From 1e49e3c364ec26d0b62120a63c06b0b01000e95c Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Mon, 4 Nov 2024 14:01:15 +0300 Subject: [PATCH 01/22] OZ-573: Add support for SSO with necessary configurations --- .env | 40 +++++- docker-compose-common.yml | 4 +- docker-compose-keycloak.yml | 70 +++++++++++ docker-compose-odoo-sso.yml | 10 ++ docker-compose-openmrs-sso.yml | 12 ++ docker-compose-openmrs.yml | 2 +- docker-compose-senaite-sso.yml | 38 ++++++ openmrs/tomcat/server.xml | 174 +++++++++++++++++++++++++++ pom.xml | 3 +- proxy/default.conf.template | 11 ++ proxy/docker-compose.yml | 1 + readme/browse.png | Bin 345151 -> 0 bytes scripts/docker-compose-sso-files.txt | 4 + scripts/ozone-urls-template.csv | 1 + scripts/start-demo-with-sso.sh | 6 + scripts/start-with-sso.sh | 6 + scripts/utils.sh | 46 +++++-- 17 files changed, 413 insertions(+), 15 deletions(-) create mode 100644 docker-compose-keycloak.yml create mode 100644 docker-compose-odoo-sso.yml create mode 100644 docker-compose-openmrs-sso.yml create mode 100644 docker-compose-senaite-sso.yml create mode 100644 openmrs/tomcat/server.xml delete mode 100644 readme/browse.png create mode 100644 scripts/docker-compose-sso-files.txt create mode 100644 scripts/start-demo-with-sso.sh create mode 100644 scripts/start-with-sso.sh diff --git a/.env b/.env index 19ca5b6..81965c3 100644 --- a/.env +++ b/.env @@ -10,7 +10,8 @@ SERVER_SCHEME=https HOST_URL=http://172.17.0.1 TIMEZONE=UTC - +GITPOD_ENV=false +ENABLE_SSO=true # # OpenMRS # @@ -29,7 +30,7 @@ SPA_CONFIG_URLS=/openmrs/spa/configs/ozone-frontend-config.json SPA_DEFAULT_LOCALE=en # OpenMRS frontend and backend Docker image tag -O3_DOCKER_IMAGE_TAG= +O3_DOCKER_IMAGE_TAG=3.1.1 # # MySQL @@ -57,6 +58,8 @@ ODOO_CONFIG_PATH= ODOO_INITIALIZER_CONFIG_FILE_PATH= ODOO_DATABASE=odoo +ODOO_SERVER_ENV_CONFIG= + # # ERPNext # @@ -70,6 +73,21 @@ ERPNEXT_DB_NAME=erpnext SITE=senaite SENAITE_ADMIN_USER=admin SENAITE_ADMIN_PASSWORD=password +SENAITE_DB_NAME=senaite +SENAITE_DB_USER=senaite +SENAITE_DB_PASSWORD=password +SENAITE_DB_HOST=postgresql + +# +# Keycloak +# +KEYCLOAK_DB_USER=keycloak +KEYCLOAK_DB_PASSWORD=keycloak +KEYCLOAK_DB=keycloak +KEYCLOAK_DB_SCHEMA=keycloak +KEYCLOAK_USER=admin +KEYCLOAK_PASSWORD=password +KEYCLOAK_INTERNAL_HOST_URL=http://keycloak:8080 # # Common EIP clients config @@ -116,6 +134,7 @@ OPENMRS_PROPERTIES_PATH= OPENMRS_CORE_PATH= OPENMRS_MODULES_PATH= OPENMRS_CONFIG_PATH= +OPENMRS_TOMCAT_CONFIG_PATH= OPENMRS_PERSON_IMAGES_PATH= OPENMRS_COMPLEX_OBS_PATH= SPA_PATH= @@ -124,6 +143,7 @@ OPENMRS_OWAS_PATH= ODOO_CONFIG_PATH= ODOO_EXTRA_ADDONS= SENAITE_CONFIG_PATH= +KEYCLOAK_CONFIG_PATH= OPENMRS_FRONTEND_BINARY_PATH= OPENMRS_FRONTEND_CONFIG_PATH= EIP_OPENMRS_SENAITE_CONFIG_PATH= @@ -152,6 +172,22 @@ ODOO_HOSTNAME=erp-172-17-0-1.traefik.me SENAITE_HOSTNAME=lims-172-17-0-1.traefik.me ERPNEXT_HOSTNAME=erpnext-172-17-0-1.traefik.me FHIR_ODOO_HOSTNAME=fhir-erp-172-17-0-1.traefik.me +KEYCLOAK_HOSTNAME=auth-172-17-0-1.traefik.me + +# +# Sample SSO Client Secrets used in the demo script +# +SUPERSET_CLIENT_UUID=891b980a-9edb-4c72-a63d-1f8e488d6ad4 +SUPERSET_CLIENT_SECRET=znZK8dvk7hLOpwfU + +SENAITE_CLIENT_UUID=3b8672bf-b239-46e5-b0b6-8ba71a4bf5ac +SENAITE_CLIENT_SECRET=Vdi1xIgJiUcrF4dx + +OPENMRS_CLIENT_UUID=14b6083d-2d3c-4fb1-a75d-0f5af17be198 +OPENMRS_CLIENT_SECRET=AYmNV4AEHA0Tlxwa + +ODOO_CLIENT_UUID=70a0e2fd-2bb2-4417-9fc6-22cdca1bb5be +ODOO_CLIENT_SECRET=z3epa8rE66tUIZz6 # # Backup diff --git a/docker-compose-common.yml b/docker-compose-common.yml index c63c13d..50103e3 100644 --- a/docker-compose-common.yml +++ b/docker-compose-common.yml @@ -41,8 +41,7 @@ services: restic-compose-backup.mariadb: true postgresql: - command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10" - image: postgres:13 + command: postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10 -c max_connections=200 environment: POSTGRES_DB: postgres POSTGRES_USER: ${POSTGRES_USER} @@ -52,6 +51,7 @@ services: interval: 5s timeout: 5s retries: 5 + image: postgres:13 networks: - ozone ports: diff --git a/docker-compose-keycloak.yml b/docker-compose-keycloak.yml new file mode 100644 index 0000000..449d3ee --- /dev/null +++ b/docker-compose-keycloak.yml @@ -0,0 +1,70 @@ +services: + + keycloak: + image: docker.io/bitnami/keycloak:22.0.5 + restart: unless-stopped + volumes: + - ${KEYCLOAK_CONFIG_PATH}/realms:/keycloak-files/realm-config + - ${KEYCLOAK_CONFIG_PATH}/themes/carbon:/opt/bitnami/keycloak/themes/carbon + environment: + KC_HOSTNAME_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} + PROXY_ADDRESS_FORWARDING: "true" + KC_HTTP_ENABLED: 'true' + KC_HOSTNAME_STRICT_BACKCHANNEL: "true" + KC_PROXY: reencrypt + KC_HEALTH_ENABLED: 'true' + KC_METRICS_ENABLED: 'true' + KEYCLOAK_DATABASE_VENDOR: postgresql + KEYCLOAK_DATABASE_HOST: postgresql + KEYCLOAK_DATABASE_PORT_NUMBER: 5432 + KEYCLOAK_DATABASE_NAME: ${KEYCLOAK_DB} + KEYCLOAK_DATABASE_USER: ${KEYCLOAK_DB_USER} + KEYCLOAK_DATABASE_PASSWORD: ${KEYCLOAK_DB_PASSWORD} + KEYCLOAK_DATABASE_SCHEMA: ${KEYCLOAK_DB_SCHEMA} + KEYCLOAK_CREATE_ADMIN_USER: "true" + KEYCLOAK_ADMIN_USER: ${KEYCLOAK_USER} + KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD} + KEYCLOAK_EXTRA_ARGS_PREPENDED: "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true" + KEYCLOAK_EXTRA_ARGS: " + -Dkeycloak.profile.feature.scripts=enabled + -Dkeycloak.migration.action=import + -Dkeycloak.migration.provider=dir + -Dkeycloak.migration.dir=/keycloak-files/realm-config + -Dkeycloak.migration.strategy=OVERWRITE_EXISTING" + healthcheck: + test: ["CMD", "curl", "-f", "http://0.0.0.0:8080/health/ready"] + interval: 15s + timeout: 3s + retries: 5 + start_period: 30s + + depends_on: + postgresql: + condition: service_started + env-substitution: + condition: service_completed_successfully + networks: + ozone: + web: + labels: + traefik.enable: "true" + traefik.http.routers.keycloak.rule: "Host(`${KEYCLOAK_HOSTNAME}`)" + traefik.http.routers.keycloak.entrypoints: "websecure" + traefik.http.services.keycloak.loadbalancer.server.port: 8080 + + postgresql: + environment: + KEYCLOAK_DB: ${KEYCLOAK_DB} + KEYCLOAK_DB_SCHEMA: ${KEYCLOAK_DB_SCHEMA} + KEYCLOAK_DB_USER: ${KEYCLOAK_DB_USER} + KEYCLOAK_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD} + volumes: + - "${SQL_SCRIPTS_PATH}/postgresql/keycloak:/docker-entrypoint-initdb.d/db/keycloak" + + env-substitution: + environment: + - KEYCLOAK_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} + - KEYCLOAK_INTERNAL_HOST_URL=${KEYCLOAK_INTERNAL_HOST_URL} + +volumes: + keycloak-realm: ~ diff --git a/docker-compose-odoo-sso.yml b/docker-compose-odoo-sso.yml new file mode 100644 index 0000000..4cfa6ea --- /dev/null +++ b/docker-compose-odoo-sso.yml @@ -0,0 +1,10 @@ +services: + odoo: + environment: + - ADDONS=sale_management,stock,account_account,purchase,mrp,mrp_product_expiry,product_expiry,l10n_generic_coa,odoo_initializer,ozone_settings,server_environment,auth_oidc_environment,auth_oidc + + env-substitution: + environment: + - ODOO_PUBLIC_URL=${SERVER_SCHEME}://${ODOO_HOSTNAME} + - ODOO_CLIENT_SECRET=${ODOO_CLIENT_SECRET} + - ODOO_CLIENT_UUID=${ODOO_CLIENT_UUID} diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml new file mode 100644 index 0000000..c5cb588 --- /dev/null +++ b/docker-compose-openmrs-sso.yml @@ -0,0 +1,12 @@ +services: + openmrs: + environment: + KEYCLOAK_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} + volumes: + - "${OPENMRS_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" + - "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml" + env-substitution: + environment: + - HOST_URL=${SERVER_SCHEME}://${O3_HOSTNAME} + - KEYCLOAK_AUTH_SERVER_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} + - OPENMRS_CLIENT_SECRET=${OPENMRS_CLIENT_SECRET} diff --git a/docker-compose-openmrs.yml b/docker-compose-openmrs.yml index 19fe17b..541fcf4 100644 --- a/docker-compose-openmrs.yml +++ b/docker-compose-openmrs.yml @@ -37,7 +37,7 @@ services: networks: - ozone - web - restart: unless-stopped + restart: on-failure volumes: - "openmrs-data:/openmrs/data" - "${OPENMRS_OWAS_PATH:-openmrs-owas}:/openmrs/distribution/openmrs_owas/" diff --git a/docker-compose-senaite-sso.yml b/docker-compose-senaite-sso.yml new file mode 100644 index 0000000..9eacb89 --- /dev/null +++ b/docker-compose-senaite-sso.yml @@ -0,0 +1,38 @@ +services: + env-substitution: + environment: + - SENAITE_CLIENT_SECRET=${SENAITE_CLIENT_SECRET} + - SENAITE_CLIENT_UUID=${SENAITE_CLIENT_UUID} + + senaite: + image: mekomsolutions/senaite-ozonepro + restart: unless-stopped + environment: + - SITE=${SITE} + - PASSWORD=${SENAITE_ADMIN_PASSWORD} + - OAUTH_CONFIG_FILE=/data/oidc/client.json + - RELSTORAGE_ADAPTER_OPTIONS=type postgresql,dsn dbname='${SENAITE_DB_NAME}' user='${SENAITE_DB_USER}' password='${SENAITE_DB_PASSWORD}' host='${SENAITE_DB_HOST}', driver pg8000 + - RELSTORAGE_KEEP_HISTORY=false + - RELSTORAGE_BLOB_DIR=/home/senaite/senaitelims/blobstorage + volumes: + - ${SENAITE_CONFIG_PATH}:/data/importdata/senaite + - ${SENAITE_OIDC_CONFIG_PATH}/:/data/oidc + - ${SENAITE_BLOBSTORAGE_PATH:-senaite-blobstorage}:/home/senaite/senaitelims/blobstorage + networks: + ozone: + aliases: + - senaite + web: + depends_on: + env-substitution: + condition: service_completed_successfully + postgresql: + condition: service_healthy + + postgresql: + environment: + SENAITE_DB_NAME: ${SENAITE_DB_NAME} + SENAITE_DB_USER: ${SENAITE_DB_USER} + SENAITE_DB_PASSWORD: ${SENAITE_DB_PASSWORD} + volumes: + - "${SQL_SCRIPTS_PATH}/postgresql/senaite:/docker-entrypoint-initdb.d/db/senaite" diff --git a/openmrs/tomcat/server.xml b/openmrs/tomcat/server.xml new file mode 100644 index 0000000..c4a40ca --- /dev/null +++ b/openmrs/tomcat/server.xml @@ -0,0 +1,174 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pom.xml b/pom.xml index 4c9527f..b40f3e0 100644 --- a/pom.xml +++ b/pom.xml @@ -79,6 +79,7 @@ ${project.basedir} proxy/ + openmrs/ *docker-compose* *env scripts/ @@ -152,4 +153,4 @@ - \ No newline at end of file + diff --git a/proxy/default.conf.template b/proxy/default.conf.template index a33df8c..8a1306b 100644 --- a/proxy/default.conf.template +++ b/proxy/default.conf.template @@ -178,3 +178,14 @@ server { proxy_pass http://$fhirOdoo; } } + +server { + listen 8084; + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forward-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + set $keycloak keycloak:8080; + proxy_pass http://$keycloak; + } +} diff --git a/proxy/docker-compose.yml b/proxy/docker-compose.yml index ce5d854..af86b99 100644 --- a/proxy/docker-compose.yml +++ b/proxy/docker-compose.yml @@ -25,6 +25,7 @@ services: - "8088:8088" - "8082:8082" - "8083:8083" + - "8084:8084" volumes: - "./confs:/usr/local/apache2/conf/extra" - "${PROXY_TLS_CERTS_PATH:-proxy-tls-certs}:/etc/tls" diff --git a/readme/browse.png b/readme/browse.png deleted file mode 100644 index 3f1acfddc701cb287556591d74a112703844fd5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 345151 zcmeFZc|26_`#-K!Dn)6L#E?o}g^=tlkOugQp&-?NF{rCIp_s4hUG0r*nx$krC<+`uyc|EVIqAkn}_U}Eu zmxqUEzmcJy6%Ws@AReCW{=0X9B>|Q86ds!d8=|+eOunM!R=>T@VkwkSX|k+<4C1s%()Nmik{!)y>rC!k?fPw zBbJ^qPj;4yIv=zg{qpo|5lisc(~kfPfC3q6zL>{98;Lo=#Gfj}Z910IFTNCi5aMxv zXJS-TAuXkT=4BX(@01Sj3mv`-4bA%$&Z(*%kWlmj z^1QkGY=$n-QeBtm)Q0@o49ZuVVKI zx=5Mu@|e&2oQ~#66nTzL`eLlNo~U)8PG~LSZyeMP`>;nSoYr-Sp0P%l zGh*HD4+u1qQ?cx~_Q*KgoPI$!tLF|K^{^9oS#y1H^MwBMUhNKSRvog|PFGd76_+=pq%oDM zKF>NSCGn~$U9!bQb=w0|?z=n_1*{IH@$A~Im($GCb-1)E%XYWMoo1_(CMG@39}-2+ z+ zQsSRHfkmCjL^Wq#1xb}I(Y?>EyghbS;Mz02#KS#dmvka5_FNaZab;vse$Z|~(T{iO ziTD+*L7q*4;}Mn@L<(AOeK@Eo?E3kZh0= z_J!^j%;kCU>|L&(<)YNRz7g^Ms`A@gmX9qJhb5Mjj>ib{!;cpf3!8tN{ucKpW^isnY9YvvpCQ-8r}c~z`S$Kbh52J{`}hvU8MUA9oOQaU z5Ou-rf{ntK0`gUY?fIAS${p&C><>VHoM*V!i7Di2WxzpgVb}}k3+$7X_N|%D-Pd;LK2?%@{z^w@J{jDtA%U(q|Y3}9qN5v+g{Qx-M)27$S7e}Z?EJYBa)#@-l05F zp7?jSs=ec}eP`rP8h2-QM|G!n33ji@9DZ@|OSq76cb;d#b?b7A97}B(izDZcsO}Ak zsNH*HFJ*7`UijfXFCt%@|8n}p_>24(g@;$p3jA|0H8yqZnti_VwIkQu(wb5u(~5gW zdoK65_gw8UNQ0lnUT-ZvRvb{WdSm^%K#{%WV*a}##`Q~S29r8khAr2~x%b>VE(*wI z+%(iM^T^#_{JscZtpC2;qRc|8;-B2y1${pOtuzM{s1ZsBlAW&{qilS^W2h8wmtCzt z>{=37v}btl@Y3+_lDPLu!!0A$!}ae~il8Gp9#A8amDE6p#PD>*%i&qrMKu*fVYzs)Xfxx;))eIjt9)6}4-`VR43 z|GCJ2!oL{0q$=DxrrY$oDYVII^4jF3Nd+yZmfbD(E$S_W3_WB)=u?hA+m$WJD;7@Q zrM63XSHiwMktS`Y+Oi|dBBk^@^ey#8|qsm9MUi$Uw z^xF6C>Q(XGKi|nJ#qL; zcucKQ{h={(Evc>$KTuD&Pw)grTEAVMwjf=Yx<7S{*f3EUW8}0;DdrU}`+`}HnMZcN z8q(kYQNN$|A}c*6!uUn6WqSHXEOF1gSQd`-p4fvZ^Gj<~_%Z#1`my^5VzTk~jo$-W zn_4vSC{2c4L80TNZlfgseb<^;ePg$D1%RK}bhnH~(3|0P*`r&+hSjEjX}+#(Hs5 zc1H5+@gIMxb3pq3?ZKhDGgB_D*vPxOPj&yf;_&QN)cmu$NXxdDkz)Iq$9{`AoZzT_ zK6T~zw-d$38qZd#`<&`I_x{wiqgpCKh|RKNamVhNIGvZfq)4?`UcIssp>dQdTLnwS zF0?w%d^vZNVEeA}6r!7+|H8P@*!;`A>37rd9mrq1yh|F|*0N}mYr2}3;LDPFa5}yM;65#eZ4WZb$x;3@h-Z_Jl${ioptiocRI7*J@%ooX&%%txavpM zKULbY3HG56BG&hQdogkD>&=I^#?j;y_QpS(|NMMEe_}F=qNY`1S8@)g<1vl9STO?2 ztgnM-uQW-KqDj`Hz)O#`+sVv(y2FtLnq|$1z!oTtW06vkDBrz;U#RjXBrHH8pmknV zlQkYg_1i;Rzg{W%{Qa~1)#i7ZP&?o{b%-|q?5o!ofiJ=Jck7?mX^t&nD2CBKM*c=C zb@Yj)dZjvHPvC>oV!UX+e?HS+=<&73Jw4ldk3SY!##fPy1Fh)ny#p_rCSQM4A&ZZ< z5r!IZPH?hz88U*Yzs0}x*oJX))JEh+n)oO2F7?&vyR)sM=nSY04;e()x$bIr`@qjj)#XLCG%_V4WUm7vKM{{-KaQTEO)4RJlqh2OV^ zPm|^!V?$msR>`@g22Ke$tyWE$fcKjHhG2U~FB!LEZ&sioJy7r%|0Xy+Z8! z(jH0Q-gfxiqbu8aRs?u;qPIQ4$8QSq7cv%&!U{Os&g@}H=PWf!f7$lrR=Y{f)n#Lz zES=%|V#%W4qFi<0-5SG4}H}Gv`+r1p$?vNi{(#B{HfySp>@*M)IvfR?&BhH zN$!H&g_GKQB_t#?eVkp@t@QN&Z4O>(oxJbo_efn{{_*3-a*vhd;685h3TkR<@)s24 z6%}Q{8nV8D5B=^1$UgLy`umXoJV(#P*U88Ik)J#Kp#=B2_Z;B}KdqA|xi9*k&)IBQyB9cT;5)Q0DP7R~Q~&>U z=YQY$UoCC_x23`*W!3*~`d_#HpG|N0y7=hAy})<+Y5(tf{oDAzZ~og*Q=U8Y|C)-w z^Zch2oM`R6n)3g%Xxe*K|Cx;h*YSkAp80j~2ud0EvrPm1bN25MJl`ILu-q9Bmg(>q z>0Q1aux+_z&l@j;8^jg@%fVGh$neUp-OnTsJmT3S%f70!^Sh49z55m)_TOhphCjhW zri4!!KDl}3;Nfjwj=sM9O<(5#pG8Khk@LRolBb@%N>q~!^u@tfm>Pw@Ly13v`?Cqb zK-#j+jgp&XHzf7yow-{=dt?-Cw&)Gu>|$ zB0`bH^`&Y1l|)E}B+ZeUFush>xn(X(!*>c14lP~RDhZO3m+}xfw=O&b@9=YUH9r+l zm3x)V?Tb^UQDQ=ly0?hMaln4|KF>FO*ixt+Dr)1i+BfrR&eN_(`;R2VPkfbJr@X#R zEbe7!Y*v?I1N5lqW$ZYr8W6x;#XSpM3Y`&m6j3`n02LFUsAP+63 zkFeaBdoYIq(SGUGCt11~C_7XY#}$07hP`liBl-;I*zY6J*e1m17Ns?}Y4Z>spB6(_ zHtnN>^xFOqJ>bp0#>h|RtTfuWH5(0CeBkANdNR$U;pQ;uMT0Z2$kInimU+MPKaC@l ztI$<;pFgx+_3_!==XY(}-mj%39Aqo8l`NyTRB+{IRUj)N#8j?fp{9&ddp^+FF3$x9A!RG1Up{uqoeZ6wcLR#*sXi z3-xlQa?OfU3eOh{QxX+t%Tf$7p6om+Xvt@H2`*|)n@>AUc_(fa*^F2}+o|2PZ*7<8 zZqHNej;`0T16_<-ilR~_;n|u!tq|wPfbji0E(rxHDCPGzSLHbj>-Hqpn~Bd&2`cI~ zx9-|58r}RV!^+LU&Psks(xvORbb`++Uxwt*yS!m>dJcUi#Yz?b+XppTc;5l|hpJ2&f1Fs@< z$a>ZPSg9@?cvQInjO-2pf}XK{XDIS3(VKGW`)R4^}s z1<3^@${-H7AU;)>`E+$j%M&gYjE<0>aVQDe0i_kvxrGQ>00PoYs88D_8ct z4zN1JUf14jYEk;`DRgtl#H(9wx4&~W->RS-yW=8BQ0WXX6Y1A4P4|xDl zfXa<*8739WhX_{1HwQfkUc=I0WWm~mSCI7Y{rnk>&jg7jCfVcPaz@WtY-Rsp5%~bh zjTf?U-+2X3#sOb|2dE-sFRLNd-=TIzrXs=aQW^ORFpUD=tL+$S|9&Ouq&18t?kpBa z8UF7#=VuEmQX;UIhqoqh|CVp2S%x}g%P2amE|nanP8Jgs>niJK%oH1%`sBbJw}sRpD1_=ZB867e0#@+bj!T*t-)D;NyHz z*_2tgV8Ndo%@YP8ONd?2Ryc!XHH!YLk*d;9agKF3Ot&^=(0C84UjwB{SqO#DPNMlP z9Eye>La9T9P=dsr=dR{J)%QKXc5T??VAnylq>VxxwBqdFe)+Dcgw6rSC;Cxcx~r1k z6R1mMC`c>0c)A2T4#&vH?lQ72L7;WRolE8X$*rKwXpfwu!sqA{mj^Xvc(cro&7 z$b-JV7&}NW4K@nk;oxfuHzD+b43va|XvuK{qKIODkk!Ght*Enlag$kq|P(>%vjUu>ke+xo146)}?|O*JtifqZvoN zTg0Tx;%bObx{*~?$n2#w`0d%bG|y$;E0W%)$~J~~0yM}*r`j{~DXCOS8YkucUN?7M~@_vW>2GPzq_$+W$TuW4>s!?iJJAoE!&i`?m)!9I)%CEM3|T z?JIV$#Q~Wm33}aC2XRVIaa2ve)FB`S_$AHw&-1nOVcqqz>+9Dparkyev?tZ{Tc^|0 z>76WZfqy#*Ei4M3oj4j8IDD>9{JVNWpA{X_bOl7>=M}b7X3KB1xhdjOesss4K%{1` zu1e4;S0pP^7C5zcmJ>P@Xq~_-sSH#bDEc@T{+bZJ=h%+psl_wFb!-9u-?>{tIX>%4D_+toH>!B;@Sma>jM)+u zYB*H;AmCBhtG)3hFqw|~6<*PhleG2jW+_)$f8k=C>MdVy?{aRRV$7WZuk;w?C_mAN zN)UjAoMx^Z;9p&+D2|3kzT(y(;k(6$(C4B-(>?|6ttPE}tiu`3LP(qP4ww<^8-1^B zK zAxvFX>(O-sVqI*XyB&IhBNa$5?KB_%$pS%C+f6mtxym zz97$nc#HrV6RZ$Q$m{Ve-mn;L&eF;{$1ur(uCrRjlZh3Ys1diTft4&}(z?CESR1*~2+QtpQR6suC;DaoqFp?F~I1X~8n>?UZ+xTf4Mpr?33{ z;yHZk{fcxRPj4561ABn<4mh00I z_RE5m+Y_b)_qH`Ivtj^HNI`3$@c`P*87j*dM}2HLe35G)M~XlYSCT2u%B1(F}Z|&%4r~$b!8fvHD%SoXH`?J2a0ajnyNO+MgqN98z5UGozNpX*m# z0aF%NiiLxBwBujVxX^as-Vf&=?yqUS^qGM>E@Fxg5vbQkQTWRpK{L}Z7en`Odoobs zg62HCd2CzO>6-Q3$DZ8Hi2glW5v=&&iiTw)ye8#*ZehRFjMk-<9ra|NakqQl&eSb4 z^Qc~=fZfBkXTP1RaK2roiK9887Ti*3u+y4W0Z|A{;tli^Co3*O z;ncCy95dEeR@VlM$k(^$x!OrNS*LjjG2X+ND@jSj1WnW|-RYQ9gF}%hY;z^R@^@%8hH|pIquY`wPoD_Ucx?N&Q2$S{H|z*>OTY9K!U z!!4hX&2i4a98gy%<{WH=m#;-`M!Xc+2A@~VR4W<@uT0q?u@vnnCbR9h%%NmWz41MF z%*{xK#gFe*iCx~0VqXq^KD?*af+=^n?6XMrtOpa{&gu90CSO#S(Ck!07)}tyI=x{3 z(mHJYeG0k>f=3k`cW{5fW4f3ksQoJLEvJIQ@;C`L8;%7O;Or*EV`bSRyr^OI6&A8*Qb(&aDBX96*`13^N!cI~h)O}|XJ zT#+2zdgi{w9r*M0ZPCqoqJ}wM8Fyz*y;f$cO(raTRueD()Rf7SU9UwhwbXblO)H|2 zbA!4$5-&m~VYF2Va&HV|@I!uZPHofNtYF6!k zi^V2r`qW9@ac9Q&YMVGh_FYQzz^rX38}-P}fjj)UM_529zz0a0tzjQ#x58dQe|z)W zp%j70(49FmRCFI!(u_Nv_G1=*5o1$hBKt9eh;E0pA&K{Q~U^b_iHb*dW**!A6|z&2$C|_s{5$wtS;bhs83C(xNI#DXDYr=!-Qv zJ9hYneHC1CRlm@0r*S4Qz`@bJcLcF;FH9#sUA|fDW>m`M+xhQDj9V0I9hQFSu4bP~ z{kk<_>Ve7=D2M^Y%N00nW(Hb~+;}M=RP8TZXD3?ky^W`M}D||3E()l$l zyygDe0qhL5(tR1{JygU_U<-*X)fk9W5mI7dCBdiJDH3)3@)YDS=A_ zu8JMl>%XuseN1YtvnLxk&ADaE+WC+|U%4^>OBX^htWlDC6jBx!F}C? zkOn&oI|y1Mb`<-&a+v0(D0zcMtk4#iBO#ymzp zb7n%XEs3iyed+b-Lye|kkO6N44;-ioY!_fWc=XxZ`@Yq4qt3ZrA?K{;J#?XbLZl)B zA&S4U^Z_JhD0l&p?WQhXB_~1xI4+`r0TfZ2-r>tj7KK!IU7aBuXh)V_4{NhOn0D8( z^T-b-h*#5XqbE<%G+wfitdcm?G8dG%uAH_*H6f2<@0$Kzv7$Vc4j$-&i}K zn&ZYEV5}%vva?btP$rBDv_qqTYX|I~H{NZ|+=zPU@Z4aUFnYBk2PpGr4RFc_zFQ;d zcM|}+iK9ZmsN0T(R~)DbvAw4o*J>Jb-#GQ#Or9m?AzW<#Y@5?sc-KV#p0_91t&#qw{3ZDqJx^LtF34u;ppyzkxq^_m6$?_n5b8|D$_Nj-&oA1!!WZgk|iq z2#CY03xa@CIn(RsUtE6*L!)G@>tVe_^H?bo5cZLS!*sWd$~O{w5uBz$q9CLGI7yI= z0Gv2alT^FWew=f#`g$)*jX{1+tnx*{?K~pKE_-%(Ide#F+796E1aG zN98UJu66}~+ZFipmPVklzs}Ohw5|yP9z&kgOR6AS7sxi_wb#$xgG^A7%H#?vsGbqv zNcezKXtv-7YQ-i44LV!gZj;`(ie1 z2B7IdK)xXOP|*X6MH_A*-I&BHv54diI7Je6sBTz>5Nd0t&TIALSlp9-!xt&jo~j4w z+G{7p1hAc!kSa{vv>-)|N0n4~jGNQ?Wkqq(H9G?y06 zLY1=U*4zd0a0e(^k53OkGI)C%fj1CGPm7j*yWbPSd@eF6QHC-&B4O2I361sm_)@KC z<7uEp_@Jofs|EW!%yWs6ut(>`lRctp%+###=cKV8Ze_1FN@R_73sk_->4rTPDrh9a zoltct`(iE9>-;E&eTqE6C$%YGhn!KjK>z+gel399iB5ex_Zqd} z8rLQ;Gbm2yFgnL(l^!~aVG(s`IIHK#5y=BQU4x!GKJAbmR*+Q^@dJaOj@<&YX$W4G z+A{LseoH~~P_KHzE~2;_M0*{{j2N*hi!ss_`K}%4XW~Kdj;&76zTdd4FqH( z@meRgPi*(c--W5^4}hx)#GjN5Syn_AG?-Ij#w0gZx>d!89TuS>M0==(&RZhb^}76h z8UFdrJ%yR?>ZuD8Y^~0g3E3FEea1!Ts|%s2arxtJ)#w`C zz3%4PF88gNCN)N6kKXGVHL&MM1(+;zXnLi=R9J&EwlZ(`8=z4Na{xxRI}5%>f{-4t zQPcvu}+j6WkgJPhxDJ^SeCvE1rRRWjx@U0R3HY*4hg$tIEYJ#=)E^ zjMI`jSJb#$1X9Xxe_)Y=;jEu;xHW+4FU+qQK!(|4zqK4DLKbSUKT!c$vL3pbt6!O= zrW4)+gjGq()=)WBf-QXEO7@}fa5Lwe8em#4s;d7|?M!lobfk;b+@puR_)p`%bY~l( zql*peNpH&^@(R8)r^JZ#;&mhIUe;QYP6`s5=*t@A-<=(qUEj?_YmwUJ4L_*Ff3bMye`*XwTWll12B6M?-QqFvuc6$1_L zfCh!D4pJzcwUS&DM2+FvBjMwy15w8c&)cxVLT9q`pQBEYtjbWE`;RM!F4@C9)Mjht zA>vha2W@Dx#l9?r7==$P@Q`3r*ucIqmFPV6#QwLrA3hkbK9GLbuSgz=5-7*Fp3mid zKPO$8AU9j%1|4x)($CZKy!_JW?Jb9v)sYDZbiFySg6w3hRe)sTGY7QEZ}aO2?%60- z$vpzr`PD3E2pchlec3tCu$CT+;!vcwpd2(E%I2g{Ds&~7aH2+sRB7S=hDnsxK-vNL z8(NZP4zyMQA3Dx(e&=*D1|X%pgH~u%(5{xl11Q>J4G~Lz}sm zDc|oWcKy@>-^iQZyB>v)Pd?v6~_WPM7TA+xAsQ(>8 zC>vHzQ326D#3`%~WLdn|+(yxJ(Wt+c-gpyD``6q|-um>~77c=ALzV)LE`?s0J70Nb z>qY>3!+ZdeuFiSyHA;`b*P~+AP9I+ZNta2fuLE3&PO8T3Al@=rMM#7A) zfJo1Qz}}v^BYbU8o}dfKGiT=JbyatSC297kKATGxQQr+oJ_PD(0(ZsGbx}P{ljsGzV7}Nc)mUGM^_*;|QfFega6Nu0co7u|5Uri9GGR zVNC@jkB?4_D*JJ-o0+-^g35 zC&kEMMz`uiGeXZA{3ME72b^;!Xb)4n5BVm4x0x~TNy)-anAtD+SbDD>m=ZI|t0tW) zxI5VSv`X{DRcXmDzx>3r&7;oW@Y0x-pm$BgOGH1hV=kR9-F8nj@OfQNO1&7xp2A;f zm34JE7j>K&-y#mwP{p9g>``sr4}!D8ilJnU(4N_E$}${dg;272IBIb^IRQ%b1!jN@ zzz$>(+yK!I>vrXiUCST8TXjOXrs98~1=lp^6rTDMzO0VfAJ<}J^ABe}VGg&QlcW5i z)v;qBpy7@C0K}{Q0JHs4a!^67c`%+z?v+xG*N@cnDDuBnmycmLwGfE~b!vC5pQzjJ zHn`jT;}N8(+jsF)tHs5Z?yD>Fw^;B%BGw_DE-eJQ z;)&ddRHfM{;g|iZGn~weoTZzY?XYpw<}R!V;!{`Ce|SIJ?T2cZX7+2vK>F#4d1i>%?iN+0ycye$w|RK& zkWC7Cs2mHUWg5*bXa>+F$LDC^4n#xL3HvRnj zN(Wp6KT1rFM+Z?wtt#kL$gBiWl-^X4DtK0i#{0mcrS*dTLrt@5IlZD@?}t*~Q|H?X z_aFLfv`tXWY9h_Eq+-6rSYu<{Kv?jadSw%Xy2z(VPC0oy!N_5fh{vpVU0%AfVow#b z_JW8m`Ih>Q+hD7P#tKbQtQ34-N^3KrNuNgoDm><#g6&ttBwu6La}1VNI&4 z#&27Yt|!1n?ot~yB2PpfzD?1(iaX0(Z5IxlmH2M7d@e?O;#2sUN+^yKF2FS5JUOMK zp4h$i>xB9-mD+g?ndb4X*LCbuNvFg7*VO7)h5F zaW_H`ejG=qLh-THg6N=fZz8s5a{zjux3y3{KJBogS%x!kdH#u1nCjrJ0;RyAmNkm$ zGa?OfIPhibm%3WtMb%+a>R2iHTe;j&M~U-<|IG4)fEropm!~=4snH*bh1MzOXR8kz zWO$^qgIKjJRc5XDI$pVq+!hY1kj(rKE9{(JP7TdmiDR^!@ELU)X$f3^F$!LDUm*)>JHt{8Ow2HUk?4g0dp390VN-;;zVz&d+WYM zD8JzroQ3o}VKJ*CSadn9bs;1^p*u`h$Lyk&p`BG=O|=)|Sj~$2ieT{`!P82;IHKltU}U-C(Tr zUJOTw>B~f|qP6&5_5d>|^17lwyPLJL+Rf@^l^`WZ1FM%0+P_iHDVaexPA8ON#r&gD zLV&7yY&VIB4kAmU|HR?LDxBHm(ZOXXGY8vn^8+?Eh%>;Mpqp{^`8cW*jWrWRT|j$E zl^Zv5KCH<40l9FC7FeG$AZC!=e*`6|vbbSBk+eQwPfhw(7euT|X!fZ>B5rnrMZB zIpF3WWUKJf5gotGnY@uZrgcOHi|&3C{T)}5{nXpKoV29bFQH#B>}0?vGk#N_4;NMw zt{Es6>%a8R_$AoH#TDCBPULe#<_6;i`pkuAQ{HNzol@su z?(}YqL!y8y%elrM3o5Y{Kv*0o|6qVSY!A+n#r4>TO-|gr19KG6sZz!9uQa8ir}ssy z?kVRcBdx}{PY-a1JNel3uSuJr^91v^|KKWwHeOrgNiJm`F2iw#*}f+V&JWhC5ie3n zp`)aLY#c@g`C6V+JYlW~e6y=B-l&}nW#vD_XL8-Q_q{$|)%`ICeVEE4ygw`W6o=?R znm_V5aR#xX(IPS)Bg|GC!VkQSt z<}SZH5;UCy)yPhr+V=&;oih$wm5W1J9NMqTHJNZ$*;F4CpW>Ercp`V%x?YI7XuTZ% znZ+R($&%RyZmTPaWkeVY3i48fWi|*yqj)^ptjO5=eT<1;uPOB#J6V!{bFaoxOGLuM zG!w2`Ls~~;t#V_ z2y2%59s6}f;CYBHQfZgPs6r~G!}=y1baIC$E2LhPk#T~mcmv{D=0XK|VgR$B#$O31 z4993~s)qK&KYqP7q%VfI7${nkk3urc(CMGGg9^m{cuarXJNg!uJ_`IzWe~F5H>2Qa zu-pC>6u~km-T6PBL&yMn93>shaW$o=T_VZfcLvkOGC@;-YdwNeB&I)L6K?pKegw=O z5UNM%RMe<9T0}n^a7>74GNM8|c)z(O(+-V;y59i$34K_U!aDb*&g8wlR%oY=hM$Fs z0LppGV_koFApGt=`yUsw^7?}}_=8_cEtsq$ZuKOqq^oaE6`AN~T@gJ!kvxaj_5oRx zZUz-GDuVEGyp7PXoUewXOx*=3BR`>(n2jcdDO#es`7 zb4S=@SG*`zF(nqF)no36Rv3uFG8|D&bYWJM?=fg5obv^^>~46jl5Zn+EPJuV4(9Gr%yBbg=XE3LDCCm8v)uJNZ!x0RuipT?_>i{eAaY9ES-%Q5kgoHv_qCx&ZqbDnS(A< z$-_c1D{{K$L?~!kqUz!s;pos!a;~s8*-*^aix8T&R0qog8)?Pkwdsu=unC+%@z|T& z+JUtAFc7p7+pu-eMH*;#X24CpKiND~t+OI~Y~_&vC%~RH5V-AV2CBE7^TL;FUHiby z)KXPD)E(hZC%FWDJE8Ac{43GH24aPK4l2v-ujjyxT$kLweMea4G-nJoBlsI#8BVOA zH4xE1iTQY7H7(*dHs|VhH|EvQR6wD?h>F4wfZRl@Q~BDEJVGMj{PhX9zEvi1VAV55 zZ0i+$RsLPLTdUZ5Z{g2M)sU9f~ z*-(GUI;lvSw-mH9|9A@>bm!CqW?k7_T6kf&R3RtX3)Vk2TJz9`R6?Gib+wgHWX$iB z88C;XD#{oUv6{|FxuqEO8}gK~de~_VV+S?-DAfaWqKC@sJTxeHg5?aZz^RCgTaT$V zM?XL!P~<}7ubiZcIWTM<^V9qhueAKi$Kr-1lyXkZVsC3Nd*zbthoZF?pyQnN7)&>6 zt1WaeXOOOqqSw}vgkl2vSB~cf2 z9W}wIVMq0 zNDQBZt7{HfGG!Nj>WB@m1*8-e3cQ~Paw3WD8BkRDq3FfTL#hlmF3${(m4nnpQ-$w% zJ+OI|xe&I}{!ZXM!V&VW;((Vh7}%rUOGT0%s4d^e*4YusB{GPV>4fv-`8MqHzT?&8 z_K)cDXGq3yy@wiAIurG?GvWsTrh@rmC_|th106leay;BUz^Gnj3)?d{`hDg>sF!TR2J+aV$N9n+y#`Y7rvjZWEe&Yb!lH;$#S|GWl} z*PTZa^huOqFqyD2k5pu5fjINQUYH2^Q_55~NJTQEv^Ut-nR&VQk2ACOUx^ibC(Djx z_{)00G_p4z{dkEBS$cyDF$fl$-L*|ySYECnx?uFk&D-XCE#ab8vkggib+Qj7B_J)$ z#boC2M#B|y(1JR5{eFhki3RBjhY1SVNjErejA$j#p0&aTEoj7y&HKD<1H-jrk7Mg3 z%g9429fE|=QEIm?=-;Bd;;PIiENM;yn6EAV)pxgl3FZwxd)B~h6qoMjxK>AOf!?`sa2aKu52V*+z zcH%CsK}gx;r45|-j2l#;{Oouou|ne?HD**Zsf0az$=wUhYM`ZWOf~ky?rYevtl!^u zj0G`?+C$bRVQuJT?dP@P-a6_K<0L*FefYQ=)&ccE&GYu}1j2f37vB8XEXQy&Q}pZC zLw*k*k;mf8Fl#kohG~VdrRpTbKtC$tY>Dp((()!#{a8~?f*CEZPImlq3p=c^)XS)r zfZKMo7CC!9eOU*pzW9-v6jpOjBcN*&aUYeuRw8<5>9I*n?F!qVB9M6vBH24zTfwrY zdO>lt+G310XJ*-4ku%2E(g;RW9+O}!coQ8>R|y8ZUSzmujI>jfLGT1&?Sy`k2Cc(^y=s4aCm*(R{3gy~X-TWT|C~o~Z!L=Je`Qj( zrY2F($J0rikC#lVIcGHp90RTNOR;Js%78k8ii0|LmZ4T9@%Wzh)-1py=fu?OmHQRpo3}qSs=Yi| zLLY5af#FiNB2zlO1FDN-5$fi}$5o5Dfn*PDL`}q_f7TINE^=pfvp}!2PFHyLIL1bEzcnMB>v2Z2U7g=3$hl7Zw`2<6&yKogPo^!`BFJSk{B1Gr^ zvh(;E63nOeT9$)xX4(2o zYQ^>a3`5Y|)(m0%?-P$bU@BwbSaIx(t~iE`V6A>5*%s7RXm6S*hR)T(ftTO4FP*B) z-G`E-E}lCU_Zf!F54r$KWL*4H6j9~PL7w@$9Q~%~O{%$_G=C;+W-A&h>UTG&pV{s2zrm=j1oUY^YvZpw@=17h@frW0@CiU5` z@m(sCrU-&8i}Pdy4F&qHAby+?t>t`G4#muW4ShSou5rGt9VFd~l4JVD5rV^7EU8~! z1R4J5#?fN<7he}1A5L2%I_PXEY;A0cfcm0@++jZ9P3`;z$1-OO(vhtl*Cr}fuKtOTfdA$5GxD*c?ZnVWlr%&h{wzTDz;npMnce^+62e{HR7 z`S$Z7{HWqjiMi&3>`OoITl)m^pm!KVB1xt4!8H}gn z>IJcIf#fLM&n(kZ6HjNrhfuHq6Xr*XC36e-W7CfUWZ zEoZhkogCI5R*1_3zPC*@s{*qo#~%aTjNW*)A4=80exel>kkfV{L~ujKhygqB-^Xxy zB7iQ>TzTY$z$(0~&Z0biZaIo>2l~JmQk(5FwO_AWP42bu&2M^wT^_jb?h+N-F-GgZ9NaZZ|$S>Sv4 z+so$Yb$7vvzexaXbcv((V?+SBQU7nE{l@! zm=Cv(yFhYgO37_0g!&55l?u|VE$q2 z96sQe{bxQ9gwln97(jN8kqNR&M2DPzy(cWlp(*V0kn;UZjBSVMdXCArySyDh{pHi{ zop28=7>EY^I0a7(YHnRm3OC4zxwIM(om>5K`ALy(`I!JD zb9lm`Fg&WP308|F6;*)BaK1W001W5Bfx#IV?;tE%)2qn9Ux?W?G7Ld^L6G=10rvN! zKKRI}QmRpL$)3Q8o+vPgP8s&8$?V0@+@t&|sf8d0k!Q07IVl5w7&*j{@&yuMnhH7! zcBnIPphD-SyO8>aK=G*p&d-D5_9ykCP5BfNawoR+^>--h8mkuQg#EOhDayA6qV-;> z2+7M^OC*qoYKt1|j*zo56c0jf)6?>jO{q5}VBAWFeccIb67ufG zch=o=H4!zJk1}U#Evv%UQfwfKDP#3nK;_9oEHX<{OtA`Qp;+@b5weGpje1}BE z>Y~i;*b9pj1|31`b)Atj=mE?n!^T9n5bBYi^FC{}9uuy#+payent}MS&{U-Jpwa`@ zFvw>0rcA?L_b&me%$ZeO&i^6oy`!31*S2336A!Fy_0}QF$e)E0Rn`UgceFd0x2YCy7zwfx6gUc`1U_K)G-)l zKJ#wB>$;x+)gKQvNbG1=;|o`B{c~aA19dru$D}KTBQkRNQCl z8N_;FE4?Y~9g~1Xa0g*Rr}&Kx7=HMuuCRb~Tm6a8o~HGfKwDB*8%Iy`V@gt=M5BQq zXAF*nh<>));#VPSS$DDi4_U zzMg%wFdvB3P`7W;8M}(vM?-F+^XT}Cc=5<>_j~1{0`N(9@@1VEw&uqf`<=4oQ1nXg zY>5vDr@q@HQ;B1&TkX3wD+@^J)6LlM(UWEmH;Sv_Uw3N;pnTjg^30)c8*M#F`REAl zdDvDz4AK7H85P3y>5vPG$xDE8hl_1$CZ2Yssl|9sG;&IBX6h7c5OY6uw_omF9&gAL zm(jTpwz2FPNFN<6vZ*Pt#zi1(+Vw)N>fgCq2MJ?WhTy3-kqk*E&rTzWuZvH9GxmR4 zYXjhqA74IBIuP~mHZOXzMz*)USDMJQ-6a43P*(i z4-sgVbTWyf!2;Ed$Hbm&LvM8=>L8E2zO{lBewOiWT&wrB3tR`4 ztimAZ_;L*SPDy50fO}o=$?uOVIOXqBc--yPvd&1Gqho`r(pZZmV z-@c4ol)3aibapD4_TolU*}&q?q1f%!14gLKg01=+hV%i?vXh`=U#j7Ym!&?SbZiHR z>_sS%?H$oEROivC`Kkkkq0ggwj}r zbI>(njp!LxY}PL*u#WbB-^VU|{#;}1T+?F_@(Khkt>wTGSSnOUr%lmM7H7GS-;#Aw~+DmgU5@S5Pv)N7aDOD@tpL+s7 z1Ajw%K{!3go+3$-+(FQp3&!beH{Q!}2FIXU!2-e>I0R>A5W#{-Nq$0t3VKvOI^FPZ z8V0(tRM2p#;`bKO|8;SF$zo3toQx2$+_+XG-d$WX5z6X-vipJ{%=d(FUYj(Wzv84y zOzTRA?2C(<;_^o-7P~)+Jveplbz$-%`5F~rC|KfM1^BqFflpj?*L1(s3Pk82Dk4{Qb6xd7= zBR6}39wxYHxZsgz@7MvT4t1m05K=)DumW=IwE^i%dc6T=>FehmjbF3pj$vBzkYiVW z$Xs@l%NgD6{Of@KzK&rHzo-=A-lQo8HHioXN6eUn4HbxDxdS2z;42T)fAgX|&?(mG zyO0RZ=VAR1jl=o^3*owjkSq$By9BeeUoKK1j}J$@l{C)%Z#Na_l^&SP%*N}2&v!Oa zNMnMz^9dn8S0;SB)T~k%EDB@nJ=44AD+GRqz|p!Q7fxup2@&2GEk_}fV@#@|5@dlC z%KRq!q63hslk&_VpIICj_!{ryEj4f4)CTYvEaVVh>9OMchv;gTiZh*;Ft2-l`oDk< zJ|ZGS9AATdv45_84%JFDiVl6%s2kNt?wlzit+U|Fva19dI8tpTI75#_-gmT;V0_kW^FcRd1O9Lrc$L$k&=zayg zty9M3eZ;#OkFP~J@6MXa;BB{LZe$x=EsJsJTqIfLvp!cX{|cXcK44UZ=o)(e4MVqS z52-X-cxgU+E$Ol5ZRmQUk%T^$KRgsm(3^Q1Lm#VCf%o6PxOZ3N|MiF^p6=ZACscdd zWNJjL#e(#BOBL`3*k5$Ui;g(Tbohv$51~*$h;5q@O88(_ooW?dP9x)o(+pl|UV#Lj z2u=Z_`Q-w01t65bY0zl~Les$Cn+quj-q(EvGwCscd#4R6zh-}VD-tL!5fZXKn7JJ- z6XP(zGT05CO;SjOr;CM6>S;@KUae%tIeNmO?0}rn9wpvZ#1kWZM&4CJHefGiaORG0 zwX&;y7A%>@fA8nrgN6vzM_Tk7X!9r=1vomvGCF1P`Z%s~ZJ)j2!XfOQTo-Nb3UFh_zF!15K?!Y{AKTCzqp${lotg!V`|LD zE9Vax^wt&FQj=n=3{%-Wop~9s`pRC{ae@!qHEiyhVz&S2?^db_L8>+~SEc;dQ`{Me z*gxq+VAE?NXfepm81%FGPw5dAdsdHlW!*H(G9zAjA6wxyyO4f1%YyeqhJY*H_(`hp zCE#wl*Kzp`-k^|RR9>=`B6vOVGX9PQs<4OD@y%;dmB@CrOs3opon-NBYV4B0Q4hps zySE+Yevd2QnP3Uh7ca7Ri`D8@?f%;!U}4WFP`haZ5&`enh{9{uyt!{JCq0G%bv2Rg zY9KDfZpr!)1-r*wO@#JE|M*U^aNie$3E)~GajQ76M<(}IXaKz$I<=emwtT)mK*do zr}DFW@$=}dC7Qs$HCo)1cG}|7pa19MsqWbxk#*=4>H*O1X1=3sf9|XF|8p^p#J-)u z0#b$ZM%6~s3IeoM?2T9?Tv0A?yF;qv9I z{X@=p8G4d-L)j4b{2STqR8#3I5Gzj{6lt2^aI41i`aQFS6nFv%g~&Vr&;HB2Xx9hO zjz4oI_Id5tIfoz6&8o&Trt=~eX`61%eJ#6MHcYD`W{0)g{0UB+;J(k=4BjF}1 zlmd-E`(;nO9DnV;X)8>2{@XEohR0ZKnKJV3y9Y*z?{@#M?96u9$&bPcSvbMwCkrIE zU+`rg<<0x4UQkI^l8yxWWEO~lu#d{#Nv~fL5_WcFeKnf z>%iVpbVVDGa{4QR7k(JUlR_72UBo0WOX+(iUG6MCJCZcG^w+k2QEuz$XN;Y;&)g>) zm9;w;4*27%jq`z}*wMTjNDtF&Pan;I6Ow2%UbRA%Iqg==Rten_FsiOA!^=J8LpE)? z0vOWR)t5w6@U&dd6W{+#QRkF*H1>{Q5n;?EjO`G=KlSv-k;-Cg(}A-1TMph8k1eNC zmr!z~%tJb3!{B9X{smICr#qZIdkC8RLALIH)vV^xE6`zv z{Cgtr*e>}&Zl(yB?q!kWh~gM9!dCl(Na0OZ+>WcSB1UxOc4Et4s0Xud&OEiW_ycq~ zURryu$U99pG1SQ{5X4(eF~)cwtMW!(bLXv#{EDzT&W`k@D-993E-LErvAX%49u583 z%l-)#h=u+YjbvXx`}IBWU;qACj}GqqJrCN3(W|<2vN_Jdg)&yzD-C1H(Q{*pR;x0+G;^FLNCFSTYg${v4`Wc$Bb z_(xR-ChLlA4SNh01+;LwJDhiCo={Ag&iteoL%lIt;Yui+8Uz*_P7-hh8|9t|fw<&X zma?g#BWFDkRDTOwI;!&#(1GlEA1g6{Gpf=;{uupjn6Nk9s%MQ9#H~K-XnMc3R^$F$ z)I~OPnK}F+%)W36pb{@TD^~|j&YxKI5XDr(H*PlpqIxy3 zXA5j33}2Qs&`Do>#U#Ll2Y_kR&)$ylpH1nFm(6N5W4~;D+KzO;M30UyP46PKi=S2_ z_uFE7;z}J`O(JqC9D|lUbvz%EJti7+^?g_3x)acqpY&%wl5}Fc#`P8p#}?9|0Vwk- zWa1rv&xuOTbKaHxaO6fE0a3!~3BvY+S0g1o;-OrZXjz~+d<45V8Aj&WGy4)ED)l+D z$(g({8nj}law~^7|KvX&vs7F&m$jH-)i`|w=ijnRx)Gz)Py*Ci%CTza(cuCDdC_li zd3(8GO$n#6%y#iSq5ll)pi?LM>6(X}d;rVhb7vH}#+#f3ARVkXyaAY=TNg<&k_4zi z9<=}4Lpk7mG=8z;oVH5`^r zK0M`pO25#6*|MMa*I(D?4nOUeGk4P=b4t3a8_0zt;pq)(@4H&!R_1>`rAh@h#a!EE%)m+aD6f4cV0%ZaSVLy&lRM;W|g^#Q9zp zuXBc~klXLuAMAT#)pvWA=&6)z`6J~^?w^a-SIc8;D?-M5s2yIo{E)f#z`lt|Wz-Aj5mp{d)BCA!DF( zpF34QmH0d*^QpSphJmXcDL4Jbd^)s&E4Y{S`a(En1@0+jsm%^4<86%1D>GWCwe@HV z-OIErCOShAGJh@hUMBlLrtV?F{$W!1oDnFLJ_8bN64T@Tp8v4clYBWI_4von{Rs$^ zUF(Ml=1RQ;^e@$LSgry{{>p-=BA2$(c{V}y%1DI|z7p`2lSWN-1G(Hv;BC-|?JTU& zu&{#&MkDNWzsj+?t_O6a4fYB~hM zFjjlL?Z{Z2*sFzN)}xmPk^uFW>%(@ZeNyv{2W7MC9G&Cf&L1V$E5dQt{TguGLY#pR zyU|2;NMpE@s*xApZap`sTc=A%p4C9y|BRHjV4R8uOP{47;H47kP|t(a-Woyp1%A&HWK6InI6|b(VtBSeKVL?x_qnk@t)puPg*h zYGKcKPn^fO)s60^2bADj?S&{7h0uD3@&RmEYFVSE4l9v&u73NSF4inInE%Y&U z9BQVhg5F9aGXuT(8ZDcWY%Q~=QNY4@3#LGVh~D==s!8pBt%%Z7vPibRZkM-YA3{m( z)bmm4FKNGz1rxGpBMi==uC^w)Ol-F6O5lI&{6C$? z3U1J}P?gP3g;q3>=nTmWwUAWBe}j!iPvxKig0w^xfQ@*TE4^1-3d zcw%Rylq}D|dezM|(iBk4j%5ef9|MZ)P~hVl-NXPcQ^=JBL zEN4Ap?dgRbn!btQcUS=7T2uab2(~qEf#X*8n}py*#Sr0_RGR$5oN{#^f(l?U$mW#=F&Y$46}u{g1mJ2XQngrg8GQv*jO=em}x8 zB_o)Gj7-UfD*f42Ba%^Z6CHjb9ruhnWAe$5PYlG!hSSyH3Ct}SFE5EYR~u%p;Z{2J zWWFjO%{uko{>N=}dv@^Db~I*f4%J`>`3V+Y9)aWa4I|cqs~`Aai;6JkjlHM1UHTH@E#ScmslhdgfH%>zY&7?67=6m>su@7<&+rI`Sk}4{~k4GX(uUN?7 zL5?0{|S+nqVFPMyYSl`W?{0Mg*? z&z#vlZz0=#_dOU>OIRE-+$ukmmd|=w=P$lbRkLC&ShYONArrZ^2=|Vl6YbA^5$1xp zxm2qNij^qkQ|D@GJOFaTM8C$v1e?^`384cySvUTp*xr}f{$x5g@lD#sa#dw%z(9@Mf`w;IJM?!)w+kMR$2bf4;aaqd)KJNq<=oy{I#K51t!s24>h zpUf}nQN=84h4}kq`}Y~c!`wq2)T)rhaS!SRkQKKQUUH3gkP>pFwj}&T{-Sk=&o`^` zTT00&X6AB8?LMb-Z|+z@bA3mG)ZOF38~K?ELgtJVDK&}iEf_V-l)-LxbQk1Le10qc z>W@^cHbr;WZl%DnJG&Q32#dkF<$gi>o%Nsfr%@Je5|Az2*{YB8@bDRWcY_9yZ`Xfx zREb&#?-^ed%zH&Rm#&LhxinZw;P8)!OMr&l9f!Eboa;vqfEksPdGb369sEDZ!{qae z&C(DJ{`wGgyEAH77V&+EVFM12vl*dw34XZCzYstuPd27ihBrwG?1npL(crf6r8XyT z70@HKYg08ck1{=LF0IqYsv7D9X*QV_5o-);8>}{O3tuEcF_zSLBv>K{iZ~lc+=s0= z6iB#+R=TLFmW>n$$tfUHIVFUE3GdAcp}vpu)$~(n&L^U{1Nr;@0>%N}1wz;ab2r6R z6DYY^o$h^8PyX9YREEdK5=8rogj|;9(p1+CwoVwK;BlybcK=M1Nn==+J z@>_GJx;3~hdj7rh`Cz#F#;TZo>U zI+@_-^17AwUSy<&qpOJCU!L_kOc1ZC*fEs8G^v{1NTZEM&Gx40l*Ja`W+y2lZ|lvO z{Rm9>qy_f)RZ@+a_$J?ZM-o&%aae8up!eWAPFGKdtXuPjiXS`-a%p=jWwhfZLPPdB z_<3TCl9&s^?@QjkkeS4`Ygc{Fdg*DV)NMO<*Kb7ZFeXknMiuY@ zZ~jTJ!STbo`|>BS%{67NNUgoRPo~9MeGr2#J5SyXp;>iG(!-iu*$=6(SiwXa*%Rg8 zu90HF2K!Qb{@nX7;i5Er&*q@#N)si%+s70%(CSzqRXY6!8m{OR=+x_<0&96ODVX`tHoUo!|=RrffefVINu1><3uaDnCL4Gy*>jP|` z+=C3D+k=&w;5Pfhm;KQ0_5fTHKMbLsPjHoI{@o#g?{`eQL)2@~2yS6!{+5P3wc$RS z0H#V~oJ!R#xT#gF@$*yRz1mLX{T&I$fj;*#X~u-F-#|0}ZvL8g?kUp1;X+%*iSW>0 z*A&-?H0kukA>XyDN&yK$<3G+gPbAV-!0VSjLY3e7_5h1tnkheQtjayDv$J9ytVjWd zqqo=q6d?f5s<=Xp4RNTk!>J)6Co_RbU~QoMEgAczBO>z~{QL($m7Cjk>y4h#*bW9P zm+H+0mMzAp`iEpC{ot{49?3O`AJw{78YY6XC9Kt74MYrMt1=j!95^rT8ONaLi?MS8u*{)NlUv(Sn>ku4n6)RJ>s@)*D z&4ZNeH8&pnS{+=G~AS*v(PDYwTguuExts(oot28x*6vC3uT!d|X zrG9tl@*YhQ9b>EXmX3V5Ba!)3B2O>CO)_QfNv=A4p)2>Un8&;VPQ#y*nwhB(F*jny z&V)$YG25scFd_cwhEG_=O_`b$K?*KVy>`vFpu0breWfUTP+V>XEgpX7tAC16xkmn0 z#I`VE{L|Ld#f*FuXNmt*^1;i0X1qt%2PO|e(rp>VRBzyx{1^|CZ3Hs^%HruxZ(M2d z((MMby7BxaS16>OvvLRk&yFZ-;ng zXix_gXhv+{{`W&nIch(dJ-m^jjxUqR;P4O5C$Z-O~OKS$%?HvGG_i5JrCLtP6&Z$BO~*UOzM+{^(K{CZ{4vz`;kz*O3i^@^dsh_1A5 zxc-{!6->l{-OiP>3-{=*!U@=%n%t5;?l5U})TMkfK&^Qby2 zt!yO|JPUYp;3ppAhA^_=?3xk`GXP%YO|CL~BWuNbjVdhRPKe@zCO{JrPhO7h>ecq< zWR2G^55`{i-W+q!X!RC6s9=3zWP)W+RK=Ltk>?bM^~cud{&;ymy0R(N4x$krd@`U* zTvta|jtk0ESZ4k-W_7iD3%(U*5o!(rAO7mEgRHKkmxI*eU^ zpS*mhgIF_OkFa7UFJgZIG+X&5=dR{E=0OdE33hdjHi$ndYJ&F~DgVS7K|?V5fHr12 z1oR2s-V;K>hPXtJ`$?#p&qRoYtNeP7=-?8g%3cU>p-yjK;WOb6?5i6;$zts_Cx2_? zZt!jEu*YkQIKhXO#{y?4^F0+n{78vWfGoj!vjCvbEi(!!S?bqH|Nl3hxjvcfOWYg-!G#X1eMC2C#(H`#zCa6;5xal~^et|!+ zvgNh0m;UQT6vqn7xEEDDw(XgNBjQhtR{A<0-Un4rPMc#5%)n z$QJM)AW{JzhUU>OKxM@+G9fq}r48bCDjQJQrl>1Ifr7{}E#VZ5@4~Fi2d-3uXa@g& ztR(5mp@i!MgT?LiteR!AfbQN6@X1jsUImk)tpb^O8>T}DZr94li#KqSg1!7VHwCWr z+`Zj?Jq4yyw^ln7j{vk1qy6yl_U)goepH+O4c;HxE}p<$K3Qf4=pmxk-V*~lDf&p- z-jvESqnAH-USx4_+-n6OCvsqwYN)C^+V^JK%|0WXJFnAFYM~%%VJ#@@$fi}E%A>E^ zEzh^d#DXvW617hWRtPVf?*3#O<=7PJ(REwIcl08LYZkcr?K4(?s8FQty+UlY8jJs$ z1}rSn9G--y@9pS3IJH)| zHvP2Ajw*<4t8S4ME;Ryht_l=($uGuILL>0arx%?+d7n#y)eaM;!h4tG&OX=XC?+@nRyznziFL*5dqGMTf~kw^3f=wtPj4A(zBZCtHmZw^cDZY zy>Obp60|xfAADOKj)>XEqAWfejX2^*Pq0eAG!Z=P zlVIR?(vGqnLWPQ&@r16} z>~h>%!F}it%i&@$PO;XVhI-l&pWSUlL^~CU`_FW582=#~9!{aScuEDA{VWp&H-?lRExnr|dv{8zrK;g5N) ze=Ou9`YMhVnXqUVC)Z;1CY7jTQ9#V3(tEiYyMp(&#%9=fO^sCNag7PK^@-GeMUBwD zSUm9<+@L?y|6BgW#F<0K5us$>1hJ7-j08V|En4FSvI2&zEqOcsXrI5sfeTqN8M-)5 zw^YaHJgU?;<`ht?Z0E+ZsVH;ahZu{#LG-o-k^2~he(W4)Js&p6J^go&apV4oA7=Ky z#()%*ZKfLV?syuKs)S$Rc&<_mt=h+59H(_UeGst`sGs z@u{U!Ij1NY|7QY=5kFs#TWnjou(>;u0jpegvBtfMC54#Ats$rZU=(+{Drfa0zG|fo z25ecd?|6c+>|*%PKxS!?$gNnIe-*pl*_u0YUpbzLkXc{PX$**ENRH*`xF zVpXw>nIOpq{`BkuO{cXUk9Z~O1~>n?ufi!6jO;OdUXUV&4l)eGOP;GiPMR5p-gopm z3wJ2p$W3sI4yB`?Fww}fDLEO z`#MK{yMc5|ri&H$9yK8lQ&+m{1o*;Cp+B$VLIOAr)4uP2EENyr0q?{%xa7K^DaaED z=1+eCzKxEM(Q`RV*BXfFaZO9Y#V&h-d>dN%V%TQ4ygl`nlCToFcz$>lZ{H5mOsV}a zPQG64kwh`7YXG=aU^+&XbkBZ0{8QbGoFZ>Q2P^-&^~r0D67L5(+=VAi|E=mDmk2nG zeMlGg4mLU_hLr3_+?h%c%&7tWOQJq&z>;LKxXNmb9IwKD5(+*c7w=<6X z*h+_m)5(A&5{$NRZsZPP+@PEv780SWqeOvu7&3otmrO#x@s=r!+eZzGpjEx8R>p~Z zH|qv~zvEDs`dReqUy3>jp@+%T^B?P0AH0Pzl=EKpjJqz+S89YtD}Z1~G&75K0npbI zE}%ERD`voiOqhnoQEwD$9s)hx)@AYv)6S$^z@2O(nq3c<8?&Yyf`voI6rpQt(U=#> z^1R^=9U6*vH1?lgaqutE!DXjjD|q3H0zv%^*19Cq`LOTNpT`U|T!N>y2zyIK+fI|9 zO57`ZK&S4-*DpUV?{_#RAL8^Q%sM8X%SU6IElq#)luLr{C@O!&O|0<*i>Y|-}*MZ^7z_Kdtga{m6?M;0e`zTNIuF}bLU-(vz&#pA!kXgdBu&fH0E ztoO(lA01@7I%In$=3+X36tWJpq3ooW{`>rUcb~$D(_?qBhH{Mz2beEjEAk8{p0&n- zrZgO-uam|jXs@TP|*f+5?_oi~Xo53iy^Lbf~f7wkl ztnB^Dkq-{eAvtwZ-z_s7&^&iB`a{xkhDGC-I!{h$dR&Z`8eCLi4@DG3cPO)f&)?$R zJFkWCNJx8VPlTtGJ*q-zz!R!xs5TkynPC@9$Ax@j)`~W|DTl+Y$7tI~>VI4>Xx&q! z$6vVB>NRgazp|~NM4Cc2f1zHp61@LU__M~U$sk%&kSmH6rQs36QT$i0-Ryg!7x95M zO%(}Sp72l;ZCvaE$&^Z_N`9%98BTjoP9fdKFFlkQHtWJRxLb`>jNVM$s&TE}UyxES z=eY^D-;>%THQJ(RCx&z%N#@w0vroSrwU0nf=QeQSP?n0^IFta+f~~!V4T2d-2_7sa z!DfPyW)1(r8ps!nO%@XV#XBQ77ui3xR>rZ1r_P1(*fyDD;g+rrh&OC1%3|e9nKaGS zk++tK5phT0h8_7v_?17aaU`v7tD47e1Aq50nOZ%1dHjg3!ET{|?Cmb#poJm5lA6Em zR$bl|SYa<){ZVIsiF5Y7;@8>`wuY<;A~2c^cBwP3(T3J zynHZ4IV!zwbMiM=j>IrCA(+s?LOj!CV=U+naDL7(o_^Jv*?)W^$-lx?X=kWLsFx~U zFP+*FZ+R27KX>^OrmHnCUd*~{_9VVKind*+1#A(&pEXn<0+^Ww**`YuM4d&jZ`u!c zz(mSp9evaJ=*DbctFevxtGn2M)ovn-S^&Ra?$_n!Xrf=eGxhL}@1dpJx^H55r!N9- z+NSx=lNJzgKoaBBl^CUw`-++qSMPM{*cB8Kv51S&)hSJ-d*Qr~3m+gL-F~R&n7n^Y_8H~(zw(#2`hONm)$8?lRHGX1aRWzEGcz1OT+vGVb6boUWc3Kb zw$3M0S37JDBxDvSJ(`>?bn<7DKG^?aR~*L6px78xl1lcKr$+j+q; zB5s$Ys`x(-VlwAqGscV8H6G+Hp&T|+&j7+$nBJrtNnHB!2Vya+U*VeM-o2JrC9nON z^Jp`2Zr1_Io1fcf9Byqtec;&P?UAuJj+@-hI=U01bSY8H_TB0Ygq6VF?zVmKbPSIZdog3$O?>^6db4s#lzr#;^nacU#56<2<5G4ucms_;P z3rX>lF=t{TgBoY#D1ZrxaH0(}_PeH}0$7GE;;H_Zm3MXocSckyb^sI7?QV)fJxa}E&?gpeM;1(V@Nm8R{|6Oybr`MW?4Au9u#%lK|BRR(k= zgdj7L@}zYEfG6Y=TFVY4aj3R-w`ZEstKW&g12*naV7 zo5mY3#~nxhY}jZ*er>02K3MXKlq530mj8|!HGLgLL3#L+14zaN6HWmQCXkH&cDH;K zp6q#R-|VgGcHF&wsQ$;eAS`nQKjMt`EQ5|rxzC>PH5asd{~SVhw>d-o*sgy%QvK9r zdxkcHo)1qV1`F-A8E5tFjW*sogPVFS_FzqV7`fAB!%Uw7;_~JA`OCVYb4Va%8Mp4< z=W~=iNowSL*=+A$qK<{@hV}ps)Le}xxi1+AfR|3~HFiLSn4C~ZJkYtvai`{vW09$^ zF5>$9$fbzKe@;03Jg)sCz1NH($(8Uu4ghT=5YHU|77q9QfZ@!uk`qs_q| zCdrQu{dNCyTawn*VFefYyTQHdd2(ID+r8=Y@X%6G-kjg_L@RT<*=w6YmWsVmd@}{_ zOQZogklLgfY<5O4HIu0rTD?46#!ODqIIhka?0=H$=#KmvmHlg1Gn^{qqZF2Idz+9D0kpO0w3@0d-=_21@T~{9)d+i<&|2a-_EN%s5sHV zJ%Btgw{WE{9W-&;a`7l|(^`Sh8E-7Tq*TMgI4eI?tki5SPxR9H`ywUOCUQE%KU9D2&j}EehGsxcH=P_%+?_g_4 z(2VD7nZ{oxQ`>Vy!0|F798~ZUEm8}P+RzOZ%)kVB{1#B-4kLwTcZ@lB?W6B+ToyJq zBTq@IX{78C{sxg?$l7#dHDI(aWyTnBo^=9Il8ol3Fth-H(C=%UMkB~AFDCAdE_SUb zYN?U#>8-L7M%EYE5^Ug*s_TN$Tk;#{i6(?64%&LhjM{ZY+J|G+8E*AJ{f$a+b$`ac zmXxO0b4V$uw)F>askhaBprXRR&{_)NTgQ#v1WV4auwc*Q7T5O+4QPKXZ+_l}`Oag) zkmIi+Z1hr!^C9#a{BM!-(wG%b{I83_Upu<5%z?AlhiU|vP_^3vpmyCr_=?CLMZORp z4e!}CE8(bL(-fJCsYK=9vaXoR0p zahtc<0mC*pFX)3g-w(l>!*xOv!=}XG&w4kI!#UJY{rQievq6Ajh0k6IrzPDyvwrY* zqyVS*&%jZ&+6k}_CgHDQrh*-)V4~Z2nQKU%I~G&hFEcxt>+obt#%`$mM`W64Ja%yf zZzP%yTL#HJvW?f=n;7HiktD*f;S~#|Oy%J-p3l`Q19Mz)EOIrx>BtZ9pKp$WwA@-r z(bHsxZRGQnmJ>=#Ka)f{4~6TRRXVK>7)fM=`#-c{us};K`GTp(7Q$jRozT*~;um`k zH77?I>=^EYtB8Q=1Ir%2uYZzXC5DCmsve%>T$zoH_R4cM3x2v?QRmE)sO^NRQ@_52 zs_Ducw6iuzsUJ_f{`adkIeUk|d0lmN8!}_Um?+-1lEo}7r~H-I8a@!ObVX^i?3|!L z@!oNr>mNncdIc79D?evuoMm78QeKwzF`GXPdjB+*()ypLd+uQ5@@te>mrzCqvUop8 z1_JJDJ%OLAGiX24eiwz$wKcmm$qP?yF}cNu@51olPVB*NH>}$><%GePUnySLtWiYG zh4ikcr+Zt^Jh7p z5qdViVdA0+VIZVUMUVq%0OL=(L&V1pp*I&5Dt{Yz)Ma!$zEsv=S;cF2e=YGbko3D5 zgu3TTxgOa7pQO;ek(p<@#sTmjTs-9$UEXQ!+*B66*$S$Du#6On4k+F{A*(JQ3jw8v z($#1GR`<`N?a~N-JpSz1j$aBhnc+BI1I`NGy(bJS1M#TG@hKXG#+^E>ojUv$tx2H zi7%}gI+;fFQ62C$QYUe6Vs}T$;!5Yc#1>e@q*1?y)8cFN{h0D<+n5;1x1>__*#)H- z1nJx|9OBrreer}vc6`GNq>sPDcC1HE9adT9nWO|`_ls@EZux%n|C1S{4H95w*k!$N1BvF?Qado^q3GN+klgr zUNrg8_-K=@g}&=m5&HFKk^Q0isjtf)O64@=PTTI%?(``Rip$gK{jj@r!aOBuY4*vb zm~YrEN_nuTkexNddJ#Max}1v5C<@w=|877%V+_QSzV5y_m^59bcR z3{mmMpS|s|)v~Z=O7xZ2@) z&R>x>Zg0I=9iptb{Ku*$7z05d=Ba~fVV<1h?C?H=Z7<`p4QA7{`L(B>pA0*r6Ux4^ zk`Ra5qFmYnx-Bqc72{=u-sNE51k4c#P1LK+vmf;%jeFCZmOfDc7fkmh8A$j#AK(IY zehb~kvOt84blJ<}zQSD9`=U^#F4D9P>FgS>@%w^RNy&)vxke^b)*|C)k6G}&F+a4S z4Vk09ta0YPpU&A=!XrAN!0HeBZGQFgE%X2f`0;iCeYZ##Q?H$j{%SkCsv!7Ag9$nH z!CoA|Po$C%v99qDJog&4Rx9};5@?9#^I=%8h%c=h!NJpCUUq5Vz*xfiK-%4j_0KqE zu+TFlZ@CmY+G|2(*Edw=l?3YaX?Gkh%mSjuifimbC z)P}w&P4Z!0Zw&Oo?=g~-CE8mza?cNCh({ASw4VKRYO`T5Za z`5NCME8c|!cjDMw*%|quR{;fw^bh*GOwW!P?C2f85;;*qwmkC~Wbj+vhkBFT0b9k}+7iN2!xn1+k zoo_D&Z%g!U*>+r&9(?E4{f=bO%wG@nJ?7lUV413@J(2f&tukAiqZykgFZFBaM??<6 zC_}K&&Ue9XUs#eWQc2YvhajN1@V;jpG`7*Be*HuFg4AP)l_NV|3q9UG^Shs5((7)d z0vS#U>fQR59w4iu^7OK39fD|Y83?MWl4TZ2pRN58-jNTtjYn>uK*V*?}7ugkiTi-0ws@ z_raG8=zbZU&4g~vX%pEmHdf*;DebxWrTRxOA$j-s@3{5uCF+Vd$+_T}WwSzZZH=n) zKN?)1Z0E#12L_`@Z(lD?|E?<*Y4<+_qP9C{Z-}$r_xR>=+N`wxyP1@SCda# zcGPSh*rgy(-fOzcCz@WhwyZPz=HJ{J+1i5VX?Q_r-TTrjX z444qU-YdjslKE*-_PF(ST|t08U^$HDW`{1c;vE1>LoS%ywsq-bBB%Z9pzGQq1{X2x z?=o-JHZp0r_Wh8gYcw&)$2Qn*P_ML)S(bpPTy;A)+UY(VZ@A1}yNe&kyXJ3Qo(izq zL2jLD(A!~Ayt@9TH1TF+>qsb73mGuKRG=FGkeCb1Dv&Q*v;Fc zKxcfb2PS;Mz0ymAZU~9_r&4WdyzCIWPKs&n{g2+uac7#!jnq zl#7LpEy<=Os`{cY4(+x{*^W@6ss61Ab}Tb8KZd=)>3sJkfjhZiEvfTlc;pItXQfV} zB^=2;MZ{jfPd*PHeI<9WSvT|_Q3b~zf;9AmIKKyPWchwqOW50m@T(8{cu#TAChigc z@oh!myJpR2!F8?DE?@58#`=v_u38~i-e@wLV^VKQBJVmoCm}Ig1e}T`In;C{xa;PD zPpb!$S`;k0w|R^WygYpt-+w;!y629JE-eJPOixXb~@MqA>+Y3oU-#0?;-yAe%9($_2&+5GS;CZaqtbg*s zBIbAV?qe+(Yr4^8N4sA1GZ!UQKh(n7pV=?g3!4SLTR>H6Nro!}+b1gF80xcCz|JBi zHhH7apmv<@Wz}JJ{b!{8Mm@0&Llzd$(tH7?&&nv@0dO*Oo8>ihnI2>3FJNmBPB48>cmMSIVSU~RA}JKT1msv+@r@j(I3_YNva1>a{1f_$F`)(^!g zd7!PiTk=T6Brw2HyG>JZo3Xf~-1CP+#3xd%?DdBy??pt+h)x4@TpS~d#!tw_ykILL z8Tn-`A+j!)|6hauY18K*3(wKYB$>Cs7$f(Z<(h+QC|q3OpL*?de}&t4J8$1IHz=p- zMm*G@XuK;X8XS7DP$NOsfOW#zvk_-0xBgJr=?d#@5!50*=JRYcP3oCZP_V~5Sr#R8 ze|X#5B%LbL5q2&z?|Ewd`K-QMGLq&Bo=TA))_xU8m(T9LeayuxR4FgK^sBhXNlCfV zw_xbh_8CF0kr5%wz-Ry3{Pt<{gHZOQ$k0no-%fW?RCS;GmV(iU!S08w%3_G)dL$Ax zH&X9MD@mx=J3!ghI)On}*|Oh|)jG)Rp}rjKn}Pjv(vWDSz`I8;Euilf$Q+M8d$vdY zmg;P{f|RNklb@cZtr&+bd2;T&g(Eo?u5QJj5u1+cUYqc}AAf2`+1T3@ zdhsCPs_|xkk7=Q{*zwu-bEOMLT5Bp4Gj;4|S;R_u+Mp>xo&D%Z?kX!Au8iTs2r4qw zW13&3W6qAo>tc;=A=tYYFIyuJ;$ly3rw1x1jow4+z1iqXs@Px6`=!$5w|oE-KHONz zRjY(3qyL3wU=I#Vx~BcZu;afF(>3})34R1bdH;5;NDzFoJ>Q_{;5!4q*WSxJUnZ3- zH|#u=1>4uR&D!|!PR#>R6E}tp_dAgMJ@8AhAmgPG8H@EB?Lg}3@y^TN8a9N=b2?4i zH5NeIA9mPC-4ITJp!d4?oK!ex@VD!{HVw@xa!v)j48J0SexC0bSlL{S4aLT+0X!jO zR{Ie>X2{AnFXj&ju&eV%vQT)HW6#%%w$io>9C0#&T(aljVP|csJ&w6(AURz#gOAZN zc;Jt5`RNhLQlWeI8jSwWT>#!z@%q%^`uC+N55%LrpYF*#VFhn$sCFyKua_!Uex_#w ztTZ}z0rpc++?B-cj2P(p$+81gXLLlMcP3aRL2;`Vu&s5*b5U^VFM!S&tsSq?73b$e zSv7b79bLzHAErztMybS%y`lvr+1JSEBP3z9EZ8y*ZaI)+j(9Y z2NTm*oqnHiQkDmdub3XJ98T!|p85blue3(p=NoH|V*R`s>T;&?$w)=fg?}Gj&}M1c zo{0OeRg1>_)+?+TTj+hH=PqnRwWF|y0w zHV+!4H#*+cnQQfm@Ocu1LlY=rzuzEAHVv&@@zwEQY-p~TQw#~>P<(v4VjI_3 zX+j_32<}ji_Z}APD3TxV9&2z`X9|XlXd`_w_YIh8Y1xIshF#~q&bG6N(@sc4GueOh zT5sZlgRQjPOgP=VNe^k_D&lrRA4UB8Ann7^-7Yh_c2) zW)ceWY1?hTW1Pb)MF%45yv@jGB+n-^8qmm@@5z}5Ri)m8?KjzT9QinYa$$9WDD<`g6;R?;zpP}gCuzC`wV}2PetNEZ z8>Rkh?#!8dGUG?HxMfNIPjGUcv{w`zo=rm6R+Lf?|1X7;mOMLRdEm}OGktsUw z1*KeLT-n!uqFk-oNMGmiVL6|q7X@{8GV`L{dP;$| z8UKi&8z)ZdY$xui>o{!}#IEgZ{746Ty?t|%UG+&*Lr{J6(`(`Ai!B!)hgLSSwr;$U zBC3qQ%HY1gm>)(;HG6G;C@mXpNnijPOt0^XZJ|Ed1vGO-9i{}4aD`z)Purz5Xor0k z957x$nrp&0>{L(!FPN)%OV70b7NgCfSQ|fCEJbIi4g*ljjey~co=)XDq42MlVT2F}BpOVK5LSr%tu`t2YQUnLLH~ZM)z!uM zN9f6Y9zCwo55RxZ_Qqi2$Bl+QkHd`)=rgBpO0y>$B@<0rh1mRtc@}>I9kxu8i)|-` z(%6awOkqV25C7U&x^v9;GG7tXga6#$re}y!{;Rw@Bg74uLV=ZsLFWoLGnO1v+;LFX ziUIp*$zh)kLf{#}3YZZF1cDb`RK+|wLp59C)8VZ3?z&Hji0$#08rw34QCz8c^Zo(f zo-`Js+{TM^2u&fl#!~DoiI?&wL|gxt%0*m6^rs0X@HEfkmtWwXZqWJ=iHC%dm#l7} z5Oh7=IGv~Z4NI~Zn)6)uDbfZz4nR&=Ue^s%c)7*`=qbaSy}#MrG?sXD zUAF6~nDN$UbB~RrYHA;}t@bipVZ5cT)%F!SKNJ#_X7lHnbn162F3*LVif4-KN$LvW z&m{xC>iZPkp5#z^^})8x?n=gTB$Ouazg30VSs7m>FH1@~n3KO7wCx(w0%I=xdRKjG zzs=(C%j^L^a?et}=)*I9a`?=Jjl!RR*1NQT2BJcIN2m-iLd-A~8zQRaFewhF@yf!W z#vE$zX=Hux8+_e9HCZ1INQ&*>EBri~lmLOEja|41mV#{Ov^$qk?C`W9m2s;i%q%Fl z?F#dBtn9goC2b|s44`EuIzWf$pmR{T2}opB-<>C_^Xg|=Tt5u92K0vQkEQg5pYnK| z@o>L{_n;(OaVxUpQC~-!dEJ)6R|(r}n8HziX7|CAPcK`9`>P+r1?885sZ{xKt`Mvt*RX^gkDar|3@M|(*2p=C~v9tg=G`PLgvDY7)hfu z1^(@m=4R7hf3alAc%GF2nFboYbZO-;vJNL~>lp6a5BR-{x`Pba(d|uEn>l@&%O5DjP`|SaX!gnkx(#?nmf`7#MB8s&7$Br z!56}$k>F}H-C0f}hd8?h__-}`UZ?7{GuddLb5_M?(q#Sx9ZiEt+ z-u!Xxu^$J^P~PXW0@lBe8)WW=AQw`nAI3ykWNNh{KFAr&ie5l2tE)B6>Q(uCyLaR8 zVJc=G%El~QuS6kQ?2}7pY0wq>?(N+%<|zv_Wder5Id4!HgS4G4F+RN>#CKzFK@@zfN9UAxRX4fn2 z3RkY_o^ED~36PZx-szB*;5l#T056g120YKo%`TmwQpJT=T9W-ib3#F%u&kLH zT)S<*u}2ES=4cOmOHQP`- zOvu<)i&|LqX?#)tog|~`2bUSDX}VLwW>Rnb2QWtrjw}}?r1NY79-iSnCU!1E@%dB! z4MWU+^#@0vhK|IY0KivyE#zh{E3tw=Z6}UA45U5GaBT5e>`h-Nbfu2R=bo&wjU4O) z8je_NMM~}Z$YlS;w3(ntk5@0=A1NqTb^I`TO#Oh^SAW*ld`gSaj4fVL}qi{&Mq%209TJf{n+NJd^OM<;6`F@V{#rY6%Y3HnB zmAE)5`_Am^KPn(=;fGZ!!%A{6CQik@YLvbFehzAHF9NN&BV0vm4%vXq5ud6CT5HTJ zW>wJQ?Q-l$PYhNRV_{(n!TG)Wb)}>~RY~)6f*qHq1kE$$o82Z$vi{O#p+Sr@W3p3p z!xhf({`?`KxLmt`rqNVV@ldy0H$BwJlsfE_=-6_ptfR_G%zuHZw$84_B12jkL7xZn&V|PjnFOXl? zmdrfa3-cg^c%^Dn#j=G$+er()(LHF*2ECwJg2mO`jAC)JNsQ#z=zl+vYQKBI(HT)< zwcqOZLHh6{B0fMm?U6u4_v}w6Q(`nD2w4ED9A6i|^NQ+t9ZxxoW zIh7~-r)?Trln}bwrQhDXbdf#RiX&3U&Cj2_J@1|DJifTArgLWkm~&>QLp47hl?4>z zl7$f~*C$f)T=6h9qX+b<-39~SfteAj*c#oSGfIGw>5+LbVT=eWX!$9s69V`6CDJ`s zQN~P{8hM@3dmw{`16_b3Xto?y$=fM5s(y$7-qN1%$Z2Sb4QsIRier(v=%u3+ldFc% z(mzM|5xlwpWB7d~RnqxzEgN&_LjIw4ItgO_XgjE>qgH_HNd_A>|%8Ea&*6kPy;vMG+03T$4AJ)0-4%<+NNf@w>bm8Fy zF5sP={8yvi|H(>3fpo%5H={K%sSWOGMpYXhE>?{YB1_7(O{~%~EtdzP_lI8c0#lvw zLVnKz#`^@7Z+(5@|JK9n+;7C`_z#i~hIuVotNbqRez^VTqbPojX1-5e!6yOpj~3z) zJdvZRci_)+7HucjQ>)$ORop2{x%i%&-;qb|Wj*npnEB(va(Pe~hJ#a1?Ry7C2$hyUCqsC0k? zRQbBJ)|(l8dE~oC-nj-V*cYO`?m|tKIy+lfJ)NJw518g(D1(_dQt<`(jXbHwb+SQ)up-ZFTgXll zb>n)u!Um1Vjb9T%Opz29UcZ?38ExqDs7_w*$sjdslpv{>Gll=$n|wx1@qKw^XK?Qx z9HzLjipq!sGU-2T?BwlzTa&+yudJEi;2!T=KAK;k8KCz9_7`0P%L9IoXWm%o>?)NE zIwNzwu{Cw>>Sv-vuAuk9r=SCLUBiR5DT`IViNJ0hp53wqLJrWC(~SfTX#87q`z6O1 z!2B}ydnQ%PLgam$bj|Mzu+gfk?6;o8^5;L$(e8Nl<-j2GfsLTBq|*n6<~5#cU*VB? zT89w8mC(p|ZN!|$si@7N!)R7D{~ZY&UBa=|i`kN7O z<39-MZIjlS5E@KDiK9X6b-BsN^l*}dca9ihqW0(!ijz}l2b<5@51#GXKdpqf9_sYT4x^~Og#E49@REMEAT zd8U}6@=Ko&;!1yiOXwc6(z%)+(=ea?tKi}qNv_efA)sv$vtQR>EIR4+v<9ie(U^nh zHF0Ttswv~X#oe9m;`f(~!&bU}0jq=bKVD$Oo2Dt>Xs#mOxx9?-2I>lOAMJ?A*lTW; zNR?sGHkXCfw-@F@tUd$*5?+xn_?cL4>RvJP}(5UNBtx#$w`5R%O2ytEToOF z*q$PzvafF@)93`?@d0gaKt-T%U-|*GKJ;DNt?r05F@4yOR{0zGD<2PZ`S*S+I`^v4 zrW?13F=#-F_O}ci)e;$#CEtm->C~4QFa@c5LxXnzmqaXe?-)hMA0WYP@q6mAq}2dK z#~lZkwX9vKfID`DwO^_hET06gF-rPH2~MNO9hqf=MlU|6szTxfmt4`NGMg91WQmXz zNe4mC9o}s*UfC=s%?MnwiHw^HEcyNAj{UzvAsF>{9&YkRogo{w)h8Ka+Y_?lt0>sw z>`di+kwehH)%-q{=PQOngyYtQ>;a_w0&@S?prL+NuX_=nACP$E#!h>#=b`@aTLs21 zc)1n4O)IzR==BiP`A-32=EQn5M}vXKN(H_(yl>T)YiG>&FS}a!2Sse-bI*xOgK`d8>pdA0Z4(b*k+gm+X}NM43S|aF zAR7-htT16M$gx`fwd>rmu%mL_r+8qtF*NVPgaDIT zBTCSWJrbrMDPx*r>kQ|T3b+(Zey&{WxJ_8Oa?*PYc8@%K84)prJ|Jbvz6Rd69Mp1X z0j(kz<@=JX!lBIJXKfl$RiL$5b6Dj`8mI)z1veDvQ5VUnlZ03J&i)Hy` z+H6mb%eis!G)aduHBC8qM?v^^A$^18;&yS47LvRz=4z@#*~qu$w&0Nun-yky~)@@R^mwFPl? zv1Epl*rs!%T$lM<5N)FqMitMW3@aE)Ui}Z?^UtEVSs}7eUgO}FwXmb@naW;Z0KTDI zSO)t`KC4*{ znOT0p70l3JNS53xZwjrMd@_bdM%m@LjePKkSLn%rdidvNCD~xF?2JO^ZpwQ^jOYr2 z>F~9N$vnPlu~wLU;njbzmH+)q{++xLW<+pT?5kw2S7-#}bdVj8xK<-NlTb9q5xa!0pq@hxjmmqRr~NA{C*s54(Q1bZuvcv0C)7$)reQ%{FW z2J(r_+jgomVdlkpzw1h{qoz4fYc=n(0%1-MO=?5ROFG#uhIajCY6^L`8Xn;-qcIau#UumOf5Fy7 zhVo{;<;8gHLy?oF{2l02F-k;?83~g={w)fS%CYMRn6az`23r^#^zw1wPrQ=&Ivz20 z0j9u4l2IYNosQx)$u)+~wEzV<9kMl&P;S`fwvLg~%pPQYt+w8ApO_PY0?|xq zNrDKxe+8}ZcDW6NTeNQWCb9V^B$BB-I*y0H<%G1C_|OyrUVf$nBWx-NGo7kEDaWKg z$@fH#c(sG!xG*Ub9?V4Kh5PLfTvf$0`I%I%{3bf6a@o8ivwFs<@H|X5sB)ezv099{ zc8C5?#`XV>761Rgv1P~^VkXf~%qu4;=T!tVjrAdfR}Ni-aqPNUh6Y(NS>o z99G47c@l=(VzN;9o@~;zzXLdseG_9OhPg!E)-qXr^*>OK>>LBmnDdz|CnHv2t}1?qLh~8Wo7{@l&=mzQuCR4C)7R~&W6^1LAdWX zy}6OuW~BKTejxD^F6v9FS{Suou&*xt&17Sm+~m*rt>{-Z)HyzOs~DOUg+eMD9V$EO zusJKU$A!4Slp97ZROYRf>*kfyC)TWEjSzi3s|7$s$uM%~Z)pAw7*y8;}*M z3o3dpm1fIIH|!eyH++? zvak=P)ehLFX3s+HsW~}3+vmaQMTy{*!HX|(JjInEB1H;@Jg1iz8PuU!1!fDK*%jit z1+Y2MWw)R(>B2M1z{h{gqI-g5NU4 z!H=Qk`tiq8?enS=z{^@2?Mlj#mvDogt0`B$e(@&K&to4C47as{87&_-gpj@{NQO-W zzWORJOX-NI$8m^{fg>Qo`6$dK(80`D_GH>y0yf~&B6xqf^0oSZSz)Ca^Ysg_!6e~+ z&xM0T1~R5Vj{PfK(l+=CBa-dPSPwg4!rGnN)Qp^^DVTfOzJrVk&u*eFh;IuY7Tpoj@gJG&Ii%GrNE|Z-C%nv^t4>4^`&gF4j26@_F z0x7J7BqZ7t2Dn}#ohN4DDeq&^? z!Bo^ZZ_JpmZe(kBYIcZ9$}lv2ffz4Qs)8t0ik(ZmT<(@Ri>~Z;R;6e!`!LW#F%*z|s*bgp0zRD#f(Ns#J5mg4!isV?< zEN6Uwc1RV8H0DCB@(Obu$RJ}yH;20Xj~ja#%Q*9e$}i~im|{_y300rrx!o*-UYM~5*SF#1pn#EDWD~B;#FAbL;>bzuc3G8{aB;%Cx9gem!VR@P$Y$h!kA9>X6B5{M2ES^__j~AG${@N6zN|MZ z^Bz2w;)p{>w&*3pYaOQ&8EkqcA7-Bxwgb4fH-1EJX;rLr-R~!pec<<8C2J$Qss~dT zg!{2LyrTcAk}!d*L7q4h>_1oNWD^t}NX!&~6L)|7gT+xP|K_W|jX)Y2J zb6OsWVTz+vhP>}nA=KTWK+9k5^babX-rm+>?ThB4nnc`bhVAlxejW<qyH5Hr)^(D({Q2@U_~YIv3VV@snn_X%jleIMWhJT3N19 z)R_XxB&`eh)pJ$)kQses0Px`+dec?R2!yHwD5lv&GV5&japyLNx0U1JFc5NK1IpTo zFbL$j0i-)R{U5#duuOU~-BeLK@|Z(bcFd`J26x`n-r0(o6A0IrI|Le=dCF&JnI+?oHauM2tDwIS3S3P;TuuWzoGb{!PKQ64niqVU;) z6PFe(Wayav_n~T;P>#-Q%qg;rQEwxXc7Cz>uinNHqRhUw5D*!S5&($v?INXvWu|Dy zAt&F5=Y504(ee2Rncj)oesIsKvP^gLck#}j;Lh2EGS*e5_?^UIrkbEG2G68WCiH`> z^FyvSPx*3ta7xv{>hcxwx)DKsn)vqtn1S_1YwXA)mWuP>+@DthAL^qQMlF4rv|*c_ z$6rRKiDN66V+wW@II~_f87oS6fj^^cg!4Jm5CA` zxp=G;-){x-TILm7DZ6-sDnGptPYtrsdp%a@FPS^a+IO`_FC=jM=`}y0rN)*1x#u}+ z)EkBS+C43XlvqI2e0?2~nx+=;_DNJ1v-kOe2&rSYX=W48O;b7-_Bn(gLWU@DKkZ>S z(wy!`ZSzxZd`H#cfIMp^&sGdP+kCFX9`*+%XnW=x998R)o59iZF=1XO4K71FZT33w zubw3(B?YfPg%&rLL8Z@ewU&@Irnu>6BOWi%2nSAXY7R`-|5X%rZNU!C<*(Zgz` zi2vynKyWrC!_;Qv)90Ul`r}`{*;y*eY7g7cvL<`HJwG(q{@$1Trsi05spt@EF?^ueSqwYLO8w0Qv0m#pp++c_$yVM~$tx zFB}15+v`-_eHCnLcKVWx<$BM!cN0Ei69@LA5~tx7@~dH}9wS5cjNIEJ4&N;VEQ4SEKcF~o~ANfHT^{#L}ZcoXiwYq zHb$&wuUzLtzQ1&PGYtg@bPtfUbl{?w(BOJ{=Rs^e{dH6}uTXn!M;eNqtpht|wT*h2 zytT#)OmF;thaDP~gVOy>5-d?)q14_!WuJCypesGBD?yCgEV%6LF>WIUE*qjqxu=_$ znRT2UcRGt8uE)fPT9@JaBaUCi)j_x5_E(&eWI1pzT<~-|1HGLe+x&H9Fhh0(Y)t3= zvURzEnD$rEIqXHQEGSIX#qxAwbB^fp)g1X6X(W+NIP{tps*u~4xQrMl_MUgLE;NaP z)Zn0Ug(z)SP#s9#-D7FY(Svj^W;)ppmd&spKOdPfzq=x{zRS)&u^IkIqr7qNiHs|fI>z5E_L_jdE8KHT&z~Ij_E|_Soxk-=?pss_%8%-$pmtcH zPUHm!8!l^$hCy|}BMwwmO5EBQ)J4#yngife}0??Kbu0G_8?v8I*9F;NiO+lVp z@h)F_$dfJsS(?g#V;{jxO@Q8o#od1~7H58bPKT6PyIe$`&Ui=!FNd@s zICyBYOAvn(rVhx?{Z3t6N431o3dGpCF!r!@iF$iYhAl-uQ9h{S0_w}LQxc!GzY3~m zzK;G-eSW#szoske0i+P4|M3j__q1rEv zsTYbEV`%=3+dif;vzT>y#swK}>!7t$o zM-M@NXYbgLr+GP_HG|wwyMqLo5z(Uw*K_1;@SX9H?MPHpg}0j%5h~*>C>W#V96d

