjjexhvX3BpoMOjwG zu4DUomz1M{J{>Ab^&vV~x=Z+1`;~{5!r2k)xA1B>I}Xpk41p~O>^K3iBXkP@AMLkr z1OR_Oe<%P?Q?{#h`>g=&f+ycT#bMt81&&f{Qn(ET$})^R;WF=Wh8CF}EA23xCbY;2TTp!N#H=C8}H8@)Z z+c|=x7IYRA*AZsi{SR5NtIWl9mcM>^o;n-&8qH`S%nUQ||mmrCdu{ohAW{? zJDJUxo%&(GifLHwSCQw40nK}+gtcyP303?+=iGfIf+rsJL!2ij9|n=e4g$4B{!41e zyEK1ubMemE$}P5U7Z;kM9g!Z_{0#+K39Pf{;aK`jRc^`cGF$O%pRFoOwv!rORRwZM zjn*y&Fydr@1jtY*=TSlqB~)ENVC7vb1!{dbKcT?~2j%7l3s)s!tO#Ro2a}QvlX@Z; zYcha?M5s2 z1kI{%H(Fgz1k-M`@=pZQZkW2C2&UaI^*9ksyJ6~;fT_Yez6iSM$Mt3$ma4Z9UjVeZ zz&JR8H!xWaOB^Vrz_64gj6E5~R$y34e*%+MU|33j0+U{F{8IW8&<+KLrSvB-Sp|lr z^d~S%LGn@}uoI3}$5R=t&IN|0^e3OpD=;jjKY{65U|33j0@JO)u$2A;=ClICQu-5^ zo&|=b)DC7^8^iQ2h&a)ULdhnjYQ@1=thA*mU#S|HLNo*8xK@;6nHvz#W#3i^JM@;U zF8rI91+a!K;`s?iI@wN*6VE;BjSz=9{?NDyn0xgBv zawto-;w*S75)df}A&S38nbt(6HBtPK4I$nq2wMWeW`IaVhz|%NH30#gfXvo3%xuEU zEor>^emfS6AwXI|Bz#OvKxzv-4A^AU$48gdm=*ma7W0j<4D$ZeXtfkX!{lf1Fdk*E z6F-zpqbwjLAWxpZ^)zBLYw}2#QXjF{hD#exD6l z89G4A&F{kLX@M_!7AEp6hP)Kdm5GcLLx$DkNMu+I88*-0M25|fk?QGOzu$&bW$FZF zgVn5>x0mY;s=nQQeccVNr_!AD;XaNV>dMLoG{7N0)701G4vyJQ^waa?(zz>XAU(o_ zZVCrgKN?1@jLo**nz}EV5_G)5YJoC-m;mm zAyIUaUN$Pz>`jG9GUDu`yvgp{w3EyN%kJH0Buo?>lJ=`DZ;c{}LbPcK1WWPb;n;bV3ntL<4ZBhbJP4#>(#!ujCdY@rjjFLzBG*HMpkgOiyeKnX>95hVkE{0Y_nJ*y zhh7i+ZM|W?HQ?C;G!{*3gpG`2 z8eGFO+w*=;AuRFqPNn=KO`kpzem9X%r99>D=u@fuBezl> z6_cce#y)!)-dY}m#NS|@!9*Wq^|np0mJVvchkfjP0~N+IT*1&va(0*Q()o$pL2U!@ zkDS4!Beg)xt?z(Mbln{!6Zj76_Z6Cai|@oQx4DD2l#&M{Xh0~h=YRS_&LVU#^^rTc z6h#y8*oJDVi_lTgT#V5)M}yayxI$*27nRAVf~9HP4t%B{1|uQiA(1c~Jsb7cgxk*d zUn3ofQdiJDGJMy2s6B>!`@2Jg6M|ctkxd2^aqj`tl02`tPU%mgC8a+}n#z^_Bzb~g zjv7|^4vMJSIY6^DEJc0BEbIJ2T#x9z8a4Id2PWwpXhLZfc5OEdmlnKmq#HeqVk=!7 z%Phf7{9vX~DyQ8#h`M{Zm_)8yNDAW9V~C@9GtLfu)Ne8!3m28%X`GWoN(h{d3D!` z6D}Jp?=j7sP(cZKzkNA`^iaq%j~3hC&P9*B-}WEsy|9yx-dqR%+*jTTU$F_jWc^rZ zY6nmLc?zUCVEDjMJ1l_7zzZHuRaV?evgK@;u>*UE3CuKC)=MUk9X4YKCpvs4nkm2B zycN$lJm6%8#gIV*0=IK+RdNE>gYmU&Cw}kc9S}p z?48yMK`ms#e%}#p$W9^o37W$Mms8=;m2;j$Qz-9+!MkT5?~fIg4TpaP@GnQ{n4;;c z9%9>IoOiP@6Bac$Eq_cTW??NlRSINKHSM<)6!i_!f)_1HvZp{59{Af4{XxND@w3)6 zehz0$Tm;W^@j3V)wx$>;w+9}gYgpJA80pM&I{E|G^zn;ee+(Rej^#hzgPVnNy-JseVyf?zhOf+7DJFx|BbOSD+ZE*HapB9?h>q}uckm0b3$8;ZM zJy!|Lwost#@@{5l=ne`f;x75zskeDQf%Weka9A@R#yf)E(GqlU%?8(N8mhK?2Sf%@ zRGJ2KdD;W&h2w6?r?f$=Ij}#*jk0!90%>F+Fnw}G$ZCc*sq4`e89+wl`;TQU%utml ze^r*DMW?f}jqQ-pEeHU3^34W_XH6o}Vn}>mCZ-q?UyzAbL*k1v(Pl_|NhYQm5?_{y zX@g8mcBT}u9YQ@y?k&TH|8>HGWb$H~tL~1IerebRM$bE^_G)PUu zc2q4PqHV8saBp!-l6`cY7HjfMRjTv-Z3UhK{R#p)730In0Fi2Jjy1SXQz3@66 zoqY`xm;E3=+!us02U8plT=bC*@CQ@K>VGq&dzVI@ zmudcb*n68Tn0kHW{zNM5lg%lZIyJH+kqUcnvlUavMsE;Fu<cG) zx<(x$3AWtkH1v}_0_8npMtcYQZZn&_rvpn$K6BlAIQ-1-cD}i~#zNC&^ap|SlsOnF z9#)_k)oz|frPJuRV4k*$c|sU5PcE3Jt!yJt$uG;~6ii+(lV6p|R!pvy$?IgYEg-zH zQ}Qb^IrYSKrybW4F;CPFF;7;WC&bT@1$G=~E6h_J&y$$HD`mRBPR^AQxD9j46FKqu zniUzENR7{zJCdJBjZfLR5lbR9K5Kmv%g&FGdQ zU3u~|WmzYbJ5?UyNqL%Xo2J<4l zD~W95H!HpkioDHlHhk+Dd4=Cnlkg2Jg$GlG`1IZAX~)IOg!ATIrOJ~^w7F(B`qu!K zr+6zBNz@nHie5d;Ta+p_m56?;UB$SB->Rrw-i!uFqGJ>v(CI&FRRYfo!4hfWi|7KL z+etB6Qv!E!qN|9M_@A~4<@!n91(ZrE{IAK>sot5CN(%fNW$HAFS?MaWsxY#ly#Ks_ zOmUs3Ao6b;4M`gLrEW#luz%Qa@c__2ULfs!l!p})eUy2oQgtI~Py~_s^B+p_T<1Sz zQ379ZM>3VbPT7&IiH@**4-RF-FS0_Ye;Cw{apH2Q=D>qucUsNp z7OlYAy^B!PHeU{p3u;7rka&H2pEuO!y&$QsbXnJjz;tHvAi`PxA{23%8=~pd;YXf7 zL5J@E$QD1D*m@Vk-1&I!kbH+mWhj9b+2tRNU2fnm8{2o;^GW^P(7wOe#&qhhhKe#( zW^QAVXycvmxop5LF$}*4pPL(_5SRS9ANX@g)^@fPB1KJuIgWWBv-lXHJ<#AN?@%ViNch`Dqe)mN{VkN+jo(%ecqdoYg>+- zuZ~L9A7q&tD64yJ~+tv$YBflF`=H(Es7e?0+6)mn^XOa@A zlR32c-#6quBXbA=d@6G;05l?V$bP5EU<)))=Gc;gnmCle44K2WJ6oSEG({e#g#mAG zJe%mBu-iG4gOZTX22{rmX8=51KdOY0Y(My zWB&j;`3JZMi8*gS?9RU5QIt;P@y*Xb7xgd(xlg;8;v-}$y-_FA9{CQSPGGtEC;EC@ z4E7_w+KCy2uShkC;$s7^Ut<-T!y$Kbc-;4bw##GBqjzHo_1M2g83T6FsPhX(?djOBIku9HNO4WyK z6#M{WO$?4mcZZhXy-utV=B$6xd5gR3Y!f>M^DNbZOYKztZW5*qLoyYk@3>7cDdmph zt#ZHi8IR$Y%0^`tdbeQ}S!Oqe8{LZ1fe+pK4)15~l21KPIL)6&J0*P&!!LaX|5ITeMmAS}3ddX*4vm;^S<3 z%-o??Zo;U3!RZ*zZ!(7S(}L5>IdtOXMI%Wz9(0dkgLDk*7_zO$FNGF2ub<4p{_v_H z?GQTuAuZBO^iNt(YMfh6q{f->M+d7-25OTsn0giX+PLGnI?rkDkcN)u7H)=l7)$G0 zI*|MPME>TQ*x#Hf?r*MIg1>N5e{)Lph*9Kj?!9*I=A0#m(B0gp&XNP3$2Ie(G(kpx zbFger;%^Suf3nQ-GnTrC1K-(U-7K(c!7KBfq0CeyAxm~I=&uEBm*$B(Rr3~MBa|ww zaX8o>8^2zZgUo*qr@n*wSxW%LjC=>Sbx84H(uVZLeJsn-{Hm!O{u5<9$2rOI97PlhrRrYl^6UJ<5s1bY1gX*fed*|I$n2dj4GrfU z=kezvzz*Rj*`w@-&26!$qsd`CQT#`%G5+J`AvD|=Eh^}+j*XEz-1YD_CRbU8ky2>@ zMqb%I9Orv~+4o-PU#eqya2zU)P}}V&46H)7(`!%$nC8}(=BP~* z^2yOw@ELae^|fb0QvB`mBDj$E=bz^svpm>g? zu|Asr_I#^S^V4$+s~+Zet=V(4J9uZ&WOvEWaP*?m3x-OE z9PdO;zoHc#a$tO6#TmTHj`!c$c)#SSA7XN%{D$MdWeWq8D=?XK*S+r}&U|1bMbL8q zYP_P=-+YW(;nr^~nvA=YrL(^vV!ynBg{@C>T&)PIYHLl)ar208RAeVF_h0M8axb*V z<$mrPf3e(^s%b}Ku~S*^57p6n-u*sZG{eM6oJA;`;&fw)mID#v)a0Jh+!x6L=iSEspU+a$P`WHBa?_!N& z4D~1spAPR$6Idx6*7n6)*r(Dquh8&5-R{z!b zEZWHT|Cyr2b2hdcpD4vovOScU+>}yoipRsv(Esz7&3FbXIW_zg-azdsmhIWKp}&8vAzii{F>e+LeYN}g8E#rm44J~AQplG`Z4j_o5RKFM_b&WFgK{DSpB z02d%W1me`$F@bNom<|4yv>?&CKT~jB1HPFcG{$l}14C%>eu($=-IDN4j>I<|5#Q`= zk8gGwYw3iQB>XQuAiYqIFuI>~zfDuVsCNwpkLpWa6WMnnY@FH9LH#xixmm3Gk9N3o zRPk2$%~kHLuivK_3Z!pIE;1hV8bh}1;dt+x5;>P%^FAKNUJL*BM_WwY*bT?EC*~lc zN#jx6e2`RauA5$HQptKJ{Kq~(3Dw(2nCtf|we&@bZNX+dOhhlh9*YW_h>i=qRZeh+Ygn8W$^NR67 zb1jC@u0sxCd79fOz;#5gS?4AAmz}7Jk%5d)+JsTL9lT9w7*k?)g|1@%TADuwRQz7@ zuhr4>fZMzY-I?ul>zm?*(XAGi6?{vecqjJez$W4P?J$M|#0|)&i{W5#`s*^2&O_C= z$XwtKm6|<&L>`28hu`XxIEMph4)Q+?KuAkvI4zaJw}{rPItG~lD5wP()G{%s`fqKq zNCo7I^P0Av9zV7N&Q{vxh4y5u^X_`aI=3;_>HNxHkwoREf^QbBXZ)8Y@!$Fr(nHtx zrXEKzpu(CoMm=NKOVnf7F`bM%<}`r7C|-4F?NlDT2}oEv1!>@1C{=o@C23XLe*T@- z&plJ*swTFwA>3^*s-+#SsuPuIieq~u(!yF{?dVzNM_Vc>7^70v1DT4$Hf2R;vH<%4 z2+>g1+n*&-u!e<9e*8jN{~b(j(RRE+?RkaX@}8rgo=*-&WxBBs(@)O_F%a$mSZxbz zs_$D^>&IZNqo=OK{kdH98DxAo+!$}2g=8Xb`V{ZSGUht#GKqB6`(GJ%op~pbK9S-X zQ|xu6Dws&0;Ju6DuTy$eBHf_`=5k!(B{ubSGo0p*s;^l}9nCTF|1qcjKE`LCAmX!M zYnnju*}LFf(GZGL{IwfEu(SnB@1%rJC;@{RN9!qp>u<({brg~HC?$M|36CNjWTTU0 z2Kl-B@l9Nc56od6LmkxD6yE|vzhXIA^(1-6kq(f^Ci!?TYjv@leq~uOjC@5kPoyP z#^-&^_ixyangNTt!wJnC$X3s3g75H7aGDQAom%K(jD}i(Ay~2#1A5UwRIY3duX-Xr zrZ@s)6LOA(CTDOJae7?V9a6Er-v+>hT$ohYD;)W4XvZ(NmkqgsuWmvA?=7(Mfl_~! zLQw+-gGUTU%^phq&FK_rw3ei%+nliRgF1%!3A-j(A*GQ+x}sIwX~@k4SCH7aWCdP< zco3njw~63Gr`5zrY5D~wN58g6wab6Jk?cN33;LTo@;F>4y)0?o%M%{pyp!YJm8N;i zVfd1=O2qjufQ|#?2mDc--jy$d0?xCA;a}U;fJ9xS@8}w%aBn!{{!b~i^r-Th!#ST zW?s?n1qw~!pVQH~fhWDiKZ7J_N_)9oDDUS!eaSnAE zJCRq&1BcmPx6$8fUzkywjvBI0*3Wyjxb7fbXOOk&{dMIb>*lMO0xLR$yP>|GsZST=WQ+isd<8J5KsZ%1Tb)i*umd zk-Le$AG5kpI#_;T>@l9vOR)~rH#g%)4>YYn(K>~K3r;Gi)LCd*fZFA2SMWpnMxAV zgIxY9ET68G>{6Eh&Mt3u9v%X9E3v%WULstkDjn0DO%rl>?a@tCV@je?fg5mVyiPK3 zFA}nZVMbd-^btVS+g-t%c11_?{<gn5Fe@ghfs+;$RyX1gd8FwJs#pypr{;pc%{;nF(Rcz2$ zORtONUG<`nwOvJat`3u1_vWCVExWe9?3P<@xc=Hv1r>U30ac;9?c*BD3+yKBfu`?; zF)u|A1h;RqL*`~&)3?xL6S}4fx}kkrP^)n~jpH*PQZBSd zJ84ZSQLsk+I%htVuqz$s<|rM9OC)4RA;8GzktxCU2gqwYiA%-ZY-{{(b{7rYHbgVF zE02hQ`u;Bzd}7(s(}6}c-+tT0W_9iA9GJK~dP#~@vCEV7mbp=k%jR(|=p6KrJ` zj2=+>dk+9nv9kT`J^F-w!;GHL#%X%1aFmWy;yoYNW8`ng=o?SA;5U#Eb;dses~*U< z1i}DtK##wOUXA6b)L<&*OBSiUf)rH`K?d&%=fBeyBj6ajy(*1=;@h<+`UE@Q{Tf&L z)}tqi*Z1f8C`y0ZKehpRJHU|xkGJq6rcUEW7#&*)KQ{A;;mF6hnMd$A(U>A7kMdpV zH2%P;e~PArDrL|Can@SCT1B6Ex5Rpy|DGC zh8zxm^;Qm^KGU!oykTm4W(aHZ_q+Z{)YCuetpCPZ5xjFqGt%8-8&MzO0j6Mgl8ttZ zJwj~(gz6bt5wZ?xMmd2w486Cbis{xuV(~|x$wtGdZ{`e5GCTdT6sP{-yoV!iu>Gz_ zafM1_(XsMc?{$eu)pga z=?c!($SKfk#L5h*T`KGs-N97iyT1>Q8_pA7fC{U@1$F@Ua!BaF;&uYF$t>sW#Vw0G z2CUB+LZ2PwWtjJ;T?v+#tum06t9 z>_iLe3E_$sPO==|!g6fkU$w9P`1WPV_GNokWBXG7v{}fJMedBz&CRu4`vO5;%%YI+ znZctpAFBan`#0bUHhD71ufa{GNNp^-sH)_IAM@yV{HbS#qAK`o0Dx^2iJ?YF1ut zq4Z!PeX@5grl(*?;-w-bS4EJ{^Aj_WXzHUq=@ZuE5e-5Kpgzn@3DpofW2UVp4B zgP(iCGq58xn1Nl$b*_cs_AfrtK?$JhLk)6#eJOI45_p8hsx$8QX~ywG{S36vWZjHk zqUS=zSH(yef`&Q&8_b*REhH|-ACWgdj4S#-4!C`+*_30NcfKpQ)b0u{1j2nnSD@P$ zmT8g-y;5>7zIODdtK?UgGVa&Ng%%RSyMot=8p?}Opo#?p;P}WxKW<3z{P!^-h)L5V z!Si3@UDnXbqHlRl7u4>F>0R-?XfE*w?9Fw9@aBptV8|RGwfo$!NzB2x#{{)Yrki@2 zOJ7L5fo1l%CTl@f2I`mr$%Z_E#S~nQk%s-vM`50ex1tuxKkMC!_Cv_3x%8JY9S54ln&fS5^uZXQKk|n0Lr>47pW+_rkCb4mFBbbr~~n<*x!T*pQD$+CqDRL2wh_>fT|-`m^oyTP;r7|;yW{%QhVm=O-?|s^2Y4fSl;+Y zNdS8H4@1~d=sEDN>PJZZ8U=fspk;6x>lkwo8aNyq)>vLN+(aSAq(T?TfSr7qg`V#g zeV<~A{Ezzr4Rry{TD2dEoXPpnWMvuJM@65ZtFlZMKaS{(=pgIt&WLdE`YinWCc15m zG#*9oyni~MNQCb`kTjq39^v5~9iPidU6dT#x1IW$#wi`GBenH6d#=CPdu>)mg+6U$ zc4B%*b}^}Mnj_Pgh`l2!R%YQN$FEE##hZ`QQ7GOT*_M2w|7kp)8jG|Z>d&O8=D)1~ zuqHaDEnm6ZPUx3BQCF?P}v-R+X%3 z;tI~R<0^0tc!$xVGnAR8`RfauB}ZUvzXNs#?JV#4FYv(T>+;>^Z(QcDTm!!Iz81aK zM_1-RV`5No^v6MgD1lIO>c=p?{J%f3Afb6NMIAS9a_I-rei;SpfHACug^00qA7=6(@2 zbFNGOkm44y4E>5lfa2$BO(|^OV)3_TdD8u@8A{+|LU8-FScBIF>|L|~)@AfZ-s-`B z3AA;PCbba-x!LTN6esWF^>$NPqxE#WWz#6AA|SHmrSQ~93S3&Ibc?&BfKT%j?^(VL zcvX<=87Q?W`W&ZCfe}0($>EFtg6g(daJh-%F8(?e33TP|5oYOiA6v0x7Dq!v(*U4R zk>i`!7u`AhPOjWBpdmcGWhF_Rr^2NlLcNFP@PhTirT}B?z!xWX<}dd8s4b@cm!jm3 z?Muk@NGU4 z`vdLk4!HGi;Cojph=^>0@@cNMqohOqFG~!Ss_RljClBKpS~4@$M7MnhQ_wd9jtBBj z+=L9ZI>W91pj1C#XH%F)pj-kLRCw%;s%Zoc{DQxA7CKyCip%UOr7u_iS$N3KHuU?Y z{@2X5vTlr0-K7vp4=lt$kGL6WktN>$Xrh9Gh>g|S~V!P(%@CR>-bvi5+6TS&e*ywLPM_KV% z5e@6;>SWD~@vs;ln46K{f$IbhtOTCM5^+szrD{zPd4F-hEMRnRC9tfkjO%@SQQXYJ z`$go&B8-}g3|rM_9FHMw?Or7?H5<<<+9{n2aIsG}`8MDZ1mY1L{|AW&B@a2v74iq7 z1YTAW5phmDN?ZXc7btSHOEw~OteitRoCUvU<_PfGXIQyd9@UwW^*q3#;s z*3COZx%c`S3h=Q(sji3fgH{eymjT!TrVJ1TOxZiC{XN7MfTatRz^_0%1BZaSylR@* zJe=RlMfCW4~uit`(clD7D@V)DI()0HnM($7o8*zeGnMgxz zOJ}4hx5M9+e$=;zI#4VA*t;Ve=A}V*@db7o$HVT!y9Y0KD-S(Jp_J>%LBBW6w+i>5 zRrMXq@Q(fKS*{baT)GbMyWbc#m|nPLEH4OM_;1u*K75U;+*_yCH+Rq*D)+|@0)Ld= zz_{owJZLHpp{pHFkIF;CY2$T19E~-a?SsBP|V*GUqfUQ(b$uO+BE;0stmRx*QXQBll$6*JyieDJxnmSNP zjw~BEnhsz4k^B-B!?)qhw={LA5?G&3mV^t_%Jl<9$Hoj-0&CN07uxZlPRFencpx3w z`Nq!^J3gIv{9*#VI79CEo9KN~2io!Qent8z?0DGBVjC|nLCwbN>u`Ij_2CX>p-fXK zQ}4e88i+x;XY&+>{qN$6Afet9-KqHv@DI&+y9tP^-;EP5zV1ZU+yyz2BGR`k&G9c9 z4x=>;a)8kyeTwB)MA6M}`?pwhdWJPrmnBZ_RIDO6+3vp`i+z$!Cw6|)iQOFet{Y=# zSFjqdl1SpVCyfkc83nB1Z3I!GsB zC%zB=CFwr=;k)r#fF=qg#e$XUU?b)~-V_Lll$lQEKcy%PASbE3afl)yWk6a9tm zztK6--x*5ana+v+UZMmZ>`WiCL64s6WZWe%jt_M*?h>eKMJMAffqpIMWZWf?aIHwl zklSXONa!FdEfWcuawnfD60+ph>mw4fqw2xff4$h6fBnj7A2m?-`YW` zdi^wf048=@H(D({lx6ks6kNgjkwACiaFP%xgM~l^TS!9unGJcbjv}1E53izYR;4P? zjd-!*o#9b;9Ertaq25dgE`G9Rkb&u{8QrMD4Nz0$v>ZvRJcp~-rGGCEDw`5$LnPuq zY*+5B7t=Y7E+~{hUNAS}ln`9>57^H7&>oLs2% zm3&^xFosX%BkfZl%`hVO=i|OyP{6zsY_2Py$AV^3sw&cHP_q^PWq5|F8Nz|evMZpN z=nB+7DL=6&;rpfeiA4#MUYws;lmJ|qpR_1D=f@YNJwLGlq34IX@+;!N@k-$Pu8BN8D;kAEYUX0~-eSeOT z4_T74>aF3fRVW;NM+@3M`BYrL-l+r9&ZQf>RdX_g*?vQu!`u#gz6)lqUM;R*tIoo& z1T6^;^Vf9AVdi&9m~(y+$>>7Y8j*~j$zjX{GxC=hyAQ8p*AvBa)oHZhEHWHz{ zqGN2(d~&nQ*>#VyERr+|k@lnTUGgaGN*;x+$)m77c@$nq9)*7= zM&TY)5~^Hg7==rK*Ayc#*?XfL0f+Z$D4IFSdnqD>y*CSl&?!m?!8elZzjqFSS-p%_ z>nc+&l5jT%5G`!Lm&gU3B)zY8GIsf_PNK^q2|8WSDXG&x+7q3I*DvjK-MrAM`o7(( z`i?=zx7iaNhbq5ICe(JNB`_;s$E^lp4L-I$Eolk7kS15_;|U`FfiyuP*qB84$3`L% z?%s$dRUHJ0u=P165w0hWz-{8~)_Fc`w@DpEhY)3TOe2(Kq5Q~;UFhiVq%3O#28>Yx z2`8$e@GiI@=meU>B@qJeiG(;I@RmqOk(AN%A|W0r{+}X&2?01VSBivGNf|5@32E{x zvoXQ9)DDa0GLaYOf+|EphWucONQl#S{Y65iq~5xUge)1>Jyj%ROX}s17EXxMcVCNy z92wdDqZVpXN0^r_XzB(8A8fTwu+>Ct#>aLaVO1Ri$(4f#_m;R|5u=sB3nT89`U0=w z-&&y48<)sJ+XO)Z-J{4Wf2FD`3Jyx3_-yi6P@3ZkYNQ2db?f*5Ag?2btE)MYTBMX% zVAMir+l+`&soG8H$VeX}EcpSvNA_n3N^02=x>L8C;$jX&eS{BO9K}`A9x7`H%bhZn z^}Y<~;WggzR+zkJ4XD8l)Vu*Tz_jS5#11L76fk#(3`>i58sRD-vj7N&+!X zfKO$O@|MEd&c>+0WN#Ikejq$^frTZ!Iu2x0J!atiEKxYFEZ*?8qWR&L$PG$d{KW@u zUUnQ;K=0GCX^_&DWk<6B1nm)&6~AUBad=;4C58l+;Kx~sA%OwgoRz?sFhbQ?iD7}o z_iR?uusoEN7#3KGdKL|*9Twh_ES5Z(Nq#gpi!ngc^{_Jk%O+LmcmM@SBXPnhklAvC z_HCHTl=B!0nwB?a=a6_Luu>nHkuQ>$BKz&~4lCSqZY;(kIeWyCMT1~hmbGTa2M4DvmFQckIXoeurw1**e2MO>Q(7< z>TmTO%0UXmw=vHI&cDqxr7<~MkH7%0q0*N*km1>I#4%KVGwFW zUYg8%RwUSE{SSzQbV`6h4v2&dN`OV-5eXeA0UA9^BxF*;WF;^~BxF$nEGtzcWXrD% z7YT}NM{jOp4zw{>K%<2BV1JA8*q6|N0+E=l|mr zy=5Gp{lz=O-ET0+2PUSUXb?uGQ*Dd>U@CmZgRmEh(kZ@T2aK;s=fS;o<@RPE8`E)T zAa!I(Poj=~vnS#FukA@B;V1SalCaU9G#YQ(<0RpW_QXiQ3VGO`7ztSRtL#Z4tflrO z5!PILg5QL1Ud^>;!BV*hMRcJF*-Ev&YOAM5=)!x_r5jffc!4fJ$Ct57XgSGCpq zHIqJr5T)PU+fK>>(&0r!k)6U7lFKZgbv@oIL~aCZIOY;%O&ymfS^t`Pr@ytca&LqE zUG&RPXNpS@-Y_Le5S}rthUx6O)j$@nG^_^AyIA($;hiV@KGAz!Ty*EXJi!=TC>et? z?|8`=sNT`|m_x9`@v$RS)(@K2X_U7YE}`YK1YupfS902~nIrccK;5I(91`}$1$}L) zNivlmQWL8J=I?*0iB$neks0e`v1Mpl_n=5bzrxoR^wYj90(i+R# zzlhb8K5+)`EJAOL-b;aL$!(NMaXu0{|96qp-(W)>QX^?{`Wt6zA=_tUG)>We^6q&8 z_kJ$z{a^4FxnjaGp1VP5sFm)un$H%e!|WYH%MWyFiTFQpCJJMy2RR zRLf3R&=C%&l%|@1?^PAYJ19CZ4}w8|_8p<;HxcS!{k26&+Ejlf)X4jZvE{&fDUe5a zoSJHid?}6)8zKk?xgeQjBir@J1&CzZY1bIZQ@jw_aD#;ouGuN1i{Q<61-%EH{$nv1 zEV?gG3u%qMLoLd(kto`#H65vh(q>a=@^+COxYsdvC z`af}Ai!?1-s9Io6oP{nWgR2V20n$0%1SJeLOnS`%ZLcDGgRz)!<*O(~^A`Vg1Ik1L zOwa(|D&)5;aoL^4rxLe#a|mhjRBeUP-z;lv%D+oB50L z6uFA(@iX(^a_OY*06#bck*DPmxOT5M8~R{hPZ!0h66r&7Pe@K*Pr;ynCQI(T&*~%- z!)qo32jMneGa2iVW{PaK37zz3asX#WRpk57R1X+Gmx7O97jF&kz1MDX4rsiyqqFkZ z%xS1Ngn!+N>swhaosfRl`9t_pkS|$<&X%XMSXepl(rzYG9lTC7la^GgTmQ+eN5X%5 z@~F@j^w<46bVmW|qm{L3!3T28LL%*_-C-e*o@6Mg|Ds}X`0~T^P%-%(x$e$BZr%0u zkDUS7&9tO@xrjV??zOZEsfI{+#Lgoz5(C=M)DGMGy@RwglMrC!rB5g~ym^NuZdmit zVH9@AWaWW6^iq2e*S~QVX(mQk<&_WNiVn!V0VU&T8 z`#^Zf$~NNgFD4@rcGNU_c`Gr?WyfMdH_OVdxd8tj8*3%~Z}OvdDDu@IBzTT?RhD%D z0K-*XnsnGDi4ISDvCwc;r#`@PxX+JL8*EV^Uh&S$O9!p^smDri;-fECxl7DOAw8_Cl}4*F9ot{Y|Th?gC~35)#AN6O80 z{yK|3VG$zCA#&Xm9k*^eK{Y=_Xr*9?N_UX_Lo9il4$4USQSwPS7tyar1<;HIjM~<$ zMZx{~*sj-Gxyjks@3g z86iT8iO7oh+HeW%-OoxW@6NRm&GqFc=sUQX^_^H*xr18Wp`E7k48T~Cxu3;t8VvE- z{67pQO9q$zfm?4xW%g}a@SdDxtHXSaG5K!7!$5j|bmI`=N59lFUJC|!y>5l=cpGfT z5&p6FY(O+VNRa!tUWKj3(oX#sy)k^_dq-mWfoLXL@Fo@{Hn+#rk&YAFH$b=#%CjIBT> zFkdsbvLz1o@WOxC%rKs5%*Jb{Jo z0$Cb$#QTvep3h)j!fy{x#nFWNfdC;TW{S78MP71mw1}y?pZeZvBc*<)G7e6V40+db zAEW8(zJ{fSz8tn_C0jf|oC~9sE{wl+dbe1xA`Y61cy4xXQd7oo<;TV)8P}h-f+W6rZ<|6)*D1i1klEF zzsa2n>xF$2FXE=aDD5j;H(kk?u5NaFd&76p-te#s{j=C9K=w8y z3syBTKif#-lXvbL@o^Rosy?|c?x3pua03>bk!*AS|37Mhtu4|Qo`o>1fl=x`on5M1 z0m-wKP1!ysZfYKFi_zdl=CC1f7m@KOW)NR8DTb6{jLh;5^-(tpv%EuMl{!nB(CE~5 zUM-IpWU5Eyj>BMZFeb^xL%5Qstvyl8HZ zE>3_bZp23a-{4d>Z$QQpio{fs7o%L(=ofHl9x`m_|o|d*eQ-qB!6_XXa5S#DA9VbHynzSpjGt_aCnqm%rRqBJ6)6_D5F{PL zmv8xHA*)XfS;xUoc_?$7T3J6liiopZPd_exLV|t})B_tHx{(HIa_S!wrC>Yf)gizJ ztVRR%TE=%@%o<{PD=yxg#Ntid2$l6K*~$+%*ot$@#bp;pC#JJpV3?VJ6Sl+*9 zi4F7%A-#9d&serg-$$FKHT=yoGWQz;62FmN)8eWDD(og#$Fl@&<6iJW5!_V(L6f%f<@IHUAR3 z$#Z^jEZJW{sus)yykZ*#4TjPGIYF+!njCA= z2q_o0C>_s{*hmX48Hp|}@vCRTS4&NvA;o)yyax+x4jZlFb z+PM2F^f8?xali*=VYmAuw)7Xm0O4>CYUu%&IgBk0-Y}dZUHnM&RbP&lVBt@E535fL zX+R<#N>x^z$F_gDMXr!7d^tv?-jHjlY$&}Q2@BK#d6bNSc3_NpfSXoiCWvzLyBZ#j zbVeAnEr#qA&$Y&^6hoHPQ(?@q8nSGjVa6<*AuH9BTfg7tAm@}5lnqw1YTjP1H>mn{ z_w{u*xSmRL)`$BzZm26OAJ72(nR9!g$r;Su4(u<}l^4<>KHbCtJd`Tc%$|LU990Re z*9O(T)9azQ;CY{3TA1*Zf!+_;mouN!C z)49s>OPR!3|2#Q(YL4a2ykbcEg{yA7hS>+KVOQh@3;XPW9TUFyPPxAjFNyut^9r%Q z_M77SD-WP?7I1@Id#BuBP|dE!M8m5lU;t{Uc67Yj+LzI)|!$mIlJR9jpK14q5%BiR!PD)gMjR$n##Kn%CVS_8MXZ z{DfQo15Ul|(P?s;BlnUc46^ZqVPfKO`T<&mZ&RH++W8|f#P@QSv;zO#8d)o*POlH2 za|iatO;e_Ya?M(-0l5gMdja0hr9CI7?4`^8WXd8(XjM!pw9LTlkV7x z&&rA&kU$>%(XZ;CAa^ZTHWHm0h5B9ddml7YZbtNb!)+47M_!N^{@^7^7=DZCL>PY5 zZAln@Rw-e1_D(dW$i%1^zmOjP!ixA8)?C7L*L+RiMD>y*RH}FXA{b_Um#7!;!`4OQ zrILJ8q7xrw*)BfoAA5#zzJ)f?j*AUgN$wy`Z*b|&=uXrX8bhHF^EC4g zWGDc`;x0;|#_boIXcRha^Yn&BzPUqgpm12BM&hkiQ>5T9;NAG?P+nwlm9#1=zCI)_ zpip6UGp)}pNiLLFq_L3~%EG7QWcIxH1WV;K!x193f8=Vqg|Ll%ikH|o7yU`O$U1hj zlgppj0`%{nf=;JK+w`@vHFsZxBf7#zA=Hm1CZaVl5v?dNaF%@N>FWyG-droBnC#zl z@H*O znA9Wlq5tSlt}~vds8s1cJj%PLT&bSL&g9l4oW@P{Zo+hSCKpJgmw8{nbaEzln@H2V z4`LcQle;PIV9t+e+N1%$S~v>C+{w5|}E|)7Z(}j^WU?(%Gxozg+Zu;YMz# za3goRa3ja=>XE0vr?4> z+jL@Z@II%1agNm+aR<>;(jHGUl<16JG^mr}h+t3?}la}HkiJXt@#1Atv#WQKW({tu2mbl$!V z_TPJRg(sU!1!d=Nwb!tybvhsxtQ1{%_`cffYlHTvd_@RsBo0%pbi_DC37jEwESU3x z%u$s(9y5G)TQk zs&3yWQ|;~5vQfD?N|g(Z%FXZ5ocY@dJzemS zz&P3dw!unODN+|OL(RoovE7+wL{EJw_){UD+gjxz(`qwNip7JpBn_on!}mEPZszuV~j+4y@Zy+0U# zPowu0#|-f%{jJvd1GQidxgDm9D)MS~DE!1HM_~>&bdga3j5nN+&CU%lVxvo}dI={GKA0{TP0?%B?n--`Vz}TnY5x_f)xgGU45KTbhX@ zUPWfJ)I393_8SfjDQ?S_?K?&-^Y7p5KYW2w^%+I3DpLYmj~SXcNeR>*Gc<7`?8IY+ zCc^taj~SW>P0)`Snh5pXcFfR3z%bYIdz!=%m+-q?e$UD8>9YP3Jij)f%cSiQ$1$O} zy{s=kbyTX}LW;rf)Slw*l;hjIS>sG(CZu3sNDbP7KD@livkW+;Jojv6|3 zi4u4nFFbBTh4<%=8oC4B`@f@x?m$idIBMt)H2?Oa$=&%ozh}tdx|H8L$oeYyJyQMHTk>Q*+-8_8n2b=HVX|O*E^aeS7L3tNZOM~$1;6LW?eC_RbVQ{-yia?!O=#!Y z;~rzkhxTDO-y$O@w15gkO3$5|c3f_wMM9%sRiJF$kNPMk}^!yza{%BKyr&;l&6I|d-BFIA% z=yGLv`~oL&zY7fI?O{QRIZUHJl0tcZ7(3uHqkKA8Z-`v5!rMn*ZqBll1i5A55 zDLAAsUc#8$)RysB@k3+@zGOHIl2Z&P{Fd@*y(Guv$x zD5S%xXSJ*PMN>Qe_4xWD&k=!jtYBW}B(*M0Z&Z4l5<{hxeBc@A3fi83P$-SFyW}#* z5E=>`t#2qm{dl`m$6!9Nr@w@A6X&1Qy0oAe5Ont&o_~#<%EjxC+%Ma4TKje+?Jr|{ zFji0Z`yR& zD}Jrn(<}0!Rc-*%n5si_xzXcCDl4k3$890hnp*iUij;6nGao~5zypprgBJ~_tA+32 zWO4?xVNsUio*qPN@?qAd4|jk6XiU`|BrR#eBl2piF+Qul!>NBlgO9*NV3;_*9y|M@ zFFw7!H{bpb_(7@ah8m6~-zm#;DDQhse**{26)H7f5E?NIc-N%$H_kU^Xn|+c1)`Y_ne8PwqvQQ6Qy1?mU;?HDWcT82clM`+TDtQ2?N9U#?rJ( z+62xZje)hL0u?+>VtdpWK=F)YdwDQ~2T3?KE*7K34eO;ZEIFDnF`k;7hGvv^I`+n5 zh{0@6h0u`XJ&LlVmC}{PJs}KNGzmzAb2-7s2|2O6(>dW5PRNht<#EE5oKO(UvvPu) z6Z*&UemkEM#&E*$Sl)h47{m!9V|hC`p*ts(#`5YoA)OPnSl%m~(0Ui%wH%7&J$gQw z>xoqqX$E3l;vFU6i?3)GFL%Q}i7##?;6O4Txd1qROECV=UHFYRc$a3!@)__%D1>el|mvswg+ryObK4R$Q{@TncH2#M}0&t?18skyoD~uEi_F!H3;SXbQ-HE z+TW#X5Y!7Vm3rYMZP!Sa*>l0(KBgpjyY)bMurw#A<-3A*B6e|O3Qq}e-h|)WN|Nta zoUumN=!N!q?`pv-0dPsa7AnJ7ehd0z{O6#EDf-LU6Y7;lZXz8vCO&)odAz@9=Mw~L zL$#uk4=LQi_je}+Yx9rg%ZwsTPu1X<(?SbNyPv9hiGQS z*b{3#HYNoykotAlXuzU$Gj&Gg$d~qfS?BEyd<7XkcF{^!H$&M4fcJfT$!OgUv~ivA z&wsqW99B0DuSkL&VYLQ!dd@{Voii&(QN;t5>Qtz>KpGwBS{C6wrQ)>tM@eh?M`+EFxm=)G+kHTe~<)OSBW~%g5evmwZcj z(es}Rf<3;A2Q&yrF2hsA`#;~9(WAVdX(8)qpwgnNPH_Kok>S<{m<}gRaaQ=TjMR9j zWV`~oQtG26$2T*^)phBcTGS%5cMb=8as_YALGA_9-1;Bhfj9#sq&n=>cg6CSkLD0! znHD6qeWL*#m?>n?%{h%J6l~F{FSa}V=b1bOY7M&9VHaazM`o%iat#`Oq?loCyl1BC zZoW|pxeLO1bF=XT&4gX`s-Y@w*<8*kRo_PNr z-_K6GuOE;M|Bu1R@Bi2SeS~;-1-%6>q}zkGRc{qiWoYzq-XZPzcxHV0VI*#Dnpih4X54I7r}8mnMCS}rhgQ^cl@XRKL1 z8t|)8CKObQfKuW;i=V$Fha(f=V(>Rxc7)3@1OwhX1^w9FwN@oiNpg?*c0$Bc?Lh0V z&EZu4mK>eH%7gwRv_5Rviweb6AS|u^>9ixz0rQgCG$$9p7TpxS^CNrIJBNH*;gB`-xT}ah-7D%Okhg8^dfKiHpb_kYD zCNY{8)N-`ZTK>GxvBV!2P>FIbfvyqDQn65Ro&V5nS$MR_{1WT)|)KQM@xcoGUXYbr86$A+n)avZ2a- z4N=Q$&|P(9S2WOu0&XZ^+No6UEQc9X{mnKvz^6siuA zQf`yfO~y4e2T)5Z(T&A>$d)LD3Eo)VStEv+4(`&r?a?}1(Hfl4pBRwau+dxbK3gm4 z@gWRutX?bG;{7!`t6Zt}D1#mP0d;#=ZD}-nQ_+R0=K|ts|BoUb-&M3-MjfRqGTQqYaj-*@OgslIQ`uj1!PZvq3? zMQ7q)0)K5{wh1%6ZrLu68lU@n>!asjU3KO514U2=pfD=l2Pk$bJ;I3}gM*>Ioa28Z z0Tk_AymckaA%2%r5X)`NN3Z9&+~(Miix=ex#5kZHnl?q|omig->0N=N^6-8h{S0Qh zp{?u8ZroBmWeB!TyqZP=Mrtb_VnS4eMDJh6v!&2paeB`^*M*$zM?~#~TFG@=^-Bk6 z{DAmFanLukjFxYgW~ZMZqPif5S5UQBK-;A~0JF@mLMpDIpIv}pn*voL7K<~80<|mc z&L%TUUjg|zG}gaW{Tp$jV{AI)*56ZGR-p5a0wwTo3jIm7kiYrzl{W(06?Dus!~k=n ziSD8B9VMyK;MS$@SE?f9szRFi!WOUz2 zOj1kpfY1{&2~ABq=>u|vVW3MaePeVaT+?lAOl;e>ZEIqi6Wi9rNym0F;l#E(nAo-_ zn&9^Hz4u4|I90u?cI`TiwYtwKtM)86KU-20KC@&<59Td_H4bp8JU`I&{S$QJe~^#c zeHzp~sIKVxco8E4iMg?eHh`_eTOt%z!cp!W*mEvXPT+~$yBH-4#wl2ppvw~QkWll% zzi_BgCF3&e1$(lcB15EdIzF22kl)DU)fOb^ShHd4+u%G0>*m22b*H zCyIius&vVXt3Ose7)!-k?*0!5mNWz-*6GhNr)wF`@L{=8|#Cn=Z_mpl_= z3TTUxwLoWlGY)n4`;oZe&rLT^`l*E{e6O=DOiMSZZk!UvVjM)qCY&%P8)k~dzA`Qe z1_|9(f~~e*Ln)hTs2l+TI85u?;)(V(PhVw@NgPiVdqK zG#=fnPoX-^4`zk3V(F`@$a^Io*mPtUW4-8mOev18RnrL(9oSo8h)4H4HQFi@&Y8z^ zeh)Eo-gTy3{4Wz1Ni65;~{Ojx#S4ztn|wRg4t5SE$0KIM+y zUqJ)6MmSo5`mp21rr&~8;fPkxmxHvc^F`0=3W%bc`%#4B^_6nlwTZKjm3qB;%pz>#YnH>7D3`p^HF zicbvxHlJcgLPp~s*RBYpN1GvGUdW#e`R*Ugy9rVd#!!&O=g*CL+}MiMa@xPYWt799f_Ia|fK`6$r9_Fljkhek< zmn+7wD>pX%R^Zs6I~fw{{KLA$k7AQQjJo)HF~?h8s5z9U%G{xMTSJgR?KNK zfk8KhZJKhkjsUFE?2mHASuc$xn@!`z*j-k4ETzc#Wgw3_UHpqI?j|6d$;8Rqbwn3M zgY8v{FxQwUn6ci!jcJs#Sbs>iVH3LUo~YDx-S%-=EE602D=kEU(S|Csl>SG~QEZ9w z-y4o0GM-|C9Xum`Mgxm58{&oHfV;9xgC9P?7&VsBx%?m}$FM&?WUHR08o&@$VDlZn_^N0*&RLF( zZht8C5k`_9(iRp)d&bk?LBUY$8W>}K9;oLw%!rBj#(F{pra_I!FZofi__A8WrBydh zAj;D6|N~RD@Y6aDW#An zCbKH%RBD2gPO*>azUowY?NM1Tc-pQO@v2XL?w0+teMY7*_EYZ?a_(prG-1%o<;Nzf zLUU1!%0iMbVZaGBG`ab!nVt(I;B!qc8L z?BV9F5*9SupfX|Z3*s`B@rRcM+n*L-_C2Y#o6@F$d%Vm`ohdiBg8rIF(wJ4?P{8tN zG-ZuyXzuhcEH|8OhTyYruPXGC^t>2_%k?)Q*<3d*+XO;@K%-xx_>ODKgU%6*1Tt}B zvG zeGJNXB>%`2=68U9Wl_Wo_^zko-i=IQw%txs&^Xi?eHI9N9QS#Gg#w35VCp24eUWCA;K*LqMPNY5Zxc{+p~hW>e=LD3YRV zPjcl2)0&L(u@(EcNtC1}ymJn0b*-e%hOm585)|JviUPK!p2!pH-&nGTZ;A%hjJSoo zl=e<>%)Y42!5!et@t)y0-pcHxyPRiSc2i|)=t8t^NLQ5S~8Q>_e$uCwHT$WC$A=~^6Z=5i}eBv<) znV=<(u(dH_r~rMMlQN)$XFA!%opq6lAr4km?^ylJN^He|d#~!F^$~O9x-1lkGifaG z^s%fNVU(!F90IIlk0OB!meGSpNwrVmNjw^8spXcCK*58qd8BP8Vlo+R{<*Z@EiVdvV082!b_nd6KUt=bL(v@$_z0RrS zKjHjueT)j@EXV72PqSe~7j!6XNq93X!%`G0qZbFND0qSG)QEwy!T77^=}Zb?^)c5C z;;D@a`jp7e(Q*iss#$m)8<-^7)WdSCWde#ZKLFP46=Y_Ib|J9L1DUod)xDxSk`T33 zN8{*93=sLU&`2ni4qLelwV1D)O|j=MK%Hzw+d zdPC7A#JmiTz15&uxI7W-H zz2HipjCSx^JO(%M$P1>ZAbYygzdKt_$7#JMJCX&Mr0KB@m9Z$xA?aNt9kb?g{Vg$4 zSE3P*elj1|&9EgxuUG^kxhSt2aLrb_gokWzxaTP3xK_i*wqdFD>suvNQ=nT>N-!T!wBfy#)r#Vw4O8yS+-?9%IK3%J=&9?gimx0WlTBVGd{NwOV6%_VsSUJM8nXXHF8#TnnUc7*h$ABS7TgCe`111S5c;Mdb%9 z&Y+;N1IxBVoAaI;bLZu$jF(`Mhx^##OX*#r^=!-URef1q$tbZ`m%}*56jim5sgC}) zQiv0?5Vr_!_U-H>0xD9yDyPjQtjagMBW<8*p`x;MeJ%v8iMjdtjCQ_0| zjY^@6V|r+ObJ{iP`BUQbmsV&@w}#N0&^ zK)?#cxDD(VVDS~mE#|6a?N~f;hbF;nskUa!U1fdq&TvVWtx4%+C?MGZq>hl(?j>sz z*Gj^gp==Qf89TC<_|2cfJ)#X7KU%bhrn(uF(45R&{~2!zpPZ7NXD%|)nN@!OUi z!~5j9-wXFK_s*TPhx+U}xy#WN<~Dv@pcXDM9u2gxs9n@3n$cr_YE|6%~j|HEbX5^Bu~ZP%)S-WDsxZ< zov9n~!8ub*&A=AA%zi2Cy?JA!cW1&HY)6N z!>`I`SZK#&^Y6J;ee9bQZe#cTI~gSk)rNU2#Z^|!X=76$*A7>u{1}$Q?edQi^I^W) z{wegOvJja=5C22oii2?VcMifY%-sS)>&0+&m>kvx8T2l>k3Z$`*>X$A2Rra?cXNvG z9C&t*BMb!%(L{vG*(Kcb0U?a-i8*RCH}cuqq{v~%!ME*(rGo<<0bsGdH|47yN({Xj zT%2|NAFje8f6uy$5gQ}G?dgj$8H1VehkH}*F2v(g10unZfHa%_%u&>=R<*0dF( zECYSdPid~pCRi#6iI374h^FNCc3fU`z`k5t%A3?-=t|C(ADcdvEb(*fUM4W~#+o{A zovGh*kg#6&Ju>DMB|`X=0{P}?(GQ%bd?ID|=5DjHto2`z(kxzos z*T9ZHrS=#;5-a0CAC=0ru8&|x9Pr0q56%wOR6acybX9zu6ZvqQotW<=O`PJyKC_5E%D(f2*jsl<9|t*rndx?6Sh=PUP)FS zKX7?BApQ0Dvki;*TwDU`&io=ittq?h$&=ml=Nky`Id*?qnJy6A3n zmTY_Fhd_X5>Xg4sFF}Owm;t2O_TPCi?;zL$-1_^51Z^4msqOfU^KMEeM`BY5=lZV0 zp4ZdBvB??fqlZYuQdc0&;S4&om+2$cKA%G3Z2!S##fbzFWL2W0=1hi5R8hN**T3sg zQT4JhCEvEE)ZVJaZyFZZMR(&zr%c_);u%x9&xoLbp$;pu4lCcsl{e=$oO&V|b2G%C z;d7`Z0Ga;QFpH$~(tIoa0LykG!`h) zkSlLJWVoffIg3xak&U=X1$I?^N}y;N!$BhF@B4m~FL1052V~udavN~q%q-)dwwtWj z>=!NEQKoD1gMyatm*c8Z;Pn)5wpmNF#_**#lq;x5@*Y3yPyY>cp)HiBXBigNOn)ag zd>CUld^5TkQx4M4uuflmSJRBysNrQTzLUArLr0;sDheE}yA0y~5+%`S2gWcz&(By( zvS8VPT}HRlv2HS|S(uap)F>_9c-=h6ABrT86=!pE#tqWO{o^@SsMzf#spG8~Mla!! zt6n=$9m5yX&k6fsdgk3^b!;y6WKsQEz0HF}ehQUGVCQHRGEX-wR@-x_YNkjg)<%DuPsg-K_49YcA7M2 zDgl=h+^#6DXd0~xEy4~pjEY%> zaoRP<^ht}Ij8SAmgMe&ceHWB4Y6+dN(RnVFXpP^H-;u6B!UZ4!dSxNB!j zDiNy9M%&r#;!cW_cqJwv3sk`6#1P{^YmxB-D#G)pi8X)YL=>yL5^JWkK?t*=u;C8< zG;xN_W)kx%!>9}`JRRveKX@vPg$jrfbNj{_RmyWE=0kTE`O;NY$x*D$Jv*1c5gf*bs*vC+m+r75bn* zLc@%x!Y4Ar`TF_+nbDWV3JuX(7(zX5P}j9Wm92sPP%|<>NZTvX2dYz1n5)RbEm@ix zAsZfed<6>NHQYLp*h(Ah6|#y}Bj@_Ym6%Fu;T)R{D%4d-q1Kg{pDd6HDYloE zNC@rmPVP$7Paar>6ssmo*z--(8FgJD^vN2y4Yy7p=In^Nt{+OQLsFXlWKVT8MJ6afu1km(Qc4G_0JqyZ% zgLX959Z3ebbtM+102GH|k_MXb|Jn${Rse?4LHSaL=EoGyfw*ae_Kp==lb!0q`KtH< zn<-BZkoY0QWRj{~{eWob?%-kh35C`ar+==*<}wO#SWo%jVtqTbW}gaAWPuPcLO5b` zQow!CN**Y}2*r;sCPQx1_Ebngb=rlb7g|UKXXk{fM=nNU2~>mQM-Zc^_be=-tc((4 zBd#>(oB(cwC1w;V!w`iPn$zyf`2pF`TX4b>rGSm$#voUEVIKeZJjy;vao%?UoGJ7$IAj!4wyr^ z$)-Q+j1v&~zQ`KwFcw;qn62FUOTa4-eh)t>jBZNJ9!qV=8c<;{1PjoFWaqXd`m;`` zHk7ULYmd1e{57vh+0Ic$ZD>j3S5c_FD0gLTv)+c>67X)xzQGN7oGAUMx;0MOYEk9OKLzh^_kh+hj!bk#ZCAeEt7pIk5WyxirYK1k?UKG2gwnlG5>iSya*T66r z>4{dxuVqgxE>6o_S7d_d#r#+#U0t45ZsVnIynpep5Al;!7%u9UJu$e_@_dm?Ko#sv zDr?wx#o?bb{8*53t{rogHd)p0IT1%1y*J-^OMvJ~G*E>4UZAuPVF zrcb*oyy8e}P~&7kbp}ttRJMLdA+LZ)Wr9fIWFl+Y!$#x3f!13cFcz6pFjcLPQpo=t zK&@joYp)>3G35SUM?`7o{RkovY%hA;=@6|a@O{Z;1SEZey=Z=yL#3X8{gRqK@rG~K@q+zDVEloC6T=fe37R*U@#HV^6Hio zzj3vLBD&UtTY~;ATiI$IhtHqui;P_lE(K?KQr&tYdp!z@u!M#vj75cLN%3dhO$wPo zxhIm!01|<4QhsSYxfo^)R0T*%KFKxO*58s#Nv`Kygw(=;^szLP(lxCmhgeCkY4(+S z_^Nhl+|qSKOm^RW&$$?P@l~_bxV7tuDC}_k&bi`2>rpk&d_4i}C7>1m5q=<-8Zzx0 zt$=Zzkjj!O=oz&K_^RaU+SSYXbKFHhev5}H2=t=X4%AbbT4jBFx)3huL_Xn!v!M;1=#IVGYPr5rt3lc*Uyenm} zZyFrSX=YwE8ZO>WEW_m}TGdWW!}igcL;mkc4-J(QXRK1B@8)P=Qn37F*mx}=4|rnLGHlcUTJXw}lK>>8kt^WmJU=yxP#>TeL-1Si>U-C;`F&p9nG4cs3(A&d)dpvcXl{a7=nL{_3+k3-#Rhw5Sbn+r zP^lTI*_Yy)PEJe-boeV5`=e~otAD8&3Fl3DDW=_2F3X|~&gO%VD)c*aYQ3p?6wq+b z`Q6>KM*=jHUfTAhFDCzkIu-lZ>rq6&<|+S&J)xRBsp3+1Z)hHy__q@_=_Qv2x_(f0 zVBr6%^s!u&6u;NW|0i+|?T!veXDt!`FF^vSIdr1HPv=WQC4_m^g zL;0UpBD`vW4IrJt|EDvmTp9^TSGE3GW>AlC=tVfy0xLmUf&WjdD5^)$r0f08B9E1h?A9hYYO+=wC`SL3*HPg%W6)onT zVhMlZ-Ru8$Rgh=#`8nj9`eP}2fZBHD@ zP*48Uw5MF$`CpUdiv45sD0Dyb@<3wEY6fZ+ztgr#v%mi@uMExPPi=e3E|H_dqdbE^ z#o~8dkn`XF>iwydMpCmZs~u!rk@{R;I z_*rp{u5?P-MV!F?%`^A+{>H%FzSSvZlW+pFPcw1mz%_c*Sp`t=1Pjp*5Sy@e&-{|L z9^C-@EgQN8ifU<`Jn-HMekl%L&W5`^rQ>eGy$;5$8v56iwcG#KxP{XiSO)n3N(CD3 zc7u)un}!3}KXRqufMFBw1f%4c?qA@S$na0(VS9!?5rd5N;120fh#)@EI)|(@_F!Gg zp@tx?7l!l6c-oNPtDpoj2X5`UiZLF_U>cmz8KVYnKRb&#nhRhWj5VNfw->>1jns7x z*)wgyHmC>iagoY&uzaQ!@%!^rOuo!myPfJ!2L(&O9U7q?SaG-MblfeMfnc7=P;Q_i z33U!RU~Rw%s0Wm-S-XkqPe4K)+_JY7!@60+H2kAn6~RSvc3|*j$FKtHQVX2{rOc>19qG;hpC%g^1*PoKezeM% z1Y1@JJz~Q(YS6}HJ+S~2u)#7B(S=8HR%3W$4YL5-U>?ZEMfxSrfB-;c4;G>sAU0?1 zMy)%Yx=aLj06=vm4BRd>7e{yCL#|q)J0OJZ%~(l^SQ#OiP*ARt!VFzZ#V!J5*n%zP zSQ*0hh%86&reksYfg402A1o35x8zO5B5s5*4GHMA*#oz~8_mEtuwfdaC|9?TB6VW1 zAOS(F!CUkL#~`)@+DK;H17O-@1DY^HQv-m)Z@q| z98{|#pp?#7*6dr3U<}D7LwHCxEA+Ew_v>KGa-n6Qo)l}vo6xU=VRIoid{{vYovC0>&*DngD8N zPc^Nn_%hhCap+$w*6!kJ+>ys>@M*>Yy@}jFgl!3}c&nx*utbTMpqYQya7vrX#gn8v!uFO3|EOoZ>=#`_k{prVZTeyY zQcCz=r;nf@AHTF}v!z%-y-DzycxTfO=pE)lbazt>yay)VDjtaTd8fY?9#i`=eMLav z0b?oLIVn*Irz<fvBVQP+`)*n{XRo~T*x4n;P$T{L#Xy}^B@^vZLo8{P2*b5S^KNT$KOCMwb374PqGM+Nq>R-SCZtlboW=Ggs!TvAF3eS=`#@biXii|En?fB2# zbexox@d9kg^u6~nZL+RpwNaXnv|w|^_@#`VK^g#Ujx%O@QBEw5J*Z`T`WF;}K$!b4 zS~owzW;Kf^npXPBcNM`0zGS{&&T`s^5bt9{ayL>s3AJO#yJ>yNW6}k;;_0aafQIC; ziMna=^uqzbI&PY*G*1!`aX0Os%$J7wlXek%&Vj@2n00}!c)CH?Dv*vnDz)>QrBj^s za@@4p0#xyI<^ez@W|~88B8vSc#=8C+z&iO8#nN{l5QGDukmZVEXGyf~lsaB3^^gFR z>;s0Rj`>PeB>+MPfIO+=j#35*K)JUSVpkFgPs)-B?E^#V^d=L#g6vQPJHY|q3ky&p z>l49V5N9n+&n}Z{gkZUiHD^H0K9)2IZ{d4v9(h8oNT{GkndMDIHQPV@Aj<}Yk(c&8 zGUg<;9+o<>aJVSzyZkvp)@lxVmnpfu70{3WH&p`)3#A!yb}w}lB}c{wTlmtLur_Bye0gY77@X`jHmoi3Px-g=$0Qs{z=G}c{YjkewFfeSvaEHc(eg0 zA!|H{ttQ9_VLjTLRGojKjywE+DY8GwB0C)4_FUr0Ujk2nK`Zahnd+N))gFi3+TSok zeMvjTTMktG_9pDBHo@>{Gi=o-n7a+=oITE1?)o+B6)==N@ajdYd>bM8(ZA0+wcbSH zaB-4xk5<>V*FeTjofobJJejwf*h>trguEkM>aC1n_Hqy*@6b^LiAie+aTV{z%-oGc z8gM$z;a zukY|(iDZEewHz5v-l#lbiv6X3`4IN~qRQZj-T8PVjyXa;e0~**NPWG27mn+jm*0_% zXmRb)JyS6vX_@o_;z%|{q0u3{t0JaUqEYmmgBLT^=!S4g$P#s>YQ4`vC|5CCzM(9$ z&o@@WXE2M}k1Mr@o2$=(J*&XC@xv!p2}5qyp*ty~6Ji9z@K%H~D21Bq0l`*e29Ib4 z*mP}z&6RG8YESZl%@O9o+9U=Yz?lsP0V%s#qn!O$3K%Y33-K2fZL z;rP4tnJyfuyII6s{Z;5r7U+bjrfSQn-EL9N9xpv{^p?|>Iv9RRZ{vnfgg1rEW#01#aljzhtg)l_Fpi40MwXd?|&u$$aM3ci2!6O?fcJ^OUZi- z5&tsBcvr9nH-;4QpADq@F>*YJ?SINSg#KshkaL-4!v!H1L415zLCJNJpvL^e|MO|5 zq9y7gfN0<}Zh)wD{pbBpHawL7sP%$^iS4`O+k=mCa3s%N%98Jdyq3lIA1i{+PqX%s zCeJCxj*kh(zxiBe6>T>ITgl#1jp74;19)VuWYhZ96>?X9YNkdtcB>RnS41bn2Fd*T z{(Fq%#yqxsU})&4xvvQ&8`Ta%tj1|{SGde(nbTugxA*lM-Dc^YWEw;q+TgFqzSkZm z>fU3d?IGeJ&n66Wi|&>vgQ5l8x8yodm~b1+idFbhSS25rCO);Ybpv;YY1*4Wl*NmG z{7Rl7?=c_Z1y1r$*7)}7)r;?S(D@?ob!YjIxELI;lWHLdv9%q1_ms_P}s+2^#|kp8;e*xt1C*{szv_39pw{In0n zh>NTLrip)QR8K{XG_Z)68284R-1^FBAvPd}f|pg*b>_XtXV;ty9!dF)Rm$)B%B!*+ zIVZU`qPJ&hFrJd(m#~YTYf=@u+Qni|;=gE;EZSSe+JZT6?bfv?t~K58Jb{ziC#vTO zPp+fQ%3GK$PGjD%uxAO{TL*kmDpHJ{g61GQeN>t_QOtdWep)hYKr?sj(Y~7NKT$GC zKDvFQq~q5NBUIx3r(k6eCSFOTy!3*@_@s4PH_r4jpt>BP>Tx$qpS4~0~GY#*7=ft5ggOKM?Z?BfPE1cVdelE zPSa3{=|k0<0Ifu2AvI%uoc%3x;fU!OmNPO>KgMOf6@JIJ&v2S648)cV`^N983_!Z_ z=oH8=d%nqFRgR7qM2Cv+?%ZD(0TyyPwBa!q$@M5Vs|8l-Uka2&%YV1QW6jt#T8Jp7 zu%b_rBaKo}#n6)I`WIl=_clcvHy-DT=6Fl?1UOckdGv-~u$_5)W|zdTul6#ti(reU zKePJ+yGpz-d}C)=3kS;5dJxTxzGO)-7&5~9UL?ih<rP;z3j7<`d^vJlHmu|{v@Q$8 zdP(F!Q{)&0l&Db6ZAnAE4|3}euQTGeWx&s(jqz_R&0MLksY?o7@7gkN%g6itI<)r7`kd1oNY;8D<|gSTbwzwQKd+IBxIdOVTE{+iSAUkiLx@QSkQ|dL7 zPbn#<#Z3A3gXyO#SJ|E2AdiO6jo@R=dyuhejlxD|=X0_ri5KMUnn459){4=`NKBWX z+`qXF@E2J&?8ns~0zo(tSA?CO^_5#?H;8?YUu@6JyGok6yWZtW>zD`{Nup{%%(&kz z@(h(ss+Xb*%A|Wmg|#Y}Qtnb{=*0BE6e!#=(waihn4_1`zY#2qv{{%odaATiWw8v< z#_(uN#bv0c?{j=!)Jp5sU41vt|9blhI61to|Kj;?}FtyqI_Dz zn7U$Ni}y-E!ExYWlWN8Uo8SxJeU$5=lHLy~W1AbaKp-&>hi=%4ehzWu6%AA8AsKeZ zfQ|4eq*a@IRjVRPYDr0B^0)taqRj87Kpv1_)Kq$`HvB@f9HOE-Rd|w;HWo_ZJ0eUY z)(%QS{L`o4EWSno=qo>WKPBeuzTq7-ul4G^6}TCrCKDmv#?1_`^;*Tr40j_ABxQ!j zJHO5QAvZ1%RWU+EmP3fWpOQp@VvL^|KJEO{-Ci0;>*8U6-qf=|DeJ2O1q z&O68e{l0V$^&n-u;G6*jw~Z`_RuC^|zf4pR|6~(nVTRWoxmEfhcc>O9Zh+1nyvJ~m zlC*+oJxWEUk8_QY8BS=>{?W5aX|X(*+)jBoHTd_39Ok>dmjODTNT2|SRn2W5h{+*} z2zqAtrMkDA!2)h96DYT$>Pt2V;5Rq|%6cBo5~Cn~P3?c}m*;_ZfARUgO=ZyD<;JEZ zL;ilT(nyw7J~r|wZTvYfLztUxd#xSTTyeVH3AmPCe%-3ewWsYa+2JJW>s|OBmu$)N zqh8EEdv9W&jK5dK?9U6Qp@nK--qXx$9j!`1XcVu8p_gTBlQ}iwYsF|;H;%lMguE`8 z;O#sr?vYUf-OQkidkl}sSo2d7t%%l4l^QEVcy8M=Mn^H@S&YmbRa7)S!iTkliu6a1 za_>@&c!%@jlG^3Id^{8T*)8GIIOvH;`T=PW=`@(;{*+!9mk`kNv$!dUS>Dg|j(|2M;^oW_ z%e5x4#gQDjo66#&SE;Bl`d5nOa~{G1ZYJ%GJ4f#lrRdm4la305Q}7 zpxdqEeo}l*U4Rs};JjR&6TU*7)3#^N`uXQgrIt1Jt@hT^muKdi)LNbIhG)!P#BiNy z*vf};n2x8@?ePuJuUp`}(GSXeC3aEO9<=;}vM7?2F zMzHO3jqOT1x49m9Ip3ca+xj3?obYGfsK@j_ZsM!6E$6Vw3))6Ta0ZSj{X zn=Pz%lrD?fhvm*{K(;;js1^pjSszwGMTHOEa&C;}Ct<1}{M5~DlnDZ<*F3&y%g#lZ z2Tu#6xLX|l$|llCh7{)cHUCt;5epxlOr^hV4v_o)kL7hzy-xwE7XImhwal)>wL==J z$%b!KoF)gl#Z`@)_Luzk`a@Lwo!V-OG&^cF1~OXL*kL2m*w}=!c>9=B2p+R*s;2>v z(yb_>fu=IBB+=C!OH-{x9>OJmd^qG)ORxs-^IVi$6vj$EmnJB{W26oGVpB|7rsgO( z`MP&H>k)BMF$>|V1Enjref5eHq6!Kly~fgT@vmq4XJ-9^;m+mZpQ zIH|9K>N2&BH7w=3uNc0;WxUU6Sn;k@=}gCle%m`qT)uQ@3{iOao(r&$=g30*-#rB-pcT0QSQ&i8xQK---^#-Rk!Aj!hKQt>5S*kDC40WutIC&Cc<HreB07acNc(}sO2 z+c`~qUd)E=IbCVKGs3s$NCM+Iu+A@wL$g*9prnX0t-vyKS}TO_Te#J@RcXU=1ZEYp z6vk1bH{|mB(AFpc8095lt~PtMaf-bRd@xXS_E=vO95((*+{8(xLl_H@An)gTKp1mt zhgZ3jZ`13jH)PZo>vpii_dsr(6-L4A%GA;EV5i#?ibpfeqx=99Nmf#wFs1!9X_p%v zOUbEQ8&UR-cT>f+XB?^BT9rjG#%BPN;tD6)JSg-g35|}I&{55XADuhct27C z717@C-ih8Nn_ifL<}(8pjh0~;SkWR0Ir>n1ijs@luhk{Uo9~bx2|c%so@SDpxZ^Gu z0;fLQIj42hdUvZsO2bzd&9dzgDdz`Rb(ESq^P?zxZkes4pl|y<#rJFvb6-B-R^`^K z@=zOiM@ppghxqY&(`Q4RuNIVPuLKEu#r<{^S`Fh{ugb&2(tsow+pW;4S_xe9|Qw^oZxxTs5mFFdmlt2Qw?L$AKVdN zbV3OO2xvsJOZi)7{s6L$z>RvP=#&e@d!C)him35BK5yBUu6n)vfcSB$V7-3CAocow zil^O!L)ANQ3dZon-U$w~Je41S4{I|Bo*y-Q!C#I{rgc z8JF-g%S`WYweRv)O24w?S?%~~CUz_qCPF|H4PJ-|3XpZk)X}dQ{G%bNu23M$Bolww zHDWNoc2d#g5#gi_D?jfmr|zAxTxXZWM&OY49R-q~N1*hEJgktSjhzwxpBP)-N85U8 zzUCP7Zpra9%6S6VkUSR3k7;7=3Iic}QLIK75%T0@`@~ZMA8;_CuuLIx9SUsi*)JtV z=Y-!Z_XqY@5o3mQC}*$+JJERjKo=MR7fm*%FRyz1VdTEMd>makJ!=wy6=^feSO~02 zxn+2*H-;ZMLT>o!9T~HjmPTw?Uj!E&@@YjhV4uKeykaO-%kPpMz6|9LUrL?EUi$** zls%1-NR&Qps)UPIjOEK5n6H~UX@9+nkw1O$)DuL&_oVLN|52oQ|70K7O6InxRJ$e0 z{zVO( z2rc#-Vp(uQW%4oX82DCdRI$L4d31!83Kf57S!Ykx^}OpiZPb z*LH0N8l%%YOPLk*J5m3U;c;l-f4W?jJ=aT1o7+gp zt9O5q$CoVlgb}rYDClVzz-F|yAiI;#Cfh^sR?*m5Y+S9g6VYxoahT=IQ3(R~EOx=U zY3;Y!M}SsXSmVkmf^L}Q_8&FuxR&yeCn@Q=qn!S^Q=Qb(&x7PtSp%WWk}Hj|WIx9Z znIc30SknkJw7GEF{Me&%AH8hJ`&4<+>dd}uWn-p+nKOjcO)kDS{CuO56~XR-5uwz% zUM1OCw_JCsc98Dfuu1);()L;lZ)PggN1qq{25%d^8j{i7u=wg2mN5JWTn+I=$+Rbd zLCd%?5k!M$3w+}bFctx{Rbp?lHi@+IrwMAR)zS;o zVxrA<`haCA)pcqm*2J17iva+PjBz2^1hYO8!Bx|iXmSb5w=Gn>YL8iP&oi)l2ND#K z8c9W>D-BosQz_Zef2hG+`g^~+pLvi>ym(y+7+2a;J7jqo%5NV!7=vv*)!nsJzM>{( zM*AztDMUm`f0hQi7|Hxp`vTCPnr5QVmE-6ViJry{sDs7`VFW0ko&S01h=fe==2dc1 zRg7cxdMbt)->6(jy;+dqJ#;E`*0KB3FHH+`>J<=f%Cc8F9=8d3q62*~a4+o%Wl;M& zpU5#!3I|HwnXwpQ$1@Tm+w7GhtdI-Ox85z)N^R}r4I%rm8F!g^CxZ6_6@uL>_Af4t zxzr#@!{?D+|0@UO_6s*kZ!j03Pth(z715&kCtP6($Inv{e7Ea&Mw9nyDC0XZFSq^o zhu{;#W6psceeat6 z3RJ4KH%pYFhHQe_4M(d5>U@OqA^9eMAHvTPfk#W$-w~|b{P>p$)Ymbzd zLS%ykm92`n#_vJ;Rqv({k%*Rlme{j|gm`ej=qDZ|57X=+o_qTAa{HoL}RFqYbXp{MPy+05-^vcWwh|Gsr%)Mn`uKBD2u}o@X$>2t`%Ki1^h*y?phWS_z3E0&Arw73K2LqW^O=Z~hsdgHR*)djJlp%@6cSBW5m$H(A}sR9=NX^+WtIdeF$j6qQ;jwfTtm3_Gt~3a=^E zK&;V5^ftq?NO0`eljqxOaiPg~YDk0MrFYjnCf|CiHqS5awe?@#$IZVdcXi-&=3Nc= z6;uQ`C5&o*MY@azoQcv}uK6!wTt(EqS0kz46*&Bs`y&|^G&{1V5{2nPD&hlnXNtHx zl)J9dcrL2jGKk7g=P8K zf*}F30Tjl(JzC>liYrY=-BD>ph2>ry5D0W|oikC>W}9V#z_{5`T%Te5-f&``-3?rKT{MeK99*=cM2iN;HGVm2p`2yCf>>xInphwOX5W2#>2v;kdf`MBH%|d0IWLhG1``QrLFO&FXjo`V(f43+l6a^@s)j1YLAe zXA!7PPP1dkX>CfgW2bbQI;9qp*e!+D!l;T$olNU|zN%0RUFALHXK>04&;JMZg|oegqz3Hh|s8WVZ)*4TR5WT>qymK`^I~`f4J_SJw@xTLZqO&i@s?wGZpO$ zo6}HZx@cL1V6zm>KJi|f0qC`lpq3t|D%M=n(gCUGGj+Oc7W!80kPd__xflXFra|u& z$e!a4!~I3mQ-w?&+gz~jh~F4YE{2@phu{w(4uq)P0IyYmF(7|3yG1C?_lZxHwbbw{ zzJ)CZ$cW!kBW}~3DTn>dG2F9a4`~B9Liu&J3WfcbY%i?jAAO6oto(MLVf(%eQlr(? zx*K@lJ@sNrCBKEU_==wr%9?BDp9fF1R#bFV0=BJM^$z~|z=BsrX#jMaBTbT4*f|u? ztLsdApMY&;Me!SYLUC|8cA0l%16$3jd7W3rtOHXu8tN`;4Z|8N8^or5M#d1*JNx={ zbkeaF?k7j~k9d{gozzNu2al-mxYk(c;XP05Vj$%9&Jgm>lhLy#inms^U=1?sQw_kz z5`>NWTM%#E7ADxZ9bTB;m1*q5Ncu$UJPMS+6&?MQ8p8!x9eLAY_JE~E^~5|kf$3@n zo4Ahij`yav#0|iE6-;`?fLO%(eKSDF^@@gvy>xIPp0Z09!!#IU^S;+Dp#O^ieSL@q z^B6JurhM}d>dxY(HU+`@L6$t}f+1{tNQZ@b!dkPzaPfmd^Xl$K8SO}Jw;kzE9Z6*! zNkNW+-;o5ZRA>s@YAPBH#v=^*=1{E$h}YNM?!o*cGGg3a=uZy)mp{0e?4G< zZN&U#ki0A+0I`{ZIb;X?OHoX(Q5Gb{fb7Km$@jtAOvXr2GX}Mp$elY>dbau)F@kA| z>E89Ze_GBa{SwKw@HLgyGk zo|LQ9xLXYTswNf}{k?aF=sCCN z${xir8^yxU1%90$7!>#kIGc|lQ^@pjt3nRjBG*zUKUklkixkmg7W6lA z89iQsj~CP9aVQlT1jV!90WiX+ds~%AI(^za7#F_!@oTEX9h@_f;$-@hW1gg zxPZ>1;u#!?DLcytqWn;YjuA$Bjp`W5@1bp5pa>>k1 z39i|jIM+GA)tV6(+-H}kq}fMLNndb>mQ*6jVwyNwOkXfY^er=!9KMnc*Ot%#z(HQW zYbe&lIR}X{PiR_{r$ULT>GONIs}rP>nLCz6Q|D(Pck9p00`AE3zsqTBzgUGn+WPv|FQEB*y$ zyV^z@DNXdP$12(8@U7phKEtSdA*#5}Ce#20LfLjK!MXHhlV);u*@tE5 z)*jt;1iky!zCyRF)kgrW+VfCqxE)irF@K9Kp$GhJFj>oP5`B}fy#^$Gr7Cn0K+mB) z0Dm;$DDIZ$7;)pcJ(=lt?q>)5pZ$~T zy+|I-Rrqg2?@uaby!z-#BEJId1DZ-^0JYv<6B`{SIC-57=!A1#M^~;=yD}Ot^yHap zS9Uo?=t?r{%8$^M?|^@HNDZNx)RjA-CqLM^Zyed*xwb@xbZQ@k?X3MLbnKGq7RG7& z22Y$z>Rnpnm3yM|5ZgH5mn!E3tpm2gGq9{bs2w=+2J3)>`wlu_&;G&ncI1MJsfZ?W z;`%Xvkg$crZn)0LuYo~R9^M+TdYX7k0D2H2nR`wA_HkM@KNe#|S<Jr2c&{#MujjnDi!Tq8yGY-FbC3#yH$Wdk?Yqt> zDE1V#8`v73GY|y;-{O7Uv1+wjDRenfWtSJL-3s!af#jqwHHiV)&j4g+X^ophZLeXs zmcbgIv2$&X?6d0PxLyr6GQ%1+cN4VLo&Zoc0(sPN2zA+sD%Agn*$S|Q_B#QKi*s-} zlgp%s;FDgI*Jkw~t$Unq(dWZ;P)z-NxzUx7r_MpqPjcCFSfY(YBRrfU8-%t_Mj`6xQgbyE9_e=(C_Y8P_FrULyeb-Mr`Kgx_1ICw% zbDC(pUH4>f|FhOhqc~asrBw9ovI=? zPwib5@7bcG%e5@FRNuo={i6i=di2 z@E%7;T8znqN}cA>M>hRFQ+t1y>Ze~qlLs0i?;VIT-=_%ebq5DIoCXIOns)MMNY8Ai z>!rhXUs2T@GOVFt7gsS1G>)J%X45eVP7EVu#G?-tUxiB{7sGpF=qJ3Yx%)l9+BfSNnE974^Vl!sv}FexOYO+2LP{QM%J5c`zF z+vNHr7L&&I6KxXXFza{?tBexmzp*v11FZ4@V3jO)(Hn;mt6TspKH4+{aH&7^q8~A7 zbktNg=>q^`61JW0(4g;@UW0=dc6tHnTgaR!m7q4o!=K}zMoL7d3p!wmBp}Dq5|If0i?Y+PQZl4{a2s;*?s|B+Y~eLK<#{j9;CZJeq- zdqv^Y^aV>g^vCv#vW?UTZ-EcfV+b*BoY24)Ad6ZnK3YORg~(Tz2zzC z&j1+sKh)vMvMI$2)>Yo0~skgk4M#y*%8QzrXhW*^?$Oik0;+IqHO z^{_j;K_umXjnw^Rz!E+O!(-sXEGGn9&p>}VE!Yc{0P#`Dw96RXifzi;J6`0@BFHo(sZXly6) z)_T#maxFbtfb(6m2{ZDRN_efd%Y_aZFG3d|z*$H=UooBUAw5nYTYl@Gp>yz-pB!EV ze%i&L{(Oe{uF{Q@Jr|(~AMXKvOt(pIm+uHUFSkoa=?W$^|9M7nTxiK|01Q(xBtwS` zWJ9RtzO%|!RTx12a^_n&L*UWi3`9$8HgQhW0x$bY)AEVf-+=@>1;FK1fov z=5nBSqNG0`^}n=p;yQ~L8x&X5TQ4# zkk-X9o9x4a7WsZW(RU|P#btCD)8|tavdt?nb4=N|6L(t!qSnoi*P- zd#zQfwDMa9^#cTx+Q%wYTl4Cz{0_f0rIs95h)Si^Q{(!=3Jpy|T{W!4uU5i)Um}ek ztSGAQ%jz3|^`-rBefr4V*x75-kQT{@3E7y$5Q``sP)t3`X_BVxBYFUEOKTZoiV_vK zOiG83SMEcS;VAo{;g%t+1mKox_Q9;`S)`HLGT9&FjH!Z3<{Ln>jrMM0jsQi?5g_Gc z5?9I+^x~BXllVR}gWZFKKKfU(PV!En&$nxzHCG9~Iq10HACzS#t9@}??W{8IJSvXT zz7*#EfEhe{SJSNw^J6F*9x~7z%~PEkz?p;d4@ddoJGuPTw?qK7;gKA2EzcLb5sC@x@SiB3%mdD=CQ`svc?LizID;Yo?%e? z%mxOvYdf5VgaZFi`QKzxEkp~fd-rH$GBb?mzmygzjk1wGrQGY`1T<}*nujYh16C$e zU70EHoTomEnn#n3s)vKTpe2*h%CL0mFPm<*wE1;FKL{A{m$T!I$ukcD4Z9N+$v^me zvd-r|ai&ReH*@@|f3cM?BoLHDA;Y&mj~3+)C`Xz{c>dMItd{*D+CS@Sv~4o_p^j}r zm_A%Z*ItHyb5ylity(eld5BCjLK&}}!S7es5S<;~O6zelbnf4i>2m^n4x^9{c*oT8 zw!VoeI^O#Ns;sE9ZkW=!=Jy|DH3we>?(Q_?Sn~DnE@Xs(05dmN! znfHWNIIhuz_=~4W&wVT;jS!`=P|cgw>ISsys@-)7``yP+TFApJPgj@Lh* z+kpG?tsn;(<(0*x_WDoq%l5d`gQU?c63v=x9N=6KYNlSd~5`>CDI~o6e z9%j1;vdt5H6M>PxCY}5)0m7ZLgu%>VQN95<%)_pm?b1?Uk`S`iRcSk$(L7_8#F=@&3I4 z3j^i$W>50V5_Wj~@Dq?HE_NSn%dZ2zZGELr|2Jv;Vy9h{S7s6Kn1}}XDv2v213(>N zWNu5SC&zrettL9R3JF=}=PkH$jGkf1$TIg*AXDFfzk1&LFdcVI4r!M&M`&8f4&e-& zyfR*x%L9ltUY|i*`pU;!6|C4fE2h$05i4)EBqH2T+O6{1zb(quMFv>&n<9OKD+|=D zm~kCsw9vKMoH#O+s=X+t+RXTJH$pj>^6*dXiW2{29DEUW;DHl)sXKaFrKXwRDvev; z2kc`lJ41@O=#5R3nqul8?&YxWJiSR>e)$Y|^ssMp;IRiwO@qe=nPVd6=b(o9GY9@v zQ@(OH7xCWb;1r`+9;Cqk0(4)Uao+PJv65>#?e=m#b9G0qa!!V}{|!iZa!@gcEFum$ z@KT78UcO$^y|_MmLaT05fw6)aaRXKiom$UC60+f~ohltaV_`0ndH#(Z2nE&Zs$I1( zSG8yh-MAjH_o5jDAq{|3d2a&p;_otld7+QTC90?VA(AW{bkITRMT@^EWAc~D#F(TJ zYCPtGqpQ?NeiE4Cju=}1VphM)wOngpN zpQpfcmijEBbB1D6yox)#(_#*9LA9U!*-1l&4qRTTPVrZeBu_R1oUC2|6_y9+1aILM zT@1NOSvQMO77=CW{_WJ}ZT02k2#XE8bRHaFH!uf<&Wy5AI^er}w*cRZ2GeL#GU|Co ztzHRvA_*{u(k)Yv?hV9~G83JuK1OMp#@O+mL`HMI-$MNX7Unvb0WX^wBw%6*PIh7H zGu`9pL~x#5038oN*J*8$?|Y4{hPhK0suyToNRM{G`|mRVZ4WZC3;{?MjF4d_6wjbu zsXXc<3+TX|yPE_xGlBl6$^Z(yeiFTW$$O_kRScSP2z0bFG<4l^Ize9mI1H0hM&Ejo z&O$;8p~WdonEV@~7)9->Uac#L4fxZG#&H~QlUNQ{T2T9)@e{7c^g&7o@{TR7D(8C zCXQ|hgl=6%qdxd|+I>hj?EiPGQVz%t2osWI(1PIwX!$Ngn+#FM3oW{#FJ>TpF~uV7 zBpvL1nih(vaTdN6V@O=~Z^Yg}Vc4a)jdDRFkRR|01i}L| zkzJf_13JK=(E%+)2dusy>3}i8c>f-xC4Z5P=z+;V4_uedB%^@;?vK&~bY0{^c1Ye4 zPY8^_Oj1w3~+E0{|ah#av@uX5qKA34tHjw`!; zY-+mztd?B5*xjOc=D~h&XEFv zaH9Jt=WaNYQtfW!q|(J$`df6pOTEC6iBhj^F%46 zdYZI0YtGL40o(a@QRtF;^|W=qr|hogs42aOBna=>%5>!AtI46uri2WbTIK)@<(Md- z^c)6?vKIcGgjzqp8oehphF-eiEOSq2`1V89B0;_nrwqk%2R>BKx5f9V=i4?^90u^i zy&{(yi;(wl(mpz*ej&xgUF~Eb_Nth{nEhV_K%XD{iuzH&-H~GU&8`dB?B@F;CTQyp zt*umOixk9wqM7l($oDiIeuqZ1+2th|h7fV5$M2kxd1TBa*8-rMMQGFNsc}9alpQ@H zl(kHA-GZqJEOoA$YIoT%HIb#xR8t+U5typC`%H&RGjyA|hyxx!E+wyv0T}b{yGhSf zZ-i`p$B)wYaOTmCNW69%lz9ruMAG2lZ}^Z54-z~;N4Eea0u(&1=5tTtYF_@{len6< z%oL>0Jaw>ujkJ|NB475fu^sZFnP?+F(FS1TkXMzdmN`I*thXE+Rjwh7qIH zy^9*GB-(WV3DRqfN;xfLO8L9(zFcn}l3MOv`iNonTAPAyfApD1yq`ic{wD;Zuc7ks zvVOSNj|z*LBk)AcV>D3NdNuUP#oEQ@`CZf{P)ouzB|{ggUxfm$^9Xc*AP;$6Cg_=a z7|UamzS44TXF2EDeG7=|u_I1r6LsG`Y@!Z`a-vPrXWEoU8KjLj64=eBV}3jnV^DYw zR$eh(4kg1AiA; z690cAHJ|8BcMrVj=GQz(N46;!2eZ=)JUzw^Wb6a##lkd<)~4aIF8Aa}i+%AJl$5+G z&k*Tl3zp1`($x718ZHhHWz)ajCp&(m_-hrDa5vtM7JFbpTiX<6d{94}rappVJUF`S zQa~{cx*O#ggVASVE_bHM}LZ*mrlu6}w0)_Q_qW7-_4oXzO%eAAcWG zz{TE&sFsgnFoBr~(_t0*&uZq;0TyCiKxnE;1V)ymM0 z4~=Lqa*f8{vqik;3*v3wLlH&=yT|r!(y8odj`|@cjgA5}JNExAPLzC`i29`liurX_ zw!lvblYN;Bffz&2!?x^QFnT|rDx1%q2^-~;IWZeWSbcgnztBIMUv90%KlIdqe;VU=2hU#ZBbbKG{UU>Y3JsyU~ zI`$ZW$3yI~4IaN@k3G?aVRk#aZ;Pd`fXqpRxwIHI3gyiTDe+vz{OQ7%i5z^g_kvF? z>{BKS)OB?NdMGkMdMis$W$D*rRW}aaD3rAU@SR4&FVK)G1db+IQ>v{g2L%7IB&+eD zW%XYYgg`g}&E@n1ua8$xPxjOaTaktnwjo95;H|)uPH$8tiXW*G#TFnx z<~>R}4sQ6dK??laDf*s3siNJt2BnHN-cs%Gc`|7jyk(Egw=R?9igF5ks&#m4?7qwG zBFPd@GFf8Cj+fR6z*$t={A6|?ZqXI-C4iNv} z!SMf=ng9_Q>FeK)CpZ!?leAN17!I>&gSgF+W7vLKlbFHN-@PK%*6*GhR~Rc z5~8Pv(^-APTPi9~xLspejw1uS@>exC-haMDUS@z`NFA$~zLfKB{>KCDj%b7UicCv_bG~it^oTk(171bE5{w~bOstv@9Y`m2* zBiVGH(+(YaX>)9cMC_2y&~9b-|8RZ|Xfo@F{g7{JhI;mvWRQ#Vizkx~0A3~BzF8f1 z&sn4cFcz>G+JnPkHj#39_&$P_cYx6u$rcMM_LZ`u%+;t-59gyzuglcH)2&%UWLo8oP`WHYWQ zGVs=FsajnTr&+3mj@Kgir%InIrt@wiEvgi$Hez6>WcjYuojr1~O~7h!?TCE!2mB9) z4@7albO`SxQ4TG1q=z6;U1l29X~Bd64vpPCn4u^KYDufO#*6SxmI9{VaJ;vKk?HA8We6r|*pjn%MR5`;q)$VV*k!0-VUzS6%|#oN zMe9eAsNvHam{Y()avXb-eoPVgi421S`DVQqS%vrf2PvMe{tlU+(>$C^bk2A_s*79) zrGVXT6J7O?w2-rUnw+zRvhN`c{l#Kh0;XNBrd{LOjA@COHc3sJ=K2Sw>4kSVyYG_g zu}6hg^b-3Cu;yP|)u1abopscp{=lrEEPf6-{yXfDc1L>C?wjPf=U&o9Mr+s28&nUm=c6e88AKlFh3*%W3%;-BE^a4MUYm1VN8taW z^S-jvyeD;d&GYrD5NO_SydDNL$coVjg|Y^iVhor1QpdzPopzb5!G4B3MwDS#(BoyS zzsnjc>HhFr`t`JqO6}{~T?%AXI_L0R!(sjuo4YN=AsuvmYC~TW>ulT}oQ@isv?sQ3 zUn~o(FHVlzF0afoGAp#f0xBt@Fa0EesZHJWJsbT=LM{kOD z)-nEn{ofuxuZ=(LzZ*Z=XV4Zf3@T=Wc7At8jZ3gQd_A$DD~rji<{BKFI#iL2WAf-O z>vHmYU~Pn9NY+N6#^%p}kzR^d1k5*t1bE0hliI?E}foj2-Ysv%xtje1-{# zneW~92Uwk}&;e;A3H{HZ{wX;h{SBRuHljT*YWrf1zM%ttGNXbT)Wmz=p+%Ywhx|5l zrVQu&vzkA&0pzS|%K%TE^L}(q+A8v1TrNnvj>FhJOX2vS50hQ@VPXO%E-m z89D$nJ*(J@4&cWFXT$^42{1zE)xf}{I;4PWZ=@8}m=AIN8T=uw% zQnZTp+sGfrmuE>Py9j@GcHE^f3sHrh8)G~{mPdG9moQpt~bDA^g=?-{|mx#98HZa(~Ycil9eRhaAcC)wQh ztJ8k1JvLAGtoKgw4kOx=}8~0CxCELSWk{U7Tc3gAM36sUz10M=49tQ_}iQJZf;X& z?&UVEC(tXdGpyeJO&qK~fHJJkJ?cfUYQt(hLz%a?OTM8Vg~J+*2r;c3)2Z8XJg^Te zo$YKiV_-X*_ok^IXm@Xo`Ea_GeV`q_OZza9_kOK@(Bp^qwGTGlySo(~y;jnG$8Rrd z->h~C^;p$%Nr)Yujm&R{74H@N;nnI2Jv)a&*P86^R4XpVNCDOo^vtX z#-0~Iy48cWzgW-TTD5voFwao-+};4s1KIN_eD1-XLk)PLRExzu&!J)0JLEaX)g12e z8@ciiC;X;KJUiPbAp>S3jpMOwri-1I!whRS^T}j0zibE)4e*qzTb2$BdsNOKL5*|( z4gCN8TPyjzk_{E;F-Pb_fs#f&@_ZD5j$%L zohQnP)Q7&%2lFEtswb^bHg-UsXhhQ~R3e}|0LAp>HKd1n0Zk1%NG7$t>3o z=w6)s1&&V#dVAwsJrQ?_yc>O7#QOJda{g5t^KD(moT-iZJT_Pu`I)aXbfL?CZB?{V zxm`+~3vhvyq=25x$QfN23pLCo#paZa8vB<;?B82gtK8f&x*aKqy04%)y#^+9ywM_$ zH`91*C^DRqZjp-3+E9PANj4*E5aYr$_QZlVskb1NbY7E^tC>`f`TadKa{gc1$cvf&=hR$X47dCrbh?DTlnvki zGk%KJOx3&&*0R}|?KXL= zNaUK-sOl%GY{<=GVYBNO=xdkw5Y?J}-e|G#r0Zu-$=JB9n`gJnt z5!&QEov%RTf=7oYK*k<^}<$ix?~zKo4|ez8UYJZ)p%d(6``H?soLMER9Vm>IaQM) zssh6%M9Uw#gKe8SRh+@kOV(L@#T+)Oka@Smk6wUV71KIs3h%61LJ9XK>kxWg){H5c z7I=Jj?LMntZBJ`#6x2Y9sb2rG1=3C_5K3oVbpommYBjN#O%w^UOAXD`T{PG?SU0Nc zVxN>t(kJA1=O)vR&$3BZ<~K!nOq&jA5d+OI`QF#ehX_SeZz4a$-yi(Z`b?uK-T!Cn z)2wxP(d}$~2F0w;h4;p2=Zn(LZq_GS{z_J!Y#>q8cHh0-ug{l?>5Q87t^aXVUZ8Tz z7D_=_kX3Wpg3N&#jV{PTzrP@NQemGz6k~$0^qN`@f&vg7B4|&dz zo1kRXq?u$!cz#GFY0Px?<`{e94u70Xw##R`8c7)pZPtc8rQvQPA^EzAxw;RcIKGv% zNUPwC%kzKAp)7mC90R1RWVcX;dzR1}-h5WA#Q52X@~R4^{kr5!L~?63lCHCMIV%QN zZdM0`O#_^j)vWpYj-Jp(3mHfg_A4uz zUYo1qTsd~R$bzK-dhl)>F3A=%_t1Ofj8%E2>k9chwwp z+?EEPFS_dh+SF&)-sQ*N$VC8Gr%z*!%HnZ6I_9>gw2Fb_W>`F|CSsrrqBO}Ym1HsB zL_kxNh^pl}nQ%ke40xWSrp?2&vNb49PPDnJ@Fwf=2Mt<0PE+OQ=y}h?3_dVGWL3I) zr!|gggk15Yw&qjly#Cr26CMGV+x>GH>eD^cQRn(-og}h68JZ7u<{u^-!Ov7ZlPAc! z!U*TTjjSs)wSxUmXl55KTbvcxmM1jxmK$wxR$$LOp;>{Aw{=*7!3PifkfoT0u@715 zhrd3dxp?ZsKIEw%u4W$!0MCl_p+Nmm$UYP+rX%b_vHHQxK8T8`ihZD^U@#K?lv&Or zFg2~j1>l^wi_$64y|Vy{ez#t0Ocv4hxry&HLJW@A##_Zc&rnSF;O9PD){+E&3;D(G zvv3~#n+gA>z`tVnmk0mM@Gp(;a|M)MO{LdV(~{+gojq@3oGF$gL^)EZ^D9Fdyvv4C z_PLQhA1|fPjUAt})~mQ~f2oQB&=Iz)QIq(0qdwQ&{q&}o`)R~7^42m^v4aaf&CqRQu=Ryvno`R2M%n%ERa9~}ff(T#O>I=zYGP!AVmiN6RRprj%Z)-+ z5)&A#C;A*^;yWnHv+ouz-*4LvsgFUy;>bW7|NLhQMt6$$zEf1H`7J$tQ)|mwd(8h? z+M@+GI(Pmt-_)<%t*P_B^i4hDZXLVuBX`R(=O-A}Lt1K7H0B-U=Al;KgC7ZQW$2$QZpQno4P~|QVCanOX8T(&hx^p=>1r#6si&c zU|^atnfHE+slLf+Hs5vW4qvI+;hUUg^OfeIV`IDTa<72W^9MQDmI>s~=m?CI^hUqx z5$FHc-CX262Nunye9UsVPK3AiK)7)<;tjqiO>Yn-M?Df>S(iu6QRJiTvcp%-Ms zBTqzihMuyh%lSNcl(nX#fE~Ree@WZRny$vr;>BPkO>qTVKVWiKJcY+k%TS(Fh#=2o z4&V<~rv_p0LbbqKuq0DqNm_?4a@ju6K*Pa5e{jJaSSEp$IncSx^-!j5=psRkmVpI5 zydWR1Ntcky>9mwu|1mv0*n8BL9p#M&pfoKi1z9g^fi-Q@qchT=9murRz{vS++^4+v zQp{6DUhO04u$w+vFs6%t=v}DCda>&Mxlsy~9X(PO_^7Pq-1*=5#IM{fsq+u}#3SyO zu?u&goBMqZ=?9GMN4w^w+q8&?nd@`ah=`YsM=WJ!M!5UQNN2j4_WNmexorkYb9OBK zWMfmIZWjfn`#AztobL^6z5!5u6L9jrq+O6fd4;!z3cedY!ns=}R>b(Ju3vC3mPx=e zT9It6h{d-6=DU69qT4#kzv`$$fP zJI6T^({WQ;rJeAp9zXG04wv#<2H{P{z>-meMz}6yLcVitXlZ}g^)(9lT)pkGqu%B& z)bXAJOgj5AtG9EVYyY=88(5uhvpTQqzRu$RtYF%vI-G2d zbSLVhz|-`!vWL>(Fo91lla?d`EGX5OR)vne23?FFY!bzP@}WP2KE=f1U+-f+dJ^E3 zkS6JU$kQ889|^|f(tFX;H(<7_Q0mD79DHEseh{TL8yY*><+;tyTpL_C*GtHBsGs}1j(VIT(x;Z zt~XFo2QZaFF_9(*RMmk6v7`xVoOVNzxHXDoDP$NQPmv7lATk7?NQfX2HG*V35hOx4 z1c~K$2@=bn5G3f?+s+;AM39U_9Ga-o79xfrlouDnu|r0p&MVQHfTwtvK}vD`L@_s> zTZ5bIwK24CI5#53h;lCx0YPM=-(|+vVxJk`S=IxI`<0vFr|hLcsXASYC@%wmyoFRC zr-@{>Lt5~F&Xa3YN|@BtOU7Uvw=p~O4?Env#SYS;2yo7u?DCERJZ}pXeqDh1t1<3z71?CoA>W4vqx#jj z`frRvKO0)$&c;=$`+_GS*&+Sx@SbpeB2(SCbKMQ?YC{rL9(5&w>W0Ux`F>Q#S~vPE zX<@ub9aJiV-mdyAJvDunROi!wtj~hsBqI`ZeO(nZDsH>KRZ;u+ zA$2I~Gw$f$S;T_p7^{cL;TjB&31g&N$`R_)uJ@On2o1vT23S2hH-OS?rHRE2iGt(!YoSuZ!nZJcR=EJfF^gEPP#4K!> zY!jC)bdJE1ekB-qf=o@B&p`4DZh%VM52WjPPlSfULa?3)pP()?pG8;0R%leWLJ0ym zPH&!w1chPO$ZmE5?_EhOX6$bG5_SWQgZJY7#9N%YBbW=@@OSVBDji~TFN3qAC;XUo zs%bmT3>xnZoNUlV@(3zkB+Dwy+Ly9Y37}9skHnSu0ZL$W5cKGI#V?2{I_8imMRwpc z;O~PS90Xa7NOXCYLis97W}Xf;BWY7AidN$`e6+FU z#Cl6sB< z8T0Ex^I#fj+8-d~U`3PMT6DKxw&Us^gtqQs_TEnd(xGr6NY7n%h011bWTh&gR5gB_ z9n_h#;Kfhz_KL}v`1PF`%m^l5iCpU7ezHq0KgFVgLrnz!JJ6sT(h?1Qvd4y3XG<$Ez82noytzt^*!qiNns~W7%th)jq3hKc ziVV$?%s^G|j3!EEQ=IU`cDn7H8ek}R@jZxw2U6tJGf_JD(ld+>hPGf6M8R$6 z2(|~WhCWqA5i=>mQ*;o(RsRlXh!)riU8s;@hwveGI@Xn8h2LUbi$-YlWq2F=_+A-f zQf`7T;pZtn$Nb9g?~+Z3%g^xY&x;Lh8z-d!gYr2`kqHiIsFUmFeZ0xaNjRD`PT zZdZo|U|RvC+obS#7CPNhMs!<6j2k2UDtciDzho49zcTe~|KKvM z?CdTK|tdSW`K-4v?G>`>wlR>FLuOBC%SPc+0S%CIDVVYmiG`6j&}K@GELj+d0L=V zjA&e?5{+x)THBP5m^?QKqnh2(-dyrh4?AhqT81Q`$?368-mf$(V`=DKl zWU>!HRPJFPv`dkm?1QM7-eModuC(8~83j_|8M0nezRx@s`c}AVK3) zc9E<3{jol!e3$?FK`hXX7_MColy&%%;5`r1(ca-xA_m^L;VQhLcPVy3pwDDLK39u~ zCXX}As}ana0%m6~_t7H~y3cQAaM%2P!QDLCnMM}@B-!3g`BBG7s?kXFd{pnt0~-A@*O(G` zPjEmd5b*+e-`v9?)w(_d^1dhU8O?O5`(Xk7WdbRJUW~jgn}3w%wg|lUd~&WNazJce zPifP6Zx5E10BO@HZJK8KDJDYN6iO3$?=hC9&#!~_(ejc-IfW#{+nne#4BVEX^VB&< zMN0GQ;5CW8=0pnUwRtPO4vJ*c>v8tlD{?Npd`&MdnC%)IGrvVQDmBmLqA(hQyb4jw zCeGOpI5a_`w~plk+zuzo(miGhq_xzJfi9hyVfTpIvc8nGN-ABj={!Bo=x%1$7VQI}nce_vzbgck>Z|hO(LjsD|GX;4PKH>Qx+b z^TvC2(Dqu@th%$oo}upiFuVn6w#kb+Z5@gEb&c6KA6CTfo3@;&GnQ`ru}u1%y|X(< zl`9~FukM>BXCWifRH9qT1%$X$0A8EX-Tp`dfZA$(rc@7Dp&$+`P=6!e=O6ae;bhQM z!@lA@KcGOaibl_c4NCNg?Bp-3L+9#q^vmIp@0|G&^Ca;t^VWfCMjdViU>3H#A3F=b z4Z|ZVb63oHm6?fmJCm713*a1W^0ds@DX1LArr&aO>&BxnaRQ_?v|N*l4)r!dBrEwN+lLt{h?Y0=Jq z-b2x3v?I9-74UVoD$sENdZhf!LCl>n!}ny)B*(W0x}iS)64&sCY;5?R-Er|X89l&z z9#f0Y>xLq@MQy&$A-jxKi8RA=#8?;`It&lpm>K5RB?8U6E?^FnwQ#P{g8M4n4l=;b z>&nyRH$h#US-J(lh(!{iF*>^n{@ngL4*u-&Z8P(m2NHnM!grE z9-ttXWT~(>J8pg${MpeVQdjtER!rlvRQSW$BM};GQnZ7XW)f$_i|)l~jLF+Usv?#~ z8j`s?_fXx(=e5fZ%%oM{PS>(Knb-Wdv0Q%dyRl3C`o#>!)@tzOj&ku`fUErCD80vo zgzNmqde`)(Ra@blG{eZzF|W%C#MY=S89Fuc@2}&K;CBrdf-9RZK zd={tEV8W?~CXPnK2595%Mn9pVi~W4PWfAk zW6a!Cl-Hm-!v`i!eeVR?C>0Lpz28z`)s+o>RN>*L20TU6$WXz~dw0|86pr34y!So! zo)qQZi zc5!f{L3Pl(CcQ5cZ;gb^cP&EE>4KrTbft>~H0syQS6#~70O{cip&(Tge$b%$>p%l; zQFTM}qy>5F-DsD(2=6Q$oMO6gXv}r+2NY^yX`WqjrL$|{6Pjx*D?qs;9Y~)(w%|^> zQ22;lR-8@bS3E{H1+7DQ?`n1*Y~w7xskLw@3wW76Sa^G=#W#;#>&_Rq#$4;3TyPs^ zPq47N_mh-=5abtplQ7EhqVe$&ju(uu`%H_jC+|-7v|9gBJZQ0EeN}+T1K!jUcU;_6xx-@H5mV-CT=NBa zqOVu#jQ>Kx0~rwv6BX6(uyLR9-W*lA1AvVDDhom~MdN_A3r&#pEifZZ_o~45Oa@9n zO4BE}$20?=3}+%QQ7J7z%>#g*TvwV+2_krnc4YA@^ki`}mu*mm`3`2#7%3)bL;!J) zMxS!ZPK3tGkpI0`yDYslBbUHBT*a8vd+*hRFa6+)Dk>1l(5r45cKv(6NK&cU-K;n- zLW#p*^gKY#J;a)G_6M8<9mJ-31GVlV>>9ZjP*B-uopU0R5_+a-oCamdXMU*oG}+`P z6QoDRit^_tRrb+~3g#cD?6Tp?xfK840%~d4Tvhe_0K8+LPtu*B>8iJ){wS}S(W(gB6G@y5 zEdYYZV>UpF=9MBzG5rF?+--W-rP|pyw9DCd4ph6BRSSqYFSKYB2J%vzchSI>j8z9V zZ*0fF#p+|}sd|!a)v3tjAGG_$}?H`%xbhY+jCb}1ooWm?>U{UE-F8?sBDZu)f{F-fj znE&ljx!9C*B%KEGy3E(unauEHhKiJ!o!hfGJcis|o#8l3=VAl=?t&)|{8y7PKrE+Yk7Z4!EC$qUW84t15kkapsQ zk6$qEcI5#z$2`66jW0Z}OW}*4FqAy(yaWNixqtxw+c%?T@^Wh$6*;RiJ zrao(tOM$?c44eMCG=fPr22LL7Piqzn1aaX4j1}-o8^DwEc5H7oYwzif_CBA6?Ohz( z-qU9k1vxKrWCpAI8Vfe9#-$3qKqZo6O27){9}dqVss8kOYI%4;F1u&KNj+%n$SbNb zBM@iH(_xBwv7A}xsoFMLwd^=IMaM`jNKC~<$qKvd2`%jWAnZr(gX|KQYL9+%-ls-L z7BxgFYM^8H^?K{|3~2KD^Dy-MZVmA5T>yWSyT~*b1I^`I(4mR2RjmhRA<|0=H6MyR z(56IqVLQeDW_7vVwZbvu9Us>v*4?EKu(=F7~r;@w&^xzWK(+84&e`2{#6I~s=@W@n5uW8qLgOXGiIN?xZ zfeKiUCF!Ej_D%r-mRT+BkV1-Sl~$ND5GC12L>b-U9wjX-C<^V1Ts4qyE%4D#+C1HW zr*AQv#qSOO{VWc66=(5-^go})g?D#9i}s$;S+p+;qOiCS&GWL)NGs&Sh?3k48A2#_lN4PNG8j&ZK`&*D8sl#qipQx zKGOZJTsy|WfFVv@$cFgu#MmLi8lX011Mj(-iw1&^Ulhf(tbgnnfk9>}E}e{0(S?$` zD1Q!&m0wdx0dS&=ladm%IH8aMMjK`_J+Kv5Vq$7blGtXlI?HgF>OD7&m5^R^aY zx8;z}+CZDCUZ-83TSJ|f^(Ge^^O(3XJC}C=U_%!GgblmK6t|{bg(ePnk?l@gQ%lSk zhZ&X?j$h_yfx5frHsS!F?Y<_weuZ^6By%`J?~U@{DN@``i&7eU@itM~ zO?G5I(4D)3B1IbW>lD+?!*e@ml2?W^51ha;D1MlnJoHo~IapYNQ5aZu;VGoaH1g*} zcs9HXD5JpXdwMuQNLFazWpqk4DyFMgQW{Co3L!JLdHhn~AahT#o@mzYHLh>N>CxKE zq0jQQldcW3pCu(IeEsoK%|t#N`i1g`8-7vC8G^THKsvWCl)4=#Ko$>H6Dx;&{d?;2 zYrOsn=I<|na@?-+Xi@skD*0~;KMJ{jCqC^>;c*%GQH?L#adAStl(esdf9fsD%TTj% z*e%E`ecC5iGlzt<{Eh9Lk zV)UE9ZnlHP#p>@o=FzTf1HG1MMx&~Og|eCb+8`C9J#m!E{ME7EM*T;W8kr$%OUOUy zEXq@--mEfy&1pFO%P6$KA&jqbGx^^*nnr_Ehb1bc`t`Avh_!IbK9alQs6*%+jwJ! zN95n!BL>2m(w@MvB(5g=02cuEcaaWV;^;YHwUy~!!AYi6yF5%qP*qLfuWJ(cK8vO> zPESQlMHDiAa)DjG)kwam@d{_XrXTn?>u|+Pn3f7MhTh#CE?M*f`6QDmL`<_g{CiZXcZ|-tHkn8JT*5my_EIPMv>Mq< zHsr$xHDJ$J?Q0FG*%mV$8Yvw+@w#35CDtFt0ZrNVS5Xp-YGba)Y1YP47{h*>IOh~m zzIlqh@D!?Jcn>o*??UuHhXJb}M0|Me_1Ldnsj)%Sldf0gd9SD9!PJH|e*zV{8`@zi zrnsv)sidEJ&8k|(!y?Uqk{|y?v;3V;HI^`Eog|Bt4U=wG>z$rT0Ssr*V9QwXIgr7} ziqBC@BUte{TJeGCr$sB?pB2X-J5H-8FUPPvSF@rs0sr-+qU3QNEw>eo_A~6eNkx&L z^`r`B(s7JvoNz+;6=s5p{%qvlHg;aL&cOM3p(iQ>Y3IfFGgRrN50lmN;)5JS&v)VZ zH$xR>-V2{2*P;I347KMs_Ehl?E@@GW{b01chpD}haqTVC+8Z3x9`2vr{m&}##>;;c z|D)6SC}{VehW^++*#^`8VUO5pS7_Qd+^Ejlzj|~`dru4_U6I2y!