From f8a4234f2f87c0068ab02d634b3a132f6e07393c Mon Sep 17 00:00:00 2001 From: helm Date: Mon, 27 Nov 2023 13:38:59 +0000 Subject: [PATCH] Helm chart update: 2.26.0-id.2 --- checkpoint/cloudguard/Chart.yaml | 4 +- checkpoint/cloudguard/README.md | 2 +- checkpoint/cloudguard/defaults.yaml | 16 +-- checkpoint/cloudguard/templates/_helpers.tpl | 54 ++++++-- .../admission/enforcer/deployment.yaml | 2 + .../admission/policy/deployment.yaml | 2 + .../templates/flowlogs/daemon/daemonset.yaml | 2 + .../templates/imagescan/daemon/daemonset.yaml | 2 + .../imagescan/engine/deployment.yaml | 6 +- .../templates/inventory/agent/deployment.yaml | 2 + .../templates/runtime/daemon/daemonset.yaml | 2 + .../templates/runtime/policy/deployment.yaml | 2 + repository/cloudguard-2.26.0-id.2.tgz | Bin 0 -> 26727 bytes repository/index.yaml | 123 ++++++++++++------ 14 files changed, 153 insertions(+), 66 deletions(-) create mode 100644 repository/cloudguard-2.26.0-id.2.tgz diff --git a/checkpoint/cloudguard/Chart.yaml b/checkpoint/cloudguard/Chart.yaml index ce4d2151..78355eb8 100644 --- a/checkpoint/cloudguard/Chart.yaml +++ b/checkpoint/cloudguard/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.24.3 +appVersion: 2.26.0-id.2 description: A Helm chart for Check Point CloudGuard Workload Security home: https://portal.checkpoint.com icon: https://www.checkpoint.com/wp-content/uploads/icon-cloudguard-nav.png @@ -32,4 +32,4 @@ keywords: - gke - autopilot name: cloudguard -version: 2.24.3 +version: 2.26.0-id.2 diff --git a/checkpoint/cloudguard/README.md b/checkpoint/cloudguard/README.md index 7cccf7a2..22a6a228 100644 --- a/checkpoint/cloudguard/README.md +++ b/checkpoint/cloudguard/README.md @@ -140,7 +140,7 @@ The following table list the configurable parameters of this chart and their def | `seccompProfile` | Computer Security facility profile. (to be used in kubernetes 1.19 and up) | `RuntimeDefault` | | `podAnnotations.seccomp` | Computer Security facility profile. (to be used in kubernetes below 1.19) | `runtime/default` | | `podAnnotations.apparmor` | Apparmor Linux kernel security module profile. | `{}` | -| `autoUpgrade` | Enable auto-upgrade (true or false). 'major.minor' tags will be set for images rather than 'major.minor.patch'" | `false` | +| `autoUpgrade` | Enable auto-upgrade (preserve, true or false). 'major.minor' tags will be set for images rather than 'major.minor.patch'" | `preserve` | | `podAnnotations.custom` | Custom Pod annotations (for all agent Pods) | `{}` | | `priorityClassName` | Specifies custom priorityClassName | `` | | `daemonSetStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable daemonset pods during a rolling update | `50%` | diff --git a/checkpoint/cloudguard/defaults.yaml b/checkpoint/cloudguard/defaults.yaml index d710079b..89f874d8 100755 --- a/checkpoint/cloudguard/defaults.yaml +++ b/checkpoint/cloudguard/defaults.yaml @@ -56,7 +56,7 @@ platform: kubernetes # kubernetes, openshift, openshift.v3, tanzu, eks, eks.bott seccompProfile: type: RuntimeDefault -autoUpgrade: false # true or false +autoUpgrade: preserve # true, false or preserve daemonSetStrategy: rollingUpdate: @@ -111,7 +111,7 @@ addons: priorityClassName: "system-node-critical" ## Specify image and tag image: checkpoint/consec-imagescan-daemon - tag: 2.25.0 + tag: 2.27.0 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -133,7 +133,7 @@ addons: shim: ## Specify image and tag image: checkpoint/consec-imagescan-shim - tag: 2.25.0 + tag: 2.27.0 ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ @@ -169,7 +169,7 @@ addons: engine: ## Specify image and tag image: checkpoint/consec-imagescan-engine - tag: 2.25.0 + tag: 2.27.0 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -202,7 +202,7 @@ addons: list: ## Specify image and tag image: checkpoint/consec-imagescan-engine - tag: 2.25.0 + tag: 2.27.0 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -309,7 +309,7 @@ addons: enforcer: ## Specify image and tag image: checkpoint/consec-admission-enforcer - tag: 2.9.0 + tag: 2.10.0 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -351,7 +351,7 @@ addons: ## Main container settings ## Specify image and tag image: