From f47542925e334e17204371df2a1c9a50fa4157af Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 15 Oct 2013 16:47:16 +0200 Subject: [PATCH 001/219] virtio-ccw: move virtio_ccw_stop_ioeventfd to virtio_ccw_busdev_unplug Similar to the PCI bug that prompted these patches, virtio-ccw will segfault after the reworking of hotplug/hot-unplug. Prepare for this by moving virtio_ccw_stop_ioeventfd to before the freeing of the proxy device. A better place for this could be the device_unplugged callback for the virtio-ccw bus. However, we do not yet have a callback that works: this patch avoids the problem while leaving the tree bisectable. Cc: qemu-stable@nongnu.org Reported-by: Cornelia Huck Suggested-by: Cornelia Huck Reviewed-by: Cornelia Huck Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 0b81c1ef5c677c2a07be5f8bf0dfe2c62ef52115) Signed-off-by: Michael Roth --- hw/s390x/virtio-ccw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index f93a81c7cd..e8b4547409 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -631,7 +631,6 @@ static int virtio_ccw_exit(VirtioCcwDevice *dev) { SubchDev *sch = dev->sch; - virtio_ccw_stop_ioeventfd(dev); if (sch) { css_subch_assign(sch->cssid, sch->ssid, sch->schid, sch->devno, NULL); g_free(sch); @@ -1228,6 +1227,8 @@ static int virtio_ccw_busdev_unplug(DeviceState *dev) VirtioCcwDevice *_dev = (VirtioCcwDevice *)dev; SubchDev *sch = _dev->sch; + virtio_ccw_stop_ioeventfd(_dev); + /* * We should arrive here only for device_del, since we don't support * direct hot(un)plug of channels, but only through virtio. From d765275bb1785ceaef35feabab4071dedd6e2ecd Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 13:31:39 +0200 Subject: [PATCH 002/219] virtio-bus: remove vdev field The vdev field is complicated to synchronize. Just access the BusState's list of children. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 06d3dff0723c712a4b109ced4243edf49ef850af) Signed-off-by: Michael Roth --- hw/virtio/virtio-bus.c | 65 ++++++++++++++++++++-------------- hw/virtio/virtio-mmio.c | 9 ++--- hw/virtio/virtio-pci.c | 2 +- include/hw/virtio/virtio-bus.h | 16 ++++++--- 4 files changed, 57 insertions(+), 35 deletions(-) diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c index e6b103c991..17dd06e1a1 100644 --- a/hw/virtio/virtio-bus.c +++ b/hw/virtio/virtio-bus.c @@ -46,8 +46,6 @@ int virtio_bus_plug_device(VirtIODevice *vdev) VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus); DPRINTF("%s: plug device.\n", qbus->name); - bus->vdev = vdev; - if (klass->device_plugged != NULL) { klass->device_plugged(qbus->parent); } @@ -58,9 +56,11 @@ int virtio_bus_plug_device(VirtIODevice *vdev) /* Reset the virtio_bus */ void virtio_bus_reset(VirtioBusState *bus) { + VirtIODevice *vdev = virtio_bus_get_device(bus); + DPRINTF("%s: reset device.\n", qbus->name); - if (bus->vdev != NULL) { - virtio_reset(bus->vdev); + if (vdev != NULL) { + virtio_reset(vdev); } } @@ -69,62 +69,71 @@ void virtio_bus_destroy_device(VirtioBusState *bus) { BusState *qbus = BUS(bus); VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus); + VirtIODevice *vdev = virtio_bus_get_device(bus); + DPRINTF("%s: remove device.\n", qbus->name); - if (bus->vdev != NULL) { + if (vdev != NULL) { if (klass->device_unplug != NULL) { klass->device_unplug(qbus->parent); } - object_unparent(OBJECT(bus->vdev)); - bus->vdev = NULL; + object_unparent(OBJECT(vdev)); } } /* Get the device id of the plugged device. */ uint16_t virtio_bus_get_vdev_id(VirtioBusState *bus) { - assert(bus->vdev != NULL); - return bus->vdev->device_id; + VirtIODevice *vdev = virtio_bus_get_device(bus); + assert(vdev != NULL); + return vdev->device_id; } /* Get the config_len field of the plugged device. */ size_t virtio_bus_get_vdev_config_len(VirtioBusState *bus) { - assert(bus->vdev != NULL); - return bus->vdev->config_len; + VirtIODevice *vdev = virtio_bus_get_device(bus); + assert(vdev != NULL); + return vdev->config_len; } /* Get the features of the plugged device. */ uint32_t virtio_bus_get_vdev_features(VirtioBusState *bus, uint32_t requested_features) { + VirtIODevice *vdev = virtio_bus_get_device(bus); VirtioDeviceClass *k; - assert(bus->vdev != NULL); - k = VIRTIO_DEVICE_GET_CLASS(bus->vdev); + + assert(vdev != NULL); + k = VIRTIO_DEVICE_GET_CLASS(vdev); assert(k->get_features != NULL); - return k->get_features(bus->vdev, requested_features); + return k->get_features(vdev, requested_features); } /* Set the features of the plugged device. */ void virtio_bus_set_vdev_features(VirtioBusState *bus, uint32_t requested_features) { + VirtIODevice *vdev = virtio_bus_get_device(bus); VirtioDeviceClass *k; - assert(bus->vdev != NULL); - k = VIRTIO_DEVICE_GET_CLASS(bus->vdev); + + assert(vdev != NULL); + k = VIRTIO_DEVICE_GET_CLASS(vdev); if (k->set_features != NULL) { - k->set_features(bus->vdev, requested_features); + k->set_features(vdev, requested_features); } } /* Get bad features of the plugged device. */ uint32_t virtio_bus_get_vdev_bad_features(VirtioBusState *bus) { + VirtIODevice *vdev = virtio_bus_get_device(bus); VirtioDeviceClass *k; - assert(bus->vdev != NULL); - k = VIRTIO_DEVICE_GET_CLASS(bus->vdev); + + assert(vdev != NULL); + k = VIRTIO_DEVICE_GET_CLASS(vdev); if (k->bad_features != NULL) { - return k->bad_features(bus->vdev); + return k->bad_features(vdev); } else { return 0; } @@ -133,22 +142,26 @@ uint32_t virtio_bus_get_vdev_bad_features(VirtioBusState *bus) /* Get config of the plugged device. */ void virtio_bus_get_vdev_config(VirtioBusState *bus, uint8_t *config) { + VirtIODevice *vdev = virtio_bus_get_device(bus); VirtioDeviceClass *k; - assert(bus->vdev != NULL); - k = VIRTIO_DEVICE_GET_CLASS(bus->vdev); + + assert(vdev != NULL); + k = VIRTIO_DEVICE_GET_CLASS(vdev); if (k->get_config != NULL) { - k->get_config(bus->vdev, config); + k->get_config(vdev, config); } } /* Set config of the plugged device. */ void virtio_bus_set_vdev_config(VirtioBusState *bus, uint8_t *config) { + VirtIODevice *vdev = virtio_bus_get_device(bus); VirtioDeviceClass *k; - assert(bus->vdev != NULL); - k = VIRTIO_DEVICE_GET_CLASS(bus->vdev); + + assert(vdev != NULL); + k = VIRTIO_DEVICE_GET_CLASS(vdev); if (k->set_config != NULL) { - k->set_config(bus->vdev, config); + k->set_config(vdev, config); } } diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c index 29cf284d12..8829eb0e26 100644 --- a/hw/virtio/virtio-mmio.c +++ b/hw/virtio/virtio-mmio.c @@ -95,7 +95,7 @@ static void virtio_mmio_bus_new(VirtioBusState *bus, size_t bus_size, static uint64_t virtio_mmio_read(void *opaque, hwaddr offset, unsigned size) { VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque; - VirtIODevice *vdev = proxy->bus.vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); DPRINTF("virtio_mmio_read offset 0x%x\n", (int)offset); @@ -185,7 +185,7 @@ static void virtio_mmio_write(void *opaque, hwaddr offset, uint64_t value, unsigned size) { VirtIOMMIOProxy *proxy = (VirtIOMMIOProxy *)opaque; - VirtIODevice *vdev = proxy->bus.vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); DPRINTF("virtio_mmio_write offset 0x%x value 0x%" PRIx64 "\n", (int)offset, value); @@ -298,12 +298,13 @@ static const MemoryRegionOps virtio_mem_ops = { static void virtio_mmio_update_irq(DeviceState *opaque, uint16_t vector) { VirtIOMMIOProxy *proxy = VIRTIO_MMIO(opaque); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); int level; - if (!proxy->bus.vdev) { + if (!vdev) { return; } - level = (proxy->bus.vdev->isr != 0); + level = (vdev->isr != 0); DPRINTF("virtio_mmio setting IRQ %d\n", level); qemu_set_irq(proxy->irq, level); } diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 7647be8a3c..76b765211b 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -943,7 +943,7 @@ static void virtio_pci_device_plugged(DeviceState *d) uint8_t *config; uint32_t size; - proxy->vdev = bus->vdev; + proxy->vdev = virtio_bus_get_device(bus); config = proxy->pci_dev.config; if (proxy->class_code) { diff --git a/include/hw/virtio/virtio-bus.h b/include/hw/virtio/virtio-bus.h index 9217f85abc..ba0f86abf1 100644 --- a/include/hw/virtio/virtio-bus.h +++ b/include/hw/virtio/virtio-bus.h @@ -72,10 +72,6 @@ typedef struct VirtioBusClass { struct VirtioBusState { BusState parent_obj; - /* - * Only one VirtIODevice can be plugged on the bus. - */ - VirtIODevice *vdev; }; int virtio_bus_plug_device(VirtIODevice *vdev); @@ -98,4 +94,16 @@ void virtio_bus_get_vdev_config(VirtioBusState *bus, uint8_t *config); /* Set config of the plugged device. */ void virtio_bus_set_vdev_config(VirtioBusState *bus, uint8_t *config); +static inline VirtIODevice *virtio_bus_get_device(VirtioBusState *bus) +{ + BusState *qbus = &bus->parent_obj; + BusChild *kid = QTAILQ_FIRST(&qbus->children); + DeviceState *qdev = kid ? kid->child : NULL; + + /* This is used on the data path, the cast is guaranteed + * to succeed by the qdev machinery. + */ + return (VirtIODevice *)qdev; +} + #endif /* VIRTIO_BUS_H */ From a9b9ca7e0ebd9ce045158b0b00029cad827f3958 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 13:51:52 +0200 Subject: [PATCH 003/219] virtio-ccw: remove vdev field The vdev field is complicated to synchronize. Just access the BusState's list of children. Cc: qemu-stable@nongnu.org Reviewed-by: Cornelia Huck Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit f24a684073bcdaf4e9d3c592345744ba3356d9e3) Signed-off-by: Michael Roth --- hw/s390x/virtio-ccw.c | 80 ++++++++++++++++++++++++------------------- hw/s390x/virtio-ccw.h | 1 - 2 files changed, 44 insertions(+), 37 deletions(-) diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index e8b4547409..ecc80ecaf7 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -57,9 +57,10 @@ static const TypeInfo virtual_css_bus_info = { VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch) { VirtIODevice *vdev = NULL; + VirtioCcwDevice *dev = sch->driver_data; - if (sch->driver_data) { - vdev = ((VirtioCcwDevice *)sch->driver_data)->vdev; + if (dev) { + vdev = virtio_bus_get_device(&dev->bus); } return vdev; } @@ -67,7 +68,8 @@ VirtIODevice *virtio_ccw_get_vdev(SubchDev *sch) static int virtio_ccw_set_guest2host_notifier(VirtioCcwDevice *dev, int n, bool assign, bool set_handler) { - VirtQueue *vq = virtio_get_queue(dev->vdev, n); + VirtIODevice *vdev = virtio_bus_get_device(&dev->bus); + VirtQueue *vq = virtio_get_queue(vdev, n); EventNotifier *notifier = virtio_queue_get_host_notifier(vq); int r = 0; SubchDev *sch = dev->sch; @@ -97,6 +99,7 @@ static int virtio_ccw_set_guest2host_notifier(VirtioCcwDevice *dev, int n, static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev) { + VirtIODevice *vdev; int n, r; if (!(dev->flags & VIRTIO_CCW_FLAG_USE_IOEVENTFD) || @@ -104,8 +107,9 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev) dev->ioeventfd_started) { return; } + vdev = virtio_bus_get_device(&dev->bus); for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) { - if (!virtio_queue_get_num(dev->vdev, n)) { + if (!virtio_queue_get_num(vdev, n)) { continue; } r = virtio_ccw_set_guest2host_notifier(dev, n, true, true); @@ -118,7 +122,7 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev) assign_error: while (--n >= 0) { - if (!virtio_queue_get_num(dev->vdev, n)) { + if (!virtio_queue_get_num(vdev, n)) { continue; } r = virtio_ccw_set_guest2host_notifier(dev, n, false, false); @@ -132,13 +136,15 @@ static void virtio_ccw_start_ioeventfd(VirtioCcwDevice *dev) static void virtio_ccw_stop_ioeventfd(VirtioCcwDevice *dev) { + VirtIODevice *vdev; int n, r; if (!dev->ioeventfd_started) { return; } + vdev = virtio_bus_get_device(&dev->bus); for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) { - if (!virtio_queue_get_num(dev->vdev, n)) { + if (!virtio_queue_get_num(vdev, n)) { continue; } r = virtio_ccw_set_guest2host_notifier(dev, n, false, false); @@ -189,7 +195,7 @@ typedef struct VirtioFeatDesc { static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align, uint16_t index, uint16_t num) { - VirtioCcwDevice *dev = sch->driver_data; + VirtIODevice *vdev = virtio_ccw_get_vdev(sch); if (index > VIRTIO_PCI_QUEUE_MAX) { return -EINVAL; @@ -200,23 +206,23 @@ static int virtio_ccw_set_vqs(SubchDev *sch, uint64_t addr, uint32_t align, return -EINVAL; } - if (!dev) { + if (!vdev) { return -EINVAL; } - virtio_queue_set_addr(dev->vdev, index, addr); + virtio_queue_set_addr(vdev, index, addr); if (!addr) { - virtio_queue_set_vector(dev->vdev, index, 0); + virtio_queue_set_vector(vdev, index, 0); } else { /* Fail if we don't have a big enough queue. */ /* TODO: Add interface to handle vring.num changing */ - if (virtio_queue_get_num(dev->vdev, index) > num) { + if (virtio_queue_get_num(vdev, index) > num) { return -EINVAL; } - virtio_queue_set_vector(dev->vdev, index, index); + virtio_queue_set_vector(vdev, index, index); } /* tell notify handler in case of config change */ - dev->vdev->config_vector = VIRTIO_PCI_QUEUE_MAX; + vdev->config_vector = VIRTIO_PCI_QUEUE_MAX; return 0; } @@ -230,6 +236,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) hwaddr indicators; VqConfigBlock vq_config; VirtioCcwDevice *dev = sch->driver_data; + VirtIODevice *vdev = virtio_ccw_get_vdev(sch); bool check_len; int len; hwaddr hw_len; @@ -272,7 +279,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) break; case CCW_CMD_VDEV_RESET: virtio_ccw_stop_ioeventfd(dev); - virtio_reset(dev->vdev); + virtio_reset(vdev); ret = 0; break; case CCW_CMD_READ_FEAT: @@ -319,7 +326,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) features.features = ldl_le_phys(ccw.cda); if (features.index < ARRAY_SIZE(dev->host_features)) { virtio_bus_set_vdev_features(&dev->bus, features.features); - dev->vdev->guest_features = features.features; + vdev->guest_features = features.features; } else { /* * If the guest supports more feature bits, assert that it @@ -337,30 +344,30 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) break; case CCW_CMD_READ_CONF: if (check_len) { - if (ccw.count > dev->vdev->config_len) { + if (ccw.count > vdev->config_len) { ret = -EINVAL; break; } } - len = MIN(ccw.count, dev->vdev->config_len); + len = MIN(ccw.count, vdev->config_len); if (!ccw.cda) { ret = -EFAULT; } else { - virtio_bus_get_vdev_config(&dev->bus, dev->vdev->config); + virtio_bus_get_vdev_config(&dev->bus, vdev->config); /* XXX config space endianness */ - cpu_physical_memory_write(ccw.cda, dev->vdev->config, len); + cpu_physical_memory_write(ccw.cda, vdev->config, len); sch->curr_status.scsw.count = ccw.count - len; ret = 0; } break; case CCW_CMD_WRITE_CONF: if (check_len) { - if (ccw.count > dev->vdev->config_len) { + if (ccw.count > vdev->config_len) { ret = -EINVAL; break; } } - len = MIN(ccw.count, dev->vdev->config_len); + len = MIN(ccw.count, vdev->config_len); hw_len = len; if (!ccw.cda) { ret = -EFAULT; @@ -371,9 +378,9 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) } else { len = hw_len; /* XXX config space endianness */ - memcpy(dev->vdev->config, config, len); + memcpy(vdev->config, config, len); cpu_physical_memory_unmap(config, hw_len, 0, hw_len); - virtio_bus_set_vdev_config(&dev->bus, dev->vdev->config); + virtio_bus_set_vdev_config(&dev->bus, vdev->config); sch->curr_status.scsw.count = ccw.count - len; ret = 0; } @@ -397,9 +404,9 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) { virtio_ccw_stop_ioeventfd(dev); } - virtio_set_status(dev->vdev, status); - if (dev->vdev->status == 0) { - virtio_reset(dev->vdev); + virtio_set_status(vdev, status); + if (vdev->status == 0) { + virtio_reset(vdev); } if (status & VIRTIO_CONFIG_S_DRIVER_OK) { virtio_ccw_start_ioeventfd(dev); @@ -463,7 +470,7 @@ static int virtio_ccw_cb(SubchDev *sch, CCW1 ccw) ret = -EFAULT; } else { vq_config.index = lduw_phys(ccw.cda); - vq_config.num_max = virtio_queue_get_num(dev->vdev, + vq_config.num_max = virtio_queue_get_num(vdev, vq_config.index); stw_phys(ccw.cda + sizeof(vq_config.index), vq_config.num_max); sch->curr_status.scsw.count = ccw.count - sizeof(vq_config); @@ -495,7 +502,6 @@ static int virtio_ccw_device_init(VirtioCcwDevice *dev, VirtIODevice *vdev) sch->driver_data = dev; dev->sch = sch; - dev->vdev = vdev; dev->indicators = 0; /* Initialize subchannel structure. */ @@ -608,7 +614,7 @@ static int virtio_ccw_device_init(VirtioCcwDevice *dev, VirtIODevice *vdev) memset(&sch->id, 0, sizeof(SenseId)); sch->id.reserved = 0xff; sch->id.cu_type = VIRTIO_CCW_CU_TYPE; - sch->id.cu_model = dev->vdev->device_id; + sch->id.cu_model = vdev->device_id; /* Only the first 32 feature bits are used. */ dev->host_features[0] = virtio_bus_get_vdev_features(&dev->bus, @@ -891,9 +897,10 @@ static unsigned virtio_ccw_get_features(DeviceState *d) static void virtio_ccw_reset(DeviceState *d) { VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d); + VirtIODevice *vdev = virtio_bus_get_device(&dev->bus); virtio_ccw_stop_ioeventfd(dev); - virtio_reset(dev->vdev); + virtio_reset(vdev); css_reset_sch(dev->sch); dev->indicators = 0; dev->indicators2 = 0; @@ -933,9 +940,10 @@ static int virtio_ccw_set_host_notifier(DeviceState *d, int n, bool assign) static int virtio_ccw_set_guest_notifier(VirtioCcwDevice *dev, int n, bool assign, bool with_irqfd) { - VirtQueue *vq = virtio_get_queue(dev->vdev, n); + VirtIODevice *vdev = virtio_bus_get_device(&dev->bus); + VirtQueue *vq = virtio_get_queue(vdev, n); EventNotifier *notifier = virtio_queue_get_guest_notifier(vq); - VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(dev->vdev); + VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); if (assign) { int r = event_notifier_init(notifier, 0); @@ -951,16 +959,16 @@ static int virtio_ccw_set_guest_notifier(VirtioCcwDevice *dev, int n, * land in qemu (and only the irq fd) in this code. */ if (k->guest_notifier_mask) { - k->guest_notifier_mask(dev->vdev, n, false); + k->guest_notifier_mask(vdev, n, false); } /* get lost events and re-inject */ if (k->guest_notifier_pending && - k->guest_notifier_pending(dev->vdev, n)) { + k->guest_notifier_pending(vdev, n)) { event_notifier_set(notifier); } } else { if (k->guest_notifier_mask) { - k->guest_notifier_mask(dev->vdev, n, true); + k->guest_notifier_mask(vdev, n, true); } virtio_queue_set_guest_notifier_fd_handler(vq, false, with_irqfd); event_notifier_cleanup(notifier); @@ -972,7 +980,7 @@ static int virtio_ccw_set_guest_notifiers(DeviceState *d, int nvqs, bool assigned) { VirtioCcwDevice *dev = VIRTIO_CCW_DEVICE(d); - VirtIODevice *vdev = dev->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&dev->bus); int r, n; for (n = 0; n < nvqs; n++) { diff --git a/hw/s390x/virtio-ccw.h b/hw/s390x/virtio-ccw.h index 96d6f5d5b7..00932c746d 100644 --- a/hw/s390x/virtio-ccw.h +++ b/hw/s390x/virtio-ccw.h @@ -77,7 +77,6 @@ typedef struct VirtIOCCWDeviceClass { struct VirtioCcwDevice { DeviceState parent_obj; SubchDev *sch; - VirtIODevice *vdev; char *bus_id; uint32_t host_features[VIRTIO_CCW_FEATURE_SIZE]; VirtioBusState bus; From cbf23fdf219a20191e115725fd15fb7521136dd4 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 13:36:40 +0200 Subject: [PATCH 004/219] virtio-pci: remove vdev field The vdev field is complicated to synchronize. Just access the BusState's list of children. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit a3fc66d9fd37acbfcee013692246a8ae42bd93bb) Signed-off-by: Michael Roth --- hw/virtio/virtio-pci.c | 110 ++++++++++++++++++++++++----------------- hw/virtio/virtio-pci.h | 1 - 2 files changed, 65 insertions(+), 46 deletions(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 76b765211b..15b92e918b 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -113,31 +113,40 @@ static inline VirtIOPCIProxy *to_virtio_pci_proxy_fast(DeviceState *d) static void virtio_pci_notify(DeviceState *d, uint16_t vector) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy_fast(d); + if (msix_enabled(&proxy->pci_dev)) msix_notify(&proxy->pci_dev, vector); - else - pci_set_irq(&proxy->pci_dev, proxy->vdev->isr & 1); + else { + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + pci_set_irq(&proxy->pci_dev, vdev->isr & 1); + } } static void virtio_pci_save_config(DeviceState *d, QEMUFile *f) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + pci_device_save(&proxy->pci_dev, f); msix_save(&proxy->pci_dev, f); if (msix_present(&proxy->pci_dev)) - qemu_put_be16(f, proxy->vdev->config_vector); + qemu_put_be16(f, vdev->config_vector); } static void virtio_pci_save_queue(DeviceState *d, int n, QEMUFile *f) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + if (msix_present(&proxy->pci_dev)) - qemu_put_be16(f, virtio_queue_vector(proxy->vdev, n)); + qemu_put_be16(f, virtio_queue_vector(vdev, n)); } static int virtio_pci_load_config(DeviceState *d, QEMUFile *f) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + int ret; ret = pci_device_load(&proxy->pci_dev, f); if (ret) { @@ -146,12 +155,12 @@ static int virtio_pci_load_config(DeviceState *d, QEMUFile *f) msix_unuse_all_vectors(&proxy->pci_dev); msix_load(&proxy->pci_dev, f); if (msix_present(&proxy->pci_dev)) { - qemu_get_be16s(f, &proxy->vdev->config_vector); + qemu_get_be16s(f, &vdev->config_vector); } else { - proxy->vdev->config_vector = VIRTIO_NO_VECTOR; + vdev->config_vector = VIRTIO_NO_VECTOR; } - if (proxy->vdev->config_vector != VIRTIO_NO_VECTOR) { - return msix_vector_use(&proxy->pci_dev, proxy->vdev->config_vector); + if (vdev->config_vector != VIRTIO_NO_VECTOR) { + return msix_vector_use(&proxy->pci_dev, vdev->config_vector); } return 0; } @@ -159,13 +168,15 @@ static int virtio_pci_load_config(DeviceState *d, QEMUFile *f) static int virtio_pci_load_queue(DeviceState *d, int n, QEMUFile *f) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + uint16_t vector; if (msix_present(&proxy->pci_dev)) { qemu_get_be16s(f, &vector); } else { vector = VIRTIO_NO_VECTOR; } - virtio_queue_set_vector(proxy->vdev, n, vector); + virtio_queue_set_vector(vdev, n, vector); if (vector != VIRTIO_NO_VECTOR) { return msix_vector_use(&proxy->pci_dev, vector); } @@ -175,7 +186,8 @@ static int virtio_pci_load_queue(DeviceState *d, int n, QEMUFile *f) static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy, int n, bool assign, bool set_handler) { - VirtQueue *vq = virtio_get_queue(proxy->vdev, n); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + VirtQueue *vq = virtio_get_queue(vdev, n); EventNotifier *notifier = virtio_queue_get_host_notifier(vq); int r = 0; @@ -200,6 +212,7 @@ static int virtio_pci_set_host_notifier_internal(VirtIOPCIProxy *proxy, static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy) { + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); int n, r; if (!(proxy->flags & VIRTIO_PCI_FLAG_USE_IOEVENTFD) || @@ -209,7 +222,7 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy) } for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) { - if (!virtio_queue_get_num(proxy->vdev, n)) { + if (!virtio_queue_get_num(vdev, n)) { continue; } @@ -223,7 +236,7 @@ static void virtio_pci_start_ioeventfd(VirtIOPCIProxy *proxy) assign_error: while (--n >= 0) { - if (!virtio_queue_get_num(proxy->vdev, n)) { + if (!virtio_queue_get_num(vdev, n)) { continue; } @@ -236,6 +249,7 @@ assign_error: static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy) { + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); int r; int n; @@ -244,7 +258,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy) } for (n = 0; n < VIRTIO_PCI_QUEUE_MAX; n++) { - if (!virtio_queue_get_num(proxy->vdev, n)) { + if (!virtio_queue_get_num(vdev, n)) { continue; } @@ -257,7 +271,7 @@ static void virtio_pci_stop_ioeventfd(VirtIOPCIProxy *proxy) static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val) { VirtIOPCIProxy *proxy = opaque; - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); hwaddr pa; switch (addr) { @@ -272,7 +286,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val) pa = (hwaddr)val << VIRTIO_PCI_QUEUE_ADDR_SHIFT; if (pa == 0) { virtio_pci_stop_ioeventfd(proxy); - virtio_reset(proxy->vdev); + virtio_reset(vdev); msix_unuse_all_vectors(&proxy->pci_dev); } else @@ -299,7 +313,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val) } if (vdev->status == 0) { - virtio_reset(proxy->vdev); + virtio_reset(vdev); msix_unuse_all_vectors(&proxy->pci_dev); } @@ -335,7 +349,7 @@ static void virtio_ioport_write(void *opaque, uint32_t addr, uint32_t val) static uint32_t virtio_ioport_read(VirtIOPCIProxy *proxy, uint32_t addr) { - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); uint32_t ret = 0xFFFFFFFF; switch (addr) { @@ -381,6 +395,7 @@ static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr, unsigned size) { VirtIOPCIProxy *proxy = opaque; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev); uint64_t val = 0; if (addr < config) { @@ -390,16 +405,16 @@ static uint64_t virtio_pci_config_read(void *opaque, hwaddr addr, switch (size) { case 1: - val = virtio_config_readb(proxy->vdev, addr); + val = virtio_config_readb(vdev, addr); break; case 2: - val = virtio_config_readw(proxy->vdev, addr); + val = virtio_config_readw(vdev, addr); if (virtio_is_big_endian()) { val = bswap16(val); } break; case 4: - val = virtio_config_readl(proxy->vdev, addr); + val = virtio_config_readl(vdev, addr); if (virtio_is_big_endian()) { val = bswap32(val); } @@ -413,6 +428,7 @@ static void virtio_pci_config_write(void *opaque, hwaddr addr, { VirtIOPCIProxy *proxy = opaque; uint32_t config = VIRTIO_PCI_CONFIG(&proxy->pci_dev); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); if (addr < config) { virtio_ioport_write(proxy, addr, val); return; @@ -424,19 +440,19 @@ static void virtio_pci_config_write(void *opaque, hwaddr addr, */ switch (size) { case 1: - virtio_config_writeb(proxy->vdev, addr, val); + virtio_config_writeb(vdev, addr, val); break; case 2: if (virtio_is_big_endian()) { val = bswap16(val); } - virtio_config_writew(proxy->vdev, addr, val); + virtio_config_writew(vdev, addr, val); break; case 4: if (virtio_is_big_endian()) { val = bswap32(val); } - virtio_config_writel(proxy->vdev, addr, val); + virtio_config_writel(vdev, addr, val); break; } } @@ -455,6 +471,7 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address, uint32_t val, int len) { VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); pci_default_write_config(pci_dev, address, val, len); @@ -462,8 +479,7 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address, !(pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER) && !(proxy->flags & VIRTIO_PCI_FLAG_BUS_MASTER_BUG)) { virtio_pci_stop_ioeventfd(proxy); - virtio_set_status(proxy->vdev, - proxy->vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK); + virtio_set_status(vdev, vdev->status & ~VIRTIO_CONFIG_S_DRIVER_OK); } } @@ -506,7 +522,8 @@ static int kvm_virtio_pci_irqfd_use(VirtIOPCIProxy *proxy, unsigned int vector) { VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector]; - VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + VirtQueue *vq = virtio_get_queue(vdev, queue_no); EventNotifier *n = virtio_queue_get_guest_notifier(vq); int ret; ret = kvm_irqchip_add_irqfd_notifier(kvm_state, n, NULL, irqfd->virq); @@ -517,7 +534,8 @@ static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy, unsigned int queue_no, unsigned int vector) { - VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + VirtQueue *vq = virtio_get_queue(vdev, queue_no); EventNotifier *n = virtio_queue_get_guest_notifier(vq); VirtIOIRQFD *irqfd = &proxy->vector_irqfd[vector]; int ret; @@ -529,7 +547,7 @@ static void kvm_virtio_pci_irqfd_release(VirtIOPCIProxy *proxy, static int kvm_virtio_pci_vector_use(VirtIOPCIProxy *proxy, int nvqs) { PCIDevice *dev = &proxy->pci_dev; - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); unsigned int vector; int ret, queue_no; @@ -578,7 +596,7 @@ undo: static void kvm_virtio_pci_vector_release(VirtIOPCIProxy *proxy, int nvqs) { PCIDevice *dev = &proxy->pci_dev; - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); unsigned int vector; int queue_no; VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); @@ -606,8 +624,9 @@ static int virtio_pci_vq_vector_unmask(VirtIOPCIProxy *proxy, unsigned int vector, MSIMessage msg) { - VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev); - VirtQueue *vq = virtio_get_queue(proxy->vdev, queue_no); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); + VirtQueue *vq = virtio_get_queue(vdev, queue_no); EventNotifier *n = virtio_queue_get_guest_notifier(vq); VirtIOIRQFD *irqfd; int ret = 0; @@ -626,10 +645,10 @@ static int virtio_pci_vq_vector_unmask(VirtIOPCIProxy *proxy, * Otherwise, set it up now. */ if (k->guest_notifier_mask) { - k->guest_notifier_mask(proxy->vdev, queue_no, false); + k->guest_notifier_mask(vdev, queue_no, false); /* Test after unmasking to avoid losing events. */ if (k->guest_notifier_pending && - k->guest_notifier_pending(proxy->vdev, queue_no)) { + k->guest_notifier_pending(vdev, queue_no)) { event_notifier_set(n); } } else { @@ -642,13 +661,14 @@ static void virtio_pci_vq_vector_mask(VirtIOPCIProxy *proxy, unsigned int queue_no, unsigned int vector) { - VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(proxy->vdev); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); /* If guest supports masking, keep irqfd but mask it. * Otherwise, clean it up now. */ if (k->guest_notifier_mask) { - k->guest_notifier_mask(proxy->vdev, queue_no, true); + k->guest_notifier_mask(vdev, queue_no, true); } else { kvm_virtio_pci_irqfd_release(proxy, queue_no, vector); } @@ -658,7 +678,7 @@ static int virtio_pci_vector_unmask(PCIDevice *dev, unsigned vector, MSIMessage msg) { VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev); - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); int ret, queue_no; for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) { @@ -688,7 +708,7 @@ undo: static void virtio_pci_vector_mask(PCIDevice *dev, unsigned vector) { VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev); - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); int queue_no; for (queue_no = 0; queue_no < proxy->nvqs_with_notifiers; queue_no++) { @@ -707,7 +727,7 @@ static void virtio_pci_vector_poll(PCIDevice *dev, unsigned int vector_end) { VirtIOPCIProxy *proxy = container_of(dev, VirtIOPCIProxy, pci_dev); - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); int queue_no; unsigned int vector; @@ -739,8 +759,9 @@ static int virtio_pci_set_guest_notifier(DeviceState *d, int n, bool assign, bool with_irqfd) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d); - VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(proxy->vdev); - VirtQueue *vq = virtio_get_queue(proxy->vdev, n); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); + VirtioDeviceClass *vdc = VIRTIO_DEVICE_GET_CLASS(vdev); + VirtQueue *vq = virtio_get_queue(vdev, n); EventNotifier *notifier = virtio_queue_get_guest_notifier(vq); if (assign) { @@ -755,7 +776,7 @@ static int virtio_pci_set_guest_notifier(DeviceState *d, int n, bool assign, } if (!msix_enabled(&proxy->pci_dev) && vdc->guest_notifier_mask) { - vdc->guest_notifier_mask(proxy->vdev, n, !assign); + vdc->guest_notifier_mask(vdev, n, !assign); } return 0; @@ -770,7 +791,7 @@ static bool virtio_pci_query_guest_notifiers(DeviceState *d) static int virtio_pci_set_guest_notifiers(DeviceState *d, int nvqs, bool assign) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d); - VirtIODevice *vdev = proxy->vdev; + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(vdev); int r, n; bool with_irqfd = msix_enabled(&proxy->pci_dev) && @@ -864,11 +885,12 @@ static int virtio_pci_set_host_notifier(DeviceState *d, int n, bool assign) static void virtio_pci_vmstate_change(DeviceState *d, bool running) { VirtIOPCIProxy *proxy = to_virtio_pci_proxy(d); + VirtIODevice *vdev = virtio_bus_get_device(&proxy->bus); if (running) { /* Try to find out if the guest has bus master disabled, but is in ready state. Then we have a buggy guest OS. */ - if ((proxy->vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) && + if ((vdev->status & VIRTIO_CONFIG_S_DRIVER_OK) && !(proxy->pci_dev.config[PCI_COMMAND] & PCI_COMMAND_MASTER)) { proxy->flags |= VIRTIO_PCI_FLAG_BUS_MASTER_BUG; } @@ -943,8 +965,6 @@ static void virtio_pci_device_plugged(DeviceState *d) uint8_t *config; uint32_t size; - proxy->vdev = virtio_bus_get_device(bus); - config = proxy->pci_dev.config; if (proxy->class_code) { pci_config_set_class(config, proxy->class_code); diff --git a/hw/virtio/virtio-pci.h b/hw/virtio/virtio-pci.h index 917bcc5348..dc332ae774 100644 --- a/hw/virtio/virtio-pci.h +++ b/hw/virtio/virtio-pci.h @@ -82,7 +82,6 @@ typedef struct VirtioPCIClass { struct VirtIOPCIProxy { PCIDevice pci_dev; - VirtIODevice *vdev; MemoryRegion bar; uint32_t flags; uint32_t class_code; From 40699a469ec9ead969bb89e0cf6bd6254566bb54 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 13:59:08 +0200 Subject: [PATCH 005/219] virtio-bus: cleanup plug/unplug interface Right now we have these pairs: - virtio_bus_plug_device/virtio_bus_destroy_device. The first takes a VirtIODevice, the second takes a VirtioBusState - device_plugged/device_unplug callbacks in the VirtioBusClass (here it's just the naming that is inconsistent) - virtio_bus_destroy_device is not called by anyone (and since it calls qdev_free, it would be called by the proxies---but then the callback is useless since the proxies can do whatever they want before calling virtio_bus_destroy_device) And there is a k->init but no k->exit, hence virtio_device_exit is overwritten by subclasses (except virtio-9p). This cleans it up by: - renaming the device_unplug callback to device_unplugged - renaming virtio_bus_plug_device to virtio_bus_device_plugged, matching the callback name - renaming virtio_bus_destroy_device to virtio_bus_device_unplugged, removing the qdev_free, making it take a VirtIODevice and calling it from virtio_device_exit - adding a k->exit callback virtio_device_exit is still overwritten, the next patches will fix that. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 5e96f5d2f8d2696ef7d2d8d7282c18fa6023470b) Signed-off-by: Michael Roth --- hw/virtio/virtio-bus.c | 19 +++++++++---------- hw/virtio/virtio.c | 7 ++++++- include/hw/virtio/virtio-bus.h | 6 +++--- include/hw/virtio/virtio.h | 1 + 4 files changed, 19 insertions(+), 14 deletions(-) diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c index 17dd06e1a1..eb77019267 100644 --- a/hw/virtio/virtio-bus.c +++ b/hw/virtio/virtio-bus.c @@ -37,8 +37,8 @@ do { printf("virtio_bus: " fmt , ## __VA_ARGS__); } while (0) #define DPRINTF(fmt, ...) do { } while (0) #endif -/* Plug the VirtIODevice */ -int virtio_bus_plug_device(VirtIODevice *vdev) +/* A VirtIODevice is being plugged */ +int virtio_bus_device_plugged(VirtIODevice *vdev) { DeviceState *qdev = DEVICE(vdev); BusState *qbus = BUS(qdev_get_parent_bus(qdev)); @@ -64,20 +64,19 @@ void virtio_bus_reset(VirtioBusState *bus) } } -/* Destroy the VirtIODevice */ -void virtio_bus_destroy_device(VirtioBusState *bus) +/* A VirtIODevice is being unplugged */ +void virtio_bus_device_unplugged(VirtIODevice *vdev) { - BusState *qbus = BUS(bus); - VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(bus); - VirtIODevice *vdev = virtio_bus_get_device(bus); + DeviceState *qdev = DEVICE(vdev); + BusState *qbus = BUS(qdev_get_parent_bus(qdev)); + VirtioBusClass *klass = VIRTIO_BUS_GET_CLASS(qbus); DPRINTF("%s: remove device.\n", qbus->name); if (vdev != NULL) { - if (klass->device_unplug != NULL) { - klass->device_unplug(qbus->parent); + if (klass->device_unplugged != NULL) { + klass->device_unplugged(qbus->parent); } - object_unparent(OBJECT(vdev)); } } diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 2f1e73bc75..965b2c0233 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -1158,14 +1158,19 @@ static int virtio_device_init(DeviceState *qdev) if (k->init(vdev) < 0) { return -1; } - virtio_bus_plug_device(vdev); + virtio_bus_device_plugged(vdev); return 0; } static int virtio_device_exit(DeviceState *qdev) { VirtIODevice *vdev = VIRTIO_DEVICE(qdev); + VirtioDeviceClass *k = VIRTIO_DEVICE_GET_CLASS(qdev); + virtio_bus_device_unplugged(vdev); + if (k->exit) { + k->exit(vdev); + } if (vdev->bus_name) { g_free(vdev->bus_name); vdev->bus_name = NULL; diff --git a/include/hw/virtio/virtio-bus.h b/include/hw/virtio/virtio-bus.h index ba0f86abf1..0756545d4d 100644 --- a/include/hw/virtio/virtio-bus.h +++ b/include/hw/virtio/virtio-bus.h @@ -61,7 +61,7 @@ typedef struct VirtioBusClass { * transport independent exit function. * This is called by virtio-bus just before the device is unplugged. */ - void (*device_unplug)(DeviceState *d); + void (*device_unplugged)(DeviceState *d); /* * Does the transport have variable vring alignment? * (ie can it ever call virtio_queue_set_align()?) @@ -74,9 +74,9 @@ struct VirtioBusState { BusState parent_obj; }; -int virtio_bus_plug_device(VirtIODevice *vdev); +int virtio_bus_device_plugged(VirtIODevice *vdev); void virtio_bus_reset(VirtioBusState *bus); -void virtio_bus_destroy_device(VirtioBusState *bus); +void virtio_bus_device_unplugged(VirtIODevice *bus); /* Get the device id of the plugged device. */ uint16_t virtio_bus_get_vdev_id(VirtioBusState *bus); /* Get the config_len field of the plugged device. */ diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index a90522d6d6..59756c29b9 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -127,6 +127,7 @@ typedef struct VirtioDeviceClass { /* This is what a VirtioDevice must implement */ DeviceClass parent; int (*init)(VirtIODevice *vdev); + void (*exit)(VirtIODevice *vdev); uint32_t (*get_features)(VirtIODevice *vdev, uint32_t requested_features); uint32_t (*bad_features)(VirtIODevice *vdev); void (*set_features)(VirtIODevice *vdev, uint32_t val); From e84e23de3595c48d58745d518c323350bbf228f0 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 14:05:42 +0200 Subject: [PATCH 006/219] virtio-blk: switch exit callback to VirtioDeviceClass This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 40dfc16f5fe0afb66f9436718781264dfadb6c61) Signed-off-by: Michael Roth --- hw/block/virtio-blk.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c index 13f6d8276e..7f0440f3a8 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -728,20 +728,18 @@ static int virtio_blk_device_init(VirtIODevice *vdev) return 0; } -static int virtio_blk_device_exit(DeviceState *dev) +static void virtio_blk_device_exit(VirtIODevice *vdev) { - VirtIODevice *vdev = VIRTIO_DEVICE(dev); - VirtIOBlock *s = VIRTIO_BLK(dev); + VirtIOBlock *s = VIRTIO_BLK(vdev); #ifdef CONFIG_VIRTIO_BLK_DATA_PLANE remove_migration_state_change_notifier(&s->migration_state_notifier); virtio_blk_data_plane_destroy(s->dataplane); s->dataplane = NULL; #endif qemu_del_vm_change_state_handler(s->change); - unregister_savevm(dev, "virtio-blk", s); + unregister_savevm(DEVICE(vdev), "virtio-blk", s); blockdev_mark_auto_del(s->bs); virtio_cleanup(vdev); - return 0; } static Property virtio_blk_properties[] = { @@ -753,10 +751,10 @@ static void virtio_blk_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); - dc->exit = virtio_blk_device_exit; dc->props = virtio_blk_properties; set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); vdc->init = virtio_blk_device_init; + vdc->exit = virtio_blk_device_exit; vdc->get_config = virtio_blk_update_config; vdc->set_config = virtio_blk_set_config; vdc->get_features = virtio_blk_get_features; From e6c007056c3c40017bf8d00e4a0d259905f6e2cf Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 14:05:56 +0200 Subject: [PATCH 007/219] virtio-serial: switch exit callback to VirtioDeviceClass This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 0e86c13fe2058adb8c792ebb7c51a6a7ca9d3d55) Signed-off-by: Michael Roth --- hw/char/virtio-serial-bus.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index 703f026370..a7ede90ec1 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -987,12 +987,11 @@ static const TypeInfo virtio_serial_port_type_info = { .class_init = virtio_serial_port_class_init, }; -static int virtio_serial_device_exit(DeviceState *dev) +static void virtio_serial_device_exit(VirtIODevice *vdev) { - VirtIOSerial *vser = VIRTIO_SERIAL(dev); - VirtIODevice *vdev = VIRTIO_DEVICE(dev); + VirtIOSerial *vser = VIRTIO_SERIAL(vdev); - unregister_savevm(dev, "virtio-console", vser); + unregister_savevm(DEVICE(vdev), "virtio-console", vser); g_free(vser->ivqs); g_free(vser->ovqs); @@ -1004,7 +1003,6 @@ static int virtio_serial_device_exit(DeviceState *dev) g_free(vser->post_load); } virtio_cleanup(vdev); - return 0; } static Property virtio_serial_properties[] = { @@ -1016,10 +1014,10 @@ static void virtio_serial_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); - dc->exit = virtio_serial_device_exit; dc->props = virtio_serial_properties; set_bit(DEVICE_CATEGORY_INPUT, dc->categories); vdc->init = virtio_serial_device_init; + vdc->exit = virtio_serial_device_exit; vdc->get_features = get_features; vdc->get_config = get_config; vdc->set_config = set_config; From 8f08550ee2c743c1c3057849d3fb4093afac3472 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 14:06:08 +0200 Subject: [PATCH 008/219] virtio-net: switch exit callback to VirtioDeviceClass This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 3786cff5eb384d058395a2729af627fa3253d056) Signed-off-by: Michael Roth --- hw/net/virtio-net.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index b75c753305..93a81ebefd 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1570,16 +1570,15 @@ static int virtio_net_device_init(VirtIODevice *vdev) return 0; } -static int virtio_net_device_exit(DeviceState *qdev) +static void virtio_net_device_exit(VirtIODevice *vdev) { - VirtIONet *n = VIRTIO_NET(qdev); - VirtIODevice *vdev = VIRTIO_DEVICE(qdev); + VirtIONet *n = VIRTIO_NET(vdev); int i; /* This will stop vhost backend if appropriate. */ virtio_net_set_status(vdev, 0); - unregister_savevm(qdev, "virtio-net", n); + unregister_savevm(DEVICE(vdev), "virtio-net", n); if (n->netclient_name) { g_free(n->netclient_name); @@ -1610,8 +1609,6 @@ static int virtio_net_device_exit(DeviceState *qdev) g_free(n->vqs); qemu_del_nic(n->nic); virtio_cleanup(vdev); - - return 0; } static void virtio_net_instance_init(Object *obj) @@ -1638,10 +1635,10 @@ static void virtio_net_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); - dc->exit = virtio_net_device_exit; dc->props = virtio_net_properties; set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); vdc->init = virtio_net_device_init; + vdc->exit = virtio_net_device_exit; vdc->get_config = virtio_net_get_config; vdc->set_config = virtio_net_set_config; vdc->get_features = virtio_net_get_features; From 478f1f6ccfc4195d6ad136e1108199c091214c9f Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 14:06:08 +0200 Subject: [PATCH 009/219] virtio-scsi: switch exit callback to VirtioDeviceClass This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit e3c9d76acc984218264bbc6435b0c09f959ed9b8) Signed-off-by: Michael Roth --- hw/scsi/vhost-scsi.c | 11 +++++------ hw/scsi/virtio-scsi.c | 15 +++++++-------- include/hw/virtio/virtio-scsi.h | 2 +- 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c index 9e770fba98..5e3cc614c9 100644 --- a/hw/scsi/vhost-scsi.c +++ b/hw/scsi/vhost-scsi.c @@ -240,11 +240,10 @@ static int vhost_scsi_init(VirtIODevice *vdev) return 0; } -static int vhost_scsi_exit(DeviceState *qdev) +static void vhost_scsi_exit(VirtIODevice *vdev) { - VirtIODevice *vdev = VIRTIO_DEVICE(qdev); - VHostSCSI *s = VHOST_SCSI(qdev); - VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev); + VHostSCSI *s = VHOST_SCSI(vdev); + VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev); migrate_del_blocker(s->migration_blocker); error_free(s->migration_blocker); @@ -253,7 +252,7 @@ static int vhost_scsi_exit(DeviceState *qdev) vhost_scsi_set_status(vdev, 0); g_free(s->dev.vqs); - return virtio_scsi_common_exit(vs); + virtio_scsi_common_exit(vs); } static Property vhost_scsi_properties[] = { @@ -265,10 +264,10 @@ static void vhost_scsi_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); - dc->exit = vhost_scsi_exit; dc->props = vhost_scsi_properties; set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); vdc->init = vhost_scsi_init; + vdc->exit = vhost_scsi_exit; vdc->get_features = vhost_scsi_get_features; vdc->set_config = vhost_scsi_set_config; vdc->set_status = vhost_scsi_set_status; diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 26d95a14ec..83344eacc0 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -644,22 +644,21 @@ static int virtio_scsi_device_init(VirtIODevice *vdev) return 0; } -int virtio_scsi_common_exit(VirtIOSCSICommon *vs) +void virtio_scsi_common_exit(VirtIOSCSICommon *vs) { VirtIODevice *vdev = VIRTIO_DEVICE(vs); g_free(vs->cmd_vqs); virtio_cleanup(vdev); - return 0; } -static int virtio_scsi_device_exit(DeviceState *qdev) +static void virtio_scsi_device_exit(VirtIODevice *vdev) { - VirtIOSCSI *s = VIRTIO_SCSI(qdev); - VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(qdev); + VirtIOSCSI *s = VIRTIO_SCSI(vdev); + VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev); - unregister_savevm(qdev, "virtio-scsi", s); - return virtio_scsi_common_exit(vs); + unregister_savevm(DEVICE(vdev), "virtio-scsi", s); + virtio_scsi_common_exit(vs); } static Property virtio_scsi_properties[] = { @@ -680,10 +679,10 @@ static void virtio_scsi_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); - dc->exit = virtio_scsi_device_exit; dc->props = virtio_scsi_properties; set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); vdc->init = virtio_scsi_device_init; + vdc->exit = virtio_scsi_device_exit; vdc->set_config = virtio_scsi_set_config; vdc->get_features = virtio_scsi_get_features; vdc->reset = virtio_scsi_reset; diff --git a/include/hw/virtio/virtio-scsi.h b/include/hw/virtio/virtio-scsi.h index 9a985403c2..206c61dbfd 100644 --- a/include/hw/virtio/virtio-scsi.h +++ b/include/hw/virtio/virtio-scsi.h @@ -187,6 +187,6 @@ typedef struct { VIRTIO_SCSI_F_CHANGE, true) int virtio_scsi_common_init(VirtIOSCSICommon *vs); -int virtio_scsi_common_exit(VirtIOSCSICommon *vs); +void virtio_scsi_common_exit(VirtIOSCSICommon *vs); #endif /* _QEMU_VIRTIO_SCSI_H */ From def56d28cfc58ffd6945947421447ab6cd6c73de Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 14:06:08 +0200 Subject: [PATCH 010/219] virtio-balloon: switch exit callback to VirtioDeviceClass This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit baa61b9870dd7e0bb07e0ae61c6ec805db13f699) Signed-off-by: Michael Roth --- hw/virtio/virtio-balloon.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index 9504877120..d7a392db1d 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -370,16 +370,14 @@ static int virtio_balloon_device_init(VirtIODevice *vdev) return 0; } -static int virtio_balloon_device_exit(DeviceState *qdev) +static void virtio_balloon_device_exit(VirtIODevice *vdev) { - VirtIOBalloon *s = VIRTIO_BALLOON(qdev); - VirtIODevice *vdev = VIRTIO_DEVICE(qdev); + VirtIOBalloon *s = VIRTIO_BALLOON(vdev); balloon_stats_destroy_timer(s); qemu_remove_balloon_handler(s); - unregister_savevm(qdev, "virtio-balloon", s); + unregister_savevm(DEVICE(vdev), "virtio-balloon", s); virtio_cleanup(vdev); - return 0; } static Property virtio_balloon_properties[] = { @@ -390,10 +388,10 @@ static void virtio_balloon_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); - dc->exit = virtio_balloon_device_exit; dc->props = virtio_balloon_properties; set_bit(DEVICE_CATEGORY_MISC, dc->categories); vdc->init = virtio_balloon_device_init; + vdc->exit = virtio_balloon_device_exit; vdc->get_config = virtio_balloon_get_config; vdc->set_config = virtio_balloon_set_config; vdc->get_features = virtio_balloon_get_features; From 3220207c276500cc335476f95c6e35c80709bc34 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 14:06:08 +0200 Subject: [PATCH 011/219] virtio-rng: switch exit callback to VirtioDeviceClass This ensures hot-unplug is handled properly by the proxy, and avoids leaking bus_name which is freed by virtio_device_exit. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 7bb6edb0e3dd78d74e0ac980cf6c0a07307f61bf) Signed-off-by: Michael Roth --- hw/virtio/virtio-rng.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c index b22ccf1008..42ca56843b 100644 --- a/hw/virtio/virtio-rng.c +++ b/hw/virtio/virtio-rng.c @@ -190,16 +190,14 @@ static int virtio_rng_device_init(VirtIODevice *vdev) return 0; } -static int virtio_rng_device_exit(DeviceState *qdev) +static void virtio_rng_device_exit(VirtIODevice *vdev) { - VirtIORNG *vrng = VIRTIO_RNG(qdev); - VirtIODevice *vdev = VIRTIO_DEVICE(qdev); + VirtIORNG *vrng = VIRTIO_RNG(vdev); timer_del(vrng->rate_limit_timer); timer_free(vrng->rate_limit_timer); - unregister_savevm(qdev, "virtio-rng", vrng); + unregister_savevm(DEVICE(vdev), "virtio-rng", vrng); virtio_cleanup(vdev); - return 0; } static Property virtio_rng_properties[] = { @@ -211,10 +209,10 @@ static void virtio_rng_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); - dc->exit = virtio_rng_device_exit; dc->props = virtio_rng_properties; set_bit(DEVICE_CATEGORY_MISC, dc->categories); vdc->init = virtio_rng_device_init; + vdc->exit = virtio_rng_device_exit; vdc->get_features = get_features; } From 810766d9dd78ebe61891deff6b73efa85934c260 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 20 Sep 2013 14:10:26 +0200 Subject: [PATCH 012/219] virtio-pci: add device_unplugged callback This fixes a crash in hot-unplug of virtio-pci devices behind a PCIe switch. The crash happens because the ioeventfd is still set whent the child is destroyed (destruction happens in postorder). Then the proxy tries to unset to ioeventfd, but the virtqueue structure that holds the EventNotifier has been trashed in the meanwhile. kvm_set_ioeventfd_pio does not expect failure and aborts. The fix is simply to move parts of uninitialization to a new device_unplugged callback, which is called before the child is destroyed. Cc: qemu-stable@nongnu.org Acked-by: Andreas Faerber Signed-off-by: Paolo Bonzini (cherry picked from commit 06a1307379fcd6c551185ad87679cd7ed896b9ea) Signed-off-by: Michael Roth --- hw/virtio/virtio-pci.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 15b92e918b..30c9f2b698 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -1002,6 +1002,15 @@ static void virtio_pci_device_plugged(DeviceState *d) proxy->host_features); } +static void virtio_pci_device_unplugged(DeviceState *d) +{ + PCIDevice *pci_dev = PCI_DEVICE(d); + VirtIOPCIProxy *proxy = VIRTIO_PCI(d); + + virtio_pci_stop_ioeventfd(proxy); + msix_uninit_exclusive_bar(pci_dev); +} + static int virtio_pci_init(PCIDevice *pci_dev) { VirtIOPCIProxy *dev = VIRTIO_PCI(pci_dev); @@ -1016,9 +1025,7 @@ static int virtio_pci_init(PCIDevice *pci_dev) static void virtio_pci_exit(PCIDevice *pci_dev) { VirtIOPCIProxy *proxy = VIRTIO_PCI(pci_dev); - virtio_pci_stop_ioeventfd(proxy); memory_region_destroy(&proxy->bar); - msix_uninit_exclusive_bar(pci_dev); } static void virtio_pci_reset(DeviceState *qdev) @@ -1553,6 +1560,7 @@ static void virtio_pci_bus_class_init(ObjectClass *klass, void *data) k->set_guest_notifiers = virtio_pci_set_guest_notifiers; k->vmstate_change = virtio_pci_vmstate_change; k->device_plugged = virtio_pci_device_plugged; + k->device_unplugged = virtio_pci_device_unplugged; } static const TypeInfo virtio_pci_bus_info = { From df3e347891e4aaf84af983f9e3229079f1b9d2c4 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 28 Nov 2013 11:01:13 +0100 Subject: [PATCH 013/219] scsi-bus: fix transfer length and direction for VERIFY command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The amount of bytes to transfer depends on the BYTCHK field. If any data is transferred, it is sent to the device. Cc: qemu-stable@nongnu.org Tested-by: Hervé Poussineau Signed-off-by: Paolo Bonzini (cherry picked from commit d12ad44cc4cc9142179e64295608611f118b8ad8) Signed-off-by: Michael Roth --- hw/scsi/scsi-bus.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index ea916d1466..2d6ce4d6bb 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -886,7 +886,6 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) case RELEASE: case ERASE: case ALLOW_MEDIUM_REMOVAL: - case VERIFY_10: case SEEK_10: case SYNCHRONIZE_CACHE: case SYNCHRONIZE_CACHE_16: @@ -903,6 +902,16 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) case ALLOW_OVERWRITE: cmd->xfer = 0; break; + case VERIFY_10: + case VERIFY_12: + case VERIFY_16: + if ((buf[1] & 2) == 0) { + cmd->xfer = 0; + } else if ((buf[1] & 4) == 1) { + cmd->xfer = 1; + } + cmd->xfer *= dev->blocksize; + break; case MODE_SENSE: break; case WRITE_SAME_10: @@ -1100,6 +1109,9 @@ static void scsi_cmd_xfer_mode(SCSICommand *cmd) case WRITE_VERIFY_12: case WRITE_16: case WRITE_VERIFY_16: + case VERIFY_10: + case VERIFY_12: + case VERIFY_16: case COPY: case COPY_VERIFY: case COMPARE: From 30a08ab4e15a5fc810c9b4541456d2ebac68c646 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 28 Nov 2013 11:18:56 +0100 Subject: [PATCH 014/219] scsi-disk: fix VERIFY emulation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit VERIFY emulation was completely botched (and remained botched through all the refactorings). The command must be emulated both in check-medium mode (BYTCHK=00, which we implement by doing nothing) and in check-bytes mode (which we do not implement yet). Unlike WRITE AND VERIFY (which we treat simply as WRITE with FUA bit set), VERIFY cannot be handled like READ. In fact the device is _receiving_ data for VERIFY, not _sending_ it like READ. Cc: qemu-stable@nongnu.org Tested-by: Hervé Poussineau Signed-off-by: Paolo Bonzini (cherry picked from commit d97e7730816094a71cd1f19a56d7a73f77cdbf96) Conflicts: hw/scsi/scsi-disk.c *fixed up WRITE_SAME_* conflicts due to 84f94a9a not being in 1.7.0 Signed-off-by: Michael Roth --- hw/scsi/scsi-disk.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 74e6a14c29..1fd1c26513 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -1597,6 +1597,14 @@ static void scsi_disk_emulate_write_data(SCSIRequest *req) scsi_disk_emulate_unmap(r, r->iov.iov_base); break; + case VERIFY_10: + case VERIFY_12: + case VERIFY_16: + if (r->req.status == -1) { + scsi_check_condition(r, SENSE_CODE(INVALID_FIELD)); + } + break; + default: abort(); } @@ -1837,6 +1845,14 @@ static int32_t scsi_disk_emulate_command(SCSIRequest *req, uint8_t *buf) case UNMAP: DPRINTF("Unmap (len %lu)\n", (long)r->req.cmd.xfer); break; + case VERIFY_10: + case VERIFY_12: + case VERIFY_16: + DPRINTF("Verify (bytchk %lu)\n", (r->req.buf[1] >> 1) & 3); + if (req->cmd.buf[1] & 6) { + goto illegal_request; + } + break; case WRITE_SAME_10: case WRITE_SAME_16: nb_sectors = scsi_data_cdb_length(r->req.cmd.buf); @@ -1936,10 +1952,6 @@ static int32_t scsi_disk_dma_command(SCSIRequest *req, uint8_t *buf) scsi_check_condition(r, SENSE_CODE(WRITE_PROTECTED)); return 0; } - /* fallthrough */ - case VERIFY_10: - case VERIFY_12: - case VERIFY_16: DPRINTF("Write %s(sector %" PRId64 ", count %u)\n", (command & 0xe) == 0xe ? "And Verify " : "", r->req.cmd.lba, len); @@ -2207,14 +2219,14 @@ static const SCSIReqOps *const scsi_disk_reqops_dispatch[256] = { [UNMAP] = &scsi_disk_emulate_reqops, [WRITE_SAME_10] = &scsi_disk_emulate_reqops, [WRITE_SAME_16] = &scsi_disk_emulate_reqops, + [VERIFY_10] = &scsi_disk_emulate_reqops, + [VERIFY_12] = &scsi_disk_emulate_reqops, + [VERIFY_16] = &scsi_disk_emulate_reqops, [READ_6] = &scsi_disk_dma_reqops, [READ_10] = &scsi_disk_dma_reqops, [READ_12] = &scsi_disk_dma_reqops, [READ_16] = &scsi_disk_dma_reqops, - [VERIFY_10] = &scsi_disk_dma_reqops, - [VERIFY_12] = &scsi_disk_dma_reqops, - [VERIFY_16] = &scsi_disk_dma_reqops, [WRITE_6] = &scsi_disk_dma_reqops, [WRITE_10] = &scsi_disk_dma_reqops, [WRITE_12] = &scsi_disk_dma_reqops, From 97f74de48cbedeb2555ddf85c2cfe822ef8eadb2 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 29 Nov 2013 14:25:33 +0100 Subject: [PATCH 015/219] intel-hda: fix position buffer Fix position buffer updates to use the correct stream offset. Without this patch both IN (record) and OUT (playback) streams will update the IN buffer positions. The linux kernel notices and complains: hda-intel: Invalid position buffer, using LPIB read method instead. The bug may also lead to glitches when recording and playing at the same time: https://bugzilla.redhat.com/show_bug.cgi?id=947785 Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann (cherry picked from commit d58ce68a454e5ae9cbde0308def379e272f13b10) Signed-off-by: Michael Roth --- hw/audio/intel-hda.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c index 4327264394..6ab8c245d3 100644 --- a/hw/audio/intel-hda.c +++ b/hw/audio/intel-hda.c @@ -444,6 +444,7 @@ static bool intel_hda_xfer(HDACodecDevice *dev, uint32_t stnr, bool output, } } if (d->dp_lbase & 0x01) { + s = st - d->st; addr = intel_hda_addr(d->dp_lbase & ~0x01, d->dp_ubase); stl_le_pci_dma(&d->pci, addr + 8*s, st->lpib); } From 8fa58fe91014abfde61c759e805b8a3bda33bef0 Mon Sep 17 00:00:00 2001 From: Marcel Apfelbaum Date: Mon, 2 Dec 2013 16:20:59 +0200 Subject: [PATCH 016/219] memory.c: bugfix - ref counting mismatch in memory_region_find 'address_space_get_flatview' gets a reference to a FlatView. If the flatview lookup fails, the code returns without "unreferencing" the view. Cc: qemu-stable@nongnu.org Signed-off-by: Marcel Apfelbaum Reviewed-by: Paolo Bonzini Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 6307d974f9a28bb6652352f52da97f820427d29d) Signed-off-by: Michael Roth --- memory.c | 1 + 1 file changed, 1 insertion(+) diff --git a/memory.c b/memory.c index 28f64491d0..776431416f 100644 --- a/memory.c +++ b/memory.c @@ -1596,6 +1596,7 @@ MemoryRegionSection memory_region_find(MemoryRegion *mr, view = address_space_get_flatview(as); fr = flatview_lookup(view, range); if (!fr) { + flatview_unref(view); return ret; } From 2dc79753001520d94ed0373357a1be88a02a015a Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Wed, 27 Nov 2013 20:27:33 -0800 Subject: [PATCH 017/219] qom: Split out object and class caches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The object-cast and class-cast caches cannot be shared because class caching is conditional on the target type not being an interface and object caching is unconditional. Leads to a bug when a class cast to an interface follows an object cast to the same interface type: FooObject = FOO(obj); FooClass = FOO_GET_CLASS(obj); Where TYPE_FOO is an interface. The first (object) cast will be successful and cache the casting result (i.e. TYPE_FOO will be cached). The second (class) cast will then check the shared cast cache and register a hit. The issue is, when a class cast hits in the cache it just returns a pointer cast of the input class (i.e. the concrete class). When casting to an interface, the cast itself must return the interface class, not the concrete class. The implementation of class cast caching already ensures that the returned cast result is only a pointer cast before caching. The object cast logic however does not have this check. Resolve by just splitting the object and class caches. Cc: qemu-stable@nongnu.org Signed-off-by: Peter Crosthwaite Reviewed-by: Paolo Bonzini Tested-by: Nathan Rossi Reviewed-by: Edgar E. Iglesias Signed-off-by: Andreas Färber (cherry picked from commit 0ab4c94c844cb3953adedbd27adc378b3cf31d9e) Signed-off-by: Michael Roth --- include/qom/object.h | 3 ++- qom/object.c | 13 +++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/qom/object.h b/include/qom/object.h index a275db2092..5f78847d68 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -358,7 +358,8 @@ struct ObjectClass Type type; GSList *interfaces; - const char *cast_cache[OBJECT_CLASS_CAST_CACHE]; + const char *object_cast_cache[OBJECT_CLASS_CAST_CACHE]; + const char *class_cast_cache[OBJECT_CLASS_CAST_CACHE]; ObjectUnparent *unparent; }; diff --git a/qom/object.c b/qom/object.c index fc19cf676a..21b5a0bbe1 100644 --- a/qom/object.c +++ b/qom/object.c @@ -458,7 +458,7 @@ Object *object_dynamic_cast_assert(Object *obj, const char *typename, Object *inst; for (i = 0; obj && i < OBJECT_CLASS_CAST_CACHE; i++) { - if (obj->class->cast_cache[i] == typename) { + if (obj->class->object_cast_cache[i] == typename) { goto out; } } @@ -475,9 +475,10 @@ Object *object_dynamic_cast_assert(Object *obj, const char *typename, if (obj && obj == inst) { for (i = 1; i < OBJECT_CLASS_CAST_CACHE; i++) { - obj->class->cast_cache[i - 1] = obj->class->cast_cache[i]; + obj->class->object_cast_cache[i - 1] = + obj->class->object_cast_cache[i]; } - obj->class->cast_cache[i - 1] = typename; + obj->class->object_cast_cache[i - 1] = typename; } out: @@ -547,7 +548,7 @@ ObjectClass *object_class_dynamic_cast_assert(ObjectClass *class, int i; for (i = 0; class && i < OBJECT_CLASS_CAST_CACHE; i++) { - if (class->cast_cache[i] == typename) { + if (class->class_cast_cache[i] == typename) { ret = class; goto out; } @@ -568,9 +569,9 @@ ObjectClass *object_class_dynamic_cast_assert(ObjectClass *class, #ifdef CONFIG_QOM_CAST_DEBUG if (class && ret == class) { for (i = 1; i < OBJECT_CLASS_CAST_CACHE; i++) { - class->cast_cache[i - 1] = class->cast_cache[i]; + class->class_cast_cache[i - 1] = class->class_cast_cache[i]; } - class->cast_cache[i - 1] = typename; + class->class_cast_cache[i - 1] = typename; } out: #endif From f227ed1842180b0faeef0b4f9cde184cfd46cafc Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Mon, 25 Nov 2013 14:42:43 -0500 Subject: [PATCH 018/219] migration: Fix rate limit The migration thread appears to want to allow writeout to occur at full speed rather than being rate limited during completion of state saving, but sets the limit to INT_MAX when xfer_limit is INT64_MAX. This causes problems if there's more than 2GB of state left to save at this point. It probably ought to just be INT64_MAX instead. Signed-off-by: Matthew Garrett Reviewed-by: Paolo Bonzini Signed-off-by: Juan Quintela (cherry picked from commit 40596834c0d57a223124a956ccbe39dfeadc9f0e) Signed-off-by: Michael Roth --- migration.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/migration.c b/migration.c index 2b1ab20c54..ff00bfbe36 100644 --- a/migration.c +++ b/migration.c @@ -583,7 +583,7 @@ static void *migration_thread(void *opaque) ret = vm_stop_force_state(RUN_STATE_FINISH_MIGRATE); if (ret >= 0) { - qemu_file_set_rate_limit(s->file, INT_MAX); + qemu_file_set_rate_limit(s->file, INT64_MAX); qemu_savevm_state_complete(s->file); } qemu_mutex_unlock_iothread(); From 50a203c3b926466c59f122943804c6bc36256848 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 3 Dec 2013 13:00:15 +0100 Subject: [PATCH 019/219] vl: add missing transition debug->finish_migrate This fixes an abort if you invoke the "migrate" command while the guest is being debugged. Cc: qemu-stable@nongnu.org Cc: lcapitulino@redhat.com Signed-off-by: Paolo Bonzini Signed-off-by: Luiz Capitulino (cherry picked from commit eca01d3a93be4041ac5858ef7676e60352e9c2ed) Signed-off-by: Michael Roth --- vl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/vl.c b/vl.c index 8d5d874e68..31e3411cb1 100644 --- a/vl.c +++ b/vl.c @@ -589,6 +589,7 @@ typedef struct { static const RunStateTransition runstate_transitions_def[] = { /* from -> to */ { RUN_STATE_DEBUG, RUN_STATE_RUNNING }, + { RUN_STATE_DEBUG, RUN_STATE_FINISH_MIGRATE }, { RUN_STATE_INMIGRATE, RUN_STATE_RUNNING }, { RUN_STATE_INMIGRATE, RUN_STATE_PAUSED }, From b8fca09eecd364e79f29294aa5366718ffc9469a Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 6 Dec 2013 13:52:24 +0100 Subject: [PATCH 020/219] x86: only allow real mode to access 32bit without LMA When we're running in non-64bit mode with qemu-system-x86_64 we can still end up with virtual addresses that are above the 32bit boundary if a segment offset is set up. GNU Hurd does exactly that. It sets the segment offset to 0x80000000 and puts its EIP value to 0x8xxxxxxx to access low memory. This doesn't hit us when we enable paging, as there we just mask away the unused bits. But with real mode, we assume that vaddr == paddr which is wrong in this case. Real hardware wraps the virtual address around at the 32bit boundary. So let's do the same. This fixes booting GNU Hurd in qemu-system-x86_64 for me. Reported-by: Michael Tokarev Signed-off-by: Alexander Graf Reviewed-by: Richard Henderson Signed-off-by: Michael Tokarev (cherry picked from commit 33dfdb56f2f3c8686d218395b871ec12fd5bf30b) Signed-off-by: Michael Roth --- target-i386/helper.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/target-i386/helper.c b/target-i386/helper.c index 7c196ffc42..ed965d634d 100644 --- a/target-i386/helper.c +++ b/target-i386/helper.c @@ -531,6 +531,12 @@ int cpu_x86_handle_mmu_fault(CPUX86State *env, target_ulong addr, if (!(env->cr[0] & CR0_PG_MASK)) { pte = addr; +#ifdef TARGET_X86_64 + if (!(env->hflags & HF_LMA_MASK)) { + /* Without long mode we can only address 32bits in real mode */ + pte = (uint32_t)pte; + } +#endif virt_addr = addr & TARGET_PAGE_MASK; prot = PAGE_READ | PAGE_WRITE | PAGE_EXEC; page_size = 4096; From 29b0fcc181341bf1308a7c7645401815d5834232 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Thu, 28 Nov 2013 17:02:24 +0100 Subject: [PATCH 021/219] qdev-monitor: Avoid device_add crashing on non-device driver name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Watch this: $ upstream-qemu -nodefaults -S -display none -monitor stdio QEMU 1.7.50 monitor - type 'help' for more information (qemu) device_add rng-egd /work/armbru/qemu/qdev-monitor.c:491:qdev_device_add: Object 0x2089b00 is not an instance of type device Aborted (core dumped) Crashes because "rng-egd" exists, but isn't a subtype of TYPE_DEVICE. Broken in commit 18b6dad. Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster Signed-off-by: Andreas Färber (cherry picked from commit 061e84f7a469ad1f94f3b5f6a5361b346ab990e8) Signed-off-by: Michael Roth --- qdev-monitor.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qdev-monitor.c b/qdev-monitor.c index dc37a43dd9..90a0cea308 100644 --- a/qdev-monitor.c +++ b/qdev-monitor.c @@ -477,7 +477,7 @@ DeviceState *qdev_device_add(QemuOpts *opts) } } - if (!oc) { + if (!object_class_dynamic_cast(oc, TYPE_DEVICE)) { qerror_report(QERR_INVALID_PARAMETER_VALUE, "driver", "device type"); return NULL; } From e480a1b8ff8292c6d014b930dff0ffbcaf14508a Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 7 Nov 2013 17:14:36 +0100 Subject: [PATCH 022/219] split definitions for exec.c and translate-all.c radix trees The exec.c and translate-all.c radix trees are quite different, and the exec.c one in particular is not limited to the CPU---it can be used also by devices that do DMA, and in that case the address space is not limited to TARGET_PHYS_ADDR_SPACE_BITS bits. We want to make exec.c's radix trees 64-bit wide. As a first step, stop sharing the constants between exec.c and translate-all.c. exec.c gets P_L2_* constants, translate-all.c gets V_L2_*, for consistency with the existing V_L1_* symbols. Though actually in the softmmu case translate-all.c is also indexed by physical addresses... This patch has no semantic change. Signed-off-by: Paolo Bonzini Signed-off-by: Michael S. Tsirkin (cherry picked from commit 03f4995781a64e106e6f73864a1e9c4163dac53b) *prereq for 53cb28c backport Signed-off-by: Michael Roth --- exec.c | 29 +++++++++++++++++++++-------- translate-all.c | 32 ++++++++++++++++++-------------- translate-all.h | 7 ------- 3 files changed, 39 insertions(+), 29 deletions(-) diff --git a/exec.c b/exec.c index 95c4356c65..e3feaeceda 100644 --- a/exec.c +++ b/exec.c @@ -88,7 +88,15 @@ struct PhysPageEntry { uint16_t ptr : 15; }; -typedef PhysPageEntry Node[L2_SIZE]; +/* Size of the L2 (and L3, etc) page tables. */ +#define ADDR_SPACE_BITS TARGET_PHYS_ADDR_SPACE_BITS + +#define P_L2_BITS 10 +#define P_L2_SIZE (1 << P_L2_BITS) + +#define P_L2_LEVELS (((ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / P_L2_BITS) + 1) + +typedef PhysPageEntry Node[P_L2_SIZE]; struct AddressSpaceDispatch { /* This is a multi-level map on the physical address space. @@ -155,7 +163,7 @@ static uint16_t phys_map_node_alloc(void) ret = next_map.nodes_nb++; assert(ret != PHYS_MAP_NODE_NIL); assert(ret != next_map.nodes_nb_alloc); - for (i = 0; i < L2_SIZE; ++i) { + for (i = 0; i < P_L2_SIZE; ++i) { next_map.nodes[ret][i].is_leaf = 0; next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL; } @@ -168,13 +176,13 @@ static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, { PhysPageEntry *p; int i; - hwaddr step = (hwaddr)1 << (level * L2_BITS); + hwaddr step = (hwaddr)1 << (level * P_L2_BITS); if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) { lp->ptr = phys_map_node_alloc(); p = next_map.nodes[lp->ptr]; if (level == 0) { - for (i = 0; i < L2_SIZE; i++) { + for (i = 0; i < P_L2_SIZE; i++) { p[i].is_leaf = 1; p[i].ptr = PHYS_SECTION_UNASSIGNED; } @@ -182,9 +190,9 @@ static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, } else { p = next_map.nodes[lp->ptr]; } - lp = &p[(*index >> (level * L2_BITS)) & (L2_SIZE - 1)]; + lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)]; - while (*nb && lp < &p[L2_SIZE]) { + while (*nb && lp < &p[P_L2_SIZE]) { if ((*index & (step - 1)) == 0 && *nb >= step) { lp->is_leaf = true; lp->ptr = leaf; @@ -218,7 +226,7 @@ static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index, return §ions[PHYS_SECTION_UNASSIGNED]; } p = nodes[lp.ptr]; - lp = p[(index >> (i * L2_BITS)) & (L2_SIZE - 1)]; + lp = p[(index >> (i * P_L2_BITS)) & (P_L2_SIZE - 1)]; } return §ions[lp.ptr]; } @@ -1743,7 +1751,12 @@ void address_space_destroy_dispatch(AddressSpace *as) static void memory_map_init(void) { system_memory = g_malloc(sizeof(*system_memory)); - memory_region_init(system_memory, NULL, "system", INT64_MAX); + + assert(ADDR_SPACE_BITS <= 64); + + memory_region_init(system_memory, NULL, "system", + ADDR_SPACE_BITS == 64 ? + UINT64_MAX : (0x1ULL << ADDR_SPACE_BITS)); address_space_init(&address_space_memory, system_memory, "memory"); system_io = g_malloc(sizeof(*system_io)); diff --git a/translate-all.c b/translate-all.c index aeda54dfbd..1c63d78b7d 100644 --- a/translate-all.c +++ b/translate-all.c @@ -96,12 +96,16 @@ typedef struct PageDesc { # define L1_MAP_ADDR_SPACE_BITS TARGET_VIRT_ADDR_SPACE_BITS #endif +/* Size of the L2 (and L3, etc) page tables. */ +#define V_L2_BITS 10 +#define V_L2_SIZE (1 << V_L2_BITS) + /* The bits remaining after N lower levels of page tables. */ #define V_L1_BITS_REM \ - ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % L2_BITS) + ((L1_MAP_ADDR_SPACE_BITS - TARGET_PAGE_BITS) % V_L2_BITS) #if V_L1_BITS_REM < 4 -#define V_L1_BITS (V_L1_BITS_REM + L2_BITS) +#define V_L1_BITS (V_L1_BITS_REM + V_L2_BITS) #else #define V_L1_BITS V_L1_BITS_REM #endif @@ -395,18 +399,18 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) lp = l1_map + ((index >> V_L1_SHIFT) & (V_L1_SIZE - 1)); /* Level 2..N-1. */ - for (i = V_L1_SHIFT / L2_BITS - 1; i > 0; i--) { + for (i = V_L1_SHIFT / V_L2_BITS - 1; i > 0; i--) { void **p = *lp; if (p == NULL) { if (!alloc) { return NULL; } - ALLOC(p, sizeof(void *) * L2_SIZE); + ALLOC(p, sizeof(void *) * V_L2_SIZE); *lp = p; } - lp = p + ((index >> (i * L2_BITS)) & (L2_SIZE - 1)); + lp = p + ((index >> (i * V_L2_BITS)) & (V_L2_SIZE - 1)); } pd = *lp; @@ -414,13 +418,13 @@ static PageDesc *page_find_alloc(tb_page_addr_t index, int alloc) if (!alloc) { return NULL; } - ALLOC(pd, sizeof(PageDesc) * L2_SIZE); + ALLOC(pd, sizeof(PageDesc) * V_L2_SIZE); *lp = pd; } #undef ALLOC - return pd + (index & (L2_SIZE - 1)); + return pd + (index & (V_L2_SIZE - 1)); } static inline PageDesc *page_find(tb_page_addr_t index) @@ -655,14 +659,14 @@ static void page_flush_tb_1(int level, void **lp) if (level == 0) { PageDesc *pd = *lp; - for (i = 0; i < L2_SIZE; ++i) { + for (i = 0; i < V_L2_SIZE; ++i) { pd[i].first_tb = NULL; invalidate_page_bitmap(pd + i); } } else { void **pp = *lp; - for (i = 0; i < L2_SIZE; ++i) { + for (i = 0; i < V_L2_SIZE; ++i) { page_flush_tb_1(level - 1, pp + i); } } @@ -673,7 +677,7 @@ static void page_flush_tb(void) int i; for (i = 0; i < V_L1_SIZE; i++) { - page_flush_tb_1(V_L1_SHIFT / L2_BITS - 1, l1_map + i); + page_flush_tb_1(V_L1_SHIFT / V_L2_BITS - 1, l1_map + i); } } @@ -1600,7 +1604,7 @@ static int walk_memory_regions_1(struct walk_memory_regions_data *data, if (level == 0) { PageDesc *pd = *lp; - for (i = 0; i < L2_SIZE; ++i) { + for (i = 0; i < V_L2_SIZE; ++i) { int prot = pd[i].flags; pa = base | (i << TARGET_PAGE_BITS); @@ -1614,9 +1618,9 @@ static int walk_memory_regions_1(struct walk_memory_regions_data *data, } else { void **pp = *lp; - for (i = 0; i < L2_SIZE; ++i) { + for (i = 0; i < V_L2_SIZE; ++i) { pa = base | ((abi_ulong)i << - (TARGET_PAGE_BITS + L2_BITS * level)); + (TARGET_PAGE_BITS + V_L2_BITS * level)); rc = walk_memory_regions_1(data, pa, level - 1, pp + i); if (rc != 0) { return rc; @@ -1639,7 +1643,7 @@ int walk_memory_regions(void *priv, walk_memory_regions_fn fn) for (i = 0; i < V_L1_SIZE; i++) { int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT, - V_L1_SHIFT / L2_BITS - 1, l1_map + i); + V_L1_SHIFT / V_L2_BITS - 1, l1_map + i); if (rc != 0) { return rc; diff --git a/translate-all.h b/translate-all.h index 5c38819eb8..f7e5932d65 100644 --- a/translate-all.h +++ b/translate-all.h @@ -19,13 +19,6 @@ #ifndef TRANSLATE_ALL_H #define TRANSLATE_ALL_H -/* Size of the L2 (and L3, etc) page tables. */ -#define L2_BITS 10 -#define L2_SIZE (1 << L2_BITS) - -#define P_L2_LEVELS \ - (((TARGET_PHYS_ADDR_SPACE_BITS - TARGET_PAGE_BITS - 1) / L2_BITS) + 1) - /* translate-all.c */ void tb_invalidate_phys_page_fast(tb_page_addr_t start, int len); void cpu_unlink_tb(CPUState *cpu); From 6a108c4802809f9f3c7e5cc49724f5131acb5bb8 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 11 Nov 2013 14:42:43 +0200 Subject: [PATCH 023/219] exec: replace leaf with skip In preparation for dynamic radix tree depth support, rename is_leaf field to skip, telling us how many bits to skip to next level. Set to 0 for leaf. Signed-off-by: Michael S. Tsirkin (cherry picked from commit 9736e55b78dc49b7f3a265932ab32ed360f633e4) *prereq for 53cb28c backport Signed-off-by: Michael Roth --- exec.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/exec.c b/exec.c index e3feaeceda..885e329cc0 100644 --- a/exec.c +++ b/exec.c @@ -83,8 +83,9 @@ int use_icount; typedef struct PhysPageEntry PhysPageEntry; struct PhysPageEntry { - uint16_t is_leaf : 1; - /* index into phys_sections (is_leaf) or phys_map_nodes (!is_leaf) */ + /* How many bits skip to next level (in units of L2_SIZE). 