From c24ea7993dcd964249fc4cd928b3cf283367e858 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Tue, 16 Jun 2026 14:50:33 -0600 Subject: [PATCH 01/15] limit file permissions to owner-only read --- internal/pkg/profile/loader.go | 4 ++-- internal/pkg/profile/profile.go | 3 ++- internal/pkg/profile/profile_test.go | 20 ++++++++++++++++++++ 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/internal/pkg/profile/loader.go b/internal/pkg/profile/loader.go index bf9b466..211ffdf 100644 --- a/internal/pkg/profile/loader.go +++ b/internal/pkg/profile/loader.go @@ -80,7 +80,7 @@ func newLoader(dir string) (*Loader, error) { if err != nil { // If the directory doesn't exist, create it. if errors.Is(err, fs.ErrNotExist) { - if err := os.MkdirAll(path, 0766); err != nil { + if err := os.MkdirAll(path, 0700); err != nil { return nil, fmt.Errorf("failed to created %s config directory %q: %w", version.Name, path, err) } } else { @@ -94,7 +94,7 @@ func newLoader(dir string) (*Loader, error) { if err != nil { // If the directory doesn't exist, create it. if errors.Is(err, fs.ErrNotExist) { - if err := os.MkdirAll(profilesDir, 0766); err != nil { + if err := os.MkdirAll(profilesDir, 0700); err != nil { return nil, fmt.Errorf("failed to created %s profiles directory %q: %w", version.Name, profilesDir, err) } } else { diff --git a/internal/pkg/profile/profile.go b/internal/pkg/profile/profile.go index 3237cb3..f61f902 100644 --- a/internal/pkg/profile/profile.go +++ b/internal/pkg/profile/profile.go @@ -179,7 +179,8 @@ func (p *Profile) Write() error { path := fmt.Sprintf("%s/%s.hcl", p.dir, p.Name) f := hclwrite.NewEmptyFile() gohcl.EncodeIntoBody(p, f.Body()) - return os.WriteFile(path, f.Bytes(), 0o666) + + return os.WriteFile(path, f.Bytes(), os.FileMode(0o600)) } // String returns an HCL formatted string representation of the profile. diff --git a/internal/pkg/profile/profile_test.go b/internal/pkg/profile/profile_test.go index 599d8aa..03cf70b 100644 --- a/internal/pkg/profile/profile_test.go +++ b/internal/pkg/profile/profile_test.go @@ -5,7 +5,9 @@ package profile import ( "context" + "os" "path" + "path/filepath" "strings" "testing" "time" @@ -139,3 +141,21 @@ func TestProfile_HostCache(t *testing.T) { r.FileExists(path.Join(h.dir, "test.json")) } + +func TestProfile_WritePermissions(t *testing.T) { + t.Parallel() + r := require.New(t) + + p := &Profile{ + Name: "test", + dir: t.TempDir(), + } + err := p.Write() + r.NoError(err) + + path := filepath.Join(p.dir, "test.hcl") + + info, err := os.Stat(path) + r.NoError(err) + r.Equal(os.FileMode(0o600), info.Mode().Perm()) +} From 6b3ac71badd161c92c2e7df57729375566dabbce Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Tue, 16 Jun 2026 14:51:15 -0600 Subject: [PATCH 02/15] restrict api command to https & profile host --- internal/commands/api/api.go | 8 +++++++ internal/commands/api/api_test.go | 40 +++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/internal/commands/api/api.go b/internal/commands/api/api.go index 3af0ed9..be9b675 100644 --- a/internal/commands/api/api.go +++ b/internal/commands/api/api.go @@ -257,6 +257,14 @@ func NewCmdAPI(inv *cmd.Invocation) *cmd.Command { return fmt.Errorf("invalid input path/URL %q", path) } + if resolvedURL.Host != apiClient.BaseURL.Host { + return fmt.Errorf("invalid input path/URL %q: must be on the same host as the configured profile host %q", path, inv.Profile.GetHostname()) + } + + if resolvedURL.Scheme != "https" { + return fmt.Errorf("invalid input path/URL %q: must use https scheme", path) + } + opts.URL = resolvedURL opts.Client = apiClient opts.Quiet = inv.GetGlobalFlags().Quiet diff --git a/internal/commands/api/api_test.go b/internal/commands/api/api_test.go index 3ec1f02..4b59e31 100644 --- a/internal/commands/api/api_test.go +++ b/internal/commands/api/api_test.go @@ -20,8 +20,10 @@ import ( "github.com/stretchr/testify/require" "github.com/hashicorp/tfctl-cli/internal/pkg/client" + "github.com/hashicorp/tfctl-cli/internal/pkg/cmd" "github.com/hashicorp/tfctl-cli/internal/pkg/format" "github.com/hashicorp/tfctl-cli/internal/pkg/iostreams" + "github.com/hashicorp/tfctl-cli/internal/pkg/profile" ) func TestRunAPI_DefaultGet(t *testing.T) { @@ -307,6 +309,44 @@ func TestRunAPI_InlineQueryParamsSparseFieldsets(t *testing.T) { require.Equal(t, "name", req.Query.Get("fields[workspaces]")) } +func TestNewCmdAPI_HostmismatchReturnsError(t *testing.T) { + t.Parallel() + + io := iostreams.Test() + inv := &cmd.Invocation{ + IO: io, + Output: format.New(io), + ShutdownCtx: context.Background(), + Profile: &profile.Profile{ + Name: "test", + Hostname: "example.com", + Token: "test-token", + }, + } + cmd := NewCmdAPI(inv) + err := cmd.RunF(cmd, []string{"https://malicious.com/api/v2/things"}) + require.ErrorContains(t, err, "must be on the same host as the configured profile host \"example.com\"") +} + +func TestNewCmdAPI_NonHTTPSReturnsError(t *testing.T) { + t.Parallel() + + io := iostreams.Test() + inv := &cmd.Invocation{ + IO: io, + Output: format.New(io), + ShutdownCtx: context.Background(), + Profile: &profile.Profile{ + Name: "test", + Hostname: "example.com", + Token: "test-token", + }, + } + cmd := NewCmdAPI(inv) + err := cmd.RunF(cmd, []string{"http://example.com/api/v2/things"}) + require.ErrorContains(t, err, "must use https scheme") +} + func TestRunAPI_InlineQueryParamsMergedWithFlags(t *testing.T) { t.Parallel() From 19422baa1569331de26273e08db5326a8a4d3792 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Tue, 16 Jun 2026 15:01:12 -0600 Subject: [PATCH 03/15] update image in README --- README.md | 2 +- assets/demo.gif | Bin 0 -> 88976 bytes 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 assets/demo.gif diff --git a/README.md b/README.md index 5ea0770..09d1390 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ Comprehensive, official CLI access to the HCP Terraform / Terraform Enterprise p The `tfctl` CLI provides high-level commands for common workflows, such as managing runs, variables, and workspaces, and direct API access for advanced automation. It supports multiple configuration profiles, allowing you to switch between different HCP Terraform organizations and Terraform Enterprise instances. It also integrates with AI coding agents to facilitate agent-assisted management of Terraform workflows. -![tfctl](assets/hero.png "tfctl") +![tfctl](assets/demo.gif "tfctl demo") ## Installation You can install the CLI, command completion utility, and agent skill separately. diff --git a/assets/demo.gif b/assets/demo.gif new file mode 100644 index 0000000000000000000000000000000000000000..08a67fb13857ead8d4afc62211996717d5726216 GIT binary patch literal 88976 zcmeFZS5#Arx5gWi5JC%~mjp-vY0{bigASh@kDj;A22mt{@QIMjc7ZHQf zq-ZG8M7l^5>0;f0ZbSjO(Y^oYc+MI3;lAGo$FMxPzBT9k=5Kxr%cB;$dfo-#HsH4d zbrzry7$U~Xj%0_S*+m36xWqZ(hhW^|FkT55pBzj~6wWWr%a7(0I?T@_!Ot(n&o9j{ zEH5Y`Ehr)01asEER)M8y&dI=D6q>YC>kpA96qdJrDUw7ET*BXrKO^QQ&l%p)i6`F(m5incSId~ zMBh=9^{}?CwYI*kj)9dfSXJM^)IbMsfO9wGI%142qq?;4^O|~5)yJTG3@A>uuG}o67J!l*TTai!y~R-ip{xv=gO7XtSgj+*i%b=>{bQ#3d!BBqdQOZAmG|W3FdprJ7wz%`8vN zevnQrOV6yLQnNEIXJi*N-||kpRak#(Fe~S7Rqow}+xZXj?lctGQwk`w!ura)m0h&Z zELz2rVkcs8d0XkTsxqtVW%DKF)om5!ZIutYE9rw(5BjQWyYH=4*2I+5WZb)dHl5x) zUe`QaH}~ja<6wQmK;x5{#*If!PsW>`Og6U-KK9Ig{OV~-`$X#{THAH{lkT~vy~`Z~ ztDOUHI|tr(^}p#JSbO$-rDx=0@9@XItBw7`%g@i04Gz8;e7X5z{NoV0XlUa7*v$6W z$Kmmr&B<{3WKRF9oVr(Yo3GyNPR(!6F8`b-w$88pe6#vvA>;W%$;c9=Z#BJo^~1q> z{n7_Y>BrkIKgafOrjBjqHEzvMf1RKCy0gEX^L>wp6Q`he5U z+}X(#Yj3Whq6T6C008LkU@#aU2~cAG9`LJ70MG+~B@~IL(>mgz{ED7^^rEgLxU^LP zzOMM$b&(@y=lbeOdT*diQ;?5x5G5k>k_st_3y?jo$j4{(bDkY75(({JGQNjpJtoGKFq&pZTjmCBc4;zuB~}< zxi9PRsiC&VU*3+CSl_j4Z~6Pf)T486hT2=d{k70_{Xp{AleX_)*2nLi8h+Bg`)yJdk(PCY#e<5yc8HUbOb7mRnOzI3qfF1}rehi|W(vfJ0f^RXe^)M;ea z&tW%=RNaWU1esd_#qRQL^e&h@4aLhQ>bn6a0Yj%2lQ`WYmeLKkD>K+6K7Nf8ZmD63 zXXi7ALu9-SN8pKKGZ70(==AmFn{Hyqi(-Y`)QT{kQSbcX1^Mb%Z+qG`ujcx@%FANC z*3{S)&xU_rg?fiF)>6IFtJdJ4xh|vhj5@vbD@WO>kmwMv}>Zdzs16RH|To8WEP!|Wa8Md=J!9~>5? z`5-bU_f+l=vyOZ14DQeTNrsa}Tw0z4u(2E1WNq{bccV0XrDaAWpok}OL|Vvh5SMJ1v&zW}^pBUj>Y%blN;+T#ET^OdFaYtr^>`jBv3MotjZ^8(?U44qwW2lA*F7H3cp;_f2H~&b%|p@kcA-&J_o)(`9FrNkCMyC;^} z*}FS^UXB1%(*T^$Il-)Zn)1?a%Q2rYmP!w)ApTO6zy|T;m)uuv$GQn@CpHjYwhnvT zD(6G+z8p5%RWlL&OyK)KKhzD|Iw7v>&A$Nsd}P}mPzrIV>gjgiy=%Q9HEy0fCQfFp zetyGjhsJt-!$VdjIX$)p?JeX6OmrBv48g}e`Y@Ofy?l7s{v(EapKgItdDpE(C^|4t zaE6dh_?-fpXg@qV;&d&D1XP+Ry0A}6%Ca4KtFF5_k~Gu_qinFp(3UfAixjcg4Dtwk zJM+xA@>c9h>3EW!AR2)uiRU^%ElN)dSyTc(Wm;FQN{#o?(;M6`(Yqt379wDbYS$Yy z&Y13Eh$x^W_-Q{2x0xuy&5xB=j6uGbdAo4S{28o=;HIHOez-6QDA3bA!y-9Rcifa{ z0?Yt#V60H6g$JAz5=UfZBuI#^U}i}oQ{uj`lKW1hd=jqNXE&Fv2Vfg81doi^!xg=K z^-WSY$*eXgmT-cF7-NAu`7kFM7j)6d@5N?%R@v>PWifCH%2k?l?^WHw1{qTN?X|es zS5{-)MB{GDAua-H(7G91zt{?57LP;?1q+lR0JzP_p7NBirVpNkeWjwJ6@Lt?(pwgB z8U~~cCCTh4CbRDJ1EofsrjC)~APbwL5Il)=P&g3jiv_{yaXZljBD3}(&?c6-q(~|| zs)NS?Ktkq@vZ|GWM2s+W{{!qs0bQ*T7OM$0`Rc1sB@62E0YS=&zg7GHQ{bQY>K z0@yCg=CW+ST}IZ^V{SQ!Q@L9Ilf zvC={{Ap>S-M*6E57`l8x_WRFW6U8U|=3nV1fkIH3(;#DF3|NHo3&GC-4vgYsA=9|_ z;hb-a<$|(LhL(|U19*x?0NNYit0N>}DbGIf$`7)|fgqtP-v0DM%&S*CKTxpKgfIgd z=Ty`2eG<$UKp46#tF;O`hcfQw=iFE0DG>DdW=66#3s`&!TcYvE_VLWQ#J@iSN030* zM!4RhJUd;W`Xhh`uJ8ta-*lbCgPg>(cmaGOx9>Jh%yGj5=bg{_8!LAIDsy)c=fB}-X2l+BUqhPxe3#>6z=xI=LL@~&f0KVCG z#FgO`nMLs>rnq9j4*WpeMq)A@dXCB}L%as{c9OwBVn*1m62NA}6a>*q?;7_B>UG}{ zJ^VG6ie^YfbE^9S=&mbVAHZr)gAUQ47Bo=xEoZHVS4|re=XcVKu;*?zO1Y67l;h+S z=pg70_-`N38-Z9(H9#G~7%Xe5x&ag(QEn=~fvOCS7zZk&G>qw>*Ts^m0IG&BNEk(g z%fpq&fTzIJJFc4VDXigdLwV~!#wZPLB2|Sgb&tq(cnhqOq$7ob18%D*Bs(;}bP_}X z!ZxgL;11WUDb+&Kbq{W5>0r-Y{gR~MkA{l?aVL^+{Vb{&@ZDFi^_9>eIeF857F?h# zPE;Dc6Ym-b$Kc`WafZXpo$ILizB;f%2G>iZxG3EGfwkv7#LJ0c>jAKFZOCA5p~3@s zpguf^ima%|Im*~`>9>HDp>lzux%;C)*AbWo)RcWZyHZNtE%Ii9f;>FyX8Lq4Z^&Vv zWUGA=H#f>OE?HKNomT_^b^w5}xGWbE&rf<@&2-*R2GF}V=b>KyAu`aMmg;pIe!~=U zZh`gr+Ueuo`E}3&)FO)@F^_wbMPmaJied{MDHwiN@Zvj5(b4?L$U=lSPy#^heh24^ zR}ov#b3bsrvh#+S1ducUnpkzQes!sPb$L{EWnOi4OLfgm zb?uL8y4byk`uFPH?=?o?BdVGGpRcpP?Y`xuXy*;AA(V)TEqrvq` zgIj)sduxN|Y{SXj1_Gkd$Dq;IqtX9LV?ci6+1AFO*~as`jYLFKs6kV>N7JP%O%eG` zQLRnUvrVzPO(aBfoI!JfM|0wpW=ei@N^5iKY;*cRN=s#aOLc2Y&1_5UZVMgJ`p}@Y-lMhgN^5g|YfEcu+idHT z-Bt#ot<#{b+oP@LN?Tuk+dymE;B4E_Zrcc=eaxVJ!lQliO8ZoP`%G*5+-&>&Zu`Ok z;>nW1lNFCAYgeAE=RbMh`sCy6lh3q6j_lww>=5wm5Q^>)Dd-Su>p;$RNbGf>keyP7oid)C zveBLL1)Yj*ol0|^Dtn!3$Sw`TE=|ua?dUGuf-e2GF2lJlwwdd;+v~PRK65mD=Ir^*HTs!b!87-^XP$G5^+wP2#_si!kbQB6eF>g@iP3$Og1(f4w!YN4 zzVy95DzZP*us_?g|5kK=Zb5%uTYte^|DC;l8gii6aG=z4pgek@vS6UPZJ=gupmuM7 zj(q;m@Oi!G^Tz1s%>~a}+Mc(~J%6(IoPiwdG#u>q9PEi6>?;@?Xd4`y8ywmj96`Pq zGkh`O`C>Bq#Z;*-nR{XoE!SQH?)Bq-ZC8i z>N&g}J-kye{G)AnZ*KVK-Y`IX1ZXq@_8MW%9%$hRNBaoZ>k-)g2wZ%W&uCP@Yg8y^ zRHSfJtbG*udQ@V66eT_;Wi%$^H6|M~CSN$F*gmH8dQ4@1Oig@T!)RP{)@xilW?Z*$ zT)%zX@b$Ry{y0W_0%tT~<~3mvGl4Ihuxg*Mc|BpbKVdKa($VOpv)4=4n3ryaFWuW; zdcJ;na{nbkeA35g(${O!KV~wZaPn;XWYFu$^ZS!T@mHZnufn}vU5a@XQTQsV{Z;hq zSF!uANa9m*MpFr1Q;9KCl)|Z$_Nmm@Q|bFtRPpIdqv>p~>02?=xrNht?b8LXr|;}f z)5K?rjb=){X3Aq`Dhp?-+h=NC&(!YE(8XsT8qL;w%{Io&HW$vew9mG^o_(@E%MhRI zG@3Kzh5zO~tY9VzQpyLn0$Bh|1O#RNk@;6l5cL25!~fSuG6@i4vNKWUL;MGt*`wHC zN*`Z)^ihk9uG$#x?H;EuQR0;*KFz+Oqs@4vWB+V}kN<*;G~%x1>oKDIL6Ga&BH}iWWG|C2iJi_~S?=o-APp=rrdNsSre5I-h;Q zMSfE3er4p5GwJTC5@<72S<9FbMIf-xCEuxwq8(hOVROjixGx0NR6oj*u?R+97!xb7 z#|u|ZbK|OQXU8!F?%>%}F1r(xYJ9{OoxT8;PIH~J0rnd*LDTh30R)+*SZ>+Hqcg6o zKDC#)?Lh)4TtrEt8Q5>ZpXb4r>tRwn=QW0xbjZ?r=NQnOa%(CxeWnVRUmY1g5uyFA z6NIJ0omC1OL*Ht@gm!cqIPQQu7|#$XQ$?(B#Kt#IO9a-rgZ;R-7M4Sk3h#ih6)v1K z<<=<5Hm@OLvM=lw`1&O80w`H_N(;-w*VTF`HDykzC<9CDxQ@2a?du^*b|>*ExVO2fEwh{!H__)h5z>v%6xAtr?sr_UP8D;|F4e0$ z)SoHk`+3hT%r_CjtsxUYMVUfju<)oAg{`~K)E;bq?6?^;DFhQqusbyKh)FVOPn$`2m-+=uI&f z{8DIvOQ3)mgP$@Oqg$^je)rR%4wW9N!YDJ%+*RcE&dF$}ickj;lHAS5Ue&BQo1F_Lh#>2Ue4h$YNyL6wqCc)#8_L+p8X+vQIo zKmQg|?7wP`N?>vP`B}lUdE{;dNa|-A)s0T0fS{k$eb*n1k+1S8xFRD)C!WM05XPyx zAu=7;MIFjNu9M2}IcocXHj%^V?tB%?l{vjfj9k%)uj)EBD zJK06l2?SjNWBr)_Xi1>FEKS-bUoUK-Q7|;bUe4t%FE(leF5~vt(JnP;X6+LPz)|i+ zsAk@`Q^~9ujYda&Xd0Dasm8fuRc@=pSEHR#&1LuV?lXOp-WPxCr2eWih;fk->wN7C zD~xyA!h>38?nGdJhN%PG9^=Sq^2emQu|2J+*B+>mo+G7&1+@cC!O2RaX&uGIim|2|-qNpgF2r@m+S9hyJ^8 zUVsmsEG!N^!478ObD1iFq6h)%@s}^3a2W;jQZezIqMCp>=gofMLTl8=LnHRPQ(4RD z+hE}dYqr6-8zyE#CuEH8OmvUkz`59)BSJCke%YaBC$51b)fFb#g>^}!oRhK10FW4- z5y#%i{%zSrs{Y+tesJ;awSw?T1<(92$RFe82UAWI^VhEyda#ec(rMT@Ht_e^%MXgW z5`V^t@1SrC9oM0P8qw>-yXtHL%07m zpHJMsNi>&GlLE7Sq3vwqnsW?-TE{dJ*rnm;7$8uGDaG|cHw+DS zn*=LF(|K%~{qoQ&YU`Z5iWf zn}lV1LAA|a4HjE=GdOp&M?g6tVccHMnLz?^p_s+#pI$|VC<$nF7CBKb2a47X>KdW7R=MUv~S z7_*tj6eQq_0K1lxUTQ&r5KwRYQ^eEly>IC}K=@%;`)obR6w52&*?CisK0@Na+Z3J- zC&>6_g(%#CjVXAQ0&80>=Jmec^@H&Pt z%#-owiG@zb{!b8B2Pk=g%!YY=diW?RR>bLo=F3vJ@z2uArIcMf#u;xC zN$Wy{)}t-cbQ--A(^Wfn_@P|7BmfY{*UtdqhZ2hLz_OKIZ55fTwsE4enr<_ww@2?BImc0hA;zbeGAOU(vOD7~itJ-J z4Ap$%s2&q-HxFCBa82XVytCyQ_=Q9f3?DEmSzbzM45pz*03Xz)Y%?&1&KTezqLN$K zaY{ih2s>AJ4V$u|Mh9jGkFH@vc#H9m{qcl8Wt&$%ta59)UejuwAb9Y|SS4z1ls++J z*QfqLqevTmVW?%$ZJ%B-%75npcJ>jWJ5hACfQ77AU-^OqL0!1J)yP4L=ep6Rb)BeJ zej%R~lM4S*n^%dWRR=n0dJ`|dIQo#&eyDHcOT=^F-zrVN=+)9WQ+q2`TQ&Fh5_I7eZJb zNK!UU@3t=!(-amH3=Q8IT^+jfl2qMx!uc%&&MSt$=y-o7jYa#oc8r1=P>%4#id*=3E0AFIjEanld!`@W%O$RMMp#uG(MbNT64U=!UK_f|r+p-d0Vp z>nXY+((y@BorA$vOW+CZ3-$oDi$9#@h9QOZTFc%HOq|PG4lml@-~6pJukJ!&}MMn|;0{0JWhWM05T|~o(`RUJ( zVAU>M!`rk@VPZSLjY!*8o5CU%nc$HGB?1Ej5Jtu3d`LW}2cn3+$Q`$qxu)i5rR4y& zcRIg&KgpTZVlLB8Zzkf)kRCfkYr-R>ObrgU4e;)jCM6WHax`fFIIAg(wCKlpc z(6lBWPu64<5GoO&mKC~7l<~Eyh*=%C>0wq|rj17Ou|xc2mr9|05zJ~k?xT=&D_Cul z43*vcGMpjz%WyJHa_nI-WFaS5dCAG{l6~Dy1!fKf16QzR1!<} z-s|7)CFW;<_zq+76tjiuBJs^5MZGbPkoNVI44Oqcmyya>ORE)j-b1$MopZOO`$Pon zsHwL@{4H<7kMc%1WK>}9YDqGq4M*0F<|!WMh$$M6AFVJ69_sv_X#vSSR3{rO5?(oU zm6zcofVlW(EaxB~h?r8ZZ2joqC;B!<*l)H;>gyJ_hw!>rb>#64UrqtyHTZSTtA^2& zXHQk8HLVFOuHby1CRW^eu_5}%wU+$ADi;6!u6rl#*ahvGtdjParm!4yn|xE2V>^57 zlE%nWY7_OA&h#w{JA~d)QIq<3&-FNAa{jG}cO)_h41JO$`f33K+-~brB3Vzk@# zJ2mm9VUP4j^D_ItPm9%mgrY>KfOHmXCnAw}W}e_$Bbsg=g#~NHw!uDjFAmkKI{u zKlhWLO&niy+g6qtFWslCKKtmv!$bH&3*ix#SLbeOhrJzC*jjoJ+*M@GE=6CqMKsu2 zq?##qvj%ujZ13`EVtVr*<3%wMxg9>i&wEkrVr8Coxw&BA5w#Hx{gvy5S?>xwSj))R zG~_-|Lb)}Y$_2SPzan<~+hZp~(&=uay$b=kJ;zub(lZ-InjTor>fPCEd~tuMl`lrT zo$XEan~wXcFI)>2Ajp$7HGsv!PZu{&vBy;s$%Ko&-#T78#c)nPxsefRIdpCsAnZGkwCN5w(EbGwm2zo);7)CL2@Wyk=gsF&%Eo5*di zpT407QShZoa|QZR|7=vpek<}1!1!k?#=t~V{;>d8cDG+=ZQh8-#Ea+=>~}Vby04fi z?X^2ow*ZokZV+P)_lE^{iKqQ~#kMU}qDx1ty3_dG*X7ZpTBcQd$n zbBk>rZ>`}~xcx`;ZpwC2xN-gpR%#8)mNaQScIenq4;he@S-3jeAm+pkts6KWXH=hT zXdV|yWOUV2wUzVwWE=a^n>3Etju1YZsSUt2uBx8`-+90kZgXw&^=yXeYFDn{F++WL z{d&Ljio4zY$l{li8E<0o8Rf|L-3_CS5WfBbc@QGpY%4~zdAd!-G9s5n-s>=cm8kn= z@?PZH+r|)Bnm`?P&>*lvD_KE+r3ZbQsA9J9a-OBkgE&I$ykB zxM|F}N-CR<48r#Td@W*QH%L&)^OaTT~bW+tu~#5f-iuR{08lJu=9WnDzV_E!am z()(Z(LE!y1SDs$jOuTAg^`5-hFk?vOzXYZ~VhBUAjqQ;^;-G$vC|C zrLr}l`_JpF&x{#yYMdXcI@o^Vr{JnGz__?8Bs4Jbk&u7A?DN;W=HgSeNe5*ck&(eC zd4;1C?F@uAprf}MW@ekB{(h3Ba4gK2`rq@ zZ{T<~9;6zP1Yr4_P0VRQi};}r}21Cyy4e%2H|^K=p* zY5MVD)(xmZj%>%kHRZop1knOOasPKMP{!%{z~M@s%e)cTiztU0ugpsq^Wg7?b6g(y zyF8z$vY>C1IyJ53W?Jhb_M(CjS`R9ibJ%%~x?(RQ&66z<=PT27obGfj9j|`cB88{m zLaE56z>&EW5SE0h{ITFQ=+mDX62I;fwkHAm0`-{g4VG=FvF>l99bnfJ~dT2OH@ZcS_HJx4Utlc z!lU~{3IXgcDs$hc49;X}p!p?KiPRb;|EDf@GP<4r?!OR3030uzDq zQEBeb3X2-06QmXWrEap?BMQr`=}q3TM~FzN>*&Sq?iA2R-7o$_h=#NCHA|~~nQ?D2 z1Zjg-P5qQC*Hym!myxRX;)Kt!N^OABMMa=I3ucGUd^Cm zbG?gUlOTLe=S}7oBn4D+poW)j_V`rp8|3du^Pw{H^kNSd$RzPZkfLpb4r!L+W!@4j|Ir8|8mC9c{ikboDZZD{7I?;^s| zH3!@H`(p#lb-c`_qnX_#2#HG)v?r3ySZdY%xrp#|Kqpwb8PmxstVv}7D%W;rJMo_Y z$FZRVvPX@#=T7rv+8BS$2$JCykTm}39JqRO8_eiDrfz<81Y*tvph%xgJ%5CMc2S2b z$|5q3jpz4XF?gb)09I)}dgmleX7nxz((=~i&vBi?6c_y;asP{}xNV;KiwUt|-==p_ zJ~T{%h@~^B6JFe#EU4_WLM`&`yvA*03=Z6U6BmylVe}iy;w;h?T;@*)j$)zlh%EE` zFBoa7LRchBlSs$$c@B=X%}w!EIg%k}0)tc(DER>@)%9iM-=|o3QI4gNF4fMZ^4e8v z&L_4RP@W?K?Vwj_(@3b#+t|`6jSm$5BWJ_C*FOIBqAr}>!_Wf`2Fv%C>bXKAiGAct zWS>bcHoQ-~N?e@|4h!Tpd>GR`cG#%55;Hzo3i@!%D*)5M&BcK_x*cQ( zV1tJC*184JLawEX1Xo)GyKHOX_X@9C?4MXT0STPHdHC|@xgVkR5fsUjKi?#@>b4N4 zJMWqZ%UccVcv(Zpa4d*TVhRJ|Bx;^KA&Tz4ZN&FUX7n2Brtl(`-F1eGXXY$6$r zSxCJ3dLt1TTHjH8T{#b(lq^@Q8wcf51Be3+^chS)HE}s34VX+=$-u`7{n6BJ|KEax z9b)q6KH}Y{vV3NH`2qALXad)f`LMnfChGz!3w2k96m>~S$~X!frFNxca!E1|3lCSV zb2;|a12-4D2l7-x&VNmE1iv7o#N>miw2qE^HNDs!5^f2@a|G~W%jKi1j1Ver$?$up zyg6K9Ac9#{NWHV|sR<-^$M29d_g%WGa zm(#$%A<_#4FQ)CuV7cIz^1~|Ce4Qa-10c0Ns&eB-i++V`?tZT<8SX!mV6GT`ui)D| zKbIvj`{LBbuyfDVt=`%;2Ff}uGH0^{Ni9w&TpnjBpdVCc4q?CTY8HK9X3yftWX~XW zeqW|yGTgmje-pIJ0$z3c5!Gmy-dAiVlL&TZ|H)kG(sY+7JfzB(n)V!_;ORsvE^joE zi*mCs^B*&1hwCRncx0+d@fLnnez#Dz0)L2A{>KFR*G++^e^2H`_f`yIWZi-(q zXdPZ`mLkmQKi8D8+@&pMOybfbGQlK|w4Ff5!$Y{t?UVBcw?qAGbM$PZ3Ya=3K=4Oo zjA-ieHdp0cT#?NHJ~f{*TF{bayn= zu*>&o&|5M#@X)p$pLhI)JY^4~Z@ISAI$( za1ZGakQgA}#{Ina5<)k%UVe#tPSO5eTSx`>>ur-w#F)Kx&S%exvmNdELf5?)668IJ zysU^3T_@AaVHbT7wm=0mBOZ`j{6d-S;Va${@S>xYOe#s^ji5sJ&2h@Sxtt(&aN_ci z!OTZ24#GCIJe;aINx2~bqhLmzr326wVm=h!9(HL8ibePrvCOnqyzR@&m#X#JSr|hF zfZ=8vWX!L190b)RVRBFF)0poWUeC)GxG&wAPwc5$3;(kdK4c2{zc?7MbnhQq9P?9N z58m-FVewqw@a|3)ROK6N&hYNN0zVWBRT!gLT$42@52rs|#bl}-E8cS(m+i?x9vku$ zWrBGwZYkdYMm-i%fc4v2AxeWGhsq_cEv{UjLW?0tJzpy`O{rYME1Flf2R-yI%m5x^ za-G&Et_Hk}I(O+=pYnyl0x)fLcz!C;RBx|~+BmJJjYcg5uHEM(W$N>T`t7m7dh*<| zfV!Kt)_}oF&zEdJ1i5EIQLb}}F)g*uFCz=}tj7Rm9G>+KZ_2B3>yWP>#0+aI7btB$ ztGWEmuCDEp^V`Ek&%N^tqKLCodO?(0fMtG@j3}mH{o1kAzq<@Vu8%C5b8^9fMZ{6; zH~pn5eP6XWHeoYVCq`KJkgLB_A!E#3S5$VNzm~YTZoLgLuj`d1;u<1Ae zm*M!=4gh2LQqnQw;HQ@E24zlBp4&oA{;P^3Xei~L_IZ0$W{WLWjG_yW_qr!WPs1r0 zv;r!^@~P`_86INYYaQR)A zzZNu++2FC)%@uv07tmE$1~p$sxE>;Pf-EL7(>>nl##=xkBYrtVrQ3(7Z03~3UUZV4Kq1w@r!eAm-;ghDYtCEpJGoXQVfl%#P-<>Xmv+e#VCKwPVV&Thqr+6^G>l~h! zyzz=IuH+u>u-JhNdx`0&3ZVg=3PMfC8g>To*EsNYWnW}%-Kta|&3rLpLUlnB2s3K) zXqnTauz7d(#iO+E3TK87@V*E3iwQ7vc%|*~5saUA7vaW$u`i(;B90MQzyPcaOKfF; z*}}*(8rL#NY-&3WgR<8Ie6H(sV!TN)%8#?}UKH{J;5bqjoYJ-DOCNDd9#^2eiG0W{ z1B82y6j7vt%&=V$e&SAEtP^)a2UunVV+!T>Wst!taoq$eIC+f)%En#hgm-%{05Z29 ztM?UUBBHfi-IrMN!$&|_3%IY##2`CC659Cr~a-zrq zA!++VtMArJ(iIiol>!~kRu%u*X(#{B$V}qW_|3AtO|NR${m!^RVbbT@W}AkKOs|@` zQD^}fsGbB)Bjao|&gW>Bs34P4EVHs@s;Z_?>*|(msFI#*ZMwi!n?$(zPfp%ALL!*E z*na`OlsH&&)Djn<-)YLB-AwsDBjbx3y<=_CIGV|8Bau2^6~B*>qHKUQIsvn9V*?`SpF;VcbH3;(Vi)$HjZM zl!GTYHdml0-T`6!^#!wQFA&Xd7FvvaLjFFpauqLYM#-!d5s@A#lCCPs*ghtOH3w*@ zp*i&Yz4(IKMNWBlKuQ`ce;%=CNmjmao7Yg+zQYD`uh>%ZKzK18s{WVrqZFxYK|a>1 z?1Pi9ET`%kvY`?Q)E@1>B1&xa{(@!!csZ1t`3N8~5hvgc*n)~5cO#FS?on`Yr|{b> z0J&xGH{qw;w03;VC79P-D4IsPYqSdw^vyW2_|?%#gIU&D_7=&Y6 z$8HayUPpTt&n~DP?q(5xjk!heO_0hRF zdpuF93Mn}zggW0Mb9?lpLppOkg(^CN#}n+*>;gA8-#pFJIrYB#M|}l?Ro*Ou^{~L& zlN#7(!iSGcFvnele6I+N>aHZegz3B{ zF3C5xQM825WYY|_Vb5TGCkbMHx>)77WL5yS9+>Op_u=BuF%1e}WCtel>I-hQy=8`0 zcud$%Qk@jt)K8VsoZ&4Q@-MJ3dJ32&L8Li!ZSZ2rtwb>Hn!iD;K*r7cbvTQ&o{w2; zb9q@zuk-0g9bu)y*|`MPrD_VY038F0+X{Tu0E2Sk;(M1*bAkZ5FZwlAw`e5Cv9>}` zQ}FEL=gEN3}#k32L^( z^z z5(%D}$-3Y5Dle$^JDL4V4>P6^;uGor=OFve6!X913CQ1>6IO}u%t6L%X{E?$xb6m% zsj>^}hp%4{CJRf+pRCUfk+yVHmrtnCeMmT(_3a}zyLs!Bb-b$WfZ0*z%9gJp*qO?{ zSwguBK4KFOhS}l6~&>c2x@b=8_3qutntF zHdle(g?W*eaLmz?{+J^sH3Higy5iOP+pyMMpzNkV0-)gKbOwWsUrW^)Q;>cvnT?Qo zGap3DI8_aIk|?Vb-PBWqE3WI_Os{`eWRT`RUtr@Q3`N=HI-c3B@2WojNPEHdlNE?Z zO0)fNx`*;?-f<~UjLjzwo9jxp8@EPWkRM-O&ErR*YS+YB zqc^iR>+>+&>pHf2`-O2ll3Ra(n^CDzYn&yT1zTkUnX|-czhZTtX-)M1}j_<5QLx9zu-j9-Q z^U>?3Sbzo#xkY56hPz&u)wm+NK*Z}S0D?VKiRKdXfU_k>bCtQG^G3F|#7x(G-WLj_20NWhV4e)ugxxmcdPkE7#F#I98Xbt#qALd#6DI+Ipgkw!5-x2VM@9 z(Sr_mV__A>qiDRBx$Lr8u#(PzI8GT)A{NA3Q2GX^znPPRVI?oHKv~f%H;i_t!gwqky-So7vcLanRosxEGC-ppTx>`9UN`{E3v|-61~Ix z|M3d2Cc??gb5$Y|Z3RBDi9MRd;ZU9`zx*tj%6d{N^|s@xS<2g=s}qqA-x}ReVui(= zs6W$vS1{*Rkbc;y7x`8f{a4&=c{-mwT4U3UZ56X+79YEOcb!{^IP0Bs{b?e8?(YrEQ?5^+_?7j; z%rS!nPrIi;c@g~(vA0Kq*>zP_Q=Jb4vWVtt0I zt>tgt$wwd_=zotS6!T&HuN9bkn{VEuZ)4v0s*7g9f;|&F!T1HVeRt?qoSX+r>C9L% zHWALvH#6HzFEL9IydKoa%5|K=wavUI^^P6l%w?u_n;T!`>kxI0KMZ28W4*=?#xm@| zwI_syRqW4xe0MA*@h(J16Iy3ATMh|mP+Wb#S;gS<@o$JKPn)hjUV$(5Y~3t6PIu&~ zlCHQ<)C-%>+zOr=RhYQ06CqMprp$Na`Ju4SD?fzgDcox3gPnZ&z-$H9w;N-W;N7Vn z6C#CNQVL|UNp)O24V zZDIl?wLZe>XXpqA$WP~h#cMwoj+k>wt|!vi0)JU5sZ8Bs(F<@a8G4W)vk3hi%Q-Se z0i=l;Zjhl$jXO(F<)2;4RI{xqpFhWn(*G5NrDt#Y-!Q^%T2F~>7 zJzaWS@wwDnKR${G$UMsc9x)5R6xR&gwDX8XT4l*VQRQaI`sQqq@ifn(sIn8h3AfI# zv_yi+8s6a=RKE#{I{@)%jx%QOns>)n+bab)qugjmJ*vbmj~lnQz4A%0Tfo@P>+7p~ zj29ZlTU?3I^sfdVdtP2}IT#-&Ww!nk+0r=w3M7h>XBu`xe{-CT7{)Hzi4o4F| zInCnKL?dWeHs9sp1OZpdFbWn;>@?xwkck8P{X*rx1fiHm!;wki>BKk)47ETCRUhaB zfF#?9anOUWQ_Ex%h};Slw=MDq>(gb*A^C3z@gLTg1ibSPg)nAbo1*_8_TDre>i+E? zo_)qX_BF=X*T%j?W*ECPWTz}46vkFWXEO}Oma&GAeQBj^?K22TWi25MNmN8ywEBP5 zdH$}>>$>g-_v>{(`oHeSJ<0c&&*yU-@9i-BC6z)7>d&CG5O4tNi#Du^lCz)-5YnU! zfoO|FWu;7yd--+Ur*WnUCRzoGRzS3cKs>7&+sDC!rLl4IL>hvJ^X>aX?_OF|$mD3o z)3|uKd6hUPS#ip=`#J9EBEp;aVO_G7gqWY4`i^qYA;|;JLWO$MoM-dbhu2^4sFi@c z*LJWUUqYd!!YWeQ2B$TY1bH1UhDArZCG)olO*dSWDB%`I&%Wh$y7+=0izZGTjc}xM zi@VpZY$o`@F;{OEy$K2=*gre&Z6Km-PE2;3bu&`y%&;DR;FhrOJ93^zv3PPb?)q}~ z(2SHoM&3@h10Q^OpaCWIwFR=tH4)>NK%}>%Z)PzzFn{3cA0MV5RSMtp>R7EE<2z^> z2kznaB0KeRKwK#>QSXxa11CM4gjgtXA2JI8b0rg8c+EGxZ2C>(fvbPmruO7+e;1I- z=H`nRxn}bggCx~2E(GCU7rvc#sFh^+g=!WO`+Z~HQpKkV4B^Ew6(HOuRa7Y8m?|iO z?Drftd(ghzfI8#_v~01DZ4aG^{S#Co{?Bs46aEp8^hwcwms3h?Vf|PxARR^@jNNo! z$Fj2Hg^qtmIkC7h759cMY_0<=n3hM9vbdmJN+H+bqc>FqV2?_~4LIQmV+zQ8@#8fv zD!THig4mz%W=ibhXtkkr{t?VarHL{PUvrJ~v7t5!ZOQwPMG=9`SBp&T2e< zVss^I;~X7*ykJybJwFh}8}sPO2YV;W@k>b~0;%5~F*7cu=sj0xhC>$b)>Qm_QDXrM zxp(xS*lkd<#_N0jwg|^_qqDo8-yZ9B$i`IPc`=ap;=ZEf8>a$H+0DE$E8e&_0N<)2 zM<70aCAv3Wp3J6zAxP9ionbaU#ZgE;4*ALP&TTrM;EOlU9~ErN?kY{sPRieRR7leN6#pep%L?Y1vkfhaVG_FG#(dYf_?bx6eYdUP*b zqs@zB;kt!czh z)2ZO7#VL@Mzlu9p+$0cnc(Zb(FbIC!gC$f*e z-u3C-w4(*85O<^N9aVVrruT#&D1}Q{{mHFnPj(9Kb<;)qR4>XQx%;7$=nTmsuk+Ze z!6Jd-q{N9#<8$PvSKxyQvj>~4`BD7DVG6bP>9Nx`h?R~LA=-Z@Gx7b3y zgX8!@fxw@|@%dGp|8fv9FkEr}NCgyyiGWlf3X_%i33$Yp-t}|w3L=BWN~!ZKnxv6- z9uO{rN8^@Y8)Hm)^Bk33w?kBhdvdJVc6tNs(SX4mK2MR49QV$UY7mjqw;Hc*yBQ*M zO^d1sPq?KF%V$n&y&5czm%x4O;N-p(*u``}AATq8SSNi^V(lKPye({TDD>b_1t@p3 zb%ECd#>c$Q@bh6+)eS4IDOpDw-GspbFyEM=_#-8(<})qaYUnerQ~S;v`Er=op`e#M zpP=brj!cN%%JjMQ)xssu^ZOQ^(w-lP@2n2UPQd=_rLrx%GObe^AJ#~|2{SH zUin9fGi8XDZJGb4`J5*T3UB$FH08-!(<9`Q@PsHf;8fUaenc?E900TVRdo|aYw5+B zF@1&0g36A`;#ggeGAa}a+Z8mM<*^aW;`Fimg4Mroo5oKv5GdNz38eFj^XdWkS9!-_ zvQ1%I|5&w|0p|fR1(d>>P8*X;7e=if+@)5;CXTj!;VWlyt9Zo;T6N=-5kog0G*h}( zhcc`z>PjB-lwI`dbaUE3a1wP}Gxd@{W#IQ6;ZrxM(+@rs(wh$MNCJJ~n=%{ed?n_2 z+k_*x+I0Q4;fQw1QpmGUx&tIuPa0g3x2Jp2rl>n3vwa`E%mE9ABH+D4=yy*wpB6tj zm4!Bcct*o2l{h-6qc^PNn()e1C>bT`BI{s08*-4BW-@$QEa5Xp+g&GNeDz)F+_xi^ zLTa@3N2xnBjvj!EN-1>1_%BpJImC6*$r;L1NG}`F1hyOjOS62!P^zS3a*Z;`AfunU z%L@gYZF!<`A_^)5@$iAXpklAV>L3w;Lf0TiB@+q-dI-zJmvI~7sVEn(qA@eGiO^Sj z$Hn8uDwE#-8`X~e<9hr@1rI;)<+lp{r|J&0EE$+7I7C+ymvA*uwD3-8Aty?q)hV>v ziMkLcc>+H&q=LA-4z)iGw=HYy%xkba1BtqwZB%gZ!5Q;7krVMkP(-zy-{3;V`&lQd zcz&_Z)Vh*$x%0J#SkMQV476XT^GDlag`5kTJ(u)eyH@dbVT&FHd42Zf)aPx$OznK|T*$FPrC_J1X<&$t70{ zg$%But>rl0!0VrcpJmH&cWV7{ZW+TBS;e zu1*`A0$>XaN3t08kVs1)8L~+zjXrzll#GUm^1>d#XO;?j>u_xt5I)K5?v(;lxmu$0 z;=3?Z#w#lTKBQwx{F6b3!?ZYYz+30u@Y$_{+qfnfZF4axv^MySu%<2;l@PupxYSD( zZWG&wbUfn}^NtrhFfbm9LkjTbf?6STF8ug$YBMXvidygBE+K6{+(R{)IBsbR>h7`a ziryclIKXr~qJcKg?yC5DXtJ4mjrKU-53^oaTy3XUl9aG9SD2VwG*H(0{=iVhq0?K& z$38P(voD)H4=KNN?9Dtrw8%&r|5^zE3kLbGsd#LaHs1x`5?IzSsl1yAQnvp~#51Pz8SVN!p`^2LTLZt(#-< zM0|4i-&T%g3Phj<$8RarZZm8aV5w4%QquO9>3tW^$BtN(bZe%A`+^Sf5N z6Sr#xfRuOn1-k(hWcYwShdSQjyXbrXfwuW6DmLU1wKtE;L7<#Le%XEE+ZB~~{(LN? z6si-^_63)gEGS2nzF_;I+FnFaQ2;hl6_x@M$NP8LRNH7*qSR2ZX&_?FBe;RA8sPsv$w&pI-gq z`iiR+VomQN)UqgGO>6}eUUi>zDm};iqTxIYB42)B4$=qMKtPvnNFV)zUCsapG=y$& zO&Y8{*}?kD(TiZ;5_9nqCaPQc**kW5mg-oE27|gIuH!nsQ?se<>f}2kysP zy5;;W0w(eJ=@+i1PqR0O%tJ(WAdA)G*h05sT(Jx1M>)-V(w1t{{;YH9uR8y!+GTPZ{|2LbPW%j{8?xrMi8y}M*d_Aw-BRj! zmzy5H22Jx2pKTqTsE~%l2fW3|1x;b|?5ft*m!`QGvuxcif=$a|3bw>y;EDoKe5bmH zywNa};XJmeynlJ)m9>bB48`60MRbHLE!Pa!r!2SI z>?WQNtuE1)EM?L$axgb|0Q{Ik@j}Uq5MCVc%mB9II;eyR+RbNQ>OhSpHn6$ASc&v+ zIcWX=IF7r`eLAR4OMPBNtfZn2r(Z1*|&JFd`7Y}n)PD0!xp4M26DDFS^`Qqfc7~jW598q>$ z?TX0Nm8{L3e)I#10*dk7Ek4)3z3r%K@zj3aRrH`T&g4oR>)|tAZ&#_Z);mK&8_|oB z4=#sI%X(W&M`7(c!^F`_RVO;Kllk;z#A3k_X9Qsg#X^PSkFy5yx8CZupun*(WH6gX zg%mYV=kNcND(EOVl9a$pDyiRf`jQJORqI6T8JLnwTdIgS9nS!Wf$F;=-gq#JvUQXjDNFA{*+*Sz9hjZQ}O=T>K`|<7mxzJR5YO_#w6zMZ! zGmHor@UIi!He2P}&9AYLY#!?ufRD#d0bt7*FQF1in1h7|w!rv_EevfaB^8S=mL2I3 zS1d93vr%vTUy2A%{-=m2KydQ+nF|C6pk9KOy30*KDc_g+&G>ls5+xOtrND!AdAavx z4;_#@P{a!`=}^h=*%TW(Gpj;Av2tN@{osJ$PM+f-_;x}XxBb3z@?k=uETpUc7p&WP zdlWZ^(^PC2Sk)GlR1&9ih<8SRw^vddnG0lC)aroRp>n4row@{f7bN20ih$u zI3QUi{6Ux)j=^-hX3q2J(#OQYL$HHW=bm11JuIRddEQ1>#CZH{U?)@%H`c&YZa`)} zcu=M#`F^mbey6_JP(OX+m5B&_HtgH7JwK3pxZy@8rtq*u9r~4rOP2R6*eGO&phG2f zr4iCNG#X*;wV@Vy=exCeZ+6JS2LW5z>?7RQZ_uHHciw{1H2)BAY6p(^o8uh zffRJ#Y4S3!#-pnf>nvt%IFQT*A~&5`SZe?5Dh#e?rD3xog

koiUi|eQ<0NB}`)h z{d}FAgWfy5UOAAb2bix^l)>rPPD0hV;TSOK^rx$rl;6c04@SdT8`#V)5HO|h#4-dU@IYa5EU=P)F>4g^R%hh%Tj}U`EB6=KJseahU)TZ@ zf9eh$qtsVL=6`VqEx{A*Gl^cX$dljmGlg-5J(#Ph(5;@K#X|AxxoZzS#ZB8(LU_J& zPw_Y2udxpL3M+GN>S^4yXVl3q?%-ItaZaC*$Le#J2K9_!;iVNB_clk1OSjx2-i)5x zksctN7-fI?I)WH$8ZW3m-U?aabu0aR&gZt`T>0HMBWqK=kt%OaND0>lbQQ}cR=(9+ znSE#qPjOT8!Z3LB`1ONxu0v3Ttz2VP-*%R8iL?;Dk3jRy7Q8zGZ{6osY{ZYg5^P4SI62R?&Os3iXKTEI?9i* zjZDIr+rx5wZz~B*;M9lSp_KZe2<*tqQhgHCE8u(RXy_oPja|hV%Nkai=IhLB%2z%# zxEDteIM^5hhheaLW>@T6cMRK^jTL8?E|j$ym3=Kls_5nI>wpJZ8s`4S&;?3)(bbYM0PRA{u_EA4PZe0aYiIdk<*#Dl>EhT5@9EFr4K5Njv_Nw^ zRa5shisOpgtPA7>MGV!rVc;G<4d32~(6Uy4+E9&^H`_trBTSUc9xRpXyjW7ejfwx{ zlCVLeJ0pl)L5Or@uI|I@7di9X{U_4&JsmIP5qdeL#1Ud4IBQ8=0qKTM4hh04cQu8H z@l92L>e%OQo0A+r;j$Ba=Xb|%qW;i~!10CT>5e^;8Jryk=ZKuq4Opk$N<7 zf9jYS$B`-vZ8l2KR`z`1*lg6k@YDH8$Y8&24)554QwFnzJp)EBhl|Ty)xXqFpfHrG zZ8LZET^{cvd0?kn%TG>(^Lcm+4t@&2cFM9nFkB7r_97%E+eOxuw0e+_*!88p&PMCj zi$}#iM>8G?8Tl0zIAXWKC4k;sEYr5J8Y#kRZMTR+o=O$GCJd}iB&X$wH3gw6Mv4^K zrZ<1~C|UkVZ?61VW{%(Y7c%=Fgy{o-Fl|E-$owx?Kd<={d1O?7-k>|l_MAd1WL6pG zFR-$?oEl(27`HvGPk->HXjH(1Gw>ZHGhfzw9`OT=1bYjEVQIEP%w$dol9zUfGZjUgL4o_cAC1U)JWF^!#49D+ZA^gXQhWH_ALZ>r@n zK7p1 zxL>7-!^YW;liAjFC5socuwg@Cfn-v=!QmpIPOzv}O>%QYeOba8s2tI}BJdz-e6w@q z7#U5v;xvXZvOrazH#Og~UXek(mQxfvc*pJ<>KU=fb;4+M&Yg-GD}O=rmP_jA_vDT3 za3SzZx#vW~Sg*>Hf;nh_5J8GT)tbdYpzd3GqE&m{sKaoj^C1UM@gtf=3bx;&gT(oY ziF{;k$p){UAA>>wXsDE2GY9>r^1D+EnGlqQmu#AtPaxBEUl8y%osOm~2T3~EtWi0z zu1Ere$H9hy`UN-v!#cD4*e}^~l}f&)0Y}?t6|Isqc9!l{)MOLS@uv*^+pkOaPbDQ2 z((sR(s8Wi8Uf)~A%7W{Di5cJr1VTa@2jrC@)#j&oWQ{k`(SfY|O8uIoC6zQOgQ&47%jZQ3AgU0glNg&l8nI;-1?nl61!j$>KpTc3Y{$b^GWP6FGPPgsIdqHVp-! z_U1eafb!wjy=)>LBpJLwNQ3Ok)CDqZfIz9=GIRjWr@+){E_ub8KT@8aA>Y0RWY|13 zB2~nk^Zb{l4hd-M{|&w1VMqUlUJm|8fU<47+QcE?{DM2Zh%MGH`VzlM3&ew+s|J$A z_i8$Xsw22EG<~JjRRn{q;YtoJ;~851d&~5r7Nzq1%~KkA%*mM0XgTL9WkokJ6nH?^ zuQzF(N|kMJs54OdIhN-S7WJMQD1|oi2<3uJ9{n`Q`*>Cas-s(fbt2WeI&>BU9!QBi zJ6jgIWjl>!KGXve7Q}E&rDx|PV!uC4l!CtL)dUOWjXl2acG2_hO^zFoM%DgPd0VMq z^u2QZNOp3HPJg!jN^Rn|G!Br;4rL{)8f)u(mh$qhlbL z7&CM+{1gy<%843r#zZE}*xis98&TPDbx*1?gi|L~{jpeR!w;wxM0f^dYqb3R=)+y` zMgKDvo6Yr5l$=YIh42yOXd4N481+f2j)FlR5=I3PP`X`cbBH+OkZYQSFkrTlrneM? ze9I2r%TQT?W?5_S$1!98ynms9G$lwO%Box=2u5x*$X?O+>cxF*$by_kw_}r$YqEgt zKkOV}6ya5iJ5ZR4k5!B3rK^wVVBhP4R{tqI%LzxGM#tZuTCuan%^{%A*qVddU^3_NAzOb zGwpn)t!;sE!hs*|c#Y=haj^;Z3k@>(hT*$X(@c4A{=Q|mXLQCwkr4@k-Z!y}e~8lm zN}p$-Dq!!z&@rQYc(DtBP~fu!RjwMczTj=yH&uGr->$F_En2=^`=%jQNUrCfFgJqU7_ zxrl?L3254^86@-W$AhV)FHvcL{MDz0g_pqtsT-*IdYL`yc|`>lyel6@IBX_#sUn*| zyOg2apv1Id)Gqxb<@w$L zDn|8)a)#3jt0Easdc2W2t;jW9f`*IN_P0y>`Pa=Vw!mVB_Tq5`v9Q*~zFMo#S_$jb z%XDsjiCC2_w zxX0TlW`UxIVXX)Ew>#{P{n1IW;J}zH6$&mUBXcEWzaOw#CSA3MS{%xhJ&XZtwW7~2 zMx1wfbq8!gs4LMZdVTkqXK90Zp`+m5zI=cG-{5UE4lz0Z13nS(0eWL!&bEyG$n$fe#E4K16x>b+Eezwb-gTWEV z9_c4HV|YFJn>xHLZmqZw2s$pUcj-=npp*#7uLY?Pr7q$GUfN|C@4@r-bU?aEUSO^H zr?+FZ@k4no`COZu2LY0EzJ~@;FJTzNNvvvv^PClWh2n;3{OUvDX^DfiEaI;w2!{m+KP>Vz^g)M2dQ$%OI#Vy zr^XQ1&52~EW<>{wu|7JIPw8?w4X?ZjP*4y{&`3j$b@DZ1=S?5O5(TH)Qg?NPo6UU) z0%K@M1{e#Md@S)T_|U4v)dNX3fq2hrMg$k27l-w!KoJ)8Dmz?HEa4+VX2mSO&KmLtZN&Fy_@m zo{&8a7e4qR(2}Z62lo5-Ai%NxZbyQrE(CVlxd)Puy9Qe~ix`n{_E}1gp4)c1?KpmP zE-LqEqvlED(uVivh$E}h_f90np7DJ&Z@OW9J1HTl(#~C2mSrz#^lt7xHL`)HfKR3v zaVudy8HxnF8C4YS5I{b#lU^m`D(2K)g+f~?S0``5{s_(^{`#VSnyk{nw7>N*i9dsl zHp%A1U(qw03-7A?0o2i@7a#$sG;UM<4~?n|Hu+FJ>DNu~D{q}(`FPPn*Fb}Xe4ks# z?_E{u2RaS`;A?Gn9NK|mQO^E*sx>TE0fsJ15$HG`KnhqXP`s||>`=37Rl0cNK#>{% zNOqWOat;wQ9TjSfc5{(*wm4uyceyPS7ZkZnLiB;QD4j>d*|Q?2%Rnp3%0FD z2V38I>_LkNXM+h6KVrvnxK^Nkboo#s$KO4q*i{!NQRQFODpp;=o{qUx$WCteag>q^ zz~pQ@1&V7+&MqwqKe` z4_c%@^&%Pmn*HRY$({pi{yir?p>9?wqhH)bMto053fbv>iWjR|X0nO*?=QmaNTPd2 z2LqurQ5{M5#%dmAtGF8jOOk3Vw}ZVZ%4BJUAK}S=%=^%z@5U zXd>lFl?QiWQbi0yrXJ>vxn){I47iFS6kh8RQdPS?X>(H3%Ji+kgH1z&ZA;Qn(Q|-- zznMkjjGetW*s{LZ!@^Za&?%GUSg5!(P3y^h8}EzBE6eI%`C)J3yko$VmX$G&@C4VW^i#722VL(*Ha+zW2D^d4YGZ}1JbTA zegZ6CqrV8q{#fHf$%afmkcM_unZqQ>3`X?RTWI&an{!uk$dd6C2JI6iP(I9(pLTZV zYa4@Plo@#OQK5_5wOk0coKc4~Aj={IFj5O(-hUL#!ID95dnF0dJ|Hkk#Rt|63=B+s zC2DP%g7AF*c+3e<{Qx7r#Mgvo+JBv0AE4O(Eu;Z$IQ!3_ADDz&zgz>HT_St! za|@8gWOjg#_FoT3;{mL}=xU4Yi9hJ(Cf?bPz-KIR>-8w+g;fb3p+n3wpPhzfUIK?P zsrB|%TtO|Hl;k=BAO3)4ZI6qbb=BujmVvTYmQZ{=5)2HBP(POHmnv|PjDw4MHQI$w z<+EP7H(?It>yBvEFP$- z11SH)25MmEF2_qgBlqC7mPsmcCRkm+!8)}XDmsAeeA5_@Apfi zTSo*xFm`=;(fC+J@am5zRhN+nWQ6=nIX`O3>noStbuj@@hIKa9bUHYTzt+frB6>Dn zK92#wTOsSGj9!+%@H1Kzf~HUi_pG0wWQIt6B2q^OQUzP?E)E|d3IiE${JM;QOddRm zW{=g^^(O246Vc{Blj>gV-Zki2kfSI9sM3idq4K+#6@J1D*hRqfA3gxCFLWv!>2uL5 z4Uz*Q6n`};AVnZhm<`%9=~|~?wUxcFcm}K7{I5nO=<>pnzA6A16Fm-kcwF_l%K2O`Z7r z#`{&fetc|87_W0IC6=Bda>g}}G&`n7XMf$>OXop!XYNP@&x}>OS=O=h)k}8Nv9vcyM=<=ja{xs*E|uo%@(u0=@FHmeW-I*m}-upb4qKvOb#VLy9ZKE zE5?&!FoCQcO8btWYeJu0blXx0$@%!vZ^BC-^q?#@l*UotJasYQV*n}f8$<26byrAe zIp6FrC)I6jjol9F5hE$$fOwsvAu6-`J7321+1&VF>h;w*xp+3)!YNZI<(M$*j@cGt zdQJ(Lr9~!-D1Y_^asT}bvY8OpKVL9Ks^m8kg8K2)d)vn?3gj8y1dxz!014@#mkZ&4$x^kPkpZj+4nm3Ev;#6>C8zTih?2C1h8(179{LDC_!{h}2g5Y$q5KQQZs zs!XruPeArTEc$Y+k^CT)w(iO!!{0lFyax!^vrU89N+;{)3B$!{gUY$ru+@)dot%`3Qw_$I2_M|~b z+4XN~#0;O)bEj_$OEr^rM&1=j*{kMrJ3Mmx0n^*hAiKr4ehGRe{RA}zm&~MrEjgvh zeKH{@wUo2D#D~{hY!0ow{eW&s)LdWUr%!pA z1OknoCni`n({)+S{xr^Z&?Lh-D4TcZfkk+6{#y` zCgBeimuTc=3y-;2=+%5{UBOr}AUb52e zj&WL9j~Ayp6tuJHhedhQxs@W+C!an!