_H#?NIH(o&i)@z z|9+rN{@ZFAsxVK?u5}HFI&ct!{&w=6PH*-?znvfFw}$BpnY8?19d8ZX)-*);8wVR52aQV2)V62rbD5&x8G4#ZuV!$S@RGP=gKm?h-p?6?8;8^ej{j=WBkp@VotLX0a3GztW z1L0t)O}?Khz8N0UqhXrJ+w@)%48lxSI;5aO`Z)Bdk$T-6?e$yFv0mqN^g53ozhJTF zZIUw+Yj@__h}OyLP!9+{2{YaSYcXGTswNE`IxF45hpiZ=pjW8+qU2aN3SUgqoI5N} z{#~eH^a@qpeT+iXXZ?%(WK%6Zx&d7BGdM(4FgJzh#^;NKtPVfC>*0DU_lWMxb@nbi$?yY0F zzj-o4&240{g0Ac~_pdDXwrK8QEO$n?x%(@W`|)V*b1`Z(?j>n@R}ZmpSphIcM0a1ChmhSDsWb{FF;kz*rs)42wMK`15yi&53dVXl z^`k#_V_0W@Vn9Fj#ScdI>pCG8w(y=rlua#18^;|);Hl<*&y$q^klK-KMju$E*^33$ zqlraov32xB4GQJFTafl!<=OoNxn!}G`&Mv&tH%Q58ogsQmcoXG@7Uy$tgV_G!FO#i zUlc4}F?Osslc*?F<_L2XsOq zPJ;u=7$6t@ytkTabuYt-{gBWmv8T)hH8ckkduiPISfoXZ`9ANLk#iO?xJsK{HDsQ1 zwzShCFX|_k!rV3q?(g-GnE}eGj;U>2Sb=v{Y7DL#=ljSK(bU?dYQJF|1>I_Ub_4G&LOZzZk8Rv1zz&Bg$QhP%6JMLC>es)KK(2D*{4Li2)_$qYj0#k# zDM0vCe_=)qmwsvEMy2*}tw6mh9f#^t%vQCzr%kGLRg3P{R93s)XIKwK>|AAd1`~w? zan|(<5yuEdjVs*L9agpj8XIzoD*E7qwqHeKmI4Q?~+2H z_QAzB^LliITDQ6E=!)P`CG0}!QRg6M8Z znEw~ihl6dT7dxWqi$snvjT&f0&6jWEc8i>~Ud*;Ogz*#?-sQqNGRZ2P0&`A^(aYe0 z6arQeUOGXcb$mm^gNEpAJ}XqzoWQ$JV1`mU$(n)e8M+s~0zK~Q_1c$aGGb(oXKmTL z9EHC+Bv_qsKdP%Ub5L}39NurC?4wYY_nOH==y=$&q%$5)fOqH#^8C1;tswx9a5LVc zliPfU)JXI2OED?HX+2wTUHC0J3;`rBKV)WrYB<}>0F~pn^c_bQykA2_Ws6fs@!n6* zuy(^|+R=~p3FuJ!dC(z}mul6{zs2VBvKfY#t5ILddmj{x41nzW&+C|(1&1Od^P3`9 zLeGs1pR%sQshyVK>JOV+rP7C-hilL5dYG?&8*ljyI7t69U2>+Ko@2*ub7J3asVk`sku61;&ImB#l$6w=qCeV{3}`j5}7Q%p^*IkCZGoga!aM%)S7qmrgiTWL!s;4kndfHJH?m!lZ_XQP0&3CSL2f6pdwwRo z`X}Uo!Tm5^y)Ih=@5FqBYlvoF05tnMjH-&MVv;$uU1dVxuuf-T%$=p3^c(45qK|T7 zv`tvVVXVys<5dajx%948<2wkE;s~ZZxTidMt#PizWY%jpMoG!{Uj5|iE0&5%UrpD~=FG3aMG{Z0Q zBGm35Nhgw6C300-Sidh3Z7rIoQA5Cd^otBZtDe|2XPWBgS~2lBE{rzX#IHu9>88?t z3CvRmFs@?$VPr$kkIJ({#r*)}xt-`MP>Wm~f{au072hGXf zKSzqyIn2(rM$%&70a>(Gtr8+C^h0>>LYTp_B}i16?RxkhFdZ{rG0Uk8PXoOgS{l>4M&e z2D0rm8%Pi+vqo78_rTRvwxl}hIE2&D(r;)Wvxxj zX@x*$9d$PT`8r6RKaaHkB|olC8N0pPasVCjom(rokMeJqS+e#(_Pgpnfp3B1J;lP> z<-tF~KK5^;mZ$zak0hDBrI$Q)wux!ZTSR1OTMc zYuydJR9TLW(UyyM)!hl*5Cg}D*a|=8AFVN>aYVlt?7qw?tWlwA3=9I@^{`fIZP+x9 z;3!LU|y@K~h=;5Yy1n*rB4`quJF5|s2Cha$e(Pf9!d>T5S4>TmD z1Y`T{77;>i(0=(3ZS7dEKAfPCvmzs`?l9hqE{|YffFxn`2|JjPv%-7MaLk=!bjJ0@ zxb@^$oI>45w_lIp+0^-nos753vMS>j^K<^ukFbod-xkp~a*Dd3Y%0(xpVo0&&&maF zhyRw0BjmzUpy$v>Afkm2qa7UGPQx$@zG<1PhqonT9n&&9x;TY(F_9c5`Dd?%{_Xm` z{@Dr-@Q+@QOe-bXeW}>Lnb1E=CUtNqb>~qEKaX6{5<_8g#S*z zY2nA=x40>2=Dm3Q;DVJ?s3v~`EWjlg#T0s#=PRLB{sr~L|ZysUPcTKezXjk%>>gjh6t_&br{2Kng6(dvx!|#$>7@@#$9j3|K zS#yVM+7o8GqB4{-(GP4M;G2k{=eeNkOz(DI;X>0rx{t$qPTR_ zuX1%x)EXimTkd-5g0S64l6Ol8s)9DcS9LB0Fp9NZ{6E(Q3`qE-u4{*(8D^#uKB)U& z>ja<*KhwEX*xOAjX?k5`UZ*)E>FBLp`U5#j{M_E&C}6$39uLgZLBv2V zlT-^&X!`3#Lq@4Gj6{#s`|V=0MQR9y68SA210KT`>8Sf?GXH$FRJ)*OcsDGDZyYB` zp9=0X0G;oV$jgT(v{3l5z)$`dfDYemvpyCBNA*EVFMm%WXOEU0O(s{52jNJvXC^~a z0&n{`(2^+5sxhwXg>9)l^4ts9(c856eCcE$3>|rdK1#p1k3l~UNR=x*5e;dz4B$n?*}uwS}KtZD+FxQ)rMpy*`E&mp<%;yWS$b z(94gn@Ale7TK!&z06e`I0{E~OB7krheKF?HH|J==BRwf#a-D6~9zm(ZdI690>cAuG zSvBjZ8mtbhK}VN$?(NtU9l!bwU38XFmy%7f&st65D`U?gx=0ob0tr2b%-P%lqe}MK zCA9Yigp?*0(x{wwVlW1Pu@Vi)1gQo{r(`RD*@8PPa&a?Iw5f|~Ce6~XuyM6x1*Ji& zc@`IWL4CH$Tx0{FOnm-D;L~(A;Mai`q<6lLE+SdIb<6r&P|&0%rWI{`(5%Zp9C;Av zAAoZ{i|A86i^x^6d>2x)@u92GN0*NXR2Kc&N5rY>%L=uaWuj(b2B#32>Meku(AGi& zc~Zr*pDfIt!4B}Aa+=+G084}2Hzvzg9>m48$nP3Hrqz7cP@l|VHQ7Yz8QMtl@-&P5 zB6eV$Z_q`6^wy$qaJZ)igHo+$ZF{k8#WXRLLuzs7pl^6(x4rNu*TG1tATKgTF0^t# zTBL8JXRsnnIbFpTo*Lo3D07nDE2e234&M+*q*$caaWs)pwpqJzCt2is4Ap9))q7&e z5aINHkVs!{;fq6RdinQ6q3zSN+OQc;=SuqsDW2KhrX_;}dAUB)-!`jMk5$SK8LGVs zQTn{tYzus^2P*ke02aTreGHVBjiS3Hg5p@((9~QX-W0j-j`|xmJ4gJwV zMT5SCC$%FPQw3+-CJs-#Dj;ai!^;UD7KHaS-qR+AO|A zC_ih3d=>b|!jBJ;8=7D2K7)HOszHQ9yG?D1xWUHlf?{4}@!jPL8WU8YKTCdmGb@)J zvK0Qj6(9M@0aV7G6qwCldU}2u458{5{^p=k4e!APzgm2vQW&)GllB9xRKcPSOsbBy z`Im<>bfIZlgE;T3@Ap985k&Ml*S(u(E+$PSV?R zRI2jg6kP&S)pwveL7pSz4@RGv1C`Q5c@C*5W|m^)y?ar=U?2R6Yr~4JXM`$CCa2q0 zLPl~v1Rk4I599oLwvAtQGSojQSy$yX3?#!n+K>De%7vmtiWB2|FE9YnU0dgU`Odd& zUp|b%B^99Edy7hyr^a>2B2h)*FW>`0)_Om>Qv62%9hIUIg!}u`!VUw;5{4doAVU}a zC$XbT+Xyy1X$eS~olW8&Q3$(#-GL}Be#_js7ni8L(6e4B`@PEYFBn3g-D#Ijg?Er_ zvrX$4hR>9va}QIWhh@vgWa^y#Fy`5)L~>jh=>h$FbDI2exxpcQr(#yM-tmN0F}$d~2-ebhQRfDJJH{F~KsrJ}M`63G zE|O&B&P4I4ibb*KPAl|Wh+hgN*tORi)k+t&sJ(V8-12%>9V`R^tEUn^cAdC8)S{@6 z!6q*J6xQP2-3l}KR#xZym#g^=Ty)IH0s`ZKk8j=EIln>8|Cx?uOi(l4)j8u=M_I<# z)QpL0#(TQJznamlX4I=0vpZ*em@>L<7TmiGDhx6#SkVj=p~A1(48P-iBfFhahuTVJ zbKI1^M>Dht65$98C&RBg3E{TWn06+7>U1~vEu!?DT^?s-rY@t$r7h?y$_Xf1u}cZ7 zjiNHnNV<=IpkMg8D4%PW7Z^qP!E~FiBtdvTK`d-u2&cB;mrL;CrKe(gsv(D|F(hgc ze=Mt)u|~tpJfQLR<;JZ}&BJoiHO6sOmOM_^ zNh1;X)$o{3*Ha&B_9%Jk#ZRrBY%v{KqU30{`yBY(2#0qjAxTFwUfWef$oi$ZibL(b zyl(APV8U^x6QUFS`}%~^bfCtpdC*V+kfd2?u)LL-(OuAzgQj745!R2HncJksP+=sh zBHPh_CW_{_)P(NVCF}BQ+|B6GTdMACQ1iRvRma*4ZEd2%-yfc^0}tUBJ|c(3C#Ws&F*f6L9$?qgEf{pWvjV(dT?*`aTJ-g~2M0({1`4 z`C%ILRLJRgUH# z>}Df|BJdt|URhT3@U0liP88*$CAU&2yGF&d{};UPu{I*^P(#^G5T6oRD7z9U%LG{# zx-gg#$2%#e%b@Td#ktGOuZs_JCw7FngC-(+{4PopXGr5`md(1SUDF5;T7Of28)v!Z z!+G=1)nsva*zUXh;(N_H8*ljsj9uR%06GV3)o%fLajJsty|70cdtz`|%{l}6m#>&;xbtKRb%Uf{C z<}Zf_(t*IyB(5%d4_66W`TaepAEQrLZT%J7 zi@)zQd~r!kd+#K4ZtpU+y(bd>>-I{c?fr)BK^v~vHYRszV_!XMSaKg{KJ$x*5GBo*Q3kEZ)1)P>8x+@2=C_Q*a7byxLtCa(pQ<(8kCXx&f z33H<^W!$}66^2Y;D#l)@86toC8L0qVLJ4aS^D3rVObf0gUqLK?Z}xdDeSV95UaNk# zq9Gu(HSZoZmUd%k0JIg}(!v5mV4xek<3;Vx=O`^EHpJy=_e9S>IB~DVs(piY#^QtX zsN@`0a-Qfz*O%8s4?sB8GCpGm;HRW3fm1RXGjGM>O!vbW&Tc^x?o+#ToaPOdqs(S3 zv$=OA;54kx?6ca^hZDI2a7rX#IBb}(%YIElr~4v?#)8@l*&HuSg`uALE3oe`kai4J zRNP%9tysy4Q%N{MymwVQb6PJ?4>_df(B(PkBflyOnibQrgDU+XB7XymIT{vxaE3}c?K+sl)NNv^ zC&jE$PcP!ek;ab>Tj>3w1X6CL^ut!Bo{V;~sbbLd+p!G*G{DfK48NJKvB^ z@ehm$GcTuN51y&uaeiK6Q}!)7cjz=_d*;M;x9tFSH+NT;`C|V1^P&^hrMH0tIa(AJ zbgJX6g@z+N#UMQ}&#Cvq{M|8=1gj~jIBqM9z{{KsE(`gLij<&NaPBxQBC1cJD~2haCuYaa--ue8KMcB{`3}zQ&UY})TT*Ql)*s5$fSo|*gQ(Z+Nn{e=DLUAi*|FY! zKibdMEV@|d_J~H~?bc`Zn*FTZeFW1#rrLyu(g&1Sp&Aah{+0o}ZehXcmV zX0PbYJ7V$TZ~Jn{Z?PH{V>smP;=X-3S~#^*a=Dxo#EW47&}E|41H1b=yqH^_ z%mP=<$Rc0GOUrgt05|}QSrXWX3x<(fIll`X-|e4`Jge%vC^T{?eyU35grFr;Pxl$S zjdXbTp3Q)#E~!<4@92{6JtGGCTQtY+^HuXYo#teZ93}tt`~<`dmq#iH+~&7xca=gjJcMAZEf(R!$dIC}LQjGVBp5>==@)$_CvXKyE> z3R8`H$Fw9;z*-*=**G=NLIldAKgq!plf3)6O0)qu$HaFYjT@di+otea9GhY7iZQf; zO}egFSZz<9vYGSLEa_=;FV*S!6{yR^Z@Fo6Afk7FW7O&sfZ5!{;a|YY-Vw=!lUO%j zf%-dQrd#v<4yh6&DGabuH2URs{>^}ctF`;Ce#=%^xgb>x98G31x)y)tkV?ha*#p!r zKZEnddu~U98n%yKoy-S^7|0D{Ac+CW2iYui*&re}CYj+|ejRh$8k!7w!yA%tj!&P8 zXT87dV7=Rj^*$xa>j_!rOqd~VYr5u}7yrJ?tP=|lEW2%X(7M?Vpf`PU2Yjv@Vqnwl z>M6>E>C41>I1Tk>bU}SQKO^vDLy%#_`PBq5j*`4>a$1Eb=28A9r z!y+Ek6LKm3@Ar*!nY;!!j99o|dVqxc=v8zaMl-b7L+pmQL#!xk zW-J=MwGy3+n1xv^sDO)*5LUi$e2ZpEJ!eDs+u@>BC`G>;;6X+1}vqJWk_9Ul5<#q)9Ubbk8Ew)OYxH<2_`+r+FWI2=}~WbBqVVGrOVro!Z=9*)@uRyQpFS z`gI#5-AE$#4Hf1N|8O>`CG^G?2=;FIf%~k4@a@thv(7p7OqKu9 zc#*>P8)8KYiMw;+!cE@7j1Iemn*^%0epi&yDPc?o1*IlIfmlws^gGAcQG6LXjdj>c#m!pcc}v1iOI|-l2jE;Jpa|6WJRI@ zsjpYfYpt+>WER%Kl=C{iJ?^JB!%b7p!kfFAnV!_^G$s4zYgtMGr&VLc zFMxj{{F?#w&5710&!Y>c#}~6^8G-FCW6iGBvIX5}EHr@Zw8t-oe{;&@hhWAys9z+} zxDV=;tf8PA4@-=w8FZtCF*)YJIWEuU}Jm>8w_ejeHQZ}rH zG6+_x3-CCpWb7ihnKE7CW?AHtJZs@@D?e_x5NJq54GP_{B$SRE4~G%(jwN9sF((`mPBZ2O0Z;_ z+EOvKWQ%L*R6uR%Bc0Y#LrhD>om$FeE%jn86)2{60@P9gv{W1{v8XN0bfT-NBfVo= zl2}W?&QdF(m{w+XYNe`yT6wv*<|NC(TA2Z@%nX*?&Y+{kBDIDvFbH;kDp4tG3OJSj zKS=m*qlO{^~GorEvw}}HV3CeM50i~cPIOm%h-cd|yd!RWg{kWJ8g_I$zIxpskMETo>i9OZ`ocYNe2?#-@kQ}-kowDTtXz$8fx<5X zhW5!Da8}B9u4eJ0@h7zZzBUDD+Xj`kohg)$ooec>b6qDe2NM)2$(d!v=nLO!_G^=j zcCID#>F7k5lwG#+Add{bg=&+Ty#J6AIfFTxgZPnB?pC2`yA&pVOan?Kbx)o%1rA60o@|jmkdP&sOhY z=ODY>$0{AR=GUyH?|s$pj>5gJpYr{9lVX$lDt<}mXOV2_R>`=TQys)~AJ2`5N(_Y< z)Nb%B$+^018|hp=xiv?}ZYyaW{>jYLA&)s(qd(1*v3e^z!0!v{5Dkf2%cgS7bXgLC z$(WI5mljh1-x3O3onL478GgJXQAdWK>Uy9`wM}{`Wu7f)Nl9lKZTl3n<6Iz0`^pOmb${s382Qrv%gM_(sZD2?H|^dw!4$V=A$5k1Vl5JP76Fe5~~z0|5s z0PjVex^N+k zTUAT3SXSVVylO@dlx!qe<@=jfF{XdCC_l-V{yJd#9{{F5+g)@p z37LK~Vqc3qNiUZSQdR68+(;3xLleENN>p+5rk$PiH7&A0^wD{u%rUgRk2y!a@v|gd zuq0JcVstbA)Sq<+Y~Mtj-#!hzCnc-U+O!ha4*+%yT1fd88r{nV!TJVB9ePK&`a43{s2CIoOf9~@a@NA1t^D}2LiUkG6M_Q4sJ-yn%_JpTgZ(cj zI)e8;rDHvY0{kkZZo_90=k64w|3s5lVloC|l@3SF)#6>p(MNc`4M9%>-O@+KcXQAU zL1ZuXv{P@q^U0q^xkjgI9rN5tVBQjP=bcg1o-Dk>CilnKR&r`3?T3%iVUe#?;V;nH z3jNL!QMOkaMa7T1;U_`bZ7*!*SGJ9kyTsDu9Sy28ty{~lB9iMb!DM!7F9(tKTjgegSpZlh&sk8;( z%U;5R;t2XbXPMF|({FDeSGXlTn&Tt%f5UQQQI3NwM^-e)a@2pL9LNp7OP?2FaL1Om z9F-6L7fURF#BW(5Fu@PAL=odGutea1T`X~id~-Sx&iP8j98Zr1^(|3+6BG;EGtj>^tnyi?;Ih@E8?+whP&tj*rHu<_Noar1GWuCQgmz5v4OHlby^T#Bmp3ks@; z_ts)+thOb#u?MuqwsSF!6=;nWcWUgNz0}yc7HSNDY*e(d0%)u_D5$d6Tc=QCv*H@- zr8PDswlPs_Y)YrbN?2nTv&H~;KY3MaOoYa!1O-*3eCteVtf@J+v5l{)jeVn28*7Hf zW~hx7&+OFL7kj9&ZOzmeY>JuGSTk^xGc3}~nZaUJ-g^@Gj7NS}6e+;?j2g5*1rEde z1aa$FzcV>h=b$0whr50RnldsJZ-DCCu(Yl_F)gV1q4T*k7o^Wn2igf;1a5IRnX-YgG0 zA>LB+WOd|OUUB;81dQ+9JpUrJHxSStqP|{~O`c7JcH=##iOR8Voh5hm_uIi6S)`q+ zmh2Lg3sDc~^8Q7w7{#|~<#xuB zw5wWc+0`v5g*Nw6l@Y#XVv;#X7%URx{_a-AIZOy9;l2x zgX&|U(Adl~iXdN`hebvT!IC_7OtHEy41LsH;it9292AbaKbH*;|C*zUvh!Zn)^efI z){)^ZmH|*D|1vxK3TYCQjbr9&P^rI>ztiHIP4Q9tLh&w2EDKl_~5@wpfKyqExB zGyA+aN*5Y_Iz^x7(dWOh&-2vJZe`e_et_M!0zsiC7lr)ufdvWga5j0BpSdSUrwG*U zWm(DdNy^bGpvIdG>XCv_+=Ypuw@|gH5E! z&cc+!}_EuuVUe?r%?r(-_nNhfY*`|isGDL_g!+Y zzEz2s;`N1D@Sa?ooD4mmVlNCiBT=6WbY%R(G}#2iQQjAU2HlI*ZcwWoZ}$xyfYtUU z{M)s@hCizBa;gtOB{W3OY!7aemI7ybtr-y1ksbzM>>VK-o_j0udWLCa^0p?8EEi6{ zpjzmz#CHS$)rO($r2=?rw?wZ6;^`vKVV4o>JaULlUGPg>wtpf3Wk8z0_>lJY107J! zd*gND37$3!!@3~eba&C} zQ#q=zp*Ne35I?^aV?-}j@knrGnfkPui*ct}5R3o2w?8kW06o0tb=te1qZ;G$cM$Vc zrUiF+OxIbBTl5Xq{msk_dr5V?`B^jy854~6*9Opb6|!&BRJ}O6ZxJz&!q!yHx)+eq zhtIORfc?aOCIkDqDTe(l(%8>I6lxCH3>gYU2FJ?!VQvqUekGWbsP5P-itb&4!ZE3D<+=MbDP6YVnZ zkoAGLI2ej+nCP1j%dZv&SX2~;Yzd%@3x|6geb_w~kSYVmk{nW{EpXfnw4#+=4LNvg ztq?eBu=)f}aM$#4NC$0!NZM?xw+=piY2~fe@X6?qzJzi{tLHGJ9)#3@)hFs%X1&l< z$;V_)uu5MFf#V56)6PW72_*#gF;3uWt=Y8}$$CaAndYf++C|?@XYe{T*1u|tMfwHR zq923h^!QQz!gU6K6H-H0rIXFJ^Gg!ySB54}g3a_5dXA7_S5m&e?HF2sZcOvIh2a;P>I0iupPcpj2VfU;}u!>{^`1&V{cb54K^0al1y zEyfb?8J;#^WCeIQnncl-d5e%7u zs)IGobHzgaA>Q*Fc?hf&3lF${5~V%v7X6|uQPLl(vJA-Olz=ojD*{Za=~2ndl=XKa zer)@^1-k-+jdsQ3f~ncWxl%TnoqTvBNBzp!)!|7Cx7Aeh)Cjp=a>bYZDl{J_qq_laR@|mccq8T6LYos)tk6 zq+~4BsTKF@@NfM`_4A%zX#cL>ke~|2j&;JX)ZUnAd*MpT&(WkJH@8zU-TF)p>g{{{ zu1j&WFi5;nLO0vtbzO6h&~iH;Kx4H+4JGGwLCNR4i+($SDA@#yFk-c~2%#nS5HLVP z6tHas@GRR1I13LrFCy+`^pxTSgF3EgWU)Yy>L#V69vD5vvLI2KVzB@y2<{eGx>j@DErNPY=UEn6uU9>%daC07fV%0O==`*#K0;t96X>z8ymuKl*Jv0)**-O(W z(N4QG_1+VsaE};eMt{U&q0!lsoL|9N^GhVDsW^*sp(_LCw_9;u+L<0oCYxnKZb1J& zodZbR^@JMk$JM}aLfKl)m}Uu5DaEkop!3Ei!N~F6*@Spmi{FN4kh5)Aw#gmz4DT67 zc{(p!E;F-e_p))#4*w3D6df2uwv|XKfBy({|3Y{T4grns9j#6 z4W)n$C0`wi=$qb5+X8Bo_P|hL2C;er4Z@5gfMbej2!9mY?WB*W+sz%_*615_=7RmC zAb2C}^269ihinruUQ=(oY|7byLbGb<-7!&qxPfBaw?L&f$ykAoRAT)Z{XuqY_GI9duGv6O>q6^S+J%vgOx_>a```rrXg1x?i z8kdsj>d+!f=z3OY3c!(FNyxTg7>2cEVN!(C0dh0f-!7Nq^*ydo4~HzKIYx`=^Y4Oj zhRC|iZ^Oa#w2yumk2xUI{F7u)C9Y}EdWMCw^*d+Vq|bqTP!~4JgZdn2w53fZdFSRQ zXkEv-m!8o{^>*nOXD$E;HiRSSO_4?EdOF#XmyjdP*eCB2|f0x{mgp^V&yxKrGhV^wp2z#e~yMNzUkF=pP@&&SrN<2l(^>5LDXzy*%xcYN7Bm3qR>NI#MkRIG^FSOzZV45^IwzaxzZO1$N8@GXm{T zDx9|8=u87L%u!hFI%$;xXqQxDEeuegQ+IQ*z&~DTHSTc%XKeqZdXi)h8c8gj+*Fz1 zT+4#|4W@6f4c1O7v{zAmetTi13pn;#tj{kL)(YscuobHdSd9Sy0CKoz`J~z|Sw1%^ zl~VukRTv6y{74E2WVA?g^-Le~ak`f;-$^(2KC7Ocm(mx^VO6MbN*m0CUXYSWJ{})m zNR?Me-$4Vls2(FvH40m?1q;H~WkjwFlma$+*)a0jTf^04tagU?qUCasV z1m~KK^{@td2tBER9Su}hA6-c5d=eUq7=IeDN%?za;$ zNu4X381guNJQ2@gdD>2fPwG116T|=vpVX=N7}ONT{tVnJd*BnC zbBCdv(R0|&5)W8?6Z9-EtiVn_CU1fu9mac4hD{E@G8`7%-vE%*S+l>iNYhiL(vkUx z5uaR{sM5%{&@qSZjusj*+L7w~3iw*tq2qx5aiBU;vqd^?_gPaz-=9$w#5F(Db?e+z z;^L2o9yP}LSR;J15%A5c4*|ZJ)d={;QJqiV_ey@9MYjGL={wt!($kuM*uvElqq@iW zCJ0VhjABcW|d|%FbAMk+OH$ zc{blIjgG?W0LYKHev14(F22PF6wjh?*8r` z^wFhx3)014Wjm#W#e;Rz6MJP73Cie6N9DB zsom#F6@7!Bco4(2+_7;sf8XV+GR!*oEqWAxt^Ch^__MGE;Qc<+Bajri5ZHRzs^egdDdXhL^)%&gR>9;-^~tbO1gij}kgWj57 zXEg%mT3>15>gW`#b{z^ofYCG1llL7Vj1H~^Un~!9Ao{}EfLc|9?QJj{+!y)&(T)%t zSSXKa^686t3(VQ{dOYhAq#k^hD~-=uYPRrM);##*D26}Nr--Nc6(`NmILJ#Bf#tiU*7cpbNb7R){1~M z5oK1;7JkuBKXYe9#CU$#jxroTl7;+SYt8HoaqKMxLRQ zF#M7MqlOYDA_?ZBOmXo^W(-107+N{8twW1}_f9ro|K203Oz9aMu}rHj`*2;QJpc}* zfGv49Grb4dOW@&2AVjqNM`BywqdbA{^%%ubrmPX0U49W;l)eC>;Pe;eM|IGq^rib) zLf}}6`y0Kl-_t33;NS=xg{2yqI$MyYr5Y8#M9tgWyVLB2Kk=Tw!^?R7{Ts84ljV_F zmcr)wn*?_dZ3)kQo}=5A#%|^m)60^o`0*FbYH@u7@oWULwm<`rf`L$YQxc4?k?E5G z_ipfij>3LgHN`Xw>R?~(5_R1o(fHieoJ7fNYSbwRUx?u({Gv>=W|wIWnc@k|g79Is zYA1GX$9WY5;t>XBE8Ne!KcI=DmdEk$Ps=s}{VS9=;3NS|?vg$a{A6^0ueYRBHC3j$ zlDti>TO!*h$(h+fFJ6t1%QzoB5|*$_N4KF9vR5`*0YNm z?+Xl~L*ENHPxwZPC1_YRPS7M=1-8ytb{Dye4%efEYp{j2qYAh#8uVB_IPVNL4|vW>X&- zF8XM&8g~t~Y-JI!{C3$_K_D^ng&f^xSp90YTDb1+?O(Aty1%J@(AN8h(D&7Z3dO*S zxEX*Sd7V@(1K;Uw?oWCkB%H6-FuO#$y|9PP9Rv{HPO)}9udpB(ggv;Bz`s8zd4fE$ zFle2@diE`_8EDjEg=O_TPwSE=TW93gY{~{|*f&+b=`xf>O1p#uKML+|6NHpcDaQ8@ zhMu?h1q@+F!$rq<7)sCz)s$_g*jc{)#+8@q*0G(pv$$Y=@fNMg~yDMrOxqg=l%r#@lL~UI_rmr}qmF7KVt+1U$ z1|o&k{J84S{ohh_Q$q#bQ#KK<;Ls4kG_x*>Ur=08tC-q7IXZGhfamppd;W8H{&S%o z&2$&0p8xUwrL`m9c>z1?T?0f}Vl(pKvpKr_8XAXBUlVmZ-PN9l2!nE!Fz^u`3=-?L zH>B)EWaoO2;4oB9li}@Y`vP}Sa&EBekzE<>Ioup3;9_I*-VFuY8@DQ4z=WOa|IW_E@4*s%z|>raBb0`Ds; zdMp|JKIe#XQF*fF_xaFam*g0Ib!OGt+J9#OIj<7J4$iIVMfAARwJ4bCrSaqLKr+Nz*KHi5@oU5BC6D|MBEjw3_iP)!Thb>m&V{JQDA;D}Q9nshcRS zJM?s?e=PLZ<~D`JVINJ(AkI(d+LOGI4o@U>YORk{MENre5SBE$ByT~#CH9@U*+lg}5O=DTJF zS$ND1**@&?;&9JDPGeYyr42y-H`~1j9-n5d z=d-PicHo>TigCy|ocf_7VtHu;HDMq@qN`r?^-4JpIEP&x4kLlvbLN@Fir=oUeQ*{) zr>(GR`Gt(I*A((fF+p_zl&};S4EpLm z+Q#4zgF$!)V^GtYG?wxK+K`5ObdHA6h2LKtBRj3KCc!^Nr^=m#k0=Oac>yyrG-s(N z`9V^;rnz!vLf&Bv|8Eu%qT)~rB>iBWjzP+j}vW2U-B8|^RsF}~A8r2kKb zKKv3pl;so7xSM+}>La?Bn{}?f;oFCz`kqCn^9g4$yjuZ_N)5DfvJIfM$>^v8 zIPXF3mNb6FIYVIH;lX=hCd~BTGu86$mOlKd{zHjtld5gA^d39cFji@Bw}(i=#FJN)jOo8oeX44QBwwKfTnVk+9$Zi$7sS_ z7`y-a$X6SiD)p`*O_hnR6irj*2YEH}T}=U0EUPg~^v0B_$o>=7DSX1rT52jo=Tybc zRGcvR3-T{z7Tpzi0jRio!xNsO3h>qF`jjFW!8Y&3dlaZZ*wKq5L+XzHG>Oc6J6*)@ zz)+_}7w^r%Q_`@s)(kuR?-;4_MV5VvcKv@IdBvGb+M~V8By~@)@A9KFNSyrWVt^U> z$%o)CsYl4uH``@vg<`5-k`pbQT=py$Zo^8e*w6tqTKfTL6uymKZPm4ih2-J`KuB4W zx$vP2)Fr^uJ*i7&>a}nIrJcqI1+aD4@&So;6ErPZ$umV0YP47tpuSLGtyCF&Zxw++ZTN@5 zZ2Up%$83LTE6<=o(qL)&$BOCBMcS%+?qLgr;<-u~V0Zvq;|5iSkv4f+!dcW<*D#r- z3nshFU9?~qVzO+}y|e-P-)nT=40I$m3V!UorJ6ypu`dSAYYf%?i--x}d2mXv9)&0* zh#>ewU+nR8q#T?VKp8-5^`UW>QtLGCWO7cR3NYA0d^3okkPCk~C#$T3jAeh7CMRye{>#gdrk}ef^E|_A+Mzw)zGVLWHM3L6ZiQT23|O*>3w46 zrT$}vXSCs=+m`Ts=izoTfW+sJ#Om1UyOALos?f?|Fcn zudbv;axcz<-T%CvmWYcU?drZv;XM=2L!6xwi?hjZL>HXhgVgR8>{d4th9G(L2b~(R z80t!J3V%4Gg}Y;B)Z2?@ba5)o=+^NxqY1>QKHrjq9JHN?p3B#?poX`jK{0*%Fmug> zS5zq{84G=syqeoiw<8OESRX~6F_1F%TyGjMfl!L~Qq6&DnvA^P!6*k@20xXzoEqllSEGVC;Vj zx~icNqe!iWugBz=O74bALcDKjTqSnKj`N zc`V);v+$4fq=jEu4GZrVXyH>;IoZ_D^}6sqP#bJ~?FjImZHb{Ke+~k(KwZ$**9Y0d zmUN7w@-Yr?Y%6dGHHZz?1$_M+Jy_L|-HK`a>OXcPzAYhsf!;N$3lx6C7(eURXtN%k zL{pUnQ&k1s48M3rQKDy;#6{08eoJw&yE?($49DPnjvY`cvI~7xjncT~W(`pwoQ0C3 z;|$-3Q9BtS;OLGJ7~G4UGxDR=s>-tW{BuzK`<&=GiZVn3f~GPO8=(hm>Q_~9adLED z08%W*XvaJFSX5v-i_~9dRG?rm`l2}jwm&|vLR9b-Mxe)g{?h@(Laq@S29k@j2=ZR) zrRz8%ismuL%@?GhR0|e7e5whU?@s8+$a`Mvk9{)6_Nn|#cYXRR_32YT>r(>tNyI)~ zeMXy1hW&f+p5*?20`JrBmcm}~HuQ}48p%`0ubu6`j*eSdKYRRt?PB+EMs_ZGhXtF9meGvm?5T!?FKo6u< zGck;W^ynOVnTIdIRn4l{t*prUYYqz20JDz#Rl}?gdpl!R6s9q(8X2aTdU*d>n0C>B z-9wQ&H3j~by^JP(M?|ToG#;qc_t6Ou*=9aP-Tdb%wVOr0Q(8B_@x*kqrK6jQ+Ra&> z|Dv0x6nEY{l6N={>DLZNKl2@91y8XdV6b7pd8e*x_N(Ir!O zcQTw^;W9O>6>x{4SN1U8!+W9+u4%?eqCnhqAA5P~No`$kThV!+*tTj%E}QJ=u31J+ zF7S0&f!pOt1!x_vbz(&yE$juUyiOABDf$DWOQ!MeIq*d)nFcsLJhKnQzbOAhcFB-$>gbA( zprZ+_qv%LGyoHZrlATxBb>jHO{(sc{33wD$)&LB5CEZB}0u`2qpeR9uCIOWw zY61jO&<$14&7z{HpeTwkZV27NC`&?j6Uwq#RNQCOaa0^PaESyJx&vfE#eiD?m4I6p z?GjK!5+L=Tb8b~HNpNP~_x=C>`*@zvwcNV*+ z0D<&glshimzkG5Gc(JguJ@EPByuAdxTr;?=4nDRZ@X^E^lDu6CMReHfb=a#6*c+Ly z#9a(9o~C(z^%gqcEWv?E%2hX`(VreVFv-HtF zUC(cp$F1kKHWacfsqe#jzW7pF&)v~^qVV|A5hX=^Be=WY3A=kr#MlL9ENQ>H^FB?d z{gn2hg&2dcj^L-$VFUT_i1F#bB^^cB@8h-&^&nY`JbC}03o7+g%KdLj?V`P#EC_iY z9%PlQL9|N}-sNCabVn{R(CrR0Fv>nk@Kgxwc79TfUjCw9fG8**S3l>N7B;+WyTMB{ zrCxa>%D-LN;_Z}Y$zeRp>9?i8JbEYQJM`s=rpEnB?c)$_9>pl$m5pSPq2!?K4 zeJErDp#eJ6iC{jYolLFEeZwqlM%oGHlPod*9=45rKm8m2e&XA4X!h7iLbHh#fMy?F z9NRV?{z=z*{wxz0 zwwG@nY*K%+GEGrwElP2MOv)#9$ImE*#|G(KUGvhSo=qw!Jmb4vCrHND=iNpDMcf4r zpN1Z@mM1XcnY>4{72k|amXWQg>RK_?|5HUGCg5woTdetN|lMu z&jIHnY`w_HaEOs6B*h;Mb)CfmKf)pi+7(BgW~;r)$hhSE!7_JTMfNQ#9>N-HNuy%iormJc(n_m=X`u$f}GN-z16Y34Pl9!N! zKWLB5Z+{pDum-%`dR`ba2VN%+ku@}5(Q!J z!jA03?xZ+&q9#G3>7GNiM`mlbf`xz1JG@Q?e?9+Asb`Z6u_O-ONPi}OG!DN;lM-r|Ws6KgkRPif2ACuSsEu$?UV}Io8821Dc=6gL z1v=|1$b0OA*DzkZ*2U(6xzPbH-U7V%9(XQswNhyd@xJS$6cC64Dvg0CP!jDZSDpyk z`6A=WW#X^xopI$V#tTk>j(@NUdm9hov;Q%Kt5uolUexKy|9|5fFPl%H;(&(QWslA? zF0gxBtbEykZ-AHhA0uZdVb#E9kIuMJ9-b9YB#xi(&AdH^x3I>dBkp^%#FJ(TGh=(JkrtQB!- z!ti?+XP7(#;V0ANIRk#OOc)OiSFh(Qv3f<8nQd!=_f&uMhBr>LaZC!YY}F#SX*S`m z|1T(B!y{H;fS7jiiNcQ85>Bcz+)EiwU2q_ZQ@lS5Zb;}uRuqq2!rfn^wX2`~-0(YY zs|n)T2TcP^ynpI3c)RxZ7!Mo%{M9(-2eZN}mb`xw6QG{^JDMMk?=7H}7}?qzB=Eux zB(T4?=%JU81oi^@Cmm%G^ZT9GN)?bnW@UK)?i0*u^Hr7(BNN?deV-BTGZSZwT2!Oi zuDu%M2@C@QkLB@0)NjxkeH%`c`YGZ5_@UL~r?C7R%cmOOj)oK zOPxvCImJ&8W9Vl=4o*lzd)iwTCd=b)(I%ORm^O>0J65&#N$hBUcvXD74VS!|qFiA# zP`h$dj^I6+Ch!jh!*v&;&0aMkn~aLD{91g)KOB-`EJBo(2puvjzI;4faw-qz<580` z309uPeUZ1t?72!(cxP@cX6s#p!Fv)D_y*RIXH`&riyYshCBN)g@=3kq`^*k{Ga+1G zSMDwc1_H;R9NALgUVhC_37_Jlz$X3EJ@|`d&?P~vh?UvJ2X^UYRHS9fHCBC-&8-w? zS9X?8*f~2W0ka#h-2>)L(S+)h{w6&l7m6#G%t*ypP!iJ#3b`RE z%4jF@TvT73Q(4X2|5#9`>e~UFOQm_cI(*y-EXKFMa^22AdhvnwAi3vn!8`A=oGuHl zi`&U^=A2F+GNiNpj4HuRtygqY6O=v?3q7w&<}m0Z2sq6zyBdZ2w2(}{B}I8(4A%WD`h782 z_p`YBwm}W=-YvxrZR8R(;hvu|u9l{@dblTjbPPy8pJR77Szuz&H zC-XWI17(ZJ^uQ68wi)Ky($?s)SKw}rzosd|v;1@P@%uyuuFAHG%7iR&a93yHQGU%! zq}*d|zHz}l+sF4zjP1$$M08lF)okHOu;Gp% z-#V75D4Lc`DYpK`-(8H6o5H{G%Q0j{*l<_~JcEHzoyto%N_OQ9jOnSo>+8l6>)h#- zZ>_h>cQ(kL?*J+4!`ENM!7v;W2a8z}_lda0uz8mXzg#$h25ObwdwI<&8uzlb_`@=H zsqBchEE+{++!4De7W!-qG!h~LvX+%6c&dx7%<=jqti>+Bu@Qdcci*NW&rp@6)vUUD zQ67M~W<u1gg8DMw@9$>+BFqbaSr_$CQ=L3nGSlW8-BpB#5 z4^aN06~EM@FxK3SFPq2$KL_p_Xqq(JyaINdQGy2KbQ&fov^puyMNd&)_c(Jev(DV^ ztvuyzg)c89S1ik!@TD}n_gW`cISNC9#XeMe?m6N;%;`zQ1aCu|kX9GXtc6tpB-IZP zBuV^=bFf>j*#M?Hr?mA#1lPZZowl@t<=H4K9p4ovb@oo_>EA1CzJ=mUOs)hN=AWjR zyv}{vHwCACGcx+7v~?f=?&;qVu(eU3NmqS3_{F5tzuOS~E*AgGzWIe2=W(B%oe?y7;02w8i99QH6=y&d}7$(%=&~ju4c_vK8rT4<~SRi z!l(_-Wt#1>S%125LB(~lqu$|b@>~%4%W1{J(R!6eVR*niPR~dCJ&NGxZRXrO2sAmk zTL;h3PyJO+Jz>(7A8~DkMDGdB-NPAhs8rGZaNC)***Gb9kp_NggNcPaC@Gq@+pzbt?>5Hf$s6OwrW1RwGj9ApviG8X8PN9Dp?&%t zg0^I-%6a-E`q*LInV(I6;$~-h3D21|chB}7UNZ0SH!aIxc@^hIBUX|YOn2}4)^P9I zj}Z=Gh<_*k38m9%zn{*(tNGvfcbPi(?{X*lciqbTyPE$)|E_b!ckbVHcD#R=u=O+! zUhUUgSADVl^Q5MASZtk??tz9@PN$IY8(vG9RdUh6e`#s9B>K;~7R8@=QXf%-OcWMoC z)b;ufqrNtgb1k@}#bYaA7?h*9y{ z1tZ1db>i$vIXVT`gLj=rX~_y3c^?bdJ&8F#<3npgwHycr84i}B* zOk{@(Uwi(7`5nZCLG}xFDst*(`5XgFn<-ls<+8iGcreJ(!>afJKxQw)FNQ&JOgn01 zmuE6P^g^?ZDQ1}$K9}_5Ptc|51r+$i!WhT+F#WN3$5}>r4n+dC)$;AS!6pp@KP79n zUq|b4o8BU>isev6Uk98y?C3gDRbOp&DP4rkEIcmAW6r=-Jhs+Tg?iEi`BSZOlAKORWX0#dPKZas1V}yewNsfo*M)Qk zqt+;;SEcAu{w~UVyaIR3EZ+YKX(b=9a;&3;QsD|bLRfe&j9ae36Ic2EHi<8uZrSEXsgjtA>m4GxxS=WDXI@M&nz2^dLT( zijR80qo456U-8kIiD5xWk7p(u&*^dFnbm$gi}exAOc>9sgz=o6r;ld@F2a*N@#EQok4Adp$Fm=f zXRhZ@#|`YqjzpX*Y}Souqj=k^y*1gyQdC_)BY++^Qeg6|$b}%OXVG}4rDN~` zr@XY;Dc_mnxmrd4YAXC|S1cT$-Ucky|1w9D1}x3ZG6@u-N|IZ`MQM5j*B|jqd1)3w zXVl31p2NohZviv)Gv#aiHBG?TTBWU*=>IzC@9n41A`mtOM}|m8mMoeQDi?-Q93GkO zy=*t~;%-DckyAdT*}gBtVINi%cfNfYMp&K>ABZd+I*h-u9|2pf+1@OSj{h7h>SBkG zk@_5RqP2rCQrHZv3Q$#4L8(uf+vQtQ08H7jnLq|`v2*VGV&J;(IvuFP4N%+lpWrPx zJ-kWn;Pu>`_`M}}rGXAp2p#qm=)2>qW{PUa_n4n$sE`fYM3%K4gZBcyZp=3Gx`?<6s(B zI%n!<#$GMS9-3c^Z7|+drI2iTJZi<0A;^CSrQe(Aa9e}1OUwsUV=tVSH~?-x!6VGzuSHu8+ct$qWiBhQySuk)Z;gVa|sCoY@)h|5e#AI8)$HgaN{= zd&A&e4>!Jp|Fc~3kCL2fm*?itX(-0fJRJHZ+51DLn0D1r>n6^r0PZVy=FpIJF^0@D zK0nBpJBxl=<;>1m#lnd@Nv?A$u8i=?m&{}fdM}y*YSpla#KLMsC4NN&eHgDxLfts! z_f*#FIq#+Srs@C0t-Suv-77!ny$|N&VQ*1w8O+CWKC;SNw6%=*e9Wcc40K!dX_m=X z3(NZIPX?HrAfdWb1emIb8R+AbeAvbgM{IHHrzgodg9wGkP2S22OlH5nJ7roAtW|2 z{4SiD)9XUELbd7vrs@`lu|oxalPAm$B4AwTe_UMV zY~(Xb2Q%u}AIj1Orru&9!jyx#v|#j56;hUr+K3Xyz)j1Nw4H)7CPymV$$Ps)>B&m= z5ryR#9FSkzF5d2lTRslDKh_1kqfQz2BJWAf{jR9I#j@HrxnJp&WJ7PuE-^@UJ9^D@ zey5??AoEPRgwgChqH-_DJWU8S@3Yf4AWXxX8DinMp}dbIZzP2N^V!RsrV?F{@1s9J z4mweoKZ(YTMf<$8$bTiva~iIHeUfETKWby2DPjf&h#&*A#<=+Ag~hN<_ri#sWz&=6 z?8_+bOZ7O)eI`{Hq(*wrAT@wX^3g~-LrUIvipFB96$RK~l3XY43A+Z?ICCrUdSEli z_DSNvRwqaIp|Dwk1vRi97Ecx26`<*+GBx9W^Ks_?=Ho1)apXbpKd3-Gj_bZw95HEV z1rArgT0pJyF|4IBEeA<_pxfTvz*v{0F?^*nTUd8$SrW!2F1P0mS;b;>=9u)aMA?%8 z^W>5bh5zy#+Z%8XK-9n*oXX4$-fuqD4n=-Dc{&u?N8a(}rGz3Moy46K2z|Y@IXbah zjETiLWjp25q}vkd9D5k*QuZ8i4y+V&_u%!wRxzZ)z_f_m9;TBri`*{fz`YXx#uso` zAi#4#y8q3`ng5%QSz^ASS3q-0b{*cs$u7lNXN}r$Nc{7)3opVr@$QHloMHVqofvPBLO(*~E+(yNrw&4ld-#-Dj6wC*?`$zP;`%JIhab zRL@U&>!r{Mm!{P*F;jQ$ECMRQwcKs(N5x{>UvIH zQOEnXQL~>ol})<7PB+a&_x3WjkCic<-AqGgw@@)IUO34i?-BHbG*}YnU+^B{lEoZuk3F|mc9}ug7tg>Gnx$rzTq!a-A*3k$&uo~* zfmd0r?f47R_nKG)%%(Q9&&7DBEg0|g{^uEvjDz8ti+kF~Kt!E|s(U9h@*GpV z@Vz*5vI%IWN#%3A z2wMgP-CGS$=n!!qWk;$d=f!_XmsZYoCyh#%?)h_ytike~#lb_a;ia;*@M+8-c7 z;aVshe}IT3jRQok($4L&=kDFe3GyB`mH?~U0YD}pkeTFoe?6WY!{ZC_Q5FtoisY?K zj&w(Jp?>%#57qvjX~<(=3cJ7q_+M4G1kbOyiMsXWIh>36&jwZ&whOp#9$ z&On^T83@S+x1W#nGc>ejI=O&Z?qVqRR)NB>YqrPF8*D0hk-}!8`OVU1QQ695BmnI$mYX$UJUqsD9Mx>s zpBGKeotU5dq@j`>!bL~K8Cb5XMfLF{&1mL%Y)C$&9Ni!vYO7~)(Inlx?|>1y7;nny z29tHeWPCFS#L~Bk+$KWZY-$g6;;#6@ps4b=T|RMU6&i(iQ3AXyr}*4K@$jZ5g6p1d zC8QCbvp|=#yTNns360LKJOym_GSHvO6v>PK{`>5N z@6R*7{}`S#1B`fM=7fA|`kF9~*)YtnDDMgXHZ}!nT86rJ_Yz62lC&y3(}2+{VS@%c zhGx4nn~mGr==@?g$IUk;)``BY^)Br6m~5SYh|TJ%xYX+-jbS=FI-42rMF3DhufL=} z9+JfY54A6*E+0ELq05)tLz&mVI@id&9`})`9ggLrG6!~qs8>?X;_ z;Z~4$EZi1Z235R%H}xXY1+M>b_h3dLC8#UD?K`0DwNOBgYj4mwx|TMbgong7dEcjK z`%>7z&gZCY-n)%fsnPx$VxZfA9%LkcF7^$$?tR^KP4;uKJU3`vhXx2v#nmjy)#07w zlehz*`Ry(p+$RSPHaX-U1@FmZj|8=TkwLY7oWW}KvRVPnJJu*djSHzpJnMVzE`1S- z196Hi>*yXA|Oa_o=27Q>6@&xQC-(1c7 zj~*GFLiX13zVH)p$xij~G_Q{3dT`X6irGood@$^uSca&upRk0?=OL( zk$zArdE7U-Wu#!9+)^14S8X_+YCIX9iE)Sj!|(AXQrW5Vi(?bRhkhge&j&@ zK^23D%2m(-WB$gJEIFUcas_V5=9d3PjL_xiDhw2hlS)rvm|VV$!n6RFf(-S3uHE^X zTqAO|&cg75Kg1#|PN8*0er!mRce)C{=KW}A>yp28$zM~Pns)pKCaDzVnHhZfjU0p1 zcYp;u6$6V|4nz_dAQ2Unbb_mn#*i1@Q>-;7KPHT`=NrRX^Rw146&|*BHnm2cf4%|m-Gsof z^D%#f+={BLxg%0cW2?;PBPu(AKMPnsc^xpBw>P5&aG=|>qXwG9+2&G_t8vK@7ly-b z8l^Re-s&XOTDL_3^S_cxGPwWwR1>T0OQ>vxUYP=z6X|(@neIj2zk%JG>0aXfkF$FV-B05E ztJr-C-8*>yVz@6UH1YnsQR6Qk#D2rRPu^ax0?qc!8H3S|+zQ~_Z;nx?IBI23FQRMe zDhj^t$fPvp8Z&$6{b+Sdwb1bRyvZ!nnQwct&WvN0f&5xDmx{x8IcVq0)4THJy?MFL zKD3748nmYc9cUf<5PqnIe0x3n)RoEP);1copZ0*c7~4>Lpf=UJwAtjo8h4(lc(}rs zTYa_o)_nooZU8C?oA_mYvP@&38ICXSJ7#!#67T;y$;4W0?gQX9+!4fx8F8P?dr!nM6(P6|$40IHyC&f03CYOAIK`=6z_npM}!`)lSKA!ho zpJbq>lRzCFMa#*AiVQ8s6Dl&aln50WT24Y#w7}e>i^<3-o*Uwj`ikh+S9-=pzrK=M zU|(NDEm-u{u!R)5zJgjv)fWM@fY|jsw&0>#jTXkmEt}!d7DTGmtiyUvw1r7jYl^;{ zpw?8VwF}m2=lu`S3LVeEH~`Z7*j*CbjpP0Ivb$usg9SF1-I?KT8t=c3-C1z_c)yd~ zrNG@)ynhr%I>1)^!??J$^T92~M9=OUT|1w0aciW3W9u3Lo7b#qF~F{8cRFA$cBcb2 zn%(Ju<+D2-uyfg+4w$VO4|RgDtWhzlIEKOAT_rn)Ik=$Oa-80&M~}zhW|v!Z9%xe^ zLd_@V>Zti#ADstZK!*3*$^HnsdW<1mq%Y!BqyWfZ+Cf--sLKhmM8klgoPnV++?)li zstX7N{2q%%U;3}Zm!sf6fu)6<1eeS}Rd!@XJ_WdLo~^@~hH(8GQj~u{!ad>y(~znr zG_Z!n(HYOx?pKVOn+ctf=fLe5{o9c|*v^hx!h%(0G`S;B_Odi|dxVCi~ z03fKnSiu*Jf=*kf!0R8v9)(AGI@A-ID049ERK($>E5HLPuCSWkglgEC8FqQQOa8`% z4tqzpP;}yz!%}d{pdjzd(ZjuHAr}tCZx~NPuE+gO{qPUe?#Yg9DCj~xPZBfw31j2x zYky!23F4vCSeyn)J_da_bQA5(nr&5Ykcjg4;`C#6@T$sqb!TrBWw6I@!6RgbHQTlD zj2-hkOj5NYgRvVh)E@j)xk(?Hi+dCL-G7rYB?I9B1rq3R5JiZ$3JOm$+Wn)~U{j`Z80{hShkvm4kF zJui}|kbgjZzs&#@apIWzL|do+J&7{j+_;?0q^Z3p6)9FfA1ca4c2FW%fy=p;o+shb zo&=ZPaGuA^myh9&*B6&__;h$G&iNN0Y?Pe1-ZOd2OvJ6ci&GdmID@i4w_@V;+&aX>}F;Ov%^TTPW6j{BUy*Po}!koDhG<7|)UuY3|>k{B{9lTNVBv!uzM2JIIGn{(da) z)rPo#bIJ97EjFFJe+3)7-!Fyb7E`)wc z7Q81jfG~IurOJWtD3fhS4xk&6uf{z}ts;j#s7F)?ET=-yfb2&Z-0Sr$x5E1r3~Fl$ zJ^fC9TG5xb74~6(5_yMreAcRgRN$G#0)2w-a|Gr96+4->XtD!o@%k!8#&$YeeiW?>pw= zM2X%V1D%2OMwbpm(xFHeb>chsU5>yV+0ctqX^X}>`~d!Xpu$b)E$Q%mi8F2>@NL)G&JK({m(Ab$~t<3i5>c;h|;p1Ey8)fgPSN(#w# zAhHqwUk*a`YxVlvxVYv>nr{E91#vB+uIhJO*}u}lUT!k%V~vFfkKMl!4x9wR?Pk03 z&PK|rjMF>7ou>qL(DV<=&INWs`%I8`+U28gVb2dMgh5UF5QieE_QH2|nA)RJ9BjP* z22`jd{S}|>pNbX%j zJLq=}A9-|y=gaej_pvT!k|1ow|EnE8v7a#hP}C%h)cPJ?6eCJ!b&2VGoq?jWQ?pFf z4qC_2!urS2su;k^(i%~o))*L9H?j-5(l%xvG;bSu2F7g?tTpb;k^T6xjii6O^E0^- z_JqhVnjgM=5eIU%QGUUf0ET;SU{YO4OWLBtks8T+s_UXWSlafBU>bJ@#Aixc&RC$1 z6qeXVUbmSV9`L@|6uj_OGsylF(U12{K)30oKLI26B!$8w;Gr;x9GID> z7%&zDn1Jn$?*~w}S@kOxPY*kk#+R+PQb1<-{Pq+o{e?X+rp^hRiyaj+j=*(wz{VsA zB`3NBdOsxbV{3)LBUdz%UG3O9Z);zE4X{n7lEUGI)ws6p-cfVl+z1S|qO*9gAsdkfVeC5zrrvbx9;wU0-?W&8qm+d{Z7 z!Dd^){M|%vr4`o!49{bPvPpQnrs8<-8mAY}fa1ep6AnzleoaP`EVpFT)stRshL=hB zG6`P}NqqT~Zq8 z?tQ|+`)(k8=+UrnehMZK@O+0|-I>2vZj8ehqY|JK>3y&o&j)~OeK|2Of%663R;lna zQQqaLcNVIQb#ih?BYtOK(DN^3A+jYe>a8yUc=qdIjK;SfW?i0n(xnW`rnn5}r7$Bb zJZH!3UH&rKOc5HV6mV$-QG0k`NX>o54mTHgW)M8iz!-u@EZhSufCpA#Gjk^l^S)hZ zlfYHQb)`G?RF#kpSNk;qs;!f9o zQndY*9BUsB;=}y^N&Css{-3t}ISx{c)#ne|)rk<~+*)_!4S2 z8vwj)iUJVdx;ff9^IUUh=V0qSvUP+F7zpblks%&k{{$bdJ1smG29Nu!PGGUUR~a0kDp z0BV~UF#ppT$cECx_`uawC9O>h&J0|QpjV24shkuA03^}S!l%U%OKa}^3s7p$tr$yj zmQZ?fG0fkhYhWwXysa0wE#B6_9?8MKyF&1=^#SykEGruFABQigKueZgT@XRyAyR=^OT#Y-r zX9`9#^-OTc4br^20shETq2k)U@9uH&Z-k(i7hs@s03qXiJc>Nz$PGE>g>-m&30jRE zx1rFHLAUP(s2YUax;HtI`$XQ;w1*g5koL1`u>mwJc4X}m0?usB+cJQeGdlP&9|5=H z@a=W*_8O+Hb3hmDS$nK|?6NED86?zkh>WQz2+ z%QL_8)fy=8$x~lK`^VB9b*U`MWs8R5nCm;c+<+_?L+%o`{w_znza7t|0|Mu5v0w@X ze#OEj7`bUNoWi5-X^oLOSb7PYL>!ufFh@D}2>sO(3M3y&YLAwYKzM4 zs%<2{=AX1nO7dQq`JX7%*3&_!;;OgHwYed2UI=Fz&GspN2?aW&^iodHuO87W8YjBP?+>5?3d2LBRfEY4%5Az#I|*6{Xo9i(JTg zdkC(8Cq#zCUN6r6ROEI^f%FWqG*t3>nXkg?Qr-sC+|2!Q88jcG$+OANt2Mxd9sbDnMWg+0FQjhF9RsrWX9z! z+GY%tslG*~dmQDzM)R+`+VV^+;FT}vxrJSc-sOu;o@>PF5F54S878;IC5Iyy$F;5p z8bTm4Nj|{#fxenzsfvC^8=&e+qW$ur@a@7$Oj}IJK~!dNAFdvAQjTA6iz9i476p3Ec#HyO@8B#Sn;-kUb5e*AAPqPi^{pX>tZjJBreW&v1?05l*L*p~> zTo^t+zK?u>KyY)Wsld>3u6{vRT39XASdN7MD8O`FK+N!UEJHlV-A(TPxDq|+y#MY` zY)+P3sypjP&dIO!9iZvq?V$)I3Z+rJI*at;AD+zX%w8yFzh*ddG?ijp+6zu~ox==NLPIZ!#bk(F!Dl3)LrO%7Wu}79mJC;}u)0_v+QI8EUu=9Ls83lA zFH8irAD%n8y)HIw&ceM**LW*7vncrgWU)?4iiA=l(CN@pBhcx}o*e?6Qdk=d#vZv) zv!(Q80f#~?;86HHVO|XjIAjEjJ4#_~jtg=y7I8?g3SK4zJcSL)m|tNt#mB9{EHmNf zdZ0^ayO5{R_0QJ6h?7(tJ@xYb6@$OOZbZBJ#2HvnAbRgBHn~$IC8dfy_==fXi>I*) zqyrfLBmIybxf;WJQqV1_+2kHBDl;2J#nL<;N1-dMlh!;IygFH|9-G0o9anQnOVSn$ zO-Sg*+beywo{>&vS+S_xFhvTCPZkU7??qF#P2=$dsJmvH&Z>bKO_8d{Q9Tsf5D4kz z%z90X#%jYHh)4y_mE@WPe@zf7F|1nUfq=+^?B#vK=^i_ML$N4_(GoDH3O(v6M-f?F?{ms^ znr#vQ;ccGkzT8MY1RI+PQ=waYHPmm zh~G(B^0*veqpj@^v=aAAr|imc23#0Ov^mV3V%|_4?QIj!zv`1?=U-0wL-c!+KM@r_ z%RVf@`U@b_D^zpr(3RQc2NqA4*E=b+R;4KWi^<*9KPB0uyUjexj??zKN5Krwl5)RT zkS8g;r&|?=i)t3pt4!b#a303@O@Ws0odviweN2^kD3l=UXtqX|EjICfJjfBYM$zib zkwQRzRKwwI;9#>na@UbLb3IXm6I5ujw-D?1IKfrs0E#c4Sd;Q(uq%+i;j=D-a6Rl*NNO-sW7iyzYv z=`VRtW-aK0>url}DOM@TJB)Y)sZ!xbwD3YAEj%)cgoSrqlfLjCBd>~a)1C61xlS(Z z;{HI?3ryRHL-(`|&CBuSU9({5a^Qw0fh!Bs0aFU}VY*WpHw(A`cGkVirk_Wak{#ZT z$R!E#kUlpUE=9R0`q6s$2+GoT5{llrKS|mSTuY?2ki*DY3_TB)lkynLwy@WO*^t6R zrjfy;|2E=yjCbx^M1^8_Iptf>=DUR*rMr;HxcQGfJZLe(`cLW*)_c^_ zc4xD^kG7T{2bhdX4uzYpYSkjWg{^&KX$w5>(s)y%+OJJ9w-9*-t3p{{kZklsvwi(L zGAEuTIC3tz%9Z=Wy_b^p<&R`Nr_JW)nrEA2y%WBxm%*uOd}Milt2xG0wjBJ+yF*D2RQ(Z{1wZPVk7KHCi(Dub}Y~I-kFB~ki@L&CGRgK zV!$%g7YpmNa6N|gu^HYhN5iv2dYX?~W-{~XXrtmrs`&n6`ttsRu&_$>R?mVuN5<7T z>k*?)vJ5yH=Aq8~17t&rR{KpWand>W4QT(4A>5Qn1)A-gV>k~@d=J=HtH+7DTgMFc ze!6B$!uLJO5&7YV0#Eh0cRu{hg1;&7R}6nc;V%pRGWZ^siSlu=w7S8t4e!ZnvTC-? zNAnPW*>FQ4Z#7zi9K*n7h!9WE>r@?p1EX{UlNCqx5tZxpfZ)aLk}?{3}KhQ?_RGBr`{(Y-ePkH3l$VmdD57QkuwVwin^M ziYT@OQ?R=6R%(#QaiH6S=K*)KWi;I2AK7cbav>3q9Z~{wmdvm4lc`1XAkT6;8oJ@h zhl4M#7fM>XEI7j`zj2TwFngQeJvnI6%})OL!wY9%;Uv9q0~J0qzVIE{Q2NxMMZ=)< zk%bpRA!pY*A$Z6PSN8Nep`?L#SZm;mQv^;j10suG@eztL+?P%~=U4?8UgzXK8&#(AP9^ysry&0DY*S*(Nq?Uu4J6+W$M|?Ap`L zS>!zE{=^YTw!G9%kcbg;{C8o&(A zw(%z#K-%)uEf~uLD!pwM@e8Q;j*GSja6GU&9u7Bri*Bz`Ki8G)gZZ6;G43a0G;rju zPcqVMpfKek#uNrAP;|B{%T!Wea%VQJoQCt{NrQ*o;bA1DI+=OZOr*dfsU?NLjyhVf zaChd26|hXa0%IP+h1Ewo5_ElC|C^@CA>4Q(q}5oKrT5T1JE3=Hy&8!2Zl7j*G?LIe z_hp^;tX{L-5y>;6BG|JjtZA3(5}dg-GN^!^alvZxAA1iNy+}8VKjdxc$@?f)KE@z9 zY<4RBlTdT=t(||@nPi3a(aYi6%Rho)Mg{&6;0q3VM!5oiMcYt#xpzEY-aBawU*7-x zal?BjdtQb6tIp-5z>I7TzC#nMA0_!K&u8d=o_j##PDFtBIzgGU4!HY9Yk>88=6I+8 zcwAT{crwg8U}*cG#TxHN`$oo>M!H~72B!1QueJN_N$LC}q0pfon>Fo}cJ4~FuTHCx z=@$fI;Ee8{g>lw^*&938sd#ntnfPEl`doSh2Y6()OBs!20f)!J_)do5y(S)Sx*uVq z3v&K)YlSXFxzAk*D*8s=h8<$|5VCa9sm` znJ^exou+YCEUwFN@gfuRTNoGbIK%yQ7<&P$dOv%?7+J<;%f~69QBG9r@+bbJlKi<- zxd{MuXU}?%jW|e^OIVN>L~>X(zHB`L=e-Za55%l+9)-z5`N4>fh0$T~tNF3$Skc}O z4YS^ViqWxzDu>?I4osN~ZD5x-WVyR~8x9IGyT!m%!Ou91P5H`o$Z!&^guB=NLU%aK zRVz_FoT`*8Cxoa&XIv1H<_>nQ_wvlf!s zWi#g%@@qG6{Q6L!w-iYCGoO_j!P{UJ((2?&?_sMWkY2Z;SP1y)N>J!W*SSL(bJ9ZY z)H(9%z0@d^d5X&KK=sUJqH@*?cNprK6Q}ZG>KPVcyC522dsu!@SmiLOubYttpASX< zoo?p0MBPlsAltfbhWR7MIPU6kQ-C#xopRiCxSp#&n~%?!jx3olgC^=sJyd2CBY=+H zvMQdAPWpji1jeId_&`})JK_V;(ySkJd~gDWld8FbO8c^NFbmv)O&o2c^U2G_ik?BU zNe6Aa@i01+-br50?@@&8OXqAps5zB8$t@R36hVnOf?T?nh?r0^Y6Q?QDPZo7_8{G{ zsy1Qn#Pi1nu5r8 z)`|hBg9x8xP9Zj}shgewLRBe}i=T6p};2s&!Z#@#+N8=S5klO+*TRV|)~az*)om@$2R6Z}TWPlOB!f z5)7pf3&j*&D8~;+x5aVsJO|gVt)+==)%fDudh>8XTT@TdmSVK!0wPTt0+!C9jN!-h zEqL;`z-4V0yjy7(<{t^FlTK(F6_)Ee58{8C{r4W=&z2GUu!Nm#Ko5bu7(GZy=t1Kl zw(*j_iZK%7B@8MK#o|WH34Eq|E$w1OsoH2kXE7-PP^vsIrwhp|S+>jTI zaMM1%joZmOkjNQRV4Eu%+H=N0?@>;YDRqv_Q*K{kE4R{?V{fE9K3VM|m9*FYC&cif z41mxl9WkL>XL00;ZXA%ucdMo}zFTh|)Vsy<{~2-&)3J{4yidyxM)|cR*-T(Z&v;DY z)Vrw+cPrpmBs}tF##lmA8B=x5!}t$FNboAqY?mJ-RhPi`SX2N4n4#;M&k9V}Y<-{r zynS~qF||G3En&Zl=Hq{}@V_beUorkS6#v7Zev2@u-{nwG4%M@!fyF=m2HC-~2A$i< zKM+-4#fOA(DvM^(@xcUkstu!NNJbBp#N+UiZ{n#2^D1Y<)q!$M{e}(JXYibfdOstX z4_M~j3)^*|+vw3OndQ;%DPNNR6WRpsg%vf&kkI1SQkMice*e0Igf^~o32oQcr;*UQ z(C(x6`--;q{eE(Je0#pH6Z?Hm+iClK?bp$MFSC*o=Z{lS5ry|*=wBwl2pc(J6Bq9B zP2AgErzkGqH!A8y{-gLW%3onsFP|m6&z1l*cMrv6|CF*5pnGPtSHQ9FSQgK*zy6gj zx~w(il}jxK`gagkO25+k}jAZgC$k)&_q7QI9F8PfOlz_0x zRk)k?jU>}PdW5z~mrx*ybICE|LKf^FV^H|>$-MVeGOR7=5)lXt&hI~yEC$Lp=o=kw zLoe9nX(wIsA5!iqQF+ujz`>LE@a-em0Zwo7Q8(W4J_U&ncQAU6L$P~~>XG#*{>uS8 z$JwDLX2nk0m1!q=-<>QbSG#bX*Py+5k>dgiu!_d#c6Ks!6q%ykc(%h1n$++aBQTxz zw3Aq)nw7*nlH%>zlX%}Iz3ZN#dPhmjc$14<3{TCxZ$ldyvva)f@9oZG(1MD-pgaZ- z(80}`jU;tW)5OAEB0qKydhmH$EekE8TocKc>%0xgEaaEO+k;|mCAu5r)=9aaJ21j% z(CjR%^c;8Qh9r3na}Pc+ImZCK!uxcH7i-4z zgah^$|7RTYP?e9X-<|BF7$KYgVGPeLAIC3zA7CW-zmXhGGc3GsGBow;Y1?nM@cyM- z;y^@V13|(5lh_zomJ-cn-GKF9A3qo%dYd}K@z*J7)J=JWHY&C7|_nEkT>h&M#iBPW!ui5^9;*2Lu+tBRBMo{*&ILrpQs8}BLMQsV)&oWNacI1 ze7uWsRYRUcD>rnBDpu-amz!gktMp4RDc|?SB}emat)Wznw@Px2b1+pX71k}|F_(20 zY_<;mkBpZpVy0m=OA1`92Z9{34_=KWT(fIkte-5}=V&R^a-M_RgU`8;RN8`J^OpV# znhR2M^I3C`>&=}3%{@-dJ)790$oTkt?sZEFq%BPOmZ4hq2*?1 zxyD5q(xuX7YWbOjv^r5)LjGQo_lWNqiS4DWO?o0ZQ5i1E&EnwF0?Ns9HBj-oWfMjD ziN-FZi^Q>&w-AK$|gh!ab6YsqI4})_{3tGj}t6p zgKAG==~90apoX*T2)l6n7~W(^@_woG1b)nWSqg>tdYy$$OADfv8{jYx2m+~-79YeG z_adQX^)49OaZJ(bu%{?DI@9WLOx;CrjpO-Shx$Cl>Pk+}Cf)wkAoX^56-mNxg-*WZ zeG^HYvknP>ecmz5YbS($NfW$3w2co8yH}9EbmSbDxJH35KQ77@iz$+p@93(oh?h-5 z=m&FP0XIkBGq^cp_#VD|#K7WJo3Oe$K#F^afpzq#q%CD(dVVl+j+3jS^ee@DdDXli zwigPgc^ldS=HlX_9m1ggW8gF8VUfp6QT|_zl5>A;HMml3|K@8roIbppWVLU}yU8M0tMGMw4zwbt8)j zD=N}r%5Tvmn2X&5_4v2$OeYzb9o>>bAy3$DI%`iJQ0aYFBbB~DRElb@)~WP>a2%Cp zrgu5a%+x!|tZBJcZwB(x0@CWObgWCzrTucGE z{|DBCde(yo>p^!^I37RF3c6FI!W*p1@6WFdzxq)(j3X#*Ti*2~5k6<(2`BG7fzUZb z`GizjUGjS}nn4jr5MIZz%=Q85#(@!dfB?o6YFo{23C zgD;|a-2c<_DKg4x)MLD(g5yJHz+;Z2V?4#&HkKj{k3oqj2 z$Fwn?--zJ)%5G*yh|HGaFk`ee@1bP(=={A2^2sW5Uw9h|TV;nC*|H+0fdt)7D(%!4U94U37H z)Y-Uo;GgoFno99VvV`}2!2;!r$`hD}z=(z}b}-Pp%v<#80Oa~F01mG*NCsx%=glXy zNdL8>lFU2+Pz$HoJRjqzd2SVz>rp-DX()LK8(S_a&t&ScnrFAO2N`P>O1DGZTb)&bCTou00(xQ>VET@z7pY8p{nf>^- zBqLPJ-wo;}FjLgkBuA~z;`H|)v9vB3;)to4yq9vx2L4WONu!TRh{OH5woqc?CCnqf z5#wS<{ac;N>nsTJt!%-Du$4aE^+CcolcOx^Yk zJzpE9sB@I#w2L@m?OZ%XdL$$&57w+DZ$LIp*!kB?hL_9SXreR;1JWK7HmB0+z4t@5 zXuRa;gnFC5GKU1>ZonIxZ7xmtaO z4msIJgK%i`HE;7Q=COP{WHM!#JY7&&!sF$L#|iynCaUoHg)U`Pm?D_8XzqdedtD<| zvHn#`*y_>n&5yRA2I~q|Kh~CIax1#T<9->iEHQBTV}RJd-_68QIT*g=`(`cT&DZF} zT1*h9C@7x)7N7?-#gVW6JRY;Y{*}_Jpk>c}NZ^Xyw|0>Auk;p`pNXq}0syk{edb>C znh92YVZ!QwcXgR@YTi_a0fVe8&q(`xUz6wJoQ|LX+vDeA{9_vizn)0o(M!*_k^Zsr zSZpyAyN`-xvto;>m{>i2J`)?smx-jXk?q?%-F)n?rtvw~rjO6A>UQ&SF|$uN-S|Gq zzW=tj{`~{h|C8}OO@8}ND9ymF^QCGt3ka-~qBQEH$WoI6!>nRq$i+`;MD?vd=;G}l zAT*I_O_uNhegFcMvNB80P<{y|S^`S9Ft>faGjTAyNftBpL>-OJ!lS%DjibP_x*r~K z&A5uw^Y@C;RSd$Y;;SiPz6kE2Xy~3}U&T~uMkx11RYZBt@-|Q9{m)ZYUDlllqZ8^H zN-ki|#wxmr+{%VtsQDe49Z7cNgZSQtY+Tk(q2v_j=~_Z`q8MLO_5=4cwDCDxD%61V zqo$nPUa0Aou)nEQ!;(_2cJE-+C&6oT?DZUY?M&WE5nE*A2gN~R84{Hk@$N}!r4i}zDP0i`rYpO>>mZ^clGebZZ1)=_S_!gZK? zfcJ8GwxrS!PGZ<$YGKyapXk=q%5#|T>-2n*K#cBV%+DKr81tjJ8u{{R zntTYuV-j%$U0#nUC$^z=>831=|+Dt!qn`YMdvvL?$#P8y0R{W@J2hCr~0H zaRen5S~!e(ERI|>n34mHm}2EuVBWe2aLMa7^k9~*|2U6+F^M1G7clVo$I*r_Kj>|l z$~LqCdFbn~`3zH()#Lq`xJI2CXU^Z=Usv9x$oh5#|9i|J5}&n^YYHWK z`Y0=KlD!Ri-sU7vcjl-EZPWj_yID={KBBV1Sd(3hHM!t3Q5gdwWeHDqdR+1xj?(Ah-X?vq zWhH{tE_WDuWXfpm!m$rOC@Fewyy2g@c03tHHEXsX>Phl!j*~nui2AJMg4|V~_kZA} zw#87siGx>*sCwA^hpvNj7KWA&mNs|Q^<;31x{b<6U+3(VQ@Wz|s+KCAU5AO}a`AX2 ziA6ExU6nxhvM@yZR%RLbcSA5J4E>ts{gG?GpApMPo6vp%&zgIN@(ixfbBI-Pyc!4G zGuo+;%^Hb=@5iZ=eHU?^>F@iIA)M{Z+phmAMtwQcW{$Vu#D`WG& zdMM5ON@M1A0F;$ibdywUf#&JkyxKtSpR4BSy+9s9C6T#1-HU{UK*c&tD}FAWUzJV>4~|*-`*PUA5_J5 zA9BALYPgZYZzidHy;bPpGvUgZhtK7=w(}agAi%PhO+mh|tI?E|nv%A%bK_gcTj*Ex zK$;X+*Q|{L61{~EJ*ayNc`n9{!E$X^sIIzm&i5bunR8C( z{-g0ZGDP`Hr?RQUQ2veM^n_6Jvh2!ptI}w9Pw>_`>*Y5F#F+=&`T;W!n3I@KkN2I7 zx$JdfDsbTkx;+Wz)T>J6NCHIJo8{GLj0czIX2x}HosTC(9y^T1 z-tK7i5qOry{PXv5yI+ZKqba}z#XrN02ONtrBRunyRZ4JO$}5+o#{|M|CZICRo?8f9 zm92SOyYgil;LFlOXz?uuiY~bY7n`MVHd(e89@K+vaFwI9!!p$ZZ}-F7$SmlT@Iext z8HPIx?F$Id3I)~46#m}wE`Br^n)n7U7Q>UL@uDAG*smI3iU5aWd3?5RySN_PSGLZz zGP{RILb5Acl&d4t84OkS?4c$~u8PZw!ngp-Cm+q*`dDUzjqi#FiMbp&%k-_c! zZ5@31xHO@pp-m`h9?tv7JXpDc(&#R9Di@=1!>>>##o-IO$6{^}zC4JrjnF+HJ;^cL zoaVt$tM)#eD=>k>QfZR6)#{RWc|HTtJk9-gi3<_2(c41~R4;Ew+*w%A=$YvV4<@OK6u$RGbVOgdxR;J*4)pAh ztJFE9qiBL!lX(BNoIWy?3Qb-L)X5UMIg15J4ip6*9f0*cRgMEyA30ax%dbc&Iowv# z3gfZ?Ll-l8Sj^#}7U|?Dtk6PaMG`SQVIw)XB`EB?- ziJq^GfBq6aPp0R-*mH+x4L&!+bN3Sc*%aQth(ZCCPq5(g`TFy#c>j(1^Auqts_8=O z0aLFhpZ!*N9HJ2iQ0>FbU3g!AYq0Qz?AnLd=dkO);&mT(eHUJLVb`ubi z=usO5x}qGeE*Nsu_$+fNXpK$y*aJOG#^!5l(TxQDdiS*R<^6fb@ZP;VpTPZ9g`6{R zBl)4EiC!(uDIY|9JkbU5@xugs+$+f+Mr(op&csTh`1k>N;8vf&b3M%^{|G{JvD(OZ zi1D+4VC*CBf7^FAW-(u%=J32mU@3O7$0OO}@HBWPe1O_x^?pne5wPILgn8br^{IsG zA(o2dn3-^0BwSzrF5!AT#kubG*~0@&;Rl{4T*vqD{ZR5|U5zLD4Ag7LL1T3>({06o zc8`L(A2p+nqZli#UWrA>(D)q+J!!;Ole)m@)8PNj6vcNm;iWvxzuIxd0@{s(kwbld zz_Rtp0TeY7DMAmR1^t06r1$dd9LJYCdjMIu4wnIug*2DE-}5m|!(%S4K9W9XEquQW zzh_}2sR|4u=|J0W-`$9!_fhnotvN^#K!{feZs>VN1QQ$SJFtT#xz|%zA9cz{U?x!6 zIOOG%s0FkN@=kRmvz&UIeP54x>)2%j4A`t*L}}c~I6`Na(+JJ#Ww4pA=k#P|=x4yB zp8pVX3aPre$CjU1A}$LC8HEj^TgF33L5_qEJ$FKr!=Auk_ZR^qgU7TwMN>xHTm(r;_t;Aa?VIO*9i{+<+Tlx8Cp* zITwa;nppq>CJ+UCI+@~&M(LM{wBk9~rwA4`;aa%{$^$KF9ZU3UCQRG`_pL(7xA5%5 zm7eYRED4`ot3Pvi-oR(c_{^n0o9e+x!ZXbRdH@tXFcV-IiBXGXT$i63YjpryWf zol8V$uM@V+p7i?(5}Cc|tOZ}A51RiXT#efR4d(WswW6}MQpM3)nNDkE-rKZRump?@ z2cL#-cox@+BNOIedar~5^kaYl7`dJ^v*PCRmm_R0VduA*X0oOG2hf%Fzc8c$f?W>!)E5hSYgUE%yf+61~gp{ zq!OM6oyxQZ*qogBRK6-(bOMycB3uNWIuy=Qy zq;J!BQp{|&VvIrl`3ByLR+mjHxAsE)uAgHPYYnHLR^$>tyf6IC9t+FnuW zp~1mU^}@K6Cor53uO1M$BP}hCoCTXYZ*1z*TVU8hvL&X#-HN7)y^!&V0DdMRD0{#l)Smx&9|)bjX9EAz-Qa(C_iE&SQclbE+<^;V5rt^8-FO|txSS)1anq1A%V?yl zY(M@iP-V0!+qJ4p72B^{T%xaKk#ddyWv;6d(kjOx`f~E zOIP_C&Ez?!D09y;CqVJJg4C_Mz9PQ*Q71%y5bxaJZRp}{wt5Po;4@S(T`%|+E9jYt zIpCoqks_F0t7j4e+fuTcJdPuyD4$^g%3BGayYing|-I&v1vA$zXKYb zDtXZiBI7B$^(gEUA|e(lK_4xKE9Qt#&oG*u#;*W#K#aeywC-}J%O^0?%GqcFb&G3bQyD6xCVt4U5T+{2Umpnl9*|8^V3!HC7GAQ`}I~tm!@WxY;R8 zhWmCX^M>Bk@$aE23Oq9n1FV&?6TCz4R8q>;>PIO3fP+&cYg5SV$!iKFd(w1P!1JS^ zl%Z4Wdzd_ELzbt9wV*GjOT<%6LbB z7ha7z!zB9m%$GX#g@KKD!K=Do1;v&|fz^)ZDN)B|cbfOmLEUi~Ndb}Kec|NgEt*^n zf+jK)?sL3bm(ax!p?Vz2=ydKI?*mj#>m2n-dRfnB)hn0ik0Lc6wa?ePVipOZrp;L5 z^!lIZnVfPHjMyF7vuJfh$b0A$!!K%gd-v8+SHv& zfwF_@CI_$!E~MQTF^uz=OJ)yi(~}LNS$EUeVQ5cgoaxivt7rB;uh>j`&(*Z39VUsZ z5_7BBx9daakV>PZg=2;aB@>5nlKc~~>BoSiV!)|sqfQZ3wJ{3}lQMCb0Y-}VP@6n) z7|a^?g_!$gQ;72v!vd#N)PL=%$JZc#W@^UjG%V$#(5)KHpxaF6kxNbaLGS%TP43i^ z7x9Br4xa{#fmAGPgV%)6kEw!I9cMG{Hf-2|ZOWo$*-R&pf4rP$XuaJtI+zqp@D{yw z0?7U{L1z&ketG~~)Xe~wTpeDW)(VIgImhsuYiG6%i+D&H8B1gu>wiCj?)gmbE2?&5 zmg5-Yesh9Z_g@UN?$ew%<%1v+7_xnvOdnIZ>o&!Mi z#D4c+4EZXME`^Ppnof#6 zn;UNPYgrb?jsF~AWMS+{Sr~nd$tw;S${537cKZ~l|_FxnYx&Q&o&y*CQ%ntv5Ollu`XJnPvIw67oW6H z7xz37>*B}Hx9{RI^piROWA8!SqyW^ zQIIBrB<} zJUz?vIMi`RAIivpC9%6*F(<=kqPHd8eV&tRQD-oQJ?C-MTm;pP>|pC!{kA7dBsDHw z2ozV1Y+A4=7Ev9Z)Uhl~p#`%fZx!#z$BN1i3_wU=@MdJxdB5f5dRkfYf*+FsbXTdc zdU^iDfO(rUFmfzb-NvfsS72&ey;A5k*1NFWDL1Q6P^1D1b?_H++{xTbb7zNQQMH0%ww!ywM^}`P`@3_R9u7f+gI4ztM%J%7$H(_7D}2g;Qd{b*obHb z*oQe&{8;cS_Mq`sP#2Kw8FhlUfp^Fup=l54h33_MOs3~*S7%`jzvg)waC3|FRL(_Q+0N4=i1HIBE1U0`@} zN8a|*F^>+2V^i9mZ||>YNseP@JGdGM;g^$-TnBC8Mj*&s_`VIr3q>+wR;)y13x@xIx@5l%hS!a@V{Aw?R`< zC~}UgaNqLFCkN7H_!FT$&Jman19*Z4a5~m{004oC_b=RJmqoK(UR?s5j(QeBZJV%u zfPp7V4j5c+GJAK;dVT&mnt#ARcZT6sCO7kb%mT-4cgn3z+d0n=A#hEq1GDQ%Uxr$f z?Q%=Wp;TtfEPUD^&faCW`nvmi;Fw;+!&P$a-s5x2QgI`s! zuMSDGYwXqs=_^dS0HXvg09HvgLZ~Gf7Bv>$!U`XjX4l%Sk5FOJTbU#k20hQKg={&m zeuR1w85g%+y5V}keylEFB%o7rmf|XCrs`p1B7vI;Z``Lh78x!omZabE^!RQW&oS)1 zT#~EMaG<-BbP!nAOsHO{GM^1&LhYhkcL!Mkc(l1z#-q{MXyib9d&xL!Y2-a}7WdhV zlC@YE68SM9Ii%TMeK*e($*4H*d{jm)0$G~!OEJ6S1ber3zH4Hjg4xzt9{M>?KMo#B zN0Y;!)dNTdSd6;Eqj4;(qFkI&U7X4CWftqF;HmKa745!neMbNO8K#PDP53@3{(FTd zvl=@vkoH0$bK!(||J7Z3pm}#8zFY81v;W@7N(}Ps7Vsv8jK{GtHE=!^DCc zC~1^$f8V~o_V3%(pW{?4GONEqPu>vEZ(kiRdq+)ZpFLuXut*~;{!K@Nn{>nqSYBI; zNSiFm*Jo6ZC8Xyw%4&LGh{Ca1V)a<2NR=0Yc=~Q8$LNZb;4hAmUzk4uI-W3p0&?is z|1_I_0D|_+U2q?(#Z!frMly3RATt`~h44@O3a#wO0v^53n#wQ+AIJMfv30ylHF`Cd zdbQwby;tO>8(=jCx?MRT9>Efx}m3?94E*mD^ zx~TcPC^PFwhR2$%^2zuaP9}weKEup&!V>;5afa7E$tc6UV&L!k?0Urili8(kpEwHn zNcHZ)^ReiBx@RzYcMU*v!;fsLQl2!XY7$M=qq>4U>^Vu{GRDf)(N%DiR>5aa(EObB zqrM7uz&%L(eEaF?WN_Wxb-Y`Ffe|C0!Z3f*sed-q|IQDI#B}BpY{-@}V)|lWKpZip zy)9-3IIg3A(8>h=prf=hyRe>I`GbyWt&iu$)dK682(dv`)!*pk!jk<18@Z1jZ%=kR zi6^b=4&|z-x!Bj==Ovhn`5$NfTF%JVg@N|u%PB8}Az7FMv}-6kx{cDUQD|>}dU}=j zIP-t{UZ1Hm9&bmlh(d+WgnmW(LBR>%vz{G$EVj7+%@X@UHI~@t4<;_Lox9sDvD5oU zuy{h255Gfj(}4axmS;rtLkRMba%?Tf^RW=QtBIv8rk?ki7M%efU8d?AV-bENr;rH9 zun(t%q4v?!#`|U<$X}GU^5)G?CvwrxT`>%eUKdFoB_*|TN6yO zT1yXOC|m-o6gc5j6TjwJI=O2WN*gd|E9G7CJs5q~teHx9|B`;V=u1mbiBK8}qK2m} z3vHf?SN-))dFovCS}0K3Heiy;v}i(L<-U4MbTpOa9EQRE=zSm-v&}0+u5OgpAfb6_ zDW)r^DxC~-l~nQ^PT4_GDJ|~FywT*4+70c@+Ai`yjWaeQCY83`1=aIwE=$Ji!FcV< zph83FdLUg-$7}ybnTTB(K>5&4Rw?bDuG@{;`vd4T88SUlpU=ckMn8>XXCj0w;NSg% zTC)dM%zOY(NSg=nWlpBo*|#~%Gzq#PK{o`gflaPg)A$ExWYWNFgvQi+022Z$FQp+U z;LFS?mx8o|hi@hhWbI1cJBQlJ(7Uw=rgHh{(zeTRN>^j}+|sto@!EF}b?Iulet@p; z#B2Z0cy_q?acF3Q+?!Ls>Wi=T)8}{5=LhH$0d4&@7pLHp-|5Ljsw6oFE7?GmY&7eY zJO;N6psK&!46wKL;>-MfX-rTQdpFDEoNazn?>b=eM;Mq)SvNFIpRqlfZQdhvM2(MF zBpTA`7WYL;c8yhE3$3^o__DmdB=BW6jnCkqwmwKcGs#}su}iZJctmF@dXOXkWSB`Y zgThRh@B?>$v{LqlGI0k|`Z~#lr#d|KEnIZXKs^xzb!Q(E*6H6Y6C3$^*(?)atI-@k zSUUQ(1K$8+|3n{huxLzU`sQ(BX=O9@txi;W;*)d4!UG4{u?ursTxXT!hp{=A($nSN>-pIkc!-M2pXyKkaLHXImhD9S z7kn6abj2o^+190e*+dF**{!Uc$iq4(w+qMvTbLP$#Ig+$<$OY#k2zXogn0{Xh%~DV z%)6P2Ev91cP_YlGn3IYXbkU2Apkikc+C4`kp){PNuTWgL%IcA2)Gn=FV;-%lSW!<$qotGt-M6tfwPfY}wQ!|Puwt{k|446C64A_{ z5f07Fb7+sSd9E>^57F&f9U}4(~<1aO)X$FXFn13F~jzzg>S5F}fQ1(ZTxrbq#H+u$tLQdL*c< z!}aGq+!nVc)9U0>e5$_E6a9F8WfKlu%-oGgI7$&M)HOX>!2MO347m9)80z2jv^}em z*+Yy|qoRH?ZV#A_9|ktnlap5k{w%!%I+T+}PG4w2|SLaQ_9MyZ&VWiXf(&{dQxgF#N(6Kq1Jph8KL&Ei%Lb6xyxN#*Ud^CGlnZ(=o15#RMepAEhIV zX!!u!z;w0^sJC~GJ`6SVLr=d`>iSp}$$Z&ktcpokg`DtaDSLAzzPUR+uAZJy&k0R+ z8Kv=D2!#nJhF6j+MBF<@r4vnFRf96fylNJrsI(3{b8f5^An<*$K;aX#bBt`aa}0r@ zyzYy<=!~?jVq8M?%Gl@zQ{tcX zf@jAy^;nm9;fD}U9r<-8BaSzh-(LRQ!%9-l7gLikjI01W7)gB8}eXZ>-Ee^u2qgn2%W@lR>8(9F)MB)zZjOhdk)F4uRmya!zLRQj*r6X&ygwFu8@8o2>kRe@>Do@MVS$@{`nyOnh|8%BHA{dEd<^wms+>$<#0-KTSLp`p&PD!hdx$bds6yXRR*I zDWJ8n5-X4w=cq4O<2ryHgSln>I3DN?9l=L1&&P#;IVjT`bpZoq)k$moTE>x3udxy{ zhFm#d1IPPI0h_~r9|q)Mr2bWvmDa>!oc0_F>}T5w+gH<=9vtuMXN^bdu2$^66HB(G z(&EDT{4JGLwA6|b+kQ+19Kxwp52VKRS(Gk4`u6 z-=aR4+BxE*k!RZP5{xlr3KJYY{=q0oaFs+ zbfEVZgbkmnT1s36-M47lV0}DcVdLN-Yo-dKrC+ARZwDWyP!kiW|M4~S1rU~N>NOM@ z`3aId{+1HMM^dA$MrbN(u=Uau)>2p263z6T@%44tqM^C>M7`X%De;K$EQ$%EP#<&+ z)46$DyYOWfQT1p|rkOp+pwKy5wOI_B;r)?=br&!j6yt=s zG(2lKbQYd6!bSz}CC*HWEPM-`jZ$Wm)t@;R1#Xq8DVpZ*Y`cP=@Cc;N$rSCE=J6#*nwd6kFWL&toDT3%Ed4JlXPDE1j_#E zFB}`s#Z&=mjno5N9K5L6*0*9(a&P52%t_?>b{jVvJG_3A3*Yw%XHr+`t@NZ;8gSM; z@fG#ig3Cp{GX7cDEx@s9=hA#&^VIRts20>V!*bb-|M6q0y_$6ks^xhX(4-9r|CwAz z8sB2-xW2z-gdr4}zEKPP8Gda3knjOdZe#$V;U@H|QU{*<^Ya z;Kcuz_kn_|$6JV+BGEI!fBe{LAVx4-k$a3av}hjS6>bob8``b=$mj&VLI(;jV@e~e zAO|X#it%;N>M({^>0@}65wplRmoh$H9%;AZpLFC0;WG=|E9APEIc7DfDH&Nx zP*VD@kI?J6#_L3VrGE;(R)o3EKuMUn@R0wUOs`3i>AM_@1lC!*5j_lF^FlM+KAO>u z9sY`V%XFr?w$pvKsEna-n>MF1CaPrBY&-AQ1t(!~oG6P)jY~(LeP54dynikFCCYzY z+%z7lxxlGhLoVjoPRs$HpsS_C?wd@HY`&y>d+4WdreUD-5Oug!x2KUub(3o*BZOSv}_ zYAs};)3P+%!TabaHK#^DZTtl8@eFk@JnTiKCPAqRRw~H==H>hJQw(o(rj+{^>u?~H z>+rd9jk&3^*xlV3D66MYVAE6y%W)b8t5+sxQW6M}ZpLTPh&j< zeO-!V6};@M#HE;+gSkg_9DshzuNU3|M&7M{()3ti|B+Ojf-E`{r z#YyxaL_`fE>$wvx0lkIr;yt_~X`y>{qO?%{S6y0I#~IQ>2HyiuX4REc8|wV631^7@ z_rKLN(jF6ey)oM8<0St^Z-*jf6QZ{mEKI#PdW%M1>bcR|jkpi=MlcoIzdnv>!CjW9pqWdYBS>(A-M)VES2j=}%L*SkxAFa9R0lJs?Btcy<=f(>cUz|BOF}00Hgs zR6K0xN{EZW?NmEYg4^R((C8t~&e&ryuB;4ISN`AJZ%1>?;mDTuBxZ;{-O?|C99VgI|_g2t?^b|VL zrO)z#-Tc%M%N+^XC#e=GXwGD57G+SzTXu^;vPU54t1l_i?Q?vtaJ%t zWHl@OZd_?I?|X}t&cqUHSm_+B`w8}ZE!MJ#wZ96lZ)exj@%l#n8ezPWT`x{!v8nvo zZ~>w@V$&p66-IGU(Z#1kz79qdOOnO&oJtiDRKQHm_0TAoe=@?vem@co0; zn1Q92u`j1sb$tYUiGD-s5>}=LpI@ifj@OeYOiO8FYJ6ADGrH248tqCObcLARLmAi= zlDu+RrI>|UwXnu81*6KR)AcM|(#foh6&pL0O3ydr^GH{QE%iP&A1}w8F zm09prJAzD!={G`Zih*fCF+jIYIfO3eHxD8&GK`q#38G`g`pT?bC9RwX18WpvkhH*i zQ%J3%;E!h8w~&t4rs%>Fx+JrJ*XWPTqEk$oK+eQi=La?VA)isL9Z%yG%eO(OrF8pr zs`&x@k>oEl+meNtPHW}#4wbiH<@H$kQ3(&MZT|?;{))r|7zX=7+H?a!eQO@J5G`cY zAO-F(eHN+qn_VzsA$s5^xi5vXHw8%;%rT5(_5c~sY$q1vVQySq3*1vTJ9rU4I|cKd znSi>N9l)(+HG8-kORJMuiyKHw(}hhBPRZFRbZx@v?3qGkYM9~YzHJPSxRZf<7tqOo zp@e1!_ng|u79J|ORFwW%Z#e4B!>pF9#NJ#G-?A+(AT@KfpS=_qa#^wD-hbLsca8lRY;$H0+GY7>0_aJ8)CdZ3f;t$BZlatDUjkoa24+6WH|> zd_IcKW^MMJ30y`oYg0rP<6>4z7{AP5Up|Xpn%VU#grzx|uIsVPPvnQRE=VzQN^98i zu1m#*Qrp?cNH8)O;T6Ul>4H#FVB&q-box{p8XDUxm)En+=^v?tfNL>!sZvs6`1#*P zA)qWr@6OY0(-Yc}v<7OUtJ#=q*z&^JYdTow@nvJE@nbOOCP27wL5AMIm=xOl@S)m2 z6;DWTmpEnY62B!GFmE8bR~g>@B?I_q3i&P}A8+T&S0gPIf@*5MM#Lwax~ByrS3(=a z+wcz9)>mU;bu(LWYY`9rm7?SEv1DVED%liZI3m@P#3madnU}=qF`~vowtx{sNjrfd zX0g13U7PT_FiEd^Tng(#z_$3TEH><+aQ%)JvU^@`HbrewK%mJ3$;ynW5}5hQnaq5J zh2=HOS8lyaH(!ylJK<$rTQzkZ!??YbF^q#vem65FoR8rAi(??;_1}ru*#23Wux_4Z zrJE7omXK#tl}=Px0$q$!s#6VhGpnr`Yn#HZ*WzH6aO3f_H z8fq!4S0dnu-0GWbnlZwfx|)4$N{jz`4t!m*`Z^-Eem1-dLkXndZdOHRD%wiJ>#ITu zqd$ecw&LrH;KFUtOmd}^cL5qCE?WBlGk!3XA$sDw`p+;rS1IOWR{tQk!_w)brDnOx zpR0(Y_{?Bu)E$hdR+mL-{Y#A2E0zU%acitNe+Pvh&ob1W^1E4dO3UgODmv^--`w8* zd^Eo)Kd8>vgDxwZOud*WeTk@a7nK`8Znv~<&I1Jg=j}0TUd8gmW?eQ8P=(*1q4mdj z99>OBK@WINX+F9Dn@$PDF`xG;!u}E~Nc&J&dDqYboQX<+c~(*aJYdwFPjy3`C58e; zeS@iiZ`({gt51#f%uMjDq>yD;(vP8oQIW5y_a*7>5EaD5`!(zx?^G6H@A^~ks{Vps zr|P}4Zq}KQH~xY)*T+#s@G)>qv(k;OO{A`6pa!afVk`6hK1odJvc2C4O-&`A!_u4t z&kXWlV)l6fb7 zihsHd1pwPiNf^|qE91n&YnEaTkw>vL7LC2SD+$MT48664!qpXU6o-h5WOn*SPnogu z6Re1!;e9;;W`v0MSt;qQz%b?nrL7gR)Y?<+ z(XBrTr`Mt3_+U?8Of)$|PxI0kUjIz9rW*t97ArkY4OLNG}eRVm$`_lE5_rO?aM2c``$8i8AuW|+c|S|T?XQLwF$MdC89Y=WXXD& zY}oCENr*?QHn6+Y$#l1o-4!0gpmVDz+DLUtRG_RbK^e0zi*Ow7eY}-eFx1dY%E5`S zRSOi%utdh4C_{H_g{||@n`GKc;+y|gBVAMc_;fbE$wn5Lt!R>8$dt=(;xP~oHhQG+ z{^yB&I);ic`7DFfE^n)uFQeSF0ZYbX=r_@Otw`P*6#qOh#VX3vnw6n}tJ~-cZ>xnb zyPlO#Pb{zRN4$S9k?c?MYop6>Wfcw>s;P{iS^g9Rjk1<@qs=GQ7{vnzy#9^r?0E(q zKXrVbscvugT*(laSFv0p?-4!?+6NY!y_IdygGE=8>9jLo$$vE7VFfm72455JTNK+b zayZ&RrA<2NYMf1zQcazqU2y`Z>lf8xW>?&7sM3dW#$Fm;_pdgjTGcC?jn8_Kq^R$7 zJ`3ad@Gks$PuT5_(fX@sW~2H!x!9C8Gbi1Oeu%*o5v}m$HXK~tj0RQ4?_uRHnBpq; zKW6y$TJGDJsLMNNcAQ^yyeE=4Ffoh=1n%5ChVfld}=8N()cYm#KDmxZ8_cgaUTZAcqqW|54U z>O;l$gC9EePl}=bmrOu1u)l^7Ya9{rzD{LQR(@@Q?R(D6c_!~NtI0hSUS{fbs zN;k?lqc|NVoV+QItt52;{NFUroaIgv1Cxe^ub+sddiApg3?H(^qIyqEGzdn{X!`Z`HTbiq~~^YSvA8 z#@Fs=L?u;{&EJR`#V6c)u>Avo2b3 zCRJQ`gK=oVqJ@hAg+*7hoZmZEZI@`Z7$W22A$pzX5>0qMqbD|ZDC}BlF-a6P^}{#v zFrXm^_&-yxe*nQuc`GS28|491rkSK|qu~nw65@-Rv!&_~MXMw{pcM2gR!~sz=0Tn% z0$*;=<^p1!oiDF1Y3Z_{zp!zT5SX~l+cId;Tye8er^r8Fvv4|V%R8Ua$rMmQw^vGJ_zCUxD#a zT-;|EAj!Te2`IIT`2xEL`L(Gw`G3nG{XuXBI?q%SE`KTS8meav6$Ihx<3{+%tM$6uz!45V(<45FNRRAtL@_98>G4Pq~h zybg2Ni=mn=oxRW_$y!|OMS*7f?Rt7qpuZUQvc41!!1G8BJUQoO-J!S^pY(wz8T7FW z&wt_3RvcJbG3}FfTYlW256e|wq2`te6>pRUKf$7x7&W|OI=uMFXn>E`X*DOl~%Pm6+%@lUVQ zV=}diH_GBOHM3Y1^JBr8dK=LY^YuP_=2DhhsW9!?-fgRT5g&&8tx%oHLIzkONJUI* zk$^N`i-!i|hsLPWL##}7tjuSuOaUd17hv;F#u%IKF5ZTNf=qXk^7l+45c?Rq5C1De zcg!%!&^?DeagRfyji`=x9+tnnqVJCPuqJ3b?=219inUdl3xE(uEL+DK$Q8>|D#9`q>u z#9o)NSY2g$9NKFV+P-3XG^D6K8c&o3o`5e|z^+cfI8z5>w@a~STaDaa43RNXW{r{f zXdCY6BRJ2ExLaZ@S0mu+K$hQ+1zky5S4A1@n?!f#Jw0n1;JR>E&%rc3Qp&d$67j+>=8|%T0Q?80Wg~kV7+0pVh^*${m9pl@6NgkMBO@~_ zWs1gJcXt=P6gJ$%uWF!R#gtZ-LeK=L4m}Lhxm{^O(kS=hMCwMMA(`2f)ViGl@HePU zu<&Iol1Vm9DT^1am8oec4&R5-6k0ix#k2(#IA#3ZTf*>3ts zGK-?T>A_}g^W`X4t`@m^G2r^7%CQ^6$75D1)0}F@4l{;!+eF2$LRHHh`m)ufUnLoj zuns#F0t6Lb%e*bx9J_q$$D((;O_XO~LPW=oSp3{pr$XIu$zfrWC%lFs`2ay#qpv{T zj|Q`_3I&-Ssg0!Niy_c$ln9|60$rUHk3dteWC#>RolDp^r$wEtD|OV7i1bmm2>7I$ zA|0!L06Qpb?MF%^pez1#%38U6dLF-m!yFUu3b`N*ku?Js5@r2rCDT)^rl9B}RwF&& zAG{k+Y0#=z5z>Irb;W9C^JPy$J4J{So8xez25|y-py@2dViipYsjqg#=x1^?Oc;&m zJ>jD6W)rG*-a|18#Bu*-;@iuk8MdB1)p7ia`f%|)QI9JaPh_Oh+SXYrttdzI?bK+f z$4MAQXfsph6hJ$2KQ*5QuOK>jpU}b?KV9@TU(Bxvq3PJW*Iq;$%x1con(qvldr97) zSt<(7@ipo z7R@Z!la=>fNnIC2vBFd`>ho_l{f!d~YxoB*!N>3@ls9nF&21uABUXGc=DzPge`MPi z;_*Xb=ty6+CnK6H_7b(FP~F}`r)c}Z_zS#LC-6_8DY78SkCvd%)k-pa;;XfTdsR?owU~6BI`#bi3j{m@4c@<;(3R@{pp6rQE z1>oq1n6;~#A?=Q2fq&Q0bB^rTnTWS(iFj)c`@0fQ76T|UXVv4hZ^-g=iG^sFYt*k= zVMg~tH|u+K)@GO?O?|PJbo=Q|nu9>7u(j+-!M61=hq~7hqSe1W`R*ChU zdzPNPkN4xMR##HqXw)xq?i=v@>nTHm%b$cnJev3(iwa=yL|u@(oxPt9>mT3uco)|@ z{FKnoqWSPQ3;w3SUord*g}*HL%iw!l4qsnDU$3bn@atT3d|Ve*6ga0N$dCXE1nFPw41GPR~+aAHLI%`ENTb`z5E@+9v7U_sC92*@(C?(SQ}3Ki=2v(P_0Cc# zFrL#x`_>Dn-#No5zj2TwaQimFduq_4Sx)}>BMYy?!by7JFct0>D=Y+NZu6cPv}l-! zaeOa?BF?ULLhz6oBP@3#{f@(0(}{j(H|cl2bOxqy_EqR-;Nm`F`klzR#^3?EElyy_ z*g-7}M5R!b1S5H8SP#vQ(6AUeNQL2tHiH+D7`GS*pVtB5GrdJMPb0!(p45v@v1qu< zSF~zPD=CqT+bUE$h#>)p;Ohc1cXnh5iX%tR^JRG(PI_ySV5`cJsvT$mAKjnf9J!6f7DUp%`V5xYAQSD9#*=Aax2dpLG}{ab1^ONN2h=J?a-Mn= zDUv5F0$ZZliV*nfair*_^AdG%8z$lU4rHiQr*dn9Q*IENNMmjFnDY-rhQ7t243i68 zAz0mM49;VbKG@-6qYv&+_2>9>2!Qj>3CxDpiWanW!|-6V66xQgsMtCr$)9PqH^n?t zq&JZ2K(}?QZ1|;Nm^lsC-1qBs4cLQX9%FdlW6Ji8l>f3;o@r)}<_O-c?=w~lC0~{d z4BswWMxsYbNOk{Lnfj)mLZ#&KW-P#854ynU4OoblU-(fbv`t8c58H63NOKFL4D(*M`&6!+t~m@1h$%PS__*I8!H2F zG()+`kLa_~G%k;6LtZ9Ry_t>CbyZ0_JCqLm9b;`Nt52dQUyZlnl)UmJ@!&6F6sV>U z=e`NZZUG8Gg+IdDq715))?FUp+h*2F3NI<7t~&5Ao<{k{q1m%xKvey(4#!>iSUyO` zBMQ|oDl_ZpoCR;#pgZLkv6)zED2;`-)NL$o9*?%z?mGl|Cw5asnU;MR7w0puff-ol z5YJ8XumLdeo#a?45NlVzKqjf(YMTd`!u#{}BZD3mq7(XOsxLV{Assf!`(9#rux~Hr z$IKWrz!d2Z)Ver5mZ9~jxTK8tI~CMHQASKFCRr36`3E}WD~o1T?A_HdJiVtUG#++> zOwJX!(n!pBqN_{(6!Vp}rn}cl+%C*lRx8Q7;y><*-|{|mzf+e`?DN$_Spt9pfHpi# z!uV;PUTjFi4i|+}^Sw?n_gO-@nT;@Iy&uw1>^(c3rKLCAJbJ#D_C z%CYhM5bR#adpQ_Q*HN*|j-em7lIaL6iAdM{+DK}CEkU!2NAEdNk(rvY);++kNZEq- z5Eo%b)`_n@hoC}ZcnUfU&w1XWo7Us-oW+;(dN#l>{}{m7%b>hHoPIwtm@u=2C8Igd zFj5D(FX))k7-b~<)f25jqww*Kt1)*}H1|Z!ak86FgkY$*=-?v=!TELo0n@|BHy^kU zn~&D8GO>m(WX7_3K0NgnJ%P3Gt7pTFUeo5^qcv59$6`&5s{MF0Qz|?FIJFH{q*Lx; zL|iWv6$fmQ#TgN^vB=IeGM_SP8rG@lMoxA>8Ow+@hODxfnEh`BBP={IpF1!=_3xPH z)|~B=>hl9-K!fRKB+e<=N*g=Hv&Fr4at-`ogDvy z45wLFdr@jg2Mud4L2+hh;@GbECx#c8ppiCZtfouUr#;`cuX3c)p$R5)mz0^aXy0UU zh#f#y{QAMk^k3tX=&c{k4o*<)ir4?5yyfVGzBFsLn@1}aYR7_m{KdJDsQBK!U%)_ixkr6J)@TBimK%7Na{!SKL6>bl5;fuQfK1Wxqx@ zkiLzyfuuH)jb!*cPjmx8>(99S2^6h;BZqYTjZrbW?l!}i9TKX|*?Qz=PnXC<8WqMvBctc7cjMtOiQm1MBDB-AeIUIJ4SvRg9BqkaibS;n}7+8nrkpFLCp zXx8LC)U1U73+cLAl**|)s-Me z2=vH%C}U1q$Zeei)oh`bS$e&aA~BR_;ymL;<*dueThR5aW(!<_bkXrF+IOby6GLj2 zTN0lTkDq`C5l8goymUuS`vVZoc62I+lM(0De(Jh813o=(-X08;kXtt|h`*8S{JqD2 z!vdAXV|Wt^UTOQq(2*>6Dzy+X<9kVVWub)3HX%m=fGe^Ab4`=4ablHl2u^z16$zmh!z z2;GzDnaKMWuxDofUN>;dMZEte_Q0}a zbcblo0#BpCO~7XT@@yd04PooGnD~eH-HB&NNS6*f1CD3If6WDY5t`!