0 for a leaf. */ + uint16_t skip : 1; + /* index into phys_sections (!skip) or phys_map_nodes (skip) */ uint16_t ptr : 15; }; @@ -164,7 +165,7 @@ static uint16_t phys_map_node_alloc(void) assert(ret != PHYS_MAP_NODE_NIL); assert(ret != next_map.nodes_nb_alloc); for (i = 0; i < P_L2_SIZE; ++i) { - next_map.nodes[ret][i].is_leaf = 0; + next_map.nodes[ret][i].skip = 1; next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL; } return ret; @@ -178,12 +179,12 @@ static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, int i; hwaddr step = (hwaddr)1 << (level * P_L2_BITS); - if (!lp->is_leaf && lp->ptr == PHYS_MAP_NODE_NIL) { + if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) { lp->ptr = phys_map_node_alloc(); p = next_map.nodes[lp->ptr]; if (level == 0) { for (i = 0; i < P_L2_SIZE; i++) { - p[i].is_leaf = 1; + p[i].skip = 0; p[i].ptr = PHYS_SECTION_UNASSIGNED; } } @@ -194,7 +195,7 @@ static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, while (*nb && lp < &p[P_L2_SIZE]) { if ((*index & (step - 1)) == 0 && *nb >= step) { - lp->is_leaf = true; + lp->skip = 0; lp->ptr = leaf; *index += step; *nb -= step; @@ -221,7 +222,7 @@ static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index, PhysPageEntry *p; int i; - for (i = P_L2_LEVELS - 1; i >= 0 && !lp.is_leaf; i--) { + for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) { if (lp.ptr == PHYS_MAP_NODE_NIL) { return §ions[PHYS_SECTION_UNASSIGNED]; } @@ -1646,7 +1647,7 @@ static void mem_begin(MemoryListener *listener) AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener); AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1); - d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .is_leaf = 0 }; + d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 }; d->as = as; as->next_dispatch = d; } From 4c3e00d83f19206cd916edb3d6869478dcbc3ab0 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Wed, 13 Nov 2013 20:08:19 +0200 Subject: [PATCH 024/219] exec: pass hw address to phys_page_find callers always shift by target page bits so let's just do this internally. Signed-off-by: Michael S. Tsirkin (cherry picked from commit 97115a8d4500abeb090b968f01605e0bdafcdfd3) *prereq for 53cb28c backport Signed-off-by: Michael Roth --- exec.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/exec.c b/exec.c index 885e329cc0..283b196778 100644 --- a/exec.c +++ b/exec.c @@ -216,10 +216,11 @@ static void phys_page_set(AddressSpaceDispatch *d, phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1); } -static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr index, +static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr, Node *nodes, MemoryRegionSection *sections) { PhysPageEntry *p; + hwaddr index = addr >> TARGET_PAGE_BITS; int i; for (i = P_L2_LEVELS; lp.skip && (i -= lp.skip) >= 0;) { @@ -245,8 +246,7 @@ static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d, MemoryRegionSection *section; subpage_t *subpage; - section = phys_page_find(d->phys_map, addr >> TARGET_PAGE_BITS, - d->nodes, d->sections); + section = phys_page_find(d->phys_map, addr, d->nodes, d->sections); if (resolve_subpage && section->mr->subpage) { subpage = container_of(section->mr, subpage_t, iomem); section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]]; @@ -802,7 +802,7 @@ static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *secti subpage_t *subpage; hwaddr base = section->offset_within_address_space & TARGET_PAGE_MASK; - MemoryRegionSection *existing = phys_page_find(d->phys_map, base >> TARGET_PAGE_BITS, + MemoryRegionSection *existing = phys_page_find(d->phys_map, base, next_map.nodes, next_map.sections); MemoryRegionSection subsection = { .offset_within_address_space = base, From 44c68b84aed0b642514b75dc980779c79ca37d45 Mon Sep 17 00:00:00 2001 From: Marcel Apfelbaum Date: Sun, 1 Dec 2013 14:02:23 +0200 Subject: [PATCH 025/219] exec: separate sections and nodes per address space Every address space has its own nodes and sections, but it uses the same global arrays of nodes/section. This limits the number of devices that can be attached to the guest to 20-30 devices. It happens because: - The sections array is limited to 2^12 entries. - The main memory has at least 100 sections. - Each device address space is actually an alias to main memory, multiplying its number of nodes/sections. Remove the limitation by using separate arrays of nodes and sections for each address space. Signed-off-by: Marcel Apfelbaum Reviewed-by: Michael S. Tsirkin Reviewed-by: Paolo Bonzini Signed-off-by: Michael S. Tsirkin (cherry picked from commit 53cb28cbfea038f8ad50132dc8a684e638c7d48b) Conflicts: exec.c *removed dependency on b35ba30 Signed-off-by: Michael Roth --- exec.c | 151 ++++++++++++++++++++++++--------------------------------- 1 file changed, 64 insertions(+), 87 deletions(-) diff --git a/exec.c b/exec.c index 283b196778..df94429c46 100644 --- a/exec.c +++ b/exec.c @@ -99,13 +99,21 @@ struct PhysPageEntry { typedef PhysPageEntry Node[P_L2_SIZE]; +typedef struct PhysPageMap { + unsigned sections_nb; + unsigned sections_nb_alloc; + unsigned nodes_nb; + unsigned nodes_nb_alloc; + Node *nodes; + MemoryRegionSection *sections; +} PhysPageMap; + struct AddressSpaceDispatch { /* This is a multi-level map on the physical address space. * The bottom level has pointers to MemoryRegionSections. */ PhysPageEntry phys_map; - Node *nodes; - MemoryRegionSection *sections; + PhysPageMap map; AddressSpace *as; }; @@ -122,18 +130,6 @@ typedef struct subpage_t { #define PHYS_SECTION_ROM 2 #define PHYS_SECTION_WATCH 3 -typedef struct PhysPageMap { - unsigned sections_nb; - unsigned sections_nb_alloc; - unsigned nodes_nb; - unsigned nodes_nb_alloc; - Node *nodes; - MemoryRegionSection *sections; -} PhysPageMap; - -static PhysPageMap *prev_map; -static PhysPageMap next_map; - #define PHYS_MAP_NODE_NIL (((uint16_t)~0) >> 1) static void io_mem_init(void); @@ -144,35 +140,32 @@ static MemoryRegion io_mem_watch; #if !defined(CONFIG_USER_ONLY) -static void phys_map_node_reserve(unsigned nodes) +static void phys_map_node_reserve(PhysPageMap *map, unsigned nodes) { - if (next_map.nodes_nb + nodes > next_map.nodes_nb_alloc) { - next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc * 2, - 16); - next_map.nodes_nb_alloc = MAX(next_map.nodes_nb_alloc, - next_map.nodes_nb + nodes); - next_map.nodes = g_renew(Node, next_map.nodes, - next_map.nodes_nb_alloc); + if (map->nodes_nb + nodes > map->nodes_nb_alloc) { + map->nodes_nb_alloc = MAX(map->nodes_nb_alloc * 2, 16); + map->nodes_nb_alloc = MAX(map->nodes_nb_alloc, map->nodes_nb + nodes); + map->nodes = g_renew(Node, map->nodes, map->nodes_nb_alloc); } } -static uint16_t phys_map_node_alloc(void) +static uint16_t phys_map_node_alloc(PhysPageMap *map) { unsigned i; uint16_t ret; - ret = next_map.nodes_nb++; + ret = map->nodes_nb++; assert(ret != PHYS_MAP_NODE_NIL); - assert(ret != next_map.nodes_nb_alloc); + assert(ret != map->nodes_nb_alloc); for (i = 0; i < P_L2_SIZE; ++i) { - next_map.nodes[ret][i].skip = 1; - next_map.nodes[ret][i].ptr = PHYS_MAP_NODE_NIL; + map->nodes[ret][i].skip = 1; + map->nodes[ret][i].ptr = PHYS_MAP_NODE_NIL; } return ret; } -static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, - hwaddr *nb, uint16_t leaf, +static void phys_page_set_level(PhysPageMap *map, PhysPageEntry *lp, + hwaddr *index, hwaddr *nb, uint16_t leaf, int level) { PhysPageEntry *p; @@ -180,8 +173,8 @@ static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, hwaddr step = (hwaddr)1 << (level * P_L2_BITS); if (lp->skip && lp->ptr == PHYS_MAP_NODE_NIL) { - lp->ptr = phys_map_node_alloc(); - p = next_map.nodes[lp->ptr]; + lp->ptr = phys_map_node_alloc(map); + p = map->nodes[lp->ptr]; if (level == 0) { for (i = 0; i < P_L2_SIZE; i++) { p[i].skip = 0; @@ -189,7 +182,7 @@ static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, } } } else { - p = next_map.nodes[lp->ptr]; + p = map->nodes[lp->ptr]; } lp = &p[(*index >> (level * P_L2_BITS)) & (P_L2_SIZE - 1)]; @@ -200,7 +193,7 @@ static void phys_page_set_level(PhysPageEntry *lp, hwaddr *index, *index += step; *nb -= step; } else { - phys_page_set_level(lp, index, nb, leaf, level - 1); + phys_page_set_level(map, lp, index, nb, leaf, level - 1); } ++lp; } @@ -211,9 +204,9 @@ static void phys_page_set(AddressSpaceDispatch *d, uint16_t leaf) { /* Wildly overreserve - it doesn't matter much. */ - phys_map_node_reserve(3 * P_L2_LEVELS); + phys_map_node_reserve(&d->map, 3 * P_L2_LEVELS); - phys_page_set_level(&d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1); + phys_page_set_level(&d->map, &d->phys_map, &index, &nb, leaf, P_L2_LEVELS - 1); } static MemoryRegionSection *phys_page_find(PhysPageEntry lp, hwaddr addr, @@ -246,10 +239,10 @@ static MemoryRegionSection *address_space_lookup_region(AddressSpaceDispatch *d, MemoryRegionSection *section; subpage_t *subpage; - section = phys_page_find(d->phys_map, addr, d->nodes, d->sections); + section = phys_page_find(d->phys_map, addr, d->map.nodes, d->map.sections); if (resolve_subpage && section->mr->subpage) { subpage = container_of(section->mr, subpage_t, iomem); - section = &d->sections[subpage->sub_section[SUBPAGE_IDX(addr)]]; + section = &d->map.sections[subpage->sub_section[SUBPAGE_IDX(addr)]]; } return section; } @@ -717,7 +710,7 @@ hwaddr memory_region_section_get_iotlb(CPUArchState *env, iotlb |= PHYS_SECTION_ROM; } } else { - iotlb = section - address_space_memory.dispatch->sections; + iotlb = section - address_space_memory.dispatch->map.sections; iotlb += xlat; } @@ -756,23 +749,23 @@ void phys_mem_set_alloc(void *(*alloc)(size_t)) phys_mem_alloc = alloc; } -static uint16_t phys_section_add(MemoryRegionSection *section) +static uint16_t phys_section_add(PhysPageMap *map, + MemoryRegionSection *section) { /* The physical section number is ORed with a page-aligned * pointer to produce the iotlb entries. Thus it should * never overflow into the page-aligned value. */ - assert(next_map.sections_nb < TARGET_PAGE_SIZE); + assert(map->sections_nb < TARGET_PAGE_SIZE); - if (next_map.sections_nb == next_map.sections_nb_alloc) { - next_map.sections_nb_alloc = MAX(next_map.sections_nb_alloc * 2, - 16); - next_map.sections = g_renew(MemoryRegionSection, next_map.sections, - next_map.sections_nb_alloc); + if (map->sections_nb == map->sections_nb_alloc) { + map->sections_nb_alloc = MAX(map->sections_nb_alloc * 2, 16); + map->sections = g_renew(MemoryRegionSection, map->sections, + map->sections_nb_alloc); } - next_map.sections[next_map.sections_nb] = *section; + map->sections[map->sections_nb] = *section; memory_region_ref(section->mr); - return next_map.sections_nb++; + return map->sections_nb++; } static void phys_section_destroy(MemoryRegion *mr) @@ -794,7 +787,6 @@ static void phys_sections_free(PhysPageMap *map) } g_free(map->sections); g_free(map->nodes); - g_free(map); } static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *section) @@ -803,7 +795,7 @@ static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *secti hwaddr base = section->offset_within_address_space & TARGET_PAGE_MASK; MemoryRegionSection *existing = phys_page_find(d->phys_map, base, - next_map.nodes, next_map.sections); + d->map.nodes, d->map.sections); MemoryRegionSection subsection = { .offset_within_address_space = base, .size = int128_make64(TARGET_PAGE_SIZE), @@ -816,13 +808,14 @@ static void register_subpage(AddressSpaceDispatch *d, MemoryRegionSection *secti subpage = subpage_init(d->as, base); subsection.mr = &subpage->iomem; phys_page_set(d, base >> TARGET_PAGE_BITS, 1, - phys_section_add(&subsection)); + phys_section_add(&d->map, &subsection)); } else { subpage = container_of(existing->mr, subpage_t, iomem); } start = section->offset_within_address_space & ~TARGET_PAGE_MASK; end = start + int128_get64(section->size) - 1; - subpage_register(subpage, start, end, phys_section_add(section)); + subpage_register(subpage, start, end, + phys_section_add(&d->map, section)); } @@ -830,7 +823,7 @@ static void register_multipage(AddressSpaceDispatch *d, MemoryRegionSection *section) { hwaddr start_addr = section->offset_within_address_space; - uint16_t section_index = phys_section_add(section); + uint16_t section_index = phys_section_add(&d->map, section); uint64_t num_pages = int128_get64(int128_rshift(section->size, TARGET_PAGE_BITS)); @@ -1614,7 +1607,7 @@ static subpage_t *subpage_init(AddressSpace *as, hwaddr base) return mmio; } -static uint16_t dummy_section(MemoryRegion *mr) +static uint16_t dummy_section(PhysPageMap *map, MemoryRegion *mr) { MemoryRegionSection section = { .mr = mr, @@ -1623,12 +1616,13 @@ static uint16_t dummy_section(MemoryRegion *mr) .size = int128_2_64(), }; - return phys_section_add(§ion); + return phys_section_add(map, §ion); } MemoryRegion *iotlb_to_region(hwaddr index) { - return address_space_memory.dispatch->sections[index & ~TARGET_PAGE_MASK].mr; + return address_space_memory.dispatch->map.sections[ + index & ~TARGET_PAGE_MASK].mr; } static void io_mem_init(void) @@ -1645,7 +1639,17 @@ static void io_mem_init(void) static void mem_begin(MemoryListener *listener) { AddressSpace *as = container_of(listener, AddressSpace, dispatch_listener); - AddressSpaceDispatch *d = g_new(AddressSpaceDispatch, 1); + AddressSpaceDispatch *d = g_new0(AddressSpaceDispatch, 1); + uint16_t n; + + n = dummy_section(&d->map, &io_mem_unassigned); + assert(n == PHYS_SECTION_UNASSIGNED); + n = dummy_section(&d->map, &io_mem_notdirty); + assert(n == PHYS_SECTION_NOTDIRTY); + n = dummy_section(&d->map, &io_mem_rom); + assert(n == PHYS_SECTION_ROM); + n = dummy_section(&d->map, &io_mem_watch); + assert(n == PHYS_SECTION_WATCH); d->phys_map = (PhysPageEntry) { .ptr = PHYS_MAP_NODE_NIL, .skip = 1 }; d->as = as; @@ -1658,37 +1662,12 @@ static void mem_commit(MemoryListener *listener) AddressSpaceDispatch *cur = as->dispatch; AddressSpaceDispatch *next = as->next_dispatch; - next->nodes = next_map.nodes; - next->sections = next_map.sections; - as->dispatch = next; - g_free(cur); -} -static void core_begin(MemoryListener *listener) -{ - uint16_t n; - - prev_map = g_new(PhysPageMap, 1); - *prev_map = next_map; - - memset(&next_map, 0, sizeof(next_map)); - n = dummy_section(&io_mem_unassigned); - assert(n == PHYS_SECTION_UNASSIGNED); - n = dummy_section(&io_mem_notdirty); - assert(n == PHYS_SECTION_NOTDIRTY); - n = dummy_section(&io_mem_rom); - assert(n == PHYS_SECTION_ROM); - n = dummy_section(&io_mem_watch); - assert(n == PHYS_SECTION_WATCH); -} - -/* This listener's commit run after the other AddressSpaceDispatch listeners'. - * All AddressSpaceDispatch instances have switched to the next map. - */ -static void core_commit(MemoryListener *listener) -{ - phys_sections_free(prev_map); + if (cur) { + phys_sections_free(&cur->map); + g_free(cur); + } } static void tcg_commit(MemoryListener *listener) @@ -1716,8 +1695,6 @@ static void core_log_global_stop(MemoryListener *listener) } static MemoryListener core_memory_listener = { - .begin = core_begin, - .commit = core_commit, .log_global_start = core_log_global_start, .log_global_stop = core_log_global_stop, .priority = 1, From 8b6d92a56592a97c83da211c20864f4e754bbd9e Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Tue, 29 Oct 2013 13:57:34 +0100 Subject: [PATCH 026/219] pc: map PCI address space as catchall region for not mapped addresses With a help of negative memory region priority PCI address space is mapped underneath RAM regions effectively catching every access to addresses not mapped by any other region. It simplifies PCI address space mapping into system address space. Signed-off-by: Michael S. Tsirkin Signed-off-by: Igor Mammedov (cherry picked from commit 83d08f2673504a299194dcac1657a13754b5932a) *prereq for ddaaefb backport Signed-off-by: Michael Roth --- hw/i386/pc.c | 20 ++++++-------------- hw/i386/pc_piix.c | 2 -- hw/pci-host/piix.c | 24 +++--------------------- hw/pci-host/q35.c | 23 +++-------------------- include/hw/i386/pc.h | 14 ++------------ include/hw/pci-host/q35.h | 2 -- 6 files changed, 14 insertions(+), 71 deletions(-) diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 12c436e7f1..6c82ada3d4 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -1093,21 +1093,13 @@ PcGuestInfo *pc_guest_info_init(ram_addr_t below_4g_mem_size, return guest_info; } -void pc_init_pci64_hole(PcPciInfo *pci_info, uint64_t pci_hole64_start, - uint64_t pci_hole64_size) +/* setup pci memory address space mapping into system address space */ +void pc_pci_as_mapping_init(Object *owner, MemoryRegion *system_memory, + MemoryRegion *pci_address_space) { - if ((sizeof(hwaddr) == 4) || (!pci_hole64_size)) { - return; - } - /* - * BIOS does not set MTRR entries for the 64 bit window, so no need to - * align address to power of two. Align address at 1G, this makes sure - * it can be exactly covered with a PAT entry even when using huge - * pages. - */ - pci_info->w64.begin = ROUND_UP(pci_hole64_start, 0x1ULL << 30); - pci_info->w64.end = pci_info->w64.begin + pci_hole64_size; - assert(pci_info->w64.begin <= pci_info->w64.end); + /* Set to lower priority than RAM */ + memory_region_add_subregion_overlap(system_memory, 0x0, + pci_address_space, -1); } void pc_acpi_init(const char *default_dsdt) diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 2111f0192c..29b47d4d99 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -149,8 +149,6 @@ static void pc_init1(QEMUMachineInitArgs *args, if (pci_enabled) { pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus, gsi, system_memory, system_io, args->ram_size, - below_4g_mem_size, - 0x100000000ULL - below_4g_mem_size, above_4g_mem_size, pci_memory, ram_memory); } else { diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c index edc974ece3..63be7f6cee 100644 --- a/hw/pci-host/piix.c +++ b/hw/pci-host/piix.c @@ -103,8 +103,6 @@ struct PCII440FXState { MemoryRegion *system_memory; MemoryRegion *pci_address_space; MemoryRegion *ram_memory; - MemoryRegion pci_hole; - MemoryRegion pci_hole_64bit; PAMMemoryRegion pam_regions[13]; MemoryRegion smram_region; uint8_t smm_enabled; @@ -313,8 +311,6 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, ram_addr_t ram_size, - hwaddr pci_hole_start, - hwaddr pci_hole_size, ram_addr_t above_4g_mem_size, MemoryRegion *pci_address_space, MemoryRegion *ram_memory) @@ -327,7 +323,6 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, PCII440FXState *f; unsigned i; I440FXState *i440fx; - uint64_t pci_hole64_size; dev = qdev_create(NULL, TYPE_I440FX_PCI_HOST_BRIDGE); s = PCI_HOST_BRIDGE(dev); @@ -355,23 +350,10 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, i440fx->pci_info.w32.begin = 0xe0000000; } - memory_region_init_alias(&f->pci_hole, OBJECT(d), "pci-hole", f->pci_address_space, - pci_hole_start, pci_hole_size); - memory_region_add_subregion(f->system_memory, pci_hole_start, &f->pci_hole); + /* setup pci memory mapping */ + pc_pci_as_mapping_init(OBJECT(f), f->system_memory, + f->pci_address_space); - pci_hole64_size = pci_host_get_hole64_size(i440fx->pci_hole64_size); - - pc_init_pci64_hole(&i440fx->pci_info, 0x100000000ULL + above_4g_mem_size, - pci_hole64_size); - memory_region_init_alias(&f->pci_hole_64bit, OBJECT(d), "pci-hole64", - f->pci_address_space, - i440fx->pci_info.w64.begin, - pci_hole64_size); - if (pci_hole64_size) { - memory_region_add_subregion(f->system_memory, - i440fx->pci_info.w64.begin, - &f->pci_hole_64bit); - } memory_region_init_alias(&f->smram_region, OBJECT(d), "smram-region", f->pci_address_space, 0xa0000, 0x20000); memory_region_add_subregion_overlap(f->system_memory, 0xa0000, diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c index c043998e32..81c82404d6 100644 --- a/hw/pci-host/q35.c +++ b/hw/pci-host/q35.c @@ -356,28 +356,11 @@ static int mch_init(PCIDevice *d) { int i; MCHPCIState *mch = MCH_PCI_DEVICE(d); - uint64_t pci_hole64_size; - /* setup pci memory regions */ - memory_region_init_alias(&mch->pci_hole, OBJECT(mch), "pci-hole", - mch->pci_address_space, - mch->below_4g_mem_size, - 0x100000000ULL - mch->below_4g_mem_size); - memory_region_add_subregion(mch->system_memory, mch->below_4g_mem_size, - &mch->pci_hole); + /* setup pci memory mapping */ + pc_pci_as_mapping_init(OBJECT(mch), mch->system_memory, + mch->pci_address_space); - pci_hole64_size = pci_host_get_hole64_size(mch->pci_hole64_size); - pc_init_pci64_hole(&mch->pci_info, 0x100000000ULL + mch->above_4g_mem_size, - pci_hole64_size); - memory_region_init_alias(&mch->pci_hole_64bit, OBJECT(mch), "pci-hole64", - mch->pci_address_space, - mch->pci_info.w64.begin, - pci_hole64_size); - if (pci_hole64_size) { - memory_region_add_subregion(mch->system_memory, - mch->pci_info.w64.begin, - &mch->pci_hole_64bit); - } /* smram */ cpu_smm_register(&mch_set_smm, mch); memory_region_init_alias(&mch->smram_region, OBJECT(mch), "smram-region", diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 09652fb22c..8ea1a98728 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -128,17 +128,9 @@ PcGuestInfo *pc_guest_info_init(ram_addr_t below_4g_mem_size, #define PCI_HOST_PROP_PCI_HOLE64_SIZE "pci-hole64-size" #define DEFAULT_PCI_HOLE64_SIZE (~0x0ULL) -static inline uint64_t pci_host_get_hole64_size(uint64_t pci_hole64_size) -{ - if (pci_hole64_size == DEFAULT_PCI_HOLE64_SIZE) { - return 1ULL << 62; - } else { - return pci_hole64_size; - } -} -void pc_init_pci64_hole(PcPciInfo *pci_info, uint64_t pci_hole64_start, - uint64_t pci_hole64_size); +void pc_pci_as_mapping_init(Object *owner, MemoryRegion *system_memory, + MemoryRegion *pci_address_space); FWCfgState *pc_memory_init(MemoryRegion *system_memory, const char *kernel_filename, @@ -187,8 +179,6 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, ram_addr_t ram_size, - hwaddr pci_hole_start, - hwaddr pci_hole_size, ram_addr_t above_4g_mem_size, MemoryRegion *pci_memory, MemoryRegion *ram_memory); diff --git a/include/hw/pci-host/q35.h b/include/hw/pci-host/q35.h index 309065fa41..d0355b712b 100644 --- a/include/hw/pci-host/q35.h +++ b/include/hw/pci-host/q35.h @@ -53,8 +53,6 @@ typedef struct MCHPCIState { MemoryRegion *address_space_io; PAMMemoryRegion pam_regions[13]; MemoryRegion smram_region; - MemoryRegion pci_hole; - MemoryRegion pci_hole_64bit; PcPciInfo pci_info; uint8_t smm_enabled; ram_addr_t below_4g_mem_size; From 03bc4f66280023cba17f8cdbd3a5b6589db343be Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Sat, 21 Dec 2013 03:02:50 +0100 Subject: [PATCH 027/219] piix: fix 32bit pci hole Make the 32bit pci hole start at end of ram, so all possible address space is covered. We used to try and make addresses aligned so they are easier to cover with MTRRs, but since they are cosmetic on KVM, this is probably not worth worrying about. Of course the firmware can use less than that. Leaving space unused is no problem, mapping pci bars outside the hole causes problems though. Signed-off-by: Gerd Hoffmann Signed-off-by: Laszlo Ersek Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit ddaaefb4dd427d6d2e41c1cfbe0cd8d8e8d6aad9) Signed-off-by: Michael Roth --- hw/i386/pc_piix.c | 1 + hw/pci-host/piix.c | 11 ++--------- include/hw/i386/pc.h | 1 + 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index 29b47d4d99..cc9b273bc5 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -149,6 +149,7 @@ static void pc_init1(QEMUMachineInitArgs *args, if (pci_enabled) { pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus, gsi, system_memory, system_io, args->ram_size, + below_4g_mem_size, above_4g_mem_size, pci_memory, ram_memory); } else { diff --git a/hw/pci-host/piix.c b/hw/pci-host/piix.c index 63be7f6cee..4229d09acf 100644 --- a/hw/pci-host/piix.c +++ b/hw/pci-host/piix.c @@ -311,6 +311,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, ram_addr_t ram_size, + ram_addr_t below_4g_mem_size, ram_addr_t above_4g_mem_size, MemoryRegion *pci_address_space, MemoryRegion *ram_memory) @@ -340,15 +341,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, f->ram_memory = ram_memory; i440fx = I440FX_PCI_HOST_BRIDGE(dev); - /* Set PCI window size the way seabios has always done it. */ - /* Power of 2 so bios can cover it with a single MTRR */ - if (ram_size <= 0x80000000) { - i440fx->pci_info.w32.begin = 0x80000000; - } else if (ram_size <= 0xc0000000) { - i440fx->pci_info.w32.begin = 0xc0000000; - } else { - i440fx->pci_info.w32.begin = 0xe0000000; - } + i440fx->pci_info.w32.begin = below_4g_mem_size; /* setup pci memory mapping */ pc_pci_as_mapping_init(OBJECT(f), f->system_memory, diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 8ea1a98728..2a4a0947e6 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -179,6 +179,7 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, MemoryRegion *address_space_mem, MemoryRegion *address_space_io, ram_addr_t ram_size, + ram_addr_t below_4g_mem_size, ram_addr_t above_4g_mem_size, MemoryRegion *pci_memory, MemoryRegion *ram_memory); From b9cabc36a20a43a5b96686a1df47984ff983c395 Mon Sep 17 00:00:00 2001 From: Petar Jovanovic Date: Fri, 29 Nov 2013 17:27:42 +0100 Subject: [PATCH 028/219] target-mips: fix 64-bit FPU config for user-mode emulation FR bit should be initialized to 1 for MIPS64, under condition that this bit is writable and that CPU has an FPU unit. It should be initialized to zero for MIPS32. This fixes different MIPS32 issues with FPU instructions whose behaviour defaulted to 64-bit FPU mode. Signed-off-by: Petar Jovanovic Signed-off-by: Aurelien Jarno (cherry picked from commit 4d66261f71f2efa31e1052e4041c5ee505572fe5) Signed-off-by: Michael Roth --- target-mips/translate.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/target-mips/translate.c b/target-mips/translate.c index 67f326b205..e30273438a 100644 --- a/target-mips/translate.c +++ b/target-mips/translate.c @@ -15983,10 +15983,13 @@ void cpu_state_reset(CPUMIPSState *env) if (env->CP0_Config3 & (1 << CP0C3_DSPP)) { env->CP0_Status |= (1 << CP0St_MX); } - /* Enable 64-bit FPU if the target cpu supports it. */ - if (env->active_fpu.fcr0 & (1 << FCR0_F64)) { +# if defined(TARGET_MIPS64) + /* For MIPS64, init FR bit to 1 if FPU unit is there and bit is writable. */ + if ((env->CP0_Config1 & (1 << CP0C1_FP)) && + (env->CP0_Status_rw_bitmask & (1 << CP0St_FR))) { env->CP0_Status |= (1 << CP0St_FR); } +# endif #else if (env->hflags & MIPS_HFLAG_BMASK) { /* If the exception was raised from a delay slot, From 0bc4142e7f44c11c65b25646d5f4d2243eef60a0 Mon Sep 17 00:00:00 2001 From: Petar Jovanovic Date: Wed, 30 Oct 2013 14:46:32 +0100 Subject: [PATCH 029/219] linux-user: pass correct parameter to do_shmctl() Fix shmctl issue by passing correct parameter buf to do_shmctl(). Signed-off-by: Petar Jovanovic Signed-off-by: Riku Voipio (cherry picked from commit a29267846a52b4ca294ba3a962b74b67df7ce6d2) Signed-off-by: Michael Roth --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index eaaf00ddd0..a3575e7c8b 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3216,7 +3216,7 @@ static abi_long do_ipc(unsigned int call, int first, /* IPC_* and SHM_* command values are the same on all linux platforms */ case IPCOP_shmctl: - ret = do_shmctl(first, second, third); + ret = do_shmctl(first, second, ptr); break; default: gemu_log("Unsupported ipc call: %d (version %d)\n", call, version); From 75b4b747a24d5a6e51fb6eb5fb33e2a83748eb80 Mon Sep 17 00:00:00 2001 From: Petar Jovanovic Date: Wed, 30 Oct 2013 14:46:31 +0100 Subject: [PATCH 030/219] linux-user: create target_structs header to place ipc_perm and shmid_ds Creating target_structs header in linux-user/$arch/ and making target_ipc_perm and target_shmid_ds its first inhabitants. The struct defintions may/should be further fine-tuned by arch maintainers. Signed-off-by: Petar Jovanovic Signed-off-by: Riku Voipio (cherry picked from commit 55a2b1631fb343edac4a2d4596c72e58ee1372b3) Signed-off-by: Michael Roth --- linux-user/aarch64/target_structs.h | 58 ++++++++++++++++++++ linux-user/alpha/target_structs.h | 48 ++++++++++++++++ linux-user/arm/target_structs.h | 52 ++++++++++++++++++ linux-user/cris/target_structs.h | 58 ++++++++++++++++++++ linux-user/i386/target_structs.h | 58 ++++++++++++++++++++ linux-user/m68k/target_structs.h | 58 ++++++++++++++++++++ linux-user/microblaze/target_structs.h | 58 ++++++++++++++++++++ linux-user/mips/target_structs.h | 48 ++++++++++++++++ linux-user/mips64/target_cpu.h | 18 ++++++ linux-user/mips64/target_structs.h | 2 + linux-user/openrisc/target_structs.h | 58 ++++++++++++++++++++ linux-user/ppc/target_structs.h | 60 ++++++++++++++++++++ linux-user/qemu.h | 1 + linux-user/s390x/target_structs.h | 63 +++++++++++++++++++++ linux-user/sh4/target_structs.h | 58 ++++++++++++++++++++ linux-user/sparc/target_structs.h | 63 +++++++++++++++++++++ linux-user/sparc64/target_structs.h | 58 ++++++++++++++++++++ linux-user/syscall.c | 76 ++++++++++---------------- linux-user/unicore32/target_structs.h | 58 ++++++++++++++++++++ linux-user/x86_64/target_structs.h | 58 ++++++++++++++++++++ 20 files changed, 963 insertions(+), 48 deletions(-) create mode 100644 linux-user/aarch64/target_structs.h create mode 100644 linux-user/alpha/target_structs.h create mode 100644 linux-user/arm/target_structs.h create mode 100644 linux-user/cris/target_structs.h create mode 100644 linux-user/i386/target_structs.h create mode 100644 linux-user/m68k/target_structs.h create mode 100644 linux-user/microblaze/target_structs.h create mode 100644 linux-user/mips/target_structs.h create mode 100644 linux-user/mips64/target_structs.h create mode 100644 linux-user/openrisc/target_structs.h create mode 100644 linux-user/ppc/target_structs.h create mode 100644 linux-user/s390x/target_structs.h create mode 100644 linux-user/sh4/target_structs.h create mode 100644 linux-user/sparc/target_structs.h create mode 100644 linux-user/sparc64/target_structs.h create mode 100644 linux-user/unicore32/target_structs.h create mode 100644 linux-user/x86_64/target_structs.h diff --git a/linux-user/aarch64/target_structs.h b/linux-user/aarch64/target_structs.h new file mode 100644 index 0000000000..21c1f2c074 --- /dev/null +++ b/linux-user/aarch64/target_structs.h @@ -0,0 +1,58 @@ +/* + * ARM AArch64 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/alpha/target_structs.h b/linux-user/alpha/target_structs.h new file mode 100644 index 0000000000..50e7708ffd --- /dev/null +++ b/linux-user/alpha/target_structs.h @@ -0,0 +1,48 @@ +/* + * Alpha specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_uint mode; /* Read/write permission. */ + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad1; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ + abi_ulong shm_dtime; /* time of last shmdt() */ + abi_ulong shm_ctime; /* time of last change by shmctl() */ + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused1; + abi_ulong __unused2; +}; + +#endif diff --git a/linux-user/arm/target_structs.h b/linux-user/arm/target_structs.h new file mode 100644 index 0000000000..f3c85d4e1f --- /dev/null +++ b/linux-user/arm/target_structs.h @@ -0,0 +1,52 @@ +/* + * ARM specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ + abi_ulong __unused1; + abi_ulong shm_dtime; /* time of last shmdt() */ + abi_ulong __unused2; + abi_ulong shm_ctime; /* time of last change by shmctl() */ + abi_ulong __unused3; + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/cris/target_structs.h b/linux-user/cris/target_structs.h new file mode 100644 index 0000000000..e4a1ffb3c1 --- /dev/null +++ b/linux-user/cris/target_structs.h @@ -0,0 +1,58 @@ +/* + * CRIS specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/i386/target_structs.h b/linux-user/i386/target_structs.h new file mode 100644 index 0000000000..65f535e16b --- /dev/null +++ b/linux-user/i386/target_structs.h @@ -0,0 +1,58 @@ +/* + * i386 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/m68k/target_structs.h b/linux-user/m68k/target_structs.h new file mode 100644 index 0000000000..de257c97de --- /dev/null +++ b/linux-user/m68k/target_structs.h @@ -0,0 +1,58 @@ +/* + * m68k specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/microblaze/target_structs.h b/linux-user/microblaze/target_structs.h new file mode 100644 index 0000000000..325e2f6d4d --- /dev/null +++ b/linux-user/microblaze/target_structs.h @@ -0,0 +1,58 @@ +/* + * MicroBlaze specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/mips/target_structs.h b/linux-user/mips/target_structs.h new file mode 100644 index 0000000000..16021e8a94 --- /dev/null +++ b/linux-user/mips/target_structs.h @@ -0,0 +1,48 @@ +/* + * MIPS specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_uint mode; /* Read/write permission. */ + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad1; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ + abi_ulong shm_dtime; /* time of last shmdt() */ + abi_ulong shm_ctime; /* time of last change by shmctl() */ + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused1; + abi_ulong __unused2; +}; + +#endif diff --git a/linux-user/mips64/target_cpu.h b/linux-user/mips64/target_cpu.h index fa36407c68..f16991b4ef 100644 --- a/linux-user/mips64/target_cpu.h +++ b/linux-user/mips64/target_cpu.h @@ -1 +1,19 @@ +/* + * MIPS64 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ #include "../mips/target_cpu.h" diff --git a/linux-user/mips64/target_structs.h b/linux-user/mips64/target_structs.h new file mode 100644 index 0000000000..a4f619e732 --- /dev/null +++ b/linux-user/mips64/target_structs.h @@ -0,0 +1,2 @@ +#include "../mips/target_structs.h" + diff --git a/linux-user/openrisc/target_structs.h b/linux-user/openrisc/target_structs.h new file mode 100644 index 0000000000..f4d560f575 --- /dev/null +++ b/linux-user/openrisc/target_structs.h @@ -0,0 +1,58 @@ +/* + * OpenRISC specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/ppc/target_structs.h b/linux-user/ppc/target_structs.h new file mode 100644 index 0000000000..2b87613104 --- /dev/null +++ b/linux-user/ppc/target_structs.h @@ -0,0 +1,60 @@ +/* + * PowerPC specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_uint mode; /* Read/write permission. */ + uint32_t __seq; /* Sequence number. */ + uint32_t __pad1; + uint64_t __unused1; + uint64_t __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ +#if TARGET_ABI_BITS == 32 + abi_uint __unused1; +#endif + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_uint __unused2; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_uint __unused3; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_uint __unused4; +#endif + abi_long shm_segsz; /* size of segment in bytes */ + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused5; + abi_ulong __unused6; +}; + +#endif diff --git a/linux-user/qemu.h b/linux-user/qemu.h index da64e877c7..e2717e0775 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -452,5 +452,6 @@ static inline void *lock_user_string(abi_ulong guest_addr) */ #include "target_cpu.h" #include "target_signal.h" +#include "target_structs.h" #endif /* QEMU_H */ diff --git a/linux-user/s390x/target_structs.h b/linux-user/s390x/target_structs.h new file mode 100644 index 0000000000..6b6f5b5212 --- /dev/null +++ b/linux-user/s390x/target_structs.h @@ -0,0 +1,63 @@ +/* + * S/390 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ +#if TARGET_ABI_BITS == 64 + abi_uint mode; /* Read/write permission. */ +#else + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; +#endif + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/sh4/target_structs.h b/linux-user/sh4/target_structs.h new file mode 100644 index 0000000000..32b235e0b3 --- /dev/null +++ b/linux-user/sh4/target_structs.h @@ -0,0 +1,58 @@ +/* + * SH4 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/sparc/target_structs.h b/linux-user/sparc/target_structs.h new file mode 100644 index 0000000000..c139e09a61 --- /dev/null +++ b/linux-user/sparc/target_structs.h @@ -0,0 +1,63 @@ +/* + * SPARC specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ +#if TARGET_ABI_BITS == 32 + abi_ushort __pad1; + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad2; +#else + abi_ushort mode; + abi_ushort __pad1; +#endif + abi_ushort __seq; /* Sequence number. */ + uint64_t __unused1; + uint64_t __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ +#if TARGET_ABI_BITS == 32 + abi_uint __pad1; +#endif + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_uint __pad2; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_uint __pad3; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_cpid; /* pid of creator */ + abi_ulong shm_lpid; /* pid of last shmop */ + abi_long shm_nattch; /* number of current attaches */ + abi_ulong __unused1; + abi_ulong __unused2; +}; + +#endif diff --git a/linux-user/sparc64/target_structs.h b/linux-user/sparc64/target_structs.h new file mode 100644 index 0000000000..fc1729007d --- /dev/null +++ b/linux-user/sparc64/target_structs.h @@ -0,0 +1,58 @@ +/* + * SPARC64 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/syscall.c b/linux-user/syscall.c index a3575e7c8b..81f79f994f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2417,21 +2417,6 @@ static struct shm_region { abi_ulong size; } shm_regions[N_SHM_REGIONS]; -struct target_ipc_perm -{ - abi_long __key; - abi_ulong uid; - abi_ulong gid; - abi_ulong cuid; - abi_ulong cgid; - unsigned short int mode; - unsigned short int __pad1; - unsigned short int __seq; - unsigned short int __pad2; - abi_ulong __unused1; - abi_ulong __unused2; -}; - struct target_semid_ds { struct target_ipc_perm sem_perm; @@ -2453,12 +2438,21 @@ static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip, if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1)) return -TARGET_EFAULT; target_ip = &(target_sd->sem_perm); - host_ip->__key = tswapal(target_ip->__key); - host_ip->uid = tswapal(target_ip->uid); - host_ip->gid = tswapal(target_ip->gid); - host_ip->cuid = tswapal(target_ip->cuid); - host_ip->cgid = tswapal(target_ip->cgid); + host_ip->__key = tswap32(target_ip->__key); + host_ip->uid = tswap32(target_ip->uid); + host_ip->gid = tswap32(target_ip->gid); + host_ip->cuid = tswap32(target_ip->cuid); + host_ip->cgid = tswap32(target_ip->cgid); +#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC) + host_ip->mode = tswap32(target_ip->mode); +#else host_ip->mode = tswap16(target_ip->mode); +#endif +#if defined(TARGET_PPC) + host_ip->__seq = tswap32(target_ip->__seq); +#else + host_ip->__seq = tswap16(target_ip->__seq); +#endif unlock_user_struct(target_sd, target_addr, 0); return 0; } @@ -2472,12 +2466,21 @@ static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr, if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0)) return -TARGET_EFAULT; target_ip = &(target_sd->sem_perm); - target_ip->__key = tswapal(host_ip->__key); - target_ip->uid = tswapal(host_ip->uid); - target_ip->gid = tswapal(host_ip->gid); - target_ip->cuid = tswapal(host_ip->cuid); - target_ip->cgid = tswapal(host_ip->cgid); + target_ip->__key = tswap32(host_ip->__key); + target_ip->uid = tswap32(host_ip->uid); + target_ip->gid = tswap32(host_ip->gid); + target_ip->cuid = tswap32(host_ip->cuid); + target_ip->cgid = tswap32(host_ip->cgid); +#if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC) + target_ip->mode = tswap32(host_ip->mode); +#else target_ip->mode = tswap16(host_ip->mode); +#endif +#if defined(TARGET_PPC) + target_ip->__seq = tswap32(host_ip->__seq); +#else + target_ip->__seq = tswap16(host_ip->__seq); +#endif unlock_user_struct(target_sd, target_addr, 1); return 0; } @@ -2908,29 +2911,6 @@ end: return ret; } -struct target_shmid_ds -{ - struct target_ipc_perm shm_perm; - abi_ulong shm_segsz; - abi_ulong shm_atime; -#if TARGET_ABI_BITS == 32 - abi_ulong __unused1; -#endif - abi_ulong shm_dtime; -#if TARGET_ABI_BITS == 32 - abi_ulong __unused2; -#endif - abi_ulong shm_ctime; -#if TARGET_ABI_BITS == 32 - abi_ulong __unused3; -#endif - int shm_cpid; - int shm_lpid; - abi_ulong shm_nattch; - unsigned long int __unused4; - unsigned long int __unused5; -}; - static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd, abi_ulong target_addr) { diff --git a/linux-user/unicore32/target_structs.h b/linux-user/unicore32/target_structs.h new file mode 100644 index 0000000000..789369503b --- /dev/null +++ b/linux-user/unicore32/target_structs.h @@ -0,0 +1,58 @@ +/* + * UniCore32 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif diff --git a/linux-user/x86_64/target_structs.h b/linux-user/x86_64/target_structs.h new file mode 100644 index 0000000000..d934056149 --- /dev/null +++ b/linux-user/x86_64/target_structs.h @@ -0,0 +1,58 @@ +/* + * X86-64 specific structures for linux-user + * + * Copyright (c) 2013 Fabrice Bellard + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, see . + */ +#ifndef TARGET_STRUCTS_H +#define TARGET_STRUCTS_H + +struct target_ipc_perm { + abi_int __key; /* Key. */ + abi_uint uid; /* Owner's user ID. */ + abi_uint gid; /* Owner's group ID. */ + abi_uint cuid; /* Creator's user ID. */ + abi_uint cgid; /* Creator's group ID. */ + abi_ushort mode; /* Read/write permission. */ + abi_ushort __pad1; + abi_ushort __seq; /* Sequence number. */ + abi_ushort __pad2; + abi_ulong __unused1; + abi_ulong __unused2; +}; + +struct target_shmid_ds { + struct target_ipc_perm shm_perm; /* operation permission struct */ + abi_long shm_segsz; /* size of segment in bytes */ + abi_ulong shm_atime; /* time of last shmat() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused1; +#endif + abi_ulong shm_dtime; /* time of last shmdt() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused2; +#endif + abi_ulong shm_ctime; /* time of last change by shmctl() */ +#if TARGET_ABI_BITS == 32 + abi_ulong __unused3; +#endif + abi_int shm_cpid; /* pid of creator */ + abi_int shm_lpid; /* pid of last shmop */ + abi_ulong shm_nattch; /* number of current attaches */ + abi_ulong __unused4; + abi_ulong __unused5; +}; + +#endif From 0e282aca861e63125ddd2da4fc954ee7421edc8d Mon Sep 17 00:00:00 2001 From: Brad Date: Tue, 10 Dec 2013 19:49:08 -0500 Subject: [PATCH 031/219] Fix QEMU build on OpenBSD on x86 archs This resolves the build issue with building the ROMs on OpenBSD on x86 archs. As of OpenBSD 5.3 the compiler builds PIE binaries by default and thus the whole OS/packages and so forth. The ROMs need to have PIE disabled. Check in configure whether the compiler supports the flags for disabling PIE, and if it does then use them for building the ROMs. This fixes the following buildbot failure: >From the OpenBSD buildbots.. Building optionrom/multiboot.img ld: multiboot.o: relocation R_X86_64_16 can not be used when making a shared object; recompile with -fPIC Signed-off by: Brad Smith Reviewed-by: Stefan Hajnoczi Signed-off-by: Peter Maydell (cherry picked from commit 46eef33b89e936ca793e13c4aeea1414e97e8dbb) Signed-off-by: Michael Roth --- configure | 7 +++++++ pc-bios/optionrom/Makefile | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 066622865f..3cbcea1448 100755 --- a/configure +++ b/configure @@ -1357,6 +1357,11 @@ EOF pie="no" fi fi + + if compile_prog "-fno-pie" "-nopie"; then + CFLAGS_NOPIE="-fno-pie" + LDFLAGS_NOPIE="-nopie" + fi fi ########################################## @@ -4288,6 +4293,7 @@ echo "LD=$ld" >> $config_host_mak echo "WINDRES=$windres" >> $config_host_mak echo "LIBTOOL=$libtool" >> $config_host_mak echo "CFLAGS=$CFLAGS" >> $config_host_mak +echo "CFLAGS_NOPIE=$CFLAGS_NOPIE" >> $config_host_mak echo "QEMU_CFLAGS=$QEMU_CFLAGS" >> $config_host_mak echo "QEMU_INCLUDES=$QEMU_INCLUDES" >> $config_host_mak if test "$sparse" = "yes" ; then @@ -4301,6 +4307,7 @@ else echo "AUTOCONF_HOST := " >> $config_host_mak fi echo "LDFLAGS=$LDFLAGS" >> $config_host_mak +echo "LDFLAGS_NOPIE=$LDFLAGS_NOPIE" >> $config_host_mak echo "LIBTOOLFLAGS=$LIBTOOLFLAGS" >> $config_host_mak echo "LIBS+=$LIBS" >> $config_host_mak echo "LIBS_TOOLS+=$libs_tools" >> $config_host_mak diff --git a/pc-bios/optionrom/Makefile b/pc-bios/optionrom/Makefile index 57d8bd0d6c..ce4852a4d5 100644 --- a/pc-bios/optionrom/Makefile +++ b/pc-bios/optionrom/Makefile @@ -12,6 +12,7 @@ $(call set-vpath, $(SRC_PATH)/pc-bios/optionrom) CFLAGS := -Wall -Wstrict-prototypes -Werror -fomit-frame-pointer -fno-builtin CFLAGS += -I$(SRC_PATH) CFLAGS += $(call cc-option, $(CFLAGS), -fno-stack-protector) +CFLAGS += $(CFLAGS_NOPIE) QEMU_CFLAGS = $(CFLAGS) build-all: multiboot.bin linuxboot.bin kvmvapic.bin @@ -20,7 +21,7 @@ build-all: multiboot.bin linuxboot.bin kvmvapic.bin .SECONDARY: %.img: %.o - $(call quiet-command,$(LD) -Ttext 0 -e _start -s -o $@ $<," Building $(TARGET_DIR)$@") + $(call quiet-command,$(LD) $(LDFLAGS_NOPIE) -Ttext 0 -e _start -s -o $@ $<," Building $(TARGET_DIR)$@") %.raw: %.img $(call quiet-command,$(OBJCOPY) -O binary -j .text $< $@," Building $(TARGET_DIR)$@") From 6ec62b79e34fb2d3948432df2e7a6bb963c2eae1 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno Date: Tue, 3 Sep 2013 08:27:38 +0200 Subject: [PATCH 032/219] tcg/optimize: fix known-zero bits for right shift ops 32-bit versions of sar and shr ops should not propagate known-zero bits from the unused 32 high bits. For sar it could even lead to wrong code being generated. Cc: qemu-stable@nongnu.org Reviewed-by: Paolo Bonzini Signed-off-by: Aurelien Jarno Signed-off-by: Richard Henderson (cherry picked from commit e46b225a3137e62c975c49aaae7bb5f9583cc428) Signed-off-by: Michael Roth --- tcg/optimize.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/tcg/optimize.c b/tcg/optimize.c index 89e2d6a3b3..c5cdde2160 100644 --- a/tcg/optimize.c +++ b/tcg/optimize.c @@ -726,16 +726,25 @@ static TCGArg *tcg_constant_folding(TCGContext *s, uint16_t *tcg_opc_ptr, mask = temps[args[1]].mask & mask; break; - CASE_OP_32_64(sar): + case INDEX_op_sar_i32: if (temps[args[2]].state == TCG_TEMP_CONST) { - mask = ((tcg_target_long)temps[args[1]].mask - >> temps[args[2]].val); + mask = (int32_t)temps[args[1]].mask >> temps[args[2]].val; + } + break; + case INDEX_op_sar_i64: + if (temps[args[2]].state == TCG_TEMP_CONST) { + mask = (int64_t)temps[args[1]].mask >> temps[args[2]].val; } break; - CASE_OP_32_64(shr): + case INDEX_op_shr_i32: if (temps[args[2]].state == TCG_TEMP_CONST) { - mask = temps[args[1]].mask >> temps[args[2]].val; + mask = (uint32_t)temps[args[1]].mask >> temps[args[2]].val; + } + break; + case INDEX_op_shr_i64: + if (temps[args[2]].state == TCG_TEMP_CONST) { + mask = (uint64_t)temps[args[1]].mask >> temps[args[2]].val; } break; From 9692bad34dcb0dcfc46a968ee1d7c69510d268a7 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Wed, 11 Dec 2013 02:47:16 +0200 Subject: [PATCH 033/219] hpet: fix build with CONFIG_HPET off make hpet_find inline so we don't need to build hpet.c to check if hpet is enabled. Fixes link error with CONFIG_HPET off. Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin (cherry picked from commit 142e0950cfaf023a81112dc3cdfa799d769886a4) Signed-off-by: Michael Roth --- hw/timer/hpet.c | 6 ------ include/hw/timer/hpet.h | 10 +++++++++- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c index 2eb75ea945..c6c2803d52 100644 --- a/hw/timer/hpet.c +++ b/hw/timer/hpet.c @@ -42,7 +42,6 @@ #define HPET_MSI_SUPPORT 0 -#define TYPE_HPET "hpet" #define HPET(obj) OBJECT_CHECK(HPETState, (obj), TYPE_HPET) struct HPETState; @@ -757,11 +756,6 @@ static void hpet_device_class_init(ObjectClass *klass, void *data) dc->props = hpet_device_properties; } -bool hpet_find(void) -{ - return object_resolve_path_type("", TYPE_HPET, NULL); -} - static const TypeInfo hpet_device_info = { .name = TYPE_HPET, .parent = TYPE_SYS_BUS_DEVICE, diff --git a/include/hw/timer/hpet.h b/include/hw/timer/hpet.h index ab44bd31fd..773953be75 100644 --- a/include/hw/timer/hpet.h +++ b/include/hw/timer/hpet.h @@ -13,6 +13,8 @@ #ifndef QEMU_HPET_EMUL_H #define QEMU_HPET_EMUL_H +#include "qom/object.h" + #define HPET_BASE 0xfed00000 #define HPET_CLK_PERIOD 10000000ULL /* 10000000 femtoseconds == 10ns*/ @@ -72,5 +74,11 @@ struct hpet_fw_config extern struct hpet_fw_config hpet_cfg; -bool hpet_find(void); +#define TYPE_HPET "hpet" + +static inline bool hpet_find(void) +{ + return object_resolve_path_type("", TYPE_HPET, NULL); +} + #endif From 02e1c55ddd971a565dbf473c23ed29d4e07ad42b Mon Sep 17 00:00:00 2001 From: Peter Lieven Date: Sat, 14 Dec 2013 17:31:40 +0100 Subject: [PATCH 034/219] block/iscsi: use a bh to schedule co reentrance this fixes a potential segfault and performance regression. If the coroutine is reentered directly in the iscsi_co_generic_cb iscsi_process_{read,write} are interrupted and reentered any time later. One the one hand this could happen after an iscsi_close where the iscsi context is already gone (segfault). On the other hand this limits the number of processed callbacks in each aio_dispatch to one (potential performance regression). Cc: qemu-stable@nongnu.org Signed-off-by: Peter Lieven Signed-off-by: Paolo Bonzini (cherry picked from commit 8b9dfe9098d91e06a3dd6376624307fe5fa13be8) Signed-off-by: Michael Roth --- block/iscsi.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/block/iscsi.c b/block/iscsi.c index a2d578c0a7..a410a28e38 100644 --- a/block/iscsi.c +++ b/block/iscsi.c @@ -65,6 +65,7 @@ typedef struct IscsiTask { int do_retry; struct scsi_task *task; Coroutine *co; + QEMUBH *bh; } IscsiTask; typedef struct IscsiAIOCB { @@ -121,6 +122,13 @@ iscsi_schedule_bh(IscsiAIOCB *acb) qemu_bh_schedule(acb->bh); } +static void iscsi_co_generic_bh_cb(void *opaque) +{ + struct IscsiTask *iTask = opaque; + qemu_bh_delete(iTask->bh); + qemu_coroutine_enter(iTask->co, NULL); +} + static void iscsi_co_generic_cb(struct iscsi_context *iscsi, int status, void *command_data, void *opaque) @@ -145,7 +153,8 @@ iscsi_co_generic_cb(struct iscsi_context *iscsi, int status, out: if (iTask->co) { - qemu_coroutine_enter(iTask->co, NULL); + iTask->bh = qemu_bh_new(iscsi_co_generic_bh_cb, iTask); + qemu_bh_schedule(iTask->bh); } } From dc9e1e798c9a967727d100da2f082e8f456c60fa Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Thu, 28 Nov 2013 18:12:59 +0100 Subject: [PATCH 035/219] qemu_opts_parse(): always check return value qemu_opts_parse() can always return NULL, even if the QemuOptsList.desc in question would be trivial to satisfy (eg. because it's empty). For example: qemu_opts_parse() opts_parse() qemu_opts_create() id_wellformed() In practice: $ .../qemu-system-x86_64 -acpitable id=3 qemu-system-x86_64: -acpitable id=3: Parameter 'id' expects an identifier ** ERROR:vl.c:3491:main: assertion failed: (opts != NULL) Aborted (core dumped) $ .../qemu-system-x86_64 -smbios id=3 qemu-system-x86_64: -smbios id=3: Parameter 'id' expects an identifier Segmentation fault (core dumped) I checked all qemu_opts_parse() invocations (and all drive_def() invocations too, because it blindly forwards the former's retval). Only the two above examples look problematic. Signed-off-by: Laszlo Ersek Reviewed-by: Markus Armbruster Message-id: 1385658779-7529-1-git-send-email-lersek@redhat.com Signed-off-by: Anthony Liguori (cherry picked from commit f46e720a82ccdf1a521cf459448f3f96ed895d43) Signed-off-by: Michael Roth --- vl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/vl.c b/vl.c index 31e3411cb1..30b50764de 100644 --- a/vl.c +++ b/vl.c @@ -3489,11 +3489,16 @@ int main(int argc, char **argv, char **envp) } case QEMU_OPTION_acpitable: opts = qemu_opts_parse(qemu_find_opts("acpi"), optarg, 1); - g_assert(opts != NULL); + if (!opts) { + exit(1); + } do_acpitable_option(opts); break; case QEMU_OPTION_smbios: opts = qemu_opts_parse(qemu_find_opts("smbios"), optarg, 0); + if (!opts) { + exit(1); + } do_smbios_option(opts); break; case QEMU_OPTION_enable_kvm: From c2f6dc66bcdee73cc7fd14fd82f570ccce382a1f Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Tue, 17 Dec 2013 18:27:33 +0100 Subject: [PATCH 036/219] s390x/kvm: Fix diagnose handling. The instruction intercept handler for diagnose used only the displacement when trying to calculate the function code. This is only correct for base 0, however; we need to perform a complete base/displacement address calculation and use bits 48-63 as the function code. Reviewed-by: Thomas Huth Signed-off-by: Cornelia Huck Signed-off-by: Jens Freimann Signed-off-by: Alexander Graf (cherry picked from commit 638129ff475dd3b4c0e57e0be598efe41461e9b3) Signed-off-by: Michael Roth --- target-s390x/cpu.h | 3 +++ target-s390x/kvm.c | 17 ++++++++++++----- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h index a2c077bdcd..68b5ab7056 100644 --- a/target-s390x/cpu.h +++ b/target-s390x/cpu.h @@ -352,6 +352,9 @@ static inline hwaddr decode_basedisp_s(CPUS390XState *env, uint32_t ipb) return addr; } +/* Base/displacement are at the same locations. */ +#define decode_basedisp_rs decode_basedisp_s + void s390x_tod_timer(void *opaque); void s390x_cpu_timer(void *opaque); diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c index 02ac4ba995..b00a6617a3 100644 --- a/target-s390x/kvm.c +++ b/target-s390x/kvm.c @@ -562,11 +562,19 @@ static void kvm_handle_diag_308(S390CPU *cpu, struct kvm_run *run) handle_diag_308(&cpu->env, r1, r3); } -static int handle_diag(S390CPU *cpu, struct kvm_run *run, int ipb_code) +#define DIAG_KVM_CODE_MASK 0x000000000000ffff + +static int handle_diag(S390CPU *cpu, struct kvm_run *run, uint32_t ipb) { int r = 0; + uint16_t func_code; - switch (ipb_code) { + /* + * For any diagnose call we support, bits 48-63 of the resulting + * address specify the function code; the remainder is ignored. + */ + func_code = decode_basedisp_rs(&cpu->env, ipb) & DIAG_KVM_CODE_MASK; + switch (func_code) { case DIAG_IPL: kvm_handle_diag_308(cpu, run); break; @@ -577,7 +585,7 @@ static int handle_diag(S390CPU *cpu, struct kvm_run *run, int ipb_code) sleep(10); break; default: - DPRINTF("KVM: unknown DIAG: 0x%x\n", ipb_code); + DPRINTF("KVM: unknown DIAG: 0x%x\n", func_code); r = -1; break; } @@ -684,7 +692,6 @@ static void handle_instruction(S390CPU *cpu, struct kvm_run *run) { unsigned int ipa0 = (run->s390_sieic.ipa & 0xff00); uint8_t ipa1 = run->s390_sieic.ipa & 0x00ff; - int ipb_code = (run->s390_sieic.ipb & 0x0fff0000) >> 16; int r = -1; DPRINTF("handle_instruction 0x%x 0x%x\n", @@ -696,7 +703,7 @@ static void handle_instruction(S390CPU *cpu, struct kvm_run *run) r = handle_priv(cpu, run, ipa0 >> 8, ipa1); break; case IPA0_DIAG: - r = handle_diag(cpu, run, ipb_code); + r = handle_diag(cpu, run, run->s390_sieic.ipb); break; case IPA0_SIGP: r = handle_sigp(cpu, run, ipa1); From 109b2439f01247b5c8a5313c367ec6b11cb46259 Mon Sep 17 00:00:00 2001 From: Corey Bryant Date: Wed, 18 Dec 2013 11:48:11 -0500 Subject: [PATCH 037/219] seccomp: exit if seccomp_init() fails This fixes a bug where we weren't exiting if seccomp_init() failed. Signed-off-by: Corey Bryant Acked-by: Eduardo Otubo Acked-by: Paul Moore (cherry picked from commit 2a13f991123fa16841e6d94b02a9cc2c76d91725) Signed-off-by: Michael Roth --- qemu-seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/qemu-seccomp.c b/qemu-seccomp.c index 69cee443af..7c7b4742a6 100644 --- a/qemu-seccomp.c +++ b/qemu-seccomp.c @@ -230,6 +230,7 @@ int seccomp_start(void) ctx = seccomp_init(SCMP_ACT_KILL); if (ctx == NULL) { + rc = -1; goto seccomp_return; } From 88d08de7e5d08bfa44613e492cd64f8b3974d62e Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sun, 22 Dec 2013 20:42:05 +0100 Subject: [PATCH 038/219] mainstone: Fix duplicate array values for key 'space' cgcc reported a duplicate initialisation. Mainstone includes a matrix keyboard where two different positions map to 'space'. QEMU uses the reversed mapping and does not map 'space' to two different matrix positions. Some other keys are either missing or might be mapped wrongly (cf. Linux kernel code). Don't fix these until someone can test them with real hardware, but add TODO comments. Signed-off-by: Stefan Weil Reviewed-by: Peter Maydell Signed-off-by: Michael Tokarev (cherry picked from commit 7dbc1158bc63fdbad849d21409eeeb53f5230445) Signed-off-by: Michael Roth --- hw/arm/mainstone.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/hw/arm/mainstone.c b/hw/arm/mainstone.c index 9402c841e9..ffbf4bd540 100644 --- a/hw/arm/mainstone.c +++ b/hw/arm/mainstone.c @@ -75,9 +75,18 @@ static struct keymap map[0xE0] = { [0x2c] = {4,3}, /* z */ [0xc7] = {5,0}, /* Home */ [0x2a] = {5,1}, /* shift */ - [0x39] = {5,2}, /* space */ + /* + * There are two matrix positions which map to space, + * but QEMU can only use one of them for the reverse + * mapping, so simply use the second one. + */ + /* [0x39] = {5,2}, space */ [0x39] = {5,3}, /* space */ - [0x1c] = {5,5}, /* enter */ + /* + * Matrix position {5,4} and other keys are missing here. + * TODO: Compare with Linux code and test real hardware. + */ + [0x1c] = {5,5}, /* enter (TODO: might be wrong) */ [0xc8] = {6,0}, /* up */ [0xd0] = {6,1}, /* down */ [0xcb] = {6,2}, /* left */ From 15a14f2eeb76f82b742d009cf320972e7d173f49 Mon Sep 17 00:00:00 2001 From: Luiz Capitulino Date: Sun, 29 Dec 2013 22:39:58 -0500 Subject: [PATCH 039/219] migration: qmp_migrate(): keep working after syntax error If a user or QMP client enter a bad syntax for the migrate command in QMP/HMP, then the migrate command will never succeed from that point on. For example, if you enter: (qemu) migrate tcp;0:4444 migrate: Parameter 'uri' expects a valid migration protocol Then the migrate command will always fail from now on: (qemu) migrate tcp:0:4444 migrate: There's a migration process in progress The problem is that qmp_migrate() sets the migration status to MIG_STATE_SETUP and doesn't reset it on syntax error. This bug was introduced by commit 29ae8a4133082e16970c9d4be09f4b6a15034617. Reviewed-by: Michael R. Hines Signed-off-by: Luiz Capitulino (cherry picked from commit c950114286ea358a93ce632db0421945e1008395) Signed-off-by: Michael Roth --- migration.c | 1 + 1 file changed, 1 insertion(+) diff --git a/migration.c b/migration.c index ff00bfbe36..79c86c92da 100644 --- a/migration.c +++ b/migration.c @@ -437,6 +437,7 @@ void qmp_migrate(const char *uri, bool has_blk, bool blk, #endif } else { error_set(errp, QERR_INVALID_PARAMETER_VALUE, "uri", "a valid migration protocol"); + s->state = MIG_STATE_ERROR; return; } From c426a2da12447a55f52276e763a513c81fc7c1d7 Mon Sep 17 00:00:00 2001 From: Alex Williamson Date: Fri, 6 Dec 2013 11:16:40 -0700 Subject: [PATCH 040/219] vfio-pci: Release all MSI-X vectors when disabled We were relying on msix_unset_vector_notifiers() to release all the vectors when we disable MSI-X, but this only happens when MSI-X is still enabled on the device. Perform further cleanup by releasing any remaining vectors listed as in-use after this call. This caused a leak of IRQ routes on hotplug depending on how the guest OS prepared the device for removal. Signed-off-by: Alex Williamson Cc: qemu-stable@nongnu.org (cherry picked from commit 3e40ba0faf0822fa78336fe6cd9d677ea9b14f1b) Signed-off-by: Michael Roth --- hw/misc/vfio.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hw/misc/vfio.c b/hw/misc/vfio.c index f7f8a19ee8..355b0189c8 100644 --- a/hw/misc/vfio.c +++ b/hw/misc/vfio.c @@ -878,8 +878,20 @@ static void vfio_disable_msi_common(VFIODevice *vdev) static void vfio_disable_msix(VFIODevice *vdev) { + int i; + msix_unset_vector_notifiers(&vdev->pdev); + /* + * MSI-X will only release vectors if MSI-X is still enabled on the + * device, check through the rest and release it ourselves if necessary. + */ + for (i = 0; i < vdev->nr_vectors; i++) { + if (vdev->msi_vectors[i].use) { + vfio_msix_vector_release(&vdev->pdev, i); + } + } + if (vdev->nr_vectors) { vfio_disable_irqindex(vdev, VFIO_PCI_MSIX_IRQ_INDEX); } From b54720b5d65efaa10bf5f992e623accb80a5a573 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 24 Jan 2014 14:56:17 +0100 Subject: [PATCH 041/219] block/curl: Implement the libcurl timer callback interface libcurl versions 7.16.0 and later have a timer callback interface which must be implemented in order for libcurl to make forward progress (it will sometimes rely on being called back on the timeout if there are no file descriptors registered). Implement the callback, and use a QEMU AIO timer to ensure we prod libcurl again when it asks us to. Based on Peter's original patch plus my fix to add curl_multi_timeout_do. Should compile just fine even on older versions of libcurl. I also tried copy-on-read and streaming: $ ./qemu-img create -f qcow2 -o \ backing_file=http://download.fedoraproject.org/pub/fedora/linux/releases/20/Live/x86_64/Fedora-Live-Desktop-x86_64-20-1.iso \ foo.qcow2 1G $ x86_64-softmmu/qemu-system-x86_64 \ -drive if=none,file=foo.qcow2,copy-on-read=on,id=cd \ -device ide-cd,drive=cd --enable-kvm -m 1024 Direct http usage is probably too slow, but with copy-on-read ultimately the image does boot! After some time, streaming gets canceled by an EIO, which needs further investigation. Signed-off-by: Peter Maydell Signed-off-by: Paolo Bonzini Signed-off-by: Kevin Wolf (cherry picked from commit 031fd1be5618c347f9aeb44ec294f14a541e42b2) Signed-off-by: Michael Roth --- block/curl.c | 81 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 70 insertions(+), 11 deletions(-) diff --git a/block/curl.c b/block/curl.c index 5a46f9707c..1c04dccb82 100644 --- a/block/curl.c +++ b/block/curl.c @@ -34,6 +34,11 @@ #define DPRINTF(fmt, ...) do { } while (0) #endif +#if LIBCURL_VERSION_NUM >= 0x071000 +/* The multi interface timer callback was introduced in 7.16.0 */ +#define NEED_CURL_TIMER_CALLBACK +#endif + #define PROTOCOLS (CURLPROTO_HTTP | CURLPROTO_HTTPS | \ CURLPROTO_FTP | CURLPROTO_FTPS | \ CURLPROTO_TFTP) @@ -77,6 +82,7 @@ typedef struct CURLState typedef struct BDRVCURLState { CURLM *multi; + QEMUTimer timer; size_t len; CURLState states[CURL_NUM_STATES]; char *url; @@ -87,6 +93,23 @@ typedef struct BDRVCURLState { static void curl_clean_state(CURLState *s); static void curl_multi_do(void *arg); +#ifdef NEED_CURL_TIMER_CALLBACK +static int curl_timer_cb(CURLM *multi, long timeout_ms, void *opaque) +{ + BDRVCURLState *s = opaque; + + DPRINTF("CURL: timer callback timeout_ms %ld\n", timeout_ms); + if (timeout_ms == -1) { + timer_del(&s->timer); + } else { + int64_t timeout_ns = (int64_t)timeout_ms * 1000 * 1000; + timer_mod(&s->timer, + qemu_clock_get_ns(QEMU_CLOCK_REALTIME) + timeout_ns); + } + return 0; +} +#endif + static int curl_sock_cb(CURL *curl, curl_socket_t fd, int action, void *s, void *sp) { @@ -209,20 +232,10 @@ static int curl_find_buf(BDRVCURLState *s, size_t start, size_t len, return FIND_RET_NONE; } -static void curl_multi_do(void *arg) +static void curl_multi_read(BDRVCURLState *s) { - BDRVCURLState *s = (BDRVCURLState *)arg; - int running; - int r; int msgs_in_queue; - if (!s->multi) - return; - - do { - r = curl_multi_socket_all(s->multi, &running); - } while(r == CURLM_CALL_MULTI_PERFORM); - /* Try to find done transfers, so we can free the easy * handle again. */ do { @@ -266,6 +279,41 @@ static void curl_multi_do(void *arg) } while(msgs_in_queue); } +static void curl_multi_do(void *arg) +{ + BDRVCURLState *s = (BDRVCURLState *)arg; + int running; + int r; + + if (!s->multi) { + return; + } + + do { + r = curl_multi_socket_all(s->multi, &running); + } while(r == CURLM_CALL_MULTI_PERFORM); + + curl_multi_read(s); +} + +static void curl_multi_timeout_do(void *arg) +{ +#ifdef NEED_CURL_TIMER_CALLBACK + BDRVCURLState *s = (BDRVCURLState *)arg; + int running; + + if (!s->multi) { + return; + } + + curl_multi_socket_action(s->multi, CURL_SOCKET_TIMEOUT, 0, &running); + + curl_multi_read(s); +#else + abort(); +#endif +} + static CURLState *curl_init_state(BDRVCURLState *s) { CURLState *state = NULL; @@ -473,12 +521,20 @@ static int curl_open(BlockDriverState *bs, QDict *options, int flags, curl_easy_cleanup(state->curl); state->curl = NULL; + aio_timer_init(bdrv_get_aio_context(bs), &s->timer, + QEMU_CLOCK_REALTIME, SCALE_NS, + curl_multi_timeout_do, s); + // Now we know the file exists and its size, so let's // initialize the multi interface! s->multi = curl_multi_init(); curl_multi_setopt(s->multi, CURLMOPT_SOCKETDATA, s); curl_multi_setopt(s->multi, CURLMOPT_SOCKETFUNCTION, curl_sock_cb); +#ifdef NEED_CURL_TIMER_CALLBACK + curl_multi_setopt(s->multi, CURLMOPT_TIMERDATA, s); + curl_multi_setopt(s->multi, CURLMOPT_TIMERFUNCTION, curl_timer_cb); +#endif curl_multi_do(s); qemu_opts_del(opts); @@ -597,6 +653,9 @@ static void curl_close(BlockDriverState *bs) } if (s->multi) curl_multi_cleanup(s->multi); + + timer_del(&s->timer); + g_free(s->url); } From 6b7ed87665736c40bc5a001656248698e4402899 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 16 Jan 2014 13:06:13 +0100 Subject: [PATCH 042/219] scsi: Support TEST UNIT READY in the dummy LUN0 SeaBIOS waits for LUN0 to respond to the TEST UNIT READY command in order to decide whether it should part of the boot sequence. If LUN0 does not respond to the command, boot is delayed by up to 5 seconds. This currently happens when there is no LUN0 on a target. Fix that by adding a trivial implementation of the command. Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 1cb27d9233d572826b45bd8498d2fab1b6f01df9) Signed-off-by: Michael Roth --- hw/scsi/scsi-bus.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index 2d6ce4d6bb..b04438bae8 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -469,6 +469,8 @@ static int32_t scsi_target_send_command(SCSIRequest *req, uint8_t *buf) r->req.dev->sense_is_ua = false; } break; + case TEST_UNIT_READY: + break; default: scsi_req_build_sense(req, SENSE_CODE(LUN_NOT_SUPPORTED)); scsi_req_complete(req, CHECK_CONDITION); From ad0a6444adf5cb21304fddcf594b2bb563cceaf8 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Wed, 15 Jan 2014 10:35:36 +0100 Subject: [PATCH 043/219] scsi: Assign cancel_io vector for scsi_disk_emulate_ops Some emulated disk operations (MODE SELECT, UNMAP, WRITE SAME) can trigger asynchronous I/Os. Provide the cancel_io callback to ensure that AIOCBs are properly cleaned up. Signed-off-by: Eric Farman Cc: qemu-stable@nongnu.org [Tweak commit message. - Paolo] Signed-off-by: Paolo Bonzini (cherry picked from commit 33325a53f15ab5370e1917b2a11cadffc77c5a52) Signed-off-by: Michael Roth --- hw/scsi/scsi-disk.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index 1fd1c26513..ade5d4ad7b 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -2181,6 +2181,7 @@ static const SCSIReqOps scsi_disk_emulate_reqops = { .send_command = scsi_disk_emulate_command, .read_data = scsi_disk_emulate_read_data, .write_data = scsi_disk_emulate_write_data, + .cancel_io = scsi_cancel_io, .get_buf = scsi_get_buf, }; From 30a0fc36075aee75db639db9b9bc70dc682656d7 Mon Sep 17 00:00:00 2001 From: Eric Farman Date: Tue, 14 Jan 2014 14:16:25 -0500 Subject: [PATCH 044/219] virtio-scsi: Cleanup of I/Os that never started There is still a small window that occurs when a cancel I/O affects an asynchronous I/O operation that hasn't started. In other words, when the residual data length equals the expected data length. Today, the routine virtio_scsi_command_complete fails because the VirtIOSCSIReq pointer (from the hba_private field in SCSIRequest) was cleared earlier when virtio_scsi_complete_req was called by the virtio_scsi_request_cancelled routine. As a result, the virtio_scsi_command_complete routine needs to simply return when it is processing a SCSIRequest block that was marked canceled. Signed-off-by: Eric Farman Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit e9c0f0f58ad0a41c3c4b19e1911cfe095afc09ca) Signed-off-by: Michael Roth --- hw/scsi/virtio-scsi.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 83344eacc0..5e524b2b13 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -306,6 +306,10 @@ static void virtio_scsi_command_complete(SCSIRequest *r, uint32_t status, VirtIOSCSIReq *req = r->hba_private; uint32_t sense_len; + if (r->io_canceled) { + return; + } + req->resp.cmd->response = VIRTIO_SCSI_S_OK; req->resp.cmd->status = status; if (req->resp.cmd->status == GOOD) { From a5221ee1430928ac013f9723134dacb62359247e Mon Sep 17 00:00:00 2001 From: Eric Farman Date: Tue, 14 Jan 2014 14:16:26 -0500 Subject: [PATCH 045/219] virtio-scsi: Prevent assertion on missed events In some cases, an unplug can cause events to be dropped, which leads to an assertion failure when preparing to notify the guest kernel. Signed-off-by: Eric Farman Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 49fb65c7f985baa56d2964e0a85c1f098e3e2a9d) Signed-off-by: Michael Roth --- hw/scsi/virtio-scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 5e524b2b13..3fa6d076da 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -520,7 +520,7 @@ static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev, evt->event = event; evt->reason = reason; if (!dev) { - assert(event == VIRTIO_SCSI_T_NO_EVENT); + assert(event == VIRTIO_SCSI_T_EVENTS_MISSED); } else { evt->lun[0] = 1; evt->lun[1] = dev->id; From 47c6edce7a2ed614bfe40c5d542275330975d1b6 Mon Sep 17 00:00:00 2001 From: thomas knych Date: Thu, 9 Jan 2014 13:14:23 -0800 Subject: [PATCH 046/219] KVM: Retry KVM_CREATE_VM on EINTR Upstreaming this change from Android (https://android-review.googlesource.com/54211). On heavily loaded machines with many VM instances we see KVM_CREATE_VM failing with EINTR on this path: kvm_dev_ioctl_create_vm -> kvm_create_vm -> kvm_init_mmu_notifier -> mmu_notifier_register -> do_mmu_notifier_register -> mm_take_all_locks which checks if any signals have been raised while it was attaining locks and returns EINTR. Retrying the system call greatly improves reliability. Cc: qemu-stable@nongnu.org Signed-off-by: thomas knych Signed-off-by: Paolo Bonzini (cherry picked from commit 94ccff133820552a859c0fb95e33a539e0b90a75) Signed-off-by: Michael Roth --- kvm-all.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/kvm-all.c b/kvm-all.c index 4478969ed2..951e6e343f 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -1431,16 +1431,22 @@ int kvm_init(void) nc++; } - s->vmfd = kvm_ioctl(s, KVM_CREATE_VM, 0); - if (s->vmfd < 0) { + do { + ret = kvm_ioctl(s, KVM_CREATE_VM, 0); + } while (ret == -EINTR); + + if (ret < 0) { + fprintf(stderr, "ioctl(KVM_CREATE_VM) failed: %d %s\n", -s->vmfd, + strerror(-ret)); + #ifdef TARGET_S390X fprintf(stderr, "Please add the 'switch_amode' kernel parameter to " "your host kernel command line\n"); #endif - ret = s->vmfd; goto err; } + s->vmfd = ret; missing_cap = kvm_check_extension_list(s, kvm_required_capabilites); if (!missing_cap) { missing_cap = From 6b579c8c53d15dd67c5103d2476b8da73c321148 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Fri, 31 Jan 2014 23:05:24 +0100 Subject: [PATCH 047/219] i386: Add missing include file for QEMU_PACKED Instead of packing BiosLinkerLoaderEntry, an unused global variable called QEMU_PACKED was created (detected by smatch static code analysis). Including qemu-common.h gets the right definition and also includes some standard include files which now can be removed here. Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Weil Signed-off-by: Michael Tokarev (cherry picked from commit c428c5a21ce9a9861839ee544afd10638016e3f5) Signed-off-by: Michael Roth --- hw/i386/bios-linker-loader.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/i386/bios-linker-loader.c b/hw/i386/bios-linker-loader.c index fd23611008..aa56184e9a 100644 --- a/hw/i386/bios-linker-loader.c +++ b/hw/i386/bios-linker-loader.c @@ -18,11 +18,10 @@ * with this program; if not, see . */ +#include "qemu-common.h" #include "bios-linker-loader.h" #include "hw/nvram/fw_cfg.h" -#include -#include #include "qemu/bswap.h" #define BIOS_LINKER_LOADER_FILESZ FW_CFG_MAX_FILE_PATH From 424388980dbcaf812ad2863cf3af9c6ed63dc915 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Sat, 1 Feb 2014 09:41:09 +0100 Subject: [PATCH 048/219] linux-user: Fix trampoline code for CRIS __put_user can write bytes, words (2 bytes) or longwords (4 bytes). Here obviously words should have been written, but bytes were written, so values like 0x9c5f were truncated to 0x5f. Fix this by changing retcode from uint8_t to to uint16_t in target_signal_frame and also in the unused rt_signal_frame. This problem was reported by static code analysis (smatch). Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Weil Acked-by: Riku Voipio Reviewed-by: Peter Maydell Tested-by: Edgar E. Iglesias Reviewed-by: Edgar E. Iglesias Signed-off-by: Edgar E. Iglesias (cherry picked from commit 8cfc114a2f293c40077d1bdb7500b29db359ca22) Signed-off-by: Michael Roth --- linux-user/signal.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-user/signal.c b/linux-user/signal.c index 7751c47ef1..544e77eac2 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -3653,7 +3653,7 @@ struct target_sigcontext { struct target_signal_frame { struct target_sigcontext sc; uint32_t extramask[TARGET_NSIG_WORDS - 1]; - uint8_t retcode[8]; /* Trampoline code. */ + uint16_t retcode[4]; /* Trampoline code. */ }; struct rt_signal_frame { @@ -3661,7 +3661,7 @@ struct rt_signal_frame { void *puc; siginfo_t info; struct ucontext uc; - uint8_t retcode[8]; /* Trampoline code. */ + uint16_t retcode[4]; /* Trampoline code. */ }; static void setup_sigcontext(struct target_sigcontext *sc, CPUCRISState *env) @@ -3739,8 +3739,8 @@ static void setup_frame(int sig, struct target_sigaction *ka, */ err |= __put_user(0x9c5f, frame->retcode+0); err |= __put_user(TARGET_NR_sigreturn, - frame->retcode+2); - err |= __put_user(0xe93d, frame->retcode+4); + frame->retcode + 1); + err |= __put_user(0xe93d, frame->retcode + 2); /* Save the mask. */ err |= __put_user(set->sig[0], &frame->sc.oldmask); From ec6428b598b599e385d70057f6dbecea9ad52455 Mon Sep 17 00:00:00 2001 From: Mark Cave-Ayland Date: Sun, 12 Jan 2014 07:52:44 +0000 Subject: [PATCH 049/219] Update OpenBIOS images Update OpenBIOS images to SVN r1246 built from submodule. Signed-off-by: Mark Cave-Ayland (cherry picked from commit fbb9c590cacf1cefb516f523427a920c2fe8c135) Signed-off-by: Michael Roth --- pc-bios/QEMU,tcx.bin | Bin 1242 -> 1410 bytes pc-bios/README | 2 +- pc-bios/openbios-ppc | Bin 729880 -> 729912 bytes pc-bios/openbios-sparc32 | Bin 381488 -> 381512 bytes pc-bios/openbios-sparc64 | Bin 1598328 -> 1598376 bytes roms/openbios | 2 +- 6 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pc-bios/QEMU,tcx.bin b/pc-bios/QEMU,tcx.bin index a8ddd70ef35355c30d7cffd2e1b57f877572a3ca..eed108f3f164ef94c15c2b9a607afb60b785b59a 100644 GIT binary patch literal 1410 zcmZ{k%Tg0j5Qfi5Cdr?0o16sY4na^9f{EcOScNMu3m00JYeEJy3Q3#{C@U#fR{0Vx z!V9FF8Y;`M)151KK7&u7-6xCztK6Kw`}=#k=XTC7jL!%W`QSnL-_jyhNQr3kX`|Wp zAbpjt)~rg=uGX`McFC${-`XX&4AHnpm5r2$G*6oC{}ovtLZ@o*pAKcqepz-Q$PJ&W zM9HeTlzt^_Uww4Egrd62SrXjM19D#h$FP067i-fgdz9_W9K*=;IPIx$3}n! zxH^80BLU_n)Jq5tiIyoO2R#%_anMVF*rK4117UdRr+{9Shk?K{11m|v99xRXF$F1Y zNe^iXawd^M4!GtDTTHHUfH4n46x7%n4y+Lhj+u;7Kvf>bT4qS!>Nt@tCKFsNXvAd8 zG_*ApSed|@ZkbVST_bYLSIxA{geJ2=@%5niM$7Eg)?840Gq7&8%zkan2i8JhWm_H= z{oIKR{g7dq%FCow^tNyN7{wSCF^)+rN`)y*YrTdUt+TkHbq=?*&LgXJ7$aJH(XaIi zhO{QoqjdmDtqN&Y6?Uwb(xi#G?!*aQF@=oQ?!@alpTkY9^H|W@o!F=IL0r|^ooMP@ zA;sFAnD=usoLABP?ON8ZgyM7)cYGD&w0huD-tbU3rDchiW%`j<{M>_Q@AD{3)Z1U9 zJJr3alfkNgf|W;)`D+?jxh&Lj%||bmkUv9#vUPe&Q_y!}uuR~tk2S2f6`nnR@?yc= zc^8r@R5w+|N9edl~tOciW~9@I|1})3}ZPGb|~?bq*|>6)- zX{N+b6FKyeuj^qr)GgxhHW%YO<*-<*Iy+@)GWpD;e33+nL=Njmm7Pw-N6yRLJgj@{ zUg$BTd;BHgpWnBb)a-Y=j`gO~Ws|!cc5=ihiFQsdepa^hNk~bYk~kk(`o!v78uTIJS~6X!TIGUW zshM@VXjRM)cF`?Cvpk3g+5cZyvh4GctJ2Vej2Eq{TQUo_TT@n;tP8trnS~qIYFqk) zhb|xDvgIM-Bg7c>5oUxB{jz0fba;q04NWkK6PaYvO+-5+l3=3g9(st(aMT+_eL-Xp zS>Pzi&MgtCBH2T+^VJL^bn4@j?(SHjQ2t zEd|kX5Un&ln11eFgno#yNaaORNP4`hK87&@6QdZ1DI_M4RXBxdg)^8_IFChzOIT5u z!H~jk^eF7dpu!m93VUHFOd`c7!;W<>44SysnK-5@CNQb6GjUewc`PVg!m`57#Dvmm z3@GeO>{B`k$=I2g^K&Acmyyeps%e))F}jGnFQY6gS1##059<%KZ1A#4ALEvvdw%>e zkM;3d>ucn+a#3-zc;??@>%~icn>x1s1!}qNqZ=E@Jz|~I4&9}}KNB09WbFFb#!gG( z`1PwdEAHuaNXTf>u2nBiZp5&MJs<0L2Wf2?yV!gb1@TtAqctg`C&i*;)oQ{(7a~XE zGJ7O0vf^`tn(q6E@`Zp-oWd%49H*SWGpTE=LIxx+u6Fj88kfi)y3SM>-x)J=C9 ztj2gsy-=+$&+!Cmg8JiU3z3m K?1|A9_O(BcTLJ$7 diff --git a/pc-bios/README b/pc-bios/README index a110125a97..f1900686dc 100644 --- a/pc-bios/README +++ b/pc-bios/README @@ -12,7 +12,7 @@ 1275-1994 (referred to as Open Firmware) compliant firmware. The included images for PowerPC (for 32 and 64 bit PPC CPUs), Sparc32 (including QEMU,tcx.bin) and Sparc64 are built from OpenBIOS SVN - revision 1229. + revision 1246. - SLOF (Slimline Open Firmware) is a free IEEE 1275 Open Firmware implementation for certain IBM POWER hardware. The sources are at diff --git a/pc-bios/openbios-ppc b/pc-bios/openbios-ppc index 550273a5efa2feda0ef5d9fe03e6e62f2a6cf22a..f4a3a396c42ad9d83fc2f1582f74b0677a26a9bb 100644 GIT binary patch literal 729912 zcmeFa4SbZ^?{%LK4HNnkfSOvq1HQ_}Q!b{$t-}ig(on#WR zzukZP`TYL<8$O@#JkNbS_uO;OIrp4%?^rj_`lgX!i2i>G!i9IkZjCT0Q(TeyG+*%M z76~F(ph;4X!%`djO@ys?y$?t$^$ft