-M*zAcnj&P2$x^wats43DGKQlO?l zE(g&l@`L1yjl&}q<0{d4gr%^uQ%`@M0sHK)mcT@BJX`U6lZq}#F*}(^>g;(uxRaU3 zv)d>7^D=M3w^O@om?}xxVRSRIjl}mIFazDWWO?|vPqTV;vqXd|iG`T7b@#Pkm*NVO zP3z_7cAx9T<&pSAs(@Z27Lb5!W?N8T_NIpBaJOH0)rHA`?HFx%hLTI*{NG-wx07;E zKEo;ySGa573zE=}7o++1S5lMnNLHbN1ZTHG`NBV|bPA}F^q=Z@Hbnn7q~WWNlp&Ip z0ab9a0f)GDENZmQ_Zd@41lYY55#V(#j(XSz?;T!g#iPb4-J^F+v2$S_A;c$Z2dI z4pj8^Ug6fHSXH%3#YIi|&BDYEB~V$O#KE#3$P_}^w)l`ch$P$Gmn=TyL zp8>dJDr2k6>j*camePxmpk}oonr^beUwIT(r>E-RIk|ww!$E-%B%;fG9n^EZ`c3ZH zdmmq4VfRuE-r4DSJWEuX<>wofzpiG0#8a`CN5df`gVx9zIea|jgQG{I`T3iA7IGAx zcTKY&fv7jj!uJoomtA!FeWG=d1&7r*VCHE5w}2#w#H6r1R`dskbNmMUtqQ^iM*0d4 z*r4-JHUJL__1Q)}e6^YNF!i5;viV!|s>QOyRWFKoje@+d-Mxke+=RU*y^oy>6WOCpp( z$C>+@c6hrDG3N+HKn8QsnBoKP;Z950*B46splF-r<3?KDA@814zn0DvPWs?WMR{M} z^I{AG5ejCzU7P5N)Xr*_IydTpw%Wf_PEdboI8d|c0aMzHM$-lj-SE_O7(~0Q77w>b zzHt10OwIP)bC%A~TFmNYvqZAWJ6L^k`(Y)1?qdVmpC^46M(?$|6VU|ww(wMl5NK56 z!+PS<*x81!k<?ub9!Zs20!v?DeHIHsCRGz-R~%b+HIA?~AP8o=%P?V6P_B8Qjip<|K;%N) z6o5b4fK@~O#S7H}#l`+7PWx|OTYK`Kpk}QE+2j-^6{({r|GDL0ud0T6dDmtxG(8(( zME95+@h2+Ec+fE%bMkgHal;Op^7`F$K^?dRDoSw9E^U|Zl}+&v&p|bo2CEDA0#$~y z_GXD(p|@Cm{M`{RYI_>zs%j^0GAqAUQxV90xZ_=Vk9YB~SnKSAq|?VmN;WY*59?by z95b#*zp5hX4{2_eeRz42-~4S~vrhZ-EUz5Rw$9vZ8z*8;ZrR_~OEF9OdFAkvQ;~LD zobFnRhJ1Ner?wl8s>p*@x40+d8}}V!v%$d3j5h4rVzSaj0srsWBukFM$JE?<_;?sp ze~C@u{_~_<`Qv%|TkNsz(gMuC+X>15$;SE}*^0p}w#X4PWE?$uZAb@!j>D|43X>mb ziU z3lE}W&W@DXaya5T!V7dF0Vj8i(?nBck;jC{-vmZy=Ok&>+WM7WgS}ZzXeU1KzAxIfVttpaFk> zNznt7Rw4p)Ot%?kQNEkwZ+MSVlgVqiMoq``(er3>l%=^G!&4#V*(RTq59aJfa0L9x zYv2A=i~n*z0P(p14+e-27}aKbwUmG3>M3?(q3PQxJ}9mEURb@+o<6Cs?-*G;cE$wGe1BN7 z#nl?vfO6a+yBaG2ivMG7J181^pcx9S3Unwvv^60xis88$>Nr~&U&QMGy0LHLr?(Sp zCmSJ+xKo=oss7-kw3Y5pNkeV_o}$!6;jS;Oue#HJ6bYXwZSxJK0v2JtYnNW%aIrnj zkI=-ywCzU(?)}xf}PT`H4t3PEo^x7;zg+s6TOYO8S$W3Ue}|S z?Fc>T2$1K@U294SIEb%GmrzA+mi05VTbD~Bu{hoJTEH-Ip|#3bQ`ZGTF!Wm8@b1r( zS94QE7LSfu!iND}F(yq6ySr{!K6$UYEeY^e1BhML&g+v_!U9R;`7}rcc{}!n4T7M) zi`5|nZh}V5Y-$GbQ2^mtm*ar_Gxc}?sLp?fBv9|!)1BLCbDuwn$7}vpH^a|qu@Bp~YHjHad*AnIH!{H{BuX)H&+-n!7bgVNcgP8Fb%Au;l_@jTak<$2 z7wX-v8*%6lu?sJuLAxCI-Zj?_X_mt2~jI{Awif)ul?$s4w9U_Yk*s8ytCk@{z6u+ZnL-ZD5GWd~zU< zV42_y>h>B2GCvU^M;|7NnREMc#FBk47(NFm85%Q5c_O#8MYW2;u&*ZxXk^i$&MnJt=Xq&AHPS zpYOS7CmxcqbLoDfjFQAH5AfhNe{(W*?4{hsJg~GW-gfw;! zFHNjafRaDZOB6mlbrEo}HYLB=(FAe}Yd)+;iI}^fZR_~$v|kFZVcD>J)q0v>IimQo zzzJ4&uLD%hky%m=p}iHy;pIQLPm+0W>THP*U?8-peMeSprm7M7@G zOgE9JI39QENfx5$-KweV@O51KDZaTA39cXb+~q_xZ{76V|m zD9<_Z#>Zk|OW|+;IC?7^vcn6?J3f1i8+hu|q$1*qZ>)DsmStdX{jsrL zed2;wZrOirtWVT|O|{{c|Fg0Fb6b`{GyCt2^--SPslLYlY^--T`N$W&z+d+F#`^Y3 zxwC(7tl!(m$GJ`n9qC^WndKZLIeV-?_c9eluqD(W5(ewzkAptkE2@-+RDFkYW=%`LmG{38i&G zi%%aabxxatbA|2z~|_4eZVb#+RGBp zuU8jNhcq-R`UM6g)CzcC+6KVOCKii6m2j9>Bz;;|ay{l)s#Jb*TNH(d8`qoBu&g{^Jz?RyT9?a<@(Y}8U+yA$mURjV0Xapqs z$B`qXNSja$2U_Ot@Ja8cW0bM;={z!0oEMh-Yx;6A7MW7EfRmn~63eE{%`Gqmb=;26 zpy~#4v4*4&6KbtZW~pXM8Ehn4nONFk+2#x97D6U~SDa6{;GSit^jQKYOV z@u9$^1O=i8`{fu@1bZ#GdDU&BG!W6Jg3B^%h-ZXK{IKq zb+|SitzZ|#S6M_D*q6r_F_#(PL3mh&b+kwo0HZwUgv+` zK|V?Bz*^4;Rrm|@!*FWm&l04`^1gbTaq-~@FM)gObVzyC-St~rdO=zP z`^fVc_tWb{<=h`8!I})Ar~s0JL*YQxw3*rrBia16u$GOSa|^%;=`<;!9Sklo_)#kN zstQpmGnf?aC;a*z{1dHyV3PC@8Oket^iv9l>@cDdkLm55=P(#zJEh}>KKkv~Jx8}l zbRN=!G9>Q3$`D5?13|0;<@kK0t4n|<1!|{-5;a7LiQC+f9Zi$=zeVlwQz_FLIIwku z36l-Bp_rqTlnE%=lm(Wer3@qF8Pa)G(LyrE#XU6(mtQz*V`yk~uZ-5_^aOdd%-^ay zhb-GetbgWd8+WX-gPIM~GVqlgY8~cp=D9bFN;%E3)s-id=)V*)fhGL(vLib>e1U{pqVI-ezY z$2tE+x*J{?|JqjE%ytbCaMm&FkYJX=weF;pLMMcvc3sPobpi>SD&&9fYc6W_^~gYY z={$PgI<5WK6xb|QXakF${(-AFSxFUf&U7ZP zr*z1)`XNpj*ifJfZ+SnhUIc!Eh*5m(0t+gOa2XcpeG&Iek89(^*YE&e;}2lL z^-LzQ2kNFaG>wk3OFbN96EkiiTe5T4}eFi%WWc~YC+cAs6Hrb6Zq z6{oqS_prEIaqEZNT1*+U6(uf1}*8UA1B_ZE?#MQpU9zWL}qIiHv@{?;mdF32ggdvYMq z=LKY2Hgh@Ymv|(OKYoL&E}>HJAz!Z-NJu)RA-Na*(aAu>OSA@!0Vdu z*D!TIg78#KDWPRGowQse6gZG-=kX5mw5OWvhD*IQ(V9M&C=#tsZZk8rhglRts!WDk zS6x=+ROCdk;sKI&<;yZkev?0?-)oxBVB}oS)5QH4{2?qy$RYk3^3CG*xk8+klJZlG z{ICeM3QdfJ%?C+@oR54OjWuNU1oc9!4n~tON2d?K7YmT$E`A8vtbOoUKfUe*Sb;{2 z%wElyioI@3Gw63byo=TF4;Y&kh`X1DL*M6<7dr*iYnP{>k>+kmUf_R}}32h`D?bCwhQXiua{H2<) zUyqJ*W1m;sQdqfg_Un=AsbLZoU&Ui1d0#T^V;-jm;j-pRw%pabW@0!#e$|Q$ylk4j zdK{_B-U(f)sNXO4es9S1P|w&JkRUq`5}2M@ltbi|QRCS>f+@5*>4p?FCv)E7FAhh7 zvQpH-gJRoa>rULy@c3M_uASk84Q1d_A0h<#w3kph4ywh4mz-gvVZ;cA&M-wg-EZwF z-KVU@<2JeNuuqm^x)XOl-xBD=j{51pxVoJemTARB& zR>ew8w}d2XE@b(bF-K}WXiif!X$#@+uC=BK7?oX6#>w6-l5y&OI~lFGr&M2KF)(8+ z_(6qP4C3R{m_<^prN6XmS?o*a#yxv>7fE~!bS>L;HSAetA;u-yuP1YdeaD5TS3}0m z{Z~V4-+AfTjrfi2hBk5%O@VSD9LOzmXc(XJfgz7p82=WLq5U#LsCj>#>Y+;4g%lM3 zPxE(N8f9%l9E!xrs{jQV_V|*u&N{lZePyC`<;xk3wOP~YYu@h~emv@oVqf^7A{%k@ z%lb3S@m-OZ60dz&?km#iuY7hqYV~%zulp;_pSw2SvwITvp5!}m{PU|PDKZ*ocl}sd zUoZH)8X22-a^*)lpP=Y>s5$N&#*kMXrHZl_k@>zsh4S{|DFIq8HlWl>%THkV*^D(= zcx3`Y-1BUz@E_qo|F?8x{~!JxvLG_36Quq7=l9z^ei9|9>I3A&^rWNZ?8(RvQNU!fov>Qk5@=hDJ2+ULFfsIS!vn`d{nKJ zYOFpr+(5|0sM^4**NCZ5v?CD)X0d3gvQlDriXXT~kQ;#!dox#)j^xFb$7fX~yJbsX zKV_MK?e>Bp->NRW#;Cc&JmJO)%39E5ZmV+4JsdOTF(-*LBNW6B%f=<C&;o*A?kH=KN}um{Ue< zVr_RAhkUK05jz%o*Imf}6Q@x+%I~fk8?VhY-}9Dr7x7sG){Q8`Sv)j)d4a@_QmP{$ zlVpF!P_XZ~QM?$Gye?Rvfih+bHZK`{pn}S_mL~36*Ltw)rA_UFT@!Uw3W|4#;ETZY zHjxm7ndpNs<#?boLPo9*$aBU9jXOqkX(WKli|>BFwrT8<6XVd`BfoEXzZv}h68r?j5T=aW8+0PX>}WPwUA3xW`9-J=&`e1i$n zL%rZB7bcJ`HIB|dwKqzVPQ=5a>#lNw9_(k3;HV>@O#SnLXgr8}KUo731wIA=V&BO2 z#@?tF5UlU#7#=K6%sK2+;k*t?9UzxBz`gg2~qB|3lq( ze>JhNVa`k@$)r!{-GEdP2vtC?4pl_p20=kZ4T1;?8j6aFI)Q|a21G?b4GM~4iHeAd z-l3zS1S_I)qk>|Of&9~+3o;~~Ho;_#(fy`twlX>3feacS6w2ipdMGb1d-mQOU z1>4!g@QW_RRHXhGNWwBBT?BdpP^2%g3Ahm(APBNksq(sEt0t_^M-|^yWhl;ZS-b;FEz;BAcSCsodz9WfgjvV6j*9L3vh1^+h1;&n0r;`rjbL86Mi*>k<4ED{J{y7ym)OA96Q6O!zT!p=~3 z<;@UegfTxdU8ZnnN(KOvQ5Cc&fLGUQ_J$&-2f};;b)S_ML;Fa;CF}DzF+c+C-!5xg zF8xq}mELF7oM{T)#iBYMXgm>MY2@m>?yVTKogDRPk7Acq@JLpn_9!l%TbOx!m*daA zpgF~r$({a7dHP&t$m01N3E1c^6P9_2^2OIYPB6|K^K#UoXPgMMcoRqcW2A$#O_9iC zVI4u38izd6^?S0k!SnpWEWu&Jq(pd6S*x-D@|tfKp0IdHD7*E5q;}oX;2i`6XOuO(x?f^l)%-Y4ooKO_2moI?=yN0sU_f!(u~H!Z zaHY#2b|TH=HmY#iy+LyH=G=G3EAlGO3Xo3z937&na`wr!`qY%7(DWs@5C73+iWMz= zsdE-IpIp!;wpnZKPzf=uRUMoi{#M=M5@wQWr{{tIy-)@4mxxF>ia_lrT8gzRW<4-C zPjs;oFyY4(V&yStYdy=tLwI<2k-zJ$At|g^I&JE;N@L`^3c>pSJb&e6fRU29PHjoz z_BWzJAnAtCfQgpj^L|x+lT(^!J4l!L|4Ooa!c%1~<*(}fa zr67pp_2w+oh*ve9LuPsbdB!4tMyh?UmsbYa1$#=WxK4Pu!3Ay}PixHV38(7`B_5Iv z`ZVS3InDxUwnsjDsVYyW_3geTg1~DZN+dH{{i#kV^^7A}-kBf)KEI($Pl)6jtOZ_4 zm_iPCKG3j5p1&eck~mxJ786KR7a9pUkA$~9+AG*uCpsA@3X)#nJEN0`OJayRHMd4m zAJt_xs_gYR62t04 zBvGerWK>CHTE|juvHp6F8ZZwMm(^UJM|Tzg)G-HZciz&~30gO)Og;uYI~ykplFL{2e!GBfCtj`0v|i+%fI zu*!bdr=mZFhpI{?>%Whgeb%fF_=Gd6G(TU=(2#<7j&*ICU+Th5`!A}bz7G!mUa5kZ zLFSs@KMvYXRdFD19G>7z3dn}UcFhHx>8&$W!TAb^b&SN^2~Ie$iB&B&G1B>_6kAM+ zf2cUktzzrAJcEy7`y7sCKYV&sp7UfLts-wq3dbsL3qL2{)INVoT)y{kzD-lUMSuP* zZwU*LnA=N&swKZxNxtEdut|w`ha?h_#vr=$z4I1SOQ&Z@y_%%UCb{vG(iQeP3El3NZ>T z(>f-eKBF9Ex_7T%VO?BuY3a>;t`I9Yg>NrRE3AOM|q@{^J@Tyn={pAw%%wgHvhU& zHN)zXHtXl;qp2hswI=6d&^|ZMSsNr8Z`x2GJ!IgvbqZqDRk!hOiT)i4VYM^qWGFvg z_Tzrc%P`y|3b4FMh|NRnygSMqvdIv2ySBT?U)#nGAma`x^>pdOlmjJJH4W8ko;^&gSvPGxWd3Tvjaa(R zH>_#zkv)r#HC8M{Ve7_h4HrBvTyY((DGj-lawO^O0x=!0OMEtaXde(@`^EZl5i2Il8)v z^^VU+KWH;lXl_%_xa>ouJjqJBHcYYI|E}y~zujjMBs8uf&h=P^_lO^{*Zgp%4M`ON zy}5Oo#L`yJv=h|>kM0X~gDnY>;{H@e%6gV_L;B=OjgaX>vyKgN_r z-7fd(X+Hz7a9*#41#V{({{iI1b(p@VBFXr3lR_M<^;S?<;Q3~%&=A9EJP4kw&*^KX z{3!D;B>zk#338<02v=4#BK|X2c+lf^->l^9yp$E81-1)u8SSo>u_tmPTk}(et;4$v z7f4)FgYu2K7gvI@e!_XlkE8U;y!&jKyu68Fg7veyPbaRP zF(pX_k;Mq42L_~v9yWS=m;~+VDo*i8G<_s0_@sECxyg+0Fda<^ar3Pz|A&wl+-JZXfwOv9={?H@6ft@HiO~|_MN64?MG+45aksY;b5-3 z*Q?sUY=!JO>JErWfNMEB_3+UFWC|2VL$W+7jqdOY`E6rjD?JyJySkJg%fyDW(heJa z2mM)xqSzL=Hh;}q5}vx4DMC8QIg70HlB3w`x{n%%UCE1?uP(@HuQa*^P(4opwuVW8 zrc$J1aGH{_F54<|NFCyFB$mC(@35Jyse@vrpsvo&-+ITpZ(5}ir^h@suy5@B_xcdS zc>&IN=so4?>ZW422!NfvgMBLJFq1WD&*_o*{giBB*}l%tCa;PlNtOz!uw}hTk0`_^ z?Wu&WN~LV;4{^WrvFwj(nU$G9;su!8O|P4}gyl(0Z%<&X26meX;|PfEAD9q+ILNta z5&4B+$3A+ZDX`!C%1t0P~!YR(X&nIp_s+(vT;Cb6GaH&POui_?d{Qk7JE~RfbYyx$%ZfIk*J~q`S%T==Rmz4=NI{%ulS7%Oj@^ z!<2+(`Z!Gsv$IaTy^c>nG^2Ymy0_S1 zJf$GNTv?il=Ye|9Ivv95a7VpB(^h~>i=>YqJc*l(h6W%xL|LYhn6q(8Zw*E2mxWVDgQG?51tqK!6I=J#1;-oTI4Qeq_P=7!r#TiZhJ3a7QIA zT*dyD<>^{zRe^IS$t1XFO?+}T2rNzUoLW#OL-dGigVm%WJ>B=)H2I{$;euLsAs*Vm zK^AxrjxGK>mStOle!?I<13A2;;kg2+4*dRA2n>#P9yaFrTLP;Ot)-7a?=;#$>qSC2 z=GQ?Xvqu9Xvz&Ig!zW^eQ_Q|bOrLW!-}vUQhm@Sr2>Yn~q?Yi|pD$v$@UUgy`e`Q7 zUZ@tr{X4}0A*EI@Nj8Cjd1mT-FFAL-C>Mh-gi_7pF^KKa5;t^BkXKNtimrm0s?M2dAbd2YEz7eB zoYHPt#t=De6{s?-TP@3sbMSjln)ak`5=vHhbkQMxjwgXZh910Ht%n;rgslwq;6V{+ zkB`;RH}^aK<|m2B+q*D!is%$=VLs=Y73VTew!tji?MTdI>Z$Xnl^XErW6s=*P60?+{LoWF zXz&Bp1ANBZmjZM>cSbUs{S9adTEFlDEpTDdoIObm7fj6n@`!-7lFBu2p^X6S^D1hn z9C8}B&X}=r?gNW>oH3+eJrJ-)MU1U>(Dqeq@v2OX+WlU~s%?~%Wi}8+NPpzX*rJp! zx93*HvOj<2pai+0k9-+~1Q=sTBVs)g`Q22ka}+X0gmhyR8c?ye$e@@$=0g#GK*U;n zhw(rKLqhtff^}E8=mEa^s*+5_a$gFN!<`VWX4ep6D^>1GbnA~s=j~q7{W6M&96AIYTXtznj_ zYWwRu8*H^5>ARhx>qQo1FPbZ`Q^0P-VHOXf%1ZYONMs@PgMjWS10(clFZnZ#_^w8L zkc*S=E2jS>IExe{V?LzgpY=*X^=U#~s1?XU0fMXkJQQ+X$Xpei$ zHNzX@s5#)iZ0W`vjT$WOBNcQPwP`Qq0(Nb%566Ggr~nDvu=q8JDn3Mhsg523{(OCI zor8?x7q@MXbjE2z){uzbBV&EI&3J^8Ap!lIeoWOh<~cd}ToGf0$cXNs8updm0jaOh zt?vJFY-E(fZA(WKZeR+Tv>;Gn%(_$ov;1TPYvt^)~Q%mP|DJ0 zDK8PLI~5d+T>Dm+xz9*+MGl$qAbntQjS8Yn(#Hh|J#Ze0x3N}(!k~}rrJ5eX0}vYB znvl(qBd-OSx>>qf174q;@|oalRgs>5tZ)bDuX&X-sQJDdtzSc=Edq9jx{}4+HLKb% zfX5sY?$X)4>oh^~yJqK4&|;55>(HvDbCw6R6+DEd6j;aY??pNRUPVs|^Jz*8fA4TcQG*?Y zCWpJ_tY(5lLm_Q^pYbP-HBg+Qq(4&AzkdY%@#>X#EXy~QKs@>@0pc?P7%Ksm!c-T_ ztxExxpQm0zY8?60zb1CmIzS^Cn4$sbH)XR#_*P5#(W=GASSZ9$BQkF)+(&9wv)gG* zN2$3gv~KQQ*Zxi0{q`Q!Lg&2o$Ow;l_usrj$C0gHIrLTRE!yHUDM|upFL`vpL1w*z z?k51U)$BuZlCf$UL9ZARLtd!GKMulSf>V#d_CiSKBRHK9dcDkpr{z;dvO;9+9swyN zL046XK1qV30-%eH*}ekiOTxym128D5r=I~ml{=dSfWClq6stRRZ@s*Cm(5~Us1LXB z90&o;gDAzgGc0RGDZK(nm9ej&62+zv;;r(2iG=OWhlk>}e_kugF;!)bcF*xD7YXllY7R zgXK&Gbx2YBipqSm(VC&4z828^F{5K8+vyn>HqwIl@-7wWPb_kt?BG_u(88E&g`N8V(40k(16pLW zNd9WY{t&#pQIKqdk+$K6PlBK)a#pMYau7&01;FEKr+Z7d-#4=xd2pqsFKml^5pM+y zJz!9qlLCuT#v{e9K5_uiPUD@?dvl7)yY#Slz0+=Bg^2Ao44BHv={9Gt^pjqwm?7Ae zl~fxoU3vgvPX2S&6s35}AR7fRai1B>17{mG&RoM-jDnb)*69Wqs$i9hxkX{BwE%73 z*AyU|)qf6}-F2ksqKjzt`J*X7Dt0lO?{c7;vX}=hceJicg;riJeUh|4R?fakkm6!D z@P!nEc!;m6&U$o-nhc!8*v&#%tIMp#*e{7%Y3m}c96l{)m+=96EXhI8@bv>=S5&AD>Eu_NVb2$d!RQ-!Bn>lw-$!JC?4?Nq)YMhhKLLveCbu_(Mz#2mLEKOW;W`t3P&!Bez`$a6U zhxyoc6KCj(VNHF#H4&Y|*cnzAe>6#(zdHHssyh|VU@&V1%g(n!5;3qv)p-xQ{yGC( zAc(uCpf}5At?4h#nNQlT-`t8_dRzkv$g2l1)+6a2-X5l$LT^>D#$|niOK9e?SmSqz zz{Mg4`AJEq@RpQ+g!*-R=4Cn*OCKmfDH!90(0M@>N(E>yfYr_FxMu#2DQd7|K8p}B zzP@FBy0$zBWjvKlcihN~Q$q**xTY$okpIW4smMP=S+4z*@fu%8oC4W(IT(~#0^|$o z;Q{%6Muqlj`iZ~P8FF1~AunzbEdz?Yisp?&sQ~54ee~~6F#ObYIymlnV_fIyIQyf!uZ$AKH~;); zOmGU_P`1=VK^E~SzRC^+Y+wA_DQpI5v5XR--f{1Zhb?t{(y&?nX} zP~G;6_aZi49p^g1LV&thMzrNbVTvmqAM3!DHxQ1l1#19T#&yD-=+QK<9ji{Ni=<~8br^;~NO)#4V@!2BPxGv%I|QOo*g zt=RrQI`lSNAbBYvClrhVp@Reeh^Bm7?YS&hG;DYVGSi;cp5n}d-0sG~6b!QmMJoPR zzYjWJWvs8V$+E%8A4>Sy=(ox#-|R#oBXwLWIpoeK^?UzoTmjXtyJBexIr2z4cXfFR z&JV@p@xQ(wU&r}P!0pfeZP9!Y-sbvw{W!0UThnldGJgDF34K+4?^^z|`2!~mRbKw< z=fK}TZ++l?6LETH|2lK}=iv5V!v}v2Px&>ZnfUTJSWWfMq^QViff( zsD%DusW$TEz-$|fY1?4q`PzUIn}`EJ+K#rcJyg%DV-sh_!)rX#N4xh$zr0oA;@LZ9 z95W#}6kKi*{K|c*pdn)aEUC$YX>%Km_C@y8EO@iFZ?f;iZ2SMDYJS;D2sP>LUy5P)gD8m90xQpz)Jx z5_Q(kkOO|%YsPQxf6n?}+S>jMZf+KR=6RoN>O8M&Z6C*O zRJ*UaA8-8X#h^T}^vI)!s);*I(aieT|GstQ@{>1iSc>Lbg*nq5Jpiu*B#NL&wc9$l7w?xyX^SuvpD7NBy; zPG}PrXtJ$n8Wq(QhS;5D9=jW0a4M-ey>+|LAEZxPM2Op-6~yUXd`@u`v{|yV*It?k zdA0U(r%4BGY6X9OsO1*#1neZcSmAHj$PX;{8Yj*`=d(8P0}VGcSW1qCudK#Q9#!87 zW0@vZfu__oQ$N{yZx@^Z% z&XrtZ87r@OjRVg*4{Bn7p6TOhhs$TQ#&gB(l@UKIsZMRKk$)uZUHa#=#9W~B^4m=L z*yWEp-K~$`_LgQ#QGaF6%<($Su1IY>(dRIuy|eV(okw|PicaPYn|~Z0>5=-Nh(*jf zKH~$Oflm#uaX;N_yo-Ij#=EO5_j;7_(Jj#R&QQ3|73(vX<~rEBMR?TwY_C$v@WU*7 zW6}OE4x@EhMU1;)SHhmfGVb);&+46A&tBX8e8Kq&sp${fa6}xnN^0# zj1=O<30N5g#Y~_JB{yj>Ov@26xu055TCQD8Is6DSv%^Cu{75sy3MVF zI%N{))Tk(KDjs9)M80W}%uYMH;2gQ3*uFDu`b1ALQ&l98Mwg;=peNLg?|i-wXR0IzzvXkG=L_twSk5NDzV=W zfTd@9#onFaC%WG`jH zXr= z%kAT`EcH>6`E4GBpW;tmHiD-{nMx1bu0P-O__P78`rFzYJL%rP+T@Z4$(!h4hJ}HH zqJ;Cyyp7no=|xnWx7_uvJj782nUCQTS`0>AVf5bOk~RsLM~C^!&fHyqG-k+>zBxeO z^fpl7Z1fcNJ%Qib?pKEqz<}97X>)C>dTWQ36OC=ZjOuj>p~NCV`Whki;rc4 z3j+6xcpbA*5n13(${J}Ro24kk)#>#HZ(ylY$wtVgM1|!L8d9FS#95i%{WfP5Y)AORh%i?LP@@s ztaNSt8mYSH-f>>gOrc1>RUQHv580p%JQmTE?y|6co<-7qa-r(0PkRS5q@N8B-v_7E z)R$*f<(o8Wcwpf)MR7X++ssd>9;)PamglSuP=>q$B(=w#9>NZ-wb{NuI z5kl-*%r@LQVl!{ zlg!Q4{P;&z0O#@xGR6*Dl%DF-7RP}M$-B*^JE#v&s8ZM|D&3^Rj6^xG`v~fy@7*c` z`63^)SdvDdo$J`=*L#i%*#w`Yk%1LT)nNO0++2Slu@g15j0QoB!S3l>)l9^X6(N99P>bCiWK5M9~~Eg7aV!a905q{(vGA*tev)Ra=cGPnE%gmb^PgGw{9+0u`@|eH0(Q_)34jU%< zOWvrAUBLs~MaWCFRDXiyI|2F%=ye9(b-iwp>SeSJNe@pPo9KSsaKkpBaI<&e1|h)2 zsiQn`W=h^sC15Hfi;P$z84xOBs|co+@{AC&uTFK-OJNtx3B4Kvo)ofQ@u@~QfD;~9 zKpH{O+2&PfYk_t8O<_O#-z8WZ&U2MLC%Q1xQjx zcvlzFc7Z%0^p|1of(Y`^!M{ZUY9`-B8+8xI@s|-L&z?zv=M+M1?X0REYtz= z6MBY3BirQ2018{+!2UwdTp^XVmtBj(L!GF;fLw^u6!Tdp32GrgF)L7-<8xMe3$Q>Vj~rB0mjJ9$ zK1;|49aL~|H0v~g;A-R=Z;b|p43(KKtK6<`a*^$(dr|(; zB`s1zvqZZ-3aEQGr#x5DS5daU=g~gslJb&C20X}>PqTSNC&l43SB%`i!k@F0`08m= zm>k2(5|LwxIU^#5H6DbZfKfIZn4xuVLM+^S9Hq@NpiLOF5&)3Hqg)l{)v6$f5AboA zhEd~&87V?I1>3V<2<(2vdZeI(1gSWh<^7qnMdUl8f@ypJB9^>aSUQT*VukQ^{rY&B zBU2m{md%Jrq5^>b#%J&=<&H=caOSTsRGwy@0Zz*!nKOV}o7l>I!0mnBu>eq^oUw%u z=&F%w%{dwigZ2|4ehMHJm%5F^LPgxlivVByzf5BJ@vKQ&nkWC@_kW8>+{HqG;un%J zAcYM9Fj)~dDmVoR0B8BBx0fP6n4F$|m_`wiUn^5RWk8l{<~_8OlL0YN;B;knh|JMS z25iByMwH~J5+7&!VJi{>pyV6DtP(!3P|4($P;OOYH~HmL_y7&1S&`^i9?ka4>pS{VJ^gjBJe?2I$5(M=Hf`wqX zin5kRo-Ui!8Gua>WX)Yeh19rE;PGyPIY_ME-wHkW3K+$(Lqy;%Da?J4dQ;8(b%dqD zDNF#I-XE7O02~D2`gjH{h;E7mJ=Ca z-U2$Up0ftG#6_Y^;ySfy$ub^5F@3;56`&{1n4VRZ6nB>PsBZ9D`0Yh(LV2c)cP?Z) zy*dkluq&n)=$-;->j}^IuSV{D$5mMR|J4|1(*4wzF?}m_6D4hb?Cx{>UNRC9v0W}1t!fP7;YyY56qt$@VX*W18cP1;AzsMCP5(^h4yUKyHHCtc*p!&#(RYxl0RP-;kqz_vl z0~IMrQ2F~2sG~s%+^fS&O}*d6AWdGKF0(YrgG^8o8zluH-1eGmsen%FW*QuYHYmke z_HF~hgRWVfe#)u(DtObSo`L7ACs-HmP_0y!k?MP0OUt95T>s*mc29tWO?QhpVJ&-} zHM!f;%?*sl{g++o89^yD-t;ImL#d)BG7~q5B(2&XKapN`k8X7tMOFQxO(aNm){%h> z3fSkBXJou{VcB$XG(yIKG_>CnBY8F7H*f1-Q|8;O4$S!j-Q9jrmO?k1$Z90g<8;Yf zMe(SbnZhsVf#C{evtCj8Q5h%|cwE5&o(jsGci}=ibx4+d`SFGAOW2EafkF*$zz(L` zBFtDJ5W%C9^#%pN#R1+$e-B#eyrI}%GoaX)NUj&16Li<(Zk6Hv17%8+rtL4X5*`# z`iNmH@7}bSmHfT;^N7 z3}+>vi-V>-co~DfR4%qnVO%x8{z5R({SLGvsCB&)Ti7q91jQ1g(z4$f6QrKiH%z=h zgin3o#0*gdj%;0XL4Ee`t!$~|DA$(?s9^uXZW4Z&`&Vm3#7&Lx=5Sp=_ZO7IqxJ~d zjcE2bP9X^*_ltV9{66Z!Ox2+N5eh%XRp5R%Xvzm|M1ze$gFc|OqWaQIODWF(SqMLo zc!r?B7U1IiHctjY8Bo3#@&T57zNCF(@TyB1feq{(vRpL&SWOL=kr!Z;*(#FXsjJv2 zA~N41eCKV?$fz#-|i6rz=vNz5`a;$oN zW#p?pS8augo>YPqARuqS{m8PHWrFXP1SwVpd*FAYaPJoOPfP_aS&H2hQau66(P)-P zqrM280glQeud3i&71O5gP2IbPZZoy76U5eTW2E|~>Kchekg=IRj8#yGf*hg%f%+9Y zeA4e-Qlp1@B1^Wj9Q7_OM4394?zR~B$UCzd*m&Wl&&iHq5^Az!_nLxa|E>b&?Iy;< zo?wz;WD74uC^NApYal^(UEDD#67poH-qT z?lf`4WJAlQHNC4ao#fHu>0v9v($2y5K|kk#4k<2nelii?q`Hx6baKG|@QaAJy|8`> z?iTAjKOe?#IYjOf2JTu=Xl%^C4i=#{^1M?4abwG?i$?3LMICQX*jtb^k^7$%94R<< z?#ihkm4X-UA}f=rl@*YGO}6W*`*14|wMJ(Zb_it}}62|IRYJTC6jU#oo7_=iE}2md0n= z!Iis~jXnh>RJ~V6W>}^BPz|kZhu4yL-WT8QTX5opkYt%6j?&Z^_vlb4AJ5jR(ABpV zubf}rB4^50T|d@S3>ZCK%^|TBB(pPV7gt8ywNOAtc}))E*OQ5dQ}Z}^MIqDEz4m=H z)4|$qm+RpnV#Y` zbl$|tO?e8OJ@R(t{M8E|Ht5;Wn_f?Ig6t*D0TdkAA#WEa>nC8JdJv=}g>05iFNiWt zHtAQL(o>1Ntp!2aYURrl1C`iEIFSOO(bA~Dcr z>Vcg15{b!iABG+uvm7zqkPZT#@egE1pNgv_;LKc4@^F}cnu4I8`joJOCHK81CI2&>%} zeac?$wDXnos6N(XN3QGy2i3Z4hZrK@9dE*Ff7a$j9VA1x&(XTn90V+07V6xWt@Eqx zj3pvJ_N3^zDLp|NdfcI~`Tn2-x!AhH-qt)tl~dV>1^|bho-bKtTTaG>^G$RnOn959N0_3b^oBrduqeoP)bcpp{;5WfcQJg$ttf^?I0i3OEPJ=ukmVHvz&7%( zjGG?G}<6z$7I);!`_m~>M#pSsR9CV(iS9VOrt{1QdRC>H$&t@Ab$k79b3|n)8?Xr0X=!6PA+9Zu! z9!2*e2-4$Y)6BK*rD$aUR|EJjJ1i(^dDf|yYL9I+QWVC%z00xPAFMNGO^t4O#tq=z z(@Ym76j162FpA&fgb&d|ik|70$Uy{ZlSa3!IHpza>5S6z=tba3qOHe~*MaWgk#%BE zHvj3b$O{~RT94vEiN-?`dc2%oA(uK7t*-jIzW$W&$zTV)D43JRbMe`#)$V7MMDr46 zqOxflmv=mw-@d{iijNy#`d(y>>@sM}>4J37Ju!+TlRQu!Itd zUNF3PLXxwbD|w&BL*|>GHrV`SCr1RZzilPkd2kofwrF8ZsIz&=2#PA@?a%hVDUL?- zet&N@I3(;|0Q!?Cb-N9=;N4Dn;!=Fxwe*)Zhw0$Y@GN#OE_FVqBI_yK z_nb=;6lT6B>knr#mkE{c>Vy#4h;Y$71%o(pV%!l2E0uderm&Oc8|Dhq%;-G;{%5rP4gh$_bOH@28OEOsn$Z^DAQj% zF|A&)N)8OY*+DH^`YOm!s}mLZ>#Y_5NX$_s#b^VGiM?Y;R504q0`g^0_DmDLT@kQ1 zhxa~gBb=k3v;M@YrEdH+7FN4pn5kSGs{8YQmq~b>efSQAQ&yJB! z6`a?N$KDh^*MA%(-`MD{e)Fb*0Ph}I-$+(X=m%lXDE+`?n^Ay05L?*Xthr)jcg>%Am=4_^HV?Nk5__*=F{Y^S```0dT@db+th~tZHuh|{F*C+f@7*#=4ji{joC8lG+{s9cGVf3{Je|n$ z|M3{*#sMEG=@TzZ4(5>cs>sqm<5et8|Ms8eYIE$U=aXBN^cdC2v_}|uvfJyvK}n5; z{jc@&mxH(F`21rkG=2NG*XDPG=IYmchdAIr)urT@|ZZQFF)LpOQOZ zUb{C@-|rLgYTr)cS>VMVjeW#t4Y>8fxefn5xVG)@i+48v^XAE~`7gGN{Qf>p}BRJ@uM7(-;Cxf-Kk9_TmGU-2&9UjH4yX`;!w5ADT4g> zMM9en&w>40if8|Od8bZQ`wv3)_anQU#e|NTtcPT__0kR?gFst4OuIYG?)uXuIG>OT zaS5;bh`DvAl}AA7b=&hDG8;YbTODlX5Zhjl>5$uL>(}Yn-8ubkC*2Rs-QpGbsFSbP z#Ww43J%O?NaSvt(a~Rin#Q5sB%e)$@)tA{`Uwk+o9YotswBOM^#&qV}S+n)J{h7>} zEdc@XwQfP(-yFpzO~|{h%U`;7)Nvtet&#NE4jo0%R1D(bL5Jm_rCc0Xg;hPoS(B!R zCvg_8T|j}{$?o9pea1kZNgTMSgBrK?HrB zyoE5<1`Yf49?Ai{_yv(F@#n6dA0jcYT3jOT%C+vYwU=t`u5)h8;f9KNP2jZ0GZTaQ zHETuyYqfL@AmNst<+)3fit^?q(zt+_QgnEAXhDiM3=i*!aVuCRD_>EK2R;U(0cv#U z97ep@8j!3NP}9BPogU5oz@e;AiuG`CKoWkin?7=5&Wv-UWVIH9c9b$Z>=O!76{M7z zA>0&bMGm=y$qYV$&4}@>j1FuGH*HBWoZ&&g@Ye6=HJsKY4y`7qZf-iC-PPz(@@gMo zsE}qO`8!lC%uw7}P0kWZm?)m{n2ln19iN(zf)CxmDZ}|ohVz#{oOc24+FE(zA4kyL zo|;u%m8#0W_k*f~l8it~XbO47YqGxJ29p31T5K=qd0&;>h)mq8S)SO}6%O#LrE`P_ z4||{e^lDyR!i~aC{6couWB9<+vPh4ZuC|~Xqwvkwz<`duWaEV7z`VdG-7`JgBOKs} z4kMoz*@2(4Z@o)8{~orO6@Tgb^n)WMfaQc_p;j+fb>QQ?*1yvbX3;H=pJ#S<+!}%{ zzGVvtALUEGl6PMsHZ%tlt)8G_eD11I;nW&!1F3m;EtRY^=ROM3m%| z+a_|cvYV{~+OKO730Yb^;jU}Ivj4sVDn?bR47eNh!|+BT&3&pe%4@gGWxut>71 zi88C2&y5qu=2XMzh0xHl=_`wMg;8ex=2vRPruRUx?tItA;_&wm^HHZ-}YREqZ z{S_5%;~KFt+C&y=9tWEI0ebK5H_b6+cvGFDTbChfgcetf((U(7Dk9}=f(fkUb!%Jd`IM!U>)6s#y5fGSE3gG>gHb&+xHBa z;NYb78U2(Y6W#-1#GU2l!K%6Q!_tfNLvI`3ysN!rf3Cl*s}zr=#1w}|`Syr)Ba{W$ z9i3kb3`NJR(}xVpqqb~~E_Ax5m*b`}65Z9CJj6dKb_S>^f>`uC`&<=)@*x55$ZBu$ zRJ>C!G=BxaPXMT^1+XE~T_9&ihdLgp&X3?1CWq$R)&S0N(o}#d5>i5ewL?LSFZ z^v{DAgWke|&|%WUrh)(-_?{0$3Mt9eRmnU`avRyX2&Z9CL{UMqpduNiq^8VG*8v|` zQ*T)NumzA%Ej{us{B~B}5_{>*={2tui`Z>YbQ?u9To8&vg5bZjL$W`D^V$mjxY9EF zUcoX^pzE+zU{A9tK~5;5{C(_U3k|dsNK&xJi`(*E(cF%e!?T1G5wJ^#M>khXlR_7- zE~}3qKqgkAna?XYB9&~PPN&F50w?n31BaGr1qpnCU5<1$Kn^Ep{S_n1VzP$!HQ)@tb>kYPX6zE&bRaNUF&=~Uz4@=O7>p++0VZ3 z-+f(@6IE|XHE%C_dhf0(l0WI{lheYgmS|!A7+#oK<=GialuNp1Sm)94*;7@A>$$Y) z5hzGt%$)lw4qP}S^{(i)8>~w16camvHkZXh89rJA`k%I90n$Z6al8;;l7pWEXns2A zEB^RzoAF^n(Lcw;OG2td1+miN_399ah1$2Gsr+U7Ew&Wdh^C5oKn1nZ(rVC&_Vq%rcSV(m0 zGPX9rE(96<3%{fXGR7`jvZY=;#bL} zh3x8CJt^;pFiUoQeg(deS?%Xq{XzsVFr<{fBD)7)sxg`EK$$rv&Cy76Cx`gS$ZBF^ zj!^nzzy66yf!U99csH|U_-vwtC+ZZ5l-PuNqJeK# z+^~tk zt{h$bcqSIZt4`#Ji5M8quFgzZS*pO<6%%JLt8-O2N|7`lz#nhziwCOn$6l5ER_S#N zV4a-EWflA&iK#3snny^Wi-~NIFb0=Tn%-#CsU7b&~Sgn-iva6H%VjL!3#H`NFmgcG6cy{i(*;6$! z9=EzuLK?E%{_3x6=Bp(Nkb7o`_;|(akm}4HG1vpH(%{os>=truVvc_CuPPMaS4#)x zFRLo!!ECy;Od;{6<2~XqGkPVDDBjZoXJ#ThY(iiyxLk>!J!IbN=XrLl62}&=z$}k> zo+GDXW|JRgFwWzr6o1qKARx)*e^~VhFh#BJe@Q(187O{KS){r4?+L5yw^dd|@W&IW zXAibBx2g=NS|^bJKKeu57d;nUdntK(ZmTIBzY33A!Y&F+O%fF`Su#vAzJ;O`ad{tf z-fX}v6?d?W!C)cjfL*DV%- zs0v0pLH+nWiwLxhH{*uh#0cwnywV4gRU{O2nv@o4!D#t1J65IesE8$|L zEdwNY8F1K}@KygZO04Zl@5ZsNmdPps`sl7vT8ks0+I_M08byKj@jC%9dq}!!dNWli zT3AsX%Ek3Bk{zN)z*XiWXu%ldN(6TFN+0%1JAo#EreF zRI=s~D2RkOj_lm;*Wmx_jLr3Azz%#2E8$Z}2yAp?*Etj1kN z`9vAO(%^HIl*Oyk3m$4nt(Y^GJ)e!ynIdmibqA$hJ7Sn~| z^coW)R#`}whOFzvO~>ZeU^h9r3wKJ|=MGS1nD-DqZ+ge+gA&IQAn*6e61vpS1@y|q z`^Sol1o-}A(rlr~Q;2_zBf(hEYSnYQElrKZcdrsK6<_2NOp;T}twImM zNwK-`Axa_|IZB3FLL|8+DFapd_Fu1W3Ft8YM479Ln}y z+#C@BH3fx1jlFv79tXBNa9!jfbhv){5H(${ouFFTG&mip*pU5oovg)-bq#3y8usnI zyHo1OmHPRx5i_r%?$uxf8GYE^0D%2Gp@ojJ{7-h)_OmmNTogI@(zh%(!7}Cs+)s*_ zAKGGr-Ny5#6RGx*|G^NYy25D~aV=jopZw6bVqnJWN+V7Nt7ZzYx}@Tt6&)7KPB|V z+Ms_{S5p(>ayMUq7koB^^DLGCWNw+Uh=)FfeSh4>C72}@$NTW+p#x4Y$Mjnj zw;YZJ=fD`5@8=wnK=t|Ty{4%p7Cqv^M|hEV-A?v@zw#^LU&?g{A!Dk zj9aa@QA?Y^t@4df>8+?3cHEuh*RGH52Le^0!vzf>(M}#b-^#k#3W8BWx$?>Ypdy>jRvLIc+m66iI`vo;{(9WKP>FZr8YX zjb%R4$(hp7{s7IZScfF}b64*s{qA}sGAk0tY+~0frkiSFL+=7N>R*mLzFmbBt;Z^N zFWJ*Ac7McP=xu-fwqW57n^dz6Yp7*yw}RBOpHh4`zJKuA1FOX%gLRMOg8t~*f;)8v zjcQ71y_d_jhtmD*mB#anhl%8$1o*a)CZHTzp3JId_p5-Eby;Qx(^pAHg{_NSz(uj= zqW#i^I|Wp=#kd0RkF5;NZFM9OD`Y`x<_x2xcZ(l9-0te<*Yi%OM4Uq$jT^X7V?_>F zmV*!I)`}m7-*VoT7!&NV_S~jfQ3ihJxyZwNm^R!=s>zb-=k!$7^9S@t||1Tmyx3)d7_>*|TWo|LWF9<|Sa<3BuXjIaJC6F^sZrj+&O)Eq`zk!MI_?lN#o zN1!)V57-Ia6WtOy13(v2MW&gFucW5jw5I5FX3Ya4m z%X)AZ4;@_nnbaSkcCcTvYjE}{;HufrQz3jzLIZ)uU`LJw*Mk}zS|OKo_Ei&dUX(sm z;dcBIRo*VYCW{%gy-_4+U^@%SUG)Xr^sDXuCkofRnqEkJ?|zDmWm?btgl)x~sn0|h zGGtxbINNwTm0t!khW6J5$@k|@IYgK^astj6ks4%5NRw(4r{D88zx@VRtt)peAd2bK(jKO9oe}ii8An9IKMOM zNKB#xMoE`O>lZ)qSQOnEOA3eKtpc3!Vf+mtN`8FcTOGuihJ+MTg>?3Aw~uN{QNtE?Wwl^>^ff&F#?`n$Wb@R3 z)mOGiV_T?>>02_14@aTJ`ZcPaNvLu{8{N&?u!n%E_|z1EEfgLV7rCnU{+h>xXpsOzI|dKFQi(ej7a!VQl6L@Tqwz=8 zmvtD*co7nitu`#wtCIcXLGM z^L$ab9;+)k`V5F#Um1LxJ;gOVfAPMNdg)&dJZX0vtd%1aRN1u_2a>;p*>CKh zustT^JPthG+#ep}{CD-1x-Wa`Ij5t!yNuVv6iiwoJh8lWbMB`3GK1m%cgd1FI}xHy z|853n<5kLmzYDY|P-jt}pAcej-E? z#2CCEOYm;6d6a~iG)exEiI*lzY{!t{o7Ka%ikoKfw{ja9IXePHoLd0{p2PjySH{P> zgENjo-j8e8z5Sjn2uYF!9Tk^Xs>61U?Mkz~XURFH7y<(}uLUHmB++QqlXsna>ollu zKn)v#Z3DKscXK@hBtanq9vZRxB#LNk%iS%viTVgs;8U)|N73(2(KzHN))b&d+Wvs> z2rvxx74{`)IN&qxO)opuf0AqNudRkj-BxbIN__tN;{)HRNh=@)i?hXXVkGE#N zUl4i@>-(8OePN8)h~3O1SP!|LtzvUI5%%4sb-|Ea9qil6^{t3dr=tfPo-VpsPvpR9 zv-Wl#qZZ@mZdW<~3wtbvpk0}U6nQw|qk?3{t1VTh&a4^T*qhnd#%1>_{btdGe! zHWWvWNN+`whPj@P#hJtbk8Wk7-2omXFqle zO&@iRn?-WCN5LNZUR~cRW+9S)nCNDinq1iw^re3W+E4C$IuyFEE+EOO3=S!PL(*aU z0<^4y5Q4zp0b1xJ3K-KUS{)S1W`xQ(WCawe0ilqQ?V+#SS^YB=;)O|og}^8zc?CaEEJcoPzR13 zD0e(aZ;c9A0e@6p_3Dja@bpxozFJOOaM^&}Smv4}%$Oaq_TH<&7gRwad4c09_R!Tj z61eFwY+BJ|W-h(PhC>S;a4&IZy>a#C+5RevXlso`MxnZO#&Hz2mmFS8du_du4)5er z`POkcb+%=z{M8)BIyE(19NG&dv|`4JfdFAF$v1-hm_=c7f+8d6rfINHoaKSv*1NCZ z2NWXHfk*{FM8&5C1~-N=Tjy;-80=Q2%*?BX!=aGQ2*pcdSSu=QjBpRJyaFK+WaqhsjiN;SFDG7$GJaSzDWO3=`zp`{i0!_Mg9bs8xhwCTj3Zm;Zj9652)mLNx| z`m%21oxwGp-FElSyluH~$>i^*_x(Wy-ERgB2K;erIY!WYrVR=MsIeZL)V9m zqBw*1&_A|EUhdiz8~*Ov`E5B%kFGiTe&&-%YNe>})sff^jLbZmqC9F)|KidtFWWM( zm_Fl<@v(svd>s2P<2Q;2pFB-=181%r>30OJD*k$KD~6O**g`z|{;2x!f1Z~PsCm6d z$bK^}Z&zQrExNkpMVyP#)&29$JdRbj0xy1BapU2l7qmV1wmfZ~*Y*BMC3;AgcA9&Y zx29-KD@vX|<}E6UGsTl9k3Byh`=%Y8ThsNvZ~6NU^yPuBo9ATFO@IHY=z4X=`_;0T zH_-9pU0%AJ>i5_Get)LvFIvN=W!FA$FC;6mS9wL5#y;P&eg4k#`RB*qmrp+Zkp1E1 z$@yQP)!)xwn_hE#*KVJ02YkM~DtdR)XU)*@f6otnJ?!)A)$w0{`{=$M*ZuMV2r9r( z^<&%zv}Z$ZD#(Wo2dm&YY-CQGf>V4i(8F ze-(6mLx(VKo*Me{wj2WxFLeJNmF_zGXe&mDMBO(}T~1L$^iJvp(nT*dzEuYhr>1bg z!IoQEylRRbbHda|1)3c1H?9WhOJ6M|*tT-5RPW|jU=5u zVwN+9n&m^#aP-leH+zcza7Op1V00Ur`GomK&cmrcyj-Ii*4pK~QG_igkcxDzVT-14S3if}@OQbj!!|M^ zOiwd@&+(^IuL=EU9;^&E`NCT!d{hpFu=;D39{X-ub|JcKrhWJOw17CxsUI2L!@X~& z%KKV;N9KYNVN)DHC}Out9MLzhtS@wss()p#!bFxar{+KH-ZlT!Z74c4V8CWdZPo-~ z`$5rqU?jKT-m_bzNC0A}!6{4+{rP*38W)1%Li{1WugOkYn4tzbT%*AgqdNy7uh-g} zQ&7hN18V^4enSgB4b}%jTwqCXd0G1y6p0xGpQh)>;NF+c(UtnQ!n_@V+#4h+iGN_FZHA@&Y)L6UrXYh*0A%P{?EM=3>BD$aU^rds|ov4)>*sxfTIr zM%3y~4c7{FuOAVyRGdR{fY}XsH*udf{25okEny1W*pNw9^#ymaV@|&ZCN=@YGZb87 zEE)33@Eq;;7z0VXwAi}cu$Dun4J;FX$7T5h~zg-CET|ceN#;SJqdkpux zP632obRalrb%ii*TA|hJYlv zNxWul@X@R5H^#HSN&l(XN+fq+Be>M9LX@G91Qfx}*hc{6`YQ(Je!vB6s@?uc6xPap zf7&YlyJ)2a$9-~cSkpj&0;2Q~D4j8$9Se6=ir!q?gbIOha~1FPY|Z-LIKz?wVE)g?p|=0^z(ec!+*E$8-#|r!DUe6frzj& zI3*OY5nc}Mh*($PNKD7fy2a-gMVwhX;0p91O@OU@Ag~qYm=1)>B|d1M$qu!HW>r{g zL~wnr{|3NTtpQ?ZjUNSwHh?$w^Ifwfv=a`&`rvSs!5Eln3IRc>@N9 zlx;a`acN?%>O}VOWB%~wo!IZq5`V$njgR%0uy00Agd3o1O?h=szn#{%3;iqLfCkyk z6EA{>MQ|$y%KB!GiRtM8Nz)e^K49l88cBeiv}SuN;IM1M%-I2JOiAo?#7X~^88;9Z zF!Mr5Y-oL-mlJBoG)2$-#qm?WH%lc3vc%o`&QZlcXq3n{eX08j^m`F%ii+Jgt}LIT_QhujoJguO^=+v` zV@ZlHT4{~cUa7&Sj}2O9`l+?Sm*YAeh{oZ(HmOyLTn5f;AHi?_Va#&2nY683}FQle(I>08!{4AHFC5!cOl zim-os*<@;0ZF2n4KFqVg-K`Pgshx#{6-gGq>6n4=OdSL30(Ms2kZ~^w23_KO@ z(bL|NJt;sDx{~cdG*rFw75{z7V1cjU5PY@9ssMaVwn%w{uLn-vd1cOzd@yKUS{wU3 z1{Ua8E4C%Z#Tr_`C_2@LpdlbdxGPt?mt^v<;ONEhDS?VklMPzu6-=z%*1n#Ug*h(^ zb!&vf6`+_G_gD)rZV2^Uoj0U~SdH#i zHBa-7y4dby?-`O%LzdXwuL;sjyjzlop`(j@|4jdUGxS6H$rStF1Mj8H?>udjt5zp3 zS{6HHHkNsdB-ux9WnO6=Hx8bM?8f!k0@)+)bwOe}6{+1c(N)rlT>VDOF^>yDE+tOP#(#<$J1}O?h6RK?rd(W-Jey1Y` zoAJLrM}(1*igS{AM6!ld>UGVA8c=;yEySE#+ij}!vuYu9Q-10yh)2fKcHw`8i0Oe9v_Hq9WV_a8};a&Ffo*2h94#?$KDHQ^N-%N zIlu#~hCY(@41SwO=wA3HhsGD8t49S=gI~UOnZzRakDABrbc>yO3)F^MHhLi3A|~`! z!c;j|YT8FCqR2ru0XEGi>psjtjQwK1|PtIfszkV>IGAO3_RP}WsQ{)Co%nM@Y&X{CEUZ15n!oCC4U(aFom?SiB1Rz{=1gkh1 z(TS*Ht0IeLG-5zqim&vuLyg`{Iv__eqrG~nY~M^rev<-Q6>3DqcD9G|OL2=IHX6k7 zMB{pjrWGa#zZOz$zBrbu@iZ8z%-#99Ccm2F!I0)mA6E zx^C!9dTGv6k%f=n(ODbN`Aq(SZ1}qSGM}9 zPyjUOX}%Q#j2OU#407Hf^;5O^%h-rj_ZHWGdG+4>=avPkF_I+Px%{4Zx8nBPJHsc) zF7p5!*!l48N&MiZUFy9&%H*lYkAtlE1nWCI$-dDrj9Lk_8}IKl@TyJN{Op;~fPOSH z2&kN8>PX%h`KJ6t%hJDsqWAB#eqyE{I+3x0?=C=1^s)?dfV24Y!qTccJCWjSw9|#3Vu~S8h`+_ zKQ(w8M1bLlN<4oGg>K8YEW;K7_-xSiI)Pl+-y%BWMbW4GyRP6Zc zb6R$b#N1kqFX`?FtpAd>=p$P&MQPwh+-K_;Hd4DRU|&YP+G|`So#n%n|G+^^h7m5L zXvgj5GXb#|>dvJm>@(X1Tn@N3VqiPSPTT+>%*qqgC9R8ZSPN@|gH8~l=+~{UXWq*+ zM+u*Gp;?AIa3FttqCV!mgYkllL2d|ES(>!Z1d|~lXKEGilc$el*yckis+zUV5~DR! zu#>QjNC*&|dZfhJ|J0ncxEgYN!~PS&tqtIBi?6`WA(v;aACb)>J~L8}!H_ro!8I`x zi5o8S7!&@8@0(z0TQEG>O3`QxUJ-Rws^|{ zix0d3n5hTpwno?%-wAWhaXwYr@qFWb;POnFFUE*@X4}JBMOIGHgd4y48RqoQ9pz99 zbDoF^Z#Hs>MTCu`?SSnA%sA!gW^dX-QaJHb7}Dq;&xltrE{x`#Lho*CUO-#rWjmXh4Pu08%Qn>8_5r zN`R(!PTa-_%QSyt5~Lra=3vNqfL4YfX8>9SGm~pbkV&nulvn<3w$5P0h8Km{Y)QX7Ocn3 zVM@eK4Y{>LOq7tVbo@Hv%f!H>=OE>iJyYPUn?O7SU>=UZSHDmTVMl#LjfpS>5FLPi zQV?%}{mg#2qA^K7a})v)T*;sZb2qAW@&PD?#%^Ex-J%k4|9*7h_}GU&Mj{ysc@7R44E%>i{!9N-HKSd;A(gNyN{=vWP{+?K%OXBZDaYliO zF3A^6Pbbd!YKJ6~c%_M!O;|sYXtzA2L!mm#6J8OKWaUYrDH>-R|a; zeWw@amoHv-ck$`wg(u3FTs)n0;p>vi$%zBy={J)X-1wS)w|xGc@}*Di#z_Jfp8C4< z&E44NU(?Nz_-8ld>kPcV_0C54J`+v+ZRF7~yN{%R^ z8MxM0&>b&Vo4d#N_9SFok=b&7D`Pai7?Qdq>`7NNzKpAyk#Q-2vF+8onqbdmHmRpF zE##T?mJ-*UGtw5VCkgH{jl>bng4oTnvcq?& zh77&MEx8l7#hjJRn7LhYgF<4i=(*;=72^Ygy?9eWk@xp8HvXJ=nRm0{_*#oAlvdLy zyoc25@*B;BJ-Oc`G*v+dBT{S3Leyiu8Gx8<9L&a;Be3bh+A`s>H1U>0Y==nMQRUZ2 zu3=oj?)Cdw;ETOBZ2HcmKbP*c@d_FGHD4HkkW7aC2({0+HmQGj{l^zR`&cHjW7g}w z3579~*qv{^d^4bDIF_>VYva@WVkUf(7kFBp*V z>}BdJdY^H!<~I^LF&y-=BWoB4y@uT5H#W1jp)SAe&rBv?4j7x`^qb4GXuoz=J1%l# zV!C4}Uzk?!9cSTO6R?Z-tTyVG;zeB$K6f8!e$VY4hW5e^EswS0(0+7rJ6*hVOZgiY zMSAVdmpf>i9=Pm+cV5fhf%Lseg=I{q8?2Brm1u4D^+N{~#oxYX?@crQ@_OeA={Z-0 zLz3QKE*%_^KvlHJO7C|^oo>0fcmJc&`zsT-1ljC?xA+T91=bPv9e_Tk;H;x7Bh1vk z^Zf~3L3hXpu!S<7otl0vRLl_WCt4$Y*FrCrWkee1@Bi{l#&t|ft{scJs*!WOL-*Cp zPnjF(_+0oohGy$U=%|~BfA?2I^x?6N(+~SYUTiB7`rmS%t-`>%ROs-eVx_lLXG@Jo z8LO|bHZ*5H?(_G4%dxb6263bD+b8{W!vfV+$e^3uV&vrEhh%p)-e4`{zuk|z+6?^Z zmOmV^z$6H}z(?Blz%n{dGjb#JbO>m*81GyNAoXGa3N2+@tM3?%KH7d8pY-2?V`o1p zyH^_qqKj@*1K8-jBVsvl@1%KC-yQEMeF)#CV5)m8Hb&mpOf1&1`v7X>Cz?GFzKKKD zVHymG{=(I>|67;(#J+#2;Zl5B)gqF`3&D2-#|k~_Z_kEb;x1jcaGk-chH+?8TsR*3 zX77zF-zN`09~T$+r0*FZ_!M-nr#-o-tDc$3Ej`k4qyYgjz+Ke zvP`q_ifHE$qnhx@xlAG!;kHb4)q6~uKRhXRWW*8}yp;}2fMdmMlPzp@q%Kul&eum) zsgDJQEfrCoKTVoNtpKS3L!9hR;KVBcvV3g7%&zTva1$0zNy8XnBczN9n9-m?oX-eB z!(oiN8;A<*%&1!dW$HVyebgW9n&1^2h>L9()$O_*; z^pj^8ADxag6WrH1(n8ea8vbi%g$DYRt|UE9AF!GVm3f7rNF)mmCDn?Iy#fsLJ5k(8 zHgS=2zgc1GI3eIFXquW~yiWDnc{a!2T!F!qo>j9=I0z|c1Wr>AIGctMQ|7fFc=$fT z?w9IzSdwUezEDkY46B*F!oleKQ8E6TNvlD<|K2(|$KcW@D7?qf?4yhj+z~*soZ9Bh zl#49cBAE{lgWcuOlILvDfUl&=gq6#DeGwrUfs;|h^%5J$4H26bPxl#EG>UOQ)v7J* zLCb8WNHc*NDr6CspYmkEbmpG?s6ophL4*r2h-PyXaHMC*W$NE|v*E0M665+mPft!JgUjDiLm5{E4Rr z7AV!=L#Bn8>3h)THLp5sc%q)y!-UOb{WEW6Y$?o<47^fDA>T~I2qw0C#fu3W?xR@9 zuzU?WJFJ&O4UuCGOdjZ@?sHg8+-LcQ72{sX7MTuB47^pS{88UvkshFDGL8>qv>l;n zI99{-=-P`8)PSSRAOlOa(|87Lb&ftm#3zK(d@-_VpU(6Hqd91Jq|I>Wi*;Vw%OTGk zYW}R}SbW!Bv0AK^1XrH6yIe!?apnLf6N-@%fs8u`_6%5Ujk0NjldsQp?61xHS#y^# zbBN;@URY2xIziI?JK#5X{ar;*CdEns`8eOqFM8qhdsa>#LmgL`c|T*V4+i>p6#i|Y z01TcBt2<^a&2=2ZaOO!w;1sGD&rZMN~5)hq&g4g<8sQ z#ZxW$F<{1RJ)?EmN9n=|EQyc1vSfS-Ij+x`@JGdsbc##kaqaJEaC-fZ#4DX^@jf-;Dy8H~SuY2m z(E;Z51nNv10j`RPw{6wnc$zUo61$IbMpea~9wRLp)5mi0?X4B}FbH($m z@A6>A`UKi?Mh5)doEPr!k;b3mFkYu#wo#1KLkIPsM+N-SV1!Dz`wtSPH}m@rX<8j2P14<-#iOre`({z<=f#2GZ3`(jvw$e+KwtUa zXNJx9fxJkR_*I$nZoA>%Y6Igb&|V4m^0Dcx-0vy_MUW?90!&u=&}G=)0$hjd>Zjid zGhX65oCr^YNDGwUGA-?8B7rQ=zhIsc&INaU2D_qHJIb(qXYd!8;^r&VR3%`hBKk7K zfAa|svh(gH(tWg!YYX`pZ6k}dyPR;Lge z>*OVMEZOX8z*GYdO)aav3wo@@)4IV8#I^fWwogP5iCxBUlZmEFW+}-#dSoBImXMXW zQiiO4l8ErjsaItmUY5cggf;DTR{B%UcRSc4J1LB!35drkN?_;rK6L~4{bFT#>N)|@l#oO z-CNx=Amb^*tRaIeJyl9!*rf!5CUL*B@u?WD9GmkPMSP|}KjrU!Lr9tmUx?X&B{OW~ z@Of;`eJQRBo70QothD&OLA3iR`QPdJWG(J7R+VrL|MVLvMh`1v!t+%4)7gcyKA8oD zkTPD+^*dAI%f|0P zcVubFz!23}31q4A(?aowz7ZCvp*eC~w00`BTdL?WwraQ<% zV+zRlT$dFo?am<-j3oD`Khy}P_hVEg;55k_RJFE&4S5` zkeYJ>QUsmwcVMaM6ddPfka54XJqJo);-uQrZHb92W*KD_X*nA?lPoL7id91VEFr;i zRSBXJ{_Uc4JYNz}P4YA$SiIi*-!;ZQf!kU(62UAX-UrD-!XMMPBvti*Fv>!WBnoXk zBlbk7Z1>!TteB)Rb<|%%O1TmrB!I_L>8oB)aeh?W+msx@!i^0C3yBRX(tdQqaW-(G zAxj{nsRh6aN61ZpXi=(O+GInA{&l6NXVIeBpqT) z;~Hz-6krJuTU8{b(14Y;9OgjX{7uQO+r|OJk`3~il$T0m#~{5AYSM$!2nk?3pK|Ri zux+8SD<8~KleeG2&sP54v<}dV&LdUCF110gy5J+qx7RlUw;Ntp&ADhI9nSSB8vqvo zRb49LhKc5cnjHsI2)4{<<8C77z}s?&7MDwAZIHE%bO`m$+2 zDq-KgRrjKi87d;5(fp?eiKg0hER7&KM_d})e2P@{c`*SuM5Qr{0EXf3TJrDef?jss z?R|u@8r;bokdCL5Q(ZZ=^TQs2WTDSTWZpLZ= zIbR|Ssog&$eCv+d>Z@~t@{;=?GKIsfk6JiYvv?*lAh$g`)V@!+Z^gguwi?)}T3Adc zc>N}pJDzHtqb9g3U~JDO@*=BDO8 zXX6oi%l9c#!uP!ILhsD#mL^hb=4IrMZ{V7ht=of++fMnIYV$HK8~hOsn(CEa-*f+_ zSCZMykLk^Is5+9}^_*`=Jffn#E39MV_Z}dGqAlB9yDnPh_@baLX7$`5>f|SV!mQvU zo5UG{OjWJqk3a!xa8Y28-+N_Pki9_w{P)P!gpJ#gh<+z0DG zTZ|+o)}^znQ}Wx#Lvg?7lg`SB1MHq{Gs(7so+NosaP^*GLUp*6at;b?TXOE-kHB&z z`Rv9h4RKo=lXjI!%94}*($MZH4R4@`o|`LJLk}-C(3`Wu7_z)ni?Q1 z1@P#(3yzu#tMf#C7pQm8^*Av0+{xa`AH5`_i+3IYcMXVR`LwP2R|x_64U@8l{%0+p z)~^ZL{o_yr{jeU4`~KafDbGLL0Fb~3aD1@Uz^?xj4FeqinR(>LjXy#iAYTnZsIzQ2 z_8qa+G+ExTD78#U#%!|Eur7@{pyDKa0^n_morSb+cg_9uE%(CIvFQPF!cOALhfatx zzv)e1uN?Y|c%zIqQGupE4M_mOl!`ZE11La#Ek6K_c;sSR|L~;$+Xw5#e$J@t z*UN!D&%o;j6mV1L?SJh}HftW-Ac8{N3k{`|4-!