From 948286f8a4897d85ece40a11f6a2fbf122fd7b32 Mon Sep 17 00:00:00 2001 From: helm Date: Sun, 3 Dec 2023 11:36:25 +0000 Subject: [PATCH] Helm chart update: 2.25.0 --- checkpoint/cloudguard/Chart.yaml | 4 +- checkpoint/cloudguard/README.md | 2 +- checkpoint/cloudguard/defaults.yaml | 12 +- checkpoint/cloudguard/templates/_helpers.tpl | 52 ++++++-- .../admission/enforcer/deployment.yaml | 2 + .../admission/policy/deployment.yaml | 2 + .../templates/flowlogs/daemon/daemonset.yaml | 2 + .../templates/imagescan/daemon/daemonset.yaml | 2 + .../imagescan/engine/deployment.yaml | 6 +- .../templates/inventory/agent/deployment.yaml | 2 + .../templates/runtime/daemon/daemonset.yaml | 2 + .../templates/runtime/policy/deployment.yaml | 2 + repository/cloudguard-2.25.0.tgz | Bin 0 -> 26722 bytes repository/index.yaml | 123 ++++++++++++------ 14 files changed, 150 insertions(+), 63 deletions(-) create mode 100644 repository/cloudguard-2.25.0.tgz diff --git a/checkpoint/cloudguard/Chart.yaml b/checkpoint/cloudguard/Chart.yaml index ce4d2151..9baedbe7 100644 --- a/checkpoint/cloudguard/Chart.yaml +++ b/checkpoint/cloudguard/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.24.3 +appVersion: 2.25.0 description: A Helm chart for Check Point CloudGuard Workload Security home: https://portal.checkpoint.com icon: https://www.checkpoint.com/wp-content/uploads/icon-cloudguard-nav.png @@ -32,4 +32,4 @@ keywords: - gke - autopilot name: cloudguard -version: 2.24.3 +version: 2.25.0 diff --git a/checkpoint/cloudguard/README.md b/checkpoint/cloudguard/README.md index 7cccf7a2..22a6a228 100644 --- a/checkpoint/cloudguard/README.md +++ b/checkpoint/cloudguard/README.md @@ -140,7 +140,7 @@ The following table list the configurable parameters of this chart and their def | `seccompProfile` | Computer Security facility profile. (to be used in kubernetes 1.19 and up) | `RuntimeDefault` | | `podAnnotations.seccomp` | Computer Security facility profile. (to be used in kubernetes below 1.19) | `runtime/default` | | `podAnnotations.apparmor` | Apparmor Linux kernel security module profile. | `{}` | -| `autoUpgrade` | Enable auto-upgrade (true or false). 'major.minor' tags will be set for images rather than 'major.minor.patch'" | `false` | +| `autoUpgrade` | Enable auto-upgrade (preserve, true or false). 'major.minor' tags will be set for images rather than 'major.minor.patch'" | `preserve` | | `podAnnotations.custom` | Custom Pod annotations (for all agent Pods) | `{}` | | `priorityClassName` | Specifies custom priorityClassName | `` | | `daemonSetStrategy.rollingUpdate.maxUnavailable` | Maximum unavailable daemonset pods during a rolling update | `50%` | diff --git a/checkpoint/cloudguard/defaults.yaml b/checkpoint/cloudguard/defaults.yaml index d710079b..3d67c414 100755 --- a/checkpoint/cloudguard/defaults.yaml +++ b/checkpoint/cloudguard/defaults.yaml @@ -56,7 +56,7 @@ platform: kubernetes # kubernetes, openshift, openshift.v3, tanzu, eks, eks.bott seccompProfile: type: RuntimeDefault -autoUpgrade: false # true or false +autoUpgrade: preserve # true, false or preserve daemonSetStrategy: rollingUpdate: @@ -111,7 +111,7 @@ addons: priorityClassName: "system-node-critical" ## Specify image and tag image: checkpoint/consec-imagescan-daemon - tag: 2.25.0 + tag: 2.27.0 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -133,7 +133,7 @@ addons: shim: ## Specify image and tag image: checkpoint/consec-imagescan-shim - tag: 2.25.0 + tag: 2.27.0 ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ @@ -169,7 +169,7 @@ addons: engine: ## Specify image and tag image: checkpoint/consec-imagescan-engine - tag: 2.25.0 + tag: 2.27.0 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -202,7 +202,7 @@ addons: list: ## Specify image and tag image: checkpoint/consec-imagescan-engine - tag: 2.25.0 + tag: 2.27.0 ## Specify existing service account name ("" to create) serviceAccountName: "" @@ -309,7 +309,7 @@ addons: enforcer: ## Specify image and tag image: checkpoint/consec-admission-enforcer - tag: 2.9.0 + tag: 2.10.0 ## Specify existing service account name ("" to create) serviceAccountName: "" diff --git a/checkpoint/cloudguard/templates/_helpers.tpl b/checkpoint/cloudguard/templates/_helpers.tpl index 330ff56e..dbfbb897 100644 --- a/checkpoint/cloudguard/templates/_helpers.tpl +++ b/checkpoint/cloudguard/templates/_helpers.tpl @@ -67,7 +67,7 @@ {{- if or .Values.debugImages .featureConfig.debugImages .agentConfig.debugImages $containerConfig.debugImage }} {{- $tag = printf "%s-debug" $containerConfig.tag }} {{- end }} -{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne .agentConfig.image "checkpoint/consec-runtime-probe") -}} +{{- if and (eq (include "get.autoUpgrade" .) "true") (regexMatch "^\\d+.