kF1M>q0k+(41tSNmrS{vQo` zP`DrYqZ|1n8Yr@Rulysb|It-3{^UQpkw2n=BD?4R>iCQ7?$0&-7uj8(^YM3nuE%dK zo3YJ&FkxF+xm%bIj@V`{o4$>5_>Wl9e^ynC?2Di4`7g3Be9p&z{&PP5bD#6^w|~yZ zfA(`e{ZWVimo@&6B-`?D)vWPkEGAOFXn^YNegoR9zX=Y0I9 zKIh{<`8gkd%jbIhe|7?U7~o+H3}avz1H%{?#=tNJ{%8!CQ(^yii|fs4Gq!!E@7*(f zn>V$uu>;Wt=9Sa8;pyzi7fBrpMRG?}xI5}addGg@={PRDorVZ>rix%^z9{ZoDCTuW zMOkOPSk<{-)N~#fk9Qejb62W(x+`Do=vpZDbVWsDSG_pcwO<_WIxdcM8=|Q@RWx_! zi`MRiqN5wZ0^Rk7vwOdh)P3AYHk}FVe~I}e3CB`%l>82vhI~f6sdnqoI0i4`6`ENG z@d|h@WxN8OA;v4<8DYEvo}w9JYQ~tFF{WmWsTpHx#+X_#rWTB;1!HQ#m|8HV7L2I{ zV`{;ePGU?aF{YCk(@Bi!B*t_SV>*d3oy3?FNAug!=8pZ`B zn!;Fw*d!;OX;|y6-f|(l5&UgV+f}j^uP+M``9L_LBZMyj3D;5+bAWqjuvgVN42&gqyO*fuE$>c1f!Evgw%tJ{S=} zap&=%s90PExEMD@oUQ}jfIpY{^oVUa!fy9D-J%AOSf(#Q)?pjjo6*nK@msu&fVByK z!sFo>{yHL3V|BvDj1Xd}T;x@xTjaTA+fj^n73L@^9EgKz_g1+@q)Lc&Rrb=FG~`9c zg+K?1fFa2&K)HOh5fInonQZ3E?-bC68?=!I+DHd&OsY*49?(W6Xu}KI$gZsyf!h6I zX6z zD$KR@BC>YBs9JkmtO|->&PL3a8!=yLi1|tf%bSFlFArkAG7n%}ze@C1iT*0lUnTmhM1Pg&uM+)5INk!popHQ> zgLt%jkz(e{@5Bgj5&@4z9Gb&ig*4z2--5X1pLetPs#%^MGArH1X4M2&N!2^n?1zM# zac1Ust__(Y`EJmdd%CbYB;7DweB)W~s{?7I7q*q-ZWX?akx8K05jzl}r@z0nDnp1> z_%0EF$!6+^ka~|?H}Ky01#{ep5ZeG*4gVX)z%T}eF))mQVGImoU>F0#7#PODFb0M( zFpPm=3=Csn7z4u?7{F0#7#PODFb0M(FpPm=3=Csn7z4u?7{F0#7#PODFb0M(FpPm= z3=Csn7z4u?7{P1g1_hRHzHjG9%>6Rla0e z+&$TBH-dYvBe=UecGorP%f55m_9whkdtruc^X_Y_G8ovmA9q|^*M@MvwaeT%E)-}G zDQIJ7o-LAmZjoSG*SKnP1@7h+X+iPe15+w(JFr(ITP=M{tq;0G%QD0gUxr9v8Q(&Y z6f}-aiodrTZ7t3T*xiK5SLm6aQ;2)CF~0DGkgf#UG! zt0#xY6@_AVbnCVn_u;;EbA^O+ruoFUkhyPSD4aKaTTX%fdXD=aY>vrV9SoG*^|joR z3M1E7=n(l0MzXa&VO!~6m0e$&{#0&h#!64PaC#`5G zhx&E7p3*|EXKr21HQ%ihBajxc>WaO-fN)xMMWHb6!DhW^fpC--9_q7J9~Su=F|G`e zggdNHqa5+%#M1!oM)@}j5zZK~ZOUpP0vpAo=>g%MyWRbDe*?yy@n0_0&gFd-g~9-y z-Yc^E4*8!Fh97roMvYux_|@&5Io@xR_dd&Zos%lqb5i0f}{8Tqll!M1O0xy*xm z!V~elcW#6G>v-<6>Q1`wyl`vFbZJdvU+GIJ*e+6$l#d?ioy9J#C~d)J-AHkhX@b zoxa%G;a&GKZ_s+_**SE*uuSZaW8nKGo(9uvDskU@nUL>zI+zws!=3o!guv5@rvuMK zJe_zZ;hCu0OOW-q;12y)R6TxkU2=T5>pd~HE{p7*)SNt|mj{cvh9#|I?P9GukvEd- zj%zV!{BBoJEIk(#%RKmd#4PVyy0ly@0d8bpfbTB$q4C#*K2osm)2w#P`!w9AkNex% zPLbXH4(^zDnv1RtsqdaJ`f#KDl26s`LS6r$x*LYn&DV94V`C#tXKxk;c~9O4_9t^~ z{00ElHv1wU3K|DnxVEj%5!-wL$%iBz__KvxUy^lwF9;7bR0hus3aPk6#^BaJu<8t+76ZUwL`}WJZ7v4?-tS2BF2uS> zbtHQCqim`pd0*5Ks4*NR{^R2En&Xc2yhgjb)^JSnM}(-&cVwb0=IXV@9P64qVUVAI z?*=DUi_wrp&b1poWzk$u8PW}3fiPQ7wz8iW`p#Ia$`BxOXPn^<@fc*=SvzEmo1nA-jKf+vY7lS zRpBvcjL3}tj$4nd@oPRPE*q=sr?5QN27ZqrF(%W4hGUPS;kO%Oa1E|M^63Ae{+qgf z1U#iXTHs0dK@Qd8$?wv_q%2>?^d_@n&Sb(!86KU0GNWv}G$Sdib~MT%%~yyrcLimc z7#v*J8gH+2EdhTANS}B%%stk+m-OL326{gS((o=NV0+aDjvMdX!B@*+WPR=&~zy*?&UW#Yms2%ie=^C(6nr zBZ5Y97)UQpMWqwDNPovBElrR(@~9S7gokthd8_DV zlPE*m-$I==qy@IG=%59>#mDh4QgCI-@uS`bwt?qk8aBw~7SLtZYz14(m8f?E>fNpD zsrla|mZDrT%8kznpoDvbSXk&z$U!f)1wt%z{$+wM;1IQ=!Jow6JnM5i^b@+*H;T5Y zwe;_g$7HW*bxGZVbj`8pF&P@B`_-6yFKC$1i+4TwkIoMfU*tpHa?m_@8X$Tkw(b?K zdS+t{KPKx$>~2}F%CkuFEsO)d1!U@aFe&zJ#RcUS0sBO0#MIJjakR}mJ# zF)|L$RReIMPYI{@#9%nPw_;tK`2%o1qU${ytEcFvG@ zH)u^H>UW2^ebF=KQ;V^mnN=}ylQ2+D(P(+g14Z^l@K>(23*&<#X}g}cXOLbRC#OAo z^Tp$u?%pi2Tenk21;uSB^GJr0EyrHZ-Aq2;kfGXWyDw|^SAK(b#^^Rro)&BeKBdlk|bqh12$FoJaGP+wZJYN2?z zI#sO9ZL-^IFo$`lgS1t-jd-FQc^T3Z^CB|6I#1wPFQQrZo%{glNm=Vovixeu!_%ww zi-)o+&8p*~lDrV<$^N?LZz25=e{%Di)rP1-S_;0`ROgEy z;N6Y)AK{sX=a2DBS9m@7(<1x)_7zY40`rl1wcH1966=EErqud8QA4`Ne){x^@+Xjg zV<&j#<0~qk!uw5%CzPM;MEY^0*C{!Z*|Oq;7g_doq;1w|Z{dB5RsJsfIJDyBUo!tW zq&=>UtY=`c$Nck-kHhU&(m}&UYhimsR-z+g+y1&P3TcNZ+H& z-j-c9;*+v+R|Mr(BK;*@KHnPgGT|7{a!79ky|(5C?Dni%P8F}1v6gwGkp7AqZ|0RM zZQ6OH9aQk$*sI1mjpKh!r%@+3tj2odQ4Q1lpqNJa|E4Z;0Pjb1nHLmpr)@ymdpdtB z-kWs(dWElP9RCS5rW>{VKeZU`E|z_463yV-(5G$$A0K(Xto%6ebDp?7t;T!f95vo) zH|gv2zFHvCeL>M=b`?*ys=VZbHCExjyYjGpqFK;4&?ncNKl#-ELz__6 z#g^axb;OYx`5At9u8e%+)Q^kov%4d|!}n%!k<9G9JQ)$jOFmC8gU(A>Mcq8>1QKR?D^L1a4eP;_4kL=vda^$ml0l;^A z3u!J3Lm`@oZ2`!TL9}p6rRO{~n}+W{pfWHV@W> z;Z?Nasa5M>$^%H#x-oD9_{nd|kDMi}-NF&~6>a={k z2X)&wAs=*lb}`as>HJi@7wdesX(In-q?PD=1Ml-x{*?1-T&JN|PJRpN^VNEpa#Z8@ z@}QA;2K7fGuT0gSvR~IpL!El0YaMpVcAb6$(yNiaMB!qJ-2ZsXPk#gH%aE>h*D1?Y zdFWo7jHSRI)<0?d^mLRfK-&FkjZT>ZSfD#3K8ATN$C^pXZbZ3PTaJ+)^!stH2lF>K zhP+!(7nuj~yh7p z{D^{O@&QHDH*7~*m7?j%djE6!5tJqUuTnUiyk61w4W$1^blH`<-+GkgoYm;E_sH~3 z#yX52d!xw*}=Md8^jEhO`Rk^oPL{ z)@i-3i8$PsFZbMOLF0-7>RhO!b?>P?-tsdRVEPbx(mlZOD=6;_8l&6H2d`b8|D@Q3 zZ_vW%)Ns+%#v*!)P7eq32-Lw}mcBy~MJ=~f);0LzK1M8qG{z>c_)ScsX?C_ZB zzYovC-wp8XID^u+;}avA$7YOZ&TbUF=91zsQx7Y9wW!ftHRo-!;u_dAU%rxhxmgL{ z1@=&Ck6@R@w+p@Z0hVDN%itUPrh(r;#dqnD{QfhLHB{%eoX z_Lz~JOKVfB2-E>KtND4qO*>(J2Fjd9TXLWLBI?HQi#=2SerVtRn4PDuLABSnd&)-4 ze*^Z1;DK1fDWoG{sB_W?q;IxQKMva)@(jZHBI*y|qHoZCP>rW=G3%qx1uRc`8e{_# zf14P?PaG^$b)5_iQ>wIqeh7LKcjSM%-`@9PI8wOjZR4IND9Wm}uPZhd*j##dg6G0c z)4SbUX4`ny6GxaY(1-RrsQGFlzIA)jo{X~V6+FGQ%4XYJ9iwUM_k?Z1)taWY4*c=R zBKzc4wom+{zxLQ11jWQzipKx-rB9E)SC79}kH0r={I^4%O8;G~kFTJQew@VhfxXs* z=1=3QN7{O6OBld+&whpPo)^^kdUg)r`!?|PLH$iEvRmGWwL7Fg`TM+sX`&~9zM42j z@O%N=Gkpfhc}>`}+JD>3{w&O^*H(KhpAZSeIdsT3y!(JNTO^a#Vs)91yxr#bD?&d# zfc>j2(ud@aME+x_Ta3IC((sVF%aOMTc}s@WW4j9mc$~)voRGJAl??b=Df7saz2zV0 zd8?*jZKRjN&$5y{kM;v^)yF}}6UF4^YHk}(#Owgkf@u!zLrnAqXrrAb_muH`iLi3b z1P$Xu;`dVff6g0m8M70YlwX#s>Lk35KD7_2acPXE`r8y;a=reK+7vy$xHeNh)uv(O zNS^Sd<`stFBivX^lJ{M5Y@&1dpgN*c+L_|(KsWEs34rgXdt{%Hlb$5%$fP5y+8fvx z6-nW-Gw5eZ3(vomdO>%7ok)w`;YrMEI`&+-z4sIIqgz}oo4-N0DqAEU>(5hj{P8PA z_D7>4b)KZiF;61XBE6mz%Z6$mt-<~62Gr=6~!ybI0^U)I6JyJNHyfWBEMtc%#{hlO#yRM^t(FWT9==@Xr4#TRNCg>XpSP1U&zV|yohC&mrm zr*AZTGKC_c)Cr#f(#&xFWcn5;)5AG)CIi+RBB+nHW=9_Mz;5=z%?dBHH#NM;zM~nK z!;0i$-wfOKo}^vN`#k%F4It4x=?5<1d(RM7xZoC-SzcUB+L`2lym?53;Byu52|29Q z$pOHa$@U@@z@ch4(JU{7@7V5P9oV1*;B{E5k^}j$Cxr`c4bj&W*l0IHmi61&7@xp( zgMJrFnnnG18sxfRd)4E>KVZ9CHbF%4AF|JRE9?l)8QnA8axCWdMtcl^D! z&3Q%J2dv8GKm=)lmsE@fc?tPl(D+3Q_nqO~&gY4%pz+c!Jsua~1?-RO_0~jsXCG`+ z(z5Z)J)B3ar!67RfqdPdWRg9{s!JBWJ0#DZxn@GYudUeIV($y57lkH1EUw17a3XfY z9nLK-h9CcV=Jls%z<;p{8pKBXl}elT5c_fB1Ncjd;l*o#E+pJ9cJ$*y!%4a$tf0Mh zsCz>cG^EEgpLux^NtaJjmqGp*f88hBE1$xgZEEJ6c}Q0n&v{=SXpXd9ojjR%gZynH z?+833ywq_}_ppXb`nxcXX`nOdyP=$=PapzZVqV>-3qK+8{9;hkRXXWP!!q z|JRkPHVLQZ56AE=ZEi>#h5WW6`*>S*o*1ohlSKLEt@`9&5~viC&br_=r9;ClhSwSBnt7JSdk1{GieBeQ43D0Uz5?tk5FQ;Y4m-cRG(2+h zQgf@ZuGD#1U&&UihxgJao6P}Fc%;V%{+L9VSg%&Y2DtV_^F(sEu+T-G0(pXXAIK84-(ImtFgUM zZ2a)Ir-08oAoo+yhJ*46aG&*Ml$R0Ka7Hm=sJQQN#QgL9PY{IOes7 z(2gAQzr@y2tE$s0*_wkYLC(j-%#Hu)?*uk>-I{X$N7w_ceAdSV{J+%?rBfx#}V|2Wa5eA zjo}J54G+e$^)vc-BsRvlJ~sG2pgih*?2>)FBqqhr1GV7!6ko7+F!Ka{az3(kH_oWwGD?NeyPr=jk z0^qrXouFqk;DOBCl^h$hnv0&R2tWBO=N|rE$Kd?#^MmudPiVYLIZa+b+BYkT5i8Oi ziLF0LmyMX8TG2iy|Ca!&{2UtOtpTm5%-=7W`OyqIjNtjS((r5KY-aZ??Oq7xO zHuMGXCbW>NMK_(p>#723TVhvZ`z3+cgX39#;SgzwYz z*%h<*>2=g4^>V@h{X<}0!Y)j2}5_ z{B(|F`>MT;x0D{*@%p9P>(~{;Gih1jtwYC6bu>u0q#oO`CWiCDwvvwfb$zMxqkdYE z-LX=^(-Ef5kM9Q*TpjmFxTLP!k)z?0J~))Qp&!1eTBD#H&`HM-+0~IjI7nA&9e2d| zj-K<51B3G~zNy!hl(oK$!nk#OaS!vbFH47Sz2Cm5aBy)y+hIOrWcnZ(sp?>y7hzM4 zm#Y^gj&vQ^K$WbCqk%Xce{rG0$;I2)k6GR|M5bKqmtO<)e^Jx_MM?jrm0UbnmR#tk z|A9IeI#oXx+RXCKx7pW_I{ot>SLcAP)9@K}BK>n-AG0@J(Dua(ZPvC^jE5EGCae$8 zVbFMP4fmSxITy&iB)w`MO_epEAokJcGw|uICbU^!h(PQjM)=Xq|(fu5<1k z)z7&%RGq$|b=F;?&Q@J#gR0Zv9RgcFZy&(pxn;Ueg{m`D4?5Rx=ZLG5qw7fj0@lb7 z-Ko7J2Af*5=f@1yk7XZqLwK)JS~y4+hk`pa#<1P^W7t;;<(0O$6`Ps7=^MwgT0w?4Q= z(yON&x@`GCOk9!O7Pv&+Il68E^>N})uBkGfN%^ENHXn$`JB<36AH~b!#&V^uKkC!< zFAk~SdI{KD-%#~i53z6X8=MQfI%)8_Ze8{1ep}b;dbP5im3*msJU=3RqI^nSdIojr zYp`E!&5X6F=&QA$dWMkW2OS!vg@MVE#%I7+A@$_enEn$dOIxqfFpMdwcr_PuZmidI z5;UGp9^C#XEoeUhHqsGnyLtr91QiyAXfq}Jr5ORKvxYNfgxGKCxX5*3^j&0s@<^eWWOWWZ%IW}E}jNq!81Y8-_L6}cIX;|Y`|!D$oM}gV7ZcVM=o@1 z2kpdiJ&MboC4BUq4Dhy(J7O>?+7U_>E83P3f;2*Jo9% z-T)pxeoW!v<27t!uB~7vtd?Eq;u<6j3J=>ZK|>#x>iV;}hnU-f`h^|`aS+acZN2Po zBpkYa@Dly&`TuxKe0^1Sc6?pNagq)%p$ndQR_0}R(y+Jc8`xXXF2lXmnMc;8_U>Tc zwW$gE%t?Z@O|4H&z?qW-oHsq6Yu^6oI6QKM499oBcWv9!h~$v z*J_R@q|@eBYa~qaH%v>a%}>bW9uj522iKpG@ed1yvvP$8y5^ZNh&h41Z|!)zOWP;n zh~^a8&C!~$a41{InXPO0!G@CSNwcbt2-pm94&dXd*qh*NLqf5PwK2Bz(+uZtV9z=& z3A{Clc23$CvSFX}mbdOg`>C|mfbYqC+LW~2RN6;qpQF85&CQl)vG-~sj`r2VhKRAy z76sZ&tK2Sa)78`m6|AQ_>9hCch(y>T6Qen>`{d$`UxwX-w%p2wv!x_9*LrTGjf-&8 zr+{(!Xm|F(J`0~`BH(v~#}&$RFO;E!dDp4e{%~7;XFjVfwnJM`j0YFlr?~%@<0PKw z>+qI;S;jJRJ~>{_C&yp8k#qO^qXTnv+8CIlCOt=|*Km%ozSC&`*Zn}JJ(V4US*`C= zHxLi-?MWVDRwWnLRC^>%N49&MQ&vhJOqx}d&V9K&zoX|7Ydt2tZKwBTb+mE&omyuujaE zAFopdjoM4qzgqE*lUM3?MzOw(PlV5k`wfmgW@lj=v=0!@82xJ+1??%@Az}p%OsT{= zfG>`D(E`}2CltC!lZwvkU(w^F@3fn=&i$^W^A>kX^iJ5{SHm^}KcUsf7z+^qOmZ)e zyhI5P>R=AswFPe2Fkd|wh0L>7H*@VJ;XSeT4zAr-cUB$)?X7_SLBeCd2O5{Y2$Yk1 zQ}D9nh46F2ex1y96Ey1Gu{ns1kMkPM16&2DyIRsn66qN<2Oovqtj4ri;)HY^@4JJK zi0j?J8jbOU^RUfyY9H3!@QZavv)w6J--)#AVa&ASp1e7E?LOh;nAY~VQ#dZvHPqNP2V!GW>!Eop+Saj}!mVh% z?Ha&$o8%X9xQVAj(mZ?$hL3p0_~>8YdD+?-^4zRECyTb=!=471?IXI+9Sxva!j8U6 z`tbr9VPCXA*TD82&MOM#3E;%*Nt3)3Hci<+zVpx~-{EggLHvGqst zVt2#0|KZwhr|U1S0$#dB|eXT{&m z;JJs5r=z!dlC$3NBrk*WJn$rF&CXf&q}hV=K#0SX=wjP@D*jyUREB*2ChHS7ujxJ(!0ywDc#rnTl2+jD z;u*rs^+bPuk^TN5*ghhX|41Kq6Lq5YNJZ-w`p_eFTz3~=&||?l8pDLGZ+9-r0Jip= zM!TJQQ`S^_I>ylL`=o8D@88-=ai*mN>*;a8oQe0DcwdV5WW0|?8(uu!`Fjn-W*ct2 ze-ru5c-{hhFz-9~J_6cd`BJ=3!gCSU^d#iB;{AT4W#jn(o=JG#i>DWPZ-QP&;F%U1 zBW%z|37_Ogd*wNS`%#AXFgQ_e2j?^V@_lk%&_+p40A~m=?~%J&pN5TQe{=zG|0vGy zV;oZ+mAHqERpRnlI2>cgA=UN?@%sI)rh4{Zv4g4PrfAApY=t3Ctw30Bur*b-C z#_)b(yPhBTTHe2h{ZMb=+N?nt@DVrQquk_N>_B^aD#2Uf*T@8a718;CtFoB<7xCGg z$79Cec|3N2XA|gmg)OM_(L11*>H2b=?==Fs7%S;L3;IyjEp0!_0*{HU72sk%X_nAAho9-ORGmUcG|;iTB?D&m1`_ao-!>KgD5&{PlLJ*#{N?B0>q?if4^UoME$Yl+On0KcGhTPlvVcCgMfQ8^YgSCl zg#4HKH}aBH%*lIE+9Y^xo@+86u_#y<$0I0L|eTtC_SWir}9PgZr6QC-wVf1-^-9by3t1>bvKON85_5Pv9}@~ zU*7Vwm!mAkiunL8h%e$0{Vp0(Z)$8zgZn!B71WpY&_>W8eC9xvz?>t`sh8U8KTWUadp}LDkL~&IwcQtuYdhx>ZP#C-?fJ2` z<$6+jC&#L6;ftU{V?7M!EqzUcaMV8sU3w0>q-~G$@aeU4b_V7oUE!?96YE>eb(gg5 z#m}GO1!w1=&LmZ*yJtw9cQ_}Ps8ftO9$n|)kUCrA%d41Wo>T3vA53dqX@l!^O51jP zT@Bv?^ySrk&HoJCOjY#R`CNQ`(B^khHyeGA|1?c@ZW+@5vdw@_qwD~GTygDkluHXdDcmTR#x}_NyyYE}BrYYt`}HH_ zo90vCrJybF@a5WvyG-G*<3q(yI~K||0MDoS=h@YODF~c^e|8>>!GIWhhnaDO+(WP1 zE}Y@<^nuv29hM~w+_!}z;`+%W`{hm3KE&m7{StQG%~cx}uKY*2=R!=^c$AZV$Bx+w zu8W5T&2g2Og?aud;K+wg{)XCPi%EDtfHs_Roub_++JyZenJ|PSQMZEq;%26E4!Cxi z4%@=hgXzL9rA-O*mq@=$yiR~Nq%0U}e?i}p-s0iZwEQgaR?K?9drf>k#_$sIN{}A< z3_AD?^5-c!=qMdb2N#YEhWTRZkhb4O-T7!6d+iI)X+AyZZW*Mni*GZ2OmVuEww2pg zk)M-Zf<}$`8SoxQpJfW(i(BK{MqlZ2p7t^(%a(GAG_T5@Zy5snIkd9~I3*p$$=~w> zcf8a?Zs5#>q#wjug8ree*wRl2TVA`rq1{llZPT~IwV2NHGthsa!}dM^zK-)2i1C-} z&}>sQWFMAmQ;zY+H5$K%_od3dNUPv!ecJAI{wC^Wd020-A!Ndy((ZroD_8pq#1em9 z`xyUrad*FNi8JHY%>Tf;xKN8dNGjur&E*m%tfk%to+pGp-hXZlPXb<+ z|IfJlMaHk3TRdnEs(6n``&EGVC}5NEA9(@0?FQI>{lKCB_5+iw4X{<$iTN=d7CK{E z{_~&_DT_Z|iF!9l+pdZ^OvO4%LyW2;@F>>MmWdei`PY$_ByEP@l=vCNyY7G=(#V$k zXuo$G2zhA)G(B5S)y7 zV(K0xz+X1!(C^0H40EUUN4*t#P9u;#EySth{fja8a%_FP=j2UAlRX>sdQ7=QIouy0 zvUOh*fm09r()AW=I(Ly>=gM za43(xFzjr;=}mdKj>K1>;`VA6c+$%s3<&ET?vGy_rSOILjdyVt;`{H)`SnLIZ|IA> zzux9qcCV;-Bye@B_0sER! zi*N3Ot>p#i_w2H`{6&NE-;w!qblqx{y;;Bi3hzFJgL@wU-aOo21&!4mdd^yb2j15) z+FRBBCh&%{TMtT^Fw{>?KAv56#dBrlZPyL(^loiuJzdqX-|;x^PdfqmxnH(f?^uO4 z-}f)%y6d>D^0;G_L_l))yBu@Tm+i00F7yifhoxvZpfV|<^S`wDo={0QcrJo*LDf#MC0rXu?}+H%^x z3mwkL>h{B+Gu%TEl6?jC8cY52aZl8WE*IBF(73-%o_#m|agOytmrM4UjPXDIH27u0 z4r^Y`^Amq2vSIJd#xpmtSJaWt!rwmW@(CE7(1*9`9Pd0BwSKe%>nyZJjVU1oHZj_w zQzTu=a_yvfoFxxc=rYc@ytBx|8Hdnp&INP;oR5Nzt>h2vTM21#Wo?wj`SegK+rgL) zBHuA(y`+!QU*PNJ0oF}t(vk<<|j_PMqHo&Gox=zQqYU9J@;Uc~&|H;4BPpllh-hEF`m zvhYEFZ~UOLul$l_$Ma4Kl+EN=B>WGbbF04pQO!Tro1FVa@1p#@=XqZQ$~yq_^dm2_yOyVPI*2YG}|b{YK|=O#dh>ZV>m`yp_(+#d$7LjK$rlCu1_Pj3R9q_8Z@p#0ZSrc}?_v+zl$ zTQ~<{<^9$*w;HnMc6GO|)-6mZh7O!y?;03YTQ=Q+;dEY>OLQGIfMhO>Ez91r@=r2M8n zzP8$v4t^tXi1S*4`X=h#8F`9KDu z_Yda;zVOwBg*z^%-b8(gIvRa<^b4>}j5iU!X9w`$#M4>X;t`fzT#PY_dnU9sO$2Qj|vaGb< zx&TiZ{EJSWhk%S83Eo?*=!-stE>}MeUv2-x=Z5z|KNMzepKqG`=J{vyNU}kMd?iu=pW_hj({(M z$868xe4{`3K(_6NPN00_xNjtAEL}hxqhHuQqqKc0TTMRNr0o+n7|das`7`L;FHS`H ze;C7kq96JL=G%M5#F7m&h7ofb8>v;XJLzPDh9k^@&vX+I;h9lP5AvC}j&`O01mkxH zjYt6WD9nm$L-z!&o2RUr^-aus32Bx1gVT3%PQXZ5SZD}qRk4@_dIbHzuP720I^oAz z9f+m5KuZSmH&=)WOUhwaio5$Tw)XUTY2sP#xSOD{Xe(pZW8(t6@T+cHqv_R2-AK*Nil;%F zWyBfexIm1=yj~-?q zn)|XE!H1Ikn{Aso$9=@Si_Dp~`HJVjuPe$M+O9K~Ub~!m`A=RJsZWJJyjr+HvobzK zD3?)#+uEaxwKGtNf&Jpy;;2=7+h&-SVi^~b>vw@+}Hho;Fh zY5oB61bE}mLUQjO{hHjfL#Gs*D}N5Y^ssQvZAi$qHlzov4gci=&q}oF(s_5o7Hflt zJPhABx3&Si>>G%?{;5c&Oy}MMYmI!KdPs6~ChQT5gai8&#)7#ZpOP}mu?8QKXaDae z?*pwTT0g`&^9ICcIOKiqiQ&Hsy26F|E-M0`HS_D{p)dOt|Lx!}A4%U-&^p>4qHTd= z@kgM)H%eX;Bo8AUMXKE|VP0{s?LmM<&xR4A>puE6G`J zLqBQ&-~34k`Uzn)ypb?%l200uqp;y(pG!SK($!(o)!&}scccOK8R#PTo{je4yF~m& zzkl-r>Tj6}e4I8-?2#Y)AcQ*^gV9vP4?RZSWIqzU3h+M$`BW+#D}MQl(8N{X`3E5r z{!L_MJtIa~u6teI+AXqH?0E(wTxwi7@PNDCh~B7T zQ_%M;EA!sT>_1X*?y!|c`SDa~=|!tShf7moP45VQPm7yeb^zm7Vb;fl@! z4S;t7rXD%AJ&cJw_a^5w(t)_-tqHl2Ba#j(@N^8OfwC60H+XV(_ey3gt-` zdtg^u?S?!ky9s@OE)b)jd8yJ}FJLV{c@_3pH6`WHRdIJKZB?W}n$M&co8{9%e-&4u9PZ&b%(du6xg`7+2V_DhkdL#Aj8!SJ>vu=5^$3;= zI}hWxKmx^hPb@7=$X&7I*2$zJl&SUCf%cQRw)&ch>&OPsdHIF+koUlppMf836t4l6 zO!BKI_lr!#Gu_@v0*yd7&g4Y4^K&nw$gFD-^hh`6n~5Jfl`e{xZ;5Ul-`( z;?L`Ip&LIT_igus&$ytwCs`ZZ0mvpN{R46y_KH~?A9;LGT!}pZk@5 zoQ@%C$2=Tepz=AVN9ROc=Ihr13hzKJ`dnbz;O)qVH| z{8L9q=KLZ2o&;!&Lemf`W_OiaI#62IWPCxcpAljOkLh#~dYL)49iX;J1k6 zKKgL!xL5HTL^CJj>~jatRB#Wu6ncnRyDBt&x9;1o_Aa1p%D_XM1KKZePh^k( zSk`Mr_V2c;c{yE$_w{_IJ_`Tl+lV3BfI5%K{Ed{u^xM7*ySE+1{UzJ8(GK|@^1Eeh z+N&PK@!iq{-_T;!=0(I%y_<^i($0ms;hxpSycYo%XrxWA59lJl>riz%zKr)Xs54g2 zRic{TkD^@rJ^{JIy&(2z`aTaS*LgmbXPm;LaL<%+Uo3vUXa zondbveQ3UMwjG9_aqoWYwc#HMU!Uv)9n7S^o_xi8X<`VlcqUdR3E;rvZ4{S*?hW&h z`mK)e^(FX?EN6B&<3`8?yOnyh~B)M-`a$ji52g{|AafJ zbC5p5wzF{0Rn~7n&yT{7djxmn96Ri_HXfnA?qu2UH+XN(4(bNU7-z`Zcu?{_D;F}7 zWx?O&{fUs5&;#~s7=maoP0!^_&SmBMXzy4d;_hMdLQFXE&foBocD;>qe~LKJ4k?3q z-xumv#EjgsgyD?y&H22P#Y#yVJ?d>aLei!fy`T<~%!=|UaBPh$GthKj5o>6=e z>l-%EH~{niluOWd=OPW(O< zo6h)o%u}oKg|5r5Jc2WZ)P=_#dYfge^{rep>2r_4mb397_hlWC2Z3+!PVkv!HF#f( zI%~fH9)R~LPsnxdqWtzZ3NblF&dJ>vpOl%PHSoiZdA|nC#GQ_L@qk7inOFz?>wWm% zH;7<(yk`#m>T_QKEYQWwC;rkEzMizccB_JQ?PK(LVqTqcP1ulQTft{G$vNJGIZeX4 zNwj{(eX_laZ9_+QaX$ooVv_Z<^gy6taQo(g!&nb%Z`SSKB-;nv{3hI(pLY6^=e~+L z1neAxgukleN0=9kq4%}^wFCPO>49`pWdAsoyt#6dClj`KtcOQSG4Gjrz0yC^ZQgZl z$oo;&o773XKZgwZ4c0hgK|WGvJire~D~#djj+h<~>qejlV-2RUKIJ#-`vQ=oKZkz& z8_>%~)OmUlfBmESXtu}0dx>?QCqVznv}fpVd7qQEjkf~6F@)U=U;Vb<&UzDTJf$Rz zdDsw73(blaEUXzx3y&^di*k?!ZrIw=Feh%d4O~+erb$@{oM7&?KaYCUy2mTu)o^Tt ze_>k^{jq7#|74qH`83F-TFBwraOE-39QJ3R)gyYXv}5kw-l~p&BR)7EFS329pY_aC za_H_QSjWnrAB8;*a-atCSjtJv9plVu4fz{snML-RFlmG9C-M~bekd0~nJDrD^tqEa z!?p&0bcWAu+gfH9YrdMvdDHp#P-kTy7`xg7Nt;~9yP&P@tP9#qmU;x_9rpW=VUAw6 z4oRDrN7*y~ZdX75$p^fI8#rW}gxUO^iVZ2UA2}2UGyNTLaCSuF;MDh|<9CfToL;O= z>#q<;u!MfHju$Qsb0=)akDea_Gw8STIAFe7!>sR4yNmZ84#Z9sT$r z4ubX^9E+w8wD;qYu#G!>+2V4`ggkA*egQF9mVJbK(OB$xGHtSyYvAdRaGoe%K-*{h z_?=6{wS=JK(}sdQ(T~^A)?=0*@#1}DcwCn}LuXY(-Zm&(p2UB7=K_om`+t#1dE$*= z4ehf#Xxqn`69?B+?Krz*?FV*G(6}vQ?XT5d8|CMF%cPC1#P`)C$XeLDH`vf6Ax8iU z`WzG2zdZZEwrN|BY)3y^?T(-^?;Y;B$$x9{T-zo2@D|W5{52J{drJAE_xKL(`xP(g z+o1J=MC>nVSBDG*F93az_PGwUZY2E#gX4Qwuh(;sy>cAt*>*>5p4~xNsQEw&?#^>W z?}TlARk4)gq(|VniREfOkp3k23@WI54ai3w-$~kpj7%Xclzo(0gh#E(A7yL16KMWN zHxXvQ9#AoqKT3_}+C7|8#&SS6?XWflrEbJnO=&mge%zRQfa?uw^*nj9TH{M%v1anO zABkh)sU`}1)sxpg!uahp^E<#j(x_uckWRP|r<~$#g1l8cqo$vCQ;!6F4sNG<0d#7} z%10QloW|d~mF)o@wny8#$~rUxNpEdx8*a|^K#JUc)gzG-Q(T{>i!q59K4plJEub6D3!_QS`m75}Byu$=$)G0MN+KC-g6f1fiC za>HS5#6ALY5j-MbJ%Kw+VVCpez!p9VaITU%abkGX473S5{a3MWHeqjrydrz`hid=z z!}Z8}R_|w?hD=OGA40F2Wa=9F?#o2wW05*8aQMRo+&iruhp|D&U5owETF?v5W~1$k zXSl8<%^QnfTUzl&yC1*Qu{F)gy$a8gymw;=I&P9#Ju$Rw!WV7qU0nWSU$p1i;`+G_ z_&X-9p8`Gu`66Ro0lPfUFZT}g^ZWp^NZJ$nAUCLV~Wm*sNq>W0+!LxD?g|plzB(L2J-r0yh&aeKqZgT+gyytX~CB#~Vr}tlS*|-dU!< zZS>1EiFr6bWdmdd_7wShZP@DJv)pUXyl=b2agvM&sctGJj_+%cX^DPY;hp@3_D}LB zZzF!s_t;3D5%ihnSsAAdpB8+Gpk3@4IA_GG+{eV`7IckyO!B|-MZ3gOb68}r9A)i= zY-0SLoUhiKlCxfoN@SSnboDTiZ8J-EB#%lU+K;w5n zmK2cQR$Z-dvP$X|pyxfXRq!`9+-ly-O9-DAK3Kx*-JB%ok1Sa+GS}L2)>UFEI^(?h z8XPUz(^`Oq&Lq+DqGLv;&u-K5W`>-huyj?r~p zm#*7-4s)dRsd~s8$PD@$0k@2;0PVq6i1`Cg&fg1r1Li`_OK&(v_n7wrNw>(uJJ&sQ zi-rAXRcL3Tevk)UANSB@@|*fT?tK8SLad_O$+^ef1o97et23712M>KAtIf9>>$Qq}+Iah@V{Ac0L^&Y9Cg1v-XU= zfSGtGvVZd&)AAxZmNCFs#^0>RUMHP#O0if)>vxD%oR9bzDLd>3r0%}a2-W9O?=c8Z z65hXrJIxdFA2Q1D&bvy2h`%erJ7T1aEASr7bE7W-e^(Q1+kIlbzYKd^@GZZubB{l{ zb8ptg&R0-ALEE^W=9;FDE@;fYN$PBflZL!;K~5!N?}Gc6X|Mk4Hl!sn&1(2dms$Cj zkR@M(Z&b{e^&Kyx{;c!5e##~4??l;jmQ`_evkvu_MVr(+*%$h$fb2@5|3cfv(?Juo zqsYA(eCRW<-UM++8$>OhGS=mG+9_VWndut;DppwMTfdh1<5gbgA(Xuube+k)G1Ev3 zXq$F(5AJB-{VSlsI~qxAe~NRqY{yq{D|i9_lpagH9do(}XU!=$=0`{4jtVDe5Pn^x z2k_(_x5>0~gbR}=BP|nYZagR9`NaU%Q)%$6U8Myt-4z~H6e=zJxQ{k#;2C%JU&|-# zm$yp46LoF9#-;wE=+Z7wdYzq5{s=rnPRQp}C8KQpJ0^CjF;T_W*F17#@4pMcm;of7pbKNk~fyr~G?-S~Aj{)a~c~A}MR`Q_gJa zjU`Q&-#c6Mx+?Z6*uA6X^KNqdaz36$d+ z$9$gVd|OpbEPw8Cq@!#zalr9$Z1_&2><${=PVS#m=!$AidlsrW>(S>7d*&$m?kP}n z+LMp?)rD%UW8Sz%3$aF5bA1{PsoT_v9yNdBoV49-5T`kh)~XLklTF}Bi6;DqtYWoVH^wQyd5sgav>fAziTMxX;q{J zd>DE7jR!SP4#z^?5`Q%nw`zZL*C>C>t=QK#?nL|*;xM|7(&kJ#tm=2+eyFpTBfl1YuO8$#ATL%I ze$Phi0lT(SPV4gJNL!4w$B-s{R$knNi8S2*)y4Dw(*KFHHAu@r+C4~PJQRGNMl!yA zvHdynOLd!D@qVQ$;{Z){T?P7gDBZSksxGs;$liBGl}VU{y+9kv$UP+Lj?rZfpbUL^ zXT9Z%(N5>IUhM>B!$DdS ze#cP$#x(gOzFqviX*``Q6BKoCk%p-+qa5O?>JE^$^>+fk)$f8qp6K`iuhJ{ve_(&( zz;83ITe|kQpp#<-Z?nI(&&c*&HFv3gm`6A{kNh1$e?#{bke_crPAAH~BjU2iA=HN+ zP5V#DtId5uhuptR`o~c}uI@@*Hz%&{ zb#ZlPEB-y#o4px0FGJf~?~ySukROKkL%FBNKI+iSeqMlmLu~&F-Cf3(lNS+B;4M$n zzC-(8(3p7$W8!(nX6jA!Ly{hlzLVqiJ_Y`EGyG$?zXW?5`TOe_1I|Ls+$qnnJZbNE z0(vCV;_5!8&r~?QVcSMNV6&h0uE3s1y_kY`-}b4Ae?9$jtjVxbA>wh#Oei&652vq*{8Od(&y(2Y`#>S zg}sGs`E4mnlF%Obv7H*%miR2#W4}v?I&KAfUkmGTe#{l(@QWO)vYEn8YA&E@IM>_N5o%#B{{J)O$>#MDpqhdW)iCf%L z#<76!hibv&g??X&a_RWSK2M}$4~VgbmT{gb8+^jH*N>CG;i2?-%)zDRR>dpa(yZ~a zxdC=k?4#%(TSR>@>!RPuIKuvOC_jbHTHX!&{7dzW`9Wc$r)3 zA<+3jqdKm$yClBNBKw8#&t6h(V{P!P(`f3h&|&sKA1T2%;#U*q;XMWKxOXezT>gfH zG`!<(yM#u>x$^xor1#+7v4eQWJ|rQ4=P2tW_HEhlcQo>jtr1O#+3P_17xFhc+|cuQ zekBoS15X4R5}>OYL402gx=%-565f;Y_d4*Ks*YFiel6?(ZagjA)pY`CJFNLQ3x~TL z!eeO<837sFyBqo6M*XLC{l7t-_fU2n(*G9e^YQ!+?rf_HXJd^q_L=c=WieXqf&90d zO|#>9#Q40Q|Bz$8qT!zLq~S2eQH{6~UC%4+M_41!0UwaM-9{VZ!#xXe%kL?kmHd zpi%_!M2zH!r>8s)o(vhKY{=b4mMeWLxV2^0IqxF#vMx++k{jo$!+{75)KocrGgpOtYHUAra!X+&(TThdquafo)t zn02rxLgv;)sS9-NSMYbO^xX-+F!qwPHJK*vy~S^zAZ{7w5_2Cj!yU!`2F72pjjmqA zF(-!a>9U*hb)` zgdoS`yAwD>U%>Z=aeYoge1U`G2pawy@cXUBfN3}RO*orp4~;jY-$wjqPHS*H%5hJ_~kI)o;DKob%l^iv34X zo^cXUKjcU=bdinJMeKFxbE&ln{;<8G*gr?cxf(qCXzpt+W}6C+IkTU51NR2vUOBZU zI&Ze-{6|Q&-??43e=XYG5MZ0T(5Cyo7BK>`_&f0K!kBTlwK&Y*T>w6ogNBk-Z18SF z(O$=S+?&n31)%K{JQGS>5~rZ$4)1!qPtncA9L^caXnoqe#WOKpioWXD7sl?6trPf*xGt&JB%++*7r;B~!q$a66~hQ!p7A3J zmX7U8_wP8PVaZT%WbGyl>@!9i=x>sYO~%+TFD23z@D6&zpH?7h4n@K0j%8l+n&{{r}pP5qj9+COC@?82~9Va{;3tI|;rn<2bqp!+=Gz?g>o z7JRT%P2_tFy3_j=GEV9k@uzxRvP7r~9Y4|o! z-<0K1hGm0B!Ajh-m`ootcpvV&h7T@Z?(IEc$B|;*70b03fFFteKTiu{1}`s20zJ6E zClYy1)!N=%9L{<7ZPfKl{tA5Z`G`fVc;{`Daa%7U4sxMLUt5o}4d4HrYibVG()N}l zqy>24ROX@E&-m*X~hgo_jmheJZ_ejHQR1Yr$QU z;McpL3-%e<8#p4c$3+^ztG~xRjQ90OnD<8Z?$`BR(Dinz^9s9mBJYs-kJm1TzM3Rs zu=e(C!CHz~KWP+MO%j&0Xf|}j1sMO=3*P3rOoWWI87f#)A{*=;>`5Ge zMZtj>PQZctEU=gI{jjQaglReYe5HVK?jJdDu&(;8j8Zk6xLL%NgkQoZX*gIH_Qw*a}mC$60I zQJ@^~*DLSJiYxcOd3*QxsH;2w|MN)#1Pl-~woy?gC0K%7;udu#lgmV)oe*h36N9an zu)$sEYJb?`;~Ul)W~PLepnjW(x**qlE3LTV>aOfpTY*rOimk2gs^8jr39HtCSi#E{ zOfsL}^L5T=k^!~b{r>v+{gKS)b3W&O-uLr9@6!Pc7uS0?K6#34FJE58_24{d-+lGo zKYt`yR%yIH!uwm&5lJ(8tkJzV3mOXK7=0ZaA|`k5z5IfA|BUa9p}~dFfHL}4OF7?; z(zlQA8?wHS5S9b6C51zUOK>-kS6KGSEkvpl;@M(@Q2G1=j%1+_sKOq+9ygs z752hr@5AV@CSKr9e6iBctDmOKR^)~Z&1>m9Cb%L7#WKIX6H#|M>z(dW{*&h*{pmXS zDr8sa6SSbg*5RH`AKTf}kxc7=KmHy||D>op?b%GdqT54okuJ!j52Zb{gcuwP3eiXcUd-w=CG4!}oy_^6|cNb5_2%?f*d8j8!@CePkcX)Fid0{l~(a?3xDg zxem7UU#Zw6q!0LUk4mi^a{mTPNBj5LarG}De*yGtx%&R6`b}TvP+z+#hu=DFe4DfZ z(l!8tvI7M*pF{KFH27^!l5K)~^Rn862K-|Q?UtkCf1rH9wjDC(R^|Id_OxI^$a zM0?-)i_xbl;L6atKl9$ylgHq7bzz^-{LE;db2;#WznrDFLw)rYp2{DT$IgLQ1iHY95|WQJaB{NM`M=#r^>OmqENoQFE)6_*%d$4idieDo!;Y}ZzkCWR?m!>8lJ7W)uwJ$7+Em;7( zq_0}#2@ZF>o88|*8fxh0KR#~Pr>{eDG4D1mM?bXe z$Lu*g@Umzgzt0m(ZAFB5JQg31Eswh8=PJIM=$q<=PM2okak0Tq;mkJKrOVopw^|L} zBEwm{oi@*>|$cj{j1JPY0KENmBbkA5z`^s$##e&_O{ zJ650ztkB&fxg9g^7Oc3BX4?@fw&CLxL4IYt708?wg#$&Q_XbKszZ#gHDnT!})9e*T z6SwpdU+rL#Vo%sT`o0_O-0WcdeO3Ng#`$9z>5t_szLgA)0bWI&in*h?Kf-hKO=Zp* z!15W4=am_E8CbrW^Jc_2a)Qb4^*f zNqh1;N;A4Raz*~iyMEXzc;Z{Kvm~!L>Ru2^@vC!J@+k|UFR9)5sJTVK-~axR_Ndbu zdwc$a%YKjULJS*hx&h(e2GV8wg1$X!`p;f5-vfT1ll1u!+MVO$LH^3Sf7nW#Lh`2{ z(Yl3`tR1?|9sBa~d3KErb~8HvT@PtaN)^;K^Jw_XZY zP9JC2Exe7j+tvT=io4NGHuj+ZyX!+GdHGG>MBbPiogVv#=U=6)Qb);L*<|4n6i# z;%R)`@Wy5K?Xh5h%?OYsrFALGZUvQG3Vc*Q3ExJ;mUi-yY#Wh&@Pi+@C0cuTlu6bE}9c;8JNR4_<1(1c{Ssl zuX@AaiGO1#1%0yTnSX%J)Y89%vURi(28BSB@}xnzzH7Zd?v+vZ3(&hiE=|HWPv&`lY{-(I9)R`+vg9Y$ z>Vc_7PWdll_*6x(1Hr35YoA8?7<6rn?v0brPAKB!=uEE8;xY$1FRPeDuJ&2*E9li8 zTlT)r-hJ2&hU`Lj`F5e()h_yGUTSW5;kwt+%~#=1!8uFGI$9Iae2w{(J*e``dYn>k zm0#~gvL$NVp}KHG@(_Q|*s~KM{8l2I&!hkBpF08FZw##{4c>=tzn6FjBO(vRN1kQk zE+R|hCDw3OYm@hi`k*nL+>i92j(BoE(z|Rw(mVfe`w`nwZ2A!UaqWYDMn3`?YjSCL zAutUb4ee3ZbesLGqHvlyKvo1F(HFTJ-pG#whkV!rCI_A+K0ukqnOqre5G-n}l1IVc zr&Yh~)uEAgK7oA)|Ft~9e|*HHy7!<^XE9hWSL?oJDF%6L$qg;sXV?;MZTQ>3CCD{{ z>*mAtK`V1!XXI9`x!P0Psv}-jp?w}#v76-oFmDrS6EAJe_-1C}cPej2RyOOv{%3T{+K?e;-&Oe6}!@xSKOIi zqBc9>|L_RvH+z2KTiaH3ArqjdA-^m_HpDj19>E@Gvg~?_k5cbl^Ax_?I-5s-(l4tX z;-ToA&TYOdxeQ;c2X5W$Laly)GyOkC#bSl260R zd;gIbT7x9Y> z;9aG0@oaEa1K^LLsy6HvCYsXXsJD4ut)a6jrhV1oY4GX z>q3rLpJJYitsF6M5IMry`nCc$MvmBUGx?2fYszee&wj!_xM9AnFMV^=JsX)|V7K}> z2#=<31B1NGuFt@R_E~OPdp6Ku;b|kVKefHi^?1IY=K#+?(_SaCd?C;Orf295wjuU( zPg>i7$?awCe~4Fb_NEv3;ogpc=QJ04-JC+jW#OLCnc=S=Tdp}#{GE*7F?f4!IBCxm zNXOxQbbA=O&c2eZ&$%s24<7+NER-H@Xaqj4vh~+{|4>Dr(82q=puZU%d>J~pkvFjqedE+qgE7CH0u53K$yBn9%Z*vzawCbR*%e~AuX!*u@ zq#ZMQ^B%^+IzbS6b;g^D*Re=HE#To z7l$HNMvB*Q2L9T)MeU=Uyv7m3SI+ppGYlQI4cRUqTAP<}8m1=BdZM+dG&)sn(uYpl z*L#p@`xaRprcdW7>0_U4Q~ch8&d?_vEDxTrFsqN3W%V(VxTlAB)b9S+j<)+_dsYKy zZh$o~at1zUfe^eTk-ThbV$(B4$Z`cu_smPj0}WG~Hbtkd+X^3Kz8j~^OE;E9r*>Xv z@0-$|NcgqzvUS&qhBeGHes{nUd$}(I8!z%}ZKuF7@PO@f!?~nwU~OePok_jLSvD8n zUVG;u%kw@SvYq0WLhOdOEX-Z;mgp$;OtUu9>5DZk@zO;5e-y7F?>P#1B!jb#Eb48CceFBFM_=|5;k(qk- zcA5CRrNHL1mImvNtbu(7&RBnqL+x<~a3SbbuNH93ylqH|Jc(di`wU7%b~~cTsKhJ!yI1^e}4Pea-D%T zbxo#zzs=zG^zY+KO`Y1$>G`kfH0@Dm@a>PEFzuOV+SC3Zd<{GP2ci7aAJ8}Zd~CUV z8q{tFI*FkrYI}S7MEsj-chU~>F8Pz~+P%j@jV1WDt=m2$3oJ=5Q@x4TX0@t~b^EYQ zoisjgj2+*kT8)`=eQ)Q>;IIjyp5 zz$d>Y{w-Xt?#2(lgl{#cwYDMqw$I{R##(17-#3M3VLze{jh%Gey|CObms8UnFy*9w zm_1y4AHu+H)E)P(-et?zH{cmw1GDCtZ_i7P$S#xhZI@)BQ@@3K2Fu>1y$WFFY5I2~ z{dn}x>0hcu_AYcitAi~w{l|t{vn}$8{?oq;|3u%-8L3nIXUA1|;xqc5<9~nI?|T7# zH-2BH@ANBcZf)NtIys-#H?2d|E$sa4{uSQ**>hWX)o1iC*I$>5!Wn{=e`#$hUN||{@&UTJ>?^=k3w~%VZy?hgzuw}&q$8ikANW2; z^c?!k-7w)b_*a$?y8`+54#~fgccP+~qODQ)jB(;~;QshbT5y}oe4jo?HUw-W#z#al z*U5IVx&9s7lhzoUMXBQ`{vNjBLf&1)xMB`wlg9laCdOs1(o*ERzAWi<^2>M5#}K26 zbn?lbUueGrpM2-r*v|89>@|O!k-a6vTLxFa?I($Ab4akI7-!70>=aHoW#m^UxzaWK zyLO8cOI_<$`g+TKxaJJw2;6o{xX?_yyBti{RW`zHCm7Qwl3m)voS88Wyiy zFdbc?6yMN1{F3sJ&6kN^YOOi{{#Ue}-}HO&%FYF>Wp~sqomv$^9@@{Dzq#eX*b~S~ z$l|f)MkCMYo6@my7R0(|S{aA4g0Z%*7j-=8Vp}~qZ?N0*l%I6+pIpbOc~fi2cNu#D zkp@#QWd}mv#Lw*3^2of+PT;05L;qIeNB&*o*H)BTYUITvI3W9KacYUtiFCiYTiFeM zY;(rOw#^U5=T2^o&vl;b7=g`qZF!_~wp+=bPk!u~FSQ1LfxdS?ey98K3H}k|+JTMn z%a<1=Rxgx(RnQ5|qVD`o{wYp%?3w!3)KraeNOsJ~eesA*Gx_!tkL*d;$Xn>2M&^o} z{ob7QVdgx3I%`*fUnVdlKSB8oT6}hIkPH+1APj8fyxEz`xij_xG5zLW(R$_O3nxP# zyPE2_zxnd|)+?7L&(p8U{mr#W6IX&b2Uqc)BbmbLgCEs}YP9#AS51uif!fWZBC(s` z`7;R-&@BaXU#x6|EpY5V=kv;j{R!026(r+IydyCrh4u+eZ9Qsngb2-n$HNW(w ziaWIG?D;S5v}SyyRdy_Ln;Yjom{$DA_{7VL3{H+J4|0$59+gv!(zOSinJb_A7y9x+ z`yKmS&Pa&Hac^S@x_5y6!dkbK=j9dMJUhTP&v%~=?I;@ooH%)RobHTgE++?HLIayL{z++-cVSL+bB)QE|%?cmGCy-H#ie$LoLBTD#lG9d2ljjf-t)SrvB} z%yBL=&)49K%$a1hn`x8wjLpNeb^fibr?hjUKPTw-@86t}*PGe%laAHGo{Mz43=U?# z8-1?%YnGlQ!GFd=`HPsx9N~fgK1p%uqc-R$*n)`55t7ukE(SD&Rl zL(*jzpDoy4sqt?2Dp!7G9qSGrEOPP3IQvEY)_ZM-$Xj6RSbfaa(e|QW2eRnuR}D>v zmqOG3kB#ko+pw&(`jvCm(f+N+l3h7#veFw#do@*?b6Zy0qQ*H9c+ss-u{O=fslp%h zlzG#9{#>lQ$u4)X;F$JqATNG~^Cq40z1jbM6W>=bmp*MdYR+vMU80RELHD>gcj{9Of+bcT@J+)PcUbYV~)o z#;4iFE1$h`f&7i^8IPztGIRGieR15CFA+QbLKC0xO^r!o3AVj+w%~5%e$k;d$C8iZ z`?1=N%!b@L@(1)nGG z0W>e34-YPceqG7E2*_ofhpfC6hmM6V=Dv-??hW!UOI?oqz&%VAFFC_H>)abEE`&CA z8rpb+{6D~@EckTB2D{wlR~lQz_n)u#>P+ks@hir5S195PmwgmlUa4SsH8P%&AMq0* zF2i_V*DY>%y0D^gu5)qx+)Ig5fy^6qZ(v{i1;u5cE`zUX2OIPktX<^$*GC?7dckk) zdFKREu4E|u{oU4zi203Gl(@^qAL_k#S95P(Zdmi|(1(h_xou7Uz4tWpx}14!)f^Ld zEtUGZ_jJl-Zi!nOzwir1$)7ME(MT&aMz;MN<|ViBE6B06Im=^jbJhr+7CU@JYw&&M z`EAO~4Y$S@luVbs{Em_MA9sGi#7wLAjtmIKDlTU}?=bV(Is|8joS}LAUb|pVJOti% zBlLQFs?x^dgdP`)Kl}FjLD76V=UfK%gnZ*GwjG}Oy&vL-_(p4@ml!6sn*WbPhnFL}XYNZZK%Qss!Fw9p&jjs{ zBGW&T)t9sB%QD-ScWzhR#Gi^&#|@e<&6C!Z`JF-9GT4rDtL%J-2lOrWJ7V6p`+nq{ zM@yaSIt{{O?n$~n-*t3P(mLc9{_?}$V?TElTYT?HpIz(-CeO) z&Nh9b?y0^FYN4t70Ciu7PZ+VauFuawmOHyBKA~=U$iZ&Fo`u@rmpMLsFe7uQ4b|_D zq1#G9Yj_Ncp*5-V@DiDA!0B^v!WOULC zsB5X;t~tX`pZ>fv%ERv;RF|!1#CxJQycaUhoC_cE zmS4v2d+LPW-UQ1Nox3x2+V)Z}qjx9m*ovOc?2j8eyKfKgaK-Q6*$+Q9zCNla>gE_Z z$i}}IY2sgK{_4F{JM|U%^)1iXWmHFUl^aO@&@D|q;ZAO7b1qK4;ZAMX?p)lkpTD=A zivi1L5j}+;gXb->_X{$6<;;Z{lV}C=*A?9EJjfi6w07*&NR8Lf5j%(foA3Ly2K8R@ z-BZ3D2yQ>^QNBSllFtwI`;6|)JY@U?)c<<#537?~-GIig{zo|)omJ+x&nUCtlroQH zm09S|kJ%Sc|7oW*H4&SQm3xz%GXk!>zEykOQtA1tJU6oHfaI&xN8EF(J>dCG_rrUq zys!HLbRPGs5%z+yb;?#do9A+#b9k2TeJRhmJYUJPm7@=^x8CObTX2WwC*j9;aggm+ zXg&gV9Z$bczgmmT7&VWg4}z1L9_x1%Y;!+PjBM$p4p;dd*Zv0aQ%b=xY#3i9E=qY& z<;0tmPX6;$ht03^UCI~Df}hi8-dU1v)*K>kit*O+=!T7!2&$%8KUw~{BtZX8VrIK+FPT{A*d1GS-s7PsfaQtUE^3^@hu*+$%o!4%i`L=$#k20E zC{_$yo)s^5Joi2XcpguDT*ip4$CF*ao2ju19~tWv!0I>nR-iS~x>-HU{Z_qq@y!}L zw19ogG3yO}{RRAMfv5bci1xkFS*Dcd#ag~l)RpUulI>{CQszBt?;HAU^KQ@Noidnr zJ#- z`13qK`pwKCd~3O(kI>~FXmN2(x1q(Q_1-Nnil5kZEPNNA5bF3&iFw}wZE5M9OW8?U ze=8THe*rCqCjI@qtTcb``|m?a6Rog$rSDKjH}>fg$?xVD`FX|de*O3w6(nfyDe;h~ zTQGR8ZHR~8V&W0n{uOXe@Y}0T8XtEh+CF|KmDL}=k1NbsH}yr|27SBQ(x$&bWFh*} zra2J})VyToLj2XrGJk(aupBB2KOj7S9~Bw8yuIKy(c}=ee$im$OU_-7cvfviofE5r zDaQQ-Iv}!+Xg0BUHrO$qwq~%sF817+`x@%C<9la+c=sXs|FSNBf0J}W@jXlXSB&=Q z(|o@Tb7$NsZCvDk8-{#Ts&8gaXkYy>J`c1RY%92fv12!B&9i+Pb@adJ(`&X*D_%Xh zPpvCX?$hzx&G(bW{Xe>FpN{Ly_n+$1dfTV}A%9q4Vbs;&Q^Vlhy}pm2=0022;tbzq z;DUU=F4H%jpUrySm-TG?Ka5`{Jk|GgAim34%V}qRY%R1N8m{)@bFRQoKQG|(#ZSaP zUUM%nM_X#UdApNiby#n=+FG;68Ob;B!`tbcfr}2(%uUJE>Y`p(-&NO;Uu$|X>r}`YQ~#VGbY&5I z!R|GdDwbSqH$1WDj5X9bhqx)~v+AF=Y^jqJOh>RwipMd&z{Xc4)5%XVm-|FNfAA9G z5fO9cmyD+;@mfz%F}DO44J~7dt(PCntPOPFX_BaBo1)QC~E_ z!>w;%|6Mju|Al_L`UZaV$NluP+AEz!S{rPF297Cj)|kF-;M>FDWNxp%)2|?M%VjFJ zaioj9JMgZpW8f{HE*)V$8yExen!Mj!LM(pb8b0TbUpP#BhW=r;OkbDZALgX5oo_iq z^Ux+*=7k3QqqsrizhikYvz1s8A@j(#m;zVy4q&kKIz`w3oW<(xa>o3WnV&80e8DB>Abi~XxDz^)vmSoN{Hp)lD?0qI z$Vd@9cnH?X}|qe~MERx!*2{9`~c;D>F7#$-Aa6n|p{Q6P=Gg z?0C|Mp?p|z)PbcFooXjO<+%`gP{B=8Xy<=91^ze+>{@uy3o8}F=OBCp7zfYo+~?kD z=YF6^?E>F{y{R1k{)n7X`CN!bh4;87)@syw|7OK3S+~W_>#TP3!KWPdHZ}hRp@50~ zTgi(V4XP7wcQM*Lmr9v5+~XCWzuVr|7}`P<5$f4 z7`-<}&2tg;JQ$B$IhA}5^8ASZ{7CzC#=eomyiVng%QS15TNOxni||cl&1Wi(KEF}M zI)UFHW8{7}rRQYQl`j~I;OAfB{N0A@oLu07SoGE}M=(HHmwNL$UT6Q?b0VD+oY}#I zGYomK8aS97b^dU!=8`<}fer`;u}_>N_xkpoBK)W_bWrDYnxStyfsKdFe4-B<-kfkA z8kB1dpC4Fbc@ldu;D&Sy=}wYir8{98%Io58Ug;?Dx%laRnvTLcNw3*8Y)D7>zpZOK zbv*3X$C?|R#ivUT?GatFwyXxmn!~tQo1EjRQqItzvkRZ_1tB(kPH&h!Civ&JiXJDo zqT4yWVw-b%n7OWoP74Rnm*H1`eAm#mJvrmUo83I&o$yb5C+fU6E>+FGitwe4b52!m zq24#1>z>hA_Ooi<$FXlP&ZpPNksqy=e!G5=lfSGT(SUNI1IvhOzkZ>Ob!i{Xkwj6MVf5TGcLE1zt#&lV4?SWRJVtZ_nJDh@LbYT6J}XMyXBu zF>)1UR;@I?q$#D@cK`GC&uI7Dp>~~D25ICL$MQYqi~X-1^gmBN1eR}oxPkX!vF{AN zw|~3NapgzPSOfUdS3@V@p-z#Z>$YFS6>(w>an7OLzfnGN%MxpQBJpdk;M@dsc=H>r z@~u(*jMZ)0F(M7#nKSjmKhb2$>;4Au@$nkBSu1=pvgvdJ`fTUnLsv96am!)FtU9i~ zsjT{B=0q}rS&xry*7(6om-Q;j&}Xwg#L&ykJ?qdWm{FU+$wJ_z^wzjrYGLKbTcIj9 ze9r*yjP;&Z-N}NP&MLS3j@|Ceja6=NW8A$3d<+?Q+u{UC!8~=Q4fUi!IK_lbJr> zFh1K+=SY?MXX$^x;g`(iotbjluLvi_FOHlE%{d2tVaBs@3*#~Sj{Pf;*Ck^%XP1dO z@4Q9+Ny-ne$cHDD^RC~SYLD_km0!0AT@0BYdE!D})(%ubJ5Qyj8XId}oT4uA8PQap z3;2y1e(CftLI1S=_l&isNB5hAACTS4=*3&n3t9>`cOX;OdoB2Iyn7(HRp$~jc8m9? zk)HDN1~>!8S(O(2Io|D({u^xTt+lYR^nmPW(oy`gOosj{Rz%b}WY&_kDp>WJbYrh) z0{5-M@0w%WX{Gz2kd<7YPPyd6c96a*7AOAC?w42kZBM43+v~mS?H$D}{ok$kzPW?G zPL=#+b^P~9`|B4)_t|@V)h~yitj^;9^=|5Wj&#{W%A-!-e4kdDIJ~}YwV3aUA=fG& zZJu{mBpnl*h3AJ?-2zhLPhG*BLnEDvh*Me}D3tG1K=I#*(b`J<#o)@1f7+V(2W+w6 zs{H%p9|!FC=cRHNCTf1s8tw+)uK9PtkQ0v|FN$A%tcbER@k@4UcYD8qCYUmb(}=zC znD;bi&~j#s1n+*5)5bGCoZ#lIYjhVt0WvM;;oSz&1aKl3d2xNJZxH_ip| z@4S1y=ANu z`*T46o|NeR2sqej~{P(kXr@r@g`R`}*uKKq7@8|HY`tH(MJwv<13ud^d8@--i zfBuHAY2H2B09uG_g#>BTB`KQrm_|NYLd{{c)hpjLAur}F; zy$hP^7EZqB2hdIGV@}F6?~G|GV<`tlXWsMwxItuq3r!n)`kw?pqANdsbbccAZ${}fbj$^yd;r@x7-TR!UYns_x2$=f@`f42S zSalD7-TZCik8j~yzV}Fn>zY`c9VzD_;b}*gvn?Dd*vp>4BjMeFsjR`h;o|wftoY-# z`4unCKVGrx+J@?+;%pZ@UhxfhM6(+cUe|l$=Otf-2PU0BV$v^K#b=_<2g6u*2if@{ zXmn}Qf&9wYq50E85okpn`|c0F)7rEae}nNAMe*w{H}PNaEtrgcafCA4&@tS2nerny zUuW$ZhSpo!e;K-qx1k2x32h(;FXFG6zlS-SC*IH#ni+n8a>uzVq;%Z`r(xY8r}Pfb zS$N0m&ip&}I#+L);JWKP=K*44bZnU5Jj8Q9`Jvf=h_}~Ry9BgnGBiGiIG7GT|KTXi2zaFO8n*a_w)Py9nZCcz%osabSj z=`ek-_ZA;OZ=9UE&WTnO9@06HHH^#U_cp}<;&(k|m6n5iS6tP@nVpo=0j%Gt`RDtl z(0c{!ng8_)`D!BHTbX~0v!3S`^u7S}6Fg_W!`vl4(&*v&p)m!IB#+tt#^1UnyT5fS zzr0TU9G>a7?e7vlX5Zqo)Gyt;N1J|ZokOnLf`)LW6&_&5b?6#DEs&M=Dl(X{H7Mo} zbJ+k7+yw6~6b$d)=iDc_4L9Rwx()aR-hes5?6Gi2Fzb9M-emm9|Mh~_mRoLhY9dZf zxEnsTt6*<_k4eW2@6}N5WaS-m`Fq4tL*r&xf-K&T;DKf!B`9f;FR8&^O|TTg~rn{7&MxgTFiZTdy(myNSPT{M}pcePNi9iIKfkuk~#y z=ns|Z9Q#@onu(WlgP zgI^bTdfi#Vy%4fc=skm{w`t7M?G=|R)28}GJmEF#7C9aD-nDPV!#^qN+~=t8v=Mmz zlWjO(7;58M6aSpNYskC(lX(k{`gxHHu5A~-hqnQXzbe>|ZDNt+Ddu?-&n?JU7Vq)l zj9*0zt5MFAnoD5ogV0ED|EQ1qPkpC#2!`IBXZ*82f%}WEvM|(quEwf!1GMk^+`TnS z?a_7??!UFjPs_snw+>>fx418R-yUy%s?yL_H~jTNCwxne^+6;Jes>x2>rv5%slVN_?FyWe&6iiJbVXnf;*nD z@~F!Aa0lozHOt9Mv=JM5lUp>t4gc9Uu>ZgMrB>3N*w4RE6ni@`y)pW;YMtGP z=U>s$zpZPcbN7y}zG=I=&BWGxzqz1TS4mtlnnzQZKnEhX?k2ID^9|6zUPwt%? zYzsr@t}HWn2R$?KgG76}CD(rAKqg)1u)#-o;?<#~zxSkXKcy`r>zuUTdUX*n+!t~< zZ}l1e0lI_a)IMu&fF~2%Shk^h?+kON5O#+G-QTM_eHk-y?jI)muww1rc0Xz+_m$)s zn=Sq&%n|n|@^0)0-iP?O^1Ie9|&u%3(dOkVK35gj)uPIrQyZH;l*#t zrWV;_`0#HitNYxg-{kV`X?(2=%>>qpd6vCrD!+;mG?RK}ix%=*hz^k7SQfY#S=-%E zV(OXbjpgAkZriYP}^Ml|aw5A})JOg89OvxDVUZz-4 zc_l_CC(dnc(kTzkqW^16|BWAs=94}d8#wjlTbO%AvU3K0%EiO59mv)N8hQf1kT~9xxxM4@25^9!&zDAx;oQu#zOs3;^ltizne1{l+l=?#EVCN7}%xf zOn&knP^MvuY-lw7a1xwjlwC7kS>K9$+ZTp*CAM&P<0j|vP2?pOQfhoa_m$vjfz&m`H6$*8lkHjms?sr`VjqCQL_zsXZIS}lxO?+1n&Kx72v6nmq|<7GmU|Abm{@o0Oa>VXoL1& zO4S!)c5^3v_)TAijzA+u>mGFrS8vW^9`k~)Ug}U+7QTPOmw%eh6<@M4^asRxIrJjD zY^3!uZ#aRyHa|A$v{vO2kGpFUc<;yRAV$v1##U$io3DIP_B`9>iyKV-CmingJM_Hx zC^8=MX2TBVcbTQ3Z{L=I+dq@z@b959kA94?4HsO{$6=o~X7yR)uJ^8Z%Z#mU^aH?YuF@&fI5ZE9 z&#E3f4=;2M&BN$jrVcX?S9CEC%~9v~9R}|{gXil`IWtG#=zkS+6Zwf44QD%z(cvpM zj6B=9319!(@1C@`WPMTS8}n2ed&Tl};j%6JIft{?g&XQVXWrMh7y0RqbJJYs_1I4@ zSfSW?vWsgRDhDpyE*d9)m3GRJ?>$qVwD!6p6ElK3%T*41eI%<~qsnFSsD9;vCNw0r z^f-~ny=``0y=n1p9DPuEg?k&Q)0T6brKYc@56@-NZX&2V{D8|!obt?fTTl8eXz5s! zudGOR+UMd`$1?c*r243Q>I3xku}nVJ$nHftZ(@_O_ep?vwj56C{w?>>vq1CI$ud4KpjhuG(hpf}BZW;XLR9{bc{b1(FSSudTN?<`JijcC6n zz%@u6L+NgZ(nWhiQ;?q`@B#L{7tQ^jI}_f5mv~=X=ofeEdp!TQy6d;N z@hikehOWjA1*fB9K%c!Mv{TG{N){6Sx{3P^7l}?x*v;LI-Rut|+a+Fozi7g1+@Z7b z?4pLHU#?!i$jC?|8>Po&5*s@ zkvuDZHWOpVu3;(s`BnIgi|v2B_R8SR8h>H<4fN_1G1JAHQ_je64}1=KW@W?Yj~N&N zcB0OIJn65;DZZo&+O;N@K8(%7mlXJjzG&XJK#z?tY2C}B6N14Zy%Fg? zat1>-kFoM4#fJX1c~t?&T~yZWs9YywP<`#wg$@hP+J z=8mPiCoFL)$1f!=;4RVlv|CI(p}S)(^XE@EI22Cs@^uYZZS+gG%X-!GiP=l#FNDfQWrO*!0+e~!+_)yYiS5#zdEXpdsd+i!`P_A}SHe3z^d4ZgxYYO~tD{E+R-S9i+4OXZ@@vo{Hj>^Z2h zc{<~!GWFhNsdWh!4pf_A*_4LiiX}UMi*de+d&eqh=QQaoiKmDaoO1n_>aor)&p34pn z;$h2}Gr+}Uy*FpO<{26%e=YfMK7{?HM`h$26KmmIK?`&<>s-O$H{#l@Uu?gLH~BR1 zsLu2RletdunjP-%e-Dhkw^pSMohHSIfsqIk2`I`6?@0at7 z{nq=g_zu5&_#I8UbnilVM3mpt`77e@O#VK{-{;Bq1Afou?_8e$fnUS>_IANDw|O7% zein614)1>Eg$?*}@i#Jj5dFT^8Asb=`F;-HCoqoXq@95t^uyS0Vng1$`u>pP?dAJ; z{>GB0kna;@?;wx2!F9&)cOGd0>T%+E#A2`E+&jE@!${{W_NR_QZ&a>;d|%>OwwDWe zcX*HRp3D1RF>im%?@ZS8XZ&6SZOY+$E#IXxU&`Ob{9VFdkiQUr6|@hSaZihQo$hw0>nfAt?DZ@!=R73CG&k-nRDfVuu%epz6y|0zGM%ddld@?53w z^wZm^%g}lGkdmf(dK!BVaM|CEZ|QUBu}V9Dk1PA@{Wq^kAgA!o^HQEY|M?p3E{#yf z3%u{A9%RV=I=^3&{I<^JH^6tbKaFR9?)%NW>z(v7ZJEAf;M?+_0<$V(aD{Tg5@#7a z_vj!^_`jeR)K@rkzNNp`=ul?RUkCul)LW_ojX4 z4d*@5SbwjCJnS##0vjIlh5TyMNAir!FPKXY@T|E8=F-P_=G=oxe@kh+JEXtN@8@aD zz^UIB@9BMvRcrhrW9{MnVe(AfC$zDt5H{Fn-x5_)TE@_RC`Ar*ml{4|YM>w|om*7(Ucz!=rmz#;$r zpq~expl>G6vwj+5A9&SIdyHT7cS9Qv@GE=)&Ifk$%laVC46Q5g1KU}LKIP+i19@1R z6M~nlwHio~=Le+yn)##O12>V+UoY&B&CVEoBmF9#{q-{RLU<+`A$sAj*8qO&X1&Ie zuJN-zCl-;GSqI(+#$~P7Hr`$Gu|6k4S^0SHKa^Q7`bB;HFWWim&pw-T%KG#_lF@CD zgU#6r>dt{Tl*aaAua|DWS^ELUZuDMLz#x;Nr&fC(n!xR20Qt`>Uc*1X*MPdk34G(u=S^Vk0Yx{doR^u^%mX zQ2Yx#J0c$jejgX#;#ahvasDw*8(DbYx0*Q?ozS>}Bj|z|=N}uh@-ZKM*9^fCxIQ@M zzB%eM@4#qZh+oG1N2O)KS6>MJ&6Odh5q~C z9hp|9%6VRNB-k7<@rE;POLo$jq^B9XAaf_#rMV@UAKN$)S+kgfG3Ut7k~zq^y{5-I zoVll?#fuQD<9M*f(^-_9n~;yvgWq;XjITgqKeDZn>&Hxw#e0K^#BYnxP5Lw!>tf*# zqt35=-;OPvc786ssAf01qwF8)zC)GCOzfsHm)L#2h_Tf{>!QY9X?5l(@^e0Y`#}2} zVdz@DS7YpdHqQs` z>lfS?+!X%MeB*3tu;mXm^VN;1IS@-{BsNaw|uCj9ina`K?cXyfd-2SU5XA ze(v!H6NitMrz*oAB8PA`V!?ypU=MW%qR#UV_&ns)y1V{F-3u~xt4`I8&(wqQsuK^Y z{;ay^XXu~iSTbmE`!DWAmM&8Kaq&W97w(oU!(1Z6*m2FO8=9lYB#qbVJ$np1$fjd; z(J?En{#JFu>^%xUyrbrhDZN9>&3%}9jyh+o5Z8j`V!tbal7% z)qZm}Pv60rzNmBhtMnsxDF5$n4DV)M>1)MHy%Vc@ROaHkia++w2;%c9f4mw~&n0!} zmh(s}P>k6cNBJ(fC|ulIAsD30nS3kM-Cgo+;@epU*4eA1FG*m1u5d2u{Nj0wd)1GH zLm#*%Pboe;+sFJZxG++>w&o-Jb?MQSx0~;pN9otw$NV*U#?&;c{z_vfFmsHL7IUH4 zN9?o79$(p56=03QQ}bPVc$e`_@%>XOFVbAS^A7=P3NAk>@I}VIGQfx0#){i^tjVRvlpeR%g~a*fM4X zYq!g+1M5k-Nfr*r;NwxXIV*j%pZ);p#$KTHr~Qxo^q-M_<52#v^_6ZJLtmrJ{0#9!)*aT}1Kx+kU-0u+_-!lJ$d_JZ-iqy=IWu47dAz+_e5Oys#*QJ+ z!=wl7UEwnyv;7-8nz_4i2#(z2tk>z9XZYVdrSm?@te=6QvGBZ#to0vz9{2#vRBW#b z9GCBxftjj+>&RZh*s^S-p#iNceSjX$3_;VLi#or2e2_0{?SILRf2;U{{P@4L16sIQFo{p_7u9dZYkIByhWiq8I4k$z`lU7xd?$~!T&z76 zm0^Fye9x9GL|dgFsQ>h}Nd3o0(%R4WxR;svqFw4(?AIYV*s1+rZt0qK+m6l#;WMH$ zA&YDAE#i3!&z1aM3|#4q&1`H_t-Sv$=`;E5;kSt2`y+cYv2V6Z~`Lw61zUAp19R_~xb(6n9dja&ptV^(E?1lB|_c!}> z!q2@;It!(G*hiU9esg|@aeojh`^BT!dkfhIFYO8a9=cz|E*Yq)N6kMQO&hI^yVQ#&iWf#V+RH2Z(?sKLSg z&V3oaEw}>bcdDFVtKOTj!O#NEy0CXLQGB!BE8k%G(u}zOjq@(O6{M%kdyD(|@TOkk zWX!n6|6XeMUCI}U&IxD2uN^|i>z^cBTyQJri{Y!3uMO`WxY@6}g!HLaE-07I2aff9 zL|VC@_e|TCc+zyG&$M}G4A^wZdzUTMdR`nWTt+MpW+ zz!?0*dllHv8JfG?0lwwqr$5j*H?P|44UO{Y-w6Cqp^qxd_v6CTP$c)b?t9&M$mX$l zy8ltX-BV=W^g)Yn>6gV@!#&6vTaQYXE{<*OF*0s4ZfJKM{pvMxCGyr!C7WCP3V?^L z;9(9vx&z=U_UPOJv&M7F^WtUrw=A{&XlNOc&Zg6%(Sje1U;L5!cl)&CLv(NI%RO$! z9mqNUY4vGb=(a1t*Pg+#bupKAPT^7MVS;UB;{o}^ehMx5mhrJozq^RD_2N%eK0V1-5l1h&x|{g(^utyKl#k#+)Il>j`w|?&Cc*j@~|(L zbHbE$a!(`=laGCD=$5m-*XGl?BR`*o4JY?_Cf|n1Hjnup$U!zYYuA?=rFBz#`0$N9 zDNnzjr=J-7W^KXivEa4slaK4BK48`4jpSOG9W_@m6HbCr1IxfEb&QhC)=mM9P4^=E z{D`~RY#MUgo1%$=pN7TQ+zqWWHYY>Zb-${; zaLdqm(X04`S%N!g{oZ|s)bM9-n4jp5gNuMBQPM=|=!lohe~$3^fG zeG7%XcTVS9k^k))o{KF`Op(n8+T3?0X?{G1DOEfhzhU}tq3wfceAzg^fAErloB8I` zf6?j-4-C=jhi*4=nrL;~p{LZ2mDgr$wzTzU$-fkBwKS|UDS2hy7ANot`sd@nc(LHa zr+?2PuQ{9zmcP*PjjtmIf$LFc--m;EF8VWQ8}L?G8s^>fU(hh-H|5zY32b$0VoQmq zyM63V`cQ_?wS>B3Lg=DiV`?S!!f zb5?ALX)FDQ8$YFt&dQiRQ9pX?G})Q+;?*Y}o@A`d3+6f;~9Rddwz7zUbsZM;h9-{*qqfE!lnLc7MJ=bA%mE^ zCg5wuqAOMo8vCzS{{HV~%c)qeib{_mLetJo8^b>!;TK70H8v|;}H zVf|+KhuRkpNzw=Cs^K5txX!_x1I}t32YLPmzc2F}<@b4g|7;4&&) zA?-5whmm6~PGCnS#slBjS14Ppc7qLOtBWskMuJ z^RlV3iJnp}FRPsVIZU}&vn}%}`H6Wy*v`D6{9iR~Wb#)zM;(o6QU0((jj3~F<(*Z5 zqt2qTVW)S(>ueteY~Q={oV{H+MOs7g7TJinzo%4uC+c(=e;TzJ+?InqVcYhu5-0zH z_DfBC;9I-U2{#|*?ssV59()7E-&4*sdtPP7^Wc>euQ>#r;LJ;V^a6c{_ZFJp7UTNYW3gNDlSH2a zGaFi7Ua2+E8hzH8r~i&U%^&YcaS263d|725b`}TOz}$B&-FekvNB3PhNe}<$2@dyf zmCx=RUS1g=5t*OZ5^>_y^(JOZJa1NOia1x9^FzR!V$IJMJa-~D{d6C2QDS@&f}(5c zN4Bm-ALd{a(w&rfoXv2O&?9~a>(ls6on=FHX2lbHQ@9R%aQ1BM@nBo!wt8wev;|auOPQLMVdcsUfZx!=4(C7n1E-k%Mia9*pywr`ih>qQ~I9z zkebY%=iEzs8o$VSk7qdVatOVV_*WghoB`pCdE&74SvP}0ln9U1{wZw-OdIUsv3FB)!btZ?J~R-yQ1Ow*sQw!vGp`8nU`)@8l5U!ujw&7u@sxxHsLjN*opsL zlsMZ7f>HS{3SyXzUl!qS*bl=*XKIwRY5Bs&9&EW9ibyow1hp2XR+;E*>u& zk2<@a)EEsek1C&S;-76Ie&(U_%ETICJF}0J8d+Y+xM%AZThnaikC#Q}qxU+AwrGTJ zmzjB*TX~-uZz*@R4dGqD$gRvTJn?B{=sfW_|E^*D8^5^Bz&3G!1>2@vUGW0W_!Y%C zW82U&A-x2dSM(+$mneUtJz(^tR4M0K(V1A!g4ArMxU&wNDjl>FD{VY!<2x3cm`u7? zuvq0YWkR;h_zvbxZTNUrnBoiu=L_Xi&VD*}dETK1z0_Bj%5#c{4^hN(5zmD@7YYs% zYXcErTx}NV{3>-6(OzMv^6}iUmOCTcos-V5X6Q|2v)Sh?YHlg)s87Fa;$LfjJ+n3) z-wbpE2in(PsCi%ww}obnJqlhX@uMvkjiXK351n;yFxNfU#%E!tV2$`K2>!6JBQ(n? zk3CgE-@TrWXS^f9XS{Bn-weJ@T#Hd&Z|7Y63FkTizP-TvZ}@u!d%|;!Esu5rpiDz5ZR)x@v8pG6J*f~_#)rG`o6ONn z*{2L1uonj0;j?oby~E_6npkx_qP8hh>X%t9Jm{=5b8YO3n(t7+;!1pCJv{ZFjqG}7 z$?FfvjuPa2=H7jQXt+mmN1!436u3G&IzK-5bHooTk6<6XjJ0>53C>NY0Z*K7k-rS@ zI!jw%aE#aBKBB^RXn{ZGF~5 z)D@o+o!;~$cfTVy$uBa=-6%#6WuF7SvMaIWctpO5i9`6RGKY3=QdqQptTuSer; z%pdXbqI|}}GjP-c{xpOZ1!(`_jE`DmZwdSA#D@nio&@*I{tNRmRdl8H@xgW3_-X6H zIF=DVtXTRNWg_T4(C9qw(u3}&qtg?6=9+l>eAC{JbJIlWb|yA$zUT*MTaT>rv|r@C zLfZwt9PcXDIXot%bFCSF2e!{uoC|$k!Ap>`l)FBi zWlz{X^Ng>1MB|)KS=(pe3VZE{&XM4`>qNPWsIp?*~-+bh%_t8C~!V$)l7u>(2XH_-2dPI1*{^oF!{#N$R*S$KO#DM?? zqVkj1eityb1|Ei;#qjq0aD+4P&GhOdI6U)$hMY4nB(^bqjX;(?F(mQ^6 z$AlZS(~OK(pmP*f-rq9X$B$Ol%*JZt7kM&IYhnDP^gI&Z|F!Vy-QGj2k7Ucj#8$;V z@V1F=Yd@Sah463f0Twd9;txffUoAp@P<+)wl}oHOIB^58AYQQ;eD20J)X+7NeI^Uf z8QSy{(I#N-mp&hw-LSSd4XsXcUgW`s_7N-NBfnZ6k48iAfXO~>dPO)O7(A6eeHFe% z8u;&-j# zmDK5|yy)jENNjndHPPSKn%MeAYp9yGw?apN!%&SmS3Whi^c-k-hOUe|TXU-U)Nd%l zof3xLi+|+=EWLkVlj2kO{OCFOQNZ7enHm0}vsiKiu|4v@%kinw+@S6Qfo}QhJZ=tc z%_RM{!F9erYn^v|+B%PGQC~i7ovG^u;j8qr;QoiY72nX|>I-Aij;n(oc7RGon~=e$_k$JCqm zk?>i#367LUoqw$4u3jT60G|%<8PgnFJDT%2`uv^JVeA-lD#6`fHcrVKb7P%rg}7JTff8uB#r+t1|7s{eOsSgOj^tkF zNk1-2x1rgF&i0@1;cQ!qGceq3JVrji$WNKR{VuC-nqS4mEKRf%TVRjZliZqX?-6Qq zkJP7swG$d7AJU=z?#S*huA(VxPf8|oJLvZj@tnk-cUog{Y~O7>!iziZ@=QpuU}y-xlxw^U<~>~R|W zxyYHER)9{b{#<}^Gii^<2ow~6EXAprO;zTb-c36yTkRv%jXRw(6(Z)9b+mLJ+ z*i(1>%Efw7Wo-5%y_@2OLw|KWnC+M6KfVbG#>H4mI zb}Th=Yo1*Lt@$9G`_Jrk$$S@$0sjKn6S~((o^BbjT)afj`jyR^XIJMeiD`uXIAZ3f zrJJ-_HkN4P+~j%oTxNYM<#Xe6&9Boqv3pE>);ZimLA|q#J>1pVPMz!Y^JMboG*0AP zr=M4LYn93THni`r=Gm2^ii{Sj*TW;Crz$$oLk>S7MBc)E|=Ik zITGRST*(j6DdPtmb=IYP*&|R#@C^Y8ER+mYTY zo-Z1uyV*KYvH^A;i%;x@R@CuV|7a``4Vrq;bIn>^OZ=Kc2$bZN4ov&5eq(!k=LeI* z_5YW<_m7XVI`jU|3?mE}Y-&e4+MtsXZGwog#_og!m;2755eE z3^OsYB~*7o&;>s;qL*O45)?u-={b6eLjK@-s-T0W+snE#^K98&Jo^Y<(s`WcEK>O^>r(muaT&eAsHNne) z_urqx`@uz9I9ExZml7jW_jR)8UdCrApNkjmG39(Je!j=V`3&b%&1WQ^F^l#Pe`${y zPrjbCfzKp9lle^JGvnub%uGHv@wu7L5BSXH^EZq3m^q|P^smofyy1E4YRwP%q+}By zy^BvPexC;^x7hAqWTnsNKIZ#cKI=8Nq#M`^(HeJ^V06i8Y-sf5(}ryMktqdd3*!6C z4;Sobejj8`26ImU_Jylhk1_V~k|VCnk9w48=uu|Ug75mgBCjWJKH;-ep)(^X#Ugu^ zcy{oqmPgHsmNtAiw(ol&v;1Hp^U4QJ&`TWK#VXC4*1yO!J9mP0RXg)G)vTzTYL?{Z za=2%f(62=1^{#sG?!!xn%aqx~Ir|s7>a`|k?n?y^$C6^!>YtMr)*`DPGOE700c;#S51Lub1P~ z!b9tF&lZF4y>+ldy>zg4@rtB5|3>N!S$I-kBe*AH5FE%0_ri+~g-aGOj^2_l7{rk(NW{4Q~BRY!_QkxvzhlE789O2^VNTDwqg<=vMen zX}rLYc9=`nNy}HMUiRU)_T(9X>56;lmZ_A+@{s9^?C%9^ZkNso;4jX`EE{rxdB)$&$*( z8N(j3y1AIW)r^T_t79Mclcnx^HQ#6Oz0G}3XpGHerj>WKmlI2xhqnVmyZ*vXbx&&4 z>5?^z7iUZpvc}zk#63*p-Pn?LTpiXnU~SE^GbhajBOHB|5~IW3xx?C^q%y(Y5io?$ zZzX@4pYOI~M-=zk_Nmx3EvyYk=o32n!;*t`UIlB-=Lr}e1D~yaT&OW+XN8ev((jRX zl#3VpduX3;zK&V^gkB1&wpzP-b+(cH;H}bU!V&BTzD#HRqqV8{NF0CXq#69G9qT6V zMfCw3R=?fe>asa`cse|pCwR(ti!n6moTrZ~pYGK-dbB-;wylp@c6qP1ZgFkx7M{{x zMCSz5NAS1M&PB8Q;OE^g*a^pz<{{mI7ZY7<=`b&AjY}W)i&re3Yj)T*5?ky(90Mis zX+h{}+ZX=~KR8C)JHQ*$Hp1~X=!fri&4K@N!@^O)o0*Gcs^8iaJ5I)t!RI&}S=Egr z_`Cfv9HFi(cqjjU_(kw$?ImGj4Y4L|kFR`h4tJ~7+I%x`V}7`g;z?k*gMIv__!iop z9-2cek+WQziuJ2{W@{YHwc*&pslho)oy|48=x}g0b7_4BY1_iKF1O{la0}RWCe4G3 zos3ItsWGdpzJTpoaE0I77@Wv1@%K+#o`=sdkJy8unw@9Ko;7u2mc0NAMT(vi4BG6XnM< zKPlSI%GRfNG|b_Xf-k>4o-gO%a9IyHbnnOb^3`Nd1uObw?Zn8fptB`9dX1Gi8rp7U zKo+}4hl$3w0lU4#WHf63Jb(Xmlh;mv0v3l(^pX2^!llAN+F&0;w%sKuhYS9G{%G(@ zG9Uc~x-4k!6P&Yf0QfaJC^+Vy&F0x`;asML`GfE1clchcF1P9atoRqO$nSsmtKSRgu-SoM|l;S@aihIZ-3xo6TaI`W9TSTe!D#mg$ zefIU|#o8FgLra!lO6L?W5`U21Kn(g@rGx5s##@9Aw?V0c1+-??Lu>Yqp%b*WaiPW! zd}B%T52b={c`H6Kt;L0s2Mw+Le$QINlRTjQFXrLZljlQMt1ca^d(6(UzN*+3?LNDB z_m*OOgYbKnP8#nBhV5F&`ql==P~YC>nxOV?9%m20q>I?6&>jtY_|RHC=Oy3IJiM=| zs&egC#mxgQ3tFa{$7PeccFZs4UVHs%x#HnLlX(~$y7v9?L(x4Xf(bNNa?$dj=DSGy zOc~;#(_Y?gjm?m|GK6dX^G!Zq=58)vCz?vN{W{|B<=^SQ?|#u$MU{9%&f(@>_~mZ>pe%0#snnDSh?A173< zoPB<4Yo+YT`hnGfMdLotgWpk)=7Tx#;Yv)dg(J-4lA+)Uu)9BRpLcW!&h?^0vw=Ox z4XiIVoS;Lqo@eWYk0b4*j)DhU^?P;}bl~fs(#KhsSbll1s#CE7wO9J7)p3A-SkK%$F-x21sTzCI zoOP*v&y|6%hS6E9&5(J7ufVTr!=*eE9SdLetb}JJqF;Qs8cvK|Wy`I-v$?i)oIrwtdWp+{+J5TgE5zovc!?%&P)tmM9NcnG|Lb<7tpKh=CE%^>2}9naHGK(vUjVTtI+ z-mQB<9XeI8VqtNR{m4CT-4lr0eTzmtd*=ZAF2OkYs&?_icYe!vbQk@0C;|dhwAtDgb#CO05}3~wO!{OUhTeztG3|Z z?j2t0zJsfWN4Pv^mk(d(@|=e}e3i=+1MzT;%OiIVU+(fz^2DgH?Qp*F@ZBySBhPtq z`<%7d;fr0qw9Y&9F>oq!--j?)`FdFLo4CwMZlfAtbn^;W*%jTt!vBAufmSRcj9l@@ArVW#9TQv z)_rGxw^ywmsWnagRW+PRyQHn*n!N8-LOw+Xy*zv- zOLy+9@bgO+4zTOlK2A=}R18G_?zKCS-&S@O(y!#A<5ss#uwD;g!wR^56{M$L1MYfr z;KiI{gs3Q>PcnTe`9|Oo?D);ljqA=hn4fJ+dme2_Z_Su3c)wohTE&?`=SiKYJ<6R zrO{;NN1QbGR=EEA=PiBPgS~HiG5k?>_Ibck_E^b*RBOLEb>7=I%tKe{@%^goa^F4$ zF7>za0=p7)1|1%J(&=gu);h+nb>y2fBCliKvlZFYsXoY_<788bU8`r%y{ue1VDDiD z*BQrwy{>-n_AMKeljp9jw_j&m=&kq6`R|YEt+w7{dh3o8V|x4YcG~d!^47XPJ)WOv z-T&vtGsulW|>4LJn2o*3FEOPw__vgC}B=#MeDzrW$&YpzenI;<B)1UtXC(ZwXtBCu}JrUYBm3#=yuGtjOTAV%f;L%kMH+&gpe}2R1U>=s=lbRMe?;D{W9q#9hsdAjp1)4s z+7fvFEAn4;&z~h<;_^?CztH8MAYbb89ps0&{QdM{sLQ{~^KzF@lmEKQ-%6PZm)BjU zx|1Y0kHj~D=h-$B=iTeT zzXJRdBts7J`;vJ*;Oo!NzD+!{zT@uu6Fu5Hr$>7O>A!>XzIEi!^!vYWC3y$)eM`xo z?VjJuyAJ;Qi`%5yo2GsSIIlL?Msu7yS4<+ zYL~x}J|tYee;yvI+RPPo-kTo-kG{Y|y39e!jZ--v*WP@cI>x*A)ZcnP|K_`yxjszW zA2L@{$LpjG?zdl2U)aHSx9aIpb_!+JQFfXuyRv6l+Pc|2f6~9h138G!nz=q{?>0)8 z{W`KxJkYM0etd%O!J|*j_c}jPeLmmoJah^gvo>DQ7-bx8b-qX5(w7f|z5V&_aBc66 zr=~poIsz|Is8109TAP4sB=%F%b(`Mch3a(JzTY1 z__$}A`%XK1o^*M1**({}Ji6?jt6Uykc2AAVpG`jB-zfQ~+;jBWJ!4%SdAg^=by7BSzjpdj=be2=WxQzDx9xY^1krO%RV(rG9>!l%zEIxlcc+$h=kGvA=FG3< z-<`gUZ`s&gUk5rhI%Mim`i)InHV*07Npov6d!`}wX9LLpz7xy(<)lN)w@LP&B^hjf z=u7O22eQ2LwCeHqMbU@;dN*bI<^6W#FS+&^6P6Cpt6la*)TY+f@?EuU6Yrlp!}rcZ zub1zq>bB=18DB#yHf!3DADi041_*xs*NOO=>cbzc^AC-mzs_9D=_p<3i1sYDYzNX2 zA9p=k`|FBNzbGHCUmkG=aqx>LHmgX?919Uf_%=HhY;=1{u|q9M|*^{ z|HhN#<9_>ZtR`PgZ22U0st<*v>cg3&>I1ytcNbG8Oqr|57n3glUs&5WFYYyOI(x}k zjMOuHz!l9~(%f!XT~$3Id+Y1&jFmt9S^(r`elEOk4l(*vv7fXH_LZ?0K(dr3zFv!TKwWig(Kvn ze2Vzscf!8@o^WZB2yLgLA8fQC@HbH7eB8DF${P4zX(PW^+;a^azjb85G*VvYoaCb; zoEMCkS7g)+>+CvyvyBrLf)<2dA@xf<5POv6mx6Oo8rJ*W{kY4_p+8~z1J3=jw(1!Z zxD2~Q=8g9X@&9%s`nXN`Rn+wJ8tdl*8b@4SIF*I2pn{dC^D*@cwO)# zVqQUeriACv)6V{C7o06jY*vg7v(d>GtLJp@&u$AsZ@<64im`%2y2~w4^RV{{1ah(}({^4i7#(N3fc>yd6RUVkx_vu5v zOpY=|dM>-iMQwdY)ojZ9s(#7(eVl9qk=+BId~AeiyUs4PQ<`V_GZ8I z*C*pAwhiv7`^DVKsrG*92z35($0)Nlo)sPhbYAoEg`)yReC*yWX*thINGmEw1-_Yj z4F9y%H$Db$sNub>)U#EzxNcNvgX*B{M(9+Zt>j~*JN@@VFISEV{l3ThHa?$lDrxTg z(7~y5OJjHZsFFt?HRX>^H$ywv@2%SO1uwJdyR*|($$ET-tk0qw6L&W+T0?;X(iv^NOdb?W`3xnlw2sTbU> zA8bu<336X!T5o;lvC-wngS=a%JDRea?Y=}SYm+5ajoLf^NcL~TI9ur(y4{gik+~+d z5gK^<#>ezbW0fpxnWB50cV4G4r=I5bjW<5Fh-cUo$7}3WTkROe2o~aHJz>$oU5fI@ z*O?TJjrw}|+9K zr{*a)2z(7BHk%6Cvie}At;^JG_IaA+UA14@(37U}v;r=JM@?fKF0Yl%dkc4U`1>8E z0ULKY_fF>h2t{w=K`->E3%m@jvUYM81H;CU|CD%M=ZuzJTyfLP!V95A)*kSa;Yo92 zoBGN9uZr8LSZdnmEuB?nhAUQ0y3ABeEPHiswk6DYhUD+jY3)8R@YB&Dj!EyseZ*O&wP({TdDTzk6n)5n&e!#;AZ_` z)UTzro_9rpJ8-A^z8~`)9`n|ZzI7>v+e5Y7iC1fe7ncG1 zQGvzjQFWTP@PcKoFCFN7z53C8c4UK_yM*ANd7@th_T3adTJBi_d&(sb+20E7*+}4@ zG~cNezoHM^(d6SS@AuTvi}JpbHLtp<;U%O`WCyF z1MSD#*-x_PyMJ-->Ji`%{L0CG&X_+q!i}|n{H2y2tqhs7UH$u?h+$Gatyip%?RB}= zw&vv%Z6~C2YRy=eTl$1_dSYwbo;2TjLcXds><2o%J5lF7Rp#@eZ{G_XE$y;SFsys6 zee7xK$@?UrcjWm-m)a+m-4L~rG}B*F`FOGK2T8dizc0tLTj0U)>(-WizPzgQUVaw- z>Eq7kZW;WF>=(%45d4@q@7$)nyrgMN4}QjYk{|55zfu_p;CIH}?9BJ^HIuBJ`cY+# ze8=7w4NhLl`MlJK)0>)$gXNh$>swFbJHoY)KvPwl?9a<}H& z_m$gq!zjbrE^R{o9KLs3Rg73qTfGlPcJfi$uKU@pCx&}O=d!D(SN`1-Rd4)T(eVF@ zgop3y`qJY=A1D}B> z(+|_2^XYZmjhDb@|3}uZhj@1GZoGuu7wt?9=)*Zz6Ht8d)C=YH`kk>{%veel-&<=( z`Vv+wa*dteI47PvDp=Hcugvn{yZb8NFKW^V@r1hE1D9HxTke4}_)mM%%wEyWdpdmE z7x+*DuOHarnNV-q@cmIV&z3g82k{+jBMKH0rw^gr};$}cl1`ljGgZEJ0tLJE*0P`Kp!aS?ttz?`x8OGqnFy-XAry&p14~<_T!b?oT}}ou`{8{MT&PkL(s?le4F` z0{hFMH{sE=QSDdNOy4y68mrHP3&84DHy7pNjrqAC&$^x%)yutC$WOHAf|h$Pf^X9M zB)bBZ7ka-L;o~;z&}qaGv}=;@vlhzPzHHtLt;3sa{GCS1vI@xgKlTZV1L(ikU99^=HQ#E#s#AFR?^ikbS~@B= z=R2d!^qG=_{1%vA*)(f<^lxS(_lEd-tnhH>?LLl~t?A-lv9X_U-=@qyFhc8G_&@L*9&*@_7LV$Iy7tf7xs$& z;A@u8EkvGZKC)Y&$(5qR+&Pv$p@(M9b~#$IKCD^Ejh-^V`*7!o1UmD{G0}KtW1=#oGUpZ%uX|dj2@#^7H{m=f@MWZ&!xlReVQ> zOi`vNdlCE}*>~qNW}Y)GXO^J4?QWP=E7 z5s&uuvl97AU=ugmt8B)f3EVRamRnog7ub9I2KJMk>6+RfFxR1O|GSaWPtP1^c@?tN z;d@uxXwJ#am+s|tb@VZ3tUHg`C8NQaDeV7_#@;>!JNan#rlwe2DIzWD7|lM|6jR#1 z&wO=l&I|#6N*3hMWA@?GoHOM-AIkFzz7OMjeBM6u^(8q|O?nyW2xzkcIha6C4ihu< zfreS3k;40RBTZ|~W^ZQm2%b-`-GvW$f__b^T4nlFwSaTexobYgxThc5#ryYgUVUC& zZvN}?^OK$9+Lh5b&lji5hC~)|HiG;T=oHvC`2N@#!S=@bJZ#x7&+nz$y=%sK4}Dua zF&T|3u0A%rP^K+r`6D{@g3Jr=?P8u*$QM!fa>G~fcPAzl@g7;bSUr>9#|YQKzXhpP z<-;zy+xm7EXzh?%bt$nF%7lQ#s=g&dddQL!9AJh-`ho9OES+(Uo#sNPahmxrnKQ$ zG|t}1J?Ze9k&aT+S8^J-S^aTcDSA%EED$cWaLzgNy;pa&d!`lr#)wZ-XE^nG<*v-{ zeiy+9g}T464SHB?ZKH?Zj8IQ9^NUx9!5hrN^C;g3oAr5|?}CRcJr6rsAJd<7;Gl4y zgYD0l0c+ndXLJlU1-=BBl{XT2m`-)YySaW+7 zYt6dcyqWaBRP)-f68rZB$$H|^j7*n|6W*{s8Yg_UF$D7MTA6@9fZ7!;6XWfUj`NLy zp3bo6SC*NI_7>AuV_r9^n~xQV{|O$w*H_1@#W&P%Yzy7%I6JmStlvb0{>jD~R6G#Y z9y&kwp-Ad#|i3LFFIp{f=}v>26Zm#>u9{j3n(OO_07xdIjlz z(lMlOkzPr9kTgkpm~>q8VDHGn5;LCfU3{-6eV_Ddo`1-5&bxa@NhgsWBb|(`bPnSU z!JGHXZfeKeip;j-_Eu4jaeI%GGHzn8*>QWE-O;$c4Wx|Q+epf|y{)8-+uKgcxV;^u zjGMKE9XD|*?YO;{NnhdlE2O(gcX!xvdYz<<(|ePYaeDhn8K?IaDdY4Gk}@9e{boBJ z_ImAjyrZOy$2-Q^QvaODBW7(+orvc}8e7$Vb0%XO08BKep8$h`j=^3I7oVYS(zny$yc7XC*bplgCF}t1?So zu=JQ&cE)VkSFXKV?R?7qp5^-~-9b2amhMpv75i%mV}0|b%g@FBq~}%+H?#IGvcBor znt$|?nWb8HdUKrbWFo#1yx!Zm&`@_(Vk-)v$p9hUyaDVg$LmZ?&f2aZ`g1_v4(jNq)yXKn0;oF#pDdBfJfg|i)hg0+O}$82B~o4ftzCt%TJ*Y$1>>8$&D!k4n+Wk)+D zjH)b*T9Gk{%nxM;@R}}J!d!07qG|| zeg`KCRmQhfvL+^9ndsgt>7|#(rvbB!Nnls$WWBRfydB*v7T@OYaa;c}V&!PvEI%^Y zJHY)4{9|LE{xsTEbC|NV+FmYRNbBzb8OF!2dUh5R;rFlO)?L}h;dD4wBubWoHACYY#f7cV|g)BTiwstf0#NFtL?8_VT z^F7x8N;&}g-M8n!TMYb8vTs1!XcJsI1|PN2#N---KRWx2f}!8{v)y{5HxEy_G%}%fBqQU%b-S z!>`}2vkPkT&u!noZ8GjIld%GTr@w6w`YrIe}<=OO$#g%KHgr3|D=Dn0`K=#Uu_>d zShIA9mVzZbqd&*)&XSK82U!RDcUE_d333nO;3gY48$Og}9hhAmjDbUIdDaK|smQd% z5{x0g2Iz{nhhmHqeKy&s`4V1ee)4rXTrZUleuWp9N=4sR)19D`!w+ws702`Ze zxwinEvbGmzFUg-WMzZM;UW? zX&?H%uc}G?Q(vLw_B_2|2mC-Xu6;jk`*JQ=Iqu&&E#FZ);DpLjkH5~|?0v|7Ua;dr z?otSQ-oy)DIyNyJ8ku@*2^ks#dup{Gqt4eqy&3ub%g4P3-|){L`Zhy*{*d#N z1&=<%x_{+iofG%Z2tb2%-h-MC%W(o6ZZCyI^nZHLcbvW^Z)S;RmfQyRJp#8Fty@PPNNmw~P8r*1QO*`Gn zbM8X$x)#p(?AnTXUXiEkE!%wgD7nyK^@!v}>jn!y^11_jw)V^N$NY>e0~Y&vM{Dc) zs_mwJ-C*yZo6#W_vbH1*lWriz9?QB?cQdfIB#n@6CykQsAT1(&k(3y0tSeb-lfFz^ zO8N@vP}1F`<)odY6{Pz~^kt4WWLCP=$T$B=%Aj*)DhVa6{U%{qCycPzCz^jPZA z(;kb@;EX-z?18`H18gOIDgH=6I?A)8(?~hbA6QFjxNcq89zu^9r3Dbwz zCXuR^U=cF9LO2D?h&RUF4ugFePFkR~Aok@#=^6_M2cw$bRMqKCRa4kI^L~Gpa7b|| zB_E;pFM!uU**bgLHLE)EczEo2AHM=&$q#q0QhUcBY}O;#&zzUMsN)7x#JoA4`(=F3 z%np8^D}UMc<0dQr5VfUtQg7GpN|)B|!e&WKOZ+((am9_w&C zV$WaOXUCtS9V?IZ?!p@wPlx;$B?FQdK{wU5tfi&n_d5BWY(5X0XpVd4{xWfP`g=9I zCMGu&PQ2+CbJGKeH!?*q&&!A}PdOFtNp`6(w#{$TX5(v3j6JVUcM7)FABH~V;hP0E z`EhZta!%{Msz%0U_gg=ml^>hdC;qczujj{R+bU*!BmD7Ut6kDOh4_^4|B2&%G1uCa zxu2cy+@op~$Eh$q?u^;MQs=R|I;Mah2EGLjNZ(1V4wUM?QS8f{Qj8sV-OkF4e6#;baXz|)mwDM7pDujV9@LSs*$jIyzz04A zt{u6&$9MMY=PdQ*r{u+7b>GL7=LN(kn{DgK&AA2Kz9aFE-E+}n9cu#qyx9GVnDwdJ zVqT%IKEGrx7VQZ}fuFUx63Z#-)6zG$)9+688-Dyp{LgOt=(GN3i{G`d1CNBi>=kgo z$l`&I9%t?I$Q5G}n@yN}N;=&4z2rr8x!az+44#|uKDPI3`TKU?OsLQQANZi{sLMUc z`6%ZrKdq+^+HGahi|ca#`@N(oFB3d#dikK;w^I0-G?(|!!|L<?Bn3GRqe3(?71^*7z<^HBwe9S!yXg+NWZQHlXmDzL% zSvvfX@Lm2F>N9QjI(r7s#J}ecS-~NVZ>`F1sp&scHYuIUi#LYKB~yo;t9{A-t%?n` zu(|(?)NA-1B7+wehf1rqie5grprg2NLVFFeGfU^K;mkt*eS3GvHfXfX*_{N_f5djm zJLnzqttqYfXTLmqA_40g@ZHy%;(P5HyV1_UU99Wq4{iB+D|$KbU*ceMPs_GYsr3;7 zkL4d$^#=aO&7p+9*B!2BO|VzKAzD*8m<^0KhU=52@>z}7pVP{xZ2a`;=yJJRi{s7V z`UM%mFHc%oxoi=O?7v>&+E`$9xIR2I)(`Q~X|8HiauN~og@|GcU zzH`a^rdfR7&DoasWuvItG^jymmF!v>9ZCE7z|zE@`|=v}ZPpRFbE>G*@=V~ZvZ7Cw zv1Okl&YUfG{5|om47>|@TbTD1V2`=O_rd$}M!^x>vNjR)(n-GmiB~W9!@qp{8~7+# z1K*XxWA@_7k0WMKZl~oXHG!zcEj^R5S6H8aWG(exJPO@;@tyc4GA~uvfB9dmPb4-) z;CsNgQw0hXufom;KGNXZaOBqPr1=Z!Xs3ZsGu+z6!m_HgBW)*6eZVK{eQFWM+hdh&qcW%%t6By2@hZ7guS~*@(y}^xi@S+xZA?g!llyp z-QMioqdsJ}*)}=8GK+ST%Dh9M#;!S4P%m{#Cm3vFijc-#_OE zZ9WcT8`SzZ_k%lxFTfZ%QyXF)t1GAB&p5j30qWwu&HbIJ!&MK+pK;KT-ad`#vS_`0 z8s*z4pGNq!nfBb@J&|g??19wwOXc4MMt#0%?k>#c8~Ps>AYk^h9A z19Sf@eeRYCz_%QExuGt1OO0q&I0kR{t>{891%HWgc8l{fzT^VoE_djp*`wJFek~l8 z#UHhC;LP~LLE;pJlU2*U{H)d-@Ctl%L#616=h!t5Ws>F_#6lW4Q{Tx;mNfa}dGEHQ zxun_Q!HRC)qH`d$2VabXr{as%@UXZ~g9S4=cY;4r!AzgmRNQW98GS+P8OoK4-ef1I ztxH{B2C7WWa&N8k5sRvQEBmK^`T3+7b{u%@wtUg{{oNZ*^!M`oeb~B(_JdKpC%Pog z-v{DxjQhQ+JG;(=K0m3djP_N(@_nuIx^8!42r`DD*^a(TL?790eV6GRBkkUuZS0G$ z;_>TzU!?+IHSE?N<1Ud7>dIc{%3iFymEz5|EHRe^>vu19<7;)iztD$o6nn}rd#;Cb zL-+bL^8JaL-@4rQugWqf{(H!m-1kRRHV$l0nz4Dm=U#ibTH8`bEw-Uhb{4X@o3DTW zG|6z*xS?LQj@(U0(3k2hkHZyAYYNRfGJQSgudhST4K)X_8#ECUrWX1}cWtQ+&WW!M z&Tg5{cfpoVOA2`j-c)`Y-F_T?6XWok2u%1v_E0cZRV=x<`-#kQY*ow5WcpTObuILJ zyJlri*UFjonj^}Wqq%OC%622~*e0^Q+@mk_UBUj;D@Fi%+@vWIlPw=goZPLjW%oSd~ z$5|b#llZYeax-rgt|!e98v~qomT^|3v@SPuqVyHs3CW*Wb;r@keHl`IU3R(K!@(CV zyTZ(5O`hVeCdsM@dBqKqTn{Uroa&Fa202rF(Aq<^uB!5k^)o*4+uL_!X-jgfTZX-b ze)>JjYl&fsZRIn%=!bdRU>)qTZQ=gf=Yb(Cg0X&b+_k{!Yep3V+3aR_wR`k+mQ3 z{GkI#k$;2<8H2Z;>XK5fB>-e)=AHT7OjuGPa|I~wlwLVbtz&0Xtnmv zS!YKz-*veeAB+Dc&4nMKC&;cFmaOFY>!MZBy5wBaoPI#^Q*`LdsrPOhW&E=&+`n*Z z)%DT8sH%*FtD>A+`LAd{(GdO<>W}!tJ;dZVU2>7ViGqgK#4z0tlxpP;A@(XvNmyk>tEH0t%%>H>*&5h`UWgc&)*FWza^IN8|QL{^;~Sa z-Yea-tTwv+#r@dEYJZEK+jW-OKK_#0CDr+^koxr5J{-SWziIw-*1&Inz{8*ATgUT! zy(@2z5#2QpM$SDiUl-(kE#pJBLobDXJwbFY&Xvr!I$nW$c1ZSeaI1_qKI2oxT@g#V z9JsBY)E`@9 z@ygnj0y;zLet))G4rn~xb9Ripf5*G*O;w%wvj)e``R~br^Q zR}O0qn^5*3_Wc2r-NE`SOu6T{E0pi4LzfPl80P-bw>d{}sAib<1JstrF8^`iZ2n$t z(Tn`Y?fu%6(VgDH=L}~mEd79EnJw>}gu~h|`()cC58Hb!C9?{U`F$*1IhyzJ&aBk< zpB8;^57CM7f6{8#j?7_v<$)EJM{i}U2drIm0Q~V~H%}+)%b~j5)I-#HiZfDEcRKyK z`}~z?h4N3SyznJ&6B9gyA4=K((mG!E&M9VJgj8#z3TUek{1S~7=w4duTg|ybedkV5 zgHM@afE3Cm(zCuiep!2$#_jt(+PIcWFW_Fc6`V`<+emW0-1@!Ko;|N2+>N(Jr_ydz zb}pWmNVjs&r!bCQHa7IRW7zU^7p-)th8p4zknf|m>EEQbDJC{?+|jw#-muJ+P8@>2 z=9H@ySM;lvzRX^);ysFE0Ks z%Xg(KF!yFlbGUHYb6Gz|MIekEJHJM}+qa8_q1E#`xZglFD7*I5xX?kq$aouhpR>ys z+VvK?bBuClyK)gMtcE3&MyiZM+0=H>6!(EWd{_{~k?{R^mT4EgKGU&4IE+io!5zO~lu zL3R!0`Sr|Gg7P}YH=4A7bS&ix+Xk7w=qcogfqWI()K z@EO#M{L4DN=Ig@fdj4-0Zer|{v4L*YJ}qsW#{7x(h407I zzJuEX;J@q)oY9#4g!WtTw`*U7{ddtm;qom5t#Tb_nr@F5$7;OHdpJ z`8gM9JxV>Zd>%Ww(e>5t_kb7B%Quduo@YN5cnTN5k*?J9Uq@zQ1FkJ+4`f2&qP^jQ z^tjUc^w?{fe3_{`WCopOajkp2MYng)Gcf<`JeLH7<8H2tG}pvX2wW_XLxyCvf$a*Int;>D; zM);!DncAkBK9Y6lG$GmW?463W=uA^hQ1=m%o@Vb1B+uSWnD3`kw&0|)16HT%N z>sMPGxXa8$PwPW}LKDOETXz*=d*oR#J#Mtp({zWS@;Vd4_tPm`a8lU;uIxZ!U~%Vo zcX@aUF{?%+lPykESU#cs(k%h}lsMmR_etT4RfhZf;D?H-PK-d`rjonwaXLe3Wes{II&pdk=hV^h9_k+ezjKE) zkBNUYW5AEcp_9qjm+e{lbZt$Z|83BFmL}0zk#X4Abk<&UQi7gt+q8U<*dMq1YcP8T zH2ISoOswj9#()l8m%FaU>UON>g;z=Q)#G-~ypJ25kLys)U1roTRrZ_=cPE2;F2?4^ zBSe$E=T>`smu0*0R&s@yQxkjLF;BfleQ)XxGB;H09cNpI}sWfwEeLcTNDKeK)a>`)qFZwYyDe(nNK(&d48FdphVF%u!UZt6w+@ z_)t#edG?eo7h;_OpLONVDz1VL?`HhVU7xG5!w|zq^M~I=RCRKv+F0H#%mGJli_#|b|)m#xPoj5++%WnMwRF9?UOAGUS<|G-R zGu_CDZ?Werne(j?=q#tu)xK5Y*HgaZkJMA**E8|>so$Tt-@QNYe`*~sd5N6KuitkP zTcRlsZzoH4iI1Y!Sp74vO9J04aJT!Z&H1(1a??u(W&I~SU=GiJLgVT2?iklbVl)0o z)W4njCW^-Da?6Uv|1>Y$lfgQRb(e1=SjAf7a(7mD1+*L<*(rNK!%L!Pz3bM_7mL4g z=Kq8}p#4N#i;-Eyw)paO*aH3nzxV3tQDR$cddm#oMQn>Fu@NlBM!>sC)9+c%3g4kT zu{R2{4}!n&M%jK?Gw;ndn*y!pscT@f{A1e{>w*{-hkyAwVqHArVqI+e%*Em#nI)s7skc}uFG9x?=2_A{;#`GF76#0)#stI70mjau`c=`Z?uLFu~w449mKB| z-WL3=p5^Tb;KlRcSFbe!dwWj)y7-I!+CIYbcP*ZI#}2qP_n(Y)LEX0qcc0z{5BArw z_@W%^K7WX`&h@r=PaL*U4lMxPUKhc=9A)G9J8^?>vC70rMk7&SKVquG=hDB z?>I1+K{v8xDE0)t$Dx*ou|F)cHjOxaH=--*d`iD-ETZ@P*r@Y5>V_6f6n$E$^tOO} zgSu@H&G6F`YybM5V>)4j`1FSVo(*E)AuHc|*rKto-SJr)#F?9f6XGLJ_v*(dJ4UeH z|8JfrcQ#EA|8W!4T*KGk5#}nZ8*P>@3Pa?1p2zW!1SURveKl7iDb5)o7tNXz# z>GSg>&wX1|pQk#en)ofXil^|O*B~nuGc&4pQqz;=yweD7NtZ0}`LjKnjc)ZGA0J1@iL~9WTn^AIZ8vwAEYRlP+J@{-8j_2WkjxYgp%UFK!p%Tmw14i4Kb9Hbi(50JiD*#oVt04A(Y zLKpgQX_pR>9ktc_RC|e4Z&bhRkKwFYl?m1(G4%5De7^_YjS`E^#$rkjsgr-Bbol-8 zo3LBOxFhKi(t>&n=>N>Xc0fm|yi<2Xm`u@cnrQ zhZ6Ncuoj#(4?e7;ihW{v1uz26rFopTb}#C(dNuaS3DWPuiv}M)SKZ>^Ge+aIJlFOo z^t$U$Ne4VHFDrnJ`p5iSb-DF(B(|+TPgj+>{zWQ*lh#hG#Y3!@qyy5QuRZSOtV?%h zrGCnN*!a3T-e>n*@PiL!w+L_gvES&!0{rCumvg0`icWgqz}IHv>+8v*M|FCiR(Xk+ zv&*RqSuXoT7Wz$^@M*5j80)US>Lc*7XESuiC3nHQ`t6z%9{n}e`8{Y0o|~sF8=IOn zLS1hBr6>FFvG>r!{t<$27BqK^U`v;Io;YL-Yw3R(nPx4m_8Z6j=QXlnG3U&8-601* zU|aXP_>B*@3yJyZuYKW7>~)8X9WU!%H>c=s1y9(y^Zkd^=0M3Q(MmdYd?@F5Lh0Ce z#g7i@OpnWl$rreM0eQ;WGKJ(LE*~Kub@?dyB9|{BA9MK_`4X2eAz$k9rR0aYy!ue? z^5x_!(y?z2T}Mj(8!rD1@^P1slOOK#!^u~>d^P!zEYK8gJGE`L4w$*#;~^3z;?8u=M6KZE=Zm)}9Y)8#wK z?|1qAm^^Rz#VM6*xroEK5wFyKAtNtPd!&m9E1V0z?qQMS61^I`hjFSG+B^&wzT|& z?$Up)@Cy5dl{=yl)!ozPRFy@Zz;9$DW=}PO42!b%3}o7p<%$EE9#QvzKy}L3S57uA1sg%2{4@c7D4ieuDe69tb6AeR&(-9&ccKI;* zf^_0rL)T5EzFKpJ@>(DAojmx)TAhB!9IUo((fPR*cCTbizQ0-nXgu`06dT$D^l^~- z7-vkxt1e_MRGJ=i%>(J=gk8=3i5oi)9`o42dY%*GuD%?)&O*=Oj#}`DxOJk-)Wg>> z-rj=qNLj#Q)&^+05!gyQrri z^E@yq`~A?$DcH9d>%`K~h0v6hQH(Xn^Am8I(gRMw+rg}WGKDT*NIv575%N(7%P9GC zUH)A1MXpQ{`IyVc821+xi|>{J=oa&>42|OJQA%uyQt+*s_&3s%W9jo)tF!iIU#FD0 z38l@Lq1>BU${CM?l_QC}GsVmlUV~!^)h(U~-9RCv&ord z2lczo`_1CFp_zv}@uxj@Lnigk1JIe(uQE>`+I8(s^r5X`D8JRHOlIQ;Cw_nZy=RCT^ zH};tR3Dv9md(?Y(Dr4iJlv=-MY*^HLYv$O|`pg?|imzBdEYXXTqvhBrqIn(} z?+k>k3`K@Z*OxrknDY9Lm7VYw$=xU!UctX;M|$ePHR(}@^S0vx>=}ALEBi1$x~s@{ zX)S@j!CJ;q&|}SnKYH(d)6`8#yVt5XHF+4yCT;aMe;+VH-%I2}qdLaRad?hB)4vGZAYYLAbnh_e5Zo%-o`;KIBAg(WP|D1X7*rt zsc2p}B;Sbmzv8DLpA3907VujGcqYFL;illMxv+O1&A)V5>aj}AOBfxAxov$C{`IUo z^Hy}}DEQN?kL?*Q@YvF@=1+Y}nse5={>)Zi)F-WN1nbZA=f{43diJHE)$dR0h2mkh zKYl+7Tt66o;wkaY^oaMwgJM2jMUzT3R_W!cA3hPax-ER!`fMNv)CPV@x_2ue zIh}bVnvi^u4xsZ;;8clt#?yM&+4oqJvp3@VhAkxiHf;x%76AG9XFiP|biP2~qn#T}n*ug!+%| zzS_aq-{Z4;wCF~^xTq=h>ScCMp{kwzyeyv(=XW07D!=K5%pT(5AXlxurp!NoW$}P} z<}1-#EZmVRS8(QDd$h6#rO&Tjlb+J;Z*q`21ML0kJW}+MWmeCLX6C-;?;p~h;+G>A z7BF|^*xgf%`-94HZ>_iYe_eS^6Mmy>ZtZ7c*lDzHCA-o=bcu_>8^uGoDBfx0ZxY2n z;9~ur_Yr9P8hX{;_C6i?0ErLBRVOlS0D4C`?`ZuO)-(4#N?ty?@|{*&L4Gf+Oc3v% zGU>kb<8;%Hek4ilT_yNy?9{mU9#sGM-YNeL(&sa6rSc2so*c%!jP=C0vR&$5dYoPF zt#z>+!wY7h8{Aa6%i(HQe*BVawq5QrwlFY%90rxZ*ur3_gTXy02lq4u9S-?DS7yGL0&)SzFa{}Or3)-Z9J}eDC2}=6JdHp~j~3OrkyY?TQ5J(=pg#DU%-U z(;elGSQwy(wz)k^`lmf&(NCAH8(*4J)vd8he@$?Ij_Nqo`xYkjH65y7lR9)Y=h4ac zpRk5DqKao>*Rb?&DKw}$^wC(g!W8``wP8Re}0WpAY8a0i86y(sUpA z3S&%w*>|F9Q{&;iPT&_7?DFwE8e02~6rN_;h)5HnwHn|zqnC$AGZgrO^f301-gTX_Y~@&ZWS=1styg4|NMB%fa(>^t!s0nJezZkC6M;$L5hg^Ucq{o%lr$_g@eLOK;g_F$V z#(e*~c@1=<`WbISdNlR-t6!5w4&Hj2YvTpKjdUovCiTqfOdDa^=<8@? zem9M*xAVFc+J5FTKQ_xv@I}U?xo#dpxqff0pZ7d86fR$LYhTOLV~VL*MBGK}Ql_np zce#@k{N4%NcdFm$R@2g1bD?0lxtKGZ*bi>K(j-QYCEmU(+=F$+y=-|M(-A(%Wj0)#R_ep7W=18{6@#H4pbOw_Rz1*M6&C?(4fe zZ|<&jg~L0I`PMG;jp4gYIpxRLvwOsM8|;C# zvjX=lc5UsR+_3)8)_wR0FR}Oe={Mb@7y14GY=z^vvuWI`b2B%+QlEM5Q=Q3C9H4UP zHN+6pUdd$gHtvKy3(-!#?=xC6Kb!eAc8d=_ZK|Z4Y$DR(^jp<3?%o)^sA=wuhwxb< zh9Q1O=zRC9{`BRsHA^pLjeM84HnXf9zOt_gJt91J{-aHd=Zon9uhi3rdhvtIYS#Q) z;brKA*o2Ct3#s44Th~5mcnR|<8mJ(y5A_{M_fH&6mmxps{FbOA!^W=V$oGM>B!vCGNDjdwP>)Cg^f3F;YPQ4VlNKERs%S|!w zNDmAG|3doj+l$rzKhpOHKWE=F%j!+Ky1t&VmusxrAO7q4S@^0TjIuc zIr2|1kxnYxiQrsWZQ(f7y;I`G6p_s-_14vqdB8FMzTy+RI(BE;I*(cz2yE#`4BLIY zGRgQ`-efMAKjx+~anjrz^5^Dq>alavCvjBkwRD)c$f+xweGS@#e&9jv{@MT26VTjN z$x=&mtV^npscJ`lm$WNAW{l`JZ0%wS?)vhEsXuoFr5j=r^ic&E9bDq&(H zw|XBmgP)>rUrzQT-VDEim<EY^~r@sB7s+*#$xe@k1Lb{TrO9p3dEroYM?f4#8fd zI!L9H!`C?PY|F){L*)lE7egtJUBuhT_j1h*-zAT?lHxz&Z6KBHYHd1-ekmTro@%^N z&pw@)nkhS!nasOGDh)8(Z0coKtQ^O^fb@aqifdlPIx#H1CEMN7^WkUcg}hg&Jss_r zU>gsyU*X5=!Y-W-o1L`lk0a)J^A7XdkIgXZZ_SU3XMuD)zUI~oZJ+F!>4gE=v_IL@ zOiKOZiSacAyfM5t{*U!5e#r0F67SUgl8q-dD{5&pH7gkxY}Fs?o(UX_W*;znu-lI( zUr2hr&XCYvdFrjIrZ{~hM!?O)G_>@pJ~NJ+`Mppuf=`SWoK$DqIL0{N{D8Y+c3h* z^8K$Vvz>G{Wq?m`2l?A;miN&bzDf1*{20&I-u6$HA5>HvWX;llbW?(ODcv+{agRG$ zroeCBFagn<_!jhX(Aku`=lsvXR(Q<5h0aZch07H?h?7g5wmsu$^W^sYw$L5=?8iUa zFh1KJcNT=>FEE$m3WqP*!(9I5)jp1aTg*d(8))6gU0-!g4mM-Z`M~2ueV)JFa%I+B@+08TlfRwZ_a3kU z=5{YkeTEm6fD7V@MXAmBPcJLAJUaDL^oh;BZddV~h4KD$ZT(T(wq!OpR=ww z^F%$1>Cen-SN7XT9pih|G2iv)kyH0ab{q8xJTGW?E;Leekb16P1!?cTe9n4m*pHT< zb{>y1kG+GA|IrBPWp+N%A2d(I?Cr91ji0qI_n_gWmR7?{tDz{9eF!oz zWlytB`xzN8^-mWyO+&`({5<7CC$$&+OnV*d>2{pd9)0+1n_kDsZEEd*6>F2?v8+$# zGu}red>Tj^uIzn0oawO=Oxu}JCwaXf)h zUT)Rp%3spDDxS6VueY$=Xv!x}`$BHwmEr1%-y`ny0P1?Ds%c`3XMK4_eCkw~XNRg} z58Vlm7JoBoQ>Qj2W#&i4TS`bRJ!F1DykFwpr+yMEOx;ARxVMv$)N?hFiBpf7iPMhG zoj9Izf$#KbO3$B88+_-YfULE!5RQT`knrLR~G?)k0k@)YbAoSXUN% zuj(4d zukick{P(lQyuXzXKLz>dFUv>o>6!ns|N2*o2A#)yw-jD$g1N26; zwAwE$(`>V6o&Dt~@BJ<9)pcdL*mo-*e)~M_nUFEw`$zWJj;r&2Gg;D@KK2Sc-`$rb}!1(E>Tle-@9l1xpIY{v)pV3^?B-> z4e&lsxom+gSN!MtXZ&)*{#dy|FWm^7?>VAi&9qzTV}^!=hsKM%Wb)9PL#7RB-~5c?>tnSP<`I}zyBLP_j+ARUnISsbf@?JJ9m<= z_qvw7LVCT|^D(ZFp^dRYMKKj1Q>ssB!r-Dz4&w8)xG0Hqf{^=sG>lZuufEz!f?w`@t z&o=Vu^tv7gE{`|xS;gmZJ}-J*Pw?!C#eDXAU2CXs%^W^2^ZC&0`d<+~<$S97%-}=& z|7!^!-doFiYb*Fr|JohgI77SZ5`0p8Ht;#(b^UXUPXnKMeCWeJcX?eur_P_(^SOr) z^{g-8LmTTUx1KSrU&d!UpAWsRC#myEA`(A&Gavf=2>`d>Uf%T)mpD>Qwe3)^V!ey2%pJ(`2K&oysiyH`OM(6f)Bqx72{J4Jn7Tw za$rXKGsw7L$7&j(bT^$AYytkiu2Ahzn{_Yi5e7D+o&n(@vY3VcG7y5l6{o;!+HdTN3 zyWg#j&W(<`Y*cyq?5@tt^vv|>-+OCo^tI}@->!Zwn(aKAJKC8w!81nYMxGI**16H> z-0CQ=efPWOyC(D6Yj=L-D_=4Hm%Vp^kD@yN#?LT2Tw=sgL8GFcA&CUoB^N>n7(#$> ziQFQ01tpu^O|r7du6qdq5m8a`Zmm{pwbItM)@rq_ZEb5?Y%QfNUaDxlpwep9Dk?XX zD$cy$=bST}$;C^5@9#DKKYwQ!=A7p|=Xsvm`#F$or@PMX|Nkg2z$$xE#y!Onw+KrypaLYlHdXzA#qV@K!r64B>Z9bn2kHe z@~RuE`mY1Qt=scTnzpjaSY`Xp?d{+vh_l?hl9H0VT!tqXVaA%OoT?^}gg79mhzsQP zDn@CnKad-?YyiEjPj8J?V!$d&0PXi5R?=kCyQ)9xVOUjcyPbOyv$t$HMDfaoEr+On z?5%<`)fWAu_xk?19fCH|S5FD?$;<5z)?kl+4Tym=@N-3Z*KK|A#TU19kQ_EDo*imx zTG!Nc2-OL_p*|1BP!F+#%x-MyXlbhQ>-J_ z^eWra(9qC`@@#z@<^%d$Uw!YzNAZTdxYh}N4WK9DkFFa`{3%~m69fhS_3O_RbOk!_ z#T)v<`{}3c7~V06z7_QbGXsBn>s5JW;8%reDJiL9Td2VO`>`s>m77}ydyZlBo4p*Q zsz^ufI@If~1{A+(Ct&NgZUMhxfNlqz;`WwxkgMS!$;(*#_U-F(5AJG+wKqZDJXR^> z?9cl5?+;maHIM@E8z4YQF2;7-Pe1)M-aA2`41`Kd=8X6{A}Hvcgm}B8zkbWQ{)bpe z$)S>xiebQm7(xzYL-}ElqWpN10w_)va0rz=C$DTh8=RMy$jciHGY}V}2tcfTCs64k zMQkNI+k#@|c5GMlbMs_5*Igv_v6abpNuGL_$T#?G*|I*ja@|D|pK6r!Q=;-WDSfQF zs1gEH0ZxD_wiRq)Ft9h^DmltsmR8 z{Rq6*R-E%vf5HTzF zf3H8m-HXI{Pek79Zv&Zv^o9oV4pL@Zl5Sq!$p{k*a*K316v1^e9udcX6qoRm1)S)O zr~fL(mrN!kHn~K`-)EAJ!`@fv1P4_Cuc&xmz=<2-5sHgX^of!q@>Nt2U6SHt0^-cB zE6-$=PIx4hlq)Y=F2ZxvML8+BM_os#i(r(7cDHle&UV(Zefu-pw{D03fZr1p3GWa8 zZ*OfVX+S%Hy+88|>;(=U*SampMk-D~Gx&RY zH*7hnq+xwS$w{*L!~QYYryJ#@?qWUK3EVT@!foR{_=FRPkGx0#LLx1}AgL`2J46(h zR36?GIRf5pcdTkyjC6%~2MEGkaaG|G0r8)+@54$wqn$lFR^WXj#(PgYdk@=&@U_m~ zK{w;Q+1Z<0i}y1!?U)B;+A;TwvEJTeu5xIsxA&MZ;Ey_ckKTm$lXzncc<3UT=eYZ2 zo?}5nJIdL6oL}b615e6(EO04rUXjdu>;b&rLi{?=xCvp%_Znz?^Z=e8ID3a-oJn$? zG)v|?@n%Wy#IU4)BFT&V1uek87x?|zFqPP%#pkT;7v06v4ey$?%vVcC9lyK3llH@eUjH`@FrfPuamq+Lx=WHfrB#G z9THadu%uZ=G@<7*>_BNn&fbb5yvv=v<+XU%ID5xF=;FKY?)fk$G@bo}*ULw{%h{Kx z1TIYi#N+Ip9izO!JJy2-zKN+W4!u2i!##Lgfw#09-e$x_o1(Y(qBiATE*$09L1Aa# zrKqFaG8x{8^7ebt+0Pzw_Fc@K{W%@Ldl7#f5jxFjlsFgG0QM@LgU-GUyPf@mu9fh0 zS2_C!Tqwh9fZrcGw?x1Fb%fhgxWL(Oye-3-#}PhXhSPh%7c*GGPa>~ROui6?9rWV_ zrwidz#e3hm>zw`ii7K26_)ldx5pIbD(=EyPYQ_@5a5&o5oQ}7#PT=gwnpiN|94B;f zA@A94*!!kRLfScAm>V`_+6Fi7eRD*R@0(tj8{Qz(e&oizZ{_s7pe|w1e7p-lMUUIyPWue@IB z=_@GR*_Uo`@uaSO*|-a*Hx_<~<{B@|4P$sjX;-*$?|Xnu+w8)?&kfR25#_tr1$fi2 zd_`#w^_KP-bk?Jel)heb>A7#Es~#kK0Nf0C!~X~$;sJ?uKEO-8FbZ=#fKR8e_u7C6 z;AePY6vohj;H}-^pCXUwhq~vHWj63D#GaQdxAC=}DRRvcGThl)8V3+*5A>E+BGdlT zTUw1wd$zZkUHx>qPH}uv;IBmm~dsg>OZx& ze6n5j$6qn+d2Ij){amlU@6*dLpxCA8>|2u^1}F=vKvR*IybD! z@R%D%TDcomWjN1`d*2%nK^d+mn6q#7gYL%a~ zIxl*nBB|ZM!G$aO zW8Jv>mVM}etUbDLjsV7bJ>Z`#&%g#Zzq9W=%&_I9WctvJBP~l;$<@Q>60WrI0rz$0 zTbs2pY2yQeZkqQk`@aF_dSPyO0|F@5Iydfpe^S{95BYldU{$s|ymTn6%JuW^a8;&l z-QlV{&vl1?l1z{%t5Y|hl4rLYci&Q;fz(xZxuiS;PwoOlMD}e1d)Uz@%QLV?JxX~7 zp4pwgk|)_6uH@-4K9Twv`0eiavaSdIsykeca|S-q9sViuzkxYV0sewb*3KxuDg*r3 zzz>{#>uD&Iy;M1R?bl>k2IXXtJpoysK`SM{^@lu3YWy|``*J-mS*}6(JyY<57yvO> zqprQjCC6`rCih4HK#t!A^*Y`s;X(5g+R`9VSI|qBam^>`IT4ChmQ+^w%PXaMZMf98 zk>nEk6*@luAflvp@i=?u$n?+HM}U55NoB-eidATaNGKLerTirol@!NiUPE3_ln24>IZ0t2 z$xflX;D0+FtR1W;pFk!f*K8IE3eN_;>$>9AZ6buvs&|3A zKc|QPB{&I$wU;~!cfUTV9T6__jqIL>;)-TPZ)wtJZ3BRyc~);}pFx%mH=ncb zB5G6OQnHY}^thBPSN2E%U;`e=@~z&|K7%a3q0J6M{=QYsWEE2l?cU1Y2M-m7)`|%w5IK2PPW)7n+4&}fHgy_BZw1Zf?`;jcm zVaE}y`z3XHSa!bQO(#Ql_8&Ic3vMO`Vc+Y)2msRA@dr$i1e_mJ06HBe0Nwuk zFYD()(8GC-OGW*-q*VPpg>~0?&b~{sV_`~H_4A60>wT;G=`pS&99ciPgT44}Sk_PO zN#M7{g}Lty2ml^%Fa2LwK+s z)8)Bd#t+xK!Mo%AZ^Um_GUdtriAJ^GbNX)VZ@~A3w#z+{)5{Tm$k}^3hfH4(nG-{# z%!$o%FD4-yC}TmCX$l^V?B(;mNT0Y;coyP0`t#;b{73*?VLY{Xe0?YbHSigD`uCv> zE#Oc76~Bo2{4emOs~OKsJOe&|39|OE7W~P_9p8sC&=`-#cG-RY&r=rgr7MJo#;^EA z^yhz(0Jz%mP+xn@=PyCl9vZ;E29M}hKW{mRFRn&BQ}Oisy!jJ95&##CJx|ATWFN|a z{b;rn&#`?d17`7TIv%4BWuP@Z8Ur5Hhcc`I|163@wfAqV)-!~Fu^$>>)^YI+f7jh^)WbmdlAVd35hUMUouLN@AIs1N8EEfra9_v)zI4%9*tvKP z??V~JfPZyg@OOEF|De8nNDlDlef)qutHRUQbukb!^x5OuL|?z5gA@Alq4HyswqIX9 zN``@uq0b&Ag9aJ;>>(L+2+)_0(gSVW_t`@-;7o;gPv{{OBI=wK8*U+RI4h93HC&HRg^f9QbPMV~!i6g_+?htvRU zf#&|jeW?%d@6+|kzAU?!H}nvo#|!&1+&3CPJs_yWi`^it2^sqAQ8F9_8T#xY8NLV? zbTFhZpD%(ANCxQOn7(|zKzcY9dg!y~3#5mmp@%+uzCd~y3O)4M^99mF9`w*>59tB? z2leHnWEcP$`s`6M_#i`{JxYfDkfF~WCBxy6q0b&A!$8Q;XOEKMFv!qnkCLI!>=9)b zzvsp~r!ODULqB{Kr7s^Tg9#b>?vXO|gA9FllMG*8(17^1c>5grJ&5#9`MvK9z7uiy zP0rr*E}6a>-}R<%cdxzyYc(h1IZ?goTTv8u-`=nnM&AedxHK2fedC)u>%x-n+AWgr z+HES1?^q8W=IlKm-vb$3==dN&{3l%Gk__EL;#RZFo80Z4V}y;4`q`lj~Y63)X>SJCJ!Ao z8FAzQ7BT^mD1w~GIuxkDBP5X%*(eXlP;P(_Aq*r7l0%0Mos4_vWDungUU;1SM~sx; zI=SKi-uOQH6}PezO3TKUkE&{#@ZOPPmbE}};?ld71gJcW>mRum~==vLEon3#Ow51z; z5`NQF5`NPr3I955j=n>Gb3&%yrt;mU@@?KA({C$}q(UJ!ZPtQ%eNc=}UjC-dR?MI%Rz_7|6A>p~h_&6KIrYNtb6 z%g#Kzp*gy$HI-St=DZ88zV<6${o2j9f9pHnz4NXg-hI!H7JYpBz4!h2CqJE2zoPN{ z3vXF`+LAf*5DZ6};)!#U=U;xsl^0%o>uuk><^G@j{1*@W@>e(h`oZ7)_IFzrT=LNG z|M2i1xBh9{pa1gLrB`iVaLFT&KKA(Eo_O+<5j*&4^De&ZvZtOdC=87G`!nBv_POVG zzVPBpyZ-UdmtXnUtFOKO?>FAu{np#>?Ag0-|ABYkd;j2nKKSs^N45jCo{Z=JS-W=j z4_PbgY+sA4vv-s|yi+Ob>}~aT5#B}pQ=PrtAnR;5>U2oR+52vhth+aBW!=3w4DdE* z?;8)0f#ZD#^{n)1IiL8VBSE`f{kukc#0H3C%RRtf0{%asfk7+>zjqgdD`^1z@p;aH z_+3B_I}CrX?r=7k9f2Xwk?bgTG#dgRehfPne?85yNTV*zRqr8-(a`0+t@eR?QApq7W+2)4!eVWmwk_YpWVrR!0uu{WOuWB*pJw~ z>^}Bm_7nC~c0ckr`Xf%@9ZFZmOaOwXFJ&o_yF!pY!~|n`zL#uy~6&5 z{I9Xs*}vHv>`k_ty~W;U?;!tP{GrMH>;QY0y~o~1{{OHK*oW*8`w01Q-d)qQewwcN zG(+pJ4bTQ^gR~s&FfCU*TpO$%p&g0)DD7x%h&EI^Mmtu^(~i@Q*G|xeX(wtYX(wx3 zv$Ww_zE+?WY9nwLX(P2!+Gx$M1++0*u~wp$YGZMiYvZ&EZM;^gP0%K4r)pK&B&}Mj z!95lCG_6*fuFcS9YO}ODZ8q*X+FWg(HeajPPS+OVUZgG7mS{`0W!f3qnc8w~g?5&9 zwzg7h(1Kc{7Sh66L~F*~qD8fHv{hP6Yt`DcxR%h))sk9DOKTaeU0bbnXlt~!+IiYK z?R;&$c7e8`-$LzT+?QyV^joBD(l+&5(r>AD74ECG7y6yiZ@G58c74Bwej)9~e$jp{ z+ShU4qJ5)ZykAoLX1|QKS^Jju9o*l={XOkY?aqD|Yj9)OAyH?%jk-P&8) z+uA$Y9&Nw44`}ad?`iLA2etobA7~$HhqRA0TXS@ru-E(Py6)2ry}v#{AE*z~bM(XX zT>Wr;uzrMY>PPBF=|}5B^r8AO`muVRew=>1eu6$sKT$tPKUwFxr4QHh^#Z+6KSdv* z7wIGQQTk}zuLtxoda+)jm+EEuSiM{yr&s9X^-6t$K2bkauhJ*!)%s+;MxUZj)u-vT z`gDDUK2x8i*XgI}v-LUpTz#HCU$56s*B9su^+oz(eTlwQU#6d-pQ$g`SLkQyXX`8V z20f@Z>LER>NAxDWS#Qy!`Z@Y4J*KznZF*c!=;!K5J*B7hjNY!V);shy`da-weVu;3 zzFxmT-=JTpU!-5GZ`3c*FV!#8H|dw_SLj#jSLs*l*XY;k*Xcjjf1>|XzhD2E{&W2o z`UCne^^zE|I;@7E9L@9OXA@9PKk|L7m+AL@tnk91qd`kznp zE%52SMZU$pCB6Z^Wxg|fXZn`=a(##U2K!d}N_?fhGT&HVxo@1W!Z+Sm={wFh(RZq^ z$~VbZ?VIeY@lEkf^-c5D`lkD4_-6WM`RaV9`DXj(_~!cN`R4bMf5Ly2zutE`P!QJj#?OTKUJlyBwz5w@yxG(Zu z?Az$O#CNIhGT$cO<-RL?SNg8HJ&gO0zOBA(xc}_? zi*GybM|_X^9`il!`@O|hz zI(j+(;Pb8c8E%q>YTxZmc#sj5Wqu<2+-XalWzMxWL$8TxeWm zTx@JKE-@}OmKw{9GmJBh<;Du*EaPlrrP1)eO8+urlX1Cmg>j{Em2tIkjd87Uo$(dp zdgH6c4aSYe*NmHtn~kpWUY&O1SeB1brafk6;<9o*UjXRAW7J*f<9Egu<00es#vhD_ zjXxS&jXxRNj6WNHG5%_7Hy$w_H6Ak_H~wZkVLWN`Sz(UHUx=MxPBc$7tISDewK>_WF{hYQ&1q(>Io+IL&NOG4b>?a2Y;%q| z*PLh0H|x#Q%?0K{bCJ2&Tw*RYmzignXPV2+73Nvy+2%^K!3>&>X2=Yi5wpo`He1Z7 zd5*ctjG3)wn;AC~=DB9lOqppjW44>C%?@*oxz;?-TxXtdt~W0*H<%Zi7nv8E8_i41 zOU=v7P3Gn173P)ZRp!>&h>&>s4H<&k?Uo&qqZ#KVf-eP{kyw$wT{HA%k z`MCKv^9l1wbBFnq`Ly|W^BMD5^EvZ*bEo-&`J(xfxy$^A`A_p@^A+=7=Bwsw=IiFa z%{R<9&E4i(=G*2w<{opexzF5h9x&fEx0-)4x0!!7|6=~t+-^Q%K59Ppze@i-^L_K6 z`5*HG^F#BH`H^Xx4rg5B{kYD3+~EEB06vfp;yL^B8GpTtk*oLhW2&*ufake|Xw@FFh0b1d`oVqU^ac^Mze%lSB7!N>DTK7mi< zr}8R3iC6Q-cGWHlM@i@_Bqduji-p1$-f2#251=d?{bX z&){eB<$MJ{i=WL`@&+E{jXcD|Ji?oJGjHMaJ&^3h6Z~AB@C*4x{9?Y5U&1ftm+?*fa()HBl3&HI=GX9R`E~p&{CfUXegnUee~sV7 zZ{}a;xA1T9TlsDLoBVdZnSYCan}3Jj!N1GD$G^|-NN4}N+iErb7=6~UT<=goq z{89cGf1Lk~Kf#~mJNQ%lY5sTq41bnC$Dijr`3w9-{u1BC|H1#sU*@myfALrOYy5To zZ~g{Sj^I_ewJ?eEW_$= z4X_4UgRC6uFe}$O+!|~hVVTyE)=}2c)(~r`b&Peam1iAi9dDgr4YN+PPO?t6xMf+x zt$eG%Dzr|qMp#AGNNbce+VWcgYm8NFl~|=#nKjlbx5il&)_AMZnqW<|PPMA6NmjKr z*{ZRoSW~TOR;@MNnqkefW?6OCY1V9Ojy2bsXU(_jt<$Xq)Ewz?eXIN)i z%dHjGS=QOsN-JTVYbC9em9{cgyS3Wtu+~^>t@EsP*7??Y>w-^B-(X#6U1VKsZL}`2 zF10SRHd&WjS6EkCS6NqE*I3tD*I8e&uD8Bw-C*5lea*Vby4m`=b&K^4>sISF>zmf? z)@JKl*0-(iSa(?8wZ3P4-@4QKfpwSlL+ftq9_vTez1Dr!kFB3rKeg_+erEmL`i1p? z^-Jql)~~Gxt>0L`wSH%9u^zI1Z~eh~*!rWj)%ugQ&HA(T7wfOqcIy%AQR^}5aqDl^ z6V{W~4(loFY3uLSGuE@#bJp|LPU{8hMe8MNm-P?ppVrIPE7rfPSFP8q*R6kBZ&+_y zyREmZx2<=qJ=R`ppS9mQV7+U-XT5J7wEkm#V0~yEvOcnG%fTNP)$D$@Zu@M*?r#sU z2ik+|9Q!ak*FM}HY#(8p_L25c_R;nbd#HVkeXN~lA7>wLpI{HOPqa_6Pqw*j*~9I8 zyTC5APq9bXMfOO0ls($^+W~uwU2K=wrFNM;)-Jcl*%kJ9yV9OuPqa_9tL#a3wLRIc zv8UKm?P+$cJ>8yR&$MURb@plYYR70vcGMA$G*e|ffyvVUzqX#d9kt^GTDi~W%Od;1Ue!}cHT zt@fYnZT6q-zu14Zx7&}{kJ^vfkK2EWbF?$W8R{J4 z9E-oEdz^E;bAmI>Ing=EIoaXP6lbb4&8c;!J2RY_&Mc?SIn9~v%yH&A^PKrky>q&= zz**=lauz#FoTbh(=M3je=TxW4ndDSElbxFXQU2x53g;~6Y-gp@-~^pUC**{kh|}aW zJ1tJsImcP$#GF>A&51h+=UgZ0q@1*qaoU~LPKUF`S?iqVtaHwH);kwC8=MQBi=2y{ zjm{;`rOsu}Cg*bJ3g=4aD(7nF8s}Q)I_E3S_0CtF8=M=RuQ@k4H#=WN=MLw)&i9<}J9j!iaPD$`=-lnxr_TM(&zzq- zzi=LKe(C(m`L*+)^Bd>4&hMNp&O^@coj*7aJAZVxI)8GuIe&Kk;{4Uw?mXf=>OAH= z?)=Sp!gAc{)=)C0Ya{l4`(|Or>#rc=>s`Hxjy7O=6 z4d+c~xAT_sw)2j&$Jy)bbM`w2oOhk~ocEoB&VQT_oDZEt&PR?de)sVIcnv%6B(a9Q zZy5HWuPS^iy{X8#aAG=J-Uba!nUPk*aUvu`AZj-W)#l9lx zr*w{#xi~EKQcP?7&l(t5ch!c=kf>*bFd=B8}qn!j2qv`t-SrSsm2Vnh2(& zjj;$1#oL;q&6y;kz>!+yN@ISGQbg85+#D8fS_#IRc-OrZ5%v!QKCHwjg9Oy4Ol^OFcw7{NHG{y zOEQuQ;EBiDBLNrQ0-DM8Xeyp$v1nVS!@sJ%l|>T4MAF}x6et-}##%zbSPU%}tt1m7 zlT5MZOeB@2!p&YXmy3u3iMC%H7uKC(g{g`D6)PsD8#|&9AK^qIw1SErZEK2;Nq3|L zw6JjM{P~N7O5D~}9BPTDV7k$^L?-P53sRAEq^+IBGieVr2$9;+ZUZoRaxal&QxI;c zDH@B#SRxioH^q~!0bDF83tN z?4&kfd?yaVGnQp@)X&HH2_P<*UeD%EnKoepn>BsPqFD>(FO|`ii^sA|B21-G3Rn(} zoyBKI(6(bd7)wTi;Wa!K4~F4Jib^^PE5}sEI{0Yr21oKDxT$n9oP~H3b66L8u;8V5lTj45!fXD${i@PbTZhMLj6S8Xc$bS4ZgIsI24P*fd*1!nju*4 zxtS==bwpSzsxz93z%zzZY;`hln!sAp&)HK*$1*8(I}=OHYFDLZ8_g z@idT0%!|@ldc4WlKUElUaT|83r*gkTph|(T>w;{KddE&|6!)(@9f_Q0yR_X%6GA@12Ns zEG}Fw=b=a}MqRLgkr(C=C>#y8MN)9az``H^Sm>ePMX2AF*22;4pkozE1)9QYiG)_A zGOdzUNhLJFc`VY_oNf^y;JLtHDy={S1ftuouxW}2kG8c#b+C2HG!lM|#(R5Hc!GGM zc-rtB-?|1S6Ki6%*`o3k%p=0%=r)^T@zoPKX`uzpXA)5ou~@Vi9HD|DKD{-OUc*OnR+u35ah9`SBESqFbmbY4knRgQMwsO&q~&~u7mf97Zfsose$^#V3MEC_s)0TO;X~I7S%MVW{TG z3RFyBVIYQq8Mz1HCtMr}c4HtaoDlpyjj*8c^cvPo5!vE9fx`JmT)5?S%P?NnHHj6u zW7d%j&I3a$bQtKo1C0@M+g(74$VxG6g+@qF(oD25)5I{MqO5HgFt8GiDn>+FsKv-F z2Wa5QK4oxdeLMoXEjb$Imgo>^(9A!UoWK@?1B(SpyNToMJCK9(k0$Wv= zl8dJ?ffQE^yo(7Iz-Td=NHcW3E@~_d51GW672`1KP$QyuZ_0?u1qD&Ds>(&rOQwsl zws7Hc&>;F^1&NBt;2qdq zl8>V~M&O60A}l&UH91)#XA;sQ)wQBS;3TGuJNw=niKi3~W)3kpE00Gg%=md>MpBg2 z(Q4uxo-~JHtPVrRD7%w4CtZnlhdk4QZ6nfff5EU2kQ_@SnZstpGw4rAWC@|JCf?Kp zLl&NP9*Tjrdz3)5QNoLo#9ipAIfbH-!vqF{ccW5I6e6P6UcSVRQS35vI{ zP*6Y)?p3&3@J=E*FuDjjM}_M~xGR&O5ML!_B1am_a51-o=Y{=5o7V6dQ|jhSuf^zz z>I3Xi1m2Er0DT@@b67&4R@8%NN1v@x0{b%}idkbK4$bpuibEecOj?WdE@UcdaG)%v zt{HzQnDk2{G?YmV!{SNa9z+2<2tBoyLg+QcpwOMIj+7H!<+o}+i!-WWtAiMpk>v`H zgz0S)=&yufuXH{1L_TlvoH<^GvbY_SXo&EfZiz5LcY_!cq5->kAbGGI z#iNX$lHVOo()7fe-wRhl3r($Tk0#SRz|rxdg{sj)k&Zdo&!02UbVJX>ZPM$t{s+b4%Kj zJ&Yxg7Ft+ABg61hvZE17K(@?IU??7oC(*~pB5Bx+gu_2IHC6^1G30FxrdBZ(hY!IV zDU^2O7(Qa~;6jQp!)S`PrAJb-8wp6sy23qOVqr#Z=!&8SuFur8yA!)pXH(EMn#h_3{XfT1bwGw!Eju8sY zXws3%@N5_{d5MQw!=xsxQ_*mP7Pi!k$c?lHJ21Av;}A}*3ZSh;ViS31V-3@26vAMy8Gc62NOFX0=AlfI26eGD)O(^Q>+II4;i#da z8t#kX7mA(^$dMz>g+Mq#g%fF=)IBr1PLaIglMi+^OY?z`2H_cxb-O60OJpg@G=}o= zHg{aeVv!~qJSH*pR7-uOysJaAp!e>ODG3y4rRd^1gUFA$tBlW@v5?iyU$}C{ltn99 zg4UE0AyydnqsIeU7|U|X2TGr;q+YV$fv;t zW~>1*!Dab0f>YtbRJ1Tv*x^_IFbTwnsTH6ezz#1c7VGFb6QPl`=(K3Hs~CSDSrDW! ztUxV*W1TFC#d4ZB)0!E&4-$!{5MrHBG=yX(0X3kV1+buu=@d0$S{$L(YmkBA1X77e zB+QyHYsM@C%irm^c(aO%)|Rz_P%t67$xOH@kjf+yn0Ep@m1&es7Ax*;VYpH7?}U*s zV*OqCT`?EP&q|{d1zDrbSXqYm7rKn3q|_?P8Z%g1q+VM#Xevj5mUlYoAO;AWG8(&~R(KU1&h1(=0dA zOjDO|67%|`Unm<3vGW(oRo?n(qKj*94hAGfph*mF%0wTN;-hhnhx#I6O)%FaR&iKm zNqHF@R49sCA?!c~eSkaG5n-f}0x+4!LYG*jbz7YK=JnI+(0;`B2__QcJTaoDnaha6 z)Cff(m#w9WC)`XQJ}HqV;7cU+1(o}Rk7KTHCQuhjzbW%H2Cl^IeF^k znHqY)Ctw{q7DHDcA=GGHh%7Qk4bzr{3#E$1Vq7ykKd&pE?@dZU<4B@j8ciPBkZVI; zl-l~b`5f!*8I0&Ku}4RNqGP2GI2q~?Qmkv%)S5O-NaNUg5z9c~Te8LepKmaH^Nz{9a(wdw~hvcFRjqOly`FxB$J#m-gzG!JBMUHw8&G!&-+C$$ieNArb4!y!V91F6B# z=o9^uY){>RSv7gI9L9cES}ba}#xtp|)=P`0Fi8(~Go}&bzP&J^53$4Js(}1r3zny1 znJz6@Aj)ox!)HVjaQSe>bL;D-iT}#7rCG3OnwLWztgjoWvTR(rT36?^QJiGc2}@Cz zkjk>L<9Y4eE|x2>y1_te0w*CvA_d4FPN4ucBGOS&VC6(Tx|msC*TsHPtr&uNyjfQV zsI0@SFWRbXWwU}<N}onR+1OdO#|AK(L9Way3Q+a)l37PYyH)y~fZgNpd!Q zT0J&+JGw#Zrca-ao!-jwE{e_qmAK0mVXR9XrWZ@f+Z&vu?hQ_|_XejD^aii|82E%< z;nLhN&u>gd!!&?N1!YyL_}pnz+@$(xbEnm1WAheIT?|(zb5S=${zgS<@qcx2jT=p2 z+9zjYP%iaaU`iu5;_b2(ZjL;0w*+DL9z<+J&`3ENP#J5dFY%X^mX0fD3m4B@>Q6;m z8-sEffJN4MsKORDcm5(j_ApCJD#U&ipGDhBL~^PS9*Ycf<5=Fs&KO^S6Af*OQV=eh zEtoRbTYF6ywsz@2#Jt~ay0UjuwGRuXRkI}Kv9U;^C63ifl_H8H8b@mc8%!>E*~}^K z`h%C{*xKHpf`%H$c(Ip&h^LuVjw>Y_ZS|b0aECBc7M;QHpvcV;n6fy6;YW6MI(85_ z1+b4HhLv7|X|WzH*4#X7X4KZ!d9kJ}>Y}x}g|+j%$xE@jG$Weug5WRa&g5ldgt*yZ zmMCQ}qm_Bn%WzU-o~Fr}{6i!xXOEsw#-THs8exqcdck=Rkw4r>FSqk!Q z&6WuEqQdtKsdPG%aLQe74X{#eN%hr6V1*(udA87H`HJ zGbV9R0;t)WtTq}jxbb3SFw_A}%vHk*EOz#=3qXAm#@IOBs1`lNjs;|j(B3`!R5aQ? zqzSiNob4h?<0!G;3>X}u5VVUJ-c+I@cKEz`pnwn^Ouz&Fpvq81? zlTD`tv3c1`UMy5dkusgf6J5H3U|XEG)6zE%=wUu67kn9jIGY#2@+J;WMp9@V*|Uw= z4P%kG23sgtd!P*BJSmR6xT}q{>LC;3v9M=5ntGL;3LES^a7fKg;WKg#Sy_cyX3bSrno7h@38@DA5I7Hm!T;(grt>OI z?D-HOI_ig)v=t`gM%mCBJC&Di5xe-FDpMMBa~1N^64VG5vgu5v{11!xW!M9C|Kn`M z3VhN6YiS%)?*;Scl1s^+Zj}dz)m9oh8&W+C8b?lGv_QsA7xmt4tEpF)C6K2kJ$|AE zPDnb5>B76FlyopwWj14QW>y*m+^$-?M$2{aq$a#_Nu|gowJe@+nPkRmm`qM9(6XTKiPYrqrsmZafhnUoHNg?!g?`oz%1RvL zR*g`A+)G*63mMVIB#~^E49;3f0skvblnwq_9i)<-g_4*pYJtoow%|t{sN0l9N-Q2< zmBNwARS~p!lm))R+uY}=!Y;*nBpoHA(qf~J4xV{PxyMJOgPaFG2xr z{1RIzjtH_D)Mq8d;h1G?MKS&r!}fa=04}2tzOt=Lmn|ARwRrAcB?uR$R?x}4B6)00 zsugR_UE3&DYTR~8R6s+XcJZR&i1CDqiW1eF$BbdqYRO}CIq@!?=0rXVo5Xx!6b&e- zIsu$NsV%|k_R?UIPV7(Qr{NeIj?-Wu6U3qDlsw@d;aGw~t-vieL*Mf3U+3AIv2>s( zUFMaF;!31sM05`IIB5pjScrAEworlc5FZ?V3WwC2ah!(^e9{6uh|{q+S~G*HI*(rC z+~;Se7YR$2ojTqI}}xRxX@?UtV8o z;7bjBsevyw@TCSms|K7s-+Ud2hh#ds6W zI=ly$0ibAJh4>MZJL9(^ZqiInrQePCk!1vsJRd~-D6BKBQt9+9&!e%R=+fJX_>eLJ zNc`Q14{eKP`5!|37}_G2`K?^Uk4?tYNPSAvNhF9qbr4Jv1_(+^manlPBAB6=~H(rkT=op4gO=*E&i?~188DE5Wpt?Hf;)f9* zgFO&8o<_VlF7z~fBf=#e@uZtZQb3!vPU~5aIGxQNH2Z z5FVFl9p%#4fp|rY(8KUo5FQ^Ax*xs=;mXxAd0 zSA}Gl>VDE{87AAWj>#~Ueexukw;th|Y8j^bpHd~mRR2>m!WQzW?9(z;g8l}CYg36D zC3pT+h)>5+mk5+X{BK2k2IgJLKJ)KJd}a|HHWY0vpL8&*2$QH~u=}%Yg634