$R6&)e+>91Qx-dq?7oHD%iW#r@t zkf|aadVyHTS=RE~o`s_SWPkj~KN6Y&TJVvBX$5)=sLPSxMXqotpYT|}t%^k+WfvOD zL&+zNt~?xEQv}Y|NSs<*v*?ra=#{oDhRyVTNLTM|%*KahzUo4Op^u;iaD2s^`&2Ke z;d^cnrNB)9E*lo>NwP75!S4|WSxcTZNj@rV;k^gusCUh6H7wLLe^e4;&=vz5_KL4Gx<++upF~?4fdTYOk=feC%jwtSiwRAh$_Ny5U`^I+*rO8HzMiLZP`z2W0_1FNh1>(~uxT@N8< zPZAsX9** znf6wKW=n#S`jYwVzezA&P8-w!1PtgnVehQXsK@k8Hb6h2PssK3?dt90KiAA{z}@T& z>(YQ4+*>APDIFm2;rrUGm^~rOp90j|UuoEU-)k@8e_cA{@drt`{^b-cR~>+S1nGMB znv#eYes$gaY}ssrzwGPgONaw3cQ???LB3VF+gn!XzgkTk)+v)HZbh&!2I32AC% z2~VmAg#ndC%tgGEs4rr9Eq!g6 za8OxUXBrU@lVIr=6)iPbCHShJ5Az^Hl_f5=nXLQl7RQ+XtoD};sg}?GUBG?EyVptE zhhN^DJVI}_n|0~&_uC@%?nB$x(}iF18D@}UWVk|{bkEjf;cxQ<4DrBQ`pnsHW||w= z&h)d?%?sbi;M5%}D>K$ElV@9>PTcV7XxQt&?gCOr4`xCPHOXOireB3?ap&VRywY#% zPcQpJTXSz#ROs^rW9K}LBeiQ3ZAeGS1}l~ap_AiKx)ljI7u}LvZ}QTnu#%&-rwhii z3};u4Trr6aAve24&cMX1 z>JXMg?Ar8o6ICXWIei9eA2&2w6!lzN)o5QLbc#*6BFkvp`02Y7!JMTL)K)x>y{$8I zR1`QEtZbUNa=oHwqG|_Y*%Zgn-K~!+s`_O#Aqi}69gQoxqOX`mO}?m-G14s$+Qnv0 zi(1y3AClY(dW$A*b-FU;Y+v+N*0zOpu7(3ye(EG7#5v)*uNkIJx1~A19(*P-yhpj+ zM#Z%4B>ZfgUnRwv|7=I?`nMd=l%)oD)_VC4vg_xCUEA6$MFE_{%Jp?FYjuZEatHgQ z^TeJ`RNI;HY4Kqzh!_ME1vN~9;t&)86}MpqMGcCIb3{~B+(t!ZyHz^h`Fefb zKTfZ8)>-|p`*)I+s`b37ywCIA*L_O?42H2Nv;07iVV*U?iba|Og{yy@z{_}fwg>0_ zw5CG%CP=@tytZjBw1*5^Y`NmZd*Mlg zScRLDlv_Ufqw!LojPkiD*kQ)KaM!4%_K!MF-Sm&fMGWC=#PTN9AN?^WTqi)RnoMia!GrSmYV?rewCPiUo}5@1$m3MUVin-*j+-c0lQ!LJAc7S);T}%is1+X~$yL;&ey>k~zXBq}X z-Eyr=tB;g_*CMp~C8fFNLQY5(?2eGP%ue)x7EC9zJ6YDqtC-9>R>Ve5#^9~?y zer{qlb;QqTl6A*DRc3A~>oT5H6ov!-RO=ZDPO6cA40HVKL&PQ`{!*q;g^rV>XdGa~ zAxTEeP->z^0Tf&I6<*H~nY_1$;4=zpM&*XkkBEep!y%+=WU?If0h+vv>K(ftBLi^W zQ+{|;F<%&(`uaCFF)*Deix3b5Lx{4(<+Jx z=lzml;w;35Po)_B;c0UQ8(i^l7o^+y7ER-Wx=&@en8}w~>t;YwoEkMR_dae8-{1JB zT5OQI`1Cfr)LDMxH;BP$lczK|tgvRyv6=3ogeBi~p9LRk@%WT=lON0~6?Pa_4S5T* zXVGb8zGr$Uc2hD+SI)}w{DsIbFGt8H)wp?1?{U2=QDrBsQ5VA3z?=jzxqin(!%X3s z-fQn&Yp&Eb9_J7?&vYA{E zjUS0p9?%+xna`|MM6rhm3lNmsR6CA51By>6teiQq9qBU=Cgmx%L{&lDteMopv)a#1 z1$kfergy~!Z+KZSV9&iW<=LykH0BFqL9>C#zK<9cxnd|XK7arTx zq<_^b{DvRdIWOj{MHN1F(2v^7Ky6;P{PE$t4qH@4A6eN!56m+CNNZFmCs_F8ZfF~X zwtl1UZr?mR!>L>=6@TAI!ptoYcJ!V3JN*gJ{BsK!eeK%OSzcikekr^?x@r`n^dcBh zXuE9O1hwZ*73N0&d+GvNs{WV^gD%L3p5LQp_*P+pV|PZs{3*(R>$CXD``Q+bKLu9C zg=l!cn|4egHMJP9^BWqok|9+Q%r~=@-)_4=f(~3#76v5ab$cgPA z%=9(K84dO}yg!V|n4LGWtvDL;XJzY>)!CyF{vfK`V3MZUT^qzvpY1`4@u2%18W%<MdoKOK3l_5PW^QMrkabotrn_{$R;z<-V$+da{Ez2*6d=zkkN zX&i7ke;(KVj<#25=N*3j&F>1;TpJwiLGI67mnZ;o0aA7GJYQFco$4eb9G+nr)8#NU z;X7Q$$sYtno2Vn&Cfko71ewo4NN=lg-RR_@7Q-r3dY3_N7rnd-MH61V&^7BN)MYLl z)AhP~`WiW>Sr=(`wpd_##`9Oz^)Fw^=L5X!o*WwAL`4xRWfxC$JmcTJ(d7!yC4iROJnQW1|L$M2v7YO7Req#j7wA@&s51daEbA6@ z_B{C7GhgE*Xw~cQ&V5i9Ft&_KOZN*T_k0jv^APr`)^cCPbJy1OXr)p^6S@PrUDiq6 zT2sB@)1{%lz00_LQBi%%llr35`(kpt!g2%el?8rw>08m;moVD5a-wh5bl+-pKcCj0 zXw|>Qy?-sYKPjqzT~h!0^!^RG{mJG18|(X1TKhNk_NR{aZ=UGiGTpxwJs_YBq*)DY zb065w9Y~KF*pW1lkv_09cObKTAgg|0SL;A_??BGz!0w5GJ<|hw(SrzWP-rzMavv0P z2Xmta^O6Sh(+4HFg9YV-h4q6)t%I}sdIyU~2lr15mP`*GKo3c$g7vM2^l3w7+(p7) zofSz#6=6e%a~JJS5*?`@I$AyCTs%}gx@ad2+^ZfsfeziPz&WbVA9KG^=QNPbyU~zz zW49V-qh45Fe&bYUf3{q*yW_^0-q6M<=ziUe^XQw&NjF+Lap$IQ$hkLLeSigBH}56x!~)_;T;f&h)@5387aj%a%^mJf4|}*Q ztUqUXsD8MyXt@2%@bKuc+2!G@PlxZE8NQ9aH8L7DVs-0YPS`!}t^4j__mgft9A5k| z_tvARn_cdUANSsRJaO~M@U7>+LYtq4MxE^p9h$y1{&bOwcKfVV_^YJbho=|i%q*JB zxn1LQ<4tRLIaz4K7di2vj}zga&}ZX1Z-4F#dCNB3{}U-Yg;b#yd`Vw=AlK2n{Laj1 z&yUun`^otKt3CPODiZo%N@dIe9;gK{G%^14GDDbxUB9cX6iFqN|YR z5;Tf0eHCzkMw#L=Wc0AYl^+NIh`?aiBPk+J>}uaKz~5Lw>Wr6HJN}HNm^EUaC$4)Vr=1MgL?}` z8c2)rG}`=Xc6k^%w~J+%8W}SuZk`XBe?3QOZRED`c{n9G2NlyEOflMp=uj93C{<>s zx0I8~;z`;GektwT$}`?6Vcc1=#=eQf`!q!#MCK)C9l_`woI9v%{?Fb|Zqvhs2JSb} z8}Y9wOsg|H{r%nYR4+J8>ERQcuU(R|Jvv^MaIpUpyE1=Mmb8oUuH2QAjX#1boSPoz zDa{Y!*4^4(^}6xIUPh`)WdCV6k%RwiZl_yF{$qaIdm0`padqZu=3Bo0od#)%V9n94i4nM^4vd$8CfR< z>ke%`eF`GGHA($z0`~_eSD-3nq8iAn$of$6xk`|bQ*FtRZtUhjgo#sjQleY(yWD-O z4DVA!>zRj1l#`rUduwtsG0EnTRjZehG<`(d%c z&fm-YbWY;$6?<;`-c4p`!R}ppjZw=eZh0N7N7p;b$I+Iz7<6DI~s<4Yh_Gm)gXEdgQAMf}i zRh&7`JBf*Qd&YCy|Mtz4OAl5rRlC^p39Te{N;F5&|L9@V#r^ZnkMe{ZJ+5Dg`^C(A z|9C2_GfGM?@c+>i-!Ior+Zhqc0k5r zT7fOS+^ywJ^`K!ub>2a?nyljdnVkR*uC)vlZ%wkVc z;yLC}JiG5lI*a5Zm4P0~d7dX<<`N5-C^}tX+LTDLb!XcAIqheAx24F6rkRwD1)0N$ zuPxFes8WK231uNZLC6?Ub=kD0Y4V-@jT<}e1?UU#DJ&F`GNvF$f2OkO3Y0w$ZJQ|t zbZ8bk5tf3pN5Azag^M;TKu9Tm`+pb8n26moJy&_&2AVUX>Cqg&%OE=uv@?di3U9*^ z#okKHGrpj0wT2zQnyFU3wt^8ncvQ>T85~EQRh> zUdft?FJ|7OL37#+9cs$?{9Axt_E?YQ_ngyU4BYQ^PCbh(+r|Xrr}7M5eFfM_Vx#S2 zCrL!j89a^YtS6}RjCQHz<*7=p4FdE|bMpQalz}LH5Sy#qw_Q*JYAFKTPLE*l!+pnJ zzw9cbyC6$$-zl@M?V8inRX|QY$uxX|ZZZOhDX|~REd-Bs&-3mc(&-KQD-6k_OY=8J zSysPtlCau<>msS2!L$@Nf3k+`(aO)&egu$@x8l$<1AxG8fL7I2yq+CkJTexrC7r$B z?l;QkefJ@Y?@1@Hv~m66f_}HQmZgqFwCuh-Pe0*k6mGbS(cS@}!_0>fsO%!Sw>3C=9%%@C+ffulWj=kY_(Y114e9aj}-oxuTSm>Np+V+P(zX*`Ev-Z$aud-5v|_-gem#+0vsQQK?Aq*9^~^>hyv-G_9J(9B{gpShEB2dNUC# zl<6}%6pblvg1i)~wQZCv!0cp~t3j)UNph@01F7M+rPmo3o(l4^hyXCZEiZS2i??t6 z{FGeDx$NbdIr+zN+ zd25LME9n(y^xu-@baT`ai!NfQqN$vZpn~~%&c_kTo?H>WdQAb2FYTUBRxBj&1H5*P z_U=E>{-;}sm=Rla(3pz z^>n8x3T({i51(^k-|$ocT|x6$-M4w8Y8te&;Nq5Y45sb>{;pwVGeQO&i3;KNM&m0V z-f-Nmv`BoG%i!E>Dzqh$`gA=YyA97hK9W_(AS5u!e6d%E^K0HZzMH2Sa`>C%?<5nO z?NB@EgAF4OND_wAlanrl2nA$aGUiYRfX|1?9fduP2; z(=aF+LVZ5A?J(}HM#WfXQ2rFYV#{ne=4t^_lv=n|EtK`XBfvEo<(X{fB|cTgLs4Kr zrlMqcW?I1PPdvOibC-Jr7$+dT)qrG;yOLG0o=n`hl6pf~2Q)&yFeK`=5`?QD?nghzb?Q1_^!T}rVJ1^cD~ zsK*c>(*+FWQy;+?I@8Qvxo?d$%~0v90yOW$538xJY#6V?sWj9{9$eImZ^u(#E68DP zuzoUCQt!8*4f9?e7tg2mOTjoe(UGZrOtRpU0MC-?%>o)M2R~xBzd=rzQ4lav_|kSt zTP8)K1}qz>nh*p{H0L@z^^r_>qmnYgl-{MInQBm%M>Hl-pS>c@$URY?=M*a`ZFuVD zJOg9JzQ00Bk1^@SxlrsZf=NLrV=`>48g1pSZ4RKKKhrkv47B2)f&iQ*NzsGp^7jPI z5zwD7ued!4jbO3<94Oo+-jGx7Erm4yoK^}HpM?wO+dB9|YlXX0Pocuy^bfo0+c$~K zR8aU!$UZ=`5U~Ok+6p<$I|8R})N_{UC9Eh9^zwfniCW3Q`67osl%|F()QUp1a0P1Y zEwrTc@X*)+;SqGYvfNn(t;&Ekj_R6o$`dM-m12oOjn0NHW|+UVsmuy;sVWy%*>8uU zAPDL`fH$uqyBO@*25F8rI)|7MY5G?TwU2_KjDt4c=+!q*Rfk$sZ7_#A2#`jRX)LJf z;AeS|CE)lX!^`#@`(;)3tSUwes!UB-DsXj9GjmQm7F=WOP+(&3rbiW?SYIl_2%(0; z=$~0K{81T^sEsOu=BnqBjA}GdIC7ymZC4HbXpMPdjnU&8)1Ng2jd1CIG?C`OdJQD; zA8pPsF#DVI`Fs~OdbS{m*(DS!B=Ew#$jTaXE{+QGQ%AbHz+&oxf*D(js+QD2RiMvC z*Q)sp=AYeT!52^7+Wn_83eLQ^AzaJq<44`l(c=--VaT7WI}c1MYy9^TlWvUKN1R%G zD&^YI^wST{fB$74@l!ALcIAqj(Rz!c=PYkq_3XL0>cO0qm%~1d-*-HG{#i@f{c&_c z`;@9}ix$o^?BR)51Jd6wFJAa+*08kPc|(8o<;YT^MHrLK*)!JKxVZJT8 zDAol2A2;~FZ1Dciec?Z9ehGB{&qnjN@#jz7+AC*sq=T?Xrm4AQXmvxath7KQ(uo-mVWQ|UreaI|7}{dMhMvVC{Kg|+{>_rZv#(0h5^pXr4B_aKo+)pG**!(5bu_4u8#nlyz6q>k~dzRwtr_w?VC<(nn^lIrEf|ES9 z_J*Nb4s4Qco`loRc<_7dnDj+fu*uFq|6Y#qX~kXa_Q~Z@etPXQ&~Qa8^olgc?LU8z9v2;}3YWMG03#>Iv@dxA#a@EuZ(M zvhJ3L`^*m|w53hQHqdxjIpmd17ewHe6(79W*z-$+J$Unha*TcfAH{bkOz<`XiZZ&(3=sODdT+ zlAcvCuPuzPADELD<;>k0IJ9=v9zr?Dc=RPLPv1&*6<|K=?C!zRj~n=}>LgCYT`@qW_Bs%ur+7Eqn-QN_6h_2OPMfrMX$?Jl^i+A#jmYzQNUM6)3`jYu;24Z zhx$C106^jPWkKjstb6J~Did3v+{!hP9^B`2fxb;*-7{F*gJXmt8o-<{5TTddJmN%* zwd5#3;wa7lyG)k{pv;~U4N&WRkghB(p~4efW(jz3WAA<3f$4FWU0mSQQyp=fK+gii zx&=GIP_H(+utV2eq5kMVq6-x3bP7Ecuj96s8=+9Ce<3wmS;|KM))yYZXf~GLfXanQ zkAUjri$ns12dX$sCrwsu$S7|v*ET_L8Pw(?3asrf6okfyDRWW|d(4&M$ZWari#$dR z|B%l`HV|P3OU!z!<{{wtz;6X$uU3eOS4rhZKQ%R*{=ghgGus_}(hVVrf}z=Je#YVW z=Rw6d@PpU+ZFGc&`A-YvE9}^u6^-HA0?fIKTeFyP!RPwm<6u_l=;zDsF@B1 zt0%j(cCpa@gG>~W)nh_-!5G3SvQH9(nGHiAB5eT9*BFY9BPdL49)zFlGGWy8`b;Yd z?dW$54>q+%HUHjosSZ^bH__h+T{{yh9HNtM)$rFYnQ$P&rtLW zGMXARiHfu0_D6RB4t|$ zTRmuDu;o4qx|;&J#X^Q#fA`IW{Qz2mESZ1b(TOpF#Z)TLL}p-oU|#X+)|dM=-dYy? zk+B4KeeJFFB@EO&_I~_kl;0%Ui~<<>?P)gbWd(aH63Mo)=OKY2P(%AaPMWO;u~)hV z2}C$QKHYN3J2jSxRhwB=t}%KWGT>DS7SeJ7wA)Oii}G;E79fBiYY}_h7S7pPUdKq; zHjFJ-kawh`7>yj!kMcOcla6BCSd!1W(t<-rDLS61P>_YCWIHkroIJ(RIoCxF;#yvQ ztpPB?IjgoQzcU_I2I}l71J+juL_B5%dyTg2x8pWJ9DILD*9cK-VJ;Yv+2@fQPhAhJ zY1Fuz*|tTH*W0xlpM|@FTzPpfy3go(GoS74V3D>eqfOq7p$KX#Yj)Esnma2BQ_iHU zS0;8PbmXVpt0_sYw!p*MUAP=#l-8fMov-K5y*<$y|HCM2_VTb@aFnA+NTov?F9>q= zE)oqOdhLpQ1qd=+iW4hq&g0lUq;JHIAef0Vl68|_64{YXINZ*e(GmB}gfDUxY3r># z>-E$7H#DfAsHW3R8{ElZ)6BR%RhF%zJ4z`k{(+0kIiIZFQc`Gjr0k~rd7RJ2dEaUo z=K+*)%1g=yv^msTQh;|*p%d!s3)-AIH{mTnR)YwX~$cf$+u92qnx z*<9zzWS&0lh)|C;&gdHx>zbC9tXG(W#&+GNo7*vgnQM)UlM$usHnFoHQE&3&0TGr@ z?5{~AC1&=SMl&ahd}X9($^8rle1w%?j8$v*cmOrqILQIVRf7m`_hY}B+lVG1I?ppj zhz<+~2+f%TMJm<4ZTOgFdfH&4|1nZ*6QoTWlyJ2e{ zekg5M4+}FsVlU9c#Rj7MRG^L$bqI*bN0!r+=)E48C2qu)owz#0y+jr`*q$B00bYML zJC)%c>V`H^?1yTcHUR8rhn*OSn>tQzy4|zsmTEo|#y;Uu{(S%psnU+Ygrf?)`;T=W zmTPNN*`;b~krMc20pT(s0*qBD$f>ZqsQ~j%MRJydIw9mad77{!sodP%LJBqlnQpRW zwkPrYZ6b34P%5KVDNqJ#AOa!1m92(?#JE|$nB9~%TZ&fkD8)Qr{L(5@CNR=_;4Fvo zoOkfyGIV4UT35b9y9LM=Q2ZNrSnz=ifcoJOU?TtpYH9-q(q-;=t0rPOwvRF7qmh#K z8p1OkF{gW6_mc=GD0}{&}lt~v6+<p3Bj3o$E=@XDy*6GRpTEEecF|6iGG6piUK%d=*K$F6)}5)NIZ2CLAOH*tY*jX++G(L=VVSftl)(JB?$3vZXM7ox@7@kUPY`>K_wJTd3>p|6C)+a5_Y`OE?}`JJ57B_L+YP+*p}wgPiU zP0o-48>Q4Xd4!%EYG6^`Aa$ngpm-<6#qCHDr>LRyh;baA6afbEh?d?BdM*sTStdwE zPzS%;uV$6hA0}n@?_0(Ji85SPAciP+FjLWqK=B1;@vxuaUn}-qm$+X?$R%pkG}8Fo?^$Tyu9j{q2FX3xZjQ62w*qDXE(|) zETo~L2K~)z0}O&;kMrVog5V8uJPhj05R1?l(qjwaL9oc6#>O7jixUM2z*}iRwVImy zv&P)J_Im}oQBXT8g))$|-uq=*@6cZsL5NHf!f>|hWS#6~L1bn9NKnNnKn}2V$1?Hw z!}S`I$z%bwU4@2WbQM4?l^(KCVtzk5WE=q=gAZ>X+8U=JRN7^6qq3w$>$Ht!sIW$Y z6+nEhB=lk+XEpvUlY+3$=BX>QcTp?@+=}=<4F%Az_8Nq& zIAE3x)%wz7sFHNEa9?Mr=}>a=3QX~J0Tz@2S_pVu*gP~t+9_?_=uW1Etvm zpHC5)zc8uxegwGnF_AA27N)NcQBq#N5mMB1l(NRsEXp$#H2+_iz`N9}%(Uf0M-2(TbCI{| zOa5-_ij)M)+J#ZC@o8#|hK8EU#lI@RZ{3l-Qytx-I`tPfx%OnoPBlhH4zgIy?Hd>x z#)T*Y!e9ptH!~i)J56;;v-9t2WCTcKV$wA%X8)@()N$87yt;Xobvg~{Cn_yJWNsQv z*^}G4>P+@=ZO!xlv6AG@2b7jTI14rA0RM`?zhl-firveT&yQo0pUdz7AFxM;6jGph z0Ixziht{B+8GTNxVk^unU z9unU1i3EO=y)mI_Sn*m(V(rr=^8pA*mvNw}wPIZuofHcIYSCi=`%|o~2V;g+WI{6O za~l}Mr`|@eARjPPkh6#`798lIiV`jbqznUFIY2^gTF0U=EN}d*+IkqqKmd@=(_FOw z#`olR%tI&`TGp5B0Y#s1MfZRy*JJhv-`hvz)TF^F9%~3M6fuSX7^RNB{uX~oO*)ML zn%J;>rTYawVby%%AdJ(|ILRX9(=zuGb??KS;0EAf=vw@73sL|)M<4`p)ub0P91*59 zd^q-Za@=z{vA%5Z-yq~Mk9ty$+bYKusYpwd88q|G7$xZ)Ldphk4%_f}Dd?b)uq((p z0PX;X@>ru~-_dFO?gp6%ef-(!y&PQ6$EB-@PnhI9#S;z;dT>aeWd}I!Yb`IRVqkR7qk+FW>w%;#gle8JxB3mp2DqKM#yI3GI*rdJR+)5 zJ0u(bR=u;7S!i|Uc)Q|Bsm#u?+LfZd(k#R0!B~6N=JoL7RvD!aewq%TNg9d2l-kI` zWx(VIkh_1`$@B4=aXw(E28pbFd2JJ$cAvEbPy;c^{N>4;6&iN{(1e4pQ&Vn5Cg*Yh z8!2d_#L8LZl?%v+){EzJb}e3&JjlVE*1-)b-|X@@6}8+oC=61kF&YIxK&221+GCtV8P!j-zrwB_|(F5AORqM z;>7m}Qh$Ea(vo4W$){ekC~a!$B_2=#Vi@|El7rBCIi)#}@<~qExDDkUW0=l+_l`$3 z(XYVpiEnsQJ>k^nd}@XqAOn~V=KFCfRl>7~*hzf7pdk^_>Qh`bC_VlplKSy)ie{p} zNRyzlZY z0H{-0)F=Mbl>i7M*bz0gbS34!nktcfv;e?FnBupRX!;yXDdz6v4KK-WXiki$0q46=aKje@IIFeY1ywQ)sdvv3FhXkq2sN&(_A1#Y|Qg8^t9!^af^ z#8L%rRc5Rqf-dq}Do~)b18w8wIKJG+LypT(z*?nXq8zu92id!6RwXVQ{Jp@aGp$ zR&{0AG0pRq& zFh_nw-SthHtWBROQ3yetaX6yX205B1cIA=)l=)8-%n4-{gw6lC`h~ecJ>Z}JmZ1@w z=0%e}c?rWOiN5L-AHL|J1wh7Ak7rZ-etWVtzHxhW3+Acy*|Ih$;0zyYj&vZPltVt{ zjH9zy<}h8uX=(NVluI8|>OPraHyO9|qK5x{i^BTjp*dJ8n_5HB7pMSyB#g(<{0CKT zWVZ6|8Ex(iE|;)iETuWOH7pV&*f4d?=S0j%G@vJ;l6Uu58h*&?PmQ%>Ex#~;-l-OFZ$Sz)JCNm|}h zm9I^BDKo9Z1lO^s`|oYodfey$qwnn$cvG{!OoLf z%Upt$%kFHwb=2|di^wH&61Hnc8mt_7OgZ&zM_ohAqv#Lc?u#L+s(tldtpeQ_AT!JM z*f!!{f&0J(z3qt-vwZfNLd!qV&(el=%zKul7ddZLrq`dDXC=0W*zpJTzHlT#M&`Ne z4#(R}NVQl!JE1u*v^-+#vox((l6+xbG=mXm%b@0Rb(9f<+{>z%psZlc*= z!w)jEOM^pxPIx7Q)HG*d;!VUQkV#3nYsdV4bH2R$#N$ti*MC1cs|w66jo)7BW}HGzcjFUHg`B;%v_<$}Kx4`?8dJ@a}Ksbvyj$7T{_fE?TJED)Nl zQZ0sDgg7L*j!1uv4rPpE9OOp!(FahbcH@O>LCK_ogh~<*Ms8?{^Yag^#pj?wIU}t>dNne)OfhM9q=J(rwSLPDr0@OQkB6$Ow z{m(n)!NaLW!~!19qp5~^ut}_y!Plko0n(0{BooLl*CZhYw;~p$4=ul8TP!4>@qJBS zP>69tTuEmq6r?ag=pwX;ycA!~k!!$8zB#;Cm4sb|K)REWI+L@?V3!YqFw`pkk%PcG zyUj|wVLeCQadM-PM#du?NnQ`IUJ^fBkO-k75Em+Tg6co>Ofgw*uBnMM4q^q#R<4_tw zM@bGc4e7GE+d^Bft|8^Ay8ZtCKA7temG9mP%=R$7SKJ6n#qCz%7CxvcURw}g*245( zy`E3mWGB`eNDf|D;+JcX%+#Ld49uN_AYtmYhHGQHt$&VCQ-|x!rWM%vXCfrnF%IRy zq{O47hP+F?R(r9ELvS_M+M|3$zao5(lB2PFkopclEf<3|&OW(TBV>!dZN(`pem zgM&`Jl8B=XDqMc16`J_^wYTtkTxMp|imlFD>S`>h91b?;Tl$*oPs2EUPv*1J{c8xZ zybB(3DM*`OYAl>>DmHYYqWe_3ztvx~OJvwB3(i8BzY>qnl{MHT`BPjfw+mX*U^6F+ zi$`L+b$EUUvYv8yJ_UYM{oQ1pvUr=xOoXf=n ztbDbpC0t$J>-)f*pgYFY{Qyg{-C%s$nE(n!v({aCL0M=ENMEIh-unAZtlAY#N#@{N zlWuL=u)xhj1Yift#mrSnI!NqJbuMt>e_d@v%KrB{}&-~D$(ez zU9boJCE66>uQlCMvo?^NxV*i(*Dh#)IP3_fvJc}83po0`T@h(XZ4Vg*oVLR)`E)1$ zOU`y*tj9h-4dYyWS5weMpY}Vj?;Ce641Y~dkd-j*s~Nl2RCs` zc=O6G!!otMeq^m6T7fz{g#<60qH3+|Raop*INmYb1LheUnXIt?_sqX?lu(h4E2FbE zd7P7;>QGRd`T3q2lcOc>FQJlLs{*t5o@G~`PFGO6)+JU!y1=zJWpIPmn;NZ6leM*- zZ#JTj^L8#Yn-y!U)Dgm=-G#}z*WWdb35|ZXtbk(5^-k~|A6C3vMJjmqbkf;c|IEmi z^kvNF<{b#hxn^I+WS!Y$Y>&>LQqjW6?(ZkpVdkd3km$>=n0*z@?l^0d1E79D6I|S` zShU%sS@cWh2dI9?Q4bvgaK`diX`+u=n7%6~v~;gk_*^4%FOB|-8WVx|IG`_Eq+f|1 zJ1yo0xb2A*=lGmoES0P+$jg#rU6lwN>&e~Z{c3HS30?eeq*$-)qNTEB?Xv7DNG{@E$SDv zY?4^HTZfR*ltE;^n`}o4qK^j_#p3?B0-5nXq#51lu3m2hmySoHk^v88-fu_WW}OC; zP3LUrje9eN25iw{xpPFME<6O#VaNamy!rX8Nl23f?ye3fO|B{5S3i(q=ifUZS#xPP zG}nnK3h2CS$p`O`6 zu5z(~a^8yK5T~XqHaWd_ZitvnksgzwtA^$>MMt=K=SaB(JD;x(SC2VeU1`;xF^INk z5_jSYNdhx9+7aVkB|R#7noE3X)^dVPDBmOEgbFQ zDcW7*a9N7{=XY^wY$$r8_eywPi!RP1b6&K0*B9}el{}PE4X*51m@3Eal1diDLYb&i z3RARn@Qgr?-JOif--pb)woVn@92`bdlgkNg?Chp7?irFqpu{-g!RtDO#3s>lHg4+} zcC(#i8;td(BjVcNMR!dOt-bko7$YEwoyw79a3qOt;BFrz7C4_F&*!l7vzVw-_wxiE zDs@s47J?L)g&g^ba!tq&90M24+!=Scu$I2`3t7Ue45LcXo9Jx?Iihv&MH0`*SPp(` z#s0eIKvHR3wj_dryw$tTZ{G-7OwRez>iIkrsLvVx%*BnrvLo}bn>aY5iY4hCXUV*9 z)r`bhnHvvdxlo>?otbjenO)W9cfa1YZZL~Rox`d@DD%@XzJh{n-D!~JzY&u zO0r}f^W0zRTXSv!I*N8I=iV%ucMoQQVW|jn5He6AXwC3>?Y+NLIw&^s)v7G0>z?=h zK8IrnN)0v-BWT{dFv4N10K6>rK!pI8Cl{u&01K7S+v6}C0^mas?IL;x9RG_eGiOBGAMR`j?#N^7Xiv`9*=( z9YIaU-pRHtPjyB@Y;vWt4?_o6SLo6*g(j8Oe?PrX9up?4EdS$!HO{<|u(Isek+Kww z_NfrSCj{%QaS6*Z;&3A`Ro~CqT@}}d)nPVfCF+%ItJY73Qk9b5+eG^G2=d+KFKDJC zhNkZ?GrH|fRSg7_n;^JNFLtQKG^`L|DRW&5f~R_Mh87;#3ZuVAA68f!8pnz=*jT4i z)!R})M__L1U|{;@2gi;*QWeJTs|c1|Gc9b0xuK0Wn-phgo>k+qcO&$#bRl=IGGIQG zJ(!=$$xoF(K65{At-|Qkx<~T)M+hOv?7zqFZv-d>K-SmWc)KV6xCluaM{6ZQX9Bna zu=83x4mn|>_vHF-!`)x>=9tIj&=UGfi?omv1~W+iZ=nAyO;M4cig+Zu6@y8r4joB2 z#RhwiJiW7@KAfjLV$Hpad3Nu<0{NeWUjOIHo&Go8`2!#a)B#L1%BcnakGCz4Dc);A zbg*Kt$?eY9D5n^9E#ut(QcmqN3n==Zy=~X^?zO<|aT<)^bN;VB?SCu9^*`$J zcdw0F%qQo&DoyKab^5xk6$}HOpU#o^!e`Z=8CzJ%UfPx*H>k3 zecH39@A Date: Tue, 16 Jun 2026 15:01:44 -0600 Subject: [PATCH 04/15] anonymize hostname telemetry when not known --- internal/pkg/profile/profile.go | 6 ++++++ internal/pkg/telemetry/telemetry.go | 7 ++++++- internal/pkg/telemetry/telemetry_test.go | 6 +++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/internal/pkg/profile/profile.go b/internal/pkg/profile/profile.go index f61f902..f2e770b 100644 --- a/internal/pkg/profile/profile.go +++ b/internal/pkg/profile/profile.go @@ -257,6 +257,12 @@ func (p *Profile) GetHostname() string { return p.Hostname } +// IsHCPTerraform returns true if the profile's hostname is a known HCP Terraform hostname +// in any geo. +func (p *Profile) IsHCPTerraform() bool { + return p.GetHostname() == "app.terraform.io" || p.GetHostname() == "app.eu.terraform.io" +} + // SetDefaultOrganization sets the default organization. func (p *Profile) SetDefaultOrganization(name string) *Profile { if p == nil { diff --git a/internal/pkg/telemetry/telemetry.go b/internal/pkg/telemetry/telemetry.go index b855f78..d24f87d 100644 --- a/internal/pkg/telemetry/telemetry.go +++ b/internal/pkg/telemetry/telemetry.go @@ -258,9 +258,14 @@ func (t *Telemetry) StartCommand(ctx context.Context, info CommandInfo) context. if info.Profile != nil { attrs = append(attrs, - attribute.String("hostname", info.Profile.GetHostname()), attribute.Bool("is_named_profile", info.Profile.Name != profile.ProfileNameDefault), ) + hostname := info.Profile.GetHostname() + if !info.Profile.IsHCPTerraform() { + hostname = generateStableID(info.Profile.GetHostname(), 0) + } + + attrs = append(attrs, attribute.String("hostname", hostname)) } if agent := detectAgent(); agent != "" { diff --git a/internal/pkg/telemetry/telemetry_test.go b/internal/pkg/telemetry/telemetry_test.go index c2bb78f..87d6623 100644 --- a/internal/pkg/telemetry/telemetry_test.go +++ b/internal/pkg/telemetry/telemetry_test.go @@ -257,9 +257,11 @@ func TestStartCommand_CreatesSpanWithAttributes(t *testing.T) { tel, exporter := newTestTelemetry(t) + p := profile.TestProfile(t) + ctx := tel.StartCommand(context.Background(), CommandInfo{ Command: "run start", - Profile: profile.TestProfile(t), + Profile: p, DryRun: true, }) require.NotNil(t, ctx) @@ -285,6 +287,8 @@ func TestStartCommand_CreatesSpanWithAttributes(t *testing.T) { assert.Equal(t, false, attrs["is_tty"]) assert.NotEmpty(t, attrs["os"]) assert.NotEmpty(t, attrs["arch"]) + assert.NotEqual(t, attrs["hostname"], p.GetHostname(), "Value must be a hashed value of the test profile hostname") + assert.NotEmpty(t, attrs["hostname"]) } func TestStartCommand_IncludesCIAttribute(t *testing.T) { From b1d2a996485d7ae30d4aa43a3dc4fc23e2355c91 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Tue, 16 Jun 2026 15:06:28 -0600 Subject: [PATCH 05/15] CHANGELOG entries --- .changes/unreleased/BUG FIXES-20260616-150518.yaml | 3 +++ .changes/unreleased/BUG FIXES-20260616-150538.yaml | 3 +++ .changes/unreleased/BUG FIXES-20260616-150604.yaml | 3 +++ 3 files changed, 9 insertions(+) create mode 100644 .changes/unreleased/BUG FIXES-20260616-150518.yaml create mode 100644 .changes/unreleased/BUG FIXES-20260616-150538.yaml create mode 100644 .changes/unreleased/BUG FIXES-20260616-150604.yaml diff --git a/.changes/unreleased/BUG FIXES-20260616-150518.yaml b/.changes/unreleased/BUG FIXES-20260616-150518.yaml new file mode 100644 index 0000000..eb94879 --- /dev/null +++ b/.changes/unreleased/BUG FIXES-20260616-150518.yaml @@ -0,0 +1,3 @@ +kind: BUG FIXES +body: Disallow api commands containing non-profile hostname URL argument and non-https schemes. +time: 2026-06-16T15:05:18.528781-06:00 diff --git a/.changes/unreleased/BUG FIXES-20260616-150538.yaml b/.changes/unreleased/BUG FIXES-20260616-150538.yaml new file mode 100644 index 0000000..a0d0dc0 --- /dev/null +++ b/.changes/unreleased/BUG FIXES-20260616-150538.yaml @@ -0,0 +1,3 @@ +kind: BUG FIXES +body: Profile configuration files are now created with owner-read permissions only. +time: 2026-06-16T15:05:38.766655-06:00 diff --git a/.changes/unreleased/BUG FIXES-20260616-150604.yaml b/.changes/unreleased/BUG FIXES-20260616-150604.yaml new file mode 100644 index 0000000..4862f6d --- /dev/null +++ b/.changes/unreleased/BUG FIXES-20260616-150604.yaml @@ -0,0 +1,3 @@ +kind: BUG FIXES +body: hostname telemetry is anonymized when not HCP Terraform. +time: 2026-06-16T15:06:04.201058-06:00 From 9891a866dc9ddc040ed1142b9c19eea289dc6a8a Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 11:11:10 -0600 Subject: [PATCH 06/15] fix hostname handling- validate and strip scheme --- internal/commands/profile/profiles/create.go | 8 ++- .../commands/profile/profiles/create_test.go | 39 ++++++++++++++ internal/commands/profile/set.go | 7 ++- internal/commands/profile/set_test.go | 20 +++++++ internal/pkg/profile/profile.go | 29 +++++++++++ internal/pkg/profile/profile_test.go | 52 +++++++++++++++++++ 6 files changed, 152 insertions(+), 3 deletions(-) diff --git a/internal/commands/profile/profiles/create.go b/internal/commands/profile/profiles/create.go index f2ede44..f98978e 100644 --- a/internal/commands/profile/profiles/create.go +++ b/internal/commands/profile/profiles/create.go @@ -92,7 +92,6 @@ type CreateOpts struct { func createRun(ctx context.Context, opts *CreateOpts) error { logger := logging.FromContext(ctx) - logger.Debug("creating profile", "name", opts.Name, "hostname", opts.Hostname) // Get the existing profiles profiles, err := opts.Profiles.ListProfiles() @@ -115,9 +114,14 @@ func createRun(ctx context.Context, opts *CreateOpts) error { // Set the hostname if provided if opts.Hostname != "" { - p.Hostname = opts.Hostname + err := p.SetHostname(opts.Hostname) + if err != nil { + return err + } } + logger.Debug("creating profile", "name", opts.Name, "hostname", opts.Hostname) + if opts.DryRun { cs := opts.IO.ColorScheme() fmt.Fprintf(opts.IO.Err(), "%s would create profile %q for %s\n", cs.DryRunLabel(), opts.Name, p.GetHostname()) diff --git a/internal/commands/profile/profiles/create_test.go b/internal/commands/profile/profiles/create_test.go index 6bbaec1..1ff12bf 100644 --- a/internal/commands/profile/profiles/create_test.go +++ b/internal/commands/profile/profiles/create_test.go @@ -68,3 +68,42 @@ func TestCreateDryRun(t *testing.T) { r.NoError(err) r.NotContains(profiles, "dry_run_profile") } + +func TestCreateInvalidHostname(t *testing.T) { + t.Parallel() + r := require.New(t) + l := profile.TestLoader(t) + io := iostreams.Test() + + opts := &CreateOpts{ + IO: io, + Profiles: l, + Name: "invalid_hostname_profile", + Hostname: "invalidhostname/with/slash", + } + + r.EqualError(createRun(context.Background(), opts), `invalid hostname "invalidhostname/with/slash": must be a valid hostname (with optional port)`) +} + +func TestCreateHostnameWithScheme(t *testing.T) { + t.Parallel() + r := require.New(t) + l := profile.TestLoader(t) + io := iostreams.Test() + + opts := &CreateOpts{ + IO: io, + Profiles: l, + Name: "hostname_with_scheme", + Hostname: "https://example.com:8080", + } + + r.NoError(createRun(context.Background(), opts)) + profiles, err := l.ListProfiles() + r.NoError(err) + r.Contains(profiles, "hostname_with_scheme") + + p, err := l.LoadProfile("hostname_with_scheme") + r.NoError(err) + r.Equal("example.com:8080", p.GetHostname()) +} diff --git a/internal/commands/profile/set.go b/internal/commands/profile/set.go index 05beafd..8275ca7 100644 --- a/internal/commands/profile/set.go +++ b/internal/commands/profile/set.go @@ -188,7 +188,7 @@ func setRun(ctx context.Context, opts *SetOpts) error { // Notify user about hostname changes if hostnameChanged { fmt.Fprintf(opts.IO.Err(), "\n%s Hostname changed to %q. Default organization and token settings have been cleared.\n", - opts.IO.ColorScheme().WarningLabel(), opts.Value) + opts.IO.ColorScheme().WarningLabel(), opts.Profile.Hostname) fmt.Fprintf(opts.IO.Err(), "Please run %s to reconfigure your token for this hostname.\n\n", opts.IO.ColorScheme().String(fmt.Sprintf("%s auth login", version.Name)).Bold()) fmt.Fprintf(opts.IO.Err(), "It's also recommended to run %s to set a default organization.\n\n", @@ -199,6 +199,11 @@ func setRun(ctx context.Context, opts *SetOpts) error { } func (o *SetOpts) validateHostname() (bool, error) { + hostname, err := o.Profile.ValidateHostname(o.Profile.Hostname) + if err != nil { + return false, err + } + o.Profile.Hostname = hostname return true, nil } diff --git a/internal/commands/profile/set_test.go b/internal/commands/profile/set_test.go index 3c489d5..da2120b 100644 --- a/internal/commands/profile/set_test.go +++ b/internal/commands/profile/set_test.go @@ -173,3 +173,23 @@ func TestSetDryRun(t *testing.T) { r.NoError(err) r.Equal("original-org", reloaded.DefaultOrganization) } + +func TestSetInvalidHostname(t *testing.T) { + t.Parallel() + r := require.New(t) + + l := profile.TestLoader(t) + io := iostreams.Test() + + p, err := l.NewProfile("test") + r.NoError(err) + o := &SetOpts{ + IO: io, + Profile: p, + Property: "hostname", + Value: "my/deployment:8080", + } + + err = setRun(context.Background(), o) + r.ErrorContains(err, "invalid hostname \"my/deployment:8080\": must be a valid hostname (with optional port)") +} diff --git a/internal/pkg/profile/profile.go b/internal/pkg/profile/profile.go index f2e770b..0b30003 100644 --- a/internal/pkg/profile/profile.go +++ b/internal/pkg/profile/profile.go @@ -38,6 +38,8 @@ var ( // ErrInvalidProfileName is returned if a profile is created with an invalid // profile name. ErrInvalidProfileName = errors.New("profile name may only include a-z, A-Z, 0-9, or '_', must start with a letter, and can be no longer than 64 characters") + + validHostnamePattern = regexp.MustCompile(`^[a-zA-Z0-9.-]+(:\d+)?$`) ) // ActiveProfile stores the active profile. @@ -257,6 +259,33 @@ func (p *Profile) GetHostname() string { return p.Hostname } +// SetHostname sets the profile's hostname after validating it. The hostname should be a hostname +// with an optional port, and should not include a scheme. If the hostname includes a scheme, the +// scheme will be stripped. +func (p *Profile) SetHostname(hostname string) error { + hostname, err := p.ValidateHostname(hostname) + if err != nil { + return err + } + p.Hostname = hostname + return nil +} + +// ValidateHostname validates that the provided hostname is a valid hostname with an optional port, +// and does not include a scheme. If the hostname includes a scheme, the scheme is stripped before +// validation. +func (p *Profile) ValidateHostname(hostname string) (string, error) { + // Validate the hostname format. It should be a hostname and port, no scheme + if indexScheme := strings.Index(hostname, "://"); indexScheme >= 0 { + hostname = hostname[indexScheme+3:] + } + + if !validHostnamePattern.MatchString(hostname) { + return "", fmt.Errorf("invalid hostname %q: must be a valid hostname (with optional port)", hostname) + } + return hostname, nil +} + // IsHCPTerraform returns true if the profile's hostname is a known HCP Terraform hostname // in any geo. func (p *Profile) IsHCPTerraform() bool { diff --git a/internal/pkg/profile/profile_test.go b/internal/pkg/profile/profile_test.go index 03cf70b..10945d4 100644 --- a/internal/pkg/profile/profile_test.go +++ b/internal/pkg/profile/profile_test.go @@ -123,6 +123,58 @@ func TestCore_Getters(t *testing.T) { r.Equal("token-from-env", p.GetToken()) } +func TestProfile_SetHostname(t *testing.T) { + t.Parallel() + + cases := []struct { + Name string + Hostname string + Error string + Expected string + }{ + { + Name: "valid hostname", + Hostname: "example.com", + Error: "", + Expected: "example.com", + }, + { + Name: "valid hostname with port", + Hostname: "example.com:8080", + Error: "", + Expected: "example.com:8080", + }, + { + Name: "hostname with scheme", + Hostname: "https://example.com", + Error: "", + Expected: "example.com", + }, + { + Name: "invalid hostname with slash", + Hostname: "invalid/hostname", + Error: `invalid hostname "invalid/hostname": must be a valid hostname (with optional port)`, + }, + } + + for _, c := range cases { + t.Run(c.Name, func(t *testing.T) { + p := &Profile{} + r := require.New(t) + err := p.SetHostname(c.Hostname) + if c.Error == "" { + r.NoError(err) + } else { + r.ErrorContains(err, c.Error) + } + + if c.Expected != "" { + r.Equal(c.Expected, p.GetHostname()) + } + }) + } +} + func TestProfile_HostCache(t *testing.T) { t.Parallel() r := require.New(t) From f21bd432cf5145f158ef48a4345a23560eb1567f Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 11:11:22 -0600 Subject: [PATCH 07/15] bump go-tfe to v2.0.0-beta1 --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 957100e..045d1e2 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/hashicorp/cli v1.1.7 github.com/hashicorp/go-hclog v1.6.3 github.com/hashicorp/go-multierror v1.1.1 - github.com/hashicorp/go-tfe/v2 v2.0.0-20260611161741-624e4864f63b + github.com/hashicorp/go-tfe/v2 v2.0.0-beta1 github.com/hashicorp/go-version v1.9.0 github.com/hashicorp/hcl/v2 v2.24.0 github.com/itchyny/gojq v0.12.19 @@ -86,7 +86,7 @@ require ( github.com/mattn/go-runewidth v0.0.19 // indirect github.com/microsoft/kiota-http-go v1.5.6 // indirect github.com/microsoft/kiota-serialization-form-go v1.1.3 // indirect - github.com/microsoft/kiota-serialization-json-go v1.1.2 // indirect + github.com/microsoft/kiota-serialization-json-go v1.1.3 // indirect github.com/microsoft/kiota-serialization-multipart-go v1.1.2 // indirect github.com/microsoft/kiota-serialization-text-go v1.1.3 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect diff --git a/go.sum b/go.sum index 0d90c4d..ba3e08c 100644 --- a/go.sum +++ b/go.sum @@ -119,8 +119,8 @@ github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-tfe/v2 v2.0.0-20260611161741-624e4864f63b h1:l5n1LEe/DByj/2+4TwEbfvbwFf0hu6gZ+HyJM8gykds= -github.com/hashicorp/go-tfe/v2 v2.0.0-20260611161741-624e4864f63b/go.mod h1:gosuJ9PH3NLxkCoCW3EIeHHli+5QqLUkboBiUZ1ljCM= +github.com/hashicorp/go-tfe/v2 v2.0.0-beta1 h1:+PKJssuEaY27h+YV75vubEJSRJc4Qic+in58301ILng= +github.com/hashicorp/go-tfe/v2 v2.0.0-beta1/go.mod h1:gosuJ9PH3NLxkCoCW3EIeHHli+5QqLUkboBiUZ1ljCM= github.com/hashicorp/go-version v1.9.0 h1:CeOIz6k+LoN3qX9Z0tyQrPtiB1DFYRPfCIBtaXPSCnA= github.com/hashicorp/go-version v1.9.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= @@ -169,8 +169,8 @@ github.com/microsoft/kiota-http-go v1.5.6 h1:KBdk7sxWYXZnRRExLjIcNt4I7LoOfh/XQJW github.com/microsoft/kiota-http-go v1.5.6/go.mod h1:bpJkXfBAcnmiXRg03GXdnb/vF3Sqk3+EgLvXXjmzzQM= github.com/microsoft/kiota-serialization-form-go v1.1.3 h1:eUY8eHXPFe4ma8cAdx0ya3g4NPlZgbPT+GlFC3xcgGY= github.com/microsoft/kiota-serialization-form-go v1.1.3/go.mod h1:RMO99zyik+NvZjdVcIeyu6ikyfuKhQtzq2RK0fWJJio= -github.com/microsoft/kiota-serialization-json-go v1.1.2 h1:eJrPWeQ665nbjO0gsHWJ0Bw6V/ZHHU1OfFPaYfRG39k= -github.com/microsoft/kiota-serialization-json-go v1.1.2/go.mod h1:deaGt7fjZarywyp7TOTiRsjfYiyWxwJJPQZytXwYQn8= +github.com/microsoft/kiota-serialization-json-go v1.1.3 h1:e9Bx6jXlmDLc/j+9IcMzt2tDrp1EkxNFjEhYteMjKJQ= +github.com/microsoft/kiota-serialization-json-go v1.1.3/go.mod h1:HUTiYs9llTGLjh9+O+yOkBbNEaZ1kxh3sBPU5tPhmeI= github.com/microsoft/kiota-serialization-multipart-go v1.1.2 h1:1pUyA1QgIeKslQwbk7/ox1TehjlCUUT3r1f8cNlkvn4= github.com/microsoft/kiota-serialization-multipart-go v1.1.2/go.mod h1:j2K7ZyYErloDu7Kuuk993DsvfoP7LPWvAo7rfDpdPio= github.com/microsoft/kiota-serialization-text-go v1.1.3 h1:8z7Cebn0YAAr++xswVgfdxZjnAZ4GOB9O7XP4+r5r/M= From 5b23652b27a0881a9848d22b277738f1a4a276bc Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 11:11:26 -0600 Subject: [PATCH 08/15] Update BUG FIXES-20260616-150538.yaml --- .changes/unreleased/BUG FIXES-20260616-150538.