From 8b3f9ade47f0f20c04a6f43da070fe840128747a Mon Sep 17 00:00:00 2001 From: Jim Norman Date: Fri, 28 Mar 2008 20:59:10 +0000 Subject: [PATCH] Additional ZEN/security issue changes removing the MasterPassword (Work in progress) --- CASA/gui/CasaMain.cs | 55 ++++-- CASA/gui/CommonGUI.cs | 170 +++++++++++------- CASA/gui/FindAndReplace.cs | 39 ++-- CASA/gui/Firefox.cs | 40 +++-- CASA/gui/GnomeKeyring.cs | 41 +++-- CASA/gui/KdeWallet.cs | 40 +++-- CASA/gui/MiCasa.cs | 39 ++-- CASA/micasadk/c_micasadk.vcproj | 2 +- .../windows/vs_solutions/CASA32-msi/CASA.ncb | Bin 11119616 -> 14363648 bytes .../windows/vs_solutions/CASA32-msi/CASA.suo | Bin 378368 -> 395776 bytes 10 files changed, 270 insertions(+), 156 deletions(-) diff --git a/CASA/gui/CasaMain.cs b/CASA/gui/CasaMain.cs index aafb221f..5cf8e440 100644 --- a/CASA/gui/CasaMain.cs +++ b/CASA/gui/CasaMain.cs @@ -162,8 +162,8 @@ namespace Novell.CASA.GUI [STAThread] public static void Main(string[] args) { - Logger.DbgLog("GUI:CasaMain.Main() - BEGIN"); - + Logger.DbgLog("GUI:CasaMain.Main() - BEGIN"); + Common.ParseArgs(args); Common.ReadPlatform(); @@ -211,7 +211,7 @@ namespace Novell.CASA.GUI } } - MessageDialog md=new MessageDialog(null,Gtk.DialogFlags.Modal, + MessageDialog md = new MessageDialog(null,Gtk.DialogFlags.Modal, Gtk.MessageType.Error, buttonType, message); @@ -244,9 +244,16 @@ namespace Novell.CASA.GUI // setup the users policy directory MiCasaRequestReply.Send(MiCasaRequestReply.VERB_CREATE_POLICY_DIR); - - - MasterPasswordAuthentication(); + + if (CommonGUI.UseMasterPassword()) + { + MasterPasswordAuthentication(); + } + else + { + StartWithoutMasterPassword(); + } + if (Common.IsTrayAvailable()) // && Common.IsArgSet(args, Common.ARG_SHOW_TRAY_ICON)) { try @@ -254,13 +261,13 @@ namespace Novell.CASA.GUI if (Common.bArgShowTrayIcon) { if (config.GetConfigSetting(Common.CONFIG_RUN_IN_TRAY, true)) - { - if (mCasaTray == null) - { - mCasaTray = new CasaTray(this, config); - if (Common.bArgStartMinimized) - mCasaTray.CasaManagerQuit(); - + { + if (mCasaTray == null) + { + mCasaTray = new CasaTray(this, config); + if (Common.bArgStartMinimized) + mCasaTray.CasaManagerQuit(); + } } } @@ -373,8 +380,26 @@ namespace Novell.CASA.GUI Logger.DbgLog("GUI:CasaMain.InitializeGUI() - END"); } - - + + public void StartWithoutMasterPassword() + { + Logger.DbgLog("GUI:LoadPersistence - BEGIN"); + + // did the daemon get restarted before the user created a master password? + // if so, let's ask the user for their desktop password and set it if there's a cache file + if (false == miCASA.IsSecretPersistent(1, "")) + { + if (true == DoPersistentFilesExist()) + { + Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogDesktopPassword", null); + gxmlTemp.Autoconnect(this); + } + } + else + { + InitializeGUI(); + } + } /// /// ******************************************************************** diff --git a/CASA/gui/CommonGUI.cs b/CASA/gui/CommonGUI.cs index 9717cbd6..8681279a 100644 --- a/CASA/gui/CommonGUI.cs +++ b/CASA/gui/CommonGUI.cs @@ -47,7 +47,7 @@ namespace Novell.CASA.GUI [Glade.Widget] Gtk.Label label86, - label88; + label88; [Glade.Widget] Gtk.Entry entryMasterPassword3, @@ -72,12 +72,10 @@ namespace Novell.CASA.GUI /// HandleUnlock dialog /// public void HandleUnlock(CasaMain managerInstance, CasaTray trayInstance) - { - + { mCasaInstance = managerInstance; mTrayInstance = trayInstance; - //Logger.DbgLog("GUI:CasaMain.Login() - IsMasterPasswordSet returned false"); #if W32 Glade.XML gxmlTemp = new Glade.XML ("../images/casa.glade", "dialogLogin", null); @@ -87,9 +85,10 @@ namespace Novell.CASA.GUI #endif gxmlTemp.Autoconnect (this); - dialogLogin.TransientFor = (Gtk.Window)CasaMain.gxmlMain.GetWidget("windowMain");; - - label86.Text = "Enter your Master Password to unlock your secrets."; + + dialogLogin.TransientFor = (Gtk.Window)CasaMain.gxmlMain.GetWidget("windowMain");; + label86.Text = "Enter your Master Password to unlock your secrets."; + entryMasterPassword3.Text=""; label88.Hide(); entryMasterPassword4.Hide(); @@ -151,33 +150,65 @@ namespace Novell.CASA.GUI } public void okbuttonLogin_clicked(object abj, EventArgs args) - { - if( 0 == miCASA.SetMasterPassword(0, entryMasterPassword3.Text) ) - { - // unlock it - MiCasaRequestReply.Send(MiCasaRequestReply.VERB_UNLOCK_STORE, entryMasterPassword3.Text); - m_bPasswordVerified = true; - dialogLogin.Destroy(); + { + if (CommonGUI.UseMasterPassword()) + { + if (0 == miCASA.SetMasterPassword(0, entryMasterPassword3.Text)) + { + // unlock it + MiCasaRequestReply.Send(MiCasaRequestReply.VERB_UNLOCK_STORE, entryMasterPassword3.Text); + m_bPasswordVerified = true; + dialogLogin.Destroy(); - //signal now - m_bIsVerifing = false; - - } - else - { - // prompt user - MessageDialog md=new MessageDialog( - mainWindow,Gtk.DialogFlags.Modal, - Gtk.MessageType.Warning, - Gtk.ButtonsType.Ok, - "Master Password entered is incorrect"); - - md.Response +=new ResponseHandler(md_Response2); - md.SetPosition(Gtk.WindowPosition.CenterOnParent); - md.Modal = true; - md.SetIconFromFile(Common.CASAICONS); - md.Show(); - } + //signal now + m_bIsVerifing = false; + + } + else + { + // prompt user + MessageDialog md = new MessageDialog( + mainWindow, Gtk.DialogFlags.Modal, + Gtk.MessageType.Warning, + Gtk.ButtonsType.Ok, + "Master Password entered is incorrect"); + + md.Response += new ResponseHandler(md_Response2); + md.SetPosition(Gtk.WindowPosition.CenterOnParent); + md.Modal = true; + md.SetIconFromFile(Common.CASAICONS); + md.Show(); + } + } + else + { + + if (Novell.CASA.miCASA.ValidateDesktopPwd(entryMasterPassword3.Text)) + { + MiCasaRequestReply.Send(MiCasaRequestReply.VERB_UNLOCK_STORE, entryMasterPassword3.Text); + m_bPasswordVerified = true; + dialogLogin.Destroy(); + + //signal now + m_bIsVerifing = false; + + } + else + { + // prompt user + MessageDialog md = new MessageDialog( + mainWindow, Gtk.DialogFlags.Modal, + Gtk.MessageType.Warning, + Gtk.ButtonsType.Ok, + "Password entered is incorrect"); + + md.Response += new ResponseHandler(md_Response2); + md.SetPosition(Gtk.WindowPosition.CenterOnParent); + md.Modal = true; + md.SetIconFromFile(Common.CASAICONS); + md.Show(); + } + } } public void closebuttonLogin_clicked(object abj, EventArgs args) @@ -298,36 +329,42 @@ namespace Novell.CASA.GUI private bool m_bIsVerifing = true; public bool VerifyMasterPasswordWithUser() - { - - //Logger.DbgLog("GUI:CasaMain.Login() - IsMasterPasswordSet returned false"); -#if W32 - Glade.XML gxmlTemp = new Glade.XML ("../images/casa.glade", "dialogLogin", null); -#endif -#if LINUX - Glade.XML gxmlTemp = new Glade.XML (Common.GladeFile, "dialogLogin", null); -#endif - - gxmlTemp.Autoconnect (this); - dialogLogin.TransientFor = (Gtk.Window)CasaMain.gxmlMain.GetWidget("windowMain");; - - label86.Text = "Enter your Master Password to continue."; - entryMasterPassword3.Text=""; - label88.Hide(); - entryMasterPassword4.Hide(); - //dialogLogin.SetPosition(Gtk.WindowPosition.Center); - dialogLogin.Destroyed += new EventHandler(dialogLogin_Destroyed); - dialogLogin.Modal = true; - dialogLogin.Show(); - - while (m_bIsVerifing) + { + if (UseMasterPassword()) { - // Flush pending events to keep the GUI reponsive - while (Gtk.Application.EventsPending()) - Gtk.Application.RunIteration(); - Thread.Sleep(100); + //Logger.DbgLog("GUI:CasaMain.Login() - IsMasterPasswordSet returned false"); +#if W32 + Glade.XML gxmlTemp = new Glade.XML("../images/casa.glade", "dialogLogin", null); +#endif +#if LINUX + Glade.XML gxmlTemp = new Glade.XML (Common.GladeFile, "dialogLogin", null); +#endif + + gxmlTemp.Autoconnect(this); + dialogLogin.TransientFor = (Gtk.Window)CasaMain.gxmlMain.GetWidget("windowMain"); ; + + label86.Text = "Enter your Master Password to continue."; + entryMasterPassword3.Text = ""; + label88.Hide(); + entryMasterPassword4.Hide(); + //dialogLogin.SetPosition(Gtk.WindowPosition.Center); + dialogLogin.Destroyed += new EventHandler(dialogLogin_Destroyed); + dialogLogin.Modal = true; + dialogLogin.Show(); + + while (m_bIsVerifing) + { + // Flush pending events to keep the GUI reponsive + while (Gtk.Application.EventsPending()) + Gtk.Application.RunIteration(); + Thread.Sleep(100); + } + return m_bPasswordVerified; } - return m_bPasswordVerified; + else + { + return true; + } } public static void DisplayMessage(Gtk.MessageType messageType, String sMessage) @@ -351,7 +388,13 @@ namespace Novell.CASA.GUI { md.Destroy(); } - } + } + + + internal static bool UseMasterPassword() + { + return true; + } #if W32 @@ -428,10 +471,7 @@ namespace Novell.CASA.GUI //return null; } } - - } - #endif } } diff --git a/CASA/gui/FindAndReplace.cs b/CASA/gui/FindAndReplace.cs index f60cc09f..f5655315 100644 --- a/CASA/gui/FindAndReplace.cs +++ b/CASA/gui/FindAndReplace.cs @@ -176,23 +176,31 @@ namespace Novell.CASA.GUI else if (true == cbShowValues.Active) { // prompt user for MasterPassword + if (CommonGUI.UseMasterPassword()) + { + Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogLogin", null); + gxmlTemp.Autoconnect(this); + dialogLogin.TransientFor = dialogFindAndReplace; - Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogLogin", null); - gxmlTemp.Autoconnect(this); - dialogLogin.TransientFor = dialogFindAndReplace; + label86.Text = "Enter your Master Password to view values"; + entryMasterPassword3.Text = ""; + entryMasterPassword3.HasFocus = true; + label88.Hide(); + entryMasterPassword4.Hide(); - label86.Text = "Enter your Master Password to view values"; - entryMasterPassword3.Text = ""; - entryMasterPassword3.HasFocus = true; - label88.Hide(); - entryMasterPassword4.Hide(); - - labelRememberFor.Visible = false; - labelSeconds.Visible = false; - spinbuttonRememberFor.Visible = false; - //spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); - - //dialogLogin.Show(); + labelRememberFor.Visible = false; + labelSeconds.Visible = false; + spinbuttonRememberFor.Visible = false; + //spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); + //dialogLogin.Show(); + } + else + { + // display the values + tvResults.RemoveColumn(tvResults.GetColumn(2)); + tvCol = new TreeViewColumn("Value", new CellRendererText(), "text", 3); + tvResults.InsertColumn(tvCol, 2); + } } else { @@ -200,7 +208,6 @@ namespace Novell.CASA.GUI tvCol = new TreeViewColumn("Value", new CellRendererText(), "text", 2); tvResults.InsertColumn(tvCol, 2); } - } public void closebuttonLogin_clicked(object abj, EventArgs args) diff --git a/CASA/gui/Firefox.cs b/CASA/gui/Firefox.cs index 9b29d5da..7675792e 100644 --- a/CASA/gui/Firefox.cs +++ b/CASA/gui/Firefox.cs @@ -767,21 +767,31 @@ public class Firefox : Store tvKeyValue.InsertColumn(tvCol, 1); } else if (true == cbuttonShowPassword.Active) - { - Glade.XML gxmlTemp = new Glade.XML (Common.GladeFile, "dialogLogin", null); - gxmlTemp.Autoconnect (this); - dialogLogin.TransientFor = dialogManageSecret; - - label86.Text = "Enter your Master Password to view passwords"; - entryMasterPassword3.Text=""; - entryMasterPassword3.HasFocus = true; - label88.Hide(); - entryMasterPassword4.Hide(); - labelRememberFor.Visible = true; - labelSeconds.Visible = true; - spinbuttonRememberFor.Visible = true; - spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); - dialogLogin.Show(); + { + if (CommonGUI.UseMasterPassword()) + { + Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogLogin", null); + gxmlTemp.Autoconnect(this); + dialogLogin.TransientFor = dialogManageSecret; + + label86.Text = "Enter your Master Password to view passwords"; + entryMasterPassword3.Text = ""; + entryMasterPassword3.HasFocus = true; + label88.Hide(); + entryMasterPassword4.Hide(); + labelRememberFor.Visible = true; + labelSeconds.Visible = true; + spinbuttonRememberFor.Visible = true; + spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); + dialogLogin.Show(); + } + else + { + // display the values + tvKeyValue.RemoveColumn(tvKeyValue.GetColumn(1)); + tvCol = new TreeViewColumn("Value", cellEditable, "text", 1); + tvKeyValue.InsertColumn(tvCol, 1); + } } else { diff --git a/CASA/gui/GnomeKeyring.cs b/CASA/gui/GnomeKeyring.cs index 5854d5e0..293c4fe4 100644 --- a/CASA/gui/GnomeKeyring.cs +++ b/CASA/gui/GnomeKeyring.cs @@ -499,21 +499,32 @@ public class GnomeKeyring : Store tvKeyValue.InsertColumn(tvCol, 1); } else if (true == cbuttonShowPassword.Active) - { - Glade.XML gxmlTemp = new Glade.XML (Common.GladeFile, "dialogLogin", null); - gxmlTemp.Autoconnect (this); - dialogLogin.TransientFor = dialogManageSecret; - - label86.Text = "Enter your Master Password to view passwords"; - entryMasterPassword3.Text=""; - entryMasterPassword3.HasFocus = true; - label88.Hide(); - entryMasterPassword4.Hide(); - labelRememberFor.Visible = true; - labelSeconds.Visible = true; - spinbuttonRememberFor.Visible = true; - spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); - dialogLogin.Show(); + { + if (CommonGUI.UseMasterPassword()) + { + + Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogLogin", null); + gxmlTemp.Autoconnect(this); + dialogLogin.TransientFor = dialogManageSecret; + + label86.Text = "Enter your Master Password to view passwords"; + entryMasterPassword3.Text = ""; + entryMasterPassword3.HasFocus = true; + label88.Hide(); + entryMasterPassword4.Hide(); + labelRememberFor.Visible = true; + labelSeconds.Visible = true; + spinbuttonRememberFor.Visible = true; + spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); + dialogLogin.Show(); + } + else + { + // display the values + tvKeyValue.RemoveColumn(tvKeyValue.GetColumn(1)); + tvCol = new TreeViewColumn("Value", cellEditable, "text", 1); + tvKeyValue.InsertColumn(tvCol, 1); + } } else { diff --git a/CASA/gui/KdeWallet.cs b/CASA/gui/KdeWallet.cs index 1a8430a3..68d4dedb 100644 --- a/CASA/gui/KdeWallet.cs +++ b/CASA/gui/KdeWallet.cs @@ -499,21 +499,31 @@ public class KdeWallet : Store tvKeyValue.InsertColumn(tvCol, 1); } else if (true == cbuttonShowPassword.Active) - { - Glade.XML gxmlTemp = new Glade.XML (Common.GladeFile, "dialogLogin", null); - gxmlTemp.Autoconnect (this); - dialogLogin.TransientFor = dialogManageSecret; - - label86.Text = "Enter your Master Password to view passwords"; - entryMasterPassword3.Text=""; - entryMasterPassword3.HasFocus = true; - label88.Hide(); - entryMasterPassword4.Hide(); - labelRememberFor.Visible = true; - labelSeconds.Visible = true; - spinbuttonRememberFor.Visible = true; - spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); - dialogLogin.Show(); + { + if (CommonGUI.UseMasterPassword()) + { + Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogLogin", null); + gxmlTemp.Autoconnect(this); + dialogLogin.TransientFor = dialogManageSecret; + + label86.Text = "Enter your Master Password to view passwords"; + entryMasterPassword3.Text = ""; + entryMasterPassword3.HasFocus = true; + label88.Hide(); + entryMasterPassword4.Hide(); + labelRememberFor.Visible = true; + labelSeconds.Visible = true; + spinbuttonRememberFor.Visible = true; + spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); + dialogLogin.Show(); + } + else + { + // display the values + tvKeyValue.RemoveColumn(tvKeyValue.GetColumn(1)); + tvCol = new TreeViewColumn("Value", cellEditable, "text", 1); + tvKeyValue.InsertColumn(tvCol, 1); + } } else { diff --git a/CASA/gui/MiCasa.cs b/CASA/gui/MiCasa.cs index b776dd3c..7f006053 100644 --- a/CASA/gui/MiCasa.cs +++ b/CASA/gui/MiCasa.cs @@ -568,24 +568,35 @@ namespace Novell.CASA.GUI } else if (true == cbuttonShowPassword.Active) { - // prompt user for MasterPassword + if (CommonGUI.UseMasterPassword()) + { + // prompt user for MasterPassword - Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogLogin", null); - gxmlTemp.Autoconnect(this); - dialogLogin.TransientFor = dialogManageSecret; + Glade.XML gxmlTemp = new Glade.XML(Common.GladeFile, "dialogLogin", null); + gxmlTemp.Autoconnect(this); + dialogLogin.TransientFor = dialogManageSecret; - label86.Text = "Enter your Master Password to view values"; - entryMasterPassword3.Text = ""; - entryMasterPassword3.HasFocus = true; - label88.Hide(); - entryMasterPassword4.Hide(); + label86.Text = "Enter your Master Password to view values"; + entryMasterPassword3.Text = ""; + entryMasterPassword3.HasFocus = true; + label88.Hide(); + entryMasterPassword4.Hide(); - labelRememberFor.Visible = true; - labelSeconds.Visible = true; - spinbuttonRememberFor.Visible = true; - spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); + labelRememberFor.Visible = true; + labelSeconds.Visible = true; + spinbuttonRememberFor.Visible = true; + spinbuttonRememberFor.Text = m_config.GetConfigSetting(CommonGUI.REMEMBER_SETTING, m_sRememberFor); - dialogLogin.Show(); + dialogLogin.Show(); + } + else + { + // display the values + tvKeyValue.RemoveColumn(tvKeyValue.GetColumn(1)); + tvCol = new