RMb!5K!ndcM~12Xm(%YFB%MNz z_zG+x(~d-@S(Lr71hBITu#Oqagd>|oxeIFnJG(#~3Z%KREO+5Dz*iQD%w*4n3B(&@ z9KRE58hIt+1mA!+j(?#Eih3x#8F3#ThWQf?(_(`zeFfp&NpR=Deaq+sSxU5#!YwY0 zexah|-a#-tW^ssYt&qyE9p-bzwc7^dCDdijx$&|4j*&jn*rC* zXH?;h-@X*?M*F}w1-Ks@OBVx1Wq81YgWtw<;>1H(I23w4h1!HmXP_5HEr2S1BY*}y z?=Rd&nwL5qK{`O*5q|h0e9wXV<*)UqUPq8zq;HKjLofq%>5v`_XaCwwgzx=X-{h-F z<`HBMLNBxu5laQI-9Ys`g6tppzFkH6R2u!xP1(zcJ1HL?9M={3D2)ztUkecB--b8j zzp)m-?2Rb-Uk6O^Y62%|XCn>~3=e)s&?@$A(-GGui%ft~-c#nFpVj%@wV8Sk=KBKk^f`z;#(D6^JdwKwpG+3^NpyHIxZ@q@_Wh4c2%^w z8(xg?us7A5noRXkMCB*hQCEeBAS=G5L1iHMg$?0b<-4YHF_cng_fBZ9_NkZlX)TPQqAO&` zRkF?^{Fubwq~si?aPaOSXE#`u9^j(vi-=y8=!ZusUqSUW9DKRIDD94IM-S}O3E7RT zuj!o z=#q{=PL^$H^g*P-*Z8Ys9{8Y66y;C+)GtB?i=k}{k#fk74$#*TBprXH#1Zvw0%wb~ z9g>G^K==z`zeUj|nn$2*_*W>oz`Fo;KynKkxC(jk$Z`~65xH&TrG&5AgTH}fNVg_% zs1^T-@iO@x{}#{_f9oZi2B)ax+a=Nt+?T)>cP0^VF+@J{gD4-hPpS*zO}0@m2XMcX zDZpeJwLy}L>Ym=#4dDBVthj zc13xJKgs9%61UC^e8fB2bP?<#uuk#{3+ZbGJw879*N zEqt%Pw|cUWPu5G3`01^jOFH|`2 zOQ_t%w@Mj4zTBb;FQKwxD?!#1l@&4yeIi_-?4x+ITUMbWnTOgF)h*@eML(T+MAZwK zN;b$mS(&zYc%hshXN%-3$xO&^l-%#(`-~^QN7hce$1hIXBPsIHB?plY?P_eETVJ%I zA?vHOMA9rRm+g}3i{FQGK|a@SxNVl|h-{F2qSqIWfh^FMgDluz2VSn?6|R#xl5gDypxvUr&`qDVR}i%C4P_3Xo>t)l;@x{&m4=%iP6 zvyuz)yY}YQi7UU9eX<}Tcqtu-`pE@v&=Ktf{4max^Cy&XELf49lCDSx)NkTv=GlIC ztf!q*`yxI9Zw2yEJwvWB9JI+N$56k!UH!y`e;zwa(idZx9jdIzL-rwLMwr^U8xA19 zphY-}pYRPNSG-B+XDr+y$!x_Gf8bIch1U^P^O&(a6(00Ww9x*=9I)I6IL!s{X$*J% zTRu#|1~jHF+TiRjCz~gnfjAqBPXdrm%WD+uaQdxL6Mo4AK?uG`!E@3Xca5&xt?PR5 z-9o&_X4m`5Hvk{};i7J=J0u-TaK(~CQVts7fgDQOv(qU8FUneCS)^mkIoeTn}8}W5`Nl1eCL)K&Fi&copp0h8&xSW+R;j5+zO?G;rA0fRULL|k$;EHk)I~L=8Jq`xfrVE@Z(KI7wJOx4UlO&(FtP_ zRqADYc~3gR$DsXUe$kR{iRxq@f$a4OXERK$V0k|$!9#(&qnafLppR# zw&lv|@)%y!3*1B=f|ISNH|EHla%}FDnRt;64o6#ZX%lQbwJpd(u+h1a2i3RWI}GqS zfbEhzgw2yL1HbZt5?8jrQB-tc!9GS^AAn^GyQZ>;^#aH; zyhVoHG|Xiiy)-7|NgiUX1{xsJl?HU;(s0wzzjdXtLeiK3-4gE!4S1KxH`>_hbMP4n zvXcp$6)z7TAt&)zCi9B8l7ZG-Aa5+2U-?LHS+nKzy3sH@_2|my(s1Kaj##H0_kTK# ziRn(gW$6GWX%&au{e_9jR>Zo}Zj!ZlwVQTot>kkG^kB)fST?OerBU6=w6<*8I+f;k z(?Y?~%BD}fS*D#j3u!xqemm1txlRqcX|c|<$5lSqi_F*7nYLS{-Rh==f~BKnJF8N4 z>#m!@ZaUKnl$=yPAxo??twyC$`9xY>3Doq zlc-;rq{^HhLmzX9aH}O;`F!d#B)mkz=SaHbGieOR{UueCR9#LAccx9Mlxc#;hEBNb zgG#F0vBe}+Ue^bMp6E9xsk#?@AREE6e71Men}l|W{-;xh*JWBhe5{l^lg(G{Q)y_g zGK~(SN}p5BWg7Wk>JvyG)b7ad6A$tcGEXCZ#*NRDs=BQvA4TK3IkH}>Ye=3lvG-P; zmTBZOt9F6L0ZEhIz!7_F)z@|65O10j5l_OG^P{TO?%1kY=_EfF`9YI>+6E@&bI1IE z;e*Jaf&8dSZ#7HnH3+DnbHfpXB5Yqt1JrrIy4 zDUftYKQe8#@UbaX*EKaVUFZzu7kbKt4^6A^Ea(Dpz5!+4MKVi2pUvOUOMd8j;sYxG zBIF;|C4X1`n?EK$+O3eKM}C~T4Yi1G;m|sE%`W7p^3!4SP>ayV6pkp_FY1VF!@5Df zr@#({y%OwxXFtVB&+eSdjf-&+?1JVaq&KWv(g*h>ZRJB~-9XfDjie*!ZbKgA>p}_7U+l791=Udn!|?{ZN^Fm@5)g)zy>(0)B+!(07Le_y}iO z;7=w02mHbzbSjrJY+^L_pQ`Gf?2+2ml!LOoQ^8Z%*JjAzhfKThKu!SzF11rCw+o}b zVXCRp{qn>;K71jB5WfidD)?^zj_Ws&mv{)DPz7-@P9S=MW(;)IBi3IaS9blSMaoI} zP5}fI=pnrl#d6*BnbSh?y}Nq_2nijSL~i#W}*-h{qykZIoXkZy$^MEL~0gv4>nOKGAn z-s0+y>J~UEpYVZ5^VSv7r#cpN3uIV~4OKq39)>(BLt zE?pXjQy6m+vcIgIOXKg{%qsv1plJq~8M}v|D?U!`t%0c?4 zuv>RjKcsiJUMP+Hx2sd(=V1fH$CbZ3Pa2B|8`%Jy6~Nsk@rjljcli@vx1P&418Jxii`HzE+pMJt7;WGiIwwdkghp7I7Is0dl-K#Y`%=zgY zi1@#6|Gw+jjgE@)(HHGr^Gj~Xw@{Oq1U3hBns5<8U z1bs0qO}~K?WjY94$fB{f3_dL@k_bMlK*E_%0Tu08S9w{MW>RK{7zlEqD{wgG&?b=%1-1$W1pM6>c0 z-~cXc#g88ksCBGa4=A~Y(vN~@ZXx@)x`C1p**^IWK1bRcjU7l|H0C4wqqZf+M-8e? z<-!gtJKJN{UWXwc@=$)tLr-=L2-_ESg?b}=)B}CTOpFWaxRN8L>h9eyxH;R5GgOg+@vYDk)t}4T>sMu47CH*hmz>EaPpgsgoK`FA zqwa2!mr^$h8$0cBnLg`5loN7^bd-(80r^$3y$k&itO0q!yJ}l!+b8)6Pt?;Zc<&+l zMHkY3%4vHfZP7Q5l(eOcD@6M2IWpbVlPDAE#6Mh|X_y_8>Am@!k;EtKJBo&nR6b$0 zY6q^&z9d&M2uiI(v(hgZ7ijuCjH9a?gHP z?Lk04v==cO?@{0>>;$?JdaVatz={4TS0TIt^w6e>fA@Bijf1u*-!sT(;^{!#pBhg4 zTyus&>DvD6=>7$-pAZ!ir;2wQ-quKGyemf5f99tLLp@vbJe&>_!;ua zQ;<&YGciVjenq`P9|Fd~n{39PNo4cyRPsT7ffH2kwI7oo@^e3Z0VRr!A9*%%-Y`kS z^$FR&8T@E$?XK;RZnFNf5_x=bPMaNL!6pbd+y3t(ULkR2cwU3#QJz43BcIzRhm;SW zr|Ol`Wj|jOa`$xRy`u6ibMuNHl!-c=k0k12NG?fNqzS(_UzICs-_YZHDigI)v>BWQ zq|Gl$N0f(%<>M2y8-*X5A4b$iuvk;DjDDuONy0k-0#8v^)RCyu>y+)F%-MbVSHOen z@&dHcO^|UT>Tj2{AGwBsj~LMYq-xXiuak6zymOFubJw;w53-Z(W!ocj_7jZO_=TOA zvMu-MtM2c#BU;lC?TY%bJrbX2N*^iC<&Yy536I-o)IC;EM|Q}8Ca+&U|KSn>4> zIZJ7rb-L1LmN(J&OWLjv?aVhq?5!-|vTjd<45zO{`C63RC?EM_VYd@io1(ewTWT)r z$7hJicU|c0UqItTw1fYaMi*ZXS!o@F9_p*a-npM^wiMW8H9)=fn>Wk`L)+>Dn5uekd@h{1KNYU-VTb*0=qpbsPp(>-4OQoqX^ul$L z2H6qW7Rg9*NcrI8586m5riyyV86ZnpX;<-)Ib@eLBRVnFH zIcdFC!14g=Etl*x=9;)jK`&wgK0VFOOnL3g3bh zzF;AZn}jcP!H{)>vwsn)iEM!CVbLbEQ^@DZEB^k%HH3Go#H01DY#T@UNnc)k`n|Hi zf4FyixliEAfWL(ilxKPu9gz5Coq^6uwFL3^W>jCZxIp2m`dUo(LgT(# z$Vp|tPsO1N@{Pn(_!_hodJDap@SUjRQ*Z5T$8H;S@iFF%;()5~C5!7N&rhRI`s=D3YNY(#ZA6q6@)LY9%InHaaaxPa+74HG$o1eM?Cu9i znbP8%(~>-;Q_yg2d&w}W+o(8$vg8h#-o>Uti}(rtB~qTHu%oVait!qL3@^Sj0mtmM zQ|_mq(QFiUxP){;YXrN9C*W#)wX{IN_Ygc7qQCS;K65GA2ke&mWVgRvS_7Qx084oK zH`Iq1Gf;l@Q2$GLvi&TV`Na5R3-Uq-?tE5^HSSP(amJMX1^G(Z^Ngm4}GwEdMAxd9PLY#Fe{Ohs@drMaz zr&7Lp+0ITJ8t2h?i^fx(^n#7}!HsBVX8@JzmBu+!NN&GK8&2m5&+yAM(og5vEWo_; z6{JyFNS9tcA}r3$xNxHFhO=kJ#2i-cQ=TzP@)}Vi$2a6R$ggC_Fy)9}2iqbU@pjuJ z@g{q7>x|;rvCRXnZ^pM4qWEaY3}68zm7`B`)}FT@b;g z4wz!VfJt4dDV}*BHyl!58q$w`u{r)D((kPsQhdj zTvGuX-49y8&-TL(eD63!zK2C;JEoF+zhw$=&_&Gm@M^agbVniJ{i4!H@O?q?y1D7* zNa2OP(5xP=wLQYkR!@=F<|;f*Oj|3uY|d)B9f)&wivE8s^SBw!0qU9nJ7Qsj zA$+a$2b+&+9AzRt<_UEkj)k#ZS2>OH0K0MJfj*eDNyGIIo6p3!nnCNA$5q=w86J!j zkFyo>cHME6iD7EDwcP^Sy$CFLrThV`*w%xV|59ck3+stW*cQuz)1}01(m0lX=8cTW z;5T8V&jBD%@@s!FexZ&eSi)kve&_OlqhWtX#_geX<49qjHw=IA-91o$)ds-DSE$WH+ z;b<<Ms&1ugzI6fJ>4kLL27eQD2ZV0h67pUTy%fva#xnS8%X^KC*|&{resf%#WrF1( z9KWZJ@czrmYi&N}2lG|t7A94%Y}3fR+zHDweAC}Zc|e%VuaI}xA8lqaTC(1jZ7Rsl z@dsZH$4zb{dCGn4yl0U8xsC&-6UgN9jP03sLuUEjVz?0| z?HBNvnK4?v%;Ow8-uZ{)ZE;b0ZCK{TCqP#ERL^iJ(u^r%K*>Jq5tUGZ@BM&81-E@~Nfg3VV_ktUE9B#2C&=LGAExttK zU7XUX(i`j68=Y>YLwoT2Z!sEE`gXQU{}bA>^f#fWVqTn#5^g-u*2FK40mpvi1#qu9 z>hjrGGF$DoHUstAjYsQo>~Xb=dazp=*SD?t-)TcV9m+rJ3_q6(KBX@YyX-k({JqX} zQ{mCzEJL8N5m#5fUA>MzqX*4`!2NJ!xL>~zwtX0Lkkax$v=Q~bGt2LXPbfdML6P^$ScV%e zg)(R|`uN_aSccy1#EG-DGPzA|Jhm6+O&QrX<9vWSBY?m8s2`OiGB(ybuJF`h?}XBH z{*>!MhlX{mu$N_C{7+|3CaZH(Sp<<*FYKE2Fm=wd(L15x^e0kQ(l*7A>KiuzifLfWGkN5fm?k|W~PdD@s1kK<9kG4q0>sBrj= zoY#@1uNQf6aCm;R*k#trU-o#=Hz`#=$o`Mc;ow{yoMXR;x00WCpgMsACQk_!}T934+5{{E%yevx(GU+pZ~dzrxGSP=7zXS z7I*YA>3rU@jizU~1@i*iTNWTZaLC?1*>+n5GIp*gEkf-7sV1J^s(mOcLoatcO zaFvFwNDHit4KIo3%uC~0e%|mv&j~yY_%?n9K~wnge(ydx{`OuwYrQt5e9;ywk0^i3 zMF!2ICGqABZ@I}?u6W-glLS8;nT^FHQr0& zbMpK4z1?n%Rnxc!(YNo#wp{-ITM@pEF@HlY|9{)$UK#VJw?f4JO>iEdJjkQ(72ynI z9vUPJ%7~X4cLU^x+q>;5pit%%ZBcQ~4UJnmv^9lR+1(?YTjTl5?Ax(?a4eKIL*FKK z1oSMh%}IYJen#?ielCZ!!q0MpEg9&g&z5u%;{fCG-d%U63PR=BwBS9RS~yqi+m;4|y@rfcoqVV4>5hM&uXmCY{3(3N^Z5*wzQ-CY4XN zFX#s=vv^OcFO=WVHQ%l-kgyYRJiqBvc{Pwj&HhckG{!5qk%sxj-^As9ljq+D4bIsL z9B3!vz>~xYooZfXGmJWa&7YD+i_*vgpZMGW7j24i5SODTvSD}KvbK=%2e1L->i@k$?! zn$h{W;R=;!coq4Q_L5wjg9~G=v6KC%z}Z+Y#@t%~^XMb94!st(qt9kPq5D57*+9FP8o*=uMQUVcoKhB@zV#e9`yB58DyFT?h^=a#BanC2Yn9x zmCOaNQraO+@ky+&&I2Yba!7yr{il=;%lZ2U0~}kpKLBx8JKaS1K%HQ?6Z6q*_m}9{ zJIC~iOXRcPg6GvTKqgo63k2DJWvbkJZ15k94~*>+I+JW|!*to~o@w zn7oi%Wod^nS$_t^2TfnnUIBf+sSn?FfsTmN>--$>fewA6j9=oEF!sMjM^p}`7rE;c z7v*A@Z@=Q3=~quGU*uogjray#@~C{u!O7qi1kBb(rve%)6%WTJInPC$(nlbEJRyEL zkCa*1s^fVds*3Tj%^5)!ZBHYdKES?(_bGg{%~c!@nIwKp)ADyht|A#Jr{`mEx70%) zvU=jOyc>R5o07*8a$Dd0AuGR3TL~SoUqJi0c1FvgTT4dW`+gC1-3VFAEv(LT4_yjO zYYfZ$rA|b~N!VjI@Q*V+>Y+nM6X^+e-F~GlGENzeKwoZ7n)$>1g&xl-z|P{qIz_B< z^s@a?o#u~|+l9mhO0ly58$A88no#1v9h9c$Cpm0$+Vt&Y>TF28S~?o zq_qvYtOkDw7yV#O4u3m&9@}c=t=#konHgsLMY(cQ`Px&&*R=BG*GnKBbx3-#Y^X~I zYj*Y6nSGD3u8{F`31{ID+ds>*1PXn95$=4!sl{amspIi41RJ@`@NKrXQNhe9mFj2jB=qq z|Iqy0-VW81$cDV3Z>4T!tAg}0=aUX8cI5)QS zVY64lioD?2jWNhKbRc6EX{0?cU%39PKeP|%RsZ^BG`lgEX0Uz?r_FgEHk8e_$ z$Rpb@d-2WmoC7R|kvexo;Rpj=*17#sf4oY072TzG+~~tkS~%&aIgHeS8$`9N{_(WN ziQWG8+i}6^jWn*W}ow; zXSGh?xC7=$aocwfCdSqG?Q2pzO=Iz#_&&&tF%SiFxU7DsTzvKkF2cC=1<3SKgpVmc z@s}mYqXz7^Sq%3G4wk`Xer${HGu?2WmSuu%ao=tO4*5nthjYck-%WmjWi<;I&$q0`V-eCbz$B|lm+d3{HC9gHa^poFIlZqr3rMf;Y%adBZtJ?6P{KU-(Iw!HsS>epYrv4xqY97U*q}K=Rk+_6(>51>KFEJ zRGiWm0}k=musQNfKO*BZ>08#}ie$OhWB&obOZ&v`J%L-O!Ej`IFCs?g=k`w_9&+rT zv8NI5IfNDe-84V! zAc&JAe6;OwknQ@gZ6Vi*X@BFRt6Uu3|6lk+{r}OW>VL%j`Bj$@g7Mcc5zn}={j&tv zE5Wa5;1vzLqJdX5@QMch|D}P|+IX<>%8%OohunRRi&$^8JL&#n8>Gg#-A6IT!m$mv z-wgXaB>hbeuDb}X8Dm%F7+1j)#F$}G5oC#e(NIe*n3$FU+>^;9N6hk_{aEN3@>WDvBC1;W8;edFQ5|{ zOTv9+$c~$Q{8@`Xn25jG$6vJgsYLub7yogS_b+A=@o(|*^_u=;s}k|I`1tJ>kMW;? zzgvC$h{a>fD~PZ6@rNvaA`yS1yA%H7$26Yu+c=xZ@8i!}Jme4JZ}#yQEgtd*@#|dt zScSzy{viG>KE7V#DSr@ui;v%K@sK}=ztzW&SUltp;_H3&wU&`eS9OHW;}cF9L958i*e1aA)Mu=2)I9PY&uT=@pFK? zgs@e3HsWcHFhrkCrlTd!{E3($4WVt`%%#1ejkp>a_$&ot$H_f|3J;) zz~E-CkNLz2qho2A&Xq0hGw1pgpRNNps+nwmiDXVTvClv*=clls9XHc!f9Wsl6+SV) zL7woqITE)wPUbe22AQHhH}9{il{WV(M(Iao&+%W`d=BU7+#WBtp6U7-E3=UC`cug{&W}bm z$B8)FhvT<0tG@|PnPiN8QuD`;u_LbtM;u~rGqB6^T6ZuF$M!kD>wG3{FNFOBzFE&W zSg`}AQ-nKsng1bw#w+puWr>Z|uhcyK#9`%E=2*)ttVP2(mmxB^xqx*V&u}L%ZC-w- z->>@IuJ+^Bjk*1gZjSUXAs6l8ueKKH6Jg;Tvg0|<1Kn>(ov^H}o}>-}Cx zq%Cgi(DrCs!WZO|`ETrZVxJk4lGy2+5i0m9T{7T{5aQsI6S3<>D!HS0*0`$ zRO*Ar_XY7~$_sZ34M2VL`{_#@8b1W>qsRMdou&nnPuMX0s7^h5go^-q+h$~@SJFaim^MA)#zd3$OC0!Zb9dLHtTh-?J0z<;`Ip$HgFimGRJ);pFEK_3=bS5Farf&4#|gEY?Pez8Lq*J!^v z6UtQ`dZz1>=MZe7_9Q8vLhOI=cDKKc#s$>D&D zx88N{mb+I+*uRZMhd4vHqZaVuqwO5cI}U>sLH|=M6VR=bUDhcgKe_)myl=qa31v}tpylUNjf#i1?$&>NlDcEL zDgpi`uROrQ)_k$cy?M<>jxziqqdGf#*{wZ(dG^_jljQ zdzDcL&~}J4^?JiiyyRQxzdDNEIxy7Nng<`j-kIj(ste|ygS)Fc)83mylWY+<2h*78 z@5*;Cj?3kX+?S?0uB1KuHN>JkY@>e)^t>#K=9$>^>f$_OITgQzeVK5FDDKj${0Pg` zWV7O@ENqWUc|K6oC(5gRxVAfC-UIq#SB;2+Ub$v%!(lDwjF<90g>cXg!`<38*Pe87 zl?~u=5GWr+7bVAO(;R{s7btFV6! zdw=p$@_bz4UWfw?2yDj0!M%cp_21tdigCoW+Nw9KL1pqG#Gli6`uWZa;2pHEMznf8 z{K=^|HpckrQ!j(& zl;Wa|B=(HqoA~53EyMS8+0wGQ)vHb~Pd5j&O^?iD@~yH~W6>)*OGC1~X$|xDX^748 zrTeU6JA3-LhEEg_hkW2(M%`x>z_9&`v|PU#m$9~Ltkqn@wb@T!)Oh+Jp0U7k;reyV z2R`IY^a{DJH=8}wtBrG1iyl^3QHSfnG&CLH51klmRP+a#R%fi(D}T!hJTXv}o-nW~sqt`og!tHRtM zKuYT~TZ&)?6{f@T^E2Ja_#3A*elq}QkDmb=+UuvFccGEe_-qD8S(rSZ8CRH_EG@6U z@jP1DzB#Sw&?cAYKPB!9n(k(kf1p!s?6W0Fnm6zFX#oO;koL3Y{~TX8PYX;>7YOvU z_RE=6pKVY);+M)**R0d1b3fjSaPH~DSZgH~am${<&vs}!)!Q(w_cp;DAWIB{FIWH9W1t0Y55c+{iQr zr?s0Y^}w;c8pm=e{wHnimfyiyG71;*My=Ma_)JUqCOI?d4)Uva1hLbL0R-Lidu&W` zjvupeRPaatRtw&Q#unw7VNXnITyz>^d(e&F^HBzw%JpI2Bm7nzOSB}G(^;rM;@2u`2pN^lu18v?rCW9Y1$cKH&zh9^F zkO!XCCOmFbo?IL9nysLhMc5SHd-0sXvkedOSN2cF^&mS*OXCYKw7qislUGm4yW%> zCf3K-)CYV6Uirphc^GCBzEAvy_--)1U$vU!lE(BRJcFlVo}F%_uj=woJBS~l%^%;h zNFE~JS!U@knICNbN5Jj;X6PgQzWB0W-wg6t_H;m>F7Igv#3^}>d~$sav4^a}3G6I> z(>B}#+O!wh1Hv%;7MYkw;Ej*B%eLM5jGbNg50T2{?vx-tp-=lGo|YipVE1k}F8U7_ zHQnEzG~BekDzgK}lgUMXg=ecX5@{l%o<2JU zKJe{fgS`9PL@Xok@N{Wpk0bEQUTx|wq!sAsbLZmpOQm&mZ?JU-pI@bEq)b4UF1{wv z;peTL`?*Qz4SX^0B%i3umCyt9$GFcoA-#<;p#9!9j9qX2`JqkigTrE*pU(px{hZIA zC!Oj9z#8*apFghryn|&ex@RD|@6Pw!7h!NUhoS!n2dd?}ag1eOD@Nw~Gjig zZlf&Von<!8~DlorA*AgZ0h7a9Y!TZrc253CAUn7BYBv zUXg9^&y*Fxze;gFL>SP}bVHf0#{dT%KC@BbnJ1rTUf^+dF7~+sus&TM2Dq})4t^$E zMCS^LL!hH!vamtvcsqjVlKDb)y&D(Ne0=7t;wsk9_*u0pJx2s*eeT3igq7)MW*13Q z5B?#?2hOV=P}m6ms3tWr8G5A0u)N9lu3nmr*ONRMp= zN00RcX}E9V7yplPBCx>4x{WYOn`2U{FV?|dw6+Xw{)s(WZYY=N2Wdr~7PGlY<6{fx z0hVKKl|M<$UIx$~g}CgdXq{j(eu%`)twoCH-dH z6U~MPI$>Lk>8?AXI(mFUze$5()Fsn=5j;Nw9%+BtH*#fC_2PUdU8anYWQ`B#fwKAX z-?UH<#Ls@*W%Y5|@Ign!SFD%oAV;W|m`^M7%BIu-|LE!)@W}iSeeE$mA*bg9`u@i# z$dfZFJ8?5y`bj;Qa|&@!sr;f(;BswU+6Q$jx+v1EYg1CkQl`y^kT2hU1TXyl#}j4? zCHPL^@%f?WVxzXxAzv#WUou%~bK_fL`ge`$xd_hZ5*KyII)=Q4@TB{AcWghjIl``< zGPtvrCxDxDVV4$$IlE(eX-5EFaDy*rgYrG0-%=k^KKNZUQ3iH<;SPvz{F1d*ylq9s zPZ{P;4$jYQ8P{*}PQA-F&M)D*hkr7kPn&UPPKQ2Zb&Hi-=$(8pZ(O@q?@_e#mn`!+ zw)jspepipAH>1Om%Vcfu{>h4@UHJAcbRl`Z5`A++8M!>Pwgq?$`sRL(gY@-JT7T(e zePCbd9=*756Rv+?^T*aapgkq`mVXSqo-`lk{L$m5R7c+SSH}3fPlEkBd&WL{qhUzR z-cFhhVz@!9QP?Z_^{lhS$ym4adCVKv{-$4(GLn{c4^o#sTd%sK|I|3S!&uiQSl#vP zpuw0e`t#{v3)QI@KkZ!m>{!{Fb)9x713GyYU3TUl%dV6G*oO0g9RHNE7KHH(dm>Rr z42RW~v?bzjdUzIcN?9vcJkLT-ks16+{^FeBI}YNv;nWo&iu22+x0As6<%lpMKfI3C z&tInOXw&}3J|8!f$io;+mClzY5f5HMyc`RnpK(5E^aN<_g&zaW zO~;(CBu))yS*Ct?-izyVyYVFN=ODAwJLUf;;8%O73Yq%|?cpnp%G;O0hfDvJZI&J~ zIk|DCNfyf|oM4*vf~KWRqQff$M)b$N$^u?tU*whiNT1(E6WHE3Ri(J3j3b_9;0ege zeh~W!8vx_RKob3;RnQ+E_K(TO>I(b@{}KB~=kcC3T5?6Z+R`a2N5!TZ)pV1M z1$@=YG13HSkjPD+FExw^fzpBE&DC@^loWs<{LIr+D}7c#i@n&SVv z)c<#(JUjeuJ@VJ4pfl)$Z6qHD-WkSkhN~avswHFD>cy{JO!7>d^Lk&vZ=5{p#DVM) zR_En+^Q7V>`AzUM9rNSE)8KOk;U)w9i1PXn=6bqna=Uu+?cKV*?DPb9#rm?$7TQ@g z8VgunXpJKhNbxS+prM>WVG&h(}^s%c`^K)MpTiF%Ij|K5% zEj&UikUON{thKz|%LtbCljid>UUD z#BX)+**Jb%5Z~nDhuRu!jNlul3!G)M%ZDAXH0hzN4?E(++A3XIEAve2!%lg)tPh*^ zVIzX?L*S#JVTpNT z8f$+E8U`EF!2Nls&iZmVlhDe_H?xq3YdTY$&yg5uV}H~9+c(dFw*%_)nV0<5`R+cs zSN5B;s*i8N##uI9+nV28%0qN(e1|pmp$z@99G&4V`Kb9jsJQxWdNz*` zeamE{@8Q}&`m4W%P5d=d0RT%D$uc?Ia#t&uE(y-8rV8!Txp4ZBWY!M^$fylG#H z!rPf`H|`TzzBRcxFUm6}s_RrI-!h%h2l@4&7=!P)QRBZ|rg*+xPFb<~a%e!#lKpmC z!=+w(Q+#iTuIP$5h(FAZ8&_(w?sauVl1^?oht_XLjii$L?b}-vudZETV@l=u_F)ZY zyNiGYemi`weaAjJ+xev7+WF}J_qEo@+_{v;Zy!}zM0Z#FI0U+O zf$#I8%ZoxVIzRWFQAA7Gj^n5umWA&SpR@_^mcPu%AbQFmiR;oV{b@w7P8l`6nd`!cZBTm*7oB=K5frI;#Y5R@4sQCLk7mbI(xP9!;SZ;{Z z{VDQ~d*SC(;y(l&d`M4ZE!8xXmHE#&@xk?wr92LE;mmvN8_D%xPei_3ZTIXb zVBH%26yuWnFupq&#FsLjM*I*Pp;9KkdmxA}XFNBNJj8)|jb~YR_$wICHts`yjQ_jL zdlw&h{G6TA^s_;Hbt3*D>?e>m>2u`)Og&-bJ{cQCIUxD^+`0f}qld8p7K5SRbG$SV zCXYs&p|LTT=k^3JTO16#x4Q4;xv?OAE92umCeKX;agDj2{>}l}vcP)ixpRnP8QO*= zvbY+6TBH(LhMv2KaFh?RvoXB)&d+@pcE@qJ4^9N-!}47E<**6q+Xt{>TWRfQNx2B& zQGN*TVA$6ay9(0N#%N!p>H6%x+?DvY;y_;?hQ>q;E#LpLGUh+zopX|cr^U*BFgE+# zwDtph83%7%Lv#mZmVVl4OAETv#{{4MQW5B)jIzXIdyaRseKRAN?oj^Lh>iWrnIwPz za#nTx9CW}oHOByazZAdUaRTr*H$-_B@aky0d*td2A9O7Jvu(gP1^)tlIz0-nmsGy+ z%ybF2`{bm|S1T@;|I}gV9|hj-n2Ti&M7H+JxxC5@__=f7!`DUReKz*7>NBf%VV@Ll z88EeJdHL7wg?hW3ZWi$Q6O~tVXu2-853W7(=>i*wWlOTg^75|}v26c3`BJiB#V&^P zeEn?Y{Cif{KQ;}0$Qq#l21m+rIw7H~X&NgDh-Ya2`*_J@96mo?%QUVaQ7vhuR3<5XW^K*MTP2z7U_& zwX_+K=DC#!1D++vK&lWASw!DRzp+K(xz542H%@50_=_XpiS-Zhrj&L_lREfUqep&x zn+EA9qZ@~o_WfiKzb)W@+S)vTcVj}*?`e$bl3!OY>DSy?xaS%CJ6?RBySO2+9-mOT zd_EzL`9wb1W^?m}-$j1Y_ZPS2i0`{cHO~9iYUBgLna{-W_zdx>ZE)`s=ZZwuj-+2B z|Mb1S>;X@hPVCC?(cV0sRg2T14RTJ4^@Zfk36l-`D0ZT=Uc)NXeAD!C)uWWF5*>pk z@6^LmW6++@GJ*4XME^zpp7Zo{Y9*e!8OpIN|9eTCceK6l90MNc#@i=gC#W(GW^%!|Q1-?Db(+(fogKQAjv}65p|L~yt_wTP$yi!L& ze&V7YiA%z&EbNHc@T7&8%+Gzl-t1~?5e#q;kE{1W-h3U4^fFdogiq)<8!hAm^(SKl z!1o;ZBVWu5!hILNSw^VO=PtSV$!aI)Kz5kdH|koK@1vRG+EYD3*sPk(()>J*N)Nx7JweIDwV^Ovr^pk0c6?ol}EJH#(O0{tbKE1;i2 zU&jA#(BA@oMrD%UM}yxctH%ksJv`!MzF-V*;=WefvXsf|zR}u)+wh)7TD*OF;1Zv* z$ebI?m6PRr7tMAnkT!(}_=$tz#7F%Q)|I1Q97Y(vMUSQ*>XBnDp08?!c{zF&K1KjP zi%0sa+F2Eowf4z*YroO9x!#~Mt32|Xc0ykp>X7-!@8_B|FUf~|Bdydi;Gf_0Z|6aq z?Ll82w;>K;^jY5r9AyQZ_*maBF449e`yQ@r`@TV$!Q*b$JCKLc&zOyI+T5j|bN!#y zS{|uCwwM2BI4jG3kSe`#mro%~G z#EbO{Ze4`bPyeykWCtEsce3pwb>1<;%UTMYR*>NV5Sb3M@&7oZ>7>kVx`*p6Vwec) zL~*xk4^|0814CRvT5~U&5YbzEhWd8loC@2KI?#@VA2QGvkMrqxVQa?_dNVm*WIsAT z_k%K}^@DQq!+nAsx>tvBR=;Z8x*9IYt?AJ{^glQlro-++40XCW+#gJaah*fx&e!N( zMZ9vmH?!UGgHs{Q;DD{0$hdPdelQ!x<0f|8DQ!qTLcV`k9>(+jJ=s&2IP2htbqip4 zw20)*51Ycckv?3Fz)3Do|A&KNypECEXs*&ffOr`r?=;2NSTrKY-=vGj`qFlcpAQVx za5*OXX+J#8xbJ=PbI)U(9Mg{#*f#)xOOh2dR81H*$g%yag~X1c>T@NN5_X3UP2zJ$BUTG7SK;V@k_Ciyxs zF{%4UXO1II#z>QX9I{2sLM)PL#svQd%$;cq1PczArI+ zDz*6{-=nDyPU8TAU!+o-kyPGOcti0o^N;qE9q1aUxnA88g;S9R zxSf5FWp*|y3g=Q5t9xf-J#^zX4yEMc=>Jqlj1x+NZ_tIa49g}A@iVhfRRG`D)33Ul z9ZQ7cC=3ff=E8{w4urg(j>E9R9KHwhA<*7{>1Ou4i*JJ~UKsx)uLDU0hmDo@cFxa_ zs*o0A*f%U@P<8WjKY9r9i~TX~{fk5}oM-A3|1tcj;y`>e{EJJ3|4UIgVV^Gw3qKM6 z|GYK~DEiI#wMAjCe7>TAS2O?((BI&WsMdCWw#<(j5KLdUydyJ+0Uz91By0G7+-%_~ zx^-#ZYIxp-yEP6y-Smw=hAUPd$g#P$o`D>iK^>U^^Q_X}`tgw^V8p|s(M&ui9Zbhi z>#iEyaX*BanT(wC^Pg3d;@_8y$D$HkE$k%FwQ?_vhcLERq8R2>2!qAx z#3Qw<$vGRw8;&6U#qvZv^~lD7)KxFmg>jv2H5oMTtqt&Eqr?@;(GTMu0I>&d$FzF! zMaqx1_K(r;m;Hzv@r}M-{UwF(Y#q+x<~rDz^7$h50r(m86K4SPpR4rYSOmvvmZg}E zxyUpCM*hFZx{-b2ji?jP*jOHa9}j*X(ceFALBAF-0-F!wfnUY|nGXGO`JLWGBGLwW zaYktnXXUig;n?*o@N(@O(+FO<=a2h4vRT^r#ci7InSzZO**J7&9OD9wy5>sG8UbDM z#NV8s^kHfJeZv7uU$;JzqkJRW;~Q-nirQG~=c0~*s3&S~h%9$-3gy6HG_)z&5Y5jG zud=ii>mw;4%-P^q0_KhDaRM28#2LPQX#pY#qPXP#zM)Ltz)tP^U9>#&G6w6Y7nL)R zNpNus2G=&3&HN-=q_a{7pl1s$&|3muXWNaK_3jV4`0OA5t}nGz$HG(V8)7Ja#_?5HN%7ID}KhjOz7HMxA@kdEh4)VOtZ5~CCT*l zHPBz4V>ycdQWfHT-O<@rU(?x>%?@SS%~xI8QXH?kB?QMME_D>gQ@ES_nwLv^mHsTs zJ$=V)mHLtw_v`!l84KSIA7^3eW5^3CDJ-TIY}T*3bj0w%uhA!6f{)=i^Q@&^1joQ2 zPTpo8O!zHmdY8_=((f1?k|g>d_Gn+CbtTesMzi_+@omEc>N>PS%CKY`)QG zKqfctPo25>b8kD$KjhCW;+Ti@vGtgQ#rT73R|(JalZsF5El5K=#2fRnz-O`)(5?!) z4pr|zKC{Zcjou>uv5-Rhg!V{#=G+e33DlXi7r+C{inAHUOB`&6c6#Zee!Jha9m$_Y zjK@PKGXGSkW$niY@Qri~3xCU=q0>6AKsjG-ez~&j%MWOaZfBi-7xnXnRQ@+7ulT9o zfXt#-=wI{&{d<`%;}c$5{sr|{VOfXCel*T&=WB!qMI0p*159DWz>!V>sF_xZ(m23>}`G){kf3s1A2FV{C<9a~s_MtPF8 zrGRzmy}vbI>U}bF;B1#^V*e)_YO`6bn+q$t6|eX`@TEQsJR)!1Z~6fL8+7=az9Fnn zDxsTO@JM?fHXtxamyk7tfuALe^NlP+iEqf5_#Q3#9<%QwO7q9#@i*tU9Ny~?Pdw5d zy=rZHH#R5sr*wa)U)LMyyc%(QZqmV89~!Vu$QO=EmFVZ`RSy9CX1wY*KH4j_MfpgLCAh{wRmd0Y=&u zs25!xupVF@kQV)={!T4h1|KeATd+=T+R_1+q-(_Y0sL;p8*w}viRF&vg!A75&%K+F z(P+-kpIQVT>SC^&Vp))RbMkN*dNOajF*VOV7|+HNS&;skZty~$z>C2ED1a$77~|K$ zglFuDUayof;7a26cMOz4eWcCFmi!dHYB0`D%+l^JTr~~iuz^aXuRN%4z!t7L4qsA^_Yu6SEqya!M}hl* z*#h&Ew5XTgnxA{`I^!V%p1L?(YzDBj8?jNqNtz9TJmpHm!{D1T__MbtFKrFHX6U7Cs!YlCs{uVTW1){8)d)p5^$1_JBw&-U4jDQGOG;dKvtSevC#!KLP$L&Kdr@i|}v9H|$|SUR1w) z{g|CdThYmLMb_wbCh0AsO^{x*=Dqm9&^9PP;;E;l^d)hZ$*a^sbk-RnC zydeGkgS-z80?4?6|k5a)k&y{vHd|MsL_QVfUgOt<1= zXk)Yu*DrdZfZwnODaX^O|JSLmmtQblzoQ6e`sLwdel3Temi%g50!OhAD^uH}k79d8 zaI_eXcNXEO!#8C!9P~%N9t!a|c`6J~!>@+th11H0R)P~N5F za`}w=485$7OV(;3&W%qxH!OSfcT$moZz_C(|mfUcR~-yrT_*_PUfCSI;gh({GUty7c(~J1Z_{(yn_gM(Kw- zaexF)EQ-(sgIsPL8+s7j3ESNRo(|xl?sf$Ds{ngk=Wtd-Uh(}wK1rU}Ey2TY;XH_F zpfkGrzPnOM`qCd^d(6_4hVUe95W}zYMjDR1C|nKwu^+>93;g>^)v1do-W4q-59~IP zKUS~2u;2Bq*6P$Ccof}T&HFTPx^y-RWnk@Mv+}tDdKdkG{$lv(+k78xmHIl?Rbkx~ z^0$1-@LgSm4|r&+#K%0L-}L!irg2X1jvwj`bmr$l&-WATJnbdvH!uxEM0+(M&xq2X zZ?-(}?J8eif;TB2fT17v=WN9G7^gv=(Z9R4n(%{kOdslF*`)FFsv>?YzsQf*?@Hjq zx7Y7t_*x7fbp~B~9oFG{*4wOa19{mTuB_(!vI@iV>LNT&3m75b(fcs+M4qZrZ{UVNUa6E`(8u8h(iSwxouREgf zkMgYVXp!M zIVtzEi={bB`$U;PLEVLX!gqD`^kZJK@Om4seC8bdLLr31a(Uj_$HlZG2LG8NbmzeB5r$H4}w5%qUMHH}a5a0atj#tmqzl-}OKUU0^NqorQ`~q`}!b z*Iy)zoTU%~abBZPanxjm%ng4IeU|IK4ce-^yUgE5l(zi&ZC!6I_sd1NIjL?0NVJSF zjol+vs5nNta&}aZz<4{Wbmfk-fHwC*60+TqqbFBg@} zD#};ZbC$1CRx7ihKcQtxd>i;rwEMs>{W$GN$FBgtPwQsN%5dJv$GTd6BOm#jIK=kG z_1m@4?Vg!J#W`)ayK`4)D~mlcew7tmh2MkBejj;VApfdR{*iVpHp1S!sJ(R|ItqcW6?l+Z{!-%>8PWpvolh9 z4wtiMxvLCzQ+WhF?1DUnH#R|c7a?2PpCO~=TIa_LzjsXSP3XVQ!&tuV8W<`%Uq;ul z4ei7=6CxzXLsv}%I975lneictSU*vE$Mp}U_lmDyHLK}(zN)M_O7}C8Yn}>kvOWmo zI0h-@ocRrV5Lk{q&f=SooqL4U6R0QsJ>!KpZ2^8+M?61=bu)!kg&X(NxUbZ1ITzC=<+N_o=>*{JZ^vvHq2uD9^u?ix^W90q~&=2#*2vS zz%vTIK(7J3Zk_?Zb&$J&cLg4#+jJi96rL(PO?bBA*@$rP#C@e)2g3b=Ja>X;_uU5i z>yhrZBYLOe`aH@R;@&xpXB1B};Iept=gfimxwiq9W83$i)jExJ%l*}O8eqF6YQOj5 z%`$fH9z5Oia}S)ya{|5&{OkaqJ1*jP6`tesa}V;p9}n<72$*YUu;=Hrp5@4Kd9Je) zU(|>T>%8Z_1)Y4W z8P7gEM?Kx8aL#>uE8xK6500Yj*QxB^*^9m7(9bEzI8%Z%2Up@9y)>?wjoLnEKjHID zdd@!2^Z$H=_VyrfAZ#X!-{W{1=I8zyI=Tp5{RDA8nVO$F0b1W$1v@*52RzN}!}}7> zhb!QX@Gk++=hlHAgq;SB|2VsVr@4PV2YOQr!k3c&Hyy6yq{v_C%XQ;Dif0V^g$(SQ zaa@W0FwW<4OoL-#FPz4Mc#dbXZ^!vnt}B}@)wy!c)6Z^C$Taujalp+YJdX!>xK0Y| zTz_48WL}zcx}1x~oFM0#xyGiDLLUQj#|6w47nVcsE3$Y_{Mz)2`JMYAFeH!KZ+pzyXtkd@59mv}=NYAwZJj3=Ms?ZMwt}h@B`=eh6 z&99%pa~|hnuEW!W2k`5U;kkr*58*%9v!qSTed8eDPvaTKLmVh4-?)f$9e9qwr+}9k z^$*hLXJ7q)0N?Kc?%Sa8)k90-rk%`Phw+|Yu6?9!+_24sYm*|) z^}7b4^i8iX(KcUYgO25}%@H+fn}WZ&rXjI5f$h9$Yj>narQLY_D#gKZtJ0Lh-!%#x zkoigEFZ%|3v#rQFmT*^K91`&&%dx|>HYdFSneT(u$x~`wQT>hk@kD_jD~YxhCi3e=Ka@{XxwAdOk?*^@kl-w zA8Gtn*zRNHguyrTuQEffi+GOWIf7>#afv^KH37Cc5m@vA81k30BN`B={o<<=M`~w}x@KQY9aF9vJ1NLe6@i%axOurd* z)SEe`akb;~&VhmayYGD`<6$#srxo6uM|`P{uj$=E%zA&Yz|Ded3UJ8(Hy;A*YyJH{ zg*Tr^*lC2xAFc{OSAS>59UhBLDd?bYQFwE~!Pw@7TumDo;hBIMv5YUkuEJA_pCyd0 z$?fjXw~nOTz6v;sQNrO5b|n4KH<8ynVWyD-s;#ZX4vBVLOrPlhVBDWnyL0&jI_nfq zu|3|fN5hM4DP1vNNR!7|JYF8a${)hUUMim)?0}32BX-@{9i~dBq7DluU_hexs0)w!6JP|&; zo?KoEz@omTW-H=gD=sf%+Q4-R&v86cmfpV*2079*K46g_^M%^&4CW2n16g&4NOum; z2?YN#Jd%#^C_ARaC)S$ZW4%;~dV+mCx%*(H)_c;wJ&iEdc{6|+p^Uh|yJN4^d$kpY zbCL9`XAKAHz-0RNJa!~zI4^QN?OS-N#g=UxJ%WAn9K)_<`PXm^z*>a);@U|Uw<$N6 ztHlh<&~8a{3gPaYQJlGoIBZbC{zNnZ{x{-0AHsi7_IE-FnQL}vPnC&s}++%bV#h8 zJ|c7uyEre3v{}|3bK#X7D-{{3gSDp-j=FN~8MG0qm{&ep(_M(;IhKLCF54+2>GS3b zb)|@xb%+Rm48IvxZDGrtD>c}S7QTF>9k*kK}6Pd^WEiSh&3FW8Q3ijoK_V;_$(eL35QoN0|FXPy=6E+~DDo5=ZGC>MS%3~gSH zRS9peVoEzu$@t>9A;;%jT8_7~T-Ht@yb*Zw_#U(LS2Ydo=2$G!a{U4y!Mg(0l7(?x zi0~KCUi4>9p)LFUdhpSLFwkRLRL11Xls8ZNEW=Ue_h`7lhqA!7yewCXEHqFssXBJD z_&WxR)^v+J;6->YWqO`$4V-m)mm=ov?5?IjPc<6!e<7c5q+KDO>9Z&UbtS$DJU%|5 z<8;oadHpp(X2ze=c%Lt6gii(eR1RF*R6lOMLgc9jP2>-M`+2y1Mi*fWCw@Oy16aAA zJ6**>C^mhQmQT$S!ouH*E|^D1&v8`8x9H|-DZg#lXDzzr-c{iZX`hWue`XG(4$?+JmV3(_ky>LkO{xp zpAr7vfaVbP_t912?ED_iK-4fRVF&DMdif4&|C4q^e85$>>5TC@s4|b2>DVdrl#kPc zgdbD-Li4wI*MaPhz%psj&C?iyvRwkacw}ta?1H-Sc<@{Db)CxcvT!0_1SislI(Yf^ zO*X+3(odz8Hc}FcL{f=zHVU4)yEPZJ z;ZPkk&+}2+ZZ&CGbXY}zU)nSIqHLmzlIpI3HG%DvX+Dd6K&JxpMr;qaJJ=h1G zC?m|HoaNCizKwDN0yS@M9n^e_(zR`a26ro>nBP(QhBypO3=OM^!zO$f0uA4k3u_y6 z_3y1`To{^C4(>u2mJ>g8>m?V~J>Yn$FAu_u=lUua)-~W{tEV3np7YrMtGv{+ev&Xf zOO0*2`W6>f+lCfn@8AH|yjYv3o^2k1uO*|xQ~d!S#=<=`+)i(@U+VSxBR&pi9U09j z7na-IXZoy<<=@@6iF3lb{-ECLK*Ba5g|vrm0}AD%8*SRmP!>n2u^n|=MKav(_bS|0 z=fYbD2eZ3{@7uPzujm<2U1d{ZWo^ zwy{vYINx(G(&Ma$?txu00jvBwo7xDT^Ms$D%WYBr%=7;|wCVk}v&JjnI46~a@5r+3 ztuJ-*)bg%Co<~(!pLStYxt>lr1ER3L!G$phjS*Wfu)fKK!{@bYTW)>Uh4HM|_U<(f zcGQK-%(Uop{UHr|`xz~l)ZgkBluOze_?9xc8kdb^JLFsfYpZc$SUihh!a5&}2}pUT z|8n*CwR=T}Fu6eh>=WBsKjC;_wxC!+p}1*+Bka z({2qw7W}iGL|ZY3`^QkxqN`$iYBqELb_L-ju6@Y%0d24{03TJ@09&{h@}eyyN$u|O z!iI67Bk|aO!#tGVN=spDOurjW1+e5L0jsoeLRP<9XS?B|z)RgLdJfj26s;>MY?#n? zm+XN$5VyHN13W|avbgQKeAet2aEz~N#Cs~pSHQE5Qkp%Ttk2=ANu#jgw8oJR^Ktnh z!@>GuDI6vFZr-sdI4%hu!S8W2DGq64FNNa@SuO^J7@pHH9^s?ha8RZY2leb^xuUhJ zRYn%PJQBzB%P1Fg!Sydor^l5#J=vIt3B@hxNtfwCJCVLYUPYb^F4&6Wk8MKsTRERiUQ_!O?>kNu;cdY;@<9COHQ=qp?2lou9@Jxx3eFf!(UV$gr4gcT)Ggne^x}%29t-rNd3VY@pT)kwY;%S;$##5F%^`J za>POJ8&O6ifA)aiEW$z<@Jx9nudn7VE$bqoQ2~6c zdk~hO(-hL#**erCJ?3AUj^v@yN=+Coo^uh()Dh6S68A}Dh9HpT&4Gpb_wCIUXsj8W z%jaU*2`lzf=X8d<;QOQs@v_hkiqlcYl2qv>#eu0mO5v^}$^+N%vK&b{epLVm+jnCDK7W{BsQd34r)7mCDx8j4?2Wmt6NM@&{1JamExkl1i!oE2e>_c@;7UJPK47YDzgjo zn0jY8aluv!cb&%fK@DR#*Q~JL@B9A^aa<*EvR}%0KElhg1_%!LmDCS@MucZOSl!^W=geA|gd(jcsit^jZ!?}Lq=Kca1-#V!2 zxt5M~zT`_9FxyZLkJ)#*rlBsYQ}|8TvxwtZ9(ZTC@H-il-F3-)A)hRZK5xJWc@uw$ zd}19&+(Lg;^9t|_^1|`IR9-k<$j<`(Urgo??b+o4^F;DtQ03wJ3EG43131ms^^&h4 zTyZ*)r$pshn1?JQR`&7EccWnr|9H3a*^`0(pp)zNo2`NmS1x_ogYGD+^0ij@lCc%= z?b3Pq8^F&Q%Wvp~ayfkbE%`ZRvZi4-d4$!eZbJMn%;)_i;DC?zAKI|`g2Y&wtgHWh z^F<86(ikHTGz^M&7UwE8Zc<^8gSw>PV<&}L$M@*b)KNk2yWX1gA5v1_)$+146A zq&DI6?gU_vml#JIwENUIvu*PB5zCh`@QgCV{WP4v6xq#orQB^peAdeAl)}-!%APs! zz%|RY2zUNX%H3YYNqmWXhfe8#>7)4;TWb&*v_8T9Hm+@EoYXI)_{ML)FM{cTlR75M zb^Emr^s;s%-K@m}uPElwXpc4#3qZPeQlc*={;=xJ2i~ zWju(Stiw$w#rhEVkjH(__8;~9(LYjeVp}Nvo2{+>_VWN?nFlS`FY-Epj#)oaAK_i` z#3T8RG_)yahwNiH-JvZoKM%ZIBk$u;1{g2ng6XB2itYM+~W_jWM_T%bpLr(FyG>FQd{(GKFsy4`LZ>YlP#-`*bK513Z?yK19c^u7t- zusAF+4ZR1&=H27?%kq#l6+dG?H#Ud6*}82|6WtPeh<9XCEJ{|4e_Tdtz1za zJPhal6IZXR4Z+5fJPAjC4t};}m7l*qsq!N~3fl%%H&V_M>2U5-4jpi&yCmrf?@B@L zFfZM2=uh;M{1)6Hd?nyyyoTj4q-FiSciDKd*;3(MkWK1?5#S$FJ_B1@$j^Zo-rLsM zIIle~um$&9<|C@r4rmYb$E#Z`k4ll&*&*{DxX8z^V~^BR!VZD|SF%I!OdlY=V?W-_ z$fGj-cD@heYu=y0@71uoy2jSzyz8*q0{04ueOh1igA)ON6|gth%JEUqYJoj(Rhsn4 z=zmIIP10Ve_t3LGN~CW9KMw!ZtvfLw!a*_+E`qxZ9l;;0nc#ihQhts*zWe%yfzOp0 zuiL}Pvhr+X`+Qq0{hpV}8`3!)xbjx43om0?Xw*eAmdzL5H5TiSeK6!-;hv-51LZ;8 zevdmJy>MTtmN~W+X)`PnA~$|tw_hLW3-6V+S@Hy;vpV99B*Jh7-5C`%7S_fdUSP|_{}uN53zU)V?I*HHjRrMLdUgf zecSke@l?D|9CX4yH}Q&(L%7JWJgTM*Q3kH%=UZjN(k2UM8Yv$#Pgs*1ZX-)_=Xc>f zIu22IPyRCPaNvY)3V#4wU(oKR|Cq(2xG^;t()YW46_Ii%%?4*n?5)17oYtHEZ-~eq%;mpDvb+D1NXGIch=G)>=XF= z3F_ATr5J~?IiA69D|vhluKXEc;1zVXqSF_5WiArXGZj# z{=)quL0kpK>^pn9FiU8+m+N@L{TvIXJgY2z2ur0L?qiIbFZ6HMdyfTyi#vljtOMlU zL20v1;yq<$31v&#;IMCBA4~%ldC$Fz315ahqdn30!PgY-KUCBgJEHL{o0zA>O{Xdb zN7A|G^8Q)jLu|_7@7=EZ^?D~Xj$@d#ITtUsQ@Yj`FJo;9coH9w4$24k5r41;X(5}$ zm!NE4v@(OTO1?b|?C$o%23M|eLUW_aOn>0x!?ch~fwDM$s*#qo@HpSadKL9v;eOIRX1pToLx9B?P~raL(9Kc6P#^fsbgQTE`z*rv zK7{WoiAUaPxXk;4|4Q`#MTfvEz6m(C?*VMuGQ~`r`SORXH^H;m0n*-n+H?c?$cxCl zQF-J#0udL*z0>ULfpSgn^(%KovNtY}A7T6Hfo-Ojw3ZncN%{}uHBS3lE~cl8`g{PU zPuu;&7LiHhd|(8>QTN^tc|?B5{s8Pk!kRS;*6IiV4)K!v%tkXf(?kwArssqw1fUdZC80H!SFuD{uA_3)~FZa z^R$=Zburk*_zd9Kcji1(te&1O=1FtKB6^4Y7wf%w)n)aL1*BO~y5KxoEHBm>70YY- zULf-oovm40hndiigNGam9hEe_`#pCT>2fL9E8coX<9&C7xy!@TemU0f^3w}veTfH4 zUxs{v?tOkPCEH@Ki^)}iJOJ-v$0e%Mh5B1UM&_SO8}Q-Mt9^J$d%DaAJ*ahh!cRO% z{TBI&2WOVDk18w{%=GWHF`oBoow?ADZ%6tpo)$dtG54cvxw^o&yQ@w1*St;Uayz&< zaX7Q+yeIKUyAJgN^j~Cp!kY2{w@Xh_Ik{&qd7r;YbYp+(OJzZ!&=zXq*Hq#ey`1YjWK|0^J zq8$N;D-ZP9zC1#IVO!Fd!)3QaIHYTd=N{dBq~nwLC=bs7kv^v7nX1V$&Bh_x)OX1^ z3uP}ZD{S-nGHQ7t^*QA_Yk3Ww_auh~e07YiGOdO0+o-0d6Df0NK0Y z8Z{iJDRhh&o+)X+70|8&YzU`ise}3GaP4Khz}OxW#9fVaC-BDKa*Xw&EvUEzmKPK0 zy5EjT0609SJ9=8XYI3`JumF{kfu9WPOPn#5+2-T|-UOWS!?JC7GAms>K=A1@4@9S4 z1w7j^UWQZYVJn`e%*p`H{8FX?AP!%L#3y9Sj4gsEhLb*RCeU|gB0S#-xGCFtydhg> zI+iU7r?O>O?>Sy(oorIXhuRT^jp&8Wb^MXkb!OIJtp4m=1pvd-xp5%VSJQ?)CYd2I zBIu?wk9hKPJmx0>XS(SO^1gG_@e|`CAGFENMe@IMG=`&1c1{4+@pPJTyzEWQnl{vB z`QOzT@D#&|o;!oQ@A7%?Z~;H;ud8Wces!&MFj`M`(cc;`UCqO|InnfIw%BzL@z75f z>PanQ_?>{${OZ~p;2CrJ>FFOFmhmU7=0ZI3zl-?~-nxZ)NRDf@`H?zBK zpmm5FZW9Or^J?It9YBU|=+@($O~8JHeZTI&7P`0CF|sMUlNf8ad2ezKsBq{&p&RN+ zEyw#T`Xg0%;AdQ#8V76jVfUcYr;q7AR9~0!IESz-9&wPn`<&wIAufmSkfTjFmAm_7 zfa}6dkj!oEu36oe!4@X|y=K19Q;j$Jqdo9_9^Zu|Ec+HcD*OCl4N z!rM{6Io{6H+?Yza)<$1zyW2)jq`wPXlmmA7a5lEXo->QUTV3`r(;4oEtDQaOdV2j$x2=; zKKQ8KZk4xpBF5KS6~oa-^=^xK>&+){*}gx-!&mh(50Tfs7vsF{%?mEViLdHC9N?N_ zK1)2eKqCTw#B&L6;K?=wc&0p@;<*4AlP_CJJmEe>#gpBFH|mD$z8Fuo)WZp$EQ^7| zvu$0S{H1pG;C8ZvY}o^VBTr`nT-!XH;$qvu;W|v7Bt9Wq_N?ORW4W@jpFQm16c5Xc z!*iZ^q;27xl+@#W5n%8awk@*f130s*zA^wAuD-O3?-`_-vpvwq{O4cLMoGXqJlg@| z@Z?!HbY)O=_Ox5w&`0}4ne0Q}J3H@7z^PB`8w>CpceW&aCE6)+)&a^*|JK-#_Z<)5 z9AAMQ^p{~PTd%;#4o^@Ld+KkLUkP3Hmw7nRd4D}%Ouqi@IKLyqn}fwxT48xI9@ak! z80*Vmd;>%Gyr+GijMMiYvAA@Vi%`5%E*wXAwC`0|+5qvStGhGVL8nQ%C#Qc#uJC0F2#_gI!4xY8Gyy zmp$^FSMqpQML6EGwJWOLg8$f0mhWkghEU)0l1%KIbg)j>gmr5;21)~6Z{UTt(MC1G zO;Pmj;eJt)t41UAwYvv&16OV^)85nBgH_~avoRgXw>yZd2KEu@-`ysSkl;3EMrqPq zG@Roy^dd4~EXL`0r;Z%&Qh;GYLhp9b-VS3PmwzjJLz~vSAe0Ae0_)G`Ha!^aaF(wj z$+L9@-_<^k6MRVAT|&zQlh+m<$Strb@k_|YT1-{;G>}&?9jd2QERLh;paNxr@LeQjp=6oY~I-i3mkp~Mlg`SeJ!-Sw!5Ph zJ~U1jrCB(%EWVHaA9{3SL$oW7QTe_t>g|Ct^gWSY`rzpIvOg`fOK44qL*MqAt$L28 z-v^9#-XQv`OqU#UC6i01dEdG?jnH^K#(Sjv`+0gP<4&H~zV!?mj<*esK&BErDLJ!7 z_VMKC10_t_*BaJ>F!~|LljzSkn0&8(8{6z=sS$uxhkjo7RkFRYlQ&w|S{(I9c~w8~ zoE<9bv*_P@ou(C!z^s&=(b$wgSSw_;abAh;W|hYaz?)dx2we$|(tB+)M-hLek#6=V z!pE^2<_q&#(!bj7GOTHB!{HtxC-ao+;J+LN`^HNk+lBc;4l>D{;G~Vk)CaiA^rCG= zrLr%9NA`&j7w3zFk8nN31;bqp9BAh{nx6wrfxW_=M}&CT*%WjdrL~_!8^}?N%jNBB z?v?&ioVi81d#Sv=LeA*%x=Q3Pbmwj4buNGP7IgKZ7_uy~7a7+Xi_Ze_w({%caUr*@ zD6f!*->-*$5dO0CZt1<=uXJZUg?jIiGXaLTd7T$>BlCsfCgw>G<|eyahinXD=Lx`Q zIUJ}#c1fJIWp=VHNunRDLoyn}?<5;bn5wcOgZ4d8&Tz+FR?V`T{e@@pjKA8qS z@P@HQd3(NMyYcYkO~>`_y7!*@?rprg=56=jLh4-J`qaCQJH5F0d*9O}0BDp$h7rnu zw&EiPTs+eAT!kL&O?xCW#5Hy!8^#Pi7E1&8IF0ia7%$~{ zSH|PWL4j4>m#&pfaT%N!O+w3#V+%f49HoVR1)4gPk4O)?Gmp|9l`)MBR$Ls^k9 z$gH+Isx~tf)eE2@ll05#cNC-waM4$e1pYx5c zyFZgf_dpJYVpS-|0PaNMbI*C*bI-l^++UOP z73=WR&0&7FuG%vA%kg9uvTyCh(|bHl<>}$-`d+h5R{QGP?EQu3|6J)hGS#hA?n(9C z&+%VU7e|!0V%oF)J@eLS>gBcVwrz`iIxYKjuE*9r&8MOzhiLFjz5QeJ=pon6gTf{OcDI}``NG^wDl_WTi&s;qf5(PZF21E zd$u*D(P~FqKEG#I#jrzhJ({;pqwJ_F9D|j$+-!d(-)AX2QzE~%Ykiz{wjHUpTiQxg z%ez?L8nk@1+`V3uWBg|A+UAqg?%#Sm&DWRXJd0=Nbwi$t`_tt%o1IoXt$)ux9?DWU zUa360!IqoFslA@^xy2!_y(h=oZ)@{y-O10%sh!ksyC*87q3_SBoR?fz`GMk%=kw6P zYgk^-tqbX2=9L*gFNxKD-CyvweL% zgVvYe>)r0O9vljB@;0&2k726!%PL>C|LE67+CA}c9pAk+D7~VAmER4NC#&b_yS35w{dr%Oi>(m4pkt%;&gb~2J z)oqmJ)1HAIw;Q2s`t8^J+4ZG)68pTKe0@hK-{sOT)((5ln?P<;PjHzz28gZ*I(H0+rsZf^0{Ai-tJG#$EjYVu>4xm z*j;M-WP9qvGB6{nKbFSrsuOmv(v)dDuuBt!dFWaqo!9DIVf#LNLfc!}v%%`0c5Oe> z{V5GGJ*DMga56$Oq+xltG#0kT^i`f%zbkv*3}y5ATKK_9^O_fyZO#1CeC%GSLz+I`FK5fa`s=*U zvrYMF)AO^{H*!$*=a`NczooveZ|Qv3w`{$v`6x`A?<;>MDkG~bM%;Rav(@^oX+P4q z1^Svli{08ZCAdpr_R;nrY?Hj*@_o4BEQFWa)_(b+wO@K99RG(l_OF^XPRsMemVAV7 z1BcDHUPI}TKYe7~LtpeRgSgEdwtW{(v+vx>)enBb$AoG6(==&5g?@p!k2$R7%KAHo zR}}jNeBOn~S^?xZJQCxsFUF1eDa5vG<%UE1R~a5E#`XLaVuo~|w{lq?_7&q+qqT1f z*OfoN)Z<-z^39N6+Xt*U?r&Cosi^%>UCNK`KU7@h_p0M6zgHV~^Eu6Hjq;S~*huS$ zy)Vg*GxP0WgRURba@p~|jx|R@`K~tYE~S^!?m8LXAvb9Cy-jCpbOUI6{}x}y&#%|~ zbzjO0JM>?5{;rSo-#-dFui*m?XH!`EALFN=Q~sZ*ynI1*>Owea)ow3!)737a>T7x( z5590t6E@oYJ(fT^RoK31`&NILq>gheTpzEupN;QF4co`P4GOnDU9}Inm)33H#y33t z=$bXP?^Crtk_Qi1`9B*URvgo5ogy8zHHCCye6?E(G=1@zNV2rMC_4L}a?8EFAuVr5 zwLbVZc8}`Rs<>@Et$ic4vA$fIHD1djUDIdVUb_}CT{~HB3->Fw_k`uN_mtB1eiGeF zs6gAU?Xz{g(08(LahSj7z0iNIV~$Xs>ES*^+fTOZD|5FSC&In(jmnP(m9es~E%bMI zT7`QjuWDMQXZ=+6+^4eY)T=s{+V{X<$EI$(Sv$DzTVBX(oi$F;cYkX$ zGun=KcgJU#zPLV2Z|}yjYx;Y7!*ilvJQ%}=JiZ^!*z$Stgojt=%iEvbq7%0|TfFrJ z8}~uX%jr;FE&s~i#bLRmvRa)@dGY09&w{cv;&I7~7h)Q+vbc9_h)ybt+1Oy=-UoG} zu)HGZ*b=vB9weD`!eRG!4u&low>!nRwv%YG1F4`B% zn1ylnd5b`m(yt$hUET4LpQAnd4(z9!RZGUd> zyZS8)>*w=nEFbn;dGPDT3*O(h_Dc09<;}{I4{P;)HKm3K~1_gB-& z+ny`rW!18{d}3MJ z)7zHoZ97%gH6s4b?l4^`v`fh|trKb4YF+W=q;@qwhnm;vHECPpeIX$|El=ClSUpc^ zyM zxaoKMLwKQncz&$DxkWgyR@?8_s641nMp|V}4h7`Fz{q2D7z4)$Z{WLF1MdwkfLHc^_zv zL%gOcw&UMB5Ytwjv~7~7JJ-^U@&1=|tLt60FY$ZhAb$)N z!R}Sb>%8iR&vSl0ZLv~U)81cr#?8#|s^qkvV0C?w>iohHZ6jK(-dfLp+K1fd_4mNL zp6|-u#;{-S+gN>%@%0u9P0_#I^ZoLwLK$y(#Kx6BzxL5`&BJE29L&b%9qwW3-q92L zZeJcMOke-d`qj}p>~nj6bWI!c^2re2)|Ir5r@B*Y8*RNw?Q3_DN~+I*%Q%kR%Riu=KC zVe`a=rn7u#sJyaL=M~q-_&Zcr zY!-1F@yd=6*ZLc6x#j1gRSxTC_2sI%Z}s1Pr+(PUzb!x2e%VenzIx%1-CmaFb2!Y$ z_l4CDv-g71JQVg9d^tA8=UQsncs*IH@%!U4*7o_J#(TK_pZPGX2k&XTwHfa#uV)l) z`}BWbPUj;uKkc)JJ`L@=pH>>@HJsD%bB(L{C~Q|vz!X1}hLxez+1I6u(ZZF@nr>W! zZL{-tV(rqh({KA|yWsUwd6bv+!FWG&Zmhie_*p5~m2 zT8GoQ<%1uGdD^^Q)p%P*w%&$wg~^_!F)`tTd!F=5XNcW)Xu}?6Z?AmT5R`QdNrT5Q}k=Bkh|)R^*g41 z6R(pu>e<`R#5Q+FST^SF$06f|zLgUir}5Qx%}+7ey;Xxx=}i-TalL#^t99I0sJx~& z;F3NN<;|XN}uYP-SK2-iwYXI)75?kw@=sHcsrtfwD6X-_Ub~7#|1w) z5v+b|d6DmB@?!NTyi+J1irBlK4mO1RxXb)J-^IG-W%luNigjG)_)cnBo``K(b7-fm zUCsBY+M?ynk5wo9iY~I%4vrqhUG5$j*ftP7Z98TAwpF*7$>{dOvxR(KUyK*tV`b_5 zAM>adsMBwD9K2#4t?R#|t7{-WOggRue?1iPXWJUBkG_4e|8^~&)l>U#?-nn9kLMtC zrY}5i+Rp#HZf%g-SD#L4rRhT4jU5B(EZw9{@QOI!*B>vq#OH5a(g(CJtdsUUXWvfg z-L&bPimnd|$MGBDa#Y*w`B&a;AIkD;L)u62_PbtT^0wzQTHBERTb;J`D8DXG^Yvp3 z`=7zN;vU+B0ikuBt4HFU_ZwEtM z)|-(3AFVIsze$&i^laX$qhPBnx~|H)R>L~-j+SfQ-pJyr%k%%eZ2r*dx~*&5wpyS6 zA={S4eg-*KUf1&W?TI!FWi;Qiza^)k~vevI(O+B~c`#e1VG59=FD@pj~4g98Ig{do8dYezzQ3cDwS9m>P{ zJHMgts?Tqn%)F2IX)_c#c~{NsD|Aa z%W1guD|L@%b*GxQ9YkGsd#IzB8lQ%&}~m{hu|KO}GEqSXSS6rm11m#^ttS)~ky(mGo#f zThq)L%Vytlrm4PXTW5=f%{^t`pY-ny8h_1LHun~#aqU>vaLbuSmF)CrHt!w#^1*1< z=wJSEG`sGd(X44KYs{|sqrX|4U6)<6I{XWNZMu>Yzuuyk>PE9>|1xbfo9|zyk7l3n zFZH9@4gO`uXm+E2nK_!>iuX20iOveE2j|1x_tTi{>jjApm^7tP{U|DsvkrW}>W zG{3rk&aSn8=dx>6jus2j;rP7ln(Wr>hO8WZ-kiQH$jaG_tXY3&X7lxTR`v<~y{#Hk z6WSzYOW{mYlWp3yJ6YJoo8s+~yJIZ7-Nj0cqgm@ahexx83SBgowPtrT&9UkFI{I}B z!nE1%Wed;zY^EMSux+3vyK^jSI`gw@Z8>S5p;NC++T7cnEgs9}ocWm!9CSzDpgrF> zyK7AOoT)JH5VUCrv)>;(azp9nRbO~w_0e1X&l7JxoZWf!*41y`x_bV^f2#PO9Lp9S zexSMZ$!t-!@V&Z?b$?O!RsFrLX;$35s%x}lSJm~ktg7p6soVQgP1H7)wPZ6CX@=KX zMVYA|GeaHKuUR(AtEhft`Z3!or$61huJO9;lXVNuWNoHCs2ALYHtOhE{nS2l&w;oP zQ>Wj$w&9qL^^d6^;g}iM-(fqo?f%f@(u`mIn}V!A;MhtHOKrTa7147q^)l`!wrkh_ zDI2XmiN(w9%S7e4`Xr8>)NojXwO2JCh1quDiXWw6ZD~opr`qfEd8>cu*!vo6eV>u~ zBlO+!UeRz~gO#m*^0TBB<{zb5uQ=oSQB%IcyK=nWB1YGKqP-jA8;$1FrK_y-xawz4`6s{cqxzbYkk6Za?rShlo z7FXjgXfT6W;XL4<+v)I9I!|M9^iiHCU+;6=wgI+ZoX+vNd74hwg_NhBZp7+>PpAJX zfAu;gU2}9=gUUZLMfpdrru>$tk`A={dUU9*JD|4fa$+5AhmX=#eHbx|reu-w8>387 z&XMyP=lS)=McD-QEM`A;`|-zNTz(Du(r{d3{R2yM4B*EJIySIlMD=f0b{|mRupP_& zLgVaxIzM;6fo@AR_TjzN9OrjvqVm>_6R}V6?#?YbxwuuwQg+?Mf9N=)*azXq%^M~z z{#~1;tLb&TX~%Y{FY&D{Ax-Zqm_9Jnsd0txmA7+W2q{&Mq(KPsV*dm5wdd{G70TKRyT`fB*srAb@RWw~p$;|CRe-sY{_OLh7(tA1K($>5g3p@E@}jin_+-8+Vse6724XxqSG_*Ggmu&t|O zsH3zb{2dJcHV$h1z_z~btwRG(m6j;EB^^UU13eqJ4|NY-K0i~8nX53%$;^pyAG@Pe zy7NFGo{h85O&UDM6XUz|b=Qtk-M>DdFX>Yszucz(7H`_be{ay=4NC8C&&6@}FU7l4 z-!0zsiHl|ZE$=90rBnKyJ}F+i0z$lBmrs@Ewk*}}#uQ2aQ@myRo@tmq@oPny+p?lm zdSkJEr;m-Z&!;t5dNZ~7J`VBnG;F+$v(M+ZO-%eMeAVB%Ei3i6INub{^HzwrPTwEN If5-Ix2Y>TN)c^nh literal 729880 zcmeFa4|tT-nKyi%WY7u3cI-E_QG-rOaFc>CU}z_qBuo_h4h(jq4KL_QJ8YmOMYd4& z+gP7ro-v^>QE3wcEz|@;1u9)}aSPuoD}k_zE8V&a--@qR!K7+U_#+8_laSzAWLg43TF#Q@7#iGe6(u!L!gzlivZ;kWXQi z2&c7Bq+2nR-z?nL0g+*~iOiTGJh3d19V-zzv4vt%EGE2GmT=4wVo{;T5@y!uu_ccR zm+2APDziku^caiGB`MnqEx=d(<0WQ|gwF%eKlQ($7{BFHH}YrPK*%1b`!fdrQ-dB9 zo+mzaBcGyykllanr>Op^t77~apSqDx(Ll)V`#(DVkbU_x&Ho|0_cK2Jp3n67%@wzA zGapIW7B2S)^O4kT=8D_4aUT8@BK>DoHDq75XqvQWiHuq;&JY=8wjF11L&-nOHf5yju>N7t6lb`YN zpZJWAzvDAK{y)13I|*oG*2Crbo-N|H2c=#7b%-p%6G-UH%rZ<~1YvLRY8XNmU9C8G24 zLeYI0!2*{z8_vrI4AU3I7bG0Z%{2L4X&Ulr`LgWJk#P(@#4EJ34&oK? zT+Vm}JS!QmfTzWH1w2JN#?+26wPQ@}7*jjO)Q&NAU`!ntQwPS>fiZPpOdS|g2gcNa zF`dAePGC$YFs2h2(+P~}1jcj%V>*E`oy3?aJjxHAKFSZCg_IvW1C*bT{dV{NhhVXM&~k-g#08aK&$ys;Qy7a7 zo8-hZ8?xT%D;L6N;jbxsSJ_s)z9fY8o^Zrcg)=rDczIcf+V_Q{&LNz2*{tum-xQ8# zP4O4_b3E(YD%)`Rs)cJ3BBM%TcFP=LObUvW>4oE=PqJ*gEK7XR^xh6VXo;W*FAj=| zBVoYBxGCavE${~Xxy@%%w-pKdT)xvIYIC43^HXFUwo%xGezs27;%fn{t@smOFURl= zOJv3CM2y=j5liK!t|H$e&m-H8VZ5tBqnL0Y4(gn*+9RxLA=Xyg%WJcd7aLy*K1c@) zE^`*jm7tA)xEaq3vqXMpf;T+ijco8n4tQfyU6$~IH}b$6KJZ3i-DVM}J0ND(wTa-9 zhM4nYmMDF)M3g-Vo%du+-1p>W5q|Q3SoCC@SW<6@`|GpB^7<0-VEsZ-SsxQ-{bpg+ z9}v~`ZDMs$>^hB@FArkAvJvx@1C=)kF<)N9eB~kL%ZHe+!WjCCp}!dVdldaWivAu& ze~+TSN73J-=BYSaAHBnA`Z=Au0|SgiElyN^3T^KZZgYrD$OcSsagFMcUkpY(K{a%9>$rO-?^dE z6dCt}$2_+QyIb-N)5X`G^}RBbMt)&iMV?NPpF7G0o=x3}2tED%h1I!2tj2el2uwD! zQY+QFb>q-`%jeATsg-O4Y?b_%#6S`QNem=0kijK7u={S=M|wWm{RfxUsO@{)4aFlJ_cKF)iVqY_@CRo@?H5ZQ=fI-gk}q zvhT$Ev{CN0qOg5Af2sGrqNTzWnV2!zmnIBz^o`3SvyHWLXJ`1#(W2BGbKT^~_>jCi zn{Bc^37hJ(Wk2pgH={RH;(qLz=2PP<&E|=fkr}sbD-_?ii*oJP!UA`E|IjFo)`&n^ z#a|ScG#i=uxegJ**yaVEE}r|9@Xhn?UFDs-fcj0s6@BSkCGSKJ8vint?Ui1C^}xKaxcQq+qdv+nwC!&;UFF5y-RXG# zU~aDGt9b5;R*}LSN+Nqy}Wn5)tBZF^S(8AUs;;Z z``zP~h#n7BmQ`#ij(Acq#*}Tu+1%W3esAtlapS_=R6CL@e8k7xT<LnHWry$}a2Gf6;4Bm18zJ(_#9J$e<3V_R<+eTV5#Xpi z!xxR5tc<>M-QU#j#r@xE44EOjztLYMjF3HW81Hp#6TJ4@{DmSAG=BF?oCo&GEpuvhw<=`d=13qi}&Ft@VC5s9`)CZlqr^p z{}GRTzrxdCdTkZ%qz?=Ej;DiZmIJ>pkc#{Cad$qR4m{KGbmHm4GhMfrBI|F#J^L@K zdi>_t%!y+vd4GM-c=Ko+k0JYVPvK2=XOYJ~W2TDIg}JsJwSvT_6M4so8{#WyyyZ*8 zPf)DbZfTt{LcZnrk$>oq=l|fEkL8ySEMHzOmVo|p3>f$KM!?<*+GGR%vC(rF&lhl? zKkknwe4za?+;Q(T7u`^)zAvu>>>iZ062`9U|F5IbUev!~SpCKk_2=sP0pg5pP=*Ve zgh4)>@t%EVo{irjSgHCW&jgKszKeP++JoN<5W-ay_6W+@!le$8?-63Ir}e5x*mxg& zXF$&wl&_H8yO`~g9?%t;Xycmtcllcey$kW%0-fj&y!p>#AzRzR0>2r7-zZT0`oFel zdbIA3f&Rb?>Rcz=vAp>G1@eyzI&8%R-|+8+z82(JE|ftzS>}NQ>Ra+0>MZXX{=MRs zklnLgj&)DUHoP~^+ahk{9sTU5uv!?@aj3Tkd9j3Y4}C(pV<>lz8R4APbC)c?LAHCx zyj5uT>6}u+7=8I%W#Lw|{q#w+{lGXYioPt!H~Yl=g#Km?euw4vDpf||jb+$QQ2d}x z(ejNY(3zOu_!|+Ich<%nnLY?lt>GvGy^QsS)b|3C(WUz#v#Z}Ntbo(Wzr4vH@x)z8=P^x*s8>Xn55i_K5mC=8`n?HBSF zI!Yx@jHBx{4|J06@%tO+eC2;QLSBUa95*yp@b6ImJ1T#mKQW(aL2=crDbzc_QOQ1$ z9yCVnFvIxGh1Aq5&gDb;joPu@ctqu2)PE4^{`9g1IH?vX5D{KL^me_no&)nF+h#P`=P+ls`I|qy*|!OL8geqD#bzH5 zvAq9y-yD>miu!jV->qb{=pOW!j(XdXmZ4;;=nmai5z1yEJyVyx1!XZ03`CIT(PgjG zWoHG2{{qspby)*t!FL09AuUIhEj+Eu&PCZnNS~z279K@e7s^gRnpc-Spvx{q*+!)2 z>9X5VmUDX#(tNt?I$d@d%C10qp)MOi*$k9@4QT;gwnCSUqU;?=pQ+2<1sN0Jaw|1x zxH?d01M-5p&U9U;4t1_Y`W#(noUY?Qo!zLj7)AT=#wn_g*8lHPt7xlL5=Vo0W^X`YQqkg`IsSWkUqTczFNL-#`8oVPbwPZ5X0&%(&^TN~ z`QaG#*hc9-A5>#2XwTRbp<$|K%K2uf|L48pvbA{>@Tv=aCk^8^v*cUv+zc>6p(km+hU(ImX|FHQGLrN4QYF3uy-DXr$2=zY1+$L%4Th z?3v}zH^;Ac*T3uaF>OktFk-o0AJ%`_{KkCb;CK`b+JXB^+ljxBeX$}aT$(@Ie~5JG zk+|J~Wk^ia`rAY)@bYrV?p)0ICn)ZPj$E^>xRv_5ZACH05fuBi9_p-8y8hBE-Phk2 zw@~+AlCmntT;BeXue!sS5tiv$9Jicv!d!QbStaWM1~m_Ld;vHqBQ62!1>!=^RmPaM zrv0LJh%Y*BnIYKT#Um&)3hf-20k{(KgEIm$|M{xpkbm@ze#N|378m=|K1O8M!Mgh|KXMz{H7YxGVonklO?9( zJrnOmH6`M!c=zDF7|(1xXW*F=vM+Q=*vr3&xplhIbC|0kuWN(itGP`#iCXY_3V7ty z%J*Ibt@8Sjw|-^S(|G@CnyTCJ64F0FdV`unrgyD;>DMfK1Zhn=jq}2mX!+YnpME5o z`V#Y>N7^&ds`r@ItlK(+bk0Z5>Uvvs`emfYkiJuwUjzJ--`MW1=X~r4+d}yrNZ+f=&x(%!7s8Rta!79huXYwU+2;y&pSXVI(|^ajYmol3 z8t?S$RNAeak6+dBjZ$O1mE-@dO3UlQ`(ZWKybl!oCon(VdI0IK>oT0D-_&IeDBRw< z8ENn6e8SnP^EWGe-OBO5uf~+OMz=c!?N-S5O`;t-8Fb8BQ5YU|Aza=D{9I^8ol|PO zdH1OC-kPt+i*-ca9lD*bQ6`k#cI$Pzz4K^qFXa#A#xc#`OuK5JCMc%S{^{1R8oG@; zkbX?p?Nc@%@FMASLCNzbFnsxmI|1`+oLd2(Y}dERfKA9b{MOy7zCrnT2j80hoL{EJ z*dNNKBYlmz={Bx4uL0a=xz;SJ7B|wLajwdP&v4ENto%wf^I@r>Dj+R%ze(HX1I!-CnD347|wxr-IL+hc+5+)Y$-hDZbcf zWRQ;dzDLn(s??n*m#OCIX(iDC*yz9=Y(nU|tBw-Zl6^*>grSKreDQjJGhy)d%RU+n zkM4UE^`cJ8_BWh(UfK3jPb)t4Dm$;y$N>zn?WZ2q>59&c#w4VJXQwt(53(KTvAuwQ zFZDV4TjOgqyyRQzKa^W1`zk;23j0O=GUVsUeCR{uKZI`|<;GtEADWoDSe5U1e}<6d zi;!PP82lOJx2bn<+|<$0ng3pi@naqwb(aPI8|V;2*?^M0spG643J22I-%OpBhWDV7 zQExx;v0gZPC(`Dqd~XNdOLhJ+HI@@pRewJVdi;=!a*Ma!wUc`u)0miAslU z*k~*VPN(W}kh3Y*6j}-PW3>T$lxsQfHGm7Yh2t&oN;zx+S78hKe5L(a@NT+(-wxZQ zlrrSodUCA!&$m{Zuii?3uw0)=`WXkB$&-*r==aH+$z!tbMguZPo}HrQ|Kx4pE%5Z@ zh|V_^?@n2zVf_a36#q9GuuTc$lnNz_lV@RE)f_8j59xR5I{)2&{A4-mYDq|pTwt5 z`>C&bg9~X=@9DHHzUm)OLRuQ^1=|kv){&A_Nlr44Ymq>qp2>;V}n?F=O!Jx708o(g^ zkwN1h#sTJYzL((lsXp}z=OVTZ9o|U%(vFQDkTt}J^Y&o(rBxj zRpTptS!!PgwtP5l@3UQeKa^;~H_bs^&d=X`b@ZT?eQ1nG9y!2n7PaG?AtZn3;M>=>L zD|OPQe>ZeG^mG3XU)Z+sWP90hyd>~QD{-yc+p6H{Z&dK~uTwbcUlZrq=pP8%f{21v-!%N=f_~a*a=dYV8j^>73&`W7 zLr`3neqq_BvG1KYy*MV835s5&Yqakn&hJa$FNn8G|Hn}I9?rpW-?fYBLD6&Mll<3z zie63hPs#GR-b~uIL8Eyc_rVG0jMn2jtTA3^xxMcU_p3`9L?-iMOTGAQ>wDcYtx-6u zI`sOu{Pd4Q_J=XHXVrL}@_ERcE}tFVOwz&JG7Yxt>D>{BuM}nH>ar5o%(u3CvytCU zxkLVR@+ajPaIMvNY(<@Ogd;!KrPe;<7zDE?v;zkTH&!Im`YNQc^pHxu*Z z%tF}xA^W{UOrt#1Muh`&v`d%I1Npd^WUg3q#dT%TF zPSVxbyM^iS#W*7s8KwD4ZJU2)+WhCphb0^B^VnmvA{F<#&G7tE^2;R0p#MegPm(X# z7JkFL%vuE591nj9{QiKgFy5zprh$&-Dd0zu5gU(k6)5+(EC>I!9pQcf@?4B};1~lN z?RTgr;`}-!BVMPOCb}czXS*Yw+3qJQgt0s^h$r*Lp67zbizdfFo&c`gY@d4@a=!xe z9NY7^N_%EC`7>y2f0+GZJaUg5^k}4Qgg#568#9QTGUWMuqwW0@Epc55_&R?!;!`SG zpYx4LNLz}%g2(3Lx3`5M_mL1Yk?%p=z=Gg&Qy!BzYQa41Al|BMA!t(pZ?%M5>4Sf4 z8N|gx{6@UC#|STY>|22677P2|iq;}bUYcP^{=47b!uidSXf%tIP{2WK!JwjILwVYj_7X<{{g(;j0dpGtYc_{pDU zMOpn%5NvtS6REyi}mQX53C!#>G=Wdoj0Vo zt#Q;nsg&!&NH|y;S^CB0ktLItN1TY+T6)#MT&Jrbk{OsB3C;ILz8lDgPISd8Ag|$j z-F0{puGmU%I=`be^9kGD*bI^3Z-LGgv)z;t%olDczl;Mg{-pkaeeycs_ z*;m?g&d#4bd*q(8w2g+#$nJ%lSFNZwQ^|+jh&X^u@)K!~{S3r@?0#MIl$@iW#~L}8 zu>aZ$@9;Pz@E-91{_BiQRBieYmxlQ~GX{FGP1HM^pIaU#?3jBd$NhY4bJ+ZZcGyO| zzEvUT;(){hY#y{HblRkN8ot4gvRsBtBYcRZ1C26cOTouuQrvtey@umq*FD4o$4)%R zJ~4La(Fu4Hc4C+&qcbIu}Oq2Ff_mi*jlF4n0(Bpj@db@<>uqr!cE zjfogG`aDPC0&v_<8pL6akC*j=#;+SW?yC2=cQ4mb<2YZT&RDin)dn4(HMlM=13V(J zE!3CxFUqH>wMakW-1^tCF56*!&M#~O>E?*KSqk<(9k%KUapM33m?sB z_}yE(OCz(dcSj%V4wUQ_UdD1#CM4g0pV4kUV7kKkzfaF&|8Sp%Nz2=1NsA%aFISJq ze~4pD$X`VMuykAsb&-^{3NaaLCqda{{rv|JFV+H{FZO!K`^2x`zOB-ihB#NsW|ZZ7 zk1#(mjeQMY*Y-a9N&QiF?!+D@+F7l6R<^}=rMnm}Bl}qr=WW8q{GhS(Aayn02^(y= z0oc?19M9aPt^zft`IDm^vVLwNorn0f*EJkhy%X3TaTB#N1n85)_`;F!4992BZxg?% zI}jf>xHeRL*(3REhz31-*>8MILF4axbUE#}=#e@!E?)`tM)<9I9vTL3g9u}fTCS5| zzlpL6#uVLF83_d^N0!2dA1_MtY2P*?&QDk(Y6WN?yJ6?T|0L2^ffwt>*nQIxPYK`J z`NVNYW*L)5j#J|9s5 zZMxSeS?gZK_H}!6b$fSyLVI~}+LD(Qe!K6`@D;H=UH=-6i?}A=4)MmN^Mm7y#bXt_ zrQZ&F*idvF=cNk@u1lvST+&{@B>m#Z+pXHav||uHv@x@l>DDi?||-4`qu&XVza#G4fZ*rUe1XAYIHsAx4d}EmFr#T)VNFF$%|V5UtAd7 zhCR(DtkE}N&C4~Y@plKf{>9$t9@3t6bi7Q^_*D#WWe@kgUO1Hqm&7k%M>`!O^)vOD zTyyTFez_2lc#Vp~!{^@%0X1(u8_;lT`dy%mfDYntoOWnq#2or}4=J2n$WlCg;ksy5 zw+J+-Smlr7^!)3IumfhsEMN_FzD?CX|CX$e^)_Ye3iT!b57F{h7j*s2y8Z?QbGLUm zEzisOFQHzuu2-S!EmZaTM%I%)`Gk5h{uA&{)%D~YVU`b!sCRA{jX=jcRe$H?eoV+d zCu5b&@^0U7IM3}Gj-OwR)%6aj{?6@Da4H*Wh%V>M;q|s3)Aed}J@OG{O4?ot^=1yI z`MG;kxs2|FGM;#u{ewF3+=e*+Vk~Q9o$7A1-zDeqA$@pmkf##rE=Z_*m#n+V<1$xX z=Nhg{&pAenDNT*(thS-f?udN*Iw`m8FES(Jr;(Z892_70RM>xQ8Q#V-2Xz}O6kg6& zjA-MFS7<}xmNt&AJDo5SKk+j}*r)A_<4BjeHeO~md?17mW!@ZKrt5UPOw&*qN&lg~ zx(>z5B=l7~d`!RWQhjzcsxft~llE|wey(TkA5m71ze|t5tHQcT`q5mbz&R4UqmFMx zojTpVoc}P6>Fd$9(izXBk0`rXm!;nw`0wH#r)#H#<(I7^%I2%Gogb*Oo$?F@{HB26 zmm}ohm)GdBdvw|7iI?bm*H?OR=Ef|)&NW=8b&eSKw%2t1hjslGwDsA>p#0&SQd#+# z0n&;(5AkXv^#3-k|2wt*@4V&8ZCpxd#h^KEJjLvnZK znGtn0|DVzPe`bfQ8_l><-TOH&z%L{1QeU~Y*Wup{*=I`G?huciS-d(`h??=jC=>9F zj87dF1CR2a;c#q?=`q}*$1tI++)+$AmxceS7`$PumwdD}J`ZZS`KTX#q@b_Vxw(PK zHQ3*XHpg&y7uej=2;<~K-s^TH~d<45M5sx2@ z8(G&3-#Ez}tm{aqd-}J->z;1=c-_pwxYk%-g>i@&mtlRforcv1Bv0 zi8_sIF|1Sa@Gj41)TVjh2mcM?Cqxi_X5_as--Y*doS#Fi&Tnq1Iu3vLO88W(q@VsB z)}?=y>m3bmMwok>Y2FOr0lx63N6b;bkou2nU#^YlLxFE=Zfu5!ek#@0M*Eb);V%v= z9_Zh>e_=`?;$*Q8ol?eqMZ~P~Jf=RMlQO?HmV)y;DWZ0Biaw{4BG*DbH6N$@jFgPp zwv?PYBZcv1m+P`py!4yam89hPo2R*e7x;32`aIVka(%dx_WH?Le3!5qwV>U}eEM+_ zhm#eu|FF9@A{@%sbn;mJe(qJ#4|M7w_*=81)|;ZF5qnPyQ%YsbjIsH==4Wa1(yk>f zh-cuBdn0R!BZLBdn29d_hSu*Z`3ywy*8I=IJHhXfpOdNED&JS zd+%q~z@JqylHQd6xEzjL!zdYQsvs`0hv)*|xHR9y$Ng%^{$L^fh=9$-wuysS?lcd5 zj@+xlxSiw|#T!k#$lru@Klq!pj1@^gVs_Ob$y0J4f_sRF6DXpMpILISNSG`#-<(I7XvPC;ogZ4c*LH0I>zBJQz5(hT-4xP zDeajKssG}(@rd>osP+bqvAz5ms=e3@z=nN6;*w+KTpMpQWVgQ%A2a!odkwyF_cw`C zj-UKQUM7E6Z6g1^f34)vmBc|ue*L~Uk9HifZX%DiN*+aD*)OuKtawaJ`-8)Ipnb8V zwcevPt20V#YxF+#cCTy7DoLA+Xmt*KJMldf*axr57?qJcF*L8XUYE!-*#8}2|GnEo zJ%c^m?vUL&ZbaE|=v8{;d;F>gOtl6yVX2fZpsFpiUPL4d2M9{YdPkDPl(z_(?}M#(=f z12>Y7txPZYcy=Y_le{f`mP@C(B1K{{_Z9qhNjK&oL3jYeeE0>&vX1mkM(CIPeKY!8 zHzIAjg7e*@gK$E(gReGFmek%{=a2Y&))D0^)Ev+`m32^lAz^`^tq%ID zhqxuaxknQ;p6cUVg?Iv<&6e>fcslCFL+9!<+Gq=LHq)TH?Kto6YzD8A*FcxD!TAAa zOJv*F+oOk_r=lHbtf*;0>kPg!8^2;Zcu%!BS@TGb(McCkPV2+GgEU$MtNR~*0} z#?3PuGw>|7)V_If6W&|!*9yMCyinlktb!it_ve>%*Y|rf3#N9iD7gE~nt}&9ANJqd zxzhhg|Az%@J1y|>;)30ss|w!eGz%_u;w)ZjUQq!0bGFA}jgH$0DV@MA?1&HU;xiJ# z-3u58_9UT;Iy_|C!iOyn=e z_so(;BOBkNk?+OR6WC{9FIlGDjWUc!DMK1#5W;x>0n!$s-Ve}D2EG^Jo9%rkuulN* zVhi3ML|Pu64L~&#HwkX1WhC za1zh^L>_H3(E6C9N5!-}&~XF4yJ&YIz9GJD@kAR$X?+di2&66e(_nmTfQe%oOWUH* zipTx~KG1ejyd!z(cMs8zBj-;6SZU|T z^qzj|Y~q-3qpn;B57A}a1mcJOa0S=ED6Ua39=RVm5mn2d)e2=>zsKNbv$u;jHt7ExSZ54CLgG>eFqd? z`$~qvT+P_F&Xd3g?$GFque~zZ?r{0(o1|p1euN*a-bkP+cz2+Ub*0S+UKzfo7>dcK zt*h6iZo){O)%;5Q9UZbc?R8h?-Ag6IdAB}2PMiOr?Hvhi=U=()iysVc`^lYbdq^&x zl>SeS8?Z{giI0~!lYArPb3oczL-p#84$-4`kD^Df^qnTsWDsZNotHrC93|_08S(Kc zdiFj{JddpBEAJYGI+IkL%hKOD#N)lqpHRnvI$m8zjy0i9O=2G^PFp~)U9MqUtV4LA z=LYew;Omj{mRMKfrM&A}^ySliNq^rEerk6o;OAO}pPstJHZZ;$P`?oUr?LOxJleB* zIF5See!_Tj&_+PP(A%QxNMDJ+MaF?+J=>%G>pjysztE=zoyl{JuqpoM3h?g3(B~QQ zECSC+7|{;$4C7y^)73hyR<3Oc|8TkQ`YQULsp(iU9FO+k+DYn6^n-HQ#0&Lh;1_Y< z&Bd2O_MYe2SJ0?UH=mveUhH11_th6D+;!`7p51q%k5AC0UB!SU2wXsy_6+(td@b-b z^kRyv`*l$BD3MehmXZrK|`1u1(Ab+{=+yhIF|n#k>)8egygR6`i~9 z8BXVm?~Ld_Yed_Rq3(TXI}0}K^LoyfzMA+LkiI^#&A1O@NS@Z{{U3XS(pC1g#2M)T zA3`hpzXHtb&~I45d})|Z1^v-(A2#38R!W2cJn}5;-eV)i@(kKs1e!{D9D@JCo4}WZ zL-IP#hDcsVEGzijhqk02gmy6fCa`<3_U*5OuBGgG$m>Dlhg%5~?K0ZO@O|L^k*?i} z*X+3%_rr*Td6{ye#{EPq`aI0B@6S@cJoHJwY#wpMH7a!a^cfb;L%?t9j|likFI?ll zckKQChOPrxm)%c&0A1jcXXzHb4Y{}&k!29eZ9c4E1DsoV?h|{{N2Je0`X(;U#h6|O zzT_P!-K~{X2Z4W_?bCP|jDL|h z*eG77kCr+N@J&*>;QU>~Xi+V2k4o1ez>B~0(!Vr$9DFfNIB#L0Zu2V--m+1yspivO z)VR$qc@E>1u|H>6kLyTBJgyUX&qh43Bk&|-YYX+zg=VC=q^}F{75MJwy@iN%cSaj< z-(iFO%mZPpGk$@37@zdLa(uwUix@X?5{bp2j|S$)kPh0(@1XHG{ar1j-M*M`6}RAw z!5*Ab;C+suRa{4!eg4YG^|x0RH<6Zo6$NjAwtov+=G%S#u)s<2t|J9+hz9}Vvp?D( z9IM^Z_9zQ%6oG=ZfK$lv!;g8njboNEAggdz^6Olq4=mvM-<8!*lLmK~m6E^SL|gaq zo&xk2)3osEb|->2WxG0mp~h*3`aYM-_2kNze~r55r+>V^{?qsctp?Ip7@#tEfYO4Q~HQ}I~!%xX}Xaf^Q^mz<@%5_E1SbBu# z;h0~tQM|)4gc0Y$cB0&Alp7oGi~b(oxizCn%!tQQM}H$Gmp2Cl@7}`P7?109MvsAp zdvW#xazXl25BQq!#N7fxKyZ(ZY@xCAPGUis^ zLxghu(a(^bhdlcoy(1lB%!jMkda7uOH(S>v3mjewKIw z@AQ2+&59c;S1X?f>*lepuR<88-~M<9?w!NET}a1Xo0t?d9?GTMun+RUQym4naNhKZ z)q354bl#OxfO&@XPoWIXYGNIV?}Reh`4t~jN0y4`R(uco>QVdsC22S$3g1g4+gKaP z4$1vDUy}p(SWMgH$Jj}$=ta(#57a2!q}q~4EZmo6JlLk!^_fqNhhBk?B-(?r@Het< zL5sdeqLqHvuG93(BaY!Z#FOux*7KZ#=c5k*Piedz-(zQALRp-le@NOz=pzI9-YGwq{E<1a zQAFWubVsrPW3w=xszAHKczw!x&7)6=o8h}WHKl>y#(Ip+4}WFlu(8F|*a)9hb5`D8 zfId^uXA$_IQ1fE8gb99LjBT~fm*dA=!aMwm<#{+^(C>4Ob^zLX0_AYe#e+&e!PfOZ z37J~i>!$t*8Y@PzT+sNz;^=$5Zqf~~2NU|KMSbA;L7Y*Rc25TDu3YpK>MTD*zb9>s zg#Om*@~aZdN3(JFj@)K61Ee9&3q5#GVp+~jD7%b4Y_z>ZmVN&bP45S9 zk!2y5e#j&8eHi!6Tqkkt(f(f05jqrOlV{|Oqy0I!%d$0SJh~ou`Y-cm za*m^Kk#jBQwyLM$tAl>0O;)nkcon`v?q%_PuPIKr@je>9^qo}$N>4x!e8jmIa}wr3 z@}`jIa+!v_UZn5QxZdJ##NEctt^&dz-FL!W)#3Gk*TLt)RULty)4+4~_Jk>TLLYW= z--tNC{`8*0aQw{mIjs8&UO=n?_ORr=onAc0#;|8im?K5A-E(tsMyq(X8~Z@%;AtI; zfpY|qD~>11u{GGgB^2XuX7lDHsKpsHD%Kfe1MI2Rp|Tj3SNNj z#(9@>Uj%&PP&R_Iv#{mCXRVU1Wm7EMX20~K63@_2i#RrGBYd6vWZm)Ban66gs*!Up z?nA9YI@+4b^KazAdE1A^C&#l%j^~~Dc;Mgn$h~XC0}T0Vt@Ya8I?OeMrgvVU_}ool zvGeK}<^t{)vJJqL&T~7!i4#vJ+7moKg8d`0%+u96#oBo_@OsMH1U<@inYc#Uk0paX z=yP*I_Vz=l|7sQXoc#N-&l|x08P598z*uKk&?`m1!B`fx`|mwx`5!s=fWP4!?o|=B zu?T$A{f_SpoxcY8T#xB}t?g;i##aO2ljXGK z;VYR#-26xT2#}{vxlV%(!#R)k5atDC<3Ogt8`N#!>1VcUp2!HrIZ0Hhj=n_K^9* zvu?I)?rSZ@_bjf$LAddBa$U=H zlDQjexi`3H^1)Hk(%;Ip!?zl_eyIgM{Vkj`t~%x43?0!rW(VFK zG2t_tzT!4prn%)B>(z6W{xFFm_46*vDc9Ao0Yy_)JM`dc;htxw6h}AZ1frXM@5a2I z9&N}8Kz8;sac2Iz!WsJ?*z=zqc1LpWf$b4werB|xG=OoteIE*!zEk-H@)_6H`A+Dtr)**+;jR3J zZ^gy-@I3+bU5wF*^B3CwEqHS~U~!v|Kp!m>!PX zvD*5)v}H(J57%t)|If`Y01sEdR}4GS`g_XtlB2pD@373azRx*Xmd({=9SLQ(>$0gR zn}fdQa1T8O_@cRYPo}*ZvVU=)Y7^$k+Sbx&!w=|p45D0_ipj9uwC^yddz6hgAZcS& z6tn$dD^Nec$H_}(Vss1e|`>W=PSPe8{ro+?iOWUmgnJN&+EL; zBQKxtrhg3N^1=;Vb0JNxoi~>VAJ<)LZxGI6kK!X=CVuas1U4-BDZq8t1y8XBnFl`= zxGsFXxYfQ~F!cgrT`sHz{^yXEnoodVLxBG2ydTf9v8H(mxP2F~-CI)-Q?U7Y@{aXj zBF}tlg^CT?ybd-+y7eWmD638>W*PF4X?ZYDEI5|HM@p}veT)TqU^DJNOxaRa?kb3a zpVS(2^DOXcdhBbsx8H(o1s*IbN1M0)=f z0Dr=^9jAsOFAI~DeXJP!swIl42d?(UH^!Tf-6 z{EqSE^%vFJi|M}di?G4p&9Y+HgTgoY5owqcH+DhKWD}3@5o=qB{$m930ZFz1vpnQ;t{zv*A6$}?QOIkcFHXI{__(kS2UJ$9(85Yjj-XV z8yoD^SR(?@=XJ~>>2Pcr`59?*hv;zZ9`#O|9=lVggC@sHXk)@pwp`<}lX+Or;V#CD zxQp?G1ze)h26>H=j5l=?Yzrb>s!$Qrf%V zq3edy2eOc!A?YpLD|9+yMcq1{_6NVEuFnTeC`}-W5x5M&|bU&tdP$ zId^tovMKI%)Ak3QTxFxHi_Os~?lOV1H~5Veeg67zS?X2AW#X0MvT~F!7u`I|LVqpp zU^2{VPq(=>r@O4$QCzmwQH*w7WljHt_nDK;t*MpfsxQ0aYllLt8|ceqow6#`2Jun^ z9waY*((g|YpQOkB16)fC`rUEQ*Qr-%cZTfWZC5lr`3?W^0@xD2+rV$R-&WrB7~-5Z z!zUoqd>c7`bFcPo#N^wn5YKw35N%L@qRwS$o4?{k?C{;-nG0E}-HV%0egewR)$$;9 z0C)mxp0}?-dQqG{ijE)BFYbaLtT0Y@*e##<8yxcPBejk(ur{1Y+*+fABeocJ2=0x^ zUuxUY#~HH;nPTi_vs{G>#KuGbpHBx|eES6u&cT}&MdzsU=jJL12EB-l3Rk|BS) z-NL=PeFw0XgpCe9Eu>(fj@#?0N2;jo}1{$t~f1pyIo8bBoak6g`f2XQy zFsJ)NmC;SDr6{+=4|&mhdI9zqv0@(h6TDhyDE}GuJAun=`can`cy@2i6?|jzvB6JYqj|bQE%peHRt)_BV$I z`{i0y`|Uz@-7NTOh@<;yli;_>h^PCYmz@z0*VVu?)Ak~6B21mOZea|z4EvDfvGz7a zXK8d_d#UX6CdeM_Ak5W_mFI6}@l1-G!wFB7jWKMJ{I-^`!DmqjxgFXU|9A|Dj!(P@ zzunJv08XEZ|L8lS*35l}lq|iW<3IZLP!{Q1gWSCfpWo{t`+vzjJopR_qc4dE$;)k6 zH{mzgD0`qm9@czb>J9L-lQEK5y9nM5C-)S4u+Mt$H!IDW@s(T~DY_T|_>trp8rtLF zf%6KM`nIYYu-JlKx$?a|Zzx}E3uPi_UIu(6>tEm;)D8PeL>(_df2_R|=Sf68>O9#4 z9N}H_pWD}@e3_ForObx4o;ee;f4UjCXqngm8}&H+36OR0E$l|DEn$zE2fcS;&)G9? z3v64gpUtPf4BFM-rQs`yHec_y_JOx=1aBY5IJc&_X;)wjJJ}{|S~qzOLskHYrI~+UGO^nEa2N7^Lwy4d2cIZ%eNo; z`d#P{TcktpNWTmE7;CNc=2@7tkncjiybqN5`2l%1EAAlu@hqGx%cCEJ^e%yaGBzIf zZUOJWZ#wBq|F2qi+vm~mTZAXteBB#W9R;2A`$ija??9vQ&a*+=O>*zLoAV9z3+9>E zVQXN#Pgc~!7J{$PQ;+o_eJ=S$$V(F*_6s~~KEE^t{BRI`FRJR}{a+Fe58~cE(ta<%w<0d&R~5$TvZUZ0<>t7S>XXf4hoddJ%X99TtNIfT!;XC4b+0 zAubd9VSfZo8xDLf#(o$Dh?VJzfdXsSJ-!7a~1^(AIwL4Y} zdE!1F%R;wuFTqNM{<@KRxpozGEb*pvYK1kZyGo!l5PuMdL&j$?7NO4%SRVg?`*qa0 zz#I1#WIPY)2{`4R5_}xWBarpx!#@9Ic@9a&JH+o^EWsHf;BF9?fag`r_fEB6 z^W!6?34d?-VISH(6q^CX4mps#wH>m&)$R@&^As9J5wYNkcZ22Y1@M4Y+@OU{s_Umi5ySYzQ%Wu%QHr4K~ ze;W6W8vnfwax2%>G+XKy= zkV~hI%^Mb1$n}8MeVy70eur^jLv!r#*fW=kSzJ?tcFVMn2(q_k18_tg7|{6@u^DzB zd4+2(*ah9#593_pG)JW>TZ(=LWA1BePFQmf*M^i8^go~D)3JK3L1XbADJP&0?_I6k zO#9^t#w2E&-vLdL#x^XZa}GiLMy9V7dmvd-Z`BUY6SPIO9W&I<>W5*^Kvo|=BHR0} zZV#};+oS(HANJ^rsIS_*EC$;wNswdMx$54e$7OsB+SGTKuO6Eq&)iRv=bw~3pI@MD z{4(l1;BQc#qu+rn|MDdJ27KpnPbGL5^UiR2?gs9EO#PoBbpYlCtS^q>+ev$p_>}D$ zi@FD4rVfOjmN!UOZ0zvRxGM`9lv3c&UIWJ zzS%y{@X{C0eNf!*2mV^t5(@3^>G?oVUiN8#tOhe>-GQ_VfDA7MQLo`=rZz-MAQ^Z@tu zzK*XSK$noc>f!ht4ZfVh7fp>6LPsXp!e4t6<*hT*ve6Xd&@dK?gE!}S` zypz{uoE!HhTChidd=$^7X=!{mrMiTJc`kaQ${>8tQ>`Mg~gRkRG* z)nhsLNnI#uc2=L~IlCEW;mMbIxJwGWCUPw3eKYmTfD!gYv&ewGEq}KU^0GkTVf9q5 zIeE5T+aNC391h+;4PM;~J#l)7_6uEc+WVSZg6E*iqN9qV`@ifi!*4(Po8dPBPKgVS z!QYH|O2*<|o-hRK>T9VBB=13wOTLr)1btcDFJK<^JJUnbtH` zU+TW0{=d~fqJCOJeHqtF`Az75K4>P_oclL}uOOp{<)eL&r+9xr%>&S(;O`vDh+5b7 zFO&R>Z`c?mak&8hUI1RaLF3!f2G($O$~A0-*UKmNN#*^oTq~g;w@)}>zc^__@t!3o z{xWgTKpu1j&l^FnI3cI2YVeL29{DcsYs0t12gV}rTtz%*nC<^Zu?$VAV1zJ#OE=|r z{Ov+K-__4HK9{5#?}F+9`Z{Mu08(wHMRC-Z0tWDh{I77_+x%)`(dr?O5yv( zUZn9ZaO}eS7nY}ql#)jcAKrOi2KE7sNqBerS8~7K7=!Q383HjU9{dI1za9|x`7N~; z_h)qfr9Z!WuK(WdzXJbmk^0*45^SH4{9Rt?T`zpnZtf$&SM5?h={dWR=3-j3`O9vz zitF*4@moIPK3PATF>1395?<8Lyh8nlP&P-F#r_q_ZWt_!HhqANeFcpM*|U0Ds3~lk3^e1 z!Otn@c*;2B?hfinJoWFU*wdBF+WP(}o4(#VxYmw^?%t9=@$M}+lg~YG*g1wv+U^a8 zQ|@Ur7*fB(-szV1N~7qErNNH>_F1>(#N0=_y-~b_G*@K7?-SErg>CNyP8@7|-U;{^ znvFML&j`|ZUaPAB<5$JpoWZ%aMCw4`xW7%=sr_&9H=Xc(gf=8&eHE_z4=5V+?-`oIPzL&6*_ZtXKLP(s zh;ktrUL69hoKL%yZB_=r8Y#O0Vyb zYc3b!JE#ZJVS|f&^b7p*{(#E-Svb3b`V${x8)w~7v;n%^7b(QP7xcqs*_PBH>AxOq zDd;r)a9 zx-U)94fjt=dS32P^u64r=z6(B(fx9pq^q<+F89#aCf5*HJ7JB|LE5tadClzu~crc+)oRPHKD;diN8}{nRruolBH~75N z9Z_GH_wPHS;kPRT8-Qcr1$Eqz&2-`j@6PpjMso2RF(2ACaPV@(`DN^{0Jg{5Mc_yF zmi!5KZ;9F`C~y3I4#PtE=yAjbJcctrKZ5>6d=U56pdSt^eK{`>$C1{nkJH~qJ0N7Y zbkWyEJy;7JsPmir9d~a*-ck4p5p&VIhdxEl(K`P{e{&~(;H zk^itRTZs4Rs!U2I)(2hOH&b&-i{3}=nS(Odsxqk-%Djd$avh5Fsk)u}LiYaCct7ha zUkse}=zY4Lzd`y@*b-RJ_UPYZ?0E!f2XtCY*Z&F9cEDGZj^D%fn?Hp_2Z&OV|qb-lqdgmZ?4yEz)}-h$ujgTLdIu2>;r*Fal;8+=13 z<8SWyg@nZtSJ4J9d!>DV^L@~`OZwS^#_dJ)>8jti>yh_UD_`f!&1j2p5V9WIVm;Om z8l?wS8@C$?b>&^px^7JIXW35jXJM0l7WQhVZ|gE?!_lt5I?wQZ0N;SX-lX(P9jbuM zJ9r+NbLXF83uyk2@0DYJ#{ErSwO`+Ly>G%FvlZg~G3J0aI{S>br(m*U7@v-(_T#sd zdioes9kQEWi`N}lZ~pfv~q1om}tjv4NKb;%j&HJm%~JDSkX;02sR3B0Ax0fnCeE|`{3x0!i?UjQb|56CAjpYg54njbNJ zjM<~^4jLt|F}@@2RGH{&$M%`r(_lMY&b(>2cDxn4!&J_uf^#<4tO^Pxd)bE-qgwS zUW_w}-~08x+_&R84SpNo<5;{c!Y*M}GP{T{$Jb}%QOM!}(uDr;kX@M%9DqM7rxF)< z=914K>v<#V0nSp?UB$gr)(1b_6|(>KE$C;;DBoX0nH+p${e~y#hqOH$ANBfr(1h!0 z%0YZBM_IrgLEIke1nva++20zM@qs$c8+i(^#p?GNABA7xJ>W-3~-N*b#7ofo>8PdiQ76*84FMKhW<9PN?zu%9!nehvMt=q}K z`(NU{6VJaw-6sG8@16P%-YvXmsCtNz9n>qmd(2GeJBw>3`xMG(J=nY1G?gAK+31*w zHayT}?SRime)1y@1ATW%xq_{#+x0v#4l<|OdI$1r&JfEk&!JQYde|n~pXRL~zPWi0q zIgj)hV^SkH4~F-LV$+AtEt)RGXW?6|{Zd_k*TH)12W@owo2UzWY7{)F8lJvYD2Lxe z>l7@9GQdqrCvmRyeNPtgg*-#%?MuOLrV-~o5wijQ$13>zW70O7s^IVL^4$bEM;i74 z4by}@x<98BGKX_+h1iej?4~~C?;D_vd<*I3O=pO-k6z}^&`FNlw&doJ?1U+5t0K_frSjCLZ1peHSgy9-y| zhu_i@#>@U9jFtKqeoJ#d;z|(jr{MQ*fbT-umc&gY_waKYpu?j@jFs-5>M19FyBBjz z^l?ys2O5l8Sto$sut9mO54fk$gnlZyh8orn_A1zJ(C|=FnrNXh-=+v?|qv9h~dpuw7R$evNw2#Bgd!W zjC;;Ao%0Q1eegT+z2o`KyB$OJua{xo3I~l@%Q^oh*um+LEyIWNKt7B`+rg=T0W!32 zA^7b-Z3nZ@qQD>biD`Rhn6DkW^bqlk=Yc63A;(zDf}S|1DECBM_3ui1fPP*F;TmBZ zE*WW81dZTSZI8eXvFQh=&l2`+;@!CF-ZjkOR)q0?F;U9(5yoF_{y*}rjydMq@r3CX zzXvc$AC8?xd^0ATwvjcC=bchqRha)wM`|Va?YVy)U5B$w*k@q;b)+~{DRq(Y^)#MM z@->M<;9PJoJ!pJQ?v>EiU|G3mF`qur|7M{54DMM&54!5Ig!9QZLEo3xtj4*CpL^iv zfsR{0z7oUAtH=1t#9J$)U;8Kb5&_=II85D`Zf3mq2I_hz<8F-lERpFCK>n?^H<0Iv zX10{p$3zb57Dh90KVSyxZ}`1?DP#ia0i@^oV~`&Y#+e!S{fSd0h{eJlF=8l0z%qHi zY<~x3i~cU`g<|gMe+zab?7rRC;k}DxP~U;Q&UA~vIf`=zLF212U3Z7ByH(e1ROgd- z9YfvS@?MT6*bk5)^tS~vW)c?4eH1c}v~1A89Vdw+bo8IF}Ut%D+@b zb3tFb)EzxO%UypAxb4R|8QS*X6U2VafxKCiUlsrL^|*~sTU4$y87qVFtxA+J*n&-Q z*+4k~8o5ypcq^M!uF8Gybt)YHC~-o?n5 zK780G%)gfYF648M0Cku4;2mqmE7|Rr8whWLj>;h{z(;0+j=D<0zenDK=F3uhIe+R} z{ZG+R@wNz~+7q$|pi5y#*^)-X*FLu&l)5GrHZACeF_(qxos5ZoNaMCHWba7B*mGvI zGFIDO;J5wR%#&*jd2ioyTuyb{d1mq!N^qca05S@8EX? zKDH*i{eScJF7Q=WSKj}Aasr%4z-Xfl804e`O9UadXisuNE-g3*12a)WgBLVRpf#m- zVvF;JdQQ%X1eGEegVCwPXPFAuo( zB|jdMmOjf%Z*lJAet-E_l2NOZkA66qe)DTy`moZb@RYK91S5Cc60Ph36?*5f!fxM^ z+iB;`Hk@^v`8UDq^RBQnakg;V_7_|b4cC~n&jT)PZe-pummWnY_@ce*gt}gs#u}t? z<{rR+?x71BWH)r2b8gf+Ij4E1%H><6px4?NT^-iPA z4K@un_`!zboacY^YQnZ6?@A|8)&+hmkNWA&gGyIl`rrtc#`iDu@^fzCxat@|`T5e_ zDP6Gb{j#t#c`dph>#Nqy`}Gf{;}8vi*84RdsdEf>B(UdFY0v$p(TeLlS}`e&R(LwN zt;_$2KAucxy29+b5jo*wb!6ysvbhy#} zx#@H!?37zyzZw^>4C#It+oY%aNfx;@KUtu1cxNp_pp)EJyhkIJpD$G8uDhMi-g!w+)4CE?<2!!hXazqHbZe3uRLYJnMFLuL^$HLA9PmoS$)KAenC9XRerVkFOPQEbXFSmVK zt4pgl^$gO|hwgUkoz|aDOH=Dt*qJt4Ym?xUer_mwhMAl?%f>yYldWDE+KaD%oX8oR zSz+%880E&==SmNVUIw0qJ=#iaNo_kB%ahlZfd#Md-~KS8g!YkjYD!6w)(eeeY%q|2k8!_o=5^r>h- zd=KkWp6U+8p&1RwpQ7F@XqjEp31gq+_^&yO{|R9^`c_?`KEjQ=UUZIzpJ^C*ptM^s z+;mgtcT?+z)|E~3)CR&V-J`D;#d(+i5a`SRaszAM@t53n;rK4%SmQT|2JLazfy^e( z^q)QDo(#b?tUGQ*7m0t@E2owBt-<*jDyPFMr`0P5-tG9xZYKlVk($}S-Cs)n5bc() zJo(HkB~EEnR?Eu!o4r0gp)9u)n z2$yN=_gA6o>`o@5Q_Z={zia&bv!k`n?&YP(Lf2?7!gtq{)$G%5cOIYC%lMpwFTeX} zOC_>CurAq?(Oz1RQCafq{vqfuYUKOK_4j^kj|+p1QFI7f-1Z(@=C=1()NSv^`NZ8j z*iI)i?qs+$Wt};~`;AS;d#o;=g;x*+~0C-S99r=#%bC8TyD$Oot%ZiF7f-ak4`*n_shWz z?JsvB&w?k;lrH-{A=bq?X>6kEbk7v>YfGauS^5^{#EG=i`nX%7mwx;qR2C{QnWgkk z_|)?KM3c@1mF_-%EMNYKgvB%80v6qo0H@yd*Vdv;% zd^1FwmhQ}GihkSKEu0iC${${e9(Jx`uN^!U-gf4P1b@@%ZhOKk?qn3rMp+EiS%Dy}7Or1u% zaz&Ti@ZtYRSdsW8%^A+pueEfsp+CPm+2h$iUBAKF=BzWdD&Jcl!>XI~H@W=Tr%}pG zr>P#F*0YfMxW|LJMftJiz3iJM7Q6KL`q}Qh`n0MQ+KxZ2CRgVDlC|MW+N}xx*%P0LR=fOIR_2q+okTa)fXgPKe z`=z%@@fDJrckF~GKOwUu@AdRkcdKpU^W#~exzbC;mSW%Zlw@Z7xS#`|pGN&TMMqVf z;tNhG_k{hG_*|7;(ip03&Ej9pzI1>!;C%ECPhrc*+@k!v$o{#HT6>KHqpbf%*|y8x zJ$5I4QQ+M@pD1sr4eHa$?MPU;?~nVJ*y{EVo6Wzr9S8Dk{gM4w+xGl7+YwM-8fP z8pYeKh|w2kYF>Ih6@A!JydA2wFleD&@NMt_hp?T7ukJr!=k_|uVEycKuH6-nh2V3q zmk)7t1z&uDvaF6`J379KUdl??vKG)bQ(lQLB6K|3kK~yx+FM~je&__YGyOjewiUtqti2bx&y@CLrVKhQz)-L z5h@wT4c!1e>_M-F4LxJlw3IpJ$(xPs;5Bncyi_yqqDf7xqqFX8!AI2^V+ixr-C8-B zIfh=&*IajN;8JX}4kBk}lP`W68{Sl2IJe6sv@v8BPnXUdizfR8jcz;VB9XoAn)bR^g( z*!+vdSMoP$j{YS(X{DJ~`RDfm{=2ejyU$6ae4T+Sb7p}9?Tt?I#s>3Xy3I8(86sL) z1uw<>nLKlDtT)Rd=*gucPq&FZS$>={fE+s0g+=nj`8M)T>ZovjrZO!ZVom1z-@W&o z_OZ@?QZ};7nF;R<+^I6*izmZ;%Dt*XbVqZXvDpF+GPe_(BxmvL;i>SIqT#%sA~PrA zE}xS)p6ndps>nODrF z4SAwVgbzVxZnAOA8CParIfL-Cy!6st(ub87yYy&Er5ip_5OzMh3>-V4Hk~40T0M?v zpxf?M@J!pz`pa#fJlmC-SKTxygRZ&St#|TsrdX6}DOV|j|qe3mOSuiQ4+ z-qoAD_Ob>H^lE&z_hjTkxACi;F+KFw!8R8k*S1Qg73~Z=V?GIiJJLyd-|u#mu_m#9 zCY%Ic+tOs|VbG@>!Y9Sn?$w@JnX6a4Zwd2Ua`Yw8@)Xafdk{Q1`Uf{dN4K~nq+2ckGwry?jBQ>YH!F9e$<|$^@ugdTd$=rUA1sf ze=0e6)f|;enAU5_uP*^po~w59-XmF*=PjPBc@uHasa4Rr=|dq>|wPtVrET>1%8>!dv;xDc0%8ECE-b|sdini&6=I4 zHQ`CiEAUg$3!ghyXZ=D=T@|8FSI*ZSwY%OPW6t0A33Avcc79uaL^|OgFpkHDNWOs= zs{|(B43(Rlc4Rlg8@+Z0fP)h%p-$Qx3%oE1JydqAS0CK9 z)2;ugZ!j$}zTM}?}2lqUX?1!&1o^Pg)mEIlmM5o^MXDzX7 z?hc1DC&B9GlJWRcWItPekVSVQnKLI7HcQ{4OVL7P`E}SF0Z;i3uy;?Khn{p8?J&d2 zSsSsHb24jx%iZ6Wr%JpDzh9~R`j&6yU^nYI{GW@b$x(WGX}1JTa-d`!vNQ4rxc-#< zMxk@bNB@O=9sAcbieDVvmt-3o-WozzXgJ$aZ_oMo>yclh-^dF_8s;|37N;bJKR#qn z?PEn-uE||~9kg;0yfOPd;zL6CqL2946Dr|6;;83>@jUvy1RvhoBgeL)v)RrwKYkAk z`|_?`5PbA4aPw{~M z6%qJy>}>@Tbh>tbS#96ZWBtMvvIa(l13b~!^xtgfEx0c`E#VpGS6Sn*7q)wDz2~ID zz3(fuKD+O;muo-Qo(IOp-3|NMhB*C~4EQAVd3%=u)`)imGuqLMY#9Vb(+T^;UF(m_ zc3ErNyLIn#E^5E|a@{`DR(IghL|xx6TI$~8Y)pSF+uAx31;j8ujUnV5+`5w8ufZ1%I|qm8(A5I^A;JclfPEi6-?U z_SUt{D!XeZ{ZU_BIIfRQ0ABdX3Oj)r3df(sMc@}}O<_%HOyx_A=_?x!#RffL3B|SCayGo`APKR8j0%`%?tGzv%J8DYtMMG@<^v!(HF4ck!iz)pZJNF z{K*^zU&GFbtF3(@^GanZ9{qu%`iYw+9#Y{R4yVTzi1#@)4t+o>uM_#l^MI@KB5k>e zwmkLMw6T@;t8JbvE&1Nn+4KKI`!n3WXIFXc*O^$^ z6h2_vPutR9{Ab&z@o?KX{F6W3#^JC1={64E_9xot^V+yJa^JXS*_MI7-wd|8;}>>@ zFB6?i!;wkAu~_2@PKxi&aq|zKr#7m7!JM&!U$-#eU3>wf@Qd<(QQ*PhKn7a`i2 z(q&Sw{Jywrd@FjcZfk#UeO-}nN$a%YU}z8XY7_joJ!k%@m1SI6^xV<3W43Kq+rUn> z4Zk@Z%2W4q&OmO0POtwQZMXXH!x3nIux+2Ut&mQn7GG5OOBzqVSqlTTseY$)gl@n8 zYl!Ni4(>e)wFespeuZC-G1bX`o(GNB-e*wjgWATtbahmmfN?8qdhXfnws~O=4c6YiLn+sBh!}%bTF1(tXmwozTxc%u9#!eg!5=`xTZ?-+sn|x*hTJ>+H?LM zW67sgZdNP_Kfs!X4}yj5ttLzUfx35^k==XD+3oXnZsn{uNjFkH(7kliWIv}l$lS}d z_Pp!hUF(MycYYT7K;6vCp`s7GXYmew&ic9RdaKrv^SYY*`gM4MB-xzx8HNWwbv zmTV`(&gd=79e3RujC;?EyEhbIJ?+aV2OfD|ow}1g=+#}Lx-~a!{o2z@(}x9nsO#Bp zH3j?3Q0l1k;_#tP82U0do_X14dAPudyeG#8iATS8&nS(RU_$*9)DLju2^S|5x?ji6 zWBlb1&^``3o?&01ZUcTozCHx>^Ua>SC zV&P$_=nV6*w3qiPC$F^C-X+&j@|frb8O~+G;=qbLs?5=_dU*C zZSc=)k}oUV)}yq_`?b|4@{o46*9T<9!!uHR7<{i!{#F~%L#E3Bak=D%~AwFTHZ#S*73UpQSOwuf!$6`;g)7{Y|%5xxTKK73l6B!kGgmT3lLk5N}2JV zjKyAEXOR|ridnNyiEr}ak@xRh2|UX+Zur@`TKTQ7u(m{j(h$Fd_zEw+BrSfT7k@SJ zL%n$2ad=oXBG{JrlH$Mm%)cclf}2&e+9k4ZKjxKCS#o;8YX(lyRQtsn{Yog?M%Y*7MM!uoN|bBJX+`6 zR+W)gyPdO%h-p!Jg2l1y?qDG-KAiLRgmKr#kj^tqj`SAXQ=xn7YNp(7;gycpj|F@1_hEUA?*X51 z%Fg;m;IWXl4b@(DNkPU`!2*83-qb2=Yvs*h0dzl)C;0RGd7Rhwl@zck2_z@B#>@qWhiWcV{i#5sgJ(4o9Ji-7+x z&~McHI3F>wIa*uF9R-}TI8@4=AeGIX!%WWiFK55ch{O9{9EA7nS6IAm)mr>t7kRu#K6;aYhgUgTrv?AN zjb|3%=W5#^-{J&4z6CuI`u4ax50IAvt>sLpEaa&3;XO8>KXTV;_C+(8Hy><^Z+F)& z@Oe~cPe!DcG=y(ptW$Rsj%EzB4#x?<`?j4Kkx)1Dpbwtjaq>b1CYQ4zxgqL|b?j}H z-q`ZY3t5LR`;X?9U;Lywwh?^<=N91Cc8RCf{;1cdY;+~;5hR~OhcZ?^D$rFwme!`x zv?=bj=`5E|`5t>S84%rJWCBqjaY; znff!a#gcE6>pVDdhh^d|cb+XhKp(p4cb?a8v!lxFcV!qS)7AYfTcYuVpBW=L26#3~ zK8c_27%K~QQ0IKBzw&cdC!0Tf!beY7xd(o!&YK5=vdnv16c>3NTc-}s_MW>4T3hH} zFY~J+BX{8<$3$b!@@WSy!xW5PvfUC(DSXJ^7S9a+Yu&iRUR+KWZRelO-}3LI zWiQ{cduq(XyF46>BfmDQpUk~BbgGT;3!jvkUZZjeqyNdFWhP*K5Nn>LQy0fkAK(EPEzUpM$^t1P#iVSkVu%r`!r6Xz25 zu9wGae|(cy-&m!i%rB?P^y=$iez8Xm1McKJCEbGhXytQgi+CW?!DGGGNgrpZAEL?F z?muD6ecCv|wv7L>vN-ZS?JS`@`KnNP-}K<6cIU>II)V88PGS6MX9D-}T^ir(Osd^r zF0Fl*|2}hR*o+w?daJy_g28i2DkEik5O&U7rm}#e3ibTJHn&2)P0OIIga%;p?-wT zmzSmGi=3Qqq`gnZZS%32r{p`7mT$TTtCM_N#C?vto^Cg+XaBZKb7kq9PNDXjmTq$@ zmmUy*8(+emqT0Kzse9gB8X11%(dfiuy07kU;Ze)bCu;rTth_1aU3c2)yh5RDba?+N z@2)Jf3%cKyYzb}>oLX*n`QPLUd{W3xfPEv4>BxKZboY%C^=h+tOLQ>kPE6j89*6s! z9L^pNY*BtYhtY3AYgohLSEuAu%}w^>@_|c^?pzjpER6%N(cNX+vtHel+snTXnt&fA z-RW4J{M}ZMcHA|{PnfvJPe|vnn6j-LY4P3aJCaX_ovdf1W3cnw(@W59*|9m$CC{Jl z2X9(k556zqg|3#~#Fo*@8rVZSccNe04{Zv-cU4+`X_NS1_7cXj4ut(_fqD1>^|B1TKc}V^ZI6NeU0*8 zr#oIfn+1DUPkbq5r|NoOqCGpI{RGt&dmf*rPgBo2ukQ2VN0*Ijj`b407x@ksxP|Fk8@*%>1|~kC&&+eC%90Z z{K8F=>r(#i;f*5L$YpPSnzh*n-i|dnoA;Uw-eo(N+tmO~=j;gYdECe0=RJ@2e0&TC zc+bb*u*N+I?o6QHQ`J{XQ#Zf|w&A}Mm`FdM@pI>*LGL_ui*Sqih(2|=vGeJF!uGd~ zb-13rbMY#}i!dS03EprQP7Az5l}8p7Czl71-1$t>^>xF@DKU zDpO^vOqH#28P9~uh8NU+bsl4@z1*B0udb~NaUy{}4Y}{&|J$-QP{tOoy!5iX`RJ}m zK2w{LQS91t%DQ9ML(N<8E;^ob($J~6kF)QdT=PeHILDb}J0?GZh98a)fpj z*0u#MJ)M1njoUyR_j{~>4y49N8k0gd{nqg(kI7$?cLRC0c==BqgVdTX zIxM)NH`ye3amEc^J~7XO6>Aau>Mq>$J|peDgt-9ToVU$|k>BpE3;vdWad|HGC&o3m zKLGuv9?G6ozrkdC;w z8yO|>MhaIo|Dg@oEDlG03_UD(RVNn@`6K*eJytrwz|suTl4k;QQT!!&nw~jb9@6&# zvpi_6d@~iY=38IUF5Nk^5(t*0)}3!SF9o{wVPsVP|Ne;E=+Xurs8U^z`L_ zwF+O{HV%V7{Z{%pw}a}}y+&6%&$1_3mnRdeb&;rdX=FqW=ni@@9 z`$VkE`N4W0HiVy*JxTh#$S-THufon{HP6_(gF)3P|9Q0yXW}E#_n0@|`Y1Cl7^mQ% z`r&(KLAMvGuUfCzo4c{2!oHi1s006juQ<*O$*z>VvMI5;7x^`!yrG)&*Z@AFKGO&5 zJ1tcY<&IF97LG3MFe}C&cQR*e8?8N#FQo(N-BAEMT>3U$^o{&8L(niczjIxPwujc4 zSsvX1K1WADn=)3+XH6y@_`+SDL%%@!O5Vl$6=G)<7wla9`?2{`*828)Ik2LSt@w9u$$Cki*WrnKIWssJBw%WKE|Ixg(!enwM zeHi*SO6^s7=q2)0W^J4Fc}J|Skn)ys^N7@yfw>(;#1vIspOV^JyiFsCCft_%oQG~R(7J=h0=ujn2N;dy6;wma6o zEo=^M08cW4)CF#!+jKJJCxj=meDVWuMrW*~b7x#K6xOrieCIQoFPcZdX%IKIJNrqO z%ii5pKr>eSv582(;d%e za}B!V3B(ib`;ljN62SM{bKuj9;0gX9EUpA%9W}!30B4Bo-F&vq?bf$;_KM-)D1IWo zTnTO{9(Vw^pVNk%R2=WQ(TV;Vi_b;o>(L_Lk7(yR-N2+ai~Aq_(5~;t+{oyn>gMHDCSE&?^jXs6j^7jx8kROb^C5d(mpj!JP?V^T8Ow2Hd;I!U&%Y)&|ccPg?t+L+m*v?7D{y)O^93 zxg*)B9zNn`c#bVzn0r1wW;UO4en9?qnD2>~JzCej-GK&Lyfq6%V<|U7d==#YlZ=D$ zOp~KKKk;|?PRN)crIp;VQoy`kZ)TO&v!@X^XP0*K?=wz$ue-O7Tm`K=W@UBC$PGoo z`EFza+N(JkHXkmJpKo$j&2#Y_T9+dn=6RNUgre`3Zv@c|*4mG+5N*;q0MReW%}pKH zRWJ{sR})CnYUj%M=gD{U8POBb72slNnM+eXZnSjjd~*(RWgB#*Lv#f^&hdCQ?%;O5 z>D6gGec({&%5^Dv;?l)WW-e_(cD~;7fa&$lK7GB14-M99-Vi;b%`aP;w$8lZ)d#P6 z_$K<1Y41a)-+b#_`;f@Z@Wbx+>~9-u2OFTh((O3(FIRQC?K<26o<(Y-*qv;mHT>*HwlQ&Wm=E*Y3mcov%Jqw~0Zk)9Gm}`f80^*T*v? zLj$|)*fqLaH*v&klVF~!u^@k3_A=1&OFSB@y#;%AoqQ`&FxR_qMfHInbHS6sJLfrt zE{?o^Q*ewET1A-3T(#DjAl&F2;}m~?n=^IQfD>Fj&$$)6FLBpBGmEfN@G7s?_|A{T zH$#U^kh;dv*HY@5R90`!tZ(>oW!RkA;q6)F$=@Dj%mU}N*4Bs3@d$I%wh3Lnd@8ce zCHH&t<;7H6rNi;&&D0QZ^=Q7ey$_rB>>jvFzx%C!r^@Z-;Z$Dnex$jZxqcqB-u7?x zI{IhneSf2OCLnT3`gx=uuk=9&zWIEom~TC;Jqr1)9c~wMgnu^nxdo|tPzLR)ho(Vy zPS7*PJioPoc`VqYBUD^myg0NDI23EF!{*qU6TEOMwqwW#k_E(jc)WTZym}3EX=-(H z0ebL1=uA_-cwm=zJ-CPPE4;J;&OmWqX+ag~ZYq;Z(6;ZaV2|ebHy+`<4}K!gqfX|n z*1k5?zt7#%Wu6iru(~09g^t~3YJyQyAKStH5_>M8KHA>`FEPgay`3AR2QRTVX6;VC z)>6^yp4;JkhUB5SoP(H9o&4G}ZX1tZfS;{K!X^#2`_QG;$%d6KkN*3$Hr+be5y}@& z1N2uu8GkRnxj1Zap#jefoHlRUiTs9bDDbEyzC*S(vQgwcI;}6q+H~=L^U_% zyl!UUpF#c(gF4?5`+`*RwrgC3{{Lmg0 z&k3$)$L#$P8GY^NSv{}#3CoWXmm9mIS@!hV6IY_w+lG%N?zjV1(7lY!ORqgK2Lq)) zbux8U2H1aC7YI-49PRk)0?_8sPF`J~eU7f{Yt#36b$yrVnGYTo^85_=>Z~qxKD+vu zGphZk&bj!)oYghjL010#R=pF({-$K>-*51~^Z7=${{6k)_ZYsFewp`uKHtdJzrV%% zK8J7St7joK1J7+WfbLhj_ zN=KTZwDoNCzyn@B^$kAy!w=>A75uFNPn!h8y5jI8!Oz3H8wEeo8o^L&UfBF@L*1_4 zk%FCI5e;xYcUOEQb=fsf-`@wue4kZoeo;<4DuJQm&jzjmV0k9*pAk)Lc|hZ0nr{oi zKXkkDv~=Yy7u-qs$FJOWEoXtKBhodFv|ab9T$PpL%azAX`^m3V9x}4CVwH1daFvt! z)$X5_ullKz)3SB>ZnZ^qtKODdR@AKeu3&K(?J~!?$*2CZzNh5ACi+~M*5|ol^X?Y% zPauDxha(qwIP-ZAhbDM9HL)%*cLF#DT>^KGIYla;HcwJt=}R$X1hFqo*(ahB zX^^)LD$eCk*O>*}(Xc;sy_N0#R!&7`Chbtl>Tvgr-+$ASU+MFEvx&>F{Y2*Ddm8PP z9Ggvlohs;C+&M|s->mUb{i}94wr;nd2kn|jz7u1_Uil#lL)J7Gh6nbr2cWW>ygF|5 z`U)L6@C<3?7cP}nHj=}voq>h_feqvpe#j^0`#iH(CC%T1BNJlRA8xLDYiPOMUm%U( zT?Nf%d=&3r9RqG_!NH`dv2yqJfjH|6yvpHBcYR549|JhE&t$O9JU6W`dAK}~JXBtp zJT$F0d8ne&^-sY5TW)77Ysh!N?;d;uwVF)!FtSV0>9CKHuQjCP55vDL8;Vi`zF&M* zPU)3bEhzc*Rb{2U)E|(&41SFEn99&Kx7UX9(AU*F5zUS2iWA ze%aTG??5(LNm!=U(P0x5gci6w;MbQcp7nnkJm!Q}+ArS)(2xnDT|6hj%S_-I4EEYR zjf^h%gXIPIh6Q$nmsKa{kAfd{=iWNg&3gl|I9xJ(_}B5}6<~d4O~A&aG$U7c5ZN}; zHrgp0zW87pKlnuX;?EDyrhP+G?RDGvwF7QD|NdUJPj_!q?-)1i{UX%~9T+0q^ujv4 zus~YaQFwg$#;(yAR&GzuLLZXRIxWDxy}(2K;+Oz>nSuT6ce?xi=Ad+#Il@)&b7QCy zdthKJ{KPKU;%Ipv-@VqR;A6`h-OJv}X7=>JxrS@*G!^yuk?j*sf}e5l^UB(nOTRP6 zU-IkPgQcI|UR%0*-;3}|8-W}H`8el~Kp(+GZXm-^Q+K zrgLQ!KSbM1Ki}Zh(XH)cT)cw6%5izca~l!;KcMd8wjT7up`G|e625K%U&qK6@ZiOE zT){ozV!YqBKQ5bR+CIk0p29hBu;q78HoIfG(B8ROovhz!^L7k(abwf)TySlKs|&t< zThI*AosZ~{jO-+^NjKwp=J3zuuYES*q4wPa{0pm-V>$l~9YXFCKd$x!+lF_6$I{Q! z*6SPLxkX>)^Id1?Cb>MgcXs<_+7Y|>es!zpE18H4^HXUtm} zG&!bZkGt<+`)e|ce4dGxk;cNRYd$hmm1Kx{jgiq0=61R5R{1GDBn@7PUwC;{eo3mI zq;>6_PKNFMURu_Yc_Tu=LHHqBj_i`63u}09C^_>Kn(!q{6Mk;TADlTs6TlnwBW(8X zv2nZ7Xu>m$CwO0-{QFmwhVg7wUt>d_=6zn48@BHp)pvp>*mV1D@xol1;D)`cwU)K1 zM!w0Q2{o-{&;x8ALbv9a&^7qZgDzk{n$ejb@WR>txqKODgZ-#+mQkp|y=(o5zy=$?q=bFv@qyq|G=8r-7% zwDS7o`(y{}UF6L#iar;H`jW}G51KAJg{PeS{5I3p`W5yMe8^L0d@eV7d0=ww@Sl~- z9yq$l*F0y@(DEvL9$}Y=AIRF`IhPMhL>FC2IJEi3YjUT7Gp*Ri&8f~PpL4kx8M~uW zYk4>HJ7rT`Jk78tKsYpYBlzDo&2Yzqn{Gjw$<$qcio1(AYtyYZLPz4z7y}IyU%6N| z8#a8qxv`aV->N^hYwl!sykEOS`$^(oMQgNPh0Sm0kgqJ2FIt}=J9YV6aBa%rHzH;( z>Cms%`?No$@)P=2J&cvLYeF~i@HA*x%6E;{ZTWOonARux36A2UPB7OWx_`oM3|ZUS zjD_ABj$Qt>Z`$@*{JH94$pyQ)^MM?Z7*tf7QvW57~Kc z!%};8*Ib`OFH^OrqC1r%Z+)@3bsT!RW1*D45PLtZ_-Np&b1TN`5ykIu<|+i7pgpqd z=noD{CiKm^J`}tA542xS9@=X9$Roc@ITP0ypUtz)ypW=^6QQ@FA>f~Au5^@oDm}cQ znZUgC*P6hkpuDpJx}>n+eDtBFa^Xe6;G%=k$>)+eFy4BKY@pPhZIq02r|7&LO zr$)Z>GvzCfH7XPP0_*=xHrvuc0k5f5acKK_$%O64T68e$Xxln;G>oZaPw^LF^MBr? z9e(u%xE4!>gC1SSm{bbB(CM7*^UYnd!Lef#N9V-2(H8az{?9V{>!&YT7qWOt_B?~9 zm^~FiQh2%3Dr;7XX$S-&%Dx|$g++Z z6?((gGa7zl7~kiKN8yapQt!e;NSJ=MT`oiUlX6kJ&A_*)wCiks@4PbzP70_er151+(S`wbsNr~NXQJs9h^ zi!sW^&z4{I{G!o}&kNGUwsgz?($H^zb?cdlm_g5UuZu_ES9ZOzaPoU?k!*R)KS1-@*l6+1l}ixF29O?UUU!vK{h7 z|FSsv)ShY2F^a#C9vYpL$)~+JE*?2+dAE1vz+1h$^eyJxdNYhU#lDH?7WX<%`}f>C z)$bL|v2}@ul|BeADxUU9uiJ}GVsko8JC&YAJbI>ltS_&MuG#cOp?8=U+GAlXlD!_i z=vCab%0a(f;PUj8FX0{R&xU%@&s;d@UpRKT>tDE{9vx~NAGhEf?b{f?HS~^b;gDAg zrN^URP3&#vOj!mkVGO(0TbfY`E(teG3OCq8o>>yW4+Qs7v2M)jC;;Y0ej#KF2z?J= zuY^rnJN48)FtkPVHL{_+DfqT{t|PCpMlPvrWlnL ziVVO#Xxwwdy}>TOkk|%1p+)b=)~QqQ*wJe0rB4CYVc@V>cg(^EC>D8n@ zLQ}4@c;wmX{S|Aeg{j&p{}?-Z%mV0Gw$`!WhU~AZ?bLr#z7yYQ``4Cz1LNmYIAJdh!lL$K$sTS$ zU)(SVi|iW(AJ@L*%JG6l*!<_*bU6H}`KL7L^C~r`BHwW5kLD$7GJX<9o7&++TUIuX zHtgMJR^68TKylvuJo)ZJ)^VNvcJrNU>Y*(wvd%U7UeS?jpW3^|SMl4}g)UjaJ9t|b z0&kh4lUz6^?~a_;_bBt!=uFUxEb{TLd^g(in44=3YM#8T^qT+Bi>sAJb|>xBNBMuS z_1b*7HZN@{w)NrL(W_^?Tdo_gHYwhV%VPaKGZhcNnH?E($j;GJTbekpp*_-6yJ*AD z^{)J>y4V}pnJR;^3Ani2x7mYTx1E2`0DO+_4?;h{wFNuE%HZIKnoiBw!Zcr**gRdrXm8ApbnG z)+w#iNt)gH4Lp6L@wb5g!iLvc(%KY1O`qD-7W(8<-=NtGLiMK1?c2b%I}6O2A;zCI zGpAwAKRr@c!r3MhKVNs=5O%irL}$;QD`AmQuiwXA!uO56)|8D2;5+Ub_Nd^yBj@?< zixoXrGq&3-AUrR&ZSQ@t##d|9m)P1pyF=TCHCei`rusf?O==jgv$U4d-oqtDyWWAe z`%8*UG5WP^eDL;DrV(yQ$ENj7_W^$I05q@fSZ-|15$zx4h-PD7v0w4JPf30&wAQ+M z)&8i~RlaYD#QLbO|0Zm2pp*Rz-TB==51at9Z>{j~!Scr70DMjVLh)}r=V_md=N#!i zdCqp}X#WhCuJl`9y)Moss?-r$5p})nUtv>H*UNsEW4QnL_^;@5aoD_>^7(7+Az5>T`{+sj z?i}^orF$d(4gV4gp>@aYcN=pA`%2f=@NX1;iml=7p0qGeZkc_8CJRQAdx9HAJgIhb zhMcoR#;J!&DIfLwZ5qxK+4V?kTd!>wYv!z7z-*M#2%bC%8?j5UMhh} z^LEy~q>*1drE&EsZW>RYGV2iWH=QQ_EY<+_fo56yPumU!+oJ6MW`7%aY;$3geOq;M z#!TV{VbhS^1AM6WvYDbaVe>}H4@jTRM6jNj9XlCQ#!9e`bR&1+|4R1Ok)inJ>J>kB z>>^|q?NP|bYsw!5ydHeP)5!#JX9z~>W7s@@#UM?49seK68sYKwJ;)#6EVM)QJm%WX zWvpcVf=6*a7C)vnS9kz8?2e_ zV>R;Zo$=(%-9;J)*}lMAXI3I-Dvi6gI0MKKWww2LWKZ|ey_P>hcCh$jd8F)rh3BRX zyPr{;Eq|bPORr6vE9!OEYRwZB#>LrCUiMbTcV6h$Lt882@E`15%jQD*B5*DNIV9g7%F+UHfR8)mvBe zsh!o&gp%1$S>8)+60g%MpJp?k5e#gb2E(?9HgxR@?I&NAaMR*zL-w=a?A+?)^bz35 zW_R6tZKKl0vpDyFuaEWy;GK5f;Y1v^@hcX%acS!cx~rk(!MN||;1qmy@)g!J&anBO zVO`5{_Z^cDcyu(C_Sat8OCGE>z+NhWIm9(_>?vN99(dN}gD_ht5e(UAA zh%t`Srtx)qZ5w-ezeMF&o3MJ{PPI?v5pKMCJMDf%0c*~pUoNJc#n6=-ppnuYU&%8+ zXp*<_Jdfvgp03@RW97!r@m+*rQHl?0Oa^F4|GSi*7$n<5)6!jmiK zoAde0_ueqVi?uIx*Kp&kK`*JbLuHXCo4Bv=?(oz)?BjU_Pw_QX#2db^;#+IQmx1Be zc}{1Hf5vkLbfSjmm7zYH{xaVGhJTpySK;GJ3gA&1k38zdokQ7qUfFNZ*BL6yOaE)u`A@ud{D$`f zq_z5AwL|H^``;42mAb&Y{znG!t{-2cHf-fx@EX(wF7|Ko!j@4^u2*MoMK5v|a087Qn<2!i;>5!pMq^lwwJjwAY!hY?Q$9J;mJA2I^ z2m=q2V@Sguq!0W^3a&%E@FBdP!8>@CILf==4gMuQ%;(Y zHs3Q|82ukm|5cX8Soo}Yzmuo%5xgGQ%9AlV+MzfPK70?XWh{;>9q-FY!}uIs&Ue~) z4J;weKNI#FU`Rg)H2&V04b0|GsWGEnl-K`~3$y-5{`462KMYUTr}b*beB@tO z*Pp@sDU5JFB=S14KDrY0N%O5v3RqEhhVHzk{G02R+IjN~^#Qy7`NZ)&f*lPoMHl3L z_s?utYBIgG9k}+Z|C$%S4kc|lMZEt;Y0 z4qB7MMni4+^d`zp;fClyEASPaP=CRp<2RFz{(d?mEgj#-uO7sqU6_v$D3 zsk^Gw&rb!bG~7Bq2AYxM!AgA+{-^rtFph;!GERhz^k}E}odEOq9gU$k*ZM?9r&S_1 zbc@ga&05d*d|~Rowh;0`}Ni_r1Mfd_tC#b@fyHhBJb^`k1q-xb^COs3qFOnlI#*Jg(BG*}-v z$!Ec7^rDi@7S}h#{ld+#8L@{p$W{zEz=!uG-z#pw2XVuwoQ7m2Ms`Pn$Ph!T6UldD zZ-104*i>{U6Y#Sir_#Yc#W)OKuawfho{JQI-I$1tX@wPsjMmp5~out8L ztGtS~+C2bd%D~C#B->^mBAv<@C0?Ad!VB$rNk1t5Kk}f98^Q<`otuj@1B+EP+$v^t2%CAm*`ozg)ztEqehZ>s_!`iXo z`RO})z{_{py9C#*?zmSx4)Yq`#`Y^&wP_GW<&A?d`ste*Kgp|-u>@P>){Co?W%KMF zqaCAzk7&N>n>FB^)O*-uU7UJHR{;Ha{gB)L7qk~>*H&ou8nsDv(~ie9MlQXc_O6vV zrCX=$u=(kn)3+n^N@&f&wzRfb|9P6*6_g3xU6yJ?=++U?R{vVs;u}o=`aJN??mu7; z{xN6jS6VorXA3s`j{KMOc;D>#{Eju_lI5g2SuQggxGa~Lt2dEoge35`g_slA>K=p5olRwqjjDb5WaF)p@@`Q0lT zT>6^LV;D!~rWZwt;e`ObI4yVR5^wtRc;f+Ibc-pZaWc&Uc{y2RE&< zKFfFEA7H_!hzIN!9}KE1oVVN4g)iQ|-c!2Qsht!Nd{hTfO?R zqrkLDhX`#bmJU#Q#?Un*-l5Hvv3=~pJ^_!)ew1uAq-PY)(ANjT=IH{vmj{iudc|j- zpNme+(rf6*IUa7E7B|tEZSIsjRAGe_wui`?N@%$ z70wZbN{WH)rDNPad}-hWo?09paTHt|rnW;<1u{bWB?Azc!^@^ra=7!+;S@BvkVJdC6a}{{ob92mV{FLl_(Y6X>XM{qTnKPry-g$d;SE1J2&ys){5k$`f?sw}uT5|MJ zFMg!=^y%roCwF>bL%i?z^bDJyKPKnQtq(*N-`5d)6e=X0~ zc%q9>BFCEZc<%DTchWE91amq4O6i3q$97tpQDx><)LY*h)^2@k4Yc8dwUaq<;B6fXziHvig;~1r%uQSBQMgLA2!?V8Ab5x zCe0i9oM&C&V7unw7d|XAY%UOv8*T3G+^ey+_7Jk4P00opf0JLBVdtI2+e2GL*O<@9 ziC?%#_1dyGK+85T*Whgi=j9hhcx@Fw1y3=l$d)6TV|kYm^GJ_w>)57K!oNefLB3Jk z-Jxy80dT*m>&Y@~hIa0k?W6Feq_M2HwTS;BU^m1#n;Y403>ewqNtZ2qsGN>!_ED$L zw0Co+`=?3q)4;DaeUlGf5)ZfmmvSNkt zeKvj@Gu^TWtga;3n`w5mW>~o${^n1HSo3n^gal z_?NBkxI5Rf9g@1(HN~YKHHj z&AuXb?%3mQ=iClF0O1{$uCHPL9{i+?s0%aMpIO@L^NZF(*&9q84T}mHPvWR}C*~I+0G$(9m?ijS8Nwssw&Ov?)9M^s* z^FO&<{?$@tibuu|TqbkL#NoMU=k!+mctlLNX8DE1WwCX@Y%S$v`kLeN7YeT|8&c(G zUu}9PdBELM@A>s>tW)g>n{C$rlSfZ4p?nj$GjJrz9W&TIXGYrQ24$m)4Yzwnmb%~v zO=pM8gE3~Q_2ZN~6BFI4BZXJgQ~pahe5Bx%w7sdc zmYz0@yg}uIdsURPi~lpHq<>85Q}A%pK6R1WBRFu@&GnxEJgXCXS88tZT(0@8@zlK2 z`0Jf#8FQgMRsYGjH1Vj5OP@a)HtP;dS!(A~j^-2PRY4D|UaO?2EEojlDIC!peG;66 z&Ux!(zolQA-+qOXKQjJ8)oLVa^@Yl zmd1xE{8#!z!dw&u`W z3#-;5=2{#dkJx4^4e@2(IN0%E@AkOT;Ad~T=4Sd_NsS+4HcNR}8!OXsJsn3ZodQR+ zegk*T9X{VKxFJ7eYE7122|d#p!ky~ml=-LT6)s6GYGuD19QTVRMC-#>%#PDn&VST4 zj7{9wU>sXdy3aiG#0JgHvU=mxH{^8M@)LcZSh|m{RPCl8PG@7l@`UtduId4o9#H>E zzH;V4+7<6)Y~<6XYcF>eeFfTq%#N(4b=&%CoO9!ZsdK&_o`f%)oZ!Bk&ZzIpxsko4 zxt-uha6f);{K-DfMu6v>0l~Ko&phG+%Q?rz`vm@zkpBb7|Br(!fgnB~qeZ?Sb^3Bt zU!mF(Y{<#J$7jzz_6v5JH|U(N`{TLy_!jj!-oP1+rHnN;(A9~)0+qp>$WuP$CvU*R z57)L48CG*a=M-4Svm&dJh*EkmqH>_^x+M|s>)!5#tU2!P+=VAjZOf@5b^U=4L- zxbMYtf#Ixp6n&6vJ6szhbgoBk)_fu_{vZyTP@lCKvgN1_%6j#5WeKOsmPXKl$lFVv0ACva04l&|w3;bk29(K;IJ=4>szt8B_cZ&^O8C${#8+S|vvyJA_R z$z;Bmdhne46pz8jS)Wd7f64qnz3Ug~-~1jfRBqpcJ{24Q7k(ZG4=ugWc(G1aJ;m8F zjX86KvHJb##)|Wl^3j^-p6l?;zDTOSUdl8-bQ(Iq2Ia7E2#T?m2m{Rno+pC++=blAis9l&_v1CGc(=$ z9p}33eTeqn@3r?Ka0t18_D%qA@~nSa+un>9T3g^V#(XZ9@SIqDuEyapbRD|K?;~rg z1>I(TWd@(UzkccU$nJ~->sd4u;GF6nbOwd^eIK>IM)Fr=_2+V1-hI-_O02tC-kRqR zfd_GiHee?jTe)9#yf9@2W5T#_9{)()HvI6TcPMeptf>FJ+*miZi;lJXe_`3QWPj^7 z?0ZhhPoKE@M?1f%1|G1;1jCMgc31>dBH>YzW(5rzm(a+#M z=Iy?mQudFB%~@p1B8gIswWT-s$JL7v@HuVV~a8+T$MIGw@uBX4^1F4eBf=*x}Vx#6#S%U^a$fH_odl4w!%kqN9{UnxT&*l&5;(JJJVXMv8PWdT9O@GCwW_R z(?0#sDu3{N+PWTkzb4sRQXxNu8O72?gw5tRq!01diWhgZ!hgYQuvSd%gxBEwtnOgR zk7xRV&_}HosqtSy9aCEieRrK0|L(N$?@k+ke6Z19;mrS5ze9}SspC&seWADAJL2$% z%o&x3a^zFl<%iE`R35>Bwmfd{xdi8b@TNPqVKX#KFk$Z@J8Xv7{Wad99YZem!q4J; zy!U=K?>Bqz@Zm$I^;DR%@sl(TyJ3(2IrHVzI5GC={7+e^1K1TMIa`oS#NN6*S326z z8W#_O=sl!s)IA>TNvkbc_(ZVl9&_3Am-XW&?i;KZyuo9$qadSA@OJf}<|%OO0r&&U zQ;9dIT9;AA{C#0gQRc{-0*?F<`QUR3348UXfEmfRy#tW%H~2m>CGH&2czN*tD7_!R z_#OKCYNUKPu<`|<9VS}AUCUWc;2zduSC5f7M^ED6Niw&1?-O|6;JtHJICG`Kub!G*QP!*(z&HkR#vq@NQ!q+tyl>IWiW1 zQM_gj-xFeS_~ya3PEKnpwiWnwSnsp`bAoNo2i1v}WoK}5n>VGm*-Veee4VuSgYH(! z-j2-5{VI_)g43F{trfn`I5H>W^?};1c?-pf04-xJ#$Gcr#@Zp0e z6DKTD!dU>IL!Z;!n|UzvRK>F&hT|6E>rFvDcOp zF~b&5VXlIM*MXaY(_(OwHPn^uQ}Cg!v*5}7bBg?B!olt=ldUs`kyu7<2j_NJ2N$r; zWoSK<%{A$FYHt<(H{$8v%4}JURz}Hm%e69!H-~d(rs_(c!&-YJdxXtHAGEV>L>h)I z*4m?YJv+wP{Rd}GQRU?5I3IerVN*{ResY+5?g#mJodCZE!4?2xBV%Kz7->wp*GESh8QDieI_ zea(dV$eR%{*EVZhR8Qw%J-S2Th(x3g+(Z)Z^#* zUBNrDX~Bb$hZa5vUO&L!-j$IK>rgLzne;m1(-_al&%f9#e-*&euQ3Rlu2)3!R*Yp0 zfo5a(P$YQroW%d4uD4Aw|EWKD+XVTS@-O3G-nGM2@|@oFwh8l}#d{6UTK=pt<~siM z{1^P>ZF3|4Z}9&n|8Mbc;{WZgx6NXn&HTU1Kf?cZ{_Xr*_{aI*!T&D)xAAY||4;lo zyWTeU!1Em9xtafC8f%`9v!@b{`^?5k8bjL8T2fqve~zHfd{^^dYZf@H?{Mc3zVV*{ z3}yk#VvUKH_V!cK)~3?VUI(5un7N%_bI0AAH@!QY6Fl&At&fqPg4fs#i>@slXC7GE z!5OQcb4GI={>Goe&rvt^GA7!Wlg!T=#kmeEA3gxDy#iU*A9;u|-L&vQ&8ygJ2WvuO z&5GFj$D2z?-#y%{Vt+(s1tVkj-UmG?oKwWzDKVEni#7Uw)Qv7lXR;#eK9?Jd@7W!B zYJZLPPbhCX{C9@c8}uHmK^K`xe(_Qd+qJn6K4!?%);26`KL46sJ2?~FRiQfplW}i7 ztPGn6p0jkDc8i|}hIV~L2RzsN_IUW5`DyDa_x@QO|6K7K>YM1Gcn-loMTeAT$9(i= z*t%G}g(fZCR9s8?331NU$KrjeFHbzVWT~+E+!ER;pHh!4-R7SlTW9+7YOvlvsXFmI zat?Kf-hlt)8|44ecoxd;6wZfD;3BIJg5Olx^|BE_A3*pg9uKovyr|?T>OIE`t5;aq zjK@~P@-j8*L)UhHA-Z$xFLimje**3EckS|v-#FfN!1l*4o~^aqpBIF#TiBfM&+FP% zCLc%M8S4ALsd3R9rVWSmUY+>m9L7R-uvAC-WFKpqUX#}IZF?e&81Jp?z^qa z`d2~Dxr{w-`eNq-K5&88dJ8YvmFB2?_B1kWTN=yeYFtvZBvLfInY!}qn6STlPa`^b zWJ2WqqZ&`I?;DrW9+eYZXONTsc?tT6OyT#<6LqE@*-~=sSd-sVZi<2R)JT@Io9_VM z)6>2S^-lN%oQSs8 z67~ofp9>sszLd2))@O=*Y6n!Gg=d!KJ%_mOmiLs8$(&FhJWv63W%+YySEoA$J@M4| z3ho-)L3sCfs7w#u+3H`Myy_3-{n7rQw=dV{m4lqtyKPP+BkbF0*4@6%F01vmWPiKbgQ26~zoHh1g(6Ay;nLF%`3 z1wF-!(gRTcJK}NfiJIp$r$j@LPfA=^I)%Y{?uAV}`^ul98R`2(%&(7W$8)T?rahnW zh-)61JUhPZ)3BFT+v&^rf7pBf_$aG0@BhqXfC)qlcEmvgBof>ph*8l_GJ#AKyMw{q zU_(Jg4F)L`?4rd!q0VF`Cbm#@7Yb5Pz@*AnT4k}-Rx3Y3RUWC>#jRy=3m60yMBVtS zqQK1e{W!2uIoD2xz2U2GnagiSY8Fs0B5GUeKHQt z43i&N!SG3NW-4X;C7ihzJggI}7Z35ymA-268soF}IFiZMcD97EyW_5s_quH_gq!^b z0M{3-Ee5hfsNOeUIxx5HkR9(L`ZClz4_qoFoZmFtUnp6~@~tD@d5mo#uFR_&wtGmx!iCK$!N%p~=wQ8brNgECKo;MAm$i71e$`l= zOOm2iP@u&vV_w~4?1o$jj^zntLo&oe_ZTVg!+ zk(4DH$*2i_k{s+Wp`VP8M|W@)y6ezYVf?s-lju0xOi6evI_pYk82$|JC=^e1eCgPB z&q7!0ckHCzeNQ+PLH>gmDc`&J*(ubw=oQXRXpUT!ev!G>uQAB1V;@G(oT&V@?ns_1 z9YWOP9ZqUrqX-`%d;{$ji_TOxutO)7|80kVIO|yIi6w^OPnUJ}!Ui)J`NUgW&l-5a z*~r2Jwt`bN&KeuM;@%O)!3(ZwPe=P(@XK^DcrgmvDYg4f7B*+Srg5e0QL0<@s($MJ zZdTo0dM=Fzc+u(L#i|W19$0&orh4x@$q6nV*;=zWbY1MywZEILKgG_{&d2S1zp*;?>l1$^T`%sUSL}5{ z`nUfBKhZ9DiZ^ZXa90RAAJMLz<7g{-#_^J&Xmguw?-27?(+K2E^e@~~ z#Qqz2-4U(9r@@Dbhd-Zy*A>q8Ux^wu)811XYR{Tf6v87tn zhK%r7;!gIxbXSk==i%Aat;X;l{)XTv#bAY?zuna$L{_kr`Y~~)P{U1 zS+kf>{>37WylG}74jes-9T`5Ff+6Z?uyPe^Wwj+^{BJHpY4uQt<=T^=Kk-IGR+ zFObZi$z%7JoP1*}tY?eJMbC~MKo$*JdD__@vA9;?;1c!d9wxyTnSk~3W8e_*TUpYR zHo?6fv}vAZZ}{n^dh>KQZJH-Zds6t>O`GK7xjMDwl=vli!>z~49Ows%z{g_2yjzC( z=mnQH_o&U9%fbC%s2{vt_?GJrf)nlZ89Yv3?c#tPHwPxriFgHfH#m8Y-FJ#Sg_%6g z-o=?uWaokJ`H^uPA8D)$lR3->x&9K;O58mPrD31p$n2WWyJ4WbrL`Ih?DnT-((Sy= zb9HL-6P9kRJpIF`1&@q<6gr9lqR+|>d)~{>TK1J>f^~w^pO5(ty7^%XI9aOiSPN~8 zg{|!Js`llV-H9(`V2Nz{m~)Qk!v)9$k6CzbHshJIMlp9;|8~~yVk@-yV|)}F@vn1k zu=U_qRQ=D`5NY0IzSysEp#Gf>T`cd+;EO${@?GfRZe)kG)+coUKEk?az~jkN@aN2T z>SxppInCxNf>-zO>%{(CyYXN{S}0i*9y3OJ*4oF3^#X4_*o&q2S{|->h<)uSee+8e z6(0~!#Xr5h|BQ7FXTy%PDV?~F_?vE=GLBe(ZKPv|f8^!nCi>9Ie3n3NL?*-c7W4I8 z?>)H1lq%isktNJU_*Fz7b=U7npQJo)d9_NXoV(rUsl*q!@oB_wb>nr!r@L|1AxGSO z5;KeV1UG#y@v&}v9`TFZII`K1;cgrrcw~@mbHc=EU#89A$X#V>3+=mCu)uaUqHnVH zlsNbGj`mBQb@xj;grC~WbJjlh2Q*I7i?GMEGXwwb@c>Sm-$WbD*bHF<4?hHkdtcLd zSbSUKIrzmfdB@$?(Kx(wgWC^a_Rb_XP8o+kapP*^05{Irpm%z?ar^=u{>+WT0}j9E z#)IU^zz=)&cQWu}EqHjln+Lh(aAy2Vh(7_`GV9;-foG<^DDO78-%KQ)8LyhG?`w%? z@Q1NJ{IZ*$u|9mQ8)vK!Kjp?5>%;39i=du$SFO9hNB<8`Vl4V(#=_0Nkn~J@zVG1l zVUPRn-s<$B44gQhb9ho%Hq(?lWff;sA9^Fe9wIP4^oq^DO6O(|y`Xu?t>aai?oMXJ-%GBP=9un!!3GLJkuRBNf4tC6ch7ba`JDjP)c z*~n&e8xdsSzWL8nPM#Y-vbdj>g>$qwPWlYV z)-MQh?FNFjCQIS3eN zk4xW&*yEB;DpL+=tE@c{YjDIEq~1_ zv&J2ZzoAcWRrT!CTNicr>8)p4>5tQvw{CzY>^k+-{rQ(2f4M&gfA6-N{v6!y#_7+S z@l1b+OLswE{-q@|e_A_J=1|SGNgsBn>{mp71TRK^gPadfd3(ec=2q-klvm$m_BR&J zwtE|%%yTQ>xB3|Cx*&StF5Ro+v)a*tjj`(~U?6<%!Ut&9!G||{EyU(gH0(Sd{6uFb z-L)ojhG#xjVw?Bkqs;HlcL&$C;_ujvKhs^t!4utO9Na|Q+2>9le1f?3cg7g3r5wwniBBhf zwp-3*;&!eeeFE_zZu(f_Rt6ybBI4(|>BEUzo=o~6;^(>PrxCZjmUIvC^PThqpU{R; zZk{62OWpLn#4mQ^ue3bGn#RK5zzKM;55AH|n%nOKhZ*xc$L*CwF0}b7y%S6lpNm($aR=qubtLh&)`!qDSvbG3fbwz#=hg?z zHE!B1#A_9YKSQf;Og^dn-QfuPF%Oy>-Taplue15@wE2g#w)M(KHGFsv_0Dzkjd1x% zkn;S@OEv6kU|0A?U@3eC9>7}d9_)VHxmG;dp~+&&$>^osG3;nkdC0Z!l#V-2qQ8bL z`a@Pcnf|=T-EZkv$1`pme$tVVr;*V*_PgmW{q27Z`g=a>J3EI{e{V-_>Bz`sDrc>m zPvvCfB;>n}tKD>Dx{fM09;{Bko{`tiCZ3VEkndj4$Xi2*Z*}v-3trF2TjvsA=cX4E zU+u=vBkssG;2!b2-E`!?*B7|)QN%OyUn%kFZu-TG!_R+&F#Rml^*M@isTTg82PzJVLyzTfXhG zUsIclvf<(8zl!u+H$KsY#RT`chIeNolUm-BC6iLt-V-(t=TwM)K)GEqt;*mV%a^jg zVI8q|yZa5W+`B3J8@Il>q`Urn7HZ#Tr{-B?w~P#8bv(-?1Iaew0c;bJ(B&WCACh|> zeB+z6cM>%2)id!ck#n)6Bv z#{<_theWy?-V^8JbgG8%Fh`~S%2-`eh!`(613?vt?_l3nM9=Zrsl zKX8lclb%p@Y0dtEb2p04G*zcRXVxMF+uyahS11>H0{0Ii9h<@->P=Jijd z>u}Z;f40m&7X9^QriwE%6#IHT{6FZtc$ZEbxgL4M8`*63z$0fQXBcQ>-!16y^U%?W zHm)U}Ph7NdHSs_z`;i;ahZB|)o=aFkSWI|1VUTb<;n{>=AuJ$_5)Pq!$z_Gum3V1` z_Cj?(f?X5IZVmYB4g>1n`zG~hf0O$6zD8U&Fx0>IW#Se1R*q7p+K^AEHk?7IHb5({ zttOA|Q@@({65@G`C;b2J(jG7to-j_a=iD*lELzmu_A-9)OVDed0zMwCPq-@=yXztB zISs}hz0v9ddM%E#H`^$`9(z6`UP_#H?0Jv)7}{01VK6SThM02+%L$7KD+qfNMhJt1 zmlK{%IG(V8@GFEv2&2@wY|*%`{bQXKarTd$b_5qY?Ep4=;%+;XKu|^mSidDB+t=IK!6vx^EWca-L)Wd~;8( z^X<#p`{!GK9^Z0Ty+5Bmc$dEJmwb^==;Oy3Nq>Ma$ghAOb~OHCekD=UY%=}Jrk^Bu z3;uelTpNAu{e*G{oK0P)T0f5we#_=)UM}{td@J~{eqp|P5j~{co6(sJANh1%)2FtH zXQ10ko~nL*-_?e@%zWD7r!C;yizmX*8P6rGc@z6S$j26D2V?MYQzd(k)E_UjHUzRw z=M3t)Gm{BmXc()ZoJZh2w6oKB_vmNIgrB{2%gf38=wTR^3^%~{X0 z*J`tDwYv0a)M3vaKyToMA6V%Aor20bd>p|y!*?D#hTb3#eJ#31GoJT()#-n~($TNc zK6nqjX)*6MYR=L6-|k`ltLBFH@6Z|_oY7q_x?f|N*8Q@5f#=R>D&h{IBzkq`wx|$QB7j$!3w(REUx=Nj~ zxqLh@3thPAKmPM%T~OIo1HMO_tS*T7kC#*zuHsBd4nEtY3woNij=625Ck>7i^6f`z zW7(Vmzg~hJu=42{UC^toL(PWCBYxFLzXN65alc`xCs+c;rtXVSJ1$dlja@wL#Lno8*~$uX=xz_LMLd zmN$_u+oUW$6vq$K3HB|J6N|jB#tW`M=jr{}%2}L?)g2)4Ge0yuRXV?L73*2{BCFGX zyw&RFusINpSEt`yqIPC%5USHV+bBc#<;-fTz}|f|d*7i`Qh)z%8a%@``JTkVqba<_X%w_5&6xRJqi6oUi;)QeGNEg)R4v3 zAVShl+SU}?h~46|xBSHR^UY%o$O5K$9A~NRy!P*pFC|W03u4cbZ{saLq5o0!J=|{l zptCDM$);VfaBcmi15KpSi&lQo)}KA%$LU|Y!x`}JWkMYqpVVOR6!0xik7@)07kEJl1sK(w%lKLERhT zNps#755BtadqcgoTC*={;x2e(EGu&z3pdElIDYmO4K9CmY4(i4S>=PT-X~?F%J@4r z#l4ZI8AEtUdDP6lLG9%Ga=jO=(e{#A93f4{B)@TAiFvIt*^FJ-Q1iZ9&m-Xc&O~Lf z=E9ZcoT}BHTK4JviQ(9M<~(P0@lo^jHxos_vFif0WyK)$*dwg{U~y=H`HKARSEv62 zTP<5(-qH$7@A=JT?3u144Lt|#lS~^@JM8{rI}aW56`PtZ8rGf5=m!rv{K2zF>lw*f ze3LhNFt|{NJyoV}o6{TBcKWC`4J|7|mPe0H-g&1eA6w6^@>^{An>{giU6zM@mxp|3 z^j(NKO?4)=vDW%Jb81xhdwh`E#yUQ_BA0g1F7VKEd4&5Roc7qU5X|XkM^+lPLyW^_ z6BM7z8pA%cv-3ghBxdEB@*>$wRC<=hE2|r-et;|h-rKgcF$O)_acoIoK){(6G z^4&i9k!>@u0`_LH_A7wZLh&AKdXOn@!B>Wnt%^CtnkT}$?7r0i6J+01OIKZvT`%*= z86{c$>ZR{^R(e@hx>xZqbH4Usn!tHzqei$DPc{`sO~bOTH3e>Wn$`)`sr`2&t9`*{6FA8iSVXe7lW&dnF@v8I&RSgi zo_J`L_B0)sM5@!jxYgl*H@?8wSbo8J()!2|ES{yDP?59$&iEe9%)4q+sQ$S8x1yu} z`k?H#kk935C+0Etad(4v8Rz=tKM;QTySt$$qq{jQZ&`yq<$k+n_Nh(im+T%#)XdmF z>^YOR^1*8J2=hms-p9W4VL&pkg#&8IB!x{h2zi8XwD9*A(X$W}B(;vEG2f%w0vAQzSQ6r+<%pDH`ES z{(jnG=foLfk)PAZ!uH-*!7rBh5O~Z4&rYB(@*;oVky-E6Z1$LWwCPFS{a!d+oqDrZ z23MnI>Lg3M++hTd+YK)SRnN}DEDmqlv8R058P}IT_5R-S{DIfemd+$|a^tXj zXx9ysSVM$jxj$b%xXx6>N8gE8N8yAnS=(ojIX_>mB=Dv0?W+*O9YpnxT!o90&@a3QY@ zW(=(xWORFfDDCpc`sFmV^rg@JkOjVL?VIwkMd`YiDqeRz=YWl;vH9VKSbJ%W-bKx{ z`@rdv#+>E`ty^h}zwzOpy7v3iZnJy^*%rLG(!~pRkL5qdI*VuJ#Q&z&SOHs>?2%i}xRZ7KI?;P|YQ^1Ib)tjt9M7tA0rd^H z;n8An2-&2=;qx~w3e_X)3<+lVhUNLOA%nQPkF`@1HeyBa z8t4Z*0}p+l=HT&7!+{OF$V@{f@CYZtzna9aI%`I*h6l3G0bkPDoIFRyNI$Q2pOxp~ zzlmqwVa#sW`e59&TDu0?3v4XB;HfM4ZtB9bfe-1FUC!9;01jpF`bQT}2bYkE_0H;p z;Y->Zb}22bcJ4=d&fLGqvoGnJa_Ch93JrLwGJ(QdWT>tx{wV{)JziYF9>&l^GWpX z%z3)s6*{-`9z4SCGdMW(HSL!c>)U6M$B+*SrJHB%nxX$B_963JUqCI4^HbEhAlwd| zf22K1Q^)ruF5E{EM+ea%SQHYUto0Ld@WqU(Y`?ln^L_okE554w#D5sOS6n!6RGH+n zbEBp4^eeg(HtDqUn{$^Hr7R3Kw|V9>Z%-3_XY5l#t>_j#o=3D_1D_tQ@8SEiW7E$L zpl82ccv!{y!O|S>L|e)S{!9bz))(mtkLP;6xm4rZxbbXv&->*U!X3uz&fURr?elLQ z*HJ&Kl6jSMkJkG)?`oKR^QX7Z3kT1L)BZ5`p_xlCk;{90rZjE@QnV~pvh+1C-R+sSGNwOEhC+|ew+kJSoQ+$nbtqxS{3)&Nq zjG?+h^=B*uf8);FxN{Kr+3LW1?qhZx&v&eio~EB2J?F)_gVkr@y)&0=zf$xl_-kCm z+cYkmt?)5#!~atQ?0aYK%+S!Em?uBBcFh$Xu5Y=wckBuM*xsSXgvi_qZiU`9Gq8WP z_qQ`Yc!2pSWo|p)x$`&kB`39qF<*8zxikke@ zz_MWB7HHsg=CZVSOMg$u;E0QSp`j+Exr=Y{6*Fg*%94Iux^e9jG!2IrtmXXybg;u{ zFFtM-KWu{h3RXPF8UGwpl(E;z$Q;f*`i)JZ`KBuuZj36Zh0amXID< zg+P?>)*G7c||Z^AE@qec>P2)6<^3 z1ZPu$BcXFQA-)lP@w)2*F>_6T{CW6P@~Kb2(NCY|;j4(g$k&#sC2yb%T^i?;tv|OV z(jluaj2C?w0cRXp*@lpK}dCLY;3YAPf=~66!2Tacd5HZ=6wS8)nXZVw^d@X_%3J zvr&X4gr%g9B3(Y2M)Mq6G|XJQa-69kyo7Kp>0?Nb;KL6)v2&ISUK<)s3wS=QX)I~= z6Luv?qfHaTYq5i#?{u|wAcT7OJg zcOOz&rA=Rl2i{|OCUk_4C!U)*e-1v~8y`U(ud9x$R7akBw!9{GsAlwq-;=xv9lvcn zu|tza$D=i)6W_ITmKXcYCGd34dW@`Yu;--Jrb?$x@)vB+iLFV`%jDtRvdOVv2z;l` zH{|!E_dMtmI9hpc19a1zFpGs_t!dMenDg4M=9@S}Ug^kF;-|5_WxEpp^HS2b>EBjw z@(A-|x%)@|{3lj^vU4}Qtp`#{S(hcTPk` zzwZlkLTe6ZzgR=ouEigG3w5nEHMMJf<6<+;A03f7;NJnDT2YOD3*kEQ()h zm~y4sdt#l16Kh?!uk*=U*!cX<8yfN5ARF=6?RMSc?hAZrc{VHr=f>xLZe_~GMNa;% zu{yhJti~s%{H`If;%SXl?7|<|v2yY0OB=h(>z=ofiOk}2fbH}@h(}G7-ICgw90cD# zlkedlC*_gM-}Q~?{Z!=&b{dDqE0$93%?%kEw6Yd^BHeWS`2b*Upu7I|oZLp{ux9Rk zqudQcfPWqBL3boM%bCMJ+b{k=nYAi2!yC$mv4>}M3)9zW?}hTT7WHoM2{$}>BZ*ga z*(Q6jbujs)aURx-Oy=20elPRbRPswM@hurZv}$-rz$`lWR%|%Ly+gtRNgiIF9f#!U$oA@N&X( z!tsO^gkK>XM;IlH5MGtcHJ2~;nTb4qh36W=DB(4vUqyN?;Xe>gCA@}k8vU&K|D&JO zH=6q7XZ>PA_3y9k*Pm@a{J1V^`Ys7QBpqDeMT}um{b4TiZ^#FE)Y#i z7KM(+06+G7biUHkRdMJcFLqqV?fxDzOdtu}X>R%X7Wy*O?u)zf*^Rr^SM?9t>Wj?i zT}dAZa|m-NTl+1UwomD9dpFF~_GAua4ny|kJi=m~SwNm4w04F)_yl~~@(J}vG~Hsb z`~74;=Mp7T7Q=@eKCAtZcKVGTBeUlLPw&w9h(|}wja_G8yUte3aO#bnbhZLNkv;Z9 zEUYi0~#OTkVn`% zwmIWJs1Lq996pXr>)=yvp!rne0gNJ!-N_BWPxoJ(z`v)r&}lPgGYvS9)#k-*r*1EK zXzS7Y)lPI%R@bPusz0pBV0vD^+A5pVOnalI+WM<-@bB|Wzu4w4%|CUUGiMp6MYHDs z`348h(C+nXTYX;l913GaT9P>=xsEfZ;7Id+Y) zJ=WK z!CL&Dgz1Y7hV_{eF0{B==kS$dj?Mu6vhWjMo*CIMk}QC)P%kz{maiZS=2<_P=oiqZ z^p&4X#v&-ZAs=TWu*G1lq;G_$(mzGbb#}}%c&fhW46EoTYs~YKJ}+ZvZQ0}tbz+kF zTs$!}o%OQC5znONO^gZrTDZPJ;|Q**ucAZIAiU;<3_c^HYEGC14j`Kc-Xb1VJO4a> zPdLrm%UJ&UsrEaqY(*bkn*2-neeJAl{C3(sb-Vi9n$v~f1xfHD`LMSTe6hR&K8#F* z?ho81?#i2I4k9hsI@ErrbXVp+v!)xbyZJPE9sUYFa)!kux8O^;2kjhtRk-i)*QqgX@8{XJs|^6?2SN&#r%OKl5&fzNxMEjU%r|`8S}i z7w;W~&o=Swwi!;D6PvhKVGi>-cIBb9C{`n;GCteZ6SaQ)l9pCNi)NrBy~on?s8GLj z2R2{hkoRsB4Qjt*NdF$~M5Zk( zwBJV`{sSL#>?u!)~QIy?pg7V3zSI63UUyCwmDwIne0WHXxhS33sR5r=q8=ta%B{)Gi#gRVWOvG8?=fpoB7tn z*6N;xw6m86@BT9TV9nDU`(V{WnJ>HiGmyCRKQel~rzy|wiO^NoRQGxBdiO9^xBsSutlqo;Njo=LHV(qbhl% zH=*Q^zJyx8^e5E%C^MX9zbCJ|W&A-oifaJQrq;F4NinHs{Ryz{M8cH%^ZHsE?g8H34K~S8Mn`?rE_IZluNp?i7har;w4iD#-rEn znmqF9{K*r3)fk^$-LPb=-5)9tU!x87-tr~03tJtWL$2w9%{2!d*qrEqSLJMJ<9?Ed zy#>s<_^2|u8^F7e@oF!_$|8i=(VWx3_~%RKk1sU4#|k|k<~)*-e8cz$>BAD)`dZrD zY*wJNv~m>saD0uVQ@qEn&+^C^azaFWvex{n5uPUgUBI*U4)bEB|GYBRRiv}NPk-F1 z^-3K)N-&hoQ7-45ws=bL$vsZ;XS|N{`a_`+WRFtXUxHjk8n}35Qih*}pA$dx zx_Zq?2c>7o&@cO~SE`Spdci^G5RSAZ6YLq$UgQ<}c4SG`GkV5`mCjr#UO%Z-c3vtg z!w2v`C)*hUlU`(n(B-8cmM0PFWTR6b=w#0?-s8EzVNHd$IluP9ho_ILEXp|CKhgY zcp1;=;g~xZ>+011T1`7#IM%FCfBsL|<7IS3jvV!mO&UY^@-w>ouc^|&KfUuAzwwI~ z`HGun`-&w$px4X;pUe`TmByVB^4sTMoa-x2GG^jcne~L^Bg!k(JHqx1zGxq{BH3jF zSm%uOGfnpUBF2R8vgYVc%FMC>{PtMe&eXFPM9oEqt**F-4d6e|c66PWZOx4RpRoaK z$!-%ii4g}Dm1kzR1=^eD=Cgd4JjLv-SR26R&Avj{4t2a}ENUt~fzNZF{2lkJoo?EG z$r17&8w!v|j1dd6Es%34D$GF{!%a)}A`IPO?L6C1+-~da#Mi zZBbuUhWO)Xbd*b)a;If{@5a($zsrs3dKg4s_UCa1YVtlW~ZdmJF_e}hUy&U>a zFJ>HCIkRbKhxoy==B>F=yPpV+R<^T`y3hJ+5{!iOxdx15X!j zfNKlfKDxeck%w2?@hGr!1F&$``Qh1&m&)Y66ORk~YWLnm`rm|4a`4*rAN^Wv5B+cL z(f{$1ZJE>ZRj%4YTduZpG`JcyVcjvP`MAK{AF*dBEdRE8hVsL`l-Cxl@V+nV$S|(__~2-N+y;K3uAjJwxzjp>)kb$)^LZK#(ASE2R**Ny_b5Tj8mS*$*zMfY(Bh5^XL2k5fl6eo#M5Ze=Yl-axxUYtN{a?=$v@p0adf=b_uq1kUdL zDp#q0*r}ywfO|(XJTcV4Iooz)>bCv!Kk{(rKM6>V7i*!nZB*ZwAR$!uVJ3VWCj>o#va z4V*iT_1ID8uKU!}gDh{i_&o9!YwL_m%otmltvdBj&(O|NqviuAFKDuKOJb# z2!+8-;ZnFta`3yo?A|434a&FnibTzqFU>rMr{~u2JY2H7!xuW6qo(u@+PN%T2!rAQX)dYDqlsYmU)*5*GlNqkoAjGD{tR{LDOl)rGWL$g}5SDN%km4*Bw{3x#+ zyoAr>mGAEr2?qy`50|~a2im_neCNPx1v9}_Wjg%l{g>VTiJnI#+xoPs&g9lUkCY>q zMa_k`Ca3qoj`BpVwF|R-z3|#Bm=p^JZr&;<@A17B22S1!oW37%>}l4dTQd8?4y*^> zL><=u13E(MpP@Q+>-`Q6+@6vy%#n4!G9FpCM&)eYZ|>E8uQPYaZvT_Vo3LLFKLp?8`~tQ^cHU^7 z;GG{@=bhL55_|&~H%)iu?Pg?H&6lCUW=NOa&UDW=lZVlbvyZPm{Oa_7l`*!{XqS~K z>>8$rUgG`xT>ObN9^F}!_#wI!WXHrWk&PCxM@(Mb^Op$z3Ys6Y-+}3W4R*iDORU%_ zJ=7x_JHe4P*@mdOGD06CwvTPt(>Uu?dzMdm!j<%o^995=HSa^W%-JUOOXE!cIRoXL zSKfil3Xg6oBHT!OgxA^qWN$l}qMudt^E&nOHR-|&9s9r6;uikMGLG)gJl*)8KW|75 z@fA1zC;lsz%a$v>TQpX_#h&3vTKItb7Cy{V=nGuE&3m`HeVw826Te{oOw!gLGJmWx z`Hk&|YGOZR-+R}u0`aolHHqa>3%~ef)eW(R-vnY0a8Ke3?1`8C4ESBrCL4cjUiZ3X z<~M#ydscGy(yDaQmJbYK<~P_)Nk0E*0q|^(nkx>u{NK?rSXl>q`_#|1KG0nHadqn7 zu=6~Rwz9X;gYSJqGIy)P_r7tzmBku`tDTOGE4;wL`ERUr_}<9D|EYW2 zd-C4Mbd7J*FeANUW?ftM!;v>y#ZjWam}LlC!E)Ke^*%xHESGQ+8W!Sj@TD(s@-Jz3nU$ZpH+6WsDY&v=u z$&Ls8iL)k4eZ5FLl{-z=V*5bbjelG#@JCC%(h}RbFjNWVG(G{rc&N`=GeLPP8&s(ecoPG}wy%6Ga(1W}* z?%gikP#f|teRpX4#BEJufdz2R8hiM?c-x7K!X3;VytngXtJmoK5B3=Mx%Not!MrAs zKAU?%u_N2(<(stD6b_wJPdA+(cXf--o$T&h4R7IIcFS9iAJ&|$c73rO$JgndU1z;{ ztif$VuIhQVXB}3b;No^i)QnxEvYmb&-)nKW8^6)#SRc#m{T-i>Y(h>!Hzd9c&&?yu z5zn;W*gkuOx5emx3giP^G@!omZC(c7w}^K+^#!0M)4biYs+(W6yF%jsHq}-i7DpIOka&wBJl*?l6*VY10#ezdiGk+jZVW z{()$(Z;@N(1$>GS;0(v*w*)_jloAk9p^Fhu^~^pbPG+Kd3t-*zjOI($4;1_I>rK z4fd=XZOzZt-}U67;lXMv@+&gx&93}=^L@@3hF7Rv89Wgm3>mwRo=4u%j?ZRTY=MMfFr|G(l*Hy-niyQR6&RzUB$R zJv;1zH#C&F15#~Sp?z5N`3oOGkK)uf?Rov>c}#?n2Y=PIl< z+-gzSG~3kYfKS!4N$(s7SDR=pV2cEE-U)f>a`e4os~3On*8~7+mcqd zw%FsR-ojgjw{{Pr)epW7eUG~|96J)uD5x*k4-BA>Px3wI;r}ip-xrf_pu3*5>%Xw- zs2}*N>Qw!e&~`2Ft!=84$1~n7E0?kkxMfv|b|XLXl#sW-&NRDuk>Qv_Q+1cZ2hmS@ z&>I31+9y8D+_X-0)u$JVzLv3uoXU5@fmio@Kzx zt_#JJ)joW{KTf@p9psaE7T-;kUPJemmCZT$bmB;KwDhFZD|}I#^4<00VQAnqXb)Pr zX{_iPo|ezK0^iaUcWQtWWz+rcoR$DA0IIRdi!!&d_+l& z=sZ50bqPLG=(jzO*4?JTYwh^cF8V22E&by753h3hRN$WdrvDuLP+XE`4<-FsK7Dm< zjJ`ZWyae6vD$y)0?mk@lqHK{= z26w3BYwazbYi*Ly7t@Zl`X&r~@NM7^7uhv2J`gM)6Fy9<+MNEFP;~ITco}pOh)=&N zpgh>Z_+6go$lwnBPJ^C0;zd^lq?36NyF<;%$jJM}BanY(FEQWhYglhPJ`g@1A(_z8 zjSs)U;u>^r<-&B@V`X8+9(%)E?cFTAqYS%lL`OG?_mVF+2tUX(L2VS>ByN&idHpl= zbByqaJ=0R9qt95?1Fnpb#W`dZWXQ2uI2W~NjU|_217LaFUHIb}YzA3*mvg|Be=YSD z+A*;CPJAYq+P0*wAFF-k?(rBCa_il>rHDC?p8rP3+N`wzJRFyVwKhBko2IqV!E~Fh38vPj$u28`l3C zbw`Lj|H;~zZ8#*nu{~*Ka*tdPjzPcM%_BcDf?6QUo!0p zZY9m0-3jF$wK6hw$wotWXkjB@`2*)8E^c+lr-vO3W5T@D=XKy1WQ?pWf$W*+7kbL{ zEtH)XejQj1xhfDJ$G(H!fupKZWxIK;-!k%Fnq)l|8{!SWm;NVp2%bgJ4Ad<5#+I`Zu7iE1LaKCMH=9Z}| z-ESWGAJYe*SNL1k_mXK(T7S>dSmWQ~lO*BEvTP=QsQ#=G4o(!lmz_^EpBYQNXWZ-_ zab~TC43gh8!r~6&Uf4rkhSoFtE~T5$)$;wTl$R@d#UIc*t!W%Sa>gfi4Fg|gjsGO; zjtj(#@T;-``M^IeqV@cgL3TZ_JyPqpqfeRm?cx|~N6J&5D_foQyw?BY3_bxnw5|`{ zQVu^ZzlOCvdq3su<2O!-xT6qep4RI@|%L66zex-tLr!ArR=>T{HDBg3co22pVDuN ze5SDPWNki>BaORH=a*lUyT9R_pG|yss`x{f-;^$&Dd;V_eWsj+{vTReF8_GG^DazA zL|=LF19!s9(K+Bth5H3Bb;hLk3pzg*xhwUt#qad-&m6e>sx;?B&A>~Yxqh0I=Zy8jlH8wGR!