checkpoint/consec-runtime-daemon - tag: 1.8.8 + tag: 1.11.5 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -373,7 +373,7 @@ addons: probe: ## Specify image and tag image: checkpoint/consec-runtime-probe - tag: 0.30.2-cp-5 + tag: 0.30.2-cp-6 ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/checkpoint/cloudguard/templates/_helpers.tpl b/checkpoint/cloudguard/templates/_helpers.tpl index 330ff56e..c5c5d862 100644 --- a/checkpoint/cloudguard/templates/_helpers.tpl +++ b/checkpoint/cloudguard/templates/_helpers.tpl @@ -53,7 +53,7 @@ {{- if or .Values.debugImages .featureConfig.debugImages .agentConfig.debugImages }} {{- $tag = printf "%s-debug" .agentConfig.tag }} {{- end }} -{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne .agentConfig.image "checkpoint/consec-runtime-daemon") -}} +{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) -}} {{- $tag = regexFind "\\d+.\\d+" $tag }} {{- end -}} {{- $image := printf "%s/%s:%s" .Values.imageRegistry.url .agentConfig.image $tag }} @@ -67,7 +67,7 @@ {{- if or .Values.debugImages .featureConfig.debugImages .agentConfig.debugImages $containerConfig.debugImage }} {{- $tag = printf "%s-debug" $containerConfig.tag }} {{- end }} -{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne .agentConfig.image "checkpoint/consec-runtime-probe") -}} +{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne $containerConfig.image "checkpoint/consec-runtime-probe") (ne $containerConfig.image "checkpoint/consec-runtime-cos-compat") -}} {{- $tag = regexFind "\\d+.\\d+" $tag }} {{- end -}} {{- $image := printf "%s/%s:%s" .Values.imageRegistry.url $containerConfig.image $tag }} @@ -179,10 +179,8 @@ imagePullSecrets: fieldPath: spec.nodeName - name: PLATFORM value: {{ .platform }} -{{- if eq (include "get.autoUpgrade" .) "true" }} - name: AUTO_UPGRADE_ENABLED - value: "true" -{{- end -}} + value: {{ (include "get.autoUpgrade" .) | quote }} {{- if .Values.proxy }} - name: HTTPS_PROXY value: "{{ .Values.proxy }}" @@ -343,16 +341,50 @@ takes a context (such as $config, .Values or (dict "containerRuntime" $container {{- end -}} {{- end -}} +{{- define "inventory.resource.name" -}} + {{- $inventoryConfig := fromYaml (include "inventory.agent.config" .) -}} + {{ template "agent.resource.name" $inventoryConfig }} +{{- end }} {{/* -if registry is not quay do not enable auto upgrade +If the registry is not "quay" do not enable automatic upgrades. +If a user manually defines a value, that choice takes precedence. +If a user opts for the default "preserve" option: + If there was no prior deployment, automatic upgrades are enabled. + If there was a previous deployment, we examine the value that deployment had and apply it. + If there was no previous value, automatic upgrades are enabled. + note: In the case of Helm templates, we won't have knowledge of the previous value, and unless a value is provided, "autoUpgrade" will default to "true" */}} {{- define "get.autoUpgrade" -}} -{{- if ne .Values.imageRegistry.url "quay.io" -}} -{{- printf "false" -}} -{{- else -}} -{{- printf (.Values.autoUpgrade | toString) -}} -{{- end -}} +{{- if ne .Values.imageRegistry.url "quay.io" -}} +{{- printf "false" -}} +{{- else -}} +{{- if eq (.Values.autoUpgrade | toString) "true" -}} +{{- printf "true" -}} +{{- else -}} +{{- if eq (.Values.autoUpgrade | toString) "false" -}} +{{- printf "false" -}} +{{- else -}} +{{/* preserve */}} +{{- $inventoryDeploymentName := trim (include "inventory.resource.name" .) -}} +{{- $inventoryDeployment := lookup "apps/v1" "Deployment" .Release.Namespace $inventoryDeploymentName -}} +{{- if not $inventoryDeployment -}} +{{- printf "true" -}} +{{- else -}} +{{- $isAutoUpgradeEnv := true -}} +{{- $firstContainer := first $inventoryDeployment.spec.template.spec.containers -}} +{{- range $index, $env := $firstContainer.env -}} +{{- if eq $env.name "AUTO_UPGRADE_ENABLED"}} +{{- if eq $env.value "false" -}} +{{- $isAutoUpgradeEnv = false -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- printf ($isAutoUpgradeEnv | toString) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml b/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml index 6942c7c2..b06e64f0 100644 --- a/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml +++ b/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "admission.enforcer.config" .) -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} {{ if $config.featureConfig.enabled }} apiVersion: apps/v1 kind: Deployment diff --git a/checkpoint/cloudguard/templates/admission/policy/deployment.yaml b/checkpoint/cloudguard/templates/admission/policy/deployment.yaml index 15dad9ea..28323617 100644 --- a/checkpoint/cloudguard/templates/admission/policy/deployment.yaml +++ b/checkpoint/cloudguard/templates/admission/policy/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "admission.policy.config" .) -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: Deployment diff --git a/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml b/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml index 5ba81f84..705efca6 100644 --- a/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml +++ b/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml @@ -1,6 +1,8 @@ {{- $configs := fromYaml (include "flowlogs.daemon.config.multiple" .) -}} {{- range $_, $config := $configs -}} {{- $config = $config | fromYaml -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" $.Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: DaemonSet diff --git a/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml b/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml index 9deb0cc8..e1ff2e6a 100644 --- a/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml +++ b/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml @@ -1,6 +1,8 @@ {{- $configs := fromYaml (include "imagescan.daemon.config.multiple" .) -}} {{- range $_, $config := $configs -}} {{- $config = $config | fromYaml -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" $.Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: DaemonSet diff --git a/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml b/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml index e1b94369..3450b985 100644 --- a/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml +++ b/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml @@ -53,12 +53,14 @@ spec: value: {{ include "name.prefix" $config }} - name: CLOUDGUARD_REGION value: {{ include "dome9.subdomain" $config | default "us" }} + - name: CP_RUNTIME + value: {{ $config.containerRuntime }} {{- if eq $config.containerRuntime "cri-o" }} {{- if $config.featureConfig.mountPodman }} - - name: USE_PODMAN_EXPORT + - name: CP_USE_PODMAN_EXPORT value: "both" {{- else }} - - name: USE_PODMAN_EXPORT + - name: CP_USE_PODMAN_EXPORT value: "false" {{- end }} {{- end }} diff --git a/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml b/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml index 0e2bbbfa..55c2a00e 100644 --- a/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml +++ b/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "inventory.agent.config" .) -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml b/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml index ef1e6a82..22461736 100755 --- a/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml +++ b/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml @@ -1,6 +1,8 @@ {{- $configs := fromYaml (include "runtime.daemon.config.multiple" .) -}} {{- range $_, $config := $configs -}} {{- $config = $config | fromYaml -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" $.Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: DaemonSet diff --git a/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml b/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml index 8fb782bc..15f09390 100644 --- a/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml +++ b/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "runtime.policy.config" .) }} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: Deployment diff --git a/repository/cloudguard-2.26.0-id.2.tgz b/repository/cloudguard-2.26.0-id.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..1ad51d2109fdab3565281fd741b01cc0e395162b GIT binary patch literal 26727 zcmW)nV|X5I6NY2kw$r$=*|@Ro#*Nu0Xl$E}*|@RYu(55M&whEo{k1=K_qcbDoqJ}^ z>l*SX1RRL}4uBDY*;H1I-CS0QN70*~+l)(#-9nxFo1Qv9&sQxi9wlviTT@31Zw*x^ zVOdLi2Z*yyJKxpjS%$VQ$9E(WI^pJqPx3b`hCUvT-X!