\\d+.\\d+$" $tag) (ne $containerConfig.image "checkpoint/consec-runtime-probe") (ne $containerConfig.image "checkpoint/consec-runtime-cos-compat") -}} {{- $tag = regexFind "\\d+.\\d+" $tag }} {{- end -}} {{- $image := printf "%s/%s:%s" .Values.imageRegistry.url $containerConfig.image $tag }} @@ -179,10 +179,8 @@ imagePullSecrets: fieldPath: spec.nodeName - name: PLATFORM value: {{ .platform }} -{{- if eq (include "get.autoUpgrade" .) "true" }} - name: AUTO_UPGRADE_ENABLED - value: "true" -{{- end -}} + value: {{ (include "get.autoUpgrade" .) | quote }} {{- if .Values.proxy }} - name: HTTPS_PROXY value: "{{ .Values.proxy }}" @@ -343,16 +341,50 @@ takes a context (such as $config, .Values or (dict "containerRuntime" $container {{- end -}} {{- end -}} +{{- define "inventory.resource.name" -}} + {{- $inventoryConfig := fromYaml (include "inventory.agent.config" .) -}} + {{ template "agent.resource.name" $inventoryConfig }} +{{- end }} {{/* -if registry is not quay do not enable auto upgrade +If the registry is not "quay" do not enable automatic upgrades. +If a user manually defines a value, that choice takes precedence. +If a user opts for the default "preserve" option: + If there was no prior deployment, automatic upgrades are enabled. + If there was a previous deployment, we examine the value that deployment had and apply it. + If there was no previous value, automatic upgrades are enabled. + note: In the case of Helm templates, we won't have knowledge of the previous value, and unless a value is provided, "autoUpgrade" will default to "true" */}} {{- define "get.autoUpgrade" -}} -{{- if ne .Values.imageRegistry.url "quay.io" -}} -{{- printf "false" -}} -{{- else -}} -{{- printf (.Values.autoUpgrade | toString) -}} -{{- end -}} +{{- if ne .Values.imageRegistry.url "quay.io" -}} +{{- printf "false" -}} +{{- else -}} +{{- if eq (.Values.autoUpgrade | toString) "true" -}} +{{- printf "true" -}} +{{- else -}} +{{- if eq (.Values.autoUpgrade | toString) "false" -}} +{{- printf "false" -}} +{{- else -}} +{{/* preserve */}} +{{- $inventoryDeploymentName := trim (include "inventory.resource.name" .) -}} +{{- $inventoryDeployment := lookup "apps/v1" "Deployment" .Release.Namespace $inventoryDeploymentName -}} +{{- if not $inventoryDeployment -}} +{{- printf "true" -}} +{{- else -}} +{{- $isAutoUpgradeEnv := true -}} +{{- $firstContainer := first $inventoryDeployment.spec.template.spec.containers -}} +{{- range $index, $env := $firstContainer.env -}} +{{- if eq $env.name "AUTO_UPGRADE_ENABLED"}} +{{- if eq $env.value "false" -}} +{{- $isAutoUpgradeEnv = false -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- printf ($isAutoUpgradeEnv | toString) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} {{- end -}} diff --git a/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml b/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml index 6942c7c2..b06e64f0 100644 --- a/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml +++ b/checkpoint/cloudguard/templates/admission/enforcer/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "admission.enforcer.config" .) -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} {{ if $config.featureConfig.enabled }} apiVersion: apps/v1 kind: Deployment diff --git a/checkpoint/cloudguard/templates/admission/policy/deployment.yaml b/checkpoint/cloudguard/templates/admission/policy/deployment.yaml index 15dad9ea..28323617 100644 --- a/checkpoint/cloudguard/templates/admission/policy/deployment.yaml +++ b/checkpoint/cloudguard/templates/admission/policy/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "admission.policy.config" .) -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: Deployment diff --git a/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml b/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml index 5ba81f84..705efca6 100644 --- a/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml +++ b/checkpoint/cloudguard/templates/flowlogs/daemon/daemonset.yaml @@ -1,6 +1,8 @@ {{- $configs := fromYaml (include "flowlogs.daemon.config.multiple" .) -}} {{- range $_, $config := $configs -}} {{- $config = $config | fromYaml -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" $.Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: DaemonSet diff --git a/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml b/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml index 9deb0cc8..e1ff2e6a 100644 --- a/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml +++ b/checkpoint/cloudguard/templates/imagescan/daemon/daemonset.yaml @@ -1,6 +1,8 @@ {{- $configs := fromYaml (include "imagescan.daemon.config.multiple" .) -}} {{- range $_, $config := $configs -}} {{- $config = $config | fromYaml -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" $.Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: DaemonSet diff --git a/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml b/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml index e1b94369..3450b985 100644 --- a/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml +++ b/checkpoint/cloudguard/templates/imagescan/engine/deployment.yaml @@ -53,12 +53,14 @@ spec: value: {{ include "name.prefix" $config }} - name: CLOUDGUARD_REGION value: {{ include "dome9.subdomain" $config | default "us" }} + - name: CP_RUNTIME + value: {{ $config.containerRuntime }} {{- if eq $config.containerRuntime "cri-o" }} {{- if $config.featureConfig.mountPodman }} - - name: USE_PODMAN_EXPORT + - name: CP_USE_PODMAN_EXPORT value: "both" {{- else }} - - name: USE_PODMAN_EXPORT + - name: CP_USE_PODMAN_EXPORT value: "false" {{- end }} {{- end }} diff --git a/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml b/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml index 0e2bbbfa..55c2a00e 100644 --- a/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml +++ b/checkpoint/cloudguard/templates/inventory/agent/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "inventory.agent.config" .) -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml b/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml index ef1e6a82..22461736 100755 --- a/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml +++ b/checkpoint/cloudguard/templates/runtime/daemon/daemonset.yaml @@ -1,6 +1,8 @@ {{- $configs := fromYaml (include "runtime.daemon.config.multiple" .) -}} {{- range $_, $config := $configs -}} {{- $config = $config | fromYaml -}} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" $.Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: DaemonSet diff --git a/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml b/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml index 8fb782bc..15f09390 100644 --- a/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml +++ b/checkpoint/cloudguard/templates/runtime/policy/deployment.yaml @@ -1,4 +1,6 @@ {{- $config := fromYaml (include "runtime.policy.config" .) }} +{{- /* Make ".Files" of the chart accessible and properly formatted when accessed via $config' */ -}} +{{- $_ := set $config "Files" .Files -}} {{- if $config.featureConfig.enabled -}} apiVersion: apps/v1 kind: Deployment diff --git a/repository/cloudguard-2.25.0.tgz b/repository/cloudguard-2.25.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ef3333c28a4ceedc6c0785609ded7d638d9ec23b GIT binary patch literal 26722 zcmXV1WmFzbvqXbC!QI`0LvVL@hXi-G;O+!>hv4oW9D=*MyX&);_d9og&)J#Xndz>s zswR$t#RU8B0cgSKjipprOr_*GZtN?Dr#tO%4^zK8QYn8swvxl zm-=C23wGXR>AlvxNYma!^Z~C&)z#diaHZLzPT(%xT3m3Nb_75QF_PA(CJ2;x4eZviymgLKI1lno$ zUlPH*%V$ArRao~Q$5V{X)=THjHe!ss&vN{0FoI<6@C@B*y|5S#EW(RO+{3ZMz2Jtj z#LqeqJw{G@CKf@mX3zu14U15U%EWRwca}YKH>}3f9E_l*DM3y~ep?9)HytVf(%E$V9?pVghM#y$1*$L*>U@4ZE&j16OxxnC7XP?