|7 z^a#vf&=+!?=DwI{uR8Trt3ws7O1>j~hQ?hmL)Y+>lea&mS{AI{jjkPfqeDz*^ zfcIz4`sY*Tt&}YpDA>bK#t_EF8T;a%y5i3_WcSG#_s_RF@c(>oPaQ#j@s(5Q2qw9* zcb1OeOSfsf1;>->i>ST|_=oso=mrSBW^5(5XRYB!owSCJAm4*~ zCXchuzT_PE*B96E1v>XGTU6Hax>rtXd3$z7@X21wchN)>c!gY>vHPk{O*$NIXFMHU zkz;RYbvik(v{jnWt%bUe?Z3YYp6a}2P~Tw}SIT!!Xib28Y0u)(PV@)Z&7~%-6kJJn zbxM=gIrKlN&E_%bG;6jz)^F0K802r=uS`FC{T{q@*Ky~^dd{aK_N#q@q1F`4$Jn$; zk22|MLgwR1S2{R8X{_dd;kUDHJKv6v`o2ZFF;||~dC#cnH^KH>HWFG#*O_E>sz!Qc z<`ed4we~^Ak}o54$#%a7oPHXZn8_o2=Q(g`75y%&Y)>Dv`(}+5bK!T3gtL;}rN^Mp zqDSl3OLx#oehOea*ls&0`MT^<8b(WUNzd zyKI|!S$#LO>DY6$v(8P`jHSK`XB=wmSz^Y)-IuRH55gE3dk>|ByT-+V{h%V~PqL5; z|B}pn?C=H`Zs>K-)R+ryS|2(v`^R-I%%n0=)V8cP^*H|!<1V_`k7W-d`SkBBjdM0ZciwP5LHN{XzwBZ~2kyPD zlK<>|h_by$_OtRSI+KD^@z=@@{1~PqbCd8Zl__7L$;~R)|BTw`_AQA1zPHwrar~67 z$VHa#;Ewh#{QJ9&J?IYJn4vps!(;s&{=@8(?Jc9`G{B*fn0SdBFCjk4jgKN;>c&fJbEWHW;IV=FX~ShF zrCsL0tw+8PY2_#7D<`euq_hgsIJ?pPEpzRBtJdfu&>b5OPe4-nl zm|X_n){y_2>@@P$y5(NOyQ!2_oBf_|rjmYLb{gMIbHBNc{L^@@bL*=kKEsXAApW8o zf01~H8}A@~(2XA?e#ngmHO6LTS4X{U>TFROrnP@#EKU4Ye z3xAvZVzykrOZ2XC95|#VtE{p*pDBx&B;^I;b@)J;&AmbQ*zxkWP2fB8)m?gy-vIpj zdUmN?_+e7z(x<73*2B9fCoi%6oj`oVJEO~Pm% z*?aKCBhyCRKf#{=`Ixomc2Jh#pKHlBYI>a=PHaC0x z)%FcTO#|<~L%U~D&b(8+*E?kJqPmfHn|>MGx3Y~xU&U4EOt9(m*RI6|pym7kXOksE zVwdaCTKMkt#~RzjKJa{B=jOyJ>oY!|GqF=yqsX?WBC+{{U5PavHKa{TtU45lY&0R> zU7FbV(Q;_T%6o~uAMBdaDmw$;DBcZHe!bIuJh9maM^VmH-M!43G?k@6Co57kWBq;lWYT*Q1c>ox4rj2{#Jr}OBa^)jhe*>>l_F}qZoKT0yZ|8pWpOT&M|1MqY zQ-jCE;K2+)jTiS72SfLzL@ziK$)(5J;Ys`rXu*?d_?E@u+Mnjt}n13maPsp z5(~pk_WlY#wn!fA7f#l5J8KT~>EH@>^Hye@6^<|_^w0KFaGLoC-ly5W#qP@b)-~hr zDKh_T$3`+Ia71Qt&k3bpj17HpeZ2BFlD)M?)jpT>fk|=Ni8o2=OUcVRo&SAqUT!l!D8mQ%$Xy>m^LMm+noJ` zChVb*y@ltJKM7f%+W8?5Tz#w}iB608A=J|UFnw!sb^6PcE;&Ec^7;38kDY89n_XLX zgZfKZ*br6CmoE(V_Kr&z|Gjmr!B^WnQTP}3X;-}9>O)F27Xjzt%q4z(&st7Cqu7_I znopY6bz0BmP3hnstL+}$DUz>o$0qzSwO9D4F^igl6)p{1-LKmh^pD@)u5|%@3ei@J z529~iW$%UI{eH?UP~Elg5!D+XVMfyrkIrKXZf^NqYd@Q}-pRYAjWx3NyWkaqO}G{Q za5y+R)N3kw`0_D#!L1*6m`1wVIy+F>a-|N>)JxMp3_LbzpI{hXI-oIP|u9)^07Z3 zjeg8%y`PPD*?Ckydk-ruKG^>DU+2~zq#j4-fexKC$yxMs;eCwfNxHQY7QUL(D9hUG zWY+1YsOy66y3W|;)+IgMn=byTu41DJZo=leBiYj<7!f9BSO{p0Zk zS#=dSb$#!tFZS!WUE{cQ^|aSP?h@=ow^~PPKB>YE)ArXmI3*fRY&WCfUt8U|;Td#o zx;q0ne(y@sU$*v8>|48g+*Ws~{;_}3MF*#-r&fA>)z#Fu6gvl}KK9LzmHFjA#*8kT zb9uvL(qk`qMu$jS?BmwbALTXkBDLjxZE_w*gnn-3j%hgSuXy3Bc8w&3iAM%bD-@?C(-M1pl z4SBrL#ZBIVP?B@BZTKj;1=(h+*XkZaTP+{SBTsPges9SVk9X9PB5&!ED(@J^3tZ~g zCjRW;V0yUaUFr1T?tPxOi$X0`*f2K@U~e|!@RGBFF3;*IOVPjBZq7Fq!yiu^YX~RV z6SZ`YOn3u+_a%R5Kbd($=jAM&t>%sEOz{7k+eJ@D(mePhAbc<1_+an=rF zKUhD;fH!xg-=$2C?hs1cKv}C^jL62_+Lx_K-wWK3T?W=MPVCPBBXncfGMKX2Z??qe znDw`P13MAQU~azv+>mX~$TI4q-ry`_E>Qkb>WN|RSqE*PU)B0YI#=oKLMjV6zc1gF z@{QJ@exzl(_?bJNM zC2?fLuGqUJ0~2ZdV&xG}mj~kCj|Aeg%LK1`d%&w5yURHj?RpkC!Q%>JX8Nx9sM3MD z=Q2L=qFwUkB_5NRC&gbxU!o88HLJz*s#9az7&|M!>Am}Isr&A3y%Ro`ji9f&!S%9B zxEg&lzSuiz>wAw=+456TR>-f8KHY`?>~+Xi5xz6&kK*+;>*K{WnX_`W77y@Aml3WV+9*LYjZ*wANMG`U(d4Dcfmt;iS}FS z#aCAMx4=a3;9Y^*q_QtZMhuy5|0*%xRI3|DpDO+M9@`em6Fg(NQ`g64@RL7@`aX9| zq%Pr($|3K;O#f8B&F|Dz{O7*A8lC{`IyC?5``VV?<7l7wiPjE5;i33KB3Y>RSlDFp z{;7V(>Z5iXT;AF>k6Awm!n1UG`;>k7Zb?`l9I5rHPbwlZk{dI;%7RYDOY(;!i^v_vtBqS9E!O<-N3;9|Di{OIWYa&Q|7Yrr%WmN?HPOKlYG9{98{wA4@(30eb{nbhp*OlgAWDl`keSk z;sMI^lQ+*zE4=+9Q^<2Mu+klzN>3@@oH}6d-mjL3aF%cTu?1lRjd9i*K2}QH%5>zN zDjCb!Q=x8j7|3W%iC0Mb5cyE_jLt-N?KF;G%3hC?CqAy4e0lMB(XRusK;imukn*&* z)PBsdyIb+1N#s7)fE?jZjCiSmb`MBQ*jYpU=q%Cgt?m%*_$6y;jFl!kKKNl_2>-B> zQE8_~GMM_xczplJ@@-~ z68G5lrmpe=YVV(D>#KNe?^ZzL~ ziQN}{S<@|ZX8MwWLq_JjGz5<|zz=y(a8SN*5IUe7!FASv$oYdk0E^+<2jyomJ-j%&ys_YxlQrSyR4t8Cke4DNk2v?KcSBhqOVA= zBE+vodRf_mE?L}Hg*epB$PowPf%YY;0)+|bZgUtDA+sJ#Y-~IyhyME^k zn%1-4z)JE^e?IBH5c-_O=p36QKP-g4@V|n*yOX-}Z9fasX;&^8P5JkhRl}Rg-fUR{ zTu9gYc)h*vllz9%t|jQF;DZ-55xVpCMBBbX%EpJiZJ*B2@%`V_z7ecx3ZqA3CN+;b zLrto`ua$XbRq1R-(#$24oHCJ6V{jdz#7?Kc@)$Vk$H6J(=P#(R{ zwBb^xu6MCNdUerF)c1WC=Mvyt1RVln9iIcv@y_C00-VE^#^PMH@}I8zkOJCI1NOoZ zY!}g&PCaY8o{3x8IM&yZSDB|jw(>Z9S^oW9_(aJUJh^S8;Xf#1;v*w9;JM{tx6bb3 zVO{*$h1c_v;mW{M=_;UuV(~4?C~(Woi@g(Fzv2@I_M$PD4;}n7b#(Kvli=3P!@R35 zTxjt#PxKC){eLSQ?Oki=??bI@623(HJ0#C~Lx1b|vwve^gCDIy#|zxOKFWdjnL64P zA*?0z5{}Qn`2k?jRD=uxj$~wHaJ*|AghP4YsJT0C?{4vVyOF8m0lMl=%GUijY zX8~>WuI<|=6^~pKn0!_5al#pJt$=;w3@&-Ia4AT-4|%fBy&>9^rQ=FY^DkJjz-{8ME{~_lSq$m<z45q?dp~Ft?J_YGl8Y_MfqLh=jKs)k`uOo8(IS?f2{SA1)(H7 z7+I$}b@Bb02g;JR9UG-rtXhSg*6XLIY9IAiB#vCsP}}aWsC|g%S@>tY<$8N2%%&%K zuIE{Mf9bS*D`m==mbg2rc?^FEj&8@^9m6~n|4L1MeE5X?_`QYb4F?5kHy<^%uXFaX z{a8coqemNS8+m@{Xk)zB6}Fz*SLJ8TpF9$N<5Vd2zL zkDTi9OW!Csh4xz74YtOYcc{F8yixzqO4}hYNo7a%4(*pX3A=&tY*q; z{vRwWi7cS<)aUs0>n*;U|NHlUA#e%^q(6LjRQ{BxCu#DI@;jbXo_sE>bVH&hskle~ z@E0*Aw_k2QzPl)Yjv4x4(wGn1`SHrjPk%{%`c7%i$Ij>H6bv51cVEt*V!Ww#V^ST? z>xA<0m*l7KQvCFAf$YM!Q&YxDj3FXc-*_5OQzb+&t5^#=AVO;T@*@!RrV|4aGu|H^#x z=oJ0H^;#zfy0iXBKCLFjrrue zH()AkzSFz&b-~Z(bIK#%r8Xbh8A`BOY$W17ByWCjLPX`IKYVW>zl+kH4@@I0Bdkk* z_|BEYuS<8Xo=7-@w5OftRR`VY-RY0=Poz6nweb8E-XA5L$a9EL<$W#P`QXQdb%f6o z&P{*R|1j~n#1|3<)18m{(w#rvN!Y+|F~3LBo$GjB$NP1!raOO<&yROM=}32OdXXRT zO~vWXpFYWte2)=-EXr>dzxH(J;{kq@`*?`oJbuU1o$G1S`c?e)q&xqug5NZLF@7uf zQQyDq;I}*7xxw(`yA6D|;Zc6n`9y>t`JULw?|8cNXBGVB^Lvcn!F1=(3;5OYyO-Yv ze($C`pDf`wmmkkhzRK@ty7MXWJw;hhk^WRGza9KY{{`*;#SDJb_Y1!LCExy%=PgNo zQGUGNyqh0+*A=EapQi53ynFO%ex(1B_%EsFmxp*)%I{u&FQz-6@$sXr&+z`4=hL0P z;`vv6zit}87GOs?KV6pY+!!N$M>@4&Jil6g)A-Hc7vncySfjs``#0Cbwr$%MGjn;4 zh4N8g#B3Ofg;J?q`5`^0V%kCoR#XJRz4Y79J%`VHQ!(@M%V$=Y^m8jWZCd$U`t&}h z$9L@5(NHmS=FEy>{Of%CY{_ux8&pGEDGj2L1ReU$5wl+34+I(b7+x)?x3G&A?&B{yV z5t!1tR9&fZx3{;8p%%|f&nzb716r$w+w8>bpL#9b)EM8Z)cVpzOml{J^m`p5Wv8&o401pZJ0arEz?<7S9df0 z+4er@L;2g@`s2Re64GA&Vz$0I%CpbEjrCXk`mSOo4W<6Z#_MdkHaq!k2)qb)?Mlrh zoJ-TUF>at4^{2Mo8@!nMDj1g1(hAeA4)^w&3fh&IR{=iHWhK(}m*%be(2y5nTs!LM z{>(k3#kRFmUjeB*NY`_!Jx06gj;g)Je0#@^Sl-c&y1Cz;Nqd7PWZT)>^zPl8wsh19 z0B_k;wab`yQ@eKUBHTmyLJ;*>=*)9W1={k4@ceD3{KocJ@8hPl^mu9MWd-D;8MYmK zM*l%b+kZj@)cw zKiU@zhUU)btOK7J5-JD=kM7v<`L=)G_P_g|6RZgCo=5#of8ZImed@pJ3A*J2FAbRB zCd@SzbLWl|9fjsn8N(;eQ(8Yx5QRh)m{jlH#?-$xxABshJ5DG3&Sl?ty|?mNhDqYg zOUT8)Gj|ws?n39k$v<)a`(JyV{{ULo-%%So8dP{0e}Cj>E3#oG{g1tsp7~QV{%9Zm z*gHjLMHK>p;8A_dpHpryIFz`m5L?t=S`YjUi{u}b&7@~Kss z_GbE}cBkDx*)?({hR8&-~sHmur;2UTD-*fMs-AM@5{{Fw8@$>(?o5|dJ z?z!ijd+xdCK6mD1(fncm80^y*<)rT7e6$m|XWY5l#=ZZEClVj=Apr=9v;>2sw#@Ai zQGA5*aHq(T@OFE`RfEE$E5zGD5axnwZU z$rXYwTQBmRvO~~2C>7hV(a=6Azej5u#oba#KKO*tP2Zg(ntj0rjcyHj<- zI8|`iT_|I#-EsCZyE9`b@Xoh8Vv7;pNO=+74cMi)Znit(3A(@tlduEr zLlIt)ZFhQvY#l2wZ}FTh;45!I7%Ry{bLC#p`;`c{KLr``Mfe;K;15ukJ_x_e?;YoW z*I^%s@VO0kXCF!b+=p9&zC=qb0-2(|Kp@oCoQSk3Y2dWrs<1EC9HFezAM#+2|G>|J zZjQD)R^RMKpb7*W_0|XWd|tLYjb@EV8|;QTVI1wDw6RXyefNm8dN<4o>mqF#_+9J3 zockJ)CJN*Lu(LR zqm9gwWV+nGhAhjwWRMXlOM6dgQkF}4N?QXUWVx-Uw67sck98|$`TPHn=JT*C^hf8f zbLW>d-*&^Cuq@wOPTYMLc9y}H@!W6<3p>-M3Vs(HaHk79%b?}EgFeE}w8IZd0H6;p z__KjMrIFzv4J-c#f3S2%Y1GXh^ucl+rJZq50sw17T8z^0_Jteh?tH$w{xX9p+>SN7 zoUqV!CPp;kV|QG*(FqG(YZp0j_g(0^Z=(aVJ1(kl!cy0_I&t@1=vw=Y8|H-9Ab_&p z=fvIjuP$HTpE~%EH8>Rq4d#NBt%HuYvV%n1uWsQ1|C2tTM_?cmxSmn599@Pqn~owz$q_(A=yp3=UC z&K`8~x$jbEPrG4GSk$}TWBnZkBkE z!%jaq#c9)rb@3|>o~YZyE_34U``3`=b~nBgma;tL#NGEbh+w?^jvMBLznWhkGMj@w zf?uCw4oUz()L);%p3)eA7za=7DQ%5N`>*|3)E_GIHB}Uqm6nz%-6Q_6FCH%{Eh{an zYy$lg_8TNR$*_vwJ688tM>OA}boa-ZgSpd)UFql%MI$Rla@MYJH_p(@jfYJE-?g~p zxP5gO8^`#)h4{JYJNysDTb8@jU2Yzc+{(eE#L(AZChG2bIAh9~Bi5S#+M0_I4@2$CI6XUd9-<9#L|= z0rbeeU3k+g3E}J3U(MusMdf8>BPvL--o{uc(CpIqh^`tRSz1BHW*nsq<~%wx^X<+| ztUX<@wW|y>_*mSynySJnQ|1`pz1kDr*Ok?=1NZ^A9gM6LO+YcOHUz)U%*l`od$en) z|KoOmJ8WTA6(M|GejK+mllR>ec0R(kGnYDX=Pt$qnONKC`k~5!JlAxEI&-1SUv!6y z{y+2n?r_ofXTH!KeyBD@c;IVw$CvVd*c~q9@7u3CT*%)yr#qYo+ns$!b%+0FdHU9N z#~1SSo!1>M<>5ZlohIcu#|@*f=y&^a-|J5M3VCjI<5F14v#C2=%5zYCk<~#Do4ez) zL%_d6o`dFHQl2Ne)0gr*-W~oG^k46eFX=lzCzUMeccuU`@So{tk@MwEjjInu z$KMi*7Db}LHg7cK2PGpLKD6_Q6YS2c5+aOo^kNqS5|e+7Y_x2FS3!V7;r(~*KWmJj zp8hZDJL{maJ0qT*S&eB-5n3bQE4sr)`^mbZJN!_3Aw1B(u{*xh?=QQIxqpE~;pi>gAjMkO26^am~SX%s0)S_>lnk(73k-m!}tH zXaav~Ylros4Aj3;pNwA*ee)mirB5?1nltwK<|Rnk1C1vZ;yR%hWuSE(nwO;Z;lD{) zz?VMMMLnHc>C&fM%&&fUEfb@A`lahSK$&9+Y9wL$9rwe_Qkq z9ZoWhwtPN8h|a(+`ptZ^#T69x<1*PWq0$29=vq9Vc&&&M+2w_+G8EtJKV(> zhIm7U(rsoSU&$a|*7LVH(YpD z%?|ObldE>&j^~$OwN8}%rfQ*!n@~4+FVMapREp=U-?%dv_xqJewX^Gsf^qs$6Vk5} z&s)EJv&efpo=HM_yq(gJ_cjmWc)t8?cosH2L;kkCh~pXY8}JdhY)_-09f^ zsE-YJB_8Sdus)f6vkvcfME@g=qmDi%n_i}M{0a0bu2Wb}Zb9MDVMQgSW#z*wMvNTg zR7mxNiIZw3PnlY~VBwj|nnTN5JKK|s>&p!X+z?YT{ zHJpO$|IF^~&ZF-Ub@stBQD^V9i#mG`ZIJ5h-KRvIy@Ti6Q=PrLK-AgWyO8%^_P%|1 zW;@m0TX;qe)!kdD`=g)7oj>CR_d(S2&|~2|{OR2YcKgt?#QxK#4?ouXpD?~l`?hMJ zuabq|gY&_MFo47Gi0n+9o6k}X$NScfQ2HxJVn}e5ah0}8U(yCQyQzA+f&y|SbIY0>|iKl(6 zRN9qQ$~np+WwEjZzoK5MEc+kjKNs(oIS+68xIkH>T&P^6T&%2BE>SL3E>qSimn&B& zS1Rk3tCXviYm{r1>y+!2?q<)_L< z>j ze^u^R9#9@s9#a0MJgod(c}w|+vQ>Fh`KR(P>{MP?{;j;B>{8xD{l#i89kpDB~bL9)=0A7D+DL4QHrA_>Rff6I$vF&o}n&O7paTYCF+^#QgxZ?QyW#k8c>63GrlcqNIgqk zu7=fCwM~tvQT1#!rpDETnp9V)E7f*&m3oePuDV)1Pd#6~KwXnDN4*%|OVmp;8q{^_ zx{P@l^VRkEUZuX0aYn`>^?LRCjAa>q^~Q`)MvM9be1E9^C?k>)Q*X^ksvFeX)t}<~ zGkkxpZc;a8T&(^|{k3|hdS}Ku^)7XD#uXV?s(0gik9tqW_3C~2{z?6_`WJlvs@|_Y zpgyQRr2b8Pgnu7Z>H8S}KCV8YKB+#XKCM2ZKC5n1pHrV#Ur@KJFRCx8FRMG$SJYS4 z*VLWr>*~MNH`F)reM@~?-L1Z(zN@~c?or=YKTtnZ_o|)zyI=iC{aF1({Z#!-{apP* zJ)nN6TB@z#1iF@?X_`mVwZpVNTBg=l%hC?l`e{dK{k0=CLpw@4T02I|)&^+DYR72< zwd1uDv=g;K+DY2U+9?{-Of5&t)$+7_ZLl^(E6@tHq1rI5Nb_pNT8UPwm1*VLaIHcc zp^el=X_eY&ZH#uRR;7*A#%bfVYHflxQJbXIXp^-m+ElGptJ6-?rfJi)8QM&3mR7Hw zuFclwXbsw2ZJst?TcDkxEz}lii?t=%nc7lqndZ|PHNO_nf?AW-thHz%?JRA%7S>v| zHZ7t>wX?OD7S|G5Qd^;|)Y`RG+Bw>}+G_1Q?R@P5ZH;!Jc9C|mwpP1DyHvYOTc=&F zU7=m6t=F#7uGX&6uGN04{Z9M6cDMEi?H=uq+P&I++Ml#PYg@FxXn)o2*B;Ow)PAD< zO?z1TyY`6o4{fXVsP-%E*V-N0o!W1-yR^+;BmYC)^8Zu&m-d+Uxb}qhr1q5dwDyel zthP;iPJ3Q^LEEmqsJ*1UtnJWV(O%VF({^gFYj5EDCcbau`wqVE;rl+mAL6@L+oyGC zo!WlwBkg1D6YW#&GwpNj3+;gRrDkbZAM>c5*&fZ);F;^0=jr2F;5oyy(6h+X&vS&Q zzh|kZ)Klgu_YC(`ct&_edPaFFJ;!^-cuw_HdB%FidB%IHJrg_=J(D~&p2?mmo~fQ% zPo3v9&os|;&kWB@&#WHukN&Un*LzNfd~>9H^HcII_AK$73Hf~Z`tc3o+l+4r-{ttW z;v2#DY<%PRCh=Y2S?O7Y@45J%hwlaWUWo5So{K$eJ(qYc^<3sz=egW-h387ode2p! zt3B6vuEY0x_}+-`_woG!zCXhE$N1ic@9p^h6yKlW`wM)3iSMuRy%XQN@ck{mzsL6v z`2G>!`|$lUzJI~@etaMBJm`7I^Dw@D_dMd+itnSIe|jFn_i@h?o+mv|d7kz><9XJz z&GVe+dCv=;?VcAsFL_?}?C`wedDZipXQ$_N&%Zrycy@W-^t|PH+q2vAj^|y^d!9X> z_dOqYKJ@JM?DKSZIz9V6A9+6ZeB$}k^O@&!&ljEpo-aL?$JP~H)iZQW_vpHQnBGUv z)cfjL`r&#%{Rq9kexz>bN9jlF$LQJm0R33~IDMdgyncdyqCQAJNk3UXMQ6IH=jge5 zo}RA{)`#c?dZ9j4AEp=SUcFc^(Mxro-l+TafF9JF^k%(959w#=%k{9{s<-J8J*uCr z$Mm?K(3AQKeWl*6uhP%a&(&A!=jrF`7wBvB3-ycii}khoCHkfMe0_m_hQ3f=q%YQ& z=x6Fn^=1F7^e@xb>6hzQ=vV6N^{e!&^=tHN_3QNO_3!C7=r`&&>EG9H)_m;u|DFDO{cima z`aSv|^?UXE^gro;*0<|v-&puIsJM41%12zqW+Tpvc5xqMSoR)P2Z`%uK!zqL*J#pslTPat?$;~ z(cjhI)A#7_>mTSJ>U;HldWYVr@7F)lKh{6dKh;0eKi9v|59nX&mTuz>q^gl&Xokno zjl+ySMyAo%$TAK$`WZ(U{f#3H!#K(~+Bn9@HU=2S8pjy}jpL0Ij1!GP#!1G>#wi9f zOe4q0HS&ynW3VyAC@>0*p~f(y$nYA)Mu|~slo{p5aHGN)VT?3J;SHywjWNclMwKzv z7-x((s*MT8L}QXsV@x)t7*mZ}qs}B3Zjd{j=V}Wso zvCvp#EH;)HXBtb5WrojaH2g-u2pUaBv(aLNjI)g8M%ZXI+Kh-1HO@9-M%+jkNn?ev z(r7nU8Rr=18mo=-jPs2Pj5WrE#zn@(##-YN<5J@?W1VriafNZEvEH}}&xyXqxYoGN zxZe1laf5NAag*_V<7VRr#t)4j8MhceHf}X;GoCV@Hl8t_HMSYg8P6Lp7~72(jhBp< zjUC1-#;e9_#!lmPg$=0*0*wySBb}hS(UC+M9ZeTaEo7nf+&Fly4hwMk}7WQLyE4z(tV7IfMu%EJx z>}Txf>=$ek`z8Ao`!&0R-N}B#?qZwSZ`tqI@7dk#59}WHM|Ll}kNt`LnQdWzVSi=! zvj^CN>>>6y_AvW9dxZUiZDo(Lf3knE$JpcS3HBs=iapJqVb8K{>^b&4dx33dFS3`| z%WMaGg}usNV>{XF?BDDSwu`;V-ePaF-RvFqE_;vdVehjK*oSN{+s8UsC)>|HVjr_l z*r)6>_Bs249bjKFi`k}Ps%D0%nI2O&4>S9inPy)z%RJodXC7hpH;*(8^CCFZ5(W#&5ba`OuFN^`w=m3g&!jd`tkoq4_a zJ@W?hM)M}~`{vE&56mB$KQeDIe{9}r-eztvZ#REp{?y!P{>=Qj`3rNC`AhRx=C92= z%sb8Bn0J|*&EJ~8GksfcnAOM1wE9|E*5Ot^>j*R-rZ28fFz)UaQzDu}ZBntK1rH zRahgek=7`y(i&}zu}-zBtg+TOYrIu$O|T|fldKwRvNgq;YSmhG)@jx>Yq~YVnrY3l z>aEkQ+14DZ!J2E$v*ue1tTU{I)*@@MwZuBpT52t`d{(37w*pqsYOYU@1feCq;hjdh`Qk#(`P*1E*H)Vj=C zXI*YxVO?phx303Twyv?RwXU8?B#NKev8iZL)r8{mS~ab%%AQ^&9IhYqRxR>vz`gt-Gy1Soc_ewC=U;v;JiL z+1g_L#rmstzx9Cip!JaTH|t^R@75#MKdi0Rqt-vIe_4-Nk6TYzPg+k|Pg~De&sy88 z=d9&HEXB!y7h1C4QrS6ruCNfwzb=O$9mU#&)Q?XZ+&2W zXzjK3SshlVwcq;4`q=u!`qcW&`rP`$I$(WiSy;!#5`djyV=W%l_DS~1_9-^AC)gA1Np_7r*`8ug zwQKD<`!su+J>8yR&$MUR_4euZY~rjM?bY^q_WAY&_8R*_`y%^dd#!zmeW`t!z0SVezQVrJUT|5*~+qc@c*&FQJ?Vs2`wKv*7vwv>?!ro;6(*BkGYx@rS zPWw0ZUG`@CxAyPs-`jWFf3WYd|7hQ9-)H~H{^f6jj1e!<>uzi7W?zijWYU$I}cU&C8W zU$_5lzhUpP-?ZPd-?n$#@7V9!@7a6o_w5ht5AD77KCBIQ+WYN~?2qkF>`(2_?9c5l z>;v|fw#9#&@qfIAeeBtM4ZGt6?9brcw;jjRGtj5l9mnCh<5!|uq&z5~{<(?R_twbm;u3q ztrk2O_Kb+fDK&z}DVu=%E4yRRV|=~5-eU*tlo{rMHMOjK0i?Wo8eVUGv3Q>lV^`Z>kYN02uN9d_&2MKI<6y1^O zdcfBNh>4RhzsUvLIJ&s$03`5OJ$O=@llowYpN+D5xd@kDaP z%Jx;~DD}R!kbexzk7p@UdeTrdaUoBp9z!{2V_Wk0smM@Wx$7s(2zsv3SCl2r98)3f{OX z5sWJ%E4+=N1Qj|IZ*j^R_pJy9ywO+$?`CTC@| zD`F@`@EnMnr9_&Rf^jU7jIvlTk&Lwk17?WgB zW$gc(PnI$Z#hO?*YYrdL9YXE0nONoP&^V- z!lAZgd(rY0tx7QJi^hu5N#4@pa;3%Z3y0BW(LR!XGRC;loD9YjRJdvLW-uO+Al~Xr zBHXUyN`8Dy(c;Bp5{>O4h>vhI>R(Jn54AN#iWBV#4$aS>IBQk|SBcZEO8hO6I4n2R z7ELA`U|u|!2)3Vrrt&|=4u_R!*q3OE#9F!Pep|WktmAYeWfS(Ajt;Hxdhg zm>Z}xhMLii6A8Q@a22%M7D@YPDiMn9gEP%inB#lLU`2~@m&=$x7!FhC%VFe&83YQ1 zd~LxvoH4L42mluPCU_C*v4yoTbU5fzxl(~9v08%uzpjBE4O)wS?;>GqY90WWE z=!+*Lh=4$Jx)o)TB*H>%E1){qI%O(^U(1TdLak8ZiXdAFHN=_U*G39#45Eu{Og1+M zA%51JL@)~X#?b4b09A1qOmJLD6>K3G8^`8GSq(YQ2E0%)$Y%3OWK-xRi&;wRDwt@v zNvTOGjq%(pg08nI99cPrkv?0{5XX{CJQgOAcoe)zH%!S|#HR3}0vamfOE?6K6OnY( zjZiSR%}2dH(wieJ87*Qhp#(!qXpKgweHIc4EILkZjV4yHLZ;+LC8OD609F9PP#}r& z2`7k}LRdlN_*;}9l$fOU6pDNOP02Pt1=&?xtk98hN{o1!$-6!p7_&o?1yGgKW<;B4UE@b0|{m>=Su@*PiC(aYmR_eaj1Mgu~8KG-fHm>0vuP&A>S z({)h83HZhs#;F*AQCAw|{d!Z9S2if{ik2q8`&=?NjIX(i7sCbK3rk3dN9MMLTBG40 zd1N#S*%44{C|HyqSi-zsj3fg~3bT}nvB>gZ8=E|R3M2U#+IJ8hXd=SA>yxvPd1Ce; zd{JF1Is`^yin!hJ(fK4u#P4dk`N<-dpA?h?RkXJVgYV2zFfNC|V?>?i$w)`M#Ujrn zU)zub9G)-01tSL#jA3pRNumcOQ3ZrLmq=3+44V7anGhfA_K=*nZo&(Zq+RIA`Gcg8 zrEm-dUWiINhKq=PdKK%62ffXhuwW@h5H*u$&w<*Y$%x;djG~W#CUe8>Uiycj`5e&= z(rDWSXMspCPGxF>qoIMY?0ve3Myf|u@oqFrf%sGjicmJDY|_)`=ayE$eNTtDq`-Xl z2tTeA7o!K0G)M+tAP^gqpW6<`;UEv7+v9g`nV^6i%&l;z;AtXRFt#ANLy7A|m?IOX z5Lqr{A{QJ^GCq%kmxSGfnpUwX6Y8cI3Xi1hxYG33@rW(SU$Jt*8gye!gDg z1oqcNGJ2<2M=$tmMkV7$lXc7Tc%r4|Hes`cL!5bRoon~{}OfRQ7L>LwnF{MV$56T$X` zQjDp9PbqGU$CY+Jyvo@5)dh;m+ADxg{8CZb`VZ2e6XSLhB=FKNw32b~J49ibj_P`Xk{;4BdD* zn1Ia)I9yLtW2Ltd3^gh;kx8Y|XEytx?f#4%TqgN``w6={m<72ORVwmWSJ>u2^Cr)Fa<@>tvl z+8ui@4r27Dpa-P!5$t&_z?gyYh`B}Y*ujX^$0CKH9SMSsz@ z0<9a%j8Zdl%9W*za(xtzgkncx80_=)In24mf&)*I2vh~BbU~P}{$h%i;35~Xb9~V# z^+i!|MQ4na1gzuAF|%;I)aTRMO_MJf#+q&PYgdq~Av&4dn&6($v6B3FC_kRxUL^l8 zA;U1J6`+HF?QT#w+^*!(I0VyKFQ5G?xir|5;Vv@}8Zqa`OYpLF&V<6KQ@N^*C9oJ) zz-dlQ%VFqDh#<`w_!1y*39)1p|#*@(~W~#uBCmThZ#WH$Z08SPB(=ZZ-FRF7d%m@3q zDQRReA#11^%f;vmxF&*eA+?MujY%vUQXj7H|5$^khE2us(lSk#7$ET6)DI`I2pVYh zDY>o)U!->w?S>O82~S3SUMd)Ia^CU8*)W{hp$>{$6P%MjgbE=HZxRbN z&Y*{fkw%5ai?SO+l$Lu@Kh`ug~gAX1SB%&@z&!yGApIHpGgL8)eRP2HCXGThPl?6)^++y6Y z1fNp!;j;^KN=;3j8*4(t40p6{PR&erd_Gp3ri7wyP<`E`8BV_|v zI)MsLb>#*RujvWOiS&TYhiHza`H}$)FQwVZxl0VAjBqg862Y8NrU-q(5o1>j3wsWD z_Jl6wZG!v4urF;DWYT;kvN0A4zzSlj>5jnR6%3o#SBnvFAjl zCNt5B+e#E(M&lSdi4hGtE;2nZBw@tfMtzZr&|{7s-W)72rgO90)pAZsD$S zOs%h*=q^{h75yY5+2EI9NnH(F>P!?q5e+As-FbNi;dvPrtU^&3n=h<58*FaW0QQ6u zeBrk>l8kq;(KxMJ1~CLrE4vw^b1uIN#+mV55U0w}LctX005RaB4wwd)=zT;vx&uSQ zD@W3B0t@c6(G#lZ62+K55lUjvkV5cUC$iYl&i?ecq7J*jUeO4fRgq-T#0jLOzfJuj+@6s z+Qx99)z#0aW4wRjD^GJK&z^+MN*BVU2{XG%Q8&A$ix@!0DmH4UZnit)>?!V8V>lVa z3KGqg()HLF!|;g=)(zwpNy@=UyNlyZd)J0}?hI+TXyPsg>7*4A?4|Uai>8k56n|`0 zG(r2+(H2-w55B1@0!#ywEnldOmh0SfM0@E%%q3b)ecddE?bIaZ_-GuMEuasCd4NKa zD8`kpO)b8v4Xch3?5RsD<~^q1nQEOhNtyw$b)?sS;EL&oCeOxht(X3T0R!meOh=}5lA z!)j@xhFrx&?jkYMpAkWqguNy<8>a)>lsR)}&M%7lV9;DJ>DFo{&nqe~D;rTE(?hL| zJ_Q>Xab-b64-TwsWW@-qLLcPV%0`Yj1bpNn;Ml?Jkxu0y;G=tlH-@}off%lbs>TNw z7)Dbi|D{ZxRF8uJ?cJbtlP6DRW#yG!I?6OqI$g)T(UyFxQtQKJ788Z<3ZY_mg;0UJ zLa3+$QdvG?G(%S{Ixq^*7-s?nD$9qDVl^|m7z6L-y1_uALT<=0>P2IMmh1=w#1VdW z!z8zDQK#7rG=o^vzj9@6EsSUGoG$&-tR7&Kdw}uA*ex$br82o2oHL_tlFJuzSgNy1 z`$!Jw%LugV#FrRcxh6E6q2Pi^HwRIN{J2UHnviljc3v3;XujTgcm&rfyW`T`cE>yT zZT8`pI@>_b0)?1(w*=d1qb0p=fo7W@z`+zOo6ul(Ic+!baW}0zx$x%BoHldT{FyWf zLkssJPbx&SGOWS#-7DVwdAp6GxubI6G{jIEEsQ2gSX#$GRB4Uy{DDTgIZ9C`EILt{ zh-(tA8eHd(pnoIj-*Eh^opquz1=soIh}0u+ID9sFXjKs z_V_b$tOhNQ!GfuM-EDEV=|GTlNWTBM}TlLV0bwl>i|9)pE87X zgV1tQI+^wWsgx^1KCeF+@KHFHz!C+fwzOK|ZEePS6@{?S$b}%AR){(e08cCt+2EP*ab@FP<9Zc{2<8iE|8QqN?>hXn%m(&_w%9&LBA`M1}Q6w31MJnIBJ6b5RU$H zpX@w>qFf=Fm(mK}7}kirB5a)%@f{C_QwE4&nnyb|yl7Yj54JW219X@J%SXeM$#ldH z^IW;i)fC6l5I^aFHbJZEwB_34id=In+1M2CvX19kMG>i9z78jMSJ9D?oi)Yz6k9ZV zT03<17HFA|3W55eNd;DGF{-0AMgis9VAwPcw$p+f1_55D8Nq#53r0Arr{0AE;Gp;Ku$S{(W6|cNu^T)-&5=%FP*iK z8B-?&9l9Le7GW!B*%~M1Fq#tUvkHJXBp1ZeBF-)b>HJJ8b87#VC$7Tw2bK#c17FF* z*%N1>kQORLVk8`JEg+IaeEh~YU|Fg-FbT2Zm?lB1LD;W=6xf2qLJXagpv4&<%mT+$ zxYW+!C2|KY?tGZ)F4HRj~XXJw_R5iBCp;YRTfYwqRPnsoj#W$|J>WdciH4D*}Wvu2P> zNgXg12X^H)7&-$|Jq#KrLSVE&&T=oSw!qs655XOF+e+$+MX|)0#>rH{IB+A%1Y?zE zQ>+NcQd;a^O16q~Vp!+ISTN2P>3KhdNs_SdgOObt5VrZBQTPEE-XtU*9jaQ29&-#k z6eW%U?S2icgXpB$)k(Vtids3&q94GI4l zNi?|>u3H^clV70^v@8fRhMFAi)V$h)Fl98SCO87z&<{F6QMy!3bA5_^jHNx0;cZM1 zNo7gmxRTV!f5VBg!9UBBQKGYu5-SZYphUztKk7i8rp!~qk;w8m&NeO&qQ#>u@D=Xn zK2sKUK4!#pRE$cCeK|T<<|5^s>JSccCfqGQp-YYt2e^gDYoy~v${c=HPnkk}R*auj zS)eQ~!CwiC;-CV+W#q$Gwsq;Ud4s1G&zw&w!uj#VbcC)zoct1M#WJz0e@D~BB9+s8 zi3(`A(s9Ul^vIE=PV?rcQ*bInnN&j_qsyUl;WWpvT5RyLIU%%1pX>y1ETpCs3)1s_ zF*-CqhMk6UX*lJA@s1CtljGu$eUM?D3$+5b+zfq-qjTvaF~jMcO`_Z_9L1$%u^{gp z>TwVZw6U<^Y&W3-#UVX7{5VdFH{+BIoxG$qa}cLfYqSOiRi)2B;{fK@rsK|4MF$_o z(R7A>&q43jRh?rmv*17J)H@~OL+N;=qLSgH<1oAfr{B?N4xE7BeZJGccN+Lk1K(-j zI}LoNf&Xu6pn$eB-N_8VG718b!nH_8oFU$)U_1aKogQDB zS%6_{wD3|&uSUFY!7vWsGy$XE0%zec(Z#qEP5}4*apN<2p7&N_>={F#L zR5<|z&y9#5jm5d;GW~AEkHIReL+@e4v&#t}@V6m8pe>Z*zYFnW>8OFszaR1AVv&TD z&-5TZ&6>|opHNN!PT#CR{KRpwi%>SR2H`=maXd`rJ}Fks!;29< znV&cmd0G%Zg~v_On@P`YW%z{*jwJHb#8H>Dm;dX{g_unS3t<{b##LPa!O0H;a6IUeF`j63DrgLpw3#=MCjPd|WoArAV;^qhW(55+39 z6CZ^5urS85O$ox!q2FN_#nSOA#J%Ij`5gS|h!`uUm?1naEW%Xw@nd=3+)9M2 z$B8i2|AZn&g)Z{0MZ6&tS?R<#AU+pAigV(d5uXQqQ{q2>_a}i?L5e+c?Q)UiSQffGx?x;&M0{2nrqL zlO3FyCr?Sz0){Aeel_4r3wUO-=llhTFB5V6ims{fO2i4?f;&#op$YPO$X|oF2bY3L zElwxnY)j$_!XrI+?ERao=n!6%v8N)@qTE;bR8P8u&ae8ihsYqWY z)1BX}N&6feb>KM5hMx|E9XQmCcK~*>JlwNTo^5EK{SeQ_Zk%jCgEzQv3^z{1kJVhR z*TE0Fa5CLEa#h;lw;OnPMnnE)(!9{=5Yho;7=q_D=ioUPEL;4Rk?M5_$>pJR+Cjpy zfTS~|8Zh1N#B6jeff)?PbWd zln)n2c`T^0mgYXfs?SaA-f2M3%|K&<)^C>LB}SC zdYTg;#@rLG~f?)__KryeYQ4 zZ57mud_xL^jtd47eK&d0t_q|*r0^OD4;y;T@$pn21yp{L9d(tz3$ktzWgz*v4P5~G zyiQX5$CKU*NJq$5uuYZ|I8^@J+U|0Q`YX(I;ZxZNA9sPj2v04xI}0nNED6YRgJZW# zcsnSh{($5RxYKB7DZ%Zvkn8~Ixd%iU^0>_xiM%(b)2N(Y%@MbzdBsXvf;Ne4VV zkIKQlwxCb_0r5wE;z4((zNsu!@7-ZUhh?|X@98)p(p#al6{10QQiwa388*UcBoN<3 z`Brk-hE}I#BYwn-%ZGgV`(?P4@WTQ>D&_P@IdMNo&TcS=-eACaxQggi@qT#d2FV}w znsW=m3lh%QcIaNo3%W43fFIZSxW-6e71!CYe(7{Bd$qu0*@QAq;81@c^_s$gE?GAA zWP`pi+32u(fs_9LWY~c=Tj21*T5}Q)7g-U!T)7Z<34u2ZdZql779{^dX}5HxL3Kqk z7v4*_Z5WP=wmK9QSwi|LD z5ORn|GSIUl1f3!#aH!tdr?@r=+aY<#2DrcAx-1Aa(L4feqo_vG1@AoA0m)7I2PecO z%29xo{kFnO317B{qFRz6(Hh0!VEp6bW%4^kn?R4hGbWV=rzqvy%G365Zos*KWYp_m z@OsJlXhp=0sWl@y0-xlg87 zt`iRjpZKJB)PP(II- z)rz|CJ|*&yZoMtM9Ox!QTCqo@aayeBdNPqu)Jp;Xxw4o`+MUHr=FKkfHRDiT3NC#g z+8&PAg~BPgw0FQ)wxCx@!BLIe2D1zBb0r*>DO|_(TD;K(7e?gV?~u*OCuFC5u+I`hlc>TzOKL@4>Oaf|B9VvM6X+jGKj}QY>bXp%E!||=L5?@}wC>NEDx5-*6moO9Z8>P}ua=s6^ z^1EbB+dY1ryCN7TA6>c=yghd3aO@KcGocj?QD0>PgVkBT&Wj})8Xr@B z*-qT~NgoXPQ#wSLXgc{FebN||_a#JUmnb*S+aU6mRXTOemwb4=l^412TDs#U+lV6R zxV%B&k*zxy+bwJre5o!3z13-Y<;d6F-rPEIv<$O(Vq-^UXv%pQ3 zmq=ZYyjIFbX(CSv+2+VQTyW^0#=p*5?ntQvG1iZd3pliPiag|}Nw2v)UqCE|$~pYV zPbFQXbKTd1@7+W{fJIcHmr;Wbro(-V$L<`(2shd4tiO(`7Pw}r{^G4A_FJaUX4;DB*B^zYm;M^4MJE-f?hAsfs=TXJY~-qf}> z3E0s6f(O+%=ZpTyu_1Qaf!%Arj zl_)QtLu6A{q2o#^FXbJHK8o}p@&ZNHXXQpwrb@^xc$e_Ga^+SRobwB>#JQ7@vrbdF zGp!4jhtuGAzaF3eqAV0wNSE~@?4)5X+vuh-8fe_^+hv~aG&0jPz(BT}a90{Ng2rgr z4e4}rE$#!w9c^soS$O0I*~w_9?npL=7KMpNwaClmmT9!+0(rx!{Em-Ao>X}#Kb6y! z-$@hs8`JssN;&TauL8(JcanEM=hN5}4)MNyOsT-*<5x#MsYgd{?jI;k%1X4*@2^bJ zSkR3|4|UqYT+EQr&nU?LO`F+ErO`p0(q@7xdv@Kk}=`>lcQ>Qy=;dI))GGB|6 z)|O7&CezkBX?|bXu(jOBpDOFtSvP~-q|&PTiF~w1BV-Au(+WfyFCUk)EuB^))2Mtr zP3{~>A6vC7ojzixz@d39`7P1E;P-T~VcdsQtr56YNW+)_V-*RP{=X`~;lPgz{D%cT z=}+KG_znq&4g_43zlwa6hRahmmim>kvdp;+@H@K*cbtGrpP#$TftLz+g`ms*DB3T} zF0C3X>vHV$blO-Z(m0QnG@R&B9%pPZc1=2sd@#~@zd2UcJ?8`22%h3|cRJ5lv`h3q zX&IgpX}R#RqCClTzCALn-ASVp!ouf_%M@w6uh@jX5r(Gn*4-Oyd8~NPAgMJb=NxDkSH^_FkqYQMX`N2jJXW4n&hQ@oOECT`G zWOq`%bGpEw%Yz4JB!3cD*#POD zegWWb;rf`6DQFH}4}CS@S}pDqV29jZ33iL!NpaG%Gv{*RWJ7e(e1!CdbxV3kp`a~& z2(26N`mGjpINi-6Ul%&4OD+RsA^SuSOd4nNYi>3PgvJjgU5@X7xHKR=s}N>c_X6}p)y>z?e9Y<|K{QQnE*$?a<$WXOh0 zTX8{74g)T=Q{J8=%-n*!pUU)X@iPcKJA@0te}eNp@F#wGxXU>n@!&oo58`5+K=e3G z(!IR+`U~Vrt-rJgIVs;@;Lx0s#?j<|xUO+`^hbAUSMGTjm66v2<%PTy9}781euAgg zZq|vsypFf0Y0^FmcIQ&{F!2Ua9!{rT$^cuYv2xW~L4V@Sl8=)Pd*bt~_n@=YBF$YM z(k=Ickdc=uDsY_gQX0uibw>I4m=HWk7d#DjN^{p0#{-PhCH@Gz^Eq|P{ST!>FN90^ zXsp_$d1$Jh;$F7gpQx`+8$q<0ECJjs8%<)d~$GC6hMyQ?HJEWD5?A@;mK=>XE`u-BP=A>ei9n$>-EvN_J_F1m`x3 z@;bVvxr>v}(F=rgRvL5gngtJ9|kpmr1 z*#nqd!^51P&VlfU`%r%|6{zH+ddkOnr1Hfh$(SE+4+wA{JGBz|XpE_Z8fpADH7eqs z{<)z>*@sVE1DFTom2s)FS5wJ{0Hz!(=v_*AHz5ugrox9zy;;~Y<|N`LF4EUe-6C)* z!q7eHosVr~9kc8xJ%24hKTPCh+6i39rYdboJiwPH5xkcCKgsNoKuNnck6^emv1adY z5sC7gLT!~y%iw*9%!o=LdJB*Sxoc5xwFQuAo83971>tI0w^A-DV{O8PyI7Qw@Clb} zmh81w!fD*aaYwFbIXzW5X z$sQ<9ZHteOYNZ{+E@?dP*j>tA2LTs(C_m+)D>VkpM4as77L*rsP!IHAH$E5ug0)>RkZ3Vu|74(~30 z6?vtOy!7~NvdPm5gq}_-5_IcsARJ0v%WdqmdqsNfMwAHigUU<$ zmsHL5FwL;GCQ4!HE1BlJ35q4Z*&KAn6x^vd<_PKUfxJ*Yc(Ir<5?9lI8L zbY>IGGe&&Cm zGva~ylix3GV@5#I2Y;@c3G%)WVHE8T@E$?X2yPZc_e}ArI=UiyuIrK)9*)k2Z<9IzKZ!vsUn^ zSRngm*(dv@51%RPmC{8&U*LE4bY?y#^Hw`~`LFzV9nRb>(=xlHalbc9mMdl7(BmxN z@ivO~jkAEX`NiqXVxU9#c-KKvjyq;ecVOWrUpf7DdL8#qvz7r4Tjph5ChpXhxb57G z@?T5!hCX5!c;o^10;ENuyD;i+tFRxjhJhzP(Eg-s)3e$IT`q40@~-RJhs}iSWP46~ zBz^>QuQO2IgZiqw({@B_8oXU0ANfVX=e_`8DHAzjKHixn*BoZ822O*(<86Ku>ZmqN zbJjLV6ZOx1Ez!b7wt;y9`fBd_X|Br8Pu5HQk>4V^-0s#P4E>NExy^%CJ!GXg(II~B zu{_D)<+_}N^}vP;+4ou^BErg%elL$U>J$A_l#4Y`oUakDdpt(^uLPKTaTbFo3fA9K4M zBij`18NM&)ve|g9Gx;v~;@LD#L_7FzX>{@Rkd^PD=Lw(B`z>xWYk6Cny+-gLJD34| zlB}t|j`WDSWt)(jAJaaQ}v+?j& zEJ@)}YTOshp>dN37oH~}z`_?cgoUhB4-HY23G%t}@^@CyS-l2SC)vv2^+-oKxcuNn z_V32WYG|C}-_bL^*e7sg!23gd;!JPD4uQ|hcsOY0A>LoCGtgP779ZZmBm0`U{Uk2r zApUd7UTEA`139VeH_JHM0{KSbNqFWKSDQi}n)jZ%wi`S%jgK*B2nSTTFPU2@czzXq z(jTw4ZuEs-ao!bgQE|@J&6PTG?2gLOrEQ_kxo^)SeF$44+vH^hF2Uw*mi!<$#c3^) z<1om}Brar1;USzlyNEF6bnPblCI|A1q5+bPSYpV7duU|;h{7qmvOm3RU!$5->It_i-K;66XS0grs< ze6kPNBlXEne>=YbIPHKf0Di43J9NUw43uA9)cFY-9^S?b`ho*LWS>-c6o03(E7$Kd4y?eaYM8MlC+hD(Y10@C&u zlI_FBa}Q8C5JWwZ5990BXt(@fv9d2)$OJCQ!t1&(^1;7xxlo3Mu(MRZ0~_HuOwi-u zKCUp@GV#Irp=F3{%b{B5ynohc+I_Bf$N`cSkp4s$VPMK$` z$TN1Wl+lsN3x1Cg@7xQ?FDyJD@bb4wAHEl|4FtSCg~$EVBIt*7MPt!LC@()(vs#Rc zx{T+ubNN2*B3ULHTRP<;xt%dSe1EYs|6jCPmhTQxei|F(D6roIctH*tKP*Cg(HfFF z$#u3!>co+I#3tZD7iqbZxz2Av7wvG#zEkj^@mxx7$VhaZz3Ii70-y8eJPVS=@;AbZ zWk0nLvMz>B7gtfI8umx`XVm=>Syg{T< znTQ_WgII^UUMA}^8+545ThSh1H%@yXA56T7hciE1yd_O*F?jv=w2A{%h9y!jj?PK8 z!5dLFl!;)%Zi`zuZoS~y1sAe*!{xTMMAkoVC(tML6SN;mZNbqcPa7xFsQvRksRlfl zz~ys3(5H4mdjMR|wAO^U7_afx%zfYzX*;~{2M?MfrrPxcgvr+3>kFi7f>9d=ZLaGA zSDw)*dxNYO12~knTa2suJcaU>io9I+n-C`5L2q)DbbC7HPB59IbCS<1dL26$lhl8K zOZe2UOx@-3yHr>B?Nlq?*&1pc&&R`O$~KqMYcX_0yugR+vPi_m8LYg3D4fW;rHr1JzkdZ#95R8cWx> zcnuVMh#%>R>cioAkRCQj8>n{4BFoMDiGHrS%@%aK(>$o&Nhau*=SMvfJ`bafk7AGo za`QYSCuDP{Q@Ke-oWJN|J4^2swzG7LC<~Q4HJ&5gf=m`kza1Kb`s7t9SVt5@Q=ahm!edACSg71fxEY z@^amvpGvi7l$X!XI=^1}=Wb zPVZ#AbdB8^Xcsm}_Q(C#0;I3QTo^QYyhhRnjE`R+V{jW_L^IXq@o+(UKO&w9j2Flk zyW6~DOXR0%FNgS0KTLZ&oCai|I;TCT+yl@#)CJ*i8pIp<2%m7tJ}69c zmYf}8enY==72}>U7ZNT#B7yp4@-4w@h3(KhNc@I!jCif9?8BQ90+;H5F2d)sRS4Q5 z&#Al(H*FBOUDjG553fJm3EpMhfnYZXI^;iDwg~gz+ag}L47^}Bw5H7$tP<;ZS(_f~ zCVzvJ1!WMw)$RInS6Yi|rnMnHw{q5Tx@Zmyo$-1Zh`ND(2u8Z&`T>2c zg~+utF%D>6Bl6R_8RhLL zr$vsP$sSVj*GL|l#NDx7@;`1{CcToLy368}k;A17WNX|nt`oB6f;Ro8T*xFvlD66+ z#|)&`7UHoT7yZUnzVHaYR>mvv3a_I!5R!90>NCif^1WQh$>;KUNWVkMH$duUV2TVL zFbOhp#noxwC&(-v7A;_2}Moqqu>J~s&MK13ZC zh_cXnCfDH+q8_Q9seOg^bgO5qsZrhYwAJZwmv%_cEbxi-kh7=_NxwllPOak?2|w1w zmq@y9TD*QM1;6F}q>QQcsI-1*^NJ~=?5R2GZs2FcU`5Y37iU4kisJHOxF`<#2eD=Be- znYHFMTIC`aX4*8RAx z_A+OevGQY`qP&(u#;i-V(~d7WS6_{%jY;8(0HYf-FF1+{hu_F~9hu`U9H+VWZxy}F zSpCbK2>K=!Y6sc>(K#HPtAj)2Sr!?yEbI9^c&oYvdB7n^`_XedBE zZIG|?{gwcq*Za*H&ofIn_Ikrn&6jPp?++nAwqc_C)k7T|)63x!|mcq(DyV{V9>v$$h~Ro$4E{uf1@ zoPB9LOD`E7$T^0m5#Li1H=9MCLXWq5_sE&VciRE@ZXBL6;r?3Ew-j%o4`s9{-ra^5 zI-$Cuc;CZ=rFpWx@f*WiZ+KCzi{d?Pczs*-Zk*xK*AtbJT~?Imk_(0xIklZ$qw-j8(z#~$M81b+vNL!Ho^d}mv6jXaq^{%mN@>g#(PnGj(_jp+jY@c zHH|wYy?-wV3C@7$zGlLNJmbQK z+(2um-RKkYTt;0S6r8htf*a}JYf4^~cMfuHjfY}$?+5D#$0(^Yv~AM%LCyjTeGBcK z*qK#^m-U|XEH&8j-hH&$k}gu1oGX7{FKwE=P4iV>O058GM=$ZgUtzoMYy__M!a4hD zBXUW^!?xsVQEv{}*ecTmz$Z30z(t*MxLkgcm*JzF`gf3ahjK*Z+<#JWvMr>q z!~QVqqWC>{%a}tM_@BmamM6}j^LD-pI*2%dp8$T86~ARIAp88!08c|aUh_xcf}a7P zBR>P>fYCiSa@!E@+%;z>^HG7bv0m~cbI^Emo|$rzFyzhmz4-QFXEcoC4;qH7K%0{h z-_A#&UwKC-;0Kle8z5idA2_KaOwT$qWk-2BKdmgG-(2_Me3HTxZ~$KO);v;j%p;t5&~Si! zA|IzuwneA5K!jV`d8Z}pVc@$^-utJC7inJp`*$pX8XRz`ee?tD%dnsMy70_P zZ6hCKokt&;ZRicq9esYAV$0!}7+iM7UK>}6@@y{X`GXm}q32v9DSiUqxuQv9?zYzKXNMB9RT&UKpXk1?M4(dKv>su7R8!#u?%vAw#)x-5K1fBK=* znh)#wL(KsW;QW2Io7X$pMEF2kQLeaS^U?78-Pk+F^odLOLs{^*;CU6smc;C0m~~?j z*J`t&J{|gIxTzeM5^Gr;sz$ab3)03pVaoEMGvuMIH|5pupo~2nI;*g5oPzd|z6{e! z8$E^h9{p`NaK$n%bG3Hu(6pxaax_^BFL~x!%#gPA;iS=qa&Y4$hh_+eBUpQfMK2$2 z4(Nw2k`DR~nm>yaYwzM9kjeB`+1N8QJ|9V(`*-+yExkU>)0YT_YpzWuB!%ARH5 z+v`cwS2-)7PGtSaMa9Rxk=%dpWwabPc46(#dA#@7eESvrJ`1`bw{UG7>!$cJs4r3; z9H(pTmUB}cHQV9VK=^g}&^O{{T8?EgZ#TBGFuqQiQ+gDx1?vcDqo2Y$Lc4I=WWfJs zgpDbkGKaanh?~5y+?l7-&zOuLZ^8&|{eVrhf*D*HY4zq&lNa;!eiHC`*)La}_cBM> z5I=1rbf&)#r-VH*RG1ywqkIsL@Lh*^{FeR*-rj!&pG;pfiZ|%uqkg0EL3yjp<=|w^ zz;tbBte8j5oZ{j5BFLi^Yv z;owQ)M>H*e$M`DYk$ieOvInIddd%917p2|s%i5HFEFrh`&5v3AWm=wbzIgjxv=nl#$3jVc#u9Se7qkB0P>lA9n)(5vE5wgm1~S3U9!%yqLG} zIA%BkIl4J%mJjzAdOYUK3MBVy+tuQh!D?S9;{9%&mOOUer2A}_4T;cv&!i~B*>4zk=Ztb3VdM!tq+KgjS7m6Py>vY~CI4X4c54;zNOwnZ8y`mo(( zw;b_PsuNPL05A4s3_9arkY02ic@w7(M?SRuk}ioj@UkFo2LpJIr@y3Lfk&-ZDp#(- z{-b{7iF)=&$Q%5M92xh-c8zmmTTht25?1(y+-?GI{u?~-n{#(h3>NaM&stftO(8zZ zYZ&Q7hJdH8@mu^BarQ@IQx9S8KCB zbSZ#e#`^&Y!}}1hal~Lo5(?wzC))_K3fH4|VNx7&1??kd4|a_d=fg+9H^w0p%;7>! zqTOKm@EO_TVBFe*!-{WM;lx&=JZZBR#65^ZWpKM9{qT{KnkJkZ_C6bMa14j#7tRw4 zed`U0`355w=i{M0b@QJK;vf+zIb&J+ARkW7$02zM9M0&mygr;!xcNBc)Inf`?{D{v zeE6usQf}fiLiee={FXIgjriS!-xGMo5O-GnJQwEe1N6-M_W13`FvpP&bx3?4q@`}U zw9x8_pM!eyR5rfSp4AnU~@r zlWy-%2_w{-k2GJsT%|An8_JdRmde)qy3kXR;daUz$L@C;p(g7;Hh;$X!ynlVILO4= zMpt&kv2t2v;mh6O-lK9tJ;%UFs-?~Rf_tI7&kChjKwjDNGzELi0 z_X>zpKT2?7kVNgm;Ye{3*3(Hl2Yej6Tn!qd#D;p@SuJ;Z9HzY&-^A`bfmujlD6*A{ zA5d0@PaqzA96oPPJ>K6#Sn1z-gg;*zi0`_>?4Mj`Z>0T`-z$M({OTZ#-){}RU+gDg ziL;{wh~WG(Dg0Xv{$sTZz+>NKDSU&2w{c)6KcT-O zgjaDlS~+|SZW?9tXFFBi7`tL|toQL}E#AhdEdCZBf5GBU#M0OMc;ola&d1{4;^P0j zTGM~5EEd1P$8WZH_)jv{rS!ek$M3fIJ+b%(AAiW=kHq3{cK5;m`7w>cf`VR6jQz%KGW!#{g&R%04z;nElwr!t9@erazDHG~(HVX9&-6(T`l} zKp)O=Qv}=_cbt6$OaJHNfV+sWGCUEUMm&4)4B>Ipe2U9|3N_rw|>`eTRn=Ck|$8mR#m2xciqo9#{ zeK;n|d1KS@98QHyWqY$*xi;qGW0sGlWja^4R%S77emqFmhTGH}Ztb2vxm_IIsL zXnC)mv^onOSD%j0Z+^7g<~I>X{c!Yh-iE&kPo89qeN@ZG&z~cnaKs_{HVM6iELNP= zG@R$)+^(~+)V&b);}vmO(E}$_;BfFV{{#9Qt;G9r$VKK95-baRqs&RK%(EaL32V|Y z&SeM><2Dyiukj3b{8H!Tcj6(H=Vp~ZWyrK{Zn0)g)BdNO`u>aB5_v`?-{tyUECbz7 zMwzg#)r>*LlbT0qdAT~wGWBa1Mr>`ul7~TH$r^%c&;+@V_rGWa?iu9KrZQQw8R0(d zruk`+M$;myLUFJ@ySZ?YD`+m_pb;p^|7viY4sa|@;X2~QaDWHcEa4@PvCsiKL0$N> z2JpDY^Z>9d3(8br5GQlYZ|ZIt?CKuqj?~^p1G#itgk!gGWpqzRBs_4fs9U$s^u%4N zb8a2auLeO=BDIC*p`5TbpL6woA0%WZdJG&+@2NjtH&+>5*z3ebBkJ#sxJpuYIV&Bc z1@}93^{jRK>r} zdwSc_|1;u-3bRjc4`3<(_(XrgpblxWVA zj>Y*#Tq~|_*0X=d8iRBdk}jRL^<`tbgSbkGL&KBq>+ed-*_~s9LHu&Y>+ZCiwM}EA zL3~2fckRbrBK@7cZ8Zo6=7;xcx#x)aUqDWHX8P(Ir-T~d5p~k@e$+UHgsn* zSXUwPe5yK#Uxo56ic{k^BcAfyxdmIrvTJ*A^g3ns)b1c%nZ@B`Xo;i0@5;Db<4BLh zfh`|bp>bGgDP{CjSoW37u1E}dd1?Y_Nz3vrEm^0VSlA|U(*fSH_}LYr9Oi>OO<#vN z%G+f-Pwrq&ohZ}qr)xF-n#5KG;6beE{+liBi3WsIPGy>=wGqSv*C%!&$omf(M@Nvk z^_va(L?>X-pLrU#_UXfT#*nTIPlN|;$tQMcn??Kli44wDW&4saTqtlsWwQPR$RsWY z%Ql7S#TR9Iq?I*R{0;p6H}Z48nZN%Hdi-zDC%;|Zwm$L`Q<^7jFw^>VHfY;coV7L4 zwB@iF708EhTPm$BsWTh>`uF5;xW(J80%fUh$>R6x&7#=iQda@EnTayLp4@_FvW)ah(J{`tf=Xrj{#czIlUXPM!SA zA%*|T;bPuHkj+AQL$epk`-|Z~#(Gb8%@fR@bpm=tIP%W^i13O1 z&f#4H4o}F7nggvre^sY=sO#cWLJ$7(wD}R`_>H`ue#YXGnwPF$i}Ww4*w#d<7u+X& z*C|gc>H>WY%WF{ca%X!v+PNl4`b;D7dwdwrH9Zo?eK9j7v;bacd5xn*j>lLNAx-Gl zIQ>zZW3*f<%8zCES4iXeJZ^Y@?`^zO8I=IOL!_xU8gBAPx+VWtMbX=O`?_2DLC3}j zh)otJR2D2h2X{wjx^-U;F4+Qb4rWKXr=!1fVO-+hp4ShUZ4w} zmj%mAbh@Ur%vevgkL-Of_9~?fJ=LiA$qW5)sn3HYeIk^-=wd?aF=709+&d75^5U8` zo=d}e&Un7L9*%vbFx;(e6P*UXE{wIHO`zfZDFKwbJP;CcFD$=SFFn~wty1U6#g&|X2q_V1I2ia3gS?M-f4 zGc0RcKRK@Pv~BGuJN8eoJ~X+J@l1bF<5`dCFRwYI@piJ2?7RLHK(sBv8!{2NW3ZDb z2jX&v!>lpBJ_Y+uc*<5_f!D*LiN$tqX)8aqE5Hk%hp?p6jS;vsdWw;@qn|Q_$QstPN|+d2UK*85-*YucxAd+KFHhWWAUZ=P(L?!xAg6!elicMFH9$}NJp40IKrVf zvp+4mNw|wjOYL^$i!d1ujhRe7Q&FUq>uJ~5DW01INb~wkvIM4CVcM)bKeHnqfAg5e zZv_DL@iV6De+9WSkDI48K9j~V7RJwK4l9oJmX=rFcp9y4-;&UD@X00mBgB19)7@hH z_qMB!eP%jN(=GizEkKm7&jLj3w9$3TgurxlAcL-!9yyQdvu5+eu0W?KYqn{8`|(zU zb3Y%(Xjfnnx9lhU>~_UXTe)E;^rQjtq;U`rangs&Lf278#UEi<1;PN!ai)m(>7K_M z@&evQk9WxMf*--jbkG6jLHxu=x_lgPZpa{vJksa6Kzw?SDY`w5(%d6BwMEZr1t}{(~AKF-S2y5SaFVlHW^0+%`3r^A4hFcni=-gQH_hvU|bBc z@%uecezNxciuPTeayZ7No)-$>lm3vNE5_b^Do%sRi?X5*LcEk0-;}fPT7@|9&2drE zN_xbGK?V#vgKx@KU{QXI5BpV)CLdNE@Pl+i&=HYq1bHC6(#rknCQ(oFQSk@<^KO-! zYnYH}RKn7JN1Hg$4>MZUGVBIsgI9=RZ_2dyv<9#=j1!Z2OmE&-xJ=TBzoV7iq z)6w&}1k&LgL>c_RAwKL&e!fciVHxq9HlcB|@*(w?Wd@o>2gdNu;5mz@0T0S|#RQ(J z!t7@+6lF-CAWDEH8?KUk8jEuCWxc#eo0ESB@cZ}*=v0%*Yt(3Kwz~D|8V)O^bGeiZ ziLviMI>@8&fVA|5DZkI-?PYCtggmi5UKs^+6He&HL3tQv6S~KKOLR9H-LI_SxTF!i z0L`GOlx8Oz>8rZ((+=XF&<8%dM`?_e;R*0EqV|&Iu_B3Y;C6O1v=IyLo0-({Y|7M? zJ!M9mQsyWp*Vhnz*rjj+JB8nSf(Ln1Ut|vm!|_{qs!)5Y`eJ&y_h5h8&aL~~a^=h2 zCqbN&KlP7zw&UB$Binh8{ zZ)b=nw|4+L<9ho0wzOskL^r?K40!Z&z9{r3V*qQ+R(a=<~3R;G6aEsTnO3)-ASGTPFdJH`6cLHbXva=Lqj@_LSlj+7Rx_T5#RAS9AzRWQzt7ok#5vl?7te81mjQm>P+@kwQu)8}aKP{KMQki+5Ic!H#sTAO z%o)fHbH}*lA&n&l4!@rH`z6C4lV_F6!|}_v@B+N7n=v$2-e1ZnoiSSv_%CIPbg)dA zUgw}N^k9ASFP+x3UwFpsX*tIwkQO|6cwUd~;4hcJzfy5NK$tR@t}os3IN%_|FGmW` za{A(K@B*1TJs16423Vi28v|S!@q@p-vm~EuBo2Wt595UnrP20f6dQb+e6re&i)cB1 z`K;n9mCx8&)hj(i1m}G2$54dT=`T+%kOn$MJ{~!zdgRhmr^YTSF4_v7$s+n}VTwOK zkFvtb?kg3V5A~M)MbapJ&{5N;TFsARQ!YQY6U@VX%f8?UcoGH+Tx{D2qj_^oO6A2i z_$%hiQ0Jf8qxF$|iF}Y&_(2}5FTS4RdknA(`p(FgdOCI}UO$P)>8{iV=oG`q=a?F47hRaw*bj zbzaGoHsJ3-BHJ6%$np?6@fJE!ex45S{&(d;nM^A0#LaMw+hSZ5b50@d6N>vr$`iPp zugknBTgd}-GTzD7`IMBg)M>LJr0a7D(_<@#ze5>0+en*Kf`->X``6<`NfW$To(whVZ20$sI-gq0SLj`lZARU6V2a+^G|m_Tv07r*}** zegxnJH|TOYDBnl)n|dbv!S2FE={@L~gOf5;nEiXa#BUfi8AT>@@W6Akn}A2k0JM`n z`L??e|G{iN_1v8|O;~3`{C-~0N;+6JPVRb#qMf~Dh0n3Ye;8AG#1163qQj9(XKe5O zKg`AT!uz|mR_5r#M}{(TWoW(yXbSq~evO0l^(U;qG*KPsSE5TVE!={uAL#zrng{q( zEj?|S^v6K!gxN4>kDffGGV;2gDB|-z!z9A83Wt66mWLrVeVZ^D6ydU1qcAMx^;M^f zuDl>y+B}wx$hJc5n&@ak);&mD_SI^Y9qoq3akYu9O|Z7>tGf*5tit%S=_-T%I`C7^ zwa<=~tr^#8Kdkf(7RyNLKu}L>W=t1@FrHseB)Uk#a9CSOU6ML)^7<=VKXJB=-ef}DGhfn*XjF0O}XQ-H#zF+yG zUXmv2^4CZo=-_X|X9F0P=BTC-dvyIei_0NU(|Y|S{U%e|j<2C?eH`RXSu=b!U~m>* zHr*4K`PU{ipT9qfc+lk20^gORjELT{>s=s5CFFcd$KNA7wt?x$%H5(7q5ozK?dbv|x!< z&f%X4@LyJ&jxkxDD}m|(fos22))4&D4u$<=$&Ayc%BfxKI`%xA$ z4iLn}&T@nN*~gc$r&^3>Qf{NB4-MK64)J>Y6M!3pyn&bU=bQOB-J@LiaLk|uG>d+s ztR!q#;B)L&y&$bjFLh)x@KF-LfjE|ZXs5MoRZQz`Ea0E4PLsxe0uRu$mMj)WA24}; z{g}$|+%t+#^!8f9boEHRZ)TcybQn_myZZVES~6-YzV2+^nCbd;ro3g)3Gn9YbUnV2 zH)X-P;McC%W+UJoqTbgL_wH zl$$GgTK7r4{05pLuKD7e=r=&mH~yM%!CxK1zQS)=O%$_<-#Ct7_>JEfv36(`zAM0A zgOy*S(OJ{l(!At>RIY;)p%QaluwKo;-4AB)`5eM-H*m2`ZO}4$Rt%&E7 z8_2=?ZA(ciY2Ut^RJ@QYbePVR^7Gvx4X0m6-CJ=;{R#F5ga(X5$~+wXJLE^1vW*RW zY0*vac_Yf@tB@moQ1PLFi+*_xaIGD)I*&Nk6`nuEJXq!{_8@*7@jT0FLcfWV_{66N z9`@1c=lihZlv`VOOG@U>r9OUlRCy7)ulI2Xbbf*F^PH)8UtSSPXR9P$L8-p2u-%;t9 zpWee*JoQiFP`AT03}@M6-$n?p2{!EdrY1^5yb7tb@jCO%9aJTL(h&Qj&*1!mdN5-07{WUWF30;0>V*0M9)U>&JeLdg^^P)ackC>&VEk{0<&9}|2& z3m#&&A{g6qw8QsJ4`RAQ>02W@_FvA#>H9BdmG5V(l?ILh_<9REauj&b&vB~oymSe-yX2%^Gd=Qj{WEmcx3dfKh84RQ&hzcF)$<=%TmSe30vH@E z%l!>M$Y?&ob4eS|aVU;UhO|@GKR`QRV}fEBSoeQm^s;^n|D!e@Gids8TIauh0AA=@ za2{_3=psCQdWJEbgh8i7zu1nTZphk~e!L^(3w%!2;xi!4_pcxfcorQ40nM^51bD^g z*skzg=ivQ~XAs8tX}k}E<_LKw^jpSUkPqt;^P~*^d8g(_eBP%yp**^AXz}kygLtIz z^dmn;a_ zdiJGyd+a{pA55t}P@Wwb%%L1rn!OHG#?wn#jHr#FJ@E5`uAC6(WOn1>;+)p^5l`D+ z>dO(|_aQUJdE1&qnK1kccma+l&yxn#4en{;T#=MlTimXZe%fA7JMe_*M6V1V_08i! zIWLqC<;XcLwii-1_$|EQZma$1tf$z7nr*sxT;-^3f{sBGCv|7BF=$U`rNH?zqWvO$ z&-(myYNa@J)0bmi{%_O8vZL;O?-=kvHeNpgLmo&27 zi*GkKN?Ok$FOQSDFoh>Ue~=Dwsuk;(dj_&<-~Xjb@k+e{|HMT(vR#%i$U?$KOovA; zyu2{`FV&`3+e=`8gK1p57t-e2SfrP+`VxGSSEJ>HyeU5!BLKc<+caFpzwrJ2DV06t z`RqkEKbdrl_GSinb)&9z`Il_5>?!;2H*4CdPS6V8B#iiu2efa-?=j>#jW_EP`Uu{R zL`c)1>wfsY;S#YmqRvqN7SnsDo74%P*CEh)rKlfE zwg>#wDI9f^d@()yJU1RL>L~G0FZurOz)QFoFT`)M5dV?C(UNENJxD#=phqm-zfSbGmPHe327niFq z$G(TF+rDp5Y4Et0mHsW;WAf&3+T5j|bNykZ)31?2X_<$<186n#_SsX@Pmu0(n; z-HK~VZQX!P9?QLyKXmqeJLJ=}0AA7v{z$W%6D9t6Z4PMh^PUmt1mDueg!1uo$T(EN z+O%o*EyFR6rEBFr+*tn&WkVXMBcVQxfnM5NhRv(*CR6GR=@uK2TwG?(F1WH}I`oNT z(jNsNYb&SEDy;$wT$I7|c-)V6GGLw#Cvg!k)-Skq5z;>WsMB}{9@lo#cab*lIN@b2 z1x_nS^8ko+o9XzE&S*NRvs>=sdW#}Vgmt3*IHUus1ft$Pt{_d_4HqJMTUTHA0i07| zJ5qaFvG79%`ikRxI$qe))`#9qZr_NE`~2v#=JlgI>ES-XHr=Z;RG9s-wXYgipW>3- zRG03d|M6g$4!a96)amAMf6TEDl)0vB??ZP!rF#|e${pNFzvIWJLYQo?t(!=@b25I+ z@ehv!x3J?rX+t7?*B^82!^d-6Qufrv&N_H5F%O1Ei%8i#*AT`HcH?RU&dd4ypW7A2 z>ppKA&6WJ0>qoqdk++-RQx>g0#B)boJl2=CV*I?fFU94U?590S}%ohx>l#9J1227h$_kf`e*B6W~#&RHmsve%NX%YeHh-+*E^6+ zvCP>Yo3VbamK*4{{ZBKd$3eK8tQA?z423w8nB;56#H8*YojHy;86$P!yw9k=)2;2B zVV#S|ccyuJ!Wxz1%mo*ZckJ&v7-IZgTDeD`u?wl0^*JgF8fv4b#rB9rSGhT zm;JkbFBua4uPnJ3d(SPqSau!dcHPCYt$3px=D+6{K3=x<3g1Izk6y%u>%S^1+lr*} z9>*Jkzsf)APo}q{H?^UDa6`Sd0y*1B4c(BMpyOu z`I9c4=8;lumwNR4xso`kDTl>QKR@l_4q%;HFSoO2S!XYomxOaEi?zL%i*o41Z5*1D zi=+Kh88J?B5`4Q{IP0)%!Vo)iIpe}{9Wxq`t{#=$<>6R3j>53;V=kO{07P2F?jgL4 zcjM6ZU_J!W>owV2o^WaQ!W1tM?`0r~V6d_B-p={?Nd?kk4Ev@_#9#7PSD5|D9VKDz zlW`BYkKoPl1HrfZ$#CjL=^w+NEDgjr!(}r{5XZ1@2j8VX89!SZ72t3O-jC#w)eTeq|=oyC9;?ktiud_Qfp@G_cpac?!e*@e3`4qctJ zjX%x0aE{IG?dr|J4QfmGnq`&#)=y#n)UKAmh=oPtKs>$;XzOb^kfK4w%uHI&`TFU3 zq{q5jo|S<$E7%?eW~4RJcHpNoVSImYM@I%5EeHDGUrHPDLS-1A?!(smSo#-g!}z^2 zkQ?HEVMiD*?W7|>@n_=kSX9zqK{$vAq(WOM^KT!eDVa@kr~6#E{VolVQB! z2;=jyc*>E^fwWaWON4RldsAt+_vQoqtWM(c%f~2R(+6(Hw07}lKhyu#S2`J_DWv7q?(=ZIkKD&v%x{til24 z*+Lx8iODU7uYK>$nDy=ny7=rL|NOY(6dA66S8q>mYbPAwG}cg}JFUIxC^wMJ;)d}E zJ4d-RG(aI^EN*>|trJ2%aeE{AupU8AetreznIJ8p6px6${_E~in3&y>wFv(@R0a5@6ehGk1~X9#6SF~@*UWsF5<4We_!rAd;pW*Qg`+PVlR;>Yl&)XwDTN7blEDm@ z!sIe&A5sHZwH3b@D~ya{t^)DC?P%ZIkZSMB zWct#rW~=6srSU3TLU3GSZhL7w4eols=4Gx^^S_KbO51T6c9FK^XRt+lKY!lBHy6Xy z#*h{?Qdmqa*sNbQH)8mjHT~RSyc>Ym@HxBzj@~Rz-ew<6=$+E^E}eTne`-Dsw_lue za?Vc2n1wD({q!kPqwAMdiuWg#IgZerX>dbFOci+kyAA)}w|6>e?@}MZC`g z*7126@*{^r|>Urs2097|@~z_gsF^54Vyt!<;`A@f-D&t9Wxn5Pf>RXl87 zI@qfQbc6#RNbJL}#*~hKtBgx|pUXI2=i9PEo#g?Z+_*nwCUeT=Dm&84hxO!n#EE_g z>(q;i%#(O+$GQZ;_VyHnVU^)5;oP$TC8^H;G5SEx!fqV;+EF_o&aD+o7L8nTfvu zy$kC$<0a1Ybnb$FQy=-8x+CR-@A?td6|SFPUHd6yAUX&A34hC;A?P5-)J4~j_tn%1 zSC>63@)p@nx$;`j&gaXTe|!8&ok708DbFHT$e;K^xxbiAcxnFUwO{!q+l}|pVp%&| zBQ&7g+_&S6aQ3q>%Xuy66>1EyxbUJ+G^Oxr=@5`D8!wR6A?-%NVFvvi{cKWb<8DJzV z>%-LUG3^l_mM`0FaHor5OLkb;R55HR%2@DS3BsV84EtGCF>D!VkTB3mx$yU|PFh-g zds+QnSFU$M{rX!|H{aTDi;i~YAPeqclXfHFWDNbmIdal|5Z^R$Aq?%JD+9IzE-%_k z{av8FFBwc(A%v+gn5H;Pc*dUS;I%Rayn^`s z9RuK}W~SH%Q-+?uPT(Vtl<753#e+ z_>FMaPLU>AKZ$U_M(|82AoM(S9(!t;0eF6IwC1>TUpfA4Zx=Jfxaak-Q+yeMn2F|0Gx4c9Mv z0r9N6QjaIpC!nmCPMfTMzXWIP)!`HzCkzMlB`mKphojVnRjTgMM!j%F%YP|ssg(J< zN^m$mG90vhz8wni(8m#4@D@CczaE|!PAi@z=MB%!UlY%i;TbVJ-6eR)FJPQ~kMZTo z8TT1_Ucr~F)mnuzY%AKtvgN@zMG(FO;Ub4@NxtNV`Svs3w_CH%4})Hgp(g`;2opU5 zUan&kn_zj+N2R>W#u$$G2k^#kPcQ56BKd5%6y!B+c&{ceCl~B9jO7JAS}3mW6{>nlM!d=U8SQg2*4yQEUTg*V{wd_n(8WhZ{!YcNXR*Ny`uaAHve z7p$zfehstD7*Ut{4A5>u-g*|TZO!u2&3s;J6Kk?2o0~mc@R-=dvxbL zSTzvKU-~2T$E3{2>v6@&HW&G*UxGY?yzHvw3buZt(%WqXVt=xwZg z8Vok;`c~_7>JBuD?5^j18aQ1#lYua>cCk_ET!#EbJ{1e&qiyqjxN5a^Y^y|15l4B2 z^er7XeAk!Y>%=#BAwHG~?WQkp*cir{+&n#$8}ca>uD}-pUqYvyr@d(Y;7j1(ug2tq zJSBhVmb<6S`BlEXG=3OPJMPcfDC(p4#i(brht5|MdJtABk0sz!=y_!cJq<;AynGYD z2OM6$3*p;i_$aebSLzgBDKGxp;o7NkUIN;Mu2+@dL4BZ{d^(d!SjJ@+EbV_NNn5LF z1@C_l{nz@1ydfXoW=c7af>+?C9(Xyo&CgflF(K)_?B|sa^7Zr@pD$KE)W4rz*8IIL z7@y>wyvmtASa|yc`e(~epvu60`8CH}%j?eu)qd7%+Z2ZVB93oxJm^cyiO0^zbw`Qn zJVO4p=sFT7Y4PiqA$zH-l|4MR#rENZpvbaA(`kA2htIg0KwqX_e+lNO%IDRvn`z*Z7 zkk;?Pp^g#PLTSdSpQ!WCP`Tr^U6Co-Zwq+QHPG+cF|K!KosF$qhwRu-r|c;U zzTMu40@5;0@aTRyZf)lJlKktVqFzvbF>Xl_sHgO!EX>{`Hechq{3E(Ygp)E`8JS-73}xoUOB3 z%16#p2!S{kldl>zUeP``{;7^3-O&l0;M3h*_VhERSG86?zY}B?;pU{eK_JmO!Zdb| zRKDsMX_K>~f&@m}SkK9s)NyPwz$_ zgyt*yvy>M!DLw8C8E@aKjE7fXDSdagE0bR1VJZKUD2LlvZ-MV_ln>|V87_FQiS7$| zC7%+$sz&q<|J*RPIoNQ*rJ+y#*7ZIOKd`8R?)%E^~uquy&Jbg%HR8zYK#prxOei%MaY zlq=ggcR!enW9>rz$d`3WY#Zp0`F*GtwByvHmDBp>eQ<1>$t%M@5!p9?qZ}DW9HM)N z_1n!&+C4M*s&Vz(-MK5&m4zM|zXFZGm474fZ$n-p$GU+3>X84zRxCcl-n*!^WdQ5j zR}{-rWL2putXCuIx)s4k{!vD>QGUXXPA^58rip8OjcAg>GH4R^6(mpG=|?KBu`*WPGjnL_t#J&cv>f!@B7^JR1$ zTiw_?k zV~|qMS>DhGf#ulaWqePOHqGUqGPZ(RO0t(oS~2MVI8DT%<@?=sq4-f&Oyfk&$_zuFrH(0 zz$3@fSMC7}>dss6aBOZR^5mEz#{{GvA)dO!_K9si>;G-Tco4?6?Kb350~n4y(^sdC z)i4h5HG|lDSc%`@;Wpso-GN(@CO^cn&Qi{7cUK_19_hGekYoERD)1h~8#G7Lct-G? z!S{B+&FCE0hEsSS)qSEjAYYy<$@A$pfyPac!KNuZ2^a01->ufU4}Q(Z8?YcG`=hGY{pZEXBEOh6Zf=oZn|bn&z-pG67FjOj1l ztYde#;n`W3ecw4eCt>SA&wZftzKi%>iRVON_I|#BcQ^3e511P!u}|u>p5@4Kd9Je) zTU3uXXyH6?J?N{i#e?__z+W>5nGA!6?Rb#(Z!ST%fcH7%_gpjXl0%wL4i#oURgQDc zfaB9y{6_ev7zX%Hf%Z@3k?*0x?5+{f{n<|f$LZt1a~{tO^b|1n@j-s~A>AjR(K(pY zm&I^IJ@l-}9r!2ffD zkk=K#Jv({ix1L97o-cpL+xyus<#DdvRT&xe7>nL`?t{V&jHt$ zkcMZFd~*cP7@i57S&1~?YQO{djnMavmkP6upy$VX7S)N_Zw&(eG#=3YE#g4BZ(TsT z9e5Bn16pR(K1iSct5IS0KLg(z0r%Zw;QP>`xP{jnSG{Qb0=hKc=fbtg52p1Dy8N3s zY>7Gc>v#2VaUmT->6_j-tv(-p436c{=ZNanr{Hg{X^5>&pr3aU@zZz`L*h5C1_~LA zL0_=K;C(+7<;%VS@2aM+D1Ia0uE97Y{d?N_)#Vz;aj$EUo^R}G)cB(kpMO(UXv^O? zqrOFiHe@x&G0Kvq9q2V2<5=CKG%;V-Pj$4>HwnX--)rLefj6YDCH_KwO@qFZhjG_R z22YmX;UB`P!|#QD0}t{kE8~vx+p)i87w%fGm5+DaeGkHc19mQX3=jL9uj5H=gvZ~K zLjEb(spJ{FFXOws^zJh5BN#?m5Ey^({Z~u*$eAwUzbDUYIQM1vbE$0JKWRGfILhCT zxA90mi(gZ&X?cJ22d@wY-?gAecm`h=@QmUa!Gqzj_#eU=0NWT3jeh}#^p)8WjS`74 z$b(yz%PO2KUYgG}ZXC|jSjgiX#QaUeh5VZv@qq3(*GUG!KjZ@*UW&$>I8;(b8Za2y z&ELSa2M^k)H`n9ydPnE&y}kYKzWZH_ht9kie%YIw5nrL>YkGGOi{2kBaEsuAy?8Uq z|ILR0`x<}$PyWpl2s@21`NLHK=<4rJyTfDADP=yF@k}`w+q{rV?FAt`6Hp_T@C8{A zeg;3w8J)@DwBlm=bQ^KT&O6n!H>i)u zs|wKz=;KX$G`v)oZkj`yOL!*nczysYe+WZ4zIZt~*j^bC$hmZRq`iO-uS@tH=y2`H zLcSJyQo94sPKU$2krs4aUB0$_4>GPD#FN3Z3wW+`xgI%jdeW~roXL+u_jYqco zKZHXUYN`8-;}Poo6M75z6!h&wop@IQ26Uw)GW>_|li~M5zmcwq;d=+VGSCqLL0B~& z)^{(bm#%Xu+DVkLE6ZZuz;z1GaXcp^gWw;+z(?)*AZXstLVoRL2J(jO-i(?)9f|2DhR{Y)zlEl?*s_hIN3d_6W7un1|1}%~uohvqcs2lQXY&T@>J?vn&o~CpFu;k?%C0u!XI(SksBdKlS}-X@gT&@Z z))TKAa&ev&@mba#bKxsERw_JF2J22E9Bt(~l$njgyJ$^!t{Bg;477EbcFA%?`Jzpf zb%+Rm9KV6HuF}GmI8&;yb&-WH9c;xd+oDf(4HmX6oBklv?y&Fj7Sv$XnY!H;c8&OJ znl5W$%dvOAzf;2iF0}lP6N%-EB9QRk6}JZs5sT=s(n=kG-iXb9wfaQ{u!c5z!L^)q z1|PkrhX=Ss{k_;P*otC`;s{n0Z9K=wd7%#}(-uw6Jj>Ue)BNiz?0hcN3qKczGNI2X zw7rrk?LZ}?i{pkIpL1#5+>4)g=|}nzOMl(2zJnZ#wRVSNuYz|Onk5V4xDerg2%H=% zlkwgvoHbRAdb}NB$dA6L%%xW18?^bn#~F?~e@MdxelXyLbsF%J=k>x16%@>?j2$l= zlMtAaHQkODiK}3Go@@=eK;QUs;P!Vl1#(L18H4{j^y+5n70Q`5i#$+PVw*tYlSg2; zsN49>crQQvX4sRE3*&vc)FON=_(uNH2beP1K(^#Zva)dkdfPGER-%;&mPsSu{!XFQ*KN=&zfO+?|^@FGyH>FD4#@ISD)GAx4_f|Fw$3q zUo^|J&V79!3}oMc@Ts8etLE7`HDQt3H&^D=MfQnV{(Q?CrwJ?fWuT`_`Jp_%2AOX| zdeJ?|74tkYE-kW+LR~|;d8(%Q(k|gl;9j;HZ&5p*UpK6E)vra{Zu#GGS8pVZC}*Q! zsXJS8(Ow*?1NXc?+Ivt{8X6ro5ulg6(JqoVp{+dG(Yt1mb^$UKm^Wa1xb1;H2<*W= z=vWM_kB{uupG{tc>^6Be6!|~cy@hkavL`>^;AJ3TTaZHhp@vHiZzp`(bYBKXsnL&Wn2U$o{a*Q7 z6E3_Zo6Q^)x^Jy@Vac^lMz=O<80V*Cyoa(t{optK>J_L*vPKJU&dG>>d{N_l`>`D1 ztB`K9&iCA1K|RTJ_8yQ4SfT$`r&Fs6`CDN#SQm59TiR!y|L37i?zf&*x(LTPsW^OF zhIQ}O8G}izuQ%XAo3eYo0K7g;EdRMfsG9=95%02eYuT0T^P@b zZS7p+VB1`{%uI_sH=6#x^Q_iO%FnO!gDj*@*5I;{Oq-lbV7?kBhQ+c7Cam+}9mCF+ zxwiX;jK~lwmjwWnio6|hG_YGzVR7V zkOBQ#4%pL!lMON1jbrOnpEqp>j%CCnajku}4``Fs0obVgCfM-1QBGVR!=!ficzzR5 zfG&y0{u`E|{MNh_Hf8eNbgBr;Jvwn%%^N3V^|*Dmn=S~vw7nwdU@c0?x{~~+BkFg_ z9w^Z2d@kw~#wKO1*ZE#cFM}8AFW?xz3T*^^E?=(DS+-G{XIDG@NR%D($ZtBWam^U_}Gilag8h&gFp<==^`GXL*+TUmOO49 z=<|7DyY9xf1#g4l9WTL)x`({uc(22;DA{yNzmt*CSBkUjlHwHI2xX0mK|2SzkjlX);&TiJFzx$BE1GnoJ%uNUW&$1}m1K#w39s=Y_@sZ9v8mKBD6i)Ht528_7C(3B58NF`F0BM7C~QS z+n9q#zDCowaSdaC9{mV8XBhVlwy}NRHYsuWZQw;{<$70K$tAchYdW^MU%|t(rP#mY zNCo3>H+_{cg~6bY;pF(b_7<3#wunQfXi6i!6xg2^g!*5+7aHkl4_tqe{aMX(0OxhN zT+!Gu-&&&!^_~5u+m|C9=?l_h?I4%;%0as=9Xft?`w8XscF^~gX`OfE{0_UTa?hsu zMYmhKhjkD6+o6L|Vk^!};}nCz+1j)_%9W0e3}8b3lcq<@aVNH>jI>kbY)Qa3^rIaD z_j6DVxA9nFLZ|DJJmA?b>(|cFkO-L%= zJJe6m`s3~kstVREf%-aC;O!mjyR!Z zNh5>__&Lf4KO@ASE#3#l@e0B}){OWmtjRio-xu{a!>O-)$Mvu)E(`O~$rJ5c2us?a z_aY;%6%|^IpL3TLH|L~fd<)@XACboSRqXeRojPuEM7xHE1#kc_aZ9-kX<3nn(z0;$FIEeuBCs^wha@8>L)BxYBgO5BQYv4bTvli`EgV`!d7?;|n`<=N_P?Ef3`fnNUwf zS3!rXm%i>L06*pES|@bL*b2(grStqZqI^(J;drLQM;@skLD}bVK%i%4cjWP1e=F-E7f|@kt$VwEebtU3Bc$%6Q(`Z4zbD_Tn<|<%}}$@_>$0 z?_NS4{=j{<7yX^bLAD+e^F%JF+b^m& zLyO5Nd!WsHjd#?EJo0zc74mOK{S)6gk>UNa`FA#|tl%>-ewKSmR$fs3Ce48^3lH?` z5iWX7JoL5Z?N50|>r<3io3;DYx6(Ix=WZ*P5zve}#CB<=vr|?_rQS6l-s&FhDdAY( zq#XlIT(j)y8Zy~t6esb;>I7s;`|H*XiA)Ao7TRdy;+Qb`q)eEH^m!5X=6t~CPQVPRynI~- z-Aqf~2rD`SeG&UVXSk7O2=!0+2YyfYF@;mzdI$xh^pQXE@sjiaCv6yMl6;pt-K~ur zF3FR)j0WM8ZMey#R37ta1aC^;!=66c1IkTw3$=f%`RebS00`|q@)Eg2H@!?Mw0)$k zxz0}b0}kSmaz`5Kl<)yq_OYZ~1Q+~5;H^RV`uGzXFXMuVy0vcH|6Sw_up+|-UFR)* z#U_NKT<%MPHqO(dtlZjZt&6B9+{TgHD!$pftiK?>Pf;xi!bpBl@b++)FFUxaPr$z1 zb<}iV1oT7KS$JE?94JUKjf_kLqUJ26a;p-I#_fIel%Z24AGFfi@TJrElqhU(( z6`cYc>jukA>IQ~NdvaWbg`tL24ICxx3eSy7`*?R!gfz>W0|Ugw`wa!-wJAe^0lycZNhtbLl-tgoO3&vZZ^{tmk>ANTWHUb<&V9 z+I)IIgM;_FHD!5{Mn^mOwcnzDN!0`D1MRUNi>*Lfr-!sBz(qQK6Mc;7Im(Ope=R*s zBHc6|^4E`d6UwMkzn$&F_?ovTuzM+XSJ&8@oIe4@^{y2p0Fw0Gb?>HNqeo{L(ldomc9}2XH3tpZ`qFl5e||e;}WJ&iFchEM8aWhqBM?%l6P!(iRnE;ObkcEIf~up;DLdi1m4YFkF-$ z`(P-){9U7XqdxRuoCwPX-1+GFch5-qh_6VUVVw}Zk7#+b%%yJxp0Jj@*al_IenC$q z9rT3uo3J9UC6UOVVYGX`-on<=AM<-q&m(RM5Aook?AQ-RSpMB8f8UNlj;wQprH_ie z{x}>%hRLLj-GyNl=Px*)*89fbOK2+HCtek|f5a;`uFl|>MzE~P7uWKW7v&90n=D*t znI=7)`Ag*n_HyJ-?)=WbN5>)Z?`eJ!KfD@g;eWqpW&yu@Qu#I9m>LXlPbx0i|;QuZA_80kuH(dAF>X^uURCmTMNN4OzC5gHpK(=*_+lq;aeea*z7+X03ej6A3!?_^7g7K}L>DGN1iPQY< ztq$UsGoE+lA==X4yE%y0ywihvPJjMh_E%iqRT#5x@9MxTq1|4t;|=$6ESUUMTYMju zN;%xe7+1*mY?h^H3gF_-AP#ec_ny@{z&?xj*LFa6laK}U+qVZ3fQ1fm{Y}i4LCm*IeE^DRhWVIsE$?b-&&|^QVZ9I_Kg=cPiG| z;$^HYL46S$P#e?_(8WAueHD0H3A-{@OJbh@%xHCLM!QQ!Z&5je2*KgyD@$Pnrg6) z`Cf#rIR+TY1HYNBW(>d2B8=}t_$Gazm*cq%zlr?d8@5tqh;(9`fTMX2;u2OUrrIo* z_ckicq6bJDoTp(rb>igt5PE0_5U=#O7^UaF@&)Jt-KF&0SMj3s5V2%iD3r%ObFl9qTOXF3SiyAUuaeaF5V^v@fc= zN<%q@_tPaf!58Hs_*~wL(Yg@qLUaajaz+B?nTq1+>R_4NH#cAI_d)+l<-Qy8dJ#Rq z0@92Koj7-omhy{rMy33kyyx+JO?ykm)?vnMq=TO;kx}`scfSW`R9+SAHE-Lt66gf4M%$m8WOU`VzZmu7bZn_FnfE<82|>h4`vcT@yVnSDDV2-y%F#2WbO3Tzb_H z&uLeO*`WKiO^?}$-O%|`{kZ@9V*0TPiv`m?`)!QpKWdvf-;OsUJ?s#DSK1ib8@5?& z3%uW*v^xCicgS3B8y6=Iq!*m`Bp&hWU}xE8ystrU=ihf!^Wd6N!pv(2&jEg_kbmu2 zyis3B`V-LU2P(A8xn7FxfV73cZEHw1uL`vTVhaHCYto&6fV!@}E^=2N>Va|1-{nV} zLtn0xe)?~_jyT^9Yar+@i?gL?;_PWuJks_>LAyL@JXJw1Ro2EG0^guT82Qcjp}-&8SQCa0)meRR*={mP^z7$86j=?f&3TUYyM;a=?e~=Vc_`bJkbmgw zQ71S?%euY-IwIqsNqnzD+S}Yc;wsN=kh|zl1>%8+kMHx)?jRrZuay|N7Ab}HLiawj zoK;%fcp>wv*<<(;$Q!>MPS$DhDH{+rhPVlhcWGB75svhvmvygZ)Z&4Ib^$bWx9ro# zw5tRDgWl(w-)r*nzR)4VgLHmAvkGCrA-+q$(&6jlpwSDRqA%&|;gZ|HoPN7G#mAa~ zXUgz{PU0i|-0viPOe-@LlNFkcL+n-CCH^3JFRd%|d3_zNP7|o8`-L9P~CJjnNGsQ_F|^Bw7agdu40ORxn*w_KHHjErEAA z-pz$P>}h^C$7jomaP-?+>9<`ApA&VnEn*uWdpDd@!*QB?+it^iLi{)Sb$|`wv@W%= z938Gs#tV$?F+tq*NH>Nz{+3n*xCE9L6Y09&wxa-Wcuu!PU2W0#StGN)5 z^6!|y8?<$z{GBd#42N)r?^J+qa$ox3-rklzZn%vh1k9^|i+TWgcD4mLCu6YE-y(@l z?wv_HMz&1fDXiV*y~#Pkyau>3crV5KEPQ^}jEy1?@$P*e0QDrSoSSC zuN3ihRf9C(!>wdp{RdO*_~9FWkYU&EqOPFtl1HB=-&Gxh6&ZGI2fXQSS0>xq#q&Zj z-o+c)1Q%%=!!O9LD_^9o6qdAgjRv^Rq;4)NbKXXGORL*PPo%#GSn>fqeE-g(9(J8s z0N&cNF7};`&i7Y3ea!9a%BFhKVz;fnf%o?}8*bQtZATDR8G{wx-`^PE?DRNW`+70z zhz0*50N9lGvkcKLy&wF0e4Qw32WK|r{XskM{xfWwu+q36n}e|wu&bp<34}b~Z@lko z3hiATeWW}z;%Mr zJmPuA=*c7jgSG)<5WZgQoAGdhCzB}R$<)`^$zR$2F5Jc%$JK8%ohjnV)O$F^Mc=__ z$_$YviI4G?IjeZOS+C5NWQIJP;$fX}cqWKPdXOs_JR z0c5zkm%I3`EZGq}EPwt5cw%sdr+YJC9G+&j4IODTon5WgHgq3FJnCdO%HHXDcMR^Z zv@zYo0iNSdmxQjEpVCeJMZM{%E%MiWJb-g_1$xkZ8C%)*2@E&u0s;P@Pdzks_zPv# zec8i_%zLTB82c2rUaY(aRqB7*Ev^j`wWoh>}hCkNsr*U9C|c z+IwD-iG7m}*2$W%ZVgAzOd#t`ywEn)W!?1))A*6If4wZp;1AeNOW=B!0H8;JeCa#^lwcV~|$gTh592Rn4{cGOaoi_mkU zr0s0mcysM;{@lI48yYz9Ae5lD|F(6I^19Bp7TC~Yx+uZQp>^>CwEvK!8ylj&ay-KK zZQ+~tTt*oBbT>lsNZ@94aeL1c7vyKJY{lbjqKye(FRJG_}3cNgfQA6@DuCL zH(K7WdIx=W)6@vSDnsTew7pWcH@5Re>$QP=J?-VNoNdZ0_x*dBVl2z!NXX7;Y)T-k zRkF3kvJ%;`&kq`ZID_|SfT!N*sNmU0tVJdCRYbbkqXgfIq{^7(EPTAm?lMfZ?8V_8 z!Y9j=>#e^AUbg|So4>;vqkL|=j#c=1vVhxd*Shl6ThP^tV#u;YU)(s=Z@G-~Ip_$-m3&#DJh?xI;a4ShOYh}=tvl-}lzW$) z2{2F(wzNLwbGr-q0qRAf3v-j5Eqyiyv7f%3*2CTuic8|mm)TEW#>JtV>(+MepBB9N z{pXbz&KLW&P8ELcOX9f}M)X7Lp4S`dG2^(-MrZd671Ce0YH%O3!YUuSZ;p!rQB z9rEKGC-axNT=JCe?&>$54$$79|LJ5cbp?Lge$-ctHOkx5Rn!{~PuisX6L;Kw*FAUd zxHI*RyKo_OuHX992aW^3$i>Cq{hnO{aHNd>)F7hiD?Zro;*p-`Ds*9Q+Jou7KP5~A z7|=L~ybiCj^RRt>#1|y6^B4!!KIR7jUrgg{1;$Hx-j&ffNFpFdk$uHF*%X(?c`<%n zA?yRki6#D8=gJ51umO~Tv@uOORx7aAp#jWhS`L=sE&|Zu^*GYC?EZX@04K*;-5DOh zneW870CX|m2^mo@$q&b84}&H@4qsPNejz>3G1ei@Ck5lPBFhEwK*tC#dT-g1sKbk6Is;6%Ner<2e#>Mw0A&!84PWf=IBu%y%7A=Q}^L3tHrXLS~FkoSYl zcJ7*t$!Y)P!Ci<#Kj*Coe_m`I z8Fb6>U83(YFFj9(PJ*@&_w{Y=eq-U6?Y2K-=n(2$gVsCNJ>-+`fPNUxJm&zVzM)<` zc!WHoj|iFhwTOU~IjF|sd&M5L`#k$r(n8l<82vWyCqfRad+kSy`L$mR@;g=ZarAxw z=`cv2@gdWphZDfTwJmzpJUR`kgNH6_If=Y#eWW`Arsya_PxQbftb<0kqdV|}EKl(R zA6~9ydMGdX;aIsYxfAH&J(>?_*e`QLX73+1TgUJZ3>Yj_o4U%dKAc{POU#6qhpnDT z_&|^5=lj3emRyegPjsH4TMt`3;M}E+OF97Qe?P44AnTQjui4wuh5>WfWE<;yq{7j$ zioGq#?~z&y8?pNGnq7#Zzo>n%sI0{I3HBEFwO!4Y_ImczQp63UDEm;~VC!fjMK2_M1c>Z9V<;c(G4~-?A=}xOH75J8H_$ zqoZ+t1jqji=d}smSD_)5iXd}`$T&Dx3H23a=gzarZx|)Nt7PG#+hwV~>rp9(M=vPd zY~Ovq2IbHC@8*tUJ~8mq&gr-jHtY4FH*S945Kyx2$T`}O8}9pv@9n<7_J1jRtdJkN zsBmo0`0!2-%3kjQ+1lORmE%}~)Vs%AJ%G*=#@j^LE7?Od=WUT&QL!iKRgQfM3PKkMZ{i?&g1TA7%bSF z$E+Mx?|dwIDEe-o&9zaa^B?PrvJ>7KpgSyk^5#*ft^VNdK#te@NRQv^PPwf&fD9I* zW#p8FzdFta=@fYkdcN}?g!~-eg6lO>E=AJjr-{k!9C&f*Sr#l4)dT6z=VgDn55qYV z`yj`Q0bJnY$HL3|u?fdurzx+!138$xb`GAREIxQvWhHGc?tbK6BDUZ1{Xgk9_o-}v zK68JfkEK)Wg9M~Pxkn<;f0K-Kg1z-$b|Sq9IJ+qK=Z&_BFt;GHa-D7!;J_= zA7Z#kX{x*eJ;)nA(Me42p6ZrclCOK^f9_2Kb-L~(49?D zSlalRKl(?fl?S&M=f0ELPK!Ql)H8Fqo+K6yALnf|z=^Vsg+~?+dGVf9z~mnX9BmH! zOQ^^B;R!vrNARyxc!_H&iM!w8ST~4ox!MPw$d)MB#Gsv$l`0eOsx{#&-2Wck` z-isvo%e{W*hYu@nK76Pouh*zP#qxLgaIe&Hq~{xavm8h-pC|!(YH@xx#zscl3i+qe zU;NNHJZJE*UdH|q))@;};G>W~Nx!SiT2GsfVcYPb3y5QsKZ~6>sh;0w4a=4j&L0`H|)jR_F^L4X@g?{75#0ErO+bbzS*~S+0=hfg?)qy#9Iu`f@@2R^PWr`H3)^wpdTkU>SG#=28k6cDL%98fM z%L{c|+UCl;{-5^lH`cGRJ^=Xd(%bfw7A&QeDg|$)g*qq}sEP|Q1vM)hQ!;BpGMCXm z7kW2J>%A8(i7(hB3!z1;7Ac5IMq7~)`FO2FBU&HIrn#d&w0-Cd!EnpoPW>x_sQFCoBKZ1>?6r{ti-c|#_A^% z*Xiu5&XG>Ex<^Stg%dvb&JTGtY;V?ejCy zwqjjV>LuD**}waKy}r!pc`agl?c~Vv`hLarV|6|4dot24{UmWOVFc!OZC@_yoxYR( zOX}Y*dGGX}=kZ4gn^)h5nESwaeP!Qmc|5i!`$s0W-Zh#xYuE1kS9S6_bW?n3e4{?g^{??+*6UHHSKQf{Eve&_ zW5x7~^7RYTt?!%V!hhse2OzgLe zjyBIQeI&CP^ZzLF6m=hu=&PR-{mAE<@H2y7Exz~R zoOZm)OSFkBZ`A+Hz9?VTOWV(rzu)Gi)J>a4b6oPssV0rE%DDZ$nsg7F95TH0K^^MU zcTSJ8&YAuu`RK+gZTrT^@5&gWUUK=%ux#UlwtH{fH-q~#yUciVme(k6-@B@( zrA3C7d$3PMnrrItVzM#DABx{=+HVP4)#T%qm=;4@-o9IeWj^!%(-J@HF7n)5S3R@u zsrY_6=8Lq;JXP~O@=&fD&tf#*U&!@U)PI||VzH$ze=fiIKDXAS)M@-?zwdc@9zNH* zbXosjY}!obCF9OH=NRc^IpP?qJQ^_HaJ;*Hwpp{?{bF7BGyCHA^SZp@D zoBhTE)u4^^m-lebY2`W6TGy;=F3$KPag9iMXLmhcuU;>;p6xQx)@>{+rJnK_y*-DT(~9A3?Y5?q zkC8gPZ0Btn{d0&*;`O=x*T)XlnfWY`+;=VQFWPhWoi<on_ny5-{^kNjpE%I7J@@>9xmuqjiCGykI>+w##rD`lwT#fjRndig(iTPLmgAKrZP ztsm>etCz=kl6ct%I@nppv#n*D&-WnQ9BsPa=5KH8R`loXHtIpzdppm#Sx~&9HC{N{G4*{3dh@^x7suJ=9r`!xMDV)<*=OQjAD4c0qZj#BqmeKI!K zaiLVa8KS+$tkg^%C=Av%e>l>VzdY-xc{XUKk^2`}7kP}D7pRqLSYI+%&Q*N1UZ1{c z-f}sq)5!b6a-$oMnz+9%+gD#`tim+!@hRKc_>6T%bAMgl%bte~50!fV>P#K~T=%Z8 zjs1n#o=mK-pNv`0)@&;uTT{^4wp};`s5gXz!){ERA=|o~W0DHvSJ{o_wce?$gJ!RGae=@jG!GSodkf zzWd?m1Bv6nLodYeVoaO!m;EDi0?zRz(#SIOw(r`JmqV5qG2hEE77RF7sd9OwY4{%?W|kO&iX3+n!rK^t1Tg zJTA!J`bGIXlgsVZVV1`)&;2sWa7UcH&NCIwI{Wc0^*p7`#_wIZzl|T^9lztTPJbef z!5^QA;kB4H=P$wz&j~okm)V&oM>04s{#zdpry0Gcjuh#}e#PUj$G64pF?3!U*t~dW zJf9;{$LtN~=Uo&1DNWmYBKPa+X|Zpb=VAIYm*w_}+hTgS#P)yYiH+yzd)O4yqU~hA zW7}_1+GH#bH|=QFxp&reliR3r9CA9+Ig#}g$I(#-?fy!=?3Ytad2iLk{qd%WUCna& zM3%VC$L;6HM}+0`Z89(IzWJQ|jGQ|^+5dgcd_7f%&&^x=X0tg?kLJGT6V3W2m%Dmf z8tboZ+0yH>&pCgyp^3BNPwO*Oc{T60(dK06>M~E+{tlkKT^=f~g>YB##(mx-}_!n`JZS3I0qqs*#$H#Y%M;)}=>^#puaBDKzxIOvZ zPChU0#;bdaGM)cr9%Bu(z1-|L@uqpquK%q&c8oU!JC@j{l=z_OY{7# z++MsC_0iwQ*k3P``8?;+XA|$HZO`Mx^*`m=Vg0^|SXY+(N8WQED)XB|yN^=V-^2Ct z_YWV5&(lrcRD5Qe&fn}`mlwZV_Ngc9bxS*My)H?|EKlBYvMJVuvoqh=^A^hT;O|hD zX8qC4XO^ukSFZ0$p28~EGu?Ql|K;rRJTxdzU3Z!Py!EEe|2J>yS$r zjU}$D%C6OV8To%xHy_G6%4Kc$z1ipg&D@sdb~s#eoAZsR*Rt$~b1wI>exG?N%2>jx zI_%xg45oc^Q;bJjDz?ibEq}kq0&BOo&tiS*r@>JA$=7b5Z2EGa-q;Vjr;YdY=6=|& zi8kJ+`e75};~UCx^V7K=snd(F>*}xv`(b;we?G>eJwJV@A2z~n3{XYSs*e#dycg=4&a$lrm| zPL9S$*2BDa{8#ml=jG>A)tmmO<-LVBT-=-gy~E!-xoml!@!l41m|y>yu^pqk*MD|w z$K=kcH#$`fy|`?}Srd1Tj@`X;vP?bi#bxL37~M0ubN#ll$%zs)FM{$Qvwkc~2^xNJ zs+vDt4edHPRV|pV&dbk*)78BEtfs5sT_=|hx*Q(dv_{G4ys);)0x!g-5+ zP^~@r;|1{mg5Be*tE;A~WhZ}pVb)XZGi;AnCf$9{Xti#-I{)O4;A=$pvr8&~g{ zj(jeNux$WbkK$iFU9CNQ z)AHWc)s@xS9}I09`m3S8j{g@eTiEPg4K2-NHxKPvy?N-K)kFKf7c*TmU9GO>N2K|s z%|?_3@nu2XM&sMUoK%`E1(2FRHE{T6MC@<*_#rFSx7MQAfWUUt^zn z>~panlk2dd9O4?3IM#nQ`Vqc86W@og$er5t<)O*F`M>&k1jWAJ%(Lra$a#k2T9J6} zWxS00)Az-zX710)(I>HPRgTQg9E(1QXAi~jPz<@gn)4T7xm|eEzepq3rM>7qjlItD z+b_g?&%|&bzRqv^BVs)BemaKeLwYvLHhlK8q$8~S#q?KVcsahzDPQMZIi=sCi5~lj zn-9;P`PY{8MM6n06|LG+0=l2mH%C9p3xx*ZUmHZ9wi9x99kZc{^WR z7t)mV?CXS%XIm)q#b>`yD#jx(#}CI4cxTfuCX}Ojys_4i_3}Q zXuJN4bfY~SPm5)(MVsFyO62P|^83S>R`OdO7nL*QvzW`V+qZvKPwQWUzM(!&%l?7> zeLLB=8^;dOzd7?ad!ui7XG}Yh$6(Rd^m6eVAI(&oKD^_vHNTe*ug})U_h(%<(cXjC z_Cb{6=FQP>x-`>``I}?awlDFy+v+q+U%|Zb$?b8x(ixw5E{_-HjO3v z8zWBkJAUW;F@CsQ{+zwSlkselez$zy$MxJ(o!`3jz3s(i@BPhM>GT(8eotrm?XzRz zN}#yQ{GQRMtVr|uC0V8zdi6Wg`?2aK`=0#W=kJWkv0OjDqweGD_XEVS*qrO@yLIzm z{AScm4yC+ra34%Rt(%&BM*KXFROYGL+?@5?#i)ytcJ$w7o}%A&=J|)taqWKeTlDMf zbj-8-fx65OmhzlA8Eqx{4RhXp*-E`{s*kJdJPhtF|NgU1KC_*a{`OoJ zdr_x%+_z^(*5>w|aSHq1(zd^|rT+br{@nK0zt=0-BR}8Wl%M_x5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF{Jsdx{`&egQP!c^ zGmHN@hM&anatxUO=GlnxUycWajvuBp{Vi=C0is8Z-mdEhU7)D~a zGKOnnxITs(WB5=EADNB6Uhn)E-uQ3!%q72=J+m^>UHYvY{^Zp)-@ZAbUv&4q_w|Ni zWYO?>)ll!+iJcRZyGvM%BoOio^J~Y5N-e2qV~d(korS2Vv{I#( z+Em^w8-fwzh7d|(+Pql^!8FwkB4Uj0I31B%)DdY)V~hjAh>FRIE7_1`=lguU=lzBY zA-13I_xlGt9?ScE&OPVcbI(2Z+@J3|E8jBzt&wQNoczmUs5kAxBh7ng?}lxae8;kiCFMdU_WQ!NOyoMtn?P( zSO{;PXUroDe7X+`XTkpv@TZ_pg!IU(0#1goMgQ3^rJOOO$4DO=rUM(`acAI$5#TBd z9tIw7!9&0kEO-!jq6HrVPFe6#;A#s#0$gLkMc_#m{0wld1s?>iv)}{3^%h(JZm{5e zz>OBX7kF|A&+Hs({8HVa-K)Nn_3J3*He^X}4%3031a7h5-M~{qIN&c>{Qaa~6sE)f z7_ei(+ksmxcq?$51$)5l7W^RaR14k&e6a;@0G?*Sy}%t7ybgGJ2wU|(j{1K+`t^{0 zNth1o0>8n6ZwH=X!7G3-wczEzms#*K;F%V@6nK^eF9E*Xf^P$!ZNVAfD=hd{;43Y7 zA@Efed<*c^7Q6uX8VjBeJja6P0l(3L=K^1A!D-;@Ecklh>n(T=@C_DxCGd?FJPWwf zf@c7yEqFTcn=E)L@J$x%0KeISTY%?Ua3k0zBV>hkfmfJ^=h@7F+=Sa|_-FywHO80>8(C^T6-5;4JX_Eci*_TP=7u@c*&koxp!#!TrGR zx8TQsGZwrZxXXgK0xz;)4|uT!KL~uA1#bfWfCX;=_WJ_i=x=&~KV+q^172dmYk@y( z!9Bnqv0xYYqZWKS@KOt20sNO1yd3ziEO;64$1Hd$@G=Wt0{qt&d>in`EjR=G2@Adz zc)0~H1pXTfz6JP`7Q6uXZ!LH}@Cpl_2mE&yJQw&=7MuqDdkelE_;w4P1MK&;!eQ?# zfj@1f&jMa)!83qe3!V-Zt_5CW!71Q7Ew~DJtpz86 zKV!i$;JYl?0DtxjTsH!|&Vq-5KWD*1z;|2lAn@lc_!w}n1s?^z$AXUlueabL@VyrN z4DbdEJ_vlD1s?$3Xu$>Gf3)Czz?&?1FYx^qoCkiug0sM1u;3?wAGF}z!2e{yJAwb% zg8P9Vvf#&nJqz9ryxD@c0{2<42fW3C9|YcN!JB{|w%`rG+bp;j_z??U2fW>a*8+dh zf_s1;wO|+cUo7}`;KwX@1@OOG@N(cUS@1I8FI(_Z;C>5U0{plI-v+$Hf-}HhvEW;Q zcUtg5;ICTnEx@}hcmeR&EOHo*UJ2Cf|e-ebca@F4IHE%+F4!Gezh|Hy)m0PnZpBJhtb_!-~> z7JLx+KP~tG@KY9C0RArv-Uocpg7*Udw*}{cpSIvE@J}rGN#JKJcsKA*EqEvJvliSB z{4)!F47g~)+kp>R@K)f%7VH5(XTc8wAF<#~z(2R(4ZzP^a4+yLEO;I8Q43xR{7Vb& z0sfT*yTHG;;M;+ZS?~(r-&pW+;1?`-8Ssl1ycBrQf|mgQ)`D*XK5oGo;NMyBt-wPT zyb$>J7JLiv2@75T{E`LF2OhTIdB87Q@Lb@N7Muot#e%N~9>^!k5XErbBHknAy z*}MRFbx&%`@apNAsAvidBlMK)e|m1ftL_~7VA{kU>#b=`&T`AR-jw64ER|lkjGg+UmzI7pVd%-=?&pR@H+M8-Kp$zal zNza$_obq?@F9G-ERY%MDzOi#?sq*Y?Xw8EEYvmR2u7K}Ja9fqH_{lR3yaX9*!@PkX zgl;#_MUoNn0&fJrGsyRS@NBYpK2KUdH19r#=QH3R3wZtn9?#DaSJa> ztTx8Z_XhAQEV?%WFNf~dbMn0c{4$GfCh$_|-c^00vGaXB_$3zI#lW{gH}9N$F9M&j z=$e6Vh3>|4@~s2E(4wmbz6H7~t8aAde8+)bV9_Oj=Rn-h;09&UR9JQ?7CQ(y`gDnW^}>nV5MwWgvFOdh6Skc`*~Y0vKDp-80#g?76%opm*UOBl87Tdr$9T1Yjjw`sQ`yEXE#y;W z$y@-R8_2AKZm%Wtk4U?{H)UFKF(>sa|)W@x5{Vtj0*GH^tC-yayhy}yc3H7&n z&7J8nJ#RBf=quolrp-0~alkCX4pTlY9_TA`@KJwjj+o3c>N_bNpsz;481yKpjw(8{ z^mpFQds(kmJ*^*`j;PM|n$z`EuX_4A^(21kDGqOOcfv$EsGHp;+wywwZ{Yn>o-=uR z@NcUpx z8)=e1q)qc)wP*C6#QQ1v0Pl6YpQPNiJhKJz0N23#@4?lVZQc9?v3-`_WpC`fl=R<# zqm7TI;7R)RK)(zA7o;x<_~@tG=bfpeX4-!jF>$m4o^rjGd7cKJ33wiYCu8yam^9+! zsT1({KCJ$oe7+BUVZgHX-1;TDoPyF9>+q)y3p0C2=SUl^%`}IPZ-wBV^#+vUSZ3aBs;hAdjtOP$j$Y(A*2d#Wm zw^QNy0zA_#o{xhMVqo(%@C;f!A0@2?p1a|hVezQ_HG&lGsdHZAke|94fvvmBl)EuKFHulA^XQt*`Jm3iip7K7(Q@XWDzZUk=v zo(g!OGw>|4cv7StA&vIe^q=ap%V~4nt5=uyQP$`MhqzP=sRe<08IY2N9JT3OpQ zF`j;V;@L!K^*f&V^iKI7V~;4$ z3XMVdizGUSx)^gL)}#)(-6mbZe0!&8;WstVU5CtBt}*Do96MJ@x3qcZ%HG7lp#B&S zeddjwC+~Z~1B0F~{GDebVN}2VKSfx)>vtO7uS^ z@^cxdFovJHyn+6D7w_)I>=?>XNh}#t_9xSay?0l4{?45QJ+vz*mw95nW3ZFP{Vf6A zCg=tQqZ?}grg;PUZbBxql@Iu-Bf_sNy>dWxT@9Z1AN3~EYAco0E%De{3eI0Qlw99W zYT798G=D?-g3u=@_XGXt4E`&H_~w=n zueA{73-_Z-qm9G=puOR(@I(Un@p4_=;IC)9o=Ntnozp%S$hlU0q9;xS^Oqau2&Y(r z4~1#o#CN zyy<@Q4&?Z2qVOFo^M&)o_)GA#oNS|wQqFLW4BZc~Gxmm;bdmdBq+WFo17(kn^}bz!}Y_ML&&M8;BADsM&SORV9QaZSW@#gF}Fk-NUl zj8S}%J%p2w7r?LSPA7Zbj1PF8?~@PEhEB`%(iN0x95xuQblML5X8h?qNN*&5^hV8i z;luc)dSYHYU-cBc|E2Z*r+VMtX3T*$Cnlc#ZBAGZ`wDR<*&QD!?Q~4jdZRk?>-PY2 zs-|4riK(oVE4d?TCcE3x5%RB;KOUdvBtu^;KONsk7;_l<;AZ@zX(#WyQrYI6_30*T z#oRq!L~s9H_VDWn82mRj($+&ehvky5C=QX!p<bnABDw-Rp)%rl>tPw@2j5(*uQ z(6ceoTi?3dkIfA}?RC)ZgT~+g;OXy^s4ffB4%2^6-Bd`3uk8VqLv^bdQtU2nUGiDy*%I5+`gtOi>wOOH~BL@8NI*1zO9kx zKT0n2`5^y$3-QCj+Njpn8cx9bBy^vHj<`FtM7n`f9xwLRv}(QpZYat7QE(%SAIJMraL1w7coTazYTbmn^XPKbk?2VOAvpD?N{{f)n*8WerIWTdjJu3M zm`9*bYAS1fQ%!HfBI>F2XFDikZ$n$J@W4M&+Hj&xa{}4^YbO$m@MXu`J3A9wUz3UK zpT>GkJR4z6CgysJM`{L2r?U8=XtEtf_>}A2W@ZnRMg_B0X09Tx?y4`+#vP;fh1|`^ zZ{9i0ZC0D7KEAK~Xur*B-+qh$2EScxUVpsj&!s8j+rB7#P}kp(?HT99B&WfwWc=a# zz{W}70-7Dd2^NiL%QS8OD0-En($Ma`H)YqDbR_G2n{l7Yl#Wu?S7g^7`X$ljJlCZx ze^rRfMy+KVja@mo-%GpQ*fHy+Ghu8B`)_2u=AKPR^N0F);%Kkx{R--nx}HTHzeBNs z`14!ornVON#UGV@q2%w;sXYYvH-ks-lD{_?tjm1}-(d|&^N67(8xjNZ&F$bmxeGpM zeC%~`x2yfXscu|sF`77Ek6 z`2p|sii^}QZM5AvfIew+^NFp*VdW(n^ed9bY+qNOt`FHa|E5e^{}b`4yk(siJxIP2 zD7V^}zelN9FZs+j_lk}=KI?z&w4wTaAusR4;2O(ztN%Uk(|P|O_@Sxadorh3U$dCD`X`mLr&}JwUahiRg&vZ>tG;hvAZr71mTjY~vH^07 z*=fbK$o)IX>WifHk7*IVzHgNcEmsKz4oeW^O= zXi3RPd>@`$~7~1zoT3?i&YojqugUvR>nT8TMjL0rL6LaUA1kLm3pjiV{K+} zzskqoI%L!+uRsQI^X9M1c7eU>RMyv!kqu>tAHGF9>-)TJAS6kpElIW0+XtkC}P0j_gD%e(bb}eyjff z1of)e|6%x8S9GR_F-Bu7`89Li$6U|XeQZE?DRc{zHfR<-sONE`_H8cn=g{9hGd`z} zSgyVzM?cBjd}gkrZD%gQUq`0O&Syt_<#Lso`dRnY%e?50Y3Zi^xW;rh(@&em?zl52 zH_e&Dc({tO&@k_7E&fe`UJ3MC#+Yh3bJnVS$H2&-qyE{{s+>Nawm+ye@D{(vyk-S4 zT;qxe_GZnmefwaWqqz3V<898m!6^IXR=H%G^Zohd*E+&^{zf_mjy{tKhMVNP=!^O+?lI=rRKXO=O~Sw7m~ z-44Gi8(_aG{H1b)mL0+)wBB3-y%Ok^K(7RPCD1E@UJ0*de*&En=#)UG1Uesw74w?jK3RS_`(}9G3I(Bn<|{h1FO^H!6)vH6eHT-`@$8O$O9E=#j3>J zt;Gm@wjt_8Hb$Xq z^CIG{N1nSrYi7CT1JXr#BnL{Pn^rrDAs^V(&Kd*h$ciCrrZ0=K@!nv)kF(y(`9VW| z3&?Nc#%}-pX5Po^{j^SHnzw-;7tqY*eM~^}S~9PLCK1rj;l1)aGG~LY2xw;V9tmjv zH#)a(hz^tjUWfNn=aJt8{*{2Hf%lgKn%B~K0yHlL^y7H{{dr_og8yAW6XpH4o3=Qr zpFY`t8uhI@(;N~18oSDMeE(BD`?!yrF?yE|vuEw5&D*;Q@#nTb!FY92XQ@QLRnk~X zIMQy^+>_@*!T5~n2M*G%QJf^!YkbQ%_U%^)ebSOaj>r?uoJ4t$$FVqy~C77z3XS%=$ldGyz}2YSDqa|N#p^`xDCOZKSb zQz!9q-l#;I8q?cmSTi%xIRm9Z$?q|G1wQhKaUJXzSl*cy0`VCmmR-yG(p^z6)U{*XLb=W3lJ zyyO5c(|9(_Z#w;L$g_Xqz#-Cgu4o};IpnU*$aaY7tqB<61X?d*{}=wu0ss)!(o)Vt;)cWd#YTFSaDR*d9Zv=49UhFcu1=SA_qiU;mYSLCmE&8D}R=WG~D-Sqb#h%pl8c)UYvog^G{E43N zq3nx4wiZ{GPL}qkGSTd`_I`Jpr+y*M`%dWQYV8uh?oV9S=rRucu?}Rbf7luKBAgreui&y{-0edV5`)`)J+b z-yu1sat0^V{GXb;4ag1cidH65sl`iH@J_OB>h#T)|BMK z(xrQZ^|^W6zIlAV5gLF0AkZG`y37{OXah4?bU4*%(}_qLt>xb@_rUSw%bhz=?8 zzIi`9VckNz44wzFGtz3?*NP{|CrduHK|bw_iA_OymCKo+jrua+{VX!p!rLSo+Vnk& zl|A+C{j0BaF3PE%d(%m5!#<$r$1-?64Nrer_jHTeDR!*~zk+9jd_z7V-2QlbKlqOy zh_~;Qd}!m?qe=eKLp|kZrXyMl?oOnc&u2>5`}f$YL>rwe8*5)8DEGuCVjN_oe5ZY9 zptM@H3w@^!p1>~bxwogYGt*?BFQAB<&pRRK9qVk!&)OX%^G4~!5ZF5aM>q#wI zvnEEx$TJQP?J6BDw=3KMcslc7$*5#a%JquAY-lTc5=wWqCLWU&dpQRZh`CGYeY(tUWgPGVkB% zt!>{eUm0>1HL@1n!Z_chu0C8ai??I1h-@m`;u~&`LachT&P_Rkz{Y}qYrQ+9Ra>xU zy|v%q znu+Dmk*91P)WkM$(#)g};M(~ZR8GEo+{EeBJ z=zf!);@*|1pe;>uxB0R6nqI~zj6X-#`{TEkxf;j0oc90&i#oGUuiiRr62sfpJ!c=XA^mjT6uO@c}@!Q zj4Dq%KiT;S@Z2ttu&->n)8T{bo2zB7^9c$lKzSKS8W2Ig3 z7e}99O?=0MWu|{ZXNmYRd3S>oRX^O0zklPJOjXbyRreAT@kgy$eEEsQ%F-Hmdf-_- zs~B6eCSARQan&8uy_W8j8|itgN%a%!x*Lr4F9%g`p`QnJ^4gR6CzUJ78Wl#E5PSZF?kdUO7dkZ^-IwGIlPmhE1Vl}p2LO-fG&(hqV zq&3F$ZK?c)Q+dcU==)3Tvz=9MMbfSc%C$1o2YK|(N3aj_UphoN_R@CN(uZjsR(;Ju`ii-ECv8ag_d92~ zW#3dfxC77}J)5VMHkO&6XO2R;f5zn;9?tu;HvRz~|NFp@Cv8#>t32e#zJ}jc4uU(# z_(L{n3)?_oqdIKo>mJY^fcE?3H_I+Fd^)3`wxPXujU_(<9pm)YG&t>j+ikNz+LNTs zBP|~0#~AKpS;pwFCF4`jEfhcL$NK}>fiC-y^JrPlsQ=B@**c9rFFEiX;VIvfPJCz3 zngRDS$rLV-wU;z~-+)e|heDl1v-(EwqI<9Q8t!Amw!7azdZT5 zXPiTOYkCTN+Fbsi`a0#Kex&^DECsPV?88q#)gIXQScM$zM?Z8p*1CY_KLKlx_6w5F zQ)3j_>>qiu4xgegJYy&HT?>xye->vCPi;MYR!Xw*KbLcEHT|i@!<=(FS{XBM8UxI^ z{KVSowzYX@@i60^3dZ6!d!{)vbY_CI?Q2qppVat>v?%y_!pk?o=lwAip$+_e$!2Ud zc}?oM>EQh{m*DvxZ_(|lL*8!{4Z1xE&0c6y=(HMq2K*%GHlbG%yg$wYe_MdxuqIVp z0-iQB)CGP?8NZls2@Y)s&p3K01%7E6pE-tZ^T0dcRhH%Gyo#~jJm^#4r!&{w4t@pn zUFgyXt{>W3aI%qfQMr%ir#Vx>-7Xw-Yxhob765Mou0^NmzzcyN4B)-cKL+fT;X_M! z-&%e@oa9})?o>YAsm0Qde%pUP%KMYD1^MpfeQoegJDm75@H*;ys^Y5b$oR8Y_Q#I& z>l61=mc696C>?qAq;Cl15Zi|8sFSt1X|2ifd)IW{sT<+D$g7n)(EFk#yw}=oLOyf8 zKedI|`h(uhwR@R7=SugqdrS6mp7eX1CEdq4(jRb!RK7}^)Eu>mIjqhBv^-Gu_nh?a zr{Bs|z+VA>1^gB8SHNEZe+Byxw571^pHDa8UQ4%t@BgiSTQ6|^zIlP`7rn6cJLQk3 zE?oaR^^FVMe*QT00=8fG1#Z737r1^mU*P&Zeu3-vp$l8T-@oAk*UvwDf8oZLA^*;s z3s}ER7k2%Q{P_j0U-|;qZ^i|#-{lv$e$5xQey{xg0@v?{7q)&U-+zJY_ofS6zxE4U zKYvaB!tH-gUf})5%O@}F`aS-U{~P`8N?n{{P2c1ne~WilBoobl<}IG^H9R>4VJ_y$VSF=FItTKv)O$tC3ch8@#MpDJ>M?1~A91csd2p^md5t6gyQ&w* z?uxjT`BigGcJo~5TTPyCT!J)nc3PXAmOMMniLA=Hd^cmCm7WDjNN0X`SE#ykvu z%gEVuUaZG#hITV)Ug6v{@H1YG>zn>++?J`Y#%*<8jeEG|)wpequf{!6dk(I4Jm&z` zReOeYdb76LG3#30*cvAtr%rfgEA@9bd&!@>+^hNwwt(h!dwpAYu{9=Jxo)!;VXx3{ z+v_+Fv!=Be8`Jr_(%S0wk#U@@zpFaqpUsnxIMVK74np zi~qKo&tG1Q{lIfweH)eK$zDN2Ppa>T&PjxI9{6&0)mo1oYIFLJvk-sF9v1hYy~KBg zi$|!_3Z?5Th1+Mwkl$!;)ZyF8@;AGyHf31P_SeLB?_)nsXCl~pGx&tzjHTgB>e${^ zH_5(tl6TIix~y^g^lkzA;C;m%Y1%vRs$S=`F3NXR(U?2umDjS@B#ReO=7{zhs_`9mRj!^DK?(ZAf%kKGJhr>o?{LwPLFLpM5(JcW!a}IuCfL{{g zeSOvz&&q$*+M;9I@k!#^%F^%rI}EiRuC(gw)0|!6o+^H3fO8cw_VX*BdNgL9dh{(t z-j{^$*f+X9nu$Jj*DA;DD=PlP#UG~A4o~XbH+AFda0mA3neI8O))J_&`SLKaQx_++88xP{dM)vxCrtBKsH%EIGcX7Unwp+hy-8udn=w|Hj`&Fc{Y=0GkHok{k=whujgBpqm_>5-e*kPKxqZ%v>I0BUF_lM zTl!Tw)73(IjPyi1OKZ(QsgO*^boOC3bP3|2|n$YpLl}6M0{$x#5GZ! zVFT~)VWmxaB|bAHd)b-q;Kir7lQWB#TIVW)vqX-8$2rOWI``;u{!%(hck(lztU|qN46KGfZdv`${xqZGaV~NR}V@n&^6Ww&)GkGm_mV<{nk5YdB3>$g+=l-m6{nP)V zTpRv}a;H(LcfF3cmD(@348;vf5wzOUBPbzKPESUAsuCJ z<6IBt4>%7o^byKkp>NLl%ZeXb&i`@-eu6XZHE8!jTL@^|p`8P5)&GLF5!waf+cSZ? zhHBcDu{Pvy~+BV6a#EzC^`CAkJY!7+%b0<kFK_Y0HMb%6Z6Dx>o_+ z>UPDQmIIVYXH2j`VFAwrbfTYmqjS;PG5keL#ho)v1#snOUhhQr#R zJ}$lYpuhO{IJAd>(r<*@iw&`(Z$o$*v0-Wr^O2yADoAT)eiG@SZK|zv_G4+ejGd+b zzs~9((`t6x9TtzeV zW1wfe%9$17Kt_;?%K1V)3$^{;)mgDwoN2!TAEk%HJp^ zs+@@PBZ`iVIjp~iNjTlRHp^MI(#UxAR$dT7W*|gtZhjP#5D?lIIfpVYD(kU zU)G5x;=^mKI#?Ls{!BE=%iU&@VOi-{`A*|ZdG#Ka0lEIY8$3U5$y*V~`(!_3g>&WA zy9WP0BM;uif_Zj@vEP#AuZ4>yuxXdZ6_VMXNVlvdPPvabCe#(#e%*kd0$tt+#oRcUn$SmlJ7FcqkpfIorAodRbJtk z|6IN>zrq>a_J_KORgb?JSD?=xd{6r3&)8!0d&*z@DmyVb z8OOfePFnYO`8H7*2gwt@UABD#ou3GGApL7)pBeqCC4WbN>o5E6=)+dpznmxUnqKnO znLEy(4Qoy7GnY8glO`Kezu@*6eGiym92najF;OnQkJ83C=L(k924+DL4{!r%)SMt<3#DB2#TOIJND*Nr|O7R3TJ`wQ!b-?#Ai|=m& zzE6l&Jjm5KO3D9#MfcHw?!$rn4{0nc8u0}Aya&E!a60QPJ>MP3`BO{IdjdJ#;rV^& zf*3LSN5TcZ?TD_m{be%q98PLxU=x18=S4p3M ze*QUiaao}243!Z*TkrXmX$!(*+c4!FFIU@{z zIem^5oCImrFFHEf<|+qHoo`N6i@NtMY|y zB#awsC+;@K;G_OJ1M-gdJJR#iFQmuWwm9YAVM97{PyOtSo~M3ZF2||o45fNNE0h+czZ}T_S3kYRPv2~%KN6%r?58*R>Gxad4=KHWj&HAf zE&Nw}yk9@3`gc%&Yr4~udu}p~yc73MJwzLbmVNBhc8m65(eCI=Pwrpj=XIYYvnSA{ zTe|GPmmW{6&poxyqWSxP=I?x(Kf|VFn$;G~$3-(3^?5&N;g|Y&=HQa%R3tPC7`x(NDkT zRq1nr^s8S(kKo&=QC@2e$}}UxqEUP2o3_=g>7E`Z^s*jP zj(;OBo{4`W{@(Q|A)N%q$p$~5x)nY>1hmGc_;mGW9W+esE?GG2d`-A4|K zZg8v_-dMsfn8bW2-<^16U6M-=m$qWtumfV!?NWAv(&F z8A^1`Pn+xB9l-wY6qM)VuW)wX$riZh3A(!qiS}hDI@+0wbvCLB`NW zPe4;1zlTuEbj_+#DiVpT3)jCJ#EBQ_j4cixDdS8EQ3jQ`RaVK5$!^>atlAa^_V zM-`JtPWS&7{eRf>tie^~pzo$FN?&-YLcdbkW&hCjDmP_5y0Ua~zib}Z^~yhB*LT=< zU0Hf%G?dNzD@v2U91qrMceL@XuhXS(pH>Z-u3C4SS6;*0mTrn;lgs@zmS3%89cM7K zt9(0c5_2UBnLiE3aNs(H^X)P~pyC~zKNf@T#~~f>{#rk2Gc4SJK;C}(IK~&R6n65& z$0{wF{|IRQU1`vKS3U{NM8-J&8g*FDT4N!7Ky@g6m`_%!{>y7gtowks%cJ|8PMXZt zd_w-@YE64QJ`%}OS9vG1b!F*S8mmshha2(9_(|1a)Tsi0d#)o>CAh$!@?tIfrCgL) znsBzVZs4!sDSz3RInP|a*@?2&GS|*u_kH0LTXp}I>y_)ET-MTm7qFt{3re?na&c_! zWg_@)l6%gV%U9Iz;Gf)w-aad&l^&Mdq~w;{O}Y_YzNIlyL!(e;A|3{anl%MP(J{ZTj%S(Kee^v;Q9TM<*(;`TWxXc_PW*uh4_|b*$(|S#w-3Hb2{eaj#1ee-_S%kb~x;+JgXdf;!k6#Bp)`9`?ypl>V6%=hKjXrGF? z6yI?x&b<7A-nuO-M7x0}{JY`5bU(Jm)+$$&a&1w$z<*x$+zKDI>|Z^@Yg|1?`&gM< z+FWy`_OH>u8u)|!%>~!4e8G(Yek*@tDOZN4gUq`n6T7@id4rz|{#~^7R`G zs-J7Wd})z>ZPcH$LwmK#rg9MX^ji^^e~CImu77WeYh{m)tBq<)Q^Mu`<-|L*%Ohuw?G+*Pk*ht5}ta}eI^CP z6^#-0Kwp@K9R^DOwa4k2N7_R289-n7MlV(yQ(06#_u-=U`ZlV*pr0kX=aKLBnJ8^J z&E7I~JN)?Bele_XV5dk|1nq2)wW7!#zipAX z?&8_%nZ1?8*dFD(*;J74%aQ{PK31&2Ruj>;L2XcapwH)YSK}E!9p>KM)B4;Yee!(g znlJ10ykwEjY?WKKWSrrz8}F)rZdhw>U)kN5+2?wud_P_0^tZw4<6QZf`i*w}R5tWm$Q|UjrcGpi z_Ttt|+FbQb>La*I&OBO}+O?29CI4QlYmCudU@h98PMfQH3$d<+{N7uUx^(moZYg)q zPN5At=%G89)Ms#KyY4zG@!JgpMYT`T#;v(?k*TP1sM7(?`D7A|UlikOx&P>J1w%0S zQn`+SBRy|Z-mFP_p6+Hj#P}vkJva0IGwBkPVeQJ&(F)x^2j8c4_nhQlkEG-ycif)D zz|mG?CXO+k!(MHBN%x|7#!ao6o{e}_CI%ljVw#Ey!+ip&#U(G9jdUm72)GFPaE`8v zJIG8_`{Q0}k-0dqAK%W>w>#U}2fYOw#uT54p~IZ{FuB;~1v*pIz!{?+yd^(%v%l_r zywZ(u3qF^>Jti*TW zORZ;Z-t`WRBabA_EP;Ovu?EiXNMxfu=tSEZFT8Nwtmh{>OT#>)>yzn<_0crn#$WXn zbUKPIM~Smz+USR58~tHB?via?0L`Pckre6b^K@^9Z%@*>=fS@NP_|5=|DOTtZY$rm z!0!UiR^pq&$$xfSmX3luNS#D-f&Zk9={kO~tG#fahH-#7C;dIeARSurXqzrt-v5;M zh3LWBVP{D=wSSFEN%Ma&5m<* z3D&VkUQyXYAJ$WM&;)kUxuN^*Jjsi=SNbyf9^m=&&_>7??cD(__d1k53r&INXGm+d zboP+33H(zbFYm6>Pa^Xv}kY(2n#0{MG+=9zQv4(k4|&XJQRo%=u9 zvOJfCa;$uW-$}akTwy5$e4goEOmFqB;)h zJr?-nJCsM+#^v=E==Vzo&tHXebF2OsC&-sdKM_CeSAO|B<$aD{g>||1wd(RbGQVZX zeD)8>{KRX?M3;XJ%JqX#cgX=?CI3{pRA`i1M zx`UIrqu;0Ew+F6%NaLG+#unL`XP?2d%C?C-G;UwP)8BKF?%I>0U#V0*$mT0cKYtcI z(&YUwltuTee37TxA3iqvZQG{(_3asOo6&y*&*MS)HgTpk27UQ{3&zFd_xup!=P*W; z^Yx^Eg@68jnya!t8szag@uGLwhI&c+2{9l2M?Wt;)h5u{zpohFT|RD`KX!-~%Chc| zE_OQ!^+6Y%duWN$mc_pa~;p!)cZm7^V=-;T!!DQ4fZ-857)xO zbkcg@`4{M1p6?HRfcJA_jnX$mr}Dl#EGIS!+WzQ*bM>PvFQ{BR@t5+wI-z_k|J#wr z{YL&=yfaJ>>OG7rzOO@fSz!Ax9^osax5K-e=d5#hEBP%(^&vl(uF9YJ)?VOWN=DEZ zRpFmHztW@q()IG$fzq((8E+^CGM=O^Ih!e*?H^i8QvZ5IIgiIK=gC?Uv7r5+SKGRr zyRV9z!CZ!35w(k;jre{C?j7Z^%4o$Cw3VQ)$CcNjOTND_H&PsIkq*$m8Tuy17=x07 zzN=V+Yz|_?=T64mAa;)41HI-7^1mzHZ5jD+mCj8fPjgf|mdj`O9fJ0wq#aWE)RtR2 zhgvl^@oL*PxR01-#=@_2?{>KF)D8W5g5*k%Hpch4xEIs$0`=+96{TD(i!K*m43kIADzxVbt<5LPV{H|s`Rkd?rqz1Pq6Cs9dE$iedx;k zD9LXN4{~?&Qg>@wI$yDRMkZQ}yOG>{+9PW&SaVUJWamhc2{tE&9vyw^PZTILt*qlEN&o)L$8`oW?|82L)%2s1*UGoBETDoU~;dhES?>K?_s&R}zMxEe9 zch+wi=4@)k`SMS*thS!Bsj8dV)VE~7AM@vT=#BpI6N#<`=+UV8z0Q9kC&_tBo&QYS zaaoZy!*s>YxU1isbh=GR7&e<1J0VcyY!(sRS)b8g*@Jn2;qC%t$+=_MX|L$UEImt|6%wVlYFoXOn{W-@ke z!G~VVPjh44b4-QGpmtrrcC15Qw1&C3)-Be=v%23h#k$x6*-K@VZQ-}h36K1mbDEkP zEe*yYMSSgb)Qf{({k8lG+n%m#@k^#HgZ#(o4ozZ8KHn_2=052>XHG!Nzm2Q)6f+V$SPjYu#l> zOlu#eJbCI(bwk~$t;{1mO52N32aPA8m9NWhLw~0(;(^cWoN^=g#Wr$2I)VRIJViah z=kq|X^T}fidA_ z-&0;8e;*F!n|`0d+*@|l9K4r$3!jR$d;`bt>6k{w1yyNt1^3oF)^9}U3>EuyCbM1r zoZ@YHELYxpR9eAg9<$HYhI^MmTK~CerNTdE_*=%`3jSRF9^|iAx`cNj=i}HycLu+)bLiq-^~L_3^`5t*KGW-Z=_#zIO|Qx>r#&nV9Q& zW=*m*;>8@T;Z%54og?^TlNU{=uuD?$iuP5>{oQpv4Q>9qY>qXIRoF{5$EM#!&oRW= z@!W%_y^S%zlX)h1a!>yi13`Kv>FOJsSC$U{OuW?VPuQzWg=2!S{~{*5=K6~47>p^k z_sAXoPDEoqWPXpj&4#kDjXy@C?`+g~Nb79q^1*(qzeH9qIKF>koW6}Qqie3~j`BOJ zQT8f328Jt)>EyoRkzwjb>z<79s37{w3$*o&_GCY&=Y{ds?o_aaY!Zd>+0#;~ltp;rs~-6Y>7&S{L> z#QNGWxEqw_uN?w!Fqw*8V(Eslx&!lyOErcu{>u zum-QRv3{D#)IzIuY<~?Pm&#niTD;?WCej#=81s`k$YPCa5>Q|7l&&k3WYtmF_z0ak4%$gILUJ@ZrVi;s1u2<^%`g znU)Q4Gqw;vbd>z=gjZ)ggFS;;w+ZiZ=1Xl{d6ehohxwkT)jr#>F#IM)a~J47sxvoLagt?YFVrp?Ut_=_|p`P>-nvZ z5^KqM#`ID8iYu_i6vZI{Yser0nQqq<8@6)CneuL**D&G$Nh!2HGbBzF|Iv=L;6j~z1TFP`oQk;XMdgH(Mr}_68wgM?DcRu zGL1dMT*ByguWo_whlPa0@7pO){E6SN-B4-9QrAO;SgYCy`+KeU*32J~mdf#mKSkOo zZ*M&9$4g|m`2X=~d+`U4E0;)PIRS;#j4pJ|g+0 z@uiW+Dm{LiCfo4X_yPSs>F*wkx%KR4EXB_z@jH67&)IWmpNwf7&9&*zkR2~#XTRO+ z%t5rkc`U{NpJzYUAGe}&%>i)mvVPt*7|=(lqj8+wqV4u~pyH^knMpJAJWq4K_L|Te;gZiV>BP4edXu z&FFo<**xg>Wi0oO%2%&ay}A7J1uhpWE&G z!6QavthY&zd^{Vrn>T6fi|y1eXnmpKsdzE9VXVtK!=c2%c(GP~BHIQ&@==wSG>vok zO_ySo?=xeyZ!_~P(50}w{6*j6>AXNx`APQ5Qc=JE~F6Am}O{h+JP)F>o z7gN1s&1B@%_C`%KZ7%;T{ZJG<{^M5DSNe0_J<#zDT*aDLhP@`Yf_BXrAoYXAr^%yV z^6(+~NtNV@zqieo_qWL9caVw&@|~ozQiq=wc<4L=?~0t+WM9E&U8|WR{{N% z_s-6wppT1QXAOuElc<||>h)V{r}&~`T53l;6QQkE?N2zh$od&&sl9iGmnzFK)nz$m zD3n86t;H`R;!~_q40ss&d+AH>yOJmQx_z$p_u_%Q?xws{n0bflB**U!lDB+uR*;_W zO|^2M=FVf;+0Iz{^~8a=!|!XDWWLSNmphzo^Gv?YiRqpR_$u?vx0nxpV?ARk(P0PL zsK(Du6#Q2Yu-6&DoGm%^IPgw)n;@fe`_#V>=b8k&k2p$WpV?cGy~dF|#xv$Y zY!WK~3ol(+>(K8WRSY{W-w|p}_~m79q^^{_re&P}EticuE$#1T+7d3E%eEtTT z`g`2a-$uJT2yU6`6h79KUVcCJ3Eyw!eIa>peyp>kJ#h79X>-{x{21_vZ#REGi#%>u z{i}WREebKfFGCO?ihrXqisD1TY^Lq|X))p8`zt+HefP|FiGdz`W9%#p-Z_`#Y!|=w z5zn_rc+$AUtWyt42g%2mDu)x9mdnd+q?$GJwL8&$2YyMR#vhW+DzI|!CFUNvx@Ml?sI9Uul3u|c$YJM@Ko#>Yy7n% z?Pt4QI>v8G4)+)@a_218l}uJ`aj2X76neRFdbvxOtqfqt5vD zEy`L?X$`J=1JEAl}1%F?E^4yUEZZg{h!K0|TRzfbZYXHfQX#$^5Km8IS{cb3+7<9j!W z#!adZ<;gh8EssyPz~*JgfETXH1?Ih)=UBbhaNf(^lCJR6!G-H0oZ&o@Bl?L48v5t# zcyK@SanSMpO!!WE5*g#B`}286W&BU21+rL!cTRsVivPL#9-%wVn0Bpy7J1^qi#(k# zQC;YF#!~&9QR2JuxX#M0aZCDbv&zrRN^^FLwc3FaztfnG^)p{}w`p#|d3AWzH{=pt zMt}P4pTJ)6KE`Tmwxs#?2ECBev)JgIa}#!N#_r6uI!oKOq^q}r-^d*}j4MpAu))YII~(t*x_LFkSuf8~u$UWe^! z3KtCwKH8nG*nX3V<}VsJx_vzLu`OGRy_1iQC!X*w`>k1>u5%wTb(FtS@7vLjdum$r z-t%Tt>oWF+r-4}Jzr%Bt`*2qErn5hF@^`Jt&0&r}+2jK?l1u)~*|L+68{eLEnY)`B z$~{SV!H*`hT8m*EXzC7j>MWYSfB!yg5$;RI4qh}+EX&s!($nSBIKlrdLF#8xd3=#c z(GHSo2l9Kh1?uZb>>UZ}V~ptXWxtw2-6it)GBhtEi|?m6YezZMF4pi{m*9WflX3n1 zadZs#IdmT5il^e)Fm^QiZCNmOpUs?rGwqB~o@MWr_6J^VZ}3_tIn>6w@wBWT_q8U7 zjT)Ih`uzoY4XPg`wj7r{or@=Z@+AYMUkN{pxk_kb#ZX%x%GWqdKIkGrJujYw!;yDVx)HTa$OU5LT-0nZx75PRt( zRx`HJxm^G3!;bnz=%~9RGLdeR;ViJfzv8dW4|N#EeGWaIL2%{R z{!$hD)q7<>?a%pf0NIE6?d!llVq0UL`qNW6qquwI8?tkeve1V{x4xHsJ<{E+ZfYuP zi9>OhJwD8^)znNI;IIns+Pg&mYW$hHc1@A8AL%egwC*-fF|<-`oO1!PUxU_$%4PoP zzforPT+=!eT7NK}soJ!~jKfFAvL=(dm;EB?f=-*($6da`J+eXYu6R~!HmUsUGRfod zwAtup$8NyyHD{!rev^yi-_#Fs$717{yER=!?EJN43rG9)(`IuHj&<3;BwcZIoZiDc zgZw_VX=-{L`F=9YS2XNTVE5AJ?|mUN9lO#;A9<_lQDf^9QGKg&;J;2*~02#r4QWAcx_xz=3DRTwmI5(6hovb{GcYdBrR0knV+25Xfl=4h= zw-r^M+Mqm>(W8;_R3U?Sed@bA&XngO`AkrzCd!15j;<9wWm>R#ee`(x8gnQuk*G0Id0pMF19{wq64<|hK3uanLi+e>fOa)UAObGHY0 z#u0wIm`@y+ANqbtS>oOC40}<}`SZC#M}}_&Gl^Y}nY`1an|3n}+&Mw>BNO&RevB^j zr<;h`?LE`_W!q=|oq20>ca%QWOQ(oI zN$~~sgAJeg0`N@_ZXmCg$xiWa;J@S+XpTk3Ze|FK7l^ikh~k5~7^JBP6y_q;jD+%&zDM!RgIj}y#zmv1CG zM_j&%(o(p|26K2uy<6^lSoIij+Y#q!`Xu%P57aXw7yX~=kBA!tNK{WP}{>k zTDze>Mwru?>XWhZoDe^o?D4L)>27m%rXbl3%pCA##drGUB=f`*dKcar!!jo<_fy2I zXx>SyeE04rKCCSLa@dOkiO^Cd0V-i z`~BU;@?Z6<@HT2K8aXZ0g?@LveEtqw;2Xg{o#tBp{+DQp=_6N#bW!4}@7KtZugHIb z{ttPh@0I*BI+n+Kq9N@f(J79i3;pnyON_UoR~bW0J{&z?JN|!IJNNjisx$BJb4hX% z5^_jFE+i>C0U;tn058;1*|pYE$5z_fDQ&&%1XQLMWu|KBWtwe>F}9sfh-mRrJVZol z9UCdd7%w?Z(=;=^rM!$UwTK7A7Da8eNK=HI_xoFWA2`t3>3rV)an9a*t!F*!SL}L{OiXU5ZuQ&Av9kt|F zP5Y@@PoIj8Y3Z3b*NmaozLqrS)wGtwSHJ#^K33YEiH(-(ANrpl4>R}8oZxoR&vP5k zs#g4jM?|}C|CEVV(>A&-&ADMiSe3J=1Ik`2S#JwF8mm-c+x|geY7^l9mERtI(+Ezr z1MYd24n4;CUnj{)qEC1E!nWDrdI8$hEa5mD>Pk-xWyHNe3+5ohCbQ^UcUTrmeJK9XV84m~X|8PqDCy6hU zuBEJ`PydX0*rVc$+Bkin&J4lVg#6(TQaRxveMZ`hDS|Y66~?YW0TrtmLcscRb#zbz!vZmhF zn84!qdxWg zuO9z7OuZXBkgy-i|4#iW{-@N>6u&=95A$BFa%wEg+Mwy*KgW&SO+SLZ3n8~+AQDY_}lXCIKzrOQw)2)=E)Bk;cPq3(Wk9%PEA!Q%oB;*oJ?6AmYXt6IE?z4VT&k;d}e?oKt+W zX|s-=GMV$vcz!)7`)w*a-?s+5xkbDQ%KvrBY}z~VX6(ROY}7OMyOpA@RnM;K`C87# zo(|nsu4k=~F5}tUai>dRELUR|o>y+obE-*KXwq$Vv}WfMTXVfAVXSWgmmhZ7J*-zF zEVhBM@as8segzS9-B~-sM)_^)BM)r{bEs6As3Up^gw^x{dS& z?BiCw17BwFv!nR%Fg{L%esU>cSG8$M0)-BKrx{6#rq zwj+PT9|bF&D?Nm*6jgfcV3nx?e6{?Fv+&gze9TsYM|=8&ufX7=UXSDBJ-~)jp9g`uMhO*>~C z0Z$foK$;XaPPg?C)CL`*sAES=jtz=YZr+SHg)nkL`0j^B(-bS-; zH+O@Ttma+yIAKF*@$355y5vVWOSL0phZw`ul=P>MjZ8~c!mBdU$9k+}t#^M)^;95O z(p2??tmsMb3k1 zGYHq24+>}PYF#hkok6%6=eDF@e~a)D!p*)2@~s4Z4&VRE9Muh)kLs+@KDyVBu$Dw? zD8TjlYos~A`&{5Y&%5q5&cKZVcUAz${BYe^fbXA}&sv=Y_gmmJCoX(iV<38(!N>e? zog0L+_q5(7?337m8G3(7SR-MacX&KZYYdjO#;4is@%m+hd2V56Ir`7`G{3~UV2|_q zHLvZK>78fHu__uBPk$4CoH;_iXOku@eaHLh((jUC$)-4ghzU>vO=0m7d&f2RVU+&<#w$r-{-3B4S<7j zeJODEjq$@}04Uzs2ona?49%AiB z!;6BW4=oU_=r`jNfJWnA(wbfQAE=`O=_8(u)h(s_g7TLC#YS8Gaa!mRLga130^ng(F7&4goU9XwYWU~7EdXk5WLBH$C>>KUsF9{i*7pJwk`HByqGdXN1>JX_si~5JoFKl{w4HQiqEIifp~FI7BAoGh3`G2A^bzCPiU-B zUGTkGWzN*A>@~GH>V47M?U9yUr}jo03ih#$rZZ~-`p9GCLzJ_dI;4+L-9zU=*4%2& z;4Q^vc%gE5n|(O7P2l$S;Olh@(|2P zX-yqDmF3U_j7|EV1oRyB9&{>um_H=!cNyMNwqWkO*=b3S4pUCMOBZ zmy*wiThjmczqx~)IS%wQvcmVT@SW+dlm^yN;~$d`^#8KP)qLxm+?yru?Tnq?j`!%J z?7TWv4?%rh2A!SL_-0+&=XCxB>(o9sW@PB~Jk7U0jIBvt1*#*>?NDayHGd6CcUklL z&1L(xY?)kt32WARMGNPQUxFP?J%;+dO_H(DQ{Dp!)oX##%lKxHlcn&eC4-awq*ewe z_|1M@WTAjGcgarBdl~jT&uG18{lwek)$%=oZ_bpr!-TyIof!AlHoilAKi5gttg*aV z=fi;KWx?ip)^45}2Ry-CX-Qiig+Brw%30en z-Kz!POT^)0NSpI{f&UcnXRA$6zC6C0`CUrb2Mmt>^d|A0Z?&Imus`lo_~50KEs?Nk z;~DuiXDCV56*p2$`3n|5k8cgzRP_^@M?Y1mc{uVeTzj6aG4Gh*2A9Y#GPovcj86R2 zO;N%&CA4PaPvT=EdN2bAF2?N!Zt|&c;QWH<1IGfD37Ri}_T37jeB$#0zKz|;`+ImF z^~A&e^rux$!rn{RO*}8;`PqO6%M}MsGY16^&zFqwJtfHFB4Do|&60Z0`o~VmMt}Na zN~^jfEN4fq1x@3RNjK_UPrfhHTv8|H? zq{Y`Yo?xzUl;^*zY;Dx*I`l4O4zq@{g!Ol$jx}=@>s7}(kx%uXz6Y?H4m#%~kv_};K7>cu24(D7|kCL8Am)Sz&P+-cJ~?Fk|bR{fdk= zAY&I2E*n#R(|31H_pnLE*DH_}!J;KaSt-zksU*m*i&tBV@{RF=4c!@k-%< z_7CdmJ&;1NSPj%c#txc6*-3ZofN;R0a_Mq-GHokQU?;!>e5`6u$2_$y+M)8-`7cv| z4FMO@JMmit=OwVId|HaPISL=IAzc2&H+hPdS$c{F^2t;F;y>kcRX%-VV^?J4QL+{5 zAOED$AELj1e3|+wQ;!ci;dA=OKdLy%n{=`2PVz6AQ{9oD?m4MAjC_%Ah2#)gc1RAf z6KPY&UhK3Df8QfK@_EgpALU%`CAtHHdrh8T?b|SWC011Nqn%M+yKG&_#?{PwhSrzX zX^uDIuaz8qTy~N0yj_2O^N;>^KbdbAGKURc(1(ZApE6Fd+RBqP8tYO&oavLqCQoaw zAm{K5OLdpiL;KXbY>pm3?e2`N1D;>2?Tu2Gyl2ixae3bzLZ|b5Hj_`n$VtM|J}T;^ zW{@}J?sN3!i?@9p|N{u8Z4?;B!9Xi$TXa?M?V*?aP9@ z6MF*Km3J(1r>181@ASG|+1Qonw4a4pOF|tEc1?HkX|MTFd|UX(xQm5;CSkFTrGKQ| zv9;DDL>nBIPyW{PQ&VsDQkKe*`L%vEIjMV@GYR~=NV9u0G=TRN;3w^y*}uO#%DTIR zRn7a+R`4;uHpX|=cGmU-KPo$_o8Lq3VvP-|9tOtSwTiBwZ>Kd5!xdB512N_nljVY z&H8)l>7zXV2|m+i)7OrG1Nj`HK4nXPR%I54XN&J`N{* zmS=HSrWGETk%|!?QW+?l&hd?T514*BU++5t`bMCwE9``zZ?))C9Q_RQeO9PD>S|2z zAbQ`-RWdJX{Oib%nfHa(%d{q*=M3V^d9#u&%7LCre~>tpcdFt>m^1L(=FUTzF^g15vn*FgGZyfX)D%9+8jT)ZN0 zvnL2#fp6ut50YkKpgV)J!e3kF!;X*Z2`uASjX zb9IGDR)wI=w4+ixzkkNzqAf`*-AkSKRDxVfI@#;3< zw`i>(`ZV@Np6`2OE^Ruv4iMJ^t}Vg=>~q2M8$Rws|L)7;Qwhp9OJU%ZTzon?!=BC$ z+F$*td{-JD2KoI2oJ**0`SLzZ{Evut0-wWY2**b<{YvE8jIZlGs|o!Z(z-A9E3VOb zkpsCKv0L2`ek9u7Mq|5beP41$Qa}2)S1;F?5WNiFU&VfuO_BC|n$tJ>=Z2?Qms77Y zeHdLYe~Mrq2w-nCK96pUl)y($`fHU=Wsu#1y|My$o#%RhxPKDv;QS%>f^A&dl72;N z24&Mr_h|3Ob;jN)vDLPwliq#1GJy9izZ~g{g*TIyG?x=cyHdMJUy_w4_WGgg#^5)+ zD^|Wi8!Zvgg0?uW`4-2l*jJ?#CP5XIQiP`TO>!lB9N&laH2Iqt5M*1Y| z0rZZ-)Agbu^IEesXmxvDw-sjonzcQP(}BH`bx%q9*&yvMrIkKv zi#LB|*lPX?eie&3!YDRF)bsbG@pL3-gS5p^d4GDm7rKyz=wLoJVS^*z-kX{q32dt$ z1-O6szrg(;r{W%qIqXp|eb$>}r(0psIAS$>fu1~mAD3AJTG9NK5%%vu<30F>B)fO< zEuVd+O{_!)XCjNMNAsG$;#frsGde3%_94nXNV$!F65UC=%xSZd%x(MfCx7Qq%nc96 zT%FUR^Hrie;SKgPdQEkw{QN#<$IG-KFC(`D;DCqW0(^4RMX0sXVJv2adfb!!b4E__ z`O-dGsOL(xIqbbc+DZal`O8k~g!(aY19Ld9_I!70Ys@X)YB^QBN56l*TR1RBXC0?M z^Tr%IJTk}khX!R`AFO-6Zae(aI37ROb*J&e*L7V_xqX21k#6WNbCby#*bQYHW1GwN zBKL)F@{L`v;}0VF}{0My8BSE9VTsL z4BCDWoT0%p%DmfX7`yopG$M!l{IQCW0oHp+H>JzLAB?vSZblEsvAcGGcc0``Hj?^E zY_dK2&eYi;?UJ_F0-dop3T(#n((BMfnac3-jPQ;=tLF}o26(6&{3*y;h}DqDeMsMYZlvD`!XdtCqbU$e;SyR zU@qIK0cZZmoJ6QI*Hd3}W7iDF%!jf*lQQm*Ke|Nk;uZShKH6SZpHPPlcko*3X%#$L zuQ;_;=0jF6F63Sw({@%%Hn*4WQ=fJBT?g#w-%G~{5AAHt-+J$2phxy%n?SeD88CL~ zb3E0?f5WqE6n_BkyCmD{X9K;kQ~LZwyRU1c%$xkUgELR)`hz$4I_ixt`1Xb73JzWi zPVB9NPiE{W=GwLX!<=g>+1}3Y5cv*RdzapZJuqf@(T?CA$YFc0*#j_Wc_DnM8V5s{ zS3}>=TIyu2c&TYt@t?SAFG4`cbO}yC@I5>_K&Eae+kjPT4kUpNsO9{lNH9 zz5$DKkf!uiIMwa9I{9tyH|w#~-sLAiUJjn)+lL3go+$%y>!trAmUT{Ry!q+Dk~-Rz z7eZ&TuZ3}MxE}w56+Vx?85<`)R02Q4w)P*r)moV}3 z_*PjnXV=e$7jwj4Xu3vikGwDFjN7wSw!ju!PaOOIH1~VZtdr*Xd4Ii;E&U(W_#VAA zIiP6>Jo3+rPHf@D=_Ba6*1VSc(AUu9<}v@Bqce)0SnSGQnTP*SdXTZcEgq~uH!#Ow z;ZsV+kyL&P!v==G2Mc85p0Ifjaz{p;D_pXRDUVHgcphZmi1{uJ zcpKb#!<`z&Rz0XWMA|@lg5o{jK0QOS!=7&TqcuMr$j%JOcPsYl5baHNvX^k)LH~BF ztojMu!X6o9veP7;)-dIQ6 ze=5$*!Fm*Db4v9&m-Az4kURPRG_RpBGd5{Szx0g4NVk<|Z5B@12~re7EQo+8`^*aM{kg?_UfFJFL{20_yc~L zU&(%?FEr!e+Z2}R?@qCoZT7UR^zG$(`|h}%AL!6$q(lE+{eo<-0jqhx{3;{#w>Q5x z>F=d1usL_#kL$vpF*3_J9w(ZExC6%TS73!s`kv(&J5*uF>+oRAjrUBn!t~FTofBz$ z=sI|q+k?J*1ARBZnwI;Lj(h;e@7+@W^DfKE*P1`h*NnGT)DHt!DLCXR>V3`j>S@1y zx3;8vpf$roY>Gb$R^RCEW5Of-Ej-?XPE|Sj!LJ8@f3akTuxM+6JsPA*cNW+w!aZnY zZr>dN=aEzL&tVOWSz{_&hj_D(&rfgFl4mFFcSQLJe=c@I7EbM77$yE$%4^P=Qva99 zJ9v&~^{4HoKZO@T|JoY#p`GGyAN)<)&BFu5F8)6ELi(=QNU-Y!%zB0KU`@QC)xu#wU)uqslMSvd#c-oTo3v*y>xsmp!O8# z>m)KS|HdlHdZq9wJn#{4=6v&$^gScM)XQEcUB>UxOBm-O)ssHGROvE#l4cum?X=Yc z3PXQzR)gIjylSh;8<-woSR-WoBj=vl7KzIR=3#IjKi8G_tF!8=5LrmUOAp;SK|BTr z>(A{R+R1M5rU!XaJ&7MdooDKAJR@&`teG`r;Q!soM9y834-#3D%!qz}obt;gsKZMu4cpUmP2QK^im&fs&e$2;D-F^o?+JQ`^(Opqw^-YyE zE1wRv4a!HmTKs!(mGsemc&-%OKptn9B#h3Zf3o>@)h5)>%l|!^ktNb|zM9P$Q@^-7 zInyl+WT#HDBl@8gAGckK{ieR{eqhZy7}{Q5faiGIMpijP(=G*$y_MK{#r>o7*=r0P z{prKob8+-A$4*)PAYIM#714^lBzh`^FFCjW^?|vhi`!Fpz5%X>31huD?ZJdE{vprT z`JSZsta26v^f0b;e+b=XT?TkHMwx_8V2;Sxz3n_B{`)xdsj?S;@hQ$Y=@bpe^^~ti zPsNo^AAmc&}g2Dz~I9*Q)H{yvXj; zEcU?I(f?qd%;?Aj4R=Lw3ww*r2lVmEM}uN7LuSo)Q@ z{rh@tuOFc&fM32?O&%JpKpyiRm^YfY|TxETW#|`qP`ONR|YIk zK7bnPaNb~X|MS?Okv{ed_t{PjJSi5BR1d0GaH(F3UY^^pbsE8%9eg34)wv0M)p^zR ziBrqd`7iPl{@nO=z$ZPgI;MS&za@OaLmiG1t~zAjh+l`u*q4PfyABDviErx9(VW!h zgTC~YG25|3JNp_{r=#E<1rOu+{uiM2jX`9Z_l z;lBwtK7w=T0|#(suQmuThc{*%k(FNkyiI+X_L3EzLt7uy zH+10FwY3H%kG!W)R`KURdq*NkI*qSF_=gT}U$ zt6S2)n@@kbMfQc?SDJa`7<+(MDLrYKORoPc{cgkE&>|Sonz36XlLM^zf$Y6G$z-2p917!73V>EzHHbQ{m&@r9L6|yz3fH$C%zYn zPH?V7Z~PN&X(iw4Zjgx3=3>iO&m}Z*?U9Zj^Fgh1^SaRX?12cFfqkz8xdF4{*mqeTP40s{LIc zXV+@oZdZvrCYeH3x+R+#x&C{NVPtcms}GB(JP&O({nr~iPWYA5zYpSG6@9=MJp(PA zg{kj1zU=cpy*o&=z9)BX8a^J?Ua&Ri+xU3d%Vs&1kDhNAJ~l^v{pi<7n;Co3zaL(c zv8faeFWTq})+xR5mEf=RY54i&BjC+j%;f;ox9%?LWnN()VSNQogtZCz;vI9QZQv1o zwX}Kd4W1N)UqO4<9-N!=L+LdByfV&_V!nVqVl%u5W27khs}R35fIP2KK=fl0o_aV_t znuoCelRm7WVGnVmDjT}^UC_4$n1kr!Ras#@gt3pH>9R~c{Vi=t?Zn%RJ&3NB4@&sJ z^ELA56)n)vD!vi+6m7OlFyb@ic`4u_=V{f!!xw)*JnPNOIDqqD?5Igw(Ig%`LR?|s z!}`qv%IwG0EhHS?zPOolC11&c?b6B+)H?dhr+uaUW>O{7g7iubz^Ah zBHZV#pZ_=cJ_HPMkba_vuq@bHi5mr%xhF;Z@Oi4a-sLI6TPXi1Y4ejZeq4bI-blHq1VJJKELe(2ieU(Rq<;>?CCUs*xEOKZ}zV^F7xL*8B5g;w|~^ zBLA7p1^KdCwr@2wjS%+91%4fLoFbE#5zm@y>5BBtswcmklJOTmNZfExZt?B|d=CQm z1?aW2;NDAkM)m}^nC~Zf=5&^A^ux=Wmht^g!h0!`O_{1G)7;Jr?M#_wjm$^{iOuxG2plADSV<49J>g6 z5gc2BJbul)^1C*O-%0#)_%)1d^8PF0kDq%G(0@I8nEl`CcYoRgY^EI0e!Lv(f^u9B z4txxDBR0t&eVWHvvuJ3(-lsXS1UpgwH_>hO(vYStp!@oOt^zl5c7~tp3G0T=Y#y&8?AzdpE1w0Dj}qNUx!*-TZXhg^wv#Z; zZ`i(kjVI>?Je1Cc&)*>a>&&Sl3*(P#;I4A``h5Q_#CQ1LlCAx!mp0(O2Vde@a9<|e z%Yyp?-=|c9Pc%qW%bHu?r}X@)=c|$7ZKJh zo&;t1_n`fw162lhA@QH|`^9m!fAu{kj&Rz)dzSxg%CMAg)$vy;Lqita#e~n!g1dZM>B}NwhnJPe-O2)W`eujGn#K*lpwg)MLgChq(tuHue6qMIU9Sjl6J#`b!x6 zKAt(i)Oec{?_qw8y_*RKyZb{t?OZQ(G3CFy3t8){FmosW+!XJV6#rmCy3qi~HO&Yg>dy(Q8H{>Wi;m`3M);oCPCH?8$+j0}Z zc@(;v=5ON1gujs=oeL}mm1+ZqAIn#r;KvI;e0zS3?+^HK_TSDA8-Bzs_`%+cQ~A*d z|HtS1{1|6ka1uZ6`b+$1PLb+dL3&oA?gATzfr9cf(37(oWs=$kRD+R*8p@#bD+2A}5(S9VG_a7H5U z_!F%%o^?Dq+uZb(6?}gTJ>yE=d7nZV*Jtz);g=I;)@3qA)3`=$fI635@WT6vr>!5m zaZ<$h#|Po>A^b8QPP*iUck{gzxX+N@$x44N;g@8=E#P}eOM2g*0$pNci}Ys_ej(|h z-_FTO&-$O`4&mCv8pxudtB&wRS$Oe3ESG+veEaC9ZRwW`?sDSJ0>_1?;EogC7^L}c z(rn2}lTV!Hl7;UV#Pw$J3tjkv_6V;I;^{-}qVu_naM(Yu}};?)L@{qy=#+oVH2)b>}Z?IY{K{>jDZj2)`6+W*h} zu32+Qub84xTTdG7n`x`isY!oaoqk$l`wR|Xh_5@ahJEzR@#o^7qpcloRiD8a`ISD)snt3? z@VpVsKdBw=f+wc$3~(`@?E45XvPmS{72vQ958*H2(7f+rpV#Tnk$$>~qwgmCLgH@#-?fCREe3YQzViuR zm6bofyM6Bjui6ZG?A6}w1Yu{Xyn|uZ;1;;}YH0U7bKn}5vYRFDR*^_SKcQPq? z$9ajEV0SjKu2C?yr~RP=3L9!j6h2GXV8mh1K_V3H=W;`QIfJyIp;#i`5lf|a#S&#+ zM@l|H>}@ORb*JPzm@3-aW2roRx{-S3m=uREBsw(BCI4yGGvxiP^HMS4dPaF$oXOzl z-D&WXH}Kp+l>D>2g?oVf2Tk6te8v&c)yevin}c=avd7`!)CBf;4?N(#X1o7nt&kPN z4;&kaTGjyh%hvdQqni(&=!0`y-BEO54|z<3_gmtNJ=Xob!krxr>=%+fpz$#jAMwnzxa0lRp zzF%%&zZXyV9=UZfK1KgM%DaD7Ktm!&VPg%6Ts@QA+odP+%Uy@oq*qw;v7;!34={c6 zGdW4-1pANn+D>gNXI|iE()|O4%5yNvra5GwFR$4`w}p0a?hUlf?+SC)R67%mTC++T zd`~}?zZ`u!=(nM#uyyOkk~5z=#BZ!6J^TaCD9-quqRjP7(Rfa4v(S;Plr7%X?$v0V z&APdcBX+_+3m?011fTK{GM2N5HNLTAIM24I2T!t6ga1wE92ev@C@djbm^a&x=Y2xnbpL%m?`j*sa`(KQ!!s9OmAONJ?+CwK;Sh`&3vlK+ z?PxZ(s%hh@of&VDRJ9W{D&G!^B_i ze>e5=&G_G42HYxSSmT)t9R0tmex7dw$M|1&zwgZt`tR1xGU?^L^#AT9@YU(MMdSTf z7j(YQ_Q(7E>F$x4jy1`$qAlqo+q?2y+M;dIX77d9Wynd?@RBu-?eKRnkDXAI`=LDd z46VJ}jGSY8U5o8?{g%mfjcWU2XSR%Y5l4PNS8kLX-!XY3`l@N+&}l8&?>AX8H+)*l>+GRG zrYrxoE9}OTXS$QfJ4f_qmFIIqGoN}zWf>+sD2w&m(>cq9@8s#mCj4H8e&p`pP~KCo z1nDP$`wE{Qi#^V2IZb5{F7Ql%C$WKmC&TarK72car{1&n2sU|I%b)n^9tGy!>=4C?|23B#MP9(O?=9KN*vYNDN2#xs_}Y-aREun8BR~H5 z^#Ea8Wh+BdB{t2@hbFtSos7J7mALzfe~5j_D~U&rj{QuwbXI(d_->8KPRL|x1L^Ry z9Q)zPvYT2@_^vFtb$st6{U=YB-4y;mcVv>a{!VbnCJAt>ouu&pxj*y!vD78>X{!xB zBl9VbIIW|Z6^senG%i!!_p-*WGv1`~FYd{E>X4tNc{SgkC(WR5tEXsdvei@Ce<54F zl_$1(>eIkHNuJmjskzXT-M97<)~vo=@k#^iHo~ruEd~9a_-1gKcAok;@jZmo{xdu? zu^9znO<(uSPQ-zF3 zCc2P~b$L%69h>=7W)BB+>|4N`UUab7Wv^2r2icAO7XI)XgHL1Lrj*9c`8nVgF6drG zd(pmGy?