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changes/unreleased/BUG FIXES-20260616-150538.yaml b/.changes/unreleased/BUG FIXES-20260616-150538.yaml index a0d0dc0..f4a3ea3 100644 --- a/.changes/unreleased/BUG FIXES-20260616-150538.yaml +++ b/.changes/unreleased/BUG FIXES-20260616-150538.yaml @@ -1,3 +1,3 @@ kind: BUG FIXES -body: Profile configuration files are now created with owner-read permissions only. +body: Profile configuration files are now created with owner-rw permissions only. time: 2026-06-16T15:05:38.766655-06:00 From 1848fc4a8296b16b98db8acd3564145c1eff3bf0 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 12:17:53 -0600 Subject: [PATCH 09/15] review feedback --- assets/hero.png | Bin 131924 -> 0 bytes internal/commands/api/api.go | 1 + internal/commands/profile/set.go | 7 ++++--- internal/pkg/profile/profile.go | 8 ++++++-- internal/pkg/profile/profile_test.go | 8 ++++++++ 5 files changed, 19 insertions(+), 5 deletions(-) delete mode 100644 assets/hero.png diff --git a/assets/hero.png b/assets/hero.png deleted file mode 100644 index 7c1e9117a930548b8fafad40adeac2696797e28a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 131924 zcmd3OWpLY1lD3&S#+WH)W@dKG%nUKJ%xuTZ6m!f>F*AeAiJ6(1LH6ta?(OZ??cIKU zrBY4LbU)oQ-7VG3ucs8Dq#%Wi@EHLN3=CODT3iJT3@Q-}47?N$=3|7AeahvdBW^7w zrX(XKMxx~GU}0@*4hBY@;2SR|Cn|y)Mhs+C`B`d?$TbTc#mu5p9wj#2H%`4m7*`y) z?8rZ}$Mws8jci#ea7ANA@bLcAGK{^f!iH6mzSU;t!&bJ3g`nW!)eqT}PT`{CMQd{O z)e(Cb->KVAJ&NDst>@JEQ*=_{a-V%U&M&Pxvu7MYg6|&4`-mKJw_m?4t29C8$ZY+| zDPX@qj9Z#bzD(FR$y8)NSoT>OGn|Pv9xvsvO2|gE8Dy^=H zM3ISU5DkGwT0;KGn%Uhjqro|f5(#PBM5EG2Dy>H#kr8x>p-yiBk0_O%6nTXAo~1v` zH{Q1$;DdDx$dGE`4o^6V<#IwOfYGB&w$3#CbjRM&SoI{G335B+b6-nyyZkD0v+ibi zQoX_-yiV1+0)VYs(7yb>wR!pBRugkA8H=x9!Dv5dI4}rs3^2$K3jE^@7H$m&^*0&} z?8`?B1_qfJ1_t}lVtjm*@*w`fg-XnW{09wQ`j?=Hs+f$-N2_Y;Y;JDvV&&jk?73I~ z1_mKyt)}Iw^;MqN)WMF?*v!GioDpE>_!k6>AHe%T+L^l=lK|{&?Ok{Q0%U)a;QgTg z8fGFR`J0HVjR2X}S0xfL2WN8tp5)u-AXEO_46>-V`f`9Y`$gEsl9eJ6U zJUl!YJ=ho>oGqDHczAf2m|2-vSs6Yg7+gH{|;4mF?SYou=_x|3jQ-L z{{{Y6=Klo#&8F5rZL+d(F#oH~e_{O#^shzmDmq(#m^1#%i-IitO#e3aU-JA+f4TTy zT>kfX{%!Olpn?eeO#hu6f(TJHWQ<^7!eBDuB5DBeQ(ssgwZZ56%yn;R(a#hi>)sb6 zaMBL$w%->bOe>_h)YIBnlxr4$n(&r;jEz8AwGl01V{@1&#ogjRMymW`=I_#r}yh{2Tru;M6|K`d6w)i15>+)}o z{wMnboTm(DC81JaG>c>Xe@5nS0ExsL$p1ZX|IimBDomI789J#;`aegIF7cM&KP5sQ zx)mmbPQoAR^jnGlY*8nn@Zf*Rq<>8411wzdku8Oiy@gD({~`5003Rs@`=0~+|7l8X zE|*r^O1!&4RVqk+%Bp<7E6z%TNe6Kd-}@JBSoq(y|9eXR-9K;9a8_}JLOZ30oc}5G zkDti$1QOpuf>jKY-fBE|TePwUipphIX^}K5RTRYzte=7d@`jVJri`54f{!a5R&PDN ziuD8qmX-ec9-cV?U1Qz+p4<7Og$H}mx?+w@!>R0Tc`0H+tNh*mFnCTU^d-6~KfiIS z#ZOC7Y=Pqz2?Tm4f{48tO_xg{coHfk-+$d(_Hc0<@?kx2nRwFiSm%kD8zu91$FRSj zf;yRMF&Mw%7!I(rqn}`YnVa_Z-LcTqb@BQ7JjJuA_2$2`$1UiumP@!&BV+?bfUa~i zf$)5^yG&B$((zVvyHv<_nv~RlZgOQ=vJo@5kq~=HG|M36H}+WV~6IW3{1dPvGBbma;1&=~S&%PD{$3 z4l#6bVklu=bbGiY#n@qmfhkKiIvn>ss$%7$LTv-ojs^#hkm%3<8hv~A+px*jfJz-3 zq1=BQ@LnAT8g-~HuZ-8I(ivMlaY%6b#F!W?r66r_%pzm8ro-6klOvzQs;!XCOG8s; zy?rb?ROKfxW2vXFXTBX`?Yt5Mt)i#$<>lc5U31~bJxo-QY>=qv-ZpT5WU(%Zf}C8R zbygvwp+VpJjw)Q9s|Fq}{>sD6DM7g)e01%B{|lwLxwFxRLtfhX*V3Xbxz_W8aeb2C zB~$S-s>Q&|tpfA2AL>Ruo^hmB=^mOI>Uo4ayUQp05hW$L6oh=#>M5)E6Lgaod<)Ug zFsOpvU7(Cb&z5!|+U?Q(lSfo$c;@L+5*+`#9C9@*QPT`OA+EqRM61_1GOPKrZ3eG- z>hAvDSiYF|N#(m&Irom{zzA?f(PFYg&BD;Rtk7atX8DL>8gUlO)aPqfj^DXkM(jac zCc79TE}zKr9U+BK4XEq6jZN^7z|U-je^p@jnyx0nraFgeSg~mIXtzIog~NKCN3F_% z2N8n6<=U10t}44>^-buB?I5$pAz=K6fPS$;F8PtR=VE4(2)uWGx^xwVicy@iH09X(80@Zid`gt)nS-D0-vXSBO`NYISd# zxH1e&E|0oo&EuZ;|DY5$AaxeF1dqAeH zWLnlUdt^E}nwEA?FBv28mS1O!ib0un7*s{$oh%o9iuIWG6YqN_Vz7JNE!H@h%qm$Z=W9( z90x1@RNLk{=9>Tw_@E&#o~?MKpk#Z=DfmTH>c7OOCF5iY29V*A)Q>Jl@&dTg*i*0fKQ~vom@&apM(06^=QQ2su^Ro=LHPTTn$ zt>n@<5o=fP^1{R%KVRhLzipr8@;fUlo06VeTBq@hq2zZ|5y5ptd*c^>r^%Fe90v+T z%-u64eec^;@L(9=Rg(2$8tovgkIIFhK#|miUt&roT?*&ZeBO)yS?il20Sf5wCc4K{ zlOp@z4KyXhxXLHK{Of|m7p7S?vhe*0g(DxbY>8(($suL8kH86n-1_j+f1_9oJg>4t z{)g0%+(k|&C0R%7Eiu0yJR>ZIhn&~344ib%SF56~+c?RdHPCy2=Q%3O#Kf8sT5Hem z-nD+Qv8|%s?LFmBzy_Ae$z4}vEmS#ZaoX=r#|=Aj+S;MJyB2hVsxl(j)sLo_9kEl> zx$gvUi^U<_?aA-P$Yg}YR3pFe8U}~ClxEqScQ+o^D5X%&RHqz+9DCy%pJnac+tf6$ z<#co;eT8yMF3{K!@~K(tLook-VJaB?@7kg2~JM}+g9^EXyq#nCX)rQ~#a0XG9d zgM>M%xlAuwg4)kr$*Gv&I|$T6KKO>(keai)Km-I4N*!rH^e%Sld~2d?>+CE>>uI9) zakEC%3XuHWOH%LMYC<`iYNeZG!sY5R{CYeu@ZRvYL2^OwgofZ7yli7lcuQ5yoR@ zyfW^!#tDv1Zj0^HEkcVxskUsmL}o=TxV7K`y0g;9?_9^s%f^DkgC?(M*0|@>?!)sY z9dX7)8d{2kQSIInp2H{Q^m`_CE#=P>mKhI!y4GKFF3cXs=whA;x*bZ1_gx5T?6?;a z*p3-Jtc2d0y!h62cG%KFvCjLkQaGHLU94XX6j>YI#%RMvm84y3f|+v7hi=)rQ#0fS zSW3cp7;QV+5kM?MP50cHJHkx)Y%wm#Xp@&x5}pz{1tEelz>l0~P% zfqXSg{jTy~c_<&&y)Ez9@VZpn|8V&)8ctq>?L!X-LeL*nXn${yNHcC6(hErJ%|cbU zJau$)s^}WJ>U!RX?nfN6nIZ=S@EUKF#WB_sWAzl@>#)rSwhDfmrQ9~F-fL(ae(iL+ zxMXfr%M;*O0Kec^R&{w@L~+sQ-L?{}$iFl6FfdxEcCOK2{_((dm%U>X3QM>$q^{W z1Yq|S*s(VVc8nizy`n(lbhyfn(Q7piiB&0t1(jA7>WyuF?FXTERxb1h^@Us`L3N8M ziqbMIq9j%S$??DUTRD2osCH;sd@}WvsV*-e*h-q5XEoCI$kEg^ zc~QFXf+?nVTj*wc3}D5LjTT5<0I2aqa79b0=YiDCpPB^Hy4kDP#i_=1qMwFZx1{M# zKfW7m8z-5$yL988c6ydIz=7Vv@GMmWkKXzOE6ZtNSfZs4P*fRJi^tSIi%K ziT0W5wpYxRscr7KNxLi&blVq{g}#2&jhbUhkjj~6;qL14WF*1L6ldlOr9aznK<f+1;_)ZE`L383QElkq_0s;=b*C&s7CWo8mH@w6?)wU~j>L)zsyEeQfo8$u zc6JDVcc{}pkNi#SoL>|evpB_Lsm|3E38zhKp`Kr4ChN$rHMU`R5_|}vmK_NXpw0Mq zc65NXoNJV1v>HG4MGL1(^b$!QyB~mDiJs5D)MmfL5)h`KDM+CZ(CD{$B&pMNrJfBx zM3(Sz(lfhb@^_$DY_zK~MK~;}%-iWP@g-pt+2~2(ZCHM%FfWo#Tf8s-ir-w5^vQFH z)nV2=G1HL5@IsqTxA_&J+!jr*!IyB^Ej~g2Mb`Tribp$zGMqJbOtE4?IuWzn>rqq` zi+Dj61{JsPdED!%1Gh!B;d~FjJE6n$#ZDF%uI}(6M0tmTkwUbuVRb-Y)o?6I&iuaC zX?Cz7w>-@bba!w!H4>DC_o13)lAzu9DSWTd%}@^A zxk4*>Xnj$bM=%G@q0MT_>LxUs_p)14n*b%MsmErIg7)jZjVzd%HvwXbbo07b^EV;(5ZdsmV+Re>Pfdn< zBONKdI%}VAtotO`w(=K8*_|nj!tuF>Ewz`htFAGwr$K_ z?!V&3O|Uu-SRMWLkME)(roei$*>716#uUopZcOLk6S)b}1iioPkX;@dU52EXHJ@pPFB$1?OIJMnvN8tUNo zjU^RX(A`!3jiudTd>Sg8x)dt^YEL zr8!xagCkV^WWbTqcYi^HWM~o_jdv+-l8K?ytU7mhJ|{-x_bL%$lGe*sq?Y5iO^l`$ zP32T$u29{&unrd-PYP%YB6)j0@mhMk`CLTs^EyppBGE3<~2CtIlg>{nT3C z(ZO%Nbj@VG7H24&zgu*lcsPRFYV;~@y^y?vLSk4fpG8KVuoCk^e`OfsY19>Md?^IpEZO-3m|4bo%Mlg-(vje-R|pP~s6#ngRUiHVIvZC9~kjSFTT$A-&q)d0d0ag3A_U63-86i;6(jvyB zfM+Yu!-SH#<*ny;Gd>z#Cr1aeWdlaYt)n@5%pGKH(@`lo^Qr2uD(cD_HV$+Nh(pE<(FByaKK0_V zB&JA2f(l-44i)#UYkbXP2f4l^REjxZ#5*udgBTIkcyR>Z(qwh{<6Kfsa!)KLj%#{` zM4m2cb3ZNA?$3PdASVkF4%cUH%1l^bRCmiSEYzZ@w0S6@@mJ-{VzWef-q1Jj*|H`T zz~^)={q^gNZWmI}uuFa{(xs4Rf9a34rnHlFm(SG_)uw*^pJ$qZ&zWooUyfFbk~-d& zfzD9grTCby`Mvq9;4VumRMJ*KA>sOUt4(mWxs6~(@ zfqAIk?49jUkI0%-NSW;*qq&sOUyL3Kbx)!5)+d9_Qjjxw@`7i&OF%(q*iCHOp{(N9 zG@%Pt(|tyB%i&_I}!}Z zl(hJLJ`vxd*}gWXZyV!jUn{kcL`y<|n0;zov#`r*Gqg3jbTfahT255A)o$GFST+`N zWf~I6Jhv8wwN%|w`*ulXNySseE^i&Tc~TJF+2$r9F<1}>icfO~6Az<$=u9XoCuPoD zl3FY!ro#68m>gaV1~?Fet+K0^|9tLKC?4xYfRo0mC1wi|d{z~xu>kt9E-f#(T66&B z4&ANZ7*io89^gouhlefK)dg)(4~^Ai(6`v+|GHRJeN`g9 z*HP~)_*BSId4am-U$MJywnAGg4NM)e`wi`Bo9Ac>j}nxJK&NkICg*v1wSGOm^8lQ; zGx|=4tl6-wGQM@CYW93;LrNjJjTdI54qo;e2uqZJD(GX_rSn!-e_G#VF+rBBM1-C~ z0)mNAhJd^P&!wniz$mO7lMvK-Eylz#(_p(FEDHU8L`37U?imLK6|N~1eCKvJEyM2v zu~+B6O20k=QUbYIcDxWlZ-d}Qv#8hIN&=GbxXC~O37Xomth)l zmm%Ze$emNQr&PKiHETIErW9lXdmT^6nXxD(aox6$jI?z8&klm6TVM?a(Y*Yg^%0w6 zh}r%wFislgDBSOjmK=I=i-?mW*&^>{bRM z%B|v}bvY@za9iKfv}h4nP|T#i(P|NFT3r_4R}SWI#rcUf^Qq>r4YhSeD_QAHI|3yHy34p=>wM(q}7zA*;&!tC4U^%r6}?gtv# zxOfVvis3)ToOukd+AlOEA&Kb9Mn)CY{#n$Ov4k0JQUMvSluA3_`oKXFo(KU#0Ak;Z z$z~=X5!j=mUhAz1SG7)MVNW&C=GiDMY=d4wZ&GHHSUAA4T?(z`ghKCA30Aj#g7Hoi z+0o?GoP4N4m>;?q3%|<4dmou`;k$vd2|JK>3``6V$Vf>uXpB5Wg>o9ZH@aOAvXVuA zf=QJ3V7kC>5nRvLL*sB=i4@@mpS#bRs6B5JAUK$!8&RW#4tEFB^r=kqxlwJf3x}eS zX|0H;rucs==lJi_EVWpZhxDs(G@sa=;&qvMzuccw67oF+F&iT71*p#$&VqxNN>C*IAG|v?GJ4_8%ex1;tDNV^ufq+f((%raSyFp@L%VQ%m z_jQc)^zo`_@}EBWt0u^Q5h!2#LkmEv_6=#rKF{WC|i95z!Ogp*fvt_mX=5Qv`lr>Yg5F$#hd)9oTvSJh{p~tI^Aqh(fnM>gIWmT&(}zgr z&joS(U`1Qtx|!v*Qtl%47D9Le?va&m?&ggUMHsS3w8JmRpDABZiNb#NA^Sw9vHtlL za5;6?hk>omh^Xs^_8uVI*eqc>LCE7Sn(F@=t8$#2mR2gL=XnNUy;3az;5=Pu>g0ss zp<59SyqrIok~5f>kuXfBtMOeyQ4)?;=Xr*B^%+qe4F|mCpT6mcKqb$ z=Qno){=9bVX<1EpF97HI`de`$d?LvuAm^Ns)#(|F^=6x{Vz>%oM^Z44Bj+nqn^=Ty z9^eZ@<4xyrprt42)IKp9)Z4ZS9*Z-@wbP7JfQjz#P?yoA+NzYaD&%Wt5!++lIS59! z+cvla0Rbr!m8+HInj=D2Ru^H3x z&c{cT*=BDXYB3ligLbu>gshFTW%tyB9DfbYD#HRy+G3N$n{0&A^G=u`)Y~3`-r3?9 zUqjNV2LBBr9_L%``#zPU-ww5U@6FId>oQ%Rd}tqZs^1^y^^-;8Zlyi@dM~A*FNBDE z8@;NpytY*#_DHe5v#ZT~LiV$_(ERag5Gr84`B6z%4Uz|EID|Fr9G$9V{Ve9M)vlqi zYavpW60oWUV$K!V4Zr9@pY^AG?nFNmA!wmecGB_$lVmw1?`7_rCFy;;I~V$M2s_Vq zV1RkAP!Yw2q{~zWB2J_NP*Q6MtYM+ckrMP}L`Yl#%W~|i;<)C!zxI29%DUdFcVr7Jl&~vHy1dT!tl5UWB!|?| zwf7FWYF$79|LeF|-$_}>k6Hg;14F;!RaUnUe#XP$oZWWNAFbAv3~)JsD`NM18K}U_ z46Nwt1mG2LeZu0Z9wFU6I}TNqcr~AzH{45@%1tGwij&n6{(dU(OKiWpPDz1CUPUIC ze0fNk5*ImaVK4|CpX-i{y1INfW@=sK?0u@>J#nC8XO<-|bk*?*IZ+cje|rDN#DSM4 zcN86G{^={fo4`v?+ghibnxI9_ZDFMrITo zQv8GsSDm?0fX^*;G8<;BZNm?{DOBs~eazfY#!JM@4Rr8Kii(|=-2Z}gUzuj-`2@nj zggN`k2TYIc7cM+{c32trwS{M6nWVWiV;OD*Yf+W)U`RKM3ckxFGFR*B1l@M;l~Xw+ z)^xpz()#EZYUh!B6Q{bgdI0hwdlTmiud}fU+G9UcrV){lQRUv!E`}ujL zmbX==BsSY@GvG}Y*B_($HHoQBn6VSkW-@E4J2blL*}O!b10z|jBx-^nO6{6dS&8I! zwhP~HR1{PM39-Qsuw+)I!6SN$3&8;<%lys*Sd(|#zKT@;aLH&pIH^Ha#P}i~6A>eo z`)!}?>Mm3T5ozdVN|5F^i-RVZZYp}elyuzrntG!8+t;lOBK(gB>`pGuvx2Q#&o&h= zb*@LlMrIQoct$zBmF_3&a$fgDBv^1j@8^h6R^wBWR^xN5a?sf_MNj{(!r*O#-{e9< z!56qXqxbWU6UJ7vd5P-_|94%Mk&ZBlP#Mv5liVY8R^zcj*^GWa1E(dVxr>X1O7(?x z$KO7bBP_RjdWcD5v-n?Wn5LUhE}aXrM>8@KwyW#qI}d2qO;YP!!^mzupZRYua0 z>!?xDyu#Z8tm#EiQYcw{4u!QHhwVNd`$e^{;SYBV`!wsUg{Izx6SZjGrQMw8KFV*^ zN!YUQ-xFFPGK@;%x%6^x`Q$^~8=^9)-2^>&JwaF8&BQNYVM(jwzUVr%X)tCBC|k*x zm#!6-u@z|p3a`KK@PC7WHYNs0xeYAN9#8P_x~my#*>0%zO^Is}d+#JuhgrnWtMvup zM>Vo<{Va2SePq!FTtH+vZovV5%cn>Y`>HAA$_8FqQ?stN*%~sLzCk%;fseEDT ze*Ag-(C2NRhPiuVJ@d0@)#qlS_WSaS?R_WBg#tE!xC@keOm~F1@KIQVO};)GvvE*P zb*B45p?|riZv^jl-A7OmuuF!z?%%BQZevtt-s*VDEo1c?-Iqc0h72XAJ2*TVs-Kua zh&16&T~j`-qNY`L-fmIL)Sxso^HH=-C#?114u=>Ra%H+#4`kGEjh(A}^=g&RWtD7< zxfP~dX_}jQLFt$EnM?U?Hnw}ElxM4SJBDXK$B2UMXrN$zaBwO9g6tAt^OO)ylr&u{ z4UdYPz)~`V$=5y#q2-Pj^i*${1dEM4l z-5X3Z>@yG}6D~sVecqG^zXt>}Pm2ZbG+lOir_5%_{sJ;~j$><>OebM8=#E8Ot77Tv zHl4btGYx0l%nu3(+joG7$AU*^Y*YnG(V1=uq#<(r-(Rv>zYQ39g7yy7`4kA`61^`n zYL+>@{=jKJ?MZDPeYN2`WQMZB_F8saOMm%%kPjPDA}C$xJF}ZHXA^EJ>D93xeqlEI znD7mS#Wm{*w)G&pDxF9MIkd^C)5$OogNBw>v-Yjbv8}c zp;dXtlh&fT=gqd#A5w8UKJ`cWVK&eEMfZh0O@N2A3xL1?nTcO&aK0EBzjlGU0u(Q^ z`t^e5OLv^joXW)D9xzo@OX?i1%_y)00Ukben7B)KV(zCXpsF8NOmMU4ASdK(K6AgtiX{B38LMmr{=QOVJAk0vG9j6tLb-RmEAn0rWO-JsLs3F`vmh` z|1Z0SIo|tt62aE&xGr1b)7Y2$Ru`kHquf}oEkE-W1+MaxGID=7>s%q}@fB7*m>9IR z;zf#+&jm}+B=B#6#C5)AwG2t8`9U*`zzW%UG3D49%ssSwI#vyvqs3Zz;^UMy>r3(Qm75;Um}ox3!u zYQVM)-~O{u?efIPy+{m`M>a^DKxFr3{t0QxK3(c&Qvz47Gq&QyowLK*ioL)RcR1rQ zalZ2D9^XxrssaP?lR_h5M)~;4KSTd$I zxDa<8dl0SI!`6Tvf5%(KHIqAHWmO*K0E>(&AtBe~ZCNvg<4<$I%%l3X+?$}xN<6up zn6BLLAtT1|HYHW>ZyYaPU|7GmxyLPMNch*Z$2>R@M|{5?8c8Ku;nq*bNGa{G zQ%OCpmfGQ;s5H)kUijgx5_`;Vb_TEGv~P;OIz}TQ9wEeKLT(#;17M=>s~QYmPva;8 z-A8*Oq@OU1E81%eb+z{i=||P6wkE(Nr&Qp2kuh*`axs;uXPQ`+)e_20azg9j?!l(ET!G052siMNfQr8{3Y z>@MeSgf!7gf0U{V(;BoAco{n9K_Gb@%s8)7A8u35&f z02A%vyZ)A(Rp4LR5Y>>y?IfBQM`a9)OLnur7Vs5g969~k8L)@hGqJd_0U5Gh8^mKW zlRj0;6zO1;C!gULQD0BI-XP)k_J%lkn1W>qWK&#adRTpjs*Ltc?lBs;Tgi|?=<@GA zv7i~@fo963^)%Y@@w~h92*vKlMmtA21*Rqb6wTm0`4$nzL4g$^XMM+;>Z-(XLGwqE zZe({fX){((d{%)lf!@}{VvB|!(`&v8gm8yBvP|5aat~j38Fq|FX9z_<1-9Ccmg5P5 zi#K|<;y!Xx(~Tnc#CckODH*UZo9JPP$u$nk1cz&e(%;vgOvjgTNyyh!K9MLoeAOR% zeeDwWag9y@23pCc0ng}5r}^@D)ZE6&0>}(;&_%SpD`AElM%G*F4>#7ho-UGqhUbyq zp0C@nYn#vITV|s3b4%NM9W2g>sbUvG=m?xvv}C#IVT@Ao@i518FtjXcRDEnj{U1jC zHobM9J()^0(=$f>4r!L#Fh?sjxv27_e39}89$D~nwWNX69)Z`45+V&El9x^UxBds9 z+4jH^?Gqmzi>UhP&Cm5n8($ejQ;lcqC+8=XJ2~j&e6=>S;-b;9J>pXLwB8CJCND6r z<7l}myk4A$$5oiK(hw2n4AinvK2+m&0;Tn+LmQQkw>%U{BbO*sMLm`96HUiRjzstm z7Q!gECOELu+b`+myiG>??GU{$F)f=`?|b3l|?lQ#1hh(+Hk>*{&tcW|5 z^VM1%5245SnCQsGG-{q@? zp1)l1(;sHu${)QH%0n=j(y(z*)hkp>W*nBCfL*bAMAxN0`G~xZSOph*)y)Fb$TaQxtQi3x2 zco*`>#m4Uxi~UcUVpPKJy7${tX1@r^XXku^l7Q<}0Or}AES8lZ;d5fh)Swy>_%%%+ zCLr7N7fLn9ely4_i?Mu(0Wr`rV$v;dM!558qkl0ii^l+no136i_+V?foK~3D1qtq% z2~*iJ<~BurR7tLPyRm7RQv5*S70YRv$<29)zn9iV@?2uNUfrr9$cLR{V(!9Yu{>-vh++Hx z(wjJY3znp9Tl!N=WFihteMKKAnpa3IF{9VS#&v=j&1213qZg(S$Rf7oRSXfo_0w|` zm>i$whmc>sgaHSBHw&x|Sn`R3*v@kE}wXq1g_E~H4jr#$ax_6EUz zQb?f^CuTZ8OvP)`hPI>v8ovHjsRP>SO%e7EdoJ=%Wo_PFbs*uh$kP;+;f@F^P|eOq zF^BtXA!j6IQprf6(n5DO%%SPXIWddQMyNV(PNU|RH)SN!dQPJ{<$pV#A-mcm2>pK6_*SqJfn zgoc(`9z?FeHKLtLl_CbN_pTNH@H#>Z{m9J>>d-|kAGlOotesAZ8$(jDjEit_^oazRZ|nPV zcOV=^yO)-$IdXFO=KH!aC9UUU0~iX?^ajK8rs8+Xi$)AhBU}iIYHZN}F2a&iw5I=< zmc+ad^eh+`4PEc^cF;7i9glffghbp8)m&F9sU7NNPEYZ~aETa#4rYuPOutY&6mWg_ z(MGMI+{d6DlS{zK6)4?>(LA6%LPC83-=u30!Jh}!s_ZqGR_A}zp=lUQ$Uat6B_5<% zWL%2D6WAB;VK-Zt;f%rm@SrqJNw^OC!+=ug{SqrWt)G&gOcc)zpH0DHWAavEkJdB1 z{roZWr=hwM(b!Qtnt2?pc(l$bCG_ksLc@cT?+WzBX=rTllE)9}L?Vc~Y%OR47Dqm4kceRXJKGIB0M`V45=+$ro`5m|m;wJ?bR z+3@+by~~+3=i^%$7LeX}HLQBi90pVerdw^xo|7tTGAR<(&V@Q=i*n!3OfebN@{XLG z%d4bav|y4!GoG@09O+o`0m%s9Tc--j9z3GhW)>QP%jZbwT_B7xO+t3~!w5wNym^ch z@~5s032k{h_HbhZYqZTrLb0VRG>7qt9tD_$8nAWr)0-IbgYPyJ+g^(2X`M7OM)&mt zIQX4d3k{az`pnk1T1RsYX^+@=K?E)|b8q7pO$19c4*rc$#&m)t$=|cX$?X0dBC5X? zQ*%Lz#ENwe?k5beFffcm1V=NI+CG{|({5SBf)BtTJ5VzJk~Get(+v`W^EWVXuMp|H zvq>y&rRK z22Ul?fj?T7{}M#X%&(JyeMBA7x+vxqU9uaPKugaIMZqij)lgQiWFR%Pz{u)|Cr2rt64^Ircv1==gY$IXe!1 zF^+TDsWRiGFDwcxWAAOj_)f4Mg0eEpH&p?Eqmap)e^7l7B7PCe@5p!$@XtlxLc?Kk z@xnTH&9cL`k2C?CJ-qPX3D|wvx?H7gom(+Dg!rgH)B5Mk^P!@a*uF|=q%U!S#d5b{ zcbV}%IHZ1B5c@~Qn70|9B0@Ftz0bYH?=t)~Ns;I|y9!j88>UYD_22{Pa0-knDGh%A z5tTfh&JU)|MZ#0r;dT%U>}#{~+`j^|Ft*AwW^vbx*spQh82!WiCyWP{dc5kzGs&dI zY62t>3eQZJziXVIcL)WoaduIDB6S1mNq-@u|0u_q%7l|v<`EzEMSPOlyX*~4FQ}?r zClp(WZrA1#)0i|MNf(|`i{)VUIKP{P7*pKWuj_&M4CbJUje|qYpB@Y!gb`X~6@pZ! z6sU{>9zhhT!EC6@RTB>MGt~0;RclGA(_IueKm6&>`;@NZFnKtfy3sUxnT%M8;N9Y?8G8!5@~i=t1PSB zZoc#Ijlr^r)B)VPxg*#-KfE){eu8wESH-^++8AywJ{$qG+I}r=Vl5=|+Gj1$_OXdxl7lLoGFV}s2V|dfsWe$k;X$;q z5n2eRo6^H`Fa8DkZY%~hcRT|2SU8@y*GQLlG`~dfB+`H)ViHms-S;F@kYq z4mR3jR@NfU3-0u{+>9g?)FDpiIrW=l=YW%?-#|oC;$Gx1ehj*62bizT3m#2PIcwyj zGM<~YMCXWz#DLjS3~ue(G;yinvReFe#EmKgaC7sNkUsBh7w?s(iNpj8YK9|@M%0_v zKi1R(dD8W1L(Ov?!-M+~`r67ttL#{d4!^h1_ew&pvc^9#Yhan$c~SQ(ZO7i34WPkj ze=%R;u0kOVu3B+dV^6$$>em|Gmh>DRU4{}Vro_S zqL^K@PsD<3k6k62L%s=*9gB9}FC$f+Tkwc@iC?C@$zeP_HYSRqNHI+e&V=Q~%olbW zkFygI9vgbHuJyw40r@~Y?sn+9 zb5B``d0<^YcX|5b_Yh*awG+2qBTC;XyrYoC%g`T=ES3I8I%`0h_qdE70kU7mgt+Iq zZ-ZV7?>M`g?H31XBp&T`vM8)%=xL>Vqam|=^m^^6RK4(Ow4hU`$N_z|*)Q9TvM~aK z?{fHn>NUR?(6R2met8Y(HNp4!g^){Huuoz_)UQd{(<&u+!@VD{XG-tP3|p~TMnu={ zAAH^Zvlt?Z$W^!5UU^LNbIqu3qNREV(KE1aXB{J~weGCB)A{leeKSVM16SY0sFMGe zLmGmz*>@wh5QBq#vocS4#TL`y2NI8Ym?Eo!2P=1rV%y#g)#3?_U*otg4R;4`=O{~& zIdf{Z6^@3}FS6$wn;s_x!*>D^Tb=Y_;6w2@2zJ+oA6ue%MZtSQE`S!HDvx6O!?B@0 zGFG~l@FI|!=`$<&0fkc~NdNBZbFkzlQ&2$fX!h_Vw-<$S?`AX_5+WzBTlr^P;CP~% zHRaU^^e#g_w&JJ1VXaw0uRN$|V$;Km2vI7HuMyn9Tlo%UH|G_8w!d?W^{4>^E}dD$`xb z_bAF{sf6T`J>YZyirMHWac=;HTt-bk_jM>%xA$9vHxPUW}GLhSaiS@`pa-;3?m2ApISD27#&j`UqZ&wmYM;U+^emSRy+Gf~!X^rGciQJ~sx zY~(U;gZq8Qg@eysm4(z`QYYH7&C+aUTgq%T!wQc5Vs?ig`Vfh*i^@0AJu##yD?3K| zi}2y6FTEKn?G|1iKN9_I{n2s}dM#sw1Yt+ofsRo`6WvR6`y^=2w!jqm&Ubi& zrbQLEqy!Qx-Rv5dQB;JBFxA&fyEZ-FZeLH`aC>luWA%0ND!aAel_b97_Sl5-F%0T+ zBr5{PxSa`^`Gd4cCIs`F`Pk3%$a^I`_%ykYc*0>>meOoIT3f*=V_r-IpplzqNu5!G z>Lqii_YLm|1e`8>2vs(h==*H1ZRR*v@`X`7UH&U6IUe#9h0b%CG?`ed|AWQewvhd{ z8rJ;GCsMFqEyQxmsC0XpvNOlvTbY9s{Wzi-nr@Q>`}texeAt$mwW9<`2P*aPpDqmF z{ZLNwP@y)A?)beHQ&X0)Y>IlC-M5}=0+jkh$E^g+iE@{@Sx&#-kP$!i$PaR2eUV7V z!Kp(B$N9kV4`Ak(*khWeur1v;h2g|!WhTql6jw<@Pq zD@-sTF=v2c31ee(h1p8XyJvkXHR=b*cbKH(uX$p+gHP9 zcT8V(n<5|M8(`te-C3>ZI`Z)2u8_h&`buQbL||aKh{LZpHh_53O0b|RGbEZn4G{;8 zT`h)?%X6va>~>b%#b&@w?T$p?_i-)eC}F^9|2f|z;RVm-HNK_*eHb!-(^!f5wC_7_ zFKB#l?c?U>4#SlLcIfVJ=pkUuKmH3q(w=m^hB>r^sK1*K5f#!1WuU^rzMyZmOd0{c z=)oNGUW%CD^JPRr!-U9^qSpy>7YD3251D-mtP!+8h7o{4v<)`w%l~8Vo4Ruex~+GT z9ox2T+qUgw$H|VpW81cE+qP{!vH9g(d>7}O_a~e&>ZV4I?yjm)t81-ZbI!%|yBSH! zm)?z)ksN6eg<~_{rt3aB8x02euk$K&8h4aum}a?v6%WSY~fwxK~8oS zx%yNZ^@6!>WZ_p_c=6pf5yc-GsXWV?pcO}3ro*swdYjT*g6q8W^GaPdnWEf-@$+^y+T2Xd?0g3_eQq+$fgrc1>0 zQlj+pm9mdU_duk8L}#eTD-_LHYrvC3z}T*`IM*m4NLgUAJ8O`Jr;xCxH?Lp#amR_M zVZ`tl(ov2|N*{-m?KR73MC1KC6(&;-gBE{9f5f%thS49NITXf>AcXagLN~AszNhx& z0J6Y2+yQZ z<%M&hO=WWrl_7V>ph(0>FDoT3hT?IM@+fP73oqL#q)|){3eAHgF0$2)AQJMbp{ztM z)b(4Dz*cddyECd0u#HKck`)O3Kxt}IoDxl(bFKX6;8ewiRXVQ$Gu32;;GO07D__17h4FxT`Pp&xvbj}_yFwC6zC*Wm2 z+{Ls6Ck1@lTj$6webc9~KXP@}^L*6q2SNpd%xxW{^7t52aWqoJul_t#M>jHa34Sl< z4)#*Iu$#&q?w+Nm^XTH7(?RAG?*d^1EruZpSy?a(%T~s)$CV@jc3=iktHuCNBbWqs zKQhaPS5t-(eV$U>6PughUh+f8z<3LIMw69Ohwd zgGG5`CE--BMz+Px_g@CJjT$da3Ar9CxmjWieRYASGTZtO7aM!Y2bF4;=bjqoiN@KE z)^xq`AWc=*O!J!PjVKdg)T@IX_ucw@O`o*)Q@IrPBQ*6J9ftoaJOv7Z2fb-PB^xzy z06&;K42i}QgjoxSg7N251Dawsr;vk9UBVO^;^TkLA&-4G(az#)kQ(k==(o(~a}FNK zd@Pxd=b4NHE`kU=FP(mbd1Ha*jn{Cq%%n~%@~OR=e_K(=6Bh)`E8xYhuY7*LWVC5( z{2^uYJO?+0sH&xzwvQPZEuV?<&a0t zZ7+M0$agg}CFRLQu#^%lFupA$Cr_+`O_It$vHm%d%=QCsOLa>hDjG4g@h}hGpych0 zLcx>BVY0^mu|5x(<0sJfd`TUF8O~2VG2qPJk3u^!a`R$t!|<4*Y*&mDjyNZzC;KPF z>Xl#B95`m?ozhbDJ1byixN(2^6wgfBi29ieeEU(k(+MxN;!))xm?;4=?9%87Yq1uH z!}j2!uRdf9W)P4n8VDCPB)|zj;?~UlptLEkN)?O^ujr|oC#==9)Q?jfIkMz*AHchQ za+sCVWHFyt>6k7XJWOi)MgxnGN;(M%E#qJTTw!wq&G&n{_((x z)PqiFSiq&$t`8DQ{JTN!oU6y{LxuN63=kACImL3t>!{g#b{=<1ejZb*D+h-K7@F?` zmahi4o>Guk=VvhrrO=Dp?!i>)9|>o1CW;RwSAgJ^UtOJ9hp#94DthqFHGfyp?fsEf z$Rk>~QCxJuRfl&TNb;Ftt)6ufY#Q`_CYpmyMOI~=8o|zUZP$I~5?DSW=$=Cio#UlK zIp=P-v0P>HwFSRY7To_CW3@7xd2y`}R-)ZxOTWeKsxa;`zm{3q{y|Dj8H^MLx{*L- ziwDtHDW#SpD-Wa2V5^!0N|k87#J)2&BE4PZT0;t3kU!akmQ|f_57xPx77i-5(|~?A zj25Wl3mJ1FI}iVmvgZb)4Fghxgc|0AaMQ>lM_S=OB3-`ew!njc6v?QD0lgvxnE9Xs zSA>R<#A7$iA1^_N6Q*<&@M$=gUb4FqUeRGjAL|?OFJXSd_aJewrOKcpz9!~y;TR1{e8YT$-HKm;ias}d<2kkylMm&fo3W?=3vreOr z*eGkxK%D+w+Bf* zZPp@H%BRcZsHC0*wd64ID3rd_Bo!rf96H#sE-|22oA!#pZ#w>1lSJDwdc2T#Y@U`! zO|0pXxC(gxC@VmJVtg_yJguTCu@-FIMN?IK3O%@)aWSfBa)T(XNE7J@mujr~?aLuqCd@yWQ~DArPqJC0aB6sLD*dOV zyY@(8KUInFkD?HCe=32H!zKrKszLh5lC}zxF^K-QbdauO*dEb%4=)3LxS?r*GSb0u zhF0rJEx!zgHBQXb)N(I7rhBkd-@{E|`RJ({(h8B<5tsvvHs{4XL2L2=)W{8FHWNmO zNxwGx0bQoch>~BzY^rq|jFj*(eSZ9`!w1ISf&PRX3_D#gYWSEoQ%PQLs5nQluitom z|jc|sSOTSkrI?k>Mv(Sot&J;yL*Ai5Oeqw&--%DHuh z&usQq)qKn@d4(I?*tMY4uXK{E%1vchcvx~-h8o%gQ}Xnb4fvfuB$^&GlQoZ}>OIZs zP$dlT7l43ibp1GoU940w1GTAIPdSr-uTg?|IkomFNtkhFYd`9$chpBo)YdBhJ}!yW zg#8UHnkD5yXhYT*b()P|ZS&+mup{3eX28ieDFH4%NlXKg(*4kP%L9kFZwCz;>MNi@ zD7nEv^YHb03V8;DKG85n32VxjsWXp`*&85}gzD_r_P*u~51Z;II+b2}YFbL6VGaRPt>CdQqBIGVOr^1{n+fYNaqYDy zD>hTPz+n^TGzcQOly)&#`K@ytC`#WoEVo-%fo!+ugJE<{!H@jwAv9O7Tyw?QH-XQ%Rd0urtIh0 zKhsh1U_eRkVT4I+`)ci$xIeAx@9NJzJo6vBR@FRg7{@#<_ z1*Z^52%f_jKBo{?Uq$1K3L^8(v;J4w>jQ;;(J*7$aJ7E@GqSUIT*qy7&*@%br2D+n z2Zz_EjHCL!61!S?w=wT$UJ6ABn;aHXvi>^cqEaGpcU`8y?8fFiA)m0G1?C2v&$GFv zkQ;+IRcd~5xZ)U6-XjjTeBiU?26nkv=$aO+V+o^F5?+oZa-#Gp@_FJgr&bsl7UjxExZYW(tm|{as)Aj?w;f9yJbNq0xzHV6f@L>d9rTw{t zAP`EN1UjgC8fRye&0b2*Rx|;5^Qd}O4CK2bTE-!DWZy$wQEq{3(CXuEcmE!aP4~9b zveOELu(s;fxCl++-$P@39Z~m3RG?%e0Deta$O*ZfLz9g_<^GOdjFIAxTRP}1e>2Br ziLKlM`x> zQ?iYWj$#xU?AmR}%58%674|fS zN2~LbX7!TAh5Vi~nIvfBMk~=VPO*{58&qIV&i6;+3>@r-X~6#BIUnBZa3IJ+htkR) z8oVPRX$g9fFjh#s2dd!9o166bowi6~z z2#)@UkZFPgeU|ngl3PcRk8#D>Yf6sa`(KVV&h) zzg;NSOs=?*jh3_rTn+?(Y9te58Vn{j=cgru7ue$1Jmuh}K|Y^{!PCW}6eTfK;uy(} zr>&ul8HgmqNO#i7<*V9ofY4XUWhPN339GEltchA#@BVjXrqCILUpzMN2}s)EFp4u1 zJRNC)gfyk@Jm&f`_?SfqJbr*kkwj|vCZ9EW%+A$XLr?u?d>rKf4~NGKgk0Bcir!}k zp-KS;3|}HrukrFw3N={Zr~HhB_@@GzF^(KDK9FNF13l`6$(ATa#9qNj>Ghf!vp5p_ zBVaPPNgBk0F_IYmAsf}d z3J&?Yx^|U)h_$%#nFkzW!)l_Deg)uy)sgMn=leTMlHlc4l|!(73u)Q|q{Yp#Y3gCD zu;I8}iFEi#3&UoAu(Tj4IaYXv;|G63KQ5836GBbik*zroaldhz%nTF>N|a~}HWhDO zIJyQ8I^*aKY-N4rw{W^hNeMwos?VxJf`a1-yEq8a&h5$LiuS(*2yK6aTAwowNh7u&` zq?khONy0vo9pe#MwSGlPlocLCS;~J7x;;SNOOMW}&KoV}9?WJiL+l{x*^?rq8hW;E z52su5lz3R}IZ((Q;z*IdF*rT&((xq!bYWf4xUrb*A5La>fl=3lR!({`9*h2#qhmS- z%@G{h#8)llFe@dM77oYNdWonbM=(AvFgA=PF*3Lm9qtwwA{h8So@|o~j=~t8h-GnQ zyvzFl0scUo&6J$)GUtcrl9BMa%E~o|aQvsJQHU_a!@v_4;+Sj|xNZDLia1;nK2loN z@2w?^dkLMVDn5k5zUJtS5SOIt2kMU?WN&$#Z8117eTFp9Dw6Go2YE^iBL)iLOifiL z!t_p%)R>beOB0O;wHd%+mig{NuQOoZ_s*Go)LZV72S>n4t4t|lp%H4khSnI$l8h01 z@~h{!=;SgkxC#d4Gbq(ST1Bu`lqbk@5FdwM+-t@u?YK)3Atmq0(<$SDYIS2K&tXiT z&r-E6d7xv90!xjHcKTgQfw+>j49%$}_84eXo=`6MlMK{7iU~aas%90-gI|3tloJ}+ zMz9XFOt|UcD6}dB*7MkU5L7IwH2OeZ`L7F~TCU{Gm08Csl(1cFDmn$Yy4j9}k%iTi z@mzuG+MuNREb@4H0{nFc5;FVlx?SYUdo&g0rHRje zhmWO{$IjV{^tLi3dp9s%Welnl@S?~%mvE~~!p^LBIUW>V(pk8ZBa_|1BNNHZ4*7V8 zT?lA+8wThLGC(n6ZQl3sb!T#0!)Qe+VaH*~Xv86E;sHba6IEwSI4c>nIpL$}AMCEK zvc$+AAmpB*q9y*VA7R+GVPV-Cgtro8u?42!o)&?w!Wf{=7g&HIF?ALDgVilpsM2oU z9IZLRhCIrm6#gUo^Cw0|A;BM0(oldPH8wAdfl&I~$Y|YAP>2h&$X!$uxMT9DOPI#x zPA^Qng_$DB8R2Cl;{q$WkyG;|M{T1LCv{_+2Aw9(o?fr{CJ0;*{!)57(_amO=1V@f=7DGmxr{0h~~y?WP1W{)b&LzP)&`v@$m| zUx)IFRoPyq@b@DsC(W808BnJYaX6+sag^q#Yw9s60hzN~oIS89g@~7T{=k&o=<WVY*On-2QNUC~=m$1|{bJp(P0y+Ajq1E%bx6}tSv+bCymht=@HXC+D8<{yo zJ?)o@5dW*1hr{750@iXy!#=h&f3;e(9~QU+$j>hfke9~!GN3Rm?X({d%MYI-4jb=A z5200POMl^&cby0}I!}4zmqHAb^{`Q>6CK*#{9)P7l8=^dkW0DK-kNm3>YA5RP5F>> z4p4)-vTZkj?6C;~tv(DB&f!OMj@0D}_Dv0KuxlLa`9i0v4PXOyzq-cP$4MGwDOI|U zOwGsVhib}{`Sy{xCKBYk{sktE^m?(Xk9lbBuv4e3mRD6sv;vwpj=(8IHQY$(4<6wK z{}efgOCdE|`~>m}D}TbQ79`O&-Fq(A8kCR7^H~|7UZYZDzv9HdC^0EZY-Z|u+=;d~ zpy+9+J8dklcajXyMspV$%)hfmOtTK^PIxd&9G`*4(}&D!bxqjVEA=A=JGbNEYD#1H zv`A`VaLOl|?b!*>-jZ+HH6Pde-blxvh-yJsC4HOh~ZNAS! za}a%n8jT`pxhkzR3>~-LB|>MXvN^qo+8e_s`0_mHMDg7>(n58)PWIp#idh(Ro-?Vt z{GR?8!_>nvE6eii{m34#-QO1?i7RXgOK9xl;JM$NkXX%xgRfXVm#{nz@_)!pC5ce7 zU9v&uW$+Ebv0^*P+)lIh-jd&;5+zK?(+eUlD~mM7WH9)JR2@QLnreK65~xDW?M|GDRCh4ddXM1-a=Nc+KeO-Zk_IUxE$(8aOFMWmh54Lts8Zx5I!; zQXqB%PSe`POglE!V2C;%zlR1cv`=5^nAA&tQd%4R8!SfoDadt63(y%GYIXF`9P!vg zB8#s%#P73-=&B5Xl%5pGgp!FN^-Tg=WUg}QH+YPE9x98pFJq}GALhaMJl!h|+XZ4OHJ~C~+Mw zSO3J%XT}HS>+q;>tk9jbQJEW~AeY>c7C{Td$`GW;HnuZbl^^5C3vXNBe_syVS7!yi z>MvBZx@`Fl?x2uB=ORc-1L@jflCy7nl~}@GkaZc@X0PA-8!yw4s0_<>>#+J6&i5J8 zE}r-aiy7EKE9NNoCRAy?syfFz7|SZ8`JWUOmoH>p>Ar;G@Oeq-_80=FGI?4-(_X_5 z2Sn*dYx4qB{7=F0eae5F0jKLH}HLn~uwwwTmtCD9E z%@PmU?`}!rtfRK7=}-CrmE-%##}k6=MEZhNfuE&nhQ z?~^|w$aA%pzWL_ZOCr36`L3+RWV7VGtMr|xOy0KUiK_JN={r^am%gE6&H^=8(B7@! zjKz~S5E|aeeZ_V~h)cG`?@Xn;BsfGS4^%8jMA4WgBc|k?ytdyeuP8+^3R!{xFBB zJOpbzt7XY9*hbbMGMcWlqVw!47g+vsE!%k=r!H--oa+_z{A6Yx5o)F7PTK51N2fD= zkYwzgtZ=&4HBXf$elKIkSSz}RxUIvdkc0uucdB9$r>hEmzZsdBh%~@9s=ZGZT9W=! zl5`hY^2S7pZ~rMu+(k#BdAi;pc7TkVuU~M}>~YD!;Y%xwPNx4`BU#$zASIT#WMEr5 zy1S!-lNRJ#VY0zSDtSC-;(k1Ue)z?=G8U+~;NT(L-oCh%Aztt<5uH z&J^bUxPo*HY*i_{%wilfrH{GabT~p!QXG+R?rU{c-kA_zxfbtc56>biiZE@+8!|r$ z54hSi%XNx81;#H!N-9mC;d$7Q)4aWyS$z>Oi0ay@>{h&n!5sgG(0ZC7Z?YIjH{L;A zs@vG!0wNrUjZ?F6mO;)_42f83gz zR0)dY@DNf9+NRGp|@Pgym&n$x>ky&joH z5jq^IJDZ!pj#LrvD0AoJ*wi<2!P zbX^w3C0s0|P~^y1kUagKbJ(osdrXs9_sR=^>n1S>7;G6H{ZpG}Xv|%1xv#%-|uXz6*|!)v{~$#hbRKv`(4 zwt>uYPKh$2u~xrZdW7PoV~V?t+xqq^RinxAu{p8Kg$*Q(1)P<;tEszb{^bD+hIGW z3y&M2%oOJ@!&wRCZD>1RCeU0ycfxvJA+ z!Miu?>(avx8!f^`aDPHa6AZ(oQR09{`5|>c{{nT}mv@{<5@IV}D*D6lz99%t)t|!~ zAgQ=M#)Nd4>3FIGNDAPh&`zH+mEp^ZqH@z{I-OFQTxIgsXz_Qa-?v}- zj88JK#TbyO)0DF_yHkzvER6B3uJ5Hrm*!Z2W#{o%i9oaAO?s`-5cW8yPApYFyfM5n zC}?{;xPB9Io6&DP|M~?7s#yhvw)L8y$=<*>$zFSk7#r3MqnY{?^#teawG9pGi*FS? z6{e@~-@CZ3U?|jZ)dt%*ID}%CbDxlC!P(M?y8}dctZIeYD6AtnuvJG0%E%;r?@TWG ztAYz>B=$%Kr>#bOZHjW7ioW}=#$CUVZ{jR2X9bo(PbT5&Qi=Q%%;%tulO3h&ZiB0! zNnbD8ve2%6~ID6zoG z!H-5d?7Dv0#d)9Tos0mj~f4V?5E&t(bZrf-Qp zR9^FSNFF4pXegijPtza_)#p;*=5LYZrmE7(N83OdmJD648QYToNIEPsrpyv9zZO6) zZP~hFh5nfk0to>J24Z>G(Y5Z|P9$fTXnKpKzkN@8-?I=~m`K-$+jK)OPj8`J?6}&5w3GC5;Eo;cK&6E12zl zhp4j>4-ayN`gH3}OH;H&^ptL8ciGtt*wiHF|6YrUGALfQcA0l<)dLxqLX?LTDsOLY z%1~9Q@?_=C*$z1Cbi11i+1u7JoX+vsR^3zOw0J#FZ#(T;VRQvClRMq?xosmSh?k46 zsA-=clxhrGSFKo1_l&MWpo3>QgZ~`_%4r5?psjM`5L2&!WcDAXzP4c1PnQm9uLOtuKmV;nk zyMG1wF3z|(m8V^%8nJt_WHBe&tLIXuK~8J(9H|W8?VS>JR3(m%ns!M( z!>>Et@u1~?Wd}cTPu~@ZedcknUTie(M-rvW=reEf+kK?7G?S>~cDBvtf(+TW)KFeG zUGgsuon1~mwq2_rpH7G5RoDB;s6JSCkbT@5L0>XJsmr~>B3y40P-xa>jMzX#y_+1S z9L>@*+AOHE6)A8xm&{x5zJaz`*iQu(6W`AAS5uSG$6+c!LIHNG4sxTaeo;g-;NePW zlFZw_PPWKqrH^Q`ZSI9tHDxxN(~%1pzD3aFUlX=SP1Z(5)Tv2}WL4I16n+d}N&)-=hHd?IHR<8UT`=^n;A$8b&{Iz+Kaf zYSIBIIC~LRO~K#FboG|rH;b;c~9<1^< zLR(2n@x(*)_)N+jWP|DOqGapZHnEGZv{Zy5m|EOsecxq`JG29_CItG-vOTv?RfU-1 zvTXEp5>>0#`N@^HT#a4r&PHEflP>a2tpaQF_~Z<&RUa<<)%n}P>Z}Q{q&8#CO>bHb z$OU>UtH`1dowKlIi)@f*#f~NKuL-2dHOf$86-JlLNWZfex!-x)t%kVATDXJk7nvm|<&2|-xMiHO(1^wo8e?I>F!`^hTHy`tlt#iL8TWfdb-6Y#3L$wC*z&Xj> z#kHW=CLE!v7Q?Sk%WAjmu1r~K^jszrR0}^j6zrVU9r#B`1hroqRa<(M0Mh{JbvaZ2 z*3g0XkE(}!*SZ=gGuC7BfvJ{wDrwMxdAQybB{U%uWZ zg@u5MJmE-4+`@<~&?>f^Z;SKcW5EW$5wD>f8Uj7e8?eo(zAR89CR4+G)AYw5`%8En zv^Q@W)#I$&GLzB1qopyney@^|2f*dGDBmkM8JnLMs(cHz;#}X_u2;6SbV)_E19y>a z;j+|*J9FprC*5EA6t2O2f=6eAvyo;~W5SKOm^utIo^nu*x)}S(d`>!h$PA%W&Z(=#uLO*_2=xY(>Z@o$L64;!a~1J_sHofZ3-kK}j`wkzyt|yb z#7eZa8T5}ATCB*L7D}EpYtgQ)$abl( zMmx%YRy(FI*XY{l0jz?3AO<`RjoE#b=-SQ?j`ePrGw7wW(W~5x+#g=b1Fhn!$;wW| zo6uVLD~3X~M9ywYPCR(gE*%4&M18&HId#KRjQZRJ(bg%>7wSR}_i2uW!)}`a?nSn5 z2?)*m2|1roMxRsh;`p98{7^@jQ4Ot61E{*yonNbzLM7S#&%)Fi@3kD`3(H;1Yb zA5qN8F9*H(x{48ZKCFRq8;j@kGt_f0S`1x(&wsZN!b+xB8xJ_OAkP^c4)QzEp4jgn zRqjohUOWkrHCWKi4TF9fKGJGlzvKunwf{^*FJ-Xj_IUJUrAd2yrfpw5di4iF9>1xn zcR+uxCQxRqndKyeOE2->|8dkg=eY3Jrn?e+UzAVLUq+IjFmYGs@+6f6M%fL=z36Kh`x z7|vX@ck2U5Hu=h+f(`>;y}+raqX-D_bf#D=6prlYRTV%PZ5&;=X)J21CgW(^&$EWn z=6{`3wJJ*WNdBP9cVnV+7VIEt*LN)8y`mq%@Vyr>RJCH72hrlYxlfSq9>8bDR`gpp z7L!wMq#8iJo<>V>sxk}!F|5b7wG9c$=Fh4vXXaV>TyR)AUIdc#JXpQ8bxpc-9d~BN z-QM^pd47m626mzUNw%s2oTpY$`o zh3T5U6ldpBw%?CS29a7h+bYiV`c`w;WUx~;K)s)<@*4%x4VHJ9K+WIq$7Uyo_#Luu zb@WF0&Ejcb_5(OWvhLatK=zFEHrr*UzKme4h%5T`RrRVQb#|E#D|{C?@#A*&u&?+4 zI~3ze$4O&1qG5@7Q33VOc?bC%^mKlIV{v?_D(s!b3O2PC3mC|ZtgM~v0uP*2fit;Q z=+xJXb4FV#+sZF{UGtp*4*ZW(asFgvxvpOoYcwg`J)cK%hNFDR&T^-Jub((YT$k&9 zYBRcNIFws&6U6Xcocp(hIusV)JY}jy6hC}fa#Gn|NO9>w)OloD%qy~r0Jp3Um`jHrk-E9aPnf^q^+y z&fIHqoSeS(5A8@?<4+ZTU2fNXM9Fxo)*t@_E9Y1?08^#BKyO!tp^G@p9^} zByviU1x)ez1wSx~`61SUBC5VJxRE;`y*-xLB57+9vH5N}IX@p7cCS8TKhCSK35$3B z3>3AoEoSNO#FY)1mE(2c zowCYTCD?cMx{u0H<(__ml2J_$q|Knad;@NqPJ-!e=FpVk($9wBak>TkOgTZQZQirT zUHlp@a7Qb)<PMLmhL73t^PH|>4`sRWzmsreOBm?68pY__&25a3nCC% zdj`Mr;F@3X$;>#PjR?LutDLylJ$t^NCq!Gc$36_r>{wP?XhQHB%v^6@#azA`L~VV6 z;&S)EKR4OpT)4arr=!%i%kf`mEYy2zf@+X5m_$nhO6pQspWTyDSNwFOFWJ@{z4R-c z=+2sCH?DjA>2U>r|5@?W`F*z1yW#UdX&Vi4@wM9R;=)gV+NN+{(PZ}g9^t(-b1kuJ zPcr*xVUOWiTCJW=^x~{wcZevZh@{cNcs0xl&j^XeQrd5EF-Y`sSC25PhC3jx)fT7e$h4WlIgvtw%09s zxzyi}5MzN84T)b!OE$UKUZ{@9N=FPRQDD@q8}m|}J}2*59^tI&cgT8gZJ@~r*U@4?EZ*jF~6f8e- zEPNyz6aeaHVxFwt*t}!r<6o5>7yaHEy_`84o-ep;zu$&x`uywXDzl3jQJsov+aMsS zulV&}0W}T<)o7{35Q%oU6KQ6tPXp`KN3KWZ_gLaVb$tDlkX>qoRQC?K_qujO%H9GF zqjt|A0p-~3BpDU9jjiY0o<4uRJDSCN0P^$QXAWjl+^A&n#=-99Q8~KZcn5Dd<}HdN z3qCa)Hey>Nm~y1ObMKuBYA(2+7Va~hWo!>0bl%dI-KT1vKS}5^n`4~p%z?A_jcZ!I zr;D+H`R1Np35-;)actTRYqwE!*GF@u&Q<$LhWdBM*Nk)j?hsJ~tOV z5t}7)PcGHEI9&0-5oA8qW~>p%ysWBGwn9A{IZRFW=MEL0 z!@AXDl_Lk0ZR8V}CD}AVrU!`l7Qvd!pKa!~I=okyk$wg%`%{eB-DAfVcG6kcm$b_j zX$$rt4V-6cO)M>H>r(g(?>NR$3Lcbi|7^DOPnWL_42~M#cTBw&p!+ViJlmQw(i7d+}u|(04F&q2|K}L z$|_9reP@QQh2DA99sF%QhwCjteWQRq-di3Gy~~h0Rq6Z9o}p>eQrdTQpd|nXu-jQ@{j&sU$j!5jn7-)V)_y^R5;m4?LlhED zaHd`R=D2PM0KX|3HlN4%YjcA!yK2#1e`KIb&dgfTW9(3y#SGW{WMVXFLtp9lNFw}@$g)_(v$)EQr5*d6m6rIqs z`zv(pi5Z8GVbH*xorvoe^Bk@7{#|AWSZWb2%6xEG#^A*2^)B@N)p$j`_W+LGB~$kW zhuUmS4jJ2=KMFyNa*4ADU=S#-7DF*ys zOZwki2$~;aM4ZzfLnAA2F#^;HOM`budL#m%|JD2g!g@m?C53JBm==%lWdht7T7nMj z8Diiz{?lVWiD#dW^4`?x920&)#{Q>YZ1lJ5?{OUhmj_p-I%#CGHG0~*^zx)4h z{r>kJ`Po04A)3Bi9SIVH@z=Qf_Ap&~$r2)pIUwIiV{h#%m?)BOvbQzsPi*qq8vzFItY$7D&SI4#*13?b07j>2C?jt0=rDv|UWd8fD<6~iM8Ly!O zN)s*_CW3>blKS%#wRs%i?G!9j7&&4rMxwGecZRe1^{|cXBm6%N^T$r#$?aDmCEpOT zv$Ckkvz#JLOx=&VT2dyKv$O{fu+qW*Hi`W00A})DRw={Mr<*{liJ!_~7lcrFq4XPp zoj=L)EITv-&2!}_B0i5_KIU@2yQUA#ojP-Op2;4gnmCIbFC*8d=oV1WbAL3osEo*` z`;-exj4@NHBab~oD;Xijt-?iE0gDlJ@o7FhF?ob?8F|{0{3@%vVs*sto_$qOP$AOv z3Hd!>GrtVM$buzz#mV9PkcT-b^dIJe35nw(6#q1T?JTXP_bY$u52C9`W>_9#oOQlj zigtL!T_FR#e&?69r(?`YaB$T8EJ1uyg7Mv(Sb_JajBU(DsD$yvFh&Jg+_F!y{flYL zh|%9k#S#fci{{ST^>-!po|AvH?kbsgZkGR7~e)XSe^E34iHDIiE$yxvZl6C%ZO9#{7D z)Kh^U4GNlgT+yY(MU3GvFgzUebuboPSlA~SlGa^iDH4Hpj#HKvLuBt7*__8GZpJ>=ojmUKKhA;w z>N2GMhP$Nn{6%}~_OTySBrY!AA!3Y}$ROgc#A3EN!lO5c>^~IBK2eVnJ|JD%#cL7> zqs?$0>G0dP(Vk?}0w~`o1bbQROMq>&Xq^N_g}q*-L|0A&{Pn}0$||L5$;xygSQR1A z10B_RBFWmQ`NMrdApFzSN-Mxzx@YsE@-!X?N>L(KRQ}byO1U zi^T^;!feP>bnc5cCsN4j!uEFX6dH4s&C$JSUlO#M2?EfP>Xh7;?lRXz(;5l$xm$%o z$@{s6cz?jbxmuTLNay2v#{Ot{7<)44ak9kOz0rpxV5@45#Tkv$PoN1TZ#b? zKdO8*C4^g#I+6yg+21%;U%-&)%*11j|cSMy^){pfQUhA5XpoS zF?o%K9Dj#Uejl;PMzfat{g!J~lPt%4IJgt_3=lLH0%H9TEi;)s3$T*+r{0{$2@WT! zU@LC@VOJ6YlO^FUN90gUn8RZ))N&vJh_c@Swrcj(W9K3lrGd!Ez;yUUsV*< zC(-qM2G*gdSz*VgMgGJ3f+PDGqQw(5T5khG4pS-@t4d0aag+rH&C@E^Bn%(JDOMmi zDM5j6L^@CVX?d3JDk&=)S1L6xStl^6{^-V7n2#=wDHqzxH(ahaAk)?%GzJSv`W2TD z7y{FB)2fq66CfFjHn?wqX@0-64m)2(GEcL3OTyZcAqvpu(&Wh;>`I7*G;_RV$DT3A zFyu!hKOZv3jAw5}4VzAcN(Uk6&a%7G5HL#6Mn@hMYSq`cCco>z(bPZD@Ea%DK|!SCeela`tB_4N}^uW-BaI(u2AM9zGf4 zma?!ZI>Oc#{u0%jO+LJAl%brNp@ZtyNY_cx1SwB$R4&KMqJ?lu+W zsNQ6LPhkVcgh%InoMjpwO9T&gn(3EVr!5{}G_TTYy#^dQVKWTlzf>0Ot?NG+=iV!&S~RDl`O=h!IYNT=*txPC}j#kM4d-izP|wC8s&?^;3v zeg{%6s&NjdvLT5{K~W?kA!RvkPR9DyM@`?7jW*YEuQa&EF6)S)F2Mincd) zOkc+R!I?aRa3qD_F1jqG^$B4uRO`}Q+~}yg1RKf2N9fFrwouP zZy*ebE=oR)1Y?j(mnfMO+~@{MH60Q_9!#>HU8GHG%OnN2Gnt^Z!`Rrw?k>%4byHB~ zX!TGyvU8LA%J6FVgW+$SSVyJ!^pY0w@i7ynTa?LCx+Sr<(O1`NrP*;_y-u&fLya$w zMUJhq(8zkeUvi5m)^fo*dQk`P|Eq_FLdSK3?qi}TrB8aDEvS-~Ao{W1QHGq1^bucG zdwsgeZXKx{U390 zlkt|xJBhDcb6!gn>&)%5cwersMpA{pAmGupS?YXYI81%~ZPWN%r#>R$!l1cjk@LM& z3`j{R?{A?$i%6Wv@31OHb`aAY;@MwzaRGbQ_;umGWmKbMdN-Z&B~tJmTZO( zZXDc}>W(f)3Mg15nk>MDx}zak;chjKdZ;=k!GimEDTsnbIbk8LaX4eDbDWBDOM+l@ zl&%pl-|IGK^8=gns7_7$drt*s@uns3&(2zG3t7BzqZ6mwCo9L>Uu>2&D)6u*u5b7{ z{Q3**mA^c!KFgOfl(VVbm?aiKtK1c^Cd7oQ@IhNr&jr!W>sJ(->u$P`=oHk!cBm4+ z$a8ttc%XA>UHPhcWKIMx)6sCNGA*OhMwuXw)kuM_rfJxvlF|;#0G#_g zDeY(ia9ugP0vydnnk7x1J^9}~5$|AHg=dg4oCT#`9a)tE(liw;iYI;+6@3g`SS4*K z%`jMerJ&zM{zqs0i6GDj2PiF$GuCq9fiMKq$}d`ellXD737vQt-YReoxsI-4PQ5<= zLoHaFf@cx_uGJ^0-fc?X(#A$a(XvIo=TZ!Y)|!rK^jo!jzr*O*U3#h<)q=8l425s1 z#u)x;9a0XF)M7nC1}W4eSkU8j#;J8N$mQo?