TreeViewColumn("Value", cellEditable, "text", 1); + tvKeyValue.InsertColumn(tvCol, 1); + tvKeyValue.ButtonReleaseEvent += new ButtonReleaseEventHandler(OnRightClickedKeyValue); + } } else { diff --git a/CASA/micasadk/c_micasadk.vcproj b/CASA/micasadk/c_micasadk.vcproj index cb685bc8..ebeefd36 100644 --- a/CASA/micasadk/c_micasadk.vcproj +++ b/CASA/micasadk/c_micasadk.vcproj @@ -178,7 +178,7 @@ diff --git a/CASA/package/windows/vs_solutions/CASA32-msi/CASA.ncb b/CASA/package/windows/vs_solutions/CASA32-msi/CASA.ncb index a8205ac65ade2a75fd46a55780291b75075f4dc6..e90bdbb662477a52fcc89c8e2f0fb24b1091af41 100644 GIT binary patch delta 86190 zcmce<30zcF_&|-S#PHMuGPQEBCd{PXP) zSUTec2|7t~9+0FCkn*yx@I|Unr6*v*xyK7<)b3FJOM!Zv2~CBujer+zxSjvFE-9J! zc_Y7PquI&Hl4JwyKnl1Au|RQ@|i#Ffard3Je2=10#Tuz$joe@HFrY zFa{V4JPV8i#sd?8=YWa8Bw#Y|JTL{wOP(!BFW_Vq0YAVW2mmZVAkYA4I2%7fKqH_r5DbI>p+FNL3Y&$4p^oSRpiO2b<`g5vDk8MQzQez{?zej8%){tLH ziS4IrC{-Al7e+n>i9x&+pVgM`gbrvz&v%TCqO09wLy?$8M0>kqYzHb!j|~nPG4?rk z3WElTB>uUi%Uxre82U}JCDGUEvCS!=yjL^UgumJ;cDyd^+$VL$$rx5|x$_~#XY|YJ znb;0TRenDqI_;mxEvP0H`3&YaQ)7GUbPGy(YIeqOE6DazcaEJsVncLPbCN~TB^NW%kn^lV@sQd+Y$azo zu_JY2ZX>Paqx-~m(=my5<;F(tOQ=cEvz5fIPJ0zGUhf|prXMIp(&qlL({+|vJnFk? zL2`hIxLj%^JugK{1EnaQdVN|)ojeP^BWd={Y3V+nN@t{V5@SZlICXQ{2Vre6nR0>G z!|ca&L(_38Swx*qm1y^^XQf#AYEH@3NvF%!wxWiHUpx@ zV@h{UoBT}1e>CMU4%B0MNG~E+)| zQW%bDWC+g}LxuaV9NuX0l0Og)l$`jgn_!U10kD#oVw$CJ;1e&e13d>1#|m{7=-uIv><*bhGpp)5!)6U ziL#5{7CVmlAtEy@O^aX_TCy#656{>hdqKy0Cb7MGZ)8wfDwX1wqEcA7_-V{*Qdojs zO`V*n>=G~N%+@jSTj17->N=y%Hg&RZ^lSlV2V-Y=d;L8cL+#Vj{29k%`HbUnOM~WH z&c|`f`L>oeY&MTJ#pl_@hX{1n()id94EP^f;;ayh^CXTsg_WO*?@ zi0+NChO6boEn}@w-qG&f8@a)sPST5fAzB})H&7}~mQK)>an>*zGsSx5Kf{{-3Hyrl zH(i-x4dZ!v)>G_10~`Md>@CF;d)XSy^QKx4Gk=|$t^u@2l{@pTO>|g631xI1&!=hf zGzg#jqIH2jKrD!uN{hvjABDYSjh03Ad5o%OKx*zw))-$e5y~i;X!dK?Xg?X9fvBJ2 z?+LoI0J5rHv-W2ZBG>=^djhfCffrEVTm;NnXdR~a!T>ADSZnbm)@YMk(8GuP!V>Fs zKju##thGL_FGcHFy51U0hIQ7KV(|V)OK-`CIjcfT(d)dl-6c;?~!gH^m>Y1{+GHI}PaXHrB>8 z?0|J|gfO)D6I%6E6B!{DLaQPPNm2aU)*mBK4yy8j2%=3u=n_HJx2+Mp&pXxw#>Pf9 zSU*p&`W*78YHNb5=BvKk4JZs@j$BPpQ~^Hmxb?#?|FindfPznWn$6P`xUO9=A79q) z>A*0zYSB!H?u+Sbq4cseN16}S(&)}E1T*Yy_dN@ASIEI?uu^GzWRTnBmi_G>GqD&- zJlL)mim@HleuyY*4z_DzFpG{&lwc`8Qq^us<6w90LjOrgq*E&OquyV(3*)2Cw(IHD z(4gkZq6V1_MbIAH^yN$KzA=TmCHVdi2{my>df3L=h}Zql&J@;0Y?X*Vks)*~s>GY> zFGHJtMVj|d)p?mm>Jyoa#-{ePs(sKCQ@klLO*LY@nEKA)dsV2=x zx`C&;)~Ix;6ibuC6T|rZCW$+Yes06P=cf3c=)@xd!3MN!OlVOYdQY*4n*0`3w}Qkq z*2J<7ULqH=WTYUX_2{pcJ(sEf3pL0~3fk3&L zNf)LEi0)ea3ETQh0hC&m)C{e9hVFYBz8|q>Rwb4HFM&E%CpAOekoeH*B){zctexl4 zlNo_h%v}aittB~_m-!{PoJZj+l1;p(I60fK2Rvd$^3dinGVG%LV<=-WG%(D3^qBeR zpfoRgH`zCq%7YSu8m@!f-=$>y2IF@wYJib{@H z_#?TLDLnemaa0_E+*SbH2xqC|XE7BmAa${7$-4$$bF7sUE-QX}Ae- z&pb%Jz+Rw=zmq>R=Xt1>Zn2vlCRh1P@%Z%^y#VczeC= z3C1S!MFv|7=KY)+rL*+oKvfs-zpb`E*5O;GU1|0Ok1D zjI`I+HdTHaY%0b1*~r{k4cJ*aL{_6n($7{(H9j^2b5Nnb?OoQ1909h^{6-;IM>XgP z{Ycsnf}lwj+ZxsZHO4m7ZzQPpD*b}tmRnM8pzRFRSde7f2DVDFSRm6*KQ^$PWj3mA zXd_ApgjX^R4zlf|s)jZ%3T|Ypm4`u0BHe0aTTPZmh`qQm6dnpsE183BcUb~G2)3YVXHA+(Hj`Alg>M9;2+sY)4o$nIE@(hNZ~G z$8Fpk=?Qt6mNpg|#MsK|!s9j*GZJepl4@oYjgme3L&n_AgwN?IZ2BB~ZjE^locL~Gzd_gf=qW2$ar`-$pW!{b1#Z6{T=LD)4E z__#q)nkqZn^4he=+d;YGGEer<*ACJPX2rux4I zQbYQdY^}URAH8q5uY1UiDYf0xv1|%mji&FSz%{ma$+E^~m~D)S zIry$qHWy=^`0uA}>y4}kFRXs>cYf~Ri_Tj;&zL-dN#-8C(UFw-tD68 zNh52|*M4hD^kONz_PTA4o(1s2+b9C6xsD7st+O@vGTYR&v9Ctab;$6j-)!U2z3|#U zZEa+#`4i!E%)Z0G68SFK{(~`04D;XDf!L3R5NXFVy?_~Q2 zn1w$2tDpD#VcZlmff^d#+8&I>XO_+WC*>sDO+4Ff$9=A{98{K)6#MfmmYdt#-(%>` zPIs{PqoOD5MywsIw6wDw)wH8MhOyQ(wiBWse9~^xxhB%3$C5&5p2PkW_BpJiD}tQNv|nP|X?r*O*X(irYIk9SZL~eh zp2{BMKW5o607jF;Wq+M*^{_9A*VX_tW)-3^B4GMF$%e&bFl=SR05bsd zi>I&z)zQ0!bEZ@INEpH>4Wqy;JDO%s`@xbPb|Y`x%l;Z;n`uLiJ(4WF;B!33-h@#V z49dUnZO7tg6JPp-y^W5&!4ExYZ>VD%skWc}1G?NBA=dS`Z)9u(Pa6ovT&7Ex(xFU$ z+Rz^+${S?g#MpWsIt10gyv{?eqYb(CFkU*;K9iZ(s-8Nj4Y6VHOc`!J$5iYyg=kPOB(H+H{RXe>Dbfu%jQ+8a4!s8 z6_b(YW6#(Jk%i_MdGj&$#X9p!k3vnTa2(3++_UxqiW-AV4H;)Y$yf-rnqZ&JN@@E9 z`=91uwV(}Bjyv#)=j;c`IR_>+NEOsuh~G5P9%XLqsSkRxz6c9koha&CBQj5hq!M~{ zvi%4P;#tqzw=&j{?o6?F@mZm2p_l5WN)#E7)j@8ay+32i`K}l2^O?C=rHx2;!%P^c z|1^87&b-W{`B>U8!ydeK({wwdx+zd*jcx0f=Ocf0mX&9E;yX&YZ1$>`k`v@IPdJQT(qu)k_i;&8h74`!20guXasBkI# z@=EL@6^Z-$2#HkTaL;d5m%Tz1030`oPmG?F|{Lq${iJ$p{;~+Wt6}1c`a> zMH%I;wpY=ql~8RW6}|zPNo(va1OCS%jmE99hay%ZvFO}{N>jGRKJ1^ByjX42uXwje z4dD7nv(&{Sigv9%*~d?