>5(TXD}2#(0pm*c-QqhQXOn9U%Yf@IT2;5^Qr9?}9P$c~2csoZx|5L3%rY zTP8S_MP;BYtX-<3=biGYEL@jnV1n`{gYteP3+5uhv_?}Q?HdTj=W07&#C}}l_dVDh z9{W@K)46J&^kJu~jqQo0qQkLNj_yu1cUqPvqlD#gw`DQUT*6~|M|Zq>+dMn}S@aR% zp?l6?&Bz(4_}!(B;3B~@EckZ9IzC~s-#V>yfBIX-1=zZrQN}tC%e`>WcCzn8NZ_l+ z20tV}wa%cvM*R$Z`N0v+Kn`Sxw(|Uw%tM?-ICGX68EjJccETHdIE@vb-^%xF;C`bz z$V&e(;l`HkEU)Y3eLAoY_8_;&ANf7c+ATBhL7%g68Q%$DZ0|wW^ut~4NpnA0OZwot z&WpS__9!;U}h ze^i)57~>oHc%OeSWva};6J`^36EKUs&4$hx@m2G{w*Y*^oy$6E@#u56zt+4k+vl7- z<&0j*9P*58r|-QReeTPYzvokV5`L@31*W{l7pU_LpZ~b>QrjoKMR{h$i{49R>u2bN z&O*X2rp&#BUC+93?9=Bb`u6+t7Y4jpFL>oeobJ%c(ofA%!p=K|Kji&9dro}+Ea%_L z|0mlf;AzuQ;?MMXmHtO)wX@>Jh?@aD3q=oU50cjJ4=S1@1FX+&Iz-=Yd}ssk480?} zz?`8^9|ix@OVK%@0c<+yY5MM1PE_wsm_ASAzw7mr4F+!W%{%9f*Wu%@hxR?cn1}uY zCPVKi`5qtt1JeM^kF$8Y44Pi?{m6U%xV5~AK5x&P;+@8m%t^HJkmTj#d68 zjaM^q^bIk^vu`RB|1V~oO*)Ms;L}Jju15cwdi@wQG)e|YTP0dWi+E6B>5O$dMENbB zp7f`oXFv4(O7wW$De;5#5{FywEJ)?CUUA8Y?INR`_inp|-5P!*? zmNOxO%{x%fT9aT*W9Y(u(%9y>pKS6*__U`*^HxUYCTo7GDMi>;*`&Tqjz4?cW-Z&h zkoeuiKg1b6^o1(h_zuqU@yGan{4V0Vv58H8gzeeOH~oLpPGEl`9+MBmTF6 zqy0Di47jJ%2D9Mk|C@%h;J(K9AaLKGL{E?f*G70U3y%K3N&U3sl688v=f_Dm?fD{c zy_q`k>mr&t3wX9;h4-mWkXv*2tK=5jOm#I|vZ{2z{95%X{C+);|Au;Yd|Wa7r8>*o z_>k}uj~`MRp6w&2)i2GWnf||N8}!t6avxt7ef0lLJpt|I;9bIdM!p{g{sV*sWmTWQ z=Y7C$5e)C_Tc}@Ua8ajxGyZSd6hS^&Td->+r+z7PtmtHYIM3#wJqPwflW@(aZOJzS z-=5R_UqG+n8}oln_j;TAWoy3!+Y!ITq3b#)zd*Y2d(cm;53;6+2k@#mtNdopP~&Id zo+QsRz#rI0P3y^XGWo3T0#7G$sq`)B!;cA<&l6Kd_UtvS6I}tnHMhG=bs%_PSyy4& zlFGGS{63NPxnrbd9jERJX-T73<_J#~F8Z!|H+MOJ&elTUu~ z4Mu2-m#7`IU8Hio#CjjIr?LZ{T+mhGt|b0Kfti{;BC3#Q!%u z?;x)m!B$ znKI@k%SqFRZ=ftI%?jebMj7R^Hfi{7C!GuI_fDZn?LV-84DMyXewjV#t(}wWlDs?H z$~R`o_H#D?f7!apiL$PCjgepabmv9X?c_vUb+7TK#x?jYLPPadILDe9Pu6qx5j>}! zmkie9k3cR4>+yT#*h|*VNfkoV*E%gvHidX3nc^Pkl&J^VpoCM#=l)Uk5ZI*R*BeSt zdv!*5s?Pnkdh840iz&CSYnPDr{ac{P50g#SbRl6ENG2HPT!&2HV{A?kma`2yeYlOw zfO8022p`Y#!_>Z>JB#o|k~6=39eWTt>!A#v$daWqd|9#sS+XTd?CpB)G+&nN!Yw)I z$FQ;S|3UMd2ESi^=Kq@-gKwp&;;+#L%$&Ey8`hVBmKDk?%6#7;j|D^X}IP_vITn-l@youW*(D zHsS8Aos%>DjCA5|t=oyMD^DG<;Z3kvAoQ_BiT0J z2<*cN*y`p!BzRDX{W#VYw~GcQVlQ>L(Qv=-Yt~-v3@x(9fP1me@FV>~Fa6MVejanp z_%_Y?Av=nlYQ}=}9qIjAC&k$8h~oMF1#1XvGPaa#s1v%o`Eq!24ecaFnD)D9ydjxr zA}mSTVflB}N3wSIC~}F8@%wq6m&xWO-Aau~Npl&t<7!~$D~;D}%l4a~_koLL54%l_ zy>rYr^tIv>_tX8z?CT(}P3-qLzHiFx{gORefNfo1cyrtjKT-g1{J55YHyeZ(9QTSh z_?0Z?`gP`2%-082tzVuW(f3*AEK$kUal8Rtr2j49p^>?caCyOaB!RrdIwx`-+{BhK z+IV zI3#%LUvR8{jOknNq@Nf(BYOJpi+>n|zR=g+0b3=J;S#DhCf%8ZpzG6A@9|c zX^iq+%=0kcpW=yKXQPKXz}Al+4Z_WNIO44-yOGo1JwscqQXbluPFv~7&KLRa7>W7g zdevD_FXr3~BMbfMV@fN&;m-_nhgHXb)!jB!?1tNzPw^6o#kj`eb)C2 zd~3a?f97{0@fzRJ)>zAUy=R4a9%F4OYvWT^uFeHWxRSe^fx7xO`jD#)Y`lrRCWo$O z@88N%&aPuW$Z7t~oT3=d! zfOM;rPX0Zm?ZUUm*xCu`U~HmuZAzA$f^U~_kv4)1)GDpgDGh0tLjPq!y7Pi`*ZXuV zcl~s~c~j|5X?yEN8vQZ!pw-;TxKI8EoegXDiVej)YluCt^a*dFcSG5IL8g7Wxgn_lT7CZTOmb_rCFSZKqE_Noc532IcSaQM-&aq>U zo#WCkIn|GzVaL9Ih8ycC_bTscOjK?yPjW|#&3fuIcS~D^?7Js;;-BkUgbyK}x$ zx_1KWrzSYn#McmC+spl&ecaEfbk(d+T_5ub?~Wyl)^PX0W299+Pb^@+K6&-Uo!Wb5 zrOeq0YtRLES2#uJRP0%&2wV|xX7{D6AJ@Es>3big+($KEcuS*O`6&DU1)D?J+t3rz z$NsnONWP!7Hyi~bP4aDeaI;2R&P=pP3z{%9lTje}S4kIu2UQu zd@kyWpB85gc#CjIKcZLH1v)m&duOJezx~2fTE~g+X*ynm;-vD^uZy_=zQ3(`%^bS@ zfr_UoclU+zKcPPh2`f2L{PcA1L1zkkp2B@7Nzzr3?li}m^asfj@?Dsm<4ESOXYKtN zidTB%C(2qAjgiedLf{ujZ;2*siYmVhzF!C$zH-MLueztpw$37-N6)vaPte|<$f54N z%`NOPxL;#$&dRainbvsfY@4#jgtv`0M7Z`F$k!AGXFK7MK+i^%9$GmobFt0=%=gn4 zvqp>caM&9&L@#mR+m=PA*{2My&#N!&nqtm1%s2Lf`}bSZQq6jxeD(;i_hC%3HxOxB zdKdc|218ci`rtf}UDNzKLD`6{@wf4VaZk3fWx7h7NYEF(h@IX+TQqha{bdKRHAA_U zb;L@smLSRewxhYa=zz^#!gW??ct&ce_n;MudghFoF!1= zJt#XB*Up{X1K_@OVQMP(;6(4xVd3FZRZ)RxD(8^qi+4mbpc6^v5 zRi-q_0pv>e+;=2xcUkaUnk~~U>1V&@!~Xg?zwanIrf;v?$Y<_0>KHuqgO<+axk!9d z+h$xTTO@(rb7cd|t{=%wTK5f@xg8_R^`3Q(Z_g+1rkzx_aWBV+U@fnfvCh@piN-m& z_g|i@x7nMMfB_zn9DNa&U%+8XPk=Xw@37T%X6( zO`&8(bgCWA$96tKoazW(M&acM^q2efp1cWqIJ?oZBn!;3OPAKD-m~jDc&9&`l*b-8 ztx3xT7Tes7%;!jFmDk6Ywlj4?JnLcwnyc18sU9E8|=W}hwp3mnjqC~*o=m_UN zfwx3-jGdo~V}D#NUUF~m<*lsaKsKV{DSR|MEn$5J`7hyl#Kd#XlVeSM#HV9?JVOWP zV6}4YRpOR&?223G*!g2McD&t7R<$_^Yb0vNwtC6h9>>#KTXfgND`+D=e&+9auNDm9 z3#EfPr{FV5STUWKlaU=?e;R)_dhu|_kd;_w>{oaszHyhyQZJE=MzLdA3$)byXzO}{ zziI$@rE9g5tjlpi+y&^$uBMxh3|igv6Kekn)BfOJuzpwf-X6MIHVpNrwe?Z#jb*Zj z)|XC`4O-y0!DsiW4T=tI5_GI>?Tope@g;{71$Q(!1#8Yru>Y(n-D>f^(9Q4sq!pZ< zmwr@f1AWc@R`%+}?Ws97Z6e{tpf5_FDm&y@D=p0E;Na{!&LQjYHro>zw-vG$dnNPU zl|8w30pp+$vRcrWx5A+#uE&DwKq?(MN+Q`oO4Il{m2q?d3*w1qO}i7O=sU3t^Jt~@7y$Xc;%Yb;r{rZH8y z7CWLnmYjlq4t*cHhG!My4C$Ia-c6qbj{g*&3?66@eQj2vU|`0+C!yC{)4*6G*V3Au zrL-69`E*~;3}iZN#Wv1noVwYHmwVP_;KieUoT{?_u#qw1_XNzsI>R1K7L7lQ!r>KZVzxZ^hQkvcuFR_aQmqTd`Lj z!w%YBo{Z$d$9DD_vwttgjPgJ1tD+EllhdObX&xmR_H{RQv((>*b-QhXHOTKNs+nz;YbHiO5v$v$gC<_7KN z-k_dEQz<-;XY+KxTH$VuIaRXx)>2l|iKpRAJ*#Zc&G^dVTsm9&^U{E)k*)AiJWasA zcfy~;ltnU!|Fb|c_t+fyUenInb5dc|^BVEj>~D0cx929SyK?s%SsS#Rc&1L3PixGp zQQcxMO4fAGr)Zcex&j*Jhz7>XmB?EaJe;C&FL0bE=b8G@eQU&Vu7%IDplmh5k-^K@ zyR7s&vTq@RNA9e(^=TQ+-*>Xm1`L^|)=pM$UE$R~jzH|PF(MJoR{hh)g zT5_m!*|L1cX)`gc<&&)+#J!8SkDfTw@r3S|jVJqVCh0ZS+FqVoHjVGokR{gn>yD2Q z{Z9vTl;}g(q7OK)uZ+2vT-J&Gjdh>lpLj?6ErE}vYQrbw#OLLA=XjxqSgrO@k%O#_ z-?#QWU*2<>8&ln>or>pcfNQgz$@Dd0=!wt|SMdwu=U+h|AzOX&;B@=)TR6{)KCiYd zwlPhe)VAXP+&Y7?T%J{{eu6wsS6`6?c7XDrb983WPX=ZrO@D(O;?h@!TAjt*0qWNi zHXr8_KB03eJEp0Br!HuN;!~LUj4MmQ}OWib_4iC8|WifQ0zIpNs*2Bm&Je$Ql zliE|I>Pl@ydYrR5L%^NU9!HmPUL~cl-B)SKzk}_kM`?+&iJ#%ZrP?{E3&89oeXUG+Qr7Esm-jd*-)A+3TPemt*uQgodmx{&X(3~l0% z=+pSPtuz^a@JuIPc#!=+<5Sy>$l5Y5wDzo29`h7Oww&gLx}y6n>6Nu-Tgct9-=ZgV z#|(-tv>3T-l@4b-?6Eday8KCnVK4U%+KzQxCeL(2oz@EL_C_}k|9!fv$jiTdmfjuC zIdNovv1ZEQ91>rKzYF|BIV-He$xf|wrf7d8=2g&+7d=vx4D)R89!P4;JhL^&sok3E zVq3X6XL;6abl4R77kmyjYjzXq!9s^KHxf2_jyo6KsOG+gKE&SpL`rA>j15k-xKq)^ z*75rn>BVfHg8zNOryyIdEuPR>kw*8oGMDKkmXBjE#Yb%Z81q8IMDoCnA`j16Odb|A z+oG9%^#bJwjC=?kz`r_(&h<8@)OYC|;EvY3CpFeaX2hE!_-j=wT>ROd=T$5JR@(Yb z%QN$U+jElzYv`9-;c;@#QR<7nIPBJB>y~W$K)NN5wwG-mc%5E|{5ikqNwoE`_mO{r z=u=%&hFp!SZvKgU3AP1I&myx81D8HY8Qr-b$iOh?R#vQ|#|G@4JD zb>0CwR%ZjnOqu)B8%Ae7aWrC4bq^#%$izLWn*oF0Rh>*YK>c+T+3Dd}GV0xC+v11H zO`y!D=(V@cmxo6u=GSLjUj73egzk7tT)^|QC_DYmOx1^q@WTea5kL`H$`K}z_c4S`ckkVztZ2(U9uWpF!_u40Vk@iS3f=--_k7V+m z5<4ng_ASbGXF;-pGFEPYewBrJnPQ`3-=;hrw3mbaCaztiS3+_ ziY3or|3=;uN1s{ZMRr`Qu|QILD7a_KwEwrHpD9<4(s>DZLVwmCPlW>gux=;mvAwHR zZti3G2yz~ky`i>{8H36mQQt~`!aV8GPu;;eSKx~EfGZ2G^E7-;Z_G?A8HjF7AwOzY zE5Rq3SflCcUo4A{&Ev-Z|RoF_Dc1q50%wj&RqLtk5t%=qfv*u zZx-XD3;*ds&KV*9vaZ6t(#LUhYbCbguWvukHTHao7yd(QS=|*w#m?kG&hg~^N@S>V zfcINYu}j;^>aGGNtaj(I1s6GQ$jSW}x@M#CHO}u(@9U1b(bkG-uYfPa^HqbhV%lqO zi?d?d?=v{tDyAJ620zc2NU!J1tars$HvN5EXLH|zO)WjuUNP+;FwD^C5KGpR2Q@>E%%U$%aq3MoNcoc z$P&z#1(S$-#HSjM`03^a>F47Ustj<%v1!!*8Qle*1;9k5*KS#uD7=fiRBm2l8=qmw zvdlB_74=N3QTbuc3B5!fV0}z0qmpt2|QH{kun_O}l%h;~U*FdYP$EykJEw6j`5pdjH+O(*n-2EsvlqI=BZi+H; zCz(;3-%wt6{twP|;Gx#2B_`YpvySzmeG z<%C}ezFOX|P`vbraH?%mSJG+4;8*-rit9z6&>k-8t7y8+d(f&?9rfiVCh{wICuPF- zJVLrKb#&Vf#=U-6y}~$G3OxLX`ldkxCXQpD0Oil`BfnXk~ zuqssc@4Y)!sP9`ByHjuWQYY#DM_QZ;@kqSL@F>F{==vXdgTBwj_Gsm|hVnL0?&#X{ z+^KyP%_AdI-4V*W;^Ex>Ljez@2gC!T2i}GUMh~C^m{%`)=!r8^e>UD^TwdGPii|`( ztM>xzultiauQHc*@{K*wM3nE^dhAq{3!TKeAf4rMY?E|}Y*c7|+{`B|@+`rKM~~#B z)0y&%R~a7sZ)D`*qGWj$G;l^}n0@vucSNjm_z@F7s{L^G*x=`hIOPxX+mVxye5`o5 zXl{_V`#1CF@w4qh_|q&tL1RSxFub5$Ap28kOO57X6! z8=S&DFUVuQ@MiKj1^)tIbS}x<4ty3$-yYw)NNrs3;E5<+I#f8&qealE@rYm-3ueP4 ztC;r-HxydMyG*`y@ALDoyXdYne4B-|+TT$RzU6 zF&s@r`8G1Sej#n3(e!6Q__tqp zl5>L09Kzg0nY~gvdSLET?3+EjhCP^Tl5?L5ZDKsjTwCm{sE&o!K-$+yNO*tQpKW?V9G3FY_4xf<_kES%FjJ*j(ik8F;nLVEWewA08_ z5#_1r>wH^PZw#%O8d}#JN$@#FBI0t@+7SUBpp_Qp(_{T=FGo?31*cc4H%yXnh2{ z+^+Qzl2crBe-yqRvu+~4v5Pa_6i%OBIZ$p#Tg%-q4i;MF1BKQ}KEt+h_e-x8TH!#C zhJgFBU>=D(6}&eN@y>G|Y4!BS3qB6n?8p7{;8_5S83*ALExhI3x=RseS=RC2Bmc_0 z3T>$^-gNmeusp8-zn)jN#+$A}UMqzoW8Va{nz0RQUcwQ^RlqT>qI1CJ-k(dIl)F!o z_tOELPbt09fkSqw<|yPFjkK4$ebB2i^aC3ajBxVZD?8Un`D&Amdl9l}{D8 zCloHf>dmLv+^siw5p3>I*HZj}jLwE@m|oXY#aW)|P3ieIuX zTbcKRj>;fyRgiYdUrAe?N!zx}33p+4cfQ|NoyCt7I^yZ1VgFeoeh=^tE@MB+=S00p zua*K6ZN+EJ_&?O%>QvKSB0ta_8}uV>7cdu%&pyC+b%5`hzk=`Do#4Zs96`s62HD)~ zfwW^oJ}uOfp{-9m7ESQtR9Sxl7$fVa)>YdL;KVQ7Hr)%I8rQnYtDs!i+;2VIWjTJI z((m8(_-C*;comN7kF>li+N_XmlNZGfYuZ31$&P6g3WE(Oa3F%y^7n+1u)`2Xfp(;xv9K3*tCKmUZtrb{TeW$B~J4E;i|E}ad)O!3 z!(1kI@H=MpkG~-OL-@1cC;^szyyH96{(b#rm1vHLHK12(+_eDz&AI4;I%u4h`!Uw% z-@i%ct@M=dy*yD?cUgB?Q`M%5<*$t8dY1Q~{5IBmd5)gbpFYYN7p%?DT)$PrzCe8K zfBa8;O1h)n!oPJ$@#xBqw(`AK7~i4hPs{gSIUI8;2YIJnJ`rf6d5zfa@eY70Z90!P8!`{JF`#fAxprA9U#KwSMuUk?}^RKM0;7>SvA4g`r>3cr-L( zZQRvbnxubtYffg}5#zk~P%p-RHexsJ3hKn{MHDYpH^^FCJ~jEy+T!jq`pPxN=M;B8 zG3fi7GGl$leeNgW?WYdmZ<1e(^Xg;U%DwQmxHAPjv|aaFKimrqMC-W6-N;}e^^R|- z=@ooKQ<#HTDp=7!Xl*>eycug6Gyt$JR=9r9(HPLcS@NdtvT2wkVzJqri_Qx^I+^O!X%@FuaeuHyti^qRb7O^#H(pK``6n$!hfnH{Wa@ z@559d?W?`&?aPwY+ikBp$I@9O_ov%(lk&OM%uv6twE{D(&|~M?&|-xu79VC!q&4Ms z=APB}Bd@i0mZVlnUg^hlp7$DmeqZakS$8qLZgg-)(<_V%Pnu&sMEIE9bl@;?;*HjZ zz@Hn8f6y-%I>NmP-haW!XO@pJ@Ld|+VCD+(fu1@pYWu2Xbk`vD!`gxnKl#XVY2#t7 zT^MD3isUBa%cWeM$WB~7UA04%sU>|_dkr#k%vx8!1|0b+m)fH7AE+(Jf8ak)_zzCB zi(1-(@-{vL>dE*K)Q@M+J!kQ4RPWp^`${%_l4bdY8J8QGM&HD-=_)ssC6kfP&t0=&Bo6hV{cc-Ku*H-Fkf2nOKUzpgVzrSj&r8lD(s7qlTvtFHiEEa zYk0Bp1)YymfQJ=CvdFH4fJ z0b~RnH-$05H3QQ<>D=||TP2r?cw*%v$mTZ2AL<_;X6(^R-Kw2$#Sci^>3yTnsu~67 z_vf$%dydWebEmQg-{77?OY>qHCsqOb1TcE8-cW88uQ?z6<+&&6ub!`Z#k+i%FFxx( zzohY>@Mp$<5a6_a~p>o##`e*Yj!3$tj-n@%5$F1k%Se_FP}# z_Ky^@Mi~F<-6g<&%Bdu+z9*4Zd*mxKX;_<50_=pKP6Sgbn9fow)){ePJ0p0z>V@3>=DqB6)oerHLtK=u!G#6&xEOa*Sj`jTWJx^4aX zIaXoMmH6N)+~v}3l%cR^hF7`9=+0AlYE?1cUj$8mk>?w}>Q!z1RI=*PIaU#Hs<&&q zW_VS|R5|rksX6|Z^qb#8R?M19#+5TAhkHKAxbps##*_JP6eSr09=dufcYCpCvG)zu zdU@Y;ZQ|aum3{_Uk&kxK&_vp{bS7(e__nbnwEixazCrijcF?a#-tQk|o)Y~X8lLE> z-^eGOo~)^JCz$?&Z}6BtasZsPL(_klu^4zrZ~AZ2+(4gsQ-J42@I(elD;%PObh4kN z%Y^?6ijz;6_eSOv3y=8u&I{6Whl9J|3C05f4l^Fe%0HUPU%qY1@f>tqc1V2MoG|n2 z+t7uY<9;M36?(SFt9cFI?4BZT3gKq$$RXZoFJ^ur&_nn@QWJnF_HIv33HPTTn+hL+ zt2Xfy3E%8hqw}|le?eZVlL@2L$p-da?V0EldtXoa^WD%dwd#ZRV&s)JK0$Gs^M$73 zS?DdkC&34;=O`w9$;(AvsoGai#tGj&(~Uhene%Rnyt0Q%lan8M#G8!W@vj?lyvfM+ zM@e7&t@FJJUUzB&dae{(Wx|GVs$d;`A~?dp74Mjktll{xS%92YLSLM*Q+}6p>4ao{ z&~61E*#iu;cO6CZ2v=TcVcge?_|44b=?_B#hximagVS!;TgW+x8m4K zX`8bJcP?>?cU){0d);0>vi>QrJ0UygtqqY>2t74{vE3D_FWExcv*2~R6RE3+*5I;t z+P}{bTpCNfbMfJ?;YY()Z?9ZC*A3PoHi)h(={sw*pN95xZfo8`YcRHwF-{_ck9w~5 z2Jju?`@MXh5qx7?CobfBX7G*Ol4#_6TJX&rxA~qLeCxiIdBmH&!?&D^&my++vZ2_@ zj~!wBo#ei&!3M`7+>8VH&XJzu$(o2{lxN;xgBv0~#xo2(|2Pm^`SHJ?|IED*YY*6* z`R3a2>L)6zY|D(j2roL}MF%$MH^qxhWr>xnF|2$jui@S;GaD`X{F2SlEmm@_9p#t9 zFPC55;H8duB7K&_{-N5f@C9A+7HO-7mUvdT?bV|5;Y&(mh>Bq*qF6&Raj?iOK3wF+ z4;8sF%2YW}96VOPyd#D=ThE1ZB{~by`a2xCImiY(_g{+rG!;&&*kRe%_%GDg>=W9wRTQ| zF_7fo54(|rGRfzB&Q{R5mE`G2Hy{_QkiDgpYc0?B?u;c^ubfy$_~+M6NToOM^N?NQ z?^r+0DsHpT&-dGr2G6RLJ+&v6h|p(h{Ct@A@J@I``j7C<9b<_P1^7NfzP}eP;UqlD zx`u=LCO(SIU*LVy*4dfARhaNbrn1-T0dJDd3+Q288Furp= z@~r>E9H`}Oa?0Vwh~5W3bi7WtBns`cx5*CI_ov%cr<6Oh#_eZ==tb84hudQ*)f4@< z6-ivk9ayvx${g#+aqHl1otOB3?7e?h4_W_`{wSvFy_o?{(` zW!VioU#Y$4shC&)`__+uhXCWgjJ*KgyXwgz;@Cc} zVqE?o`naF1>dVfHzdm)pb2VhSXb$=nq+JcXlm2dQe>pGI_3XWqim&JY+$DTP@8mG! z$`JP&be?_gSN3QGaarnwsU;?O#?_~)hXVPp zI@d18otum?sr2x&aA}u5{fWh2;zxsW6uj4T6*b&&Z zKMnN-aG#93?AgR~C19t6)<)nA(Du^qQYOU1`3dM9-Zya^>NNVDpMC?nW_(wkSw^3s zobAN+MKXVdGQdyhIEwFR9jR)ae7LH$ay+lXXI1Nz{BGHYP{H{b#o;q3RQ@h_)+z4%{O^znQP*fD3$cWU!f^Z33V$AoOVhbo3*(1DvF^WdS{*2fM{ zck#VDck;k=w-ROY#?P!*)DQM&yO@IwSM9FM!$#*-;KiY^jGs1*kEDk?e{3hp^ z>QGPM)pf#7Io|Dc>kfhDq4{nV?ibI`cN{$9+j(xq$gO#KKNtQ9zYpApGJcr6^1Ie^ z-~)0!5PbbF(zEX~LWZ9=aOQl#mBr7aonXJpg+pkEXa{A`HSA?{E^zGf(W+tDKm+mLJ#1)fW!!I~LHyK1mgNxkQu7_Q z0Z7}lE0!~*<%|ybXmj6W!be-`5wsEi-G4B&H&R|&7BkO0R&Hq@zFOdWWCDDM|LzwJ zJ~>Zu0(_Rg^FDlhFYKNP@FD)Ye`4^-_lf=Zbe|~CIA2-ByU(AaeqfGwgfb#-%Hc@a z?3V91LuDAhmLHity9F`}V$90%a{15Un_Y18lLq7+-tR^WkR$lGUUg2}Q~udL?#aM= zN?x0*qO1+=;O|2hG;aoN(#1JN-(910M@LBaAD3gk_kZf#t(J9+UUizfUF(zG46GUa z+{zBT-mqjP&P&1>tSYzfHeh~L-VNt|V7?!IXiB67-;(9K;j<2!cf&{K>$~CS@oxAx z(GKA!;7mn_-zb-L4C)5X@)W!CrL#`ZCxdBzd9z&|#@-@hFT`%6j7!Mhlf{4h_h?r) z_s_TQgsPr}owBd6z3s+)C&tQE@Yg0&7KrD&^*0_sJf6>Ld;X`r@6GSq_#LdD|26g* zz@7)W|Co6H5^L-i=J&1p<@~;uk@xAWoFN1fco#5AS|7In8 zw0+KvH^C1-I0f(Vfsd~o>6bMx+LQ|TZnWchtfRoLRUuE=5xiS;81tn^7Kh6YFLvky z{c5MvO5bowUj<~aua&m861J4@mO7*Zm^VSw`&K09mpHd{xEkvmcqasNsFU)$hTt?{ zza#oez`sX%vR}jA+ThM$Ujyt`8T$^@%|gIU-idSj^L;`K=X$$kyIconkKuj|c=&fO z{tWgI`(nZS*ZOE1ryc?=d^=I_;d_`N;49zLiucy4F;*y-HT)p<6yPkJ))3*D_t3|H ztFN`E5#?ci;K#Va#XJ+zg!k6sk*kFFDd6cwl!5yzDskso7lIFRsl@ws1Hi%e?uN)W z?*EItSK@tL$hI1L`>|HxV(uOM?i%9x4EP3aEBCNgvrLf3kLas0j(7&hPw{+qaW;i*3j%iaaZ`}N+BqHdm5d7r;E?0g>kZ@H)V zn=Snn{|MNf8^e=!qE6J#g~g`Go*LSM5AmB-`|oD^4&@!`-*mswexAE?lyTHcmTfB9 zg0XFE50m!p>f<`}%tJU&;>)|_8?C|o-#b^&$>Tr|XQ=GdRPcqd5%mCV-^JML>inO# zN*L|X-HZ10Wws6EL3yV#55_S(H{d744}F~63mCR*>M@^p176-Ick|-69j->(zReMR zp)G`8b&+kHFl7$PPI>AXITD@#UTlJe=h-BO*5;9?mHyG>Bft+CUj+YUd_GbqbIEcJ z)p%M)PS^TzKt2`Z;c_^TK4ll`hCFi&hqC{Qba+0$<%#(r5261Q`ZJ8JCZS(d9>62p ziYfcM#PdbWGc)fOm%DgR)hqvW%J2yA90mSeZhr;%tl)Sc|5cZEN9H{8eM6Mt1>%AH zC-Gf$UKStc+wfjU@X*Jg7k%NW;J=cx;+^tFImI4Y-g)QvgzNE#*M^Ztbg9C?dUdti z4NHFyzW`^J;eD7&r|Q2fY7PFE6`1!HTKOA6L+WsMIc)3KoZxcI|1eGUTKz=M!~JDB zzqw8SF+3HzS3$bM2WSZW7mIR!2Y4M}ITgR~h4aXqsYis*At_V7FF%QOB=P_~rXk-2 z+B%lYmXo%PXKBD+XFi@c$#VdHg7Jjz!$3U^-0C>}w~1{o!IM8*}CpA@c2U$bn}>T|=DX;d{$*mPL8EdZ+7Db3QizwHMi@ zE1xP4mmRI@uYL-;3Eb};t?RG0JV5`X?HRlnyFss}I%UMYn`50J~B zu#TTB{^!RjM~=DB=VI(vtl1B_Q7-gBY`xO%PgGdWdW_>j)M|VzHISTpAfeyW}v&Q83)FZp63Gxo_gF2SPL$~y@OkZb=7%u`a)RH&90hy?ch{}` zWwfak;1l|DV;y9Ap-$|Ew2Pfh@}B%HJK>wM{FvJ)1CFx%)6$<#$^Szu=7=51H@wJk z*#9#Q@|g*mf&ACqD$vE83!VXoJ;E~xLwOtmJme8z7%7nW-m%Jme^pJLzOFVmS1P$uGl&k)+_=7aft;WEgt zk~~u;N60H|1$l)$(N|%v7;O?XFt;S-n!>bQsK2K$UOG~R_xz1Kknfi~8v?St25r-Y zKYYvAus88*s9)lFssir-x&7d|Zw${zeLU|+J>a|Qw|r-MSkKNm7dG=9GG5xTYVSNPO$m(0S6ZYv4 z=pL==!yXkEzUmNd*Fxy#FKACu-!*`xO@NQyIv4qCc43VIGI|H`F2YqN{1(Er=jVtQ z_a7r%b*Ls^A!pK}Zg4&r?DFUjb~7FPvaO)rZv&3%11K|WW%-55etw&zBCqYf;xKqS z;5s(}S3t_XHVj+Qw+MM|`iA5|9}5`FKbDF8tjSv&Ci8)y_dg81tG~Pq~@&QAWav;oqy1Vt3Z&W+ikskIx zCgc7o;Klsx$|B(j2U!=gQxp z&Y{gw=Lo}i*oG;rPvD+>2}Y+K>k@e@i(WVcx!<6{}2M@f$%0Hi-I&?^}hh zd+NH`;?o>ntL+eFsbDWq>OeTQQdJUy%pG!7rmN znYs&OBDBql+l-G6pQZfh;xN}QMtae1u%E09`gBWg6~<10J%G7`-dpoG8~ky9S*={a zOT|f)4|RieUd&O$C!u_PBHsnU+6w58%>d>!@2 zc7gt?uY>6FISIdWPp$sWc@EM>C_oD9wpRd3_y9wpO{I#?>*r?I}%<|<`KVfTH$q&|q!!obX zUyptfGPk}W{F}X)r{dZp&#A$;7Mz>x{1oT0U}K)f`josA!!ZK%ZtAtS;IKiQRe`fF zc}|8o+iY~F*(1Dn4|uWo{PSIkuXz514`2RkQqF16e|M)FMxC@eOCirM+!n6h?K+~f z;D7QLZwps_sWDvkSGVE346NUQS2-7wcKot9mV-y&_yXoEiQ`MlovFZqbwLN`$BQ5H z+i^514z?Y^(Rg_r)?Y{an#}nK&P#l=&$)4btAlqu#n+omxqRoA)-w8g^!2RFA30#{@X5Is>>2#;f3hF2%=aa{ z_d^~kp>xdt*H87&+;d-^dVCe$KgPaEr+RNV51#{TweS((SJZqNaQWRbj+>c(HXnq& zoBn5u`flNKBkJgz&xR4-PamoJ^UH?H7~bFR-1OI<4^P^&3Two`4Lz-99;W~IWqoDe zy2jxikemOk4sjvG;k>)25C@uPK=bDO*Im)m^DCjJ;6ZtJuBM(+c7Azb+;eCz+Ut3= zQ7ap$!*P30#rD6$$))5^x=-IQVxxxOU;%TO6#J z;mnq}{Rkh$b*eZJXmRF9+(>coD^<9H5;vD|UkTv~<7$z-wG!8Xa30rgftx3B!1tAY zT)+t$VTn71FmUz-ii6d=oqHJ9SBGmYu2zY=SK@kDIK+WJ!0GdT-hZDTc-mNjjKJ4# z@-xUE?*R-u`OKlWJN7w@D8`pL#er-4CnEqH1B}FvLH>Am$L90n3nRIN1H_19h>^d~ zk7cfpM%Fi(`_(!TSfsv3e{H@?ftI zjN`+KBZM1eG0ohk;O^qe<08(mxh9fF67OhH9)ux|>E`}B;c$@&I9hP~y?)dWW(JPd z-wOfr0>^H}k^a}<__^Z9|7&pkLUE9t-|NS+*o*=5@EIF1?*189BW(I-m?4a70M`(% z-MGGp%lvx6`p}a%_kO*%=#76}T$q89-}E7Ke@E}*|4x6$m8j_^efm2Agwwb}xWc&d zxcV3=ziH>g=AJkAe!aVLbEayK)oy_u`Qk zbm|jTxSlHxY+Q@$Y;oX|yNUy!sw;kP+OhTBT}z{GXC&H@=!$3ENG9%frE+ezJDpBt za`Bkkw#|Jg9q+pL{)g7P+v2%;w>=Y&e>Tyz>FR2SnPb0i=100ZB3-d0NUZ6J#?!e( zs>==aI9FGll!23y1IIOE|pG$s2lHzN4p6N^2LF~5Uv-B1D|ffwGmgYIIwvs zt}0w%Trpe+iUUc&_Mq%N=+n2JKzJXnqs4*F3S7;&0N42puG6^A;<{KI=mKn49@jx! z=Zga=gj21!KqIva*YmjgaUo9%>FF9=b-32z>c9n<^r_;&XOQnRAzY8)LfmJb!*vwb z+2TN^3RfMjwYY#g^E58-n?b$|c*xGcRgY^mF67T{#|7TAhj9%T2XYm-ke=I!s~6XE zxQ-PEw(Z3QKDPnqwpv_Gkj?($KsT-);QsV(#JvF6^N0hD?q*y)xCU^YD-LV{Ut5rG z3;5cS#0B^*;Oo;vxGq9=;3J8+KVDrN_-sy9&T&S~FX?PQa^%Q%CyDU(CM94FY^9E5%r-~8u)eiORh+{w58dwY9xa7S?E?JGl}^!cGDqfbVoo6htHUu}N#&E{8w`Js`~k)ga(K5fP5ifQG* zx+56e(Hum!_I9V;dGgg)|9Ixina+v`Ff~85o&4_Du|wbhRuuSP&JSAje52NAWM|1Xr{+S8fNwBgcZF z_9ISHvT4idV_QH^kUKTOP$(3vad6e(*>T#Ni_Pso33h z1UK=UD?~cM8X6do$NyG@KpF5gQr_)HUVH7e{vPr%ii&qGwzqF@Z@-A@gxpY{BT3Xl za>N;J>*(od8`XR3c}f45_T>)pNIpmpzh>vd5Cf{+In$o(Nw%MH&bPLrg9--+mf# z+mG~v-Ymo(Lp;Ny{oBD;>j?REoGr(WZLb*_YE5ow2fsn5N%*XEDl03&%TOx?a7JRu zm*bopJ$dpZ?x%sD3PK4`oe|zngo5wG2yapRJNma*UUWjCi=oi6S%3o@!UwXU{7^_K zKkgI&!_88`8T>UtE$8-~ zDvu+M-a|oi59u9r`ulg(G;QCh@T^hFCuH)s8+mNs*#rif5zmNb=LpC`VW4k-$2}Mt z?H`c_x+A#b)DC9_)cx48e{qPH@=;AuybSmBlF=>DW0eOqO3F>Vl#7G`hvo!da$cq(5xlwbS=45gO z+fh>z#87>-JfY|cN)%0$H)pi6(s80^k~?m1KQy?BPgNexY+X02Y?Z+Hv z&My7;$T#%g*6-^-2+jMA$kRxW_htC~5|X zjGy8S2I+s31kECUMF#M@1($^JhhdGsMdFF?PX1YTXJ{pXoRuLBzw0QTqVujvXFRY< z{IX^5N<66%jvyAE_=%|~`IapsUUG2@BORs7r_9t# zdB$DLHty4A&LkcEkpTixN>E6)Wzj=gY+%YHeAK|0?pNit( zx8ZC2pAERTXr97B%`=!s+;hc&!eg3ua6t18?$W%2FKFID(EoNvabR$`IC!uQ7wCMg z2Y2B6Z*|3ilYk@blb}V~CtEfDOGl9o{I8x@x~Bp6-}V;=zDIn>_q|gJ_bPct{#S#_ z&#UAa^iHp)5CC@;`T7;d8>f}`HxT}IRdL|V9>w(r`1*EJao~-nlJw+>V_q3_n|O|4 z`I{ENA718HZtl}uJow@{X6J8O2!DL>5_#p1%m+{m)6V11MDlUR##{Nz@XH5pY z!dv+}Eo0*=5R_jl{`&B64nuxv{Po3~*#CEK#erWB6$k$be z-tfss?tiG|kN?Dn;-2-Z@B8T5k9~aI@;TeDF2#Rp3?QxJd@kjok*o0ecYEnl8v=*>iG2LJ zi+!-JK2I!{>-!;}jgZqmv2%lSb}8I!mG7W?LFISL)3~=52X8?b_IA*POkv*!-DAbU z7l&})k2_@U?jbeYdy0eoxc3K(gLM~+gA3Bd!Q1vJCrs~mi-W6R_g0@P4z3Xg8TUHG zo+{|ho9K^$xjh(Lq{U(u4;M2#ck{)&zOmw zMb!kxFWwbR#o`T#E;GW9VwNc0ki|3Omf<$*`DZ%H7HqOsV&mg70)zuMLOdWexz%2S88jQ zoj`Nz?q3a77L>5fRz^Be3rXa#8BvAV`31^`L}xk~?~HflM5xLEt&Cz_Z@d~BU zj*0ga$%G@>Y$}=n-7Qcbf4bZWElT)b9ObR2B{Gkw@-d4gCu>_V}*`8~6JhEzMk9)35Lh|;!1zzUiK{-#r~mX?q8E%!XUDyuEU zy~AhB0GX}CRf$6df9VLwm^R_W_T`vubVz8mkjvvESY02-ffRTAwb5tVpb?#A02IgY%v+&*BWZ-~UwDVW^# zx4R!DL+d%$fuD(gV*TwBJyuRjLT=p>ccXjzU7=6iafj%u(peG`nK$0POr<*!{Ussd zA0zk1%i(LZ_!_m;6X9$0;S<$#mxV&(+4IXmfEoZqKJI(q{`v>*ZCZAh27O_rSW3T> z;Lf`B_t&pmwzO#pD;2+0pR8Z?$vamq3yllg^bPmdZ+Kw63X1Svc)iNu;Z!zT|L}%o zjYeQzSh&NY()}Ci?}Z+lp!2}0`Uf6d5<(2IInF2IiClbh{U@3X2OoX7e%+df9;E8X z&xB2_!mem*cBH>dN1~gd@C00Jnr(wgH+I5vJ0fU&TjC8S$80CPsWXxeqkZx|oBl!? ziJR1@0ADWUX4|tFKEIdMBX^aw~lOL4!uQ=sD6ZxKz+a2K|+vAR(Gycqs3SUwLH!50=h(oWlBxveP)I_)uh z<`_TQktO3AuKrkerz`@35udq5Pt?@oqQi1Us(jOC;G1e*w#e_pO2trLmA7 zI+})LDqOL0{2VYxV(z*`S9g!wfya2pq&m)n zSb&X~q|HhrLDnq5+E`{i@rXa4OrB6W=cIDF(=I%wNM{c2xEsjAC z(vitWBbhd8YNQ`UV?k0O%UU|FejIE=lD3ET({x@XBZ~MgD6~Jq4!|;Twr@(XZeDgl zHO9pZyX_I^BQ+z^hAkWQ@If)7f)q9Jd*|(Io_OPB9~)du+8-3U8bM#_NA2Ea51s2HC)SG{^r^7yz55e$s{#W5`6K{ zpF{++78q6oUOGq61w6+8=tVh6U^`8T&%~1`16_Y)@WXe+qnoqcor)hFkyL@}!d`4* zzbij>P&Pi2&6!x>2^kY-%f+(ux5{9J{;FZ9BZ>uPb^z_%bjq0j5ct)lQ3-k~%z30> z=rI`Fx?Bb<>}~FrK9h1wCOQ*nM3yHas7_}X3E#@yimJ)FQA}Jw(c0o}EZ)|=X_IIh z;MV8jY0LnjL2rZPnuXYk#m(rOQuAZf7>;r73jRseX95Bmqux!U@7OifR~oYi(4>S*_qs^`q{6Xt>!97&7F4 zT(KhkQSwC7rjg^|>K^HeaHa%>J3^>8|g#3z7{MRJkf z1%5nADKYtDl_k4v&!d9y`+6|y);(}8>sM46G57Q!USTarl z3_VzeD1CO?JNTcrI-NweA=-`})_^e#LtlzQ7^V}Bg^7a~pV|swYgeryrO%CxdUje? z$4w=(jCoX;Y2P@?guNVU$4e+=9N>o+`(KJcr~ZU>@|U|0KC*5dCSqjoo~k0!{oR$F zPlQp`l8zmxVLr)DjEa|!@}UVsObt0q<2JO#;j3vre>`J!is}j59bz6viv+o`2$W}{ zt-Ia9bTH9%!Q~f3S) zvB%wp1~kLiTc*%e!RInRu&tvv*N`nSvJ z=+cD91B|TPftQ7Ym*zQ?K0a(gOQ=96nvBC2DrK-?*Ro_VksrT()ZWl>pg)QBZSH;d z+`n$kYPU}60=%FQ?iO_3@L|wl#x#b~g#2Y{_k-Fxz<*FsRxj3Vys1zwHF@JS)f??C zsWjRzm2{_$-Zm`>=UreM{Jm=!cvJ1j@x*VlMqCH6{kSw7*aAz+jJY^0hEN*{lXl#&5m|Nz$cVf$xm;pihRDqs|$TgOqvq;m3G@ z_%uD15HQTgaF2dm)}0#ApyJ8pZmBKB=&_?*aj~7ca-$}hc9Zydcca}I_U_4TGK1ys zc-cIROC-%iGb5jwKhEULtfg|p^&3#+Sd_@|6F3@fCGO0-_o0V2Aig9v&Y>yig!h{z zhJEFyDJ8oifUYfQB&a{mDC=^u%GnOvB%Sj;ISj6_bfu%hYUfVhkNCUOaHrwF5FNvs zFP_Pu;FMkz*1X>RY((FPNCQemp!CVk81fD$Zc^~6j9=u<7tn9RwgOIl3#0T6NDu4n z39P5Fc^Ovy-X!dDcb6n#%=ba674x|5Q1eIzlM3Em0MhAh&&qOTgQ*9!gf=pu^WW`e zls`t^9%<&c^AuJE*&a|J8+6*clchO7cmQrBiWg1NB0X(o?%ngy(F>f;)9U=-B=zBZ@^qp64qoB%7|e*43D%T&Z2HuwGrz9D88Ms9_!zi)(9G7nAx?yKKEXj z3fe++cG3cTVb)fblBkdVbqw|kxoA&=64QdajbiMx?m~Boj1qkl`6aBV>9I>gBAFJ* z&nsp&359?sXC2$5oh2%*i;QEFe9q&<9m_?8S|3~wX^=XSdA0^Pw3wXbz*&gmkGL9W zVY1G#YW>niS$*ZaSq96@VxPoRiG(xVX>Eqy14=Gi@~kwif$XDmztk&i?gw?YQVhgJfURQheD=*Err7&YKpJCA_AXWB)k~a zOu0RRm+@_v z#*6$Ge>Mwg%T(N$@bZW=Hr&R2SZ(C`HuLD-GO2{yv)(j;zrR+T((7coZq(Qg znV}yd`>@xkyOu2r$@&}OJilTdIy&hRU_R+KV)!6iJTh_hz{IR|Z516Mo-OqM(0{{Y zX3&A%;S3@SpzXb}REKT@b~Ot}RaOckISJ3h(h16iNh0wO=4DHp!K!};JpNqRt@{5-s?GlP?Yq)F7_B zE|yx*i*$r%Av~pSB_cGv9^oo%bxoxgJjHar`98I7p+pEy#H~YIHKqkWk2_&nai7L{ zLW7g@h0|A-!g+)P+?Hk1cO!gFBO{b%AHp9>C!(88`hJA3E{u?j|;OVyc^+<)^UMU+Su_vgxA(#U*Sp(???E4hP6!|???D!W}VUK&hY`n zeVp&u8JxoiuVZ+&=;QGV2tN=@wP89w+ObRcI8lMP2V<#~8u@4B?L-i94|QXu0~4m$ zzPdI1w8GXSzQq?m+r+O%{2!F!lNSCl#6Rqdx9~Z{ugCmySou5wG|q-ZYO4)DgYYAX zRMLi@NB9o`Kij~+fbb^(Z^OqB-UxUbK8^4v6H-4X&f)n}pVnvA|D)VXqXGMdy|y?r5T8Oyf)DlO?JoPDx;UE2Y*y+CfT`c3Wg!4mzoj(M4e=&KEJd9;Z_af zJ-PM;e~vKYW4L3VE1ICx!%N!{CT#}`xmfeZdt$kNM>wE$DvHPNtH-7aY=aP-`)nMy zMfNJbgN(x!SRAFUy~OfQ!d13-tAts8hRYWxB}^GGT(P)I!WX@855p&GOt@-^$m!%P z6E17iaJ>na->%_i6Q0ztMDnj=nD48HH2pD?ZujLH{XChp@mRmW9-X9(N3onT^cgPh z)hN#Z+D8?_fsVMfQzxJC!36v;sc0^e6uF-4_rV~436EJyxAcYqhqFswdY+P3nZ8UJ zfQOfXyKsuMbx$_y;ANNaOgFEw7(6di4wH+8+meJIv#0ytv)*5(K8Ren%9zYHU_T)1 z`DN<=WLysOnKbT1Hv01N)6Bjor_zYeE9;RQQngw^fQOS2hNlz3~RW6a}5TUq7Gd0SI6yB(D{Z`S905e z{{Z@@0+-1f297a#J+jiaPOZ~?FW0J!Pt72HKYA3L_)#RO3k%mmIC;xvCF|o9%TL~^ z2SecXpq7FBiw->r{8A?#{gssaDar`>P7RoH0*2*3zIr?#E2aKkkvcce?UH4{b}60loNe@g?fPW<0D#z6Qc9=ns-krjpcl0 zuf-j$XPbLve<__ZkaU;j5UZ{D2Mm4WCk^7U^-cM(-p9ug&p@CH`v&;Z+@>zd?G>Xd z#6dlI1$W^YIwCmI2=8OQt-{;)*e*=DNRPCHKjeGqym_uCd{W_)hEK=viTfpdj*GMS zP9k2On~1Mj`r+>xTfurN>}7mi&ic0BJ6Dp);6cz6nd61O*fx>bt5v0R;k{YwW*|V2 z6$-=tfc0wRSs)B#IS|0n4Dm>kI{NB5g?Z@(@Nf!kw${?Z`dK#)UDy);Gv{-FODo)~ zkSp^uEl&Hww7p|-kREw{x@$0x|aFRrZT0&%iMF98o^>y-B_|rg%=zQW)0zzy)0UwEX0UWfyxPvaCzAa~y%T zaXM`9g7yjM0r_VBlWD!Q9Cf*lc-Mlb2yfcM>DA;R*O|s99{dr1nRe&&KH#fhKjWpr zC>s6_OWN^|zkrqJ?sS8NkbFbR2is@il+vbdoCqNvdPts54{I9RAo*h5^FG*vw4+*g zuizOn*1cUGh20|O(-)P7g(n@4258X+SUdw#7mDA~75j@kq)+)+TVm_{_*v3UwC{vo ze7{v`ecwSGa9v)u6s^|9_m62F%J%y)DF?a{i7qeR*gnK#Nk5VF;*Gu|ek)!Ai+k~KwS7q3bg zgKH%H&}#=ZO>`=tZG*Z=eKfj-9R~6Ou<}fOhx}eUq4})*UVF?}X4E@)v-y;F=7WB| zUZeRa^Vgm>G<@=Z4fUt8wb{w4>gVgLH81;*!4~8P%|TqOce%hbbW=vG@$jB1QiK%l&#@dANMJr3$~mvJO=!tdtcz ziac4?S^E5XuPv*HNb|5g(T)IaBKef^NYx8ZL$Pr@?eoz>IZ0RQ7v*Bvq)o17xl~PP zH-?Oz6uK|?^80u#={>fZZ;5AVqlZp|He~w7MO$B-(a`$(!3^c=2SK$9tgnGRC>Qv% zcEh$=v3(;*N1ERjz6M?(uVV4Amcg%^#H)QzEX6kc10y@ujio8&4y!x|j4UXFQeI5a zd>(uol<^xaijTT(uYqCJRnTQ!D88N&-8Z&hT8Dm_SpG#P11klI(CSkhQa?4I4Ls6L z9LOOM)$tR`_{OlpQC5@z`%Rp%or`YZ{T_oW*qaw zegg-26BpXQi~)am7V#Vl;2lOg{-qcsZc1C0KIJfVo-kF>2(})}_;a|{#9hse)$Q?k zOzrY;lZmg+b=x_*VO!TrK^J8m2;A&Cm zK`uWE7`#3m9)unUJj)7LJJ0i@=1XA*dVRRZ5 zdI;$UNpp$JmHnvS7k^lIQTS6P9`aWBMuk7`ix+sftn?93&NEe-_9Mo-(Cbmyz9ezB zahsXg%rn#n)T7us@IhYTcgvjDnYEf$XlC3B@x{-WdM~VFT%*kCoiS~l?L%R^8y6c{ zpLyEw$285en7Vo9IbS?=8~(4I%RSStY3l1|SHvtX+IRAr)AoB@^2KyA)QsWJTu>Ow zU1Yx+boUc~43nrTmp6l#;t?BDQ5<}87Gb+P?fmPTw*I~P%XTi##5-x9-ZXVAvTK3t zaJ|X;>A-an&yY3sk$jL>OQTRTL3{vwG9L1`cZ`use1LUZcG95^7SNU~ZlTS#wNK-| zcV20*zJ)HzCHCvE(vWsy>idW16jt@~HWpoU_)Vi*#9eqnVcxtz`P?RTc-H8`S(I1C z5CLXY8J{)$GVdAmQKYAN0b=U&Y@e3tEO=Jhi)E~Q_OLHr=q0yi(^%dxb$r&R2b>>( zW{X~n?jr025MBqIzBG(w+s5Fy2soolGRH6;M^y<22$*)09E0P>Va4%dM`ils)ws_n z4)TsRw)N9EI*WSpV!r>1W0yczVyOFLJk`J{ZpOR|(!t7%d`N$V=5g-sgECuwHoz_h<}kCoDYbXs9J zuBF}5{w3NG$t)Bba?Z%(9Ma$u@U1qDH}?NrtHc97tMUDcoAOh56MxFYqs$twGu?Sn$i*0*@el$ZEugONx2&9_Y53mx#rc#qEh627<4F46y#csQnM$2%(EorY+a2vNY0yTf9NOZ!tvGDd)a~1@=99hxb^kW(1^Rhe zdwYAMrqMo}I}9AB6esV1ku|orb0rwk=9q{y39sX$=B?JZdfUjPKsf;?ZD8I}{;bcB zxH8VGa~y_x$NZ7j``d?=4rx%Pv}>euW*y+dNW(L67KYLPUDUhaK%C%)etCT|bd%+k zu|)-*TY+n-Z@duzt`jH&;ADKTPs0O&TG64OfgJl1+J5%GtaqV-e8b0d4o+}G7C!_2 zx7GnJfCVL^XFq#d^K-6_bX86%S=;%UssERU{b_Bv&_37uNGWA zdVdG97ky>i-r^v`l(QXk+3?_FNXNzT2<3)(OP*PwxQz|ryn)njSn&wn=QZCLJg7_I z0lZLuJlwAG_i7FCV;vDMt>EVi32R#skA2(H+T?v zFPQWIUhYWZB~zTqDhFF&IcxKmK!@~PrN_LaAvVDUyYLejCpcS-JaCu!7x3lHzjP>{ z%y$y$98=Pdru`9F*CA}`hIh6r|2RzAI`UH9;)??JTi}EI6Q?(KgSuc|spAtRoLpx? zalCr?`EDaW;#p^Ss3;E7S3ZaGlHSkv=-o>PJsD^H6f*14G=F(0Td{-SQOcB77+YSZ zkzdvs^NCLgnv{j4;m$OFT?riG1aFn5`}5hl75hW}z&Bx;PwbVyd;z4N(E78s(8GH{ z^I=TFs`vEl7p*EMPX^=xI4CEpcceuf;+^&B!B!}o)kDATSp9hGnNs}|A1~q&c^oY1 zirDg5-~~8oM?Jlog*>3`FSn-)z|D9|qYOIs8)>XIyfmxqEFZSM2EmW5AIhE2R@SuN zR;FU-si&ZA>z>aRAMtqe#?Uo8$6{e@*bi^(dAJvNPxxevI%j*d^>6dqdbRvf7i=8! z+xEeFXvQC)~)5;=CkeI;~jJ<1JCB5j8@hhyV!hIF0{FryTg{5Ua=_`V9L1G zb^HM1`SzQ}|8iJ$?#w#Ghw%*FPh5ojkpGuw5ohM`Fy`kz5P1cX{lzaYUOu1D@bYC- z-5H!znuv*weRnDH(Z_TWZS*nUO=`Ge+T28&>BHZp-v>Kf=B)7cUcE~jf;eZ2;^SEG z-F*ndF2Bp?JzD1&ljvLI#@4@kP+^8UAp66(YH>j)M5h92o=%YCi?1xxyQcvQ-pZUV z93`qrj31%>C(jio(%>F(8HcM1bN0~=O*H!yMw(2TIUhi=!8swm4M+puBdF66@-t8z z{6!4UXbWPG3|}ncNZJRxQOihp!cu2hmJt(g{Y>IKdsO2UAKoxE^H?L#7``g`>NUp} z+Q*HYQ#zCjZ3pMnsc+N;(x5&t%yuLG(Q2c|Ck$0csv2{fGQEq-& zjj^pk$URh|J;tsguaQv$kKCh9zE`XKyjQ1qf3=%1OzjmNd+&gzkMyZ5B^_m>A8_1N zKauiad1d|=w9h@S^=0dta8ggCe}eeyKF9Tx_f9Bo=^Gb7rlc)AJ|^k!hYaoWrTS7m zoFjW0-fz+LiEPd*q~qC+x;YDsO?cn51IsgQ@3{-$9lA+b`)x17jHhqGc=2NbdL~%| z&#p6V^!>uvT<3a!MEMc9&QZC(4?F{bMUsAzHXLo^l63HkZ=%V%xK|Fe zOY&{?TGz-I)sfD{=X`if{Ry29j7Q!@m-c$`yyB91ama#m7*b}mX}k9E>t;i*S9OoD zo}CFJ?RS(JX<(i#8a2A{>sEsw^hGxJnER*TBRyv774ncYl#%sDNYqf^}nUg4Z{L9(`*&w?o-@_H!2URE+bn0t)N3|NW#Dl|93w ztChy^2Gcj2J~?V^_^7E@rfWZ67qx3Tqeo5NW}6p%LR9y{jSibM@FIPFK+?qS6_Lbp zdHM}G76B)1^a6RC%f&Czg`$*)8Rp`E6179cwFp))F4-PwDI7UyYIvQYah6x!mET%2Or0n=rXPBFzt3L< z&X-YM&@MO!fqRePw?g~smwQZj1K`5Sqo;pMk#-S$TtM1J&`17D@St8;f8txSFFB@s z**bgaIYT!fd@g~XRVXv^^k}0VUd9F7o((PKo6ohCLOJysI{e;2_cA2P2y1x1+;T3FV?-*E7pxLB_?~5$@`GO3%aCFx=P#ZTdhZ12izo6#xZH? zLl-8sDh{h##r^MDP^wI6Dr zEhtQ)-z2usMvE;hRCFk>sE0xYY@GT^US2u$7kl*z6?ug_xeK^a4zI2tFCQ&#ug?nn za}&esI)UW@$H_)yPj8{(l)_6HuQFwwrt=KkE7ie+Z?vx|Os+Dp;DhaNGWCUi-)iv5 zvhOirv<2Em(qz339@M+FbsYEpG(RpL^<&}Tb0)AsRcy)Rr9$(!;-~y3!mo10epei< zYxdR^CL0+Uy_0f`XD|4U&CX~1@|Pd5E+VM;Ava){di_|>ND zh!dZI`OQTeKBk|AoS0AikA29CupQ5euYowpi#?`koU$YI)vgq#pj~oIruA$5e3&YX zlL}J~Dvx98v3tKW z^L-4w<3~G7nEnzB{ZIN^^ruSrq5R@QE0?lmB3bFiPVFg2iQluc=G7UKNl z6{OJyQf~fsgJ;<{W8;b2K6`t{WDG0ol!dAFO6%oX^>1iD#_Tg(iZFDBz7_AbO_DbC zP2`U|!=7(*(Awr`B%Q$9F*w7sNB4slrtSs3Nw{!!bj;{}HFY04etd*w!6R_dhRM7& z+HDLU4>5Zw3e~d|mb^$^Per~K!&hCgPz}BC`W-wAjH~$Md5Z5DZJBhie`qe-e)U?x zU8n{;@f%&o=UG$_tM`pfr>t1V;x8{%co};JvUqdBk6rgD+aR3Uwy?YI@W!8spCg=5igkaFv#czNJ?#@@;*5 z*#1Rk{9m}LM{pOapVRV-FReDDaMe2S1De$rfpa_g?iQI{r7{_`eE(=4;FkLN?w)Jj z1ua~4%Evq8Mj6we^Y}iic+J{$p{7FNVZ#i~y6#2X+mCY9n0^Yp7HX<+H8JlZk!4Mb zmg6dv!|EyKnHEtVHAzjYNeeBF+hyW5_~93EJXolCMtNYFh)>oadQsPpnfjaoJS_8J zvl)ztjyW>pX>v#C==sUZx?k4>^h}6 z2KMkJu%cU6YyE4RY1V#%>yfA@DZ7-%1-=!U#`f=x8Blh@vd^I`WUOiENZ&GKZGyCB zv4K|`-68+f1&$GUmv(xOx%=lAW|%m(VbBm+*ZK0?g|fGpdIe zFH8&i#xDjZ`5J7&wHg<6ihS6*DjZX~d=s?)Viz&D96H9eF zL-CHsc}cyKC+au-?^!4hc#!7`>=Q(ozK-M}pWw}(&T^AS?7tYJJJSz{?i8jU)UvSL zoKH31!8mQ6JKL=nEsX3Gu9Vv$~7pD zlyfQaxCo!-9eiWVBDey0g&c49CtWQX_rB0h(8m&;ft-kwHVOP2zp6v&8rymaUD%EB zbU(D=--2#R=zi#O)5&vc8cvbdAr)`k;Qu z+QJ^yFZwRy*KcTVq&++bna?md>Qt{Lq9yxn=~F=`IRD_aL*$owHgnf!)*&1QTrcYV zqOV-oy;3v_cZW@6i(lvT&`dFF@5;;X_X0S z;wlhccpH=FBhrSiH#Td`Tr2pH`U78#A2aX3xZR~O*g!y^<$YVEz491non;+iEQzgE zT{$q0db<9o^2B)v;lIW3e*kk4s5{OP_z&3TT+|J$KN(xud8c~u0d9zSbzZokLuDrQ zGDCD+;wU?g6J@Lzu=&*wxM92Gmw7YF+tVHBA#8?kK8>GSl68v04KIx0zi>mp(Jz#l z@{u~l{1@mIZpbTL(H-Dq+pxT7S-0TpEc`5p%I1dim%+_?u(*N8;uc*(*#tkzEVL_> zhD}pCwfcFD|!r)q@fSM z&3DR`C&QA_)u8$eqSryvIDw1rxSB~)yseCHMJ)Itb?C;mDkt_Cw576^3qEBmk9K|I zb4C`|8QBCqG&m<2Xv~bOZQr(EA43lx8zI5JBt2_efcvHjgZuhRacdTfyyP!%{|j)* z*x<(D%hYk5mWA_~BEzdo^-NoJ65VS zam_*OVm<1p*0jZt<~4Z7;F9`nB5%dQ%qqj9Hy>4!@A$cFnY$YXe4ti85@G85rssqo zu>n%v%2F9#9rBk!v(d)SZ1T!bnAuF6I9n^8U18^AXX+SOd{nMA*)sz8%uDU4WRbbC znZ|FCGVNBH)}C@dXr^1|3TLv-i~VU&#FM%t+bGQ3tvu46NLvXs zS_3FHYvzcSoB5armzU>l)T7p$>>;(U+RK{VEK`4MQn7{dz5zobj*5)67ZD z>acuc<;8sOh4Y%TXzQgsalGHSQuJe%w!gxxKHt~`^-SN1;~!na!MQs4ga+$k)=?>k z=)=uH<;l6x=;$o@ez2$lzS5Lx!@J@*Xspi2ecUVDQsm7^ZnPskoo)DdkkWyd@F zL6*(-fhVYUu;C~TK6E4dZVR(io?>6&ld&IkPR0*1C*f+{ z^4$PwpWp%dSuFlq*Z&AJcFqlH7fsq;!d@o-`z4r5^1r8PcDy~>4?M%T@Gdw{(qetz zoJZBceu!VbM`Tr)@`BoRD|hTOlJ5@jM5gX68W-|?_^jp=JAiyF)1*9b=OFWX7+SHwidIK6t0{vUsQqzXeY@%WLF3 z22U9Ah94I+1&?R<*2~fQ58-e#Owp!R~mrQ7$XbveO1HbmDS&XQMtu4mTKngJbZP*!JV? zHF&X(JqB+R!bZNcTMb@MzGM3pD__c}%$6T}yf2H-mf!R5?RU=PQ_Y@#FEY3F|N1z5 z%_aWk*!sW5lzT>rKmFQ7$-W8B-7F8<=WF9|`pP_K17V=!UYWa6ZnitxVLqheFS8Q{ zY))_%=7?S)AAC)rRkNlCpCFQNJIqzN%e*OdhPF-m2*_Dr9~*1$#Lm`Kb!#K|os+bl;Zc}di}bQ$VQwAT zO^?puicEa-v3O5s{I_|<7o59Va2Mw8CGNb~oVmEsR*?_%1%6NreJKoh zoK+#;VB+zJMh|aYr*QOfUfM{Qwrz2<=6I`bta9sq(gQ5k64gfBhmQkp#k-&U&ak!* z+Wk?;o)`HW#C;&}nQpW9zi_MZXF1M7T48Q4(?#A`Lr(AiwVg&0uvy#w(eM(Dc7y zAKEb5uf$cLz1A4LM;ylvI$pHfPPM z>C;Bbn)3^4uLaN5m|GIFi)q&7C0s8DL{_DI7@OhCjQDPw)^i@`uJUv(o9H5E)u$Slq`k2CP)P+4r3jxOr@P;~P zo490OINFrzzd1+O^qCE(l(wluz)*+B!YtDA4-!WEMV}rRJc~@(x!0L|Eh?4WYv%Mn z7d@l&sQcKrL&fC&{lcQdJ{i<%U(G&r%s#51CwuANy?zrqA^Iw31%yP_i%u)P;a+|J z-jfl^K;PKD4=n5L(2GIHrvSNm??XUuFju0!OoeGvoTrO+^4yfdVq-h(9tdw=KJpPa z^Ab1T{g=AAEWQp|Q(6quOW%dO(NCehq1||Ez~`$pBW|DaDQlRkOSsu4Sns6Cc0%8l zcTYyoBMcbfEe+T}6otWe7friaY~)3no}UDKp6?P+oE|>#NBp#nGJlCv!YG%}V_FX4 zk#dKSj%OK<;O_aaEt>!M9^AnfFZCO>9Mpel0|6eY%rEYOfYG(kz7mb&BZ`OflU(N# z8_|n9@#FI2m-9$jg%O?4TT)fRBWwPY8T3GWs|wsrSa{!enRr{aUd=0Xm-^`XpG`SE zKGNHyA6jDiiQmY(!7qDLa@ay{_BSsv?N{moGT^v?_4m?%w8Oz4fp5VJKD}`fWleh# zFmWLx`xz!2DZ#RSDHD;w9-XuF#;&Bt3;77g`XX)7MbI5DN4qA?F&y77^za-5>h?OL58&OK zw_J+6xaf1R?Ma!iCx_3bJcZlqwQaC(6CFk$$~gNjB+4Xw-QGHmFH;_GZnr{ZNP4BR zp)XDIOZ0}ve&CS#bctu<5Zp^E#>Df30UAF`;}<+#_vroiJ_Rr;KZ;k3M)QK`D3t1(Xax-T9|KdXFtm-t z>G_7BL)$O;>X6nlE}zA1VE`{}hj`NC+SNvr7Erlz5B42tEfZi1cOVbSD{^GovelYq z=eCx$daznv)bFd1o!DiT-?eiK$cypsKRssZntclKDXqd%Pp1{Jm+Lfjz!BeQ{Ef&n0c%iA8a0blcGW|Qt#d>NI zT!gXv3*gA)5sxOs^4mUuc6&nHJvdkf9}1=~-lVe8y&8}Y=Wjf}4SFtNmptjSS-;FS zG#VtvKWI{!jKM>j%KVqbK_(jHoMjn@+*POY@b7yOSqL1?=`pnKO4@Rc=Sxl=1V;G( z`mK?|U3(OkvJ<}%`cM589SI{XjAvZ*J7_Bg52~+c<2)OIHt6~Hc=qNo`;qSgu3pW{ ze%R)fetb33@Xjn=IcbQrW9rhDpG+Q{I42#$J{;l$quAuQ_^ll5OY&=y&|K zG9=^e@CjKE>do?v%KrzE>xqm1dbx^kJx;cszguBsD6+=U`yGZ+BkPX@jjXlq3(JAW z%UfG2H|wD=tg`Ux-Qs2*$O-Knuh}->BkJ0QKVs|$?G$A}U8mkle+7DlQ@;K^V8So3 zufd!G=&3IyI5AP8IGbJNmw7!tp>uqu9eEi%4g{7hZNuU|eT(KC;Ke_|nJA0w9;gP` zxQMKwH19(?#=x^^lXz~*A~}NzUnt_~CcDLUG_xEQrh+grOef%MmabGRZsv-b&-!4h z2-CR@pJmTr;a}SC-8H`S8s&v+`KfF?#&PJ~^}h6g$&bBw=FEk{-RpemGngL9Y{K`@ zyK-5@&vtKl#HWT(59DqUOCk85MmptCzaj=XFj{Q<-Ou~-IZRWgsmFJZEjQAlI9^}Q zqbb}yaMW@8Im>H+>AHfLH9EP1w%?}D(EN!l zIPZxcwa;putY90nFhRo1#cTP=q=#d>FMXEbp)F43%upUHp7Eu-Ovfv_ooRj~N#wcW z1z&nC>boRPO+Srv%Clt!mh;k!@KTzz{S_B|`5cpmxA!T}mDDlIbA_gnA4v=O(yBBK zqhYC|mHxV~A-NJWEX&FcnO$5Sc9D9WK{rxjMR9S}!FyDYiz z3syO9&olbH@|dPip0QE^__Ay~w`7@3KgV>m+oH*j;Xowzw6vdajlo@}X@b|(b-2!? zIR-D>i8eF}@*ZAo)1J_ba+H$3a~p0&8orbC{vNh>P1YT;*_D!aJM;SZ$$_6vjN7pg z!F_GvXDn{RucRA(Ul^N)-c{-$dp_tXn6@gD(8A6W8>y+nTC z(=|3eqo1RXOuV31dS2^$uJ=8|4hy`IY1)io@99yRnExg3B|iv#B>e)Jw}K6(e^uq^ zJn`E|6Ms5n#%MP@lEntZ`&K=)dd*xH`)e>L?22Mb3*b2i3?Ah@M~tfqE6*!lBhM8* z#{S=PPUUzH(xneDeBw=oCbpw{Y40g#$N+r;Wi9+k`Bg5IuUAjZ2UE{)(n)`C?;g#6 z?_S9-Nrw`7^o?R!snxC+F_zE968R{arJL!3If z%2oJP?01bU^N>p+3IAjqZAfY&+P60v+N)Z|&?bG42hPcom!F_s4BvCvSFU24fb4A9 zIS!O^VtB;e|XDP=|$8eLmcM2Jf}^@!Wef0`$(V=3ef@ zOTLBv)vkMAD$^OsfsfMKhPS4{`m=DWI^xmI+3wDX;4I9#c-N*}$Hcfyy~tdwDHp#j zT38cM*&ZK3Sx)%MGGU#GPR|`zX9c!X_2WF>iz_zLhprh?{MIM5J{{-0y?LLU>WAHb z517)K39MJt7snJo&1*X+j=_V7-}nEs_x90oUe&$u$R5YzL`f!&LIjvFCMr=tvXw*y zlQ_1LDBw_&s6;8|;t=a&YzgaQ(2NqfuUnK{C)cZ()=<;>y|3x=AMRaQt1k6QofR*Z z3nmzr@2vs(89~ggZ|hqOb-@(V`cgxj%=`Q8z0aBF8A(pkkNZ!L)_U~JbIv~d?DISO z?DKsN+`E$QuJ7UcfG!OBf-)}a$CVi889dpM{1dIE(aly5zrRD}Wm^`HtRcT&=}^P> zE2Wjc_p?qwS?b&l+#p+G|1!eN{M^Ftv;8vF(26Lc;KBjI@l^(r;dyIbO(do z@fUsIsPP20uK((3QN`jmK&dM~a3RKb&h^c`xY&{_&9xp~qv=(f^Sah}_cqI_WEWm- zo`#<*&VAMoIaFPH>~#j%$!-V7Z|B@;b)yRomo=wj=`|c(pGWa&#-PMF>OYx&;$2hG z1N9b0=7Fnv_CSZYNB1(npo^Sq)_JfP4cosQ&p>@#En~fM0W-(W9@wfpV1xYn-fG>2 zaJg#!QD<&3oqAx8g+qB~{BCXV<-)$hg|+$)I-d*&JYI&)Wjt~w3FP~r+7_`Zj0ZZZ z`v@Ty+aHN|@l9QGc1rc!H9%E&KDbixkp3Ua1M41b$Motgv^EC#L6~YOQ%g{%qFhS4 z@SAwl-a{qvHQ~I5RMNkE(U)KC({@VQ?7CaX!}J}zOgvT||7II__glIUzmLcKYvUn) zD~Ef=Hd8+l$FEs=VK|{hIMS@LtEWUaNjIt3oPwN;k2Ldy$+T`N>JMNokfj)8lR4kDXH_oNLu`Yvp5wYe*S1Ts4L5}R zN7<0}NDlPi%X>q(K125UP2mmM!MDTl{SfJFELV8)J8kV8@FzbRt6_Zf1J550zzyY0 z#=cIGpPn_1Zjba$KVlsZ(W+&{kNDG~j(=>LBJ^fQ=uMuZP3E4H$Ya(AvOgV(Cxvk@GluIX_Ir8ePfK@$>hhJm&DRj!rV4= zL~x}YKzNmvYl;j}FY+#F4?K8Dag%smJk1s__^n1-C?nDltsc_f$&ZGx#RWU}EZiRW|`H=oxSCvaF1IqdirHk^4%Fy&8sP zf_dlsTVoh@TRXSAT`^(aNj`NTEU`mbqhI$)gx4_!@G16=V^$Jpi>>M_jEin|Uj#kI z4IhENU_WPq;8wF$kB}$ySIS53!O`5q_dfD)4uh*j4E^UuM{>AqrGj&GuiS+^6JW@xn?IU&O4$TwV zb=FlsMV_*pA^hBRGw?wiLho%h;v`Rz4dGp03oq(ayX7_Y405wh7kd6yxg<{3Uz8E) z0-i4UXy?HWJhETY51U^dyPV6$LI$yuz~_+z-UdbwHj^*9tV8)y-d8HRFZ(x?zt-uy zEIcq_8eDn>Ta%q-Gr`94`y=%tXVTU~j*n!$9FivtuX9isdayBvk92F;?taskG|vsL zM8APFczRx8;OKYO&|jrIA0rLQsD>NMZ~D)m1BM?tBJ|9ssQZ%Uv(t0Y&-tMB;c&-Z zen{HEA30wW&jRs-ql?4R!UmJk~zI z`2vtp`k+o9S|A_dLtDYg%X)%wxNlv%!S)<%h|ofR*f%DPrj27#iWlqPk7`>+%JOR9 zNxRDY5quDq<%R78mKWc4=tO+5xwFp0HYkp(mcaiobq=;48mm`$n!zDlX1;esr7W2k=n2fCI~*$Dw;B4&X0mTKjhEY$)|wxnkdlA?g@cCwO|syAtkBf2eb$m3}Gs#>?^hJAn(`CM};3*1Mh7 zG%&ohBarXH8*(`vlV@_>D-CA6X@!N9r{h# zsWb9z=hr@}Hebrpyp@RmtkB9g%duZ?k%jxT=)dbv*g3bhKHf5)V~dZj5qZ=OWLKlZ zQOpn7+NwwQB=n-%CvLGkZ$RJNSmsaL5G=lC||BTTl-t=n%Il1tb35U?Bj4=J0pU-5EE{SaM*j(vB#8|Q2iCMt;W(7ICU zBPsLHAIkF>?3SgOe4@uTSUHA#lE2soE^AwHZix!UWh};Xucqze$dkvM-RY;|Y5n{d z(~dUnr^rjkZpQLM^w;nk8Z}ebwv9??2G=mA3P7?0fvcw5pZBX@5E8XHoBxV(my%_H>5@4Dk6LBOsF0!M>TO- zxr6QD`Y7wS^=^pCRhV5K-$#4BvS5jo-7^{WLKV>uQ`^QopP;<5?oTdZvPo%KL(qFp zY41WjZp}R`pNyIGS-EE4%8wD?x77W}3mFH9`Tb-n)&`gazioJO;E%TC^3(Xe%k%-d zF6#heVLkt&peq4y_z{1;8IRLF;=%`G2Gw(2(&p9`Yjdnu9j2@dFJ&YyALOS_Gw)+| z+VWOmy4}VC`m9W|{o4oGk@r1?RvaW^`PsixG3@PEexkQmkY;d%<^HjY3?ugdK0Y{B z8t)lWThZ@q-aadn3r%?urt5I5Ot;&Z2e6>c@O3QGAaTXQePo?sl?Ls!^QSC0m%+>8 z#$3_l>D%0jg?*w6{kxEkG#;FdEu-9A$ z7-%~49dL#|=9{e^%HbO}#;;@TFgb7T>lwkd_PICWVdYZEv5M%&5kcmb=HOk}GU^IMZLOS=vH#6HfDw;DXR z5eH`EusW}_g*(aTl-FUwu}kQ=m&dzj;T}r^>q543r?QV>u4hwg5my)Y4e0u^jkM9I z$GEm1eSS0?Hp^a>jiR<}Z!Ta_g2=O}AN~s}WnCLEDe`REreWAlaPoj&<=I{3hdHNc z({`rg3G!3_gE4>D81)~j`cKFFS2+K%Ub{~@+GJSZtPgj`ax~CjVX|XGj&7jYyY()$ z@r3~`^N?rk3GdeB>4v-;(@e~=V-vy;bA1C7>Xw){ZXvEX&Se?q!(o?1&rsLa&LxW- zq#nd*ShfxoH>2@;4BN(N^QY`KGAOhKtxUW@TmIJkm2CPm1$7;v;SB zLA7tu;0DN6QkxImk#F|lU`OTL@4*s+!afX6XnCd02EBZj@!RipV;YfG&gu1x4T}y8 z?vb!!7jf1(*DT0I2CV-FPnw^tyW_@cZvSAPV~}}2pHgEyQdZhx3c}L!iL49PKUl;v zTl7cdq%4N}M2qvom9C>>TX2dAmM<4^4o6;W=qJ{A|DNJzC^y3lI5!sE5o|yl#KpN7 za$3Dp{kMvLwDC04hPcK`ZCumz2}>JnkE{)(z53uztgT`GE1leH^ofJYpSFbfavdS? zt);zPc%Cxaj?2=vlXkPW2MELZWLDm`r{=cpl9tWwv&*6~W1_lEG1+XGpv+g-gJKN6 z|2FdnG}MXByO>t2yBQmmy}p|dD1WK<-c~)=Nmq2`IEX*ajvH5Mvd!q~iex;+@giEk z{jCy8>bK3ul&`K`VPi_uGn5l|wxvY(PC!Sc-P2`t7RDiE9**rh#7B%+-~0Ay25x8c zLH{TE_&)UAjzFiO*W`tE`H3=k`Tk=Lv?wdwAHcqpj2*BHAbuI&ItF)qlPCE}n;v}7 zN0)ZKciRJ+Z2xditIVBCc^q1yX%y@hc|SP1Hj3}_qRXpw_i!5CQnsspM2BTznEa$o zfVceNwiEP}5haeZwD8^Vp#9rscx9H0Z@zf>{*WKPft~R4x=WDuPE9*85*wM;{Ls3i z(1Y8@^Tk$MRHB09i+>0iD6iRF&VQnQ6C0XZu48Dz>yWz5Lq3*~htfAd9!MJ&cJO^i z?f0GXI~v|lsNq1|(`bdaWmMw_v*F_;2KJWZ#gVfR+|y%d^a{%h!8-D6VdjQOoC4vuUb zl`RXbhYB0u$1>D~C9*iWg(wn4mZ5^$ejPj9hI}2UM5F7Z&z9WBt9h>da_Fw~?W?q^ zqt?$7U5?X3mq{;r3>xX{fk!MZwJFe}yqoZ}!+#&_ z2jY?RJNiqSzWA9I!pF}0lyco{yfpu1t;38o+ZmwMG{=%`?Uzqp)HJg$`Xu9B5|afu zF<+}=OU+MUpA=7lG1#=cjGdc_o8;ph*vydg7nPfC6qYhNlmK2TU zrPx+YTM<}aK5baBi{U(9KU+C3YF!`Qag;j4HfxLqTYtH~p;WK&NSbTvc+Qz~Trw^@ zu`Z#^*_fah2A2Jj$?MC<3LB3pS)Lq}`LC#iw6HzE^>^qGYTbWU-GH0At;ZX5QjXKm z-xkmp@P;g`4;|LhW}uGmh8y_JIR?@M{{}qZD{YQWp_g?IzP&+N=zj+9?T~p1a6uSp ze<1F7oWx-4yv9d?_U{ zNqzy-SlJc%*}n4n3qJ91qF0O?{HSl95ADy?JC;3@ev*BG>y6BxxYW}6T4MFk(9-3#cOs$)f#;c_6Eyv>4C~o5ac&FBtNR!MBA&)&R=g~<2 z#10+H@wztzcb2hfJXsm<<|Kr)*`K(ivP+pM#bk!wpv?HWQR2|EAO44#=g`9`$B*qn zHi%pMuzq=DyrA}d;*j!{a)tDhR{=O;oJq@ClesmU4g)WtO;@4`i38z5FX0>wfOK0PlEwV&i6+b7TL=rKPl$^Gr;-QVMNfeb zXiDsdBJ-DhI>p?$_CtIVk);`&y?Kjcwf9gk^T^cWSoq9rB z8^`dw+x45}$LS9J3u*Zl`SC6GZObKXGx_pI-jD~jG}?l6Gp)|XQb(-JOS_D7f>ySx zee!yv$JyCzyGcI-X)~Tkqf8I_IoGZGfj#;QGVa|}iMAey={fLqZBt28yL_u$xDz(t zhohxw8F`+8P9DqI!N29~JM*Ojao6&tjAyF6i6{Bf-Y4puY;4|>Is*KFi%W~iA#>;| zgw<)kbxPAjdm=hGZyC=lPxjv+7i16}iRn{yT{Li?QQj3((HY_@Hlj9dRm{9yu)LIT z=o2}CWo_keuNPUBwn;Jg?G4Fxw43{7+bUiU5)0Ppwk|^Ir%z=p?XkKOZ5OTcSaz_- z0&6L7T0x!%K;-*P$3L}B!wFui9!%2YuuilzIyQ(I{oLpnSCFSz1Sz%uX}aqcPZ}I-pVDp zt%JIUezGy{huwu3>U49slkIW8jbrG}x9VO+yoy^^v)wV-6{jhT+PaCnJ11k3;~!ow z+>|jsHeyVq?>fn`5AV;jC1p=t;;e(ogEMG&5`yH-mXBkM*m47(X8!YvpoG_S2s1rr%%x>6d?sadJ#Qayyy>i~H$Xou1*M`t6PTLH}%B%#(-X?)_tfkWS*6j=OIf8yzpSGSAr` zds6$grVEhU_CGzPdK`CewaHq+;;CGmXEP@GHezB@_m4i+0Y4cdb?!WKt~B7*_C3Wi zm-HXV^K_eA700KxI)A(qe+$u&!{6z--k%ch%IP`Ze^aTzZ|B7PS5ph2>9y~Ixu^a^ zzw0I?{TJ&_C*GIlpH3|#ZVOMRR^yF)nEAd$_amv*7x|t{ed;tWhH^yTc=Y+}BJ@z`HmC3@!j?xW^S zzeqP+yestkrAN1!5Mx% zeg15jXO037+PZoDxLs(V6=%xH8ou8-ZSE)hFI>m3{| zq8ZemA2rJ={jEquTK{c9_y9#3@UC9Lt>;h z(t6<2cvbyNqnkDjVWZ{v7}}RohkSZ}+&@2tt@p|B$K(FJGLW0#e=hDX^`sL(`0uDs z`eRWEj&*k_D9XI#j+Qu$?Uksd>59`}aXR@(?YcuS+EI%88;`g@pseB`II?jdb=8i8 zalehdt$8%>tqrhaO8x%Z8uoWgAGjUU>ct&QKl&BFgRubFkC?+Z`jKZben9$-J>x?- zSrj^^a(<>>>7UwwHVAa&slD<@f0Sc2ymLp_O)v~9FwlI4btC8fbEtbTz9Z{>_#6FT z|GQboT7QRq>_bZX^u?Gz`s1E<$bM&6F%oG5eTI63bdV><;200auA^tbmuu&qK^WmH z=df~r$IuXU{4>)Uj{9m$iN|*FTyY%=LBTEO&A|$09ejDt8xf;C)CEw(-uK&)L|o1kIc8#0g|_8x`Na zw15#3qP*mM)iEqddR+T{ziWBs(^y?cJ$pK1X%b%Cg2A;-rZc~Lz6P_5BY5pQNiiqZ zdmCoGM`FVO>>vMLhwxM!ZvW8e$Y|dH8o+t1p+t9Dd(*gMtx&*ag1GTH$EBe$793-7 z>wDZfA;gokHxdua5%lEub|XJUmN<$#MPGmKQY}rw?ns&6nX9FV+aBe!v$K{aZhwqs zpq3_KgETG_y`;=$KdLrHZ1K(mwRAIVkv%zJ#b?*l`g`pb+xppA(k=zl^z5@RA94OGT7h4QV>!nES@`?9V`J}%R^EI$mhUrL z_1R;!{)#OrI4<$ov$g&-xVQT?FQ3b3{7)Yd+YvqetlE;#pnTA#JY6vNQ?MiIW;TYh zppwF3YT;)6s?RkWKiD;f|6B{+?XXS8Zx$Y-g)Lf3P~Oi?Xm}USy`S!y$%AvpQ%5Bp znX}U|W|0e1KV!<&$#qEiKC@rP6*+E-u#r!9l|O7CXmQ3B{XcsSZy5(9-5jE}c)GQrxy-ES@%Aur!Q8LpSn{K7)16v(eP%L!7tIo0>dCm#@^6r4 znRBE(f)~r3;eHu?eI4naS%3Y(SxfthYF?YI5gB53#itE+Nc94F{<*`z4S7u46r+uP zA9<@~WM+N%hi4LTGMwrG(peKX-JM&4zr;J6%q7sT@L?Q&BD=_hxJ)kgvDi0|I(GLu zkxAB=QXgHKyluBS&Efxa!DMd7yEAV8fH51*RyXfHr+mfEL0;E3XWshXun+z>;=ymV z4YB$JW$?rg@dzK(3qphPpGa$*2K5AaI@`!Hn)n6|@o#679X;)r_>1j8`E2puGQVYX zGABqnX_qft-Zy}aha)N7AL`fj!scUsm^^rHiqTph8nnN0KlHEvj7wlEQQZb#2g_a`!7z>RXJY9a!1pvBVtV;@ zh3XmB%NF~J`A_nE!O2SW|FZ8QC-W5v^ zqMK_i`ru_=wCTYL7 zCayJe#Dz3jT#h&GxvbyDm<)K;@ZV$n@B0_P(7YEL7}pJ^ zAO6%M*3+}$C4QI5tJE&d+l0=6UeXEuiDUnoyr4glzPOCg(b;%;93a2c33z+EXTQ_k zj34ENdKu&SA03zZPX9lc#3e;{VCS%Pwg|f6`$an@pety1ij6=!cE=&becoBa`qyfB zw!AK$l6UivN0MJ_=ipIm!|GM{PzIwNyG@P_#^XaZJe(dG585MN55@Vo^fVeD*w?u3 zU|v))dM!TCJ?dlKl=12M7xI}fKHH7Ya19@(mw7guJT9LX#?p#($yzPgT-O$sa+8gX zQ>3f5vJUQ&Cxx1LnV#8nr3v!3q0BYM_`!{J8spJ7ODE;(ylS`D9Hzz;Uj4 zet0?-*BRscdg5}p6l>zj%^nxqvvJ#kdKt4-!!oVn>g7M$uk|w8>rywndbW;rIj|56 zv$1?=pHa@Vzi=%^>BlzW012E}ltU9N<;Ss!gYZh|?pE+F8UK&P_&0&Jqat%SJd;^$ zKXA7)t?2>wHDz68xDw|<0Rhx6T{+ zxS~HgPz^W3zBdTw3BL0;SbCthiL$psY1!AYewa?(K}Pvr#QQXGy7bTxGNTgx)@hY< zKIjGi%&YzeZ6G=a|qz8OE_ae3g{Z7!d!-9Q>?gZXnd+N-+Y!ytcQ z-+fz6@Br^xdFl?BJXh7oWBEmX9^VF&&*3{8zYWH(zJ^~LzCmA;mg=|TbzX6wA+L%GYkmKhXn^bN>waXUngd`Ga_U zx;33*^XJGP(LanQs4gE>*(~oxN2pJ7rVke0a$V$qWB(3ggLj{S?wzC`)>8VjLA9Ut zC+z33pM^Z+_y)&=Fs1=oJ0I5_RciAHf6}bEhGO(AjT0b(5V_R$=uG$zW2k4t} zt+=f5?(%7N<0ZQ0xJ$=b7&rP()pheZ4JYlvEaqItaCWAg?r!qi*caEgdwEc{c>!_asMeWU|GQWXk7#?m%i;3 z+`q{3fceJ1*h(5XOCe4qbG2VwVQJ0b8qz<&c+3U6s~xt2_m9z*cJv#@DC1H#u8T#L z!_7%;6JR1`MDAN-8eZLBiN3g!@ygjzu>dC9dWl!>IE%&2{ZP)1Sp49Db4Po}H??le zFc_>gYOtCHH9mOpENH|!F1KXJcPx)S|aqsGZN zPEH~2J=Hr|Xal&<*ygViV`o^y;qS8ZXUyzn+_DQ`XtYQ70sPq!iMyJI9g;UH_fk)L zXO7U0_mt2;$w_7<^Og0uzaNZc6;E^zabK?wYO?7hqN^^9Z1?^4ZsPg}1ltXCuIx)sS6$Rlx~ZRPhIt&PRe9E$_{KSl^JCMNne z=UhX&CD%W=aU*b|t~p*#pBcYkyuBjlCvYzAizk8QR-`TK&ydk_ZS~rLm8x%&#v441 zRc?;Or&L6^}iRYbGR-91net^$T=Xcr-ZwIEyMixc~Z=M_aau&3Ue*`ZjN+ ztvSk$&{NhtJ!gFo`f&_W$~p3bx+Ck8IQDoR-_#pB_Xw*eP*3W%5!O4;9Rq(m%MIu2 zM9)q9%by4K;w&j(`N0M}hj6zJbmiB8@2{Q5T{KxdkZt-B$|LOT+HO4iV4KfE_Ct7} zQzxc$-Pze=6=@r@tVYNuxvLOq9yAE|13Va;J8=U1IHt&PIVnf*NBt)C6U#fx zKkrNW3EWt>@m#_(XgK!FwmNmJOuut@12^9N$hO;0z>jwa{zH@D2S2vGiL>mJhda-W zjHs8MtTgtiaQPCkJ=P z#67LtyItOguxZ!^$nf`w|L+m*@3-rnia%P1at6Owj^gRZ(*e3JJS{kX3UOToEylK^ zg@?6HL){WBtjE(-Iq~zeroVWzj8!(^SzC#&Jcj34*t!*XU#dh`p-oYb{I7?uT+Md@ z&td$27MM(7pA_`sx<(zB=Q=yFMQwOP7OrVI1NqK0<7otzYmuIdz+@6>=)`jXy0#6^ ze(*s&lNWJr@&(){2R-}%?CqK}&`;>$2jIR2Zfg+N2O!^?U7%f}_o`F>KL8#d?0|kk zwzWv(TF_k8ga_%lYAgKvWe!Hp)WX_5S7uIpZyNekz_VA&Uv#{3;_rs4{?R_<4`jrd zZqWmf8FgtiAG{W<@HCFszv%smL&&GoI47$f&+Fj1`8enx-y~=^A5vSrUOa2@K&Gea@t%}(-(+pa$H3>|LpU1|ZW|HDr+{Itt?J)^dk?^?*8Tt1 zH^)h3>~y-qei+BRBFr~OlM|Kb)5vR#E3wbX`P^tn7Ec?VZanbEc&7BdcOWe0;AQ=c ztfM)C-=~sk`b;s*ZXbAeh2z3YBi$9xy zJHq2UTi)9fefU|t!3*cqvOgMaYQ_V-+BAUY5T28GVBdd)y6Z=$D<{q$gKnhePX9n7 z&bsWz(}D*)22f50wj$gbJlkPYAj?ybi8_Qne}ukz^bq(R0Nv0^oac))UPix8d^dMl z|5?In8#mtO!nMi2nYT0O{=6P-FU+wo>K<_oLg||x-mY!M6R1}?uE#dV6zV{>DfpXh zsKnX?w)23`)EPY4NohA8-m5$~Zk0(X{Xg}?A8A;P{QawXeM>(Bbr$IsU>uVE#NhBg z{4S~c6$np%>}pj1cJYt?JS*}nYdg@lvaNae47@Prg!p|w)yc+n zbL^iwdHKFJ86VPy@GW>!mFUYS?Tx(tGSc#8`X&B&2TQ_XmXAvL&ZBhZj`Dl4zoi>@ zt+&X>0}nk6cko?<2fFcP_Br3gliEm+zdD3%gZnzXoAI5ly}OKiX4r-&G5*l@*FE!c zri--Szg$pv?z8acQrW!!msJPsTq+xHnOXkg?o(h(Ra=1|x_0yAmD2^A+gWSEli~$jN!{=xFJ~4}FOK(3vC9 z)vsKHe@4gG^zI;Ly+2ss4&eoRaRm8)1ao_-YpeJF92tOHH{9e8R|TM}|9IXV9*a&X zH$5vuK>Eecy_=kP4Cv?mXT7=M9S@}fHF)PAJ>O`8)dy0 zYMOII%a$#}4v9WoOrP%uakW3Gdgt;9@es3F^zo~V0`9fC^wmAct8I8nczk+D%syu8?e&vdcW&m-IYAKak}FH-mE$0OAFC-TDme5HI- z8t?shAlHj~#W(g3Zfj$ov;G9l8G7`N4-P>`ga&Sh@vyvmoLpWC!K``t;&J%J^0FFt zCHh(yo(?>n7T&)Q&v`rr?=Z^`ggZrN-mpD7q~;KA8}O`w^Ba)yYm7%^lpRxI6ThZ* zPwF1_=h?@b>HuAX)_c;wJqS0}dFN37tf#)>0`LB9Qty3jkMTs^RU5uMtvuK#PKNI* zVMk(~^CEvi{T7*)Vaqm-9>KnO?h`x8@~`d~fHe=Z#Yfwn->PDvxC}EaV_PIl7u?-B zqd0RFe%PRb{fTG-a7^gvK+Hc~^>^oH93>Vme1>P8%DttVup>%Nq0Y;xqPr#CN1p{P z*Xz~KLTB>^N2i4!`u=$PKMbB>)&!%KgZ(Z&7vY&E!4o~06rw?5^(5 z`T9!dzLaC7l15_i^=`PM&i^{b7Hk~ed26_#sz1jvFt;?cQKCfR8J;##)*-_EKjSyu z_M2OsGo?m*#N6ji^x>9m(WkGUG`IPM{8J2j&c4$9!5;Gr zIgXRLIa--BuUFZ8+@O&;w5{qc^zpPbsk_9vNYX+DMdB4>OH0(6WqQM)S)s zJWsZUTn&1cBIbnbuBI4Ht?Kk&na|WK^run>F@FDhRpPb8+G63 zOAFlh#lEu$*ABO7Vt{zkGk^QJvh5ZxXi3jF{ag*g$^G2fCYDjr>0?$tB~M7Z7ICy8 zj*N!?{yF7AxfNR}-o4moE!cAJs>p_PpiihYY0|(Q*!eq~8iY>zkY6uYI#$HS^_SkK z_kB={q3u2WITSp-CDd-?V0=1%bVmB8GR}+s3j3-u*CF!Vh~^OX_t8}1?EFEtH(HsM z(1R|>;M2ED`k$(I;D<5e=-4_-JLHpm*{NfvOgkUTzxX+vn%?VpZmjH&z%psXTN)5- zeA!NGIif!J2iV+A{(ImCxg=lPH7$~k*W!u%k+E}xjbZQx^qXQz+;Uea_$am_d zp9^Z7VdvC@A#Z6%_|Q&K7uhG~Z@y)X(^1p8`H%;6#FBm3#940bkpFlrzFb__5N?L5 zNt|Mra3=65>y5uuJ05)<@v^M?wP@WBZ^JWrTTDv^+ZQ+bHjbqvq}L z3z~0J*=4;2qx)vYxxKsUMw09rdj}Nq2X@*S8Kj_ntywXp72y z+_^O`a~OT=w7PMAO6CbW@SQ_>!T0nfyityRa0+>RROV!~eSBK|ef`05pF_BnI^R=C zQzwc8qff{Ltjh0n3T5zH7fD}ItasAoWY`>1oH6B;A7Uf|m&ojYt^pSI<`ecrk8tk}MRTa9)q?c8N% zTJW4Q{l}e3(q1Eeew`n%kaBx7E*lx@mvafMt;UIAu`I#~>wGXK;BA?!$G-y`tmU8p zg6*PPQ@(7mTT)HO)ZT<_ttexH`P3nG|IQ?NVJLBYSo$(kRtDS}fF*}qK44D|PBt9D z)dMBlQ!{lIJm!;+`1Ot1KA;m;24JJ26OEYDLq2hR41>D6$4|6K{Nn$E3z~wnjZuMh4%*T1V@r^jpKAoFKx-`H$ z7EzZ)C!o`mmHa&q@&pfQW6veW0$DBwK#Wg!m5<1QGzyPWjT|U{J}nD+HucEJg7Gjp z7+%+|Lxvrf3y&*x25G!z3BS|ghx`dFJ0yOeZo%}5+!F)RK%bcw*6VJ3TjW|{d=J;~ zMcG5Tl6)89Sd>D(r&J?fEzi^$$zBNBu#2 zfb-efh9h=4>P?NT8$?$40lIg@>?d@9Jg5iK|J??g+pcXJ7YDzk4HOG|;t;}2YB*xV z@sXPHAhNoC!KJgY_RsuW?yi*aBo0}YyIaN9o!Advu*YnZSlVat zzrR!xzv!h2la*&W<4P{!wNt~P&b2d)wSUKv3h`Hc)iDL?)LP(3xg3sf+Smg#)1Tvz zDXP*OdWERE{CPnrtCfnaL8iX5>{@?P<~Xsx8*+~0ye{@C8S4(IqhC61a&6as(@O`e zT~!T_aAL3JpxvHLI(~Li+lbLiQ@Z8>^Nyh7{bR{HCr@rwOt|jh@1M|e1zpw`qPi7?!lftyz zDl0$GFKNeS3yz`a>h}~UVibMvS&>KZ((;KBU6axC&p@te>vKW}s1qCmkhXI*kKOuo z;R{`fzSj*p=&_9%aLtPJ`K7PE9>1HspWLCseyJN15LxOv04CZY7ZHCBKM@yfJ?{il zo}EH3-;|GebK5DEm3?^XEBVFr82An*v9LBe(?t6gr-j_2_ryr<@Iaa^JrU;mg*WG< zWqb?i6#EDoKcG+9@F%4|_$FGo!}G5+{(pVqcH(h97Q{+VO9&Bznvp-b;<7>M37pQmGGVaMyj z!ymZM`l2+jM|9wS9eiya_`iw`^3`-Bfd%s0<0WMSdMNnJTmCDwd4dbd_H3AWy+Qe& zU2h6c^jllwucri$2$H6u9UlW_(PwhyzWyvmN%)#Ak&Py z)ZunwKzWj1qD(Zv9sJz7A;Gjm^F!(r>~H(Y5~Y!E;K}vQ(S*r`@G`!N_{oPdQAUqH z;`Mg2DQ0t;;hsZ!t#3owYx^v;(d5NBBi0+lgmFlp7j9gO?ePa5)FGzN+pV02W!n7S z0O*U@f8>wwMqagTu=In!mwS)Wsc!v05LD%3`dBBwrab+iBQ}spbT{jCw*{$IUV=G! znGBN77$&uN2z^|}?N0Z9%gaamNZdrXQ2JL}TmAF^NH}f=c?9=#43mu3kH919LRd*3 z-sD5P8HPF~>Bwjw%dlfxpi%)}u95ftdj(tRi%n(Qmbr2Nzdfol2!`#l&RhG69dNIg zHPbqdc)_ooR-Iru;Wm!qYH6E&-}(!ZH}hLtbA~5z^m~G0<33D-D=$uWxSrqZPK%~7 zUPjRWkG{WF$9#yp*NY>dB`!!W^;*Wtvdzof)O*m^iF%i zd?xm%hYZ8Ce*f*U{G9{M^Ir z=@A#l)TS?KxpkP+7MwwN?vgc^*VL}xgRBj){zkp( zhS*cMvs}sEj|=L~{U@$oR~*xLOfbf?x1>K2$cu@6%xPhfWHoQSEXaHJTlB42^PTxm`|HPE<9f$+KHx<;{x$lS(Cc={Mm!Mj8`e9> zOnV`=qJVb?u!C-h9#U551IE+5{eYcoW%u+}TZ8j=S;d-rgGBH24%OuSP*@Xzyp?>! zI){jL0OO=hK|f#muM+kOy>}kY73Se|5mR}zbA8tdZ)ttO4AhyJd?m2xry@H-fxF)sN zq*c3Bjj6yY z?;lSnZ|WLlP`T9B|MmuL>yxLB=W!NN!U|SDp1y2YzxH7!AE-}nUN?EJ)^V$IEZ_6- zq|^^WN*w3bOB}#uRo}*CvzSIYjp=&eX1+XduDoil&c zoy>Autc*P{&i1v$+5?bF?7;?vMcSmyARTP$NST40l-tul$A2n^H`W=IE!} z$xq54%`p=$vYgK;&pVC^9wLt;pgiYk2atyWbKXb##AqqQ>N^B^V!_XPcn z_CcP); zUKV#O7#$MO$@3qZYtxH$MYZW=c|v+;q!YL|kh&1OZOy30g?w~%kkoZ+&ECH; zxuXlBd(zfL?AxV{@_)KCeit9gj?Bx|%Fp)Ok8-XJh&2yvF3SZ+dIrw_u{w!$pVW^N znjSw^1|5@nX{WYRD2wa!OCODxIF_a(KW|LPmaL!AH~BeqPk6Lg{w>BjQtaXy;6ycA ziP(QKYaR;zF0LXB74qTdLlW2QZ7#&abRj;e!xL>N)N`z34GbNcv-14&lPW*g3UJ?v ztp3*Oyh!`~&n@N;9+sKORTeis$oTv?W&`40U**X%Ep5tnxb1`AQT2CWPc*?D z;VCc69`>h7c=FIX8fP_c*2;8n6WR}Uf9pRRUcN0fVSG?-{rqL4%Hhfb-XG#63U{`nNXr{RvY&uF(FfjwZ{z?X8Pjj8zqdYr8_UK*9H zEUS^|R0`*G|6(8BX}r;QgguS^agrWYI=0(>!FC(^QvZN*^@{_ncVw@IYt+b?^e@hV z27G?mF73An?K;rL>2^q2`UUgR@w!NVp|L$B@LL2PEAYnOyiAOj(DEW8UFZADCJ-2( zUv~Bn_H1e`J~4;|r%V~-{3Yv4oGJFpqb^rqCqNH|!`()RK? z#DTQEytkURB%P-1W!8Hp%gg;PZBoR?`rw6)=aJ|qe#WtWx!-84{(O07jL(75{BUb8 z_LStuM2UdS%V*&ac`miZ|Z5uLm=Oa8xnp-M-cyp#j2rR`ED z{dhHpNF+LR$@2fwk*Z8FI>Gr;EblM*ym!37ANhRg*v$O8wB6BYJ$Z@keJ9J*IBrTb z{4Bp-$-p1@yn^zpWej{1bedn6E>`)x(%|qJ94U;;_!HI`!5_N)3iBVby@LFAy7)>% zoKE?@(h=j=zd669ceH1W8*CE{L31^DJ*%{@T!`^Z(n^2pm6$HPa>$O2P3gN8Yqfb# zauKX>$UyYUCA{ZVqF2{~=WaX`aI-L;*6PDo&S?C!F|XFIXiIsXV^{_cKe~4rKk_nu zuhzS`NvG+4b!Cj#`rF&V%P!h$y?Ho~Eld2n2K@HmjsD-OXJh=w$7=4eKUpN!dO+@K^*MOgDKQ_gI3~)6o``Q`NMV zQ@h&R+S*EmJa2Q`+{zmoHKEslj`D+79ol;)7wD6;$d_{JFz6J!a_ThYDwVeM#PkJn z)#X4_k9R-h(mI8-j!xvNtFQ8@YkA*$+S*!Hw2ZXe*3v3;gPTTh1$Jv+Kd7kF<+=ji zl<#m=zPgqqE#<502A#=QH|gaYD-~P&F=&G=5b)1}?g-usD&=|E7{5v37o*+Dy1iVt zKgM&)70O*QH6ZJm+sc>|zFy5}9N$~mt| zczRl1VyPDUWJ< zuutoy^8CHH&=$ggxxu9Go- zm#}Sav(U(HQus)jO|$&-FNW3pOP)@2B;5>uOJ8~o&I-x%mSQQ_Sd84mvAA-&02+>i zN&A=EoOmZZ3`C6qhqb= z!23C?@%p&0x=*=d8t=|pp6|-x3SL|m+q{;0iZQsE4Tv5@Z@+&G98>!!2Sc!bwIMt+bQXzpW9 z^VKDJj<3kS$melF4)MEB;<(3Yu&o61rZv@9;nDUNPjih7k8`-1&WUxM2i>;LbD09pt-~FoK6=;()T8eHA(sRYXqc>yYz6qk;shs5jL?g)>qC9 zAWdmJDYy-eaL-VAk+gy6CT)9l>%u4P8QMjOv4jpw-_;MWzhIi01F>SrI7POrWGm%H z-k!b8{3r|4EBi=0>6y@{ql^1o}eB>@02U-#1 zRj-$ND=W?CIrwnzy71y$mB7tW3tFzr`7f9Z!tZ4f@a=_f{bUxj$ zo#L2JEd2jEBxinVd{+t&S*6UpB5{9R`KRHl`FDku*EsH? z19Rn{g-_()Rmwv%FrI&dJP)CK6`CeizRQaS@V$e1JBWGOfu1oPk11c>2^z5#a7VU_ zpS7*7_I3n*=;6 zeY<*(%8aqg^3{7Wh6$Oc+t3$2k8j3@ax3SfMeYJc(CNsr1iSbv*|YQYytgt z8F!Vpm#eCOj$UNbHr{;?J^1iLYwvG;;6ZfXiX|OiC|~1ksq=s6k!~T_Deb#!mk%oB1)UFDzekSTVe2ZzWpUWM_eUdh&|}(6cDZ*POO6N8(|e?ZVhG z&-yYMuWb-o#XhrKHU#F2a$YF#gx`eN1@*tebuD84#C6*0Jme9_f7M2zLM{yTY)Rpc zi=&`%HW0QFYnP(#exs}MlzBDU6&c%~#<RNZ9mT6)_wMLV_Sl5$aB@*Nzs{WJ7W1&#m>qs{8E*2_JW-`C*zaapUR$x7y4b- zO@eRM`RkY}`xDnSoBwY5^L#^`J%IBKbBS;5E`ml>lhps;W9$e?c zlW@gbb?|z;s4s$7i}!TL-&7l}(38>t_F2Pzl+X=wr18*A=F809H<+!X`zObhwxOj;JBE{6aemwcYSy zFHrl0IpjIpJ-+Qz-B(dv=eEwmE@ID7#udR7x)9el*d5wP$>W^SH=wEQgCyJALbt@p zL^{rKt4#6s{Zy7oLE=&V8cu0iV*RIb!)ankn#9`D@(s@l?cD21n-LCW3H6BbC{@Zg zpv^mDFV`{9P5U^|nb!QeVOsgmvA)!;b%<<@sPNXcrtCOsdfwEYOpoaFzr$H|!uM)d z5M&+|5y#GyLU~2rxwE{Y2c=*hM< z_^WN_a1~mR+;MO1z8l#-z+48;5T{+iT_?$X?T@y6HuYqse52L}w9WGHejZ{k_nKr^ z4-XF(Ikq9??nYM*&^8B6)h1?jj|gQH{exUOcaL?VJP*Li_>EJVFM?Z|9*7@0AhrxV zC1ZMD;+%7s`!W<8C-(V>8kjcZ;?06Yl8} zHXs@88RFGDUWB>ZIHJ1nW>+udkYwC@$$eC;zoia-yMA+j)eoWb+?(nBfW33`>uPQI zmTj`Pz|=^61B{@DxDTak()#SjRSQQ=J@(L*!Fpg+TQY8POD7y7oi8|jUQyC zob|x|#38uvW%?NQ2?_hwCXr!g*bbE=5f*u^VTUyAhS|f4O}03vkGL>>ODXGH_edC~ zcV?WxkZDiEIpxAXq2aCk&l-L38|9&62jN`_`Jcu9dt^#_!_cUaY+c&v!T8(<(1zuAXmRDK9&K^ZTbO<(tq~ zyr~-x%VpvZZs~->EFYlROJ}P+b><%5aG$`l9zXp#^t5Rxq?2&tAKHd5iGA?*0+erp ziO@D<*N5-#dgx*8|ErB%f-0H)|IYp1L+Zer4$~b^>fw(*+_1LC7$&a3-ZblrPTr-c`J>sD3y`TioD_{YAs#!=3lPxb{^ z2QV*udv*imFXZ!jerx$=mKF9*j?ldi#}mpK+2y82bH6C`(w$-cG_h=h{!dtU@eC_W zBxCk^1nd6FO>0aR)Y(ig^rO7=+1MIjU{9TOvdBIy$HV$1P5s6LSdrF`)u8?)HhkzV z^H{rL`AvVMHQ|35IpTDp+wG9I0T1#;bi7M-ysEn+*h9#~YF;;)UNS7{z1}g61xq6_ zvb?98oELZ$Y07CB$$!KvWyW+++?JReHR<)Z!5wnSUR4u503iF9})z9gYM)Yy5@vWD!5akCQrJZBl;duD*xO!Y2?61zP+Dx8YHFuGsiCJ$!b~f zW5OucE`O)8{vMa|t(n*0UF|m~#}zNjpZ#x@{Z=g>HS$XT{0;Ey8|oPxmNIbbQIoex z(#N_(F<6B5RIAW|0DcXzItAqn<7jHb6FAr!FS9G}YB1iY13cfW$k*szgRisC7(?)5 ziSH^XPtB)$A9|?UbR~0Op4p;>VMgWdOkSkgdUWBrD6fR*lSjMswu*4*>J zgE2ZSk2pnL+CcBFmT|4eq4T^0g8O#7&UYDhH~6q|rLOWuec;dcxk9grcI^b}I&JiK zb^>EyE4I4TwIR_sgiUxin-%C6ECmhQ^-{-H>2ZSxrko4oD)+Hi8gG15Om6v)EMo;7zGaMm^7&WF2n*Dw%6(ZG zV|TN*7BPvlQ|h!k_F2B>@W!~>T}vu*HUe~5-^2=SF@L6ZENpwHhGm_^y}Y+yu(Z_C z@cDHtTE8|_X;{DB)(yVX?xiNkSX3;p@Yz8wM{ zvWNGe=AkR|l!<$cX-8QeIUgZ5wXJ%Vq}2N;m_*w4b<@7khH%{dxYCe^rvp}U zCN|<=S!Y}>?r0z4+MwlM>J8M9qy=5n1zJgWNyiub+P#&^hrC42>~K#3>)Qlwv#aeV z4eu^sbjtJ>Hj(y8vC=TWiuYT48;CJF@Z!QnV!cE1{a0B(zy?dWh30SJ&_|d3ak2!0 zLCjvh$I6`5O%ZLM)MYuyvnICZ9e6Sw@keZ7E>#EF%D;L6erN;Xp6nB1M}Ze@oU}!L zrWk8G2Qt2*-~L?J71F+-PVug5O(Vi$TqHWsQHjvr(7t^RW6~y{@2ZsVxrn%scPo*{D`&_BwG-&Zrv5W2shOUUm_`HePqPA*|pvLx0P6vmbOB z{k^;2{89h8J}z})^>(;Ze#m||(s=h-e#igdwk!TU+i&oZd}1X`|4JF_{K~6<$=&Dh zxxnE)Fqj|f8N*BuMo5fqCFsy!Tvdt25#^r~O$?ooD_^{%QM(b7HGI)m_>uuKi?v^wq=z zVYJ@IZ{VzXSt)mPAS~9YtUih76#No@a1*^qIM#fC2lX+PFBbZTd(;!*P3PHi~PTL5Bz7fF>q&m(|C>uP0Yr;cDcV-^Bs1# zR%ehVvZhYV(eAi!iTO*pXE&b#_=m9lc!=c!&QqXyGs?CR|KL6;KkyIRg*J^~au3sN zywe;b0_a$=Zxwx&It6pgYlZ?|FZ|q<4AojM}kbIqMy~W8(=3&$#x; z(Od+A=U&U&p!;?U@9Nwp#(kv!y9;mheWX9N1a%SmR~UCKH)4E)^ZI^lY?}2H#vIAj z?Ad)6R9=k#mhVHqQTv3;`vx$1If6bR)@As8rNSRPxyKTH-sm?DAWmYL24872O-lc= zbB)URbM#ZCUPO92_nIH|!QoR~v*F^k1`z1ink>2=ME$Q_Uei!gIv>Yj09xpf`Jnfn z)_7dM9CMAmU@m_5=hRR8+Qp5O^a8~c`bEb@Ay*o3h}xbE|Uz^ z^rh^T;_@qw_??dUmM>-N#jDv7-|D>H^`-1J;`MIl)#AKbzw~@&*$ZudTsQAz-Tb=i zZ>zhmZZXha{zB%hnI)NJnYU%$o>^A6IFrk~L*6%Mn&kZ}nOo%DoOzeL-<@fd_nR|s zk#~LO8hO7d(g>bA@sHx*y}ALvgHjgBqNy!VAa&b;S=4>C8?nfD}LV7cOj zOns(3bKBQ4ci`)NNM$yKe4@jz!r{&rGAlCgdvS5*;YS|)NDGSlyt>5;QG;>EY290% z&)oGw=8k*|c+l>F$ zEnaAC_quH6ip;__b;C>7)D11I`!q}2$`>*j2Ff7ncVw1luK8M~eX*QiTi3975v|e+ z7W=yF^{K|^GHscw;V<-=^cc7;7-KO{y^XOvj(gY9o2kpvWiMR@;x1RfWx?Y-D@G}{ z^LwEBJzscijPYm`9^PgC-$WgBDGW|<>_WM$B$vnaJF^fUSE%J;TInU05Fd;1v4|#1 zZvN4*3+k@>V-|zOX|~e5+u|!_&R}f3P%74Cuglz3x8%hPE12*X5C{ka1Ofs9fq+0j zARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka z1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%( zKp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m z1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5 zKtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7; z2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;Yn zfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB z2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9 zfq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx z5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C z0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM z5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI z0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVX zAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO z0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0j zARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka z1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%( zKp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfWZIX4&9?P5JUk0eldoKHd+dT2-b^* zrH!{p8;M{iWVf(PVc`YrJ%EK*@CKVA7LvlkQn0bG8z-(V0l`8nzkxS9JMU+gj{pGz z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAVA=M1X8^>%5jn7HqGkIzfMi_*PFlgF88InxXf{t>Vx<6(5)A_^w>L0_4RX(mmF_t zdViE-Ct^J<_x?B+%8?nVi@J#Y_PzO5d;lE*tp)%9 literal 381488 zcmd44eSBS2mH)r*&CR{H>C;V`rngB7CrL>vB7NYg0+J&l)6t3@MTb$;n-;ZV)qWA3 z4ukYG4W(km5K66xdYYC}8Dv7OwN@n8Yo>M_#7w6$6_L3V#110HQcEal?(hBC_ndNC z%6$EOU-L)%dZp*Awbx#I?X}ik`|<3%{O$8EkHur=*uS`m^ByY=TFkko^55Oy%`q`E z!z4|m()qheG?uP%aKMZk5?PABv|ch^T~S2gU&hOx-I;M>5%^4CTe5JZw*ps0(wl)3 zA-rLpG50R8bW4Pbz$=6NbEd~O8(Fz|U1_yfS_N8tAZUl4)c13WhZUjh8)2>cG<3nTF5z!yc}OMx$rz?T5O zB?4avd`Sd8AGkdN&jEHL@Y%p`jlgFDUmAg1f!`K^n}IKjz^4JfJp$JQUmk($fd482 z*8tCpz!QM~Is#V#zas)Cf!`T{3W;KMwr<2>clE-$vj)z*j}!M}hw?0{;y70}*%^@CPGs z0r=_&{4nr`BJfV&4@cnbz#oagTY+;C_yORK2z(##!U((>cu@rI1->Q%e-rql5%@0P zk44~hz#osmJ-~}2@NK}Kh`_f3UmJl}0e>fT{>KP>De#RE_!8hRMBod7Z;HU@122!jbAY`Fd^Yfk2z(}RX9R8qwtcy9 z=(`!XE0TU1@XZmp9(Yv*t^>X$0@nbqj=&RuzZik5fNzb!N#HL<;5hJ_SK-N{z+aBQ zM}TjOz=wgq5`hl_cSqnCfNzh$&jI&D;AesFh`{@S*GAwcf$xmKj{~oZz>ficH3IJe zULS!U1^!wD{u%IH5qKBy*CTKN`0fb&Fz`1b@J`@wM&Rwh--^Inf&B>l0Puzgd>?Rc z1l|n1F#`7jZ;HU*1imK%-vzum0wte6fop(wN8ky-{~Cd-fPWT&lfeHL zf#blByb9Nj0{=V$9|3+e0v`tcMFc(wJQ#sr0RHy~{2cI}2>dMYe?;K@z zz>fnz7J(lF{?7=!2Y6oueiZmu5%_1ok4NBLz`u^b1>h$l@Wa5riNHI7pNzoUf&VK4 zZv`$!;0J)8ioo{)?~lNnfuD}Ry}-{z;BNx|HUi%T{A>hX2mHGT+yi_d0^bJw-x2s$ z;O8RnD&XHo;7;J@Bk)bYe~7?00KX7{KM(xJ2z(vzPz3%o@Sh^^wZI1>@W+5(jKB+l z4@KY)1OGV!e*pM!1b#p8OA+`zz{3&v3gDL`@H>EyMBvMTUx~n%0*^%COMs6?;0u9A zBk=jar4X)YKXg3{1t00ma>6Pt=R}{>K z1)U}rD>xe#0I%%IY#d%WBNrFVAj1ef#rqpi_xsiDhd$<-#J295rn$4cGOj!0ILk|= z7cL@gQv08mbx-M7+*6Y~;F@XA%?77D=LlcZv<%$+TkCR%EL~mGYUrK^SM1{*9>3|% zG@FnI_{T{fDwjF!o8(^)?w2bLl*@f{`=KQ&vwKQY5&Sxp73AGQzF}}bQ@P5&wXWlO z;4i~tM_4v+0lE>Mw}?lW7xyc-7B+vIqOF(nO33>h*d^*VUS@H}<@*q#g zxIoS&$Q_ZhBLgpA^$7A_L*9L1Uh>tFzCO^;o#=XEAm?K6J)~!=FKI8KyW6^JT1Fyi zUm~rs3^&OZw*bpdUGPXm=vIKA9-;dJ@C@i~IH9b+2Y*(C?z6zNpj%pf$*ic&J_Y{V z2;C=u=R)_fYGb11E&_jXgzh82E_7F)Q10J>zbr!cKHz!Ky{GyT6D{}M;O9r^-U++_ zx_Kv*`*!eGM(ExOd=+$;oKWsX;IEF*T>zYe?%e82oM^eT!Cw=hdlT?t=*~Q$+&1t_ zB6KalOUpKI{2ewQ!bYcszKtxh)zstLREOHnkG9qLVp-OQNx#&N zoz~)4 zWY5oysp&8Ms>}Gbfxg~B-rZ$=HC`dQvb}8?E8%liP{v`X*26<4w{$E1qjD){DmgR6KJw>{>~II` z)m@q1b9<`XnC!O89J5#U1bZb#hnn43GRRXPPxq^N8eSreIC=CCc`}hae*%AXkmq~k@gsSj zBaN7O^mpW`jpTU-{53(IE#&Eo&O%K^U~XAz~3L_Ifp#CNFI#``^fWA^309Mwh;WbAWtiKmPYb?khC4- zxr(+QkL02M&pj06p=~&;BYCbMEl-|zQcgIwkZkk74+MF}k*7P7hyFjen>_0O0~=T! z(EsNiDd(v#k;jkZIhV9S(w4ZUewcVy5w(u%}WSMgNwQ*<`H#u=o{iKIW{ZT6KQo?|!&Mj52Zh48>aFZ%lD#V8+6S1n-=(FujAgP4_ki+(16Si$<}F z^vsSa%~|jR<#=BIgA0%$kas)s7OgyWMaDAqzh}(Q&9e{MX#vf5pc#(P?1yHp${uzW zE!NXDRi8WJEX?bD&{?`CzVgTEepDxkX?cq#B0(J*FE-+*o2TP;0_ zM&k|YRY_iS_1>|vnQ%&zY`|$`y_vH6fXm}^`e<-JK(9)>DX2$i=W*b+M(q4~-m_s| z@?=QA58P^G`w+5?v$D=uxQTH@_Vx>%EV3@5K9c#Qr_h{|w2;dy@BA zJQFJ+~{Awi!qGGAiFgN*HxMeT=g0saJOGhCB;Z}*f%!=3zT zJz$r~HSTgYGzRYu?^&%2fS<9;*|>!9^K|OC!Zmfj8gM#ltJ_P&$CeUhdW>n(u9^OY zDfHdjdH2@k#~^1Vab-+dujU@~dZ4=fMQ;-H(5}E&%+4Oi;QN{jGzN6^@y(84){D+l>>hIsPM~6ul&NcP4K)w(w%bE{wrNG^)U5a0?w{Yimz=0HO*I%rv5)s zE-S;hrFp69NE?)1S@+mzeZ4Q!PW&{iT{L^4?Wwolhs!w(tWODqIsbImhy?7_+Zyyz8(>- z=B$SJl*)l;Y@d4T*AAF;z{jqcl7C-0UpS9U9wJZUk!ITEPs{Bypnp_4aZU319-f`? zcJ+U;xt@s+#f{|oQF#vgqxC(kJFQFk^YF23cj{qtq|LwTV4FX0C+~;a{P~C5`~|~p z{*|tI&$`Fjel(&u+*htc*UnTfHu!GW>YjFL*X=?%Sc@}Shx2+(tctd-x>mHmba9BQ zhmYdL9<$KvX*Oe|U+F?P`T8LERh@3S>uuQ9_pNWNSporLO2y;57_W~#T@mA)%QgU%`rwmPHP z_w)dB)C-6a1NcN9AIak*-E|uV2U592-f_)VLi(rd8QpbF2W*U<(j?jsK>H9hb}xjdZU3_6VC#PTcl!Fll=3zAsvfef zZ0wrKU#Y!ICXHc?}3c##$-{}Avtl@Z8< z{<7zhXMi$qhAyiyq{^bqhg9}t%CTjqa`349eo=OyPOh2q0`KKHFlEDIH@uow^A&&Po;8;g!o&gSj$+Z1ITfOxv|_#Ks3;@ZVN@*B|e;{YPoa_~r+cH?Z?g>7B7oLNQ{BSw13| zykDIJE}(f(IKiS3ZJDO|ZqchAm4-I&zcs(gxUszdW3OB%H%?vcK2R6^k?0D(=P4FY zpHI^lpo6Beo~o7)?eSgKC8wLb@8-hT^uN`=6Gzv}?&o1oY@NgYpC%sAK1zR*&DGWd zzgSHAYVdadPVFJUF9gq=zhv9DVjTF7<2(J`cJ6R!@!C}X2)?IwzHU3|(Ehu4m;HGm zem3O;-E|9#q|Y5n_HMza!#u--td#j`(ymrqR6K#6NPfiwdyz@BN~hg`%f8pjX=!@9p}9vii~)}*kLp@3SF}?YU$;2q z8K-(E&Wks5&fTJ8zW*%gbIJSrFfVzs;N}H7o6P%FynhTD=KpqWHRN9lZ5`>-b$8J2 z4wm(WUYK_w?|S6>p>*k$$FXlzU0RSs{I}OGd?b)nW%|+!JY)IRqImw}wz^){oJ#-D zM}E<5=Ba$}rJdBhL>}}x<(DdRGWboT>Iv1?b`c_PmZ*F^zqSO2+3I*_*M}7+~#P7;xi|sgd^>b(yZ%Fv~MZ@KxZd zYdmv$fU6OmYs?232X3K08k0!(pP-DtV@#dJE>)u8seWDS)t``!NYk1CbM!?%X|XcR zsOBH?&5*_=eG@iZCEKaYfcK^3pBKgsjh$47f?0UK=Ue%!0=l`-Emhi(S$Mae2aywb zXWF?iW4Tx3|DUgavv{O(#Nd&)6xy1%6;k}Q<&GPhZ%r=0UUFckHQzhik8f>t>-&-# zt6lMFWY2acowcwZfnQ?W_9VUF)~6CbZ<40CNhe`Lt<4YJj$ zu1XuAy|QPZamjHqFke|ljMkVThVFhX{~l^~Jl+o+Y^A5UY&0(bb$~{B8Kc*WZ{+WSGaTuW({_t#rqOPu&(P z#cEuyDD78t<-Hz#Tfa)vTt0W(hGHz~na}HeU2}fC{7Y?A@SSJ+ zN~;tfrGZbZjr*~6ap;=;nDW-a&+Ex6R(w>lsEjmYo%Ji77-f8PeG6*{q{Ax#ubGw? zb>n?Xn$vgp?mje2+y#M(m zJS)M!7|_Id|I_-7j_lJb{kLLo*-Z04{Htn(=UD%foh|M$~ zTXr%Yozz|`5tBYkXEo!46~>&YIEqg&?r{1B zru0ABnOXQg&-dhK>g$xooWdET-~B{)s(()p=W$%~uCtMkdA_4QZfap-|BvY}CZ=f< z$^-o{Yi{;DXU2=4PrOk~wdWHn`MgQ=oG~iVp2l=H8`i^2d~Sc~Mdj5WdGBV7sD7<7 ze?k9a0q(2d<`t&&Kj!%zCCbVQzjsRilU}bcIVSHRjrCE__ABvTLw)_h)S@jtsfPyF zGHwR`f?&x_{cZm$9!k&8{LwEc_a@5F`0Eqm1$+bW;;_sa^zllw=@a{(BKAU1r2=LmZ{6$3MJ z>~A{@c(ShSOyxO&XN>1Wo|%DJxl9-9o9y*ukn!}xNhe$Dnd;%wis^yV^4hbn#pmMq zT*dIketPFEZpDtjGVy_nJwt45ByKWqeP#Bu)BQ|mg7af<>NpVQT?K6yw85HGvX^wv z&u3T*iZd6e5WFejXScJLTu3^#-X=Ge>@Pj#ZOWZ4{ZeiQ-mKv?4NYzzF{<<0gsG}D z9ALtCyiF#~8IdadpmML%QS8cGto|)Qo#K1>6TSE_hL#=DdotkEHa7dLyDaLXeI$8q zgYGh|O_KLJ`5CSq7g2Wo^3su4$m@s)Hn|L#@o%#WT}9yv&*%@IcbbXI+QVysjuk{+1TfGyJ_^o zKA#<{OHTH!ng`4ByA5&LeK{T-S&42Z>s|g}eSvpywR_B>KJxwJUbAQ$<;7JV?Zp|G zX<|E4P7FQOccx4heJBo%rF~w8-tb9llT=?T^8@BT*o<>|N8|@F(Z~kfsZc-fd}v3~ zG)fOA`ceQJ)&l+kKJ}ByTlVFa96Xo<9Jw+-(^Qq?(!!Y9fc(7@I&_;Fa2C#}Y%d+4 zowU;)oJwQcMRO3RHLt2XL=0wqAyJsw|6{$gW@F=~e0ea{vV}1@ebHYpz?QUy(FN+q zwl|ylz@GKsrxF8X_t}h_R|h_!`R^8FoJu%VRiFXFrOo}#Y7oaV@M=<>*#W*%hQ z9DGg(x6j+`%f~F9JPDOc+6U2tUF%g}2L6NCgZ*Chh4cPlThf~v^m(blww5iS&ylYR zp2b=0olyt7FIF+Z7-A%SNN*gyRjB_hFh5}b%?!-*X&bJ^ZzrDer+qlyz+iHt zbl!-Zwm%jfGz*~JC4Hig`+5I~^ew+(y*bOeG3@kS@_**M4s&@YgB&bvtx!PWYa<%eul#7ngZB zw98kHy;~gg!85)GIl{dm_ylt-r=k#NZ=W=t(tUzwR(W_&2YD;@HoNAr=A7ME+Si;* zA6vtOE*LMb*BZhP&v&w{9d!S2W-h+RxYN8_*$4Mbt+zQx<1ugUX6(Y4bfm|Q?Hb>u zF`ifMH|CV%#>>Q?{*jeuI*qrmw!A9ia{jZqdsU_w!zU_sIqtOWtfQ_x-^p~Qb9No~ z`)3yu+mm_L173F2riSD6mtS#IZe37r1LclJ%AFZ0*RDB`w<0W8I#$`@rSeIu+DZAu zooU*y+%d6z=)v=ys=f)1E&q<0@`smW*uw7Z9@`_E@R`!q2}=#KRrF10FYQeJadca& zH&tVd7JQ!=Gx3KP^fkcp62rZTWi;nIq)MNU1%(&xx%%RXa~%> zkg0lrHcp%?{XylbZoEHr0^LKo|3uei|18;Wnn?S%K4MR(d&v`)BcBV)q1?&JM_rb{_XCWLi{$<831tqD z#`zy-khJfGWybqU_WKxceL>j|s7}z%3uNDL0-xQaG5@i$Zw&e1C-yre_{5%-5{&g4q(XsOh7ZqcdxfJWURH=BqCx-F_2y zLY{vm59_F}o9D;US(wK)nE};@^4NElK)VmxKTzI+ zXr0NYwQIEx>l>;IboW7*1IJmCJgo#p7$xEmMBd z|I`=Y16lB+%+JbvMqgANkC(}wk<{4sY4HvCF*a!O!0F6EG-f;lukQ!EilI!RS$TZmbRhIK)?hwv`P%cUqc3S+O5@%*dk)|m_Aut5&DB2!-ZiuTbO-&8%26Luezuo_ zcpmoS$DV2rP3+ghM|;uV+@EM#!1Hck?Tz0h{yf>6w)25?JXx#H&hY@jih6d8zh8HGP>yL#s0TO=ZHobqp})-BPQooBaW2(GX*v3dZ3zyIP&IbY6nA zJhTsKj6_--{5;|1o8SlRxQdVpe!h6qr%hdzdD;bU&su`NlJ%?`@rM<>Uo9H;$;Uxc zgeHSbE5YZ$Pl9g!s?1aDQI*G9;I9erYZ)(i;IoX|I>0Y3;};p|^WYo7XTUEh<2%6b z&w+Qqt1j0g^9sg$Iq1{iwYRR%bf68-)Y*cegqV zfY$@pB9jYz74Y2wT!j99V80AMCB1AazwdW=-$FUtR8D7Rk>sQAJ~UbT0=z#YT~O|B z-d6|j#JPz_fY)Gm8;_+&#-QEOKYApJPCQ6mhDmQw`+{E`>1*LrB;W3Uzh7uo%u-n$ zF7MdJzC+W54fMXy+cnN_tUAXzat+$we@%86pt@Qnon{4*?pf=*#Ay(`@a10scqkbpZxzL z->sQ5I9KJEfd}92-x|xs2fp}r-}C*ysqtd(5T5{kJMiTZ_+7x4M&S1WUm_S@6}L9Q zC*Zdme!KX)WkxZ*I+ITX@0rMZwiA5HnDiRQt*A6hD>w^c2G)D-S7sHnoLfzMx97Eo zniBs?V>lnSaa>o-i$CghnY`bnGL!#PnJZSX@Vddt)qCawo-WTbcye&x%oNXn|G9dv zXk4amAQLyw@W*u-mwm_fQbA=HKcTY5QvR*gixRiSyvl(Umzn&A%b;&E1AN~Sq?zN> znxkpy|zxVb19*wZiO{hNz?)6l^;42|qVJ)%4T{CB{+ z1&=A~GtreX$yH{PxrMz{?IrJ`4qd<};#Qe^z;7Hmp3YBnnGMixAk7~6_tu_(s~yi-fHl>=VV&Nru6E3tCNHtdag*4DXTDN@ zx3Q1@<=OtYFQN-*PTOsD;U`v^eC3)AevJJ>d(Yh(&cCc`DkjFXzgXhC;*qhOy}z|O zXV2_Ow}llkr{E9h8~MsroU=)C{(5!Hu|9lTlZXE{nXk+)CLZ-YPv1u6d9qh9h5LK- zJ=HOr2fmzNvD!D{8~$+~;_unR;@h5=xYuKmzTd4-n$A;jR%Q(4jdsT!zN;*Mue)M> zj`eK2Ccfhl_TzLeg8e!91mC&%hI6Y`-A!J45bV42K`4Dk!dFjO=TZf;P z_t~p2b~&%)Bqs6m13fjl1bh0GkKLCrkKOn7BJYdCck~v-MYf@dW(ubN%0BO zX@^I2E*#rf8E!^DT{C=V#cBc-dS8_(26fz!TjhAfHTIYDd18U_{%<_B@1?R>^RGgt z#yih3W7k&s6TM!43};^Le!hHy@@Mh)w|kL)ujKD7ChGc2heaRqsBXMW^-WH?_%hWu z8N`Wo?DhSZ%HYX2k0uu2zXSZM0RI&D>HzFvXBCsTj>#?GGTvFvnc&L%iB;b|w-^IYjCE^CE6Mj( z+@3SVi+uCUMSl9gMSkY_i~Q`+MZRCoL-#~_c zI=7fqS>HaZ7~?&)WwMzJTv~Cbb8MeRbqxQC4V2kHnGKZLK$#7c*+7{Ml-WR;l1+cF zQ{Ef+mgPXDv(~%Q7|z~uw}zRrV!%TmK5dt8lDUh4_89Msv)_*;2GgFsZvom-!Ngpz z(|F}G`;KeBY1bKxIOoZAHf1o$_wd94&v&!5JA3|Be09fzo(0p9#V+aYxQTVy?^C_( z9Q?Q&dtPdQKcf6gwS-xTGFTGTVQyRI@<=`?q|8?t#818rsdCm^?P{bqpXz$ zvuH_h&Vp}H%jYp}KcF)=?w%w3kF2NZ3?%&dW>tH?rG1=53v#z0Jj`oMWu$G&ywQJDiD(qm#7gsT;a1+Ve$Srqpls z@W))jE1x-fTKbyRU;4G=)gC;uu$N!rOk-1D!P>#vra^U4`g#13mWO7y&Q@=$+prti z#&3rfoW9@XY;G=2A1(bfvL_!0f6E?h-q&N#?j&_zLm`>x+>;xt;=6hz!!lZQ<%Vzj`}s@)0{ux z4Ar4)(L)9Mzx((riXPfoTZ28f2Tq_&3X#lCic|ft~SL7hC^vyv|<)d1}eylV>t{>c}(Yb@C9$-PpkiP6Op+ zp`Qx9?qaz1Wb|9>T-y2zFW&w_^A6dW_|d3yyehNY&K<)(bC$B%LvR02&c=o3^)s|9 z+N|}Z#8$p{l>hX^-8jB8^-Q&Y{7OEDzEjA--8$0m3;WPC4D=ps9qYLd@WjvMFuu=H9c5ztLpn{lgX^QZ4^>)=dfM|J?Z?a4gn5FPcm)yNgU z<;_m~i*I&LUpNF43peB|Ng|GP8<#NnooA(i(KX4s#Xah8I&C=N!lq)lWi%LJ&tS7s4||b;69uc4ba~;Y0)s} zluaSlwBT#RmVpX)+k2%Dg$agJ*u^4xag{!yxvN@9Dk;V%76}*R-^tKkUMJ%cY?X zMML@@6lYc6LFf21%BGLlxOA0l%AH4y2|JKwUjbOW6h8~t=39B!_TeGl6Y~v1AKZy@ zhtAijEMlpZCz7@%nl=c3`oA#W&0*Ru@^vu>z!#S8;@M^LR(FDf`m9vFgMRBfs=M^X z`I70X`>>O<=bplNNB#d^_5W7E99M@x-lgGrz))t%bp*M{mqR}FjUUE->KmUD&miB1 zFdz7jh(FH{^_BZlnvaE7MPzt?fV)yOD$Cn!(qUa0Yw+F1tM%1;sB8FMALP9*!q48N zO4{f97(<-Mua5pV$`86lf_Zj`N60(Sr=7ElCeUez#uwt*mvZ@j-7%q@;*liQDUR_s z4Z7@V#xgs(hl5I|y$xm>YXJ7U$AYz;%Xe4SN8c8d|JIX~Z|^Rn{JKc}?7SUZwQ%rQ zA)iw_VGOoFemRI=mTfV5IJ89&8@bzV(QqNvv_NA%(Q-!V4}&Q;7R3z#gSU5=ydHm# zFw&f&c*LG93&f;+{ZTRLh=^tpLivJoTY3*w#@GyV0pV)BQa>l|&-}k-3_>ga6 z4zHBFvL*A^*zvwNx+ak2R{0?Eu9i;*a_Ky<&LeUsq&=s&EF$MkLB1QyK0JDZ@&r6| zr-1U=?>u;38_Bmc$oFZ{Di7%k1OB-P-NypDYXbfYHBN>$7b)jT@-={a4^Nf1AmDRF zgwK@$pXK4%e&}uvaF>O11axHk1nfQk1Yf^Mwv;b1Cs`2K_xy-`FBUJG?r>jQ(3b}E z^8@-bBlNQ(^z%dda$FdFLm*e1>WG|;w?AjHL7H8Y2j?iQui2i#t&P;vu33Ej~lH39ETBs~#Hx8KW?zgc?L_XRq$C*3pOS%R%NYkPFKn*DCMl9zP&9)0{(Igi>oAGjyw zKlu4H_*K|CSsy+6iwNy6%XL2bA0chxc-ru+FMamWp9QqL#p}T{ty~X9col;5yiK2D z)3-&^cLwP@Z2E;Z{r*V$)*!vl%35X9H$~F#3(~jP^ctIfcO<28nEd4U`^Nsg`f z*@Le7-lMA{G`9Z-_c=@Re)L(USstPJwD=6gZQg|u{9=o*viPeb_=Of9=ZMa`*G-@AnYiZCK^wCD zc2Kt|0qx|FcKY$O$q3(ZLH+nns?4`9=TP5~qY)arc1zjzdtV0nLH3JR{Fao|SW)^x#a! z?XS`M$dhGWP8?np0}*}&_!GnJ{FG-VDC1vWtp+edy7)=%GFQm;t+AF=I!2>%Vz?up1_?`}|A2-3b8Nwe(|UcHia zPyomJ}}x(Y7T~eBjdu6U~K=R z_4*!1bLMq?uftkdR^RIA&QIO-srx*+H)nzFH017_E4SA@HC^8ya@XqD5At1)Vut9b z^VNq^9rImtaYX=Mr8<=7=&$fivr`=8jwtB3YMvI*%4YqZhE4|QvovXQ-Xv4AT5O8P%J+;OszSL=D zA^Eh%{l6QAM!H6x9QTJT)fyc66P+n%T!H%^I~fnFk3^3nd`o|9{vke;yHfKx`214q zhQYWv(Z@Z9L)`n=7gt;!IoAJ2=>IiJ&)OVi6O?TFbD4nd7q8O267>K7{Za(S zRNnG?ls=BSzVgU6p02s*{s@g7|C9DFO5^zx`6M*k7~j}6Y|V!?|JPa!=|9vwSn}XY z{BFjgrCL|&WW00Y+5q1HUw_2p)(@oQPj)SP!XP#p(4V8<6L{`Mx;xos_y`G=XLQ|*pt&k^jzM}Oj>d@ZJ zH`ZzsL(Q_mk&ko}8^nK*J67{;xiop!A3+aRe(HN-9cX8EtrwktxNOJLK0U23(2mP( zc(jO2%U(|h+P~Bts`?hU6Wxa2N`o6mKgMrRG)*t}U8Q65+=8utPW89C)!N4p>mK-p z)&it!VvTQFJrn2N*!l90!{C(GgsxinV=euY=kWAvTZVdT7ZtUR!rhsUzHuavL!IoH zWe8tVd*CjN>-y?imK|@~*dp=NypORt^Ve7GSqa&cxwghKaXs;$2KL!(J2|F@bpKKL z0(?KDZ={HSj_2o0yubXdD*J&im1(sel(G#xJ=F^z=_>sEou0=Fd5M2Zn5;Klrg$+pK7_NM(Va0sczx?-niiChb{+Zw7xIJjU?6p1*6rsqKGkj%O|lXwO&K;3t9q96T-w z@T^rk6_O$7U%2zywfBqaj&rZq#;`a4V5UR=GHS>1lzX1)tFnnfY2aD1U0`2)t!!WT zR|ocOk$o92jt1-9^QqpruyXr>WhdQYh*v{)2AH*jc51?n!hB6UD|Hyipe8aYXWci@hj#Zx84tF4ZQuXA% zqh(trJDK~C4cfY}-O|^@D8DA)Y1?Qs@(@F&iSP2#@Rv`J>0!ykUoA4NL8eL1y;i2@ zZ2OlkJu^rCK-|08t_3DG*mV@*g^iEIOMKZ={H&K=vBz8F>$G7@hb=S6p|*WZ6ko=@ zJVx;p8Lv4(#yhzaLGAXFJv@om!UbbksqPHRPqvx)xEEdlJvKbreT`)vOH(T&2}SZkiLw6xh&CAjTb z-Cx7HiR&EeYj>Lsj`u|;M*c1vcl%4jqAS!8|IAGcpV&U zed=oYllDl@GrD&+ybJGww!!36SMxh_MdGKUch_7{!5w4Myk5s4ulD6WiSCH;x@(QS zWoStwXql>=w=6Uj;~c|XYR`0XKTF`3lek-HKY1or7~}5vD~G*e;!uC-8I|kZ>(=wW zUwiI>{9Bfne)mV+2}7RUx)-L<*8hxnpo=tqKCZ&FmymlRcMUyL$$cx^>Nb|P8Mhw% z@U{u`9jX2UvTx@MH-3nB)`d%wNok#&Vc?FV7_x9qucPE`_Tt)u-A{HI@TMmcWL)x138oXX_YCZN^S5q|J=6n_F_tRx> zuQxxHz3$|bx}R-xek^_LX~GL$jU5WySA)#D1Auts8~WVL>X;MLJ9SPD^ZR+8pKkzP zCA{EOUVd7a>ot0tO`Mp~>1}o^@EuR-od)08U?#Tqm;Nx2wXsEaMSL>Q@ji6CjyrjL z!Puc;ZE`tl62H5hx(_1<<3H{>tjTG=_>;7?6{OwD*lC9LTV;#RY{%HaRL9kxZ(?il zbM{9o@w2b4jeGhnwuaDN$TdTBr2U`0)-UWh?vs0Xr+w-7Oxob109X0vX`CZZjv~BW(P#2;h?Q&># z3#a<>UIh16^~>}R{Ps&;bJPV&-+p#Jjy)I;H4PWq%KI&@F`qizW;Cw(r05vSIHHN9 zfAmn04lS{-d7fx_{|N8PBv-kOpMN83*H^FjX?dSlxIL!hDzBG*yT8<NT z{W6Vz;qxxd`xUSLH-5vUJfADk3>5!MhcplP)=%Bz_6S8o9LkdZH0kuyIrS}-@_Bxv zFh<(6KJtu|m)-$Or(6?^B>8#TFXql8nd@Macxl4HdHq;aR zMf>G|7XK{W3XRqnR+Gj(OUGpX7Cd%_$R|>c2cF+QZXV+K@kqMv7m^%Z;O}Q_h)qi$ z3DbGE_geF`{aS?IYH)r)|6b`guzjMe>yq6&D(kqsrUU&RWR~up3+Mk4`*CNi{Hc7l zkanKt{YBOB1m6m6`Ki~l3_FeC~$s{M%n>T2SUQdZaA(sD7JD_s4{O=tIZv|FyW}`>&JmqYaJ@!fz9F z&Bzt<+gsMl=pMx(#TojLg!a2a+b=IYJE=RBv**~DE4+do8X4=Hsd31OXa6Gg+d?_~ z7D$Vp&xZ17-wXbBUt4-#Uixi6vgDBM+tf$*;@rzqZ4f^j?T_jm+j!u^A_do+1C1po}l^lwHDh)JNLm^zF3!(JxCk zY8S|C&lZ4NZE^4;#>NNByjDtcuF2*(b-%2%yPU`-l6!b>q^l)k-9FXoR3n^ zZ9KnE%+PvHFy3nE#&>oE`>B25ntPZ|+C${I554<5KNRYnckMw(<5nJ=+P~_1lJ-A( zviARicu=Qb_67bC@{g2106)e*cKzWkVR~TqFt*tJ66nr4L8jf{{*k=T_A6Qor%-*_6xgktj9{`?XEzAw9HdVi*&ehRe9QVEa=#OP8PY~~(q;m? zk5zku*DaErH0e?ET={rA^!1E8hSc_;xrueph9G9#dL-!uac}g?&}(iXUp&{_oRdF~ z)4T+JkBb*JSQ5k*>F*8rFl8RKzhR`d&H7uD<}&E6k+ruO0j~+-rLvptn88o5mZo#X zoI5)DbIDss`U#!G(wY-_$8%S!?z*+VpG`SUdq@YLRQg`t!L_j$o)Iis)-W1c`%C=B zuxGs69L;@0Ke$Kx1)*(JXXfwH`TRGc?_OlpZ-HnY5C3!To7}Ot$b6(QpEg-u51O>8 zT%R$1!eP!_vge7AJ-lzH5!?gFG7Ve}@1K%wHsLEZ{U!TtDSS`sP2`k!9yA&01U-yV z87J_$TYR9e5k2LYe{MGXQFO)qQJ3p^9Z@WR% z)%pfdma5at>7IQd2vPH%<3qV$bGI z!(lIE3FMgdKg)6M!B7s`Ku$7X(;|5joXcnKvb;pu@vfwaA58m+LutSAaN17}r2W)) z&(3AJ-#DY+nEU?O#q{>Nd_8(<7-(}7=)}|!1DKB{I_H`SwQJT?PhXYJ+jXN=DO0hF z@pY&#$vF5rx?*qZPu(?kz7+b+Gx!bXpB)!pxhaUBE$B=!=?1~lEAao-_MI%6-#o|3 zYR`^2SX^sDok^p+-4oz5gWUPfdnNBW!=L6osn~+e?D==AFVB2yn7SxFN(OXieFs~G zzH{tcHEEoI_hR0?uFi4&GRXfG<(JMihlEE`^GMnL$m`lZcg*%XjK>|y*7nu1{r|h& z%xmn1JS#%GtxCBSyV{!mQk!+1V6!52+=0!m!ba7hjfhQ`D2D6)J^Zib2>b_V3-Vul zLhWcV`p_BZgxbIn^eg{YyHXoK$I^E)Xa_oDo#md}EN8h>_;tl&=$m|Dn^7AdgO94s zRB@&|4t-{IwV4J_ohu;LKmG1?HF;tiX5cVUL zovdBY#y04w^7a>;_55bs64ss*?13%O_+lsb3%|Mj&>7q7ii7Nd<%vhFj4%2)7tI>H zZ+eVhQ8c+kPu21fKjBpLnEV)jT>A)RHu!NjQ!v=UEZ6UgR9b%s z<4C_P-*L^k8vl)f|9I}o8^_a*k$9%SbJzd5*97U6q^o~vSYFz1_Y}pG^`~iP^1aLe zoWlP4FIf*km))*8=a(u&V?bg;ODAVDcgERwZ0jGcFs6Oy#N{Ky=v8Zv#DsDAw*Et1 zI{)i?THj3^WGs)I8QWjfIjrq@6*Jh+*}*;b=%d2xb>mg6JMoO6gE;-H){4;i{w=hJ z;o$uq-iydVzr6pqQ9tNmtqeSKnsfLq6n@W7trB1s^nAW?CzsK4|!Fd{_pSI6*u^vNwcSYxz_jK$yk#3jh|E+*ISh? z@g4OB#z;18vg|*Q$!Wb@v^JIi*L0=(|42Ix*V2_{$It9N*FqZuwsZADCU+)l>W;_y zWp}WiE}m*9$JWM)d*>L=&8KzFR7&UUF^f_^1|%`3N47u6d(@@-AiTw>az)YI;> zsh=Q^?x0668h7r$5E{FeuCZ`g53}DX-aBvUFp+ifXN9A0;J4@P8oA~-OUSzv9&gx= zPS9OLs5{AP&)U@G&SLMY5}FSogSD;3TYHna#ybrl%md1)xg$v?%V$kVe9X|H2 z!MfXh>=it+g>fqG^%Je{vqn5j8^`&}d)bmfKD@m2)E|+dkGwxD%T)R){``o3*E-Hv zQ~AQR_y+a@XmbNvlh>NN_A2nBX&Pr^mpOc6LLBiG>(17=c9Rxi9@*6JHrt7p#aTA%dFYxQZRGd{|A8}s9c@qZYYYQ$T=v$sU@()JwIy$8Ha zZk+T-6|1zb$8Y&OtU7MxkNrU9(eF#HkeuYzKF~h&_>EwVUp`nZyRWnB{7>=wA5F5& zBH0ETB+$>_-dCwP!&5&WOgXIKi#PtmS*Ep>@}F6L&<>{R3H$}pG6nwdp;)tGZql`J z03NjeX6{Q+_9Bk{)Z?5#m(QfJIY`tpYZBfvsQec#P3?pb`?ti|E<5Y4t1d!DNxXd-T^jC$Dm; zbIo3Gq<8R?YR>kwxLyn9^r z-{eL6q-XSYnZ`GJD~sw&G}o_ttg@I{TjjCF^;CRcWwExbN5?>8{br!8e;f6z9yA*c zEH4#bCXaNqZI5{H8`sdW3o-LKr4R6qFX=o+n(;&gH*RA*&xM!_z zAon1=l()Nz{tX$r<0g*HXVQ*CvrRf!yXOI`)-opV9bOK}fn z49f5Ev$%MQpYnG%TYe4jt%hzl4zb>FF27}v zk&OcSbMKgwLvOLP=+R57snZ_{3HsP6{SPz8%Y2_c_0IEinLEyxjl41VtNcxRV~pQokb!Y1 zv6$a4L=O4$>>&LI-I*qw`O$X7YQ zJd3&Az37R19IPH_&wti$T*kp~*vr0U0CPs_=r@4x9^khV@loa1*(v&7hgfiQ9WgI1 z*t^$J8fU@%1^Ejc>6Sjwd}9x7cMw>3$xB^kQJ0Eg$2Gj?bbjc~*h*>4$4YzHw*=o! zy)Vaq8wY_Y=dScc0%>MqB(m%udGRok5S$j$Q+v?-g zmT3oHwDEwsrSu>i<$Okdpm)-U2euwz+G6>1kVYJ^X$j%T*P-VM`tfkhF_7=w#DitQ z`+VMaEC1`Qqa0yho4Tx*4C0S}RSu_ejkC+PXZ+u?WgGHu<&Qd5?_i93Sbf6gydAd^ z>-jFEXxE>%CUY_A8=ExXZw>S_oV%R;uAY=TMrk%qPRX4`->5kGNBWl9!Bmd1?a>Cx zv-_9qT`fb0rv*Bmj9hlV7TnZ8$N1#S`fXp?&Yq#Au8N)972dL&`$~%Cb>^36MAw<2 zWk2{Y(Zx$^LtS8_K-a_fNyo@}#cR__y-Ex1FowB-zUk^L>uVg}r0UN3id|KFGt4}; zlYMN@cN2_>D!YsyyM;3#ohHw@1y^xw4C`=z_E!6`?sTri`H*xcPhur|5{zT{K1B00 zt$p3jx<$`iGiL2vejoQ%CwB9hYX9YNG3BLJ()O88DSq(np7>$ z-STfRIc}Wwo7nBpguMSJpNX!$q5H+GAKZfOGo0J;Snpl}?&G|F0UKIB4AysPGs6!; z*T*>ezva8oh5HvHq_O_5{fpB6vVXt4O3x|yF8-vkc6MFOQ-`p@m7MnzFP$IS2mNEB zlke8h{>y1Eog;c^)&w*^kJ?CMYW9ch921{D{Yc!&dYesb26GbK!@#*H*~zYp3C~!u zPWa`e|GJ4b@9?{~{0?l6n379$iLTYex*RV%(9C@Q^jv0@$9i2`F5Tt&I-i^6j4I!e zyGCbL2QFm2sf}-Dfj!~?_TDc(q5pJI*Hz4U6*GyAIvepO%CzT#RL|X<`{-G@ywv?R z&Tn+OiSA1s=1g8%{U1-pNuFKj_BIk?{QMa3!i^Kmdo|B0y~Ee>Ho6ry9h_{ccs7@@ zX@N1Q@<4-6=Es9$&JGSb-p7aUq)&v0esA?x%8M?OO1rCbd1<}NZ;-BZtJc0v^4WUs z*~gidpd8KuILE#V#U7r%Iar_6_w9_?zhtubaORoQ{i`YsGHffiv)CZL zbpmmLcXXQGdwM_nDrPD%BDtzFKb1N+(2q9?FSzScFYDc7)ONG9jhNoaccFKWwdW+^ zbu5c4((;3WlfB^EAMkCqc1IA$?JZSO1&$Mx=+>n*0g?ymv{q?x!3cwCH;P# z&K&$5^(=a{HO9NoW23~r)BB6%vdq*_zsNEcdF#D$KQ~$ZAnhVOl(KDuGn=kq{rO?F z4{x*W3&&ZSr1iULw24>9A0Id^r*BfHuJZHM&_B?X^D?3f+ltz;WR!f!EBR(Wmdx8& zKpiU!yoY+wyY)k4W37Pk$CK=#(k{WPT@GF7qz^UIHe16yj@m%>On!gJ_Hn%9UoWZ+ zl3#5~cToIZX|othohZu@_#)4E^cL=awJ9%copGF-WzISNFf@8c)|8D8tRn$WB`v8m z;i#YXZ)yvz&~CQA8Ky4QiI}f)j@a&1*mZQyFfnF(DXz0lq9Og*8K)s|v*{m5 zKZmmb!{V$0>J0&L&gS+Rvd7-Uq=^H~9m0^h}YuKGVhk8$4rvzKM0vp|5_TRqHIsrnQ~( z*dx_?jDBCRdS4P7@D5GF+vJX;-Hczq(ToLGMLNGss z7#A(^rHXZ#jNqUyU+GDDe1rRp-M8PK%xm2yBmX{#&#&|HRcnK`fbTz9NODe_y+@T5 z@(A*OVf}P>EPVb!e8op)&%s|${X^-f<|^OkdWV@O)om(h0<`^kit%@9OuMrs~<^Url-S=(S;OO>g>f z)?eO|&H72rnezCQv!T%PJ7(~*ZF(Z>${Eh=@f)-b_mMqa3i*oXE_mJr9)7j( z%EE_vU}@O^F%`L{s;vb4Y`aCaOKEHA0)4goMsp?2XQF;XzB84t`y=IV!j71Q(|>^f zc=wuV39o$Cd}qp)4IAY%de@o?^YyMnaAa3BRTBB$vP#19gP7V90_>cN-8)v8&JpP-uHjc71 zhSVBa{W{Bg^#70-9hEMmUKz>88LMi}7^rWjpD~&{SBJ7Ib|Ld;RUgLoj4y0^d6(J} zK52bkHtbC1_%*?&mxyk#Ete3y-7!%R&zPWuE8UF21bNk3JWkQ?M{0Dw<#)d`df_V0Gl`DO+?yPg|>*2$< zqW0|5x3Nq3{Ys_ihro+gzE#fS*tL7=W7m1qX3$@zE7?Ab{G-NzYx#I92w9p4jljs%U=+d?R>`Ii?m; z%SYJD8upmeqC0z+0eCxhLMON3bISjD@d@jry0eb|`_PwYb7_2e41TOQ8y(M_&-kIC zk96h5KkfYtls1a%CS& z1BtiFT4&2Wdb{KZb)shw z8>E}QpblS^yyT1g4wYjbr_Rz7^?m^vua=RXVrQCSl@zXc`^w1x|_t!dSGtKg%KY)(=sB#G(euadw zz6*cbZ!o?iu6Q;sAQSffHRni~e=>)ZKZ>3)YvORTlOEO_v)TGWa&Y?bzTGu}{+HiG z^}4-^Imo^}`NvXcUB2F1{TZ!Iuy)p75>CIBs^3lBHlfexca?<~z4VXF=zISzz004D zw~5wpOMRlz-)qzMe_is1whsK?k&OetJVU;!KApVT$C5?XOvQ8LEunAH7WEs&!JZ>) z-lPY#^b;fJgmm%#(y;Y0c*!@^7XzONI7q4%^Ogm?~{e`@}kEXNE%?7r&u~vEeCd@LjJ+kkl9MuC~ePz33=edoi z#_JP1Q#m_#p>EUU&s}j>bC9WwlU3ho@^^Uf{oema+q(zWRh4=F`&@Eza%pp#=AM-9 zq@@kFUb%yGtB6$*sxn%&!tMpAH|WeD;$_Sx4I#{+lZJu?oN`)f>0rfJYYZunGnp7W z4x^b)U#w8d=|wG9L#;KIHs|;GuDy3Tt$3N=>-)z!d+)WL^{i(->silw)>_Y6OV8&n zB%N8WJF4#f>i#!fuRjs z9l`K%u#+;Tkz19!+t9pkGI=(vr!0Y-s?V>1ALb4__#vI1Qkb5koA74b-q*VmC+TTw zWbdu2dzGDj#+=*NZoyRcO4I)1tY1rCnmvSV)2!%djm!Op4m3Ma!b{uUZHH}|y<<4j z`)#_WnREY0%b8TNj~~u4_SW2nIkN&iZ_cYD?~nL;@YpB6{*qm4`YBT%dq1$1`Vhai zP;TUZG4ZLq`1hO=|54&A)b1!Vyw3f&i~iO03$$_CR)OT!TaWxfv+{&5@&lIc6Q7i3 zuflj&yCcusE_it24rJvmn^x;X!5H%P&Q!BCVlRm+{E)o_yQ$e4u-9|$+!F9T`>lcL zO{Iz(wwE;X{RsAR_>Js6`|xn#lA0i1{nW5*fxpCmLuvlle7EMGI7A=@Ob0y2AHkhE zVCjc^VmDC!)6|~5bT-F$kG5^a2CQ^N5HH zE!Nd64;}1iZt#*ViA;pBR9@Kmz)d2Iv-h%bg|}Usi4IvA>j#{#f_$IZ##$S36$*oA zHatjlTORu(vzp5)TWjTB*Eg_nodwx$Wh2AW#HUO{d4KNsL-0}bf`dFVYG;+gNt#LC z!&!~VHQ%T3IAOIW{rPXEUyCmdw&m->p*Z1H-#a|RQuxaX_kE38G(Y%^zVrGa@%nS( zJI}ulc>K5BK5uWPZHd>P4S4=(+Ej2xT25n!h5(**Agcy>C>$f zZ0aJdI#?dm#SQI#T`W@_Q5Q?P3!QrW6-o~!kim_X&IkTPcfyMimdXoT_#pmigeBKf zC&+C4e)d9tUF&wN9S)QByVObNwVu&M&>Da661V35OMsa}f690i9==m+f}{=Q*>0k~ zTBG!L$S?I(y~S#IUEjc#bf7aO8-&MsHV{^zbu;9Y{Zv|vDf@M9(zS~Pk-~0ZySysl#KXo zaO@YFZ}w$m>}6!3ZoLnCP%uFsoHN+DcN%CHycb-Yds_s<$D%J)cXI+r*yGg^IXG?K+A%~n#ZpL?&cg*nD2)%S# z`f0*S(yU|+lJ>9f@%Wl`43X!kow0bP26-wk;io;ZN7qf_D;(>+&Wel@CV0wsV^39f zYD?}n6De;JIr*&G#_H-Ok1>9NG5#pNHl@#?8yxHG4d|noW1aC23TNH+v-d^uE94zI zu`3R3fR`O%TGFKi7o@#6NPAO$THs~ZDDAz%lP9OI}(SxsL z&a@-?=KO*j?dc_bcNV%4(sy-6opAhw|Hm132#)qvELypn-pms~qd6;wc3vnSUgZO9 zljd@~G`h#J7}J|N3(to){2NGEp`BfsX=d!1@cl}>N31BiqG;f1d>Vj}4F|p(R-+S? zhJ1>E$A8r=rd;ydQ#pR4IacWZtYx3nEzKU_zdg$wa^PI83FETA1>uof!`@7NcdI#>f+Gt|P{5o2>c%JSv-qTa_OOwe*Uvo%nr8A1 zf9{6P;tkXZbLcu_-JDyY`P=pU@KNi1v~tOIeAX_^gS4+ z%gpf1+^^Dt`zLDG)UW!{wX)~*UV$Gv&++`?O`i2*c-}ym&gDw*ivs)VCeoklS-s)| zVUamrj# z7db=qM%Wj<4X$AKbs1RfAz%nEyEO# zgEBoQUQtfz?RWB)GFtK;RCeFT=EjKuAul9*WhfmkK>#v^&t}}d{6K+) z&ygz~{GWl$?1V<-!^Q`$X;gISJD~L^-bQyaVcG|%alnuDP5FidKWyrM>><@L-{>pT z2W3=d(tJ;KAXz3Y^I&5eSVKI>^B$F}je1^9e?nQK_--_gFnG zLmxVQEj|**w8sXY2-*R*eVJ21`s?Y-#gp4Qr#Zw4Ma?bQ3G0^8(I-qF>kTjFnwyjxf=9l@7mgzxAP zCM?PC-J*@>$HIIWmzsRZBjtV5ijnVC78yO0{F9PJWUiU|2kyA|E?Jx=y$(zXd`KybxI5LJXnTS$P&j=@ z1h|OaiT{q^JZz>Q?~1ge@Uce1h5HSjqT%Oyl1H)fr#})ew63cs>&@mo?F!x-RW{KT z%A{n6wI6f7toKbrU!BgE!k$Zck601-U8%lP`l=0ilT8I}_(}91TaB!#Jy4gWY6pjq zHOZ0WA9~QE=KO2!0hI1O{)Z`{z3LsEUV>5TO@zGVs-gC_ded&Ol(}nymZXBl}4Wae{pV%`e*dzVU3eDpVL;A z!Pe~8++!j8`moV+T5BjcGR^4Mf^OQd-eu2p`)PNFwh4HCu68;?z4IQPbK>%D_Kov= zHq0k2S=yMkv{y@YHb@%L(wp)c$eXZ?+W7rx@_UB;ACd{`Mz-<6doRvT#&6`(4d^n) z8-vJ57ksn!<-swQpWs+$PQ3S0cXD=m|4whcE1SCpz4vsKK889S?3(Hn(cX*V$PqfA zo*!rbnff1YchpXdKH1LPe&o)}vXgK3vQ~tCCj7O2B{O0DLT3W}THTzt6hkQszy6 zWY&<;p-u$)ibX$dtzwXTTCa5|hZ8;5vuHC`bYNOGNqj_Q0#_-tCB1K&KDkKmI|6!# zp|vaOM4-1(^eS#c+^bdHtdF}9^nV39DH=C*Xl!i`;&QcK^Q^ZatNYcyEt(lC{Y