$q7W?imxP1)VW%9tNr zu-9dVMg}SJGOUnbcq72Q_n!`>L1U?UOHiFf%~t_PY|uZw$}5A~7oI(bhGVpL{%bo% zgm*?b#T+jV;Qtij1Y#w$K?;Ec*s><&W#jxuz3kY5O+Rqki?lTr#QxlX(eZX>zBF_2 zl%8XsmpTF(F(3YeZrd}^Xn>Kr#yYc`DEVV@NHgW9Pp3(B z{KE=ayaSq^bL=M|;I=VFfp#UYmAid-XoOnMN5v*R(0d;;JS5s!wl#tNY>S08S#{|@@Rr8+gkWh~6+EV|xKN=RinVCPx-jZzV63%xraDJELJx|@ z&a{LjH{mM47U6pLuO6VqOwej(xZ2p6;{N;f5_wkzdQzQHLAH(p`DZNpmJ0zt#psMX6uZ36Q>!(dl z*DU2}Nk(ro+4MD9GDe*a`6j#7jn)~kHp%>)O(MspmW}a3$yi#HB;758e%m1In|wd- zb{MH?E0< zOdrB$&@NJ+t$M!u`G7oNYKRGbuIjU(vy&N&s~IxnHSn##1G-&hf_d-aaSVwH)m;vq zIhJu^OG6)iFJNNpu+#_HyF;w4Hgo_MTKwi!B|1M}llZF)E7s^yRzK?#zSf}0UnBd+l z7_<|APOa=|fIQl$rwthzWF~jdGkL#S*y(LmnVn%HaykusewoFO&kpllA*o!=MsBmW zvbj;QA90GW?8s?#J=3H;~x1J*_X@#}1}o4>u|-@{td ztJ>~xH5na@SFI;<-S6pP=QB0Bbrtz1&+B6(4^vDfJd^;qI+G{6SzIhrveSrhzI}u% ztsOxvV@>?}hWV2@D_e8P9Skj#X>Wfb}?G{~PuB(bG#>EDr zRk;c}jPE*d#0cW}@N{7`tF*O+*0b}%70qXD`?43c&38=P%UmBXt>$O%>b#q*NgJI= z{sG1~H4)CG+`Gwh)oH+#qki>YWWs_g`OC#&S%}|&{3&sJ?|2oPEzlKq9197FuXO$MX*Uw$%savg zCxt?i3jg!7cH|#$>p!{>{awL{{lDM;zyIGqs@ng*^Rq^-bhxEeTsbn}eVBdY+dF;Z zEs>XUGBSZEv3Pcu(rta(<+EbY{-iAKf9bNva{sdIuJbtM-12bJ{_+fll??blKjOe& zM$8nH=#G&?##u30Oevg%O`L|dZrdglgo$x+UmV-lw^8mXH`LA!*92w>D#_99Qbc*_ zXq#R3Ev zk+>^_;u$8}=l28eqQ<987ah#ahqb@qi?hsMp2|1NX17h9hc6FK?3;z2^wXNc^U-6Q z+%GZDZywn0e)#GV$y@998*?v=($Luvb^A?%gpNNUll`L>pppKeVa{nH$w)=Bm?u@m z3qO?dmOu_k*QLc%q0~oUpT0F)ZnQ3L2nzxdoJS$&0g=ROEkp+u(&>h>Jis=ZPk|k8 z8&BI;F5lpe3gzh7?@5W}a$J*>Q#3|^lxNbADx%?awMeHH7^i75oG1>(-&)EwtwPyP zLl~%Sc{A&5)P%944>%0TN}&L%Zk@at{Fq_-YF?^JIS6Y0M}8Z+zp!;zrlZ&Sg=KZ3 z>i#WC3l$zZ;<0qeBeUkCOQV)`eh_7?Rwpb@3qHNjX3qZNTL*-^3`)TpF_(JAKzaTL z23iJ&M2j`Lt5#|fpr!%R-vaQ1oVP^#L+|lL#B7?D#jImCzjYO%_qgK>TJxpo>ZYzp(h=`{gF#U8EF|>2a z>X)W7Qu&Wk=3s%r$-oFyWf`6vNm7yLQ;FlWs!~l(j-*c@hxDkImao%VFIIv8(HqHa zk9^`T5rV_C<*8%_50@#s(*k@nXB{t1zbX*OSJebZc;^r`Pw)52#;QT3_2!XhT_L=e z_xbA~B`qz6(brQsFYbt@ds5%gfszzt-p9x9`IlcQ05qKVa>Mf)dd%Mx&AgYO=u_Dd zMHsYdPZ%w&G^r=`E3(-z=S@@y)qe~OP&zFK!8y%5KR9jjbq9Lfw#jCxk|E>h(+}lv z8oWLaztnjg8efzDHhGJxL*hDGdZ@FUwbH8hqI?fLSm2?@T1CGI@!2=%q8lO-FrXV9 z>)(M7w~&3kxX$_63LyKPzY;^xV3RTyS<8=Ol1)iZx~sLbQZHxaSVT61({+tyi9EnF zv~_CmDyz=qFH$!XQlQDp;Q3&(3q+m-%}#bHW`id!qxq{hExT>gnve3>cSg2e zB83!e)t8MT1QJO7uV+@$FcpC?Oc*$;3C{F9-E(^R%rUY%qBb*!9tir)gt)sqyu=Du z*V?A;cim~We0wwt+?zs&XRv`rML5~L^AxLeBc#e!I)jefSBM}G22LTUEpz2lK&7yR zi|8HBOmoi%OZz>(ykVvkD1 zwVl)9sjz>1P<0ntPK&i0zk7PhXR`707eo@ri4fp1;C)|EBbMvuPUsq&n7QWTFmkLE z6U8ncuQ4c}N|*Dr=%0e4?;{3ge#*Ol_Pg%cpKBzsirjVa2HYl6kG}6#CHovJcR6f8 zoI<3-Vcgz^D(*dJVp}s>Zz6r8-W3i*dAkK<*mDNqWt7I1(`^k7Apj1 z>Cohhp7%?a6HE7tMw|U?>551 z7Fe?R$Hr~;1z|nCsX1TBnF7DHZrh+pgwj`9y@tQawEXX*N>@kGQ>5a`!qPHyyZ2-B$4(!%%Ziijv80XMveTab#{!%G30 z5)CjHDbP*}TsZh>hcKF4>sRGxGA|qADz1)3ennKj)@ww_P&*pl@X1HvGV#Yoj@1K4 z5b0_9d5{|W%4n^0F<}DVOAr$~ps}e@n(PA(hmZ1|*t>hZ?9@vJyPJA>xm8(R|LfI3 zPHOGzbu4QGR60;^Ti~1i$yD$4!1hSOdN#<$69c7)%RK{y75z346 z0okp>yhp^x^1ae-e$um!CnjUEucN3HF>^CT1r47Zf%tzq!3|zQqHB1EAS&TWk2ZC{d(uPqBoBygXRG)0o}1q<0QVGCf&QDq`n;& zFrLXp5IC~+1p&EKW@{#e$N~Q&kNe`-U}Ll#ivxTRI3*sBeAcXIdk8HMu#`MmHn;bC zZ!DM-1E`_z)8yQKGf3OhWR}KzrJ2U<*!|bJ+sDjl3H*Rp@4{?vx+z zE2rN`9Q-pG(nn$VuXkiTYT!81C<4@Ptp1;d5isf$@X0m)>gpdBq=*L5M~>Zat;v|z zCg(zJ4sNab-xI0r$4-C+^v~is5Qo-8$C+ zbHdeBtKj}*hCM@0L#*6{ZJpO1TkB57TO6(=(F_#pVOV(;a7Te_J$ZHp8w_4hZ@q2H zfQz0;n_HQo+I(3!Kr`(8Xq;p>&bxr`z;k-7&Exu%v3G|{?ALNu`ed-S6-u8;a_Xby z5Xw{XCC85OK;j=g2d)n^`74Eu4)H_&mzI!+{^L7oZ|YqPV`Q7J^w^*igyuOkx0xU9f_`dR50ZlIJmm z^740ZcM9YDF=^K>sUJEl++VU)>!wk@?&m;{`e&yVycEOv`sw%e(x$g}X@={Ey`g}Y zg85RKK()Vemz;UP<*<=QeV}pZpm9_`-*&84c@kwe(eLOs@5aUxu&cGY$pBX%Xx^%& z)U&YBsJcQk(DoG97}qv{GT{f`8p6`t(r=3H*8v4tU#uPK5zFEn=J|P@T_H`(!zib8 zt7A93p2;l-eE#EwDt4di_WG%A)k}$#(aXIt(~G?334SJwA<6DWpf>*m=aK2d8csK2 zc^;YP!(NK%PPoiCl69e2sMEw}k|c)4ec=R`?y;}cU6+{^f;INB7cTpF=8{rcg&p_X zS9OhECgvG#kg{((S?Gx_gl*a+mN5k$9MKdwkH5csbsCs)r}S54Qm^epa??CyUYVvF z`%3o+1EtmO73nekC3a_S%%!eYH|MP2Xwae+fot?LaQ@%v@vPW=Vn7U}d1 zeA15=H3wCn5kK}Rb2SOubwR#4^@OJ2p&jA~JasYXTz;%Dso_r1mMv8bN|h+rVE$(3 zEG9w7}Qihu*3K8J5TmCfyWQVYM=dLRQh z%f=rGgVR{w;Je)2@lVjur(<3H{9C;Hi zK^FY!yp<#3RL2`udif4VLm9N%WO*axzFQ7Xv%w1kqa^R%PE)da<%o|OleGEQZ%d~{ z=0?Hpn|?&)BkORr)~yuAMzAeR?~xMhk}}T7_dKE|WPA_fo3)SHqDYrlroH{NY?h{^FE@yMJNSmUl<)S6Yn@AVzN=pZf2ahM{F9F~{zPA)ej)-?*)X zm&R$Hy%rCf9K;DnO&<}d$Q-DT+C8?zh3f%3_zy3g-GZ|DH%@bzNq~h4%X<#Jl|DpG zEZd~+mz$}}8E1bGH|)s5hv_dBghj00*H5J?#bY-lZ@eKuxXb+v`>|?&zv7CZ^Y3)b z@X(QE@?b!s_D>H~)ppX&=u`n2Sn@ti6i=9GR3x=xVi?vQ>(Zcd@W0W|cQj zlPyToroLn#F-i=r-+cwKxf@qqRR)EjYTYfbuN8`ax{)J20d53B+=G)0xPv~UcD*V< zcYWY*kKxIT{2JPHAQ+=;B(+*l{qV4CQJk+r7_}UGq;GWTOchN5z>IVmz9pImN?xA- zGH1fJOnh81D_z%0LfT!gr|+EWpZM1uu)uh~1BY{m&IK)Xy^3R>+Y1K>uzcq+18-zR zoI5jF_9$9w*y#Mbp7@tf;%>)mC4ay)5^A@*RjS%AGklBJCHrPhWCR;#62~QEHo-4! z*LssfxwJ;=A9@qZeArc3-c*Xp3ZN6E-kmm_$yHReYB~#{l*Se<@YVSY5R&PEw)2&T zX_P#2hI<+*5spNr|G7+`PTPFC>c!j(k5+iLt$(&x(52MeR61+!YPZw|i1w_uRc`)H zz4oULHDwsPVm!stpAeOBcC}zZ3Cxp0=}-uOT(BpJ0nLp)t)pOz~^ZWgJTOb$+|`@8r`!7md=NB`3nlikC$aEi4# zGAIP%i%-}Lou9${=hg|PSkz!-Pm`T{-y-G8TuGlZN4jST)!7(+Ejy$apZd zl65eu#fxlfXGD{-FCz_={){U5*=xEL$_K7e@D+t~WTVofN@JVuM2PSep+I%zX$$BD z#iz*}hP93oG2pkV#4=^D%Hie}-#>WigaEN$e%d5d#PXiUjT{BG68WM*LKmh0SICwyyks31vqIzysWg}{QBK1nOsnVOvf`BT!?hUn?i1s4;=YKblfN7IQLBtm=Z&bR4J<$mhx`|fzQo&}r7gc-Kd+zf9Vhgp25 z+5_#3OY0qhv4t}!sVj8yrrj7c1hlCXvW<heLbc%jq`|32B)2}) zR*VhnxKI!zi(Qd-J9jFWS>$FCnlu6^Yivbh)5ffgfo5xK5pMbgP%!?QWB_BXb84_| zjh8+ZX`zWv;GSnk|L2EnE5#DAPz+^=SonPEU@X4mOsbR)S~LxIz38t8Y6DUQ{tHs| z=6dxIWQlFIraavsM!6czqrWHhUNxb@j76XQU>D>$D?QX8xH?4cC@ZB*R)V62t6IVL+yx#A&6!hiFDW{vBeNj;F$J_n!X-wHvKDamgj9K zYVRPD4e&fxMS5(Ml7K#})Y=fbr}xRK7J$Q(pn+v*jOtbg4W;F=7mIpejBaC{yrx8{ ztovQs$Kicx)bClfrQR}oRF_GvGvi$X+k3wn7sShJn?O4{CIaejX5+y8I9}zWBe$r{ zvlJjuSu;W|@wlp0eW4dp14n<#WfWQiI)Y1F!|C4WgXCV2v zVZ+oUl^5u+aX&-(e`kt&oyF|wd$}#*)`Biijw7_DeGnDcCetb;{qw^mTPmq&6c1IO zsqJ2v>ttw+Ps; zMt{TO1+e3VZDXC-wz7^&E1!g<$u*GWr*+Y@iXQ$)O;wpm;C1=T^p)0pM5;K8-ehd- z=b1;L)w3wq-mZ$`*#jG3#l`bBjXE|u>#*L^v=?1z%`c6`519GRnZ4ub1A<&is6^X= zI!aWFIe+=}MMJsZZoB(V%Ja=7RujcVuK$|skp~=os(jL9pBk6MkRV%{Z)(A%W(aTh z&#lV*ZVVx*kxqv}p@t4|nNFj$+fz*7W`j40X2Cgdg3HP>vZ*ehu;TR`Mytz(Rogt? zr!03R{Ki^cQc5XMH717&N54ZbF4H@2JjcIG*Li)&^mN*Jw^rhf!kb_#E)^5lKnP#a zhZH>|#J~W;*w6VQbZ*QAxvo!mgVpNx`^=Ell?TO^wlo3SV(cY}RxqWSrDCS&NIKuZyw(;_>WNWMkP2<}J4ejIF~P-V);gbw23 z3hhSG*ZV&(Y*ki3G|J~d-O`PwbZOL9nBZ>^1*8QPrDpi}*{{eVfuPQM8SYF%t4U59kMG{eYBw*72u>K{<* zT#52ON_*i!(vMTHCfL^9#YND;L8|93I-Z{DCyheXZDI(JT@w%R;4AJ^17qG^qk`+` z9u#2@YtM55=fth_cho*N4po%0;xP2A<23*cZ?3ZZvz-c}<{&33iWElgMZ`zjCWH2r zc`b`eIf)Xr-lh4;vnxT#E3a>Ds+QeB4nt9*6>YM-`v1zkRzt6^&2P{ z2#mp^o(q|5G_@b)G}# z>`Mb*dL7!lZfMb|?abNCK@^`|o1Wga*Q!Lf`9Jvzy1+hpNof*EESB#Zil3^}bshL- ze@><)brR}K{aH%8($Rt7%9k2LULcpZjd#DgkG0Nzjd3UNLEM%A1)NJdA0MqQq7Bt} zZ5Tr+evN z;_81RWPw6dEZf*pO~}A?W^LdS#Xt4$_X7ft6NrWb#FQYzt5`|=l;FccTDL<_2~yhV!xo5U{Y0VdA&A4PVOz-Q{ymu9z1O(R+G&ZeQIO<|39WgyHimU-43# zCz~GZXIx!wbOt-?aW&X0n5ZJjA)qg+vGavrvG0I|nx>Z6}&oh!KX>Z<`>W@>~ z;`aAfb@he0ty03d*t{nv?PGM8rhvWSLvwwacQxQEoEY48Pv6Wt_fBi@Hkd-eY;7R3 zxY~L2G7mRa)Efkyl-re?yBGr@GJ059>>|g)FpvB;ZFC72Omtc3-zjEg)wG@BpiupE z8U2Fs_pD>dKT^-R1XW8@kw$3zZ18dAWwO1>`)W23rAaPzFR82$$sCsc*~s8D-o-mH5O;z9068)ZJi`k+?FVxK4LiYYDM zORx1+FZ=jcdJ#4?-3mj;BX;W!d^eChj$2-s=t=)ph6Ei}c=m!ihk3K><;w_tRRZ6Q zT%Gfx-TVA6X7g+v#gVy2yXn*@Gl-|#J;i4~dQ(uXGg?_5!I}=Y^2wo9)xHvZTcQ#r zGd6I1(`RhGX{?!o^pJ}Tm4%av?X*F;IGiQWr4Yw;N?~bDvIe?sc+R_>ZPy!pH$R zBv&!(ecWQXH>_}CnN%?&rr&%zTz8tECrL5%-evi#wb}OP>dAEQS_{ZgCLD!)MfuV3 zP;hG5x7@S9nX(@yaq0MG^lzRrElnD!W2Q>Q_m+di#8cYi|3NwjZXm>@l5Gvfdf3Uw z=_-0OjMHS&t_FMW4nCxel21gN-Yr1tS}hgqZ8y%`e1~W6v6!l5qGSe#E3{?{Yicx& zr@yqc9*T4#N$c%+{pC+|2#?9()?nhiV<;`RPg>OX6Y{$nBN@)-YXlOVOOhreIU;&t zQGYK*&Z2TPKho*~QR6HiQ<@A)I%@U732L(@^rL5Y&rH7ax(lVANoW0%K zjf4W!WPQxKdmc^t>nTvmWy>+ZJU{KE9HpmL`KY2MNIOvuA0Tz#K-Rt-=iP36?EZ|j zSGby2y*q)c+a=R%&X2I;(dbhBy|_Glm|l~}jAN%6dR=O6ix)FK=?u+cIBR~F02@Hz zGIq2WrJZqUYP{ayvR%7h(xkk=>W$l`oo_KpW#lAR@#@F1*vTp!O1DxIgT2+K>(In3 zcY~L@M-w6xH@|f-zyHbWU8CMYOW}S!*t}SkX#dZES+s4Dugf_4NE|k{>AM#)32@mj zg&u2?xdZ;Np|eKXp55h8x4N*nc-=bJ_}q2P^&{nWVisLSJ6&hDaq%_q$~yF9NsXFC z;>h}&_e6@-+v^Z%XTrwqEN|MQ@xd7~IU_k=_h3bIKSK{onDe*)Ii%==iAZ?A?k`Zv z<#-oYBIYDAUwWB##lO+&p7)y)OG}Kc`p+k=X5XaeD}&QyP3sKNwS{0U^TC&n=_O&U z<<@P7M+zS5sa-pizQ>X0AYCTEmOP6ii*@oX1nupBKOqO$Bu8#kWa18Vm8mq|ckIIp zj2Zoq+u?ge70NhVsmdPg`sx=65|%kNCTePpO#KL1NvLWO?UfZuw9h@zbQEzR7+@u` z)(5eDZ!FyHFC-PJWWXdIq}A&j$?r2?w+!?9PyTFph+mMi194tPCT=r$ABQNx89E1H zFdq334V(%=yDCv0GW3&(s7(@7ju7y*AFK%EPg+1Km|Wi<+z{HUXPj5Er=k9eI~$JL zQU-udXN2-^@_^2#n3<08YpvUX=uq%?|1ID@ld3ZH7hmZTP@%)L8Lfa4&!pVM*necRt`!vqoyXBVO-8y(AJhU7;#b2$`5fPbx z#l6&o1NDbU&)B6DPW{79rr#$T@~qih^<9pkNWMY&Yh)9+t~BGZCEn{68=EETxSXJA zu^Fgiv78~xr4^HMXSE^aV=LqH=2>U?Ik%3YOo)f7Cif~%gf(|4e&0dU66#sq&iYYr6OBA%p%Wwrx2djV zHW16D8?;*C-w8ad4iOPYiszeU+JfD@+v4j_&jvV; z9V>P&{*b&z_%bRD%UMC=GfLACW>*}0dVJwqY0&idbIhjyBv^a-$Y2)jn{vB(p zN6#L5pkgxU8~&+ftkXba^Jvgm^`OX4nWMW?P&e>q!&=U@O#I zh6Ov|1BfxsL$s>(b;oG{q>=8c&fsg%^)OM5PfuqHd~wj#Qlnhd^UomUI?%*ZGmM0v zpP#?H8+v0<5V%1gR{#1+nmyfodLOter0d{WFB{*mk@LE(ui2;Bt9Y{?dnw@lOidhC z3BTs&<}J894}DycAD_bPb75Wg_kI2E1cw3WidmE9N}ek{9vh>8$2A0dirFHT{-YBJyUxOPQh* z$f`T;YaswIv#>%F&wok%aGdWSlA7Z6`_!I#99M9F^D0wj4>-n@QdSn}AkZJo^*uSA zF=OvNfwr_l`!S3aY;lG#T8PY?QeOR{nd0eqL8&pEW}azOc8UN2Nf1BO^FCc0#6}dW zQ=8C_?t*m$=v9iRP6;;$!>F{H?&TgJeBHpoPVk;C;Z-3j+05JPb#oCzH3vbj3@+5{ z*d9)IM{~V(^oF;D-%a$HyC45{gw|!6!dr$*~4O!KIi4+pbgQ~G0lHl%4t@vS!z9- z$myy1bvA-`^I_6o#@Qq(IX)+3i5FmIL*nsAzxA=q8t{nb47hr9bvnp0NU@4(ZIWS> z(?#uyOXZWm)_1EM=X%5)LAozw#2xH-$>+W3H_6&55|&izv1omLR2ZGJRM~@Y7=)+B zwEArnqDI#NZbku4n`eH^V>sQ=ua25O#7##V@^=Ng+=`9zcGd!#+ebj*=Uq`MNmKMxB$Y6fdA&Q#*L0f?-l9r(}(7ZkKngV$!BOUYd+$@E)T=0u6@C4+ape0n+sH*fghk^MySD#iQ~{w^QB)@Qmdz&S1I z34{%U7?GK@NRu2oj(B}YY9W5FV>!dOkc0{*je0y_UtqX=52JUbo}AegFals@WAfWuP+l+EjxtnWfuIOUjq>p@9G0WJ1II2W&I-WMIw z83+{b-!cHKwk2Vd%c>$ZL`q3XYXzRH;r`-y? zI>3t)tX6m^Om=vdX5iG}+|QP;kz&HA9lZPVReW3H;sW)Ro`J8W^D}F$SEjF}#bdWb zjd{>t#Zh;3Xw0*`b5(_|pR0Mgm@+tgXf}2e3xo@iQX^rrSty5M>a{818UiH;1~d^- zP3)_eIGUW&9i4fh)m5yvpz%IE4N{`iHqZ^lCC#wzBw_y;Ra83Cj`neLCYCRohYgYB> ztL3!ap|V?xSZ_Mpwr4o~7A&+*dqv8r@3{v^Wybiu*=cCfNKQS(y!m|kHu~~*=k56y z{BBNvJ< zL}xQ8=k?DQ&;8|MQek5|>h*wp2TIlE-k@G5gaMAx5UC`i8yvO+XvUqEq)%7*4EcHf8eowhgvr}-xSBx_5A;v1#no)g|zc#Z}9TYFS`}2-ORqRgQcu2OHQZF zGo1^4Ajg}D3;Q24VcgQ5uN1hkz-h~Qu8)4DThpYe08dGmF1+u>n% zNZ{GtbFZ*?%LytGo=Ma5{)RtLt!3Lokw{OK#^B+uI<=0yLhoaA#42EH-}Rkbn5(7E zq|-2H{Q#E4-eA$ysA_*SPI6znr@cJ(CJt#q0}@p0Sn%0UJ?-BK{gvb=rR4a07|s7d z41*Yf1daT@1lMhI-F+lUf!E@Q?n5Ob{pA=7l0~{^ERBX8A-0(c^Y7TDMnkb>fRE6 zxaH^yg6J;?1AbL^oIrm&{bn`+GFbN&s0djYnc&ccwT_s}ExMXHb>=M#!q9a;7c56P zGHTggmV%>|dVf>oW7x49@p4WrhVN{XwW2sb3u!L=_;L0F(sopK4A8rA+p#MEJHSX$ zeZ;v&k>e)uduxBsEZ>jdk{Ek?ddy<8zD0971S}4}Rd^5xV~e84=;`To^4`tu)U34* z5yH@sO@;+r7c#%Whr~KMtrqh$zq>>~4?c=81`vBcJ3hRf_`+wZ&cD34o0)st*D%z; zfeYOW+!dj)yyNlnrM}~1$eq0z7^CNln?$Z##MD~H=%GPbN}mC=43`IQ_07%QUJuqd z>{m{E>yl~K#=^7GG)~*^*1R{z`ObW%I`=c0N7g)%ce|@!U`&3u=+j6pC3n5dg>!7) zH#anXm(=vJ7aM2&epAJBmJo?iOj}6$GVg~NL}&e5vGs8OY%H}lX}9lg1GF;AewdR; zd%&byz~Z$7!r8^68NxrZ-dlr1-m5FO13z3H1m0^hc`C957Nb-9%vvN*SSNJcuWk|t zuvwNe1buyCY<^Mv2tWbXA511oxY>&%*c6+SU*-c?{#&*%JILrl&;-E ztoiP6;(YCSf*l4zC)@u(-y^Dx<)ds;kAb_wYwdb26lwKd8T>*SZTYDPX{HdqC7sunz7(Ll7StY?!egABN%10=(k)XNO z`HQeoL58ob98@UTIMHxUn70G*lKTRwjG+7iWiBHnE_e(-X_puzPrFEQ!9` zF=_3hFK74~uikX(_VeZ7dv-S`rY}tW$I&3?DYXNpK)S2i@YAq7T3NK89Dc{xjhz$5 zG_n&H73@a>_)xI{?>l^dqWykfwfG$xKX8^XaMJHBXO6CUNw==ip&GM6P0}|=ExQBa zmu5~tCSp=&YO^LNWr+kt9Y^D|Je3O4{6O}Bmn)n*V2ihN5&4}dn z3b!vl0;85xwtp)HM#T0JomEK-6$4Sk!Di=T&F;}A!7w6V+jw}G)oR;w^W{#;a*LlP zqc_;G&Mq$ zAVi2CGs^9!1aM-d>Je^r^90An+{@r1^L?r^QG)on@>1~-lne_e&M*wr4SDh{=q1F% zH>G$4L{5V(W>HI&C84$cSc(~sS(xWD<0Z*|;Vaj)HR6mvXlh0LSrtw(&wOG6Aw@}T zvR$tjrmml~@3>%IZgh=B!ZFD?m15&-5#B;>wAynL>$;JXOXwA8-;0zu3rlCfEi2Pc zEx3bQhQdemfsX_UJilrvBV#F`BXD`WTRA6F?lygKa&5k%6GSJ-C&3TL2Q?@5Cj0gU`Gv5?y2X7OdV$&7^*?(Fy~EhI zOc0{*&dbNWT!1B8h*YeDpvSWe50^L;`gxun!vBn;RT-Kkh@xZIFlf8V8B)d<2Oey7 zZ!qTgKN`$aKit9Mb~2IK2Obw=Ll3>W!QIoE!Xg)dr?j@eOW2Iyu6CX zgT#a)wP*$!k=kcs_SOX=d`4-E`23Qg>SP{Cuk2R*tfZuBg)Z{u=l_=DS6;W*Nc?ha zA8I8I47bGV!%D;Okh`rf^Wwn_>Q<&eA9B)D%k4P7HW0$z6D~9ZX_3B!nVJjLYLJep zGf4PXhOE%aFEIFP@Ozxu9xlR<&f)F|!JKSUnEYXBEF&NJGhYrC5i(0r=RGGCSLKA$ z$z^D0(OUckeK_^MpHy5Z{uRExktnG>n5j3ps`O6DJZ}_i9odjiDJ~BaS=}Ij-0I$8 zHy>GeQ0|-qLBVZH09YOMgBp+a(l)pp%Dge%lgtuvcSeljD$+)pUcv=8QZNZ=_e zv(q)dLa$MF!M7HBw16!kP*<$HSmOgqNYfW#nze*nkz@ts%~wlwJiKVTAOKdXgdLECg>$*G>$G3_&fCL>f=={Qm2{qlHufjncpEK&Y@ntJA8|X2rw!$VR^& z>)YYN0(RjzX;|t}xt{JsLcijferI7`2j=Q>81~30KIvxbA$!OZAo%~`>n+3LP?oLX zjRbdh9o(G+cXtmK+&#EE0|Xh|-7Po-cb5<(xO;FJoOky9uIzK~^PRsu!%TNqcXd~- zTC0l941>@Qerrb0@Vz85qrvy50rt>Brbf zY^taB>^TIzKWlk0I-x3!qjV7FRUF967nfyN0ue!B3GFYh0`mdxs2GZOsH%foZROuF80r{P*MvF%*VhvmKcZSfpwUA6-8vtK ze{Q&Bwa3@}k-0-vV&rDTi&#?;dXDx(E7^^>v$J@<|3yMV)SbC8Zp7jWT+vsYx<=e#S=ojh zVo_%oEqSamlqvJd8Yhh~6LIwh%_VJQuLnn(MIM5aPC1Rze&kcN^8HSvj%iNou%$Vv z!>K``Uu}E|UuvsLY&^rn%$M=ko_6BYV!UpH{*ic7^%8Gsw>?;`o0ep zLaEk^EhEm?iy-(0#gv47rb%671Ef-s*D zwaR9r#+W29HRdOIGaK$!CpEgT$!aTfQ{;g9#DcdTJ}ze(-0* zsjZkTop8E009>qd=XqMQKy)#d*D`Ekx_HBv!ZBca2D8C+m5e>Qc16GWP0dnnk`b_; zlcaP(0xmvTt%z;{e1Xyjcy)VxE{d1m?#n@#3ZZ(PsR12=`U^NvZmKs02itHI3R95)-Y{d=M$AU(>8I~Y*s;0>3BL~ zqn7UCcnVW8SY>RxFgG63n2fOh_a9!X16mC=b1aFmu?h;&mIA{ZP6F%`x?F$53}x&h zZF)XNMs%|sQbvF>G&ZikQ_q{q7cHuAu0sD7l17n8rR zfzuTG#+C;XbzD9;94_G;v{*V~riv$qNB97|wri>d1;Jbk4kP_y!a++3hYv5~D6Y|m zGU6r@zy8qD=adT;o{VmPXQV++u_ImZk`~~y=NffV3yPbh8RM!Yxrd$1cWOUVzRhCK zXx$RmYkF{%YI;4K($S16RH!JLoo;iKa><>in!k_*w*5Ynwgz+skoi2w5%Rf|YW8D9 z3ya-;v

dfZSiAgk9~6eB9;eXMnSB`nlW#BC%&P2^(Gni5(bE`01Jm=3CNWtCl*_ zw!H%~abxTA9eOi23Dn6G|505~AP;>HE|L({a$N9)uR5}}rkVWNl1|qXNY)nSEjfi$ zdt7XnYv!IjMl(e%cwsgOms72$cmDTUt>9$aO4<5$mkED%#Lk3ZH{rI&)a6ct9;s-PW)DT{#qikBfUe{loT)Y%U?ov?(Q0<+4$O<+CU~Fv<_`zF8c{CiFu< z#qIz_fR|#kOxn^>>{f5X=FhL$LgIxXF-Z#h(~79b{ZGo0h5g~hV>8DoFjzKdf{@2) zUa_ACtztTJ3>$NJpK}J)s3MQ1XPsRnk=5W)z3T)^D`Q}e7KM%V;Dj@QGB-Z!56OVr zU&bDM9jtLTIsk9$^P|lu(13r8j^3Ak)-j{G>ldK_!sO41tINL(-Rn#BJ#Hfo#?RT2Ja%l z+upqID>~gsfuHP7{Mw&Yz)VAtFy>(ubp_WJ1H*Unl#X3MeWxx7%ovnM z-<^xVq-;5?-kauZ-|XnKh0>pT~Q9&lZNZGrM}FzetN7R)Q{h1u2QRiUX*Gy1DPGn5byAhds;ueQOG;Ku#vt)#zyB@AYC#)gqb`xDAbk6h7>*!%=$GL};3Vz(Gw{Jvd8L)L8#NR-u9 zU6y@kenXcKRy-1x&Dk`rK7uJVjg@(%OHiaB%C2#jKf?}I<)^)WpC0DIb>U^)b?#%+ zVM~O6d(n72;5qE;In4ibAy}SNo?2WXg2?T|O!$7>I=>KzVL-8RMi8rqz@T`N0!Mwr zhq=+Nxo^|>$%06HvY~MT$^8o_v3y}y<^HkX3WQkQCowlGwOP@j%Q;W+! zFFbA3@};8b%91K8B@cqrUrc@PBbod^%WH#Op{sZ}?v&3;P#g*6aKl9Wgf_lDIJbY! zd}88#dBugc9O7Gwy~iZw@Yv-=;IyeBs$5K)37YZ z$O-y2FH*-2cyz<|@TD?2PJKnSl^BQV?M%iA+9H|gyE4AOv-2T^jO%B=CmN?ZXi;Q zj**X%L!l1Vh=iF$(H{Aw4_@LHhY-k%LJkno@UyLxNlKl5UY?k@TBmAXt$@dVkX~v~ zl)vn9Cp|mrvJNUVLiEKf;m2fFfdgq$8V<_Z$S2O~GxlLv+<22jHHynQT)lw;xsiGzdBPFBDI zE8qL`ppbe3GtcDWI~BFaD>6>IMJkN%H{k^iw}097zK%yE{Hh#B3OhVY5etnRD@HUE zTBfBPD#s9y3;ab5bjVNoXDaCLExx5FmVaZsPFH_#koZlywH3Wvv6eKTyJ=rbp)SCG z5Q=MIBH%T1Z?*DDqFY>ewOJ~AJDcPyZ{Mjh6o<(`1%M+uMq#gk$r03k!Y-J0)=9~a#*HXbtahgzk zmRHVDcXn?5vks4a(u6Wbl1_8wQhz-c^WIx&q>pp8HIQREMPfM%uemBR{zC`LtTaQCd7m*n^ z0dhe))A@h;)HS~wvn0k1UEpl*|K(keOM7@*`r~cYb2PR+rnsa+J0gx`vjiz($*QLo zK0`(dZ8hF}oQ}MQSd}|a3X6j#LvoY+3FVPiBXQ7TRYd6DE@3k@-qQdQ=4|BbG=xQPg`MAqaDgE9`!aEF@OkTgQxrNdAk zmy+;BmN7*}!1D|w7TRErC7Yj|{9NC#MK(4{Lgnv6ryvod0HPA;iEqeR&U^Q}paw;@ z9IewSHE=$U-{(9#&n#2l4wR{2BBqIz4}9a>3{Gh0T_86FJu{9@_dM8Uuv@hF^w=G0 zdtW_{EFeYYY%i}n@a+ooxlJ#hd^VGbR|lulOOT~ zs@=ICs@&JDxnL$tPAPaAT1IBm*+dT&Wh^beO|_U1PCCE*5fh$J%n8DsFxM^)&|dt@k)42%L7$P`!Jul(k>8e<9~@ z5=@ooWmCJRZK%T_z+0W##_JqL z#12Fpi$KY@?w}V?(BL zVFab4?5mFW=og67kIy6>=J}|y3@C9(-Os9xvmJ(8k*Vz?bT+|!MU+^D7OKoE>dDv48VZrjGxwbWSA-_L~6mk;#OZ-jJSp7%mq=Vd^aY_F#_7%AQUGZcF(?2G9~ ziISWQ1hn%G2=P2gCYoq>>8sShi9rZzLB3Zp()N^v$;jjWB&dZR_iOyxbC5Q#>+W&MMZh!H{J{|QXCjxK>MfZ zBI5P4aQ>L`!wbI%x-*g*iBFIe8{*A=tGdqxZppUam1bE??k%g13DRG@f@zrDgeAq= ztiWVVJl2?vKEl0ll%1?RJgAgG6}Fs4>XQjVPNSAz1hQ3F=J4q|E z;{Zj=@sp=yXN`KyWQU^k#II#@b8rM=GyxefAou&WIJ)Q<5d}V&SOR>Fd6k!dwdjgpdhsx8nIg?{QJ|+ z7re+b%f(ji=+RjnVf|V77UB@Ri_wYa+ zhoyyu3W`{ScxdnJ0>4?;`?G{f&T8G|4~Z%UyI4u04XCP&Loo2j^Ze{1U#)fXmcTf`7G$TlR z*<4d1wn(ixO`*}o=iGlB2v-#)OT$SRuzxKw{+?vq?z{n%4e%!8ktk9I*i8NaF|*4; zCtY4zx)yhS8%qQK-u0G&w%FV-1a$*dsV71hF~d&%Z+ zthFRCS#rNLT1_(MTk$?@QJO<*2zLK+<1>9$OohrWTvo|qHDi>HNqqR#RX3h5gZ7xE z#$!3HV}>5PazQJDL|0f?xF}+BpyQU(;@|rSFu&X39MO@g>uVVrKY=GK3KYjWb4%K4BTBQj{I+o$2j0;Y4EP2=4Z2&GH}hyCXB} zG~2AGsO*1V*f6BCCQ0I^aa=&CTK(?wZQS^d+WxfCG4?0V039*$N!V+=MXRXI!v4q6 zCQ`79I5oWPv7GWCq8(Bd>cjRNI)dR&y)6Y83Dj~x} z*)=(X$1nK>rNh1OTC~FUpOR*EGLHT)bjk%A{7#s-*F?lso_VSLSYD$J$|5ReCFz-- z`jDmU43iy&sC+1Ooww#imzzUQ+SXjQe{$>{ymYZ_rA%frf2!l&gT6j`uN!|MsKACs zL5G3oUVYSn-D$_z|%6`f? zI_czrHkN=r(ir?|iUy)6(@yOO>0rlYQQRgs5iSq@oUv{Q$enpIpu&ZE6nLI z<}V`mYaX9}ojaxG`DY&aZ%1Q=1?_|9N!#2~`}bP>H}3ymzw=*Z0FbKzTW$m@S6J)+ z_cM_9Wky&KEoi!Uanb$%Sot3?j57&>HPtbH@2|4|mDm2qXYw)mlQ3o_=OBVNKWhKC zZ~W)r;$WbZ0Hp9EDjuh2k=W5|kast6B8QUs3DM1zJd`oY<~z# z|KF{toYWSR7(lOD8yGX=tfLv(nlq2LlwtR;h`_(B+z}@H?DiTpU5%z-z_#bv@tGhx2xow&IbZRw12nYL{NdS+=+Yfk#EKS_Qz*G zKn!yNP0*$HZ`L44x|bYc<;UFu5u1NA?^%Se!I1s;<1cBa#s7N%|Jw%nn3pn;&HUzd zr1J0QYDn?r)bx2NpmD-=k5Sh^W}^=LpBuJ!2{qWmGx&}RRHrj>?D6c=oW@%74>MYQ zf-Yl8{94LaUEA{?f9BV~aQ?JXJawGl5vft#LV<{ih#5n3q*(E`)RJr8y11x~$(@3F zhKoh?)?5?A+V+p{A`0e04E~iSYs;7C?C~=j?{)A8viXm-Kd#L&$nWXQFP?#L`q)7h7X>4(p?hN&Qur(4WCO;lh#VL>7Md5`a_sakrDAv84@^KS_Kx| zVNNlz>~V?5P3qys80e+9_Ekm?J!GZM?k!!Kh{2nq?DPBlh~zs9Wlle033!wXsfzZU z^-BJ%{LnrjCQ_F3&B6FG-K)qy42L41AdNy?`7{t5+TP$hl7~KaV3}eum3hAo zFb<=dnGQrxfBkv>wV;k*u;|^(bI0ISe;egb?vL?*7=h$N@UJ-89rQ6?->k}(59G`U zE_R+RF+2z&%&$i4VWTd}rg0$`HjVm;vVgB^l%Z$JiXQrzus5IYxIfP0G4@gRxpKeN zb_6vw@hVupD;}q1umFK$C*0RE5b1=}xo8l!N6vZbp`t+C*}7$`*^@fSFs}@b1QfTwcQsW&`ZkaBgjvWI`=H*1WV1=u&@DINzwbK7{Egt}IpVmtZlD z@eQviZwSI^gpHJoI@`Oi*Z94cV-yX>7sN~;$^r(_NoTK|)ZbOTaU=mU%(LyjvhB4?3U7EP&lR2#A#72F_ zaRnNJ9@4LK|9TKEWwx3gn{9ol^s-g}Ri4J}RCZB;N-)9>PSzm9j(geK8hP;*i6I;J zDx+$OoCj{Mtp)H`VHTdck+a~D%)EBC%dtxD+zSqwPjSzaW*t64D~~y6hb`x{%C0_O zVnCX)PsKdc=Iktc7b2cwX3 z8uS-o0|5NGg++yXU@cF1Z>@0toO?9v(DOwZa!+$u{yrr1cn}1wmSv>Xy>oYOa3ZHY zNGZuJyO){XKJA1g(woE)({dAOTK(VYuy9Ekss9rqJ*8r&AQzHc= zroQbs9JtZn=|S)u^@wdUgq1_sQucX@_K%lE@4fbN3dH%N57}#i3@oFV&g8Pvfr1%J z@0)w;an`&sVKM+YNw0M7rZxaW`;rTON&6Jd%>i5L;~_JsJl*T@dGn1~ismAQTgP)W z3q2L&GBt$HnhMmINrdx@Z?EoSWOiL`sd0U%kSXr0R`g$j4~X|1Rdo6nyumqw(s>2q zy3ZB`YU&ho1azKO#Qpf5yPVjV5+y!F0?L0fD!*{$MLmOL1t~8Zt8yp}M?`?glS_5Z z>o2{6%2KZ4{>jN}`i>8aQ|kJgw7gykunY{KAXQfi%^}v)CDydo_nT<@jqmqu5;G(Y z9_`ydPR$3?$L69ttGzPG038 z2KUD$sg+_7%O-58x+G?ZS}%{uqvSMx{6pGMcBrDMN#DOhP^uC6PFIIQ${NtmD@qxC zEh8nxACG^^Q~;YfQ1ezW&mVbB3q&MCX6qY}kK$B_v0#fE3!r1qD)CV?~;DUCrH0lXh9B0996Jl zJZ2^KeMuOgze0u<*BF)I6^#eJ*$HexiG#*9sXp)#KY1Szhh2vAKIC2s3K(T5#zjAJ zdDoewqFOfar|kn>bxRnKisLAXCwFKDG=B&AzTwax>SU1Z=H*kE%|YHb^mpGpN&wcj z<^5soiaS_Oj17m?42?9b_3`$TzI5>cyGOAOu(P~vy_)5?)Y97Jaz@W%R`PY1W6s5FU*b{uE-T?~jP*=R(cugC*~`)R61RldC|Q}d0Vb(TveJan7EQ$Q(D z%{U8nso#C_M%-Ch7V8WTc#~6P8bosqeS&JWg4I6<{@gww>YgI1={sFG& z)#o$WV#;o5%~XN&o)tEFx04;m6YgeYWWxrWM`x~yaXMM*7GH(^OKeeP1=hXea z%dM14FWrz}99*x5XB0C~U6~gK`*aNjorZRk7wr#z@L_!pDQnhYcCW`qqi34n-BI3x zjTKv`0USDE<%U4En5p~KTVGa!h}hf${}#}`ZuSeA)0$b^H{k1!1w)y}o*%PLQ}tg` znVgx~_kOnKH5jjo{%}87pO2_NSXGheC$*lzLqzJ^BQ;w*KFR#UC%=4Wyx5Ki7Kb06 zOf#-c8jkSIH&RTtrN=wXXT{upT^7haDw#Ls8#c0f4FQ`q)=sVlUs)WYB929~GYgAa zH$!wh&ad#`cqjkJ{6PnFXGB@)(mx5yVuGkyYKA>F+{6d^1$Wyk!UsF0Op~7E2>PqN zdK6A_SnrhB^QCvLD1~khI4|@Wsb5UIJIRb6HtZbKcT=9bz-Gzo@N|vFHw5>Q&KP6C zyX}q7WY38j>+s%rcRlfhyTjr2zW^6K-~y6QUaJ0OB&;=>BSgljZ(v!09*x92?;frR zvkmmg3nfP@QvubSgI?Wju)I)r+HvsUb4M^;w~R|&H8WERgv%$b%@SxFfkw*0b;zpj z@MYuyeb_%_Y49&jPSgjxIPy(SLbL68uZj;iGJ*dRcR9;r9=+htF|hOlI|w9t{4}U& z`2?73El%U68t%UoNYc>BN_<4X=ya?VpRntG6M7tnR%4(U1b=7DQWf5CEx3CqLR+7o1o4HPmEe1g? zgFth6Q^7!+YM=eQ=xBLJU4oX#pO1kD@xF^`NnH`8aD?fpC7sEIW~QQ8VWxA7^v`bK z@q$hRMN>HxLY2(NfxKLTSIdKbhw5f+IYePd(BXGkH$cA*60WLPdS zW%{jht{_@vHI6&Vsj8Y0m9K|mN<_pbL}c`l;tInQHecD6+mn>Pu=*=&^FW!571mt2 z8V2gD`n=2|VbjLp1+;!jQxGjHO`wYGP{4pl#NF>MyQ<`rw9vi1Vgkc3_gbff$!akW zhcm(o#hk{WAwn0Uke_UGdoz3`;bJqnVhlV~-iALH4Z$9hTyjDJ#n>njZ491a5V%iW z?-#{tYxQ3?xTWKR!o!kIpnz9+pK%GlR{JNcvxNg2822rX7Z=KlKh;nOH6&4T_T}*C zAP#I=C7HZvt+S@Lm<8(?qJ={rN&^egds$#?bVBEAhp6^%^Do*h{V8W1W{0c{GUOH= ziLk0>u*Cxg@rrjxA}c@Oq51Q6Q_R{QNE0XsMQwkz)l&J){b@lCX#K^o_ zzG`<&x7JT%)2YCx%26cdi#PDeDWoWTCSr0?0buUZtojiNuTKbzjId-lkbijRs9rkoi?_$NZ=}3@gyU5DM;)y~ zOr&fj;+E~VBdkoNJpX&>g}`6WcX$c{+Uzi!$ryS0Em_S*jUM4vkXH6__v829LR;64 zZlRF!7!&NC?@1F%pOD;b*+&!qP@2);?snDG8{G#_GB66m7OHDnZ>9g~10|cUT};~T z3gE*(Z&{fOgF<=abfyvnB3JV1HN6M=^|NmM%qyT;1{&3yXI9%^yZ5L?>do%gG{3KX{DuQKldPPYB;K^Oglf zvW50WEHs1M*c+X<2VYtxbAH=5*sOr?%+Ykuw>F^epJDaZSFzr_c79Y_sqlEG6=QYE zy4qF1kb4Q$^SbX^-Pu_B>~3%)wusTMfnAH~1RK|}Bm0ssRFCs~X0fpfg?#7%L8f!p zF0xH8j(6}_F+f#gh2m@;)9f`)$7&Zp#gSc|!@UW%t0pcKi|ESM(JursxoMvi56p|p z1y6~IXvj~pYUIYQZ|_mP#O>33Y!W>Zm@rZCq^Q<;o=N188^;>vv24oe6Od`MOQtQ9 zWI?YdXK5wH-$jXb^1J)cof&h7QOIa+66mnI@_8LL7{e34VL?-k`uWs)kPVR2+;|eI zEI?3hi>YyNNo}_jC$B@wL|vOarrabe4UJTEG}_Km3&*38^V_~_-%dV)Z4_NDHr_^JZW(`Z46h(h>5{pw2d-39(eb=)h_Af4cwD5{KK`Rup*SozJJeq zT*P*;yz%9v)8a<@@nOId!ndQWQCg^+wnj)<`uRqH9hm5{TL#gBipyv8#>qeP6S_rfs}#%a@@ zJB6M&Za?Zw%pczXNZLAYcSQEqTaA-G)1xh4M8suQ%BEff9%5BMsfpc993lQnzH+q} zcQVl%7@!U_SEPzkHhs$DGfr$Z_Eqj`72T8`nr>?>o#5GQ6KjBr*LLW18}WdYid^5? zHCA(99uD#{Gpez6A7N!cIPO}94{f?O{l(4I#iGLcEsCjr52<41RDt(SEnHo`mQ(u7 zX$3iErn_N>3E#`BYg3g@b;gY^Ua6nli)>q?zJDB@h$u%SIXpNfm1fM8WSLD3 zL@=Hr=p#geC zb?}2&p?qHfhkS+h8d~iF2PLPa1-E6Me0+=H$s1F6 z4^TrpI3J$7QwH|Igb?@mcNCi>{uL1_e0>?(fNPeB4jXWl)$w!lk1N66dz!HUj47+^ z4uvVooP zTLpYJp#~P*^zhiWfx6Iv=wRebW(yOV%^o?a{pPj&>TTK=ybT(-o?fk+0L5>Pbam_Y7r-GSBPKm~#ZZko zXoK_JtjulbD34VTk|d))jf0^%7#aDGw4pg0&(|Z@(-zqNk-@Tt?Y>6H)|LcOsjn3v zNajjT^(F%{_}`d6sv7Pr5j+#2%bS^WHOasMV>s|+6J35{!MvlDZZ}$0>AaZ;-*NoJ zN|`5D(Qq&wL0|td>!GMB5nfp~Sgb2|L+Rz^heGSt>ERnCB`#K3eE%)Yn7K`rvv;p) zJJL>wmI+WE5y~|xY!#gR1@wFX0^?RlHGf-&RufK^Wq2@Ad6G_4p@ysERb4yx^ZE_SO3ga=PrY{)kjX2YhSKe!$;Ewx2f6^)T%W<1 zSOXRlVz=$5?AEF+nTlX#`Q%8B#{zK{0+j=e{5?d8tk7UkIP%QRo|1S3_U*-bK-tUI zeO5t==qNEF+=B{B_mO=2aYw7!bu=RH__Q6nO9-#khT!9`ymti7{t{=hgpZ=>Xw~hm#ph5)JTU>z?n*9*#!g?Fu7ww~V{gFWYw#15~qUa6l_E`86ODm}{B6uY}X)NGNW=rMH2!Wj;MlRNOi!GzE0MNmp5g7b@V%;7`UFrX`Qx}lcO8i`{oKPc2j0RWzs3pEjaj$CBRWlU@!KY zNg^+3j$@HXg3KJZ%UOJ2mdz!8o50LlJs$zZ-FLU?nf>sJ0&mx}aGry4*5klMV97XEFt4(5NHn}fbVMc#M_jS) z=EHw!0m#$9Kgl2{mY6x)=5TKZOgps6nflUeI$hrMd1}W9m``{1WPk<1XK`slrGwvV z`gfph#E!`85`#F_(FcvrH@@|D5}FuLi_w15eEkk5X{n_20YQjPcGQRy)69||;j({V zA(~)6TyES|Fc6$7Fi+sOQ}8aq*Y8Pp*&H4&cQI(~p5viVKAGj&@wXsloO(Q^d;R`C#c$1^^AZx4`7woNC3D*`Pk-! zjHA+CiN?tFV$y9-eUm%nK|417DS5|aWPCQutLIT;yHa9{8i#A& zW6V|8K8ah1pT3}wT*}8vmamv`R%1l(i0*CHsfB-G7jdi&I?YGle z1CilhdrHsj%W)|1$0mX-v4vt)T~dh>-s#2mt1T+pDb#B)*dvR@9zZuLoQPs<9C3~* z?J=Z6#IHqEVT@wjECW}o#Ed0)DnACE21Lp^3U` z4eCjvL0bJm2+BX?vJ;(|f{D(1RQZcb(36k3EGvLY7Xf;m%q!z1rEK-U*L+h`nOk&5RKXM!~7w7RS$Qa{L#jO|c)XmB0TCO+{ zZB199IhlPg+0lWLQa?|4?6d+Jt(0`CVk*$jMI0#J;O@_;m;7%8Dvb#kvuG-fZ_jYc zPBIfPsEbBa2HqiT`#c7xW+VT`y_2fiwCHi7l26NB{_W}t9IFox))|}@Ezd}nz8Q7r zQ!?HaH8n}7#?fQk?|1e?hbT+LpOhRO2EH4oYpAD z#3fM>36QyF|Cz_*1U343BjpC*zcs#IM z%bALkb?Z%Gh6-T}iKKoHz3Vb-njFCNlu*3rm}o^A?)PE<+vtg;-ulM0?dLaM#KlKJotxr11V94wOMP(Hz9C`36g?(CI0T*%rSy+amZf`o7fzQDvm9R%Cd6 zqBfmC)~jt4!=rX0+l<0!*3k~2dXB!v`1oZYY$4ejIw`3ViJn@W#0O^8@pgM2-WX#fnU27S zkPg$Pn3FAO`&{{%=o`8e{JdQZw|p^AD#?Nijq)^Mz}?N}OJAd@zLr*w-;V9VRl^N7G;45T7;Sj zmldz~4*Gjr!6Y`0w#lU*wd6^MzNdU_w5$Ra{|I_Ue^tIeTV+srd#&T7u#57MpLxQH z;eFr@{~^I%rj&uSfF!=QcKEuR(Idh0oiq$V5y-K<+3qV4Mb$!+?9ifGF2ar((hxb) zIPH7i8xOxhwJb5hNCmVgDcovQ*-*`8J-6?;6X%gsK8IRvv!EM|Oa$>b|D}lnBepd^ zc9N1e*7JTBA~_;mF=m9bk^vixDxV*GxlAc04s&mn=Z~~4Xbj!)#`(T>qdAHulq&1^ zdTKmVuwf|jdQqLgiu*Zar31>9zrYch^CyIKQ{c$a(&!I-)Q2b;0M-KT-p{Y-zj?vp z5^NXnmZ)!8-51>v^Fl;$UOv3hV)m|5;Tw9?M1I}lP#o*xDpnycGImy<2vE~ZMo&64 z4-?hyGoyh61D!KG@2RRS+ayE2w2AnSn>SUsbg!Q$!@u9_gnjIrL9+O=(rkwgf$pT; z{s4`XQ0NT1h>SjIhqloI=b_=^w)GV?BLLu&qNjUEI@mUA;lwiGa*P0(+-F!E;UqU9 zIoi2}9vB;|O2(ymnqfw1bwM_xn=W7#*PlTq)@U`QYDUS}l17zGEE>UG^e%io3Zt&4 z#z=!O@_MWictWW~B<2U!Oq4{=MBnfw1%K+G68OahFVBsjNK5qct8D60?t0@kA4c9 zix^y@1tVy(vpr{3yg=HuU*Jzhpdi{^l2RfI%DV-X-s{dyJX6D%ZN0=8K5A^7X2Uc% zJR)NJe#*`q?ukrGy_1bSyUp`Lasl59Z%mKXTorkj3&HPjgx;A-(9_Y-(NOE0{qz z&&N9+^X`Y0>zI|yc|B*>U31c#VCM5lYsa_mc9v`A;~bOH(sAA4^WV2k@okSYG_IUIrVqy1%qkmk|9Fb{sC~)6qs1ISsFuMN z(;mB(*MV|pz-*_Ed{#bdw3{rqAmQiB-5$i@h#v$-{SN42ViC zq_bF_`ASkT?a%c51j#~Io9DMzb=;*8zoHaOuRQ~=C{d}t*^k5lUq7o_3Lo=e1KFP_ z9csr?uA|@-|6rgmP0~#pz>y$!%Cc(`Iaenh9AP|~FEK77TVQB#9gFqo|+vvYY zL!5CGe@`WYG9z}(aCw>}5T=oX-;<|ya#Y=*rD3-4=({G#U%02wHqom{`j|6-+cLkb zCbi!~G2ViBt}*7YOKDpXfn!)iP7QXD9eW9vbU6(E&to;MuNX)$Aby8*FJhC=x9oDt%F>3Y3&GN5lTnIqNMC~v-Pthp9o(wpDKd^BJbTV~3P zCcH9xUT80r@`hnG7drSSg~Lq}xBOW$hC=wMUm_O=k1Sc9o|KyUdu1AD2_A-F-dFa+ zdz|sZZ@>IIXK1;(UgAW3ltbg^1;b|4{UPFrr7J$wy5U!SlAA=e1dHbpGnxPwa=Nt+ zk28pq`AGR0bNY7qQ>;rG20k_7*sGxXdD4oCWBa}~!49#JQ8m|U9s^v}vzj-j`Ka@j zV{9Pky9Lc7rP*@^DkaRn9du%Ra+nAt?hrq~|Dw>F~np+fc4xoG(RarIVF zakbIbChji5-Q9v);qLAZ2@u@f2@Zuj1a}MW?h@SHT|)}(I^F$`{!Wi|Q5SVnWACwR zuXoM4p7|v$J-~{Za+OW7G0u`l3t)R`W}g-1E*PfT9|{Ubz(YwQe|$F*Y#EO|)2Nq) zuEkBRmNj7n^3j%em}Rhm2QcQ_ikl9M!0N|oC<=vzAHXziys0uw!VwQ7bl#U_sfwF_ zMy9{ZCW^BIb-z@`L>D@pXD7vp%&X+e-B1Fr428^0W;`(btgz5R(%*lI7-N^srXjO- zNWYX3jdE$G+cE-&6*bE^C3QjYdxXl1gS@zhCk$8&kn)09eUJPT8@(&8pS1jvON>e# zdX8M~rLy~s+0dL^M}}Tk9Ez!C)r@ZVbg4Q#l?@{g-#czxvOlvy4O^#b!$Tf|C_9YX z78Q+$(M7geJeRIALzM?mpZJnIH&6fI`i1#88O2^q#n4>ed`HEZ-WhHQUz+}x3$Bg|YAfF=0M%ATN}U|C>B*_5>qHv~q#X>S*2Sbu*g))M z!?2CfSDvb~p0$CQ7g9Ez(GKXpkz>dp2bF#y3IK!<+d_f>7Is*SsC%sA(bKn#VViWf z-+j0i1+0JhMCZw)c|F{gH6y=bUydAxO7DC{wLuzKxG!60;v zCtwxtnk{7_7o<)GN45ARtbRzUuP+<+`Lo|K$J;&-bg+rijn7Ul;jPIYX;;^YXd54= zZlH&NPUIC%Jp#q191$xpZ!wr-e;?VB$=5J2>*)9OjdSX%r_L}sH<^-)podtu5H;DH zi!BQe{&;rwuXbG}a(N{){`!cd6@pv?IlaFuC5Lk}R}U5Dz%46R5rmuh!c-O z&?gR^>M=~}XvWc@FD+LN9h?ZWH6^CRQLtk|@eS7C46!Qo(Ef{Iz{XTnm4IuYEJj+> zDD{ZKTBgp~HWNLyqHXv4uSpYC2!Z=W+_wxaw zG#Ox&INT>#Vh97vmj%>AjOy064*%}#!y6>(1P{)lm=yn-I8Fm3em!v6(>!nrm#SsN z&Cs=Zsm?f)eIF2t@Mj=C$c(B)`-|*j3@SCsw9QZOxq&0>&5e0 zypDb(hd;v+W$7?jBaev`cYArKG+HEkKOK1k9S4MdehsiT;l`HG_fM{?oZj4CR*%6Q z->ramY|{=~b@Wk zZ0`Ly%I>2oG`{^8N;#>R8wY!R;8njzI`!J6{J&o3$}<1=EJx+J1`-?hg*3BbtERNz z6Jyhp-RwEH@t}f6+niHF>u1C4TC|oCMnv(zG+@6kV%$~R$S1;^k2Z3oxM@1Vi3~$n zXd{|#rAD<9hc6nHj7G6M)4WjLmZ5G)Fh-q1twK_??A@EjR`gRh%V3BZ8nqib8C9hc z6>B`>GFwF}v|u-C6!+(}?BH4G!FZ%C`=Qi)qU5MQ~)D^5a{8jLk-2lHBkrzE^0R6ZV2kaGM4 zwhoaV(C#Ui8q$D*zvEVhH9pP-FbH#UkQFyxO^+!4`H4~B#a;*$oFa*>QYNFq=%|Sm zW+B|I@lO86>Cpg1{`Eb#-=7djPovbVvuIWGc0WnL#z|R{d7r-y!9wcr!`` z!@<1CKJv`}_S2Ez%SpB@KKF`_`MzCZoV;FW3uQkJYzPBZp?=SJgj2Epzhn||`os$M zy>q`uSqlEcjn*|dLsk)(XEdN~B$9&FAwHvENJAq94yvlxT(uCsnGaf5*43rfoRbiF zKl;>O5I?WbO!?O$!kG6#B+5+rFD^w<2zm-+U-gwfyeBGCnGV4kVw%wgn6ugXA?dB< z+!=W9Lw)ymfW2x4>xST|EieTKuVSfD7A0BsSQnw1YnCm97jINt%bVh-+x|)c4)Yaj z#$Bif0(5ErX$CcHM!Zat`F*puB`B!d14pSn*tS76mZvmhWt3_LiZ@6E6xISXT46N@WotIY3WrR!5Che#|Mc z@rEncqjMYRDD!D*{#hR+iM~tnjxI7lSBsX8{G@qCO+P@{WH~bB4a~9)gK1JknKWN@ z`r1QOaXwC*2-{m_%!mVI0(HO5i)xkcYliK{6F%Y1rmk>7TNn3k2ox$*w=zW4z;9rP^zryBou_faM+3551` z_EWd|MvFE0zQAePMOHaLrtw-_q*Sm72F_LwdJ5F-y(1n1GEaX<4SZdG$LL3EE`eP^ z>kq|`4_|*FtcJ^2+4C)|YA6^HP3aT|55Ow>RT{0#Wt2MqQYNW&L%O+Qm0%6fE^iRsWO-s}s8b=Ts&otxVt zqM<4x+0@DYNFTmz>Y3psQK!f_;L zft(wE`BO$;8m4v8d^nSt1t$BgHUwUU~Qjr#ZLC2 zx@1ybH;uRT8vM61&Z|hHnj}f3=R>Hq{8jEtEdVMA%+50`MUQE!fsKyBiHaBdi9Y4` z9c@YukuL2~)}_5GEToQc&_K9qk+)gixxEnTzys?$5w9P^>+@CG^05!S{jU;7^$=aE z{o=wF#qcVx*_)5fr;Fu@Uk_~RbaMtL)p84|{9YJ&KS#~N%P0nCfF=1X!61(~ef7=w zIih4CCN{y#3NDV=_#4#5Lf)~`FNGjZo!N`;zbGpZ_tF#}`Q%kDBIi2923-Ewl$JIc zX0q#Oa?9Gq>UO}4){6OXWhEy!$KgW(QEXy-04lSEPkAY#29pAj3MOZ$c z12j?Hr`Vvx7?Gq5fmvLOVb$pQe*EN9DQn)Qsi{efW7SVimPLbDMaRh;8&%m&9SbdE z2R)F6agF?|UJMkQsl#o|uPi?BHY#gV_+u#bTr^7yeN3Fl(xyV|IsQlMkBREJDcwn7D}0j4uh^8GW0YhDW$Gnr^!tl0zlIizsn9| zU*p-F1v!O8QDX@o;`>Z3fuOKQe><8RSfPzYWK}Cmn}@5lP-zg59%hg#9N$f=I;!EW zBNJ1N9+v;HSkkqFOInN{CddC}xT8u{f^c#C&jyJY+4(LC2$O2<^sV~ExW2;owqfgG z>i+b9yQNL6U<4YeOpfMBE!JeWi_OBDO=j}Kxj;MFdE5C+M9bA`FflBq;bb>zUh3#l zz_>kX`CLf%;Mq{yow*ig+%I~tPv{cM>t^IJPX&7hmf@+GH22Eho`XJ_0xP%T9T1bw zTydlv+NlXQq9X~b&mK3&1}fnHXd$AGyNIfm@W@DcxC0HKxs|wFG5-pF*+Wd)&t1NADY4vH@M*He334gjCax z2b)0E020HbYCIeqD(UzUtVM~V@DsA(&oVJukaAVML&And*a;jXu#JVV5PO5CHmRXV zhJiDfDJ+giRE>eAEpYYr&w$k|Z>jqFyRh+ zPYi~=2EInZr_7hbhDmw+#Zc@U9k<2cq6U_;>b82M7TchxCM&aY&8Cjw=M4-AsN@Oh zE!XJLqJKQ8WKb_Z{#5)mQGj-GOeR2&T{Z(&dh$fbjK$wIvo&C!USbleXlAp|nJl*^ zjyRo5|IF}iyG3$-Sif=#MYvbOoc$)P;_DBG^(Ha+L=NGMsq&A5yc_6hgo{gb-15uT zPfakh8U=y}M2`c`L5lP&Y%;n!BnXYB|6_YWIw&-^Iy^-@&!Tl6wd?04LPp_Xve*G{ z%v50%?tFY0WAHM8H*JKP#mUmsZc>Ta5LbUU~3s-}fXTAQ%^^wX!}FeD!so^8GSaxgHsr zi|Z(RW{kXo1@fwXqlPd}@v42drmmwL_Y{2}hQik3F(eIGIG$$A`T2xQjC`=yiH+u% zFGKd$O^B?88%`egKtsu>r?egT_~6UIlRgfPWi4mtuKS}Q1>7=A;(wS;s;0nZ@8=ys z^6y@iDUa{EjCKr~V})MBVPt!Ml}f}Sno{sFUTPLA$T*k1E})EpJAKr!Fb`0?gw|mH z(k3a4Yh|5ZUc->=exY4tQsCLjBTuR+)UBbe`7hu54W)YZ+lyvqG_@_2zl`|xHu2HB z#L+Yu&f>E19B7WQ+cqomaT+=gQzuBM^_o8nB;ij&pr+7(45yTMXv3n#j-q4@O3d#h zS>aZ!pJZYx?zkj>D-CI&%rufN2+Z%k#fs|taGmMYd}6^y=Npsoj$jwrY=IUAb}(X& z_d4zRPA~Dwf71jCD0*|ZtKhSn7HmG|3NDsu(-Y@=?VGKo`$B{ngdr6k#DjsNVri@( z0Ku9}U)>n*pTQ~KhUz~YcP>xdys~$fnVeA6gxFChHAFgnm!y)cFM>LN(=F3SCPgRt)`qVKyBb!Js_lIp(iLu%YAlduttB-rye#;MkANt-+b#?rz{VWEmc zYk*F1W=oaiSW9FpM=haxw^AvX#;H4G`7jtC&O4OmMXX~D5vcUjjsn zxRv6@sa4=09VrWj5Eaqvsw63e#?xyNg-WYtA7=_E8E`I< zBz*7(h7wUt8{hjM|=+tf_RQzJPtK*YdLGKN*%T;@p8B zLPC4eeCUg0ejP?pWM?GUV}f3~x5UOxO*mMDh1&M}oDVh`zOOKcEQo*?U}(f0Ct+X2B7Z` zHB`pI;R>!xY`P~+vwGF{Jg**SdqNepRqEJUo2Z(yQ=)m^imaXI)>`N-T+Zg^f-8N! zH0((*t8L!GC@U*t#hJ)U4urI22iwB}>FKy;A)Qi{W|WE{94x{L4EB68GbUe6!l5(a z#!GEubmzjdBIYy?)Vd`U#f34 zQ3%p*f|cA#!@IZ}dc`7**Z?(cZAh0%fX}=p*Y9Ia*pUDSoGm) zSyPTvaqtu_cAT$YIOl(rHQn*xdgVzd-ocG3&N`Q0Ljij1|8C!`zK+u|a!wkR%;R%q z<{(}}`GGw6oZO!44;&)CNg`elN_#SB_aQ;}g*Cem`NlfQM4#BK`Va>hOiYwtd~Jn@ zXwzRVsJk5SM}{Xzwx)(TgwZ{{!)E7y93RZo;!)!_u&&JYIo@D&@@~H?iiOPoMh%ov zLFLZQ_eO9ZX-Ih)$P)?4$?y8!-`u;%%GWn$Kx5Yy(~fUqGQ(@+dZ7Y40-_pAoSKL| zz78;rXDr^nyV7J^8a@Hmuu($)?23njU!fEk_^?1;_dVTq8{xF?c^Q<;_W~7c4v9!r zV)Uv}L%56dNG^Nu4uS#S@c7RUlhR338^7bp%EM^8%Ec!&cvXJbO2p&*7)ws|HrYL6 zkXYZP3K94!)vTZ<2PvBwjDXuOuioz7xTAH(P{*-!CW|p=>T7Tp;Enin%-tgU;oNGC z5rD$GoH{;XMMgfg``P44a;v7b_G$^td<=sKP6V8WZI|GcAVniIB6$p>UF&=3cp7aP z=@=RLI+m|usMQyh2e~C}`=Zmp$lh3efEh%aisRH_0L_0plL=E(zO8u%+k!jqGwpmH z0XG4clGui!vv?WM0q?^oa<&_of}QMC(W zzBmLVLk9;Qzv*J82sh^qYUcTh)HSNmX@!mDGn*oO7{S+Xn#=A4(wV1)ZexEpu1t{wHibMPj_NR%Wl0 zPL>4wdeUK!L6~N>-54yzCDTcG5q^OPN1#VV0kJ>JDHLT62CVg16shA!?@@&dZk>&y zS9N*b?8IE)!z3<&e>~J~L8$vAF_0W96cyU@&jA1GkqAY4JSml$kTX+d@KKup9jXLA zttER^!4CbA8xbwLW48lI$u>-n#4o#*5G!Y6A+#u1AxzKSgBts^v@q3|O(9)2j0PEn2yKoa?=wWkPpjCP&d#4k;P>ANJvxMcXVNJvvMo?)tDcvj>ICk)&AKz!xQsx zt;r(W99J!`1mZ6r-RbS~05TiPMQhg^WrmCuQ{)&=#vMQA3YTPv(Z7kw*>Sbvs)P<_ zls}6J?|?7JVo^VD*+G^guM^L@k?~h%wqHW;G>ZEwQWit`k}&MW#>}7dy47R(F=5h> z?SnX!7c9r;ty~bw^sTLJcAqI`e@*rn926o{$KxSoxnyP(;%93Ncm@<3F^`L2feXwj{(hCgfZ_Z6^uZzSnyE*%$p~-f zt_VoJ!&TYHd$Q>EY!r{x^ZY3;kE3C;aeIu~yFsPpe1qsAFe4rvcQ zPg41P;{uAR-eA4m($nO`)W{1Q3S>2=I<{<8Irf)*PI6WNrH{m9t9+g;Cjt@P-cF}3 zrF|z5mB)f9HQIun1fDAKszQSP@M*H~=Ez-0mW`O>S9LCN{?{UR^XYxLG{a=&;(;WQ zZPKwUCTU}$W#)8Xmpykp+V#%$#5}g-K8+9?(*0poU9Y--k&?E1FPO@_=GZj~0(?21 zWD_dH2O{1%S1J=bj&gWtsH@XZ)aGSjZ}1vCBo`2jX5>*R1Q^pk9bCw%tJAq7(M-GV z_<#DZ#Vin0u}6{{y^X#}YEcbHSb-X0Z9~KC@@nx!`9EVC{x;qq6x8YV;EOc4P?RZX z3Dqi~ytF$(T$V!nw$dltx(~i_V6p$F_(rKQFv#-V&K>V;bPD_h|$9rlcGHbM{(+g9u zs-rBhe+|u4Ro2cUo={XfYG5XfO^uB8CM4<=Y5C*AUQ=P6L z20yt<@59h^aW&O^WN0y((*&NXG(#Y$ix5XIz{4tqJaXJBO3zUc$+!Mh!L%QZXU8Om zA>GM=E&-Nhaoepc<^rX5$l%ehwVwy~ikH(X2JYw0M1}w-6>htRNsZ%g$jA?Uv5Zg_ zr5qmf7m)0XiMi}i^g)iOjNxc9lwaViQZCD|GR6-NCAOV#6!cWlgd%c8Y8rQoLW5U|OrgF(2A>08 zG*l16X5)$J+Z*N~WZLndFxJrlVex_82NujwV+G=pJ8B)%v4M}bA~bf56=N8DTYUl3 zOhIP}=-30TpL)s^BYG4gI*N)$QB@{7x&MZ!c0!$zGDxCzx$8q3&zp8Qod+m#AvJiw zONYTG#GI7O4*==kBbf0aqlS}_MK6AMf-&x>&_5*u)!cqo)ipU1LnP_49p|GboRr|> zI6I?q_+Cz=r`r%%vdo_(`Vz0RM<8j6YVxppAr;uny&HBqblo!z1#C3A7G;s`nW}-3 zH5iTotoYnMhG%b@L@C&&@rXgZ-%Q+a;^`t|`9{^zZl2EtX^>;J8hP7Flk}2vP0Ek) zN39Ta2`DnqeQFktPF2dVXR0V%cG>}>&yRZ2sv)kyAPxR92J92)*BUc%=&5m|qn9{9 zW-~1)1g%5!Gv9LKXh2jmI0ko6S7=-%v%g~mHgExv=V(Y{$b}>FVGlFQ4r!%`oqYwt z=ghhP;!+_#MyQ%jBGQ=tS@a)FfMB1HKDmnMoyu^c+_yzdkohFU0W;Lc_So2;_mQ4o z(AOCPcMvLrmUIC5coN}AU1>|0U^=)Po(KMnPysHqSBbzzl*vrdd~W>eC4_1nOaL(p z+m^PSzl%-z$^wKzeSI!I&Fv4^Ccf&uYHa9HHTq@GZijRCkO#3is<9M0813JsX_=t* z`-S(z+VJLUJO0%DVu|<#0X~pM9g8J4$0;|U?m^5+IWIjKwd_&b;apOAvC7zxa#dZ8 zuiiAF!;F9SSR~7n?3UKw=FfPGP5m-vHCsoKbFyoCndUucv0e@sea(%>-XnD2du-D~ zgoyv2%DKYg8x5lNfX}2ZQ5V033sMwG83fSZ!^EUe*$FCQoX!#EpHuS`le0tn$qic( z`tO8eQbgQL3f_+jaAWG z^Z^Ju$!m+G`tJj;6<|TAF$cdAnzABH>qUYfHIU(1QC=!4xO4UE2LD3v1XiZ{=9&nJ z%mVIG%t3V7D92nvBAcwLT8Bova!G8wBY__zPax=&$KZ}ZW2fPqO>5d{;i&=<^ldFM z_c#yUesX-&Sj(V#vcR#lazee#j6my0YZ~@~>YDJ{rdd}dj1k^)XsnnczZOko49Dz?i?QzB)GVSA+p$T& z4;NfJkyx1j)(i*Yt^X@AvSvYnEWnw99vezpQbZG3Fa`O?NU7+W(=;iiU09F?!+Zq1 zv_Z&0+2z*^W2W+b^L$9|HUrpK1N`kqP4Ak?^9 z53V#f@Bg`BLezlX?|QdfEidWe6EF@J9{