#jW*F6PeRh+E|XvL%j zw%Z;pBc^HBTLL8vB(QS%FvAv+P{C`x52yj6!>-GSLNaK@r^(+!Ob3Xep}erHn)*ft z-FpX3SFIp9NnzQxJrLWfze&`8X)HxPFh%w_f_2li6@rN4QHAme#I1kcz6-NBSCaVY zuM-a-G0s{+Qh*4@{YU|Kh*8u#V!v2eB1oyUZ-FVNXoEy%--y9cHel3zn3aMyw}dN@ z?3!N;mnDg^xyd&vUH;|@-CR9OkPxt(^D+HoM7h;okhte;^2+h{!3z|7 z!OD*TH+yP%!2PKi@3klT_H=?WCii9ja! z8d@VNI*jtRhmdYV=B{&<(r^Q+5e7S?syV-L0iXMT@viZFV{bYMUMmAq-whZU6vj%# zTtkI0@q_~y!!h_6!4fpMxKY(cNqE&w04{W}JZb{uup|>fFc$Hlj|LnAR~{mogUg6D z(&f&)yD~8jP$k26lv|6#`0y}eY{-cY*-RRQb&Esh8%up2u%(s@EJM+>igw9^`9^w! zv5wpPC{HEz6^f7HKNL!}lDf-%JCe*g!5Db$^%otND7+bXxf{y%S_Yz&-0;^ora+wi z?UG>+9e7-;_TZCsp7e~pGn5}1f32}-@IK5fPCMdBS9j-DG)P2H;lJZ&*X~T`!XbT{lo9OaCICkM>>F0VDtjo+E`tc z9rx?7Z^^s^RK|{`vbnYi&?6gF*N3A_Nxy2pH;(9JbAxUJi9yM#I7Ph0VfB)@d~83ihrYGB=_rCDu9sd9RwRgv@xLLwz%lC52qNf}_!adzJ4BtoM=!O-{(4j&N%*e6 z7VLEp3x}|*bnMm7e4jQrs*!AnKnmr92Y=DF5tGbqNuMw~v=yjjNaA03{vX#yUAV${ zJWnIYne*+|!AiZnf5AL`0(&O;{OH?MUR^R@sLfaa#}bL3%) zIztNv2NCNYWgm}pNx%t?`W)W4gX4)#>r!F8ZEidV<^nv-EKU*k760 zXDFR9TdPNx^jgIl52mr`MRLJylMt}}g6AmIVPElgBa!0pwTwXS?#cUB$ql6J2{JOw zdv#)mw1x^{JU91Q-#q$mw?ou{P*`b4?`If}54`TBO@MTK%i|Nfun#O3?DlQ{-)N49 zSQXpotkP;&$Bn^4XsYydJ-}#=nhO9+5C-J z6;%u?(~dED4Wvp?;c_LqQd+Mkb$yVoZ{To1$8m6t2`1p2t)e3IeLZSpTEh5_y%g*t zmC`rQ4ww|h(kkyuh_NsIiuaj9EJ5dnxnyC+3hsIz%|)p956|SdH&$JaB4kPM6DUh0&Qo)CPy0!U&1$$wWJO zt&RW;iv+`H{=c%s?zM-Q#4mS^nUr%n@AZ!o<^3L(nY2Mt2cfrcM3GcjudDrywmW}N zR;+AB1BujZ#wRqBb?gQ#4?+s>Q#xp??1^8%Tr7gLRU%V~QUQhwNh-tB{e^oz{QP_%@E> zMwRU{KptSKQ=iQARU|{XM^xtl8g;*8TBP^61w7gs(g!>mDhK+pc~H^Z3paWoy~cJ# zz$z#W@4a7`dzjNdCk!_!qiezi_=PGwPd+Pa%!^#0 zWZ64)ZXfVi^Sis=MSkD1%c8GJp`|+p^n>Cx85RN|5tG$XGqlyoajO4b#lsKIW_B+w zF<_#Q4n$-Wf5Yrd@J+5UAnJ=%C7GpFWuV(Q(FGS~d;V5G!Sx)$q>bk$yoY;4+gY;~ zX2XFj!$XxPp(EDBusIGc%9BhlHSs=DQ+O~Ct`behbew^+?12V@>-2q1AWPiuty`VC zua#u^`BMl@IaJkN2`f>WDbj?|F5g!?5uLgE%?y@6xoZpBpSfUWXtaPYw=mx7cs8x2j5~ zNL#Tu(R`E71415HTJYfp4pI`yh67jl!191pQo4~{E+!bzk0cAltI=}RTXYG+H}Zuz zQMAyQ?%VHI*!#K$PWF+yUIO1QhfztFE-&)tuPh<2?!>0a+rdJg1lNJUCwm!F@;oiDIlH< z<{oTu*AUH=wD6Qy1sP|Kba23@65QI!;+Whw=V2RDJI&c3`gx@ z#q*9~CQB{nG+rT3*7&_X+c`M$w&Lj-5EJ-ycH-&j5fg?QwTdxZV9i!LLVV;-pF_lm zm`Y^xH2Z9*Yd~a(7z(!vHwc8kN03b@JSl!jJ$i!)vIfydO^pawSCNu|1j1})VN?h5 zkZ>{8;$M|oJLt;H!w|rV1nQw)_S8rMU4M1@J%G-4DOmUGC}r^vKH@aZmx!kX_0EZr zt6@stu3}-rB5KCeaSeM7!GF>yrcgZpDrvdjTUdBGcz79H@dNODz1s4dZkTt$1pDiN&1TLk+-QR|V6#WwuY##5D7<=<9OGAnb~>95~=B+4v2@EIOM zZFRFVlxYSDI)cs5tq|&c^!j1-P-U+2$Q&UwhN)2jq z>Y&M`2A3EILo2Az@_YLA^aUH+9NX7ne?w$Ry1oCGWFK$#c5hQ3D)>36zoc(1)uFGv zdxAd3TuU?D;y`bhVDmf*Lk{e~A}69!^R-0$m3-{a4AfMcTGB?lXL=?X%yT$W@%@o7 zX~mq*24~NI``1I>{K6vN)@J3he#{uYrb;Z*Q@bz(ch5Dyd#m<0TsInJM0LN#p5|KF zro^~zwn{R@AXJycRN;#ih2K*T<~X>51%&Y6~ysZ|2)wVX+D&soC{0Z+?j@>wvtgh2Ebrn=^bF}f9yfK!IUpr-*dp|Je{Ei zKm|MW3jlW4$TM3pprfsrt9jsk=1Rg);Q1)mZw!&_>}K|B3C7B|2;-4zPLm;ZiaP|I zUTSU?V}mjp`Y<{Xl0yTUI_2X%lR&H>u5bvNY^zILtVb>PcTY{FRiKUEOx(4FizSIEz$-Xo;@HQ3=K?nS_(pmCcNkdVYP0pTo8 z&e=|||l#Lv4m&4676^}!eLW;-? zF&Qzb#k(EMv?#U`-G|9TA2DMRER zm>6Wu;6H-a>*X83&%N=KTdgHk(Px!cDG#9dLI7>|?&n1YDs?Or0B^FF$ zbh~9F4b3T`#8a7Pby>_0(LV2=E@MS|nxH3`gkuQ7GZ^G8u`x})yr(ao);}|Vy z{WN2(4%;Pklb*3@Ih;J~TC`Yb#04i~7U?(J2n5|czT_sXxdg>~xBfg>7z4PhVU+Ba zD-O#mPbYQY!djaB!lPjlVWI)yh8Zy5(hE_i+0s$HVXND!RGrTm0 zPjvq++r$A3PpNg5I<|U*d0Qu5?lXrek?^;+H4~>I<$QlK)IZh1u>GmEe-~ThNqk1h z_2WWHRTW}c685Qg7|R5b-8>n$(FS-av)Mw3q*?o1%4qos`VZw6vf}TTLbh?s>qT5b z==EOnO9t3D6OlPrzG9^;a4Ljw&E5NJv;Q5(NvqH=Dg@OM)eEy>DE{w(tPWB}? z5-+^WSV2q3mW*ltTk!#M1bNA9i!_=8W#w7U#}MB{S`_To6=IftV9v|pI>gy^Y_olL z=|xW4!Wzpx3UWW;rodhLH&>7ZC!iqpi=sbKYWDMfthyKyHfTL)UANW3tjB*u1J(8SMs02oV zlT7phR%7-E7-~=gjZi~-xaov0Thx0$b-9b=SbnH%>CT_K35#a&rm$1RggSNZV1i=4 zdq@sa9bnLJ{NuC|jyL#z9I7+%)y`$-$u_{_JBcvyPKjZY3Y{ zO0{t7T=(zf_ir+@iP(*(w5$a>b8_PP_nDg6no+9I_Nsd_^KsUMO|8nb%obZ zW$0}*k2ddLd(**f7(gn0dRdVQq|OYeQW%&VFHcH%>ZQ{Nd1sUJ{ti1r@xAhYRBNf0 z>rmq}5OPTnRz@1)k-^{OBD>lhjGm$33IqGLoJm_B1Sw{r0{BK|p!;v2mPg!gZ0I2D z>dPXR84fCJON4}Cr>lY>Gr*jvBY1N4cOt0wv1ig-vC@QevwHKcI=*e!vfBjYKvWME zqVu49n}?A+MXd3G@|&k*q^s?~s1C&Nhzjn>i#q3aA)hNV59)PBi=hgga;3?