{Rou{jIg6FI24}2Jia#f5$ zuwtvWv$v~L!N_t~%A?Jn=m)~2=z4o02>znLaY2s{1`4B5)Ct04%ck=Ot3MjY>9?&r zdOBHudD}eq_y;`twCe*W=Vy+OKAr0=z8~ig%`GhtVA!^}=r4|l48eQG>+mfp7i-9j z)1E(MehMs|2Cr7*-Mt@8vAEhzoi&rLuGub!>kV9Ic-5i*kh;Lp$u{aiz; zjvelSq%T9y&hKGMU;9I_vW2A!`F*L1yH|Y<9(%}d<(GM-pgar6S+yAVHcAh{J2mfneW)7gZ3vxd=w$vHWT?m=x`{at7-B!nyqD)`tq13m;6k-yJsSUQek zgj8Ec@ry)j{pFX1BJ5!O6pu+!Qx3h8(_j5v_B3$zl5i}098xbNUzeb}%SC`XL>1>S zpDc(MoJR<=)a5Y^Hp!O&3S#fSfvofK2cnNtaeq4K!|wwj!%|~pb|Y>NV+8Mi1Na4J zJb&8r-W`6r$Dy5iayvF|LK*1XYUu_1Qh2GB>HDPe89X&T=SeBq*w6SrYw>vYeWh#* zST}0P+5y_vs~!7+G}R4rtnVxgUd*svQ54c!3k7J*+6#gcnZDb!p6|wA<4>t2lnz8g znRL3qo-IC3zQ^}~N4qYdz?diMxe?$h%P`C1OwJY?qGfR%!?b7`4jsl?C^7#_q&_>r z9FiPM29gZXArf>`ayunjJ(ag=(BvWn6Ad$Pidga&!a>uTlrMK5jt43RFo;etnV*akIke7YBbP7)-gha)ZMQF5rrYMIX@@vvIX$x! z5D)#r_f|09_SUEc?bS|eFeM;QQK0v(5urS>!zdRE{$39eL-l1T&t*A}@FA7J5X9j^ zOd{lW2aM|WAS5xe5Alvf^E~?~VZ>C$D!-An;_Pbyu|z!`@zkcdHwn`sYUVk-7uwh` zGE45)IlD391Eml&2z(nXUE(}{T$f-$9L7)Rtc&j)bxJO>Gycc1? z$SXZ0lp|09FA~dbviRqXK?6G8BE{{kALSrH>?$ltqzfKE95V} zPX7I-qXp~0E^QG#AQOA7+C#mC?RUB~qU_krbKjYybAIDg?IZT&EJ$WK?YlnxPdTe(bBdE?bN{B*aWA2+J zRVoSa&D3;ex07Lj8z!@-1=T33C~F6_v^1{u3^Pn~{t>HfZm&Tr7~;%R&Dp)&0y>9m}=Dh3UdVj2e8Mu%*k`mF`yzJ!fna zKn?R_`kSf-k37dtf1XtQZH@a~8c)CZfT9D*;2BXg%*YbNDNM}FdjtXJF7W>D`MPO! zH)SWe)tEp)hpK*k>^s~Li0Mx)DrcTfU@eE?-&vY-X=BVT&s|?Q79s$*Wvl3dLi5v2 zlJZ+69G0>31FekzkNOY}Z?$0=2js-`puBV~?_fNd);*%_d?{N1o?Ye>qt!%NVwZ)x z?bl#$y~wFXyzZ(_q6&7Su}Gaq6+BEiP8oZ#BOQYW9S8TZ`3FR@NIJZimA*!Y?Q-;t zIxL0ye0bb(&Rfm>S)owLJv9@=>XDpLmXF<$1jG4OIOdKfvn6&OgZn;glbk611w_l1BHi7<=v05FCS5AG@Rags~wWzYC7Q9uS- z2u0|peZh$UiXw)1R+~@+9B1G8P`@Xlt_183^--G%LNzgK$ByZA0_rlw<$If65DtOr zWwe)ZM;+t>W9G&UuE6~>+T2rK2k4xY9`{Hg3<6&Dw$vm%nJc6myt(CC)#ecD&r@*v z)x>uGX$fzDfRliH_4OJhb9?$54Yp_T7V*(*yduXow>c)MNX!f&Rq9a5#?B@3%TTvV zN(WLHThFz9&79N3zpxW!JxEJ0qM9Z(gS(1|1NHQyoi>7;9ldA1`6}a|I$a!}j4njJ z|JG4qExP;Mnl;g}TR+h^Ej=gyEp)kpageT5f^Q{*SGPSoAxtp=H~dyS&x9Pas{_v> zm?NM9at5dH<~w(9=%g%?PqH^ts;Bb4#wG5YK(-tQeon%JK16)aYAHD*l^i0;>V+b@ zFO0br91bRJ_?$KQAHSSK!4StxX>cw1!EOQt4%#7190~q@U8+S)`meJ+)B-($u-_1EufGy@BMNqDGBuW+EK}6& zseMS8aEZ5&2{46l&s&hM!mv&h8JtgAdWZvpB8~f4_bD#aa1iIx&59XErcwNeP5hyb zzuIU`_tKb_UPs0}CtxbDs>7O=Flwdr(V0s0uu^e=7Qvsg<=>OunpbptQ`R_p0+irv zwcn;hS*~w{oDGlVDM<*Zg*$X29I-z)Bh72^)`>!B!a7#50tq@nN`8lbY)qQ{CF8KJV)#Gy&D8&Ic)q2D;~z`TeSEW;9o z&||qDEZw+kYa`kq`NM9*O}tRJAVsnZu8R^H z=CM$57C({PuBph+C1r((e;L6#i*pS`Sa`k$&%ZWAB@M(6538;)T!K0T+QDAnZ8N~x zS(tAfMSO&t(j!2ono5=zb^iPl++%d#}DP9$#}_R zt!{p$>uietBsUC`YA9>9?mC^Ualq~C`g>l9q8nQo*hlSkA!!9t*cMUJfM}Obr8+hxST}-9}zUFIz7k5 z8j}*kN_iJ)e|udQ!>oc^KkLq*5TLhsr=ng~xH3M#SbVfE^8(EgmO?K5=SoD5xyUnO zZKn9>7!p(#d_|%y>Fev%!c3tv_L(w2eW#MmtUwaa05R@UGtvB*H)4qOfM1s5p1gN+x2URgBo6Enzx}e5Zh|Iw`22T$kyhXub_T z!HGn38J2Gi#IK~0-}*dd8_I?*KZ|n)e!gCAOV_8)hXYFK!P37=mm&KjqOwq%lA&}M z*e#}>yFD4uQ@!-DN$ya=U%$R7xb{Z0H1#?#%IdeqHy;EvvQTdOWjEVN*5~&E#}T0F zHP*31xd2Q;3JEvt)60#^jjf%XvqJRP4*eqmIncr-gH9KQUgV=#fE1{5M2u?81D|rwk<8Mu7G zYFXzn#+PRH&yMZNQk%F`g)B(z3=ss2;Wg6mJI0>NNjcFtJuzoA7u#* zcaoQu$bXNATVWBajeC{83bd``f*hBCHD*l!(BV`QLLG0vpy2SLL0T0laGH1e3`xFEWMn)H^OG?fhfG|p9 zVj8Oqrp)f8kyc{tk)vD=-LR#FUIg1r_fXU+$!_b`q0i(jaR?0Hd3Kf$u-hmVDa)^L z2ayMr6R=}Z?DiBAfe;yL3ywp)!8yufX161KZE?<6-dG5yz4F$-$ppnQK4WlLLHJ(e zVs=5F5nlw5w6@n){VxB6XOd%-LU*!-I-bpRX^EJ=lLy4ag96?&*drC8$CRHc8yMJS zW;zE3!&m163|;wf>JaQFndBUMTo4TW^^thiUW$7Mr?^xEoO%#D#Czf;Eq*2yAI#Nb z6r&x^`}q_zF6A($q)`&DDaDsod|%k^iRZ66X6A#}p3k=DDK(oslOaExaUYTSby7FT zvRU-&pDv>0%ze}yR`kiwV8fvTsxZlK1B@^g1gInXOk~ZtU;Cfvt^&W0&kw8r{*1#J3IB*Eg{!tOb3|G{afZe7!`^{ZLgAjH# zvS7Y_oZLXINb@T9=dJwferpF_6M|V*;$((ITv58Iz#I-4nyG7vt+LI_sl+vkk}hT2 zDcP9FT(r)R%xo{6!uRWVn&qEWd22ggSOzrja!M$lYY9ocGSDuZc@l)atcZ%LMNuwm zmHoCkw1hpE8s3bXPxNj#TuT3PIk9?7N@FI1XCn=BLd*fL*c%4ffA9pS=_$@307(Ux z=kgx+$28UnH$4i$_!1@CFevwVVGZi^Dz@3F ztMoj#b$*ro4jruzcSGbhgUcN(!viSW{2*s1Yag-sMhdmnwAD;v>V1~gKc6IwR(Ap9 z`)8THnN|;|5e7a6!sT)yr8r#awy;-2y^}4ci#Z1% z3ba?jR1kKvD5_vSUD2?UO&u+XKl*bzHit-#!Kl-ncS=t<;(s1!HJ3BLnO2GA&F<^2 zgTE}(De^NbZeNyRL71(CUss80?TcZ3>teyEg{O%M4JrN6qmnh@mwfFuS4La{Tag= zWQEixc_CsDtg{saaa6a46y9N>`UnX!%nd?h=9@1Ax@PG#a{lS$T!8bw*zX>tZ|cA4 zmg+F#Q<3v1ke5dq;?W>q6)QU1Tuh!|A|zphyAS1^PeHOpAN^+hFXW%Qh`$pqca}Az zCM;BOA+^S|R}}*TNDB1f;Xgy}DRa7twD)0uJz^{5`p&{0*t`@dzUgV*WBP3gN*LB4 z<_oP0nN=Bj>>QcVGXl8GPEW(climQ9{t6EfB#yuQ{Y|<=bqX%K^K zM?kN`)qpn>Dl}!