  • nO4R&)5I`{MnGR(0{LXSQkZFi{`XJ z_V3^(t2YPm2KjB!|27%kleq0`!#s!|b%r;;@}y2f|48@jk^A90wdwy|sB*9gxfDPU#qyc+gyTl%%0M2 z<1du^5A2!^5Pfd0h^|c{5?a!!Rv}?S5SeC{CnfNu%^^Vail?#@vh&W*e4BkT9DAew zhC{G-_WJ{ejP|4>QSlXQDC6ImnQ`x|W;l*X3i?k0QmJ>B^Qv&RBssC_sZB#Q?h|k6 ziQ`bo)Y|#^j_8R>J?WlF)HUv_;<>a0>jZifbxHL9V6Uh|n;4KyynqLf8 zb;(0JP2driK0LNP9#m)nRq*3o&=C=b@0Pq1zsFCU*n=dz1)P87pg{t-n1DsNya1A3 zQgCMuF&)KoQvTR`#5eCQnl1X&hBlJ)93FmK6JarV_AniGt^i25%5pO`eqYZ_=}m>< zV-2Z4mRYGRsZ2~yrGc%Lpb4lF$VEOnKWX>=l7rm+ef|HrW2V$jweo!sawoR4%ch-P zlxkOF9WD>ktqOhz$DCK)tw$#`t}5elkC|0@CFGG(Bl{VS*_JjXohirBI5rnP6gU?d zr}zXS=ST!XUI_6@btOR!b=JzMIwn5S0|Qjb?a_Xq8eAl_%op@B2 z8{yXe3ZEks{t5ThdIihJ)ybn6J+8xzo1UbQuHTGJnab@0HuS;jjeCmxe80a~5<*5k zeF;iSOR52&1P=3w+f}u(7&Ir*vaHK#>sQ)uc1fvgXxs|J$}ygc2DWF~511APT+4c@sz zkGuIaN3t&A_Ox|VQwc6uhhzyNEDVuolVC^niS3aY7QugB@{3(CD2Z-aoZ3B@LihD=Nw*=qMdG7HY!vTC zbb{C);eHR6U|1%IsqB~A^@}f4UaSe!5hD{FnSJCmFxOe}@1;sa<57*S_lxR%4g5uf zp)xjo{kfK*K6QKndxchA)bHy#J#%y0NuI9JNEm&=fu0|%ut6y%s`N&)7j(ieXel9Y zhMMpd0oO6{+I0!CK( znvFjolGZ(K=~RT?MJ%=HM;Baiex~FnGpx0ji^eNIqd?ZhbeuLAMI+M>8vsHFjub20@US-wGBrr!lTz$x!RGjVNTZM)y z|Cg3#ko`8TF?*j0AL{sCb0@v5tlI7_OM|iVG1!lAn|j17;e5u6>^gE>4P@hCVPkT< zaI|{gB~S@`j;~w6qZ{!`T&%>VyIOBfOYQxgxIb?`HqIGtrGMil(7H2PmKL)ldbC33 zpZ~*j?m^Dv`A4{;sPFbk+wS z#W#OX8dhG>8n^9-Tr1y+=_b~^2fdRs&>6wXgFx@=1@F$?$jd2+42O_5DlWO$BR9gz z)kLA9(Zz3)yEpDX&5*4&)OBle7RyP_bgsw`d$G;tTAE=gSS(dwog$eZk-aC3{7)*) zV0NjWCkPRN6dC4!P{IW>9-~|Zf}czg!UoMdsdSGFG&9&{`c$oe{Vw;&55@S(8mFxh zY@Ux-fIuP07E>)e^>MMUSVt$2-_Ov8c;Fhf)~zH+zDKL0fEuTR zd5B&hexSyswE1vgX_P@4zoCzT_bzDWNGVZ?Ms|mrA>3XJhgRxpwQAyU6OO{dB_RO8 zn^crlDH%^lk#(i&^bf8l@8qsM`8D&YeXYRhl8m$1)6l3Xk`QlV8Db5^(T1Ux$~#Gw ze$rrnR53Z2d46b#iI;V~oU##;8=b?+F)E^7lhD0HzS;m}Jo?{KJof9f(6eOG&N!9( zosSwi`cv2pP(&xfHE_N9{k2cb^*C`z#Cnn9c?B3P42V zv~1EO@Lyf?XH_*@W`gCr6SI>a=f6pvS+ZU`>X)^Z=bR_v{)sRfV=;<++-m`ty?U6J zS*mYWpf^jDncVtaSq4V>#1&&-F`9it_dO4czO08qRtD-BdM(QAfm_xAbrY{p2U1~DjQn0bI;ZXf5B!sD zdBHA7VL5JsPp<6%#) zH<|GgGRc()>13^y3;mwPH9>C6id~mBR7xPcxrxd#63Of9Eq)Mb1+D=Zxpetg+jVJ9 zu6e6-K}Y$GmMg2Nj6W{7b86mC;iFdL12?G^Y8=M@lGlGHPu6uv=(pN3G@Jj@;$V=8 z9}^$SOYCc%$VRC;#uj^f$A&rHRF=@_Jd3%)1`HzYKneV*C}#V-fcrg6Ds_ZA4RrzBaZL zm)PvC8v#8B-BmpXslm9F(w?U-`^`2;Ht+%BkM79Fp8VN@CxkAn7#3tf83ye)#bn<> z7FD;R!>ZY`@x=-@2KI7+r~AuZ2%9`U1xEPEwgrRM0RQ&Sn*>vhW%C==S`+`jQBWyD zM;cJ|C29xDoZk0FE|gap_J*C(aE9!f`pstuB_kBBCm-Ysr9JdA@x-hbymo%8#om)M zE^8%4#lCeS5N)=>QCjpnQyfK%P8T%jIdvm(2N?o6l?(lsemrHSgmzD? zAeu&%rsuitjTMHvthG5$gmDP7NLc&-WjG$toPuqEyb5asjeQ!YsM6Pa?r^Pfqu2cX z)4Bo*WlM2Ba0JE?Esy(Z+h&*o(i~U=Peo#qF)`I}827MOmw6*M2sVU91%O z(6{Xx6r3Io>Xt3-{jAL4b2f|<{Hw*jzIpSuH$iN_{RRShytT#VJHhsCc=5-32-a>JXZ2O+i6XJ ziR3#xIbyO}e{~#hVPOi}6~oMk_V-0iBf6CX~2iv0NyuRzO zYP4!_S?zb()Whoag*;X5_m+c!Fvlw05DFA=q~d(ok)JmGR?tL1T7ep;%Dv%=)go|ieepWc!g zF$yU8>M*bP#C7rbH$}&C99W{Rn^=L>n4fKm+F>=n(@;y240Z*|K5w5WoUm>|IKYl| zd5fCQbkWG5-$?j1?n?@%OPizh-d<{)i$J1pGcmCC`)nvWwB4Z*k6}?Cax9-XafH=vSN*sfJU!7ziMtXPLC-otBWB)$6neCZI+RYhwY%K z*ze?25$NeLG6`CCmK1;ymJN?d@SfwTZK!)+2ni9oipT>ok9WOXIAD%Ph*C1o?=LF% z%01-r)moEAp8vhcYL|GgH(t?vhNv{u|5v@W;B$c{s`ml|XKJoZp1)W(v6?f#&tVXZ zz(DaQES~)6%+`@(V7JlVtF5SXc4XoLvci!#qR{R?fSf^T2)7BW9)!q9naL+!6(|HC zgJ{5~RI{=UQaBJB3zKTA^BMT~TQf%}jY{oL^Wn|&C$3_!IDd|d;r_+wSYQ93W-jpg zMw?vzCg21N<>{t*I_3CR%>RoTGdR7KsV)n_sUlbC_0htsaFgyYfKiTJ0P=#KlTqGw zsWJ}l41gFq_(Pz=A*)SZo5l52R-Ns`i$FPSUmEuIS5k9BvSa#YwMFGtk{N}|K^!(N zLbKC{r?Fs3**poRsaZo0tSRg1E_nv-7b>w9^9uAJS{S4TT=@caI0cw!i9&`bP^HI<@6vRD z`6*W)YQZY_`V+W;3-MQ$hbsCf=k{NM}(sRkt2NjEas;3;V}+hI-`v@z&nv(11aI!%@Tr zZMq_v#$rTYGQ7N6P*;y3gP|yBCsw-pK8jz5i_JuEc9zlfU?c+UqR~Q=rv9mOVgR-X{-Z!@K<4gV7dB7Avew{78uD? zAiz-3{`S1rTlGYV(8s?f5=Y3Z?$3SPcqboATn3Ybu)B?LGQ?1!cRz{6SScp27b~^1 zJls(^McEMHe!i+L;NhoTZfO%7{-@i3j)2{%-0ySiBzpRgnPFI;o3vp4X{<=IhGjU@ z+msG=EFZ#lh_0p2&`WPVzJ!s?;g2r%0ajL}N3%mNH7L=@=LL})4}5l~=c&gu@jWWH z4Gp>KQ!f^3*M?tbp~WT|Xb!nRel1tN5|~&-?LrHbD4DkdYb(V@uMVjrd(+iZihAv~ z6WO59Fhuq;pAt$W|8G*9;%nkYA83gIw7wu>kk874R-_x zui1KTGvQ{)eF@(tRGOd-(X!~Ik;`lO1e ze`LF5jRGbZF$g!q9WjOgj+S%x!`oZs?*Gpucegb?2ok8=fZo=GAJJMyD*Pf3WnA6j zum)D8KyB4Vor?SCi%B}$AQUz$HJ8z1-~Nn@FcMvTT)hcW&$R-x@mYnF@uJTF2)53K z`?A{qDDn6}>kSPQ%jk_1HY1)i3;Ois7Tzs_`9 zo{l-+A6F$*r1LV;ewBK4p2536N^gRI`kEF=2C7?3a72=dc4z68(p9%L3T+Nz{&!~J zeLW6eOo7jxAoP}@jz3<)a|UWyc>~R@%Dbyw|-7kI7o$ zC$u8=7$p4K#V_T%h0dLN@3`;uO{h~((w=)DVtn$z^itHafLB-LK`AEix!uH8>_%Pes zr+ka-a(PNY@b%kI#kRj5C9<`;-Ct0$n(?#19aO_wtjYrnk@2my8tBcUz=HwVSO#=S*fDb|Te6z%lo}3c}=lzlz zN?-ijN5C5YAf$BOif_H!<-Ef5C!UGd7ZLS7r|(;s5aZN*)}-{*@GLL)jxW`!+4fq3x~>Zbl${Wk-ZV|$6Y9IqgKe`RRL1q8ACboNpJgl zBH>FpR^Ce+`BlWiwtWp4fYAdhD%F9=g<+j11thyGBGti$tzb_&1-4_C6l>?bHLOF+ z&A()QvO#fiOOA|8*T6TpQY9xe(Z9CsCq3|LGn(G}f8gsOA+Qw=ze5+`5TGTV;he;o z+y50Zxz2c#sm}ib9eRlgCqgIGEBFvU&b^`pp(@_%qQ&+TVzjiTvt+d2pYz+8uHJ8_ zOnW6!B)Nk{r69DY11v56-nT}1kDE1?JqjM!HWJxwrUel{1xR!T8T2$^Jcn$z^xtQz z@DPIm-VY_C)F`IWXf(G3!yaK_GI9&Yg{C<@bPFQ?Fv^szgX30A);+$J9hMyEJS9KW zxMzECTCU1+2X5!S1pB=Yf3?c<1BG2I;kSG2=l4;+hyjRu58nxS_rRY$Az$nC%)i|3#=BgG^dfyHkK8?MU)4rRbFN;j z$cMNcq{!xVOb5q?$>!=?UZ*i8@6Ouzland>8t8wuWB7cV)v(o&YK`fMV_r_H5^w9* zN>ZEy$o&4Td|rTGT-WM7gk#^niWQ2d2+zR~Ye7x9Di7@%PeI5v*gVJsa zCnXa;If%YhmZ8kM>6PtvwJc>EaNTQKdIj|TxJUo~r!n>3sMTV{!CqGP2qs7@Ju`{< zru#j_542=sN@NtvNm0pTG|?qtY9 z?y(^g85*h^HaQl91-;pNZ&8d*q5IMJ(T+Ye_Au`(LF`_QDsEYo0rSpoUp(+y_Yaw} zcyV{7I8h%zz{~by+rkF83Jf@%=_?BCu8gqgg7d6Lo* zd!oi!EJpR!NRX=)sL*kAd>O}*UN^3``LMW5kB{!`PjO{^#zEd=N$>YZD?8=Clh|dd z93Tk9AVoFr+a?L%qDB0v!v`GI*)w3wOzTufVEULbMj~#+Aox#JhHL$D>g_{>(0+#> zt0`JQ&*|7wcrVpt$;+4kQ05Bn_6T*d|(Gnwxf==zhfvohJo;%(}oMi|J2u-zA1Zeqn?%Robk{N(MYkaQf#B2lx9A zpQ-rtt8rM_vJiceDxdw9_=79=>_{>DA~>~EjZKdSmykI}1Y)mm>obG}Q| zt3>3RRGe>YDYM@hW*2^Pfs`#TPE*;8fYN*`S*q})d{}ios_c2FLt9qD1M09Gl4Z() z$}4rcwJV{0{yswpE{ zUn@nZObcb1yUaHAoI$TTuTK0>)acQrFI*-g5r7^1#qCCH_8n^ljzepS7rat8M z^Ut@>y?XBgXN6uMuxVt7bHXK6n$ZIae8dJFcN>fCHWO>|Fi<}m0@w?4>V@;kuX>)c zAms(~k&uo)D$GZYAk)6qqvHXjW$Lb{=Hx+{p64$O0{ESLht$8@x@!oQ#R|!VgjD3m7I-3J z@CcT9uDZ8|AoC*GBQ`$!n|m|Sf2n!KGnhDY7N~mrV~*}wfPnK-F7?NL5}=tlhT7py z@P$i3ckoqK=G%`hy*XnkWS2&*C;fsGLNtzv$yw;2mtLZ=a8=?OX+M@@Rcu&pD=Eu3 z$i&CK1P=4$Rcoy0s^wK+ydn9r-8LNPsF8GLSZBe^H<=e*ne#6rG!m77y>k zoSg9tI)f(jlPhE;PrYFXRdPXz=9fk~MumRNVqs$&FW5`{udN4~?dMO707Sk*WMaqx z8xwd$W8dm>>?&lx_j!#ee86}EH*c7h9nwnW&EKYYyDE|&vS_34;|TkeVjrYOATS07yo6nn4_pEh^$BEXEPV>gAkp!U`k_Ng~_D4x4~e=Pe5hkQ`Ko z+0S6scx0hSliO+C?Lq0ODiR zWbL@fjrtkeBR?_Na$pCEoId3!r_+&AW3Xw1r(_hE2DUz{h6B(i{?*`Q7=e_N)an)4 zn|C2VEpI>teD@e2SSKjN&5Z~ld@Rj=)BLs!KQn zurxQ95mU-i!-kT(9T0tytm|}c;#mIm$Sf(6lsKXi*18Z51$hHOz@FegKCr8ya=}(u zght3Ae0=tU0|ny8$4}S#;mY>S-LG_bn$UR1AEjCvKZpd6(-0tzTBfn&ewEi355ql7 z)#YxQU&HtVrcd0zUz9UUxvlh+GEF+QtkLwu3A<}K)}hZA${vfnd$dC$M9Cb9kr@wM z_2naCADO%Gd>O4jM>`r*1w6d`y-Fqd<{A-~YcZa-43PXQCr+_OV@$8~aZG8)an8iK zPGPKzn9}DOAK_BAQv|oZBwTa#-^4wR(z{GLjr>P6Bd8@NE&1#Oy?a;Yw~M znaR3oR0ZzP%(4GLcU^z~Ge-el7LTli5OGLlsW`kSmhi9(pi3oBpYq{SzmQvJ;^*=p zEZOr~V{ud9F3SjOO54Sz%x_j^i@Dj@Q}p0N=45jcRFSnVlTIV4RN5~!*tQ-jqKQ%3 zz$0YZCS|e?c{cBbp7qn-K~saIUT9a9bfE?mW0IMsTs%GbPqXTLI)CIq^L@2Z-Xm7N zXWYc*_jB|i{siQdlW+Pm+SYfjg>i7a|;YJF`_4#{F$!Yms5M=+h^{XtH z*tK3V`jDkxBdtb1qSnU}^gR1C__3Vr7{I}m{_psek~-vJrC$_e359M*d#=p4VD~yk29E(i~6!EIxa(lxOZ^j8>+o#n>Dy72%6qZw1vI8dos@*F9(tv7o_@xST zI0e)}rUC^%t7GVF7mz2%D+fosyp)GG+cjH;$)%_|Ze9iK(a%p>!QMkKPywlcJLbm| zIBK-4`-W|<@08IICZL-q#DuDtK^e&w26AYC%SPmI5(1}k`H~u*(2_GXLU6KWUKe}{ z#2*e|5FBwl016)s8v3L}2ach~TScyRdE!|wOdSIs(!eZp_cLYWE{UEtPQb%N;U!?9l{f3T~?Sz0VGC0=;h^lUkK!+js;dgvAGP=(N% z6Ao(n^kdfDe7eIHRGMz6rc`^fDAI0nnIzos?aA3or(d_5ZV zDyt!aXHH>jU5%i_UkHx|W(AQ%P|EW6et)Z?ABP{Hm~<_Iui(t*5V;vzupF~2&Jv;( z5nw}_-E!ufNBL8Of;0AyQh?X!Iq=Z|#e9MIA5IGV)VuF7u!a z<$vcWo24N^t>Mk(m;JJe%x%#YO(Te5VdHeSI2`DHZ>=hse7bv={EER`@aFX4B#vIR zQv>e#F;wB0=@c3H^(g?}ZWzGxb1j#s+$zjqaQU-~^&WEyR>ipe=FN27tRwM+HW(990r|XOU*& zZgrxC8;p*5)_5u*WoDSo-0;I%M+g*R1mNWu(I%+sgF_lvBr^J)+cr3jaOmZnd2}2Tg6*mrujJqQTe*(?yT$Ab9~@(xZ<7GDMg%e;bNiOC zu4FCz9p!`gN-`@i#Z>UACF`w5^psRN40@{Y}x{5@XIE++A!=u*N z!@28>%9PBzFUPV6>=4secvBN-LrB)rncTu0bCGq0t#XaXL{k?54|qpDr>t~`)b*Tgx0Z${G)jf+Pt7q3FdznL`_ zwV&aBVJuhwkT1i*M{qdA@L(5GQ1Nr6%06w=`=A1Q7L)2N=aR1ibg1r6$Adw8yAlyV zB77|_0R%VAv^c&%G;&tl?rs$iYfIJby+ydKN&f*7`MSD4N5y*Vst_5(PsTx`v|Qr( z<6oSE`A}1s>pxUl7|q%`km_FvU&J|+?&!6@E-cbd*8G}u+p@Q6m=<9gT@aFzm|?Wt z`uYGb{>Qw+*W~%{D^mT`6l;IU7!0w>N7i6ur-mB5BzhG0x|m{itJ{8z92O~Vo8gkk>86msp1$yR7MEWLz*GzkOE)uTgBbQlHSum*6sFc5{ku}0&J5B z-Ya9CO0)@NGD;bazsP3=yQ=9S!Krdt>dc4;RAM?f3W*M-!=*n^23+GnJXwAR$$WDd z;&E$za{(^v1+7>VU}{0)B~ljAEe{lqLoY(XEt3a?{5jlgaulS68gf~VN6?H{xq#8y zJqu<6Lt0Q`|3{CkYv1XkjOo{BZ#iY<o6y33Fy7<{}&(+f6 z&iYRUYT|ujnYvG&i+F~W=I*w6v~M^6eZecpgJaL-bgIu2bisi^pKa6kq0^mCe)jf5 za>x~?gh{T9T3aVGAqu}{UsJ!D2lu(*ZLvBp`*Gd@hxt>#zkB0-+c+eYGl7*1gljdk zk=M{@fgFbau|RGc{YjRAKXvM+%znkel-@8W*NLeLUr>nMB7ZbfqsRkqEOIozz1y?$0od%>@pq*F?VP*D$6unqF0F4yEvr##f!h^u@AklPhO3_dD8T8&->MHB2=~;~U;goL zBl2#b8i?5g>E@cT(Y@tQnX!n)moxP z;yyQ(kaV}MGagX{w+<{evFL$w))?S=MOj4NY>jN9N7LR}UZ@!qh825P*y?5fR9k~%qFO4uH zmq+PO=3}w}``&+J;S1O}t$)a~l9cql1Ss|V<#=2UjZCUHW}Mu;{j?g4VjGYqB+xds z#-1*F7I$RQ%bIwx*)~+dzHCJ_xJ6)$k&onV&=={IWnRnwXR$@oH+7cN@y!4{l{w1H zzAex32tVv)$=Cidze(^fdy`PDLaAXnho(jBv3JuSj#-N}%$MM{mCH9rXs zde3>417(0?G~dDd!L!!SMEB2jAVcK6BnwLmiy_%Z%*V{AM5G8b?K$(Yy)E-yzL4Ud z1lF0qx^L-VzRBlXNW!prLuIp&l#3<#R~=>h^jG+O^X6XiBn)AqM*Fh;?k$lX{1xl zD3AvfCxyRT+Mkj^4EgPQJ)sIf-gN$|o%DMD9yo+?VtH@6+xF(|6k`BSigB54xDpYd z{M#9G8%!vqLiRjHz`@CcK86Fs><%i}7kjf?&pOODX}lkDwINP*zC;U5YOr1KE^Z+{ zH=i=^|6{=-Ja&0J$xf1>$~r6|nM=&R?9hH^d$)Ns<|T&%9871u)5LM^#QMBveaSui z3Qz*O!u__9`n3lbAJqRo#_i2Cud=V-t3aK}Tjh@!$^W}0< z>`oudnEiRqX3hhg9Luyc)yB;DdWFZ$V1tj&+au9Gj?4&7A%6Sd&GYefq0?FyQh{az z)i0fka3{OBl{3~s>ofiO{hl|_(G>x{Sfl$XF#qE(DG|grqW@e65FXXpie_tkx1tcbj zeFRagacpJU-dyPM?RuAUs|)frS>xw5 z!apux)ZxkPP?~MMd5joYsKBl(Rk+DmF!iglR8pVP^&OZMQ7x1Db)7!k@Cg|qt3Y?4 zsyp~QOsC7ed%LXKX51--KaOe|0tz9JDx>o7Xz17H!(Ud-Wxr(Z?laJKZW9WeomIUD zGBX=zHrwpeS^J;Vo{fQ=JT!x zuBIoN2iunD=J@q8he2hUjW6Ml30j;g+f~MMOJ<{+Y|_bNiV~5em@0Y z&NsN_Tc1Uc<#u@mN9~?l+RX>{qEkO=S9iT|jpq>g@>HqZhb|VmDurH!m%l?jl!n|A zRT0B~tr@fqBksCOv^80gD%*@B-UJQgT>zMS^NFFi_4Z4qz>-eYOn#T*Fk8W45buop zz<`+7<)_K2)arv<T2kx>5edx3ht7Gh6uFJoEq*apcy+JBH zo#+eGSH}Jm4J?iqZpyjP#?q*imBPfAuB?mzEm=Dn2N=@TZn&j*?tb7MhMqyR@RhO; ztc81#EZhaI)Oh}JP|0hYN>kUtXaKHcC*n=)|VVAzdiL?GU&dz@&-aK%gc3bP=@kAXN#vXj@=IvJ@XVp_M8-Cw_gn@rcyJQO4rbJWEjS1d)F!wLSW~Sm??_H|c~KlfLoT z!M|ASX_P7*-^Y8S-xyqzfheuZ)YE_outKCNjjWd}dP6 zLZR}H+xqMEhE05itG>4;zgv*o2(!xD0!L*n_`M<8p}wL@Tlv`UB<2jE6oF96c~hoG z<4;;pO8bt6N@=e+eTr)FL>dG7SVV){71l`BOI^9u`L)yC52us{#!3s#+KxGF--}1d zv%6Z0Q*yfRP8p#hVxZOGST{*7;E`H#&~2aSSMcwM%S!Q+NW@eD`i6lQ-ri50A61Ru z)(}bHbdQYB9dSvV(ov;UW~T141N9VINKr{pLB=;C1k%FipnEbre3c^YEiFAARq`lF`2b=3F22^E1M89?TJA9M3_?>(B*XOgHLl2=wER1*DdWfRf=k|ef zZvC1pF={YFc4LX_JO+WCYT>^d&vvlJD<6p1#33dX0uN-eh z)y-_L8<0v3dpGKy3Z#FehUT5MaSUi5+4?*3E%Fk*Otn&P@EsHX3Vt63cLvB-DI~xS;)l)TFMf^x~ zK5G9cedv7ZC>6Q)KWnz>^cnlDLl2xw!p_;#f-WCd#qc0ne-Gt9+(x-p&ns;D_KWE0 z+bLrdh8iok)V(vVAYmHBk7vvQ;(R3JG@Qnx=4l3YWY=W>a{oIW?Wqrxl3UkRpV9Zd zzEIF@w6oCdcR}MkuW`k|gnPWe97b?(I2q#2M>f08-`ED9Sz29*Za(u|BD}~n8e#e# zoB?UJ0U;rs!8y2wejohRHTDh)bU?=$c-Z)p5^BM*5hiTaAHmymB!{u`>uc*NFz7a- z$~}8O?tXD@$WW-ex^bb~7grEzdoGVGi0;{K>|4wFjEtHl!^2UZ$WC2OWQ25BMSw9M zli4RfZU39WYQQ1{UH6Iv&Ef0b7zWg;#q5_izk--r<5yel+_Ym1Ul zC^&AXSq`V2Bow?Kt>5pI%?JHuj9y$!KGjqVv zt)x|w$NZuzjw?VJ4Uw0K(}zJ)k7qY9eL!$i*m$79#kR`x>+RIPC#uyHQBgm?q*BF? ztkUO{QR2RA$3Cet#e8yaUd3^3*_+6BfhX%;{f#daDOZ_cVG^yw-M%kAlA|61kZpzz z);q(Z)IY|vx{cDD#j$pdJEktPrKovNNLQeMf_OZ6-U+A<5%{S1WE*_!Q#9tk5o+d< z%bl0foKEqXUp(xgtH-nNe>1fiD(IpliR83J%`6^&1ZlXZNt3eXDK#?!$8Y(k3MK)> z3r)<(c3;T-_&Y(REH6(`76n`K^u;)pf1g88&e7yazFumHJWW1wv39SYpI$KXfICjwSQv%}R1&6FC{Z&ow}z6pKpdv0)f4YNf~M*pfs^_1*45I7!T@?>rElfnGG5!+R|D3Fm<0yGB<}qEfi{(M0My_c!Tjt9Ag- zn$PvtrXlC+fhxhLdG@VpKJm750XOH;5AKlM!E$`9rx2xhx9bM1bPX&stKE5*-n(pt z!BjNdnr7BVe-#m9?s7izK$tbZ6Hof~7Yq!&pM2`9@)jF6E{S(<->*R3m$nA^z*AxZ zRlTom-)II+T6zSRt?;5@m6k5iu`KvI+o94|7LGbPZx9fE&u(K<; z6q0uz+o5Qb;pG^Yf9q$oYGeM&{eEz!rzYv_ zM$-33`Hg2&-iQS`)iax=xrjg4XC0*8fGl4K5(+_qknCjf(0*F8I*f9Nci7FGY&~>c zxL>}n2fG`~0v&JF>P?ofj;baK7@P$yj_8$hS8m@={8w*dg~NDP7*V^v#zJ!yIZ(do#$EQl^Z!$*X!<_9D#H>A0DdOM&-oR>(p4o^90J9PxLZ3QH@TA z92bA6pM{=k{CR+3(J@=E!s-i^{8eJ092=gM?i{PtkC^$<_q=BCtLaFy^`(<$r7w#Z z?Xs^Tva8!dFL@VuSe}(#PEoHOsh7;m=KXJ-hSxtFc-|u0uB|Af)m5}33jDrj3dr%z zrEYxG(IB34nfmiKDsw%j=B^QAzESti=WVq9v@M&e9HVX#n=0bZ+jCacIW}E8<=KIX z4|RRa9;eUB(L$b{-midf#N7#Tt-7L>c8lq=Ai z8vpe2AqnZzbNu(~{+JNS-J3e0GMF4aT{8ICt%Cg!nYvHyetDQ2TbR83_(&$xovdXO9b2sA8(+A6Z7ICyQDcJk3pNQm%j~`mtKXA-CCBJ_M-j@sq7dHmt z3hTbEF6#^3V(vLlod?27J7w_Wl$Vr1OB)W~v&WU9dhoK*%+^`Ys1rudhYu8py4&4l zre{qqXhZ5t%keo}@0zqTuBQ(ysAIfpIukh?xbTJ;psx3-bJi~Dni8|4&W%G{d#mMs zo)^&mp9jK!{+2zvL{VdN^XEb;gKms&$sGEMGNsw^2~ZSPLEg z_4BhzldDVVT4`7$|6gHrS~E=&ShQZ5x}H;-5?A1_6l~rfAl0r^I0nbKdAv@uMFWn5 zp@k;1BZo;jWta?f9dB{hhnxgaYwJiZyA7o=BmZc9UelDC-4@;Z!01oR=I0>osq4h_ z$x8zPX9YK!!};|Ea}Hxz6PB3%XBq{F@)9CpKtf3B1E1r|`M24tqBQ8k8zgyZHnxc? z-o3YtMrW6k3-EuFaVdZVpLL3?clBe&@QWc?f8Tdp>wx$6ulMR0gamEL&4 zP*r=2{jTias~vjRqd74OM&{Mt@ISHUT!5)r;%+$|a|zw>@%U0;j-%BSI7^j!Tmern zpjpin{`6lh!GDwwVCe&k>_64dwQTA=0zM-0r1^?YFd|s-lZzG+2`TlHtoI^#`+Kru zo6vK&^#zlF0D@Ge4@M_QSxYOeD=|~=fN=1v{jY8jYZ~tbn^B0*5qvs&5DYYK$=4Vv z6v3y5(&8y*qd)^J#$GIBrtqlWnkmYXtL~SyA9pPMMUS-g>7K%%ec#eN^>PbvFWG~PhW;AWyuRV z(p})3LDqxU;?rZ9t5LhGLm8I4r;MRx6-eQQ!PoY*gOE;al+n<4+mbV&*O^1Vfl8#<7R895*wp6R9I( zvY6_$Bp|7&K}u6g|COZtcNDyE!eN%gi63n14VEQL2K=j2N6{7prV!Hgy?;X#a-V5#=s#IGL)eIY-_o0; zUZ?ACz;nJS{dt0}XI&^ksU_B^H(0H7pXsP-0)agQNf$c^C_Oi1f&@h%^r`7Mu)Xql z?`S_Hv^8*{yN6^(*Fqy&B~0<+Oa%z=dGZz1f+LT7_bf@iv_*-(NT z`e5g`Ry-0g>CHgpSYw|B-i)0J8xTuUP$zZrXYkKtfyHU2Nc~bwV?zbH>-eQ75lo?Q z*DllgK+mV9=JnxB{g8$Ep%BQ7ZA*Et%29?QR;ucpsBwfPbbSWWJvdoJP1UZfSS7t&psxj=i0C*wgTXhMcu#MR{uHAnZdkXxtu#pdzEwd z6#uh4sH;XMt&TcaKNT=3=&Z8i`;sv-&hz~$!IHyrD-}%PL4K=Eqd5s{GVBka?6lj0 zrl)g0YP>n}2J)md^D0}NJ-5*BQsNr;#NP4OXaB4+(2gUKPrkAYL>=k?S`37geavBhv zHwIp+I`_Zq1j<<|B3M_6Dx|02NMfi_}&YnYT!5A<~cIpV&S{oO1OdWpcp#L91RyX7ab7L-*YiH=eW0e{7k|FHVwIK6 z1u)}G-B8OPfa%?VEiN2UnSv6lBUypF^?8haD&fM!FmPQP_=oA~ra9hXs_ZiWCD#TS zqaiY;h8haah@$bn$o&2^Rt>xrct#^C3u?6AT!9dL`g9ngH<(2M#U{GZa#biN{G`Dr0>n-Eag-I()`3iQJ6n?o1M8#NSjDG(zAXWODLf2?(eV z*HAJWgI!x8-hKY#%}Lp=;&Kb5=JfX4m`reg?H~x7lNmNSMQ*qMwLkyA%dxGLe^94p zBjR8;VR<%Ml{iu%=>E@FK+1Sw8n7xuUc$Tu`=C^8J(N2heU;3R1twu6Avd*HSU##5 zJE0`N>veK^CQ;z(IU2dgIE89tRsE2Li~eN3t~E^ZXBq{a3o-Pk4KW?XG5Id~R{mv$2Vxr`_NH6L!i| z$j1{AuacCIL~*i{pHMpV^zpt%Q7}&b9=anN8p{zB(0(u+cGdZn@U|<+e1qC1*S^ zC4ng(Kud&=i!D2jN}T%p{atSkVxUQZ=p?MeU=x+Y?wIUgSMzgpUku)&GEwq~Wi2RD zS`9SNw|%-%`CjNq2#04rIOxGvTf;7STfEo6F9-Xp&{)$%P;C(IYiSehkDra|xcDL_ zMJ;FZv)hi}T=f7H%zdvamVV$jhQ{A^u)ni!_WH7(tatafoNejZ3?3I zy0$|iZ?s(%O>0bG7gj3CeCud|GH$&Z5Ca)cL+B;K9wFD#^&ntxt5pj+I0!juXXB;HGhp^-VAaHbneYj*OlKg|zj zYeqysNj=W+xdFVm0x)+QO4VvYhbb)v3ZgX$ zxe|ON|_Phli7J|ZT5nGB|%vjkjp;G@6mW)k$682c57}C*7Ymx_`Fe% zUgJ9rqIa6#@wzAB*eVSqAa)Rc6x*)CQJ#e92QJfj-|apGdz(Q-LN`t*k>8Fy&!uQ0 zi2)+GgB3Y_|E6=??pp%_;|53SG`Q>Z$anqt)D7fi`6}3{Vo(~UhRn>b6XXXv@X6uO za#h~kXC9+L`|(ym7?d0iL(InXC}9ZL)6+W409bP49SMn1x;@v)A<~1U#$r&fXZa7P zm{gXd`}D$LRyAW3+uU4l1+_S$q>ivpr~HaE_>hq2PLD*4C|KF@2-D92Ih=&JwT*I+ z8-FkK4ps=qfGDd*DB(+=Vj{o6Z0YWc#apMQK7YaD%_c7MO1KCTqof9F*u3{saW(P< zuU7>Iqt+3yx)mN{5fd^t?y;kz;!0NQbg4bx{&08R6+tvzkF%yYHvi-CSRwYQY6Lz~ zvw>WS`s`faU?Yt&XEdGy1mB<#;(tKPa6-=xu&P+vZalfkc(oAmd&yjWoNZ^Uo>4)( zhvs0G1k``+*2N_JoO`-3H-QvP)_?I9mgnozOv~s z{yd1}sojwXG&!0v7_^toN`n>o|-TIJzj^PC`ywlW@N zVArkXD0)=P4;9zDDun%?_nVG=avpXDC{C<+1z!`0`267EpkC?nXLIPYdF&H57Eohu zp*W7RS%30U9FH`Dh`+H!iG`xNLGsf6@C7re#y#s6Q{gx_7w5VYyQbVe<(&Qh4l4iW ze3lv^Wp!<~bmi^TJ~$D@;{s_A7Ct0Wdw8U*$##=Lo7oOP*F=qC$$(6|7}r^MhSt6) z1-kvMTAV_^+|_Ceis0LwU~kC%d%i`H+l`h&()%oPAtP^6jY=6wBRv&pNX4ARlP%BKOYl>9$~Fmsdhr}SsLj)7f48yTDPs&G&yuaI z0luRjct4HOE?9LR$N<^dzI9DV;>M?yDP~vkDimkhSVSt_eD8})Lc5H3+8Jk)3_YR5 z)44NpHx6u?em;Oo&9ci7B^-x+yT=Ajn1q&k?)CxM1=n46XYwk4+i$ihE-oogkbbzu zgNeZ}E479IteMcD_7EykCYq-DPt0Gb)pz}+<4ENbpKklo|Jr|*1yj*`#+{wmka(_P zYgAa}s9<+L(?6QI#Wn-l7;-iPqEP@w@xkxt@rurbnB?I_&czgKysA=h2c^36wbZ)P zQ$F03TQA0_-F`duiw*XhBj0y&FxakP=^cS~3H4%yOH%f zKLG?G{lco25q^Eds?BQ4B&?Rk`zBwatQ|*i(G6Q_I5d#FwyNXj(g69Zl3kIC)g7mH${kz zN~^Bx`&6L8tlJ*Y-1Gb!%ZAB*mmsFGOLND|mS0DzwnV)>pvn4zf(=+RsKH>Oh7>g4 z58>rt_<^*cf{4{bYH^n9+Lp2+MOVtpsBg^?z$?Xu6F`CE&UIVxl+7=;*paC6|$rkc`+K2WKtpt@>zMM%_ zQfy{IF2;xMydbt|SCx*UjM8Wg+Ou0?ov zImOXQ1x8!|*#t~B!{f)AFB)%W)veuY?t1R}j`kw=y{3UIBXg1p95g08G%RviC`vf* z6A|s0M^rLzKWilMk^H;t`3Pzw`<_xGgt{cIBnpCTMZ1ADICE|3x$)sWo7>IV{necu z)+;_B%jK%`DDO7M^=j7p@>UqmkiNIceTh((nRb8CY+7r7~1fg z%<1JxxSB;fmDpb_yyKA7pFZe}+LQ_mQ|OQgI^Gv{G+Sbizwb;b<_2Ui;Zf-%D#C7u z2`A+A?W6YrWgGC`rX3`2iCwpFvdP)WFho zqu_>qL-6y>Dh3i|*q3cVK3Zx~ssU@~GAOf$oQPhRfSfNeo{_2#DOG=TF!vh%lzmll zewF#Y)qoC7Sb{8qMk$A^bNvKwZnFf_Bn%Z@^5oi$-^ZBnM>ZPhW-4ufh@W&v243jG zKEf18LG2Cf0*02&$>yzS5_3JJGiRdRYXK0&GvbHwM1J7hDEu&UtR`326D?b8wkw!J zbhfjtV<$HwVhl*R7+~;0&OUoUB{OF+dcSe(pHt5afEQPl2`0FLLHfi3%h!ewmMW=X zA|#-11(s=&yD0oQ<}tLb)~-uYHA9@{KBN8?^V^_;GSx?cYx?kBMl+G{U7H9ELv13` z<8c&fG5c+NUSJ37So84ef?&%smNM;=tcJYWpH@>)D_H^UWH?IpLH_$ydueqq&d4Wi z6r#>63hHB8Nl^?HXl#i89v(|53nUh$=R+M7Jl>$}E&0w}>GSgFK4(mSt?mlW3Qj5L z>LN+jo>C6C$d9FnOcttB(+W5!u-k0YJ!I7(=d?^Apr~YXr< zI%0w;Z(7|~s9IG;s9@j~5Wezg@>d>5%f*G`Cj*u-k^Y=> za%2Rjnz!@Fb0sx$*WMjl$hf0~?C26Z>@w6NFguSSC;yN4H=2}-o2mM+s1pn?n%HCoFBRuZudIyZI|BOL zN``2Aa{Q6oq`i@E98~a{+zMiM-ZpX^6ZLLi!tO(_%}Lo*B}adr1!uaeV)#XIh*7QE zW1FdLFE88Q@HS@Uu5Q|<*dQPrZ#wDZtw-X<;nIXh@_kwHDti)stJD$h(n)HhAWyYY zsI;aZ8;+JZ%=)}aw2DTK=Ui@OjxUL$WEp4DVWIw|6@QazM;xBr{+r!*H5M1<%$Q%e zdBDGg1e0t6{H!9$VS)in#Qn_AyqoGa0lM^KZiF#+?RdYL`4Ug5sS}GD7w4jaC<@@| zApdh1D93@IPMTGpgMHE<{b+KL%9b^yJ4hYdaQV`LoL}=NMMHaD+S&_|uK`hq_h-0? zoMk5;D6>)6R!JktX11SPrATB(0AryR*yOdwlYbXD0q#>HEz62_=Nc$(x(5)q~ho zL-FjwJoY!si`EUadqu_8ktes6k#%+2To zbYw|dM()hhnHcZxEktAU2BFpIlB5E!uJGjETHo|aE*HFGBCxpeVCD;Ktj#gOqmjg@ z@uDh;bAH8blRFWBXAfk1$1Ot~;zg(BDGRTIRE{<-hB69&6m?Bw3(n3DZo z5T)WDu}K0=^Gl;%|4+gzLT5ky|0J%+BWeH7L;;>Qf{{XkFlCPrEC~o**PU6`XAros zgw&NvMjBjl9$WJ-r)6MZ_GhXb(oU%Wt@FHe-zqSp(5Y!zKqI~ibVx&Pr@x}rb-fkJ zlyV)kv>9PA8f;f1z|t%M__;`ha47h}6UmNGsU-Vjhm(EV*F%HmnOM5}2;U>^NmKY0 z71M6UB3=#aCG*U!EC^u`wsaM~%N>1X%*yTXII==RNy+RHULyaPGVoOUWa&dsEKth`af z#@X!}^P^~|n`KEB&%z6%NZn28v_yue)-73O#M(Oh>J}>&WbzVwj0G~+EQ|9v81fTs z!V7rNEr+pi)C?;IJT6*?>Nz-@OIqx}H+5Y?TbqYBs1-NDSn&0+`ORU~_wf%`=wjm7R|{9;LWeOs&K6`BMqGCI*svb)j^ySZtgcn0>+ zpdgeA?NfuoQ`O+>(K9);GQEmO8J_e6g`|uR2IsyR)RL24qK2Lx3S^ExZOh%o1fBYv6|Y1IZ_Cvq4# zT~L73!8=rFKc0+z6eW50M@kI3KgSI8Qc~NeuVvu;UAHRNBr2f7PR7Ok!OL7@M*^!2 z?!~1zsaSe(0)ZJmTOq!sAFaBbc&+zKlS}kLoi9m3OA2;alsoW+&E1M__gdn2_>`1ClDY{&67u?RXHc zq+vfRxYV!qjG1O*e7{iH|IP0bACd~8IUn9uu<@#LDQZ{|xitdut-YVwjLp-WU2z#O zLm|{tbVm&A*2#0~xb>RK&t7)&brzAVl4QO8RUJf2Td#!P<-URtL^lw30IeMHFo?i! zZbolC<}Z82M=EA6Mx?E+)IiO$`{PN(tw+U4L2BEtwA6>yZ?hS<8`oU9k?81hgaXL6 zV)`9jdW7?~qVtK_F3c27ul~E+rL|3Xr3%Rk2citAJSjy~bWbD`yRT|@7?(`P`Sl8P zKAj0RO2X`}s5DycLSL~kcTix8jVl5noR^isp`X?U6#d|{9WHLNzG|aA>+^R?X+8R` zMu(RoANY1Z^|SR1+Gx2|tCvMl9YU)_d@xEEVp~-nk?ge0S&`6j;_j4^IK;Q8(t+cS zx~KBVtN2oyGD~370T#j~V5%tzIi*h*3rbk@nfkM(bPbf*PK-h5iqx6=F=Q1tl+33%Zzg99p};2guxih(7p~gfYH<43DTRqV2CXuRGuT4e20mEzS06}6 z1M~*ZSkXe*t?GJ6{LMX{2FJ-Ekra;&R83C@Br6H&ipG|!8Iw~}tM8MT-EGF>#U3}l zu5nQWEuX|eJ2b52dwf_rJ_e*awLX%kiP%>8d{1``^nw+SItS-EMVuX2ZO$pEnd3zn z?3TIh;(rQXHvAgf(2WmAL|m%y-@IFOL{SnHh6Im@$Ad5f&KE*NZh{9dSy-X#CuLOb z-(Mrwx7H}0GuoQg99d+RUvq{)nKKq$VS3LG8FX!+Cq`~Bn;RH4mKwJN#;t$R_(sxu zk`-Bgh}ugdF{aLk+a9;$luo9mWiJx+$_!fDX@j?qhASC8K+EAZbT>4TV3-hyRRQ>?@W7?wMK>Jw{^3&opBmUZZOCA|Kzp)K+no{hUZDg* z-C`n9fQN%&0OJ@k5cCxPKs3^rQvKaIMYeSDDL^sgSe& z=O0F*2zgJ-OYUv}&d)(@#23 z?%B@hjh#_1uMIZ1HhC+xG{I4xDgDuh4e-J}8`0YL8^|1JQK^wit<=dQPfatkER+rA6j2ePTn39!`K#sQ`4=7DxQu zC^blUDudS7AE51c%Y^WSR9 z#%^ET@kO}60{3TkSJ+kc!|n>9B>Tp-?YbpazH(!pe3&J@ha6wh0VLZM*2+e9~ zr;VCO$Th+xT#%`JksY(DygX$)*`}=WcO?F7scvx7OJ`UM`#2Wk8u5NSRlEp1-sxY8 zNNo{@=_J;=Fb}(r_9-8PcvIPb_{6&*S<(+SyW$o#6d+&D3-5$W*M)7N{}BI#*4@s6 zvw4t6UxEsSMXI0N_aSV+X)T@Lf*rF!aYmD)CuhVS}Wj+&PSWI`aBbm1Fx zM2m5{zZ5+MeiTvg%-?vIdEJaIdvNEV1Qt2h*ty4XOSf~nRA6zs(|C3} zr5Y)xjYlwQaAhR*@kz&5h$+8`%~-mnE*F4xu4O}c$4X19fK<3fk5oNKfG`9#s0iXa zJmMQ&GQyi@tAc{`wW=KQBwG17;tWJEa7`F9aSF91BE3GI5A%m#2(RH=l(Ug4OMMIP z*Ao%Txw=bu3N&B`ekWQvK)YY=-p{RX*scs*h(c~()zspeSoST>A+g8Y=+NfiA4`*i z{x=^s7bW03wmS7L%Uud?JCK2$8Wvr>#`WZr&P-$FP`KHLvxnlt(VF?w(#8JcEBo%?jO(uG8~L){3$CV`tzTjX3NNg_t#DW6 zo~fjvsTM~5rFQYgZ8iO1#~wjrV}M6dYk$zQ$Ir-7HY>6rZ6oE8s6A`p;YZi2DaZ1V zn|2BSwiJTzTWJ>;Qg5<3OHQ)#Zp6|^;iaYKs#cXEnm05ky(6BM;g>S~37!M1{C`Tq za92NprS^%xEE+A+xA4iR3tiHGin+)Tl-_XLqv47C_r)j1dRctB^Jt(;wt#z5sH6MX@%( zC!rosh7sniwLv5QW)9TAlu;h*H>qtG;l z&wbGF|K2z* zCj6%*uoLSh+vx4($A5rve}m?33aN6*6$qLK#=^wwD&A4C^3MrRf!aSPZZ2W+El(7@ z*_<&tN*-oqOG@`kAjl3f%#IkqP9kcAd2L4RsLk9WtHjZSMD8eSXIF#u zlRnj$(B}-2z^^AdikM#B?FjQ0f z3f7x_ivN^`<$n#UU0~gDkZfg%7}c=hF^mV&ZK?OO2&_GI>b*R z@`9TV-+Jt6a{v3v|1A&+nEA^9>Ss3At~iZZIm}CE!4UbJiLTsH-T#hb{9pJ}6*m~| z6S`Y^(xk)Rp{;)fy8iD~ZR88)Q9Da-Nb{dWS4XtKc|pW1>Wsc={^yZ;$>9|NeI_{{ zWB(a`{Z}wH>ZOyod^F5yLXq*m;I{uR6PEvry7Bx2^LaG?=Xt#hPf7Q(6Ef1Z$}kuG z6L9yhBZ(hSVYy2~da(T|?fw^$)DfjELgd}}vnHpvr=I>*+<(1_GDrODNkOu+u9?gA z>)Tg4%G!((t;!X}|51h?1EJzEHN2{2W%gK|VzTAurx)SbI{#*2e^*#=sw|~VYDTk< zo-#sFlGcBm{%U=k_z0Fl&Sl)sE9U>K$o;<*xi3<9`JYFklzlNOMp;40ioE|giI=!H zS6Z|3I(|m&KTA$1Ar2}e+(r2s@oziVe+AODaerCbvXr6N|6*x~e_2`~%{Suz#nJ@- zvNS(TyT`vP?w|1fzpYsm_FtBk5ckvmzyAK;2E_V*3i^Kv`gha$|E~p6ipuWg{rW%h zt>Q+C4|2FAk>w>c?d$#z?~~{*N-6a&bUD;8=zsY2Z!Zoj7Cc1;H4F%;Ry$%-SKGIH zxxd;*lY3o#j#0*_{wx~6-E3d>-(H*_x8kdoG>|d5tp@b}Gqk8GqGVn!BEl=w)gWWz zO#Vz&SHTU@F{a%X{9v{B@Lgu&4;`;i^TVr}eO%Ad-Ailkv=-Lp+5aI{lmQ|ue?l+) zsD!P0ro{e0&Z7vc3or=%^`YFn#!sP4s@p;a6#XFQ=g+-D@Hoe+IDhDi)-`r6 z0)VIYQmHNjN+J7*+nf`~eXF*rR<8p@Q6pIDe%Palx!V`))`!3ixT9E7eZaAjff*YJ zo2S3@1sNuJKdRZ`p7U)pVnpN!7dQtzSh8E`#~%Q|3`EhJdOcRkSSl6cX=O((~a4A!#^^Z`6opi zCD);3m=^Vv_1=Thx@~d^&7z;^#}y*z%RFD|E{mvsZ}(^ZKB}Xz-g<_$8!5@W&oMdb zEKSR9CDYT>gYH2$Sr-=`!2FyxK?(A&Cca55%^!o?&i01uUXl*EGqpm`l_<%<+k-~@ zvH`C;eajEsS^+-9!dUmToi*}KHxFcx>|{m|2;_FNYH~YABbKn)JE%``8}t2gD(bUP z*ZYG0cSGrQIJrR!cQvp1*2|B@ab z^J`PMI0HMS3@)10)rcl+M2&~UyW_haaXJYtEvp0|S3Zjo{vl(VPuGXHJ)Pkg zkxWeEcygoFe?Mdb-eEVdN^2^b%0HNZ1M)WCxYE)q`7UV8=>e7JIlr0)OANFmC<0LE zl(U&~Ixk-_vSw2wJU&wT;EV_fHGgeaG4WkvoU6P2Ftwt}03375x8=YrK%*N@IqFb) z;W4KVf?I>G)}?$ByoXt`Vv;uc=y7jXtA%bEE2lI{HtrmxC7!JVyVTj0L4^jTAz z!e_3EpY%m5tZKoPp5%3CIXOfLe~5@Ta@(~}(`!^-4!HEL^S|zZG89$xG3w?^g7Vh1&y1 zmhmy~{Og3cda&3pe~&=9p-;2)f-5I}(iGlx4ZRa^rbxp!;>h3H(A0dM;mGD!`gAeIe5`TCBkD2%*L73+Il#I{}l? zPnMCb*LKpjV*;ykgS2^=0?y_Qb%SmJ%~Z z`NqquaJZ>3x$rCUr172BeKVqQ#i}TGmH<4IP9=HL?i^t4k<5MY+dK-8G7O5Jgc}sN ze-b=v@Y}YXq7h|8DGc!xo_AAEH!PM&NMuYp)R`3eX_lO;bXl zv4Ei007fEJMwr3m!UFO!=^YW36`LpnYdmhx{y6gN#T(+2xh;cVo|gICn!r|$cJYTI?y z?=XZ4n^b(8d@m2N2Q&?i$)MN*i5ni8sB7q~{=KuEP z-X{~y_nwPTGV~N=+13F(HB)YX9`irDoACySiOOJLaAQmq&t3lUZHsEBTCU{Umtxrv zc`P;&CKw+-3nle851?r_ytEXRYcu+;CAI!0FK$P!nBNCnD_XWzJL>-1aUGcbB~XbL z3Du6^h<@U*j-vt0WnH&Y=R$hIeo3J#dS266aG$cl{QYU-vFpLBZolW)q2dFObMNKr z+;DTRj{*WlpKI9<=bZ?7ZWH$8ix&^`2nCYAwcA1=% zl|x{zsbwY&129{RP@pp_@{#b*S|H-J>J7`Anxi*{e;Uux*)k66reJqXO({YCmAzLH zck8irL%Q6)l7|Do{9TN5mwO{%1SioHmM?4^W$ndZ330UvEkxjU-+oid8DLyGqEi?` zU9r-L<9a(wyg>hsDmyLSy6SnY({e=NQsy5~o9Gk@dKRq-97FMzYL}VkGYnUtU)6FM)zH>pt3wLZ3TjECj}zHH=BbH|en%yhB3HUwgoApLmKXr&ZO7}@)vTfUVf#0RD$%--N!KME6Z=Ypph>G6n}jok#D3Q>A@#XnL! zJVOrKzS%*yIs)IkzlgAXs}D8aP3g{et@9ey;j}gc%{`3?RS)-jFSB>3*?yPAgJBn2 z53?qv)hk)$jx$>hsPQf=`bx5@1z5WiC`u~Q zP20-Yl)IhQF$4IVD+P+HigjN)KWZolt3B!4F4o|Ziq}yhJvKh%D*@Pql;SR$6ql-` z+)BT`!F`M6rf&T{ON(x*KPFVN(sWs*O)I^kTw+~NMQl8cOJ!Rn?ftH~MM%k&i< zR^wc(l17U*pfMkfWQ6w4q5 zAx?0v0a!x%u{0i$0XF%0;y1)1ErV;Kdu?aN#g{!CS=NC7{MFq<@jg#>PP1cJJ19Uk zZ=}VeO1b)UXrk9DZRZf`t$AlP&zlfx5St1Y`cXDZex3uV=KJ(!Ep!vITU1 z>&1#A--PjtU~;x&5A+Hxt+{fTh6qr8EBA{Tz}>I$e)QK&I*MGGDk^rW9FIUS>U+yp z!yUiHWzM9UNjyKlrGER$fW1PQZhQ0XmGkXWC}k4$8^!d5d#vJCk7Y@&v4h&5h8pk3 z$pVZd4<9FUaFDg!+yz_C()Ty>$AG9~S&qCO*B3*ZZN@FOw-)E^RLn}*zfanlCEOr* zUy^!1QQ}+mT%^@w(`nOX1!mQC+Jgg5hFH(Vg8>8ITxs2Y&Fk2hhBj%MJa5^!e%~T4>NLUCWCyxw)% zfe5I(Y$X>d+8kTWc^&ZNd8>c=MDV6QO1pJYtKD)?kqxiF@(tJ4q>`xZ&?bk-&X)pz zX6xAs{1aja-lGExjI$HdJWq*{uG5rv|>-%x={nv8vsiJL(%=))q z9)njYUK`or9|&!ELA{+5FD??qmtZtvoleb5w;lZHyUw<9Hcbl}7rLy!&~lQB8j$jE zl=8_XK+P1aOem(q+PZCnok_#P)A#LmwW6WUZb1lwLd+GXjXwqr@4TF4>on~DK@xj; zAiR@eR|Hkbm~%dWjduCSt*#BuaFxd(3 zq`8-~s7xQ{o2(vgP$9|5EK5s+Lbkyig8&%*nNc~W)=#^R-VNlP=`?rjc~6ot5wq^6 z*C*Nmi-o%o^p$c2D4o1mq7aqxn~L%{1$Xy$fQ6<=wZ}`hDYXtNgEXQa)6@?RF~#HA zY+`p^VqeCGVPBF6Bjlz|{Es?%%oH*y`Mbe0(gGf41axw|yt+@YzNyVy LN%`n@lAx%*f*_iGHIA1+ zjX6o+{9W3W&)r?`)J6iPmqQX>X{;u@fN`x=TEJ8CLQ(yKZU0-P95Cwr!!25j++@dx zj7_~xU&Qy(vC@6;P?8h$8$YW#hIl6TVtG})CgCvDzUBTm`lG$DZ;31hLi?I6jc^qd zYcQaUN)fkGL!l5(p$9PSVR+<=iU4R%V7tAd#Hea?oMVe@@dFj6PABE=m_vb6-u&^| zqK4a6^OxQ%KFWpjVnu_hVbYX{{g5#6u5Vjs1%a2E6n{{0gG*+;wZFwn-;LE(6nV@D z7ibf?w9+EadU~tH85{6Rh%VMk0lzsGT-=)%gT25MP`2xlYmj(g>-D^0g~hW$?_IT~w66ZN}8V zrssU8nC4%?nvmHRWxrwQ@N7QoRpwuzFn@-Cvs#48gGm1j(_e}O{C*eWO4^fSgC>9MLoyd81G6nSnVEiX$>Pc$h&NlV~Ut;(*` z-+m#M3+G)JNJXHPJDXqF3V*z}*87xXg%`*9*zB>#@2W;zQ+IN?O;R|tp8_!+J}=AV zqa5ecw5KZ}rlv{O-Zv{XfULKnd22 zc-t{^FcSNYTi`C~RD_C(oOoS$;m-utpf_sG+>10S-3_pZji1@B%`>StSz&}#nu{4V z=xr^Snali~NSUkQ((3F#Y6SMpyHM+5o98rrg89&W0gQdLXwM&`zwtIH?G^LS-3-y; zMrT6OslGU8(73a*C7aL>f@e#~cY8#5H0bcbDW8r^Y0LU%!bw&#sDT%DVu>!8mCYZ# zDp%Op#6tYZoidNi;0>2)ii)PJCw1m1Ic1epFW+dfLEuo;vp8a}DicL04hT%^k%#E9 z6wGMV{v6YTo}I#gDI;vjJVAb-m>f=3&5*QW(Mr9!a-6ilQx4xN0yf3bU_V!h(X_pnOZgCiV2+>Bl9II@kz!&Nr_|~X}`T>t9i9wDX}4ZdGKMJc1*>+igk?nqhsvHKHl=|-93+b+u@ zJjxv_@tNv4T}&C<1kpM*qOI$=^aKs(-=bPl42bR?9wuY1EYO6vghyDV`yxk~toF23 zN>SyPG`V53FiYe1 z-@;4VOQRGhs6#hzvfX%fx^e6gurq?9P{AFj^Iso_g4MX-2@>Vk0oP4NISI}xf$ANe z8#xLpxjMrC%Jv9KyrWl7oCdLqQDF zNa|v~SYt_P(Ixw3Ws?yldnVvZD=2Q1RVuxnuI``~_!-AO)pA>5zmFgVrefNxR@Hn) zY*)?}dA8~Lfbu0}yWg*6-%GefI{huq`b$b5(f~QM`Z32pmXj8v;;pX)1_vIR*txPO zvV0mF@YJc)A(?P}JBZ>g?_d$*7Jl+#m-eioI`CIO;~@4vp_9Bs;L?%C8D`KmrKFzZ zwz0PMlE?lBw-c8Z?q5k#w>=7jyK1Gsmv8uUHn**YHq=C!Bd?AVDyrKhY(`S4oZByp zg|BwhB%T)EB1xu=Wbv7r_?>!3$ScCbrV%99BA;)o-8N5vp%WvJxfg<0?^G`yzCaD~ zz@6u}qFvJQ`3F6K=O=&XaCo{8PdmZLRtLRAlxA3G95K=sMp>yI16_oH9$t;#8XJcA zI!`?-W0Dci{=A|p^LUJH8eBs_2@V@_DBLjU2Wc|3rI`SCk$k;-?)w7*4;yBO(kqPiKF0ew~8<4kC{#MgUQ(HzlallCVcPwF<~Z77k6(nqMOp&BRyXH zEFaTkxnovbk@GXIF9cH=^%o=I+*<8hd_(&qeFZfYu7P-I3llns{KEk{g)MJ70VKGD zyk2`jIfG*=UjAZ4L0Ug0*JQ~&pKAON+D5Ci1?p$QlEM$|gGyV}DI|1}-TY{5)7SeL zRS37|U0Bk0U?WntJfu39IIo_~ z1Y+V;a$S_z^|5d>#4QAPWgXCqaqI^jrUW&s?DYv(?uvfmzKGPnJ-XyrY-3K5D z`wZyTdoOz!ib>u?yfe>iqF zP@{jWwqH1jNf`WjQSmcVq_mXUc+uJKYv3o8k)3XZ!g#{keT!M=C!Tt%N2rnb(``}F z{F_rtlbLoGG3|JMRrikBojY2mBvB{GsyO0aGzbDQlM?I{We zC)%MPEup>O`A(-0sQph{Au7C7kZWLXY;@05pY5lnp#;wrgfx$@c(hxCtwJja+i|S7 z%e1D+2cQjW`!#@owh`6yRb-BWOdxG`Aq21nPUTX2HM0Ja;|!bJ(uX-ZB%s0!;Tn+I zp>dQ}8z*_~H_Diloo%OkQ*~>H1Y0{Agg%mFeKmyK9#!>hLD5GbRC>Bl0 z^Ea$SL!Udgbutu%zOD~v^A&7E&8SfH1nrKX*0xq4*}RaFF3rK0yw4KCv74AfFKrly zyUwcReQ(W$zkUNokuP?l;ci;BTsF3D<$qyKmWv-(&D^-Wpd7JO%iuq;YHL5VA>vz3 zXIb!#=v+wn{CvK$l7cCw4|ZwBnm2~ynITi3NnDp}Lwm&fT++fbK?HmNb#QG~<#iao zE+3MBqlH0=QpC59RUKxZdz?eeF}*7c7~ZhsNYUU`9?XKSWO+H-r5Yh7(jnE zYP0#2@fPr>8?yH^WHxTuC>l9N7K&F&ZE0b=K9gEPSz}=vh`|iQs%p9x8Q5g*d}3qt zh$Yv4pRi*Vm5~*I5!N&@z`!