nkg#?;J%p8CTe3`MJ`dU+pV`1R8)$&gV`7#7BC;@=VLK)+fqh={0&0XUuLjC z1lgpzR5a*+lQDF2t}7o8hbBtC9O4_f?IY#Qp`G#mFT{HwBSTk%)#r9U~ue?(~`+VBPG zK9)8?{8<3|dJ}fpI_5Tte(rlCqt@g5lrDW#CA%FJ0lz> z{@lQhi~mvKle>0jR%V8$^Nz*F*cIcV_{Bk#fxI)aX8LC?JozxA@_-&_{Tw&n+Wz{C z5+8s9c{v^(_L0QU5wu5~oBr|JC`v<^;V@79hvR>pxpa{E2jy|NRCK)Pt$)b2K_tg1 zg9kB6+gviV--m+e@M@kp6aXR=q_a}+QJ?9mbbf_J`lJjyKmQFG`fD~dKIGv_-*K@- z{~y~N(L$%}9>g@7-T^+l2QyGLg>EQyOjq;3EqX}z2I$%JxQru2VtU*CFE``h3B!5U z0LF#~g(=b^_2w6sQZx#j!Bit7JjU+}?8#Pv7x=gg{%13T-*QzzigZI>Xc}pzQvm#- zj245kK1R|AY%=T1EkJE|>|+aJ0}ku7p`w$(Fa!k<07po?#2Kh8Wyt97Mj(orLp=4P4)bH^y%nJ3@hr9&1EIWK7dtS*5e?F4(^A*RT3d(Z{>Gpmv}h?HLB2n z?cOrTyE%46s7ud)-uzwO(@D&ixziY7UHp_)6v~@ufS4P0HrZK84|3fNc2DH8WV7Mm z{uVyh=V`D1Xa=%j#rRXK%=SEEzQ{9XyILuc(at=MU(0c ziQl-|k$D8L`?YdE7~bmc-Z$_(D?|Ua?=ywk_OUgi$L(79(Le4^*U+$JCJ$N<`F+Vj zlqm{B&NW3D4^aly4pVZbi84yEsQ`fu>X|%A8UXp+NbLIfz1p1D{)>q^j|{n)Vbwd} zp=yd>cMIzbrG}Qxzm}dr%TiVCmAhussWqYpkt@$8i|L?N*@a zL@8h27I?ivqmV1dYkixrkDA*b^1EMS{xHZEdN<~VWezq}o0F$nHhI$iB#zIDnuNFj z8@miCz8oF=j5!#GYZLd&R~-$75oa2Q?=^^+ND+oB(kT)6<%gA%%T2j~POA^0PJCsO z13T0M+bQPvQ1s95+Vg$CwjUgheLn!%aBqi>GgkE_#g3_D!M1v@PT3V`c@1r4=h9z4 zJ6cJ9F2WJDIV$Bt7G?k*?&D4IQ~!50{*ZY)Oz{N8k9>2oZ@;Pv=0`sx#OxEwbnMbv z<0kF)S|jOR{BEY%bR0>khL%J^)zG?J7nA+zGMtVL3Heuo`2CZa1xor`jty%;-E1$R ztwL23w0r$4Hdn%#0CU7na!fT@G(C;%=6uXJ@EsVt!CXGKU%h)~uNFDQeK&Okr$`!euQXYlBUlbAjzhyLw`@Q$lSc^yO z)Suzr;}?2t+=snUuTnV{%W#B3WH{zpzctS7rsXXn(ryyWaQuF>;p>V;jjL&#OM1fF z5BoU#zGQ_kw$vm7D^GWl{=Em#mKY@&T6vJiUIj44Su(AJFDEAQbXFsWal*0^Rajj0X|Tto_?RaMkr6jDKkF;1%E+2*sEDm z-fP?xrRZ$U$?23D1vuvh_SEYT)rm^)fvCNx!37X3SLE6VQ@gm#Nqes*2FAZ~7@%ky zur)SbrD!;WiS44KDt0658Dcs_-wa6#zfp+=Z(GT|P4dL77rSzUxmj;W?2S|@hTz0& zodcV)9hfJ)monkXOlhv$X>35#_AV{%kBg=Iu)>ppJLT7X?r<%J*$YVwRqF@i8Cx5* zWohlKx^goHANdSWPZ__J-dz3`M{^Xm6&&oSiXz@9g2Iss@lLWw6y6*)N*{9JKf=@i z58Ov6RV?S8D)ITaC3ZzqfpA!+#EYbH+o?^Veoa|1s=x*XJ{lJfx_3UJ1TH1vgn%;|EO0N0!3g`+tr9qCx+@P2C{^8q>uTbcjKVbd7 zLR0!1w?q6g$}e#9`<(>34m^)paOHR0@ogcW$(g4LDWzQ%j)bQBnBt&lxQ!dWEPMZr zgq!(7`03oRthYA4h0erIdp$)P+(_3fc)jU91*;zy?%k!w!x=)+#Z`Jzv%%WHkX_gA znPB7`K_qtbQbxsm+M~ANayk7hi8a@SG#x z(v2L3zvX)@v>`;rTRdU^ghdOti?b33tv$eb-vE1v4dS>Svi0nwQ;_`S9X5C3l znl_r&FDc#$UiSH-%>>UJu_wheNOsO{Emy9*0NP43x*{Jw6+hG1ke4(A4Ym%BF-A^W zu9?JsXwJX(gKw=Rrf0&a?;^AP%IR0znHzmuVnvNaw&$5D9dXn?r`?N&@a zZpOKPEwM#K{-5x-X(;b`_1?xUn&451PdNE9p@V597tbxW)+oqYL({Ee?n|ntFSqya zjZZ%xLjFj5tviJxP!Va6G^h+6{k}bI%eA4g!Jm9-nph)z7BK3f$PQ?}v(jDprxc}A zMbTCHEfh)Vlgj8eZX7U)iBC#5ITq!tTJ+wB&?%6E>fVDO5Th45c!EVsL7U2{IiUqB zDm=ko;o^lXUNZ^XyhIRI1B1z`w{Mz3DvwLUvdmzGZv$XMnBP(8OYM(G7fu_phvo-TK*zstK^#`rb z7d$T(G{%)D58F}Jex`1$&9N=2W}wKWzer*Snf^LcW*0~4>Wy*pvFTQ6=UCH2c81>k z&6(0re(posf`2plBW(n8pi_JAEPME*Qq2s$-R$f#f_vF4_6x;gdw(@Gqoyp62W-YPLl2l?U9QT%Adfe4z zidY+z+bp-?5jZ~sCajz0N2nWFB*r&Kh>y8=5WYnP6^Qw1LaKTR^Od2G17|Ii!wLQk zlCzFrI5$;L$H)ky$p{Cw^K%%;4c0%9=VqdhE>s;Cb_2gEXb$deKPki%kW~={w;_xL z-*Z>frW59~6r}8nL&aFbY0V~diYkYnGCg^gAAwGjt^uKWSLUKZp-!(o4+396>wN@F zABP$j{-Nm@<|TX-F69R+ay+(MPR(KODq~UDdG(xAU3s@O^!IxSg&*_n)55uQ(HKs; zJbjY_^AA7s$|a}$tAJT!2&nB3suqx8t?8-rQ2cQYb>*1GNk+BwQi-i(QP~ZtxkP}c z(mVJ6mQ-$SpBB_e_Z~rg@Rk|u)AIJDr2?F|rcD}(EZugO@nw`h+rkW5rPOLFkA$f|GYgt%JPH@e5)v5} znoNu^o#jY$jbH~?5NTTa?SYCuihygZfDx{N8;{#$h0G@$dE`%Tu3A4GOD|95)z^UO zKajP7xvmd|MVK-t7V?HXhsr`eii=;`BT$BP;=-c^thb{YZ2o`>8!O+6Sl?e>;(bvW zG9kH~X(}tffn)Vv;Ge!iI+p4G3DQfN!KuG7sN(kB9kO=XR$lqBIiwuxt&(@0TjeCD zAOB=Cy!=||4^YpX<&{crQi~F|qouyZDajqa;m~)q`C#jR$tee!XxB>SbW%zuP3l?e z%$b?ucK}#vlmXWAJ@xLm4B_xL<-Q!IliP}a;V^YX?Gln^2GQ$__NT7r%2<3}I22su z-6`AV-!3{*2@Q_aZkxu39d8;uI`<7$c2&xc?Kle3@-eH+;L)|Ea!q(Sc@C}geg4it;5Xnf!Gz}IDmY(@5(!Rwbwjo=gS0!= zk9z&2_^lSm;u3DnM2_efYML3s>KupWk?}4^uoCmHd)YV;EnoC!W#5CHxaVYe5@wUt znLVmu<9s8)rZvfdoOp8M3@Y)sQ|*~g^%9}asqNG{hENf!0UTJic2gLfnA9RfW1wob z@KW{|2tHq8SXq==v1nNWB@`8bJ`lcxMKe3S)a+*4~=;up?w3^iJ`EDdvi= zb<2>;1cVFRID31#1I=s+<63`9cYEHG;p|82X}?<_7r1OA4dW@c{2P;}F;TA$@Ml~a zrSF6+eQL2#1!quQJ*GzR7x}sg)UM(7qA2T!M=VH4JCt^AiLEdD4~o*{**{y9&Co~7 zm2oB7fxtsawT(xAD|W!kc>YY}jkU&W!%f!V25tk(vZjxlO6^oJb&C6O zG{o=O&{L_d3b&Al`ym%m^D-~RYrZS?d$@0(2+E0wYEtuA=8}_e^JjH%Ii>=ncyz;A zU8)|i8tR9`SvTnvy`*)z=4J@Myy8K&9NPjW&Y$$37oKOae!4Y zWHP2xS|z0ekX}h;=GgdqXfj7zw!901j%}{UUa8cc>jZVi$v~4d7HV_7-v&Y-hO)G37qq^b=I(1;Kd5;V*D5Sk-TMkg8Sc; z$ee}nZ-FZfMc(?HhWdS2S7YJ+`EM;7bEL5Lk|Rt}T}Mo^o7~}2Qe79?uz|OLwz71m zR3yZnrdz}UiR6e^Np|?pOX%zbQ*NdRQ8DZ(wBhXo!RFma?qd@dAK{IjX?8%o*PD&& z6+34cC=M&axobE{|3q>qi>0Z0%8K(YZvj+%hB2tb$}EcnO{+C#!VAf-<1UmRS8;Sw zc@uq8QbRHr^XRGr0e&JBKQJ8PI**N*T8+sbWMWgav1ZYB%qK%F=!FGj?E4UPCVL$o z`;qP7p9pBJWHv+Mf^Iw1-}&IPAY??}lbkQ+yu|D0gpMi?oX+^@gYQYv|L)4^8G6jb zE+jleIIKzS#DfUK85_xEC3$(%liuDs+@A2??%=^ z(z+9e_WQ(HcB2Nfc?PUO+%>3-!wksg9VAC#eY5zan?O13`Yl>k{#43QQcr1}%p6^- z3S<#cfpd^l5G}q2>1pLxB=?{UjLP7T~46XX8 zxqKalhhssFY1q3$}I%% zY~wK%-o-kc3Wq@VsMQZ)D+I+?#t>|;V?@>C!I!OOxN+r86GvZALwt0!+E(J%ew|vP zTt|GNz$3U)Z0<+b^PWh`mS$h$e#Rb|TI7Ii1=rs99#NHku6S$o$MY=lerB1K$6T`U z?G9x_0E&(+%Q>*n`3UH>%biE??nwXZ+K~Fk|EjBbin31?!C@Z8_^A=Z?hX9adV zQA6`wH#R{xa>El$QQHNt57|hK0WU3)v*P#HY6*O(4>6!B&DMVD2vzKg72i zEndlsV5^qE1gCPX4|!#(z@FTsRh!48`Oheu;386s1H)MRUj`jaPoXf7yw~aPsiN!K z&L&y>9nAwm65ivWK>I-eV`Mw%&@tKLl-vRl>!c12NkAPWWEpiRL(IkpDEN$8jEO-8 z{7AuL{R2qdugK4bW`DvF z)VIo}mOmL{Oj38auoUoxE^5t5r%h}oM#}doiGJXrR1?S?c;-MukkN`BrT*QEyE{s) zUzHrj4DYCP)08?I0jcls%lp4^-15XvenG%#YzyPxcJJCZz#Fh7+g`gRH^`^G{_^7% zRP5^&eJ$+Y-ougQ5M?f~Xwi>Q=R;ECn-kbS!BoMdEZ)CdzVAbxq!{1cV2%$Id~~3u zQ^$YTEbnTnT!BTZs)qF;J>RM_#$c zJaE+E9m`TIL@f;WD8`tlJ{r-N#)4G#kfvnK0 zr)^RQr%-Mwj|mn7kmk}Dz;F=b zzj8hbP_aC7nFbT!D8UQI7>OMzM~3EC+KSb?dDnl*iU2!TFZw`Inlydmo}j{bLVj_& zZ1(0A`jg+&`M4n=f6*BK6|@%#_kDDTZNkt!-9(l&4Dyq@^{wrVNiqZy*mr76J10l5 z`(ul7jep{#r2|#fz}#rNJ$u-}orK3&b&y}!kXy!rG()vVOUzm;VU>vK@ z_L6q}qI#lo=bK@jJAYqzcg_UUw>xX?k5w{<4%=>W@n(U1?IP-s!wr#(cu%ZBt>#SX0%enod=GFkfTN-Al@j z0)a;Vho`rUYx@7f#zCaZB&0z^2}d^@f(S^dNF#_y35awvX{81tjSNIUq#LOb(lNTb zM%M;xWAWejci;E_!QM|kuRYj%pVv9pxz2U2;~{g8^5ZMvc+kuIk9n0dz4|gU&XiV4 z8&)hnM&(*qI2wUTo3TD5(b&7qLwq-a%_LuXB$bY%lksi|Aa`yC^~W1~FK8l&9TgkF zN?EFpdH>6z9=KxGq0vJot;6@xuUbp1iSa;zP9ycM|2_JO%(Z%w&D{Rqx1PXHh1N+o zuA*{AfYDQs=<)xtB2(nHK0l|1A4f@c(cK~e8VyeV8!``Y7=R)%GcG`{Jk#&#F?;KLa*H8N5Ik{Za9X7iQeMrz@ZP+NP5a{vQ4tEui z&~%d21ZmRGrqxdp;$;7eAIXFKh?ON)btEDDqvZeCkt;m;Ua&Xn_Gr6+^IX1%Kk>)q%KwgF@J%j_ za-xRl_Kx(fIyeylZFwizHirC7(?zmCV(%P_?3Qs;yPlXu!*#P@2rH8%95unna(TUv z+d2E?k=fu)oU_k09e6qt?sH3FsPli7wm*@y^iwNZ;T0)s*6;WIPrT63 zizGB>*-B5uDh}t0uM3$@w&@n)D5g05D0ew{i98)pd>KH%muX~!h_{fsV&JoobW zym%fwaKaWv5@;;wanH2Ysk566Jn#;G?O*EO{8B*AEU0e(YP#DJq|b<|;M(n@t?%&J zfs(pG!r^boVD+@zZ}FSnlV)?%a>|1{u_ZODi_b+(t6o;}Z{80t`67MoX=E>luyruS zyHRr>_P&b^wJH;r<7zeocbsapV%3wMK#x_d%jxvAJm~eGm1&l?(a`B>jWRb)nF3d`(gf_tZdrh;3Yfd+zX5BS8{xNTY(Se?khi_eVLr` zC7@0*ox4twO^CvwH^N~G$R=WKq>A<53T zzREaFw`i{(QVq2|tO+^92IY2TDofw8c_7rHDpCSOxdZKj|3JiMaAPm6-(X5J^3{Ki zU?U)U9^bI5v%Ds$l8w%UP-7r=G||=eW_RduPUyMYezcy~xnMakXe&>QO}vp)b+uAM zfb5<|c%8vVjef@3fW2=VPe1L38Y?!9l3}htQQ{US4d?Zdn4^=`_DeF=t_Qqa)}xdI z^F8H0<{Ycz=Me6*Ndutrx5LCD=AG41^4$iSpnVh}1C~`@=c*olJG#uwW%Niu0?1nH zk)PT`2RE*)k$XI$ZIc&nR#9WRwR4|t7xYt>qdMU2*L^>iM-I4F)id1205?dp2c9`s z@{wh5AEI9bYgZNc;*X!I`ALwF-ar`tANdohS0nd?BrE&xWsZX+DG=|)_Z^gavT$U) z-z4c8pzZ^kI3>i&Gu~rR)64g@LWhq3iFGdZWQf~?yoM!vB@2&ZoX?xIyt@@V^o^#g z-gLiDzW#QJV^QbcJ;grX;q)b*7isuwpAEUP`mU{y=4I5zt9<$fv>-ky&*eTlSxOv( z9gc#FrZCi+)JyJ_DzjCLrBjBiF61XJkh9HEJ!~(tJek{LXv*J25SzL1D4R&Un9KM> z5$(qbF0q>Kn@=UgrC*zE)1>;Xa7ZTKq)E#Ql290obcP@4v3@+dE~JdUh#fKW3@`Wf zxZZzvTCsG1zLTbmwE}kpIac7x7?0M|d)Gz~R$wqP;mVWxPLLv;|N4?#x;^|g1!4W~ zeg*6RJny`|I(Yxengkh$Q7fAo)|ne_zGYq$@!3QMjyrEun^re*CC4xR6E9S-IcOev zud9(rP*Yv(U_r*WO%1B@8<@eRs0!9M~v$EIFnkvDgX7&|98j)64`^-NxdvcT%zTz-FdCj z8mTgA#CF`~JtgH^tM`BgjjHPUOHD(IgHMg^*77M58@8s)8)eTc@E>>yeGMN^$oB=8 z_eh3VK)d!95(DR0OA$PS-g3T8@?$(tq%^4?E)xhE|4E*&Ln$XQq~bU0Dnh+Nmuz^U z8g`pzNBR6GXHc7~I$5!Z_EjI*j>j#&87eBX!|;93=m*$2#DMv_{O8BO>8Bs?4L)H; z`?27yRSNV|X!iT&Yh}4y^Aq*O_*4j?nEo?oz^nz2(_otl^|HcEi*oPKMk4L;d&g6C z=~vxX=0mCBH>%loS&|jW3D-tLea7ZgFADGMnE!UcR-86Utb+-1k42zY^Q4tnO68BP zF1Q}^d<=g5w-=KAB4Mf4{Q}(^TGH#i8AS7(n?zA>G!5@VM@sgm_Pk$RRih1& zb9%=I#3uK=*w?JkqicI7B#p3T|LO5F4&t7fiIBKI;bv$H;lG3#t^E-Umy%p5W7YBm z-BD8@4rAQ1Srmv{^E>w5I7&9-(Eq4v7zjIj1wCroDgS-6q|bI zSjwzDgP*(i)Nt#kslHPQaJxS<$_~u+EKa93pDCZ>GtuYXKOU{pEN4ClYv?j`&XRGT zULpB81-E+#ZoYAg)-)q-?lcld2l9>y>bZ9lHCBFsw<@Wb+ga^$>*!YkI-?N;brIIh zfqZVAYa&(m1zJ5U-0%H#r3g#kn`J4Xrz~54?W**=7{-Y|#uL>V*d;!!Dk3! z2i>qvAmS@`P(lchC7S|~bN3$qeFfst)!>>M?PjjCkmFMEgtk$eTCjfV{}BprqLpT3 zp1!Rn7EtU4#>KoRD$Up3g3ggmjWd3aC+W-o$Eapg&k;ww8E>YO_FJYQz$O(LL9c5` zXnW@AHPfzy64=KVwepOGqNarnpFbu%=3pCb;vGHZjchs8yD-s(aBo>>6ws%T%N7J|<-!h2X;b4^@CsDRve z{xKv5Ij%~le-7u654RQXqkNyF&h2=pCcrKpex1=$1v7e1eq_&xCfXe`vCNPIac~f48ufq5D-*my%OYkd!Az zapG*YYZ$Ttl(K!6AU>Gtkj3?IvB^8@(W~Ey#V_%nJWVGibR%Q#4*82gBq-@v?ld|P zj+KZLXUw$clA<2$S|0-lwqYJ&SN#V9zJmv~ge3=jS`K&@lQs=HYUL{f_mfXm>lU87 zVKK=eguU;h8GPxb7yYVK0=F3FM}b#UHJ6f5DB*;ttS42)p8x1^~7F$Dj!+v zmNoAQnw|+!<4{DJ0b111r6rd(O53OJxPNFIgkSh{I%ICe&A~1@T1JVv_-bwnfNQ=T zo#B-YSE@wiFI_Y`gh{Q!DG3MJwOWQ8A)7U-EwyPh$Q$8IW1w&7S@Ym2gP9lP6e0 zFRMYkmpicZ(VOa8vnJ7nxZuk-Qg-w3LYL66!ftkltlOE=GVuvc4>zg+CwLm6pD1+E z7D$C;qssay8R*Ej+rSM$I6v~C;sn&$Bjj+V=qlmO0xK?+iH0%v;)-3 ztm80ZdsKR;fGbgJ0X%*I(4`{^JeF1Y2As_-)^eTJOf1bD!}=z-41Z)0pe$I(w8eG@f&$L5?NDJ<%cGtDO;J#0ErYOrXgU-;)!rFCm(NP2JmK;;b} zvP)+nve7Ac+BOsaFi6q+wR|munWST!jKP{S`|(|ttM%@5|CU-^r`O6EaG(w^XN*+9 zvqq@^Ro)K~)|~HoyUrL50FaIz#^#~I_(UPFL8WC*Z;5V(TA`MEZHE{vmnH7LJ(W$P zI;UWKU~&G`3qjBcZM5l4>qBd+&cr10pf~fEVt38lh+QkyPDOK-Im!ZjOfneymglLD z-^QdpJZT;!c1L6sqMq347Qfja67XGdpi2|8ZSp<-xHqYED@>J2!P56&)(OiTG~I%^ zU^Bd@Lo?zSSgru;5-faA8$HK$GwJsCK zu|j3w|9kY}jd9jjc<40I>Hk0au`5TN)2`igCviEHG+wCD2g9*GZu9xO%44y{&+4Q< zs4P2YN(@8xaI3AU&PwrS(Ob2?(N1C}=r|dO1VF;Q=@*W1tp;=`H{_t;$5{Dt-V$JRlSViR57Ku3K?E)R|-$GeDV6y zIBml-#C*j|;m0#Q7OLShnN}Y5(!92YL z51r2}IS%l6iLdB*o`6XkE4H^6K1wAE8Axgx6~Ap-oa~w`278U8i7zqGRiA(M+P~f& zhp-c+arf`uVpPi{Doi??6L`6bQ4qTLKM$6PW+-p~p$Gxmk_{<1w>BqsTUAV8d6M6| zofF3o3bu2uj(RkW_J;)^C|RSD*C~(EreRL_tZCS35hVF*EkQen&cv7s6kG5S+I9q@b?c`(5Wzp$QgGJv6s)2?cH7L@e)bTuW4DwGq+Q%oWRg;yR}l z!<9Yp#V4Rgw8%C4!lh?E0V4J0v@2-Y`R{U#7~rBy`Ot(Xaz5>1xM|3+aX!IyDu=tC zFM&?Zh{vT@XJ4GjgrW*?XmM)Gy?@g;KBJf5@5FJKEdPO{rv+toHQ8i-^x<&L`Wm+E zG5^!|-#g+`ZVa3Jsw?l@Zlz=SJ*joQCflD{Ty{-2E8op z@>u`llzRFKJ>W8p=*IrbI==%POz#aW>-EufCf;)lVBhvqTI(tM=Z*}^Sh|g zxTWtQ{|XW$e<{OGX3h5zFB$3_E|frsY_Qmcc6Afn*~k>%`iaL9TH=Z_rPn<~-E`x&YC z^&NFOi*%6|SE=~Re*uLF1zgEXo{mbB@LvkDW4i?d^90`|3 zet&k+AM5V|zmgAn-(P^Cv%Y#M-$F9m;X2&cxUc>+-MFw4EH=|Y|MkVS6yEht^M?fQur(Q!94|ka>@CWW}Lrd8Jx*dauq}jqbwE+i3AS zJcsIoe(?4{sy8zKurVB5DpQr-93wj&ncSPt?fzA7&YL{lqgTzPH1vV$+M@eSXbK`6$z@^Erxl7xb>9C+QTrfu%t& z(OwUSvs#TljzAHv(knq}5;A#SjH`YpX12QMU0XYgyF zr4&1Xole-zVf*oj_@|mTaO=tE51enB2-~OAEAhBIK8WBML46W@(|+AQuoEn6KnXhV zVXY^58QY{58@AT^pB)7b2e9e#>`e`RfBd6m{<-|kaFFZ39pvim;Gu+Wq+W@XflQiJ zFntfTjDkLQ-_dG~Wv{hGD|UWx`!6C#ic6;rAI|lV1!#Szwr^tNks#8sh`t39c51YeAL7k) zQqz@=+PZ>>hjRAQ2WEwS5<83e2@;6x!1BLqQ5*%)udxmtVU*jzpf#0`iwJx7>34=~ zBbnH9j`UP9eaXueU)Uq#IEbQbZz;nz5r;tz2VbtZ0(s;{M4vRPxym|;cpY^{CRb?R{}D39p-#GUn#d7=YKRBbk{9eU^eO2hP+8docTPK%ADWf(!%a_Z z+SVg}O}<2bfY11dA_~N1rj^$R>s#(PEK6~9B3e6VfHdmi>vt}q*HvKaUyl8m%PHCO zD2jt`Xl&p) zj@dGLvY`5>K(R@5?Ynp$dWtJiIolO;fheNk!gm>yl~-dn56{O+tXecZb9Oz~c5BFF z!uT;k#UiUJG@?%9KWqOUwy76zzih$JQ`%$iD1MgGO%c`@ngC2oQ__vwgh!!4zla`E zXIoR(4ttbDvQmpi-B-)^72#4y#JiMS&6R_9S=lE%{)J7&CNTLwe`BC+#1j9DQxev3Q_{CDI@Pp}D=^&>}rf*nS47fT4$;RtuiGgQ-Fp%pmmrcaUmr;aw@i)_ap+c;__Hb+I@Cd-&2{U09^usRe8jfuyO%twhWf1G_M zuBv*gI_rMdzLbsUQtHVLKFTPxY7MX-_~+z!taJZtmn;N}K{Q@jz`%r?n-FyGt3r#sHmpNO>{CE{MRz0HfG?})_E;BMtyI9Xwh zwK*iK)nmDvz3BezJ6u(QbV6JRl*>c)_er}LC9eq^6Waa-m}x>O5xi} z9^IO@)SH@z*2udcF85UD;QIxwoemt`u@ZpJB0SXfJM}>_>+xLF;rY9a&UYN$>PWu| zyknqivq_aty-9qqfE}p;ox-tBB4OA>^82n!rZE^k5Uz45vK!znEAm#if5>@JjH)7W zK~TQs96NLBe#aZLKvBc&*&I8*phEvD;J$?YTj25C2j9NI(^;=<*w>`C3#3UQOw<-M zlyCbLs$jCz<~rki)>&-+oBpmtlYh{Qo|Z~l0|@I(+QDdL+2jMBXDl2==Toz;UAFk-$p_pa)cL-a1v^tZ zFiDyMz1r#I1B};XyHJfKKb=l5CC5{@X5Ii-hMY#U39B zE(}kl4aqD>Y*~tkSGUBL~z(8+b zP;bDbVi9^$8&=?@>~H`T{9~ZaIQp0gI4D4S-)eRKPm0KJo{>oA4<)`rwm2U|y;McZ zS%Cg3(7}3#gq|8s;f$fuK@7oSMKlCLTwcuJ&ITDu+Z6{;ji<(*q&;4p+OVk>H?eUK(4(_ zI9s71EaYou)VsoEhO-*Tf}sy~77Whh=x{CzN1St=2OG>>%GZXU@T>yNo36vDzbw2n;YJQl&Jml#P7 zrrOy?V%`V!ZDy0-j8I-ha=Buvw?5?>TqJP6Y`DS^(x3=%1kbIj=U^Nj31NV_Puw25 z+}qjpORD74Cu)nW?O;eRBZ4YpP|=%(pqnLo7p8G<)p_pc_Cf_rBj@TzjkMB25U#&> zd$;Inyg$LFpNe$P}M^*T@AiA4c9CB|*y3R5K>PnosBH@zL4#2DTnc^s5M6WFA zIpI!Jrvv*!4Ud>W(DoP$PkpcJB^rvJ=&`DB{OL#~?*-BUH z;o@jjXAqa={Q|ufvB4CUY1)Z-W2cQ)D?UJaQKKX&=8#CP*8wqnZ-RS$uI~Nqq@Xst zuX@^h6y`~h8C6g3zmxmAg52X7{KF$qL7nwje&j6?w)l9nzq&0#;;HuOIVJ#ckyOKr zGN-_?j#=)Z;4#w{zbDx|6tyZirSdoL3-!96gZMv}s1%f{_M@%R|JS75uZ}tMmc#}DR}xcQ_zmEJ3pdS`z=GA0&t=0IMKoe5^amw ziL~`$>g+y`C1zI4=cHBsO1JqfI$>2(UE8>$rxXZ#Qw@KdK6%k<=+y)t>>PQ|yps=* z)w0rb(bm+2Ox;ACa8;?gGNa*4+ORl?ZG5|Fq?CV;UbZV8%Ogh?IJzMNkG!9JKJnhL zaP4$EQQbN7)+{|?2qq_U?ra3vfpl5_-8PZ3xwuxko#AN3uKW+xW9*zE!|Z!->*0}s zF#78|O_=y%1E(_Df1=KUb)wP95IL1*y*`Nh_8_p|qoM59pW_5V-Rw*VM@TJq*cA8K zR0ti`u*14FfHCCYW112Fdf}iDafWO;;ZUj4V?UAe%s{?)r^t|(qbKE6ZrOY7rI8m@ z=G|gjXwP!7H}$XUt8FceN1O>;RG_=~kX+C9BJ#!4nlOfmBlPj_+?OFD^*zG;OFdfv z0D4oXHx&0PNkmQSi}wcXsR`=!XFlcx?kP~os^25S!Z;V9U*fM$tp_7`$#Xr@$yi5V zA#k8;c{9P>u+&jPDtMm3u+H2&Iu$`wXFiwoUGYte+iEdG>iwn2Q^%cKv2E<#Gokhr6uU*O6=eIVJydEvx6WX!Hi)?pIAATz2;&0W`25v(WU}637 zA>OF$+0wrlR5JXx#JESvjH?2Dkf&im@W~U2paVF5S*ne&72jH2=sX=_vv;+~n*Zp1G?bh!Gc-V)j z=Y50Z`~XY_SjnAiC4kf1s@%owN%V5uo5zuJ;Ric$RajWG#fGs%e|0xKB5)#P$B!)WonHxx~<`3#Y4_Z`;PtMS%16N2CRQO7*CW0zD*mjzDq*8V%AY9s>ym3@?XxB2%HqaUZxw$zHlN9--Byt zcPx?~v^jjV>DFC+w@}v%D2GXQygVUMgb}_Shi6PbKl${6g)RrELG)S3t`#TCu%vvht72 zR%y5+@{76COpgwHp!D&-U*Gssh#3!Ez^z0=>U-YWjq=StuX4}t8MycFc|(u?1d#+$ zRWiU=>V)x=rP|od2;@7!CIEB{vO44U&OhU^+q5Mh9uS?-m06!+5RG2T&e=IcOfZ2U zlmm9cQ-n^DYs0}WyRHn0XA5W7zTQ>IY7Z8s@&-DZA5OOvMasrurhlEYBdrFL;>JJB zO(~L+L?FS>Zpf#lHqNQcp!mfssma$^#WYy=_}fcsUFVe;k%b8K!=Py+`M4CO>6t6} zgwr;faMt}QMnHk))myH}3cPmr%0Bbg7yrJ7^K={m|2{+~f7dF;^x5*2tDV-LBH*IF{?37J6xE)k#JlyC_vykQn`IwUR~K z^DDJzS=2Ob;dze#qEu8U%Ogf3(&9+(sKw+)7j1=8owN0IbSi1~qNL z-j&L@BQ6AOh-kR_!zanTLO&-ao(934PGeD;Ejfp+x;rnha;~#>3;5u|aNkb&1^bEW z4)RbS#~*!g3~dm*Ko65KiSS$9KmFHWpaH`CKB2U>P76i?BS7vw{7TpocAx(0sfz-e zt^>g|pK4dQo7+O2qmz==;@ky~^sIiS0vxF9Sc~_=-FE`WJ6rF#ZS=VM%qp!cbk7YQ zk`|~hCn3qBp?vPDO@uWDRLzBcLQyUsC?hDqRiYpA=`;8Ih*Bn7hJf`Hr>y zmDJpRxxst=MTgVFO5b*v*J|E0h?LigpU`pEiC z_d~K8`{B%s<>up>1#yGQrPpdb*9dT&e|@*C7fTeAQ#63hr7W}Vpo>|BAD3K3zp1}Q zl(el^f&Fl%wyo&ScyR5wgF3ibg^iddtX`}OZ0I0ft!ehT8+ zP{qKi_l;;<|GA%`D&EwMq>5RvG&;=6Nifk7_bb}&2FSamhG~uiw)!VvHcJn#Opk?J zjy0i``yoqr;=4_(n|v%kem`7@#72A19aSwu7QCJ1w*3f?a4IP`tq~aB zfL*7!t^^v;R>3&z2J&a{6+N%>UC!3Tv=38%7N`TCSWUZXZ?o@!7(BPXbU`XBTF;uw z$hb^zNP3JYAm+rf>gVX^tsP@o#DtOPaUDRcpEfqlp`u!z_!L|CxP`QhK+L%5D~?sv z^hR)P-9!=oo8tziRM9rC@0?PS`QgNOgY~)n(C9;|zOsbo9!{xF=h@u6r91uJdU-eX z1s8tNZU%I2T4G=y52*r4Y23L8e)3HSskWsEB%a!YLNyufxV?`<;&(vn=8Z3G78-9N z#x^;TZab?s^#SL5xq=hiUZYQvfFAx+6232^&K#h-$9@}_pC@39e}bz}K%41((qsbj zOSs#dU=ZyVfV6PzvSO)!Wl>>tCe7E|mYN-4UfMV@1BDpeqxb;^Fp&r6#(O0K*Qilt z`4yR)QcK6X2+P1ew%$($Th_gA){-2=f%Gl>k+JeXXtc&GoW3(EulrUSSKS1 z(Nz}&WdEtEZ~ zg@P(OoVwTzA&volm*b~*oBB9Fgu&GE%4js=!8v?tsUl%p>0D={XA*GqH{%0A<#JJV zET5A8tqQ%LS;_R8Um?u#YJ*)9Ew?l&a4+@?j2xFp_^nJygn*9x{0TPu_3zEE5#%CW zkR&0i!FA8^e~%=MKXnRu8IysLJ!LEoU$vW0t%JBue+1n--*$AeXwX;bH_(6q!5+y( z+XRJY*xVKzl83pGK!L^-K+y+`xYj8UztHE5=L9pBc%yc3zmV%gI2>pDLmDsfMtzx* zZx*oI^Y);_ELvz4EELWI~jaq`v5LC+{S&o1q`6OFe^=dSb>3YT=d^Hfswx4@qweQaBt(wu>F&Wsy`Dt6?cX+guqW|P+SGwBM zwV%n+d@TS-ARS-i%W%4fk+P46?l@A>1u#bF@_gU}GUPqzyh&4sSJ?=l(c~ZP=+f?y zwp9$6--zQby8fH9p*x=G$m)*6i^7DQiM5j#nvj-RHK(^C^8Oi~F_cc5k#uPQR9eFi zu>=l9n`aCbDIz%THwYz7+HB<_xy;AAIwR?>a$UQf)I?;kx+dIQg60vfn4@3v8FKwrQP26o1pK6=;Qvd38yIeoTE0Iyuh`~7|FYMVvB2% zAY|u8pi{2Y(`_nin;X!7keo@J0~hV49D~M&&`{ONNMF4tVyI5#W8;`l4p!8&jCtz?*t_|bSH zIeSV|hStQa2-D3?8|R|$CngoxDSKmhT*zl*&3o20Iy|E(pID^z6bPh9?YKW#EO6-P z)oF87|8c45-HphYI)@+rsjHc69GXgu-9|Rq{5iAKZ{m*RY2?Dd8fhODHlb%}i~>*V z{*=G5If+7Xx<^QvCp}Ya^a37<5J|Gd;PZc4+5(#4RKJ)n#joGGtQk>M3QNm%Px~R| z+*bDbug6p75yj9oHfp;(Mq{nnBCN7N(APoYhd68dLJrWqY)L68*Np0|>%avMPBn}` zJpH!Vw-DygC(X9evG?En@p6*TtzqoypyqNhDKq8h7=qxs&mkkk`MM=P81BsZXiI$5 zovGmsi-Y@@160T)`|s~^UZ^jIy-Gg+)+kzjsCTX@ero4U8oL3k*RCpfa@#H@=vN1; z#gsor`T}KKc9z&z80Ej>KZp_U;skHp-Q7_NXIFJ_Jo;D>CGMopV>F8Hi zc%WSRuNwV)VY+N%>mE*-V4T@EWH`QkK0N8(tgniP z{i$(Q{urY?3xCc5u+EOe#T8q&>^zfo--2YppcbL^auNEA7+Gk!I-#XY&3)B;ynF>V z#GYerM;jE`oDbbg!jS+$H9uA~5~o+#;%E7zh4aD4O)lSoLHnJfPXwE-lOF?_l<875I^lB@FADbpRlG+j`Pjh?>R?-+3eEanM3qR?hk&B+)PdFii z?5L_-sS#4{>yu%uYC+(Nq}-%76*@Y->=cL*yBCD}wr*9+8wRAxCty6tk$0 zi(_R{OauOwbFYt~_iOw91l!+xwVe(Q0=|vRL|Hd#y&Mbl>U^ZUhgtC;3}?s~a4K)o zt82uW@a;K|nviW^y;dANhG3x-RyXFg1VF~45GFrss@j+O86oSZz>a2Z0+e`)fgBbE zLG6-(2`{+QL=5!@pnf=QIVLOOi8|T(v(|+%5YO|p=gK^$J6(=P+_fDd6CC!9T^EC*xfv1G z^2D!FpwzbrC!9!+ndhkSX)Pk` z1b5@R-7NiT`ztgvZolI<;mi)V>dd-)7n~x|Gr$}4eFGZ4O6(W<;lf)C zyY|G7xKB9(5m?{TpMv8cQ2QrrBoFR;O?S-Q*zJ{$QGiIX^*h_3eX$0O#?#>9XZD3V z>;r6EF~5-2`f1G)C$=}Ep(}_L_ue18=ob0+zej&6>U(p$JI~h^w{u4P-SbLLsS@P& zLjCK7+CC?oW*A_uw)c9L*CgYN%zDOcfjH|Y~gdcHRK;i@rZb6LE-8v%_W8tUr=f^A3#13mBFxy;~^k^Rg zO$7l!L4X@eJ%N`lI&e^LEb%*GO}R(uTEoZu{AeFXs`)(jM&3}_4?VRe6CrwmvOj{^I#02<%^o$!+n*_J*zPPwt2eDj_Z^e{ysE~RQd^>T=r9WJX#L-Gw>Yh@xS zhPh08?p$Yj92s^geB%z?T^2efF69;zzE=*+l=_qgTq<{-(>+2y`hDkZ)F&Bc%4{|0 z?ndSpXI{>z7lXao52FPppZrE_Gyx04qt^g5dN<}L7Va<`IsZQ|0AcIlQ#-S3R!8+x z=)g8zB)0?)Hv>MP`L0UYYWvQF^H(=b!98n+U~6oCyGmjZJ9g@>idR@1Thx@SMb(GC zhNS4`Xt3uDWxdQ^_Of5oVerZ=GxGZ-pRGJfK2xdGaq6=o$ktd9sw+fJ<;NL*9k>+J(CZxmv>-ZwG;aXd0n=#3nuK^g;AKWzHuj5u4&Ln>DC;A z+_qx4QS6FY9-+_}f_%^xEP?SDhQ1V4a$Wln)UViY6$@B*gW+YB?8fgXt@VDr_?2u> zRhA{&(6Ho}|05JoMZ|pKQL^h{P_iMIUrp*jpIRqXTzS_76NXQHrhjf-{AhSKC#4T$ zr)t0S7=_Y>XnCeTIC?%&$r?Qf=_JW3ZvDlsHG?;}K}|Mjgh_O94@?u1Rlvl^Op@9^ z?}-`tEvMPWDDVLGO8TOU8KiyBv-8;f_WWA3n2Bo8F6`Z}Cup%!?saCL)L>MH5bgYD zp|usC{ljY&_VM?8_U^DTgC>R{Rn8Rn00Wy}{*eOUF{nx@#rFqdZ+- zW>)Tm^D>r^FzgT?7_NNCur94u+Ab`*HT7jilP*Cc_O6CfpMMOdh_upDEhl<6k$A8n z>(;nRSKyQkPS^nxTba90$OS*Fa9xp~Nf?A-z=u;av_P4+zj9aBtKB!OqN_!8stq>BEk zy0jB4sX2Z(Jx~q&2V;FF%A^zf0Vj8pxPkI*+LSEz)Vp*Rz^AbiEB<25i{XI8hEXyD z|5dgC(xed)M(n7vBWO&_UzAfb{xfO*BQ!eAUYf0*K(*DdeBFBVSXf?$ z8pX59VB&b0?)yxzr)%EAZTC@djHTzIQTYnKPa#H?sARh`m_i`ch6Ma#47Xyy>q2$x z-H?B*qfdG%{5w-*-3cN%ebZpIWy^T?QJ_45wH~H=X6AFGfKUa+RXbOC#N!c^#ITEz zs`gXRl}l}SY1x}$pZ>Fo6ZYHO>NKG57;&!Xm5m zo=jKvR(^c*`%_61=99{l46f52i!;8C3stzT1Xle^U;*P>fqWM)Y_ZEs;s<)eRC zCKJ1?g60O4DO@@Xx9-`+vUc8}H~kkof^NuN=qFBorRJ2e^$j=khp! zad1B0^z4daRsaa?)@w;V(vnJR)!Rj)K6XblSy= z5M4F+_aTX<_YP`8LQfge{U<@8X4^kxLxHOG7rYA5YQ>LpN-m;5!nHreQZ6BWEEr>X z^^Rdzd7EHNx5>AeTC*DEHO~URHG?0@VtWSONf%JTg!h+=qVx`bcUXs<6_a!JL46)} zl2@z3`C7)j;E6)Q!HR^G%asr77a%_)&TlJ>{$x>=V?AijE=>~)5#Kn;2l{pqVT5ye zc9Djk)QSI_n@<{xYWkeyWUG zlli?srwjz6>2HX!mIvt=)87Q1HeJKox$Tl<3cmya7~hRG)Iv@lkq|&Y_!0`%ic-M| zHV?tOrv`&0#jy~`a~#XsL;u=J(lxvk)Kj4Q!sSaY|1e4XZG{7ph6V=iFW0y+4!m!5P}z2Gmsi!5+W9PD|3=YE zS{xES(5}o>OH#9|sr52ZhF|-YqfTeqSRL&|#~GP4!gUTj%L%=v!z@Ud8CF^nNLpYb znN%Ly-dM;SEl?ico_@QCyEBRAJUBN$`u3rG#Kl7W!Iu!-y-jaG4{hWw_wTP)4tD#p z^5Ux}t1;aAn>&JWF~)a9&QQHEJyx{V38Zm}N_UX}oUseeedB8E!V6W&v^JF4)@}9a z&w}D%r?J#wR9&+u7r^V+r<7q$+j9|pYFJ?J-_(SM^`H_ApdRle;z^C)(|NjYeOdOY%pJeFhsA5G^OmgN8b{mjzJRbNwc zl9^eVp}7~7W>%(FmX-@gW#--sAt#lC%-n-a)66{*H*Ry{N>khmw%64>vMk2^Zk0A3p-;1+7G3USgioMG$)#alm2{}MHb`trMTU)a!fnRfrff0dnteD3A<2f=4?Ewpccs69IA0O6YzQ} z38|UL@<~&vGF(@5PE&!%$B@pw`s6b{Qzf_i8%;`HxJVVV;DDh5R4tM51OHw|J2i^I zttxHuwSUbGKE213KY#tjKNXFvvfzVpVq5;XB2)=5~koDg#4EC)6?n{Ki^X*uyaBfGO}oFBdaakdO%dl0;PZ8h(P zX-jp7?k?Q#av%gBZG$W$= zPGnViK3C}hrkOGm&^Z?pQp2G5-4{qr|tV8Tfz#usIrvx`8pQPV7H>>P8`C|4#BM~MB!OCBD zUBqdD;J7omC?v#k^mMJpXIwCgl;xbS#O|4(XUC#v#C6 zljIMt8zFP+TJxX2Ozpr-_l^}i8z!n+x*~SsQjDQNFrq&J}!#cg_ zV+wz%Lh4S(FoCFot5oLifMMUcYZyc2TTW-(R@~nJjJfx77Y?g;mc{mD;VlKxF0Z=A zuKB-do8xl39bdd+tG#CBVyq?nWjRP5plQwRi9ucGO!Ma`UdmUYsk3TUqr$R*1IDf- zT}DZ%uq?b!bE~A2OOExPd$cp=x%{Lv9&BlK-@i~-pKs@?$L-T~5=M7V<6O%X9eUfl z8xU2KcQ_xW^-JJOp$PZZfM-Gl7c*}BKmbqRC$G$1x=L4_JE)tY^%ad2{xb>{KDdV;Ra0?-EoDPy+bLl8#34evVXQJTiFeomj8TAejmI z9}7jqy#!o4D^70T6uOxH{x(6;W#C=XsFKU5WzM&%_14e*cYiLi4|{LCeH2tZ(e}4l zH>hR;?`TZac3FQ1BYr<)<$Om}+lAC?qK}@~5*|hvi{f$}XUvGaIrt|WCZRl0|3C-SCI`-mi^bCN@!s#ycU z`w>20kNsEV_&RYp;&1~+?Om{uUulwuigAw)vOSeKyZ*}y6|gp$CI9%?g<+{bN+)$s zUa{=U<^`P*3=0%UF}2OHd3yWrV0J;^h|>dMK)H2g2DT^zahtpep} zbVDOZ2vd&wa6AGCXC2?;nVy0nHVRM@i1%gepo;&p?neg|rfnV0c!5_XX8=yy< zTZ;@du|A?^3-xpOmBFNrpWur%z3V0pwirLB-Y2L_(m{fAZk_a!b_rID{NQT~|8h!(h*|N6hdNHo!5uYZkKcUMBX| ztoRVrcdzbg$8(Wxq?zkx-8TH2G8OH4uqOXRQ)N&^XvAaq4 z=i+^IbOav&bt6v!V}JYqosfQ8BW<0I$l`-LouFOvuW6b&A=US=@b>p7zdWVk&!Zqn z3UfxMq{VLm<j+^VOGB0syBtL0u&y$` zlA0-?JdDK%cS!tZPNGcD+Qn6L>9Kg;1tbz(^Mic<=wt(7z?H<+m;snudlZ}hzP`M8 zf^bX@+%?sh%l(}CYZCfL`AgcLy1SlV}IrsnIs9r*W6a0H*S=WB(Q1kN-Eqnu7raM}< zc78X0JzY}7_)nI03gf`9KCMQpsQ%6wtnlhiarUj5n-7ZFsTTUdoBLY0ax{7{`8Lb| z^R{QlFIHMc=%xR1I|etI8ts2&`JAKi0KReMlqAD)u=Qwa6>~@@XWec-ZiGj664@b_ zx;iPE|GG$r&zRMpzR&`B(-Gxoj#mTsgEP3`R<^^{3gTe()fp3tBp@wkABE6{Ta7PP z-ORDx-+QOs(0QSj7#5HF@p3Ep`XUnM_Km0#a!X~1vwxY&gFyy8#Hj^dUHB~Pvv(@y z8f81P^L#_|{ob)cvO@V$>1` zh6bC_o*Z?tesfIbPWI7lo&BEq_N^OF%(fP{yGS*wt1`V?W>#`)mI2cEXoIb^1?1m^ zsUPVe@tp54kH-w0CX*a35$nXtzV*1=heDYb<=9IfKExosJFW#^vyX=QFjEuOJ+**p zAJP2_*lhtgJ52yM+Zel<*^S%#&ABVIW8we#2CyN^Gov|CA59nBO_Bh@nFc+WF+Uda zP9*F5yb5G>B-7~8(f$iQBU}HAppa*ZkiK(M$G2sOQUiltN;>SI>SK3YhToMyxC1I- zif?{~eExV_Q`KH0=)#C#alb^z+G3V=hU3JL@W^tpubUD^)nd5 zE1vt8lf`IF3z0({X{T2-zaj6~FGnmQ)qjgdo)B=&PXzboH++v)Q1=i4Ry2OFp_*KHWh--E2~IqWq#?!E#avOh$? z-v-4Dg2}(Nj}{=KN!TT-djFF>jw;t4p2otJ5PMXCbNRAcdq|(A3u@Tm0fB6s;&^mm zeu-D~U|*ribr>WSUE?E4uA${l%{X-XdQ9FbHXx`U$E-HvZ=ey!7!+kO?Rh0ne>sbC zE7CllO*_V->DsiG!+i>SYWU5LhgdZ0>vLZFUy4`ag6n^0k~*|6ABF?rhl6|-o4G{< zmy#f6gx8fVFAK%DIFan>pV*EGFK~TZ737CNl}GK=v=0(o=el5e)F(@sX{UL>YA%3Zk70`9NSbwngXQgvbQh>MF zjG-C7=yp&T@HSrZp2e;n6{kt5a464ceuue4VcVjlK4ebzq=>4D9NX^+sFFK|LUWz8 z+Q5ZImY4nYF#0@HpupppWIgl%p;V#Gj?Gy}QKi4TrAis%l`X1_sai<6=E^07f?Y+{ zWkYWw+u}%5NiDqCP&Ko>+mU&OZ+&7FT8M1_9-5uEr`LQZy8Y`n#w(xph!l*>b_i93 z_}4^ru)(%Hd(MbMn>l^v=?;+ffzSF7FWHi_ja49e%h@?IickHhR7TBU$)+ylD<7jJ zgJO_jGyN7fH5)F~VAi}6FA4;F2+oBH{W{D>%aD#4%~7Dxx1|GPxjrqD*}SJ(VBsZp z51?k6*Wj_hCAFSp*eTd!eQM4aCt|6`vp6wM%eYgk@S+`L$E=386V@4r3MJkHGP^Mv zfot}7CVrM=_ie#o7!$13f3wg0+?)|AEw&XcA1Z73WMkhLTRhc9HITA+CP=#7i81Q% z>!^1Culbh^JfZ~{3E_I*)J^Vf*S^qP1I4c1gEtrL#uF$8xHi2deft*OWbK}H>276H z`K2qslc0kL((%Ozj;7HU=cMJExH?1x?GreNpe4OkhnM+ZeuQqq3)3sw%a*G`9zwA% z>@vl!#;WAR#Y*f(m4BxxLYS@uJ$qtbmeilQFQ3<6QSH@t=EtVPrTs%yAL25#+joqm zkzp6d@>h(1lmysl;JKx?u8)m4gqJMn%ZRSZzWDYyJV*`TfC#1O=iqxV1EET+#wpTg z?<$`T6SeSXQxx1xzT72q4;2GT68vDv~*I4)w zFjt59UgbfNDicr5=95i)Isj_n9+sqkj{OW2mh9%a=u?UaBFd2qHJIuJ4V;{^{v=F_bmwqLkXNqfYpQi@x zC!8}C|CW6(rmAR=&qs++p!haZE!Ct|Mm&M8f5oI!I(+^LDV!8`K1-Xih!7` zyhjL#1#3bye*z%*Y}RE~vb5nd-nYD5O^B&adR)B6mH9r4hCW;bJiPb5L5VAD;*G{1 z85Gr4mM@p`QO${ZS#9AbFrElvmnRk8T0<`H(5oh=arYY3&DThD2ui;Rcb@c8f7Og) zTaP8P9wuAN7v4oE5A=#?v)T_T=ugQSTlbBYt!2>Cjdb9_t>i@9hyMvtGLa9wq>7N= z9X!kdmN0Aw;>mU#&6UNI%9|N^$|pEgL3h%ZH968X1l>BPI3Q@0Rz1-!JZ#;6^4!`6 z>pY0MHqvMmq&e(;Fd%_X?ic@!R|Hp1RXp1M+iy&O4zr4TzKh(wd9V=32@aZw4vMd5 z74>Zalt`snr>-heL)GM08Vr?zjd&Thxi@)cKMCW@pJP% zdDf|;@M*;cu8_8hn5w_!XF;snh0BE(P-i@|(l{dQh9m1LY)uy6Ab6cU1>3p(bnTi} zL|@e-6lok?B?WoNZf`w-%2kHVDPDp92vY!$npD@zI7i@B%wYtRV~Vz~kOKGqvrp+6 z{Xli0>YKNaU_$S8-x0 zYgNdD0OA%Z*=qun{2$Y0?1sEzuJgSVWp-=r-e-l+{zXgFbZ`g06P|dJtdo45;vw^A z+S}pv@cen&s2Fn$rh@OqR6L*cTX{BZ`R}y67Cis5z)t6I>hHH{HM`$y&czsW|55t= zPRQUpu&Q6)$GKf7U@j_Q(n4Q9y(0SF4B?1-h%BkA=v9Rk>NB{9=gQd)k9xYf80N+) zQuU_yPBIh>!oeK?D{5nM=i=TG3#_4siVtkXc_%zI0?CDMaIF5YK zAI$j^5mACSm6Ul4Tx~8ZZBG17vODLeB*;9nc0W}au(2a!g`D`9hwNP$TuvB^Oxsz& z$&dGxi`$IUkXm9nptC%8!9VCR66C6Y{l7_lYLylpzRb0OtnB7@>?Ze@uLN}Rl0b0- z*#ahu5p?~smzC~u`2jDKl}UUyu55`Jab=te7c;%G*0VFQxR5s*b9qgM)^9lc)Sk@#?pl-#}a=l^*qBD+Lbm$ zjn_A`_DM5QyupLsTSHwn$7$*Em@EpJ?1?A^IEh@kEtn~AEeL&s1aiHHZ4jd)4=DU*+ zYZtaCJG;>dEip!Br)ySeHXpC4S*;*{K0^SXcghGpr% zh(>*_<4|S3@ZqX|zHSD5=Z82?zmg(aYwxEPGO5HemU#apd+X2fssL1F3>sPXMXxt@ zlh9YM9`)$&FMk}zG?-V^?&kK8uqTg}vxitX*wRsbo)!@DJkdFKY06X0X+`ZqLOzzWV+w{#8KtzP&Xp3}lc5 zX75knPJjNU=SmYEba#8`eAcV@hkv6!( zmO-%}Pk>z?-7IK+BHGB^j>+QF0StlpSp zUV&h|F{!_bT&K!*AXU+7Gx%_cPA#3^XB+#ICRfn4?e9(VpPt+1@98y$8mjQbw)t7r zkf0D|!l0}Aa#s!}H#ty$)Ht-HT;+V=wbX4XI^1mbgDxu~`yGCcnapC=y!zFLC%y2& z9H52dI+hl|=5?ZQxI@R(;q>d$?oKfuCEOiF4x^&~HS!M3iUI{HPHc0T$QY{rULW<5 z&yl{Jb^LkA{F9%LZ7W_&P0QGA17VyCHRGF}UL4DHD`vjYzDd4~ZQLNpqfDyyPT|}( z`Y{0AUD5Ri*S1>vzI0G51-`-ifO^WzMq9^nnj21ma=*pWBVg<&&Ycbfwg9#_WRi&( zkloD&%F`_GwaWbE6`Yd1^ut6YoX*(#-x5G^xpuucj$TtiObg=;H32sYrkAT(BAUHR|w&Lolz*aP+?Q(KEHH zpJ=ugF4^)I_+3AsMos=jkAv93qkm~a}U7x#qo1DTLU!A@j|FYx7x>M?5YV26H*X5EXnm1x#xFaw%w=*_ituI?2 z9S|*?Y>Wpb`6|fwHNpI%SFh#xeJ=1@(c@;=9urWtAB3yF=dtPNhG(A@k*p*Ng~cU79`$@Wg}olSG+%ZgL3app z(0AC_YZlgi5`=ib&(~=9&$`OB^}0~;w*dQpzwRDgfMb2qENtVIk!d4@dfTLQbhZP1 z)B?49_X~F9JYLyT<+x^3*5?#P{TmR982T$*;6Isi z8%luiad-!bEL3{wpNe!t(6M# z)1%0lhZ3q6wl-8@!A=;7-Ct8xPI)5#hyG)_DkP;9Wt2*r-&!_ru@+=Ib!?Ee3c0(%%Lx@tq+`+!>;-iag9;dY)oP%it z0jD%=U!VVTKfNywMQ34V7z9hO>AM;UY2STYlkmWrltAQX#`vm@2zDEigwYksl{cJO zH@gR(AIcgK*LT~C|- zc=$Y@yw+199TU+FY-0Dn?gsA1de_G+oNWT_)N1-E>}P^-CD~~ z*`0I$4S@cdG_1{Goddp9e(VTwIZm<2s;f>AISPJFaXQC<#Q+_pK?dh~M8vvIG zT}X)!l6H7^klYp#g6F&zHHbL_Szo0%Aw^8^>z{I`(YIl44`w@6YNryMr|wPK?|Ct0 zgJVQjM_r21pMjcYd~?ulEBUH3XfVPP>thjVA^BUB#u^Qi3a*-VNUzHANjd7FV^4M; z98iVkK0jgrINhh-TWkpd?tmSQF~9g52P{@!%$bw%KZgOjvn%PG zTAx;Nj}bZy{+*lJfD{9x#5qg`7a|}-<+FrcFU7uXi7SC4i@aRfK>_L{#ADd+-aq+W> zUZ4H(8qWBT;b!|3j%APc0eB_O%;Q-t&B-k-S{>Zpdyl`Z{IN9`hg|pXHESM8juk&s z+Hw9BhtI)VOa1_qr2Eqm9kt_Gv1li$;&t8Nwsgz%XKO2tq259N=-EjMkc*W0ybuE) z<;{7k-Ifkk9O3O8Rn0guRwDT42~N!pQ1?b27uK~k(V3OtBUxa(*flwTL|3j$s38^y zT-}Rd#01+Lo|sX8is%s5{-}7>_c#RWDiu4a;j;3+&Gb$^(T0?BkQ&n*>4QRa@YAV`YA17 zK6W_>q!di^m1OW81h$R-e8P`%@iQFQT=nCywbzdk;qR*N2FicPwqMxURGp~<-MF6j zp);8IV<|v$?eisxZa~9l?G$5jO?PK_2c)_sJKp$e^*`;jmM-ZYR@z+_Iuu}2n{7eN ziU;Vs7?%X*?yStS%T>Fg@w&_hGbj+;8Fw@x+$gYo;=<)Dsmq0yWh(Q~Iq>d1^F;kv z2`Fz4VB>ZbwALw^12l8W^C~-y-&A|0{S~UbxYP8eS=>ImS{^YM;OY`@Yhmjo(Um6_ zkZfB>Pl7z|f6*h|=euH&uJlwow-`JcS}7{PT%K zOUcDp-apEnQ^V~CIj~NKg_>44RDqSE3zg~G%Ns(nx(yYf2V`-34s_i zl^^7tjz8ho&*=&kKq0ra5A}Bc8-o3M_F%l$a1K8wtUYVOpH6PlY5{5Nz3y7~FhPIt zGZ0kQ=Ud<1xU__uS96Gdb7gaTn?RxPk{eGVdGGjf_CDB-6;KSrg{n;^u`v zgZ%NhJM0aTg1nDVx;o5KbA6k}%_WT-WWd3hyplPar_2g?nFxZ*&grhWU(6E;5yVNq zuh%xuAeE{#q>G*xJP(sfCQ{TT!aeQ-LU71zxs|OT+Kc<8vVf#jCz9oFIr$(KzL9+h3>WYyi<|jlAk(zClvTX?1biItbS&G25xYz z5*dVlwNa#BAsB+Ywb^mOqX)}CC^hOX^Ock7fj}6Ba`xMEr7;2KG;84#$*&W+q4Irrv;iPZMO?Hz?nNY%BOaKvs1M^{m16iX~ylqS;*2;f+5}U z9WUh}GTgy7FX^jmOihCPs@iE@Rt7iGBdSW{_xkv|58(Q5VZE(?Wsw4$OZj=}S2iUm zV_~6Q>4*qpt-pf{{VNYL!@7};*(65AH;pgX6c^c-ILf8*hP?^yJtm3Jy;-Ryb_>5Z zZzg#D?V9+@x%k;0trQKa6a~6shH}eV9O~3q|Au@%EmzzoZ&sRxVI=7*Q?=}*Jhkh# zxFLO# z27CoEKs#=HEdLJ6fg#itiwQ!uQL#K#(0V7!5AIqmPfk_dQ5+c575%LNe_LTHsxn;Z zGF)t^>6gp*_uMekFvx#}G}m%!qDOcnwwO?*@aD0mmJ7+7LdsMLnqCi$9`FTe_`N+G z`^G%h;P40tp`9EV)J2AJBo2=?-J)Gg#wR1V`s~$%&(}NHn6s}tiac=aq=_VVdQOw= zf_Zv@DX{c=1+d=3ZDCp6uV*{B&GkRBOq{#c!opQgBFke(UrTU??6)eBy-6$W!*^b3 zh}mesuZs0%+dOukZ^_oVo5vgR=}tr}FNj0no>fhS@GHgQ)KF%wF%O~P8fl&k#?gfk z$A#v9ah}qoy}3*I-1xs(Y4ZT?H4F?vUwx9Fry1i{9DV0M@^a3%)c)rLd<+`G#FT^@ z>{_z@iHc_55@7yQ*d}Osf!dAn2&MMQGKXmNnV4-n9;H@H_qTPyK#}Zuvn+-OijdRBca92 z`d6gAb+v)~BG`DvMid@rv?9Gyp$4pvxm_jWyL!4mF!`pB9xp~j!s3MZ(t^Jv+0n@) zVsEMpd{$Vy7_d?)`%X;!0IvOxqPMBU90V19y(ITF4Agk!_sVifXeEnY#*2?UTjM(Y zbT4dxmjZfRZ1DASd1G+qr&)eu?01<~^*}8^m$nowF@P#cIHBJ%*rZr-75w|1#Fg4a zhQeLXm|KGmU$z(J%0mB?tk@#Mdo(`8FQ3~o>4IXe<;2f@l%f6O!D)2nv^YExOJEKg z9|l@y@)0i4`0*(2o&(|rRVqQNeX(;&H37ONoH?HDuP+<;!RZ)! zzmGREylJO1N576|lEDw5WIdmD!HwT2v)#j8y;E=`d$dBxV zKQA?t*|)^6vbp(@rXF4_UP<}#l<7kk9Vr2mOJ0-X7sJ?oWZ=vGdtvyeW*iINS-fz0 z*1kZ`<693sfZlbVS$(PM_8q^*QC14)I=njyV0o?nyI>;2*jP?$dhq93r#1eVfd=8` zEG}(ZxPPz}-pyr)sB9)Tk`{)lTnN*}=8gAOW;<{Gn@|8otuPvDx+6X0#@u0W4j zkK%jy)_zmiM^9s1=AcQQk#+zuS?*Cc6)MpC--34Hj%nLQl>b#L4JNC!`yxOJH@*Nz zJrg?t9m+JO{jh36HsGD;elh^d+!>L#P;%%bm96xW**f9(0f3OZR*phxA z^9K>;ipNwksr;)TxPPc$xbLZ$b1N%@dYt>8O$kby!sFWN8Ol+o>yZ8G;x z54bfc*+Gg6}~nG=Rm=vnzU*Ps!!vN(7fd`0()PT$3m+qHr$E*K@n z;-WaSs`&QLdD(ef8tiJ_Q#h6Gy-7_-thXV(o(4{R<}9MC>88{#N+sSh%L7%pE<6<0 z(0-+dt{+&>TA#Rg)H*6$;Cs&^xy;Z>!)EsWIfrvwtEE}G%OROB-{)=mb)6B#+Bwu( zY4P3ra!TI`D%LPs(%5`Pv@$PSA7Mi|m;$p@>>HxC|Gc_n0~gzsbDkqVU))|rCDDA{ zUk#>62VWF~Bdfe08PaX-_oQA>zHl*s4^^&5!m$!4-M!iFlZgAsry8?><~Gs>>pJ5I z^GAMSETgU==$=GqjItYCtGSp^-r5+xS<>$|%wbV=vYvOvI8-=VPmL+Y8GO1Y27%bz zs6xvN9${n{r?{!emeVndoLfcM$;``0E&rOQKR)eBmAlXB93*F>%ap$8y!in+5cGpx z{{m(MeuzhZEi}7e;VVW?vM=3?cSC8pK5v%m64SOG9YD;{Z;VfHJk;SX=}S}X{1yJj z-CM2or8;~L-O!sI@NEwVZ0T2>B}vtnQv%EXIu?U~sN1}R<$ssG**Xn)0@T86vAaTfuq}4xItBXoFy&9vU3-H~sn}9A z!lmyi7TCTFMW~41SpNinEcDJA$>xy8m z+Dq!tH_2$~3*o!g8SeBQ_ekaeOGAC) z#|wx2WfQs8s;5j2u9y@zi!Oa^Rh9wxeLOJ${$L&KeKvCUp`%0LF6IQ+0(fCI#_1$i zt;Yb>xbgA9vhDLImR@lt(7-qjHfpQ(A30Y#o#(XzOu1x6k&*53m@=YjZbXItN3M*h z^s-niEu2xr(|l(mh;5WGx$u6snyHcXO3|SRnKc6 z666TaBD#!g+`>tkqNGI*VNiiZTsNO|FxIQQYWN+tc>91muf#Z~5u)Iknjq`;jKC(uFW~0CyJHvF(F`6wgukJ%y{3}V!uHSSG@c~Xuw?F00i%rur3wMHx zb`Pbn6JMEMRvjeFcEmVo-mbIhT0KQq*2fCmP%OKK1X`P=j(VWRyi`G%*j8K7iZH8u zd+tx#0&zg7jMmq4d~WTNF$DCq8J)?uEBSr_*D^&QvZ6FYLHCj6tc32#k3p_<<5Ybb zyos#GvvzAn0X@Hm2_9ty9@3QFjohDx{?zRnj!X`Nm)HnnU2_zm;mCuRM2hdvu)uV( z^Vl(Y(QNQo@#$zLVn3CYvHZZ|p(MB2zbdNEWH4vRak7eq2ouH!dPnd?1ve*X9!!C3a{#e&O)wlE!?QDP%8=ndi! z3Zx-*R8D^Jvbp8ZpZC70@0!XBSkJRWG0vF;Z{M;t^Fnb=gf(*F11E~<~04@MZ)@H#sX|R;KUK!)L9h7!N zkpQ#zxI@3?o>uE|hrx71ezlTidTJD?zqDDs^NM?wc6PX<0A$MjX3!ehqrWd8O`o`u zUf{LL9@8V%iFYyU-}U)oISV42bY%u^kG%bGx>j!S66&^Y z_MK~nQj4A_j{Ic8eUVZ-tKE?u?;eb!ZRhpragvqX)#*Nx_QQXKc@28m4_NzLl=biZ zu8u2mD(w677wU6&R#lj$JVKHnIMJoA1VQ~75ztq%5tFQr1$T=+*!y=yVq9P1#ZY~v z_Tl5+={#5V0`BL!cRr-2+$<+qP0QdGN@ZAkMl1}+VKlJy0>Ak`> zro62g;Oj-)*wuaq)>pokA~CJe!bu6mhE4C&;N#vusjC~FgA0vtv7_H5`(p1Vq=kUe z6c>!u5!G$m5#lx4?)&~tn)~qSlC^Dw5-{TjOfJLg7Hg2q@5^;FYB=>42ztj2O4~WJ z4kL)Xf>qw(vK?ocCuHH|KYA_Me0Ymuz?iW<3||10j-(6Li!z~{nkWKW}>zlbOLZ_>9&l7g)+e6cN^bn7`2&w_C zgiRqT71)qTQa;+O!?+Bnx?B8P*d_igfi%xNW$hY;-#$88H3qvK5FDTdGium~z8i<; z(2+H24G!2}VQli%(o2XK$8iXXsV_l&Skbv8AnMKZZF=mrB8hszD7NkZ{`6NEC#BoC zJte7pq~q|AqX}XvVrrvqyV2-q24MbeI#69tB+#jbvpkue$?_e%4`VeC{`NTs@gi>9 z;dK~zDEJk8p$OifkqB{mO+rxX#>y5og!co2j+CaanW(r< z2X_Peuq8j2DG!1eHUZqUrjm?-BJ()3QR2RBO+;jxRjP#T<^*`Z8|)r$^-IhSQU3|% z3O3ceHT4{b$9<@KZO-!7S*TS4M1pN{2jI%6VmhH=gc*v~UbK0GFzkQR)<^vt|D(9TbMA|C@7T`+Hzo#gtt` z*2lS5i@&&K^b_!?p{y;S-CTb_2XZ+n7~EWoGzb1gGohz$CLXH(LOk3S*}ZtJ@1F0q z%K*L{pFdbU7{WsbewPGK5oUr4`?>(8s!}w%d`Fh7%NG!Eqza4NAV*ks1Ix)FnsWc& z1<-xV=<#U(y$xa#0|g_I=znLZg>ykh0mh1ct^p?5|2i@CaeBcWXsmI5O(TGFd9*YcgT|-;e z-Yn%xn}B#u?HIc}Q}9G5U=x=3?3j@@Gu5x)HMpdJ!UbefSq<7Vrb5A;sbyi1#5`;V zr_b%>jq^#bHC_oK7|SKiUrAg4OE$DHP8;^;ig0KmkBMq8bjEO7A|2uC^wQSA&Dv;O zWrlI^F7O+fjmG||-lKH{%s4Y?_IZI&jh(jmz|GP<+!i^H{to%eU=#Tlqcz>T82@>< z&TiVXVUCs-^g0J2hzNd;5OpnYcv;AV5gZupsUbul0-QPBZ4cDVH2fiOHChak$7=ls z6a!FJk!8962scks>mJn<2XJ2)0VGP8nJ_xox;<>8q-ZCP0C0?p+~qoI*l~D#v>uDw ztf)L7GAkXduz)`^U{YjclwPQHMjL>`y1|q ztxpBnE0{76KB0^bThXudV`y_PiTG8Bf1{1 zm7Ah%$=~N{Gq`aUH`Mm~ks(YPUUc;uYpwMY0~3F{!M9hRNgOL-H~PX&J?8mEnh$Yo z`iG$VC8gbC8-MBZQXI3o_bwjg%t=~lidn9vCTaX>%yJQbjk#rG0Qbq*pN(T5;A&zo zF8{83(A@6ull&bfWMQ(Y`3DA4<}HEGRYu@W$GQIk)?exoSUiem@HT<3_S{SgAv4Ow z%--UYJq-I&gBITBg8x`^TrYuqKJdvBcagNJovECc-oZJ$l?%R*R=NHIx$LXfq6gaz zK@U=W$Ssv!x%NZ6imLY)I)uV{%77opdYND#l=CV)A9;-%q3&4W-Rq=sSpJmxg?)m& z_iz+wMoBz!$O!TcWQb0GZ9Hf#7|NB38j^+8Yl?hE}nNtmUi!f>a=%8 zf?JqU@I{Pe~;QYT8t=WBPsg|bT`Nape*I4xjyn;{qp7oLzywLz03zlgKjGX@s7zHg(pH$9;SE! zD)4a)@LKMDU}oj>dcwJ)?@L2U{Dw{;uIO2W#2!7#4CzDKA|okr`a_%8namA-cgMA7 zb*-=vK--CDa~S=0?4UD$xObIWW70gNh1@=<+Xw%(>R?VC_CCPX?wUE0`&6*RQnT_f z`bKJJK9J$p_W;+hCE{eE>zI_`YeaCtHK4t2m1-UNP5GGB9$?2N;J3c|-m1yJlB9Wp zL$Owc4nEq0(li-1o#K9vd_N@j37~G2Frc>%#>o zmmAxn0o1LA!)fosDX*bNqJFCBZ`UWDb_o0i^d%6Nrvgw3Ugf`?M8Ohx;HS4S)QFMc z_?{7g9vdEt{#bhZ?G^$7!?CT14KVHs3D(BBAa{v+|{YZ66n ze*sXyE7#g7+Th}Y(U}y`=u?K-C_?2$id8HF)l*$LnA2ryB&sWV0 zEXux?V123m*9OQ5 zq25g|uUbQnsyn=l&>!xJ)w&+Mz3Vj0?l%*6KyWdiu&Xc}vebNm3C6cNu5VTu1sP_1 zY4oKDuXaMIhkFxa8DDvWsIo=v?&sHTTIA7zyHKEXW<7SAt>D0TBIr9~LA3QPa+-7O z#}0S`FsWnAc$HY~Id^h(T6fQ#kkE!<#r23Ek z$FHQDj9V$2OOi6KjBJ;Zm5`9_mXV#&RjzQ2vbT(6kI3Fia_w2hm7TrrH44|h?!Dia zcc0Ja_xr~m+<$uBXXiZDInTr~^bmP8YX3Dp2BsO(xN(sfF!l)_o=FKoko6@xF&|$v z-BMhiAm)dx!qb|L_6Wm5(KUOLPhF%lC=J^uP*(~EVK(65?qetweoQ zcZi%zQZkvMjJvCJnbxPd1VnH*KY8f4QhIGY@EyTnXl~J*lP5Tu69j{AE3-hq^pACb zwOKUMvLjg18$kCyoy!lSm3vd}84mu+9s-^Y@9DZBx!YWAooOSfQ68Ye>|D3;IS$J%jsCHTp`7Wazk3is`i)Tcj7B!8FIQ-5N!MYs4Q@o08BD8N5lomwlj**Vh*spe(AOE0n zGrOY+vl)y&Gc8U($q7Rg-CY8NsOwCjql8d0ySFKyXUM?I5`Sub?)%&wg?X>QYNU-( z+sPk(s1eCHO<4+jghVkwP~HL~q!uilv-x#(GcE_|!y?r$G|ilwP~JlkmhrD9-3xXT zGD(u8h44%w$BTXGP^>PQ{FvG4e{a3F3-a^wg;P_^4`|b;u!d%9)N%#Eo0$se#ep5lWhY%b$@)fG38I zz5gp1KYXhg7B@Jrp3KZAWESkr?l*x?0?Y2)m;NET=~4`SFCC$ zwqn~3Q8{)`^Bdf)udteU)Jl%;(8A*FGBRKdOA9r_F!_A8VY|cCp2Oe$QDd{Qe=wAp zngNLe9aq1_9tR@VCqm7RgoOIS)E2r1gF|l?E~H=U#E55f9e$hnsRU8jQl7LuNIzkE zwf{Q%WY|iK@?e@k{q%3x8W-pv)=!0gW+&2FLUzamewZ0rb(uvB^Hj} z5bMg1$=naC`6)HkN$%=w9jBNOD(Wr~5ihAZ`ucMMY&IzFS{oSOpYPR&Wzbumd9o^x zuh?R%wbv{j5Ukn!hkib^V1uF>g6 zwFQw)GdG5x#;(SwZ9YZ&tSiW@w`PSRgLgWkB}{aBY{Wg-tYS^6XvH+N^M5K)4T}yY z3*Hb6t5Vp~A9vPTQ?#7jn9?-~cHTuMf2{sfp^b;2ciWJAwMGRY+&(w8XY8#eJy$KT zgpAjZCVda4H}wi>w^Moryp9!ssr^>U1oSJF8qu|0V2EOMA{5l-tw??{JmoD*xlfu} z)>c4&6dJ4FGpeENeIgMK*wHWd?%+qwTs6&JeD$349J3gHVm3Z2R*i~%4kalaqa)EM z-I)yKL5W{?cWxAsr1vu`DbWOI{|le}!eiAL(|e(WWEpg}r;XQIrczYp@JhCr-w;8* zn8|hbkz#*qn4zJC!7s`F#zf4x8>4vk=ZM&Xm#FOrmdBADD4ByKM*BNT$9d|goSvlJ z>`aeB^XVNPNGQU)qMQic0oVXF#9?>z3zGG#NaltLwZV%-0sS}2`bVmWQdWMa3xemx z?nWnA4!K=Pj8icXTV`6kDVrdvOkZxbG^9$e3|`%#=Ik0_xz(HOi+rZe^SynLUzFP_ zk&SJ_=z}9^uG^ZfakNL3!Qb2hjyF0oWWmLk_t8hgVBQ<9yODl;)g~A0wQMzJ2S~(f zrzgux)bnZa8P4P9gpej-8-F*vvv-vG9OKN%ova;y!B-)UQ3)4_=Al<__R~^^HvrB? ziP#qCoJ~Pnk)!rP$}ct0z3Xq_9Yxf6gzuG`s&b4u{b7&Ud%dA#MY&2W|5J0BI53Xx zB+K_h7fzm$6w$2K~rG5)y_MhPZ!fat5B<-OH)v8 zoZGWybjV7g8vF2dNmZqMBSHPq5t1xwIdL6v%;54D+8iJU_3iFy+F6&Un_udIAKM~! zmT0q{g*;kZig-d$LGUa0Oo9ZXVS;BL-4YZgh4F1ze(VC3{Y;k z3`4dEBn3Hzi(fG(kLr|b2P9ytzK5XBVLO-_KUw^Jm#8ZB#lPkPE}?1p6{^(_qwa0_ z_t_s^*@?^Z6nlW|O7<>^g;@TYP4JNG%v8ABe)zF#_yq^PE_J4Gs?F-e7JG|}{#P37 zVod!7ih3EoP6R7PZa-`jm+zcqMNgP`c7>*(j}@^WJ>MA5@;HV4&)0Df-c&X;o3PV; zc|FD$-G0nBiqLI8PJmp9Vw2B{$T*TRJ_@Vupf{8gvZG)8!8PaO8%Gl?;-tWw#z&%Rz>l@+>YRH9@};v&YZJ#Fh!<6t@7x2dE&JubAk zOe`NqcaWW?r_o2M0~)ic5W5Lb8^~_xfs?)eIoyKEm;Ndzzio{qR`#rCYOC|LmdKta z9L$E2MXjvsl0fjxS^-*hRl!bN5`$Hup0{VX$vQ_nm?3?d;LBIrL~Ue}50S;|r_Y($ zp5AEL^xj``h8jD|3WmXfV_%l8t2}(?u2UbsaMgmbJs8QpCZn)ayzNhSZu_1-(6z_k zPs5_=@9rmxlBysUws&eEEag@cMZ<#{Os@9NioOpK_Dc$Zd5;*S z{iN@)ic_dDx&qhRC(_w%jP5v=7@ZaR?N^~27a`70j2TDc>_C;2a8hzD4F{_gWr8u` z$XQ??ar!Hx4a^!TIf~Z0iven#XC|_x2GJ7i@1!+#sJuI5COmi^q|nPGT8UdQv5YL) z9jQFbb~k6hMN@IgRaNB@(Doo?Pnfz`mA_Z0)1xLUd`r`A1eANn7SWi)#AGlam*l(6 zI<T-55|IyKHeu*tn5LY3@V!1Hq0sYtD z1qR}um@V{+H$&tcO2=WYnAAboMhq+3njCf{Jql&#up%WIef)0AZ(O4EMyVlu@AXV_ zJDHEz@+KUTwI(t8#EN1|?P&7yqpKC=(&;(dN9i4ejH7|i>_aOlgX0woq%KzZY;JCO zWKF5$i|UHzGkto2{UjFle%U)LifMKUA&=9if+AohzjfhasP6c#qdKqdu?ZPD&|!Y2 zan%B$%Mp3l18yD?Vz1oohO>xm<%ak;Cw#JO$h#zp^g55r->A|>Wl}J2PFN&n$C0ZwQ9Tld9OD7DWpc#&y6y05l~j!``=hDpB$8kb{qs@WZzoNI zs7FMf8M=EJgXGaGy_7oocQUs{tir-d-o7{|X3KK**(_)4O7W|xxK_&P={m&T+!nVE z8FCUpHKjawc;)o&jxsiWE<_bNbeymdbbnxGI3~-UX_P1(7bN+C6I*gUjnkPc+wY&= zaO+K;73ezM8h3tQJ2@sej-|5Hi5@5*owMFfi_`foJoyCrhY`kBIj2Rr^3_E`%pQ$r z4ECKBIr~}3(McPzoG)k=cULy~;@SSZ^$2dQI^FxL8{zZyaed3Xzd{pT3#A?G7Yw<@ zl)2@;@LXaPwY?_7W6>9@&TfMLp|iGq%SE_ffBpRntF=gNw~>&P8k_f0kIi5k*QRPk zr@M>jJx!t-y?Jbl1*Q{<=+5Z`T(t?3Oe`a`Ec3X*l)T&);u5ZyCCM|xw|{x}umEi} z*oaXd-Z-c!qzeJKpd}6$)F0FVN1eg*CJCdudFU88=4v@*Bq!9%+3T`hxRE1FmM_@$ z@O6ZfVHdeyg82r|6s6XqG>29VFIt^BS|}A;HmQ?n@V4GSM!J4!zT9UlO`quu6N>`Fklke0%Ko(?4NH0tXzfEF(X-2<3MeZ=_(~{Yp>>=3LJ- zrkKb-HIF(HAW|U)m3|pHK19L$jjydh2_IwyS2BOUYP2vA5m>Cg12Rmq&if_?LKmG{mXZteqoNBe|e5_7-NG^oEaVy(MQiTYDC*IxHQJh)yJCGT#5BmiX0-L?X;%bkx`iLs&g{9emF5$ER>%VP2BzLD(E zfGWM%zAbpVO0>a7xbG;dxTO1%4bwb<`abYC-{n(fgkGgl;36cuz%%dIQnDyJTGvCb#4tu zs-IqSj#CIRv16?D<5m6-5LH}amAFXsUcuK~iI(&B!}HpgWFKp4M~uk-L&^NFbjSskS+fc zAKk^at|Bf=D#_i^V${xDIUdKa9jUO28_(vfDz7G_mQ@vVZfQU~{JolobYp$-<;$^M z@MV9-!jimfK5%!L^W9`$y9#u7+b6I4h1o=m_de$C3G31j z!Pw06&AtC4y=x$_M72E{9nUb4On)*sXP99xD1cO6P5?@flv9%_=CI;!5YH2M;v`B$6C8eFV)zjS!4gF=UVa-#cOA85 z5t5((f=}1A+(zfx)zOf-WBOY?9a@%YOKEwY^j(HJxOJonZ-@` z#aZmqTVD<@xoXgRxYrZA>F>jIU6)OlW$nx;N>C#oZgej2EpVq);7Nf-A8%-?4HHZysA9g-{uK(v46ujAgkC$d$iT#TTAbK zT?>vv-m$U?qnd9wzu7{k!D6>MPF1tXDp~-8HqRl|TR4<9hB`J_ z(&F=C2oGI+rgQ?`EdO(9M&wvda~HG0cn}#Qa!Ncn2oTcUkOMJF=P9SCBuDPO=4K)d zzmbBkn6%mlA9BP*ez-bK8d0x&m}S+g@PS?tC=lfEJ)=J+mE;Qd7V}H%<)>IsXcW=( zWb4ko*~?bnP0T^5Xe_ub(S4cWf?Hkm$nBYM$C$#i~aB=1=m;m+XF+KRcW5bJ^UNg-ga z@Wk>R9QT*CZ0n6N1d&=U3Ml&nPHu)FV{~Dva z$b6!gYQ{oOv9cA#;boBa#Wki$L%~17MZRNfMAy+Pi6K^$bQV_MDBI~-bd+fq@ZL9l z=8JFBXIK;;-jbxZQg#@^$u)qo`{H!j%~v-E9pTuso_gD@14o#pN~-Rp-H2$${+^C< zp9w>HrF~6mELhw2(FdDM1?9TXdHyno@nlPz?gR_u14w1>E!6IxKf+EyP^KxatCb?dH;LHA zu%cNtHi1^?qHt5imV?NnN51uvt_kZ5dv*9fAp0w%f^4S_W7g=)a zk+Od)RbItsCc5P-B~3KGmKH~9v5A|Gz-WF*X?(Nz?OjOYkL-K1GPj( zz+@+kGB#QSxJMAnHz0mUL5M829qUj??Jyy5E>;EVUaGtQ8SR&AH-!6oM5C2!Fo&^J zt_~2YLaS+i1ol4Nn3YmK5w8AAA4{}mTsqWzDagp=$xFa-PCTeC7~TuJ%j34cFg z;q(Wqh|%_mZMUDc5zO1q4ofFo!6_l)*YBbip~6@G#ywYZbzx%-`H4X(;N^?&h4bIw zT5WW{jt8lEM2XW?v1-ieb2t@7Hn#}@H89BaCm&aPFQ1wy0A|4s%F9=w3jV#fh`7Wd>Z^cq2kW|78WEogHVHh; z*Xob=?Rkaj0CT1Be2Z^^Be52KBW%Q_gmdlS=odXju<=JG`P6Lwjg#C*d7fY2aVji| zJVaD|kxiZ?fbI0~4>mKO*HpGupMYh2hpfNear2owsxq~!>ll#h@%WzPY(RafJAiwC zTI&z9`DJp9`f9KYI+Rc@Lx~{h`hCNES`}@3wIZ+Z3g^XP@}e>eGn5;_Aa$!D z@AfaFf|5tsLMy+FPZ}QSHQCCF9+^&D9uv=#B?Ninp%j3)VzM7ZmAOyt12vu zFSNDEGzKw>f*6$?CM191+uvK9y#FW(DpzjE&#glc!qACUSCNTt<$hc-jlQNuQ)(Ti z%w+LSVCC9` z0gyZbHb*A@)F}0}2`GzPqvw)6S!Pj;U=db)-R+$tXun&Bz3AI2owvDVRWpv6GJP=3 zeD17}+G?UAS9{G7>&>~Ec-~r@+D4$!4FJ(wz$=KPk-B|o#>p<><5NKuB%{t2_W#M7 z>Lr*IR{F^!UV%4~Kl$HEg2?B6?+~@V1-xv6Fc{t)#Ap6+>2CV8Tn0h`wi<7krb6=s2ELyJj z_TYaxskJOE<(X00%VaE(X8+5N?W|E!4SF-UuxZPk+w1NHnez4S$I;%FIw8I<)edLV zE^d~ON!v5cXnJ%>q&4Eu|I^qqWH$l%*qZcANQpGpxq5!(LhPBDCq7m^rJZ^MeRyN^ z2MNF$(*Xc+x$EGK#)S6cVwrb0|M%dP2)!+U@@#ji#eKCb#~k_Wj=Q&YP3=5QdZ#XO zTVaVe=e5qj*BYFhymWk~wU7nj(4%c9+ri|M1bXT4JqI!nWa-teYrY;FBi`JF`nr?& zB*V7$HMj^Yi9a(|u!Q`>$YAMpb}4RD(H}P+bk1KWN`Xq5+1xg0v?IF*jw)uTWim1g zqkYV37#yCPob`Zh^2tLfz`%asQFPnEFgB&{GIDK)8bA?HF%OTtY!}p9rq{~`qYbdC z@)T(_$g5pIvHg8{oommi)QSH>Dq^pwPn*k@TJEF@LJ4NBgIY|ceM4%Zv`5bOpObzb z$3s7*lzUXlJ#cGMp^w#gQto@}OSy<|jO2M_c6S5lg7EbCjY$O4)uEBNXJ@6YC~ti! zhF4*|$sQedRs+LcbZ-jD&SKFBKg!++Jel2@9pla?LKkXsX% zLOGT60d(wRUJ(~C-gz!KFLWO=zh>BoIwnD5ehhO!-QNi$|A`>O82gj7{QSb(X{>V|BA9aIrV6T1G= zdpSGAqX&?t&hDJe+oloYk?k$^zMITxdnVa;=Lv@mvi5397EIdU)&-4sAS=Zy*rGIU z_`VZoMnj-X7A$x7o(fB&1+lvs9K)^SqJES#y%vmEPSQ@iY7(d{Bfiz!LIO z%t~#ZcY8;1cLzUfKKWxo%GC0r^i#@P(iY|p*j2)idV57LHLQDx{DWzT;3~IVzw_xBf|=dUs6;g|eSwKJ^S2#IeKDWuh!fy3 zgP39O(s#p;ZJ=^hTNkquAl=abkP}127jJ4YqwrUv=^G57&Qw^48E-x;CCDzXigvIi4 z0U3Jwwbyge$VN z7<4i`pEK$t^OjD8N+Qp!j>ZENA&ftSK3U$sA>(lVbAV6Qs0epr!3tFuT+CxrM<4u|WOP=Gis`;)`K2tR_FYDU?69lACH}qK zR(9A-h4svjT@1YMy+n^4bYS&t+Q=%X6F~9R_b0j>g0OcAg%x=GYq)Q|^3o3p<|S6C z)0gj#BKhiFN^v{B&rcqv6f@7_yPiVsuue&A`PYFMZCd z|Eu@|LXiRwPz#{Shw-(h^-1{F)i`6y3SRQGIOK@Z1DCt=cz6nc(xtq{kT6mRgy~f5 z2k_q1{L}A>6iznjb`HgQvlOShu4}lz7Vnn~{>a_2(57wj=08)$W05yMeDpON zE@;ic-QQYSF5w<5I3b$*+9`L`!5OAY-)xqgzmmwctk3LxQ6@PV`W~WmeC7QUdMGN7 zY73^pf^-|fe0pumEv?u+xOl;n)eU(N(3}%ELPJv!FGI`LQ*_T0)qFMf5?Uk%j*m?T zHV}Tx4UN;!ZT3s=groeIhSWjbEEuoEBvP4z2kx?kNBbWCC2!E70m5nmob1~xf&x@T z-=V<#)o8Z52=2mn2?!UB?(_wDi(J;2ok;mMP%0s7K-p1jaD1eUawun4`{9LFWFlPS z+3fEtNs6I}3h^5OWmTGps!9_vJfBi zrBk-A)AsEAQqW63(X{FpOCK^k-BmJd7+mf)w3ojD<=a9ns={u|@Oj74-uMbt7oRia8fJZ5tshoRWdeX3-^fGef(k3!hE1m6m( znj#H#SlB%CTWI4YY7$j4E?g7fR!OFsh@*ZMYc8F{H8e!047MrYNKlsrZO}H`LfK$$ z{-zjMV(7P5X%pnQ7uW?olSFmlH|-pzf>~^K&VpFC$QnPGO_ItV5Hnm9leR^iw74uT6nTC_{(BWs+zo)ahJ) z#O~{OR&<1Q)$2o}HX*McN`~LW&@$b3A220%8WKfME!OYPPWeg<1HEl%cW7s93OXG4 z^x8I)!b)b*w0)D_lwRr=$+AiGsZzSgz_*f_f_8p-Q{}#zWN`b5K4-#r{g})-F^a*a z8X;;j8rz=lK0-E|U4g!d;bDl`llFdbC+0_eGe3CdahB}e#Yj^b*s$&S4qh^t zP|r}X0paE@Sg`N+=(DvKm?`204Gk+z6rM zl7=pc-~TT;fY>{?@XxIV&~>lety5e#+L@Dj$-WBGN@ z01@NR%Pfb~e+CV#$$Oh%m#(RzKZw7LqF)5SfL!J1T8xjyxt3g?o^ajF@E}Hp^eRz~ zK^b+UR964!NZ?;MIH>ZKYGUAX2GNrO!UW&g^&sogr~CV6jZ$;H@$bF%X3z%8?FM8e zqklN6lsbDRW(8$E=%vcJr0;&!63JI9-m9L(W7mV~_Ft!BUvt>jvJ(+dT-xT@jcqSx zwZJ73Y*mug2lFEo0(w=r8_veFMEM}`cjNyAvR^<|@e+U0%85yWra6pLn!KL9%s`BW zYSmUq?lx>yocCdKpjYXet%X@!8ZI#`;iJakI~vmi{FIOE1N@m!Za82ipiX?+3Hd7F<$h~$c75HGW*;m zH%;n_kpP&Vr(XXmRjE~|ll+|b`|g`Ah3nUXVWhmhZdv`VraF_HV$Ld6cz{o$idCc(+zaFa3ZZwc6N~rHi|dWH@trH86s?Up^II zE8=l5yzJ-87zNI!i~GZWUaG@P8Z=S4vClgO0kfU)snvGFf$F+f@Ai~g@f`)V+_>F; z=F3tT%{WaKtw0nPHlEjFy?|T=(SdKDrPF5-WmkM1dX>Q-5c7gso;GXlxHFYtQzV}u zIqK47Kr%5q8_^WGHXHukPHV;dwb;e|h`v_JOl%IR)*=q3SsY3>3XVNR$ERnE;J8Zo zo5IG$Q1ia~bCN-DgfZH_)F_E{0^z|f_DI~C>|zn1wFUT0`E(s890b=NfC)ZX$Vw<* z(f!CH`2NEc|10YdD6DTu?}k3-A~}9IG{6}B#oCHAB1MyWzXX#Zw?6QRO`C7Ai_qiw@RhD z=NyG@-@TC2TRe#4|K*@n*H2Y0RPrF~hU~W9(ebsnHNBSdP+2@r61STT$m)!Tpuqk+ zEgf%1`C7*9KEF+HPb&n9hjqhIRgf}CcM&=?1CvN)8vu_7I3zlg>>ghCS0xM8r#Vs# z@0tek<(Qh^$jRwQi1K|Ms&$>FP#K0{G_7hcu9rG*6~j>Z~~M`w!m}`4}#)n>Vfq0FgSU zH%pqXA8wfuaf37ulFN01_=JeShub4HB5@pm|tt8g0#-+GUsJ~Ytv$lADjT|M* z%fyn^rUf%u)J03X zbHN^sOgYmbIz%bK+zw{Dc$D(kN`U2Fq|)Ih$<#@s#9^zGm?O~@fQ+;8pE@ECgqeMB zh0G{oRP1brC_wD2XwUt45lUH3yFmcSwvM&MP9@j>Q6 z0S@e4)77m(8$@;S22*Z=&tWXpb^T#mC_9zKnQg6*4K41bRK!tx4xia9O*f;M?RA9h zonOn2CWoWv^PIKcX9ZO>w%!v!B<9|$wdi60S}OU)W)6IvPrdi!IUw25JDuyVd8(bKxG#e8SgG_Bh8V5$m)JnOfr89s2otYvyVniPhAp$sJkyq zpgbmmr-(UxuV62HoKkNMpgqDbwsqHa=FvMT5~fcr<`dK{pC0<0iQ&(_Xhm9X(|q+o z_If|Xo@M6oB=FjyF*=e<8idgY#%*)V&W!yrWSrdE#E-dP5G*ks>XU%t`LNay+5&WVNy0}^Hq1T zXKYe+7LyGEmA5AqmF>IJ@I{ZUr{JOg?yr3VOZ)LeORV6>lWW8U31%?v%#z`A{F4t- z6^&d#njCWd_6nwYv9+kS2!Xx!?XlJp0%7tn*rcDjc0P}aHNVX*lb%jgRwOg~RLPq~ zd1OWXaw*7Dy`dFxyGO1Ep4Rnk#$lZak$Xy& zC6`h4K>EP^TIO8JDJH3WHK!Q552~S6Ih@6bQBn|AC_-Fk>BFJ{{}SqmiNSU7x)8$?7v?AtojZhu^Lx<7r&!n zmLZOIFzAM75!@7I(?~JgB3l!J5sWvUWC(&|(w^C824!o-z~F%TZxdk3;)&)Kvr~S;NdsTGBZhGJ0QT-TjSH{2@BXtuZ3qHWt1pPmf69%L= z*6FBk{5+Kb|8oXAkL6E8N;xd;WF~0)X!T!!7lJqoyK6V+!@5m+2w^f1{nS-om2aPj6H#-Z51lSUcbIXmv+l8V7mY+0}o z^tm+vP(q}#Xchhe!D7q%4&t>LdhnK!`h^WB+=^uK4R-2y-yBo<&x&Q^yz{;Nc(}9I z7=56dbt+>QoC|%moET?}E=8{oh`lmZlzfi!a-zaiS5!#S_P5^gxVL7BR9^hS!JS3^ zsA!s#VAR(F3C++qf!M9!1}9`a{CD|^xoX_-K`}cXFBqd(m7g?XbB&kp2`G%KhHQ*A z%m+ZfFMyL70jp}a&o5cWG|MAP_sh-`S+$t#xCX=Ny0R4-aaxgcxMC`Ljpl( zkhUCu3`{oFhqISj`BSIJL=r8V^8U-B0;pnbBX+PtD>Vh6Cq3{Q_WHbn`IZ|jlAs+& z;k=d}qa(l+-?&Uy(V;r1QQHxG9YEdIPg~ayR!L$Cw@LPJhqCG$jCEzcvjc)pI?ZG8b16|1pdE z;1VG1EfcYlmQn3!{z>bK%2Xfg4#>Pv>*9QOtSfDe5QA@|Mp^WMwnh`u1Y!FMIjv;v5lROqoF)q~M< zb6!ZjXZ{bioAVH2D1-2j$MWh`IK7N)7yg#);;Jnz0m%s?zBpeTNX)0Z8#wTu-ihwD zmIMKF$b-78eNA3rwx?p9*vX(R@M@<{iS+B{A;aXpco&oads7>bc23iinOp2NhdNQDu@hAH6jB&TRMuBk;2Cv3lr! z@|6CV`Va*OF0Xqk3LpRH$y%N4b!eS>S^q@~gyrY}p|1QI(dcm{xf3V}g8`}=N-`$+ z{kU=T-kZGo^|fd4AC9rL_cth|BLLNYK07n?2(1-KLyKJ4SM?qtO0*flBM4$sRX zxM%PsUkBMuMhM$azFjH!#k~F-(*)&#%E`s?LpVWTM~mJd7;!gm5)SCU@kUc!Y9e+$ zQc;n;ft)ft7IRqIXv-bYNEpF)qxdyb@sF*(rX`yYV^r{d;>TUbpbJ%#7aqp8KK8<2 zOX9m9^6A0_77XVLVM|S`p}DxA7N_rn%Qq*0OsOuncRRSBI@Y%*T)i$-H7G<96zyxZ zaf$E$zy`MQ0r^2%$1uAnBCJexFdGV{ts8vHIFWjNEKJa$~^-* z$;5D0H7haw9OiC`d(hH~dW9sZy2M(_cp#0##@4u`_>6hL^lUYWUn@BeMSyDQOQqT* z^`2q)=0$)!g)&Y2PH3aNe@FA=mr@402JJ*G(<1+l!Gl|cDYpJqmy&b~AVJxnPx(5k zAQYHojES;vQCj}rT>ufjPCtPl8QFwL_*+h1MPoaZ8e}$`rvBissyAIbRZVIGq5xqV zAwm|322f9CtrB36Yi*!29}v+P92@={Zr+FeY2Dn3sl$`YAhEm1!!L(}sIR!KUo6*> zkb}$7SZss{2!-?rzeddKC@}T`vM>8_moPB9$Y1cQi4gAXxEM=(Yn_g}0nDo%K?ulY zBFmk^;W94P5@10GRH>8=>*uG#m5w^_XwydRNTVlQQUh0>vO@x;Uo&IK2 z24ROovBJRLrZRr$M*7P?Ur*;qGc0#oS@I7sl%OM)tIt*6nQV;*B5{4>>)C%17{d3O zA+>~;pQe|5C^>%%bSb2Q9sYoy1`UtzN#}D)JeRRJ&PCVLWx{hUvrMY(@?(6Kg75`O zM3aWa=&9lE?(v${j5h^AnP|7;?k=*N_PBrfAX^G|nU&fmqTC1eWvB;-=Mvnn9;~9k z%)i`B_g+&UhKPQbw0QZ`6?^8J`D8cDn^AtF8`=A9CVhX#sodO8f68DFVYdJMzTlg( zq%kdcZccOvY55r4opEG6%H3sZ#>VE999Rsz!a#A!EjAxouZ|fb>-bHX4cCrYro*=a zAo(m!bML5$v+}ch{m2nRqfZA-2cpB7jZ3=I{iW4*1!HN*!1-6(&a+<5#=OQ_nYW*{ z)l8Lr%VYVD)5Y?NDz-aJ?^7}zU4@9AkAT$eRgcu9QaWRxnXe{LtGfkgZyc}=?auq!N^)WuD`lEVc>U+q@8pB8 z1Lzyy38FJ`(J~vMyQQv(o6?mA?oBC_QD@54%>jjr|17O<>=(QjMbmS?QJAcMpq>24 z{0K*@^?vlJ`%wIgQc@qyCGAsETWltRi{kEYpdEQQ*5qq#Ghlso>G#JVo|!GGEZ!hz zmN7P2ls|S$NSURKRq^d{V5ovUt`*Mm03@k=H0NpZUI5qu+DV~?{a3j@DXIuG;+u8Xg&Gs>N5Hvuab6i zDBJQZ4PEl5XF^&olwJzS(EAS|!y2_O-541bAKjp*`w4h=TGYa;cwiJnskG| zH+GErrr{;(Ph19+Dc5fzT&SgI_+A9!1O5p-c(3*S4Hp@)bV@1R#^4eEi-I!ryeS_s zrDz>N#2hF@_GBc!Vaz2nL3$^ctFP2cM zwBgBnuA7-3%DD?jA(T7ZC0|HfZgbEA%5gd6p`Gtu3Gzo}`TpI4DKewn;Sqk-$ULe4 z5UW(cgm{yq7=DAalInz&$oOjHC!Eg&@jRY2o7qj;?ZFU{?5@e*Jc+BA2Cv7&#Z{FFMdis;NFDMsi8}Io zi~H0`m!Mr%B+c0$)$EirYY0sF(ckI@oa{*`k}NHH5;W!Ng{uStCax}u$4Xpe$P^_P zm_PvLQqz~fqsKAO>pcZF;{+>7uwH)fKTl2I_ zB`(jiEQZlWGZ)P5mLHa{-o=X*A*M}@?HiuslW!Ja7jxKs%;;v5{gPStA-5E=9HiY? zCF1u7dQ)1w%G$mdYVIA!+Z@8}udqSAP)r#7rl#C7##}gud#^uO8XmzI_23b&EPV$1 zoZ-aM6{{?rF}Y^XaSOWV^7p3bRMk+$jFTBHFlOOk`5NDIQeQ+(iE7By? z@oziwXTJ4MgYi@Y?`fWy4K0YwO1IeJtr5P+;}vO4oK!{75{7svFx-cDWjtxWv$UJ5 zg?_JtI*=c>cs-q1H~r!pvdz`iBcnv2uTHlRXDYS%4krewm=(3A2PW<#W&C?}^J{0G ze9rHFe?H@Ml3}!A?fBr^BR+2d4#rn26h1FL#IAkeRU~U+C$WdPE}im z?PH`eC}c3a3rJvnATJ9cw1DLk<}U*N9A{7<-T_>0D6F7J;>RVO^SI`kX^xIw4&eK;hU|9jAR(F z8w=Tqe>G1^Wg-gf7i^tyEXM3@ddIC;H0{2TwNs`*<>7R`>m0K>5_bJHO+$H8n{e9-F_v7`BL=K#)?^Mme==3#o^%C8gZ#%rxXi!|m2%Uz0nghUfRy2I>du zBe<2zeturg>$pOW*-PFd{7bZa>jnOwpm#+@tbjqCgPun6TnMo7S=xIgkv|@G=S$XH zK&|w%nAm*FRgm2o&{r-d1n;MVA#+PP7Z4R zdNS7%rmpkY+2qf|!**(hG|;a`kIN{J7e+b|I@x)ws;Nh?Tx=5Qp2t)-pE~^`gfbF~ z(}$zBawE>&%h(v%=eL{a*Jb|@2Bh_;zLN1$T!OJqSpHry2cbQO%x>4+#7$cp4#)?eO6z9irlr=SB^BrsV=4LOjA})jc8ned z9)q1T3tt5l*JJj@NZQBy^_T=k^wGTU9%Uqv@^OEbV&c$)9YO*d4)d%xTj>}SMHDvz zh<|lC9;U=f{T^(Jt-rjV3^Q3^vE|U6kRg1WLA`PhR)cedP`(nfHzaw0X)X%yx7}1p zhsW&lbtjXrE|iI*ZlSXU z(fo&qN#i(-s=h|pgz8S(1?G4U1sL!_U^abw>DE5GeVqWug3CMYX$*P&HCBiWz_3`~ znZI31bQ~h&t zA3dZxOOW>7AGbc(T^A~Mu^m&VB;QzV3Og=GlSDJn+=d@mI8&5_v-iN(FN0@(REiS@ zilQk4w_K&j5m7;1ld1zeMDp|8m>|1JnL|0D!oy2kqEp?^y@cVK&+_BtgwEr`aOkaqUcn7Z zGZts_QJSRmb?b*gYof%6ji}AW=-Z|LkESz?N^0@icx7c}YF#VKiMrmhGWC}8fK*mi zrqs1Gb094GpXZk)@DfSVY@R5pC5$Q0+Zs&ORDrZyf9Ih7wm7w5Q84k0%ctszXPP>*ZVaMv)<_vKiQb`yQ`%RC;HTS+NIZt zxmXGZ##J1b|65dyo2^Xp1ZlP5J(+r*xp5J4c4A46Rjyr)7Jf98~+9AoNPhmsi>}8hmHAImVK#GJNX3 zq5STjL~+^t9O~=Vgbjl5XCXJCJE;u8rt{^?B{^8~!cj^UtQ8zpmSmDu5p%>2I_vSt zrg*`pj^WgulANygHb{GXJjhCOVb91QU0RWXbK zZ*^wD_|p$l*fQIL&m*%B99_Io-!tcg@Ss$wX!oTNebuXc`WJSe>(_+lx#y~tU)GQ} zISQSgSCF_8%&Dw~tmwVv^Fw9F9iinhYNJPq`DBAH1wGOl&6e*_Njn;&8Or=OTMxd! zD<8Q{D(|xT;`41saYv81ZNpz{DUh7*9kVjWol}3WkqKMhW={$gjo_Wj`uCDn6kRfKFOkG63oo-{EY&ziNB!%B6N8(d|7uVr}gA-w$_HKv5Ijf z!~j>8ZGK1kEp{c8>y&Rsdqtg&cA0h;bn(!imxjS%M<1jM=X-937GdO^uw~iEJI1q{ zf)%Vinwr?*UAv~k4W9B$d6beB?Ae4~F;uQEdeZ*x$UwvFLCo-(R6>ohfc8Ksydt~I zP$`{^^>x$MG(R^QzBoaCTD36TEt%$e%|yMq-MjHyji!jP*FBPT~b7g;m2mOsAjXJRJ=qJiIrXrQ|obVeKhR z6Xu|1v1}iB!a8%15)=oa^xz1kGko19k*FM`g#(n@X@oNlRafj$@x<0y7%jkbJ>ZHQ zQm8jVhrl^LPvBVz0(>0-nBGmK-vh&kD^hgj#zJz|sI}5&w} z7w>@7uaAE0R4{^+!5j<*|5S#q&K013w3`p~IbgntJ)0(dgi{gqbMdAI5W%$NdW7R> z2bBzR^V`uOuJo-x?3&R0Sw%Rqq@Md~afePwc8a{PXw-atCZTGMo@vVRtS%3XT3kw` ztQ+V+=GY@;?%3+Hji{2Lkn3V(Eq{1X7LR#Q!88~Tn`CG$Kcb+(ueA&f7{mxzsbu$b z_Y|e{2wxRjR(mqEd>wTf%N_ou3|m#7n7l9AX?I2P#$sEL%{T8ZohG@mx>6T6=NYua z-Qi#&r!sEGE7s{pS_810S)wG6v`Ty!w$ka8H$OI!GjZ`-89 zu@y%5urWi0MOoIV_v`p~GplsHbRaM$t2}OD5EM|RQWuI)|D6yr%3&bDk7z$rt=;%}Rg@DlsE`x;+GrMmU;fu36;YE&2 z+n^?!+d_M1JaHwzKi_J+I*_kOyw4P*E2l>zR=43b7EVOWt2YKQ{Tq_R8Ir8j(6IsT z)AqdyYXD)+##A4%DN0GlYzi>}!Wc+U2%@&0D;(aZxk^kStS2!F)&A%GQuNm3LPA-e z(Pa&MIKK}J^WqF^NVQ`~v111ycd$c zqbHB2eb!?j^NvE$sk79vOn3j1?oh+6V|p@~(Qv{|T!R0Vo?2rM+V-q(NFO5)hDoq= zO#7%Aba!yIy%yH+h#z*`5V(yQFnvoSEKxOE)+$q zs5g5TE(Ewe-o6FBzO`@W*seCsy7dFGtle+!)Rg$0zOwZVeT(c7x6>tNYZuia8h??E z8s@u}=GRI;4+W_0mA@(fQTpn=v+_qWrQxk#r4-Hd_9^X?eWjOTa($rY@nbzRU!}Z$ zC+_?F?C&%EskQURdVlTK)%sIfYI`uqAhY>rkIy0OBiDqF`RaXTyGW(yEprD{-7&cx z8b*k#V=wFwpUx~C%^v$4!N?8jd!YQ#U}%;n`kU7*mKVO-rADN={x~BOd%U{Lu{>mu zgIJHY^3Hvja&(}8Aozl>CQkRg?EZ90*_36;`0um%!-K>Pb*jYFuXWFf^h}a874aP+ zm|9;DUSw@v8_y%P2} z#moTXil}9zBzC`c{`9nre+Zo#4c|q=OkGe*fEf17Hmrd&KU1nXL^ij+LUsHuar38+ zpIW#~PMVRQ8y%w^@6!MTcWvUH*`%5Mqwe9)P2?xlEU zVS!))R$A?`bSC!<$p{MZ?FUOl2<@={nrKI+!I$h5y}1T>-eQWq$bKBs8$9z8TrLkE zxeT8Kl06_{1Q4$YBna?Rn-CJLomgcIz~~8BCVP#zX*A*p_V(xjzBApa!HY|vlU%dE z8Z2nUb@_Ie^7>g;q*(qbLslN5JA;w@FoTA`EuTdQ4jHV&W{!M#q?3UR=1EGMwK7uv zK~piqHl8vWV#WUB!5A=`TOvI*SdjiJAIBN~b3}K--1DV8W@Om)L~BTKXjrUP^^ ze1i7K{Z=#H-vb#1LOO;WSCQ^rJy|_e-#t7oh%!0nG#$a!#UUO6laK$RfBDcpb%0P6 z_>Jm>m&*MPG@UI~7m8Scj3Uf} z;SkX}1I@=Z=pVt{De%HK`J_p#XdERo31W~uM%^V|%=m*Fe>yOX@oEjc(6Zx?2aH`C zBrbktYokqn>`?@^$G!97!ai5(Rz&GgHeVT1jVG3m8!!Ko#|Nd>S#X8FHW#-fj=QHg z-xDHfl_U(XZr>nYvpBhA%o!YT!U`r#sap#u7)q;6h2c!b<)Ek-tsi*&8M%yBzA}2fX1bGT}_E9@u)s3Ctz1P;ezp$NrJXq2d0gz~R0_ z*auM+9zCB!mm+naXom+p>aNvKG2K&txWwPPr(ySiq{=jh8W~aNoK}5ZO8ot2y|sL? zJ)?DQJu{LEaGU7}Y$`i!N6*IYyq608i|}c+&&vMr<{feujLNh_KKm0t*YBFt_l0bg zFVi|TUca}0bst?$$|<6EIwmIdC~f_G4EII!9%se(7l&R-#Yni^5|PNPD$(~JPvhGu zW^J@SsTtSi*67=3lu}Igtg=5Jr2i=JIZ(&QKDP8RX6KcADJD;Rofx!YwbiJ}MGt=XK8Lwh*gdRYYQs^a(# zSv^Ul%Jp#i3xcQ7?XRt>gvlYF%tc9*N%V!j1(~IfO`Ee2{*^b~iR_|g^OWnu@0?lt zEt_&`r$sD1dFa1{AuZ*$sF8j?z3q9S!EgW6+zLsuJk({Zrn$)w;2dcPD(U<{mYd74zu#V zvNxI5AJ5}&ziV#DgmP=SPPfPfLEc@>bLqBzr zJ_uWQ=n*pDgCE|(PQ9SET(WEfE?EB1!^Llt0|~lkDFp#*X0CgIFVMy?buAD(8^-f>MK>|K^g7M zk}ls~UET*i3f+U;$a@v5#=pCER7fue?;wBP0+W=%1)bRolA(#nu@x*wo|U^7{O%w{ zFa}^bMKJDKr@3qGJER`4`I69Wi$ZRs>cDulIyGltB{eJ;)9nS;V~0Z}LaDEbKW8#{ zlFU2P>p&vdgNp=*9vW1mg0yE zo6B$%x)=-;a5P}=T84!Zm^^F{6JF&as4GrU>kIoG0t^pZ6*nyXLeIo~JtB*~C3c9l z8EF=|(ceHKz>nr>c1=YXaGw|_*e@9o8_N#}d6T@G!YgzgaE>@0(fJ1E@SrEvJh%3n zsJVcvfpq?6-u4}&HfG84m7RH$iI}ez0AV@EpkpfE@SZbxCPgsc`}^Lfbuu#%z{K%0 zIV0HcvGMifS1G7VC9IpR{*h?DyS-5y`hv;0Dkt_IY@a!4f>8UdqG`B}(^c)0bVKz4 zSgbKn5>w>NS`c`W8;pbKPrb;n#vBr5v)lX{BSI%^CN{&Al{yzj?LifZ&mML+7OjfZ zkB>gXC7+AE($Ex-S-&ud8Lhn~CZTS}5vxe|MDj*Jr9oj((Hda|oGqMt3`Uc${4ZlO zSa@XvL)RR$YTG1BguK+w)a!q9c9>E4;@)%_Y{8wgM%3X<2me>r(@u`m zannN)=|6SP_|~>M7-qt#+qr=eX$E$vn=E-fLb-71nZI0s1R?c0eZ<99JYO+P{r1f6> z=4B08JnfbF+UFm`FAv1^M|By$&39pf{i) z&;T{F8l{(#Iv6z&^4Ms4LgizA)Y3;w!??Wv^>B9&7H%C#^&HeabAwQt`!ek~0?B1ZdUgI4;@zafnsu`jP%@$YE1HMT7@H? zsG;v;y_LcjIPmnlq1o4vww>arkyw<5vCDAdn$5}XipeQ=nDFH|l^i1ooc6>Bcc(xXbfzYgmn1QE zZ%H69fOE(P1p0qx+`)UD5_WSv<>wnRhYBvtYjpmun742DZY*w6q0M`k&6~3vD^pj< zxD6AsP(W^M=`4=(E`gPjiGV8mQ>Nq!;$2BZeB zc1a*V)Ihs(IE$+tc9NAV4|{~{Pa)(p{_`#o_jaOehaoAzFOer~n9tNF6Mzo9Q?IOi zf*C_XroTNlosM7lAl5WGhkH($mCZS;88ngz^1b~T&qf=OSr?-W-M_T-ITLN zCIUC(ey`9anI*vWjMr;Kg3D3~htX3XGvCl-?K404^IQ3~+95`kv&O;Xv_|c)tNv(8qoi6%ZvSBO z3hn_7WU># z8Y;IB@42$&>(S5Go23TN8Xd%I{)48~jYP@E+NwRPlLR>A0J2P+*l)_uQ+MgDMYsEhmElIT&tC0f00TXBmZe?=ME&>3m} za;-}^8s<@B-u(SvN99V6V(!O6dxG=mZxxfRlFwWgdI>mcdQY#Hex-Z>76>J8yFYf& zQETWx1jFp4lUnzAZ%PV7e7@4jl&++fI-T1CEWo$OWU^aac&lW9mk}W@7Fr=h*H@Vpyr#*jkI*5K$jViA zv8CUtPRe4YmZoT4o^U2nG5Bp^ZP-%`(&cQ<{iTF zox8twsdfvzgmSnB)kK7EsCvbE18*`5@j1|B%=Chg32G5TUq&QRWYJ$(+|_QivGW;@ zVza(hx@R$toOFSJbMaDKzhf_F+T8e`1cD_Dum2UZ8+Ium-x7x2)zofY9?OIqi;5*3 znT@Ghr?OzjFePQuMyOfr^SYiMT!eiZCf=rr{F`sUq|CZ->Fc=C(sfvgTTLE#DAbm z@YoU1%@8pwHX(dzy1^gQ%f6);@+9LG9aO;GB=R=qAOJz`W{Dg?Zdwd!oI)x?C)owJ z2*e0JVh8X}*L-puCc5NYe+wK7>lx+=9!HDq<{ZU3b6afBg-m85)^=tI5nt{!4)qX% zVI?NCZ_?Hy=%%F?=2)6Tidf?bMu2N=y6Fuo6Fax-AGnIK%W`390;EZG-JSr@W1$mRD=-Gpno0c&)&l@uHgNN-pRP^KVtEi_uY8H zm69%I!~{fbT-?EJAkh2cM-?@Ed*`J8F=DJmB|vf>^CquVD3UA`x2v_UN*z&IeE$fB z(-ZRAGIy5}Sz=7jwoGZN|8|^mTgVn4b zJ#Sl}w_O!?$c3u)|Exc?7#S1Q*8D`OppbN=NGGmbMc!{{riI&#_!7xAB3D|) z@H+72rJGMqpyz>r-rQhJh0%8F4tV;GqgdL0S;;?R?Zv;J49m~~YgX+#^!p3H)N#tJ zo-2yPy$$^Kg*%FY&+f*c>2H31?E~{b_WV~NrC|vf!&zLM;3QO+d^7xS-oi(NRx!XDV!d8$?M|DNij=p$^V=o--?ThR;rL^ED z(FWg6Jb}SaM-`~qw&!0#b=>w??hc6e4-k!aZ$h%{qWu+utZE6 z+!D&u%rEwMZG!^hIJFXJhJ^U3uNiLkG$CX?4&V(IsN{9$4SB`Ep7s=uPmg<(Cu7Kw zbSnKl8TPd7)CLi~cacK^FpBXY;OK5PS`*Kwo((JiP#Y)3q7f#QT7%cIph&Szsoi8} zw;it*kNrF3UV};C-(ai;gn{{~RH*SlaF?#bR(Gx6F@70!;vOhku5Oh#%_+$s%z>NI zN6d~fxSR*@AZlO$&6IYOe_5dtObpARzJZ72xJWx95*Gx<=5T2!QveI@IV3=jGtdC2 z4}14PB(-63uM6yeueTn?()tvRO>Rurln!27}F$?FuOdC#Pf zgA|hzSOkf+Ny}KJSW>(r#s;v*ngoNNm@E#sNzU9C07eK3IB{KJH#c6AFxSxR3j&t{ zL7w1-Xykf1I#-G~oro6M1*ilZm44+VM5J)h^bM0&huLa8XAxDW7{AAi@h`{AcR4|U zgIVn$E^dCM#v(-hev)7Q?2x6o47w0UD{FXN9Da!?q<$5Xd4NX_w*Ux(4gk)?V8{*7 z!$|%{DNy7kq9n12)KprR6EW})QK1+d1uMV=x|A{CFB+Gxm7x-c!n{6-TGbC2(MD~f zq~+D}o165a8h9n6#1o9X<|%`-!f{grSJN-M(djW3SzM+)IwvM|TKe?sQGXBklyIHV z7wyGkjn-55#WbR~357Na6`*{)|2DTC*?TG;d!~0~s=n7aK{A%2Dra6W%D4(6D|NVX`|^>G}<RJ8m( zx0L<(72m^ZCiGk9`rGm=%B-cadQp1k$4uUPH_)w>cYQjRklMg$g{wVwuWcN@Hsu|i ztal$x`xCul2Xh}rDs3)(X4{qAt+)y|KWVIXIK3`y_pajtUUG0lRp#a^h0bhD(A_>+ z&gQc$)Ul5uGoz&jn8_s@juQCp@c_fH@f0XvR4O*Oob?eTFFDBcG!;D3=7} zU;iDm49pfmz%_-1uepeQMF`hX> zVHIn>)2s>gx7rX=n92P;(0R6_p_F!|lC~HUa>qn$@8sv6MwpJe3|BuWPXBlL1t9!o z=e3blu3X}HXy|T3h~KCu^`$!~hS)ao5gspr%LO{8N#Vf$%hJ#VCM!Y`^Zs2Ee_B4B z;N5rPaxHWCPL)EhjZe(hp+L5=ZdYfL=34{f&IZ2BbC$w)YHU2()mU{#Q#o}kcPUtyOMcKLv-iH(n7VP-3t*{5W%QS=z3(CB!xR&ixaw0fa9?#pHzd! zN*-H$F{4WS!+~=|COq&CRY<{PtgjF;NCf%|gEPHj{E({M!N$ehYJ3?eIq)cZ_NUCU zYfAd1dCA-j8`{yy-oKR&dcPDS?K&0eX3r zC5yt}15#=g2>w(pMH6DSbUQBg!NZcZIfxJ@=u0@Q=oE5+KVk{jB!