zwXw#B?Dlegm)69)(M6&=lwst^tPxZ056WMj=TycW=6qVo7(79@<=#h}csEIL!>m8} zZFJ|pa6BVBn>zR$_PMe3gYUoP`$F0d<+V?Ye_K;cvRzJ7dlH<+5WvkR{q?-FhHLm8 z%uT$uLiIu3g{EGK4{(2sG@L(WOEyfL()+Mu#{yXN>(1{X7ZuP@qqdB`eMM!@(?N_u z?FMwvmjfN-p@R~B`F{PazorhlJ(ydUK9p^svjn(LWDMOH+zFBUWysH#+^fSQ=nBeo zdU)mzVgKptn%C^Sup!{6o7d{YFnHapHievNe;4)g>JR6VCp`QKK6HzMunXW{2fS$} zeEV$R2oKJ~S+bBc%ZV4?e~e#RC*RA&H^-XtAmM8W9}MbcAe1G-`q6FJmG)HWAL^wn z$SXsd?K(3A-I_d9=+DpX;0ZqYY!8$65#b@97lWsnn`_A(zRQ=#C)1Si0_8~_l8sMg zrrA^ZLI0~iW4_1JI5f!bf56GNt@*xB5&u)oe+9PLjf5wevDDhF8FRy@8_~rP`CwrO zuk5MX&pgpO>c)*|-gjWyI%DfHc8F%CW%Q#De0BL~!pvX5`&XX;7kzlHMfCB!#XoC2 z_jjGhI`N-C?`y6_u-^?}Z;}4@);GzHcz2NQ2Bm}Mn`G-?>=yzE5#Mo)eiP zyJ-}D!@F+f8?;k=&twz4@^C=Qd8g6>&d(6PQ*g7;eS!nW&0XcL<6#d$Yhf>agl{kB zPFJ3xj%vyM4`UJXdW3SDv6U^|#@x(2{P<4T5o*I{(}uf)HoTQKob=o9Ykg`{d9boM z@b_DHIDj1mHn?ZtweP&y{*M1lbf7Pe_)q`r9LK6K>ynNY-4=wuBzgU7tq1Df0p{SM z+NaTK_Gq{{(}!3s5q}OnotlGxmg1#P;7xFrwZE5vI{TH{hv<>~%lB%~TF<$VRj zLpm_9V|M1X+h>Ea>{43kr?%9R72B;PE3o&Zs}n<52g;wd4fZ6sjQ{L7_C?(D_qOqL zB!~U9)yTB|+>y~DD>{quc(9H*5a7@JDg44adWIEMK7R!NBPZ~4=ce$B)?sVOEq-0+ z9t!I(EW;3G7=(5+ABj$+t+C%F6CHvte*bMphLUb{d(zd}DcFRWI8Vxx6|C7OqqZTw zwd8i}r(JY}vZ?-k06fLe0Z${XHBJ zuXMsk_}rqnff<&y@-laFYtk*-VmY-(TRJeqj=|qA9GYQAhi9-4Bd-tFI(KjN z63!Yndg5B<;8MUY;#=z)MwdW$Z%gjw-_RDlk-{Y_9BbS~LH)0}i1he(-qcs!#F^pd ztnr(s@XbEXn>a^{`!$-{(iL_#Gu=(DuUOo?p<neT731O3lr<=PU z$@B2}UIUN z-`PPOlJyP&XB=RqIzADRc3w#SSfVWB8{gIrm*>!$f(H_at&7z!e>_MQ5&t zd2jKh3jDztX)k{Vom``F5aEBXxqRugbJ<67G|XTQJ$=kZ7z$`?vVSszSP;A?PITyJPe*`$rl{Ebjm~2 zm;6Y|^*zj(%dwh%udpM$ue^YD7w8?pSC@C}fw58E*`wjfmw5c}j4bmQ8MVC|x~6&J zZ*iYro_UnV+-F+>t-=d$=Yng3;>9!c$Tw6kp^P9K9n{yS=qoQo$KI>Bd^zL%jb*Im z)NDbwlHcD+=6kC4QD?8NyZ@lAJHp`8x&>;-+>xmJ8qM8r>NlmUG#@Tr{yCor;Q?;t zUwY4Dpkwx8%g9!Jfv4*Gd7h&4Ii3|GjDdOIC7D;B9O#Rk(idU*Dfa?+aJL`#@`-(W z@FZB9KXij{i^wla{K3;w@w7V#m{7y`n)gF5I9VXv_NF(!LE_bVWv39tHAAq@c z5DzAa|p?TqCUsZ-a*J_wUe+gdZiJeJIwZ!#K z+1AN#QTfW&VBA@^Rq3mdyJ~!O?{t_4%RSopZVR5ge35TQzWlY2c5Ft*!6$6Sn}E46 zuo?den{hQf!j61NXXD9cl&y2e?2~QAPU4>s*Q4?Lj|~ zcZXB%%j%C}mUTY&us=0e-bnlQBD5*??wYp(Ov&(v+ zg}#+;_U}mim;JI6U;ei8>G5r)xAmdBX;Ui|ruL1lxrp*`=1<0IvsxZ%WQf&AA~&gE*8 zN+TWOSoRy}4FArhjcM7|I(u37BYcMPvNyajtNav(olKp*JdQB;O}qGI_M$d=!X?|8 z@-$H%o-a=vPMB|V{t4m5fjx`8A$#`a5@Z0`&joYW#)dsdb;v&MW2(oX4x1&{t=P0f zv@_Y#UfMaWnEGq0@nXy$Q-5jkFd z+uxZn`!w-aGv`s$A8+qso@Dq;=R}-n4$?hs`kP|Q^f$oz-)B0;Ru&90y7_3*O|kcJ zQd^mu<9_Ix&hfN4^h*=%sGG1u=$8R}lpe}B8ec>e7V<=W&Lx&rB-@Fz^HQzVO`CzO z5iGLATp{zk#kS}DqnYn1=)1E8-&XrXdhCkdDvj`=w~q^-bT{>0A)K_WgDQ`7Llt_X zwb<4=M7eYXc(a6i)VuBk83xzUQ}Qps@64=!d7ST)==bjuMn7-|y}xgfeoSZXptDb` zOq}crUkXoxzV$1CE#4`9_rdRsy<{`? zo_rK9r{78rm$}^6;Bv-?9Vg$|0RA16v4l1yofOr#;b*b^MoaFe6X7d;qaUuciW83l zI=e$U)#tp~mKsNq^I@N+7kdMm)UJZFgqQ534V**2m8Ps86F!Z-gSiCGL0PhkwJG@U z;#7?RNEgnL>?Uk7aaqz`sdQnUq#^7@?vFSAJhb1JIE%raFT5K6C~sg608>W3n@BIa z?47s8b>CM@z)YW+9iA-g^jkbqQD-xfD2R;-a^BM7{8<`4a7W&7+ zcgY*P9w(Ut?~B8<1DykVzU+)bSAGk@nCGV(DTncQ7af5-9ai4HEQI@Ea=XBBLSEmD zH+}OB`u5h(8-q^zD`RgzotG#5nx7~2%=x!XPAF&IBW_%6#gsL#EYROUIYm46@w{L2 zGzj9qDqOEx2C(!U9fkMNzvhsJ!D^qMsd=0>Z53uFvjoaLr-t$y+)jcWuWc>=F| zZ%rQ!?G4x@6QN&y-#36aem1mEjl<2l3;7O)IspE1cBajJEV&}#8Yt@@puq_8Y$aJIPJlyniF^b;2eH zrZu&G^Psh!@~2gP`fk?dESE8D`rjx+LcBy*X+CxW@vK#ua(A^_eE)P3b+!V&6q46La72&J)Ou^~MreHzSS!I^YQ=$b3OF6& zt_=A{+;2o9`SvS+;G=W;bH5gRz_Tp0+JwCnguTwU#xK9rw_oRW1pTr}?}O->JUL$u zUgI~w6JG`OiDT{-o-={vtf&LreRKP_&asO)f2L^V`EJqH@r!e}d-jQS4 zRkPuAr+z*4f5!}TJZDB~F5y(z_7(2bHrx4w@YWSs<`mPBk(vGbALqoNo>|w-*hX|XFHPBGVw=spt>ck>LmKg%>I{DC$#l=umiQ)F-HZ8845G2%qqvi`ofS{aqc_A9B`e&I|Wt-qasq{}6;xe~!j6 zU(h%0q;2%{eVdq{`W$&MmZyxVd8%9Gp>|k=9PEegL-6T!;`b4*HW20cTb}hie@C4B zMay{}X#+3x{D^lmriaFlw^r;ssgFjE)6k!$-MyhW=&1Jf;aHK%89jtZMFupl=4RdPV#w>=m)ui?0YJO|b z;j8^VFv))I&(M#uPAGXj_%-2RUh31r$@x47!PSW!i;aKq4E4*z-C*)5Up#{U<_hLN zRuHc-}mnee^5HO^NJY<#Tj;|8nXlN&4l1jVu~!AAl~wh+gUE zjJz{4XJ%|kU22HmK8T;cF$El)jDcOL@vSb~$?Hle9y8hD~3^y36sSgne51(*EWU?hy79 zXesAu&W#Feg0qNw7hyjlPBi_HXNBnG{o;VW$Q*nglo#!Pg_lmt{$)>>{Q=%318NKO zUB}rgW;54k(w>!$FPPY zdI+073|?HUPMpio%bLbM!upDxSX#ag^m(k`z8^f;wALirJ9o-k6N2z&^gzAjy(p67 zyq+Z^oN;AoFI)RGFNSW7qt{9`$JWj|3UbQ6K-=1;u|4yX)H}M*i?^lH?Spn^(jCn% z_MxNw3HY~psl(HpllFeY+cm3G-06$%Y02SdANXt|cQMg0%d;5!diZlJ8JTEVws;1u zMV#L-GEnHyc3SoiPPd`KEf|>YSlE~q@GkWI6YpZ;hww1ZdP7U@=@*8lYyI-b%GIe^ z@{en~XO0`+!Cbr2?l5!x|5b1iu)YoU3w&dnG)Hhluy%N?CHITpNfv#X%iYMCSSGHs zT6YosVgwy%GA(tN?Xjmw-cV_!Tk^66?t$!<-0~Slja`gHAZ|`Lxavx3)VCbUjlvGf%!k^+sjp6 z+LXeE2^%Ktw*O6AQakZBVsE480^Z#Mu3aJTc;5uxP2@kHGQ6U>us7oxmlL;+xGROD z3Axf-SYG@=;_oM3e)w_K4>+ECllP5`{gz$>Oy^wq9q{HLVG9Xku5~FoFZWZ@(jS@n zP=0q1zbJ&|o3-JkE^t2t&gXlzq3cV8FUy1bJm2`Y82i4jyL$1#Je(_tqi_1fP2u=b zyih#hUnZRO|0ZKw|FQY{Q+%z{=#?aL`;qmUdsbWbtQ%;@?3uUYU2P6+`So);uW*fB zMcj46(=e2{zYL%38wQ*FwJPz6d`HQ@jP)m9UMu#gF777mopXJD-g$~#zK!@!!pI}% ziRS?i#Jlr}TOE{Jbu))=`tIDV&}-+xolW>R^5B~JMxP#dwXk zQ>J>_@M!1dc37q}ho_|_3yg^luzzNXzt;!)Nyi-wOVt+9AGwcogDcFN@Xf@R&Q*P* z(}=$sISAULX?N`ZS=yaP8-2;rt-!sDGQ>kX469I6mHQ7ZS)NXegcl|L4E_gs~z4L#KZ3cL(H8F6LvH2eZ1%Ic@RA} zql?+suKfS=OT>re_zt+ja(p=`hj9EWFbl9zkN7l?9S&%|*{3_k3E@gx?g%_by;R66o%bpM!+q>(R6cxG-!x zVeR6vaL$!{l-uITeB|R`9^BJ}QN}3?eEAydpB?Z}x*k5GClB1hSwTF{ zK(_Es|GV)ZaG&BE`o~hD&g8gme=nbm`8YX9!;0s2%LSV)zwbG41~3;QQ_bq<@i)ddMeTO%ld@fehxkjuFMQP#bfo8Tu{KQ7{t=4OrQ$PXVP zyG-f8t#Ukv-=mp>)SkKjpZtmaY5t_Ju?&Cy_AU7H3jEpd$N4k1C*aS_{{?^6{ULvB z_>;2WPt_mtXBPTxY`V{%u~*-UKePICz1)L=uey<&x}F5{Cx2FMjz5Y2z#o;H*~oUl zm$Mpa>r;^ZPj0fnyzTt#QpS#IeXgSK56{vyil$lpe`j> z^^~V`^fdJg$M@#(jXec16Q^9An7alE(PwRq<8Ytv;WtXj&1Gq z;Y#?He=9n5-%kUb1WxJG{c++b>+$*ED0maczA?gSZ^zloU`sazH0)#D!?oYUz3(vJ zQ-d<JxM!oC#X1vMtWl@I;3V+|JWhfJo1nDYmK$@*1cXa>t2-8l&{=ANO_+2*PHfz{p7et zi@0DdYF}sGS`_`qz7OT~{o+Z6FnnXp_>Fqs_rBTiH;>1Igtdsr$aw8s_{bUGs>`>d zr?&IFP5mzLvb9=)lRR_=bREgddwEa?t4Z@|m8Uk7^iiJG#fkKkIGZo?xv^{bD!uI$wDNxUfguZ;;ml^4dfmtfQP*`+`o} zChk4Jh>m+h+W|cHsr-!l@Ect$doN1Z0^w8`-x`}w(i{un@0C7)?wcw1g`8h=O#Ib)1IlY-sZoQ@k9n~C_;ya9y`HK$9rlTJ?B9_M&R`*Y@gyFpseP%@o* zHkqz?Ael{h|77N}rgkQ?tm$MmX0zLq*+S-wW4xaxIbcpDKGbNF_Y~_H^8Nb7*`)A1 zqkJv5bjZ)Q)8Hmw;5pAF^9T8gCj;a?NZxI%y+fBd^GA8yE??H9i=D-KCGQH;_yk@~ zVhoAzzUHNJbv^#GW-Cv|ncOL0v6khSzU6zfT;211*(0pupg-Q(EnMEo>o~o)dbO?B zS+!lnAu}bfk-l}B7hxS*eji1SRlAM3_hWZnVAl*1CYci4LCUS~mzwcSMLAg$?n15u>xAsT~Q~})6Sv|bNiHcQfr}upO!N*(Vsg!7*9KtGokR)k?&2Zc^-GP zG;>Zgc2idCiT`#K82ZeA_uJ8v9jv{LW~M)RnBQniZu@66J~wwddR81fb$NQSm2#)L z+Pwyi+41qa?0}tiWcwjYzZ;%PJtJoYms(a^G7~Mdku!XOo0yYj{#xhwloU2AEG?V0 zHZwJyDopt>vK1xw&^`{>h|;Nig=hQmyq6SCJpo%1z%uV`7pT00;NltMTR-zH7`1uY zQiOK3kngaqZy@YE=~4J_JABr-BIqOc&ZJ#Rf6{-BeNlEnUR*PAoBeN%i}p_CyBoL_ z$f)0E8(p#YG{U#$!Qr>#_A39DTy_t%gySOV^e4bmPFM%Lb^Q5*R}P+-Kj_b`8=mS} z6D%vTQeM&ywx1r7^i(OKMzmJhX{kt zLe?>+W}7pXz6YAK5#px?@2r=P{huAB*$IYD>V~+8_V;Jb&X!Y0R}7tb!!oGw(-YOZ#78>H7-4%gcs?VKI z{NJa6CBB~cr!>!;7k?%3pI%?#8hfCVd0f&gAnXR&@RE7be0O6-_A_A`;;sYc8uRVL zFC^?^!W+oH?#~zr;yZ}@5b%p8SZnSB*IL?S&_`-c)OCq}pJZ5VnfEfalf1N-1G5bO zp)6WXBPu~B{{1|>%Ce4*yybDJ0z}W%J_B@z(3PxoR&Ct(0 zVWa%GgzG6YuJdtS6v74N92Pt<-_OG}OE5>KIsQ4^e!KcSHtD5)UuNScGBzqb!MgGk z$qc+PeLrUsWfTq{<$GTu9R;tF2LoOA61ol^{7a}Wn)=6%3MSP*b|gbP{tL$voX2KI zu#Ybvw4Hq0hP$#go<4lT2I#>icy*Ywq>U_9XfFSSj;`{>3jdYrIWHU;TSxz z;VXP6fqVXhEc)qhBV20(t)0N}PWye~@0DL5Z|wgI+GfRKWbK8|0K+|Wu57^auJ(-1 zx}{%y+3CE(L!ab+$o^w&ZQ(QYG5@!?23%@4Q)v&GATQziC~*xw|E+SZw*W_*exVMy zl=2rW?P7$ms|eea7p8Xl9@?D4b3A2I9=@KUof7sA(jlvc&Lr`*vx%PzKH|88L*w)p zF5-;x6X!O|j?A2LrZI99p2NBJ0qm!MR+a=Y@( zi=Rq-y~YJ0y`*U-OlO20Be)uoxFJXz2{}=8~SiF zH#Y#!g0^DOE@;ylo8>-;4v7q4`vrPfYiKv?R}fd2BmZjA-K_px;XGq}*YG3#p8IE` z&j=68Nx!w{zsOfIz<8}`KHpj!J274pP4IHQKYzVv06x-J?a7FL8h^63T*z9(Fn83M zeYB2MwL|0EFphp9sd(ujr8{glz7t&_ z7~&V*XE`M?Y~z6@_GJfSA43;*lw_Cnv75Qu{f5qpeW_4qaK}6HzUPVqfzE(GF5h43 ztTcA+v&zrNrfI8tK1cjAY@eN{gljDA_xDDZ?7`o4@n?YhvD!dh`s)ezZ3!Q4G2ir! zV;Qx-Jh+b&ew+U--L&T;eA6F}^-Mss=fQn|a4&@8oxX6-m4R-OY%(^s(?NU(-^~9n z?hs9?55FGb;kn9ZI~+Np`jG9ZILU1wuV+hEl@1urNV94sV}2cvv7XiB`nZzJyXx$7 z^$nVT)|!xXz*xud>5CVHbVCFE@17>=K=O;;d;XW;$mG#U|G!xF17&!gwXr6(wNTDi zlXfCuzCBbS+1bPV-{PSCKX2N?{f zpnVButPNZrd7hq3p}03rqZ|Mj@%<$K2KD}=br&~v*-%=&V5`>w*e!c z4pW!psrICD-KYG}yQW;7)vnSHk-pp8(64h7l)uq60WS8cHF@AF4{?Mz!L?GjXk!{{ zMJ8I8T3zi<5p6N>e|hmAJFhT%U9m9_)2A%nMcm~9|F(g*BY6KT@6yXUhfL+(3Qg;z zugHUQiR~s+R-e`fiSJc9Z2BA2M%9OK##rka{A8PJoIZsgIJc_|Itv3keL1);c(iiy z6Md}FZ?0UI*;Ls$xUpjIcJ^96%@__oaOMiIlnHzH`P(UHrMJP>*gCQ5Y`c_j{ED9c z65&<)PRGU1wU@> zTt95IEXR~pc*+;=B+YdyOAw~Hw_SvNOl4$EAw`;AX!qsaPqUl&4^pPXVH&=#B3%~P zZ;O@?KjHHUKadB9{lEAiyv0_2J_-Lv^sacqUm@&L^%JWr>?Dds*R)cO3uCgw1Zk-;Xrlsi#Mxzln!^xUPkCZ2%%bi)tq zWAQs!cM!jIPeHl9v7N=MLrSmwRR0>2sNN+9`E@^Rx$|k)PNVo_+Vk<7`k>8}6 zqbj51!Vl9}Z1FL|Vw)=cJq10Cw~!&)@9rORE}i!I2E158UG3H$A<1u`AC|-kV~x`` z`ayC>+F{PLOL6}yvT=OP`idnrtl2d1t}{RbIotg!%4cjsBWE-Hy{O>YOL*lfzO@!f zn#(9h17XP4Zu%Z0XUNp0T> z!5@Qf_rIaDrh*qgD=SZCc5frRIglCh-Tec;&jwEGY58#9C45#M+_(AG`Krj)Zq6*p zm#rn(RJ*zVypjILwz{gVTJAusk(}WZ`h|3bt^M+?1(Vst!Bc0bvxmC17ujOp6Sr>D-8+Z{i7H9sPeZGy0T5`um-juQ3cf$+rhBjl{gjwVD%i2zOjlKgu9a4Jb z*$q9|G>arl;Cf!T^5o!h=>9x(=k-BLkn7#t5o+vF`mf#W(QeA*rMZ$Y?f=b}odtwl zFWEtlro@9Cg=v?vU)&XKu|x;uS}6Nj_Rn89Ci=5`fMt&fH~S8*k)0W3eh`~qcV00s zV(jx#E~dN%<{KLETjWel zrTh1|!pQ5J?0q@0r_Ah=(>!`H_BngzjNf*@Kkq+W3{U*HmVhS@1vvgiJYhbHhR*&{ z-l31an)AR+c?LFW94H=1-cH~}4+iOfNx0Viqr)>D(c}f=nl$o~>>A%P+Bsgn_`iB= z%Xqg?b=rm-fYyiDr*RE7TfD%EoIP-+Roj;EbiUZ-TN7TLzHj$Vp1W^d;nlUWcN$$? z%KrIUp5p|^xxq<&>z(xDgJ(=n|DF9Yeq2HD{gR%cjEJVLVmrrK1K0TLW4XoQ`WW(F zPnkw3<9m4?;rrt}u@BWp;3(_Ij|Abb<(J);(_gJnyH+0TVUBahz=^gJ$oIlwJcWb0 z3D5F4D&87-K&A!9SsV)k_(elScC=0FHR<$HwFjOz!GC=JUHNY7dq3auHTBO-Pp4nw zJKmaX8Ec}Rcpkr_Ig7u4+DfoDkT%<@HpaS7OB8wIZiGcK=8;Sq_M_+>|5|T^eF6D< z7y~&nKCJMf54*kG0rF~= zF%P)7$3$az`-I)@^ZQtV`d;4YpU0j*F@`rb)^l@dgRXG49R7bx zmU+HSHHq}lI`&^`U#6e%(@z1$=u^`FiuMt%B`AFZai1X#W1^GNR1v-+$n#n9%uj>; zzeIK!dA+euw35CXS)v^o|10SV(aPHR6x-0@(;6Y&ZNSj}4eY~u2C)AI?1dpLa9<`p zd(HY4AKC*RVI$J%nuF^~X%6w>1>z?sh~^lv z*JJ3d{c9!~Js9>Sn?=@Tw+-g630#?<25bA8Cdq_7-HLs?c(j?F>3JA!mK`?M_ef^?geE?)=G*K`ig z^2g=ev9}tU3(zO5mwMI^dxz1#5#~3FvGdINV)^}pbRBqWn2W@A%e~r5I@QTUYhFfo ztX5mryzVmk9L{;Cwgv-LrI# zgH!*#v$(IV%B#8m0&})W?Sq^LaLK$}?t8P+HS9gkb(3yQiPi8xi8HAixGhzg+P-9_ zsJn{0?5dn`y-6=gJF)8VwOy0+N*~}})gORsCHFQ6|4Q=NHrM5@9cR*mXJ*Yg6Ax57 zi#j{Qr|_#qvwS)^4%GBiaQKW zI>!!PkLyaE&Y0tuTK9=cSE6e>^+fMRd0!pYwa$o;4ZJ!vm05|Dq2I5&r}!@0t94lD zObt{&#kgSo<NlqczGy9%E=9r-*@@`TKkW@b2&{hQfa zaF*hgp0kj?#f31nY!w4)N?+XAkTR`rp<_Nb5SsxxOu7McFb{piBS$??@;#O4x`+Dl@Ynx zD;-nF7>ztSh&N|(9_4(YLCZ6D-458~ zGi@1M-wEvq-oGzg!gEyiADjn|p@H?7_$f4S28?gN8U2qh5Bk5`w`qQUOK8&wm+&Bi zJ;VHy$2}qKew-U8?mLWAlf>N}#;Jdy-tlpsLO-1QXVJy;tHJZ1LYhNb@u@KTqoc^a z50m+D@VtilnIzgXwkx|v&jtB1PXA=iS!&7s{A+%nGX7$v_0}7CO>CtOTXLCqfJgVi zTp=9@o>s=(vQ^e_hF_;_W!e41iH!Bo0O!HrLn`@i@~rcH+dp$Q?WU#;U)o{8a@P<0 z>aOQ5JMKYv`0h-T&HinxfoBCWI1`_z7-u}or?uc{lO;USp=L*Rd1P=t^_Wh}=i&{X zi$We#SEc@baDNZ^9Bk~P3Cr}=@Nz!9)SkL3(NB5kLv&WAZ0&iuVfOl{e5&{SdJf(f zP)An`07Lo&usVA>Hm5%~r1JXsa+AV3p`NA$^<>U9mYpx$oY{4thqf)=iEjaau~S`* zlPW~VMeu}kwK$)~w%AWt(OW&`?pFLzkdL_d3NH;`Df?k)n9uX5;)PRmIM(=Av8~hC zE58rv(cA~~4QuW=->$xMhFvt;V5i!>Ol_N!wwQlO_Ia5}y_{K!?xF7=|Df8b>Q1_f z_jnbyUu5qMkrye%$H2AM?Y~GGRE4@IvIS&66M%!Fq zo`Fn~Pi+`RJuYmuy@=9z8y)tVvw%t&Fb!gZ*7`NTp3n{OHSkr|9ma>Rm(4@HqMxy) z${)T^HWaqcrPxr#e%pL@mD;BA#(vRR0oKl>>tTCDR!7st_clAlD=$v7_iizIkM|4R zqRx+5!I_1*Z!4{M6J_mI`>9DcnYxP=*cvmoFi!B2HT}6U`rwGs)6lB^hI0`pi(SIF zue7h)UCz32O?SdBW?U6PrtvdhX3^KuPkRyMUN+oa1BFgx6u2$GTtHvWdTKHEN*q3q ze*Wx~)Mh_MyJD^?*V8=>*^gSu@6B*Hli8}R@~mrxOTU2DsA%=+oa%|z zL2KEftw|4B)6kl(VejBcwBCWA7q~m2HLAMEqjihu5^iXX>YkdOs_b&ntNJ}UKC8K% z;%&_inOnDNV` zEKjKaqAVrUpBdA16)yA0=Z3CCMtgko=@gBIPRTg7%W`xcck3*90-wE_Hfw_?nOND( z+0e6G_EhF_-N{Uicn^QM_d)V6JMYiie$+*$>_311^O7g>_#T7SO6sRJpZ5dSGIwjz zsT1y1@PM@9eKeF4*^!iKHes9(c2b!>6qX6z$0YBPTgm!G$ZHy2oQDjnF1A)ZY;l$# zcbR94e=x($0iC_-{A^TmvXZ(Wk0@=gz9*5X@1lNunc$p;KpvDg%Af(cKt^22ukL*n zT_vJ5pesH^9+dwa(KT4+*3#xA=QY5x@7s&1EUhUgN*w2N`}H1_nfWCv8sf&LEnbEE zu7|!K%&}!N*P~y#KQ))@iZ3(r(^G8Ka}Ht@nu`p*oD=xx=^bO;>IA)oqF1!SKkYSl zL%sT!(9W56HL5e}tD!BGF|?~pk|Ww)WaatdX$$8f8Jk{mRJ(=WK*CA&l15{QAbp+2 z4v$}8YrN1P9%&p9>iSTZp<@HzwyD;A)G_?HLH&<-k6e`pI_^SfzsTn^`rIFn-lE?qCBTd|AAj^dJ4bOkty~%SX+@X`nL}1`6A~3IWG@; z5NxqP_Flk^~cA>Y?wJNwPwhzBCldt8vUYfSx%**wb`E`W-*zhm=w{@!h z;fgm;_0Ur}#aa*VSpSOBCZlSP8|ZJePO_^6}L9#kS97A|c-fr*9iw3Gco&%axDg8MLp;R^H%O z`C#F;(LH5u#iL0tvc1f$Bu&+-3%%qCe?fc$gLWJzzPfdS6?q6*z6-hPz?X0>vMqWZ zn(O-!8dzYcFRi8IIxYGoBeRiD-g%B&0FLJNxEI?&o#F#oj87u|_Kd-2ctvkj&Q){V z!u+zryE7hzCjrk=I^#B=FGd{v%0zZd-*)&eXrv9)v`?^N9RZE_H!_Y4;WLp_dDafk zS{L#=JtNv*7?{3|Ie=})b`)+q+!bABN$;$hB^f>bAL!D`pj>m275YQwfT!+zg7La1 z9USsreDAcDS@+Cx3t3~xb&bmu-E*ei9nPO|WcMu<-Vpx#z;8`#u!gFb3eg$pNS$9}^ds=|+Ee>A zw-ofFzP&zRr_I%a~O+vgwH0jJ8J zz5^L#FQ{F-@*F4G8mFxX<&xaCO|YW*?U^tU2tJpwhWN&+OD%XgPv?7C z*u{lvpTwCpbn%~hxcs#lo)xw|@fakRG@c^u6zhvI~}*;cVTDwy3^QLCv+$LN7-Nb6(Q0=V^e)6-q?Y{3yGk2#=+YE=l6mpm^Y>ir`gKA1 z)rOS6_Q17O?fry5PQnJS+I#JGY>Ywdap_LUp!B`?D&5&$wfDLq+LQWGWWNF)PUBfM z$FnY`{lwdF^ySG`P!=8*(b_X?al#jWk|;#l&jjE3r^0j zawwNGiFww9kMsKLYP{%X)rG!C6X=Uam~-mSZCW?aW?UWpSLVT1(09=0qiNNDP?uMN zXF}AAoK{GkiQl57EtS2^@F$i1f@l#PVH@vAWxvRpTAVSInHvZ8OM>Z6dGuS^Sx3ds zRCacdevZxo4seJ+oLOV)C=Q;vz{J~V=XYF~F1?F$dTzh{_qK?$MMWev- z`~>**yq2@0u6vxd0O25y6z4@Z1o>#6!z7e%yZ{*lu9h|vh398LS1-RO0vewbjiQgR zr&NDRue5!@iOwTQNAHhI_dstyH0ZmpJ(b<2d>N-0Jq5l=(2`;dTW@6H!t`YDCPfpn zH0f0PqxBXi#=eS3`vS&Fjuf=@?zV^(4d{AYbU{HCNke;k_H7JBhs3%!-fHX!qYn*=}fJWVpMG?YKp zQa@Nmm7NSsJ@->ZF`5O7ZZm0WgS2( z`G;2gqK=NoZmX~-Z1jOMDh^9O|Cv0Kx+_)1w*bu*1U5@UruzS&4_2?{Y1w+f@gZ{G*znX2de}gCB z_nTwm@fqf2y+5!;+ir2NMH%l*b^ag@-+>y+!uThfmWk4rQ=lIfbZx^Cra8YfWvnMd%;8hPjzbU znPGE2_mP#XyDrfD3$j`$+m~>BE=>5a!dJ5%>sTf0G+!&-vJbt_vz7BLGy2Zhi--B` z4BmI~zPkWg`8GPIoi>jAvyW=sCy;+VO&eGJhWb@9r}V1lP|xnO+ykOpdOweLGv_8) z;_(YO(mG--$*4Tcoz-3FS?DX@COw_Bho<)*dknotUs-b&@-`Q`@b|lh>iXcu(?>YZ ze(~GDeJN`%t?Hvk$7LFhjLSrhMw&7mmF|bs_N5Ed{(GtxU$%W*CVp^SrvCdEIILNv zOIXvY``2^qOTWv1@R(5Oq4#vVk*f3$7*JW|WvZXb@ zHm$|2j6JPkZ&3r09X zy4O~^b6y#jDf{+0>Ez~0PcU-@v$@);`u5w>rFYJAC*SU6Ey+&!>uGVS{%?4KzSkML zEA^wCn<#I5)y3{)#__|$ligv;y=-%$|8P+D>w~fzJ@A%1uXJzR3C-vL=Jvq{{2#ry?r zi+P{pYo$|UhXUI#+@qI(2bj%e|M$Fr_c4Ca9q~*RyeJSahI!x2Z%08|aJ4|I9iNT-vwo~5k-^Fi{B zsNFnx7H5f`mDPU4ap)_vXA$}N5WMH6m2qw46Bmz||F6boF}9+3t9-om&IH+XlU`gMe+Iwl(mcbKKJn$*uK>yT% zLwB|acAjwdOt9*Czr3f^si!Oof0xO>YVj3n3xXkS3ZICwAm6&JRg2#ZOkGEn7w<@b zqtd;Sw4&$zgzI^g(kkyTZIEx>)=KwkrR}Nm>N|?8`c30zS(_TI3V0p&zG=m!<2I!% z#;n{8HlcCX_DJI{Z=Gf2kp8QBdmTXI;u>2#|~a)|AJ{ND5Ikf*09?dU~~yA%)3 zRDhH7&-;&c6=bR$t5{?Eiu6>gVmo0S5uWH$=}GCvz5;x58k;iS24uQ_>^sPSS&!Ga zgEgx88rP)ykAHj+f9954@8jxYOyBmSaBT8K8htwx8=y$z3C*(&&V153gD3RXWM)1Y z!ItHGcsq{HPHw1ZT%>UY^O^JUIo>|_UdQ4*%$Z)=igqn&$?4lm^WjCVVC+&fc%}KC z8TH^9;f!^UX^!PF-8uQqY%WeX<*U9OdR8%y@K~W&-COu1{alguw>5Z=xH|JCnK|dU z)<)$s#~7yfPRbF?IU74$-F}1mL8T$>wOs{S)6VJ3%Lgj6W*kre{l4v;zK#BlF^+3& zZ`l)}Ezw@(eo=j6AU}dJwzq6u-hJD<%AFmgKVf@=L-S{o=wHjj{vKR&=?_fbs&SHR z@H;QU20uj)Kl%kL+E&r{34^nu@mlr4A-)s1DjM_0TUE5jGe!zB_}{p`9a`l+8PN2U z@_b7iRc=2pX3Pd{y=I(MRp7ra0lChnu+|#5Jl_u1S0pH8kR=JabDQla^ynAy-bkqcC z*$-}HsP0dst%qmKZvnS36XmX*Xy?0aOY_~WoT;Vx?mgUT!uy0#|5+~n5AYuHKd`mM z|B1jfw6ccRBU`)GssFxg?J9R!=R2&r0MGRS9^ck}YdkmZ1dn5t7Nh5tw`^^lWsw~6 zX?T3lfA&#FhL(WOC+uu^unm~#TiV*UTE4A4&5E2_kJ#FkzODVn6QQk*9AAL!U;78J zw_24Q3!TbVwTm*RTs%>pq6r+>`6tFRj29ZOQ~X=l*F_!EtoS`=*oBmlHD-r%Jd*z{ z+nRnTIZ$Ai5+{F$i9sB`P>t3=JX@i)&ZFb93E)ziCw#0R6Y;*8;f@-eUuHG%!>3RC zn%}rbeqrh_&+Q-E`xs%QVLiph$AtN^N3;$y_5<|R1kM}cOmLU|{bM_1gGuK}PixKS zJmz;ar!zO0<3S%^F(vUg>;ZasCuh(s?`Cc%UD0?A`(|pv|E>+puO!f&o#ey!+nGPq zU11IEd1OxgcaJgGR4bb3doEU-#sF_IzjH!Qpzr?F{7woTJcBXIggMOf2%qM4(39n+ zUH?Cv+mXIm$(Y$oXCmZXsJx*=^E+|92mMB56lMhTG23{Kg#8J9*NOE&>U1T3J31>E zUkWQSY^}?-;*tT*2s`Y3~syLVw((wabo_%RQv-t?l@590s26&yBK<4PMz;8h0cqtL6jh7?Uaf z^Mk}m=iY^1+wHg8C&n3)^|sp>w=DD;pq2Al9?t3h0^Q3*T~3;Yt<2hEq;EQU4?hRJ zSI;{lzsLG}X4?40%5FOH`}@kX%O%tBXPkKB`w1*QsCVwl9SNSV@PrR1uS*}XeYm3m z+^D_y6~i}RgL=G0{wnlW@Fe}YpiXavpPyG>6V$Dl|4?00$7T*vW8$}(S8HcpO*$W+ zg{bOm$XfRb?^<(WKGBNFKVpRQvL#=k4xr4P$Qb*fY)kD}<)z%)kl}ExTKff7Lihh_ zOs}!LmEzlJT`r||TZJo?s1KV5|EZ-t(8wL5=(wfmk8)$V&YR=e-p zRP8Qc-uVNYtKAQxkG}p`wN3l-efY#*_^G+S3GlI;_E4dA67(x^(L;O{_EQv?iL?`R zkr(5=5?@JUi*+S4$pF5d@-Uz5en|BoyNoq%jaN#TtF1D1Uu`E%-&}1MnK`j)yIB3I z;K6xtTtyJlphU*g5!>Zo?l_3>%kW0$BLzP@v33m0^UWniA#odX_o z*Cb;W(WiOjDDCq+`BKA^CauHtRJ-T5B{Nazi-Z3>CAwq{F!J#?b z>XXZ2N7;K41IDajwpH6Pm4z}Cbf%17K|lA$kM6*yUF{Lo+tf2HqdVklse>r?Nv(8| z@{&I-eG&DUT~0e@e%`9bf1rNQN-tx5vVPEZ7g3fQ2jPj%*J{cAHn-|bi#wkBkFlQ+iUO}NHJc+ zx806PmU}DH(y<-1i*Q`fE8E~OWmOn$|8eO$@j3XGO_Vwmd?T;;Q>VA-93Q2@r(Qh& z;+86}_KwTYfnNF~9k}%?nc4u)ZQzW_jtsuPpf(^oQgR#Gpx`fCTkU>{u(I}vnHcX+ z?Bbp0lcd%2sr%2em8OiesRt%HrKC-2T>n6|+fN22U?vKtb0X{Nu}qSDYJz-ggM91$M85S(yLO^e2A+mz{5&TGd7s8P2eO}) ze`?J{s|205MtTlflA<44CIeggz(i}@12epFTd(zMw^X}Jp?}=gX_>k^E=#`!U%ePU z1f0R-)UxJZ#(UjXWD1!D{w?bv)_$!Q>zbB9#x494e!E0|1d?UOt+Ui$4ZYuD9Gm6a zDjpa|r-gmi$~knbBOe?{X7K59S(kRTF8z)HU;{bAE_Iiq<1bYkrClbOH;~S^y>*s+ z*y8jpN!rl|1%DJ7;JXM|J@Kzhm;9-|MmkaLiu3+VpHG@w0vsp$t5efUu8?&~py?&!u1ggY_QKYRW=Cf?kQMU!yHvqrPDkYv(FI?a-{9 zZz`~jze9Uv8lO{lxpX4$#k7wG$-MNh+7$Y&E})G$n6%Ns-hCPIs95}??y9i!ldYt| z{?T|>XE|x_S)v#$-soOd}ZF^rc zX9}X*{q=U%@C==q8J6`J{aFvRZiUV*(30P`#n2h7O*BxJBGxnN?maVI^9;IF?F?B? z-B+F|roELAR=c)5Q|5g$Q+6h_@|}V<`cu1%bQ69#K2t8)588IgBWGum8!Jrvejo8= z8z*KaZv1v;BIW$z+IXg(HuoWLlzshenG$b(R(;z46Z(jfhf7$C@%6XhV|##so`TMa8O8_4uYLwy`wTkP^Y!;a^1D&_ zh!*;+O4>ykx+%4TvfmfYGPX*a@+%+sAsv+r^P~L5gi(I4Y&CTAUi|elGsWJ+nG$$0 z;Xe9N@Xu0tc+OTH`Me;04rxlj$9XKCVCD)2de2@BZg8Ft9VNh>C*0sE3CbJRK@ss2 zNGq5Nh)W4(HFd)?wVDn>`E`{$swdS0wiUjQ*e#@Ezm-$6_AG<{s?|}G|CLHloM?H! z;6;z}4C;?GChls5-$(tgF7`@fx3%OBUrm2!?meL{3ssl0MJ2D2Q_58H5;E5r%O;i=Hr6tK_-L` zzk{pPw*_qyd(jS=XPQK3yzOmucm-9V6_@=$4XYoBH_@>R7@5#Y;0pGKU zuh;h-7r5w~<<|@)m;cRC*5NYEE_WR{7U9O{fbRnJxjYlnV>}DF|48X{4-)p`@(&Lr zmwzO*dCVMu&+8NV$$P}LS*QPz${O+qd!Uo^H#+dg{MzQq^m5h}m(QG>%WW*!^o)OYrCLU};7?iBjx}N8!T*@l5oY5_ht?R{wGEj1$~i=;&y)$|zUk1CeiS5#M?-tvJ$oj z8dh!MUO4aJtYr4Rdy;8vZO`KSgWxOWc@<%i;QJkl=RFRHL!K7jad2F?X`EFCdw+4`$uIpWqTL-m*|`P>seDsQs?R`v2n7N_f=bV%ayVv3=CoL{_PJ;!LR9IHwOGW zu(x@)Qt0n-&lYD>yid58zFF_go#v-}7i+=)AA9c~A61p*i=KocL<~^2sHI?gfFMBPKCQezY8dsGwKlZDGSUC%BUj;mDen*6EB#>!>A?@d^O*&l zNgI8i_5<|bbAhMlrB5y4J#0i3`#t(rHGMhL_w8Oh?Zai(55$<<@z*%Ziubur`55n9 z#(fasWQ5fStH?L%wFx+<1K$jk4Z`kRLAP=8 zyMlKmegYiVes@YQ*4boD^XyYto1uSW$2OmB#j~iKXBIj>u5QIUQ(Gq=#`(L0)vZ%V z`}cL-$kr*4-xJ~a+kiP6znJS!yq-gQ-U2-HaltNCei(2!{n7MycouK&U#=YDcL!y@ z$+PPR1BE!+;d-=t=-`cohjz^z;`2UOcWa$IU}*bosqu~Qd<5n=RrHD8k6QhJJ^#T$ z(Be6F%va^CJKtg654<1Ox|{GU2%mp<^3PKar5}73ds$j{2X-0X9m6^b&aaLf!h7X@ zudV>w^lAy~Q!N~W2k<^yt|1=cdS#&iL(I9S>p-7yF7O|AP^Sj4AeJv69ev#3<#Snk z`_bR>&$}#xZ+*!-q8D+E8P5)X9p&NQL|bvb?d_Zg)3c@U2Q0-$=w+xf}EHobprpZRrB)`4ssz-$TEWw7}aDhW0s5 z^bfR&zz*d3n(eW_)%DiwKZRD_ zN6Q6{Z~17|kQQhl{U2^IG;&P)G#YFt>L%-Q5NkG~N02)8hOxGAH<6?0m?>kL(3j$3(n&YTv=ECjp5^}5RU-Td_* zxcNy~n}mM-{qZ8?2tGsy^UrDDf<2~h1l!>CKY9PBp&j~l=z`|;piR0pp!>4Y9hL7_ z|M?2{2I^C}u48n#Q*}7z*Q=S>r}&wb9eBN(&;CQN@clp5=kNa``?a4>J}3Ws@RvuN z{G=xUf%De#oIGW6h-t8|=ubGyndfuU0r=XO>wgF99S+ZN`QPnOFmk{*NYNi5bN0uN z(H{@utW&NdMoM{u0u0|2AcW_cZMNctK&)cd^&@?J0$Iu=}C+7Zlc!&L3ef?t=w|^&c)M zw2Uk$Y=nPu{RzD580(PVAnpCID|l}r?Ba*t#53@@L(UIdcEfjs|5$m*{b38nrb>*7 zl^?s2zEV7pmmzZ~ z%)i98BY%1!09%DU%EL<{6^E8!ebRw#Ekv$^ZT;jho`(V+`f_-ayIVor#0&hh^ZT4@ zr{ep-2c|@>%kOLDbL78(-Szej_`JlSsgA>ENOs{F693v1?Kb6!`h;-yAhat~Xn-B7 z;J5-izi2Mzo4c#Q2iCFBW>vev1LG{S+jRoFuW&2!|Mu0N!A4$1-N-+uO|R`HmCLHSo?6JRG0*wBs}Lag?)Q3-m{+n1MyMuZQ>z5#}LA^W+BLD3iNh>&x16gf8u^<7s?|1 zJL+8({d>HJ!dI-s{-&glk?Fl z^7IL0`-c~m?H8!8lr7fJaRvdh1uS^4d3jU*y1&9%1lFR zq7QM%{8S&F+s{9*GCy}?#QAfag~7Sp!2aJsd$sfj2>%y&FUNkfFZR@XP9@vJocqE1 z_1wbarT-J}?Q}xnJnewyA&qBe&oGTT3LSFgIU?}L=ZMfhCOxC=G5a9ix3PD(==-(# z??h_Q2Z9(UD!zA_GmZ1f#yr~6DY(x-ZvHg%S9dS^7t{0Kai*c(m$4kyWcY4{pO6Oh zb29XV&)LI{;==tNz{}c;n-^PfXe#0zJ`yJ0#je_@z!=Q1vj?X#{fyU4UG>nX{lSOSz}8Z$-RMt#H}5`Hgbt z2zcM^_6JZeKKB#K|C!7Ff#(^uE|5zVX;Mbu`Tsi%dXzPvy|=iyPRF*ub1oskUq-pI z->ZF!Tn3rrT^z06JJ(r`Yhx41L-O2+jQ{WxMquMZd#d=3fY#9ewX!vI=r^Eqh5WUk zBmUK%O4!!toX`r;U>@;)Ay*3 z!+XOg&n!si9>8DLSBd(33j7~cMr3_@ zm+MSDQr$oG3E1Z&by)kwWGw&Ot9;JplP4<6_@P_eM-lv_yQk34cQN^O;}bkg-8p$T;TdJp6hOPt^@ANQLX`SlaYt_ zbILoas*tvbX)iwMx=cgdr|2;7Wu!SM6Gr(p=uHDrn&)wg!3%(@ljP(gQH)*AK=_tfjU16H1SSdd|w9rk+LBi*7{}=hB7z^c<>Np956Ek9x!OT$-8_o zyw5)$skjO0fUP_@&7E^_u}dGPl4T&*EBmV8pP^o?6YEBPPXCH^A`X^^UlV5e!=^sF zu*RN;JgX=Z@CSL4&Q#Fj+4L#oe>d9Vi3*HG)uobG4)Y%NG05^GmV+$uJt5bHZ+XLW zHIa(voctBUAv6OK;rWQ+xzFuKI}~unPupQX+5z9Xzu~(xBD&{tHe$XNA@iBt1Htrd)6c=VaMpP};!_ZQ4dG;jk3r__i#0r#^(}!Zq!6!u2|OQO*9sjNN;LxZ;JtYV zX`I8a=RMlEYi{0o0yI+4iK*a!39d7LsQj$Yt+%%tzecj#y%@IJGC zD5+Bg-6*ktpN76u*BNJ9&tzW%KZIilJA}QrA@0viJ_uN**>e6eroZgN{HfwF%NBlC zsy1aIFZz?7UjmzY#S>RWUD!Y8(7OJLJo-4=SbSmT-3Y#D6DTv3n+f?|l;^%lY>!AK z?9#{N4SZs4-F49a1GJUw6Yy;+k1R3%bsP4L zZ$X6bHlj?wa>#{#;(iy?*ynLh<)EvwCm)nK((WMs66=mjqZ_2A50JdsZ^{YQ%{n19`8Q(V^3P9(+CV9AL9>;CuU5$Ey zr$PtvruEHmE041r+MMY~n~eRW;Q!iKV14j@OBdg?l>2IYQ}YJmG3A{`*yBH0F@$&H zpug)kg!tWxAmxm`u&crA%ba(hUe#Pg$CwTI z)93uXOIX4`2Sd0^4so`iHyAji7y6`R>uGZ`~A`y2sVI z7x7av{K-w2YkVQXck#)bkuta_juqe$IKGATPvZFF6%Nj6`XjB}gUrzqx#*5?NoGAai%P|D!ja{^jTk#hK=i2?P4xU*pNIK>6-5Xjf=zr4p zv@(Z0@eX8X2Ko=|PAlg34&NJrbyBPY6fnPO9lK6SILaMmD(%^Fu?6rCp=Wqr)y289 z@BTIALs-;*0msjmpXi_U(w+J1p2+u4!g>k!2A!*62MtV!FtCHuet&V{hWzvS5Ok*M zFP@Lg%H!-M(yPC@e5iu){q4?m&wLYW9jl#6!ZQ7@mlrBtzQU=%m~#E^*C8#8G`#!o z38bMu*XQ@-Ct)o93GwFtvn%>|ZWZ(qd!5v;KR)A3qdr>Qp)OJ`m^1y|Ui8m%=$C|} z-d_4$lE5ViT#~>g30#uEB?(-Tz$FR%`Vt75qK{q##iOof*!)LXAcAWE*AT8fxSqmg ze!UUB>CKz4U&9s+_}9e+&rg0chD`W#4afhT@pD&_W|;gLKMx|F!4<|8!Ij5_7r&U_ z^m7rpn|>~D!hQ{137l#K5nQ)x)cLjOm+-qN{c7Q5`Z-c^oayJPG;}2p`gh=#mq?;C z_#a=ubpY3q(%`f_UzmjZAzUM+!9T4o4Fp@9xlH@hI$TY-)=AntNoz$sgDWp(Yb9+j z;`?#+3*3B31HL~!hYL7CBf_*oH7?*RL`s8~k5D4G--N3d*B(g&m$-j{tRe(|fYbXS zhQH1aJZ%b~An=_t;+$CmTs ziy*sSyQy#bA8Jq*h@a>3zj}`>P!TQ*cGRm8{Ywjn+0hRINpzw)<;pfJ&dMu7f z1_#5>jbqJN9OS`XpBu*)6-O%q%3`_+ryz83<#7>b#9R}}BXt8ZA=3;3;+SE=UkQhc zLcozn@N503A1x>e9D9B(1S|_2EDRile+iEF703R6366hO9R2?i94uQJ_==0GzcjF^ zwKVWm#J^f74SX$9`rh=T8+y8y#oW$ltRvZ#$hy()gxi(Qx!ImfCf%J&#ND>-?tPg= z*By7?x53?>$kn^;-HF6w$*#@QraCMf|8)yL(A5#`il;zgZEq}*$tBZWZn)Q(HnnB7 zdmHcEd+pt{sT*?XOa?^VL~kP2Ls*b64Sc<(G>|-lFpjGa7wWa871uIcDO`JS4V4B` z^`(K{Jgyd87;93;agCG)Isw-SxX!0>9W4!X)!+)@0(=+7pRNPA&Xoqzb+}MAy%*Pu zxcYGo;{uM%OkBv%tic7^8PLfTZ~^AgATE@9v;!AtJj%48(m=O^%f%JJ)ru>R3%I-c zah)j*WWh%^jB6b(MsraF3LUjqSen)^Gi894j(?e!$~2&qX`STO*1Z~o@r|7~f;lo|i#=+UFS&F$^&&7qy4RX48+hcoAf z9*;d9i)}vLA9}O-op+kw4CRMLMn{J7PUZBKqbsLZ0_)CDXlHW>#oF7QcIWXo-~8QK zvt~IfqrlYs#18VibLUQh16WDmLm?-GAL3xEX0!%@6K)-C4HLS*zkd`#ZF{M`79k3N zTQV--xRW1i11wIv069)7HHv>JC$zG)xoQUx9zGfhw;y(zQcYV=9o-6gg50SIg~Q=c zjf1NO_m0!vTxxCyO0WZj2Dt$5G%@BmRRC`7$HIT=@QK5zCMVP+HGuT1W{2BH88%m; z9cDMDj*ixR(HZUUKhJnmYyWw+&*)*H%+}(6hC8cjdIdM}n=4E@p&B}PAdmm8h=DTT zYoxwA4!`x*Tm8M{V-yYVoNsU6(cXR@%?Y`oJx5Y#ht!BO+SbwA(Kf1K>p98)$MzKt z%1Aj#55H#Tix2~v-8tQ!>P@wucFwi7wzi=@hu?$x0RQ3BAHMaE2*EFYJA_^<@Jak1 zcT6XJmTPVYqoBWY=hpIdb5#w6zPnQ_U`~+ts~^u zakd^kx}#=fs5P~<9sGuzCgHQnsj8|1FGH;qz-dV(UygHj^u&o12u}e&6@)dWIwQV= z2nF945#Or#clPh7I`4$T=fmOUvjGP-gbx%${h^Rje}ohO=ziDv!gChT)J2!y1B4fB(*!rX9N! zo-IoGgiZN&Baa=sn!rFa(wWfg90pk^4D=1~2t(n~{t@Y*J3~89?sQf{-H#sqM~8SR zAJr7a%Xn`e8Qls!R(U|9q~63!xkwyv=zicY6lzMv&$U9I(Ig-c3XL2+`tjla_waw8 zJ}cB5I++1|tq*L5@W=X-PRQVgyx3rr8#UKyPNi0|A2p>w49!Q&6OOH>ap?SX%xf=;F zT#ny|xP*{|HvPjYrrRIc_)sDrR*eFfw+tbH&^>F!dh#U(HHnu-uz( z?sQ=98MgL+G2FVdHT*^G{?LC1CKdlsPYxG5(NAEW5sKMHIDOVE($OCoAP}Vlg=AkA zJwy~g6&^xHX29B=O*PL>QC5ie0wL5Dzh?a8M*frrU&egLAVI0NVJ-(0fe|4rb@Fw#95@p{^DeRku{+p-+`FV4%(mN$$L41dn{}JFRhaa^d ztSb$?vk4*aynO)SCWJ@I(vv&Rxn$C3(m99XZ+Z}ac$pvPm;6n4@yD0WIU|45!}#M% zm&8kdWIjqUOh1P|6UoONn{MSV%U?ctD}R{``_iraotCk90*K156@Pv3oI}emgTKCX zllnhTP#P%BE)D(-`ra>3Av}i=eT;o@6n24qXq0`Yt~6LN6CwK0FJT}4Lm05=TmI`m zL`sAI%^91<{Qssalou80oXEV|`M-1HO?3+&StRS03VGRYeP!+a8^8L%-S@Tp?!WOB zzJ0@*JMUWe8^5`J#oQg!%IRO*wEDO2xc8psl^k&F&$Tz77A|ePdD$(?Z*BTgxZyTG z{YSSYx^vrmlIhHY5BthTv+?%L9bey)`tpK@eDojdjcsk~>a1V9#0Tr@y~uO$nrB6x zgV#JQc5v{zmnKdR(bn~r2CsqK`yo%*#lhN#6n0*X;+PA22^&5*2kEfggL4pvJsh0N zHrkD_fU+TkeF*Cic90W<>k)4%4K8ZNg?6kTQVyBdA1Mv4g`K|(Fn6UC{x0C^UsoF3 zh<5xM_&qm52P9cr?1-ze0zFmG56Z{n54*6A1@MHdG z=$V7%`%nK(K$l5DlRg1iNebGGu%}A5-?4hlTBzyW(9?VFy|3lB?%%NSf#3ehrmudD z@+-qd+hXwq)F}yl>g-Bq9_`NNdbV!s-ToNiHg+Vl?&_8YTm)kmg~ludEuKnX{1RQU zbUe|J?8<38hE=6RLkbH^4cX*l2`AH?&QPZ{7yhl}cM%}#E1%7EW2J}q6d)7rPUg0w zU$wO-Qz?eAbcS)0-LXBJj75>5^cOkZ36^%8&S-YaBi)Iu62YHbZhMsX*%+3vx*TUq zVtZRU+8wv~tJ7WW$<008QCW+MC$=VI2{##c=L>gO4BeXO&T^S*zPIQl*>NL)yHWqn z3`)195^iiFWClTb5lu?kF58~$iZ>`(VW}q6xmag=+F1z67*4@1Z ztSl^Jo1=_$q7~SIY(X?(c7;2?*VfbRMU?<*@x?MdZe1qZ?aoj2UWg5N65IT2Im%+0 zFO(P5COx-3qx=G8L$WiIN^~Z=aw1gafayjOk}w{|=4GOrjpk^%_;`iVWXGg?ie%!^ zY&IQBg6>wR4?&?NV-?brH|bt^6ThIm(Z{kvoAM^zD{tZ#lVy$1RhZtV464L0&AHx|T(s^7-Wv~AC+-RS92!DOOc$=C`p zRf(>2&*ly{V{C)lndnS+Z+Fpm!4j6Yw`X&SPHVU>EVnh;o$HCFKE0UJa{t>TG;|=L{#6A3OJQ<^HiGme$3H;5ZVJ$5m8(MC^e|1)SihGOWYlkcxz#E3mt;)RZM_?BZsff4!g~9Fk-sq-&!k~;H{9&rMTRzT zZ3I7){>X-#C3&ozmWJKBrS2y8<}Zc6cFQfIuS#cWSY+OK^KzB$MD&-2iGPgT8!v{h z(c){=T2F+p(T7h|(_J18k7v&>2LWmT5c#aX6qdU<$U+~#k*yME(68&pt)_u?B=4)>?C+4}o8E^jmf^WwrC z4guV~vHlL|v57kOtggT3-lbur5S!zCC6UY}w$y*6$#8Jj{q^hD-ghrmM}8)5S`~Ih zd$S|sWhNTi0);2w64PxPOun%bp4$;c=i8cSFeTDreKP(XEMi1ITRdj&?S%11H>-*-Un^_VLJP!qEmd zaM*MO_M-R%j;@q}%f*v$W1P*29BdHiVz593a^h?wJ)4VT2v9rkOBTBy?cVH-1I+7A zWE*g$QxFhLSu_hN(3~?5wwvyP1MjVi!whcam(&fsmA>(yL6cmJ92pn#>fGLtO{8c9 z@gtu|@Y*A5JTIj6z=S#og{^G7E?hr9j{gf+%!fsge%T(+ZA&Yj_IRE2S37W}5*nZS z8$F$}NeIF|^NNwDsn^8-<%)t;#_&J}&dT%tF(f`##09qn3>1LkPlU7zgg>2*7Bo9H&Vj&m|EhSe-i3nQIpT&oTBZe_EW!P}; zO!suzd*Uzq!>USfBD>SMbS#~sBo;bu9jn})if+zo0t?~iwml}I)EMF#b z(l|XC7amfyGY9wEjpl$WC32o0Ub=jJuiJnI=8dhsL(p{QHq#oINA%_%fk}8|%WY69 zG)Fn6Mbh2L&B-nd_i*1ku_p~_btP7~bLVI03V@NZKiAKOjQ5;H+>?ad(5mdF^u5`< z^aZ-(%0Ij^X+%xCO*<8Y0Nz9tw!A766&5*TiwfM`U4X#6gt_X{)f>a4Gm*QZ-EGv= zXgdfJ>b7PYjg@1egzjzg*Y|jGGx|EFo|yXO(rM^!*XA#~x$YkLusjujnqd+o9@tdO zqeRcgl&iDZ3(JB`x3|MHWxKf1c)VL~$e3-Z_0Sf|Pw_z&U8%0WKWLWWIK4%0w7<|g z8F3qf1&i3NwNY5xx*O(iY&zl4 zatxeQGMD36u-%N@U1pr{&aIT)ZZWa0HC!uP{^r~HyX(dhsT4I*GJNUKpJWuP6qrT> zUIs(Z1w7{a7&W;lU#I|I6Iu$<#B54BGg}vC!aaMjDplo_H zn=`4v6E-H!){AxLZ?(Y+{Z+$IM-&UqY5@AV8HBOkA@FO;vk;6_SmQ{;&|~tqZG}uw zINIDMV z9eO(?*DSC$e-f z)Z(Ew*5+Azr-bKct;O>BBgV;f>8`lh#AdGSxOL)^hI_euMB)>`$D_IEuL3_FrPP@G zvB^?BcH~h(_O84zma%RM zGwqu4_Ngi&-#=X0^+Om{t?Af# z8P<>NLa2E8s2{p8#MF?(vTZ|K0=}A-^QSXKm!uxC!y(pPv`Ua0t3Y`s+j`m^EdLT+ z7hHZpG;Y{(JjJBP4|)>=<-%Fp{ChHw=5u|m)1QvKmM@W(130j ze^|PRV7Q|@y#+qY+VyveV@_8*!Lj8ISOE6*M7Itqzpcy8-UuU3vP(tKB*JT9@zpRa zs@xO3Sa}kUO8fw#ccrV+#KG-jh0-yf^`GBUFBztOzJ5#|y;+FP1IkHshSj&zu~g?L zo*g5g&x%cGA3WS7jR_;Gzd~vQhaAgfI=40~K%n>BzUh&5Yj0n(_WliJd2TTF2(G8k z9A4bs`Rb>#(ef%h@BzjtS~Ks%(yEEuPqe~MaH!!ji z0xv5EFU@l(eSFx8mQjIDER}#SR4!oSu4Tz!B0qlnsH36dK!1|$+ub{FzkB`KHEx}> z1$aRv+^rbA;lp6SjB5&|3Hi%X?&r02fd9OpY+mfscuSw$TJq*;sy8}XQfYKtD(g-i zy=__&uCu^4_(#_W@RrACQEc>ai^9yMxCGoC?ZVW^nk(^<((R!1$Y)tG_|IG6Npoms zCGh)ndTx$>cL}0;L)B0R%s_Kad^?#rIZxb zPSyeIuoKdbRT>$QP|n61lu;e1{OM9bGk(qQQ9Qcu*f0;g^>lV+%|2wqJdEOEK@xDP z35h8Mhc1K|iKy>zf;F9SYJHEuV_59Ox<$_J5QSkd;hA}fi#CGaVjhbZIP2yqb#(KIrx~I0w3YLH1W%n>Hk#rL+ zjB;kZxI1T7DU}=U*MK7DqC}3Lz|n9kacBM=_uaP<>1A=2IVZfY-ZY(LPb%&=SA?_E zv#zb^EL_*gVG@NcDV_aIb#C?j2rqDGZ>~7&cCxlhPX_KZ{1>9};M_!aH!4o)#bC|r z-N&N(#6$*ADgwnv_Qs%dxNwt(Pi6cfZ@qwi8;%EXsapuscOX6NuP3p8#_naR;P)nB zmwUP-3v<5D)2vP^(GE3_c4JY&+xsV-p7yM4Pd1o#@X6UDK{)h~HZrE`;O%DiZ}b~A zu&PMC_eGudo>Y0w4<3LUjp0F*j7U#=nS0xO4D$JK)crjSBkid~7-p%Q88x&PB zu?6O5mx!w%{2&g0w9FjhOYFis?)h7iM8m*#(3!v@gX~Yx_vJnXY`w`}l5JCSpmJzv z=OGN)GuHBwzXU5lol!;WFQ@7F%dC6T*1SWF#CMfd47e2W9{L~dhC6y>D8od*0c%Am zn3T<^Bc|;zJkpD}in?+2CanLX`gX;7tbbqL6KITMW!L)pJZoVZXe-g#MGNqSRa@CQ zqCWcfEjTXZV!aJYOe^j-im}hSi`=C$OY|+|m$9Oy$8H6QWLls{UNy5RC)593 zDp7eKWE`91b3PaDST7lDvWwavH2YoLOKHf)vPp|So{)1n7o^WKiq#;?URY;i z2e%Ovwm2AK1|^;haXxVGZ{B;~SMD97M~Q64Q!u~YY5Ecb(jQ}68u0uW+?cM|_6f=p zZb>#C(H5VdoiFy@?gxdyG(zs9NK}V5fUHQt5a_Js@%X64_V`=bSiWqQSv%f?W>S z40nEp5uE%{`~R2@AHqL7d}q2x#ymdh*AQ(mdz)5D&|jvvU6?NNTk=>I(wC*UG4T~q zXKcKU=dRkw=L21d&bCCHbCh*=Zdl~3<%orJZ#;p$FRv@I_>S>8t>)IwdLOfgP|6%-w$IPe$yTcVk7(hFEW2+9s z2JC7Uj;ibwMspIMkF68b3yVbJIn2+N4}VSl74Y~=;WR&&Y*q>@Ji~Yyt_nN%y$@q1 zpZ%0vN6x1Pa9?TjmoAn~e3q-kHOZzM_)Ebh30#uEB?(-Tz$FP>lE5ViT#~>g30#uE zB?(-Tz$FR%50gM$7CS51g}(=ac}uhon?MV{<>X6)12ssitc#}?_8}kf*@#c6TZIJ8 zuSdKZM_JREg-?nPhB>$={Fol{{2!;{AxvY-EDM4( zdp>&c#W?rrv`ifF8zer5avS7wm5Y;n0FXFHJ99KX$H;N;X{60v^bN{z@CDq@YtZ|b za9?|q-uL5ve$P!p^C<3b?Ce>BN8SYINyHaK+p@NvXArOJN^Hh{iR6zUz7YFXCcnsa zi<_|7WaA;k7p1V|(w-xHu@3S2?sB{d@rIQvqZWQ0;)`*}!p1itz9cPjDt6#L+?(#U zd943Z-CPvhtbb#C5$jQ8y>E^;$bA9#%Q~fg#TRjZOHb!b7RLd^mq$bn#Ur@CH72qz z9>;ytHoYIh{g+aDe-`&E<|zCK?!UZf4rv?<;J!Jg_iX#yw&^`}e`QMVS@%`9N!eq| za35Kz_YvIR-mLd*|2uj_7ml&+t9zOSKihsyHWM*?AIl)VwiEh|N|Syb@jJQkYT|nk zzpIWLpwh>V6%b!nhjW9gG`=74yBXI$d8{At-!S`#Mt6=4AniB#%$&hFjQD!S=ZHQY z`vCEK;^{Ulx5qkm3m?Y=NV_+lUZsh@Pu`A)kak}Wb~3OaisPx2pl_ z8l?YLIXz|JA42;5zH|$pL;41+A4inW<3QtVOs2Ql__K&VkW8m+{6)ln8}M@s{40om z1@Jb06!A@fxA9Yme>ExXbNnpszxH*#XZt_MGe3&wwE*G|VQY<>P(7Qa?yt>6+QYTU zu2`xko=_RRMm_kQTC=FmZBZ}`Ilb15^hfHXF!lMhjfl5u9M8SAFZ=_ni9F5==Z^(d>N0~D!2580T)32i|^mWPrJiHFv#gnA1XRg@>ue*e2 zzIjZ=;CY>Lm|QB}g!csu1jn4&{$JScuTvjHF5E>-WgBqbkL~g~hQ58mK-Kt5ajc|4nx6McPydVu_6BU*>!qVx4y_UUpS>-olBi#t}&KKI7{az14s z`7Y}rR$K8882Ttr8pLDUoAP11k540>fnXQT1@Ixb&0Un+8%9@%gL?7?Lg5)YA~-UL z?_;@b!rS-QFHF5epFm6aL%G+^nfrRerxZSA_;d`P2ruAsT$;sq0_k$!M10LM4u8+s z3bs>mFVpLC*0=rM*|JOq4}hM?91rltw~Nf)tS;vZ?|4rK;Rb>PS*b7_57@3oo<+hy zmIFb&Y9SF#QAgiguQ0E@qPk9%mJDwkCex`3B%J3il@D%JR%h(7rHl?^qn9 zM_%4|iLhO8$F=Xj`I5p71o6y!vOC?yt@Tw;N?&^O6!IpQ22Z(K1~#Y+V(iJA92Zfa zfnnH|5#>XlgXD8zis#g9g<-o7e1L18)}Q>a?qV-QmUYQ?&Lhw_PDKn}&^{hkzFGc6 zMlY>LU9Kb1weShToBnWW4SC3QW^hOcf5cy=-8r=n_yQbfygV31!`~svJNBE?v9sKh zX|NDdZb7A?;-QF6hPgTb0)L9i#!*#bry; zYFm8&sFtB@zaN)+V3^Rnw~!_6Ph7JnZl^(%({`zo^XEF3EDgS8^a6b>x;dKc^3sj% zLprwXlPNFV=sVK4;UTYtmkw7;cnH?v>>p02FGNBf_zS*tRmwPABN>O@I-q%?Q$g(; z)J^K6(Jh=HkOz8|XX-oT_ttSOXXW?SL%uqr-NBnJr@XTq^z#QbT8=V*>q$eyC;zw5 zekxmAoUE#T{$P!k<@hn!g7Tm_h>Ptm7kH-5c{)>z`~a?Hnl60|anc~%amsxr${t6Y zI1k_gUg{2cgHDu6&$2F3^>4A>KgcT&7q7Q8;kQ`Vp@70lUBRQslXab~_dn>fbrlh5 z8TKdI5x`9(pK=*#df{m(K8~k-K3b?J=}P;eUaXt+$u+E(stN7Jkg=0O_Z44xAFpM- z$5HaFi7ajO&?(S{Oy53l+lwn2+Fn1LseJt~q;`SrHSjd*1^%qvuzgl+-w5)N=eLD# zffvZDR63+}@arb=>Ua=Ovrqrf$c}AeX-d5#D$fBU3(BBe7E3hW1fMKlP=5X8DUSh^ z_hg8B;f7e!E5SQP=G? zFs!-?x@-%@*ITCh_KpkN&@U6qzvyIel^_vX1;rulQv=$-BmKmI9D*^OKcS9q4=WsH zMHz71#2a(GarZ~Qe$M_yIsz9#xtZD?Zv`Mr+T<3r?^!FKwAkk#)hmAXQ`;{^PW#IB zVm}xDU6dU#xNvXjiESWX>2{INk5Y=0eVn-7!bSQ9t~Y7sF+b`zaF91~q5sPq@JDBm z&ba`dQMB`4ib2w*v}Ng24pZj|Qyq)qXtB&chigsRG@hPrPbA`Mmxr57`qW&HU85Ve zZM_V1QP+Xs&E9(7a2)UzkYfbthb|1!K77VQ{Hx)-fkoR4?p8c@op1O>&7%%!{TjVB zyx}97M;XZl8C#v>_%#r0Txr*$hK&wLel6g@vsaEX4mNhLWZ!~ZejGG-eL6e{JrH=- z6|i=l=f}+#!VdKLaE~b`%XU)dA9rXu>Y4BYoznU(mG!Y77fgN_`3FdIsjQX#xZjt4 zNO)2BlO`SVR`^DRKj%vqc(|t|QSEiT%3@|x5BdrZp3burY;;ZJ{{FqFHpQmnz4ps?F6mBm(muUo+E`@Q0@>kuhwamW>pbouYw9EU zAg`7N-|2cmdJudv9rCv!=E!9}z`CtF=}-rY=t~y2&}QG-r)l3ir!?5!LKpQC`*lcZ zkiOV5(EHI@g;o8$iB%UJe#ht*aTi}vn0G#)d~T99JY#g>4C*U$h#-rqjPbd8;g@Ak zV~ip_EejCSo@WXQa|S#s?Iki-K6A*IF7#5{vKee|m^MD+(*v##K(j@!MRyT*f{3pN zPG278vTb892>{s2$tn&`Lj4|T=__q`Plo}IR0rM)SBHVe-1XyjGKkx@lf4y2$AC zPj_hEPwSC)K;&D_GxhrEI-8d&=e=ag#cf_!Id8z^L6;O~EV^_NlnU{mnzps;X3!fi z?`*Y}llloSsd8Se=1Kh|udAFFF?pEBGM$h&X1b6S>NhCBann4M0Pb6XYngAp5d^N| zr~}|+ey~sD1HoF+p`U>q#}e9pj=yYop@DM4M|BNOa6=Y91O9i{11^XSC8K9Qds54D zt&Vh6PHEZO`I%||*N6RiZK-J27U?fPGdeH~yt-zKHw&2k0{N01_!6B1UmOEzr?aN5 z&($hjks0exIe~ZDQQjY`*Y(|jI4rF6CAITj`85-iN4bA`)|77oZM2=Q{8;*EO3G~v zeU=9;p?^VndC!DAn9FtSbJT$VE-_fLpCe$F`Syc_ar!PTqb&mnu!SElVP4KhwS z+c}qw4?cu^T%3mu_0VHkoJuz9>M#fmK%cyZ7Do}7wV6P+g1MFtRa5v zBjTYHJf0(aDnDocVI2aPD>Buz)z42#`ixSEU#r3^h_g9`r~L!`{F(A>CJO9ECn^oT zUyXFgf%?dP@bgnz-}gaN^s5g%1i{lGT;NmE0Ly+V{mG;a9zfX-Onwj#Z=~=LDc-Rv zFRs9L)|Nj89ny1^9?O!3*aR2s!cSnD;A}DSKq%`k;LBTo=}`jX!JPiyGqgPzQ@ehQiOYM#G7l&#o7@F;c4D2%Ny^T;pTjOD~91Wn39@(?o5 z-&O*LG{IY~`TlaYZN>hOKk!XhmJ@sBuU`=P$F=>eE%fkypye_VEc=6%+iezXkb=wmv` zHu`@br8FLxJ}=p3#_*5m_rVTVI4ixgS0B-aAkCSg_&68*XdmLR%OCOnX>D`NN%Sdk zW9vUUpfJN7ko_TCwYZ=YqEo>P-$Ib%gRQL7N2dS_-YT3fyed?)m_9=LPo4uN(cm6& znTD$xYxc1Y%{1o}Mw(0>p2y^CNfaBL6XM&5Jn%h&HXR{91Es-#j^iGELF|#?i*+2y z_+U3_9SKiZ>MZLrV$!XjNt|bnXu9IV6QpJxYvftOR}~+v=G;QZxRJ9;hjO9q;F>!1 zjk-V@)Cb1dZ^S=ZWAqqxpg(W*&eK<>&(u`$We+eo6C33Mxy_I?23_n5mJs*!VC%`ihTrBzLX~WSsF31PJ_$Hd{i+lAzza-yQuXT@naUJQL zf5C^xw4c!V+<4?!bLp?=&nYfh7l$mkh9PxEpSF7+zic-2`c(G_>)DwI@_t2`kp|Yu zVlkr|zic)5L0@EZy9vJrAL${}u8@c1p^j`9tP5nk^8Mq=M-A*_7by?^2ZDULO_J}p zka2AkDA+dECU|2r=+U>fYde&UXFq47OkkXk6;xQS|L-TQn4B3NU86LHH=428jL9)$ z!$(cKGGE8}x|rS589idkHruio6JmN6Zgkk>ffpI`gOVq9uY@et%hPYju>?5jqaTpB zdEERGT_{O?SYRGrK%#c2v<}e#(^BoxMn2TOTkKQmAtV7W;fbx*DHy1{u(&Oj9K7Q_Rw9m`7&;a&PX3DR_;(5)Pr9}lvi)8qa4w;1N%@Ga+7ql zLlOPl%8PBU?TURPEQ!h4Wb!^_@PaPsldjS>=T_^{*8w-l)NxFn`q0Hmt%}3y7I~!1 z39IAwg9h2dJQG-)Wb5LBelv9XjHQWJbmcPXF4`Buy{LF?+ep2dz$fsto?Ne$w9o{y z^VLOUuuNcz0nn2+ond4X#LjO5s*YEduyeYOwmaK?^hLl1=h+W0&=wRY(Qgu4Xp_Yj z76Tp1E83wLfQ?gM$tx=_^~G7eVj!<@Cw2oj>fyB&*H-6ya-;B~Q4 zIn!GVoK$$JYC6kv4&CkS7`Avjh<%;vJcyX>dTUVTHWMuSC z>M^EoMU?;X{Y&bq{jN9}_4WFSi?gYa1@%|b5Es}Q$jHJW-#fbqUNIl%Ij7>}^H%i~Cgt@Qv;xxtHCp5Qk*ix{0GUz!%r~3Fi}3A$G|gww6lci zFT>FPq`yUfs*F$G|1bTldRSm(??%>MgOWEF=Lw6K1vQVdDWA$+|WAZ5$s5F=r`? zQ)eqId6Blh4CPu3Uv;J8ROp2_?%-ZvT*W8%Q+)U6%cO(zL-W}8r>+y+#i@WNexvL7 z{EF(~)O};~DJ!wp1DaFM1LqF%-6Jx)TxBw7`Tp@fz%BFh-80WT3tGJVq>p#V zjWVV`=ka|;@tVEqVogBdVZ#i~x}L>6+mCwHm~jfc7Hg_;HL>hsk!4Mb*5h*2!|Ey4 znHEzXH7U)j$p|e?+ilV|`r#LIK3J@IR(W8Zh)?z)`q0)7nf9CsJgoB}^atpT?GLo0 zqzySOHuJ+`&4Dtm8qoUHaV?IMr)fqmR^}Z0PZYo_>clkF+r=FMyIyIIfjx8qtmxJ> zZGY`E%{oqSKN9UEb(i|Mz_(KK*#Esb1L{s#jyaTt%ry-i8C!;|O_1I!HgKBJ9r90I z;2e>m^wZl-=wDx$Y0}t-K|^F+=PUCi)V;;DOAs)%$QxF_TIMO_J*;I#_WN)T+N=XZ zZ|@Fexo$+CU1(Gze%$)!E3t6hmgqLV_4Jv*3EO4YB)qv_4rPF!W0aA7aeBx%e=#`8 z*I)~-HMpQt%w|_{#;P;csd9f z366s%Fmoms^$G$%WsbbpK#z5#e5D>aq#Kws zL*m=$9LlC0DW{1~Og@;0amwq@0Yi&xWzT|Ei~0)|?`P76Ogx{X2KXTlDGR&i?IHJ@ z`We3D9Mep|;W>7`5S{b6nK|%<@rwFq+YCNrv66MxwFSl9r~R0H{;B~(%j@&_Xav7s zg!dWaMZ$~yecrP#!@8Fvw!c>Qc7)%&wmJ8pj*UPL!SX!Gv-RMG@*oWNgKRm%)32a@ z@Sby);z^y~@HtoYdsc`Kc$NBevTk_QlfV~NIDLk4g?`1yjNw;jR3@Z}t4Mg^ZA_Uj zOCP@4*sL*Yt>8o24}39w%(?^9_LS#f13|r)=WUVq#zUZWhHZqoB#u^f<-j=F>FOiO z6W1Yx{}#jlOIV9Q+i{J+{{n5UMP0-8lev{$cd8d3;F`GC=EZ9|RA$mHGeyTGjk4oB zQRa$4TVDNuYj#L^SvRA+J>7vG!e;o^)A%_h*{3L8^U4_hi`VoU{X(57A8Avpe}P`{ zn!M5#-2qPa4aZqX&wP4J`6LOY-|Y@X7o)z4?F zP&y&?ohkn^|7#45eHz+1KJAZRmj@51oP?H-7h6X^57afWi+#Y6fj$5?pD966OJy$?e9BxN{rcJ$j4ZA)vI%); z@E&BKF)OaNf7@|=3_W~IgarSH^sH?G?&|^u_th8T)*=>p*8d_YQv+q9#xj___b_VyBh|4uvR|;VcPq;7la?N0aD+pavk0r z^4CF&(Z`!|#kd?KUiR!}oAzU$qP!{{l-;Y(*K57x9sX)O&6?Eg4$C)oUd;Dg zxUM;ywqEL!!1Il(L_cP0|0~We_~s^PXZlW@|L7hL-m8O8VX!S`ACY>9K3pGCo}6oq zj?R|v1B)u)D@^G&JS&bj$>Ze-7*fHv*WaK^m1swf6LLlrZA2SP*)ile$hz4v@Hq7j zHXOCVhiv5BZE?2BQ|t?UO~TXvq@EMUyO6Q<{cx_ZtoPI(>GI#-4AGc$^Ax@g>T{a<^4V=dGOX0CfLIh96{-KGWUbd$^1dqBwTGBG&qj!Mn`h zMY~=U?|y^V8>{sD!0vdqQ7fBH3vvV9YrdsrXz&$q_m^woLpM#4bHy*hWL-E2>+!+a>mUuP!**qq=j&K12v zIry4Ft7dI4J~1TUZkVTXmvvL>3~if?5s_rb!#K|9g~c{!=pH_7WoyW;=DTan_gYR6`A3T~8Pd-0yQ>^*d8@FUQ8vqtksdrTg9l02bPXFmeFkYj!=YFy3&axLKy(wCu}FJI~RDed!GpZN~?5`U?!Cz--G%5h3l zoSoF4aQu`N;*Qp3%=!bh{h+LUywS<{x{FXz7_#I-c=#rSmNsu zjUL{(Ug7BDytaujZQB!O&+$gzT;<07qz72+C8~|M6CeNEhG#$d9bxSswELrwJumV% zh;ShIXpcGjU%b)yvz%ukuQ;!d`66%ZAt(7Bv*L|IKo=+#mp{vNd{_!+;=2v63j)Z4 z{Ev;GJlc~!FX_u@YuSVHXp4Ly}a|Dd@9EbHuN{EXM6WU6nL0Fe=nf$NxUI9&Wt|tG3$Q;ecoKQgpSsx$ zkrpzt4%zS9;2Y)LU5OMwyW{g+An)Rh!^Dd+mwx{fOJE*eaH(_j1)R%pUUs$rotNrI z-^4zTIWou4*U(4x`qva&7O#nkb$BO5`ED-g`Ar=Nq31knDSiU_%j?wJedxpJzmgU} zf2}ckk2KC5biQbho$7dT(~#g2TVQMe^q=2W!~wWOx6F?h)ho;eXE*DCGop5ZV+z-$ zxJEVZET^6=Mt`-i7{|xrZ&CcTIUEPQ@d*60pW~dSuE!&vIB0XkZbwiKeVnxYG{q)y zyh5Gfqp%(_pI)?I>9C(K+UUcv25ZI~H!riYaS_2-feX0D?nj$7aLk=#O`kSe_MBf) zdo6gTVQopwE|ytWlySWt6j_zaVQz*mFXFpw+7|U8kVU(aH|_~Tmc>Ocu@3QcgQtGm zW$mHbAM%Gdn(DuFKbvtcqL#^Qr z^J243Qmj8iIJ|;2t>b^gMj!wCbZmj|VCeIess^st&~BByV#5yNk%2?nsiA=Us#3B3 z9QzbcxXCld#fE-U4r7(oB~K650S9Q}JnRMffH9_c6LsNfjn$HFYu`VSID$3>qW7(9zj-FeoTd@U~5-RtJ`KNml%^r-td zw?oC``TgSJLp~YQ>R8P&bj&%bkSBW?-@S1YIwATh?+OTutQVhBe8YYE{Jke5)PcUS zeI8i$+o2bOkWUeE^PY!*-e9dneVKsiQ(UKub@II_#U;je*fS8`xqOr(Zk8o(KKn0i zb5VR9vZu5JrkB18d83~~dqcbN?tsr%X-3*UY z;VlE$U<{SPcNI;)Sz_cxnx3Boe4g(TRGc0@@JIZ#jk11;w}eqH;fJ&y#3S_%BOmuN zA3^B(uPs{s*wYBX7ccc2wI0-e=>tK&RGDAY1p%XL;eBNq$3_$n*C)BpB{rfDA@Sq# z@ z}P5+g)fDAYq77}$5zHV+E$Cs&(x3(Kl8IoSPZWv25{L;MP zu^%{OJzdh-IRy8zz?gJ?FhJ91Yx=?`>mI!O&WHIOg5t7eNQ13mTk-PNuh%1vdWmk# z1pmXje&O}`<4Ef>K1G1&UmwxMlh{U|fe!dgH>#MN&BeJfjE-ywd>8#L$c zd)Gb;-6y{N$`ADwcE7k7^`l+FCA@fNA1G_raa>2oo8zF*aYEWmc`hyro4Bcym)|6H z5+32h6qg~6^0Egw4#tjK;_HwGWEr;4OWg`q*~dgy!3URm=`Wge(hqVODIUiw{iUzo zdPws`Z-e*6a`+5*V|eM!Ze!z$TW%#h7XP!!v>mf=9rD3X;x}vw!|x&B!4WgAHw6{O z+n;PDOf5dzp2ViO+LR`>2gN{Nsc81Yi%qCEpXU%Ti))kOVx8DVP3#8(W6u`AiOC~9 zuW;7>(`HYIyB9B&!AF4Uhc~?-W%Qf|WW%)^&u4>A@vkEyraj^`cj9j=Xk#4t%JY_-(SBoQvA{$g{ADoXN2xk zcSS!U$cx|}7kv)eiNOQv=h-yRKA``3zCG@}HOzjL`v6y;mgN|1%gPwO26=d17LS`W zMBA}!Y3uNcsRL-z?)?rtgnB+(X)~4KgU78ftWJRbqE6m*F z^T_r1`G2`w#jhSGThG@G7#WJJ@!I_k!>EzsJGMh{SY_e0 zyTuLKV()`|#I^w+NY_66<$i5P+9=9`x=y{9u?jSbCw*gk(8ON>ZNA$Y^wf_MoLD4L zoXxWpC(C+#Lg#qTwaeGR<3MovvNmk&)30dG0A73(yboouJ^$1I`xce`ljZ{QG5?)S zIq;n+i{<@G_&O2aY=RC#9Q{6+0Ab=-O2B(ry3+B4Stn{9_Q6yWrgJ+!x!#RUf9b!s zRr~U5lo#&fr?ZJT=b*RM`SOFNJkH^n_bn7}Tj$H4$^2;dW_;_sE0VmU4-N z@&9id@#WP>9$vGY=*}e*@@(Zw%G#C>5BTzH(cWcoYW_*& zQ=Tm=v6Yuuj0e)B@2?#3m2*rUp4_KAR|S1}0nH;nlE=Bb<+ob%FcX$GTIFy18j>qB z!@8`Bqbzv|u8d}^Zerpgd3`>-&e*esq8$3(wBo9Q!4YVe?G}E$D#xRFM!#1b(fr9X zS1AA=luhK8F1Pt-n2&y2GUYK9h{kp7jZ_=l6`Ch_O(C1rbA*2hl{{B&Z@j!g)jX^ZT&xDCIOZ}>eh zHV>n#v_s@L(gV00Efb6E7W)u6izM*Eb7+>AOi#9h)N;m#+|F_ppj(3r=Wrrxa6OCb z6y1&MI*i-t)#0z@m zdyEHOdY$hcu##?Mnlba&+jB}2Yro{Z><589{Q_CDf(@pBRqf~+@q5UVaU^W!XV*NC z#o@y{SKqg0?K~G}YcL_~is3j5;JN+_9_1NF%&Cg2&MICb&y~H#{@+eLgB)*1zKj8e zPdug2#C~)K?LFlT8DLDHtc5?RzsiO3_1cN$VCwljIvEe{fO%p0JD!&EQXh-~^1LU{ zQb~O~a9Xy4puXs=#BhBoPYJa9dhy!;c|#mILa$I8|06TZ504k-1+*$m&iU_3nj zx~MtO{Xvx6UtI{naV9g^&aELe6oFzUcAF zg*Uu9Mro~?DYWdf7s4Cy(P!jZ2>qAS>k&o(H&bOmpG)$%Z*g`UFMt{Y2_~Js& z+o+?w{Jf~mF}&o37m+pEu(+E2yVcaQVDMgfC*OIGPJq$b)zT|`c*(cWpXR!Ern@_% zIq*^5*YNf;*nSpnbw?t$CEL?E5uAltpXl10>zEjqX%|_CHTuBsiWb+_NPPy6VP3m> zz*miM`x4l$ zXfMtwcy4&`fZ|}t`3l!5{ONY?VdsE04|73Tll9h=NOKrhuq&~xA(!4_#^F1gm0$X@ zxa9o!+983%2p?BS)Bo-~tGciT^Vi6ZanCLT_k}p%KwzUB4^<06j$wC&$~bsdU1_z| zeR&}U^=}~mA?1g*?dqeb!x{3@R=0xrEWg9>i+(I~O|esLb>`%`oQt{ZS&IWb ze0N)&oJh9i*MAP0`^-G#K>6G;^-gpK^_3?bEIxE=>gR>eEf7whT(ELkcgjcG$kEPu zR6ccB80f+HCtFYa&Q$U4|DV0L53cj7?u8}$I6h94-RC^B&Vj|ku>A|((7%qAu`aoMnd4^nZc`etL4Iv-RCgg>Hp)Nd z^UbDH_gWpm^3L?#y5P&jeV2=C^&NCR84q~8GNbw==aGQF52N82%7dIPPE|9uF-S;w_5L!AnnA#yEOJSy*? zlJx3uRzp?NzjVo$U+vSjifne(EfS!7hcA z`}FJ8c;7eqhc@HP8@j^`y1b@b-_QHF2(n8sY*YIu`XFIWNSMAYNT9ECkoS8Q+m0)J zsW*^5v1XmdH^)SrJLg+5*0}L{VexUhMFWk1_n{A#mq^IXh zquV2W(+^wwUfNC@RW|a=IZSbTM0K9)_!t*0W*p*YaZe%**dp1}hx>CHwVNsRzUqYJT9xM_ z+6wD{2i}ttM=;-l-+ny425uMiLEojgu2#eOHo!rhm)3PW?A=%JV0dx7lx+~wC0>dB z6U*QSxhEe{Ude~p6ktHN`?kS<#BfO&pL^^ZeL%;PA9G$FlV=3;+RzcfmHL4A$}86s z8KR!$J<=Yy?~>vs>AH04EnU!C2N}pCiIu0C zAML2N};@jbo@7?akMIYEE@ru8-!DzSO8*^dA)bnL> zkze6i>x^WaY%IK!BOV^~{Mv0RPY-CDh<9-mKYR-IwHI&D!FLokmUrz9k&HNB*~QWM z=M$)-_J9Xshu=P}7)I@n`1te2b@AS3^NH>IG!DxI^UnD<#xQKRc5XY`ti+LdC;8NZ zxWo=+o__69h_7P|pi}4?#mptn6C`6z++w!s!8OW{l#lFv zL)i!Je(-@T23HFh`p*sxW^vI@Av@5Ck@>-#?F-ZKiF#-Cq@VX-htiS!+zB3m{e7?@ ziMqgSspt}TmvS+!`NaAFZ62v3*!Gb+bC>1`?Kutz)pO3(2?IzVLUE_&;m``9R!piif{2XysgMY}e z@}%mK#TT7gyF=?$wA*Dpt?0A5*&5R1Jjx2oyG;iq9Vr7GlOd1N2X*?^py{El;P_=d z!8F{ruG?4+IP9&?pK-yEx;8?hw4k7kf2Wkb5!H^MNIlu5q%MeXiSe0WQ|f^KWc3Ysq`eeA!4v5+?>!%o`9JNC z<;j%FPTi!t^ppB9=cEt_?T1@b{uh89Xt}no=)G$>LYgTPzlgWW|FWoWw>ZnxOR zN35;l%NXPmIma<~vaLLM5pRBzcgii_c6RNfYV*;jh|U8*Sovl-_UkQxJM>-hMszKO z^J=T$ma(<*miZi8d{o=!Y6mjw(BUZL`fY91qk9v25%q~1EYEAvH#d@5mxtE20FQ2t z4(a+e4${|uRQpTCM=`eQ^()h-hsv(S(L8Ma*qR5lr#c6F`g4B@UO%Qb%&iM4-qofU zdEKv#==nASaPWOepN0`NefyYU5QWQQjlxdJua7xh++%e;%9kt8f^Ayun&@ao);&mF z_OYXao!AZalko{%n_zX<$1Z3XS10+sLp8DfdK&pQ?fUH97>se9_Hp6wvDzq)XdB|? zv;-XzU4)Lku*;2e)(H`1#As+;DRzW)g5gkn40cP(8uW?w<1yGBks16+{$dZftZT)Y zCCV6=u^3Iot@ttE_1J#up2!cYqxJJ+lpSr_Pf$Mf8_xApF*SZiMzNt@lPB8pj#}k| zHph+k=#Y@bX;Lhtjj?2v4Q>?RsBz={HHRtNryb3)@gDHQu?*Uj7lAwWD&=#7Nz6NX zl($Ek;E(bbr|b48m`y4+9R$y`5927``<$&LO>vj9OMJK%SFlFoqj=ERnFoKoI8fScLLV#kEV2W=-eY(YPkPdLFOZfCE=6`2IXMG^*%-~rgv z?j(3k39rJBlyMtPV0)wUfbt<_9Q>jT6xSZpeh~YjKkNa`qj-RQqF)3Y*w17CnAjF) zG>r6*m>*MkXio~rUONw}le&cVX+>IEZ!j#^M_C)M>ycR4{<-;)dbtJR-Y73vVr6$s z7Q3L{o|kd8=@^scx<9#q$tI;`4MEpA4SOfbnOkoU%O_(d-BzyIxAJ2I_$_rm@ z=6bd?7I1BGcdxE5+uQ(NQIEZRgnCwwhQn6br?UC9xR=)NqWhTC)tl8$$^83^&?VSl zhL`rj7Un(YX|u?u>2h)NMfyJ(`DbJP7o2~86c`Qm0eztVLe^I%lYXioF zpDlPXO|}ypKM1e<>`_1RgE^<-mYvFv_dgu-hmBGHex|4KCu07qo&Ru`-KAXIVp!mu z4|l(Eu{UFJGQ<5YTyLFs>sn#s3%y$AfzR-h-mT4t>-TOQ-ff%Ed#YUQ9Z|Q$ym13@ z$5AdTF(1Ck^bB=Ys;A~S=X9ET7 z7qha`dmi%0x=7CFh>x_f`_#S_`(T4Ysd`9ncsbR!K2uRFf6Y&7AN04 zZ`AK|ql}Q1b9$Y_1CqymdlgICMVxcaH4Acy0qg(1Df6>+cidFX?H}xO^fB)jl531d z%1T>IL6|&`*SL5+eFZGDMMW>CWHH|3_0A91xeg6)#|b7_zFfc=967O}kGFdN&cfE6 zqT`SEI5!sEL2N$k!=Gwjxs@twsxHD7q!Q*$d6j&Yid zKJ09qzVeKT>L$fxt6_pNAFT()`6)fOn*X@aDQ?|OS+VYBcu4m7Zat**rC$4$=u9VF z(Us)^ETinWaiu2Pj6cKk+99zmv2+Tf1+;#98YPz0Z(C0&U0u7v#+1s_zg+o1yH0d( za+|g%*v}CjFb*m6aBSZpEy~RLKHioV-GqLk|5No+{U%M)lQuo*ppP!?eDAi8xb+NlHp<+&l*j(&79?umTZBdCbk}LcPcp$%KcRBxw`c3R@)hZoB z6I#sUte(kNx`edw%{-7cEbQP1j@$1$<>*;fL zO5^8a{`Cp}$FQG3?CH?%SeVreBWHctKn*-0=g^T@m^D6(4X{`k+C9fh3&V_{(Pm_9 z3}$F17N*sOVfR+|z2vho{|)qy_L$^bVt#FfzQN5yvSoqwP@erg){h&pL>9-k5JiH> zGL%=_uX?r<`PvJ4kf#`jOYY&-JlB3XbVB;}QCQVAw1L>q68(#Zhb}X`=p({NUyphf zi%%OvJ>q_3i61X_Dc?358W_OPn24d}JHH2Vp?tHP#OZNPQs{J8xsQ#_=HbTntS{rx zb*>?jaU7IuzkUJfN*@z^=J&?>L*NZ|){pHO@343Exow#4Q2uTa9s78DlE05{GCq%L zUxZ@-zF#_Kyz1PL$TN#qm$p0Ov)1VC!MhGmGw2RMIM3J5R?Z7r z*B5U;0X$@lP%I3#{&IiANLtgGtB&WKImadAyc6pY%C6&xVi;KVM~q)zKA;~QWB2vf z5t;ugjzAW+Ex7(}5`0PBe@@+io4P@#M8C4&Ed~8;K=?e~%axwPTG|XO+k2GGykj7B z@UO)Ky5#44tAv+z4!*rXUg$rK_b%u(+e3)MZ>AkjlNb!2_wDznO>;nHLnA1leITj8Y1kW&7AoHp@y z;|a(|Tz9**QSX^#K8~n9AYWvxVXkpkr0L^}EOja`>_Id)t@t%Zc0ur{w>Wz&Y(MF#Zt&bI&J{_1^(5??@K4+8^%r#F@kFnfHt12` zJRRtn@Kliw^?-9)Y^O=yw3=)<|L+NO#v56Mnr(Vwjp8WfDy3u4pegy47}rflW6+*Y zU=+ugZ9ec<%=`50PC(yO9WJmeKZ!1dtD{gBiUX@b2iSQ1gWabL)EWA*KZNllq0R9j z`gvUk9vDL}4zz1tNWRpHo8;dUEm~I!PHlpN56gKphJO;+lCIZ1;3;Kn3Ov}DI3^*a z&Hm&i<=y(k5zo*Ylo>yFMI1U0#%NB!U+A$t$Ods^cYm&Pa5S&>ecKVGD|!U^NsBnL zOo>~ax#3MWUq`0O#cfATuQpVK8If;|4-DPBn%Jy8Mi=opcTh=>=?|T;v>+RGf@MPZ zsuFh{|6(|#WAl{7{0=uiS?>fL>L2CNy1Le7drg%0#D4Ii#4Qe{Kzpa=htS&><9!W& zA3&PZcxMqGeFSeuz#HYkx*vIe>nz?U{QR5n=+gnsIdmuKR;#+>^ebPdIz#=NNAI0( zY9BI^X_9R&r_y}{H3cepqHwjGa8OM>SfvHvC#G-aY0{3 z+LHX;qQ4nl+OLpZegiAcImvI6)zftD?V6u5Uw}Lj%-?Nu29U{P-)8MW(BxPW^C6y| z*pxZu+}N&lvW!3uv5Cu&4)YiENrUd9r@$v(HeUme&_Ts9tzn5H$67pJ^%CZd;HrE) zg78y#G8HOo?UU`=eiPmP*B+#~QPZWaQ%`7X;~2hR`Nr~tyj1;wO!+GL7XA@l?A!KB z+Gg_QkF>!LY-w?OM&w{PsmG`zVhd8*mgAhDe4||YJ~@6%c$}Nf_Pg{mAe+&Ij50mw z=UjIjgsz~!Ami|L<>HP*F+B&qq)QqiQ?q<4U$_r8*NtPPZQX$Fu$Oa#f7jXfR>VWz zpdFs1OCF~q+QgIeY3~zt4&?Xqo^0npZmDD9`1muo8n$75z7s zJz&hT7t^O`oey+uR(V%UMP~$){2a1Hm}$NfGtEnhhdz;;^p>@izqd*7*RXYp!S6x7 zcpt%Gz_wMq9wZh#PuSK)Nd5GQl;&r=?nK)~>%4soFKa1qT0xEnK;(K%$3M}o@ubYI zy^rfHqA*#k6CD{E?!%0Jc4(L@NE`1*6C(TTeZvD!;+zWGkvi0kg|=g0YMys)!p z7`>UoRvicV1iGrwx#A~wlOOIA?9shCV{p^@)%=pge!uEA+cZ{{g!{mo--9*lvlQEW$`{S03(cwWOB7N5}RMipR1&poB zp1QhaldT?IJ$up8QmQJiWCX2VxcruTPD|{dBEP z=RiUI_Qn06f3_~>siSfC9;~C(`^BD`h`VnY9vaOzGSAr`drJGYmfzsp_CGzXdK`Ce zw8>h*;%V9guS4~isCG~2W?|KZ$u-rPv9Tif?E%UsgGH^@|&n!G! zwV1dqK3la8Z{)-5_YB>SSFO9m_gK{@&f;>2*Q%=4A*#HO;|<{7;2-s;e`w24EyB)I&K-R(oOYI5r#5isbcK6k z0Sg~>iA+>hm)jTs%z!S8r3>r5rue zTj3`q1qK>r^O>E_?@8>V8{&5MJj?7e`zzeJl*Q`aXCfSMO}eGz{Am9aBl<~7Lhpie zXBn1F7-DBWnRf2Ha=me&Z&0!OWH#ZBqcF^UwR0yOFb`foxiNCX3Uk;V%!dHIA;adA zJ4Z@xeJ|J8h+!95`G9~lAK8(Dqm&zAY*ao|B)x1a|%3-vbQ zOgUM@_xoqey^3aCnz!nH(Yd=d4t>3}jnCFNclO)5`i2T<2KD5I%(6;<>)E<_!ia_4 zBX;oF4K7U2aOabaG^m)F$;mli&$1ne^-6jM6}N{$7^#i49(We!HS!-B+Onk|8!bnN z(Y};Aqkvi-*DDbkdR9RplJd$Nh~)+#l6xgoEJ7#(~sTvZo4XowXx>{JVEmN&{nu9Z zcT69+9n&$3PM_X^2jic3 zWGsSXHN0;}*G(|aF3JB-v2NtNe-?F5yN%`X_nO#m^glV)`uj+C@~DP==3>kr{dO4x zWIXhn<#%Q+6OlI1r}~vI(&QK%)4|wv@sps-wR4Okbmfdy?(gXDr;dMWLgR5?PHY@H zads-#U4eIb_?z>S-VNgf{LQmcB!1H!*(bThJc~2dvulU5U99yB*`A?nU$(m?Yq^u< zITqRBwb?r%5AQ;fxXbRy`kamZN`!g)9XNqZZldDbmlhC$AWBQlR~^QZq$jlR_Xn0| zUdCu0_1tpCWD;83g2A;-rZazVz5=tf3-J2)kz!7)>sHKq55~Iq>>vN(8lkB;-1gz2 z!J+P6G=OthLy7LR_NH;aT0W191aaGQmPPE zFL4y%NnS2hhDq2RDf7G89!}7S+a9H}yQMNr-2PY?wgD4#5;jQFLNTfgQ(=e17Vkb( z8E%#>(r`8w5MdCvN51&MmUyZ^bf$_*BzU?RyXq2%i&zN*{V;UsPtEC8G_>ypPsJtr*OCVH7}n@ zY5LC`6WdXI=78FgPr(+^raaSc?pVKIZf0Z13o0orrWR_}ulh`#(YvVeKU0r)Gi;O5 zn}fzse!JEZvByyR^9VjtQe@@?tOWgkC#Oyi-v$ebSA3D6yFFI1F4&W(v5^oBb4nQijz ze^YNIf11jZ)8IqqpK7J76`#$Bev6*Pe(RYED32IZ7hMB=U-mCkCfvCZQCKY>Hg6YGITC-t3-~+R_shvYyZ-v)X_LJ<%4@SV!b8lic-d$x zIoC^D@fq3+vrVzE#Xmycn!QuZWA)*moK2)jU6J~LdRCFPq%jwLNp~)uM?eGi$k8$U zgm>X-%JaoO7W)QL$L?(xo@D(f?U_r{*;{8z9sX9QY5ugv?VoI@?eDj`dG9%;D|Qb2 zy0$s<*8hfm@V|j8eyeSW)hEDa@+CY%2lax4LHSR}8V`fIm^7VjWEo9-1M~Q|v&k+z z?U(q2H>UY)z5kZ^Eej`ef($3^^2MvVd$BojuuAub`gOgCkNIKJ;CT`j*80#0i*qP+ z-VJGTj*;}3<{$N1+T)Si9`G&voQm8&OFcmNXV1snj;q@^XgPXn2g}9rhM1exLE{@E zw?95-aYrJzKbbbSJ(1hqP3Cqa<^~?f%edjo-+MNw+p~u>oM3f*Ut#F|&9{A^@zxKl zzFkK<3st&@P3nzWmv_(~oFgam?-|e$KH!FW(d8BE7boK<54zt~)zz*q3BBMwuF@s} zEs58JZ^&nDn8~RbltJ*!@`Cwr4bQV}plg<<-Wv>gJ{hNnx|r*x*k@!s%A4@7NUunG z*{U-8Av_yTc!FHTHt<58K-%bfA&NH2va z@mFt)nMVh@a4IU>s-JUx{++%K2KpmNi@JdP^lN#pEElg?W;|r! zS8I6TzGKlDgr(jHzIY3kcgExa-{jGU!8hgeXKztn>KfALdQPr`m^`6xkqtUUUZLZ~ z&-EZ|#&Bddn4SHcwOJSr>z_r&gbW`qihf8+Q#J#qCM^J7uJ zrMEemo{YUQy%x=Tv4L^jp#1Qs9?gfB_+2Kis`e=F37uPQazcM3Zw;H*rL_UH7$?pn z^hPkNpyhFxuzCP;c)Mr6Q|(M20xhyYc+O839V8(uUQj?x748$M+Z?9Y*8B z6*Qb484cPaUk}CUIC+*Cot9sa&PL^@8u}?R;X5G{(idD_kDn2vv&-lVRM4Tk#CI+_ zE}s|2WQAO^Rtq-QwS}eJWMbnKRgtZ%hP&{euSj>JrAv3v^16}*zwFD`$LPV0bsE#- zIyQ#4w55$I=^vy!;(Z+Nc=>O~H|3inotMtW(wa89ZzL^;OQ9ky#GNZGwrAtE1@$s! zs|I9R#nsDydJw#0-1ga1iiN9Zt06bB5!o`ad}y8}llB*`#VGyoW*i`a6N|EFf&nwP zPZhigt%UCG0PPW@|8R_c9l}CR&f)M(X0iQIKB+uS^YCyb&V$GfZO*QL05kf@^dX`R+#2PHZ4mCmmv#x#jO)ao9ui!1?I!c_K#b2?d_%4{-Gv<{5A-$>R_m1_`#RPS z)2Tb~DBnwXp9W5s?(autl#9Q6M)PeUa2Nd3bJJs8>icl8CHzKRB{En&o8WK3aih1S zf?hAaAq(RmPoz$b+ZgJW;pX`vZosNszJ#_)KYx>T_giVP?8Na|&|=}xE=}OG4c|&PGfheH`R3?7MHP#posYsXlD{Tvfr3J?^Mdn@9Nb zIt@?zF%|Zu zV&TX?Y&6c!l+)dfe;fPa`gYF`$`;Rkq|DOK9Kk;Pi_jm|VQKyC-H*lG@tf}7Mfx5y z$m#Z2;4EUvgOAM>hi<$Z@PyzT;}f=POWz>pCI8&UD;;lBmf=xM7v2MKvG^ZsG1PkVY-?xN3 zq@U=l?w8}%W?5fyNc*r-Zvnp~uXXrF9spCxYmBwb-otlF{AQhb>E*4J{FHc}AL=yd z)<8BHzlnH~H4}fqDg$E(!tVi1lWG42!m})3eY7rumP_9NIP&N(5ry-Oe@$8K9)egP znXCQFW~EDe(elR_kGW{~v}bX)MXTCAf45SDm5u9SRI<1^sc9RCNEwm))+obkhmihi zrYmPh#UdDQnO<-O{)@hihYWZ}eYISbX5d_6Ei&1Uo6a z3+@0#Ewk>N8gJj1nG9EADg8jcuRnK-4@>-cN6L?&HyrmU12?v9Xdi^`qU^(QSt+Nu zSK}&bOAm6BU**)+wER^@cop4G-0zes7yqhO(_|W_Cy@5O=uQ^e0PZuk`K!d(8P;(4 zyX^cKGy9pg>;mW?>ePJze`Vt_J`Y>;OcCLGg%5j2me7uNj-Y{(mCQ=!E9*IbKN!m@ zp5g}^v}}oO1OJJ3A24JcMw?eeIm27-gF{^^c=9`OXCCsAexxCO_4@7RCheY?;$NaX z!p)zDLS32bk?||=Nm_q(95#Eo;RyQ7Bawf3T>fp{SbT=PciHaFQLOk~p?UAa)~E{W z)rh)oMe?Ns7$A>eqhw#2xV6R7sE?(A{U3t_SPs|9x`uQ^wx@6NX5d6!bF`d3GkxOA z{mb0j!nwG=oC20e6K4huVwX790N80TR<9klu}qQiEk2Cp>ytyn73a&~>?N$s8Ggc% z;dtoh8&qe7My>OYlZf!a-Pboi+OSh>&gb(Iuee~1tvSjJ(o@zvect*Y^y3($lyl}c zbVt@FaqRH|zNt5M?h#f`p#ITqBdm8me**OFEH|95Q~W&2>@WJ9Rxd0*0x;KsU*=MwTf297b4|kp$$vuOz&LV~P9{5p@rt$2=a|GY5 z2zO5BxL!Jh_io6477x;W0s6`F>3#?ve+UeIIE4r9+)sMG9uMMje&hTZxNpGIgWpK+ z$KaJ`)|YA__h~#cco6TOPvSid_cWf>cpC6z;SQd-?~;4BO9v1)1zP|f{t4;-6XN~T zF1=In2b)mN;P>hYJUw_?5N;!$2An^YDNkNPSd48K7a!9)4RuR#G4geBU3v1S=S+X` zW*IAY;AtxtuSEV|c@Va4HQqDj;#Ftx8~IwGk_B4nxo-u(ZP<;lNHevwEV}<2pz)zK(9eE6yYL{)RdskE&s94Rr$gpo zx1S7{uSnaOWYL7(z?_G|eoo+?lNBWPH8nk*hb{(wiE=~ldV2joS%3wz|wR2Sx# zdOwab_xKr{y9HdgHv4qvrMdMa!u3LSgxw0h$mc)`d&e)9i(QcMsh#Cw&mO$@zdo&} zj_G`7dlUK!Q+O`n0gZOVedq#c!0oB?XnWV=`#9(V-#@6q1HV6PL7N_FJ-!dm20Y;D z=``Lua5mcr9=JaYIu9Jd*@$r4j5Iz03=LQR?s)|F9)MP*`~RtLnX`tDurG(c7stGc z&t!owWO#NQ&mlag@SHDmOrtp7fM+8f_>b?w1Nkt&TErZ@te<)20N%&&oKDL0sWs)| zr}A*WSmyc(Sto^cuD`V0n3v|9ZV_|QoD(d5_PDI6DSj4tiMit<=8B7$8!qlWkNLsY zUp~Fcd>MoMPt^jiJxcp=;8PhUeE<7m^3ZOS{qwN3yKp8O^Z{oz^DGITal`Yrc{ZG! zq0O`Fm=|5+vTwTB*^j(~PCnI+rx|4yI(u(Rx!4c=UxIpy?ZuyLgFE8mJX_w|Q~U_@ zdt(On0CDa=j59f*!&{(NTYB&u!83*DBI+j8T|YQmp1g1p<$h*<`Fm?|*5yV#^>{#| z7v-cEb>D>zcy__2fS0Gi6ZuA;zlgqi@jlQyjBx#{ah~t8`Dr800cv@#U<3ys@iM z{hP$U_}^-TpW?Ay+P0WLULNB(Mpb=f2l^JaHIJQz7si~BzVD|x-q1ElxG~*plj)%i zi}-9uSCxxjoU%9a`ip5iHT;hM@eY>w_gufrr8|z(ojc0!#{QOe+_l~yANSt>0NggX?G>R|WfXA1Z2Wf}J>&y8iHx4KHM;^`N2yTH^S;duV9nBlmw8d3qc=a~%5rrHk-S z>-d`99mK5n2MgTJ{6F4;2l;<|8Nyy0-T!kO_T~6SxXB-`3P4x?iJUt;7M)VY9mg}` z!r118LSq*g;hBKy0X@2>AK~`l*#)N*y&DVL2S+-$Rk?i?@E9{X&?D(X{t9`$8)}+$ zfmW_ui5(K%xR^fIgTPULQuWT|6Vf4ObLivo8FjDJrN7yWyc)xk$K&NOejq3F@$&iP z!VbxZ0M>(*aIbptZ+7F^20yP$_}xJLVEA(J%NyW-3C}q^=jj&zgB$pIW9i!RJ<_bj zlSbSNptacP2I<1R2@lH4m#L?z!blH~Z1;a~Z^1*|ryq|{=b!Kk_w(h_jihl95BT~r z?Qh}_ZW|H~b9^AoSvq%(_Vq(YBm~@!;@OW6kCV$w2{30~e)%N)kjE}BqqNJ#ue9Mo zo%fX%i|=1Z=RBT%?=Z&?#5+xA-mpE?ujUYLkKk#A^PAxDD@;dtlpRxI6ThN%PwF1_ z=h?@bXhFDI9XpWz?Gd=K&O<#WV`Ug`>FhzoG4Qb0Xrk__j9;2k8tfA%<9Cl>M`Dii zB7eJj@oKXmWmQ3;DuI%&-h^mpE;3cjt`a%vJbd zg9`R1q6xq;p%W~o&Oa6TyK^&65DVv@=2@q5Z|N57h>}yNb8@OE1SYKm2+Q?)HFJcs zd4m%ZLJxg^y!{`~v(7bQw6d?q$#W5&DF%456O%$TNUWY@J@HqUJ3lXqv{}Bo+PSab zSgFWJ48FP%?x@GU+Kx6tn)>LyHC}Jz&#?^Db^V(qN!mQb!%Np8!u>zvH{A}JTeUN# z7WSCAFWAW@aUp~+{w~^!94iwZ zmgyOCa=tOrV_Q@(03PJcr+tj>DDykiUBV-MFH4=eOPWhW7Ah!&SBy=T=+3~3HQmOG z@|d`g}$ zY@3BmYy9t@R~qD7v6b@Mg?-k7Eyll;H^_lLp@vB@4BUa8zq6@U!bue#sc zihK0F4{9;Ay|X8af~U8H+HD+6Pv?)OAqVB`1#emXjsA?L{Wdg*u)mL{vU7N(k24UB z%u471`kIk^d!+vvovYnjE}m>R+4CZ^KTn;q^RfJkpTntXUdOu*WPb#fNh9467P?s3 z2JSM>Z92jHAvW#~Cj3^NZ&q0Z=hvf&{1KXn8^hpD=r`F^KB(W|iDx+$zlOX~8?CnS zzo%8Nr-9AS(O&x++6Vs~SfkIL%@h$hvHn zol_HryrmuCLt8*yoUGH|e9IcA6Gmep_(3>g$v*63`(txd&9EbHt4c$o z<5dLsrEJ83vI!Qc`Yl7Z#B`@7RxdPIn741iZgSlNy&cqJ`=AqLgn3l3JUZpuDDQ)# z=IyBqnr{=Cm0fuY_jT6$(*Aj0C^#5hpN4D39pI_$(ETr7tgv&Y3#Py3Kh=aV2V(gOTCAfq&A!dn_Fx)CX$!!Q=`bG`?A0{TKAoRN zYNVHUEW+LwCwJg6`kqF+(vUXxe0(gDfF*P zBMU~u_+WfpyN>wdmy3@pb^7`v9^&zLTlz>lk$#J$@8uRuugE^xD-HD7vanuvd+&s= z)kgPN1znUq$d#nK7{{XIbDbj&Bjc}?p-na2|XeW>Vfoscf#g2Yum=9!Eb2;#o|t) zEOXx5=?}+8D$0ZK>iPvU=VI-jh1u+#RYsFIWLWNQ5nDHT5d6U&vrS^M=^COqM$|Ln zjxdrxJHYQoxW&Wpd&>kcfk)x6#_?1gL+UIj~Gi{Wsrr|=J=M@S6nkx{1$Bz<`>vB?X)u+UpNDj z($*PNXS2;O%sBTt^U(U}#aib+_{8X-5R!W5#Rlh&@aDm`%8RYe9qAfRFFvAf=+8?( z;`bgQU)?>d-(Sp&U-3oggz(DsuDFs*XrX!{uc&kF3}fxzail{0RbO>X0r7qR)#3Qo z&7CkaJy{N!qAJazSBP5ApBIF(>hF$mbp`vD->H%Qtfe`M^SaopWU63@JfAeac4@!q zMdY8ftDw6UAF_zOmV1Xj1`UG1qcY6s<=mPud zx3(*P%$r-!=x@4%2T6~0P^5=_Ni3|5PJi0Bcvz$%_tFs~t`(IuRUXdu3vJFx%lH=D z#Xdr2Kc>}yFwH23`z)UvKT|sYNqVkMDj)NF%XpwKyNDmp7w{=O`Mjx7-o#!qpQe?z z=*5`Gtui33cwRXE=gSM`x66xJ_ygm3{!pJ?9&jvD@}XVik@XWSi^5Nni+6|QYb>0M zJ;lF8o|MW%KH~YJWyH$93^DB%JM?$XX77pFK43yU6p3 zJ=WIv?kT~ecp7!=nNwEZW%}iQ+3%fEtk7l>|GQ>1|D@kFlC)#YU$*P{re51v-R%7- zClF=|PiAG_?o(gKw#oM{S-$K9&nQEzmx|L?R!n!L+%?1B${y`0!;v4U$G{WUEPMM3 z`K8?TDoxT$ul5=>h(j?^dE-^R7g3?tv5$Mw#BUj*XQo{AlWJM95^^yL=m zdOKMcD~t6;&-ymxy|T~3bqJ)zIU~wROvr~|4>zvG_HqIb%1QZr*~)5M%I5DQfxd|S zzhtzLS4|xzKj?eD_h~q_N&gozM){+BGN$}`{PZ9ku>nt_yBVju4OvG^Ft3v^!h^^O zU)SHO#6!ZzdEDi6|93rq)N|q{x`ooe&f4l{dk}%6tE*aG(&Su?HU zh!_3ZY1Ijq6K>-utdq9c_pQI6b$(-G*763jNt)sw8~33MuDm$i;d*|rI}M7hSjZxLo53e~Z`1Mel2k zcVd4Q=?jJ_#qS@GZv6ZEyA$8ShtR5BgOy&fD^R!~0PS1RA7Y2*D#x>@n~bNODkt@r zxX6RwPA?{r*S@@`@EhOM8!6+E`=vH~GtUmGyO$4o#BmcD^FtcG%u#N{XP=*Yn00(=SGcxS(?NRTeof{2J>XLt>u=PkZiqdF zJIj^q{kW*^+<)Tgb=4u{Q<5j)=#PI(PIus-l(>T$heUV|3-_+|8udXvyQ;(>JEwBCVd z+6%E2dAwVI9dtwVki0@4FrMb^2kcxUyQjC<8k~QuQLMQ)Nc2wcP)*+NyG-&{@)3QD z;`B+-M4GfI=;urSRpMTu_s*mKNyevaj{cI)CollQK`|s;5pMo;l(*O#iH=$;FUK6; z0|TSbGgn4Dw)+xgL;7JHoA7zN;|=nbjWA$&lKovtEFu|e;!0g1BkG}l%y|6Ve1CDe z8EzY`2g^WP+Xuc4>)XQMPk5@_7hYlSNLOrHlZ9W9tv4CCc3)&s*|3z!WD{Pd!I#Vn zHWo&^$dcai{e!c@Q}GAW=m*RoPf@O={suq3?p}_#uwg&kHpf12;=)I1V=6GB{lgKZ zO(D@eEj`cjy%0~8 z`hiJFgiW5rCMd_nFerv+NLZ1XoKbPo>(5YY55Qx&w@q@d2#~Sjmuueq%BLs5BkLRDQ(S< z@GW|CjJgSX3q7Pi%O>U;akHt4!I5*WvHVd7=vz5(^lw-r`}2x7Kt%eH9(B(ARd>>> zY_T%-z|@)zXo$53z=zm_4#b6Qu3g8rj+B|2h%Z@lHG*`6K2dWrV%>Q4ijZpL+bhsE@N<(heZjOn0C0it=$Q z(kxv<{03mN7jb|Ge={ETj7mPDju!l79Vg_$_>{PR2XPTz+6ICl=!$J3jq~u!Sf-e2 zGhhDsl=4hF$++B`YZwYIBJ&~Tk?RITTom`sre8lE)A&9QkTasSEq zWpT%X(S8A)H2CGESM83qXI=P96&R)3Kl0%E3M}Uf zyXesrR;jAz5FWP>J@+mckd@<~Oe$FS`Tw&*uYnfsudaP;A zf!{nbE|0~H`0(*nKfI)UTg(RitJdj>a``ViX6whlJ~E$v)M0U8Ztw{k)48a1=4?B@ z3Gp}LX~hE@bN*CR7x;E}y_Ml>?v=UQ9xg^4&CNN_Njg$TWgs`|j31v6+Qkc5eYc}d zV;I3QUJv#n{1nbA0za^s!aBzxE~1;tGK}?6V#~#jgSNGsG%e(#tAoVex0$_vb9@&s z?q%B2)&+1Vph*9Jw`uw=J(L}pm#gHT?YAE+cWpqdd0=x{8e4h>&i}SL3H)jOxJ~8p zV`a;LOD+7ywVgs%-H$VB~&zR6EPQ)o08-b=BL6uY>3IZ=&P zBKDumnTLtA3gd#qPkRN2x!YXSama=AX1AfH$UCP9^|mJ&nzQo!(<#Lk{!ehbyYv{j+-W2MyPj=XjfM&m*6iF2`h9)+dkJ*lZoXvxs|_yEhzq1U!ENK1F|^FVaRL ztz*OpZN2?)6JG0;8My|j5%q=cb@0YtA-(6X^6BmI!kR^8V~JzNg@h-?Q57$6*hcHt;3iXk%*rAUw|28XXyu ztt{&xbX673>HhhCyi<6iY{Q-w|Ak{>RZ%#$+kQ?b^rdiyOY!H2SntSQ4cDlVG3lS5 zLm1F`xk=h@MYQV>HXcsP($ATXj@Cu`OBmZz0>34o(Tq3#79hO~peeK@EH5I`b-piW z5y0rY+|tw6xuvo2WFHosQZkhPmswxpOtF`bJGt;X5l;DenPuD2+3DH=LQj`Y>Ok2{`T-WdyLcIoBA2;%5XiGM=2S2A8vfvCrXj{pJe*rNg4QLx7nF;yZ2-+Zcu-%tI6kb^hp(PRSj*4X(yN=QJk4P&gNGmFeyz>uk(SYW zE$z}~IFl@kL$c`Vr@dpfFI~VB+`YuKEX^O8MOoSB-Uzv(wW`XsHU>Jo-L`oWy&hpH2lTLfCep)l>m1>&E-U9_ zwD&rFENtz|HxA~+Zd-YS?B!{pUBWs`t4H9rHxX83FQ1Chyy$6m4-a9~5exhUfUC-- zD&}DdZ^)?i66jq-Ub}E=Q%Y4?Pp?$f%DO4Oj}CrIK!b9V)=7^g!uoKu1*NJ;)>75( z=BB2mk$jG~xovIa4UH=3H3&!kK?`T%I=&D-85a3csyZ6u>kRoC8QI<$(--hnO&eB& zcL(^=dahJ;#)lKWs?!mj>iQ47zp1HVb;Dr8tqqM5u5ZiW&@fs{JqSgeE>-vAP5zEX z{8iT{!;-)1jR>bYSgPLP`5PW7H1=T723sKDpFy}|crPlK7NGoDJ}^9GiG|%wJ6Nhd z7^8X0Qg?P$~_a&T9B=fyQ^`Q+zW^RC}Vxusp>3?$nSrG+&J$3NHw zm){Fc#KM_QFSv*>mNyHRIsd-=2;-7YJAWkV>{23}(OKAvK#ooa>!mF@RNH;sS}&Cr z?t?#Ng#B|eE=+_Qmwa7_m#1?uAz!?WR9bi*;gAQZ=19JU2ZetP=lGh6(Yu6gb6X{h z>?Vbel-U%^KmTG_ExhEziH@Y|;BWG!T5(oLj<*y`xyEATPL9QuQvC?SaWHBBa+?$H zgqM1|l!DrdU#8A^DBVNO9mj=q?-UGDC!AY-Z>~S@kmQ{_rPOKlleYf4^@HeJW^ZPw ztTmBkrt;=2b}5=OHZpD*8rB)in`JN40E%&zajJCw$IrFgUjJYrm%abKwvS@dF0O6u z8!n7wW&Ju1mhZ$Nph^mhkfCeP5zN!yQc0t3{kBdndnnu?N$_M7EV|A%4h=V|120>P z()DRyb&pcVG~OMRG~b)W6}-4Cw!V#fiZQsE<>2fnc4&gB{ywY)&!Sf2hJEhGmpLs@ zcX<{^iFR(u*0?5n&#{pRj#$! z>_4GnvQp3_4ah4 zEfd9?$WRruEG}lf2_10bQq(Jqg+%>o*zeROxJ_ICe-D1|G@VINo6sk&#aJK4hInSD z-*b#Q>53kWmlzY5vxDZ3vp5^Y5&7PVu_h`1evN>XaVHPwuZ3sKkFYt8vA$Be2QsDb zRLS``+%r^KB5feLN!woC+VDwxwo~WN{8&PZ$#?a=><5^pW)WC1WSYX;RkD?GGjGpc zX@2B|@``_oXTFH6$$bUD%G0QoUD((F!LU}yRz`Ux*wNmCM|UQL=d;<;N#Ac9M=JPB zXLVyq1-;2S#hCdld|qw$CN_3<;UE!_lX=Ryv&Z(w#=DTe7(*;A!B|s~<0gA-9B4Iu zJ6bh*skf5Se4d96_pS>q&Q%E?@wFTnr;#zXdeGSD(~RygTqJp`ygs7mUkHuLwNo7P ziN*i>BXZ`argx>#kX6deTaE!ei2R$#XkU%Gw4?(`Tuw)>xnKH#k&;y8!RzVBA~{#c zVV=|z@b2~GElyAL=61El73 z^v{JC-n5N(&;9p3aDUtS#(VEW_pLCZ;|ry0ye)P9_dnP!0krRO4P`*v^|~78kN7-O zq7VD>ekV7K^@XKtjw*)NVBBR*R?i}y$hh#N7mJ{0QI@VbV{wkf<2c)ev16X~WjtP+ zQ5*&P^eWj9m@CM6p=wvQiCxgVxx#fVV*bQ+%IZAi5yyXp)?!r1`ToxBRpsKL;|Swy zAZ#VpE=6aXL^NeCmUczP_NOpzGcCGUe04YM3-t1uV=^yMTmu{G=Omior#i3v#`%Gc zQSZ3U!p}P#2Oa7QY}hP18#TP>!5g5HNVgU;Lf5VVFL=wD3eY*H$I2V*zpNjL>m+}J zAKHGLzpeZ1>2}H7>fGM@G3gUryC#-j5q4H);a62IWiHs6b22_TF7Yzw;e~$Jbvr;e zdYVcg!!n^d>&^H;Cw?JbX9%5t`%XpeyD0pXkOQgpRoDNb3PLpbKfTJ z#a}}i6kWJ7D+y+CfdKd`t_D`({+5Sw{pha9p;)Y%F{;d zr(#)U9$eS&FjMwvFP4HTcr7hOd2{(jo%C&ll+Cw~#Lhmt+?qP*mXo_u-#MQ@ONS1D zw>a%3J??I2k(YCk{(L3mk)ONTDCrbu4ttu#8R&-1RhF)+r_AV=12exa6FMXFaV^oC zWs3DS&i(cCQ|9L9(cJte%5!lBI&3l&XMm?qZ$s4P(z_9)10#LdrKUsIQ&z6?;YqmS ztvYx;y1>*I!K=Z0y5n!6hAZ@Bq!;_FVLwLD4H}5G%PdW4mtKER^Yr?0Ne@Tr^+~(- z`b(M)=Q(A*%FA)OSKIEw<~s`o_J<)5 zbgQ=4x%+Wf7eK}XYR6{z-_+IFgUJKfWF7Y`)$Vs;>e&0!^iG)DPQ&clc6hNDsC~jL z@|^7+-}Z_2RYdFDHd)*y>^aJ~B8Wm4;`&yjHd68!`7ZfWi>9`Zl5B5FxaE!~hT|N! z@)U31Ph=>{PQ~c7$`b28m1@s0-xwybwzTw?0}^)rb*0pKlqJ+7N@Jv4dJA-R?J~9B z-qxQ)xGA3oI@6k8Z<$c~^Q^Q1CZ*5A-Bbfa=oK+`uuXY7N z=24Mw>`W=xE!1!BEU)6JX3AS9i#Xj5Q*8t9k$iaTh|11A6W;bA|JiS~dGuu48uZn+ zbGQmENbb0|cHi3?l-9>GYFBXANpfHNqYa;~da7J{o7M-k&GPVm9%3)|nq<}u4D=N^ zwjt&2ZTp3$^y3gFvWXepBSIdXoq7>G%Q{h>2ViCVZKpK8;Fh8X(w{I}1{&mn@zA#` zu0Crzyr{b$SHdG=EG#gg+%BA?!=r(>s}3!z(RA4VnS}rBrVr~3{dujw5 zkSwg|T-Rs;=5F(#>cZRG6)UN8aqlJfQL+A(?|14q_XfQLo#)<6?+5*GZhl>@4d1d& z_Kq>53yh$Lx<_ko1^qaUEF)+dSXYHPzU~&becqwAxAYF$+bpI*fb-M^qbE8Ew;7~y z6z=<}bBz0>#JvIG*>0K@w?+97dM@r^7q?&IJ~DS)vB~5E@urTuINdAA>kWG)4&|Ml zCNOmOYK|BzLozuq6Z!$WNZzNb+`B{5(d7H}M z)@NS@y<{CN`f!K#4X{qBm~clMhv%@dUQ4)V%^i4E;f`2@DZK-FO`F3tIw;4b8#-)n zGsCRX@Z#4};rFQdJz~6M)IRV&0*=Q`&0ybWTP!`e3s0o$_~!38Pca(coiunSl**d& z`dzvK`b&SofbKgg(z;giHkrOlhkLR1BQD?Vcuy(6V$k6F9pYeZ?C$ z;$gW={J|~pJ=X`q?4!HYo;q`nZ@8nKapNZZ^ykpirm;N$H~yh*`{Fct61ydBxEtY3 z_leBLkF4K#{{!0pR~x$=rkwr%)`Q+d>cAV1(j8CL10Q{$ef@`J$iV8{8`*Y2oSWKO z@BQF!h>ylOukQDpcIm{%1+0zvPSQkKzVTRmTtL!}1=jlIo%I%WDjwGOiG{|x!O}a` z{*`XTI*w?JLime?G`eF-_nnwyi^4|1Fbm8%`_elPNx0(8>=?{VLS5C_vchb-F^&sY|&qF`1MVVV#5B^aG-XI^vpF<8u z`(?Bfcn{T0J4KKBHe>T^W4>4N_?=V01bcL{7x8W=<4y&<<*!^?fpM@Et#~##H}|&i z?sLv}xzvDhl$$zq60MOJ-eKjBsy=9C}5^z(OjhjaY}o=EAWysFcNDUp=?V%Tyx)pZEeZBWI0CilWmlLU7w!HY;^X|K?imvM#sWCdkcGE zchaIv_Hjo^cYeEIx#FDC5<3bSv`w^`oS%{U`2cilqvZ?qN7{F&AAP$C{JV9e6B*sR z+1RJ~^sZ*mmT?m7tAr!#wRf?s$Hq?HbwJY>-ecqWzX#haZVP2krr$H@^$cr3Hl77P z7wyS{_CX!*ka)3uq-;NPo$6)d?vc1fo_U3H6-%p*f!@(V=jI$Ysw?jAIuhfxnjK@q z7j>1a1qOCv*NF-EcVi!{^Q5g#{HC2;cYmROE#)Y+65`cYbe-+m2n4S0dO<3;ku(Xf6=U5C*CRt)RMYBER<*zlpd z%wz3|vD}M{v5~ z^A!AY{6jFwba!H>m9#hBbJEkGT+ujC4dehF!J7F8tmoo;q*v?dn`=CsgbvKd3+9`Q zmpBgC`<5Hdqi?N89R0tb2|RCZe{;0Ii#DB;6JroMoMG*un-9-HtKMwQ^{l6|ShFJc zm212zwOtNRS0Wc?}exAV+77rs+4tv|2vV)`NaN_`VMTQSEj zC&v{pOP~F3<^7fprO!Nw_?7z4;8z=~Q)*z7&qd`U!ok*fnO%8r#%QAs@N};tT?_X* zbfaOAj&Na#H5rSSC@A2+Vl5pCq1zw`SFy(Zf6$9@`Z z^tW~cW7;0>H*0il$Z^r%_pKIQN-M^-T`zSkep`6l;DH$VQRVxD@-2M5?E(5_@7efZ zHgV97VZ*eUm)ytOXJfbTyAX??TEFRD#oM*HWg%Ikw7iwKthN<>8^qgY$l~mXV7ABV zzP8x81vfv43Kk2kaEpaoqb5kQVINtCJF?2Jp37wCd6IXw2ef{(wz-%dVNT{28afm= z*FKtyH|n*oBf0LI$7F0**&58=h}~$lda)H{1NDpU4dgz2HuJT8(8%T=+EsJyyZ_cQ z;*9Wmil;`ix~;KaF()5*N{xApzp_4O_-)8rCSf+c@qnhm@jT8@!Q`#cMG zJpAUv-<99w$BieV4G3e2%aOP>&ZRS966h8d@U1KO?;wfz+DL2qJ;KeZ$85i~#14r>+>}Z;u+;6hh zng8|X&)GX0z+VBHtow9ahG~M2dZf#CJkna#Aa5yW->JcG^f%T+{#E-i+03T6+1OS4 zG>+&j_<3QMo6m*2#}B`OVbexDYw)!2JN^f{=i}dV{Vtbo>!mvv4>sapogB3kf1uZa zrxic1a(!MdEwoF5hIs}G!{LuOS8XnMAJeTS_RZA~ZAs3X_{dUjoA$sTxS-sXns&@F zR?q^!USM=U?V;37O^5@XKHp(B5;`a41NtfbhAGfF#(YA*_b~k6@A^r&GoE~KUsz!~ zt|%C=a@lkw#>d_{_}B;d&oe zZ=~FbUM_XNw{Uw?a>*W~J|59^E)R|9wDZ1Qpi1hx7yIxm^n`*A3-Be-)xZ-i@% zGS%Agx1Ld~XaoLTc-cEIFVr8s|H!%){{`5r)H>7ZXU}(B*F;o&IaqgbSi1__Q0&*p}QhlUMLE$=>k;Fj$F+;&NE6MEOj!|CV_ z>HLyB!UA=xa$lCm*xjs+1x(`X78`Z@e#_S^-WXTA6Jsp5p8y_p_HG7NXp8wXwPSIc zTQn}~q)V{#w_P+@svF?p*Rg27vo;C?{g1C}0WXcb5q527PtP#tewueEUBTrFoQJoC z!*OB@&H!5g<5vjBa>TOx-Er2bNMnuC zkv1}T#<*H%9_!l#ZnLY+Q-(L}X7g#r!#8Xq?UQ1qaex)?xArzrX>s8q^LbxIa#oKro8g%lBKEv%0Bx9{5OImIXh+f$c!ysWy^@^6(K`n60V? zZ>3+o05`OmaZk2}KOoWZNirU8{`165}Fr|25hh z+PBYQOxpO9JXno1fJyuj*_XLkPstcrBOi+FdSv z@FLP0!-G6tGm9^{Wi{3L|AWpLefw~})+pYHvkwnwui1vrD;$sby#Q{<@f^al7vHn) zm4_SjV$E4R6L^kEn3zst$_@1IVj36lu>G0JV_;dX9_7T+^UYAy>pN_{!ty!PARy zi9fiB>1P+u$zx>`2!vuc!=d9&QqXyGsLzL|KPqu zf8orgejIdw$vsT7@lJD$2%uxdzE$yWs8g^<(!Y35HrtNX1iBMl_n!CUM)WQ(o>4nI zAZNXUc5M8RX&|k=ax@o#;JMebHt3!`LOYt_a75k*XM;+X?;850AKX|OY29_Z%yMlCuz8E3FF7?YP6jx_#rIga*em!OSFFH zo2QFC1>M^kdxmkt+OQtz3}Ze9euxFu;H3WUC+VshzMo51J^#10Rf})GzG~6u4}AX1 zOKYhTFam|fC;EDFLyb@N^^EkUt8&k!tB)>yOND1|u5U~4i1;ozy7bDPTz;gtu?sc2 zI4y(|2j%s43~@>weJ;J|`E>Qbm!C^t@qBs#-;1A5FXTJ@d^$Do@>3mFa* zJeR%_KeGIB6@FB;;71LARHdFvUyUDi^t#4*UF*Cu_)$-<>*z9uA4|on`nmM=_|cSs zOD%se%vg%eP0^XI+r{9sjA>Ei>p1v{NSiLm; z&h!d-zbk!{yzA2Mk@wB%Tjc%Tbc4K?rQa^^tI}7?`z`6W$$LrqN_k(C&dB?^^!0o% zO7T}D#5>bjc}FR}TfT2j*US68>G#PyO0h=1YtwI)ca-9_@_k);Dc@0w zP0u$~FT8c>721MZumnup`utKiu!Zjf&!ulWihsBBUo({PSD$bCjR!t)Yx=eu3t#>p z=;`(k4X;SQ|M@>l|LVOTVs56=znXl33_x~ux}>aF;H-O|O@ zCa%t;7p1S*P(83>Lv{a(>SsR>qIW)@UQ9;Pi1@Db%JkJ=N#DLyPKK?nUAly&eKiYS zb>{l2WuH&4O4q<&!lxGwgIa3%^Zfc1rt$>tGe<9>IzyNJbm@(|TmhFwPw)&D4Y7;g zz0vnVp|LqeW0}zKE(^a`Y@tiOZyU!1l*$@Xc|yO_OyUZ)9h8+`VrKA>#>WyG4LP<` z<08PHQHhtP*!uBqORto%_~Fs~NTE7&UHXpdsL@=;096?eC3x9c_7|3kq|5qO{FtA>fVPF?PQU;a- U@j-55hD(6dF)*mW`4D*q0HdeJe*gdg diff --git a/pc-bios/openbios-sparc64 b/pc-bios/openbios-sparc64 index 62c9e77983e08f72ff5246bfbcdae3baaaea3058..46b4fddd0869ba8274760c74476542004fff9d64 100644 GIT binary patch literal 1598376 zcmeFae|!|xx%fZ3n;)C-YZF4UgrJi|Aw-cFt0Jvtq_(AKD`Hy%R2kwgF1@V*TA|$b zG6qD9T9<$pQR)&EQfh6a6fwP)?KVX&ZEc#`meOhiwo3U}o2C?Ffb94E%+4gckv-7f z?|tR|5nit_yYoKhJkNQ~bAF$hUHOsgKI-*)w7!2{?E*gAH)3slcMbbfu%=AYyk5=F zrV_%?GPHCjY-T)UJeV8Ly=uXdI39P4lVUtv{N~XALlzjaz>o!oEHGq&AqxyyV8{YP z78tU?kOhV;Fl2!t3k+Fc$O1za7_z{S1%@mzWPu?I3|U~v0z(!UvcQl9hAc2-fguYF zSzyQlLlzjaz>o!oEHGq&AqxyyV8{YP78tU?kOhV;Fl2!t3k+Fc$O1za7_z{S1%@mz zWPu?I3|U~v0z(!UvcQl9hAc2-fguY7tSMo6*gw@Dd}Asm_u-*4@U>^))*1M6HLonM z3+NfC!UU|!5_qP97sCAto(s=X@N9Utf_ve^QuB*@;KLQX3qC@@kHSYP_+j`c1wRN6 zD0n+ON5S{Qa}_)aAFbdm@H_?I0Ux8_+u`{N-Uu&H@J;Zbf;Yg&DtJA-P{Hfq;}m=a zyhy>9z{e~2BKSE9UIRZ@!RNwt1)mKsR`8kd5(S?QFHOa_+^A{cG~M&q23-pUG_8TZ z4g5XI-$wp6@%IFO-{3FIUn74{^S711CjPeb_bh+U@wciobvu?ye!#l85dF#&JQqGm z!L#Az3hsqpkeXNYz%NwrF8E{xKMKD{!4JcyDEL8mg@U)kFIMpV@Ja=b!Y@(q7WfAg zdX+8Ou-xBmn--t_*4aNfM22D_3&v5UI+i6g0FyoNWquDuT=0w@T(NO241D$ zbK!=9&xT*E;4|UV6?{7U!wNnPo~GcH@N@+)hb#L3iW0b@|F0;7EBgP6T)3kDugHcg z`u_?qT+#ne>47Wy|0!K?MgKqLAY9S^PdN-%^#6AJS*h(irJeXUDENN(Yz2?PZ&dIW z_@@+n2mI3tz8(G<1#g7kq~M$2)e7DKpQGUQ@VN?J2cM_lE8w41@Fnn@6?_r=76q?? z&sXrda8to&!xt#{On8lgPlw-{nqRam6_fh`>!Q2P!0$W*Pnq|4`jekl$DjPf8Tf`X z@CViWq8{w?@2SF&|1S9F75pgt3krT1p3;V-e-K`)h~Exhtl<0MOB6f`U#j3O@GmO( z4)~W8d^`MZ1#g6>^fB_k37&F}32%UZS&@D{e1(G7!T&?SSHQob;7j0NRq#dd|5WfA z_{vn=dLZoaS{J?~ykqIM*x{v3nSWf`H0sTzO$A4mHl2HPY172Fmo`m#XKB;rolBdl zx|TM5?AX$#>yIyOx~Y3<)BK*LO?RGL+H_a%(xzqito`T5;Ew#wgDl^+?;z&?=0VQ? zm4hsQ{NT#J;M5??e{GQEzck45HxIJ>uMV>On+I9`m4hsQ{NTzjKQ+kmUmIlkZMOV* z^#Akd|L4*F&!hjJNB=*M{(m0*|2+EtdG!DD=>O-@|IefUpGW^ckN$ri{r|kCWvl+> z{=d9=kmZL4S-w5~?if7#&l=?XR}8ZJz~IWC)H%rV+Xh*F^B~I)4YK^&L6$#jkmXkl zvi!i{$}j62EcpSed~RK!SQGiD`-9JhdrrsX9(*R;{sn>4g@I3p`%cH4_|xEu_5bop zxMKakyd17r|1U3rE7t$Z3*n0O|MFb8V*S578?IRYFZaR~>;IE_;EMJCNnLQo`v0V( zaK-xnq{DE<`v0VZaNGY+S4IJAQae27bSz$ellH?E`~Q=oaK--rq!xIdBK;k3#s2@K z?Qq5Z|D;BEfg=4)aK--rqz1TR|9?_FT(SQ@sSd8#|DUu1UZl`(3EZ9^oh}UJvk0!( z|DRL?KlgNTsQtVSM2|n9fd3Q|H}@;rzp}t2)Fy+ z(}f9GW$o~bPsijQd_P>V|6dk`EB61(THqg0q`w2M*#9rv4p;2|mo>sKSERoQuGs%C zYk({E|I6y(iv9nxI=Ev0zib8kLkj(tz^_#BMR3Lbe_0K@N)dl9+)(h@aK-+A*-W@% z|G#WHT(SROHVuA_LVhLuBMM#)|EPkOz(1zoh42{)o(uoDf@i~LD!3PZZE8NT2Y#J` zcfmiQ;78$~RPe*_>lOSUe3pW@!*5XV{cy$p|HLR4?o7r_<#{}XHADfhqw z*2KARQ<45`xMKf*;!L<=|9|3ixMKf*;xzbe3i*}r+ZDVVeusjWz*C+PApeE%g^KvO z@PAYAZ1^Gt_rgDynosC~EB5~L4p;2|PiTZI_Wvhrf-Cm_Cp5qn`~MT_;fnqL33YJA z{{Ms(aK--rgeCB=D(t@quGs&dPy%!ONu^k>8GQSh1YIt8B&U!~yF;Hwq9 z5`M3Om&4a6cnSPI1uulJRq$N+{R*B9uUBv{{DIW`{2us&3f={ONWqW7zoy`a;SVeL zL3l{P+u`dJd_TNF!K3i?3f=-f*Z-Q@B@CNu}3SJN2q~LY% z#}#}9{0RkL0^h9Qi{Rf-@EZ7&3O*MeR`A*IEebvp-l*Wy;ZG^}H2BjBUI~9j!OP)W z6}$w#O~DJ{O$we1|E7Xx!?!EA7yhl({Jb9cvkKk?|F(i3g+Hg@hvDB*@PqJX1#gEx zui*RPI}|($|E_|!z;`P64*2&Jd^>!Xf;YlnQ1DIg-3s0Se^J5f;VlYY2mii;uYmuT zf-ix;q~MF-KTz-*_#OqH3y&!HZ1@iqd?q}q;M3thQt)Z;Rt2ww|5(Ax;d>Rl1pcyu z7sB@`crN_E6+9chU%|cbpQPrcJ@B6@co+O<3Vsy+ih>`8|6IWj!rK(Q9sUai-w$tB z@F@J33f=;LRl#?_f2H8t;lEb!M)+?Od=vbDf;Yf_tKjwUg9=^;|DA%bfd5{>m%v|B z@I~;~6}$%i2L+!C?@;jB@Iwkd6Mk61r^DY+@M-WrDtIOQPYPZRe^bFr;BP5-A^eDf z=feN2;Mwq_3hssfztp^>2mZE#cftRn;78%_DEMLcUlsfyyi>v3;eS)`{qQaYkHY`1 z;4ScD3cdsW4+Y;2Kd#`7@OKq_6TDl&8{qFLcs;yF!Rz2B6nq8zq=GMjpHlEe@LmP4 zfyWelF3$&O3O*a|QSg~?uYym9`xJZ{JWatX;pqxq4$n~V5_qP97sCAto(s=X@N9Ut zf_ve^QuE>-_;3a9f{#$}qwtXmei%MV!4JX%3f>OSQSklnTm_H9M=N*>JWs)Qz{e=~ zc6h#mH^K`Pd=osV;0^Gx3SJK{RPZ|ZI0at;FH-O&@bL=12!4)&*TBzJ@VRhZ!DqvZ z6?`VVM8T)SOH=W|fBwI?5dF$h=@+nybK#Q|JR4rF;9mFzskz<*zfi%u;FA^nDEuM? zKMbFu;0NIq3f>OCSi$$hD-}EnzeK@X;2%)%9q>yPd^`Ly1#g63uHc*CQx&`ceuaY9 z!>1{D9sGj|z5@Os1z!TcQo$F&uTtPRXxT62pbK#2qU(bds`hVRESM>kq_P`bW|G8c8l>Psi-gy$R z&OJ9LHMlH<#TR3{00Tz51*~zQTUAt-U9!Wg71KTTEVx&KcnD{@S7BT6TDi% z8{l&kydFMR!Rz4j6nq8zvkJZhezSrvg5RRxHSqZgJ{N8(_-yzB1)mA8QSj;TTT}CM zmZf5HKVY46*BSVoXW%LG9#4P#)9U!+pEv{Ga0dRMnxE5yef~XF81ml*|Ga`9g?~Z8 z55rU1kn|72YZdX^;fob~KYWRTN8w8qyaoP61>XVxl7erC->u+{@RUAA{x`vwE8;i6 zzpUW(@D&PP2mcQRUjhG$f-ix8Rlyg*|5L$h;44${`1AKgF9{#K=iiGq53+pQzJr+m zn+G}nR}QlL@q;UW+^Ip9|JoqSe`%2AZysd%UmaxmHxIJ>D+gKr_`#K5cxsU4zc$G7 z+idxR_WXHa^B~I)4YGWD{5^Qj{};|0KSvHxE<4X#-KFRX+s z*8dC3;fnSD!ViuM0OFI=(yKeh+1SpOf}1y8yDAF#$A zg)8>|#~y|&*8j&IgxmfvJ~;4?^xNS%1Mj=v;rro={r|C1xMKf*YzsWkO>f|p^mo7& z`~PFN!xj7gV;kWG1JiZCll~^SV*h_^16;BHKeisO*#93}2UqO>k6i&Ta`hQ_MZYC* zdww*K$#?i7xMKf*Yz_R})5Ue-&xPv>J{zvs{~tROuGs${I~|^K{~!IQ!Ov63uY{kk z;N|cM3SI)AsNjWg#s2@;T)1NYe{42fvHw5T3s>y_2YcWbrq(am1y}6<2am!P`~Shi z@F|M)55n#K_jF+bR~I22(H-w57xk|6!GW64F#VK zSM2`>XTlZx|H0{S#r}VA8vGiC{7U#o6ucb%Q3Wr7e@wv(;WHFG7yfYt&xX%ba4-DY z)V!bvew~7M!9StkN8z7T@Wb%y75pH4mV&p#Z&2|4aK-+AK@_go|1W5Pe@c=54!C0f zzhFCDvHxGt2){{@{wBC$|G%ICuGs%CsD~@|{|oBiiv9nB74Xk0^jiYIS-}^<75o1M zHSm;s-~p>(F5Fb4KO3&t|1X#cSM2{6OouD>{|lzUZ&S#xgx{{<!v&+mdO_W$#b!WH}f`G?_({r~)f@LGj_?eN74 zz8|jG|Id%Y75o4BEpWyDfBp`*V*fvXJ6y5efrr?L+ z4=eaVcu2w9;p-H9KfFP~qww_#-U8pC;5*=tDEM~xqYB;#|GI*2f^Sst2KZwNUJu`- z;C1lF6?_H!2?bvQ->l$^;NMX28u*h6J{KNV@Y(P!3O*CwsNmD#Pbv5`_|pnr34cbx z%i&uUyac{Y!3*I{3Z4u9rh;d~w=1|8{;kwJuLu6Df_K5ct>8!D&nfs}_;(ciAiP<@ z+u_eE_Xt}!7JfER`7E8UIj0K zzpUVe@O=uN3;%Bg&xY?;a4-BPsrl$0_)itQ3;r_&KMH?E!4JcKuHXmZZ3^BF|Am6@ zhqo(u6#h#EZ-Kw6;5*>IQt<8YUn_Vc{5J}|34TDq8{ofH@Ot<`1+RnuPQh2ef3M(6 z;IAq8BKYeHUIYJwg3pC_DEMsnAqAfaKdj)>;cqDTH25DCyb}H=1uuucso*8>w-me( zeni1@;eS@}Z1_^*YV)rfZX4xVNG?L+(YF=u_*of74r+=mwu>`82O~ z&yPC%e4dd`Twhhs=GB3)mRZ&F)lVB&O4sh7k^~(N@OxI%y=zNK7MIZFwFD8MaQ6$JN+^Jbg&gL4R8xpI_6W zopoW6Ct)_fv1gW{m4EnRJ{#K9&CU5b*N@zMiT(YGhUYJ;&<#z0V@JNJ<#2B_f1zBR zydKY8S6-nvmXRUwd)~TD{c&XFS=Gt@q4Lti83W)r<7c^vUjYXzx^NCDJLuAT5kty;FEn_;e z!i4=SaXc*n&Clo0^EqQ(xgL->k5uXbiEqaZXyYaBBh$jRzQnI2e#F{ldc1~~ohT85qlbZrOU`Q7*N@G*uq=Lo+8KNcObBNrLt9X*4R zr+z(aXY+lb#7mS%{Nduq=VJrgm+{N4+6C1TW>8?VM#U{LbV~U1U9%9`WqdB88zbZTTSgS~88mwpsdrdpY)!L9BST~v>n`i8SQ+bmF_f*x;`Tb8EBW1>sd*%?w*ACT1*Of% zI!2tSB1`mgb&8kq_(t@IB-%VwaBG{SAu@^kC*oEhPe_6XNQ~30^McNWPGFkJP8+IB|JWuN?heB3>|s%+DdSGdX@z-ku|F06BM353-WO zCFSdB!r67?H1?y7DD6&;nNpo zCx=hc|2o3Ak#0J5aexj<=}sryzSHYp)QSET3K^FWH?lHz>TP5Mlfxy+m_)eUDP;Tx z88edOCgr1$xXsA;B{Bx&H%Uf-a7`&>`~VrILI(BU3?rij83Xd0D5L0I!fi|;;~8Ys zrj}83gt#GOY(d7<A94<-5j|sOtg^Z=h z2q(u)lCg`pwaB;&8MBhZCCPY}a0^q&n2U_&JnGNppW!z}y(mFt^a-{txi*O-)LeB9z=tX|v{A2*I$EMv^k{JG;s86Qd+ z$(U2dnogc~&=Qs3mT5&iJ3*j=VB;Uq0@3!ZsP&xS+ZZA2*M1VMF`OcJ%hioWjt2 z_fgOLd~ATN($F!vy-ccC<32`u8>819nqh^_TfK%hmg^U|p2u}TJ!qbH_m|_yH%$^$c(ceCdfg|8657N7YvK9eTv3s$49mCVqx#dh+CZF9wbVmq;0 zOF@l=?MIL&d(Q6IcHmq~=B31|Su6QK5A0gFQ09^Yb(MLg%>A7F&L?anuJdteZ%;Fy zDrqCFFnTZKdZVkyKp%izM_LDx@?TJrSUwMvhI!A=Ma%ZelxZ&Tk~x4nP1%ht?6O8_duB$c;I3)$h|Mgz5No-V=mkG&FNv8ds|_{ zmwQ*NOTxNqQz6on&-ikhd+!O~p4v!h(*vQo`fX8P(*wlw7aCfotYyh}d#w!~xGQF_ zQ%bxieBlu5TopdT$a;mWTTqS}&bkI`d@&FC7-eXmeyz2ZIV9z~jehJo0P%2RaW+XZ3OFKDcV!dr4%+~>U-pC1cl8ctd=zUglt@qZZ$9wSUh^bmPc zwh~6{F72q4mE9injmJuBr5tJM_X#__jw4o~l+52Mn+-Tc2ja9MSg_=+Dg8d}UEB73Uuc!0b-lLRscEIt;@2@+e`JHs^ z{aM(n;@@1`rLN$+MTS=PhOGN?FEPBmpU%B~PFmkcNXtG;0Q;e&CFx}U++Yp8iZ!X2 zeU8FO_k1VaXAHEtxw3e zeYOg|S?t2~@p#()Baigw|533YY=aY~!3py>CyW7mDDE$lKGKl6?On;6wQXh0Yie2I zXYi%#E;r@6c-`f-I@i0}=5Kq~$@jlY+(bWze|dM@Cd(u(Y?SHbYpJ8l;up!!?gCrq zFUY-yfHqESM*fC}C>uxDPp_-gwdXIZ5SgfoBQoEX>vlio1Ac;PAIQT zNAFn<`{WDg63UM_J~8om(Zi8{X@dO9c)Bkck7hRAN0?yGvZigJ%x7W^ffB82S<`*T zmNh-x!uR9Ln!et>tm#SmoBMyg?3s5Zt+wlpcpYZbLFzW^wNqL$O%MI%31P1N;%)yi zd#&H?7o`8N8Z}S0sRiP^=Rjhg;_^Z>c|XF9AFWQIiKSAvozGPXpC`&^ zsiQLfk~x=*x#$BtGVYRjm#kUKcbRv!;D<8jT0h0~{rcdwVfNZ$$e*;jJmS4*pH(Qf zWZ&>gX~S3h!@e<^=3lMtiCN*WH@HyqV~Y{1%9_1v3QCv1%DxeCeRcV7n9*v(+kWuc zNKR%fCi@n&@3QALJd_>rKbrm5*pqwdn;2V3`s`g9x!1=Ii4Jag#oK8Ac{0|Bk2!ma zWbDA)X@raqqVsFo@XZn4h!G6oGst5j#26Fzz242v^>L|Z64ua0|GAAYta&yGqwjM1 zh+(7TJMH~&Cr;S;o+ej@WcE2B_P5;c$JWyZ7}_w8TOSB>({8g8^xPfSGy6A=o`(3tSpFP;$P<6qI9hl8!TZ<+)K~h@jXur8 z_)XhDoAs!CAFT&BF~{6pP+TGTWUR5edl~H+<3C9cU&@noq;q)r`ky47Sb@|_9_TSdB)>7dqd<+g_U5Rp8 z|F4;vtXHv_pjR9Z=)gRuCdGPX z{&U3DljFwAA#T_FzY#YeawW__-x3*d|2j5-be!>cKKqBJd6sc3N6uTsxduDkBIS4H zxc1s)$cfANzs8uZ`NJat(1UueU%qW=2fxq!8m5aA|V zY==2kd73cXt2scJ@e(G-4wr0a^0|_HvQ`}X4@cK8qq|4Ko>|wDPVq}*>^8LgJh7|f zTVzRjes`L#$(bNI+aPCnkagR-cS`NKjN6We7$=F|(oTJlIMO~l^>e(WjXf%u$DTq) z6Ybl_MMmP7&-HJ{d9xUc6gE5MI?$hx{SnfdDsiR%l=|VGKaqaaUXP(HrT-+Ysge)+ zWN!mk)@3yMRPD)#p=}&pa-jSb?MiIrwoSI*O8YOm_ph^!xfgkMdx9oS;yUfrm~RtzBXR9Al6ZanLZ&v}wl{Vbdt>WH!iFeM z`z)l`Q}SwPcf5!#bZ=Bk+u+qb_*7M-JY`uJj1iO06S?I?yo+D0UQjLi4=f{OPsL^% z9X8Nr7h^Nq=4X*_r%fLt{r_6VpZ2`@pR}1tT#L9bi@mXj{cH+tgWYamziraS&}Ibt z#}wKx(2=?8$rJ84RmM1kwa3%q^D=%BUy<>O_+NCs85EzPKlieZ^k#Hfu^FAu-!e04 zy@m0UZ%2kUwmD-=q72oYb!sFaOTq0 z<(_KRah)=exgK^3%G|FmV0ibU^S)YB-(PE%{j}Dsc%{~y+E!~C?X~8NS8L5#zpgc_ z57e6G!CG_S?`zH4*K5t?9kr%)xYk_z$67P=X05sLNUa$@T5C4FU28VKQ)}+VR*|k+ zbKkLAv+a1Td7!)2?C7aAkDRPEJ9}%*Zk0YVzrx;uz1VYKHF{N}S2cQ7qgOS0Rijrm zdR3!WHF{N}S2cQ7qgOS0RijrmdR3!WHF{N}S2cQ7qgOS0RijrmdR3!WHF{N}S2cQ7 zo87d5+C8*)bpcJv}k2Elc<@y8p zE^Uc(|6%cA=ktTo@4Dr)`HlYy;L~Fbt>&>(WUgkWm)9g8x=&DP($zMa})7Zb}FSJAUdJubB!xQz2OnHWLnY59Fb8U-$ zw{kD!>V?c-NtguAI86_`x|Pj{_p^QBM{VmE5T5;Ly%}3|SZg_tYih$pcL^`y&ezfs z)4qm#`>@ThL_Oo-H1_7=b3=5T#=QfMO!0-pG%n$Lz|}_>{@ZsJmADshuhYBNO45Tc zg$e1GFjfzsNA^HH62gonOj)8F_BjmUlO%7nn@wYM@>pyjbL8b(XfnQ8oI@C?ThHP* zoP*6YwA)K$y@`79LxwX3dr)J(Ik`gLO5597v7oCdUGr_{{4x9|FI?7{(KM#m{Pv~I zI_%_X)*o8S%nYuxxMp%4%XK7I57$v#1FaQiKzy{dtcI(ub>E^_L^Jdz4{e1b z`K))Pug1QsE;m`Xi+H|&XTY~Bqa(;#<6FBk`^#ZHJh_~D{u|pYA5(Rb@uJt*kZEMI zR~LJvGMv3S@Kns&W_a=Y^jGx-9jgN$lC>xwdGWr=U!u(~#@1qU&N>$n*S5Q)N7{@l zdYan1{Q9kb;~)0h%B z9de*;qAb|{yzRsIi_V%?y0qJT|AgG%onf(ttY69Z56X8bTiPDxm8@M7ZqBr4t@oWwz=yW$9J1Bh=d} z>Zs26Esbl5)91?GW7=-|R(vxpI%QkrIQ^zGrVfa2wSBB4^1?+OS%$V?@%pPe=wDB@ zc_`PNCGj;*@gcFP*m6Dj5#3(+Kp5MV2EKb)nE9VJ4jsSuC^{zQr{DJPu^v@gA#$(} zc3DtHoUzoGLNANfw6D&bVW7Xh7be~e@@TJvOS^uF_%!XhllEBTQvXX$>lw3ek2U+} zSDz>P2Nrq)&9uGVmyKmUzEe+GS2eHQo^IsISP8ofZ<|;WNz@tr>}Ofxt?(q^pS z2}pX_rC#RiQV!`OWpCt|CT)Vu->q9 zU+dA*_kCQKJ|K-Y-@A(Vl7~9oD3Y?;>94izW7mJmYD0!q^!#OZd0Em%W3!p$GiYtK z#!O>OC~*^Q;FcS9=X_l$XDs67BI7e*_IV`Ig+)l~av7t^`0SC(b?U77yqz{}A$4eY zbBeMhE^8|9mBq_Rv!9EX{#x4RP`W1ND&tX8{QQ_+6YSJ$SdU*&EOKCWyJt?^ z`EzUaf(rcHTCIg^qfK>TMHr1Roo5l|Z)XUTLpu6dgbAM^j7~bmX9!b9m@Q`rlXe#A zc+Vmo&sn4+Va}uvbCNTLIpNBZ_I@<&7j5Zv%(JtfP79~Wn&olkzT$_^d?2j-k-4k* ztN6OKC*qSbFOJvQ?)CUhr*PMAU4LE~>wXZ{O}esXGroPUZaCovjA6TF{2zS&D!p&7 zR@#?c6C&etukXF@1=`5O^ce@(&(1NnaOUgXOK7*719$a)Rr&{TuZM(^fXJKue8(~e|D?WsYw4n!Kx%$ZM;v3zI!WbFS!D}*o*U?t7*o)>~%AKt+=nE zwtVME%X@!CZ3Sad&jS^;GAFKjysY`kUHK8uV`a@(eZ9Q%O6FZtX!m_(%<;IU*NrrM z_{%V^=^I9BKA%R1v)?MBKN?2+FFf5(Sh0nCChYJHBaJk|${0k#<`8x`VKd}DX{Hf= zxQvJ8yTr@hZ((De4IIhZXh0kB$np)cZZc}s@(m&o9BQ1j{4q;@J9^@?5LC2I7>Vr=2o(KRee-=bG#IR8oDx&!@_o5%#p#d09KM%eI`k zg4|~vDX@m~g_O5%+Fh}C<({l7t-%!==TbtO+xhUSozWX)W zw+^0PT_}Dk>Eg>3_~&Jg-R-)ZH9V5z*5~vz10QI_#x)080yPI@y^6YJk6$?JmA(_V z+ns63yds0Kw8q)a1I!aU+%jh!*l%r(c&LY2_Lz0PX74*N#|<*|+0#D1suMrymTip)YI^Fa<7BaO*`1?BdALnl~e?C3lHh#yV zo$U07hiMk)Vv2j~a~1?d@A@3thX6W0|KTv_Y(1^_PY*MXzaiK1_@peI?;pvvIQ-iG z{S$mYk?{S~e7D~hAmtswZz7%7;;+Tsd=A%zO@GmznEkwc{NA-m_mJibZ8Gx>ZCqIGSf9r zOx6h)gL>DLMZ6MDp6{1%vTiKlRtK!i)q2FcS~t95%2&c<9t@+c!C%s4?EB!BuqSs<{0y?BIm}73KF74v zq*$ckLcNO4h4e@n`xCEvM?;*f&OZ$Q-Ww$qPF5P_8yg?vG}lQSLY7 znws2i$TjTyW0>p6{SCQc`~HSpYt)7kExQ2weFOVR*hh0Cqc(UW*#S$l&m~0<)`g`X z-rx;OJDZiUCw4N#o_kz=&#)Boe-oE~tF4#FCq27f$(Y4Sr&rQ(@@o5=jA`7w%6l55 z4A@tCQv4A+EEHd34ly3Gj_(Cr64p9O!`k7}aM~YB!~Qo*!^4l1h66`S!+CF)hJ){vhKo8& z!+KX~_`GAK;j-hU;S0MoFA8GkW%ST#1((;j( zkF@}WURw}&=%$GFU{-k4gPyQQ(qB*d9i)AjbpJ@2 zZ<5}T#io9Av03)^Vzc6%#pcw`#ir4<*qm`}u{rDbVzat?v1#@!HW!{;Y}WQJHkTv+ z9pqbmX%~k*kC5(TA&tI5qp#3xA3LoL7hBpB+On&~CfL{e(7FhI@sGcWU)c91#qX)g zpieG&l05e1YYzFEL%!yauQ}vv4*8lxzUGjxIpk{&`Ix_rtscclI-5!Wy zXQ>yd!VLNH|C%o^9P(w`r~iNVW%_B)w=6ktZF%mU8rI}ls-%DG|nd?!Hg~E)R!%5?2`n+?*FMgeE&`)=0UQ0{2zi(&wwc z#pJKmZ}^#WXeHOj7z@e1{~jx(8Gi8@u?u0nGXL}LHO`eeTH7s#R>zph3L8P@TlV|1 z7#}?$<zs!C;=hCCu_+^r9Bs;Jf9(qJQwsE*|%d|g0qX79~|4tFzlg^> znsh_b+({YBS_xrhL~pUQ7qJ`pk$LlQ=Jn#|JH^hsy;>31aeQCaK3@-HN41g8Gb+a< zo~l_EF%rQYovZI=>$n*Eb$A8 zKXu&Aab3kDQA%w0S4dllQo>@7HLb7Z}|T&^7Am zSlWgR`dqD*7Ls}@Z5DmC;lrW&M}EfGXE+N? z?Nw|^o`SnFbe%i}&}|%RqO`Mymo)^*djW0C6SC%LKdTckvZY^QeUkM+&GYIq+2i=^ z^tSn>yQA}OZEoedDAtC*zO`CMl@;z_?MU-Ia9bp8 zZ9q$}=b7~Tuh7!5zi;0yk+l0R4*1siJ3J-bvA;^&w3l{D(vtN7@_$tBN&CB>GNpgC z`xeS`EP2p-DAxxj)$+bdL&~&}G%F~}GRiWY@b)udQl5k#Pq<)9fgSD~!Ub5Hl5+P; zSSQT6vZhSm>yzif_8c9P8^T4Y9`O(?}xH;wY~+<%3Ry*s?}-c2bJ)=>QSP3_RyYmGGQ={;4M8)<(ai$1}&sS=n1hPbKdK-KTfR9-EzRJI^CaS_$@j z%GH;5isn)F@=nn_3G*+$Q#8+cr>LEVGsd!Ihz?TLeeWej7pccmZ_ww-#Pg!`vA=1X zzrc#hAO0C#w!jkqkTJEyf!ps(cFHGd{KI=NlfpXreNuGk%WL%(YmN9m&&vyEkAt>S z#)HSb5=Lakbq%i-y`$(VXZ%IJtH+trWxc@fJokN_JOg?7V4CM7=S_DKa+wm5ei-biU-K z!~HCg$2GGVy}4fNeE+z6zMgxwE~M2fVG?CqTkU6M8P6JC*H(;sGZXD4pWU)1txKHr zFHT6`aPD2z%((tc>E|!hlFEZL&k-41i|nyfl7IL9!by9gjM)iuzMKV+voX>p*XQUO zCpe2}V|CWkeXVmASan+1A6>k_lD2>3&$Tqx#)JHgCth&3w<@-KBA@lhc*exzdB!<= z4QaGihyBv7u$Pfu#~cV-y%()LgigKho<^sa;yU$yzuyME_W2dU?~;3obpky%yY)?M zBkiEned$M}|A-o<-7d*H65{3CTj!Rq_@?x!N&Z=&+xv6kqtbryejC5NN0+JdF64My zCv_EFYTM=;p6G!4o!o=jWA}emPoC#Z7aKVGen#|__FC@!Q)$wNBTyKt5Ngi8(Q{S>gxCD zgK6`8%!$X#9Go$-ucy}VGyak1pVP#C`)duaTmR#2=Bc;i`kp!}b&)f1N2G4XbwBk> z;_*D+DOvB3X9R!VpO;gwJMn%Wugj+nN*pJRA3O1WZqUv$E~ zkPvRKlYXm{epKf3gtecmaO8Z8c;mSDO|GKnHYc5D64Ke}q|@F1&W_$p=icLT&++l6 zoPPaG^*c}eq~Ets)r&uz&fnVbx46%ox~Jb~PK8AFX~XON&k&uK8)lx9-scn2`-&pH zya8ps*va=@&2d}KTX$3oI)1RoVGD&dmuNxkd1HbdYaDLce5TE>P2h7KUY)={oWN&0 z+>&yXb2X1rc2c&i<8WqQ<6Qiy%R^lGD`H+TUcxX}_^E`GG~x4j-$0h=`%kq?l!KI+ z)ajA0X!cqwX!0a1ue5n*KR;=oLmk@)zHAAh0!tEj?vzWzv6ZI$E!{!`a?`1~Cwf8UlkgqL{o z4tepndht6a&YpxgjS{DGu8hx4K9nH;3Hv^4qTIhP;r^rc{apM0Jqh>i`rqlb@Bc@_ z{dz~IwW3qoGWy`8vD3*qhg-sI;iMC8RqsA>GTIupj6PD?Ze(gFQY?Y-e*QUl}X7 zYa%j^mNA2@nTA+j;*6Ax^X&6t@pky+u>N-VWTDu#6F-P%>z?N?(*3;i$s=b@(Yxw@qPw`u=jV+o{fM-Aj5tNw1Z3B~4j>Usc9Dj5QaotS`B8PQ2Bh z{}adKa!wqJ%h7`(V^yUdK%Os(Op(pCZ#>|%sb{^1fK8k+?uq~Ix5J48BG<8N;`qhO zys$#zbk=*ral4#I7;~T4f5vzXJ~!UC6Y^=-f2F)S;!*BAH}+&gyyqPIJS+A|6<@~X zZQq$5POgh5o^;}FK4aV$K0Gk4UH{SLYiEqRtv~MnY>aYZft1fbm4?PxgY_0!FG(Kn zocLtCtdrlR)etD*d7)=w^3E)o=g9lC4TEzt}pqtk{Yohk3xbG{YSWoOo8sQ`Sj^C6={YCt8>%>|%{l@*(=NRvF3O7a7L* z#eFtwz?t*+KFM0DCF>e(%WjSA%I~n>AGDj_3W?4yjmTPzH)8NkJY8cBlhoErenWn)Y2zNh6_QrRoG{9Bgmvg8?t@}9%! z-G{8i{G{-6i@ErZWiO4nU|KWhHaj_Y+3b~mzo*@;Gm5yo+_-hbjS{y`>N)8VKkCL8 zzmRft=D(Z8mQtSax$p6OS<@FE5I>Rf6(12_;Jp0_Y`OOA%DJakQO=c#<&19jyZfHU zzY=Z4{cRHNbn;|vyNkVBVeZ^)M~OC8`U;!X#@`R>GP!?@bMM~0RyO0GLgt?SizRK= z-<$Ij-xc!q9QFW0iFz=t3&-1;p2hCmg?o?7Jz4YjviB;Vxwpj$cc&YUJlrk!ByaFl zZW(aj>HmAaz&OkQ-K$I~qt9_(*Z;lC!i4?I?1VIKchbGp<%G4z|AdpVxV`@=G6UB>WnCEi(WiAtJ@ZLFEVk>ZUJ%;HSjXC;$v(Hd zE7jY|J0w_R3ayO2eKWd_r!EI8IcMC%efC=M*|%?!_ese2HvZVZ?vBpY?BDT`cX-9? zU~!1`(I9)uSxz|*To0GEQ!i`bedms4-r?lcFFx$H1>`Fv?}_k6EN5;J`)M2bwA&L{ zVwpy7q3pt@$IBXo=0{ck%?xYF26%-<9xMa^CF(P3h~=UA=k%S zu_f|1yJf;!O`mPh*&gF0=8<;!H*vp-waV4@)frkKF|P^v`~vyxKHD;2F5%(*7WVTX zbzVKl=b)@r$+IBw^m&&pwsh0y49ULuSS{A&j8Q83%E0XF_mldLPWp~!`VMLPOUZW~ zZNHQE9M);*J36!p(tPV?-sOZ5p9o{aD`>N~Tv(xtZ-mn{o`s07&0j(qZJ#Z+R?*%y zYE};AHul&xW**Pq<&g$;d@b%XD z+uqt4l=uI{+pcvhc6z?c8kUq3{e`zRgL52fIahsW?A>s_>6bivUbeY$%&dIq0(O2?o zdU6+fE^uVtCw;?F$qQlR`BCX3XJNjXv=W=e%>j#HhMGdz`m<9+ioW9 zkM`+o`zbm%NcyewC69)e=SN=aMxR#tRQb;PCw?p6S$hqjkFVrov0vHW(=6L2JlCC- zLwxyj>$2;A*l!B+hN^XRsFV?AE*vDf=hoceUjA4dk8i@_Paj zciV-X#5o+;nilaqOC8vncR0-NYURtjokGqjP`Ght5&L%sH!Bh>LzU#E_b zmd_#H)BbFFm}flY-C?KJJ(u1g>w+{H~cI@lLzF!sl ziXC8GQqE!vv4iAS%6ogd!L#_9U&?y>n40hr-to9#s;Z@htg}_d#2Y?BmbS z=6ri{nD+XVy>3a^PfI=}FVTs*yhCG_lt1ZeXYjkLv1v-bllNi3P2`N6j9sOzqwJm% zzjNCy*1|nafyTgIbhn<4_-y}ry2Ddq`N!iaDV?TGF9?9RD*5UZq$@iMlb=$ur zu3Pqr?K1h`eIF$YrLNN#trOolT{!&bD}<|+HcQ$zX*1$uYUZ-e7@-vz_;O3DZU)3p z#XqG_LBHQ%EAgQPQoqHHVq5BnjGgWlf8m+V!**Rp535o0RNmEl{OHZnU&?QiRCS9l zJAQl}c`XX@jtTCu)_gL8UTdX4ik@!lk}W((?Y;`k0ip=+t(zWw)Q~g*+j3N$Pu3I%^Ccjc`A{-qCuq)_0E3u{rzux3-CX zUQ^Sh-^0caOZy=4q>b2}7AYbuK7RbmZN!KFP|85KbAM_4{y$z!&ci>tLf9qI7aI89 z-&UNgAx};CPrjr_`U^y^q=7xQy0ZJr?H{k7AwA}4CA-mYzSsg^wD(sj&t@&eI7B`T;*E+<-1dgGHBv-fI4m*~ zeZ%z&#(8BcV}JI``=*HVyu52l(vWm{=aZi_N9@hq_LjWc+*cLRC<84^tLlF7@`_5H zck|p=(V^|utfJkcv^3(&9xTt!$}^z1#&-K7oNu)}Qg2_pTxaYuKDMf&He1eN%DWvz zpWQrkyeTzNK~@=D7mUJm!=%#{_6jK?OKtF^F)_qX|F51xC4(@d>M`f%FmV~haFR`vQylX+lOOx8!`T(F!64rjG zN8O9gZ>^i!A#K49?vF?Rw`~1+A*tvs`nzQ%cA`vaM@l;hzm>E9MeERw@I~|u@=mY< zH$3(!a`Q`Gc^|c|6L+uVSHehGN!JaxD=+@e?RZ(}jFFGXJkbdq!In|1nNKzCKB(u5hDY?V<&qCW)4oR7QET|A$4bc4u19VT9cSfLVo9JlQ&u#H~)VmjbcB9XH*N>gFK7N+^ zbU6C#M4x6yALk4~uXBdL)Vzi^f;CltDAT0wzImO@ooLtX-+hv2&+yf8^6VMoDmlwj z6q%Cz4BA=dsnf~RI`Y(n@4e>cDf<=r585O*PvT?JHm;2Q=@0Dl&<^yDAm6mDy{yaI z?J4!E_XEm{lq@myVqj= z&O2}>$b7fAfH=rL^=FAYAm1r`tJG;jdT%7(8;NV5A!Luo-h<%#5vhaauUOtTTgItB z4s26gJsB@b|MEK-7nJYUyq(^7+q14R-u6g1(u=yb5c^<{ycBiLsk6P4u}5e?UQ+mF zNtu)(`B)p@C+O`v*L{}pr#e0$zyEEa>o;8=;B(}ku&L8eoa!Z=<;4BE*s#A{K4t%Q z*noEVt+;(+yPEO!#4wm z;@*~!Zu$qw7iDg*y^G%B---KaoPkD{*dIh5b#}Of!KdZi{0*!#Xx^@>_oS~ev`@?-Wq#+@P3CrtQ*>=-exoIIRQ77DZFc*S z-oSHKq>q1|dW?LSTr1_7N^}~-SXBDD>Udvss*rH@Z`Y1So_btUvNrB7r{wp)s~P{l zDe_3`BkX04i??U71wFS|PJh~)LE7V~TUXis@QRTq&xx}BcuMkqmgO9BWZsF)8RWwr zr^}eV7=2kMs0!z?9!a{ge-%#CJo26Ojd7P5T9NfN-P49X+5A?e=upCM!bNWhlmGW7 zi*D#**MGSu&y(;DCz%uejra8ivR^SWUbVxXs;11cnWJV1kC*4E+aC>R0Vn*QBs}|~ zuHS{$9nq7@Q`Rf7Q{iN;vW_ZcC~KDTK44k1+)92L$ph<_8|B@=7f4w?ZH&t|v`bc9 zSnKP!#qvb2(^#W0KgIkw=V`)*({vAc$R*u5=oFxACp>MJZSNt;E6i?BWnN2|$Iw^a z`}Yqg&beFzCA`m8(j5@?YfjjX#x#>Txp_h5^|9CFv&bZ^fW&2Q+8!@q!|%!WhIDHT zSI)tlJV{y2Le|@oF4tEiF737a-r;Dc-?QtGlq2Egx#z;O^auO*!in<+GWz-q@;DB? zO!OwNy%EWObKDl+Anm?qwB31H!kVZj$~u+19wl6uoUb2vu3pwL+gLjl{dv~T&+~#= zJd>EsdH$))u_}1RZWwXOINK)A;tl87FP&#C<+;KUgpubf)zCiiIav#r_OEh= zcD~53E6~wH_e(!XT%EMDq^}emn7@t}`yOKsE4m;n+p({0YneBRZA2GGuMyZlbQiCCcjFxDN|7AN&k~Ms>gZE>x$l2K7`2Ug(cJ|xg zDX~HQ1m35XVR>aelrt>e;f7Yc>Izend#o#YzmZ>KpDC5+TIv`d9`Kv;?2_-G-^|+Y zH?#SDo~gg~o5LQzptb^EE!#BO7*3esvi^&&jv(9!!UTC&S32QG5-zZDv^Fft`|t?w zm+%sf@=B)-c`dp$;uHIbkM5$}#7A7;6#r<$=k~I;A$}qL-9C3PXC&nEf@ zYZVsn?y&vfEc(TL@jmLr51409rTwwbpd&AUu67+39~QqwU%L)F`s5|lqcP&Uj?c<- z%62_U)QPmH!_?cY5zl3&cB$;mA?v5o)=9mw!n`AbIwN&M-xTn3zk+KP*D|izTy?I)xCXfn=Nf3^w+HwJ}Pxdepfv}zU0|* zsrS;CNqA|Or#j)Y=(FrTk+2m!t3KN4vn0-N*{dVIq&tE*(tk;OyMIK6JijjQxRi7y zd=7ENjuKw_#0sa6ai4Y1bHec(Fout?@~pdr%_pq=tUJ&Dk3tXodG}x2b;(G}qEC|k ziRb^ltly>47BNmad_HZm{5HY$ZePrKv_kTngMLZ| z)Q*59^Wz^$drlps9{RaEHag+F? zTxDI(y~;RBe2{)u_C93J;Jzy&C~K*PcI{iNrEW}|7x@S;dv3D#Mp^2zuFW~ZjWTwZ zvF1H5$KUfKX{QJqmaw)yXAavmFf8Kjf3aVT`HFnt`k-@da;~k;wZpl-YL6E=OOej| zv)5+m)R}N*U52#R5$~!yW~IsbWB1+Kt(gX6e0#t02GOxS(@Zn8^z|}^<(v)s+Kdx8 z19U0uV*X?vA#=d~HJU?r^Sga|U8Xs_hqy9#yqs{-R>}BF_7CKJ%`NnoS5zJQi0mWm z%zvsHKOA3ZY9DCO%;Bw?p>^@@4c;&0v%+C*jX!pBM~2C70(59QMy@>hT{<7y8y{`S zgdIF173ExoA=d6H~kDNC!qKuj4eV>va%5)2P$)au*@cwUm%|`Md zDlTJG6=zM0bd+2hJfsg)-`a0J2n{?Yw|MT}(NI9~$ zFg#JO2F^Oz?MFbj_sY?MeX!Dnu57-4b{+enGS6X-!hB5jkglb+_RmR3*D$o12PF^Q zz1oaAukLB_>S^8lJ{r1LwTxPMQr>SHnYium%;AS~rr_N*JZmoggT3>+STBp_+y3O? zH<-rDK0oz>@jdS%q5T(qv8io;X>X`!oH5e1^|xz%dx+~RO-KI@-v3j2+C9OQv5r5$ z){-ZC4?^-N^_g=Nf8U*<6|ufCoIDhfm-m<#4`(k{eiNpU?=t5s;x{SyPC4Tnt2NWN z+P~*yC=CNN%;z0b?^Y}cO6#CJdY&i%!Wd*^DLg|IBz zgOBp=IJ-^2UnT!(*oX6%n*0WmMq6O*ovQ~3cY)n*1WfE>bNk$LG*`c@F8KdZ_xABs zRagH1xerNh!qZIxAwVK0fs%*_5i3TmaN0VWZ>O!awJlXE2e8U?IyK*Fh1Rw?4FRG~ z#}H7dPU{5;p;l`|M5NPt=T0V4+S)r7m0HCsKGAA5MT(S%-0%Cd&$)0(!RmBguiyOs zxUYN8*?X_O_S$Q&z1G@m@9j2v$Svt6l2I!f6J`xT<45Z{8awh|Xv{GFVw($-q4b3> zG)ZnbR#OG-XI~}fWf2=vYRdS$E8j$px1k~Hv=fqQ!;15yzh!>~Z7R2PnwXMdf_Hpb zjeG7o!QU&HNO{hdny@ohp1P~4d(zgTd5VV^OPtAbgJI;=%{{FX4m>dH7!AeKsS3AI zZB+X>!#(oj`sPBlaciAoB{TPeU$xpVztIy{xa`dc+FfWBQ@750s8XH&xo8*d0H@qK zdNn?g;-Ed;-(h2uA4d!Bqb3F#T4>yU@5P@c-pBt0>S`UCuxfZ#U&$7wKh0fj$>w>p zTSqe1fTc9zx4x(LkzP&O9Ars_Pp1RhwFV9DV;t+kO=kkDwZcUwn#KA0X5Oemeifwc zc})rI;rPPvW$Ihvdmg1vmedf7ldkLTPK>NM#h1C^Pbr;PiMNq+Huv5rKETK?;gUGM zT{^p|5ttXreg$4PW8_hMf3HXm2*xPz8O=|zEs9%VO#e_ZGWl^YvXj0KZi;)!g8&m=I#yrGhR(Ulg1qrZj$t?m8S2=G-9Q@=jvT}=-Xe9$9euojDb1Iul`ft zA(zb^m$yY*vMWE32*%m->qu)RzWPb=2Ynt5vl&HvN_=Pte^w*%?1x^L6`FK$_RlG1 zY4B-QAGBnje?EPIJCQhd+CqO{?#75i=}tRqn71xEPr5p>w96SMWjmtoM7|ZJoq0{< zvsX;F6@Q{V7DFgMHy_VqV5(dl~l@m8BPTw{Uj^^SmEV2W`wvF%17Tsz+t;^ zNR6~AL^J4PJ;8Gd9uwV6UmN-P{8ZAmy+NP+=zYmDV${pw$*pg|e>u58e@s??gnPXL z=3n*aS7>vYo?GJy@z~M*B*b~mQH)mRqVBuPNtgWTEIU3%>m+@s`&Bb1fjK*z^5edM zXU>5;*7v(OTlDDpeC9r5`IMC|UoyPFJ#+9xneOV^^%i_l{RX@znIpfl#@)RIUO2g^ z`{A{5|BfTcp7llD4^zG$Uv!l(Q?N_8kWjdbPt>pU%UtzpH`oFZ^a_LDI|x#HE^X7qp2u+g-Z< z&n9oB@)E~|D7x@NI||&1eZXEp-!mp6+IK`Be>R_ZpG}G6?y*#TgX$svuf`R8)x($x3*I{F>6qxLjxPEvF8l;zP}wEODpxdz zNAF}@D*mz1B}mhQ$*Y|74`s&G-jJ4 zVdft8L0PfdK0o&O3G`oJqfdq_k~8dBnxAl2zxQ9CJla-`bJ~Y3RFhO%jt2V9H)3t} z-?W*w=gK0tpU&lZct(G{@-fcFwPc_BJ+i`1lg^sTX8I_1-{NsL8St*BJZrm$?-LIN za0lmMFU*PK2`PUSX$RCF(uw4+-%{vcEBxKB(ihb^$k?dSkDFtpo2+p4^^w$?m~&j6l&>c8V{_~(|cc%!!Q;9T3zrEQM;HoknLipAK( zdrt-Xjz-&!-g+;D{#Tuz%UGN1)~DtopRlpLgj2kfdp$RHBowb+E+12RuFKqA@E^z_ zqYJb5w1_e>ep=HbUg5c`b^t@)Zk^#;==x*)G8eUV7ForD!PtBeJG4=_)235}d#T?J z6Q`HsGw~Sv8ukQyGk(R4%+Y*<@?cjU<(uPpnescu&(LACAA|Cz9V_0j59IenZmrJr zhn3(QFKk9TVa|b6+^fc``iuEJqOp4Pyu)TM)LX)wjx=Py!jV?aftD`O3T>8r!47!| zD=b^E1HY!R2hTNe9Zt~JK|Jy&^vc=;j`iX1ijFz_wotch4*ANEo8}x*^xaU{vA&nC zt640Y;w)@Q#=v6aEpqjO2RDzdS!~|1mwERBJuBa?G&CZA-g(W>9-#hqWJ0<25nyv{ zXC8Q4yvAf2-#eoF(AJ{)IUDg6!4KLoh~Cd)|JQB__9A>$dl8hcoF8|19#+3~mTCOz zTq4)#&G;Haqzx#BD|kLaT1?OMTg5{&T_cw@b~KJU(SPaJYw=Y#=jfz9Qa$RY9B;hW z@ujii^W3u!(T1Jr3zJww7t9r1^(=noeG2bYKb{W%V=ssOIBzqro3Y>)nWMn6E z5$zi|qC98%`A42OCbG6)KJb?8z9)&LbqBT4jHBb*xbGv-bD?;ZeHKn@c@kN-@2OxP zwxN+|b3C2*-S@Z76Fx2WuFcT`Us4cLvd^3k#Jc2%|1xdBoMi?be)*Sa*?(62Qf~fh zhX>>jyYY;M2FW?}*J8%NusdR`Ka^PEn_0(Me#0f4J?Y^4b)qr$Mq{_L$EZ2pY9);w z-x_nG9mq=d5ozxy`^GpwpS98s&eVce%v}mASR3qYw2D_X;$N8D+|a@KKT9U}G_a?k zAxOSnh8wGm$>d5jze_TR#9f{}~k zfREld2fh(Mh}Uxcsr3!XlJodZpE54rI;=RaAYZxUc`mQkv3$9sSpM2A%9A&KP8Nq4 z#LVqGgYkn;HEY&!-(}e#hH+mlWj)INL}Qn6{w4j7=7+59mS0KxzT`)e>@|KQqkCGc zxxdf>FHP(iU8@+jN}Xdu8;@`YpK$qs;LuOSnq$r|@b-^9ejL8F7aaw<>>VN)lzk&8 zYhsuu@131Np!;|P0Z@m(voBiq~duP3t--rL5IXubyo#SiCE!OS+B)kt^YB!)y z+ImJ8;;ud`RL{MNy8D3hH{fH3wPV&R_|Clm`}Msg`&(>$yT1P`#Pv`{`P!6k68>P@ ztL){B2A$o(*&L=kXEx}p7@L1v`(1UnnD$(v8|@an9A4P**csRl;aOSjwZg7oozf1a zE=|OGFGcU54xL@iIE-OOvgg`~$&V)8jd{o1W5AyNw{~3WF;<=882&VkTk3g3-^_SG z$5H!R3mMxnr?PgNr#))2SJd_}XR;6LLHEFaSH##4E%UP3FiPN!4YOst=$wtiT08AQ zZ&JAjz7-9jtBf`0^AK0nT4#+(Q0F?%KU>dp5A|#)Y{_mZnw2g2l`{-|rd%-r{EtI6 zuxH&FclXt^L#+k)852$w?P8t4DiuvS7~6a+zZ<=D?NFyo-{CRE=WmuRWOQS;xr1*h zu-OM@jjipq%-z|&m)mjdMAn+n+b*|6gBPSz)h4}|=C+jlkO?PV>so~=e2}Ccr2J7H z;e8+HrH&D;c3k0^^+M`ht@>3jG$}W+#iX$hXNd0PY{@?JI()%hww`5pgMJqM_redd zztY#MPOlQ5nmMzKI{vtcI=zHnZ-;Ai#@ULAq^Oj~cDt=01RPj~SB3wQA;XP->Q z@3)V<;wkbg4q|AEI#S@Gbj)4$2YHtAOdfdjknqxb>Qc*6KJa}^{(Z_ByJxVkpY^L^ z$uy14znoj2xth6kwPb~4o#diqn`EKn19t6QsUo-1$UfSEYzb@5Wi2O!&dnZwodcU- zZ+NZFq>aeVlm5MLk!9jW_Aj!KF?;Wk?I$=!Pp6FXNH^~%{X}>PAI;r86%&$_f0_Av zwc&SgSW91olTI}78JIghkOPxN>r7$N>bTsA-96ckDBWA<#3!_j+Hwi4Q(Whe`o|-YV7oBxKw6FJMzfD}Z*+Xn4_KlpgBVIt8UdxEJ1?$KEIhZr6Ywo(ut@OKRB`GS!A>EJ*Tg)Ny?`m z;2b_+&r25tX|3@LYi!5PpxQQPUb5t8R@a4eiM`blOf@HqlS4CYL9*dKH z6K&@|YvP}BFi9J$e8dKiTaEoizO&$IY>io2)`v}uekr&Lcjd(1BTO)cNt94w_# zzFBor&*`E?F3rb1vx9L|3H~|UE2$sc*&9JwGtV4{yRCHM&<8F9ckL6X%!hdlciRH@ zapWrmcYH|i2KSxlqxOazegW?(@#|^%Of+!k$#(hDNX! zyiVylZ%gk9+ZwY;W3|YQbKiIT;TZ|eKeDWF%HK=F_|cp-Zmesa+BT_2{PJh5Ap_^T z8_^%szxbA7Yu;~LE!mwJ){5dCg%0UE_v43*w}!28lrPmC-YPe!kH#JAqn(e?&VJ-G zv7+c!z+`WIKR#Cc-U*9wJr2Dsmi)@Be#iRI&-Q<1)`0`pGww+jZB{V4+Z;4p%xRt{mE2AR34Jtaw}DtbS-17cQym^=w(SN%rgW%w6EIzAI)O zATBp@E;^yUQJ>bkL%m-)o+p{}jr@9GrYkyckv*ur4djIncK%qn3(+F!t-Ii*a#eYTo!E=D@5!RqNZTBDAI}@=|Z5bXmsO;nk*} zIdjf(LT%`+(s`sCwG}zxWOE{(ZcbG0ZBDR`%~^eq!HY-f@_Z_R4E4v$;hzB$xpVk2 z{^R(C8)_eO(7)^kjUW0Z7IrPp(6k${XAVj>d+V$iHqYC7)_0v<=q0@BT6m?GZ}18_ zzZI6>7yMt;ox=2eBk;9Hp{lUe)}iq+^D zhA-gE9`d21gf|X%LdY6optF+Qg?`^;zyV!~J}~?M?Ir8svmfcZe!1_o^>L*M7w|TA z6W^}Zn1kPJGp5lsR0evlP`SV+iQ*SGu`04*g7h16>BKP~^y@(X0j~Pp&ogj?`1=?R z$I{`CzY|X)w`^#Mo#@lV!=EoZ47@)75Oxyy9&HzJq4~g7KJ4eu5xzSI@tx`?&s1QC z@SCt+Wm`)ZUm04~XjMz*Em{0h$m{SzteO8({AK72jax@Jq1tUuk??>=he>bbj*^hh zoiN|%uVurXaClpiGk%O-pgg8eXgl#=#hYh(|7P~x}sF#W|@rA2Oo;w8h6IV06)hX2=E;!D;Btx9a=Kf~A6 z;_J4sV|bP`@b>AO_#W8xKCeIhO|=0&{)5us(R1_VpvJdwmHdAMTu0F#TZUUz>U-h4 znYAm{(S`|U#jm5^43n-6-G2@(#;ISZ%cG8}O@9AzCje*E7`c#DTXH;Mz6&p<`LuF| z`toI$f9{n08A+#H?G46ZWuZI($DBo<_wNLX<-}THz!~jXB zG_Y$eb7r>M5!A6kaG~>OZ~eU;oOQ74?%>-e`DO?Cz8`%17~kso=BN#fv8RY_Vjg3i z728$q);Qq%(p(#Peofzamwxl2o`s9x33g7el}>vO-=x>d=49U1xwPNwZ=Sb7dCudf zJhDxd2cMDR!b~37qjN@aJjcCN&4%om7FYn3+XSVFPgXGB;|Xc>pIQ1IXgi({das_#%GDYD<6*9 zq&X$^9`~;WxOR({#Cw_Zi`3rUIrH6Kd??|hS1Z}*B{JDc#~RP~c768}3Ef2+P0g9# zA$;gh?GuQ!llP{|L?!$dSyq{_Z$!Q*R&4p#t_*oAES(89oV@r%5+f+jo^j++LvtZE z%lH)y&Bbl8yEDuM5p*l!5j^>m$IG9rI&wS$-=uv0%O*FQv6cO4kN^K~8~y*S8fX4| znSEI6ln>45iTL9%+p8GdApgIwV4NOL1Am=f?GPQlkK9z7S4)?o-PDJlED^f1(TkvO zjS0Kfc*zXORpvykA&ru6ZTko-eEVt1h<8(xJN~T7o3BLvtj~r@`CxYC_v7>3ZJ)#MLCpKD(}-bgN=C`EaK$t?e*3wZN~IC+ zQMrnREQ0p>#fD<90j}Ocuzd_Abs6KU$-@R;@5@TFJ*XE zG9LP<|0k;tm=Eife{*HV{(fbq@}Y0NWc(Zt-|!Os?~SAXOEy{AKW?_XF_K$ew-cdk z#Y6S|Va2mT&%^0S$+4uWnBk~uBeKdd~5w485Nb02!g*O3q7 z(u?N1`7n;z$bVQy*=F*YGt|kq@Fe*-v$Upzd{;@fkZ2{OtX=abdvHm}jVI6bziOapt`fcrObl|5u z@K2m1kMMHI^Y}aD`2%?t_s*TaxHUe(UKX#N11vk$?6K}P-|OR_al_i${B}L_-|SfR zUst;3Eylk*dQLUY}#ecc# z#rN2Nj4XO!MngkCaPc)ZsO|@6G&ewthP`~#+O%+3(&$F;(T37|djxqUd=Bs&w7*>a zt^HG?p~joWp!8Dt%UiNlp?jXm~Ep|1^P?ju$X z9b-mDKAmdWcEI}&__SJODPw#HA^4*AVkhJ!5+&h_vitZ~JiP94R$YG-4B^?5{q+m! zD`aQ=`gz(H>j!V1pOtN(bnule^$YOTStU`?o_T$^+DyHF7triXj%sDzU$Vw3_C%zM|e=S~)F%l{@@O&S6POco4rNliT zm&}=uE!o!&=i+2Ud+EwLd#0_BIIJety4RZVn!9h}Y2ga34k(}L+eX*W#9Qy@>+pT1 zzw9Zr&0MVSd2=TBj@woR`V=%14fl$stwk-^!!6k`bMTLW$M>HAXDIa?Qd)j_;plZc zl@;VAk4@fYLZ=*#?PECw5#wHGxz*@mS{?zdiF-j&sER2bIE7o68RR-@rB0d zf5#qOhW`K=p086j2|L#P3C5+KM>>}F zg+=)`ARW`3t-sdh?s_|1>x62-(IO9L&%(0{t?vp3)lB5Qu+RyO;y*^&1IQWq7mLfB zP*QN(>YOplkcB$m?Ou3sBl|qj-LX4DSNw=}lXp097904iBk`{CL#fkM|3{lb6%SLE zI+uFu64Yr8Ri5|D-dJmo5tAg~Uem-l$L!?p9IQh|9 z3%qeDv@(x9cGDS;_svW&?gpfD$ftF{!;UlttV z((tF+$b*4LSDb5UEdNPm_>E09Ijk$WHg-yp{9xpHd8_0_w<|mBz~;hiRyaYcV&R@& z2Kb)|%Iq9mhBkdn`GIHd6QR8yB0p#O8D0?IoC!UK@&CbaQ>e~cr#eC(79IHZVbcDU z{|lf|r^=9azS4mAQb4OK1NfPs4=$ukD`lGCpN0>axnyTc_V@qDcr?1VU=5ZhMveqB1wCw! z#xP~BpiDeX6Sgz>#uPSd=lM$vBnQH zd(K;DkEiY0m!LZ~exrBMmbqaJ^ncR4Ghb-TrZ1L{b3k{(j`Q=tlTFsosUvhh>7;!` z{KFU+&2u9#EBLPvT~`&lp^k!VmiX;QF+1fKIu5(XX?IJ?F)GJG{GQ!gUaZ;+Q8g-w{X4pxHcU5BW+-uTAV{>kC)Ek zSm*vHdjQ6DOmeC>GFMaI837I}keB27$kW%9WNc+D=Z(WL<%p?zQP{y zG2nKcX~TMSt|r#RZ*e0=hOlm?dR9$JQfG2(ANLWdPU;Ie)_Io;pVy~4V+B+G66$;k z9D+KJyq>GGk9&$zrp{!DI$zxi{?z#y+CC2d&#S77_fP7*!={gF%{s!fDleYZ*f4Wn zFxU7z`n!kVQQBtijjp0!_57=Vj*e*$a)ExEsprmU%YgV!`<%#k!KNrYz&KxP))9{U zyULmJ_|EuWN8T#>N$Z3ro(FqrtoAT~BWod6S*t^z%Wh(SFn*rkEaW4u<~-U`qj?ls zmaP1MYx%O`@Y|{%8Drgjm8<#3>f&GN)MqOVIcw=mAK?|?bLZNq#^aG6Xf2ulZv}X* z$>Bv^QQ@S2wNpPcUf{LZ#RG9OkE>rV8qhs8Iu}5FADVITK(W#!pT%2@qp^m!=*P~Z zW9Hl!H4ZY#x4ZW{9vR|+w^p(~bCn=j z72hJAO|dP^hml_PjP!DcmUI$-U&`;M5)XS|6#2*STUC~z|My1~C#9IERbkfjcvoB$ zV?Cs}s7{Ufvb(q4ruXs*tM7>05kJoSwSE78I5XYrZplt322wE&TL0lWs%Q0S4>C@= zXAk{~&hU6nZ|3>uk|q6S9?EX>zyB2fkbkD8^edis$mZNl9@#;x%SK$-1QI*as)j4Rge zc^*%hrxVokZO;m~wIJ{3c;i?v9k;)(`>}iYE}Ky>sOx@>JNf5$AH)0G_wo+xH@6mb z-=c58e|QUJGzQp@`}~g>v-sUddFwObrB^0Gt# zxr3M<=vd^>huJHF@|OqYFAd6nk$0VeyHMpN8<=ur{lQFXUn(PMTLVXXiGT*k+-cZ^l zTk=x)2sxHLB^Q@LTCh(p`zi4lX`_{vCQij4yT5uhXZw~y6UhhZE;)M{nit}SlU)`+ zarz$icTZ@9H;rG0e9}4Ir*WkGt?^n5JI)qN{wE6lG1zDRAha>>8hkvUlZVKK?-`yxqie7=3SDto~#+X=Yzc@_O6RJR*AV+>~!i`1IRT1I)$pp$w*R zkj@yM;AuWPNqQ;i3&W2&|Eh8ASdCXBKg?b>WKt(`J#?0#r(&*;oyWDgBBQgo{J8qU zM5S!3&4o$Un$cAhPd_PP;^{Y6>^AZAvY(RIb7mO!4FAZbSN}!67Un^C?NxKe5_B>4 zIsd2ocTi_f>p*6ZzT^PB7Ucas_z?%2ouN6$TU%?fzG-AQ-^Qz)+L^~YW=~{i+2B2Z zcCgm*>JQgNQ{=|f>*xow`t(X_u3}vX`uW= zf;B3 zj|&3*GbfK{BagTE^4L~@T>|Mgj>9W#!(*dj`utEW>4<3_?N6rzh(E3{c zKl`NqiHI2B$`hPNJCRHLkz_yl!(e1Xz=~m@P8&~*DlGSgOmKW$<|17#+mGkz#oiV zvDWj}T44@N<9_v7*+75(X-<{`>z4tnp9@z0{FIxUw&CL2&icA^Ep(&_8>R;IY#P65q(>xHh~Lk_*QSR6K0)7`=^MBaD%wy?EOK#_x%m^n!Tte zs<$uZ#8kKHQ@wqsI^h$wE$z(rg8BAqIlekC;1k7#X-ynGo3)$y?X!vsvUW7raKhceqirZJDi?s=dS@c@+C@N(A;(g&zjR@J2S5tAA9op z-R-iWp=l&JX?I6U_Ln2mlXiP8**@mq-HS^p^Ui&=?{m;3@b|s^71o@7A=*h#;j99i zbB*2vx7)A--_*J=cE=e9@E`F_dV5uBgpCiw3NbGaPmMS_-y7N=qx&zqsN=vB7YeWJ z{b|;Ak=K)f{WkViGwXYMJbY{WM%ZECMIM@(h#jC^n<~5z&(TfnJqSBibRX@5m!FgG zp`%E8-oP)m(r5f{UokTg$o``~BC{43@ZJ=7Zy{wL*O-%yS9VeMDb|78!~HE!iblCU z?nN#kcUo$(k@l9@VetK|)`Mk>y`T6X&UMk9y{D>-_&|N$TVhAH#HVOqL6mbGbWVfr zUTp52JnJy;#JGG3=|7|8kt>s9a{MAV@P;Yx`(ATAbJox3gT{TNFPUXWlT#C6=&acH zO{uAgh_~KhO~M+Ho|*`)!2au;b=oC+XcaI(Y z-!up1<5C>lPoViwGO15&hpd#MP!Z_D6u%Jn3zj8o0ECT@%W3;j09{(AZIf)`GOqSC1y>#Q0h&yY>% zupiR-RFc8O1kpz=>9$ycb-zS0&v)s0`4^DYiG=p7TTAuq#}10Fxx3P*Fo!m3Y`0`z zTqXHV{UbZ#_LM<1IEnpIv&HZ87t^%A2Yjo1K74tsVj$&rl&*t}8YNsE>-~R}Y?EvS z|G2*GAMP#7iSjGL`uLtu7D+$MeLOQbJWy|QbO$KWoWd+D2g9Lm76 zep?5&`F7$!pKm9=^i}wYaW}BT?<;IW*P6uLuZQw^9=g}4Us|yh`{IuDws2de7g<)+ z4IP{a`!Ejc`_lSE9K9}1KgwA<5`U((^s3}I?Gtac5;HU|TdicMZ*=#APgvg?+WAQ* z!t+C&A8{hgGsREf|I&DrU7fPN6(@f&I#ywum9WtvhN{n@^Fp;Pg>R~r`jHJ`=w-KA zPB<0+>2TVz5nmay?Zs5k=9~3j%I~ksEjzFiUn+n{HUR5iR5qN_UU1^09&;`Pw?=qF zzEEQ;!W)4NzFT{o|K?n^cTr!?{+&vF3E?<+%&~X;H;lRTiPK(GTw;bguQYf* z=A0rt!S6$P_>D1Xk0(d#pS+*bzw!Y)72vG=?+It{T}}BTKFsZkMKb$kfIm&&aykpL z@WUEAqxhD$Rx;Rkn6p)L_NBuf?hU?uSyPF9S?tdvFaJRENdDZAlmE#5|4(d1#);OG z{QVUrbw~GUFC|VrHD~^6$u^CP6tTd%1E9#VW@_()WRdnite9>yXAlQ>Q#heHnzM7V z|6?#aBMJ1}qvz=SkHKw?7+i(>{{+ld+P`DNhYU>d&i@$9#D|Zyxqsp*FHK<1dBO9`pIj|M`L=-_{{zqeWaQ+hwm?+13bl~GFNw-_*3j2 z#hj+*)-o2e+t{CM=jIXNL)~S^?3|ah7V%Cv{UJa!yQgFpG_D@!(rl~?ik{Z=Q+Z2EB_(>$I5=gCVQSab13t1mE@jyKx@R{HcV?K zS|7&d8oH`%?QG_=wW5piaVG3>`M!%jOWrVfITL*C9P-|-yxtnK-c~%CXZ^U>WUS8T z(AiJ7g_BX~BDa<8cKFWOPshIVyin_N)0?atC5!b_9<5nx-;ex-tldO;UnqQfuifyd z+9JJL_@}PjaKG?3?V$~7pKJ_pbE)&oeb;Vy_;1CnmUX>6+{OsE9A0YI>hjvA9L~A# z!q;2lY7MfuSZ(4r1e&y$vVY{%2D?3E6{u``X>AkVxzpy@cb-jKpP_APPhMLe&b2jt z?S{wHXQD;W-o>=_QFOOE?_j?Ru+R9L`z63XukB;sZQIpXgK$6EPqKG~J9~Cw^izlW zRBcdO)L*pWi^83~_@=LOV-^}4+P9TV$mZxQ+gkMZ<r#8}w+2Om<`L9zsd?gm;!sjtIbLF(x6j?yb zxAf_TM|!Z^iG|@D3H%d5nqpu{+bBGw$DbhWhf3Rc;5oTEz1>`RjPTj^}tsg;T{| zQ}%jT)%>u-EY|YmzdG_I&2>56_vfo4TGy*AWo(#vuguJ+C$TMSH)#H244uxJ=>Yq(T-7V>&8e4cHUndhw5$!Fi`G9OZ-Y4mODe+l3 zTMQmt)W*DxUT}lv@Y{;IuVt=%JZV4bZR0sn&~%)?S(a#{`rmDHp!Ddl1c0_-%j9 znHf>_o#v~~GFNMEW8}{Sx0c(dxkhL4_ujlP6Wu47qr3Wl^YDy0_aQTP!~O8bboy%C zlBqqM;jNfVd|SMyC(VmWZzTN^U;eF;ua3`Zt%>JJ+$6u%8%P!QuOen~JSaYrPZQUPs^AR%ny;D0gDdqYs?O z@~frKS`pTkBg5cpMvH%&y}M|`gNdT`E8){GX*^OkzT^Wgu)3~+fBPA4u^&%!hbV37 zH27w;Q_3%V_t`G<%3+;TT6!-uARV8zIp3soS;3>(0^BUDkKixR-A0jba6g6efY0Hi z$}D9+@CN^z_V|?Yz3Yb!37xkR>l|ih(Wfd_$F0$*@v)9!ZdP*-US|K~NAqKB19-vLHk zIzT7mQ+gQnRWgTe!MF20;`Q;x(#KsczSadVi#=L1~{y0I-8e2tq1Gz?Q>-=$DpVxh*TS#oc7~N@;D(YS-8=15ZaL>+b@Z%8l>GAT}c36&C*OWgS+xO@h z`qKNAmMXFF_gJN?@VNo^3-H`UskvPj8Gf$oesdQ;#!)<3*L4fy02>=WxSfn|E9$x> zY0tCUi|rBUq|q?0Yu-O_o0SahN7oa~TN@MLYsCdqa$q%OdKY!gLZ{Q3Mz(KJ*V%n@ zyUvD>W~t6L)=lvNmlGfSJLdW*bmE*rVhykI$|aw4CqZjC(Ug-(N&8!?c>ieLdm=?0 zw0#7$5>B#J;yHY7Ki|iJx--H-IC5_55$F~zpzrW?bj#apXm031bA`N2GVo z+SSlC-Zv)^FR*4M+v43;Td5UhO(5D9^QyJps&>04~)qOS3LQ;hNGG~=CbjL$|%ildudeQW|8Se);C;x!b-UH5OGhPmy80Y6+ey=zKs~@_VcpJ5Idr{Xv z3U{@UelTl^x1Qm~eR@6r1C3SX8=Ob!@ZV*kCuh*ybu0Xm%eMnrnGY|3bsKrjI&yDO z*A0W=-CCb8@p6!M>;BjB&n5pH z^0UK&vylho*IXp{x3V``@I`0xFQh%6SXF`?_)f+{uNua`osXCDnfAnOv)2qCrf4&X zvWt~BDC4|~GVB*#&_NkTWd`GSl6rVFsA0ipkL+J7V&2yFFp;CT=6O8k6`L>S2!at-ntYdQHIpQ1U?@<}}YS0<^&qc}C zJP6)9$_;S%kj9np5nekk*P6t$CT4aJoWF)w18{Z*cny+g&+fuUXK>DI=U>CC3V3PZ z!<=k|Qyy!>mSXVOi_>)x>gTK-i@K(1{z3-F80XVuBg)?4J}mCR#jenPIp*42ABm