(Tg|dH@ak;9tNu1mWdb*o+yFK9?wkYU1Fc zx17$@zV>}s(tDeBzO?TQ#lw;XIQ@Qlb`Is?I1VN<}sMU%L*ykADvq&p%eGs|g| zGIPeu9;0wnk0;k`t(hR1Ls9O#E{r-ovJJ+f}fB-0(EkSHiy)9MtxK6MK6a z6G@fo$*V!T(TEw0ajzv$z527t&3CKTyH^iWk@=T%_u{;uV2t1ECbjsZnUw;qh7yXP zg8s2_sNL{+U)ntL!b>PSM0?xQXbk*gA*HEa#Ptbw!LDHuYtZU2vjqwYGO_uwth1AtN~9>o7h*xL;-{_7kl@-XXKnu zh9Em9qZtM&%y^GvE#x@H@`^lS0@lCNUg9P1=owphVVhCI7tzWw`a#2DPYMV0c)h4K zPDD}MH~Rsgx8w<;GO{rhp1Q!s7Xj)mn4NmfIh=Itsy2p5Uv_zrCh1JA@ z58`QO$GLj32fCrpr}+VE`?G|`Al%2))a@0%(YABzCAJk_D{8Tov(*OK)4p-NMV~U^ zCyH@6&9Hk~4B8*So6CV1rf6&EXC)+8n-ZVWFDtjV@8&KRK5)9i2n`x+c=}6*vC^C$ z?4fq_=XXY-$zbiD_)lauDY?i0KrwPrjLqsDhxXe~9)F)a$uc^rBYZQUc4X8C4&g^BFwinpoUB2!2_Xd7*$Y)HU%ULP4qAuL zp?5fRR7sV;8dTw1q74s6I%$;e$6T=zMvc7@bb+1kNN=f=cHfhpx}=G7047sQ5&6@~ zcYbtWCZO4Dr3yRDUo=)W2YlU>sO`t&3rU9^@b{si<|AHYkXXrj)ZN8ilD8Z+J|SLB zP!e(&^x)d@MWsX23gl9rUn)%^)<-r2y{y|&y0uH$Z+n7`U3)gHsN34!aOfIIaB_s- ziL)2KF2c=AKN?bGU|@X*K?LNaIv}Beu*wy2+@OUO@X?~H;+?eHmNz7z;wG@?pip(Y zc@#}LlO7EK&@PGqUBufBO}K~MEoHLo(IQY;#Tl2PNbLLuD5G|hDrElltlzf{AI8YC zyXI{mp~cYQ0gNac>oy0ZOVdl*x_;ZH)Hbk=$jsXV*?*l$#@LAMtrTVp3@qhVM0m9o zj)^O^W1lOo;Bq~T{o)GmGCWMA;80ifGVmJ*lBiUthLwrCgj$WV^^4eU0$wtNuslct;&|@ z8s7`Yfi^(W+1QUVw*Oiz4i}uq^#=_O_7$p2XbLC?pP3s54jR4h4BQ?FEu0KIpDM(E zf`4xKgE{&8^VYA}v#`B4Py9lU(qI~!oIK*}1?2eVL)h~*~dFWfxei0iE& zXd+7@?21`zD-Sa(U16;#VwrMjxD%}?)Ra<<(qqCGcD7cnkFe!qbZ0maJdO<=o&5#P znN-X4!V-qt>qAsAvL@KO*07!H?c#R~7I$lFmPxbo@XBUY3OsM28>CUZ#2>kC`OD1V z?ZO%BZhupRnUM#4!L`E4X~r~j6JqLAe_CI7X2Q*T$3P0TJDZ?^MdFvXQ5G)RK>Dxh ztEA{J=+5oh)IpOmpaP05w~%e|-zM&sJwItwcHsA&EQLL;=K?JQ<(Qm5z9epm8rTZf zpME5BUo%1Y5laKk=I@IW%=F1jn+B^YCv0ZAM(|U%)U2r|QE`*PURB0yCmQVDat6U5 z5;9Taj@YFm!&tOTfvKgrcJC@oL-a?7RRPHM;KRfMh4&F2r(MhgNaLCFPk!fQZa9S- zu8sKe6DhvpugxsP6m7zj1cV_&X$cUOwr@rLvB~?uMDYhC$ABo&`n>=_&<< zSGzkkcsc`_S}}6t2h&z%VN9SWB?rvF&}GMYS`e`5B3L>4JlLbh8V85+p@PI)K{)Xc-9z5HDIkv{K9{E$Km3$Qq|)FK~Zh34)FSZr8|-I(SK-oaZmq_!1MYdV{1wwiXFi6 zsvNJXrtc>!-QB%|zblxEtGS%u`L*#=cwe1a?ABI~Fn}wSu-FEQ2Ea*`??vzQD7D}H z7+RME1*(%=ob2uHyh455PH~L1WLY9VtAkvB-t9dMynGJW(*xS{q)6 zuiX>E+mx8Sz2m4K(8Mq=$f$@gN9s5WZKE)do|9(r>+;wl&?8&{0E^l1e#zVX5<161 z@XcFwTR)zX2RUM{FNa@hj~=}g46n;ugm1<-D3YG}=Tb`fSiLzZwiv`fvV44Bhni@i zlIbyhEpGlA*Bwh}V$(pe^O7X^X2H>he@z~={ep;T6>3yQzC0_Tkd}#Rn}3y1r*!mt zFff{k1xXi{OMu%{tHMjvckD&oC0z%x&xg`7-QgI&iW%oV{T2amcA7VP^f9(4?WZS~ zM(nAO%&ufvD*1ad90Pog3Zm+9%8hS#gi@F7JA%Q&@be;zDPG^lQ37kZ0c-<(cDXk- zf&^Nn&f=`&rYuJWw`W;$&nkX*BDuUb1yNv9M@Wc(T2`s3-$v~0R)e02G{0gdhs#kH z)TU|`e;mXs54e+5X33^DjqvrFlR38P1kQQM&~2OgOID zb(;`+oiZu`7@%$XULEtyOTNi^*b0!PkMue+0FXSldLT44w&b}TCnjSS$gM4UH9gjXXWcn~bnRr+@O&&u9n`(zZ45m2H<^FC$y#Ro(~Q z=KBb?g|4Yh*jn;uQbF^1=iktO!bLU^eyR#bHqsWo7lrApizD}#zS&-)e2V1KGX5F^ zqpST3-tiX_@r|HwbS|{=CpulsWiG0yUn;dBblYM&h+jN4ka~#QL6u3u#=Rd zj`}`wvcl*=i&_FFFH9fXm++w8DNEmK(r7UZLZ)e6A5n}>J2~1@mXbG8d!hsp1Uh^$ zMcQc*uz{8g5c3^a8YT3SEsH9t^d2tvZ#=U?ONl$OBKB}V@mw8-^wh}*cj)wS%B|E= zb5`~DkH*2kRPd_mjk9U6{Hfp>PIpw@{ zcQ52yqUyXKwXCbIlGOdsBrD2i*0{DRKd?{=lcX5fedks}XO7WH|4&)^Wi*;uO1YU+8(KG|OtdMU++ zeQMZP7r8~2a}tV=+e=2_(9bzP1HRy|oRJzY?3$w$eS6`5+5_CdG)uNtbGez*?Lr*q z{5H&FxjAblrcDyJ0ejiX-%0x*wnJD=0~=7$0?t6D!$$krue<{Czu@P-V~b%*Jgmzu zmva=}0AJ+Soq&`9vP`{G6cD5@$uP*)r;(!x0iv@L8cZe6TPFraehp&5vTo9KMA(?^ z^)YJQTPIQ9_Sf}+F%*Q>TMF*OjRmdN_q{EgXf|WowTTh?(p-+L1}ifwR8<&F%~-tB z`5;6%s{otz=Ou3-a~vI*g;1=Akar=va8W&aI@oNdzrkRq7r;U~Zv&>p%=V&3Ui}&l zGwsC^2>JR|{QLbn58X)IP-=VR)gV#FkQgJCSO;Mg*N~G5c6h--BhHRbVyjCn!6h~CWN2v zttg#nsrjIxptx#bYZk=BS2=(`&H+=ZD>sM~Fv(ErG9N9rSp#EV|F!bm_<_u|O9=#D z43|jtVf1SR`~GVxMQa>TR>-`E7VCW^NI!nnBHu7FEIv!$G~H5*tam)>6L(=A+5AkT z4tA^@&J~t-20!(jcGhxiSx1t-9up+joQvcR=hf$+QbTH@RIXZ4ZGbh#4;s`kOsRc` zBAnsdE3I+Dm^n4=`tYBuLcahW3Vga8O4lJjLa1S?!f}jzsSL4)?T}di1k92bux`en zCtLnGBZl6`oRCxHIq0N%MWXrWr$3ZH+Gcmr*RAKzG54Dp+nl?WwukO1N%tqMiiC*l z_#jiiinhA@uc39#KHoKB)a@+kA)?x?@$&1<8SEW{rHO=NeHYNq+a!*HVhO%LkB?)d z?TSQTiA}~k%E{Sn@wTwLU?cd`nq$i=^8I#-+1+kh0;T0X-TQrvE`&qzByMf@KCV(V zERq?-Eh9(AtdXAiAnt==Ih^*ORKgkj0}NCcBmoCsq;cJ*@Nv-wx91^aSZCm<`BNjR zb-^)a&z3`7Y@SXpL)gme4xg&-?Vc6KN@`-=0n)?e_m)_|F)Lg;ayf$T;;E4#uhS>< zgJ_stJAcn6_kb#jiJ~z`g%}rE0T6L@x_D3`u8XW|lVKT+W5JX*eA&EU$(hSwzYhEKWq2cPyl4MCrCH`5b{3`#n!^}ynUI0Nka>Dk8 zB%3d!z;tcQ_-dO1jHx<<3WVAHM@!WH^URwJ-E^sL`M}@$Vm7i*2@ag#6Uko~NsOoJ zh|MQbX>SS>vaPrvae3R=`v)y3Zhah>{;>Pt~-lXw9}-y3z(e-<4fR&wq{pA2R8 zay>BB^NfY*Oq8Y#aGmngZEzs+h@1NKy=T%t*bGY$0wth;td2o#LhPc==)$Avx2pJ9 z?;aq{ugZ~5;!gW&=;<=Fb4xI^Bt6Aq8jRkeN*-tRI_xhJk)3L$?2%}9C|AZ#Ga4pL zV@Mz+Nom&$NO1oQjS`gyXgS3AkT)igOKNld+<=AcQ9Z<%i_2`#D;^crQtMOxz(CvJ z(89vuv)9btv;lLPm@V4S%I3~fB(O=-n!?nS?kQ~y=S*G=bV|( zR_@PnXi&jnWsBi;ikKV$$Rp~jD-5|1boK>mV?P}Dk|R7C+Q?5ByT}bfUJyp~$v!_f zPM#NNv@{(gizy7fzkRV6OVn?>i5$or=dOHI=Ag|d1nHO=Q##z803Jy#%hsQP8h7TK z`p-&um@oI+(Qkh&W;^A<)mbiPbczdGd`8fF6UA!Y_q{yOVKOK=nJeGR+m-K8w#Q}Q zPR(@0a>DDs(3k%ZggbG76(}G3K90_uP)jDB8?JWNr=D?i`vkiex=MM#h*?)bL6??A z%JBW_gu|>n&EAYmAcYmSrcv(-Q7O*6l;m7ArCc>F0h?m>9g6c}3w`hqw zE?j;Q1F%brY5TlBMD4>`JN(&ir7`TZDR;U3T~mOx?CTcS_GS&Ip3Zmu4rc?^BA5F7 zRd{O@;F{O%n~Y)IGtn_cOW&2bvfb*La~F-tR6J_s{oa!pQH|!u6y3TBV5or>%b(!2 zkL`%fxn?hbeHlDMuf(gTsWEq}_mqkCjEGB*QoVaJ!~fh#Tl?cr1y`59pLn(5BH$41 zMx4M2kk>z?@n1l}J8XGh(A?KoQ)5U`slBE{fx9rrYYmVUVA6s^{!SQ=+7)@J@)7a7 z3b-T?T;Mz_r#N+iNbvb$P(XXVs(f%zg&zTlI?+O> zadLUa#8Ngn19Q}n8Y{!BIhE(2CvY=T{^NWmTZCD-w` zj9o|I#urd?i~VMTbrQ(JIB4*mM7DR%4GB6+q0bp^!~Azt=tCUp{puxpy0jP%ieyE+ z*2#E;>afTxi>v{EFHR;t3Z_p~Ph7lJF9ATn6bxocCgXKQT}0Q~p-elG1donv(l)I) z-I5dhy^y4OVtO(jyzX0CK^E#COF_ZId-t`(LuVpN5wb+*G*lQ7BB#_m&{Q{>d zBzdnm+B;uZ$%^u%`IThD+>dKYrX$%=L;wJ#fB@NxZ@0+lSZ^4EoPW-7e|2#q=WrbX zFAF)JWj`;pV$zkP*C&o?F%E<1xgDDOS7?Tl8S%)?@xkl%%*=u(j{#x3AI*}(j|<2X z-L4ExwlT;JBsno!AwI~_Jt9}GIA$qBIh8z8(Wlvg7Yx=0EkCcBY-6QMA&nSDfH0oO zz?t!Jo0uOTZM2DNzg1@jppH`;vfM~+*)zI+3A?X%tU?+8ot5=6I*cysddAi=M>YSE zOTj_y^!PK~MuItFEnlV9@DZoW)(ay{6L8KhMb349RmP=Qbe-c?9j!9e;K%Q|tIGG8 zQdOptgNbz5=uzTH9MLiCcauy#B5G8ExT;<6PPm3sBB{$k1#0@{&Iq$5!Jwy&x76w2 z4XtLCVqt(@^rG~1zx=SZo95R-FWa_EIALp(^=7ik_@aa(vLi})dHpS#`=IaLfY*vH z*LkWd3WZEK(~R$0V!7G8>}f4UuSajmvjQe8U@f6b(ocF7_^vE51hdd^D`Hx3J~u8Y zC#8e8T~vMaUBhvm`ExmQy$+$G-2I(3dx9Q|UgmgU88U-c zlruW@(U(x=8@)wO7xkl5On$7!6oKqxMIs=PCbx+jy?~_LjO2=fQl3xj3k?O!(s5^G z;?$%12gaFZwGB2j#cdx)`WZ&mauocK&g6Lf=n}ykQq}%+_9HHZL z)`-cQL&|enQVzQ&>7-NXkZRJ7a3Y2Z^)BU_n5{Q^un%3@p2M&Dc;~~V+4dsqHwvUv z*pUs)iDnPgA!qM{-XkHS$d#F> zUe?-0t%chkji4sSZz(4W5zTh>s92Wq?WQKv9>uAwmpCn=w z#PDe|Krv@8A>4{W6gTY(KJ3N$)QAfaziTL`kf7$!T!bAvja?NrXN4(kvQmnViAn3M zgui};DO?JF%4){NsGYLek2^C*h-&J_?GC)`m4NKlN%R$Pn+`GPup@=4{nt93R=cw0 zfMzphy5l4;sg0*kid$;cSOQkr8&9xJt5ZM=at=;{#dNuudbe6vSO_19K)I-B$}SF7 zn9@Z5<6Ize9`)(mIw>oV|2s+H*0W~4^$h>8xh2o!4g`>GTA9PQK)eXK+f~-WX&bNyH7Gcm_JmNdS;$9{&MTfTYX)2S?rH?)N$L-pvL8x ze#l<)ivglX1E*()!GsfGDb74dq;E)1GWWUB#lCGm05(al~L zynZ#3-Sq}(C{aZ8X=W*?hDIeOQOZ$m;sxt^qc8m7uEYMx(!wXiZloT130Im2vFOw{ z=w}gK#Vdp8mNc#0RIbxA=9~br-DEbKy7!=f>;7F?scd$g51*~3@?L+X^aSBg-kf}( zq+9;kzv{LsSFmCnTek>jXIKp-q}MRfb;)6)t}WdLE>mX{%dQxE_l7iGo)JY=n!3~Z z_wz#{YPM$@&+^2@i0diaJyhiQ7y0DjD_WSQYs8vCW&m6Tq@Y)({+pN$!j|&D>W@^Z zDq>9N(45+v;sz`e`T)aQ)|&{!CdU5u$lKt#;gx!tBYL|?e?7#}vxYIItc+Yv2=W_( zKqZM&Rx9m90WTDJ75vhfiE|B*JwcO@dNZ=jzD&Shg>Hh-qYbE2cWrHb(u7`S=6Vv` z*DfgQTkpCv8obEsdhHIFDNq`_`o?6MzIZmQsxPivq%Pq=12uX@an3?lBPUU`N+iFF z&*&|4`QVs^b!0g4H=WcJJ4J-f%E(I1*LMv*Xy2YD57$Ja2H;f-W8QDCe1E#WS{!)m zvgv_!Bt1Ir8y}W`Y^X@Wy%J((cN;l7=bj?;Q&cR&^|k?%ObbXkvAOy@(2=3c8w<5<^Ja7_h8)?R$#L`JhcBoZL9HU0%8o(N|x(tj_XnalCPIjT2FRT_wnARwEPLWeVd@nNZh+v zrvnx*#bSte`@&v)Ieb-D1Dfj^yzk>Roa=)1@MN+J!ToVazSnV0*0cQa-`7`c40vh} zKED_8xz&PEg!`(?I}*^^N}f*Wu@O@&kHoN^uzqP`qYzK4%V){cE>~pNEEUm*cpn5) zEx)(#R(M>sTk~CjO4}(v$wxySoc_XQYuCG^FZR2xrw#tYhX&l`q((Jf zNE&~h&&2qcuGP5II|feQM&KBmZ9?67f6WX{8Bl1=wSJ*Hpzh>}!Lg|rqqzc-m|bY@ zX0AHBTyMS%-1M9A22fd4kD@h#eDiVg`UEPF`@uaux*y! z)qDQ|DD$}5SH#f^07cZNuz)R$oY@tPcRE(?HXZmgz0#Pvmynv_`SZ$+66M%ay+XBK zf6a+8B7Lo%+mj*{_AGC-SQ70gBT4Wc;FMP&mWhyWFI(sel-PF{W=|uL$kvt78w*N` z+bXWaV=ui?!ZF%K0cI>zvAm1JeCMhYT zyo(h@w=_YMZ<`aJnO#Z-aHmC57*D=$guShQw3qzuI1W* z*cMy8pBh^4&C`9x_Rn9fBDl5jZN(V+y13+xU%Bq3%rj5*nTP_0($2i52-+^nuhuM@ z@tO6SiMSkzdBy123memdY4R6^+iP|tCVkwNP|9OJxwC}5oWYu7(U*Kbf-ci9RyvONYnx=8 zfNrgn`S~V&)9=o66w&ZQ2nG{$5X1|}+h6ye9oCnxmE#ZbS~-OrZ{aZd!{vbz9+ysy zhXF;tg~9b|?)mbU%jb(-7Cw?XBkqm9=XG?(GiZT1Y+%#bX^{NxI#pnBC1P`iHosC* z#&zZRr%X$emE7XR`!j4y(`fRBcJS13m)Ygn+z@)_-E?IdUuCO>uS9*{!^&1mxFq&v z8O-<98Jd>W=im(64(vOpEAW?tPs7oJj1YUy2oeuB<{Ti*1mBcJMj&7?mqg zkxE-(aaYoifBST=a^a3-88GPC8rLbNHTYy1x^}$Z%+l6xBGs+=7Ire4TNAK`L7iAH zY%-0Z=ULkpTWBv<>-N)JrmeP^NhvnWuKfEwAwtB(M1d17+i6!_GT(WvVcY^+V|TBxKCE`NuWMd zCjU%4S4ZK`?UO)FsqE-yJfucFzzgY7K3i!(XA516`St#7Tmih@y?FihpCS!Z$$sm> zM46!8=-QI>Gm#Uvh=57%AcgWSm2c`61X^h4-kKTW$JDZpR>6-&1Nlh{Hw-i@P9O0F z5_Ss2qa}I>z(YET_>yKjtJeaC+ERS_o02C{$6sH_xp$vwBfXF(bs33LJjHP8_RN~R zV~j7C|JL?oy8uRTO$Q0S6WFT>;b*AW>w3ccBmGX=)u0CPTr+bli;+G4)WqMk~ zXE-x8wteTe?|*2u;oCUjpSDt2x$U*{-M3=Hu-<#hPav>H_VMMsb~Xk$)LFW5{(-m2 zQ$FION{vW5lXu;1;OaFEEiSFJham?TZ(A2rxu(meieNI)ezcSOrDq}QR8sG=xf2U6 zG1T$WRH1v@c{n_;1>@oS=4Nso5Q~9(BQ0tO_1lhyYhj1WZuck!B>i;vLheOmJCf%E zr_~6d1U|@ahoyV$hy#Zl$y>+7)@xjY2vEEa{iVZ<7o}Tc(@Tr!UL>@4WtB-+^2v@q z$&Ka)d6TdDnkp^S8-w2#jOoiOeb-RJ=xoTLY2$>wd|T5f=^C#40kq9bE`0|tc^jS0 zIi<{uUgVGrG0cO~>$u}KkLsJXG+DwKllA?4dRQdA29AcMN(S5SqYnjPg&NzI!2B}k z$;q2)!$=$|@VRk*EKffq7uvK`4#)lZ~_^i`3 z(5F^RmO8JZ-odQ|x=+Pdq}r(RJ5M(Zv@6c%$}>{@F{2NfI?lVAuqhxxr)R<&y@3?@ zI%fG6Zx7CS(=`B>G|W>|Zk~OYZu{#L?^}|Ty1jezKr;^=C4~+vY>)lS0qQ5q=pj_? zs6BTe!lANw2duv@WZVvSyua6*nm;ZrELO2F)G&4@+StB-cUZ*^D!I-)P-MLTuIQ?vF{s_hu@8u>R|}}9l-Y@&oc~^R z`e|ozIupduxxZPaCfEq;O7W8#XdK+QVHY;YqY%0l&j{oa zi)=|v#SG_Lfa|G1*QHagAM~R2D@K?CLp%wghIsSZ%{mNVWYWcYHX4f_z}5Wet}b}@cFgsKw^WdR zT#C~ZUm3XBTidN`zK$`@om!5dZInY>A^~WqTwtCy5F<&2K9(`H>@V@l^BZ5ZB_qOy zUctl1Wssk$#A3;yK484h4RZjU_t%GlCFk6LWbSz{&WJ$aiSqlQmo+AuL$xV>1CrnE znVo(OlwI&U9ll1!H=w#73RM_|K+=dAzMibSpzaDIR~-m8E}=D00$csE;G3+}_y zy2~0uD-$GT-0lUMY5_W(bMB2Av2J5O?jM{A0zK`AYGL{AJr5@u+|$=0yjsz{FFtG% z$CSB9tge`N8IZ`9Hnn)FUa`hefOS((DF*Ebd!`5`f}@|2|G zUMI!aj}wPN(~}=dJjk}Cg6GUz-RJjKcx#?#uI63BH<3=%$qs8y&L^!*J7^)<-9^~= zvrLO#2v6XRb<1&)TjETeT70hq1J^O>A)K4Z2e1Nfp2rQa9^N>=@V5G7aovlyNsgUn|IPV= z{kiyj|H0xCcDha{WJmrI>zynwkAuAUuSdm|P>Z)-(=f>eFN8o*rFWcDO{`AM5N*&&s)N9wfL{?R|M1 z5OVO9RX#y<#=UN1s5x-j$0ua6a{K(YtnSufnNnIWcS1I}q?Jd*dcPM{*9y}-z+PZd zgdxqzr|K9IN5$mpDy1F&r!~ryYS3Bs85y`(08n9&cFGK-wlfUckrT%l9TGJ z@d>maC_G#8N9fER7NJ9$8BSFHqnSSz9c52Fj%xu^e~tS?;2Q(C5ZRqoHp|+ue?O0r8C*@Lyr`H{~+be!9bxq`J0v zallGb@ns5{z2oK+cXHdl2yCy%{x1CixsZc%C(x#Oe zONHS3IK{tF|HIxqJf47+PE`a~pYmuji%Y6nP^PlTitq6c&_8E)pD)y44>4f^HNB2d z-g1%+oGV-%HOr-p*Z61844@}KHfcT5PT)7UQ|QMZ1SF}By7Vgka}?W1yh3esk#Cgp z@3#_h4mNc4Z&Ce6G7iW2J&m1y)GzJ+NmGHNSMs0wq+qK`e5yRAs7ds@(}TDq34aCC zUrM5(Oaz%nf!Tj!j2F$d@f**lpA>Oo5)0o^{!@%!4K~Co({HAtFa_ZPiX9OCJL4=Z zF4F$IDfZu{@CfvBMp<7;Rq^**H$p|hTyX^rdMEb-#|r;{V>P~MQi9!XMMeB3y3MW7 zH5DRer_4h}#`(SaJS0Eu9?Z9DJ7BnBdGffpu10iLkWWK{5OV&TL~Nc|{O2C9?Kp#+ z$v{)9#^A=3wO!P}w8q-!+NR>2GMNKR`LIW7Zf@9Uz}Artxf<6$NyJ{$mPCl%ZIW(+ zh(!^MU5Ly*yxU&<;7Dq#Muj_nWBd7zmjo@pq z5s9(_Rqv=;m-evxB)Dkw6Ao*beTVO%)JncuZaHe!%r9Z35}Y>s-72%UgdEFq>nU#j)2&}V#wF9&*=nADxy~OB>Wg#G*~i3)KeOwv zMixyX$oXRcf!Z$@`K6UdxGekTUnalQ@kiABtFC{&>wiYwzj5+!TKS*p_J2JKU(i0# WcuBp(z>9YUcY#&3l`9l&p8Y=+;EMzR diff --git a/internal/commands/api/api.go b/internal/commands/api/api.go index be9b675..0664257 100644 --- a/internal/commands/api/api.go +++ b/internal/commands/api/api.go @@ -252,6 +252,7 @@ func NewCmdAPI(inv *cmd.Invocation) *cmd.Command { path = resolvedPath } + // URL safety validation resolvedURL, err := client.ResolveURL(*apiClient.BaseURL, path) if err != nil { return fmt.Errorf("invalid input path/URL %q", path) diff --git a/internal/commands/profile/set.go b/internal/commands/profile/set.go index 8275ca7..978671b 100644 --- a/internal/commands/profile/set.go +++ b/internal/commands/profile/set.go @@ -150,7 +150,7 @@ func setRun(ctx context.Context, opts *SetOpts) error { write := true switch opts.Property { case "hostname": - write, err = opts.validateHostname() + write, err = opts.setValidHostname() case "organization": write, err = opts.validateOrg() } @@ -198,12 +198,13 @@ func setRun(ctx context.Context, opts *SetOpts) error { return nil } -func (o *SetOpts) validateHostname() (bool, error) { - hostname, err := o.Profile.ValidateHostname(o.Profile.Hostname) +func (o *SetOpts) setValidHostname() (bool, error) { + hostname, err := profile.ValidateHostname(o.Profile.Hostname) if err != nil { return false, err } o.Profile.Hostname = hostname + o.Value = hostname return true, nil } diff --git a/internal/pkg/profile/profile.go b/internal/pkg/profile/profile.go index 0b30003..98e89e3 100644 --- a/internal/pkg/profile/profile.go +++ b/internal/pkg/profile/profile.go @@ -263,7 +263,11 @@ func (p *Profile) GetHostname() string { // with an optional port, and should not include a scheme. If the hostname includes a scheme, the // scheme will be stripped. func (p *Profile) SetHostname(hostname string) error { - hostname, err := p.ValidateHostname(hostname) + if p == nil { + return nil + } + + hostname, err := ValidateHostname(hostname) if err != nil { return err } @@ -274,7 +278,7 @@ func (p *Profile) SetHostname(hostname string) error { // ValidateHostname validates that the provided hostname is a valid hostname with an optional port, // and does not include a scheme. If the hostname includes a scheme, the scheme is stripped before // validation. -func (p *Profile) ValidateHostname(hostname string) (string, error) { +func ValidateHostname(hostname string) (string, error) { // Validate the hostname format. It should be a hostname and port, no scheme if indexScheme := strings.Index(hostname, "://"); indexScheme >= 0 { hostname = hostname[indexScheme+3:] diff --git a/internal/pkg/profile/profile_test.go b/internal/pkg/profile/profile_test.go index 10945d4..ac5a42e 100644 --- a/internal/pkg/profile/profile_test.go +++ b/internal/pkg/profile/profile_test.go @@ -173,6 +173,14 @@ func TestProfile_SetHostname(t *testing.T) { } }) } + + t.Run("nil profile", func(t *testing.T) { + p := (*Profile)(nil) + r := require.New(t) + err := p.SetHostname("example.com") + r.NoError(err) + r.Equal("", p.GetHostname()) + }) } func TestProfile_HostCache(t *testing.T) { From d1b3ccf13a8ad138d3ccdf9798d0bb86b36c5d9a Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 13:02:22 -0600 Subject: [PATCH 10/15] normalize hostnames from env --- internal/commands/profile/set.go | 2 +- internal/pkg/profile/hostcache.go | 7 +++- internal/pkg/profile/loader.go | 23 +++++------- internal/pkg/profile/profile.go | 26 +++++++++----- internal/pkg/profile/profile_test.go | 52 ++++++++++++++++++++++++++++ 5 files changed, 86 insertions(+), 24 deletions(-) diff --git a/internal/commands/profile/set.go b/internal/commands/profile/set.go index 978671b..a98692b 100644 --- a/internal/commands/profile/set.go +++ b/internal/commands/profile/set.go @@ -199,7 +199,7 @@ func setRun(ctx context.Context, opts *SetOpts) error { } func (o *SetOpts) setValidHostname() (bool, error) { - hostname, err := profile.ValidateHostname(o.Profile.Hostname) + hostname, err := profile.NormalizeHostname(o.Profile.Hostname) if err != nil { return false, err } diff --git a/internal/pkg/profile/hostcache.go b/internal/pkg/profile/hostcache.go index f8466b5..a6e4552 100644 --- a/internal/pkg/profile/hostcache.go +++ b/internal/pkg/profile/hostcache.go @@ -45,7 +45,12 @@ type CheckRefreshFunc func(mTime *time.Time) RefreshResult // NewHostCacheLoader creates a new HostCacheLoader for the given hostname, using the provided logger for logging. func NewHostCacheLoader(ctx context.Context, baseDir, hostname string) (*HostCacheLoader, error) { logger := logging.FromContext(ctx) - hostDir := filepath.Join(baseDir, normalizeHostname(hostname)) + hostnameNormal, err := NormalizeHostname(hostname) + if err != nil { + return nil, err + } + + hostDir := filepath.Join(baseDir, hostnameNormal) if err := os.MkdirAll(hostDir, 0o766); err != nil { return nil, err } diff --git a/internal/pkg/profile/loader.go b/internal/pkg/profile/loader.go index 211ffdf..4b2556f 100644 --- a/internal/pkg/profile/loader.go +++ b/internal/pkg/profile/loader.go @@ -17,7 +17,6 @@ import ( "github.com/google/uuid" "github.com/hashicorp/hcl/v2/hclsimple" "github.com/mitchellh/go-homedir" - "golang.org/x/net/idna" "github.com/hashicorp/tfctl-cli/internal/pkg/logging" "github.com/hashicorp/tfctl-cli/version" @@ -335,17 +334,6 @@ func (l *Loader) NewProfile(name string) (*Profile, error) { return p, p.Validate() } -func normalizeHostname(hostname string) string { - hostname = strings.TrimSpace(hostname) - hostname = strings.TrimPrefix(hostname, "https://") - hostname = strings.TrimPrefix(hostname, "http://") - hostname = strings.TrimRight(hostname, "/") - if asciiHost, err := idna.Lookup.ToASCII(hostname); err == nil { - return asciiHost - } - return hostname -} - func profileTokenEnvVar(profileName string) string { if profileName == "" || profileName == "default" { return envVarToken @@ -354,7 +342,10 @@ func profileTokenEnvVar(profileName string) string { } func legacyTokenEnvVar(hostname string) string { - hostname = normalizeHostname(hostname) + hostname, err := NormalizeHostname(hostname) + if err != nil { + return "" + } var b strings.Builder b.WriteString("TF_TOKEN_") @@ -393,7 +384,11 @@ func tokenFromCredentials(hostname string) (string, error) { return "", fmt.Errorf("parse %s: %w", path, err) } - hostname = normalizeHostname(hostname) + hostname, err = NormalizeHostname(hostname) + if err != nil { + return "", err + } + entry, ok := creds.Credentials[hostname] if !ok { return "", nil diff --git a/internal/pkg/profile/profile.go b/internal/pkg/profile/profile.go index 98e89e3..fb55ec2 100644 --- a/internal/pkg/profile/profile.go +++ b/internal/pkg/profile/profile.go @@ -8,6 +8,7 @@ import ( "context" "errors" "fmt" + "net/url" "os" "path/filepath" "reflect" @@ -18,6 +19,7 @@ import ( "github.com/hashicorp/hcl/v2/gohcl" "github.com/hashicorp/hcl/v2/hclwrite" "github.com/posener/complete" + "golang.org/x/net/idna" ) const ( @@ -267,7 +269,7 @@ func (p *Profile) SetHostname(hostname string) error { return nil } - hostname, err := ValidateHostname(hostname) + hostname, err := NormalizeHostname(hostname) if err != nil { return err } @@ -275,18 +277,26 @@ func (p *Profile) SetHostname(hostname string) error { return nil } -// ValidateHostname validates that the provided hostname is a valid hostname with an optional port, -// and does not include a scheme. If the hostname includes a scheme, the scheme is stripped before -// validation. -func ValidateHostname(hostname string) (string, error) { - // Validate the hostname format. It should be a hostname and port, no scheme - if indexScheme := strings.Index(hostname, "://"); indexScheme >= 0 { - hostname = hostname[indexScheme+3:] +// NormalizeHostname validates and normalizes the given hostname by stripping any extra URL data, +// like paths. It also converts domain names to their idna ASCII form +func NormalizeHostname(hostname string) (string, error) { + u, err := url.Parse(hostname) + if err != nil { + return "", fmt.Errorf("invalid hostname %q: %w", hostname, err) + } + + if err == nil && u.Host != "" { + hostname = u.Host + } + + if asciiHost, err := idna.Lookup.ToASCII(hostname); err == nil { + return asciiHost, nil } if !validHostnamePattern.MatchString(hostname) { return "", fmt.Errorf("invalid hostname %q: must be a valid hostname (with optional port)", hostname) } + return hostname, nil } diff --git a/internal/pkg/profile/profile_test.go b/internal/pkg/profile/profile_test.go index ac5a42e..80fdbda 100644 --- a/internal/pkg/profile/profile_test.go +++ b/internal/pkg/profile/profile_test.go @@ -123,6 +123,58 @@ func TestCore_Getters(t *testing.T) { r.Equal("token-from-env", p.GetToken()) } +func TestNormalizeHostname(t *testing.T) { + t.Parallel() + + cases := []struct { + Name string + Input string + Expected string + Error string + }{ + { + Name: "valid hostname", + Input: "example.com", + Expected: "example.com", + }, + { + Name: "hostname with scheme", + Input: "https://example.com", + Expected: "example.com", + }, + { + Name: "hostname with path", + Input: "example.com/some/path", + Error: `invalid hostname "example.com/some/path": must be a valid hostname (with optional port)`, + }, + { + Name: "invalid hostname", + Input: "invalid/hostname", + Error: `invalid hostname "invalid/hostname": must be a valid hostname (with optional port)`, + }, + { + Name: "hostname with unicode characters", + Input: "täst.com", + Expected: "xn--tst-qla.com", + }, + } + + for _, c := range cases { + t.Run(c.Name, func(t *testing.T) { + t.Parallel() + r := require.New(t) + + output, err := NormalizeHostname(c.Input) + if c.Error == "" { + r.NoError(err) + r.Equal(c.Expected, output) + } else { + r.ErrorContains(err, c.Error) + } + }) + } +} + func TestProfile_SetHostname(t *testing.T) { t.Parallel() From 50a64646d034a66b05d3653410a6abf95b200918 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 13:04:48 -0600 Subject: [PATCH 11/15] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 09d1390..06130cf 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,7 @@ Verify that the login is successful before leaving the token page in your browse If the CLI does not find a token configured for the active profile, it checks your Terraform configuration for a matching token. Refer to [Terraform tokens](#terraform-tokens) for more information. -### Set organization +### Set default organization Run the `tfctl profile set default_organization` command to set the organization. Replace `` with your HCP Terraform or Terraform Enterprise organization name. From 3026d3d1dcfe633a319a4fb55270972cbb875875 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 13:37:10 -0600 Subject: [PATCH 12/15] add debug clarity about which credential is used --- README.md | 4 +- cmd/tfctl/main.go | 16 +++-- internal/commands/auth/login_test.go | 28 ++++---- .../commands/profile/profiles/create_test.go | 2 +- internal/commands/profile/profiles/list.go | 4 +- internal/commands/profile/profiles/rename.go | 2 +- internal/commands/profile/set_test.go | 4 +- internal/commands/profile/unset_test.go | 4 +- internal/pkg/cmd/invocation.go | 2 +- internal/pkg/logging/logging.go | 16 ++++- internal/pkg/profile/loader.go | 58 ++++++++-------- internal/pkg/profile/loader_test.go | 68 ++----------------- 12 files changed, 83 insertions(+), 125 deletions(-) diff --git a/README.md b/README.md index 06130cf..d23713b 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ If the CLI does not find a token configured for the active profile, it checks yo ### Set default organization -Run the `tfctl profile set default_organization` command to set the organization. Replace `` with your HCP Terraform or Terraform Enterprise organization name. +Run the `tfctl profile set default_organization` command to set the default organization. Replace `` with your HCP Terraform or Terraform Enterprise organization name. ```bash $ tfctl profile set default_organization @@ -172,7 +172,7 @@ If you have not configured a particular option for the active profile, `tfctl` c `TFCTL_HOSTNAME`: The Terraform Enterprise or HCP Terraform hostname to use. Defaults to `app.terraform.io`. -`TFCTL_TOKEN`: An HCP Terraform API token to use in conjunction with the default profile. +`TFCTL_TOKEN`: An HCP Terraform API token to use in conjunction with the default profile. This variable is not used in conjunction with any other profile. `TFCTL_TOKEN_`: An HCP Terraform API token to use in conjunction with the named profile. diff --git a/cmd/tfctl/main.go b/cmd/tfctl/main.go index 1e8969e..23a7067 100644 --- a/cmd/tfctl/main.go +++ b/cmd/tfctl/main.go @@ -55,8 +55,16 @@ func realMain() int { } }() + initialLogLevel := logging.LevelDefault + for _, a := range args { + if a == "--debug" { + initialLogLevel = logging.LevelDebug + break + } + } + // The logger level will need to be set by the command after parsing flags. - logger := logging.NewLogger(io) + logger := logging.NewLogger(io, initialLogLevel) // Add the logger to the shutdown context because this is the context used throughout // the command execution lifecycle. @@ -71,7 +79,7 @@ func realMain() int { return 1 } - activeProfile, err := loadActiveProfile(loader) + activeProfile, err := loadActiveProfile(shutdownCtx, loader) if err != nil { fmt.Fprintln(io.Err(), err) return 1 @@ -145,7 +153,7 @@ func realMain() int { } // loadActiveProfile loads the active profile. -func loadActiveProfile(loader *profile.Loader) (*profile.Profile, error) { +func loadActiveProfile(ctx context.Context, loader *profile.Loader) (*profile.Profile, error) { // Load the active profile activeProfile, err := loader.GetActiveProfile() if err != nil { @@ -167,7 +175,7 @@ func loadActiveProfile(loader *profile.Loader) (*profile.Profile, error) { } } - return loader.LoadProfile(activeProfile.Name) + return loader.LoadProfile(ctx, activeProfile.Name) } // IsAutocomplete returns true if the CLI is being run in an autocomplete diff --git a/internal/commands/auth/login_test.go b/internal/commands/auth/login_test.go index e2cf0bc..6937c1a 100644 --- a/internal/commands/auth/login_test.go +++ b/internal/commands/auth/login_test.go @@ -76,7 +76,7 @@ func TestLoginFromStdin(t *testing.T) { r.Contains(io.Error.String(), "Successfully logged in") r.Contains(io.Error.String(), "testuser") - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal("my-test-token", loaded.Token) } @@ -191,7 +191,7 @@ func TestLoginFromStdin_TokenWithWhitespace(t *testing.T) { r.NoError(runLogin(t, opts)) - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal("my-token-with-spaces", loaded.Token) } @@ -246,7 +246,7 @@ func TestLoginInteractive_Success(t *testing.T) { r.Contains(io.Error.String(), "Successfully logged in") r.Contains(io.Error.String(), "interactive-user") - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal("interactive-token", loaded.Token) } @@ -280,11 +280,11 @@ func TestLoginFromStdin_DifferentProfile(t *testing.T) { r.NoError(runLogin(t, &LoginOpts{IO: io, Profile: p2, Token: true})) // Verify tokens were saved to the correct profiles - loadedProd, err := l.LoadProfile("production") + loadedProd, err := l.LoadProfile(context.Background(), "production") r.NoError(err) r.Equal("prod-token", loadedProd.Token) - loadedStaging, err := l.LoadProfile("staging") + loadedStaging, err := l.LoadProfile(context.Background(), "staging") r.NoError(err) r.Equal("staging-token", loadedStaging.Token) } @@ -299,7 +299,7 @@ func TestLoginFromStdin_DryRun(t *testing.T) { p.Hostname = srv.URL r.NoError(p.Write()) - initial, err := l.LoadProfile(p.Name) + initial, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) initialToken := initial.Token @@ -317,7 +317,7 @@ func TestLoginFromStdin_DryRun(t *testing.T) { r.Contains(io.Error.String(), "would save token") r.Contains(io.Error.String(), p.Name) - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal(initialToken, loaded.Token) r.NotEqual("my-new-token", loaded.Token) @@ -333,7 +333,7 @@ func TestLoginInteractive_DryRun(t *testing.T) { p.Hostname = srv.URL r.NoError(p.Write()) - initial, err := l.LoadProfile(p.Name) + initial, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) initialToken := initial.Token @@ -353,7 +353,7 @@ func TestLoginInteractive_DryRun(t *testing.T) { r.NoError(runLogin(t, opts)) r.Contains(io.Error.String(), "would save token") - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal(initialToken, loaded.Token) r.NotEqual("interactive-token", loaded.Token) @@ -382,7 +382,7 @@ func TestLoginFromStdin_QuietMode(t *testing.T) { r.NoError(runLogin(t, opts)) r.Empty(io.Error.String()) - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal("my-token", loaded.Token) } @@ -410,7 +410,7 @@ func TestLoginFromStdin_VerifyFails(t *testing.T) { r.Error(err) r.Contains(err.Error(), "failed to verify token") - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.NotEqual("bad-token", loaded.Token) } @@ -453,7 +453,7 @@ func TestLoginInteractive_ConfirmOpensBrowserWithSource(t *testing.T) { r.Contains(openedURL, "?source=tfctl-login") r.Contains(io.Error.String(), "Do you want to proceed") - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal("interactive-token", loaded.Token) } @@ -466,7 +466,7 @@ func TestLoginInteractive_DeclineDoesNotOpenBrowser(t *testing.T) { p := l.DefaultProfile() r.NoError(p.Write()) - initial, err := l.LoadProfile(p.Name) + initial, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) initialToken := initial.Token @@ -493,7 +493,7 @@ func TestLoginInteractive_DeclineDoesNotOpenBrowser(t *testing.T) { r.False(opened, "browser must not open when the user declines") r.Contains(io.Error.String(), "Login canceled.") - loaded, err := l.LoadProfile(p.Name) + loaded, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal(initialToken, loaded.Token, "token is unchanged when login is declined") } diff --git a/internal/commands/profile/profiles/create_test.go b/internal/commands/profile/profiles/create_test.go index 1ff12bf..d64793f 100644 --- a/internal/commands/profile/profiles/create_test.go +++ b/internal/commands/profile/profiles/create_test.go @@ -103,7 +103,7 @@ func TestCreateHostnameWithScheme(t *testing.T) { r.NoError(err) r.Contains(profiles, "hostname_with_scheme") - p, err := l.LoadProfile("hostname_with_scheme") + p, err := l.LoadProfile(context.Background(), "hostname_with_scheme") r.NoError(err) r.Equal("example.com:8080", p.GetHostname()) } diff --git a/internal/commands/profile/profiles/list.go