<9lnMh^@--KMSpQQ9i2ggb#_~rugZ6poYS%Kj4CevgwO!V zLL=9yd3%bi+mW|T>+Ctq?BkKQhpZc+aZs6k7&+0kpu-zLOk`qtnY|P9=Cx($W7s}k zu@M!JYRX{RshjLO5@^yUoHqa5-j-3+=ZNTQFw%xgNFeVEJJzp8UU=5tf>FU)1lxVi z-k6y&Okk*#r3SS03c_9e(jLXkdezfp*iE&y@QgWcKcmO~$nTfzAD9`V>TC9Qsp=YJ zy!@m6S;ijHt?MY0zj^fy^m0^n11ZZ=3Qhh+*!`A$4f~7N-m<6aspgj5G(Y5y9Y_J% z^N>3oLKat~N3i1Ia%6FloUyM!Zq8W1(zICN!-vThe+Iv&8OSF8MN+}agrNBuvpe#P z*_}qsW9?|W?3hgjeI1y68y#Ozc7KP7#nK(w5lk^&jssLM&|%_Ny&M*1Zi}5jKS?M3 zL{^<6m(0``v5csG%}H1Ts){V-cvK zV?P@~D}x+osVcyMB5vfk#LUAy(JoT85S16~n8}9nJHd{T%sj-ybs-k!2;=#okj4g6 zVH3wsY!IIu=0Mp`Y6Ma1!X4g>4dmM+9HOrYhC!}1b!0HspT|W(5*0LoS822(7ZJh` z;pfL3*BQ2PFUC0H8O!B<&0!(B+!Udjxtw{|?o=;mV%lm5U- zoqN`n8|zre=t7K0EzWTUGeCYQ-q8)ieG4f1KGn8G8N^r}mv!cBPfolkEm?Rb!4_22 z8Zj>?J4WfuiigjmrHSB2r8sh+P8`JiL988o&a`)gFgh5I8236jf*9+@&7B-xIx*4f z?7$Mat4G3z?i4ao9p%iN;qhER!!scyD9w>1CV*M#jUh}U7x*D71sCn^J$INHOpn_=2FxtHTxX71ogVLC-CNFlGc zBb(9q?ojhYAIC6;NnWd5M?cKgcwt}1N60}BP`UjbvFJB@;dH@3$7RNn_}D>?*L76Y z$6?YfJgQD)=LZdS@Svfcy*mZC_mzUBL}?o4Szlq3vvU~lzPj_8X8$=I3&sSa6rI~W zn*2^@Cuv^3$a%~hDW;nY0kwZ#o*>&F7-;=^?AUH1XCCwHRf)NW=#W$Qj1VS2_E%Y2j8u+%O2e z7xb^aqk8oO*M{z#gnZ|5=WcA-i9g}{rA|)|2c!hgZ}5SWH~1j!XPfMW;@C-r57UBq z)Zc0037B^{+NO6)U=8^zL(;!Bvj%+ZnDp1heXw83((hu~`QwK4&#>$~v@v}>hK#{) zr1xXYOmA&U|CYMHk#3Q_F{L!ouFdHjw2B#hA`&lFY;f{39utF}}nLdpQcBY#uccr7x3E<}4>1Zncl(r}R z6XwSQ%hS7wefI$s=|3?ap0zh!-{C(u3qz$&QdcPxW>^kG;L!!Tb1OY;{(_t7Ko`E? zX2yc?tTzuF(Df;!o@2Rkr5~EnyrEq?e{MEPqu}ra0aeFmq61CJL}%YQ6MF*5nUioc z)Xgq)vq`qhC|Z-8Y0^#TK}~}*oA7*FCVId?I%Ln>hdXAIQ!+Unv?F>#`^*}el#*%U zrVb*AANA;%8ClW+R9?r-9LnyPX=0eABxi=vwT_u5XgoaVK&Q<8F!%&V=2KMO2_7|$ z%yJs!-Spe6OMVdc;55=B3hZ?3-j^Z#^x^+duG^K+kc$~j_}nvDv5b}RiqEsUG2;d>BT81R>)M3sYO@SH{A^ZtCU1nV znF_zk3ZuE_vL?xI;Cd@Xe})7tUuI#CVH2f&l{Lj{GyH#C=tlvTl*YXFt1N7CZ-G|^ z4gU&3qb_8nFmiTQ3~ZWPSpLPVzbGLU9`O`?5kZO?lq4~EJL0@Rf#1R7^4D2OjB?Tt zWVky>!WAK9SUP+%Dexw;H20gVzt~P*_-z(8z;+?-WVe6$)vP+Un>Kux^)B1P2Y;V6 zj>+YqkI{zj5$);^S@+}$T)U|EcUjmrzlNl+h>g3Rg~k3pUV9^JE0gylKnJp3M}+0K zvhGt^wqoE#x3dZ`_2hwdSraiM<%M^$o?-F<1TAp~HQddb$=*g^nDr-nhi2W&y35|h zY$)p!c95t23Pso&d) zrL3Ay_%kbjv7lt@-XwLS{5wKUdOL9g*`mVvJND&_L02)UZ^JKYnVW_K}cbLu;P@zL5hpr(JUb-idU&e z2rRIGB0`bQw-R*@Ri>I>QDb(No~GephYV1*PB zrp(ZNC()`fr70_*x5JcaUf&~pLA^fN;Yy9}2Z=Y0P>f8z21=spNQibeRrbq2;`(>D zl9ouNh@20Rx#e^vObMf^NR;Od1ZYgw#}Q#+lycK}6W6t?)tZR8C9**UI#mA#G`Sg~ z+QR?DhYsO ze=2MT9joG$Q)~(?YO8dla^WBC_P^RzS&o||)8j?8vB3Y1+Xg`isGrZ$*aT&d*Iy9Z zX0_gZ!!yaMbZ5E;cqXNt^0)49921qj#)k-^U#l9Fa*~u2xH}6ED(sA;lai6kf`*X& z1XWm}+qGn6l1|6?z-LSR@l+Q=HeBJO&WFrn)r#Xpb5NshvZF0OLyi=sqijI9F;trh ziOW+^=rXSJ-Pfbqqt!%pLfzidUMV4Guwo!*2PN11v?>nMKdN>j;R79%BJ*fZ-TZ)< z6-~$sV(z+aF}I^KOg7>APxZQ_6I#?LitdCy$giBE z#p)=!vl2-O;Rtrooy%dJl|1t>H8DJ=NQIpc^ zOUXA6Qf=XDc#rO&5anP5nM%#JMc`hVv>yPfG8G`y#^;3wNHvqk5R9{8xvd*KlTnu{q2Pl)6 zxre86#j4?W##2fHRCDMV$HkVV{DqTW-%+n($#zg4+Bm`&6qb`naWzygXs!4 zw^5V8L)}y{1C{XHizw5oDG1bahEhod)1fyWyrN`uh z&YDx&OUh?H%~VMy!;@>h+{zYpMI}j@t(>5QS&ESx3zXIjcQCDmN@Piah+L>FHt$wr zb;rD|`X!jg@Uk+@9D?Q2V?Z4R3UkeU8JXTi)h}b-6V33Jx>MwB&QId5*DhUhGvbtjXtKskfeO6aSoNEW*Dsxp-M z^4_muMnpNU!K`_&qdW7a4_`-AqbDlny2a4u*h1wmCR6ny3_n$iP*fRlm^WF0P5MK&Qdf53K@Az6{q~~ta z40E;nlvRwBe^EpD8lH5=%2y-66c9nW; zK%OqD@gk)5C7yT*TNRnN+KA!Ye8H2DOn0`6qS~b7v-9*|lTysi@THrT-_Qy-qpTNi zRc>QyJ8PSQ3H)jP<95Y|nU8xEdO?lMgWgou=-B(bVi(%8&tZ?`^JQM{Vf^ZDB}0eF zf2#`6m`^zNVmiBzZtYcOV+k{1pMp)KH|h8Nu-_(L@fPwy4IY+}@ z%i|6x53%cZ02WMo2koC?-%(7keed1K!lrl8I9E~hL3BS+2ci1Q2bH}(r5;uPT!SUr zwoZ-d$wO#yM0XA;52@}Dg8h0}8Ax@9MNu44u#>-Bjp3Bur8Ew)LDkAVR!rujsKm?o zhNGDLVD4M-9;Qu2)an@8?GlQ3U-^tJ=6Bu~ombuaYOgqiCLcr78})(GlCg!f=!DXR zs$NDFJ$FL6ihE>-K2&aCF1!6CqRyvTA1UNLPffYI^wU}zGNW4v*-j}oOt>bTQgFxW zMPB$Z3`RKwosBgZ3(87ihpHNks%$!4sYTCnxfZz?@~MJt&S^CEGo=NaN=rY(z=}s% zK2z4?7Fq8z%0BZZwXWmM7h)$x@9?=YQ&&<0v0Kh6ec49-;H=UHH^ivbm&!g?Mi;+? z=(4kFM;JwuFCt3bS4vBnt>bIIMjt89gx=RFZK4bF(`l~#cm~=g{h?m-sC-v0lV5_z zHJUsb0g9%(`pdI%O=O+o!rk*1UFC8Cu9GQkHuy6yx`xSxxb9CC(}lnp5co2#vsIo) z&2;54uQ~8IvCB-U#R;Lbf0nC1n@fH#x%RME=+H~9iCbIlj5U?`It}C-YsE-1+ci^u z6;blgi9lw}Y*#*26}Sx8nogSok5L7#LF{#^E^y6Y>&Q{)x*@L@DY%o&c-a-Blgr@I ziWq|PxpQ6Jb+}=8dYgaMA@~@{W8%6%hTv(^_D`hU1xY-o95tcl_FK%>Un0uT1ZE|4?y=V)< zuca#xz;iddIx+SxU%JKR!?3(xyVd2zypA9Rze-Pwt=i_g=T!xt@AkUadAw%3E1${L z@WTG~ZkTb@n=lDG$|vlC9Vluq56--sbqpMxx7^~%rj=Cl?_9=hxo(s*a{5Y&!