<(h%{!)u{R| zy!Bb$?}Mv3LRXqMbp)LnJ%bicCHHeCw*`hbGP=s~ETHntXVF*z&(<{C#aHK^rgRtYT(P@&y z*c>|Ds~(n(y=rebx>wz<(q5ILvc0O{ZrrP=LSi75MMUs7N3CsMV8$|WB){^9c#^MO zW@un_dhfpPG_?Nn%cAx{H!}Mm;6ZXIKXOY<^nUDeVBp`2iaWyq6@Ky}?+{=L^fi|u z_uw}a=uBbtV=HAIiONOY)z9I{Y4Xw1zSce^Ei*p;Fj1_l|2|%w_tIsWCRfKKykI0LKe#HTL&{m^7ZL7UpPyil<5VgVlh|$Ij7*!N zQp&i!QazR3)Px>ha;Y(wCGqxB_i%rf&#rA)RG+S!ObMhuzZXV$&MX?-uRGw-vhU(? z=)Gb3$j<5PJc0N9Eo!jU$(h2kSo={Kn)kiMj=f^zJo-`?=k0Oh%s-L}2>3`SD^$|L zc^rawwCO!!#)fy4X!8$rlxf3(<)ne|@R2K_)%TM0lbdmdgk97@kv-U3r1^18o}){p z_xw1(IK6q}_Es&@#i+%zg>t9GTjKmle&w5Igs_-v11<^0;`{*+@*&Sn51fc5N(GJOsKsMG8^v3Ou#-HUn|+vtwYf+EJ&U ziq|BO(qy@2I~PjHj*sBkE)<*Y4gSV2PtlKdjHniptipb=1;e!pn@`|cv^n83s@qI# z|Fjwue>O8y_Ej$Z9ka2YRs(F#Njh$Q(Ri~P=V$534F16#Oi0sB?%y#Ayq3@#}i9=oE2Mhp9{i5eR$6-j5;>$*Z0zBkkjZuDt!Gc$~;vJ zV#VW5cB=fTsC38wmRa9pY7FT45_lJ}&^=I@(j7R7?aYn4W96(~2daejIng5f)_P~a z^RD7(kR8pE{HsX$lN?4LSO=W?_=V5zPJW73N>El$wcPJyqmm&$F6M4$DcvNlDpD@W zGohakPRv7nQAttW+bA6kbIQND1=(8D*ag~X%_#3!WV z=t39C(`-N3|6CNhB!91P{CK=9~Vxa;q`A3)hyCi=jDl>!5+(Y7)rYpaF z;i(;2Cb4i2zvc<#fVZT*+W)#+MjX`O(XxDK5*rxoXol|13sUnSXoZf97DLVFadq&N zs}YN49l_K=*TVNg>8VRtjuK+0|7($nd?<|0L(<&t+(0IM%)S8~jk-q+Z_<eL*W=*N-wQ8-?1hV;R4oo(BN{EKi7nOgfnQ9~mV!o0$xb;a7S^HT4)3fH{d+~; zUW4NLs<8-{+~7{8^zUOc#o4&6`)X)kCp60;!tJO7v@lV46;~a@%}cwGGyLj)WTfWU z|1t(=@pOF|?Qjj->WM5X;wjQNV)}Sdl#h@CmXgOdx{&>RI}b5>D(~yXk{yzjG)yfr zr($l1DU?YPe4XqFK}?)BU*wV`dAHhtNUJZvGK~BlU4xPwl0qu2K|5FDoLwVvwXq@L z{VFb>A94B2+l!wIa>zb-%`6<)*|jc)DlU1K1nXD|wVdbR_P}$A+Y_5W-jDLIdL#U| zxj%C0XIG$asZ>}a@ng_GusDyx6$5G6T)^xl=C-4^j`>b*XnrvA-Jkk11OFpskbf{p zMPJ;DhoB|7ba>C4RNCdg?PR~+oUmV4H3``qa|spYPe~vB*9@mJFVn8vltrlzX|6IQ z2&B=UO8PhdRyp9sfl>&{&#Bzc0K>Qs!qHca7XuAb(TQ|P!niSGj zUI3*h%ue4Za-mV$p{f-aB84N~vl=znD-cv~1IH{so4opw7X?I7yzLUUqlv6gaxw*~ zt!Y4h(c;{4HlBI}UCJ8Pb?TI^AHKI?0I6DT7}Kn&H;~QJt-!iW%W=wg4s|In%}-)( zY%9lEP=oR?hAU3&2G5thVngBreGGK_*R|M{-kU^jSAMM{zsZsRGr3ErDT8u2oQ`}JH4(>((NuBYR=4@}F% zPr7Zw7-_CdqEv^89{%7|2BJjNNANDmHYf4E{rFh9B|8VrEsnSpLM;UTAb@~D;-TVM zSn*p(kNgMR1xDX5ikmpbf1jm)9vgzL2O03&i=o?W((H0@PAF)dBUF#iFmrPRd3;Zt zYY#v)It})Ij#d)#Y3jQqD#lpM{szXPjV#%#jIrJHM%>t* zVjLJYFBJ#Z>_ z4(0u4q|n*CRZX*y@^gHKg%hgA_cRF~kkS`%$d5@k)W3B{r6lzqHbHejFJj{Bgw4e! zwg65&aY92mH;XS9&BCh5z2Vmazc%MW&+b9!xX?Pr0!Yu|yq_SuupmI_ zl#igz&iC*V;r)CJStm-~9ce;ITZ(5q^d3#oIjD^-YBjtGE7F2ST^J6^$u)>Y*I*Fr zvJdb!`PLkx?j7NMST_tT>`*yCNO3}3@@-bYlkNaEp-OjCbPC-g{-cTe=p39l_uc3b z)Q2XE1bST}B)1DW6dr})Spv322Z*Ho@D(7{V{E&~I-4L#`P z^ZLtQuY;Fq#!G=RdAaHc&$4y_XvnDdRt)M`i3laEC;T{eJgzx+lllw z-!mg_&08`$Tk~J?(Ou^X2K^Urv0Vq6e_U_Abwo4fPv4GZn<`szD%^sxQVKfk2Is-2 zmwis3I%P+eL$1^Jfj39cKHyXwS+Eg6Rh*}*R83nm^KyV?&Q>|uJP7=j!$}Lf!joQ{ zP(fM)?=~vzwvMebTazR$Bm|^3Sj0VC23EtQ8ia^POC|X;I*8~Ti4i=_mYl^XP!=9k zhlq+EqJ`EdK~jg1nA^PXDckc{ga9ROn&h1XX;roR2M}^k z&?&E{FCq912?&la0Lk4|gyi3RNoex&r_@_u%fl0|feup)+~>Nr>&KFAr$zjk-AGgs zN=9Y_Eq|QT@tU#)AHrM#PzLin;SLFFB7^s@#U1$}%#RVGAS`Gq-5dU!Y{M`6z<-nb z0xNh;&pDw=EC23Z^yreE**VBDp^eQ9<{Wm3K2MKa4PX;*aU}h}uWTl(>~6iX@mLv> z8})DhgUYUFm5r&_*V{Cx>sj)aJnIpb9(H3AnABe9hJYdmZZ< zfOVPE+o4|gA3JD94}4BD8r&0|(ZAwHXW>VmbS20>g?H)#vLyoSK|`W{bd9bMF?Wvy z>rUbxn@eV(jx1UoOS&T8b10}LA>HMDlksqq(Oz{dUVBHU;Kb6pN};oXH6^+Q+*IIT zSJBq_o!fz{6meOUUBPhq2nx#}VXWyx;SF@R11SgRSao*~+-gTkrKgawTyQP`p1BtQ zf3yV;J%NefOmR$vBmcX|JyKwDPv}z+7@6>FtjxPJdHkwdF7F8}*s3IEG_^j6>gV~ zyRG{2HP-H!|AKoOf99XB-^*j`_w7oW?VmrT*`6AkZRJV;93@`$P+Gh7`+nMK*YDrb z3@YT3U&5ybF@o+{se9JAUAE{neQHOJ7N7ASlcVoL)Sbz!JI~ccyYv1P&>duF)Sm6T z^RxA|-Pvs=a)j%whXVjU3$76J=dy~!bFkKdSnK;%MwFoQ)Xg-5A@zN4N@P|EaY=&0 z{mjh!2N7>i(p(kv2zdK`4j*jP^OMO*zySmvhJ%i}_C_-BH9o}>cHGMX3+sR-Oj|V7 z;omFp>$f|6n8$gC!}l%kzaW`e29FP<%kcXR{7w`~TNs0w0Wa;Vy5MJ|?D70l@HU(I z09sB7S}?L+C^>N<@5dZC4qV&~#4JGx-xmn#7!IJTbf8?gmvVG~NT7=-x_tBJl1i6H z$qxHgLrP&hz8e#H)uODz`!JfhF0ZIFQlkP8^4b*`UoHIQH!YgC8RY%fQi)OMW#)4n zbs*S}?=5^lfdOEBsaGX+zE#8O=KWXxh6jE>^W|R5km3uvhm7QisoLC^HfR>f1+CnL zLWdbMN!$tY;m@9<>g$GA^$R9L90CF3LK9=gpAMYR5=0cmVfHrnWp>@To%v^S3}#LO zApe~hB79&qEc-^qYYp-{)f!-;o0#O;XE#v0L#B8!uKr_&zb{VKxe}sI%@%zWb%?Aw zL}@xiT^K}SSNQDrqWCq%U@FIV5Wg;s_44|UV^Y|S`OR7cS>=Us z54TKe))Cwg8)sZy<-k-V(m4BWSck^`I5Z$Zj#$N2yLTX|KXO=+x8!C8Kv(Njom_HYgzYEl*Ud+5YHyxsmx){RvfPBA*I&LEvbBW@>MXuZ9w%WgdNnUCx9aM!=zQU>+@ zkGGVE-lOiG{D`_+@nN*P^PB)2DrePg?K$-)lTN#(+>c?+^!zD)^> z^F`K#12~x!Y@#386P>j3W!I3>s6h;L`vA%)>7^8GTLF?s(vXZ~Pp1=zWW4`cJj_{( z>Z*Y44ERLdaa7Yra-Ky(Qx)gF2Zql=!)J-cBMHwo6PN8{=kT`d8a5M4CITd81O0aE zjCn7lzP`7Kq$RuW#AW2~$-+7sNX+|R!~yMty7N1*SaeXgt^^!Z>Hq0gjUQS`~f9(6QO9FX z)Ck~SfB~-zGBmIQ8N##wleKL8oI{ZC+&MJAHqsj&_hN8_UyuL@GU2OrcaxP3Kyx?W zgo868KZwnFE-9Iu&DqiZ6Xo_J;bBLbHAqH=8pouWJvgwY1xDkx+H zg_36DScU4GE1?1#=xDwsY)&@L)OYfErsMTuKTYhq)TAVPn==-Tt;q0mCjR-*!a~uj zY3}=#aXBQryZiCb{lbyE-PZ$SCl=Otj)|yoFfW=e$|HAI*}D(nw4gjLCnC~^W1=5s z#l`Ex@AKPzpJ{xb6xqs`!*BMCgXl^9Ix zrydw@*HC3Gou|mKkV=Sl$y|OAPrM{rMLqQaaw@j+?s+B{?!%NoiB7RPIlr2olwhAu z$;akpinE0*NqK)K9#&TSui~Pq-yTn84t0T|X({L;;%JUWk~??-vphWuuww8m-O=pg z?s;T>ijkJoPg0oI_tFbURCFqrVw^`w2~ZT)+wf^1-7I=TNlrW;YwD&Scs-UvAp|Aw zjwF}zTBFYFU5@3s9TX@A7Wpm8$xd;gW=`uvwpMgJQw9BHOuBV9qWT;N& zVKOUN?SIzjX&|tHJ`GUL0C{~Tt7ro&wlP}FKa0H>8m*8;Ng*Fbbj;56vmmvWjp&P~ z6lXdEAB3p~OR|9_2+&(}qal|hj8`#Kk3*-K2Ov{U_Lqd-KcwfG0;_&G*`#?}k{4KU zUn{d<0E`9}BFE7Xvxpg!M{)7O!-tTJPRBLGH!r5_bCz=$G(!=L=>W!6Iv7*nI#a&} z@*CK!Un8hi{d%b3C56E?GE6b2PrW<&doj*NMIQ?IoS%*+C_8Y%CJnY=9HVDBJ(4H- zO|Oe4{m^VF>3Q*UP)(CU+Q@(}o4VbcydVwtZvU^aeJC_Vs9k)Q%%1$8!7ayWw##z! zOmk%a7xCxhGc8d*%o%vCh7RfO&{;8OfIekIP9_6mbeNh zTQR3Jf#6j9>>QC*AFY?F%Gayv1?3fnKZO)GhWDGu5k9a{ACCbTH)CzwcrTL!lIzKpeTyCjR=XL zvb3b3Jf8tnaMxkn2DcFxDxg4Hpe>+MKn295xV{+Cve<>C?|+v2lC%Y9e*f=$277bw zeRn04AB$* zpCCF0o^MTx!1Mg9cJRDoNz7JUp7h`0S!{#=YjiFc1?!Ei!TOd9+Jp6?SoUH?jhGsP zUj&}T2J80MYz&L!Q9J_Hp17C>=fs}@tlKqD(0z?)aZr3a=sqvL9dy4Fj9HyD+y4gL zb7DXGG4a1a_pb&d#lo{#0qyOt8K!1hW5N1%YXq!`vK|PeJHvP2H!B%E(AR*Hy(ZQ! zUWcWjAFakacprL3n^@;qix&)#nIq`!)Bet8qCc(;aJ8*G}$wrIsB~Xi(wQfu zIp09_y1kh4BRkL)>NKb^J8)|Pg<{yy!V~!V$|gP3%gWK+BDbP_t0?~XN*c}FYs6^! zaOrIHmK1jZX%=ll4+rqEn2=wmdzJ)WjBnkwd}!X=weW>2Jp;*Myb zz7mh87p-A>bIlC)e}UP-MKO0wgA^zs3Hlmt;ILMo8BhAhf2VXzlu^8_KHGIL zHl|9;&j4Nk-{`4D^j>i#wy4HG{b*!zG!@<27tRu*uQ!lh0lssfPUgD(@sH%(wF;&e ze=&99tTYfr9FDE8F}B|Abd!-SStoX7O|K?>8ZZM5i!h{Nkreolq721%q><2hKFr+g#LrsYfq9kP2}Jo))(-i`yLN)p0bkoK_O)Oq6ZM$)yVurScF=7HQnrWcvttSwkjN*~wJm)y>aI^8r-R4$^DR3ur z7HT9F;o?>>;^4L`7qy3x3%Kati`q=$EXe13YFI4S)I6|TVUovPqRDzx4ifLx|hE3$6^pqd z_O9*iMQEx%(EdP7Fwu29J#rmSiQM7w<$?AqkjeGuMC#9o)?XHAe{_!N*;s#Zq<)b| z0jar)&t1>Jn&C#)#2n#&T6pXqMArmp{MU%f+`x>(+|x4-qjoWcwa^r$uzYg>sRWU{ za`>C$cz=xdut3P%io)vLm>#9Dw7Hi9ntbB~Nm8qu;EbE~wrFxSX8+dGHv3t~4ktol zO%pFz4mNc&qlokU?Lk>Nm5qCl>~9aX|KOrO7q$h^P!_rQ6kN}*-HGd|cPeY9@OkZN zV9blKg_w)50mcC^G{soSDA$u*%j<`_=I-1z%=H|M1;$f!5H1pTE#JB*oM-6+Zy}wl zn1hD+pGRLCy%K?<&!U?#Xf+EXoRX8-hWOK4_x#x<}+r96-n*c6Wxyj{TkEt#&7{2QROyp$(Mn7XO|R6Kp-F+!=fn={yG# zdV>SIy#wW7!AiGM#h0|K>{NEi02#NE+O>U08CgBMlzP0TKfSC;=Kw>+Td>tzPUkN( zR^ChcD|h2l{Mrt$U0U)&qprKw{dGg_BU5ccd{$8FR?m^AK43%h2p7h#+$Z-Np5e}| zk(NGB*6A_!9PZrmx#!ALAI_5RDku9AbG@9~G{@%ihJGabJ~b}l>C~-!FZY`R4eeZz z=FY92+ee-{3BJ?$yGA+p`#GtyQX9@_6(4AhO;(1;$~c?s$B?aL!K=i{YN|`Aj2YUJ zndE1EI9YVw6VuhX*wx@RU1fhS2lV;p$?9NPc^EoKl@UOEUBd(0*zdx4Ff5E5lx?!w zi6Sx@T`qV$)Ph(LYN#;o@lZjwxs+sC_3V=s8@+TWvJGvaBXa17yjidCH+P)fS*Za? zEKiE4-6M4t|5RKrQ!D=_P~YDiFKTaZQ~Lu;w01jt)Z*Xs<6^BPHp|La4rQlqcb?VP zgn^qH*!y!ScPjH(1vK|r5#DbSUW>&zWIKU234z@*abR#R%=fW$9LH>^ZwUf8UM z`T!*apE-i1zwg69d$-Q+=MD}U{vrB%>$tpctT_SXKMnaIbP$)*5E_Syg~8IqFYzr9=IaVnrd7++mGvx~%6i1)+KRJTlHN(qt$#47XpY{|XOZ<9K*B{=!gVl= z9wg}kj{h>=FqAD&nzef`fK}*8+8TotIGLelb`%m?1L;GYZo>3IPA|pumz;hY)7v;b z8Pgj$Jr|ehJx(vfeD)_Y=r7EFmea)_Ksw0jC0M7J)A3lx$LSj}|1M5X#Qe#eo{#zC zIh~H}6mWXO`;gA%^ct*xF{j;Fr?==A>)1KH4%5DMEhSS$#oi{lBBaY`qPQQuyk8^qrrURTl4Bv+5LgH%349|kZ zHq5yj600zADfsv5k1%}1 z?p2W-l0Wk9(CyD*Qpo_miN5w#hHL)L{;~LX+0q_^e6HK$k{N@H>c|*mm{ZL{R8ZU^ zWh50X80ZKtGM#Ez;BUG`DorA3TE}yZN)-Bp`o8pD-7jIk5a^jyk&=x?dSB5*wSWBZ^iUSoF0Jbw>aGa z)Boi3W0-!D)BnJ9DW?lC{RpQ!V)}kgzmWjxshl2$v%HSeIu2|!r>ii16{m+|{Q;cL zNQCr-oX)gC`dm&Q!a5SC&j+j@vT*u+z(}D+!a;ev&5#ar`Z4VHdrl9;zV>js8tYVZ z`XAWW$DBTf_21?6SJ>ApoDO07X-*%)epOD-!G0HT`YCK@7N;M;zV76-73bSr zn7^0Pg;;+Frw8D8HgS3=*7<^e2Zh~#_4pd(}B}_urHlmW1Nk3 zj&k~Ptn(|UZ^t?ZI6VUMcXIk#tiPGlZ)0B{ar#HB{}!hQW1780jLL62OOOoi+`2X-!v^}m+r_Qio|)wYt{>?J z2TV1bV*GMOCXR3C7o-E1WjEOnNoRSJbo*b4h@`W0`wP}6ik}g0pm;>dr*VdN2K*hv zY&ezA3zTYQud>6bzJo95MS1&yZ!!7$0T#U?6Wuirv66tVe17!PdQ zDs&g6yoin}l*w-^CzN@soyxoqgCkMLb+$$Et(Dch53T6OlLElPhUt4@DD1hy_>ni9>h@gvaSy$mx@JIt}#tlRH}cGeF?#>(INF|L1tehq%&a_7sWFqqrF4W6A+!2HKaGptp9k z$zHD8Rf{p2(AhBxMQ!0>?J8I+?egO(COLacR10ONTfH^IrM^HOT&v>D_?u$_lU%X&hLSq^5O6m^)NEy>0=ftMk{ovEuLSf;J{+%;0=p8)_+c!1Z2Yb?9ae8U z`awSz{!*1|q`-gp)9d1($|q0-%B28W{DoS`GeD$|09Q;z%z{TI^ZQ{Fq`>{0TWH2? z*=l4@64`N>eHUk6F9jST+k)9EID4EF=qs|VnEe`O7f69FB0K(l9RDM$khQb68q?u~ z=$Hocn8rwf0|_x>st ztwxV`iR=W-uIB7(rNGr9JCP=^M~2~{g00h^(`}fHwpGX zK4z#hc?M3{|M-}pE{ii};D{aSe>fXpuy5>8kHr~a(Is}Mqj;!pDS!s?k;Qg%_E;(K zv&g0ant2aKNP*8qwv8rs)$1sGq1b)!s}KGf9w&Zf;;(KNazqo1|4&J}Nh*U>NAJOO z({QP*Ycg6sjTq9^CIud1O%$^uC|4CVH@McDP8I`VFvB73`DOQBCTZbS#EHtaQrR|_ z^vZT=;U&c9j-b`?k)A^)Ro1$S-x>{IxRm3Z}@=>2SROdUZgzGY1KOo!ex+Qr62o(9x{dLR*aK&3g?d^toC58iv0b zNcFyHjud#wLQ{xy1jkhs9dD2p21)8R4o18iM!Z{EIG2{V(v0$O`QR6G{ z>rJEDPw=Z`x34Fx5`c>9djb`!jeXc!lcm5IB8HaOXqMAsXZcmLnC1RgB3(U?jeCs7 zpTb|oM#mqt>gv1i+I59Itv1FI&x%vCpn0a7OiV#_{o&~A&0&d>N=HoGT=w}Y1Cyj*MqFlqFZA znxhhugDY^!fQfOc^r3EVZlI^{lD|ws8}MmJ)94RjFfSYBEaaFI4+GsIR#6?)i>d+gcptVI3JQ9GNx`NxHOn|c!1bg0F zRmxZe{2(e>t;(R!?AS&=1M3$)> zsKD`&IdmS`-T=}2SH85oO1E!4o^8q-cp=`Z%d5#6-zgOwcG_Cp${$XZHdzYb^M+$% z_o#n=sbnuPI!oIGG^sH20tD@&UIIo9;O(`hMxF4haJf#Ac6ZDEX5E`C4_%C=K+^I` zcd(!w@j^+>3}IGQ@(?ZQ(g_Kq(15dChyQU(BetP-aVl#UXV4+Y`j)rhX0qO>f_ai> zw#)HZ`;y4mLm1Rip)JPUbSM?ky?W^r3(ANtfv-cT3&)TUseU8#>vvpe<-MN08y| zCZM9^Hw^B|K%a`j2pSoV+rNq2X-Xy8Cw09jZ{)4$$}q>RUOebl6l~D?>-NP*@bNpq zn^ECT3Pl}Uo)Qi&zSJqiBR+H2u&Q3sc&*umvr0u){S9?PV6&er}dNh@i+ zaI#(GS{rpOSRp-j!-U%;rFys*mEhmnsQHmL3^>+bR!5@wmsi3s>Glin%Ql5mq0MKg6}Z#) z@5_$F7)1HU1wvv`0r~XApGEOXPvalDl|3K&Ft1wp54cyXvZ|!AR{1_4V6^GYRx*H0 z0}RT+Y3${gKaTUg7geFQOn!nK?6~y{WL&H^f72L@O7HL`6)o8S+npayEP5Rin`lHC zZPh_OJ+nV~5&}j-rFf^bc6Q$KVyvI)&-b!`Y}zv6FaNSL_{)E7FE9H(bgWLk<8>+U z6pCXl=slkg0%ChSCKr&bZvK?Dg$6s?)!f$U`h%^;G13@EjK6G_*L`U^W4xA5VoYBM zXYbS<$JOD`0m9?^;&vY2n_r0SeA`#qXZAln=8V3&pZF@<@IQW2ridZnJr7#U*{y9n zU@`fJTBPL_upTS$!8a4&p;I{9h@29Rr_r|YZ7tTZ9B~<%_O>bwHGgd}wcr0%=MMwt zJ^&-V8KXFPuWvQ$JWF)eaIE)yi3)4OHs>6OiI3yWI^9|~!Tx`l9gUX|j>|b9S1&?) zI1$lVo80|`u2ih;D=c$c9ij#baNWt9QMD*7MfgY~R1{=4^)!RAD@Hwe9e71^b^&#bb-Wp9^{Y)&HI&XJ&yLeXK1!usG zf9;AnuNa9K&fK-I!m0kD$O@DLj(YU%CWPiWHvv^J?J(R-Q%7gYmeKv?+?x3lfpmfF zv6!ul=#L?CaCNm`zG6ZMUj;)+77B9gp!f(*r3q~m+Ab7;-HQlz^o&TpoRJ4Akd=b+ z>Vg{d-OQZVVZ)uhHfwbg5a9DKls+ohp0kY|H?OF01|PDLFK4IZY{r*6DIA0`h8H`O zYJ9INa`<)KHyHT6L)ivd&Cv3}K7y96ccmN9a%)nPUOgfuo@wC_#*eNpC}+LY(Qs!! zIf;%pofL<^+$snCYfVBEo)81U`-nfX(V9{54?`_=;BWlov)6ypvH&qhCPSxo%toEz z>d_L0J|XS*4<@n4-vo51Dt%P0j7ag9pCTW=H?t4lClg~;VW3^BRB}CbX!coI598mAIGJPu)!vy zd2^lC`%f#Ah>sdr2c>52?0R=@-K>XD%Sp1zBEF=Ek+?+Nhu?ZuEYEN|`A5Z9QXFbA) z_SYUjSDWx!3v~zLU%e&;k=XZph@G^-+J!8qh|s6oK2ZuBL(_qFggD3aZA**qI|rKG zd=kYpyI@Qg!g1Fogc@~^xy7y0a6P%dNdBqh+51>z{SF?oGC5r3%KltN_v_AMp5T15 zNBP;4eM(w%2z~9Ccgh?t&W)iPFedk#hpfcLWjDh&F3I^BAd|CP{^~flx~AO3VUA1R zv+^sY{SZd5+u{jcl;G00y44jN=xVoju%lriZ_p(!bz$ob>cR6^{!}k?edAF=+9It{ z7au#MGI|53Bxj>V2fr_B9xesG=8`eyl5HH@hYH+Mph6VHwJI1bQRF-X;vo`7gzZ{2MS10FTT!35yf3_)(*{Af`AMi}_VZd9s%&G>4p6!Y?oU zlFA^}v89G2l_^Og99pteazh-s=X!{r*s_ral*&fZ%L~fI_${Tg$flQ9h&XyG7ECk> z#y)}3^9g}SqujhTlLejd^_kFx=} zF*5R-dMiaBw_m`ST7xMvlmiV^azCDwpJL?+94L($7H#WaWW=L-G1G7+5a^%XJhNgoX4Y) zIdzK6*(fU>O)01cB1^-;?b+UVJPy6X;l>WMi@Wc#No66q!T=hd5}z+v?F@D$E2^erSC zcQ;h__a)|(hbECL(mVFy5P&|e69J-XagkdVVc2?as;rKg?*A9sS$`kOBEO)MYaAQN zhE1JUi&RE+fyTn=Ll`DG*8av*hXY<-?zCwIQrRI#!&dWpj!fzNZI#*AS5}Le?JM`5 zi}96hs>{|;Vf77fsId5wM5J!tuh25SWL*W!dJS=yP0;LoyX>E*!R$_AR&KK_d4T?? z!9Kh_!`C?0m@$y>r?K&4%CXQlxPf-d?7P&hE}@tj_;hfdyWbKdf9BuiLJ==Y?m}wo zc$ySVKCsO@+pQMkqXX>~US>m!#iK*T4_4X#NvD;_od8Kr5!21PJkWb6|8O>!tc4@qEJAf=-Cpe-ZL z$BWtV9ZUwa`@v-<% zxth)-3zVo1_XPP_BEKV&_zL$=?c>qdY%<2QD%JNe6WScX6C=^ZcVdwwQrQM#@VQpm z;50jJA$1YGo0aVJCHd=G6#C__>*VnNVV0h#aG**#zGV8ck%U|I{A8p63i6mC23WLR|+*_IGNg2{aMS;(XhqreOLex%KRFNmt#0R z?Vz%6x}I=zozzjfcrBH!81r+Ngb2w6;GYyBSO-%KIy_kutp> zdY+CjJU|_jO00>TyUTllvc2NBgrVc|XZ2tn&$XuxP~>2TvTIC|b=%N!&RG^^obzuZ z`Q6#sh~!tRGJo~QvL;;>%WENTvhQ(_fVzevlv!o?k`Wz9CC^1~-ZOaOcuzFh@0&(l zU4ok-0`%M#gVp;3$n|G)ep!Y8cEVU#0OYNqYzaZxk~UCQyp6z&vWs5FF@K5u-PqEC zanYvxR}%VVyaf{(4s;6RbBswBxqM0h6~Mif&n~tMtb*gTV{03Zx6m^qT9$;+D$#h@{ zPc%{O_Y}n|%iS(5nLxI!MsPORP%=60w*upMuKTswZI~cbLZB3!_oIzvNCt9jW?v7 zD>mX_asm;{*7d@E|r`o@Zyd*6lKtM!L@8M_9I;A`q)?@Pwv-q z2YZZ2W1F4*UgAh&2RwHjKnf9!Z!7-1%2jdV0*Cno=9~9;a`#C~?tnSuls8mfB?Vr_ zOM}izT<9sXBi^>)L3w?0G#KGL2W&w2Ht|O5%&v`zhF0#X&_pz}a`)77m$?SW0P;OU z0%l-Eze+cS2cG8JR!_UFKMmU7|B9`FJf#O5L#2{}Z8*I@ktd@*`l#f zym%3=8lc?8DU5QJCDd*3snuN=ct3yngkJPIW-b75CoGL}Q)Q8sg0-6{Qd9gC8_fiD z<#fB{V-(~^6z51WebMSp)K7UQky%DPqdl>|Dc*Yy`TzBj2d71=iI`oq3aW-Xz&EQp zMPIk>KeripoQ?evN`Q*Q_pU-fhSjqA(v%c_o$3;L45?Z@n&q7jgxDMk&ePzq76B*5 zu1URcgk4DSkvy24RO)u;`fO7xdv*1x>B)#TEn4wy$8~`|e45c_Z))>gXfqAl?Ce$@ zkv4UE!#Y46y0;4qI?F~F0EN>bbQe%WYn_jikf%Vy)r(de?|9XVibS&Lb(BXmVwbODQp`y934+>SDq4pmtkUYm8@tGbwm)ei$!g(X-ELn;J|%7@r)Ohr zy4{Ky)rH2RegPFoy8ZXHQN6nA!YuZ268~M|37``TGYCowQ>zN|&0@iE%KfJu$ITUM z=e+{j`-_~UEy?eK1APYDRG-Qs%Ycr5>`pgn!B=4^l|}i+z&nyY*Gq$K3?0eP7^zBn zJM(e$*PZm&#PM;1jha}!NHZB8SYDdZ88^NR|6q*vbiAKj>KL0xeJ~Bia#uX!f-W!! zDE0jU+g9H>2IxnmN}VjB$Jr4_9*=u5jl1q6IwEAtBHm$hQJkH%*J`38Ea#azKWvgp z|3NMo;#Ve#m#}~1hYEd2vzt$izm(6oX}^{FSVn!!8_36XA^yVUq*ebH2PrgL@!O^K00w9tEi6; z%czf4F?|dozusTA>0>ze;Wherg!@<}2-jhVoRYq1XxI!_SQfRg+2Tv`s8`#dhOZ77ye?>9xEo32 zKsI83v^;ikpjZ)emUsrG)}@wIv5;<29fb+gfvT?MM_rG)oXT>_Lk)OcHCD0+&86fuclC(il^!*kONJrKq}i+0Hdln znCkdg*FV>teV!$0K++DkQjAo2zEsvw@k>{yRJIdp*&RuT3zGIb6@_Y*?DnNQ{0Cda zZ;a7=7JP@-Z;^uctQjN`ASxwMzIqH_}OI=Z_mRCv(dY=jF!@Njm;!<`akhs-nSkUS6pCHNjGeVZ=Q1*;c zOZEv#r}uooVkqYHDRrIjmfQLckvnyrB5F_;Dqf;d@#|cyMT>tT$7oCHskoGj z>!Zb6xwwgnr*m;rwD@%{Hqj01;$l*_3MQGFI5Ltq2g`!V@SV|r&!Gy&CQgNs@wm`85(D#>Gma@v6nM4 zbo)HcsN#$)-F`1;tl^CQ0RNovDrW#IGm0~wyt;>Wl+D_Xpri<@ZV_i=GkbmVVw zv5meS!^O7f*N<^=J{4ce#re_V`?y%9;#4k{qs3#mcpMcUeuIj~MT;-x;z?Azn~Nt! zi&MFH3Kf6A#Z#iiha0GPIu$SH;_1=i-CR6}ihW!>CtCag7cZvbYq@xFw0JoeFQeis zxOiE#*vG}sP;nX;KNBs!mWx+Xaq}u>52M9baPbT({+f$tM2pk7xQL2B=HentJd#~rNhKPLmS#&lMl`ngg?_EN^Tp;AjM?JYa<`0hOh>$f;RM|#^ z3%rb6A;y3I0KNpFOHGfmFZ3u~^pCDI21md9J&xu?uH54ba-(KLp4`g0_Y1Lizv5N~ zL+vEe9&@cHw`P8RWJG1=(~XFnTLIGqWXyv>jme-zzJvz#I1b9G4o`I|RmH#Xp!T$RFL&h5%3}6PD&0oo zJJ*Bq%n)jTyQ(*%{+4Uc=8BNTe=yC{`=(@DoA-94qH z&2n`W4$lc^We-{uJ1R7b!(W#+y0_P2bNL_Ufj!Ivdzc6IFb|A20R~pweqd7IZe-UQ zh}Rh0*5s(2JjacaQA8Fl)h73Qv=)J8ZPZMzV*b^_k94IQp=wbCst|b8nD-@?H-GU; zw#i>-Zrtau8!Q)BQFH1w8N?&JO6soUilEg?j`SE>?yA?>#CuG?r}p7zQ+LaE?dH={ z%cti!oSsU|H*c4xs%a=zMUMkFB9BULlmXF;7|G}JqvR9{Q+E{%s`X%e=aPd+7)a|e zmOMg&f`xP(M#FK~?kN6&A+Lh;6$*04XL(a*X9?J-52pi@%s^IY0NI2j+q5Wr&EajF z!`nEAw{Z?{BQop0Z{+HQ(QO<-+bE?bN}UoSLZH9#zZi|v=4o;(1;Fm@bt#{&A3`{^ zNlU3j0biBupEtvVZf_5gvnwn)Qh_C#(KPM`Irlr4(%_Z~kB$ynhsn7|5r0dCJ1~Hv z}e+$)=RqSSJT$NVdN=2n`ZVimOFlAP5p6XJd|zLhCA2^-<%WIGSy81;?0m`^tZ1lS2SFF*l(|>MXa?OhLoywL|4r z(}*hT6%^;=E{w}^6!q}O!dG|yi%k)-UCI{J9O@+N81o8Pcnt?9^ zgToJ?W(&~2e`K=(V)nm?{GCa^59;=F;5SR#uA`dtop&fk&CY>(KODjFdZ6d}mE80D zxUl+WTq|_brfF9}r^BnPmzctFISsOM1>CFT!$8HDY#9+Zzp-xFPGisUj45i*;lW_u zU!g@{983rE*RhA}_>T_}jm`e9Z(hk{kvaOdH1(?%oga5?UODEWKS!uANWF@<>VMT_ zh|yudhLgJ<*QZGjmLHWCBvvm<5hc^4KQU(!8oc0N^ypo+h=K#)&l>S}pZKeZzfC6N zwWmT$S+_7l)BBJF^n4UlB~>Uwi2@z>;dS#T{Og7N zH!~Ays4LuR-mRG^(GBVLwQGokVq<0|p@yIpGO0&ikt3q*hHjv-^;`4zx{?>5;c{bZ z%jV-z%VwP|n}Lj4isMmAWg7SW78rXeVlt_0(WnHIX>lpqk5rYSV9$yijZMUFD#|r^ zyQ?H{_HRoi^O#|lnO&siU`!d%nIv*H2ew zGDDf(5-Ed;VyNoHrT0^?C<3BP^WxG6tT=D9pS1{}EJbXNe@#~Yn@Ys;lJZ2J0ES0Q z`7;|f=j<1e9w|i^Rs=sqD2DoIk(`W9YD&jh>DNg9H64GYF2Y@qIu+&{dw?XXTwORt zya?VKKnsw<>5$yT$r+G*{e83rESw`(lb<=p{H1sx$$}Z+8y`%)mrG?YeIlN&pZr7D z8#deUg_9oYwI41<+1{29%x>j%WZ6A|pM1IG-W03f{s%oD1w+Qkm_*m}pcfF;Zpk?i z{YWbLm9V9Na7x@p)svpYD7=9q^_fkHY79XC(!Wzvq63aiDr z{Eps*G^S7+ppUHDdxWwLZ2&~=D4|>TJR;gAt|}|kNAWiNg5T*;(A&)T#*i0z)M1%q z$F`Zg;`!>`%6+x&U>TNU*vhK)e21y=PO{G$4cPhW=f&Y4Y@tAO@L3aHSY6#p$gLcA zDf_gi*Q2G2CY$$FVLSh+Z_MZhFQ3;8zOz}``zg4m*+%ZCq>Y^ z*8NcL!ZN)=ZYB@0z8mRr0mgqs4lW~lW(?3X+wd)b+}G6#dPWxX z4ACM)&r~oyQ(@3EZd;U|k(n%&nJkr=ER~romDSEjS^+&1LobgMN=U$i9CxfXYv-Dc&2oF-} z7v$$S{+n0RO-eby=cd|TF*a@#nD!t#)7Ylvy?#P0tiQ=7m7-TI`l92m*e_yKTioh> zwW!z~Kl+#KsCvsE&twbz7g_Zf3N0N8lsUIO2nX`eyn=6naVTRaZ>a02&UD!4WVXLV zTM9UMZj+9>q02A?RB(K)qv&|@%q*lvi+=dtQB=7JGP=*~R@8inRC-GS`S9B1kzUy) z`NyN)xW6gO>w;EN$VO&#Y$N|{+sG1VWcCG-1{OYo4nod$RVR=?pp|SBB4@2d6^Ei` zzyT-G+M;N#$$Y64sK>AsP70J2IX!Nb&J(#mywxzs$^3rUNGWi&_-STyq!Hq09J_QI zD1KVl{OElAS%eR7f$n4rcPKmnew%LeT~xFbV>MgdN|?y6{o2Mdr1qTg1Ra6`d>=R! zphwY8JA^6?hvZ<-Zha|4TiA`)cJ|YR?3WqVf*;~M6!!S3l&)gpNGj`uwlRnCM$jut zc0croto(-2oJJI$!iSKOdh|4-Yz@7^emV1AOE-lUbNWGm$Ix6(55e>dPJjOjq;Kc+ z+b=_UQcS*^)AwPT1Lnma!*2(2+J^0OkeK)$_-zkPAHn*moW30Mt!(k0F_o-I_Poqm zRU1BU6!;?4M4V3iuh{rrPJf4u?BMib%-_U%ZwGFpMsh_XbEpxsVfF|mC-B23I6Vl{ zi#VMQUxeqOpEk%0dm*t6bMApQOS#Q!M4Oq^<_LOShwLk$_plSHP2p<)z~4h5QG^Zk zgT#tg*!gq(Ew8Zi=lCaIVdu~BhhJgm&+)rnp%5-TZe!Kn^3M#cnsdP6KXtuSGV25? zqaKn18;|4dYL-ec)PY=FT~9B~@;c*TNM0X#7+M>77+PmM49TjmHrz@07rlxw@hQ?x zy$&DEy#qbU9@nn0tM?91_Scy1y~l;-W4(8K%=Eh=Y(*8w-kUwryZhnSV5fN>e4P4! z`8e(W@^J<|qW5Qs%l~r&A_^NRgESPqKwhN+9IECpkd<%=O#4R@nv`&qWOY-%RrvE5 zVK!*D1UR>~bq4X0LBz|PC$mk)Wd|oO8EvPO%_>oYXgQ?DzZCi6CHi9Ilj450&Q_A8zSjzS-q(x>s8CDF++8sZMZ(7Hooj9pH=Z?ZQsDNt?N& z5h<(zf~A<@M3xA zrU@=$<{J?%LWoYK5>$jS46Q;zno@Yx-|`P3(o9yiIMsJ?SsV>pQ+;zBjazZ~*CML> z7+EP`==V7)4kbGLKU*DYNggsoO6l9|Hh$b)aDYj5Z1u~hgx`R>)BO{7o#vtoQhsAlG*o!cK3T$^2Tr<4>N8ph6Mh&PK*x5@!9lr z;?IA?b#eDf1^VZ4!q}?~2#9OM*i$raxWJa)PeD%^s(`SabA=rA)S(>=1ywT>4N|E+ zch(6)-0zXsudU?r>orXKPxX)j8g2hgz0!*E7N6Z0W30VNK}QG8I$P}1_J7B4dxv?S zzQV77J8QvxswD@Mz@n{>h`Cw2+_lz-qvX!5SkNyTUCa66 zT3+c|XSmMxz`|HDD5?Vzsj~mb0K7ZRyKrwFd>3imuiZ)?bivGywkOvi_>$2s0tPPu zc|S5PP4y*KEoFKdADQ2XWAZ=P@o6-SSANre|G9})e`y?3)mG|hKM~AiS@ZFj6L731 zH@Ve*w8zu=?CjaIW{u5SWF#PvpgZrSttd+e?PW7VV&}76Fd`n+VNxTul~J&;To5}Iw|zjar8>&?v(~e?e06$4W#yB6&&67 zjuQF`y>S#zx}&k7wKU>LR2tF3(ujuBfO_O%2S7cqm2Wi$^=w1f%K-m3uGI{k{oc12 zxEGz~9NmhSIV$0Y%tvu9C~BjfD_TOk`}gKPLvLW3VAv|e;spS1SSLPP zDz^7ohPS2vxEaGsoBaDscvk@wG6<$lJx;ne8>mxKj0JdrX*`Xt|Fw!^Y$WrN$xzPs z*PYbM1xMoFxcGDv_=qRa)QN{47ae+M8hQt*wD71H`r<8-q4Q+_Unem3Hk^R>ECAM= z0|@*fA6YMx9EEt^j_^7w9uE!7UXJzb@XCCjj=e4`#9DoDy7*gPrJuS4;ScJgU~1|F*yZGXMF z)rJONsuydSU?%7e0ccAbd&Z?9a%|E30+>V8$@+ZedNqvP>R{J}ny{~Zt)XBYlPHaud5_+816pI(Y_HowNk ze_KqVG!&Wxabur;EhCg0DPQccxX#v^#`zIXMxJ0U%OEo=B z;bi!6(U)TV_LOGF4)N}ZG(>yM5Z^0}4)KB5A+COrhByv~IGTs(j2$Ar0ZlT{`q*}8 zJrCB=I?=cz+%Pij=9e4wFd8QXzla%Y(HCN@7ve~&3!0dCTFOMsQ&VWOb^~BcY|>87 zYSBx|y_ci@*B62%s9!{4xLo>uShv^l?`+YBZr=$Rp&v;aQRhwqbd?xSZg>$*x>Xy{ zEej^#I792Z68Yq*(VS&X!s<8Y0JQbXULYoqT8?pdh=Pi7JR;!0I zx5?X$S1Z-6{0KiCO7*OdL%AG5{>eQwYMOZI9x?Gtph+Q?k$qEyL}r5TS|N;?;ByN( z%sAihqIuR^e8b>(JpH~5QVAGEz?TK7M0C6FONW#VLjm}@LMjP^3HXwW<|Uh?l79-1 zF&zgiM30mc;*nCfCOa29<4M@uQ4WqX%l@V=vQq2&-T)kz@+Y3Ny-}c<8{kD44vT;= zgNpzlGw*p?gbW0kb9oWE(jpMVeC$@{)r9)fb4C24yQ2#+f45kO^8=BExK0WnhLg%X zW?Y7%gWoILi;i650J5~G{uYO=Rtl^mC3{{NDG*1s3#=Sc;TVOgr9~Pm1%BaQ2^=3` zAOA|^C=1(B!+#!X^^`~KyYZ}CJnL#YE1|EVdmktf3~YeeI(N+eKgZteFn}0rx>Ry4 zBxngF|7Z%`V!*;%A#~|X&Wy&G4HrR98inN+DKNwwnFq}3qUbzeR_W1sz^qcE^MF~! z@h=KIx1C&8?KGqsx4s_`_dE-|xu*B^!Gm>I2p_U|G3PPRR&sEuyqnp&}uH$jsz zonFPAzVv0Z(;=ttbm)KS^a!IxcTA`GMyJ0njCKmw$yej>P#56+bAC+66$`oJtML2= zJFcc$-1)|5sPl8M^RC=^$7tsth3BCD+s%}OU{mGjy`$-4{2xAzdt#3XT$kxwaqFz9Oqv%Q#-oUYvC0{Q&SeiymX+aa< zmQDEX`GFZ}wqQ6n6`3A-YYbkhuI*i@A`fc>wy%qHzjnVv7l+6z; zD1e4xg$tP^0U9-!f)?#2|H0H%W(qhaId>@){)2xe?NaDbHL%;4>aVL~TBeHLXT_SZ zLPY2@G0J5{bf4`1Omtc#It^4GBe_~lWcFrn7eNx4@deh#Z9AopmLSDgfG$%7#V7^H zbdaW}UGWsVTl5~&b&>VqbDVYSG32Edt+qxgk9wX<3ZX>(C$`_P+3f8u2bbasYWEBv zId~u|rZ|p@>nPrlC{BtLH*PkO>;5I2hEaLDtEE$*!=Xg4`cjI2)X~AXQQJaRJ}8|< z*Pp&5{|+0Mi2<&Ag$MZh(e_fuE%dq;f9+U&dMzb8f?&rQ`n9x(7Nm3z{aLy=&UksM zsOxw>;4;%XU}yC{v~@`pyoE@j4cX3rkH9hF5b$PiN8qkf2z>Erxq;rI%~HTZ;a&>5 zk#|S*`0WmQ{uHC$^Qy&!{?@*?u!sKWo=Sn4Rt_c>p`$rGYKKvH;yfrS7}E)5W2x%Z zHuPoGxuMb=<4T9>sFTaNCwz!p^cuc5e~*SXfxggK=nZsvsVv3y#uzbc(uo>DsMXfL z(*zI@eI0)BM+B0PcEgL-h;gFwBSnrcpy)P5%}G+}Y^=4`a2bXU*Q8f!q=i#3JLoZ^ z|CFG8(+BBj>{Jf_oT+~wO2(7BQ(Af+d_6XpvT1B^7zVvD8=+*Rg|Fj*jf9h_a6@Oa zUJD)h0iTS9Wx_tJJJB8(Uc=X_58yu~2fP;>C%qm|deti9q~E?>9KsIs#Gy<4OD72d zh8Oo1$ZVt-wNd2r#|{e`iqRa|CY3xv&ItVnZBn3=80?NOOu!|kZ^I88IHN)6QusHK z%+mWHq-^A^_jc%qeeMwP4Pa`cm+=TG4ntkH4H=24a}ilEzoL|;axGcZ5*^jVg>Hsv z1A_3^m?OQ}Fn=WG*PRMod4lYF5Qig$e}AKRYF&4w48TCi8m@@I$IQv%hYC{1If0 zZp!RGtw5QZIWAO4TWOP(C5wSvhEu6q`Yc{f=KagMk}_fzy~)9*UHb@H@NLDBKmTV0 zx7jkAjbz><#BPtq1N`_(#2db=PUlwh&}rOi7FR`Dyu6Vg|1SR%{l9G$fW}5#hk;}* z$SK$D+a3lkpzEJ8aQGsj?9_%u*C(S|R$|f8k0IY&G_RZ4mucL#x3#-%$HCD#Z)7i1 z_$tx;b@w&tB)z%K%pp+%&zb+5f17hhGKV>OMWZo`x(k|t*}NWE)w}C(n6W71ntu_> zFdBWNU88rw_7m137)ymNx{b%@ws`w^;;Jj%s(D=#sSMC7fXR0@q)3x&JwC3kBi%B| zxm{LMB$Cn_-m(933d+K>PkUi`WVjW7F-&ee#LoA2y~KF`Kk!>BBZw;xCq(w*i~yqw z)uOk%qSl$kUl->;cnWpRFoWX2-`s?|N&>1c00sHychy-*O)5E;y?C9;MbQ>Glf2$L zonpP^CSw9cTUnrZ>h}mB-Pbz;nlI0xQxy0fN*l-}g3aqu7adEX+kJ$w5f`F3p_S>O z9eUd%db{t*MxDQ@rY49YK^Ih*)j-Y_06o3cf?lhv9Z6ld|3eBd0snqG5Cs+kYRy4VOL9sE4MZ)%j_C_Z28R zJ!nz72hEEN&qLy&$M8%iE4$W{^soEVR?_*y^NHGnPG#OV?%@4qw|W8HXaD9Pz1pKs zSup^kF8iAkq|(R9Z*p1JOnmzGqD#|_UE_)?^B*R43NtgZ4l>e>hk6q-%~Zo_-Y(Ng zENW967gKEU-Vs}5i7B#rN5vLdV~XOvm&O*w#}p-ayH@-V4|ktCGoeu0Xf->`wN9nd zq11ZrD!<45YND$`>s@e9`3PrrCF%@3kq)@EYi-2f)UC#m?mym(&`L^XLCH3>U6#q( zd2@knk8eT&iErl3OgFXCm&XgY5I)I;|8z|&9Fj7`cReKCJ;f9_b7XO zUy@VcT^@5~xMR*Xq?K>-D3$oS39!}O!47VF&J+%Aq210ShNL9>I=}^v2dxFY4QGFw zQ|<~*)C~fv-c9n({n}r<0r7s)jU5oy1Bkid4p~)+7vj}EqMo0xBqpOyw>voFQO?kG zdw-t@FgnsESC33H3GJ!ChwR`md^e8pLdPd4b89I0Cd2m%>i^K^*V@poS=puA!(L=< z=G$a-ULEQQ+tL1u>WoR%?VoXJD!DK8o`df{T$ZNW-}BM~q9!XN(*VcK@F_1)V zLpG0kYucz_%2i0wTEEZsl{`KF2G@odCn8z^IN-dXfElT{}laF5wiW zk4q_!-9NWd=`okfx!Y&{<<9-VEe-!6+|}hjnKAP$I0wBQpJb39*%1e!Pgm|1#0T-$ zS0PFCgKlq{C4>=fc7cY2cPVC%a%<|CVCGex+&{c&sP1NNCVl88?b0W$CaR<+K_%Pp zDr;|;%sE9vZ}bg8f2ou4ybgKNDk7qiJV7=Gw&6Ey1mgIF-VyNe8KV}boM^$lyL_=;xErp1eTW4@MQj_Iw za&7wtmif!$@DRk?-k>Ou0H+h;YW+V*cr4El|8R%2^dA`SCz$g5s9=v#Qdz1KJEi^# z(2;m>lo0|EI@&gCRp=`A^YQy81Pb2_Sv^a)FP+(bqshrT`E~x}Y)mFnk|r~64xAUD zNOX_tpl~(kxztYheRe^;RMx%d#Em|3E>!z5Qn_0~pQ2{fCudueUzKih zto!WKPd{}jyNgcrmjb8@;3#_7Jck{A!O?v<&KbPrSx3={ZPLPDX^+{+Wf_d;pSjiKxl3wca#+WW|!?yKGx3U*{Z0%3;xKwr`(w}mo zVUM)&fJ=IJzg!XSl5rPa2hHA@h77qQ>AhJ{EpT7iqyfL5vq{c#-Fm)%mp2Bh^g<>qk!I`3^D z%mS42bu&;gwd3$Uc&mP`jl1c%j)wyfO@BOLfp5@j!+WSq7dRjVE+OL4B9%U77Fv)4 z-iUq5s)|E=IYX{?koP0Cpx%M{a9_ZhlvikJ0Pv{@%1*$|S>lQIhJEQ6zAbbyxqT_9 zcdDLaj^ZZb9G)yk{}Yq~HXax%Qh;?xPgXi?+ob?96m5D`Dl2}oL1#t>;p@)WCO1<_ zt@6*!>O6pIuC>`|JK%&%?W(pN%!P)T=3Kcq-4uQZ+gA&s%~xRHGc&YS;jnE(|C#e< zpc8~&*U>@3B`rdC(rP!iT4=)~_AN#$h9h;P&~MgWT(SMyz~jwC z{dJ-EUO$DhjY>5Dyc@5KQ>{Nru(Q$Dpj#_l{BNu4yy7cS4pEPEIJ*VVN_W~ zRo>?+8B}E_SLtt52~d@#T!nzP-Mpn@eF6=>-H--qm(mb-F`7=JV>t5fN|~#ztLo=zOB)J z8{dKjNQUnv2TQv&S!IoQfB9ZOXZvO)vh@`DFwruDCy>SW+KQ%4IFVBx?m*s@91T@A zUxyfHRZ>}^FfrIH>pQ%=QRgzE65Rpg$?HI@Z1%1LYBLe9Xh%^~^330W(sdNoeeWnL z-vk-mXYThOzhri?vRjs3*){XikT>deq?N5BV6M&ua08Qaf`jB%7&gKcky{}?^N`@` zP25SnGN%EERNKGc{*ThXyMf-FkX-8kN}xd5<7n6el)wR?1P&D3b$}^>Fi-;DEx6kq z>`^v4IPeDU_6EAVW_E!TU0l#QbhU5RJ7EX9@EIm6I{*bQ>WR4fh_?J%5|MZ_WQvsg z8M-D@N5f{%x*NCbk^a+^S>s?`_j)KIVu|1=5bJY3;3Pg_-7E|a~QtS1hV-L->*h(I>ay-Fd2`+!N1-k6x@Sp7C?Faw8)OXeT zOL;jj_4Sqgo8xkJd$JoTqVh)4LEaX66k1!~hxTuQ3^d$J99KoV5LymjVPLf6^;cm# zxnyC%SgbF7g?3jNWZ}}R9V@j0M4!CM*ZqAn`G<2U)zDq|MkvoI#}e-^m>=)XZVKD* zi$_aE)IgVc>*%2M65N?-%iOt5GrJ>OTr~JnS*h{;i2*X+H@koXht@h`443hx7{jF+ z`axE_^TQ@ru+S{$nNc$AM9-Qg@)ij8d@At=yrZ zis)HnICBIUhlWLHpfj&-M3pm-ER3~pAP2QL(QCmzAZ~!I0Yc!U_UVTh-)-`~K)LS% z|1W<=w`=oyi%F>pBSK&HA@qF!4QMWht|^`uI0@Ul++A4*5CTw4qZ{fZ6&~Dyyw%O2szBsBYl;NS9H4n1?3uCz>k(r+w>lH0=y? z%(M?Jry6HJpA5%VM$LDL6`K04DA@*t=f4d!UDTIPR{FzWM%15 z+R?mns8JPP4gZD9wPVFG5sz*YR&uQCNiY8O+K`7}IKhEey8Km=E4xu_thU2%T)uIx z+-hmj>(FME^GYcLZK@rg^q@BIzpm`Va&ScvE2C+@&q*=4%-^~6DtB;Lx+nXj*lFz% zKa0(%y)DwBYf&Y-DuJ4F2Q$-M{wgob4KDdnHG6)Rs}(Ezq{h zj9N_S#3B2X*nF*f?0~mQi~cglbYT8f)~lg;IlBcK{Tv!C7Xuy|8L-Rzz2lSa)aXe8 zIoj5Rk;SD^uQazBbuX8`1zP?1G=r`)@$w#+jqNv3`;Cqb=R^jLkfziC3!O|4UO%s|>mi+(r7wt4c*L(UKok=1(0 z-6BKA(P{4&w;poP6uZv9$a)p6^HDM6d@dLP5@Ia?fo8>S`ZSI4{SkWS9(1F9*I2e2;s632L8MYvHYma8n9FLYA z#{nKZvc|xJgPuN`ZCXFhK!xLP#e+BKJSf*bo0bIW_zTvcp(LE`4F%ZuptFx+kka@| zpGuE>huC7%GL+R1%EB*atp|J;e?BIsum7)T6WToQ2(=j;&@0lW_786GSGZQR$|Kld z3O4xBk^djK6uQv4iy^UHbl@&N!8>l7cJWimCRMg79p`>Xs{;ru{vj@k`yCNn6{Kq1 zh~UOV5gauA;bCgJ%kt=oXsee}(~b|Z==`q-AOh~`FTx0SgRB;GAT(&j2dJH)hkF_H zv9rS?O&%q)1&*^@?E_>_8tPl5$?AxDyz}d5hu*z~A_D9Qf8(mQw$Nuv-rXM{{)->+ z0sHZb319o^r+@4Jf@xfjQq3WL&_S(Rojt{ap#VRlJF{@QTP+pAFP#fvhFy%{m*?Mt z!7m3^O^e3oy_`N=&L7SIK+kYdwCFBI49vqfi}=7U^=9(ze-F%V3g%oYtJlnE?O*0J z{uM^BZMZUe2BfD){VUtxCkdk=eG#N(j;}h79A{6xsUL zShBjf)N;h%X!_ z6bfgCL%58zTA|;lu~}1O^(PnI9C;|6eE#adF4cQ)bt}KfK{%#LftI6tl#}@2rA@*oe;m_mCiaM+ z&OzLt=E|;iNXx6d{YM2;vfvD5cyfP*8~miqOxObt0e@?rm*zI>ZgUF|UB36i@i{u` z@L?F{N@vCqitXfB$Kk$E{m_F^yS!aXc4Md~UkcC$!cVsE2Dh@!snnqCx~v5QM6!(1 zt<-zH>bNunx`j(oKHW?YA}Rs^ulZ0F@r<-^0ls*YnHw0%NP+v&!R!O%zP61A?&WZ( zPRvaQy2aZFw?1m`R2QMA8iaGDCNv1+jBE=nZ4v&9uZ{7BRpnCUDL9E-Vb2S@FcQE! ze$?v-JjW)H2yF_%YuLVw%MqUYQu!BLZou=%=|%*E2v{wNz%$2(F{9^r2Do2e!zLb| zlpRye_igyRX>H(rk$~rqsQ#^7KL(x`Md5i-3_LGJZ)>VOXA&_c%zMiE51)Se_xxw9 zKO!OgQv*fxjQl``aJDN~3(*o>oeG)udEj4xO@xe>N^ZsnnrIYicQEhchs8xq&X``f z4sZV+aG=hm`j>G18FFxR2HdLR{`H{h>I2t_`!^E%27{v$4lJmHf3*=60mZjgR_2w% z{@YMH)(v>d9el(FN2ST7qA=WdUigyM_jS>{db3oLN4+Ps3FJrS_;AE+Pl)rhl+M!@ zd^0}J@TXK=kjn3@hqb!L(Tn01k8+BvF+3EE2>z31RB~mPdmnHGyIN&`C1Hu6Csn)K zew-|V-0Hkkk9lrp8p=k_@tFSvDuaAzzW^gjgAv(gJpoO70*8F=(4aUGPYo6ARKlL} zP`aNtjW-UGG#n_iQ{j%36HZX75&pn86+<2rMLCXfsQ^7GmwV4<{}t|j`KfM8ewy$_iP4+jFs8y@YmYB!)|bh_g0;+4qY^*hnR<7y z<8?ORF)GcZ9aHi!>W@|Xo5uU56j8*e)eIx(A21ky_#tTN&Lm@dq`+jv0@ElulKsYq z_#)jK6tQE%Jq0H9^+n?lQM?w5%^Wx3G;T=HK~@R}f%5hv+`ZYOe6GEGM-yOFjHkzT zJ5r$ADRO*)m35BKSw1J-6ndCYQb8T!UbpJ0mDP#+?MD;#Psk(%jtUfl$W^|H>8>FZ`4C;TUvSeJ}qqyM1)JV z(Pcq|L;*S}K?m>S;bbATF%V-Hq8I)ub?il0V>P}_Hp59oV+oQYW30_U3f5B>q`Lbp zut_Cle(3&#@#}GAbNs$swJ#(AflDi490E+#b zYNAseYn4(9Z2+A02%PA#Z3ZU#)7rUFogN7PrmL9{TRhn!j4{Zdd>x_#wb14^19t;| zV0>`1MwasK({9!T+N{4`rOhhTSs^TFugLCYT<^E3utgW6hqBi3d;Sj-xWbsg3vsa% zXo3ZDTkZtBcqfhCll?0YdvURA_}VgDLtinRz@rzSNE45v_I*5T4(@7b7LwjXzq7G; zVODivW`wm#l&cF<86*GZ4x%%>!`d~=cvncG9=t!(rTpm*-q94!tS-z#7XbpFy7By> zLcVsM_y9enx~6*Id^VfCGw>~h1jiNmk0(o| zI6exg3uve4(O%F}*T>!F?N{nQtg=caNu-v0LMgN=6;c3+;SjpKYQ6s4&pDBP*1^DF zwsB+}RCo@Iaq&aw5^Jorp&}LNq+#k{af6xfKm1UPex*P@K=@2D;yhzJctmq!FD z=&%kQ-(*I>2puk07hc5STSI7st4^-RsOZruK6LT1549GOpg6n>X5hUF)#v(B)JIjU zedrx_({UYq849omoT-?`4Us-7>^`lc+$Mcg9wJAr(#FE>bR1ApDOc1DmdeJSD_0!s zFJnlt!XA*7B`4KDZcoU~;N0|zx-`!0RdFzt@~+FM_`xP8ZHLm{a#C&h66kdq_PU)% zla1*{PB-^~G+wi?Aq+9)a9UC$k)&+Gv4J-__lGF9$uZ*I3NMN?F$yG~QpZrupul9H z066}~+8lp8eu(~+P|j|`0RzSm4w#cDR$MJO7Fxq&8w7oZuSTakm~cU&0Y)3nhlJXP z6*cEAYShD{91Z0&q>^R))gGLk%IRYK5LJOEU?LF`Ph|3kPWZ4jE^q*;W?DO#uOIIq zgW9;Lod#-mXlBHD!aW++*Gi{1>ilIpek^FeUG%s+07HGOReTa7B=+ZS73r&qlicd$ zaloVjp_!(xo0J?0-8^}EBNDW6-t_Q*0%c@Ififo3quiY3QLgPDE%kMCnfEy0kUKC6 zP3|6tw4$QGR^c7xs2Vxg>{92a%GuR&?p|3MaU4|y)7fo>%QDhNK10b(Rfl`6CYO1B zT6i9sL(ZtS&@EYAjTA-rE`xiD2f{m?iPU#nUI%rJhxG1c(q`TX)TVk?wKFp-pPGn9 z<7^Ur>3BFTIeOzh`5ayDFs~_W;~^nMf-$7>#j||OeI8jh)sczh*&0?k_uWX^q^L|A z@qYZ=X?<9u4z541!%KA2%_jWhNJHZYsi+yy&`!q17u^gOpPI5QR7HWM#%DQmYvhi{J2z{_w>U zM$@0s7xoeSMXi+Tu;E#UFG#g0epl~^*YLCb%@j<1^5*}--?^2YK<>JfFI>uJPIbd# zLN;rP1jjng(GcKMI?|;ETEpQ$f8K>JAWzWGp$5o|N=x(CnQ;nEWiAn*{(qpemJm?T zKu2o}7s8kr@3~Z82GO8rp)5mbbSd8f-)585`BTW5Rwa8gobG1kQ4aQ;e{ZZ5_ZAm2 zkHe}--oyU4mhvaSKaK_d@w!;~ZH_C#KVE0ULpKekbt7ABoucN4=i|GytPV#3p<6jB zD-%sp$-fx%=#3|LzpT!)NsCU=fLma4qau^jCKUrgP|&p>K{Bl&X;VO@ukNEt+T~p1 z3J$Oigx67MMASu&j3Us7&Y|#I0cK#%h0h-npEnjoJ`b&+^;;3)SY~2{hDlANJ#vHW zUyF`yb?=SF8V6oL{Zz7l)&8t+(j)mLD3y5*N`Rr$wkD!Wt*(J`nkG3xXf?=iZ&!67 zhVgmqH6Gby9+{bReFUsbYzHeN{COvyMOYcq3RYB4S6S_b?p_ANG3g%*I_3Apf=*#k zv#u6&Jw5aGs3BiL*;}f6r~^3n0#v6|3y^)r3Bf$1k}2#pstCg_JBsS8j&dz7G=_y~ zfY1FjPYiinQsbKdLl}H7Px0XeaQRSR(z$3KWUeU4X#jW-3nK-mGuiR#y%Bhj7ewGe z9H!9sG$2@c1H@lz2jb7)6$|2XM>2>re0v`{18h$m$*{f8fbDU(ZFsaC@dR2peec;~ zExa8YX!=06xyf4r?ftfRWW;HWy2VF87@#49?i`VuzlT?1#(Y?b)50)T9!O3b%MC1o z5cidKU%Y@TRz{VBB>HkRRA<1xx+UihIS4=yF$Th~fO{^0yK9z>jUgAmdJ3I>`MQ$7 znBYQo*H}>JR_@c7>!t-LK(UQmT}W!-L*=wt$?n|Ev(E~BfYc|xx;{e&yt=#JoK&}E zPE=l@E?mWqLVUf$d7=UO;7*H>t{4^2YI*%?vTTCEJW51TrdUz%E9ZU(M9NV&k_q+NoT*5Xcr(*vbEC`LAZH)-tqt9a0)<{eQKlGY>Db8P z*zguwBV|8fdhTwiedS zovq0VET8JpXx-k3hJR$^6O4*!u#Wttib9HoU>D51yAbtqLRqMPW#;FffV-H{Hxx4{gRN`r9dHwtDr zDouC?u6O0uh^aj|9qP52e|RVi#i{tZ8kq8zCLNLI_!#8*HDr0v?t^}c#=Pg|Y;$GT zxXp>4>|z`Ud_*p6-=^A!yjMgnq>I~KNayLYBo9#-QI*j z5OIe?T~5#y>Q;UrX<)PVmFYP4A%^0+IQ#${&i5vnP!XK@kG0AWC$zg>YXF}AI% z+sUF|^5?z#I4;o&IU*{$a1MqlnP>_ZWB+JzY;QG$z4LeoQzJu|*Oapj-@H1)2QLx2 zP7@uXM!X@B_ThEUPQCaN_Dv;^-RfcrbGlmwn%$c$4_z!`Ap#|@medp(J^>`6Mhjr< z_rdbr#6B+B_fbfcDG0C{e!mt!Dc-a&oXazQYM=h)xr1SH}TlL7EZ}254}hp8OQtXA{kJm zw?+IS)*9%&{=9FO;*Q=Us~EQ4>jvx=v0rQZz7VwcvlGJ~zRZ{>>m3K}L%G1Al*1|6 z>}!Nm67B~1$GcKK(mJPn%`BDz?npkJ8d59WBW8r%$_}^cn-1*f96Q`nXfZKA7mZn= zJC{-(PKNaBl-{R#px1R*kh$WW((z(0%9Y-cleu~QYmVktHXN$Eu8<+V&LtP z9|WFqYRaP?^R6o$`awj^FY??LBDmd||IwqwB?QXzrRCN6MLUZ^$?$WaS*Z@0nGT(R z=kQ8X`M@~HJH#I!#*h1ok4!p!w_A8SWPb(rf1WJ_IENsiE%L%Nh~^y#Gsyo)3BAJA zdP3{k^hoL1R9Zwhr8p*5^PF~Ki)p~1K0y2PxeMPED+`n@+Pl{_>IF(2iK`EXM<7TH zGnyFCu8H2z#8PfT7EM%Z_fiu8-q=Kr5s=v7zY-A1LX>?rlv})MPNlp;i-To$s-t>f z>|94ug;RkfMwwn-F8fcQ%(lXT?nYpiHvzze2V*V@avRF?9T=}x6i&gybEAbelmw27bmkI*}%yRNH${JT;QJ|*~H0INH#B?cigclnE-EJco2>b)w<_3 zKo5UG4=s!59dm55igG)Y9D|ah6oa>>$gv4ekaMwFR=Uf|4X8G|p^FeEP+aY&Ubn#R zU(?mG4%MAK+0BOTOtYqrNin(n)z<0}Eb$LcJmL-l<;4C)55ZD6lmuYIcw?l%A)qqo zgt(O^ckVn*3hYAS1=wl&9Cu~svnl}YFB}&W!uxdbZ`qut=wBZ~Q%9#&7r%!tO931gQV11iJ3t1OW-}jnb1a@ubZQ>mfmIHSCS7!sR{R`^U2-~ zwY0Zq01syo(LRlMgd86isLZbB0^lKUb@-3xd2e(s?ivSq6U>zPFlBn3izmdHDK`#t z=TYu#%;mZk%pE|v7w4h%sP_Uaw8;K)tI>h)pR&0^Hdj`~nTm4ryw`*VA?kuGe}x6I zWq+kb6b+{EVOXT&2eNK_(~Hp^eG|vu#Bq@n_>~Bf@i@xs&2n&j9NI&iI1f&#Tlq?s zoJW9>vYAWZw#01TJ?nJh^bUm21%Ah|*yPg7;g?i4+zkEUEsh$s{*YN(SVHT%+3ed7 zZP&siZ(Jb3f6w!E&Dj?IoZtt3-sD^F_`n?A2+3scWcY7K-y2~doR5SjuGcxB%HcID8^XFIUzqpj$ zI1F!mPC0-Z#)T?9i)f0yE@WMrn@jRr!9HMSktRn9~ul+z@YegAF7jCrT6rCKZKOaQKH6b~ z?3{8ms%h4?Tw@jLPQ_brgU+N9-QFG)NO>0-YW9Wce7lYn8+H5Wfuv`)yx6cb9D*6b zoE(i2jZfa>Pcn3S8h>(Yv0<&4$e-Bwlld|tQy1D-7K_lvzYM?%i9)|9tJnxv{5j

s5AH?0PjVFxKm(%UZ41_X~{m3S8D|y~c?O8y6VMayxf9$?*Tq1=C^wp+IaM zFWZ!&X>;0{cYfMl|IMvbXipKH5`P`FW;b1SW`(h~>&pss5#aKCWUTMUIkZ^T1qN`v znG*|Kq&=F2dZQm1%d7AgyXOmI+K1?agtox={(P~x*XP78?(_4F#dYMgTHJ;6jm6E% zIV~{WI^WpO#GKgujF;ydtNus-SYYf=`S$(&jb*|m7VC8S^_|A++c=LtT-pD>tnX=c zYLE_EMMxCxF7)2wiFj|30;nonAeE&SpzDi;?A>rg(OjE;32JzSNY`#s;3%8XPUsJp@q9Ce zDUn76d!$n+pB4-dxx<~iQ!4qKT}@a!qqmtM)=qF=hfpe@Z;rhm;9^LH>j38I^*Vwx zYx9d*l4g%82pn=qD=G_0enJ+ z0y$Xl&AM)+skp_hR02Dw4fzZGI?eAw1Yuk4VUKD3B?Mf)dX&80Jcd1*C@6mk9Cmh7fC?Z8jS=@bB`Gu#t& zW}+K3;7X_WHTyb2KNY^e>;9U3`eWcjTp5XOn*btj1x5lIF_wDgyf8#dq zC+|zI(w$z3Vm4~Unktngg?i$flnSthFtw)z{dqA^!w?P_Ll`wG*mZzRE8q@x{4pCZ z-^r*z0i9ZHFp#d65ksuWQs9Xe8i>;j0~v>eoz0zF=}~HNAbZ^AJz*<;2rYZhLG_DZ z$EUMtC^o6A3p5aV0#4^@bI605ZEfOn3m(Lux4AYOXxWZ}#^>$aWEPUtV9)QbO*gsK zyzho*o7&3b?G{Sr+0cJ2V9!g~+L>54ba1!Q zgArN0-DI`n&pWeC+F-0+9seby#n4ASLmmS#?}VLze_&wox$tO!>gQmD>Hz-#2|L=>?Thzih5BN98-G^l z#wr2L_$$IzKoLDU6fW-JAk%&*NG@DF!C^*o{{(aEIyX7uT2->R(3;O*e$s_x@SAeu zKH2;mFd-|4S6PQ=kdpGhh(I}E_E~dwhyQ_`w!iMmoZW5cUBG84-3pZLj*8!`)H-lW z@hef$03CHDITyR*{{?m2-OOz(z1*tOE689W7v##V^}UJAK_*n}hK>^|H2lbFLm%8L zVG{63GB!&F;MI_qObd*vM^6C+tTqEls)={j|HU3l$e7`NT3*hvO3*cnuaB&n)qGoH ztvmQcIT6s$6#=2UD%m4B_c$7c&#?KDa<=6(ggz(h!Ovx7BHTX(nn(H6t!&HLtv%pR zG|`h2o(xnxk*A`=<57>G68ufsP?9qpfK*Q#2=J9(0m?@L3WYHz;X`3{+OmT*LSboxS=%BFBL_;cIQ(^GX)CKAZRv&m6U2hHL7VPPM@5p1Q+r-sw=B znQ1O%Zf2?nAH-4r)1_E5UCM+^n+LM{%W7aT4F>hTfQW+Q8-L})xF&K|Hf2*3$bon| zS@^4=zh)GhC{^Lxp!N)(;g9+3EF!sX@e#umz6#RU_|O4aN~UgazK{xs`y!q?f90J1 zA_r)#FF7aOCtMeAy%3FKFusBhM^tv9u&kH=mcKb2z2io|YhTIg)pPJ!JH@T8Z{pBW zzMevmE|qj9nfTf|lL#k<9?BiXSBJ&~&vK(B*Q1}!=p~K&t?2??7 z4f!){QptAK4e}^ky@MNuTT?M^!*Ft^mhDzYWuT`Hb^ACU#$jdgW>%_5-}~f)1{!g=ubcJ*o$~ zf=i0Vn@znY&-+im$HMk& zoRKrjptSdLM#d}=pR^i&hh8Dp`npN7l1lnkJ;_Dwa3ZQh?1X!qEhL#m2-8v4$S|dn z7imH?RJa7mMA7(Y4+!|! z--mYpyax>UsNsxG4;b+A5oeel5b*JD`aNb2-W7oxVCta<*{#fXGenyK{^Ii)Mw?#F z*f7Irb1G-NJwvp44g3zB#Y21AXy!_;R2pgKV$OIl(o7G|xWi~BrB60R;t+#F?jW?^ z91F?bi3SvhuZia3T1}4>Op68l5wU=Or2zbJH~McL9fEB0|FZi5JVBxJ{+GJm4hSRp z=Vc>s0lk}vTv=D~Dz;yH_Xf0F5L5h`9w-PkMc(Hq(p0r) z6ELty-ssn|O=e#|S{vM5%j5HrKeOK1K^5D#N`z?|zqBV8U&c)w5z@!Le2l1m&aD32`JUL(Ld( z2W`QX$bk7S4=3jAmUFlJ0GH3V;jOr$+?mld%)bV=k7pRY@E31u%vhx~kFqmD1P6se$O4?gBqq7`(1w{qWFr!wzTVeF%v zAX))^?kjt>#ZTBwBDm+pur_p`4YjiG1?6i81d&L=Tb{D+bh&x zbDYMdr4J_WF=psF z8#>DBfzjzlG?WY^utsB5-+=0Zi-e_7EqS-~HAy8$5wu`8<>KQQWl>sm3Z}8igAF|n zMfo3@bD-wMXQR-UKS!@x;XW{)@l7-yp!-*AV_-nE9Qh5^=1mj@;2GeG8yiuU(zOEB zwkEFD?N8?jvBVON->J;2fwj!pt=lJKiBi4VjPZ7H3%;Ris9+yir?8O<{1k=31?Q1KP` zTN$9)Sd*HBTY;OrgqoC<$r)0~U+9E=07^fy(U7?y=O=vs8>M#r5q2aSHcgu`gyk_V zeTzHy7vE3e3A+7lXd%ybi$1bI~JU{N^96jV2?@?zW#g^WM#AVE}RB*UcMYp z;67Ug1qJ~ukyvYkBYlS!dVu6^cWC%o=yv$A4ER=z%(yRX7xC!DW@2<4okEihXLo7% z{&9{Vmd0L6{2~I#KuD6=Zb>p}uUDDXc{N@a0?b8`!y}cOsv3?x)yDoYri}ru+mK2m$Pi83L`}qF6DcIkgYF?a9kN4zol%YNdxIO|PC=zscS8#!DF^nn&fsCRW@Vogc#)VK&sv}oT9NofAoUQ;^;A8KS zUz*ucz7w5qPk(LL+lYqgc9lw=LS|NVr?YzziHY`wccG-KaaH5WwP4y^XCm(EA!$QT5CT?ss2+0=RSc^sx|T*^x{Q-A5Hux zGisv*8fayuu}$Gbu}-o|aVvw5+Gtzsf6x`I9a@-Z0&qjsr;bPX4jnZHF2SbIo939q zi}>bDcW?7y{_f@ejjU4Gp`cEk*h5z5VZ`qywv<*UqVi*%_Topp_|L?m2B}za| zVYq{Qp`-}3$IEvRDN+ty=7^zQ3SGj-F*xRlHmwK_=#fTY;!iD2inerA4F2a!sin}> zSW!?x$psg!GJA)_v_48dZR-Qrre?Be>se?k)JrH`qTX|`<1e=pJ5^zf0e!Co?V)=9 zV4oY%6>eB~Fi^ZlTT{eeM=9bHL=hh)5L3paqT6QWX1Ic{1j?;=%UaXvv=B~bKW2{d zKOVFn<47GlWi`&N-j>#i^xYsxUoD0Lg`f4KRcC+bJ%Drsrr}x-)KR*mKiQco0Te-x zP@NaePy#9BTPHtOd)DSVM>E|{gz;QMu{N=2F%=E3c3wV*?9wq<@rX3lWoz8kP?5Yo zmNVO4pcZC1FzklxK(FW&4MJ8naLmKGw)^~gqEw0z8`t6kru0gaVf{^8bi#zpXQoH(3s)I&?XY;Kq7((6Dn9Ku!w}}BAX5H~ zsYn=kFEd0&*>06a=2G$eJqH`3O)N~rpA-=c9~I$n~KF$(C z3qI}QxB4Y_aO&#^(ieEzRLo&!$`> zru{>Z>sBJ4^p1#~vG67+9IMW~C zT_nc~y6xGsFnC#YwDL-BjHecNP#4q2TsyN~pwrTD>L4lDi6Dk&XucIgOj@J!E$zc4s$?3SbG5UU} zR}hEKny6P0=eyd_DHxAB1xYS{v(2OI@_psln1m#(|9F!3Qnz_mI0u8AUlkX&0GDgHH`3OB zmuM=w(&Xz8bQDT*DQ;RVZgRmz_;OfpIKqr- zY@O!*oo!BChP3paVUYL(Duf3>;t(eK!e$%`VNWljIx}NN?qbnY*1A72{f?YeXUO}2#)-n?(kBw5e&xv8p2IJ|0`@dT=eC7m*_;GR~TvBL0hJv*Cu?;;DZb!o(AOvfiiWf!bboSBjws4yLv4&Ii zm9IBhX*Jz!^|Lp(Nq0}JK?{l92%`TU(#%T>EIfk5@=AYYJRSZTv~F7r#c(+yoV9Vb z5kDG6AG(L=)%eZOS?Cr{|A6UhINcxX6mt3q<`3ocQA}UT>E)R2!|CTR-Hp@#!E^^s z@4>X*+TGNrZO=k0TJ$rIQbkT-cgX6RaqK}+`}#o)-cn7{ zA~}He>3SOtA0K@pbNE_YF)Mll zx8N$cdeQNbR`6INQSEuNM88`(K0D;Czn6#x3qjyv?Z){;axA%o{As}=YY$aphgAqh z8|m`~_Q0prjzQTKt(&->0&7W*N)FVC?Iobp62~*wJ5PZ0N8?Z|KrYkW>TCOie#?6k z5;-`i%H+XXk)M67$X_oaA+GJsRMA9=MZ2Mvg)<7n4Mlh@`;I&G#pJ#JtuYM*ieqPU z8y}Fe|H1WV8H~eWZQTU~FCXAYgCCQ4?%iKuU!S(JM}lCy_ZMQI(U@=4FSOc-l{#Gs zt38_Aa|2a%7=gU%1GB%yES21ZJJe`43Yj3*&YD2mDz=fl*>VrVf94*vl-+G0ZD=Dw z+T~Cov>O-qw_R;&oWnJ4>o4G-T$`N-BYO|lLfg=`^6w2)dG*hc%A@k=4MFQX)@BOL z#g7)Z{pch9Xno|P&|YTRdi)$&4GT1bo25RGXbKHtE@&$b`gPh}I)LFzH20oF@=UJh zG~@vwCW#VXSMA7WiAFs&h{yp|tSYn<>udxB10F!|$F&WxHTP>%sNpq}2*~Q)Np%?G zklb5nPdz|5)T8|DQW_$75Um#x4+H7UV-J)Z z5aSf8wn6(VxSXH!%5TPWWdy#^1BK%n1g`233kG0N+Ph@}Nj}9#ONiZTuBM8JT=M=% zG==9QT>li=$=snR*b3rt)O!9woFoNEcwjA^jl1!WIAa^XhUv=DtHk*1mqXFdhVW+t zVm>Q{&vFig2DhLG4g$W3_a};r=?Q@aM%cx=uQRdc5vcz7y|cxKDXC39lt_N*R!|W&@>~O=mjvH^SpM0ONd6Po*iZuwGPCZo(MSE$5-FDa z=oZfZw!8}%?S9d^f0$i(xXZ+spj z`y!v&-gs?vH)0yKJza1m3OT;o&ve29&zOa{TAMfsYguGlUGZHD9n>Mp&V#J!kqmD`SZ~!>?;0ngYT756Z(dQ9kz(ORogCPxDM-sUW zLLwJp_d%)*EF>+TlnVcsQ>APIF)5p%r0CA9Q^Omam&~yFu63*L)EVxJ?nGUl%Na=} z|Hypn@WG8bKYb$hqVSY~n5KYWs59Q&BdvPhgzS2Qj!;LY!ChEyGGt%cr6t7pqgoYZ zqkhtgij0aPpkc{vfJ-$;^teQDOb)u}L2beSYi`iR2rF4}y*Lq_#9fXtV9>wk$V8L6 z1daBw5QA_uR+xlIavLE>Z88sPO?g&|I{yXpd?)~@Dp<|Kr_~I4 zR?Ex;@aocndGN9BvX(3|^nMq`H3h59!i}+dU4{{VR)jbjoAb-063`;=O(&4xQ3Udr+hHo)G8kCVXdeK>6<4>rKM~a=rlL^ zn|dvn>zdl=(5sz`UmZj(22(DPiz^PJhk*<6cXmCX)NFQt?v{qvkdb4ZrgTa%jSLRE z06um3tCC&%XTE2h%7(5+*u~%qYz=ReO&Ls%Q(PEt5{#~*4v<-gobqs2k&DEtZ4jKC zK5QGf%KW$CQcf$MkBJ{8Wv?+2AsSpwrvTWaFUh5NkZeBH2O{VPvB5f_rv#j05b1_C zB3Yz(&vSQ5 z!6kHjf-5n4ygINMU-b7+i`sjfC1aQnH9lF!cg+uvXGM+J;u{LZ^WTe@t$c^pPoIgl z#L&V)ZBjLznexb)DgB+!Ozru?QBAq_^JNBd-O`g(lA=HmLjUZc9Irr4L%||lnvOLOQH5P zbvAEepJ~YBRa3Npa%n|5Y3@6uf`))D{nNnFg-K*#%%>}F@3%Ogck0ZMU2?*qzhO6X zaMdL36fsq_sukEDKFq#>13H(JatR3UJ7`Gk_%E%Rzp|a4F_wZAK4k-OaS| z^Y*;e+*i=P`x^?StEqDnV|zk*jP1-lt%R>M+v$4Rb3gZFvzgeCxdmv-a(+kBrhPy} zUhy0&s?7T&9>NPx^fYPx?g4V{O2nKGUzBc|e@RYTf7BywPN~c~m{#a(?VCpu`D`S} zxz%$I#*EypG$KDd`u@`l-mUzod=0}79f0AxMxAE(U1|8hj^L1`!0<%E1<#lxXkn$1 z3{T&thb7_HBZ+TFuM`n(M!hTmYYa6d15UO}W-#gN>bj z|0V{NJQaKKb-{05V$K1nvL7cA=dpfPbpANp-|r|?wJ8*$lw*oYeoPqPsh+{+trqm}#pCE9QJhBo+Mzt(im8S%l_`=E=a zk*Dcm^F7=}lZCt3vsysmcZMlqg|<^eR?aJxc**H+54NbuIRNaPn1~b@A#_%r{3#I? z=Fy=z(KkSN)|;6{S#=Y!ruD)vXQI}v2*s6*WX$~#&+XG*nVm=rq#TD~yZ508{jhe) zR0~^91ioP@N4+>AS-|`c*_UpLB9P++NFrZ35jYU_Q=lj`pC(|qT$4&3 zBQC*k2PclGp@{JyZyJp9rM<9@sb>L4c$+x2BYsH~Y_p7~pLzlyL@cBI`VOuI0&0*B zEn=1@|C88u0>yhT(sv11HiCl^NTM zjswMj?r!~q@j99SZOy+tr=hKVZ9d&c{l$Ic_Thb0Wi&O_Cg*-W_v_Oj&JU)a@etL2 z37h}H2ou9>>>-*zJ$A%_wDo3;BVV=dTTjr>Ovl?KCG%dg!?<@x%D{xC5UC9b%klW{m_ z{vtvlvtJcy$vmcr&oT5v+t9=FrnI4jziqQW20eUy7{&kkGnO9yWtgCcgMXfx9!CEc z!(yo0TmL*0bt`5c!FzSY1*6=~1>@xaI?NlH1ZxCv{9bo@ zyIzfdBq#FtOS`jA+~1SX3;RgayVL65K!MVVT0yeD*M`gqv=tTP49r zI2Yx4c+8)MyT;M5#o|2&5vJ(r$OS<14?~iFS0@Ubu)Pyq@0WI`SI%=qwHs+bV^X!@ zuiH4HK&AHY3HZ(=BqenB!w-y8mBs}xLuT)iUv zf}^PU5-HFEOhy5&?q4=kGO$VkFFFMN)y5~_vdBhfwR6RKwt#+E{59Qp@t;YcxQN@( z*BVQ>b^E>HtQZ+$jD%p6f9{p3rctW%%1J=W2wjK(C6q=jID-k&z;%Kk%^|k7YK-c> zDz)|Fo%XNWND#MltyKU-*DSP@ zj%$f54y4RPIfo&e&%!CEx&e<$2<0w@e=OtpyE6x)x`I==mnegIb9$(8L_sOq2XSLlZuA}b^Y9a*J2t-MM*UyH2L zgkAXNvlVk6!em3KATSF^$9Ji~W>U!sjLL(qs+S%{v$YFIua_3g(EvnJTy)u_z{km? zAD?LxNOS#2fiW+zCB{(HQV9hVS7`iVRyo@cKmNxii2B-ui2nQWF8r2Tf(A(FKlq_k zdiR*V(~u@P0Hl{^0ImC00@Lx(4LP+zg6f|CG*NuZbK@i8GG#-IIOtrXDgW<;b@1I^C^0iBu!iVC*oMK$$uhI3RKbKFp)CVfqi0| zt4SKjHuiAp!d+LJ6)FS(D#$%1l^h@eXfwh>3oy~D&EFj7{o3E0==)YCez976a1;^? zTS?kJ1k&;|@0k_4i{;!ZUm5WPE9ylA@rnd1y+Tyjb{K3XTw9OBO&&DDwP0#)pUIFZLl5x*#WfROXf!X19NCND}>MAAuhgp?XPs$o@XpVuK56CH(+?x zaW*accE&-_@*H}n6wCWSx>(*~HimGi*Akhs?QvniU}=lz-tWwKt~8zToJ7`z`@?re z*EqWFNKBqp2Z-<^y!>8$zm3dt&t96tp-#Yr?Qe%s`-q-;ik@D(IuV~_ZhqdzM8rf) z2v1yVuR)^c8yow<{S?}3#;{$@7HP?%xYGkA^EC=VG6N_D!}6U%x|!gI{Xd-!idyp* zj^IQhwYO|AAV)&TnG@OIe;6=ynataOFw{^8>8bm0W?igS69N-Se{%PsuMx5B@c$V$ zRzh?OA$7|Kx=t=iaEK;v*OCL?)DWt>M&!!?)_D0;uHJLIx_-`zN42_gUlCP zZSTLM^Fw=qiBM_&$uyHyWUTG`w zdcQn!yMYz1^e$k8b`i`VbSgtL(8A1J_-vS5bjAcnx%FQ++2!5K(7IcFJmYgsW zl}-FjDNQXy*V%Cn8aEPDNhQds69Eon>%j6No$ zZ>C32Ht3-l#|WFeBv$;FbI8pJ4DK7V&9w1G6W^PuTF<9(@tv8p`bvH1b?fN|l0gFr zv@yg<=3b_Vg-FGo8;wl$M2!40Ib?Opb;`k48D zqqdo9us>hLv+R4KLHD<$2qYn}gZFG%7376|_spI|g#2q>qJcv~&mGbA*6fp1^63$= zjoM4JjUT4OZsUM7xWV2yqSK5Pbr4t67M2ea(WBKKPvG3qtQv%Fh_pw#Cb9_l2sDJ( z+M_0>5H2+fVo8&Y?*^KMBUpY@!uM&i7n?tj^aFt${6RbM5s9kd%%fiahDZ4>d={f? z=v(lU^&g=r;Fh^N5wU)@oTgHPYsJVl^c6EJ5-K|j%UkVvNgHb2A)5wlq*ltHr>m|%hlg86w?fT{h zx)dJR2aPndV&%WK3Imx9TX__(p53U^xyjMP=q03DQPBYws+yMxQe(hVHlaJS|6T@w7YGTVQ{O8t%?9q_7qTHA@hwV{SR4wA z^sr1qJnh&Dk_OZZX~2qmX_LuPIzm>jsFbt!yK@f%X_rw^vdeo3g;+Tvf>2$38OrI< z|50BNCVt;HS*AdPOF8N50jrn|MQ0mD8=z?84FudLflv$DvyypzFR~+=KvXsJiC9$C zBxTV{JsKs&wR!T_{!J`d1-Tc}w7cSkhE}t733@`nWt&769ue7Ve@Mp&Y?-MMDyGX> zo?K)W@m`N;b8PrDj<7%GWTMHh8+3#ec#Cz=p5dnyY~8W;BK+?GLbh?a97;n2IDI{)FFb`I3e4fe)=+Jn=JZpi(=VS8YvUp-dtDe0dJ>Bg zh5&6x_Tz+ddN8Vz{R?a+Z-T5QRz<^ll1Hc`^oWe1=(QO)qItf~@t`vMG? z1^boNG`EUzd1t4&f+;;@y#gST{12?VP$I zsqvV%xpHe}{^iN7_ejI*!(CnemW-Ka$^Pcvj*S_l%QE7yTb*Nr#$CBzd3&Kf_(f>p ze?+$*+fVucUYXt_65Yz|R8MeV5A>1W$!$JJ{uuXZmp5D3Qfjtsc$GDW9)=EUwMbL# zGi+LJGJK%M*Iyte^7Q_86Cu04%69&SV|;N^M0#?kR>$0~cLCcOje%Z+9qSWFRQutV zh)K6CYj0mP{tWg-AGbFzdNmdR`!4s)}K)=Jf`Z?vF$&xS{Ydr$i6H2Oo6V(p7)wJ}bRTfIBqrFz(Oe+PPM8JQU; z1u7_TL|`qwDy~3Fp6Z2LOa|2+tU(^L%52gyQ{dDf(pUwwjT2Ax)&ELl4{#gk1pFii zC$Dw~2PKua($}Ic(Wwhsv}i5I5==tUfR@IPRL=GA6(Or}&;?mu`cnBq{zWR{fslKkswF5bkV zmyzUcBtz**ZS7*nzHRbqlE1bd?-&>_kRKgg!7KByt4K}+CeAlP zYx<{HSyY;j2&PiWlB6`^J%j8-@a||tZW`&|rMuAufJT1*KSKRSImp!&-e0J^BJdTN zUr~nj>GiO zyrQIvZGCJ&;y)ON59vS?PqzNAiz(Jn8~Re)^-DSe>-V9V;V3f2nO`y-Y01=Af>fG9 ztO?wE*3{Ve-UTH;wON3`Z%FOpjz}fn$FY`qWLKn;=Zwi4J0k^_p?>d&#*A%Z#uRDe zG|hi$i8R06(ysZtE$y10f^hdw%V`^XFFMxO+mH3u_G7&c$NESdiUPE=Rwi=i?!Hr#wjpdzwWPe0Q_G9~zz0`hW%dxSwagip9D28NQ z6hggD1Gx=thuoq^0w6H^<8&ihxH_w`4S-jf%u<;tbTM)kKuVn}s|nd^Mp~wMkF}CFhwA~M8`%fF^!PoL`)->iGXS) zF0;`{CQ@KS%>U~V2`z^ywMP+X_qaYXtw(0!deB0MW#J3SOvc8h(AmdNvn&bG?}yHe ztS2mF2+`YVyPO{V#CC=*<3yLQG)IOlF=L{h?SB{%%8$ak@mm}@X*HjC-Q{^Ab#$Td`tc#W{}wnEhJvAqK(jsrdW!b=@sQ?S#_jJWkq-(GHvCW zr4>CBOaGC{#a=uY{Y4b0s7sIwWo3u0h#lN6aHJRjV zJ0K6(%5t=WT~TgEP3)lk?YG$`WPW0!&e7!z>dYALYBP`UH1t!AIo3a9wX8mn>fea^ z{}yz3{k}Og1)q74u-Z`teDorNTv8W(!VV*3Lat9G2(QLF2+tVDY6D^6=&=ft3)}-z z$*Xb3v08w5W(B!&JBF?eoW|Gi+j~XyV{a1Hhs^os$*Kh*4AW=BPVQKnZW0PL{q9Gp z?9^13>dYMMQN5Y@o*)S{Iy$bh(7T?D;Ry2~WA&AsF_>t2XC$WYVG6_8q^(}ZZW3}6 zNot=j0@eZ4tTW?9H*S=8r2RL`aZu-gz^pX!F&qqGcVWZBF^v^h|c7%9ZJdzHsY|Gw8CE#OgPoSXr`pnK=~B~-Cp8O zn!OLo%7(#)9YR4J{Hv9PLot^+KcgV$5K>10lw%LCa$a0(aw_*76K&z1Tx#rz_xzX* zVOF^dx+?n!*_eV_9Q5K}8&D|`yK_{RWPT#B8N&;a9$%p2vpcM!uZvvz)=|Nfi)-;2 z$sAgng@Bl?8HNiZYDARE+PV%VkNFfDEy(&#spJ}ZO*pJg30s7H#AtlXRI1%(P4<@` zguL&ig;(elU)8r9<6%7G5)pG)(& zL**vace3coT5|`3SgsulC9p6lfQ>X1@!q(_Z&@vBy+s3z3HF5={S8TrQ@Nc~PxD#Q z3v>Uf3|$O_w4d*3)C&SXNlU89vEz#VVgmOiqn^p()-%&CVQ0QKjrH@6YO@GK&a?=Zez)S{`W=|y_m z9~^NC&^zYD@-ukk{68Ey|1;X1|C?#%3!4)V2~v6_jtP1gvn~O>)4?!vwrRzvJ}DF} z-#OYd;+5}VO!FqdDL48=cMr$3ydN8Mmw#^NV3RkOxD1%6n@!NQ$A17~K%Ku&fDw9X z)u=@}hBW68ySESLaG_6HqKGGs{bbW6m1B;*r23d!Us6X+;*v^^(0*tV89E^dNc6Qg z{I7(_8TMW;CSXJZbs48B8UUQhVju!K5b<)MAVT_n7y&^zf(7W8PzMZu`*ie5=T>yY zYvg_us8vx5nntREudV&1=5n4tZ={m1K74Eqc$Zw@ZRv!U$SD5b(qVXZFwwApeq1xNejkbl9h2x)yLSnbln6sPEIK?PV zz>B^!{HL0B1kag&V>ydn8qqWS$b5Vh)DnMAFy(B+2`;bjAC6a+l*e2j7Af$Fv5RlC z+QsMF?BYFUv5N~MyEqvs_*uAUaYEbs0b|Rix6^pI)>sM;EJgYI=oW_8T5K15J;3<7 zZ@aJ4jISm5`o;It=`Afd4daV`NQfh6ch0tumGnlcSyil@%}v>2Ex;CQ0k&8Ru*F)z z4EQ$%{*8lw`S7nl{L6rUsqhcW>y6tz_U6^f9!G`t^YKkL5B}3t3SgWgWglANoAT^{ z(Yzh<77@L#3J}+ZHxoiG*-8xHi#X%qigUmm^atRlSEirdi}(Xr6L%WudEng$^sKm} z5s>RzvFSPG>Jsurdhisxb5SZ5cf(M#TWZ>x4+6+3-xvRi9s^?htnJq_%XGb1zsZVo zSPVln=Ct;g}(i3YZg3><)wNC7j3m8I=w z#jseTQ20~FfB5~q<$JV+bt=u?EPr#nua6vjk?}ujdJ#3K?bzO;Lxm!Ci{Z0rZw??% zho13JDdHl5X8#pC?0wob#;`&&$e(P_y}(0+-en`yp|B(zLYZ&O>LP1JQj|jOxq5yIt%Yyb?ZaRO%4RBZ_!nf1mrBCG6l>=%Wh3Ipn30UGvHL@MU&K*{ z-sZvFgH4?SiS?LBg~Xz_`E{^o1tfI)zVEWg=iYx}C+L92?mup9&4VXsYZ7iiad&*- zyU}ZZG}a+C<>|0}ut(||%=dO_1#Wk2Yth3!;L|PFlfZoITX>s#YS){H{y8j&6#J%k zm<)C(`@=<1eyg<)GGMSA{*5fD9n1kA$r%44@=msw1*t$iPHYlB(vGvnX8}eH=u&|o z;q4IPdJ8VWCKpCy4?7x&JBw3CWch~XY(r#}*;?Pkotv`5I}QVW=GOR*z#WZVv^;Jl zWk;2>!$oGjTp5uS&f`zdk$Q3cscq^{G3v*0{c%zm{K!1nQob1el9+WeKzRf)k0W)= z2-R>MiB-_c5+ce4<3s)NNN^J=agipv$2QTibrS=q33RMaO3(< zvKReF2jl1e(bE*}NyS@Zi`Q~-{vSOJ8N#6{je6)`F-{c>{yC?-_;^24K6{II!8K*A zAcne4{6rKB$m)!I|4Nd-8=i4HYCnCM&^DT6s&@ar1jD$XXj)ba#`Wadmk&#f#`dJJ zi<{ew=M3*BL3=YC3GKl~0O~<)o?6<>Cq^F7_IF#KdDXJA$EAE;U2u|!-Btf&sx)6# zse7qKqo zPWRr^+Mlb3eOfTt=vMDal@-!nLSu2Dqw__`P3?)&M6|syNOo5-zV0k=pib5T)XBrv zq~X=9&kCS0`~ba$q`=jnU|_d2Lx01eRKa9Ngo)4>m`zWZJ>E&0!3&zxV}#kFL!4M> zC*#vvl1XO3Ra-_>4Ib@P8Bze9NBV0r6v_xaN6pU7M2z_q`4drK_(@gXETu}f|FR#j zYBj>Ml@=qS>2p}?@Gh{{IZV>W`>qvgapS!c0_DC*jt26t1BBz{bacZ^Ud zlhq`meXo>N$)T>mPb+@2_UwSR90?41GoqXjRr;04ff4Y~mIl&|NoRu$SE;YOV4mv0dIE=Q;RQ2Wwj zaEu1izzMoSU0Kof^EX)BCP8`lVvIijhT+Ffu&s7(FYrcWvPZCaDeHzE!)nvOK+ zp=a1;zW7yiLkI~C6ZeS0A|-)thw@&-+=;r~z83*n9H#jhpB8K@$KJWkjGzz!2T~ zD`KAnO1bOuR;cgh&y zXXPQ=V(5`o3I2*LdNF2t#o@cPH$P)Nlk@(=x5C}97^_)Z1cQZY-R~nI_7FC! z1GXqQ;%w9oEd4VkaP@STQbX^fZl%&={{NVJ6Zod8t#3F<6PiNd1R+usut2dzWT=9+ zK(Q$aoInCa1#v)76w&LzkO-ncN*c=X7(lN$&$Cyr7pF1_qy;*FV!^41R|}$^7>9z= ziQ#-}t-Vi%wxG}RzQ6DLyq6|9d!N16p4MJ_?X~_ZB<7YcI4gnf_Oa@;Sjx@tC*LK921YfaTOme&hYK8~f*L=%246-9-NhYEyIHExb(!P{hdH;pq<*j!eNeeXUv#lyazy zdnuGi88zxgi!<133`Sc$$E81tcRC0?aqgE%B&A3Qpc57fCz|>Vd3i z`<^1E>=ObVX(JcSPI-#Co%fzfc<;Zu=zIHVIf@o|&(h9&Hz&OJYV5tI*n4U4URs;? zx+)jNz2}`DF~K|DJ0O2LlQ2iR^)h;ppMPEM+8na5+2}1`mcQ z1KEQM;Q`30*W@c{?12>?(g0%=^ap-iizm0@~vR+ki7c6M0V6N<(=Rc%}HSDiDol+$g%#$a> z1B1WrRP2}0Uw0z*%j~afq+dem_&Zk>+$qX4MU)T6Vcb_@eiO~2zbs9)itllT)Ifpa z#)8U;(*o6 zoURr3LPBx>(u$k@H;VhAhKd6wC6Fd|8pA4@mV`d!v#=y!wpdsv14r4yTy~ag808vC zxyCU7z9S5bi}(z)M37A>l&u@f#{9&$vTVdw2>A`N9X4RLU)EE$GzS03vZYft9(!^N zW!uHFrBk+hShg(6#%wA~k5abhShg(6CbDcfl@1+Ye?u^g+Fz^v>m(hbY>#@LI_K^Fu zu>J|uv4?5=A@xS!7<-t`A5z-`MwK3B@rTsXz`5*U4u44P3S_Z|vvhH-2#jP8hw+E` z6yOn>CF-$RSN?~Zg@T&58*yKDQx9+C;~VSskx0At1{5aw23N3%v4S#O^RD13f?zb^ z$}isU6zo;-uS}jY&wtopm-FY@V5QnpYV1<}JbI|NVT26+0N1t=9-OeHRN({Q4sBw| zGmFijRsJs=nR2bYU=p&^Bep74lsb2WC*l5dp_$h?31e;+_rNeBv0(E(o}*y%^LJ+H z)wyE4^fNw3lEL zN=Fuq>?L@2JJoXdalTXCQGC!_7x@6{{EpDjjz&7d_s`%vwPne_vj}S1l!6pVrek`F z*!n)pt6Hza^iX^N`W@}Zlg{Bd^2_q!Bb-)l8*?uY{kIgQG#DZArlMXhY9tPR~9#UwBQT)EL21 zyPwWt_V1Odb^TjNNfQh2<#`B$PIhtXPcy?1rDb=Lt^gydW2|JSTtZkPvuB)i$-`@* zpzBX%={8wNdq4Lr*8O?7U1(8ZrJU>#MKpbgVg9;gx2~0ZFXtl=sP|7%nqZDBf->)E z%3^`+&PB?2l~5fUmq3HZ1q+SiouD|p4Dm}w!b__4$iL$8OD=5UlkpRLES(0q-}?#E z!X-JSy+})>gIj8b;+(RC)wrbL2cp9N--z#kc8Py7)rA{D8y+o#I#Af%h~6a*^KOAb z=i=;UrdmPMsoLH;+eS0>&X+h~a3uJpI*Bw>|6w)}Xo9`NvRH)p zm*337-@i0u5#(4B4(ysYvly;9G(e`e!~djft?)zfG*$*`HL_*X_b@L+|Hdas>pvUg zQlEf{!lKt*@g`2V3K|HQ8+dzcdLQ%4J_;O0*|=>Q3&^cnJH1Kw0QZWrwUB5%itMvS zwH|vTODEMwOw{4+hD89%Z{1A**;;R)GGIS+6NaqNS#&~4%V}n*fZHR69s(xpFCfe5 zBjIo9zR0m&bJnR%io(Km4#FJvgz&PoK0SZKao>NKAse+BA_dm7 z(1nriE`0Ceb; zr(f;Mj824tCV1=#!x+>xWico`*lHel4X5xTTqIe{iOG=v7+57yZF!%s%)n)rJqz9j2+9mTmK^e4`6j(iJ9If4bQ8Myr}D zi9zt1gh1^HqOg{J>>;m6Zc$6bBBf$Gl!jk8k>J49?%uyGPqXNlPI`{LqV$=I>?&2?`&t;* z1CP6Ne;51>H2G%W9^Qn=JV&w*MzT;QkUkwNl%|eZm6}#zPeYKN9TY#J8RiteNT|$^ z!#Kv@)Y0>^zp1n52QhfRLDc3O-O5Y5QA`{XzaQ7oejJ@|oB4bz$L%)vQ%`Z^Tv3~B zuuC@~gl+MiY{J~bm@@g6bb5t}j)e6>;H|Ka12-9n8CdwmCS}OTlPatz)3#gq{&$pf z^-o?#CfP=$Ig32TJd5m-GfR{WqC9~C5sSfxDH=ggVzz7#zd^sABon*flQ%F)9q-BC z=m>)OKDXfbS`-|6-0~=w+)vg^<1z?v1h|DzY$3C-(HS5?n+zx%?85nZoRfUs%XEs2 zx$+&N!K^^*tUS)rzAeWY=NSU;9sCpDgL!@UrMPqDzv&j?GKWxluA_Lr_uTLov{&D2 z=1;hXb8wuVK;hg*+#9MRR<)et-T)w9qMyspOPJ3;tN)iw-rRE#@*rK7mT zI}-{FjSm`q@c9{h7TAiK@X}$?IQuF+W~b<_-u3<#;{z{6vZMZHHebsSZ$HT3=?zJq zvW&BKs0ziHlO@Ge?uvW4| zv`~f!kA|EBkvX1L$*k~RQ{;YhX^~AWzX2x;UZW=hVgG+IdfxUdfQ;DPSAdiSSyUj& z6|^=#*E@!HF%Aw7DdXW!w{fd_nG1ZQQ*@qGcko)hD|feBI^g{dRl6WQ=IA1ws0L|L zI+=A&O5=)~rwA1S2djil+WEg_k)B+&_CQ*q$665drkTau-55R2CN2zM3gPzUKmRY&aeWlJFuFh`GZPnO zy-U9743RY}9LYLoCE0^=V`R+`89tkISvY!dbe(`+-k0pBd%8O1!$Hlc!o<7R@So`3 zg26C@`KKs~7G10cJG;M$H{Sv2T){xF&fs{HE4N-Kd7PNDyPo(e!``i$vo`L&!IgUq zcDG|;7QAvP2=lB2F*v>hl`u8Fgy-lSTGh_`Pw39@zBT^+56<}hJM6$cdLM85ri+?M z7Q>ig6kzlXJ+mNw!ypu+BmNskA@BzDE_8O1P>g`7;fHYx;%>7|F}K-z49M!t-RsG8 z$)>(XvzV9mF}m#7{2V`v+bQ6mqs}FH>s`U+rV4wGacreAXXKQr&dAk&RqCGlgi>$O zO8w2)w$$lZ>eNY2mjpePw6qR-tTr5WES=@Z(xN8R& zIviI{kgm=#iJM1Gnml+KJeweO&!Nz{l3OW&j_SW(2 zsgTP~JNWd(!wv6-^J)0<|99>GEwTMiYwb5Av_BOZjIAAv?eCsbP-)LG+peB^ReZ}+ zS<7){dTyrJzN=6^ZY;waWDIQU<5+^%eZp7!o(tJ(KZiuhxEG*u&johbNAVMb)=RY) zp5iYYYEf0#ckJ9>;yyPbdfy6YIlB~DDhYx{d1V;^(Jcwso(9A+?x8B2~4senQ7gGFF zQ|XV|e7)hxc4jr5HU^wx{eze*uk2y;xPtCv#g@hd8gnydFkTGlCGqKfdAicX3dn~H zcg1JW@eGwb13^Q^XZWrM%kUb{AZkOD&2uSvyoh3+qfpC{rsX)F=eU{Ym`*Wla!E&E zJ++(XI?ihv4Y|U-THDtp-a+jZh_87L<#+L$2XJaJlH<<5?`Ra;ye*mG%P)M&*yw+nThL#EMN< zt#7gf5{W9uW-%+hjMH>CFD(YLmRV?0J;h$!eI$$S1yt)idU3pVDKHoL(I^dH5`&qH zp9}e)I)b&^i7d+F{XSw{%hDG^`VvadVCjn~9SWVt1SL9Maf+v~it|-#<70Hv%|F7A zv_Cx-Coi4_uOU&N$IPiU3#1+FQVjfxU6}FeJ}l2A8CGFJdOF zX$*`;wa$Euh4lF+nU48J!MhamL>_N($+KXPDFCeJGA)MB;5LDI&KKq6s9kwD5JjuV zyS!0_)3DRO)U5MNw6XAUC=dOUd|6iyHX-s}^1c6n$#{^xrd+#MvwTj%utZ5rhaJX) za7B_nI}}EIA9v7ecB1!=oIlJJT)KYqWQOabS|3@L#eitg_0G15pja!8qPom`Yj_D- zr974ewKkTkaJCQv?~_@d(Z+&d@*<~eZl};W1?