#l@Y*C z$GRd|iYf6oK49AzlTiB^ok)w7KWeDWk)idYBq(P7Fq#X1ZO2r%16VX1zQZfcz2ChU z->GOhiA-HhEWue)v`E+$-mz!RC3G&zmRr)$z)`{;e| zM5-)eYQ%GcB_v4LWf#p){HU8a7n5l)k?p$G)WkIhU^Hn=&Uv2 zsL4nTOd33qqRh%rE$$gb$iEDlln|*-D!cs2%CgFwb>T#KCz0Mi=ZXKLazaw(uxKYq zk2{5rd{RJad$drDLaK60p1>NS1lDUCS$1;Qn2Fh&?MN5r+t(6Ubm1434^rpVldy(Z zeg)E>>G+JSFNuusxR7E*+*xo)JJZ>YS={6l0Y@i}3snSBqIFCpizDJlX2>o(nFI?2 zrH3jU*n9#~4+LAw4{Ee^?L$S&?X17G!GzKeZ&iqpU3qhrsln;!BS<(YZ{RQT>Xph+ zdUe8}49t=;Km=l_r$6pVx8e&x2eDVw5-4^1E|2*D$!N`2(V z%IIW032M4J)-kJFwj8HsLnU~o-DS!g z!TNS`F)TE8t<7IKm}`W#?`Yf2pxD@RMoFavFpR$}yAs;JD|g1zb<%bM$9=lTt?x-G z;pUOIM8PBz15ZD1=WfeV>nzdCqWr-EXIH?4%m$LG=kpP3#9xXDtavKx&tX~3HgKt_ zR2&2OLJ}-)WeHBx`%1aBk=o6nbP(krQ+c|hgxKjv8RC*^B#C9u4yk(eELxpuRuKvB z#X7V1V)W}gCQ^JR+%1!09Eae9(5>k69HL*V6ye4bZ!;DNuZowN#TF407B1vOz7`&b z9AB35!xanc2OE*-qx>EFGh)r?9df#;orLx+e=#PeDY6pxWCB})U?|UzmJhdEJFYuU zt{GqZ%r=Kg{}|9WdZicS!%(G?uhl`F-EsFTQmxLN zleZHTN#`?FPD=I7=ZGerDUXT5<)K>Ri=bNN@tZ2z#sSSZlObnu!_3g|Z(2u^I0$S_ zFbL)1y6jEe3$hB=5K}Mo4d3@39~7)ICq}I6vEmu(45kuO0uyBXlf<~+F4{Nsq^7xK zCW!H*rwV}uYLh-ho~|f}D+-w40Tpvokdt6!G$a~_0H$RRQx#l2B$GN}%y)wCMC;`A z@jt=yD(gsvyF|?JRt(pS;L|y9*WaKb<{vYDr1X3>h8Y!dj7`^o0Xrv$z@^eFk?)ks z^b*aBmwR%nS1f(pQ~+5@3?W4tfLU^`K}|Ok(qhr3zkDGz91~(2$4VFZNmZ1&v~oQf zFE9_=Fi&vBDb&xNLVtwWxAQO^gOltuZb*znE;STS3fX87@_2W4+&S$vsF~(N=MM}V zjlrHpIJRS{#$$xedy@Z_2(=t3D4Rl~+Gdf_8Y;?Ex2RcV1wyFVEd&CxhzB+63L9SQJ0r98ICY{$P~1-&UPK z_vW^TX(8t>_(*IxbUu>%$dIuEZ5@jw#!|Y9ueR9*ypfh)`Yo@l${qq6tEZQjoG*T< z$^!I)vnEI37OZI__{JuriH~tgyjAa}#%VQGjBNaasYt?G!cT~vfduJXTdF4xi|vm5 z9Vp0RM86S!V0;&2t0(rZn*J9uhwSsUkQF%|tKnRE~b}yZ4kY2Aaik!lkN5INY z0EG;YeV6T}pRSDO%e`P1KmM0#7XS4c19(U&#$!wvsqO`>Ue9|IA|fSW;4dSPN1y+> zV{2y@CC7gDElVSSENwehXYg#;=~bF4#li-gpfKAHvuF8Lp)ZJx^lAAV)=56-lqlc) z(M&Wo1p9)?GP2s0sjXgw(09rokAkpbOuX*l_il2HLDpA(2c%6S7rp9lel3}cz~iU> z^%Gz&q>zi6w++MCOu4f)+i#W<`z>I>1EC!gy`_Oknu^vpzvzW2Ju#6yK%pvlw_^xy z6;c*;?=FxbLy;ycAH}kAh?GIOwVtOvR&m{C?s%i(4TQyBZ9XF-QR8e;G?o{;Uz(8srsKU0Rer6%y^=5JE@rGM+0uMVfGTNl zo$2Vny4-_@lQ}eeCwc>k6Be`=@b2p1=Eck1$_5Ir4eTa&nu@aj0aDJr1x8VI$XbY~ zCbwQi4w%0WT(Yz|cGf*Qz@~HT2>P7!E;6i0rNIVqIn$$OZ$5^G_vL6Xw(Ey#-qy*- z$ln;kuzlgNc)@O$)OcPS4vt}I3mV|$bVkXRAV86iD*vQBV<~z6up=^&sW;KmeZgrP z!CcHkWMhY4ujlpKHQwQiGO9WM-p51-(vlcSUff|0i#6xlY(>s0FSm;O+U?%SDx8F+ zsRTAJ4<52mpsx|_k~Y$T6RNjig3CAP{|uovYEw||#470mg4p0auC}^B@GEq#vwStW z*4$nf!S+-MV+)MMN5$+;CX$yKH!chq$&h^8#`M0WbuNL0IY-xCZm=Z2Zeg0FjA5oO|B8v?RHR~w zMNrN>6b^p#*Og|x*%oI-qO~#=9R2U}yY`Q2ugkBiNu>-3(|%15XAJ>#uUl)sG7Eq; zdwihhAj$j=NQ;B){B3Z&G zDpbuP=Bo}>Jrut%cy~hDeO#+_sjx%-&=EMm6C0%A8*t;F*u_<_j0u}6iXenZ3eQO> z(IoCAO|(sa!=5zHcroBo=t2iy+r;7CJ$&Mmv(rPgO;>gef6fmR?$^Zm`);4^BSlFX z6!H1nUjOh(feT+Kef=Sc6jAX5Cu@v8=DSa+;TPHpwMi3ga~I+<&Cz8`J|{nDN1{^q zpeJ+ep!JX`!_S2eVFts>T7HdYkO8!^;M!{8hWP6PFVzr!mx|y00 z%5bHsQQ9fu>r#_h9}@@(ysp6`S<3&6Era;>qp2%Vye$1xY{IJaN!k9jJ4Md)$T8fS z(aLJ%nUeHp$CzzG)SWn=r53S-%l=}6>{9mSQOC$KGhQBMBAWU&Cd@AroYP{2pengv zvmF>ySu;T91b&|t#l8ta9nZXaEpCPvTjmhh7_yZ6sVt4gIY&HT^5#s$Wbrx7T#V*> z%2-P)RuX8=^k`_azHM`nqi3^QJ4_;-8KY^I9*Xb(Xg;a|i&J60Xe5{Gp0DBc zg4=L#kwv4yBB79WY-sI5?H3XxFslVk=$3geg0?`@&Uk3&XA$GY50=1lYw~uiZ7o&$ z6kdFD701c~#&Jy(*!J$(9~bLL-9wbPNt8sC$vEUa7?J5$sRUk__+D|}TDQL3OYa5_ zM?3+y&TWHkKj`Y`HpyyHFxrFVh`scQW@I=B@B^4>->ofbRXMN#n?P7W1+Q%<5~K7G zTj=hq0@_;~7tF20k*9igb#SB85n0&Pi?-))cJF2} zH=p`GogI&M2>xivbSD}Ak^|rmzA<&cb4*0Du_J|bj_x*&6*B>bBR8VSbZ=Xa2E3q- zr46fHzZ8`eE8zFJZd$WdCWIlXHHy9Y%v}UrHt}rU<`B{e{RTe>-XahuyMtI+ftGF1!DfOt3P^fm>+1< z&zGoe-|{4Epik8MZqXGA2yM} zUYBpEn4Sq@Hi9ZE0JejSntH6gL`>S>SbB&!Tps(Ob@Byfr0k*q68P7E({H}i_0b=wIWpa=y^B&N) zwhlC8-CEp#F2*BZh8X&73$G$74omRvtk?>;a#aNpcXb)mL;yN6e>Q>GR=2Oe)7KkL zE^<4hQAE^jL7-@(JL(d}>5;ajmLF@kYZil@@E4Z;kh9e7u;9p*l831P)Mw z4p5?{ybdm~1bFJB1Ce6!jq@{8-+_>~T$0RYVuzCs4Z0~mdw110;9}7Y187RR-TtUq z7CgF`;iV3@Cx>azKMT0l)jpR-$aVX~Y+&PpXCS#~RS`3h5Z?$>I@!ifI!Gr=Dv%tpZiK*GB zk^t$-C~tN^ecDIBBJmXn&xP3_J&G_dF&o9MaUeyd61-@t4^z(|aCQP&4+7yl#r~fK zz)M9-?U9)01Vm55PdY}xsHoXPO#3+h$-Q=EJ%Z}lJVRL^k|JyC=)AZYM%eX>fh1zSq zWuUsztE$(2^O}`tZp`g0K)Emlw`u|5VUn@w*v|z__nbn>6Ew9BEU#_a9e-MJL}|x@ z5(U-E;51ZYunTZw$D2-HbCaGfqH1aVG*W)-J)i%5xY<7HtDAw5==0TMA|fu--4FBw zB|O10&heBlg5q8_RL_Cz%}ckRz!m!|P@L3grjZGD%%;Pz2+J&d{pzJkO^5c*9``Q1 zW`Ya1+h#guAn2r&j?+0V^IfuYY2IO})T_o&$3y#9PqFuRU~i`XL;`Aqw9B9l5b0CPs>I9UC<1i7)8GBPJN|tL z%F=ETefR~ihUhFCX6JQrj7w_t(y4hMhqf zH4n@bo0Rt3Qx=L0@|Z|5nhY#s-|J$^cycqkHJ$Ly+It8}Z#|YU8*CoW}MB z{Jtv1;(;4M8!kqIRe+ieV71U5nK`~xwh9gk8-;A~+hS_XpU?j76&p{*x+lVc!Rkxr zLakJ1qAcb40j1F`P}Ty5S$Q5<%}+s{F{)b|LLa7(WqH0}d8`w--zKQcd};Jv28dQM zXQ2uC!3i+x=P>{0(Ck)^m>ZHH+E?i<5hut>uMP%}$m@X+6D2knM=3&)M()oqT zYpO7V`CHpq{zXTcYjU18fXPtvuf~JP2(*s+G`EsZVR6a(Q=S-0@==cg6{un9GjXJ- zjM28GJtY1$)ILl}7I-=MY5T_;u~Rs4`j(javNx6P;jt$Kwh+PFU;Prub^&c&Uak!R z-n0jOr4cU#Um+DO;jjo?