#cAbC+Pi?}RRw zaA?sVtS*7pTf@Q>M6AxQucv^aX~!E}67R0m5248AUD!faQzkfPYM`SO|INNgv8WM1gxHVMf`UP0W1!GPuA+xoSVt2K)7ST*d9 zi@l_0yj=S*z8Z5*j1=rWt#2pU`V+O~!=|Myc#9cGmmn0aWWhCj#i4rQB2hE(N1q_e z_Xn5=9dc=@9yc#FlqA@L;4t8dBU6A~kI+yNu|Zq8UH514-kjH|G>`@Um@1f8S; z82kOR**D0Ox&@>&8V$haGl?>nB#)Vg1R&Pxa>#i}P)LgyyxV8HBo-u4!YW0>Qu63~ ze31u?XeZQ3q14?sBxVV z^lhNsh{limQM~8LwLfwUE2#j#{x-c2dSwGWbA9{&z?Ib28K4DRt@Nqyrz*X?>}ZH@ z`iM#PFk z={kC|?3XCL$itay*SR5v*pW(`j2JUdIo)%SZEF@Umb(D!Ze7Zgg0F9SVs~8ExqWo%f@_EN zltWpo&2?7J>b{qg2ZHX5G+MFs+iCCAF6~rbpm#gIXeje^EVU2;B)qRE6&{2T-7a7` z=c57t9$;l!U7%0l5rfgtv|#Z83(R=2rgWXLyaU99(<&RsF;T-)h$VD7d5JnXS;;C( z2zR1EykW%TkQtfyxAudLf+5T#fdVN(ZMO0l%l8}gftBE%pF6(elbaunTqs{$_EdAh zP`Nz#22I(xnuxgk7x5-@jAc*wz5lRNKKXl`@LC{vb_j_n40kCwEO5&X8+l-y>{aG8&nHJykHxdOEm3g0fv1XLQ}Q4 zU3PAbjIkX6i(m`tT@Th|PmDht1RR5ivj83$QOE)noi}r99{Df!sF6XR!Qim!(MK64 zP1gdEuj$55FslDv;g{5}BK z9Y}Nlk4P4>AX}NDQsQ3}s<4Sr1g3LZ$~sgO*(&s90tx7;;jjdfigZr&TzO+`aK_A+ zipNBBT@oQtUE{;+pjnE7F1TK2u-qruQS1y8WhY!RhHq3diNKiqTHgK!46h`(!}j+t zwh4v!gdvp32~HqC{}_H(HQL4M)jP39NT4!BIY3w@1CS3CUo&*V*s?IS6F>@wl0=6w zTP)`s6N0P3K6C8EGV@!3%Q!s}>Iw3*psZhD?dtQ`ogFHur>i#=U6vdrkhCE#gahgr zfwTFT_&2OfY(jM#;rMZu11W+#eFTnKydT3PB&_2xRa5d2%eDoU%Ckw2tw92&(SwB` z10G@uw1DkcZ!gCqSMj8l4Z})X94P{>X#*gsTgdn@l^=z#GXM|ehP611!UCLJIQ~u< zBAFc{s2zx34jr4wz;^-nY@h6HMq+Zq+FD5o|ns zYW!4V;}6O7`C~Wx;D`oK%>=%-ntX;k+(?v*hlWUFX|6DADm2_}TR3OllD9EB?t!2P z!Fgka>8RaqJ-dzUk1jg3l#!G&3*I#w@1V+U$Js_|z>i$e_S!xWDdi-Gvp7J5m~9DZ z=BL-ofVQ6YZ=ck-dEZFilC>14aQdCa)Rn)3l;&D2r*>Aa{q~=!*|m7gx^}J2>8hLd zX~onUS@VfwCpIHvTGfKpAnW^t`_H+VXk@+D%lasHeY!NJ#}pnFf5TS-L-veO{e*t~ zqi2u&osr8?E#;1ihp*-xxvj$8Cy2%-bhxNYi*uB;X%!p4h^vr3^dr1SdUmzZQF}>M=2MZ;)@-C2iR5Bz*nM{J+<7 z;dtXEmpE5!NtSuY5~8oa5|d%{T3I;)@JB4u-Gm4~zJ4?Y95dWW0aro;Z7l-x&NS`L z6Tk;F=VxCP40O~7oC2=~mmZLYYSTkdV&YNMNDNZ8sF%(R6QC9X%`}*MoT@3pTfLYtY`5ePSznoMO z5>Lscb?g)j1%p{HhXLHcg@i+q7gRQ$&T=V(LPRyf|NUY%#~B<>FHB#vbm+kZifb#_ zFbc#K>sWe!W;)+TtupQnZ2V8ORXvjOGV4yzFrf*$`MoLnM}o-}GR`@8RDZsyc(jr$ z3In}2S`~}Ki!ixl94n`E3Js?hb2hv`*!b#%kK$q&gr>{Nv%$XN@n|)=eCVV|xSv>O zjh|TV`Z6a?wTEpVcM2ckWRn5P@mM-<$0<{=L8iSJ^xs%EXp&tr5q^%bCrAX|WsZ9# z&VI6*N!eL{^+Zs1mbZ}e&l|=%E?Ux|mdWS^_X0uUGN4*q3^X+iOfG9Mxwe)+;Aqi+ zX)*Y`2U~<8yJ&?6aV;?@RiwCWJkNb!{P!-$?&3SzNpTNmLatW?a@pea$2sg@s ziz2%Apu0`$QxkyED)PC|?se^D;<)Dxl`z_jpB5&#TQ*EwC-|6OzGqP|FSq zTF6jb@ar8|t4GoMDJj8q;ThJSi3N=^0t7;5IZe>f4f6&&Y*sLHPun@4CTY@%N5Hv< zU&I4IH(N6s&d=3QTVG}G>6>3RgSz!A@f9|< zeaFUSb?Ytg=~>~A`snx6_c7;<%S;bs#TJD8QcxHhxMK28jCsIKHxn(@)M&N-aede9 ze$&&8-k+wL=&wI)_S6SSh`9|hZaWW3n{D5DC^}9fOpdAy^?T4VKO)}d6EZL${ySfD z?z5$i>syU5!486BfI|fTOa8+vca;nyXBC?QLq3Ry@S^aE8ovRuPQL=pLp_Q|ER3bM zi^2BrdS?QCqijZ9&h%V>rHf3oc}P!zhZ`ai+|gf$43k z?=G3%ArzL>T!Fkp*?r1pDZ+$-fkyv8l$uU$qs*xZjZlxd={|F=adK6FI(95umW84G z_On2WIf~!?!^A|vPh<{Mnqe zM@cS)VtHHWO!&l{8iaG{1QQgHzfu_|g^|mpWhlJn_9bczZIX;T%>ZMGz(5L4kDqF>w^#u)pI;s0&!y z`l5PCa~xj<0h5Cku(-z)dq1$8WpnGA`RPYIZOFz zW^}F{EBGXp`;>y>DW4%HcDclYmR=|6|N7I3%eyE0IMkmVjsJ88jYM(mVs;e8esm@~ zMr52bV%+pD)ujezXMrI(F`<<{uPJ~ic*#w?<8|(*;Vp>G->visL#}ei_X!bYq zhs&ek6mb(8SUCC?S@{{##E$s4Z*(Wdb43L&8+`%X9>9xJ8^)jyOR+ThSKtGnOAf1; z=HgkZ9yGJ>io!;7sJ&e$K3 zfSG{Emwd#iuID8bM1`EjhM}h$HLUEI6@3L6bnqO;V$>D2zmojCK*+?k>x z$Xe0=8tal+#NsvB1eNfNaw#-VG3l1r2ga>e7gzg@qYGl(Tj@y0JhY&{jSOQVs6qzj ze^cDI2QB^={|u=E_FDBQu%Hp#5Tvl-J;aSHC-BIFWtsK9*9$n+?B)vzyzJ4$M>=7K zJGfupjMgtU$259zE3Q=(Fi}3UFZYZGmhn2oM_=%|jTvjv3g(PsJ3D6NT7;`pxzy~v z{VE%!!ElMVCIs3TtZvx=S*Dc<32?Y83Ssc8Uq3CmwI|-oVifq9IMhes@i~qLW=IloRn6M%`kyHky84 zNHYlhJ|&ATo-)>1+*g2^HJy1uP7W4LjwkIjKKVc2X`feS=Ve9byCuXK!N^}m{CV40 z7tg<|U7f$e7j{((;NB{Ko0>hzqcFiKUXv{_->i`$F|(Ws@G0mv8$tbl765Df&*U>3 z{*VsF*~b}On0h^wS5L78)=7v9oQKoj*?%f}&Pc0@G!}*(Q!Fz!lnBpSIph?Gc(dap zF`vPvHFi08pe$Ku$j75@l@6h(S3a^ndlk{5M+)>dX8suGZ3qvH9@NNBSun)YgouExw=%iA8-)ngRoLq1 z=q^Q$^*=l!SKx0gAM&SZK}f|apYvE2UahAIwF>R=r!nI1%M=*(fdcMvUyL$_;B&=1yw=5Vs#5w@<@B&5XA0w|9w36!JnRV zs3qn8<^_ohK4yapeh^G!1y>T}RJu6ivq1YeID`+q6DrYHnsU{_{u5c3&Yz0F$;Evo@O_0wc+eM+$-Q6B0KGUc63iH&kGK|viiXrGX6UTO zVlZn}K=zzO%PgLfcrMSFGAk2Bc^RFv$E{u*`7~PL(Lu0P>ohxjTYz8V#UUdsfVL=i z&iAARbH_EC3(*pq&|>2Rq4)@u?TDyhe?Ggc|uS{YuA zsEsLMvVNg`3Y!G82fEhpA~^>vM*|Hf?XycWK&)`0wJUJl9=)CjNwP|D$>)a^luJAt zUM0i&Lx2#51Mq?%C7y}fg{%;V0xAjfS@c|>)fgmxxl%b`ZWqrbY-|R(Rsc|HFH951 zXB1d~4bmjdah-`Kr!%leY=?}4O-miYTS-FTrMnLQ78l0yhw0#F)@d$xk})>ISpfL?j%>6%{dd^F@4i zSJ1fD8JJ+^=X&jjxP}1t14mKw<^t}dxsc&pVh=N7iP)Xr zlL}jPOsS?6tqMb&t+Q{L-x1;(WY%>4n|t^7JG0~0#r~9Mt+M1Kf06<&;*5YAOcXbs zvl5%0{s}wV#1gamcrh;DChqck2*g4php9?OMnG)QdD^I2ZaTedqPC8de|CEnSfooj z4To-?a<45JazYh6CdIH0&dq4R1g@LKP9!Amn|UNSe&%~Ni0~#9IqGaW#HR61$-}>u zYqy+zvLZQUTpv90fOM?mI zA8*<0m7|tcn0#$^Kx)b#IbS%yKiLZ#Ac(w=oO4oK?d6NIwJhW~&&02tZPK-) z(3{pWs-90TDuo8id|tcVIlbqnsn<#P4%N%7hku=(?XtvimqQ>7|UetY#*8K{1W#4IQsZ8rJoS91q(Gj zRFOyX=z%ZUxecogCD`k2~dN(|6*FE2S8C;uYG7c0T-MGTRe*yB*M01VihW6@eNg5g#Ynahg9pXmZek zU6v4G#t67tKoaAL`B^|$ii>eb-z`fXF;lMb30rdV8?~aSsDJ?bxCzUWvR}7RFRmV- zN#KuU3X@2nVL%~l--B0x*SG@A1%H=cixnL4hM|)A_hV}vH^dZ!mUb(&zvspUfkfDg zkZgxOp=Q|NFzs->BTt`By{1#*L9zeTL>T*@BsdEApxGuj5G($(t;^|Z`JZ5vpAF||bTm@DTL}yvT zI!&B+x)eYuw&aZDNs|!l*jewfjn8Q&-ksC?6GHN^Il#>HhlG&Z(;>&xgqkLW#LCMo zjA)TOgb?I*m{pS@z{lkmI=Uu6ipUQAx=A({vg<{}@Q1RpQ?4no9KCOWqkuOmw|nE@ z4g!U4!XE|}Aw!f-NAl*th0B9+8iacS(|%InR-7_--Vt;eOup&&FK^2~EeFECC73*5j53k3@y?b}Zv& z*$s1dpY@oqGe7?%)Gy?ZKT#e+*g&hMAdG5Z>+m|P7#z=%%<#p_DUQoS-J9)Q^9Y`S zw}|AuQh*f3Z9-PaziQLbvf}M?EL9|iJiS#u9VUm;n3m_%{iUy2joFInoK8C4rd8Os{XD_vt0d_+#$AhW18tI@v;219M z=3{0#hGblLhoIuWrlg3H)`ML8`>ZtRW0n=H!K%W8+34klU3NugpuD$*Psn79gwL{H zJiuoXT-Gin@JOR@4HDL*1xZ@Zs9I51316Kb&E*Z4#g7s_5^$-_<}i;fQ!I%A?nb0W zppmZc-gy6=zH*=Zu;)L&tB@IpR7a|KC~R-`?A)@Rx6pK@=&?#=NS7YV=m+Qb(SQeA z4rc3aX)AV`^E|p#tzwd*9-Vk*E;D%V)P>(zIds=fxSHDItzD8VY@~7iR=9)~v08mD z+td9&xm0pxdsS#x&N~}dU$K+?>Ze?ax8KtvZQBXaa;6AK=e<1XGp~ke85&M`Z@#>` zxBrxH-uXklu9fJM^B0eOy(O(`@S1<;tDMZM zSOPDp2aS1B&mq+wr~vT=?#vpC+||TB%z$;*#-*Nw&T{3HgN^nLXYQ6x+f;$=%E&V* z&Ox4ih9RAzP?L;|JfP<&N?5j^OI++M?3ALO4PFX~81)u>S>1TX86wl(eARp_N9;T! z?o_08m&u8{d}^|to-MfxIC;yppNA`Emj5}r`=@i>{6jn_*&W_P^J5X8JO>JvujQ(4 zX!doJ>4JK(NO0L_3?rrze~%zq_3Qfb$G~!NsDzU)Fiqol#5oPb>eO9Dx418$dE<4A ze2qlHU|qO}2$!U3pM(QN)U`{!&tJ-P-GE+beYST33kFtTQzaNJ=Afs0z3QPSjXxKp z+E9iLpif`oq}3tN4!&2XH}T-6mf+4mz+3F|;RL&!YUM6)RS?`&Y?y)&t*5xxVgIK1 zWQ+D~oV)en7GJUA)qZ_SHtRab>-htAAstIJS~1FK4fw#NiU6E7I1ubRc<6jw+Oz=g zR8}sURfK8kK6;w3@%+%IrGZ*-`#%doW5g#zZ`b`f72S{ioRO&>FQL-4zO}VGVSMUl zuJDUfUQtZo0Eg8D7W8S_m)r)Oax}Uh9c=uIZ^H+N9yR{{yX@>ZERC5m_G934}k!D5!WX@RVNWg!E*3yb)*WW=D*1s18}1(?*lJ2YTqQlru6jO z1tYHKI{tdOu!mvvK+BDlrc7SEqq0z4z8dOq%Gf_iELO9TFZqzGe!48fvsyqF#oKIFoT$i8{06Ol&2`Q9G1;ut|2C=ES~Z zw_m@l>2H(MLVuFW%2)qC-rhSJt~YugRT4v#Ng|2fB2l7?=nT<25uNBkL??_kN)U+} zo#-uzAWC!@LiA3wC?mQd>L|m^xkoS?mzdB`_D0$S+mxA-m~B5dG@pSrc7{S zP*RW}sA6OYm-b^0c+u}-w^EB85I8c$yrv2%y*l;N*J$L%h&9fe0$ndV-o8s9IZl z@IELFWNXktC4foFyma9#IQ8!70qCbYTlgF{qVS!cKbq)fH%Z^p6xfL$sK@2tOZAM z>&b}P0;WcLUCa4`i_d$(tCYfGa`!N*j?sT>3DshIq^r!#Ds#=nLbWid;b;88oOSSB zCEp&A$8riP0;KmUjLq~cZ^f*8Pa$0o+PAc_j)RM9qdIg} z!FJRHeOfxR*rh6bDhr*fJ`XYd-o->kibKZZ6Up+$YI8Tokzsawa!gaLl0K%t_n0Ha zk}s2ttwo_ar&mmq4lyClPCca@sRq{ z1@C?TYY$Ff8w}NoHQ=9A2ADCqn#*{bmn)mnL^P->6>fVmYx01%!#_+O7*WgnFdf)A881CcXlyk2tHooF)ppEEKIsl? zS6!&@`7Ox;LvKr$(Ri~W(}Iabx(52Mj|P3Fa24Av{o4D4GyVLH1qcIW1k-P4-I?aX<)&DUnqH7N!o92kD;N@RkLEZ2_6<*(t`_C)Q5e2rFPgXof$aN8+svLm6TnZ~<|hfdgHjaFLvZ}}uNPR7%w|DJLw)SmaZpUo*>a|*Y2Pw1iu zir~~VkCAD6KdCOzeWJGt)6i0UUrTV%@k>E3@efgw5n7|?``Mr>~RIjqWEsYnpG z~ocu?@ug+A1@$YW#^-By*9$ zbDee=_~2QD9jUy1stk1{Z5w(RD&ssS5;fZLHf*T*=R(!---idLA96hjS@@wuSAq>b zcx==JyO#&AM-%paS#&z+VuMr?xm&z&-3UIrAk28BmH0D9TF5W#|xx3DUaTF1YWpbG1Z+A#+2fk z@d-GAZp$H9M{gGQSi)iDmqfHq1#%Nn1l&io|K&Ke^-ELkETT)7^ilRq*8v`uj2Dh;^Lr<)vOM-XoC${SC;oOx4ViUDe$`*s9CAyCjlCKpaAR=tjLR&NM?RLC^o4}Abi@zT*=l_95WA6q#Ia4P=EddtyS>m8e!6AEc zyqq~mhBwJ`cRZY3S7ig7zA~^(EBm|uAmZ9QA5`2fEWF#_lsSKj<@(or6nQw~1BY-u zlYU=Y#(F=74$6DG%8z%a@;&m!H}V3Hu3yP6xgX2h=07W9k0RT7 zIFNF=;NYdBl- IROsvwgu;v?N+hh*<~>jo*z>moHEF4dj%jfTb;(XHO@aV^tBFP z|9&wGGI+9Uh}vI}sP{=#m_2BX8j`=^s-T`?YZI z5mKTN(dk&>p}>-Gh|C)2t9i5K4hOnU@EiU4h-Ig!aoSnKo~AP86ys(HXUJhw&WcJq zmRkV{Pk1;><(Cf`c{ew6jogseG6*~Ii9RRTAya+XDDJ___S;S#2AZ4|%{N#f2}~P} zMpTKk7tU{*C)smN-M=dic9%>T#kN6YF;R3s81ZSxmcKb>fH|I9>!!Gc!j@!dk5(XUjHxBDd6ImDhp1>O|6UNb~@`K zwW;A0ZT_g5IZ#$YbBeME6L=G?45HJ6UMXlmhTvm+rm!lES=0%xw?k!HF6e`(fDj57 zd@w;KSbo@*!TE;c5ZcZ_Y%Xu7r$#UT^6cpZN>HNneeuuixO}<}GrsJK$PASD}Zq3xuG5_v3KtbZE9DB_wZQV)6+d8Oa4h<_A zKMVz^D!8lkQW79_zDo8LeAM9*xI#=DIN+gvN236uAv~E*U%ekz} zQ36=UrlH*`kOMa_W66#05or`ZHxW)&w35w5fWi8;fw6|03OdA6dL=)OVAARIW{;FL z03KZB5poQ$NmT_jyox9i&*OP>yx%lMJ}}5PQ~&z_2!EiJEwpA-&&OWYh8GQ;rBn54 zkZ;W02FWoB7qre4t`cW^KR_9oe#MSX(~SKP{AhYWp5rMNNAk^okjHz`acnJ= zSumc`i8z##7RqNOQ$ZtS)v_AfSEbiZoVp8+B@oOIH`kd(TZoF_3~URaRO6PP`Pbi$0s0fLX_5h44p( zkc+p*(x1a`pvgq~!q|#{+v94FGAQ1kBaYr}aN`)g-1cB4gS1kQY2eXB5E<{F5E)-6 z9m^NL+*bO0<_kHUMh|u6*_Ix{o({Jbdp(kns5|i2sduCUR`{SIC7h9qE$YYcK7#S7 zxvz6@n|^1X_H|;8DJDj_Al2rIh3?V;lw=l_w9`~t%j)}QZtnJzSsqLj<qq=;GK1dR#j&FGd zwdYTH_BOlLy~AW_-y=j(?lljk?nt_nR9}@I)#toPdd6g6#8f{!xO<=+rE9-cS$RvJ zbxQBv% z{rl}v7zJ{Hk-ji0`olyLNI4oTEK=!xR=U5}@GR8@hl&kP3p86Zsx|ozzHi8Lka)r8 zTd*U+0Z29wt1e|aEDY$0&mzGta@?D7x}$!ilIEVlOZTlucohAKINpBZrH+Ofkz_oJ zWxytX83AQ%C+j5(@-Ti7!CXEYmrHF~e*JPyd5|FtXL_YYZ8ZzYF zqs&1_pp!}Ko*4*EUJp6r_HwkZs)PtAYpx$b}ZM1zH$)kAxcWvxd zZYQy^Sh}C}7$Je$BB5ldD387PE#C}*f_@=kam#yXPiB)gt{iC*#)-UKf8!|oERwV2 zZ^Bv%3|tUKeUi5El6I5G)%;x1>*4P>{SC_}%6==7Rb9QFRH=)wzf%thUV9oL9^S5? zc~@8=C#UTrzp`lyk+pP3gZY-u`FQpNI{;np;Cb;&O+B0a5@*}?_F_1vEF~X%M=oWK z>Rea$@wlY-#Xz(e%(X41zZl5Ii?tR$#x8Cme7g%TAtB5BpM*=8a+_Ik0kMjsVY2=p z^(lsv^tRS7SIqQ86?@9XH?UZYAYf_j9?XA)FiytJG2}Q)=9M0|^I0Awrn2!tl#G|1 z-!7wU+rg3&KdN>$wD9|ORyaEe>QVWs_^Z|gGD`nMYh3wD$2^saO*ON~_dyZ|<%nB4 z3n+iqVW+fm-TqVhhV1WbY(qFgV)>h)1-w!Oah{N7t@&@g>Y>uM}pINlb)oKIgIZtwmfY*grCZP zt)=Ou%TPg z(8pyL*#*x_A~Tn;dP+{dazRb)@*fn;!mD5{P3gt~O+acFc7P{`cueU1om*=GwqGWl zfM6y29GY_*+c59tG`>Bs0wNVy3_lMXD35h2zpr1Sv&10t?lx$sX>~l_oGI(FlU3BK zhQ;Jlw7r(S;z7^c*GnvWoo%ttv(f$r^#~NYI=L(3!$Oi_bPtz7&``&}Rv&Da!6Mt{ zbDy#m)2y9rw&rMIdbT}Ne^Er)6E@ZKp=7QhmHEP-@UbX~m7m?HRfw`jJMW^9y~x{l zWAxoEJsuhFgV@!=eQopWHQgt7wQX=HLYoa#Rj|$8+PA7DOhoB`lO-4W)k|E-{kmYA zw%X2-@cQ6cd+Dm&Ikwm@bt#;B7VavPLG_&wk``0>s(p6l0$T<9sb6IJiP_FAcXSFx`}V~a?sn*j zX@XJVQp*}bF11{;Y`4q3yX5^U0q=mh+a2&^6JZ{LM%sf1?0*pj4iMspOu6wRyrV^ zNz-z#(kP!k$M2jGtfCUh1ni3l$K-hW?NQ~qi4$9#l+fDbZ`je%1Mc7JOCA;|c1q(r zPW|^{&HD)Iqj5n;0p8TjLnCI$voBH8_UdtEVrOdMJi<7pmX5kS@13hH7Um zkkF`!yq^|#1UY!Q`JQMphV<9Cek9{~;u?`L60T)y(b**rP8W;~wmG`trAM&NN6hFn zo&~|BDoC`qpqNZ?s1Q+Q{>2TGk6^3&pOrG`q*trPE{N zGOjPXGr@HVTY8?rUa6g*Ajvk*6?X)dsT?=lj-K1#Z#V$x?GP=BX^uOCd8yJ~g0bDCO6@I&he?h3JwWKJtLbZ0itHygIJTUVlQ|d1X0&8P##V z+NChg{DzAG)xosRM`J;7(PKw5itWuBs@mjID8Y2t`m+p?{@PV<3LZ(1^IS2#)71KI z(_h{en;It~JPIm%DcdfJ^x#P;uOV0YyJ!VV3~q2;dApgfshjFgT$dY#p0;Q;^RKa$ zw9`7&CYD^)Y5L`sfg&4W?Vy=heT)gL=x?%dEFbr5CtOKX%lqD0;xixZ!Z5}!mW!V5 zN|va!+cT!w=Z!c6%S(^2iqLzMZ8J`vdXH%fG|H@4`6?)8Ps{u0anRLNYn?m$BO9f( znx^&SYvsIbz8fSZ_^%N!lR?dCD*j%VVI1-U!V^D;iSikDcC0{(GyR&kiqpIl`i@|3 zQ@Adj`sf$JH~`$uqTZKbHw_!c5ebHm(%z=}e>DAnQ^#|i!RYblniA$5CIu)?|7kRb zNX~QMD0W1zON-%r;U(wcYbXH~v!BZN0(&WiJF`DzPg_cvDqn`RfP%4lWH|ID0hPPN zW*tBOL)p3?DWMCfT3bhgsrt1ogd>;lyr#3XP^f=wS4FdvqOgQ}A!oNmW8j;m>B#)# zYxI7ZKW}qH4v|DoMG7+6zoxrJdp+-ad42-149#ezw89-fN4{JUzcwFM9fA ztXT?~p#Sq4JpXbSTmii8=U3UKnha8!IbHX!_1|_^nGxW8u9K<2cwCGVyh_B)oP*o5&p8j5=JrLl!}7UZwXG$Zu5AP8X|w7d_Dg`a++W zYtlOgN6*o4Ct|y^nr793alG|gpWhv=AKyh+gBVR8_9lP%@6xm6!*~jP&Xffa^_2^$ z;LjE(;9Tn>aSBJCS3-J2FbUuz%gV*F&{!NDh_|74HlN3+g8co^jp_D|v0jtXF;hul zbW5UzW->_WVOx+!yd$rlpSJ?X3Cjj;BYuntTam9=fm}|@q~&i7ZEAmLz0kwY(T7=o zhQ#k(>>e#q%ZT~PbVkuL>V8$J$oV=cuc1QU0j2k+Xm9C6?VKfm6Xsmb^4W&JH(;b< zc~2>Z%*3kTqbdtntz~K9ykeJ50ucfsNj_rwvCdSr?Uwg4l^E)*IzAO7TJSSV6NZG` z%&qH2WSvdXrlKb@Lg5Pu~#ElGExi!}&`o{Ov~NxoW-}BF~;O9<3~8l(&`rzVox}cgrWW zPYul(&&XVShot@DbXD+x)H7oaN?jCVq7s` zkT!7y*hAJJ!?#`D1{2AKoGE0OBkZDFDGWL&_|ni&rq^+I`zZ=D@8@3LlKJW0bD)W; zpHWCQvZhCHwfY01`Rw(k65IOXtZ#v(U-kW@^ITyHa;+)L7qy9#EUis0{=in9{mnsU z(aiKdQWAFpp@3Nzx^wKpx$7D2*21B$>Bj}FlO;0gRA-3_;-j5pYiVf|VLzLe1fg6i zrUv-yM$)cf!oc&pze;w+7_!Ru{g;yjxb8&Wog2Ou2~vr{m+Ij6{16JGHzJe;Kd2v# zDHk(_++k*zk79OdowM3#Z>Bg)efW9N)7+IksXL*wM`(eDyajD%v7!Z~vLL{Y5{G!n z*E z+w32AYl>$g#mDqT@;@FLEU@gBq8(d5{p9d93w6u40(H`bBppo7u{RW%srDyHm*K9qjOh*wi7bZ9~KYkO2LOy2FSmDD3auosuS9IbB>? zLq0kvUUzM8Qd`$;m_I|X0@&$;(34#6`W;|2{`Vu9>+`V8bo|urPvAvr_r9#bELf-f zpP{(-Ohqg^^V)-2=i5EMEf72!*u_R5^*o+le4drQQHEt5p_wJrCFaks*I+;>7D0SN zIm6=4@i)TbsTrDeAJ=UI{lCH+gHeXd`GgrK#lY0*;y{%Y?MMAY~lxD|oZ=%^aXd!$~j_`u@cF;sfhhdPpd&@rH4~(NTgh`o@fyV5m zM65+PSj7KbN3Ga^FK*W&&2gIU|#t?IuEr!iLkKBQhgs1jOe6%J9x0&7#l0 zH>LkNO@(sM1E+Q4Vp%`L{O|DW#WIVN$=0HDBcxH&PU|yekm(TREGQWN*>u-}5aYT- zvJzGOW*N!(i>PYH#KgDgt`prz`x|Dkl{NNPbUvOkQc>UC!l6D1gz@<<5b>#Z)Ap`L zX0B%?PMi5zw`y-^B@+ngnNZje>&eIbdHZ07B}CWBab9jbq4Z0Nbw(<*Tq<=lZz=C* zZO_-2hoQ?hw5GU8jX9zw6#FZB`lIu_2+uH#0>royOj?>r?NYsDPNO#C^e|KL8-Y-Q z(*o-sLuB+>#i9}j)OiyWJ_yCGxW~Nwlt&NtqB~V4oO^TXpZ~>;Ci@~R}4J*@O%tpcn@*lLS9n6hd4J0ss&nlkJ>Rn z8<4{7Cd!BAmVf=Ui_p#$dQ~*A=N$1{GU+P~SQ=^5*396tAd+mYevm${b1bft;gtTC zH@tSWPG>WO{VR;hMPq7BD?AW=@=O+!*V5WDWESa^uzLvU4@*5Hupy8>+LI)Sk_{25 zt*Ei5)+aG0@!k-L?aw!HlN;$GGOBwd?(|@zuX!x4JWIN(YSi(b_|$M08wrS_DM{jL zF|6+{J_fs|Qt}bRqHXCW9b`tDTua2ju(%om-ZJJ|uxgw4>4+KBFYlMmLerc4`|cw( zt)Oe18+TeO_S8ktu87`IH>HG!I+!;&+j6rN-lm~;>S8lOqE-I7IC4BjQ=YwPEWYDu z=A9I5+2G5TT9{6h9q_Jdg0kel?Ds$M-jrt?_*fY{K?J7zFr4GSQ%hCgH@`QGf2&m~ zK;_A~#sY$ZGyX+kzQqBa{gOtPReWg#Jqgh*z`*(NedaBca}JI_F@dKb z+HJo=0P{6?B_UTe3eFu4YNTN`!Tp7SsXqe2BlAX4;0wr)V-niCtn{jlq%q;CwYD3k z1eQD_y6z6qVIHiUCJhsoE*Zy0$bx>-IsIy&_l~e~9MU>>@5`TtB&KUdm}f`^IiuwcUQh# zX|Lj>vfvp8>o?G&TVky~iS@xYA;K%fsgNQ6Ic2mMOD#dwYQ6ZZTjQSYS{>WC=Nk*1 zLo-;_&TJpGKdzn96fv~VDEgX5jXUK^+bHP+@`TdSu5sgo{Q0(BexM-P-fk@!X$5?sp|GJSPQ-Lkb-T1J>as~&!^ z=5>3!&;_i@ts8V%N1dGHv&dY844tnPmD89KJVTSe#+#7951V6fueNMkPX5MvNgQ>- zSr)MEg}Lc9gtOpNK>!MvpV;LV4hDDqbxGn{R?{s%_J&7jJ$vlJc=42K@2W?kg$MmL z%CqBw2Mq9-osL^#akQqEqzrEqZuBcbt#Bg>>){OJ-z3$DlfhheS9l@C%$0t24mVuM zjTawyx59YQ_jc>J>6~m16&#qo>n}C9aaK^oTq`%Pdaf7LrrSu;5WRYf1#GNSulxv_ zJm#F@O!Ox$UxB1}gyfmIg&Lnj^-Vs{sjJStI=KJr0_lRD_}(+4Agej-B~?IfBA)tQ z>%J!N@RBu;gR(EUzx&RIn}jETe-c|G@cvw9=Y!z;AzXdpdH)>Z!x4TtUHi~y#Orm_ zwA(FLgS~mO^DzQn-lFK42OL`4wTE+~*Z+0AkWFWU8jA{ZIXkH;Kwv15Dxb#+^z?RM z$05g))s!9k0G0*eH=ugB<9L=&Xl^+!Ppr$?$D7r1rY5y3`QEn`v=bSKNVwm>q{|8N ztB!f&D}>#yw5zVQ{T2{Qk(E=M>r%r@U0jqcSH{g!W9@NkE&@cg$>GGR)PeGWg0_-K z+1M7eq9!wFwMczWm`s>zFME*sPL>#4N9n2f=_rjJ)|Vw;=Rc=}E9oA#nYQVj3Wq!J3)&3$nn+%1iBWog`x;L?!jSM?@tmxtpKrFk;?yNt#-mAj<~&B6YuRQr;l}*)!vc0He?xxD zR!2?t8#ZEnu_Sa1f7SPFXYk2Lb`;I8@QO(pXtXwa{5G7uK)|Sq&D}zNE3I6zibWa1i7oV)!;Xy_y38LPSS#6lOH+80E&1R&dn!k=+obGm33R{s}($ZwX@4= zBbEO>^SejL3~~{pB49PTX7(;F-ZlH9p2gG4=&f*Gu!;C3;q~@aR;ebFl)1vn&8yGm zBb!&j3gGR#N%dLEb0qe*P!>}He{hk5jbC1k%m+88r*l)3EnqK;t$OV=6RI<{OTnzcBUQ=1z485uljd)^ z!*s)+I3>>5rMyt+*HA%8zmRFBs}dnTo_>F7G5W5OQxHbaJSEXU0w+gvWeNeTDsi$I z3~qP*%kb(7pHXjKRq#fliX5lTUxG~j;S*wqYFl0^KkmVOjBU}2cS95D<@9mlJ1li? zzNh>r_(%Xm| zV?csi?tj6z7`WXZHW_o7R#FEKN}ajxbZSq)P5(Era>#V4sy#_VRQ(XfhPFXC7fLyG z1lSrV(lR~QEtDDmzS1wT3v}o{|ASwn@+MjNDnP{=9^{VZ+$CVL-+R0(y;?-rrxspA z<=9TV!MP(X?pU5HZNJhw45gCe7Z0gDtYGo;vtU7oRA^8(tMUKpi23~Yk>KMiCSaMQIH~@T zn^w?g$Ti^e{kMv3quQt}??I#EgmxG$Tf_}kMM9@)_4$4^8kfeIZ%q4z8646Xlc16v~P zfUyHD?L4g-aLBxa@RTSWq78^ED844f6Y^)vv*!oC;iNaZy^)drxSH^UWDM1!^EaIS zvM5NZHklaJVo60wFoZRO^Sk*x)>*K^rXu+iBGE+5lDV*2`=0z~$x^Q*>`B}=I7tRn z&QTBfR*S0cJFU118gE9D7VJMAxLq73$|VFR7Wr=M3N}O<`9}G=uAJRl&N)U8m+Ho@ zr#5Tx3;+e7!A6Rqe`nHE$V`!}MOdFT`r|^o&`j=USxc5O8DvcH%#|!1F>V zDn|4ArEN3|J$&l(aLQ8a)+R!+^nbuzW6eKk_k^?Oe3+K}e~!K}zH8r08MUE4m2VSo zilt-I&Y_KfoUeyv^v_x}GdqrB7ipIu1qXhf?3U={dcGF_NAh^LiJ6MrY2^vxe?@yZ zwd+xVbyhjk{FUQ--;QJn4t~{YCPoB~o5DOzaYgz2!7Ug$9XdkRk^u|{$0>nwZ%DLX zLPX%{=v8CcO+zHcFE>}(ALY`HZD;QnRCl<@etV-yD9_~sgH_{7=qO2;0Ga~ztNJq>K{@#$5i+W zr2JR<*P?UIoDC`OlslDAis=-$zWB6hTK?^84w)XW)enXmvC+|q_c`}(QXFHSG@!!N zsJG-QJ@mH?+uW4c?p;?e4$iv2lZz7=QnU?R`ImAA%hQ@7#HJSAZ#R7!)p(9&*`m43 zkAl6##ppvwz!c~T&S(L#hV%UkTfuAmg&80-&ZF|D=8D@_@mYiK&)v{SKvZeoq3@`w zV+B)=|KLT}o}cw(ppz(cEx{d+$lfL74@!`%TZ1!y#|Vqoe~}9A+M$K|qv-jS;%7M7+#WM5(I&vgF$T!;9|0 zaSML!3dVYOO|5{+QUhaoHetDw4u*-e<;q;TuKVetKSUEh9+F(K^TL06MH+CqccIH+ zp=_Y%ftlcS|JW(tFG;L`R58ft;*VgLXIP`cOQRM{uxo*#+t+(CO1|T5vIv&%m(~Tu7bGXWD$=2`6@Z#hjEE&bnuWP zu7)_2+IdUf|J`fu)WWl3V>IArl&NfU&yv?B?b2*c5Wi^_Y!|=fX8%!qONoM|cFpZ@ zqm)7rR!v5*TEaO$xrhb--=I}a;n;Rqo^6<8e{CLJ8{F^NnlBG%UIkenrr?vl_el8b zxcB(VB7m(1<<|N739yQb-)>)FV^s&p75*nk=g_1xNK0ILhZM589$EX#SpU@o$ba{M zwy&Rl9*b}G$7A#L=H>?hRCLa#@nr^?v`>9vKJ&9Wi-H#t?rhKFGhLxyE!_y#73g-C zrF1A*6e4K9Qk1r5Ez}Ny`OraUljLv(0g=uHr0;^Tfrz$PO9-Y0;bz)jLxCnE!6|Tt zdfFU<($Rq<#LD84(P3A6c#K;3RV~n*_?x6j?`fZ(`_p7)x^-m*6~Wy1GL*Gz4=Gm* zNBTNLLe7+J(L&6PU@s_tW!t`wun<{dCv;R4F=N|B(Y(Y*voeUZ_g;8C2vRt{eju9Nm9JMAkD->f=_Wu7K8 z&iWr8xsd{0TTY#m1?52n^Z#ih$EEx|KuxoA)@j;!V|BZ#V>y-M?CXUis3i8XNEit$ z$&(AiWrD|2K@nA=jybKqwur2RF4jNs;ND1Hh&*N$3MeJ z%r8E7l&i3)%6V*6mY@)qPeL4W$y35zFSEzX?I3jV;Iuo$8vgSrN|Rr=l| z4N(j-IUX}`j;{`b!aIVQMtURg`e~`jo$ARy7s=%Qq$P)Ce_|AJG2zY_aJTC|$7v^t zQAsppg`l5!DS+WcuEav$u8LEKA_padGo7|yDL|*apqUu?0bw6&j`*(* zMc|D5l~@K#N3+OXj={ExPY*%oIW|`)wgk{h`v*cm{{2s$Glm{qI`jY8^IPFD@9c~# zaS&X!)$9>>)Y~+p`uQ(%^)|3p%-D_HUuo$r#OJ?xZfSy^9wGxf1fzd|N7va%$NBo? za*J_TJgvzFD@oqfkzJ#~L@}_dZ*7h%W&>@VksOfA%or;9*eyHNp1FH(=2@!1(+yX6 z8yhvF^yK&fX)8V?gz~B-?TW4hLrkCPcZTJLpTB8cS>a+g{gG6$jD=!=O+*V~2q&Os+7o-Xie2SU19@Zr{*)G*1Te?Gwx}V{430gnZWzcFv$U4?-EZpUT?d+RSfk3t z_reH#OSKg~%pBO)-l#vRK3hNNujF#`TSoU)+xPcLE$*Lqw2lMLYoCsgU1zyzmT)+{ zgW;KxtNAN^_>|N_F}|RY=_`+=m&|7d(5|?Si^nQHtSCS>fVlKQDf=qU((PInFAi|M z)|gg~>>$s^A?v|{)`eRV_%d!!d=ir}$L`wUqSe?rQt8jn-)dyYz`S)?3B^B0zLXwQ{wol^&d+Dl z$=J_{39UKUGG(%D#?XK!aDD}!fWBQn-FQ&r=bvD^GfEernjtl1#!D2Wy$BO4>Rkjw z8II*53YzL%*~mfBcUsxu^@Y)QTcbZ{H((L$q11mev5(k_(&n3b7VvGhy+!oH$g{w? zcm0zm^Zq~1c2l!l`FDdB1N!GAy!tFJR{PP;^`iM_yU{vDen0+JnPTA!cZ9D! z%r&U&0Eaup!SJUCL%ywiYk$*PR*F}Nccnfd#~zC&Od%9-l|U?JH;jBpz!Kb+zbs$z z3eZ(REl)AVxjWe=d2TT{E?VbG;uRS(^Wi(T-q}ICoV!6mJ5n zI!hqTqh@t`)?Lm%Jtn^^?c`UUJB=;xILEInvA@cb)y_(z-3x}nx2~j5!j}iA6_d`Q zP_cv+tkoay#j@4~KG@238*>3ukV3Tw%1%NYoDQh+!eWTn18UPF1qZmgGJOl2tA^K- zw2vay8HX-V;lRB7O#!Vo3t^F#%)9T_8rM#zNetCF8Zc}1beG&+qG)HjFD56QYwMG& zq?cywe>UcMK~~AP9t;Gm(jYJFGa6?Gs;6=SQXFJ)CabHJBP1oCuZ!vZA>UA}8u`jX zcqE+i_ff>nluvudM;*h1H>pW^tGe@FyXDDgD+4t-xPgOa=SsdP#)H~}w?-E!_on)q zDtHVlxF9T^Rwh+8N^r0}qwcfQFq%mGPizX7{Ml(s#a-v8P+nHz;T!|zgM_G5PMQ7Q zRc;-)I-|GN1bz`5C$}2wCMhI3%HMi4CT!bvRDI4IklYPBj_=P}II6b?hY^#@l#hxQ zft}9IhWnx`Vfi1x9?Sg(MwSL8+F2!9Ar}4MRFvxJw&t>JO9uFq1u#*m%`;6qg-EmT zeSpMbDnCp6n0Gx~-uOX|Fg~8fS-Tif)pV=c3X+RP;(KENOd}pTV_$l}@J+zbP9FpniYW7`v?agLp zn)xOs8xf4H$xV&IwO7~=%}K1j|C!cpZRFdyJGoP7^v$`BhKOyd9_M}9e2!grmKr@h zXR$!ac;nWFGRn~PPqT`>M6uX_0Bm99%OA&XzY$}-EL@eRWk_Bf*vjUrC4li_7zCS~gS+7RNYiEKDH^_7{(lthayQPt3sP2GWUm;S&78-vb&1{w>)QGWHR$ zRR0}Q?iS~>dAsryxr!=fda`c#VCK;m3qv?LelDaOvKH^gcti#UX@cC%YWUr!K^|Rh_N!Zza0l108+Qu^W*zL=CeD5p_1-<9JYYbNc~iqAe}bz-H3#Zp0}sYNe~s%W&)OUF(18}aB`Gtja!QatWa9R5*cMb;0d&-|Zs3r^XW3NH(BIAZXebXl0t7amb|} z61z{aXBoKv^XpGTj=4v$y?4)V=Uk8bCcq@nwDEqV!~m^)3Y=_~c2G&VGCa=|{C4X5 zVdQ0*j_d8ejcDI|uXSy0!2T!ji8F^ZcgFr)(BYWT&7o}4`0SKRmG z1zzzo(san5c1LaS9xD_8Z~p?0?CAlGF(95kc$@+z7Wt<=ijlU2Hh5V2FpRqz+wI2!$i9`9KA6|bSBa-o zh%z6od4K|E$`&5N?urP;425CN!NC4{75oTcLJStoqItqnNCW`?^o=T=3-!GZhs zXm>^c=D{MM@fIesFMM26U4bB92K2RMgv@jr zipB>Yywxi<8V?u5=k5sMQ(xl`*M`XI7haWRA6c+dEI12LyB}JN^o0Z6_COVS{S_Gy zxUnm1J?D>hS;`~U@;Yhi1>&HWv%}#PUNilnL+Uuv zC(F?Kc)%nztSYEFi1gLI63p6Iar{bP;!FjV*J0)1fzEBgZ)Dk}eg1~b5{_Jw%oF*o}_!G`sD zxcnNGnN5*#G(&S>!`l7|=e)_ZIYn?vF*AjAAI~$N#7MTBmWe2>!<+Fj(tHZctKG#d zeVO&7Ns)SZ+Rw#2F=f~%#>q)x8ZMkv3ITg%pIhdV#Z$N4RW;D8yf!!DZwD6Nm{g-X6n!A@ zGj>*0(&fj;oLf1w8jS7+0@mNOyl(`q*6_N%Ny~4U{nGTSL^O3WmRiPxU0ylJ*Nyv! zDKoiOL9rzuyW}DjI#%rEKz(Y?P`Bs`Hcfne@pJN!Us zd3rS^V-eW6{*-5b{kh)WC!R{~yY__N=MKe#zYLwK3|_nz(jY);q){EO=2&#wt+^r2 z0;WB>vj^6{HGA!)L9h8Pz@tiYy^iZU;OoJ|OUTpr-2SpcZ53agnV1pVWICnO=~cED zJU_}RzRzhB4w6BbyxkixYrp?=@pU6=@VFn&$KQ_bWVzkYmRhadn;8yTxFt~YBNu<9 zBK64UIXKVbq+^uBym{-bGh+f#uyA({4yf0e^Czs}S@wwUbv)nBQeLPD| zxzDI8ka)@NJB+fJUY$oJ7O@mm4AttYD76b-cASwnV6;agi{CsgUPba-NJUhYC@PKC z%#@Unnvit^)ki>N$vtMN;Fo@rdtOS=*FWwZ4s&t)OTN6W981qMo-$k$?00k$X>6A2 zjmORJ{-r#hQBzrqM&f_nl95o?5XP74e&N3Tl$oXb= z!oPsff#Cvar(rogWorlqolI)j4?J>K`{={Vw>dH=BJDDq{yImA5Od*M&868?>I}}p0a!${auGyRODsNqw|%+j=1e4%Yggl z0Ty$d5C5_RbRPHSVxRsWG<|1K6aClrEec3iQF>8PiU^@ehu8oWAu4J>N<^CU-XW`i zptOj9NR5Jk3WD@b=)HFcJ@lGTlaOTJ{GXY3CX<y92PuE1MWEc?oV}ZWyhZ*{HvUSZ)M>N}`xDJV%+YP>jhBO$47 zJx8#497X$6XEky&TI7~&z9U?ZZ%xj2q~?cXzib8=1D|8n3OsPQ4~l|I?F(Ba^_P?< zz8mq$2mJ&a4{y}XsL3?)``Pk-0Hqbv3>9;%^@H|wwT#XX#t8XpM@@rJoSg1gB+DK( z44P$6jP0}`{>rErtk}wvfyI_j+Ayzw{+Y?WuI?8sl)zpE8)djeB#bu+Jl_=~oGKl# z)$+{Y*JfLcxi(A2_W`S;d1t4vCTu@em~N2nVp-*#}}^`)fp zXh#bxjupU6o9o9a@+$TSFH3K61qKsk7LG9|f29L_rUwlVzU^USR!xIwCm({(;LEaN z*+a|uFN*lD$rmP7^D+TVf!udfN2kI^IocU}uFhvYS-k&y?9w1$Ndb}d1^IJ7?xn%r zTfXDX1tn@#wDYTuUL9Qz%==IPZ9qd^>$P5KU(YW)nqs7-1)Vn5Fok}#rk%`(a&2Wr zRmAv?v76WUmK=+{8u`%Qgx~olZ)sraSQWrg`;RRP%HMICrUPi3%q=iGdx7GgbNO|DaXBFwPq$5rBnbv> zK^}sEb3dW@w!33!g0jfiD@U1BJyUBC+Lo`p{H#e3`xomV$~)bY=m?wbh8)WqEQ?FrAj%ijU$7}9|V!)eYZwbz32|zE7z?m zeT~%SP7l8Grx>ItNtGhzR!r`#B__?CtqVLZzA=B-uJGS*EH*+<6i_nrnY^?>#MSfr z_r0c{I^CA@E2(O2FuKvGr9M_7cf|-jdqb1@cv=G3JSf?S#VCP)I)FZ_@H5VchMTK2 z$i{I%9-)xHjDC3lsmxmWO?3US>6&c+ha^D*{~U=%(LhsI>R*o9X?P6Afg)oKnq&Z9 zR06^UncX>9^#z%VK3b1-?8>*q$@*(sQab9~Z>6uFiQZdyW_b9N^PXn72k`}TA%K(^ zn>v=*1V6bpEFtP`B*AmfpHj(3dV$&as)<W;d{a%zvXsV z7430vuf>QP%DOvf77RUri+VBXQqT} z7X3xoXU#I%9A!%qPzan>!uq1AB}s^&za5Bhu<>NLm>Z@#*yXf_mm04b*PZmmc)Hj| z{$Z$}g09TCC)b6>aq#`~S9b1--V$sVMjsYa!d=H|b@rXGcd)ko+WSGLP#*L27q&g$ z8Cz~5;h0BVC@WT!fwh3VD%7Fw}z`E{z~lIJ|$2%1&bza{FGfn(vx!UaCV3q}hbQG**nUZ?J!3t`k|= zD)b*Jh*Bg|m6NL;dHUf9AUV&~7NI_W8I6@3&gb8^E8L3UwXoi| z6N*@;0Q&}*u4?bi3~v=|J+*qa{;Q0spP5Q(bB*t&rCXr&xLL4sx#~VD*kIdxn$m5` zqfYz5MV)mIJ`C)r_Qwb!l~GCUV5R&nNfQ<*UI)FUaUfk@;8lL>Dta~8+<$#EOg4rD zeEBOak>>WS+%l=aLcBn_uEZ1LX`viwTVHUE+ArihzGHLxgsUe9mYgW;JFQYYTNkL| zlJhfa^HDl&&JP#!7ky%Vq=OuD4~;cpL+l^*+8Ux$g}vq*O&oD5@jSK>qCP(>UhK~~ zj=ARi>KUt`#kxdnRXY~;TLiBkIwht19xA6k=~zJf?vPkAia3yWD+w9J0 z4g4relvY{pvZ5J(gqe>5%cnL#wft1TT|aEFg_uX+Cr$uYOveKbH`1vC3p%rp+vh6f zxr2MNLGAA#r`GhCpJ3<#diX77%VrZZq1@a#ACT%nyf-J55lr3Gvq`7hW?XR`&M`Q8 z=(yPo2L0S2>rGxnI@g{nEHW}R{Qwx@A0mWkqU15`{1T#Nw=&5`*~?>`sUB z#Ou>pmTXwlZMz`lcB0cqf{9}UK+iton^xV?3H=MLi#cZWl*PFQmk{YUBSw6E?k(D8 zpX=o2kxgmYhhE-LCTF-E`o&)`>J|84j=CSHD(p%c{X5BH>a>nD8d6#W6~IQw5iR|& z=J&an{($3I)xB;TxG^cb=VE9K5y*;BCLFGgSIpS&zwLvZ>?HMiAT2E-DIVYY^<&!S zlufx5L`>%V!-7l9Kk<;36DzK|t^;=z3Kl7oR|HkvzW1-T3m+SxMc)e63XqmRFpgnr zcFE>#@KTp_!Hu_9EqrE`i7;(K>0iWl2`p%lTOL(*T^K}wWO<8r zIEoUGMF1B)%VFBoo~^|wS$DH89QcmPbwKc4spxZ1qIKaN7pA7aG{J^9W593qekZ6m zE?xocB_wFV}QHN&~ZLO-y(kz zAJ2R*?W1JoUDZYU6-~rWR32y3i}t~yuytdnslhNyrYgC!NHabr@e7J&Fp8XjrBpD! z`Qw`>^7-HRmSL#rrs=v1HASSr)R`71(ULHJN%oZ99tS!3f7TUB;N=qLuM*R5nw4`2 z_j_`(UD5Tl_B9{wYv&9l?3~Z~PPy~;dlFEj_>23|B5G~8lw`c^xVf()aL@MG-%e6D zpTp(+<607VAVp3h0!j+CH^J0XHBmFv^ut}~<;`(dBi>g}zd{S$?`5;dck9OTZIjMF z7xEf7$1C*LidFK2VRrHSXJzZnG6W-rQ8SQyM|s{b~ClXez()ssi{9T4@qS(Az@)<#hl(gI=nJ~1nyL= zwiaKo9sPk><0t%u0omF3)uLa|3aO;@P-(s~O=OG3 zaFu{iC$bp(-EY*JA$WC)1hF4_^2|2ZG>CF#Yuh>Gjnvcm-Wh|*o=Un)9F--$ct z!Z?!kvq;Xze}$95PLm;)cZu5@dvqwnsdz{J(W)w!_tbZzv04+)2v>NEHQd78+xc=5^YvQy9*nUx$^l6!iUeXph|bF`o$&#l1@poQ26j78ASN? ztrdSAY@L#-{_gdp=6E6)TWYraZK~pX_vD)!p==`4fwT zPOLNHvEcTY2l)q)iHTKi?Gu9#Z{Yg%r1AMntmjt}1SkNwDTM~c5w29H6qfar6d(iG zX?-IbMw7fYgj^LnP1edL{fe`yb3PchgPxciSC|IJMEe_it#?%KrLc&uqpWGEl*W;K zSB$ke{{R#_()8>*hlr+Xqs(GLfiyF=njzYI%+mam($!jvlS3=;Iu+9O&VbCfY&fb9uL`C>@y)H<$Ny_MPf z?djO=O!e|%g%@oXx9MvJ#*(L=sv)!eb*&W9Ao?HeboenknD}`JdMI|VyMY%_(2(E6 zD^LDJCD~9Wamz7lT&P-&KNetFN!|NHG(p@=Mefu=Y9WUV`L5iY!gW|~-+JXt!^Nx0 zE-~fWE)W#%D@6dX2gm)83&im~9g%ZEi$<6us17YH)~9%KCCME$G`G?db1(S809-^Hzjh?=97M|XJVD?xgr&W8eF?{$-({1VK#+!660~#9M8}hDQj<7@@563^N{bOe!eTBuI~ZxA zbOvpI8}oBJDg4{A+bL#FRi}4m0wkqJBAt10Ci=)2O+kG=|6^U-IL~7_?68w>iO{=- ztD<@@W2M#9iw`(FQf~x(ZWr^_Q-<(sDFjiBJ9j_D>--4Cq?>etpPEt9!KW;}Si@`v z#lD+1lq*FQ+>u4@VG&Dr?JO;hKRVMRov#k{NsVi|qSiNzAz&lg`ad8@L&d&4Z=z(rSa zihUzzuf>Jv<@&p|rpaCFVHxg9EM^Yp@jO-lxJoJoQ)jNZ^J}uFA#Djb7l)URGGu!C zZ)5wmK9fAlI#g!ygym1lO(_jj6q>3QNErkIr!=Wjo#2@tpR_6e#3--#$D{@JV@{5)9BvTM*)fY}KE_r@n~oO}X`;LV~sTwOnN zGlHhNcPn;Jz1*d2nRCA(v}z%8K#HA;|J0;ium(5ntnd45ZmrBDWj)H3Gr*arMiSUg zp>{~qa+FKgn`3$&##TlRkQyxK{^&i(AoxoN*f=oxVO4jQB~EgvsH1Z!z=l*Vi4RxGp1ZPUdhvAH%~I*_n%fXA zO+J-$H86fPwH-ZgRcMD2c{=Fi?xSPqGxAi=H0YkPTf@6HhD329S7o$&LcPtj5-lA2 zDea9&ssE=cl=9^XoEN*qg>TGAN>&svA0YYm0k+GKfqs_$V*nAtC8M zD}Od?&Gb^SZK(rKaG+tRL2%Eyl^(|KaC8@}aW1f>375u5b>;s}0SLJV$8zhoM#P@= z1~qD_qNW9YSTkW#nOAq}mfB>hE4wrvOiX9Edq)T1hmklCO_vUMVCva>E7;u9AlW%r zbGN>G?9#>XuRfJ!@2ljG?zQYkEB5XA9BxcX2d*=Q#mm$B^QEi4s~1R@k=ie5>9XPP z3@)>}=lL!M#+RTieD4hcM-O~|CT71+HBVfn_USPwZe1Jy6 z&iPeEvHPJ#BXH1KqXT|$GRQjbzYg6p_non#@?I)CKu=w#Y0S3C-~*1jPJ2L=Na966#N>YYae)>IOP!%I&>X1v;=z}^I zl;vcrSl6W74o;A2`GxkL6v;UD81UMyd!_^XdZki=)}z>e6wf7vo^d}BMmjh|g!Chg z2PB5dnb2;zeUiBX#k^?X_d|-_vgpX?{`Sz`vV`T+DN}xL|8aLFsXD)b-dBxz>tLgO zlRTVp7QWNP1;SP4HmDtXMgz;8612_W#`Z^wIqfK+27R1sPt7h#B!%#AvjAP@eyi=| z$};cJkplAJDuO^yBx-`BBrQ^WY6xr+BIyVx3OIkFhM|-Ck*|7RyE)WOS7d@3ZIIH_ zBIez0zkAW~(TGwA7xIhk(-YW5t&tZ-2P2|@!6A4WKn`FVnb`~LDdf8(*T{5nn^-%v zlk1lNwIiuv@m@Fe)6FMhzNt;nA%#N2{;$TV-N!x%wHPueR7Q6p&Fm#Kb zUx`)JdZ^>q)1%iXOFaIE^y==2dlTnvRg=1H|5C*~yGw-g!8!B||0f%3w?9xi=53zt zT+Y=yb*(k_qV}_$`K$Zwk7%eU&i`iqd#QegG$?v5!tj(nUtQ?IxxK91&vWIa1%;Oj zDZM=~5wn}&a=PxUbV+aJ4cFPk=3fMR+>mY#@*KnYu6fw`Yv_-E6n^H0T~GhFxPJDg z`#D~H<_mffH}dOLm?iY5qmgzy5wQr#}H;|8?G+lZDXH-JIjzVqYB;GTVObil%N8MXCJ7Ocoph)2 z>0_iCMa1XDx#gWY4OX4H{Ol`uwe68%t?kdDTvGE!$fdLOLeYR^VI4WQOkF1CKnz7m z$pyCa5Xb)j8yA9^PNOJ2ye9Ia^h@!SfklrKhXKB>g2z>wH9OU4lgaQcCyhaFtU5HX zuU`3#h(tKiQ){$9e&J8qI3iH-e`~BQ@-O18qd4)jtjCd{Moxl&>T9+_Bj*);!-BTT zz5@GXYxqp-2L+SMo)kvFrV8Ukx3(*azfEMq~@Thymv4UXQIuHZ{z*b3fU<&t=Lu0D64iwaCh+4+%= zusfe6h2{w)lkoz=0Rvoc)J;sLn;y`vbaJ;k5uJHOMi@BSdF)dnrN6}qMA0MtV#`#D zD3LN#iqn*+MQD0Kk;=zNbtUkUcS@!nE=IcYB7_D`jo0t2>xtO!-&dejl0T6m;$_bs zbmMlFj69z1`e0oUBmA2g=wNI?4U2NF`=uwRAnk-7faaH(<6LNJru~=PY$6+NM%*oT z$C;UV2R;jhB7;xDD3xvP7+@(ePSr-|rM5mq);2cs;4S@gHO`Riy;kU-(KN z4;@|c$LG$~-K4zP2mH<5tC!?{!4XxS7asj{{~emQ+Q8OYy#}F_6$DKhnoB{cXx8$= zx|cybBvg=|$ocWa!l_&D&RZ-&S)NDmXS6^m16G`=M(R(C;%s;=h*l_#QNPh{apLeS z4&z>%JG`=s1{xVCg$n0gz6PHNZTfbn9@Pxd?5VU|C~Y#4(vnDkn{z*wubgu5Vdx~T za+r2&7A`~fMR6#{M4m8S0`qLJl;(yU{n?f++w8axG-4JNju>;!6w{hUM*Ic4DeV(P>}h`u^KU|g zoY)CN!^@NO+i*8uWAPO10wz|9`>917g4nNYRzVIk|M0fy*e|7u31eRKYmJ{gcD8VL zAwuLZU<$i#LuBXUwZMy^G<1TP45KBct!cOfF{_;qW`klxDVo?mw^r%s>P&6MgQS}$ ze|oKcy36D&UQIg-b3dGSq&=kt;H^jkw8J&b>uEhKsDBzj2OoJ?o0H?a(_9YxYd2J_ zkCU%XZQeX1yI&Ic_%}!T_$xN#9eW5l<+H;I#Yz9<_9rhXraCSeRNaqdLJub4HzBH5 z-^cqp1z2E&9%$xfc>Gy?cmmA^aw*T9aNMsCVy3=a-?!_7_-l-U`GIi=Cxk@`*hQst zIecPD7ra`R;jd;puu}Q2unu?~-h#6)0!f&wL@AJshC@-Y3vxW~B4)NdYf|^jy0$P3N5BxXPDG_BC*^Dq8~!(VRp z7w2QlT%AvHuGq$@Wv#{C6i_?(ucYI5QAYv&6KCU^U}}xk>bbhww%G2YB5k6!=V8)0 zN|#~;e8%V(iJ53dD108Jm+l#>>*IQZp=k&OUaXI}I`SbzHkkmPtNdDpg z;(OE+Gtd3*3n)=uF>_{Qt8}cJ!^ifniSp6rO6dx%wh zwjcWubCDzH>Bq$n#b&+FvEN$@Z_X{+p^sO6+}|s?SyeIB`203KLg!`_`Q#wJF45Ev za(61_^vs0AX=hi7@evibl|?J7FsJ4L;t$Lq`Thw`BY4BfHFt`4y*_9mZ%5p`*}(o% z(Ay%1VT@G-M^L`@v63%-HH4oiU!fzYgRI z1TMFNTs@wKNvHgi+i>&)FIrZauEi+Ur0v%1o`OW}ZLMXYdTIM%3z@#X7p8KR+yHHw zs`r_#JE2TEDS^pt_+b+C1F#O0Jua?EW~ll#w;^+k!P#w#4j_ovJ(C)ZF#ECh^Cg-@ zseQ)n*zrV5@sWyJsUQSAf4da=;x$Zp*}uBrqI35;Ap$zRYg4XlqhX%{czFvRx^u*> z01N$k><8Ptn98KGtng+5pTy~nyuTt?7a~`%)wl6}Q}>XVp^)O-Z$o`J4>B7~#Y2Z{ zyohiZ+y#cfEEWI|{RLTJBn!%m_*eqMXTQv;>Dmn-WKQjc^eVNCh^~bqT%fu1sQ^csg4f}-!56rV)>{AMC&;#pXbQP z`xNG&7*GqtM{rY>{zi+Q+@lzAfnGG3VGJMJOZX#T;~@dE@iqk9Y+U}cSgs5oaCNQK z&R+wws9{p@%b7~uCs!kYg%3HkCECO$-g;x+dSdIPP!^h*R8=)0YO3)?Tpz^D(}DCc z0`XC!^`aIV4j>d8z8l2>QcMfbxg-sUj%vf=y&JE$t5)Y3vacB8NkY_|Q3-x!o?>Sn`v=DIAd3rxsK|;|U5jr?^+<9b(-P-{(In*dQc;6J` z4Ay!=|AhmvOPiKQ>t79x1f%?a&r;wq050BvMkluPQY*{h#v^1zFDU&QbUb;1RS|Z2 z87X2t(2*Hu;QFF?ro{{0H08 zUdQ@%v|czQ>ZT}E0cqxS%D9te1pJY1fCz_pu{~S+8NlqtwI=m15_ZVhUI_ap1l8pYO68j&VXYfC0xBId3b~_towU`sUF^M0cWs)( zV~T3B>Fe^z^2lw^4E+!Zg6pqqUvx>bSAhtLWS4)M=< zESDRA;MwyT+8_W)niH)e7T~qHgBlnoiw!-&8s-eqtAo;GxxkU>_2dHphu@2UQ0x&}w7mIt=wVSmT#LNf!uIIts@A3*iyq4`2n9(7 z+7?F%?@C&LG^ABpSt++`(c?7058I71Ex*y0yy1oHYS(fmleNp(2Aq!|-O5qP1;)slT);~?kKy$5DEUGLD zxk?r{Pkz1vT}vNAt3=O(f!kp$&d-67O<-O);H{Om>GjM%QPzU##7i_+q-RAx)J(^}UD(&gch=qaC>1fsU$|95n-`0iJhFVURM;VC zR>uU2dLFnlX2@&xLCw}5LfLiY- z%E~LekMs*%jHrviAR^L3TOF^NO~YJqwKLiTSkY8fRfK!8RDe^)@sT+7aV0xi&4IUO zic_e@dvjsmKdbyz;CEOZX?(N7>u4pwbMxOlE=MJrWa>}_JHq*5k4`Vy${U2*C1;{(J zdrzemZ$nidzYZ)2?YZhX+jWzfh7!BIack0{=p!*mxW`biWOU6C->ukitFZ3^ zvT)K_X^8vp>l{rVRj)d!rCkt)u5ZYxvq^JUY+NWbln}x2o#G9T^I&efGa3JikAo?c zzcozm+G9!QYdw)6dcNnHdfvEA&)Np2Y}@#Vm9R(0^d8A$$G39moYQ&E4w+C#&l2|1 zJGNX4w3auX-?;E^#1bTJI)>{^k9)eTeOE)!S4C5EYPWXKb2EENEt@tURRjy)+W(V& zk$L+z&{O-kzH0uw<%Vu!W`K7hcSz;wZ5hGY616pbW;VB?t1?>r_jY@kI%l| z&*3-DRbAn|9d!P^2PZm6eNeGiBwf7Lie{|5U48f!5jbr_g7=l>VYlw1(x3fjcSc64 zR(k8s+pfLJgUUf}85!CgDYLg<8+bWhw8xMFZ;v#l-WPGTiKG=P-*ByRqT-tt_O%)R zjhXwJYm6%Ozx_jD>ESw03vn)(&jX^g5jyL;5&_W_nOCpvj$Z&lP59d_dx@)83srUi zmPo%XbFaqbZMHU1R17a+q^^PZB={E5E{!I$>fhx{U!wWUCvhsgpDf}Z|M2%KX0+*3 zhR&cU*jK~`sp;3m;Jv0({VT1 z1)$#?)6F>n{s%q0CukkPu68Z8)i~m1wn8*G^(ljL@KBg|*riQO0{EiC^EboI6%B8; zRrCIY?$7lHWjM;ccbnbas1O2rR|_ud&u?x(c!gvKjwZm`DyD+w*~J!E81&$;EKj$8KEj{SAqLXRkcoD6l^FBv$>G zVU&>q9?I%v#q+4q8pv(#IcxHom63(>I)hRXbH5DKw4RIz{{xdA-|k73euxnb`p6Rf zcP`Z!pdG= z7e@i~s9|i~Arq^C(a`_qC9t3siT3Xgxv7PDf4wfjSrNz>=7JOh(hSzxd+s}-LEDjW z5Soo@0~Tb@fFGNSkHIfZqHl1|ta7A|MFF64Y_~1fF5N!zj-X?^aA1(k?7FZ&bWcB2 z%6$80G%Dg_QosI@{1>v3L_-?Fg9b4?So;IbgOk{%Z@R7;ng>w>7pju3MxR0cq<7A= zQ(uEevMUonm(Q7+;DD7S-P3XHy>_dhmiK)2cB-Occes#dOLwU&rU3oiGs7tav^v>1 z2C2uZCrjRY!NtQj&~|C{WkqJCjo4hWM^a_>I|Pb$*oHV&^A^Df9r~FGEbT^ue+WrE zt86_#QXm4WzgN&hW{94`hZKg=YX%4TD`*FrJd*e=A2jQ92rLWj&0L$jTG8<{PDde~!-+~0@z=8K z+;O*g*o=x6UFO_FE`db%LEiZ;)MB`*i5C~qy=aZ^XT)VlHLDkI%a8si#szyf9$TuY19`htK5DISsmnh4n^3)`0s zr#|oQ=~wl&&913QLkF$g`zJn$Ow|X}n00)q@Qh3>yuUX4|GfZATW%)+Z0IPDqK>81{wT88;7XeuIOkt6986DVLzM5Bz+F zV=z6DP+V(UsE%Dd)MD-?Zy)s-+RsCsU-qmw79y)KqCd#ABB;yT`Jqrk26PoVnx~$! z0W9waa8u~(&RCi^>>z=NYMn)xZO(xg)uz3oS} z0sCCbyNgujRDj8u`;wNyf~e&>>hag$&IGm*DzF+{_zgINc?*xl;IY%>bj_c+MDPRw z3os`*RKJ>9izD3Ua$Br^77Ejd@@}1ie)YbN1|q#%7bTWA9~lt?HTFo%e0aNk%4r6| zx2Y85?e9u%3y)-=_HoVQ%--PeU;>-65Z zZTW-&A24^sNVxAB3Z2%*8lKL^XAMlY{Y6w6n}Q>tJS6C)qbom9W^{lUA;K1Lx#{@i zen>dj%4@#3oBhjT&ud30(RH@ZntC!zg1QC#Am%fJwflX?2X)N5IKR9;AMsMxq}@C3 z(5yRJsKIid%!oW}N*l&#RrQ#}5+go_s52Qg3px3zJ>MQboaPoKaj5M;=A}-zP%v^7 zo#B83xPU6dy@gWkY=1!>ZrZ``lH#(l=-fxBe|adnj4@&BT8RYOY3Ea}^=T%~1JY{h zoMz_&Ya40q1lb44dD4yjsni4}?dy~7b4hTJ&USY5(Lrql$@x9^>o!cl@TY(eg|E+z zjXKw^-w%GYU+qZ|lwy*BJ%Y4}QW%1?8!oW>ZsO?=igy0(!K_;QU>l;Oa&qWPMV&Rw zR`4TNcvImz(N60ic&`M~TCI;)yWTyDZUCl^I-^d{?Jw;EVRe^jBIq66LT`+V2&_*!mE?3Cno}ELMvJ{KP#hCEU`Q1A~HA z=X4`8-j{RTn+*NJY@(##U}8OLyfo2Krt-*%YhP@)Z4t(G`@v*rn%N_f1dYRsT9RHr zw+5X}JC;7Rw_YvLi$$4>0YtUo#R42m<)h@#b118rYk;zo)N_R39yw9 zXsDpFTDGNlfot&QO|T^FiRXs3QTXMw2YWLvxfc0`ye_r04O5+0SN;_#(Qdc0xFQL9 z%SkHKt`B#%u@xveZldrLFXO7YnUe@(1WoT_IpGNbAwo1gYQe$$)uuXrno@o^nXGm@ z>K{XxxBDHlARQd2vw2riZ7bjNhNPq#{CC_y1)`kGD!a`Fxr;sfiXnNP6o20^Wsl5U z<#j!Qt83R{96e{zuU!xLf))T9zETP-~BXdXK;f4(=1S{5$H|7NGxr2;EeVPJAN4iYZ$6KUgRFrsH0bva< zFJjt`bThp2$pIho5U)3Qnug4jSOBK%qfE#ClnpNT3Ydq1{&O*2bd|I@?>9h%yqd+o zTb9tSh_Cv3K?owZe8<05iej4T+u3YtDfR1U#E^fj56B3 z&x#*9`rnH_3-?b}pj-sV>Bq?%b&R8hu26(4gwlv&B}!@TLN_(Y11FI7x&481b-bvL z_DNLmNL;?48jTYcq-&CQnkJ~_k#@`#>@{pq4(ZsuM3-Is#nulJ1If^Ss?*x^dB@R)1jowk`nO*G|=3r0xfQAb0 zxzweDz49;ZU3<2diCnYYhHtMes}7b_pE+hiz}+uNDBUy+YD<-7YsSQ7=CV+zVc}&) zq9X|e$VDvyE~Ytqhr`iS@L52v-+RwU%$`g%s0F(#nCR|%{R7wzonEDO*{iM@m8!KP z;Hi6ty!K6qT$eFZUoD&>j(1S4osKX)7;d&hGydzor1e#0FUnjh8LjkFgb+pl)|SpA zGt&RNPD4LL6HaF-J{5hH@dhzlt20AGQQp9BG(+s?mWhF8oB(PDvxe)MTk9mq?4#-9 zKJCTV?8WtzNkiPbX1d?PacA53R=n`|g`io;bJn+r3eu^ol=m0r!u_L!Ww^9s&xemsA7+>bQFM2#A^jCTN?l zON3-6{;#iom~{~6Bw%vOCw^L|Am*lEmGYj;P4}7JtIWHW%84lbNiiL+J$hd)^yhY) zY?THweQB^WE088Q1G#*1xD7_WbPTL5`* zq4JTQ==-_*!XhYrA)b54A^AuNu9v$0mkO1tx+?CP-6~)gYI%Fv#o<#HyX;441OHEA z!dDk_kb7TbGvjsb&L_1E%X@uS|H66gW|CnWti74A2Oiat~#vT{O|4o~T!9+!9&2&)-sN)migE5v#IH%T4mr4`4ze4cRCv5>e z1)LiRS|o@@;~TDi?%uI#DRsUtN)->e`~piq0k;4G{{!O6M{UXe(M&`vVv5&fmzKD$QX zC`yciS4@5qIeGQOPfg@2SXabN&3lN)%!jZE4%+Wf&PubbSoSgTLqa~FF;;k+J=R~Y(;?0etR5l3Gkb(6|PD7{-T z(rwML8avkG!m$t{?)?cU&>lD12(PuFt!lA#{rK#6G|3z3e$;UfW#hc{NM%U2dTsHl zh)9ZpjqX^v^JCm2-8BaA%GzA(?8s|btNe=+r|_zt&g$ z;NGb7IuW-G8T@d>0y5JmaNeCSZ6}uViA`YB4k0qtxqMPQRn5xhJ=9YQ{`u*SY#{I5 z!^HNvlK$E?{|;X|x7E&QuRSkO)Gsr21-%;#$#^gUU{1dQ)n=SzOgf071HkuYQuLt) zk;GR)Kz*r8mwI>=S=)YYm3@9(`|{fk<+YLDPkP>g@i2-C0v>`e|JnzZCOH<(>s@?T zSW9$x4_+Hf1d|G-nK`89PmMDszGQ0j(W1B#*Zb4#hPc@iaHs#H15;d~UcVsAJitHK zgqJQ0vr+(s0khib?GU!dQg-Wy^HH?tqm=@5!n8@#8@ORt|mNu3^(fts4Gwku}YV1c`xg`=y!K~Rf_Cu1)jBVLJe z4NWAhh6-%BH3oCet)~t^-B4_#K7)tT*>4W@q_co2hU}*~>HtV&-KV=2!n~;0oH6vY{NxWnn`T17$GPy?&p48w856t|#7N zlx}<{Ov{!0;-7o8dC*`sVPjBet|9`}qfK4^n_gH3ds!8Lcf_q^p#jzaev3Q?FeFo*DXsom*eMCdmKI<=1!EiSM80z zz;gEj&z@!3(sgJ*jWq9n6p`8ah@hKKVo zejX@0n~`t-U&DiQJBg-D&Ei$tRs~F)^e&%1<&^v9#{bqdWoB&aeJgyb6OB}sSPyrN zW%;Gqx97&HGaiRmZW2#D=u}Vs+`F*{g__s+^bQsFNwtqUw|)AWdj;#!{r7Rzpr)Ye z>(}L^cfB*PAnfSN{R-tEtAqwo`Je>qr|83dyCX%7t#8hl8O{&iBjOeMSC2zZR))KH z7(P-Wh25SC9PTe)-u^`Y#g(`4^+o`lLP8Io6rW}U!frYM8yP`+zd2F9nmLbCcvJ?* zIB64U?rq72yn=r$+HF%0`+XEFS6`7Hifq)aq&TvXd4X9;M6pz?{i{gO{^;lXF7o;;qw^KNs81c0B-~f5LM6xk;KW55r`jMK)t)ra?yR$hp$F9G^^=NAk8Uz)7-P zs?SrE-A=b^&PquazmkYznAYJOW82(pU?`%6BS|er&E{RN<9ztcn4!}<^cq+$W%L^b ziDI0ye+=cL(dD5XK67b%U#?|@@YA@oCo1PEvgSUZ8)v5QsjZjH7ftd?a@JVt3mU8vCWBr( zo14UVFCYGhSplX9v45qjQwj|>%O~x&w3Of8U~HP|tiDQvXkV6_%C77{n6bQ4Z+v&# zJI2~svf#mDx4$Es>iVO<^pmER|FCMtr(1b?py2*3^@E+Vr{&mHZS;1zX=$4JrJz-* z4aIJjC$qmoRT^x#YB)b{9;?ROHv@K$e=`OhVvZ5VsxGvnBurp6-na4XU7+!jCSgRK zuF1?D;sYgHS^aj~%TSckvN50>GI3*vZ3L*r-m97beAFlQa`Cvz7)S9y&KOfeP9EG* z=dZOvqCVEtm6E;Q?MQv9!4H_LY^`jYHLoP;ZU;5ZUbqp1@!XOT$NLJDn#u^ij-2)0 z4&z$56I$+V!KdlBI|1klPFZNHea%=qPp@(-rnQ{VA3y4qRMPvu)!YZ)D}OELFE!9c zPX;-6ogVyM-XDp(BbQ)NJ7`76$-~+=$irVRO@dKuz}H}}=HJiB#}&u4`c7*97<#sC z|DWr{boYL>RSoTSBcyj=7Aw+z4p|q1n8!2*w&u|~xTyYFdhkb0K=lTsuG%2Cdp^nQ z|M7IzaZP^l+gA}mLR7j%q?PWPii%21x*3Rov~)8O1e6#`=cJo~q|~H4q5g18G|Gv zlGn_Fo6IK{_x!?W6VDh-QxI?B@J-G41RMSWr8R3L(8Y??K*bf~wDmPnLbS|I)nCkN zv~r(iqt`AAQJJ4iP-d}&4|L!B!jqbBi8UZ42n~Y-@Qk(u#1YKuZD3}D9w72M&7J_e zQr@JUTpqoIL?i19f|Vz5I&sK606Hpn3+fBYJGCbm#Y#`$PW}ynYGLvnkBMsiaL+HT zBge#g%nuXps#jsr#C>uUE76^K=7?X_LZk52dBWHSmu z0)C&S#3JW8K)(a%l=cVSw!lCMS2?Ut4IVHCe)hOszr{Gh%^wr6#Tvn_Ay3hUsmzTF z6Ar0xGFi9_Jv^Gn4@iE5G6`ej4eUB1 zNA5y=k4mgw7ldrRHucPxH_y=QUS-sI-KxSCluXvu3fqVkrQ+p*Nk)fip)D-+|Gc+I zX3jsbs|}wa3Q_A`-0m`Bjg>Pke|QFdSsqys(*%#>mDAF!e^HD3le?VerhTtB?D+bU z@@wOLis>(C+s6C(s=`#_9B7ah&R69~bW#)F@s($4(S)Go<<@EOCvZPOX5XPn#D*H1 z^o>8dcF`|wWg*$`=-$eK1EjXrsWElRl6@b>bTWZ<2O~dHnwB-s=M6K)to_T`Z-792 zE>|~rCFdN5F|uVVf5dZAZfh2Ri6T_#LbPKH2y$2ZqHZ5nvxRPRKQ8gU+3{C!6*SLb zImJ1&Ti(3bp9i5`47_lOR2?m1HC{g7Sx{)iPbyHz+JkdQ7nTx^McPGHhdFngUjh?L z`i4muQy1aZDYhW?lFo_HBy*Vb#H8k?Sc}scY!dtyqxs;Vk&ZPJe9hGJ?T`(CCCHVaHus$qLmDJ^xMM8PGRYXQ*%?rd?TnW3 zmuu1Y$^>sdC|Ug%4y^Z)FW*Y9nKYf-a%&jt-2EM}ehdsl71IMpKiOHg3Di{mF>~-O zTpsjv6ENF}2DLoebT|>tu!2(%*3%ydMuS4*|8C6{fVEtF33m24rS~q}g(y-hjl&Cx z-$ijYbdp+t>dR-jNQ4li!ZVL6=y-9yWy!{Dnfr78Qai2baL5gfqh#Ph^ko`E%rKiM zV1E#N-j)r$j|(&to4=^`{3>VUVQqF)!-aswrPZFHTRe;nabfMjDWIttT_iM`eAgpgTM`0a zv>95@-#2KINUBrntXjn65d3funwDAZ4FG)!$%K65<7`yKpSmmaZqwFOQNe|B<);&3 zcTT7qJhl!$YCe6Zv$mDlg8zH*TI(`rr)hf^w%wTDfpo7L3a@k;Tc}?0Ss61 zKJnIH;um7ixV1J2p!&C24~VKFSl*r zA^mX$MggSAT65xNbr6|4rT-NR4lq9ktu}NGXRBcWRTfAzz|veyH0eXjfC(Jq1-XzP z0dDKBG3P)n7CGP>IscX++R^y8z3F4L1JNtlQ>SC(J*+stVESRD;h2J1u8(tVQ~T(F z>Xe>Sy?igx_UY!`yO+1c6@_al-Fr3(X8X=L>N>Z<0FuA)XN$&o-L-y;Y3(iQGsl;D z-EgjquTC;%uxH60RKnIej7W59-ALdPpZRuZQt!K&-z+R7+&xQVt-dxBhATva8^ZL& z&k(B{9-H&n_gnbWHE!x0uQ>fMu>6sL5T--R{P;_7Nx)i`GP;n>a&+6rG=VlCQgDg3 zz^5jufj=ZmaoJB)H&L?hemzqA?G)6Q8-R zu`76~6K{Ptzbx=@-a17+uC^mVsjB!nK4s{NX62N3`Disv0fvhUB`*m?ae{=Sm?fl7 z4;F-~ofg z;aoGbb04t&N|W(xyze>mlIpzh=pse{(@=B_SY8kvm~rhrKXSe(iF53g%#v=v^OwMI zWu+#b1)-JJYn%b*srm%h9dcvVQtVpiy!a z>WXy{_h6P1pJv2awo^AU;OSV|p}Vbc32!eSe2q+$a9K$6$z9{x5Aezlt1cT+%$5Wk zwl&^PnnuQ3ahohfi44j$4+R33f5J^!G;tem#+~2z#(W(CnL+c_zhlZ~oTDvnZ1HX) zk5{`oJv(>c%AR2t67I81CP{m5rFXk07%2(Wb`nHrQ1iXis&d0W6LVdj>ON)s1c>?3 z=0FOoIdt`GB;QkL_kv^c(2?u|%LTwl1{K3$2_PfD%m(kBZELKJBfe873h6BE%ndiv z%Oh|aoI=PY@`otSEnhKREc#o{C;yv-HU|b4T&D~HS#1m)ozJ<<8PD)cUr8=54&2(u zIR<_FM@2AoBV37Y04a+@meS^pMhe*BzX3P)H|OR@n|kqNfim+)CQfIySvmznEN@8l zZ+n>+1Vu~{9Nu)J!h?}@CF4M4Su_@53|$osmR6G>F#Ef}M1v~jO4T-ng{T2UA09M0 z8Ba6<^OoA|eiQhM2V%N1=6m{UQ2*=6zC8FX9jAAKy!WE2VdJ|!zJvfE*wB2FrS?FL z;}v4IuzV6!20ht_YL-k6(n!xnNh+{QOZ21UAK#jq5xL+l$h6XrL2@Q=WPp zrdSjOmu)lrutFqG(JDp?&pu;wy554;3G-?D0*mB|z7#8l$+q5$`GRm;>s%@(NZ!E| zCyD3Y>jGyKlNs#m`nGn{n~hyQ_UnzlYmELGtrl_D{!x+SeHFIXBZgF#vHFTV_j%c& zZ|Nu*I=C{b-J0XCw=jJZ4GXY`EeSo&7RnU$jE&LqkB0~3uD%!R6T)~Te|qqwOod32 zL(bZmBa)h4yWA9cq85}O<6;>r?J>Avjm&iULm5mihljW5y>v1kS0tUlFv;crxjTL` z^;;`jG`{ZCHGh12o^;)wAwT75cT2>%4+H(pfHkb>vI2)(=eTLOQ7d8#a!kBsFUH#b z8AK+Td)XyR_}dW4JXYMS=!S^w@1F7jTe8x)rL6doFJ6U zLc6&1_mL-Z1*y=)D*&0l0oW7DHc#zGd2x% zgPKzP$Txn*fZz}RVd-4}Gtl|^UrvA>%WpSz0%9_O{pVpEvK03KzP5oOO=@E5qsUa9 zhV48kMZZ;P(e$SSoA10!AAM3B5yxhJ)Jqv)>Oryu=4fNu`CF*D(|uPTFNpApeZ^)u zk%MNaIenGzB#`=^T;G^%l>Cd=CCd-qaDg?~&(4?2z7hb(8@9 z&brQRE_!T5PI=2yC{uQ{kX4Q4Z23MzzZLU8x2=?mOYgQzw4~xh_K}IW|bOEFq5P05YB8EG}C* z!d5-aj!zXGXF}zuKNEl_GKtpLkd;I^C+OPB)eYrqy&A-j!^t6f7OKArU1tL(2x?Ue zU!0`?y%UHO(CNB7CwFCJj8%~W3{IfJDc`B|@PM%}fMgj2zZ%P5gHB+sd|=31V;gDN zn|E0Q+6RV2OQ4%Qd1C6v7+2sxLo?+U9GFLk1k3GO(JbXl&`?K;V$ zf+lV6QhiI&_L?k0&FsUx_S$Q^9K}T4H3Ow0HF-}hvSV>f3d2o^n@1~;xxRHT4NelV z^G>b}GnVq|$kqBNjxh&UOj*ygPL_!tb8a9$ zwUPa=PH3Z<^d)mm+lt)p@So&5x!o2|gu(A>qS1c%{CCAm2B+bSQ3g1n`^W14jYG+Q zwj^tgim&bITfGKN_V{n^`8_MAT(PVLDI406?U4c>w@(~u2>Mqrd%$2Hx@xMukF=-# za0YbyWY0qNt`PQs-ke0GZ}B-?*tPf^>lUgncp&CtbLv>KU79+&XMa$i6dS5XO^SAI}Bf%KDVr{WG%mp2+lf z@G@oos4mTNp0w_7#i&>vGs#3*sh^@fx#Y!BXk)j3+ZZl3U;glW!4Kq*nM}nf&Ma=y zu7AUQ0XLwFlsdF%e2dcDm~d-aEW*~o;hZWBOSJiSN|yvODt4q0oA(0HI-Cs2>GQ4R z%GmgDpPh#y26bl@GJeh(4sxqEpKB{lgoxPGWG`mB8E2|XgJDAf3e3-_#p>|0pf!(H zzLGMtdmPq-L?VXh`zQ1P5p;Gx;%2uuLfZ}gp;CH$OIH40;Oesaqq|KFL3bCi?{(Vx z4RNoFp#}A=PwkCk*>PIO|L`oitoqMFL(Y{eE?17q_G3 zH|sSUtmS{CQ$TfA7{H>+o?G-Jo{#hG16*#Ib8SD)cgE>tV`HkqDAd-y@Lc7#qr_DT zCvxYJYI;2SQU7QA?p0bSRkxx!8HnzYkmvhP*R7!0c&5UK&GPrrivN`ndH`$igzASq zuG2SoJ1a%w{seB7HeVx8%2*cuLVW$COsnKSJ2RQS<&woGBb$=5I->MCe|P4K?~RSm zVs0Eo|1C@ZcO*pMjE**cYyJ>FW)?beZc2Rl6{Qt5}?{=HG$v(0e zZ%_k#AG?Wc84?vmi)rtJ47Txn3o}i6?ZF#O4qmB7*;{7uk9)d_jV*aJx7VH}M&FZJ z;?s0<6R@XKHR_%3Rg({s?d|Uk;nF-ByNu6ldjzs%UI+IV*o|k^-X&UuI7cOSvdnV( z_2liuJFasw=D01X%B}OTgQ`2g&HauyJ&Xiz__E}OjXu3cmsCOJJ8txx#UKcsNB&dB zi5n{_Al7%Jhm3e3AJnSVu+z$;vCp7B`__nRT`wHh_VVZ}$+~p}ZNLhhe#6c~^L_20 zRw7z2YO8(1Ny%n7-QT3@mQddZdkE^?4*`puUbVY)ZjbKnbINY~2)!P5{Lt6;K;^8V z>8bi=oo--MA#s^PU=S?O0j|8;*{RTCY@IQb1(7y!=|KCk2Kba;_}>p)H48l%&b|b+ z@PIgPApv@6NPIFthrcEK6rs2T8>Mk%mwx}T0u|ja_zBWQlTE*DT8Xq9;^1j1B0!m+ zF`NL5ha$C(GkbT1j%$sGe$Y1Ut#_1tmdv4F|>l12BI!MEa2=&dSNba{TrW$FSRoXN}(!!Ri9v>%&_)M82MA)BV0JRpl^0K+h1* z_yEztJz&tvXe4-PfZLSU;^h3_f>1UI4_GdngrEf1baE00>;cOFt^cl2+Ztd4cB|{w zi!&hS5+H7XO8@r<*Y1U{w4?wuHD>MyeC0op-ySF6oO;(?2BQK~YaC^#ne0MmQfz+6 zwma4TOc4^MHu+r;m!ws!*r8Cz>)KQ6X~v4}0h=+ki5G{9dXjSx+>#Z)yus&|IFE`7 zsx~a$QO2+ajHPqfBM3om2a|^11S3(VLuI zM9_$ia$o;XxK9*X;7J+WV@0g~i%PPaKvk*T@{qgD@Rer>kK7l6%4CP(6JhllemZf? zE;Cs^+D*VpfBu!6$8!$eR&~X_jPyr+t5(H$`_KE}L z^^riV$ix!-W9<4DJpd>MkP`qvEWP`n6zUSZ_ZhHCqzL9%m)z1kjgstVRnjisVrNaf z8AZp_lJQ$qLE!N=I&JFYUZR%q3_aU=p7}~ePn+kC>cech79It4(;Dy@zk2HIcg`G1 z^h(k|hUAB%FCuuARL!8BI6XsQ&!4ZDLXeK*uU3xLAhBIZ{g1^>X+|DWCWwFL?>7P8!R0$M zh3jI_Oq+lI47KHk+Q)5QP26}OF;UJ*`1a;ycDr_0u5z{@=2iZG%lDsnr`F1@YeXS7 z9r4}ntK9eAcB(rkYEnQc21^8tsDAZ+6-CbKTyMEW6w&_4P2diRqzNhJ;Uni7!ZX&K z7g7M$M_~AjvkM3E8`%1E;ETGgldpc85x@1G6G4x6N_^YJtM)xj-j%Zsf4EiIC9)YL zqn;u!hhqxbo~<#4rZf#M>0Z&0SFT)eP5{F@KplZmR9Z^51YbZiY!7TlSyYS4T-qd?R9}KwtCr%~`-pCG%^9BPbF0sMA&?`1kQ-znEidcSd(~efttYCe8pTlBB>Ws7d=7&1pCmn^iaKffqA66gzes*nsd#oUQvdkoW zW3bH6SV#JUc$~hOKb3oaV~SO}yv zf$CQPloZ$v@^ea-bAD`8T6GsbNmz)fM+gFz@xB7B_je1S12E34my zAUB6u@0LTd+2Y)Yk^Tw(iu+4otB!Qnk_hnEYpw{6Ck5l&^mFikC;T-;~}^+ z)X=?9n5#fwdj>*Ea;>@pbk&)%8)Mzp^ZmdYg|VFm?FfZ3dW3dz0&pR9BX zf@f-S^JH{u6{&g(v+6^|tiO z3El0y4)^J^jHkgAr^)Wn1)MO1o#*nF@i|d?M(EpfF4HMvN#Q;_yyY1))SJUqGJX-A zhSdD#A4WQc3MSh==xeDkogFj=gS^4GE7bB}-6FZuZ1rvU^a`ydC#`(C$4YN-aE8%K z`&ju%`-l^SeW=pW&Gz}u;9;o6u&ppBOFXrU^kZrqo@QD`Jz17(uV!=U)99OmP;o+) z?Jz|M*&(yda4P*BrM;t1(^;yrxH{D)_88ffk%%;zt|iut*;*&o%d>4(ubDGjobHsO}LMvvIuKnFOIi5hYs7O*5~eet-||rtL$(+O{zl z!0El__D|#@ZI@d>1OeRI&qxZw6jhF8$95AEfA*}O6Jhlsxh&$i&J`ZrK9c3)d(vSp zI#)HU$a(293mSU;sBqb$p5hGPO>?FTYdK>mbN-O&zwvbh3D|gU!nJZ1sTcgcZnG== zPrrbxK%Q=B=96m@wnJ1;)Q{(hGZhXb*${m9Ck#}8;IuF=hiXdhaG11p((O6@Wda~N z3D^4u2;rQjSpnf;eD}&ZkYHfOtSP@9DoRA8wl8=u%zY$qRa9Sbwjz((I71IJuhvG0K2q?M;KruX0F|H3Sx^Nxf|qv z$l1ms?JZ1=6Dn^JPY?Kg+`kmqX6C(EHGhF(ltl*2^?DJ>0F*@P?em2*7?s)=;vLbG zOAxw;dzlP`3tGx4jB|pwOqqvFSRW)}p#$}<%X{uaRR1xyMbR1e&bhk$md8w7*zYjA zy_P-t8}dE}-IaGWEVJnIB>iOHy)6f(bid1lop^9ZlXkxFn9YB{b$M5neSclQ0|OLd z5CWG5M`gPwfhH3`beQ?Vaos}#^zk47BsdWeU64SmjufE#A9-U|*CDM)&k~_y0io+%4pJ(JY zxjiYe&|SG1B0kP1TRfLNU#RpqD?O@@mQT%W332{2Nphz{qo2Io6iv>!(gU-zs_jlU zn%P%2;%6-DbKq5WQZ(Z5U0XiN3puAbjOIMVvN(3VEaR%W+Pokq%5&j>z?m#~g^z4^ z(Kz{~|C=Ssn35l*79mofTJ$oe%s-#X-@ab_Ag<|b+52EtEUF6RVbSZH^K7db5D^YZ1c z3zaHIP^e6rKE&k<+=UJ5_(*0n5$-dXi*iQeQ=x#NM$^u%3GNn6~;tESwq^B*qH zvg*ELIj&&!GPMB@r#XCe0yCf&Xc%9GzPSSG{%chP1zIhM-|G(4cd3=_^5-z9Al=Wc zex7v%wrNj04`2Io)!eRx{Nw#+ z9~uhG`?|N6)h({Pol&}&SE!aI6;^xbxH3WE3r?FyG*=ihQ)1R?YWXwC z9lA?3NdV$`M&BjEmzv#87t$rt?~fZMazFN^SChQG`%RAFDs>Ik`ke>=BV?#h>`4z8?Oo1}6gDa+VkEvor3fzq zcOf?1yK6jnU^UJV4U`xI=t?v&(|CVNFj7eI%>x0G>Cl_^f5zUtdn1b{;z1UvqJ8UI zy_?nc^mpz`2hZwL@TW28nqF(=fBCHPH9fsx_RA3t%CgBE{s-6Z@TYM-eSZJO^`C!F zuMPlI5(vgf^^P>gWhhN%H$%ZYMd4%^N13oIo&pq-KEslofn*6G=OP~g0D1*SrQy2+ zOv?QD4+_NsJm$&xl3P9pJ23o(0uv6r`qqpCF!q2;1k=|!zqzhtEGslf*frQ9Q`#KiMz_p8&$AUglseMh%NS0 zpGZDENJWI|=X1~rd5%w$XsP>947F*YPHP3bmnL)9kp0!$sIbKV>qm2za$|2Fja|x1 zQhX<4e|!PD$)#D=FFTj5qqtaaARC%xt0bb?l>#mZ7ov+_nTTC?gvoBVEi)VVgzZ#= z2ga27@2uFS?H%T$gmO*viqAYnHe?>2PphkR|{kbCfct0jAvtir8k>uLV7iTCPJQYsEDtjPHg^cthb;3d8;y~%z#zRtq z!U3CwIpjR`g9aP$D@APDckn9%r#T~x`+~C5x+u0G) zf7sb(p}})QK=&?hc54hUpPR0dn-#|@JK{neZhW>u}QN`sz zJz+eg)p{gJ%@ZG3drXvc4^x)8#RnDx{WbWV{}vnNFD{fq-JsDzaWB; z;tawBzfs%$NVx3Nj*E{E)bD%k}{mS$+#pSG;V|>(2f;Z6)a&WXW?(p!1*HVxTGI=*IOhC9O=-n zjIC$kVEV%Q~lYSOvpesQy{n&TdO zC!h>qp2-D)7VLiVD<4cR4w>!KBKn>s9Q>;i?ypu_C%xF5VSJ*hn?7mPBi=bIX_=yr zGgiIIJFQyuRe0&MNPTUjKVV;SF7G1$TgZ!%G2h$z*^=PpY7WZ?)n#UTRPz8|dTr~w zIZM-Hd)Cmgp!>)!dd<1xmE+p1GkPSkZ&nHZ!z@Z5DDfV$t%4mYPu_p&(b4a9e85I) z;I=YeVrf~gxbZY!%=+3g{8~!N$-tIa&YIqPla|>S8vAbfYmZ5BQQi5gpKTu= z?3Gw~9n4$rOqIaWgwrDr$Eaq=+2;7Zw6)#PX|!?DQBo{@iQ+EhfLOb;8d+l6Dcs_5mqiMdvOsQ+V|9$14Aey3ZE|A?`VF90WV` z*8Sv(Ov&R*rL_Vg4Kj=*(^!u9=pKE%?exs7kY+oP8|FqcT(`!0)KlzFV z1(g~e0uG^e#epXy*+|G$TwBI8xQXIwMU^5uxq`<(tJkOU=F0uv{LUSUlmjBETsFRQ%v zS=?0+yN_mAP|T^YG>FYWva^13qjn3KU zm@(n~@LcTIf}ocvi1b8x;#ZF`@kxf6>}%I<^}c!W zOm{rci^FZ?`t!bOjxm;QdP;=x{9qH>uLqqX;1s?;Ccx1qHdH$<5EMqC8sK3Jv->&` zd$qUIbe3FT*OkCf3!eWDajjsl?Uh_+Dz=46mRC@1PjmDq^D1UcPE>CQMCmppL-!si zXo3r}ywZIY3xDxh#lL>RGw3&9Fzlzuo^#PAsxeLOqpXy3#$?N(w7Y~i)*gz@#LjE2 zdOI<>U3|*~ca8_!a(E$lhAM;u0*NWBrp)dWp@o4>ftTDEq50VDj~L#gc{!NtSS9&( zisomRgUytw8_Ks^=mXSz=2LBq+YA1#S~1-h*FbU*q>PD$b=}o78jrH$k>eeIT ztCk5k?;U2e#JU{aX&F1;WpCV%ZB=nnkIVNlc(${rhkKiw~4IEE?|Q zwc}B<)uu+tsNlo}{^Yv_27{AYR=;t;GqL>uXNi7}W<)gj_0gHYU7#6lkgA)nZlFgX zU}~s=<4qCh$|k0uWrgww3oZBAbJd5sqiW^ok{1|>` zutG~KX8v}hie673$C^3sC1*s?goI)qe}guOUt(e+uV2??OG~CTPD_TLa+EP5sJ3b| zE%2evq*BmnF1wUlwbQ@sytU;GtU`2$LlL)kdZIQyU1>#se};3f#f6?|LtT}L{V^fl)n-9%j+ z^)^$v8JP0}$bJH(2g4@}B>;v;t5Ox>uy29K16H!9bj-S40FfG5B`aAw@k@k_GF?W_ zcF4~!CfDV_y^7>8CUWi3mQg>$xgIQY;jNN_KCd6c@;?ctWJ2E1PbAhucJ2?(%0z8`rAd5asA zNlbznO^YXF4I!Z>mth)j-c)8~#k4$XycEAGvK8ElJi6fq)^z6b>MaoYoYRsXYPOx?Goc-WZ7CGfEKF4ftx`Ad?o^g>yM`&2{3;l8o3!QV->x=2p^G`&s^Qqp zth?g8cI_Gfd=jk2{6E0WUIy8cnbcYLA;MoJ_|98zHGwBj{Nn|FiCYW4dm7KB6ShbF zT|7RTT%4W`D?$45>C0zN@1=YR(fZ{tO5uS(;o-w?S}xX`TQt8%EmmWBWaN6^XliPr zhyL^q{)Qc}lz!)}WO<&MFe&*hE{r7118XA|eJZKhGWyzuL&>hgq^p7mC z|B6}MxJo@_#9yPlO5-!-K6Wr>15M+MH^NgP3Sqm(^}*nw)GOr1~yAwWJ?HC68^3N@Zh&aFwm!}5R{B;mW*Xe_aNShJ~094|HriLr*& zIm`*Wpvp74i>ip5C#(aaMUIm|14>S$VXMz?mvUKDgg6`-V^baO^s%N&u66NX%Nq|E zW-aRfg8jQKvhNsY7Fl8N=Y9{OT22n3fX84VxGXp|jr?dGuk zM2*exUfd1*d}q$7F5_Z%Tu1YyiFgPpaV|0p@j2jeQERMq5<30$q!OsI85lIF{oV*sZ+9@)F4&+czJ`GA4kHL&D{Q(=j&52Q@kLHn3^kq=sFh0g5_FwGf zC}GUJ+lUMxI|L6-sdroU#0HE!U=6>;O2!K6dUndFyrZz)5vRnNoIjYl9_V+`n5F$XtmKI0)lLE-z+z0`15=9 zTwz1PanXl8Os7d2tJKwOaGgv;f6tKlVo*AA)qD)NhiJ83Xfm~Fny=X{_9eE6V}q*1 z%=YUUCZLz9SLQy1yljnN<=~``nsk`wu{Z+@28YFa&Wpm?cPdeG92X-_@U*XVRvJ-S>dW=WboI#}&uS zxa?z;*PO@({u1GQQVv~2eNaiF~ zrEc%EDz#ZC~-eeks-Z#Heoq!BG1m9Y9{oD{GY_?4XIGe`BN7V zJCytt!C$c=mZEK^VcftHV?p3rZ#*G~8(Bf1M)4g{?yB#8fv`kDV&N0JC@6sUBjDUc z^p|a$bDRv!k5}IxJl@98u#1mxyWR0WoHpP5!w)51EoTv9o;{} z@6dn7x18sOKSoK+0y6}6$Vpn7Dp|AUsmkLQGSQqLgWgen%jxHRQPy-*K=j`vsk1r*C|qeG0(%qVG0d z%M94Njh<$vGl(#|VL~z->a*l{wRb#T{*2?CVzj4w+vrmtH(XJ!l~%C439P7_GcL+f zF6kL%>#5JKW9yqprupKL#tZt^GpZlQigA1@G+ZPF*T;X^S6E)Vm14^jY%4}O>?3xM zibQAGQo1QwV>nc_kV+|($;-mxIa7l-)s^A&Z~)|_!vGv$zsKyj?T})7gIWw$Y1_Od zQ}YS#TU-Cea5xh52{$7h%B4i^B^{ytS_#{sqxbfP(=Y7uakLBD7AP}D9{mxetKCg3 zG>U_-MyXiY(TxZ7Q}nhtALLw=fVKt4=^#mD?Pu8Uf^?7XN&60cWl4}ruwlRxyyeyM z34mSG%DKi?gEDKTrTeR-$XQ{!|H6?Fm)#?G)nVh;dj`L zM?m|;h9U4REYm&*bPu6iE1`Zp=y2h}$RzcT_zDdTAn^G4E1GCLOa4u%;CocBrSK?= z5bEZkei7vFE!5~J+>O<#{+kd*kaHNvGN1YtlC)3JVVFAK!#i1)g9WnVJMxi6T|^=i z>+_NzvgFVedz_zck@NxANh1(+41Eh-R|xomioP$sDDs}1i+z^w)Buoyy)8PMG6O;J z6EbCo!F(=wtOzC6z1>rW9;YhzDf5V()w={)C2-CO5SQZRWHHa$=qtSRLF-dYI0_^V z0g(9p9^1gnH3U+;%`W;UuEOP|vP6i@v*8G#>KZinJ)Bt->Mw-JZ_8>F+7~6MLZjG) zGx-+<^F~>ReNa=qcNtfL7&K9Rxkn??;M4M(=_Awb*(9aMJ>VImK~JmD6iWA~U<-N% zL!7xWHEXfh;|?26I9x=;16MHKP3!_d(Y`l{t*48$qeS>W3hfx8m+w z(QKJDGJCT(7+@_*%+gHEm!Yd#Of~b*a@Q=n5vBZLTZ`8i81>A{iAE{$>IC4_ zu@_?wj%LsPIIjzD@PvQB&DGI_6^v;rE%>Yq3h}a8#emmq6;qxR&sf0k>M7)FKT0RFz2Z3Q$LJl&p6sE!%_m7D!YcACFa4np} z2Hn{OKh}jy0kNQ2+Q44AohE(~e1T@l4^CHN>JSo=uwc!oGtYMd4)EG3D%cz=80dq^ z$v0KpK+O|`Rwew6tkhN|Hu`CTECOs+x#mOLz)f?-tr$ES1khV7*)F?HD{`_!3SE6| zURj*W9d-M=Dpz~t*n|v*t37A$U&fGK3Nr(!_u?61bC;BJObaY01#rJfxPq6d0Nhzb zF0`_^l!%=a>7s?;R+0p9=;bI}4|mJHbrHgcIlQvE@*^s%c{9W7`*CD%-fGO9rXAe< z_0dF=(7+z7mhh901O+4$p=~6t2h=ONX4^pMeYb*pf8|yN{fd(`*Pb!PR?&uW>=GX? zI(u=mn@2xvBjxWC{4vX*OWf+qJOH;l@p?>Fb4jC5Q%Zic3#oYdqQxjc?pt7AJdKUd zpS)INQx7t487dMt0t%eOB<_N(iG_u6vt-caxI23TDhIT&+}+@FtM$W!*CBF%;BGLc zBp#H9GrErtAI|y!R4VquyZ*@e*DPCWbN!S$pu&LuP|SGe($zyrr6q&4ma$UnlDw%t;D-IG`>{I!|%zX6hvbb z!`N3u_3WQL%CK!Jg%Kgrf?z-UqCKZ!Q7`zGztObF<#mQ~=ginQ+{naEGUCn69ByRm zo5c2ciiAU^2-NmD&x=Oxkq)Sh66|vp3Vh$}I z_b+ew-I|p>%K_TLbQ>6e7w`dIsj83}OfnfJT>(jD7q2-UXrpzSI-w1_TpW zN_lwwGoAwo?*%;Vn>2+E&|7QS4?}M+&{;HPWT2TZYYCL}5WDLW-8Dl%Ph6#e^Df2+ z$1vdkcRlg^=jB~jAdagW>)o2uxXne+L_`(}ml;#+f(!L2cI~>BGZ=A1Jzy(VfOzGy zUDiI84{Q?4rHRi~6yLdTSe&6L@0@3lHyoCa!pxm=p5C{~-skObS%n$V1223X7Gi(^ z#dGxgWhc=a5eZB}i92S*9rU-I$7I;K)(?E|oH;zFR$u4gXEynbPE0#2>EU-DAt@;d zmC}f{?CrH2C|Zs9tk-|^K?m*!4Watx#n;5Tb+lZLHi8MUCaeKA02GZugP!gX@q%t> zEv#AibONi2v|y{w2xFvivN3TIp;h=I z@YsUpdSFG^H=Qr&Dbi$*c|8v#41mRUfh@<|)oS(k2%QdSAy5Pj(}1=oy-Y)=V1-Ug zX)|4N`~i($uvK?3&}H$wdKU`gNnp1e>1ulaHJX6)of3;*DW)6Q>c)3Qavx?~F;j}P zlaKub!)UF7j8Z<1gq*VtK}ud=`#OqPQcU~6S_JJGP0Jnqj!8pqg-+iE{ltK9!q-nM zhT`T(4J}C^pO+>ybm)m@$aT3U!htq&gR4IZU-Hd|YHu9-{yR$UFv;#73+2~f^H?Bs7nN{%Ix8)<(ckD1|gwO{?rLP9X<~)gY8v znD=-!?)udg$EBiA?BfhrojW4A3&Mb_dXfoc|EeL6Y47 zz004e*lnx&ZVR38t&N|Vg-+6FlCK7jPB_s}rMbnvW0%t`{q@|ff-!@lG~|Y8-qHQU zs@H9ZK*DTv=%?zcp5PpP zzuJ`iZ*DXQY1{l9lH=C45zAtaD{K?e3|>J|u#8;}xVu!Iu>Jgl3d2hR(28%N;$i!( zC#u6tKbzi-`HycRUfr!0k4{B8|S&Uq>sMV1t01YRgja~X~tNLYJ-PAZN9+D>H zN&Kk$&l%tVX|&{pq*Cb(YuJHG1_R`4_g4Lu%du!{hmo!3HsQq2GDp5LM#}Myx%Ll` z^B0WqL{n$tFKdRLYlZ`VaOb$H*-3PHZ0*wx4q9?i!TLJrR5zlu9=N81V*hyW5C#$t z`XbyKOgD7)@G_ChIh-56(q=GK=@$-xq60g}%H=z4Vap`wNH4H-4uFIms>dz!{|q9k z7WB02%{ffnreTLIi4pV>RD$`wOgO+Z1+9z;X4Xu8`4cp(Fpj2q z;uZcgO1SHm+uNZ=zl!nRQ7E67-&{w44BsHSn^gCC!$c7f0tV47wv`CB)!SIuo6FgE z>o`Be3HwE(vOK8a9b78h8o+)V-N(!ubd}F43cX!Z`y})%;E-v%xjX0nXE(7Wh>%Hn z2HdjJ4o&vcmLgOo;!{1&c0GRnlLOMK(A+LUGOv)D1{%b-)V?AqI_k4uz53p6JtYAV zrwqdGn1hN=z+R=}mG1+Xr(brw7eDmvO*w_slZ-rsi3Dpz$LIvI@-}+_zc-r}?tzO2 zD+I5+BL1a-{zPkc=k;Th51V3P6a0~n@n9$}*>4Vo{5RJrIWE74(qG-BY#Tde4w$|D zvvskyMq!FqZjER@2mbMAktkv*@lO zIeN+&V=_W&4;#X}Z4P(IEnf%B+kP2DxCROXx<~m^|IH&g$Cn5ChST@h)WIrwFpAhrsj zBUdU82esD_Y*BKpeVctQ6c_#163Xx_s2zMgvx!oh=Av#+ED-_}IX0x+TDJzAHlELK z5$uQ;W)YRYN7QWnLe&dU1{TFL2Z(_dVy6LVv|xKBikYLH^Yk6>?|S98hC}y#TJj>Z zE$EWocMqr>0k;WN?Q*<8BpD$=szUoprqE$8vYS<;`~zep5wU_G&DgCN)7xOn{5{ZZ z$_qPM=0WNI8ekh5-I-aQ#tXW(0Gdl90{aAQ$b;>M_TndF07G*kVq#FO zgrKTOtWb!{(#J|cL3JjvQ+wseN5hfvefqkkuDB>)iQ|TUc z<-_(v4%C~M3JS>l#j&o1P)MLDO)Og~nG5DS!k-3hC+cv*YYrA29c`#a!&BK)B%ag3{4&R8s+^(F!e{?>6Z zZblgA@g}l4F!&#ypQelzpcNN|_a5d6_dM=B6#P68%cTR8T#?Q@jzm}8I$J7f7szl- z&R<+1sTZYU^?x)l=)m$eYP_uN@oNI2f*k0Q<)Aphq65=`mxyMW&l6K_>4LweN3X}M z(s#Mm9r|-dbSxn%i|-zY#^jzyD`y8U=EFg_9Ogsn2^x(D!@-6V#I~4a1LYNGja|gd zHP6XoVDS&sKD4%c{-Ta?3EQ^54Ldm*BKf@!8Wn+&`4sybx{Y~QFt_1BvBn`|Zy;s` z%ValHV64VYz6n75a@9S^Vw-^B1sjvx1n=9ae)kf6@Z>i@)7E+pbBHLRhkg*GNL8*p z!Fc!@vFGU`;z79^3afT6xLHfd-|AH#UFcAfL1U1TiIbuwg2R4 zjE5zQ>soNAWM!}Y5Ncz6ClFg*`H%u>5i)wDfHd5hziMf$v4<9`scC4j)eQa*`=YgS zavSjVBVQt`0m!gXvC2tIj?We#VA4K+1R70lj?}(;D8-WZt)F;EaWf*k1jTZotDL~5 zP}eok40jkd91_GwH=eCc(04D`s(o^#7a z1t@7W%^%m2A~uDM&M5p@WTUZY;drqJFogK_moa+&HOhlVx8FTF9lDmBeh8@~^2U0; zUk{nq!o^LA_E6VyvI^on@6r&f>kX=5mCbCv)1}Y`_j0wA%n3;4WD=sSsZ*{u%g_|l?=oDGh?S*Wz)QN zojyuFr0N79oYUShj=Z47+i};@N>yfI6O|YN&ASK2p-=IsFIwXNo4N-J1Z8zx?*b>F zH>+7_r$2XxkIwbYAZW>DVa2sS;-G;UP=4SSaL+M~v`*ok0WMb!2@E4{{#(0(PwyQM z&?HF_Khf%u4^F(OlBB9!Xb)NVtpSy4Ckb`gFd0CX*h2Z;^@kpAGzI7E+qY!~Ub?@b#L?_USQ#&}r)LOQY)m@fIvTq~ zSP8iCv7#>VluR02iF8k4aYTC)cr0op5quW)mn-0NZ%Vk^S@eQNJyT3~L__{Y%y4I+ zkT{1GqsS!{OyqyYi-qtJ#Y?=aKaw0n#-UE>Y7eb8xKfx(lg;$cmwQRp+>jszj8DCe zA5??~JPBdv3M^I(h`w`N9QA~M=r}*`^wt8@1>5+%?3zW8n{FlZ{_JQWj_tGWW z-YX@zPP)M02cKD=JSm?s>dqA&oNwTID&iQmVJ<@Y_WK=uqqyd0!?(H^BFY=oE*Ep1 zDJJxIaR%Y|8>Q8y54w)ni)s;1Vm+Hq`V2 z=Aw&4MD^6YMKN;7yj)}$k_iQiThUZGlz>&|r)@BaKUJ z=^J~YzY_-$(!9LRNMnYc#Elxw(>rfX@=Uqjh8j$`;=K0pvCz}6V#%pe&V@3pN76hAS%UN3vgwYFJfy+Lm7=iq-KRj6; z{F(|P6@y!BYTZoNe~0Fxj8vApTj&&2xVghK>-#`cGdo}0nEwL;bg(k%Z0zw&=Y1f@ zosxx}KilP@4d86#jS~LmjQHZb6Z%P7<0bX(@cq`)MM}BdzdLs1Y^)9hlI9S76X%a?