>jhPrPgFjg@0znBF%bbBp$w1>#i{dhRqdrp8XnpGs=)PwdQ@ouz z%$iX6o`~)9!@5h^hPsv8g*c~lJ3Dr-$w*B}Qv4g=Op8lkz)!mTv~+9|nV-aD;+#8* zuKZuGbuCD*+OS~#^N{8z!Z(Te>7xg|@S3X5lv@#S{MCh*QcpuEJ)vn0}wFbdKj}a7*TWOKDDxT!cpau=ty!k5I!5XcMY86j2Swi zt}fd;7tw#7C<5tQuo9^1e(-*;LQJPR3KaZA8x_{tbvByqVER`h{qT#_g2HXsU%67J zNdXtZkaSDO#(_PBItDis4DT&x%FjO~J%_&U1jWPTmcoB&aZx6TbbzdrX0@egC_vua zOF!V_O)F_#x)#qoeCn&QmXDa=rW;&{$w1kMw@e*ZXyu=K_8ZEEDXXFhT1p;bt_nW+ zDd7*XAV6~^VE0jp9FI|yM45l`H-&MrldCK6z-7cYL>npV@iv$A=L!5Ajf2TD_rxx@ za+^K97b8br<^N@|5ISqXStBO2JTE&R*UFJ=cEw*YoNfCUt}~;RRjB94y<92=#puu_ zf5BCti#KS^T}fRTbk3lOa_d`IApKMFW2DYrLp%KIZ+|VT-?3+rO2}5&FkhCG!8K2C zD~+xxxwIcvjtMu2x+o$&p@4?*E*M?ShavC6x~8VK__-!eJ{ybV9lm^|`_m zVBIXH-N`82gQY~^y6(()YZN-MwAX`KrlJVQcas$jN8>1Fb}#FWXoaFZhBm5D)rak7ev76~=@-rzZ9O-I2L>TPq^FHqix1 zB#$J#Fs9R?m$^1Z+;U>vGgFKj(&QKqK*>xVc+8>mIQ7|i+fi( z(@51f3Aab}+)y=g7YUB|nlRISjlHJSAPM)=Px5vd?59IvO_9}v$9K3gBt!WiMnS?Z z-MFr}SbN_3(iZPjx95y4S15}~g@hpS_c`NAe+8m#rK=Srgb0$;{()SkM*qnf`AU*S z#HqrOZu$(#J3*#56p2oqC~r)O-VrKPo}L$iI;c5RQkfx$k2b!GbNzS&t=2VEQF9}% zAI+spb`M$BpC#@xY4dB+1)McWNFel9T7XKlTsYNTP-9m^j8866$$NA?G5v%;TDM=Ts^^=qadXV2rj}+o}9D+r< za}LinmH!+uRER}eOOn4p)1$|YCl{xq${o~*d4m#!!)k(U!fb{U#!WFAjk;w5qlJ}3 zyLS$19?G+147NKPlZeM*hZ`veq%2xc)@si>{C5@Sc{2LN{UKKrh%pNR+HZ z;3jR?qYmIA9n2IgOK~oYS;SVlztN_?j8S_x;2zI9DP4*|kY+1w0p6hX%H7|dU1210 zQcLi!7_B0>vs;2zF-c~Aj2hjxV(0NlC$GJA&lu8>Dr9CfvTQ>=N@}bFzZ;s;{sQey z^XvYrdw`+LbCrQg)H@TE8T&^yG$289u2=Ba^jUC>eO_OmCM=STIH>C*KyF~@xjwS| ztai2gu9pWnNjMGz{t4eb#%K}5l3fTHXZCrSuXW-cVL@fh%uM00Szgq@Cn4#TlKRrh zAYA!p%0l2DPkeTfTJ5j(?%cSbmysR5I7^9`*54YreXQo!u%JCs&Q6=E;Uz)e{v(v(YWy5o z=U)h!a6{eqpBRx|E+;ZMW&6;hKPy-A(Dgn?9?vkN?1Ms|YdgUyuJcqa(Aw3&y5kCX zb@kkl`xHb-`<+Q{-Ggu2fqzp*#wkkU^Kn<|ulRXcJV)tXcS2l6mg+Av1Ah&a6p`+^ z$icYzTH$RY*@wT%rGi@L8WEBlHu80ECQvhrNwD&K@$lK27C}c`mob;q&Oz5oeHD6R z_)H7HgNLVJ6Zp}ieFE&nSnT{>sq08z!at5irKURbJCSI1wKb1==UF;PDRaY|Y&May zJBN4c|tfwo#&{S!NS#gZXBq! zd*)e0Sv%cm7AP*$H*9WkRaY%>h{UEY@DUF72aWij8)=<7B)D4EZxBa{e7Nzy++HvL53P{btpB=)&0h3q*ERp-%0s2HRp+#{Vu)C zgBVz9@*&C;;E*b%E2{{O+2Or7P~_HwqI1l|vLQ6dvdb!H4#KC5^Y!7^HD|hjzu#+rq3G@yO)JK0H#kcj3QHrZbc!VMd|x1%{IHcd_b;Y$a&9<9Yr*cO^fuQ=!~ zjcVSX_%w{8F`;+DPE}GJR@v)goDJEaX+p1`8{~cN*Kk&nOFtoBfusZP2gPuKONZ`{ zXghC-0XAL68lFLa=^;1dGJREpAlhZuLAWlviAF6{r4~wOEOTFo5IkYOTN-$&{WA8^ zf#U`?`di_zT$4GjTSwa&af?}jIHlOQ3!r6nRqht3uFg4lvu50{dje*ij1V3-ym{IF zc9NvV6 z?Rnf}r(QCl^#n~#Ohxds^s=htjusJI=?#ws`sVSY>=;u@gU$lsdf1I7=h;f^nz48` z)XDnR`|==#=hK~Fjnau1UgX7ub<#BPU5YIEr%=Qdo^(E(EkSew)5=iURAgby!-=Qa z15GoHzT>&R981i!3@&TYTL}w8Qc6y1F*lu+Ej0dJ#M5A-l{}nPQ#{*Ld7XYk)gr-Ji&E0WZ?`{nRL{m*u;&q_%KevzDb!|12G zQ{@FA<%aH%^OVs|C_{_ibE_~a zt$&xXnpT+J)j%51qn$eo-i(%YpH&WaWwl0+`s479QSjlY=BpV|iOoW~5^$-1mj z^$8FEyzhM!6kKKTFXFZitEWu;>MjwXK2|&;D2i$nIxtRe9{W(Cqv|U2iY34PZoI-} z!ZXbC+YD%#_stRkmN!<a&U z$p~?P?Yb;vydiMgg>El9krT@(>!Qn(a3ZlqtL^bs42>nd01d``Cg378v8j;lE#Dn{ zEoSVv4DMWCKVQd#pk`8<<<4S;#yzn%@Wi!BC$zL7Li0|7uuV}geD03l4P(+g1g-iW zKV2GmRz?82^13I_c{rOpHkA*mTgX`F1*c!E?DVQm!`D(XyM6Y)p%u-GJ(5p(PHEy6 z6T{cys94a5YK;Z$?7E^En>A#K@vNv!;*RIuNG4#oxELYer)108G_@*Q`$n$mSfCz{ zQGu8}Q)O=UQoNslwOH~BjThkD>J4c2%zOhWFjk%dj}q%5xpVIlw~R9u$3f<5!_52p ze4M}v_zr4mS-b))ldX3EJv>NpZMMk%u+YY*zx3{9vytc_FBBrr zrt#633M2@Fx%jtysAmkW6|>{yoPcW$pu#yZ2v@NHT&%i*r_LRd00;hk%tv6lfjK?k z&nf%mKnk5k(UW`?XDa52I$OAFRX&eq9eDnET(TZCKLVso01fkYlR&E4%`K>$dL!j8 z7?)^7OYkv`{26Y3^zGj7*4XJ?l;))&^!?D`035cV)uQ`h;y{*Fi1GSV<0e2}2sK#%~?|4o>y8Hp2=uK7(`%AB7fU^1?qzC<_^RQqD zBf-ffKmYXZ)jjYw64y)t_%UET25{wSHo#gc6#EV^)&o4(#!7G6>bY%myTHeC$}oYt zv}<6^;R4WA_Wlgslmd119K{9QJH^Zoeu=t#zE}IG*xDF@xDBJ)#Q_jYu|_TEi$Qzj zsAA3X-OZF?5qv>856EBU_cQiCdYiqq)A4$TXNL(|U6DKqQ297_8=;=hUsBRYJV|CA zb~L^qa=xGfby7Y77_^uQ3o~gdS-q2^!(5>6{%gF_D*B&0L*|s%?w0oQ4=0ITX#}7r z?|t>6y^}Zo5I%{xGd>dNc;rLzriIrg_rpl5chsZYp6Zdud%s9^g#BSEPNR05P{xX) z7oUA?RXjK4uL!w{R3Rm^{WbmP%Ju9Kw7f-~B-!Iirq(ym-i{!C+_x`AFK<0poATi9 z_Ow=@seS(FBizP((NUwuO_rY^apf=te+zNNuBqZAbCBK|q%$c1py69Q_9w39-Kk&f4() z&NWAyH0#qLxp&+&XU;F%YCva0c<^QO_}tNY0Z=yo2nsnnt0uyLnqPyqF;`eHwY9wN zC0M;*$4AH;X;Wt?as^Ay?y2EZB6{1a8eIqMlu$kWYaU;UL(=vi^i74zx7#MM6T4SKePwG%KF z__gEERu0x|=2r?gtK}Yl4{T<6J7WcPc5H|W@e6SC?33dMk2l2O!$X4~kGJGIVL**8 z7l_P}*_HUj@bc9C^(vo?