#YLyaTCYy#0KWGxWTRlf2zg!K2Kr zXi&35g2l1kCUkWaVprLLpVXJW~bc2Dc>kMrD=T8&UrLTXJdB% ze6qfB2sPMv@R;x@!eX<72b!W0+#_GL%MS5XJK)hQmKX!5yZI2Vi&XZuwrbt1SXi}x z{F4&W8PxW;xMj;saV>0arjrt(;-9!+a6L~K@q#=tmhlejIUKw*L4N5anNzqhs8{DeK+xeCVes*iU2vE`8;e%53Xl`Rq}x zLy;`$7+U2xHMgsL7qfmw2Api8MKKr-N;X;*{e{wQXetgvJ;$#(HRDiMD(4SJMBXrI6H0;X#PkkwibnxS8*)?rwX)Pfc&#ns-fF>sL_)!O|Lb{H0=YsL0h+F9J-(*;Lom;+*I)Wm_AFd;j?tIu> zWt~mxKs4viMJAfP-+v-ic(gp&eJc70sMfpJpf-G*nRYm77K@ag9%pLmKVkA-kloNQ z9(L5ju(xqliRVk3U>RQsY`#Ne58qln{kTI2@R4(&TpOup;tF%Bhqs}vLFCEy zUZUKQcAIX%dpsF*`34)zt3zpnX}dt%>>Yb;jUk#{CImz74?NVH;tGy0xtyXI)T3R^!7LqV&o*;EsbH3FdsH#%)bo(go$o%3oW$&s<}n|Cx=w?S zRrHa+82-%_E9og3CBxUX+&US)`uL)(q>0I}Doo#ejk9t}8rKd6f>^=We5$vMW!dz# zMqC!kO@189@P!Hn1$;)+P?^N?9`y4t9Q|jt}i(3qOQ_ z{5#fcm&c~Z+jFDQYhjvQ0tp0xv|;`I;*^|bI5YCuu%cEwM`X!u&k4fOtF*g>k z1jZYVN~VdmINZk{#Fsm@nh$iIxQH@*{@`DpC-k-2dE#}-Y^wi?pC=xFkl&ibOjypS z4`zOC=`elpba15+Vb>fTT(gf&lHWdxJcS};jwEG9=O4dCnfiC6H&^g<5#{A(G)*`b zKF`Pu9L{z$@aMe;ud}1UTbp`oM}vNY8dYE3Y+)eqmO-N2`%3r*`>CQ@-yjvaLqW5Q zlmlW}I30?8Qfxc{4=qzk{z6yP-X@p42zKgmB5I_Z(!C;X z&RZG~fuUR6d{cJ_#jnz(&uwY0*~@{JpNtdzAB{#bbe<_r|3?{ErEb|cU*6?iu&*3= zPu2xZm>jjNzZO5Ah1Y4dyw6-IWz=U^h)+5jo3PJD$Ld1^frGR*4nKGHUL29V-_}?k z-;J)6a;+Po;7E7M(8?cTVzB#Yv8Wu$cgwF3?c$)0PD0j3uNUX0hO54R_354II#+J> za))zc$G3Z3cgv{nR99}2w)Fsp;^WRQPL*eRF%s7oEm#Ubwy&CgRPUWghI4)a&1 zc<*S01LNXB9uae*LjNi<`=1QFV``lU2LoM5C=F#-M<&6z>fv*$YOQ~n{8^q`Ooutb z3*XK?iU>&WEtMJw%Z(E5)>tP>V)Yfv}! z;w>h}tuvfw2ryFGr=0gHLy=k36Yb5YE{gYukKsJ20au>!ym57+&*Z1%wsl{ct%2k% zGfAc-=Gi{F%ZT^Eo({H;?j)o28MEB-yjf`ZQ%HCP62G`Cc_oQ3_|J85a%z=7UtxAp z9ciz8fLuPWW1U0rkq49|TQ&8@J9?(}e3an2A4R{oN#rfroV_2*TKft&3otNbqkpn; zl$>Y@cd~>hKF}&qdPUO;A#H4hF%!-Q8`=5ba%A=mLh)s>aLhvSKvMLqZUv#?~Bl=GmJn8V)?9CE4&GmTZ4b2{s z4SSfk=evf;IA&RQ(VU_y=3e5t1V1kI45dE9cqWVl8#`3)+=4ouR@k%eCPfVI_8Ge> zHB;;2LDW*uSK6}K+h*B(1Vs;pq9X%Y*0;5+FSp71Fk~H>K*io?p)b5@oP|nj|7JKp z%ck!>#r50~x7#T*u~vVfFIk@Jv&0Sm3PnR!HwSox|m4c;*eUFTVZuER)mffvze z8oR0pP5PGQ=n(dTQ5rx?mB`Pr_ampt4F^bs(>iR{D7L89NkycX&1b^bIFUDMZaXld6uFLYRKbs zNtJZPk`LobA?NqFg5DQw8;u&+c8hB5_$0}=-eg-vvK|p&f>zrC4*XG%K;u1An^m!B zXBKy+Ogx`Q&wKee#`$O>Ku9dbwPYk!g99G4HqP&(Q}%UYH!IAF>H@pG$gJeu#PQEc z>C9TGJalg|kJg4Zi|<^|U?iT`{9eAs6|LMrE~>EUHDjhHXRrWKU7;-8uIr$}No?9H zGkBe@BrQ2r~L?Nuko}GdD<&H?I$#K zn|N9wPx~3+$a$KBrw!+65lB0arw!z3X*}&0NIU%=OY6+j5P=`leucEdJnd)-ORM8) zzd>3BPy2$W?c`~{L)yQ1+9sa%22ZPpwADQAS)TR~PeTlj1w5^Yr_JMO#~^JQPrH?; zUCq<}Kvu}poIEXur~L_OeR$enp4N+}9mhZlJgqBF)A2MkNB;3$mUi6C(vC0_DhERB z@8)R-cv=-tYr^PCJZ&padz+^r!oVXu?M0rpmZ!Bq+Pyq2Kxy8^`1}MszmY$`i#?x( z&(TSC9DhEQJs0u$DR@4FKhI;&hv9Qv`RDTI1K4vs;ydty;PiSv{_s4)d@vJajNTtm9VXeQiZ!rdYe+?i92>bti_=1rFbg9CF(G z6mkPikhxH*nQ3j}W?EIQB-r>W9o*`ktdz-ZVFOb}EG9(L2Ak1>&{u3z?CX-JAOQAe zBViO7G<=SIs&&SaEcgx#TH(6mW>RO@D+uL9!O75@0x`WXk}ez~DVXk)Iu5UNz`jrWnY3fhD(cS-%Ds5Wov62QE*_(FJPn0Nc0EDUFhr%8wG%1E;b z7U($y!yASwlPedJeL~;2dsC1rC%UO2mMKC84MQ|jJQ=+C79ra}N5h%P_HL6J$z8e)O=OU14{F}+}CY`p#HcI$bb9FAx)mftKm?u^;d(Q0$98fe8C!!FT zp2RA2X|QQy+t~YO`}6K0Dze;oBQe2(B4^P0@g04b(@3Rq-})xiDK)uKJ~@D3>k@)2 zx)o8r&O*nh_ehD2Hz!l;MVMA}OV7~wP$4tVEc%x=>6mYcD|nmUk^QSHIN}ly2+dtl z8oI%$?sDe-S13k=@=3wb|E9^W|J_;klWBr%9D~GuBb4?i-tVb#Nrw{j6Fh#yCBPVU zV@Gx$=6xSdlR{}%Q7tRp?>!WG-l=b7Aeb0BqcFiCJY+M6yyqxAAEzT;0NwP%OK^su z7x`QiEbkG6dJ9stKnyP|GDJ3=In-S z71k)8tZk%rkDQOAdaZDQ&Z+Jciz-m7>dgH{@MogF#Q(quozDA%t)Y0tGXzHawNrMD zFe8tua>~=%_CY7b`WT^Fyvy9-|K%iCB^*m{C)`NxUWYy!6%&Hphlu|2LRb!WUelYy zVk%FDK^{e^@Mj&r2jEsA`DXGpYjmLh%pNZ)wJsIqtIP2SAN+R9cbosP3HR7X%)^g|Mxd}gNAS37 z;Ey9TM>tqENBAm~r@~>^bCXlP(L(Bpiqon}*2gf5p(BTD%VSV%dAMYUP79&r&vRAc z5=lj=^EMEj=lr{g+;sdq=eD+n!veA6JeO&O4sNsN&iCh?s2~+86u9a(gn+HXQ0!g%zK#vc})cQ}5g>AV-y!Fh+W{hvuJhv;ug zT5v9i>AnY&)bZZb>}uZwhSMW~{p+jc;>&S%Fwb)K-I;_C8o*1WVd38FR5~^O&XP`y zC^4v-@7SksN{n0$G>)L3l=TNr@PoNODOpm?VWRd2FIw(u?F0=>DtP z3KBg?km#xj60!P0qJS4fq3e9ug|fLgAr#*N-GOINBM=+D2JzGQ>95UwTl8)w&abqR zlvCbW+6K>WdXdO6u{|0#=q5x)PitY$U_OS#Vc|Oc`Sf!t`uusUPU+n6EPWKvMJS#^ zKgO9+)fCEZh@{Qo_%0QqTJ9_gQJ<>S9?|K~(Rn-C8hng541n`tzRsHrAHdmqp$cP< zLtceDu6@*M{CHqX6smTHoQDP>OSG=&ECj97`Y|;AYM?s zO1oRc#NNX50TBT5F?>o*ktvW3QG0MjEQ5tH7(QTKT*!mRzP>hzEeWg5_dqf%h|bvu z@f)s)9r}a*pH8KG$7zGr@02=_V4c&}e|TDA{HHIYGNLGNY+|z*WyEnLBVGaz>$tJO zg+*78h={_%qMK=pCAC-uT0{qn%usKF;3|f@O8)*V!@H5!eDe_r*IY@|Jlk(B8s5WP{ z4W-%!;?*P8mX4B`OYVH=9unlK(wKdVQ$5ti*rk2>J9?+dy%x5e$Ck=6hg168H&XA- zqZXi-wEv|ql;t|R2YZAG`Pp?*8d_(ms7tYjw>X(b59EXTC{bSnp^|x zun$*%0Y7a*X=;YQ?6kkxB$VttjlPBU41Elq4B=)6mWlpmgYeL+lz#)H&nXL;g$*I6 ze`k_3J}vT6G?!6$XgTJRA(K!A=_XMcpA{*JFXqOCV(h{O1KDG=z=QI~WW-5@`FC`lJSN!SzPxt~(3#$QhTMU8uyb#eVR zt;W-LX2ogpsYXwiSZ(7UBA4|ckhCZrIy?L@^(?Q^EIhR26dtazC#e@wpcgFR#qpVd ztf_xR)^JAFwNbKeV`O-c%`*qu{oQ=SbB1WISyR%<*q+P})8``2!dtJVHBFk$~n zKg0e7C7-YDVN&8A_OpVWP|vjktzwB(qP`SpM7WyfkGPSf?jO-TEtBhlk+%Z}Fn#e6 zU##EU!L~8nw?f`IEN-0#wv|FuxuBOm@YnJ!xSg4Id#{JXrXKz|p~ol961t8n6f8Qy zBErvc^MtOeQL6P(KubMtEsts2To<;@CDS(N$&y!U5?!sdlJA@tL0ahmZ6q@$4t*jM z0$G0)?f)t9J+Yi^iCeM{#&*QWzsXxN^4gi@8+MC87OBDc=|xLOizEb2k=bPzL>t?5 z95|6Yh5*F>Lm@F5B2y5zV*?i%*WXTzuDMhb8J}kllu}J(T+JSQRmz2gWw(>aXy>rx z*U~NVOtTy0#iIL(0?&_{kht#e2#Hzk3W?{?;z-pN2l}_1Nj~&&`S8eGVA8h{@ZB=J zR!P;zU90>j?pno91^$0}pOQ0IyHC0OZ1*Wa*y)1PvRsIWCM_3T(xQAqHp3IBJ7`OD zOXV=9-Gco~w|tIEx@Njdnq26a;Fitq;1mlaf!G2C+BsyP3$(68 zTJN=TIs-UAB0tdljhv1z@YOngE8hqiIvd6R#F#n3$$E6U zh20}rlqQ?eHA@f2|K&VxX*`uzwW2bS|F=VL_rIpHbVCA_lQk+2cW94FV*-_;Y;a0n zxMVcS#CtF0+GOq^9H_t;EA2L7b%$7J)pVz{&n1O9e`-sA52PP5wA+L)(MiqJP?|vh znp-&i{bKZEY}?>9M8ARPzou<3C&dW-)f6MJ2N3vo`&GU+Esm}m6X|N4tqESHR&*KW zlQ#L;FrL+4HTU(yyw*sc!~2)j`u?5MH54of;yho!`b`pEddB?_IXqJ&+X zNZ78MHITd3gqcNQ&xFMOG6Q$MFC8|K48xh`-MPm9=FtNBjG1C z!aw4K*Ad|#doBdR_r1>vKTL$*aT6!}lz|g|o5e0QmxayF;536nYOMqy8sM=`RD*pDb)-!}{vUU!1oBm0;X{h9jk5#9e$A0iHNheT?h zzmc8eE^F0)$qD`El&21J%MLV*R6ZmS3z(7Kiy}8~;X1W9-r^H@@{O%0Fdmaek{aY} zcD~crYif{#4{K&i${mk2#m*A(s&7+{R^N9s+Kt$}>s>uh!Z$Avik8 zO+iug2bAmX=h)TDfDPrghFpa5`fAOny1rcm?#SMc+r)EE@PC87O>9`f=IIrpyh59& zopBZqp@1aGkqhxhUo8@9nk#79{77#ypT)!JF~xrpm8&guVD|JRdyYXqBE6FJ2C@-D8+ z(&@b;T=IzX(XD~Zz~|48n$5dXj*XQF9$gAImPGyaYiNygu&BPPlrN-X}Yi(l=p)tZj(JFJfCYtz(!-jazq9ca+N@usTJz_f-9r6h zq~Um?h5FAi3-wcs$m34wzb@%}r?k3`Zv0m&Smo{2y4_EWBCB#Ni_|*~#DurF<=66! zD2;5R5C7ITSQN;5av@!bqpA1ybIU6W^*YU$;ldnt1M@T?M6ISgV$h*z;q)4klNbb_ zZ4=c-maX{Wj2!NrPm#d!1uCz@R|a}Kk%F@Zkpktt$`rDtD}i&DO%5RNHfG5(u$zL* zG{b?xV(a*S3Gse?6QconUubSneUmcu2sBhtgr?4YaF*;>8pk!N;S0>j?Y8gg$G75M-=}Nu z^-=uwjq$JVWUs&e7V86OKD{6mKcYKBAN)CuTtmI0^lUxxgMTaW1!87wNI&=pN(wF1S;PZ+u1GnS7{QQv} z5e^UC6$tE8u$OVCY|U7^D|+y}25rqP_hi8Lq5L~?&#|wv@2T+pb@tu66nGnLq#pTU z3fZxaqNiDk>SICF;1>_67Gl3Bte!=pAbXaF*~2F(=fG!Ka;AvBjhsz2J761_Fs}jc z^25DMapP9YCc<-X#?7O931g%6Q2lW=n@3Y2HTwED?Dd)PuV3Eo>mTsf&y9b*j=i29 z|9aD@_Fnh$*S|Uy_c{YJHywH-?)6RWzJ3{h{RzB}2tHODzY-M|EcOV!(Ve}a^u8Q( z9AP;!ObA`~ToXoz3~pNwjB67^C;nRTmUUzob1rG=EJVudzN;fH1hipgYBoocQ(9?8 zX17syq|?;~()q2NOAK-)g)R6;)h)o}MGDrEivJ||SxEP3t5?zaa^*bsv6y}Ml4!B5 zCF40GetjbL^#u<6Y4dMGx>Zj{;Nv$Q2H{Ie0-?kvbfs9d__>~czQ8}%(v3YOqer8Y z0W28U(>J(LxUF(!6?b@q9Rq_`8GLzDYjMZScFB46+PJ;)@!J#k%I4T!sq($D`|W4n zD=);YurYD3Y>DlaD%&d?TkVoEhb8<~&n)?a*0&L@Fn6B^b~WoT{=FA`x4+1~BZkcz z?7I*sr8CfCOEea!Qzp|qr_{wAT)B$%0)9}au;AThGUmy?Ckr?fys-%12(Dx@y<;wX ztzlp1IfJXo*g zP19e`qTP9zSZU9gPPY5@3`Eh#&m05$%;KNS(MX;;mjJb8_hO~zgSatooWC#o2!-qb_H1Ksr_>uSP&p*ufpEIzVSXM)0IEHC@^7fE86#VKy?~r5%@a)HRF) zv9nK{+_8GEK^HD-R#j?EcmrW5jZ3TWk#NA91u_C}rzRYEZj3AAUnIMDCZbSsr6!a( z+gLMR4kA9ej}3{zp#1)5?*wcNwY~wZG*Z!^MfI3`qjcVP7y$U3Bi!q%=tm>9iK+?4`8lQd|PS7#7n4N#-Jcy|)c zU*ZmUc^-VNkahQTj=pbFR^N)lkeb1MrO)l4W2^%uLHuihzed=J>23lujVJ$c;vm40 zdpv_K!DW-ss!Pk_{cogS{CxuDX9iHFpPt7253~F)X!)HnPZSj0w6F4N(a0*bD39qn zVH!T*XT8BZ!Chr?vV8QM^0VZJ3GOX_HceT*p;*5R%QOkk~s z`+kTxRDs1csvu49f5u>KJ-N1q;tUQS;gpLr&T@A6!rq7B`yNwn`L#g>xrlWp8Vx8{ z?ncE#kVOzmA*;q`ksfpxpJEY5O-U10V5k--+Ku(*$Lby7lpo4y<6YV%>RtL|v|h#+ ze)X4`R}snCPl%(9iFS4!BnH@FH3jj zo^T3dzvBq!$8S&4IrTSWq>1|PocjMd2Y%=MFft5?T(4s>OP{nx#(JEF$6_M-X z_;D)EUD$qL_AYSz4@rMGR_M|Jua&FXUwj``7<)Wh}QPu8dE@xH71!$U1`c zfeAzryWstinuT$;C_l^!-4BH>LEi#VKG(kl3O$z>8ZGgDDv=L#c#N88p7ZgU_gi+c zB}dPgkK%-q^RwvE!zFiv#U@;!o1ELd%9HI>%Ul@0*pa;-O&R@b`BC>GI8_6?64Pu# zX}OIc_3gsgn#eh0h0+Ji7u%#3Tg}hH=AZNncjq@$>e0*x(Z0y18QM0(CBKi+&d`#5 zic|W`E>EyHvf=br1#I?xn$khzm#x+tRou~@D_XqAKzIe2^lK=F#!LDqZ6r{Kw`XK2 zl+-rCGsi9MR2twYjm7lh9iZ%D4}?cylB#a0&YK#UwqDP^qlwZLy2ayc^5YbA{V*`F zeYUc&5u3D$wb@Z!9Kyfv>h02}(6S5TIw?(rP7ZG-%om%RPK~Q7&W!};zkN!=#tjAzvuo1{-7AA&(zeI|7MOm^YLQQB?Sp(T_RnH zC*LivWP=c5=xXw090VK#TVp97gql|UzZkp!5A6QPU7A9!a%H|z3&!9LiIt8j7HPy? zt2Df)ZQ$MZWFZ@SkC;>5>D{!67pm5)Z=g-QFm`?tihsn{`57u)NBmz+)c#RL($Xrb zKdz6ffGIPtiYhZ9ec|A-0)HubIBJ~SDBUKn)Rd6LbUS;arNPhCqrF|SKTbWG+@IhVhx=qr zGaAy4Gv6FDw9<^CeKEWUnulJ?iu$v@tQnN#$RE z7@%vOr+{b!&C!Dd2x)q{R-I(gI*{Sb&Vql1Fq=8jk7F?gT&N8AVvutnDy*diwUscG zifaj6rHC&oSZ=tfdoF@?#TM1O+M?o%$wG@sB){&!Jcji2!5YmHIz$uih62P>*u_KK z{3;aZbs&k7JcWQ>JmI()DxNb~^a4pd(i=t{KhQXG@J|;0Ny9&8r{vCo_lBA2xbH}} zRXXz72_&E$Mlj!E{3GI@>G)?Z{0XdL*;ofyC|e;EHH*FOn2QhPnQ)e4ku2eeb1BB} zS)B#lE@9I*r%{t68){`4ke^iMl!{n(;6m@Bq*fd4Dlur>hhaM8D@alCBW_f=GcDfV zoQRzQ+_t|{E>hUb9s%tMhs26@a$FU+bdT947ySv@!pHUO#`IQgtG)pzU0;}Vk^VTx zI%^X*fRWg?V6@}#xu{aBEW>_w%5EJU{b`NJ#7#A!a^5Iy+QHuZ-67nY6Hmlq>l3j} zEgyBHV61zt#QMkU9CtC zFp^oY@CQdmSIQ71xRx-bPm;Pqq>0o+xizDcF1*Lc_Gr0Ev!Ea{TwLT^olcRCW1n1K(t3i~R3@i*zc=Wt%N;17dVR4l4}Y}pFM$P3T3 zW`*MGAQji`@95A+D^jGx%nVTsQgOsVQ6a^4!~==Lh)0?H#ugQ104QzMB4Uui9OB7( zTLU?zgQPTro_E7743$ZflonN@(s7LPNxAA4m9GxApyBu`85Ik-*$o-PZ)V3@gsw?8 zAMvNtF8S8!XqOADWkN9Z2evz>N~%@Omqn+o^;?XZMI#5?QWv-7UBAY7I(c{3~YIvtr}mLvN}y!<^uPW>L^pU@kX z@P<>}>CXMh`x87gOWd6MKk(cxQ=Az@&>xC>q)eoE?%;h72Nv2a19-J%m-cW`DEyyB z8Y3Q|;w zXwc{w_t*qtO}v~lr`(_m926Wo!WN`AHjBE$w!(||Tuw^1E|H;e&-!cg>pYlW*ALg` z7m%vFcMv$^`UZ>_we;TCx%9I9)Y5Y0>3S;Tv7a(-fg}B`Vs+R;K?@BStl%u!Nz4ps~!x*1Y%P zNH-7&qBkc#%5BaLMf&l_xNE{>#K(;wRAxp{sC49mpqVdnZZ1ot?vx%t1r4@Drn24A zAtmj+PSE{w$<;7%U~Z1~pLm$+sj^vTD#x#CP)U7p4P@D(Cv`?-BIX6*#K$?8U3QgODEHJIwQ-4=+ZbUL2D8esl0j>ZnWwSXYNj6WzvZ#WApqRw~xPo`}p#w zB42W%_q8Mtokwl_sD-t0`Q_nvF&&@1(GoXBo^HWLxnVw=I$f$wjmSvKxI8}N0?K%o zPCB4`*{2iRzoZ*zP8p*wqWEDx0Mp9eLYjtl&YxAfw&%}R*VEQ_9~rieamyvzqP_&- ze-E-Xy+K>kZO{9inTRY;H^Z^{V5P&(HtYYev*31i{$ya(AWvz>o*V{bkORlWjc`oF zfLt}o9j`>~Uq0f;!~yqyM90Kos`X)e$#S6c$Z+U&}GG_GldS7ADi85(7A4}6Jw?)N{? zX{|@?Y9%x>vWQFTAj;%8jP> zkLchR^x9*{S=)YwE|SN@b=o)Y84$(95l|h1qcQyN(|@I(V`g%=RNV3gHoYImkL(7U zKXk&z0(P;uuRG`U(M_6d^f~pRF*dc1?hrme2~K{TEid?eoC0<2v&#h*RIG*K*V%sZ zr_uCj`4;ank@RW1xpAHlD90_?VBq%?)2Zw=tZX>Ni!_10qOu!WmAxE(}c~f z5sDF|Rw^(1xr1#~VZPx1FAZZgQ?bHf`Ln}LIX_3*=St~b1v%`3e-rVMLc2?<4x?9I zwyK#}IucDRt3AW{?cc@tBNL=fT3dZ!N#xSP+DlfJpW*WA{TZrGzQ!Q84YcSH@T;MO zEr7sytOt7qawAgQ{!o5fg^J@_p&c&(~3d68mhZWo*S4&S5k~;x@EH~XnlPMcfv2DCArfr)hN^9 z9XCegY$DLTkI@O}l|u$y+%_~fdeGx@rdJKe3zup|`Fvzsj@*eBL@((kN*0^C=1&^e zt4RNFo>MN-^bZ|W>-u2{5pj+#7mWw$I*W&ewMb_>H*4Ugz~sG6^oe|(g}R!A}nk16^$ z)-y(pKKQ=8D?ik9tF{km)7+?9A0J1X=EgYP>ZGV{b)stRG48CJrgP9k8DyrqS;HO{ zbN4M97XurPc+aF(<-#7;)ov-vH;bD!1Y`L5zzB|5Y#UUZL2tGTTMSS2Rm)PGqgG;p zixz3IPwwWy5i|?n${|_0;*jT>^?D3Fb0vnAm2b2pNE;`g)})P|A7IDL2Wi9nfhKL- z=x8HtER0GU^IBg+AXZv20Kkyg+DOw?0>`d=&xm#za^}kLBsrNDv2b+ zVjAYCM6%?YGiaC(r82=FPZJD=x6yGW+_hC+lo+|?roFhO)1^-M{nPRI#qGuKum$r~ ze^ctBkuG`0JQv=G2S+Ttog!kc6!rCE)H;lA(v&K!3)w0$@DVJi;&QSmk;a|KurjC~V3cl+1(;;|;*~HIH>+rIEOFhPG zPP#S?k9ymt^8du`m-7F_Edu|~xn0lyi&&%kp<6!RjTmB6$S7yF8MR5n-O>-veZM;U z9(ND?1;6(_G_t@Soq|SB^ukz{{5Zlb6%}PhL)^vmVCY z{@)Z3ZiLx}k&U#mMPMJBU|CVawCYLW$rQ*7y$Xclu{;qiT`2Jqd{C+HgGbg3_`VT? zlh6k0$Uf*Cv;vRp4k_dk#@4#^JDf!)aKhNO<6pN>aKa(wl5}(!1sN{L6@Nin(TX@V z1x!=CSztPf@Q0c~0F&7D>_qrHvkm~^W?rFas;AZYDQ&HvDgRt@TE!J?M-XjTeRpJP z8?{q9s{F7U#B%u>OJt@^UQx@~1>?Ib&RC!E@T%xodkh!_I_o{_$2Kzh!|C+1LvI%puLnx>72ZXhn<-V zyWhezmozU;o|rC)=@<}1l==WqixgxZj9dVv{nLY>psICLCP7LRd$^u+P-c9*=DR#x z2J4hRhzbCd|+4Kn|Srk9WK2G^k6ViZOda%)#vm zhqNt^gjv&gD(~okthn4%-g;v+x=DXRds`hMbGnKFT;05q&FPiVIW4c|mwya=TwaOO zS97R?q3glVhb%!VUqD~S54H5J~8yr+>Vn_LU9=?xh;X;x}$u#$-5)m^lJ z8a|9x&L=G6FnzSSWFRa*Mj+w2yAiG2)HI(1%siiw70pt)GAsI$>C5?8tB)0y9(%rx zT*X%BP+d2%1#!t{_I> zZC2LY+@Kc2n5i`3S29;JM-_Z!ZnusaQSQBh?pg=`GapGhaFXi?wrpBi3^yjn-^MH7XUwKR`# zul3g%m`xk*->WawW4x2mnU3ru&_G?JC*o`BPl~b|K0b9xjqcn=!JkAT+-cW9kfc6E z2g+9VMqONZ_H1$hlljcwqX|NKcQoiDA7?PSnxDbC3Mvhm?luffL=?uhev~t3F1o_ z`l?S8CoY71iq12ego*UX^;%;XF|5k%5j)G3M?R3Uj*j@lT+%HW!|Y7!k8%32)8wfN z2o%Lrd&4lhL&}ro4QiBMI)EuGCTFd~O8QNBDM#~&`RXD_)j*iJ^oYQ#V&ibCPr^7n zdTneRkW``g#A$6Ts5i962a*unWfg8YgKd6wiZ_$j{?e>y?Yy0+M~l^uyGuKPLI1*j zYoln;>y*cabkd0fcgC!!Kc}pr;A*N7+VqUDOTeb~#9N$blS#KJoe+0Vhzq8W;vCs&&l; zxJe&^60jf~x?2g|jVMB|R{7aCsHCmf;P5@f1}_<%Mf19|YR!bNG_^7I9_1l)TY5<- zZq&!=r5Ebs@6cTGhe)YyJJV=fKr;tUE7$0mBrL2!XM!+U(6Qng#)6C-D80*)EXnd`nUgYdHEY>&3rK_jGRNkJ9UUnjk7S00|WjUe)J=&F@2Aozg zg~z+O8j6X%AGau$Q%N~=RYM&Wv7zQ`v?wRhYP}Se<>%+~Q})-2ZhM0oxd5gEn@I6v z#@|PSy+8vTnH`8sUWOa=HRdYMRoaPuLZV~BK~FAMO=jbdi?w?D6N8}8mO#O$Q3_l# z%@}3Twgwd$!zFANcth{);jhw5^h2=FW(6V&^Jdh3)iZlSwn}l)oh3eIdwBA0jE9O& zHB;-H(kCFaUOJ_>PMI+VeNK`|jf?a8djnIVLFcxNN2pB zFbmu#`cL%T#@+b;fYi|4gm*6;Q>`<4G1vW}XkHGzI0Basb1?cBlxwRnjz(R&=nomh zJUnOI+dI61xeYF0b=-!Bd(5_x`Scyr^qc!c{eBVg5?s<7oXttZ(Yz+KBoCT?oD7|6p4dokKO09T!So-U=2R=4MJiG! zlpLkTRJf$0XhfX7R+OqlJ#e|E1;<%OY{Ea#p=D@6mfPrsgWoTayeK_RzuI>rL+~hQ zf^<(E%E5QhA;N{A3E!WG4czHQ1Z~8{((aZoMMJP)YA=v(ObEo^ABYS0p%dvZVsLD- zm`9_09^y>iM*XE)ABVEG5z@mE9%En{f}p`(1M*B$>+#^@u$eWWV4o}Zm^a@g{TR85 z%7~b@aa@qKxA8O2WudqRkVb0;Uqd>)Ey6*#X7=2Y7I81K2Q z(%5In!ufYr*!y(QIpmTm!lydASzn~nDKBDU~0Kzphu$C?!Xaz7NMA7+FL>QQC)7y53Ov=>%k7Ts33hrxQzu2wdQ zJmyV+@Z>GU`#o2qJQM7^b6jt{247|Ett0DpdlYZpfSB$nV@Gy3c&~)tSDW?j;1oT) znd0;}!`$EJ{nEBQh2~33if5=xzb}#k1uldFv-d+8=m`O(Qc*%_3Y1}$TvNr2o=2V8dbL#~&xHAJ z6H1f)O(~vwe^a_A5(s%CAYs>#vh{1*COoJs3p}K91?Ekj+gOQ+EHodtfnn%ilZC<; zdD-MJ(b7GPn5rWSRXE2$@M%x!+@AcB5TghYBq>hxr!e}z+@c-!*V7*QXpbxnJO)N+ zD1%#d`YUFML6a|oqcC7F8KpOOQ+A<3_^8tV$0o*753p(V&uGCfn6cndJ-G7YAma$a zH4Q@7d0Ap*K5JZMe!k9(oPQpIqo(m^>9n}~zx$wiTU_;zSo_4hq_O%}erQq|_UAG& zxC|!TAEJK;Z2zWiw{SF+&F97|98S)rs3=*g^(A;NbiF)^)FYefW@}-pR#MufV&zx{ zOxPJO+Vy_>okgnvz*?g7Va4zpRsg?r_=C>D4_Du0)zeHp&x4di?So&6%A5g8oShIBQ;OMB)?Htk-kDKQVPEL2q*QD7tbtlzNt!gc^ zvc2hZr##+V(SeOZuAXVVxcaCvU(_tByO#JmG94Lw_+Iaos?#+)<&|hs+TcUE%Hon2 z5v|@uRCR=O?eV1cP9W9BNoDwaoZeF18R_lX9=*slVLD)@$Q(3$Tbx+szkZ0Xa&LE5 z<(##wKF@?R)b(n2R#$DTE>B;mXBa;k1NV;=6Wl(_fz9XQ2OwZk+x=gV%y>z#qxbfZ?nGt?2)4NRsa3zhmE^*#+GPBrlrf z)`Aa04M27YC;PGlvajogWM@=3vK!*@p5%-S)bwYowS{LMa4{cufYJ6=$PeSF4DB*-m{3xWlY;79;b!!DtoM z;O!sYg{tZ724#j;`hu6R^mRL^X|IzPB*n3OBi+-{U-z9&qF>O~Gy}VV9#(wNbDc)U zls4#HS3tELd9`z)+Q<;df035IZ=3uAp3DH@mEJ7>3nI*$ zKG_FxP6qBgrK*vxMClXvAfm=NLRQdN&tKagwDKp^*0WQdIg6~k;?}Y&IO2{vzLs6M zo2?c=Pz+}509wwre%%;o=4OGfU#EOShS?==BaH~0_IiZBCS7vukx)#wha7Q2roM-| zcXjR)SNAyr=iLeW#Txb^L4zc)L89T?E{ukKtb4F|z_%y@&y66esqy;Gqs$h}4T9Tu zz!v1I(gXX2N0Wt8H;Q8^f&Cs+Lz&+5r6}Kq- zhc*=P-hc8$m$dq7*d-!Aww9M~J{^^p;kPKSm__qlC$GT#Qknmd-d|@Zs}oYH{%Sv= zTd^gx$l#|lv4qd?3eF|3;G_A>xACJH>Wrf~x-wgh?uT$17(1_>j$GF{x*skF>FGJ2 zj%#2xwl{F8sqq7MEvp75O#=U?`ZCWvcKtd>=g&+tX&^-Z^65HHZyd(7%JJ#B@wS7u zclAmZ34&xuuwI|Azb&&Sp(}Wd?tq9m;S|f{%~nWx?a0S`?~_-=nAb4Ras;-J7f|@( zh1B!op{KPy@RI+=?}5`&aqbSUh;RR8_~J;Bmd~Vgj0Y9B`3*>o_BRW`(p8kj>A0bp zm4`h>D0Nuu(qP9~?Ga(8zHJuWi@!^EXFF)gC$941Z{p|08=Yv!-Z`h8{d(RR*ZYD_ z(ebip5Y2Yz-K^q+-t&ROuEib0)792cvMGsd%PR9TtW0(rqGNvgN89khYhW)p17nM= zpMED2&zo1bz6aD+#Amv8R>Xq`<6HhtM{Py?#d-*Ij9U*bxs+nd5`!*&pq&+w*J6&Y zh-TF~zGGA*YTdsVMHfWtE^bn-0E|Tr2vM}1O{5)t+H~yULKd9SiJQnK%Q@`eTbYGh z=uS8XIj+y5rs!4cl__xWi=H5_C!+*!ttjoFxk;zPVCNB6^wx=+@w)s9S_+}){ee&_ zI4jFZ<4Jb>PXEayVTGUk7McfmmqLcgdPi_d4IHr#*nBM=7o4Z%e|LaA_>b*2|EU3s zX1auze_nVkW;S4E_!6efJ!6?|LGO0|=>dx_6@{0NEgWnYO0VuzV+$QNLS|Rz8k_Hs z;4trl{HKT*RD3y#tC>NFTmPLiI9=~pWrk(!)_*Pp#zH1EFdMjoxuw>Lm5zGulG^mb zN`#M{1gu3u)*?%!pZ1?HF6b}q_8+!*dI=jWMaPCNqe!Ru2AjWr=p0*0jZpjtT8WgU z3&rD5S6XWJhlhGQ3#FpoA717)!WTp10gM0%g+Vv<#Y`K_MMtqDp|sH8KQ?qu%5EWG z=Ej0BXy;_&pjBcJ_&lUbDCwbR8Y$aW4wb8*Kj^in79v0?UotGQHK|4s5a9L-JL55}f-_A%*0#3iGZ)$wE;RjZ0@J z6~;bH^@$h2*2b%1^*`N#O#SLa*$pr0v#Z1W5`X_ytez#5!L;Kl)S(@XEP?MEc+yOk z^ad5z9GMyIfsILQoDKK(M@6E(9HxgDbl0H~e8F#xDnby~2dcg4EQCeSdh-jt(DblQ z*_qd(qHl7&Q0yWjdFzBYVt+I7H6~TTGM@gI`k(gJvz#qf8rTG-%cqT29e1pJ9}R(g zV{}6Co6Mw$Oi!ok+L_ph8VqF5AK9Bgu{z+~3J&i8D=4Fb&3`h}(-Hpm69WBdOqbS* zY6U6*4@QP*_UFOz`U0Ueb;zpJQ7~#sg?*G>XHzTb90mKlE4N8lu?*gZOvW+xoI0WS zF1!qCy1~;OX+_Iehjc1(2`>*`rJVlIxBjM)LdgQGcvD|?A#a40Ugnlg3I6Lz_r6qd z1s55dMW^vjP4LgsLTF0mIH88q{VVBvUAad|-;2%NOl=m%?gn1y%&icLbMXSQH?QC6 zKizi|*H<5<JnN!7|>-$_!!|8S})9Hk%sTjpb(I#(ZaAo z%Ju!}w^NT{m-V@u+bSzy@Jq?_uY%Jg}*MuN$swSOvB-zHIs$6G5QK1z?Z|Q zwBor=U(Xi}MsW-8W6S30LT=Ghkd(#dR+x3VsYpx7!W2@s+q9m?gSJyDYa5TE3h|X| zoI*hjnwy#OSQ+6{w7yz6#z^M#`~2L9hmrxJzaj~z zt0+%x3QuD3xJFLq{7=svM%(2C?Z`?PcUG!IjXdn-OF>4ub(ZFv<*ZC*aT2Rp9MT`t z*`y1OGl-ks`WO38Y&-C`u+e`Qqi>Jb+sYIpY{VHk^z!B*n-{H(rZ)T?Q0DF z!&k6h!0*e9PJhKI(O;PaRT>sOgM!dq?N$WodT$T*qQ3Z`CvVlYhR9HciajAp1>P5= zl=EDi4*2yLR1NP4tFEOwBOT$dA%fshNfofYOU4XwAZ$4ToiomKKF4@hg&@yXIE>I2 z+4;pFNxnjHZOR-<@ON`9TH=Ce!edj(L6IJ=K4~D_@%*;NBOQr>VRQAA>qw9a$Hp-uOdO0-1j$%hJ z)q!Owi&0TVMoChoo8sf)KH8$JO{dUWDn{GRtrH#(nX5dx(3M6gUPW;kxZyXw>FlU{ z-aCmn=*Rfm4}0CZ)}sb;wbYDV5JFQP>s#Hk(DcC;EYbN?HP2L}stev43oKI!_hIC$ z1D-;)G~4m0%3kwy&tmbv?XZ#kv)l}_n3rzzk&C{S+9!$*dq6pG0mVfwu4LWxL_*?6 zJn8HRP6_mh8`35kQXw#$0{2}O9*7n}MW>sn$X=Y{E=ch- zt-uaZif<>1&75LyAB|!ROax-1QMm)Fg8tZiJ|_JU&R3)7&9?aX7m`A4pRx-wi@D>> z-V4Z32Zvqh+KW2$(NH9nqQ=40iWss(LTRWq*nQjh;>>n|ZcSm!_>7KQx6X6PcP$oW z0<#t6b$H@bx_57YNmNPK{68xl;1^W6uFSzB%wzD-;qVFzK^ZG`cY(I@ju6Fw|}czGVz;;>X`JXzvO)wDq`z+Gz`5BGr(RB2lSt!^mI_I%X?5s zPmJf6gI7Sls0Do6{h)2U=b>5{4s^&?nIV*aJKjp0gyNSN9;Iir=0JF9oaX>jMkmB& z*ptoUGLXk$tHf>pU1LrXtRK*S|bV=Sddj@#*X-VOmtKsOlCqZQV>x zWe+~ljkGPQ^}1&0j7t9#u^dl~e(LfSsiVq#HH?`-kc!Lbf(2B*5S4q}eM$lE#3YWfSj9N!- zs!ezs#G(F#;-3k`r6>ws@UG_didb08ChcYPdM!6_FV{Eq@vlFvPkg<*=HcgxnzVI5 zleRoPf4yTu?I&BkzC(Nc`{?T*;_IJluO}tEe!SJ|A8D_D6Mg+1eEk#c^~DLV-_fe= z*;?DDMBCmU+g_lxoe;gFufL~DeBG_R{-jQO9mDB{ALLf|qcvC8OU0n++abL{rrPb2 zs_}MQ+HaRCDbmv(W#ALY`Y>`g%x5jE@MX@{LEkf=kc~s|oK#Jr)5~4br*>(Fvb!t3 zUh8D)FuBOs8SRo!5(W`|w@WlhMD%FJWnrKNP{5bP61FS~*s>_dVo>BoaqHrxv1sis z;W_|54(Fc+oTMwYbrBxJ{Sh*>)}9Y*bkks5qg7E_75n43OpjF(Erhevp}qH>Y5iVm z{ClKM*{f^ky>nZ?_xWS=-v6N0tP1w+37zI{v*HE*(DxD^15QP*Y*Y7p7q_Z=`eSi4 z>k|uXpB^o)DlH^B4snmDE9ekys=fG3ljoOpag!%(Y3=SGx8E~k88`vLzr_|2W0nOc z!zSi#a=}i@K~RF7BXD9;9vgxCucwQ@X^J@=Stk&Bk$`?MNixHVD6dxfXjY8mid}*~2GatGLgGLATF-SOktAh~O zK^#wn*&@|y4fzj^14nT7zevBP%_SE=)B?+sEH-j0b>)_^L9(8a(?qSG3ffpj40Fn6^1{u89vV5MRS$jr zNP|kHM9elHxwII>qMgH{FnI0Rw@hniE)r@3wLc%)KM!Z5XSqhyy=|t^E!s4?9t6hq zB%JIcC31x_7ad*`r{QH}hq83_~Y`*2Q95gg_1M1-4)KBV{_yMGzA0{7zuJ8d888_2g+?|CUw zdRBWhCWpG^`4(I5W7q}WyOF`*SWeT%!rf*dMmafqzr-$;IiyPID`d5{60^=8!;1=< ze6;D12_*E|&1)M}j1uXiC1-F*D>L-*j-qVdozcEql((|0x220+vKNj>w^_&lL0(|C zjrt&i4Ieg|2GqAC6(r~0997|Ba{CRuL;Bk0WN*(+BNuvZvR!K4e3Qq!&~|BIQp#?j zn6SF#hccop>08=+$}BFNX>Ms31|CE&)hahkx6iyys#HdmA$rJr+z!F52`F}vp=-o? z?Gg~Vsn-Ug*=LSDYW8VIvrp)+a@r^vw#HHAk~KJ=BRB9Bf6#NKRjv#oKm`x7k7Mz^G&63_s~CqMxcH1*Hw9rN}EmU{f529=Dvhqbawo!TBo$(MGa)R~Hw)j|o2C1$!htB-EN?Cz^X zefb#muuy92?61??)fWa984``KJMwFziIjQ<)q&)AgSsC*i_TRpkuvl6Qg<$-S{;rlG+j5USZE$uaj*S zyX@@Fpe!8gHBR&ZlpL9<(Nb0xHjwp=o*>oO3Ynh?Sw{0LWr~5NV#;Yu>Bm!Ik5jSC zPEeZ#eiXuw%__TySCpQOahBRMcF20@-p+9i&5z3+seuP~X2!k#CcGZmel~qk)Vj-3 z=`gajz=Gp0(V)#2&clm`zlBEY$gYml*SiLZ7FUv(#&DUu^+4Pc1EV2Go_i3{y&Oi4 zBJz7O`4F#4!E8F$md50nCNg>LhN1$G}4_90ddAfxH!b39KE2y2RWJA zL+8EFDL;%v5hOYc$RH|tkdDKoc8+&{+uAOKBtfoeuz&2*Dak=d zw4MuE-KVr3A3Ad|PJatSG?b2^Py{nfsbAHgMkc}B80H)`K8H1y?mp~7L0uf_Lg041 z(#$~5OsC$R269P4>O@G5`FkGm_9stFj~F#NQGR3qf5qx4kfr2XjgdJv|H&y{YjiSr zMnIF0;QkR{qSnVUX-X;2T>uo0w6PPEo@Ma}(MfCqN+RcDL?w9@>bK!%Ls_~v#b2E+ z(E~f2U(W8pa@O?&Qjh;NthzCFKXMSHdpgf~&jTK-xD1Gt>*<2ueXpDG`!~`Km{_Rk zg&$)%+lGNY9Y4@V^@#}U1Wgpvwev| zgoIUV$q$+6sqIaT%%x_b;nIz<;2Kx84X%-|v60I~j%dvl&4<`Ll>7EZglt$c%FQb= z4q#oY`3zIyA0)`aDepF?{wr)=Z3gNG4rnb_p6E}_4W#2N9Z$XZNIZ}s`W3-zHvvH$ zAM=6>HJ0U+$`mC4;tsYaaw8ttuO*B8{|WGLpJ;K)GZimUcMsy#u24_k#NQvCT|%M;`n;@kKzspy0#ac_`XnM1-r-}^Q^ zL0sD~DJcASSzz$=cFM*KVtU&8UeFOk%T+SPPpjx>iSe;=xEty){4q%DHQ1BowcHh6 z+vx}Pi+0sfKMobJ@j$iKHo;le%7Az3v_vc06s6_K7F7cn8?lz~IL4u4(dMCe1#rvZ zOf71r_xp&Irz1x6QQD zd!&CNJ_WA(CN#)+@dC!>{y`!_Y6coZi1Jb$%6wmZW=1zx?T9*}%@MV~GYafXp{q~> zf($9AFKP;#mCuXNRpeJ;RaYYE0N$$2O2-M4MB>6W>P{Xf#=kyZ(RM8v_^fVqo)}Ak z2slT&OhsU8jMvjBvuixja)fx(XT&MiL-^`tP7vIHc{OAIW zM$fe9KIvkHM%Zb0_Q6i`Zj9t)hqT_A(MCfwkyE;?04OO*=Nh78$~GUJIWM+LVdWf; z8E>95S*lx7kd^-01FLt`SL!J2E%{ZSbpvjFmnx@-@-kXm1C_d^W*vg*%xR5(gUrb^ z;bNTce}0>(g_n<859x^iLg}Bg^mJ`Ka7V&%{9;VZGUERZWoO&PH4!dIU4d9NdHS@!G=U+!DBIG!C08`$!XH~ zbpP^U=^ITH*|^rf+@cc#Ot)!z{UYtmpGtgY@_#`p{wQh#9MCc2(~UZ=)ptrAY|@R$ zMDMyN5o^l&-%MJx4l&qy{t%8bHP6DNmT76odhPPK^w{`0(Nv%?%`WAqbD&u7FHXs6 zMoAH8P4|nkn928+Z!$qVyv;%}S*7t%ER9F&&`oFHXFEtlbk|cXHpu~v_N~>L_aXDm zg$?qibVv5Dkr9b_NaHvjQuHOh3BVpe!AjI!&fHxK7droOJjbQ~QOy0;^NY6Ke8Ge> zSST&3wdG(YN`~ar@}^cS@P`g=SU}EbHTf30)rS|V58~u7oimX4z$W zSW%3H)@WhICaU#vpdhZ6`<|j&2FKTuo>Q6pM4FwRO{ns&l1KH@EHSF(MmnVR_bwa(8M$XDRyquASqqB zWy>$g-tXL~0aC()2l@^go8CUiAFEnlj_1cLM8$_4;hjFcb&>o39t!FIJqmc`H}vTp z#kN1HT#TW05ZDEUuqcM_xHR8J46&Q!?ZZ_OSC^yxG|J>|U8No`LM2-oas-F2lI~M| zlQQ(}Na(Gw3=~5GR=!jE1hp)_ykBNeplMO=eQ*W^nr7bfLw?685#S+{#FPUXOBNeX zAWI&oTHpFD^DiTu{*f5r^y^rJ(-Rco^be=BhH#Cf5(4E4&IImQGR(l%3&k!zkB8jENN-SAZyrcKq31K)AK2xh3}jdwpit1duy=1_ z(g8FS4xc8rFd_$*n@#;v)=4W}gbenjoQ8kQVsIVBA}44bWy-gw(3;NMo8}*x43sG+ zyTEztBLiK&vRK?`^8;s@scD#rneEY^X{mKpg}N5$vCc^7A#xbi3ga91**)p=4Y~9T|nBDEY#=3cD1z z8j6_XK%>S`zPWxhOvhmqc|Dj<;ArcRmBD*rM~swI$SjLIy&cl$O7<~>&LJJ)M2@R*eYB(bxN6V+ z-X+uY7bv!v9bq4jAR8rDIbf>H+=R;qn+IU0@BZDuT=5+1vEEc?aGV~0*eW_8c-%(H zPrPwc56r*hF*KJIRv$dAstKKU)34FaBZt(@Wc%b^4{zgk&#X$6JwMV|7XM_>_UUjz zv#R=D{|FlXooc=Rmos$rm0!iW`r95_PuQdbN>eiKfrA-T61F~E--IfQzz1=(lcoN) zbx8ZNKAdg?(f#Hxaf5DQGmn^~Ol#XA)v4AIzhu%)(twx_-7}!gXmtb5fwtYZG4hn( z!^c&EHw4bR3T-?soIsgaRf15VC+13DH!quG^r_aqROjMFHWsWWyBfDa1FQmnU1QK# z1;SP#>DP}CGstYBK$8{}HZz}WP7>Bq!tfr- zS^qO$CY6v(f|i=P@Dq&~A7Js3vmX!MqIJKa!KPNgp{E5(k)K757;!qFe{55!9bQE~U^I?GgN1Rf%0{*uL#z1-i<`tS;&jfbd;JH>Cj!kjH@i+-G z4@X}8o5E`v6JFCPM!GvgA3o544gEbFKNl0_gB_ofd{AnQm&WckwVsJ{pdf^?#9g5Z zFH~MRkznG-@4K_&ESKz3MRv#@T=_{YI=VC&7ToMV-N`cp_Y=1k@!Kx8HZQ$I3_4z5 z)QQrkc6OL{!SIY{X|u)PpG0NRDrx~ zdH)gx>p4?XEL6|S3e|IsR?noUEZkckqTHZgApo8v1MygiM_(ps2>8kK&)mtNEv%xxOc>slLPK^7^F2`gWho>zmK&OXu}v{cr0V z$m(05)z>qzzU#F5^sK%tU3;KgXTmD5Rp!rP(dP1R@z=GWb$9+PPXA&H$RtigcA}t2 zP8cadi(A^{lH7H^yzY~LhkGtkt;X-peoVhE>JO54z)cz$+KnYWiF{n{7hjA?s4fZ`R*(ylE}YLqXX;$BMrBg;M@kamHz$;Qu5jL{9cYl0*=GiPj(^HOcXXg z-=YzfQpx6jckb=cT#*SAMP>TS7~Xg?5|#$-O0&t+phaSuR2bC-*W=A5B*p5(Hf~@w zWzi2*1LlfG?+-3{S)sgax-U;~;YL10S_;Rgyb}|((Vg<&HlsT@I=TZ@>%MQ!K4mih z&IFL5Qpv4I=!K3qUy565LTgFSHw`Mb7c~WA6ZnS%{w;+C=7?KhVd}uDUDSbHyK(r@ zjk{1|a|+#+s_fF78?bL2fg_$N&_OPFX&p^I=*$e>H=gscUw*~=7hhh>1k|h+r^4AV z{9n8~lsX!ZAiHVH zBHIU_E*hx^I-^cxVLHF&c<x zES>)qb>jaU)N#M3LT=aB)?bmfqu_&C`DDlEB6(%SboT2;_G=dXvi9zdn4Wl}rR;h> z8FhEPU2=(-&j9dxL5`H}%(lAW#Bnu(STj7*YIjIGpQn8dX&du6m`@w|CWe3I7)Ft5 z*OfbpYdk$&5>Y6v7?zL01k;neeP@KfqyD{;LPYctWdj;kyJTy9d8Q5{G_e!!j4-+m zY{avYW-lDqeke-kaWX-Q_kyyqk{WlhOJ1opt}8U);%@8|(Gweo;Bij=zzh$x{jPPJ zV(l@#C}ioReRiqbC7axg#JX6zv=6eZ6et|TP)ubZAQHzaj!OBFjC?egT!|fG%dN3V z`y4_6oI>_H2JUu9J6!tJn9VV8k6n6aB~jZ<1ci z$)}(j`8<@5bbtXA-u!Gb>}k7XO3A|{ILg`lrwqa)+(CAX>^4dW$}`PO?ikPFxfL@G zEaQ_c8uP#*HMtQw!W$w1J3x3u{#_<0uY*wXGW?o2+xU));*det>V?1>X1uWZC?3K~ zpTutVE)u0})Ktfx5{)bLo`FJ!-~ggT8@`x;_75oCckxl<9UR6O!}I`%4pe(n!z;;o zBpt+n{-uBFJgL}hZwKC`XS4zMEB^F0ZY@#%w2l2j{sa=n zQlYnQGooABHW8C5e7apGb&J3l(UeBcq>M2pbuUjF(RcS?i zCCJUa@XDE;5`t6bxurUch5Zqd%))>Q#iUS>Drt?2gWS4=RgOx9dN&?K)_%km`AVi` z4NgAoZ#FEr)aF-VT{E{js#p=Q@Jc_?%>t>+W5c(JPC)iDdO~bRP0}=|-b+x97>>4! zStuV;;z(uN`TQUo zy=qT4oOkZ>WD0GRe>(v!)%cU`CeH zzw?DTm3Gq$7sIk04nHeivTZs|#`I;PNl)f)s+foIPTfKQa4ze(jwo!J*xi=$#U~x< z(+fpT3SOM<^zSmvDX6rk8!k?t6dVq}D~wQ2nr#!_Te=4x67{vB2}A!R6nZM9H`i%l zVLo1HIu+{4q7t*9#0kM0vW&J(EvzUY(WS2wO{UhRy_ceqh`Zh;pO9OLvi~cC4htG) z(4lJl=@d;@rPS5)O(k-P#`-g26JX@V%s91Q{OGeK-Zm)#|8hrbc@vHu9p%D#*`ZNW z=J{(>f0Z8dwCmewmmEequslfeKJ2)AT)`zUB)__X1J3)Pmo8$Bo+s5^PX8&3Q2ab~ zq9T^n8G)k=z^y|bZgw#^(*xM8)nCH!=QepiCZCHkp){$OT@!f=(9}`GdkP^QTe?js z?cSweq_Lm(S)tV4NiSmfhLFeX%!R465Ah+J#ew^r`Y+M2u4AMR!D>`{&W(E?U+*gf zu7hDh6rypdWSYEzE;fISbYttC(Vxs&fZ49-s{ ze<%bNv*+e#d9%nLk;nYG!NB<74;p|yDlZibFcw+pkSg35U0Zuv$L#HABK{Fbw+^Y^ z`vGjG3f&gQ70TXIrmzTsfd`p6o8lZ;d2ercm<$Xu^{rKf@o*&!hE2H)f?SOd$` z$@pE`0Z0A>|Afm$bR(BdcNoyVvipYw_kju_uFy11F>nP?(+8*kx(oxu1sc4&q*{X2 zi97$chqo2qpUkD-DW@TH>Ols^;gmjZuw}u1Qy8Ec_k9-F245pkzjdS7XzLGxf7_9D%G zUA~H5x=b8c?(GY`Fj0@N5?xg5vG>V{+lHD6u7inKaXwE8okS8gvsd?fbKNq=Fgiz% z>Yr-Wx~c7pko<>^t686VAJwdc|0YG_SG4KTcI;JM(q0Gl+g=f;CosJ`G+>&W+5po` z_UCmqfsD3n9BNg#i$jn2`H+O(^VGY4atlIOzorqLVi-2%Xz;!B9Mrpg?d1CI?CcPY zkWNgpSKg8*jmWZQG^&q52@h3OHGSfrwn#sWAon3A>9%avXc z;NgTx$nKC$d(=!V_AK2mEPOAMDG?uIL0s+9;w-YM&rgh70%cMx6#TiT;EvjX%+@tpngevAi6;8y->G7U6Ldi}Jl*4FY?k!`}2=&Yd%V|BR3fK)=NrJ%x?%{;Z^&1a#^*G}`6xZiEt5~6C) z$7l5)V6q}@h_EURLIBZp+_>hxL{D#+Ve@SMCcWn}8yPFDB>T+A6!=)LccX|uK~FbC z8|gxsyY)eW_oDE1s3l?=0!PzEG~D3Ml2AY$-J!$lBWTc#9T2XOgCUaonr1&XH>xBTFPX@Q{NzuQJ z%)f*{C8Eh?@5fFH>>-e~D`-Nr(gO#r*O@hc0VVVktS!<+eTml*EYP*=V_@s(6l4(s z=W--apO_U5`f*X42B-P+cI&Xgc&x2WW@q|$yELjk0_U*MHJH3*t${fb&2*gf3dLVhE~;A0t@ZqL)~b_P)#c$A88+-k9au{j zMJs);5_%7K;3NP;z{HqD-e1<_RI)RmH zap86o>{DWWH56a17URPaeZtsE^hV3w<4tG8M25%b_n+wN6binDbP5f3v8r9#s@AHv zIjhF3AhH{?Zb0G@3|Bf3N6n(!I3<_NS$mfHh2q~4x2I2H|HSGSia%w@tZ$r-(O~B^ z1U9j>;^s^y%nW*)W5Q*%wLfkf2bjr#H6n#mD};0MbXU-gpBr7lr6HHJv<`1l26{uV zQfoLkbFJ>2CAtbYS!1Y~-6vEAJRMT1H=Iy?OBKXFu0x|5Q$50{A=iHVt<3mPSj4fz zqxBpkPAL99?n1ATRT9!^cBH%MFzA#{x4QpB=bTk|0k)a-SF`F#&E7ALS~VAMDIYCI z#dvX*Pcz+mjacFXQFAp|X!TB%Pg?#(i=hu0to<{t_Q;?FdD0zn!%+5c=~veQ&xmwQ zoX;q7NJlpt8Nk0X_#omFIzr;W9iA~xeMOjoZJU;!L_>tmx8?Q1_|N~!Bm`w>b^x8T z*iM$I)xV7(8#-h+L<~{|-UBr9Ar|31sh$MXSfJTf^3)mP8KCio>Xu*h@mR^lQ`tVq z@g;=+9COM=tH=tuh=(3fjlFf7J8Gc^K7KQkVmt7716-1z$(H!J6WL&RaO3^8tjn$lZZEfoZ}C>|R(};Wzm5zK?X~WlpIi zjRgAVvxvrC!_hmGNiZ#V-bt@Q38o8Vz_wHvd+IPu+?gUFw86V%yp(W`R_tG%|kd`iADE znbsyCxq~uVe|tTX#}g+YG*LYq#YAf@UriIG9~`ndI{)F^O5Qlm-2IE(cB#rPl=jlw zrEiOV#L4VE&!PW1nm*VeSscu{a!Fn#;!5BTQj1IWDlYvoL^aoc%Yq0fKkmYrlkAihnJbLLbj%@hMm+*C z7f-`F)Q=gwp|CHN8V!XcDiJO=*!*Di&r1AT`=_EmQ!d&UW+)kV!@-5WqO zMzu2b;>Q%8y4GKJMOmGhO0cEu!cllUjG}G=KSL6pqNTYAVVYdhjCu|c8k}Ts$}`ho zl?o*?t>J4dZm9-DHc#(4F?{thSbxskYQ$GR06W=%NH1D{=hDG}La)NpDii|f{0k?5 z+|ST%%2d|K7vii}`9d7P!jm~A=&6|&h7!%Y$`u@^hf~84c;79JH&@uR_0Z&T!HX|& z=6)fRd`;@lgV+eSyeLf!8vBT92!u1Cq=wkXWDDP;Tlt4NX}@;nh87%m=hnN0g8E1= zI{2I$7cZg!j*JytKLn$gyBF9YVhGEoQw@YpgcdAPNVPup3S)vZp$TqjktO`=DPZ^7 zth9J9i<^PSqGiORBi=PqvY(@<@N408CJ~EZY_A{H?w>G~8GQ zYounfoVw2yv~JX+jLbkEcc8d4;cL_s9J5Ka_El6LvHLdnRq^LfW}CtT3VCi%4A!{c z+bb^O(=9J$YO%HA<27cSAztH%monqy3B|=qd!4`%;$x+)YZG7yYVVsAA8+c%7c*I` zwAS&qZfG~&7LoAYiuOTmzc!&8o>AHn*=v{GMh9x41IegYEy1w}imJc4pHMQ#NERqV zzJ-H5eXW5-k89eKH6hU4Ve@Ma_Sp z7sr})K%#Hk3g8(A8-}|f2k=s>N=EpL(QO7##i#Y`B=_&y<7)U_!ZB~w6J%YU8Han( zbiDCsC*TSS(l(*A0~%`hn>u>B`y|@`@dnZ{7CI$Uvd$+&x^iXK=V4}DzhlK{XMeqwiR%MA% z6I5oG;5AK9)Jx=NHmU@*2SU(eB$uQR&FIuJ!c2}0#*|bj`Lk2el7-Thu8yd7X`U^V z979H0JsQpN%MNwjsH&$_TmO}K)ss?XljuwMAnwFP&EL>eaV61@A8CXAE(r$(OEWC! zVry85z5yT}j7ZYzw{66X;Rw{e#mw-p7sGo!h??d}&@NAB`0_KAW-+qh-~&;f<{ntR z(cQ#pZYVPdfwzqWHR?^#tPsCva0+;ZK3ZTiVHM=rg14^W_fJwCUs2Jwk<-@X=@?W( zD7C>MyKHp2=Xm!1H@@?v3Z?e0@TB~W@4SC1-3}dRKvt8I$-5rpIGqEp>>f`dof69D zK~onUDXT7fsuxNkA^2ysKu)t`q_L|IcmUh4hTs8K1aEu44$q8r)yA=;izp=b0(+G! zXu3k}#XC&7^i|Y03xR$owe?_IpBzRx0~*spjagvQx>xzIBOL`Q5f~v@grnK2UZ9bSDRe%W4*>+{VM@e9!i8)x{j6V#PeR6D~^ z*AS^bhcjFF-V+oIkd*_2aZj_VhA%xqx|NpG(Q4DMT8dcH<3y}+U6uT1+(JvpS!y;- zY?th+YC_z*SihYA%1Jfc`23`vwD@6KR>Se*5E14 z!kYYa3(Q5FAu#DnR>Kd*Rdk3=X6ik>7ltAqaWY!(%P+I>c%&spvRMf>VT;3)qYsrq zP%V*J)508YYHYq`hJHc-!MuP!8zS2=a7p+b;1V+R z0s3jJ)ANuO=e5x7< z;un|(6r?Fd$F@<5X8ZGwM^G}#;+re<`PL@vMI*2R>){h@qK(|wh*M%Tn;9d>bIV;9 z4Qzh>oeiqA1N-4TNCHONtTEcoXrjh>Er>&DQRc1u1PeXflS(rAvuS2Nb0RusDKDOc z5}~cDe$3S2aV4bZVHh)?%mn_|sH$x1AY;<~zGeezg&sHS<2DOd87?zVtk4f$U=!ix z#@IwSCyds~82`D2HFfenm<4!k6P|>QR3V85309+#KGx7w)0atW_?-K$ndTgFIyV#% z9!N%9?z-^5n-JG#sRF6qI-$5PNs-&hX2sjl<{L9q2w2&5(JSQbwT8KVjemm1b3MbB z@C??*E~CxZodZ;NXH+A%y6}B;WHVhug{_{|6$@*5oUFOO564yTBR-Q>Vg}j^3iOFH zXZ4@a2_qCwz-iQG(;p5`{dpgSQ7gMTvjO>*HhFvv(aG~_Gwab)dmGiTo(ke~cJ|}Z zIjfCBr*QEJjL>p4>}{kuanDei6Kfiy!*~2SJ|{d!XifxvIYni%W(kk~Px|efrf9$Y z_Ad3?1xMogt^6_Sx3`qIetYM!_m%95?G&maiEL(&h(^gwAls?AJS1m>~QEb+ntnysUc@7N| z;S@(8^8P&MPspqK!m>;Iljd0s?!tf2OmQCXrBfdM7!Pjs6+SG~m>mk=io!+E$E1hZ zi&FUkGyKGbD0DQrs4Wi@zmV#Zc}R*JvL-ZbZj4fW-!qKrb6Znw`WsaL^GA*9oBxPX zZD&+J0qsx@?unz?1XTZr5u|7Yq3*C@MRx{4UBu$%Ou9Hq-NC2n7XJY#!?&8{iV~Rg zHwZlTgGON4u_%ErA0q;P1v-_H@dPGihazYzx(k-NlK$~=m1I8cR1a?5?VMl@t)6HXb(>NW8*56!F(-Aiv-{kAY@s4ze0+Va#1$w9Uzi+ zuUw(i4r@UD=o>rCY1eQ!&yi$#LzS2_x9FJo}K!jTfc9NO+92|E`n$%XXpAUcc8U?YLcd(aj73ve%Ync@(@ zH1XwtpoGEwc)F)&<%*M9q!*UUC7VeV7OlDyZAUBWIlz#|W|yU2sd&UVbb>`FB>Vg) zcen&+&DfyvNtg8SdISY2!dyU9eSB%bzR(czr#5@LoQ}FY)U>BWyDuL zMhknk7B~AmB|idkJPP}aY8`u}=h5gZ7qC}`X|HruI^!$%pF&-;R>d>1{J*cm{GOCp zKpXyIKjrhE;l+Yet;5rBe#8u~8j7Y;Lpu95O=4%W2dM|CCLD)lP~EIpi+tN&C_?)jgXbdAznQTAJn7jX z-s!OD?ZUPPQTZ4&?y@2G$*uC@mOc!}>5GdntWrMNBEx_qR)wuB+yw?*kN3je72`k} z)nRSoscE<8b#b@nE)7x9R@8hUgC${liZ4i0(1&3zPj?0<8I?cYGT=n(BKW@`>NIt)W4ai0PgjbuIOL)cjQeet3ypT*pmw=1 z)iry%#V(6!wrzKUXkbs8*WKn1>zVzBFt$v50y=itZLq7#si?_$AHGhIjkS_11N{v1 z?UEe>J9rQ!fZ)CvT3SmON5osR*~g8b|FNY(bNBYYK1pGYQVyhzK~w@pU0!bxSDmGY0*j>8dR%_LHN2*qC{bj~t2?130I681n4 zjWK}EfAr+{D6D)d9xglI&>k-OMRWyd&3*;WX6MGE2HvA@FZ;DjrSaKOM%lhskE>w^ z4!p2!oEiR1N(mZ$L8Hx7e+nhaRAEhL)N4XQNBA?X6NuWu)Compl-zuQu;#Z@lsqlf z0VQ+}c7Mbc>|R(@PU$T@gf)BN3nq1eKa+&KE5nnetqM;cSllJr;uf~8j$7NXw0mjz+qFv5g=Fqtr;Enr zsT|8!`kFQ?J@#7H0WfDP&pr!(eUXjz4=*2Ap-=+)Tl02zlA=j^B5+ZyjL~hvAONF# z_iN7RI{SW#o_}xti5T5e3M;;0d!x#vF_bQb(bbxJx+tx|c}`l+jR-y!K38qcz+1%* ziBpF9i^<%4Mxmy`M6rl=dz-o3dxf^!UnaH}=&s-I+Kw(_P?`$VfgO73cvSNR%zlSI z^ozgAxM(J{P3C|cnO9n*-rE3VJVg&Dq48f7;5=q4mA!5Rh z&bD{;%5pd&!|@^ZI@*=R>_TJypxo1BeQTbKzJDNQy}DKx$Bv(+O>Fsems~=DT>OD^g^%@Z9YVQ*=gTmwIj^U-OS%7Xj5Ie&G!mI=@ivhUITf2Egcsq zq8f5al^_i#2Stokvv8ravI6J1&3E#AAwbB0Qt7;|nic~l9JCN->3Us!Agu5+y@*oU zMb?Gr!k==knc|HO` z4eiA6zva%&x6O(E7Z*P}G)^eJL04n*e=oSCT32?Jvk_r94bI#zg*BP*=ER_})Eyi? zmKs}F;cIDFkjCnRny|`+nfT zPrjaZ7lh;N{2}fxO?LUUt2+|@6^@coT8Y0z`7vf4vtKCQN}Pnb!mv19?)A_=EQGLX z?Gwn<$*b|D#xfn(Zng^cmhI2`>PymYa!jfXi>QlP5pMLXs#M-Ng4l>ntSDO%#%(he z9fH=Ku%{f7=qd8GX|yq{Mln$gu0%P}9cWm5lS|5$&Hid*WVTEX{dFhM^AXaVf^)C% zWO>lIR+Q*9i84f|3Uo!=snWMc>smw>DF`Y#bV4%w@5hq{-Fo=9bHO6OWW+6srYXY< z&MKM7ZO`kX_ol#)d(m;AfqASr;^OtKZo|^P{X%1D|2`aLX=@G>OOuYUnc9B~urw;W z7szgxN1LW>?nlOMkj3&niK~No$8N%Y?N6N=?cFxLup@331X|FVf_#|c#u|=<7#d&_ zvt*6Ci;s`Z;afVZw-9)ev56Z=(NjcH+ZrxakNYvITYU0C)?FTbe0TNx``z`Q&$aGa zb|~6ivkp;rE&iT$*PolT?&=3SK#D$&u!A%oD}^l6cOZ-j10D6^#``?CF6>MYhYnmo z^~ysplDVW^E@ca+{tOG}Bb_ehrb@vq-1Tt_=ZB)ih2xf*5UZ-y+JQ6a)1T3ql&_up zJ#lNtDIJh@C<_lYs5p_Mi|5Dq#dB0!Jl?+AeG{;Ha;ZKi%zEVTCSY|J#5t?7;fIvk zI+{1Vd6^0Gh8G;!9Y0SxsqM@YAWaDLg%rB5Z#TX#n=3Y%j-*mq(IMR`ovx@^XV&Sw zshxE`^!}x^?1OV)hCI1L3>u$?LA?o<8+tJXO}o;f)9A`otqy0>^Mun_x`yj{(n-(L zpy_$8)aF!voBki-&%1uVrsuinyQrQg^*fqV=N+O-VGy3%&M$O~T zAM}dDgMeK7#|yBiV1qm?IHb>P4WEI;e9$3mIOw?j;3prGF1?#Ow^mrQ49b}dLOT2_ zfT}Hy;B{P|4&O+hE|Na|>xFOHa&`-WNsxbzUGk^0tDb9XGAWuMPN|CtmLS8Wt@Z5YK)^%O6J!lDu7fCX zWKM*v4^*+Q9pP&Y`KP1>-2{wEQ-Pho_z2Ot2sqD8-?%aA|%}gj9JA4wHiiFY$sy#R#I{b9Qf}!vY zJG?+%%YN=ea@2>XQI6_f>Ix2@LZtGZx`@|s zCK{b6UOi3m0*S`E=s+1Ga>nT>k(=Y**)OaZ%N%MLednH)zWu@)E2HlbSFk(MH<6 zQ={*U#61^2aEcRGL&w?DP8xBcQyOtDX&s)MKl6~ z?S(YDH5xNC8rvuE#c+;B;7~@OTc=Uj=hT_H&q$>G%1HZa{n<$SLRj#!2vEEy8@=UbNJ&9NCjI_~bAx*?y8-;hy&}$;= zwbTqwR8OtfT2u78C=+t9?8CkCO^k>s1oUK!Ore=OJ3!F0OXUu!-X#a?C_c%pO=@@n zQ>Ogq5IfTLe-E~A6ha~+So{rZ&%>004!s?siD{7VB)%dCu~OxicOj(<^Iu=p+JBun z!MF*mymeyu%7IjWXDBRuKf0y`AIc~s19;1QcsolQ3vC!z84<_tA!4)*Wfmcj3Zxeu z%7+adHh1{zz0#MX^SVXZI-r8=c|~-it6oeOzwhmiW7D3F8jFsYV--HXII+URNd%}$ zj2^hsLmBrN3D!EgBL;&E_cIpAvl%t|+mAOPp0f7}F}RLpXjTS2!?2V?(D^z&y90c* z%v^>ZXyema96JnRcTO~jT_l-j6*jz|%HIh5LKhMn_PS(7X3)B^jt$%$>tO^0+;r{( zroi6`BYy0gbd@Z3RQ7|}u8;84IntA~$4Yxd znKnk3OuMCBroA(ME)@TH3a3tSMm<@(KAMq5alQ?rU@v#cIS#ov`qr`2ewZ> ziyqki^BD=(KYh-Y$=J8yz~SL>E6;)2=jQDt^#3@(61CVJS-MVWk_Wq$dpmrPpOg1?D9&w>IITU+td(x zQ+ww_W!->&CGBmPl6`Oq_rM#zBAU;zt>~CRf-xGS8&CJwrfW^gXwxHTo%8lLM7MI) zYQjMFy^Mx~r`a?XrDIx2;iT?5UE=va9s?P~^QE)kgpE%37=xgBDc4R{I+~asOYQ6F z&DGD|?ksAB+1ttKUz`RfqZ(wXw`zyB>aMAYuDaYBnyvHq zu@3m;jd(>l-?>H~rLvTexxSd)Q!PO6`dvxtD`LZs4j*8-+pKB`kK{s zRK}a9zp3TlQ?3#J)TdG6ANZ7r|Dc8yXo(TeWzldb~Y^_l-aa-ltsg zFdTLHJi{ICpJbLOs?u)zz+?Uvy(ir^u)^lAFbJjk(OI5zj5VX-xO*4oQmbuhh4&}4 z-j*ap2%U*G|;|kHO^>xji%4h>!S1dzW$JD zN2^I#&Xt3($?o&EOG`?WmfBCEv~2!_XgRi*(K0DU3v5+t{AyWf!`0%QE?U#Ix^meYK+rjrFqX{yf_CDYWny&0XB;UmfBfrXD!eQ2k1?-m{gDz`0CgX((JIBQVHVZvy*^fFhrg&Z z5Uum-Se=)#I@f%{>fHT`R%Zv=I1+urqW59>T-%EPN}g-9J!MjxJ!P~%PoP>a)yRbN z-k#`gIjJUYn{)$vnF!UprK4=Kgwp19&}Nt`w@P?6WUld^3-3L=05-l0UWJYC3Y@bq z8&HRfVLFTEaU;=ejP%6()9IT3C9-1PEeD@kfy&9&2Se9Db5 zjwvS=vca_(;s>`MoVa2Z7`bhPgG_&3&u!T1J{b69H}y3(clU1U>%-9H%1tk89o;XC zVbpma3dI+ZtXI_PcDy_5yGuWfN-XPFY7&bmU&Y$;JKG4`iWTrmYsunJDFzH_j@#+l z5eEd$CG0Cn9N>4facsLl8~S!Tq5D>?6TYvGcEYY|>V#9!7s?GUMOS?I8xk?f#m28) zxx1GkuI+8G4p4l$>}43}3=+C^Y~)<}DmatiSZnnUYD0fd7oQD5>p%7~sb*<_n&FZq zOn{MIwl_M`T^F=oPQCwnlrQ~AYoH<4z#~=E!0)kv_rIt$us1EIeC?*St$uf-2r`@U z^P-MAap2Ba6g!fqq^jY1sGm*l{U8k#mw7Ys+w&oNag}#KV+nF= z$6i=-B+t%p~h*M_x!c#J-tcX;+hH-_!^uxA{*FSahRHc=^!6>6qETGuKh(^W!t$nE|;^4Olb`a)%dQ1esh(HMYXkS$R6ZEH!e( zfwcr@gyusP#!koz)>G`a{obo0InZJA5m61jnbU5~)X`BhoXl=muF+CX-;#-bEwMLy zvZJ04y7AC1v`Mhe$AyG=T!DiyC*Em1AJ@)J)o7J&FLMcwJur91!B1s#VUy}4xA~@b zdGXIf@idwbvL(0u zwv{FE4ceA>Ra;Bqe1F~xA0p+K1D*GjGfQGPjeo}7?VaUuro?Wk0(aNir%>doXZNV9 zp6Wu}iklw^B@7y|^B*sq!32pxLF{$V&64TO%3cg}@hhe54#xdh5Jt^{Jm+gNJEwbC zG$6N0^pj+ z##zokgEiFr8VY`{nLfoe>Ghb7DZ&3n&bJ_YK$}FuKzTO7d{-!DChDdIyP_t%TW@E5 z(6P1eN>64+uWDxWe{IlP{k~?<`$Q;e(7PnWJP*pz{_Dv&gWjHDf+OIDyh8EAY^9u2 zp^=8H{Q{!SJ1>EwH7F|Zex?{2HLo_1qMTSfyV`{iCa*u2Mrd~l6PrAL5a?7 zXtYd&HfS5wJDhr{LfQUU+_+tk9SR>i-PS%b!9HPehj{yhouag^j-1N(l82fUP)wxK zuQIVny99j__}$3jXtIwQ3>zxHS)WWfYfVh~k8yNvc1d9+X&Kpj8x~v*n}SU!b?6Yf zuK0BfIo@-{Ko z)ylx1CcLJi7?nh^ylNH;xTiBw6hcf_t&8s`gtN<4>yJw)KyFP^TmZcCTPd>K=frT2 z;zXPG*m2eN5h`lKGqJ53f><2d?)AVW7ko5eG%>N+wn=X!_z&ge(gvoJ+Cs(}uYPVq z3A=$428?|bza`N+N(|E1_*;^r2=kjAQfj^?a1WP2T3SCLHognJE^BWtfKS*yYPxI_$+o% zE4;#J4<yIC=uqsoJ4Z8`U}#m;(I5x~iFlPW8gq!_RYXVb@tb+MIgKIMbYNqp zeE!IBSo%l86{K!#fYE_|fd7Rsw_OTFpToyQ_YdC|}o zwTM$QLSzz1v$!L}HdL*jU7LwEyV;8-!yK3>`j>`u9=mPRCG2PnV~m$|bMEe_E2yxK z2Yx4DcTmsU2H zFfOCsV&f9*+;L-cB!1aI+egMG)~CL;jjC1$+e4r)o~`_cgCWWU?931l z6$p(Xj6N$Am*aVMCEce8#UIA=3*QqQ$>pL}{3HtNg5f|CVO>DTd6$Am27OS5qT79% zGrb!{d7Y1n4YJaUsC22oEJ_p7Dhtw?rs83IdKQ#hQ8rMVJpmR_)34`KCk$%Fd)9I3 zMK566)ZbOrmv`fTGj)1zwkYShF-9FDN436iH$|Q$Le3DguJ_$%k6D-Tw}KW*s~2}d zn`mDrf)!fKRIFQO{fwu+$+f<`t>0(_zWq%cf$Cj#fzKt=uIJmjlPD_wFKvh?BAwJ7 zb8=4zB`ab1Vi8joQbb<^&3xia2m{1q4AuJm0t#wFXA0Pk@_GZ6o~?QL_)(f?L->cl z#RkSgCuj|{wQ1l`VZ*_M-D?xRstlMx8`$>E%&wS)y`44h_}`X&9$@4JHc`&rBj9JG zvrVle=34S{3v#Gt)q2;0v$XLupwf+PqehjpCTO2wGfCQ3B5l}H7skY0+J3SYw*1_}J3T`PkP~V&nTrAwD zi9@+yLFDA9yv)~dCJkz{S1Iqs?z=Ye4nLsWEH@(N#%2Z`eZzd#pD*a* zV85QzwFmn}(cAMjzlxPDZ&TU*vC4e0%8ow>YwJpz^qo!E@LlT$r(I7CKD04@GVG8+ za{0MQjiYhnJQBD%sn&*jGIimf5LN_aI<)rMIFtkujAN-BsA|%7r8vuOvtG08KBqGt zpg60Q$QWt6flMM!8h{UDbG)LonVIq&wXN@?Ecy?^k_4+bK9#%<-{h7xd(LZMOdJl` z2ptqVT!b$M>Ji9a4;_-%35buR*wmd^jpu~~0_}b4?J0Gh!;qvG)|Ckx0yuHzz$t?n zi&tUnMskXI%ibU9WM5TmCElf$3#AWP zsi)Ro>~9|8`2pC{4K}GN@=bR29RF6V4x!Ris5^vqT_`AIVFV-CNsh2xwWzcgZ#`C^ z%)XWme}p;+?S~QT+uVS|xD&ER{vYQ41ip!?`yal&$kS z=iEEVqzgXJ=kxi#{(oPVBzNxI_1tsMJ@=gVnIi>Lhe+ksSbHsN1e&AO!(Lwv5}TEK z8?IZ+u@OUu%kX8++S$WbS-suj>y1n$GyC&co&Rj1Iv1^t3c{)abW?Uz(@->_SHgL4 zYTU$jf0occc8qMJ50eq=dl!0{sc*+QT9h+Ki-)<-fg#KjMKX!GMrgM3$%CVtw5y%$ za*=QBC9mMp8P4sZ`j^D{Rv>)CnX8*Mr6rPz`}aq0QGc@yUJ%?bBI*obR3aI?BCgTB zBJ}kf_zU7}uIVU#xURSU)Zh%!#Ts>nz`L*~E1A-9NW~G2!iSUQjV@p{k1--LAV8+j=mrcuA9lg_tTuC~k zo3y2-xLb|PKhdXld0E$|?)hhwL%sh`rj>b%b#2m8U7wm6Q=)7>-FR)sI*i^yZMZU2 z{P0Uuv93T0rd=JY-_Pha^hE$eK)k=;sK$}cpW@C;h!@D@nr3tRT1x?}k12k>pi z21BEvRnWytje~fV(h|ja8`SRYGaMKn2&RCSaBL=)0M(+IkNA95(BfnemRqKA5T6I0 zWH~SKA7PUd+28K|fW?~PCMrO$BlOibq}{b&hHvac&kyF&H*9OzTKj&Qs+F3Ot);Ty8)W#ohSvJhjmce7QC54VGs8Cbd)}N z%%T8(DKKzY#NtfU3R#$?P*dB?Zpe(co9L6CBVbN;f{VM|j9?gDwAhQ@g9^rbP)6)q zL+c(trIjtmTMV-f8idxwRon)v2KFegq>uh3?LdQu`Nnp8PQSePW)<|hEb zAZWImUHq1F3kg`Ybj$gJ=w|>Ni4zvb-*O&m6OTb$licRM^JId!#HZhPE`$uF@%Np* zV^^5=;QgC?+MxM2N#d)==3a|=>ADldl9sl2qmJPGO?F@Fp!p+ZbR-%cyX|y{YaGd) z-gb&h4xuVi_|kae`LP%%<~N>hV?}etfWrBpDWA%1UB!cZs|as&qZj^@wV(+yxc==*m4Ji;myn&Cj0332?*s?=MCB z=~`T#8K~9nh9@GtxeSHQyVYzeskID;6+^|zN*@0v`4EFL0auW(g(L8|v@Kx_pR|#} zTiBqIFCXJb-;1D*jS0*y;F5o%kz+V?XfX(8xAC^Q3J-~XJG@+6_Q1v3c`oHJ^QjLH zLvQk}lF}6E%KY=SYDohwo9;V)p65_tr}rQQCah&>m^VO$d=$Et#*e~P#-Us~lMf}u zl~HP`3CiKfpq0M&8M4r9w{jRdBrE&a8&}LU>!Wm=TRGy+{n7IoR2Y0pAI4|LaWejm z$h3}7;rHVxhG&>f#kH36^ihyj)mkA@Q7Y?p_3C)#$HU!_7pwj(eY;AtWaEvvinh{i@QytmB_ zRJ(W|xEJ0ksrfjeH#A0|x6mxy4mad7DUW#mm$w`{d38n$Ek!(1l2 zz(F$FqKA3M206$CL8?pOId7pNZE23dCPQ?OPUF9F{Qrle`2Qv7lRJ*fhKapcX`4zq zLHjqxd*%iNx!xvZKNf&$eypwT#5MqD+yhbVS1%Pr>0@?>QYLmv#>y6 zTAeg~DXosex(BvJvnTpjqU-Q*Y9_rw`!?m|ZN8Zm&m2e+S;orP;}Z6m`HuWlOpohh zkF(fgHYIiJ@k_DCiR|$zdc2A~UKM-%(+YabKtdJv*f5QC>~RAw!XAT5^5yn$^uDs zvk0Jg{pOfz%JZ;P*#&5->MXB+?7DzM~X;ggkD#1 zvGJtf#+TUO4P0&@fZ8IyCX@A;R**wj&KKV*cuE&EzC~8E_goxuta~6T>)-?#T5yxO zorNOm{U3>>x2@kD9G5NyDMW-Tcx8rLy)r{m)==mMg{7(!bFiF?+`;h~Zsj9)V5eJj z>~^btW#xsZDBlw}&7MJSRd5FFrW@Od!k@>Ecr1*jJn`D=@fb z*i&5!6t5;obw%lVSoaRaz4q~@bXNg_;!&!6jj0rVXBm|8uEpM5mG15Jt`$Brz1`?> zk*`H~*Ic&OP=6vetIcvr!N`o8!J9cHm)FcZRR?Y zrhjq>Uj#u2zko;-fhr0~+u{Y1yozEepA(Cv{M*GkLo)=Rj7Cz94@=ou|J%eUqQmg@ z3!qE0CH1~^wKR|JL6!k>MWyP57OEU!>Kv-Iu&$>JW>H>2$Y8e~qW=vn>uDF=e1yrMybiJ8OtlH7 z@YM+@=6vo}K%j9qm5sd%%f(2hW3P*r`OXz>%k*5Xmlv6=+0MV>^fxK8W)n}JC5(pT z`8)0L7cO$_!UZaeBvJ-x=%h?(ee>ntzxM2wOxOc<$jX65(A3|f2{3xrFt#;pic_0N%r#$4;&kXJ9SyRNgEcOv>}>p z;bo_vwCw-1Dee|Ro|)1@YE_DxGT^di4WvklnCaWM!MC+YSsvfr@K5Xp6j$#(Qla4K zC#zF|_bq^f#$J!brQDx^qEJ6sxiLMG1jDU7MF&wnGa!6x~xhWXg*~@9}~3X>gQJMG=zwcCEz0% z!lLL9+W&M2pOMwX-Gv|}Zv{Ts_$T(vq!s_dnZMWNYe}?=kJifS-)13X@CRny>gF)F zrsyXJ$F^M1&lH)a$2YpmN*Nxbm}A$Y^cvbUl_IInNx%S|fxX_ZD85kmDemHl3-}?j zm8r&9=mp}MF2$oPg`WGPg%#?B0qq>X67OOqN@7W!xTdRrD?#m4=}~} zP-bdjF^kWhI?DSd0+DnTTo|BztHeDRt_er6+ zj7*U5a&C(r_V*;qkw^~Ol2{Cl=~lMyyRu^vL*tTzX^+CzH8E(hy0m&JI8j)S0W+XZ z7IaixlS0|A@Om&Dn~Xs)`r%{G-LXek!=nTQQ-w#a!UoUP`lHF-i{X(45ij{8S6ShC z-dxF7bwcvh!qNsRj$BL-xXofR=JgTSQO>$QJ;h;cIothxGzi(l|vq+aip*xR->Tf-& zF@IxU)pPlK5$y1h&DGy0`aZH4p{`yrLS6A&7=l)V^WTNBE0}_IB1N`u><1MnQk=!b ziRW@-H;>0aqImKNCQ*oiUE~CyX>VCf^KVm^W*{L$ZnFKV1|+bQyf@V;No^SG?Q^omO9j>Sf)#8VWr^u9t!QuIfJpU zH|{>7RTj|6c&w@FdegjacBKlk!dJ-Z{ak&52CwG1{3^U3H~EfFpP$4I8p`q}Q{0VF zTfAW6UF8{EP?-+3Uj1f2Q#AgcRG3bziVRu~MM{uM;uh^G)c56b!@gY3_T?zY>$&p( zm;5d?vIBl+^tV*+&6IrW79c5l?9Izi?~y465HO)k37{wY>0Q@N{~*)Y&{LBbkY>~u zQ1rixBlEByZy;(wTK+5iJX&KyBTO<+FI!hhj?4kF;VLYzq#wHt@Btmy__x2a8nbzg zu(=MF)Ma{*slIsrPKVtMD)kO%u1Sd5BK@pV_g0}@WqqbXKiCe{TBcw-&G}W4GsQIz zBQS4%m4BzF3k=OHg!lAVb^B>qEuX~z&pp4$s#0lTX2y+W$Iae+cVYG7FZAZ;a~oic zEg-}0AR}lIG(Pn89YD$$Q9AM_yzszl`~~k>WeUNt^2XGa*TdT=C5H*}Fk0HVP@2K8 zcm$3{#>688lzy;mIV)p1m2s57^3X}GZmC|Hw@;*?vzpqu+jWEbUV+6BTI;3?V6=1L zw5c21oh7N=*;tE#uUa*YkGBhH+xxw`f*Z1mfer8wjaexr{8pSs$)Kx|f)7{Hg7OnK z3-Do2_nG3nsz1cVW_CSE7rs3t-*L_Jo6KBQIrzL?sj*id=wkQn7v#bkyZAzt)4I)R zt?{Cr(dQRIAEw{VeOGxwe?w{n`KfbnMtHO4Z;am7$ehBTs3e$`a)z+pcp@L;lfa1C z#iy(76u?;)T{}yImI@BD?qE3UlJam>tnQBXhfKo_tLRTA!#5L!x9}e);aKd=zre~i69nN?$3$)3Z>C2<=)_ps;F^zx_j@@KQcmapVmvmw!V!08iP&Af*r_)m-!vyfJq~KAo)LH%P zfuwDQGeY4J}L?*Qq1Hy0*0sFTt)n+)$n-qD+>CO-54cKt#~wO3l1DnEZ`sCgo4SQ7v80I94p z&eKozTzMgB`#Zd!awAe9Q(WDfUgxw>AXq&fQ$Lp~hGsaec)6F3-=7|DrIC4#KtM`q z`?yCxu+O~}rQ8X+a8cY&xX6=K(RXjEY0+R<2{Tv9L#1>%0Ug81$hrw6r{~{_Vn#0i z6wV<*r-j=#^uK`Sqyq7(T)`XDVGlx*2Y#}HS=xDBsI-Y!AgnPnSQA3?`+#7iozYNR zP~E>#H8lt-ik0Rg1A?{%-Gx5v>N2Lluktuy@hJ6p99&D-Zb3@}omXhmatft%?;m_K z@$_jfvk>e(c|VYu@;m6R-oFSq^{rODb#%@5Fiqy3(A-%(9$^LDZhZ(_zLi7*p4pXK zE&9KLXCN%+xO`QaF4Y2?V38!z-7K0WDf`Hdq5Cjqy7nCl=icHL+!=h5Rbu(%8+CaU z;3~h}(Xc-dDH+c8ijLaN|AJBb{S%lTEHQU`CF5nqO>C-g(n7OG5W?wAQG2;(T04rE z<)>7tKwLhbek2f=gw9_HKjYR@TY3qPgd7fah9xZ1RXBN0%nDc2WT%_>0VGc_SnUlI zI%9R!weI7&AWApg=l`v-WP;~HIBF!u(BvM)4#7nxXf`zH^U*NE16 zgKjyZkuN+O(qZj}w68v-J)oZEe?%$%xsMUOg#xHqbb>^a0V2jOIx)_H{+DKS==+iX zLtBMmwB|GlNQ>1kPL5>akGNKR9BV}{Xa!o&w!I#b)JY_XW-#NM0-~?ChYU9Pfxg@X zqB?FCO=1kbH-iH|Q>YcOfdu#B`@hP(N&a{sC)qM|A&S0w?+i z;u`&3Ql~!qwE`;e+na)CXR;kOYK*EE19QF3XdT*AxbPN0* zvDDH9?P$C`VX&J}_ceOyYIJ<}(~=8rq%{5r=3x}fqBDP|p>f9jld|-Q;~%LGbtN_| z0_$R@LtSp6Fs}OqSn4Mo%FfW2*IOAUR+eJ>>|%N{ZgJgX_B=&x$>2Or1{8|o9Gwh$ zJ5-g^{&|0oQiFBd5zVD`b1+0&87hUX=8UUpM;Ku*dmU3Z@$t>yYiDvuk+%=L6S~uZ z**x9w`%B?u{QkAF8Ti|)RrKTB%8R&Wq)2b;MTR}20GpSM8^_}FBWE|4W(nRjB>l3= zdys*7+CG8nP7xJ#0i|BZ&0tKmHH( z+Z=CSb)*5)E;-5rwRH4!~w)E#%wJ2}5Oj(@@N^r@RUYk!<>+v{X?8nJd) z?iSCDu3&1irf|HC5E4$IP+!#n?hm5yv{<9P7|OsBadO%MYM zQxFF6IYM?sxEZ`64?W9Sq z9}Kf3`j?R$+-9tY>0_PcR3D;RFc|2I(V_mwhbVaQsgl~gexd&QFtkiC5js>b@yF-M zG^=V})cv+kti)@eM7=IY;YXh0Xz{~b9qhtM(f#kh3(+!qeTW=y+$>)O-bR}3`W?m) zUyGSpO9sxf(jDq7+J(-s;?Pb^4}XuLhhTOq?~CC>iv9$eI^E`0^lwL<6GDuyK&0C6 z56P%Ppb_1ZY#h;#Fcft=Sn~HM*myVOY~u1&$qXhZ+IAb`^T`8NxgOa(F z)z8>4ku}WxLKG1TUf#GFcr6Z1xCzzcDg};Js(o9{b{4J}V>m!R>yzvX3o6U*g+;$F zk(O6fo(O!2x{kXNqou4$7XvrY&lNcHge~7zno==P+vE;Wi z$?UHaMlTqv9O%c-(SC%E)u0^?w98ld60@BBCr35?ebZ6K*taBbi?oU9APKKVYuQ~O zHLA;KdxlxSPb2s6cgQ_-<}uS86;?XS5^`-iwdvN&$`-pB+Gb#gkLVG3*J+@MeGV>K{W{3b#SJd4KlQ86)?p!<<@ zASTYntRN=NO5m-+Q0s;&MBhZ52H3Cc>XU@UdP%X>6dssh2z2G_FfP`4l$ylO0_T{C zkbA`lprs0g`>y22zC|v4jqL1cpWpz%H;Yc*GkqEsw7S$Yty)F3) zP2%Gy`vj+~mMCbOvfqW;e)LEWEqwiyrc@)o@*RUwZuhUChPqd4w&Q0FHn9;mcQoSR zEeU@H)%4plY^3T7aJO&+TP?|f^}7xgKB0t(R_^z+4j8slO>7U5r<(=lN+kx~G8riG zJ0X6L_+HTWh;Nb8RSDdcP-jebBVpGTQDw%YKOl((vb%-Eo0U%)8Sw=hN#B8sG~GJ{ z-^<_WRGRF>B|@bjYe2(I@eLnKfs9C&@aJPE*!$;*fqkYZ-wi%I8zji`;}@YX*0OqI z51%&0t+knS0+|tBg20xvCm_C@uRfi#eqW<`N2mg47LC5m>~`?WV|`7r=<|#F5c?;7 zU-cZ`gDv?8gUy%GULu4y9wYBSJm0WE>&;!ZHa=+_jGPT@{+ueEw{Z&belk=f!>F>d zP@$||g`2&n5css607T`&YR^!-%Bl_}IYt*3%{`lqpKI4XNgZF{RB9%sr0#$xj=2_x zQtapu(jA)jGv729eT%4Y(6sQj7EPlzpslQlZh?Wnp#gAt0j>1Mfu;kxEibx*i;SDA z6>QNHyg1R()(#hXI$OL=#1dX_%eoTT;vLgMi$XQm+_D63@8N*Z3 zHQPRxGK8mOXtqyTN(N7XR&HP^NjxP-v;Cc=9G=Ni@-*AiEM-4WDbQ@oSV{v=Dbj3S zma>tjNYH5ruJ0!Pd=0V++~yvF$|W zJC0h;Oa~R(64{Cia?n3u&YG<(W3Y*DOKr^#)gWz5zIBacb$$V=v(&^FXAsam+q0D2 zM5n1RHWy_?(~+J>zl?9q*$!{qH3NoVo#hX^xY(bCX$(x>;Fu$+j}x?) zzq=5B(84=zHUKEMhYxX7Mp+$~!Dj^b#}SX7KvKUmI*wH>#&Og|i#J=ya(e9JZ0iV~ z52C~qx)XDdUg2^_SqmyQC+J?LZ$B25KNeKNOE*zolrICTc@yw96>6FW<)2`=?MhYX z8U41Ex)-`O1NtzLGsawspCozz@KH@uFVBIFuO`RV z$LMr{*KPMhG6E~4!1Zn3PBKys9aK>txs6W)VM^r_D@&4XSW>7$6 zLlv~ysHuBkD|UmN^PT&M7CR+)Cd099r@)UodKu6LmC)9=VWcAzoNr)bqGsovSLdPlkg4t9Mm;EJK1 zq>2vWY^_5AAbs?ubbC|lP>UdQm2vKNF#jEX#KU;Vj>4jJ?{BCeBIQso3R|&^7<82v zKepW&eyF5&B_ZP+r@Dgq?t7w9ZTmdJ)dydN z`u-b*q0}scFoc~6jVJ+O$hV2^p1d}Kz9ILL6Lg}bmLS!kPPHlY#4xMLC9K7vh)kB$ zl5|v6Vp}fM@6U&|yFc$MsR>bC%-n}@vc9sz^gZ}4PVF&P@YrFfnNsT8JFYM-0CXFz zhgKDN2a@zNo`rC$eH$d1!tQvH!psd0u^_Y1qO0NY8~kxe^l_xP*`5P(ZWp|#i0Wf1 zO>z2|MWp9_l`C@=d&oeK-V5w(jlJh7HN2CC>+?d&pBx#EKXUbn$>b9Q-T!)JbUxH~ zkQH)?coUb6!*lSOtdo}mv6m+rUal{SRCj8xE-N1?U%1tqm>L#UTE7!QT%DwR3QX<7 z^Er+0iHV?r-bC;Itf&&>I=p+4(t+F=m-=@WlhT@8!JZA#`cu!xp;5Yq0z3%?@TB4|32um6X_LwGtnHwWVyn4gISrQ` z_<=hYw)BC9c#O=xST~PRFSCa3JI~5uC}(!U-xpxk*>2?%H<|GwI;#471j+IQt;favOrew(uBGjZM5cU*7zP2&<8UHarKB`C{Z*dx5i3VSVA2WJev~M#sVWuM zSkfKh8f)n&OLuQiNvnb%0%U_Xyx*1;m^|lWt!l+}1d&-*kJ`)8736Ie*u#$JFHyX> zo2ZAxTHvr!H5Jc#Va;}H*THS4Gmwv*p836XVcB!9A8cATnT|CV;tPsyDnt_|`d#de zMn1M-s`*c+0KIl)b!|OaJKREHd=Ac=g#K?+u~FSL+tx1Jcq&P%8<);hW!{$XJaSn+ zi29>Ou0Kj1ZN-L$uHyY#0dI!?Nx@Z?MIDftT}zd$)VPHzsc_qzBXZ#(Su8#jUP3~q zr3dtk9r+SpzYf|^z2BnQ99_t**fUP=b};R{`;i@hc+e6W-h33qT`InWs-tn_C<5-F zB*@Bg{5oE-REGy(4q#~ac7;I_DeT#rCY=noxs?XD@~K<-EaZ9(l^EXh9cnj}IB|sp zy$$O#S=P`sg@|?LCh*JE>7l>RZ=tzeP0MfsNIp~0ZrhIdUEQFf*H5yYyIAM2g|f2U zsV>(=vI2*41@6ZWpz7{U+M|9_bp9(VUxw~`69HnNy9ZrCGJ2Dl*7G>}RzJV;DAj(4 znXxaWTB!}KT1^%zyA-zI?Px__9a>_?YYZ{GmyEqyGv{=Ze8&dZG32~S7E9p3*v(Z~ ziy~9v;A?Rr4{5eqD|hOyGckxcWf?nsuB~E@4oDH`F;9&#<)E4te!Yc6R$ObzMHb_N zX4osueDoe_qOdXfbV8j1LbY>2XaP$*3xjq2*w>Kx#wNCI{>3nr;P8=-7C7~9QUCs^ zVEyAJIIk38|GGJurF`@dbVmUy^~fC-RpuAjUjgZpO zjh!s3*gHFM7)Zl$OTR|)F@*fcmqySJHxw<{b?^@a$7Zem@`kuey4@0a)5};Rb>y>5rV@XsFBUnw<-J+J$<*%v`fEp9@{^96n z0+!wuA30uL07j1n+Fe|#D;>`Q&^8P*`oUlOnvkR>T}+2YE=m~ufvzyxgV@farQnS03?NL8D{^pm+5zRRtox9l87vSGsCjSz3(k_kfakY zNnycd%s6%h9!7{=m*l};Cj6y~-4i5bLY`Dtl4GF>D#@rTDWE&d?j^I~uL%Ao!{0Qq zyN^(O>Pi++0Mza!5`5>zxh2zBnveNW`eFY4H>BQB&vyL1EFvR84%{aEMIFJS9@ zhjnjt-%0uu@J;>J(y7ja8Cb!Ma=mbRO?>#$!6tPDshKlq_bagQ;H1kM^iAb)(#bUG zLo5fgcDR+F4fZ!~^%6K-d(L+j&QJFqa&ddxvw&oEd)pKTddPg8Fxcecw!1FnMr-6E zXu(@kU@lnQA0)7SXs|<>oi5d}jw@5GcyyK&t4pzDY0Jo@S2;VsDw2jKoefZ$9)lpW z6OY;{OwU5=Cl+A_^Gkr}>8xZ&3y|~4sx1X~u_Aa7p+%B{FZ29|G5=@eXk|}pS6T}`T|?A`nCdNy zH!WsvTzEa<=`X35W=KKjY6j|y&<=>^-4b%0*#$X3tz+zJlWGTv+SQYcmFQxel{^NT z6S+}uOLcYF?As@>IGwsyG9N0BjNw_TLuMYu6EAb{$vON?;SIH1l(&8i9F>^6x zJ4RldMULKTF+zn^kxW|z%ytJ!9ZgQ<81VqjHdR1(%Fu0-PHBpdt9l-bkF29p#g9^ma#S*V4se3;zh|r59VRu?TDEf{ud6lnCWegzN@Qk z+v4N1jprtV{&qIAVMLu1Q$-65%ZY*&c4a45x-ox(-IG>@di4jgW=3YK%wpgP+5nfc zh_YM7zidd>mp_FlQGL2JGe;L@_{fZGKz{}aHA5F7iCtDW zG2IJ4dPz#UrZVrAD`~gwBdI=pw@uP)_ngc&V(h%*BIlKBF}02JN(V3;ZQ~u%G?q-x zr}(oJ8Op6n>27r3pm4)d@czjJP2sY}%x3lY1uoS7kT3s{kI8y=k+0=aF|eH3?V?KW zMqPh>B|2iaRbkupI|`7RlbH*H=j@rM^SBGAH?ub@K{I{s`Qq-LHhT|D7 zNfCC|bV`y&Uz#z;+)OwS!aDLIZwnl1l$HV6G71fR0kQFqrW1vjpYcOe@q`8Gbq zu9frm#?~))CQIE7gqJnlp@c*CJVf_~ z4fpcc@*!L+avo|GoK1BYGSNhe???`m5_ z+j^&X61B2AW42u_V>^QPPIA*$oXkb6JBer?Vpx?1eo`xo)> zloY9?c?nlMP^55mNgM6Fjr+{714@8~Z3mjZuIdi6bd;6kDdMG|o5zxP_BjZc0kO}1 z4pn!-x|=vvJuhj|lOSpAEnB$2PhrGF&etNj__BrIpbUaw2&$n{_IWWrTS5&!|2ByrJoX}imc1{!wpCc0k|8Tc$=>la5$M{`!&E|%rNaYi6kK&=HDy;T4l}cz65p|8 z?`#t0lM@U+ZpY0=A2-pz*~}3*_L+5KmiJIoz7y?^eMDsz?_9K@eufT(K5jbkz+p{tr6;B`w8x z)zU}CER3eI5EAbS#Xu~){jg8jmotEizs3PvcxLJdT*{psB;7$MAFxMU z_eXYAW^13LU(x8Snfe{frPA-go2W5!79h z?bNHJFIw_(tEQ3Ku@N?$!9|1d6ecMRn(d=Q*&zG3IALq(&gS1&Z&m0E9ZN+2o5s)x z&$GQZdR6ng4guqj`aYo5Xk=>!b|t8i)?OH2*XfzR~a2W4OAP~RnD{#Y>(bM)4@>wLXFJm!TSIij^2 zlE@2K;M2Mb+DZ_xxGh{_F#5Kg>F42nr73(no}W7PH$x`;0&Q^H-KhHBK<-oO;&f$K z=*b>d0%K(!StzG2GB_&F0g9Y$kM~yQS?MaW&3OjzBRv=6UF07!xnpUbJeLw?=1XXU zu?H5gQjI=kxq+>`AoR*}nj(GRXV=yaoWf8Sz^VBrS8S5W6>&06aB@V#A0_$>jIuKy zg6ac_zWoA>TmcS#o^l1w0y~0cdHJIlYa2a}?~}U-WVn{yJK=TF!z+(q*iSb}JaAsaO2Y;0W&Nax z+Bo3c#SZmhI@LATSUhLwm@elcx|lqAYR24i==1P=jVEI>psE|7yaeesHLv61gI+g$E2H_*zK)Ryp_@Ai^Zdpwn zdI=&dPZTs;;jh_jbH9jrB$Co$gqit(2NTa3Xaow6T+H@Ej6{qm-HjNN_zFbn-Y+_> zHLkiULg`*dHrm2Ra`0xsQPJ~Ew@}M48)5A`#5HHw%Z?ASi;r)1`C1d~;v;n&sh!>X zI<4P%H$$$=1!wR+yfOdEUZ!=KbB6t$LC)a)o9u`z{;G_~;?H9)vom-z<~nXKJK05C zax<2LId7$q%i=P;&B3tC;u6#>g=fM)#kH2f(7j(HIZ=KUoB$0SnSsKZGSOP=$Ph5R zq`UAJ(U0(oVAl=You)0jSUB&fI6?rXVW@o;;vXcxw-ya0X< z6$9IumKQcu4@`6Dp@GLV*aCrc{ub^^o*ONTJYC@58^yq@#4m5K$|^=jC^5^0Ei4=_ z9blDhNLJ^~jOVW|r9l#Qx(ci29B~)6xW(d@$hmRPeOl(6J{bR)T`-HqH7=#j$e)v3 zg`a|`kAtHo2FKDB2%KtUrAo79M~EamMR4Ypl||{{Z(8Y&8+!BRTUEYLn6WDRQoT6JGsCl2|(8{}%Au|Bnu2x4HdC`}YD4Y4XnlBptLDZP|X- z0Yzgo2cM@&eQ93BJFY?1${4qsqF&J6cxf!71y;99)iSuTXXu@f{`kIyuiB*a@ts49atf&Kl&pGbFZUGr?)oJl3~C7V6uy@FPq^mx-lZ9bd{QLn&9r zmGU=U%6AD=N}tFi{mH%j$%pg=&X~ZISWxSVEN%pNyIA5UO&o4+%3C)bN! zfmdGh^s5&>x4)bD+%6xfghfRLMD;(epi>an zh{YAD!zINTDz0@57f{(Iu1WT_oa4#!wOr>Jilw8`C?3_^L9f|W-nt_hPe1RVh;=qO zH0b)IHd%b!IHCzdBVwGbHvAps0%50IcyP`Usr(o=&Lx(7>{7P7V7SCc9&DTgfa@Pc z)0%kYpy)|)m>ntP9-IeDk6U-W;AO#iI- z{U+KT(Z7kncM=N>ZTjp7wxgu-_Jp5hc~Z~kpx^I8hWuuUzd<&mJJOlYv@R@=+>;f0>vS8W&9EX9x_tyLBD zDXyvF48by|pJ{y}$Lm;d1}e=7B46@tY|u@E1TqbZ0oDg?-N*N17@d1UBmaV`0&gEV z=$4?ZEwW0e`ur+oX6S_0F~(%4_NgrFnxx)04Ub7PB(-Fgtdfz29K2xPU!b`*6OW>p z`F%Ddj;X`=0^HsK7HY|CS8!6MOT8+?zRt$LL^a!y{cL)7yVS)X$80R4Go$7`GrWg< zM`B5$zmDN1RWOUXmsriq<7$2#igQEFZS5^Y|ARtQ*WN)h?&i(d;a2~Ga9Fz;SeIE> z8eArD7+n_~14^gDYG{#yEHZ@RtY1DNH>}yZHfE#E zpj$b@X9;@*MBSw$FtE3~UrlV0wz&_kCrvw+RZAXoTJ zbo-z#eNJW_lcvh*GVIKHG}8!8(geof&+kI!lj52pAvn3V?0B=dq(3ADCpU;|cDgF{ z0N^h1)dq1%B84!lHiLi;3<_Ex+4^CCbVquF-Pb6B;4iIj)#$&)QhtN9{#Ldp&6JMr z2j*vX6@DqMr~+YTLeR1aR%em8CR!