=yfwWKEBb;Q6mEWD*Z?-(SJK73yf zxJqfh`XZr=3$cZicmzV<>C*IhMT;xP6lx^8_Gtz0gDa%^8e30h#Ve(*(Rcu7n;)xy zK;awp-0tsvOqG)^!U*&lkvdF@&E41dp2y4JRBHF{-R{#<<3BL9J0S)MQnN3KR`{a39KsOkChyag<>@v^$lvZNExm z>=$O!oHSJ+yr=>>1A;RZf$q0T*~}+exe$Y95u6A{E&6?H_mA0~uBIgSN$?<0CP4WQ zfZjRCRFK%TJD^Wgl{g}E%f+GpRdwcm)Ua-wwi|o(`oKvu!Q?OxWW8Pc>rf3gHC)eJ_(!+mt>IDrrY&PyXfn3?6}@HPql~o5;_{YH#}~Z z4W#B@{Tu?%7`eanII1y#DOHK-If`F{DLZ04>oP~~xWkeNot(g;_o;wcFU|A{1BWeA zh(3Ik6575+Z;g4gsvAgcYp31Sc1fI-?)2u9*N^E-?_b3}ise{otdJPr^c0m6_u|DD zGj3(h(a)b{tts~x)>u1mo_n)sLoWAvk?IL876KiYzNXoHf)g%5H1GNuh#H$W#0XbO z47w=uEf4SDiu}f-{aa-RLUD^+z;f1X&W5lN+(eo`NL^gI@frp0zMG0k+n!G6e$~|p zrhHvl3GXdZ;^gW#F&T8iC4d-eIA(wB?IWz>{1PyBP zaC_qLG3Skg+Rrz>mZvDS!(0~Od)7;#2Y5u&_}V@+Sge*I$f7y83pBWRe`i6pcC*>F zDpCG3B=B0yI)y5?6;G(r$mu+RpSJ#_zv;~_AQB1vl^kU#0h%Rfq1h~-QsRVyzF^ff z;Cr`mJz8ERsrav<(l+Q@7pPD)GJ8KLJdH#3Ff`)DgN`XTF(l@3;uAm|aab_ZON=hB z=}RPV*~nC^f{uWH{);CZHOkI&-A1saVY%iT)*rmSh7vV;5RFtGpd5YiWZ}?taU^YL zUbOfE^a*e+X?+98fBM=eczd}jq^Q)qL$UKp=YQMKgnX^(5hz5;$9f2Fd}MH90puBZPY>Syxh z$0(NwPR|u@JINC!i=Z*cWL1bIeGUEKMSnRCEuly_)74*8cHB*)N3agV5k-7K<1}>O zy5#m!D`XZ6`w;o0IAMeBYcd z=|v)R*EKjWr_FyP&@@zLOJeTJy8q&p$~ddw-8!l2X?;8zO(WNyA^vxTl1fVuOQ$xmtArNiG z&OZt}r>d|N38vcd(ky9JaiH|7Ap}YdF#KKKuF|^jDmW*qE%4chG9!H`?|*=OqvF%| ztaM$WKvk`GDLD$hDgUG|hgE5uCfRH^^AgK(7SJ*{ zsPw>?l6jobNHpH$hmN5qcob;#qv1}OV)PWHwB;(aABth@`~;i>r60;wiuSFW(6|r? zml=?qqbnU#X6z|gKJ?RsHi8hhpiP4+{cBri+SbNY?KeKk@@o<Z&cEM#vD#y zLjU|A^d=SGjc*+?Fi&Z-ru!XZHa`dv_V4UG;z1R#`5Z+D_?!f69?`4ydgh2Q6%-i# zm!+Dg?_D_cOmO7;i^U94=KRO3@2@;@b@2=w|G(x zUaFw<1nz@zj+^8wNh>|L8Ld4oBKy#wl_^pQ!xqc*C<>_|S7(Ed1Z2(_jwRY#1Xn8q$y=4;O%}!mX%k>_jQJqu6C(4Le(%H4U&zX7} z*)*R@i2YSt%Xsm##&nWRS#>j6Gal5eYoaE0s$`hhFHMbD|>rM3g&(W&oV~0EaQJSdJ5#Prd`}5K4JsIZKtARP< z3A}YN&8724>QZyeSq1-ej)!9gIMRuq4cV!ZR*C3s12W*MNVuOfISO8S>Lfx=W47hX z-TQN*%qTMneBfN{heEJ8e}OnIAZF}Y=TuO0P|BTl+`=D!$i6^qdM!IDTYH?;!**}K zjT*M&zwx_r|7Jd?rX=uOf8Ep!|EqzrGaU&KbSROmvID2bn>oT>I1y8#$wKgc9V`RV zSEUps-#UFjoI>sOWyChknRhY;d7MiXU#5VHh!oKT$SF-v3$@ zM*K#QL(20($3Q*i%I>=_$dNd(xeS#j8e!n5{`{3&D84B(gktK?Ul<>|NY^FSx(cAP zIRMpnuf(7^KN~J6J;n__3LYG82!IP*cq1%ZEp?9XBx<*4$r;F3{Ez);S>d3>jn6(- zYs1)9WsI{o09C4e^P`S$@p+9+4VVA$6x+hv$^o@>6Ow zl7}V4Xp)f6!;<<_eU|n7Cb6Nxx1-9vC`{@Q>H0zYE~aIQ3zt6iL1;|aGJN|xF&Qpz zHifM^;(2)l$Z73y#CcW~Advs6CX#7pDj;laK0MXP0)K@aqTFKRvwg>OG>eiv_N?L$pwmjg*5`Tn|2A!{d38j)uuZhBFtHc*o5z4V z!j9^%ae?ZJH`A0W1nLM?%D_c_Sur4k$QdTRX*V=xNwb@zaS(lI85H5;`Bh2-$&{|y zuLNN@`>|fM|AH@}mAhNR@g~hcjBUkk35As2ZzsSxuX9ORPKQIy$!Bci8*^_evAw%! zP_H!EJtts)lFiplePcPQhFVCV52*?w;9x^tPEdiXR2O4!{EF98L*3Lsv9Xb&)2HrVIVaA*ffTa9^SGr=Pi z1Q}pr6VDQ>cv=O5i1iOdZtOBAvi3Lj>&AZ*sK0oPL!YO-OrYo)8ToMElIm{qPQuf(EsG zE3XGM>|QgSA*1Nulvs`-0W2vlHAY`4bY80^=^*Bg#O64q=G_^r=;jK(#;WqCXufC% zZ_M#O2(-LG1ma+Bf{!3R3GPHbC(Z_xL!7CFAde?AAK(!T%(EF!ybrScF1mipyPkbF z)K9Am-qag1U8`Eq_Lf4j4Ii$|^(3MOfuoQus>eZXNEf>@fj-q@SuW6|2Lwxny*W1* zGPQ_2KD}%nW^fb2OWNR6gJGGZuC*F%LSZ6%ZF=e}UCmiu0vIYY>Y!3Wih2i3ajVC>RU(VPdEe~j56cVMzR2=wpY#(sEL>&wg|U~Yg3|}W z_o58cgINVA5=Wh1m?^n)qJpTp;M}Aa0K8sd!e8(B&TNrSOq}q$?S#SKG%?gm^Bv~M z<9o#e^hOPZl}=jf+%yi|Y!scJf=rL%G+SbG)84dWrl3n(%go<8VTnk) z$xUD8Hk{f{)@bM*TE0GILMs>E@XMDC-ZZ(ELIzzS{Tj~9?fn96sZKqH=JGuW{rL;O z7}}tDa8mfuX>F*<&*42$h*bk2ARhGT2*#<2QS{i%k;)w%C7K%%{+e2|7SOk8?7*P4 z=UsG|d=l_7hoiR3*hoOjgN1{5q&;lzx7hT^_>dbJWzg0?-^_mrp5bt7$=OP` z(>F98v=4pMn^ZCe@TfUEdHooNlQ!vf)V$$2w;V}do$n-}K%*_(v(*t!N!7wb+Yk9Xh#(>R{GDZS)^Car&%pj4SM*!-~S-l(4uiq|2c)lu|>~fOl9g+}>7J030A^O^kO`|#P z@;mM*&SOP%FJ0429adB@`(JAwvBsR$+peQ>D@bf+ZY|3xCmT(_GbZ*Z)4rbQ_HjE( z5(2n~OwFxrto^(717>)uV?$3w7S>Zt(#z*5KM#v5J?)?M#WY}N>>#0FFXjHYzjwKG z;wti#@7gETb?ui!hr?c7YZRqDha}4^a zT)qR!xTxv;E~3Q0YtxSbQff=sP{Z5n^}js-YVa|u*AT`NGlWU}u>Z+wo`bL{&(HN- z9?(NxrSyD&zhygFz?SO@s2aBaD7_@8wqi5H+p8SxwJh8R4j!Cvlmj#W~SAF7SoZRJgud5B}Q&^#wD80md zm!rriT7$gK;@1aJRP27|{B-&}piok=#c8BvjWUf4ko1?BD4<@{%fEJTZTRoj33A5G zm=Qs?nujj4k|K@CEnleUVJ(Wr`@iqpU$ytO`@e7!KMVs0i{>e5ku?U>Gq(gZ4#m|q zOPZ3O2O8vTr!SL52Oz)3#QOU`U8L%_-mMH;n6W?^6%cMCJxAL+GCYmf(C~LjEJ_@| zTn~pC@_p|Ky{s$G)4r37vzXJv6hLz+{zUw=DEj*D zQQhbVA*94IBFCptoIl8fH2CArSWJyRlQvJKa8a@VL}>`wddD^!+R`E26V{s|wH5*} zljCZo?FQMT!vsY`G=x!q*CyV!>pibwgn#y%b8-7)390UvG*aiLTpb*#$L~y)H#BT= zAOLT}wmF`zVgMS{O`aJ@`V$)!xJT{UD5bfzJnop`PpqyyPpVsN79d_Q+5q`%s39R0 zQtWM&UmICN%a=}kW43?1r!fZB`_^e3`mU}PQkT*Te;sd$B=57&FzS}rnP!ZRS3UBI zacP%h)Sy)1PZ|z>?wg9sBpv62a~N%>Dn155ZFvh#(bf|0jfwWj0nTaNphNJ8)! z^IRPS-H}{axEnvCr`gj4@JgxR>uO?H#owWKf{yU8J`OXhU7ce^nk=wl9Y` zP(W3bDuwcI7PHVX9q-!fz*|}Qs+BB*1fD~g$A=+!uqu#iRzi_H1~F=u1w5jB!sU)t zd`UE|zEG7xG4}^GYU}~5S+&;(g)5_LTPHmZd4r}u2<0g?JNZoV`m>b$5qp>~1G5zf zRc?0oS={Ij>!oieT1MwQcr}xpPn)jjt~CZp<${ihEF zlV5aAirm%MJumO9g}Qm!lO?k={*h$F518XCU5by#+mH53kHl{!cf3ix`!}JBrMQDl zo?XQG4ct4I#%4M8mz^H zg#>rU$WuReO8I5eQ@j0SlXOEw?Kw|Xs35!eCv|E>{n@)uByJL)J4QJYcTQ!#omp^> z%cJJ-X2d8<4_W&&T9emWx?cW^R{rPlyCE>sh9JXeRs0jMF|3*I-hylSn$>)nIR0btZWqvaTS+7Q_vbBZzWvLL1k51B@DS8 za~De4UnQ3#It$hZv@H#xlHSCR9_UcSk)P9oi_Y>)e{?O7)FpK9QcKBGRb;;B-`Bl@ zR8hhau1KPdh%q?aqwRk4pmGi1=b^riVT&i7IRG;~*_0hHtSkSg!WU~Y_3#VcU?PN0 zK|9%hy78oL9Uj;b__H3!&0TU^@4T!X2xi+s?9X_UpGmjHU=)%Nr2@$*s^q_sdUA-j z5TzL$0w=>xHRZOp{@2^PHK7nroBw;wx=OFe@dwoKt38>)iPBySf^ta)?9g^jm`d%T^50rXkyz4|2vIhtS6FmRKdN3%D$A9bFW@rn$KVto(1cWM75P^IWehbN} zs-JWDSa}vx^atb?Ko?xD z&=tJqem}FJNmr1nc(j$D7pJwA`)l)C7Wp_ttupGdRNMTu3G?MYp4lL7rnbr?V4icg z*fIL2Ake$x^A#4XF{VfD0~0lqg6{&1S}eQI^Mv$hqM#C}8{mpBhp-kxFCr>dVRLJ4 zFWZTL9L`&J^DJ|>@6ZNHZRMb+Qfi@nS`pbjQ}d8E_HH9=ECzHDO-sO{TZ8>UVj!23a1%}IxoL-Lw8TNE@!x*1(}$Xz%!r5L9BCwf z+KHTeBa?D%VlQJb{f`*x>L0JB`6y%MOZyxiuK9d<A~C9Hr`XOnC_wcm)0&g4F z^=Ut2ro8tT{f^x7NWJ|4TyxjqN(PJ=c!d@FUWN(|ENuBd>#yXt&m&}hkgmY;sP_ki zB~4{F*>>=d45qI3YEXwh}a(u8+hTo_e zb3HK*fh5wsBb>$@_xt`v!RgkKB=sXUOG^_?Z1?^cn}>MIQ)ZOPJb$oY0%s&^sl0|v zkKJwHdy1OVqoP1ev{D#6@NTLShS;<=rJ51((c^NWm-C-Kux7Cohsu;r+t$q&ngcvx z@EAL{5^0qHF}ouc9#rwRh1*$BfJd3m?yKq!op`X|WRX{=aW?sTqsNs`;*?3_>&%Bo zH8C5Rv|EpaUI>VcXoCmHRTYK)pEX{05_i(ucH;j(3xG~j{PJ_bbM^gC5uIPtKP^jU z3wq7`#)}_YH0%xikyaFa@(%r`Ppnm4GDqpP$#eq*U12DYqnsE4olDxBrCZ`Z-*sJ7 z+Mf7hH{I-8K9tT;&}yb^8c$p*E1TfN2)lyao9}?P0?jpj6>x`Ain^)uAG#erKq*B0 zER=RA4Dkb|%uzdW&10H`Dj{m-U0Nh>(jS$pn8_r7z&G)0#!mR-?1j7v4(tqnQ-c#3 z0nkn@qy&DO$ylmVVJaBhPOL!Hppp7f(okjaZRFVe6+9|eRWW$`XTzO8nOd$BBP-w8 zJ=~#Q0&Gsdy8tZ#W%u{*AV1$lG5^e%ef&9Q9BP4a{QfWWA`#u2hkQso#YJ)a zRK-PE)kV`jaZ?70=KYQ`G~i3KjlRJ)%tF0PLoN* z+wqg3DyvcNhrW1PoF2O={wb6n9VDBH!q?KE-fKhswo$S&mhUu!j)p9=uiKhX6u+VR z_yyJ-ep=S`4}HIbrp!BM=KYEjBHQ@=FB!e}y7&9Bdmk5dbSw>^kdXIDuv4P^o}c#Q z_IGhW%rN_l@AlZ#B%D1fv~Phtbu))}JYQe=v~Optr^3)mptmsUF{=yie~-y6`lpm( zjzegWDC#{>f0=Y*kpoTogJKr&SAU*0+mOcn1Uig}^wX;fA^>z4>Tf-$3TkyQ2QnM7 z`?1dL-}EL2`rcadJy_B#_YElDpO2#Y%}*_T?*^ZU&n~4C?CMXe($S#uL+EGxpc6K8 zx<1x7%8pxy*7Vl;3=p{Jr3Ikj1i$0XMARwGdnr7k-dM-@Rk0276nIm?`x`Yz#&$me zUIN_pGW#S=FxC41(C`UQ)yt1O_lL@?38|hN`oNHQ@dLJO@Qu2&E2g%Jhq@;y|Ox1AhTNxW^x-KO!Af4 z*qn;|P+|x3tY8B=YxbJ5umB*_PXw^D(6>1d1?e1Rh^^l?3i@%@Kkni&$5FJty)a}S zg9AP-ov2<>kS!;fW0WIrIt`HQh7d3VnyqJ#!)%4>@84Z*z5(xMSk#6=vb3C+E%z_8 zY06|PSN)-dSQ9O(21u|QY_6*3Y8J_M)<}{ksJ#wiRusO8y)NBB4LZel!%E=AggG|xac%s87C6t_FOACnXPxE8Ff#`n6urq^Qz~K=P@mzJ@ch)3Y;a^%g7wK z^m5;{MR@wpdP|-`*J@5p#htghgYwU`wTTLtDsbor^dtD~+n`Hiducuur=y)=W%Q7m z|5m!&pWV#gVboIxm=<|`2LcVflQZ*|UJCJIv-Z%So37KHf0bSf)iAXXo|7P+NZ_Ns zaQ}!3wsvRMF<+s1Wj1L0XTBzhi2k+qO@n5)1gLCq?0O_l09T>6(!tWB?=AWfpJ<04 zP8@DRU5yjG3Yjfunm^HmIjF9iEnkli#n8t<_U=DA;PyYj6#O+8YHHONsY1V6tr|;0 z%hqEDFN(!R>#;|q_uRS-1wxdl`jXHmB(P%Z0F}c_SNq$@`R8VmP%YtuhQP#Fs+%-g z9+X(143o7~d#{~aJGlA#RUcUO8z+)a``~Wt`L42WYVqZ^1CNA__~DMPz>Ne8`6ceK zfvek7{}eP)y1BXmDrR4`!R_AT}h6%0Mf$OT`1X}m*{QY=?jROqnk zbUFF)1*2T0ySB+@P8NFs->^5c)vAs^s6?wQkKahsvkv&4xNb=){^9=0v;DhfnGP|U z`DL9U?g;}=N=PpKWDjk>I`doGz$;)`L@*PxZqdjR(PO`{X^-9@^=L$K7ihc`|lWLtOeVL_IzOj-ofXmtxf8>!1KSlQIQyZ zM4IJ9!v~Z11rXNOp3;yp=v7*QYzzfrBAHRw`G| z^yV$z;g6DQSI4e8=X^W=h3k7dDB>O6JY-vsY@gcQD%TKD40`j@{O0EPQRxc8iz+n( zxTu2npzn>+4;rkY14qjLEYnXp*6F3&^!+jRSkd8=7r-}dasj2g2^yd}HUZKn`KvTV z8`ICFROJ?QZD3cJm>l{J=-=wQo-Yx2#&Nnf4U(Kzm|7CsI3BTVv6;?kk#VU4!+rFt z_=mK!%J^s|E68*Cc_1z|R=iSe(#!)pDYW&qV(Bq+tYb#aclGgzUSgCeXqOe$SlhDo z?0X2jqg?B|(DFJ-RP{Fbdy3vSb`jag=ZFLFn~$+z<|&a9d=fo?>h;5j%eVD~QZ%Oa zFW_M;Ot}Na(YFi(`ClZI?G9kGD1^yNfdQ(^#uHPvb0U<94X^ux6?2m2`9oQppJ3e`1AcbeP z471$?*&~zaVlcoNEx?;G%N+IlECbWazJ_rvLAnBd?uFu`w#=XJ#bI*?$(Ot_lb?WO zZoMQgnt6b>iD7}_(}OsI35~QIPp9sZN4V~M!uBe z4ODRfC$sENW1@7E6SH$IBPEhY79Nv-SzqV~`$E{cvq%zY_bTR@spYL^Q7j8zeky&= zLz)Cz$vL#k>0$Vo>AN3F5cgQdh@x*Q3>F{#meapTYLC!0`z4dFidA zbLCRAE`#T)4%!Ft$#5Z33&roWzW(f)H@cefo-QUq5AKfay=3|tt~+|OIR5%-hOkwI z{`gp6O$Wa5jNlFJkEMjGplcVf8iR*1NOsKAO<} z?@Q2m{q_tX!KV@Lxe|N+X%i66yGkosfX;fkaCXr$PdRcpp1{e+~eeqtvHO3NV1=$A?-4Z8uub)ev2qW2%9LIm4{aYG zfI6sgq35(*=Z31>1)OEFUEtHBZ-!k6i@%5GzjGVK3U!nOZVY(Vn7i+!h6xibvCJOh zIh;JUuRPPQX&G08%Ay=I%!SB)b45Ozdl}zCmNLXNTX1QY!nEHr5QKT*o|6&az`1y= z#Zh_7+yfzJjdG!khT;trM_yZ@C%|oL#SP`$Jf0W72Y1?%6|0chC4&yA- z@VL#e#{~-Pl;hpPJTyL`6TTqc9nKs-bmHIWB2}-RPB_V&+)6}cLRc?D#7r-~WP4w1 z_2UcYfkg$|=OCVywQ@u^y``YnB$|jk{X7}4!$y=H{rF!=YFL0q?{W!9`DLxr$`|M{ zt@{Tj`lQox3YE_+7S}+b+H46wp&I;vK5@`CY?(w%QQD-BUmuNL&71Ic`k!_k<60Dve{<*pew+#UbGH>sZI!t#6kOOn5Qv&xJ}=3Ovr~T&I7G zEETP(!Fl`V4Fp_S)U$vKQ?ObMd6hbIkM<=e&cL!9#|-gG$GVS>byh^v1_zluuxMtb zkA$wEQp%;1>r=&g%R|+xSqc}il$u^Iz~Sv{|DALHjWai= zpBjrNr1j9!Ppjzv>7>&t3e}26Q?_v0jvCZWOZ8f%{r=w@L3sfddx-z8Ovvw*WA|ZV z-wxfb8WCC?o{{x9kUZDh@0j3*_Ht{L9`?%Uq$J&otf@F>dsHk!n$#669=xJo!HOWz zftk%M1LrtsTxP!CucNxbh7CB*fh)}1;sH~Pwz*3k;sJ9qlt_curuqq>7zV!&dHl`Y zjA`eTvSYu4U7YwY<|>txumly=s9rcd-Y|LhSzuCwF+(e##KP5$ry|65T}K~X_z5K$WGj;RQ!NGKv8 zF_038(G62cC5D7ZPC-QJZW!G#x?yy~*hXxy?fPGSzW?6=ci`9!4zBGL&+|MV52=`d z{k)=2{B387RP#jSX9xd(w=Co`^x7>_ znC8I9+pyewMIR1NoYY<{iET27u~-pJ$V)`NmSRexl~Y-!d=Jnzco zc>nS|n1PmE%RbAXce=~6|6)9?b-exhdqJGquLqG&-shw;#uzS$N`U(ZAn8md%@wFWwS6#x%O)L5C-y9#|uA_P>#y!qh4Z zlbNs{gZ`~ohext#!rhgv6!r@2MaCeGG&*Q z7q@&=;&nMRRb7WeXpDwk7r=#O_`}VhjP7M)zo224Q7yKZ>WnefVZpqki?lBGrY<2X zq80kINwuGhVmtmyd8GN_JRa+CG7d1AhrCqq{BGwNtH%%hz|Ua1pywO9atWy(c_g4? zWTNAwefr3h!UOGKTg=hU)g;-^*wgCl^5~?yjb`EP**s%&D)qSJqaL(%J2(VYboi1$ zhi8XX^|u9!m@%r}Sxg&MI!s^X!MUGIW%U1z#N_bf_Bkx-uTu4{>20-L|I`um_*BB^ zo}Z`nmO zf=^@09egU6MJLUfOs+tUc64ii=MitueY*eu_6j#3eFtUcQfm<*xg=ExSaZIc&a{Nl zbtEHg&9!JWZXGNS$1}$L4!C=_){(m2rr(iFl^yxh@P}J)2s2UEcIr)Ejax^zj{J^}Yb~@LF7s7aczs zEXLq-)m#tNiDR@qyLz1>rB^B~`FLUG&Ax z?KhNj-K}GH#N^*B^|6+f+G?kQ-{FORUyU+O7aH!1J?LI|pNkkR8_jOg4gQ-ku=I?q z5d!WEboYQjHv)DVX&&F8MB+q_JhULjT7%>Ak1IhY;At@0;O+kQ%O0fedn(j@w?ZBG z*|)?;?%;FITOra*}M!TIWuw~V*P z3uycw%YHP~fvqRUc9pFFqk{USvIR5X-i6+|la{GG@IB6B@J0xv{0>lxi#0UL{s3n?^ZD&ClpsmEljq)bHSy(QokHN&;T zeu@F^@w2Syt0qUHnQJ?Oxf(dVdx9z^p+rug190w>msEMFelb9Gk7S64cEfc(p5KQG z0**R-sW&!CL?-?(l?FRcK7ub~znl5nBJw4bMKJTF&kKAK7Agyyw}uEy3@c+cKK_yf zO{E9`ew^w^5a3)Me)8~UnN#B^H0^T8oL zDsT6;{eq#Y=OAnLrt!~fuB6yF6v#-=_~jLpVS|qA^9_U@pQv9)1OT6~HgLa{uf-3o_-$_O zT!{asa1)Qom@u=O+lh-5tBCt%u~#`0^wkW$>^apWGu~HNbCQ!mU%ef|d8aoFTcs;& z*;2jJ=nqfze200ct|BL^P)9j}+Dw?kwZ}*IVowhnP!j46O4k&r8hL}6Kf$zim*&_m z$<*)jJw3(h3&A-4X?tcJ>gF-R$JgyTQ3-By>Ua{xT6p_cp#0gMcOzYiUbCK{Gwk$x z>8XpDE`UC5J}%Rw9%y1AiMXPd)0u1ICU${Yy*3%9Gw^*m`5Uc&GJhJa4h>(g93Oc$ zaP|ahcIoDlkY^Gxk5u#v9!NE@vH%?0!1|4n`mImeNci5p_?y9kue_;&uZb|vZ45ii z2zWnBhc*E&6s`Vk_lP3E$dj(dXw|v0`(}!ER-Mnu&kv9zTvB##`(WQ>U_-N*EuB?t z=?d_IS97Y?&GzUt9FEimQ$hR5EdS#jc3O__>0Vo`#=Wmax0hg!X{mw7^;la}13=wb zg`?6c>__<6D{;j;M6fj1SiYN-mc7-D8sgQowVUb=g^;O>j!QG~^!L$z2jT%xxqzJX zj0(po$r$HA(s3Ij!VUugPN(vXrAo0J-j6DK2kL77Flmj(zy;wTJ#s(HwL>!&4k6(T zrb;jhd^2D#S!vx~y?1gEunu(z@;Xwm^V1h=SSj84o`n!@bE}~yZ3CU)GSd2Hs)7yR zdFXn$DyGouMlm)eb03rQMD8F5sAAY<=n+a%3i6p`IE?y*x@*-9cf9vg!zS9=tgZbO zV)T>}O#S;BNKE)5qo<#}=LQ(=0pDIxWhIX6hwCk?C58nEQvF%3VJeq~jI)wnzd3R2 z&JcTji+=OhVuA)|ZDF)@>z0kE3(F&p&6VXpYQ%^MRhsy5-Nr3Gh8(wrockQ${WaEO z$&c?<;Ks@r-=nRTzs`>=4xSr>+0T7)ZjxO^q8oSjrA5uZAs2?O$)xD1Y8Qpl%0{3bhdkbWx zR=Ej@(o&yTKExKFs28RhyfI0h+vB1uGf>5PB&+paH37Jj_Ji{mv2690NwUPo&=Tnr zU693>>azMXD1UJ2s1t*&I|=?LGF$~Oavc5hVk)F0zSQ9L=BrH^fxhdGr>jn-n%tB! z2(ZOmWe259&(Aa8Xt5;pJpH|0h>}&p&uAK5eXr1)JyHUHbwL!=MJLJFXD)V?-c+pY z{XH{t5?eI>5uy#*`;N7SoD5~3r!Jmi)8~9UIn_%p2b>3PnK&j>NC<=<>;8nhd5p5b z0~YR|@Bok2ct~f+G?n>-xgyg!{)MkhJ%2BEA6NRGTZq-xTN3LknH>bWQL10H(-p_2 zKHxCksD?5I2wB`8jL3uguALQIRLvtFx5evPkL1JWAEt62U}?6I?0y%Lf96~T5S&V~ z+fHE_I_Y(`%N;SG#O;d?;|BoI7UWSdGqBc3X` zs+N@GG*fvfW6K5OF=_|VRe@f|W~j=f%hmyxzOVNs$8+vSQ_AZ0YFm3PSCUoJlfon+ z*F9zmP(5CAfecqPB>;1Om4#q_S0{Q*KC4t&M~AOD`e+6lJLmMwL+<`q7fR6U{YJTz zPJht*obd&ab8VBu6(djn^NBm8I02qbhK_Gz5JinbN(1yNb(R}7+ve*Sgdz|X8tB|q z<-R`9A7n2!RSr_GXKW_sN^Sd76qJ&-;R&ufxGhL;9MwR^q#Zm5MU3gv0fDoGA`T$r z>^&fffU*S=T{N$YuEI=H)2?aUYGD!CrfB}DIe~%aF)H`!F|-!QUlOs(cLNBU)4;1} z-2kIeGHgEcBcqB{A0e8H)lj_e#}oC(i`D|TtsU0Nrud?2b=_o-q9z2+m*jGraG2ohaY{tB)@t_%T&=Dzmd1!OO0Kl(GA4=y?&Cuf{Wrc-yYQ% z{u~@Hu3go6&;9V4sPUDL*F4Oxy!4fMzWH7{J>&_S$fMQlU7q{8tj#&Af7u`95J78k z?~M8r1q%b!zzYyxdC*#{923yYs5>J@w)frALk=r`;7R{KYq8dSm&+*7TKw@0giWfh z)@j~JyZ_zS%l7$4LXYpUxPAHt>Ak>UCgs1H2-yA`8uS9EBWz~^?du%JcZ{cK7?fkv zgE|DKK$l-x>yF>=yrPrOiS*Ig_nCfrf0x|*KtX-w^jT=m=;X$`{4la#O)PD8xO!Ao z`4oboS6QD-&GvBaiv2lNrVByJOeQJ|sns-6`Ua)^UdaaS%oykB2ngA5%9z|=B7VN zUI@!*c1Y%l?6%Sw`9hMjC0FNrWB2asc0_0BSqG)8V_9!q6vFS+2D{Do_OZMeFnBO_s zF6xbu-x9COEim@#MZ@}!z;4f}ZC-QqKt;Tw_gtXec&+xfDav4iBv;$p_zpkW5XF9N!?KFpT_r*wqgSQ9?D|oOO z;{;!-qSJe??26qd4ygzQ>0Bx5zgibJPThj(lzlz^i2EXazl71B`4j&NcE6Z@uQ|_& zojs*J(S-(`Q~g5JDwz@4tk&_igK3otGw#N?QJeLK?%{Kv2!ZEIist_J{{=C~ z3Q@i9DV{-Yn>Wry9rdcetf2XvYnfRw!r|L1 zyF;Azl08olMRt#R)bBZ*!CpUAGsd46Gg6^L_57<>;h)Awf6zPe@7d2+6n#^Ul(%th zK~T+$|LLa@%*Buea5??s1`csS*I;tTx}3M(&*{j?BGsgS_9@1>Dti$a;k9?T}1JfkYN%=YcO;#HZ*7b zdbm5n{Gr7x0LM_KuM4@iJ)P|!3nF6|N9jCMmLH>mdtb^P+oS5GSXXs+& zkKonpetTU5s;6l?J7oixj1&H-0Y-raK!Y3Q`iG254>^LL$x8GVTUZ`2*r=ViKm9D0 z4=f0q3hWsq64et|5!AfHjTG%Pc?tiaLRog@$wFt7=T!gWxnr`DsMGGRFru9+5!=v> zwQ=t!PX8qc{mx?OuuNo#?|WYo@`j33aj2Z*pHa4?G&PY8NPfgRPi%^I>2^mhy)nJF zz+N+p($I*OVO4ZxUiTd;=-HDq0Tl$sQjP9>cO$<8Fw|)bJF9&2OZi068@V{SH|dQ0 zI$hJrLs@1sN9U=NZG*4Ju7mq7CU7dlc4KOqUL|d#d2AbH_a`4RdDVKaey0jmC${a# z|6P{7(tfC7@M&KA!cV|aYRSX2Mord#U}vWY0ZDW!AL{sKnLJ+{wv%6m?z&&UPj;-D zJ1QPQcpEORGYv|iRpSG};qp=`9VMx^1LOlE;7nlIF(1lAVzO=4xXhNV@n-2%nVp@k zD(+RK1kq(ds@yK!Q^TuSeci4OTUobQm(z8!%nR?UoLSVm3Rbi}PF&&=#nk>dq(co&W`>L>b>2iiPkmGW8 z$h6MOX}2gl;5oUoSEfszzQzG*OoBi_+%}wrnPu#a^}}5(;_cTrA!OloxM{{^jVdsd(SIM}qX48| zT_x-0bONubE~FRnwn3S830E#mINfgCmp-S<(MqfMe${w%nV!>E-mC1>J+opq^MwTG z7h*Zep}+KXh9421YT@#@TwaR(9R6TnB2ZL2q9{6r`;VVx*d;-ileAzFtZRA*Hcc>H zM&R|0mVBB=!@eDMD=G3m8fMGDNy{EKEx3Zla@T!j#j<4*53*F+cL1=3_#wx4%Ot$hX$Q8W*bp>5A6s+ORP}@wX&q8tds0p z(%8^gStVhq7Ib91zUD4y=jm@8dO@?+g)!r}0jorCF6|a)s4Ey3MV>TAT~2F0-WeJp zbRg1SmD|jxX(04FV`i`$q^fy0lSWW9?n}<7+cOaXyPt^u;n=Y}Z%4zdq+R2(3s{Bip^6ett*EyvrsCSmAO(cqoIU%w#a za)E!1>Y(&QLKW7v`@T%*-;cZ)ws>sC#D2Zj`hcq3bDdQc|Dzr>1o#wil3+~N2JFpX z*Flb-&wPb&b-+-sp}BqbtSVmyIz^%?_R=Pq1|&@(`al)NPv0tox+%_tE55z23-E^% z7;&K2N|(vq^2IVHTdT=FOeD4HCMkXZ1(I+Ny*xK(Wss^)UO@*{h;CYXqq&j3>I7KH z)Gbn^SiR{&e)_+^D;;a)u{rzqQIh%KDlPNc$nU;N%~k0_$mvvpuWr0=gWq9~;TvBYv5~&%i84cUy`ip_T$+j~mLJks`SMm{ zggFK3J$Fdt++IbW&NC=;D~=B%UCZL*uF6@0^T8K_4S^!mo(6g*fY6_}g4GhE_KvV_ z%VAh#xT%Y+$L?fySpCzlnhjW;liQ%Z#JF0Cizh~R&6Kpo!T2GAQ3F8`Anr8RwV#PZIV*UN-qx|^!09K z%G|k`*cmN8(h2+b0N;bpJ*s!{p&c3f13;Z{Reb&VqN8n$80v_BVl@fsmrY0u%*t6% z@c9D=#t3Kf7`kA<7_e$q>vibnzt?D|YITwpfNTg~7d5GLBV&{oeq5ff2H0%CsuyxAG(Q@U?Y@vUz9A~9*jPftBC09fl zY`9U^GM(x`HGKCn8s!BDav;Y@a`vDQH=WCS>V&#tPm;Sz)R^!0xj+i5pAJN*;Q!Ib z&lkem6~~)4*K6W*Q0{Fic@d2&{aP0V3EF3{zM3Zv!y!z#eYZi8;8h-?;g%>(0Pu_!9 zd^yGkJe`0{cXDMi1~_q%C(PZ`hxRM}hgS`(fJSo#9nWG7Hr_k^;M7tC9xtPXfW&QG z7VqxVRc&g*GBgI|gDhSF-UkUBV~|*ip&*b;3N-GAAH`ONgGC9;wIP+P;Et>$4XAcR z23vZC$0UttjB_3QV59Cdg@1>Y0+e}keek-e&W%apy3O;GpC>wHux*erg~pnHkbZ(Dt;zXQ*Y_HH#V%cXGNXOulsY$+ zE~QlGy|$Ave{1RKv4D!7`{qbemAs$Vqk0g1)*P>)t2@vV zpd8Qjv<5xkGWR+cny^^%v}^4FYbCAY%`f^oY%I#IzWUj(Tq9o}F-$3R(R`D>>f?)t zxaFL=wlpf3eTgSx;W7Qfxvb`|v?7}cK6m~^%uSFyIH-^h%D!tlwv_js-@5cb z3iXX7(_i$pP2%WXoRcH2A(y-N1gHHjQu&cCWcXsYn!=QC_dQDZ&|en59nF&+d}ngd z%C*v```q|31W}>zopeCEAd6q01rO185wa{zucFZ1*YF4qfUoMQbdS^*Ko;&4N zee>#Ik8wMDIkeE;4?L6MRcp@B`}z9Pvu}#csy4cj>7K!d>aGLz8%SK|x+oQW02QZt zQ$vz)U1yiadamJrvHGn^07w#+&>oi^WpC9Z%A_Ow-SXVjN6nHL4!mp}>3F~-{)?(C z=A34|R?>X~zri2cR#3Jza4n~gzQ8qIr7+_Z>a6b2s-@(WZR5IlKI!rDBgx~`RJefh zUn_pUltlQTe(Q9v4B4sV`DU1@cvs~rH9P4|ZPWgc09@kzlcUT76W{E_ zwBM^XMmkAbXz zxQiE27?1Lv4N5|J=vD02zh)ZA>A(MPBH}V2X`BBgfMr#v-U<^(kOlKX{ADB|?-16> z$=jIqEFc9CYal+ujmD!#3m{64RasT>YdJUg%CdeOa)0bBiV3Sl!n)s`q zb2hjnFt2!HutcpL_@~WkHFWFPQgy)~If{rdVf}!j(jK99A>02tI+^_*;dZ3NDg}Tr z2KH4Kmhhu_2ky?HY^{k*nhP}XHbk3m#vLnDO78s-6^2DL8Op?~8Rg2>!aU>HPyhki zlQv#?ya~93UQf1a@?Tw@h|X{Y^8RhsEJ)8P=9}~vF#SG-6}$eQXKuz<#+aEdmswLl z17m#w1I|WpJp5s!YX06~>?tj$$Gb8#{GhAk2(K;%r#k($Q?5DLD&dl6P$kCJ9s)fW z^IfOCnojc)Y{#-)x^Lww>7IN01E8_uno&^(AcI z(n=B&N%OkcE-S zBmBdc8X19yb@kNocY^|OA*#@30tvOkzh-&|Mj+?qXqp2*!+lqD<^em(M2;(^gc<5o zRFOl{?zh@_$Pn$!#_5@x1NMVa{X7YI$w}s^<=}8t!|8Xd6IZ&tqT8d*{-;?G{<{;6AvIxQG`jCscyw!lS6GDhf9xNlluDTe5Z6-A9-W)I`-HJ- zw<3J}Y70&(a+Mh7ZcaZ3aoSIm-B_y##TbPCIzTSEg=EhqOUd-Lk2vu?i~Z)- z{J$mqDr3CDw$NbXDYB5wA0LQT(Q7|GI(zc;+Jpq6dEGr5ihjg5H(#H5`2yVBOu>xE;2%wlL^AvJ~zS7Zl0*|{jU z-8f{@?9#l#fZIyTQBske0FK*G)~l4eF>6Qjx9pQc1!atgw( za2odu?nB+WZC;PRas(T7)6B~$115}-oRx?U=8a3v^LlW!&cZJuj25~0mJB^jS*+Vq zZ1rwTe>C~4ZK8iaI>KsAp?sfAd5lm&(+!}Coymd)%FcmWIJp?q1*k4yRAob+kLktw zolHy%+q?kVdj~PAkvI$JN^h@Pnr6r3--=-EkLKM;VTa7iJ8@cGNBDxO=??n;veJRy z&r{w^9)1|3I@p2er=(Rvm2g%401l$uOrk_!xi{_iC%rF4e#Sl*l$~>QPi1IM*jZ;$ zc~2kUn_KqpWR@VZ?CQ33*J8!5ugi#w+Cke}Kblbr`OXI09!jbrW@Cg=b^v3;8 zdS_n*5_L6d$I= zWUwS>*ZuBO&tt!2rB|1|#*YSh>|f6y>CiL{k4 zElI32nZ6Z>vH14>97Az<04-qS=0oh*Gw%j!P_Z3>v#@+Q0OittH4NK${LHi5DM= zV30;l(EFbn8(twkvVEjOw(bg2@KwUp?Jcv_WII_xl&Kky9dEdF7%4hiI;>2c9CjaD3XB-oH z-oLX-1LZ#H-P_nN=r?T=TAs(KBGTlOz+JafnwOM*97*_+43?%3jD`q%tKr$JC3+Ro z)Ki6ID<}6%&A?~&!?PL}XThbEJKi+#7cLm;=^NQTQ>IL>Lf#L#U*A2I>-m&@X|U_j z20m!tfhFil>6#>Ig67{lv%`THg*ADY)rhv7Fu~#AxGGNjC*Yt@mBRx=UXob_f``Wy`qBfvm#C0b z-1><_k(hbFV&Wv9TZ_xj|K6Li35gH(ApmfVSUk>~*^t`3i${<;6FuTmlg!`qKNS(< zgiLfwP-(6by=0tEwml@KU57W$>wo{u7YFHd^K0*soAGex_E)5GBYon88Bq0eM+PcG zz(akHIsapdEk_CC;{#*L>)A(4QRONw7WNxYdqOa3S%Qc9RL#w*e%YB@0z8-ieGNvC z*c=~*!w|wxm!5{aclzw`92G>N(;0acD02FPF$DyfRgHYDnw~KCcj6W^>{Y>GbLz2` ztODl#yV1Fg`xq-L@8vgwa8~{U>;x=&=^jq)b6)m3igL6%=7joUSe3mD3!rYH_T^N8 zwGHUl-zxadn=2euyN@bjBn89Pye(bXBmY-aO96JWla;>SLtKYV{1QI*&Q zEd(W5HR_rhc6sy~D~M!zfrRqW46qbKH1Fc+Y`Lje*}!-si(dy8_9WpcHvU zhs}aZLrz66!~WfTu}+|IwPifQy#2!6VUdrWt`(@)(@T8wn(|&OmZ<{`!)zzO|;vL)) zXXqc9MxAABR+c=t*79m4k|ci66!1%e*fmL07Wb_p&V!o}$gb?0mjaz4Z>ZPnwfg8Rpor z+2B8pcE-wx=w)34$na<(yYx;t&xD#s1*1$_?&kY1^vaj7;GIbnCr=_MLiop-OE-kF zF2O9^fm1p(1$kWNm1*Z#@zH`;!oH<0H1H3{87r9l)z6V1RtZ-a@Ors^m`R`ShL8~) z+EX%z15&&Y;Zf?7Ty%vV#{Vfx7m44J4bHwg;dn7;>jVUGW&ffr-yE*c`h{qRh2B4K zJ%bxzSj4$-5d~rP&iP6WuN6OX5^+A2TkgzG*{s_2V&F($#0 z`E#R`jGqe-5v2NKeVaC%Cm_jRHwJ?lgsBuF<2VXmXv6NmOw=c7vW9VGq_X>|J|+=1 zcmWsRPGZu|Y|W%g>lHfUhrB;c2si)P$*S!RbocoT(gdmm1rL9lY_n7qDLd`5{5C;Q zJ7=ou={p3@s`@Dsu)3tmw8HLO{i1nh&1vQ$=EK`G+!^U>>8bJX8F$ZAK_QUeT}u$r zKRG4z;N^xTl9_L6|4br%(YXoT)|{>1)NSZEJYIed{Ke{cH?ra1?DllQfxHB=JUgMOPWp@j=hH;M{EfFh|ZMqg8>4Qbd% z>RfH-_L}&?D|D_U74bypAc{rS?>@ED=uBa{SJZ{S9#jLT$`6o4_)SNepj8Jl@_@7+ z#+Aj4-;3tymh0>xeH^;rxAaw;zy_J{IoqmrcCPMlUlF*DH1^N+M;0)Y=NvX$lFx_w zqEXd_dPUlDnT`8kOhQ;&6(oX zGxOnb!kE*6;|4SHi;EsP9awzUFEMx6i!}^?Iv`DblIjbAcL=csy;*~D!B+q>c?w}o zouED-)YnjodeLrX19;f{Hgp~kFUl_O3lwx|HI^8Jh@K&06~w znZB%64S2&dR({jJ&q09GFpJM1qIWQBdq(`ID@!-2kaJF{*2@F0I2C-~{KU6iV#i{| zcvkr&V0h#7v(|(z+Z@E}%u>iN8{ycw57(5=%AR+;)^<|}A?|25^idZcUOdy)n&aA&ps5Go0A zk4KJME;p+z%EoLd%2liyKKXt&#(x_QN!y$-_COUqURAa#0PVpzN zG%WJ_M#`KICH+WmqQSvy|@3(rQQBe5?WYd6>Cfh%&8;BCw_spGqNSA_#+U=yvmUbFP&gf|RP*wJ5M z&>|L~T*P~o7L)Kqj-6)W*wyKp)x1S;^it~7eA3!F+%t3iQ{*i_vS33!B0KIO8tD>5 zPAY`h`=`J&`FrvstoBHn?5uEY+d#boRAqwLNyoP}9+1dLT0-al0tLF7G;2S-e9!R| z{67|ec524c6LL}Y?8?XfW3wH0mCdrf^0pi8H`WpjS^avj@e*8ScD~&F2(tmG7A65%VpnC_6FPoub2L=(meU!v@T!)RDsWg=TM=UiiX_lJ6-N znJ*j`nN&%1W}3+ML)F78DA<1jU`lgD@W)G3)bbI8Nomp#4ZF~>-#*OJMwF(i8v}O% zk4!sc!%=z>*<_MbRlE&7p%3gcrcSJc;vQ?^bG`ynpvu$2U3xf27D%gNTLZ{P@ba&l z;N3HcB(^BG9Ip)A@LM4zts?p_?Lv%}A-(vCBjoA#q@Q+Xk;@aZ2xm47n#^YNgu_gh zr*_w%|5yf-Lw^(NWUqXITbcIGAac7_)?@o`(ob3yWksJT)r~dW25xAKu_p_aA&$^n>eJMlF zH8F7Ir($-@kn5_w#V;A7E6;=Pi87=`JjsX<$`rox757Up{%3eBZ4T|9@Z9h#H2bkn zt!8;df5(<+K0nvm^s1DvCljPz|H3Jb1^=WCYcHmuVQd);>?tk^6;6eAE8`3pk!=3s z<>ZP!sgK`ZvG`s{2>KBkl&J}kmVaANjhbtFo2@)^`*lkXUjN?5bCZeLnd8$1d$TdS z{hvYJA$PFz;1AJ|A9O8~_g$iiHMRX*nb5i4)ToN8+N7=81nBYpAcjj6a(BiW<}$;M zAI~^$pPshE22wP$OLSSM5$3JB{uy>S(1yG??UUM!Xud$4Cto!CfTIJ;+o12w96ep| z?j42DuO}IlzOg7e*MW=l;%a0d-wZIeGbi%K5a}hU>dSBy;5mGm-$!f_B6l#Ew)|cS z4YQ>}eMyO`hThYz>$SC+{M>*>CD`j$s6*Y~rNfi%e^`U_2EnqDN#3(1kb~M$tTTTo z(MTF5!0lkjj(hlS4TW-rAW6(c&RU@9dYKktxIW00b9?dT@qO+ka$TOWk0yl-wY={0>^T5TfT9)d{IFvkn-Yd zsZRQ{Rc{iRaw5cjddtMwxHTyX(tb=X3&?8gczvX~>p-SPbG5pjF{~0@AvRFX!M_y6 z&5171dcD{L3k#$P4nRzZ0(Y53Jmb2e4&H*lG#p8j-1fc6Y|nHsO(T*A7a=(uUF+Ei zYx_`Ks&F8%jM;da0SRaX>D?V-rZyJ=!kiSmqXWrO(XEuisPb*RjGrlJNwJ?eD}}D= z0&rkk_eP1nizrtziRm!6{UA5rbS*9lpv|}98xaUb2XK}#rgd@=Xq2YrhX@ME(>Exz7%$C| z@W4EgLWUB~|Gk%%PGT3HZK7-OGXBQ)p{q`2g1AmU5ONW{{iVaDbJv@6;*EcrbJH%v zx3blJwY2aZmjk9S6DyoQSP)k=O1V7_0YxZ>h`i_Pop3rOKy{OxGyv4B>CmCM&AYaB zwSU{g7Y-cKTDjdx@klt8(iz}|>8kUkDw#>6DgZQItQV-K_WM&(rSdF*nkv%6wFxQo zLmF1!!53M`jz1$P`p;P-8c7Y$Hix{IPw!>~U)$&zLiBd=g5fOJ!6rv$Y=#-F$i?hb z5cU z6;2A0p)-`x?fUf<+PmbC!cR^kc|Oxkds@Zp-Ix}QGsM` zprk)=mT9w-590QF+CZUqO4F=hZmASHBPY;PEAnNm`=-)RR^>=m{#A$6&rE=Q4sz2e z-M3@Pz@&-NqPj;H1B!R6H>SXQjON*-Jl1Lkj_23~Iig93*NG-J zs1zAGH!>XuRYsu-ixwofXTWzRr(-Koih7~e?xfSV_!_w?E&YepK+VsbmClZTvG35I z{Tj~+PvvOxF&YKgbNcb>*(zEIrk$Jc{N%M^&x9xrXshBol`D2Uk7Ec!r@amuY)pX9 z)p~me^qZ+CFVQCHh*+9Fab;wt{!|N7SJSnRwdVjpl>9Dn$(upij_y>zo2)ZXd(SL0 z?N2{ECod9RsR{vt9Y@s~$43c|69CZdtqoRL8aH5;8Z36oRmkb*;PU0CH zmkDS*YK3H*fqJ*Oc)9>tfC!!F`Y81<&-~CJz4aG8$y~>@>SQ)6NgiyFkgj3r)|F&V zC-c$hx_tj>!5n{u9R6X-#0@V$-_Pywj4I9>m%yelu%jt`Ljhb=x=sHM$>8DrgZgZW zTC+0M3SQc_()I3%&ebuAswXEgJ2!trZ4+9^PKr2fL z*Oe*<+@1bAsKIYKig2y*H=R)?3Ff5>@l0LyblR6p%SJK{*(=vyrLgDeSgCFiXhl3m0Lr<*^ zz7EtPK_oxw%RlYzM*Yn~YnBpeY8-rbLnKO`f3fsT(KM`X zo+KtdLzRYt_K4SI@{H$EwInKN-bID^^06>(6V^&{B{z?ponMUD3S1_=B-ww8uKE^j z^W3%A_b}Mi>uh)!!n(nmRdNS2a7|1h5(nwXV6u7}T)oeX_~o zN8d=kemK9fsSZ8;dNG4<8-a8ED&&K0+~&fr;iJq0#eXQeV3Fyje8-WHi}!1G`CC_S3E4C!09p&KJ3Z9@y75Q5ei#rQN-N zQLR;gsV=76eVv%uWadq_%pf4Kf)BYNL-EQ|L#XkbCo>6Dd*d%CSF$nnK^+)5ymvaV z(_01-I&caTMJORad;{9eJVRG6ZpckSI9k=|d*OG&`Auv$a9c5mJc%XYhe$h~hB&a+-c7P9B*#9|5tdc+Ds^!zxPAW|3WLSSE^~KZZFW0WbPd zqp|K|i4zHEP`q2cmb)E5G4cCrBgEQGC?fW~<0R#G00VZbT*-_o(aZ3SX3br;3dr~_ zQie*UfEkg}%y@VQ>3BaFaWf!?R;_Vlf~f1UhbclHOO5BP>d)8dVl&|YwNh@+UifzwV}HedC71 zAD>K1oqWe3PqNmzM`WmZ);nhlf%jrp*h#uJ++k#c8T;=z06UIK*!yC40)CMU_w35Z zMdM8(fWzr8-I)`Uz9UAJ(`l*$BZ20b7!8A>y>jjQgVB&-%Ph1;RW#O$t3l2ZBe~=B z(_AqZ#qalKX|Al(V~wBaSd_h3}Wu#(fOqn z%cQ3H5B$1Z@{WwTG->#VW!EO@X~=Lu&q{aaSE`Y`XGrYFh0!T#hCAXGc#x$djF1#%2PAoU zL?~E$mMpU{#Gug%4>Oyy4HOx8p5XK5nsfakpI84%Nw>dTSSk*<*fydXDfVo-Mi_)bNJ;Hh|4go!FHG&?K-?l4%uw zWPVhJq)0ZNfqv6YR<78XED25mKl(+vB-;6c%IO|LbNHv{lqbHb(PF3oVC)8~=k`f)w5=J6|?wz5KBq zY<Hs9%1>2 z6MnH!bE`wl&(8?|y8~)CPEUQ~>qL1v(@lgZo)8NDT;)_cAuC~-*A3C|zCTr83i!_yR zKkomdD5#VO(jlUhboUgLkWvv*Y9gJZ8>Ui9svr#$i4juL5+kI$o6#L(qXygFzqjA} z{+)B5!x=mKgTuLYy{~w^p3mpwGgbq=c~~_2lvIC`%0_K#&?4)9_h4)_4nyyKu+V>T zGADV==l_B<`TZ-{*PI6OGqxYoqD^}VP-S>`xca%r@)P$mlbYL+od6#3bi$n#8F1=* zIr@QIL6PkxgyGJVsA&Efe~G1uA}}n%XF$A?Y!zKqPCS`a9MF|1KVE8N8E;w(+em|Q zg&MevPNdn(WfT0C>XICHBF!$Q`QhHcjCr-l-%*W?3|o)ZZSh3u2~(c^?qcxjv;uvA z=dypvKv_?^jzVmfA8+nT_S=1rhMt8*{0_^2|BR_IT)s)_1N?}+J8%L~8HL}#AuWI+ ze9Az%ln9`EEeSu}~1X8C*WU#Vup^%4b*3XHQ+>fGLQ zbi^pTB9X)zB$Fw1zHiuF~a*CzB0`0Hu0ulS~Z^m{m#qn^3 zw_Pfg={8VYyeC5V>lWJlT;uF|cjp7dmp?}_a@LXYr84~SOu;R;Za}!fwpDYyD8c`W z0~_xxy_w6g{ti(}BVwMS^^n7G`G+sfc=T>4KYom4#`BTR&M>1MaMdyG$=4pmW#Ew_ z3{W9jCCgcSta0ydN6~m6hqPfLV)ts$=1Zrtz`{;)3(_g$R^8n|i(b)ihzf>j@IOF) zBOQ#LU;FEN&SD!zAMC4oMM&UT@>k!XA2Dq!fZrT8tu_CvWvhFy5SvYZCWrsgHe*K| z8`C~>pix==wfIDI0A(Jtp+PLFd)iiSs&x~)@l8ap`J0pQlF_U~w5Rsj)$GFu^CP&yvl!JB z(f}`R88v@;=D;jz6J4$yfBnZ@!p0$dW-gt6;*IUz+aAqc`y0h3(qSk9zU3|Y9{=YV z2F~EKtg<$}*)UM-7e0`YNVQW^ujgyK{1-DJ7?Q*o57$_ogO`38v@Op#siNQEj_#B-@O6QF}Kk%g&Z}jab*>y6v;^Kl;hTJGnFl z7+a#bS{9CIB#RrlI8U?722~pJ>CLoQJAsiX(ae&tH61!fV#%<q4%R z@du2f7G6sV-)YPu5ht(h1iECrCj=dpN3_0J|Bh;HlB##-J@_eakm4)n}Yl!kO;qy z)!uhmRmG>->Twd&XF1(nZCEv)1C81@rN(Kc2Q}rB8e}_PQ5FhO*S!dWue{$tb9A#1Z!B(AP+$Jhs+g z^pq%j(2?8H93tIhoH(;zuYi^mbps^)lx@A~RBW+-R+f1Ook&$K&e(HN-cl3pQZ;5t z|H^}^nMxP7Jl%{Xxq{NVpz(2|@DLi3_f*R|$*h{mGHrT}fGjo^&OI7~Obvglm23yez!?FFfo%W7Kb5+7#ve0Yzsn8)L*D&o_cjzq>n{05}017hqE5 zW$o6PdkA%H5p5Ii1R!=p%HX#=iFq4_ll%3>*Ms@BOi-N zRM6>c=LzjWC{rd}go;Z=>DTX`9*ec_MqaE^)24W$Zq1qhd>5Qj5_kt=Gl{g1f#3jJ zZBpA@UloA>N!x)3lTrX2VGw&zAq1p3VTxy^viO-DNXj^!>wa5>!VmgZs_{}g?A)$cNEq&&0 ziNx}uEnWFc^3Zq)SA(4DF^eylt;4>y9oLgk8XQm3G@E&&pkvI~Un| z`Yh&N{GFIb=B$FySF$};UTv2(R3_xHn%P%*;-HGJk2UG@7*&?jS6lA>kYiL8itx?Y zY)R!Wx{KPzq+_`MUY>3|QtokmLK%?4w`&=E9~ac?x+bAlTZkX;pA}WB2|cNBrN%ja zH%Iyn@xL|XunLC4>GS+AgqqAYVC}CnV{g8KStr2kFzQEGkpE(}*DEg?H zps^P~e{x2o?(C*VJNpL2skGPV^wq9-?NQhV_73AV7?RB0Q=l4`%`JZx5(QmgR|k?E zg2V}jd)!eta)lM)&hus>{LnwhXxn7%$rNjFuA}E8=i7&M96~LqwM6JASXfffAcj8Lzt|@EJOkh>mjt-_h+9MJ2-FyprYI=b> z6$k!XiuB8nb&O4#i@7XN`)8-tGWfMlbxo4VGAgT-_H-v&!SfRrf;>s!eiZTKLj5o= zBX3yJm8CUM8rWa8Z=XD!MK7qva@DP?O@VRN=7+0rlF2XB!ui4hA6V=je@aT0D4rH? zKWsmgh(k8^&JNH`VzPJ|Y4|w5Yvdn7y~d@@n=J9nnvsr)A}!Qdk>VybJxG2h`Tqk zW?}X7J5i)90-JPTbdVaqx$XUPT=<0+U&b7j?lK`w+}RuS3F`?Z8aotVULanZw!IU-s&iHP=y9CE>2Al#6GAG=yoNnq{p=CtMFsHtmh{ zi8-~g2J$k1&;0iy8b@5*4tX8#^9GsKR_< z(0^5QL0NkBw3|or%S_w7J?tADG&+hqiXKE&$GSbOD6n%z?}}SKKV%53CXtiaGk=}^ z;siqA)?WHs+CHFS4!20ZXiv=KGmTcxI|%_@li!b>%swA4uGN+Vj!t~H=%73* z=49e?`rv4bl&srM5f>vtq5gFn6L{0y z4d#MLXh@Ngp%8$r6FMH2hq#HCmDN>YyMSgI29rDnfyjt>`8!}kn^bWhZ;y6Z7bSoITdw~L zu%&5a-sy?Mjv!P24ao*G6P3K<)#%rJ%IY<7-*=N4+K{mo-nKlztmLY3eEPY zykC?sbB~rcOQ|aQc}ZaVIMX0fbd0awESr0mI4Ow^Q;`j|P$zU+x>#4lLEdWuS!9jg%J|3<>txgE6PU8e39}&S`@sq`asuQl9VZtS z7R=<6@47dwAY_7!nH5%JnrDZCB|@rorQCjo8Ax<}zuFF1^dhw4d0EZWLkHB8I2-*% z$_Q!l9yY#fYe{=A_3DR;d=Nv7e=1j{e13fJi-D(RRHjPWdfTD1EbS~|CxiN=0hy@@ zb=1}G02r}FDcW@OEyJ9dbEfKm`IX7|#O(myUk`BEz?s`h8)#Qm^xPkj{snp4__jk) zVL;7^4v4iD~P)LX0+)bAS8ZFeV$+eS3WO9@SsTW(G?YOMBxyXtoWWI*qh zH;!Iecd4=4K$lcSyRs{_vMHY3*7Km)3hBX!IKUxXuuffUYHFhKDN$}WDC+Fl0;fJ3 zY(6dvxC3G3XgK*@oVGXXbFHyhg-_q@>unQrz~=kT4dUKtk&)eewHe|03oNE#6=um* zSP3fL;1-h*SODirsVlv};Rc@XMJ0joK<{IKU?aO8>&%YQ#a&wzXXDha^6zTUcetXjXr2HZe(m=UA&xYB%^0^eL1w7l4S9b(^OuOEbr z_P&zsslCT+7lsJF%%_yF)Etu(7N?Ysp%Oiq$IhZnP3k>Y{$z0*R zBi`{^*JUWS)HTt~IJ>JM={p+}>%DD7PFTzGJx*(FiD#ED z=nmkW$(~_M-1)}Dq5D58^ol$Zx zt@LjZ{&|o=p`>5S(=kql^*g)h3kF~W|y37-XNGaE~_|7}bU#^ksY`-@| zKW0!hP1T#dL-Xh{e^tSkKkkdS)xJ_hpYzT27(hS7XGaI;$4Joxv+w;E(P^*Ln*B#0 zy(3SlCC|B#N=+XKdffMF|O>~f4Cwm{97p4wZl|265gC{Ba`;ZhUM1OrYTJA zfgo?}gWC$6Rgi^-7AwMWPPmH4sNNOa$ZyjtB5EIXfIfH!MXJfMNAgFx0_|8gl^&ev zAnN5CL@YUxr_KL$bnK27XzKTfY{c>*)vJQjFmpu`FzVPFJh12ke1S zN?Telwe(i)%;C86v`O>}b-{dI&6Hs$;}mPnFQ;67fJGqqONL2GxlsP9#m}6ANTF|& zhz8Q?u||9jRnc{c(#rQeUlt|HNUn^f&U=ps>+gqIjWs{~5Ie^&o|Kh)#jE=Y6+>H* z2si$n#z=v-#prqS7j;n)LgXmp@oEC2i|Y7QE_<*aI8u2@$dc#pr4XJg$eI7b<+5h( zy`1@JXtu=1;ABh_e4IrGaXpwVC_gnT&r+QcU-mRNmy_D8Os~E6n0r{1@uGcqOglrA<4{WWL^`Nhkl+W4<1} zB+Bldj7g{^4dc{{(5K)0HN6*rRbs^92O=m2CbJ!1qy! zLGYPV`6q6IP@2_2V;|{!%h-T|dpRj6e+S&y-;e?o)=JIhC#wJaasDkVyjk|f{+adi zT2~w0&r!YJp&jkhj0wp+P%|27@~TQV=`d8m!Dug^w%I_oU6g%wWsJsc@rt&|Z}}ha z4Nn@ceEm19#=jjj&g?Yg`1NrH=?;9te6bXpN29%##do-F5!KSXbpx|)lko*>f*&7+LRpNT4>_(3m1Z+-D9Cz_ zClpcnj)&|d&{EMv_hg%jZI!Z=7aX0nmdb>3DJ>eYjnM~h4YlN+2yJ7=_~QKKW^RKy zxcX*Q`gJpRtq7HBDzQq-zQ?ma7i6+rhcjomxisF)a192c;C64HXDCcg(S*F<8gOg3SVmTF#Hyv8I{-0ZDrP2PBc%0)ZqN2*bpVZV*T^ z8|p6je}E)PAdsZ@b0#O4rJJ@a>rXXwXH+&bO(=VjDVAOMyVm7JWwQyM?C!-NH7CEd z@vL%+d%s>-g!TBCR%Y4sc!!Fw3?2;-on=CJx zo|p#GI#FW*zDBfNfNP7aqq){#QqI}fgHpo9!HO^#H0~TPf$1&idy+08oFk&=oRftyDDe+%ex{BX(_daKfJ|0>-gJoDB2qHycw{2%1ZNCN&ent!uqJ^e^kO@$+(DH=Sb;@W_l~|fd|FoOk4-fbxE?=#3T3dH`>{qe((POQ zH^}S%&r6Lndk(Y1l-(N9X92!J^l8g^3nsu+lmJe%CH4@Www-lk(!EDa!W=T(dNVOn z!puE)?%Q`2#4A5F;AMXNb>>cq_o#uw>QXL~{!)HXU1XrbQ|{SqhPZG4x~B698M57=Q2eY` zOO1gp=FvAK=^u2X$IjpiPh2f#h;d6DeEOaLQ8yqC|D$dk>tcF9>IV4z+RowZM2XFefVkx58)`}mKqz2+9V^uNE~0Q6pzHUN>54-OzYBFq9<(t`uk|6T%1 z7Xw272tQtcGh2Wk>~qH#TaPj2rS-d~rP#>p-^cp__`?M_b~f8;fxahFn}~E%pOdap0RR2`$evW5c9Gic4h}3e%;0rOB&!2supM!$Ut66jHoHYp`s0*TVQ)-;};@WxX&AGGejs88uK$ zSXv8(^c%sqA~2&gTkEd*BGzN~i@m$)gR3;~@74om#+_v^7wQM)-1zUktI9)d43D~> z)KgP#*8(1h_ni-Kt;rr`NOD{IvA}bz^H7Jkg)H^bzu^b%EdF+Zu2TAMf;V_N$4K80 zYqS#gvz{fQ{D|E4I~gc&^3gQTMoQ$1Q%yPQMvP{|kd_mLl&N zk$H&-TpX8;@~>~+ep=n}r@2T4;~toev=y(fwT~SyVfgs)TyHQn>wc-j*GPwkdZyl+ zfr2HfgP_#Rm82 zf(E2v^gz03*Eaqw>teRi_uo?9^#i`2Lj3^4fvf#gh&yXS!;icFJt2J;uvak+V9$9U zm8L^B|0f1IFEf_8$bfT|RMj($SqKRCOY&u0w%VjKH4ZOfH`*7RpW-H}U}8FG7jtC! zL>iix^B)9eTENH1?Z=H+&b`mG13`=h7}WZm?;pm3_8-O~nu~cvZl<|FCFt+hR~Ln) z!Ozq=?W?lS6RR+KF~WhAZmwfU4>{$V)W#gPKbpVjaTVTIrY^VE8D6~hVLasK2eHU} zGt6Qrm+zugEuCp(yj-lr(vMhdcXo93p+nr4N(^Pk@9mkNqLug4bEIXW{L`Nue=y*1 zMV<-J2e%9{@_`GwyyZa5;rsI3Tb*&Qf1Sx`yo0a59#rmK_V}Lm-*W$u@ztmgF@Z&f ziGSTgzqgFIXuFi0NRs}Y+5JF_#lMlC^!?!y)bnp)$B}qkkW;VAdriBDlbg@8+q94* zIh_7-Fn?QOS{f(M!rXFTw-0*jx?Q^XzGaxNXH3R^oUf$vT+^7y7+mH2gmPo7JFJMq zahN>A@_l4{hrn1f|KtzD5|z!Y;aE=ctPy5eR*U>7riPhY<)Kio(TM+q*1*VymE->l zz~CuXq5DP-!8r8(+~;pA5FY0#_HN;$2<{onJlEh~x#hg5n0%n@Xye8+6zH1B%aKJC zSZDB_;SGL23io_tzb%G-Mgn7)!cO*PBPNR3>a+I!qRP$Gp4(l?^HyH!{N`MZa&jpxyPg`3M zOje@hzu|2Q)M%82gyy}rSk<19uBXG3%)Pb1u1}36I$pq)f5pV1zp~eQ8ErN4sUnV;>IEV(#6$FFh>8l~Xbw@ksqNU=jav5q)SbTxu5yl-gJD_@vO1u8cKQc?U%we8ATW{@3S*<8I~_0^EcLeHY0R z055|<`c&}4P4L9?@BTVCL2$H2)tP`E0@zg7aSUg)s9b1hG(*lb$CspV{v_+JufytM zuU@tkWk}_uSKEaI$}ej^T1vWX;@h2MWVYCXXf323=h0Ofm%0YYVt0G%_R+{>vHdz{ z;7267RkW7jm2=LSf!tekje!Q*r#Ml zOZ+Xpvkxr-)Zon2t9lf?ZDpFpPSJ4wW%;FID{TX2>(RH40_w2UOQP&KZVB2&Pf`}I zyRF*y6;jg39`&WmTy*fJeg4n!8LL!E38w6tXcQ)!HE1ILD^J^D9+fZQ5FT!1?swmF zbBOy_{r*OqOP(i4%FI?Za3qt6W}hCVJuK91b@n0`#{11yzb<~#<&+8LojP7TAn zOH-C{lqRq$>I8;vr4k5?Mlz5O!9Y5*ZIiY6)xu!We%pxZf~|?33VK1amzMjl!r6MA zFXJX>Af~i~OiguTAft_(&4uA)))s<;4(<%9s=zrPlms?#QIdfC4XDSNXwzA%>)+=Q z5oS%lwQG;pXL&NBT|^}BEZiLdc0C4e@FB34Fboq!QIs7|la`#>E z9ZH=AuHQL8MZZG4CmPLz+8}ly@YNaWyM3BTmCH=0x^kbAQBBJ}vySUuzsQ{SbCBzj zvxB*>`k|9d?URbhc>vZ`kVo&0aZ)Wd6d~oMiFAHF!r?nczE;3Qa$hT&c@_{;8yf#b zq4_iCQ>54{)8m-HrB}g`P&vaqZ%xt4?60(~_O1?51K*H(-)zLT{xj4ldu6KZxqOp` zd3)*colklyvCpDa73G%x`u?oN7>LLnM<~r)N~|u3-~sQz*9s_AmgRcF5K_*IVft%1 z<0Vfx)XzZNw33{BT?l>f;uSR&=S#ig&Ox9hO}0;>EB|3Of95tfbAQFY`Sc=$Qg^y{gbwrT|{z|k_2rQlPCnXRq zi-{pSp{$v6ubA8cnJ6TiT0kPDsPOplgEPu?Gdn%p0@LsN#%QYzM~*ukq0-lCA0T9_&CjAL5qY`Jq6+ z3S96Ssi4OONi&@Tq=5`C%459VCk zjyps%TJ;nU7{HEP(i)dk*bV$?XCNF976j@RE7Vo^@ka4(3l&qYB;pFYS$52QZrXiI z5nvq&?;_a74IwO6PiG_t2nT)hLe9|#lEB5$AP$1P>~xo?kuHBCTMEd8MGobe6%nJA z)cW;h;?xePyK|6y)YBM2gSrtx9#40^GREVBT}{yv*#3Wf8j73kZj~Q6P0zG?$uwBJ zJ{YCCgLC(DJRf`Ww>UD0TW&Ymt1~SFbz}cvtZStvi74*oQRGw?b6LN?`D za+e%F6S0iJjPg}wV=E7i$dII)NL~4v=R~PE8GZw3J}tZYo#g~!m!{72>Gqfk+wYT= zZ^A?5UtOqCH$aCL81m9o9b=@8Xw}exJe~&=%BG&fx!{>SEp=q4*mYdmC<2iYPz`)i z!si&YcJpOyf6Cu?#zf3taSpIyF+OjN61k?q)&DuuOt;S4B=pivxxmk8tGxPJ0f8ux z;zJY5^(wN{^K;MPG=dSsRQ>tXal7I6V$aN2n=L^mD*6v7&Eif0mK!hyU;FC(`ca(9 zNwk(7vC?XT6&C&2$8m$gD+T&(1Q5|NMB^h=*dNDe9~ zIyr`CXwmaUwA9Ssip94)w+T(56RBPN={l8#E@%U0ABa#!1aCY;DICo>mPlp~>@R`J z@T&Mnd=az1TsqqsY1<-VD-C2bwpRhB8j`B-*%F1bvWa9mnA7Q^nQEtwm?cNwidEj< z6zkU$H}fUkUn*0hDOv@hLG6?}TPYWaXJFacFkZr<2{KN#r1Pcu(>(Ho1LTyCu1(4} zLJ~?&l-&h+hZO-ghezMN{k+HTP<#W9sOPFU29~wKap&}Vd={Cp`N*wQd9Y#ifUpi) z;vXuf6T>v{YUCu#69W2xwDL1*_eo*4-`5_!qdA-K7P%qjb^K|;6#Q{)KMH=2l1KUJ zE1%#R2yO~)g+JZ;4u8I|wt>K-85Ji^8c5unxN};rRpMYo6JXI({*c|libl5S;#HDac({Cpxxf<}s=2?gj@EoebhcGJu= zQ%kzwm=EXftJfiZPm4^Qzm^7HH$S_o_K7~I_D}I(w0(t()3}u(UfeM?kX3@r$LK`Jk4whw(SaKoy2Mj zM)Rg;Nd~(njM}pc+1*s?Cu&E`7u*i8xCIBJnyOGlaD%maZu@TWUMxqyp5Y7AGyBR~gGNtY;@eS?ea zmtfN7!=1{zt$zhK&_^tiYKrxFeWQyWJ5RAUcIb$5DJ;{5bK=LJbP)0? zP_P(rU%~5lO{u)wn?F{B#|EG{J_bq2}YBE^r{50xSpl6YoLGJ(Z>=r&? zM2jyRK{(ni+Yy0!1?q7Y5hLn>o8I{CfvhOA@sp!b(QwWO-lr`?x|{GnW?ViUEXe6& zSYs<&DRssUzKASl#pmO_GlO#jjk8gIR!CSY?XUP>SDXUDT-Oor!sux9HOT{_{?nSU zTmbxDRMVRPI zg_O06-NMErS) zg-7lUyJ58J#<5a^&K7vYt%m4_|9=($IqP9uMUmJWV5X|7NTOJ&7m{yPl744swJirl zPb5nR{F@Qs_)g0%uxy{S0d1Tk-2pqVkZZp25w7jYo@ zWM-0IdF&s?YFT3Qj_`J$Fb892vXBh&(a)Sj5rtpGI9W zpEG@OrS42eLCM?iNqHac$HWhRsy#;r=bJ`n$y^&J=Qdwie5?`vkBQwD0*2vQAQIBVU-HF9dqSgCwjc8_;*o&p| zr4|%XI=bq?N~%-RaFNl0>!(KN{FI#38ro`DHV2cj#kC6HYkrtnn@32H$I@fi zx|snD%358rX>hc$o<*i-Lw$)B?i(n#IU7;Q56DdUDhDj+`zs<5ZZ>jD5#_oX2}%H{ zy9u{8dackWzIL?v+_FtVTXe@uid0ncrzaEr!2%3slYB#ReF88+1I2$4>!jJeyLMpV znachXF~AObZm@)|v1Rj*oA2r{YW60J)iruP-D@D^&Xa%Fxb`bgXP9-;n>-hSk(u)u z4LLebeJ7$gd|dKfrr!z6(%7i}A?(mJXuN9SRS!IH16iM8+7?spo%GwABYS)ePYGW+ z^W&uHA}h*FT@Ix~Q7}5k0xy^y7LN#@tq5Ek#E9t{!S!tQnBP19&4x+u z`FG-igU!JxO5Kzf{VG692<#Z94_fB5y~CDv%dkB~p_Z}4N6Gf0J(w6yJ-fNcEaV*g z_yCp4R;3Ri>L?z1)E<2I7Efj?MG5S}7bn{|YS1nL#Vi(Jlmo4iX|Q1iVcsd~(NdKW zv?^GxqBgy)64Rvy_i1>S_mULD1yT7`v2QFgNW!1OFU)sHkOf=5ZF5P#VO}RY?CwZZ z@ZN7J9Qq>;od%^7&e6YxAQJ<8&Z|0=?d`&II)r$My<>|8Ja% zNS~P6Io-+K+YSGrG)YGXs6yp~S4+{O(NHHqd0>JeIzrYQxWM$2HPN}CR;s&1Px^m9 z2==gM5YHvBRN@~(jZ8Zd2o!Nj*iVO1#lmu;4|tS-nmy|W8%ehlDFLxy{1R8auOgF6A=0le&iZlrjL}E2evcgNofhbkGXv#=%-P5V$mYI+_k^ z61}7~>30`DasfVn@;V=<6YqucP4Wd2A2kjYI*%^M zB+B;dOU8AiL}>G8)L};|ZwJVixqf=v#pJ_f})O5#VN-MnXoZtLo2`n{0FVzmSFpvy4UpD){;QA8S2 z;ycBQEKP{CL$p@fOx&>6tI`6mouL|^U!5kWPWXQlR#I@@1tPY$7j&^3mZ|X&g zz}C1rX|f?h&h497=eXd}{^;bwV}z6X-LwPssJ$j9-2A$;N!md{nuMSGYoBI?rI;+3 zuQylP0X?tYHTwQdDj2sV=lLuT7zkaGHRp+YWRYN26b^ze(^!%^&TA~h-lxM!PcD(s z<9y6R~nrYrS*OlX}cryVR%X6xv5b|4z z=Kfn4tafP_IHuon;#g8}BT<6^5Wc$R8rT^lhJmZAT9EBzlOUd8Msa6!q9mZu3V-TP_py6(3OY=e)-?ou$j(_m4n0vgtI_ z%$envzL|r>z*Bu?{1~S3fa8&*9^xfQ1wTe_p;o^heW(VHh7RT3$9JB(%cXcs=c2At zaQfcVRkx)Mw4TgpYqSYf#CB!x`42(!@683Bnpq^xH!V-*D_c5K0_>8D?C@pUHql_b zM`v8i)iz4KGg(gNL*n^JZ)**$QmqT2p1G-Bx7&a0t40`txXZL4vLe@$kYy^_^QYrH zQK3ivYo+f74XH6R3Fx44_6(RW&DRyMdB; z{*=!J8$mo?>JY7cWz(=VUX*lD>bF2vg<3B}rNK&15N1jHyMqOeNhKEFiV>qbXKUQD zns)(_)?XVa0r9?x2B_+!Kjh6Nh!h%`np`@bII4XPB0zwEp;ADG! z2R&ipd^^~dFp}%Y)TY>YUNR%WTlCMXxnT_0fdNgM5$tOVvT?6JmQnpC6nA}{OH(~L^ zw?FUhqab@b`m^4;7c;IAX&Y?H5+!ewABj?HFIw?`We5}U?YUi(-}W`p;Eg4}(#Kpg zEM~LSYg^;4LOZNIHvSpWK=G+TUem440;<=`BXtHHufw1x5tZz|Gx0{o+|Do5Sv4Al z3*uJklN#^z!+zl)T9VJ$IY#~)y~Ga{3%z-r87${(m|zpKs8?$vzyv zqr#pAEoDGrFzClfJFpJ6#s&44zUVOe?OHW*T5)r*Xkd=J(wpU*Ir4~1Xznjz0nFeN zu^Hr#d^6ggw4|eo3oUnwMefD8CFlC?4#U-_$bGj1Jpi&VrtLnc3u0l+Fi$6w_xFem zSmUuwdl#K$gHumVK|9!i5fQ!aSMOaFddky|+WMi}=+ylFIMN8pxg2zP&}(w;b@Fm+ zZ%Hko#~A+0X}#~Kn6>7M18PT~*bS)99(9#J>hm$9Ct*l4$irA#G8mb*WaM`hx@^=G zalc=ZboF08g1!hKjGA*-0d%LK{nXv*2>=CkG|pRj{o;X|Al_qMS_Y<#H;_g5%KIHX z@5Bc}!6PDNK+%+&PLPkfxG#nyEJOY9H-vO3Dm}M0MuI?i|wW9pL9?$fTRGuqBS4eBvn@9*8Q%+a6pV~xFVIrSVDQ2S@w!6EH3St zsrztg6lllu#e=cnbsGk%vc7{=LC^|I6DRR)dVQ8yWM$jL~DCBjdIUhKNmUcL;z&$pvWe2d8Qj$VYL9QHT zFO$BA&s=|&)VsIKasZ}{v`ZU7jnYqhaZw-AsE%ZI(_GujvUqk@4|0=C*R5w=E^-}A z4;rKkrYs^jlu(QeaF6xB_UtCH(G(eBfjaheka zb8)+SgO9T5BTw^mL}?&|t{W$LY;dSfvRLkvQ$@e>!7s_dg7rY2U^^S+Df@n%t-0NE z5;d1hp%a(iL{)7NCSzf+W+C;p>B&wnWj_i5>?*-{zH9quhW0P<0izfKS`-L6sE<(8 zy*P>4p{rz3c6X}cEbjNW^7~$MOdD+c+k>fevKFPXTXyiesi=$xbo#>Ilt z$uwtweyGjwaz5YR9_o|FkS2@KmgcMik$Padr7OW^vmkBbc0)hP!izA{ZmqK7Yuj+x zo10{`gJ2mB3PiMT0QT|lEgV=VPO0fb5H1Ec{1O3a^DZ2!+O`)94am-iYy0t-0S{PA zO1cZui+fal5@8+C9>Sm)(Kbz`Ik>`A;_VmwU<%OSx0N@nm7P}YX#TO0d-adw(PR-X zr?SsK+eAPTw?769c!|muHR7L__xDs%I9}_^hSd})7Ct-2=L*x#H+UY6ptDyxvq$;< zl9$!`Z2_ZFCs(kC1$z(u5-fe12kz99+3(W*esVKu@8cJDgO~u&Os4u)fG2?`!~g9# zC!VWLTQRF;SYXZ3)zkRzk6-fd>|Aev`h-t&=@CQz|M_d?_-Q8Os&j&5h%}{ktv0H6 z*OM%%~wE7qU-Ttuw;eVYlJn=P9t6E(VY9`Rq7pklC-)m%Z>XJXrmU95Y8zX3Y?FiDL_BiC#%Rj$m?;5pX~dtrn{}=h7R#fS<%zN5CLBp~0Lnf9Bw*uG zzR~mIJ^8JiVeLB{s?=G6Uxp4BpgBBG4HQmp_T<;sJ4G|~J8^m&64{`)&zzf9cLYy&K4>&njE+R{Y6jqK*Ph$js)K_6bH z;n?qu5H|!|g==jAGS2<_jW}_1VNpq*Yd3B{af6WW3L(|fzsvL_=j7>#5fF8nYOiQ|K{|bwY*hXozVZs(|blW^?lLWKPw3i@QdP)yx<>N$a$rnM5kz} zGn!ne@A%PVOuw7a&fW9e*8R_?ya#?SQ}BAJwE;FULtTdO4OjxK-!aFVCn=QBCO*^SAsK;=Q3k1@q<`RM(2TR#|Y z+b>nv$@CZ z#`f)s7~l*mMRv0hcNoO}!q7&`Y{-ftQvq6oeseFJ2ER@suQgsX+BkE!Xqs{i0PgL}DIPy`4jENO*|*zP+s!Cg!c$F~)+R=O% z>jPV0qt4tn+h*tMXaujTH56NKY#gDuGR&$nT8a9t&%omg=HX=Q@txnsa)q`LLnV>{5fr-XIAxfPUl-7!d45w;HA8c#5L*hqNC z=({z|z&0^<2r)}LMzoy7e-N~jw*i3U{Uc-tpf$wMYNW4INK5f?nN`)|3#5Ym)URGdcTC{53Pp!UlSbbD zOX~SAn60b*ChY_<(;q~`8HZZF%pA`loUgQs`HahYT$?ObpY4!Q=8Xqa)qqu zGPX3*070RwI!K&a(ynU_{@-ZUA-hK%sqsJ_X>WExq;2<4D@_q2=!2o0gvF)N{sOIl z)F_kt9)(@XfQya$%Hx|$4zx4Z^%7U1nlzIa1qUGc*LVd~4a+vXYz(A^p7cQ{o$O|# z4iInQU;Wpo7VJ+0t(#e8++G{5zdmVyHLP`GQLXlmPO&JS(ZhYJwO^|;59}a1n)b01 z#GG9oUO;+~6_zG&A~i{*nhqPMgVdN%-|3H+=D-W^Kfro%Nn?rS;h8 z2wSASnv@=!wS4f)DU5w?97lTD^Jq z5B%F12fC+z9*Zmq2z5(qcrr{(^+`&i8m}naX#b00m%BvpNQgY}lInS!C&F+tkiNDN zJ;FlHvv$0|pz&1unddTeq~Hqhz;~I=T${u=n%M65Sn_DySX^oX>hk+oPT#JIFV7aL zwRmXl`6oFFCVn_&Up=YazWDVVt+9r^P8ue@|H<`FQwr?#{ zaOBz$IrB8y}0Klg%!vEdz_3apempE9u2K(n_-0 zQzsH&W;``-$2xetzI?v4tpc)i?x-aWwH%cq0(*DQ&s)iU!#qWz-+maIpgeug1lV4;Dthdw% z)YHuoQI#~*^g5EgDE6R4I8IaV_Tb45JA2Tn;cmo|=mn@*tfoD}W)Wpxos*YpyFB^Q zI^LMYa7u9@uO%(08#S{r7Z3m^son2#Cf>&iZvv@Sq^ah zRenf-g?zt5>qh)aTt&W=CJJJ}5Y9cC&_8oU?Na^!Yyq|IazX{E4(QR@^M?zukPbICa!wG4!hGJFx5e-M8_@51M@cKKng(K{J9wKYmgg}x^@ z|EqgP;0K{>3h84{*QLmxFkApuvz4ekEY|{SK7FsiZbD&{!8M<>Fi+l19CqhHzG`?V zYM|a2e(#b~yJWVgK&m{J&S13**2x{0xAC1Tp`eL{B5pt_uzRDWGNp#DFE62IOyiX^u3J8X}N&3Pm|UifsN8X1gd;pXa& z;m@z$a%VW%tT#S8K~gCTF?$UQ4TMLw--Vo1cz2istDP3(rN!BoQ12#!)pk9-d7uwu zge%Ic+U5AXH%)RW_YaDAXyaJxD{&etVxbES=8cxnm)OC_#Fq=jvnn1;65BnEofG>RpveaLE13q^29o}_@-jD32dzBJ9&;t&_VGCrPiZ~ zcj(_vrfo=@3{tD{g9M52?}mswIc2-UB*f|n(zw+_4wh!LR!E$~1s#l=e`Mt=P2|sL zSd=X+eR+@K{CUL+$s^^?@q{oz+e=P^8T>TzYGlVsrkkai)u7AOg8hae71xc?&D0K| z4MEY1`7Rj%t|uP*F{k|=ws*ap*2Mg*x;bF*&Z1QhADc$wNhCN7rj=D_hBlEiB=j}t zA(+%5AL;jyb>RgqN`-ePqu{SkHxqxLwhpb(!~4F6y(iim4&w!vfPSyupOF#ZKv5fN z94%4*6XD);FcFaF-07z>>b+CaJaoC8JL4E;MX(Pp6S+e~F`^3Dk)rTBn{~LMg(K7n zWI4}|C(LE^V|prj{^uEV#h+TAj3@DEyu7%wd*gby$NW7(6OQF^0Ar-Cd01x=@fjor zT1fEsQ8gpMGq|InF3l@BTVQbQ9!m*^MWgv&;nVGeIb$ zM-sHh*<2ts^Ebx#)#l$?w6g{^ozNC7Wuhy5gHU}5qGWbb*mgLpxW-(W@x| z2k}W6Y_nXWBEbr6!5qdoHqato#TY5LTNALjc{+RK1I~)sQ-wzLeeB%P`SBjCYRxAb zju0kXV~7d>#!J0>WL6IXZ`y97`hQ=nYTb+S*c6SQ=quQ}p-5PNQG{5?<-t4s`?t-t zq+=NOzoo1>u72(Bmv|3Odfy9DJ{-JEnaJNeo3;v+I=@8R3K~5zTma|TX1dxsA|3RL zJ5x}^{S$oX;rPd#Ojk;E>$B>~IG5_7n84iBg9p-Roe#D&896gg>M(-Cc%M(uc;DIr z%WxK5+(DyC1O@JUX0QEGO1VRkyV!AK3u}o|_20PcgsMW?dlIeL5~nV-h1}o&)&p*> zL31oOgumZIh*N$6asX@vGPqC2FDEPqunAm;eL(2>y;Y2jJ|&Z~3VmR(0=Xl8_tGP+ z6;#I=@1hrC=|J5q;7GHoF;-S!XnN9VYFOki3*3r&pX-f{6AKdQ-NS`*hh_0{yt}6m zi%OLA3M$SV;AYA^vh0)HJr=58wox&`YLd8KN_r1#KINcoPI=7?|wfq&0zK)SMw#j?28__Lx z%R1gsGZo)5&9^<8=ms&xqCX#?1U-@CEZh_E|fN0OOjf0;ixFh}fxT(I;q^LR$@$bi#xtP!xH z2G*%p7*N>z{B?ZQb1)H3n^ACpVb&?rjbq`~2&eV>8DB&*Fw8dl%=JJV#b@15D<+9i zD^HC12sq9U`}rG)+mscW^ex(L%7pwMl3aBGDh6nfrdFD?jS_q31fq){jvd3uuwT=+ zZqmlMV0*xN{IBUpYf;~Bwq+rzH+Er*O||bM%TxVmx<8&i{Au!V*oN>tAgh`I*gb;@ zxi`ZB=&noWtg(fFM?6*y81=`hivL8P&_NIMQ8TdnAb#rG3Ek1laUhBH`^qUtK(G zf>Q}b8kIIQXost~5A|h5L)$L$wky15=KHj^Qp?5@E|^4}B5m8)8&IdowlM&{={&35 z>f4`pp^N{{01FLZZO}phHhyz!(Y2w`@U;#YynL3G3vjKr(RdDEQEE>x@@fke)kyYr zmumH+Qk*GS6}MllL!NPl6-Tqw#czz4`;VILRHe~!f}MOSoKM(PVvB=v-@E$W4^u|` z^@Li60}q~+uT`t%j^?qeFY~I4Q__rmkHfW#jZ{X3NS(#R_@*-zZ9aKDggzWik%+q7 zZa3-1NNb6u6}RObh_y3f^A6Ug@3cM0Vt{2?pG7Wz%;}~;qN#TRW?hkHq$3*f7p5LH z(Y&ZA6AL_)RypNFMr@~ZzG!D_JrD`7Fyc(!&r{4UYmAtlha}k6(bhMeiof?$x{7Q_jh;BF!osc;mubB>nS z10`O=fUP5~iS$;Q1I>IpvNcj{rW9bA z?Ecmn@Bk^KnY)TpQoHVA**yyW88U$$Zn0vYQd4B*VtrQ6{1K4cldxOQ{VFhnfqsz!%cNX6#cmkjxvH66}hC}A0ro|+EW;Ul`#P<6j7G-H-N?=?0N-&XB-A>*};9T?3GtgfJhfLOwm;~e- zl~zjZt;UZ>pn@L{OjduVcBOtkUd8k4635-5^HF=Rno}lGhbzG3s92C*`;tZ>6}9-S z`~^7@6yb6#a(2xL=#eZBJp85r9_f~lt9zd>)7p+=Zf=tfX1Y3eAHNwzy`udGg~1*K ztY(GUawGTW2r#ght>jK6A4spP+rd(e7a9}+jiW!qJraXKN6%`&mc=y3+nr{Oll0*p zzs;6mxZ55ITQq#rY_sjf<@>XK`05wDZy>NkUM*BR)t+Jrg{a1yZga2)x`XSR;wTunR4Ns7}_M$iA&mLu~ByT-B_MzF36ZiCH)g^w0P65qE zQ*-Ajh;uZFa z5<4#lJ=?wu9gD8Az0%gWRZ~?qq>r$+J!mj*^*SCLhJdT_HnrXsh()Ra9LtCuEgJi( z?x6V|g-9t0e2O8jl3IaR6%6ZS7zM047DcNefz;hBnVqW?cPL`L{IHU)|GKyK`8LPp zyuUTCdHn4y9VUCLvE`J;u=20eGgq{KhQ0n9C6ELW3wj)_HuKHTVF&C&_u-y#z>d|t z0x4pCkM{OIY2_Gm1w!BhWCo!V9p^WKsb781P4Ld=>D(=T<9-@t)5E6CYFEDHw~x!C ztC8wlUlNV;iNWx%dM%+<1Ow+D<03{seCNUYD5j}xpOvD&%92Ue_2%2X%AwCE6&A+0 zx0^_ZO?hj7kz2CmQ1k4?|2Vo>s*=@2=s%oe+`aqYV#-IxbMXupu~XXg?5=|jdcQ8p z`F+`Z{>N8hpwq&b!#}K3&ho3lm)vh+0cj46R=wL-gTHbc`_w0hryDi(MbmB?nYUg^ zJn;3C4wda^ZMG49ovpUJOzv5$M)>N~T-uRb)5#U+k;37+U)tqH21UEiG8nMW zPmLfk{wZH!a?3X(g0L_+@B3>>Ef&kqsA9JF0ek9|5L{6=vcHHBJG@V)DQU`}`A`%Q zF=s(xbC8Oo$qjKZf$Zi$Zsz6C<7X3#KaE{1!3?N+T1z8 zq_1&)8&f&wU+;4C=gFUTrjK;S?=wJ}#ZEfyjjuG{7cE+UyZz0Yml#ibpjHyMb3x~J zaocQ}n+w#GcC?>3%yEl99FmMChw`J1kC9cUZxPp{3HnmU2>~xkALV6dHIvtLSmV}h zTKr;NFFMZrJ7%dD?XC>r#@Ek`p@@|`+F3r2cymIXeDVi3Kn21q-++uQgrq^ZnHxa{ z%G%2ygnYW2ZG~%N^;WWhV@dSU2i55Sh31d=AgZti@?j~d=>X%-9rbxm4O4Qw{h`1! zz&2C4#lr5r*W4L|Cm{M0>O*EEhxu)=^Ndq?s~ceb)W`ZYJMEjPMdh0vuTVaZ3k+9I z+E0?Aaz1z`JHom@3dFy?qAnERt%W;9A;;!OBfm~kbpoeK)J8R%zONzu#^7g0*K_gdlfh4G;M>?qrCtnL(Q`}?$e<(lx~BbWI-0~KMx&7*nU37wgh25woaaJODa};Ym&3(l90Db@(P)@1Rm}GHz)ez zMRrXn^V{9VC|eb;(+0kZ@u<0+y-cHRA$O~N^S#sy2)B{B;A~)trpe1pj^0liLENUk ztxhYxnYeCDD);!jI+u5X@`5|k>}`ibqTnrt6v!}SL6nG$>XB-uWn$BuooOfA3#h3u zf$OeX!z+9Cipg3Eu``eSaQ$8JlDwRM4ln+>_w9@XmUilby$R{L^3}JLEX_;p;*7`5 zl~>ez7ZQHv@8461*NTg;5WsRAw>h4y{a3+$mliL~!rAs;iqAg7_X%mG7}xA`a32l{jaoHcID`eoz zFAb9~;AUW4@(*lT>ftI{P&UX|;1#G^P>Pi~v*=f}{ITa#aQ)u4Su2%^MVud1;eF7*NM$I z|6F&y4X%ia2HP|ZZ>KbQ&-(^D(+yCrz~Pb+6bx}8b>t~2=C%>*oYIlxgW}xaqa3@D z=CF~< z+)|@WLOSl>37I~E@ow`6BG!6&*~!MxmxpaaJ5QTt(4d>}NtH7w6}i<>w|?`8wg3Is z!SB=I;7g-IGV{Vqy!5vb;}w@mf5^Rh_;6k)#6&t)7L2O`*yaR;`=5%She5koW1lDYP}c4lHxoLv(% z3*%IkO^XZ|aNV)&MNwaCW|uN9|4{@^j=i|uX>z}eN>Wxfw2uDmzN z-!B>&kS>qA=yU%nI805b(SGGfDK-dH-fYDiEr3?j4_{`1cDD}eHY9N^KfY5AG%rII zTD^x8p~9qUIYy4l3nliftdJ{e|7iz+N9C1rP#_vV#;Yye^^M%2#uvDh;AlxM-b-e; z4RkD<1^!4HjHH1?caw!Zr1fkWAS+Z~VqjDD4mk$RmUgna4EX*LAw9_)Lp&)3Umxr^ z&ON3G1`u?*pzuq2aNAb_hMmoH-_w$>o4PnESAg`9fhOm!-SAY_ceZsR?R)(aLHRB% z9)KXg1?G$yilU)`+Yg1o%Yt}Q45M# z{WN*r4c+N5K}`*ck$2Myxff5K(i5UWUfn&P5`mHNe>mH$Nvf>7TCFG7UW3a=l%7ur=&*1V zR368%t54_^W%R$*+mTi+`F3Wh%IeR-GD||&j8cu}^4tRsY;j=3QyQBW>mC-ftIvdR zyNK!}U=0nSE^Dr_s_;;A+2=q0Gmcx^dn#&PeY|f#cGRJG=`9aIcHUiYcQi4I$O8od z(cZpppLR~o!RDy?ZU}aYi4gGQU(a=y(XCz?uG~AW0##l>EMD=V<#j@1xDG>wfD$j& z3F!UDejq_X(x{}rP{$>;5LhA(bMxLPXv8Q^hPulKT&9a%*6>Hw6aWku)L+?WC8SMo= zQs~J+zwD_!^3;QLJ{=^wl zDjKTfPx^N|qTA2I;(@;>ktZ*pjs2HMY|@L^NW`Yc!gAO77{3+4olU;b-?CjQ_#{|V zBg^a$OFnAoIwLerlqbSXrDEQuu4@-E8-?>(?QcG9SPqv^(_=IJ>w~^!xb>Par`w$3 z-sxdud?Tc%=8>TJNa}8Jj#rQ*h6Bi!2oPluFt56Uo_+))|0lh8`zJ!3qXVOZD@B4Q z>{j=m(>yQ-+ME=%{yhMWBZ-36-?ad7+Hr@{%BV#rsX?3u#kQ(Za5|m%!7qm5x>2_p z{+7Kde%6q=d`XNRMgs2xG9*6gn+=e=JX(XpRpVXrXzYj;TKr>vF*6McmMHMw;(?3Z$~rckQ3z+j)iK&4_55~GIiyFT2_pVSz(EGQQJ zI^^#1b~4-$@WJ@pj9?Emcc z|7#52%@_Ki5+iU*pDR1;fOG8zL6skctDyVY_2MDsuu008&r!xN+bGQoY>m$)1!Aty zH}k%m=;N;w#LDpX#OwIm&ORe*w-QxyWCFz*^G2@oFm&2wET}?`nUHEPmp|MNL3>%~ zj>`A2i?D_GoFO`osrqoLPoA2?5Ni?eR%4j zP4Lc+q!9@TSpIIYxJb3|0z#MSPacayT^x;Sy&aN!W~q?gfUe{|0W5XVjP}|+RGn%8 z^<+(;(|BGwE97BxF%i*zsBhmLgDK5$x7*TKe9H~&Fp%xlgRWKSglhVa>i@0T;Jmv8 zRcV`@r63^ybM`N8ezOst?|y>tqwfkeA(ok!t`?2e=^%tV|4n>2-?thbLSzOG*HA@H z&N6SYKC_23X$&Haw*YUP19<%U_oM-eG!fz1-3mDAS`;0a(~bJ_-W}+vI}4FkZFm-y z@V<8Qg{;QG=k9AnKXS;iX;TxiaJe`BT5JICVnVuUq~ofQKXqw0ViJxmE)Z)`46$Z% z%*Gx}`nHrLs{N>^-J9i#jK0QtT#7y3ZD9$-`)nvuRsuQ{-02Sf?9@5>l`akPD4ykX z?QF8`xpph>X931Uady42lQ%tFwzJ77wODFVrXcLm`FC=q(4WnQDQ4UnE?n67%oP7L zrTI(UT|62too5moe^)scIyWMP^9m&AaKG{2`3%Oz!!%1ZyEPD9y4irFo1A+WX?_v&_q@r4Sqh1Hy7C zSIfcaSi-0icy|0hxX1rXCtdx=7c{3)xsQ4Wd6$bqy=m0yZ1Cb%RxXm>8I(=RsP2HoU)!qS`sKpVRC180+i(sYU=E&s2Rd!dysF|8{En6nSXOX_x zS9!*F;YDe*Tmf&p<3_~JxBg4S&qmf$9I1*S8(x8d`JPq`pXLZNB4akr-d1Degg?d0 zyVH+29hnE~4K6O9vf_&!7EI;;8kizO$nVB${lotA4RYXvI`t9=A3`+~Oz z5z;upyu@=)<47YHWY`9*hxmyhW*b2qgsUNxZ?AHM25XCIHsnJ*ivmB(&OOmxfv`zbKElLU zb)*9hw8Udp;#K0@FOW%%Y1Ljj`1jH+aS_$y*UNv5Z9@Vy+U$!tB!Zku#eTfLRbCX7 zbc4%bN^Nn?F|$#uFhw7}Xi9zaPBuqHT%QNd1UGn=ius@z;%6ovLP@$N?IIrXykPlq z1v=^4;4;D9niF2UAe|~46031-j!wfvwy#Qh1^kdYKW!f>4eq)tE-Wj!_j;Lsc_*LJ z-6-XM0lRyMVL0)W-M$JRlZ_LKX9Gb33SO~d=-dh-?lEf>mFdj_d!(lTy2F<*klvnf zMi5Jwv5mBe{MP9;v?KS!Uwx^oS#tNgc*vqmseapEb)`q5LGXTT&a$q*gnv>Vp9a-d z;rgGejZYgLI(?mvQVPw*3AQ>=uyYT7%bSepqn0X(|BnSw&U|zK z{2iP&Ph#SFb*D~wlgQa?3@@)Vy!;L#>omaR+GBIWlwXKfDbK!5x6-hu-(9*UEHsEW zuK)6K_D!mpYwYzsGA2AxYcvT9!hBceAittpf&PC~$3^p7uBC{vlt-niN!n=LVWr8f;SL!DX@0$fAu8 zBgVvCaXujsNccz4Y?|CsJn_jd*=9?+=C2*gK@POiP3;S9r+Z?TjU5R2T8 zLj8}RT)ul^s#ar~$`VO0Z0{JFM`x+1@W*AM7Md5L!6P~=Jt(Ux(HrC$|d9*D+Vy{H*% z`oM(snEL@VP}`<65qp3W6~HN66v-wN&V6XO4K_*uZ;r&=6l&~rYITrMw6t`&bbv(pljzLL^WAa@2K z+iCwex0dbE(`6<{eK3R}p43Z{c9H(K$)^KpJt^LKojU(?p&(6m7Llg7L^W@ke*Icv z7i3Z6^2?JWY(22cpCiy2ozx@;462n8YTfUrYM@Gmc;r8(rh z5J0m{nVaJm_T3&SU4FhL-`zKq;HVna%Ey^5ugAAEreW|?Ay!@z9^)?&C;GZc!}n2& z%)uu*6uPl0vb8Eq39aLf?C|Hk%+Gwxx9asVbs#AejP7U?IeX=b&92r`=krSJvUKo^`QJ|I~ljvs!$Ce>Kp4S<`wNykjpT@eip#dLFSJf8{#r@vv4H zTy0k#3dE>nN8~w=yi<%qdgVp-npwo#Jv9$y(C->TpBE$d*_%3-T%Tf6{pRKQyQNoA zd}XODN-j72iD+Nqf-}XLOuSM0H|U+D)TTjlG$_Yif#iiLAq@mXDwl3N%)SANa?=4P z8eaFC5{axTB-Q+REidQQL&?Jp2n8rHhc z%&95BBqaliPYAeXBkRcJ$^jmYDq_+44}ac_g+y3-tc2CdJHvBh5evn;-y;@`iq}c8 zS1DqU$CX(L4(5Gq=}X?~oeMoL##*&6xoEq4E3S^vtUC*ELotTfgxS7<2yJf{mOE9Ds0 zW&B+FTRM!%cq^nUO7zOeV1(K_5nSA9b<&~ zgtt1(PO&euT7jYRHr$$%MUy<+s(Re6BKqa{jJX$OtLPx>7EHd}8hidI?gy4*kIjEJ z3!w7_&{x%CjqSh&IX@&Nr16KpRY}7wQk1Qq<}z&JQ6z6Tl4W%MyNXM}=eTRqjxjzG z>SKOQ=q1rvm)|=mGbg%tPx)9e&}_N%5a?DW(2qNPik zRr!*SX-}zCt0k`c4py`HZ?Al;(%9Xrj_P-Z@Logt zlD_cNJ016;l5Z}7lMB{&IBOLChp)iiw9=4!#xNYKJI#z#n%b=UZOqqQh3~HS;c@?dr=TQ_b({0_!l33tN4xur|I6b`v3O-+APNL z+3QA^MPfwyg7=TiYaW?5_~L)?s@ppR=F<(mtsgsGc)>2l=7e9{EdHJoi&-V*hcIi3 z`~WpO(r0O@(a0EogPEjYl;27%FacF^k5fay`_;H~Ek~g#oAlB9q~f<{*5^FklY8NK z|IpuC@WS<~xn&Gx$x2Goey$?7Mt+Ju@9ott=Hv#mHzR9xVMChy1%zDfI#`&vNpD>EI7HxNRKFMD3uBU0j`|t2BW|T?O_1~T9oxics zPq_WRrJQ;kAK0@`7#wLp zfcJmk1iWBRCt{(pEP%}G7j^&kc9<<9Q{)`J;&lq5E{8Y4{0-ObSdp{J46mKQB@Z|p z535?yFirXcJ@U!O)a-$z6fF)nZUw3Cu~_*{wSp$Tza65%4;7C*1RA68KX!t^sDe(r zg!n|o!PJOsy2%KbrG|$tSRUfP;yna58fZU#O*lgTlZpt~Go6s~{DGeL56&v)ZpU90 zNQ*G0c=6sOn{)F#uzwtm6CH~6&)>Q!&eP%Z_o4UdjD`>$r@e)M!yt%LxaD+E0nl191%V-_zvIDrLLW?Hd^j?WNI21tPgUrsf% zMD6J7`(|ND9Y_r~?X{_T)3xvSkJ3gvh~K**m3OKU9R$??nz>=T&n|Knp++HSF2t!K z*cGNca9;tqAT4zVVWhU~y3oNm6kj_JDkonzlJa&M^Z^I5@ew2&!42;Q5E(Su3=w8I zfiwWpX#i#)c?@gfOW|!dK%~>YQN#!4=A#xF$KzWmC)L-0yNA;?-UGS!hZ(=sI>?$m z`4V!r2qvkYHE=2N8cSf)0#1=Hm5#;Jf>MQc zJEzdSmCMqQsw5dGwj;Nvt*LfwLVNzu_~brUVv0XM*!|;b+z!LbhIGLCAB|?-k(YC$ zhYQ7!vvaOTE5)d;u_(vMq{#h_ymanCBcBV`m^C7%gvMpJP{s?3B@acC8-wI4pzT$<42sVQ24~xj4ybs^EQLOR!)a7)Uny?E$ zIzI$2yyxs#ch2F^j%yW-3Eu4*(bCJw)r^d=@tYOS3hcJbwQ6u@cyS6k9_~Q*Uu6u3 zZr3fwkf;{3mddhEky$r6C#<~(W#E4c$~LE400PC*+bO!i=ktA3t#Y8@QwHBV5l`Be)4^t79CNXY z&GFWZe?(uRsE$SG$subbzuyC;^@7BL59?DRl=tMv3%_cOSR3ZxRv;m}=l;?54Ep=@ zYhEKITKU2m!AZkPmtZQlL;y(j(rd(Tw}2!Y!#KC?>1u@1A}%tL-B?Z82j73&FS-hm zq`DPjiiRPA&0mWi9BoZ2@)@Z15r?SiNLhYG=S`({LQg? zA@hbdvFN-=r`pP&FFZbat9iY;EHitW&6q3Uf>*%eM|6E&xQxqE&9xXU5u^4xjXir= zcRD-D4}UoN`fF0eJ)Q%5YeCNlO&bfezcRYZm+Hbtu#t9rC=`PvTeDV8ukS^~>)S43 z$d|4Ca4ffi`zC~A=oLRd;rV!NDAqU4NHu5ZQqgUaX@Qu9P^8aT2ELGqVE8axcF8-K zY0ge)W;eVv%qM0VM_Cf$=ZyBWMLYlaOE)&AVx1GP*W$L<9n^=H_>(d4d2YE6hUQhL zMxE;#<}CBMby38bQkeUyM4ThJxMK<(uXY)P>II8)t|Ubv1D+I18g5rM1VJ0ui!#wu zp%dZ*J>;ZE^^^C?v`XH;6D2b{GZ0*?C{eb{7wh-tTm za4PGh^ky@r3e1u2gwhNtN2SgnM%n#@_CfPgPbuF-+Brsxsr!>ulz-}@la!Hq-hPp5 zX21eKTpeWnXI3CY^TOGPzB{u*zcLPj_Caf+u(ki-a0mQk2h~d^f^@-1w+NK6y^_$_ z;sy2Q$R_WV34#U*@MBe+4X900$a-?+>nmz-hM)TpO@>&{%?4-vnVDEe3=^b0YTQj# zEVFKCrQI1t@YP<*+#!KN@nDGwBq(Nrlg2!u^uasz)i1YJCVV)=QRLbz62kr`#bf3G z3%VSFBifE;TPSY|@&E*u0-d5dM<9<-;s8Q%2=Y?R=+#QKYT7Ea?>EixB>orTW=6D8 z5lRi{4Efj814BddP8o)`(xi^a)7Ke%dW?2AzRQ-K&1IN$NRTy42p&$1<!qVqS5u8H%J-!$H0*kLD{a1x!p7S&kMd2hP6+;%^ z#z(uqp(RGj6kQIH@5g8}{i}{3VB?-C+DiBgQ8}UL{JO3nIm# z$>m^`zBsg?!i=TAFTNO*xuA-?qBx|}YPZ;PQGsd0PtCKyL@`Bv115F2=asjG-Vy`B(W zE|@(u2qxGkKJiHKnZK&s)p>rPuwloG)G+H;ds+P?60{sEQx2;jBPT~s0Q`2lP7jbh z2DDQrqKXCc@|@R1cAAgp8s;)K=JY`Ud2C_ty8*>rDjfp5L_cmcZLISlzN_FefHf;u=PS5X<-)8&X-?z<ytMEo6Lg!Iv193YL zMit>fF^^*;uKZ%)w4sC%(v3q^_7rieV*~I@pj*dyqs}DK;~*LPo)tlQL)fexj=0?p z4{E&EFIe@0w-{q8akxEmw>F^5y#;)?E3Kd`?nYMVgz~c<8gzcDA@h1G4$YVSqL~z& z8g7i(xLrAcn(>pEZrat>ME{vnQmsN@oPRMX&QS(DC=5xN`Q=qlwr?XX9Vqzo^l)2X zk36hUsBTXdQFnL#d<;-`yz^G0?T~Fp42rWJ-sw45)X@^Hx+q?a2Gr~h6OGk$DJA1O zXafWwOAh;A+hTxN{a3wD#AukUZHu z=X>hs>~7q&NbM0UMp;WZ(c4=q`hL>pUj1pT(Qm)mbH`wBUX<0hP{y>W_47vatw?|V z#)xP;cO))c*Vlwh_A$BvV4a-yOiC0 z;+$_EFEcnkS@sIIktV!;qmzLbGT^qBNTs(w==03Ig7SE;Ig<=P=`$Z54~U=&4PF|I0sU&3O4Y?f;|c+~b-2|F~aCIcm0R=T6ekDWdsjON20eu@_Qc{HL~l0};+hRti}A)K{<*`xSvlQJNKF-#pp;mU^?- zL3hjC12=j(FwlsHy?6%oEx{#oPB z*vfXO0UT%wZxJuR9luboVHVuUhi7W3Z8?+%lAo)p1sKthokJIo%E}k^i7PrwjAx;T zG-m*|EGP%IVby|uI1rTFH!rJc3q zm5_AeuGD43AKP{wwcIkVZO}YZE24McvIr30Qy+|6I%m;wNAcsv3q|k^`rKa|X!*6R zBMFx&Y|9_h=Q`bRT^E(6Q;$#-q{4jK0#;62o6RtsB2q&hr24I7 zi_Cg%geJWt`S`WuqHI&o!!`!%i(BURli>krYGL4qNn&Jf@uBLIi$YoSJWu~dRov>G znLO4XPRdEG8#x{mtf4l{c`RK!(T8skW2{xolhcqhJPBK#=$KVH2vHyhp5lJfmQEG> z>izzw_xvfZ=PbKV2#xB|$b5*#~c(+$ng>`C0td>>%G*-=%$L2xC>Qrp9h~MFUMk4 zpWHnY;ocvZ>Hqwsnq)GbUyBuUFKm3~J=y_53Ie%*ADVk5I9>;Kw{5xMjzadK5aB~jLov@LIXWP))6vM2U%i}*Y^9nM3UGQdPG-`OH09RkRq?mE| zq|z5F|73Hg&!(B$9ZEFbaYzq}83`R$T2*F@cB+LD%Tz)8h%|kHhT&x=9OpZQ2r9NH zF23uK-f4IZX0OrVvLQBu=e7oJp%vp%r5d0%yp3hKnSR8LlTp?y?|{|JThQ#@QfJJ& zwaF&(9+i&RxEok4{S~%t7Pg-D z@%4d^2%E3A=EdhXo9I0a zUp~R|=8TuQ_`6&|{%*9j0W*>ma00yyf=RkYVxJG)z z9qfaxq4|p{Pyf9814r@85TfoyH5UE(4?7$Io}S&m&x|N$d(*7D{aLPz2<&R}T>_R; zDJ9LiOXn|wcgXrFFvCD^wx+h_5H5p4vdf#;UetoGH(uXX+kfp*{7L2Pg`M>zjukyV z7X6Km>nRA%Sci#qpjWRB5kvr!CwQqDysF#tukN}sa2I$GD3B9##}%m=aie(aD2~*9 zF5R0Fm{9f;yWZtGQknxZ+lq0vIg59Zs@uup*wSF+CNl65wAG;IzBs<|nr}2Gey!Ha zKu-yJW7l|S75*x3{opXla()(kSy?{d2X_9=i?Og!RH&b}Rm%j{tI%@n!r{Ci(g@YP z0szM(W!2jc(OUejTD}>|pE6@fK*ssN@gcMvDF0i~EOx4w0Go?bslX!Nh;`>VXQE5F z+MoDooL-%~G?EU#n}eG`)3S8M;{O2!x*^(NKbBw7z`tU5 z1ZFswkVSD;Po2DZB3L!x)8(tr=SETxWSj2|S=`YZzy8#g3OIAR&Wah{PK1iZO-RN` zO4Vous9Ddgrqms~t$_TjgPPlJ_)iRWHQcs~e+8&A-4(vut-5t4TmH8J=B2y6z!OeU z-f5AB*Ojb(8+?SZWbL6so@pTJ{BUfZDq=;pcf7gU%#9r5>*Ds*S7=ZPwJ7)=oI$+2 zRe1Dn2K^*WTC|z@xA%+kOKDZE)okgJU6F}u5z~hGk>{lddj-9}E}e;wGbq)sKk#2J zWN)ndp4b@N?