_8lA5 zV1F$8;PZ6QrI8oN&czdgz1{$0@a==Qo|cvmP7I){Veb4h65-u!aj3D&gLzGlFgQM}xTATYp7jt6 zg~S)}h+~m;bw-h}*i)D$bpbMqs#I9KjwM5(^9W(tit&zw<>}9O$6J^fuBXc*fnud+ zaB{g>y-PTgp`DtCj#jAF3T2GD^Lew$7?}1kon81n)lusA0gnv=T-rABAZ722iJ3!hT>SHlHC@=x+P0x`saJ(0;d;E?dqKL7`}f zTSCGgO^4VFd%JpC_2#o(x(R%HTti2d8J~my27a~t!%Lr;SVxW^IR*WK|_jvzy zW$zkLZmPTd#ojXvyq`vs7EMg1^VeC<+@;G)msvR5DhEq1R{@_c95J1_DS`djtikgj zC7;gp7w+e~q{vWNV{0n$5AoZg5VI6$+Vz{Ahnty>sE;VanyIInUlWmPZBd=fnm>9x zu+5|$>^#7U3HCQ6#`a8h*vm66d{-?%?#`5!B8=mzlF83Tb_aNk1HWj&Z zd&Xn;<7lhWh5=GWL$BK?MOU5sPiN>tfAGH)a2W=H?#`MY})vvcIFWeeq=9EZFsEfBl>~)5BKbmegsi0bJFN?+M zBPaLa9qR+0Vx#JVg;OW2dM8JmLTWL{bdW}96RJ_|bmS_)dFfXyr|*i}`?ZQ2ltN~G5krNOc_(ZIW=A6zU%KeU(qj#KFw?;Mp(XL>jXP-MZhcYub52Tnqu zsjKM|J2ofPn*q6Aa3r$mJObJZLkG}-exm94erkxxi+m=Q!wc=^Q_V)xM`Xe7`3>gC z{*etwkYD>w=G4&x+Tx_+N>dbK#3onme|t_QEPwwiM~Hd$OOJvYyX2R?EPmG_o3w!_>o3NH zyC$~1ikzJ$>6dmBTEn}$tM4uM_qVd&UjSn`Bl>+{)9w@c_RLxD_N1z$Fav_#5WT4` z8W!lioNz|Djq{~I6t#a<0ie6`mb>-In17Dy7Jl8L@VEUOA)f5@nZ`a}v*-6T`wCQT z*ogwEDnv0LE;u7YGl=EL59X?B#Vo+FCiOQ^Hwx4xsbmDoMEUr6fQH-TUMfwhh- za4U}>j9_a!1A;$5!&L^Hpq?e`^UuPA;}JML082WqGC>xKSRvp6lf7g9S`3y{V_gEq zkhn@$TqH*SaIH|x#2^hy4JWHg&|wDl%Gtfu4b_X+>7NDCe=(mMj8S535=Z>ld5=*D zC7HDBqms&pWjLQPI=w68>m^5xAy*n7Nzf3%PGl{R>xP+s!3Ph!Np(_yJZL2Ce&<@g za8o3>F8NJ}WU=;cOIbp#FqGcyC5NDjg!M&G;-abz4*bBtj1zma9_hreV|0-9;7MY4?rnLWtI;8AS@1&2n zmm9azmOgSU42-5Z_KJP}RcT=5^RQqNmF}NN--Q`LqH{y!YQ-l-m(H($J9+u|&zzA@ zViJr}MmoL{LkvTjcyN!RqwFJvMC5^y;YRon)4ri+&v_@b9@j!01no7%g%Jx}8WI@X z^$GGZ!dU-jcb5*zkKy?~{Zt$y!Qz0+0+Er4dAR-ly1RF>Fe5#gWYtK9QP1vfG{+x- z;1vJv!P6=r$j84T*hTdI^s+LjJ_%1?!pZ97oG}3>6^~m;5!=~H-gf$vN9OFId#5oe z0BIVjhe&uBdgyBN%D`;t4=Hp!GQ$M3}YG&Sue9eXV}ytTFM5J1~2RP2hiQk zzbx1#z`Fvlw085q3I?71cIWw9SQQnynHpo<_*C+Y72r?S-;x7oN9x$>K_fzV5ZWk? zoqsllBz>Te$?TqZ+V5NpC)3iR1>rw9x+AIz&QK;%*}G>fjg2*E1}&O;nhk_hoTv^0 zF77RJN5JKy0S3^JRIm17IErP};RA_wUO>jEOQ@e6oH(j+;}EX{CI(mgb$v^{coXEO z18iN`ed4wwTW8=-Wz6aV*ypWio71UEtzXfoonHl(e4MI_UFO}Dc8Rn7{q@YhV~M9!!82PZWxeg(C6_+f|={4z%%#nf1<@#U?kbSdo#E0 zV){v(6-ucTyjULnYW|Q^-%Q0s#r~~VV#_qG?}KUUAjf0VxYQ_V`vX(ih(&?GQ*-mT z7r;yYeacCO14uQ$9X5HXh_Bf@;c1guOPCx|P73?G3>9kTylcMikTg2dM;*L`Lr!%G z^-NbE=;O-6VW6TN51L9wEQ$m@vE6L(b?C~!KdH!keIo;7aw&1wVb^<+cDE zK8K9J%s;`~cLSuJUK@-in11%5Y%YINYDhHwdGBl&pOzm}N^vh#=u*{M(#-}t{@ zo0=kK!@2uOZDX>Ec^v!^4G9t?F1U`D;oG&51%LD>MkS`#S4`jJlQs)LBOR#wgEvsF zoS=$wdRX)8@?b3q=Cc&qa)KN~)xO7?hW}I`*ZxfdE#5KjElDb(Ao^|iLlNv+!ja;8 zk*ggjk`ozwn(s~tvOV$UgZ5|#Uq6mN`#7c=d1VfhIYjOU4M~rCASOuEFAgN3`~`Ki z5%aI+^caen;>y#4mWOI|l0*3(QrJeOX&eT(?h3#V6+@4CHnpl?a8=`nq|~DzP&i+9 z@iD|KaY9%O8;)~G<77;Y4ZNEIAmd>S;tI+LC0Pwo;JMU(Rb&Z`pG1AdVk@Aa+CJ$i zv_i<^3ZBT=FEl|r|A+|V=pFJbAG7n`@7KWsSC{UAZw4b=G5(+Oo(`QKsP${k!9sK^ zq5Mufl*;DM7dz#cGGSIpu0B*tMR+s~{R%M^=xM5%i7t6A;(xmc&h(iY=%(b%)duOB zAl-ee?Xf$+ZWVC$?pQniOt(48pf|V6orRE1Y}D!BT>evC3YoX;#aJJHd5{j!A6qM9 zqo1LHK4kf26>esTiQ>Nl@8?rS=9M|k)?%x^q%#aD*JO<}pwgM5 zN$U&CgOAQ3=p}(H*hO?mM+O#GU+<_HD>{b1^j}QDy^JQlGP!Vu=gP*gD&_+A>|(54jRoYs4dt5s z*#&gFsv3bMjh0cMCFxe{9r*F7Rq1Ws<&As)Po9Ww%YyxwSwERuKe?lEf92<*eCL#9 z1oc>K=hA(B?|E}${s(ldeNq+Uv{M5>?%8SX!PZNIlluk5QO_gDkm6c2x%@e9Q)3mh z<-KNo?Xb|U=@jgTf<{+_Qn4*88v?C;|&`J z^;xodIo={i3~g_@d3B<==}jRBcDilbOg>wx#k$JWLL$CDsKF@M54HJKFCJR5p} z;*7M?+J{ealbO|9QSAKCA`)4Bh#>9bt+c56*a@ewX?LErN+@b~y4`p2u-Te_|D!pv z6QNp-0NH}o6lrs!#J5isb{A+-c@gxsch7heOjRZF22v@(E;^01%GlO*p&lVaeTN4T zxs$%Y_L3swIPl{|OT->HEYfKZ8{t5ymEZX88tvBN*6K<985z%!mFc%x2L{0zq!{{} z#Z;Zh=P3wg^y#r4XMS+PIy+o_MhqKjtMPI+_(Q!W@7^_aya$$a#N#0Hnqu)ADSagz zFH@-lFWurZ3*7xkA z%yNn|X%h1V`pV~0`ukO?1vuw>RuqVd3XppH;_K*yOeJQ+vX&rXpy5;tHc(l>@72nl zliLID$43|A^PjB`_c0+d%H9N$ZD+~g)2d)<{@VxLgyRpklTbXMi{6f#>+B^Wo{=WY z;I{1uUsQQ%ik9*Jc}x~k{qNfxIvuw~3c66I4rW)6rea?j7LrF&b<0l#0k{o5src2s zxNM-OrQvr8psU+O1&phVA(R3qgDcko_9-Z4DIyufMfAr$eWsHUKGdm~Tz`q_PI_WG zSN;wFGOs<^Z9sm<#yU`&bz6Vp*UF7w4^$<7SU?w*`9ABB--eB3a@6~ktIhfua+mOJ zdMKatgueG=rvTpG_V^#4vh#Qe@MmzPHo!g^sR&yn62Hj6T5gBm=PqXS!