`rud!M&=s{e?a~}z-Ddegyi2fH7=o@rwAdNjv zR3@-bN0u4ygzmNAy&;Q7UWH%@d;22zu>~jGcXvNXO+|=mK@3bwp}0DZo(WQLyx_0$ zq)5KwaKzr`{ZR59OBel@vbf)FcuNv?gmVb4z+F#=?M4}wWZ`~hAN~ilNp*&BJo_Zk zsh5I9MW9RJCM#>XXS5yTUj>$RHSxPl^XbCK(FFIq3nazEEr+%C3$5%8EaF5I1@EUj zA?wxTJh+9dRKpKY$m7KeVA-70RUf@tsIY9KOi{7}^<8xE!BBs4*c1crrXV&*3x!4i zCRU6+xbTEdN^c1Ih!?ngb!Jzkkj(>3tvB&+7z~Q<=UN>MZ!!jaoG-#O*39{pC@zGO zK;4!Tcwg1iu>Y69TntWfXL7d%zWRWF05vuis{ey`(^K+9Z+$PR4E{X9pYXqE%_83Y# z6kOPWvI*~4FreTPy#$ib6^h~E>`U?;1ClswG9XrNy&b6T`({RUDA|XT7|;nJy}BfZ zh=6oGR$SBFztb}e7B?($IheNaOInycy8!<%m5k~MlX@|t_FxFH?vTsB)B8nP0T6Ev zVfiF}crN;tyRC5k{|e>%Wg*?ta*`D{cXtt4%iKs%piXw6O)I|(540GShF?xlt6RrG ztB3Jc{QW^uJ(UcrrFu$dd;WshdUKpvi@EBcJ1k=vC z9k~p0$7jCiYeGj2aZSo7OLsBwn}uvhHS{+7naF zJoSXYQ*D@Nk4oIhdNxQ|t89ftcEzr@pPHW?^a%p8BkwItWt{;(JUN(HEddfe&P5UoQso z5CZyWBGFm_NB+pHI2EXhFeiABgx3>O>15zkTq7| z`KXd_{jE^I{PZK5{eu$zx*vt3@ORC~G`938DH}5e+Of*aMU=!oLk6>$%y_JM?@NAU zyCRWLTJ6dtBKJ)5N+QC1g$^t>X&j5}^xUASBy2;Aj)Z1787sF=lho3waA3|vuZ=Q(G;{ld=|*lhrl<5Le4bjLJlG>we7Y$zmzn_=}-CNWh!^ zfAa^?VdQznqm7*k48@QiSYIV%iawdq)X~ug#AJ8wKGyi1x8USAh93X@Ff`?=1vrZ! zc3rgq-8MqsHJ;ES1Ejjr1V zL7o$?JVY+3Z%t>$3&T=zUPvBzftMiq-(%W=S<`id;80Sk&Tzu>S+=3}4|RESEZNwiKL**9TF> zMGNr%9bA7Rt9M%^_1!XNU+v8Z51^&@Yb;IlQ)pt<#}p_&u0V0$U{s*Y;Ek9WUqA3& zQ`DBFZ8MrQ+i>2D9ccIZD?@Yweg@Udv=Y~RoQR^;9o%q|^*3~FlR!6$T9u?OG)cL2 zbFPyS^ren2R+~ca!}CCux3suy%!QfWBFU$j=bR@i$7dFokGXi#1krzpENQglIlU_< zU*@!ru=HAo;`a!-7dieS0I7W=orxmM=Eh{6lRUHh;vt!yb6vg%vWiTeGorU8My;U} z!__BvN0(hZ)H^0(w=;~Q{3>5{tM6FX`JdP~4q*#wWj9nMq&^7e#EZ3ku%BIZV?R^) zHWu&RJm(dtY-pzUSv!NavTqzp2dqTVe+^33EnOKp2Nbkp8kxg}{$d4s+(__{7ZI4m zb*Ky9%V!Qf6k(*8+rr|*_p^2nhga_Kra}8%n zZZrwzNqt$;sPME_#M?@|57Hxu0d0vFi|I2Wmm-jWq zJ8k|%x3p!TnPhOws~OVQ5PkHMPugDSbnR=n(D~OVZ7y^Ye<7eT+vA_ane4VV*zGX> z>|1^G__I?!iL;G=q7Mt&q1nc;2l_?qLiQj-vkhbqGW7Vj>_Mhx>%tyzL+Zo{>_LuZ zJNPj@$l(vpXAkl;+iv!Nhx$nD-AA97P3%Dde_&z{ia`Eh4~qDMpL^>z+Clb!rjSLF zgU9vs*mlpy*_}nxZFAq|P?r!sNOP6hdnNN0AraZzLtMKA<>Z+Im!Jf>D${cj>dS-c zk;&S9jp_F4kVOu<^*|EYwM67+`xaUR?*JCEJCOo`)-BPuJi|?HvyUAhQYGc9W*?m) z(Bqeiy8lSCR*9Qiq(N54W%7>TYZy4d)aL$z+@kbmGh;Zq+^t~pyj!Ua-Tng#8Jk_| zaxT(e{R8>wf-s+R1Nx!vL3y6V-j+mXy>3r|t-7B;q_2Y!o|!@6kTqM{MF4Zg-9u$`;gvh_fjJuwUhz+H3Py#_` zryM-%soK8L_%}LkLq@Ts|7E+^zYa~qBFc5_1;Xkdh0aW zoc**V>n6Tx=`1%>8iRCTz0xQhly1fAm8>ms{;XM9P>81l-ka?T0x4ina-(d}V=I#l zKF0^-e{-g!mXM$EIr{zg!K;C{_ho+e@enZxeS9^?gF6_y8%QzoO{e%^Q7)$51HD@` z4R4-2B!z89G;Oy^p?js^S@~0Vw}?1r*RxwA)F1Qvs*6$HioYm=U01U?>!bHo%yZW! ztCOtI$m^!DJC$EPg(F0w-jkem23Z~1qo`Lyi|0;5yU96p#}>U>lY(QHUJ-372#Fuo zVN(tAnOnV(pnll>+C*sYmC^QseE4`>w7tytsXMf_U4f6K`2KZj`@yS)`!o4#2ETCIZ~-BsT$w$1aXOf%Yg<=BPPw<{ z@*T^ZKgTV;T0i$rIXFR+3cr$-kG%V9lW{*GV~K9uJU>aZ*dCOx#Y~onN@^`#Sp~V9+Z6Nhhfs`fb1T*JLA(7)x6}U=jbhME zw+gjXkJn_@sO6R9_nEn)?3mykjXcx(qkt~_Xh?DD2mD$`a^hDmG~tTu1I}EFl2|!C zI~KYZK9#1(mCTN!32iChui^crAXUCCtg?7B-d_rGz$&X(+!69M3hys1LhGm9N;SoM zK@;GC{;i(=Qqb8Tqan$0w3^)f2T7{g+zuLTVc5N+eH|98CrjF(gN=BdjP^+f$q84p zeb-2BR1=eW;12F?&}{$Mf*ZWEfp6`vRb{{+lXSD@nFvvpd z&&4~l$oGPYWKLqtD6i;AURbP``sfk-3uz&0<Kv?`~6r}x{kQLvF?JV-3G zZ>-R>SfO26q5oxh=!fIyKvTRtGz)|B-rw{;Deqsrynn^YdytiP2b5>%FKm2xac9NN zx@454i}wsD4z@!R6z8w<5bP;PZq`E2XSRVU%f<4Zyih!bk6%ZTG<0T7Np))Qc44Fq+!2Pesu9yN0(z`MBhL{@O%0x zlKteMO*?|L5O1&QJK>s>jm3&2BhIW7(z>Ahx|2r!Y1Zqv zS+Bp9e66reRFU<^T*0Nh{Sv!-{C97fgy8*Vm$Htheb5^(3zR>qzfZ6J+3F6?O>ndP zFc#1CMhS6TaAg0K@2Y<@1F81wRnfcp_f+4{m*9^xE3Ovo)xRa#eLr1NLJzMt+kM|( z0)zRec5LMhOZldjR!ZgEK~+DpNNMN%Xkugi(cXfxmW z=5v1nq7C#Xc$0?6ZXP=}o(A2yHKHG#;q!O8FdjlGH107g_Op7w6&m*#&9S|Df4Vc+ zuZO+*0D@r7KHL}k+|%r+=x(o$r1FmROmI|ODnP-E3~Jm8eRGednmo4Z14+L9V<`4; z#ieGK#)t&^?DEl+S)%0Jfy7~?XXx9aQIb|Kt^fO*>_0?XIlAAaG`M_?toh|01Ps+hI8+r=5GE2N`E$>KYJrapT*YrTE2ao&76Aj?(^@eFX8)8R`sqr^ zcPha%3H~*U0aD5buN0)hZFcd|Du>^hEE1l&92}Q`ClNApvTs2C^gjMmwlEnO(?3z2 zwasWBh%J7!#y=(5b3v_B=wjc1EDEFinM%qYI7{ooLK%fo|3>YXl?Z#_xiiefv@6Zf zhRb(h6oVhyM9!yT~j=)^+=((tk-tIG3);djN>4$wo zLbMUy-st2SnMDtH^}p)=aZf%)CjTIl9hbd%lJIS`OWv)#b>h;;_z++@-tJ+%1XnSmGkP**TOacJO2;*vj3!P0~Ye~8Ed24O$~wnYrg#>fMZ%tvs5 zMf4+lMR+PH!kZ)A+!+0emMk2k56UsmjgA~L_4R-lRj?v@SG5r^I`r2hKX|o#H3Et)4yDlA8m6N9zrNoh~_wSXk;hCy>TivA&HZW=-t zg~*Ct!qU`x3tYj{$&%u1fX@v0+>LyE&>P44q24Sq6z%`6vfArPr9?UoUNzZOS2`7` zGrw69nk3G-oDX7 zEd2{9n6`K#EKFgWTv+Q8OPa_f=1W=G31?XsT0z!^TKAy2s=JXXO$jyB9dZftr$)-j zu5X2j-?!8}ANYzLVu3Ju3*?!NiqM_JxMmY(&*oqyWbU&jVpxPWZ#hAUqrF zV)ygIJIQ+F#IX7I;Jd1G_rze&jE%$DzGm$DF6cV>9yNuM_Mj~B721MAXC-nIZHWw) z-~gphhD#}>$uP0WV7=pgfS_EAE+1B3@Z=`GWqUOFA*%7z@ z6vHX4D2Fi3c<6K%wR|@GO@qJ5@K*$nX5)1fe9j_SvaX26p{{5FQF+yW5RYzFTs%5B z{%@E{w&CwhrjPs5?MxlB%IqDoO7MD-yw%bi0z4q;WoT)hxSU*j3!5ZSZX$#sJU?Ef zqlFA_2NlxKH?|@LJ$TP>s*?)vwrm1!a!sN8e{0rU?05>NUAtOZ5dOo$iW{L9H>6#0 z8NRWFR2;^od4U&|XDmv{uL{43W_r!QDvBf}P*2-#DN>501Q}BE20XtZvhd_|Y4qfb zx!H0s$S^2^%zF7NEO+-Ghv~{;JOZ>*ByeA=MO^kf@Aar?Q1f=p?C%@-I^DC>UxptyyY(Xu!e4jJFiC=v=Zoi^C**DEh}I5KMxFgl(UQcA43!Lmj1|F>Q;WzV;51J zpI8uk(f^e+fU%E~WCb3aj5X4>)h$~uhsPUJ>?TfXSk#(>cxL-jZG>^f5!Wu(E^xo}O zC*`2(rQ!(^zDx7mAj}07Hd@J0c<4bWmA&*VySvLXRC(8*Rf$)RmH1EiAzJW%%yXa% z7Z#ik@BUdka|A=d0?#8v>=;;B5_ZF;kmpjb0^YK7!P)2&R|tF1^HrPyfz0hlsj@5d z!=;=J$8!3bB~&D%4?a*+y^)&UCsKJ>ced_=e%9jh*NB?BCK5G0MWZw+2P(~Tt4VO` zKNIn13uN-OrjVjn5Qf8}67dw+qQ45mp}#3|lcYY*Vv&!Z#{7y#kDoPXRCDnH!8;OF zqE~dtJD&R;c}F~t75xze#bu!r$`l$l#a zp;BhZsb8OEb`(D)HvgH})O4x5l2?;1K30W#8-ssgjFyohOXchItlq9tUAf*o-@WM; z??90B3MgDOj26aW@pQ*~g-U{ToQDbC-`mh^C;sLivCAi?I@Rh_^Xx}Aqo;^NxgL%j zG{?=YHYL*TO#$s=;PxE;A z?eLbccsGa&;n$h}%sMz6upoYs{@9&#@>_WoQsLnTPm(=lwS8SWS(8M&gq^w69lTUy zeT!tU^``7b%#DN4a980TN!dJq1oTiI0Bn7Y#Z*#ZITwCP)uBue3_oOb8M4m%Jd(r; zbLQ_{kDrd*1NPi6l=|EThw|0Yokwe|7CiL_surh})LPEXgIA$L5qqF&(O7$Ktvm4R zf(wd+{c_7UzmJEQ!f#w+@i&NUpSwpE_Q}B#;hj9E@>yup$AZbJ?02ZwTco4AT*5a_ z1krzhrXjqA2k}_mlTajgvGIw`&+Y$U^YgtBH$R^){@T7tBmBwhEq3Lr z$Yan&iuO!zjfA(}74SU_!m7G0Rbg}NZ6t{2t1|1+j2s05yH?vqzZt9lz~8C<$2W_C zn}v2HVqW}t7_F<{9;)YG|98FS5ytE=Sf1{*;2le^|-Xa*#MFnyFiPqeQzx=4FVsVW;RM5-#;!P~Wd$~*dFj@q>g0$%UJb!Pq(_--yU>io*wYoO*`OKSq zJiWb))!TiVuy{|z{H_3m-yR7|=a(`??R@DYbbtvifqFNjJVD1A{Zn zJkmOAZ#lC-EN2#oW8b;NXa@QHDrRHA_oe z+k{m}PM%(NrItWBFA;RKFJQLmWF(A%1SP@O2=Z>(*k^_fHVNLLvU-6s3_%X?F7msL z+1z)#T247ARfjV@!=$HOM_VBwGDNf82+x7;Zri%ceRDcI&c1C2HaxfCwkrILWFs$c z#vC<8#Uiw>Mou{ddsQaXi^W6|DT7OyG}W$@PLoya%N~lUjzHMyyPGvc-j{Qmy?tE1 z#a5Fi$)zUOnxaVKsGqz|H*FZsEEc80LvyC!NjCS8$BkZ9!ZsA7&!|I9>U=8}V97H@ z&XosM)%|K}K$Nv3s(M<5b!=-ok*=bs$l0?EzFr$U$eu z2j-9pzmmk_uOer_=9@Vu4dX<-&(KLq_F#(&HzWFYqKWV+ztU_kzRqYNhY-M%UCNE= zvT&5?oov8z;m3@2&M zeE4EQ(~3u{FhY59EaNH0Yx(mz6Y+~FQ_t8fma&yt!}8~I2GJKd1h9;@SVqlGYW7G1 zE_^ld!Xw!xSvV+Z)tasNRqk^1EP-OcI*P> z{9&FDOuY#Di`OI}8Mt6*8f29dW;Edqjj)d!Hcx;=m+*Bgp2;&9*h4u+n{2NpJR?`V zLdJwCO-vcA+1`SLcD#hGSzl|sfk#L4%O|$IRntyd%x!GPek(98h>@@8wqx=3Oiv1( z+A|5SaC;`Vx|nTLx6{TGqnld^od)*aIuOmy#gl~wyD@GYzN$oakBi|C#3!qj8l1Cz z$<`ee?vvz9D2*jzxmy~`Xa%xxT4A|PQTN!>ITCylp-`@Fv0Sa>Y{;I@IR`(HN+_2t zmP;e&!-zRwlY=9ZT^deN*FUnE?9u0CPAAOSZF8+@NsLrlLer}RbiFH0k%L*ID;%Q* z{9%PJW~3hYOhDp+Pm2^x9SwAo7^RyWcojzjxI<Hd($Lv7}YrN1Xgmr&O zClN=CK2#&WZzqO*`(hN2VmiK=8U9>Qpx4Ch|K4t6BtQZ@_GBb!HCm?E+UYbqsI-+}}sQ zm_GOm-!SuEY`0+&>TUQ9eZ0cYGwZ%QY{~%G+YNZ+|J5#!ct3p(@?C!23!K3If;%|w z^y4yJ$_;t0V81cQq(qCYkCbKUkd(C?~-z)b&AGMcdd!-XLtQ@>Y$UQo5 z5Gq+l(sn6qCt#+Qkg_4RVb)p-Op%^U5{=*HIgh!~=8-+hyP!j*4_ysdo!?qW`bV@~l@34p2ilz%6ay0KfKbfm~M#9O&;W1p4D} zfYS-&Z~k9p@zwovU%*^uXYh8+wclQLs*AW}x()|;XBK2V6~hBOV88T%$Mxl z&kl2#t6`*$j%2%(YJ06f=(L(ALmt{yRzw$WxPoa;3i`#sn~^Q2MPoMFm+1!l+sj@K zK=*zx8+*|JI$}ub*z5sx#DHVa1EgQZzyj4$$}#Tt8tzDG>`km)2`K-pA18Qda~nIC4$H{nM?;VX7AobyaqK?L7Z;z>eYP!bC}{ ziJU109rUf-9-b6QRvp?dAJS)EGu zm{rocDf~Za{RsY_Yn{mdbFCNnf06ES@uW`?Kb#7i*Iv&^xALuP$8W9y+ugZ;;P(Mv zxT+&&*MMDafqqy2W^oJOy5YI_)*<*+;1rq=JNAF`a>oDWUZ3NIuk+I+_dPxsvUo+rqKlT*_v_N;7H;ilH{kUxT285A@ z?SHbQEGvb9I6N-^>oAK=bujhnNJ5=w^7wk1$`0yht7P>TrLR2(UVo=xY?z zuD*SOtUkGtIjdpxXSdqNsa|WvOBn9}ydm(y8SXNerk&m&A~vax$csE`F%&y#LomLn zL7Om!_v+B}BO0r06=Js6XDal=A+AZVmo*BE`ZszZ;OXW>-0U= zRk&Szh;VVHOF6FFzQFxe7LKFcWCc^{Oiq^yYdj8=34GO=V!9x9FNP13*xf9tQii0A zhrdhHC57si)dhKo!FO(W9!554+rG)x_}j&l??h`xu+OhXsEp+HuZZ{+X8OA1Ek=1ZKYILE&6XmD@WB) zZIv{P34sUTd8q@Jmk#Z>I}e{=do(H=xnf8?@M$B?SkF6wYyu{1xqS@ zrZcb;9)0B$o%Qg@>Q=sj_pDC;UP#>qsnyP)WMP>t_U0PVklE~1zOq*zFe5!vPI$xa z+b`IK1}EOVIW5XK3}Wuz%25%6rB*~FbmBq$E=wdUHea=+1Auh*I1m&j6gs>0I5F%; zC{)S}3lKF17q3g<5vl)0hmcx5_UVvzVdFD=WApdp`V?it(>P;TKU1i38U}Z7tPUl~ zqt}oTsXq}a7(Fge^nJ|WsB=J&R8w~loHj-0lr*##Md$4nJh~6+d4dB&ub4=7vKj*b zMI1uc6$J9a=$~@_y@Q-el{BDdb$DefEt&ZI^E=2-xo?1^ zx^WJMk)bgF>v)=mL5cj_!F@ivpGx|MZjRns5xt)>+!rw{U2^wb$uNAf%*4;8%z}Te zpXMys1&h$ku1URVq-(Sz99UXJBoG4nVX+Id9eAZ0%V9R=FjEeR7}f@pArb+L#QP4L zh-TpNi;%}ZLp=W1?`TgB@;h27c)=$F5RP?h{e9>r*Mf$bSf?C3Yu$Yqa(*wQe2eXo z=pwkrEW>Z7I@w`YXJa^qB5pNw9iEULK(ir=J7~*27n%EZqiL`k&XCG>j09u40mC&M zcPj_s;Emp8RZyao-wZ3aNPN83sZMp|YtF!4_)!-eIp1D58@koVV--B0gZR&F7dYT1 z-`G^_;G(Hcbem56<6gYFKkGmy;z>I;L-EkEeURuD9lKcc?4a$vq5X(087z6JrJrI; zue=^xih%^kLibpi@&L@61?ZdtaH|hL#f)>@Y7v=EWimq)S=nYsE5IF^?V(_{NqrRG z^6fvNurDo|Cs~;f6cXv?+m_A}E4wmXfzmUj>YCt=I zeXqxPMxDsXhnP-8zdz_nHbtegJ5Y%1cqr=sc|#POl`cWP>ju4e|0M>!dMj;7i>J|+ z^dZ5emd=u+p3IL9H|pdTKE!l#D|LO`W8L)n+bQENeJHB0oo_{OS8DL|ZcKs4C7&#Q zU-_TmyDsDSu1%rmPMsoK*4_-?wMj3M@LlhV;k!QhU*NkwKY;o7Hk?cNuK9@Xt}JVZ z?`pq+;k&-T@Lf%wzV@=^$X~gv6DkrJJmkW(*f9Ic@nGS*A5SXx5iaZ4!eJPZ-nm=H z_Ck2p-B8mHA@NZL&pIXzJAKy=PQ->OO2Yt7FL7Yj6mi*o$)p>4VrxGGFsrQ21VPS| z#b~NI74?UXtXXc=Pukeneet^w>dLh;<9*Z?{ze;uqO0Pv2ib(~a;f8(L-7--vQ!g`yx|OC#xq!e zIT?P2GXF+;@Q}UMlEm7ltVZ@!R)Nx>nRd|qA)KXfc?vF$`D`>-b&Xpbv9Y{W;kSE6 zdjU3{o~|9OPa4jACAvQOaF&u1X90qcPVcIZ>>Sh%sq{{y8H_Ha$p0{M*KD9a_42D|6Qwz z6qK0RzY5DyEm`XbxV7Fcu934WzJr-5)necwd{#zCIu^-Sb3$6DyZej&*;uP@OJewB zvOZsH+mef%)X5xNw6rrk4AFmP(rKonHNdAMyw}VslhxPDbaR>C%x!_r*}fS}3+D90 z`_F)GB2yHrZ=Klya2{VJMysS3m+@-15fy|h%x$Oqc5|mwJ|UpNXEUev4TNKeP%&Rx+b(I@18`+TgPBK#S7`UY5Aw6lWBR$-)3pN zdb+uoxt6{HkaZx+by>xWi`DF6op%?>gQ1E?>gi!|k+0|6eWm?k!mip6-e0G)v?l z;m=ydvFh>rYX03ynXPY6*Y zZG-}PC`(7r?j1$X_GZT+Xa9`kqIIXX^slh zxx~LGOe5|ijaC^#>R%Bd^%Oak>OA^@&?%38V{!bUYLn18Q@($3R0zJ3Nh~bnJc=YM z&cp+2+P(q(OrgHZ7?mv$+VVdFS?`GdEp9WHsVry5bNR=jcC6xS)QS+RAaLd%!3J z+`$U9WD#ur8It&F_1rXVkDu}4@61X zNk+@JOTH79Io9$^hB+_0%yYS~@+Df6z0jJX3)$e6T{7HLM1FLULWGW+(^p)Ze8JF3 z2!1fh>^nGNW=gd;m9j=M*lR=RwV|Gr{N_kX%Uw@4$ZhzG)kyMnq&B zPk?rDLvq27XBo8>pWd%q5b5^YH*{jZ{o4I)@X0QiS+}Ht2a#Cv84DZm3NEEnu+HB& zgVuS&SuCnnp6`T)W~3f5)+>&QdLto}k)5b#e>_0hsI!a!Wm)&@$MHCPvVV1gPj=+K zXnX1G=n1fePm;mBj_hr@mgyRyV=dD^`WdxMPu$0a)^_r0AE8ry(@pn9^*!^fbt~+)-T$Uhq-hXa|8Z-n$pk#rkbF;Pv*U z7klykNx=zF+U3#y0gaU3%lpUUzR`~3>CQIJL>8#ch{SgT@SCmqRj?p_ZO?gEnZ13G z<^GcmIif#?U(pdMH$*SZctPRk4IM;LVJ}7~Hg@lqKF02Sv4D4Pczpj5@2zNj-zd8S~19gaqE@Ey^2!Ytb~p!Zd4y5#bqt%i2gHkbmF}mr_f7m|1R<@Q}Cyvs_16o}(;WA2Xh` zjcG*$-`P!4szdMHpGX2oe^d&p?>BN#=GrIFOsSL+9G4*6L^)8nB6{enwre4KTzsA(oXsVs1ev7GEG<7JX$}E0^%;Q-1$lyrP zUxkJ(WYS()yLEa`{5o}qDfdb6M!8Q3qfRsiV5^isQ1Gy%^PdHV zEy&oIAL1LcwwJLnFMC*Hxcvt4ixHi)#_MUrFS^9>i+h=G$cxoF-8wx)x67+J-Ch8{ znK(3&AqoD;e$U)P+VA&AY{vcmySZ)ld(nRd^JVI2&wqPvlz&{sBza~+w2AW%243XL zU^f-8-`|vk`bTFy`kH>xm$v>3?q^%S7>H1A!+tONnHRlr&mU(q?)iCh+uFA>3(ZdU zd||FZU%U{ zM$-A;;^hwOX`IJ1=ll=wa`)f!=Xkj<^gIn-?#;XU>Ug;~+GmLv&(LMh$ zUasw)PVjQiO<{LbA1wGk#>@SC4oH`dnl1^;jHa+|svNBOJ2 z{15SRU;fMgpX244{&E_;-0$xuyxa}K{|+zrxw|{Y%k2>Fe$)He9PfU{-EnyLufLzo z@$Tij-^UmDV?DmTypg29 zC+?!S0FAM@0H4ug+rqm#i3>0#W@#SSx#$L|{P-n{5>4~(R2uB-K799;hh_1tdRKLL zsOz@sCXACJG)U7MIPV)5sy?kY}hFJUs8lxyOo&P^_yMm){a-^BsquI0Bs`JPk z?edMozd-(8FO?sAaj9ThoC5FfgasNoLmI1H@||s>2yjHTv(&PlKF2A=6!0 z{bTH5rtetB{6VbLvj??8B~U8JcsY=_KrgifUs%OnIENRO4jImdXCvWR*ugw!;PJVJ z$2dX#@bMsgTpc!-KJ+c$NDcPOjZ&vw-%u*3RR(T~EUTls|T(=KJ3GyexzY7Elw`o;**_#{DGb4Eqa z0%RJ>L~E_10M0a8f~0MBX`j@M!y7HrO42?3kcig<>krdGd06wfk%D)yOQnbpz-|`w zbrmkDr&IBBwdmyJYe|@QX83D(Y3532elt%Jmu*X=W7y}b;tU;>8M`sQk{0QO`zbY` z&ZT|qDm*3nF$AHw#xiww>LNJ7Ey|FBrDnOXMO-$P0@+SX zmy~U!Q!ht269XPEtT17xtFUU$5qDvWTP$t~-y0XN9J(XZsc>eFto$tJe(F|!bLF;* zOYl|?<9Z5M9aXi{5?|HZLWkwAGnOx|Nl?%+!Y;0PsEfb5$)wcy_9u(4?qFtx%DBvS zJ-VY!HRvEW^ECarfv!c}yIsOD&pC3?GTNP6FQZx3p-?N`LF!{E25zR`Sl_%17uDA! zE<2GBU!S|v`kJ7=rf><~S}-sOmv1zbmn8asr_huFMasgP5TBMgrzcR+fc4BHuDHgf z)G>UiBv;|5p5d~ZC?IP`#Kq$>0=YkPE4LuIgA^A@va%>$CKt-<8~=p(G1!vm7f#{f zCrMmeWS&`FWfj*}A*wEH$~n+l(#(H%5}_%fX}#Mv%|Kt&zLB^T)x;at#WnHhOy0zL zbGs(Gm9V?;V^2R>s7DTk=v^(L;Y(w*3?<9TOe@9Oa|xqi8gft)y&V>26FSG2rO@j1 zrb0p^CcH#PsBUgGwTDZ+Y!*s)$z>0cA>DdG*CpRFlOs&3m+~C1V2%^gSb{)8e5tf_ zV1;Ia1H?e`UyJbb4+;y{A_l%E6a~%xZz24viBDX5+tFczBKkp|gtK^}R2era`)2S_ zc}HkBDq-gd9P-xoh1OD`+ldm6uH^+Dq5@ay1>U3=I4@eDizuPz=;9bH6i10cI05t^ z9sSZJoPsGAcpSFyaq_PD^V%LKZ0N`jL6zJo{ZYB>Mh5?69`WG;g;WFdm(xrJZg zjOD$6+0=H3{>d9uHgTkYZ@7e$vT_0sW*^D9-?K)5Fzr_Mb@X<)8M*x?j6W24VL~u9 zSJJ8(S35Q@7x%xn`6%?drS1M_XU@hmNU<=Ez%FtS>;l@r@tLFkuyWyXSu8#t$+RnV z;gK3!YM60OH}s9QZ^~rM{uor{Dy;M5B51Xmc>FyasN

WAi7FyP#H@rB zg`ff`avpfX46g}jn;#rOw(Eobx6Rsm7^*O3W#Qlcmkj7m1NJNQzPoR3@%g{Bk5A6{p8cHjoO{oCZcgtjVyg81Pq1$3 zYIr=ZWsE8}r^l{{^7yL?d3jE+f#NVpS?0ssw5~94xX=Wvswp077Sz^C%8F32EQ@1@EhT~dOjLni*5 zPbMChl!0;rD{oF$ukh0Q*|DGPpOBgGb4A+da-?ZlS_()@#|1rmx?lV{N+DOmd{!C> zv-y5>qWapy2nzNFcFJ&QfU{*hzJ1nkjdZb0U47f<87D>)N>yafS5QUSv!&H>(WUo_ z7edv0y^vOsH)9n{M4029+b3KBd3TPi&gpTo%xW~x_lpOMtE}v;pf6+4_fUErl2Dog zuP-urVd#yc;FU}bKZ>umfKDh#3JF$L-rOcpE-cTyO~IU+nO4Nh=~^OXj-qQ+%1Cwb z^+j@Rh*B;szQ4P8($I%qMRqN0MYB3LZ{Iej$AU;?xS6WD-TIOg@_u(N$oNXHPT(0LurC3TSn6Ip7t<1Z35nc7`k*^4n72G>0mq;ju zR;jAYCUof1a9P>`NkRGn(6o9C69z?Vq~VkbR@;6dpayi`6CArhV85ckQ50_5#;${F zFP=klKF>bKx%o?etCr2W=QzKUiP7^mshY6_9)jB4d4yE1tl+Fg%Z^Z0bMuL`^0rzm zQLtu2%5!?!!j^Q}#9P5k#sQqpi%$966}NoMy5(#qr#Y2}T9pj`I& zhKil#d%b5B&n~A&By6ml?}wBv==KJELM>|ubbgOPu&BcB$*zpE4)&Qv_j95Aq2=WL zRxY?;_wB;VxmH*H5vz0)oFAT#<*Z-G9Fqk(caA}ajX0|%pv~nyia_cpTJbuUSn^u% z9#|=5)lYse;aTK32Z2s0mjS5q$u(JIL84b^QBIH6A(c4-#Zzuh_ad2sdA`$QSX_QS zXH|4rPLKXFbYZ#2-aPV-7UK2|lId=)(Q#I4%AOo4nHoCPD?t`(OLC`rj9=+}KmN1o ztHVojdTd5Ee0sbn&*|Zj&+DJlZKk5i%8Ex?@>arrznf#i0J-dCmazEV+z@F&jvy;o zRgfh(lhY$EcJk>vWoQP9kItL*EX76VU}f88xHXS&+s4`{U{soP2_*}zN&5=+2|ae9 zBXeo1Kt@slHQf4 zuF2`%4fM7i0kQK76Va!^dwhyEgJ~Np$m@A>SwVWgvN`J$4~C;daxWjwF6OK#yD5`X z#gC$kVB;4PrMrK*I;WebTB?Z6`sdm0(IM#D4P`lk-~!SX#-u{XoRW%DEtHmDuL`NT zUJ+E2(``#EZ<^xfqL7z4-P7}WI(FytL`N;#h!iB(bB0LfzK|!{<9^2elL4Yr&D>9N zr;9r$Onu9n>VIo)0kZ%5q+CwrUypcW<-nWZ@z4v}x7$udEP34@&9dERgu^ClEhU6m zCKpEQ}OI}^7M#ilp zD3wNm%qe&K-bE=c%IWSbL=R7xosAY9Hx^jMa{0EaG*a}0@);<1Fz2Wh+T85FVFt?I zkdN+;sHAx-q>(~ofImc{t-A4{lC$FFodB7p=(`9p6($wJVx$4pSMab1S#^PR7rLV# zmHS|-CU#zOA_p{w#gJ9EQ&6m1VN$s)N}78$sj``awY6iL788cdIGP|sACyB+1I0pg zb-vqjEvV}Y1U(XD5-aeA4)I~Xh zi4m1g_Lq~rH&lSG+x4Lo+3$Fn-96TxB&Qr17vSULo+y$YsLcMXB71Y`e15zy%z#}l zFyHwQ{8fCtM;WheJ91MstfJ)O)07yt)7e8|fAs7|dS3SZD$W*d31@XRd1Zv|!F6;l z{q}K89XpZrs5%^lE{JD*PAstfK!R&ajQY6`gR zvme4#j_!RY&Z5GpCFomz$lyk)#~)9^U4FgyMn^u8ls%~`)e->iji{Pjt1vKPL3vgBpJ zhY43j-ysEgzIZgUOI6NGuDj* z1V}d~JCj32amb8d3CZ1{e3qIZmxdIO+4;d#SyqeKYYETpbqId?@QtK^Yn9r(ip;)N zapxE;x*;%eJjmx`}EX@1JY^>Gu=fjxQQ`M2lp+>d7+Q z+&!Z0gPO;GUdAVFtVr7@e^zIGr4}w!Mx$iTM??!l@~=id%LB& zOxTsgD@r?;H|b)=WJ+C>c446``03-Ho|61kT7?)I*#e%9l{wqXT z{&2fXu*y}aRmdQ{yv#G2!pm_*oESyX_%*3nVi*9QsAN_5GzFyf`ba2#L`2o&UaDg9 z(QmNCJ-fV>D!aTz2hoM9qQ{+Or4Nr6yT42QvB;h;3TVx>vYXw>eR={J35#W9(Zkl& zT+z5yZ^*|bv6lSiR*zDmm0`+Is&ofZ5)~5N5lCIBDnF#4LX^?EJ;fwnk}cm8B1V1r5IRvU53)dLbn9DEXf=68|I4i0i{uWVlx1x+p z8>i7dSQ8!wQuE-HT&}E1S`}7fN!oHbYu+Y>RB={@%F4D&i!w{Xb@zjxuLJclX=?Gk zHX-Fnz6)hhln@%4s>;j^rJ^Y+3^lFp!IvSxi_^0TZj8!9@85!IGAyWwifii%I6qc$ zzJ(P|8Cks(meduI8gbc=}*R0pGDjvxz&>X27b79wh}URVC!D!CexsSyz$|W>j-l zhCfU2mcfSi-eE;GnQ~J_fiTBD^cIK8DsNrR=k|K&RYvl6pbvkmOCF99q9g*}YiY5W1$kWZ;fSK^^I}_CTJn(H5MEmwj-@Tnl4HH`m0JgN%TJ`V z%qXrA$x>%llX32^Z!fG8iFQ`r{Io(ecT>5OXi7|(4QpP6yx;ugZQs({6Q185S9sgA zv<=x3LhLfKOMWZnoPTrMwTMf0-&%INPyX$mh2Gk0JDzcN)!gpz^rw8zih|oM^KLuj zf#yEhm3TfrJ)^Wc+ErCgRrKKLy5?&x4;`Tbc^6}0$_2-t^| zk+*(dLRH=y6MH$S3b1!~$rRR71xGzoS{jOL3c}p zdG|9Z73!F9N?mnJ9a4U`YXN!xwX|}^#spdZ-8Df<1@j0{hEJj2eGK}`%iDXzlw24d z4a%a}B?x^N^4^IGlDkG(elH1TfD(_5cl%2<%2)TIl({$lDdRQc-5e50q3`>sg?U~R zZcoyLmft9nL|3G)F0~%c^>LltDuJxvS#`NTO9{$+)m?27XA_K<6;=0Ig{aVp=zDe& zbh!-5DU}r6ouNZoeUdCh5u1KVT6y;{4AMK=5^Fwx`a_W~n!^-f@`AgsH5AO0RX5I1 zxi@!)iVJSsLK~>c8|R*qcXvO(`#P7rZ!ed+gexTlcZO220b{$8=n|!m>7?X(l+ zv~K4J){f zi>Fi~S=c4FC6@biUL1EqVJF*z#Q4@`k+EP7Slm z6tg^I5 zw=-bLghBKy!6*05m`WRKYkOD6W^L~Bx_B;DD7tvQ{{0Q~>g_^Z#^@SY2h;_L)55ii z{2NotdCj>tYolO4r>26Xn&@z<^7?a4VZsrGLivWgeYWbxuVDq`mET>8QcEexs~g+U zk|>c?rQMLA&7HFBb}ZV4<=xl@>&3IH8Xal9QZ0j#AS}IeLXn@eOCqhhwkBTGN>S#xyv%mxmfV0taqq%Q(!VU`^6zXyA52sf z-0mPNyR)Ip`$3wtbkguElS(Y@NiKKY5*X@aW`qkR*OaFRRo|8=pQQ<8FK-=_s^wIa zOq!RmUm}kVQNqqgp^OTJox-if#Wx(DX6}`SqA4MMV?KGk5Lz^IpN_nCG*YInzIGy( zYnkb!k;)6Mt_AHZ0Fyv$zyC^LnI+Gkmq4n7B}uEP~s^GFReWMO7@0eSm&kgWRJpmHA1D&A(XxHR*)GCW9HdHd2c zOHrY9W^xsmjJxwDjSD-g*fu0-#kVARJR2TqV+l1B1=!wt`Z7*bb2AaPKhs~`UR5<{ zYK%u{vxAlXFWcE1e~~1p2ylq=D)YYxdag&A_fW@)KgP`}@qaMzTyf_0B1`{#8wkBU zxzPV_ew^R4%s-#{pZz1>KkH;03DAYZ<34OWSm52BK+QY{Jbv~gmJ~o%wfeD<Z{8>7}>)DRD70{&z5F@~^)PqO=mRq%2eQ933XfT&jJRHbbfkt4#TkQWcNSNNg6H zo>|mVG|#CS$?Hb)d7Ya14H8XAAm74{cdoQ7ZGWs2$tA5Ud6p!J)|82dJZ;@mM4u(_ z-)2-qJK_gb_(PFmr2t!>=PvZ;=7aivohy8HfFl5wv1Cb!5hJ>K!zt)PON z0l8Ps>il*mOsi&={##bLoYh)!n6&z4g-RxQc4K)Zm%KH%DZeSKh~Hj5b!GgV zGOp9L?+ej)pF?XBuSSGwm3db?=97u*wB=VFpG|d(UtfH4bRl`U6;*jt6Ra)HNG;&; ztumgxM2~oM*9e%LmgwTvl#o{@Qm+z^=W@x6ExL@1*zr44w;{7=(IB(MX&00*(%&Yo zFN7jU-`=#NRMi<1o{_ia#!mc@G`GOsr9~&J7A<+!e9P`PS5))t+TQ8{O0x^Pvn#Al zI-ujMhAmG}`IRBD<7>$c!t} zm(1mnYt3}mY@YEvv}w<%(i_DQ5n5sSwY$uty_KqhRJW33O8PQwehCjo_zT?(pe zZbk=aLRs03{30@=Us<1w;dxwM8egu>&6uIf@Xt+Kt&)~-zLvWvgI&U49+XRAx);h6 zPcsO)RD&L=LW3!aQg^!`E<2gJxrj{fK)FO}6(Jg3+|v+BR+e@|3Yt{9Z+_~|JoM?N zH)Ps2F;$s%QYtUM-t4yaV4Ki-pDAwBBF|}2I)BK z6_kp(fLxTA6<%;ftHrG*QE-XHGaRUhV!*l zqLIP2GHq=MXN?l{EXA|yKcM3UspHT-NK=_`Q9*%%8!5|6_tlY?Q`Di#mucFClKdE1 zKA9e%OFR*p$N5@}&WTnhEtOCb$@5gFJg%kX&yZGO%38ThT9dM(nA_4OCYn-7)WRT2 z0d-)i5O*8~kU|OrHJv9>DJ#K)W%A;*S3z=ZLD~x$8|#U^;t?L1;&zT({m?%5kJcXJ-JRx*7dg&P3X!S>E`YtlDON8Qd_#W8S36uv|IF8 z^am-b_g11c`?`2SozZ8uViPXDwHj#U6Px^F4d;lez|z`&^2k{H{qJ;t zwCAQ^D5-?9^7L6Q==*&oS1ZFot-akW?7$t2Dy=!@%8{R@LMWvrE@6-nB!*Q!s7KHI3KT%@|VIpGBtWF=eBSAR&W zBT)rEDwLJ6;@YqHTtp_*PjXf>Z}P2<8GN><@AA_><2U@f>OR{;u8S(z7@~}HVNQw| zey)doCL>mcC}f)Q>v>hAE!zF6LJQ*E3gUZ3D66iugVCf8lWJggxb9TRZFa3I`u2lM zAvW4A*QIoVHEnGO`tsDP%VqhT)e5PEDoI&b#G7arzdrZsVX>wtc~Gop$HZ3EwpO+z z*}56m{<@n+sZtbN^-v=NKUX)06kR@1e$Aou@=3X{_BlypgxUq2g1bJTkh4lIt-kt$ zQ2hG32UQxM9cxK?-%pzRGBqqb|N1}|81NEgI=JFGx5|-6io9&wk}h1*UR3Cnnf#+R ztRUrbb>guq9@mApQd=3nyqvR6EQ8)nZCjAKF}4{8mUOb2x7_1#+=a5`;d$3`pI!BM zdUZv9YH(iaMTM{=HH^x=>;&U2s*Jp>j3ux9RC0w=Y{?_JiI$PdlB8YbiBn~zSKCM{ zuR0c`etz-W<)Lt74oW734RW$gF$_v^Xi+kHtrMk7z7rdFC$xyO3SGzY zkF~bsdVb^eW&BWdm^UR`Q=TjhFG}%$mQ+~T!qx>TwH@u7_x2p=-824Wq*BP9PQ032 z&1=rPs#8N-iXyKRzD$i!JiS_2;Nz0;M=XrU@lz9eSEcT+xY{k>Corz?MXIVS>HAXh z%0_9~mAhf+e3Y~#>GL9z+^ErQkwCE+k&MzMJwq=M)Vky;1zd<-mKcrR_FZ|4jvHTH zt&xf~AY3W4VC%!RUss;kBRua)Avzu%OJ44-rexJg$7MowsBDS0{K~rAtFvOgr+R|I z{(|Q-E`bECR92FB24>-sD-$a$MO&R5cUJIuu2xo7sXDEs{3@@Cv%i9~ynHhyF5qm` z!WxI>7g(OITA>FQ1xc~7=xBLe5+$-Nfzl2B& zuIz~AtWj$ua#?Qbx)9~dl(7^#z=V!DU2Z28%Otuhf>=u{PphOLMTkmSd_@Wp8tavt z*zY81eVh?t&gzrf41}9pemdC;q&AjJ9&P$iwJOyKZO@atmD{vzPL4Z*cE{>!GQnQQ zwYc2OC6bcMrEe}iB#dL@_IPQObgH&WblF zSA+_xGG(6n9%il+!Pff!Fe|epky}ltLDf$ zjL;=53Zin8-iPQCmP(QRwXy^#ze1vt>5|r?m-x)oqbg2OqQ}z`;nSo*Xl}{Enxsdu z*63Ryo}4&ENfPlase`m8aYM1KjSU}mlHJI-=~~b>VfrkO%hp6|gJcSIandxEG?WT2 zOFB>vDd>XPcrb|eKMZY}ZqA;vHu_8Yy zL1)SBZ)*!1-T1cQRFM^F&9h2AwxnP^2noyv&6AIX=G!D619h{2Og^Sxv6By>r?kp2 zP)6crgfMeeI8_!`ASp|Z2`WlVij6z?JjuJLMSq)?A_>ph)|RyLIP78n^^zLWW@8k{ z5pz#;8@eW;23=&GP*c7(2+gKK#>og*j-MGO)1dbOoYgQ(I2I&rcF`r~!u}yIaVxs} zTAk1r#@L>doGmc=gM(#a7yQm6!BMSMMM}{(R1|sfEh2;kiIfu7o@nK>#9j*6YDuA* z1&N)Qi!5QtSkrMy?3o~BJ1l{Y^=K2nAT*XtY?YT7{><90M=L9jNeQG@A%k{;(eWxF zzLIBWpV&$X+lz{XA-Nvzac3BNCW`6=m00*T;VM;`7*>ER_O8@a#mD3&^kG^l-diG7 zNUIVq>PXI71*}{$SqN2~pbiVwC32tg?JZlnUrd++vZN!E`a@rL&5eJyP^rpK*Z_l4 zriqp-(Z!Nzp;GlM?r%md3U$GT%Vgppbbduc$%_+<3;5iAq9TtQUu((|K2eo}MrLW1 z7!TTOb)q+D&EW-cRbtqW#FYk78d+Z4(^xY8pYWH77Z$3D5(N3pY+Bm%B5g#uqKolA zM~6sZ!FN9wzu+ZjtxOG5WmHw-vRE>~tu)?AD+i5og|IL_Q5jUg*(odMtc4M&K`lGc zg*mE{m*{~{s7PWxhwm$me=iG1Uv(DNB(`Q|WQ{WHP5h2Ln=UpY9|!k7@$0Ke@|*Jb zd$LF=bg4`(43fP~>{01mV{D4MF~zq^!5l{ zKPrk_0Be$V$r7coD9*DS)@Uj}P66BO$t7`-pwBFU+Em3aDB`S8>3$A_HV>8Mu9d=| zQ=)e;hx0_L_&K>;ZhTy1QQSBstXdb5SsWF}h%zjUl1Y@p=Nn-o5&sjcPb(^6oX77A zLSGpcmaTyn`$ia{Dvw_m%d_UkD`A_cF4Tu?(Uh9OBdFuwcMny#-*BW6^ z$V!XF3Kti`_|L+E!{KtRtoVFe+h)z|?HwFiwrt(HO`CS@+PCl6u}c?$pnG>`=bkLMHi6kT>G&C$MJY1oGvZ}S($jIpEB}zg zHf-3mY0H+aTeolj_S;>%_U`@eyZ!qQ9s2(JAAUG;jXibh^yxEa&Yu1A z&-3U1`s?q%Q}E`zkc`b!-s$VL2cl`HiZDV09pjx7N}*wZ6P4|5Do-f036&9 z4g?(B76Jee0|^Ew01j>oa9e=e0^AS|*nvR61;D`#;XuH_4e3L|4g`|{-Y`9U~f2Lb^H zx3vHd0}iSH5QkuYa8ONvI9zZ6ak$_F0=EF%;1A(I9DdoPz;gf(1a9DfhcL*G5BUKHJcNN8 z`~eTdcE1DL2o`uGq7lgqaR;_{9N?c8z*~Sn{N#h14{m-72e#o*7ooVBpXEgVrrfE?LMftzpue+S?#fVTjDaPz^<2RFZk zBirz3SfIwYaO5%#0dA%-zzujH;4Of+0Do`;9`Xj>!jVguGyvD6Lab;b5l6CWF%ZH8 zK)@}4TMRU9Akzv%7~mWrUJKwY0OtTW2jDG$w;0I6(SMM?1LO~GAmETcxEZN%fczaG ze+S4P+(5t~e{eHdJHS5do+yTPD4LBeO2RAc+uoDdAO)|}G0dCY}z#$Jb{7EDRkT-;b z+XCF+4`C!~UdWpS;y~Uc5C`%mfjE#h33))c1B5$3xC4ZP8*o4n4sHwF|6GFYcrJ(S z5H5%92rgb1xXh>*Ksd?@+#GNNaoJ!r>oY3@w;Q;DfOCO!x$H86mI?@m_}#z_1RTP_ zjVBx~!45cPL@=X_9ROU^tU$mayf=jRW~vGt!oe+I*H++=KE&?^ZXn>0KDY%C9|$;v zL;P;w1_BP@;HDvYL;CvjY++V;u7xC+c2?lmnPOD?;@>f2`^#`$3$(ZqE0e=d;&T}9|Hs9GJ0 zHYUJaRBDPb)QrN|#@!^+$CoaSpcE3pAU79uheiY~&u|<{BbZXbjV*(Bl)T&ewuNa(R|kd}|w9yJq&y9a=cHY}L9=Tc>vI zJ9O;Sxr?A{x9&Zhd-m$xr*FUhF2Vr=UEKx^9x`;;@DU?NjUF@h6Op@zr^zq`@JfvV~#taD_5rkxH%6Mn)};Uh?_U zFTVV0+1JZgtXvhddd=E(>o;utX4B>^TeofBvGdzqyZ7wf_uc*j2M>LJ_=g{VI&$>b z@e@CvjQ!=*ufLuC{mj{OfBbp=!e19J{T&ydkeHO5a`{T?)oa(&(r;wkyp?(T&fRB) zQYB#8U4XA<$&?CW&RpW70Ca_2A(aaxl!hY4p|4|0^wDIB5J9*UiWY4YQv+2ID5!9$ zxr8;+@Cc=f0!UpJ@FPsBA!Z_r?gC^#BTS%{DkLa*oTdvJC<2vqkrp=S2Fapm=HnP7 z2JxYZ&d$F$9HCyEPP7B~>f6Drhfts8WS)FPo2OuEh;{NG;V!6_NV( z7E=l_G@C{oA&Wo7eJ$>SL-j3+^3wz5=&*BL--so(g@-Z-6iSUC zND84^wN%nb4fK5teSl8Uo9k}VvD3(~sSU_N~4W1Gu-4-MTjQUY^kGU3W+jGKuM6zVAC?A_gd;;smjGD7CLo@Q|>Q-sSXA? zq(m^0(a{MgBqbrD3?yQvR1iuK*_hMkIxT2RsE`yExrMPCim%nSqdy=R;SP8uzP%rZx)!(0s4JG=}UE@_0n zl(|hSkg-EjhT1}9kT)Zw-d=7)hPaM^2}Bl&#&wt!1~s%3;fFp(AZFam4*k4AO?eAPiNPGx!qBhclP}F?1|Mtu0nj zEBXhm_P}6KM{J0zn?aSNi_rlyjR8y$tWt*8tKCR}Ni)=|{(nhxrb-E26+x-h5uqwd zEfs+L$rO>4TqYTyRlqPsXHk|Qi8FyBNe!no|FI%!bP!FY`AE8^+LKZ5sPuyfnzDbb z16sL1h9UjT52$sRR2l)5iIj@uvLFa_6Dn09GfhWxZ7i50)oNH4AOfm8y3K>)G0PoP zkg-F9#x|5z4GN&fMWzT=x`_LSNf*O3rILv?E@CL{K*Q4ZC%hTBejb(>EZKmAEH$A@ z)DURKk-}P{CMK{w0R5t(khvLHa$w?<1Qoe9*!PT(DuWHuFpMft zYhW(auP2Z_v<3`NCUPK~Av*MEK7xRaz{o{i1a^%_elt~|cwohXprmRTJ1!yOaHCNM z-mY%L>v?~@dLX+`!8Gu5N5(C}+z)g8pTV3qdAhG}e|9vD6gaDG8fn`g5Xhl}(Hy2k zGqTBkh5q02Hx{S+2{D)$LJTE_5yOcQ#7JTkF`5`-k|%l~#bKU3^9W1A3U*=EgbiU! z*b&VLd!jkCP7A`3XbC&&)Pol~gZ?+w`u~f6dJ$ts2|+Zxe`|Q>R<{Z4H=tH#C%Jpp zDky{(S~4|CC95&(CwX=bTud0udur2pk8qcVsOz8v8&5FNdzK(lrj#=>J`y=6Or8(` z`Xal^YG8&6mZ@qL;09pYdb%Jp8LE}cZ;4Ee_YQ=S+OCR3QzIrdGjj?U*?i&#U@yy><#yLa`H~xMCp%Y=3=Y? ztC^h4#F+v^3Z;jRCPDYrsc&ZDLRY}%OrQic6xJ1VZc3sy7Z1sd08OoidAs{f5TNG( z2o0l)Q9c8}En(8rZ)niM#EdeWZhe0>p70r^Q40fFfnJ59p&BhURG320(4(Lu!v*Mx zgW6yd4@|;L`E_fTn39XNa@0v6pM;^()3}agK86`(ylD|Zk8N7SA#SebBO0jP4MZ@z zS74RhnRwKfic_W20lRKIUU>GrF^#n{1j55eoqg5$tpXStm zD22u#$`>Y)I<3-7>Si81;p(DP^Z@4Zg;D+MQmEe&`YvH6F=XbEozg&elp`(Jupb#s ziEVVI?F>4{pz(;>azH?k5l-IRg$#Sb zmH`?j9QN`8#xyLRrOYOxM>Miw_y`pCAu1~Rza*d^H}#YFShd+~4K{ryAT(qI#$yIU zq~cH|;VN{6|3O0tkx~i`!R{t%9||J@LQjba8SIKeK!#+B2ra}yixR92f(Q)5@M&zf zIS(AZSf3IsWvm26=p!==W;hk0k5T(9z&My`rzjO8X$1SI8q$Jf5Da^SGi^)2${L6y zFVKIA=R{)eT;W_$52SPP+{sL=Y%R0~5AE2;vZ#NUq!7X&9Ie3UyBTt+(RL07m)Yp} z@d>4lR)_@?222qk6RDcoVnbu;w`n0*g^JYs1RJc5=pn2i0zbQ&FvTQ0gP7>amA-ta z3MTn}BxYT5`YzQMiJjY77qgFMo2a(XXzCNlYHMP+HXAMFwFw(1$*8RQXVdz>DT|}U zp)eZJK|2r71A}GiQ2!`O;}wnWsc57>*}C5R`Aqh%N2(74&SkgHDE&qE$IdT%F7)2K z^!)Cx`o9>z`%sTp@-3%xD=qkK-hZ>|zCb3HO`f^v@ISMD_;Sp)>P?y*&1RkbMl~yK z{i3o@TQBeQL%`=}W`CA2;?BT*Ef-Yw?SATJa>c3zy`7@nua*yg^v9{k(cjoRja;za ze!qO|y3VKKqgvnVHPQ9r!vVi6UNCpT^eX4+Pq&|#emrQG&rDIPLh-^8SErwKIMH|T z-0Q!m7rM9jB_`m|wj$Ni7Ol!o_x(#Lo|k;A-%D2~O`EZE(>rfly?4<0yT8o6(L?^V zzuS_im>s=$`D_~X%byd&Iu!n$w5@CJ;Oo}+sV&F4zFY9~QXjWvCG+OZTUq|Ac2yCl zd(X#fI!KGZ9=o=C^3OXntCZo*M|f1PSng#jdE(Z=sS85~1l;d^r1{RngQlL4+m?D10DAMAW5o2dx z4PImKxx8IW*@oW_D7_PZT=~VN`RhmB*D7<=g7{SjyxNO?S{Oeg=y>L2%cxI=stS!_t)30 zFV6pkn~`_v!>5CuSoLlme0rj=-OQuc;+ku&c#jCQz4ho_=AReiqNm%qEoh%Y9J(8= z>M#1o`9R3^!(HCJF8cAC*WKJ6Ww+6eZXHH_xYF5gz=>(RlW)(Aaa*vu`v;%TUHzA5 z6JsyToV)+v2IW=ZjMeQQ$=YVWJnC^Lk^ZuGid)Ff>giK9oa!}4c4gMp3-b=sx`Qn$ z{@69jw)8HOe!0tA2Lcox3(YXUfsv&*ilI@b##qr4NptycPU?U>jc4j%BUX*SAHr zYTs2VIQcZ@?U|?=kATZJhJ5$V?w7RUgKNirp4q|u?u0Kp$GX@%6Z20m5?mlcyZw^$ z$IQJ$B|SR-Xodyp{4PZuW`>pQtZeLWw@!7L){(L6n4W=bCRwd7KIpu$7(}82V$Dijfv|6PoidZtytIz2(LTl}#?mgQj zo%%^}@{8;v6aH9GwlDa%(oKst9512U?vcr-NoMHw|C;b4XK1@VzSde%%h?CVj&#c3 zvn${e>31G;?&fa_yZgzj-B$Z<9jX~vSpIal%cS^u&J{6&EZ?5R5i3)QmW$_K@67om zEYv!+{QTHfPT!6`6tOUD<&dvJV{#8pHFmMTY0iwEwPc0!#je(m-?ZFv^W}hJOV#7uwp)y^>GpL& z!N|uC6NU|rJagqpR@I(yl-DtPGNbv}%U4R=J8OT~oi;pofc^7Phb}C0b3HxQY54kp z$^1XVr;yD&lz($=UT${$qkr_$Z+oatMbG$U?Js|IiQ4nTfxqp6W9<6V!cT5I?xJ#> z-eXai@M%_iztw3g4>*mVwWRGszUHqz2madd#l)hKB}+=)c3Sl)*wb2kD^Zd(-l=0b z|3PcFVWT{=+MG}5;W_D$Toye=dbs+YZ3Tj#t?4U z<-_+zIkgyV{bP^WrB63izJ2%N+x~x_->(?mx^skgUd*q`qUSdA?PE^&9s60wXI-M+ zT8^3g=VNJ~=AEAHzPonpGUqG7(-x=t3KyPs*mvH(b;{!Bx!e6mzyGn?#isL-$*(HM z^y@UVdCw8;7DOks;~(ih?W|+VSBig576*4pe7?i`ue=pkKL6?Fu&;jYO>eL$&vHxr z@iY0QRb6LEIlE4THvcibY}Aeck4}D3-go5y#hl(}yS9#?tomrjXO%d#K0pmTdcEb& zi&Syve+H8`#N_eKbJb@?d>`R!yMObGAyua{h{ zxY+JbS@(l}7e14^eHJP@{d?chcZ&AAzWSqUTszxR~FBDPNxi}N_+pK9=){eL90*a<(-ohwwmYQk<)Ul;B0Q0_wy6S z54WBof0Qxh+FOrmkIQE+EG+LdYKoNCHO+m0bm#k*C#{NEIDTTjU(nZMDh~zS7}s;- zoP#UYygz*Qa(rTs)?aPaT$9a#T`)>4@^}J@f z-Pr1rov4UUx^Jye4RZf-+r}3qfp;H`>L#B(?8(vvnzCz0Dp!dVZc*tgms$O^-|uz1 z>G#VEhkW~hI(|fUEWy$)`TYs*XOFMiE)y>C+P`wJcOoz3&WF_fo$WIpsUM}SneGt% zFfc^q8ImU*oRoZj_}E4JU-up(pu=B0>pHger(;fS>USXT>8q0~9)*53rs$RE>+KzT z`o0|8N4EWyptbv}+nh*YSoL3_#P_!s_2A!LSS=WI?)Ev)Uns&)_;N(&ao#0ZS<-A8s{T4>;EvOzsGJk;y^e?FPA;pFN<%bX2o z&fcwFvb1yh@shw{nY#}!PWR{=CK|H;AHkoisvexUH==C)WXDmj-lle%;S@g6HTZDP z-@eUzu6e5%>E<~n>(w*&(078xS0~rly!-a_Klgv0A@c6E!{_|Sk^a+HZ(JcbcP#9m zi92>?{1tL^`m8;z4~hF6yFTcVZug8&`~LLC+4Yl-Uslgw>e^>Br||WMhylI0b6a0n zme;>G&!=_#j&9*8`Jc3m_jw%C{Bl|98>{ABxb8nhj~BI7teIClHPG#5+}=Bz;{U3Y z3~Av$c=6}X3-o&8s;(x`*kujvW+a+hbI> zKQEQpfB)O6-ObKF-C(DB()-o-F5ZhBGd^rTw2?1|?zF6Js!*_|D zH;%1x7mv5m(8Ap(6v~mqKD@48@YwO_>#X8KzPb*(n}sPJIZXdNWmx}^@KLv=y|{%L zk1sdt^Wrc~T;JM!#2MSt=CXGOJ`dja#iMlF8(R(@p5OYxngJ~@^f)fh1ZKQF#J zD)O{&#IWeuEv|o?+jE(VtFZdWNsrJ`{T8NN_tiRfd?8#s%)@cvv#DFpJ-u+q(og(u zqLV{d`?sZ6Tin0sJSH_!mpi+ShgVEXM;k?n-Gjc*Pu!Ut@{1(!Xw1VkMSoxVCox|# zbJ<_t#l*d;c>Vd}1(Oz#3&ySZaPw4`;V-$d-ci@z54|@i%wxr(6P+toyDvKxIG-4O zY39MG97F~5c1+ZC2alFo1r_R4tLtk;Iud)#9_iL&%vka))ODAjvO z+lri+nz-Y$77#&SJRW#&|I-%Y=fk^i&r0wg+$JGmM%lFsPtN|e`Op{diz7SDPPfkI zDc4vmojAruHKNDTtxE${c`<)}H%ayTocQ+d|Ja|oczQtTnIGTtGnbCJpVa*1r1|B3 zonJqtetpnt)%T-YPL)5qd`FoySvMp7@4iEaT}jCr?6&8g<8txVZ{FI6U<;VGhC%QG+S{cHDk-?X^XTHXBbFFU&2{XB`d9M)mO zIq%Jfx?cKK@!Ri;p$i9`@R=E{*#6h8$ipdD5++E?UN`su;>pHwoov*1QYK~iKDscX zkKefS#|nGy_?eqG|5C-Bw}fo>cvQ_cPy`HJ>f|xlhj1AKT@8`1#cMy>GXbZcNH7ygqYO?>@nIUiTKZjNW1q zxOn;kZK;?2&Q}}eXXf1w=e0f`UcJVdIz(QqknmdXFHZb^=H}5Q?R$OO*J|Xkz2Tp9 zsOc*1{4RK3O}nbcJ$pYGq^g1((v+w#^UfX}H>OXb%>RkcvZpO24*b~f zd;Auj^}%J8EV!$cwavIar?cX`B{!bPXT@F-bj*5nX^v>)tPWpU+`4`t@At4T7k;1R zP0t?bWiw>#owVQoI-34mbz!CCZLDMP#_`J0e~a_?-r7HJKtPA6gxCo2Xw{h~)+xajOXST|zL!HLo7Q_rQk4M;uT<=~fBI_A8* zdHJuz78W-yA1^#KVfE(rdoE77eeKD^jNuP$?(|I@L52+7lCsqG&BiJHe$6>Id;hDE z7iv7|c6TcGc|YjYzuUKe_kI7g^`iG%nmf1NzL(lo@V0p0+4R|xqX{>Uo_CyY6@S)l zAumtrcgw-!2lAS|q9kY3qg`z-9o*$BDO&92wxi2|?5&wO{RSV*>|D8Mt-Hpi!-m0! zCkhr_O1|$FnYi)5kZj?A-FwF?ZJ%~}k=H!np>M&K`wu(chz?3uemOQR_*bVkyiWZ; zB;VS!a(B0PFK1SDujwA?_LJ+7quV%X*JlKMUGejoV(n+&4sD~juD-QqYtYUo8592e zy2EBa-&QkH7G1oY^3abqzkQKuabsKfXXc68EVy`Lc*V)_&ie$z&qt<@dzF0Xm#75`w1Ub1Tw8U2W8u0} zZ;mhd^7tFyxd}e)HmrNc$zPag@kUpCSN8h$=7Ue>{^a6p{mFr+`~){@^0_&=QR#Wv zn`S;$C5~LP@RJ^y{KKn+>)N&SQb&;8hFkxT;d-FYuD3$|TKVLXr(Jt{N43ltej_;G zlH9In@VP!e$7T5~O+9mGw&Ok{Qhf?U1=n^6jpUnuYJ!%z*&Pw&}BM4$2#wfKKLLUbw7l_`w1hNON zAfikWsSHEM&O)ViCjs%n9hrhD9J-Q-o}L^Pv+wWqrNOYSzdjPZWhYE2m;#Ee$}=Cu?1V!SC9qL`E?LS_Qg* zEu-Y^a5}?fhOtw+x9z!>#N1-EHg>(-?ra^zHE9h zyTSi%16?AN@@UsV1BaL%T4G+5YE;bmr4eqmKi!7we=-q*#DtgkM3)JQVC6`GySG2{ zCfU=&lTgVPDkPLtj-rU<(P|2PNlGr$3PGmzN!9}+Uj)`?R6hdvq6j9381*mrr}?|r zKhTIg6-t3Z|D)DNqW>XQN`r&-jtKpaMRmd9=umHCFLMp@W!{kDLy>i_5%uScS$~7* z^^z(5POu^M*+}`oD(K`4p!!@PC+&8mA-rAEvX`q`w?=czw^s zdKTu(^6}pAJ32d^?+_Q+pq+v&Yb0i`e?)yv6lz#hwf1 z;POsuBz%;H4L{f#pC@i_93Iw4_?L}@dquM05#w3^2w&rHX*3(|Co>X+FF^4i`i;kUtI=smzC;Sw7J0K1}}?*GM?CII>5|@D+}FKKN1r zx>EpygFQEj4yx8gWPh@UQ>U9Ac`#VF>g}dIy?g@E=wePF8lFF7lm!$z&D+m+HghT` znmwf}Gdyi;a9PTrG<7Z@nC;SFPlQYz-C4Fs806!G~mW;!4|DMc?0bFxONzYZb| zWF9QIjFqCZG%jw!fiC(-75IEmU7}DfS#Wf18`Yg{GioHGfiT&7Ca72b`ZG#~G3%dA zMTOJ@%qD5BR{lQj0*MTn>?b@3FT$G`ht6?^np{>k9Nvtl;m9_Lk0xIeFEkDNpfOZ? z4a;P-{>!0=B;a2RLKNL_xERQRX%Lfg6UGo5?_Z1_2JrDA6xNinf(!i7QNqOe`1rud zu)SJ025?dF)<7Z)4wgw>LZxzfIHhn2Q7N?%F8WgIr$v*pj7O0K-Z+u~pKC)|pvdN? zv+>@u0>@9AGTo1z&Gb>t_m`KCOZ{-z6lkS&L4t^n1%}ifE;R(y_X|On^_ZIiI0+cC zT7?YVSVh}A*xE=!1>s7GR<2do#Xy5vPN_nq#1!@vIv&XSE7PVb1T$`Hk06@wGZc-T z=o`8Ni;GQo)@{;|$b@2%YoeIoM2xi})>9D7R?(!LYQ4>3Lea2oL@aRBi47EyQin2k zFJOy^Zkvo01e-Y#k76}Nbn4a5tnlDi9~U1S$((?=4t2q|Jk8$MN^Sn|`>vr0gOgH% z)-QY9@n#>+Wd6F4>l%*jrJqK%+}myHr~K$|26MB@ceFd5Hqx`hzP0uMEihdea8fHt+JzH&guC#1;*t^fx9{4f#K#vwnCw6%{p?C1q zlKeSi5{RXL91{P{+x5_AXvgW9dt_}sIr^c;jldPsdEFl$KDo1FP}K~Lr`$8k?z5A@}xL@qLNa_nXcn&#O@S zPD_2#@7l{9v)Ve1*fC-0^BoHdTHosFwCgR;p|$Fp&(-duUksS5dD+?vly7Y5u`? z^?Wqvea;7mZze9kDLB@ZZ_!>g+VRNhr}x$@+T(EX{G6V<6MH!=tj-Fn{7!{X-c{%z-!gPRk-?>_2K%+xv0 zO1n^fBGPm3{qjeLtjMkrJ{>bGxAeMm>a%0pet*7euhsb3HxBt9A*Av8bKhSv?X|1-Y+e>lE4E4L0!eEa*Yr4c>jZ$JKR zLCt)j?R6^Vv$akS$37~) zvA0#JSGxRs`t1uH9(~nn{L|~s69);VPVIN^7Z2qh)fU4x-1>X=imMhW6StOBxIJ%u zQ`L#AUVblKq50?Ko%s<1#_h6Oe&(pib+c{9{j;B?es$?`VO95IOTHX>ea)rjoxIP{ zvp!3nc-!i?e(nLsuWt(f@^2sA{Z`lK-)g>WSk94eTbEVt&FgJ>=+63c$qyrI{Em-V z*X8eu;&#`6J>2rn+=nw#ON5m>-G+Zvcuz5!8_FHKDfkng1!azZyUelGXzo7U{-$&I zr53X_hqo#n|0&2H9<}uBF}Lgu_b(-7sQ+|5KkACx*^S?25}GbY{$BTfe5rHf%WYvl z^avh#LcH&@{F>0g-GA5gdy%@h`=&P6^1hS0bF&4iJfnJ zA39|7xa#872eyi=J=gnml;2ykhY;Q=8{RLqU9+Fwa}?uu%*r1>BdX~5{(*kEku$bu zU+FTVaM_=VMGI1wW$h}>%+|}j+4*6xUP=4^>HP5X@zBQG$JPAY$_D*EyM90Q|N3L) zH`2vjo2H33MFsz;?(N!;a_!o%-tAgX>vpZDbE7zQHWi4E*;GKUKx)l=sHK{w7%5rf5wYbZ11Rz_eUj6_1*Ilk?01nW&@CfL69D?UHfGibzj&JCte!X0Swc*# zGpxXFI886RHELZ!(3{Cxzfteg1c1TSYNAd@iKDT5JoXge%a{fmDe$K&*2e?qS)t{3owsZY-~@$a&^<< z>oGl6*S#+g8N@%e?7ev)RPW#a&n)(R--i;(p6q*+%GNGRBx;fvOLFXHh{{?DWi74m zLQ)|IGbKwSw5l+UtR?1H$L@Pg_vgO9pU?OH_xI=TpEJj`oojzRUeD{8`4+nz?40fs zqjWl=KYZmV*Ywbx_YXGQ#fK*JKZPLE`-^VsI4(B%a;uCYjuxO{E*p0>6c%m_zl+A3Obzd zc8SGhDYY6ZJPF2i7BaT0yC0r>q^0V`7jXUdG|Z*tuFrg?;_=jpWO-WQWpavA$mbtb z`WNNh!wm8>@>??(LyO7AulES1U%$NozUBSg1uW^boc_H3lVts3=f^B9H#c(QzWtZ? zY&H0Ym*!=9s`B`&vXZF|ZJTmifim}--2-27K6!iG)Ux+(D&)I*`Dz^Yj8*7XmE2v) z&m!-BNZQu$JxOoxQ(0X*qKKbe+QS#=G*vsqZF)IxGUs_%hStu`a~@yPZB>H$`;JGx zX`H&zx|Opx7!v?xAKs)7c6dh=Ont+j|ijHi^sK^B@85U-|k_=ZQXqKEj1ea7RK z^VMn+8oMIyKke9(`c>Dtfx}&OLRhTxWqk_YqacgTu4^B--~0}c+;e)q>qT_hjct-= zB@btBy|-^>Z^>?{f6T;*e=Nfq)_CozPH2yRaoK)0DBDcVUcGO;v+;6JE!SO{!vg2? zyHGskL5WSt0}ln2kkF&t{OQi`Zm&)|pN{+e@$JD-J2h;+MAaAT@K)Dp?9T2JZ|FR-^0?U22H#zf~#=pK%%hPwXs!vmX>Jq*t`H*J-8RcT3t)Y%u%)>+*e7Ek|kSMCT)^DFb$PM);OHoP8S zb<_`EsjVFR;uS|1xpUuEsnV<9XIAv`k7wT&ZW%r0w`=9t=Mx4q=a6bw z$IjUJ@)~ZOt-qO3wPbq~``Pmf?SXH|jhn2KXZ+N!{_}R5?4fqEE)Q|F)AmU>6Q>=U zLphbJUp&qmtfTMVB%|fKhu3dNe`1T+)@m^(Q`{stmjJ$q*dLX>D64yNIZ$|cs{#CA z$u)m_or`Mv+Jya^K0nzUUV3eqnukgFJk3TjwWPzSX8MepT6%|u?EQN!z3DvNGE(&q z?{3{(ma)I+)Uka#^+qZzx7zBnJ=-X#FBM&BOOMI}z^bifRR&d9`ac`{?nN zDafPf;RJ!1FMmkwVWP(yhpmnq9IV7&>uSYTQ#lQ>4fEpszfWJ6k|O2Q)xCUi_MU+J z{zu|QUuOiW^S>C4b_9rH;L9S9%#MlQZd!eF?6+;pgKutQPA5OX{S8lJ) zu=~{e*q3Z~`D@F`&f8UQ`F8s~j+gB-)O*Ao@Zr(BS5Z6~T`%&Z{Z8_3?>j=2ilw-T zznlDJ{&t|garNsJarufoW9yuQcQ9YFjx^&B<1JzH}QK>7Cf|M96&+cBb=bhqQhuZtZxdUbQVHkXq7_IGpm zjQS)nIn?ePcsY8?=>d!X(Rt((F>dhKXnnt=i`!y*cbFe z<$RrITLiaRj`C4%1cX1*H)_cTuMo-g`-9(Q)yVm-Yjc7>j1qlSZbziMuAyCERs^}$ zxo;x9?6+?I9rY6tDGK^`gq^<1q)k3sAf6VhVq80wll$^V%0JpXjPp0k%{QeXJA5`n1JCXM4hpJU&$xpbem6Lva{^rB{P_h=!6Bw${G`BO$ z!+kO%uG@{6%vf!YND7bH?e^>}e*nWsv$0(2OvMJrecyD=Lo*_Vv*T`3ug{c3q%P+Z zd-s29acFRt&%S;j>&wRWM0dZOd56eya@+EKCwZCC(Q8w))>U!espmX2iwNb8{g$PS zY*##yD9VR)jqq&#@12t418I zXNv4f0&m!LaW!&}Z|!z3{ZQ`Slrny(^leetIEj2RG1+Feezg05^WB8RP0?fBw%D+7 zw952((8jB$xBJ7!Cv8UJ!1w>_rK&|&DO`0Jcr~z*+VQD4-Z_o+!nXcp$^}LKI6cfm zY0J1D$*_j$+@>al9|7B%vEG8Kzb(dR!6^vYbWRL8E3t<83%X7YF4Hf|3ar}2l66JCdnOOzVh*bSS`O?8Ej?d`IQVp756@_oPCdP6WxLR6vVX!miL*f=Po1><&V7I83Qe19#Nqsd zF!#N7NK-b^;o|M9=8NJn7074TmIXnb6OnwQH}kD&uvqvHoSP@9W3PCp;h=)Jx9z7n z{?dJ=+e*)t%7GeGCVFEVIHURJgvKqqxl0q~e1`OvIFx&aD{r)yP=|$Syx#ndsXrvr zyDGy?6vQq)9>e7gbGV=AGSVg!LOLzs z`o(F}7U^TY7Q#bOGF@*VrIuN}Vs2>1l-A9xIWei+j?`%0%q_E%A(ZDh3;KUmz%*^l z&w?Wt*=ttUT@WXHksb%eNOb-=10hcx*jDYhy=lf*jpCW2B^I#?^1>LDlM~ z|3CQu^FA?{=^{`2z1gE2?>Ni@p)U+-xB#vPk<(IcxBK7({ zyUI+*J!h%y!8qY?$BuHnF~82A{dx?+q5r&~7StG#Gxy81EqHeLeNYe{?LD{Smo2JS z)7-}wZZ)c9#WR$o_n(*j8}6m?&uM)^*L9mG^;3&gL`g|e#Qm8f%*#vrxrqNyGr*sT z>e~CQf1C*BPBZ(tkpJeA^4|={&WkcHo2LDH{bl~uC~EkBWpD^Fz0~U`wE3$2-_@ie zJzbn%4H>6LzWL7!)}jkDUnV$u0hg6jYdNaSsroZWkLiTgUSc&DzUB6f6>0g;%dIBp zj1nO=N>6M4QY-af7R0AD?_{F&MIiOjtwFEXmj`2$tN+(}<^Q*Z`af&;KUXVz+5WFB z2CUux++tFvsY_B8JF>DiA5#)2;Ar;a;n!?FWb=slT3hRhY-iO|Uy~kC2Z8^!aGfB=0cD-_XiV!4LIPQtSRT6H_EOx@>PLBc^-Guom0_r$ssk zeS|VARh$sq31w8Q;_dJXW-unc`boo zwY79mzc2IYuySyg=^5|;nz+Zpz|vUS|N0%Ky$a0gWJ&JOm=0UN&41U;>nmvxuqk4( z&!@chpDicmtEM88=2QBpbdabG-}e77@+- z#5LOq{tS&iX?6Xntw{yDaKYE1llt86af7w&HSw%@a{7r znFH*sim#_**jXJ+)a5%Sd18{opS3FNP)QCy3wD6lN`r;$fudcFadApzfjix8i0JA3ArgP9Kor{^OWR86Jdt?cpR z)pP`_LldkH9!)FpVBb^kLo#m&zNtIvA}}`lp|(cG;i*MFQZ`KzwL?EF*6dMPj0M9? zdLJS*kTU4iDE?;YD^IH|JJHkKkc)tC23jcb`c_x6=P^%%LcgFlAr&t`8Y7-o#lLB6 zpNOOUwmGC!>9TYF%n~JVVyv}5&aR+ILAWacSv%oX9 zBl84kSr+P|pKSTs{GP}HsLyN0twDtt`IPX@IDtDi&97l|^grh|*g#@ar3Tr7!N8Eqj(8-C}l&gGJocBEhvj zN!!@5x~>#%?|sTFnlJf=b*SDts?t0u=|mwC4`H1e#zDCsGN z{|Y`H_RATqzvHIUP)*Y5_sn-xe?xM+J#k{tW?^$8mUn?(?N_*^xr*u)-5v|R+w^`? zL6zU7y$O{c`+Fk&-T30fV*TAT=&NgSoBMfQ(2u=v65IM!OQ@Mu;gIDkbfGl7{DrT5 zVr9Zz&B0S`$!$VB2@yJ$l3RzY4@Q<25qLLv&zuqe=+5<=Yn-`Z>warzmCa;g3$_mX z-s_Nql+6PgQxN<|@}^QHq=#@usav8{9ARO`rS>a#BZe&jG9Mvj!E6a%l_|SY$Nw%lfh@h2 zi7pKb+8}q0OzK3Ju0R@gXRc5$s*tu~|M_%$?Z%vRtFijexvG_{=B(c8 zbD8w;x2naBO+U62Foi#@M+bdmNY!@DF-;XI8Li^~Wcgb16uJ}@#eP*x?GJqFsePn< z>yrN{{ki>QC}HRQqk*&}(+1T~_GR_y{2x*o?i;_v;W?}E2j{DH|6@an|AI4%mbm2P zSo$2J5w$01X`280+uC(mm2*qrCm>H5w0A&)1L z^Dg)HergNoPUu+qlhDoYDpW@;xAbgM(IS{!8sT<}II(mlmtW`Sa%+{vm>8W~iMT{L zV^n-5Dm8it{~rMK z#-8;tNnaBTMrEh9n5Pf6Zq(0izPZ}QH5>TQ(s}k%&4V{sqhdRcwT0&=e6C^LS0`5G zep`Q9<;ht!Q8l;PV7?Q6p}s`;QT=G?SFeG&M&49mq2nysL%sUdoxuawX6Ak@-Eub@ zH#0W4_+#K`wFz0%*s8?xi_G#z)!mUvtbuKnF-NV>#xjwR}!2NgX=eqhk2^PQm(s`W9!y_Fw za9`?TN)rx81QX}FUYW5t=DNsck*;%Hzsw?a?^{I#OV4$^H>=71)nsN|=5hUVoh*Mg z$)KZ>9&MSJ@CmX!ce#H#eCK49JmIOzE8m(e7g)4l%|9332Cu!c!qk^n^{(BoQqt$F z52}jUcER{lZy+r=rs4RxKVJ#L*9M-fRPZjRy$U$jx<)T(xiISYv|jT$`j-UH`1h*T?v>j{H$d?7#WVQmmeElC`zLJ?f8Axph-ST0|CY zD)XDARDG&1OFepRDYq(aJ?h(J1sK$K`iElC1dS8#}6V znNgsBS^Uo1p0fP%Teiob+G_#$QMI~fI=F4A!N=382B$m{5)uZ?Qd^TXxONqf|FVA4 z**<>LfJ-*D{*~-=jg>VVzU&$Q&bxf)lN=vmEYI(ooV@*`Ej@tqMG9Y*-qua8LP`6d zYZR}?M^uE0udYsb73T;jSmpFtPIwJHSmgd(_nQkdsDBgu{O|5Qda5tOVD($~uOS($ zw?l_g%9Q->430akeGrb^Xs_rH?$XF{zclvzdpzf%Z=Wq>Q#@|$J&&1q|MH%d?3rB+ z>N}JVsj=Faw8cPoqAOg9(4+`owr}#lWQr?{tz*+d^upJ#`zp~?d-PC<0)9& z+5F0%WR6Tn3~a;N2Zv|**JEMXr)23X!Q*oa4htPlnE zeEdYifx4?T53e)x0@>FD|R96!PFaPa+& z8X^61^5X6&8G(HUOELnT(NSOQTmo?q2%B`4RZd>_TkB2hXG_TP+Qavg%R@hCrMk|oFX9J&j9yra57DFM zzf6ly=pDMSc0vEGZ0@0^$_N9RcHmvY+=_cvZ_6aR1m@bGm!UC6DW9xSx4sJNPOGmv zzWJ5#@umUmuR3Arz2Wuii>t@t2lF>#>(`;BWAU2$Q`h!d>q$phZSVX#KGJqKK4b9f z$-YB5VMZyvsi7oidi$w~Z~NErOe6MZxn9K=OFu8a$&YeF%Q8r< z^O-y&8RI@&&$0UFZ)-!VMNyl2+3Umy1&ugw!5IMOFV25Jj4MvO&< zQf~f~YiEu}SP0+xsqlM@c*#5^^xcZud>}4TVaSMK?4Bh@Gxd3YPrP#MV}dvR-UpK9 z#iW6W=U&nJs1nr^yT$v|+WLTtQSG0K9xEjh_A}A2xu0u?Fu-YhWGr+t!8>J_O<13| z#U7^lV!!yvJfRnr>CWYP{Y>Dam*4$A);5hX0;{uvuRn5{%PzW?T9lspRd>Eb{twA= z`s4dUeHkfl)(32u&hKgrH|G`S9u1LZjzVmW=9yjfgCz6-mZ242;+dc9AD(0(lZsldp&+C}EpZ2Ft*qv4N zv+s42x_j-;c+$mj<*@9dYCSyHuUu_=l6QS=pY0@ZGukWmWe=wrZ)(#&zGCV-T>|!h zYyGKAf1Z609I|c3_ggp!<+sPG+F5cm1l{=O%M7PYKaZcl%1(L-%}ELIX0GWHJVj*o ze46trbxq9WT;n)TxTIg5`A&sD(`a#gcPT>*oNwPek}gnx@z6=k#^K%jj?ltRNst9@ zKC*kH7cd#9g42U0_sPUozHS>B|MFx9czy7O%#v@x`Q7o0K|54(==W5v4+iS2#hi7G z96gfbp`E=)vJJUseF*DC-7yGI;TI)2#rL*&A*P=FgT#r)Ntp`IOncO^-QoH8&vmAA>5z1?>s&Vet@I|_EP5ux1hUojqJe@kho}b!)BLFKY7*Zr_wwBuC`qY1po8JHwoL@#$nd! z*v$N>mEQWi>Q`*et;bX3 zw!c~s<+sDbWtx(jdR}8ek>g|X#+jW3-Luk^y_`Qi+u_?= z_4NK!>@n%2@H3PZ?ZB?f5&DqN9Tw|#*DHIqbq3eKKL07{an$te>XbcU;CAA?1B-8~ z!Mf)MrRMYvqvsFwhnf^icn#(q#%7W_771WGR!*I_zA|y@hfwR&rT}w=)=9q~LOJTt z?FpM^sqvmXo7ve7VZ)32ZkNxH&y;%FtioQ)ADYfJNks{!zDRv4v8U2JWS6^+rTEq= zi#!+XviLabV74PtN$>b1#d8QdiC@O-nckka5Ou?mfcHN3=HpwrvT&Ht0NzzLj+!&n zOm%P-+P=JAw5~8lGKrma%&ksM{aqZS{aD}1;cRq?+Jn&{mR;x1IYpQJrmk6Op@I3j z(51PNtc0N0fmCfDL^ZO@Mwi9G`Vq$G9S;}My>ICf`CK*{*W<6?HJe_DdJnG1R|@v3 zcfW~)n?6|HGAXorzzE$tbbdW(oqK+%Nx!1Rs=w!(^-tllh3QDbnBb`=nkD03T6-Nz zgnOPR*2X^Y7Tl53m@sL4F5EjVR$=^;zH;9{b}9_7KFIyHly-e ze7jS(*#_l3bvxhPV|40_%BjZav#Z39jcEhWXh~_}ta+e~x zTICnVN`FLj>RIrnZjj%|TDn~lire(!YxkpTet8~ua%FMb3~zThZ(2(;7@8fBBxOvv z>ic*qUn&y3-ZQAElzJ>-`6U@DV#s!J$5d@x$br@dWV7mz3*I&MDpAU;slPnEutVSb z(+@>i+xt7`CKb;9@!zeoBENLU+3?vbfqI>9;a_jbtDgv$-MuYS7EV%-!*r}NcM6t~TsN~nf6T^~>x%3tBaMesbj17W%HBV~wSjbbOJ!OYB7R{eg@KQVaYjVflgl znf39hZTX{FE-snjB~$V?dQEZpW%ju6YnN=)x7>7f8Tzz$IR|1)dD}DF52?kl9_6h^ z79{T;(J=PfY&B!t_wLJ|SAE|~gj>pK;inJH7Nmu4+@F+LYB5=FYA%YgMy&@aq4D(f zEmNy2-Z@q3%emcrJ1xI)6-l}4aq@ly6Vz3CT=B>0;}3K_WBAzrBVv(cDlXxLSYm!q-$ia`H&y(-ol7`!y2bI(^7I#n5JFB`f)&NUmx?}UJspWY}_5(a7Qj>#}_@){zGqI*`OOcmD2SIl#_;Tx&+dB-b)}~agCXt>Xf!i*r$T3aZQMt>5LD@eBlGkl4Kc@2zXc%1H%kUPz@46{gEuEzT zzUM5;Rf)i14O_-F5TTVj28~6pMn2fuH0B%MXj!K(-X9jU$GqSWTjhSXlx1RR$~h^Y z>)@j>x1rFkvSH_(9>djYJx!RsTJY#GbjG_}Y3#=PcW)njuORd{;StpId&G+5+#lbY zyi-{U8jk_!cy`cM}{4dMK z@C(J&9*T}O$^#7>8*6ct>6->!)dtno^#;UuopNJ5O1(!)67#qiTPQ4iNbaQGSZD^a z#@Dy_CaA&9752nes-xtD=0C1K`!%6D>I2)CslCe34QimW0WIbzdWY&}dx2^g<%~iE z#azWuXK!h^TC^)FyC}q&Aptw;e3=}(fkbdI6>0U7i_vX5NP{jU%sIeu6VFJcu(;3~ z<$6lZUepS|j`uf4U-Buj42olS)>QY0lH#^Onbx6Ab_-O)^@Hd~a`m6f6AMX51h(^; zG?c){*pFz%B;~!-FE-{ip<5vlQt&oJYlYI|iLO%J7qDGhpvQ^Tf3m`4H6RC0qAAC8 z9iF)Z8QUq;Y+!K&)xpPW4=bbh`5EO@CRsti`zm57u&S{~8Uj5bhSsR0s#c4W6NKux zi{Bp<9bi#6kcmQ7t1%x)NrmO~dIBFSGOXv7^>$PLAhmU;kgM2$J@QGJweNKSFDwz( zEVRtcPnEwMws2{6QaDy)cq@7qPr{>y*=0F*W6aPrmDW9P#G_O5pw0 zg~zv7)(t|HR+NiRw#8nb?V&_+gy{Nn{#Vk{6@)!MRXmoj5$%KCL zWfhJYjAYq%+P~_@F%6N8i-m6|?;%0hb@SnK!Mga$va4weu5>YUHy;B+3{+THT{m#J zn3Nq(?e#>za#&--bf8_7NK14@d5moAihASMt^740ejHO1NwCQ!yKRQz6y*l6&n(*G z%;ZeyOHchKcEtvRqBKuzC~ktRkc{jbh#?>2Dzz)+38r!{I)zy`@i&A-X}y?L^EN#4 zg2(&lm6lW+9USQf;*9sk)$zb@@FY&uPFXrB@;ag@yeihVMl;`yDq+@f!<@B^t-Op` zs!x)IUi*BU^y2Qeq-*R6EI3Tt3t4k+C_dv_SPR&cP);>C7+xNC_;TcZWS)aT_?YvA zfiD)U+wt9EGuoiiuyrha*Q>WwqTMpJ-UfX~uAWPZoK|C{Cz#djX?lA}9p|39s3SgI z#I=fPi~jt;jZcY*?bx2USRoES78R!3QR@$&;04q$S*V7GVM#T%F+!}4>q1?e3D{@) zd+TC(R;v$JB#3V`f^9d??^)FL2QBVKDhaH#RY49bfiTlQd9D6y+_BsIP4>RJNOe@% zTpQeVWpRN!Ue90RSEDK<2!^ykbfBOf+9=;`@xZo%dhC77rbc?A4|m9!>T4SS>IlJgI%#1|JvmHtY7BkLCf9%$=QM$acZcOWy zH=&nhPnA%Nu_p8{wT&7DLs16gu2hR#t*>ypxYhk_e$`AOU#%EW)fbt#M(Bovi&dbFRgkzv{k5hyGO5gp4_w@|KVyHHgWvft%4nJEh?{feaSe zLLSz{lPu6pZQ;~zkZ#)ywsQu9GNj;~#A;Xs zeou*%3dxlwvtA&_@r5IAYh4p0;d!dNH>TLn(Sm6W?yiJ&O2A{}YFGePqOhz&a`Tdm z_nmU@&H#97P6wnU=|-|8&i6=LM0dwBwpc}hD3CH zh9cVvqGFxV6i#9k|L+$$IFdw2ZVjd8D5?fpCI92gCp?LOX!RsTRv?lbJ{(czT_j#_ zoC)2WTE81Tim~RJaY2Jc;X`B)Ck;jNGhR?h$*_5QT!bddt<0psU+gwDjwLqnMd`j< z@}>3it)@9CHFZyRl+8q8*Tsj|o~9OyS(IVF&f8ff&c@lIKRAg?1eB4@BA~(9!avtn zY|v#4aYmQ4+^OzXc<)B!xM1PPC*-{(ypmWQ%LQMgu#7@- zyC^k>(Ri-T8BFZ%~ZEwkJ*X+zeHN@l#Ne5nw0f{4dZ;l6QST8**@v4cNn7DEp&L_Ue9#|}AHf|s$3as-Q>35) zUdDMuYk-UCx&(s`5Q2UYT4!&8YDvSvl*nx%xlFS0el!@K>10NYUznNve!m-GwqhH_M~(pi+s|t5OzY>eKL)`%_ny z8gkDrbTb@?(h^5sl zn$Ufy=KIlNeCLcC`WwfzM6?pHx>}HRNR-XG5JQxb_vOft)&>XDo+i&-I8uTXZGldK z+<3-4N)N7ZWB}<`h8|#v-}xBFDK$zaj@w%9g?fa-tJ;Jh~GtFD~hq03Eic(F$qtS3&|~_^*W;40Qq1T zCbY-go!j~0y_85?NbYf3fexh3N&GGdyHg^;WbCJDio^0CB`0Git(T+llq-4`$BY7q zM0Qh$JVAt@_a1Z|JYE>m#8t*b7OMOEpqXOuIlxThNDAW2+4;;Gdcg0kACilun!BR^ zBfwG-yG( z9KeQ8Z#j?&F6^V3DEQb6w3aXGm@tZDJGT40wpMvIbb;!c#^)36x0QkX*mIb#d67T&>VLUxHY27M>CU z5iF&U+~A509Mb_{5<7v8 zU#h#y=&~#N6>#Fk32RzCj|u$|JK_b^eQL6MDEa|EU?uk{EMtknG7HIFp+sIp;=l~r zfd)&!oekYqb}rmZ7n(d@;fMgLBmr!Q`)CsDE^-7zbmw3=vQ5A#m7YL~H0b3^6NXEx zAiQJ#7IGY9aH{CRF+o2OLmSi}VJy+KV8W0V18k!hPzI%E9lLDDtO!Vv|KRQIv* zpKWb*UX{FT0v=;$I+R$gH4^QN?vqW`8UmlWp!80VS{q-h|G_e#%ZnOS8^f z9G)OoKlup~DuMZMi~TfC6FQz<;%-DsIt-L(jUm>7deQ<1xYvZ*-m;@kfH5Z4yPykT z)pER?_}hut?-e;LFjCxA$5~4i<%F}g7FvPd*2Sk4fyonl2?hh~sg~zJM}pqdIkn=7 zGB`Rv(icjQIL^X*SrdC{j=$2@jqa9!y9rF;DeaydN)H$mvkG;*F4!ib!6(TF(ZYJU z@-e&+E#blF8UCtF48#*A3zF8zEndzRWXG8yZVMw3v~TMh7lSp))n324CnB>%;R0|w(mmVU$`9bZglr)(P-VIc zwZg7T4*LpOX2t!(rrgcLgO`{)Xe*M7KG_Z?bFnNl(B!O8g|^M1jYM8=U1Uuq3&XUa z$qQKshZ#cBybJ-PS|y8%xt*rT-6%67gI0*a_o&$HKq}~au+Lja!3DU=o3r>Rg$icS zOd}>2?Lyr%ZQ~m1QUelIoEcaWo<6*QFd*KL;tzN zbVRgVZR=naHm>rAX?L;|X%j{qL#MJI+$ru;g_07-Y>K%UV-&Wn{6t%EL4`Ov*&t+0 z^Tb#PL~*g*FApSdXECq$W2B#RRi&+(>bMlP(lhx-wPzCBJgYHmTD$SlK6U_0jMB+s z@-YUe?!~P`^^~3%-Mz%Ixq||UNYGk{Gm~VyhFioN}`+~XgOeNrMc)y)2 zMH+CcmTiyg6eVES#023eL8!HDg%284PWMTSyn@VQ8o7rfkRol!kL-F8R)QUIBsG+; zO`ckR6cyr%=NZmG`qdz9Y8Dyhg;#LEca+}A5MY#1BDGO-WfCXTlolhi7?@pihXEaD zkGuMCP;Dhc3=U4x*Ws;Gf;afQc~QBxURv+ADDQ?QJ-YdcyjTrLQ$(0<9;)Q?ciUlH zJl`YjvPug#q~KWqdw?q|e@4}SULZj36qX){OX_h$ivh53J|BzW zVZ;F2#SQCISepUvP>c_t0@9=MDg+EE1&P3Q&iJAW;;<567>xG~L=dA>D3za~0QiT43DF+^#hojHlG+3oS*6B{##5!r}l-l*FPS4FaozZPL^jN7M)uy$O=XGY|bmAmAX%n$YuT zD+f>oyQjq*Gm_}K6by*L2d_I67~14j!Fu4kBnS25Dm8!lE}21CT%~SEE-BI23vB`B zUk#XlV@VTw4Ygn!v;w%o2)Kqdzzj!HH6>xYzYqj`MO8Kg0XB01T@Z)L;h3Od)*O|) z&nuK!CxIe4ZDh`}(=(P9Km=o!fIZ4h%dYG*Kp84dWeaO5;PB?6NGA7L0t z6qb2Nt|u*KA8Pi89HE>|NMeCG1V%y}W#q67LUKzeHAfg-fN{7O#uPU&x5tpRZBRU- z)x@DYB44!*Jab*z#8&75sJA54fMad~QCvW!0GshD7kq%i5(&v2pcs3j#hjgC@(=*W zIFJHMdWpofnhdj$BRt;A`#(R(woZ&JMdm?M9N3zIOh~RZxknW$1Et8qc7M0a1ae&T z6R>)$IcD7E>Rm-F2qC#mrgJNVKzt=I1p{mmflW`s-`OqOdghR{Qe^9nz2aNO7;$uy+b+1X^ZjPQ+?u-5m#JTM`;sWvC95@Pz}GgP)P10 zq<;(B44tP$Rw9y|x~WcBfVGc-RHFz9^RmhM)1kS=A6ztZJ`=hCTAV!(8aqjg*^TOO zb#51jrEyF^s^*EHPy2yAcR(2;umezUa13*x60t!D&^>T>zT??qg=R>uI}#)bKk=oi z)KgeDkqnN`XYvqOQGiV9lWLsNQGiBRn1ClG00N@09wT^A7@ko=iQF2J+dwmDl$`Ac zA`xeo29yU%m4*dqo&YecQ8PZq5QyN`bwn9p!Eiv9I3_=$#ZBpP0M24(my;6NkYb5sd!EGws=0QJ@H%My~F_0?{KF z6lwt-pv3@>j29`FfZc#V#KRb*umJDnP(8KTCf`&R_QUIj<9-}!(?E*00y|J$2sZk^ ztjs{l#bMdM4D_Ai23VvKDbi(6?+4__Dx@6P2Qw&-pV3Zr@8n&?-Q#4ui1gRyuyJj=G@sfC)dgg1m~{h4)I>;lLU6U^f>~^#p(^I2F(u5oBaw zI=8c*8V5EP6?Vx4P_iG0h|aLJ=6^;8dFA;mgr8jnH=4j%Xai}r@r?@GLCxS`s=Lv> z@o7!q^MFc+p%_Y}VMwkoO8L9)MbS+Z7A7PYxNCgu5i&}OOlAY_DSoJxr`SM#&Am-h zBU)h!N0Z0KZX4c*x=6xxKm>LpN9H2h+>Kl_`%xVcn4df#5G4cU@iN3ghh(lGakqd@HD;maD) z7Au0Z6+uXIcrOyS6};nZ*MylFR$c1lhIofH_CoxLF)BT3gNB^en3>P2a1ObIJIX_h z@r6oCwXo!6`Xa7&6^^fC@Qd}?MAg9{u13L`4pq2`9N9qwUri3jQ&VkL zNK+(EW0D8a>T;&7j8XE0VSyP73xYMT_h$4<_E-`t4=LhX-QLDebzE`zGl5yP&X)dZ zVaCgtpjwk*p6OG(3?M91V3{rwfj03gW$n-C+5Ag#zAqADNFtK_jH`Q?UT6ib@-Ui-C20>IL9`{{YQPh6^W9=m{osbH z=ly1g1!NoT(U@2YOF1OBN2SpN=sYI$iBJL#M*{F*jKqS)OQgCpco?@SHNYAcuqBKp zAnh2;0FCEhxV|txiXS5KdlL~Y5}tXIHUXwl5OQ1_iop;8>=fWhfL&^mz{++8wn>P+ zo=+lLOdOM!JsD?oQ19$6`H-1YzrDW6OkCp!xqByLL4c^Hh=wnQFK89HU_&bM@&#U zTQeUiW23(TqD8=x?jUi(g(E}Aq&AcQR1_R!fU7*NG#ai_f~!1+J_F#u2Lq`Am`T?p zH#K&PmIR<96l1Uj5NV!TY&AVr2>1qUF=C81`_~uo;i&XRr2v&|f-)#IU|Y?j^7AuP zsP2sd3_e;KD1wg-RaZd(AL9cha#KidB{>pCig*i0CfIU{G=L*6XadLd0D2C96t)E# z@kEYqg@i$=M*mtxjabGPa3JBM+ZIU!tB5fODGy+oM`^tRg(E9SzXs$3c!Cq`qiptA z&s)i$5Yt;1Er(MPOEm~|VmyxViDC?@mw_}WmjLiLCbRxQZg3LoWZ@cIC1{~G`%K0G zY)X>Awz9PZfHqY~Kd>z7NSq3k17gaNW)p=4FMqbB;j=9HnqH0ZgQx%K8Wtdl<)z;Czw`%UA1W=&xH}QJAA%4n=kCsh6 zbf6L7e`z4Q@JtCL&*na*=4a}0&sIqHXOzfx?IT&OO0UwUC;u=H+-3FouV-G@Y5Fn) zjsrOTV^EjtU8X1r9F=*hLrv)XEy{cX+iFgdBa{B{Fh+o{3oY?R_uUbPdiWW7=zW_D zE^k@a{TujW6Tnefzb+(-XjNxV`B5S*&}wi}#wtXP13aoZeB8AWXayMJcSYc3FysNT zP@`hiAWuL!yo^W+%Mwryb>%p!aA>;FcEROs{8j6g*=3FzRp=%qPq6Tm&vhR+T7eLo zc$WDXu|NY#GPXxy04*G(yNDqWAw(>I<^pI29Fg$=_gafPDNh&5<0SsVRNDWg2_9&c z&CiuKQ{;*IW2g~kgEMR^eL z>3@T(5sAhcKnZd|$JO)lhM%uVb zFFiuyHnSx(a8d^Li?tokS=lQ<%+rzvipa?Fy83|xDhRI9H;}u-7jmPXyJ4{(FJ_xGadkjW89t3WZ(uoTT~-b+?1h6(E0p8 zp=B#T-;o>qY%8CeShF8p$R}UGhFPORQZUes#}db+VV;oOzm(?)K#kiQj0*s63E%`U zc@Zr-yK4b5JX3(h@xbFxu2j+&LLh;QVD#p=}?klf#lkb5tI)1%@f^ zM$u<-K;x?nh$)SS4%)5VWNL7IoQXxVy(r)^p`!mcz{A?Y%`U$ zYN-p6z^2aeGv+vI1Z<5mL}J@EcO@L7oMnay6+ypk)BI-om!k;)s?TIS-&TkSVqTUp3D?eOk8d4V5kq+k&nTVgT70 z7&=jzto%)oIGHIJ<$vvhFBf{St*l!|;xagU^A@g?gQF8tSra1SXG2)acte$Ai zA7%EA$q5jmiN8(=ZpD-MQIbm6o`X6G9Ihq!7lGK1vd30S+<$)hX~60C?{J z9DY4Q)a3dQ7u?i$Ti>m!~M!d1?;~PK&FOW%f$QVpfMd-#~siNn>NrEUXMqx2L z+gP=Z=>sygsIu`N*5GC96{Hr3Sl%|^MoqW~=rYW%xxFeR z4iAwBH~{_l;hB;k3pevHZAA?F5ucy1d%aTnsS>L6-b3gR zKzb8UAdt{I0@8`J&_eO%|Gn>>x!;{Rv%j33B$M52dCqxu&nd=2B_ix`idM?2tfa&@ z0g_w~LLdK$dV}Qy>Y{@I_(vAwRDW!hvHVRK{^`k^&Q|Oy8~hp{OQ82iOJ;q^5T!aR zOwxS2e*Q@E(dpis&Pwbt56Os|doK?Of=@?y*Bn^V$%6RUBe3T&{^H%g|HJ;9n6lIH zbI+4&EZKp-dehs=$Jpr+ekpKVfTg_LQ?Qg}?iMY?uL8>^1!OvY2`1kXH$5i6A}_*D zo&Q`3r>@6PT1wtKSSzSQrM@t*ZweS7cM9~@ zMIMr_W`+B)U{5XKeez5G?fURu;*YfWj^XG*2iZBnAEs$TAwp~q4ZOk=ORZb)T0*RC z7P)sIx*x(=9)t+3GsuR`?KxF9S4ceAy-^1YEg}(XQQ7VeDm{v-Yg&c(i(OIoq2yp! z#P`QwWrRNt_$@;CVONgo+WDT`S(}~dl$YFG(%&%I9^2KlzveWIr7cg+4gh`{XB%iY z5qQv4t{~iS$_xPKpQ7V~lTIyj!w)8NIpM>TX6*2iNjg?|*yQp%xanl>8@SM<*=soY zBpnm{Xhr4>>8(i<$Y`<{bZIcQhYY5N4YIq2;lM*Gbx^`65yiVcGtu3bF z{0f*Kvxu9WQOe6M8z!^~psDyRuu+LIKNEH8Aik3vzK^;epGY>UlRk1oTn6u&O2GbA zx3#*&t&*o-1eJA}?Mc{U-cg1e#dX`uuT>ViYauVoc9*o#Av_oZ9l!k>t*|A;Q6@tC z3F<`Urgd_)8g|5ns#Lito3wzyCRkC{DmST5lIR{6$!(jpzE`4;s-`9^heH5tbJ26e4;BQj|LhLJL(8kBBWCRbx%N3T#Ir5lP# zi!ZPVCe$mX8=T42FjyTUYC-Yl1ZfcjOJqPLE8eUjSAAjb^eAP;8#vO!6Q)UrdZ>8Q zfn0TkanqvO6mBY!79bcY4a!5|CIh)@2Rouhu`1j|A}y?76I7^m`5Q0fswu3F5|t%? zV~w;hge6j-wB>I!k*hi|_ZKL9`5OtOg$7KM9MvUzvyaFZfiaSxe#zZ%A}v&4n$J<6 zO}UY0>SVW_U|bwS>~nyvHA{h|H0V;B*6|oS#{iX z=Rx}Q0yTF7q2v$-Ce!47V%ad9+N2=|VE(5e?@IH+HeD!7Wlc#?{&p?VUH7XlRi&dj zWJfZ3mAQ*u^{8*Mqa1C))>Wl^^lY-j2fa$yb*6O0KPeW0mSpNWP&_(8iZ!6S*}H;N zj?yN@O3;$;y9Shx949-x(fM>;IEqKD$b4zo8YyZ^_6Ch$5Qp`Upz>sIst_Hn=vA7o zRE47)WQQF(pSlZ2;m8l!VT!h(?DCR7h$bBtChKDUa1aQBbJYx&HMhVL(r158Vhl~1 zR1UO3HLNwv0!y4Us(k4C1(?tULA(z__z74WafJhZiSU1LeqPC_8FY#07KiPSpekg8 zwh(@HKu*>gv9e|dSVH`43=+d_BBpX61A?>E?36ZV!$?wRjV3Y5CbY^23?Oyp8pG1& z7}$8yEZHPR+T=#@00V?G)C`w2`@#|uW`Dv5Z>d8Pqr01B*O0N3w~(TqLHV_XVs{|Y zuMh~AsHxD@zF+#OP$nAb!oO&nd-1rUt8-6G2+jF&aoDVlWW>jN_nsMrYFI@CMNDMk7`!<}EpdKOIdT7>c^#0T zE=aOqDasy&vzAtJer0IgB~epW;d2Uml7Hyi_$&IQzkBYi6?LE#<04`Bg=t~e3t$26 zBF^Uvp~5agpyi`QuTK}`gMO zlpKMPtv`0ftkJ|gm~N`BDd{72M8{Kf{s$I{S>raY5qs7-{WdqfOZGY0w)~Ov;)7~4 zMp28l(2;XPw+Ab<-m5AkI&SrzTw77^TcbT?)0U=+dQuhFdQ0w%AxFxa52xo?Znm6g z7>k-^rb&<{PuZyUOH$2?`!96daA&jubuvDQvX@?aIhSaOAdG=TNOXQTujX1}h5Nvi z-`ZZzUv!r*hEgoVF|WHwV@;nIY+o#Wn8GKni=vQ@0+%@+C-Z8cKn1-sf86Or#j8d1q z8As&vO_P>O{(T_3)VwY90eG8(83N=>JBtE4b6vvrsgmHD7vc;1cG0O|^@Fd#!`Rt_ zsd<7L_i_O=Y&Ci)8&V)E$ORwJVayuB2PG^cZXgH-R@guMkko|Put_0KQXaI>-d@ld znlk{SAs&L0A8(EE6${D8>-JDxt1EM#n)Gwr%V|V+8DS_nLUz)+*HzXW%iQZGMIU5u zR$K>V=TrpvW$RX4du9_>1h{1nlwX6ggUSQ!v-!(UJZYTEkA5SC{_fuRpj|}+6XRyz zAOo3AROQx+O5Degmz%pwAJO+OYUqo7KESr4yKxlP{7bM4QtQHQ7puvp?13N9l?1gU z8+3{Y6@z7vod2tI*Szy>()>Fe0@`QMWz591PWzQzdhM>z?ic8+rDD>i9ZT<-&d(u? ziXi~(RjRc(jQTW7@jc18y#q26uV$dUo4JOiTwoR!8aHGFTHy!7X)$6NXz)AC{qqph z*zO#;HM!y=dSq+-u9!TU_%)`REJQ4(n^11;w&>^@(HgibCXNQvV?s$nXrsFoRo1$T zjusI@&bvVXbj?dl0#OKaRQErbHQ%D67KD)TZV)?~lLDhb5P}og?Jl#%Rdkes5K`O? zdX26j!;m};*^KC3`>?iMcvOIFh3|IQqt*E^tJEQ?@!jMKYY$3}@+O74cW=zmu3VVE zlp(rbyEEk1`iqauklCN2ff`BMuRuguLmfc3q#-b9JZmTiNR&VO4?8OElxTv=yU7+j z0QVZU($jb)0tVBTB@Mi?N39A$l}KTFa3AuD2AqeynMHF6bg`&AmjGADYe0eFL%zV( z#BDS%H+wsM7lWY2U67x?Ecal{ZYn+jHQoUkVu$8WBwvBer@jNa_?0%t0p)6&d4P1~ z&A4goT}(7_BN%d|x+w<`l0D-BRLE?;1W?JG(E-Zk&d32#a%Tj9A;mlE{hKLaNib;2 z|2ep3O8EJ?AtX%BHVB}hZi@hPtJyMB@7yG~5YbGPotV&kE%Pv-ku3{lou#~25u^jV zr-aCCrcBS3oXEuu1V7YX;D-H;nSFt6PtD7sP%&_u4MWa0gpqPHk=TD6l=nhn2Np(; zdh7Rk|3TnA2t_Gz08@y|_gU;nxJVYmKkq&Fp9Q(Tz}7m_qZs}8_8&rVfaX;2$5Z0m z@b$@C-kAVAWF}z^p<)3B8xsU=A>360ZAGY*>vE#U)^2VMY@-^j&59M$EI$g2dK;GzDDN)q$Rm^G%afJ`IMT8QpStZsU zAT?G$Io_(l(r&A%7WO~0BSI}=L-CpiR6)zX5P~}vcB;tR*N2*o|AEi}?7*31OC4J>x(S=fr#ImHv5}N2R z2(;AmH0R$3*rjAVVP1kq^$rhWa8s3@hf>~F=dvhKVd6Tv-Vkp1^(LNxbq%AT6E zD3lKzh7eYopAEgmrS%W1X0AA)ZG8Epn7gS;@L{tUAbs#cYU!r2?qh2W>2dw8*!