#%4>O2-f;>&B0QY4MwTxv>&3FGtZwOUhJcWU+(N zrKa{=Sk2k*)S8a0(n9nWJjnZjsH@-7=vO8V!nNF5Eoi!l5WbBkLIuTpb$DT~lfVug zh2fZ!a4nwYx0!dccKQ23Qu>Ip@U0C}(|GFlxTqW*C zq!3}_zE8}ZxCOopbCra=egJ1Ic0jXI@!IGY(b=;){MJ%zAtz-U9Yw5}xh>JgUu~j0 z4t`BPAyJUI|Me0{FSH=j#3}N+cW$yptkVp1vD`iPxTS)Howq^mUvqX~BYpBe#nP~v zI}ziedT|dYM%9|+)EkOAuo@VXdoF9Gv4{y~9*n8N-MPRw^Kvb^1mfCUzybneD6I%O z0UvzhC8q7{PrRS4Bvul-*66YudbRsA-yu^g=cLBt`xm1Z1DewIbGc3)XAsTEIKGtx)53lM)I+?UiDYnk-uVAPC%~$ zhB2TyS$1f{($=%$Aoe`q$gN7*^^p%)ZKQGV1nJO@a?l;pmT&USe+ebE1 ziyvJ0tiD!1*yAk{_LH_*XNrUD+RK!e6@ zj@EFSkn;Z^gB}v~Pu|?!fD=KGpGEyuXB%O896-SVQ`GFOk>TW{Rl4Pbwvfx#*sSms z)_>Uea5et>9=5AgL3`kpc_-evcnN}Xg0Bi+)}2Je*+6UkmL=WXBN<)cD$W>ZQrZTr zS6FnD$9A(f%TibijCRM5+bPVzK-hiqW~HdmvH+MCJGbr_PSyny z3{B}>sDpg4-0aoWt{n|ip)6L7W)pj>L|sa-&~M?d7O>uLLfOkMx0ws?yHr4Jp7Rw& z!dgAQv~s^#8a9}Bg<#!#r5BBB@+?9-+ZY*p(y*VhHt>Fcq0M*vJun>98I(RzZSj01 zNJWR%qZ0<0`983hZGgNS7cVY0rgjkel<=pFCNo%>Arbgx?PaGyQt)&BcIyA%~_?zE@u0G?}3%*(Zt{7sR z|MkWdFn;}q!8FhdgkAYAEMD$K8zo_nTpqq?^*@{A`M0hYQS<_BCp%jnFtMnI)2kG1 zi4uw9>8||AA&XV-cQ;IwGzaZbNk^gU^z$UZ>~(aXQ)d^>f^sod0_E-7YHrCpnWf|1 zd6ozKBpy%@f`}I?4h{GG1e~?&I<(OARqf|o^=obOK@&kOCZ*gLyuJY2G#Zp<$G}Sy z_5z*^d=EjD-@WnhQ$F^ZmE5}-{nhil;h=EL4BDjo&=UCHUmm2xa$${oqVXP}uD-48 zzYpy?vqA)iaQpltW>Ts40S1~#nS|sZ-Sui*Yt5^hZbN@y?OU1;_D^1RetBFS->|w9 z_YdE@`bd}}uKMCW?cc*3GB;h7mOGn-<$j#)VqrJ&+e>KS@EZ`tyBxwjz{&4HOyhfq z^IF2J%d}&sG42Gce$J3)j3)Xt35s1KT6g1*wgkSVO!ydY+|=%3p($#xgguWt?NQ6~ z%2P~1y|9>awR2p-#ARv}!XnJ5nH;2L5ZvX{?9vP{MngU589fpc&xi$ z?6Nkg@yE%=$$<0q6$Ay4OJRa8Pi`dL(ylX~7h&G5XHobVH!v^IZ zV5|(t)@x|a{)fsd&^Z*OD(eJRg{bYiY4%&0E}nwZ3~kX*&Pmy|@5}61o`K6<<7JOe zdZ%N_~#79Zl2=}qcn-%kL9ZPHJogXZRpv>2nR{L&2K-;0^m#g9B==0zch@ED$g zU+yoA@sm5_>cc{o=QEFMy+>a+=?dg8te=EEpW`VjWW^SC-b8~&fm8fNKjL9#iz?~& zpqZic!+35>c-yG5;t3i5U+Y+6Zz{#c>N1r}x2i@nGCDyAD3JRJ_zo_WZ4+)7;5!}r z>odRHv`OVs`Xb^@-2aoC=FJ^4;Xs27E}=L09rz>_Ae_Dm39|~tVLn2C^@qQoCz+tsZ<)r2iY^ushE5RS?(IQ0zwiAmw|=;epcDu{NBi z$B^@%7`NA@b4?n^Qy~&uf0s#7@ul0x3`bK+wAV~$9PQfgoV_=Bx;LeS{Krs7Aj+{L z_@rdB^tpjkckE_Q+BI82v{3Hc!UL}#pFVy0R@8?Mh1O@y^rI@Gx^n2#7PbQ#S^Lg7 z(I9u%9XWBu^gAa6sZ28d zzj5ECGf??ej~oEYIUJky;4LiynUQ1SCjjk-c761I4F{tnKB0FeVc_WyEOZ)Y)$xrg zsG`vcH1_88Ckv`%>g%7G(Mzkq_B4svWxLf{g66(P;c>0OYnXCIsuf z$hENkt_&($|EA&WDn{=C9pNk{bGURd^dJxz2%Nd}K8x$(BlwM&nEfhAW#gr?Vtw^3 z_D+6Ikea>r7WBC8aX9OY?9HXn0dz4Y5-a83+V2eg=~tXWHN zTka(ffz!SntWt^H)N=R6B${A68XoIR{E9Dc+%IGmMd)EBWzAGc1I|tOsc!k=hK1T7 z`$w_ppu2w&HV2tEMHkGgpY`t1_122Q=s)1nbNu8lhJN+N-rZ*ItPRVjkbi2pzJ)ya z5k2_#qX55VF#}4Tj`4!qZgr@oe4M`pKZw1$j;_JUAJ1RoJx}|&ME#M2N%WWW{Z}e% zWe#1fKUgIQYkzMsk5MWpnZb`Q;U}mm_2;ruJXV06pAQ}68SC~lg{=@~AIGgt?Ry!> zCGx*#$y82x-*YKU9I(s3O$5Wg9mra<4*nlkTQb`oU0hG2p*xK(b<}P)={kxtYI;KX z$Var*@r#z3a|2p}ys!0Zg^;Xgy|Z&}Umrdfh`S-sHMj}Rg-u@rIZ*o(boAe(gl1$Ty7Z)-^5DHh&|1I!@edLY|Fy_qNRa4JM}B#-RDa z?PK3#j-Oq43JCxY&3|E50rq2zOLbrEF6>?3_e-M7>s;I~Az0D@XUH+(xB$lV8>A|7 zUzaev<_{UyeA&ZeZ@F7q-i|_X?QEJO!9HMcT-bgVqB4AZlF#Fap?O`T&iZ>HW3-H= ze#}kzkh?{ihrTyjJZebYtc)nWQ~=+4G#{2M=#SsvR*N^POL5<-O{B`=A9#&EI^q1V zo_$Y=)tsJ?ffN0ri?8JoN_EFQ>pWjWIX2*T;G?$7=EYv}IE*+%M|<~|&H*$iLVg=$ zEoabUUwUOfQjhf)4t@oCOG039+H@VD;*fcYV*+(3GBp@xo+ungKGaUG%$)k<3Tedu zGwdhpl)}o*ud&A?kld3Uh~cynNtc{rxN! z+ORFPn!o&T<2=KeKOtylG;|ohyKGiMT-H>|Z0AL$Rg8aS3*cy-U|`+xs~6xH>fSG` z-|Rf9Zs)SY-$CZ^MTXhU`KL2Ch>iss3T^BhWb|xIUQ*?i%eNEQ4@)~c=Z{BZoX9=wXW5dZ#G7By`dW_6nJ^tTs@cK!Qr0A& zfLH2n_6D75LV(hN+$MB`^rLDM4t#Q6O|FRGin*}>9M?SgVhA%*Xk(osKRx@e2$)w6C4%J)bW#D7_xo=xg>GPsj=-Y`C9%kNL>KpUiua z`TdtLkj+C^t;4dj4V?t^5O0x*{X4e-G71c(K%GJL^BBLH*R$e5zGPdu!F= zN#E^nY7X*T0>>i!^>IQp40bN-!LZnqs^W2Oo`dCV7_7skW%fqUZD%bcYOq0*j-yLwZFURxa{bvem?Gh z_<3i(?3BYMvVXZQ2&lUsKG;Y-JvQ^p_J45srk34%yS`t+IUv0Mlz5l^slKv$dtJ8# zv_U&+a;G2aO2%IgSO=$efe!>BzXImg8?6r+K(2;7rKb$$T@8~Ds+G?Sk`LWKZZoDo zTDxa!KeJzL+OXsCWMs>?qtWYoVC(~hmH8D|)#j4}lI?9;_%6AhJ#ek|`K~@&rn+an z#DeLlzu|zAw}^z%=^m6!)BZL=R!<~Wr+WGKk=sozzpe9~Qmg$+Xtw0&SF#mHjy!q0 z|B(0RKc|)Uzti}r!z`MMunPA~htsFiO29Sg{)xbnwRfFfr^UL?HD%8=fhX-t!8(5f z?sFsT4w)ej{sd=~&vx&d6V?wQl+gcWC>tZFlV)MuKFlgFebe+s<4_#tyL(v^X4Cuc zuqRD=b+5>tw?DuYspLWb;Ar8QLj98Q?7Fq1rj>%w`S)xyzEbhZ75Ki7uus}QFVELN zpySGwrQGKqI@+)7iV43*WN3!(mfIsQ(w~oQV~~QT(|)u-w810D_T!^=>jmlo)$1Ls z0X{u9o8Eryr>B>T5bxzaJsuSo@Sw4X@B2o|KmKHvT*wF1OLP@%vch-)4Lam_oBl}C@wvsi&+&gUJr2W-{+>j&q3I zOI|C!M}nQi7;5N5*kIA~@!3TnVR-q~(H5|30+7%6z6Yb!+kSIW8=3Q)k6efGE?Ls{ z@qI?;iD0G>9&ZldckFfVD(=2OxaX~QVIHEjG(D?k?=2{OMDJlDGiczE_Xfgr^@YtV zrXq@FtlZ7TxMMU<g29M zXU_K{Vu7}9yt+QxSz8s66s&Jo{+Fq!7-nj-u}?%+{BFqQ9cbUdYX|>EST@0Etw}Px zaP~v2n*llsJ(g?P>a%ub!jw(jIb;v%d_K(zzq-i>&vdSwpoS*~)w*0=N;LGYIwCXp=6ns8sF8?$qUA2lKBa zR|x`gw6mFRQYxOwTNVSSVzU-l>c-G(-#8YVWynbvEN|97jnWMhO)0g@{S-Uz7Y@z) zR~@C|nYz4qu3wD>4n-tZAV<7v<|~7SFCbTLfX$(V#8?Fe9Gow#LW6eeae`m?EZxxJ zef~$UTtWvgVi)Zx2a9J2%s*TBTU-gte$Q;c!mSzC;z@%JT;&_HakP)iii4#8m{_;- zwZZ&~I>3nb5mXqLE_ZtU&$)9{xC9uOT0Jr*1x8o=ju4pZle~F-EHchB#a^b@0TG}( z=I{JI&`IbI`xc})S@%!3+16=&!>q*m$xZ*KYs~OhLSpkGzk=+ZZl#c9>Z-U|;G=D^ zb((GneeA9q(Xs?7u~-^~SEpYN*}rw-wRaJ=WI!l$FKU(|3q{otZyO4V%sg9FwL84L z-SKvwMgJ~;x1CT~8!CH(H{X$bAe4IAw0BR}E64g1t_6X|LFmja9z z490_~*BZwQGPvTtXD(g5GZaU>9*~x8oYZRXOBtR4YvH$VsLbxk8#`Sc?WS3(np+e+ zcm*{NKXKUHpI;i^+=DKHn5Ry`0Vw7UU{9TKs zsq_Cph1^NrM0Fny8asKUJyAkpA5Qyp3g?fZi0J;1vil5+)U_jz?7@-kZRU0r-gdj< zdEApQRu^JF2|qXc0-PT0)19t;#1q=~tRjgQ11!dqp>Ua&Z$?RPKe!!;mJEAQz4_BU zQq;uxBR^59AfQZvH4>#H(qP-@1Zs}k{$oAn>?#2ftmyyE%@q7;2 zdVGbLJ^H+O+dA~X%j(8(&g;L5CI=sEz5ZXvK8cUW&^U8gaunPizw;6F!4K%W{m1;$ z6hT2D!k>{mv*d(1$iAvKajyO)j`$IFr0{u%e-F5a{XW$Rw_UrfPlfz!X;I#@tye?OOo=&Pi9Y*cjYI6DO zupy&{4Xl*BLS;hFYyK7PL%9Ac20j@&?jov(R=>ot1Oz`B*vXBTdAr zPu2$Ixh2=@*qOZG#qIOegeeempVI`U^*+?#`8Yr%B1V^VN*nobP9PZX z#395hQl}55N~tyK+$MKb#w+?(U4{-ZZ`$_n3+p!|bND+^>Wz){3{RwjBAO)+niJ@# z3gL>^R!4>^X*h9+1Dm6G5gxwsuxpV|J`~OwU+3EjQE@1L<9Jw{qP^YrBYgjkNv9D> z?;;V%6O%$@?QqGl4hiN{{K~+n?&V^@>rlW&ONZcG_IR)}tb#n!I8GcUD6OwOdiHOq zc71!MwueGRloxZtNBrTAI$%ySQ2Q*_c*GUfd2Ta2pNHUdxp(!{xi)A!-R^%#pUI-J zk&W|fzkCeJrYP-LLc@B6ICknpvFG?$N?M2BRuklB=A;D}*rw8{@8%NK4j|Z@sh!!q zk_b~h)|^j5alwp6Hw4(Ep%bo}sPn^WlCDaotl1u`_79MD^5KrDl5v$%6+7Brg?oJ7G#4E_ygH#& zqI#}y&2jsOxAt#T!){5PKfzE^u;bj9qXHu{szLO0LhyK1y>rnaEsZr|;|?{m%Ct0o z^!AC8@NH_hd-%u`?K59sqvx*6R!WvqaxfvgD$RZMNgoXNNd;ak7yS01M|+>p{fn3G z98MVJnkEGj!%}8mJgxoxS3HQR$vyp!WVc&f)_+=~hMq62k*7IBf2cdHvHKkL*bUP| z2T*qLNw%H&vC z3*SEezPO?>el_V>m8k7#uLH+FSw6&RC-yK8f(OWaOOb}cpp>b~ zn^0ac)E@W~tw+ReR6!}j`-;|tp@xg)I{*)_KDb{erJU{mZAb&&OJ&+B&K^z10( zpSm`GhUtZF{2~DY$+>z`zYFp%AuG^14)S92LrFTcIJ))*o>IO|mJt8x4y;tRqkuzk zrJEQIDP){Yz_?&QUuVU3LR`?qHCE5!>MBryBkkRI0^K{Vp+@;fED z^)7MR`cIuz43_CcBy?GawQ5zZS+ zVnwBq`gW!seGBVHesGT;iLy(3#-%a;gCD+DYr`3-OYC=B4cfnbRuVMWn^e#bK95Y4w!~ zypCY&s3?8(0gFI>Imh+0Aob|<7R|7+!EEcu)V7`374C+8k?r{E;wqAp*vnP+DGb!E zNitpS8chLC^#-+1FT;V!Ch0n=G>^K9&{lq`$M|b-v?J+xdJvy}Oc$BJ;1b74QQP>b z#cf@h?hjrtH|DB3Uly-GfURQb)aRb3$I@c~vpb?p$g$^Gyoz+1fD2?-FxK`Yp`E<-_nmlFrCn;^;I&Wm==?4Z(w z##^_`s{6$;kYLyQl5@=8(d81-ZtC|sREgL6-W~9oZmpAF%P)b8Egf0E+{%%^{Al{! z;&nlh;H5`G7hm+z<=!mbD-xfIFS+Bi%YWKj%Jdk1N0&MnMQ)uoBWmo|iOd(WZu3~8 z-Ie4q{l3VCyowg=@oXkY^v5)PcFC|u-fYOvW%grGhXrob*A`U-n)|-XK^(tJdX%|Q z>$4&jd8VTyYTT!ApaU;m9j^O=y(!lC-@K9(k6;(fn_fi#3)4b*AZ}LpiH$8_*|-VM zmX_Q)+@<;)A1>JXm&Ed_Pkfc|Y%S-Q=1Q+&Z9d6%io0!df;%z{KH#f?=Nq@$aIXcr>O-Q$HAVQVm@kVVf;>rR)NTh)AoCRDVfR9K+RWEtYPPqcs`krTt)I) z$qYDW83;LYRe1^FIkJVWlDZb_+7(v9I@^%;te)2Zjw51e(a1;xiCn2bPfi4+khg?@ z(WnI#u&Ek6XFc?=1N%d2!WLcy#Z4OBYF%IuCN%~C1=}$5Ewn4DVt`0QhrX-$zKv(j z%4eg>g8j!;8H>Z7qyLM&&dw+XP7#9&P@mPRt2uokwt#vg4cN!4LalliFwpJi8(WSD zJ>E3mYAXf{!0KQJ$w89whZTkk^vs(BH1JovX;VM0{sw3jM9gFyZI}S1!5K zXBE76;$pONNXtEd*@Y^BrDnJ#aK?*4BQc&k5ui2YXaWoH3op1IH{gm@Zd4_ZaAmmw zLtF+~b9Y5+QwlAs@;yLq_|)_5NmE6Fyv(W8D3U{==L7|#Z@oflti8g%SqaQk z4>Ezyt|*utTP$2)kc{O3vU)V6GB63Cc5sBfu$5YDkIqQB3J0o*kXeGUXFi|lV9>d~ zn?`v<{skg);r5x8_>G~-@TcJ% zY)xJo8rbQ7yTz4V{xj8=g{~Ys^Kd$Wdvc6a2?QU07 z{lJpLI)SIE_q4t|G_Rv9qKwVljSaTbe6jHXnduTu{M&P^rNiKKRFA50o7Y zR*6X;y@m-lr8lmZvVEQ2+Kaf@p%r(%B@-^x8U^xLFSYzNKqezuX1es{f4q9E!#l;m92fA@Gj2megH6eXzku{rO@MDYMqxYaZrpdcE*y|%&i{p~%?e)irGf54B zdtAHC8oj=xel!XnpU;kFF>3gOV}ZQ!7zIjTBOD0ic|D(#(4{C=w2zY_MKqL%bSEf1 zJ<=V=cAnfYLo?Zy@RR?BFI=E-b*aI?a~_6jeVu&$Y}U_ZBJfu>99hD8mM%!4l4v_J zJgP-F!h_zuxR+uNY-AA;sv>qWb(lf*&?R6ChHeeMAHt)dB?X7;3u7 zVLc8Miwk<1Mib+}H0cvP5a%xhLlKR=F>K|i7_vBr)= zD*$U<`+8cp5Ht*kUQL47^U(e+MUhTfjEog^d&6QAcL1c8e*Z!f5NLRI#p60bUegJj zebU6(>xq;npf;m`q}HMc4FU{9LWiRBZeV$ZPB#~yJ)yEuTu|B5crs{Cj~M~Um$YFT zL${gcyfUo){4<#j#dVsjzgIhFd4;+<>MJC=OeFFj)L5j z@D2hit)Ms#nctVlrWsJ=ic=j&tkd0v+nDt7JpTH$C2_xD!19OWNH*_XNKos}{R#dT z-#!&f_!g6m_<`JdoD(jNp;o_K#rH?r|Gi!3L4?93o&ca&9O1+%fIo*H-dd^b=`~NK zK=2LBxih+J^K6+gQ-mj%DjQO*r%kDT2+Zm507IBYc*$Uoc1J~MyNVT6q=RI;W%8>s za}0>T5muI0S(Y8Vwl&;NlEH-e^g#w^W(Lm7vuQxRuj0vnu~dZVVZ9FSb?fvO9~b1> zS6d*u*~NhdkwTh80oANqMGQ#?s*5gtj0cgM%2g&Z5Y-#ICT)lEKA3XbtFk4BB+^?Y zw1BZj^gX4`TM)Jcfb;+gDxZJWw@kzr*aI2Bl57iK$(|Dz@GW4h68*vxaOa@60{hE& z2|chHzIXb`%BnT=7~sP_wH+;qu2X*Hf4>am^o~BIV^BfGYD;CuQTh>)(%WCh(w|{! zC-a_>h|#(nIZ8MsJbB7KLKoS*=gp+(=rI>e#wcfDZVV>7@Vf)q?MRwL_H6Ekglc#tYtRMk@6zinT7B z5tc%cV-8I38rVk;Z{Ix?wqQ*S$~pe$tYG@e<%c!q2bXfatzd3U$*Q2If74B+bz3*c z=N`Y=lPm;3+|4d=a~N3K!a2-A%h3J&W%RFYEuy)0biT8o_%c!TVzgw4>*utzOE5MK zv({RU$ZH4R^YuMa^7OrLk0Y7>@P43D7j&q_)xX;QK!oZp39g| z!4>^;;?iCN!y2^L$d9tR^G43YoypE1>smfqI>f4m)-K^pjdsp`!8F2&U-Dh(NrmE#$@7wA-v14C=l`K3+O# zI+Dy$FGsU!Ri-*dq@cbRZO)b&tdG=>If;5dFWdk6=Fz~gm_Nh*{yRaP|1%@Br{*lA z^9)9(FvDjvkX&cs3Di9ZXS`pbS|a?-KdZT0Xl~qqDBy>x?3oT?B>?|W4&Vuj|70lC zu?`($QV7dqbY$?1bJMFy)t-zZZ)ZBQodA*|ijb}u#Yk5jk09$uc`kaZfee#Z?&tF2 zi8RpL89t1>%NSIDvhX}%SBT>;FwdQIk!=X+9t=u?Em@?)4eWjURw(vF{`tU^=@eFMipSPf%QZE-C4HPGjzUw5yJ` zIqLn)Ql|N03`y&&jy3=3VWL+ZCs|)avm6}oBwWI^=bBGeZ#7U;YkbR5Gvd|o+qdOr z5`%`mHo+sVr8iiQp=bDP)7H*S@dU-NmL?HT4rq?ST8f0dZ7&q@dyAv`EpgmCF*`th z)1%=2IK&UlX;RJ{XW2$~t_h;hm8z(i7e=j{*XkB{c`dOk&S7JA%GnM;I0V`UuaTwg z6__MIILlCP^Sv|c*ZjP!3-8<}4mIrFIX=Zsyh9h_r0wsFbJ%R&G#V2)p23Jo>;Rku4msZN-ZX+ z2PVqpWw9H4wjO3#=mA*7lEhHu4(a>hp-P7M=sVkbEAVko2Vo_*HS;+r5-m>8++m}6 zF$D&cS*8ZoXQIq9S@AAG^~Ln+jxr$_^Nb*eJ8@frHlHr*sxugr0N{qy2N$TdzMnPS zZ(E0q`&10{vp^-20r-m$XzXvPUGFlxVB=qjwqIFVpyeS6{0rwtBca#Gv+w%4)bp4Yi{BP-tGK#+ zk6g8YH_!d_7xCn*oeZmJV5{D@Yd#ery~+YZ&kERxWY)htn8YgUho!H{wQoQ|6`J$2 z2zJ2+r~?wlaf!Eo`GzC{4e~DzIMm3-17`OXoP>gTWjq(qp2jaAJF7R{iZV?iBmN0$ z@^?(mbO50vT=l+idSUmo7k$3Dd(>qQN38j(yb)M4NqUAz3lAC8?N*V~cq#BlhTP!$ zw6J5dZ*{@=VppB2#!~Cju6Ht%#ONtuJzc2IwB5d-{V)APfUHriuTD_jM$4gY_S&KC z#fx#vclUk5oJ^x68K%@z(mUpTcr$gz5wGsw7yI)@y0_~1x8HL!rS<;P_f}s<>*z>k zPv2RLIgrtLLnf-{qNJPY22oW=W-oTuTc~C74oF#cGX;Kg{N5$q+ykdF-K0%LdCZft zr|R1i9^T1XqPflKGEVBiDf6LqplKceTBa_M7>lpl3%@u3zuM zh_@@g^82aHKXe92`-49@D>kaVA{PAtdO%C`R2ZAtJA`gG*5x7 z?R=kOk>T5u$PNAu>cvJbxP?{6G(Aj2JWT@Nr>2KJC-smLLUM z)8VU%-)a#H-Um&l{X%HxQ#%SX5RM1p+| zayJ8?wW%l|+Ql~_fu-Dx5G?GsVv{F^kXAn(+zYky`Rm*ui9h>RD?oNB^~(1Qyd^sM z)cjCotiu(*k0{SmxY`f8oTsj#%q~#}@0|}~4SpqE3Un)xTfg~rB*s)p3}E@VKz^s1 zSIK8S)v_I&iNYVwXBdJ<$8B~VkCOr{cH?kE*+AcgN$AqzIuHhpriLU`;UAjnd2akL z)D8Itcs6uji?qbE6@_%(kOOq4_$LrPZ&14dRoz^bHLBLrQ#x?CxPk?=%x;{ItP5VA z7VJegX4R%2pC7oeF#QA)%A7vjaC?0^ay1EEFYZ#$>rJn6x5PX<{0QsGfimV8j_c^u z<+?*dSY@Rxe;$c}u{8Th(p&zK!}+!CY(bi})xz+Fxv#oc3>}Vdr&%`KMp^%N6>Lx> zHHL3aPe%umAIPffGs5|FgvNB;jY??c_hq1do6@F;T7JA}AKp#~i7ZD*U@i=c)Q8TZUF4vj;p13)V+Ndof(TrkQc zOQ-hI(;!_ZUhc*c7bwM`be7=5>eU|Ds}rfkFor#08@f8#1Bhkd7{v<_>`o_^gKsWM zM^$4{)}|_ek6eT;D7X7&H9rxF4ZcS@M6PgwfPj=w=wS0@KR#?(I}NHz5GE8IqiHoR z!f-v1GlS!j#ZHYa_01ucIGZ9*m$PdyAXxEj#f~4DbWt|bW;}l3_c(HJM@tQ<1cX_U zwr+LohJ^Gz_bs9z|8P4(P$sL8%$LH&b?hj$9`x!sAh!rY#A_YUb5u_Q`%7SZK$SE2ZLDm&QB65?Jk(#AGYNJ>zboP6jLOt|^fV*#Lf(!U%9h~P;osiv z9MjclBmdUZ;n3Iqmbp;FL#gDdP;SNnkK*4oyWE5}_2ggnXugW0oBsqFbvZ8{RI6XfyRcq%|D zQstA-DUqUuW!-Oa-&>EyYWFaYqkjBcU`l+``&xg5uw?maF%yllnh3=;bSY@}DzcA; zD&^z|y-s$K_iX!ld|phbgbor~z^H&U>AeYpN^hYzL0Y7D zA`qk#dM6>t`*H7m@BM=d)>*nZPUh^{d(RA@{h93ls3>1dlY1_@xiDaYymdSNarL2d zGyKuXiCDlZ4;JHV>rGj|2TR6pT`9k6u66j8ZufKb<)7DJ8Jb>y$e$K}%=aT-y>@Ow zOv1-aZ1gs-Imea#;9h&sRN+blrp#_G6FwC7)Mh2<=3W;o7iTGICC7ZNX7hjh-7#D6 z%IVD@ra#gCcr>M8@t|VsCmIlM>&)>kq+!ZnC6SEW>#bh-UWdVq89BZ5a2b(mzh8|! z^&`Uf`3bYH)k~c2R@mB$HquhWjOr?ZWP9s_nVNI$qOr+Ek}ia6rJs?MD_=J)zu#=8 zNo+n@N}V6?Ho~voJe7o!pG~Y1W*Teu((w(2<+hcqVpGW3b*86(sc=W32-h;b(KQ#t1P z9jhJ9_~QB|;PW5VgEn$DVul{$yvv_l@u$n@qLjXES}G+hEWfsaOwM<0}-S@3Wc}yr@F$s3OM%-3;nR$cYJGZ1?zP591 zLhl57;`{GAJLMsCXZ=QwyOr!%Ur^6O=&*m^;6UOBD4 zK5ur|yi_g|`^uLzE=|#-wfr5k{_z-TGG#Wk<%c~v$&e=_95Dx=`6{v3hs^;Kt1LNt zI){{XibQn{MyN@!n6g@?2Wm})sr1HzG?f!uPsc2X3Be_cGU*fE*4PRv z?Df3x0h3p^)QaOjIOnwVNNZe>KksnouJ=kYH|v`X!&fU!L%AZfFmn!tA!ZsKabD9F zFJn>57H>S)xK;i;P~j|Mf55J*%|YJV?CJa;zFy%3)3HM%-g#VwlI3Z2+mjt!|_6F5-g5ppdNLBdW)p=0@%Z&I71>yU|0LNl69goq4&Kd(uU) zQK*a)`Oon!@M_W9srZhgaeG(~Hh#7E8*-`yjuJ>DQx1-r9g&mdzj+Eovq)e(@@eK- zDm?nSvpj|0|MA!4crH7jFbg8xJ0uLVECUZm^iMF`JJ%4^J&KmG_E?y6o*(4I0U7KtqQwJemQXobM`iKE2h0Y=e^la^R7 zM7NRH>H$65>qfe9zJawI^A|mIH<@bw7N18zyuvXk&~n%}>y?{M>1s2FhCFC+U+bY3 z|CXT5z;F){*J1NsJDCb^e_~?l64&X|ZPo8RgogEjz|_hal^d~WCSD0_yr9pThJ5&G zWG;)k!_E43yBF~n*=QvS2VQ>h$;p#KWQ}HfAa}J_srP`5>6u)!Ci@S-cdPNK*Zhzl zrS4pS-n__-lrAGhm%sfu96*3!f#~H%x}El(XwC=9tM)bTsujcBNLA7JetdCb-uj4t z>=1ss_-%w{ExGpqIYY7g-FqUqJZp?xAn=cy0ctQ2nZl67GJ2KZKMKt`M^TR=&3H~A zdG5rRGnV^Tn&NeuB;@4W|LVuD{qMuqi|d^%18X?a_Ku=Am11BTbqe_5!|I0I@3-8# za2JMfSq4!Xms2&naS~z(lxM4h()#ym^xUnj#sExUwe}v0woC0^cp}J`$}iXC6($0Y z8YkrCsF>N7?s#5H`Z(Cm;qos%10*JBTk+8T%n0kxlxsN4B*p!--hDZf8|i-9 zyHm~aHvRXG9)3X!M)~8?#$=O8IvNrl6sVkOls7F(-sq1g4y_0HQR4T^ z`jB#DsrkrQIr74>yWnq%9Qloz_;RN2^eIL-K+sl8QLk02GlQ41@u`^ zi%}L%8k^o+Hj-I%=ZIGSNU&;i!x;;7cBz5xIujRU*q=3&1v1mnefbRMOoJzB2bpl( z@|DwL@?J zmn(xpv?{p0@i(M-jB?9#c(!SGfqmUjsF&gk_DeK(jolA!Lo(3cb4p7eyWP7a*?#ke z?kx@W@HNZIU;HgOH2k%dX43{H3FNIP5UKAhjR17&cdOTt&2p55(^PzvF_MX`G(6li zYl-0APFqXvBStk)er!eB(T6usMub}ZWj-IxA}GCXUsN|?z^=yA+-K>k{Ax0?-UwFL z8RP<~({K~^+O8U5slmN(oGW3IO!H@5y?#-M1EHfd^EMb17}e-L%wq&bSa;EOjQ?@j zO4}lPgBwSgGT~@@myd^^LzO(K6cQZZYHF}Wx5-j`+wEIwk?et>fc=!rN>8E5;W8`Y zy!S4BBFJAm6+I*ISo)grCChg_wv8RG$|^zGy3g5WJS?}p1Q1kdo`$?8II0!dIEJ97 zsjtvtERum6wH^jc9ovekFR^9+kllW9kp z>CU@kg{@|HN^6cPq}o>$o|2yY2iZjm-m$;6)m&vzRBP=vc5`;cps#*t( z@sfJ?PYXukL`@`>w+d*u~CP4`fySg2tWfDC<~Qlok%8L^=WBC z3^mRXf*9)JvPHP$n&{oi3COF+pY5q$RAcjdFJ0sq<#5tk!j|Q&8z{WWpz-xv>48GW zHP*Q=6LSOS`%(p7m^~VTa!bs}y9RF5w@yO61KFY0j+yKYHXG*Fw;37+(hfh+%+h0J z#L6~wml6`CPSMmn0q-!hy*3iOa@$n)+wQDh>4tL0BUk_UA3TiRtGxe|uJzWl*M1^) zF+8lN*##ozqcVN5hnh-~`vmcLa{izv)2CeHv0`;C&I4<>!RGn0)!Vn`6(`9WN|KJA zZ71deXPC5C7%8g zpI6aHZlLHEbnjHB`hPT{%@MiXISb?(a;@;PSrenA)l$3b+P5%PC%q6J+h0;zTT#Ls z!8hBlCepG*9RmAmGwYQgm*n~wLZa0LPpSL@O_ZmkhR{(Wjx_59u^RNIcB1!A2aM!w zh9Ev#bVsA(@^X^jFud}Evzq>@W zo?5-=p57YW(X{$Fa^)v8A*2XwN;A+AhjQM(JHVopxiFq_@cb!cGvo#{EW?0d`tCCm z221wP-t{Tfiz%1*Ya*3a4x*a(?v>}pY8N~pbSgVNFVURF@7_4&y13)=oyoS#Orr^M+5nTA|c=Y=Q-B{ICm|1{n}MS>-X*id-V&~ z-AK{+5@RGf-LlFl1}|1}-;ETHFL5dz7y+JC`LAP(8pX|SB+q_hWQR(BVKj;tVmB~3 zS@0Uho%Nj-N3|!{%PTD@(hPp^`GbaIT@3ZSPj*`v6kC0lW=RGj)ibm?p4u$JPcS5I zC+Tzp`)V4N-ull;ATgRL<&{JtE)ZS3LR$#trLl2Kk26M=mK`K=$7cnulv`zO!7Xe<$g$1`imruYre(QU8iT1zC&8KgHCbgOxn`~IBM@2#GEq7*il4SddBDdMeZ`2MqBMB zrX>|nU;vHpDgAM4D@tn}xcuQq)ix5n-id4hsNu*tYU7!d0^}U9PdRzq+mdFHGs?tk zFT|#;C4NSH_0FOiW2YD6i;H$R`)h1T>`(=E1BIV{1LrGP{T@C*7-?pM0z_}j76pM# zaC21wLpbWhAVrV;XpL)}KEJJq?SY7FF2_u_pW{=(V2<^+aT@R8?ApkUYQHR_5`1L9 zkde@DvogogFBf=fJLv6?SUx>^w4)A(ToH92Pv3i>U&0-+zxkybmHy1FU?C*Zilu& z58dbvOG)B%-Wmd1_OT!Py)8ew4riAIgJ+1#1LtSBwlwMjMuNvr(O~4=0@gP0bRg5b zG4GyQ&N|MB*hK`4rFB@Jq|EaAG&KK8BL6OPLkgBY%qGYL?c_tZT&EsT4&s;YQ59W2=&K zXlCy;=@QQv&|S4ZYwziGo@kEkE`8`%+;%Q5?fems(%F5Wa|tIE9J3KCtMupseP9C9 zn9%dEb-H&`gAwbNH{vA&Toj6!B|MrRRNVxYNE4djZw7x7=!ekNqSMtP_dF$@pLti_ zfCe-EDE@Iw5v2BsxpD@;V&|h29B6jlr~0M3$@o&H?2J*`M9H%uAJLkS*^nZbDmY!8wdBC&?soL$E)(X@HR59Sb}+` z=MSeEy8M-*sk3O?iUVl?tuISf5%8VUF@Km6=01n}tz${n{wJ6W9UL@clw{P2IPS1)Cs=*^40; zwv(&1k_FsG1qG0bmkmE;Tf@G43F+QQP@YPpEP(tve+dZSAjBVMXT&=eS?5=7-j91q z!LZ5JxQ8mSNUS&lka~o9MQ@Vw1F}s=YV-ekb~F;^rV-ivhW?F^9A%`5h4f`r4!CC5 zg;Ojzn^%|r^=a3EW-)ApIZ4l*^qdqZwgTA{hWAvm+s1dF=s{z1+{i_6!724&H#hRj z`L2^{h^k`VgWt!|d(M5$Z$Q6=Z#jrnsy=C$Z3nVE9;+!In6|d!1Fh455dr}h=UQjz{cI-&Y6L|3X<7T<#ur2cn zd_zqw%IcP{(n=LCHgM*zQR>+6&?A<0uJ!u6D`=BWRXDr3wG}mw=z04)4}$UwfRVOr z7daHBK|JtUV~es6x=+=b#g1$I@eSJq`JyowFEa8SxYi$lP1DJ{FEqv9gU zNnwSLy~KJ#ojwp8kT_~n>c6{v<>B7rYNc1A5WmN+zgjL_Y8zd!VhW6N02vf4hd#Ql z&?K?@O?&5vj~pbA^tUh$R<9{bJk%sblkq`Bn~ho++#ZR=1jxb0t?k`O}eN=ioZU0=6sK#6Z61aR^vZ=uybMseU?_a zlroEFS1#wsV$DvUo|nKecMj;&Fd+5U7nGldz^=9b++nye%+H@46w(na;{AJUwd_}A zCb|D`c_vHyFL`92?WkmGxtwxF4g+x8vv6C{sFR6__dnbX0FtrGwdBps=P3s-jvpZS zwqUzt{Qq!%q#Tk#Alt- zq15>6@cP`rplNBR)dYU8WUN~ZTBK(|jc5M-#Zsn3HhE>o6ugaM*+FXlVsMiRPSx?V zi{Jwbe`;ePZrr<{8dJ>g$62L-s;SpX5rGFSf3$&mxDE_WRXbs_6T_%K3xw|_F@pm| z5<#XzI6sScMk;6GK+r204=Pd|2bC@F_5yrXu}CZ5h{JIwBI5+(IdJdMV9SJIVx?q8 zQ}VzHtBlHFoOeg7Hcw}c*Hiz-XP53ub(mkN1M>TST!@tM(y>C?g=B8d?H5B?H=NT%2(lI#M7`a5acZO1aAJ`Vd+(|_rP%G7W9P>6SyT24VSL@|)p zr9I)fq|0{cTPM@m!_U=e2Nzfg+0S3YCavVl1NX+}%Cq~I!P|9(6Pol?AXs^1s|C0; z-2e4-`v4VQSr7+bih# zFu8R9y-Qq$sq76KKxH`G!Z9l?ITVPef!Vk0_SK&j@j8B?opBA=&AX0rV)i*4knw@m zK8|_y;CE-mNA_Dm^e+*2I8Wa*zw;2*pOkNUWRdrtVFt(X{5d!R$Let-S{ra5J0jsx zAx;uQkIE@8-@doCbnN~Ym8^hg8v0LU01qv>2e`dvd=h(!>F}|>?S;9x5J6s!dt83U z4(Ir942ZwX_(Y$11UoyYw_#9A9;o5dTL93Z**`xiWVMVCFMnSH%mUW;?M=Gxnx@ea z#+o2hnqt|U;_t}(v@4b#bet6|B@0QxX+z$%(DE^4D9UH?(=zjEiT9p%T(>2*D?5Op z*h=Qk)9QW?cut89to&cw%pqlSkBiX%~K)%R0s7cFVF& zl<8|w`H3jEwWhPuYbeWH`1zGIb$*EQ#!8AK$msDI29YD%`8{iP$=v?7R&$s%XSOXz zmdump?fI9eV+4ghT>KYO|HE>afBk&6dN2Mc(=!z33oJG4BLX%0*q^KmKmC8cjgRcS zHrm_a*5(R$bkkzyUpq_Bv!ATE(J}k5|IdX{0@vW`XmU(-E>TTTXNtIiGlcG*^Y%-| z-72LxBOIyFHl&Uml)u|vs#AUBTqhI}sF+=~B{>N_4TLApmgiZ_`a}mg)vr|YS|$$5 z!)F)iXV-MSNYpl|H0$TtuB5*>PqqA0Ugv8>e)+=p-!;1LFQ$p{`g9!JK>5SQ)Oky- z;6Q8l#^f~#`9W$i-0o-T%*ETZ)QZaMgf?l*RPF4(iIE+xMFusO8=K!d34j||HqYXt5Dusbikpk<5GJE0}buUOL zH#(?OnO7Mmxt+qyT!&W$9JnywiPt=Rt;)1T|k&g)6(PUgU(7r9z0HF|Gm?7cNzH5^@`L($xn3Oz#M( zUy2ZvF&Oix-(Q+gvfHX;nFSawE7InkcXcKzw zxA67chAOuT9N0dN3HqPU{W<}@01l2zG>_Ho<$iKhv{>IVoftb;uzJ?sa7OE~i@Tk6 z@94qJtpomx_mRb`48pGvwd5f_pyWP77MgEuUv&nbfs1}1+DXCkoKJ}|M`j(HVs4b% zN11LEd(>g3fJaIRD#PmjfN^2zi=f5xZ*Q-M(Q31(?Wr(HZCa)UXEq#F&I!6y&x7t~ z(MB5iuTX!k?%gT>+{rBe2n&_Wy`Y^#8#r!r&X%WLgsBmro=g^~i8KL2+f<^q4#T?x z=NC*~W2>F;ESQfdhT1vKH|n>!=~OcrqO^wsh3WnOTo9#Yr5zYHWnA_j7~JK1BHrvd zDcTTd(}|d?U{1ucwM$L}YXqdtdUilP_U=r|Q0-Tjue5x`yy3x76M>-tt8F3+xXGs$ z)$zjgVc(P>Y3epYqnWKE%FXES5M1~pvyp2x{>*hn==P?Rmx8$i1?z!B&y4sV2I>&! z;#?R+A5m<9jzqR*0%pfncEaKF`K}$Av$(E;b{_->zZW>H!|b@!#^c3mZ;xlT(MSJF z>;V<{Z=$mnV=X0`2p(i~qul!EK3O(kT5tN_mO}^KLwypP2j@{tPXF_Jm~CCyXONA0 z`@6X8MDE!RuYzKrr?<`4JsM1)=10W_M)$nilUR^*>b6{E{TSMrQ!+Q2KWV(ov+lR$ zg+Mk=b2+>!go?NHuE#i2!^y+cad|_c2&4heB)a0mAWie)XC%$WJ9OD(E63JP7WZ!! zpwGb|KCKVgmr3?*=7)UJ^_6(pNCuziCnS+fv@P(#By!06NfmJKKUtjMPs`rSSZfe-|8odFKD&ihojd*BL84V0e8C_A%`HKU{}rEhTNFcz+>0 zbotw&ab8OSmTIfIVt+|Af%dA{a5rsas{&I-!(wa2Rz!p6Z4Pq|?`-PaTD3~Qx7F;s z19NJyfsWiFRHbKZM-x0LYQlclxJkML>K6xbXDFsxkSJa5@ny)9AL7ZE9I&-sKHGGdu6B*rQ=FoFj|eit)f$Q#myp@sQuvM0_IB zet>$uTg_eV!)xC4=XvPJd7B4g=3Fc9`faG4IqRsf^P_Nv{fLZty&n%eY1$k~FB!f! z!Lvm+lZ*^CKZ>l}PZ<(J;eMp->j^&C_()q=_jb*!9_78Q?U3{4JHesu-Uofwo7%*= zuxwfU@;=wvO`mp!=S!4sZTav;N#GIv=&h zY|hPL-%Or{qptYy%DwHRl6w57hT)k#&0ugq7RTp4Pa7x*aXa4-6fVRe$e#tIT5CY{>$8{%)L~7i&VC9J$Rp>U@&LX%?MHi z{Z;tgXf@E#Ja zhSwFMw`$^1;|H2B#bPmg4;R@7obuEGC`7kHg!YiJxi$6hfE5?e8`Zk|RhUgn`{Dau z#*JLf>&LV$xB0@}UE_hdYiwu%1FFEr zEyD#Ns}|69J^;yf)8<9fk4G40H*cVq_`Nty@$QJ0WDxhFJ1=R>-l#})cyO*^P1aPMS$_(AO_SSe4ZIPJg8z5?mi>o z4Z7tEwVrC@+P_Y#&t{JW^mk*^6=Qbm)@aS@4HlNqv=3>QZZR=&SQnXfQ@PON%b2~5 ze7CElc9$dqie2{dUol_Psxl4x+j8-ll=4Y&g5t}|4nH4Wrk2d@BQT!%r>EX^Bu^DX zE$?{Kjg)@IY~1UjS>pf{#)Bh&Ym!oTip5yF#GB*9I{=N^$zk5yFzqiey_BpPZZ*pp z;G)bGo9FIYL&IkUyhKcBmG!o(L(28RI=qTOB+o>U5&F^77T!Z6PPc`@N9*Pd2Z$}x zyZ)1pjAY6-Vl}|Z;i4@EbRh7_SY$aDvvduBGJ=e~*%%u|#U;Ei&g|aCDnv?|C#Mv+ zLED2~+h&3MeAmXNu4_?+z!Pgcvrf3%oT)Tx;Sf2|1TJA6>}RLdV!?)UffI+FdrNHz z_U(PK9RgI&Sbg-XfMr&Up8sprT=4-z6`Id^`he?YCP9#$AhRE^{9iaZc02mCc4&;1sR!FOeZe3UpQdyr(lA7;?RW zL#E*Ez8-++nj*{`2etZlu8zfpG}qkE%A0=f%xFZ~rR=EseVl^qyv%)#8F6 z^IGy)5|ClPxNifye>Yi=%qm{%Y(MBwT>4q&Q;+PF-di|=;XJE%e7nZ)}nsfbj&E56dHZa6SC2@mznqB3b-k#vj zn7Q*2E!lm>`#$@5=Wd5*(K9zE}Tg*K!1fS*ODXWvYF$0{eDg) zQJh(;u>v2pQ%Jr;Go6|r zH&uA$rH*;x)?K$R{oZ2dz&kE}*xYCf3wXCU0Xw=Lv7y%H#jtYDF;j`~3M@HhPu!+0 z4n8o9WGAjXfGkou7A(D)k+tr?yl(RRRAiT)G~P1uY9Rj0v$~5;^Z$1iKnE%(3)&U9 z^f*dEE!UJ8foToSsG@F=y<~Sl{5#RK3h+htcExH&PRE9bV{Q2C*AI8o7bKIVAh-f4J3_@;;WgPmBES-v~d} zq%Tgm4fG}!Fgu#4$&+SfiYy#3hcf#gbgNDt$Z*#M$DKcOB0RshlJZciCVJr*E0^aJ z-0a1)%8g9*nlI~McFU-7FfO9}5d3h)mO$>KibF@i;SB|)5kp5Gl{C>dVjNMv~e zdzzYG1)4@!dX!U~lvds*`+Xapx(P?*M|&D}Hv#GnGvBPLLuTa(e74Lpb!Im*@mE8n zkuN@7qdSj^`MU8lONe&3Li=G$Y~E$|ad}kb&f`NrV{y!-oZuD~Npy*|GlV-(bg2ED z_2+6)7c@9hO2Rz(8o19B?e7hbq6bC6RcRf;iuN88+F=!>G4zJf>nGiPsfJ&j_gk1A z(lQ`v1i=?XYn|ue9Yt4&SUq2H?%TSV*4-J4-lj>A;4z@_c6rgKEzwtw+hE5ebxK->mJeR~^Z7RelQMlBPlU<* zfZCL2P?VxFqnMNjO~+*}O+{0fchN9eWW&AnFIvaKw>aI6ao zIkORT|I6j={(iO`YK-(EhdhdfnJ|Pdh-c!r>iYVK;QP`4)!xNwUq5#JM>zEno%7UR zJw2xe3~{1%OFx9{W5~%B0+}MSz(Pgr)d}IFfToy6UnSxt>|*;mQcQ0f9=Y0nZUy=$ z2$ZIGZ-Uw|ZLttsw_z|NxiC1oCR1Vs(3(q@#0i>^+k%p4FgP&c6~Nn}CJy-FrnmHB zscnf}6WYSG{XVo8rLV1D+J7c1Lv_cAlxsr$_nLEllJ-pegT7!cW1*n|tlA}yAXK8D zZ>h6MJN+?Er5aFUu0b(L!4vZF;UC`xU_qb>s6DomK2RI$X^>UreT;LRE?p(4s0n(k z=}g)D&9WV5#pGYpD*fVWKkv$wdNsJ0$bme5@DcTiF|%*5r0acAGyl6gE8Y%yWIEQ! zi-tMj)?s0ck|qX20YC#(%s+5MtP^mA1+zT<*HDvVq+90kCdQijSuHsRGFA1uy8ZV- zKBs0e#Z`4&_o`g_5u{NVp!n-FsMDOW%{!+3bb1>%h01Y>aPa;k(0yLl9$kj}$QW>oje+QT+%P4+(lV_7#Rns}B zbD3`C<_5{v@_15AP(#dq7;weN4y{MEb&AB;Kh~JCaXOkY;=vVldS&^F@ixxnL>Y-M zX48raAMSiu9iTd{3*xiOrQYs}(flZhayRV$c2B~Oi&46!_2SJCT_L^??%9J+?Dl#z zZmn}411sQu$zrb4f+f9V?cdoO;E}twBCpmx3QYCF{1AGOTH#_gf2Nbe@jsF`c_Cw_~7#`}~}}lc@~A;w59xDVnj} zhxs$nq<{Wj{$JStOJPry)+cun!L|HnCWU)v_9p%#q@|NN`1(=it62vOse05uh8X3< z`f0qJf)P9~V5`NQ&+HXSGrKY;POD5!9EQGkVPq1|lsX4KUH4>ZD1mdAwYuRxf0$in z%=L#-@hIUO)w&98PFxUq!r0=hNT9~Z zIj7mYvsWXZ`I{I*L@!RtL%8V%?m;A|m^n}w zWnNx@ImPx>H;l9%#xpi0LJh*91uk9{hgEF&1lkniTc^!HY!~a$I zi-fS}H^$94`4>a}Agy6_+fkgM1ooorzZm&FeN$!TrSb6~U~;2`?T7R=pthQh)C< zd|jn{>6T=Ywj;NEDVT4Z9(#)(TuCtQdpz0FEZRl?DL9EiJt$B3uD7?boVQ_pE?_dT zA4-rAlWK`{L_FexJSCvg5QSlqE@g$W6H>P{kE1_ivh#f$_Zpb5Q=#1ovu|7~6D@o1 zkAL4^xjMA1CKJJ)I+0u;j$GVrz443nflcZDeDzi6wdtEL;tAL7*yWik>6kP~dQ%2B zf4+ecUZsGz9$awkdO-6m?a-Chl$#)HoCM?=&D0QPNk=aKVBOj7e;F%@*b&&7vfXa{ zPR;VwU}lZPdZ`@c&7a=~pkCB1;K3XLFd{3zI*(YLbn8kqo??t#B*an!xko~^o$y1O z=Qj_6@_bxBUDFcUdtjUXWcyL>zTkLfmHmLf8;PgQenWEF5FlNu`rBvw1dsL)#(z(; zbgtbHdxgsaWt~(kYu%@2el=0>8aX9<3)LwhwdLPt1qHm>Mu?#aiOd)h^%dZ~r-yVy=-=&taWoe_b~a1#ay)tefSyj*vkDJ7CcEe=ub;^>o$b;6cCbnhFhI(f+~W zDbkkaVluPx?8j5?a~9{`J!T~iJf?@ae#7U+MgB7HWT;(c7z3o;DEi^*YUtqoY|$SP zhRKe|^x!&ZJgJ1kjor-cbd}zK9_Woy2;B+ryVkR#w^_T~4}$c@k-eYU#xr5Y)}jH26m9@=_Mhmqsq|48!#(W^zo$_)>F}9p z6nFBtr0qlr@o6#Ajg*L=t+ym8e6Q+Q_#J9BA}sb&Kd&V~Hi(M_w3QjP+=`+N>E?P^ z4U)=B?k`9?T;0glI-xTGew zI{+A2ZaVvJqoM?TUfnf1NDd9{D-_ys2rC{DH;j%^JKwZ99QL?V%<>m|SfTyFhRM5)TQCh8g`yyj zdXVH+EPnQ$G^gt9s29UDQe)W62er>qj#$LEHw^#OqqOS9&7*92$x{E20Sbo5Un87* zZ-4@eqFEG#ewH6^$H|ZUlK#(QeH4DcR+2O#1AY?&;!IxYh90H}NA<_w>UiuA)87S&*e2iLKc!eC*0y`gxH z&g#Xo!UNZ5e>(un8fve7oA`6WV0#h(Jk?Iz)4PVCGS6y|It~ZINx*!bI#{ht1T!ns z{?Ya~j^7Q;jILAL` zZDBqQIt@2bKh{S?(qV2ULi-;TLa#IYUu$4~CK7f$cjPcNA_dtKyLVd`DiKs$nT~Aq zOA->Jw87TcF2?JwQv=3_Q?BZfH_$g6CiC07qJP(s{uKAjRW>0LF*m6xip%Q{UMFd! zlDgpxAit5swqW;Ffwqt{X6fO~W?tXx#%Ize-L5yIZy;eudxGxwJtmE0gBftp~y za|?qg(-wO?8hZQ?8-Q^z!9A>pj`cRx_d{?&%q{rcoN6sB)K4^a14V1-_iLnin_ASp z7mhQFbG%!_*M3f+%O|4kxtBTKZaB0Ro4i0hEP@Jv_*8mu(lh{O`z{t20nq)4>YPxm zw^N7Ff=rjJhEK+zySPDTjv>*o)h@up)hIe_lJ_dnzCF-tXyR{{=Ilx`A?k9B!5nZ@9SQ3%1zTlI1N+q<3>-0PNGxv}32x zbEsK;re;L>XaK!5gp*}8*MXepC8^w+oiKRf!JgQYiyD|7cAb534=*=4O3&p&gN~L> z>gl}h#naS1=UL0T4wbk)=QC>I%sz{>Pgoy^Waw+!4hH+z&c#)!pOpd!f8XwVOG-Y?bZg(}Eo=jsWSE^7h$d88Eeb_VnmI>9GhX^(&R8nHlS ziM=U3EpO1oALUOaFPnKG9MeV{7z}nfNf*?BNdTtV9(v`YjAr~rzz<(xJKGa0Jpq-T zlJb~048Rn*hsS79%U&~iaX#yRFD3|~CiZvU>Ef!=Y`RnP7T(C47#tU230+u$;5%@X zM9IK&X6*K_)?y4Tb2^oG{`c6{!_eC-enrgVvxHt}1eOnd*Xtp_L+Ze7HlUp2gaRZE zex#@M%Xb{w_X8_qaIeLk^P**v^9~ZR8uyum^%?XJBKBU0O1)q==u{6cD~22l9~AIzkR#Du76n{+ z?_62NkX9R%-MV`i4%?=jLc^*;?)?G1#Pqj{iuAFADSvzkv(vqlW?&i+UJU#v0{Cu+ zfW)+;zHh9iDcjqLRT z%b94w#nUIgxR3lqSittN!j#4vVUFVS!3BL5cRC^TJRh8hHw9k#uyw(7`9orMo1}M_JWX2{4lwt!g zpxexSR-HCMug!#O=K{Y((3t_gb~L}xO~gCl6)6ea#hAR9K-UCyh?imGLc~4OZ>5Xu zsoN6*gh#2FQf!@GJoSHyn6Nj{GYPX^9VfW5@L@DKqwZb)-N;rI_h*tr?c3Bwch1b} zoqG-ygj}nNuVM@Vgv(a^GD56__mynAQYWWAT%-{$yZmPW(MprJu(f#z(#2rLn-2@i zJx(HQn*B4(4q>=oRX1LcwZBnD?o1L1_b`%^Sld~)INC#G^zU{CMoZMKVgWCiXwvuA z$D>7I(aoKRFTFLOeufSUJsiprYLtJZjVoUy_|fr2gm$LHabv0 z_M9w%&qrb@J>TQ&nDsjDC*6y+f1ai4^EjvBDDLp6H42#Y;p%B%d48;n(!9F}KpY1o z-iNeRc$j%O>ONLRnr5AM-r&1qIXk}9a1abvPaMfK>pV`~5Igg3C}dD7D85C&m#vN#Ik33FoNTJS1jvxl_16 zN)-fD#;vsgXuCPb?}$6ZQ7YbZ+(aC$v2Q6&b0gfOkHrY6Fb)uAGd`0L(D?M-BY7jJ zH`Ug6-Pc2=KdojJI}BimcL%lM#ZMe&%iHJuaHXpx(yL62sGAw{{O1ZNk*eu{KF;xC z*3aUn1;ZcSZ-&|C|8H9wE{D0KYvH{vdyDorz6TrB6qsj}P*dg1)x~jlxML+azY099 z*cGDzYh8R<-WjVA%oT-s)8JWKh#p^>t1`i2Rb?|)PM-RI0VU9b z?IeVaDSRhS5O-FcqZ=Gmas=`Xwy$` z+&?fscB)(bDd})HW@DtpQIS1P8Nz5go<1UZvBQ~Dfl*;zCo-5-+tc*oNo&Mk7PeJF z#3WZ0bjS)zm^C0nWOQJzYzDEU3gm9o;@@9p%!7@GK3<3cYO&^F!mJyQ?2O;=FPp>l zqW$*qj4F{I=3GE1*^@F|;kps9#F^a+04+nGiPkQ@D>v4$qQ=6>fo=mNuvq`p@}f-z zhfl$4cal!y8rR|zHvcbbgES5X0&SF2j>xaboq_83jpg4Zu^FC@3&*}a@n#}sjn>Z% zzN1nFMP$*6uM-7dn!P7AC2J%Dzp>9n*Fm~1;pUp1e4Af^kkz>I`7{#@zn7mQg0LyJ zeyyra64W-4Sy8NT-|zj9?H1|NZs|tUH))jfa5yq?*2m%`uIFTrt6xMH^>TOe!KCY^ z(_*v&`4yt)-SQ91&5aS)VH1jiJDE5TJX_DZC&qLxNr+T{y>p}Z>i~5X$Mn55q_YX~ zkM5KifieTMcOE9r&*m9Y{v_`K?Y45{KU_x;pfPmks7aDcJ`RT@#y0P5ls|^O_xqg# zG2-0`Q5*B2c&`5awOC+A+;Us}8s<4G$$A8<@R)FKp#}jXYEEw3VC38hzH-wYtLS3% zt=YAwT;r)3_FKpV5hFt=FdujN3KjQ{gv4)$pkc0VCI~~P%z33OT-Hzd}K_V#;l1a{S+wB&Ne@Rf8 z2gbb^Ek;LqKj<32QaI;qOKEow$VuCYy|=HC4N72BG=q_u4-YDI5Vn08iW*<)l<9)Y z`XlH%r_*1ryE5=lF*R5*zgTC*7&7y=NO-gmPZoGu6gH9?-CBItaZI^ov=LGbMQOuu z1C!U5$0nk;Xg^cmWdQGrib>Hb4wM1rrErqcPM{e#=x z7f5qepuf^fsNCyZl#)uY2JXJ27vCbBhc45m*S79qcBf~hX=3-{d*)syY9*?(=2y3$ zVM;ANpTA!2e-+q&IQJpgPdML^%IE1@14l6Z&^f$1$geAU3E;Yl_0enhxJ}z>YKa%z z9r-??NNo>uY;KCZ_kR9Au=^caB=vSnNrH$jwLlL^CUsgNOZO#*YEZ0UmXjrM+S!>ZS_##4C&e5rxK%bNL|rcpj5y&^+H(dJXE;oaY&3L75p1G-fc zc@LYbPMU3V)y{8rQP|81@d16lJqhm1@tv^ESs4Veo}V~83KKQ+SUF}vnG`*F@qO$O zl4D;Q*pqUHm~ZN-dNRH@Yw*f$@V?*C*P&9;9j#!$%60Up>0Dq$BY9k;vF;R$py&tqkihdk^C;W(lOeYer_SOX zLgoQxxChivPW`DXIT1zoeL;WXe=}-cetw8mYUIn;Pwl3{Eg z-7sXtw`hK1#-4;Os^3|DT9qN+Su{iWay+>Ix8G+n%CIDx%yo|v@T|nCAR|lNdpN&C zT9dnPYu5jsP{~LEcAXMYHfz6mcY-{fPZ))HBjgIw=xY zfIj6dO8Z!$Gqb+)*q0O`lOX0dSF!lh>{M||Ubih;NA?cTncZz3-P$NV@6XyN^&z_hDoB@Bu0n2JgZ?R-_T1}JX%SUo5&X4Ze_DzQ$ zJ?XkqPp|f!RH1%sJRW+9#{_bwFz>H_x>jS!d(5hGh_gN8I}L5QVNx|XycT8N5U>-V zef%4+3PWp#Nrf>L3J$&}055)uy+}%(qv|MFylSTWN%T6N<3HALxCy|rKc!bxEke9| zeOBp}H#S=eqLSocG3PsEZiT5i|K=A!y3C(?%5e+Gmr|;Z(56R>e(Wz-OWXF=1r4<< z9`4Luo&rhYEV9~jo2lF9!>b!N4pvhu=Fda3XunqQ?#QuTz~x+fq~cQXZyiRnhkVK$dm69qNh%~_J4&U^S|^IOacFT zk%qk1JzQ=E(20v%Ub~%xIw|o0D4N$Fzv=CI9FE6x(7tfV&l7O!8Y(Z z{@~`R*PIb!PcQ#r=Y7{+8r#X9oYe}hK-n$bH0suZcVa+|UwEPMc2V$5+Vni#(IY)b z^%3)v-*;rSV{)&_jRWyWB4)UfTiPj@;Jxtx)*b_Nb|hD_@qmDxot>$F|t>uUNP8FAi?KfF_^ z9{0(E9Q9-+;k=LKe|>T;Qv`1<^d(i?SzdyxKc&$2^b3hLd}@<+wMI#Cu%-P6X&%zJ z&9|C}Cfn8l6#f?|a$43Q_s4)<12uQgV^erMa7sdAGO^2n+k{mD`sfkI)a&}BcWM~G zHSi$BW2r{>3LSZFIK!0RccAT%RK49ZjwV!{i#D&*QRPYkohMyVoS~_QtN^ipzjwPt z;sgy`?u|hQWcSp;OzXYumDXo6;s9y}5CP&<$1522V;}+rc#>-uu~+RlKQExfe>tQC zBfwlwu0YQR-lqCHy=l#N%!lYbOY`q}W-Hc|fR`)rbxxMk_N&>SBvm5=@k)-wM_Al_ z)OwTD?q#-kAr`S(ju2Weu7Y*2-d@lZf|shsi9-F_V{l_Ly@(xX<~S{vx4J|~A{)yS ztxN1?UvQs{V+uEWo%8c7mq#O|M(6Fbh9c**A|BJdkIrnDt8JBimOFhk-vj_Alcb)g zgBlt^oghA^PmQNj42xHI|BHJ0pJeKL;_YiZ{xPqc2GYF0GN-oFTQy<|jDFg)3m}tCH>X z8P2$R%EMSoIBAZ09;y_Y`x6p-W|UOUBZwEvF|X!1?t<~2_fs6RRursqBq`wG(R7_Efj)x`;<~~+7QM@^&l)G$ydkzqW~5d* zHFp5;U6l((cZ*M0oi}gsWq&urLJUTg(W?!Fu<#=40IKl4tO18t~!HfU=T7ud9 zEijw1%>VmP(zsGD_99J9-qy$8Mj7WjuL4PbRQ?wGQzf9;Ge8#NN zsD|)N$&6&Ee6#ySzT1`FjnNL5qBio_|C=(cR)&oS>8FPKNLYA6mR9xYM(oe8__^LU^%)=@8 zs;A(WE~mGO_?4=-&d`$okpAuhK<_Gy;K2Y&*r^5Se7lw@bIgl%y==QpQwcQ=x^PX zkWJsjPS#T?vt}k+<4LV7w8xFd3sRGOpf$QogIqFpu`}1O0Ah=tv%!b-$xgG(%ZG!0d%pM(aOlR2 zA(!UO$8LUGY~@s#NRgq<+y(6-4!yKFeY3NQx&-HFsRPqm98xwX{7Qcv-jsn?fSx$@ z^Wb`mAjwLUD3;0&j_uqI_Lj*_rl7RG$JUYfD|S` zRUv=?6>$GmCLC~U>c6iZ_49=6}|Q*&W3M;kVUp&ZyU zEF2gse3AX?ES5#LNMj6%-w?RCD)AHuCZ22sg(_g)VTpyR-igQw>Yc`|xC3sfY-$Wz zYW5ux7RF!(*ibaJBXN*XLOT_6l3fPq{CLcZG(Y+4PLu1l%XQOc#K<5D{0uy!bPL~q z2ImEa6Taf4s?oDPz=^~#K*^~@?=}NtmOiVGjR!^xj4IA23ihhE2KVet%1~J1SWGrV ze*zZhz@}Nhc?+UZS4E^$WBU)>Fw-ovpD=LpCsT9glELzmDBO2#w<0wrg8}k9DfQ?W zS6h~(Quu~$=|&aX1jou0-$n>7x{MA~KW_wwn>AG9aQ}&mOQ&IdcLII(c29VA=Qk&) zAGU|`D?SO*drEEN($TZ4M3`61%G)pN`^N({P9wjufAp6{#Rv{SO~n$_Y6Pn zZd80}Rdqm1*n`3Nu=$Lt;&(L4#dlOtx}FUGn+`(0tAPJ2?>Bj?h1+;WeEGfaWd2A= zY2u$J2rq=~DD%jh(1-F?&`}`k;Reu}KbI9?PXq5Py4{8vZd_T;@(E~FEGemT&0*Jl z-JWHm?2Q@d7XQHm=Wl%qPJIbZMR~?G zBVVR@`!)4N|8PB0J3NW}DAG+bP>@xBm%`lll#}~{qR&4kYqANuD@=Tx`o`^v z`wQCkVAOzFC)3(evtvSI**xOu+ZJR7az_?`aK4 zcE_*r*5w|$-|v^RQ*~9A*qB|T&HuZ0EjZu*dnycU_w8~3)g$$#OT!Y{mN77jI+t9{ zfg#C477V7nLHuSb^btV0unn$Ps)X*_w1Uz_mujp!+-$Y!$K=Vpnv+>|kzV)E@4;sX zw?ZC77m_j1kV^H-TjnD1?0n=@D>AK^SE0NGUbLJZKsux@@t4g+O)fmuQ3Za;u~dCx zsqd7yn$7X3-25kCw{=2IuBIVXT|fu02U?v1_cldS-v#?dja8!r5DbRJqi^@z*pv zcc%MY`rZ7^WWxf_eEm3IQ4ic)2eKpdZg9QSpcERbOq^@^A;iDG3A+9J&0T<_ zx4Fg@9WWqa_nVw=@Mj7-5hPI(lG+`j5aiaIfU3emEyA2jsb5rDkL^E`4Cs$&NG{!v z1D;L6G)EFOU%*~bUD2c5XzD_V<-5{KO0@FU?gaO!@^vZO;hmjLd8ZHF#t10i(N#+a z{>oGx?U!Wj#A0i@${j1_E$^H=&0kwGR@L8c9Y{)2Y2uN?o$!gEXLWRIWj+V?*mKR& zo-c9Y*Bg9CHH+S-n7OmQiXyMPs`A%ZDYEU~2W6N~y^hp_@%SQKfB>c7l<+(NfI{gr!|U~Rw# zpQLt@RH^@M+4pJ?^t9UJzg7rd9HMVQN7c33z11rh^zk?CHPdfDJ9g^Co=GEVex_<=>*nobL8eBW^rt zP*bK#8C{DkJmEVkqNB4NJ;y?i|CM8RN^j!+j6d{N_BjawhH|uVwf%g!Qcc#1i+arM zzwS;2+@l^M%QI&Er*)3;11GrfdEP~0K1F2_p$TAS2Av~vgLLWJ{qpzqP9RObA}YS& zEgH{AphPPLBHcgFhJEi!BDe#Br05xb?t)A~#vt=7vB%|LieAC2=+$XhGj%*!ct^|z zU_Z;40NSZxlnZ?1380mUTWaEQ0D#&>R@yGEWdt%Gxz5zs;Hng8mr*Izio&^!feWvP zNX#4CoFesJ_$_?A=x>TGyri10^hV2R-ga?ai^Bqc^4^(E`+7#5iu=|`v5m1svcI+n z&h&V`+%__+#iqwZiq+LKBrR}@n+AoHDcc)4SNJfGG54!l&pQQI)8zj9A;WmUGrIG6 z+f^$7C^C(8J~=stq&8BgAj|5YKEMA~u@*ABRww#=yfWUS9OQJm$ghMj=oiS|z`WD! z>*ClCN_r|shnLpT&F_!>M`yW5Hf#GQB3|~8)ad>C({0P)UGvxaJ^-f+u_v>tS~Puw zbK$e9rb(=mvB$9cy?nFstc_k!*7d=Tc=h#$P1)Uk8XnV!wO_;BRx>-^$}J5^>q2=4 z-7k=>ZW8`8#&&wODn;w6|EOU-6$5>@c%LOj{gDBFE?M+F5KQG)Vla72QePMs1tw(qhYYoMgo<`o&H|lXw-?>$2#-if) zv6{{7nqPF!#zE_m(C1XKUsiJ^bq-<~9%lHAn)$H`McucMp3(sMhI@4`Q@%s^hLrEm; zj|0#dz5!`MSjs7l^13GyStcy=7Yyu-4!c{Kx`GGlt31n=Z;v~?a*dM6nZMY1ppkqL z`Ek0mrF#PJ)5daozJNSu7?nOy_>W`axVYHjdXk8TjH-9PioDB=CW-}!>nXTmIqlTD z_Fnh=UKK7m4L45=zF^#w1)fvZ`+RvwF&X30WDSZbbvU;vg#LUI@fGt*52+8~@$G|J z{K@PHpRsJhripmHqAhY#X$9gq_Tr2>ja*bu{yvr?wv!w`pI(6U{5kJ!@@)YxS}#76 z`H(-Q<_-MXxfp5Zwz2#mHqnQ=4+bVZKQ9?yy#v9p9{&gFUi~mA@79QhuRNWZ3__-c z|1r-OMT{4f9d+wU;9HgPwQ%-;CX9zgnp($a)?NCT562GtD+Mgvht`Evk*zDE&* z{P3ptfRq~g^p2hR-+cY7_st|JHRF;W4s9{fA(5Gfcv;ZL*0> z)6eRbj>C}b@8!h|sgVid)uf~CzsGX!yDz|ggjKGY;x9TI82JTp%l+R*O`mm6-G3N% zvVfrB4{D!NRSJ;&G2Ht*KVsk}$GM{js{@ExLp@RMYIyB^hK*UdwfiX*b_|GEa<{Il zhkzT~=eJsqzi-&_<{yvi&z3oQG|T0Ww7S?I+$s8Mz(j(?qp@Lq=apQl%<0SAj_vjO z<*}Q_GYTC*kZb9{Cz|gvDOQyV4(lia9x8hw_I88iCQ;GsR>=NR4*qDy;xbL5`@4ehWQo<|T z$TJMvQwvTielT*YmSib_-#eF-tJx{4(8DD6`5^EhY(-v1yEQA~c)*Twre!;$lW(Mt7|hKoHJT2?0`w#G_+1|mbbVhlh=D>VjLi7Y~v zQ97vblQUof$VCGT3RK|$3Dsu3c7hZNAW#IGk?kkZz}y+;KKYJ}f_KH}Y=cVyfWwAH zm`)7F^3JX~yuCON13uh<{#x9qX5mA1*sG+yoJUSqJ5@F7soF7eNtU*~2D!jf-E+4m z?xT@;I%(FI>6rg2uy!&tUEm<3A-8pEln}|gpykqS_#RKm8_73P4XfCidO|QrJ4JqV zO6(J?5`;`$*>IyS&Z(4L=y-$>`E~|kT@J6~=yh|ti8y;B9qERWvsdEM=$A(*Bj)ch zT67_|D)YY`;PhxCC@z3~-lvzOO zylv9X$zj$a%kxkA0uDPby_Q^isH;eLC4Pf%c|~;V#G8LDUn^cTP(Hk``a_-!@*f9Io^zhnvF@oMNvZp63j;eS%Zjy{h88t;xo+*St_Z zk6$W=7*bV`puTrM?d zpuDp(>S5~=9T(%xk?psCUR$iA0Be$h4ZdBzmpSQY^VM~GJX(_y#@sMbKK{JM_q~c0 zS1azbqvep1Nao)dz&H!Aj^vDbepg$1+HcpU$URoZ-O0rHd5=_!#siL>y>|=4qD3LP zJG(?%Y-#-wsz!d|u?A-JWPob^l(?4#sSOR^pODy3Y1=(VLVjFjZ@6YzL(k4nH>v74 zL438tUq3b}l=a~yxo%j{?}({ze8GfC7U@pr)g$ZMhmheqC*Fr~q3RaO=+svDgMyXI zw>9KCV5HF!@6;+0h%MVCHwBxryE(AadIa&Bx0x+(NqcB|@^I#SJ0?a7dsD9U_LZJj zy4lzBGS<8st8{ms)wVJ3Kmv!dPzZNky;4jjVpuvuFRVoPd%V|e}06mE(=%| zR^&~=+aw>~l%#EUH+7<8<{{4B_FQX<4y_3rTwHmb^Cb#5VMAB%be~yJ959vnT-%V` z6Q3WNSYrH0IRi9>Yz@JfTZrrby3W~^-XHLeAI%bGNkjSg%fo z&&sS+I|ozha%FY$C`|pWMB%TZY$3`c0E3ygvPndh3OabV&PvxP8(5va1P=CPc|Xa+ z@1Y=Kq05-`$|m=>JnyHj0Za$JGna@epXvFAvIK!So8mIji9t`J(kx6~F2IrkB&aEz zT6wR`%%l8iq0c;i6Yj?V!bz_Sbf9iaBS$=;; zhkz2QLeu4(l&akUtFU>;AIDMa>(^%B3XooHyF1L9UknXDXpG*uk)% z-j(4f;x1ro;(xl1rlMMCZ!RMXKe1GM2ClC=+{a`r3WiP7?KU|w-;}LPPqe^4{nN=h zk>P{4H~U)mA5_N5?MwpMp*F^0{8Xt?yQ5DTI*lIv*Bl-wX9Lc(`Cy$ely^af>nVe8zotx42IpW$owMf>j)8k z>ZKpA_XhnH1MKp!#Xmf!zp(4g*6d3cr>XU5${Yxw_J@oW`vlF`R)uH+lv_jfU}Qz_ zV%6`^1E8zwH*Sp2z%Mb@r zp=bHLG{5fMzZW1XRU5)t{6R)Ht90P^El_J*hI@`cQZRe2R!-}6pR96EiEL+t9@joR>BFzbFrPS>dv3SLm0T}&=D};A&iE(EPw6V0#@LMXNx{-z!(_W%g^2n{-C*OwwbN_h(2#|4TN_-YRPA4V zra~O64HzmW1g;OBP_Wr83pIInCseRbcSHVd7}@yGl|x5H%3tiZNJN*SJN-Km{C@I1 z>byz#-w-7HIq`D3J(6uP^FeCC`$JyTBA&YhB+5UG*LQM1B8AR`qu)*{$ZtjRr1oHV z4@wP70^QUpm_W~H70$0v)cbAa^BodP$O2_~i_b@)Wxp4W1cB#g=aJTYTj(^kdSI?E+ZY-GVQlW z3}oab8T}-{G)bIEUQ41cG%1c#^1|u;+gBLXT&)K>cYqiu^?Y=E>n4~tCm+^i#&|aOI zXo-kWqa3~*qbzBEn}gVX|DU@6?ZY!Ft+tgL{E6KtDs1Yo>WN9?LW8iy&mYqqGS-VK zW4T7qZJz}`eu2yOq^$@9pfC{>goMjAU5DnUeY%=+=}*XwQ@D*nR@h?F1+NFZacttC z2f}fZIc1KyviR(M!i(F`R{k4pS<@mD$!F$HU@IuAbgJe9l2m^(ye7~+JuASUGK@P^C(OV#^9e~cdEDsuu$7f|9S%pp3 zmf55^aan#SJ3_Wf?eBC^b-6`aabJPu0FZm%{y4;h?$UpEo$`RyL<{Z#7HK|3nD8t& zkhTdjkm#b?&ua8_&70o3_pB0Kf-2Xxnufh;#cd&nD!*5ASa*`ZDk{sj*tTIsNGE}Q zfveLQa}b0&HLOXC7kJ_NUF-T($BBf1kOkHnSa!a4Ha`J~=wP^)0Bc|y^)TgMR%gAH z)vqimHzWVrJ`!XtrDP{cz?ImZy}dB5Ym{7$$EW+gC;SV4ZdJl|jBXSR$D|pySigXZ z2k${M(j(6YY27|R&ha_G{FR1&?2ga$tL$o|$atgF0J2Pyo_XY1z}@LdIHjLfm6F}- zD~EbhXh;Wn{>Ux>2vA#d^z-a;Oy^}A0pcZJcGkltX17Kizin`8{ph-Im8J-2Hq+`k5P)PusvE?XZg)NRy)1+v+sQwFqwmY|S@XqQgc2Duo_S5gp`Rz`GW1%Ju zh}x7Z4Mj;9rT-9yz`HZHoG)pY$)+DZc=1$tDhJ0pnUmk7TIuM&)8)TKw>+b+(+!Oj zdHtW2Wy@yllkgJ7^~QL*mg{=^Y)Fz<@~N=#9YL#BusI`S33_8yfMqiR5-h4{HIjj{ zTGHZL%M<)6%e}7o`j9@BJylkSYcm|Za-HgOCRCY+()b*FPdw{e^HBcB|ME&?IljC* zhlTpu!XkMOlM^;IemocCTZ$}Zco6znIb<+~e>wXhcv6^W_>oi}_%sRX(^g81ZT=vQ zUdhAyKWAJFS56|vDuDP|!BnkfR62=g%+;3#!yP|ns9;5Rt0ighecVr>8xi-(L}K^x z(a`D@=L*X4R4)#{n7#DtND0yV+a1A=Us9@`n|m5&gMC69VV2U+@wqS68T7C1G2sHp zvheef>K(OroZI7rp#faU+cJejXp5eM;KBoN(W@-Bo2vuYRM$OC(T1;--r5#&QEam zLK0+sqVKyN-uCnmEOLr%E#}Jup&V5R?U~I%7xA>u7ha%C(gJDE*K@g9Y`W&1eT18! zbHX>C%(&#)MDx|AQPsn0fX2FA>#M8!?utfCvE9r(Y457sQg3=|T{C(?fi>7A1nh4< zmOO8sZ8oBbJ@Ht{$VcW!YL(|j2OQH$IDu1T%1 zYqFY00^!riZ8Yjwm`8TLsI1?yiem8I?%(M(L@A+I0IygOUVUBiS4{90#2#NjeU|$T zvOB7@x#BWbz8a*6cWq=B7(tF0!>km>^o<%25-AYxvPWL%R)UJJ8>EliQ3^uv1zk*` zpFNj#wH~+hj!OG5)GfdAug2gg+Fk(J{ixQwD?>Q`lf?&Pf5i8fds1O1Rh{v#jQ6*J z!)Rm;maEYwY;@~QBA8Ll3cv_Xfqgei2^&=lxpfipG*`w^%T(8GIoJx6Z+GB;git!R_Bkq8wDiIOZ?fV zOSHtyq6McrCHd@A4)$#L_mp$GPbUaIL2a4B@Fij!I%;#%Y3kRM6~eT4+C3F+YYe~z zaErUHRdVM_=u|_NG9Fe+UT@+jL7|cxfd&RFadB*`-hp)(Q&vVe-@R(`C;=P2ibFdL z-)}hCwybtIU??;$&YVSj0PPqYQS9C!C*MLzk@CZg4!|c`mU4WerI2jH0-4dxe|mU= zvchHEN&;Ipw4wFNv*=z2p<(!EiQlqC{6d?k#tX)-Av>Z-(P}{o-(>-%^Fly0S^u>x zzqx+T{Q6;z*$YbKaiZaH!qhMU9D7?7LxQ;hT-z`^=LibS2}wPZLZSbM2?6aV8AK`^ zubZq?Q8qA~pHj6wF!;~?9TmE3%=-)t0-BnXiNYt#b>cHTmh2~oD=u?iL9t6HORwJ? zVn(IfQkxMV>E*yx|9Nz_hB1-wze2EE;%?%YKd?5o|JUgF+#@V1lKv=G!Ch5=nS*kd+I)vVKAbv33)mUn^g&pnjb2SFO(qyCb9n&2Vo~EcqA8u3T=Vyv!8F$oE!2 zb!pGtX>s^k;=Q3^|7PNam7xuIYkLNncrVTWY0BZ1tXS1UdT=_C@k#R!tg-sXR6+GL z|4?D65Ak=LJmG3hF47MGI^`mJfXd*K_mJ@mX~k&y1eYqIL=h} zyRr7yKN>K^(h&@AEoo-hPZ@P6g1EoQCWjrycPh4JUVHZGo^p3v>Ap;wuJ1D=l6m+w zWM@Z))uJfm+{S01Jf!*e;pY2xYk7UyyPUpbe`fF9DSVs%rBUW@kcC6=QsuMO?>Ezg z!2`q$Ov$VQqETYHbWkVQ=x&;AO{Mx3%$4|#M=P`q_9F@iYT(&KSuI`Lvv5`G{=X}u zlgA8rTylI9=b);}FC(4pNjCPMF4+gF21*PIyMb!r!TXss-VJW!9~-*V>saAiD_lF6 z?#p}IZZj>Hc-L0@KL?z2Xvnl~ed87Z%xAFsR66uyOe6iYQb|>3l&)s5UM!V{08%5B zOms+JYCy8IW-A9;NYvdyex~~8FJEGHmtPz|*+sJkP6!VbjE*Yeab95=x36wM-uE2n zCicX;iCc!{siqS@&TJXRx`TUdS?2z1r%V_I#RE*#x|HAZrlpsOd|u25P}Udx|my=IUlmhMIk1~H)lvVup;zrJ2JypT{*Bx(#Y|RIf zO7vlzsJ|DYNgiLfw0|JKJot$wdgirW<(+*Z4_(@j$8U76vr#7%>zyY``E`>dEnqd} zwgpP%mAbE})_DIiom$j#b?K*2 zFPPp2Ed}-v2l+P>8yg_+Joip5%-d66(nuEbD|AQi=ONOXJZqu|jGzjJJL+p1X&yC- z7XT%DUDb7;X3O4r^Ur|-oR{01>CulqMoln#9)%Cj20W)qB-5`fIYejmD0=%2JfC?u zLbi_TGch}ai zY7Po<&52CZ*@RqTG`sAM)|+JG*twW(*rye!|G4GBLW;0p(e8=&Qd0fUu?gLdVjEr% ze_ThBITR58Z^6Ah92J?KE(&NUB%;pp9QYai=2F?hE>0rV@R#ac`{G@o`nFx(Dx5wA zi{Y&=kdqn8ijhj`^kVyQd|j53Az&ODhMej4426x{o&o_xFfX@a7p!3O`o()2NP`e> z10XGx9#B_IR34pNUyi=Ak=xF62rgZ>HU8$_D%oNkxOztjx%RZqpL~(S=l0t@y=QAC zP-?%)Ahr2d=~6ohW3)WAmwpI&*82q~bqvWTV2?Vs)@^|8DU%)K;Cd&4j?ZPtrjvkS zhWL@FJeUlxilGze4sx>R`;VBf5K6j#>#XQ-&P!wTJ^cq~DKc=B+0`X`G3P1Xpt_&z z?s6LT#(Ieou+M&;mgO`D>o)7XmWZ}0g+)57aC^?vT}az!qys3B%wPX_USWT@yn`w+ zqwkudWy|eDJy=9Hs4tJDxYm5Bg@!S$_kT(y;+M;2!!-NZZ-Ke|OsHaa)(fR3$utM0 z6E8cc{(P&?*Q}AP)I{%={vV%IqD!;#Y|1t7R!|AWnRBdja31-!zX{;FS(Pnd&QD=- zaJV`xHbdl2ADM1-wuR4WC={R)JL2R#`&g^OcfIw;-XLk(};H zPcZ&VSjFL$`v+J1{a5rL*-+&WcdLA+^!h@hwvsal3^`#chvuNp-k}KgOvS6)l3V)OlboQMWvLm@QhLaOB{MD%0i;<0Zp0=N=Lpqm|GR)6^ z9~VfEOt=@F%0r#x_zfB;Ng0=l1rE6fTrc5FJL@mx#UbQk==N===F2`09jqZk_~ZrM zTIN5@a8z~%o#vTO{vg^ugLq@uXz~J#7F^P?kaelW$i=RTmK%+P!fVRebw->U871#& z$W`|yeqP+_&HODDF&#r0r6%c~jG6KA0ye0?t5Bk_itl}5iKQB!im#+Q(W0KIv&?Vw zU=!`W%piV$sa&HLfjci#3U1v$#ikQJ2Pj-)RI_!gYe>F7EQ8adD0N{ms9GAuA1lgVK196G@w$dy6Ui?N^(GS>w(K+&L;VRa9q`=jm@q_?H&HsLRaSQUn15^`5wEDm zZ^Cp~I5{Mh7oIqpVWddeN~D4LPIEj;Y_`z;&AONZ|rP5(q$cz1o${r)Xbk~7RNU~07b*FM03nUgE7 zoR>W1s-~=33lMkbEnQVvO2kRoJgjGl=tS^KNW1qd;9W-W78;rL^aRj5+;%j!T#a5+ z-B*Avsn?XG@*|Z`^yC-vgC?wcGAA2eAff1Q4- zhzFg*D@!yIkd+YetJ|>5dC17zeaZyY`m9%>8AF9fV}MsYVy$P!gm=I@;0@KbfvU7j zX(-)A=PM^)n?MEr500mt$L45iz^sNId}m|xBcB@05puT)Kt++sGKG;@lajmdmF%p( z@8+#gqUR$I+9EIY z>t6VmECV+~^2T&dHv8=cTo_vT#Ifh?UJ{*Hk#2#CW&dyistClTF)IOqkTr=K(`aqK z*IA#VYJle1w&QV-_hDc9zpTAlw=roDQjUUE=dlC%6ZwC2?3|z>T;SWbN=m=m#)(F0 zva8UVl+C>{=eMkMHi~`dd6wRf*T@%vANLnyL4?h>Je?7{eQ89dVQHQFJ)hf!rF!_bA~x_UY*R0x zH`y$$L~p^g?x!*QzM6gA_S@jATgg7P!M9Ssq4wD_d^%#?2Dv1-qujf-Zt%IEUP%lU zHQkIwzl&tGf0}R}TKUJM7Tge!So#7v9gL7)W-7cNVSEED&ZtLu%$P`NFpAnbn&kd2 z6tT|=w)gpuXIyvYr{0GpBdgVuX4mE#TSY8kU~BZxc+lD6_*e%nCtn6fsbkzL#2Fy; z4+7j*`X9|S3^PG%7E$~w7O@SJbE$IUpBH~uJL|TqPUm^po(%`;6j|jk{Jq1A{L->1 z1J0-vxwqOVIme_cSi<$!XCyVjYvI3WH?LQs)Sr|===#z)z*suGdR^s8;<(>kQCgK1 z2x%K#%Xd@fN2)y?U%MYGLmP;!t~5SYB8ZN~Eqp4O&!@oq+wly%8Ac3|GT^j!loEPb z`u%d}+`37I|2{P7fq1e(BFQFwLj5B8{q~w^)|0$9Va&u(lIF@eAmJ0eeqMba9Xh{! zbq=u^YSs}Jmx1MI>VK3qvo?_h?}7I!RY0GqVm+<_ni>dB-=9MqxvJwqOD-`>6A|wF z&p^r)jcbb6sNIG~tj%=!FMxIv)!dTShd7@0E7Ef=u%hJ5#JQUy#bPCM%fSjDIa zxqYs0!X)R+iGJe;(cUGOpO=Vdq3JObE$?q`^~yD;BCL^{n|aY? z1E2WRRuHe6`P9P5CCFe5M<_-gC6+q`n) ztu9Jr{l?0yYs#8u9=`9l*pKIC63cq?t7a!iAki~N^5m79iL5Gv1hRID`dF>UfyRN} zjhu;4(t+?Hf#5w+qm6cZzfiBq-%4`JE8&{LcZ6QisS%`7H{_?}U{K?q)O^IH!*n$YD!r82 zONE3|@8Soj0)U!5(0}WcO7xBY6fq6x?>zg|T-b-1ye;p$$l>4Yo; zA}D%0$YmlsW?qrndBQq!kvW`cuSs_K3=Ko8%ftJfwr6s9P>gM@A;>Z<%IZlptTD+M zx&ZaeOK)X=wsJTZ6Gjs^m*j1-iO8%}$)&K&Be^6k-*EI8x9d|TLN#L;l7Lk8fP!Gj-4TvMhn0s8TT)rE%8v=Qc89MFx)P-(m zcuuv$<$hwL&2rc~@7Z^iA4X)+uyo2v>6t6HZafMjW=TYT_3jo_KkUdLeqnzC=1vx|%znu4)y|Gw{6gz~&Tmi3d#d~VOPo^oBjIfEhitNk z^oa(+>`$PzU+-LgD!H2J{`TozDZzntP1U7)8B3Y0rELP@v5?^|m=`w~wU-1XbBm-i zpa?IJYx=47UWb~mgB#jcqB+Zw5_NrU*jW;U%#W8e^k$QX?bJ-r58DD}vso^9-M{Hs z&%%09N3pp7Uq?v~W_pR4XJ_EY=+1t^Kk3DAuNA>8uCj@PmPQ(spm8y_ZP1x-Ypl$B zt*^q{4qL&jIQ+f%zELFBWvmO;*~Go0os=lM@u=_?wVfk)`_pgkH~FeeFSP%5XT-kp z%J%~4w0-|C#|CO(vZ1)NyFT>-k%l#T}}4 zV$6JofDJ$Du3yjHAkgY$3{}MLq@^~S_*2xY8Krwwn!=U%Yg-v>n=N8Lo~|Td(d+F7JDq= z`lwbE!ToOneCFvR8muy4vLWCD#opW5$fWqZwJiLkv?k(k0XQSDPVbo3exfan)e8hQ z5VZ0Rjn6Wa)}7B-R{JgJEZpA0lFKJJ9yRR#r2I>w^;`Pz$6-RrnD01Fccxj@>m9f< zQq?iU&#$)YsU30G&A>x?VZ)~7Vo+KYnw}jqE%3)|QFT&0h1@2~iy6BGJ43I}`Rx=p z0AFTZF;ii?NR6I;iPw!cp!K6IsPymE^eVo01k>K~b@8bsp4SC!px6{ew&HuZdE5R{ z^tpY9ruOzg>I>(OJ4kKH~4qlMfBw!{@_zbPuRMG_T zyT>V{HNodhGF8hyemr?M)=w7L#|4= z1Vjgnmw$X8dURMSwpl8(jOfU*UgMzqN zS@(-?`}-TKR8z`m#?a%I$k9&JS?A3W*Efla8}>&3&I#wUq$&h*7j2dIJe`8y@w_+g z_B7}i={pdss1L8#R-r#3@cXPtryD&1YG^zYPfnW8silv8wUyO+k@8h<@=bokhzU?B zT@dN{itDG*)h~5b<>UZGqFh(R>;q;|IBWW&<&GDpC84QJem3jZ)}Hh$ot+S^P6cT8 zL3@WUEPqkU-~-u?$a?80l$VAo;edTvUB`b@CQVXCoHth=N$6^~3Eb40xvfO6pWXLR z@?sa`MflreX6}D`N3YxVjb(YIMbUkOVF@d{^qFk? zVKtUFIF@r*V`@o{e?=-;nDs&bHNC?tSCNa-X(aYy*~LhZU9Xd?xn-bd-z3yf#&mWD>Ew_P)mD6OA^*AS6MN4TW_BkJA5nf~8D@Xji7NJWL!TUp4t zhrI`|bAez74W6yKjA)JZ9?K5s(H{T?Z=G1`pzD@jO@1 zx22_R$H8{%QwNDPaW(zKJzyL5PVL;Be;xVtOZ7XGHZ?9!B%?||mEV@?6th;mP(5n= z;!s&kG5vc?+h>=epehoMco(t1bZT|>gx4G8Tm8kqh9bmiXYy98bYIQ)&(#im+@IF> zpy-wjxbTKZBDiOEl$1o=m3lGep@&&mDJ#^X!DHs_MS8`WSzu+?Xs=0rW@pPS7FFyM z(6^0v_nuhVQS?WO%@hySyu@JQ?76Gf?C$_->&!OeaD11>m9t;*p^5CU4P!S4k;b=`aJf~_v7@HWByXQVQ=jAsnUZpn`mWz{z*2v&Dy5!r{YE!z)2}s9_g=a3@EVXEYgQ8#&oYi zB-fd@*u=uE9y1f_);q;A^1GxA*I?USUSQIqy_vK0$iB56VzTtG#A70KWk~Lra0+(I zWX`$q_}bZCj)9q0AT09JP8Acc4yEfD??BI@0?$8x^_{sFiv3U@MIqQ!_l;$d?+Q{a zLscUlZE@ZDP^>#1pO-Oo?2;nzB54_Kh@IWWt=~A5K~5~+m-Y$UQa^Bj?0-i8lkzUf zpORxoz@yLC?TAY`z4Zl%J{UtOEaX2A08|cza?RTJhtfiWkps&FXux#Bt7OCW zXO}5!Sru+mvwOGmxChn!QPAS^TcaO)+y(=KT-3s|GrwJX9To1hGB0R6yQhNa{1zIi zB2?C1mkYg28DeY=aN*fjbfGHDEP6Pv#Rg5rvq|(kSe&JV1l(ECv25uIdBgfJ$Arrq zb^i3^C{$806edF7u2ewshvZxL6H+X$9NUm=epjKSKjZ4=j8#nQ0hW@jx*v3e03xpK zUYabgp0v-k+ZWs@)&BZw%+?qE>Qk!ms zU8jUZ{uvFHe0O~{)YYp%Ce(*9T+wrNA#$IIH=o>$pl<>7T_}eDQ7mr^8e*VRKf^sj zEO`oy5l}SG+Vy9|20L^^gY<|w`o6qjbqRJ{W-jnK9~7>LDp&pnG*KFI)E|&?ogQZ* zPrr8GVvdeq-e017M`SWtdfze;)9=KC!Wi8(EkjebV+UNGyt^1eP#AO?H~x(j1d`O; zHm5DYWtPbDZ_OjbA>>B&bBIS&*3mYr(%tyyNR$1OicVaZ#gd*V^ry-JobMPr=xW}^ z-08K>*CCq>Y8-Dq`&N8^!;y^YA2zL<*gvhT8Lu}L*<7>#9%NEl7o3$Hf_MfW%t!X` zEY`tHCOf!=I%;abU*?`9H@)l(XT#I_6vM4j>~i=HPQ^Il^w=o}@qXq0c0%~%aZrw{ zos8s4A3B6qX>Qe&JU` zM@+iDUE=EsN7|pl{p;9{;f4#f$yKE5XFm zLfg@d8OBgh7lgei`EAK+q89as6gbh-jckK&q-lbRpULWvQ*O&XKjZof44?RK_8hS+ zZ_>9coR=?8yjx%mn^3Lg28WNNR|gDTYip@k`|e^Ta-N9)rS0-G)#}#AV?mGqoL!e> zIY9|*Ie*%AWHo@zt_ZeRR4~afz4Nk&@CBfEOqrE%0>36~8ng+j5-wXz^%I7T1wo{O zqby+2-8If+;m&2&obB(+uXR3$$&JSC+phDIng(^8=?X!98~*(JI<}_e*WW=Is70s$zN&8OF1NG8S|AG$aEWMp)0$(zJFFO9{iA-B6?hA zThG{&$69j(@Vg!Ly6XaY{A*)eu*#WpP~GEYX=&SZK*jM&Kwj{vgT~QdUDZ2@^3Z7y zN|$ODqic99D*(h+l!HEevb zY@fdK{jFC!)_d1+->eNkxTR6NZ62ypA`G8`N0O8RcaIJDYtWxI$5fyBOj8))C}E+F zld1eZ;=XecW|86UZOxU=XIn#$1cto(ru7pT|9mfk`C4T-1zvE~#tZg$n( z!x`v99h|#m|Mx5ZPk#1XwZBBkMrW>-^PHk$+xI@dT4fXwJr3l!TeX6he zrif;Kg=5wY*jw$iz}a25<~a`*!i6kp8jvXBMb@qc)VnW?zI*!ip77)MkG<$h$;E@0 zNehV3RcY(LQ^ANsU{rL|LnjpI{bd3gJ={O%^z~$;$}3`~H0V7ky^61HTSIkPGB^n3 z=P$qEUgQ2E{s7Hq2OISSPCmZ}H*LV5{IdnbBiX7ZmJHk`;H}?tVi9vj)RNZeveZ6? z(pLc&Rs+kVeN%$ife|ih+^I>tY`{U4W^Wr=$O1kQ-!~n)QVLYu3+NYSE&-=(cqx^V z7qO`l3iOSa4TEP4>=q%ZCnJ5ucnL5E4adyf*mOtI;<-9wjaEuB88lddAfyONQHBrU z46LyY-@Y-4r#wzom^Q47R2TQB`n`gv9FPMyhh21UDw@fGd(Xv|0(H*-Xdyl zPU#>iNkJCho@G|825K+onc598O9Y~{Uq9=Tm;1U>@>f08JueS0IO^2xaM11J*P6gT zG(I7?RXd`)*G^=5+I^jvL9=~@kcey5f87{;lj7MYF?L)jCe|-YteMzND`Htn`u%<+ zSA^#p{27S8eeCaF-SUws@$8QmHuJc%1a}#=qQNJ;t>(MZ~#t!pCR6Q!n$N1O94WXfU+PnfKD!S7y zG4aagGQ+rOh9=nU0N=GFIN&LCfcKRsr}33fs&ynfAVM?p1SGVy%3ilwxm-xc^8|4U zUbYjVRqt2bf1|9Nc2>zR|H_fbtW`TpjKlREG9ZD!NvU>EsMSlSGkNLFJ9zBi|19+| z#}VFl9cPAemrH0AZm_x@yux=L+((PPylL-UgZ^=dKIs>@Il}DfL^j*AQNE*HO=W9D z8B)dQ4~TMc91S|Pgi`%>Bbl?Y`XPTiQaV>=%s-<=G=5TX4tz#;ag}5r+=j>mIwFgUnWig-Yt^XVJlj)YYrr=`>4B)2zc}wH_C)CuQ$_ z^Xs`ED9IX}@pH>P=F$m=2#a3XSyg zNbkxIsdTtS*VBWQ&9j5Y#ttT`99C1$>xHbiqk9_bM2QjKv`c>Hm2V00$yg;woH77U zE7Q`1gpjV53KcD6;QPw2vtD&aQ|)NgZ(?#h!&k*eUwF6qRP@P34FPB>iXT3Zz&{5E z$DjS&NudVZx%NIbIOw<0=QXBt^g!mih&>9Z`|B*prEi6PEAtuYD?@x@v9#(u_;Fq^ zs7q~M_+k`x6G+pVS=NaCaHa?Bd3XIHdCm9!OD(ThqElTCyB?$Xl+ME2C~)zvo`+?Z zuelE?*mlOKjy%8Xed>uz7A0w2nJ2p@QBCShq^3xwG19U875Kny^*mmn>m$dHj72Zp z1QJ-|Btp8p_7c>@joPPi|$4sOZrV7#9 zz^kvzSCtYuHaekmVCb@tf)AmYMWOU8KH@45%35j>=Mgixau|-P@{cJGU-;HT_dbzjor>B3ONA z)>K@_^Arj5$_w(dS}DYBZL|xAXGiNzoWktW>J-*HPEO@4PP>=W6QU7K+`m?@_Hwpj1JADBiC4oMHcZ}P9xnT)uv4bRCX}1;(-~tYxZ3N?$TtW2{XM?i*rP+P%aZ3BI+71vOm_5; zqW0j8%Id-lteAv1%Ww%6wku3X3qISgtEwolT@p2&>~SF$#n>kfoQH%Nr5;1J?!?!p z5z^5*A}i$mSX$=KV>eIVc@Dp_@?xPNt1~!ok+fvG`}(zA8pb|%vp)zrTi4y)6z+5* zXzj5wXG`1b_Kef536e-Y!+T27hL6X3uI{=;i0kPHakuVNTVPBO$OY;!P(vLuR%0z& z9^CvG{q5$ds6p|OAg>4N`vbfwv`b~jZy5yHYgZz#k5uL{)J7`&wU;c(^6h7RV{bxw zX8LKyVaH0%-dE}de@pGSo0y8Ph`pgXH++>^^`$%;^*pWdESMKIc=`5%n_Z)ap!xik zalIrJhrvq@sO%r?yeS0d`?g^(@1uS5LMv^$KO{OiVczOBe;b7j9*X@$cUDsTw#L-{V_$sGU z&0TC@tl>^w#+4UOdUUScnH?biTAx4Y%q;QR>3LLqgmJs(byxOKO#b-i#KL#K0_qa; zd=~!7O^=yFA0B58UQ@&^WIIDr_40Q_t3SM6${ziA^||Rc<|rpSf&%>U%=r(&^02ci za1XO@x;EOd{(3_jJ5`6{b)4Lj*~YNeNwRrJ?^&YHCM znZZVr2!<9NrySCP5xL@AeK$EA@k%Q8(boTB@3N*}1!EU=^prX6 zhc-dZ7Gb=B>F;gJ+>1=Ish0|IOk`lAViddKCiHfAoCVv@3-NmK&0{6U-t8L9zEf$A zXydK=B^6h{O`J^e zJ(iE4U#uN@p^+A->rz}?i@tG};0$o`jN&TX@4l7J>+9m^Rq;-u62YxgbC~A1ciBJ90j3J_9MWUd;QVQ`Qc~*sl zP2O&Mx)zeoV={%)Xf7WLTP8x^InaJ0a6$y%GEm(;NkQ>JyN91D-{V8XksH!jNKhu~ z_ScOak6x`vN~y?6rFq!Abgc$S$Pi8Q!6$#CF?-Sg;xj=lAH?bqnzCQJeKDv5xjbTh zeO}n^Be$ZA()#jN7x3Q)|FL`?9kj48kzb8S->9HI5uS@+x7Kb?N^GmpXgx0cq_6T| zBg4b2&D(;XJj(q4Rb&KlW_3U)q;5o|*}Z({nvw;N32(PS3z6?N!*7?JafO zR&2XqOL#*!*)ZBa-5z0*DE^u)b>(=z-#3(6@5$iCL+S@7F4Zd*-zs2dAn!G=i!eK+q1Jo@*hL$3hd#Q{XKE(K&PG1; z9?^?jn*07P{heB+r2g;3?$bXCha!9+n~~33E1{72DWDmee^4~S;X(QK$Mrh?gL*os zh1O-M%hWpwhTFyaR7a55lp)X;QV~IDTZrW~I|Q(&)~9KRKBBpzpr6R6Kq*B0!=g%m zM}(h;h*VI}7BEU&T7H35$0*z!Ut{Gl^n(@R@3#TvRu4R2a`#f^{WQiwOwvs>HY zWoi?rvjZJ9<*#j?Dr&j7(8#-&8B{-298eRuOw?Z^x9#yS@0f6KzmY|f_G8rEeIdu4 z^W*Pto91P$THT^`(c`J2HV3~Fd50_s`DOnL_t+IWcc$yGI?ryyX&be^hCAHA_Kj+J z*d<^5?&QXs?^dt9Bo*0PLB840k|@ymVlm+{2Pn5i%`TQZwk<+8p|-@rPY+&^nqIvS zdnq4v?(h&_b2FHm=^X6r;6Nvy0u6JSin1zY;~cx~M~~mnfN4Jk4gxMlnE7!k`Z&bU ziRHuJj=m5xL4yJ4pGmV1r4K>a0$VkR#%JtG3R3s}bw%0&ks#HC9z!@76}lqVOl)Tp zo*pIL<%Oj|BqO@`^V()u%koMdbwgXARRaP09eaGnJ0GW>Uv%B|yMyc=x8!3PT{d;k zyk9y>4}C_LIHUb2L`qbJ3o;8iy>LgI#m0v4-b``U3GWF-Eepr~rl!74nZ7xP4i8cc z*-{eKDGqk3go@8s z?fd%VRo1EB;=o(@CI<`e_p4~M(M~mNR(67$+n8}PTKLK+r*P8w;9jNtsQYghrA031 zBtwWH;Tk*v&(8csh!|0<|E*TeJ zIj-3)`JK8+KZC!hiWmEDWWAL5N^tY25BK8dfYJ47f8i5k@JJ~PAr8<0Mvp7VxE_&K zdowfub1gbqP3`I!ziabk$k=hbLb2Q~GQkXNXTyJ~DJIiVYQPWdJHl1oTZO#m&&1Ej zuxES!!iWH!2joLXd8!QH%7Z1THuD~_ZY=;^U#D;{e335BKC&L_VByg#Jo4}5*-M85 z2KW!By0R%JL#D@v6YPQauYs>@ zC*D+|Yyi`3MQ@e*#$A{LRJ`@J)(2;r*a63!FN)l?ayzxYC&&*QhD5s zhQA7z@lPSnm^^Z7YA0B&(^OB|U$uGL9_hMkDR)G;#GG+JPT-1dKEs$g?n?SzeR&A) z(2VrRSVUsLraF; zsh^Y92uWXNej@yqwv9Hjp9Q>c9ogo? zmV`C(P|wKCw|4Nsx3<`cgF6|3$6?M%9E-}9h@h{cNUuMaVpnqgHrydD(NubWxX>mf zR&(3m?1g>Lmfhfdb0yn9{BP*6aouivDe`zp5`^?n`cn$0yGdAt_ct4Ka~9`~ug|Um z+9a$`1rRu9cgra|p_}Z{;wM-s`SB5cJmZ9+un+HTLF?;OF=%Z^{=E1p$7>(F{RQ+}pv@Yekgc>~( zC&R(k7ZmIvrt4W%t(M87Kc+NM4F|2-H5Dw_F0P+8Wy>WPsr}v7=a<8zp)jqJs`}@p zIZzVPF-MGlR(11;Gvp*$h@FK=~t9SkL2+s6BZeKa2{=uiFi`|-~S9{2Hi_iBqC`%J299{g>~{| zRDxVScvS~O)8EV7>qDp3EGf>igI{37em+Ap7CW(NVf|{C%~iff$80IzXkperGx~V; zfp*<=&#_GO5+>@c62jsO#km@sbFR^u*~j5)1xET{dwOBtrahX# z-;!{lqg2u7irHlOp}Xg!r1F~T^jDhTOKm}lrlhmztCJkgan(*6de;qU8zl9-HX`)G zN%7k~o;i4Cc!Cj3aDbS)*7+M>=Rof@#6$|}z*=Ssc4n)ARCgF>;)&CJdCUXhJ#ijA zJ*WxhV(!v7DI5HC4#w(~HPI+d?JD_CaMABp=As2>@d(aPfwUs-eO{req(Jr6Ub#)1 zkpe|${gd3_1v?|~@A{~b8RdfdjKH+@hYnsE4Z0JV(v1!84KbYllDWyjCViK{a&6~H zsdctif}|Cde|mubXBMd@6np-K}Y{S=S)W;>*q*z?W?*g&ae#eRi$L#LT;| zPV9YqD6Y5U`Js&k+b)?M%G&0G=zFfIKBc6uV!crr?+CX0?#02`b$gD(HD2!2|EZ|u zMl-OQ-mlNhcsicTpWJW7@v{io4=}&v>vvkL#lHtZmgnM zi0~wbZ6?GjxZcszTla9T8JbUg$Fq}X*FMW1wcEFtujv;&aU8XXV6O9t$(UPfyI!9s zQ}5V`?)VQF`n+?EhWG{$B+pCR6x%M$zO7j)scf@X8*!Wie4sAG{i1?$`M;<8HMh)e z>ZkG7=IwiwwDOtmn7NtXVw#5hqaPwZrtUp*?#VqE8Md-7#bItM6*y}rox#^R@#9Hx ztlNNcof%kxzUa4=Ot|2AYCQ(Mn~WY%rk1p`$%C7kOG)g(JFh`$Wb%aXq9QTqFQ=8l zUo+FS(uifvb4(Gr%bmF}kB~^`wL;C2_xhiZ~`~e7dCE=UYAw zu4ny<6i(avl$mqV>mSh8eiS`*9L#cwK1?h#i$k<4-C`>+m5Qx0E(UDa+rmjkUhChr zhMj|TTC&g7pEOYQPbpkf4?PPdyPoBm5E5PBXzRKYO^f1rEdm@ z=i@eHl%BhE>Cy*j)4GD(Ygap)P+;v^ptpb=fANr*ynV7)*-WdubCr7Q?LBNGXz;az z8vfmvq*IvB|5U)R4lQf;qg(HjqLZB&@Yk2V5@#St*tIN zw`|RIL{f^KT1Wlwr`qtN`bhRy^v7f^Hp$^rj+W|uDYX)7m7@Gj6HJ)(E)3r8{As`4 zfpX4b+H=kmU6+PZD}E*Enu#1On^8~;+yyMviL z^WVlr@awtG~TJjcAw>c)YEheI$+e zMy70iCE~~H|NV&};zUmxfA$@A);VtDFU>UMiQUr4>{WJ;G?v*Z@H?@_mX@)59lxE> zs5#z)4+xPtHu#_P#><5)RaEOZs&z2Cj2;O#mMGuq3BxXB6}y$4*f*`BK$A9e?A+QZ zsaSEM9Xi}TPn=THw6URX`nOFkNt#YMkeg2H9?&m1;UIouaNeo!F}VJRwf@_9Ol|`D5AW(_4ECxxFb)b*fuA%5gMfLYlR5+_%=I zR!w=X18m)Sp`l~cS9H`;F5ds8-p;l|9Jsu*3uh zRo|A1Vqp0R*pEhMnzB$#$4vDcEznT~wNBkycp~(ly2qh?iivV<=L)U1J-tsmW5!j| zu+Y|tIh1vYx=s_(_ApZ()|;i^{O+hM4P}Fah1kT%nVeaFV$|7-4VUjvfc42SSMR@Q ze%zz=1kSrt+lz)m8%|)ub58!5V$a=SzRuQ&po{^HZ%!`%y;J)_N5$r*Mrmv3of5;i z4Ib-S!jd;0dw$_`=sHJGPT;fkddpr?R`5^qxz0v_Nio?bBf-ty9@_}w7pj+lFOp(wP@Sh3BeOd z4T@!E{<@A)>1ru+Z!`BS2@<}g*IYT|e8aW4SKCu?O>w85qhCDY)d@s+yRXLfRk9Co zdqYpFI3``RkP5!X(R7HDoBGq|_!&F6KN6QrxVi;aBs2$Wwez|c=cRu8MGx`L63yFM zKrcLv)35QGec_#aq?EA}3C>?8TGsoJ9$p;!QJW>FGDcyz)_Sdoktl$K}Ob*L&Kzz@2i0|79^s4A{O&smeOsS-O z*zAjLIjpo^r%=&FS-Q{HEjZL^*R)N(zq9dc+B#q}yv;sZ=fndXB2KDR#=qbs$mwZX zx@McS-tNbjT(uOR-Q0F)YJ2=wLg-^;97me}jCZ5z)aWs@f zMpQsbBjqdz`Mm#REU#%*%BAG%j@VU5LsGktdtJ$^hke%L8FlkQA- z$7mejOBW7{;#drRl-ye|ted^EJM3qvx!*4fk$GU=)rm;%@PB%-%lGUk25Nd^?PRW| z9m&VNiI#xIM2|xSbm0S}xD6?8gcf1oAjAaN1SlIC29{tT8R`sz27)Ayh-Mlw3Ls0| zqqOjK&V`H=3G|>3wGWUgNrZUCH4)qAgnOVk+?g)t4%Na ziX$#l1%5Av7!;X$(XPr_%E&`2moa$lZ21{RUDn^{V?f%u)H6+eO$DbKp?Bm$zWf#-mzP-!EuL zL`JJoZ$Uz|^xw*xXK&%T5QPE62a#8-UwX3RXCFg(QWbKD35k)CNJxSNVPG#(7zC1$ zl76HFsjwEg$PXdkQ4c9+4ZWVoGj7?osMNw*x!O`6`{?R!prQonKG=R`WcLBJN%x4H z@Xj_rO?glDL*-&swoL3+_n(nGPLGN_0#hTD-ZB;X71+9kVw3J|F&Q;B|}SWAjveMY?U7b|7Ch>d1H+ zYr5iCwK6g_G!Gok#;Zm)E)IV#p|mu8UF^R^z;swPC;&B)V$4FsqY(uJn0XuE;=vg_ z*n{NDK)9kjxyqc^0lT`5Xm5wj5BU#f;IrLs;fViKT_L*MsWf?y(BOMu z*$-HO#6)04`bvSyAqfhcg!pJ^7?Mg}PZGqLzzQB>10tfNlOXPd;xN(6^fbse5BS1` z)CbuYnd~jV%eSxbxldik;a3e4iJAZ3HT# zGlS599Of3}V5WJTP|Ajrg7n_V6hgBpfvdaHivlX(ho9y$bTJ(!yv58!1Fyqos}Vf> zQR@AD2cCZE&f#yi#}>ETyO`s0i`3LqP9)t}yuIf#pBX@!nNHO1n;d=`@Zmnr(~I=p z`T{(W(vlNMtDZ`tKs~T`{cy~@Iw8m8A3yc1F+7>!pk(E>i35u`E5(oiYPZ>dap zf5N*X0FJO0SCll@jR97kzNv(G()W|NkM%JWA}KJ{|KS-HSQLmmW6CZ@Ez1$+Urmzc zH2h3_&tQc339hGjHvS^xuUj5w7O>uJ3H>Qk5{az`b3K8wi*0WAA|%ZN12=oCj7P?R z2#DSEiSkT0GlK;-ipuZ!Qed&5p~B0Rt+Q=~$g+2H0{XkQLgI?}Fd=c^;qZbWj6#^U zXLJWlMS*8}I+{YjoSz;q2_gj|{sWRW%0NejCu<}stet)pEPj4(7b^5th~G%mP}`}< z3I#-T&f;)-lMZDH z`}V|dbRKu>%)anpND}PaC)~cRTroU8{70X^WL58$EY?B!xR&A9$P0d{!ih|-F3QL| z$w0o@K|X%tJxb4Ey4u(g{#<|6c1>c(on$8;vX@4<;ZU31)N_iHS`7&~l=-dMirK3x zb_kP9VTZ6U0J4e-qJiFJB=)IDndW!lM+Gf)GNNK|xS}?>LfMz*Qfnj5 zaSFT&>;RITp7H0}??6+X@HqbRZk2jmlhsW79>Q`7fsYwaSAkO(cQd>>$@m}- z!45mehJ~?DU6i_(hj%f$&r)3MD;b|V(+BQOKhF%9x_CQ~W%L(!R*A-R2A4a($=+VC zm;IKJhvqMxtz@V^+avh(F}MAQquw)9?|_nde||r~2dnLbspJsiB1l&ubH3p8F}Zy; zZZG+vvPAIO9m#fF^8l&1Nq(i5Trzn5e1O~na;%-QqKFJ$oScb=x{TuL{qnqsLvA_B zFp6p3gSaJjFi9TWRl{eZC#q~n1Nz_qz@RQWE*+fX@;o$4Rer6d3O`D%L>yX<P8EsA|Sv1 zL)P3Fc%Yzz)1Y(R$O|F~%j#g+J?8#YHU~89zeQ#?0&raBRy{v@e0B)Oez?4uN z<)~LadAFmQzch?Ga+7iZL3JyJcYe#1 zKV$A_^g|tq6y97*6ro`8^LvHH89xUzRQKOM^4v5i^yi-CEjPchHzacMq7Pq*;e^vF zQ01>RSu(OQ7rwNi3Q>B|^-29v?GsR8lj@v^;l()suk^fqmBX>HE%A)TwjIG()ywWM zkIi!29lxAwH1i%6YW#}I?