b/internal/commands/profile/profiles/list.go index 89f21af..2e90bf8 100644 --- a/internal/commands/profile/profiles/list.go +++ b/internal/commands/profile/profiles/list.go @@ -56,7 +56,7 @@ type ListOpts struct { Profiles *profile.Loader } -func listRun(_ context.Context, opts *ListOpts) error { +func listRun(ctx context.Context, opts *ListOpts) error { profileNames, err := opts.Profiles.ListProfiles() if err != nil { return fmt.Errorf("failed to list profiles: %w", err) @@ -64,7 +64,7 @@ func listRun(_ context.Context, opts *ListOpts) error { profiles := make([]*profile.Profile, len(profileNames)) for i, n := range profileNames { - p, err := opts.Profiles.LoadProfile(n) + p, err := opts.Profiles.LoadProfile(ctx, n) if err != nil { return fmt.Errorf("failed to load profile %q: %w", n, err) } diff --git a/internal/commands/profile/profiles/rename.go b/internal/commands/profile/profiles/rename.go index aaab06d..d16ab7a 100644 --- a/internal/commands/profile/profiles/rename.go +++ b/internal/commands/profile/profiles/rename.go @@ -97,7 +97,7 @@ func renameRun(ctx context.Context, opts *RenameOpts) error { } // Load the existing profile - existing, err := opts.Profiles.LoadProfile(opts.ExistingName) + existing, err := opts.Profiles.LoadProfile(ctx, opts.ExistingName) if err != nil { if errors.Is(err, profile.ErrNoProfileFilePresent) { return fmt.Errorf("profile %q does not exist", opts.ExistingName) diff --git a/internal/commands/profile/set_test.go b/internal/commands/profile/set_test.go index da2120b..fdc35ad 100644 --- a/internal/commands/profile/set_test.go +++ b/internal/commands/profile/set_test.go @@ -133,7 +133,7 @@ func TestSet_Organization(t *testing.T) { } checkOrg := func(expected string) { - loadedProfile, err := l.LoadProfile(p.Name) + loadedProfile, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.Equal(expected, loadedProfile.DefaultOrganization) } @@ -169,7 +169,7 @@ func TestSetDryRun(t *testing.T) { r.Equal("dry-run-org", o.Profile.DefaultOrganization) r.Contains(io.Error.String(), `would set profile property "default_organization" to "dry-run-org"`) - reloaded, err := l.LoadProfile("test") + reloaded, err := l.LoadProfile(context.Background(), "test") r.NoError(err) r.Equal("original-org", reloaded.DefaultOrganization) } diff --git a/internal/commands/profile/unset_test.go b/internal/commands/profile/unset_test.go index 67814de..beab60a 100644 --- a/internal/commands/profile/unset_test.go +++ b/internal/commands/profile/unset_test.go @@ -83,7 +83,7 @@ func TestUnset(t *testing.T) { r.NoError(err) // Load the profile from disk - reread, err := l.LoadProfile("test") + reread, err := l.LoadProfile(context.Background(), "test") r.NoError(err) c.CheckProfile(reread, r) }) @@ -112,7 +112,7 @@ func TestUnsetDryRun(t *testing.T) { r.NoError(unsetRun(context.Background(), o)) r.Contains(io.Error.String(), `would unset profile property "default_organization"`) - reloaded, err := l.LoadProfile("test") + reloaded, err := l.LoadProfile(context.Background(), "test") r.NoError(err) r.Equal("keep-me", reloaded.DefaultOrganization) } diff --git a/internal/pkg/cmd/invocation.go b/internal/pkg/cmd/invocation.go index 25855fc..ff914b3 100644 --- a/internal/pkg/cmd/invocation.go +++ b/internal/pkg/cmd/invocation.go @@ -249,7 +249,7 @@ func (i *Invocation) applyGlobalFlags(_ *Command) error { return err } - p, err := l.LoadProfile(i.flags.profile) + p, err := l.LoadProfile(i.ShutdownCtx, i.flags.profile) if err != nil { return err } diff --git a/internal/pkg/logging/logging.go b/internal/pkg/logging/logging.go index 6b0c3e4..b3a63d6 100644 --- a/internal/pkg/logging/logging.go +++ b/internal/pkg/logging/logging.go @@ -16,7 +16,17 @@ import ( type ctxKey struct{} -var loggingKey = ctxKey{} +const ( + // LevelDefault is the default logging level for the application, which is error. + LevelDefault = hclog.Error + + // LevelDebug is the logging level that includes debug messages, which is more verbose than the default. + LevelDebug = hclog.Debug +) + +var ( + loggingKey = ctxKey{} +) // WithLogger returns a new context with the provided logger. func WithLogger(ctx context.Context, logger hclog.Logger) context.Context { @@ -32,11 +42,11 @@ func FromContext(ctx context.Context) hclog.Logger { } // NewLogger constructs a new logger configured based on the provided IOStreams. -func NewLogger(io iostreams.IOStreams) hclog.Logger { +func NewLogger(io iostreams.IOStreams, initialLevel hclog.Level) hclog.Logger { // Create the Logger logOpt := &hclog.LoggerOptions{ Name: version.Name, - Level: hclog.Error, + Level: initialLevel, Output: io.Err(), TimeFn: time.Now, TimeFormat: "15:04:05.000", diff --git a/internal/pkg/profile/loader.go b/internal/pkg/profile/loader.go index 4b2556f..10a1c41 100644 --- a/internal/pkg/profile/loader.go +++ b/internal/pkg/profile/loader.go @@ -195,7 +195,8 @@ func (l *Loader) ListProfiles() ([]string, error) { // LoadProfile loads a profile given its name. If the profile can not be found, // ErrNoProfileFilePresent will be returned. Otherwise, an error will be // returned if the profile is invalid. -func (l *Loader) LoadProfile(name string) (*Profile, error) { +func (l *Loader) LoadProfile(ctx context.Context, name string) (*Profile, error) { + logger := logging.FromContext(ctx) // Expand the directory. path := filepath.Join(l.profilesDir, fmt.Sprintf("%s.hcl", name)) @@ -223,27 +224,41 @@ func (l *Loader) LoadProfile(name string) (*Profile, error) { // If there's no default organization set, use the environment variable if it's set. if c.DefaultOrganization == "" { if orgID, ok := os.LookupEnv(envVarOrganization); ok && orgID != "" { + logger.Debug("Setting default_organization from "+envVarOrganization, "organization", orgID) c.DefaultOrganization = orgID } } - // If there's no token set, check the credentials file and environment variables. - if c.Token == "" { - credsToken, err := tokenFromCredentials(c.Hostname) - if err != nil { - return nil, err - } - c.tokenFromEnv = credsToken + // If there's no token set, check the credentials file and environment variables. These are + // checked in a careful order of precedence. + + if c.Token != "" { + logger.Debug("Using token from profile", "name", c.Name) } - if c.Token == "" { + // 1. Check for a token specific to tfctl (TFCTL_TOKEN_{profileName} or TFCTL_TOKEN for the default profile) + if c.GetToken() == "" { if envToken := os.Getenv(profileTokenEnvVar(c.Name)); envToken != "" { + logger.Debug("Setting token from environment", "var", profileTokenEnvVar(c.Name)) c.tokenFromEnv = envToken } } - if c.Token == "" { - if envToken := os.Getenv(legacyTokenEnvVar(c.Hostname)); envToken != "" { + // 2. Check for a token in the terraform credentials file that matches the hostname of the profile + if c.GetToken() == "" { + credsToken, err := tokenFromCredentials(c.Hostname) + if err != nil { + return nil, err + } + logger.Debug("Setting token from terraform credentials file", "hostname", c.Hostname) + c.tokenFromEnv = credsToken + } + + // 3. Check for a token in the terraform environment variable that matches the hostname of the + // profile (support for TF_TOKEN_{normalizedHostname} + if c.GetToken() == "" { + if envToken := os.Getenv(terraformTokenEnvVar(c.Hostname)); envToken != "" { + logger.Debug("Setting token from terraform environment", "var", terraformTokenEnvVar(c.Hostname)) c.tokenFromEnv = envToken } } @@ -255,25 +270,6 @@ func (l *Loader) LoadProfile(name string) (*Profile, error) { return &c, nil } -// LoadProfiles loads all the available profiles. -func (l *Loader) LoadProfiles() ([]*Profile, error) { - profileNames, err := l.ListProfiles() - if err != nil { - return nil, err - } - - var profiles []*Profile - for _, n := range profileNames { - p, err := l.LoadProfile(n) - if err != nil { - return nil, fmt.Errorf("failed to load profile %q: %w", n, err) - } - profiles = append(profiles, p) - } - - return profiles, nil -} - // DeleteProfile deletes the profile with the given name. If the profile can not be found, // ErrNoProfileFilePresent will be returned. Otherwise, an error will be // returned if the profile can not be deleted for any other reason.. @@ -341,7 +337,7 @@ func profileTokenEnvVar(profileName string) string { return fmt.Sprintf(envVarTokenProfileFormat, profileName) } -func legacyTokenEnvVar(hostname string) string { +func terraformTokenEnvVar(hostname string) string { hostname, err := NormalizeHostname(hostname) if err != nil { return "" diff --git a/internal/pkg/profile/loader_test.go b/internal/pkg/profile/loader_test.go index 63aca19..2718e72 100644 --- a/internal/pkg/profile/loader_test.go +++ b/internal/pkg/profile/loader_test.go @@ -146,7 +146,7 @@ func TestLoader_LoadProfile(t *testing.T) { r := require.New(t) l := TestLoader(t) - p, err := l.LoadProfile("test") + p, err := l.LoadProfile(context.Background(), "test") r.Nil(p) r.ErrorIs(err, ErrNoProfileFilePresent) }) @@ -161,7 +161,7 @@ func TestLoader_LoadProfile(t *testing.T) { path := filepath.Join(l.configDir, ProfileDir, fmt.Sprintf("%s.hcl", name)) r.NoError(os.WriteFile(path, []byte("invalid!"), 0x777)) - p, err := l.LoadProfile(name) + p, err := l.LoadProfile(context.Background(), name) r.Nil(p) r.ErrorContains(err, "failed to decode profile") }) @@ -178,7 +178,7 @@ func TestLoader_LoadProfile(t *testing.T) { default_organization = "123"`, ), 0x777)) - p, err := l.LoadProfile(name) + p, err := l.LoadProfile(context.Background(), name) r.Nil(p) r.ErrorContains(err, "profile path name does not match name in file") }) @@ -193,7 +193,7 @@ default_organization = "123"`, p.DefaultOrganization = "123" r.NoError(p.Write()) - out, err := l.LoadProfile(p.Name) + out, err := l.LoadProfile(context.Background(), p.Name) r.NotNil(out) r.Equal(p.Name, out.Name) r.Equal(p.DefaultOrganization, out.DefaultOrganization) @@ -255,69 +255,13 @@ func TestLoader_LoadProfileEnv(t *testing.T) { t.Setenv(envVarOrganization, "xyz") - out, err := l.LoadProfile(p.Name) + out, err := l.LoadProfile(context.Background(), p.Name) r.NoError(err) r.NotNil(out) r.Equal("xyz", out.DefaultOrganization) }) } -func TestLoader_LoadProfiles(t *testing.T) { - t.Parallel() - - t.Run("no profile", func(t *testing.T) { - t.Parallel() - r := require.New(t) - l := TestLoader(t) - - profiles, err := l.LoadProfiles() - r.Nil(profiles) - r.NoError(err) - }) - - t.Run("valid profile", func(t *testing.T) { - t.Parallel() - r := require.New(t) - l := TestLoader(t) - - p, err := l.NewProfile("test") - r.NoError(err) - p.DefaultOrganization = "123" - r.NoError(p.Write()) - - out, err := l.LoadProfiles() - r.NoError(err) - r.Len(out, 1) - r.Equal(p.Name, out[0].Name) - r.Equal(p.DefaultOrganization, out[0].DefaultOrganization) - r.NoError(err) - }) - - t.Run("valid profiles", func(t *testing.T) { - t.Parallel() - r := require.New(t) - l := TestLoader(t) - - p, err := l.NewProfile("test") - r.NoError(err) - p.DefaultOrganization = "123" - r.NoError(p.Write()) - - p2, err := l.NewProfile("test2") - r.NoError(err) - p2.DefaultOrganization = "456" - r.NoError(p2.Write()) - - out, err := l.LoadProfiles() - r.NoError(err) - r.NotNil(out) - r.Equal(p.Name, out[0].Name) - r.Equal(p.DefaultOrganization, out[0].DefaultOrganization) - r.Equal(p2.Name, out[1].Name) - r.Equal(p2.DefaultOrganization, out[1].DefaultOrganization) - }) -} - func TestLoader_DeleteProfile(t *testing.T) { t.Parallel() @@ -344,7 +288,7 @@ func TestLoader_DeleteProfile(t *testing.T) { path := filepath.Join(l.configDir, ProfileDir, fmt.Sprintf("%s.hcl", name)) r.NoError(os.WriteFile(path, []byte("invalid!"), 0x777)) - p, err := l.LoadProfile(name) + p, err := l.LoadProfile(context.Background(), name) r.Nil(p) r.ErrorContains(err, "failed to decode profile") }) From 4c10c7a8222ab18232684a0a0401ac5987bdeb49 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 13:38:39 -0600 Subject: [PATCH 13/15] Update profile.go --- internal/pkg/profile/profile.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/pkg/profile/profile.go b/internal/pkg/profile/profile.go index fb55ec2..219c984 100644 --- a/internal/pkg/profile/profile.go +++ b/internal/pkg/profile/profile.go @@ -278,7 +278,7 @@ func (p *Profile) SetHostname(hostname string) error { } // NormalizeHostname validates and normalizes the given hostname by stripping any extra URL data, -// like paths. It also converts domain names to their idna ASCII form +// like paths. It also converts domain names to their idna ASCII form. func NormalizeHostname(hostname string) (string, error) { u, err := url.Parse(hostname) if err != nil { From 65ce88a20189d933988243618fd206e9782d34d5 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 14:35:46 -0600 Subject: [PATCH 14/15] fix URL parse error, credential fallback, more log --- cmd/tfctl/main.go | 2 +- internal/commands/auth/login_test.go | 30 +++++++++++------------ internal/commands/profile/set_test.go | 2 +- internal/pkg/profile/loader.go | 24 ++++++++++++------ internal/pkg/profile/loader_test.go | 35 ++++++++++++++++++++++++++- internal/pkg/profile/profile.go | 2 +- internal/pkg/profile/profile_test.go | 5 ++++ internal/pkg/profile/testing.go | 3 ++- 8 files changed, 76 insertions(+), 27 deletions(-) diff --git a/cmd/tfctl/main.go b/cmd/tfctl/main.go index 23a7067..90795b3 100644 --- a/cmd/tfctl/main.go +++ b/cmd/tfctl/main.go @@ -165,7 +165,7 @@ func loadActiveProfile(ctx context.Context, loader *profile.Loader) (*profile.Pr return nil, fmt.Errorf("failed to save default active profile config: %w", err) } - if err := loader.DefaultProfile().Write(); err != nil { + if err := loader.DefaultProfile(ctx).Write(); err != nil { return nil, fmt.Errorf("failed to save default profile config: %w", err) } diff --git a/internal/commands/auth/login_test.go b/internal/commands/auth/login_test.go index 6937c1a..9d159d7 100644 --- a/internal/commands/auth/login_test.go +++ b/internal/commands/auth/login_test.go @@ -59,7 +59,7 @@ func TestLoginFromStdin(t *testing.T) { srv := newFakeTFE(t, "testuser") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -87,7 +87,7 @@ func TestLoginFromStdin_CustomHostname(t *testing.T) { srv := newFakeTFE(t, "admin") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -110,7 +110,7 @@ func TestLoginFromStdin_EmptyToken(t *testing.T) { r := require.New(t) l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) r.NoError(p.Write()) io := iostreams.Test() @@ -132,7 +132,7 @@ func TestLoginFromStdin_NoInput(t *testing.T) { r := require.New(t) l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) r.NoError(p.Write()) io := iostreams.Test() @@ -153,7 +153,7 @@ func TestLoginFromStdin_WhitespaceToken(t *testing.T) { r := require.New(t) l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) r.NoError(p.Write()) io := iostreams.Test() @@ -176,7 +176,7 @@ func TestLoginFromStdin_TokenWithWhitespace(t *testing.T) { srv := newFakeTFE(t, "testuser") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -201,7 +201,7 @@ func TestLoginInteractive_NoTTY(t *testing.T) { r := require.New(t) l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) r.NoError(p.Write()) io := iostreams.Test() @@ -223,7 +223,7 @@ func TestLoginInteractive_Success(t *testing.T) { srv := newFakeTFE(t, "interactive-user") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -295,7 +295,7 @@ func TestLoginFromStdin_DryRun(t *testing.T) { srv := newFakeTFE(t, "testuser") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -329,7 +329,7 @@ func TestLoginInteractive_DryRun(t *testing.T) { srv := newFakeTFE(t, "testuser") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -365,7 +365,7 @@ func TestLoginFromStdin_QuietMode(t *testing.T) { srv := newFakeTFE(t, "testuser") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -393,7 +393,7 @@ func TestLoginFromStdin_VerifyFails(t *testing.T) { srv := newFakeTFE(t, "") // empty username → 401 l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -421,7 +421,7 @@ func TestLoginInteractive_ConfirmOpensBrowserWithSource(t *testing.T) { srv := newFakeTFE(t, "interactive-user") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) @@ -463,7 +463,7 @@ func TestLoginInteractive_DeclineDoesNotOpenBrowser(t *testing.T) { r := require.New(t) l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) r.NoError(p.Write()) initial, err := l.LoadProfile(context.Background(), p.Name) @@ -504,7 +504,7 @@ func TestLoginFromStdin_DoesNotPromptOrOpenBrowser(t *testing.T) { srv := newFakeTFE(t, "testuser") l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) p.Hostname = srv.URL r.NoError(p.Write()) diff --git a/internal/commands/profile/set_test.go b/internal/commands/profile/set_test.go index fdc35ad..acd4644 100644 --- a/internal/commands/profile/set_test.go +++ b/internal/commands/profile/set_test.go @@ -114,7 +114,7 @@ func TestSet_Organization(t *testing.T) { r := require.New(t) io := iostreams.Test() l := profile.TestLoader(t) - p := l.DefaultProfile() + p := l.DefaultProfile(context.Background()) r.NoError(p.Write()) o := &SetOpts{ IO: io, diff --git a/internal/pkg/profile/loader.go b/internal/pkg/profile/loader.go index 10a1c41..2d4c177 100644 --- a/internal/pkg/profile/loader.go +++ b/internal/pkg/profile/loader.go @@ -246,19 +246,21 @@ func (l *Loader) LoadProfile(ctx context.Context, name string) (*Profile, error) // 2. Check for a token in the terraform credentials file that matches the hostname of the profile if c.GetToken() == "" { - credsToken, err := tokenFromCredentials(c.Hostname) + credsToken, err := tokenFromCredentials(c.GetHostname()) if err != nil { return nil, err } - logger.Debug("Setting token from terraform credentials file", "hostname", c.Hostname) - c.tokenFromEnv = credsToken + if credsToken != "" { + logger.Debug("Setting token from terraform credentials file", "hostname", c.GetHostname()) + c.tokenFromEnv = credsToken + } } // 3. Check for a token in the terraform environment variable that matches the hostname of the // profile (support for TF_TOKEN_{normalizedHostname} if c.GetToken() == "" { - if envToken := os.Getenv(terraformTokenEnvVar(c.Hostname)); envToken != "" { - logger.Debug("Setting token from terraform environment", "var", terraformTokenEnvVar(c.Hostname)) + if envToken := os.Getenv(terraformTokenEnvVar(c.GetHostname())); envToken != "" { + logger.Debug("Setting token from terraform environment", "var", terraformTokenEnvVar(c.GetHostname())) c.tokenFromEnv = envToken } } @@ -299,7 +301,8 @@ const ( // DefaultProfile returns the minimal default profile. If environment // variables related to organization and project are set, they are honored here. -func (l *Loader) DefaultProfile() *Profile { +func (l *Loader) DefaultProfile(ctx context.Context) *Profile { + logger := logging.FromContext(ctx) profile, err := l.NewProfile(ProfileNameDefault) if err != nil { panic("The default profile should always be valid. This is always a developer error: " + err.Error()) @@ -312,7 +315,14 @@ func (l *Loader) DefaultProfile() *Profile { hostname := DefaultHostname if envHostname, ok := os.LookupEnv(envVarHostname); ok && envHostname != "" { - hostname = envHostname + hostnameNormal, err := NormalizeHostname(envHostname) + if err != nil { + logger.Debug("Invalid hostname set by environment (using default)", "error", err) + hostnameNormal = DefaultHostname + } else { + logger.Debug("Using hostname from "+envVarHostname, "hostname", hostnameNormal) + } + hostname = hostnameNormal } profile.Hostname = hostname diff --git a/internal/pkg/profile/loader_test.go b/internal/pkg/profile/loader_test.go index 2718e72..f901572 100644 --- a/internal/pkg/profile/loader_test.go +++ b/internal/pkg/profile/loader_test.go @@ -239,11 +239,44 @@ func TestLoader_LoadProfileEnv(t *testing.T) { r := require.New(t) l, err := newLoader(t.TempDir()) r.NoError(err) - prof := l.DefaultProfile() + prof := l.DefaultProfile(context.Background()) r.Equal("xyz", prof.DefaultOrganization) }) + t.Run("default profile, hostname env set", func(t *testing.T) { + t.Setenv(envVarHostname, "https://example.com/with/path") + + r := require.New(t) + l, err := newLoader(t.TempDir()) + r.NoError(err) + prof := l.DefaultProfile(context.Background()) + + r.Equal("example.com", prof.Hostname) + }) + + t.Run("default profile, hostname with port env set", func(t *testing.T) { + t.Setenv(envVarHostname, "example.com:8080") + + r := require.New(t) + l, err := newLoader(t.TempDir()) + r.NoError(err) + prof := l.DefaultProfile(context.Background()) + + r.Equal("example.com:8080", prof.Hostname) + }) + + t.Run("default profile, invalid hostname env set", func(t *testing.T) { + t.Setenv(envVarHostname, "example/youtube") + + r := require.New(t) + l, err := newLoader(t.TempDir()) + r.NoError(err) + prof := l.DefaultProfile(context.Background()) + + r.Equal(DefaultHostname, prof.Hostname) + }) + //nolint:paralleltest t.Run("valid active profile, env set", func(t *testing.T) { r := require.New(t) diff --git a/internal/pkg/profile/profile.go b/internal/pkg/profile/profile.go index 219c984..53d0c60 100644 --- a/internal/pkg/profile/profile.go +++ b/internal/pkg/profile/profile.go @@ -282,7 +282,7 @@ func (p *Profile) SetHostname(hostname string) error { func NormalizeHostname(hostname string) (string, error) { u, err := url.Parse(hostname) if err != nil { - return "", fmt.Errorf("invalid hostname %q: %w", hostname, err) + return "", fmt.Errorf("invalid hostname %q: must be a valid hostname (with optional port)", hostname) } if err == nil && u.Host != "" { diff --git a/internal/pkg/profile/profile_test.go b/internal/pkg/profile/profile_test.go index 80fdbda..faa6471 100644 --- a/internal/pkg/profile/profile_test.go +++ b/internal/pkg/profile/profile_test.go @@ -207,6 +207,11 @@ func TestProfile_SetHostname(t *testing.T) { Hostname: "invalid/hostname", Error: `invalid hostname "invalid/hostname": must be a valid hostname (with optional port)`, }, + { + Name: "cannot be parsed", + Hostname: "http://[invalid:hostname]", + Error: `invalid hostname "http://[invalid:hostname]": must be a valid hostname (with optional port)`, + }, } for _, c := range cases { diff --git a/internal/pkg/profile/testing.go b/internal/pkg/profile/testing.go index 0fee16f..2d8bab6 100644 --- a/internal/pkg/profile/testing.go +++ b/internal/pkg/profile/testing.go @@ -4,13 +4,14 @@ package profile import ( + "context" "testing" ) // TestProfile returns a profile appropriate for use during testing. If // interacting with more than one profile, prefer using TestLoader. func TestProfile(t *testing.T) *Profile { //nolint:paralleltest - defaultProfile := TestLoader(t).DefaultProfile() + defaultProfile := TestLoader(t).DefaultProfile(context.Background()) defaultProfile.Hostname = "app.test.terraform.io" defaultProfile.hostCacheDir = t.TempDir() defaultProfile.DefaultOrganization = "test-organization" From 5fdaa4b91a68eb3dd63d3fe1909cd190c2139eb5 Mon Sep 17 00:00:00 2001 From: Brandon Croft Date: Wed, 17 Jun 2026 15:53:03 -0600 Subject: [PATCH 15/15] rely on go-tfe to not send tokens to unallowed host --- internal/commands/api/api.go | 4 --- internal/commands/api/api_test.go | 19 -------------- internal/pkg/client/client.go | 39 +--------------------------- internal/pkg/client/client_test.go | 38 --------------------------- internal/pkg/cmd/command_internal.go | 15 +++++++---- 5 files changed, 11 insertions(+), 104 deletions(-) diff --git a/internal/commands/api/api.go b/internal/commands/api/api.go index 0664257..87e811c 100644 --- a/internal/commands/api/api.go +++ b/internal/commands/api/api.go @@ -258,10 +258,6 @@ func NewCmdAPI(inv *cmd.Invocation) *cmd.Command { return fmt.Errorf("invalid input path/URL %q", path) } - if resolvedURL.Host != apiClient.BaseURL.Host { - return fmt.Errorf("invalid input path/URL %q: must be on the same host as the configured profile host %q", path, inv.Profile.GetHostname()) - } - if resolvedURL.Scheme != "https" { return fmt.Errorf("invalid input path/URL %q: must use https scheme", path) } diff --git a/internal/commands/api/api_test.go b/internal/commands/api/api_test.go index 4b59e31..32a41bb 100644 --- a/internal/commands/api/api_test.go +++ b/internal/commands/api/api_test.go @@ -309,25 +309,6 @@ func TestRunAPI_InlineQueryParamsSparseFieldsets(t *testing.T) { require.Equal(t, "name", req.Query.Get("fields[workspaces]")) } -func TestNewCmdAPI_HostmismatchReturnsError(t *testing.T) { - t.Parallel() - - io := iostreams.Test() - inv := &cmd.Invocation{ - IO: io, - Output: format.New(io), - ShutdownCtx: context.Background(), - Profile: &profile.Profile{ - Name: "test", - Hostname: "example.com", - Token: "test-token", - }, - } - cmd := NewCmdAPI(inv) - err := cmd.RunF(cmd, []string{"https://malicious.com/api/v2/things"}) - require.ErrorContains(t, err, "must be on the same host as the configured profile host \"example.com\"") -} - func TestNewCmdAPI_NonHTTPSReturnsError(t *testing.T) { t.Parallel() diff --git a/internal/pkg/client/client.go b/internal/pkg/client/client.go index e19b19d..64caab6 100644 --- a/internal/pkg/client/client.go +++ b/internal/pkg/client/client.go @@ -6,7 +6,6 @@ package client import ( "context" - "encoding/json" "errors" "fmt" "net/http" @@ -133,6 +132,7 @@ func (c *Client) Do(ctx context.Context, req *Request) (*http.Response, error) { httpResp, err := c.Adapter.Client.Do(httpReq) if err != nil { + // Unwrap url.Error to get the underlying error type for better error handling by callers. var urlErr *url.Error if errors.As(err, &urlErr) { return nil, urlErr.Err @@ -140,10 +140,6 @@ func (c *Client) Do(ctx context.Context, req *Request) (*http.Response, error) { return nil, err } - if httpResp.StatusCode >= 400 { - return nil, tfe.APIErrorFactory(httpResp, nil) - } - return httpResp, nil } @@ -194,39 +190,6 @@ func httpMethod(method string) abs.HttpMethod { } } -// SummarizeAPIErrors attempts to extract meaningful error messages from typical API error responses. -func SummarizeAPIErrors(body []byte) string { - var payload struct { - Errors []struct { - Status string `json:"status"` - Title string `json:"title"` - Detail string `json:"detail"` - } `json:"errors"` - Error string `json:"error"` - Message string `json:"message"` - } - if err := json.Unmarshal(body, &payload); err != nil { - return "" - } - if len(payload.Errors) > 0 { - parts := make([]string, 0, len(payload.Errors)) - for _, item := range payload.Errors { - if item.Detail != "" { - parts = append(parts, strings.TrimSpace(item.Title+": "+item.Detail)) - continue - } - if item.Title != "" { - parts = append(parts, item.Title) - } - } - return strings.Join(parts, ", ") - } - if payload.Message != "" { - return payload.Message - } - return payload.Error -} - // SetTelemetry wraps the HTTP transport to emit network telemetry about outgoing requests. func (c *Client) SetTelemetry(tel *telemetry.Telemetry) { // Wrap the HTTP transport to inject telemetry context and attributes. diff --git a/internal/pkg/client/client_test.go b/internal/pkg/client/client_test.go index d2b4777..e8f7a2a 100644 --- a/internal/pkg/client/client_test.go +++ b/internal/pkg/client/client_test.go @@ -189,44 +189,6 @@ func TestClientDo_UnwrapsTransportErrors(t *testing.T) { require.ErrorIs(t, err, wantErr) } -func TestSummarizeAPIErrors(t *testing.T) { - t.Parallel() - - tests := []struct { - name string - body string - want string - }{ - { - name: "json api errors", - body: `{"errors":[{"title":"invalid request","detail":"workspace not found"}]}`, - want: "invalid request: workspace not found", - }, - { - name: "message fallback", - body: `{"message":"rate limit exceeded"}`, - want: "rate limit exceeded", - }, - { - name: "error fallback", - body: `{"error":"unauthorized"}`, - want: "unauthorized", - }, - { - name: "invalid json", - body: `not-json`, - want: "", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - require.Equal(t, tt.want, SummarizeAPIErrors([]byte(tt.body))) - }) - } -} - func TestClientSetLogger_Response(t *testing.T) { t.Parallel() diff --git a/internal/pkg/cmd/command_internal.go b/internal/pkg/cmd/command_internal.go index 053832d..9ca1264 100644 --- a/internal/pkg/cmd/command_internal.go +++ b/internal/pkg/cmd/command_internal.go @@ -58,13 +58,18 @@ func (c *Command) errorToExitCode(_ []string, inv *Invocation, err error) int { fmt.Fprintf(io.Err(), "%s Server error: %s\n", cs.ErrorLabel(), apiErr) return 5 } - fmt.Fprint(io.Err(), heredoc.New(io, heredoc.WithPreserveNewlines(), heredoc.WithWidth(0)).Mustf(` -%s Request error: %s. + if len(apiErr.Details) > 0 { + fmt.Fprint(io.Err(), heredoc.New(io, heredoc.WithPreserveNewlines(), heredoc.WithWidth(0)).Mustf(` + %s Request error: %s. -{{ Bold "Error Details" }} - - %s + {{ Bold "Error Details" }} + - %s + + `, cs.ErrorLabel(), apiErr.Message, strings.Join(apiErr.Details, "\n - "))) + } else { + fmt.Fprintf(io.Err(), "%s Request error: %s\n", cs.ErrorLabel(), apiErr) + } -`, cs.ErrorLabel(), apiErr.Message, strings.Join(apiErr.Details, "\n - "))) return 1 } else if errors.As(err, &exitCodeErr) { exitCode = exitCodeErr.Code