@V*PPk}r70ao3xSo#lg1 zxZc&t=OFwY3VaWGBz@#^>f|rsF^}$?hDXt9SFR4LY*Bgc97pno8c`)KkzXxr`ZYgP z>pH^NWj^aOS3jNC6@**1)7?4qy3bwPnEVaAHc{_dL_KiU6|R%Ng@;7!A{4Is5{3Rf zul~x_jmba2{~a2B7Kz4OaFvUdstt>l==1QXyXZQ_*pK|s*RJzA`8o(EMSlkg`@eA& zVR>njK6eKk_N}WW!}?M*zgh&~o36U2CCk*n`rKT;Ccxy{Sh(t z-$DTPC!N0Sx-0Ib{UmDOL-MZUXPlbOY+$4SWeR%?|yHc80b{Jn^$c81KgGV71!}yf`cR&4b{!=&$TsNi zzC|A|h;Pgb{1Aps<+uE^v9C9cFSTT^XDpvv8)QGjDEpq*%ed~dFOVkg>)M!G8)thlc@Dg=KN$#RbAz+7VL1;TTPQFLaW;iypQEVo zY&4iqp<7M_PV1UvqkvxL(c#&!?PA_LA{)EEOZcLu*=?A-46$X3j)u51k=Ym_i}{17 zY&`O^oL4_4bXp{~5-|+Tg?(4T;|f)WBSc<{>?kI$f(LGF zi75M9X2&q&YIuB5t*$`k-*1%-^q~8#dJbY^=0DlGCx5baujm3&>@k(b74vbEybD$D z?iI=-clP?G-+bnq1M~*^08aq9z>`2-5bAhXL@WEtBh&6U&r^~j?HG3En8l;ymdJ)N?+Nj<)?xC(?)S^b(J|S_v-lG zCUHGkWp2w0j9-X|i_ul~Z&}iemvoJLR##cjvh-UjZPRv4<)~Kk418Wf+ZXkf<6ABC zqJuh%F(p1?YqeA6JFDB~ z>MH+g_4Ek-bo2OCta4cE?iSuXCH{cEGOzW_&V1&J@pD<_{?_?M%=*^8h*xQrzZ^fF zRUT}8&&cn+7Vpa{kF^f*le=Q&_ZtN+jmPM+GX9jV@=WVrQ~0lE;=T2imNr!~ueuoT z)K!MG$&uBk0Qjiy;@9Z5M70U0&+ZOvB;G2z;Z@nGO;8g#1fo8oJCO+(1)C?FV${wN z8%NG=u|&sertR?0{_X$Wn}d5;<)Aiayy#3~LTu%zHam5Er!66uRgP(sae!ykB^=aO z#>8S`@FrE%A(&AopEGhtT5MEzOGS zwsJh!;Q!aD4m^zo%eUQR?ujN-x{8XANO#pORV1$<3T zBz_DY`~0shV5aTJh?=w8KlXQr%emgVxZt|mLd8YbqgZ%x#r2Ni+tb|N*;pYxa(nBo z8g(PQ*m=X?7BK8a)8b(_d`<13lbV6WH-wNqH#*9DQF#8v4{t=utI;$vi`(2>VhV#< zHV6f4ZXEz#lUKJ8ffn74l&>OCc=6k}JDNs8)-Al>@s@?XY^wkHLMLBEWOv)}I*rel zAUV2YV$rH1)Yig@*Zlc7Gn=oI7a_q^+T+U#6Hh}yVds5Dtvl^$ z3ZEFYt^{TUK^w-iCryo^;BGuHz;i6D6!*C->{z$H&D_Eg^;*{#_7_R~E^A$1PZGzC zTGzM@@rtdU&%T3j5-Frw$)K0R5v;KyA!oJ~6 z*-cq(zGR6(znBoiVhoe9C&`Oiv*TXkH(YNTkIEokvZKZA*iJnPiiRiRiO`%x7GfGN zT8-ce5)r>Fkr@o|fngI_3e}0rPjSg7C9!Qx?F-`cS{I89sL?yySQLAlhT2$G*jxYE zA0&&E=)4WZ_lu{8B!4>#H@yHWs%dt%vlLUZXcelmb{3_k_{ehNtSRy>nlN3mqZsP! z%xG$gmeE6a;Vt1+gtvqZ2Gve=DXc#-mDL_a+7x2dXuI1ZT2*^y3~PaFQF_`zs+Y7? zv>dwAo<)YW@Kl)(B(3`a9d$U_J3#0&|LEEQ`KW_DHHnWqps8K%z${4ojtG~4{Ca^g|)`X7I~?qo4)-AdPM-8ax4 zl{k%c^cn%}p$-+Mu{NfS(BNZ;TK03u)*)T6olv(KPx4*r%I2yRjR9=JY|?2qU9nYMc*J@Tc{2(CmDoMPe1* zkk}ch+nQK+){iE2udj#&-BA&%aH%R>k!fAHs7gZJ=MXdE0_vv-6QtL=&G13DMOQ|%RwYj}Zx8&{4(s17 z;5#IOpb|Ns#t5=OoYg$T2L1b|t^6Gd+MldrkoV09E|Pp)uXW#{1QwvW@_}PnkRC4% z5MUW+{)!teA|l`bx0qfG{3VT7XRiZNs!L(Nc&`EW6dQkO(~ zjarxC>2=;SYF%7?UYjmQTROy3m$O-{X`CnQ5u?`G&^4%axTpm4t$+P^n<_;{gffRq zFtpZ`Fr!?FA_}J;O3-oqsx6mE!y0N`p~F#l^);I zMy(qPLyBs2OQ&^_&`|jPyKP2#I)Hzco8Icm^J}&L9b1YXJJOTJVWZZKLE(!waix^S z|Hoi4#ytTd>q?9&s%eI;M9+sGU(+@*%@fvIyb@+dzqJzm)-`pAIKPs0v~KelK)a0F zV{GYZ8&`~4R}n4DJaiT6+a1(_1$@sc)=+Pbg*WFXYugs9wiBg@vihst4_(FGS^B4HRW7)&Y7;imX@X26J@yq!&v-$2di zL8rH~wWh~mQdOs_H`z79&u-eblZB|p^U-Tvwp&5EvXeDbn_xetbqj_4C}0K+nBP@cdj?|Btmyd|a#=YuXRa~ihr1PRHLQi$7qVEPpG__DSDC7 z=%eVUha5$}VF!0H59!aglxFR+J`mtt>?DgcJJ_4{m1vh&7tply3gWy6fecXxjc%aSK`Qs-9lNY16i_tEgoE?yu~a$EgL- z`8H}r&TVyY7=9bGbGs+mDx=on?MyYi*u#<~STUS_yN%jhpw{MYKe3KsSR|_nwbyIi z&!UP@#ZOS`d66bv{0ZaK&zinG_Ibz_8dfr`JMYn>)~IznyLW>~`HW=yM zfeL%!Ga?zi6QRa2T~RY$G(B;WuJWcXWoNVWlgLJtvJN>^GcLHE(n2Pt9==tC;K-?ATcOAURPdI1_noDUyLOvWi*A;V+_AB7$L$lt8`*GM%u-qZN| zss6jA-8lZJ@ed@&HaR#H{VD$5gu@qcHFO9~5H$Ky{B4KBE1McRiq;Am-8KHUz~KYH z8oDK&7IYhx-Xv|pahZmWrw4*=r_vjxjX2KG&^C(O4!XTcub0;2_>6|`M1uwGROz+S zS{(am=q|KK(A`vewX_;XhlW<@kf3|2^h#+Zjx9BGZ@MMuCsmpx!m*)-?oSarKo3%B zvB!==7=<5C;S8l7f*z^T#ZobjKWgZwX_la$Rq3U8Sq@(!*3c7Zm!K!B^b%8i9;UpBPa9p6FzoK1&zNFGmOQMm#prNnOML~b3((bqLMri13W&_9tw z(05gOm^2K>P8#}Gnjq*uReA`X#>XcKHS|MT3%ZGfP6qMd@QS5K!DDkBqmOsXjhpCI z-mZRrciUm4AV~fa7`%Z>GU}pq;l$ zPhnGVRQoPZbU#`oXp2gZWFv80q>0^-4hg!kN)Knlar|1eVNdK3x+Ul)Dm{b^!Ev;x zZXPlBqqFh5O+yc*h<%`kskGRPKp+i0oO*!H z9HG*Y_!2D^`x;tQMoc~7FylbG`3^O&`#^jlcon{x4+y{d>xGN?ynV92+%O4a+@EXk zU2Gf&V?gV*UgBF1$iG{3*9N-3x8ys}b`Ot|$a&E`ZZoF(zr*=Y>0T>Ly7m1eIUSqVEy4L;o5jaKP9<5 z%phry#NlpW+!7&=NY%LUeO$UX!L39~Daa!)Kx!=I;oO~_{fO_4@Z+Qj7=>3z>)?)H z^UB9)961-V^x#(Df8?l;HsMOd*(3Gv#O@%S_Q>pmnspK9Ch$+966Rs>nS~dG=Sd5s z2&5pgC_W){8bg*iFT*@(E#z5fxS#QHS96cR29nKl)=27$vwz#u<`E<^T7q*U1dWtN zL-DCdYJpVpkHBYAK?z-3NaAL(IE$2i!jL5dw#CqF3HjoZLST{0?)U^$l;=DUx9r4ZOZbZ#{VGI=9O3n2kM9zxh=0D;)<#zu zWIU6^&z!Nv>U;YjNGc#q(O7k2gGpS4s!rSw5mzCq3xjoI zBs;q6{!w34AW;)U2E@6j2OmX^sxhxJra4*VOiNG#4@yb9sjn=z z)c8bi9>PvFaIbhiZ`l>d0l*=ZbNNMKfeg9nnjyw2Q9nOu1{k^>3(fY zAIkkSre&j#0vo7gisVEGiT~Y4*HLOgwUPL0%e^M)cyRVi%z`p$OJdTS(|cMUm~H4hFIQ|{Z65&umD z=KC7@Q<@;?&ouOI4Sj~z3i@*meNIDvL8k?MRzph*9;JPb9tiqN4c$&de?