&G4 zX_341rqT5MO6=u8>7ZP$! z?>d$UJcHboHpn!#&Dzjk@pW>4@EQk5Njx}1HCn2*Bp-@R&Cd|TS0FQ&nCo#?KXD%O zFPgVJ(~#>>4Vf7wM}LO=%Z`x51Fz9Xdo<)&>rT$oECd34l?3s@O%nK~>o)QKzysf< z-wr(n*3frd1~Ly3K2)-tL0>;3|l^@UH=d(8W$3-T{b0uo-M9BJ^1PRKyf zV#o>l$nHa7bQnubUf|xjp4GlI#@3pP1P0Su0eLbPw zA7=RELHBonAx0AQf%;z&FCz`%{ukcJacaXtkNh*FUzwx}9@-1k88iH#ypUUvKBOT8 zNwq{9a{dTCYWFYvNfpEAyDNsnLDza_sV~I8eAk8Q@p?YpU9r0S(6r)qi;`%gxY#kR zS6_ozeZ1UyH~5p+!#I(1f%nX9l(5h1`_zyi?z-=qU>GeT@+u zF0u3?#|SU?6y4LqM-gloYtNx5|l-@c$A5B=vb%hwO#U%%(3_z;jr32V$ei-uih&N%H z#8$lO80@_-rTZ^x=mJQTICKpZ#}-@zbaaW=XVmxP)c-PUuO}9U&MMdB?)>tFeg{0v z*Y%g^qw5oE3BVO$ls+>CgeiK(0Q{6}zXBYZ=+3NBJlvkR+o}ou!M}Jj#fsYa@}<0N z7|QX__}O`c$Oms___tk1$ZfBljVa>tau0Y3L|b(aeGSNao4K?uLeIGU!@(*6O0_-X zUmLfBXynlpAUku7aPcyT;H{XUI#ajhxA7$wp^o;gq=GUPob1C+n-2`=$V>3g08>C)qyVvI^$d$L`(-yd!t zSmR9$(;2^Y`E6>=(t-T@vt@4_7d1sapVvCSSe^{|S4!Oe!1sNt{bYIh&g80tM6_Tu z=E@~UOH9#qxh|8mq9taCTcf^NY`A1%0+lGTn*RJ?XK5+VxTPg}F^{zvl@)yvJ%rOw z?QD_Y;RtQ|tAZG2F^xx+mtcc(`n1UA$hjWA`O9AS@bkVBlyMIm9*}=!$GeUp0+aH0 zjiN<>X4~=?Y#IrC;M?tT)XGiddvsG z58rgGN{uhl{wI@AQlre5t`I_cj29jFVqLbrJs%?cpX-><|S|ZGDYe^N&ZYr|sO(JOA9h zf_P23gcAe{PlECLAwIw9Xu7tD2I7UD(gu=7U0}6s<1^a1`b1C?Say?U+BXn#3{<(r>9Lene z8_zO7Oy=u*_&aPEKP8d;=QZiye>V+=B$w9#`Qh7&5JovK=INb^>t_o`ngB~1M!end zh6fCIN`uQd@RI6gcp2hW_Q|$hx)pcM9a3s^K>TY+^{3%S5UDWgZPV@_;$OSmd!F3| z(X^IIhL*VAm;DmN^Ag-P_2=5A8|ym8M4Ho6T~*jV`Ze^(7eInY$^L%S!+s_Qu#mPD zf@hMa*x~`g>==c9w-pZj<;GXyQKiXJv^iirxU7Aq`Ezt@BMdai*s@EAU`AC zD)fx4+Pt04D>rtVmAe71FUn)7d{zLU5*-1Gb@v`TYZWT^<-D|I6frS>Z#3{K^Rn~V zfdVn}iSU5eKO9?PK%$AciJtfrkOXtv{JC(=@e4D9MX%VQUll$}aE`%3S$McCUyzMkuG$d;Rts_-r#47*SU;c1SRGblal%*)Eqt>Bq)?HLW9mx_j@bZXby8T>Vi3k{2)RaPm+ zWQ(L<45ASk@5FRt1+{MIOD?g$S*mi@{wMX`N4mKQwm;R=@%x_#^cq2+J&Zfs7aYFF zDFb;)FC8orv%YQYg02JmGC&M9A(iQgqrdhb4D&sKRulW5LlkZ(qB_03e+09pbI+WL za9U<>Z62)g^80>tINTkZU(agTdVhR+_O*9;Xbf9bd|8Ug_QdY$;O?k ze&{PR8uqp>Kack;24xu_eH?suoOXUX?HJMHZ;X5%VpHuFL@8F5z*TGO#MV}G<9(Vr z6RodpT4huY%j<(@nKLN9mYQ><&-W=D0-1fkKNDMxk++(+QA!Npw+VC z9~|@ivElP$L%ku-g=6)bQ73DIzpl+mIkqNtFvsR=Ysgs6%QN4Y0I{LYJe$>VUiXYl zA>TBe_My%do7KO(?unVLj$=#g+bH_8i`amhq0T#-)qCEfPnmvJhb{H`v@JPr4T38h zHdMhBmQK}II<|v5@$%^oXG0sVRD`aMgy6DSu5=TzrIpxe9WCvb{&daKR@sy&SZ``h zk$ey*U-NFEyrNtb%Y?M|6DRoya@ikGYy`=gKYu5db7S(wLDJHNvHToQGG}Vi!eKJU zoAmj=3-xsqx?8^Tg8?nUhPdA}|eh}@Pobu(^yq3sKrbeoyg?+SjnzLMfqn)uBAt+IM^ zVFu^2nnAcSuy7&xuk$@`4%1s5wdCSvJ-pEuKlPMY>}c%7etPSQF3{~eWhdY3RScY# z*0ZEZXk4J}G`TO(4w{S?@pcpMFXA00GWS1ssRv2#gf=exVNG7Npm;tK`*oB}`l8h2 z@vnR}!p3l&DGq~p_o8v?#qra!;f?0tJWflh(YcvZpQhjyPD|3!xvA6h#_>K;e8sq} zrqiAJ|Bw8PNsHZT8tFy$o%+Cn^Ee886i5!@=?wDevC<%Z*%BPWVJS5_w{}WgAB@Af z#xyE4e@fgGJixhTk?#IwixzaPVBC#N=UzGmHwSNWSSDLf6l>aB@XZWEuf0GiYN<4PsWtQWxaqCDFLC=;;-=@c0)e$_@A;JQ>BSK6>18Gt z=RP8;@FWmeWUYAr#AA^?qtXm-OO$O+xo!M^U3McrhPBb25@`ozX6{><_j88-`2?@Qt>1*up^axG`>B=(}ZmPNn4(<+4$gNVmys#eHKpa4Yw0`j%5; z7VCM#Dx}!fHUihJ)obJ18cEBkGmB(1(2pX~5B-0|mqgze1Pz}0#VT%|=Fz@U%B~@5 z{!o8tFD|3je-9czrT?;`icdrTR%8HL=wbe+ZqS%4L9C+LJZCV*cQa=NL z?FkJn4jA0G4s;;`2x1jxdOn;+3A=Z8cs~=8@|eVAeLs(d9}+AOH;UPj`ml}k>tlDK zi3b?|q@e$LM!Di*N36ZM&-_MC*QZ>T(b~S@AsmfuZh=PO} z9CL;9-d8g?ED0v54Hx|)&^trd&MkFtKpr-`)RYcAiatr=m7)yaDxN2i9h;r|Pvi{F z5_Ut423>5_C1C z?m+Gs9e9t%SslqQz&~H1e-}LeE&%^7`2Jl8{^Jt(7YOgkqc@>0r^YS9!E<)yfxY1L z&W`XYj+lZ0E9Bc*%`n0llD%c5ANO#~FrQwDj=#$0lhcjb-;8o{fec{_O)#pmfq^W0 zQdT!GlNII%^8#k26T}|t?N%cAIdJ&P0-1&q`1JJW+7=he7PItGhX$xa3)G=D>d+W< zh*ix|hq|akQ`Dg$>d+EJr-h<3Lec4==*&>w`eM;~VwVtKk{aK?#wa=i6rBZXxoT0Q zcu}NwF-sTaZ7Akdl@~BGeljzTKQkWNFdh=rox0e-k|*)eL@uoOQ)ng^bE*9d@aywxrx^$LEiONHd#{d7?TVKH(B-&7M z1}P!+p)=o<8Y&#ks{JQCmQ!E{W!0UQx&XeBKMxfcOc8#QX1@;%`v{W)EUp0-dxBw7 z;){%Z;CjutfoEssKRPQ*5*Us>n{Cw%f2OHqThtu%oO9?hdFXYK^AR`FmpVP2Y)mMS zSgG!$rzbkA8@R2K)ya}RZ!Kw3-gS8{n)78`ymk|qsPplo$M0%g2u;-RuebK~in4(0 z>N3}P9>Kp`F~q(iQA3?U`*=?bKG{C_BaK^9v6Lm&zHBQ`%EuyDxI;~KW-}&8G1DkP z<#y)O*~~VWWpk~=Sul0Fpupt%Y{&D%Nm3CGPL%l1%*j|VN$sZY)n~PJJibWApD#jz zx_k?^^ll3R=JTn8KEg`^mCMHJTQD7w8a)m6w5dk680>S#iCz?&^igwbT36&;j{%pK zjy+zy1e7I|;t~bdm#nCt%ryMw48Z(U=jmTP0k9j=p`#21%!ieF{c^S1iNFkNZR20WU1J;;sfb zAJ$22&@=$6WfW*4%c6v)=cx(O18MF?mgwT6472Xr6l8xMfV3Q)plSLFZ}wv`qy1a! zTB=OD=Q(}$3h&K!@Sl*JYeo5J`Iu!^6p2#DWIv_&^X5)ysbb{$s!}1>?j^f(m>t`G9zt)7{Y)zxjXOOIb= zCDr(Jdn;u-+Xr3C{h8Zh8~Ek5@xCG*Z<@$5|$Y*?p?iJa|r-kMflu%YQAZF{o-P9aIEs$5c)kN)Urs5j(GY> z=l=LuqQb!EGPriwkN4+_%od3%84|TJKB+=@u@!M|il;wL88K5A4SY3JaP2e-uC-BN zmXW89M}*kr#|{G6arl3-S-r?I?)@I&{c!k`xR?zEAN{jNMr{YFa56J%A#)qQaOZg1 zUMgPq2d6q(kUqr^yu~kN(w+>askcu4I5G3kN($`03gzI=)CKTo*!p^zjRAbjKb>sJ zylOWKPkyBN!;;=D=JSi+#YtAB{cF!BGnf;e5k9Fyq<%5ZTuV1wC&d^-Xjmi__{ZXE z#iz-RYg4rMw367EiPNCv=x8|YLb1NVxX<3l41CD^w5xoY@^Xm6!*)A1Y)n>t{Xd$) zVaAa5!>?DYW+2JW4=q~=5&_&2a{9~AMYfYlr5TTVo|#=;lT))a8ZTCay==y{q5f3r z5Fp$~T2~lRtdoZ$(Y0=4$Lq~Q&58YK#x__96WcEvZ1|Y?fQRnFFYsp+(gqI+VYtC?s9=Jsl9&DpXfs;?G*7G4t6x#_ zg0_`ynJ%_{8``m~P?f6>EGdk4sBG`uVJlsFQz|^j&+eLQ(?Vm;k3-BhsGkh!NzTTh z(5-%^M3y|UMs^Ot1J_wS+uKf6bgYgOc_H}CVEs}~uV{fmjov1|FfiBjTN_H(Cy|fy zRw1^mU9HPAc|=AzS^Fh%bhwXq>KBO*J#162gCZm)m-57nVY_UlOl0~-;@UGpC!HrE zDd~;}hM&G=)chS`J3j_oq4LP?v|7q`+@dv_%}w0w^v&&Q24+e@H z?tt3V&Ckk-gpy*ex~zL%lATOLm&Reb%%yWtGdLU02y=#}f3h`l$qhQ@e5TGea>2=; z%!NGcMIna<+t8k~Q^FO6kdk5N8TswaL9~qGoQ)2rCV72e2RfkXJddKRc{@u>%%7dv&S{M6)D;+rI>@0!NtER zR<7^Y4$AVSs|U+_Kb8pMJxr%CNUv&9G-Y}=!_YRb`gD%sPb*tO$_StR5M-oJb6fsm zGRd7HvTZx7z3M@ruTR-aGjr^P^XwD}>lBRG?CpW;w1wfi_?-9IxOYw%%kF3-yF3dO zNH5LNx1{kq#~>~ET7n^`r)XTEk)8}>;wB|ZM&;hp%KMyAdW)QjjNobmhlbf_fiqwO z0@+W~^K|D7I{ky{*M0Xk>YO+q4eY%r=|UdXuN@dFD4S8QJab@NW0;@rguNoGtiS_s zbwV5C{w8157q?jNwzc4Mn`jxu-oVteX}$tjt7aHU1I2T_x`$C(xC6>w5~_E^9!j>d zCnN7P5kjT{&PB&iVIq;-8jiLr+t)tOD+Ig+2U@TWVuPLkB>&;iCU&PJnFVb=~b~P5(qI&u+l6}!2!s9!ir2gI#JJAP7 z>8iXiYwlX9`2K>1%6p=l^AesqVCQ}|SSV-L{&U)LFsINNWz6ek4hDe9s>0dn{xIa1 z<7^5;9cy|J{04EbwQ11abjO|pnPZTb#X>PK{v*!qZ=JYm^uU(z^&ykdI)2$z`%uz6 z^BTUJXEj94@`>?_O zwGa!-uo2Bu0gV1Pi>3xPD>y7Nerr{Qrm-TM)5gCO+Mu@*YokA`XqZfM{^j6SyD>nV z!HK5-m42dP`mBIGUN$hdS^8z~sP`u)2iZO?TZl-psC*e5EULFKuN^i&>mrwCjK?m3 zC^c!>C?w5;q@1es82Z!)FIVxMK)0>5ngeOR*gUd3dOeTUIdD3@t|Ht&*J9BVcw*KJ z<$)SQj8Aa;^;&uKn}zUY^jXXVG^~3@ENyMOyG7vsmHf4CV~_&VFalSDF(&=Mr$7>g z?3`>F>zT(K?5rEY%y88jYjRWFwI@i0M}_vH?pyiw70DbMaz*M-_0I)~9dk@&@GOCku4)*8Bs6(n6K_gWn{VcMt9xkJJotY?U^aa7t zS0YK}-`Q^2w7)8tU&IX4i6VVtvZ9RXGoq~CYbP~Q;iv=j$f@>EuB-2LzTnhk)t)wb zvRj8O)koDUf}kCgUsg0f@1N}8#ps759;m?}U)?*BeXR1j0R7*yP}Xsb7W%asaZZ$9 zDqrW(KIN*?+IE3xhtUyXRT}~1VLyx-DsL-Hb+@VXP}zm-85D7Ma2`` zo`Z=$x2R?^&mqG*d{sJLw|SUugBO8+Rt`x_tud5<0az=~a$&w6e=prS8=p8vl+*S2 zOdD$I7CAUf#T#DKAK2q$L{_Hi%tJ${FRN=>#j8in^~L({BH)MqOoRG8gQuwxNW7 zqLsIokJ8MNdwX4WtMhCi`SvP2wGobr61m?zfABCCziW!fu#&+a0Qt%-Nw#Fx;1|jmrrA?HmW8IKt;uXX zHCm}_QC1``4qDba4`d2Lemjh9QwRmw$2udwHH<9D&2gD#DG*C$&yiF?EzQScpdT7b z*kv9}w_SC$@0I$Fiw{Y>HI%qd7ZTcrPpvL@vZ^t;yN!*0!6&EaJ35yaUzk>%Bxl{{ z<%t$_9XLdj>1c&|yaf+s>oPEe{XkE_@S>*>4AE1cn4_m&JdK_L#0<7Z28jf#xN+RG zwl!Q;{2AIPNTK~2_J3D657ucc#uePsNnMMCo_gK>*}3|~*f^*QB&@hPNK4ZRPkXw* zm?L}9q@OuT3BfyktUHs9pXmUJpPE7x4zrN|sOBNE7#U!@-9B5|Ci^0U+#srhNnKGn3DkOT($Ie*gf|=Nk))2+h$&8K&32&M+uen558;?D_0qO(v1J zLbZRf6q5ux+-XPVNAoS6zM+>Pk8vm<#_=FF5}Bqex(6@RY0sp$fA4N2un3p&vR3#$ zTh*u}fSN?8FiXGtP*d?%P8su6PlSVClSp?){d}ZUU~^i25jcynK7hGOu#!M0&l(Vv z2$?J`#N_#WYnh3y-Z_-ksBGUM%?gqD(W$ZZN_1HLcLBAgF1tioa za!vK?$Hi5lw$%6`dFhC>W4V#j^|SQt3HB(yGpO2|FYJ1US5$AjHK1!@+#hO_K~G6_icf!Ef~`LS1R8rxi(!4Pj=9 zc2#F4l`cv9R?;u$S~}!NbLSL^y!sti4^`OTbgUi~bt>AtQk{{XxmyeTH*)yyT>7y% z@dCJEoawQUppYES7voQSxp&r0yEa~Y(66h9gpUog%7cGk)4a#5>8ou^3%}4)u+y)u zBGc{IL7dGT^YsKK#<6+EHUS$l%9SMh=P^%n%?l3qk0+QPW9XV26l)p`-fA6dWY>>dv@)w_!f@|%ZE(+yebNofruTg~+ zQq;faDn)(Z#7}Tm_J$}mc4{RW!iXCwWInU(*Gyar=;%5+E)Hydl{Uv&e%oNQeSMbE zN?db12iF^N4=!r`MK1H^?d$h%`?fr)H$Do#Xj#d6D-Un)*9EJ6XrLHL)aDp#2Yua= zSQKRHQ#W1SCQ&DAe7~;Ft_xI70;l7Od@%a_UGr-hL)aRDjOvoD$#Xi&f^MJG7Gg5L zno`&s;p(@@q&kBC%HS>Z~3VI0{QsIV`gmQr&@K&*sO~dm!nWVnQ z3Cv8Pxkl~bOE&(&-Je>d%{bYtouBf~w%bR8$X?4tcG-S-=BnI3d>hVPaI4h{~M9?XO2 z!u9V+25A2HWcj7B&qd|Pa%%HMt0l5+wUiA-4}9 z4VK2rAbmm31!Pe)0yB3g{pMTEi8R?k${up8<&xsHLM**k+MqQ!c|<|~w?!Jf?NxSt zGpC?kVIM9H^UPM6pwYq!^hu0Akky`PSO3CS_Lf?0ee6+d$ng(X#`BL$(GtrSCj_k_ zz5T95=S5_F z`zMEJEp9N{UPu7>00`V-b9IA+`ig)&oI6ni0hlBgO)a0@2p_neVb#dOOfSK)w3bip zBjjz=6Q3IOy3vwb7y)OW^lS6d@78kclm$Jp3fU3b6zXG%TO&{+P+Q~k*tLH;-#UM7 z#um%zjNrDm?Hb3Hep@!K%1h3U$E_Nk?VAi)V+I zYquF{G;hp$B)UFUWOVtEa5z}H;?E;}s(0Hsnk!;Ybz7hIzx(qVPrFrYVtaI^Tbxi| z@{9VI>9&KV@HUR7Ig6{{$x9Ob@Q|257(r`7!YkT~B*OP^c@ z#wt89HEl<-_CwR!s1LeIz@dMh9uJX=USj4r<8VH%8{y&_KLV7b?Fshau7b-Fs%Ed3w=0TKC8Y7jl*i!j@>CL8FYC?y)%wIv)wxu^)ZmF|> z1VQTm_ai~GN-f<&DcvHAqbrG{i_bW4yQ(TMd?K5$xvP)W0?_oHi#B>J=$r=@aQ^Fl zHLIVz^UjV@^hd5rxZ%*JG1kg4q4eZP6Js+oyH(d`J!_7u_6|>1wj5&GND5?jUEpM* zs_=EPc4vo)QEq@`C!b*fLUq&OX%9;;clYFIisWO6MH0zJ&N4Ep$E+qu7i^qqaItia z(?FAB)rKn?cN4UIT2lV5F&rum-98RvyB&cMWTsARi+xL{?0I6+1Njn5=5(nq#kxU^ z3)Q2F7$cmy%Li%vz%YC39*-#L%+Oou?s?`wT?JF#J=s-PF4!+!WMR$G6Hwlc$!vRL zD*xqu4x8i`HOLiNquKCnr;52&iZ&# zoNpBDr)fb?YG-)fpSPoQ5;RM!Y~-sR*7zoU<46L(gqFNX;OMeOfd69D3*6VPk1|?_ z8<5pE2==NfnOd~D0f~3WPqnI)hD-x<8cp7+s{TAzS-q!>-4X3!JDY$}p9&lGe8V68 zkOnumj0!l`iV2mH-mB_fw~?h*d!2Y zNullQfYVc3^vsKzhiw*+)IGVKh%q#%?8FVve`2cPB!MMQc>6?S)Bc(X?YwfU=hrgU zBhZ+)q$>O{H&4PYsn7J8$)NpIb!@gVVEkM>3?})fBl0@KYv~zX)oo155gWGH3XI(1qT5yOsvl_Z6x8beMv!+E2X#r@q?<+qu zV%qs%x4Z}Pwyl%SPQ}SvmZ9QKUwhyDEKVHi3ipA-xMaC4L4tGkyK~ZDOwvfr-IIp6 zzLxNBtE5x`rvm#w>q)wTt>u+3ayLX2UahQHw0GFHTvYc5%zkpqYeh!ASR`|&lcDtY zO&xY@Le>Dktx*#D(7VP6kvu~txlSOHq$t4)9k5rc!aw4MXi96LG4|p#3B=l7!dtlO z4%1JCN@kB%J^oFu(l+$Fm_H|J!o1D@4Yg^b!XYkvGaqBUTAk%q(oj3Q99P_^BOs8L z26+4|)_-Kr-Yyqj3{^RBF;HMOs1?b*eW7u*Zrb%>5%3W-@e`IwZ&|meSci5!xe&Nmrv)1(7Wuju~}(N;JN#P~1eb zwpkYquLu6%*GL>@Q6nOhAek5iYg+D|T>ZJaN@IxD{5ZU$xkpf7tX(@dML8QZ9cD6G zb?;U8<;kP(5slN%a$RlY=XyhvTJ%1cjm5!bI=@=yF9g1v#Bz!z;`=rxoi1N1!UZ%} zT3*yGbo~;{k@ItFkpaqxjfJnw5IljJ+sg-j2-BSyTUhlZ>% z{Xdf-=xaAKWV)y)$Wev`1VC)(QWy4gjmed$Yt>|KKZh4y!_^{ zreIu%3G2lItUR!WJwVAzm`od7zhE-oy48e}hJUfsw0ZG1*~?%uU1-$6p$gBGbud!C z>8tX2P{{cgnHhq-#~|;;?NCB*j^_4l$E}1sho_q#z(V0Rj5V+Je0ON#hE8FD=OMxJt$l%_%UUAb`IZ*^dZ*~vN-=P z1|KcoAErkY65qDLa|8b1&GYxG;$3-9_5!)VCxK5j_qLxhtRuR3SKtrbNV3LWrTWA; zm5e=@k-Xk#hufFfP1z|HcNZ@>(07a(j<%_c75*xu_k5?e{7O;ZTkH?Sl>g;0tegdDOb!dO{V@Hw^60GU)b=59-x#W)k>umG{#R>%qKuDNx^ei~7P*EiBqiIodl;jiP?fR%q8k zJ0r#Blm^FVU{1oKLK;SiMg|7@FQ}-#!9BH=JSFwduu0Pir)J-v-@!uN3!vX+MZSZK zt@2r@AzMQ4eGt`w6m|O?lie9~hlyXZ2Q0$UDrz-+D2lZuiz~5&9A{hX+Ao9k>@-wt zp&^U+V9cnt{B`d0jIzD5On*(8x*6{eB_(5JzEx=6S44JhUub->gZ`hwc*?E|{k!LtCQ z8{0Zi{YMqiZae*NGlR1s__2`qSuqp%%t`AJ)cQD^F6X7i?y6qF)LE(rc}m zf20&5#2vPIxf6{8cuDGjyb=yiDeHlxUG7#n9~&CeT?dz<8vOlkAG0)3%Qjp-0OL04e$Zho|oj zXyOU}wWCxK5s{_>BA_55AT=Ti0sjcXQKxiZCPTw@0u25I@b+cw~J{&5X)yeTNyD8_0v^EkvZSh_(B%jZ4{IE zuJJONa18Lm3XTi67vZBGXt9CXnwl5{sCF5=GwWE7dRUW4V?8wLoBbnBIvaug_qqsi zY;WW|3Cl2#kbuW~X(nP)s9uh*T5coN%4I=e0hy{We)>FddC&&UPf%6nm*4km2&T;eGk25Rl8~|Ivh2u2|a5| z6bHs%%>dGvQ{Cuf6cdUrP#4Mm*l>7aT`0h+Ou|l6D*JD(_BE#aq8SH-w^(4Ja>rAmK0Q z_ZAf&FX$jE>T3S_(RA78z~t1kzzDm?G|6L1#=$+6u5e8HHpP&ZxzH_8fK$4=PXc^8 zHeG-oQ=r_~P(0&_A}%E%o@Lg({}$_kX75-3xAH7uA^3$m6{OV0^*j*7N>S_d&btc} z>fE2CnwzBnjjf!p&U|qOdWoomP_ER}j_6~K7a>T8Q^4DCYXL36T&W5G_t0}-_F*VA zKY<_8>jzE|Ev#L=HfCjG72*2=p!W}Q4t^rn%+YHHvs^o6;g zt=@D+x%I5ZpG6p4-v0Kq1pg*KUBYOkvUHHA<88Id-*cZPz8Kf#j6b^5Ej1zhuL7NY zubNGE=>C=VhAf34fi^j~)YXGO<-}pzO2x)|*UfV=Wq0?}&TMFHo#kws&*a3zV%p0U zuK(I06xMFY67xPVM}!Pn-w>|x5>n=vl^H2aXrz8nQ(F9RFbciVYZEt@tgHu90F(ujC@BYW?%?534S6vzA7@K3W?Wf>5qQDEmg#{WawQ zA$ltg7Y~3S0W=E7*J0F9A37tH)A^Kn+C&|j(c|&!-+pch*hUpM$fGZ#2gEm3|0o3w z)uzd(?2Xx)OBixVmfv@7?`Atnxm>3kqqNceDjHH0_1&a3rbH^s$h_f~&-;fbU$zWB zqZW^R#Nv}EqRWkUrUj#w+I=&2dt55UumpQ63N`)qW?k$ey|a}Z04`gES-?nXi)>dy zic7{E=c-8gzcX$hJJql?Y85@_Lf%pw0`AN}E*l|V)P znbAYV^gK|~o1HVSoV$V5H`(>T*0@M%^wN{84(o7W+j+i=UmmHOAdM?_94}UwR;f@tvU0n?r-w@5Pp#K!`)<{vi zWMh@A@={SL9~ALC2K_K!$>B!hHkZ*+tcc}|$!iBr*JfU}rcH_=kNf9$7E-(hzj`#g zpRjgG)%bN=bIzKaa!uPj{>MrV=kUspV7GeY^TA+232nS}>Cvlmme8JvnfOc3EdRV3 zuh+?nT$mbTFI)IBfUN1OyCz;H|DL%n34hzb>U-6bSDDR94ZmS`CB#;{W0l{pO^t^5 z+15x&&ba9DQD+Og$QN>+Q`qXIR0FU3yC#K2&o#9Y>MmJOV&A#d!l@@+t+OUgnZO-y+h@^=AfPE7%y(`@?RWt&v7b#EEn`E;qR`QrkY&cc{$WF2F4rd_3rgMtxZ*4OXcR|*}in?S3KX!R65Jp1Pbq)fj$-I z-l}WI@vSgEYK}RI2$%g_H^HNc%<1i?4>vySb-F1WUdo$$CC48F+nmYXIr>Y^a+y{C z^F12*_!K&XDXD>Dd`fDWO^#GL)3Ez)>m84@XUR{q_5O@UPEpZ3ke|ic!CmFDEEA)N z*SWKTD7*^r=PsPu|y|<<5P>SXc}sI~%%*guS-DI&iP3w7)8GrE}xg)O3+wJ0Pli zbqUq;_yURLvS4AgXBdyIW&VZCpw2O?ChX#6z!|_-SPp{e*x5LopM3{8m#erY8Cd-g zA#E_SlzKPtJS9~kP?VA?9>`5;lli6Ib5u<_Df-AxIw{IQQZWtC(rb*s>+q8#jT2CkIkkw?EbXlKzqu;%AM6*f*eEAqmo* zgC{ijccuemtV$AH;9nXAxBNFgIfSDpkq+Y5rEz%NBhjPn`Y@(e6+XpM9bg@Y-xy%u z(H_UEhg`JmMI$r987QUgkHUaZ$N|Sa%v_Ln7d@uMs*C#l8$F%=2fw{LEl_Z{s{hZ9 z>v1vj?s*-Ybwg9V7j1Pi1bbw(OCBAn6f50>rzmSR;ZlNMD`F@OQoygkTfbs;aB=_{ zI{gj9kD&@n_s0hM&$ZG!h6x-gLdg3D(RAQ2=3Gj)QD1@%qF^p#Gws;2PdK>+*n~;W zKB6CRg5~lJ0 z0kAFUK06lrCgyAzay+!L+jtU&%OFQD4?tl(S&N6H15(6qg*d(s{SmLdRzxBWaaLh1 z&yEi-0&lkio*%Pvg1gQocUYWVZs!wQMsP2|ghQya`%7bDxgiUY90p8~tZ!>~_A;Iw zuk@mVIKfKGfzQL}?Mt@-)}2t{1KBH-dw(FD6xZ9d_@pA;R7=f)Ng|n|4AC^g6e9Q5 zE+eeNAn|*?w<-J6C64-$9Kc}1kjIBXL(h+U_OagV$GVdrX_b&>hBg+2`|YODdl80E zm#a&#n{$ul)F_WSYt_3$_cBvg4x5&x1+odRLynapq0;TL7QO*Z7a^DSk+<6ov?zMF zL->|~V(kjvRPlDYX26eLx*$WxKgiP?)>8dTXDoS!Io5Em5!Q|$!9Xpy%zqvrgFjO?cg25ca zVz)ygFA5D~#oHM}&X^EaP$!ZWD==M-f8H4vk!etvu8#`OVv}v(k_qW%Na#iSjioBx zl@5cajkns}pB!s)qU^M{tH`#=$PW;tfo*)Ou5G+PLZ={KVy9q>Or)ww6eXFZWw}kn zZw9WtU8kD(*9m@$cE=OJt-TFT6gip=WaQ$EG^ifA1NZ(8ow!XmO8V>DBT~Hu)>KK2 zK5Q0_Y+KW_#m#4TE@VJE7nDUJ+lZ$RYOVLAU)nMip>$lBs*raTav2zISCsdbqP@6g zJ{#PrJ_~(e%jCvrf%wtMPPr2)aQrgS2lv8ONHDEajq*4W^cWBc`YRR*I(~QMWG`0a zXbG#m-Eow3Wj11nQ7C03j-IkM@A=9-Nlid1vJ^lXLH zvO3j56e2+ZZVZ}I22DC6O)^@+82K!NKAJ%fVbH@FNqJSIfun~}a5rFxW0m<=Z9CA@ z_QWHe(UzvY9mcCYv!zgUldibGWGdnWF?cb`?xwDycsm=FSm!S->g12mQo-KN2J?tD z1Op6giL`{y-JRslUC_PAdFA8fPCs|QD=qNbjLKa`y3a`Rk@FVmox9Y3M8=PF5kDN7 zA$*&uNOiD~9)q4it128h9~^w8#s3o*af#3BC21Q<21S~-+|HI`EliY5V)$L8^3*o-Wiz<+Xi})|17+RFd>dFKed8{nne5$LpAUHF2$D-9?n; zr+})-4K=e;!nLrqn-teDVDz3>7$j~Fet98m4{&*bYeV7Iyh6h6`!JZsaRQoYxsh-Y zd5Y}PYkC>Xhd*OUtZ?>iHp=x5^dRlw9viAv)4=+cq_;#3`w-Gw0)%ngiyz3h4D$|r z6zL%qec?}_#8Pl zq@TEp7ugtwra!jAjdyOSC5zBvwU;4CiGA;c*ICC+*UcD*yD)u zltzRSC}^47pHh$w;0ZB{x5_FICVu_yHh&~hU?(fR6No!TGuk2YZY6p|Js?0n1ah+|VPb_DudQ`^uJVQBbMcXo<5 zXyvVjJLThgtVL{LefMZMI%?)g!NM=s#*csH&E;J9Dn^U{{*B!SXIWNkWb|hVg-RBNg$Zud14El^y)+Qdy-HAWrQtkX#l0Qhq`|xOm6~ zwhmAXt)ux2%P{&GJD14gxdW6-k$;*?;NtLZKIRKOK|AI{%;aqUSg>?$(T|4HrB3G8 z3RB8-jo%F9RlQhzMMrex;Xh`4d360y7SEUbz;RQWr{w!r1Ckjj_3*^ z-hMl%3uuqDd%b3DmlYfvxSM{R^*je5LgSb-v@oPV?%RVEP#7`@+NvzaX?of~~Bta9&}CHW({!ufhxy~$u1I-b z%5=>LCg9Ji84z{!zO<+bJtxQU%Y_q0LnxF7xLt37J2$D*RfA zSxZrP^NK|(%(aQh$Gon~=2KO&#KW!K-_B23Uo6-m{=DBIyIZILBTNTe{nr@VnR3|L zL&<11OW9_*A=mF35|a3a)UpYDxm-Ygeizq=99{J4smrcJ>3PPaz8bwIJXg}ve^~A? zb#-_cstj-RF{yS_*|5!ETZzSVGqz^-y%#FLK*Ho#qsZRVr&UV^|n=xYY*I%PNWI>6#H7=s>?%3Ez*cQ1Tms!Z} z4$BRl50Z|U0k*l8`QqMAjomvdp&m2@OyQAAmobu)Y2MWQgHGCV%9(tZQe~K$&MKlK z^K)b8csufj@T0L^g2>IX(qVi{5R`{R%{<N zb(?SY@ZMTJD-YMVY;CH4(!>)#Qso)zhZHB0N;5241mI0_YZXJ49CuT_k5)}!UcxEC zq`9HWvnl*R1FMr~lV|C!xF-%$M~GzkQMK*{x4;g7K&l519uC$k#oN|Keoo|>A>POGY)LC zhJTi|_znGe^5xY-m-gK7bG@UVq;tyex$=&G$hc{H-5<6vI#V(?)z7A8o^@zwVeXwm z|A3`ykXj_^_j_ENT;UG7TNC|5ihjDz38TfCzX}PbvB;yapUQiU0a=#&p00}A{Q{7u zgIJcVInPUvf#p6trH>-Aeu0Rc)iPQ^m5Fu+-USffu$r-%+*zLBiF(|*4)PSv(Nwz1ORL7i0!iMEKa2+@rOMK*jE${jTOK1z z8rz>qM6IRVzw5?zkNu~qrCA!FyujzjrD185bf%H4EL8qq+y;3)y{x7ty-5PubySi3 z!+2uwUb)o$hi6#^bab7W*M1m#g}ocO;4dekz%9G><9=P2CBt=69@hF4n_E!vrqJRc zys`HJPwKTFhW+23pSI^-UJu*bZcR_)CLKmOm+40Hr10>V+%l0=iBp0VBpz58nOPba zz88&1O*R=hlJa(SQIa$E`pPY8Ec%ssMEvk{D^x4+xtXz<&Gg*y`*GjcF-1krGF0I! zYGvNT$j^oLhf%(-C9qBB$xl-TE2|z5?@NgV5}w)w8Y+op|v zf#)!MqW9g@GRtN!t7N{4IUj7?Lw@nn;X1z!-W^$GpY8D`U6U!d`C$C^M2i6iOl4x_ zfAp9e*I%?`^>(2p{3xyOP1V^-V|9eGF6=`AbFM#cQmRdXPq9MdthvzlAf2@ z?^D+Qp{)O9S=0mHaIf-G3LGA-_r*CMEG}MJs_$rC5tFzb*-&mj!Dc_sVlR8j{=u1( zx{=`8@|{cj7oMBl?B-1ThqM~q<~tHLaycpEwG~nbevC8l`4+Sw_-gkqR?2YK39Dwz z*dvk`_url`6Zj8j0fi~Fnpd?j7nAT$_Y!h>h1$=zFh5Z%bV=%IsB89m$Ts!so8lW~ z+qWW)g$I@VrR|!@%kQvChR& z9|s#)CSZ(xpa`SXKqFS2OAoUx5*?KA- z7^xMPh5N-xTR&1pHYf6ZidrU3h;o-*fR*(!d;+A)OUf9#-cQ&Boq4%(KRhmZzTB-> z4@k~Ybxx@*FaLPWr1QL4Y~XXxr7t%oE~dv?Iqg@}lwGM!gr{GVT#lk7zBajHUsO_1 z^8lImZTR8jZq(@N>VU~Zxy|OGH*603dF{)~xA(4#mUg z_3(^OpQH|W$%Ws_+@v-~1o_U*la1|JntI=`hacF<5W7uL?2Av)>Wh+Nxg_t+HOjuyfKQ9I(#jZeMOY*(fySK2w z^7pY`hsiD48$5T3#a>$}wB$sB&O+foMIFJ?e^i|!apF(L;>-UFbFf*HZ@-)*@vE2f zo8uH6>*9a8{R9)Yq*18p!Gfc)%72@D9sO3904)UhOv}*Uz{_OM#YcbRT3$4Xr370w z@m<;5Q4-*C_pG?~T3TU2450jHH{5Iz*u4|{3w)yQJc?2H%{prxL8-+7w|-6IT*6f= z4=A6#q{WG=wU34idO*t;=9fda^WBmxx+w=^%lrPrTc9N|Q^45%4<4HLo1&48t@}bW zTgwyLh@$}2!{b;KML$CS^^e64orX!G^Xx%M;uc# z_7=Fx?M)qfBdugTP|AK|b=M0|5A7cMRup7@52j2b{6=OUr`oHy56TWmoez9ry5av? z>&UnPG25%4(mm3h-*2sI&RY@pCSq)4IALjhz1Iux*~qUL#~UYlgjdwlj~-nwq!CQ$ z|Ynx@$T8i>Du-8>ukrxiXFhj2OvPe03+QgA^V$_tZW?=yrPs=Tc0qEg{ zvgoIZPxrZar#85FxA)t*;j&_L`&|tDI{z;U)nNRyj??asW^e4t5vQ3oYeA%y>-!>6ZH3<;BI_mOSpNr|>1*Twl)=-CWQ1T3B=&pz$x%bUL=HqU&dvW= z7%o6^^t)(a%&4XvKT*sjrCX3A`ijCUu(Lv4NUbCwtQ)#-uUoWGtg@ zx^t6SMqk47F!JY&x=>>%o@1^HpSsvM-13*Pj}haqKYC;sK>ds$z7M$A<3FuV*7`i9 zy?1<^|4b#TbN?#%4{ZRNvY*|Yv>~QUH|iq!YkSeg;p_FwYx0b(vO}ybn~Nxr1W8vDLIu>g-xk0; zzh?ER@32_0soI;UrX9}XHrIB7^jI05r#}KTV{pK>g(7m_uxL*ZUXk>38e``~=#0gPuuOcIhF4XoR4^PY_X#0a$*9l6)wNdets zNd*R5rzTZEGj;MuYi>UvAH)VA2H12{J>7KMS61$J7 zJSpDL>LNLcXhRykfOU`BL_6Yt?^`hjM)(=o>OYPEx3`4p8@yn$+a$6W_nz@dN5&*T z6FSvR!welD--``EFDw)Z1TKp|q|C&&IMOX!JlD2`X58uj%oH>1kI%N4(Kxo>lg65% z_9xPFH#?xyLu>T3tPon?9!Fg;()DPw#(#@^xUbwydsObb!v^TH(O&7AccBC4`i>wK zUhai$vo||19sBcsGF0L-@_b@}finUD!u85ikud*58a+r12QiNzK-EH}Q_>Bp5z}VQADhgR#5;Io@f9&EO&O*j*EH2qkW`m;hdJM!MTU z>M_XymJr7=cj-~wcM+drBczcNRU3lV^4WeEmO{C^ClNGU+6@{q_KGLEUWz_=ij9mxetLXiE zup9pFw1jw!A<4jSHzPWHN4!H)VaNK!l(EX5L6-J&LjsI4PTWU|=J_BNbxv#Dm=Bfi zM49@AnMyn|~m4i=N>N1{W8dn)FFMr)gm>jy)q^Q^*YwDJlQ2Z~T zFy7SbOX4HU!quUp$>4TQNV4%uw<%uVhzsf6jUhDi8Qsq#7Yu$?O&c*nWs-AzI=>qc ztF@^)HZ|hEf9Z9NX%(q1F!1SZ>#_zp%xz45JpSGPmHQo7N2+Mqd&}fgnx3vKQp*9X zI4?vP=OurAA8H*c_dy>+=}*m^BO1MUa24OcG?d>$OCHugcl?a{d}12LMY{_UAp z0bj+oqwB1k7TsIks$(4{`3oClg;;zWz8*asBapuO`yi_1e90 z-uu~m68WNwGA0#oIiYH?M8BDtARyCD^Ltm<`#UxDgqb)C3ycW^&dNf`-F4{Afkjtv zA#QRq25e!$#IZ1A{@}gymc-QLWUruw1tl@8Z=1b>fgI!&%9zJb3>jL)Lxf!k58Ih!{={Z$aXDQr( zYhc&q2S5L^chmuI$gVoTw_DG|@?ATewVD!HinM&|X<)Jzl9DJ%9CeEwLaGu!FH=h` ziTH$+oXeaGmkQ{FR3KFn}q{*_FPfky&v{^vI{4~Yvi zn{%cU0Hb=BFBG_yPyg`#(FxBOz}ai|7thh;lAnJ9bBmMCfupRb=tSv^+>HKhX@v|w z0gwAh%?Sw!Pus{>^D@9j67$TmzYW3M?=Ea%!^DrTG?xC1C;`YzeLXG9Do`BwB8oTL z2J~@WMKgle1YEHq``Wh0dts3EW)`cgRY4@hd*QLChFw&7JT~P0b+hu?x}nAy3NwY3 z;IBFPaWt0K;qOOpy*1Xc-PbmC4Py`D)vxC&g@pIXt&FfJ)?T-$jPDy=lJ$s5Yv2|N z;J;ACo0=vhFw1&R;lk9Qa70?qPe+^ZebRfgjg3dF!|*=O@7g;aO1^Ebj|FDh{Stv+ zjZ(J8P2gjt_4XR(YoonSs~K;jKphbCke6&yd(c5zjL!IMamLB~VpmsSKbkb*`F?28 z$8N2&r_*hV^{nW+m(oMaaA6IStYx#0-eBQc>cjPq%@<`A<5(@9%j!yXbjJLxCSN~% zE8yV8DgbCy66{R7sru%DL$i`i%X01_=TkiUdM*Uk)ZqU)AnqP~`GfYm>`LKr6WmJKt!HF2mmkH;NGrDgx@l!6JNQVEt)t!H=FS-l@M}ER z?lYy;`#){Fi^nwh85WN^JT|?lXPwHPnpNtoTsOWvsS}7*h_>pp^Dr#E8ZYy$)?61P zGiayiA{VE6;W{<$Pj$KH;Kx)jFl= zqg@H?u(4aEmzFq>aTUeGotcxFF7@KLI;u4Yc~h`ZUP#)LPHM*4?Z-rY6rHQt5pv1@_yu@dBW^pL=PhAxFI_-XBk_Fh2d6 zJyq$LJs%8eIK&s_$J6RN7d8x#w*tQ~foZ{ZGe#abq35`3iOnZ}2rIbl$M5>V3J4?f zqq#07%H3>`{~AiVl8;5VwU&UXl@sejF(S&+S3(`86BfJ}bd*)Xs~Sni}$| z@_&>l@-h$ZnS3o#KIC7I(8h8rZT!NO4!Qy0Qwwk0xSCZ}WBPZump-SKQmkijExM(w za8}8Tm)HPehOOJ$@jGv|1uHrxj}Qc9dXG@jsa z$o^@sPMJ2L4s;9IuM}Q5vBj4EagUQwUM^;O+SZ{k>FVsiLqb`S{&6l0 zS}0SGejQRatWHoj(4eOgSZcg#yCS}r8yElB8CC4a?>FY%#GyuUK@CPo&pWymS42Zg z_}&H>{Ha?L0EsX!>NlMh7g+(NT_G0VIQcOai?aS%C}M0+ncx zgKwEp>nt(A0oTyWYA*+3JL>N_A23Nut~E!oIImun_LCzs0JmoNojX3oTL|$Vdu~m9 zkC+j;Cq6be_bH@UtHbK~m|u`<^tKQ%LddO$gr|n)3hD z#EQCmQtuqBrQ>m(J*1Q3eXEGIN)+-9QY6~lbSu@_b)U*d(5*T4s|Pm;qAZ}0Qn2;xHmN6W>c0+Rp# zSj;S+C~T&_-{1L2^^(n2nELcwv(<|}}SUGQ?kz=m=!22jbNk5T_m z6|v&(9(c?Dil^A`z%gPz{XN0YNL(?0K+W-w!N2v#an%#WbWPfS zoJh*UeyX%siYP^IR0kI8GGIr3`fKezaOA-L2u`&#QIAvmIHZYRon^!V*@*d=p6Xe0HQtLYIoW_1_jQnazvC@{uXn4@u28j@;e$f# zWWEEh9`cPre^UoieoFamLx`Pm&InNODEKTV1pMA1=a0eZ>MgmIFS(vmgcQjLTTos0 zWuX7rt)20<+2H`J!=!RqaAAC*+O%)FMa;&kNL~Jher3{+tfAhqST4&((J=4bSF-S?WT~EC? z@Vd8mhv``~v2p&8~vJfHen`a|v z3%kc@25iWNqa^D!sQ~9?)%yT{wMu+pHT(jS*JtC8kbdxSFH%5j4WRUo8C6u}I0%^l zogCn1pl=Sgd-={liEZ!pTa0#r1dAEZE(7+KZn`JRy9|@*;eTk5rJqH#J-QzYXjTi3Eqsl^5al?$iZvC`F%6i5R&@?^o>;mQl5J61?@$Cqx>>BFjYkchaOpX$IEM$Dm&C9*loww%d(sHUpKt~(u`3v{U>6e(}}&F;Q;pS z)5ZjNZ!Z;~cnh~>h7!^qPGTS59Wv%)Zh37bXsS%kF&oGJEzhF;d!tO97b$k$kVv(A z)>2(1A>j0iy8rC15+MRHm6SNWAR{+{^Df*jw>32^kS`JLF4%4{oq6kC;%TWQP}b|T zYFhl7Dxqi)I$$-?F&n8)b78wAaKPI;5-5jP^r#e!o!^QtEw z4?XU9jA|Tg>~8$i*wxt4I2F(vFc>fsFdQ%)Fcu(Il{_ClTd68Azx%Q-*+d_T4vK+yCU1T9jMn#rrW`l@iQKt#&us z%vL@84QXy}`Q@|gyYfMewR5{wyPgtG#mqSDZVv6pj}J7b3G{E)se;a~Hg z#8sjXpT-;bU{)!+DX*Zz_0YL)5983L*fv(3AP)ZsR(}UA^3O(@_TD#D;D>lb6y==kUyd> z&=`@ck|trvdGufoSK_GA6o}jXE07Zakbvh?53Mwgt~am!S_+Q6uJ{rEbGv%Q_AteW zxZsF!8l%GiGzjFc9n^2S7%7HwDf!D~Y z%_%)I~xA+WLx6-vU(A zqRAqk;ggbYrFqC#DyOO!MDPRkh$sT#DJF+t zWCnS@&Q}jk^94Uuc>R*9zeNe#9VJIkk}ff5;O1+^1fj}9uArpJS%bx`a$laUtuS!Y zWKS)^dh4Vbp}r3L&=yXJeTpd}+}zUq*qU8P$T#!9q^h;$SgWS7jx|SS6GWf7kCNLa zNi3kONoegbaDA(umg`IVkH)?7(7Suf%-kTYcTEh>U+M1%3P%srt7ZNVk%?ZsYD)G5n6)g|jHH51=zX01s)r`MTk{FM8@JECS4p*T{iIAXv$|Xucfx zu!V~tKKxC*UsAo`mj#v}E<7jN`#Zf9J&$%&M|}mK!Z)F}a+oe-me4Jy0BmHhMV=>6 zCQ8t{%_8w>{1eE9psVCyH1W?qfZNJ<(Hp)JxR2>!wcu+@ux(vJ+Y;6wH4NdkPRFo2-jHq4SX= zL#RiSWNoyTdi+h=({-`4KxXRIb*(2DR;tUob1skxbZd==T>2Zix9Le!S#&=OU<;7M zkL42QwYIi$;v>`qdl-se*gKmGy+nPr?x+qB2mOx2iAc0ViAxjZ`x-JJC$qQ-vh)-)or+(0b(UNVi|Q$=+Pc3xZsL^|wbUW3$4cw*wW>_iOATu|jG=Q{ zkG_m4Mr(P2j4BAljiAqn^JM<@tR}=~uuasYb1s05=7feWQJz4qks&z%CaT;zN`uZ! zW(h%}#>vqkkSCB!L2CHaX~A$BCq4zO;B~?T;=&K)BF|9$)?rT}>}2NW`5qy{_=gPjq$9wBcoG`-i6*}se2si&F(U_g zww3BqiDUs8tmD)%JY-u04c(#vJl`gUuSa8g_Tf)pOkg2A$0sDa>hGhwj62z1TAhB5 z9I(!YCPvVJ4gNXts|TO6Q9ADy5PX$S@6E)nKs8;J{X!@rGz95XEIgS~01&>PrpU3b1PSwCfQJ`n3cI!lSde{jB zUF%7MY6!8Y+DVN@?0!*WC$p|Yy@JnDLlz^R0xpx3nS$i-!MVh*v}<@U8m>-fS(^n5 zZc8o(t7EtrSI-HZ`b3Bc#D?!<%qhe<@`ZKpT=%bP*P8R+Y(azpp*h6UYTV@0=rs-L zPlDkH0NyB9IvgyC|BA+ZLR=(spn0C)UKJ5guV}&Q?*C|K7|*T?>$i3dG?3?dFsG>A zyV4r;Gh}Hra(O?>tI|L{#3%>C)_Q}i-~xF9Wu|SQk>?rQTrGi5=;h}$!=g87?2z7eOmIdR^#GGrpv`;@r^Oz-PxyX;!1#(g~a2Mw}+PLuVjFlD|5qS5JFiml>p0SrIy?kel1txW4UPzS6Q!5FMBrJ=`ws&m7IMwo39^ovkiPRqgzbyJhUWm z&+{D@4XWoj%6B20927p9@KPn6|28=J<}Y!y@;KBY1yxScW&!Wtx_;O&hy7~tAuS3 zOzNXhNLdin=T;qPS;HHtRZOaZ2la#Uc$01vHXS7#O9lv)YN=+|e3cy6lM?b=-H-*4 zP*4dYD#1|+ew+}vdS%Sg#|^t?MkLgcS!BHs9?O;uHL$2HeBaiQ5~>&pVP}uE6`qC7 z<4kx~VCw8VWvyUU*&DZb_I1Io7RN--b|IqWL)@w}q7|UzRzWL*c10cZiskb|pgA?D zR&^WWLJ&JHh9QD&BcW1a;R(|i(~3nO$C-(*F6gG=*^?UfP^-+2V8)JMl_&MG0ktYI zPGg3nkgSQL5DFL$XN?Muy^$AN)IMZ{qfW0m#yI3)6l_zls~!vhe>8~|U;rAUsGFWw z^|YdGL56%}1h$VhL?mtsol6Rl@-10Drd5g&p`EY^@P%p%+t?aMMTpb7qj=B+p5aZ3 zLR1}xx`kCzG!e0|V}uRN&&rMz$?R0Y3?@v|(Xn0d74WjII?Zbs)iYXsw0~MNfj)JSaWUOapD@)gymzE z$Jf`f0LF-Cn#@`>uyKIn;ou>|AFbAGG>YS39jOz2kOkfT1$6Wxg?*5mv2La)BH z%fy$DJR_V|iKUHzrVQ*J&}E=9V0y97FtUTMD=}L>D-U~kwT6As#Bu_|bl4;~8U(Jd zv(w+hsRn6bz=8okV%TVv*b(lQ1AW|wD)4zcnocbTI+VqxX|fSy1VTo&Qh{zRhr@1T z*dtZ2jiZ&2>()HC>YHI0jW+lb;CfUfBD-ZEoRUI1I1f18K{NPjDFUwswPIb;8;P27 z%qy&6|LNSsfD+LjIM8NL`DG56o3Y@E<*_IukVVmh@gWmo3F~q!*^uQWj*+93h~SlYN>F&Pi@Ixi6<kP>Ip?+ zV@^p%;)u~GSR#3v^kQ@x=nWZpY6*&l^S%JbV@c0t2Za`0!!s(OP(rbg1fF0cQ7xpP zxiXQaXJHd6H9N3eoE%4rH~<2}3w+Iiu>_9D_-fXBEH-Xg$HE4Rs_ln9vck{}A8Xo3 zZx-KgNSk@){N{<3$s$$ zf;psuYmwMGBQgOlUhyIvHrI%;Of+@iLshYp`vG&lm`hmo1Du1=H5>7Hyb?KVyfk`z zD6<&cLyI1p#L(k?R^{*(kcc(MueoScuzjSy&b)t6nX~|ts^(RpOH}Y3U)N>EgR8$> zbC{dKE@I(}Fi?O$S_?|m2}g^qzPOWAgJ~1VQvWUp0$CpqD$0Mh3V$?(zF)TRb$6GYE$dMM7w08nsl1x1KjU|mu&pI}O7P`VwReWm7 zh*f4i-HFX>VleP7&%QFnPdw4{Vso3XF@scOt~XW(O#mAPp^ci&k&c>>#i}`D4s`c~ z*cuqI)!o7(L^WqRWlTN31d9^(?QYgvgtteVEKpnM3XN>8Y35SS!s9)eMUYAp&s1S> zZwY7OZrb2tTUC;hRi3nFlUcH{5ksvR-!sRnW3%u{<1v10ON_1ea1ABLh-R!LZnQjr z4q~z!q9m?jWo1^);rCvd;ck_}PBge0O?JZRESY5k93eLC(MA@Fl2~ZHiN~t!+=$s# ztbSE?)hUDB3=-%;%up$O%v9RMQ@F8RghpPNDA zbSxn#b&HZoRzqPZyATQ71UYia(NV?g!qk#j4os0=6+A7hOIi3g@hE-`KapY6Uv$S< zEJkeJl3CE&kby1sl*PQO#)(ZJF{Zj*8e`Jftpcx%7tP5$VdjcPA{i#}yqN6c5qzA~ z4W|gxK&WNKi12MQzG;~pL0us8SaG9JEd&PWAH7%3t~ppCm=|DT(V1}+^k_`RI+Wsc z@8ENX;e;M1d2dyddmsGrK7G`LHA}%XVBHcvihT#r0#0U=u*!AVz5`|>j1BKhII$W9 z)8?!sgU^=^$X2{Z)JBPyQr1NnU0Mx7U6VJ;YD{JLLkA6(5>L!;6enN!q<40gyb5e{3 zlP{6z7ofOXBZdiCalKlEaqmeCK3LcU9gZ~BKMxt)8w-~*3OyE=FWtf*^Qm{zFHo_F zF56FxQG{_31kbEg12U%ZsPeQG(%7#BFxHGRcDfOxI2pG~(N=bBlH>y|MoQdZlVi{V zmC7WIZrirN$QO0c_IR8n)h;5&>mkv(`Qho~kAdj;Ic#f^eEX6net+Uq+=Rw|Bazn| zd{v>g9#L5V`MQNu#4ZkQ+neL29qj^ee(bj~PU1g(;ejmJm<0>QDQ86fGR@j5nQhvt zL@8xiF`T0O+_rN~*QM+i9`?Z2_hOQQs@Iq^%@&cG_KU+u>o2zeg>N0Lm!CLs`QHQC z4<^X31X|_)knT2!v$uu(Qy_bK3-WV7_LLUnb&&mw7UZu5*_!|YfcKq1I`@IhufBES z`7Z|fyIUy#8jyXk1^IhG_IF#5zX4=lX`%jK1o?kzA^(FQ`$P-!d60b;p!nF)dgnJ! z9RBRk(fZ8*y8(V5VCc|Wlm95hzZc-qLnoI110eV1LnmJTr$E+iLH>D=J<@{wDvAYTC4H(HQC8)TQXAio}DUv5Eu24t^jLH^Sq zJJEvt0)TfNiq0i`vK^0R(6pxrKTY@A8%OI|u!a2q+W;;G7zg+ez{dbe0Q(i#2e2Ms9l%lm7vOAw zl>pZO{5imt03Qap0bl{ZR6;txf#1OYH@H&?-%9w57SsJ4KpMB+^uhFI_N$}rj(Ub~ zuG2Uc8<=cUdPL9xb&w7rwu~ zZ)#cNd+mE-=Tp4BXYIYQD)Bw~IRp*oy|(!0mb!nf`Ca|XuEhMrop5h=erA*W+Ucy| zw>v+-VpYsMZX+b~4?N1t^V;6-#QW>kj?j0bN9cPH>D*)1E??*J!&UnJX-(Iq`E2^C zflV;fwCF7PJ=Cu10d~s>A0fV~oB2-XtmRuw`S0Bpzo$=>?>kh#=iIowxF2eRQa=$# z96)<+adl$-MY%sw;{0Q!@H_^MADfk|AGy8dKfSz|fA2oXL-H-GUfjvF!MtyAOZZsy@SySe^QP;WxzqK(2Y3kJ3jkjQ`00}A`mF$W1Kb1f z34r?mI+jk?cb`99|17{40PX_#JAg$1R{-x10mc9}155(+4s6YA$o94o4(s*Ad+ra8 z-f1j){gLc#7}=!VAcfO#M3#A0vF=D8~z@DILOHgu5xfsTqn-c<@IQ@5j^*gctsY z7>7K+eLtc0Aw2vN#rtn+FT#U_+vxoGy~n5?gctq~#rrAMlkmcyEham;n9na1K0E%soAHq|F->LEY zCA#WVKEj6y4{K-AIZ9{J_pTf-Bz+FI@$g>4$3(cD<9&p?IyhdT_3(C>L-7d@&*k_C zVSOH@L-& z`6l!!!cPMHDZrPS#QSy=`riQD?!x@z#o^W+jkF^`JB{e~0RB12J)98tL?PWItqX|$ zG~nkU--#yiQccnwhWO3qi5vfluV0=c|DsLtKaP=~^xA{niT=kno6FsPt>kZ}w+*E; z_?cwnR~&Pa{Y~Nb4N^Yp5z?;{J?77b>F31V81=o?+5N12#4malespNVVp6=@FzcVH zAJsn-^X?!j^Ge)1H@YER`yYD(Pp0Bh% zTbNLvy-Gd@r7-Go?T*>?xNS#rJB<OOi#a-G3bIB%xCI2`5f4htgokt zKI|sxyDy#7vc1qP{Lafut2!^Q1U3Eg%XIv-X;r>rIe8!~TaH|O{~!+z7oHKk%yNR| zBr%b%_#^qzlD87EZ94jeI{$Wdm8A`sK|cVG2-!S-4n$ zn!{f>$G4l7du9+z8zOXRvlMTc<>&G1vMVT;R4NzGMqk$?|K*LDORCZ8Z@%%`u_Fie z)Z02vI_?U6A}oj6cZK8PS-u`Q;?w%=47y*3=&usJo#>Yk{nUW$ z1JPGdI7N64(XXbkPk8Pbvya~%sBdRaI=5=|+RhEB&7HZ8J*(GT5|ZIrkh|Aj%*m;Z zJ@9XJSLfhB|MpegU2B98=r9j5c}NSCyg9F=g;}JcEY#R*o5f!%BsB7;UD`sz{q>JO zGhKfiU_Zb=0{kt&BLMe5JzZY|a4*2^Pe=B>Z606q?S1C7*!o!fbkILdGnL&FZd@P zC;bJ-N&l4Nq~F%T`CY_U?N>(!uYWUsTRWFuNPN{scC>T(X8g7~m*4Z5a}xQ-`< z4*&)TasVd4#EVh?#d|{3eLopaCWQqBz7KVHnEciP`P)T~4-h_5B0t%pFyX;#I9~h{ z@Lyk=uJ3q><0Lo@7osv zXiexB@s|x}C}>B2K3#w4XHYJ{FT62be+BSaMB8xc zO#L~4$1%`;NYq8@QK2Y2%iDz?^rZbUwQgW{Vu>?0&D<$4B$L~kDfJC zzYO3hfHJ@j&zz}WP0s?5f9RZ<`U7Xr)b(>`>c4f~O#KcB&p(&b_MFGzj{*J?;3f)h z)@SPT6xgMNZGamAdfqcrA9?Rg{q`j@^&bH4e=n!)JAbDBqyn!h;dd{EvH)la_Ia56 zXyI?(qWGI-h2N(5;}zl`+aKRQ6@I2qeBrO(qDA*(vUAvoF7_MwJ|UiM(z9ioynno_ zJ8^yy`>;Bt!@tD!%xlbIpc%Gh`1o0_Rnn>fzRB2=%dE-|q=wRXc1pG{vqAlh;dp=7 zT^si!Z<$o78u{vLAh5Y_&M=nAv2ZPxr&!vHk9zEkhdzvVB9_@!*-h-cTQhubq8; z(?#j{rf0$G1J51j`>VUVuWacSm;1>6J#c1XI@>#bJ^6^go0a~0#|_;v{r-uf|IgnL z_vf4a?cE>Gx3@1hlph>`#RXsWh-oQEZ1zCeShJZwh>t4 zrenw#v5J0tJ)O^eecZ0!P2m;h>R7+OpXd)=AMa-eDZGK=i~jX}qF+sPVb^DfZW3MS z@lB%dB6@hADz)Dd!lK_?Lg8M*&3;$i;?#Wh(mO+&%t<|kFSu7LmTzjQo_I(K^pwk% zO|Q?Y(og2P=`-Q2uTcO zw;>_a37@!4w(C8IEn#87T^5!trFP55HY}{^wlsyb+WFjhnm2wQNhX{<%j)?0zWLpm zx$~d7bEi8bc@mN9BHiJxuzYnSg%-I%d{vj(Wvm>UggE$wc%gu8OOmLJWj870%0g_e z!FRXuE(kSxp}fHg*qqqdwqkuJ(HsC3CL4*?d0H zzqvv)KV-k30R4f@`tzOV1$VM_=4@(2voD7_fN*IZ*{r`0r|vBRJ*=lBlEPO#!hIdx zy|~SJR4av9LH(B8o=V9UDrJ9{bKjD!6*L5q})q?OTNS zn-Y)$t-M0p7V~rrZqaWaEWYnTd_%+9`37^p72Jo#^f))fA{}8h-f4?;*l*EK$DXa) z`MH?BgWz6uix7WJuqV=eLq=}l7W4RrZc*P;pyU45+4URtaoAUQTfg5xwH4P?skbyp z)9XouJ0qN#mS%5hB#PESkyOSZ%!)cG1vOcX#I>wfe|RjNw#ZM>t@`sxWtQH~v~qzvRD=SRU~>fW1+?9OGuV5Qluq zwq8jtZjPcZKbcyLJ{z$18)g9e%Qcn_o_Zg~{@!Rb+>O6lz^1y^BR9DG%u@-uL>dms zEuKb7jYjLE@h+CILJX3~LJ9Rxs6#?SP9Glbk~VvJpR~>vS}*NiHIaS|K^QQD+XS-+ zcUibw!TkvS=$c4>&N-1j2AIKXf?0$&EZnW&T@?Px+KKeRnu+vBH54;gSgSRQu-L-g z3d&IUwd*I+uOoO8!LtZ%`wYPc206Co%OL*#ZJGG-Mf}c4IKlU$EZ!lD zbWCqE-#<_wzJfb5>uY}gwMKB~)05=pT~&9Qr=$N)^*tcEKD=|5YKauq1%+NrE zR%N9L7`1{)cZeIOlK8kV5sFB~!IITPN6xBMGFQ}rNJzf)QW-g7I`YC*a$|FS{bKpX z8)c&qR7DgEL`@J*Yg@7!jkShO!9F!Mskq%NaqW7EYqv;TyKdszjT6^ylsE@Ixps5o ztK{fS#iFsESZ`AH-H=R$d*ntUAefZA^HYKX2_*_wwt$y0dSATQq@F7CjN4C zrq~{HwR`3c^Smtb|HgLncE#kO<=xA5*F(eY#ZFo$XH*?5NOnXZ!3g z8iZ%1@^b@sCf8hOK);IZ=NPy%`Q~#C+-F>gxai9>MhIPvK{*4?~Hv( zA%9+WP=3f1Apr$flk+TD&DU)`p`FRi#EU*qy4U3L;VotQ9Fi z4pb$qo~Nca+QCAQ@3=44o9GCWZ%uvb->I!nBVcCvpWK;We^X%59~4>i2dqB5WYHhJ zY~ar7$MnwZ`hx*kzr79a(C*i_-KW0GOXYvgC^wytp0507oBomewDnEinO*u-dA!wj z-S}Dl{_wq$tkP!}(&s|$!{@Fgo7n-ZhDg{)vhUL0Z&b(EUHaqqzFifj@{xzZ{e(gI zle@I@cg5*h!(G@T+s>tU6FL;2T41ORr|wA0|DyZ#&wJQ-I128ROr!^^3yY-44tZYf z?RB6xdB47V?1J6U-|W`E@5J_##r-eV-aNat{reoDy|oDLh<_RGb>a@nt-1Hrw%cOA z5Zo!VGvP+}TAXk1gZHr#p)gjS-x=&k#S%05`PgouzRb~{1+n;t0k>WeSY95eaVzyM zlo664EWMH$*M$7oAJFn~#~l5B!t;QZZ}%DaYXyHB9?-A9$AB-xKZbqqQq;nF!U*Gw zu7T9`F`<8Zz?_fL9`pYH{5=(>_3>vX?WX)?^yNJ~f1P!x(l}9_ar^vkXTX1T6Mo2? zr|sDzoFf{f^O3pw^=fjDww)g^@b}w2+HyH);O`XpE7+^w?q-%tELt5*Mv~|&6=z>@ z_~O>x2KAhsZx8M@FP|fO^~;CNr=HwvUVg)ZJ1rlN(&%?IHZ{1>!f0cew6R>;Sb?)d zWN1u(pTED_DS)=HoRd<_~Oxekd-LH+=GMDd4LbD_6-r zUwuWu>kl+IS_7VXhr5y81ZkR{NPk=~nKzvGn+X-ZK1Csy@U?GF5V$ALbbRsM2?F`1 z|8L%&Adqi(X>x)0dW7K_K7o?*E)1kZ<@=6n1nL;TNH@$1s~ZI2(BF zy$J&OhOc;Qf>1^=Irqpq)?NF68eJxW|Xh=dD%q zwdu!tgI18KC3&F~w1#l|%8zL0$@T-*9?eaUbh|h1}OceSRE=^{3H#;~!6I_1k!=6|!L=#$R>N;{4Mfe(6w!Y5ofY zcNBj)p8z%g7V%4un&+RbJFW6BuD8xPq`%+8>f=Q-(!a)4!{tEb-=pU1un}-a)e65< zBV`mSV=HKV@kA#J*9Yk?I;npivmnd;hYQ+iyrWN=x2LuuZF@SC1}b&nFmt ztMw)0?_8mLu05(>e;EBvaNmDOD}Tw#?{2u4HURfZZWq>{Oy5sImo|P@E-|1l4MF?B zTF3%a`xwuM@k8eOoP&=U$Zc5km*0W-w+`v=t85eavrQ=fok#WiOP0TfEcko)=*<3j z4wtXvN3-jXr;BFx$G}H#rZ?u~IUm#NaT@s%$Q`o%s~_pdXQafe|_{bBLGcT``VRQ$Y-{JRrNujCo&2fwQ!T{$^(*Be-zUim*!+(*GxwIG+H;an zDSnq2A)=x(R2q(67w(S5@%zxFR82@A7!3t@Yj{Nk`-R7J&^JAr=s~`_yOI)lHVfZM zA|w)lNVGF1(ferT+5mKCi(DaIp64aRM#uC z49;6++#|8P6@y+Vm)qy5cdYd*t$wu(J;jn`_zh}!G&k`#dDlWg;P7WIwhq7lCtUig zo0{qsMpMoS zs4zHBL&wa=5k^mJmn)9z#^dLs!1Na!H>bZsaGxXmtoS(u;ctQo-g2cJ^n}jx-tt8k z&Q3po(K_rCrrQ(`N3q6KXM@AZo;4%$Qpo>>!hYt7pThY36`BsuLP*ag6!!xj1YBjK zSiTI*fZG7~U#88^AeiN1@DDf+SXvC>7i+`yFFrkd!QLI z2@6K|l`3UQFIkBA@DHFTM39f`AEEYxz^8$)0$)og9s)cHxXKRYP!49mZGijBg>nP4 zy#ne5;C{gNr4SF`QD$BSX28gD-_uXS z{unTI%fs~iZu*~KoUDZY_OD=ETuE`!D(Dv(UJd@Pgnkk5DBz+hZGSib=4rr14(O)= z#{rKxwBg2?xf*ai^y~Gr>u(h&_gW@51}aX}6PI{2;>Bm*IGKKH^JKaQ@HK#MLinZc z(sg3p&nW+%f_d3ruA$>t-7_$bc_7_h$gdCh1$fX8<4_BXLstWTTY)ctr(1K&x4c&0 zza8uc*Jej=2>gv+1LglsNEcwn*Vgi7%gV0ccniO$=4Dy$*Potw==ime-hes%q7yLB zhx8Ub3;Q+C&aNEC0|w>TmR)|W$}w(0Cmsa*c4(&-<*2ww0cP5XOTR#e=Vhm#?R1r= zxnVw3V1p;J3bY~VLh=4 z#woy_8z3IQ(}3gO&MrR27q2kiXM8#5Gdkbd`Y&)!0sYF>7r^|&X{s0B$*+DG)r%SX z9y!(vFP?Sye0=@DW_118 z*rx)+XlMcGSEhJ$l=@rAosnaD^8|WTKhKTcYJuJvBE5gjjh-ycs)DL?+L;?B2u{xN#F^6yH4-Wejj9Qn79%P-GAMlVmFnExiQ>^w{tBb2%AYiIcwtI{p8V8@)dZ^v)3I$-l^r-fy}5 z@@G1X-gu7mrh(o91OBzWmK(hfx$@QHU(qjfqn8%wiToSNk=}oE`PJiJ{Po=EeE{@i z1O83tNbe7GGy1*t_&4~g+~{EfJUx+rRb#o)`yH2GJ^o4KxzRgm)!uTX_eYERXa99> z^ggmEkMSJoeQc56f#2jt@03-3-^h*LpDgk_nj<}-r1`nhw>q1nW3K7wx{*nh4yoovB@fTeHvSK9ZinEi3Vp7pCw8`wY3 z?9b5B`FCbNS8IRfuS<35ylFuHU1ndTrSrq(rMmWi68tkdbI0`UKR2dNe-X2nwdH!b z0i7BH`(^|B8<;(+jo6;$ebbnh5A3^lEOXC+r}MqBj2s4EAMYN^$bs8aA%|CHJHYwcec%iPc5>Hl&pBPY)Le+TUQ1^*`*{W;qG(}Hn*exA+j z3$!vRN|RG!(l|`1TeaISgLn{;v{4P!-%y->K(b5mIlXR=zsW0k6-T|KG&VOVUI%`P zeI=G^k;}?trJ-7JxfHZ4ceSjRIPo#?Q6YPkdWYZLqR35d*J@_HRL0_6s&N_e+4atEK7&&&;Pt)ZhMbbA6ZMdx%Wy9+iE{5LV>?$1UUl!5u4D zB>fvNf5ZvXk@054xZhUazW{nGE}2TNTr`!oBUpl<4#C9;IuR^DaGZm)5VRp!gy2jB zegp{w%MnNj8U_E^z(<$l9wuA(U7obBL2x#Ln--nEwB-tY|BKS{|BxS4Bj`pT%cu=4 zMC}bh9fIWuR>JqE0T*-M)t_R#4D1L#ym%@d`pQ(=C4chpEkyTP1P#GHITVhkHpt<= zjxc`zqfk;3iC6;bUkOJ$VxdU1t5C8n>kd^)p;fk$@{qitdzGy_B%}XJ5t?BeiFV2| zTuPQBNx3T#4&vSH)P`VGMqUb~%4&y8hLN^97?Rs#vF>m%S}3inQ(9$LbAxAnrDU_0 zw@TQfI%K17ZUFAUo8mIrd#C6+c^wv(TQ3t4dN4@Ac)Xi^(}BwtS}oa1%2p70h546F zrJa{frI#TbwNboo5ycE10rU1twDt_JJp&^%@BevZ#>b-erG0XVj5FG2>mUcErAt5u zEp=My^EjM}@AAgxdf)0oX|3XuY)Ly-wcZnnCL`YtV~%6h`Rcc{stJudo~d*{!XpTF zA^7krlqWALYXsLL=t5xY?ya;X$zP}vYraLl;z_ty;-c>%7S&KZS_|enitT_c<@D<0 z2JYBSl~a`6G<<(O#nX)xS6xMM+f`cnWc=nz9{&onSg-a$eh$MN*z-<)a=#-!$bYkW zzVDp#>BM97``F_CoYYmKd5^{6M3u`IV3S<(1~ot58kjPlZ;ejr%bA~odEMlc_zoPt zEf}EDa_gG~7W`TP?zSXq6R7eNeS}!c0cttDdTd*JEtIpu0RTJ`Y7``3&@# zms86p6i?BO=JCv%_sPU#^&|I`$b(8Nd!xzTcs!O!g;8hPy3}qb4^}Ioh$omx-9QZC zo?xU~YWBJ%S0q7f{)fG5fsUd`*9{?&_ZwDM(J{h;k_q7{hK)-|1_^{DBw;}Wn#oKj z88Vq3x_c6$qKG1RbzSgvec<{+Jnp)#XV-i0y1Fjzaqkh=2M2Z4mE-kz?jB7BkyWoA z!QH;!-&Hl!Q<<4$faBhK?wyk_)qg#{uCD&8>aXgm?&POxl;o#s>a~`TiS9uQda5du zrzlN-3d!4jLMg~OeJQo5N@Yz0J3wZ*56cny4cF&$+#l8{ow8b~M}C4l>rTFE#Mh;u zdmg5QQ;BYB!V{fd*_10|=zyYKO1s{niO)kh@8sCNrQ5#xnr{0|xZeOz0DB?-5x4;O z9Ju#7^heve?YH3m71#%;klTR2;dlq!dv5Huj{@a8k~j=`1>7%oBHa##tvKF&6LU$v zAMOjlDzT2>=*hKH8?I&g^1-#)^+pcce>C-bbOWUJ>DNb7$BT=~8>%YOd~hkT|NCek z`#^bk)Ni%o&L{zYYP=Dgi{>K=`2M1ioX?F>Jl zI1L=H0n34H(8cS38)zOCcpCU6u$|_4p`Sy5^MDt2rQ%EAul)E5X`P6$O}B1m?c@IK zsqN&F(b=EdtdrJt43qexH|EB-Ug8@r@r~Y*8{b-KoyZW0?_iF6;SA+>a3{~-O{si0 zDB1ZU8Ol%a?az@<&rp7XZ^J+3#@C*q`~;up=G^!mm!30=_fPESJSDfJ=gagvkLPc& zv~I`qBgRwrqg1}Fneulli+8S){H}p}-HG5UxivRFuf#V<;!}Q{8{Z@smwVlg;M<=g z->!k#uXo|D-1v6)!S~?q-1zF`by*_aZM^>8mddxQ5B)2Y*U5?X_IL2|yCaqFoj&+3 zkk`pce9=2|<13ce$w_>p@5+sDvb;`C;yail-xR6*mWqJ8`Te>(m2VIiM&HBjaPF4e z$K0vX^)8e69=tC%zG)I)wVb~_x$%8ZD!(d;&vSoneEX#K>Qu|GiSy*2CcfA5q;+!q z!WaI8>+?_2*WXOPgL%?A7Kv}y1G(|NF7XYL_!d5x8{eyW(mFYbZ}daC@x3ACPplUa zd=KWxM{f?eWq|AZvk&v@xHmlyweKHG>ukO|D7hZ^7*99)QLfjIrsvry z@eBdS*@Kup;(Ql@r;BoTR|cL|iDxKX(;#-e#PbwScaXcsGVm;scwT}Y9mq>wSIItJ zpSc^|m${rRw|&`S1){UmfIl2=@(0??;y^F2uoh7}G{bq(Z1Q*4MBd*p*TdZs?kcW1 zQTiF16>GCnMX$XN$2>Ie@8N&paFE=NGI*BE->gL2tZeZty-kahIRS=05)`vkatcFh z*DcLsA&yDYXlnAk{vOlvTUuB%P1Vp$%~F$;O2FvKi7IMn&6;7*+mYDJTX87bF~<>T zn(Q=CQM9rtu~Vm-clvTQ?=x_cIq_-3YaWBL1)%)JzKpG}oyH^hktF zd#WdsSwpjoF4c5C3U;bop-9LIA$zBnt=+#_H7!H)w>xjnQkz1-kQ&xe`^!+}VyBOj zB|Lqku}J9D$cW{1WXE)_@ANR8)I||N2rZ#%h1xYeW}O^EEEt7XS6KH4RsIY%M;3Gz zs5@bQmnwFQom@^5JSUR{E7T#?4K*BU51m9-f+5r2gi__4?V%RK&z^q-bG{_fH6(9W zo5}km%a;}(n3}pN779S+tX%WK`*7zad`7!-DaC-6n4svhniQQ zk6xGT;Ui^EcOKSF%R}GUrRPn^2byj(eX*c%<7P=%Z-I@1|0v3Ac0xmAy{~-vG&<$1 zaCq~D9@a?W(9;~Ed+5=do6%c1=VK4M=)kFfL8aMf&qiKevCPFB_8aW|g@HD9U8xE@ zjs9Kecsd^dhIYoNYFruX|0$e=WmiyOaWVa0m&o!dk+k@usRht~Hq@^YmKH}d*-=32 zlccV^va+h?GI#N1FyUN@Xg#U(0=Z1L)E|wi8ZGrf;RZ>arm=tv>1I=(nX$sT&QeiZ zQ{$_kwF7EJb!~&seX;4eoyyDJO`GX;E)&jo3u1Hr6il)hOk4b=6fBPKY3*x7XIHi&idPOea`f z;qz7EO6W@mE9)wgnWiPSl&Z#eS#4ug8U`k0xfk@I91xbf?m_lGTT07IQldyIjATvZ zz}X;WiFe(7D}IXBXNyUhRu@&*RxI;Xx=!Y5uljEI)C?ra63B_JAq`b77hmIBrKV`2 zi^tS9@z#Uev1B!e3{8z1Ayhg`XQ4S*`6=12ty3F(HBy_?kCr2QBi6WtKAu=jUvYA` z6OJzRl_w`PnzXvwnueScvkH`6E&A1p)2(pow~NCysP0#5+*nob>+^nQqgYa2Q`xYj ze3?(JtgZ3&zgk>YpV9#&uJ?yEN<+Oev%axWsbXfeQcpuKWr;r$G+X^`no>f6ph;LC z!GyjE6Qqs0{`67I#8IlPlt`OgE)!A0!GIFAI+Q@buS8O2O%n6#1C!e-6Z`xX*LvG4zU#@&y(`yqEnyw+`Re6`zt^d*Mx;P_YY`z_q}U+K0B zUhlRGKg^6ag#YD_-L`gsVLsB_42(U%uoYn&z&8f&-j}=WUmsw2z7O91;`0Lxla6-V zAAHhncLRftGFM=PB+HoCM|fZO?2}VVf2ueEoO@N_CdcS@jQqmV!lezhHQol_iozlm zz^es9N{VL}7AaeX3X6RcGud5|+G&I=jg5trqC#46hIEPHMQL()p`vNS8K`9}EWN5w z?~G_hVX5NGPbh3yqGX#FQTm?LQ8LfbD1~V|9ppsGG&oe`!MKucY_0SjDk~`?UnTQE zR*~m0l)k5Olzz<2C|M?2luWZ8N`^@crPnN-5{jxFa};Oz2$!UJT$-n(mU>a(l7%8IgIUwj%POn@$5{rwC|BOaDp~+;1s0D?+C1py5>odYd#OmE@>XPHkFx6s=ms z$#0Py>U>B+hd;CG6hN>g|#4GrBqZBxuqvPi7GNu$q6 zq>MZisr_Z2N9&~zP8ylImx@}gYM|90CK4?}I8+P0fte=Q#U4P5K{bS_n;CVgsgh_V zoLxep0PBqmf2V77Ba^lY<5&%%59(b{L`&;v8>{t7uhxj>?Uamdl#*vQI$e79#ImxWy{>`-A(f4Y(F6A^axC3A~Y(l6!d$BFfY zTpq>cwk9XUT0c$^I zxE{wdj&$2E!(9a|$MLi;GNTRQU-Wd_bGsQPAk94B$j1x^5jGNWegXGZ;F@lRoBH7G zFJA6uNW4!%`mL9K#nLY^(C>PnM(!X-aVP@4E>EY8B*~m|13KDf!J1w?;hs0v z1*U&?!QE4yRo)4Op7UPae$TE?pIYjQCOUQWY))m`cX^Nf9Pl)-ZcUH99JmX|PXK#? zrD~6T2zYKi!^Jp`0cUOKvEKnI1KF{ssmK1kzsEM#Gn@xmYf8#95$8W3p9{_-z%Y*Y z)V{gXc28&1lP;kW|f zv%qy0;-9^dp<`oq-u~i@jSSiLp)@raT$Sq#y-8cNO0BG2RpWT03k<-7^)$!AVNVkj ztTPm}T8kW6ZR%voL=n+&Ylf%N@WV{#%~$VRTvc72CZM8zWmSVOO~A@J$CFvt9&S?0 zr*k6HR7}##serL4&phL7HuQE6jiYFd%C;W6^oAb0_WB-s65KQQ^w@)e@xUm6#xET( zrzksNjXhNo?Md=sQ>!2KIE=yxcA@dmA~;nb?1ya`^q}I^HP$+NYpCu;bj#zbsPP2+ zQ5xeV{8Rj>YMJzLD|hv!CWwy&_>^XHfPfSsomXY_Bfsgf>z;vbKEvEcxqPx%@obOX z^6aT`WW#M7uN>^LA2`%wzYNsB*<&AreBzDl*mNjWKJ-T4X-*e*9%K-Un)FCVaxMZ5 zw$o11OEyHa8B2QIhwD2GJOca+aQ0hh8-NRdxxgL3^T7SU)8zLy+B={EXat-M$sYQU z%F2jSDM@pRhcbO4b#&Cw**i$XQDmXjvZAx4#aNPG`qfwpg7r>s06hkM3(X()2LdoZ zytI4V(8FGT*lUofYg%4rc}d{}nu##A^x>MGBye6$%Sh>*EPhgEZ?3hH9?leu*VF>& z2@^}t*vnwO3A<6SC)N>0VR!~LZz$p<)GR^J<&EkvZ~2$y626W=y_{EfzGl4HD`GHD zAq7J?oe3LGPiSw?f+V~59~OUD`Qk*^eDTJ2AHMTDl6AEI%ei;+5$s(TS*QYd#b=|~s%gayCT`I}vi}km(M_}@MYYHWKnIu=c_6IznK6c%5 zNv@IP3%E?{&5vAl`$OVGwX{C|@iqCk)p42Dx9|G>Eq_|UWqM)p)L)F*RWHfn`2)Qd zcu!S%k=Tz)@43yZn6OoRUzYZ#Jilt*?#ZtG2e0mZscwoSe@~L9O7b*GzEG0IbC5Z- zC+pIKA6>-dxuoBpe3&;~lErw8_K;5UeZ5@lgQxGe9)5KDx*{>&1MVF1)i+*AE|%mO zl3XImGbMSJB+r)QIg&hAlIKaX7@v~f|8C)9o#Ocq>HX!0jW@;qd(!)5HIJ z`&YeGu*$VgINE;W;?=JG2tONi<7)Bzi1haHu8*%5<7LvzPXF|O79X=Cy}b0Aoi~f; zOQe@=YgX+S&zVRsLj~`R5YL-P5BEL(U&GdLne?#s-fQ2zg3F|b1BQ(~aWR)k4-XAL zd|W)IBE4(=`radJxlDR@sO*V_;`tTb*ZCh!kIZ+yhv58kAN%qWNiLP-bzG+FTHEvW zuJv4|d~QGQ54WparhFc~Z_4BauKj?%_kXtV`;uJd+JAW9rUmbA;4<;-{Q8$a7u&JP zf60UqN1G)1Qen4~eEzsQ6MKlIb<(20-$a92SO4$Gs?+&shDuhf8q^#?io$(a6dpfY z6w&Wi`l@}6K4oUfY-KKR(Tt1S6G=0I5feSTY5H3~6 zws8y|6Xj*XENMpYX50muac2{T%FG3xc3Ruu%#-2{mngGKW+`)Um**s%cT`hp7w$(L zWh}s_jvyj1${uJBd7>SmlC2PAT1G)4vCHmBUPnDYE%TIMrsHl34(wSARr|` zfB+$sge262^vk{XpVRkx_d4sGecpA}vwu&2{^5Q**z)`C$4OpviM|+(NyX)HWEqF>tyckp7p~^M2hmrw=D$>{RFS&J3$gjUH6S2CAl<@2cv}O!!NQ zd(QxWoV971Ir8>)iqf|~pWH5|{3ZIY`&geze6`;}&yk7LcRof{KkMFjz5n=G^?jhe zK^WuS;LocGSDnMtpU0s7xtw<3-Dl^5=JtJj_++~F>~R!CNg0JoOCt-Olb*KigK`f9q^FSkUbTo2>lD+A z;LLwPmK{Cf#*cO62TUGHyao+Cy;b#G;5?VK5r&C879n`4 z{{ySEa)|VP<96EF0xg(95?b&#tfOk(>y^2zGU7)l)rt0OBKzE6RiH4lgB|6K$cV6b z-L|F#S1kUg)!})C2349`Po-Fw_i@8{b}h(~Li4Lozhe;xt#5^!9#bTfA)3PCJ#5NC zI$1mQX?lD4TX*>$W@mfcE&y;~xkwq6Jott@^1?><(S42i{$DLXPdQYk-hbo~oC+%Q znsS)tvjb0F3VE^%9LRAa85S*-%7M<6y$%zA^is)?14p$NIEUx5`dSj3Wm_G4*VjM0 zBsBeH_A2LlaR)k0e&c>d_s}_8L!+uiq-oa70x!@dvofxK>i2@z|4YnM{`ZxaYV&qfQ_ryO~b$_Im z2xWJrpQ82u)Vw$n2Kvcqz?UN4FU8^PGy({gLyfkQI=1Vxvp-E-%x zlBHEHhmWp|#+g01_99r5@r3oS5u$;%Wm24A8J$I>E=MRDA&9pZx6sK6mOb~{m-Zi8 z%v@r{u9VS`?8iA#SGe+I;_NXdUAobhZAH)?yXzk1tpN*-zX zQ)QR3CX(`YA&mplULMin_?+1JPueAA;-KS?S=HQs?6&*+75pE3P+0DN?tAdmj}+{S z{g3qiJpS%N^N;(F*w{eAb>Qx3_p$Ncoy#SanCOWOy)tlbgw`CgNZr0UlDl>Pz=))fM$B7RAG}DH%?0 zpQ_p9s}dc$T?aF_GNW>H2${@h*?Ws>4S3GtCbh*ai_EPnYVzRK75!=n4>vQ3^&Z}D za~M!*a;L>PZ;E#6=$@#Hnx_Pf_K zUs!y+_|g31nU9A*NgyyBDTq|zg@nFL z0wqj-4LjN4o(y>HZI+vrV17zz_R2qBm##6tHB?cru}gX3Z?BxZ3qN1GcU&E2Clypu z1hkL}lDD%`HQ8#9*E~U9RtI;ypC%}OiG=7845lSD1a zPYe&RXkz#n=WM%V5&2l`?67ow5dzT=OyaY{KGqe&-wc&j6h@Ti6`Gahtd(4V>G2-- zBJbc#V3Y1&vm**}n&9D5?^Iht4r)SfdAQt{Yq@V!$lqe$-h{2A!ewB+bC&av41E=C zch<>PK{mp5Hw}^4r}8zM5t&VjIZJCgV-qXg?danbwx>rpTiWz{e2-kXCU1~%^^PT@ zKI1*RzOZDmQ;&VsYe~hg^h$1DZ$kBSxo}>ULKACKB8Az2dzwf)lfGd4jLoTcC2bcL zHIOw|jdIAOySiSz%n(&n19sXT7Tc1o4=O`1E=I-m`RzDNd5Nz;m$nZB1Xh+4d%-~& zo1S?kZA&x_q~G4|jf}$np1!_>>gxZ$x~SeOr73Tx)>D7#Z?t3cG>isONi?8YzI2G# zQ{L#z01pWs^E#aX*QBnY|DLGydQkAmyXkPVWIVZ)&Xl#a(~#Y_#CmR7e-i(xI^~zz zsn*{=UT8nQe&JxV{)17aiQMPP&pFTCp6mVA;{&)jaPZ4MqXXmn<@V9d%(ZIvYaH0E znJ)Q-*oWGu*9y?mIW)b$@IZp>&;1uwL|+ZgTvEDp_^;n^`(72roaSkM@i2qz{@It{ zqEl(B)u9p_+9xXQ-xUh9Ot_=Z;x+O8GM>iox6s3HY_jDAr#JHSod(<3`;s*QXK_*` zZGP%XSz$I}`<$guAAWx%b3@@jHaZ(zQ65Csa39OjQIB^Td}epOtR~4&Hei9_}u<$s&JKa z3hRVF(?pFnr85B!pk;SxHuv>KjujCTCBKU1Gw+B3EVOj;G;>rQ2LCAeRS}__b7tTE zImPz>Jy&@!`mastfqfRgG56K{2Kp_d`@!tK-skDhU7z!w=h!Oe=>GQ4Z#VXRfBxoq zudPZB{kN0*RQHMYSw0`r%)BGN|NL)q&*j#2{}&)&dJz!Z2$IejZ%&KvxU1~_n>Zn|0VxT@!P(kt-WkAo{vB8exCoEO*{SQ z6WPD^KiKzVA7y`;_mAD*MxTd0pMP%oTobOGL*I9#{Ym?^=X!JV$u_0Y`{2Lz?2CPF z&@Nk=d8c77#2JIQ+4a_B; z+A1p@&|o*?p9Gc&)hg+E>BSKh*G1}n*cN8=gTd`olA`6smQ$Oq-CgjW^LqWtSZjC2 zT=RpmY|1INijw@2tRe&?$RBj9So2{HAYHXC^52cb!`y*pE$xs6wUICF>B~p@_}iHK z;32_Jt>u?j3XSlSxxO9rCoiaAivyVeb(h{~?0jWG(vl3deQ}za4m^~3=A|Ks z9r8nk&MKQl{b2iRe6rS!hT1XcaA=-9f^Zp)s5gS-u<9!qaFrcJmggD1Oswbd+C z@`Ed92^A*{Mrz`3y&f|ia}sRyb-+OfrL<#a;O-W$e}0NeSLrm5`4P#@hnQUloBs<+Swh2FC24!ER2L zAE-5+^NN2u`H?3+YUT{O=-dZ+hQ(GrHY;zGrj>Jje3+}eFGnH_iA+V<)wQppsI-N# z-fQO)oYa9Y&-Xk?T#=UtOov81oSo1lRUyvAXb(MAXK*PnlW!A}YyMcre>o3x9CDcMn(9?xg@DXlnG%_p02tdz z6GE)7izjCvy`zF}+U}c=3K;aiIPtV5v}BP?b&{=me3vf;KiF%xa^_GRz*$C31bKm0kFF)Yy6=T;b3X`d9~`%AU7EVA_s>o% zY-5tK?R7@9#;}7{#{c!mn@~+*y)He|!S@^2JL`3B>a=90>wHp6g8~pcR$7x?}v3Byo%3A zvmXde>;WvS9NBiyTDgh{a`hNaPus=?4%~MD}`pl1e>|_L>c^aNqmxlJC3-v)sjpFEiqL3ba+mfx3=p5borcP zA*HF+Sht#ZF8TD5!vm3ovt zW6B)cGf%o(UXnEj^o|(yfSJEk31FT~_)@UDedxO@gLoVTzT6G)_)f8io9`-{t2hn- zY**w=$3vX#M5$3FvZ1DD*F+CmdQ#>v1ldMIU`1GU|EJ6Iw&y|abFIZH%>n#vKGb5_ zzUAH^EhQY5r$(G*vh?FK$^B>W193T5pLzueDru=Q%`n8J^C7PYqO2_G?ho2Prq_jm z`?X(%UJYcOkzeBj+G|a&cg+QJWsDz(@v8{f#(?a6N$t(i>f@eaRMv)-g{_al)$qE7 zXpqiiIM0Xt+V-Yh13ZIm{{=ar7h|kv95RI~jwWyC&EAVH4Yt1i;Bmq)WU{&TK>BSZ z@8!o?B?X-W-Hzy=^uxAz$j)B@Zr$TkaDHuk z{n|n(K1u85Itt%p&S#vpV_QU$E!Ud;dOxiy>C(Mav^|dN2cb{{ZYAB_-yEe5WpiP` zNI%|XN1gC8mA;D>_)6|Wcm%v;30lHx#%vH2{5Usb2jkqxYyLCazOfYhqo_cyGUP@!+qFkRN?;67uQKOHV?Q;uh#Mz@2*MyMzBz^A~85!|sU3g5=(aE%*; z*M#=6@HxA7+8nwgTY@T7@@QBf9qb**e!eYzGPb-Jeq?1+W>KT*Kf=X4=p-<1qB{aVWi!kj@ZhwqnWY48VFbD0Xx>9 zU0vMJ16&X|q9hT`VhmJO`>;KsAV2`*pQREg+A7K?E)kzMB(NFN#cUsU?%@@r6`!A3^$~QXSJe6 zZ(A~a5>r>`68zFeYfmy)7+dTX(dPG5+4QX z_W6cRYc+0}9LVlh7L^&Yo=ydS|DY&c*pqoWqGox+r2D#s!%BcIG_l_sipacRf4`!7 zqzv4LR1#WZb`6Sd-%#vU> z?_ldgoSBZJe+q$Rk5?cIBFckrBxsWJAj@T7=tdx_tPe0Kv)%3&6&~>IDUnE=Zp_xrop=1!Ne6B;yp49iSa|8?pmtN z2*n52;kI+)nT-KgGB~0s{VzA(b2g>byI$oq+33yWb3;Y%anJ^gNPno;ysN4A)zQJK zpq5=Xle5ENgB>w~7gDAsO0j(B8Dv4lnWCebrUCWGu;OtuYVw;dkl3ZZw4Yt$ww6$w zkhq(baSDc_aYk;2k`nR%MR0)mTOm89NMUR*TQ00X#|He^q5?d1a(6}t9Pb>VIQYL2 z6LnN+CTUCe)U1-X=Xm|quf182%u$(YL(~4z(q~iTq41OH;JtI3mlAJO1xwppK;lSv zU$$6`wpaJfA9d;XFoZJmwJsMEmd}P$OxL@nfi|0ErO+CDc0>jvcIQdy`=eI;QS*pc z*TLb#?#2KhKZ1tZF~(};D{*F2%WKK9#u?2A4#dP)gclu0srE?kG0euJ*iWmv+4$Hz z9(gikIftSL{Pu8NiCV3lgB%dllIq&jtVOs(IPK{ExV5bNnwo&eUiQGq5s->QFL*NE zDSlwWlHG$l9aIZ^_(QMf1m2Oz7_ysg!Oaxd1R3Lc@^ZVf2FF5H0qE;@awcVzz^K}M z)ZhB{!cr#P_>H^VdYQs}m*q)rb9J0KptRiGDVbJB-UPc^pqZ!|sREV??26egNt@|q zp0JMdK|b0t_Rxdnfv_%#&te5^NEAaqX7baLyU;+H;(Ao{=r-4EO!2<~ZQ`B#F1TM= z{K{@hxq_SCX$?0q|NG+4R<@LEkYzn({$q9+<*|tjK#;N`5ersszGJH^A8XWB)?Z1a zw=koCx`<{oMKVW3igd@$Um2j;wvK5*R5)t`ZN{iRMEodqz*tCv{F?HIv-3}HK60?W zI|c@(R28GHVowWN{l@eiGH@S|cjG=iWit(auUNo zbGJ%T>1U4ywLl+GKC^ouL01>2-z61L^X1TEyEWr-$x{x~C0*)(1bpN8kT}+X4mJKX zo^%u#^cvhEUbL!tqt?Ueue7L6uHm>j^G;;`GHU9)lL61Jd~Zuf%hW32HP^KYiHs|ZxFI;IndvEA>$1Zi)?n^5tIIb|jYczeqB{kR`jl|+ zDb(WJ&QyBYbT|Rn847mqlg=Ao8RrtG!WgN#)0HP1x#I%2l062+f2k@m8bB*DJYwcj z$@-%id3EpPDQ{izM}??iY!{fML#Cs9+=V+guqFiEY-Qut*A040M4 z57IQtk|-xerks&?v(D3h2z_|#F3yR%^npI8qahMp+zK9T``Rh~?krVYYaU5mQ+KSX z%1HZ~QxEa1-a-d{{*?HGEU+t6!zQQQ?zrn#H->q1XA~!~YCIKm4<_Q*$e&NV>}o6PvRV<6lcFYo^P7hx}=n>X-jA5Ow2 zy#}~f!9-Br)?eToT~(dqqs->=xHVL~4`@)u|12sYlkoO-=Lwl{rE%CW!9t3e>?z$-!K;VXbSJIC%%-`0|0XC| zm>Xu{65aebx9v37HZWc1McI(fWec}7ZG3W(t1~-r_b$AYq|TY^S;~|dQr}gxFu6)y zpEdJD%3O(ppnC%{l_4sVlXV;QzK+SW;?`x3suc2oyi5L%677_&Zh?l8jA^9gTP#=X z)d#_3hv~b3M>U}H&z5E3r>q;aZ&v6 zfo7g_{RNd%?@Qv%F6snMU#k3`#D)bnQ27kSnubh2MPr20ZlgDoyo1+Z;QT9z-#ROe zc-Zhbog*^_L41hKOWbs%FTbR@Cj^V~PQ;;TVuY?8IS$)}>0RA{9-DR<#V3Tg4DgRy z!Tomd06)U3dNh9besIoOdX@q2JN$r~s(nbDwn(`DRf&RA;@m$kVL+ zUt2IH&f-w{>q)f5=qTn?p$Qd!nA~W`5?+n7UOa{GlKJ#*kD3e@oplQ1{yP}iQ0}jc zzx04ZEAjB-VzK-Ij*Tv9P`DkpGs!qbFP&<%aw_I|Q9|uS9+=2=t8GCcXVCldI)XVjgq>V$WNh zpigWC9KcU(rIt`wB)n4PTFKLzG5^V^I!>y5YrS9B_QxnulpWyNnhWyPj=Z%rI$Oemp)~<*D#T^Ot>QZYs4o$5~BnQEVM&?SpAh#cD?3lj6AQ)xmuH z_#|WQ+vX$VvAis>b`r36ohR-|FXxAN;W4+Dgb=Es>@l-WpKeq|^k(OmBgR#hWFHvt zW#ZVs<360~XNxgaC~;)6vTW6^9m(BuhlH_G4~?j@OsKE-#IHyt^{RPTTfMB+%m}Ug zGTu_RQXS99xdN2R7{=p^0ILC9WkX%*laz6*c^>=XNBUI zQ?bXF3qY+K&H_1VP)1F_SN$)0oH=Kgq}zWmW6o`eYn%l^P)u;~eapnoHFT?c;OYVp z&uQA5ulE6pbC-LRvJC-EU!i zJOo=@P_=Z>lPO-&%S){0OU>j$O)L9s%w;yl#>V(>hLKwFYIXy%$8xMltD#K1i|dz1 zF5q;d-J_etizTXkil&9KXDzkj!tn#Anp=^aNs8emZe@w@eBBv*#Tfk0)S6_tYv{VT z>sHU6_d=TyW@bjk?QDLFU%(Ai_4ItB%M;Y*=P>Z+!AHLN^OF8sPKy1g0d0A7i{lwPPNW#^{XNJouRB+mVTXBh!x$$O#b>fxoQP$|1 zeu3QRSB06~_?smdDSr>0>qM1AlaKE7wjCdxjw3|D40kGKBlfYQpdIN3@gSS7J*COg zdj3G^Yg^RBgjl&cR~grNb)N=Dtt#xRkU`hX5u=-UBy2ZOpKvBu_gw!x7qop9HKr5w00H_ybf}H zl1kxZ*hN~#`L7rcM9}H`P&H77)BqL=>_yp%PtH z+T62b`I2U@Q8Oa)B9-yPD-^g9JXlivj%A2_{UQQZ5wYA`G0;#xj(0J3njChqXmD`6 zUV7z47HbiZIcf0F)vCnC4JJAbutO`Wx;8rDJ% zR5nw^Oq#$l_?s5>Ys%~;Cs^JFO-uY5IiKA9Ffo|Uj&H;y{zcB6F5@PB>Kv5b#^UIe z0*IeBtUN&_>SNo5)op#jxW15?%&)z;y;TH zEhNhlazO-B{*iQ7gfdI~p8@c8)Df%S`9V$>>UF3>OMlMYJ|30;>ZI> zULKO!9f(LSsGs9Q%YCmO+-N#uzhDTVxAhkh$9q(mAZ+uFw5%mmdJ1-D8J~ zerUSe(_S6ZV7#4J{^1}1U-eF_{kBWkb%lB%D64+ocsfV0b^ROd6@5KYJJ2g3QO~s! zfVcchk2`y3=8hJ`R9DO-9|0!J_yZ#CRLnK2`S2tlnjYbwAFn$!vOv6dz4rbtP~4?*litwa{tg==x5gsgk*`K8VYL>)5Kbd6lJv!JWZ>@)bI0#){)p~$zun__#| zpL9Lx3YM_aC-pHEfC5lcX z9)A<7c7S6TY+}w|Wf^Y7b&+FcMmfVoZu2auu}AbnSWYSAGrN8%os)}X zN7^wK^G!NSis_{D7~`4lp7x`3!$&xJudTV}@9@&3XV&dEPT6V-LsnPjh$j{j^@}Ltj^4f|LMcV@~k+W6l37HYxm&fPt zvtUi1c>;>vu5KlaM-|2S&RhW^9J^HAW|sIaU+W(FpsPxZtE-GJKD;(P-LJjRl4N`g z#>)ZzM)N0*jGT+(jVgq~2>m^my0B&cI@6#963;E#Ujxv}K^P=HU{;#fhAs^FVTa9;n=B7Pom0&f@*i0hW^&u~ z^$M>L?ZhSz?=QInOjyA9#DUTEf3G_T@GYaNkf4T(sk(YD#y2ETXGFP=op=2daCMm8 z87P3u^|W4}6d@WU|nRz;kK`k3=m=@l>MbIl)eOUNmwQMH$Elw@8 z^B-eIn=DsW{_$)?+&tZfQEprS@peCWIMVPoh6x*CGKW7u$+yiQ)L9bAE{dPDzg7{9 zr;DcyJ`JR5>!|#BOd~cTv8aPl9*$X7J9e8xXlsXA5LwG=ibjo3RqECpA0qk&?v&3? zj(aT2w+!L_t&E;=HN!`)cGj$gQRP2N>_G!TwdDKY_6d2%bMEo(-kdLk|0c#Ct(yLj zqu|WHXzdZV#=$BwX7+QLh5lYkarzoxdRrIvB{uSx9>Hy*ZcB5T?oZ-hit-9AS}8Ej z8eoSk>_3--(L=iDZ+!|3CoxprfUUKrMoTXt$q@wYKlbHq5h-g3Gl3cK(?+Fevdq_O zI~1w-*v0&Eqfe#g7VSI23;f5)+R$K+Z81*`+B<9_%kf`wBP(vi48K=Q*T%xkLuL&- zgL`r*AqeNPwF&*CjGPXsNly?7^nt(A9y^TkqJb1a%@}b9=8grfl|NRY{a3rAZ7^ie zlP>&a<{QpytFp4;#zfP7f+meCd}>Yzxia3a4O!4ne0t^Dpf7jYB5rGtmP5fRttQkK z-Z(bb`U-T$X=nO0bNl^S=0_1QdGvHPu_h&I5cI^qgaB&vTdrQVZV342X0nN&yg}r&7pu8k zhi-Qdh#8{_2JQeZ2eE6SX{I6^&6S>_=GEpDJpNO0ye%MePGQv}L&T0ZiwEHsy#2mw z^jyx;`+chxBpv^4K8jwtS3ZC2dP^*{7a3kt-~D_Xp8N?NnSbN!DG-`yk7&6Z$rlW? zeL_XK1asDzpErXu)@fOAizl4-@=3~^i$~}t?hX3eo5a9SuNAP70U%a1&})TP80R6_ zUqzPq5ID5%_+>z)K16nnH^Iy%rw3YTgBjSmg(TBL@^FWa1tP%6U4a?Z%@Oq(N(kwi z%U<}W0_Fhk+tG4=2|p;u(HlOrJ-Kh$^@=b^C0_j)^HOQY6DRCC~1~A)y>(;fXcZ(j<)8o#{2QQV^4p=ZKi{1|h zcJP%(q-SR~!r#Qd-i#C_+93Zp`x$ZeYEzG*q^!IQP4bd_5AlP|GY=MCM%Q5*Dh`at6;jJDUKwmK|!l_DO#z`*S4Q9WAP{YU{iqu_PGZp9-Zx$|p(z z5xItm-;;N0E;v9vJ9h?d-b`;PGMy?x4KU)UYtj8kw>q9c=)+Z1ZP ztXx5lnMCgF%JuLM<_R=XGYkL2V5=o!6XB|Dytx#>%;nttWEG@Pk2zZx2wNlPhDjfS zxW^d;jSx2n9L#xbE8FmUm66nHSyrV{NWK?|K|oh z)9U%7$G#Kk(39o_3tzi|f(CiDqBhf#M3TCf?5PzSs4F)ZkKy=nPlKL?JOq6~w>1t% z+qCG*6jwNq;oIT1kQlN3V?$adih^Bn6Y93zMF))`;tcOz{FU2Sb>;ik&&=qI-=Art z6DXk$M@NcGstApC&N>*2Xr~6MaX@Lj#C#BW=?NJ7mX&u`?O@k>9GRU*?JCuG}Lp-5n}L%y#{9qMy!|=G0iV9qZM0@K%Yi&%|R;v~(qG z0ozV<2u^HDh$?7%(^RYTEyO(0sE<(owBvg`9oQKxO>A|q{ndUO9|;R(-~06Impd*U zjp?9{=I>LAD?&eAONb`N`Y{gJfxOefXQ1wpxVVAiJtvg3qMmRod#I{4TZ&TNMeeKO zye*{N%+X_hz=nlf%71yw3G{_*3mi8q&hp+dfS2!MmD#!}T!0>iRS-#cLgeFQlhn~H zhai~mMz&Rk>vG~wz3udj)SZ`g-Cw<;xazHX6_!(&K%N$$OthCLMQvI9nvv?G32pUe z#b#n?=lk5Du2d43dy=(fXkL}c+gNvSZ?oBMSr)ge336i+=S%f7)luH#kDmzqPtnib zg^g6d09AcK5P_Z^rW@<4eGV2N_hR6usK6TIK>#EnBy?`<@x=F+$;3t#7B8LlM7 z!6C6Vq9zvj zYken39{9T$pN8S~E4S?p6Q=NBKeN$C!86F(i#qY#xi{t3$Y|`EjFN-bFWfWdk)?v} zFF>E>3B1$5syq}@>u8>*AP^Gv)g2!&4i576v9y>U%1pH&!%j!+_NLjX;?@wHk4`l{ z3v8VQW_~D1$3z|y%I_TJ1u7Lw?ZQ8t(A|RtSUI9^Qjk*->JtWjjT>gAsLupbzJcIYJsCy9N@@c+x+uCuf!OUwR=*v)iJw18q^!u1d>z`)&Y_Kc(s42^pqje!DUkk-Ta-cC3jnxAJG6aG9y(|sTAssKS5>HZkPM)}$ZL#kp?drx; zGbzmPnARvMCVgV2R7sta5mlIIf+^m-PCCh~np9v`O}!?