&&mHm?CsW13r^nEhWKEsV7jzOT)Qw`uwAsA&GkOtzwR~| z*ThYUT*>|C5^ED7Hz3I&wSC85WWh6vA&P86-ZSr;#Qgp{=kt$Aa@#*tkDa(mt+PF^ zghUw%kWMYD*N=#7z>r?YY;h_W_1u zq*$TxVU5ZHS3R0eq$j4iEnrCFE_5i@d@B2GC2Pu)&rYn&=gDrWzllC+zA#!e6XTY3 zB>AtGA`4wR6f=}ao~PFlVK@7@H^-;5}&5+gxt<27Vp750{9`|{qol35XwbYabqlx<-BN}|`y)^1nRws2Yh9i;PrkT(E|6ua?$cQ0# z1y{haL_|&sFt{1S$6DGR^CCv&I)Ev}NU%@<^FHA5@wwJJhX7ATT2KL<)H}}0P+vh8 zZvE1ygh6>tFPsGX)V7-wcA8A;m?$ZROgvNnt76)CY9_oXnT05fJJ{lb7tq)%`RxVh zi2DU_8QUEI;X20>L7KoCFGNCAf}4#HbTA*-xZ$e)hz^RIglq~q;ONYq&Gz?5ji=$= zkrBY-^=9y5RB6`GmeN|nXmyE{eStvIO3i2H9gVQML1>P5IU2|qGRg^cq?NsR#lGJ` z8;W}ooqOpcguF|O|2Mn;Om&scwXcxE=U~4l&I)UtJ$L_n6 zCV|xt(Dadui-o*+Ir5-;?3CqTQA1kPvv69e|5N+3I()1Si|SG(Qd8RRp@vYgAVb1` zJ6|`io+HI);#NUa&?fAuu=E+>D3rB;$?+hJy1>4^t4>_kn}UK9FUIoan1Erw)IXR2 zUdSzDR|r0c+P>ciVUUr%|8IpptaJt+?h1c_TJ3~#I3|$LVi5!ngAsV zXwUE~r5$;wP~}OcLO{;6%|OYS2ASMejOwR#$YeEL?u!aXEV-3 zanxH2SREPB6-we{+}-{lMk)hg_3%M>jrv>xvjS{uTYK4d=cQ*D;>Ci@h}uA~5{G(e zY|JNFx31ityHP^Fm~HzdUrUk1a7)ZmxP}j#6qPb6t0BMm_3Vg#`}Jv?jx@QA=&3@| zpbgUi9!DkVsk-G~ky2c z(+b3%qC9#;`lfhk&!8GdgAivWztEt{X;nbjnmR>R23Rp^{_EC+oP;TX8WHjGSB^Arr)0b39>W}SJd@qmie~dx)s};+OZ$K zlNPxbr7v&lOuGZjds zcgXNiW$w1cGi9oj{(iE~71t~K#qD0{B}@KU#8SQE&!lF-cidg0svmN9Xrxq%g$){# zuq)bfk|7m3-jcMDI&$X4db(}BmftL!-0BmRHIEebcXi71Qa&3<>W<8}OM}oFDVe zQdt{oPg5IZ5=g2X7=_yqWF6y#Gvum-6#O-g+oxP+!%b1D(I)Zd8+SF_QI%Dx_|)PF zl6C9!313*I3h8#b1IJV|fn}eM3DpRWD$WY$_-ZBLsk69^b@2- z2rxCdui** z9=FEsA{M_fGgsFMp;1me4Ip=u;G49Vifj;h)rVFUn0dD5*BW^`6?p=LgAJTw-_S1 z)~*EN)9eaUQ;`(&{grYt>nAyIS~yj8f*u>NTk+Xf(^#{3jrmC=;|JTB(HJe>203EA zGgyXR663JZ1iMHD2JgX!{r-7@bPF?l2$O-+Wsk7{d6YnvZWH?CEheDg09Lad0vIWTvBY#cEi@O~1U#z2; zC~=PR2q^4>L=%F`?C?`E5;^a0{m0|Kz^2E@#hijIO?RqJV#Z+5^0m%0kVB#PsVuML z8zFy+7Il^ZmSQ!Gx9a?w8y(&aL7*cYbB?ThqT{{U)%MZN$_~2TiJ_od>+S@06tH9Bh!s&JTvD4G7rOeeVd0ae=KDGOJzQV) z55GtC+lf3`m+qT52uTAR-`E>D4&h(g8fOsTSfORaT$B1pvW<=XggONTMl;l6v@Il3 z576v0>A#DkC6cqjFCJQl(Z7~11_L4=b?aC`52Y10HE-!?b^uHkhy2b+lwhKrW9qL) zqf6pR1;QnW^{Z1%Hv^Nmi}wp@coKi-FTZ(H5nN%>Xaen_1bPGQTvboKP+~A6rXV8W z4lRK0S~m2DueEW?527eFY;oYJt(QH+$txQ-)tT3Nj_8FAoJ}eW6{)9Lu3i=zG;MV0 zvR?-A%|}#jhOHFk2H$S?mDLQrYCek}Kj0}q{N@w%vtbH=oe0PE68d!9SD0R9a-`Pz z-tEloU-6W8apBrdEX*U09Q3aB0Wm2^L7Js0y2m9^kx7eNm198& zS^6ul#y3(`{QV3~8wD&J41sTU_&a=}ngGTzO6ONN5!{8gXPN+=1fA zaB!MvF4%&f$G^w1De_=97t-c1cH{DZ1&ErBcpuGL=x&ZyBZaUsZLqzQkJoIa$+$Vl zmHrOP5BLeS)Z}TOoB?Eb@2dUahLlNQ?wtGCI8~j@99aCI6>~>%KL0I^+q0^7wSW{-D6X)K^b3bEIugFdkIHQE@#82|JkCNI ztF7biU$)5kyg&bD?)@^uJbRA_( zy1(%?7F^2yd!~}aZq|TqDU+GYPydx=65dE3f>2qbNmUMIlVo$SQIZvBbsf^0qQo3i zH-oQT`?nHcaY1(82ZMOef!5A-yR(l>IaLPu3qD?*$X_BO9E}q99G3hm5mG821jvsd z40-|2W|telv*rKduE__@L+dflGIl!p(=J8^9=^XfEWEv--kZ_ZiIIst{H@E%fWA6{ zVwe8m2tlLq6U;(?C4Q`lF}Tj1hSYpqh>i;}`#Q1j`*gy>w){`~PqA%p@+r2gdy-Z< zP~}Qftpmq?@27VFeoip^n9vx~lSd%bH#ls@i;fX0orp^dKK=C%{ew`9pLzyYzLSva zZoDhb@Szx~|tB`Yt8QjI+01n2{2=aCv2qoIiykr=-F`2XfK6Ws{fnpJG~B!6t|c;@jtQK|N) zZL3&vyV$I(r>y#Lu;`=o7VZnMuv*>t4zlws{ZGSAEdpxA4mOLA-=AxOOdmF*trG(< z>0js9Z7ed4<1Zh6m2AgJTi!>_Hl%Tt$gQo4G|xW;;Sz0q(GDQ;@qadN`^~DY0G{&S z{aUXv3RG`stpIkFA6^E1dGAlp0O!TkH`Yt<>3!k=yJ~j^Qeafj11eqLx-&7UjAy>jM$)y}$vgh{qoqSs$pfnsxxkq{?|(&L-4p12 z+#vUyHErKu=VlFCzMeM&};nh|6QDiKQ%%KfKcW4WSju{~Usbvh(d+LNU5B9EAtNW@{(5 zH_&dX@DpMFn7k{Ltfb0WlO?`B8oTcREo#rAzD}N*ucB${WWMidv=HYVraI}IYx*z` z{~xqO;Y)@?=%GX-a26tpmWkbWo?$9OXGeizns^fV&i;J~MTfOWW6yHRlGc>x0@#7T zv%oXeFJx@Ru;q+Bs=-BmJ>n$($^T)sDf}!#Z#!PWiF9Dlu z;rCJ@@G+O&_0carwb36ijfFL&u1yScz*)5UbiHXadI$s#XEUDY45S_=Q3+qFAA>q` zE<9v_RolA{I&KTD4e!;+C6B5HEKItv;p?r`2Vj!7zm4>xCxlOXxHNTz^OcuR-yvF! zV9_ss@&pz_?RBWHs7yHa*V_FU#1SI|lh~EZX6*e74}K5{;IXyt^)zW0 zN3yr_xzAu^KqS0`W_H!`|1Ogg8VY|_5+{;B@iuG&u5x;>Z_6B@<~E{d7X@zMP_)1o z9#PHit?m|h^!RUl)vj`J52P#az5OPtlpRCzWVJ6AiZgpdVJM!4Oy;V*Cn(pp8SPiL z2k_ijp{oPT&;OCBunUh5O~Yku`~aZ*&SMYgTfSn#7X9&mGBCdh8_D8s1663;fQj#bdxQTJcexRp?32ydhd?H-=Vx|fo`lg?`4@igUS=4QGI~7?Jh<_ zl`&u+S2YKCD-{mu`?VE1mATqH!