}w1TFpukP zqL?ds_9YfO07m{f2j)~_V{o=c(H%71oQyGN!Zn0maEl(K$=Q-r)16kyu6D2W&A@&$KPxg`pr>6|-k-epIHcW;#J7MSRpLtQV}Z zL_7%1?8DqvLhZTNVKqm<{gddRPr?TA(MJfyA)yd)-#j?K?e<>#?8DzV-x6V;0EX z-qrovtzpd#psgTH{O^nn>?5AY86x2;dT00Myr&G5fG^XlaA8im>Av$8?VC=Anwv1W z`|hJQt4C@XNtHDF@{NJ&U;W(tE`!jIS61fae^>6?Yw`KA5+tH~+LJB1$lK=smZlbVrd+7mf=c+uXz zkd67DDTVH4TJGsGk8?t7abS<2?2iPx%JuTT(pT(qHIg>42&duULvzd^afGF@VxxT$ zb3c!{JS8IhITXVtT&rS_YJ(<_I#=b3?(U`jvg%-CCrUv4B~!r1$NN>|?*S#T+=K@1 zjxn4upb`J9W0aofE*2o#m!X)YJ2IWo$-NXUr2l^bno@{=H9;IV7vDMFSWA>_O+us?BE6!6fi#v%?L(UEf>ZGLsrvdr_s zx3}vI2_&-)bbZG|{cW?im#nPcu6#5)#q69Qiae&#lklcvV04C#*P#<*6Bunv{M!z1 z0RZLq4C@)cQ@0GOrCopLX~a&?r470%ps8DsAsNd|r5^7eBB0$C1N=jWPf(}V@n~o2 zG0<+Sfp52`@CLQz*n`e3Bz!nK@jmD%*QE}=MZ|@(cq}r_zv8Q4h`>6XQQH}BL^G+< zr%Q+jksvZfgi9xiI>uUhSx;%31xQ1RG+{3jH*)Jx&BWLBuIHwXjVws?8@dySKH62? zCD&z(PCoF`>@*DR>g@8Hv&GHU1xP08@4NH&c~>0&cy=<-mSuRKaYrr#BUAtK*UQ7B z57+O`-(R0!oW0BY)<`3?(9Q`Pe1C9udAg@Wb!Nuv|`1;4e{^8)_GN<95Q8rZC z*sDb}w|LE%a{nvPmCwxb)NEb@YbSWd|uNLx@vs2QH#jKsi5DRqMkJD5-)QP*NWr|DuhU zRRt6=s~YGcL|zi}w%{@)NXTlX3nI}a8{JlQ$ws#|h|1jOntTeL%RdCBq{jLq`ufX} zk1R|rJoO>V9N`2;;~QjJI2WtvJq+`-mEvA5bDiBHaz`9iDSSovzGwlgj_h6_Vq2-} zbK(MRJNcju_CFpTU0olXonBp>9k=SpebM+nQ1;7%Qz`$|q`NXdon5f(5wkj~hWft% zK-(S$v`qy!EP%xiA0+TPyru$nJq+k|;-k#2vNC#vSKtIXUi>0;qSV$*C5y{j|bxDrVSnmytWn|Cm*(L?GG{dad1k<^63zE;GKIdzq_{a6#d5(8Cq*B#)mDz z+=W*m4<=3?;q)BupMJ>7dk5yntM~2ivm))g{p+j2@!(`|b@A)<<^Iou>#MWt_eaNh zr;1+AS>)Zm*s=RZr-O^@i;t&V3eJA2&16Q$lqYDv+rR#JIk-MNI~n|ki`u{JUmOlD z>Z25Wa=rgyaC&w9^Wft0=z_WpIGU?5AF_$w zm@=-2i`hERMTFIC{`}(X{n7E!>4(QfA&Qi(K!eZb(ZPe;7HcS)=$c)RSJNYPJwhOa zltJYD?C|>NFx}RBf~QHQEP~gR*L^KDV@u?44{Tay`b%j!GC=`x)>Z@zdPPP9OP*)F5m5M zzWZQgIrY<>zMtoKySOTM;p2Q=g|IT9tk<9K`evRa66)^7Ghe%6Gc19?P04UU;*|{K zP_Ibhm5fnUH-TR#!&F^#i`+h-6$+RX@bvvD$(e(}JS|uhB`>NPL~;qd5SInXQ1qS(0Ow0Z7$|6iwnW zZ8PW;sSjk8WQ|1QS*D!Relh2kcZRg(IG3H}a_hx&`}<>lt> z@QIz<*Z6hW;PZixYid7h&O^HlnuARZVCcJayJa#+b=YdD3l|Mldz7!5eTt#49B1K1 zkUPZ0!F5(PuP6SgJ*c|F>m84iiZ2&-;*Zsb+7;*EX?5+Ddd`Wup*`U(GKbO=M8ff<{Uk}s3WTMcb&`LGOfSH?&?*I~iq)QxsxnJ2_rXG)JBLjGW)nof$c49mVg{>0q|V>y*qJ)454O79pPXFT>=Au9$~`zr`dm4wxq1@$R0k)YoMwaktg$I> zb2Zg%u9cDo${X?^~zun@mjDq%rW9<|ho|MRgOnnqL-(D~v3E8@TR_VzOI-`!r5 z|7R&>+4;XxHhvKk?Nh(#c3`>QI=8(cVla%QJI7H(i*##wNulAX*fd46Ej;z(kTU4{ zlXOg(xXujOGGDbwr9<Vqx3wyeWGz2C_`#gLxpcZtM9y3t`*#{}>U($}3G596Sc_|~FX1Yrn?2=}>*f_VK zNiOX;n6$aIQs%W*!mR!TDy=j+@gyhLLXIW7c$VU|6be(Bz{gfXW7h_2QZQPRe@I+U zps)T8MK|?lC~U69E8#~~gGQUIu41RInx-v;#dC32@f>QJlrl9rsyQ(8lrtHHY|eKn zJxgA*@iGeC8s<~6BwL+ZWm46PxlKt$LpzTuqhJPd6clwQp+MtM^?8|E;pvG${xU35 zQssV6YDDUss&$ao+EmpK z6*Ld05xKnvxt6x1wffGNE1gT39|?cG+4!Ue`mWU>(3 zBJOVN(xu}h5Zd=*Gk*>~ z=Vt(Z%=2HJ^Z&w$A62Q$|GU*o=l|{PHu=AoQdTwp+t-o!agJ+VvS}XQB$7JHlqEk1_%sk5Lehfv6c!v<%|Bgi@FOFO>LGl`8t* z-R)-b|8^Vtzm&4d^#27W{(RB|oLW{)QzHa|10b3 z6W{;S-Ro_o&;M_`&HWEcDW7w0gGt@=x>~ovgs0clzYRv|1nb@g^E~rkXaC#CckyhB z7UBK>s^0(Gz3lxjJ6p~D&r2!w`G5BQ=M~A+{m6;Bqs9J`q>HCW&kaC$(Tp^NEFN_mL<*Z6&|zX zIteJd&^Z0q>pImqPJMl)4*!2@|F5l`?X>=PtGWMkIb~`5zw!TinE#g{??p2$&G#FWUY$C&-;TV-FMbxNTJK|E-k&M{j#~yE*?arMv>? zkTFC&3K#}*_N7P0FmPO<=JTO-1ILJ(Ev2)gf$w9&D4-MMx?t?$p>#EHyzwR=$c4AjwPAuY&z%A6i7z=yz()kQj)%;ad3bq!$uL2! zSKvVGJn-|uC9oYrTjtnd9r3S3zhw^pCLQr__+T>b@PEQT>8;m^0S%#b6Zl}{xQMpi znDowXy)lRIruD{TQ@{1*|7*PhKSSc+fP$mL0d1K+!CcB~nU0NMN7f_w&z5;hEo`IC z3$lA^`~PCFe|R!5r}ksFQNI7*?!E1$;y-&^dv6>2-%`pe01hU|x&i0d@fbLWmIDyX zleSu~UV$Tz5o`xSgVkyY8X%p!q-UU1+spd#Mccy}_$>qa0|))b`h+o`_B$O;MxdM0 zgmpGJDe?)vb!-HVyj$ckOlIH&dT=c48=K%9Q!Zm9o*hl$7=e9C0|Gq@ZGxX2>Ij3= zY!h5f2!f3F1i7v=MxsKPk0W;4+ywjf)S=?KsRMa0h@f2H1bYs{MBI_C*|E%4>l8E8 z2OegQg#epC1}L6J_m0CMzD0>o!Vv<F+&N0@*qr{FeX&~fR8Ddz8-Akipw7^1D#2jn3F-Bug?6qy)7&+Kje zdlNu$m%NQQamRscg9*Gv0yzq&NW08kiG^TYrgPZTQr-egxzeOG2P}fPyyQTawp#Bo5zS`i11R}2gZ|#X|+3J8^jw3gj%vby~HetNx1x_Bk-Y} zDWnXM4hKm2I-hmIHbUfMbby`-J*F4!Hbsd!GJ15I`DVb{fX ze9fydT8O;$TW@l=?0Ps{8?85a8+1L>`HfcVe}Ok|t{k6Zcu<_Ag$gy~AM1%fH-rEr$Wp*Jec-iieCGk|g+49v>Og9OmGb?(Kk z#3Q{=d^WV*U^|3Um|HP7kbx=mC4;zi2=>J8zlFq+8Ms=lOCMRzXa*3pCcuXTP7xoV z;Vg8X`6PG34VwKRaQbaC`uWEv4q2>Rodtg~0hd+KJ>-+HnOVJaa_U=1_`;S=%GJ!l zN4QdOH*u_q7$e&e#1#@QzhVL)A#g@F!4%#gK>64)3<4_Gh4hC9bmlR5zbU3f;hflU zrfF7ky%8oBB59{KE1(QdO#{N;&Ec?PS#8@kelQUF-5iZN<8ga3F=U7KU51D!WMg-> z2_X1&|KwPl^p&J8X30_eO|Fe-4QV4`K@SX3cqXy=$hZik$dA~>k2Xi6aH;ZzEqkLe zwqJ1|kP62d3p+|*)8PKK*%B5$QwHz0zS6E6ivAp;yP1@iBHYl5ARH%lQ~OKK)z*d zXEZ{DZ@Mf7o8V1`7fs>4=+33{H#!-<(RQRd<_wXDEs7{|PRAS%oV+u^Ih+B=xHK)! zi&CIqoDXoRQ3X?SCP3vLPV@|qBt)9(zS!