&*LghxP3nHfy$4oevu3Uf zQlbKw+7mNPdJt}QRCspSw<@2qLM8XI>Y@OJwvsd~aPVtSY0thy8-T9GMYziRMVw^y z?0_1xBmOE(dHeK`eGeBUv# z(4%rKYwMw9@rL(Bh^N4k6}BpMjkl9&i};+7RPT}$z>w^U*YJl+CGs73a*b(f=D#c^Z%XeaBe1!IQw}d6Ju< zCI!1K+uzlnawyMPijtVx6~NbJzzeDWHwwjKRdVszgvNJFIxL}<+q*206_dV8R?!m4 zoW#6eLz{UIHZ__zdAWGdNkJE`A~|6x5TiIjS60RI1LAn10!!0WM z`Ym9sNB(!WZSukU&2I$Jk?0(HycT@Erd0pBZhEL#h@*$@!FijQuyJ-V_}7-yjN~@{ zA91FxMx*}*(fxv`tLcCBV z0$H&!Vrxw&(}uk#eR3?@!X!R!V`@_)@Bj*Iy@Bl@fEgiQJ{DhEL{d&#-epPF@nR9n zT_2&aL&EE63fN5%z4y^LF-$D3E0Xv^1;$K+%l4i2x3j-?w;#1Od)cnYybv8qvF8K- zRR5pMaj7L8{{xsm!Zu~)IK9y&H}~yfq;BjVWBz9Va63oYAnHos+A5&i@CsKI$U{VA z+l?Vdl}?G;#pcdK2JFe}rx!9nZ@g<^GC2-%giV3DKGfxqV>I#2#GqbId?DQQ3~>Xd+@nS)*?WW7^r5!|@`&jpF?UZ^`e0i;+@QRSX;Xqn=wzvIz!p(3r zP}d=wNA*r~AV*&li<-TmZwcMnUw*mk;SHYZLR_LbF=k>pwr$HuEtm3y2BG0G)7=}thKHR!LQWN zX;lj@T6B6#*g=dL+u?Bk=w{J2v%SR^;ity$_}QY@bl{4Xd$YrYnZMwvi{a(o%5cJY z^t1cwIRlIOKDBJBkn+QUw(7vOv2w|ax$Gq!})xT`#_b2!glmwe$4Ee7qa0Y`_Ud5F3$$b;Wir;Q=}=hmaM{bJIor+}YWSNV@%t?Mn+U^7erfk_r|n|92BCQs43G#Y=SI zKx5ldSKWri&1m#m>rE|`=wyO|mZTO==nBuf2rs8?zVUXO(Hi;Gj|e7EkUuGkeH0{Y zk+R7x*yQGJa><+A=1p$IX0#qp;Kz%X=LrmX7^F~?B*dbGqFiC(M`2>kbnm>EA-&LI3Wr8VQP|QM<0SPOMTg3PVavX zeNzf28y|h=O3oifiC|2Y3W95T^`@IH9Jl2TKn{1tm;3wl;`3)Jo!lk~ZZ(DS zZN{)N_Zl^i0|e#POZ=zO%Q8Om@ZdDar~$G;-<0awfO=WP{!_dNxqaFThp6P1{@3&_ z>WZn57a3_hJ0lrIjq8vssXZu`I5ycds^f<+_3^@!HGoV6A0f^`Dc>XRiu?y_9S^7E zlrOt!fi7@nq){WfBwVcWeG9vziiy4cVxi2#89JpV zw&QQh!Xh(<@L>|nc9gOgTOfC;+GFj1!nr1|m;CgFZI$!FpxheZIscd%v@h)ROyqC^ zH-h11Bi`NZC>h7EeTeViweL?JOdZKEgnnllF%)C9hEHtHM5MMy=r$q_&#BiknP%3lOi65%RbvqY zE;!&;bflUz7Ce~oicuLNkX!|cVBVc(7^EBDe=;DaYui z1cEdLrVM#=l(U0rJ!I#zocL{emv@rWTqN#lGQ@L~FI{LxmHFK9!Mfq-%~gmG<4|tB zACa9LFv*<&7PD7;)25!7PG8}-rwr{z(C1-hG7wx!zL^=t*LA($nIi(ZPABZ?%yz}G zVWRgD$MVwQQI4*{)~a}Qz1Z;&Tw+xsX(%e{;B36Q@70+bkR-L}bc@@38C)Z|mBfR&JQh-%u zKty?WaGLINXQ@^&!YGrmvB;>te%NnMkgweKwAqHNt9c4J5b7sPF`G45#z^Y`UnYPp zVVC{yb`aUiEbhfK0hG^k-9*>SuycpmYsgaTn67}d)*6^e-Q@PKg9j%OIC+S9L({IJ zU} z93|sWIo*Nl?=p;F0134XSAH1Z%W7+Z4%S}@SnEdKM{Ohriw+FR+4slpMeMF0R`X@# z>J`e5G}ZfpOB_R^%oN+C1CGe8s4i98RY>OQSX}{ZponRO-`0^CNe~url+Gn|wQ@B< z@AwmSCogTU@a<21PU+K;b#lPD2PYEx|JzltecT)*L1ql?%H#2h0;`@XvsN9wJFpMN zTF>lUYKMMa-f_7`hs>5ICU_Mgu4=T*qL;Z-96Hw&HB>e|x)pnWa`iY^maN`(cWr8! zp5IxOWU&${vFgmLOHEalDRc|9nlUOTXC4M~XI8TWaY3fbupNd?vt;8n`ZXj9QiFOp zm|A@@nWE{HVE7pcAk{ewYQrI?p6NCYKNymRXaA?2Y`XSj6`2tPq%^#yP3NF1HfTN7 zI7>E30ib+wEJQa1BWh&Xk_`P&XODc{9vkAVbI0ymAEc5sFT?sP$NRE#Y_YGF@bZ=W4&;GHayKUiw9lGu7P5blai8Wi3$8x<`+ zClQuZ%#DU4*`@3COYcF!f()M+oK5Drk;-F1Yg}rD7U&So?#TqVdrsnEy!TBA34xg{ zSubQU(YT;;HAaA*{wfw0995yV+%ZO{e0^j2R|tP1B{w?MqQ{&!u&`=e+PD(B`_)PZ zl0nKjc6LPIA z&vUu!&3_1F)k6E!P64(}o|S1hKdWsjFKCy&b$c!H*_}IJ#o&cs!>p#WKCLxl1N5OC z!P`9NBK8iGX>3)1VMmb~YSzv$FG4TZc5NJxP+3jf%^z#P-C7lrX7v3f3q&ua2!+=c zDo6PLAGW?KEQ&wsA9i7hr8}j&mQHc$l6Av6?(UMMK~fq4>F#c%q(xc~@b_~0 z{^NP(;#{AZ@64P}oe5W->SsPD!{w5(37U?sP6Pg5hTj4>exPN@kJwav{~UC>JCyup z`$^d4m%-Ue)biOWNLQOdrLD*0zP~ZZUuUVCfql~K>%SnEdT=MD?A_v|@aEa>isjGI z?lZNP&PQ#p!aDrO-}e`>N&&4y?_7t!wIS>ONy^R&@cPQtbJ-DeGt&&z@Pq)7^_O`Y%UmwpJFzdae|(e{v_k*tE;o`o+q zY;_B<)ENF~KaS(E!oAN)_Ww5;EJ-y9GRR)?)ziwt%X0WZVT;9c+o?Tbtu-{lpzymk z$Gf|4a*|@o+jRBxTdC%NlIPRfl7s#~&E7?ZrccM;8`M6~Xropv;ILst;X0W}IH^~6 zv}9uT*zmk`uRl-W1EYL89~w4Wt=sa|JDZ;kxQ}yr8!r~N7bN&9esBceJd^x6{*w19 zqj=SpZL~~|Q;z6+O~f1B**@%0Bz)I-yOe*T{mosaEqYSsZD`386Y-R<(0N}%4vVDD zbhVku=Cwc%OW%X?BDoSO=N$D6dom@FKmJn+UdUTqI`htO{CcO_7R1)apQQ6A@t$2kG&AGiLEg{KrAC6ju zrcRC^nup)s{_{R>CD|e<*es+rZ@3tV&k;OzcD{Kw(3>kV zmFeHE6}kGo8PF8!x|92PfWK#=b<3kFy8^5J>5HMPht&2f;Qr<7`|izs5E@rfAeHN6 zyWXE!GuNTCEISTv?mHL0$A4>aagl`!s-~X>gZi73cVGNLK^2Cxa~)PL%Z^7UZJmMQ zMkja2J2Q_PGpgR7{_EP~=se7;5K?V;`efpj7EKZ0vi%0)CjH;<;Q}(RkDoX`Tz3#U zOSHbFJ`s7W7+(5jTHA2$Iy@sX?$h;S=NA{{gWMIi?Zubvdd>BSXv`mGJsG?{OEs@5 z@bzH9w}<})`u`g^DpZ>od+Gj@<;r(=mqi3Se11lpRF7w<;Y5@1`rTbhB?XE*+utnY z+5Xf6zYRXKCVhPV+btPojB-vaEk0Fk{&7G1Z%B8buC97gy{Ml{ca6+iA`7nTV=}d9 z#pBA4s7v*VQBMHAn=Xz1z3Zp8fcdW@F)7>|Z>zB;Td~fA8rBOGGFFI7nIZ#>-qh!c z2{w&Hd6lqc7kWe3eJTo%C&GqSmzH-n)CV zYrQGBbGC!_*4t~fFesH&^l{6o)6HedPFoQm#L-6o?&)rYFOgwv=sMX(c zzXfH34d{da5qWv|-KIJ6BRT$@QSO!RHS1M_qe4g^?qOZqV%mu}m{}_ec4Hq(1B2?Q zjv(rZ`v#o#Gj+*@<_xcsy!!ruR$Z`f7nLh*))L`A|DZqiktY91K8ki=WlfysTt6K& zuE0OZC}2PCZ|?j@P|;93P`K@>_wT~$g1y#pH26QK9@P(>nBHLIFysm(XXH*Kv0jGW zEV#%k2KOG0OG^sDzQoZ0LBO+MH?ke9Rdfxc3!noa6ImW<8rX#t@Vd9w6HaI$X+gV# zf)KPoqeZ{uN6=YNTX61(At-4nA*h!iXjG*f@?XFwq-GQ+7r_^he4u<#TweeTYZd7M$Bl9aEP|Ac{D9PeCX4ip6ovF2IR@#C8?FYh zf#{NWhYCSWiw(iJ#L~cr;6jkxsCF<{ab^L^NZ3e@$Ul(kkiP*Mk@R|hBcVYV5x6@6 zP;jp;9H{~M6iE*tkIaoM2H-;?>8*#e!{y*~@IoXP_!b)+c3H-=xpC3?MH zaY(LPL}rj&=TFwG5-cb={2DM0X5A=pO5&sbAf}987JZF6PRhzrR1@xjJdVnWRzwwk z%{ZRMx`A*C^I#b-U=7m*l>|m#(~a|Jd<$yc1_=A_0%{-rruFq;-R1?`qF;14w%NkWg6?u&{&d>T*!yln4l@mG- zpNC(QruQJ6LK`v0ebcX4SrGZ~Yn*X$)&RtL2p`P{$?+UkyJAi`LkIJe0;?s$USwv# z7hoh%0$Co43Jr#Xp}(_%H&|X+bsuAaCDQbH|a4m~&{hxzv0+^%_R3amub zf)Uj~6T(D}2Ve1`t}UMg`S%6}u+g&2ZF2{T)1npjpyhvUJM){{zSt2A=nT(;i~mPK zX8PfI&5YMk1|@?|wSM6XY5_us!}mkOJc2-{D~D7t5)x)+N8Dm7RV8SQEiXl5gFhwa z+<*|mkk0NSaw1{Qs|C37g<~>DNPSq^4O_Rs)Fi{|lc#oFvX?DnuyVsVgV(U513rh(*IeJSkUA$B%UK+cr3SushoXy+wODPedQQ74r+^ zmR}X`Do+|q>W5ze4C;x+T&orKCr->vAP@D;7WUUKSE>zqG-TyVCnzSk`|sINKkGWa z?{|wgY}m#dE|K;rk%XY^yUN>r1ep;>eQHYnj9N45|f=vHi;s z0}}QS7WP`iY0@LFp;stqe;Dn`sV7X!PV@KyqRA3n9Jx{@mn*XHdytIcecMvjG^^ZVCl0arURt0G`WP5Sb zgSKsEF?@+CVI;hp*~Z8>mD(L>u`7e?T!dwpT$~c@V*ZOES-oJCg$q2u3L%9Dlp@T|g)*$q zFHR*aAO~~$*OK4J-=P3;W%_&HF-INe%N5&u%}p$bkjq51Miupd3f2({1x5v<)mI!2 zhY7_5f$**dhXOj)K8~8=l$AI{91hHt1xZl>-JBvfx{%aCZ& zO5yqN4deYWT*z@LKMn@5c+*CxS2_&Fl z?)nI7ZTLhH2#b%$=sm)4r*t}6$br{Pc_%oaiv!)$^$;kx{)D_aAM!BSXJO&LQ-=!@ z!3z_DSgdMf3^`FNKS!)!=!K!~yA0#m-$^~EvnlVr*OSt5lzVSrklm@oQLGjL6Tm3? zHH#Za+BN&t456@|Kfk@uR15IL;e>9e`d<=c^h4H6rySplHKXmzeas8xJZ?fP!j`z- zC-m~u=~O#j>|y0YB91R>Fdr;Xf?du|PL#TJavmTFsIry<*-Iqd%E)5#*(ib{aoh$C zv9^mv$lt^6`&Lj*#c4}mbGcWQF0xQK|JT6Dm=^QGlxZ^lkQKmDrIJxbbkW`NP0=zG zFWk_PDDUI1b>d%0t~!QNzl*Ddg|{ks?~#5lhtz$v#Di!HY&q4w{UYLSp|+zh=EK6$ z^GfK$@CB0@ZLt#C2t;Pr2S#Lo7%Sw~C~vHVLZaNcj6IT>#U@!w!3~%R=yRb8sE!G? zlkaSZ4#L#XQKrdw$*Cdby7^y3*f4tf2sh`*Xd=e+kwPLZ>VRBEm-f`m%7fKXj1umQ zGSN{&j13=}xXr}CHe9De8veklnvh=M1kv#JaJ3JODEHKJ6-jTNm6CYRk!_anNvzIg zltA!S$S11HA2tMDdZ;$ZiUCiYeW9O8{g_;d`r(uzBnAGZ`cEztI~14OROp`phq!BY zydma>8%6)s8g=-0`innBMq3ye%_c3E67-o90a(!j18q9Fw;*@)_(*^2&%&j2fHW6T z^~A)WYVXh0~hPu=!Hg^aHuuM2yYW|#?!p)c`a`7AbI1v}W{ue^jd zs(+N9O=sPfbc?dvy9`|>*2(Y3WVMsWs16l$PBxutTRJ<=(yaBAYjvK&)WbBsV6TIZ z^0P_Xc;jJjWY_1$w{XqrC>D3#(}fyNJhUH|*yC=)c&m!g$mmo8Cz;JhO={1Y%eh%m zo2w0w0|CLje*WM5qhKHV^7HcQmu+TcW;Cmy#+KPEbBHB!F55W<#ap?=0kB-4g>Y_uijMFFP5YxXZYq&zl(@;G=(ap>#s zv|xA=u+HkK^Is}h&Q^bG`7PlcD)qK#sjY6ix3;ytZ4~P>jH$a1uUs2W^6lfffHy78 zc-zQRe))SJhut6F<=XD4hd~$)A72@BTqK^Qa0j{z_&WV9_%(igOq!4A7U?;phR^zZ zlekxg_)-^Wit-E)OWoeA4XXJ1qL4^+arkph%^6-QPaPC_f5;rR>vgtj=~Qpo-J@BA z<63c|)^Edg@mqxC`aQ};w()zPyGU*;P*uRq>|we3pDVJ8m*pVHfx6r1?psUWByy3F zY90Fa2%H0vwT-GhuLjPrH=ZXreLE*>bHvt`*nn!%5FLcUrC}I__3pTzpFdzkYJd!@ zGI&;7ijcXQ;Krd9(1dbKWE8ed-LHxvN*et~n)#d0pa}L#`ybFd_?MAej7NB~1ZvYFiO`TSS;J466uVGIzw3+RafVhI5yF1=6ZYAJytNlJjq+eL7B}Cen zEZ#OcuwZuOHwV6NvCqw^fR@5DRlB6apoN;{oD`2RN`QL(-eOOZx$A5`N4*Bz{Kh}a z+q4t<}tvyc&Qt z>NOu8pP(%AzXP$B*ff@1lta4J*_!A?f(Vz-Y7N{MR6spgoes3-gCq=wP`s24N z$+LMB@zmv3NP6Lz^t8VJ{l2~a?f)v5q8xu+8jEi(;QaC5BUhI=i}@kpp2Tu-H^^U! z6o%Xz^nex(ItCnL9itqhA0xqVF9FTKo$uW3_27%M(5G+zpECYQZ2$Xodp-Zf+5cUt zwbv6~oP|G$?SB7%%IGJtz3++b^$Zth|7Te|@_F$L=hwPVgn{(Y6D9A>5CQiXS%0V}olHT3~bjbuXWPF(9;B8}fPDXCc zL-zmjrZJln(@k5WhI-3dDm3ZDi^&h}GsY4F~Gk{P{R zFChhTD#bYRiAzWUp=h203Ei1I zbgUiOesv_byK%om`u=Og)bF7y>(w*tP4h_{&ha!O_t`WlfdA5by#uwkF$lor)Kc!+7g@?es^TM?@zIv zf&SGxI>>-; zO{aAehWZ${FdB{-(@MWAr%@{}?cdD`(b^$!q~5`kT`?l&C|}?)&JZ?K1`HTqDcu~P z#osJ}g;u4-_BfR!q>KCk*&kcB0_1r%N3 z_jdF%U@z@s!{n5%X%ygwEJ>}%7~nCUju(?c1-(8hop~i9^O2OcfbN$rrba12c|xiI zSe{Dkn><>l;!J!Yq=6!YN{rr5Tb5WCo5YfU=vcDGFU}Cik1@0Nksh>BgTe3z>!T6s zqIN2`ZTW61d+$*db%%gx)Yq zl+^XGjgaw!Mnd!e=%?2?OKRVV&!C7nrVqf3YlQVz0fr3NhcO~*@&ujal{yD=3ONfzhK4u_c*y0wF6?quO8N6D) zTB<6%imh^L3(*!wVevI*7>St)ALnsPHV)%7G1p89JwB%VYhyO{b~bg>j@rFGIzC4H zTeCmdmWk0>Mb)z|yn~kQv42w6s?kUnQ$3}t$ffR5I0&fbOBa)`8Imj18HGzK`3#5} zN^AVf$QNbx+Uc-7*(z&gK@DaWBx$CYs^~-Eq26Q0Y<~$&L3l^>LmL!>5(y0@Ub8pp zp)7_w$b&)&2zBa5Q^Wy*f<-BY#kj8>p+Cf0G(j;#Uh$oW{ z6ikcLWu&2eabN<3y-yq?9a~X}-;iCb#SKT^+RiHHOip)6!UI3>yl-?6!DqQxsGbD5 z(Ny9aWq?JY#0U6vNi<8vktyX&x63ElBP(ArUmPL1Zahc3$b|9wDIp{)2Yb}@J;_(Rx}yKI~rv*EQ9`awoo$kp@H~A?@K}QQQmm-S{*54 zW^u(bO*VU6Oi^z+Nh~U(Az%nEZSjuE8*-_4mO9W0+h3jjX?5a$06IYw7if}!l(z|hPweB(38x0P34WGEWxOfZ*0?eI)Y^#Bu0QT(a0%P)j)6_7CT)LU!t4~HCCcYJu5O^f`aN%j2&wEJ(M6q zR8oCcyE@V;1>Z$J(df-9`Ab=9QNKXb?iL49VXH>=H?a(h9Gb@}Ux@wH&$!c2-5Fz) z(J@Zr@%E~B-cNtOC{|kAQq4!kdNsJkK@w^Ubh~B0bA4_rIZ8yszM_OrC6C3F$e-2974F24Q5P0M5M9gx1DpP^a zDedEO>h+s@60E4gu08her~OwYrI#f@tw3|vP)_t`B_-mqrgNvCf}k)C(TNvDVA&Eo ze)#G%sZcUgGS%dy@^3YvIFT)42E{}**Vd*4lUVv%p6JhM;(q?~UqbkA_SqG^vi-0O zqDgAvn}w;-Cr85aCyw#6(@Xh`DhzusZV+0O~VhxmmxU$6r-I#{%^0Jx!y-QrA?_TVJ2L3cnW=?f+&Y& ziF%8hV+m8_Np{PZG-X)sC=Z*iyL*dXh)7~h_SP^2zOyL2K#Rq<1$`M z+s(Dtq2gfZ-J_m6J@TAsSp)%;D2WELGbmn=TeakXhp$62f0?fo1aBC&t~&^F8G#}D zXKM0@=3C;<=}eZFVKQMC^MA~(#ffo22nrLE8>w-9v~|7iihUjP$j@XP+gzBz=m~nC zMF^5-m&0D2^K*Y>fb+tYG|DaLW8O*bz~-#8m!A)`fXJ|jj^?C+OHrRne50xrry z;_8#-#^QGRuJiq!3l4M#d2)74X7s82W0WOF3+WOhVu>VgY0tkjtR01pX41wU!CE(^ zI&|~<6?uwUaOb4YBY*B{!C|3Ovc?DoyToN!(Yq4+0~F*SbwHvK7M;-?k}-;e4pT!5 z^>uu-JeVAzFpqU0AestW4&9dqLv9WTEgd9k)d2ilJNyR=qnMGfFN+yY=s>5X zbkX0X>qS#*i;Q7dH5&hA1V%HVi}5wnrL9YcqVVvc^h@rvgv`dt*qe-ophn=n2Aaq0 zV)q5Wjgwch#XSs9?m!R-tA=tj`JxQB0e)BsQ$;!`b&`<+acfly`9eF)aN_S)#|HA? zg#1V+Q+7T~0C5<7VPOKJD6C*9CpX1#(e%kn8%M{mp744&#vCxs5zZecF{Vycd=SEO zVnL*&3TCkwYbmscd>_Dp@rl1QP#G9`2kCXgD%eOuH?3w}#^OL!n2RY#31$f) z=(~NXV`7;gje1l)_0(;;Ya0|cYzmLl2!}^nh&gOlp*3xiE?u~f8MKXZ1$EuwpX4!9 zATXT8umQ>B?XOWu8wy5?fw@+!Q#CUZhq2X@Bb@2q(aA7kT5HTp+p(G@>LDxXL~0zX z(s#VbO3GRy&P*h392rN{>m&-=)l&EaPEm`oz=P>-GrDIqk$P3da zxB0?$G>P3wc5;dLUp3be&`yD5z*v5jjUH5HuGn}n=#tw)NDMhry$j`USBj{0PTw$p zIkSU3c~*J+IX3H|g+x1N@)L8kfIqNW_IKt@-32d(S*mo65CFbLRNO*7#@r+u0kOhASTwWJ@>~%OO+X6? zFlJ<+q0FB{!$(D#L)G3ZdyNi~7`~s}N2!*!_!15+5>dwXRJZsvdIBQ=%(2(z?3qAY z8`3Ka5T;?%1jQ^W6DX~UB*LC#e=&`&O`s__0*;G2t`PC}2Y``Ysd^wu*a`u02@r6T zXeccW0odf^!Msp2G(CjgNBWiXg|4vGs-k3%jk6F$VDh*Vj+(j=7 znKCpmWO9t%D4ysANc|qoGiFnk{ctD3zq}~J0bFekRK*6)BPu5CIB>L4FqHW{!Lg}r zq%iF5;>B!(O+9oY^l+BKg2>(M&*5C_F_NKMz@^H1M4J-HXDUD2J<$UT!ZBnee#LGJ zUan@1i2H#WMh;5r4~U@;1{#%UGVii|alTnIR}c+nu6m=}UjlrapqetF<4)*Uix`vG z*j?pI*8Rq{S{PE8ob=u7gUYF#@xpnQ2@OMzO}U~Sf~sw$$IN!-vG#;Iy*@2+BdlxV zPP&J@MSc}j$q%GcbQeUdk92aDjj8<_qd+{xo7j8UszoK;;nXA(w_m&5B z@!6;VR%%N3%nwM%rX>W?+IeK$Ay!Ig4RF(J8CJd7FCRWD$vXl(x8h{TT{R7(-zjd( zwtCZQEoLF;Go(E@`-tXGp&ex1(CgNPzjdK=I33rl6yQ>Zd+V;az(yPL6g%CqVdcKA znpvy&UHHE6wX{G>i#Op%8Yh!_x1nw`=o542%!2)j&qCqSp8#X~=*X_f;-LD92NKqI zmEutQd5S3*Q1l2xY3vK~gtmQ*RvF{uvH0KP;VyJCg?L~C9#)8*2$X{@G&Y|jbi6Qu z4wOv=qwvtX6pQ64^_8~6xyOD0C15!HsXAzp0xqqOfm%&w3wJxjBSzX;`y|kTiaqde zk<(|sFw%0N95}!+pMcx3i06@?jjB zj!ZGVoL2l(2qlDhBm`%s6wfVh^9EU!1R}(v1xC?T>6RAoPt!Ih%BGu6sa&oO9CeRorR`8n^k-^9 z6Nu+msR}}CXv5p*jSG^7tVtv7mmz#K!Z3ei*xDN+H3OA#ExdLw4g^$Z^2I`9RY~lA z?9L9f$RAD;2y*fvH$_rJ@^V{RSFMans6kek5+Z2O^Ob5XBm3wnT0yP#(E3o*$ZM>T&w4mIiPqRocF|_7oymC z2A7%35q&y?zL(AH{|ejF<|a#vVsFX2XICs}qmb0+3Mc9I1VRj2`EPppBspWJ^U<6{ zd~6fQ4Q$v4P!<}-h!W&~4WNYO*~^gsJYC`(|I&7l$P}=cBTS)`8{(TEw6<5Q$XnM( zFNgHH<3;I>u_EOyc`flX?P3wrd_xLB{3F#gV@*GOV)^}CF1@Ac zT~9G)Y{=^!N0!NsF_SlC!AuTVQ5}??5^hdI6I)42$gK^GvGX1@SJ=A2V;$=MpbM2L zL0jKMn#vUFNYelpn`AKIW{pZgNHFiM@Y^9!4#GJ%?0aK_B5}X^p<@UL733O8f+7b0 zK&Z&CR;px1;PORJ;ED{kJ>E>pWTs>$V`q-NPbNUtoUL#>m6Ak4w3X_CpkM-Bb1pNl0)qM^{-1p4X;kyB+m|-uh99)85`W~%DdGb_dml!gsgG}t8NsP%<+SD>r;XHv)4qLxrI%`D zWySFy{SB=8c{FHB6QzFo%ioc|jZHkikP+Sl1J>0i^f^-`DMJj&X&$feJ}1uWc>wH> zpuE88O{*fdU?24~uo-@amVCgr!!enb=HSb=$wqG`8(z-kRo2j6oHeDLduCF>0`a%A z8WZ4H%#V!OW3@Ntpsi;cctM3F6z7(h=hY^iZu3n$g!1|G+|45*SVL>~V`Z}AnPX&f zOH-=ggK73T<7>j{5!4XM)xl*xx*|kPG82q>B{%2fK3hVO`7O;UrRwes{S~&Id8+`I zx82!*lT`LX!@2}hsE-E);z)#qnU~7jpQvay3pVuvKWZgV*HRN+RlBQRK;= zFY634{Bx5m0F$l@V1>7>CBbksHkxAHhfm*xV}fe?l5$@wsOgl?KcXZLs9sCJe|Ml? zI5zC!q?B>53cIsuma#5{;-u6%>R77$$k&!DmNLi0sg6ElH)px8P77Vp*i4RLW=p1b zmP!k0fF;x<6^}&+8xE>^_5It5s6HfNiXuJW;u()+UF#^OefJeYkGkUg)h}XB1?=HX ze2&Yr+A~1XF+tMQ!z%g}rljNU(dryj!^K=iYv*aXNx$(t*uV6otoM7!8Fg(9br9egCdMK>RE2Tc zhX^Bo*MCk9^V8wQ#2c6;{3@+A>`Idev;hY2(f)LL>e3h!AAT^ewKba zV;$`GaA;ScgjRl(-mj)1XO8h{p4GxI@i_iNqB*<^sb-umGXIAL0xhUR}+!EM2r5>#d?Q zBuxmIT;T3DmGOB#AxlSaQ3xo~SN+&cY>giy#^4tCQ5;4cyS`)Z2|JXVjgeqFC z5$wJvWPB}Qe9&5K>Lli|vX)uLHl4(!W?~?~F(D*e0WyW(zS>uD^y>7z@jun!bb?dxBi?~hIsn0#wOIEhd93>F#R=G2$G0HfS3aeSn`x&0e zQCV}$YrS>8KSVzViFVhVcZb-FV?Byvg{T|2Cb^CBtS5{O$=bl4`UIqAT};KaEKLx) zHa9ut-F|e$`?2-W)Sqatog20@zLqpr6Qa;YM~ODnXk=~_VXA-xmHp}s4egSX^BeP( zvmD+_z4VI!w^|Ee67o6wO*r3>tQD8MzN9fpd1Ppuzha<1h3MyDu5gZ2u4i&`$Efp+ zN~@C+&rEY*j6kM`oO_##YgIxRdsR(FRGjk;*E3~-eolF<#Z0hwk#($=a&z}Vs83n@ zpRnx5&YhWJ4CTI#`38(_MhrbVVy={~dJH%llM+oQHp_jm(1|nFI!q4uV5?bo)8Uz3P1Y@uvHwx@@lFUc!iUDbgXDC zX4Pq8n$sl5sGYUrxYw$9xw&hviwjj09P2?sd>~guDquy9->aL>X^uAan<@fyUk@mICGCoiO)U=l%0kE=Ta6iq%ZcQp?Ru zkZP|s)2@Z!ZtKBE0Uur!`}r&dBIe1KsRXNfW0NkyF_Mf#5-SUGbz}HnXWpB*Kg^bj z;1d0ifmc1KC#FX#)LqV48$#PUg;;iq=fCrkYj>7wbmq=YF=}Q)qZ-ca21uX{gg%8N zz_c_kzU%=lIIj?rm)(2m3E^ege??|p#dxEzJ)O{srJf=tyh-asG}8GiSnas~8Z-y! zYMz^EU~BXXy=!%QvE9+#eGT2L&Lq5vSL4dH5T5!<0HN^cxM$M0CKhB)a#a4S9U&&RKv2`Y>oLg7w&nKvhEZeb;myXo^ zbg|z?jDUw#Y?c%EBubPLf`s|^z$A&YDN4F^pa@|BeQ{o);=Ikt^WK4u8$qh%>l5y2$Fhii4XDcR4bQy={k(y&swS-=|MeDeovJMm4uy~)O6rR`7b$f zy$!3>UL)`TL+s)2lHj8cYsEe!EUx`$PLC-}F`_$<$>^<%Wd8QITE-%lY%kxe$q(wC zEp2u~O_`cfducAs_QH1xHB$x?GZBu4vL}ciwVKEFW9tdDs;PO8o^y-E#P-Q-;gvi2 zo=s~aJpJksooT&GbAA1SR}mZx;6_rUV8wsTlX5gM|IMg#N;XiXM+*a9Ap3GLyUC=3 z0+o_l8;Hd=()ecwy6BQ zk3x&LZeknTLUT5R;DSTx=LRs9ZK%MTZrm*e?IL!>Te(hLh`+goF_mjvB9}=4)Cxd= z$1e2%nCF0Q&3S@Jr(3v;-s?2@`zSf3b9pnQ#l*MME?W~~`na;kZentBO{z8xm6arg zdn8xnP?CKf0glbR8BN&>yyYMTghm%U?0RT$r!g=(D%O-vhQK(s#b&%M1U1KthZv_D zeKt}_0e+ZAgA3|oH?e8-?m*UN8$G@;^oG83E+(a`Qq6Zb`k|-?>Vqww5YJLg($L>{@OW72%ykcXYex3BGB88c8E*g zmQOR67f5Ca$io_L+K7KAM8O;6Lew;MCDYX{Tz9`nXt`SHk+QfB?BGpF%Oo1=G&1Ej z*K9gj_3RqQkxsXU92C*<7#JsaHrw32iDyYpE>+zu-mBdmT(!2{#m56@GtSW-3I_+d zW8PK*Q4NiuI|BIRU|RCH*3?4~prS8?R>e$Tg5xWUf2^Qix3efls*{#H9RG6P z_=ORl5BHtpm@PWbygbC`>zJ&|oPBavgvwE}H@YDP=ekfpisYQi0=qPz;;UANI7bkBH! z<~^czU<_iv9_kA-1G3Hvw?12D1uG@zL=#yeqNXs$!_y$f=!GK^*F5vU9i(G$x-@@w zSIXk(CHf+0i1K&n7*ua;yL)F_?&%)N!!$)h;BbMHj2lh;J2XAy3($+pu&3aVBae~u z%5uk<8%2ZQpp#3i$mSO_#q;sY(2boX0?}q6kLkliQn!hl;;dq-oGRc?ek-6j-0xST zix^>wQv$|s4sYinZ)+uI;S^~%2cXIV?I|A5RF;QAPIl$eUsZSfhX7ABL%0jcg`qql zwpn*@@LcT2AiDQM^Tv>Z7C>go2f6dmExk` zA!Qr=o*@>CYpZ2)XKA!qeYvBU6WhpFI*pNoWJCG00ZTz57kF7is|YHECZE03*je14Iy42QGA4W8zh>>(hGz{8 zTA6F9gir3O?_`~L1cDZNsq;ZhPgM&uGiN%6$NyR{zR^=M{Sdty=5++bdCTI-%W>Mp9&;b68R8VP zs;bh*7Zl>yTE(qdZ8XOo3wsFN`tczvS{eWgrbsAXV{)vna9}5KD$87K>l7hhi+9(> z(2ASf%)PF*IgM>7Dkn30K(U0PRTkkFKcsKI+u(~CHw$G2GIZ=Vlq$xj+L%u5%ga$OYnh_l!Vmz8SMjBL5RJi6vZgK4{ znLO(!GQx)0)ab{Exd8MytJKl9wC=IYTzMmffBxA=lc7j-GyT;uZOLkK+t;}Vt+-<~={Q1C+RUM$)M|uI#JSmf5sF zMLeb5P+*Kw$otq8Ddp57qu99=mH4Nu_2B4nb{n-f)uTb?ATbx5 zfGm#u6&A?JHaq>d_bg((XmskaDPhnkC(b*4W6?uY!33CsXe?e&`N@f%xzDw-hGK0z zuMItZJto3J9%b+l`&svOYNkSb?!i=Ph@7{T(}0y@Gza4?@?eV%TN+N)U}cdH6Aio$ z{j-egST+zlvy$1;b?jSq@!jrVfsiwk-A-d?^X)1QLE`yL%rZG@j=VGbT+(+f6tph54M??6RB;QGe!eChB@Bw^pQh zcLyV16uC!-epJ5&@ORNVnvLap86QYYNXY!oBNI9ZLl3T!q*-e>#F(`jc( zvjWve-~7mw*AnL=Tq3C*4Vjl-R}mwx#rsnlC!O-S0Bw_b#B`54b*_PPkA&zViF327 z&TTBR*i>aqB_B^SRmO-M5;ZHy_1#wrt30oH;YCz#EQZPPo|xH=$aUhY+!W9F44axE zCNoz5SGgL71XkfTT1Q^;pfNUq4>@^pB;lm;+^nOa{T)3pcTD_`604dx34WhI_6(Gx zYhbQKd4kOA{y;AU`yvRA6wQ~icF7E-YAd=_=32ArMT$uyx8CoNTPmK%~`6W$_lE{ZP&a79|p+YlO^KT;eFRwsjkK?ox?&yCb$_%4NShMCMjE#!9c)v zkuE(Yhj}aB_&)$wK&Zc4FYpw%qZFhdToyaZLUR>7h2WZ4EG*h%p*TGj+hYi!fK6Q} zMFY}x^p}m2$O3Rh7No0ZSpj$!$t%)26h$-BD!WRc{oDpMt+BC4Pm#sL7-;8&mS@44 z)JKe%(hy>lc5VwIi}s;eGvNhV7M@A#w^AgeiN$}4DvG~BA5BUvZ#1aT2->Y}HmJ1J zP<&SCSWq!V381e!%HN?iC{0>Xi`k@oNSG-L)qu}}nlJ>TV#3I>?Nx$6fl&q)K+PhQ zRXnSKH>hd!Fao$$aHEBD8W~<>Yvm$~RWne`l2kuMgJPr%EN)O_QP(0mtEDJg+B3q! zs6`V$_Lm0%D;Y3*IS4{Y$&}@$3P%t3Mrg%fFvpL2Wx5Pw%DQP#@dD&vw}7 zp3P?UrL+3?Q0=U3xn~p4ZacdKWh$QCD)oXryNCUXC(-VWtj&AbHF|3<>o4myeqF|{ z;4SAOS+A*X$}vE9?!|w3sCk+6M!9XY*MHf^7UJ0mxdyr?95tr>BV)jRJdwx7bOZa3 z#yX0n^xT2lzMm54)*Uh_G=8g0srUU-L#uMHJ2WwE4XJ9dn$|l8^s>XV)vxb z2m1E_-9tBT#^)fOXqw#_NB`4Pk#{%ky1Qu$`@H(@rfBxl0rokDRg%o!xb5zy47pBf z)#i`?;$3T4OX5D(6V6`8>Y>jW?9OfM%C?Vn;{JK87s($-Aer5XHtbr3K zt7%uWuBPC>tsk!gGFV=R>}&I{rm;*8QIwwn_frmrDBPcRbsz4Vb8Ysux%j>nSEH{* zUYo`8JY=y<4qMrEx`Q${>_E-4D7ypd-F*YP5_fFH zohj5>mRn*z%OsI?bsv76e=P!^cVFGf-b!toi+YpjjaPTcJ(-Ko>6D8C?TNaY!rGM1 z-j#;lQBNtWL@MQyz@14fH$^0Blv=!l^#m=zQx!XabizlLRZ5Qf@WNp|%b8>YTK5fS+ zMd8l*cxxo?r(R@V-GeJp=tDZqIBU-wmZgJ6SZduYjL$aK@2xb#s40oz2xaX^q&Z>j zh?M7UHf8j{uY_|u@C&tS+doDtiiH7ut+sEFKV;~y^j=Q z&q7X2R;W8{PcMt6r|tSAyQQ4~qRFDyv)#`IdYrNmP$VylO{U#7w2w1P(6OY8(9e`Q z!J=oW7xV({Y7ZvuhSytFR)|$;TfWEw`a*f76?Iayd4SX-N=JiARa&+;!X&WW$tKoc zyg@Z3`9?%VR;iOeo=q0?LJz zMJcn?ojmRLWQp5Mv@rp{h48e^U68^OMK%Pa5a>x)KqCSv&JRkCV75y8G1yqsRx%co zuQEgR38ZZb6lp6`SSH28>Db;~Qr7gOx>Ja7qAhhswlzUVu}sol zlD0vp43FULY&t3L8tRsQ6ed&ftSIlTP*A+4Qs_fH6*c}6o|!c!3b`82!lgOrh*H`I z3XM1Op)C5235lYSlT{@sDYA(+tJ3BXtw{4nc|S13lsrLeraYSz zycozf)aeL6Xv=`W?i8g!Czcb11XL6kOSh*EquCGDayBLu??PzG)1g4tM$gmth?y0>F*>Mtb+10?bVe=!nzPS$7@S~G3< zZR+OcFEJ061BW(LhtfP4EG!CC-uEJJj&YHgmeE2spuqTacV{W&o}++smY9QK$N*+b z(wqPbXcrO4%qnec5#8ERPC+NO5y2GVFEJ}hPOF!81rdT7X=_a&B}kz#Nr`c?7=A(3 zkFZ}4E=;?CR1{ik3h~v#a^p1`VYg;jR573a1@IK-#tv3t}h*R1_#Lbs!OADB-S1fr)JI6%d~o zkk0DvJ5>q1Ckh&f6(sl{Ew029ka?aZ+q*wQu*k?dP7 zOUg{U6$VQzU1MPz9<_Ro?gA&^wIqK17n*v@L}*8(3s#cV`l&I$<(J zO%oQF+0Fw6Mb3r_EaR78a+9{-N!#f}%E^GoDZMZH-WSB6HcTerMuEwYRb(_XW(AQo zSsP*r(MU`Vd_}9$S;3z}SQb)X2?RXaNol`Xytl}5TcImxfgtUzwotZLJujNAKu^4t z3y|~>6YWs62*gVaA=VL+T7fZRvXOW)F*wwW_wfw9-K8P$leCgPDw4>YClGahd7*9Y9-c8djl*+E{vrwqHx!4VFE{Kzx|k$ly_-}6QtdGlyV83=9P>=PzGhp zJ4?DDsJd}1l-DdNLkg0*qFI5NP;1Q;7mWr6NDQ7blVZ%kfl;9tVqpA*^5mh=iX0_0 zr@os+fq6Gt=EDkl4gFt4TrI(l$;?1V&rrxK^!*@W4Q*?+~UswucqW96Ur4 z^OAxk@IXrtC2gx_?1DC{iLUN!lMmZ*td#d5L6R`nj^qndNkRRbvFk>d|rL!f9(keH;jkyT{Lsn9W~RC=va-bE>GXQcRiXo}2-Yi7)Y&4{!=mL(a} zSp%hwuq;Iu@J~uoLxPX0k%Xdz`R?am=Jg%T2}EM_)Uv^$h` zBT6cxnf)HfXiZ0(5oix#FG-(=_Dk=b&auQi!zFbRB9gcjrK|^v^#x*p(M#JCMYfYp zQ1v0&A&H|VX-`{mq43ao1>iOT0_%&LG)jFXRhssZ8Pt@-gwhAG)I}t&^|a@b(q*}L zx_VG5=^&O}o7jb9Mg*7zqejrv1_D9P85GQ@VCk8vI1OPt&o~+}G}W17NpGYr%Od1T zUm&@Y(-4pmC+*D=Su8*1LE?I9EmO%TNd}rm4pWxikak_bLSdss36qps7$Z>9MKMUi zrG5e>3*dTDk{nBjl$yxb9HwQOnSnNDSShQxoiZ1ZhCJkur-~l#*uLPTGFJ(u+B9qBLU)DQA|n;gky#*tR@RPbps;@Eu49HIz6Q z%lrZ6sU;E4DYSH~f|ZW9;3%mnM-xcN(ebUNiHAt=rsEnY^EPE((+9dp$lDwLK&zt7 zdxW1_+8RQsfanc=5-S-EwG8%WD3FnUv=EaKm6U>z*D=w`bsr-!50)hiES6*9RNAbf z^5NOWUfPI+!Q}kFe@$8@<1|9=kLIcwf<#5zT|%ixv~Ag2!4qQ=V*Vz3O1 zDamk-C!3P2Pw1mm*+ANo2$h5FG+`UwNK8oEG^A}HTwk`=g(Gc-$k%ElbYrOxm1HZ1 zXjxuFJ*QPmMw40E5T+so!fQPwE})Qh+qf~ir5k1BWOhGo%XVk`r<{G!GQ8Cc8$>5C zYmacA?fJoP7-Wmq+?O3TprUD9nc#-ADbM{3qX`H2PvQQxD!~kD97K2l;Q${eU zJjb|J2pOm*s|VXT<*t@g02Ss0;*65hK(Z+%ot>pTV73fdUs^Mh_Ie9rNds99b&j!0 z(M+lzzN%UBN#X^dN=oZRxi=+-!i8xJ)LcSR3nkHDi77-V`Dia2I!c+z_Pa|Py2SvN zvw)*C{xqA05SmWXlz>zu|L`Jd)1r^UN|VVAl~mN>lCwkF@=ED6i9BfI5@dM*$OHAU zoNhYnaFR^mkOq!cu*kBpkd;hEsVHShpgqGRokX@PS)?OWFiezBh^#E0?Q0^79ZW~s zMCjrsZNy?`gtISMJ!Y*jKr)@BOb6mfizyh5V2M)&lRHbH>B95^Cntr3gDiC&9m7HU zH08_>-A7Pf43moOCf8YwbPkG^nZ??VTZo+4R;O;wEILL&Y|%_)2PrTP22()E(!(>= zK~P#`e~8GEsiI@OB`23OtWMoHmI;vMeWPV83z$O)GpI0CIxdu*Yr||c$^b`s1Za}zOavVQ(e{Q?k{3 z*lu)Ro?~h-o!g*q#f}s)wdMLq9v(GpJJQOCU<{`I7BYvdep-{1Opqy1Rf;A&JCz z+Lehh7irg{Q*XbKe&e{-q$fhJV0IB16=t-aZCocW9A#IuauZm-zgCRRfS0kYoT66k zLTbYRGiz>3I)uiXbM|FXLkT?@q3Q!^!tfg%0Rj|u=3o(bcUIAsZG%yIgBg7w43Kun ziZK4E6_lM4)XeLYWW2k2Gfp9G7UZEr5T6fa;-C2rAzu9??3WY*TC7A{FtbhCEOG#nH?F~WEfaJ8k(ZCE0_Zrl8b`rirqP`Lf61*iT+&9Rz3|>fQWYrI1y3%|!OU9a zq&y~~pB@U6-YUs=ZiM98=_6U?lKCMjB`n9J15+ebj2tM;>T#12(F~RJLADnZO6JGx z5Im(5l2USrbjlJbCoEZz$T*+EO7fQF?KTCYPT(gH(hB91T!Hi(D(5ABMh8Y=;+&iU zASk(3EDLfgDeHz9ELbUFIFtQ49c@v^oh)Omt2cQkg)mOa*2A$}*(4kd_n3--#FLD4ny}s+MdEV)9UG1j()vE#znt0+a>>Sju@L zx=O+ZO_0?zIuVYv1c`N#Pi}x@XsWepvp|R7aC8`(J4@Z^&WlIhNO&@~>eCD1$vQ0p|bW6wGWf(aB~US^-U}*iJat!GANjtbTYGiz&e9Pr8beP1(gk9&Wd)l*hT&xSdb8Uy(ITA zY5fNF0EHNZN_5LI#6x*zIqXz)%nDeBl+%G@iADs~V9D>@pCyFi*ojY8Iyea5tjya4 zZpsp7u&5zYF(?zgv#-cn5J*S;00(=qUD>XbwGNYQl5#KggD|GGGfV&nNn@ehYbq%p zfk?@LIUtMV(xWt+G{qzvF%mqpb0myp2>|dYB$vvdw6KBHP;PyeOrJ8-s4bEQij$IF z`1YlAZ=#i?JyWNGFqx`R(y|9Nm$?)Sw8$f^DRRsipcE`jx!{IK_O!I0-$@{2LT^?G z%(n(!;7|F{w37*mNZN;JmCZcaA0eKJ{8B2Yrks>$jAPOk8VitxjUaSWt~<*wOzS|D zwL=^(DW!Cd0qK!u_FlDxIj2L}nM;9EE+)tTX5&+A6f9Ym#aoc`yof|&0(t3}L}6|; zCD8|E;gC|FxzQ;xa-alI_e(3Eo+jg+hckT1h;qd-|J0u3t4N;i@Z zB>ePaMAePN78uJ2mZ1fhP9a$A1WGU@DfL0i!ITh4rw=kmY zkgQ@W6C60cNNoX&BLj|Q4R6(!As?(M1Kq82ViJV zFtHcqcrda2KePZ&bPv`n;UFEJ$x-@w6Xdq3ujFP5qSb3ypG=m!yG!OVsU~_#cf--q zDN<@8%7+8G*R#Sb#Uwg&Z288-QI25Zpm?3$z)mP*SO*?r4FLu+gMd!A5KNv@S_o1P zp#4hvxU)xV&Zp@(e`cg{-3`n+!jbI?I$}q=sW?gdC9_5RhjO#zK@ zDg#UtljIzC=a_&F3v+kId@7hh9LO@h8@kcBVXWOb<~WnwMdGw+Q>S}}X_*ROP>WW* zG(5CUDzcoU0(m$I*(vMFNE2^ijFc0l1a^|4;sbIDfU4vtdBG(!*Ilv(&Hj=#$Pm(* z8>7`h`3Mm$uwoT-=9mSurO>k6y6)^q02e74A}8e?6j`1agIZ5H(RiJ|w31D^>~uUk zs{jMSP6NUca=buu8!``H09jRMpgXk`u^QdCZ2O}j*Gg~G6>ZWA~Z5=GF^zs}dh5mv`!D!T^ z4F)Dl`4HXZbdN0gpS<*Kq(dM{-QIU%JaB-bc;L!DjeAT<}}4A9ZyHgOaw ztD4;Cw!@{U0SqIZG02fmyt^|e$uq5Maw(?2Hv&Y}%b`h417JWyjW<%oqtN7fd%l6R&_KM_d?vS4!?8$}UE|WvhU0QpUix zKqZnJlzkb$k;nw8`Ri!p^pr}CoN<9n-b&6}mKC4ajJy^pNj!9&a&h}h7N(TEO7xY? zRyGpk^@HxI&`BxvI2Kuft}v^>-6(c*=6Z0_$uVZ26D@U7%63euly6aFN%qk)Izxoq z7%IXWQY)C2fXcf&lOU4Tq$tj#7q5UlqnFmlWH!Ux4YUSpW=n8>B2!S#qddVjXG8<^oSuu=l zIA_vuX@Qg6uF%%V=>&XamN2>cICk1;t2V754keA4lX9q$u%YHidG3{hIuhEQW9w?{027v?6Q8Xf68$OyndSq*KodSd zI`e`ZHUia8QV+b0lezZB$wBNi6L)qh630s!RNY~ykj5h6vs-uOlk+D0B+W-KE^EZOPW5lj)?yfKq}fa*|O15*>%h@uHNoRK*eqnxx$PP8_X{`%XtT6e~d7qLmhm%%_yE7pL4Z=dUy`UAD z|BPo-#QCX0v?k{6oh+!lrR=xd5Gh7!IN^0$jyQ=)Yam^UmJm%$z=GZ>bz*mCcI*iy zf|3@4N&DqlPZ*PB+Am|q?9>AegB3!WKb?!kQBE_^q{S?PFNta^s#UWjg3w>UdkoA- zlM3bt=VUWGZM_GDC{bq7HyJNU?C;6_THi3@J#=?%g?ZtN2Lh>crBG z(pnZ7P6C zL55;1Ld#$B){9amU}`jaLr4mWCM^pyDzST-J3?W?6D@iqt^Z+QDJdi2F4RAk!jM8w zn3^UnTTM_%>H+j%I_hD7q^wIRz}xa1Tf?EpF%&~t{y&bL03w*^)OSjoO;z(B^WugX znBUw*N@6T&6^zxOuWk|n4rh5U+0Zhz!bDRgSxFP5{MT(+oCOOz)f!Z7$>%Pu-%5Tp z7C6Wj*X0;b%3Vo{tJO~mL@~2HN@@_gZe-jdfrAg3N_ zETV?i)##iy9j)ByBsUYjcGsF&%nAiqg%Y2TLQ9!Ik&_#W64E(IMw+{pOh?E;$@G%s z<^-OjL&u;D1yjmp< zH9n5$jEM=6bYm%pGAH4g$g~NQRZ5aBa?&Eva4CKXOopaTiXm62*{O%Luujy$mf^K} ziqeCkLIRpRW|B*sjx(acq7=Wde58eG789h?u@m+jZ0rX6Ov`i+Y#T3~ZEzpsTfID#uyiZzbZ%fBP(mJe#<%?wGq|-^tlZV7tCQOj> zvi9dqV0kJJcIJ}At2p_YDf2JSmar|- zxmwn?bWXI6j4ga~_LZ|>veOnh9_l)I!+||Cuq=Z;CQlC7W=w#itf<^nCn^4j&V!~- zw`Igg(u=&KWT}mz^QQ%xaV5`iqCe$YCQihH7UaB=QzfLOI6Crqs99_(4G5i4j{c!# zA=29^ASsMuam*&#<4A{WVPu&sr3QqMYS-q>B$pCsM2_FRfN|lcK~ll4p<7 zVd5=heX=tc1zJF$hNa;C!nDZU{+C=kj z@Rybhn3bc|OF2O0;Bh8Cp?Jf(4TZ8VWyj~H(;-^4!p2cW>_i=2M@wgV3jZZO=wY_d zv5%C@mKMSTKzbo8{+E^k-8dhf)0m{=79gy-p~FUUQab&%Y)*JEKNBbA%qKU!S(32K zl&s<;343>qL>;V!v@8DH=VbU{q>OBNC;3fy&M5h;3=)HPlP1tx z3O$mNsdG|RWGTKv2s28um>tl>v9#ytG|#bk3KuOCZn9&+TUz@T^i!-9oWvXx#IFc_ zrb^2~)JooHMKg%5$g{(|>g2O`Vh62}3}n9a@fJ_d_WnHc8FD;}bf{QSidJQm2~O%0 z;6Gx(@R1{=02V3Rx(5q7H%#tj9iVb?p3F9YifzNBWlpq3WJsyzKxI-|eoj(QMQ#*1 zblKXWhG*%>F-L5Q6;?{GO$%z$LWgA7syw7b{L=AU`cQ+8bQHXSR{3~|U=`Bx{Qzkh zo_UM|4YXj7hDv0_NpWO8lFx$ornJyL9#R@~k;PZ>W=V69wg8v}PRaq!=-WfXbIfKp zO3}6bNgj144;hU!?TdycFq&r}f8ED@>+PbpNV&;H4`1dEC)XP!>Huk67(Mtjl@@?R zP6`R>C1`_KWEF(qkpz_#w$FBC3l=ccVDRWbUeM}bqJTN#yX1J|$<*S51ls+8_nW0d zU_xkXu+m^Wk{HNNqlC#pLDK9%6@$`jp(Cg)EJT>9AoOQ9@X}chw5eVE$BuZO);^DH zr}zn_mKUYpcxexnLE4T_S=wp4uM~H|>yKpPIRj67zg4tLm|}H9&9K>uQrW0!n@_uu+t4L*_bn1Z=BgzilpsnO|gdd&GNP2##6s}6`G#tsMqnHg$ zb{IryYm-6RBqSZ-#CDySC;>ek>!dZHL3Bz|2;1XskamoVg5(Th$7<2O7Yvn&tWV)c zn!(J%bm+(^l{V18j-*hrc|c{%HK65r$r*={pxsk}7INU5qyzw>oLhjtX$5BH(}6^^ zkqgZ4$ZoTR4pP$7xlFX{oK8R@)*EC{Gr7XE-Bz^TM!)eaLJmxt?Qj<{U=$3E)@zTX z>si>8neCTF1Eo#*(vb%uo%*As>;+0C-3i+VT{p3VyV&`;6qQJa`k0O+lC5LX%9#no z5P9Bdm;P?(dB7VzFAX_M%7C`e=|WmM+bV>1juXc@lC5V)gc;a@U?Fr&7>1Q+839C2vEbLo?Y5Agy$f(}kT;Y@#znrBebv zo@66TmbTq6k38msoT$VlX{yX@WnV=hI97Qhq9}J+CvT(^r?|0bhi>w=8|VpY+Iu5N zn-|PuemOhAf;-paNs@d}Ye zSF$~Nw5}T}oyHAgo}WUoV=RJ#;tQo^dgk@Si$f*e#`(x=$z*_2Yz8eqP#~Jw5Xe}e zyeUVeV5bLBKKd|bX~^@&JZHgim9X}6lY%}9gTtu%+JX7pVI6C zPf5YY^I$vd~NDe3fB$yLSh zjYXBw&KZh~ly^^wa-g|NV-Q)?1O@C+`zgqk%rM?)BsrjwH+4#9!}$7uDOs4COxiHu z%*k9@CoxfI7xE@V*#~cBVd`q!B(ROAfl^+63dbfNv(hX@is8M1S~rDO?;&qE`$&fp zy0QI5k}@K<8}vfL1_&@2V^0nu7Vk!fj;g4WL=Ms+Z%QQ_njtcsP{05qFm}d?K2Ub> z`O4Aws&3rJji+XI96Lqu69EN$O@|g+*`kfSRY;Uh`(`*!-l{lQ<{MIu zA*GoKYj$df#Mj8`A-!34^f}3Ud_|_8LqlYHrRZosy|mp)I+*}N$9(WQIXa%=ESbVB zGI=NM2xR;apE{RWKEP$ud{yK`6fq@tE98K zi2kK0R0<9yJ`XB`1q%L!w^1J@yaB#JIgldon7iJWnZTGCc4RyIpExEo9-4FvnjGck zF<9EV!Aa*xIr}FuU(pDvrWhr1jDezyZKNcOWWckQDN933T3Zi0i znAu4veRNue*KAu8rjDK4%{JbV<4P&`NS-}k3IE8yD20VeQ4WGDIdDnt$$`>bh;;O! zSxFY=|HIpVz(-Mi@x$;P6@)0DSO5!-K_OrY%|=2LLRETEKm|70O|r1r4LeC76s32> zMiG$SYv`eih`oSHQ&dozh>BfN=RWt8J2M;jJ@4oLKF|B2ux-knTh2Y@d%j2An{i}K zaQ&(Mn2`eUq2OSgVeCdU>$2I%$yR=`^R+y%_fUeuaL_c;po9WC%mUbxdBsl;aK+_Yfo>4`!23nMqXW4NJQfV0s4b zpHKtIhx=5rNp4Yp5Wy-Yr9NZ@l1TkaiZ>~9m4Q*1LS&=}c##%=A2f!i1S9!o)gWumezjqLsoU#>eA4R38R{bVghT3R*u_1XJsWqMq?4%TYf_SBujAP%hSnYSF>` zRLGWZp`IiN&}~=k0|$GxWIMGJP#J8qDO)j!y4l% zGN%X=aj4Bhtqvt;!KDQ94boLn2gcX~R%}EUC1s)DI>-k@uW3BNcUm$?hV?{?s%OTV zfhcE(``O1?oR<&iZy+rJFCG|dke|Z)OBz=5gAIm&y%v**BtzXZ@UfWWUuvq!Q%HQo zrzbN2ndBa@fCMQMt}v7XTU0WKp}75iPGL7WdDd!4`HxWL2z|mgXC$sVO`58 z_(hrV#PYEoggKI`fh|~XLIYJjK(a~6?!|~`2xT)&$y6#?Zcte*%+X`TisiAsPlwQ<7qkrHIdOGWOVFps>k#WPzlI9=iYGqz3VjIRUmL8}Ct5b9G?l z#wPVSf=~c963k^L1hJAh2MJvOsvjBaW1<=7?)PfifKwc@T`=Af&+;vq_X|I#DqA^_ z(WvavxVUBrP=FdpAji;olm;XKSrNa3*NjgG?-J}wOfUn$?E(-q{nX?JCmMpX)pIb2 zJsHSJFqc!wagd{&t!PoQWL!l`-hp{RY&-0YPc4WLG9xVoan$LN{vq%O_&E6u{BfAo zU7u4;nE}D-!t<87FZ^c0KqcsM&193F5A+a_W2jHL$<|S(STT7%nVet|&x92w^Q(Z9 z2KB>KrX)z^N77orqV~1*Y7jvwIIv0$EDB1L_U9DGGAcd{htO zM}x)+)CSdC-A>tb2+PCbwd(%3+OYjZjKW}2jixcNSw4S+Q(xl2kD>IOP#TBBIhQak zje{tCfHEfE8p_lm7L!NlX=!q1r-@~^!=T?&oHH$x{F5P0hca2228 zNharIGwF}T&*Lxhk-o0>jl6uUf=vDa2=ic46{U}BFYUs7F+k_0W2Sv@T5CpAt?Jpl7Y*(hN!dX=zOGm@}DO+nIuj@Zu!5nqS`0Y8ex z94hhYIler)A*C&w5G{fA#`DR9pgN*oK?;Y{=p#YjnPQnzJ=j8M-}Yb8STGsSpXQ|fY}XQr2AHc5hbS7 zN_OIN?QW=$gYp9BV1tF{0hjK+jZwccO$I|0B{JBj10w{$ z#VVp|V2R-e+UEeJp=5OyGV1zNt3y};JBYt$ zgO>%qM-M#cHQL@lSCK^t1~~2zy|FTV=-vuwMlQ0$d{OqtM9516pTV-E`3DMKzkM5v zAYefLw}ME)z7<)ZV5r~w0Z}s6lvnMiaFh>B*FrF#AOHdlpzKsgUQoTaZw&+qim-o( z$Bxf~d4!Q2@ViD}J|j5?R7VbA>M6(sc%$a$zKzO&iGZgE`wi2JpeQ`7GO(|RomWXD z>?a%#)lZRp>VJ$Q1mXUu??xb*vPfMAszJi_0IU+s3`W^6=tI2**A)U}eLk9|>ZpBd zz!B-+w-M4PnI8kz9Y$1ulX~Bp2!y_~fb&MJT#&m;?*V;T83@onnc#^5W+#B1WAeV* z4}CQLV0S@3Vlne*j*rr_BdDCg>_UGhpbu$0IFhqQ83#qkGmJD~gMmgGD5DC{-;LRS z6lel;%Dy$g4vb9M0bIU0h3fbsI8C)nEmL4T*6hBPdM33u4957(zV$wcj{w}615o5| z3*b(Gl~FmqXi>_fT9<0^0$iG&10YAl|4b>r0giR4c|iT+WA@#W1Dg+y047^_Jvj2< zWQPY>y~1Z^6W)1X8Xe~__W~a;u<0Vt@WC;B+%~)>a0}CQO6fkpe2d5P_0(Vby#$$t z*Q@J5Yf9A-_!*8x#@^k?$Gc6nWHhr7?;=iPWCh->+C#6~;7$jJLz~qnxIgh9@1)-k zK96l5&-X6{c3@^r-ozZh#M)cJJijH__VsvA* z1Fr$+Z^rY~b8-7rd*~SCP=@wnJD`2=4Kg6ZeI^|oi~TeSMgv;`{K1=4yNNk@GhS^I zJ}33l2K9bC_t#DwpHlT~CCu173R#d#)LF<@tlsU$CobV}nRH+)@-sh=e8n4KoRIZ+ zBlq7nZuLlHm)@n0q4Rh1^Oo={%%0)cqowLvI4|(K$uMtl9uZSCayF~>mLd=AXySuC zx)Rt~kBvcISYnJ_f!~)PBkE{mzg?|%`-#MEdvqbO>w*RVT&~C#yZP7%=6rQoXyMF> z>eun=n@zyMs(vRfUE-WwhG&llp4p>|)UT`571tu;F8y7D?6Gi_(a6y|9=KYMZaKRB z=vLKcye=~UkHTNz{&3ZG$N)TA9kra>KkDcvWS0f5;4#3l%S^P(fL9mVrG8rq9KFy| z^|}?AWq~gi*>tJ>&}!9UV)0$CT0VxKcLXrl9vg|=ykqcs8<>@M1u*2Q*LBQTI}v*n z*l>yCcm*)Y!nw${3umr|{!qs*LXP4I%pklB@4ZI#&^GLcE$Y)IzQ;y&&S>gS;PJ(? z*CF@rGUB~ecUz%(c#)lV3vnjnn2wmr){JYTSV@NAhqqT_pcO7yzFXJ&C3(tf6%`0(a#vuRjT6jm}BKVKN|6RrZUBmwg z8+*$LkyK3Hf$L+V(s4mqXeGhnVsMo9bufcz>#^3ZuepiA26WFM$Ra44| z^5RIh9W!UvXX@WB?Vb%_kTFFAI_@f#TkxTZ@!I$iak=GG!=0nkM9X zLZyR1L9Uyf9f*?83yGyNaT`~b9GmsvyateLG+rCb%FaNab2?IUfD#{Xa<-1zuL~(G zgF#Dx=tbDAMQ)2=sF>_I;_MB9Pbk176hNB~8G^tG#xZ77zp;o{7}#J7qJa3qEa(q><%PDGt%ua6W`I zka(+kFoJQT;$a$isl#s;V%orfZpMbCrI8et9}HRWWm`UEi79Y{qs%m*G#JELDP;n2 z3jpa?hHVHvvdo5+mO@;gKwU__M|B$vYO2<%5mU{8@GpD=mm=uY;DBG>!jF`7VaOX( z&w`k`f?Q=Yht<^Sz`-;#Ia{^NN~oI(`a3>OUNDEo%NGWvCQDQFDU*>HQ;^iv!fYC# z<^%JyC_qRyF#o}s0)a;e9YA2PnEZ)B$5RfxlWO*WZ<=D%K`RfrYT%dvR#{i-TC-4K z5W4Pt`Q&-?Yaoh+xNUGvF*}-?NZHxotAyYdx!Kb(gB5-!aIt!mq8*Kp-h;shM%y-x z&(x!gk-LFF^M`pe>KK4>?px*yT5Z(CE*=<(K>W@}7B>TNEVV$8;3p2V8Q}IUlr9Ul zH>AiRiou_u%nwYa0nRwMu+^M#KH&JvE`$rF$FYlDo0gjI2tWn_q!lyKD+FopXy#>8 zReQz)2f*i$59z8Dsfg2%2Me=oU~oCU;0qD?Ez$-u4uI1w;!_xuAMm%-%PJo-pxTBD z5}=$4I+Y82HpRWz33>Qi#3)1A>qy4>kihiIImCatrm-SS`Vr%2YQU`8xN(fiiX&vC10HzRzf0db}E{<{cJWRZ@G%zYT7)C4s(w`9qC_~F< z1}_y_8fAlYEG&7KGw3=^v-xpaK#XRv||P*}D#5dxRr<_FD6H+{Tg0n>G*k^RcKMfog)}#eJej0g`F#; zW8ramL7?qWmKsILRgW>d2KbX9YgSDlqA*j9XNOlmWNQlm?KsmggX|@clOKdWN^B<8 zLiSo3Fa$ur0}?qkg!F+uMklQl!q)#7I}1%j+9Ra{yI=jjP!8<0xp^AkWC11x$(;!s z9u8n^q%cZgEm#IR`a)rJ!ozS%8Up($@|2*VA_Pq%g@MTP>!MdOE7#O$5r2}7i?#}6 zMuFAP)B#*mM-rPL59YYr7sRY4Dr%)xvA_)Zv6QBrWnxEKyg8&I&hiozvv?MT<9UwskKIu9n2FPf$k?Ah4TX`Fe)5LT0{oIFh&4`5Aob!h#O!O(us6R2hC09mJRqjushh) zyH#2?fEz%wYRd>f(~N{OLxoYL*A-%P86Pm1Ph21ta*>(sRsUfYjW07oY6i3Wa(*Ge z)&tN5pk5HAw31q3AU{BqpT7v%D6RZK4E)bx!RS{?Y14S6&%`sr4og%JsjaEOkzC~> z64huii^F{Ze^)^7!4vxYehf$@=s9Ati#~vmr?@E%~I3W+b^*5Ys~=ftVj0^k`OOX^WFgFqgFP>>wZ)dnIX zHSll@N@XI)+yIc@0|OJnMGK=k`WDauKEK)~d|~2kV9^AzyCC2|u?hjShcc1XifF;G zo?@20SXcoFkCb9Y1eQugM@SlCo(P*|QDPTl=QD~oS&P%OY((P$RR*kXAcO+?aSMs1 zkRU$@iT98nq_!Yaqh=751B55IV}U{r8lR7VrPPIHVVF4p)jI8uL>uuY)7R->SAghQ zkW)G@fXq`Gw^W=7k`qE5K9jl6adco-f&>T`q^G5Hh(rgfO%_yUL>J*ODG|rGTCh%{ z2^vWO`aB@BiZJgaZc%3L0f)GGHzvH^rn*>5y)Pqy8ccjF?`P2z%|j!i6M@TpAtXtM@dufi1sa+%RDpCj3MviZ zBZ%4x;4*hVm4O_P@#&1h=*r+SlUWv&s0_eJ1=fq_p3S$R|XA3Z7YF{nKPo)+0Y zo=^Z!K(N0;Z*ZZKr3pmf5GqEU49sZ?-+^66cuZjLDN!3wvu*% z;1Z%#D<-XDAS8;Y=EF{}jkAk}fogN;L}xglKV2w$;KE#Yb?$cKTP_Evz`PSjWfVe7bQG$w_McEqqS%S>mI7NqO3vqC23kP?c>rLE zLWUx3k|5OK;>?wvr~x4H>3lDQj+0w2K%|dq31dMElnH<~AWlZGDwUQCabVD4Gjf3f zEC{R}lsTYgDkA)VqsbM-LphO31{;F?BI>=@mpM zEeD)eoHt>m>kJ~T2{W{tN<|gs<5)oG4~7XV+JfHgW8hv0Q+`?O029_guCaycF0)i+ zsFBUg3_usK+|XGf)Ke%Q7(fZNm=ZJ1?@P1SxElensY%O;@Y3iPU_T|-J{MVsXiK$_e>#2}xat28y8 zOQPm%4xo&55=LUS(%sO-gbD*_9~!5W1|(D{24U@B4Lc$%0F4n9hW-Ia22e^gcoacz z0fDc*J&D9~q#m#pC&5fE(17(OuEEnvlc5nvFJJ~INQ0&Yp#iv-wu$`R zw7v?YdMGOOpfn{m3xE{E)(=V!Q>FsjiiJ>rC(}UPg1toAM_ufIab?BO~-)2%{Aem1s_BT=G}0(1$Iz>Tm&+KCQ@G`N;XdE7Fn!a0P`v2m1`$h0g&85nFUe?U}MvJwgyS1r7?3uI^}1pHfWqq zSOcxo^=?xi2`*5)bBmXYLr5bbh%W$3#1k&R3@T7nrIpcI&EqnY!jxv z4i#tM_NjIXxFFH*LUud!5llbaYT+kTzX>8p4D7^=0X#gGGu+^A*A_k0EFm+5$)oiQC$s^VRf&*|xqL0SilS@)i!4}m-U{xLp z+Yu(ClR~9#2I48+M0G>yB%tL%Z!n%U=wuXGO#YA+(LPU8CkOeE8-Y@dfC)%VN*`v! zW8DabTr#I=umBe;VB<^;zSrx*BsLl~LkJ$vxJFcW(H9PK7bgI;u#$GLH)W#CWPgD4 z>VQU_o8(LYDWR@|wQ$l>IOBvnm1Z~)lLRma589xXKAn$+BHDCo-wtUZz;-Qe!ra{% zx!@dR35lBtGLb<9Pn!c~l18ucMz2g?oxcYuH<()E(|Z$Q;~=>@TL&pZkhT@rzo1ZU zV+Dmp!TlTGoUA@V!R$Au@S79cMxQ91aiVnLnHfvY%vpVInonAA85PRy)57XwH z-@N9+^i8Kqx1ZWE{M5Gb=hiMbyLJZDs$c!exwR#5;_~Out(ty%%J4IDrktL*;Pk7@ zPi=qc+=y4s?t1ae_&ulRl$_eW?9`t1r?$QD-KgcK$8A45Vf@*}yU#rT(zykb&n%sz zzC8EBt~2v@p4&6~RO#?DYnGgOW!=S!XPuc= za%Rff)7xJ@vt|6bP20{5A9H%*+|y%LpI*E8+}h>m)^0yNdHb2I>rck+37V)&%QG6+?I)FUR$F6J*yt)g|Tq)Jqyl^Sf|>o;e?i& zd;8WXn;`)zCh+s~jYeC#r&2Tnq)RHblgjeRi z?GV$&>~lg3VWoCt2_WkRoUw!+WcX>&AJNKNv`8CS4w4XnR{-imniK>>g+ZCc+;rNP zT{xqIi?o95;EGUYG(zvP3K4!sxz796_=0)+7Jz=CQL?_MhF3)~<^o7dNVmtEDm8B3 zifqWzhZ0$g$s!OLCDYO^5GMySbwLPf)pP#261ohave;u5^eOQVp$ebHIolD7L0P(L zt?GHzn0*Vf3Mj7xfsx#YK}M3PZ=jd4S7G5`Q}t6Y${XQo2;=jGIPV3S7t|NPg@CM; zV5R$j#VHK+48wy}^8b29rP0&T+ap1V0RY#5BGUxEqJnn6Hz)4t$eVXosG5TIJbm8{J*c(o@ z^?ACZM&iNLo)`2@*XkalmhaYsu0BrGRqAKyd%d8$h%QJa;rHN|)Y}`duV_B3)&otC zLvwYv?$zPg39GSr%dxd|`Z(RNvG6_Dm8bbkbCpJC0=9OIE@NM!pJEPA74GM?{9N$s zO8j?@e!wOAUc<5d+jLcXYUF(Vkq#b#k4!6QF@EXHmc_bxOR>%LekC^;+B_K_VT*3h zQa!cS>6=nh*WuvejkwLjnZE-Hd_nmbOm@-H^-6IW8pmSx^A-6hWzhk!U}ZL9vq;O= z*c=S3VaYYnfv9#vnos{qjFKS2xGqh@`VHX9UFpgi1Y`kQgg+}1S;Vw6G}}i1fqGfPWNU>Q72p8K_OY-bRbVQwgnC4Cw<64To7@cZ^@>k zBnB~q0L}oXLS_^q8Wi6}9!;{ggAVg<)A(8%bB{c4tjMvd0M8p3Xi-^Y<_v+pg1~K% zur*YjDwyBR8Np6a%-Y8YuzVkStP4YWER)eN?wFkr52kVmu_PS6#(w4?tVI?0z%K0K zL>2oum@o|gE0ZbW4@Wp9HVr-4coj&FBa;+Kq4Lq11=>w@m!|P)9tS5H7g%~SXeFcS z%^@*$m5fN3Z8|is!2T_OK}$jn-wBLEO^ZTG=hPt+dLp&YsHOsA24!6*=zTa5c{6>y zdZN05H~>fB=jP4|;0luv!U^L51g$^<7HR?dY9|5}uUS^&O-3=O{o7ILQyjEPoUT2N zEmL|PVB7NtrLw7+uS`bB@W?IJf!!<}cPBbK0MlTOJO>2*`4030h{A~JRl5@d=qJbo zWurK^I6s0#Vy$F~MkmxwMV2mfVIyjUs|N!|Cp>Q}>>=z^jX{e?Ld$$+fnk0O$TujY z+&t~wg+7I7Ndd(|iA>QS%;R{Xng5Ec|5S1Edd7dwH=Rw1m`4XrD6*lQ_-K>K(9Pt6em;(!w<5EtrMq#1%BI1j0LxL zmKdLr;S(wv9@xs||Y)By_kU`4dd zKyie|TyrG_{G1i2J~5Jr7)y995FnW6Z=nd76ihbFnhib(wZP* zih+8-N+>%9@e#Q3}$Tr_RFxzup&k!4u+Ws zfJbmlK=v^fwzRaD4Hz9D>IRR8K2HRc<~G!GLrDw9sU|p1ZDbXNc?3HcmX8M>qIl*` z_j8yzT8v1ye8LE6NuBMk-$4#H2f-n-3qu-56}2EA4VcCX^AKKwu~ldv`6t2=wJEAi zwjh=HKftj|j9)=aj3e9-R{@9VQ5e?V2@UAWDt26RKq3yo6c{8WpRt;96xJ^(COpTH zogA4(naBk)Xau2Ao3i+S^!Fb0gY<_*Ng)=wsf2!RGjXB2qVar49v#h ze2Zf52J;Xz3&p*&O)5l?=%eBh>K^SJO`&^O<1oPwO2NiB2l^Z&=cD>HBccPN2nN7X z51pv+DPr!B76_u88jWCf)n52SVtK%PSc2uKt5kAs0(uVtI17l1RkaW17oby=9HQtw z1Ig&h#J>xCJoTJtxP~rg0p%o{yX5o*okp+jv=m1#sS{MnRQ*&lXr^g6ZWbb&2>jxJ ze=YI`!+O(fN1@_^2=VkHDjRaZ3c%f*#N@xj;FB@P#q!Hc_vI0AUa?2OS*FR5*h$8Q@Cn=4g=sWh9(yrqAjhKrS}~JR+?( z`$Ew#X|fMC%?V`^3LFi&0b)4fkhewNTM(|yx~F6W1-2|C1;rA;zz*xg zlAJx>dWCf1gsX0 z40FKr7R4zGv2F~dk3yfA99=*vMx>f{u*4P7p@1kDR!>2826UZL7sQ~cvf=#ppuQ4<9sQJZ`GgQnFG_X1%`Mm2EI`Y8DtO$4X>@Hfy#xYD40>Y># zBG)e>d(|Wdm4?<4L*|trr*hTM`OTaemJOf_l$~)-aFh`t=<*M?5g3RE9vJqIk!0FEH_J(T6sdO6$;I5was5tf*#OhrJ{gs9R` zS4Y2RCO_3NKyAjmF0*6AL%`RhH~|nab5NSlOaX$>B77*3>!jgKWN=4ZK31y)GzaN$ z5P5du;cBjF4mn4$G~MJXp9#+NC?;tz96TQ2LQnvURzMgvUnPN=k;92znuN3mT!@pv zU{a-2+zyD=2+y3D z0c1E1B43B&g@_}cKg8(?{SWtOi4~L0Ku(SW{03$N2*)Z3(#i43WH?%oh7iZ6J6Eoh z;zA0j5|f${N&PI#-@i`Xx~W`s1#JVD-4@m-*zEib+(QFXEC+*Z`VgWId^!%cQfcPk zzk@l|$?*lL{e+8jc5-|L#3YD5g#ecDRxRKX3kX&jh;`7QMXNdQR9j)eOMicyB7>bk2<+61(IN{J#^0$3-b zm{b!M?VxBD7d6+KR#CtKb(juj%Vd5^(2R)b5&S1q6%;H|jI4r?0CXRLmNdgo#fsSX z;1$vOm71u`e+TGe)PW$b0|h3C2G3s@;7WH?vKdAdG&17yQ@RvTJTXj+%5iadIrUvP zourfq;VjahyD(d)FHDF5Nd9Q)Xa)V%P?DYJtV^Bwhn}$joe>4gH3#tgmYb0Ywop*n ztx;sA%nw2W4RN4i#jvoSQGGsWvmZ4#jUDC{02j}4YzWBR0Y8$`Hrb*FZ6qJLD9MIJ z%g3j+|DpgDc1BJb=GYAtlcfZ%9*)VW_F+$EK?~3}#W6xHQt6$60=0SyX`SJ=NE@?b zekM5SR2d#S)MS(c&M*{JP^6&%%{Db!OxdJi7cd2R`99*nUgNkfu^Ls_8_Bb%xq(by zys6U++64ouFMzQp&OzQ0U>wm1G|ULa@I&!j0zwApDN)K(Ik9L?VSuqDY6+kQuYn?U zEau!rOEa2B_Ag~p6y^gX6CiMNC=ItCq0}4{I`UwXos#UJ$eI%(0!Lr<3KkZ3vMRA4 zDduGcEO-Ca8EMH`RKyven_-jcf{{X>G?3>c=>uI6#1Bu-`cM#55uTk*ux=<6aENd< z6j-kv0t3yS0E_c!wZsZKS)YDqUoF&mqZ*r|L(!cQ1mjAfMc`mi*P1mT91(g7+9?N*MafO=;E*octXKsc^MQ?oHq zt_AG-4pbK82$N1Shc}EbU_)?wPjS2uIRWi&#{do4V1W>6IsqpE*n|u+l5jxh=#Z5u z9k{7d$Pl=S!vz)Nf>_cHxL*h)4*CIr4uEeF*D9=dKngpx^2nYcnNt`AdtNh!M!0$l zAu35)4Aj{srjt~is3SEfsS8OSAiNH--*68q`{iV4TMkIgY(a7t5XJ;5Y*4>GLZ|WO zT*6FaVvwPjD`ta0j+lIFC#wOWH?2VD%4N(j)GA~q_4stCx4 zEP7K*Hh{a+>Ng#Dvy)?+3;~HG%zHs?F62|27UPT5WBZ*H`4E-TGkpcb4h@&_VfiWq zVSx~iP_Y3@b|ic}p_q9SG$RDg#GT1OraBgQQGl>>pkrDfZIKS1Mj481aw%jJbSkKt z0&@VkIH?K`*fY@}u?|P_83jp5WLo<;QGHqS^QoHMNn(5@uo=vDsBQyn z_%PG_z#Tw^o@t$D5pK4=*&vVye^Z+~KA9B9!2vr77)xkCazrAf21< zDFoBoN9ZqtTT$%|)n<)HvosGKr2Q~x$>Pkvz+j&yRS4*Q0r-__{=SV+bipB)fO;>g znM&6gOuon5XYLPRR~~_R5V$TuV@Q05v?b7se>c= zJ9xJNIG7IXJUA6ul(yrym zYKvxhg1e1UJqHX^d-!=bsV6VNb4&F*=652#EI1EXsoeWQ>vvn1m&f~Bz zcHn0`SA91MzCk7`8j&5y{Y4y7o1Ev^%%i49YaH@l&C}z?$CY}nyiGqfa&F>LC#wKJ~ zD?w(lG0yc$4!q{{2DSyCM9+v4_2j^7HW|mL1g^!SJRF}^A4l_SJHBUDFE!>nY1R_E z8TNZAy*v0k&yAfpk2d1m1r9Q7AF`EAaahY>Y zzN!)Q-La8JH}VFqa{N)M(tXR>C{=??}}uVC!0k{9$m$Cgh$1W-Vm1Qon9h z_n)ZVF-w@bvU(1U(w6I%dk-3NyxPUfj)>1FT31RB8kxgbiHKLUK+po4=)f8G&!Q$~9r( zLTq%$yHPMFV+@pkBKcCP8{wz$Vu5f`Fd9L03dh(G76UHXd;nwx5LcAv_gT5APF6Xj zMR2GwErr71Xi0+4jKkd={MV?pKmj_L(X*e6MY7#!bQ6cBD?Yux3-AdL2?1CR4DcZ! z4&<(~cbCX{xEv1K-ObpeiLfRO4M85^e6}J31zayVp)eXsVE9EIJOzeBEW-380o5`Z zAsCW@WHnUz)phH-o-8-cZY4j~sr69g*c$3+Nd*B4-lYMVwj1e5O>?6qxk^(~-34Y> zTwEKSHc9nj2r3EgrX~{ha zZlr)ojx>V|xE(?Tsa9b=KpQFW1Gt>x4wxN$(qO%vXk|E()moLFSBR{FO`m^DR z_G)rLW#mXS!BR#YSn!C736sT^8K5#*Oo)Mm3O+1YO|@&) zjniCc5qefATrHsTy22IftfrLS0nD(b5XF2tY+L^ee=>)?tvG%-E@e zd^+Ar)s^^LaD31rbDaz1jzA+P7bS6A++>tLB| zxP;D-K>=cFGB-%)2oo9+JxS!K(#9NAjAOqVWa2?ko@{A{Z!lDhwFT8g3l|h8xxqdl zU+00PGOai}p!bzv2|;db1mFZ=n289c45Dv<(1-|f>Y^q~5d0cSY?}_wi6LPyJ*k!i z2k;R>z+>zWQ1T{1QmklJ)A*D$7v9Jr4o%X+GnFk>h^(ijH~~IgJ`vO!I_MZW>=V*&z~g)_f$~F{~q0rY_hAu?c1+ z0ta-I@H>=l=m{*4=M1@?LcVAjFoo6D-NrR69p^7u>{yo5M9GdQA1C7N3a$pO_ur&a zIe3M-scMnZWOoQbpvECEzd>pDFat=zV+2U&Fo{nG6&|1N;`Gt^%H^Bj1jaYq?f6?# z^9QAxym#s{c;IQ|SPJ@c^OzsP@5Tj82GCJ7--@uyIxV-c9u_~+Rb)}0F^xcGv73G1 z=7WL=GIj8OAQ23bKQ132Y2ab=Weq3{^2SR3Fm&!>#iBw&EfW4jy&Zz3H2_Q2L~j5l zppn264TzY4o2%hRp#X>;K(+WmtRe4>1H{)kXE=czk;M!rsjO)#JOVh zonl5lKn=Mp89qH=9eoHwr($-D=q6VTLPw)Ib_VNBeS#eX28)BcC^pI02(EEvwDBS3 z4(dL-m2v&^IzX=!A~mIf z(Junkp{Uv@0fe%-wh(%;X}B>Dm(Ud?{IP0M`g8i)i`y9HdN>fR+Em#V`z*hL4%=UVniXhtESrt z73;cS5GDnCz=ycXY?kjZe;K}~PRpfK2LhXENSLK7x2pA~i}$F3#pO>*nUxDmhf>^q zL{$nTKo}&$uXRl^Skeem#Hduf3o}Mc0SHj52~z0MX=<($^v-v<&riD92;sYZ_5Sg;#f<=Ro*C76q;qFd4 zH%2`L1*&j*wl8#)NZ6zxRG~h)n`J|g=zIWcuka}^I7kzDWCjWb28cXE7kY!K;Sf!S z9Fw*Plo$;H)d2!T+wz`O6i8{&t%cbGSOJ)<6(K#iY{FT^gt|knKy?~J#9;mUU47jR z=$qOIQVmUZ*al1_o*-4CnX5d3jN($aAmB%%d~3Z+x`7w!eqFcTxfG)o|HEEmaIa#0u4*;s761_-s- z9@Sd{L;~!DJIX=Lgo)S>)nOM|iEu-X(5uymSPQiUwRQDLjV44I9;lD#2Pp?4j01j- z-Cg9#<+DsTuM}k;?XEPVFsABI-k^SuL>B>X{t+_Dm}H~j12Kdsm!jZE=mw$PAePn2 zb8nt!p3pYd5LK`3n<8;ZU;~CKHJ=F-#hlBFFz;H)cdQI|7 z%CuU&hy%c)Z8~)l6dR3tA`ge@LyV#NKR-X{F!P6?rmC*soQXNF*fJy(!kICU@(Hj5 z@&Zczq^iZ;bWVse2ps6V)y*}HG>8rvdN?B$Lc-20aq~MZoqPl_Z=Yi=svQv~783bT z4P_{q>Ow*vajA9Cx#ML0A&d>VE!1_}V+sp$(jF=Ay#A$O9R&Nz)A6}>;rNi^8hNIKOfOrJR@FBG<#L~@!cy~Rm$ zcXHte6=XQMhD;)k-3BN{plJlaC#F*&DA`4E$LS&*AX8Oy*hazbL<(A;Ms*BZt5E;4;W27?~*wAJA99@4r2IvR~T40iA03oMxSWUue$4Etr zz%(>KO`tJHT2}&zlHLbvD*~1P%q(T05sV8J3f$ZYHpVIAFky7j1n3fkYDTc)ypxw^ zw$=Xq0?aYx1XYK-7P1UTR4BPj)935Qq5!2DV$rXWpHju1e*d(G35E5+~3QR934LC9i=EP-xDhMDE=S(-Kv7K%2X>w5e&CK5D8!i>UV>o*N+D^Lc9%b?LjLqmaw zKr_FoJs2t-1~a3!o?45?~K1FI;@R5t+@{SSbfgZkXjfJUF90!h!ROJai% z10p~cuVBQJ$3-({1YO=!tZ$Oz*h9)##;VFNX~~DBuFa#KUE6hTz|gRB4;KLp+~);_h+~ zqYO-4*Hv{N@I*n}MA-#2X|ckwwk&Cf)H@mNyyzeBnGSC@^e?x;;Ta7UaB>0ipCfM` zszNZ;c^YW+Bf7DWdc$43*fOW$4sAY+TGW7Ub!;csYNnbUyjmQr`#@j|&B5&W%wp;q zhV3)_l$p60MVt?bNb2ErzCTy*D4^sUycLpxhg`2(GA=zz9AwIAP)4*ZW>T^W*ro{c z!}ZfWxvS<#h(TilIdDiv+Ol0j062&DaiB5nSjGZc+UExIab2=6lO2K-N!5BU;f|5QkV4<;o!TL>em2e$>{1j_ri0nd zB}q%khgvYfXoj>0$l;=aNy}z}+Pk1r!G48e7EWTEkG(%QLJS8b-z#~LgJI28UEog- zv*r{e>S-h|1{y_&#Rn}wjJ`OLrp$sc6eZ`5(gKuX)vb)D!+^MZHip;^5mf)}^c-%k_*HezRS{!-Ob#U&ozX~QRxlM=)m;e}5 zk0J{d=qQy5ql~n4*Gxj~pWeERRf)Q?jR}+1r%N9dxJD)hIGkitt)F6!OCSTpzvHr1 z!xC_8$gZx&@A5k(a+U_+qBYl(#U$)#v9$6ru&=j0ViK7$FWvp%5DxCoR| z4;+{X?EYLE0~j1&e&dS8MK%ciTh7A=QORMw1eOzPD@0F&>kTufiKc*+d?2lM`!od; zHIOEke(6{Q zDkP+w(vk#LU@&yU+~-PQrz*3Pk!DlpG0>uNcf1 zB%z?}pD z+ux;`OGJ8lh_fkm%Mshj%mZP0Jubm;MGr)%z|GoWvTj%mmSZqE0Wa{~IH5zX#7ETW zMLK55s}Q?{_7!+r(L)plWfd?<*U!2J6$?V`0_$6#oCKe&1*?U<)0i1Z5(#v~2uTk1 zSVCH(yICe@aE695kN6f;6~`B1dJuHqkjDk?rbIP3e0*+sEpp9Mr8r+<7)=5cD@81K z7+3>q(#cFB%aV02Ct5Nv!i*ajI3a5lG(2~8Ct{B>jYb%iJuc6{vO1X)d0|dCFvqN7 zhgM#Rw}=UJJroARa4*G&9H$wsix4j-hlhmX=-_9G06lqIBB#+YwOrt&HMNvS|8f90 z?JSZz7%XPmL6qw`&c4~r4W45o$xq5jxmcdmQQZ?+9eojAfk7& zVk}J*=l4`0-fN4nFk9dGu<$k3L_45Ju zy3Q-IA{;Bl{^ejQ(4=6fIa@s&WVuDDIp8@~+7LXk=8wdl1Um}{0IgdZAp+b2Cl96~ zG3JImTlhAtL_m%+7D#HNZUW?Dn*JNT8ASWgB;IV|Foby!z81KPb$u*dY5^olN{U0& z6xWez!V;E9;~mv|;H~3OMH8oRr!tNF0bo~8LU$TUOwDEH0hsC@q{_K2z97ZpZe-$2 zNI*<5J@_C``%_#1R#qS-W#GVp$vKfoPKYb)4Ay0ZBU)SbM6t>D9Ob-7H2BENNRiC| zbv5CT0BqZ&!9z;Fq~eOjK%A!=hIn>(nEL*G%SZmU8Jrh%o9h`5L%c1bz$-=^S2 zi9~q^@&nN~+hByQ(DhO&Zy1MLZCIRLZ(&(06N;Wd?!D`RFT>HuFeS1nFV zgHdKqK0pqqFmxDLQZ&s!pheWu38`0~3y=vFdk|@H3_l{EwS)Hbg_If5Op|?ia7>ot z2oDk`mJZ@I^>_lgq&3wkPWBi0p^}bju*)Fn3uQ#yfv=P3f#K+Cq<~s;!swvZxsC9E zA}x>Cv4PKYS!L4Pl-2l_YV*p%a@Rp0p*sj@=|S81$=)K6zQYfyp0R~Gh8t~p`Yp{V zrl!W!Df11R4k)78|!@#TJDlK|fPUzmXF4)mwKiW453^t;8VzTKmFf>{qD-iEN z84;Ep!vv`r=sO&UmIi=iwRg|a&e5b{+XRZOd90;?r+-pCq5gh_N)6VOhy|>Osrlgz z@3aNp08%UxJ?Q-Vm{*eVSBypzYP`V-^> z2OV7YV!%q~K|O3;?mRD_uoMD&lG2B{{{J|~^uS8) z4rnluOG=TY%(>(gcE->w4i4#-Y^r^b5Zq)XCE=0 zQsyQ`XTy5jJw|?t#!3*|EjVSFPmJiP2yqDe1y|ci^F*0j7ovtsW@!-uMnmA*We2Vf zJ&-A>mRn+6av0*FXq&izedG#cbZMLy+exk^B^>exnVt|u1E)HIt~eIizCLB)cB9k5S&vp&YF%Z8K)_`I)=C~s3snVqUmvMn@;6cLR*C*oE)O-BL}?xS@nH0 z(*?JBpuwgGt>7or7PUX!o6gZt0P9>Dx$rH{&oF+@h0&i<>NXEM@%Q~77geW(NM9LdoWki zJ&1V>rg2OTPt8;tk&?fIbdD-Kmq%Qgp1q9Xbj&^rdWOldBLee~3m7@rI9iMne8n zhg*)SYC^mh;X+QL638?+y)H<#CdlJ~rDe@0eNnS*+X7r6NUmz>b?ia!qgeJa%O1w? zU4%N$XYIPgb!VaH*VJne`r6f{Gm8mRMBeWV$CpBdSwWldYukkP0#E$i1cqpn4Vq4_ z!`UPEB4Lh{BS6Lj-^835EnCQ1Cfth#CNioHQJa2G3M1`bTxFizzWF+rg7;SJ8`ifG zt>wvO*SV-DG%+&862b$1V3umi2y=>K!a7p3Ps_%1&*tQ0JaK*{r^s5Kbb2e^3aALRli6cYO+($!TzCZH0o0$I9OdTpp*-YNK(x`=??I`;WM@GGG?3EC z7gARvS;2XGu-6AP4<6Op)p{%nHWsEUj-;?gea*|4A;HKliw_K-{$Lx-S zdj*U09B+#`&T^x(;P4`O9!7UjlkDj z*4cm)ujCshH-nGS z)e;aEo<|!wmQ8mMIRmk#JFN|k(ExN2<83h!-Ic?@##-paR=IC+@jHdQA&&<2$u6ju z>WoJ(FEG_(;>rvlgTXr-pwvkximTyIoaw`bX;CMDe)D0RpVPtl`n0~F97hhXacZl_ zRJ920K@yB2kF?o&#BercnUL~9GL~e!rr(Awk259MgW~!mJ$hyo-7~zgYh-#crnBm5 z1M%ryK%+NX<^i-@$Ky%1m^!+c=;%cljW->NWau9hBf;!If+x*6-Sfa6_@NnaApS}x zQL2xY=T7Do$wp4z4o6Vtz@j1DNK2f6W8kRqYU_gB5;HyiAF5MN>)EL*4O%6EnoyqP zVZ{iJwUS(-%)=~gnS_dgSOpXMz=sB-!f@`QU>5bJ>X-zNBim(fhByW5IUsPg-^PdW z8mC)u&GM7!95lr3a*hhl^C->nfspwT$#b$qAhAK)znsOydzm9clCj=dL4oG{20h#& zw1Q)+ChBw_7#D_IV?MOjozTytD~wZ)u8AxOC^u+Ez#1SqNj*uMctME$00kOnq4j#p zO?$vDaM><`SWep2{Ty&FmAPkK(am?V0%#ZL66DTW4u&1N2=d!Iur5l#D&Y0bASl&k z>ggy4ma#+(aw*n(HC0}q?Cox95s~boy)x{RB#Z%)6S;g_Jh*1 ztbhY=11fCrOGmhNvyL^W-JNt};9P+IaqXtA9K;@^ zladptI|M9&fo5P>D(fV;mqS99!;`HMB~bV~H{vAIIO#3O0PJ(-a1^TEQwpI~(USn= zWT!j&56L1Aj}ov%a~$XKx&cp2=fE7~*V~9pdkYQ@Kd=Yc2}_Zo?(+A$HNO}za-CVT z=(|;~oGM*&X8Jg)3eE4gjd0$dnKR+LS6_hQ%Tr5FZQp*T^Z%C&UZ8Sd^c|L z>8+d8|7REPKDBe!snQ*%woN$m@|07%=A7NQd3Qerk~k3?cB1_yzVdzu6iO$ zFaup%1waH@5%$+ns9cFi^n>}aHf}_N1~?vv$7m)@pC584;rja)P*G<6eZ->5bm(1% z%0rpHem*R+Oek<41?!8U1~XkBkOAt5cEQXj>cd!dSgG2?#K63pg`m7@oP!>I$2Ye^av+YBo+_WOVLza4O7UoShrI*J0jHSLjCW;Sylz1a?vG6X2k9 z*)2D#r^o(LUAW~nr)tQ;aT<||K@IBzQj@70-Ulq z1M$h#xqFb)v;_Ny+DqK5duXn!@hWwgV&T_4%tN~qpM#Hyd6wOtu_&ec;hfv;&SAVW z&45z9zL1}D5rVu4H4VNu3I`>~e&vwv57~ zH>g%jB_35?Q^asft?umx0CsI$9vn4>#>Aa;5Hop5@d-TiPwSq zZdLbk=P-<;yN(<_RGM|z-ynZxGncLEA5U%WkywSfMAwoY!}Z6h20E0S)}^Jngf!L2 zRtHSMpQhH*0h??Zuw<4961fyWQjA z-_35@ps2S~t()$<4Xb-E*Vmt>k6Eqjp*tn2v4A)qPfsz2E11(YxpezH_g?OOsf70g zd@~J?U*{=`U5dA(*3xrr#ec`*b4}A#x%cSOK({us!WxCY+7*Bn9syj~)yB6>Jnm&vAf06DJ=Xur0?!@~#&p1*aGY=nR3s#Mv zqKkApV?9TY;Bwu!`kG6|dkUJb)OUBrdblnKzFgNRAE}>xr5>Z(J*Z+Kleb6@~fK&rpEerhW0zEt09 z4nFBfs29)eFV(f+OWj9y<}F_V`yY;<Ata+}NzYU+&If>Nl8UtMw_{^zn2| zsa~hsuz8E|NSbdn|L5sGS*!?Jd4)aT733B`Z_fKNytx&mHFHBF-tvjh9>p~j~rN~`((A2-0YU`wc5-1R;^Mpn3ktJfOO^UeIQj(p&cG!``XCgb&S z+OU)^arZcWUZkQRDMQ2rc@8m2G28&)BjG#D{RK^w|e%<5;hY$$HzI2{F@6I#_ZWD7>{HE*y&n0^#}eN-aaSXc_(tTPrte1~ zi}_0Kx3Tz?%Zai2=t_8gxDI~11^Ln^;`hK}z7qPtITty)nXh{}p0SRvPrT*S9=P^a ze#W(G9!xyC5wE!3;p<-I`FAriXmg*tT<2HFobya2@SN$~>naef1w;mUmdFy%ptW)pCL#my;x&92m{L_&cbh2wV zY~h<8h`yoFtw=Wbx>F zrlLwsVPny1r?6~-7iQhf1BHR87ltp?)SzSs%OM_ixaib3ts$(4th|t( z=na}eJf#R@)Q~mm((X5nPc=P>3;hZ$H|d0vOPGkQ5JLbI)??@%p*kSh(FF+*&X`1i zr$@~p7y{Da$T+Wq+w`J_HP1kRxGOY^L-5Z4X@ z1)U5@M8OB#n&*}ms#hzdiGL^{NerE|)0rNOaJ=dAS)|7VQXSwB^AG943-~ES#xSI| zYHvx>fRduZP?(38YJ($UQIkVE_;tj5Yp|G84KxG55;P$RKA<^037?{NKBwHTD`A7a zFcYj$QFn$o(FgCtnQk(e63fZnG!x=r*SsPcrv*dr$$P03*H#l^AUqu*k0#ESfENdv z%!Q4q1Te3kpzcIw$b{L+cyEkKJ468>qcoC~AbbvsDje)7dEp?DEk<6^%HlN0+=v#p z9z1EN7-W2YzGf9>!f@POP`){se5G0;CKV1#i$NbV@SC#WDGW*x)@~3i)+8!KYmMbw zAqvSQobi&hc!@|r*Ez*W;UrZdA_Oub;y5M3f&75@cG)qB)QUMTgIFz&EBQJU`M-Ab0Qv~8oz08Q)%mLP@iO|d| z{aw(WYC%PB;;e_|FI4Q!B(?NDi82K7$eicuH$C-sOt+2=8nR-<4G6_6{oRG#TQMMO`;RHZ1q$?fRza;sOkt0 zfgmu5>V#G$a@F@-&qw{^P0&sBs>hb*5ih1(1)c}YUWNsO5di7d^i-?81!pTV;isF+ zWpzWgQbuxt0;tioO)@-iyu`M#<_qtq*efucy2K3A8Sx$rGfmwI_ruJHQmHllRf0DK z)PqKgH$CK@00_5&mcv}-&^a>{MW>8gntl`kaFkxk~q$C17a&D88*D9_Xk+ews#ND02WY64CQok&TN!c|Iw78kwO zWPDtc8Du*H)(A*e2zew~0j%T+5H6Ro%`GaTF2Yzb6H(wnU1*uNccqJId?2$j;fiz% z@v5s;^rj-he(GSwKwgJ}oV41;1GG1rd6%<8vJZzbZ3gX3o{C(i4>OAbPRf^_*NDH> zyfdKgYZ3t>A7%zAP*-DgPbX*9BH9jOjBlfB&;DE1m$0Gm`5qOje zsXD})r&bgM)~72Z+b0r)4bhQM^g%5Qoe}{u#My1JR*q8@#4`jHmbReAR zR)Cmj^SStdlWYt7k7vRvnHbPD;n}Vy8X+LmKvW<5biAU9WVpr_$9adu7ediRWVEnk zoYYE}3>(x4?F%SoGD#=H$IIYgu{#Nv%))+Megt`8AdQW;wqV$kIFyo3a4em!>?LpT z(6d{#D`>hew%bXHdA(s)FE1Zqe(6T@q@DBY#D3IeKD7Ybt@CBWCBF--Ox+HM6F z!T*S4s92l6Xi0;X>_|1{10_xwZz_wA3s()s6`bPDu=RQKixH%yYm?~u9f&)Iqz*D6 zRU5g|md_8|yct|c_9mhiwT#T<>{ncL3MMFMd@g%Fka~I)m23_1RuFu zS_S;>CV^B~8j$K3UC3c3kYZlM3qMAC5QBN*W4W-2plm88Qq$k8C&iA0-7Bn zxwSo{IyV^71}{q3a9Di_=@wv5YTg>}V_WI$`awUcX1*iktVKt&L&t7rvv%EDc43lu z(mXL=#Y%a^QrBxrTPQ^g1KJDfCk_t~1tBI59sZ7y?ELY9I>hQY|@t+$Z z;QfX6a_U(=C)1~T!DqHtlDW7r9En=}mB!aUZ{Ly-eFzuhD{*-3Uw|xL9EQlEN-@A$ z=aO$x9K?ZyLc{R`mt=G+p84`JgE@t`I$A_v&xG2rbrQ`wK0no_XXjcl4^mVxMxj&= zU9p`xBs}(n4ycfg(1fwsY{z&RLDVWp_bL$%i51g!XG5L?_qSu@llz#8kMbSTyw17w zreGW1+o;*S4O^-I(_%s+`c+L1Wu2tNgn@?D^)Aa~%R>#6&@84Wnwnu{RWyr6eZ`Pu z5aa8K*>O_412(vz5X)s0C&s6HIVoc9p5C+$&I~0x0|j+Vu0F*&a-!*V-lv6v9##@8 z?CDf4^iYa|tS-RPO8i6={-6Rv@n&3%1Klax>fRE`ouo$O@N`rOQAVpMeX7;PPAaWA>EwFtA>+$}3+ z1;mk$&0_5|My`XT_izcCF`*R}k|3aTE~2ykybKRY@_54$NuFA8YTTQ z_r}MFQc=jas zvph@3Q|J||ccFOGk#WqnYe{k|VPLYS{#XL3>;-=KCz|f~tzato+InNTiDrz~Bx7(u z?LE5I9EZ*yhaygqJU8kDItm2;P$fabnmF-v?s!6s3k;YC-3nPAemo~QqI2Qg&>RN6 z@VV+xPt;-lAtiz0(tt%+Eg;8UO^>+@*G*)DCLtz7UNJ_5rN=~+-0VtdtEXZgZ1vvs zBW^t{oME^hlz#n1HM{6sdYj zx8TX`d(^F;2%g+Au7KP>7AwiT@UTQ>lUns-LJKiroHSGznVl%$*Rg%jKH|-o%_%O% z*fj%LO7pdXKB5LDZB~1#T(%47&$JkO2ANurS5_-zq=JKIG>CSoE{PfAZ7|us=Rh|3 zl(lqYUpkLUe2n25<9;)_1Q?IB<^JH1RVRTE2kZq*L{rBW*nnX9qCpje-tchkXsHNw zw&)9-ZcgSkmuyuVYdBKi8fGw2-Aqr=sFl?R%q9#Ppo*G0Ozx_gFzX!7d&C>K5gTZz zhv<%NGPmG+GjHh0^wjxL=B%@mp#7H?vo)JB>I~JB)9pdq!J#`qiOK2SK~j93ptdVf zkoiR00hA|4>y0W`rz2yOW0;}41HM838c??cf!PKZxyM_rrbmn(QYmH?o1RLu=t9x5 z8ZKHXX5DhNXWmU>g3ZL87S%lZSmVtJOn6)pU`m=^E<8`s56AbAskahd;k0nQRvPer z=qCl$OzTu6!9Yt6I^xwWwE!L#Pf=_vF9|@QkmGg>dRBmGdNt!1+>IGyOPZ-M_$3ch z1FirM=*e=~p%6U)@BpWfwTHW1O(U193^leG$?hrLS9b3RnlTe5MlT0w6ca^53z4@U zOHslc)L~#^dx{2dA7(j%J?O;9pMZLCj#*CC9d*9}iwaI$^qS&%jwS0M#cPm1$it(- z-a_W{2KN9_Oz^s`82f-;KPd=EC5uAr>0u`ynS+)toj+lIf{P1$;|xT_!9<0&XOzZ3`=)52&Xu(8ZS@Eb!@dTPe?Ex@aCkl=9!(HJuEIcE>=*u1!d5C>C~Qu z5LL{?#=wgsmr#Rn9CmCeYKzFNE3U2*6Dq(Ew~O74X-cN2cBASM((Q@=L~VKz9XzCh zH(nDu#-og5c`z4v8Ew%DB;3btLKP8pDaT8XZlJ zw;ovV;9$rNn4armbX~L5c%cUB#fz6PJ<3vCrMMU$IaTv=%HufjPLztCcB(bwy4-n2 zLI{PC4g;2$KLdzlR+aiRKIwt#X2Nznz@ThcWZ7T zH^}8>(^FeJhrEN9TaSrjU_Pe~1EPT)T9`a&$Xhc zV472?Txkj}O*ZLg7_{T4D%xsJfk%x`^;D>F_AB&YF~6yr1-vs`j{WDdfqI;Zpc(5< zr&@Xu(?giX&}3dKx@amdGt;}HlQ%}=K0J0#E>?NXqSDz^fIeV4{N%+hn%#LK5Xo5L zDMp6mldY^PfmW+ZbI-P=dN&3Zr~|aDpK;WJ7e$QoJWERf3dqIa^AlZ;EP(vQ z*zajE7;?43@~!@nT;RsD`m5>g^(7pb54r!urg2~!fku?zFzU&ieA4VXzjm3w73vJ8~QEM2jNgv=_0XPOcvt5RFiM`D*o?0mG54L%bAH=- zU_Ktb16d79I2(UnKn9h>01o2WB{FpFyoW^!>pm7Cp0S#wSv+j`79T8i0ZI^#~~ z87)%BY*C*U#AI<%KGn*jn?2b{%e+ToYt%J4t7;KtQ*quCfDTi$|=ZLM;tU27D z<30Ioiy#lty}S1r)SXsB{+jdKcFG5YqG(DVBtT6x)hUEYJCUyR!W({ktXJ1lQW)t# zsr-sgf&p;{0*zy(5OW#o7R*b#+aJk7PAYUhGP9==i2;ZbrNugoVH-a`cm3I?z$1sc#d&xqb=&O*XpLmn5r?Ve|&n~*eG0POiagp-mFNZf3S=P zF=ZI^)ezF1o77MB)(`rzpK0U^37^{7yDMOcz9~g=HtwbHIH7Q)n1-u>BZV!7Z z6pV<~)>Nwo20|gXY=P-zajz8X%-~+(V%Tw>s_j~(VehX~3B4eg$rWQ+*>kd1Vho-p zv7xFoGd2{jg8{6)w8onE4kd4_i?bF-Ue#>uq`JG2DLY1C^+pDn8M%egtXxmwVmLU~?nQi;XYmk_B^RM)N{Jg*H^HlE z(OB!pwHzEPU7DwvbvP!wGVEBj z9*311roj7p>>dv#ARO;nF60O^V}dH^H*)(=XIHW1;{tjSF&Qh((g!*1+K zFNaGv_0;h8DE-=+)!e^a5?Lvxnp2W(PcM_U&5Oq;SEKU4QGm0DC!2!od%D}uZr zM|6co@;gN%`Mw;VW=rN8%$^(+?S1v6eZT}ES~+FP=Y#r@$}VutRPO2rSo;4ctvPChEEXr%jCi8LKV(B!ZHP0@@TYdw5Z8#MpVBxZ&Ix{~FZ zR%nBVlWMu9_?YJMy1>C3n6YZ{bfz(3hM!rQBV`YgfvjQL9R76+voJC1i?>w{tIP~d ztmKf2Xs#`|uRfkRlvGnE;3;c03(X!)EVIqSEu-2z3OGjKl=*n&g-Cm{*uy$CM^oiY z<16!}=4s9xVq%%@x$G)rhMBC{RF>;zIQ%fgfV5Qqx;ln*h?!3`^N&Lm<_rq=~sqV{jf$!FKM3f0rPg7qbkN zGKCJjU#$CZs%EC5Ct9QD&rE0xT#DGhmg1#K^&l?giOr9&O+T;hNuF#|@DzvnYMCZG z+M{WdHtViite0vqBswXquVz^#G z4*itFqO(}9rV&~ijPs1bZp{cp{6Y(udI%1lrbm38W+hs#*TN{i6tAO6`hxSYpB;HJ z(iIWhnbf3NdbVp`FTOHy`)tq$>lw>E>5zu$u7ks-@hR{VQ8sBVFZj4l-)N2&O~4`* zwXFNRH8zq8Vxv6xwU^7izyS$kSUpzZj!P>8!!Tp=%0j{PGFEW`=Zq#RS&o-V&QhCD ze>bva#_lIcWmMWYeSOES_Qjg)byLg4h5)_nSLzNaC{4^Vx~hv$LUpK#=3{49tl6A! z$&juc29%Mm>!`KrH1xzmjWnPL2s9-Go@*_XvHaoyj^V90=Fqz6+OvK?!sptd?GcDN z_+d(jHLWrOkW$81z#Pa*GqsA<74qU^RmcVfNF3fYz7It1`^TpvCynVMFFj~)fa9gc zmGKxPnz7M*AF9}H&8{-WdYW^8jxeT{=>WnhxT-2*b-d}BW-Q{#WBgEFrl$@UXhGW4 z)V8K$<0AhF&szezl(9oR7+Ao0SYBRmIH4;=ot%<3-g?87gG0-Q^~5HO z)NmBYn3NH?CiX%&Lb_snI+-diR??f|h~sU>;z46)SN;0DK9ZDr=!1eEl%xqMFXSKc z*wIKjg2un6wjR`C&4L-6MP_(>tihku3KM8C!tApm;lwh_p`z8ixSKBrBK`?h-KXk5 zQ%1E-OD^+;I}^x3RtK9^rw-c_B!3IZi+q-^aN2e6&4GGmYMqu|W#ho#D*i z%rf%D;TWf))^$Ic_R$XY-`04Zj@N~0Z+2iqte;xnzdQT)_6fm_N zUC!rkJh}}y^XPg<*8ocy-ofQ2qq8PDTz%t_?@j-X_eZ|Hl{$_P!*jMowO}-TQ>KkB z=N;cK8p(_lc#E|-v3!c<#;3bEluTHbR(6j<8HXS@mULwoRhmN#1!$Rw+FX(A$Fue= zlEWT{V%de1=B*Th$=~ELK+p@lB@jGfb;9gfV^6NOM&rwfHy1nSAoK@9NHpLIe5^Vj z3F8vR#jLA)nk}KEWK>DS=$ke&2Ue0rRV z(sTfcMFC&P05LRpTA)E;r!(JjB z4VXn#4zeR5;>AM+MzAPEr+BNWGP9eGjcAj@^^a?xnucI%aEPnjJE9MLidKqFO>_E# z%SwTch2BRiHWdnxL8PI&ZcL<*D1@{;NR;?yylY_$+X-Y2$qE|42|c3N0}kf7Q-Kg{ShHJ z927}H=Q)&hqCsS$N=;1RfilIK5Xnll%R;D_E`}7eA|WR$29d$uH7hHmV@`lwF$;p)yv zI6>KDWreWgb-W&&!h0NLz9#U3&aT_@4a!%DqO3G@ca3GWs|ZivT2 z4u#KOj3f(`jTRdUf_>Q0FC10Xj0vcat&5anR6-Rk_O!cObj;}1vr|h`4~3VshyIOE zFYA+v8DR9P#Nz$nW=$_sGyqSh$uoAm_a+Qt`E?e%*-I<8X1S<|E{ zLw>Dx26P+*rM;Pqh^kB^G@`pMy12D3z(=-Gg6t} zTA;3a;mvTP1iF|d3JPOZELxOu1ieSWxckhqKBjJ$wfQo;rohD)gCi;sjYOHmM{UHR zLJJ8bVv;Y>`{J$6M%JF1YLp`EaNlIKZN~1VR%)(fMk4(kY=Fy@5vG~rb7HqT@7fj0 znD!dT^JMQM(^f$U{AXEIF_wbg>PfWwC{d3E*B16*)kz9ijQHDfU|-`Ns)%1uW#V-&XYS>wfQQ#~q$J+?n4RmLOFh6R3IWQR0_rLZ**HVg6YX_=c zv&wKGsCCMCCl5lUc?2Xc5W+Bfo>eA?Oqp~ZNFdM5GP&@em{SfVjBlg>l0Ph6ZBtV) z0Y8t2_Z{to*z8{-?k;O*I`;+!fkDanx%p+Vc53!rCTQbac1%ru zP}VUPV~)9~Oa$fX@!h-`4*2XEUKdX{kFT5R()a|4Up5c}wZksPP1W>L#BrJyx@3r3 zt$wOmCKwgVPlEFhcUZLbQU)b~N7!={9!K*sbKd(adC{EkgY$-DCblO(h@375UOYJQ zzz)DJW4$n{Q&#qy#Z(0hk>q2+zsr@~wwI~GrmNbqk2Ch0gHze7x{)iqfnOE;x_j_5 zdxj6J$20d3svPmuJMkTPc}vv&$Q!#AQRVDoMua!xy7}(pQQm=d{iv=P-5qe>+xaQV zv&Y4?f4!hc1A`!4i0(AiMR@ zYczt3#+l;i*%3e(WA3fgCacOq8Oyd6kP*rCBE5%2$S7hzsYUw zNL@{j&?B>Ap(z{m!OQT(k?xba_gbk(WE!5emH{eUjE^SRGTkR@bp zcV8Pbd%2$7cWHsn&MsUnF^|~&mI*yNpXd6~u9aQLBVU*qOJU%;>|-4M-gIo;(Pi5N z?&?^`GMwxoU(!?5yeyX3z{xW~kDOWvIhjz;o1Fs6md*i0%Vi58n5RKi9uuZnmd_u^ zBfkV8M=XygNuzqaRwXw-Sxp)?BAOSs^(O@Vb%{x?p9W@wNvzEbP3=`Tl^JJZ#`ba* zJuYUP$w!ucxyM*zl>=^;3&X^*@C9>VcxyUv=sG3>PXAsmIf60OAjqv)hAWKd1|aP@ zrtkxV;=uY3=M(_3VvFRA-qI)yWxR z5dYKuNAq$AWM0sUEzcIoc6h21&0IDLt;@Ze8A^=hWd?noivvxk@TNHVQ0`>;@_o7>iOYiKb=<~GIY>>RDVJRs#d+$H zV{U&@6$8lc(B&*#Q3@`wV$}yZKmbR?W|t38T5M>jM^g7@N%^_O7NH%SA~k>mR9h;D zFg^Pm-&7X-kOgSF1pOFpa1_M=c0A%n=ou|$<#7C5oO9-AG*Fet>;54}B$T>}BF7Xg z6AWkIIA%d@!6*<#K)>AEsO7zlGI)-u5Ak*Drk3?c!44TiQmB2{YFhOvllNE_UkfnH zGC~@mmzT%cdL#jlYzwuL66%7`?iS2b@65|xF!3?l3TqawhUDrzWfF3+DxLET9@Pk` zYW3=3d9IJEWu6MN{r@~J>8NZva$HEXOY0+sa!c0-O~A8gmf zJoPf1)JPlwZ@oJ$cw)e}e4|+I4o>PRgL7uuikzq~5AiP!0>WG1NQ0N0>$zx)n8aFr z+!c20%eT(~@o863Xgu4Iqoc;eFZgKcywW2slzG+f3ow_u7>xk^_j z2|_UgF5BS6U=!v)24Gbt@|gzz##EEwxEMW8Ec>x%=@mtS{)GB`vG_xJS0+Op!6k%&!kVMRc?ZwyVYbqXA?Rvs z=QxgQ#h6EB5~LAIfMZ$&I3l1y4gfonMVehc#5*0Ps|3eDc5MhxUpWy`mj&C^kFGF8 z>E;y-NW|a}C;@>(&^9Vx77K^K8Hr_qTzsXcIu+_G1A`V|=`fm(%TT8$gM2A-^Vq~o zT9;HmEPye^pr4+P9|%4;QAa1L=Gh=%Kq7f+=6V#bm~x3c0@+uPFNnwFvQUfxFeSAI`xU2X-ACfzgfUfH}o{oaJF@#;j8Kk2Rz^!xnxr~)B``vtsqNwWvhP~9m=uGw@)+}P-P~a( zv)D#$GCEnqPP}rtPWbf(Zbn>|nmvs(OgSj# zjc1if(_XBTd8csFI`_$P%%9z(e_E*nWYhGKdvwTep67JxpOM&R@0Tle_HJwzJh!&Q z6NOyti4ZyCPG>FBC$81Ks_woZrf{ia1z(OP1pI+Vjqs$UT{i9Eg{_ma8U&E7cy6Qf zZ%|;BwJ)!<>&K^;m4UQeuHcs+lo#?G>k6|n^io=SdN^r3){NQ(uAoC*Ngqy0FYD4E zt0wu%lG|f(x{KZ`NL}fAIsOvFXBjh;vq3%5-DBb&ugl z7Mn+|=h+oS|CJX&>~`iT2v_nHsgaKceMvL~>dB*p%20Y^YZ~=^*>wVh`FFgwe8l04@tR#hOAa&sy74Dv$deBsGx&dWXY7b(j4KhSCk)NUq9>e zIjgSZn6q`05f9Ik_i`N;Prx~R`CfCm*AaidlBY{qx1L?WtJJ4mdAGRSYlV&S>>*yt zy(?e>aFtwHQeN&I!A|xiU(r~(Vz=f6ao+jF#qR!2!0~_F zGwpv2PrP~M9qbAZk73WISM0-rggWMx_l5t_U-AAcD=`)zgF{zwe{^TsmE<%$*Z=6YbVO%P^++g|UWCEax$|uG zyU52=zzXNS-A%hjm~v6)~r;ktB$rlO{2YLcwl9vu^6{W9#$CA?w5IhOAaD$ zkB8uA4`1^N>O2`P(~x3{a9brBt2OURcE-wBOK6HFdD@N0uhLlUp0Q(D1%r~(LxFG( z6kcg+CIprE0(3znI{|-Esz)EcufSJV(4S__Gg`E4)w)gF#~yFjzC*`Oox61H*8Pbm zd-Uw(%gpizvU75S{rZRU!jb#|QLCV^XyBmY!Sx$7Y}EMv2OfOr;rmiVnLkqhIdM_S zpXFtLPPlK=r-F(Zf)vDK^ zvu?Znjyr4KW!@cM>z;dS*GZ^b@4m#O