{Ty^9E1ekTwhf<1y)z}1wVuoner)MejSKv2f`zn zu+mbkqZE;&85`+hOV64i6DV46DvVYK|e<*F0wv&C6WvED&ad1e^~ritDt8qie3VHGrU^V`>{X>+S0}`Jf~bvH`n23z)k)V_N0Y!?NjehC+yPf67EC; zKwI~l^UtEqkF$p#FA)PQs*TOwbvvEpUUlgA-S3g#L^=yEhK=27yLo%=n7_MRkPx_L z)E*cB$d-`hvw+X4;PJb0?SEQOaYw*CaBczljC2w4UJ`w1EMDFZ?6ORmiRACUfqX05 zvt~Y8I^d&X^|3S3hB(T))4>X_ir>1wFJV=ux;plsK_`0rYfqi`s=U0oQe2Nr=0fk7 zha2n}fi#;b6--*o&AoOHyK-uoZ7h0FT>t!z=10uwHi}?jBQ*Z(VYmD^W82b_IsHhP zVTMJ2PfC?KdCV;M4?d7S-)Coi)Q>&yAc!hIXc-pWhvoU@^M(sUgqW=YnCwAB( z!3g0PGMVuC7ffzk45O^t8XZR}ne@3fC7aF_zS#(RrpmT54Y$u>C}veAgWMNl~g zd@k2`M>%Vc>uhrA;6-S2Q6Z34Vk68^9rh>giUJ;b)mX&ABRX>Kqs6aoT9$cU`0{q0 zA%SGpfv)d(sK0IY_L7zL+m(+-rqyLc)i$6R(4ga$V}+TSQzqi^n3<{3}icLj>08jM~n4BbrH-K3zgQ zh!l}2B3wIB+%dM&%X-S%EI=Akr3rhPxRG0jY9_v}cRe?CY-B;A-_V^v^wF;BF1apS zbn=0hW~X6jS7(>soGos)E zzrQ}eID41(t&v7(p_LOh`2OJR@_PT{)!Fq=gNxI_@%4{`{lmes z3lVk>*`yCTT>I(pI(ozEvV#X6ve9h~rZV@wCZB`n$`64lsX>24r@tKi$imdZ zQy;R-7EWL^zCosibFqrv!!S=D9&AajTBr7me=&b-z3~mHJ;zzAN+7*#%^enAK4=)c*wl+V(J@ zZ7QT;0W7}xAc5E6H5IVyVL-1FA7xgRm9Znd0w>V%;uonMrA9N6TT4AkokGXc$@EdT z2V(1{4IT-+wiX^IAGU4n4>9<0a7xGW=@53{oqH|6ySDKZ{l^p;T5AyF!$>ff@GA7d z#Lgp}p5y(~4_STh!2EdizWsexrG2-5eKj~9oD8lme!afj|9NnIb$0#!=s0gz(aYJ3 zyxSKmcK_&faB+R{@sw-9*-y2Z%-ERn6zzBW*B>tj*N0~(ga2?<`Ek=T zt+*Oos_uWhIL-whudeve>*K}oHJ7Bh>npzzHD}lR$AgQj>yH;lb2a8eHqjeXhb!V@ zwhnX=VKtjSzc_n;bbNIB;c-!jB4sPk;Inyj@Zh!u4Mh`Ov+FT6JyO>r1VTs|M9$9+ zua6GXZM`RWniR?+cuk%BXP!&36CPEVfnz^NL#|=gQ0j5Vq!#o${GayFADOsxBb{a{ zr-Q5aN5@x#i|haTIQUq~=W;Fss9{krX!~ODUmuSy28Y-0j`t4-dDe@|cl(>~J{Va^ z{dBwU=h@yaZpvMFJ73oztPW7t>(6)nW1b`u>h8reU%O&6EP=pH>2N{fl?>!iuSnvR zj8RoLfnO)XR9$q7+&-Wc2Jksm_RC){uP+AD0G9J=|M2AKH0Sy0QEv6~tBd{2i}z>0 zoF+tnRD1v6;41a}ba0j1D1Uyj|4VkR7hBdKyI%pX#ChXrsws6`mzOV#==YL2A2Mfp~3edHL~n_{7fb zYy7%w@cF>UHMO5L=b>E&&B3MyF!Wuz-7*=ZI&4Mi!bL;X9_5>6pJM1M$62@$Ef zTxkdAb!u~vB^biX3G!(zYsW^zV4Ocwxg=_>!PKv$cRWrSzFgReKUN=VSDb^VwY68;IVb9d_Jp^{97azNDaV)k<02DnNppqv z+6>*4DPL&nv)Q3T`rvbJ^{gUQ^+if^Dyg2UOjUu;Dn>b9ETrX>={V_m$Tm=>up~(2 zRu~LsRMV0Ql%*Ux$=^h#39v4-N=2%I+A~^JhV*hDETjrmDMH1lCQTLzjmS)!t?G?e znQl`uWb^1#;1#$!J3Iq6f-bmo*aToUK?ICkc#8=Iu5*KczNdfCfTwh#VvVQ<`zutB zN(MAXHL5{+g?duCf>Xg$%e9?C=9+P8C}~D>ZYc9$D1ngmWGHf1C;<|?EtD%|B_K5A ztiA?Tsee_?J+`1*$Pi0at`f+x>Qy+$X|<~aT9FP`>IG6xnOP>3uc}pWpd7ueLTif! ztOk)ff1_h(>aaf8>UMu}a&@yu^x-J?;3(;H<)r4?N#s)QYZe;$98x$qLP5l7YA4o|Gl@jmx=%GZZ-LTmQt3T z|0{LIFJhv7>KEM(Ea|Ot+Z!SV!&tg=97VK9x0aU_8lH+xQ#{+kQ$G$VgRVbG$CQcd z%#bbfRf|+QG|y?m$M${<-&COE2)@+|;z|Z^B{ik!oix}fQ53y8IzNbQd5OrjxPG;= zryr4qz{F^uhc5=yg08Y-CTbx2Aa(keJjcr%_$7|>Qipij(OvSuE_qBBAI>d!B$sv^ zOrE*5Qpanp#IgDln6%R9#FLz)g`AV@;#rDmDO9F1fsd_(#jXw3q++xt|B$$zKwteG zs&4AfP}y9IDd9&|gGP(2u3@LHnWin2#dC32@f>EFlrc3qsyQ(8j58U7Y|eKnJ4;@( zF&Tw!4fB~;lC92dGO6mt+($`8LpzTtqhJPd3>0-Ip}^u$^?8|D;pv$`J{cAnsdG?I zS((#uDUY|$OSPS1Sk>|-Z`OpZAVfK@7T@lb1r0x>RuQ#GH36OjnxTp`-PT=e!@b>8%cqK2Ul~Kzw zhsH2q!i|n1MuCk+FmToEiTLI)VeHiL`XIaqU<&X1U~hMKd$$#%aDg!snJmPzh`SrR zbm=$=g!aAJT3BP*Xw$&=T{J}=gRaVh_PC7$@Cv-gWa!uc+P343B>;?>yqm$SMp62q zNpP>g)x@D{p8_DIT%iykJ!~TiAVDCYyqSI9-zQT{0D;0r&L+?UmjeOI%%6kL`5Ay8 zbN^Ro|G#kJM^!5G|8Dit`G0%6P5$qtlvU0D_H`tFoa368Y?{Y6iR6yJa2?8wO<>$X zW=%w%#~KEefBs3~1PsZmWL^cmL13f}eIlDoBEw`rQ3BCZ810|tnwm6cnBm~yLgK9+yI0Z&B%k0Wn|nAeRm%r zQMN*BB(4vi<%06Cjm)ry%xDjZH7SDqz|`AcOX8@C^j!}M{EibN8=(|xD~TVcL|&j?a`5-T5w4Cjn&_ znxy}FU8fqysjsipk^fKa|FyNVowomOHTQomrz}nWH~wD_^ZzpBy=cZ}>^1u!d_teW}a;m+k+xz1Q&nWt3Is|Be4wBe=Ftx(c9kLZub96DX+jeWDF6H z0)~N{ed&=g3>;UO`Fv>Iz%im`OWEvb;QN>`3g`s6E*QIbC|wO4Z@dWzav^hWk%)}d zo0reh=6k@X1vvt`~=3)`skg3dj) z^?xzgKRg+jQ~R;oC}00?_ulqW@t?h|y|>Nz-%`pe01hU|x&i0d@fbLW$N>o9Nn5Q~ zufUPV2(|-Z!D_Vx50K7X(lbz+?PdM=qV3@f{FVXzfrI{IeZrVe`<)JFBhXD*!a5tA z75N0;IyM4F-YxPNCNppXJvbKU8=K%9Q?6qqo*hl$7=e9C0|Gq@ZGxX2>WBlU*(SJ} z5Cj?T336R$j6{VnA4lx8xe4~|sYAteQwQ>15W%^?3HBU@iMS(OJI69xty9cUA9$EK z76NPn8K8I?-8&A4_!cET2}cMZk6_p3xC6%%l?RZxGq8UP9amPL@nIMfI8_(RSPa0# zd=cc!tHmYD9bp2doP*nlLC2*VrkKBTf<&X#VTiU`ACQL#bX#rkQ*^`#dS-9y-J4i~Alp7u$W7;?YZ$!%Az z63U?Kh9_eOe1)`HR~R_*h2|6~M4tQ;Q{-`($@Na5j)HY$j!p1sI%})PpEfr6aQ9oS zPoF*wA)T~d1Foy_*~b9dHi#Dx2$vRtcU&Y+f?+@r5h1N=d5KvNlW_Sc_~1W1$eq z-3zbN7RUAR476S=q?G@+aG1Napcn3Veqba(AYEh-pI)I1zId+#5g&?zl<^X*?FP?~1*ft=5}2oa4QD(-)&R!mf+&IL)gu zT8O>%TW@lg?0Ps{8?85a3v@lx`HfcVe}Ok|t{k6Zc*lk5iIuOq#0mbg|TvBv6I}xk0L(r5ne~rKtLn&F!@{}ih6gHE)_}U1r z%K9r^2fuMT>f!DV2od>WN`n1Ta1E~pO834i5xfiPvkMutA z+0a&l?GVmkZpGX{2By%L0^-&o*b}S&77|Bh;A*ulePlVK89>mQ03Q-KMSOsUv(S0w zlUxZmX!e7^>9@`3=O3RqWI?&Q2>xUOuB)JX$R}YlL%nlK>RU)SVap~ZHFNM0t`yu& z9BU%R$aVyCg@o&`m;gu!oY74%g*OOLK6VU)fJ(ZM{_ud#JO=MK#gr(V6D!U%%}S{^ z!o)%(?bK!kl;NpqK=`{k9Cj?LZQI5V2137^qfuu(ZciqL?9jf;5b=a=?9Mg;1i$W| z9E+X4($vK)IcmL0+K6aK8wm?~V2Hv!iOomGMIgm~#3FvQIU0qe$_ZQcMiXqm;y@r3 zj(JGlziA)+v9A5G!3FmTymzM1mHz)CH@fI-YUA|gjiiLs<4Abv?M<@~83vT2=1{Qp z;ho$)h1~2Ga%~`#5N+g*9S;E?