_5$k7;3v9E&MJi18LAqp*h=kkl*?KvYs_iqvRR)q3P=` zyBPXy$G>Yz#6vUzDjE?f?ugGphLST;Vj9l9l=IB&5z~fGI|5R^5b*%JoZ&MIMSyv+ z(wGE*Ji*Aa-yk&rJtiUF3{H<5Ye?~$hZ-TT9hnPD8jpT+8HGfi*qZ7v zVp6d8M%zF8DqEtCP#AuD~#i9v|=YoN%FXiXSZh z729PO>`0`#lIRrEm;DqifnT-BxSzQ^J!ALF%)>bu`wpDdD>%k!Rxl+7%4cHZS~wBk zUtTXcF_sVrkFOi{&={m%o%&)ByJM1+6^p#Num3;90l}|EFzIZb!maoT_=D|~7GchX zGijk+PI=vCt=gv4$?B;KBm8Riqf<`GNWtFtpRj>~ubf{T<=u(yX-l0$+wdqOtEK~< z;!g(gA2HPj;_BQi24nd=0legmS?5C}nT}et-_6BS25CH-YG< z?lux38UE+k7-9DUs53kLA*v+uA4-TRtmKL78LT*Hh=)hq9JY)d%n{xAXbrso7N$_Z zcsTjn8ff~^TiU-sY=mME&I|=sMI03H;RVb5^!0`CJ2eCraeC)BQ~;32RY0YAO`xC6 z8dx{|uBeu7D_NUJXnvYnXpO)aDHf>4|4i6`E&4G=O5V%FKP6%Yn`OPynOR9GzM|IG(P_J)8hf1ij7)I^>yW# zhfhF5%eM%0rN>p1+x*GJ>WQ|^1gpG8RAyG8f=)+!s)2sf&Mt*BK8}|4RgfaseYX1) zhQVhp(BZyok?zJ3%hmQxxnaKA7%kXw4{@O!75pJrJLNNZhd%Rc}^ z#8@B}=8OSSR3WLA)HJ^W4eBAc_kY@g)cc=uF;7_{0=JbsK-@Wth?f|WT2%}%^*w$m zC`MKa1z)gy1ZFG&NvGnB6fKSZk^?5X{5p)|jhySNx(tSwlzeHFoH@b6w~*L3NJQZ7{qy zX0$du)Cm?Jm$NinjI<@7#=cUdUps8VzVlzI^*>JT_l$kx^lbf+&zs%jg@K{fLH07-uy+~+;%^oAC)HrM-XwK+s6Ue3iBJX(K0?-O&`w0QfkZuv%vOEOVvMD z;m)t#rynoeFtTUp$mhVBMX|@01_fbwq>sy9THdxfoZb#E2mDf_HffJC+?^9YX&;&F zlqYppn}BIq9Afl$%3ggRGD0mb8#vr=yAfWBSuV;A5_Z5k7~?AC4QEREZsrva>`ci9 zD*P$iK`ZkiY+7Nt>fC!jK6d8V+>qn5khVZ^^&Hb{0=E+(TI>=j7W{P8LV(-jxpUT- zc#=r%AI1ix24V?3cw!cpH`?z;o)-RJHfu%kA~ZlOQ1mbU{I7T+HBGb2ykOQ1_Rrs; zD6K6Jn)_KMD-McUP!@s96TET({a*cppL4zp))MOjk#^mLDqVb2+QS0ow0h5=8+@{Y zgez@@kUu%8iJf565mZ=`w%}j#+D<$@Re#fiq)*`F@JWgWfge){P|=*hvI0ThG32A3 z{8$srj`!(BBs-U#wvc`HE_zzB^!H@eo=5wXa<6XL%%ps|xRKOZlh+#mm*l?~n7$(( zDm@r&v?QoFCS-oYX&??7$HZ+z01ah<)sJATXR1PFVtjOKF5ixKkD?{w5cq-2wjjAk z3?iHqAjZxZX_FLjw*+c)HkYiW=bWaXDPCNlV^P>$XhHfDbS1~&$Su&Vp4b3|n}EG> zlRHpU$#sJW{%{i(tucYS==JCue=*4L$p5Miv8=K&p7iaC#Gi;1^H~aZ!%_+o z;u2KoB8vSffTK<4po_v2oOm;m*45a;!TJ6z&Q*%UjfD30 zwdF3CQ~n&DrPv|GJ_8T4<)s&d^eghP>B^i|e4J^d*k1MqT9)%4BO8qh_3T1*wxQmAFfMsNWPo3C8iNU;&kEf5C_UuYCm{(8mD zs*z@?|7WS;Aug}__MC`v7AQ98BM{k+&hQay-s2=GoL7ROLl=D7l*^Ovi(5zlsp0UpKb&{Jjx;) z{AAvM4|=pHR66f*VNU3?4d3j_O}&8lz4);l$$tN$Cd#mF7EDo+vV^U@#2jzws;yZp zr4U{D{)}mO3$n_$2;XXeTAAoir{st|lW&6&W+N-Khz*-A6y%yRc2q z{pWLj`mD=ircGJhb{!GzvCGhdxNVB~ha|6KRdI=gTTxT}-?tlF=F=AQ;>=I-T$Krw z(%qiyPfNcShchmcF>vrjyrLwQpL)GVxz?(cL%zLdWQ{VUh+JgC<0As4I$8vMOid(4Xo;|7J6Fr0VR0J?XMDvw_@tYl!T*xe zuq|v%Hv=FLJpnh9NQp!!DR+}vsX#^=aU_vE>0N48mKI+BSC^&mpnoOUMiY7=5s=ml z1{ZkqE5wzvAskQ)W<|n@gqq3i}w0Dt79rQH_&1 zBLj14S7Cpl7+rjjLI^^}Ov)&r&}vOlZZRK>ZWLKUd&N6vtuaGo=3ol+hd*`xkHGY{ z-hK4kVrM2v#jl2x&+q*7MmU2#18yb`F>%Mz9vX$|_grJI2i6MK3?9+nf5P=;)&A^* zmpQqZ6Wid858@W99&dkVO3*6YbXiW%`XPbOmH^{dExGNegBS&U5$0Levfzb~-HDn) z0j(-3i7;5P>!YF?ejxu>c{BO6e#DYSylR-Z^OKKDkm(ylejrM^kw*NLJJX!=ggr?oc@a zs(NY(m6_L42$w6RX}t(l{m*w1%B_L!dMWBEBM#(C>v`M%)l9ikqtsW5SpU#5f=I-4 z^6-L#^Z#%FkBbe8viALdn0oW5Ca?AVyQiLN>y%n#P=r*mpdv&>Km?LnRO%6k)&Z3v zGDuWFM36DVX%QlXL7)oCkSZ!FN`MG5CKU*S3=xqbOfd-%kU$awWX|*3(Vp-7{^OE` zixr>E-uu3<>vP>t)YP}BVE$)?Vo-g5F6~akmRD3d^cV}n%&tbA5 z`fu`22lq;TI)|D4MKNu>j`|*KFtz8V%~(6~)do%!_88%gkLCR+Io*eQ=20vSLB?UBARpQ#T`w~% z&6Q5+`pQOdFlqjhCgXWptw*)){$FgosFMdO&G*5PlPcqceJsqtpGxWgyv_@d=#dxq zSRlP6?OD}!A+6TtcqFg9*DY$P*+D=H(Z2Rv@Q1;;GeZ|$lZS5K!8kS*$zzd|dnLxi z3K*^L?z%d@VXm`tbnJnMru@8_c5|ekpY@}Q`OfD8Cq=(7C-mrb$*kb1J|pb7M(}C+ zxIFZ2%GIf^^>2R9MJu|tG;d#HR__|s`tE%eQU8wE>l?>{W33-|-5k>QQ!D+?tX(Gf zT-vj^&Ip~^@@dt&*qQeFl&UD}16I#bRV8CM<|CV?-NcS2_2V!wu$97J*mc#vPb4L=q1{rUYpaj|6Uc zZ>W&S63pSA65`98BUNhOSzZ}xkp6mBBvntGV{5Rw9;U&CA7}j`h=my(uMn_83SY%U z&6kZyWvBCd&J~%QVnplKPi)E%fK7I9)d2dHfaOBGzebwo@At~{V@VnQ^)ekA#vWIB z&W#dV66_#(3hC`mRK)aKOHB*HoOsGwei@F$M|9kdoe-+D9j%jY$(u+;YkT{~Y;p`U zHK6jc2$nPJGjqmFD6sl(qrGatf)d+ujS~i2L{5>lDG@A79Nix-EH<6k!C+_i0qx^5 zrVx@+izZ^p@04U!J?PQ z@lCyAHL0nY+?#189*Uwhp$=i`laFsC!3>iy6jZ% zhB;b&&;gA>u8V*1ez?V~R#7wO<%_pOmbmM=qg50#s*PBK(4udgS|htQOZ~wKTK*!} z2(-?!f)0^Z>RjI?bqkrU%`+tq14*s%N`-(D5-e1R4um{y)v0Sh8wl|Q(zI@0fx206 zIOL6UB$~kDP+6RQ;du`fq@H7|-bpR2)6Nmq+v6YUlgCdB6Y;pVW>wZh4I+QsF!)7> zYW*~C#K&={t)OFoooZs-AdkYkwU9Dl3>-O!((PPmx9L_~U%)6Ms8v`&jKIElpKY)s8dqz89X92i z)B+h`2)`C8ilmDTbo~qKWRwf7=<%<<%Zh|~#HaV?-*5hvlhX4p2(&R5MHo68|4ET!6@QvoDWgL_ z31*ROeqGF5Od)ZoGG$sI&188U%WP_+T}Do$jWy-3xLn^*GWZRrG&GbT)r$n5gQ0$0 zT76s38FKK;w50k>5(C}Ksy zexbQv4b8>f)42KsQpuck`!~L}rh<1nCI_~>&QCrOtGJ@*Hx+h}XMd5|7pTqY#AkhS zh36Jr#ghV)+Sv1huet@_Q|dnX5P8H;a%Mv&2Hx0Y?GPWm=R|FGZ5?zH-D5ox@DoMT zEL=x85Y~dm?X9gFl{$g7{j=E@sdCG6E0aeJU*b7DVd~nI1eIDQ)Oi9YUl_{jy6ARK zZmgzw8UuyK2a3^*X~IFJ1?g%oaGeZG2XT;42o5X3z3VIr%l3vephpiYbRlBwj+3v@ zMDXVky>ud8t?9hiP}>(d5P2iFWbmO7IK}YOka|kNiFu>#KdL-We@T>2(AH&|&X|Sa zIJr{2oUV(I1Tr&&#h>b2KiOv5U6VVZa2RDTI85<)>2W+S$QAdtd4Li-VGFOTpKF%ZW}zGHFD@uQ+!F4ew<90(On`4JNFD{d}2n)Ki-o!WLNNaUbj|0JMElEy|beJDDB(TCwoH_(w#^42Z#&hLF%DPnqPrQ@RFwo4o|8~3H-re+d%S9N2)HZ zW#1IdZ&Hbckq0Ucg zcgnc~$+h5ynffKN=ig}@g-oiehXwJ&!@))FbyVU@r>gE+Ut+Z8vh}N}JU2H)MHW=3C-2kicouoUTc+anrZ#YP9!JMW$x7?&WC*fS~kn7nOPW2&cy1`tM`YB zC%1Xph;OYMPZGch5${c&_o39vMLn~wOfI?kF4U#cN7i4b>cdeQ$t1oFn~!kXNFWT) zCxq4Yaph*oL)M2ln)})S+T~Dx_(M0-#YuhmRV!7w_)=@#c8o-3szv{Cl{>$v&$@a1({;w|JOCLFEM~u z+`-}B&A)5iaM@!03$b8-yZa$6_YvxlMPoK8Cj<2#q=cC-PmihQ?YldH``*`v$D~A0 z_)o>$GF6n@4Q#T2Ob^+#AKx#uK(#sC2z{7>eu9!n{5MHWh^>uMJ;r|amIt2iDUTR( zmI^cWN>>Z$Du5Fqzs;sB_lT5{{fA7>yFKsSdf+HATdP}>XzitOp_Zl+{U2DeKLN-x z2P|$By&qS6_G$`1qe&-5Wn4|)|AcuIi~(^9X?s0DKS1oRVGh*YkE!Bq2L|q9Z|Iyv zs-_U-%E^uN>Y?FHqUoYQUhcYc(S2vO81BAadlN<@RD7Zp)_#;a4Xq+vuS`M3*#Lc> z)=dek`o6f~riod zF=|`+YxN3wLe@d!<3Y!{r+-}GK5(eF%>sOsK~ZwnjTINz-BcyczN%_7bw=QL3x zhAqDmxDwiOrIzZ}!z|GBVB8~4fP*lMF0n-r0-7%U-tQ*f;CslcA=V~a-y4PGh|?Lk zDjr9|)EXh-HmI8zKN9u9Yy7YWr~IEQqY30N#);6F zj1`@MhwKfPRm}vVqEoEtV9y5%ICKQzl7@)Xuml|9t}p^|1C~zY2~>vo5BE-@)J2w+ z=SCI-x+6pEJ6eK9U|S}FS~FoN#|Am50=%|c+B+h>4>(^@cQnD!L>`|VZ6Z86dD`kb z3qt%tdF4*SFgYGt7d~||jdzJHp~&~l@^xpxA~u6d)+g{owT%wzqrdgr&n3&ccis*+ zm4CY1<8^59{s=dvy@$)4IF+ zxqZwWGffI=Dd3@)W@RxHd)?XT(9{oxo?d&yy%G2pyA&Hbf#d_${9@o2VY9g#BYw7&o{0Y&!hNQ2Jv@Uy|yII!KRV zmF-%wU|~^g7NRu~?xgA?c2_f3lT9yr%`4dgS3~4E`+y|M+}8MsEEqdx>tCFlRLmR8 zmOs7LCO)SAbzValJ-*``vr;Dc&PyV@*>m^42;K~jeG?TP3Rf@<^-}VEj*-l@B2&#h zY+O*uPnN4}HoMA|+$}b!a_&WaMtZFGNf8j?rx+9Oxdx^zWf&aA`%z5<+N~TgWFLpf(uppTTzubW+#L9&TG-hlp#!gLw6o( zcI~^W?7h)9RIFy#&dbvehHP1aEoY$!Jo34Qdbs0iID*5=7EnFP!hB*6Wxg_>^c|0V zn{Smbl)@+kPhif%E6kA`bycLAZNk$F=aHLDJ#EbC`3<*FC(wCF3<-20X9Oed~=Wlu#0-C?4P#W{n_N7U^ z)>+U7ynQ@1&PH};;KP*X9BA(yA6znetQdN0TgLk&!uA%)}<^eArg?)9eK`}1Gx~F6W9*W~ z|1&Fd14)#<>?$}Ci6nL?1-nnUOOX2@_It(w;$m7iEuQ6dKyqUCMh(#3y35X{m)cq3 zlmRK0o;H>J*}Y>OnQIn@1Df8JoCR8aUQianNU`zt*~v3>Hu-4o7S^gHZy+btF9gC@ zs>G!~ncQDaC-S7-7Hh+7swN}KvCcNMj#c!U07=Bw>dBuezI(OljI-xAmf4Rzliwx& zXTrO6_uUqzSK9dl>XyQ~m4$`BW4*n%imJ!{ySjb+^xC+O`VD7Ssdg+{A~^wV;zcseF>R%ZW${&;oM{c(@|<%s@wc(xM_e_!8wZsF|Du3KjyU+)l1GMtR+q@SV_qBayT98 z@4$~MiS-JMF95;SG=uxF6Opb^PdlV8Vy2eeV*!2W>aTM`Wi{MpLapP0Hcjd-b{=h zCj7i>`EsmUaYjxv;F2D!H5+t9%qFuyDb=IB16++MMA^rues_V)TFZW8P$7Y63Y2_WwuoVFE+I@d1@T3rQw9Nqa zCF~;5hr?44eu1iYa`s^|R3OD9K>bm(#O@bB0;_swYd=US{bi7Y*DfnUpphlP>@o)Z zp^PzDSE*Bt3*BPAH1aGNBP6LoJO8DLtSd^=RlU*>I`Q6NfF~vN_~Fs2VFB#PjV<_{ z1neV6LTwL@T~m2aBNw|Ii_JBfV+`-0@Rs;1T~JCPtv@+y_ej(*C>ztvszsEE#a}HQ zmKdr(9W-Np^p0r^H>a5Q_ncNxdISGf4g^bkRlwi(6y>gyNm#&T<{W1BVNY70x7pnG zrfA>XcK`?^H&Lo~PF<9kXjf`YexYn7Q@_0${7oNq&&r|<7t`KZuXm{@9xRd*%EMPX z@ePafJ76~wna5($(R}%fbNgT6u=XXC&(1E0Q_fi%oku0 zY)#vNa^0QL)19EL882*b=mH2IamzQ3)84?q`eNLJldA|taA9GVon=!AI3mDR0|5rj zf|-JsJSR=;$XK)Vk~NE-?yhiRtEVzxJR~v?=e;W{+;}O~T(J`UL-=id+qlF*x3LRh4aOI* z-}3%_J-Aoe`}z$64Qlh7&-p1Aei5Ef7_=SaW>8*MM_lB{m$G6d!#HVR;*%|`yB>N~ z5*E&apjFJ&r!gXO+ZLTZSX=}$VH+#cby*hSj*CvG_%2y{RtwwTwY0@RRiW+Mv`h=j z+@1L{R0D6ClY+q8b30wmA(xo<)M*kMoFn=^T~2*t2*4xO`%<9QQ)nUuK#gOxEhJd<78si+?i+$%6svZG!awS7 zf=`N$Gz!qB^i_YnL}st*QpUzxJtW;jYonN5q_r5U_awv_?M%~PW#pKK94AA$!xf4L zpIjgqx6`aKHvO=-b)=f6P5(WV=U^b&3?Eq#`He5xLSiY)O(WibS4aeI$!^zjxYD-b z#bGs5kl1c)izFWS6DlB5#cU6v^IJ?p+h90OluqH4q)`e>)!;o7FNT?nE4}}7-}$q^ z;2l)_wG=rB0a|O>aBv=cdD!Z9v`(4NTlErDOf^L*E?^scR<)EvD%oeXmxC!1kT9=h zFjk2)eKxWOA}MC14+NC%5@(1RpM)Vu)raj_@GA$ThM7e#)C<@VS#u)3KqTSvi$g`) zi2x6{^QP657vTeq$2R8pHuz}r-k)6vR|_|j?VCu7XYv3JpPb9^dAJamNqStUoh*PJ zAfF}dr4aYhzvaj)Z_qQ^FHH8yJ9pycz}O-?N-1(C;tZYhLSLTno1|);`$+mW(es~I z|9~dB>3{m*kr}=nF7)6@yO5c)&{z1>K=z4!s?lEN02GyRH z9WrskkL2E(*_6O1SWcIn&=Wu6#=~;?g<{ATV4X2WAIBn{hS0 zJdD)Uw?4c-ZWelxuK3MY>;x4h{94sZcq?UD4+}(&ZOdTbUPTejmsk|pECv5Sr(^YP zDyw}kwj_(oh!d%wdG>;v+AdgkdkbymY=PTISvPz5#v2{*5015>n`CEWV1i+Y+T(4a zB~58~a`%|52PGALaCkj{qRW=hJ(tFboPrV8)R@hhMYjU63ONLt@}BMTg$xqQ@NsjW z^kBfYYCIH7epR-xE}Tc>TY4HXZ=OhtV(K;9wLt#r>n-cJ0$H+h}fKC@8oQ}Eb*^(j9m!o%iMC=zv6-68uS^z zRjS(_^?RgQotC@zR)g@(@TO7;2`%`g@9F~Y6k@??!15e_eaZQ|C$H1Xgyin418Jyj zRIRc#aVXUl;~aKM16+|lqK+w<)_*gnGWm;@%Xjg~7Zf3W6} z+DvZeWeEofeR^sQD7}Ue1@;V1t|;LERCNG&@zFp8#>(IVr;y*5^ya>#X66*7k=U1w zO~dc{6LJkc@1v>I&VnHsXZD=qeCi2kK}u2mZ~&`7Qb>d?tF@=B#foaE7fXE{c?XuDPK${`8;3>6-#!+V z3OggTKb|rT|O z5MC7T;p3b=(qd6+EeWlI(L8#}Vq;s@Z-V>EC~Ggm0iP!UDq?Q947G)jlTDTat>U_C z45-4cYQj^f+Dj7Zfhf%4b6F$kKct6!{Z1^P??J$uUp+64>3=hNud18?{x)aU?>|WK zB|4kEqz&ds)%mzVP9}vB4b@I{`$SqWbUpu^Qf;q}eT$e*>j;&K+nD9ZZJS~D6(2V^8SZL>r8DG0>^RPtXt$24bkKf69FhBnG_x|+ zIo9#fsOZHpV_8}3`2$`Nu;mB{yM-TX2Mrm*iEs$WT;Hni$#^Ic>x;U@A%ad&P#Zq4 zte*`RBHZC|C;ooNmP2mGLc$cA^R7A2RMjigU;mH$ zu7$1miDlnN$PE|`d{=S$udAlx>78fDpD>NH2nz0KrM~Sbpo1PV$a7>7DcIxl*@}NjH6PxL#M|qhS z#r}{wCYMOHw1ZqenT1uRV%($U01O-JGIOt#-?LOHhQssYzUxEzP#^9D06}|kX=l_JeEt8GpRp?yR%cJzB~Ra+Mq^WNc{1bALqZ8#~rNmQ%_m4R#VoU zi{M+Ht)7rD@5`eCqWGzWVOF(1?4R^jp-I_%=0!4()|rWyBek;9-7XyUTSH`h!WK)eKwvMd5$+B?tt*v}Rwq1(d zYg47iz)9E4W}vMz)^y7i*==Y*vEyVY<2p6r-&%x=mPzb^Fag>y&1>yT1~`(c;s!aT z>+7K{`I3X2NQkop+HGGV1v~8m%`1qyJ@69jf&H1F*xLX0W5EZ9AEaN4emOZle9#oN zBv)tvpTb#I_s3LWDz)9@%rT-PVOlG7lSxsIY1fAGa?18turhEx-ZmZG%pRh`fRV?A zKY^vCxbVFou`X(pvI*@+05#zle;N%}m+)w=pG25d`o=xLj=l#`LS(5q3-O(|$oBxV_CF_%U1ARN0k>wH8u`2mVQT`XSm<=vKC z%*^g3arSrc*i3A`=)nQ$6AM@N&0-2(PT8y7qu5N89bRi=wqK7@unraNyN4WCUP3=R z(T{OPGS@OB6K1CMV#x`)k}6iDdIPnKfqnzt&Exg5S{vMa7(8{sF*{H@UD-4Ee-|?- zX?;Qf1vg$qoXbzpHZ0$Q6+-=&b&}Ka3!#cs!hNXAI>2Vlhh>@mO76s2i5CK+_3q?a}*^qpR8 z5*(*|kPrP$wdamX*v(cTx%Y7+hCDCNU35~vyvEtOxT&&f`c&8IlLuezXx!#*d|+>M zM@P#UcQ}AhGD-r>E$IX4dGgTr0tXu!OST79(K7A!jZM>g0}H^~fA3q-a-kTdsk|3W z>e!T92y7&jjRgj$eLB?ollD;%`{skg%>MCNN``O5Te||sqR^odM6$sXODFpoW)g>( zFS!6;YC}6|c!tF_>Ev}hhcG{hut}t~=zGX3cZD~jDU>r;$;AHa1HZVu*0KbwsigZM z@~IP*Q-cNQqS7g%QmxB8I#6mm@-Zs)oODpjn9Z~Z800K(uDS$2I-spov82xbcz_qH zV(DBTQGbAeP9$hv7zm7zV2BKr2n&Le<0@}#tCs-~c?t7>AE>MU`3 zUWC#aUHf;Oi>L~+ZZQ>U-#nru_)A`0!xI;a-xj9kIIDRnV+vdKwUTxB&IWblG?GyK zKUZzqbwqyt5K6N-a#;_G+OHKC@<~al#f^LmJ*q@tt7)Pv&#=kHKml^*Q4pI<_4)c* zogi{1PxQUge4*l?9*S~p)_7IHEtUy};`^tl#p2|k z>a1Tn%IT~gTy$mku=4yV3PRm#i?7V*Q|Xgzqf`fc@NSz$vt|EON4`CFsFFY8QV<=f z#qUBoy^?=MvFvUjy>vn0=l?5J!H#g2rS^F0!aff^Jd%bbw3bQ{CeM=x?tVU-SQr*I zfJH%Jj_EG$lE#OPpRa6HvcIP~TL6oco|H@uZ@KE}uwM1CbO|F2m0rxn@Db69MTFlX z`+YI^kOe82-K=x72=D9B6X$K(TYgqDDUQjQQCw9H3)>3ZCaRcw8gfF``e2wB$jE&J z`&Le@1%aSP@uQR_-18$3O@s(zB_*t0mpS?9ENYH?G`WS|M$z<5C#Y?1!w>6se_YqF z?QiP-v1^G~3?Z}+I96EKspN`g!C?A5?VhIo%Jgi~22*0RQkp!)GBs#2Lk1}o676;IPkZUX|09dc8jZVZ-K^s0^f+V`+vRQ&bt-0Hu4N?rpLZEFkcan&i z;dIb|E*6@#1Ue0(@q;=GI{cv~#MGwA@E9C$Aps5s$`o`_V*%?>Du#Z(oWLHlCT=MNi2Jik~=2&<=Xuh%)!(VqZa>S@H#8#N{KVg<&ee2T%R;? zM~hh}9OK#l%qRvoqyyWN7d+0Ui7$BIBtTQiug#gMZwhx-m^{yE(R`0Ip@8dwe_s7% z5&n7NA?tOnE6T*}=Bj_3*M^>MmyJa!3crfanFEV>I8LO=Ob_8Obm@aHe-LcP83*9H zCT(0iE=40d2))inJ*U*%RbSP`Y1{4ZRf{sqM~Lf}H{{Y~loZx-1|^gy-70FMe7bha zb1lB*iDXtP+3K|^tO(knEyEVA=%iZ!NhVj3&Cr)Ku*mX70-0RvSnUjP`Z${8#XVx#<5R?J$4Y9oDoRFGT2?Hf6 zR>@|2f~GYWFHd)6D09XnQU*V_%~HJwsn1aE{%mxQ=-`|X{P>b!P6?VWm5MWu@(Ke5 z<||!@piEJzqdPyhz|t@H+A9>8G{NEw{4wryMFy?}6^6qh_>QA8MwX6ppaW1HLo^3P zQRh({I-%(o608;N*& zvFh8*>4~TCmFH}pSQGcw{F7>KMobAlk}Bk0W6$S6KZaqoB8h`EFxI82?DY|$vR;*0`(GW| z2|{W`45UUqVp^|bYvZpDdw<3b29kBbfsx^I5#S2B1@BBF${E!h#>CKTmxhK$<4eB3 zGVIE1`g_0zQLs!eCX#-iQjw5p;;I<6GC-mhhpqJpbT9}ZnkHZ(3l?C&={%wIVqNkV_T4nS@g3( z+#IYS6+XWBj6S(zy&qW|gIjRa3OUUsn9m1}K>ES9xDf@-IAi5_ZBdBdtmm9hXSAkv zDmAVc8M*F%9l`A75aAa)JHf?pIo$=qROKarX!NrBB67d$jrkX2Qh_v%t>Z#mVC_Ya-Yzn>>EeorxdRf2H5g%i3H*`&ipLgcwgXB;@7ojH;in`&#dAVv0lM4 z5eeIm)Wi;^{q)3VL;a>eo&$^)spT6dJ;)4K$3`5tXa3PI@0@c{-=pnUGM$Fp=H&w) z0`%*hgI|Oy9=GMj)DEN`m5nPLUbJE`UA)|cilK*>6OPjRFn^=6Ki1B#5FXj_m2Vu= za^E>7)uXlS=#DdlD$?|yl6pSv9t7W~6du=#rA(Hw;kYHvX7jOz{X7Hjk?pHx^R^PU zVIs&_G1_X{-p25NV6~NS7m!Xt%s#iJ5N>^wB^>{#kk6VwWl9_>eHk0OA6!JIAZ3*v zO!S9jr+o5yo1wR9KvHBI%#ECSN1Xvb65VHE!udp(dlRMpV5CFnoD|E9?I8_pvby4X zls?O%S(^kT+?}@@S&{*{4jf95PKzMjsI-feaY9hfOy_8_#_fuE1{inr-?(x?rof3H z_;7^})?l!R@uGC9i2&71HG$nTr@m-%@TDbugjhPeSW889yN0P;jE$C>H>~o&0qtcr zAsF0K_A}zeJ?%{v^#IFXWu7K}ONPC#h8{WTqh{KhQlTyC0Q`DFocOzwv)Q81$@g;D z@(T}pMF?LpKn+vN5^~W?Fo!Pj(3?X{id9@i_AIpLYi04%ZT5e&+sv5vozH1jfADY@ zm@fvd+T>&(Bw2#>1_F($`srCoXcLRz8NU~=_c+2t*g--Ah|EheM9MO0#2`C5trB9{ zecc6_^MPI0uc)tIaEdI@@REpmMG+moyqb5Vl3e~pNwhk^6W4H-#{(5se#K&Ec&)_W zsSQ0SpLrOt@H?lbot7_;t!5q=a?^l88iz$(lFU)gv(iS=9iZ3R;8r_Sw{K*SfRg%| zIg9KL^>si*Yw&oj;+?kSs!oFIJ9ia4b|PC!x&!8G^!WV$8MGcNe+F^O#p$jF5qz*f zEE}BBbZT}|(0IsS_CQLtd8kswME=-7hq@hqTaV*=qo4T7XFx@95tn+Syu?GUjP_ge_S&sfL4xm%>7mUNuN|%hX@<(%Jp!X9l9$I*8#CxYtDqxu~B;zBOK``IS94>h!;u@0t3V^P7 z(c83-O8R)55`SQs3vd*8*>WHsQD%=*^hijG=UUVTRHhnA{#B-qUJOY)7_ zAgT%4N{iw(q6_Hf7^gNE-2CB}b7%IP*m*0fMMs%|0W;BIi$1T2mvoNj;HHO>t#67x zhbvgpE3C|4p0Pk*TxRpBQuUd>1d|zDh>gC+GF=d}2L|SsEG0nYeh+#Y&wq%V#XnQI zjVsWz@gmggRxH1q`CDUJ4TxR1Ok^% z$Pthp9_}N0tzNAEL%p%#_g&e%nruzbb^D+)^QI4zu6ODAk234Ni#_b%_&vs68H3X- zyl=Updg(XzvE^DCWD_STL@e;pzLgxG3yUa%`4X)xHciiTg zhkV_SO{CuL&~M0ZJ3?9K^86|LRA^nmM^Wrj2)k~P*=~pd$&OKX^{acRJt@CW7pI); zYJLAG;AGcAdv(Ecw}>is3%U1j@^~{0p}Ll1n82eQq=sgPko7qlDyJrdZAhz@(3=cN zxT!poLZhr9F0B{#`YyhvN)I}Ynu43+*HTPBkAC4u6~h8B^<`je7>H;9;6@FO*QrF{ z7K}gZR19Q$x%#z$8uH|`YLKAC%~N$*d#s=b5MfA4=4XtUJ%i{}jKq(h8yY>_?XNDC zqE*}k7D`bnF~p4S!J8St#+HJ_nwsA{ZQ(|@tQ$enE;MM*;)x+J*rD^XIA@*TsN=Xy z%ua11WH7d%l35PBl93IL+Ni2faaq76?sI^SdhtcZcshxle>Oe0Af0}eOTxFYs%y^M zpSUg&pQKoihz5FY(v91{^{J@axkT#Vn`iGl^i9A>_m8sX4t0MP-8d)gum?fJXhJnP z-@>5YZR|Tl=SO~v$zWbAfrE7vRz7=NuSe9|SYdf4uH*4{1y^~3wj$h=Yp#{)n+wH< zx!V)J$r)vQxVHpjNN$#(Kn{=RAosuRrrr!^q(GmvhQ(VxkzMUoZnB?{`O_KU?&**| zVLv66V$yKkTm78aogW7dZe1`ap{z4fQ*~FUjC?75S^Dx>|Hb8(d)eH+Ic4c)!#S-C z%mMu3)C;wNzN1oTM8?piPfH`u2%h(x>cDcoGjqb#xe%YV9{wDSAV9HY>o5u0t0wOs zg1KTn@$lyi2%i58L9cmgXQc?8p@Df^PclKG;bWsT$BC#Tp<|&o^4R$U5gkiF3ADKA zG~$Hh^e|e-WF%f+MZ|+W*@pS}ePJDyy_Jb4)$@#4nRIY#{7`qETunAX`c|t?)XC$B z%~)6K%s67xPU{9Ig2r`;KaFgMC;4Pu;f_c4qM!U%-y@&0%}c$SaLe;8veqc}<%9+boN6hFIms4qJf?CpOnAnaQE>-X`s^n?r`7d$!~Tr{zY}<*Uip#* z66qen%keS`lQky1{w&!P-M9EWAq(7Xy@@*-7?MO&%H0|(hZVYxtOjggDmpMp7GJ4KfMNWbyeXv$~= zB!Ah9#|v8s1C-2CS?C#@)mxyYY_T1epgE758xT;aK}v8}WHQq6qhP z?gBc16|J<_hA#Qnx4ch|E62KrEzHDFQ4FE{FR=tCrC1pgKoF8oF6G455lPc+-+#oU z2LH<(V>54+|MX!u^4`~11l@TKRe3WC8iSuh>n`iApim3uckH_WO+x%l@%KK$Mna|O`%v9$0z zeWYW7Sd#Ph@ps!--m}D2wt^u%&T1v^?@Q`cs=u+Wnc{R*?U|zUr#w%h%Q*ei@(B>L zvmryP84|LC#26JfG~9~r$z^Rpji1)c6lZe1h(MnwIyN+sPG~?h7fz4GwNJ?z7RWAO zf-wI-u|-yE4hSBcDSb)H_)=jk`Gn{=P*7&L$c$CZ^9)uz5Mz8SyVtQ&XOA&Zx4?-) zdr}YiRLO6|K{gJ=MWx^#0P|?jJ1N$46Dfp1{NQ$;wI_gVPN-nN(oT*@MX3JPRaq(g z1x*AGnYq=`s?$&y`W z5%$?+qaAcfj$L&MI-}huG<5^AtCdUz!`CGI4#gGX{yU4XRmiUde_7sl7VCGen|X5k zap~EBsH}^&_-T)ptM6N^GK~8tRu_{>&JLUJL*c8-0(2CpLDI4dv5^T>zw74?; zj}h7s_JwP*CUf174agVC&kmo=L}XM~;C9i~>?_S1r2XL57I>NJq0Yt4IP`#MVH1TP z6ayzN2Y6^&NSdvKtdS1s%Q< zbdmKc4dQOWwCZXK+JGQg-+wf8;?ZHMIA_qnaQ&4u=FT(G!%lSPY^fzS`l%F7mvE&= z(X!PPANS}0dK22untMsn_?(Ee6^Iq>tkYdl>TPx9?d*wSI6**}Nq9^@ap-) z&wi$zy&gy!oeo{-u0A>pJ1}th)y#_(XC{V5IwRcLs=mIOBoH)%Kt!WAmOJ1)!Sz% z4P135<@R}NeuY9<939{MnYJ0o#zO=GG}G08;PcnSdom6RWqzH563AYMS3n6z3XT;V z_TdqyRTz zx~|wrT}J`mXwDECZcT(9e;X~=-*paOo3-=ywk!4Pm$y6o(P(@&i)^b(12V5%IX&+- z@QBVAj6BM7xHn&vd6vs(8wT=#_pgVcgz@_kRQ0R$L|>fI08_z<9^ILMiKN?jUx zDSWMe2pFvN)CY^(yPOV)tDIQ}Z9rGVMldT%$&qv#pP|E>8T=W;5+lynm^3f&jIq8S z0{$7NbpODhsXDg|RL#zV_lnc7Cf=DLF<<2IFYrJ~;{_Q<@V_R76%rPetS%6N24!3t zBicl~!$GB)oO65b7M3s%gp-zh!LoABYmVzeUF5PvnTp0Hfw%M7TPFA8Fxkgi2?SSs z60}PsX5OzQ!CTY33Zj&YtsOAYHbe$ptv32){ugjC^eQnFjU{T~+N-inua!~{zx7~p z-%KtT9m1W=^iy24on=|9CXPc11p)31HSt%=-!b<$K27;;>#jdXr?at67QWT#%w)CNYktOrQX8j3apULDQL9Z55! z?++!jmR$f&*Z2Bw#30~b-+uuz&OD}2!NYABhx*^v*-+8GpM$GZ!E@#$y;RT`@-_`hYgM&D#LH~8mx{dN7t<2J7@VCuiP`qd_5uVv=C9Dov_0<%e&-S!?q zXPJ*I!oM~Z=5J}9PM$6183-~c>37%LWtCVV6_=yb8=UgRK!)i@=e~%aVK@*15zA>d zvv5zzE13k%Nuj7+a1|ms^%JVifDrfQXZC1ZG`FO$DGo*iW5X=gN|5>#77rs6>|n-G z{)sy_`awYD8|WG!f9_Uvt+%W;ce!A{aU%~zi(cHZ`}h9=#w5o*gC4U$O9E;i>(DZ} zr?5)bxPWv$1^c`xr#8b=d#s1j#}Je)M^aD~@`uA-0+doVKm<2fWMQ5o%?(%ijA}JL zO3Z!@opP|LB-u>jK9SJ&ip8o$<{FfV<2~eaKb{={CnXMhbjfk4Cr60CSmDlo3(~k? zenazGibpNSW=38@{RuJNf<5NhYLN94)kUAt0{>2Z;N9-wF4C6MJ~*au>h@vwtYvJq zGQBDv6zK=mKc8&4jOG1hzJZ=+3jzvHpf2oNi8Ydk`O?g+tJw_t z0jG6wr+(^>1ywmCs^2PKC1-D|`kh%O0kiQWv&8{P2M09ow%JdEX}PTV%6Q%^5qz-N z*i(!ecr&#qSH>$H!D;JWcR%x5dK>)Dv2lJTZfMC(e;fm0URr?PQo9k2D2~9^2!_4= zToCn;AB)WREHIt-M+&v2tLvfj4&C46+C7x9yk=*LP#IrqP8BcTEzQ&|KZ&ShS^=o4+wZHGfl}dd&=&%cg$<|p+=!7w=QcZx4>yGX}T27b6h2vu5LQ72F zVhcU_N{4|@WBFzZepOiZ=&z__j0~DUB>{}?C)(aP2IAby)yD}`RIM3hz zXv${thoAk=sRV-YnaPARgP}@$yg|Q+vxaB+1ai#4(Ur_q<<5W&(AjhA>h!;zi$FlY zI(LWs93lw@ss;68b^-WEglYqqN(Qn5#e4kP$Ji)y\*J>@j%AGmqBx6ti}eZ(-o zyb1{ue7A0wbI)=HT}UEXrMlyl(sQS}i|k~NqS3HQd%=IiX9>lp7m)SH|AbM=xx2(l zVmIBh)`(!T%<4bHz|(>s;&UOQf?LRE&I zVKQuZb$3|K9)DmU8%W%|G6edM=Wyk*G2y1AmZ!#qx#_j!L`%lhmPm$d@<+H20ZKey zJEiBXX#RNo-92l9cKM@0>&*|3Y$Y^pnRad*3fjb>5@cUfxS zOIH5T$>A*`IVU4KPmmr$=VS2B^J`8AgzmAIb9R!~WPX{u74!P^`u=P9qb~b*Y!hAv zJXrqXcPX0e!;`eK44H#!XXv$KHBjE3+RmsNXqQX*pC`MU@?+r`ut*U87en4F=E`F@ zW)@V0tW&?fqC-e()VrYiwCt*}B26 z-n!%)&7rT&XbQZ*SQcYG^d${TfNL%NPC90oMtKr^T~?yPw|X8;>P;G7YPD`XO)X95 z@6X$`tFqc+SrEt7qpftr}Cirnm1#5}7OO*9sYFKi+4#Mtbjamf1n| z5A7PnLzIPfa^F&SUwSsnV$iMciKBZj(~{*gWyV6AC_Piews4Zi`-}Gjh59zhk`pYk zZrTm{D>oiZ@#7#;*q3Rqx@?brc*?xWWuunI7Mg(fv4J2X7w)hA4GJQ+u)mwLEDnrf z$vKR!8vpv0xH-W#iLJwHjKNPRkX!gDm3=^fdp1y~?qPg4J(7nF%iQ z7VH-|PnkIZ72-b{!d3T0h63cnL4n|OcyRj!?gD~8!L&gH_0JYR6<{TcJhBH`9}#*X zo=ucJVNmhPkctW|!%V8$*gD)a|46e#Yu#?>ue{4F^t?$fjvA=*As1KQ`A*m{Nbi;u zl;+AOSmt;>>HHTL#dk>T%6DOjhCG5-1V@^M(GZ5BFR|E0ynnhAd;ItyUA_6*X{O(| zo%`mvP$S)Aisx4L4Q)92_>}mc;ByjlO@`lb(_LJPyc^VEgO$&z+6}3AEF&;^5yWrl z)1oD3>skr-D*d)tCkQ_g6noakRA)|LTauNl(OOBktw-bUyF@RuSPDHnoo{+<^i~hz z%f((2g$dc%E<&5U z79WI(Kl)iRXH_5x3%M}qpS#KTlZe%3T!Z|(gyF~KG_bh0Ru|$O6NLIip@ukx{|$XY zz9%B~;@4uchd2}|^X$AHPnaikty4mSwrFc$_7F01Z(1?xK7paE(RSubR$y0CDvF;8j!9v4CGWR8me7|g8GDF$wjVRqt8`EprWNpmF zdh$`n`M%rtPSs{%9wT=((iK0>m5R1K<;QysA498`i=9|12S~Ioz*QQP$*5}chJdY^ zE*YPyRlZ~l7ciz;4yjAFq1BT$+QjHuYWwPM7%m|?Fno3dhI#cyK;8 z^RsHGNo9y9;`8nVe}CutZ&=tN!wC+Ua`_aVWx^s0a7?o`wPf-_;FY%~B-wkW(sMxF=Y}G)2Ph%RCzP9im6F&8a78 zKAcCN=<4ep#qXN6|8-nk*(c^eY-AaKk@Md~sAG=?xeCqvJ>o>>g$OQ;8OHS=hg7O3 zCbHAqooKDFwy@3qYnRo6>X56WVPSrznkbHoNPn~B=WATL#s*SQ;*}gp_!A|~h5jns z@O|KSNTHpm>g9oWJzZFdxw4g-|4-iGg(ViG7FU-3kQE3m$XfR(sqI$Du z5YCe&;;whA_E)g-tMGnrIYr)nQEiCTE!`*g|G9QgrV5y)(A$tw1iZpalk=PRBfO*9 zN(y(hbV{psqUGxaJAVu)nY7_|)hK5unpv`^LD3i1mo^?BbTP?9Ky}TWWxfO{e=zhHJ$eJ`aSu+iEKdY8&q{HPxVE;bz}grFH4q3|`cGsX|Ir*aD+xk^+Rq zKl{$vMJY1f+Ijj(p8H~p>+&E5tw4`ga~x6nM-DhZq#*5lNztJjTN4XKkTY`2s0CN3pBz`kjzZ|tZJ8eo1pGYpF$IZNdYQkFAz0{aa+lJOgMnQGF%?H{_tJ@xgSVtQi2lDAcOr4I+@1^^YhwbBR-P&N0O%f?u}-5}I{IY7eQRlr&p&VOIO&cds}KMz0$rtF<02 zE@8BPdh2o{s~s~#eUlW?jKCZ7v(;TEsCts)+&dQ$&rFU&CzD}^Tg^O$?i5nv2clOb zgYTPkYdT*JHz;@F8j;EP&Ldsj%e^j5d-_V8Sp%)P$QaY?p3w~qTvASbSS;@4Gq4RO z;;!TK@P+lVKkCwFzSRwE`PFbOB%C)y9il?!xT)r|L6c#lwm60J0O9?!pi=xtNjf1V zR~D`}Oc;WT2@Rv)tD1{H7`2sfAm3q9cM#4@dc`r96v2Ug?k42nj{IWQHf}zGx(8rOluPOCfE#d4RE}R>yuh{yediw~)#vMuO(G3g4^s<>*>(DtQG7xn(!=J&@nkhmqvkmaIv9%EBQ`Ob=`Aq+iP z57_*#)&5fY_eccNtyg)`+!VAZjxr6~L52G7(in^2N+!UqY^mU{EvW_gM=llZCq}Ns zDN{wbB!*MIFJD zd9dL(%n3VEdI~(7^=Le2MKG)i!WV8l`vJj!$z>Pfzusgk5$T9ygB6$13!XFG#wKZ8 zhe?B?9%_)ZAP7uuW*178v_~V>>gzSo#<4JaoPxX`p+LC*uMyT0v&rpth;PF*{DPn@ zF$}ZdJAB)T3eCO2*4;Osy&RJic^{oh(+CVgCp@$jd$g$904YmkDDr z5TOOVXf3xZ?p0jLdvfx_;Fzc&>)nG`j86vj`!L3q5Pl$kbYCO2UjI0! zvtLu%K;dviCki)S*caKf5!2UvPOxZ!+Mj>-6i{{Aa#SUZA&YFr(W=+EpJcmxqa_w!}K7Aw9`YBbM$v(aOdu4hA>83$}si6eaD=vH_kyF3If$Sw<_Q z&%?_BFDK|p=`Y~(uNdt|1MLvc(hREh#Mh6<3om|qxs7q@NqYfJ>EB>BMd+j|cCVcy zE~)<$zgU|>xpw!%IWI*lN`sSOuY=uR0Z^5!m2&{__YZ$l>Fj%?yMnXCAh@bT4o`BY zq%?3%`Py5-t`A3?ubA|%hTDDh^*C1eI!$5nYIe)b+tfJK+xUH&1At8hNnxylvl*8l6`f zv&D0?wC-T!Kwahpy*nlf)zYq1|B|EU@wJL{<8MbRoA!Gnw8%q-kT}%S6~q|aY7=e@ zuAUO>D)p%a*kAZySi8d-z<#0wR?>M;UKK14lcpwZ2{ufZ#Hz~70tKiVO&-gravdPy zk?$@lgYjYD2(k}A86ITj=`ksrEHU9x3*Ck-GnV=l!WS$vBF(92^+hxYt%Q$G71?)< z&=$Yvpe+<#G)gh#py&Da*cRl|m~@0LODZ}=9rd@1D9f~!l`eS~EwG(4ZZp5`$nC96 zRPvP_PdrAUE_GLt7`K}OVtI?c+HbK#tNT;g^6avY<5Rger^>PzTq9TF zjSSAz-`40FQ_s7bqxo)6xy7$IQ)Wz`1q`m61*Y`<6A`z~HdIKJnHmW-es}{l)NSN2 z6zl-`DUu+c;&l89ZrrDbjvStWONq!2+r7yMA0y(q6%d>KhdCdVrK>kp%(K0yG6WTA zEmQ+ZSVM?s?;T_t*x`LHvNsP{E<`}32S9=}S9mR`*lc|%+CE`zT zBXA+xPag+(Y0?RRPsjgjwX@mCr$veKfj7#0W&~c%2xrintmI5js0c60U=@|6DIIUv ztF8n&Mj8)Z|2=B9?x;U~g6cLHgg@AJ8OC%%I3`oMDV|amMG;*_pTY$vDeB<=|G*T6 zQP2p>cB`$l2LFhHCmm3bEN}2)>G+(ud*@~q?{J$-oIB_AK7WnKulcagv>73xj(g{l z=M{64`Su{h^5XSH)m|GjNc#1I2nfh!tNz=Q*WJoJgQqu8g zG!vJDY(yMpp~USY18)~Ld@3EP22*C30~+5X_wjMnoznnkCgNZ5Y{oM{kr;soa4SwK z1@c#sGOQF)V87ZoQ$$M+>K0C;U#-@OWxdY^@AQh%cSk?jL!JjVc^0R0iW+j2>KDK< z;v>PE{3IRZZoG9iBCk4WRSd62N*K}%@>F7X5zGz$vQriPgFe{Y%Yp~jtu36!+TcH- z_v8L}OikLUDmUCzVtNSeUcOeootYx_yTy4lSN48eYC|DkrRRV52VxVX673jY-qe_JuzM< z8SHP2f_Nt2^*GNa9QTa8M;M~p5{`oL$zW2(blvfpYVoXkl=-McxBPUMY}r7z2S_hj z#4R8|PO2}%&MB64{VduaYMYh*iZ?EOL;;6@Prc2(p0`6BX34j)7>#w|oxtUVpey{l@;9c*Ukr(fuV}mB`M5 zuihoq`0A=NfzyXRFPiiy(qiLiN&R|SebhY3X3uL8buu0^-a%;=XKR+B)Ubc>5CLv=)Wm)B0 zwJS%0_$s5bi%BF}GO{X8#lGeCAzUT6s9C{Mf)X*g-y2-A|CT$X&A1zKPKlisZyEnW zda^?CMxL)!jY*lM`AHC`;*E;s!_h7b$QdyM`7l~CJO{`klN=DmKhv5DXaS-gPg64>KGWEv$(v)PNXTzzlcp?h zW^i^w4p0yP4wGjeWj_h-yvdx{fc{{iZx~;4CsV{6xuq1BtutxBuS_E1cKLuyz%CKw zS^A!hOSFe~4jL<*x2Ik0rmO2+`)E{IbG{h-4qr6{OP0*Q^vUP4++M@w2Igxk>-vfJ zUtcIa0Rp3+J@z1ZZ^{Oq;4AdhHwW!WW9@Vm!($E>?_v5q`7U~Ha0UwlHO^}@+}8`w z_T@RMi(hm8!T-W2(wt+%^@?Wt<&b$6u84cC9VdT1RhaMc{p<4`$_tb2e}k&s@6bj;E&d5b^Tg`&1PMP$e~s?X(8jn@%=(2)$~{9uJS#867fqaL(11e z8#4dod?bvsOsWHgmV_P$fXq3#_qrjoj3lS6+{2LjGFARG(yjqYKg1CUD1g6JxP03M z?kxW|#4}O(d#|%3yv=cxMmVlOhS4y1y8S0nDMrfgvKyd>(Ep47t%bgw-VWY-g|1|X zMzC;lWk7L@)89ldg?>Z4^dRR4Hku}aOqMZOrFe)1j_=lI|)$e%l7NM zO#A(-1^ZE9awox^#w8^9+Llb)qoqoZnuA0V&p(C#Y+MoJmj^3mPCJ@0bjG-adM!~g zN|}geRCeq(-JBqGzi)@`xL#knBY8bhUF30GntnRpZj^p>K|!QL`z);|gXwS1xwbGD zGj#66^L2P6p3C3FslfYDOX{t1tP)LD(4&GrzzVG}PYlJAt(zrOv%i=N?-jFja9b;vj)~E0Ubp z`0L570Nm}wO^1Jh51g-sIFI2~@I%OKxb7B65oP{PGdon(({J=q#9YEG#f$I&KB|#t z<{Rk*dt*P6e~mr5*s=&tws2yKvq!`1Epp+Z&;Bn6@{tq}kHwoY3-yAiV%a6hr(J;X zV{rdbL%iCLu6<4yU~fjzs9Cd&TaFyqcPf+7{_@I@V9Lz+-NqF2c9ZraLEm)oybWs= z4+d+6_v+(pIN#%l2U5(Ja&)*uUFwKe?JGy}uxGK&6hZA=Qka@|azT{o%b>Gk-Tch@ z_<`8hj|x_J1#GynKRbGtufE4|)3A`soK}HOrB41S1ms|C%Vy@%%4eR6=vP;#&K&Ek z4m^OE#!G)keeqEZd`v*a&Dfj$8gyIbK?q)pUwJn#k*D&*?hmcNHsZO-(Lb4*qFZ4i zrbt7j-zo*8jv@0^w2CUN{Z3dx#kYBpBKEux5pmnO4Gjy}O{n7}msUaOeJQ9DEyvY! zN_}gdGk$@KnI%JTLb%IwM%jjc{%sKVii=!(Q>G|G{qMuJzoFS zukr8Wcv)y#xcdH5ui^bQ&j0~#+Q;>=s#7i>428?j`-cw>oxf1JmwKBR@>p|+k`|<0 z7-7OV)N;SCMQel`wiX-J;or{C$TjgThQ}NW=T;6)8?g%eaa0Qoeig0IzHY)~O z@<_HwRCnxg~E)geT${p4b&tL8aAxOOuq9^MdPC$Dcsw*UE@kft21iXut~mjX6Amivu$L9Ya1ZpZ zV3ChT>0)KDQ_OlMw&KV_yKOI(+e1?)*VzoX>v`#Uyz(6_)KX7ZBx`7dwVKCBzU+RG z=XpL`#dAziw3&Gv&!;kuN({NSP+`KNFGcP4i9UKBoLo3S&dPP@-HEnO=P)?wN|yuF z>W>|QHCqHtKLiZcQ0w%YIgEdD6<-2#04^#z!1i37&p9`m0vs!Re!tE2N~0K`78 zo)J}q^MY{++AgJV2)(r9D+t0RPYUr*419Pug~Ngelr4mvDLyzCO&xk84to>mmNQDT zwW!6Ted}>c!I-LO>Cr2&H{OtcA<4os?brjx&{$$SFDH_Tf-}`1?1rb+pTp)Cpckf^+Q%^KD&rGa_3~-3l!y4^JbE4`H!dGBld`b!ZK3$hrCjrhLoddt>%WOguuPEL%0dG~ z(AuSPmeKAy{3(;PhI0u4%O8G z2|5LlCh%V`$bIu*iM}U-OGhZ}Rtl?D=7@hz`!t-xxVHb8LI49~s#OQ?Qd^zksUX3f zoM0{jn5D1yYWN{i!3h$xMH;4$+GsPPF{lz2`Z%n53sM3;nPqaB>Y3wQ2WAYBv9tz|~k-(|1s?Ilj}F`-)?|@6|rDuwBL3cgT9&f{ir>Xrv|BKm)=FK;XmYg1(%T12x#{ zjQAs(tHIS7rA5dideUY-7`uYkJg4U|q<6ndas*@G4R10U-m&**`B#rWHUrvj{N4r! z%ooO#mjEsKuJg=Kx?-j@+|4@uv$VP8hJAdIOO)Pig$(fh8q!5HDZ71wQ2k&c7#H?D zfsL4HrytAmI>O6T58la24_$^XCBrX>H(y$@2^qIaA-vNt~>)? zS-;3~$sN=wbMRoHch{Q7L}xvP{)K;-sejO8gp=DV@BAs#pHF^tZ^dK#PMSiSl5^{l z!OH%27hVLLKyTF`;+);yO>B!Ed?#A%uMIiXE9{RNr-PI ztM|(_)|1-zd~|+)b$G8Y?yKkCVATZ;uzPXJh`+`}@?*aijbI7Z0$+gvSoZr#>$hq2 zX#_@eOV(KSu7sbSP<8hopF~t)zO#qm-*rBRYyvrYNiYpKE|QZp*-Jk)GHRunrWWv` z+l%g~+jG5hi9%sek7|RmTQ~|3G@}r&;Orxe{ z;p1D;Y?!C6*(I&S?@jG5^;}aIHkMm5jon4AjO}iskG5#-xHA3syW{(PBZEt?RYtob z#n?#NK3m4pC1LkhFcy$8PlHRmOtM<~t*G5x3rax{DpVMQltnoSvc|+$v^E?tv4PPV z2tO(4INtikcKEZ++LL-iX$tRgd^!4h1DaT`aLXydg>cFY~w03=R_TI&vpz zV75iGV0H}4{B`>Zw9a95y1UI3OToZ}pv>%Tn6}5=fIh`+aF($~Y2d0vz%Q^M4qlEY z0R2Y*DIqD8jH{>^?x!MRBqF{U6x-oQ1@(Lcqs`l}cE<4`Kz0se{Tah?4!3tHyKuuOQ9B%M7kwshpih@ zvu&3=Bp){S^z^LV^sRb-sKR`YYHu#6|K?~8>SttQ28{Mag!M!qLnz!3{-2s%e8)V~ zO&dkEX5BR<85~?d7(OB$iHlo-<@3PUE>|`ve<(;$q6{7e82-5~#&;?jg5Tp+D#7xU z7Th1RfY(KVe9-62RNW)bvHXf(rOhK{53z=*RnwheH&=#5D`sK3C%WrnNZ z-PDD@R&d&ki+6W(5Zxi)3eGAs*yY(rCX!@UEzSdf2B??e*FUrsJqAP3B|37de4>r$ z79;K83_{HUSu5M}dA%0jn#p(hTN5Y=+^?RmmUh*(|9;6b6o{eG-Z?CDB=ox~r?c^@ z!GwKU)49eJqL#J$V#cGVK3!{Op{=7~G2`bNZ^yi$2WSttU+3jBMMjF9{mzP>GB?O` zQq3QH15HUQX-r^Lmhaux!~YJ#WX-kl4^9TxuZ}uOjZ}m-fzlrG9#ElScvZ(t^~c7C z@bHoFq45-gpELGrA%{;J~#Y$3dCwayxszmf2c z4)2ZATs^BjrDvsf2$4gsF$nobtMA}O@%kkfBRc_Sr#D))pe@t3J-Gp~GDZ0xMqgt@{k| z@BOy&xL5~pRX!$%*Ke&sB*}^vW+c?Y66=v|@Q6j;!FaZ`NmiE3P2+m=u9cLgnICdp z++-&G8h;}PlUqMh#GF&wLUdmvnnLRTxdxxyFbloe+^33m_ddO5;ZW()UAY?8eJ3&o zroUwEGn?NTmUdV07h|x2;2S#(DH7OjoAui%1V66X{Nzz8C0{PAm$&L4y>X(DF>N}P z%cV>iEIMhtfyvKYdSYTqAjRF#nxD>tZl?(lp+!gqVIXZ1ktx5cDD)Zjd}gU)w*umF zW|=~p@iShj;8s5|J4aUmTrqe<`W^30#03Htp%W^uV@Y!qab{@Uxv>+t8em^x0p>~& zuWt_{rJz__nNDD`CxNU+u4GOV@tkd&;*skixYr-09hWzcaVYMU>t0%~Sva+&%;e}2 zbvKW*t-$0}cSp;bI2Wki%MVI6|rw6++Ks`dfuV&DD&UPQ}EVzJK#+VzX`tgAVtk@ zgTG$8bhve=t#ZfQM-9#LH7u_S_qS{a%{<1_*{;|Gp$#XH;D+CF(yy~6WmWO??4iSu z`u>vGY-S*d_wm%kPBbXFuD}s0<}q>@-|jD-mOTAw(G#FFJdyZ$(_RWDFi_cZbAB>c z3E_h?_x0zFMK~a0v2n}@-}c`{4+aB8Lg)er`4tNQzGs;m+ROR1O34mFA$~v>Ll9;p zXv#63wwla*^hUIq-Hd**XN{*T9aZrjGfSc;rYvt*uwDJIL7*r;{IY2B&3@#jia z)chTfzA>hv8oMc%ktwr~n~#L!qp=L>!-$+_0a>c(3=az7c40l6d^dK&p@=D`2%fU- zX&tx671;DN0qZvBbVGSh(40;G+4kY7Q)xTCHA{?>@f?;j=i78U2C@?~Hx{Rke_r_* z--2m#!*Twrcyspapx-Y#sbG#Y^K>j8gM%}N)@=`-c+EGwI72d@H(+qzY`UcMgh(BB zazN1&lGcg$^Tppy4k>%Z>O^*skeUGs-}cD_MUTK)!f}Vss_7G&Z?=CU;`|I)zKiN* zZ~f1n?H9UKaZ5MuZ#9`yxvs0_@C~|9xaaDq%v5sy+DpTBApL0%u#!(a=j168(&$6$ z;;893EwIm*{;G70X+e(?Pc*UD#MHXHJ+Jp7i6XHK69Ilxca(LVd=l@(T5xk9Eac)1 z__)kB2WK((dU!V|@%=y=8fFc{EzB6WhXvbz7a`r!g}ch7nzA~<{~9s3Mf#-n3vMDF z+h!C8nK77JvVG96W8(qrpM-mF9lT;iR&v7ir&D^$s+{+w`NP!LWd(yEII~>EO;})9 z)E@n{&x31mGhz5c8;{5_SSsb~NVBed?k_%AG`9N`(I7ljRi&ksO6X>ZD)FyLlX#-%To7z$}-AW`X z-mram6D&~*n)|zK`uZj7Ttc!CWGOR&fh3nWV#%X<_2ZgSc1kzyj&YmB(&TYO%0m4? z12J*2(Y0;!-sV z@B;)%gwnpZGeKvn4*eSRf@Kmw2*$hWTdkAT{{k)k_9**tpUP=g>?2RDvwNSPYd*O4 zugW<&sx>A9T3MksuXGgpRXhGTI@po3+=6McP;bZ8@t0S-h}aOfC2t1{5!Ka zxTCQ&7QTl+vU_$opDj$M(p} zq}-)Q{E1^}=dV1zKIn+WRNXl+fAEudvv#8D+Yidb4c;^$wEto(EiX|t1%t3Cv_-SU zSrP$fp0X$u&jsv9J567ei!^Wwa5hfbjSa$L#7uKWC7z+Na|Jm7)JqdM$jspm5vcxn zE7)?bmf-%>2DB>@CRs%%7~k)tq_avUys$1z&;|*jqPZo;p0vfLSM^3|->pt=4Iy2z z2gnSVT&T6&Yf0pFtngLSAFqA0>D9O67nxHM8uo>T0?(Cdrxtlo z=^p)l*rF|rUTyy2>Cm}zi=QX)bB~Sc$oon%2%SQD4Cbt4DJrVaLd|aPPTW9IVH-Tk z(LpJl&}mpx$wwjZj$VuriPvMfFx_X;`%zE@-VX&bxv8or3*IRXBj(keZwSHgFL*c( z4JjSEr;E9`7?8!ff??vuQ)r>X696Ear;$ z^#vV#shcY~U@Em&@EptwKd@-d?Uf~m_J*W>AV1Q$sx&c;_|HF|``m2}p0XJlQA7XS z(tp%qT}xLa**k|^yo*Yrx9@LlOG~ZIBzYu_`nzD}9FrTJ_8d1Ps56I^cgrYxUem>T zUI3Hv?PeZ4b;kI$=Fu6If5xx7rbvVkR>F@gV?iP#E|?)={%1u6Jq4sp^vVGCU8|9` zu{;|nSgDMgF`|!Rd@BAWP*ha=ICpLnc2%y)m8G#EX+z=c4yY@gZQtvn{F?eA2NCAxWvBs?dJ5a%*9KVIjwp5$t*Or3pqvf zKJbS8#8x>do5GrrI)Nui(eq!! zd;)OG_)jgQ2hq!=6kzb2S?Y{g|N3USQFnP2cbG7^hvfzLs=+b1LFp}O115aeu?qe0 z%3*&HZbNV<*WIB8D#k%eLCy1+i#??f^*=I}djG6h?^0U>On&8o&U!7Z_CHHveB>kU zDTj^*>0MR)NRNrzll&0amaGFgD&5b9CM=s-=BL0sx3| z0!t2Ne*_Z7&;z<%lw^0kQz9Yf%54#)b94UA+Q=n;`pe62qUo`QT+U%vzA{_@R-tMq4xv@CJ%G5=<+%8$ZW~g-^tI}>^PUL5`>o$n0j*{Z_ z?cmzr7}7E?ohN961LDql#roKrMJRoMDE$a|gqaPaIW?;O=e>-QP`n$w$ig3&S4~*p z&l-W6b!Czaw3%Q}%n?vKeULB{Sd}(Stit!D%BZ0JRhCdO2e5MGYUkGn1hDysTKEaB<_?_aHu_0hevqBBIK8*F@(xmB{h$OX)eb8Mx|ITsM@&@E`29& z_pgUVV0(k~0^uwiuU3ZjbJo!A=l7b|6(u%Mxq{s+XiRC@iwFB*waMc&E_K2QA1Il$ znyxy-3Bn)gf!2Z7TP*hNeReFA->cupTo>C%=_#9U8T^5E1PPvQiM@7SN!_9C8+oYS zMdM+*B0;0`ca04%wkg}}kF4;sLjVBy;ACl9dK6LG;i46*S7>m|Hb_ngsKLNOzD*BU z0bHi@&!xJOYVkk3laU6(f=e1*P8j?#yr1*elRq@&ta{_#C-|*i5n`CqpPD=b@3K@| z#-V3Ylq6UFDdH*}8QB2)v2t1fkKU5+qeT{^6cDc54>S3?Yr_t? zpcC?KtSuhdH+L@j*AT$qf8HCcdhX}u*pS1UEzyJB4 zfw*eu^e?ccmI70LS5~nl$jIFcTpHYhuaa|tZPB1S*igf_vv&Q!n&8$SMXT{2C+7Qg ze@n0rZcbo)TUoMv_TEP+A-7MT|MV^TwLX8=@E*Fa4(%L4rIkOPe(P0t-i6ZlKN3V< z4#)In^u-2Q0;7F4;=4_I;BApcSM}o&ZZs|1UR%icz*u42e%EcpYzm&jS~yBJ=D2o5 z#l=N90FgLP!+a4T8RWiyGa z7%LnZ@d*RG6BDfz&J|)k=nk;IOWB{YP}FJeEvsK&JutJ+d+x#i4Jf5-&$0cPy^*BU1xbubYIX0 zk~0%-%bn^#=X#|G`^0NADMnPSSe4)fp3< zd0xr|&wRw4d&>4o0gXeoL273ptV+L@>H}&r_JVPDSZ6IbyjL zrw5nLXjuT{w&O1|R0AL39an#W9bGND*7aPKxM| zrP!j&eh$6OY@Kia=()65DY>kpX6n~}YW_2p?anLf@S@85xw4s*J7e*B3dh1y^j&35 zDY6R=m_~b~v>D0zHTGN?H#Lz3`U+WOG4_>SA?6124WtC&e&#S@W(+7b)gh{58zkfhv11!|9A~c|iLP zKK`D}Fbb0$e+wh<^x`jk*l#FhH2>Jb(01@3EaCo4Kmk!RDz`Yig0(Yajbk{H#hekk zx8mQ8*I!JrD^V4Jjv;WANsLqh-lkXFJ&K*H%`JjQuphg7plf;F6_D@x0R7UPshsP0 z(L@HqdU$)b)ZuBy*e|nt)tO;Bhq`pIz=8wL&#CJDOj1pP*Kl1Rc$;VNbmzsfqEY{n z*Nbl5z|U{j%~ty1{h_Kfw2Z}QTnJnqCU}e7nQe#B#Hn&l+eRRl*!=?M=K?>eH|C6e z?EDFRxp(OMkpiZHB1*pGH1;kz6(k;wWgV=w%00VfPHg*0nx!S!iEL^FB%42SLP@20 zm4;4}F)%c!!wO~kZ;rs{qP``s%@r5sZht^}$xM5-=kuJ}g~o)8>F8jsU-l9*_8iEHyCr=_*ah3n|@{bxQy3xrqq*p?dD=ys57 zBa(H0mot}cIGP-E3KS8Z{;^#S(^88@KP(c8{TQdx(3|!=4wkntp)Ld}8_~v$4 z$0ZwZ55c_@ucTlvWFg$mcpL5RLEwH0=a592m8ZvEsN5|L`}B9Er2h*%>g{#pPed9d ziadWzI-KG?r*Zp!`J4-D{#$go|<8nKzII?bA}(^GrpF5JpA8S2W}=HXDo z?uapB`nH+`HftO;42|hu{QJ+1y^FAMb<)a9id9t^-qAEs)9ye32_EBL7|(!toIQgG z(7(C+sXV9DKPjc7&O<(tv@4=Pc;Dp;=Eb0jncf+Cc-{fl1 zBIL5c%+pO;t4R3Qwp6i-eed0$4(=tgq8~egv$X7zMiNO-C;mQeBy8QYodt4KhE9Ck5T$`MLK8JlR!rVy>2c5N~3KTQ~p8S17H{`#8WZlR+lswt>>wv<);ZPY)-eN_FauuAVe(#{<|uT{%x z;Dm-Vtf9xa6SUyNs)l7R*vWa;$fpPHnC2-!@6Xhx(vKV$D{COfFB=H;`LkJTj#~w* z?GJ$Xoc_vFGwphG^TqhT6i`1~l9;v02s=jjo72iX$+P~FB`Z2p|G|JCaX)d-L)~#? z4F0`Uq2w?7{5A~<`+Vb;%6`pZi@nOh0hX~tz672>o1wTuY_ld01OJ`h(ZjB-EgJt> zyYXzf!9;Ao?!PEI4f^bF3!j66Tg5a!Z?Z0xWLan$; zqB-3{0TZrNZL2rykL}-zWgou3P-{}l-^j}GXC?@%^&<@rU|JBqVC;zwkPVcL(O>?ZvP(N(JGTFCD?=&Z(IwtXUFiF^s2sa% zej>IuZyrIIEa!kJJu~gQoua#|UbO>N#87Vr@5|ai>l8d-n34*NFWsapmG7gcDH=Yh z?Q~CS>c0sh$_(C&jh(0Bwk>i)j1bFkb)@z*jwEO{+4zd9PfP?yxm(4#M- zV-5~oq7z{;Hdg3ba=#%t_6O4SKz4R_)J+d~I=_F89`G|S!v5Ga9guw~zpN?~a^5}*eY3Z#Zl~qluuZ_zF~@RyQK&OlBgO*mIE-=6|A)xk0FEdcFBzwR zDEc!=ir6CifelT$|Dun);#=@81@`^zsM53S?wY(gm(AK6mj9pG*z_NZf8wqvz@+%$ zxu8Mh+&+gu6&cQK`L}>)?q54EbE5ETpwqUAto=rsQ@u0y7iHX5zkjLp!Ym@KeztF8dztIXwVlej zzn?_!+O%I*FM+9Z_BS`qn{21w z5?#7Yt#8ZQ$@wo&{VUtiz^RgVOIkHWT4(eAv&#-R?_PA}+L4LdYCq}5-n`EzZqRtd zw|a3)PIKzF?Ked#GQy|anq_fmoBzJ0+P`lgxn2h{+Z2Y;(yx}6fNw2 z>)XlgC8_n+F$Y+L%-{A3ZQ`AF^L|?JgN3nyS=o;~ZrlBwwk|%s{*5LVC>;v?Nam1W z;Vo0+K9KN1S>asWah|Rz-~NWzKAdkPGduNHc+TPat=luxFPEk5-!|>g_PyfSe={3bzcokN>V7TxaQ_XL&nA1_$E7P}1Eb#mSu0UF z&nEfNp%oF9Y4@#)t=9*)C2tPlTUz?{%+7h~&ri+%Cz@R#sQ>CwYW#EgkbkOgJ1zmY z3_mi-b*~n3+z49A`|UZa^u@SkyqVUUuk>lGeg8Bw`I~Wk-0?SyTQ2QSV(<(2SAR6| zf4KFcE$im`zS*Mw{Pgd+Z_aNGZFAsg8AYQZfFlI%xIFmJ*jJx<)M&$=ISfGH>FVdQ I&MBb@0DU|#K>z>% diff --git a/scripts/docker-compose-sso-files.txt b/scripts/docker-compose-sso-files.txt new file mode 100644 index 0000000..65cee14 --- /dev/null +++ b/scripts/docker-compose-sso-files.txt @@ -0,0 +1,4 @@ +docker-compose-keycloak.yml +docker-compose-openmrs-sso.yml +docker-compose-senaite-sso.yml +docker-compose-odoo-sso.yml diff --git a/scripts/ozone-urls-template.csv b/scripts/ozone-urls-template.csv index 7d02a7c..163dd8d 100644 --- a/scripts/ozone-urls-template.csv +++ b/scripts/ozone-urls-template.csv @@ -4,3 +4,4 @@ OpenMRS 3,${SERVER_SCHEME}://${O3_HOSTNAME}/openmrs/spa,admin,Admin123,openmrs SENAITE,${SERVER_SCHEME}://${SENAITE_HOSTNAME},admin,password,senaite Odoo,${SERVER_SCHEME}://${ODOO_HOSTNAME},admin,admin,odoo ERPNext,${SERVER_SCHEME}://${ERPNEXT_HOSTNAME},administrator,password,erpnext +Keycloak,${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME},admin,password,keycloak diff --git a/scripts/start-demo-with-sso.sh b/scripts/start-demo-with-sso.sh new file mode 100644 index 0000000..03eaf30 --- /dev/null +++ b/scripts/start-demo-with-sso.sh @@ -0,0 +1,6 @@ +# Enable sso +export ENABLE_SSO=true +echo "$INFO Setting ENABLE_SSO=true..." +echo "→ ENABLE_SSO=$ENABLE_SSO" + +source start-demo.sh diff --git a/scripts/start-with-sso.sh b/scripts/start-with-sso.sh new file mode 100644 index 0000000..74f2593 --- /dev/null +++ b/scripts/start-with-sso.sh @@ -0,0 +1,6 @@ +# Enable sso +export ENABLE_SSO=true +echo "$INFO Setting ENABLE_SSO=true..." +echo "→ ENABLE_SSO=$ENABLE_SSO" + +source start.sh diff --git a/scripts/utils.sh b/scripts/utils.sh index 9164c0d..6a92c27 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -24,9 +24,11 @@ function exportPaths () { echo "$INFO Exporting distro paths..." export OPENMRS_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/initializer_config export OPENMRS_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs/properties + export OPENMRS_TOMCAT_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/tomcat export OPENMRS_MODULES_PATH=$DISTRO_PATH/binaries/openmrs/modules export SPA_PATH=/openmrs/spa export SENAITE_CONFIG_PATH=$DISTRO_PATH/configs/senaite/initializer_config + export SENAITE_OIDC_CONFIG_PATH=$DISTRO_PATH/configs/senaite/oidc export ODOO_EXTRA_ADDONS=$DISTRO_PATH/binaries/odoo/addons export ODOO_CONFIG_PATH=$DISTRO_PATH/configs/odoo/initializer_config/ export ODOO_CONFIG_FILE_PATH=$DISTRO_PATH/configs/odoo/config/odoo.conf @@ -38,12 +40,15 @@ function exportPaths () { export SQL_SCRIPTS_PATH=$DISTRO_PATH/data/ export ERPNEXT_CONFIG_PATH=$DISTRO_PATH/configs/erpnext/initializer_config/ export ERPNEXT_SCRIPTS_PATH=$DISTRO_PATH/binaries/erpnext/scripts/ + export KEYCLOAK_CONFIG_PATH=$DISTRO_PATH/configs/keycloak echo "→ OPENMRS_CONFIG_PATH=$OPENMRS_CONFIG_PATH" echo "→ OPENMRS_PROPERTIES_PATH=$OPENMRS_PROPERTIES_PATH" echo "→ OPENMRS_MODULES_PATH=$OPENMRS_MODULES_PATH" + echo "→ OPENMRS_TOMCAT_CONFIG_PATH=$OPENMRS_TOMCAT_CONFIG_PATH" echo "→ SPA_PATH=$SPA_PATH" echo "→ SENAITE_CONFIG_PATH=$SENAITE_CONFIG_PATH" + echo "→ SENAITE_OIDC_CONFIG_PATH=$SENAITE_OIDC_CONFIG_PATH" echo "→ ODOO_EXTRA_ADDONS=$ODOO_EXTRA_ADDONS" echo "→ ODOO_CONFIG_PATH=$ODOO_CONFIG_PATH" echo "→ ODOO_CONFIG_FILE_PATH=$ODOO_CONFIG_FILE_PATH" @@ -54,7 +59,8 @@ function exportPaths () { echo "→ SQL_SCRIPTS_PATH=$SQL_SCRIPTS_PATH" echo "→ ERPNEXT_CONFIG_PATH=$ERPNEXT_CONFIG_PATH" echo "→ ERPNEXT_SCRIPTS_PATH=$ERPNEXT_SCRIPTS_PATH" - + echo "→ KEYCLOAK_CONFIG_PATH=$KEYCLOAK_CONFIG_PATH" + } function setDockerComposeCLIOptions () { @@ -65,12 +71,18 @@ function setDockerComposeCLIOptions () { export dockerComposeFilesCLIOptions="$dockerComposeFilesCLIOptions -f ../$file" done - # Add restore file if restore env is set + if [ "$ENABLE_SSO" == "true" ]; then + ssoFiles=$(cat docker-compose-sso-files.txt) + for ssoFile in ${ssoFiles}; do + export dockerComposeFilesCLIOptions="$dockerComposeFilesCLIOptions -f ../$ssoFile" + done + fi + # Add restore file if restore env is set if [ "$RESTORE" == "true" ]; then export dockerComposeFilesCLIOptions="$dockerComposeFilesCLIOptions -f ../docker-compose-restore.yml" fi - + # Set the default env file export dockerComposeEnvFilePath="../.env" @@ -115,11 +127,13 @@ function setTraefikHostnames { export ODOO_HOSTNAME=erp-"${IP_WITH_DASHES}.traefik.me" export SENAITE_HOSTNAME=lims-"${IP_WITH_DASHES}.traefik.me" export ERPNEXT_HOSTNAME=erpnext-"${IP_WITH_DASHES}.traefik.me" + export KEYCLOAK_HOSTNAME=auth-"${IP_WITH_DASHES}.traefik.me" export FHIR_ODOO_HOSTNAME=fhir-erp-"${IP_WITH_DASHES}.traefik.me" echo "→ O3_HOSTNAME=$O3_HOSTNAME" echo "→ ODOO_HOSTNAME=$ODOO_HOSTNAME" echo "→ SENAITE_HOSTNAME=$SENAITE_HOSTNAME" echo "→ ERPNEXT_HOSTNAME=$ERPNEXT_HOSTNAME" + echo "→ KEYCLOAK_HOSTNAME=$KEYCLOAK_HOSTNAME" echo "→ FHIR_ODOO_HOSTNAME=$FHIR_ODOO_HOSTNAME" } @@ -132,11 +146,13 @@ function setNginxHostnames { export SENAITE_HOSTNAME="localhost:8081" export ERPNEXT_HOSTNAME="localhost:8082" export FHIR_ODOO_HOSTNAME="localhost:8083" + export KEYCLOAK_HOSTNAME="localhost:8084" echo "→ O3_HOSTNAME=$O3_HOSTNAME" echo "→ ODOO_HOSTNAME=$ODOO_HOSTNAME" echo "→ SENAITE_HOSTNAME=$SENAITE_HOSTNAME" echo "→ ERPNEXT_HOSTNAME=$ERPNEXT_HOSTNAME" echo "→ FHIR_ODOO_HOSTNAME=$FHIR_ODOO_HOSTNAME" + echo "→ KEYCLOAK_HOSTNAME=$KEYCLOAK_HOSTNAME" } @@ -163,15 +179,27 @@ function displayAccessURLsWithCredentials { services=() is_defined=() - # Read docker-compose-files.txt and extract the list of services run + # Read docker-compose-files.txt and docker-compose-sso-files.txt, and extract the list of services run while read -r line; do - serviceWithoutExtension=${line%.yml} - service=${serviceWithoutExtension#docker-compose-} - - services+=("$service") - is_defined+=(1) + if [[ $line != *-sso.yml ]]; then + serviceWithoutExtension=${line%.yml} + service=${serviceWithoutExtension#docker-compose-} + + services+=("$service") + is_defined+=(1) + fi done < docker-compose-files.txt + while read -r line; do + if [[ $line != *-sso.yml ]]; then + serviceWithoutExtension=${line%.yml} + service=${serviceWithoutExtension#docker-compose-} + + services+=("$service") + is_defined+=(1) + fi + done < docker-compose-sso-files.txt + echo "HIS Component,URL,Username,Password" > .urls_1.txt echo "-,-,-,-" >> .urls_1.txt tail -n +2 ozone-urls-template.csv | while IFS=',' read -r component url username password service ; do From 14a99f8fed694f7f7fe079a16c5af31c94ec581c Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Mon, 4 Nov 2024 14:54:39 +0300 Subject: [PATCH 02/22] OZ-573: Remove redundant ODOO_PUBLIC_URL + ENABLE_SSO defaults to empty --- .env | 2 +- docker-compose-odoo-sso.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.env b/.env index 81965c3..96bd0a9 100644 --- a/.env +++ b/.env @@ -11,7 +11,7 @@ SERVER_SCHEME=https HOST_URL=http://172.17.0.1 TIMEZONE=UTC GITPOD_ENV=false -ENABLE_SSO=true +ENABLE_SSO= # # OpenMRS # diff --git a/docker-compose-odoo-sso.yml b/docker-compose-odoo-sso.yml index 4cfa6ea..b9a224d 100644 --- a/docker-compose-odoo-sso.yml +++ b/docker-compose-odoo-sso.yml @@ -5,6 +5,5 @@ services: env-substitution: environment: - - ODOO_PUBLIC_URL=${SERVER_SCHEME}://${ODOO_HOSTNAME} - ODOO_CLIENT_SECRET=${ODOO_CLIENT_SECRET} - ODOO_CLIENT_UUID=${ODOO_CLIENT_UUID} From 8123ade368288b0517225d1e65ae7ee771393614 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Fri, 8 Nov 2024 19:29:35 +0300 Subject: [PATCH 03/22] OZ-573: Exclude/include SSO + cleanups --- .env | 1 + docker-compose-openmrs-sso.yml | 11 ++++++++++- docker-compose-senaite-sso.yml | 30 +++--------------------------- docker-compose-senaite.yml | 25 +++++++++++++++++++------ scripts/start.sh | 5 +++++ scripts/utils.sh | 34 ++++++++++++++++++++++++++++------ 6 files changed, 66 insertions(+), 40 deletions(-) diff --git a/.env b/.env index 96bd0a9..afc4137 100644 --- a/.env +++ b/.env @@ -27,6 +27,7 @@ OPENMRS_DB_NAME=openmrs # OpenMRS frontend # SPA_CONFIG_URLS=/openmrs/spa/configs/ozone-frontend-config.json +SPA_SSO_CONFIG_URLS=${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json SPA_DEFAULT_LOCALE=en # OpenMRS frontend and backend Docker image tag diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index c5cb588..0f6855e 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -3,8 +3,17 @@ services: environment: KEYCLOAK_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} volumes: - - "${OPENMRS_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" + - "${OPENMRS_SSO_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" + - "${OPENMRS_SSO_MODULES_PATH:-openmrs-modules}/${oauth2loginArtifactId}-${oauth2loginVersion}.omod:/openmrs/distribution/openmrs_modules/${oauth2loginArtifactId}-${oauth2loginVersion}.omod" + - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/globalproperties/oauth2-login-props.xml:/openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml" - "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml" + + frontend: + environment: + - SPA_CONFIG_URLS=${SPA_SSO_CONFIG_URLS} + volumes: + - "${OPENMRS_SSO_FRONTEND_CONFIG_PATH}/ozone-sso-frontend-config.json:/usr/share/nginx/html/configs/ozone-sso-frontend-config.json" + env-substitution: environment: - HOST_URL=${SERVER_SCHEME}://${O3_HOSTNAME} diff --git a/docker-compose-senaite-sso.yml b/docker-compose-senaite-sso.yml index 9eacb89..d2fe85d 100644 --- a/docker-compose-senaite-sso.yml +++ b/docker-compose-senaite-sso.yml @@ -1,38 +1,14 @@ services: - env-substitution: - environment: - - SENAITE_CLIENT_SECRET=${SENAITE_CLIENT_SECRET} - - SENAITE_CLIENT_UUID=${SENAITE_CLIENT_UUID} senaite: image: mekomsolutions/senaite-ozonepro restart: unless-stopped environment: - - SITE=${SITE} - - PASSWORD=${SENAITE_ADMIN_PASSWORD} - OAUTH_CONFIG_FILE=/data/oidc/client.json - - RELSTORAGE_ADAPTER_OPTIONS=type postgresql,dsn dbname='${SENAITE_DB_NAME}' user='${SENAITE_DB_USER}' password='${SENAITE_DB_PASSWORD}' host='${SENAITE_DB_HOST}', driver pg8000 - - RELSTORAGE_KEEP_HISTORY=false - - RELSTORAGE_BLOB_DIR=/home/senaite/senaitelims/blobstorage volumes: - - ${SENAITE_CONFIG_PATH}:/data/importdata/senaite - ${SENAITE_OIDC_CONFIG_PATH}/:/data/oidc - - ${SENAITE_BLOBSTORAGE_PATH:-senaite-blobstorage}:/home/senaite/senaitelims/blobstorage - networks: - ozone: - aliases: - - senaite - web: - depends_on: - env-substitution: - condition: service_completed_successfully - postgresql: - condition: service_healthy - postgresql: + env-substitution: environment: - SENAITE_DB_NAME: ${SENAITE_DB_NAME} - SENAITE_DB_USER: ${SENAITE_DB_USER} - SENAITE_DB_PASSWORD: ${SENAITE_DB_PASSWORD} - volumes: - - "${SQL_SCRIPTS_PATH}/postgresql/senaite:/docker-entrypoint-initdb.d/db/senaite" + - SENAITE_CLIENT_SECRET=${SENAITE_CLIENT_SECRET} + - SENAITE_CLIENT_UUID=${SENAITE_CLIENT_UUID} diff --git a/docker-compose-senaite.yml b/docker-compose-senaite.yml index b830614..302fecb 100644 --- a/docker-compose-senaite.yml +++ b/docker-compose-senaite.yml @@ -5,10 +5,14 @@ services: depends_on: env-substitution: condition: service_completed_successfully + postgresql: + condition: service_healthy environment: - SITE=${SITE} - - ADMIN_USER=${SENAITE_ADMIN_USER} - - ADMIN_PASSWORD=${SENAITE_ADMIN_PASSWORD} + - PASSWORD=${SENAITE_ADMIN_PASSWORD} + - RELSTORAGE_ADAPTER_OPTIONS=type postgresql,dsn dbname='${SENAITE_DB_NAME}' user='${SENAITE_DB_USER}' password='${SENAITE_DB_PASSWORD}' host='${SENAITE_DB_HOST}', driver pg8000 + - RELSTORAGE_KEEP_HISTORY=false + - RELSTORAGE_BLOB_DIR=/home/senaite/senaitelims/blobstorage image: mekomsolutions/senaite:latest labels: - "traefik.enable=true" @@ -17,13 +21,14 @@ services: - "traefik.http.routers.senaite.middlewares=senaite" - "traefik.http.middlewares.senaite.addprefix.prefix=/VirtualHostBase/https/${SENAITE_HOSTNAME}/senaite/VirtualHostRoot" networks: - - ozone - - web + ozone: + aliases: + - senaite + web: restart: unless-stopped volumes: - ${SENAITE_CONFIG_PATH}:/data/importdata/senaite - - senaite-filestorage:/data/filestorage - - senaite-blobstorage:/data/blobstorage + - ${SENAITE_BLOBSTORAGE_PATH:-senaite-blobstorage}:/home/senaite/senaitelims/blobstorage # OpenMRS - SENAITE integration service eip-openmrs-senaite: @@ -78,6 +83,14 @@ services: EIP_DB_PASSWORD_SENAITE: ${EIP_DB_PASSWORD_SENAITE} volumes: - "${SQL_SCRIPTS_PATH}/mysql/eip-openmrs-senaite:/docker-entrypoint-initdb.d/db/eip-openmrs-senaite" + + postgresql: + environment: + SENAITE_DB_NAME: ${SENAITE_DB_NAME} + SENAITE_DB_USER: ${SENAITE_DB_USER} + SENAITE_DB_PASSWORD: ${SENAITE_DB_PASSWORD} + volumes: + - "${SQL_SCRIPTS_PATH}/postgresql/senaite:/docker-entrypoint-initdb.d/db/senaite" env-substitution: environment: diff --git a/scripts/start.sh b/scripts/start.sh index 9c3cdd9..56d1997 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -12,6 +12,11 @@ setupDirs # Export the paths variables to point to distro artifacts exportPaths +# Export IP address of the host machine +if [ "$ENABLE_SSO" == "true" ]; then + exportHostIP +fi + # Set the Traefik host names if [ "$TRAEFIK" == "true" ]; then echo "$INFO \$TRAEFIK=true, setting Traefik hostnames..." diff --git a/scripts/utils.sh b/scripts/utils.sh index 6a92c27..65ecead 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -26,6 +26,9 @@ function exportPaths () { export OPENMRS_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs/properties export OPENMRS_TOMCAT_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/tomcat export OPENMRS_MODULES_PATH=$DISTRO_PATH/binaries/openmrs/modules + export OPENMRS_SSO_MODULES_PATH=$DISTRO_PATH/binaries/openmrs_sso/modules + export OPENMRS_SSO_CONFIG_PATH=$DISTRO_PATH/configs/openmrs_sso/initializer_config + export OPENMRS_SSO_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs_sso/properties export SPA_PATH=/openmrs/spa export SENAITE_CONFIG_PATH=$DISTRO_PATH/configs/senaite/initializer_config export SENAITE_OIDC_CONFIG_PATH=$DISTRO_PATH/configs/senaite/oidc @@ -37,6 +40,7 @@ function exportPaths () { export EIP_ERPNEXT_OPENMRS_ROUTES_PATH=$DISTRO_PATH/binaries/eip-erpnext-openmrs export OPENMRS_FRONTEND_BINARY_PATH=$DISTRO_PATH/binaries/openmrs/frontend export OPENMRS_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/frontend_config/ + export OPENMRS_SSO_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs_sso/frontend_config/ export SQL_SCRIPTS_PATH=$DISTRO_PATH/data/ export ERPNEXT_CONFIG_PATH=$DISTRO_PATH/configs/erpnext/initializer_config/ export ERPNEXT_SCRIPTS_PATH=$DISTRO_PATH/binaries/erpnext/scripts/ @@ -101,6 +105,20 @@ function setDockerComposeCLIOptions () { export dockerComposeDemoCLIOptions="--env-file $dockerComposeEnvFilePath -f ../demo/docker-compose.yml" } +function exportHostIP() { + if [[ "$OSTYPE" == "linux-gnu"* ]]; then + # Linux + export HOST_MACHINE_IP=$(hostname -I | awk '{print $1}') + elif [[ "$OSTYPE" == "darwin"* ]]; then + # Mac OSX + export HOST_MACHINE_IP=$(ipconfig getifaddr en0) + else + echo "$ERROR Unsupported OS type: $OSTYPE" + return 1 + fi + echo "$INFO IP address set to: $HOST_MACHINE_IP" +} + function setTraefikIP { if [[ "$OSTYPE" == "linux-gnu"* ]]; then @@ -141,12 +159,13 @@ function setTraefikHostnames { function setNginxHostnames { echo "$INFO Exporting Nginx hostnames..." - export O3_HOSTNAME="localhost" - export ODOO_HOSTNAME="localhost:8069" - export SENAITE_HOSTNAME="localhost:8081" - export ERPNEXT_HOSTNAME="localhost:8082" - export FHIR_ODOO_HOSTNAME="localhost:8083" - export KEYCLOAK_HOSTNAME="localhost:8084" + export O3_HOSTNAME="${HOST_MACHINE_IP:-localhost}" + export ODOO_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8069" + export SENAITE_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8081" + export ERPNEXT_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8082" + export FHIR_ODOO_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8083" + export KEYCLOAK_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8084" + echo "→ O3_HOSTNAME=$O3_HOSTNAME" echo "→ ODOO_HOSTNAME=$ODOO_HOSTNAME" echo "→ SENAITE_HOSTNAME=$SENAITE_HOSTNAME" @@ -205,6 +224,9 @@ function displayAccessURLsWithCredentials { tail -n +2 ozone-urls-template.csv | while IFS=',' read -r component url username password service ; do for i in "${!services[@]}"; do if [[ "${services[$i]}" == "$service" && "${is_defined[$i]}" == 1 ]]; then + if [[ "$service" == "keycloak" && "$ENABLE_SSO" == "false" ]]; then + continue + fi echo "$component,$url,$username,$password" >> .urls_1.txt break fi From c0f6d30c0357750501d81e6931f6892be4a10f8b Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Tue, 12 Nov 2024 20:30:00 +0300 Subject: [PATCH 04/22] OZ-573: SSO support for bundled-docker --- .env | 6 +- .../docker-compose-bundled-sso.yml.template | 418 ++++++++++++++++++ bundled-docker/frontend/Dockerfile | 15 + bundled-docker/frontend/startup.sh | 2 +- bundled-docker/keycloak/Dockerfile | 3 + bundled-docker/openmrs/Dockerfile | 2 +- bundled-docker/openmrs/Dockerfile-sso | 7 + bundled-docker/pom.xml | 4 +- bundled-docker/postgresql/Dockerfile | 20 +- bundled-docker/proxy/default.conf.template | 11 + bundled-docker/senaite/Dockerfile | 2 +- bundled-docker/senaite/Dockerfile-sso | 3 + docker-compose-openmrs-sso.yml | 2 +- 13 files changed, 487 insertions(+), 8 deletions(-) create mode 100644 bundled-docker/docker-compose-bundled-sso.yml.template create mode 100644 bundled-docker/keycloak/Dockerfile create mode 100644 bundled-docker/openmrs/Dockerfile-sso create mode 100644 bundled-docker/senaite/Dockerfile-sso diff --git a/.env b/.env index afc4137..41e52e8 100644 --- a/.env +++ b/.env @@ -7,7 +7,7 @@ # # Host # -SERVER_SCHEME=https +SERVER_SCHEME=http HOST_URL=http://172.17.0.1 TIMEZONE=UTC GITPOD_ENV=false @@ -27,7 +27,6 @@ OPENMRS_DB_NAME=openmrs # OpenMRS frontend # SPA_CONFIG_URLS=/openmrs/spa/configs/ozone-frontend-config.json -SPA_SSO_CONFIG_URLS=${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json SPA_DEFAULT_LOCALE=en # OpenMRS frontend and backend Docker image tag @@ -190,6 +189,9 @@ OPENMRS_CLIENT_SECRET=AYmNV4AEHA0Tlxwa ODOO_CLIENT_UUID=70a0e2fd-2bb2-4417-9fc6-22cdca1bb5be ODOO_CLIENT_SECRET=z3epa8rE66tUIZz6 +EIP_CLIENT_SECRET=secret +KEYCLOAK_ADMIN_SA_CLIENT_SECRET=secret + # # Backup # diff --git a/bundled-docker/docker-compose-bundled-sso.yml.template b/bundled-docker/docker-compose-bundled-sso.yml.template new file mode 100644 index 0000000..f3a72ff --- /dev/null +++ b/bundled-docker/docker-compose-bundled-sso.yml.template @@ -0,0 +1,418 @@ +networks: + ozone: + web: + external: true + +services: + mysql: + command: + - --character-set-server=utf8mb4 + - --collation-server=utf8mb4_unicode_ci + - --skip-character-set-client-handshake + - --skip-innodb-read-only-compressed + - --log-bin=mysqld-bin + - --binlog-format=ROW + - --server-id=2 + - --sync-binlog=1 + - --binlog-annotate-row-events=0 + environment: + MYSQL_ROOT_PASSWORD: "\${MYSQL_ROOT_PASSWORD}" + EIP_DB_NAME_ODOO: \${EIP_DB_NAME_ODOO} + EIP_DB_USER_ODOO: \${EIP_DB_USER_ODOO} + EIP_DB_PASSWORD_ODOO: \${EIP_DB_PASSWORD_ODOO} + OPENMRS_DB_NAME: \${OPENMRS_DB_NAME} + OPENMRS_DB_USER: \${OPENMRS_DB_USER} + OPENMRS_DB_PASSWORD: \${OPENMRS_DB_PASSWORD} + EIP_DB_NAME_SENAITE: \${EIP_DB_NAME_SENAITE} + EIP_DB_USER_SENAITE: \${EIP_DB_USER_SENAITE} + EIP_DB_PASSWORD_SENAITE: \${EIP_DB_PASSWORD_SENAITE} + healthcheck: + test: "exit 0" + image: ${dockerUserName}/${sanitizedArtifactId}-mysql:${dockertag} + networks: + - ozone + ports: + - "3306:3306" + restart: unless-stopped + volumes: + - "\${MYSQL_DATADIR:-mysql-data}:/var/lib/mysql" + + postgresql: + command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10" + image: ${dockerUserName}/${sanitizedArtifactId}-postgresql-sso:${dockertag} + environment: + POSTGRES_DB: postgres + POSTGRES_USER: \${POSTGRES_USER} + POSTGRES_PASSWORD: \${POSTGRES_PASSWORD} + ODOO_DB_NAME: \${ODOO_DATABASE} + ODOO_DB_USER: \${ODOO_DB_USER} + ODOO_DB_PASSWORD: \${ODOO_DB_PASSWORD} + KEYCLOAK_DB: \${KEYCLOAK_DB} + KEYCLOAK_DB_SCHEMA: \${KEYCLOAK_DB_SCHEMA} + KEYCLOAK_DB_USER: \${KEYCLOAK_DB_USER} + KEYCLOAK_DB_PASSWORD: \${KEYCLOAK_DB_PASSWORD} + SENAITE_DB_NAME: \${SENAITE_DB_NAME} + SENAITE_DB_USER: \${SENAITE_DB_USER} + SENAITE_DB_PASSWORD: \${SENAITE_DB_PASSWORD} + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + networks: + - ozone + ports: + - "5432:5432" + restart: unless-stopped + volumes: + - "\${POSTGRES_DATADIR:-postgresql-data}:/var/lib/postgresql/data" + keycloak: + image: ${dockerUserName}/${sanitizedArtifactId}-keycloak:${dockertag} + restart: unless-stopped + environment: + KC_HOSTNAME_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + PROXY_ADDRESS_FORWARDING: "true" + KC_HTTP_ENABLED: 'true' + KC_HOSTNAME_STRICT_BACKCHANNEL: "true" + KC_PROXY: reencrypt + KC_HEALTH_ENABLED: 'true' + KC_METRICS_ENABLED: 'true' + KEYCLOAK_DATABASE_VENDOR: postgresql + KEYCLOAK_DATABASE_HOST: postgresql + KEYCLOAK_DATABASE_PORT_NUMBER: 5432 + KEYCLOAK_DATABASE_NAME: \${KEYCLOAK_DB} + KEYCLOAK_DATABASE_USER: \${KEYCLOAK_DB_USER} + KEYCLOAK_DATABASE_PASSWORD: \${KEYCLOAK_DB_PASSWORD} + KEYCLOAK_DATABASE_SCHEMA: \${KEYCLOAK_DB_SCHEMA} + KEYCLOAK_CREATE_ADMIN_USER: "true" + KEYCLOAK_ADMIN_USER: \${KEYCLOAK_USER} + KEYCLOAK_ADMIN_PASSWORD: \${KEYCLOAK_PASSWORD} + ODOO_PUBLIC_URL: \${SERVER_SCHEME}://\${ODOO_HOSTNAME} + OPENMRS_PUBLIC_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME} + SENAITE_PUBLIC_URL: \${SERVER_SCHEME}://\${SENAITE_HOSTNAME} + ODOO_CLIENT_SECRET: \${ODOO_CLIENT_SECRET} + ODOO_CLIENT_UUID: \${ODOO_CLIENT_UUID} + OPENMRS_CLIENT_SECRET: \${OPENMRS_CLIENT_SECRET} + OPENMRS_CLIENT_UUID: \${OPENMRS_CLIENT_UUID} + SENAITE_CLIENT_SECRET: \${SENAITE_CLIENT_SECRET} + SENAITE_CLIENT_UUID: \${SENAITE_CLIENT_UUID} + KEYCLOAK_ADMIN_SA_CLIENT_SECRET: \${KEYCLOAK_ADMIN_SA_CLIENT_SECRET} + EIP_CLIENT_SECRET: \${EIP_CLIENT_SECRET} + KEYCLOAK_EXTRA_ARGS_PREPENDED: "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true" + KEYCLOAK_EXTRA_ARGS: " + -Dkeycloak.profile.feature.scripts=enabled + -Dkeycloak.migration.replace-placeholders=true + -Dkeycloak.migration.action=import + -Dkeycloak.migration.provider=dir + -Dkeycloak.migration.dir=/keycloak-files/realm-config + -Dkeycloak.migration.strategy=OVERWRITE_EXISTING" + + healthcheck: + test: ["CMD", "curl", "-f", "http://0.0.0.0:8080/health/ready"] + interval: 15s + timeout: 3s + retries: 5 + start_period: 30s + + depends_on: + postgresql: + condition: service_started + networks: + ozone: + web: + labels: + traefik.enable: "true" + traefik.http.routers.keycloak.rule: "Host(`\${KEYCLOAK_HOSTNAME}`)" + traefik.http.routers.keycloak.entrypoints: "websecure" + traefik.http.services.keycloak.loadbalancer.server.port: 8080 + + # Odoo + odoo: + depends_on: + postgresql: + condition: service_healthy + environment: + - HOST=\${POSTGRES_DB_HOST} + - USER=\${ODOO_DB_USER} + - PASSWORD=\${ODOO_DB_PASSWORD} + - ADDONS=sale_management,stock,account_account,purchase,mrp,mrp_product_expiry,product_expiry,l10n_generic_coa,odoo_initializer,ozone_settings,server_environment,auth_oidc_environment,auth_oidc + - INITIALIZER_DATA_FILES_PATH=/mnt/odoo_config + - INITIALIZER_CONFIG_FILE_PATH=/mnt/odoo_config/initializer_config.json + - ODOO_CLIENT_SECRET=\${ODOO_CLIENT_SECRET} + - ODOO_CLIENT_UUID=\${ODOO_CLIENT_UUID} + - KEYCLOAK_URL=\${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + image: ${dockerUserName}/${sanitizedArtifactId}-odoo:${dockertag} + labels: + traefik.enable: true + # https + traefik.http.routers.odoo-https.rule: Host(`\${ODOO_HOSTNAME}`) + traefik.http.routers.odoo-https.entrypoints: websecure + traefik.http.routers.odoo-https.service: odoo + traefik.http.routers.odoo-https.middlewares: gzip,sslheader,limit + #----------------------------- routes for: odoo/web/database || odoo/website/info ----------------------------- + # https + traefik.http.routers.odoo-db-https.rule: Host(`\${ODOO_HOSTNAME}`) && (PathPrefix(`/web/database`) || PathPrefix(`/website/info`)) + traefik.http.routers.odoo-db-https.entrypoints: websecure + traefik.http.routers.odoo-db-https.service: odoo + traefik.http.routers.odoo-db-https.middlewares: gzip,sslheader,limit + traefik.http.services.odoo-db-https.loadbalancer.server.port: 8069 + #---------------------------------------- routes for: odoo/longpolling ------------------------------------------------ + # https + traefik.http.routers.odoo-im-https.rule: Host(`\${ODOO_HOSTNAME}`) && (PathPrefix(`/longpolling`)) + traefik.http.routers.odoo-im-https.entrypoints: websecure + traefik.http.routers.odoo-im-https.service: odoo-im + traefik.http.routers.odoo-im-https.middlewares: gzip,sslheader,limit + + #====================================================== services =========================================================== + traefik.http.services.odoo.loadbalancer.server.port: 8069 + traefik.http.services.odoo-im.loadbalancer.server.port: 8072 + + #===================================================== middlewares ========================================================= + traefik.http.middlewares.gzip.compress: true + traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: https + traefik.http.middlewares.limit.buffering.memRequestBodyBytes: 20971520 + traefik.http.middlewares.limit.buffering.maxRequestBodyBytes: 20971520 + networks: + - ozone + - web + restart: unless-stopped + volumes: + - "\${ODOO_FILESTORE:-odoo-filestore}:/var/lib/odoo/filestore" + - "\${ODOO_CONFIG_CHECKSUMS_PATH:-odoo-checksums}:/mnt/checksums" + + # Odoo - OpenMRS integration service + eip-odoo-openmrs: + depends_on: + openmrs: + condition: service_healthy + mysql: + condition: service_started + odoo: + condition: service_started + environment: + - EIP_DB_NAME_ODOO=\${EIP_DB_NAME_ODOO} + - EIP_DB_USER_ODOO=\${EIP_DB_USER_ODOO} + - EIP_DB_PASSWORD_ODOO=\${EIP_DB_PASSWORD_ODOO} + - ODOO_DATABASE=\${ODOO_DATABASE} + - ODOO_USER=\${ODOO_USER} + - ODOO_PASSWORD=\${ODOO_PASSWORD} + - CREATE_CUSTOMER_IF_NOT_EXIST=\${CREATE_CUSTOMER_IF_NOT_EXIST} + - ODOO_CUSTOMER_EXTERNAL_ID=\${ODOO_CUSTOMER_EXTERNAL_ID} + - ODOO_CUSTOMER_DOB_FIELD=\${ODOO_CUSTOMER_DOB_FIELD} + - ODOO_CUSTOMER_WEIGHT_FIELD=\${ODOO_CUSTOMER_WEIGHT_FIELD} + - EMR_WEIGHT_CONCEPT=\${EMR_WEIGHT_CONCEPT} + - OPENMRS_IDENTIFIER_TYPE_UUID=\${OPENMRS_IDENTIFIER_TYPE_UUID} + - ODOO_URL=http://odoo:8069 + - OPENMRS_URL=http://openmrs:8080/openmrs + - EIP_PROFILE=prod + - MYSQL_ADMIN_USER=root + - MYSQL_ADMIN_USER_PASSWORD=\${MYSQL_ROOT_PASSWORD} + - OPENMRS_DB_HOST=\${OPENMRS_DB_HOST} + - OPENMRS_DB_PORT=\${OPENMRS_DB_PORT} + - OPENMRS_DB_NAME=\${OPENMRS_DB_NAME} + - OPENMRS_DB_USER=\${OPENMRS_DB_USER} + - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} + - OPENMRS_USER=\${OPENMRS_USER} + - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} + - EIP_FHIR_RESOURCES=Patient,ServiceRequest,MedicationRequest + - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 + - EIP_FHIR_USERNAME=\${OPENMRS_USER} + - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} + image: ${dockerUserName}/${sanitizedArtifactId}-eip-odoo-openmrs:${dockertag} + networks: + ozone: + aliases: + - eip-client-odoo + - eip-odoo-openmrs + restart: unless-stopped + volumes: + - eip-home-odoo:/eip-home + # OpenMRS 3 Backend + openmrs: + depends_on: + mysql: + condition: service_started + environment: + OMRS_CONFIG_MODULE_WEB_ADMIN: "true" + OMRS_CONFIG_AUTO_UPDATE_DATABASE: "true" + OMRS_CONFIG_CREATE_TABLES: "true" + OMRS_CONFIG_CONNECTION_SERVER: mysql + OMRS_CONFIG_CONNECTION_DATABASE: openmrs + OMRS_CONFIG_CONNECTION_USERNAME: \${OPENMRS_DB_USER:-openmrs} + OMRS_CONFIG_CONNECTION_PASSWORD: \${OPENMRS_DB_PASSWORD:-openmrs} + HOST_URL: https://\${O3_HOSTNAME} + KEYCLOAK_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + KEYCLOAK_AUTH_SERVER_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + OPENMRS_CLIENT_SECRET: \${OPENMRS_CLIENT_SECRET} + healthcheck: + test: [ "CMD", "curl", "-f", "http://localhost:8080/openmrs/health/started" ] + interval: 10s + timeout: 5s + retries: 48 + start_period: 120s + image: ${dockerUserName}/${sanitizedArtifactId}-openmrs-backend-sso:${dockertag} + labels: + traefik.enable: "true" + traefik.http.routers.openmrs.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs`)" + traefik.http.routers.openmrs.entrypoints: "websecure" + traefik.http.services.openmrs.loadbalancer.server.port: 8080 + traefik.http.routers.openmrs.middlewares: openmrs-spa-redirectregex + traefik.http.middlewares.openmrs-spa-redirectregex.redirectregex.regex: https://\${O3_HOSTNAME}/openmrs/spa + traefik.http.middlewares.openmrs-spa-redirectregex.redirectregex.replacement: https://\${O3_HOSTNAME}/openmrs/spa/home + networks: + - ozone + - web + restart: unless-stopped + volumes: + - "openmrs-data:/openmrs/data" + - "\${OPENMRS_CONFIG_CHECKSUMS_PATH:-openmrs-config-checksums}:/openmrs/data/configuration_checksums" + + # OpenMRS 3 Frontend + frontend: + environment: + SPA_PATH: /openmrs/spa + API_URL: /openmrs + SPA_CONFIG_URLS: \${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json + SPA_DEFAULT_LOCALE: \${SPA_DEFAULT_LOCALE} + ODOO_PUBLIC_URL: \${SERVER_SCHEME}://\${ODOO_HOSTNAME:-http://localhost:8069} + OPENMRS_PUBLIC_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME:-http://localhost} + SENAITE_PUBLIC_URL: \${SERVER_SCHEME}://\${SENAITE_HOSTNAME:-http://localhost:8081} + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost/"] + timeout: 5s + image: ${dockerUserName}/${sanitizedArtifactId}-openmrs-frontend-sso:${dockertag} + labels: + traefik.enable: "true" + traefik.http.routers.frontend.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs/spa/`)" + traefik.http.routers.frontend.entrypoints: "websecure" + traefik.http.routers.frontend.middlewares: frontend-stripprefix,gzip + traefik.http.services.frontend.loadbalancer.server.port: 80 + + traefik.http.routers.home.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/home`)" + traefik.http.routers.home.entrypoints: "websecure" + traefik.http.routers.home.middlewares: home-redirectregex + + traefik.http.routers.root.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/`)" + traefik.http.routers.root.entrypoints: "websecure" + traefik.http.routers.root.middlewares: root-redirectregex + + traefik.http.middlewares.frontend-stripprefix.stripprefix.prefixes: /openmrs/spa + traefik.http.middlewares.frontend-stripprefix.stripprefix.forceslash: false + traefik.http.middlewares.home-redirectregex.redirectregex.regex: https://\${O3_HOSTNAME}/home + traefik.http.middlewares.home-redirectregex.redirectregex.replacement: https://\${O3_HOSTNAME}/openmrs/spa/home + traefik.http.middlewares.root-redirectregex.redirectregex.regex: https://\${O3_HOSTNAME} + traefik.http.middlewares.root-redirectregex.redirectregex.replacement: https://\${O3_HOSTNAME}/openmrs/spa/home + traefik.http.middlewares.gzip.compress: true + networks: + - ozone + - web + restart: unless-stopped + # SENAITE + senaite: + environment: + - SITE=\${SITE} + - ADMIN_USER=\${SENAITE_ADMIN_USER} + - ADMIN_PASSWORD=\${SENAITE_ADMIN_PASSWORD} + - OAUTH_CONFIG_FILE=/data/oidc/client.json + - KEYCLOAK_URL=\${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + - SENAITE_CLIENT_SECRET=\${SENAITE_CLIENT_SECRET} + - SENAITE_CLIENT_UUID=\${SENAITE_CLIENT_UUID} + image: ${dockerUserName}/${sanitizedArtifactId}-senaite-sso:${dockertag} + labels: + - "traefik.enable=true" + - "traefik.http.services.senaite.loadbalancer.server.port=8080" + - "traefik.http.routers.senaite.rule=Host(`\${SENAITE_HOSTNAME}`)" + - "traefik.http.routers.senaite.middlewares=senaite" + - "traefik.http.middlewares.senaite.addprefix.prefix=/VirtualHostBase/https/\${SENAITE_HOSTNAME}/senaite/VirtualHostRoot" + networks: + - ozone + - web + restart: unless-stopped + volumes: + - senaite-filestorage:/data/filestorage + - senaite-blobstorage:/data/blobstorage + + # OpenMRS - SENAITE integration service + eip-openmrs-senaite: + depends_on: + openmrs: + condition: service_healthy + mysql: + condition: service_started + senaite: + condition: service_started + environment: + - SENAITE_SERVER_URL=http://senaite:8080/senaite + - SENAITE_SERVER_USER=\${SENAITE_ADMIN_USER} + - SENAITE_SERVER_PASSWORD=\${SENAITE_ADMIN_PASSWORD} + - OPENMRS_SERVER_URL=http://openmrs:8080/openmrs + - OPENMRS_SERVER_USER=\${OPENMRS_USER} + - OPENMRS_SERVER_PASSWORD=\${OPENMRS_PASSWORD} + - OPENMRS_RESULTS_ENCOUNTER_TYPE_UUID=\${RESULTS_ENCOUNTER_TYPE_UUID} + - OPENMRS_IDENTIFIER_TYPE_UUID=\${OPENMRS_IDENTIFIER_TYPE_UUID} + - OPENMRS_CONCEPT_COMPLEX_UUID=\${CONCEPT_COMPLEX_UUID} + - EIP_PROFILE=prod + - EIP_DB_NAME_SENAITE=\${EIP_DB_NAME_SENAITE} + - EIP_DB_USER_SENAITE=\${EIP_DB_USER_SENAITE} + - EIP_DB_PASSWORD_SENAITE=\${EIP_DB_PASSWORD_SENAITE} + - MYSQL_ADMIN_USER=root + - MYSQL_ADMIN_USER_PASSWORD=\${MYSQL_ROOT_PASSWORD} + - OPENMRS_DB_HOST=\${OPENMRS_DB_HOST} + - OPENMRS_DB_PORT=\${OPENMRS_DB_PORT} + - OPENMRS_DB_NAME=\${OPENMRS_DB_NAME} + - OPENMRS_DB_USER=\${OPENMRS_DB_USER} + - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} + - OPENMRS_USER=\${OPENMRS_USER} + - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} + - EIP_FHIR_RESOURCES=Patient,ServiceRequest,MedicationRequest + - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 + - EIP_FHIR_USERNAME=\${OPENMRS_USER} + - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} + image: ${dockerUserName}/${sanitizedArtifactId}-eip-openmrs-senaite:${dockertag} + networks: + ozone: + aliases: + - eip-client-senaite + restart: unless-stopped + volumes: + - eip-home-senaite:/eip-home + proxy: + restart: unless-stopped + image: ${dockerUserName}/${sanitizedArtifactId}-proxy:${dockertag} + healthcheck: + test: + - CMD + - curl + - "-f" + - "http://localhost/" + networks: + ozone: + ports: + - "\${PROXY_PUBLIC_PORT:-80}:80" + - "8069:8069" + - "8081:8081" + - "8088:8088" + - "8082:8082" + - "8084:8084" + volumes: + - "\${PROXY_TLS_CERTS_PATH:-proxy-tls-certs}:/etc/tls" + +volumes: + mysql-data: ~ + postgresql-data: ~ + eip-home-odoo: ~ + odoo-checksums: ~ + odoo-config: ~ + odoo-extra-addons: ~ + odoo-filestore: ~ + odoo-web-data: ~ + openmrs-core: ~ + openmrs-config: ~ + openmrs-config-checksums: ~ + openmrs-data: ~ + openmrs-modules: ~ + openmrs-owas: ~ + eip-home-senaite: ~ + senaite-blobstorage: ~ + senaite-filestorage: ~ + proxy-tls-certs: ~ diff --git a/bundled-docker/frontend/Dockerfile b/bundled-docker/frontend/Dockerfile index 113b706..a66a9b3 100644 --- a/bundled-docker/frontend/Dockerfile +++ b/bundled-docker/frontend/Dockerfile @@ -1,6 +1,21 @@ FROM openmrs/openmrs-reference-application-3-frontend:nightly + +ARG ENABLE_SSO=false + ADD distro/binaries/openmrs/frontend /usr/share/nginx/html ADD distro/configs/openmrs/frontend_config /usr/share/nginx/html/configs + +# Copy SSO configuration file to a temporary location +COPY distro/configs/openmrs_sso/frontend_config/ozone-sso-frontend-config.json /tmp/ozone-sso-frontend-config.json + +# Add SSO configurations if SSO is enabled +RUN if [ "$ENABLE_SSO" = "true" ]; then \ + cp /tmp/ozone-sso-frontend-config.json /usr/share/nginx/html/configs/ozone-sso-frontend-config.json; \ +fi + +# Remove the temporary SSO configuration file +RUN rm /tmp/ozone-sso-frontend-config.json + RUN mkdir -p /app WORKDIR /app COPY bundled-docker/frontend/startup.sh /app diff --git a/bundled-docker/frontend/startup.sh b/bundled-docker/frontend/startup.sh index 7f60d42..1e63ad6 100755 --- a/bundled-docker/frontend/startup.sh +++ b/bundled-docker/frontend/startup.sh @@ -3,6 +3,6 @@ set -e for f in /usr/share/nginx/html/configs/*.json; do echo "processing===> $f"; - envsubst < $f | sponge $f; + envsubst < "$f" | sponge "$f"; done /usr/local/bin/startup.sh diff --git a/bundled-docker/keycloak/Dockerfile b/bundled-docker/keycloak/Dockerfile new file mode 100644 index 0000000..37e68bd --- /dev/null +++ b/bundled-docker/keycloak/Dockerfile @@ -0,0 +1,3 @@ +FROM docker.io/bitnami/keycloak:22.0.5 +ADD configs/keycloak/realms /keycloak-files/realm-config +ADD configs/keycloak/themes/carbon /opt/bitnami/keycloak/themes/carbon diff --git a/bundled-docker/openmrs/Dockerfile b/bundled-docker/openmrs/Dockerfile index 4a5357f..eb8680d 100644 --- a/bundled-docker/openmrs/Dockerfile +++ b/bundled-docker/openmrs/Dockerfile @@ -1,3 +1,3 @@ FROM openmrs/openmrs-reference-application-3-backend:nightly ADD binaries/openmrs/modules /openmrs/distribution/openmrs_modules -ADD configs/openmrs/initializer_config /openmrs/distribution/openmrs_config \ No newline at end of file +ADD configs/openmrs/initializer_config /openmrs/distribution/openmrs_config diff --git a/bundled-docker/openmrs/Dockerfile-sso b/bundled-docker/openmrs/Dockerfile-sso new file mode 100644 index 0000000..98635a5 --- /dev/null +++ b/bundled-docker/openmrs/Dockerfile-sso @@ -0,0 +1,7 @@ +FROM openmrs/openmrs-reference-application-3-backend:3.1.1 +ADD binaries/openmrs/modules /openmrs/distribution/openmrs_modules +ADD configs/openmrs/initializer_config /openmrs/distribution/openmrs_config +ADD configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties +ADD configs/openmrs_sso/properties/oauth2.properties /openmrs/data/oauth2.properties +ADD configs/openmrs_sso/initializer_config/globalproperties/oauth2-login-props.xml /openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml +ADD binaries/openmrs_sso/modules/* /openmrs/distribution/openmrs_modules diff --git a/bundled-docker/pom.xml b/bundled-docker/pom.xml index 7871686..5a0c016 100644 --- a/bundled-docker/pom.xml +++ b/bundled-docker/pom.xml @@ -76,7 +76,9 @@ postgresql/** proxy/** senaite/** + keycloak/** docker-compose-bundled.yml.template + docker-compose-bundled-sso.yml.template @@ -105,4 +107,4 @@ - \ No newline at end of file + diff --git a/bundled-docker/postgresql/Dockerfile b/bundled-docker/postgresql/Dockerfile index 96e4c04..a202867 100644 --- a/bundled-docker/postgresql/Dockerfile +++ b/bundled-docker/postgresql/Dockerfile @@ -1,3 +1,21 @@ FROM postgres:13 + +# Argument to enable/disable SSO +ARG ENABLE_SSO=false + ADD data/postgresql/create_db.sh /docker-entrypoint-initdb.d/create_db.sh -ADD data/postgresql/odoo /docker-entrypoint-initdb.d/db/odoo \ No newline at end of file +ADD data/postgresql/odoo /docker-entrypoint-initdb.d/db/odoo + +# Copy SSO configurations & binaries to a temporary location +COPY data/postgresql/senaite /tmp/senaite +COPY data/postgresql/keycloak /tmp/keycloak + +# Add SSO configurations & binaries if SSO is enabled +RUN if [ "$ENABLE_SSO" = "true" ]; then \ + cp -r /tmp/senaite /docker-entrypoint-initdb.d/db/senaite && \ + cp -r /tmp/keycloak /docker-entrypoint-initdb.d/db/keycloak; \ +fi + +# Remove the temporary SSO configurations & binaries \ +RUN rm -rf /tmp/senaite && \ + rm -rf /tmp/keycloak \ diff --git a/bundled-docker/proxy/default.conf.template b/bundled-docker/proxy/default.conf.template index 82d9ec4..98e5c35 100644 --- a/bundled-docker/proxy/default.conf.template +++ b/bundled-docker/proxy/default.conf.template @@ -151,3 +151,14 @@ server { proxy_pass http://$senaite; } } + +server { + listen 8084; + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forward-Proto http; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + set $keycloak keycloak:8080; + proxy_pass http://$keycloak; + } +} diff --git a/bundled-docker/senaite/Dockerfile b/bundled-docker/senaite/Dockerfile index ba8f7e9..df17d91 100644 --- a/bundled-docker/senaite/Dockerfile +++ b/bundled-docker/senaite/Dockerfile @@ -1,2 +1,2 @@ FROM mekomsolutions/senaite -ADD configs/senaite/initializer_config /data/importdata/senaite \ No newline at end of file +ADD configs/senaite/initializer_config /data/importdata/senaite diff --git a/bundled-docker/senaite/Dockerfile-sso b/bundled-docker/senaite/Dockerfile-sso new file mode 100644 index 0000000..5496135 --- /dev/null +++ b/bundled-docker/senaite/Dockerfile-sso @@ -0,0 +1,3 @@ +FROM mekomsolutions/senaite-ozonepro +ADD configs/senaite/initializer_config /data/importdata/senaite +ADD configs/senaite/oidc /data/oidc diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index 0f6855e..7b4c4cc 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -10,7 +10,7 @@ services: frontend: environment: - - SPA_CONFIG_URLS=${SPA_SSO_CONFIG_URLS} + - SPA_CONFIG_URLS=${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json volumes: - "${OPENMRS_SSO_FRONTEND_CONFIG_PATH}/ozone-sso-frontend-config.json:/usr/share/nginx/html/configs/ozone-sso-frontend-config.json" From 8b888067812fbdbce1aa8d0621669d687c4b52d3 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Wed, 13 Nov 2024 20:00:12 +0300 Subject: [PATCH 05/22] OZ-573: SSO support for eip services --- .env | 30 ++++++++++++++++++--------- docker-compose-odoo-sso.yml | 8 +++++++ docker-compose-senaite-sso.yml | 8 +++++++ scripts/start-demo-with-sso.sh | 1 + scripts/start-with-sso.sh | 1 + scripts/utils.sh | 38 +++++++++++++++++++--------------- 6 files changed, 59 insertions(+), 27 deletions(-) diff --git a/.env b/.env index 41e52e8..9087bab 100644 --- a/.env +++ b/.env @@ -8,10 +8,12 @@ # Host # SERVER_SCHEME=http -HOST_URL=http://172.17.0.1 +HOST_IP_ADDRESS= +HOST_NAME=${HOST_IP_ADDRESS:-localhost} +HOST_URL=${SERVER_SCHEME}://${HOST_NAME} TIMEZONE=UTC GITPOD_ENV=false -ENABLE_SSO= +ENABLE_SSO=false # # OpenMRS # @@ -167,12 +169,21 @@ ODOO_CONFIG_CHECKSUMS_PATH= # # Public Hostnames # -O3_HOSTNAME=emr-172-17-0-1.traefik.me -ODOO_HOSTNAME=erp-172-17-0-1.traefik.me -SENAITE_HOSTNAME=lims-172-17-0-1.traefik.me -ERPNEXT_HOSTNAME=erpnext-172-17-0-1.traefik.me -FHIR_ODOO_HOSTNAME=fhir-erp-172-17-0-1.traefik.me -KEYCLOAK_HOSTNAME=auth-172-17-0-1.traefik.me +O3_HOSTNAME=${HOST_NAME} +ODOO_HOSTNAME=${HOST_NAME}:8069 +SENAITE_HOSTNAME=${HOST_NAME}:8081 +ERPNEXT_HOSTNAME=${HOST_NAME}:8082 +FHIR_ODOO_HOSTNAME=${HOST_NAME}:8083 +KEYCLOAK_HOSTNAME=${HOST_NAME}:8084 + +# +# EIP OAuth2 +# +OAUTH_ENABLED=false +OAUTH_CLIENT_ID=eip +OAUTH_CLIENT_SECRET=h9PQzv6zWnVl1yxnhdfZulnW7FPqPlci +OAUTH_CLIENT_SCOPE=openid +OAUTH_ACCESS_TOKEN_URL=http://keycloak:8080/realms/ozone/protocol/openid-connect/token # # Sample SSO Client Secrets used in the demo script @@ -189,8 +200,7 @@ OPENMRS_CLIENT_SECRET=AYmNV4AEHA0Tlxwa ODOO_CLIENT_UUID=70a0e2fd-2bb2-4417-9fc6-22cdca1bb5be ODOO_CLIENT_SECRET=z3epa8rE66tUIZz6 -EIP_CLIENT_SECRET=secret -KEYCLOAK_ADMIN_SA_CLIENT_SECRET=secret +KEYCLOAK_ADMIN_SA_CLIENT_SECRET=5HuMNB6gwHd0fY2L # # Backup diff --git a/docker-compose-odoo-sso.yml b/docker-compose-odoo-sso.yml index b9a224d..21ec8ac 100644 --- a/docker-compose-odoo-sso.yml +++ b/docker-compose-odoo-sso.yml @@ -7,3 +7,11 @@ services: environment: - ODOO_CLIENT_SECRET=${ODOO_CLIENT_SECRET} - ODOO_CLIENT_UUID=${ODOO_CLIENT_UUID} + + eip-odoo-openmrs: + environment: + OAUTH_ACCESS_TOKEN_URL: ${OAUTH_ACCESS_TOKEN_URL} + OAUTH_ENABLED: ${OAUTH_ENABLED} + OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID} + OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET} + OAUTH_CLIENT_SCOPE: ${OAUTH_CLIENT_SCOPE} diff --git a/docker-compose-senaite-sso.yml b/docker-compose-senaite-sso.yml index d2fe85d..1793070 100644 --- a/docker-compose-senaite-sso.yml +++ b/docker-compose-senaite-sso.yml @@ -12,3 +12,11 @@ services: environment: - SENAITE_CLIENT_SECRET=${SENAITE_CLIENT_SECRET} - SENAITE_CLIENT_UUID=${SENAITE_CLIENT_UUID} + + eip-openmrs-senaite: + environment: + OAUTH_ACCESS_TOKEN_URL: ${OAUTH_ACCESS_TOKEN_URL} + OAUTH_ENABLED: ${OAUTH_ENABLED} + OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID} + OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET} + OAUTH_CLIENT_SCOPE: ${OAUTH_CLIENT_SCOPE} diff --git a/scripts/start-demo-with-sso.sh b/scripts/start-demo-with-sso.sh index 03eaf30..dfba653 100644 --- a/scripts/start-demo-with-sso.sh +++ b/scripts/start-demo-with-sso.sh @@ -1,5 +1,6 @@ # Enable sso export ENABLE_SSO=true +export OAUTH_ENABLED=true echo "$INFO Setting ENABLE_SSO=true..." echo "→ ENABLE_SSO=$ENABLE_SSO" diff --git a/scripts/start-with-sso.sh b/scripts/start-with-sso.sh index 74f2593..e91cb02 100644 --- a/scripts/start-with-sso.sh +++ b/scripts/start-with-sso.sh @@ -1,5 +1,6 @@ # Enable sso export ENABLE_SSO=true +export OAUTH_ENABLED=true echo "$INFO Setting ENABLE_SSO=true..." echo "→ ENABLE_SSO=$ENABLE_SSO" diff --git a/scripts/utils.sh b/scripts/utils.sh index 65ecead..f3a609b 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -108,15 +108,15 @@ function setDockerComposeCLIOptions () { function exportHostIP() { if [[ "$OSTYPE" == "linux-gnu"* ]]; then # Linux - export HOST_MACHINE_IP=$(hostname -I | awk '{print $1}') + export HOST_IP_ADDRESS=$(hostname -I | awk '{print $1}') elif [[ "$OSTYPE" == "darwin"* ]]; then # Mac OSX - export HOST_MACHINE_IP=$(ipconfig getifaddr en0) + export HOST_IP_ADDRESS=$(ipconfig getifaddr en0) else echo "$ERROR Unsupported OS type: $OSTYPE" return 1 fi - echo "$INFO IP address set to: $HOST_MACHINE_IP" + echo "$INFO IP address set to: $HOST_IP_ADDRESS" } function setTraefikIP { @@ -159,12 +159,12 @@ function setTraefikHostnames { function setNginxHostnames { echo "$INFO Exporting Nginx hostnames..." - export O3_HOSTNAME="${HOST_MACHINE_IP:-localhost}" - export ODOO_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8069" - export SENAITE_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8081" - export ERPNEXT_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8082" - export FHIR_ODOO_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8083" - export KEYCLOAK_HOSTNAME="${HOST_MACHINE_IP:-localhost}:8084" + export O3_HOSTNAME="${HOST_IP_ADDRESS:-localhost}" + export ODOO_HOSTNAME="${HOST_IP_ADDRESS:-localhost}:8069" + export SENAITE_HOSTNAME="${HOST_IP_ADDRESS:-localhost}:8081" + export ERPNEXT_HOSTNAME="${HOST_IP_ADDRESS:-localhost}:8082" + export FHIR_ODOO_HOSTNAME="${HOST_IP_ADDRESS:-localhost}:8083" + export KEYCLOAK_HOSTNAME="${HOST_IP_ADDRESS:-localhost}:8084" echo "→ O3_HOSTNAME=$O3_HOSTNAME" echo "→ ODOO_HOSTNAME=$ODOO_HOSTNAME" @@ -234,12 +234,16 @@ function displayAccessURLsWithCredentials { done envsubst < .urls_1.txt > .urls_2.txt - echo "" - echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" - echo "" - - set +e - column -t -s ',' .urls_2.txt > .urls_3.txt 2> /dev/null - set -e - cat .urls_3.txt + + if [ "$ENABLE_SSO" == "true" ]; then + echo "" + echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" + echo "" + awk -F, 'NR==1 {printf "%-15s %-40s\n", $1, $2} NR>2 && $1 != "Keycloak" {printf "%-15s %-40s\n", $1, $2} END {print "-\nusername: jdoe\npassword: password\n-\nIDP Access URL\nHIS Component\tURL\tUsername\tPassword\nKeycloak", $2, $3, $4}' .urls_2.txt + else + echo "" + echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" + echo "" + awk -F, 'NR==1 {printf "%-15s %-40s %-15s %-15s\n", $1, $2, $3, $4} NR>2' .urls_2.txt + fi } From 3f89b39552ac567be70a73153494d58b88c44f81 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Thu, 14 Nov 2024 16:18:51 +0300 Subject: [PATCH 06/22] OZ-573: More refactoring to util scripts + EIP_CLIENT_SECRET --- .env | 19 ++++++++++--------- docker-compose-keycloak.yml | 1 + docker-compose-openmrs-sso.yml | 1 + scripts/start-demo-with-sso.sh | 2 ++ scripts/start-with-sso.sh | 2 ++ scripts/utils.sh | 2 +- 6 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.env b/.env index 9087bab..3331391 100644 --- a/.env +++ b/.env @@ -176,15 +176,6 @@ ERPNEXT_HOSTNAME=${HOST_NAME}:8082 FHIR_ODOO_HOSTNAME=${HOST_NAME}:8083 KEYCLOAK_HOSTNAME=${HOST_NAME}:8084 -# -# EIP OAuth2 -# -OAUTH_ENABLED=false -OAUTH_CLIENT_ID=eip -OAUTH_CLIENT_SECRET=h9PQzv6zWnVl1yxnhdfZulnW7FPqPlci -OAUTH_CLIENT_SCOPE=openid -OAUTH_ACCESS_TOKEN_URL=http://keycloak:8080/realms/ozone/protocol/openid-connect/token - # # Sample SSO Client Secrets used in the demo script # @@ -201,6 +192,16 @@ ODOO_CLIENT_UUID=70a0e2fd-2bb2-4417-9fc6-22cdca1bb5be ODOO_CLIENT_SECRET=z3epa8rE66tUIZz6 KEYCLOAK_ADMIN_SA_CLIENT_SECRET=5HuMNB6gwHd0fY2L +EIP_CLIENT_SECRET=h9PQzv6zWnVl1yxnhdfZulnW7FPqPlci + +# +# EIP OAuth2 +# +OAUTH_ENABLED=false +OAUTH_CLIENT_ID=eip +OAUTH_CLIENT_SECRET=${EIP_CLIENT_SECRET} +OAUTH_CLIENT_SCOPE=openid +OAUTH_ACCESS_TOKEN_URL=http://keycloak:8080/realms/ozone/protocol/openid-connect/token # # Backup diff --git a/docker-compose-keycloak.yml b/docker-compose-keycloak.yml index 449d3ee..570a5ab 100644 --- a/docker-compose-keycloak.yml +++ b/docker-compose-keycloak.yml @@ -65,6 +65,7 @@ services: environment: - KEYCLOAK_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} - KEYCLOAK_INTERNAL_HOST_URL=${KEYCLOAK_INTERNAL_HOST_URL} + - EIP_CLIENT_SECRET=${EIP_CLIENT_SECRET} volumes: keycloak-realm: ~ diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index 7b4c4cc..95dedc3 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -6,6 +6,7 @@ services: - "${OPENMRS_SSO_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" - "${OPENMRS_SSO_MODULES_PATH:-openmrs-modules}/${oauth2loginArtifactId}-${oauth2loginVersion}.omod:/openmrs/distribution/openmrs_modules/${oauth2loginArtifactId}-${oauth2loginVersion}.omod" - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/globalproperties/oauth2-login-props.xml:/openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml" + - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/liquibase/liquibase.xml:/openmrs/distribution/openmrs_config/liquibase/liquibase.xml" - "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml" frontend: diff --git a/scripts/start-demo-with-sso.sh b/scripts/start-demo-with-sso.sh index dfba653..f86597e 100644 --- a/scripts/start-demo-with-sso.sh +++ b/scripts/start-demo-with-sso.sh @@ -3,5 +3,7 @@ export ENABLE_SSO=true export OAUTH_ENABLED=true echo "$INFO Setting ENABLE_SSO=true..." echo "→ ENABLE_SSO=$ENABLE_SSO" +echo "$INFO Setting OAUTH_ENABLED=true..." +echo "→ OAUTH_ENABLED=$OAUTH_ENABLED" source start-demo.sh diff --git a/scripts/start-with-sso.sh b/scripts/start-with-sso.sh index e91cb02..d386c52 100644 --- a/scripts/start-with-sso.sh +++ b/scripts/start-with-sso.sh @@ -3,5 +3,7 @@ export ENABLE_SSO=true export OAUTH_ENABLED=true echo "$INFO Setting ENABLE_SSO=true..." echo "→ ENABLE_SSO=$ENABLE_SSO" +echo "$INFO Setting OAUTH_ENABLED=true..." +echo "→ OAUTH_ENABLED=$OAUTH_ENABLED" source start.sh diff --git a/scripts/utils.sh b/scripts/utils.sh index f3a609b..590d3dd 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -239,7 +239,7 @@ function displayAccessURLsWithCredentials { echo "" echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" echo "" - awk -F, 'NR==1 {printf "%-15s %-40s\n", $1, $2} NR>2 && $1 != "Keycloak" {printf "%-15s %-40s\n", $1, $2} END {print "-\nusername: jdoe\npassword: password\n-\nIDP Access URL\nHIS Component\tURL\tUsername\tPassword\nKeycloak", $2, $3, $4}' .urls_2.txt + awk -F, 'NR==1 {printf "%-15s %-40s\n", $1, $2} NR>2 && $1 != "Keycloak" {printf "%-15s %-40s\n", $1, $2} END {print "-\nUsername: jdoe\nPassword: password\n-\nIdentity Provider(IDP)\nKeycloak -", $2, " Username:", $3, " Password:", $4}' .urls_2.txt else echo "" echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" From 9f70c223f87159d53e2ea3f5139fe8c01a775a23 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Thu, 14 Nov 2024 18:17:22 +0300 Subject: [PATCH 07/22] OZ-573: Separate OpenMRS SSO configs + binaries to its own dir --- docker-compose-openmrs-sso.yml | 4 ++-- scripts/utils.sh | 12 ++++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index 95dedc3..e01a295 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -5,15 +5,15 @@ services: volumes: - "${OPENMRS_SSO_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" - "${OPENMRS_SSO_MODULES_PATH:-openmrs-modules}/${oauth2loginArtifactId}-${oauth2loginVersion}.omod:/openmrs/distribution/openmrs_modules/${oauth2loginArtifactId}-${oauth2loginVersion}.omod" - - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/globalproperties/oauth2-login-props.xml:/openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml" - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/liquibase/liquibase.xml:/openmrs/distribution/openmrs_config/liquibase/liquibase.xml" + - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/globalproperties/oauth2-login-props.xml:/openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml" - "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml" frontend: environment: - SPA_CONFIG_URLS=${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json volumes: - - "${OPENMRS_SSO_FRONTEND_CONFIG_PATH}/ozone-sso-frontend-config.json:/usr/share/nginx/html/configs/ozone-sso-frontend-config.json" + - "${OPENMRS_SSO_FRONTEND_CONFIG_PATH}/*:/usr/share/nginx/html/configs/" env-substitution: environment: diff --git a/scripts/utils.sh b/scripts/utils.sh index 590d3dd..7047a6a 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -26,9 +26,9 @@ function exportPaths () { export OPENMRS_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs/properties export OPENMRS_TOMCAT_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/tomcat export OPENMRS_MODULES_PATH=$DISTRO_PATH/binaries/openmrs/modules - export OPENMRS_SSO_MODULES_PATH=$DISTRO_PATH/binaries/openmrs_sso/modules - export OPENMRS_SSO_CONFIG_PATH=$DISTRO_PATH/configs/openmrs_sso/initializer_config - export OPENMRS_SSO_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs_sso/properties + export OPENMRS_SSO_MODULES_PATH=$DISTRO_PATH/binaries/openmrs/modules_sso + export OPENMRS_SSO_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/initializer_config_sso + export OPENMRS_SSO_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs/properties_sso export SPA_PATH=/openmrs/spa export SENAITE_CONFIG_PATH=$DISTRO_PATH/configs/senaite/initializer_config export SENAITE_OIDC_CONFIG_PATH=$DISTRO_PATH/configs/senaite/oidc @@ -40,7 +40,7 @@ function exportPaths () { export EIP_ERPNEXT_OPENMRS_ROUTES_PATH=$DISTRO_PATH/binaries/eip-erpnext-openmrs export OPENMRS_FRONTEND_BINARY_PATH=$DISTRO_PATH/binaries/openmrs/frontend export OPENMRS_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/frontend_config/ - export OPENMRS_SSO_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs_sso/frontend_config/ + export OPENMRS_SSO_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/frontend_config_sso/ export SQL_SCRIPTS_PATH=$DISTRO_PATH/data/ export ERPNEXT_CONFIG_PATH=$DISTRO_PATH/configs/erpnext/initializer_config/ export ERPNEXT_SCRIPTS_PATH=$DISTRO_PATH/binaries/erpnext/scripts/ @@ -50,6 +50,9 @@ function exportPaths () { echo "→ OPENMRS_PROPERTIES_PATH=$OPENMRS_PROPERTIES_PATH" echo "→ OPENMRS_MODULES_PATH=$OPENMRS_MODULES_PATH" echo "→ OPENMRS_TOMCAT_CONFIG_PATH=$OPENMRS_TOMCAT_CONFIG_PATH" + echo "→ OPENMRS_SSO_MODULES_PATH=$OPENMRS_SSO_MODULES_PATH" + echo "→ OPENMRS_SSO_CONFIG_PATH=$OPENMRS_SSO_CONFIG_PATH" + echo "→ OPENMRS_SSO_PROPERTIES_PATH=$OPENMRS_SSO_PROPERTIES_PATH" echo "→ SPA_PATH=$SPA_PATH" echo "→ SENAITE_CONFIG_PATH=$SENAITE_CONFIG_PATH" echo "→ SENAITE_OIDC_CONFIG_PATH=$SENAITE_OIDC_CONFIG_PATH" @@ -60,6 +63,7 @@ function exportPaths () { echo "→ EIP_OPENMRS_SENAITE_ROUTES_PATH=$EIP_OPENMRS_SENAITE_ROUTES_PATH" echo "→ EIP_ERPNEXT_OPENMRS_ROUTES_PATH=$EIP_ERPNEXT_OPENMRS_ROUTES_PATH" echo "→ OPENMRS_FRONTEND_CONFIG_PATH=$OPENMRS_FRONTEND_CONFIG_PATH" + echo "→ OPENMRS_SSO_FRONTEND_CONFIG_PATH=$OPENMRS_SSO_FRONTEND_CONFIG_PATH" echo "→ SQL_SCRIPTS_PATH=$SQL_SCRIPTS_PATH" echo "→ ERPNEXT_CONFIG_PATH=$ERPNEXT_CONFIG_PATH" echo "→ ERPNEXT_SCRIPTS_PATH=$ERPNEXT_SCRIPTS_PATH" From acc5ba6006e9edd4418f329c34fe81c7c5677467 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Fri, 15 Nov 2024 14:56:39 +0300 Subject: [PATCH 08/22] OZ-573: Move docker-compose-bundled-* to root level dir + some tweaks --- bundled-docker/openmrs/Dockerfile-sso | 6 +++--- bundled-docker/pom.xml | 5 +++++ ....yml.template => docker-compose-bundled-sso.yml.template | 0 ...dled.yml.template => docker-compose-bundled.yml.template | 0 docker-compose-openmrs-sso.yml | 2 +- pom.xml | 2 ++ scripts/utils.sh | 2 +- 7 files changed, 12 insertions(+), 5 deletions(-) rename bundled-docker/docker-compose-bundled-sso.yml.template => docker-compose-bundled-sso.yml.template (100%) rename bundled-docker/docker-compose-bundled.yml.template => docker-compose-bundled.yml.template (100%) diff --git a/bundled-docker/openmrs/Dockerfile-sso b/bundled-docker/openmrs/Dockerfile-sso index 98635a5..6773871 100644 --- a/bundled-docker/openmrs/Dockerfile-sso +++ b/bundled-docker/openmrs/Dockerfile-sso @@ -2,6 +2,6 @@ FROM openmrs/openmrs-reference-application-3-backend:3.1.1 ADD binaries/openmrs/modules /openmrs/distribution/openmrs_modules ADD configs/openmrs/initializer_config /openmrs/distribution/openmrs_config ADD configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties -ADD configs/openmrs_sso/properties/oauth2.properties /openmrs/data/oauth2.properties -ADD configs/openmrs_sso/initializer_config/globalproperties/oauth2-login-props.xml /openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml -ADD binaries/openmrs_sso/modules/* /openmrs/distribution/openmrs_modules +ADD configs/openmrs/properties_sso/oauth2.properties /openmrs/data/oauth2.properties +ADD configs/openmrs/initializer_config_sso/globalproperties/oauth2-login-props.xml /openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml +ADD binaries/openmrs/modules_sso/* /openmrs/distribution/openmrs_modules diff --git a/bundled-docker/pom.xml b/bundled-docker/pom.xml index 5a0c016..e31d818 100644 --- a/bundled-docker/pom.xml +++ b/bundled-docker/pom.xml @@ -77,6 +77,11 @@ proxy/** senaite/** keycloak/** + + + + ../ + docker-compose-bundled.yml.template docker-compose-bundled-sso.yml.template diff --git a/bundled-docker/docker-compose-bundled-sso.yml.template b/docker-compose-bundled-sso.yml.template similarity index 100% rename from bundled-docker/docker-compose-bundled-sso.yml.template rename to docker-compose-bundled-sso.yml.template diff --git a/bundled-docker/docker-compose-bundled.yml.template b/docker-compose-bundled.yml.template similarity index 100% rename from bundled-docker/docker-compose-bundled.yml.template rename to docker-compose-bundled.yml.template diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index e01a295..c055f97 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -13,7 +13,7 @@ services: environment: - SPA_CONFIG_URLS=${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json volumes: - - "${OPENMRS_SSO_FRONTEND_CONFIG_PATH}/*:/usr/share/nginx/html/configs/" + - "${OPENMRS_SSO_FRONTEND_CONFIG_PATH}ozone-sso-frontend-config.json:/usr/share/nginx/html/configs/ozone-sso-frontend-config.json" env-substitution: environment: diff --git a/pom.xml b/pom.xml index b40f3e0..a922051 100644 --- a/pom.xml +++ b/pom.xml @@ -86,6 +86,8 @@ scripts/distro/ + docker-compose-bundled.yml.template + docker-compose-bundled-sso.yml.template diff --git a/scripts/utils.sh b/scripts/utils.sh index 7047a6a..cfdeeae 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -248,6 +248,6 @@ function displayAccessURLsWithCredentials { echo "" echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" echo "" - awk -F, 'NR==1 {printf "%-15s %-40s %-15s %-15s\n", $1, $2, $3, $4} NR>2' .urls_2.txt + awk -F, 'NR==1 {printf "%-15s %-40s %-15s %-15s\n", $1, $2, $3, $4} NR>2 && $1 != "Keycloak" {printf "%-15s %-40s %-15s %-15s\n", $1, $2, $3, $4}' .urls_2.txt fi } From 7c3757d61b551c16f816d3a257c5c45cd39fc83b Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Fri, 15 Nov 2024 16:01:14 +0300 Subject: [PATCH 09/22] OZ-573: Fix ozone-frontend-config sso path --- bundled-docker/frontend/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bundled-docker/frontend/Dockerfile b/bundled-docker/frontend/Dockerfile index a66a9b3..da651e4 100644 --- a/bundled-docker/frontend/Dockerfile +++ b/bundled-docker/frontend/Dockerfile @@ -6,7 +6,7 @@ ADD distro/binaries/openmrs/frontend /usr/share/nginx/html ADD distro/configs/openmrs/frontend_config /usr/share/nginx/html/configs # Copy SSO configuration file to a temporary location -COPY distro/configs/openmrs_sso/frontend_config/ozone-sso-frontend-config.json /tmp/ozone-sso-frontend-config.json +COPY distro/configs/openmrs/frontend_config_sso/ozone-sso-frontend-config.json /tmp/ozone-sso-frontend-config.json # Add SSO configurations if SSO is enabled RUN if [ "$ENABLE_SSO" = "true" ]; then \ From 9c3f3b313c641ac89c105d5d38128f71a940256f Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Tue, 19 Nov 2024 23:32:40 +0300 Subject: [PATCH 10/22] OZ-573: SSO support for EIP ERPNext routes --- docker-compose-erpnext-sso.