@V{&4Zhq z*U%$1^ab46C~n@k$wdvnRKs7wOiu7$Yxsj2{xWXr3jT_Qzog;6k?6MIzt!-jS08DA zRidWL!GEXWJ81atCF&{oA2j?}4Sx-v5)k~48h(|AzmETpL-02={6P(W6OV}r{+5Qn zsNru*KY4YJ9!;X&PEbw*)PAC;l(?-aRa;>JJy+YtIZYTm%#aMFbS@D2&1kUPb`{ zojsr+D5!WrMI}X0P%$*X3tFi`UOsq7v()l}m)Mq?kd#)Mn3h(WT2|(zG%YPP&%5@F zvA^ehf4}GVd!F;hd7cCHI(xtGTA#J{+H3Euy8Kxr|L%{x#lJB?r(^F7rm0=V1?4$!+Nlm)oi2X(~C0{MJF{Z8Fb& zFH^}KD1pmZTlHUghf3~5^SRtvC7)2qU1&F#yQ<_LRB|v~<}&}ZJrCP?MZC%5&G zLsW84l^jZDE*n&Gf=cc|*^tGajP|U+(-fw1Hdo~=oY8k&=j}$%BT=E!O^lkn20cQh zzpK)FG3v+l-YWg9O7FvHI@fu_({uYjsdO`=OD6}SW zowr;)w?9y&4?t^T8T1&HK3S#5G8)5mKB)4!|79wDAfpvr=S^SF_5CW{!sr98^9{Y8 z>tCsKE0)^eIv*kOTz{g{6BxBAhdx-PcPMMP{vlY2gX_F)?YaM7zY-2YCMJ`DGt>%6h;xqe!ur{ey<-l2uOXnlv`R&qskhcZk;pWGyu@~b-p z$(;^$c;s)Z6@&%EoYGWZ>afFA-Vqv;rde~lLxJ02tL;j#PlmIWj^63uZQzXxO@%Iu zH*@xhZ;*LipsCP}@uwk7#XHi*+a0{!cq>d(A(#b24xoFW=;G}Tt}S^x&vV{W<;{hj za&M@U{VV@NNr(VN+<~_y3g4CSNAo9DB;9E=+_-tD#Zk@WkCw&s z*T~vI9TP=4<@K0dtUA8q=S=>5bxaS`5;~?cjYp);R=Uey8-qr?l#UDBH3NldbZ>tQ z*3o?@W?c2ejy}!E=UB{*>Vl3pJv6>pp3C!G4CXAJjd>!jS=MnY_2?VbLOygp2D8-4 zI{wsI&zmT9!kcDyy7Kl*-m-%j`!{BVbzC(`UiCukG`7{%X@5Y4POg|6J4LLn5+^#y z6Bop8V5RdstLHUMTPLTr8MuR0`!rkUPwV;*oKzjrY`lX!K5pP9Rvp>wb_P{qJEph3 zTPap=YxYGq+a&4RUk~)c#Ik0+Tgtuv82B+-Bb(jOutK``=Roi32h9$(mJj(1Lj1hE z`dZ|^nS<)Y>TzCam^i+0(2nYPUY8Q&OJ@fKiKVB!N>4SfKGmYd9L*13ze6Q)nClv9 zwbob1cwcgsFAc}^_3A|LG;ec82JV)vBIWoD_p=bqVckK^%)s5Z^8zY2g=pmJ0^UFW zU*3Vy{K?+lEk#B4*ZQMK|7~7_tfAdp#_Ip@?WgsFd{`yx=rWfb6xmnn3wfhTb|kkc zkew9yyyiUW2OrIBFs>&vmwCObP&lqR4!Ke#yHGZlT@|@jQww>%N_L}-T*j_b@O?~k z4026QgK>8{&1DZoj?=_JUZ|2i=_!|+D)Io$0LYV6ax?0d1(^?2D-@zMQILD7)*$=R9WJ+4ik=RB|BA=W<&`mP84^kAFWJCm8qT@<;w*c`tf zs^qSe&E;T4b`%})yIv)Cqm5kduEQ)KiRDmjEsb2(Iz|7L$fj#J47ddlS3*V z-%)gw%h8HFij9JNb5esmfbMWPMv=|T40)(Z#{M+fkmD5DpYc-Q&ddhi11W*agB1B5 z_7UX0>J74m=5v|f=RypBsE0gDC0l7Xm*W-rZDkYecPBLXPN2(N9<0cV(71}sq>_h_ z+jPi@id-U;@OO(!PQofrkcTRA5gKwa_jY`P@np*8a*8646UIT#QOUz-BbSFOGH({f zeiAAXxO_6z1HTp3d-ggco=qZ;+Dsq$%1({UxDC(92IbD(Y3aRLsSIMJkG?&LH za%XHLfMF7GXs@)rOdZC`%X7Sc(`yR%33B0F@6kRkD_whHX=GPzCYA*$TGpq9+f#b(Qz`}*@OUjC-^9#y|z7MrjoPBZ!=`x zg+59M)CNNSb#sI7sgwY@XqqB7(_-^6VReJ-#Q99&sfP1g-fiY#bLlA$ z?L|ed*VIEEz(ey;+BUU?)NKpod5UcN%=xJzGoMCtnGY(NBJ9=dh3}`E8t!coE$4Ev zBEO?~2l5q_TtY{=yg-q+Yqmo^q>>lX9WF0Y*@1ndU<-dPR|kXof(JYml8dKUEm0@Kfx`wGqkts=`||7Pw!?`2ds} z1kr`_*@C1Q4E`Ov`^|8_OyT1-@!&71_~i!*ej47q*^Bc57(I`8aXwGzuZaOa#_s+txGz_DTj5}t ziho_<`2;_7-l_PN3O}HWQrNg@7kI#{6d^_lK(C7LYI@4!i&j+hrx`T8Vehfs+b(!p zqwsuUE{gbjZ1Dx}!uh#E7={L;_mcB?iuS-gDLfwz_QqvVeKb5dW5rQ>*etfEm->UF@ zW-KzQiho1lyKB0G|3Gzp+px4bu5TOUMOeU~9pqxWw+|4nHx<6MrZxBtoDYC^+z-w# z5&Sf5!GC0TUjz4VDZH)p_)x`fSNH%-PsSEDRkrKq?sq7BU>8jwgwb|^2fR}e+A0Ao zQpFczXWv46--i5(;I8q3x0!ZtAH&-_3eRUsVdrzs2M8EjAi8jVxzH4I7cm6c?*1g) z?^1X#OsT^xeigr4;hSrkgZJNOi!XP-N8wv^(X@b&Vi$P8dli9CjYM%m72hiAwjJ@U zf?O^*YTO{dVE6VpyzNtXy+#jyfr{U+@Xi`%@EcV80fpzYR4~Ft#q+^%<$|lm6?_L( z@b4og>jWPr@@%3-?X-+Y;d` zxR({4X&893ia(_AqDBNiO~t>b@W|U52pjDJ5BPmW&}w)9e{5)Y=nm8T9Y{3v10wuK z;v>ZCNQ3Oe`E|l?3cuHG?lR0BRrq`2J-Gjv^8pxrgX`e@M&WnyA^4ki_gCQl1BHJe zJ^=51z;=C{Kc?`1bP@l65Tg=m6yZke^a~({+^2eNa1gF5pO{V zIB2^N9>B+na9c4ny&*!5C+I2S+w!C$UlXsvTcS$-gu1BnJFm#c#p94?tITnJw{T412iUzm zg}E;kzE-S-`%xmn!}{ zI?Y47qR4y1J&+%*`}a;cUZtlzw5yQc6}F4JAm6q7c138{6n>|;6TC~cE#*1?y~4jO zz74*EivNK|??!0X75Po^O~|KIq5Vk9AzOZgEDM{(Hy}sZeK&>GpA>$JxCQ($70>(q zWMQkg75pxhxf^tco8#SnvanuU54o&CcH;bd0x5i!-JCaqxvB7L#kFuhPsQJ&gguD- zZAD%!u7*6f!JOkAnh&|?4&=kaYvM}Cui1UKhSgsczFaH^zg5Nmrtr2#mjg3!Vy~Fp zRrqD%GPvKN;_oT^5^)LmUaH`KSNMhW!ybGr?kguHVhJ4GU;FRv)N}p=VZOo#*gdyn zqVofVFBXg8-b2Ozq3}gw5%_0zJKX)B3jdP$68KvU_8lK8{EL*g7f(MwsTF36FT&9U zyQ5C<{7B*FigUq#s^WR~WUXLpAv&t!|EAM>k+8gXvR23w^We?g5T>5<9}C$EzroIT zLoiPiex^7R?(;F*f&b4NZECX187 z->tCSOm2twh<++e5+{MbZ0C9S4hlb>+U-M5;3sEr z2srwb8nPqjF9?YWKi2L!3X$Xetrvtek+-E-RXiUAeL+YSQ^A{5Jnw+LAPg6I(@Z-R z&&O0>5QdEuhe2qn5_p&F1tCS`O+EkEBg6ydW3(>_$zn428!Ddn(OwXSioE6Mf{I5U z?S5oU-bZ^uNDvbsvo#IZ$N5`Agu=gR_hv;fEfhXp9iyTp)+6cL*2jqvs zQ|18q-D=yX{RMo-dMf-g#`|?nt9ag>jW@oC|AZe^e7M3hk%4!R8|)YrUc?_lR`Di< z*K|QmgfA!7;DPsdKNQfU2R=i^_oC6&h%fK%ekeRfg(8;`~3t?+QQP?kx}3 z(MRDQum|{Esp5IJ_&*pd{0Dybs(9WC{*S#S{)CF>-Q@oW4~y7C9Q>#f`YVF1W&fFq zk5u@-*kAbdKV-W;9-%0Ow{;XGHC%vWw8Af73-BA9gO8E@J`GU#d2AkjBUiQi_lg~3 z6oIdHfQ+az6if4E-1j&|PG)=#NVk;@-UiZc$k-tZL9lFr7dedf=#?OP%1jfMBk&kV zD&C^Fw@uY*t}-W)+aZ{fAd74=+TAcP-0p2L%vlva3!}kN-%#=K3U3=Z`S|sQ*d