>$m2(dM4R*U--qyezo15{7iZ3|~fe#*m zK+vG=F0Z|rTwx(oiu(tBA9=Q7JN;;7%IJW67M>ioA9zD@DIW2ma@{a=G|@-Cq~4@^ z`6le<5P@wmw?dK(rbEs)Mw!LNoA(f*d@){45bz3XQdKkDq>jg>eu``*hKad$UF14+ z3M8Ah14}MrAx}CCFnEJ#G|nOr$mbhebixGhX3>IY6GRYSpxEP-&zgkoo2?UUJEK`h z4eBFob5O$>Uwa3dF68)&xVww&>#4q6?)^%*$Z* z!Bu4c=X?+3hg$sDd$BRM`IDd+c7N6!H zrBM3(=sAA{2slD~9XW__lC6nw(w#dG!l#2D_fJ0zP6l;b7dYFHK?`{dk$I8+l8`JT zFkn5P2=+Ds3hq!3K%b)Cruc75{D*rR8qT8b94*Un&YbybcNrwlhVp0#)}{WFlMpC0 z34!Nwxj&~Ret7!CX=f;Q*&7RwefpeRe;m^NI64HY&E$;iqjMIas7rhoc{{o%ye-5Mzc7> zfKBR-_!sbt8eL380Ep~D2up?K^X2YCO7AeS+sc_a9PlsT6C=Sq!<;+Lb8O+vIETx( zJ^~Bw*Cfv2h|~d*!8!bRIXK6G+;i%woYOeVTMz54=Pb@LIlpxKD8@2|FbB38&S56l`IpBR zojpbgW!K{{%MK8?ZFE4CM^^i3-fnjQx}oBq#7#CGpzc7BKcdSHI^brTc0lHifr>ed z>sM26J|HT@Qw4_3MTfxwp85e7Ji~ZeFoITOnc?tEur3en0Y6bYp4J`EGkgCL5<}n% z8Az=nb!e%FeSW-Z-6i-C?1#w3ccKph`6%b%1F(m_56KkQ;bdRHzN!pFAR~}>4MgcA z)K!~tM{*!6MyU9TlV+{C7K>V?PZqcTQljVYh5WF@_ur`H%Vq#7m z50f>(;F!t-zf!i1FbQ>9dT6KqmFYufP1Xz`xPolw6DSydsTZy(J|Bq6;2hg}KsH$C zNI}|I|IvfeuA3x5Ux3g#2U8Hl6@Y}tmw-@8*@5t@fj~i3M$kO;ce~%s)dML4 zg;s9qcPw>RHJ3?f$B}yA&@>+&O%7ub$q{0aVjy`8UlsaQ+K`tHe zxC2sjc`)J(yGZ&IRE_-?=}Ch}!Z#2wc_{+JK!HG&n12DEe*5DQR!f+zts2x9u&?UI zr@_kcO+k3X!LBc>l*=YuB8e;*0(4eBdHB|xS4w#l*+lB++sYKswur+V3)WY_>0K%E zMyj)JvZ_bHa6(Yh1g0qMl zPvgChi88|j?16)eqxRV%SQnsOd+j{SqA3{agrU1+40N0w51csfX8bT&><6(49G0@{ zM~9%a5fw}m=^&G4^+n~HOkY(Z_i8Elsifb?H9%tWsXortQt&fNzvbvxi@~+U-@?8; z_A;p!DQk<8g?KNl$|%6OTBMvqlq`hs2%=Q>Jfrm&pg&VX|q^uSts}cW% zeO?ulJ{a6PlvN%bN^!0hDYK$vC6XBkPcYckBIWaml7%=|3J0~Mf-L@#PH97v3iuMM zB}bN%?TIrjXO~5sl7Ff3^D+d=IVA^_;T4rQm$J(;PFWA{r{t6z{ZiI57uU({&torb zfpaPASyis1T=-T%B9xfakq8yeFI6H`=)Wk5FvrugP&mo@pQ&2(h3m7eHMI>Nt}XI#Gh?L9|? z!>Y2sJ=6df;auMc`s|jh2c2f_29m;Z0zpVK6S__X=lTby34|8s{3q)w9c1X`E{a zSF0skr8`hVxLOU_DnnGNg{x<`NTqSEAzVGKMXC&$8dB4<3r!iEs~PvRTbWWgm&kdm zEZ-GnDy!i^GfPN!*))H}Qr-jQy9~~cWRomM;9>Gz7H64_yF|`=BKa=DMBU3;tcEJW zxkS!eCHbxh{SrCv+2y+;oJ(Y;XP1?Va4wOVR!deY>OhIiv>LKf;RY?1nVww_RfKbi z%(NQbJ4J|>$XCxUR~2VuE95&*&UHc*KFy7DA>UbPt`nhO$ahwc>qIygx(Yl>$kf&Y zJOqkyF65P~$0@aOF5s0b&MBh~6!OXy<&-f|DdLr@$0;M63wh;=a?0{Npr2NOQx+!S zuJ*r7+c|R5TtC@SIE!}WS@_wH!daXvZ5~e~lqgK{Egki6EWT8f51;w;Vi_x@h9ee4^e0o;=Cl@_xOmvKu-Ch{1n9X z0AW^teM<`ba&CImRMDQDr-@N%aMfLx4(+$Vr%#{66)igae(Qf|X+Is@!L$!t#|!SG z8|aGh!a^1FfF^k7lkXt0CVc>>_TElD0wCN&k2Est@iki;pv7=_XRx|kQY-^Vrh7XA zoInh4BpnVeAV}}E_$J)Pecrq9j?qJrIPlV%AUkj!Z+s-~_f?Mv_s9x3YJGXdi9UE& zh)k(^4nSMpQarf#2@>6oU&+@uXx7ge(N6O246^DT-yjyNTO1OX}s5!vFhtZ0ME z>Cz`d&@AR8=EEmwgvh)T(gt_P8BbUr^ujUVz!hLVMcR-Fei^TQZM;h7E}A_fIep?P z`1HsZ&tTyka`=TN%D6JaK6deV_EQcj6HJ*zM@;yc2L?Y~Zi2&@X!7}qE8 z)kU%|e=Jn!f)h^=Pzb+;L56DsG|r+tx}mRHoVz1RM2=s6Nn>7U0H1U(brR$OSI6<4 zMn#q1*5bgUAS*Bo{Aj97V3ocsXqI!fp0wqh4~0iBf0EPW;&a%j#$%a-3<5Y0vZxF; zidT02?F?cAG%De0g2jX!*V{z*B{BkyEc!-|lk_^6@uqIzXX5R{Ae~ZimwzuSLF7#!|n zig%RGOO4G`y-KdcB!bY@zKteSe?c7+Ub2Q^u*XvE3xFsz&cxNW{3EZ1Q{co1=f~M- zTLh4xRUlN4`Jsk4}0k`9Jdd`x{?keE>va;;I zC4-qjBRCHy^kRA$eZHDq$I1Lln&mf(+pl-u8Zzx*Z}lcBU&=HNr#!L$Ei#%C$4SqF zko{~nEgKaAIn6m74V8@v!rVImCH0AL8~{h;>ku4yF0Z43b?_U~83DmUasU*hQDGDD zGoevVQ~zVWIG;t~N6sv2I8Df=5&D-9)35o*SroH;lDtD;ySFzuJUjGG#;1cfC$IlH z8xO~C$8TP{-LvuTsONj`KL_s)hoiTD9{KwtcX&A3KOXMw9=-ePz#DJ-Bc)2i#cT$g zu+wo2 zhj2?Nb<1fs9er|1bTM;w2^g#k*1!TrLEu0CbwG43{=kpcm^#W3%?SH}OdTR2JHkCf z#!j!-RTBK|kJHoP=;QGH$=RQdxX0dLVrYmX=`3p04Nc`os|2&OG)7B{GhABC(Qj2y zEiH*^Y3ZmI=3QTPGsn?kDy-31SU^BWn>daF(I6nf6wt)6+2RA9l_{S%P6eUB%GM|f z-0bTp1p2irH>u<#d)BHTGD#+gmI!#bs7@WulS!pL z?$c{p9KKvguFd8?i@0ovq+Hj?Xsf8WLMe(|t|&9YZudyu=6l zf@zz?a2?#C`HM2NQAJo+8VEds`}fJDoy1G#S-7Rd9xBiN2KD{}1>BsmS(05_oR)KA zOO?VhwP2j_EYhQ9@H_r%sTrQ88|t+~S@>ghfuRi^st?wq5v;MMElxxc*MmfhVz5Q2 z_vMrgeHkg!vG)v%l?DbYu}E(j7!Pmpb+vg-g#Vby2d(j!OcHo?0lwM?MGfTwI8(UB z(WdMcKhQr&DO^U=OLZO^!Zb?s*V}7VS1)De!Kj+OayH{*E2k=BYq3IWw?lOkMayha z^|`tn$DgbAO5AFLxlzoVb(eOm&XVc2Ojw#}6jQP`?as@4ZtX5duEqQN)pWjRSKXew zg4Xw3*P7YyyBnFb`;d>8KHd#k{xU@G*OIX(h}g2M8~IY@3oHT#53+B~rgBDH5o*bE zR%#=ypCqC(&Q(+8-tBn)v&sEoG6g&{Os;zaO;a{FZ-X>$fpREV3-UAwrG}D6jS)<; zRz<>p$p(5)=Si9mX&NOH0$tbrc@&Ljx5wQT6pe4sy3sVIrujd4*EmsRZqq81kohOA z>r+O2+uc*W3iD7ORl9hdjZ^V#PQ@yse*a|63l(&WXxe@BRULA_;gET9~ zT5?X;v7(~=?R$}21cqI=-UySd%}X`A z#O=KK89Sp}(~|y*D_nK?yD#5w{UHKWumy{C)~jk?#CAU}4Z@t@26?_C>eZ?iZ4+N^ m;>#aZPS@!HfA4+Wn`?7zuFZAd^}hfB0RR6nG@T*