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 docker-compose-erpnext-sso.yml diff --git a/docker-compose-erpnext-sso.yml b/docker-compose-erpnext-sso.yml new file mode 100644 index 0000000..c029f00 --- /dev/null +++ b/docker-compose-erpnext-sso.yml @@ -0,0 +1,12 @@ +x-oauth-variables: &oauth-variables + OAUTH_ACCESS_TOKEN_URL: ${OAUTH_ACCESS_TOKEN_URL} + OAUTH_ENABLED: ${OAUTH_ENABLED} + OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID} + OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET} + OAUTH_CLIENT_SCOPE: ${OAUTH_CLIENT_SCOPE} + +services: + + eip-erpnext-openmrs: + environment: + <<: *oauth-variables From 10dc86b06fb5adbc9547bb5bd0c04b66f2c8e0f1 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Tue, 19 Nov 2024 23:36:22 +0300 Subject: [PATCH 11/22] OZ-573: Use only docker-compose-files.txt --- .env | 4 +++ bundled-docker/frontend/Dockerfile | 6 ++--- docker-compose-openmrs-sso.yml | 12 ++++----- scripts/docker-compose-files.txt | 4 +++ scripts/docker-compose-sso-files.txt | 4 --- scripts/utils.sh | 40 ++++++++++------------------ 6 files changed, 31 insertions(+), 39 deletions(-) delete mode 100644 scripts/docker-compose-sso-files.txt diff --git a/.env b/.env index 3331391..c7dcb75 100644 --- a/.env +++ b/.env @@ -133,9 +133,12 @@ NUMBER_OF_DEMO_PATIENTS= # Volumes are mapped to the Ozone distro output folders # OPENMRS_PROPERTIES_PATH= +OPENMRS_PROPERTIES_SSO_PATH= OPENMRS_CORE_PATH= OPENMRS_MODULES_PATH= +OPENMRS_MODULES_SSO_PATH= OPENMRS_CONFIG_PATH= +OPENMRS_CONFIG_SSO_PATH= OPENMRS_TOMCAT_CONFIG_PATH= OPENMRS_PERSON_IMAGES_PATH= OPENMRS_COMPLEX_OBS_PATH= @@ -148,6 +151,7 @@ SENAITE_CONFIG_PATH= KEYCLOAK_CONFIG_PATH= OPENMRS_FRONTEND_BINARY_PATH= OPENMRS_FRONTEND_CONFIG_PATH= +OPENMRS_FRONTEND_CONFIG_SSO_PATH= EIP_OPENMRS_SENAITE_CONFIG_PATH= EIP_OPENMRS_SENAITE_ROUTES_PATH= EIP_ODOO_OPENMRS_PROPERTIES_PATH= diff --git a/bundled-docker/frontend/Dockerfile b/bundled-docker/frontend/Dockerfile index da651e4..d84625c 100644 --- a/bundled-docker/frontend/Dockerfile +++ b/bundled-docker/frontend/Dockerfile @@ -6,15 +6,15 @@ ADD distro/binaries/openmrs/frontend /usr/share/nginx/html ADD distro/configs/openmrs/frontend_config /usr/share/nginx/html/configs # Copy SSO configuration file to a temporary location -COPY distro/configs/openmrs/frontend_config_sso/ozone-sso-frontend-config.json /tmp/ozone-sso-frontend-config.json +COPY distro/configs/openmrs/frontend_config_sso/ozone-frontend-config-sso.json /tmp/ozone-frontend-config-sso.json # Add SSO configurations if SSO is enabled RUN if [ "$ENABLE_SSO" = "true" ]; then \ - cp /tmp/ozone-sso-frontend-config.json /usr/share/nginx/html/configs/ozone-sso-frontend-config.json; \ + cp /tmp/ozone-frontend-config-sso.json /usr/share/nginx/html/configs/ozone-frontend-config-sso.json; \ fi # Remove the temporary SSO configuration file -RUN rm /tmp/ozone-sso-frontend-config.json +RUN rm /tmp/ozone-frontend-config-sso.json RUN mkdir -p /app WORKDIR /app diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index c055f97..5bcb5a6 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -3,17 +3,17 @@ services: environment: KEYCLOAK_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} volumes: - - "${OPENMRS_SSO_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" - - "${OPENMRS_SSO_MODULES_PATH:-openmrs-modules}/${oauth2loginArtifactId}-${oauth2loginVersion}.omod:/openmrs/distribution/openmrs_modules/${oauth2loginArtifactId}-${oauth2loginVersion}.omod" - - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/liquibase/liquibase.xml:/openmrs/distribution/openmrs_config/liquibase/liquibase.xml" - - "${OPENMRS_SSO_CONFIG_PATH:-openmrs-config}/globalproperties/oauth2-login-props.xml:/openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml" + - "${OPENMRS_PROPERTIES_SSO_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" + - "${OPENMRS_MODULES_SSO_PATH:-openmrs-modules}/${oauth2loginArtifactId}-${oauth2loginVersion}.omod:/openmrs/distribution/openmrs_modules/${oauth2loginArtifactId}-${oauth2loginVersion}.omod" + - "${OPENMRS_CONFIG_SSO_PATH:-openmrs-config}/liquibase/liquibase.xml:/openmrs/distribution/openmrs_config/liquibase/liquibase.xml" + - "${OPENMRS_CONFIG_SSO_PATH:-openmrs-config}/globalproperties/oauth2-login-props.xml:/openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml" - "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml" frontend: environment: - - SPA_CONFIG_URLS=${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json + SPA_CONFIG_URLS: ${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-frontend-config-sso.json volumes: - - "${OPENMRS_SSO_FRONTEND_CONFIG_PATH}ozone-sso-frontend-config.json:/usr/share/nginx/html/configs/ozone-sso-frontend-config.json" + - "${OPENMRS_FRONTEND_CONFIG_SSO_PATH}ozone-frontend-config-sso.json:/usr/share/nginx/html/configs/ozone-frontend-config-sso.json" env-substitution: environment: diff --git a/scripts/docker-compose-files.txt b/scripts/docker-compose-files.txt index e05762e..723d993 100755 --- a/scripts/docker-compose-files.txt +++ b/scripts/docker-compose-files.txt @@ -1,5 +1,9 @@ docker-compose-common.yml +docker-compose-keycloak.yml docker-compose-odoo.yml +docker-compose-odoo-sso.yml docker-compose-openmrs.yml +docker-compose-openmrs-sso.yml docker-compose-senaite.yml +docker-compose-senaite-sso.yml docker-compose-backup.yml diff --git a/scripts/docker-compose-sso-files.txt b/scripts/docker-compose-sso-files.txt deleted file mode 100644 index 65cee14..0000000 --- a/scripts/docker-compose-sso-files.txt +++ /dev/null @@ -1,4 +0,0 @@ -docker-compose-keycloak.yml -docker-compose-openmrs-sso.yml -docker-compose-senaite-sso.yml -docker-compose-odoo-sso.yml diff --git a/scripts/utils.sh b/scripts/utils.sh index cfdeeae..97d7f1d 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -26,9 +26,9 @@ function exportPaths () { export OPENMRS_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs/properties export OPENMRS_TOMCAT_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/tomcat export OPENMRS_MODULES_PATH=$DISTRO_PATH/binaries/openmrs/modules - export OPENMRS_SSO_MODULES_PATH=$DISTRO_PATH/binaries/openmrs/modules_sso - export OPENMRS_SSO_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/initializer_config_sso - export OPENMRS_SSO_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs/properties_sso + export OPENMRS_MODULES_SSO_PATH=$DISTRO_PATH/binaries/openmrs/modules_sso + export OPENMRS_CONFIG_SSO_PATH=$DISTRO_PATH/configs/openmrs/initializer_config_sso + export OPENMRS_PROPERTIES_SSO_PATH=$DISTRO_PATH/configs/openmrs/properties_sso export SPA_PATH=/openmrs/spa export SENAITE_CONFIG_PATH=$DISTRO_PATH/configs/senaite/initializer_config export SENAITE_OIDC_CONFIG_PATH=$DISTRO_PATH/configs/senaite/oidc @@ -40,7 +40,7 @@ function exportPaths () { export EIP_ERPNEXT_OPENMRS_ROUTES_PATH=$DISTRO_PATH/binaries/eip-erpnext-openmrs export OPENMRS_FRONTEND_BINARY_PATH=$DISTRO_PATH/binaries/openmrs/frontend export OPENMRS_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/frontend_config/ - export OPENMRS_SSO_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/frontend_config_sso/ + export OPENMRS_FRONTEND_CONFIG_SSO_PATH=$DISTRO_PATH/configs/openmrs/frontend_config_sso/ export SQL_SCRIPTS_PATH=$DISTRO_PATH/data/ export ERPNEXT_CONFIG_PATH=$DISTRO_PATH/configs/erpnext/initializer_config/ export ERPNEXT_SCRIPTS_PATH=$DISTRO_PATH/binaries/erpnext/scripts/ @@ -50,9 +50,9 @@ function exportPaths () { echo "→ OPENMRS_PROPERTIES_PATH=$OPENMRS_PROPERTIES_PATH" echo "→ OPENMRS_MODULES_PATH=$OPENMRS_MODULES_PATH" echo "→ OPENMRS_TOMCAT_CONFIG_PATH=$OPENMRS_TOMCAT_CONFIG_PATH" - echo "→ OPENMRS_SSO_MODULES_PATH=$OPENMRS_SSO_MODULES_PATH" - echo "→ OPENMRS_SSO_CONFIG_PATH=$OPENMRS_SSO_CONFIG_PATH" - echo "→ OPENMRS_SSO_PROPERTIES_PATH=$OPENMRS_SSO_PROPERTIES_PATH" + echo "→ OPENMRS_MODULES_SSO_PATH=$OPENMRS_MODULES_SSO_PATH" + echo "→ OPENMRS_CONFIG_SSO_PATH=$OPENMRS_CONFIG_SSO_PATH" + echo "→ OPENMRS_PROPERTIES_SSO_PATH=$OPENMRS_PROPERTIES_SSO_PATH" echo "→ SPA_PATH=$SPA_PATH" echo "→ SENAITE_CONFIG_PATH=$SENAITE_CONFIG_PATH" echo "→ SENAITE_OIDC_CONFIG_PATH=$SENAITE_OIDC_CONFIG_PATH" @@ -63,7 +63,7 @@ function exportPaths () { echo "→ EIP_OPENMRS_SENAITE_ROUTES_PATH=$EIP_OPENMRS_SENAITE_ROUTES_PATH" echo "→ EIP_ERPNEXT_OPENMRS_ROUTES_PATH=$EIP_ERPNEXT_OPENMRS_ROUTES_PATH" echo "→ OPENMRS_FRONTEND_CONFIG_PATH=$OPENMRS_FRONTEND_CONFIG_PATH" - echo "→ OPENMRS_SSO_FRONTEND_CONFIG_PATH=$OPENMRS_SSO_FRONTEND_CONFIG_PATH" + echo "→ OPENMRS_FRONTEND_CONFIG_SSO_PATH=$OPENMRS_FRONTEND_CONFIG_SSO_PATH" echo "→ SQL_SCRIPTS_PATH=$SQL_SCRIPTS_PATH" echo "→ ERPNEXT_CONFIG_PATH=$ERPNEXT_CONFIG_PATH" echo "→ ERPNEXT_SCRIPTS_PATH=$ERPNEXT_SCRIPTS_PATH" @@ -76,16 +76,14 @@ function setDockerComposeCLIOptions () { dockerComposeFiles=$(cat docker-compose-files.txt) for file in ${dockerComposeFiles} do + if [ "$ENABLE_SSO" != "true" ]; then + if [[ "$file" == *"-sso.yml" || "$file" == "docker-compose-keycloak.yml" ]]; then + continue + fi + fi export dockerComposeFilesCLIOptions="$dockerComposeFilesCLIOptions -f ../$file" done - if [ "$ENABLE_SSO" == "true" ]; then - ssoFiles=$(cat docker-compose-sso-files.txt) - for ssoFile in ${ssoFiles}; do - export dockerComposeFilesCLIOptions="$dockerComposeFilesCLIOptions -f ../$ssoFile" - done - fi - # Add restore file if restore env is set if [ "$RESTORE" == "true" ]; then export dockerComposeFilesCLIOptions="$dockerComposeFilesCLIOptions -f ../docker-compose-restore.yml" @@ -93,7 +91,7 @@ function setDockerComposeCLIOptions () { # Set the default env file export dockerComposeEnvFilePath="../.env" - + # Override the default with the concatenated.env file if it is provided concatenatedEnvFilePath="../concatenated.env" if [ -f "$concatenatedEnvFilePath" ]; then @@ -213,16 +211,6 @@ function displayAccessURLsWithCredentials { fi done < docker-compose-files.txt - while read -r line; do - if [[ $line != *-sso.yml ]]; then - serviceWithoutExtension=${line%.yml} - service=${serviceWithoutExtension#docker-compose-} - - services+=("$service") - is_defined+=(1) - fi - done < docker-compose-sso-files.txt - echo "HIS Component,URL,Username,Password" > .urls_1.txt echo "-,-,-,-" >> .urls_1.txt tail -n +2 ozone-urls-template.csv | while IFS=',' read -r component url username password service ; do From 3752209ce60a68e7560bd8a4644423f28c6e5f4a Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Wed, 20 Nov 2024 11:48:12 +0300 Subject: [PATCH 12/22] OZ-573: eip-demo to use OAuth2 authentication when SSO is enabled --- demo/docker-compose-sso.yml | 8 +++++++ demo/eip/config/application.properties | 16 ++++++++++++++ demo/eip/routes/generate-demo-data-route.xml | 10 ++++++++- .../oauth2-authenticate-to-openmrs-route.xml | 21 +++++++++++++++++++ docker-compose-openmrs.yml | 2 +- scripts/utils.sh | 6 +++++- 6 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 demo/docker-compose-sso.yml create mode 100644 demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml diff --git a/demo/docker-compose-sso.yml b/demo/docker-compose-sso.yml new file mode 100644 index 0000000..24f2ea8 --- /dev/null +++ b/demo/docker-compose-sso.yml @@ -0,0 +1,8 @@ +services: + eip-demo: + environment: + OAUTH_ENABLED: ${OAUTH_ENABLED} + OAUTH_ACCESS_TOKEN_URL: ${OAUTH_ACCESS_TOKEN_URL} + OAUTH_CLIENT_ID: ${OAUTH_CLIENT_ID} + OAUTH_CLIENT_SECRET: ${OAUTH_CLIENT_SECRET} + OAUTH_CLIENT_SCOPE: ${OAUTH_CLIENT_SCOPE} diff --git a/demo/eip/config/application.properties b/demo/eip/config/application.properties index 89ba16a..3dc53a4 100644 --- a/demo/eip/config/application.properties +++ b/demo/eip/config/application.properties @@ -10,3 +10,19 @@ openmrs.baseUrl=${OPENMRS_URL} # Number of demo patients used to generate demo data, defaults to 0 number.of.demo.patients=${NUMBER_OF_DEMO_PATIENTS} # ---------------------------------------------------------------------------------------------------------------------- + +# *********************** OAuth2 Configuration ************************************************************************* +# Enable OAuth2 authentication, defaults to false. +oauth.enabled=${OAUTH_ENABLED:false} +# The client ID of the account, defaults to empty. +oauth.access.token.url=${OAUTH_ACCESS_TOKEN_URL:} + +# The client ID of the account to use to authenticate, defaults to empty. +oauth.client.id=${OAUTH_CLIENT_ID:} + +# The client secret of the account to use to authenticate, defaults to empty. +oauth.client.secret=${OAUTH_CLIENT_SECRET:} + +# Authentication scope, can be multiple values separated by commas, defaults to empty. +oauth.client.scope=${OAUTH_CLIENT_SCOPE:} +# ---------------------------------------------------------------------------------------------------------------------- diff --git a/demo/eip/routes/generate-demo-data-route.xml b/demo/eip/routes/generate-demo-data-route.xml index 756c577..0b2a11e 100644 --- a/demo/eip/routes/generate-demo-data-route.xml +++ b/demo/eip/routes/generate-demo-data-route.xml @@ -5,7 +5,15 @@ - + + + {{oauth.enabled}} + + + + + + ${properties:number.of.demo.patients:50} diff --git a/demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml b/demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml new file mode 100644 index 0000000..a85bd65 --- /dev/null +++ b/demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml @@ -0,0 +1,21 @@ + + + + + + {{oauth.access.token.url}} + + + {{oauth.client.id}} + + + {{oauth.client.secret}} + + + {{oauth.client.scope}} + + + + diff --git a/docker-compose-openmrs.yml b/docker-compose-openmrs.yml index 541fcf4..19fe17b 100644 --- a/docker-compose-openmrs.yml +++ b/docker-compose-openmrs.yml @@ -37,7 +37,7 @@ services: networks: - ozone - web - restart: on-failure + restart: unless-stopped volumes: - "openmrs-data:/openmrs/data" - "${OPENMRS_OWAS_PATH:-openmrs-owas}:/openmrs/distribution/openmrs_owas/" diff --git a/scripts/utils.sh b/scripts/utils.sh index 97d7f1d..f46b354 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -104,7 +104,11 @@ function setDockerComposeCLIOptions () { export dockerComposeProxyCLIOptions="--env-file $dockerComposeEnvFilePath -f ../proxy/docker-compose.yml" # Set args for the demo service - export dockerComposeDemoCLIOptions="--env-file $dockerComposeEnvFilePath -f ../demo/docker-compose.yml" + if [ "$ENABLE_SSO" == "true" ]; then + export dockerComposeDemoCLIOptions="--env-file $dockerComposeEnvFilePath -f ../demo/docker-compose.yml -f ../demo/docker-compose-sso.yml" + else + export dockerComposeDemoCLIOptions="--env-file $dockerComposeEnvFilePath -f ../demo/docker-compose.yml" + fi } function exportHostIP() { From 71e597e92a99496fd004aa43ba9bb0ec0dda0af6 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Wed, 20 Nov 2024 11:55:28 +0300 Subject: [PATCH 13/22] OZ-573: Fix oauth2-authenticate-to-openmrs route id --- demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml b/demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml index a85bd65..e80ae84 100644 --- a/demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml +++ b/demo/eip/routes/oauth2-authenticate-to-openmrs-route.xml @@ -1,8 +1,8 @@ - - + + {{oauth.access.token.url}} From 76f24a7caf29b10bbb028d4adf8244a16dff2147 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Thu, 21 Nov 2024 12:46:36 +0300 Subject: [PATCH 14/22] OZ-573: Remove SSO env vars + always mount oauth2login module --- .env | 4 ---- docker-compose-openmrs-sso.yml | 7 ++----- scripts/utils.sh | 8 -------- 3 files changed, 2 insertions(+), 17 deletions(-) diff --git a/.env b/.env index c7dcb75..3331391 100644 --- a/.env +++ b/.env @@ -133,12 +133,9 @@ NUMBER_OF_DEMO_PATIENTS= # Volumes are mapped to the Ozone distro output folders # OPENMRS_PROPERTIES_PATH= -OPENMRS_PROPERTIES_SSO_PATH= OPENMRS_CORE_PATH= OPENMRS_MODULES_PATH= -OPENMRS_MODULES_SSO_PATH= OPENMRS_CONFIG_PATH= -OPENMRS_CONFIG_SSO_PATH= OPENMRS_TOMCAT_CONFIG_PATH= OPENMRS_PERSON_IMAGES_PATH= OPENMRS_COMPLEX_OBS_PATH= @@ -151,7 +148,6 @@ SENAITE_CONFIG_PATH= KEYCLOAK_CONFIG_PATH= OPENMRS_FRONTEND_BINARY_PATH= OPENMRS_FRONTEND_CONFIG_PATH= -OPENMRS_FRONTEND_CONFIG_SSO_PATH= EIP_OPENMRS_SENAITE_CONFIG_PATH= EIP_OPENMRS_SENAITE_ROUTES_PATH= EIP_ODOO_OPENMRS_PROPERTIES_PATH= diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index 5bcb5a6..4f5177f 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -3,17 +3,14 @@ services: environment: KEYCLOAK_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} volumes: - - "${OPENMRS_PROPERTIES_SSO_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" - - "${OPENMRS_MODULES_SSO_PATH:-openmrs-modules}/${oauth2loginArtifactId}-${oauth2loginVersion}.omod:/openmrs/distribution/openmrs_modules/${oauth2loginArtifactId}-${oauth2loginVersion}.omod" - - "${OPENMRS_CONFIG_SSO_PATH:-openmrs-config}/liquibase/liquibase.xml:/openmrs/distribution/openmrs_config/liquibase/liquibase.xml" - - "${OPENMRS_CONFIG_SSO_PATH:-openmrs-config}/globalproperties/oauth2-login-props.xml:/openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml" + - "${OPENMRS_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" - "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml" frontend: environment: SPA_CONFIG_URLS: ${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-frontend-config-sso.json volumes: - - "${OPENMRS_FRONTEND_CONFIG_SSO_PATH}ozone-frontend-config-sso.json:/usr/share/nginx/html/configs/ozone-frontend-config-sso.json" + - "${OPENMRS_FRONTEND_CONFIG_PATH}ozone-frontend-config-sso.json:/usr/share/nginx/html/configs/ozone-frontend-config-sso.json" env-substitution: environment: diff --git a/scripts/utils.sh b/scripts/utils.sh index f46b354..377e30e 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -26,9 +26,6 @@ function exportPaths () { export OPENMRS_PROPERTIES_PATH=$DISTRO_PATH/configs/openmrs/properties export OPENMRS_TOMCAT_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/tomcat export OPENMRS_MODULES_PATH=$DISTRO_PATH/binaries/openmrs/modules - export OPENMRS_MODULES_SSO_PATH=$DISTRO_PATH/binaries/openmrs/modules_sso - export OPENMRS_CONFIG_SSO_PATH=$DISTRO_PATH/configs/openmrs/initializer_config_sso - export OPENMRS_PROPERTIES_SSO_PATH=$DISTRO_PATH/configs/openmrs/properties_sso export SPA_PATH=/openmrs/spa export SENAITE_CONFIG_PATH=$DISTRO_PATH/configs/senaite/initializer_config export SENAITE_OIDC_CONFIG_PATH=$DISTRO_PATH/configs/senaite/oidc @@ -40,7 +37,6 @@ function exportPaths () { export EIP_ERPNEXT_OPENMRS_ROUTES_PATH=$DISTRO_PATH/binaries/eip-erpnext-openmrs export OPENMRS_FRONTEND_BINARY_PATH=$DISTRO_PATH/binaries/openmrs/frontend export OPENMRS_FRONTEND_CONFIG_PATH=$DISTRO_PATH/configs/openmrs/frontend_config/ - export OPENMRS_FRONTEND_CONFIG_SSO_PATH=$DISTRO_PATH/configs/openmrs/frontend_config_sso/ export SQL_SCRIPTS_PATH=$DISTRO_PATH/data/ export ERPNEXT_CONFIG_PATH=$DISTRO_PATH/configs/erpnext/initializer_config/ export ERPNEXT_SCRIPTS_PATH=$DISTRO_PATH/binaries/erpnext/scripts/ @@ -50,9 +46,6 @@ function exportPaths () { echo "→ OPENMRS_PROPERTIES_PATH=$OPENMRS_PROPERTIES_PATH" echo "→ OPENMRS_MODULES_PATH=$OPENMRS_MODULES_PATH" echo "→ OPENMRS_TOMCAT_CONFIG_PATH=$OPENMRS_TOMCAT_CONFIG_PATH" - echo "→ OPENMRS_MODULES_SSO_PATH=$OPENMRS_MODULES_SSO_PATH" - echo "→ OPENMRS_CONFIG_SSO_PATH=$OPENMRS_CONFIG_SSO_PATH" - echo "→ OPENMRS_PROPERTIES_SSO_PATH=$OPENMRS_PROPERTIES_SSO_PATH" echo "→ SPA_PATH=$SPA_PATH" echo "→ SENAITE_CONFIG_PATH=$SENAITE_CONFIG_PATH" echo "→ SENAITE_OIDC_CONFIG_PATH=$SENAITE_OIDC_CONFIG_PATH" @@ -63,7 +56,6 @@ function exportPaths () { echo "→ EIP_OPENMRS_SENAITE_ROUTES_PATH=$EIP_OPENMRS_SENAITE_ROUTES_PATH" echo "→ EIP_ERPNEXT_OPENMRS_ROUTES_PATH=$EIP_ERPNEXT_OPENMRS_ROUTES_PATH" echo "→ OPENMRS_FRONTEND_CONFIG_PATH=$OPENMRS_FRONTEND_CONFIG_PATH" - echo "→ OPENMRS_FRONTEND_CONFIG_SSO_PATH=$OPENMRS_FRONTEND_CONFIG_SSO_PATH" echo "→ SQL_SCRIPTS_PATH=$SQL_SCRIPTS_PATH" echo "→ ERPNEXT_CONFIG_PATH=$ERPNEXT_CONFIG_PATH" echo "→ ERPNEXT_SCRIPTS_PATH=$ERPNEXT_SCRIPTS_PATH" From 62949b18b0e31528aedcaba37799bac0922364ae Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Thu, 21 Nov 2024 14:22:19 +0300 Subject: [PATCH 15/22] OZ-573: No extra Docker images for SSO feature --- bundled-docker/frontend/Dockerfile | 13 - bundled-docker/openmrs/Dockerfile | 2 + bundled-docker/openmrs/Dockerfile-sso | 7 - bundled-docker/postgresql/Dockerfile | 19 +- bundled-docker/senaite/Dockerfile | 3 +- bundled-docker/senaite/Dockerfile-sso | 3 - docker-compose-bundled-sso.yml.template | 364 ++---------------------- docker-compose-bundled.yml.template | 9 +- 8 files changed, 36 insertions(+), 384 deletions(-) delete mode 100644 bundled-docker/openmrs/Dockerfile-sso delete mode 100644 bundled-docker/senaite/Dockerfile-sso diff --git a/bundled-docker/frontend/Dockerfile b/bundled-docker/frontend/Dockerfile index d84625c..d917848 100644 --- a/bundled-docker/frontend/Dockerfile +++ b/bundled-docker/frontend/Dockerfile @@ -1,21 +1,8 @@ FROM openmrs/openmrs-reference-application-3-frontend:nightly -ARG ENABLE_SSO=false - ADD distro/binaries/openmrs/frontend /usr/share/nginx/html ADD distro/configs/openmrs/frontend_config /usr/share/nginx/html/configs -# Copy SSO configuration file to a temporary location -COPY distro/configs/openmrs/frontend_config_sso/ozone-frontend-config-sso.json /tmp/ozone-frontend-config-sso.json - -# Add SSO configurations if SSO is enabled -RUN if [ "$ENABLE_SSO" = "true" ]; then \ - cp /tmp/ozone-frontend-config-sso.json /usr/share/nginx/html/configs/ozone-frontend-config-sso.json; \ -fi - -# Remove the temporary SSO configuration file -RUN rm /tmp/ozone-frontend-config-sso.json - RUN mkdir -p /app WORKDIR /app COPY bundled-docker/frontend/startup.sh /app diff --git a/bundled-docker/openmrs/Dockerfile b/bundled-docker/openmrs/Dockerfile index eb8680d..4045d19 100644 --- a/bundled-docker/openmrs/Dockerfile +++ b/bundled-docker/openmrs/Dockerfile @@ -1,3 +1,5 @@ FROM openmrs/openmrs-reference-application-3-backend:nightly ADD binaries/openmrs/modules /openmrs/distribution/openmrs_modules ADD configs/openmrs/initializer_config /openmrs/distribution/openmrs_config +ADD configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties +ADD configs/openmrs/properties/oauth2.properties /openmrs/data/oauth2.properties diff --git a/bundled-docker/openmrs/Dockerfile-sso b/bundled-docker/openmrs/Dockerfile-sso deleted file mode 100644 index 6773871..0000000 --- a/bundled-docker/openmrs/Dockerfile-sso +++ /dev/null @@ -1,7 +0,0 @@ -FROM openmrs/openmrs-reference-application-3-backend:3.1.1 -ADD binaries/openmrs/modules /openmrs/distribution/openmrs_modules -ADD configs/openmrs/initializer_config /openmrs/distribution/openmrs_config -ADD configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties -ADD configs/openmrs/properties_sso/oauth2.properties /openmrs/data/oauth2.properties -ADD configs/openmrs/initializer_config_sso/globalproperties/oauth2-login-props.xml /openmrs/distribution/openmrs_config/globalproperties/oauth2-login-props.xml -ADD binaries/openmrs/modules_sso/* /openmrs/distribution/openmrs_modules diff --git a/bundled-docker/postgresql/Dockerfile b/bundled-docker/postgresql/Dockerfile index a202867..e401f99 100644 --- a/bundled-docker/postgresql/Dockerfile +++ b/bundled-docker/postgresql/Dockerfile @@ -1,21 +1,6 @@ FROM postgres:13 -# Argument to enable/disable SSO -ARG ENABLE_SSO=false - ADD data/postgresql/create_db.sh /docker-entrypoint-initdb.d/create_db.sh ADD data/postgresql/odoo /docker-entrypoint-initdb.d/db/odoo - -# Copy SSO configurations & binaries to a temporary location -COPY data/postgresql/senaite /tmp/senaite -COPY data/postgresql/keycloak /tmp/keycloak - -# Add SSO configurations & binaries if SSO is enabled -RUN if [ "$ENABLE_SSO" = "true" ]; then \ - cp -r /tmp/senaite /docker-entrypoint-initdb.d/db/senaite && \ - cp -r /tmp/keycloak /docker-entrypoint-initdb.d/db/keycloak; \ -fi - -# Remove the temporary SSO configurations & binaries \ -RUN rm -rf /tmp/senaite && \ - rm -rf /tmp/keycloak \ +ADD data/postgresql/senaite /docker-entrypoint-initdb.d/db/senaite +ADD data/postgresql/keycloak /docker-entrypoint-initdb.d/db/keycloak diff --git a/bundled-docker/senaite/Dockerfile b/bundled-docker/senaite/Dockerfile index df17d91..5496135 100644 --- a/bundled-docker/senaite/Dockerfile +++ b/bundled-docker/senaite/Dockerfile @@ -1,2 +1,3 @@ -FROM mekomsolutions/senaite +FROM mekomsolutions/senaite-ozonepro ADD configs/senaite/initializer_config /data/importdata/senaite +ADD configs/senaite/oidc /data/oidc diff --git a/bundled-docker/senaite/Dockerfile-sso b/bundled-docker/senaite/Dockerfile-sso deleted file mode 100644 index 5496135..0000000 --- a/bundled-docker/senaite/Dockerfile-sso +++ /dev/null @@ -1,3 +0,0 @@ -FROM mekomsolutions/senaite-ozonepro -ADD configs/senaite/initializer_config /data/importdata/senaite -ADD configs/senaite/oidc /data/oidc diff --git a/docker-compose-bundled-sso.yml.template b/docker-compose-bundled-sso.yml.template index f3a72ff..c106b97 100644 --- a/docker-compose-bundled-sso.yml.template +++ b/docker-compose-bundled-sso.yml.template @@ -1,71 +1,4 @@ -networks: - ozone: - web: - external: true - services: - mysql: - command: - - --character-set-server=utf8mb4 - - --collation-server=utf8mb4_unicode_ci - - --skip-character-set-client-handshake - - --skip-innodb-read-only-compressed - - --log-bin=mysqld-bin - - --binlog-format=ROW - - --server-id=2 - - --sync-binlog=1 - - --binlog-annotate-row-events=0 - environment: - MYSQL_ROOT_PASSWORD: "\${MYSQL_ROOT_PASSWORD}" - EIP_DB_NAME_ODOO: \${EIP_DB_NAME_ODOO} - EIP_DB_USER_ODOO: \${EIP_DB_USER_ODOO} - EIP_DB_PASSWORD_ODOO: \${EIP_DB_PASSWORD_ODOO} - OPENMRS_DB_NAME: \${OPENMRS_DB_NAME} - OPENMRS_DB_USER: \${OPENMRS_DB_USER} - OPENMRS_DB_PASSWORD: \${OPENMRS_DB_PASSWORD} - EIP_DB_NAME_SENAITE: \${EIP_DB_NAME_SENAITE} - EIP_DB_USER_SENAITE: \${EIP_DB_USER_SENAITE} - EIP_DB_PASSWORD_SENAITE: \${EIP_DB_PASSWORD_SENAITE} - healthcheck: - test: "exit 0" - image: ${dockerUserName}/${sanitizedArtifactId}-mysql:${dockertag} - networks: - - ozone - ports: - - "3306:3306" - restart: unless-stopped - volumes: - - "\${MYSQL_DATADIR:-mysql-data}:/var/lib/mysql" - - postgresql: - command: "postgres -c wal_level=logical -c max_wal_senders=10 -c max_replication_slots=10" - image: ${dockerUserName}/${sanitizedArtifactId}-postgresql-sso:${dockertag} - environment: - POSTGRES_DB: postgres - POSTGRES_USER: \${POSTGRES_USER} - POSTGRES_PASSWORD: \${POSTGRES_PASSWORD} - ODOO_DB_NAME: \${ODOO_DATABASE} - ODOO_DB_USER: \${ODOO_DB_USER} - ODOO_DB_PASSWORD: \${ODOO_DB_PASSWORD} - KEYCLOAK_DB: \${KEYCLOAK_DB} - KEYCLOAK_DB_SCHEMA: \${KEYCLOAK_DB_SCHEMA} - KEYCLOAK_DB_USER: \${KEYCLOAK_DB_USER} - KEYCLOAK_DB_PASSWORD: \${KEYCLOAK_DB_PASSWORD} - SENAITE_DB_NAME: \${SENAITE_DB_NAME} - SENAITE_DB_USER: \${SENAITE_DB_USER} - SENAITE_DB_PASSWORD: \${SENAITE_DB_PASSWORD} - healthcheck: - test: ["CMD-SHELL", "pg_isready -U postgres"] - interval: 5s - timeout: 5s - retries: 5 - networks: - - ozone - ports: - - "5432:5432" - restart: unless-stopped - volumes: - - "\${POSTGRES_DATADIR:-postgresql-data}:/var/lib/postgresql/data" keycloak: image: ${dockerUserName}/${sanitizedArtifactId}-keycloak:${dockertag} restart: unless-stopped @@ -87,6 +20,8 @@ services: KEYCLOAK_CREATE_ADMIN_USER: "true" KEYCLOAK_ADMIN_USER: \${KEYCLOAK_USER} KEYCLOAK_ADMIN_PASSWORD: \${KEYCLOAK_PASSWORD} + HOST_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME} + KEYCLOAK_AUTH_SERVER_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} ODOO_PUBLIC_URL: \${SERVER_SCHEME}://\${ODOO_HOSTNAME} OPENMRS_PUBLIC_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME} SENAITE_PUBLIC_URL: \${SERVER_SCHEME}://\${SENAITE_HOSTNAME} @@ -126,293 +61,44 @@ services: traefik.http.routers.keycloak.entrypoints: "websecure" traefik.http.services.keycloak.loadbalancer.server.port: 8080 + postgresql: + environment: + KEYCLOAK_DB: \${KEYCLOAK_DB} + KEYCLOAK_DB_SCHEMA: \${KEYCLOAK_DB_SCHEMA} + KEYCLOAK_DB_USER: \${KEYCLOAK_DB_USER} + KEYCLOAK_DB_PASSWORD: \${KEYCLOAK_DB_PASSWORD} # Odoo odoo: - depends_on: - postgresql: - condition: service_healthy environment: - - HOST=\${POSTGRES_DB_HOST} - - USER=\${ODOO_DB_USER} - - PASSWORD=\${ODOO_DB_PASSWORD} - - ADDONS=sale_management,stock,account_account,purchase,mrp,mrp_product_expiry,product_expiry,l10n_generic_coa,odoo_initializer,ozone_settings,server_environment,auth_oidc_environment,auth_oidc - - INITIALIZER_DATA_FILES_PATH=/mnt/odoo_config - - INITIALIZER_CONFIG_FILE_PATH=/mnt/odoo_config/initializer_config.json - - ODOO_CLIENT_SECRET=\${ODOO_CLIENT_SECRET} - - ODOO_CLIENT_UUID=\${ODOO_CLIENT_UUID} - - KEYCLOAK_URL=\${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} - image: ${dockerUserName}/${sanitizedArtifactId}-odoo:${dockertag} - labels: - traefik.enable: true - # https - traefik.http.routers.odoo-https.rule: Host(`\${ODOO_HOSTNAME}`) - traefik.http.routers.odoo-https.entrypoints: websecure - traefik.http.routers.odoo-https.service: odoo - traefik.http.routers.odoo-https.middlewares: gzip,sslheader,limit - #----------------------------- routes for: odoo/web/database || odoo/website/info ----------------------------- - # https - traefik.http.routers.odoo-db-https.rule: Host(`\${ODOO_HOSTNAME}`) && (PathPrefix(`/web/database`) || PathPrefix(`/website/info`)) - traefik.http.routers.odoo-db-https.entrypoints: websecure - traefik.http.routers.odoo-db-https.service: odoo - traefik.http.routers.odoo-db-https.middlewares: gzip,sslheader,limit - traefik.http.services.odoo-db-https.loadbalancer.server.port: 8069 - #---------------------------------------- routes for: odoo/longpolling ------------------------------------------------ - # https - traefik.http.routers.odoo-im-https.rule: Host(`\${ODOO_HOSTNAME}`) && (PathPrefix(`/longpolling`)) - traefik.http.routers.odoo-im-https.entrypoints: websecure - traefik.http.routers.odoo-im-https.service: odoo-im - traefik.http.routers.odoo-im-https.middlewares: gzip,sslheader,limit - - #====================================================== services =========================================================== - traefik.http.services.odoo.loadbalancer.server.port: 8069 - traefik.http.services.odoo-im.loadbalancer.server.port: 8072 - - #===================================================== middlewares ========================================================= - traefik.http.middlewares.gzip.compress: true - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto: https - traefik.http.middlewares.limit.buffering.memRequestBodyBytes: 20971520 - traefik.http.middlewares.limit.buffering.maxRequestBodyBytes: 20971520 - networks: - - ozone - - web - restart: unless-stopped - volumes: - - "\${ODOO_FILESTORE:-odoo-filestore}:/var/lib/odoo/filestore" - - "\${ODOO_CONFIG_CHECKSUMS_PATH:-odoo-checksums}:/mnt/checksums" - - # Odoo - OpenMRS integration service + - ADDONS=sale_management,stock,account_account,purchase,mrp,mrp_product_expiry,product_expiry,l10n_generic_coa,odoo_initializer,ozone_settings,server_environment,auth_oidc_environment,auth_oidc + # EIP Odoo OpenMRS Integration Service eip-odoo-openmrs: - depends_on: - openmrs: - condition: service_healthy - mysql: - condition: service_started - odoo: - condition: service_started environment: - - EIP_DB_NAME_ODOO=\${EIP_DB_NAME_ODOO} - - EIP_DB_USER_ODOO=\${EIP_DB_USER_ODOO} - - EIP_DB_PASSWORD_ODOO=\${EIP_DB_PASSWORD_ODOO} - - ODOO_DATABASE=\${ODOO_DATABASE} - - ODOO_USER=\${ODOO_USER} - - ODOO_PASSWORD=\${ODOO_PASSWORD} - - CREATE_CUSTOMER_IF_NOT_EXIST=\${CREATE_CUSTOMER_IF_NOT_EXIST} - - ODOO_CUSTOMER_EXTERNAL_ID=\${ODOO_CUSTOMER_EXTERNAL_ID} - - ODOO_CUSTOMER_DOB_FIELD=\${ODOO_CUSTOMER_DOB_FIELD} - - ODOO_CUSTOMER_WEIGHT_FIELD=\${ODOO_CUSTOMER_WEIGHT_FIELD} - - EMR_WEIGHT_CONCEPT=\${EMR_WEIGHT_CONCEPT} - - OPENMRS_IDENTIFIER_TYPE_UUID=\${OPENMRS_IDENTIFIER_TYPE_UUID} - - ODOO_URL=http://odoo:8069 - - OPENMRS_URL=http://openmrs:8080/openmrs - - EIP_PROFILE=prod - - MYSQL_ADMIN_USER=root - - MYSQL_ADMIN_USER_PASSWORD=\${MYSQL_ROOT_PASSWORD} - - OPENMRS_DB_HOST=\${OPENMRS_DB_HOST} - - OPENMRS_DB_PORT=\${OPENMRS_DB_PORT} - - OPENMRS_DB_NAME=\${OPENMRS_DB_NAME} - - OPENMRS_DB_USER=\${OPENMRS_DB_USER} - - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} - - OPENMRS_USER=\${OPENMRS_USER} - - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} - - EIP_FHIR_RESOURCES=Patient,ServiceRequest,MedicationRequest - - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 - - EIP_FHIR_USERNAME=\${OPENMRS_USER} - - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} - image: ${dockerUserName}/${sanitizedArtifactId}-eip-odoo-openmrs:${dockertag} - networks: - ozone: - aliases: - - eip-client-odoo - - eip-odoo-openmrs - restart: unless-stopped - volumes: - - eip-home-odoo:/eip-home - # OpenMRS 3 Backend + OAUTH_ACCESS_TOKEN_URL: \${OAUTH_ACCESS_TOKEN_URL} + OAUTH_ENABLED: \${OAUTH_ENABLED} + OAUTH_CLIENT_ID: \${OAUTH_CLIENT_ID} + OAUTH_CLIENT_SECRET: \${OAUTH_CLIENT_SECRET} + OAUTH_CLIENT_SCOPE: \${OAUTH_CLIENT_SCOPE} + + # OpenMRS Backend openmrs: - depends_on: - mysql: - condition: service_started environment: - OMRS_CONFIG_MODULE_WEB_ADMIN: "true" - OMRS_CONFIG_AUTO_UPDATE_DATABASE: "true" - OMRS_CONFIG_CREATE_TABLES: "true" - OMRS_CONFIG_CONNECTION_SERVER: mysql - OMRS_CONFIG_CONNECTION_DATABASE: openmrs - OMRS_CONFIG_CONNECTION_USERNAME: \${OPENMRS_DB_USER:-openmrs} - OMRS_CONFIG_CONNECTION_PASSWORD: \${OPENMRS_DB_PASSWORD:-openmrs} - HOST_URL: https://\${O3_HOSTNAME} KEYCLOAK_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} - KEYCLOAK_AUTH_SERVER_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} - OPENMRS_CLIENT_SECRET: \${OPENMRS_CLIENT_SECRET} - healthcheck: - test: [ "CMD", "curl", "-f", "http://localhost:8080/openmrs/health/started" ] - interval: 10s - timeout: 5s - retries: 48 - start_period: 120s - image: ${dockerUserName}/${sanitizedArtifactId}-openmrs-backend-sso:${dockertag} - labels: - traefik.enable: "true" - traefik.http.routers.openmrs.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs`)" - traefik.http.routers.openmrs.entrypoints: "websecure" - traefik.http.services.openmrs.loadbalancer.server.port: 8080 - traefik.http.routers.openmrs.middlewares: openmrs-spa-redirectregex - traefik.http.middlewares.openmrs-spa-redirectregex.redirectregex.regex: https://\${O3_HOSTNAME}/openmrs/spa - traefik.http.middlewares.openmrs-spa-redirectregex.redirectregex.replacement: https://\${O3_HOSTNAME}/openmrs/spa/home - networks: - - ozone - - web - restart: unless-stopped - volumes: - - "openmrs-data:/openmrs/data" - - "\${OPENMRS_CONFIG_CHECKSUMS_PATH:-openmrs-config-checksums}:/openmrs/data/configuration_checksums" - # OpenMRS 3 Frontend frontend: environment: - SPA_PATH: /openmrs/spa - API_URL: /openmrs - SPA_CONFIG_URLS: \${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-sso-frontend-config.json - SPA_DEFAULT_LOCALE: \${SPA_DEFAULT_LOCALE} - ODOO_PUBLIC_URL: \${SERVER_SCHEME}://\${ODOO_HOSTNAME:-http://localhost:8069} - OPENMRS_PUBLIC_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME:-http://localhost} - SENAITE_PUBLIC_URL: \${SERVER_SCHEME}://\${SENAITE_HOSTNAME:-http://localhost:8081} - healthcheck: - test: ["CMD", "curl", "-f", "http://localhost/"] - timeout: 5s - image: ${dockerUserName}/${sanitizedArtifactId}-openmrs-frontend-sso:${dockertag} - labels: - traefik.enable: "true" - traefik.http.routers.frontend.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/openmrs/spa/`)" - traefik.http.routers.frontend.entrypoints: "websecure" - traefik.http.routers.frontend.middlewares: frontend-stripprefix,gzip - traefik.http.services.frontend.loadbalancer.server.port: 80 - - traefik.http.routers.home.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/home`)" - traefik.http.routers.home.entrypoints: "websecure" - traefik.http.routers.home.middlewares: home-redirectregex - - traefik.http.routers.root.rule: "Host(`\${O3_HOSTNAME}`) && PathPrefix(`/`)" - traefik.http.routers.root.entrypoints: "websecure" - traefik.http.routers.root.middlewares: root-redirectregex + SPA_CONFIG_URLS: \${SPA_CONFIG_URLS},/openmrs/spa/configs/ozone-frontend-config-sso.json - traefik.http.middlewares.frontend-stripprefix.stripprefix.prefixes: /openmrs/spa - traefik.http.middlewares.frontend-stripprefix.stripprefix.forceslash: false - traefik.http.middlewares.home-redirectregex.redirectregex.regex: https://\${O3_HOSTNAME}/home - traefik.http.middlewares.home-redirectregex.redirectregex.replacement: https://\${O3_HOSTNAME}/openmrs/spa/home - traefik.http.middlewares.root-redirectregex.redirectregex.regex: https://\${O3_HOSTNAME} - traefik.http.middlewares.root-redirectregex.redirectregex.replacement: https://\${O3_HOSTNAME}/openmrs/spa/home - traefik.http.middlewares.gzip.compress: true - networks: - - ozone - - web - restart: unless-stopped # SENAITE senaite: environment: - - SITE=\${SITE} - - ADMIN_USER=\${SENAITE_ADMIN_USER} - - ADMIN_PASSWORD=\${SENAITE_ADMIN_PASSWORD} - - OAUTH_CONFIG_FILE=/data/oidc/client.json - - KEYCLOAK_URL=\${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} - - SENAITE_CLIENT_SECRET=\${SENAITE_CLIENT_SECRET} - - SENAITE_CLIENT_UUID=\${SENAITE_CLIENT_UUID} - image: ${dockerUserName}/${sanitizedArtifactId}-senaite-sso:${dockertag} - labels: - - "traefik.enable=true" - - "traefik.http.services.senaite.loadbalancer.server.port=8080" - - "traefik.http.routers.senaite.rule=Host(`\${SENAITE_HOSTNAME}`)" - - "traefik.http.routers.senaite.middlewares=senaite" - - "traefik.http.middlewares.senaite.addprefix.prefix=/VirtualHostBase/https/\${SENAITE_HOSTNAME}/senaite/VirtualHostRoot" - networks: - - ozone - - web - restart: unless-stopped - volumes: - - senaite-filestorage:/data/filestorage - - senaite-blobstorage:/data/blobstorage - + OAUTH_CONFIG_FILE: /data/oidc/client.json + OAUTH_CONFIG_PATH: /data/oidc # OpenMRS - SENAITE integration service eip-openmrs-senaite: - depends_on: - openmrs: - condition: service_healthy - mysql: - condition: service_started - senaite: - condition: service_started environment: - - SENAITE_SERVER_URL=http://senaite:8080/senaite - - SENAITE_SERVER_USER=\${SENAITE_ADMIN_USER} - - SENAITE_SERVER_PASSWORD=\${SENAITE_ADMIN_PASSWORD} - - OPENMRS_SERVER_URL=http://openmrs:8080/openmrs - - OPENMRS_SERVER_USER=\${OPENMRS_USER} - - OPENMRS_SERVER_PASSWORD=\${OPENMRS_PASSWORD} - - OPENMRS_RESULTS_ENCOUNTER_TYPE_UUID=\${RESULTS_ENCOUNTER_TYPE_UUID} - - OPENMRS_IDENTIFIER_TYPE_UUID=\${OPENMRS_IDENTIFIER_TYPE_UUID} - - OPENMRS_CONCEPT_COMPLEX_UUID=\${CONCEPT_COMPLEX_UUID} - - EIP_PROFILE=prod - - EIP_DB_NAME_SENAITE=\${EIP_DB_NAME_SENAITE} - - EIP_DB_USER_SENAITE=\${EIP_DB_USER_SENAITE} - - EIP_DB_PASSWORD_SENAITE=\${EIP_DB_PASSWORD_SENAITE} - - MYSQL_ADMIN_USER=root - - MYSQL_ADMIN_USER_PASSWORD=\${MYSQL_ROOT_PASSWORD} - - OPENMRS_DB_HOST=\${OPENMRS_DB_HOST} - - OPENMRS_DB_PORT=\${OPENMRS_DB_PORT} - - OPENMRS_DB_NAME=\${OPENMRS_DB_NAME} - - OPENMRS_DB_USER=\${OPENMRS_DB_USER} - - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} - - OPENMRS_USER=\${OPENMRS_USER} - - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} - - EIP_FHIR_RESOURCES=Patient,ServiceRequest,MedicationRequest - - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 - - EIP_FHIR_USERNAME=\${OPENMRS_USER} - - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} - image: ${dockerUserName}/${sanitizedArtifactId}-eip-openmrs-senaite:${dockertag} - networks: - ozone: - aliases: - - eip-client-senaite - restart: unless-stopped - volumes: - - eip-home-senaite:/eip-home - proxy: - restart: unless-stopped - image: ${dockerUserName}/${sanitizedArtifactId}-proxy:${dockertag} - healthcheck: - test: - - CMD - - curl - - "-f" - - "http://localhost/" - networks: - ozone: - ports: - - "\${PROXY_PUBLIC_PORT:-80}:80" - - "8069:8069" - - "8081:8081" - - "8088:8088" - - "8082:8082" - - "8084:8084" - volumes: - - "\${PROXY_TLS_CERTS_PATH:-proxy-tls-certs}:/etc/tls" - -volumes: - mysql-data: ~ - postgresql-data: ~ - eip-home-odoo: ~ - odoo-checksums: ~ - odoo-config: ~ - odoo-extra-addons: ~ - odoo-filestore: ~ - odoo-web-data: ~ - openmrs-core: ~ - openmrs-config: ~ - openmrs-config-checksums: ~ - openmrs-data: ~ - openmrs-modules: ~ - openmrs-owas: ~ - eip-home-senaite: ~ - senaite-blobstorage: ~ - senaite-filestorage: ~ - proxy-tls-certs: ~ + OAUTH_ACCESS_TOKEN_URL: \${OAUTH_ACCESS_TOKEN_URL} + OAUTH_ENABLED: \${OAUTH_ENABLED} + OAUTH_CLIENT_ID: \${OAUTH_CLIENT_ID} + OAUTH_CLIENT_SECRET: \${OAUTH_CLIENT_SECRET} + OAUTH_CLIENT_SCOPE: \${OAUTH_CLIENT_SCOPE} diff --git a/docker-compose-bundled.yml.template b/docker-compose-bundled.yml.template index c0f7b4e..75238ad 100644 --- a/docker-compose-bundled.yml.template +++ b/docker-compose-bundled.yml.template @@ -295,6 +295,10 @@ services: - OPENMRS_DB_PASSWORD=\${OPENMRS_DB_PASSWORD} - OPENMRS_USER=\${OPENMRS_USER} - OPENMRS_PASSWORD=\${OPENMRS_PASSWORD} + - EIP_FHIR_RESOURCES=Patient,ServiceRequest + - EIP_FHIR_SERVER_URL=http://openmrs:8080/openmrs/ws/fhir2/R4 + - EIP_FHIR_USERNAME=\${OPENMRS_USER} + - EIP_FHIR_PASSWORD=\${OPENMRS_PASSWORD} image: ${dockerUserName}/${sanitizedArtifactId}-eip-openmrs-senaite:${dockertag} networks: ozone: @@ -318,11 +322,9 @@ services: - "\${PROXY_PUBLIC_PORT:-80}:80" - "8069:8069" - "8081:8081" - - "8088:8088" - - "8082:8082" + - "8084:8084" volumes: - "\${PROXY_TLS_CERTS_PATH:-proxy-tls-certs}:/etc/tls" -version: "3.7" volumes: mysql-data: ~ @@ -343,4 +345,3 @@ volumes: senaite-blobstorage: ~ senaite-filestorage: ~ proxy-tls-certs: ~ - \ No newline at end of file From 8cbabc5c92b5dfb1e9c7bba20cdb98861942e774 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Thu, 21 Nov 2024 15:07:27 +0300 Subject: [PATCH 16/22] OZ-573: Add openmrs tomcat server.xml config to openmrs bundled docker image --- bundled-docker/openmrs/Dockerfile | 9 +++++---- bundled-docker/pom.xml | 1 + 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/bundled-docker/openmrs/Dockerfile b/bundled-docker/openmrs/Dockerfile index 4045d19..bef4a14 100644 --- a/bundled-docker/openmrs/Dockerfile +++ b/bundled-docker/openmrs/Dockerfile @@ -1,5 +1,6 @@ FROM openmrs/openmrs-reference-application-3-backend:nightly -ADD binaries/openmrs/modules /openmrs/distribution/openmrs_modules -ADD configs/openmrs/initializer_config /openmrs/distribution/openmrs_config -ADD configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties -ADD configs/openmrs/properties/oauth2.properties /openmrs/data/oauth2.properties +ADD distro/binaries/openmrs/modules /openmrs/distribution/openmrs_modules +ADD distro/configs/openmrs/initializer_config /openmrs/distribution/openmrs_config +ADD distro/configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties +ADD distro/configs/openmrs/properties/oauth2.properties /openmrs/data/oauth2.properties +ADD bundled-docker/openmrs/tomcat/server.xml /usr/local/tomcat/conf/server.xml diff --git a/bundled-docker/pom.xml b/bundled-docker/pom.xml index e31d818..cfc4f71 100644 --- a/bundled-docker/pom.xml +++ b/bundled-docker/pom.xml @@ -84,6 +84,7 @@ docker-compose-bundled.yml.template docker-compose-bundled-sso.yml.template + openmrs/** From e09b68c67153b3002921525a52c002e841f671fb Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Fri, 22 Nov 2024 13:39:05 +0300 Subject: [PATCH 17/22] OZ-573: Fix docker bundled env substitution + merge ENABLE_SSO with OAUTH_ENABLED --- .env | 3 ++- bundled-docker/openmrs/Dockerfile | 2 +- docker-compose-bundled-sso.yml.template | 11 +++++++++++ docker-compose-keycloak.yml | 3 +++ scripts/start-demo-with-sso.sh | 8 ++++---- scripts/start-demo.sh | 1 + scripts/start-with-sso.sh | 8 ++++---- scripts/utils.sh | 2 +- 8 files changed, 27 insertions(+), 11 deletions(-) mode change 100644 => 100755 scripts/start-demo-with-sso.sh mode change 100644 => 100755 scripts/start-with-sso.sh diff --git a/.env b/.env index 3331391..72d4e80 100644 --- a/.env +++ b/.env @@ -173,6 +173,7 @@ O3_HOSTNAME=${HOST_NAME} ODOO_HOSTNAME=${HOST_NAME}:8069 SENAITE_HOSTNAME=${HOST_NAME}:8081 ERPNEXT_HOSTNAME=${HOST_NAME}:8082 +SUPERSET_HOSTNAME=${HOST_NAME}:8088 FHIR_ODOO_HOSTNAME=${HOST_NAME}:8083 KEYCLOAK_HOSTNAME=${HOST_NAME}:8084 @@ -197,7 +198,7 @@ EIP_CLIENT_SECRET=h9PQzv6zWnVl1yxnhdfZulnW7FPqPlci # # EIP OAuth2 # -OAUTH_ENABLED=false +OAUTH_ENABLED=${ENABLE_SSO} OAUTH_CLIENT_ID=eip OAUTH_CLIENT_SECRET=${EIP_CLIENT_SECRET} OAUTH_CLIENT_SCOPE=openid diff --git a/bundled-docker/openmrs/Dockerfile b/bundled-docker/openmrs/Dockerfile index bef4a14..5134a87 100644 --- a/bundled-docker/openmrs/Dockerfile +++ b/bundled-docker/openmrs/Dockerfile @@ -1,4 +1,4 @@ -FROM openmrs/openmrs-reference-application-3-backend:nightly +FROM openmrs/openmrs-reference-application-3-backend:3.1.1 ADD distro/binaries/openmrs/modules /openmrs/distribution/openmrs_modules ADD distro/configs/openmrs/initializer_config /openmrs/distribution/openmrs_config ADD distro/configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties diff --git a/docker-compose-bundled-sso.yml.template b/docker-compose-bundled-sso.yml.template index c106b97..6d89d71 100644 --- a/docker-compose-bundled-sso.yml.template +++ b/docker-compose-bundled-sso.yml.template @@ -25,12 +25,15 @@ services: ODOO_PUBLIC_URL: \${SERVER_SCHEME}://\${ODOO_HOSTNAME} OPENMRS_PUBLIC_URL: \${SERVER_SCHEME}://\${O3_HOSTNAME} SENAITE_PUBLIC_URL: \${SERVER_SCHEME}://\${SENAITE_HOSTNAME} + SUPERSET_PUBLIC_URL: \${SERVER_SCHEME}://\${SUPERSET_HOSTNAME} ODOO_CLIENT_SECRET: \${ODOO_CLIENT_SECRET} ODOO_CLIENT_UUID: \${ODOO_CLIENT_UUID} OPENMRS_CLIENT_SECRET: \${OPENMRS_CLIENT_SECRET} OPENMRS_CLIENT_UUID: \${OPENMRS_CLIENT_UUID} SENAITE_CLIENT_SECRET: \${SENAITE_CLIENT_SECRET} SENAITE_CLIENT_UUID: \${SENAITE_CLIENT_UUID} + SUPERSET_CLIENT_SECRET: \${SUPERSET_CLIENT_SECRET} + SUPERSET_CLIENT_UUID: \${SUPERSET_CLIENT_UUID} KEYCLOAK_ADMIN_SA_CLIENT_SECRET: \${KEYCLOAK_ADMIN_SA_CLIENT_SECRET} EIP_CLIENT_SECRET: \${EIP_CLIENT_SECRET} KEYCLOAK_EXTRA_ARGS_PREPENDED: "--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true" @@ -70,6 +73,9 @@ services: # Odoo odoo: environment: + - KEYCLOAK_URL=\${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + - ODOO_CLIENT_UUID=\${ODOO_CLIENT_UUID} + - ODOO_CLIENT_SECRET=\${ODOO_CLIENT_SECRET} - ADDONS=sale_management,stock,account_account,purchase,mrp,mrp_product_expiry,product_expiry,l10n_generic_coa,odoo_initializer,ozone_settings,server_environment,auth_oidc_environment,auth_oidc # EIP Odoo OpenMRS Integration Service eip-odoo-openmrs: @@ -84,6 +90,8 @@ services: openmrs: environment: KEYCLOAK_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + OPENMRS_CLIENT_UUID: \${OPENMRS_CLIENT_UUID} + OPENMRS_CLIENT_SECRET: \${OPENMRS_CLIENT_SECRET} frontend: environment: @@ -94,6 +102,9 @@ services: environment: OAUTH_CONFIG_FILE: /data/oidc/client.json OAUTH_CONFIG_PATH: /data/oidc + KEYCLOAK_URL: \${SERVER_SCHEME}://\${KEYCLOAK_HOSTNAME} + SENAITE_CLIENT_UUID: \${SENAITE_CLIENT_UUID} + SENAITE_CLIENT_SECRET: \${SENAITE_CLIENT_SECRET} # OpenMRS - SENAITE integration service eip-openmrs-senaite: environment: diff --git a/docker-compose-keycloak.yml b/docker-compose-keycloak.yml index 570a5ab..293ecab 100644 --- a/docker-compose-keycloak.yml +++ b/docker-compose-keycloak.yml @@ -66,6 +66,9 @@ services: - KEYCLOAK_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} - KEYCLOAK_INTERNAL_HOST_URL=${KEYCLOAK_INTERNAL_HOST_URL} - EIP_CLIENT_SECRET=${EIP_CLIENT_SECRET} + - SUPERSET_CLIENT_SECRET=${SUPERSET_CLIENT_SECRET} + - SUPERSET_CLIENT_UUID=${SUPERSET_CLIENT_UUID} + - SUPERSET_PUBLIC_URL=${SERVER_SCHEME}://${SUPERSET_HOSTNAME} volumes: keycloak-realm: ~ diff --git a/scripts/start-demo-with-sso.sh b/scripts/start-demo-with-sso.sh old mode 100644 new mode 100755 index f86597e..4111abe --- a/scripts/start-demo-with-sso.sh +++ b/scripts/start-demo-with-sso.sh @@ -1,9 +1,9 @@ -# Enable sso +#!/usr/bin/env bash +set -e + +# Enable SSO export ENABLE_SSO=true -export OAUTH_ENABLED=true echo "$INFO Setting ENABLE_SSO=true..." echo "→ ENABLE_SSO=$ENABLE_SSO" -echo "$INFO Setting OAUTH_ENABLED=true..." -echo "→ OAUTH_ENABLED=$OAUTH_ENABLED" source start-demo.sh diff --git a/scripts/start-demo.sh b/scripts/start-demo.sh index 0721d9f..fa8fb49 100755 --- a/scripts/start-demo.sh +++ b/scripts/start-demo.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +set -e export DEMO=true echo "$INFO Setting DEMO=true..." diff --git a/scripts/start-with-sso.sh b/scripts/start-with-sso.sh old mode 100644 new mode 100755 index d386c52..35e0833 --- a/scripts/start-with-sso.sh +++ b/scripts/start-with-sso.sh @@ -1,9 +1,9 @@ -# Enable sso +#!/usr/bin/env bash +set -e + +# Enable SSO export ENABLE_SSO=true -export OAUTH_ENABLED=true echo "$INFO Setting ENABLE_SSO=true..." echo "→ ENABLE_SSO=$ENABLE_SSO" -echo "$INFO Setting OAUTH_ENABLED=true..." -echo "→ OAUTH_ENABLED=$OAUTH_ENABLED" source start.sh diff --git a/scripts/utils.sh b/scripts/utils.sh index 377e30e..398989e 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -196,7 +196,7 @@ function displayAccessURLsWithCredentials { services=() is_defined=() - # Read docker-compose-files.txt and docker-compose-sso-files.txt, and extract the list of services run + # Read docker-compose-files.txt and extract the list of services run while read -r line; do if [[ $line != *-sso.yml ]]; then serviceWithoutExtension=${line%.yml} From 053e65db42849ec85b5d99140f7a87dfb00eb109 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Fri, 22 Nov 2024 17:41:32 +0300 Subject: [PATCH 18/22] OZ-573: Clear out openmrs distribution modules & configs --- bundled-docker/openmrs/Dockerfile | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/bundled-docker/openmrs/Dockerfile b/bundled-docker/openmrs/Dockerfile index 5134a87..a03d398 100644 --- a/bundled-docker/openmrs/Dockerfile +++ b/bundled-docker/openmrs/Dockerfile @@ -1,4 +1,10 @@ -FROM openmrs/openmrs-reference-application-3-backend:3.1.1 +FROM openmrs/openmrs-reference-application-3-backend:nightly + +# Remove modules & configurations from OpenMRS Reference Application +RUN find /openmrs/distribution/openmrs_modules -mindepth 1 -delete || true +RUN find /openmrs/distribution/openmrs_config -mindepth 1 -delete || true + +# Add modules & configurations for the ozone distribution ADD distro/binaries/openmrs/modules /openmrs/distribution/openmrs_modules ADD distro/configs/openmrs/initializer_config /openmrs/distribution/openmrs_config ADD distro/configs/openmrs/properties/fhirproxy.properties /openmrs/data/fhirproxy/config.properties From cefe4f89f93d43f0a3b93b1391eec89910ae43f7 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Thu, 28 Nov 2024 12:08:39 +0300 Subject: [PATCH 19/22] OZ-573: Switch to openmrs-core docker image + enable oauth2 at start time OpenMRS --- bundled-docker/openmrs/Dockerfile | 6 +----- docker-compose-openmrs-sso.yml | 3 ++- docker-compose-openmrs.yml | 4 +++- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/bundled-docker/openmrs/Dockerfile b/bundled-docker/openmrs/Dockerfile index a03d398..c74ee34 100644 --- a/bundled-docker/openmrs/Dockerfile +++ b/bundled-docker/openmrs/Dockerfile @@ -1,8 +1,4 @@ -FROM openmrs/openmrs-reference-application-3-backend:nightly - -# Remove modules & configurations from OpenMRS Reference Application -RUN find /openmrs/distribution/openmrs_modules -mindepth 1 -delete || true -RUN find /openmrs/distribution/openmrs_config -mindepth 1 -delete || true +FROM openmrs/openmrs-core:2.6.7 # Add modules & configurations for the ozone distribution ADD distro/binaries/openmrs/modules /openmrs/distribution/openmrs_modules diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index 4f5177f..674f4f4 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -2,8 +2,8 @@ services: openmrs: environment: KEYCLOAK_URL: ${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} + OAUTH2_ENABLED: ${ENABLE_SSO} volumes: - - "${OPENMRS_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" - "./openmrs/tomcat/server.xml:/usr/local/tomcat/conf/server.xml" frontend: @@ -14,6 +14,7 @@ services: env-substitution: environment: + - OAUTH2_ENABLED=${ENABLE_SSO} - HOST_URL=${SERVER_SCHEME}://${O3_HOSTNAME} - KEYCLOAK_AUTH_SERVER_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} - OPENMRS_CLIENT_SECRET=${OPENMRS_CLIENT_SECRET} diff --git a/docker-compose-openmrs.yml b/docker-compose-openmrs.yml index 19fe17b..c4141cd 100644 --- a/docker-compose-openmrs.yml +++ b/docker-compose-openmrs.yml @@ -16,13 +16,14 @@ services: OMRS_CONFIG_CONNECTION_USERNAME: ${OPENMRS_DB_USER:-openmrs} OMRS_CONFIG_CONNECTION_PASSWORD: ${OPENMRS_DB_PASSWORD:-openmrs} HOST_URL: https://${O3_HOSTNAME} + OAUTH2_ENABLED: ${ENABLE_SSO} healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:8080/openmrs/health/started" ] interval: 10s timeout: 5s retries: 48 start_period: 120s - image: openmrs/openmrs-reference-application-3-backend:3.1.1 + image: openmrs/openmrs-core:2.6.7 labels: traefik.enable: "true" traefik.http.routers.openmrs.rule: "Host(`${O3_HOSTNAME}`) && PathPrefix(`/openmrs`)" @@ -47,6 +48,7 @@ services: - "${OPENMRS_CONFIG_CHECKSUMS_PATH:-openmrs-config-checksums}:/openmrs/data/configuration_checksums" - "${OPENMRS_PROPERTIES_PATH}:/etc/properties/" - "${OPENMRS_PROPERTIES_PATH}/fhirproxy.properties:/openmrs/data/fhirproxy/config.properties" + - "${OPENMRS_PROPERTIES_PATH}/oauth2.properties:/openmrs/data/oauth2.properties" - "${OPENMRS_PERSON_IMAGES_PATH:-openmrs-person-images}:/openmrs/data/person_images" - "${OPENMRS_COMPLEX_OBS_PATH:-openmrs-complex-obs}:/openmrs/data/complex_obs" From fd709f2be684c075f4b0c595bbcd0436d066bf55 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Mon, 2 Dec 2024 15:23:41 +0300 Subject: [PATCH 20/22] OZ-573: Add Keycloak admin service account secret env var --- docker-compose-keycloak.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose-keycloak.yml b/docker-compose-keycloak.yml index 293ecab..79353b0 100644 --- a/docker-compose-keycloak.yml +++ b/docker-compose-keycloak.yml @@ -65,6 +65,7 @@ services: environment: - KEYCLOAK_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} - KEYCLOAK_INTERNAL_HOST_URL=${KEYCLOAK_INTERNAL_HOST_URL} + - KEYCLOAK_ADMIN_SA_CLIENT_SECRET=${KEYCLOAK_ADMIN_SA_CLIENT_SECRET} - EIP_CLIENT_SECRET=${EIP_CLIENT_SECRET} - SUPERSET_CLIENT_SECRET=${SUPERSET_CLIENT_SECRET} - SUPERSET_CLIENT_UUID=${SUPERSET_CLIENT_UUID} From b1d550d70789e24cdb6f09c001f9764e721b2555 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Mon, 2 Dec 2024 15:28:39 +0300 Subject: [PATCH 21/22] OZ-573: Add OpenMRS client UUID env var --- docker-compose-openmrs-sso.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/docker-compose-openmrs-sso.yml b/docker-compose-openmrs-sso.yml index 674f4f4..36aa7e0 100644 --- a/docker-compose-openmrs-sso.yml +++ b/docker-compose-openmrs-sso.yml @@ -18,3 +18,4 @@ services: - HOST_URL=${SERVER_SCHEME}://${O3_HOSTNAME} - KEYCLOAK_AUTH_SERVER_URL=${SERVER_SCHEME}://${KEYCLOAK_HOSTNAME} - OPENMRS_CLIENT_SECRET=${OPENMRS_CLIENT_SECRET} + - OPENMRS_CLIENT_UUID=${OPENMRS_CLIENT_UUID} From e67c32ce51ba86a7d80b62b3957a4a899639ba85 Mon Sep 17 00:00:00 2001 From: Kipchumba Bett Date: Tue, 3 Dec 2024 14:33:22 +0300 Subject: [PATCH 22/22] Simplify display access URLs --- scripts/utils.sh | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/scripts/utils.sh b/scripts/utils.sh index 398989e..c4e994f 100644 --- a/scripts/utils.sh +++ b/scripts/utils.sh @@ -223,15 +223,12 @@ function displayAccessURLsWithCredentials { envsubst < .urls_1.txt > .urls_2.txt + echo "" + echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" + echo "" if [ "$ENABLE_SSO" == "true" ]; then - echo "" - echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" - echo "" awk -F, 'NR==1 {printf "%-15s %-40s\n", $1, $2} NR>2 && $1 != "Keycloak" {printf "%-15s %-40s\n", $1, $2} END {print "-\nUsername: jdoe\nPassword: password\n-\nIdentity Provider(IDP)\nKeycloak -", $2, " Username:", $3, " Password:", $4}' .urls_2.txt else - echo "" - echo "$INFO 🔗 Access each ${OZONE_LABEL:-Ozone FOSS} components at the following URL:" - echo "" awk -F, 'NR==1 {printf "%-15s %-40s %-15s %-15s\n", $1, $2, $3, $4} NR>2 && $1 != "Keycloak" {printf "%-15s %-40s %-15s %-15s\n", $1, $2, $3, $4}' .urls_2.txt fi }