B zbVTl0n~~Rb4sMji30MM9CkQ>g9rGA6Pgnv-Cv^W|b(vlybAsb;_;t;$hOSEZ>j)2~ zru0$h8AUG%y?_mBp~h;KD@>B^G*VAQ^b&>0&QN%f?yQ}z&~nCZY){1d*?s4X8(VOAz>kC8eO?b=vlieCoUy=c1pj30yk7Um$@R|S30=%a!K$m(7} z1q9DVBvjeWQJB}?J_~-nqDeqLUxkIoSPj4lf_EBqoo0mu@2PMD)+FMA8gcf)IigF{!() zAW#CUP{qb)AK4(HAV3AHkj=*T!}`0hgg^<5LI)e41wvy!#3;Qj`oK?q_1+!_ zL?A~|qMjhuyexVpSaJz9K&}QjnBKE8X^y0q9a>G!G27fTQ8?-}$Q(@sZj3M$#T3RO zR1qZG7Dyo`Q1~5*Qc|Ykk+d+ALM*-TJ0hi~j2HL1XQ;8IIgFf0s-5ZgafG*b*|sza zF_oeN1j-yuu}=&ddZ-cx1vvmeheXsTLOV7j2Y^}!K#sqw^R0&x1f}X-5IiI^jwMqY z>y-0};6o2}AgG`V_{lMl`ia0G9mpj&jwholGj>l(o<||(QG$&?X)NPKv*;N*%Jw%u zxI~`5L^I6U81ECqk`C%XV}igGdjdfpB)ckwK{l)r9oi87+3_wb2SiBxNk2S5my8i_ z^&EerIn`WFMy{z4s?J0?^_p;_91Za^TZ17M6JPw6)D&#&YgsB{@mCpy=L9E$rbGI% zvs9NgCI|{4%m?CKHtE3cs+C`4_%i}QvYBNFiO>vb0~LuFaPP7wB?yTG3|a#fsTd+k zPsF>-N_FLA=3glWDv~k$_e2M}u^}<#OZ5O4_@Luxo%bhE8}55-IIljRHg@r3>TM4^-I&m_Y3Bk3+p zG(=SA0(qrrfw4mvotU9H+(ePnu+g>n*%4w z7!KgR-q8@!kfpMKO^$)kPlOzLs3oLS)Pa*E3=Z&!mLRA}sCkDq1U2PIZDYinA&J1I z!Ir85x;X|=KPWH2x1H2p!{%uzrQT%$MF?sUYH*?RtdvwQ2{*D+`{h8PLKGzPKz%XD zZ49?)2rXm_IY0=h`2w!D%a@!}J#qS?MEt6>DTJIW^1+|P6u`q7I2a}UJMMgG@vk^iYNHhDt^s|op^ z8i{pdIyV+#rgR_CPnUF-U)|U5SiQ^*i)pb&; zfT&AW41o+3+{vzj0Q^@)`+&;1c9Z&@%at)>%eP7EJLH1i|ERgF8?(5v;D&a;i{I(2 zejpXPR+=;{y}e`<^)5W>Amt&${*RhgORvI-0nPuYkv6LA>$zP(-dsD||D)#kb{;lk5hU*z5DP+W=@maQz((+S3psFXevgwlPVO^Hdb($o z2uQhf1P>$(Zr3}(OOAa&(_A|d+v#OOQt$9%D?(ljq^V;-BB-XN7d$VJbPe|3K`X%C z>Bm;YJY>lKnR9Oc>0RiGZ?dpXN*U03>4+zQ2RX3yLG~hO7Z5Sm4pXmt@(x0t-~RC? z7&ZeN_&-mxtZ!4hseICQzq8+Yu75Zby55ogXU?|yn@{LW<)>K?n3~up+&Y+b?lY^` z8~5GQ+J{l0>ze5QsLeh;A?Brg{BJ=0*SA^SR9^7z!5$EKg}3_*oa5g${?BWq&F>)+ z$8G`tG5busB*he=;oSwI4t|Ap&F_R^Gf^MGt;Up}k(ZP5~^b0b}vrveaYuwK$!q$J~w5VJdbh0%O%zu`sRdb>I*H7181oa3#H zlE6*d4=293VUNw&;CPyK7w-K;7K)Zl2e?tgy=piT>S`RWDT-8Ac zN$<`UfB6k9n9;yK0A#JR)F8O*%LY`_pk!a$;95+gF-0|qmXX5|dvNC@o54R8{J`{y zXR|J@=1+YSsE5aYBR8F6)R9cx6R6Jt2zaPl_EiuiUKOmw3=xTo5>L@%1~M%M2@kJ=NqCpyYH*zPU71~Y z3;;KO)fVQ?2VI)jWwV{oS4*c72-MGV@Q4Gr;+M@PAc$AJN6rvJuIlw9qVk~?t?amA z*{va~OH*h0*)A3#9-&O|IUJ*&itffLYb)njS}eA3+Vhv?u~CHn7yDXcsOc zEaWI_jW*PWdT2}&t6xm#e6*_RN?lCSVsS9xP_?-wvQnVm$iA8Ns>+~rRM>$3`=DLG zn2#ccXjke<{!D}x99k700FqYy(dgLkt2MvS8vveG)|UPn3G$0?kRJdxRn`_C3^#=1qdnu+z6Lt6qtxs zJpr9rY}WKu%BiA!_4cub3V;XHWlIGtqRfd*GL-BP8)OS;v|s5B8UsM+ik5|Nj${Eqze8?+0fkt-S$0uLL(nkC{@)YwZZlnxggcxLcK z(H@zhMA37!p{?m8))h6s3>6PhzAQTY4UNo+ONEkcZNpnrM7*jXX7-6Ah9Y2LgU*~z zygCbb^Be#YmpK5r8=%)`S8GDWXB96?OY5LJvl|!@LPpZpWElZCpxVQ ze&Kq*^XCnw8sr8GP7zP4U^Kf`CiHhWk4jG{ET`=%9lMs#)85;YedQ=V1cG7wVy=zv zW4^?qa-|VDp_)Lto}`IAMGd793^nWo{XGo&vKdW<*LfUA{$B zPAOo7Tnbx|slh1vh0i$BEQs1tt^q<8UOjZy0drf4rr}FDl)CRYrmCDXDjKNJYY3Ax z(F|keuFz`^^GUt|F#4djVIH-j&;UbwqXsIXHliEWAgYyQw~V6HU>a<1rz;qdHjBfa zbf!WZPNXiAYk(@>RP&{c8ZM>6WOPnM9R{B#NX4#pl0lW;#Jo;3gBhJw>)OP0OfutE zNiS?$#4In>4UsgbGqQ_1mT$m4?pNEei-OiLh$%Lr`=f6bhP|?jjTeodo=G+=Kr|AYBdQ^b!O4C2?hayKOeA^q;AnM!2!AAeK z2T6~%XMhy#!+a}1kG4A&MXwTo8hXmOv&W{A)HfV+vu8Xo9LEQM!ZY_$4~n7WJBP&U zyfq^#l9V+2x0>mp&!TN~6mu(Dm+dtpLk|Tl5 zL%y*z9<>UR9M;$#Z7Z2KWu-T3B_FtW=XZOwt8|gtcb=+uQ@hzDbs7*e$#s{^pm5HV^b}w$5wSl$ND^y9Mqo5EG3=Tu~0H) z+wEr0Xw(^4yF9>sIlL^9)-$tBfgVQ)tV_8$Z`DE0IXU;#diMVLyFRtY-!Ls_%4%+9 zw(?n6W&g?R(+!?T2+yX^kaWc36Xh{Da@#aiF=#e++O!fwg=5*$+5TrHoE+!(~ni&KYabiQ$}f1b)~{gdN~_C{Ij+YVp;3XMGya~;!saD}wuk4}hsiOsB; z^>lPsZR7$h2#7mS%~X(ELLn790xX;keDP=k(Xg;7P|C&>;g`aX=X9pg-1n=09*vYrigpCa~L}Zv~4txw}pUl9J zm*${);eJ|iVpMJ{)K};Hg@)$PeCfM{NOgW489gZ_6V{!@$qS173m`5l(J??^b|o`E zGa)Gl@#W9ii#F|{d8(B}kL*8R#gsdC3NG?(V(*?G;Kst)iK+|tIN(pj5a#9oK+Yw)2gpFh9*-0sXV%_&fjZ+ zZQyd2=*fBT)dcgp<0ChY%CDmXOHIYP`}gNQ3tU;mPj0+4cF&EEbQU$Kn z5cm(JgL!{-r}$XBpO%{#MYxaxl^-*LU1WXvADWb(7#+Kk0%cU~_bv_j#zLtM1$g&# zfDHuv58;93bO`+?=ZN~yoXYz@Im${CqZR-DC+9zjPyZoKDlki5iVwy4TVn+?5t$j< zJyGH9Gq9Y-|H&x@+mlof`T5|x2sYAN^goHwVA%`*Lycg>LWc2)DDZ)WdCwjWhNmyV z;4Y4d|8-FXtG1K)p9x^qeBu8oOaXT}BLADaPO72+Q-$2sgj#ZR^YlB_`y}i*krzhqVUC&}mqhY(G<4Q} z=(*J4p;X^ldX-wrs{;~e$AXBS)ZBL%f> zdZpw~>+MnU0k!b0*dx67uVc1cxJ_j>nsLO4ZK`8NN@%2 z$`dfZ*;UfyQhxO8be2TiPmB-boj(($(ZY|hG`n>#@MZB@;2|%sV#L6HqVF&0pv;3V zOtnuKdpt&5V;idBSboH@{1C<9>~>!>unU|4rKR;fKz>FAU(jvK+c!!Q{dZ7;gef;e z%2lHODwdLh9-=WS1EgLd`X!c{DhINj*_m&6N1&Jn@TS0X&F205C@1qQ~rs$8fY>8SA!SnM02t?0ejU?3|5Ra)Ej z;sAx=>w%lyEeGrkk18%jM6- z38N$*f;=FTpGhBRhqDgy-KOk;G2@Cx9_qn7d!t26<@^SN`$9S3YKXiSfdAFM@<1wTvJH?PfG)xsRT&XlhMx4N@%({(I3DhyT2b}?t3-tPr{G`$7 zwe42eqgnZ}eDwR#FCBJ;v4?%BF&!O>X3Bwyf?N`ol?D%5tKb5vBvazEhQYFm;t>L% zo|D@Uv{o9}7EauW?^g4cAE1_NaS4JSVNU~WckFQ}!N^-@GU%B46Nh}ZH*f=-oy%sh zz^S;Yt$#pUP6oy>eG^%eG)h@-t2ec^*&1{Pvc^Vfnx`h5X=^f507YhINK2h2L*=Lx z1CCf093??nsq-{-n*5=080uyXinhhq0I*DCO*@Q?Wp}Dem-p2H^>Jq?aVSS3x4%b#;=V;zYGMC!s1BHJ{60Sp9l}y) znn>W0jo=}da1*^c&sVZ)dhTNMCHo4auO7~u*cYXT)!$m7`giF~s(d)_*Gz)}-GfHA z9YlCc^v)Ok&-;l<$d5-~OiDu5I~qtz!a0vVkd%ZBb@cY6B;=i=larE=O^!-QNyrgL zFGxy4<~Mp;Qc^wzu1-oqmNxp^n#3gJUZV$+l8{l2Zcj==o;3PlQWE)7eLX1&InC%3 zNlD05M!iW%$UjDBCM6-O7`;9zi9E`WOG-ipFnUQ+67qV{yrd*#>!Q7rl8}Roo_sGc z37NHMEGY^3vS?#c5(WR-oRmb)kKaj3LdGikLQ)cv+|h@Vl8{}B-k+2-ieif;B_R_O zy&@?I`JQN5QWCN{(esm%kh_Tvc(1cAgLUVh-@8OhHg_(@btIy{ew`SCX-ZN|Z}jCK zUM;{`neA;exqHgqwX5lFWJS>1CU^$JJNivCh%0N%4H#K=mEajDW}6oNWr#uSomx9K z+YlRQ-Kl?be=Dm~CgLH^RM$Ouvg(?~LjLi%lvhH@bx0{ofCv7aeq4)(V`pJFy2KlB z;#s>}R-djDcod8fA?LM?M6PJ}_r#<4qH3asBB$>(GwSb6@}*uIdFV54sy)Odxke23hZIhBKPf9m9sfJ7snUu8uyJJpvEnq2;GJy%7`ND9ylRcBqm zZ#{>{8;?Fg4R1~;F*w?bflmVb0Lb6uQg6*;f#`ms7;nS#pe`o!8U8NGZajT31<#+z zSuDl9rLuU0C#`axU~qqAt&e5!_&-`mTr=4$c-u1Ezj)hn-9G_xe+K9*=%o2V-pNPy zCe6@4jWk1!bBE{E8jD6i&d;s!nYv{!pQ+&~U1sV+oT*OnbUMvfd}#i`2w}a^b9+3g z55_%Hexji1hlshqs2}aU!Bf7n+u$!-U*zrabj55+>d^BiK~G!)D?FKp7fF zm$s37%6Mu8V3l0^(#%saAY`U9Fb2rS9ZsdjvmZ-Km7~%P?teOjutN(wm6lkqB>7oT zTx0gOX1IUzw&uDI`|CZYN9RI6x%^97DmqZaX7<&KKHOhWz`8S*-GR@{kfLp=gu=f7 zHyV;qbQOg~*o-C4rxJB<=f>6mijEM@_z$6{!1dX9klpom8=y$o)W0!tJ54=>)C)`m z;@&iBZ$8ldM`A;Gf1rtef>e3nq*U1k=;;%hA%~g5T9;6yx(r>E$Knmxt$VwTHvmZ3 zeR_8Jh<<6F4dnnr{RKy0HU%6oJ4=AM{l)XCTyog`h%+$o0*7~FcC06xZ;Usv_YdO@ zsHUIKAsvC}NTN;-$4>1Ae?CkvW-j;a4I_d9d72!G$Tq^cZ*w8$0=yGMj=&r29ZLgv zrzPu+0Dlw#{*Xhd1L*4$8;tP)0e4Om99j^@VX+0qHAt1MJ!T!OJg~2_=A+8C{&V&L z-zoY>rJ=Y<5PPTBR%9EZMbw1p$D8puvDANoAZglnGlqG{`htEeyXfciPv9q3Ag;OE zSozJ#%63?R%V5X}^XpRQm??_uCLR)*jjz9Nulv@@Z}wHT+dN;2Ywn|?VHQXElBXV$ zQW8&#$(}WkLwold@4iA7F9HMhx%EIvKr* z&Vg^8%0?*d-W$DGf8R>A4Z+$rQ^GDvI0X~lb%fKo#>m?9FQn5}vs}760iU>UAiL{R#b7ZBJ zLH4A#+PFlCy-V~S#vq-&9fc?H1nuuA+!s5O;#&e$Bfm)n;DhG}#2LkJvH~S1;fQsK zV`?eV)1JswsK{P;(jT;mc8Wu~>>i2`HZV_CMgu)T^g$>5Ej4czFqpYJgD6wPS56fN z4O5I@d^>q%y3OoVevb8%m1EAp?PiL7hablghdzIrQ@uo1&xoI4Gv7psZ#X`{X{^6U zT4y;6kKq6m z;ZlCU^^N612PRSn_G^}VcUgH5H~c30UST0<-MyVcJBgJk3RDJkL8>)gg4-->Fluql zpC+rKW+{T=PUTWrg`NQTL*J*$3P6?Vhdj*HOSAOaMY>=X2&QDq7wHDMa8p9WrQlE= z%J*VDj^)bLkQ8ZH#gE`-lu9&5U7l)G1tyT2XAcvYvbcIqCdhtxUQ$@2TmvUSzeAh%NVV`OBnLI|H zw#liyY(hgjPbT5qS1@;MD4qjD;v4$a2EL7E8rfD<{g}fZ?H%D31a*5(ei2 zX3{*i)>eviV69wrk|u;l76__#pkrAT}n+bs)-on&RZ=syhX5(VhC2BUYN z&I+7_h3%q`Zg??giyS%tqa1aPTouMKQPd@$g%8i74-aUY6nDN;HLcIbvB*k|QweI8 z-P`$aR;4nYMoEvQ!mKm=gmM?pYls$ZG{e3;GhqxKu^Pc>13pI|OXUHYhY~lue$|;6 z^Kdf-Ar5$gu&gm#$N4JkgSmDU{s1uLL|Oaci1IfRU2=$6+#Akycx%hX1&kK}UF*<3 zk-aUj!Y2tT7q-YMAfncFC=!d@@fwrrqZ>9@9cN)%EOR+Z%ICd`ovv{O%A4eX@mfG= zl2|yW$q_C;%tGRow?M+h@Se@zbFi4e`>})tV{>Oa0>(436D6BOzYRu{R481Y!>-v( zcL1(hhtIexecSkyK1O%rX_z0s)gozuZy4OrPz#)1G@B+U>(1v*NcOzQ%$}?}BULai zSnvDkjM?Zo_Eq!^x|+-?OUjACbFYM~NKpkYS~(Tz$I=z>LvrPg{qe0+rR~OLGwPjY zhk8wpBVbRFOB%%`IYiWt%SOZwwB*^H&Tj{7Bw;5IwQ$~)G&;mFjc~Sj+jD1~0t+)p zhVv8pn3!LMYPY)22Uwd#*f@ljod|4qeq!wqrSU#FloW?@4NSC47*lI3$cNGnWt@3T zt*rpgG&uS~O=(WmW_r=7I!zQg`b^pTkg3k#KGmu0K%VWoaVNBxrK5dHZj0C<8Sg&; z)*L0jivHg)fZg8M&9GeWoN*x%&YIRgZnexJ>wS#&|5^hP792&`u~ zp*fL1GQE8|Z?bV~=O%MyZJXyyXi_X-Si5Qy;`BcV$lNK`W0H&&34g%)7wG}#kCS-g z+a&k`)^PaQQlPwHRF7H1fR4`FXZ&c?fLR5=_|-~*vR&Sm)LEwi&%3~FfxkD3{_S)C zbgZ{}kJ+g%Ab56`w1`WFvbf$lJP-YScy^T_aoZ9*FX_8i%bhgZrvT#~p2n%3oGl#q(qs<5gq5Rd0*g$I znDKmv5=GrxMQv7$k>;r0d4vgGrrI^eM%m&XL zFxrya@@d>$9<4)H^t>-lY80shdj#-pk)rix1JXPCZ9>_*EK<2$X@Nwat^@(ff71%4;~IK|5J?{r_zjBe$C>74iT4IS`c6W8>RLQ$g~ zuSji6Gw9vBU*zu&n3zzC!`njl4sfK(C*dWrM=J?z@hx4>CMGrFC>;hH(L1$~J~6kjZVXnu>ujor=B1J*m0ECU`D$5%+}N zAyfl}B~@<4kikHZ*DyaVE+qHGFp&GuCbR_ecZy7Q1}~(qWjG}zG@>X_y;O5 z(kuR2;rB57UI@PtIdIVf-wiT!&IeH2CL268>~4As6zKI}jhX0zPbwlGPn+Nc0T^Bt?y( zt*lyMtF0&k%Cdq6Jzzy`ZS*N@HKsVvGW#<@jc68)=5yO{+G_I*r~m%@OG;!uB)08#5V0kflo zp<1jxdNNqq&7PQfcet!b{q%R3SqFy(#C1FRD z=!+!KYhBN$=sp8AX`(v-s84VHuk4x9J@8CNS8qUM+!F{8YYh%%Hy&3Pz;RVGAnCZ; zyOAGPXJK!Y3fOiFbNP4y`ctNl2^$NtdL#mWiXlF!w-BgJ$aZ4LX?;oy6Q^`CpHdr1 z?CyrvqNs{Woy_ihzH%sru8O{@<2YrezRBG^Pw(!(ja|AM9e*6*=J9MIG1k5w&jx=t)ao&Bm(bglrw6?HG(Zr_Ow*lQa|f7 zcxtetqN^5itktV`i7$m_zacB9LbnCdBx!@4Ljk?I&b0pt*j9EFzo91-mvF9A6WRve$B4i#~IV zbdy^gl;%|Jha-LC{YXjf$7Wh?%d^>>TW!!RA8i0Eu#T9&K_oAWNkDAgk2zEq{L9cR zf1@l&iUHY)`%~z1EH`Yh{%JXfax`|HP27MwsXACq0B_;3xfQT{NIk;`QT@UIv;AY*dn zv|CSFgGuxwqh~oaTSnBK)EpE%1#ty`f5LWAExz?uq`J$97QNn~9kAi$jc1}$1*{*o zx6m0ED9?2QVJHXS;DCdI>06))u2K_u<2OWv?opCD{yeST+iDV*G_$zqrZ0yWoVOVN z>JS=arFFEVH7T`#k{*J&p)-;|KFVzA7ZjL1H{rol`3R2LESG#Pi7SG@pukVa8nl~3 zqQ9EvuC;jy2e?&)f=H(xFM4}Q4B{Ro-RsYx2k*&4;DA0H`Jn+NG_eP*LEql{JyZo* zViRZcE@X82e4%=c^QYW9?m~V)c(qlICH+CUCo`H`;=y4~MiVcL~+3)}u;Z~?1 zmP4POl5z1{;oBKl^*H#V9PXIoWQLs9>&iIiA>*{GrVUvLdE<*T%eNnJMyb3AIHfWJ zXOiO8B*F`WkcsfG4E`0tzg&QniMW#yVrUIdRbZ7m`Wx- zsHBgD4R}uie}EpJKf|a35vq8n zLuu43r>?USjpG1}P`MsU2p(hQ_-TSu4PY6%wMTayVgGjCSLk*fe+1B~E=Q^1dQ4fz z{4KUd?rds@$y#u|92k%7H6iJ%)S`<3dX8N46T9*#M{&10!;Bl>QMlQCg(Hw@1a2|c zRq~rl9QzYVcO#KukG5$p;jX+Kr|`22{xAH=^Ioio<|_Iq(fi}e7_UBZyeuw4`+(;1 zsX(otqKl385}drr26V_hv!g5953#O{#0x!j8t=*`w+vlLXI=Rby7C?H&n~4YvT8YY z<#y=F4^H75SK)V_HLcGDr1BKmY{8jf!8G|AtfAn zr0KY(v>-$s1B$x2d>XV5poEYLr4W{*0V1{ijl@dL%T53%y;t6~Ma*1(J!W#x1oj%; zxZ|9Ckjj*Do`r@xRx#s8eht(_{7>R!ioU~iUg(qgCEl^p1xr(8&$9Sxx`gkYh2MDI zif%Q;?e*M4y7=<2cuU<`I0u<9_(Nj>mp;GmxQ1d+X}yW9ar;;l0DO!0b+cl;TN!jY zQtMRb@ot4hUw?Aamzl}LS76ST%Hk+IaR1+d1)okF{-@C08R&l}Oh%&>;d-8g-< z#{tw0LmqVuLS11hhx)IWtpHo-pc}BbJOh_Ay;6AyJ{e_oc|i}-y2t630|8tI&0<_* zjjx0{X$FdZ(kuUgCE7_e60n?w12;wBd?F3*YNi5Q$J+HgNQ$DcMxQ*DpRh)^9psa7 zRZ8bI0)XEv`ff=1y>+@U(0QHy8D%Didqv+dqVX1*aijU2>ZMLyiQ(Y@+g-CO=Lxx< zyAd({{bAmRLj)(Atb6s|g`@n-s|KzjHlLt*;!FuQO13@sng&L&I)}usIq-(3!Al{tgXv zKqsL<8gf(Q6%~g(JqPh0tOuaLccKsdZguC%+1b--V+es6#$x^rR} zX;3oy;P@(90l6678%00SB`w|e0TAJP0@jR(5N5Cg5gr0Wh=POX8079n-#tB@>TJ~9 z*=|J5oz{1d|4rq$9v>LF&d-5&P@CWvm%rKbNg^gq>?hhJCSlgGI#wAWtBSjQFFKe1v-c!=Gf`G9E8Ac&CKwEP*I74%aoc zy_Xu8m{?YxBOe{g`c?GvUJ!vj@aEqUTm$dDNI&ymbOv4t65V_H-@ah?HGzws!lyuK z>f4wQSWWV3!P}DS5eZ&VUsy=A7Y|U?q!i&&_D9-_QVnP|y^)CgmE;jaY4q)M4|6I} zcg&QF4trb9^Q59)1{(((o9NF)JdPLm)ngHT?O-_ODg&}vY)bKh zb?#g7+hJh)5r)ozTvr!kt}CFNa(N-c zzg3$Ml)8~8B;WbW!+kr`skkCeyiHNIEuE4suBnlfO;YGvqa*NeUL+G2+0`NkmOYh8 z8!t#dPb@_b{ei_V!jCUl{S^FsfW~&RXm6AQinch7>nVd2_K5MRSC-f@M7;EsvfE?n5%H)S+ZS1bAtXj98|e>1yaMeF6vB);gZ0ZjKvrEX zs;yV1w@!$qdz((;y8`dldZiA~%)CFi-|r5;q$Ju1ZKcc2PYF+&7F>h?Te*}W>CZnU z1JeR>#rBsskXLmBlDC{-eljAJUjY$%1BbLOj@i@z7PP7N;fX$&Ra{AjLGBy0ZK?zg z+1dE6gt+cQy?ZroR>JJ>F-I`tb5NgWAc@A=@|EYJmgpI{qIuD3R!;Q)o0NF?SI+^` zSbdhn8hE?6q6RXd6iG5Sc!pVb+O5Iq%k4^yU0gG;A0U{_-gc$VUest8Hw5h&4dl2& z)@tm&de0YjXlOF(s$nHTUWw>`l{9{^qPV^=Znvk$pk&mx=DmdXAY zXN(IfnQs8yHrl_6IRcb*M}U-*Nn9yQ*pF8xOyc|8RCW&%30Jmhihm+~zE%IMyGjVm zK*t3yQ;s_o%U2~$f8REJ`b$=IOh3YJiBvf%&){~zF-?XZT!AhUiPRk@&C+_Jo_hg) ziQIN>D$$$h=sq^UZaoycQ1&j!Hn@E%%|x^`)xd-qrZFe243X8phTEt-hw#{ZlD25> z)A4+w9Dr9|V>xn}^B3A$Ce?Z&yO|HH&k>jlgfiepS95FgVmklGg8MGI{RlMxUs=zh zr_jV-{u&{Md&pD@D(us0B`ti-Qv6zy>V0bqeSn!clYQWao~em_fJshcAM{BMw-7TN zBm{KuRiM@Av<{%o?T0$(IF(nrf^gVx6FA(W>JGuPT5kRW7*1WF!!Q8o3=W`B_q6za zVfP>YBG%Y))>tvsw<6xya|~*qdx}Br@(!mVksS*-mzz$ig=m5G^)V|albK;e+N-oc z*_4g+Db=ilL(#N-QW37qR9KljzA_Wxxrjf@x<`{2xrc+Iuq}_#%CL0&mrXZYTI)`r zA0&+UD>(7SB=8E*up3F=etw%4@E$teta)1mamfp8C2ku^P!flXz{(<8lqpb-G>`E7 zJC?9oqh6u?V>+g9lXG9`*d~POqqTJHW$MAI&gE5W7U2~H*Jxx=7>zYeHO)9DUqsi^ zdK`&tc?ebRqmdN&97Q1?@Q#^P?R`=+45I&KR9WG(Zd!dorH9&_~)31h!C)l%zHu`9M@<oT6oR?y1U`mrzjSvny!Es*-3O_C)ZyK%W#^n9? z+q7t(7UX)np&w@;{W#5u*FT>-fcpz9A_o~&HD#ps`aF5&4=j_(SyNCVXN=N^=z`KE z+V?vHS^n*4P<8%O@B=APS72FDI$D)H@l-m|k~KhSzDNoYwyjVfk`+K3?yxPjr^8uW z=TiFsX}QPc-{}mLnpLW#O;$62Vr@dz8pR#~(s5Za(A0_@5KSs64XHOwL#cxcsD&9$ zbulA`qNF8W`45DOfg2hBei~-Whio(Dz-7S5Uy(z8mjK~T{Re}Yy|Q{OaF}~NH#n8~ zz$77L8GqGxHlumY`$v+A0}AojIjOooB_J)E&_!|H)!cVVGhH&DbgJ`P zfW6Fcs`e(QdUvG5zBAds7hqwa+#dfa7s>6Y%O8ZFkb2oX@BVh{PT<>C)&z`?Dr4ul zowB;PfOyALG|1;9u8Ir*b%c?*t&yGr^YONn=-gT)WSO70@ZwQMh9zSQyz_xfeGC2? zMgL#vxNCMPo80G0&5PL~JjkIgP8Q~h0AkaWeA?1iz1OB;#qL`YD!mD@^7TVf5$-n} zwK87&yBDp7*r|4FbF5EzaWT(|8HYng8(pi-NFqb2+WdrS^ODOQ&rgNvZHoSMQqz*Z z9Dpy<20U%B>OR4Dp2b^LQ%Yzj7Uxx1U85ey|5-Yi^({8UK zae(Ejtt1YJeDxn7;mJY846=yW?ZQhTMtTLZwnhPrlr53)y&M>;nGrW&#YpNrCX!H1 zgN|4k9WTFNWiro4*@3X?H@<2^U$7dukEG1Gh`r}dB?xH(q$>JTkQaZK`OAykH8_=@ z^1Dg0u**dU<#z>%jLDJt#F%6gYTWre99@LVw+BG={Nb0&YD2+sxlSw`m!WvF1?R5DnuuEt1x#6@(Dxu=?(phGjz{9r_bBci^vfc8+gS`IKZxD4hr3a zDn}TA?+V-qd@mYIlRvHvj9R?}^2AbL4wV}xBHjCQGAT3iIV;o0sL0kCJJFZQXwFkv ze}IL#3TD91W(EnEM1qrDmC{AhjxkNVKx=)nEzC<$t&0sT*v0TlRyBzoB+`X@tG44Td* z(9zG(Ncx?0f(`~ajFMBvz)G3ULP83Wc^OQY{2QYfW&NsP7~ah#LSznu$R_rdOAz^O zoF97*xd@f2R9GGoG>X1_@*-$&;sA^O7|0y23_y=odEEdS<5SP-5a9m>nhyI1a%d0x ze}%uj3_4UO{=?j{C)*pS1riM&Pof(_k=}REs3(VM_aWVI<0oxe6(BnxOh}SJ3x*e< zRhtlPGDMv$wCIMun2PkpM4Pgabg;MSS}3y4Sp*i1B5~P25qkrL;Z*KEjEBBcM4e#M zkT6mgr6cf1w6|1ukRR|01i}N;kX@YO06M^>(*dnS2h4j0>3~t;Wd9zdC7+fS=Eb(*bQn2ed{8PGYXH zF0_ej+NIDBMn~0l6vsJ~U&mD5Iy&>D1gw@?G0)p-bQi&X_l#L(bdUDdnPV3tIz2s? z&d&ugE?IizX`Kqipc|`FJbjf=D4OcsFL;}dXViHQ3rfX2ta6p$In^6F;cZQsef`)< z=cr7f^7eV{(J2(e%II-O&AvQ#w4dcreR*Ba_UEed$>SK><@)xz(}1*y#EeK_g!vKM z8d-Q|DmxQJ-=`#_r~p!I!c19-a8Hx=7Twv|3Sc|mDUEzJ(MVh8d&=%vI zwM<98y^q8aOC?LC-`AD`Jk0qBs};O zP8o{jq=Wo?oADGs-`1hxFn}NK6}7@#ioA!L_R((sg%lGvog@RXv2*hovwu_q^!dTB zs2>H~9Vuqt;5n1ct~D65KwF`-Vefi`^)wJt$zIRcBl|;KPAVIEoamr~9Q_A1$44mgLLQ>1S$rv+D zU+&P*?T;}JiT7WSjQ;QRiB z2Iqdych~b!53OKy2DbU<^Ee48&dBOj9rHLt=yo3ME4s|%XyJF~@zfQ6JdeK^66TTJ zQSo{F>T#IIkMT&&&}pmZQRSzK6aSBrnosyaqfy#tvlc z1M0=XG>p`z;leKWMm4*~_OCKBtS~ODPxs>_Sg)f&0@X474pIX_cJQk?y@)Yz?WP$WHmY&JdufeLWJN-qevK@f$ z7!rP=rc5ccKh2&|XV2In1rMaz&AV(%uTGId(G)b7lR}Xmwxwt_mnsLYF*>wuqJIWr zcyEmnxKW&c(cerL(|u)cTd8NLbtkg~p#C|$t)-q3&XKe#qSr@?`oY);Msqb#Ip`?s zr+Y>S+P4PdCEc}2<8#Zlj4k*vg{tk%tDS9yVpyvsIrjia<^@uzz}YrdVAff%Cm-Bz zjqAt1@Q9Ud`O{t zX*g*eQgklS4m|0U!(5{H5tk^o0{L-d9qBk2KLCmWQsCc4Iq(EZ6`g@)C{=WbwmMh9 zmq)`8ZCf0H6?r6AR5RdHgUes<3|#c#9Fip-VY0-C6ECe(fU~G`sMqC@^l+j>wdKJX z;Nyb~+HQ%+-4?@u*)!E_;TFGj1h|I9C(i z6~k#dg-o>{}1P9dtWC!buL-+mqG0N_=^r(f}5x2vQBFdDEK+JnPkHk_D>vxwZ(-PMyTRn=aXq?>Rg z^6E-9s7DNJ6gaSMM^d_xMzVM;j>K~dbl?i?fO`F5rkLSTX$Wu3jt`+YK7{!=gn4cp zLQCZ3YvXDRy}#njX0gg_#&tyo(O#$2@fC6BDmBpY1_b|1<#Wx_Qzb2`45cAvVy9%) zrlp-da%2(PWd5xVe0DDwOmBQjJ)9VqH| z`6moNh}Q+mZoJb_$K|M1s0;Wy3OhV`l6PUQ;F&C|Poum>eE;n`X)`R$mPbB~IK`8P zj>?{HAY&HHTGTa<`?9zPtQ&4-SA#2qu~ASAzrK##rN^SaeO;%Tx5WCYZ%^x#_#PZv zXuBJ*WX?v^m-Xo9xxhuqqHPDD!?sx{`>@q>C*1pHF|a#)HF3St`uMeknT}e3U)UH& zr=frsg|EeXb&T{RVWepaCoaBV0Y}1>xW~ua$4(BDgm&zN@yI#-eILTkc%Vjx>II(S z`n`$=P}NCCRqayl?xGhdkL^L@oSJEPy=J=z&zF1WG4(64cSUwwODbGZfJRW^iXu`F z>s?U{|72af3%}FY=NZhO$yLlwv=$&=Kr$EjePD$nyRINd>0=~RH}CDMh9mAuCV(O=HU{G8@W1e0uR$=$2EEDaUfCnHJiF;%m$ zOGbg_qMgaIubM%k3b#T|1;@=G$Fny2v5bbF*g0^Z-(b`uvxvU0kYeiUFOm64EyBq} z=ZQ?)1LwbaJM^f;j$URz0oML&I}h68G1x~8JO!9Nl;zJL$ANoY%H~)v`u&9ByttIl zpi`p%JXC(HfiYiqJHKIUjQl2?AcS=f=`y3W?CPhuhuJewlz-a|2#l@7?*${Lrm);) zCy5o%=N#7&_{aFXFYYw&X&qko0$GuJY2J@7fdLJ)V>CmlvI(Xb!>zvBF|ls9QzdJ% zpCOMKWgs^6n3?D=v))d+L*kl#J?$eh`*=2209lqJxB^!Qm_NheZO?EiyF8yd&{xF@ zhp+{wqaF}dV&Ohm7FcJT9IsPdTwrEaY^O`87*kOX`G z)%ZWVosEC7KK|^E@xSnYd;Fq4{_Ov5{CNF*J8cN(J#5gQYR7q8gU!)vh>cxbMqW9W z;o$gCWiqZQqPwt*$ZvxEFbqSn9|mf!503N#ykcO+Wo-aSsL;CZ1UoB#;eOpvs|G8G zrQz8*I&RUh?mDim?+i>6Vm-J&M<&0?%tH^czo3WMpWtk(b{3*w12A3WU)LhwhMb5u zT1@Wo(c?_O%zXDw=XEYY2d1$!^k0YitK_`&H*{Wl80~>kTNrB$4E~@Y7Zu!~Cei;N zTBIp(o~=V?%s?mnUH7MUDmlAabEY>-WS5+3S&p~D-wOr(e9oCUmn9yMc%el_s!n66w&{g-t&)%)o96Lae>(wMBkI_ z>PN2-z~aXf`33+pBdget4&=uIXC(sENiah9<-h=Cx|EP-Ypep*pypzwp8NQuj7zTU zg~ZA{&ZLSm^oq7S$e+fZ6C~5U3yQdex>yE|)^x*(q|qAKX#b6(C2xx;`k&)Vr9S4P zU>yd7(O?@?!!CYl+_#;Guh?YhT$28?-c8d-f85PpdN)PUH;i?2=Z3^?ZradYH_azB z=KB3fHupV6f1m@jDiO5Y3whtBV&6LJckBHNZ}{W>_0ap*Q}jK4ocgySseg;R?cWT@ z>YabMpZIVk>tG+x1JqyZ@%Wr|TF?o9(v#kLPXOU$u$~M|>PfF|d-64TbZAL;&xF6d zME~k`K69_N>pg*937ugzv)7PBSbYFxV4ZuEMX>6?YJG#5x46%;hG37PQ5{C4gjNn1 z__iDi><3F{I~&a)*v=OH+57|T?zIUYjNt_B}iu!1VFow~zUjS!ZEHIp5`ZjY& z(xk^Mgi5|lPUf>Xyp5rf=0zVOKPdXnjwhf16L3l&p5Rm$&CH~;RP+txX|j5Gu2cQ% ziw16EYlL*DI~(0w7do_{?!Ouv>|ZgW-!Rd?zZE0Vg)kRp@a^>Mkt$0JqQ9;c{hini zcC~UIv|}5&2q|`ej*j$)P+MMo42_83^9n-Nv*B~};Z~%Sa4N1mil-BMj`bX3h~31V zFU9mz*z>2D?qJUakZ$*(?J(B!Xq#To+n8rCdwvz4`?Kd~@wo?kUfvTOrZ!-4-#^eW z>_6mr$I}w+@f(E#h^G9eOH4c4Hz5P(AdThGY^KZH7r_kcHuvddbHCs$AR6E))36{1 z7WTCF^GVR7>_7(rZKt-A&n(pxL0^lirT2U*w``KN1Ksdrx=*@rvy>-zZj*UHi~Fb- z7wZ~E=gXZnj82o)RO&+?=)*Pd=W|b7k^8X&>Sbm$y+S1fxUd4iq^~%&{qDx%yClbSMrpYY^kg9PWt)9ZD}rDet@{%?~i8ZgeRV zy#@Y={(b_RglYP4uKI5#;d?WTr_$0f34`RW3TZU*FEMBBG8*}%AL}D8BbAxkp*soO z@>l4z34Jk}PWd=_ibg-6dplyp_TrC`jWnZ^+0L`n#lKzm<^up z?$RtT&m+B_ySH!|)e3x9_Bg_6+^&MEI*q|0oDrtk^9VcT>JCwwI$pZ? z3rx1H*^sJV&0Wp>COeefx;nP3t8}f6o&cyZ)5 z{AU8!9?zu8!ZyXtO_Hbz47(67-;^bN*aBq&HmZ?%xGRWWgxfSr_7bZB z@4Q+gv!DTlp4W6^Or}Mi++AnD9^~!mjlBhpkz%VqxL~%j5#vj;uDStLhxM9R%qNPZ z*`P_s2 zWcl77tea9zg_sh!0Zq_GW{x7UN*-)aW?cDRaU!Ogi zWuD&}55@eytV#}*TQEln!-C9pu?3j{Ga6rzhkk!S_EP`ICh6O)R_2oZFCNlcLSc+d z)oGs7*hKdy{aZ-Gr8yEg2cE2e7caFocU_vU^u!jTCzNqH)*$(NbtrY6;*pTl;Z!2J z>hJ%Vj{k!Z-*Iv?l+I0}NoIuShf_D6R!iGD7_#4XyxH@(WbJUcL5e?|OJflqx9n6Kr!)jtC z${;J_bCvP}=GzEpigKA-zLNAYSxDys?q@q3v|D*n5~99;=VHxrRPZ)hq+? zbMH0FNrJzI{Ob3fGZX$zgMSm@Um5%>f`7U2FI((=F_f;R(#z^-$@b3d?718DKUj_k zL(C;Y^MK(2=(1urBfMM*Xh4`|VW;_uGhN z)U}nmuBRq&BY`TW=TpUmv8Okk%r~rKu=RyzG0bFor|katQYyKbK#cH=u68P|wJ@>) z_UOG_k;thoG)uK=ZA4qpa15 zYkCGIHB`3snDw)=MGuZNVAg@aq%XZ~nX~o;ChhaKjh^$7w{?O06ATNY%s2DRrG+aW z)P_0(vo)t^|HV;w($ft@ta!E2$Md-<-Lg*Wm_1q+On&9LX=ujMB= z*PWiAACm3}hwzw^$mN5>doopAMAFU5mcgC{kfB1b2W0eO*+|iy2I%=$54Hy${7CX@ zgXiAl6klqaeJy5A;h9^yX1*OVA0Iq-IAlIB`vS=0?Aag%_oK6Ao7f;#Hi>p~9TYf0 zy-8(#$Q2j8iK1g+w=*zNuq{Pa+a+uh{Su0{i*a=%a!F-VTHttG)g|f>CtSrfsiQ`^ zPm8vp_hh9;s!aiafoaBM(f=)`1}0=X0$1g@0u{Ngz=Q%vprQyJBRc~Z4Zatp=MM_7 zEmO!J(mog|>79PrBgucTx24qG7Z%N-eav!r4n^1YK)7)oMhyU2nbIUHu0}LqH93xb z8S9Czd_K3ean9$%jd7hL$K8B6Um}mR_8b(jqgUlUw7u*(JpPs_hihnxtJ(Sile_3? zJbqdSi==`Cc_s(|f3Q0B2!m(y0&l~TOoAn88$8$J_&^5@m-y1I*|%Yt6jo+O=Q7to znfAeRB{^OO7Ig1yD?r)#uaL^>KwuDNHd9#L^}jg?1KJn$F9Qg&v)(DeB%|&BX{K+W)Fjdbz5R`khlAH{8j(a$!rD~vO4e3>vXD9av(2?FIjy-lyes`p{a40=+8h^C8{%p>I~{a)5A=?2Eefx z-VX3LdE^v0*<3kp)MlNd{QZ>M*Sq9fJ)Vf*%|T9^g-|Lw^XN z8N}lM6<*L>=pA?^q)B=s>XatbXTmW7VrtX0=n7raM{oR%&W$&Ep6b$gW2_2IG4(?1 z;<9tWCeeRwLUO!tQ&gfjYJgtj5sIl4&MdH;dlKGHfY%)dCzk|q- zfFdD+MAiwCu|$wa-4G5D zHG)X-G{cnQ`H5n7?EC;X*>$(k!r|P=wdn@gd%p|_q7eNyGrku4%=pgA9!T6TUJXB$ zuMW&K7+Pg@0RZHUq(V7aCaWLPq6c*T?_W42Olt1Uw_+T)Q5&s$UFxM2DOx7GjS0Dq zI05WZ4r`WAZe;{;qeH#XOje2NhB(z7XeJRTBe@s9$QrsksiDBFjO5nI?Q2+(uH-hg zcH^zO-abOq1lyU4slKIiV>M9o*Y;NjO)Rj$9#<#)b~EdT&r(hyaBJjJXziiEflET zw@u*Ci+)q$sl*BdUX7rk=d$DQSE=(holq7Zr`w7Rq(c!B+}AtR4aIogmT2ON5c79q z-r^~BsG>`~7Y$B_zlW=T!!78iLl69!`yO|HPyxv<c*YxZ92&tQmFE{ zD+*LsJYcs5Q60-x%9L7Op$;vMN9dl-xPdc|lD5kDTj8*mp~*Mjjbkg|U$@`f!N0Pd zAAR9hy3s4k?9gf%DS>tCtxX-z&#Vq2%KNzcr$!Ii& z>N4|rbUAE=!+a~0BY@-d7Rg9Zm~Oqfo1Gx~7ZZz_xEuDsZoqMfe!QP}Ti`o_xxkHn z2Y;Z_vmD+9aCY>BpIiesji;GG$B~{@D))XsZgN@>;jUb zT!Q^q2$BiZ(AL~dW@Y2e)}4_Cn0T7@2M9UX(WJKl-St;)xV#6Ut-F}Lco+~2g&RS7 z?!XP4&3uuSs)kZ^_;GsJkXryRL5kN`M#jk3!_*U-Y1LvExP+gaiYG|1tl&_Sf&UIQ z8DZyK@)Kg0eu8Q=%U;bS`c_lGjAhshf1P_5bRIZ}+Zr6+6RE%u=ZK3)wi9rrI7{}6 zOBl|=jfc*`-2G7KgE3&XVGI~@SR3o_QoaXHmqMqs#zUuUap2Y2{A!HPg|{F3-nH^r z=9;DbdOpm#e3;PnIt*ooW=*+3Rd0^BKe$W#yQ%%{*!~aD{&8&ohi=>74u?3jANH7_ z?ihCBns-stbsJeS%+WjXrJ#3WejQqo05c&gu3QW=eCUErZtbeuW&$CRfREBn;7gmnr-ooRg- zaXR>dmW6E1t z;kQ`Vkn42%GP;g^{O(Q0q-4RD=t~seaeOhxNjwAUeKlTh#C{e%`4ayxs;rD(s`yh+B9 zv3}KA*ug!FVz<4?&-TAutM?t{Nvi4GH~HQ0<<}A=e;TU`hyw`{05vkC+=zi%=&Y2*S}{sLv%fZHbJ_v4GSWgWN-sy+`?!g8CQFaPA_)ETPM14FxlU9LpZLu zhAr=IBpjXUN0qv^)l0NMOBm6(gcFU$Nv%!21~K`0VHnl)j`r>*FZZyMmMmvT0-BtX z*yJGI&~%Zu)6nf=aQ1=K_jDPCS_@_S2OBm&t;r)ncME4b4Qt|-?y&vQv z%RlDTTmz3HKHzM@pwt3PomHKQjGBoe>oJ0YWx-f?#&b*t;;vHPK<91~fTt|H8i_{z zR^D{*pY$PHvt+Xmx)6T{`v6Shv8nVyzZ9uvAAni>ntjkOMP6VZ3N*`R_CdcCS2To_7+ zqZvbkVnlO5!Pv{5-;ao7Ao$=fp0olO@3B-!3f z`BBG7snOjIzMbw7u?p)>czuh#o*OHs*B9CAz*r%@KE__NVgul1F}-+T zw(D`s;u^z<%p#A6!f;6H5=1ep1b08+&?JT4I+hD?JDez|7v@tSuG25T2rTYA@?&w( z8L%IYymQHMZ91xLI7{w6>=`s&>PaPI#_84jwCPaaI&zL0O=F>ZGf?+Xy$#_=e4oBe z_qOZma62L6na3FCOUbzB~th`ML=T%-F-tA0a4l#gpbf}Z_5~pC+6>JJV zbE)n;Gu`p85<7IR$1Q+-U}urcqSW+ypN_)YVwzPyClK{ODxYrW;c91DPr5 z>>{O&#OqTSk@7PKGq=MG-<3Cw z9Ov%nhWZea8kVWyyEZ4q=VbJN=zEM8pVS$3HkD?0hMWjvoBQFRn=r%T zid3L^SA=pym92tjq~yKSuz?J?i@Nf3)@G=yGfVf)4Jn3LDl|rCSMi_QZzsW@Q@web zwV9xfY)th4xo}{>4qU{hr}V(S`1Ak;SvZNq-t?sTVescfhe}=HuSK&Qoyg%2XOBc^ zuu0L5TA4gy*m7+bExmp9JEcL6Tz#5ldjgoG=C=0?wy<|S+4oXmxhqhnu>9f+-iP5A~MIe2nD z68xT_Qh0F-_r=BZA?Y)q4C!ql^6x%^L5B&q5t`T^4?CcbyBqz4>Mr*8jk^7P*nT{f zxz?)VF18vdKvs&N`vtkNi{9*Dv|cb3=4ik$+8I+wH( zEDKn%$i!Pn>$d*IxYjKxY8)BQnZ5(e+*DSVp*q6{7F~Vs5ZWk}3>E#~Qef7_O})AB z@KY0>qS<7q;1vCv>2;z&?>5o@9(zxrcR0geq4%=XynUl4ivA}}7^ai?-Gd#EO8pqs zPi0O6$P0q07QM!5ADl9vy$+*d?^&o{ z_X2lG(-YF8XG1}%Ci`};rxaGATYxp6S^)|=5T^<})Xa0!}amn-2q_yY>nFu%yD zcyida@FCr`mK~tnl>?+tZ%23|T_}9SE-Ox?ii;kjn}W8%qJJs74|WK)z@!E^lqI}O zKV5ofuq`l?UF*)0*Ct%+9+`bJW>2xPyZ0lMe<0+S0^>1C^4zh>5t3&Qa|SH$`^h_$ zGrJ+U-w1ToVdGeyGS=KqN%#)^5_2dA}0Cd~mQu$djAe9;6QQ(06c}zP}M8O6| zig4uuqmKr`%tJL!s8orOH^z}f8>hE5^3oWSfvrXV=h<4&HI!x<<0MCcIUV3Im|DBL zfL0@o{&qtC(eUKTJ8jSa`YvK9nFI95Q<-e3ykO^FTQZ>jK>8q4Hw zMtCz)U$0?O78LA6V4w|u*MaVa%lMWo=aM^z5_BrTZj?I^x}MXOJ68O6${q7MDR<21 ztlTlAt8$0Uu_2+%*SO}hi{wC-)B9g2cpxK!VW#5x9S-3$(SI&i?f@Vozs$YQM)WiR zVJR|BF}A{tYh<_`*d6 zQYCuj&Bm^mmjO3kk?U>I-1#VRI2}C?P;=i7V!(e2;3ViEHq{HLbq`_J*gb%PDn}aJ zmmw)(WSYj=P?mh|M{XMIwd^4W@$4ng zNU_0vw%yvS+Yi8^sF{Z&k3%kpR_h!&w|Le;%C4Gje+Dt~qpYQCp5dzJRq&2|K7o?I zfaT}CaetPNJkX{|>r+Xb3@reHC}K81n(oyiO|zVYV%~P6=K}rg8{FmW>kHLB_$52* zReMq7Dl!As+;`BxqG$4fHJ#Zpu+eN_=UDf4=3gpcB$H&Khk< z-<^jC=W=$d=RQ+b%{KK8v(&sf)svyyxg3fPI0NbS)_xq1EY_X1 z*H{@T*yd2syGv1I;|SDM{zBP^7d}DByxCI()Ex5^yEVD+LtP3lhQd&CulsxieB(6) z_$$7M1O5|pv9tM%BqW%R_Bg?=`g<_-S({n`1jYo|^jBpQO!62yMWjEiTPzU7{dP6R z8hE`O;K_X}wzuMHYHwUed->Gfki_<$Ij(8Qd66SDSlxfIVAWe2*>wIor%gA3>e!Xm zz0q4psz0TXS{`||mEAMpr0z0zdBz}4t zA~`$kvM2Pg^#idVAK%6WxORT%6^X}#) zclS=cyFfB>j|qBr>HN82Y*Jsxb?IxdxAf_!v9Cj^udJ7cM(DjnQZ#bp>8?FpLp^;u zy=zZr-^zOWK>F`btk7v!L5XnRWLP)9-<2ZWr)`+5f2Q&%v|piO%3TzBmCqb0e2O`Fr5` zFJsr9etHw@X~6jV6Pwa$Vt3cz#P%us^NDpmkvOp_@rix*lK8~F^u+H?>EEimwI7VQQnTks%qf~UEP!wj}F&g?ftJ8g)T|I|qEg6a8uJl_ld{r=zZSHz-!Dg7_@|Kq>2|A%+% z|HprK|Ld!XwaI}p!e63)L_1T$)GXgkLZ%0hAMEkSrhXI!2I)-I#0xPgsw!T&JI zMg>RdANA*>3_jNVD0_8`@|52l<*r{yaW^|oY3!b8B{>52_XoOjcTuECvvsFtxpShm zgC==zBJePV@cU0MJs{K*k7UFFfT@||4? zULV~Kxqm0V?e)<`$MGYNPup>ELcEl+t%HB+C94Ziv+FuubBM1`3d!nQ_co^b-@sZ}ax{8p9V^e>>$1iRtG z43+$EJX%770ZG}rqy|TOhu5ZCWu!xOJeW26B(z+5mPCJoS#taRBtkqFKfKQS*hy> zKF&HE3Ba^elQFdC5>9!(Mw$tmrRr+tdEL4*(mxyc?66;7K`CsfC4@%bBNY{8K02jC z=j9I37IrE#%r52LY(276Q)JLdG~xCPa;dlGnbG9QhanKI!eGl0`=Aq=w`BmcdncaO zk5bg=KXe}#uhHRl<4mVIH&@J_Ti{d|7RzdR5s?$j0(I@h+(NWGH*OBA%qfmr+3E(b zWKK*f>I_ojw%XiIw{ki{>f$)0md|4m9h=>!Iu)`{EpRFeie=@7nNWg45~>R)lAQSn zlPSb3(>wfo)bcw<_uURvMEhLAJDC^ri9W_7gQ=#Q-~$i%^V3EAYdxvimN6X~B?mk4 zrc*hZ=nrFuu5A0OtVm|wnCEetwb2v?vEM4eJyBL~nCL9|1=TV9dzqSd3HqPIfY%Qq zJ{-3M`{lkUF$nv`OSnAm`it;jYR8&CfeO7%Ct)fkdg}zGydS@2KY@x{93 z?^#r1Idj%YvPjjmK;`wCE}{U4Q)#f3toRJbu$~p4p;^8ePQ_>F#rvb57QJ}wa4L>L zdfawdU5H_Q7O|q!0ROR~6#iGoAb^N0EM3!8AIK5sed0h`!EDP|=@_+RMSt zi*pv^{7fE>%0T*gamr#Yy)4CKeqMZVE~4i<@ci?0Vdfd|Id&E5|M_{(Glz5hgG*YP zU_TgdZ=E08`*v7jd$0O=d!G#JXb<;~C+CEgY`pwO@k2VDkCJ}>X)4F=sScR-yM`rB zyGGMqr|?;uFsx(Rdtw;s>T{W9*l8?)Nyl;7+5ZFT-}iT@k1nO5N;Boc2G6N+2M%&L zc#?dt)0?v-=oH5U9jTLYoJwuvnI6a}A5QS~ka%86=s6(^{-$`ct7o#_kbXpJKY_{U z{5$7~^2kXu7iP!`wND}LyZEQTX}Hu!(~zTCZo4qSOh38hr1`uep$76Zp$98c4o24g zhz_o=C-=PecIMSov)nj_Ib!)D63uAS;tFNI8}B8#jXFEp1;AF`DZ!6qu9sE0%zYaY zZnw$m%pARahZ1#=6AxLz@MLzF$8)GV^I3O}0Udj{X%LCj-Y!koU9eo4(WWb!W9W*x zWq?gQnKX~F{s=OCBEw)g;8+L({j)MCkOoMntLX0a37F$%goF7G^**Zj26)Jchj}7z z)muq02s2sZQo=6f5y3`h6qob^EAzuU|A{ufJfi>m7WtHgc1O4xN?m;KNadQ;-$OrfTAD6fzd+&K-sp{Vvq7`mW#<)~#~5YI!^i z1oA9b*~B#|sN;6I92kQx^cHR+*T6PwzQL|+T&^2&_Lamn)^ha0ORmlxWFwIyqtleV zo;|c5$(qv|JB?nh#SIn6vO;YgANv7qvGp_*s8TPmX^i_5T5CZ z`Z7D}o5kuo_y456&-MBak_!a1Xg!CjvwS%;-_Xe)4H>y+b0gQjqW|rasx2x0p zNox5#yYQ{#{nm&D$TfP$Xlx}-bN=H{%L~@(ZUofC;616qHXbE@&KipTJ(cfXG;5lyXAsnaZ#=b%TUz$A@kmvVVqadzw7mF&!0417yA_lv`T zc4G3}bfR}U$p=molH>!C|F`l1mHGW%L`DCfiXhIKzC2O>a5#(P55j|-Oe`o&mOn%u zVE#V~|3LoGZLDd8D5v6TAfK-3=$J#PMWZL6vjSC2tqnszR;^}_b@2EUdkk8eoq@rx zRSZG)I99Ay0PB*nBN8x{X+Z!2S*e&OE00t%fLY4NZnqwC3O~7opIwDNiN2l4rvrFd z56RvZ^W5)b^#!s9yT#~p3QZ_&Ks5!@j91UaYo6D&R^}|_5vHJ9=PYazy`^XeSNO3* z_ypMDCPRkXxb({&Ga|ExXA$aE z83a_9Vz#O+JsnDer%v{^WwP3x0aHE{aSAojsZ10OkXNJ&Il>k5@Depj@#WMfsmI@9}zht`ho(R zM`eDaQ}Hy}t>5bU8BdZr-N+{q(!|F%ijM_t<|g1!FSVJ!(OF5g%q%I5Qe~5%J8_`+ zX}j|oTTF^Y%^L;L|AWv`rTW4uM(4Zp<-%QV;I&tX1s@ z)uQ)af!_!O`sJ|jrjEi!)W=m_4UuaGn}8^lQ)F*z%B-v901oyry*Lp~=gR_N8Xl;H z=d(J5&9Y!`lnd=mQ9Q+^cZH~dOtLB_!km+0^a6Mwg@7f5mkv>Ap1|N%+Yo~zV26rY zQbg||%uqomSqqRogZIK$pvMDQUz(W_BXd0KDBR>K`PHSs>Wul3ug;7U@zrtpzlE|d zKv~hBOCCbU!j>hS@n{OXLr;+B$Ng-N0C+@O@E)Dq=DU=`G!K{Okpi6Fv)NZg-=@P5 zK(h9`Tn4D7=kgh#3gVhRW5|N{YpAGlUgikV|LJkoZuIy`^rL+UI@Ak0MDkL-+F3U` z0)95b@NzloOZo4Gg0WK}`@XRqGc$X4Y`C>Kb_w*{%lAQq;{#MHYR}f>+ zqZhP7Pf%B;C4JjI4;X6g5maDM2Oy8*YC^S#d($x}QUn>BCUj_Qszs-Zs;F5GosI6& zF40|`G4VL-?>yoXW%QGQFn*~XS=MuQ>?`!ofk-xxRW%c@H(otEDfq1WLs`X$J;&~k zOPYLVGiBw%4k=SHidineh{x!Utdo2xhI&S4dN_tJhtkm-NpA?KzcZ}C=v7*xwO<1N z)Pczz$_|H8$HEiY|75nV@6To{VoTGf%F~4UM5brmJaB8xSvXY}>t6P(!C0>BT>z6~ zf|D@T53*+8Pg8Qwy*MS0V|KpsFpu5ZA^;B$)Qj692Ts4PI-eAJvsqLZvpXFUhhU;= z%7uCpEJsVu;zB#58EO%A_d=Y`tp5AT3i{XI2)pk37V^*)meym*SV<>(w8g2!py-&T znYj*a)3`upZmj@yjTdCCmaL|}!dj;@l+}V)MaU=v*0Yemt>RwpYn^J5>+(_%)4`;QOHL=CYNHKwfILC$A(}@oh32RcPDO#1s(pa zYEgS^b4#l>E-)|`HPH0BLnLnqv+CV5yx)j`MvFfs<~NkBej2!JldH4 zGuO(^4K>U5Tz(FGinpWA&Sl*Hg8bfu{4cQl?z2z~Yr!dHG6I;+$XFN&bipMYk1l5| zNwYX~&&Xx*tbX5G;t%LwX1HSd@jhL-eJSm?e!T1Ct^?&30aLUWa$sq|{Q!xXV`NNE z0cqoL#)$kXCVNXHzQ{;fX9%pwRK^v}W9kAox0k@X(n2WBIg=S?yU*a!=TM;44TayWZPs?;d7W^!7vo$` zk=3c@4a2#>+JU;M3H$qtNHsal2+E=iwFigOi6qy`LaiPaa1WxbxifWY2$+w4v9r*s zCo#>P&HY?!mXA(n&Xa*dU5ZB2%@zGpn5Pb4TxIKCWJAx0%d;cq-vH!=jp!>-k9-_~ zj1#RI@wo3WW1b^lp(XI(t!LyTp|AHpvh`Oi9G1Ody)YBpL&b)^)d3lupvVF_?eo1z-bhv!LB_D()}J|B zvck4LDR_FpS&C-%FOkKNK?+QQov^*Kt(iHkkjSiKr$c;cCnV3BN!tHP5Lc&?-QKO) zfe!fwG)Uh4;yabLf-R8!j-8*tx6r|!a!JF&bL4=r(h)F97y?|w2B`MN)Q;MH!E(NR_j2S)gKpjoqwrk*Q!VBF%nc%pk-{VeU&uHy{ z6p)~Lth+{Blm>NFZ8zjnX(-F#nXC{(08%*(-X>A0sY1tS3*|d@-VWW6LkG`tlzb{a zQg24%h<-0S19=l!qf+fC7zDcOVXZVcuxT8{zoIu|toH3?(QBA3aJIMYV$r9dhnu!x zqJJekRL)DeQ1q*qv^_V9E<2Q#W6%L(s3|QYoY-%#j1cO8_N#tqKZ*4kqbV9WD>B3C zo+J9vI55iNZf@8HOjG>lv+ zFgcI)@aA-^V{%?c7bmhVrjo;?;PmCtzfHf_KS#+9@sTsrX{8irAQSsH4fCKa~jSbF*0wQ!09zdU!vcX=(F^j9eo^r%bLTvq92bRT(Bw%)f7yD1vnq0 zphB;T0_D`o3s7I6yaVhWq52J#6xbKBQB9}#4Gm@Dn$N{G?g0(n??vTk7x;rMBtGJx z*k#5__*YJiU5OJmt9Rf^G;%qJ$j~Leba3`+rS{m@*elU~7$NF)LnRP@{vGJs$drbi zFNjw)riM}#-NpQHai&Or7xbZ}C6JWuq0juvHsn>4$>UVLOZRQ?BaGfZrLGeAvtuwB!_*LI`W{94F~aiGYO-wHx45muJz36Sq1$LR~ z+e_ZB4AFJu|0}5sdC>Sr=X6->Y%>d5l$4J8Ri4g?dPC%6%iBm@kk*??@@|VjRnSKC z($1v-MzOXb|8s4?fJBcNx^@_vVP-1PU55X)P5`RtbDc{?{oS;ZZ8XGYcA7(yj^5Oz zKajKhf9u8oyjkp0j~T{A0q@n7cwin2BL?zVlm>W0(_cRtGAcDuBzo-rZ|CLOl%`N5 zRb1mU;W2De_IvlIi!aqF4YPYjH^X8C#t4$~spLHl(D@#TyaISaOC=vm;)IU@=*cR`R?;gO8{^ogS zC`Uq3=*YwLQ90^80R7mZ)XeS?MM)s+ccs>Q5_&O|dO>tTNv$}cmeUOKEw$*ZDr_?a z(d&wG1iC=7=v_^L@#(O49ou;GK59Xwod`swLNg`GHQpAe9e0C#O9Of#PG`D{(yslm z6OA_IE=w>Vr^Ci})UlduX4YBndfa7D7(Jz`E3w|tL14K9Sh27JCJ7(-W|VK)qSZLr zEZR!yY~qAEC!0l>LX+al`WRMR`7jH2y-j&JD~PY}W^E#^em_G1zAT0SKFmS{5RIZQ z#&hYLdnDnJo)mC-r{k6_l2(KD0v^fgz#}VJH7lqZtPZO|N0&Rj>#-*Wap_xz_$;F? zC7a@ay^h3JIm3n+Vg)b=B=lUW;P8gboa}QdXzvRMDO)a~QMqr&U2?6K*|*u$vKF9dGw0Tizs0!7AvBDZv?jggTZGul{MoJwv8MoK;`32S%r-cHUk6%{ z-o@UAm}2+uTyTmF1x-9LyR>Z2V1spU>_MP^0M5k%qEE#FB3I?AO-Riqhps{&T>&Cc zS@h@t5vSaj6>2f7M9snsP9!qbUkpEy{->MBlPaG5WMTFkc0lx1(d;$?Sel%HQ3Z~w zFfOJ|eb@9ct>(L?#&i~|$ssGx(MD1iX4}+PumfWP1M>mtEl1(tP+vU;rCQ0__G8fHs zA&$tfDR1IvVj~>4Y{s2rQ|~g>@kG1-(EVpg$G$=$eW6V(i}3WS?}B(Dz25k}m*Y2`cMHL3!0Ids{Qa zCGRtLWZxB`j$-CtWnsr?ZGY7^JRDdz&G^=hGE)w2W*{rSmh70#oyA`37KZa)~c0Fztp{WOcG>7d=Nmz}K$+zEyJuUg^zxV}!M2{RCcg z5PK3>@N{@GyUD%E*%(iCLoNxhYsudVtj)ahrK%Ia#v7{fk4+pKAvZKfodMIXt8)!@ zB^vQu)UL@-IfPA6%&*P6vr0o_f@<_=;|n@pJ%v76;vXnDx!5f8 zqI|n~N-j$=i~g;sU$71SB(-5j*E3SBEl)74D<>nl00NIgX@qfpJ>4NLI1eQ4dp^nBE^XbycaqZ(OrAzeR)e3+n0aE;F229?!9EK)>rS@ZBwYC=ojz- zA!}t2T`B%8gpNv43BvpRF=>N|WC?>GdnMlxeV*9S`RxQ7zU&mF%ub|<4{L5U=Suc#N7ut5ew(tvv5NLNgm0zM8NVeIo_Y1>ks`0spsV~B^m80?u?tU2a zEah9grmKzhfc{;9U>&+6Qr@w_|tz#uf*w>ITxTOn>w zqi3>TTQJ_Kyh2AJ8#)*zJ?FRaVJ+MXsHkI9Dpe9o(YB)q=USKY9mlM^ z-m!#LF}$d=6xPz6-?@QTda?#~kd9E;RdUj^GnQr-j>qvS$D-JCw;g&eB`<{*?%L~# zywbU?yw_e$SlGy_gM}bq_0_<~t`leBMNuJxO%sDyg!q_| z1q8+eAK$*GbN=^u{?807V+zlBN9T+W^Nj!E8B=-2ySl(X&*N0Xn_Ut~gnu4Mgr;@VNENf%Tr2F^>`h}m%>Hw!Y+bpXO<~Rc7 zDbo8Xa!Jb^IJHe@k^je@n#Ga9^{rF&h(ETa3s|F3<{sw?a{HSLEMSNKDW%RO)H_Oo zvwm}wv^c~uEwR3`SIeE1g$_YKVp9CEEhzgf+3hZn&?ltn{TrDjjM7G8+y*lf=U*Tz zsj~85HtO93t`x>B%`C!l$`$4@wYDO`&`Bc^_|@pBPS;c2>Gvs9fI6}lITcqikcb6n zK)jZjwOuv$jJ_qL#iZKbZWfs3BM zh+jN4ILQ{&Rp1P`@V5opT1AI(FjB@ED(YHZ`ObxXX+S>%koo$kCC0~@bU#tnH5!`p zYW;p9lZNO{Pqd3jWtS8@LIV zvaFUWk5Fj0!r%!uD*<+7>D*lCrw+;vjdkPh2_~5*3h!eu-O+T&9Pd%54pfKtJQSK)(m%K;}5v z8_E%VWKZI4T_`?TgM3_N)573^bep+m=@bJo_;OV%F4?Sw@PK@T_;?ND_tF#d3hPo> zUd%G<3Vbl+cI54qm^X#OGVm<3hR}l{JD%5)m^XEuk=;D)RCWT3)f-N1X#>TgtRf~u zT(W`;l|BQU)CiFJ$P~WE$a(YHRKCOROU3)=Y`jE}(ex$)WKQJTy{+11$ey4XY_-AY znlyQ`G37GFb^)9Up2+mEVcP{6hEdMIZANK>F>e2WapSH_uxC0uZqFohd!{j|?C44( zdnRKSd!`)#1bNDi(Ec=GXW%6U;u~zvW+w2 zZ5-omd~!`f8%w&h@v6Yuxbwen|UaoqtmIlkvLSYwgF$;;WZL z!BL~XP`J)o#J7Cd9p;2B-2X@IO2_h(L0zIiI&5KD)Le>@d;v9i(HrZHp!Q*py2 z-7wdu6=8yl5|$z6)hshHExed~=dk=2u+Pis^Cb3pIsa@&!#HRwo3&*Jis&k6E4rqY z1xmocFL>vP+K&IAw1ij*7p;CWe*R(nmy=L+VBp3?d~h0-oWV-YlmqAr@{0HY2&Y;I z3!%S7(jCAl8Ht(KVsWMmVU8BIA_?`WQ#nZU2Fp?DFjqRfn^JHZmge3vwtk+9&U6FBK~D|{tVEs=UUbAnDi+3|DlIdK*KxXwf| zw`J-~A5~9HcjOn9=tXu-Vg@-&cuypFJe{#$r1n-8N9@Mp0aGn-iR#~d}fFKtAd+EOAbhnR) z;?+>MnTX=mL==C4M6u{2k1s&AwnJhRgT%nT;8nSY{Q*Rn$lXa&$2j*}Ax}|kr?NG~M{ucB33p|!Mf4f>~{xArE z?o0Q)?tJOeyuI2QhxLc@bYLft`5^8^dOVqkcZ!yE!DETuZ*OF6Zi+9~fFAMawB7oU zzJRy8jbQr63|wb-9#aE7T8Z%eAU1Vw}}8<|P7A&G0sXLy?qmo||y`3>m? zLn(z0_C1XrQ_W=mQY88xLl0f*4Y^MBLFUl+1GSsQzuHeHaywmc)r_cxpA@P6x220VSvY1804x~O~4 zjDhdw&Ts|-b)vzbJDnrP!CNy@5Hp;wY>fKMcsxI0`a?b~`YY*@ug8jDKGz`at2;Fz z76^lkqzwRO9(G5>byk}uX4_XwV(*Hn9nlfS=d$RZbe$W?F`IyAd=s~#D{ya_9Jqe9 ztd_$$v$QD{b)jUmrs*M%Tsi|I39P6=m11ArOg-e+JE^GBQ}5j{IgJ#OR)%CYPTkWE zf%4wwB0Mq4+nuLeAAoyQa_3Rm-_ifLCa!UBOPltED z!6+_5-5znx^{YcMqxT!LUY`Wa<|+aI0#^19ODCMfy7@ZP-w{LHZVkGW8jLJ(s-2>< zFLa9k4!MK|XW;U;9VIohGv(0!bQZH}-e)eQLQb4LK<(;tIA5agRwSrl`xyCTZcQ_h zTf$Hp1C*YTlK%#CT}1;`tHDh=oO*e}Vf_nr>cyPa6?Uu1P9A!$R#@#+&n#OUmXO{o3gqCKEF*fvFY~olvTp?mGWJJj`{|5L46`X zZjVP8di-nPHMfr3r$K|_!|O2Vj`|2)R#C6c9WzaSO1>jV zFbn+;9lTTywd4y8kSf&4w=6?!E|=7a%NAe^&v9gHVX-Y^4gQc%TSeMXOx6@8G6w*V zwbNv?nWlNeNF{fgOsFMQF=JGdr+9UfZ?9*lKCFD8aoMoyVOaOWu=+tO%>mZR-_30r z6@;cnHHiK*p&clF&L2-on3ui6H9L|;GgOA!K-Pr|Fmjoy|?qJILk{K2FIms7q{ zV|UKFhLBpKr4EJ@9hAxskZ5lsN5@e#%St@Nu1z|`O6$}_G~DZ#WHihUur6r$hofE5 zFu77u*XWeuwVlbH(%DHZy?m5f0!p!&H`YNKc4=?!(fDyWmrhGK^cPUj1v>Te&?ibq zumx!A=wB1tDn8ojnEZuepH*~oHbY}Qcw;;0Y^Kv|V+xlRqI`+TjR0~AGfmtj%1cz= zf?R2BY7)+CiA?EtT$5mulu#&YE*3pvafRUNQMoV$FicGf1-UCQxYJ>t(bu&jTu$ye z*~+<6;*0+~F#PLZ84SN*qJ3uF8||M$he(heBIu~Svb5kqBCvXs>UL>gv;t&!T(dkt zT&ABPbzSxdw4%VsER;V+Qv`Ot>Rrj}(v?2YmGe~2(Y8c-n~)n`JTr~uIYTZ9FX#_h zo@gITz1;z47de)W{sl!7i!l_bx2fG)4?7EH`{^24bZie8m&?jBj8&>o24HOK;#OiC zs%d%`ltphnu4y0iN!%r;cI(nkU<~+bK4JG5fe}7L@^1||rT@Rhrw(QOR0-Xcs5JE* zzRpA+8MNu%_#VPN?^>PUk?(ImL-QN;xxJ*TSATD5qaFR64OFfp5qr@OgFF1CIh5AO zh2`y`NgvmHHk7qNV zZ8i)c+c6G*F`)Jjl3d_TL<1Cmd^?=e(`3*CFf!HlN0LPf*DpyFDZKPkQBwHD8<`Pa zm+*@~wa)t~&ghggCWC@BlOVyw1qr!Y_xEkGx(LHlI20C{;*a7%vHJn!>s`vnE_7Y7 zTcW#|;HCPNNhRJZTOx;w80m3YI`a{v)P_^fc%vs-Rp>w($jWFyw-+i4^I-W4y*(bJ zH`Dc(pMW=S9W%vfH0Vm_FEy}~VnMIQ^bZvq@s<$;n>MjGnZ13^-X@YaBJVW4kn+J) z`u?Dq?g7V|;a`q^85kbRJW2<~;uTs0d@6wFVzT+_J+>JB$?$I~)HfqupE{E+oF1RY znq>sGw~{rxT+bHvqVdeBWVbwa9{ih8sXhcVCP4i%iN*s^uVRmcy?9t+gvqcMEpEwC zeW2pfP$W(AYC&l|yr~*mzo7O zwYtocC3@uFzmrv#`l~GG~B(?Oo-qJ?~y``pv zmdZM{l*d{+pS4u1S*~C$6+=s9;c^>qX_^~dFKMF^TPkEN0Xs{rL=sw=)~S^ZHPlLY zlO<3Nn!&X~#|otJjM z;84>pQ;f%DZ5eJ87hn>U<1_$DLC)KL%w9oO;_T`D4#y8`S##gD2Z(cNMd?h3K_@+g>9pCal8DC+Pk8cJW zUvvbHuP+c!O&%VSnhYnS7+ekdn%GNzN<&@@l{5;9bcp2 zkH_bT@bRtY{(oqE!y+`kIDQUOe;JNd>o87E;a0%V0re@Im8y+PSv+O@iQM~Wy9Tsv z6Q^ybNmZjKS$Y{fS4qs_0!0pT7uYcx!MD0S*Lbs2XpIa%GZiLflcOq(WUy=G^z2y} zwbN5#r7W7|*&j&Ie`^UJv`X)(%#bWxHbXZ~+dJhrZpBe0Iug722a*6I?!(J@)ikI? z#|0Hs2jX)~&nVHc(NLD&$kLA#>%00?mW~GIHgyhpv$I+E#?DAwudopVDjT%%17&Ta zqvUHh5FDbc_WJ^H$B!~!hDH>H)qRiEiLtHWa(2|HCO>Nn#{0(iD4Cv{jd%O1>F#2F zr@sP{(UMNL{!YH-j(jy8Mz0V@L2&mB8AHsRQMnXjWoA3o`7=4gK|=A>4Ow^ytqx|z z7tt9QgGPCgjdYT&L23ZKy|5ot+^k%Nz7Ygo4bq$OGdOE>9Uk7x8dwnY7uj1Qd)vw0 zn&>cGd|1$r@--1^X)(H+h7TCKkvw-SD}tvKXTXc#L>JZ=#^z&zh4Bsn8?9OXfpS%4 z@eD4C@qddNhOZ_DY>oR@-S`Lo$dLX-Dv6Xztih5=*`n_~wkdwR7#-|3(~&@M*Y`Vq z{ybvfjt@`8l?8yP$d*bD+r+W84mcGM6jy!Ns@c?q*;3)Lxg(&iRTp#X`0d|fx6f4O zW?O@?2}$^UT-bPo;AcWVhgK_T+ugNLWSrXX2!|iWNH*HY{_|S~KwCQbuS@V^ru%b2 ze_cDp6+sv39;^sS=8$K)6efy7y+2!(`jxb}r>OVkl$;dD93bjk-Bq&H^OH4* zHz^LKj}}yqS<>x)vL&&%F+ z14UdPrHgC1-|@fauXoRum2FieggR$%--(1dFTfBHo#}z`W*PA3ul-X=*`47}dE^ZY ze_k|P$0yewApDs}2^JT=kq;Yk+Q*#O{I37L4*f1v=0+{tb&rr9#Z4%3Tw4Ku*Wy)W zWZN&DHN3ivk2^DjGZJ@gRSEI~qW?O0X0kini{tUjh&T6s4O@B)exW!S-UntFm`a09 ztwMUa8aJiX95jmlfhqKq&2HjEKjS9H&15b#DhRby%rtP{*Fc7Snt_HlB!)z;jl~Q9 z1rQ%`0!tWPT*C0;lBXD%;!dpvO1#RKsgwIx&p^HrdlB(vlJCCAmrIY6m-@#DH&(D? z$y;m2FeAzlr8e?LCWhY)S7hVXi=yMD8UTNbKAo|fNAeu@Bz39Kux-+sell|w5 zjLeX2Wcl#fMw>EbxHiU!b5Vwbg1V$SBYwEZ$|Cl*q=90SEW#gk$dZ0PHBV7z)fWdlw9Z^$n4F@PZtYqPJIqedW9wuqL~6{#v=TVe(| z5qvd5XYTw65S8(dHYFzdiRm4=3@6-ucXQQxJo!ESW$*pDfSM^Ta%2jvzbk@`%3+DX z)E4-QU@!UEE{;7R74DlmE-Vp@I!pe(nxtgQu>Vy=M~MEX4XnpdKwN^Mg* zRXlkyCSzbyWp8YN9{)LsKEm_uEVR7umOfhbRS}xy$F^cmJN3pti~LJe>2#{zG2iV3 z=B<%kmmSx5Pv+d_P*1^FPikfj?T3%iflr`96VEg_N`mfkS#{Q!Wi5!i;U`Ji>?~;! z7rlnQInHJ3z{}7OG;kHFXqN18p91+C&4_I=zq6!WTy#B|$SfoJI3tMk@v^6c4#N1# z#qAoZr|958!P)~GmQu$Vbe|)uRmmc)9B--RLWFJD5d^7%Nd~yD?aZl3to<5I{ zFSw`M@h$(8@hN+f`BTSvIKJ6?{!jT+eSDOdJigV2KNw$}KW+IUX?$zX<>PDmqTBH` z8vb~EuYZxupWbmUj_>g=ewRO0>GZ-)S*TJJ+Es$PXXKwxq#M{P3!J@l8hcWL?54|+{?`5x_(_F*Hl`A@0G9OL9q`q&0?8yDAP*J)O$@% zJjX|nV{EU_38jpyi0@Hs3|hQyx> zbq?6V5~r#+$fsiY6^uf1^V2k2SZR=9O+V3gnuU+VoKSh7(P%iAROQxX;z zpMy71iwK`Pl+PW?cK0w@U6hQ~2YE{`JrA*ZjvO#ucV9kvC{v&-Es>@dFh)!(6Y!#Z z_d_n`<>Nz?nW5MpgV_<6qR+o_uNyHidy2YXOdO zs!f?TEnLRsy+?r0c=%^cQ$mc-s7HHD;4u785Vwx?yTfCMtWmGdL9nEJQc0tGu6loN z$v$yxyDe}du;P1X7bLObryScY>|^pXjx~k zqyfb!4Fsk<*QSiiCOSFU@lY53EpUyXO4%ii;+V$5U2|+edk65}I{!><$O>y6)H&bOAbb4KnV)9J9afNOu78RCYS? z3zeFEkwd+*K=zK>0z~UdI$A?X{#WYck~()!M?e|UgQ@({rI>F~Fm zMLa?Z9S>5+`EWVQ#?A-NPQsdWKu8@Y#04x5J0T|VJOv$j7FHkoIR)cgx6H~%dxN{s zKcKNuRxNouNl=jNNlexbbn860tN+^$-pHnG~p-85;N#JbVw|B9S?SL-deg?G@o0}J}XDrD{uC>;Buob1yxmjEp;cF%)nSq4C zTuD8}+orkCk-}-X?;_5TC@{50Wb&7Yxs;m7kWr*Q7Ktpo6x9;0EW#qgrEqx>JEmA& zXGg^D3LhNF3r~W=ad+UV>7QrmqU?qSeJ$sh9UU1ImH|-ZzZ=-uSM16xrjdB%RU!%d_JFjo<{&Mk$s*QrwdKJ*yow_*~&i8(^|e{TQl1i)-33KJIc-LebpgoPqP-8q%i4EXn%9ESSxC4mBNmKG9hcamV65 z3h2l<$~4&|#8HD`46&_P?NhwkvChEYtFYQ$gnzr%*YrpAeYOqjLr{sFWn{JoH!Jgj zGrckw5Y*70jlkHuA~?LW_aLula_7>@WRvB>liP}z#p+^wM*!e943)1I!_!Gy{8}KH zF7oa5m`R^=Bb&ObYH`_~NAMx-?FTxbTJ+tG$5CH|_`+~1?U91wZooXXgoF8=uvyeA zXp0OBkL|QW4qehs(Yj(@bm*v#9TNSGObO!hnGWj#rz*`L&)I+FZpgiB=OJW!vb-BA zvq&^CllZTtZJ)tS8iW$LQqPi;k`kWt}e z|78Gemm>Q%nd`+l19ORil-6eI*1dp?uG`A)0=5(XnGWpdss#44RA)a2Qs^~gGtPwq zvD1^}_RzpnI*zZ(oA*1+r5WU8*tkwg5x%oFfOuCGx8!Ar>XXrP@L$04JnI9vMb9+wMIi)US!0 zSq_`!lW_TDEg>?_4PE0gcEG1@>%48c_;c_Vap9O;*mOnA9p)TNNWnzhiJU`qu!smd z$)n|NwHzqBmfqr$&sg9z*gJg>=A$9NB3Woa-}(X5GbW5Q01x}qDEd&qgdXc-*=P@m zDe3TVO1geA;Z!!F-POw15&K`6%T)#Qfir|Tkk$z5VhpanDn<0G(B!d(RlP+&0%f!i zdC#g30DMwBHv^>RaFlf=oJz$qM%%y;5~w;@?;aqR7@wOW0 z7RZWmcdhNz^8_uVOelx}lWKXPdN5Pg--!5eWE+|>H^N}!UGaHfYE}uJj8(aAG5VrF z{VEcDPoUZ&v7;P!Gv#37t=|y<;$m6LkuxdTA&HOGxObU>y*xdX8Y#L#b*~GFEo-iu-l=d;X*PMc+}{ze}G=;exRP zo$xEQH!9vF!I9eDa-YB8l>FA2Cxp&p_-0la^Sgk}y z$wggI@)_Pz%RofQ7FdL_@9T>YS^Ee912jYd%!UEavW|eWWQRMSxR;R=%VrPkxS~mn7E^I?OxOB+?>OzRZTJZM2=uPcUgc=>d_UT<1OYa-u{R=0mf81yWerDnMQgc|q zZo+R$ryk0(avket8FsVS39kiC-r<(_*nzwu0EDLv;pS2uZZ7TuH+kODulgh0oCcp* z^^AA=j@L2|YO(v8-PzuS1qM$KokVbF>G~x4X_w9KJuxcvvri93|GaXE+1-uLl>zf(t+_AgOb?}#%`zc3pno?O0TTB-!NcEpnix)~T&^3_+>caB8SFXe zyt!F23!;BIAzs$vx6!HOd>WQ*LI*t~`o>V6&dYWlGqdQ$$Bp*PQFO^s=>!B9EoldW zvm@ROKVVfU7ma;`?paROEj%!t67|XMP?6o40W^9GIiN$wwe?Q)?6TXbY++U{b|k$H z)u5q*=K{KgwYO|w0_7IX(+`L_wGvTaJk1TXc?!7|COv_o8@td`iTy*@Hj{GEiNsD8 zBS%&jaWs;l{C6Kw5bZZVwIXhaAemIvTZsC!#uLEA=0rB zxm`QOsaE0jJ+4p>mnvtwM#?#}?tpPd$hs`(z`^u%j{GYgb3mpA$E&^?T+^`qI1BF@ zbWe9Ep9A^87dFm=23*JWrA;S!=fohb>lp9+;|8VCsT_5m2LOT%;Rt$BWDREt4Z|&3 z>md=yLZ@Qf=B>{b->6F8c_W}on)5QVudy&fiI-vpuZAwsKd7^JLFwIA#!{W(M>1{&;p2J1x8%l7HTrt z0+Mjs0O6WF-Cyq%?LZmWLjf76*&U8h6sTFGakl`~8jygN#f(79hLD!s0U4o& z6q~Xm6a`AQCe;Snp!gOzFsWQyy|s=Y&- z;c+5Qx9i#rzPL8S60XfKi@c+5MG|7^8sgGdHt0dZ{7g>)Ex7!6)fV>u2!B!fqh3{{ zRtzrz2EhL%=JxtYv0-6>E0LioB!(u5pSfQ6|29A4N9zTpVmNvytfnpaN|1i;o*I*r z&qo$s+8HqQygJ_yxdHX30)Zy_a4>S_iZ)ax@^48YQ4+@dXo?&>u4zC$PFLRxGX4k{ zp~d;f(H9_|kZ&o6VVjJsD4N|@4%eVi8ur4j8jRgMs9$JgMcM5464Nn~oD#%OvFECB zQKGM!FsjyY@{*1m%_B^a;Yp?(N=q1NzNfw8RzvhpFk%1RBP$K%IUKP{tF8ucU6m~W z4y2H!_*b)g5Ywi34L$GC`T$~jX9j^E7+p)1px7}FRJz%piO0u z_drVMK!*1lW1!zN8C&4|4ef`e8lE{_QYL4bwV*=HJG`5-oh3hszGvZOtoZ(Q1?CCr z@B&*&%dAzBH;lFgSy@)Yx@;z?(=3;Kz%PQX)~y&;HW3adkadKbjIt7n?0BqIQ~ih8 z{W6^9riM&p{%O@T%P;GS4D72@p|0B$8Xv}*reroXdFfd2ScG3F*O&qm6MtpyAp;=NIq^c&IB!J0H%IBe<%--*fwv5{5 znru&+zu9wRZ2fpOuQ2RKQ3<(_3HVv`Ya8la?q7#aLZoVQHXR&OHOtT2>99D}JAbO+ z=?yu^3YF-C^BRf_-fb814zSLSQ!@(zSm=~Oo1|=3yeAuVv=oL*U=u~pui~2b$Y3V0 zk_m47FEfaad|rz4gl}}wgo@Ta ziw%_nG+6z#g<96K2oXW28mK0an7pmXuo_msj;$81yLbJUEY93-+%L+?;92y2DWO6+ z^a^eUqf>p8R4+o`86DnFdLSg6!E2aauH0JE!{H4Bh_9zubiUV_lW4*oLPQeZADBK) z9bOW)Ph~y(7LG+!a<#*<&isVdrAW0;wbrjH6jz1k_MBYT%B<=W7@_w5lWqe98 zFwbJ>c}-Bl5HB=bbd-akcC1iM<$9V8CSkM&k8MQogJQ}Ta1MF*8$&VJsVNy-Gd9}A z_rH}gzKoU-wf-C-gT10}F;SH3$t){jB1jJ<^o|e6_2vg9w51P=SlYxu4 zCNP6X{7JPb!@TQBl|)=w1E5o8K4J};cX-By{hQ*(5-T@xU|u_dRMuC7RQifjT9dn_ zvJJMA%s`~1P8?GgIkKCgf0?RLZrMz@LO{ht%S>||zo24tgJxN_rpQ31iFjToiTZVY zUFIqgD0gBhb8BsRMFRXO5F$NVNH$i+sI0E~xpc5s@q;};cq~jo!M8?+eu~J-^B}=d zq>2XP?jtK-VBn&oxyLnfN)@}-yPzP;9pA6kE*$Ea-qMjhalf8|R`-+8L6k}E#cpNy zE@;!jlE1I=A82I!GrK~39j^pD_Ycqp@S8+^AXHHGgi3`{(Wy z6jH!a7B?|4#U;G=-zRW=bJ-nJE;A=y+9R%MRjogEEW+>Fhmx1SZIz`vOVN+xxw2Xs zD%Jfso?BDY*^lG-aX*fQn&t6O(fW>%XvP8qE(|A3A;L#TaU*Ta-T={ ze^(Z%<-?J$c#kO2IY5c_>Yzl25+&M6zJc`UlK+p>qjsZGKHRz&$nieJW{e-W_p#*yELID6XXeV) zzg^St;4J{1j*{AiXS+(i7at~V{97st9CvI(kayg&TNbv+z*{ceKnq%tEtj;o$I#tV zC|ArDFmke(oi6r9b;KNI@FHc)%3_1Sx+!@V767UnkH+bFiSjy(huk?=0l6rLQBP@f zC=r(ujr>}Ow=trx2dc<%4Smsf1VhWKOE@5jJ`4y?qPR!u&;$WrQO>l%K%$OAo_?`> z^yqYVq$ADU51r zE*l1$dJ3TCiA2@SyUZV)hxddONcdbpKx_2{mW7a`+A{7&bIH%BWFDGzzI=0eCM4RUv$y9i{5tJp&acp1E$8qej+8G!;X?wn5d959_Z@cchk-AmKIdU9cI3|~^rqAmiho9+N; zEgu4KFaZrufpZ?{ZOs-J^*sxtq-Tr%v-4o4pUvaty{)~)C8rD~u1l%w2$Jn>O%=V* z4uY(E1~Ibk!Y#T!3mgq+h}o&I>6@s>Q<@@!XBoJ+C*Mgjc&WgfFQfsQt58am;u)K8 zvvqdj{_Cw?Zf>qIdd_ODN%dstH%~vPOObDC4&g;{eXc@p>~a+CIsC9r(L=ecrRGX> zHc{rz#0mRgKlzKumA%y{(9=A<;0aGr4ftYoWk#O*VVh@(J`F06He``xhwtc5)5u(> zlVE)VhVm+%D_AK!cfgnrJN#LU#PkZwK2aCvpGH>h6G$7RSEa)D1pBT&GL^J(ADIU* zqdxf%{H5y-b;@d|YOmHTtKKMz7f!GII~H!oN^9BB0W`MA02;4<)vCd2v9(BqZn75eHj-kh4*g9XS%nIh6(|&`1SdqXNxNrNx|*n*qX_LqGxTK_WCnFvl)izKO#|y69J7u+gv2 zAielpgZng_>f!K*Q*CP0$Yquf-OM#FSxw?KH^p4@ zgb@UP=z~3;f|P^%OpIzCus23#6;tap?sPIX|~e9b0VsX-)@`#GF@!?CV7GID2l_wS1%BOMacB2(NtB>K>R6FZWy zFi#G|a6kjm^lvhm{-t_b094H!RJ*I4fg*b5Sy&(f`7|(&qmaK`(uKd=d%TGFOPb)< z#t@5nLIaBJ!I{8cRurJ)r|3tg(Y6fBHmDAIwT@IEclN}6K8k@C4r)s8 zgn2Q4#_)_jJT$|O-g_EFug#UzWo$HMo~by?4s~(-vhz`xUA&D04g#K(y1^J7RP;SS z&eRsuB6;T(!R~*_NJ}Kdk9NK2igT^_n>R^jqQ9Rog54s=?4Rk z$Om<$xTQawQKda$MyE(Lqr=@WqlNde>^7}yXOdS8w^7IX$K7o5Pw1<>Vz%=k`XG`Aq5Df-Us!Px&+ zG(D#fT1c%%ufgPmO74V8B4S{EQYB8tj*Gt53^oDnD7){dWP1->?M6;D=$kd0K;}9@ z$3KmlWy#CrQ_|aViRdfMAazpFKQjZ*t408-B0)#}C<@6|EBJ^-|0#V4%>tz)`qt(A z$viG^O<4HrE~SNk;y5gP(cQH0nOx4bqsC~6-UYS6#@CMk|B2QFYVynmU>2wg`uYYS zd(@VLUeQ0s;f-$7DA)+zI0pK;da$Zvn>EYAxBpNk5M7s&yg=`o`2t1XGAGaa75c14 z$J11$!Bo{kH>0l{*R=TAr3mq}OI%Y{=B-Qdw!kqsOJD~SM|P3S9Vks(n5!cSgtN#c z+x2lqufwQRj1X{jM+lsr#m*V^kvgt|{YDL#X;L%^2f%)!)p3I`}U#DQ7%!z%fI^JEM{z84q<9+HweUhaQ@qWWH z`_{G~DEvVS4<@!y!CIJzEu6+$KkVCQ;M`2&SML zsAf2FMz%7VMKu5c1mw+0w z0QH}9ZdETy(3$srzvurxo+orIx9&an-gD1A=iIXt`G=A+4JfO7s7_hGexogAMP(YJ zs*$0pb^IH@uS~n(KZZ~wpr*k8C9k51{t;11lg0tJx)q)J$=Bj30`u!38kj{N4$;B9 zA|A}<7?`RC=5zn}55PQ?2xdzROqGF&TEBXv(`AO@eg5#T#Dm*7LqY)rY3$9w&xX4Vx9PI-KeV_=U8sdCi# z;)RP~^^Y1qh4-ew-lddiX(~WE3?DkkWDoz3U2#rtxsW&zFP*1e=Dbj!*DZf*yG|V2 z^(~hTc68M&rzRH#VqRTNc~Sv-d+9)|?5c;cCKHxPqBGTWVAS|)dG9=UBaOcnQ`*n& zibqLRum3K-#DMruSE56zb`C2?3gMLYId@&`D9iy-&-uFVrAK>0YC*tYf6*RZ`zass+ zo#xiW_&DVzs0b;nXF{A1%KN)h0QQ*KUlQF%MbStqiK6U67e|jMU!^7r0%qQKn*Rep z4>rUB`t0Qd=%c>?pbKv!Krt|;vV~6&lHHd(<&CuYwUPMtzd}JjeS1?0{Ybvrm8#3c zU1IX^Z`DjBz#+JvrvTR{gm_Ldaw*Q`FG2$2_nCo}bk1)=)Byf7_R`6_nw-PdJej~? zItmZ0m?Cb|gHt;SgUk5XC!$&rxx~TH%{Huj1IAVqhe|II(EDg`Ks7^0dAd0aXM`$p?U>W_1N1A{!A0C|HGIJ03- zR09N#ccR>J;TJ0=$AA|LE87B}FU~(mz)RJ`%4^|cGXftCwC#{~JAx4n_BsvrDjoI) zrYmt51B~Zro?pF#&Ns{PjZIpEO-SXRkm}_L)VnDE)(^+N2(SDzhjY$vDMy38Y-4R$ z@SZIIKGhN|Y34jx8dn~E{UwGYV~oU*+jv`pf|@sy%I~49p=WR6{U0Vp)q=PRgq=6( z)>d!P8%~~LX{^lP{R06*8!KTgJWbD;I`D`Rz-fF(A3W&H($U&z*`@bw!=A&wxaJ&o z%|DDo<&wT~1b@8J5p2D{&PCw4gZtP~+KQov_yC3nqL#hPyG3k^W*B8X8;0pgHcT66 zm|mhK%eYyIxY@|~ggEI-uh3$o+oXNNp1_a9IR^noHgyLb6eGO_rtTm<=k|%EEeOxD z$A5P{8-I*j&-*W-_1vog*7FOqX+3vAW5~i&%SM$HO&^H6``xg+j~}S-0-IiLySwu~ zRiphB#<`gogMRes4A?-@qMv$RZZE?AJ8s)hj*zv-XD|J}pi)PrHvK`VeYAH^tE0mr zJjg0pgJ@?IwsJ5knqjsW=xn+R7-b(NY$ybFJKq?imp>^NAqq;TlutRPg$=*)zRpWC zrQVhXlz-FM;_Z-U$zeRpxwobPY-{S@F;f%isWFd<&zpqpc)$@J^CG(Ns&VJ3x?t$W z)rUeh5E`H}9SG*b+sM?K+&99^W~7Z^KFJ*8?_t|G^ur(U_fH>>L$f>b2+eN%5zuVZ ztk|~k=N~k!=QBxcS-WS(Y5HXeHT~YBM%??Ny8a8>+QB&+=A~IVk5o{2#&@Siko2w3yNeuz-34}^ ziXJd#1tT9y2UKguW7uRl*@{Z`3W``9D%ahKL-tx0UjV-2eOXELgr#MeR>4%NOmsdF z1Z3Qqt7j}i&ryf$kA|+yVu74s5meY@d#!4H>d$%x4Zn%Kqo|NdSto3Q?bGpw&!W^K zpkRWAY_NQ9_%n&D{%i3}a#?*3-aqjyI~s|8tWOf}%cWOb`}&fj^>xzfGqL(Q^Zu4I z3}V~`UV4_(f&J!84A%y>!!=DYH55=RtiIB$YN}ey&J)F%-v1Sr%ng-qM!f-7@+xxh zM|3jc-`+|wR)QGeRbG?T4e5~W(L7R{z#J-1wKB%4DUJ8Nl>7&L)q~&1Es*gS(E{-t zhXvB-Mp__rfH^A}wI}vup_K3tQBuD!-BTZ6oiWZy^EjJ`P!(7A=+Qrz{1DYK^RA8j{`?VilDOEm1YNa-N0h=>dq5s0{J$ zB4>Np`YHX7dBrhprM>smJu4baL&pr7+n3*~;`3ZCF&I>A%B_mbYa_Ygf49nbC^2{9LYMel6BDj97@$ zAaQeZg3-JwLD&dc-jwQgoM=o#=FY&Nf=r2qOqyqU>|o6IIY-++A1J4N{Mz0m3{r?H zx#-H?`dWGC(fcH-Sk9fS*> zY0pmVH^#9O)d?C+_gtzyGDo$#|N8s9!y9D6IOz{cZ7}L$NgTY9eoX#o=xE9tK>n!y zpUWS$|FQhhmWSv4L(Z}@YPYD!x^?J+5#W_h;ABn0V+T4I1nLV(%`2c7BnFMa@?JGdH0X*2P@>!TD9hyp5&fhbT?%qUl$ z2-<}rRuIC59`!|;xv_$U#V&$KW3Bf21)Hl_Z?_E zv7!QZgXvkq&I~;?EgmA5EK32Ja*!<7S2iS(5=)S3gwmr1mgzjMK6{~#JYnS<3LwEW2h3F(PY%9%m4%N*Q&8PDM`H*sj$;VUpZh=JAMu!g^+oW0ZBS5( zAXOvfzAY)bum=&#M;Wo~)!C!ADexR)`Uy6A8er+9xB+>p?RtSC?N%-ghfwX>gDzv8x< zAg)cD1>%~2>PdLJ_SYB>8#cck$NXTHSK0jF7sLc8gMLNx!wEeEv=Sp*d7T7a+>QkH z^A;WZ3P~Vl-t9g30vbPQY713B2AP%N8&0;eME8GZ;jJ@WNdG<|+-D}v7=@r(wGLSY z@n?`3wo?+pOygy+z-DiCv#heGOP|&%VGA$<@c|nsy%u-l8q^L4o#xIh&2w z^-}=f200|=zBZva(#atMb22sqwMddtRAGduN3eFf{(%bo+As4oGxtH~({8lt2n$R6 z>tte3yC$l@7ZtQuf1~pIf>GnAEE<*YP86izRReoej~YLFkr2s7ef1X!1qz}CrYzix zrTVfA@gE<