+hB^OTn%xZsl&vl=I)1gCeYcOr8pp8vbHlCA;K43 z7K2UjCL@cc@LqK1()k;m4Bu!gQf+gFNW>OJ966_Bjt5TOncy7G0AyU77W+l1P%thB zxYnqGDY+1!at$YXhDQ=2O?6+acZbS32mc1U-7aryV2;hrctpjQ9EQLLk3b-J&~}&C z-b_+hD3s#CT-8;nTs7`==iUCxg1J3!H7ppoKh!$h=5@NobZ47_c5t1bdqR z1$U?ipifb6Q~b9j{=>Zu4QEkzj+W&(XZC!xy9|(c(oSqK!CgurvT-k;MF z-#mTdyfak0?2U!TKE2PaKMv`B936sH=!6cvRxd;}C>{am0d((BAv(0}i<%z6eWTQR znVzr9o9HPLdw~tX47IrxZzX2Dm#17(&C$P<-|0NG3N9nn{BDAT-~ajLc`O$+aV3p> zb_T*HVMmyEfe68NfyNGHWM&4$tqtIdlJrD?jbC?Nse)9ODi^nLT?0Ot# z*#Y9VjSh(N$Z9{$+wBfOH&pzSxXGpi)Ex-&M|9ai2i$Da4#?awP%(#b{c7&b2SkN< zs=&~>_%JxYQ$OH}XBbZlM$n2*W;i?(tjkS%z<1P+r*#MP%-(;5#t`^I2U1j|HZAqA z&yQEFOM(xVZ^&!c%VPcPwpJ zHOVAA$B}m6@Mu61M?DCibOS%{wbhOgY70Q0YT(S^xMs)GI5Rk&6Ynp8qR7NAj}PiK zU5I_w$GfOAG4_hYmB%+w-$q?IO1Um*5EdiyG|sv~vmD?TpxLogXbCH;XG!bwFmx73 z?^eHnPxDxE3UNl>ZEY&qkFBlRAtrR=V@!ECR5H#BF~ICNt1W$v&FV$8{U?Yr;wUc= zq2nK%f810D5gSFAKZvr6I^ba&U8=lmm4t$Aq{0aVjy@MZlsaR1f?PV_aR;R8@?gXn zc9HZas2ck((vt>{gl`~V@=^qbfdYXlG5-QS{r1NrP)nGtts2x9u&?UIyTQuwO+k3X z!LF~XltT6WKEAk z;Dn&$5twFxR3~YgMQkC@~J+~)mrc~Yro~_SF6Fb)!)LtJT{qBtCY1> z$wIsrHf0pxT&+^hp-L7)cm!3lr~}n1Wu+=vjle^+o5BTJsZv&}lGTWR!alExNgoXE z9m*=V4y8C(tCU$)vJ%M*geMs6YL)W&RLMe|E0u#XY}^1KXza!JVnWn@Jq&ZXkAOj6dv`za+QN553`%q4Yl`}5eOEpRRsJ*z5p zlndVqXoM1zIvSzE`K4-v3jG(Q5$1S$7AhxM|5LTad0K;L5za44i;c$lrE0ON120dD z4VlVvwAh6VqD43_M~i)23V%@wtn1KvM~5pUBn8fOjt*Dh&@dnSI!A{qBqIgRb&lay zNZtsX>m0+as=N^$sB;XrYVt;|&l<;YDyxt&qHtyUIk^_nGt? zOs&x`AbKtnz=Yvzk=qWHagA}%q@_a*<6bizS&Y&X-APCI*Yb?ZKYx4A5#g|^&fgw- z02kq0{}A-qPqHGMYai}Bm72maaq*bu9`2OlTtiP;rM-L_{ThnOv+F5ooLxLVMz^TU zH2MYnA|mCZ)#l>y7}+LRcf1ka1U4E5<3f3_aOPDPJy=fTTtm5fcHJtCa}DKcwREd= z2Wlu+tD#$Em`b&B_3S57X`E{)SC4xlRfbFrt?Aj7rVP&2g8SJ|nNm2H=y|KG-xXyl ztKmU2OK5l5G=Iff-UIc!49<^qCRvWa!}Pl>&N3T!iJtdF`dx&Hx|g-s3{`}4iJrGg z`dtzFC3@bo>vu&sm*`B-t}7McT%t3rmabIPffAi*HFTxI1zM~#J-Z#M2VznKnj7arxwFzzCqlna?yR2FiEu7-6?l}8sjUZi2o&R7 zC@WV_QflK|AS+i~Qbrvpl$9$gDPyKmBr8`>Qbsrz%E}d$l;wFqKdpkKEKI^(?SGj* z=g3KO{bXC=EZUWO;b-3pXK}7P^LQeqL}8MD(oqlR;=SS#N^WBM`cqNL4v!hfW=e+g!d@FGd#Pew6F{tBdD7x4*^2GXH zJ*He}|9JMJqC%XD?H`Y-)YT%$LW{-N_>j ze^DAwrR{$OHJ(b_|7saD3On#@0`8%RKe6n4h(V(e=OxL$$4C4HO3D}Iry#Be2($X@ zOH$yMbJL?{iuUY0ON>f`tM0mVXukzMeflJ>Xwl*KTmM5#`|02grhVW#UT`1XKv#?x z7N(#FG{HNcds^m_jd9T0O1;Xq>)*Vui4rFEr!E8gVo)Vf(#&;?(GP00x`gm zbU3(xAidY(n{XZXdGEqIMh`{ez)Nd_?7(%r@sYUSS3MrwBP-yj_2m^O`rut5GNtM{ z0Bw0o@!;MkNOU`XC12m5SwCk)TM2TD)%qhZ`9{)pzm=lTwj6<+$6}s9bR|>PHzu@* z%HiGw4wLuIOdyS>)$tf2Z6RDd=Cq>;Mjn;<7R4P$oRdI;0F{G?Y;jpuv_R!_>60ON z7IPBw;S)4MWZnsBgFEDmC#(;8;TUk>3NW7{ZODYYjA>sRuhO}TX3t1YpSTJ>J@Umf zSU86qe&G>iT$y1XyLdeNDF>Aarc9zECj86;gP$%p!C}la`TRteAE{g8l8aVk`S%IB z6^l=ZhY`V3Kmr+ii#_ljk}((3Vn+L||DU~UZEhOp!tZDQiZjW(GccQ^wv!alH|S-^ z&`XANGlg9STt`h!Q#;sBOWE1~zM~__mTWmqTW^69f9TY*BwLsBoQo7apbRO8eAc$? z*9W|zB8E-yG$~BsP%gW{QzrplB~caEog`MN(=52z5R~Qslm<%71A3lxybJGJ6na+) z(#-k%6ybJyJ*Va2RVKwjl$PhkvZ;Y@J>~r_#F^plr{$V7I{8ffRHNUGLOfO%nSJ?V z0ig@dc!C6l@Wl5LTpOTa5~RT;ecIx@JEBJ9@k`HW$Sd{WlWwI>ywu}x9A0azsPfxd zobbp?G8zVcG*u#KmA))!l5%c6smnP(6dt|&NruVA=df9g$1-~fcyQt+LGEm1uk8F~ z4Z;G^s3cbtTujL0dKKxmL_(mE1mEaE6km8V-qj8KOibSM;wcrW{Cimq+K42`t(GI9 zXpo?F##$O2m6&uP=MrKidk6M!UbN6#9SdpUQ1&WBuPAt$*wOGZLr^yI1Sy=NaOYrb zsZ&y>kCEUnmtOP46IB*FO&4tw0J9PVLM&tD@-Cb-H79SrE-3zdLBQ?zFSJzd!Vz%X z=lekcM%WxP)Zy6nvO28%W0k>QwRJOAXKhDIq zMF1JJGD_JGf_F<$Z2?XFj#bKDtS_ZAdO_3pdQ4+xdsxK;0(Qsl^sFU~-BO6}^Tx7& za}H(#4e!LC(9`Kz@cDdp5k~VbagtsxuD)J>YskEV?bW*|e3lmKC3P zKD%u;4I33a8Ri_0hRVhSq3$h!ob`!tIsi_Quan@&b9pU|SO>o$o)HjSNEU!XX_V(|;HnRcS z!XVsGYTdA!O-m0hi6LgjE`b8q1?ylzMnT~3e=HD#i#Pbu8mEpjMH9kqkW+_9k{w~5 zA;(Uy*Htq7|Mk()aP)Eb_VDv7F}*21#1sNI zQW;?8)SD7;I!?D^m#WUF>cmnCcw&773A~;(8p!mEjBZb{YFyRkxQCaI%-} zd`)A|OwEnrPbZRKJDYmK-@PR8=ZCDGt&DLvGvTF?hP}gWKAAg{W3w1DylPJu!GvZm zXJ$xlSVp_DY!Q}CU1!rMFOy>Er@Tc;PIHI6ND>%mSXp@eR*jpO*HQ^VNKi**Ze6Y*@CfdglSw-Ym&94Pro<7-&;ABA{gwh=jMywGt}RZ> z*w|7~SOyD)GoD3$LM6@uEn28{JyaDaTBeK2 z&(-BP{#?~pBB>39yVPS z`i^ZI3%h-LEt6&&^3Kx7hapKHhv@xUGIkFUTUK-}U#fh8LBQZv`mNbi&WOugEqTsL zrKk0icvOXR)l|8+JC6Hca=#Z%0nZGR>)t@)m`%RnQ1YlTf>~+> z5`HH;=q;T`aXO@N5KRblZTsf|8po`UyDI>VYc9G*nj+HtN7gk4ii+E`G7u{Mq_sXU z;@j@-YgH5v^-8y>42Qw;G5%rscHIG!#4Wenb(N{Id+4V%O>g;@G|L8V4~HQZJ9pYja5!HmA8^9BC| z7SOe^<8=CKbzC=URM^kmRh;~ux$N_T?L7)6)c4{fn{3eu ztz$_=`|*30U3i9FyW_U~d3*CwEvpo_PF8Qetg7L;GO&J>u#fiAI!D8gk~XikI3#xG z#m_hx-HM)cS6t$%D&KwlhU*XEp@PX