O(m(w>qKSI(lK6nzWOao;aay%=32+EAh z$1Sg(FX_ATNe2)ej2?i@zGH$D-)5mJud#*mRL$XOYo2{uQP+~rqORquin?wVoiy)j zzDLKn`uqeZWqY5Pv{aVKwh7iFFz|MyQz4&~d;&&=%_{oT{-O6do>$NVYeTf3Dk zkglNj+aeD8Jggx*ZO#WO$V6^F$F+9V*s<@+j;XPug4te>iQW`R7W}9nQ=s+xWX(4_ z@K=SmgKv8z8QorUen+0p@hj;ZUROrC+ir~p2@Rqb`?RJO6A9{ z{(I?S=$>KPey8+2^rn^2OY`+D=;(3oNyC0UcoyGp#~;HwI{Fkaw-v0((ePA5!-6$Y zVBAc7%SB7kPjrNSpAsFnldgJpk@gJvZaUQ&!Siy_^{&%0hHfjd-@ad-9QF)2ArHbk zsDm~}^zDvu%}-7C%)ctZ@pa<>@^AH_K9ILzbRPQ&BWo@HgPzwsxINV z!q*wcg6ARdSt2}YYk`L zc^ar99O`+8dZHJCr&@&xOA8yPox7yqxE=~`Ml5q|@BZf6l^x{^k| zCgSAB=&adoz+Q?xRyp}YiqJf@m#&q)N6c~IWu;c6ug(d}|Ixu-PvCr&=NNtn&bByK zj~PRA+}Wi6o$3+njo`1n1LPf-x?;ZSol{G_icMF&OQ^TV@{Ava^ComwX(*^K)WQAG zNjnkcr#k1TZrU6Z9Md*%Ph#LyJu{N@JYqb;YHG0#rOKQ|t$fA`?}9nxdD`c;o~N%0~) zY2vIkUUKVH%r8mt74vs882@I?x;0)ip#I!KKS#i?6gb%S2c&QCeTno9#%74;<-jjf z{02PIkXu(H?KIMEQN7}KY~7nR2B@n_bEt434P2jH%NXHqh?=Z$Rh>G2Qsq<+a3ZQh z4LWPZieGcb2sD?<}mDva00KewA4{9hfEAe(5i(hs^4~eR_rwUwHj@&$N$& z1O7KEzi^RE4B9$QZCxe175b_zMz)o?TV%J=-eS_WQMNeOmw&CS+M}|--$~g$+>de) zIED}2p=`OanU9t2N1l3=eQhw!MGNNZg=$Maor3RLdpPbpveuRjiJtR*@iAwHJf#2q zg*8rufBBM-BNOE_!na~G@0)dE+I;>&){61}7I8QF_)_w=jhNLh-v>V8>fR==8o%|& zr#Jb2{oW=Qe@@~8-bX4g@A$A1pX5CryhnKd4DUnru6|%%8uygrM%5RqEZ5kG^aHZ} zxA&n#7@6^x{Phgy%GcOxdq-Sz&7%$ATBbGyGUqk*)d^(In|U(lE#L++=ULV;Cb+^U zkU58Pyn)Pld(c>ry^YNI?Na(BU*^1)Cv)BmWR7^B`@fMn*y(~p86$Jfqb}euxBT{6 z#onuK2MaNvZ+u{=rh=$CQ zP53Gq3nLd(ZjQ?2^5)m0eAMBpjPjG$b*!>459TA`th#gfYQKQs2oKdS*a59HuJP|q zI3U=-TL=!H73}wbLo+yh?06i0($fhH`OQ1J3K8y*S#?@Q|4_?FRD=#jHE5A1&f z8V6?*+hJnWrB@Ocv40QiV)2J&5UaP|8&`=k6nx(ez9sT0;!D&SD~0g>WW}_zev#$5 zPS27FhDVS=YFD0a6>_Z8pCWc^@n}Df@k_5Fk9^(GvrxWn>WInL%^3I^u(Tz-f!UjVc@jfRe2pdMXuLt=O}+_}v?bZRA|tWSDawWAssc8?%YG#=!lG$62!I(}%GK8qvXY zmq2{!*Donv{`FNQ=gkob}(pnuX4FuBZNT#Y37$oQ?_xTJLX zw=NlT2_fJPQa0Wfk_JQek*xb#<{_fqn z)2o&<>WkbdnXlM!o~Q8Kz&Z7eJU4Jwz4PtI*ssMtZjJ5y_IH-K#xE7nU>xn=f?SZ# z7@R3=vsWmM16GTz#Z6-5yOez>>eLy6w$j}9m%@3t@p8M98Uu`ZeTo?(?eI?&tm zp~PTVsY@*@ZMm~kmg{s}YK2xzhqud<$j$8SiucQ<2j4pNO?@xEQNP0jhL;ezQt`Jhl4-dFT(p`3?U6`3=~`Zw2{A@@)1IA=j&U zK4f%+B77j^mtH{`S99$kd{0KxAjab94EP@PA4sPM&ZB37ThH-yIYoUVx@cd8{HiV4 zr;#J};66MlePlQLZF~AZsB>`pbAJ9Djs9LV5`7dO08SUNhoV9FvERdm29@$3$v2ae zKT0G1eh&O*?urSX_jNKq2G4)YJ?o!*e?XQ1`zPuz@>P@R3o+owvVZxH~cj z16hZjnte;Y8^Py0u(EHGXISvA^w)SF9=s!av#;_#B6!D^%f84vcc_{21-w7cdui(9 z7IL3;AI7iJQp4Rc)h!G1vd)s-LEhYZ5$|c<%lSXL=asu^iZ%{+zpXNSe*hed zm;++^=B;-_%zQSh?r8J&ChL3(DQY+!o!+{gwfoy97r%25T862B(lYUSnzU zI1gN*`&fZ zBcH1FBI0X~_Cgcjjz+f*^<6x#k$Er@cC2#c@e&D3uy4JJbvv^LmHiI=5(mZ&YJ=aW zw#WO=b1y=WLq zPwO7&D6x~?THDdP%7W`~uY19(IT}?s#H;x9{EV+-E%+TY`GcVey4Mrj1Fih%OD3P* z!S@!G(H+tB{dizD3KzbAUc7&x(AB!~x0UB0&)69%)5-Zgv%y6+Uy5bOAw?0|D;|j<6@fWOd-Yv8XoP=BIQhVX;XS*SPyxE*5<=^qbc|Fy= zeM9HUV=|ka~1WUlDZyw56rfhyGDHj4WnK=bustj3spa|AJ!dTc5(Iz;V(Xr z-!#7udJTOOVeos>^m(CMS%AKeZivpQ7#HhT8;IxOyr58xb$&6jsBmq3R$?9cC1+hK zhN6r!Fwa=?{sw&KhL0DDuSA#WP1dcc;SRppc@F$g4-VK#^`+#iqJ06s@H}naY`yQE zHt$pD@W_mTEZ;ui^TEJ#l#8L?SE~Q%56;zbtwP86t1G>mT-^^`B3@S;q01EYPtY&L zxqeZfkTy#BL^EjfPtc~C?>DM{Y8|V{^aJ<;KLS0jR$hG*-jY%DQM3Aoc>uXE@Y8@F zD)(Pu#)IJx>KK|=e=Ju&`S%Nlpzia7x(#nIM$Sd{R0Zu_Lw#Yz9tH2;uk_sqY!#M>{7dkG^l|w5r0K3yLqDd;U1{IX$@B}3dNtnH#6=;i-0cUM3dXkwnNHGy^FWjIaRXdylz)#4R76C zn5+^GDzC938YnO2kre|;(M#Xp-O%)f_-aib;8$}bb11`tpy{`uZ+M@iy2WSkmAe_< zgvS=XK0-Ed9rl@3_0qI?3tNlkEq`U&yf3M))S`Kd;T@f!T(*DOyf*Gvk(_c~pEmC? zZ>_Ddqq|-!Nn4h>!nIpt&PZa_MwPk#IT+x78n~QG-A1S5v}TX|@lDGf)!i5$R$2XM z&o_jd#!~(`6RtkJY*)B~=f&i&N`j|fE?X`93@%O987iO4uYBZZPm&!1zb}zy{1A+h zg|uNrUbzV;D0kK-);a=MSa)@20B`I*=t181i599~umbvM{2dg1%(>;r$zIAE`>CP% zH1@C|8@ZomlC6CJiqQShaY1NgYgB6UIsnKsXxQWD)yeU#*_W?L2N%g zcUTU0E?YYLvq1K0N0DpJ_ep)kpYJGB$XqBn|9?dXWOr;Uet<#kI;wZ(^ms#)GCL`J zw{qSg^n9JR%~m<-d7@)Z$3(ZB%Dej>Xl#6Cz?=fiCg}Bb@#Y|$P7-fyHwLuE552&l zJ>YiuiyiK9epH8Vi|{K}VoS$*`0;)%b4)<1bKXkQ&uPC84u zDynhdgHHo*^xj1^&XTE#V(xNkVl0NhCzhI4GiS++e*Is{f1Llz_-8EET+Y9}Z(7Y~ zdHy`l_4}vQe2(WUUY}O;Db9_9SC35HF{0)(dIlak@R7;9&k5eqfsah${qo=)9r#Es z@1GCe(SeVg!aL{Yney=2k+HmgI(Qen3f?~(ybE3#@1G0a1#dX-mj>^GSHk;csf*40 zY1K-n26k#h%_ogcJ+0=GL0;z0!&&m?-qEQKAL9K}{Qpk0*N?tZ{PJkg6Z(e2jy2|f z=+_EOCCjv5fqWsydfyT07SQVBOQB`&v>NHR)jY>}{sjNX^qPy=(>UTKXonBO;rl1G z7eamV2K_-@qp2&jt;qeT%63vmAAX)t=WmRhtOxKXB%*D zY)Hg7>o0TU+l#qbz&+mRdhOsi>Ao#+?3 zn}9ercXli13@>SLt%qhN%)QHriPl);(sbr%*6a^0^KG<$Yu;bi_4oLFks1D3Dd>dO z-ny=fv^VE{_>ss@EV0Er=W<3^BD}Az>$8%B#5bJHT0AlS3C@q~x@;5m>iZV{8FOX$ zj6KS1Am6l(xb8as@xRppXVu7zbt=Azr!GvIxJKw<#{bJCoPB^=(C6 z7jaHd>2~f=Q=CV;<#C=(BDBrUG%$W+%*BUI{Af|vXN!PKti{>Ak7 zoZ^1%p6I;B-ihvPl||l+;rWt+S^KU^FgEd#hV@Lo#clYMmc?JJ>buT$(TUr7uX7g` zktTZVzRpeGi(gTGv3(QW4aB5`z>2jDf1fJ;pi{9eS2@?D<36l`m*3bIqZrNT*GQdiA~UqnWRHiHzVD@%$To0|w*l zaGZRWz9}7=k64c_E}AP3=@VbCU(?8ct=`ReY_etx5AZ!j_0?XK-LL$51{U`8p@)Gj z+_XpC;KcKtq8Gex=*P2gyN$S|I%0|HpkruRWhMk2BLN*_?V@LUGFr=dKZDs6$&zO5S?_neTac|N3Gui*~`5%pX(faY(%{BB7?aD|NUeI@WX3oY! zmpv_Rm~)E`u8(HiQH>*T(O>Flqejw8zu>f?{`&Lt$d6TaZB+^yj}IZ#)S40Nj~Ebh$*hC?3#hQQ)L-x$?(B*6+lZkTU)_W( z+D5GW@0(w6w%ac>ZU1N{?5zO~{l{_F|HCB8(-|o24)tXq`yPLH&&I$j%%G{ld*Iu374}Xs6 zi)BLWrFq_rW$rZ8x9z7|mgaPL=?{7rEMP{1Z%2}+a+k>HuI$dy>xV37@6VkLnHYBs zRuW4YzoXoV^cAgN^vu~^*_-P#l{fNTZ5hIThMQu^0`8CGd_J%DhWxZ_l zdir$zBDMdnp#8)QM)_W_>+JQRe7f8OtnFv7FSzkcJ4UR9_L&U@kFITJuOFiNZx6n& zE+fYC?Dbuw{qO|ef4EcqcDF4*&roo;?mUfqS+U~|UYBXS^Gvt0Z(?RPJUL$b!+Cb- z*UD$6WFmc}-@#nWU0IfS_w!|yr*Fi1E=$aWYZ;%K%lL(flZ^LG$q*~*#!dUq%*1z1 z%v=Bs;@c-?n&|8JwuzaKc0@A;tdXAOShX*R|Db(Ua!Tg(Hs6Ag(E25Do(akPqGvcW3EO7;9px_VYPRnnj+N)M=6~5~n)@}rHTP@nO!K?) zGp~CZ=Q|x==Lp8S8Ly5t=@aDbA5A&(nsKhR;N$i`X}p)cP|tYWr*Y05HqU6Rn=|bg z$Gl&wF&qI#0zGNXlm;TxtTMi*J4V_Y^gU-sf`_pq??Hy5CrRF9pRyKkk5wkrYcHr& zypCwGiZ)9wNjCz=dg(>b@GaG=m>=R>wO&3-vWR-lQaR+r4akWC`hF7sw(2JBe%)`Q zdu>Du-D9J9?4ANAB-@Mhk9CfkXHDLYZ-DaDVcKTu;Je^c4|CP8t5gT+PY8!{U;@wV zk5OJ@kCIQepUNmNWkz5}FAne`W^>@zk_~C%yoD3#?ZQhq2{+*++`vb8)d|1J2WR%F z4E1h0+IG^9;q}D+0Iz%V@EYG)b}TkZ_#cng6ThRs;_+(+?icJxv~p!fc*3i#@p-@Q z_@vg_8YcN`V-JV4zSVK*ggq;!qt}*e{cW?kQ%ZgGzh$j7z~wHDlRTaAsNUW?XHA22 zbNG$*%mw}OE8~|q?p&Au4h+RVrtkTSvr&w{B&d(rrv(SJKAJAE3_iJW@E7Tm9do{C z{#eQ7>5VPe$^F*hjojD0Y`A=&$#9stq6c5*-ueYQJNQODnZT!R?v-9~u8C!ueGdI} z9>*>OXOnzSF|w?^#Qn2LChSoe#&i@|oNqIWGf!>lBT=ofXwK^yj(*LZsHwRV_HZWV z5##U5gDoBqY^`Sqw%~fY%Y+~u>E!rzp4Y$NRsgrP#MVB_xX#yPjU&T%FHA5J<25ZE zMfC(Y6{M$PA2U}m$A{2oA}Rx(NAFc*jmH80V>$Tv%7*|y11!NT=KPTX;(>MM30e0@hlJQgat% z(nSk)P+yexMQG~~d{16_#DblC3!Ao;*oPQLlcD=a<=1zmE6w2M`_1C@%}j9H>rMV$)-OK zjGjUD9xXS>ry2Ms)3Ygq%pNc?vV+Q=tj)#;NPY7EB~%9b4D$ayVf=sSmNBJ^hN30; zPUd3`{C{cr|5k&~ea8(kC_YtrwcQyIG66CfhGKYR4d48W;=6l7TIZTaD*xBiE2U zt;n8$PSw4Z#$mz=J61u;TCjsLY1MMimt??Z^3fJ^4({f{BzIZ9n3I=9$w@En0QN4fvF^CZY9p)=zESA0}B=qP+R_(@#0srE_P>RZjgcSgiZJiC(uv zIB`EEcPnMH*rE7htymEEHqNXAwR<7t?JI(d?0ZdZQ$49^lxM$5a$0vk&wm7$)jaRz zTf|SB_3!-m^Iod-e7y4LQq1!&pwYk6t|9~1T95{(QfO8vJpJ}(zsNK3RIU&%%qchm=M= zFH?`?`ulUVCJnt$a(rNca3X&gJM2y659lhHuRSrp55D#DZt?z#-Xj+4E6`IuJm%l; zi>8{ZqNwmvF23MchlSIoRFT?CtH9k+Wmf7_wS$$Yj1|n=%0ZXANhh6Hhtz;D>+Zu z=#NHsymVSZ`Xe;D&ghVg71JN4uLm>-8<~VGS;}|%^N9Ar`u*8teR~VCVGN%Sj_UD+5`dL1tFu!6{%J@mF3qK3)fz*KJkiVqek0*w2GcWN!DX7dgYWE|4WJK#5DqV(v+*-wjSwT6hi zuHp<8&OOhFS4Wmyldab{!`Jvc^JMw4G5gaV*}t0qW&djLmuyJQ-HIEf-JbT9$^Lb$ z+Lf#EqZN?9dK-+prTTqj>1{mh69>g*<|{(^`|RE~lL8>MV1O z9wB{3b;{1tJga)K{hC!Tey&2&65QQ$v(_Mqx4TB=$)`9xY-i?Vt&!JtFEVh7x~~x& z${}}u^{w|Fhxf|?bdPrCpy6jykL)7h&V5(csBLP~YT8CT!Zp;vURa$QoPGrVM}hL6 zqj|LgexpxBl5>?gBEF@5m&ut`^F2HuZhTucws61LTN*ss7f`y&au;aTkW zuoC83?ww(t_-wr3S=Q;#u1Thf@jSV(IIkWf zoF5)%I6rQ088}~Fz8!aH_eJSrq~l+M>0rOc=pOw(aC6D_$IRT7elH#KPnhvJ1?P1v z=z&cC8)XAB{;!zx#QL^%8Lq#NJp)*m-QJGhi?~;T_VRgrhq?*&J!nV24tode{|EN} zz;7S!eFOJ8aql_U_u`pS*k8c)E4Z%3^=ok30{g45p9*^q?ARN({fD^z(b|&j?Avz1 z4c~*_{sa8}9lw|Gdl|oOyn_+K`{*Ig`@1P8j&a1{7tge+p_|I_9NYU5XxD!Odj;%h z^RfOoefztxhhRTQnS%X~uoqG8aD9k+1@9|LjyX9xGt$E|B|{agHg*Q~a* z!~6ih_weh*@Avqb4N-$YQp6AoNGDY;uY;hoX9I}SbCo;rZ%c7ySu3g-gc zd!F|UZ;spkYj=E8vI*fBeH{4{@`pKYFFga*Z4*u<{JcsA%pck(=I<3hf5_Veldm7r z&-w7fGTS*Oqw~eJeDop0`kfdPPTy5;COcwj^ra^Mu;a0?pO@h}YZ z$wD2m)HHigmaML_~~U@$=I}u6Z+tWXMWuG^>C^WY|*E4k6ceqwqR3o7UD<`7KibZS8w?KOR(M`?>M{bNPQVdK26&+Xj%)?;|aAZ1`e|iVHOV&CidHG(e*s&2VuSE*B8U(<-yutli%n- z;rL+~KaA_;W5{Y5{Ae8*Oiw{LlzFWKhwwA(IKokWIAEU!r?EqXH+G=#TC3(}24Md~ zQ=Z>Jn0oG{u#aYV;M*fd=apkNE%ESl+%x#4->|K z`lx_cu8)FoTF*z)MOgFk!!-PiZaa)`-hU)L^mT>@y%`Va%afstMu6$b&_y{NGEiMG z?2ktmRUkcDr-A*qK9VjfvraXv(9g@YXGRwtZaEQM#CEGN%z^TItU6coFX+e|su z>B4vr^N;R$tZj2ng>#YPW?|i=S*1dqBkWM;G{wDD`a31qSAqQ%+5f`1UKaL;{on-4 zujuIV`(WosD!)PW&$&2FwlPJbk?Xt<= z4V+ijAuXGo3v2L!4*E&(%*V~nPW;Xa+iDWbSy<}(t57MZ?E8|1na9kh4*nDU9vr9 zmvY{Tb56VXKIn97{%X8K_3~ zaU5&r4c_8&7;9%Z-;VXNP#7}g?{6Vj>JaSvm`ELRH{Zjf*=clVCFQMKeTj((C zO?lyylryX|;9P*tgOs)73`d_`egU3EIP(zBx!fDTXOYkGEH|q?hfX8>QvPtBMat9BFW~%Np6}Jan0nOc+bZ1Snx@_}O8@lRI_B**q=n}%b1kxp z?@A)he{CJRur>G`_t!D5+;d|mcjLJ*o=YO0Pl2t`>j)R|FkJfg($m?8d$r61;uz)U z)02(PZOoq+mw6Up2cE^AQO7dR;*7K4+E3R$oY}mKvWPU_MY*6qhDCpjYml~Vo=Mj$ z2s?rFPo*s0Jp;0fe4~x~0@p=NoCW6sc0Gfz&3e<=-!e|UXBW@$8MJ4s@Vq|%&(y0t zop1V_4%(~5C)!?_ux!8W8??? zJfm9TH6QxzIMxRu?lueaf^R0*)Gzvw`qs41R`>>-dj)sq(VugnU(UHS#cTSSF{iq^ zeo-IiUf8F7A8owfukdtR_6OWg=E+jF3+;G}`)ypDCvh6qE+2<3!}pORuT;5Rj^N$#|!(L46hFjuMfLDUa@ZUgP1?G1$w_Q;(ecG=C>hv;S9jN*9#}n%W%9l zWtHLnkER{?;-A*0JTe=4BZG8wvs{=Cw4G75FSO(SYe(9Z?8jI>=p%f34Za`iZpPja zN5!$W$Zv~aU!5I}ISTuxEbIxi-h>~04}MDc&ISC?4SR^}&x_TBCK0dsDGC)i$idxiV^y}iQ6+vZn)e}FdMydM^9^WScP92|&f?fBTd@S^b7>V@aWH_18DR(D|kkJCcNN4N7G5B~{Vy1n+f1K&h- zT(s?b0y@r|;q1NpV%qV4!oH(A6K_F#-TCiquh~b%7C0>nLB4@^X#8`G%{w%mbFh!f z_1lPn+H!Bacul;!?c@1#{qfv-E7v2-#@VW*6FOn7`bA}DOM9vl?_99$!1yxvU0LWt zoBEXB>x1t41@=SW9PjN1QHQg9*9~<%wg&q-+hQ)>d2=IZ6JzUQcJbr0lChSU9YLK< zw2e_kwI7O`({LFjI_=>$r3AuC>D1F3_0{?|Emm z%+TWwKYt%0yhjjTxP9#Q58*HVc+!cjM!59<_%wW*80`c0aq4drv)sS+_V+H|5I;@X zYNS4E#^dy07Iu99uST`w-9f}1Z;o&N1bFiuyy37{wO4GL+#J>Cn^xmpxYIaqw)$E- z{A|)eSfjhS*A8QS>pcbGNO^Za}&5 z8Tg-mXT7cWuZFQFif%|l=@W2AK1;|4ey*V3XuB%n{UmT8{HQhcE!6K<26^CKL7%$g zr(Rg!|GB4sD?dv+_9RkvqwHU=%6^A+gZ1#LHt0NQrzdvaWdlU zVjmW5OclqoaBpnCDy_f8fp0w~S+CF+{0r_^eg^&aRoREQj&C)Ws0n!2wW=G>?!x{O z%K!cv3wk4^(l|F3=g>@K-v{IF2>ZXd-+=zmbjVw{??&v^nrAE1--*J!vc^{7&RU!A zOK4s0mmlOtpXI;8Ea)`zgE*_k25^NBB{M6UUrQ5%!MnBrh+%{;V$#kdYBApP*hK53mTe zt5jmGTGiiarFedw-mk-P7TueWYJPW<%urt7wi$97f9(+78)iL48d07ZUGBO(F(1pm zG5Y(|)sb$?=|TFS6X#~nga1PfPKIUs)EMlg1`~cag8Q&xZ)hs9$ANE*^%7$+UDkMi z@AvL@rxkO$hv-guVcz_?Fk4m4>b}J4LI0+Mc@5?dIz{K9FpqwonEsBx_jC>CQrJdz z;A~~)lez})TEsf%r!jY&ig9l5w#E3>A+M=)X!SMmqO!DI)ZXA?e4Fdt<_`^J$t zYXS3vuvhZ?)MSotm+Lt|_~Z91u;+Yo7xtT%d1H^~$FVFJFVo6&-GerpoHnq$AfvCw z7G^Le4B`CYvb$^TvZnB+th+e{`B!CY7NPR)GhBSM3GXt@ z&Eok}i!BA2aAT+#ku}K_`+pc;t^J%j(#Nc zW7+0Wi`3I+tMTU|zNhD86viCk?Q;<4)^u!~qo$t6`Z~tZx)%(_VLtm^H|2zC(D>;0 znM&;O8=^mVJJsU(8}Ln;)i{%3Yb;&09_KUQJch~#XQpEKhBDSeFkeuGbN|qvgl^eR zK9pgEbC}E-7WaMYccPHaR0-ZqDp~Ayl-Fdq4}AO7UYt*Fk84(`vi2#dcagV|t83A> zL|&1{e`setnZhC_m)>bgez!=Z&zw z%rvi`gR@|eXSCZW%k=nmydVAq^dtM(-$g$g-`))e``MoTNI#ppjD2m+1@Jq))F-Tq zTcKO^I6q{)<8E^!NN*X=dJ3(dlj0n(&O6fZG3MQr$v6Bmp^ULiwvI}v#~~Limv)rN zgHzkA%@MbfGKce+-tpxQV+!nLc`nO$#VM0*Q5C}bNTK$qjdKf+JzhXrZsM51YbSDY zhq)8%m$saD1}MWK#YiK5w01<@i45;J()*~NUbO4O zm|n8=bt~I6qtj5fRvhJidI$7AWej-HwE2GD) z7j$T$Lt7)yWw(~Q(7pYiU4J3sNB*NYNDgI~nT#}Z%(i)yZch_irn29Gb_&m7 zTvvVPY_y*^VjAsX_0x;ftoPg9l%qCBpabwM`xH-1K{=ss3D)B`p^ZZSjNda(W6U0B znLatkQ5`oeY-?5vva1mW+63JOW8dgQl)*II+L33pU*pl%KGQyBvwt2;-dLtxE!@Sp zpRGsV;$`$LE@E5!tj)4N9Y6NV$eLwOeaNzh{eJ2~eEXtnYsAHQE+`Yo2gWC1=m!OV z?{ro;wP%AT&r9p5aL#-P=VU#Ba=|%LXR+??D4Cl*TF#w6BV)?v)0EXQ>2ULK+EcNn z;kGUV-ouaKB);leYUj;(M@zGXd!3`UCmVQHixoo9(J_aMru3M0!TApOcPl zL*2o%W6(w+S(qE#(ccn7>En13wP9kwnTtqW0)o``~(vM0EyE&VvRq`G~|!qgz? zgU+-@_}>sfosJ%XbVC$%DC|t| z85~dkd9E$eF`^amW1r!@cVgTSOuM@oZI?Gb?FETW%=NO2ajtm+=df`M z@+kaU#dwDLntB)Ug{XH~|EY6*9Z(8g#(8Gy0oH$vE$6mWPDa~c<6Q@~4QcK#dZOLh zoHAuLeFop*L>VET!~D)D!=!F&u2kV*c&PhFg{OI4lD)lm`Idu7W1MAGSNIdlf^q#VYekk`HhkX+=_A5)m+5Qy^tYZr>CJU1aO_eVx#@LsH^r`gYBU#+=3ZS=I# zdYbpxw}bB3(HgeOFjo*>eYOjBZ*@^mqpy$p{ioAvw0!`e@C^JL6_2L9u$8+i7UzXKDT zy{>f-(r0Ac4sB42U4(g|KktCEL*8TjLBDHsK2~L$Mz|r!iXN9WtF11s(Kfi%9r(Qw zM;>uz-8Ydhmlvxeq|5eH!KrN|5+y1dG(fquYSr7zcCNxza?E(WuyGJWT>;S z7K?E<_Ke-nXTarwdI#yUha30ieUMwsK~5k8)Spq%cjc^a!9EziiB@_KbcLQ{(R+SA z;5h~u%c~guwc2y_-YC`~^b4?OA*C?RLLXe8brHgzueh5+dgiJBl|r2(L%%&aAJ;4s z&R4N5xd?XDdzbT8oYP?6V<&XY8D7}B53+4kM)yH>j(Jm^KKIaL?1NyOZ1qLcILBdb zHjFAxoriOrv4)@~v_{fZcVeCbbBtYRzv7rfK^vES@y;2J?z2|eMYk5Ks>hn*XYzdE zaA$=LIp+Byr+)!$7v4>`!|k}oJ`3ss=e_Wrw>RE^pR4JI?i_a@Z-23-E~TJr{@P7J z-`Ofz6#X08t7*r)<7*fPN2p)%ow~0eEVTLPPpQejHgPeYx*}EiU$CQXL|SUwlI$D6 zZ!POyv6}p!NMBhO(#3IZOQpitrk3wG=(HoO-v+`;AgqH7i#p4MhjvAWhq|J}dynBU zpSrH4>gm-G3=FD9RX*;u!dO&{3c%;X}J1v#J$taF<1 zJwcxvWrI46x{_=$WUj`VV=12FI68)J4~98bfxbBPnYqcSUv*V@SEG${ozDC_%AQ|# z2=AlGT~Nm6sj0{>`mnXrQFd47hi!fDILhw1VA(M&vV**ZScXN)dWP>AK{?PT#dNx0e zwbPkTrV;7Wc?_hFb#$=wJ?E#7edgw63Uwf@+ko4WsK@i{BAj7bf_#NvL>`cziS&(fnUKp6*G4Ft&~GusNBOLzY$9FM5m>K?V_v8Y=kaiE#498CH)C9DB-6n> zupg)O7j!YgxYiG2P3`3#s*=GrxzX3 z&EZk3AM^vcnXqfVS7%t(yQZiKEMre*KANuf^)%Y1@@LQwu7qyk*tWF_^XM4sa4qr9 z>B$m|jo5xrW`}XilJ9Sl-UkDJG0)#5ML#(HtdH%QY409je-!Dq^!gq6rmftXs$T0$ zMRAr7+vk)%DQSepT zW37gIx9VH0L#$t@pS9fIfoCq_GprZQ@iQ-jf3}ml?S$LKbYs0WVPag6=3Ww`$EzM- zcyA#*%;Cf~kJ91I_0zC9?pBUkqR!rodDj1qGMVA+uLO9$2@(KcXw?e`a~o2g5Yf8ED{KEKG{spVgP1%XCqe@%PXrLb9{Lr*JXIZAdsdz3+w)bYMFPOhai?dnkGxj?l z9-bcKw{M8g*V}pX-I({mJR$1X0DVxuPMf;6!MAwXKUi|nNIoR)2yP$kq5~8ur}qQO|d@5{RMvcuAa$rOyZcw zwI@tjqDG^=znd~h_L;Bqc3OGL&({=ez-{ELdqK2fp1Zc13Lc#rjzxSeK*Kg z9ptqZesE4qu76HhX5EL(pLrSFbRU`hW^iM_k9FUF9(k&IfV`;#7%u$lzCOZbTS?Y) z`HbJMMc?#p_=z@`E7SKl{m<#nG$Ic4Crf*d1^^H#dINM#Lt1Rd$rtu1< zk?BQTpA3YBepb~MhDBXv@>|f?I{gyA9cLc~<4=r9YDXgN43F*kUy-TNee4sQ!Mqy1 zr^7P&WIyLJKP>hMFvk(zT;8BC7a!Sd*_G5W?pAz*?HYv{5T!WJ%{gw&Ux(VSba-YU z<$u`vvl}eRJ=(>Qm}kPc>+n*J!#F<2ICYe+2RAvrIHPV1`Y_dZLZ;nqX@rZlNwlGl zqfOp9B|QOi-k7T@KMiwd3APVdx1i3OfHCWr+NZc^A61nevqB$vZL{|tj=vXZRd&JV%_2Jr zYq31fy|rX(mh+#O()kVN<~SecZp%cTP4e%exAKuBRc?WZTmva2R zW-8$n{UT)}7ND zN~j}S$4qX)_KT;e)6t#}Z;wvCE8qVlW&FoH|26c#gZ|s2HUGkX4Cm($jL1a&z6^9D z`kro4rU7&W3d8>=-KiDs{{go0MI#r*e z`nNE9XW@KW?9Yolb0Ks);^SQ8Xr<5>Jn%8hr|R!EVs7^j^wY#WKIrSRtww*otBZR< z&=1t@HLkreeAQ#Ry@vhhG5qOQ>-HM!8{S%sHxIcs{wC)ki^8@#w*9W?ah;9hEc7)#VERp1zYT#blOY8siw>f@pL{+>h3FL1sD{V6>U{lMcFqK!0TbB?317gNt`hv2UFiKFa% z`9Pbxo$_%y+$bND(Z;f$fbrBY_75m0s9!}KOBE^m^K6gUS3|mV-<^3YR@T{MaR6;2 zWGc3EOqzcGKi}`pxILczaNqtk_6#(QO8N7nl~^;e+--UdbR^{NfhNcz;^cUo`_v|Y z-T0aF)Xf~@1^JK->q`gru`-_w1N-W}NPq07qp!noj=QgpwIa@i`{Tk~f88G!A{|8$ ze1DL0u`P(B8GG;`$6?HgVy(-%ne$ob`$jM?nkdDX6ZTT{Q}JD&hB)MD0{rUl84Xj` za=g#MIoRTsu_|)=1sG@4rB3~-i}|2NH?r$$71?FE6Oh*u?lHk0XULBmiej9DxQljK zn1jW9`!nY!!(&lCD8uLYO|7k9%J-!2gd5+JUXMK%_f);rg?AY+2lZc{zk9Z&xW|Eg z)y>%RMV8QYquH;b4&r+you@e#x#~S|=x1TvxV_VIv}|#&4|RhtTii=U?wwOo6R?KE zy+6~q2F0)rm~hxv%i#H7nf6%@=80=3at|YT<69(-qV8tckP|(2XV{cEjx zD>8BB=Ha|J_5M1YCZuN|w+X@gavka-{I~{1UBGoG>Vs_&)M41E6IhR^6Q~cuo%ZwX zk+*iaDTm{o_Vbu`_~U*i%pIT3{Y*%ADfcs>Kd0xBQN~3b*tf$mAj%VKp4MObx`6Ef z+&Lyi9g3gHI)gDK^oR9n)}4Sq%t2F^))d2kWNn?|oHPAhfqklB-yi3&O?bu7&2-22 z(LJ5jf;d>$*3`KXH#zJ!fFXyM9{H{&?#v z2&?Fb4n4BwgtY!S^(gAtSxsRp#{FB6Eq@$*9@{34d&v{`IoC&?oMWe6j+ij1tIzlS z?u@(R{V_AYA))&j7+*6Sq}N+F#5@7g{8v6h)_M*IksV}ci5LU zd9sl`j@4QBI9}g5C0)faJL?APqPxvzd0FV6B)CV7b)$VN z9YM|k;kjq|48uUU6%6x$7v7g!I42CZL$FiMAqSi{#@vbGp2#@s$?mawzaHm_CSIhh zTk%Z^`kx5hTD-Q=jx>+OoFVED?Hd~H@H&h$QAfgv19ijt9_t4D7c=}}Shs^6^Vq7G z;WKRbjiFs+*v~QSZiKxXYd>(0APnBGTvrAECSHcKZhkuV{P|b|dU_V*rb3O!_#sT$ z*1Fzn zm+{PtNqdZG-;H!5za`A?e$UTD`eELo1DW3nKfg$K9AS<#`5k}0vQ9<1>394(#I>$A zUA%UFI)e78=r)uqcosE*C(3UT%Lrx4wUejUeV%*B>_&NjvC%E0y-P_xVMaTq#5sxvW`Hep7|c8N0;BEI`>yULw}4y>+Yh-|J0g|s#CyeN-(VE&yxw<} z^3tdGUGaJ{(#E}4(~+hU=;|}krej`_-)k(|GP9xVvGaOMA4EBQ`#hb0$`AHY+hcv+ z$RqU%@@-=;xD7dUF?WdZE!HyFZx~3PAWJjR&(!-KD31tl6j=N15y~chI?ICVY?%L# zJv^FnYJJ*opB|3eV;+7qJ!Zx{)%wWADafqXH^AH+_GzZ8F?Y#6L3};+JK8X$G2Dc< z3*)~y>O>{lr(F8cF7ccJod>p8NL$2fqYgjhw^96V73=6gd0~H<^fAe;!&KZ;?oejq&7p%UO`z(Dsm2kO7v zRpy4dHio8}UGOnW?qdF)h-eWrHU*&hyHmi-HqtLpkI zJN)8jz>U=P9maoFpO9rBU-1ne`7oqg3L>`7y1KbiKa#$F8jIk4B#{_OdVp2K=Ew&btZ zoZpb>sCDq|M=OMDe8a^lh8cqy?TRh=8&6j%tnZ~%y4Gg@#===-)N9xqg?-|&C4UQh zm}L!<&-GW>?&SB~Fs{6^qc(H>j!chDpJK4KK}W?S9u_>S>q z*=NXz^DBYzP8?%=(@tg7*|>%*SPzd*>3$*JuS%qA7j{E;SUWIg+g)7yFI@k}y}jE; zTQpz6?>{(3g83?bKg4ezey^dN9^shj-R0YVwQbZ}U7I8CsP;=;@OP$HVcd>$AAXgJ zq^RRRKs<4r_g2MmRWtgdPoHnm@Ay>29Zxxe|M8vW?)Z)hX9V|#Vb5{}_ZsZ4aN^*m z<@fyxCx(88o~wYrD8|k)zAFa5mGr~!z&;hn{7HpV@|)$`-!n3gv9?V=oUBb6WV=M+EAvC;_PtF)82!!aJM)`F?@#*X+QWz%qe1c z2>)hW8%g_MM_)gc1dFm(3U;CxXlPz0qTQ?j`HaXl^yO^>y5KC}m8?}#Z4!DJ5mt=R{4?g#+ zbVbjwY`?q3x(H?Q6uG@IESp8%&w;&-_WO&UgL@_fnfT7bsNdK#@Zr7ZrBu(nbUB`z z1{rzqk$SrV>BQNSsml$Uzk>Y?=Dis|eE*^NVfEYx@cZne!!rlLWi0%D-1wajzY`3{ z$>2E7a4Z{!zRO7THFaB5<`%n~-O@1j14AZ4xUXe{_r6o_@SXjw2%F!MEM-_G>`x-> zViWd+Z(M7Kc+K$dn{1b1T&2tX&Rh0}?!Lwfx$Eq*8pzcB@PmHR$g?oF|Kl?5_f1z` zxI~rl8f8?3vZ~y-eEZ8Nrzh_Qi+xvbe;NDlE9s6jE1qldMp>qk?`|-z_OeVBzO$Xc z{`2^&Wf|6Cy&oF>$02Vxr@*d&|B>*6@B3!Tpf4@V^M+2vd==jJh@fvy_v&?(3%l6w zXbRaOhJ`)VWe6{JANE_reLTau5BscfUFy5D?xBxD_hDn9r|ya3Jj>?2k z@%_Q|XIWv&-KuQwWvr*}W~BM*?LXr;<5;egKg!iP`F(t@`+kb=dBZ%1X@ogl*QHHP z2s-#`K7;-z#<5PxFg{z!{*1%9s4@cVd&Ra zZcDZ$I-zr6qHS6D8m@nc>lk$g-2Vf1>fyckbu&(m2M`AL30a6k&krNM3ciB@T}3^b zw`Uk`*ze?WPJVd%WYjOzF|4t4ao&sJ`MQbi3ByF%Fs8ODSf2vz%jLoLWi#Z&_j@R| z5Z@MBxVI~|@D+@2>-u5~{{v;5MBcflYa-lVW&6(d5B~6t#)bs;*hb)gAN+B=JOS^D zzXtz$%uIirGb`(|BdGJN+gC7c#Yijl4EL;aZVq|3I5)?A#cWFs;Jy7F7}I&*FvmOu zp5dI`h7rHYa?Xy=vhBcJL>TWi4|}NC_TNLSYyZN+^lr!!`WcDcXJ8#`+2*z;%)PkV zI4;G$2#mYIrK%Ho?Lc0Uk5>?X9rExW;GIN1YIWHnugHg9V}ZXPb|a50Bj$JX&rr52I47V zABJaSu>aPLIcN6YI<9h6Sr^~murQa*vqhiS3*CXbZmI5Nu3GJ%?NH~izh|e>PM5u; zA}|l4JkQ^a`F7|yl;?r!4OPfDp5?hjI1BJS>?`Fv&%eSMSxZ<~(a+pJh~I<8@9Xf} zX#D=#$h4jx=KH3;oUWPPP_#4d)OK8z4u{ij?7QI2zMjiI75Xl8N7~{{+p6rn_qE0? zoa3a|M{y=nTam4b>haD+tarJh{&+8ah84qEC2?FIgqi4Dme%JOt-na;`Euq7Tz<>7 zg>btX%`;_?ukU$dDDO-e)+zWo0Kd8Kb)!Dwy^IXkJgGx0zKgTwtR(g$XKFhz&c+!p zA(T~&?;*2(GCY<^FyG|Ge3LEu065>m4wEl*NA02cb^_c_CA;pcZJZgm2x-XPaaRe} zs>mCgVY%;SRrc{OB3;!uZ^uF!Z+``T;je-5wbm(J_N#B18EUdr$W1A|*5H2=`2^BJ zMoW+u+oT2W6yQvms~sC@SYpy}*|E~#$B%l3@rRR>0p=fP78zN#PmtTf7NqrJq}4mu z#rDp(LRynZ>%}Imr+t-YZSvh4$kGXx6XYp73GvM{Y)Z%h@y$bglT3WElNaB@jfk%p z@zoW?SBLnDz4-dyEsW3I#`k&@zT577gO+V1%YbrCndJE^lt3v=;m{YC4Ht*Z^EE|({eDmS|ecG{SYA*7@^rM^~ zf5fE!E~bC|g~_>(Lw}z@eb?s|1?s#DHeW;8)|#>%Yh zI}fV5HEdz*qQ>E@`RI3NrLaFQ)W-Wy;l8o=Q(kdKpM7Zgj_td#pYEQL9k-#qO)%W| zm+!c31NPhPU%un(2bS;nM&I%s4?yoP*th(_gVfdNLwt+6nddN3H@87Yv;V>Tbf^s4 zKS!Ub=IdUqbCn%wQK?X~N`*VDOoHnVSU2UIQ4!Y|4mH@^!(PDdy>c&NTP4RI;3L z<^ps(`oJlB9Q@$>QT8~l-K|NcI2RZ0n(mDu(Rb+UoNk8^Ci{&g94EV5EfvQ21bx3; zeDL=R#9!&B$17KF?%i*9^}Kr-=3g-vpL?g*QIT~hS3G}+Wwr+ISAs>NDUmw6Il*%c zRY-s186vP2dpF%yy9ly?{X`b_$-?MJ0BG>oC>j<8xVmh39E zBkt{1N!Y>I?shAJ@pcp@))Kui!6@3KR&~!mM0M`b;Y?{m8$L zd#&XbwP388iyzHeAm0ZW&iXSgj$0BQBj_EZpJ5}e3YKRl!sQD-xb zuf70X^A7v-I8P~TV^6uwdG%t(%lI^x8DPRRT$26Jq(QUu;((IY-+EG|ojR=<+M{mD zErMC1xgbuuA?^EFM|HeL-dM*DU4`@2koNEk_OLdjiR~8h^J~`6ns!y(jWJjHEJghs z;x*b`Jzgr1*J9dVfoumE75LG-eVK+o{T(WwJNT3)mT;XeCj*syzR>^Luqp$qGU)g$ z-l;;{?v{}c@~hK8{|Nh!9kuB^xioTB>dO`VHK#Bhz3j;O%G6iB&SKo;!!{ml%E$&> zZY3YGSe3oIm+b^Nkyk0WXxDJ2jpLuA!t>>e*dDJ#+lBfRz7J<{ z7(EoG9$KrinYELkuL|lC+ds-NbjZ8SsPF5~bn@h$^Mzaw2%htTIlu5aoZ~_kHMSbp zg0!)|>i$8go~zgCLA?#PsOOlTke42tdNGh5Ram!60(JY>x%!CuT3E*iOBc`1su>w1EA2<4?ZN_ISn`jl{6Qa1Vu zrMIC>PX!B}b#nj6jKch-b$?Mh0)2tG(zon^+;E@I$7`109k6J&e{Jl!evWl`eINHE zr&2WuTkWDu;FrX@cIffN4HnEW;vBUO_eZ?smcSm_h4Y)9veY>4twfx|;dVCsMB#?> ziRWfv|1;b#p*!zy#JMZxzQudAqyJUrZp*~cSBk*o8Lh?e(@#6)l>X`Wte4#AH_zo5 z%}SzdsT28K@uw++XlKWply9wxCl~Qx6VKMCCor9BF!#eTX!99(7aQTax1$}Nr%K!{)N|hRFV@=dgLVe@;5Hs< zh%?{FZz(y@UmZBp5BMeNA9;<_4nGyzKm0(SVElT-53k*Ab}{DPi{Ur?;;_u57qMQ* zYd*vLtwX<@XWr~a8rPkHI#a>wmmXr9&prlq&u#T-^cSAX-a#2byT^PX zkBHkIhx{i|e?x969np+T9uG0i2#0BAe5l`%-Ows`9GM#t zVQkYBotsTzzSG^RLgT=XB4IL7L9ZuZLI$Y3-gu8yUurN8lD+3TAX)lgQ9vy^tqZa3m(oaDfJ?q*AUvp$XQ0+5TX$YqV@l3G%O{Uca6 z3$>Ka{TcgH&;#sKT?#(MF#jIm;+!DVQ~0Mp#I=-hbt3G}d9-Ji&X}j744ZL7w_M72 zX*XqhJ;G{Pi}YZx$w)B&5`K$nY*pia-HKyh0>5d-@?HlfHgpL0c#p-s`S>ly{X1Y@ zhjiW#cdkL)?m{MTA7fMJO9-q4SBc} zZp-P0I$nnQf_3HR@ZMm`s}ox0RJc8$x7xv!{-HyPG+Ve)77L#J7y6;j3qFf^Zpijy zS!|Vv@>$H+m#~f^4HeKC7TV=gn|b~NCHjh+EUsZ6*7s3|`3&^H zaFl6?43P)@eNX10DVl@%UC#B#pWD;F(O(WWyn--Ks&B9CzUOP+rnuz#}Ma*aMPe3vMjalvl_ z;jkU#Im2PvWa_ubbhoi**ew!)RYRQ4iddYxw9e&PG_AGsr?eQO?e!93x!z zCv|;jLi%w{`H!Fv@H6;{GLNVOtS7~ATk2gZyOSA(dqw0$PUQ8C3p4Cj#_yezLh3&J0mr6Dqpr^^C#)ep z#`!j7bo_p@HI!|AE$r-LoW8SJB?Uu0vh?HdR`!MQc|?b#pT92@82pkr>s zy7R%nc%+oymAG?8!z8TBVLco2IWmp3^nb;?A7tMJ9mw$54lq1_&dv)j+xu!Dyl}gX zy-^B#t#G!!<(5wEa--|(8mv|n&H7q1&cR&3nk4tz@?34Zv^DNxJr475SfBI92nYvz z&M@zXaMoJs((3 z+G5p)HWFrN#7lOBywGM=?>^PRTA`}8l^Vvq0!U$oOMW;>2|zpGK7ab~z33a4>q^ENw-zEbg%vl>ERU(NRh zc}@L*eSx8~`k(9VSmp-jw{51A>BG3@ZLA9(?8Q2pACJykr;0Ie%nNnK>XkQz+DtyN zw<9#7)6;i5Eu5FTa({^JAM^aw6c^)9FKo&mWNSR~SGf^kFz;j#M*Hvt&Q?d*dMwDW zTfwKT27DpUY}4tV@`z`1Y?{WnLfp4ON3`f~2w+YbVKbcX&T0$o9GRZ@KrQSjN9@mJ znZ5xo6Kh^jkOdXtdg=T4rUS3N{0F|*V{`z^0Oj1a5$nGw=l9+Zl=U4mum%b}fPK%_ zni*KbjHOGl*LPUUymSb2e&MFS#2ET7v7hpsq}7Bpv(Jlms%V^}*`VIxJp#qEA+i4g zrXSXZPoeI_kUyLyde5hnKEJ*-Y!Ac!b6p=dV0^d1FaKM-^4E14GEj{2$2+d(T}JeW zytQ=fG1T8rs(ev@Kgq_ojxyPGA?K#9Z+|S+g?pGUii2aKC1l;qZ=!kMS;{Q$Jo25T zUg}oA4kH@*69Pg&2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cZPP5CTF#2nYcoAOwVf5D)@FKnMr{As_^VfDjM@LO=)z0U;m+gn$qb0zyCt z2mv7=1cbo<{|Q7?*v~|^=dy19`lOo?Rpf_>czXQnlWs;-#19kkyyIV=bTgug{V)+v zpMQPQ&9N%(hnelUJZ7###9grPoh~<@vYGV>$PM@-x!+g#66&uTQ!;M~(8sL_CgvebUW2YP26F z;%W4+Pr5lrjq$@oJgxrqNjK*xU&bhJJ5GA|et>gSwSS3t(*E^HH|MAtKTO2a<6ob2 zbB>zqhlzN4{p*u%&QYiNVP<=-@b!*=>*Sd=1M0Vv7k(flx8UL#6b2r`4&~V-L*IL&!UbEDcGR+x^-n zJonek{nyNMuia$szv`JiNzeRMuQ8u8=6vJ+u4n$p`1{da#{Q0H{&=P_&HW$m_v}BR zf%N`llrhcoKj|>`!=CxNdH!{eU-#=<&HY`*+~b))jT_VW|EXi_&BkmqrtjaR`;Bt% z{u@(`xx$!++Z(-}{bwefKdUo#lmDMJ8v90L?lNYNG5b6-W73zIXY3|j8RI`=((`7- zbAQv6-}#(c_{uNrf|XTFs%<|mBVV9b9pW|wFFI%7-|&aaL8uN`y$ zCePg0>X~nwc-}Gj+h_d!#>mmz<;LGkV_s=Y6YkGPdG?>1{QTT-`1$`f_YJRKnCE|C z(*294JokMWV;=U*o(^N0^t@~G{hR%~&%b{2w^Xg@?Ce~jmcqWGF0SHrE3{d+qOQMx zU%Za?{uS{$r4qAeBb03RSKt5sud-P+yZ&PztDmj1-@o^J-@Etw*@}{iuk6{gr*U?D zef{jj%Ea7r=O&X4y_r>uRxMg|?Jv`bpUnQ%uV()w;b!{!`!cQykC@XxXG9pGu1q9W z&Q9R5`g&EbR{i8Bw~ik_Ud>s6kY=x4!L+Vixl;Rsx2*P`NT>w08QZ9^Gai*n~K7-lXeka=f2LR zbt+M(a{&6$3Ca3?nzN%QhY7Qn?&&W-MfIoChiR{K(uY|-{hc~ymKOh~xiVVbsKaLX z=9gqViSj6-M)dgKfekUkf4R=@iq1FQcq84&bo8U()#3X374`LpQJmn0^6XoRa#-4@ z`WG%~T(Yp=Go4=T{!;yg3eV{0Ko5Vj)hWP$VpqScU)s2|{+FuPah!$7Pv`F-J_x__ zmj~W>2`18uzZE(@2jOY^ODje&em*z59tlPKD_8!#4p)1Je{F&n%zgX%m%?0%q<5m+ zAZCcazw@6HGZ5cw6iYHWTcw%dXjsigy2{IEL!Os*=E?z509RveEMI|g%{a(@{p+~5 zqBD*7CgAQK+^4-iy#ncS`j}p&mhIWIqP#ETEL~QQ^d?lDPG?j_qfw+K;}F0v^tSS6E(lgU{V;19{r>A+*iKLk?e zA0`3NP6;@SLcTOHW2G9ANHio8BOnI)Ptk%~YT4`X%0GhWq@1OZ&GN=QCj9b*m(LYV z9*<7tnaPAPlb(rq(&?4ubt{@Y|144RNt);D4UZK~bx6Q$+~OVM zPxt8xx-zk{XQi40ao@A&CB<;b$CDH3%-Ad%?Xv*%Ff%bhQb7@wG(=xIRwUVfl6bo!Wo#*;ANgBJ^o+$gzf_R^(u zSdZ$KA~F;oHBWNU91=wprJ?$xQKc6Ba_P!*>-SW^yk*uu{47d;T4Ca5{kiakf9v-s zRny}A_csrD|1JNi_aC6;{`&M)UxMZ={2jngN2E>v{(&g(`+rQv0c|-D?T2Sx(gcA- zA0Nh_7j7bPDy|uY?nvS~OAG!^#gG1YpLXy5sro*{JD>l|IzKs=p48l=XFsU@^QnWz zo%d;HIJ0IQ)b|;iXP-5Trgrz^)6dPC#c-L5Q?4JpzhyL&HbdnD03FN(}2l4_1kG~aZ zJVqpHWnwlp&q^)U5D6`YOMi#@S3U<0eC{VdS*f7!X*%gslFmved5Ty4A^!?075^ch zY%W%!oxH-X$_d8a=(&G>rm?%m?%nUXw#B>e$8+`1jXmx8yNWG3)0ffa-m8~tv*%h9 z?^VslZsNUasic`Iy3)9(jD4eLU*Z_kJU98Uv77W==eh5_W`}p*kALwl zV>j_%lQeb{&SI0^>w5M5y-N)TKfnKIxL()ixqmTko}Xvzwy~S=zW9`}oBV$l3^mFfGqMh8#F@_J6#svU~4z^#%SxIAi_m!1I21 zNxEfw#yBwiFlg$(f^Y)!IY*_(<^u?aA7CZf$yH} z`FIzvkx$3J=h^KR&%B=LgZt8VJo94zzE^%d*YEJ|Uqpl9wCM};Pqya*^W61a#y#Vi z7ucTJ*hka<%l4e(@*3e3+@GqwWP5Ii>kIQwwr7gNOWdzDx3rP%IjzULf0I>kKk427 zl1`WJmhGu&@b2GG=il?}r|57I{^j}iC!{?08g-x5IP4 zp*#P6_56JM4ZT78P}ezOgr}@-*M{u`>e3C|!E^Hh z)*&xV<36OHV>u$ehGY5h-3xeb^zR?bbORm`UpinN^716*FEeB$0mp*;^#z=Uy!0n2 z=_%XuPsc4UkwB<;?zrXU%G zIpCOE4D+7T`Xt~y=%pKQL44_eb;!$;R1O(Nf_RT9Z~5hLV{FL81srp8>^hzst$@>z zm-%viW0Ib;JvZ9Hhq67BE)UvyoiEon9=ATrEdnD9#BK(*e?smRh zeJO|~=O=h^BKgSne5p1V)TwlOC zO&Gy`MOnLUbpGdjo!sxjv;a?xibORoc&R})}E=OOUq;$?ZI^==xG<#62f;UtyAfb}Tbb5lPuh_^9B%zng0rKhjZGkd7d~AljU__$YtARzL5D zW9K~J0{J;+IGp>^e;=~ z90s|_PyaG&5O2BL!HS;kS(eN>402%w?jMi;6XatDqRU-odyY z0js_&;5EO{eK32zeqNRy$X~YS?4$1I>*r<1tbcyE`Qy4}E&lyunQp)X%4=i5I^^Yv zl$#$g;@jn44`$|<+p?~~{Q36_$}8jFAIvN$r@q1b`S+bQ|cpfKPfL zKf!wie0qXz16>!$Pwzl}g7@<4bz>~(HqdqcJWZoDke}ea6XV}l$FQ))@e_pLIGo*z~2a0}1X2COKL^AbUO@cN_5bHk$R>XLP{rp~OJse^OZMw)}+@*2FHd~@b}*eTln zkIq=%y}M6e@cJZ;6Og`hl6BWiJqNqd6fBFDF8I=yrY2|A(T>0P*W!MZITPIKXgOle zWV%?T3etPmUG&Glla=02eDZIn&N%0s^JX%!XD__*y2aOC!|?rloL7*KX@yzn--Z_w-eypDfOd*x;B??^rVvcsE@qcn^m!#PCiA^Yz!AefSuCRCq>B+ztAe`2p)17}OOAfuzynj)jC@07D z7leW5x{m81c>1XNI2bxBPy_EkUOtuib!aw&xZrU>)-EH6DC{#-vA4`2Qlei*(99$tESZqfA*>D%GE4Q5u&tPC#MYi|fg z*F%^+ym36?{P*aQTiyw#JKHli$62Rq?*^04rCs^lZw)>+@Tb*P1_uXCp0w(g;7_bg``KQXW9~k>5 z3+iX)`k{Fi(ZtI^(Wi&vBtrkE0F)*!Tc58&zJudu|oI3 z?D_J)!Wzt9;r)F1Uy-Cc_UpD4`YW`%fg9PL6?VWn&0%?HWF>@NwzkIe}n!DRjJzaro2_C zN;!-5{xg-0-FwbG=iK+BrwK65I#Kv1#0>}h1y&Bj^xj)y?^ffqkOgZ&%eXpL*KCRV-Jjf z`p{>ddG_!T)(>{k|AJk+_#YR!k6Y=BJHf84!LB2_f~~uPBfEBO-L>lo|JnqnD3b(~ z&oZa7HQ0J2II=Z3a%9)mt-H1!*>z;=t|OGD5~M|iNRcg)IahQmsgfQmxsp_j%a9o^ zO(IIL24y>wTeogKLjT)(gpBehis(OSukrae4{CbF#qa$ax4csOh1+}o_F(V>k4$WT zY{!p0zH4;n>$`_HfBp-{UwZkA=T4rP`q3ZT5*$7I{D~JPKl`~C4?X(T;J^9d>0_@v zcly*bL}^zLvPB<0HU8<~;8RZr`wu)h_Tx_a1N4z3lrffnc6jqwE=G;krFOYifAzI3 zL7`cin_u|y`O0UWm_cs1a`qj7Z z|F|sq_Pw1ybK|#n+rF>ze|=2L-*EAJ|7S_lE1J&m`g3<)Mf{c||1UVA`sceYe(yi1 z{rP20>v;dF`0?ISfW0%GapYiAF4A%n$RzY_Sy4 zs4mm6UaZ#YUuiU3?F$!|F1effSnud_$DThoMqZ(C0`u0*I+)=44h0XFCk^3ZuHNUu6s&JJ%np)qnsdLRk;SM*C*u#C| zW-wQ-mh$4hlT@RN$z&i|`D$TN&Mu4fw$oF2>r!3h5w)ij<;zuuNMW&1ZO;{ot#%`7 zY^QX+K`;5xisUlspYme85-mp6mIJt*^qc2duURiNig|52rK!F$LvPm$`8u7ax&+HB zwc`0aq4`Ris=gFNMS>jV>9D+3ER)R(WvNT$3?t8|sHh7n_oC8(@+$8uuX10$JfOVF z`^u}_m)~A)Rc7iJfIhM8-(;C&cE)q&5gq+PiCV}v`ZUI=RKRx0BRb>nj<&zucu5em=p;D7oc z`&=(n%f&-swblxwYOOuL5Y`tiHEGmT!o_H@*0>bX+Co*e!sexBD_Y#E4ec*?q1??a-n6miXS$(>p@^fd8x$1oW4{O@>*trUg;BR$)GRB&g3X7U~o9werH@Rx8Sv3N3fJ47ffvKh(lu7ylyv-RabwzDxb_J^Tp{mqE?~ostKBf3sEUgYXd!CTg*4+y0edRso*UUWYeMT=x&_|rI=X9q~X+(w6rI2k$w)>EEi?$yNt}^;()HVV;MKVuU2kmU8>#yBz{i82P z+XCDqk9c=8&sPiDJn&wo6)m+6rKxOpTa^}#9{SNOMdDVhV}=lE?k_9Qn;WwY5*|Xg(1Jf$Mm>JkUO@MLWxo#ms=^bWI84 zELnliMlENhU6(9ZsL&$cDsH@RAH28}=G}mO(TSXkQ~~`A+Os;Uf`Gd6by`YZKmY8G z(w?wTiBr-8wMKcqT&2qkZD(oES0eh==ur6Rj^?9I!SH5o>Hd}V{ey-f2(oBmsCSuq8k^WlKAIVaG z>P4w!?Pb+g$sl+swG!6Gs1z+NTY?LW=V??Z@Kn%^`L%v<2W$$YF=Aq+wW$Di!VtmywVYw{oExHR-mC^zA;3 z^y$8jw$*%dsI1wakk&xDrEzydR3NFp5Eaii+lyj$__O%%RFqm-^FC-^-Z9Y^74czm(mx)kmV zo!^vpG2bimhaGi>9tK-pI^?oQ&y}P#G-~keYt*3Lp?_T|@>|q{Ew6?rXuviXXaZCD z*FwvGm3`tVEy9f6=(#H2da=TMEo|5KgbOrRXj8OUuklK`(=54*6xkdL-5w?{o$^R> z{ucJ~Lciwqk*{^G9?@~e1PEW1^0T&!qxLt$TCv!!(=-WR<%>a{|Dhv74M$xiyb33? z!%{73@`YMvI<>~;y3KQ`ct_J_YGU2d%~{CXg0LCQ^Id;9>b6p}7g*Zq>Rv;i_mm$* z-EYx2vR!-0QaAJQSWj z_u`9m#o@FqI zAG^++%d_pdfQ|#%T$Q%&&X8+%f|FlCq#C*pa;Gy+txN}E)^RHLqH|S$B1Xei4|8}? z8GV(OuF`8^K2H;pKgrmBu2DNr*X-jjo^Tso-r7cdjp5xR&-th!7nfJ$7}8&9+@>?+ z0U;uGtX52{<~!PZ!X18Fx#F{$myEJ%|GP4r41<^OUS*Uxkc{2U7`1HbTp~g@EzO74)PV;*3BJy zBW3F%)z4?UhupTt?S}OuEx7v0jVx{??f3k~D&dbcI5tW373o% zdMQ`OAfRznp1TyDIC}EM6F6OkSp$lk9Buth1!5yjJ@7hQD_p9pK z-@ks#eT|GCxq9;8k?T}EhEDQc-`!{w=o(iF-T8vMTfb1?vqLV>e1kv9Rw%*M-LLB~ zqC@%GVyKI#-Sl(kXU4CTNsQnv*71oPyJm9367{)@aQ31$$H(j+fK-yl30F2vWR!Q| zc78(l{%+>QxA%M>K+B!*oFM;db5#EId#%#c|MEP*mU23$wSACVaLA~2joz#AktUrL z(XE%2aUD>&K>g%TuY-HovC}5nTQ}2ok~z#-+TnWtbv`nqJ7K<3*Ju>F?d|BCj1TvK zflgW3OWWVNTQ^-gl6Lrn_CMQ>RK6(7vG&m@?T&Ouo~)-_`_HW<2wr{SHQKN@>9N

vM&;usEwUJ{>SB@`)bc){0UnrNNTK;0WM2AtT!{syi z3sHG~p`{A0Ui$s@h5T%}MGJ;mW;t(!^A2iSPKPVC2JI0lbe2I6$y^b-yv)sx=V$5u zjUO2Wnx?rz=Ul~>rRlDQo;EoN_jbVYQJS)IbUNiuxDx5SI4TEUNx5sFhy%Lxx`R`B z9+=-wzO@&tO?^I?-%dX*=vMNGZgRLjx{2T|1jV!?;Q2*2B_iiE&#Jc5r|roiou9NK z_a*`F|H*@dP#@$4yZ7m7Tyvj^*j&ITXGDV@hRKEGVuN-z34zN>Jo#EIEb$|uYLoid z%5&_>QQVB8^PFxGZH^Q5(tR4&BjrkExkHlQ%8vp*Y0J|@jVg!2c&?ZDPKw$Wxht7G zso+(T?!W0eV{uq)H+Umix#Ujhk{cnOc5AG%^sB1;+>!{l^0GU$`!(5r$=Ng8cY3^% zO69?h=gznvC5>^$p0j>(IplPr{d`Gdw;h1$1)40>k92U9m&dol-)^T}KA%6e=%$w* z)yUoYmf%x~!1mj9y3L{eB%9;3l#3b-YBD|3zuD$(d!t47;`h_7K_!~w zgX0Em?)@_}uBScM%yT#7wI8(q+|vZkrx`NK4)M8jxjN^c&n5VKS6F{L?~>>gCC|$O zwP-sx$P$#V+x$SDCeVGaKKb6Uw8wqi(Jb$1x&)>7=*mvzb~G1B-k-Chxs;UZX@dCc z&&d<#>F!cSe(h-PqgVK>R+n~Lz6*56LW`R{&JOGWdrF!7(fb>(*Pu5I_~^(=(iMy$ z*zE|7U+T<8yDq&<=al7Yo*s?(`#PTg{5Xc6nR6ifbk37+)}zSH$2mGZqVocJw%)3_ z*lF?aFfT5=kuMhNdM$33=JL&Uogc}&g3b1<^ejEQPqr+UOB3WVxm)qw5L_hBd7#zOxo(y3qtj$MU6IL87U{V$oo^96eKCUWp!tN?ZmVg&E!Hk1_A{za_tULt zp7ucMeo$)AQCVZp(W6r@?m1N`o;kZ`sz$GLP3dD%cRju^U&xDIUbck?+(oh(?hg06 z(~iUgC3@(+K)1j&pQVQLv#-~i2Y6j*(BoeEUFflcl%nVBGypj+MLeeR^ffkdUH5Z7 zO=?83PIHyD`TK6}IXsO&w^y_{oH}-r)-irFLG);UOZQ9kN=%hc+1olU|B@8O!-ZMz*x&EZ5U3^oPuzj)2Pf(i~DVOIfeR-ZPzv0P!XVQhp zev`%}<@5e4Mecc>1nzi(lh?aSJN5wtqNn3b+>g1V_7K66F zNkI*zYd;MWQYUk5UeGi&9`MJJ^ot!##GISRcIm|nI{H0^`_D-MSV@FT-%|SNo%AY-T z@>tS{$?YY>M4r=k`)+<};I{3FT)H2gqy;wHc(Qk9fc*FXx$Cbr?64@gewUvdf7)ho zjW*rogXuKgBDTtHdh#k0omE^YROlEtA=Rr{LLz#nPEMUo3X3(qdEzxgOwmF`D_oHd z=8EU}7>DnqXgehHJS!xV9%-hBO7z&eMO#MmZ?V>H_Rl7oZ$%zCbSs=1^|bG!TV>w- zWHTJc?4nG5Or4Y~_w%RH<5t&ozIHfQ_+q$FYt<|5`IKpAca4jHoU6N^PICZHX+<0# zAc^sM>E&Z7dnalBWMyn%{J>KO^_8;FJ4JHV&-%*x#|LDLA9(UpVYabqXAQB~StEn| z`E+RTv^*zWy-7J;yN)K(vad-sncbD^wClLFHC~uHnOaDii*)lt4=ec{1y`Q0C+Uk& za(Z~)yszaOy2%1PVGj2{eekIlbwbqZRynzG+_<0z4F>ex{$%J>4Z$9F<( zHlfAxQ^!swR8OCK?i^jF{O@1zh~W!>N%(p7#lj_@Zqh-K9K=wU@#bqlMRYGr*CD>Z zuIYxXdkOF8S-QIy;r+SQ&FzSPr-M`a-d(f2I4c-r|4a{|PV=*L%0G4HKhIr{P!IpUaD%tth}T>A6JPo3LiUlJ$D=cC1Tm`L0GVb);FJ>GLq zDpHr86VE??GO2s?M$tY;mGoPl}vhv{asYAw00xwJLF+;JB`_{XKo0 zzwJxUH(bnvz?q?bq+_F6o=Qmi?6I>nQ~I}5&0^EtSDt+Sc*++#Np=NKROpXyQXlgR zd&vf$oLbWyjkA-_Cl!yrobE3f9|Laks79V2TsO!3?y9z9w&G4d19^XyPR#7cQ;xJ2 zBKrb`lan2KE*vXSnx133dt`TAPUM_B{khX;zHpk}V~=+5rG(Cf>?5V(^u8T(lu*>` z&4R`ZhV|&_CUK&A^n`4#U5Vel<2&m@k^anS-JKfBDRcPj4tn6|^yK|ac~5VUuD;mB zPk7wfLO4sWW{M>~dDLSUelL*DdFTNeZLs*HfSxA17nAD6*U!(EUgu-!L#`+teA0V^ z@^zIZJ_Z#<(v!vh-m2VedhQb~&PFA!aq`63-NA7_Atkv#zohd;J%@ApbWx-SO#J%7 znrF)MjrQzZv+q=z?@Q>-7iKfZFMw`w=aI?xWchq@u4$(`sqddxi^B$*uIQqB%KSan@NL!U3>bOhvH;A})Zg6KIF{hO~|q~{0D486}r z&mHKzn6{rzFh%d?(wjtdCupa|^y({h7rhomTbHJLGq=!kX*x-vhwc2bh&z$q(Tu+) zu_d^FJIPY?*TMJ|jl<5BVfuG7{WoOKzR!^F{M`nZD}PmZ1ASg+`TO_sNln1z*3p0K zP0m6D5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI z5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X z009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH z0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2KI5C8!X009sH0T2Lz z_a`vgj26qyoj<8sovij~rQF*26M>WWy1|I%uNy7ZcD@sM`KZbt7(GH6vHpb0hes>5 zT7Boc9Zr*-X_apt-R&|`^;3Rb^S6}R^|$GBhtnj#!ZC%14^T#;{%ax*K71rCUs3r; z?LyQ@=-*cPM-FgC?C)Kbe_y>^JRj>14Xga4rA94L?@*}nj~(C)Z)a#+a7KDf8D6cf5^!nv3_1Rq4KcdGQ50R z<&TK`kxc)ut84zFyWe!5I{a_1yY7lh1;O@wT7FICkL^m!S5&^Ey(`s@+bVy2vAu7x zR`Pz`RrwQz*=C|2)(@+Ev>MG9T9N6m4^_T%v9OfXA6NOV#d0+%pHlhmN^_w+*Yb82 zRKBN?mUmR1KYX~5v~yMEdkfW4Qhr_K`)a9vUVl^NV@tJ0QopP6{pBjngV>){l^-bW zev3bL_@7>P!wAO|o-E~4@=*~72NzSEH%zGfsrKToM7apxBWe4$RQ{RWkEHy+qw;5pDfvbf2hUzi%X6A>xRRESsr<;Z zsd_g~s(j*bT0W!lqtB$}ODcb^otl>$uc-W3`E!PmZ3CE***Gp~_FPJYM%VjjQ~#(Na`wx1!Aa z-ZZ88pIe9;3BNYgRsJH&AMxwUrpqcnRjSQ43f1C*3OX$BbvG?@OyP8?c0?5Zu1k0L zU&>#hh{Kt7wNNR~SEEw?;>0)nxZc!txj`_M$bTfxe?YT?&&TocC7!uKz5Sy6}3N2c9L@I|1XwP z2!&kN3jL7q~xw)NRCs~K(lz*LL3Wa8imTNzb zhHr^D*r0JRS8KEu@)gqi8jCvo50$^eF$JgB`*(kDyh3K0etq0LBH3~NY@wML$D7BJ z`Sf{YUokmfH&1E)dX0znT}HM)w{`&m>Wc^#FEWf8=EM2~C`5Fg{m-5Z1GM8CLwp_{Tm7-#K zu~5nC-B7(Dj(gp}{M#bw&C?QZxU2cOg(!JF-_m6{g>3l|7WTURns_*@rBQN9i;z4V-&C_7Cyto*Z%Cs6J*PDlOYDc+macSDGI=;PbVEy3y>2)oC z{T=ah=$6DALy3djXtB0fr?oI&t5z=U{8mTg4^41P;eP8GXXRdZa6P^`sdf7y<7VSX z{j+iO(4^Q6a!EJib^GBF&ZjV_yz&TgbCtq;^N5Ydho_{NmD_xq(=F4v0i{AQM5(hcoz9Y$T_wZ%Tr=b2le1#KDb<@Z@O}BaqM+JJmFH_&X%j3rt6WjPxDygAorS->q!2GGws=;y!y-0<-6AM>(Yl; zxI6{*d(#z8(73%W@h0P&+mo(umGdcN%2|JnxXh%##XZUOe`L%l^p{t^t$aKm+^)_0 zJyK7Xw|dQgOI!chc(HL|>3iv!A3?6#u2k~QiR3sMxt{jJ>bLnma)a|}|9M4Xo99-) z_3tKEQIFQWiz!YY8DHDJwaeOLep)@7uS$I;-{|bH{Yu)t(<5E&$IUmSoVTNCtIzzl zdM$0`2I-j}S-U3RI3@K4xo1-MJ0DqPIR*94=FNs23wzX_(N^*t>ie#;oPxFIHYeio z9M7M_v$fJCKc2qtChJkil(Y7%ck?T@6Xdw~VPF2EQu^NIT|Mk~Bf1b3Dz@%@bV3bS z{o|aDuiGEGrRlp8b9ve!G|LwvS-0O5`A0h(Q&2k}RliN&--nrgw%wU}ZGPB#FrxW1 zALuym9l!7R=&Dp}^#-}9dZFB?RTpUwb0oeld~8DXbRY4tYn<*8k7|wf262(hb^K!s zT29+FG%e*G3MJU#Y#S1z_M*CCqkcf_9YvU+X4TWt9}ju)cp&Ue-B)^RRRLH+(%mlHkW)LN|P z`I<{NTXX+i!V2+7!h+wyroW+duxhZ`Yeqt6k5Vwzuc}Cta=IUq@U$ zbe+7)c6wc#kJ4TeO^e*xyH&@l?HlZRV(qs1W$AU3Qhw`AiH-Y*HBIA6&J(=H+VGC( ze|&^v3hH;CJ@voO@5@|>+O;Hcwtnl^ASe0eZ?=85?q}O;ygWzck{x%Ow0_#R%(?Fm%=J)E`!?P_ev5@Y8g~(Gi(`FPeL~;+q5Wih zY#dnoEw=ojJ7VAJqj@kJ&6lg`=MlYbZjALPsDGqam@llMx9qf%dhKefTCzlW&UtwgrwUsQv6X$z9{jUf1kd{WcF1_Jy0-*L7)ImYeGr>YvrLT|XY~ zq~+VRUGccG<}jvso%+Nmm!qKV*fP!u;=vKc){b?Kd(Yor+58)F<>UQ)-+Z4GJ42T> zz9q47@awdZobe-0A(SCx5{Z9nikDs{0 zf>(Z9JG<+82+LPh4eZdfm9+-0+C)cR8Pe`fGNqy?yrY zu=4xachk}H_`wO*r!auWwvaPpdshDkT^DUV;{60qbGsh@;4<5%kZIqxNfxeAuNxn+ z-1yl#7jvvcg$q&h-HzD#WXLgv4g629`-tDy@Ke%wethyW=TlIBKI!^5-Y?qx2)e99 z>r*Ik_Bw6z#jaPj-?4QeSe0^qKInL{>$0_f(@h=E&acG%PCZ@T#)0?uuH*-~Qq3(f zZ%X=;*Eyz;>2F`|3TMXk*u1lT4>J8?^Us&}_0r?&x5<>&`*)n(d)MphnIT>B!`fxs z%pXf<>otF@9G`c&{j~b=L&I#Bg0|n+x5UD@zE9qebUdEi<8(i7ekju(Z|Ca0?6j-w zk&VkAy3P6&)E`@Sv$5^VZQY}G@%Z-sgrT$I?U+B|D9ht^nLN7=d5)R>_j2vmnClVe zfVCrBNZ0S@Lr&^9Km7Xc)O)o5Da!f2_D^^xZO5*&)~|g3Q{p0aeyimk8B3S5cG~sB z{PuQcRA2d+er}lMH2#+)4wiKOxqeEn)3ww-@{vsY?Rw_#dt7zYUgsypt76~$GPzw( zv-0o1Ci>nlwUce1jT^_QHs{C3BX^tweth_Gq;_)SY5NH~OXb8l_@kFIc5+hA{GjV? zY4jw!5{C@*k>{tI=E( zmDJG==l8nXXE>%{cDA(I$@fsUXWC`!we?ewdouO@%l2zx&gQMHOGBe9r~Q%g9F(SU zPxB{!KW6*wjJ>O3XWfj%Tz~RCn8#c_ls6>#wmu9^nErv(do7Pmvz&tJTmM@;bcZu( zADBzWCJ%B44kzDlcFMZJr_0vw>Rx}G)5Oo)KajTH8KCd& z)A1VL-#Wcs_i<;3%BVk&JMQH7n68_D#rEhq$t{Wbe6L+C`F+{rU6xbO^1&)6V*iXI zonNNj%XlJWJqlXR&Jly$;nX?j6VsyR^_DqJ{^bs&-lut@!*U90&(`nQZu`K##CUz; znyB~bFSFd)-}e@O?C?Lm?i05;rjWINgN3YLO}(EsI?Qqksvn=rHV>B)evFQbn(5iT z)5hV(tDMjFOY(x1T{k--AD!Wtg88NTR^I0ShDla(cIXAJxc^6&Sx!OA531kq2VA>) z-BHJn?X?$^?}?3eoi%T-fBrNV_cfx$cRQ@t>+T#&>j$eMw|Q*w=pB_ieHxFWlHNJ4 z@|?uhZsV5qd;P?H>W89d`ZkWUX?jkVYX8m|E=M85)7oL{)dr`OI4``)f_Porxgcrd zVeR_9W!2O6+Pw7bR30||v-c;qZrb``?RxZf+V0SVq=Vcp?q0uM?#lF+wQIvny8JHn zgUi3gSslsWJ;E^s<+EGcF;r(^kH!;M7mv@~Q!J;T`c~hl^0D^B^-=M}{My}drG5F` zmpPqW&-cCQG&&;Rz2Z{+`rg0F#b%ve{msn7-FMUFY#zzJkZSCSed{mdZu!B8<}XWZ z@@zSJ4mP`1{d?Sept6~9XLf>n)jzy;{n>JK-?Dc7*SI_dt$)uLC*pm?p6i-kme|sC zJ-PVhTDkgeN96fzJDeTL%lPlxWqx0l@_k%0<<{R3J>pnN)mvvd1>>jn_VG7=Mp&8F zp#k+~%f?)gep{@6InDX9PUoI0UjN$D?$y4SzKX}W%NC8l+> zn$o|@atdbuHYbw$#lr5yx;b`}^C_tQ*aRoyeI1RzwEimRQ!xEHCzAS=l>Yuqe~m3? z^{Z+9Y0jr$_HS__X}?(5zdOEe?7z(U6s)~VoJi_lOzYp^dGJlRWc`H5?K(sEsSAb1Zh!qg(BXUv z>i7N?PW0%yTcrE?gr4IY>m8W#dStH|+goKh1+{16MC`?SPliq_*3~Na)qZ1O-{X<&+3d<>|f3`1-^~cisD^A<%+rDe#0?V1x*fY;2 z=E;+H*VcdXYOJ61|6sVbzWK%WllRpJr`FcDeIV(l?w1aB*48&pte^D%;PtijpS;O( zZf`r)-hHFP2*i@%8_yiL}1$_X0Q0=(&1_^W%Mm?f=YQ zyUxb;XQS4|D5_@W)l>C!J$}Ee?RjcR>Y@A0)b}Tzx}7d(`@AQeIDXDx*AIJsKz35! zhj==}#q3yn?Ky&PpV_}_em!$Bd0z7LblR^CE2^jMvFm-usr9!Y0`Pp0#O++(Tr<5RAF($V#1 zXj$}a{Mx+r{)UqO*o?#vY1;dvJU*rJCs#!;$kB`aiFIgvjO7%xUbAEEwDCmcQt!i$ zUz1|KoJ+>@D=s%%DOAt-MjG^}7E30QFv%dVG8DS#Pn>DlW`53X9R#xM)YpAF6XqVS_|L;Pia|9lE1( z<*{Xj)3iP~F~!;+mOgY>@@@Sy`MM>M`+U{2=OVUVWb;jKv7MLOIHLEz78Fd9xdK@u_8HsJ(Fg=T9{iXAs718@XEg$6Q zdpM0&elc21y=VTJ8>~lx`eXOwlYi0W=Vq*xnIF$Mo~CzlUH8LtjVQ`j%FR~F-ZRT= zjDpzvzjut6t7TX1Ws!F{>UE#FDM=gm!K%pZ`t(dk(zY%k z!?Y+!+WfHCk6X^>e%9E(N1*;~3nkx=FRjP8**w@XEqX(v60aMR*!CN~{FLVB){gCZ zVZ6;Ri?j8b+@G_l-%l>7eNCI6eeW-fh@RDJ<9gtD&++^8#lCU<>mg2j*D!4L(A#*_wf%U z-^Pc{J8xh6*V|QpZG4)X&ewT8qlM2606)KvOtF0mI*$74AK^^mIw7%*BkQkcIwCiI zeto$ja+{BRcGYjQmtE&<-LUqW{p@;i&^5>2ho(ARdwPBE>sfi@VdE(~-uyoJCi_o8 z{j`1HwvdI1`o<+~yp4<1WA*l}16t1Xv+Y>-*KNl_#?K}7b6H~Z%l!27L;KD6c==r| ze@kMMTY0nh5N9)=0sL(Jw039to80V~ee-8yrd@8>QhnL?46=5z`Gf3d=kfNgw8zGO z-#E@mzKv7gZk1>2wf5L`-lvtjtp{Fi+$W@-?DfLtkIDVIIwJaZoiRP*lI5PQ&)Q?0 zvfS-GbsGm>U;VXuvg0}k#jk9Ao}11$+n3V&JM=RF@A&oV=v6LHLBHRzX_ON^I$vpB zswcj8d18{~6m(sC!t`dG)W272`~3~qSl;WNn36dAz7st+=I@^8xt8R9|3qEweZYFW z-*!KITkFj=Ywboc%9l&2edh_6Pde+hzMwq&7JuyUKfUe?6C6{ZeBS5&*{<#7*|#a( zVIk$ua7rJ?>ae^U)FqW=L-v*Ci!KFZJf|~d9&3hSLZYP z>lap7kAjxpew`Dv54T*zZ(69=RN7#MH<@P$!XT^btgL# z+w+AZCch?fTNkX|#((lI=TpeqyT!uzyv*!Qn!PKMZ|mn|M&HhNe11ptcRT;dU(>%U za=Krr7ZUHioSa}e1szwxrnxe`m`G>amqp&;sMkGtTaxC#^{-v$?S0x{RrGCMnqM|Q zE#KA`J1-fuKH2$kc75s7AD4P<-Ld+u9*e_K(ew63B<tP zT;~!rj~4g?#n&XZ`DE=s*-gv)^lnPN`DtAJe&!D6QyArcXx?3y*!1lBF*G4^f4xw< zmjBsd$={T*m)-w7uJw3MTF(44|2LXE*F0aYU-a)oea^|LF6Cr=vK+GeL9=W8Hg+=p zPD0wap|r!UpEeGxABXNpexUXa+?KS>ALD4e z&7PkxH$~sZ9eqFOO_tdE@~1j3<=gA;zjm^`*EPRmZeL23KkfLCs`AQ?AM2NR-F-Cm z{pHh3>H3XBFr)HOj^p!6Yww6F*X#Or-WEM--=jO*Y=N3PO(xv zZ;hwlM_rNpp=F6J-^R1u_nW@;dyre8ANZnQf#BcdNL=U6y_s}rFyFp+qkoKTYngj zY<}N(RDW$f^Zk))KKd3{;YJs=)9F!K`S@}9sQ6*y@{H@>9_>%}rpiyb_I-fzV`BHj zlEef1BPaRB+w&b3xt$M_KcmU^e13%UDP-G|nPuEH1>yUg||X#Lsidf$EI1S^w2YS(yL`)pj;b#dc@=x67{!0UG?`ewK9dOaig z^gK89JBTm4a+Ig-*nUOy{C%a~M;0^t*GcR5%?}-4=PrvKf1Pvfpnl11=P#i6=Sb(=I40c< zYB$(kYbWmOUoo-Iugnz=RO#uOtH56`UkO!FIa&YMc(Jst6E+TlE|-hHN9?~JdsF0o zp8U9^*WZ%3?><%K@*F>3r5~MYMv3d@E0bJ~g8JvVIe9!@v)3W>^XxS)96vX{m)@Y~ z;8t%qD)#)iACa{0uLaG&!!ZTzS9`vnEjKj5O7Z*Fwtkvix$x#Qb$;=R*;g*FOo<)4 zuA3cyyAx`SdcEr=T1kyv~VUw{QK{_CDB^d~5IYHA&li_3crf zkKUI22d5?W`C9Hl7E^s@&*nie<1&I^LGo>0*}nS0QIW4xf35sLe?~+<)NQN zAGmK0#ZPHZ&woGF_R$v0`tgqE_oW<{qoDrVe1Azf8Am@(Cs~=+_qxRPyd+qa^uro^ zeeK8f6O!-ycSO=QuWg*sezM%6SBCuWQ!3{#-DZ6X=I0nEdhgRt{oTDims!#G*J~Y@ z@^)e_s-HPmeeGsiKfC@IFPm>>&(_@__o^CxO|B=}p4S{FvYlzqtIJ$p{Jmwf$LFcd zR=rk@((U;XH(p~q+41lDLHo=6wSF3%(E9FhOd-S7(&mT7gXF${r`cHCKd&z&)Aaen zlJ@!|^lie3mg1-s^2ImgY$|W_)Z&-#ik$Xm^CoLG9J@p8K%KZG0sB=AYzk zn!TA3)}wHr_Tu-jt$q38Tp|9w#hDpr&D)dyBH4#nZv8?ZAC|N|=jPv8Stwj6*E0M2 z8P_h-wehO$w06zh5Ierz4tK9RlM{L0^>AF|cKx>Yn7!@^lj#Z`~#`D+x0-NEW?fYx{eV2_To+F2n9_Y8~lV7b`eyNrHouxvT%Tu@q|AE(s z4i}F1btWRNr|4F=epyQ&?p343E6xXF( zJRe)B-$9w}a6Sd&GR6tIE-y>GX-VQ)9gp<8VX5CGC|>1!3R-^P`l)_d`+WPSxNy&3 zhf1k5W%aFdbWT($h4d}qkT;$o7pL;JzF8dP_-Ewf>vZw9Q;eS*Pe?hZ$NQ0vq)RTQ z&l@GZXZik|1G<*Yt`9rv411Ls?vmE!k0`gnzsZ}Y}tn>QAl++vek?70n#y|~@{ z3^N`-b1t8BGUL4Oz9uJjHe8d~+n_bWW{=KkUgd_q_U@aKo_E~uryT!|H~ozn+wWO< z*Y5uEb`JOWwA8cymc;%36lUoM^Zj*Y{toL=&~|KD;zX|--%mLGN9}jC7REWBg6bRZ zwSPB;^d4p9_&L&`^KBb1X3yeSp8lPOST6R>->kgvcXr%!yZHNF3kzJHg0{zgr`66Q z?0RqegKZ%zC$1B&e9!Nz?A*oH2fzMkIa@z%9rELMSnOJU-#LUEH@$8=E{lbFnSP-@ zPrq}Y_+u!6**3R=cUCP_rtoCeNuOH!j+IKBW{N;|s z345viNX6ApI_jUzlS(M%0#_e>fBKH3?R>+2N3ic)IJZ6Zy}(MQ{dWJ|*FVbH_}Y6; zv_IXOeEwU>wEz6L`gvXAbsSOq*N;kU*Zqp}wEOAvw~MV)GMwf0;+|h`2J%h#nf#vSqLasVeS5wBXnSws@4{6bmssEUE#7A5 zdfn=n#Pqx~HSVg@ET^FUFNU0m_mQ^#(fHq+oR`%rtVco1Rj+b_+M8>q^)mfhoe@1- zKV$oQQ_qj8cUg~u+PD5N|7;%EI3DzVPq4~HXnk>h^t$J6NIJWo+kVIV;&vpTGu1MD z%^z#e|M&jvEhYKaTsvYu*>P=*V_aVoF z#?@6;UhD6w>`kpl^<~zhpmzOr;Taaj&)?R$`pK{BBDenb{W8XK3WxchxSWk6n+gael`0 z$dC6`(evZ&YC3J_LH@cJYJOefhd3fXd^<)YZS&Fmq3_|-i>i{JZnk z4xhh=3&;7kkD%vZCF!VieXYx^PeJRmd1|q7Ge7#chg_KWPN!olZ~YKxyRBcnzj-OQ zaY16M$NFvkgvgDjjiaX4XZpr{V@LG2g%bPm;o8~j8(*y}qSx0h>sPJE+ULj5gp|v+ z)BG@hv;E)Ga^A0w*y-bv>1VH>6aBvVIV$q|_4A(ddR6S%`0@3Ri`+PP`LM`GuSvW` z^?W_XbK?EWTYnoz8nUE+0t>_X0tR7tv_tM*|_q4hN9=!F-}rB@8`0lef`Se zo_0bh=j}|Z9py04AM3XX(f59ZlJ@qLujSMCJ!Jp<@`6_Ic3NbKixSJHlbJ}PN@ztzTjuqyI( zx(;o$bWY`N{@nX}4jZnCzO4`DpS?Hl{TLNJTQ}~vUF&a2x$L~R{noZn^Y3s>IH&mE zUOawxO4{20g!&Q8u$=UV`QQHc!M)!jl5hJg&sq7{KHc6=H6HgYKQ4Cr_A47izW%bt zu3d@sSpD_u-m2(r3?(){`mQ(H4l8H^cw`7f8mt{*QqC4J_G%5x?99@jhm zeCS7KSWZFbtuLp%ti84l29vBD^RH@q>^>>W(bi30ZZutfoz~;~LDN|~yS1J#cci?3 z?lQ({3M2eaue)2@o7FS_tpB}zz3;Jc?#Iip*t2r}zHMCO_MFu2`@KE&4j7 z$LB9ezV}!4()ZoHZs(5LG5;Qxv|mR?!g90vL@R7p%U@|nuC?6XX2;s+^@p|IX^HLo z5Vl_1{psly$@d&PlD2)Leb2ofai*VYG<+j9v! zx3%XSo0YenD+jqla@|t99p@*tN&C_CF(jx_^7!w-&^#*&X;^<0R`P_Q{ST{hiqBBDenW>&jh`OaGEyN7B|_ zliPc_Cij1LPwjvBij>>5r1t1{#@zcob_1$*-&)~(3WIpN{)oT7(^nro2XE0I1AW84*28`}ITpvvuC`E%xJs{A`p9vz16Ys3Z2?>2gfre*K+fW?Kd*ol2d>c2uJp*|7_G`a+{Y?99U9x?RUAK(OCL0f2J@rS-NAYCV!*{2h zqUU4l>$@{jerQ5sdM@Q(Af&(iNT7HAH0J~z{-@Xd$t8{{C}-Q}+rH4=qc(2-IrA77 z>UA$?`+cj(V=lh>&{dy!i;>IQb<|?Jo~HaRi{n4TraNN)Cs#P8pneN?^5+H%d-1;h zA2FMBDE24z!`1E2$1i7i8TWzXb4uzrp7vgzA1CfWDqfdup8584GX7_I>-$VL zAFbR^>NwBJ2VQUJ_o&K+`2B>-ce!2)%GcUyao_vT)2tkyzZ;M2b@+b$@%=R;cCB4s zyP8bX=f3xA;_>!=@5|c$+RpvxysX%uzuT7Gcl_PkTptDHVD0k#w}~_3{xd&6Hkp>k z^I58SwvBvX!})7>SlFZIS)-*|)I6Mh@A2ysoKHc^+4+!t|HJRkuCNmQo+(F( zINrB8^Zxy!uP-@8Z`a!M^^TOc{>%0&Jx^^l+VT5jU%#bx)@vNhm7_}heUfkFRIdJi zU3mqo>3VE`AoWw8>f3(Q^6B?uZDW+$mwaPYK})PeJY4 zIQiB%3w!bUyG_!5K8G(al$)~VQe2y*KfW9_i}c5y_122jseIq{U`*uM_gDSz^WBtu zyKdX~u(ZFAQSN?zXnNB%Eie61r$51!8b{xByhumeYu9Z%$Flik=W(`9TKxxai2ZG$ z#KwKyl%)IC(Da+TKeXR==&C)}QO|r0v^!Z}$(rABIKG#=n;vhnte$cTTz> z@{?VOt^Opz$I&q_MYRqNzt=;HdPJAU7Bo!Yr){r@ptuJ0VKBl*UQ{~qZaJ!-J)&A0Aw zJ_Q}eFKBSVOF@+E6hZ{%Sj`TPk=trF^p?%kc#Kz-iSCVP^+_z6U+oC)D@XUp% zF;}Twl+`!pV*S2uM(h|ToA2H~oev+>zyDV4+Pn=$()9!*;@>&?_EYTOz5QE%SL}HI zbe;|LPse|j-_Nlb;_ChDyN`G&YPB2Ha4n2f&elKUwtm{|X}{_`{=j}+H9H(r_`IW}EhF|Meq`c?#=bB!XxNrW=h&;>d@A+}d`4sxbTY6uf9dE|T?mxXh|DKIe zKYUPsROGqvlz7&YO+wV5{3TpG^Fc_=k&jc-UsFM_wQ&qR6{X)5@ z2jKnw1WRh?deUC6dv!9Irq6l~7Wc#PCI0?RxmFFgv#JZR{pwW~#OJPl-*Z>wHV(Z# zt>5ci5k1=<*}lu33)y;kRqgrt?k?ns{u!>FXG;R8az(Z4_0Np39tFM6xBE)F{?;4xXD3?m_4nH|PTOC9zrDce_Dzf& z@=r`j?6223njcXk@9s``Hykxm=SJUlT&axu_4A`rKFD?WgWnH)dsULQAFy`XKKa{M zIiH>%-;~&{J9ZxS(>FwJ{q!yEr_VSpz3$KCB>$V2CGLCQTkX^RDg8O=y!`m(*Gab{ z`ad6XOhNZ6b{}o~BHPbp_eWkn$%Tn8M--pzN^I9jll%R#;}+{%KJU|-ty;rewC}(E z{0iHnknzv^d5tsU?`N6Z`=Pu{ZX91wzwLW_mham+sN90o=gV=D>Zfyxh)>Sx{&Z*Z zdtv`z#wmFJfBvTE`+eS+q_h6mzA)=gwq3qG8NY0t`~#KK_ubUJ%i>T+>iteAN#kqh zvUaXu_aDKk=$qWqwvO2I-3`}7&(E(dlJ2{XYP+qR*|T%j?~F=0%eUwC{&}!#2JQQ9 zX?^D3O-WmMY4nnK7B>)s6Tf8Wxva69*DqV&jf?%gkRbP!cJlY0fAN}{Qh)4x-1L9mWpg{+xTNng zmaEBiWqDl7Z{WDs{oW1ME7KwN8&M;%zAtCmZRc|~Z|wZT{I&FQN9@{l%EpVW>)S%f z_xlMQx0Y|;tIyt__jEkkd6BeF{La%6TWi4$1mADV%Ully>$g=-#P6*?qv=VFzd0=V zzi?M#Ylr!jZBJi2CZt@py_=RqZtXIAeeGKoJ=>Qh+n4OWe>lT>6trFcaDfv&zdrn< zPBKlObCUM^sN9))RDJH`nX}>fs8Nk7A?=&ixWBjYxICfuoE`p*@c&N&+b`6L@pG|z{4b>al=|1< zxYzxqJDS${IDJjzetnye^g~XK=IN@WAJ*9G4U2sJgv5Tnj!4?hCFAD`{FIJ=vh6Y} z_;v3e-;|`S54LV+*XbZf4<+(sB5I`0>wkGVUH(CrjL$dCPB5c-PM_Y>$>`bs%l2iD ztDZd8rmZ@-rdF6gJzq z2whVCiO&Vh&qbFV%l$rPFP9*>^Mk%8d0EocRf)|X-;PdN?)`X(p8vb81-*84C}brH zaedj}Y3s93=j3#7QfoJz1Acs8bNxi7biNsvp}N?&arP_IlBVx1)bf65y5yff{^~gA zQ&2l!@3@pt+jZLRGkra`ST8;|w);QZ7bWT~H;aWvDf9lxuV(7$>rdCd*uLj{N9v{b ztZbdVl-w8m>MG|`FfKEk=ymP+ug}_dHbs8 z=c%hdKKBY{RA1%R9{W8yn-2r$t(N=8x7ZH(-Ids{+oO^m(*Ch^I#hXf9ryiNmvXWW z7u$^nJ<3h&zyHZN=TlIQ+4&;tV1K#qhOSh9xw|YU|LOO3{k%-n_uc7qIa{A?9(;Gk z%DaB^m&0#$ME+gJi9V~pww}`OlktM&|Bk_T9miPD#=kvhwtcqMYrMCGQjh08CTW{@ zHZCpQx4*t7`hNX#e|L7wkH7D(ay|w1e|wh`z3!(%iOmmRzshZWcx*=WY(04Nwxn%c z^4B@_!=6WbdpXg!>yIBd!z#Zjv3p;nxLAL;BkBJx!+mI3^;~=CJVDdhddy#|&-}Ia zX7x?){ry^Km|wp>$$n5!p2o@g*Vbvf&K|tO%DwKkP-0*IlB5G|&j#gZ&pQTP*R3CH zK3e;1eB5)qOiR6H$Md?X{^W}E;!dUS??3-~m-8uTyRCiJZcAG`wuP)r=LW9*^ik91 zU*9;sA^O%1+h4hHQEK~f@!#KOJqj5=d_6Oq+4JA8xBfBzvgbXPZ}o0mmGZ{NVn04| zl5hNNo?A@oP`SvD!5idsVja3Z!{sPs{dVI#z7CBzrC#?V6Z|2T2R9{c{#rc9U;3S# z#X5OGf0Z`15B?vV|70uUhn=?!jcPsDCHDKL4U*30n;$lg?^|E(`|{SljC@eP43b-a zS?oE~FQqvwb9*Q#2ebEqIcNNK-$!rJPmne)i~SBqz3%^bO_JIA>^+a68=`0PY4fzC z?Rv4}j-^A@eo zw{uzSn?0L1)^6W#s~JBAjK7Vc=-Ikr{bzs2r_UedGc=+0>G!1Qm#g~v>!0R0pMs8$ zY=7AIVy)l)X~@bnUza8J`gbMGzgtD8zPz}m#^L{D{V<@OE!OWh#LoTHBh_5y0)8L- z8?GNHt@YS^?R&pyfeXd!&iV;So4y}M`LsOS55F-k`PMJCU-0Ybu;iN_|6LFI`&s-e zVkthq;rfeo2k^=EL*M&pT91u0n?L>iL-%F%{Kax9&Fwd**iQ=UC8FOkV?AEvQ-1#D zEzM8sEkup<@9zHQYOJ?==db+fHzr13J$d4_o$q#7-s}EW$T0yE?V_e5DA*eo;|J}-iN($X~#hSHof}t=Nf#s!gkyP>3Q{j~Y*=kF59bw=U~E{Yj_j$JzI0 zG_CboJ$_thf7<$F`Tl%CIeC5K?f4{~FRI-9PH>{tWu`xG0}!1m~c)F!d1ady1K?9~mw-?k)c9yJAnu+jl&_;rDgFGsgK8v>i5X zgAFXCecTO+@5{fXR(`HsEhf)jf2YpnDX9I<3@7@(uN`zn?&s04r0smx=7Fs@CXc@d zMSKpZ1Bv_Q-?_zhDBPod+t-<0i|?ymZghS&nlD%VIr_?!RC}*_UB9^UQMHutd*x=j z{Js5X*6Am-$qPD%jN<98-UdOFT3xaj+_}-Op{f zCh4qR-*q@AdZF6!*I||0e!!mxcSL{4jia9bJ8o95txMT@?f!7+j+Cc!AjhXLN3S9! zIRDE`KUur%`u?|;)3mlL^ZOW{({;(W{v7oE731yuVMKXPNNnec!A(u8-TUWWiRS1$ zi{U5Ng@09NdlYnDnxB7N-uB$W#>aoHacNxd#mVO1CO1xr$1p>Qe|I?^zm4+zf`Uwp z-~YwR+4^n$!)D0Nzgm*GubxSj-;~&R*|;}u*8hF;IOC_a)2>_m_l4-XStyk*a|Ql- z^S_Qs()!)@G1mXK?hf5zJ^DL**CaOo?L2E+D00tD(>{Mv^Y#9xcSF(}?nseJD8!xUu*eB69`^0DI z%e8XV{QupVwaSq!WI5I6FedB0m@a>n^(bh)dF=kgK0arSx!Oi z>|NkQ{Qk2~_t|--GVwO4c0~VX$T0=Av%%S=dY!OG+}c%o`EQ>7PEvkpBEFv9boIsM zte*~qT(H-DU{d1WRljT;XXSDG67@WisArk&P*DGjlhr5Vg7QOFBJRr)+kAaM>(_ll zU;o;C^?sXvZfW8zHq{Y(zcv-M>2s^~j6sNC=Q^81!{CC0(;kFg#F zt;fo(>$1?*SJ<7@ud|$j>i_-{C*t>Y$iKq=-S2pQzrW1+6tecOv(VYExQkJ7zV1z4;=hL1sP3I)GG})V7(_WqRD5&3Ad-;q# zOOw6IT&3)v)BVAUv(jhB+8NIuDc8*K`@>ATo)~3&#Ct~VPH-Im{+o^KKh*ZyKElSa zjSKsovEGW5XRb-V|8SD!6f*7Kr|mZXEuCnGv(wj(6=%)cyYF_~eLFOrXos_tZO0#7=5iF&-u<@YkFIc`57Lgq$GzPxFnsBpDD`YF}xaNO(u z@l{P{%Z+fk#Y^=2Sp0^Izi<5GTLbiS(k{Atp+8UlYgH?L~5@>HYbWnF0Ef%-FSfFVph=C^rARWBPE3`h!(c=Q)3}GQe)Y z`T`|+zwjq_2Ivp7esO`$j8gV*x%G<5WZOC7>_<`N`RXm3w^{w1({I%3QKLm~@LD@> zEe-G|WPSO@Wizo)zjbYZ{;1e5U&w2r^tihHTYOC9BTYg|pV}i@>#y)NPbjxi6!Vp`=U}Ow#1wyXCJdRpA-BMbQ zgC4dzckVYQzz6yQLzE{=Tz9R#)^AnSE>){-6Oy@?{m0p7@4eo8?Pu-UwNXH~r0{fwU)mo&vr_=yCGf0c z8ve7D0{Cu$rxPm~|M~1-0X&_*oN6SB!j7L^P z|J(XR>C@xNp^;=>`s92<*Zpe~I448O-=AFe;7ZD$wqs9I2L^jQx$eWgR|t;OPtToA zzO(t{w!(FC9JeZgi)lV6;BwpN%zdEyl$rtklH%JgTt9MbTK z{!jV(D;(|KW&G!@0+^3GxXvL3j3Q_|V_yKeIk9O%8GU*K$AuW5TO@#447)Te_7A2{{;HyjD*4i-8XK;Pum zxB8RwEs3d-;EYn&jxpr4~pSxw2` zw;}P}4li}iA&`9WJNmEtART4NPxeuy{gU2yzB1L%ZF>F>IS^x>T%A`w>SvCQDwght zHl6$gt9os!yuMydCP(^Ss$SUNxrknOolNQVw4+Zyo_(R0A4AW!Es+ap?8j(*9{EsH z%Aa1~n1V+idg3|0)yq{39EYz6CAM~=^#pmq*SEI}dr3e3w3Cx)DSz~zKHaCgl;1kX z6g0i*{3{Nh+~LfWKlMo(dRY7I4kT1Wl4F6uJ*a*$xg_c29JY-=W0PkSx&L&O;V7uw z{{8*11NgTsGcbLJCXl$~^oYaU`l}-4z{mR6@bH{rQ{W2qR{Ey*RnXgAr+3VWLGnOv z#J=7#o+o<$XF)W*At&0$(~G;y<;+CCi3mVesijc8nJ^WuA zEC&UZ5A7Sz1#JGZ!a#9|_XiFKlD77|C26#a1M0`^iU&HiRS$1T@zy2Ab4J{|>f<9_ z+EMsHiHqPtudSkddN`)g!9Q{6%7E7hgM)CLMb&)d|{N!DJY%)ta>~ZaAq7<`Xsh`C`%gh?ah}K ziu6J@eIV8;f%*LxT)h!3k8fV?)0Nj8`=Fge3Y~lj9_E|xUspLz-_wRqtnaf z9vycf?Xk={CEC>pa(l$*DrLDpPauqU6EUr7Z||o7BwW9(_7a&pac3JRy+Fn z#pgawSKLjo$2`6p1$>{YUOP-DxsMm^`ykU#tjOqwC&>&i5Z*Y-Zs;@5~?D z{QF9^o4k*=3;u;Hew*`?ILwa=rz>=H;26#~esL>{hjIVYE}Qm=xA{-9Ua@{BkbL+V zV%P;S*W0bB{^Cmxk8st_7#E@McY@!|X?}|=Ck5q){sRAe|CzVqy4C) zpW%o@f&7?fm$A&ZK!q zQ)0+LdYzu8>A~oSIiCXb^ZemY8(c{9fI*3^{(B`2{Y2hG{+BFC`Slx$x6Uzze*THW z>&p@s;bY!}_J$aKg>@0>ai1un_E0^(?DQrcYL83S!|8tsdi06>IXyi5z4T!JdhNu} z^f~lvkbj5iQ&9QA$LPU+gnutxO*S?DSl#t!ivN{WK?nYIA*adiS|7}Jd}^v;_m%_C z;|sgB^$GrsOA<5w?T$d!?ppVtp?{)PB zxjd%*8Pc~-SIl{K-U_q$fs;evhlghBzJ0zLWZ`e><+Q-lo~1)^`#5UPuMT+dDf&}q zl78i@%`BX+|4rLmZhQzeYxl42VTYR+4S(z`2|6}3nYpL@t6N$A(k>~lTkzm_IPYU= z$Cu>lQGA8JW?As)+{;aLh|{CP#;w4O1~!uq*wL-G1GUeOrzy>m6Wbv59+1aIH6 z#0Te<&XVk2$C?knBsu#saxOAF1<1L?iR3*j(^u!4kRSaUR4{l@IH%c9%)}Crl57P$oyz`Fwbw( z5iovN_X$3&W2UO|s3kKG{tH)s1f%j{JhJga>(|!f*U&wtLMPBq935AV6ea84qWxG} zhmTE;RQX{NJy=Zc-}sAprJ{0dtZ@1{oP%2sc-Rf|($BhjOy)&x&cJc_@0J8U_a1}V zyR9MRh;MdwrRPzcO>%+0zYdKDq#XMWhXP6SdX!FS=k)$dF6N+m!!JtfoSD2g2ET;7 z@I$L7)f4MWoO6O5A+OC>28BN0{<2Hbu%FS@eBhTtfwOY8r*D@WT(98y^#OjrqIAvw zoc@HP{1ZF!Jw@tyX3n3s`PEUFu}ON7ksc-|4*#=FDgSyu#}rh~gKL~f`Fkko!-2$R?+r=AZhyQfX_L2G z(rwEU7wTV=a>Hv#8vc$Le4eXa&|aQUyMRxwy+GbU;g9+k`|&vu?J2zHwqM_7cnY5V ze0zL-fPuI^=n_h^8c!bV+u+K`rf_DnJIsnmo&=#ab;ga%B}tGXxh;ZhErHA7cT4_; z(m}oE;Fbl>#*HhF@X>_&%uLlC-QZHTFZ4z|nV%~k>=VMD{;H{XYH#yXXJ;zwkaE-q z)_MB|CEwQ*^u@090Tnt{lD6w#_c0!Ye=2rWKQy~ueuU2$rHx9$UV>fAtW+HCW!Id& z6wlfdo$;UtHUFa26ncNN#4&|E+EbhB|6+Tu1@kiadD|)zp>l=u=V=%R&0op_A5qrKw1G5n`Z`L?eJUC{Ak%ww(nt9(d9Z}bzl3@SZ^ zL%!+PE#N+G z%PA=RzwYNmGJh@AI88zG(VoEs(Gj^*x~Sd@bZmdQV;L_vcHJM!C`R+RxuPe1i4r=j5i~`*g7`ga38z2ps$b{%!m` zf7t0_cnTiB=gJ54Z~w56Lw~R{uW6-^{u=EBcva7jcAUP6Tz|L5bdq{TyD)#RaXEzw z|0Mk%@ODDUH@{JP(mw6!IeNo%a(4RO;l`ZxW8ZM?ig0wl{u>*LU#?^jj(PKvZ!9t# z1=ZL3>EMy6;BBva``ZFKST;jPO#}K+!z_QoYhs8_aZbtyA(HhIo}#jwc8#RA`bszK;puA;GmRa97p>=KZW*zbp`y{=EK{9Z}US<->mli?3$FrpD=&I zdZBkk%8?KLShwJLC(0q`;Xv@L|JQm)Iq2u+o5~OSBW5?v_uCox0uJp8?F{l_Jh1hR z+QIS{MPB1umb7m-)E9r3LYBx23~1|{Z}vzM{&jGT({cVD!a(vbd7h{Gn>|&&Z}tiu z8*jQK{TEG%`MZksar&%ieybfoa~q&M^hm7yi%u`1>tYek`1NF8S?20SBL*ZceApUvw~n!chLV zpfBjno^NF6ttqU^ouhZT$njpr1KAAS>H66ZP(hOm^tF*Jn`=9gGr3tG#$Gz92N3Ev%6)w>ABNn1 zIpnqWRS`NycSX`zw}B4uMpN*M#wW<*_jhKuK=1*FdWdFACku=9e~JdgDFpliTMCSXgVHQHSbn z?Yv9MG5^TdmwX4CRxommFx&4(o&AhYLG1xMSU=$Di~E{h)6Gb!{ZF*BLCJ?-VV(~= z7SV_Pf4nUC9orHkAN>^Q+HYG=>^|IVGPTqytJ(X8C? zE0ml6s9v7my8RMb>Q9}wigE&CeirR_b|oIDr%?D=f6*st==sEwq+hA}-@lwKH#@5x zteo!Cd_RN!sDqE3d+}fJ?Q!|xqstQ8d6pGPqg`P9>{Pp$oPofp{?;yhe?GmS^vZf? zxi;jFHC=wxHP0~xl?(hz<@;y@e5O8r#t|_49q1Ntz@vU(uiSoNKf|Zy=hxA5O%)|T zTRN^Z3GP8BPfX9x^|`e7o{8H(me)7a&sU=ZeM&?0hz=-U^B1ijItM&DG&wR}zjtzK zlD8xDeOKBSaoNAvWIAyq=XdF^+6DbD^n9Y%!6nZp14&!`R3z>5FY15&{xXqM1@row zgN{D&Q2Fxs4SEOlgH~?`*I6D43ZENq11_ZbR#Re(E9OtG-s2GC8p=y$_iilKCDFkh z#;2fsFn%ZS?zyzQi<+!IqRVRzE5Qpnojm^?ydY__Z&}iKj^)dVe*91%a3m)k9KZw3 zkD6UBU*d8KDlh!m`q>^XqsORT_5L;C*gBwkl`q(-O=x;{^-x5Lp27n{c_|}KQHGS=$p_(XOsKL zqC;8vllL+XoY05aGfYrJZ1i*emdfw@k&eUBA+<*i&(&)jianC&KJZgIuSnkk%lqM> zP(@O^@2_z>wtbo$AC>Q@!eKo3=LsvLLdV9>B}u4Kzg=Cz5BTJtX+zok_(~@~!K$4OZ3&*oFS>GB^Vd11pmO^4 zN&Uh&y)KLjF+NwVIV|w8dN6x+Iy?nR_QChGm+GnZilDa}*YwG4dcECU$;e^jn%6&s zpP6U4WZxe9$34rE-@YO-)-ksXN*aDss&Se^FaOZ@!B!=1clL`-|Bg+`2OZnzS2)ba zoIW$uJ#HcH` z=T&>z;~&%xbnS(AUrBWJ2FpjmmwSmb;}G*rI)}&i+fg@7PAbo^eu5#O|21k}r4#<{ zHWyNT>3!ui!%079k7WEJ5aDb0Z(={Gts?kss}f`0)3z*W_zlW^yt}sq?rO<{qs8JoCdfaPoFLLFE7hS!;M5zCB{+ycU?`Qlm9Z_hUtq2^A+qCgqeQa!c zc5Z0=qvppi>f>?>Do<&L6DfL^Y3Inb+~66eOnnwB>uMm?k7FIq=gzwYt*w$ih4 zOYH;uCU~qbeS@6YQooewi!*ezZ7_VUN|)CD~!yPF@BSyB(zJ3l3OsfXx#CtorTw|1*`xNDthr}i&uk~X^>86KLP zoSF^N?C6>7>{M`OZrptZb@&{kxR9*>?71w~foBwAIbS&jgeA*ZuUyp1ZSqF zCIY%CXZAdQHTL<~E750B_?f;^e@S_PefG4g&`r(H-%Dre&sJw1ADbN>wR={g@*wl4 zAnSzIEi0UeX}qe?g7qA}GZ7tbay|uJPaNLl1j9A?kM$deFGv#o2G(WCe0!Mb+WPeH zMiyS@Yhj0@6Gw+lp2stIFHtn`F}yV{NaKxX@p=^z{aTNM4|N`u;#X}pdPz$EG~Nv=j<0{G(=Sfpjk6xc?}h^XI|qDz)2CDS zXGS+bf7q=&{dlI_)4NojPT#*7-LS3#C-|pt`T*rMh3^epx$?);{g?J<%M0Ig8+7pYzDWCVNq=boFx?`@oN^2LR8F@6D$>^JZ9 zgZ!hQmx#?G7rlfB1dd8GWPg+Yvo5 zFT?y(+r5=zKZxc_Gw)}Vro)R~=IV?7i~mJ03tYZ^cNg1g|C6HL@+-Y>+f1p!VxE_f?4}MfY@1)UdFdhZa z>*WN=|J>-^ZS>X{p91XX=uoJ>TT% zjq&}d4JJYsIoEN&7w-(DcGdDv!Z6j4j&F1$vJG&(O<-K;^ILO-b z<|XDsLG{6N4)hD{{al#b@7~TyO51##&NI39Gk7n>l}S1JHLP2T_W97SAU?R}@S}rT z57@Us{|0&5dxTGCQ{uyc#5TV5NgDm_$pJ}2e$+44zqxhqqQW~n(t31I(kfs0gtJ?+ zuX6vglw*H12UnAFI)^qfRCVthX2y$~*SMU5`nB2jfWb?-`%SM0?U@rja!S@+M_s)U zu#Hm*9D4!!J_*_t?{CeH(h=XPzU(au*JnP?@D!T-6GumP zIHsWWRB~zRFD`IqZ1ba%&M$C|1pIN1TG~gc1b^HQe_Ihc$Ojzg{RimP!*CSt;h#9v z{OIMJq%`=ILP`7kS-5w|;F<#G^TYQTU{@>8@(odrc7in8*RQI55JNw!zi#0VJkas+ z(JvWZAb36;_y8X5vQ)lzW{mFZogH0ZM61`AZ%Y#G;G+#qml!^G&v10>dI5Yl!*gf& zUfy7`{`gk-jkYtRA22*$#Qa`9Xln44N&)>IhUY!6_omOWMiu85gyYliGkN%=enMZ> z&%qC5;NMI4%x30KmDK{d8jLqX7XVcCf%u{THaUu;N|Al%4No6TXYq~|*`djJv$Uz9 z?7ZjM$7;-%f^Uxn;PK-iyO%mTwj|&=_(g`#-Par)E2{scnX$<;Q|>z4^!)f3>L2~_ zGF{0wJnAmy<%&mtd>i!D{srx%)Bi97dd;N|2F<>!pFwz-OrCjw=o#i7oI=m#jkj^4R-(~rre=;iF_>-lYghdtYtB@KF&HA%OvYP=zFN#(}+8FJ!z zj@j{B0uTDH3M5?!|MyvV8^@d<7PoKs-JbRO%`E+Vy{4))wcfsCoAD@Uy-ItHqdU|N zx%s==8SN775A8i^ca_KKuKVGk=@E6MMd8!rD2|Rhf1$s7_|xy zv9+5we)iOuJ_Y6bi9t@pw9e)It`r`9YVs$!sL4NZ)U(Mk1;w*^D_AFLd$jXNMfQU~ z_JmBF<#6Y9+`yb3XYX|OPWWT|wEF82eAFNMSJcpDEpB)zX8G4_S_DIdsZ^6v;-$F{_lzou!9NFJ=0F+PA!;qzeC z&-zEz8+a!Jp$mKd`I4k_>*fW8Q+ylWYm#sMT}9F;hu)@-rzh(FxY`f;LB7L*(%<5k z+)wq(TH~E_TeF%LJba zlO=i4Z(u!na82@UKd2^Y!&ADz!+2r!GvL9mN!sX+O4{!)a1Vc{>TB(4UEr2j_&=-QVu$=lC+&0$n|HN3SX8O^CXW}$%j3=dnE147cVPZpTx2+$(xeZVY**& za<1VBSwH*gkl`q(e11Kv9EqQ)9Du`p9tO9}#FF(I{K(+DTzT~BErGLsN9h*QSrK^H z#pr206xhl9*x;4FopTLU4kr)&_vABqdIZkK2~ES#;P(bUnt?ZeLU~2?g@3CbMz<+l z_$8l1q0L6wRi2xrC!v}5?4x^{%!h*3AKEkg`PL0Cv~eeT`HrM>`$3SWrsXRVo89I$ zU-3IGXxhn3|8>7QH-G38IP~u)H?!#jO1FJo^5Z~awX@kRr%z4b(2pPnT*b+i^b;sY zY;a5_)t~s~$CjnMV_RbMYtOac1|IByegJZK^%P>9KO6{O)IPM)|1jJu9vdP=lKQp>twtj7~TKR<@X6b@*$7yE7qjk z^1XVtd~pjEgFoOQmtW8RIP>j3p`Y`^ZpjB-_#w{sKMCUmV_?R_ZF zeAkZXKiU=MwSOk%SO;R=ihA`df^@Dbx<%ylj_4)en9Nl|EqVRn%@*>^Ol$wrS^gtiS6jYwJEl$vUxmV&nAaSlfnvxH_(GKA6rjOR!Mj-GuA6t=hj;`9%{5tD*)=yadtH117PbvrO z34F+H{=;ICA8I=@el)LxLDTnpMXz6T2xd>Cx9aFvdw;!aSH=6cetj3nXY!!_c|EM} zAZOMw4?2BG2GnzplP5a5EOKG~tNR+sI;$q-d=E9f-%MXut@8(W>my#j```tJqoDN7 zf9`!Gix<${X|q$)WAqklFg4A$s#Q1t}2Uh1|3QMvO_sdHCD zBh&O`VdmU|@NaSyM{jiPg8qs;(HphC`JQ^-^R|2E0q^`~H~71&eDz*+Ec3n0=#8%a zc7vy{-_X%D|Gly|?hq`8oIGcy>G5w>zQIG$%=!D$>;3+UpylxzQ~LgKJ@vihsJ~VO zKV6@lo1Rog_B^kDu?U{Nx+-FXVjsp3aW}Wxjc>@T5xbUA4TwVZ`&}PL7kee^3_~;{_@aj8t%{j z-6y|J=S%6;oDVfQpXh`fQ^?ipy?ow+-8^H5HwpAE@O)?T5c$GP7T&ef-RM(0PrZ-- zrkWDY$uTlLMizj)Z-U-AxU5Xjy$d+*Jf$ zp_fz6& zF7dZGf30-i4#&;XKMzY+#m|;X_Yta#*C=+6>#a^N_J{pzeCq5}^_6$ezw+*!f2}L7 z^T#-PIHczw^&@tE{w+J{a{fO&H9j{ndE~>I-{d%s9w}?u{F?T&>-2K&ecDg~*H-{n zouP|_>XY|*a6{r z>MnqDt@)$2zj> z4$euJ;k)Vc<-W^Z)|=_a2NcZXJ25tyt>=M?PtWnC&+mG0AZYS2-w&GI2IhS_XQt>T zNb2M1EHBmclvi&9OFsN*dNJ@K@asOjBT7RU-Re1;oMRl=Q8+z^XYZNzaDE*9zK^mpQ;9|+Vwn9sD2)Eo5N^z>NvzL|IQdvGP5*19d4%)K=4X!vk=e{^g# zJ%4*gZr;QD)ThU$W@yPeQlHY9q3sX9W6h`Q!MhpaPuo1~9os(q$n?FWCQ z$C_LoNACnDf`)Hy5%EyN<)Zf)NFC;VTfp-<^f97xtP@YU{7I|;orLv!P^Rc@z=J>IpHrT4J2 zC#`#z9bWYCMke;o7wLAFlb5}jX)g%Drr^D6OOm>eX8Ys=QXXP|8qZ4x1|42LzbBI) zy<fAtAYZMt`Xcj9h~MB=S(m%6^sSLeSvy+z@N4artb}269~Ou z5IZIBf0XYDtmUNs6~Z6BC!n5^o-EWkwjNU%FcS)K2tLlf({xq9W7&P`_cR2u(7xV1 zeV1(C0=qdm_*z`PuOQWa-@CDg99=*XyexRJ2US+4y{}aFFl5O{4OeIdMwT2oenO>FEgfQ zCyUdK! zoUJ<7NXD(<#>L>Rhp~Cd@bbmrwL?y|)8UO`_}(hj?<_x?Oyn6+@cg{$%<10hnX&Ql z>H2VL+#TsrgxtJ^;l&Ra1M|p{+Qr~`(sDBMUh;^V7xi$;rRhDi6{ZtMr$${IVw`%{ zayEUctZBfnx^(2hfu3uhy*xRki|d>u*sp5}-pCrq6x5$ig`7z4UmJ1$X7>X|16|qj zJ@`&F&dW>>_NossJ_Y6H)A!SlY%ws6=X>zQdqQm$2M_y&oja0l>yw!KE3yY2?VT3E zJbTpF7>#smw9q);l`jyHVjf^sb3eif-6g??`BC)+;4 zwhfWj*T?3m>sqdGTHnzl4Y7}%qv?_~=#BJBTI#EK{IhLzsV}=%8uMcC!Tk47pmcj& z96houX_VvK9PkH3Zf{;rI9CZC;NZugBl!eF5A4|gis1I-=h{>8I6k_<^eL#n7S;E6 z%1`&I*O4U_hV*rE7tbTce7Tne&-|h6(h=B!J zC&QBCN8^pQL-h|!@73=sKKj30KUW_VIpKHcw~&7-bmhtVxnI&pG+*0$*tRVBI-W%D z(6shD*3T5=hj!1l;vKCydhip-pBv|%XS)c!@i0#}6#nqP?D$wb|2((Kcofi{w>Uxm z@sC@NX8(U8^$B~JpTm#f=e}S6_zK+Cxvk`}%@jE+6_mvZiu-?I*|2 zjYo8TMc{pUuq)(6I)Yui_RV|Zyhm#5utp!tK|$=2+%L7knY1nmU5t9n%@z9wn#f5-anynH>2UzB_aGg3!15R~MtwUsvv5}L*N)9h zz4Gppudd$t>fXEL#Fe`Wk-^Dc_}+l|Q$_N#e#)SdZ}a&;(s<88>_mCGzRKd$`g=p* zeLb)q$mW;Y+Pwbk2UM=Rn2gmk|CO}ygPpa$ynTtVOYM&F74r|g7iIM4a$A^slv*?TKJERR@&?XzzqEg$_?z4t9k{=u@u*cbBX zD4|{GbP1l(>Ag4|)DPr={mno3yYqTCF%_0uo>QmpjZ``99+P!}EU6r*7r)+~-4uE@ zzKeZc=(;|#ev9rUn;D*|zwg+B2-I}^qWA4cGC5yaA)q=y@ZcZ7N4d2#r+<~s zgR+##zVi8y=}}NQ+g*azvHkpqVofWZ==`eW-{R~MN9Pwct@*~U<`9J}(J485#7TSB zbjJn3xBlp$q~EtGvGsF(lE(Vghe!W__KJSO`oB@ZH@w$KI#(Zoo{DJ^A0Thx{v2 z{*UcHXeZV_3iLa;>FIao;`*WgH~o4YytRAG*9zO$Le@U&PtV!E3~x>775Zf$<-T9G zRU{w%QK7urPEFq>!7H-s3ze&+?bqsWNBHI1c}?;!RW75~yLBuFewkw@98`$ z!oCOO=vY&}kmD_T$WfDWt2a*$@XPgM1@idy)8XWZ?Rj0P@4G9{qw~TK_QCqu{CeQK zEYFH3Pq*@ScB20id&sjU<sFP^&L`OVWkBF_@+n=zQ#o+|2Z&UiF z&-+xq9f@=H)p7W_>Qm_xdO5u~J6%u9l769jp+7gh+~y_uLy=y6!uL}3dS_GMVaHNe z7N6F~^mfFAI|`p(AOACFZ-UkJvF>x*I@#|xbsl5orcbx<%hk`I{qu15Bn@8@1v5RlUK$a+ZVW{qHux4Hm~n- zY2%-3$In&ogY<3MVCqcphPOSylqD4Fjpq?JZ!#q9gRLt{&7~o~$%p-)&Opl-T^vF` zu}i-F|1;4e^7&bP?g*Wn9o25ACm$d3?q3mns~7D@3)@9a;6WG9QEVUfvJ>(u4TF(g zEdRhXy&qLQT^}EJCGrzT4|w+5A8<*WjIUjqF4D6h<&X#SucGH$D91Vtc1J$?nIe02 zHdP+yfAs%=riZ4b8I%++5xgXjBK&OY!jyH`r(*{A%ie)Ty(Hb1u>$oU)m zrK2fw89m(>E%cY|j2<@s_5I%8H#7fscFxO(b4HJ>3H{u6mPaK&M<R|BSYwVl#=edULCPw#!v{C0>gmYb#PdlI|;jH^GQ1v`X} zZvOsD;TOh%l;b%v=2sXmFCUe1vtPGMN662?b1~U32e0{n$Nk4Se_0Xy!-2#`NBz>| zQhHVnxilYq4lCaNbv+lbAat|#qj}QVvB~uNVLvyyJ0P@?vx5%K?kCUb8%jC+tF$g@o8Qs*aQObw_cC8Da)F*N_VAxL|J_TmkNK(f zGb;k`uX{>el7EZJS$J<}S>W)T8GZ}!XGruypR9!O@^lczgD^7 zN2QPpcezhr>mU6A{0;4~V_Wbxni8WO`0~a}QVzV00ZAKwmB;V{DL4PDNE+qfm*b;! zAn&B|g`E1m6t++1eej=i^ofVs$Ly(g20x_}{ala8Lw-!(nv{?K%0-QfTws3u^Ui*h z?&Qok`uD3YrgN$88?ckG zj#{7A4z8B_9B28)$Y5wT=$Ti>LI>+;(1ks9T^;@W1%adY6{sIgtK->WQ^~4*L9a-! z`7%|t7vmM;&-Dmjj01>a zSNQW@>v8lC9T$Wi(od-z)}B_p@}{J%T;)M~LO$dG-6xd~$`1uux=&{5Mn4})IpC~5 zwwY*3h7^6Cv~4dGd%7=F#bzI$K+N!=kAYh2wYCiN=i<;$9a;SkZ!LSJ{Mqv^p0R; z?97=!@X-(X{Lug8{Iaa_)g(TejiZ0LBKeC<@)bz-4CQ2c1XStte`Z2KiSku8p|Junx|9$$`@w=G}zYF9iiM4m4#N&HNg#9!`}_$wTdyjz;y zn%A`Y*VdM#ah|qI>3tQk!eP9?J|p}Z=Noa~&h6_$Z{LQ-O231XBu7VC^A|K;)_7Io z+cp2?inp&%%PShY`ls{6gOWyngnk_B4b1m34q}|VTk-BzdRS-Nt^7Kdgl=b3<57vx zZ*;0XFeB(R{U6+p?xtB|f5X_&!QoMavf? zE`<`K-@&>E>$A3Qh2N6+=%U0G&A&C2^sUP0fXaDbN%9Y<90xWfeJ4j$k9YQHT+>+T zo&?;skLEYe@MyHQv7{`6m}7zGFq=>b%5XS(A8+BbskNgjnVJLc`^UUr_nNWl6UjLL7ck z;UdIJH`)}qFjV*f7e{a0ko0?{9Q}S6j!OPBgA#ugvC93`ZOI=GG;V0D^uiuVzeC}k z(OBm<;Db2qo)`G5mnFW2BdQmScO6=Otk>lO4{_L`{5tvt?~5xMD_^WD-n}9DLtVSl z0ln{f9Eki;AbLi@y2y7^`8y-$&4JQW`p!(`UpMV!=^q`CboZ*nS1(BXCbid#mNnfg z@e7?VylK?YvHjY=Ta)xoDDgMSn(o%PDe<#{7rklGrK2~Ayy3GOS}u6eiv%xv&%D6F z&ucYFxAjXLsD3vtNcu*h7rkjq)0+~%EYP?iG5Y7f6~57nE0SNXN&Mi7#CzH4Mg0yg z{KnFy!S6-yf41^R)3gTR$0ItoCUWa|8|izWk-pa%y{{(a(;QJh^WD&r5uR=HHZpquNHfR?sKoyzdqb82X-X>gL#Sn z)1tec!$!_*kdge%zYm+x|tl$r&c^ zC!D^N*8Rs)k1H*8x#%L#?*r&9`j0IlO$@u#TwJ-1h@3sSpKGK(Y z`2Tv%(Tfy6`Zs~lSNlZ2wk>JwLzIM1^oeE8=TPweQ8i*7sb(UbZ67QuKBB*{3ni9Lzl6~55e{B0dh&jaqGu- z0LWiwd>!3~|AY0Ri91~4p;K?u!Z`Z%9{x*lAn_{v|N2R~3z+jLI9u}{qAUIs{kp`h zAMfLQ3LQuIUQ+r1Uv-$yyv~$Le6RiowcZ58{c63rV{hz7<>7ICoB)(j3Rp|5MSp zEb(tTyV3sxu-EIRre@!I>MdN%@S_^{YaDP)q02u9#7)dThI*F(5x(PT~s18P}&YYi|9h!G}xVL;kAesQwSpDQwpy}^pd%TXioB)W& zj~}Po#fOLMBlQsl%0HJ&`iHdNlAirpJ_%g5ANeiV@1lOIw8-wC+~EHdU(i_V>yt}> zxmZkcZ42HD^V>9!DfgsU+IQUg$x)&I$#spF71r9frk!7*U1}cbwbsr5-TaUEIeXFH7ig#7378%Qvy=OZhRth!r(cS#T>QuG z^|`ge<#AZ5DV(OUp1||I{eZ(gTVh|FU#9ubbbV+9^DfeJROvykOXR!X*+01_s54+X zBwr!l;aU13QvE|s2N(T&$A|udZ}~WVzLGv2PTxlTF$QV!PaOTO<3oQFI64TZfT{W3 z?>hK2+`Ti6nd5X4e)@cd-UWi;pyw7o+K^1k29ww!Dw<6N59u2NvuOljqEI9BNd+1N4E3dZGD1=^Fcnp z@&zde-@}2z!>>XuUzgbUUiO32=lRSXXA?i1b3klx`)K;?V6t#H2T>Bb(F6TbUJ50K z-m=dTN3VAB(03vb_X!;KhxR)1L3WzZKjAYj&u3@LkMrX!@+1aFhJYQvS_eiRqmF=+NZIc>Ug#e^e#w z=NY8w;G$2jaZEwmQ@cwf-}``nw5wfVmnXUyFgYKNeBkH&=z_ol?g^C>=Z1229#r@p ziF4(FATzc@dt(``2$_tOH$7|MCVecri0m0`fe9}qx0O* z*{uBNPtZOOt_h#^9*MPo!1Elt*U#+oVp_)2_lkI`Gc-Lr#;2L9Xf|YbJU8*}-&Pj- zc)o&u0dgq+=nn=3&g_%5bNIxPl)qBxq23Vt^=a@m!GoTr&(&w?TXXJyaJp)gbebJy zKn+QMWAb!yQSv?k{MwJvfB5{7Z~d$4i+Xt8a&>3r0-vJ#{Lb{3Fqipvi2hRTfpI4K zwAxMPeIK;`@()+l)Y@MjSrk3+oa)og|KsQn*Ce05mpL~50s7x`>F5a;)BoM^?Kws1 z4hJ9p&b-9AadJiSeZMVf{h;5#IBWG(&dqCN?hpt)v^T`?cl1APPJgl=_-OiIui&>; zBsPBgNPo_9A+bBgb$wnM;(4d}Z9gN#;nAAJIX!}OKSDfq?M7@~f_kO(=Gm$DGs&i- z8$GecF$JlQ==Zibk&J7VK1rKgHA$O(cRex{xJ3-VeL%Cs(V>~(biF=F+lRBk>GRUX zQ4g1%&N2xXOg?+h26i_39hI|FI-6y=Ft0Ot%1kI}-_}n1B;V*9K1*N3ly4)RC&^OZ zM`S<^i9D!Z_TQP5|9)mbLDhdt<=Y7$X&;|$`sK$@H&XbYUG~dw&z7(G<<)F?m@6lM zg#VLTjP^zEKQ+?pp(g_$pO*M({J!1FXKWmQvgVhMPNnsGvbjrn%05pn`{ie+()N9F z%`cy&Z}g?~3;pux`t02F~~OVR}C0 z+8@Cro z9L&8$Ewdh%_q)>cMrnVkK0QuP`qJzD&jmg`ft&fT<~KQxqtE5+Fw|&_pEo;wuA%T| zr^@kkeSXf4E6qnPr)KbdDZ3b32v z>wb~lW00peGM?_g|72ar7@hL*VS3Ye2JPYV-G2GenXxm;ca%Tx_@?A2b1^M!JwN#T zfKP|!62r+p$LD>0$`uE2%%`*D({XRgnLmAgEnEH;$2aNsvEJ=eJKH#*{$c(7k>RPi z@e%heT;0Fm7t7oz={VB;1!t8N`<*}D+c?t2K(w#ADlzTbd=h%1-_-cjWct3lKZPC8E>|3WvQ8{`U;M6l zfkS`wLj#glzlxq#{ji^K7Z-DVDt+t&AdULNeh%L6IvfZd{JvB1t^d+A@CA(?W(SIUucg3frnmZk4|^x2^UgG*+cA*lLL0xw-l{_@ETVp<^Fs`#_eM^Px{lE0_!*hdax7hgL*CWn?U%PUyn)}`nGRM z`rx3%g>;rObQ1qNz|Zq%=^19g02&higS>m$)B1sq;QNChPiOx;=f!rvi^*S>e5>yc zP47sY>wlLeAAVF@T1DI6Y8*Sm!{Wwti+EC;Mb>prv$?K5GJ>(`P^3 z)=-}gxRmL^-!8R2;BRK1eYCmaXl3c4{Xn0+>KSyQFZT0{&wHWamS^?AhtdU5;L){RiF;A$+PB zV5jyczEV*E#XqCY0m1*W%2g`gH$+=ubi7qLd-uJ3Wi*2yeqhVtoBeY8_I*-r?Yw(( zDi98Vc#xD^KUGve!aY{TCOIGya5 zoBWrjXebK9wJke%d#;$XL$@o(x+&V~*L0cX;%n^qd}ZQCTTL#fp!yj9j`TT9vs}4FwU5~`{)!I zgSwEw>3dxM{g^htx_Ofk5_oM#c1~}v_5;6cSH3D2+HbVAAoSa{9sq|}-w(I*e3*ye z`C{9u;wydNwbvy7sK$UtY<7`>%3-sf`xgbz<}-n$F>n3V3!3JL?Xsn5wLi)+{=xtM zFR3T9tI7d8n103m(Ae(&u+01^s6U{7N;{kx!_RZiuhmZ0pTd6*1%hXG%+^b!?;)DJ zw^Rfk>weTD_;)s?{BR(#?3d90K}lmiQM8|o`hq=iE*J9o^Z$5W>Gnws{8A|CTz@bs z`Q{H^J5hVWPWkp-7JS&v+Oun?^_u zSWNNksOuC;L6+@tOB?R@3E2|HJ7=|J9##e+2m9hP0ay`#I=`Vc)}nqm#_n2PKVi z>>q2|`dzH+uphJ06g=?B*=Iq@lm7E~gI?m`kNDh|-Y@tcHHM>r_TlP>&KZb3>^mwQ z7Z`}@Z;N9J&VI=`1&mji4`MtyxWvG*?Z4fk`obYZiD9pj`k~2pvy|ic0qhRHDuTnj7jl)>g-%KNwX2^%57aB*ik{1smX(g; zqyBQ^P@lpnU(_4un!aU$v-x@;X_H&|{7NYKpac1Rd&j*32YN|A^}lj~hGahs_1Ct_ zMX~ui=s#!ssJ`e2;g6G6OQaq`~dmZZlU8Y>;EcdiG%N_*zM%s$rNhYU|a<*@qQSFHxF zfPa$ug*~8`!55qtf!+Oa#P44^o5JUCAhFqXP}1OAG+yZQ(CF{g4mc+Qzs~t{Q|Q7^ ztRL=^e6xGGa-7~Zb6+V+pP%{GD8o@uyFtEOzt_V+$@E1U-g^l zZ+ivL?9e4?lz&t8EGqw&`awat?T45=*S(f*CYflA*C*&P0X;Y1mrF%BCx6C|Xbba0 zO(#$E?PZQBzz*x2Nah`FtD5GB^EF1k-`?9pfrH-^mBZesH^jGA1Rw1M^$Yl1{d5aF zo~OTEwmOfKo8H0_i1~}(bsx|KjOS+$At`E^V?enCI3h$ahuj7`sEz`QKh4J zZK^-`!2i*{%pU^5!#vdN{1VBB9WYOUzBq^atjdr6-r%^Op(BBlGkhxuJrb`Tq0Jh; zd1r|U+x%PbDXo5EewbZ9;NG@mzPiXnQv3K<`uF=tImX-EzIs{8(Y|fIsCKh)MC}gy z1Ad>{+3>ou^xSxt)!%9VvrPxrl6futSH1tbU-6YL{69};cxrs+r(wTV+a}{t5IU{4 zkP~t8yj;gm&;uW$rlj|PwZ6qPkyd8>VcV+z`C+qAx{-}0VU{IbfGvr`Wfi9@tUw6ivmBYJj4$}w); zyeVmYerL}Yjqm=6`oz@qd4^)Tg?#6wJSX>op~vW;03Y~q6y)b3be^aDCa?GY^P!r^ zg?7-U?ZV*qO-#(0WHgUj7I^gQzJ1|$1^u|~3*&ict{tjBykI-^iJX2t`{T%7^`4XC ziuB;ZJUCpWzQpfa?dnIqUnzgg2cvIa5PIC7%d~f_K9ii6Xmu_+hG+-2Uxt1G{j$|( zAoS245o7+3`TT!#WOv!u34rDEioPi z?T?^`zwh|e*@NLHc zOmPAaKJZ&QFGcSyRcGc-vq@%f4ybi7P;{LS9dz8|=f02I%XDHqUuj*g={@&pF9;s$ zPvxXnl(KSO4nNa+gTFw}#2%S_^hnR6p}j#aJGY?x*d`f2xqLHY7dxMHiTuJNuD!>h zcP{QCa!|K%T0fY0-$!lyyrN&_*r#zx;K)E3d9T>W%3CVmJACFikH!m9(Bvp?U9ls{ z+Vj>j#%S3AW02!->M zZlyaYG3GzoAGP!zZ+kA|_ouPSkNyJV4ZWvDH^7Q%`Bd%4nvQoCIY9O(-Q_pVvez2=X8V=8-`k!m&8IOYUgMG{| z%dW4bC!P-5#`|lw1Pyp}PTTe20E9l*23a^f51{clraRr&a*LrsPgxVK+0|9zp*Uj`O zs9h7i0h!hNx;_UD_(Hv}D>EF~1Ny8=8u~zQyx(nbm!|hjeVFeZcDkp}1+}hgWaJAm z-dMkS8GV*`f^NccV0*5Iu-*x=9>X}3quX(2ZhTyMlir2nmfFSo*Iuy;=vw}gF3n%*(zS8ttdQ%)feKbwZ*;fDrPQ0s4Zqp5 z{yNVLjoY1I7x4$5u9G(o3;m+w2jBYkH>gg}!T(Wzg>*X~y#LK_1L5Z{FZ#i|wZ71< ztYUs#Wp8pEw_fb(pZ>nk`YG_+T)Vo|dbw13ms%e^PG9Tite@=2`rqDub&2&<#Lv^; z=LbKb_j}Nk#?GeZ2Zsk)4+?v<^B1o%(B9+H;hG1xXFESi7d+J`ANw%lQE2i{+`7T_ z7xXvlN3Fv7=d#1I=N@fanwIw1Is`cuB_H!&e}A*oC*@Y3S3cz4ryJqRspjg(xs>gI z{S`a6;Jx1k{RNXEQu{!3-v@6Ox($$HHh=uSO@^ZYe_i23+&bjiS8VHY z*eQ2DrpLjDHovb(TGxN3xA{|-lpn20%;UI;m1^HF8{l#ZyW69-GwFF|;N(f*v43fLh@XTV z%Kvb{#8dkfOOl4){7R_lb&2uZ7W?gOt6J{-iT;1Tq3Wss&YAm~Tfr#9Q&79LZEzyB?o)lRk8k}^Md8X4LmtE!-!KmX z-O`TYDP7zD_xPH<0Joxe9FcsTpriaj2jeX1Ju!4n7F1(rY0Z0V(P3g7yQv{b=$+d~ zP`WxU*!yO={iz<22YUPcFZ8!|8VEf6#_ZW8`L_%zy)B8YA8d0D!7|^GgJMKKOWYkJU0$? zOFrxed!atCPh{;f6!^n|#Ad&mq;(yWoL}W^>hEuM^&Pivnin|ONBw5+eyAyUrmtsD z-PbZd0sT^WXl{1OU6+0zQ?PK5|HZANo0`)h>6Z^ktn;;&%b9@_+W&q{Ao)Ijp;u)(ndc@iUtxF(KL4$ev7xio zna9WI7Q3|NRqtDzeuUS_$Z_iy@!wX~?j&D^PNMfM1$y67!+O;5PhM?jHXJVJAL6&6 z_YcIJMxgyQCztKBwQi}U=%nTkx43#HJWuaiLI+=H?_2vXk#9mLWA9rlDyzr$)7S}kR8P}g-}ULVx~Sg@{8IHj=IoZ&H$x{?zm>%TzH87o;h$(o|FmB@ z2LGh2i?yrDT0$q?uN>>zo&T{uh993gJC)Je+Ve5^rRsfKz;yC@r|4w-3)d0)etm2; ztvB;m`J9|_>$b|J`Sr0?$iE;2nj8_nq;l=)ww}3}dR2WRt+Mtbw=F56>U(>)(DVC| zESgP{S4NddMxONl3O|;_H?a*K4zeDx+`?1?A89KH;yS-7s|H91hG+i@I-_db#mG1i- zpPQJRfeEhSKXL00=sOE!~H2UFXV4PNipby!FHF1$MZj(%T~}A;&ab9}6KU z)_S;OS@Tqms`B;axTBJ$lhnf<^NR2J!5u3n@0JpLuCIDzqAp*>aQRpAZ``T|E`@nn zt6E@(J65uEKGtMBvfGa0d;F_Cs(y*~qvxi_X3tmoL4^WSq<&Cc-o5?l{&GwAqg&OU z3?1`>YJvXMmB#QGf5nN;R!j`doHNF%_wlmksNIh*aynoCJ{{;?EztXTrFy4O#;S8- zXc(V*RF*EfmVe{c@g>dFe&9qP`F=leys`_upCZ_%z#ngLOu?&%<16S7X3mW@s+09u zo>!$hB&~-N6+y?m=EO3m^ZoDfl?)xLhZBnK^FPsR{D-Hf=yVTVx|>u6AzdzfPFzp| zI-l$bB;U8giC$_4pz{%eX$ss47t?=F{}Zd2&+hge5Q0A-_&v}c{Ff!)Z-*yVjZS9# zfw%kodwTEgk)}YmEzZ(M%jjCAv7yPN0@NRSpuhUToq_Q8_3!D;(t$trG#Q?Pr+<%) ze{Mc4orplnuiF1k=uf#k?so@VoF5N*R#S9R_E)FR@xQYd@M8@(t!J_vz<1fD+|R}4 z8yPxjzD>pV^uBY2$KSJcnr4j+C)T!p_axfC+WVxof8X9&I!V8KXF>ZvS%JShy$k2@ zC(-WJ-|p&WJ@WQGSxM1J>3y=XyWS@+&}RqEahb!jFS;nS`TJeap9(Hk-zP5^os7Sq z+*XR7-S4XG-ahVvy!!;NuSDO$tHGm=bLOZ%1QCx<_1bnZqwP`|)lz1`iP z<##I3^nGvOD;a`Y87t7`vpXGsYd~MS&}{l3##uUquKE0-A3Bpx-^d^wM<#h5kvn&I zSLN+9_2ASaZ+-`T9H>s83!0vp4cxtlQ)hyqfWOGbr0H@rYU|YI=$)ctDjM4l`?oo| zN8d0%#ILi>+~dUHul&+AdqH(-x+)ptW9jGTKAjxB%O4O)=s5H}m%{(HAYe}mDsSd* zAJM^tfDf|F(U(I=sqry-$u6MLoWIGKsBMU-b*C@7K^PqO-wkrJ>&&1aF<2bQOc?Qb2p?qf>Ih{7j=hJa%S` z-WK%wg}fX_|9+-lC7%x@yg{wv*s|wvk&v4S=4SZnLXWjsf4BOFzHIxnzH)wxP@F;o@$$7WRauIzGm>*tLZnMt=P98Omi(W6! za@3vNW4@UHa*ogkX9Bk@qX&R;acklZ7xSk(93Spn@4RQo@p&D)>lykYIXN2T@&gn3 zj#e-P(J!LsEsoyk$US%7@h<-RuE!>*h0Xm4IqB5w_n)8|Jux~mq{C{SPN~eDMbdA* zYCw5veH~fkw4Fn?dxf!ooZC+g9DM8UdBMZJD)yh-x+Nd`!e;*tZYf;GA$i|qpKC91 z_^LqiD}55%zN;I5;?^riB_I5-kDKSiMq*eF&z;Y!1{F_Z@G(8Er{`X-&$jn_+&3W{ zyOdw}{T_`U?z__;YC8I@R|`VwJFV_J*0`U!b&n2PB{%Lfuv=dzoT9D0b?{n{f0N-Xgo$ZznMyH8=9nVOp%Ij+#V^%FUJb@2CzfnfDfe1By>!zOYV z|LfeBq3BXirl*~y36j8Le1RNoeL@fRc|hrxLdnnBN$cJCcAe6TUIiX@L7cz^axtuv z=_2y13LW?{+L_Tg->rG{I@8~U zr{|4jDaZHfN@dwELVLVtoy#da-}ZFnDYuW6ZBU6H?_opF&hsgLL0o?e9Z zDM{?5w7_O;7`5% z2OWYVY<~5Ct53kktv5CSPxSd4jbn7T{EyV9aWBIIeJmFRwZj9d=ck-~lJ|Z}CMWYv z5&F2G!>=D`Xd3kTIUR?2dKgFPjKR#*c-_iIHSEHuW4>l`a9(tj%a;Z{{^`1jC|q9N=6>)Uz?m^{lM$HB#H5{P%@kJmkP>TSVe4w~VM&ST}yW%>Gh{a^o}l2myy&ZwWX`nyFg^OLgJ z9pmdmS^Kme68KzuM}L)DXF2@T`w=USpWP#2_IR%E(W~63C&WfC+ppStM|<@HZ3AKt zT_@$`JTNjn^tf|oHLSq5ExXv}=f-D8%Qqy(c!F5vZr!GKGCbFg=sZDF@N66rxYipl zNWRo#sRVkMCmEgoEL^E?_cYc`8smHQ$+_@A@H{v>Z;f@XC#Q`!$F#moF4a$tQ_^|Z zb*4`N`fYL|zdk9IsjbsVX#c%;X)lDL{mGjvg74m&G?b+Od3c-4DQLSezq!MJ@fql3 z1Blx6>?nP|h{o$#+G?FRE+j4@r|sjsIZ#-g&pfPt!RI9FBV)54YI1qpdh=oij{3LB z$J~)yZ{GRl)jZt$=2CRReED>Jm{$7JndcvGQ83uSo!gw7G`Zj6>_|XrC;Fbp(98@! zUsw>#CP#7WE&Y=Gf7`pi7(1@|fa7(pwrMMtf=FJa%xE{5V z`$w%&rFI`^Z-2k@JHIn?=k9u))S!xfN2@(|&YXYqnKS?A&MnfV`}3Zm?S9T+A^i*{b9Oh2#VrS0;jCndRF4YzCK^^m;iUmfS|%fF8? zU3W|U_(Y|ib$YdZK-(5-uz%^gPUrTa-}3wMPg)PQSIWIrE{Ub0E2r_L^(5urTFJjj z^Xqf`HviUji~0BS|60E`{pGZOeC&$NfiKq;t|RAJKry|yV5^i_xquTY<_&Z z{BMI{yr}oIjqi@j<3b~hul$~a<2K!oOKrY&vvN!)r1{?+(#d%2|Ngxa_e$H1%6s=7 ziT$tQ)$tyZ*xu6jPxQKW;XhPytCUxqm#ou#;knk(eEZjGK7B<$N&g$P(EC}(`9tNp z+|PTzysY_T*sA|Z>r779vB@uCyLy79ZPp>AUB{_@(ck zweSafZMxjY-6y~Bn|{H3sp`i@1-^Js# zbRN;SLnpS<`)GVzesAmG!KpdD@7K1Sf8wmBm%+<3U(cWBH!Y94CT=zFAGXka()J}f zY}Cn;F1#N^e=DuBpW4$G5~O-lzv$7#ahmKu_Qd5;t>5R{>*+dU^?mcAg{i#Wu>#PCeD!kE zey>vBrM|d)Jl^Z`<9hGUss74!+9!vs{?2sryO`lQqcA;RFzvM`Ztb#zL>Rr{Bg`Z0}0-Zr6Mb{U?LWZ)~?5 zx6AXdV}pL4vG;_fi0#Ptp0xDtu_3gx)m$4xZsQYVX*wBVz3X@Ah^#MLEj(Da(9hp|`PIThW^#TL@=HCjz7^ANi{*Iw zxZGDv@AZ26?V4YPXY^mHH{YwHGVc2o|6XC--{nuAu<6sWeX0EqS-iJD<=YYBSI!q6 zsY>MNA9LObI5UDMl< z#pRsp>9O)E+uQtUPj}j;ccedN@hi^PCY$ctw-wXXEnRXs8o#eFXz~7D z*TZz3JamxOr89B4{@RI3gTIE~P|m=ReP0E~nGad!F9&O&;o+Fx<~x7(ijFULKQpwyRLF75*a+$K;W!%o z@?q;I%iI@@^H(aV{N94$i&ktZXE2n%OgUlxOQp28XQZzAWQg-MJgFng%~w&xz@g&3 zY$G9k%HRA$%b$E!z2CRh>htp;zrN9NAMs2`m%Offxr5e@>s{_!m#o}$e${95vGs(- z|G{}1_xm^<=QsT}J+5c@BQgK3A&d9rb-mmDzz%C)wcQV#vG~~T=I`mK^cPwGr}oJY zT@1`jwykF)r$U07-M?$)W6e0eSHsq&zXSV@sm0tVIzjeG+b>cmA_ijt4?p_ zN4IN&Rz5js533K%P0SvVZ(g=d=EbidP zV}9P{#~ps0)jebFN#}b@Hs0H?F!k%LHty%cejen^mFd)AWW#grJr0Yuc#KZ*r|%=k@EX0i`KOMD@qB+aH?nU+ zf2`@4Mx^74{Wg}?o7CQ}_xcnGi}k_#&)1qdS=NWsF$_NPxo+bf@4xA{ct3wh*TuG4 zykGA~^>=^p1CQvWFckHt>0RkZrzAx&z5TvU%&tLYy^QV8$IL5T&rJQju9=Ga3Et0B zyEB{a+Xp$1oS2w>Ik`@S{F27%y>z1{S1)=0?9_qrbo@7UB1|aKO?o=J)b8uS)Y{vhR7T+}(!&pv7 z{w16KdL6ufR?ADy7FBd7xBJ^zi=T4&gm+%k<}uHMKq&Vt=lB z`Esd-zF%BwXy)QMX>a$}n(guaJipI(tzT~g+9jj%`h74g2gzGmzhZfpHV#|49sMKv zy1(3an4X&-nU*6`dF@g>_br{z9bD3KWUzYjiQ_ubO3w?)c2B;OI?#Km*UzTUg5dqy9BPBi!BE!)=-dE;@~zD}Ri@?@ygUv*0T%G!}n zpVCaF=XJcl?6vrn{N^VEP+ETv)iu2gmHMyO{Qoc%F2_O9uYGySJG{$3lm7dXxS<(Z z`Js~<%J5@q*S|-{qFs8NKVY}9OV=T0c33l3ZO5RdD;>ArqUF`)yT8-&-tG9DNGwXz z`EiCXC+|nT-g$rW@z@`H`|bVQkL%KN=>GjA&zJhmu}b?kl;*eY4J+E^+f6UW>-To2 zgcrTHa6icGHgovnw{e zCx+p;aKNus71!mDv~M@^@yjvaaSOd)rTC&ed8$mlzBY5X&F%Sy=98i7fBPOyU;oh1 zQ}wnVU=E3k`S$tn?Va?Gqf@2+_56j9p|kv+NB8bprhk>LTZWfW41}wf#r%(*Z!53k ze7fT}r%%&&9^a+q-?ZszzdB>%K3{1$KKPWJFv)u*^f##Edon`L(2J|Z9`ikQ&0abl z@cvM}uIA%6Y&ic4|5qV);IwG0Z*rVRPnuST zR{qkd7+O2?mx5E6c$I(NAFq<+nkKdK-x&0S`cj+$`Jv>A10GX^($4cbCgF(~d!zR& zeT~k5-CCOU-zzP0)_VN&zPXgDv|V|r8K)QN?D6rU(6;?nBa7+da){?U`Ae5IzW80o zzc$b29d(OO+mnWkr}Nk)8;{$Mrti;EdRq^g?+DAk_&#hpPd#b*eS7BnVLyNExX(Ro z=~Mne8&CZyTsI5f6PSBpZhqomWq;Jzq3LC)%zvX#Bd=lpPg=UJnBE<#*9BMf7_|J? z>XFW)_FBGGePa3Uxw6yj#D4i2{lu(3+n+k%YqouB<)5xN`FzIuS4AY|%tA6x*xn@mjneoBHc_V!!qMu!nkGBFjtr^I7;OpYrmLiA(2Q>zCWE zwQ@V7Y<2F>wuXBBIKj{Vi|xYsSjC{FOYOPynWCbP%1g_nXHJhCs87t!9-56=%KgHR z+uN6O=XLCtLwlrvxW1?QZb|cB^p8?KDcw(Q{$;N{W*e^8HUIi(>B#u_th{M;OpZA# z+q>Va%zxKOoyp>PO+PO7>t6qPHcs!i(8rgWSC5a+)5wNFlk1}pRPnNwP>4Ate?Ez8rU$p7MdLw9{PE?Z;w6n>p{LL4Gk=E*{Sh9G)4e>`y;;JgUU)O4|RuUE^EL zZ(p(S&*FBp>r7?*f{p9_h^y7}%1%uuL#)U9v%d%CPh&ahxT`BP!172tJe|KE#<$yk z9O2Ww9N)is`nL7KGW$zKq>fhpd0T(-&(CO;GVbl|xlea|17q@SJ$trw?(p=x4##$R zAn8xVe2o~lM!py~GcrFldLW)8m3)fx_e+0%Ii@$4{FUe{-y15HTaiBh{P{}yAsuhY zb=VlcH;l*cTf{h-pD!E@@%eFc&X1po<7Yk1)xuW%zQ)zkT+1|R$FQff=R$2v;=>22 z=Zb!i(C2flUneQ2w_KX;3-y?ODaNg}XJ($&M;=2|`TloIqe1M4D}6uX3p-+3UoZOO z_+AbD`z$do1+DyxA)kaHy@d5N@hTsD`CKK*>z;IEYIgqch(3BD?^?Ilucb1iT{a*2 z7q`a9P429xVJTt!AnA|kM+t{xRIj~{L0$(PBX)mqsQ%7v4{zW0j(61`e)qfI{m}M@ z<*&Z|;rDERI3`Jflygx>Bs>u#?~*sS%*jr*c4Xvz^K$)sd}My4)bC$89n*#5@Ax_N z`-Y8#pmpglL%9+ams{GNyro`$Qo4k_k^aH(uH*5E`4Rb@G<`+3zU@XG_xH;b#-IbB)LgXzAO8~?mHH;+T!kl8+EM#|t4{H~)p9vqbh3wAoVckOZ=I~+tLUvd9 zAXVHQK1db!NQ>%=QeW5KW;bbYA-hTDV~a+~YO^WZnBAS-p4DyiPXF-cte*8|x61!D z*=_QFZT2Sle@~H8GHRB(mT+$KW<7n8%PXbR7*)Jicq&uG?DwD6{{z#q5Evy!Y1H+p@Q04}808wClO9kIDa=H?P%eUh-PRu0AbxXV<|k zJG%~S>H6H)CDYp%vn^S#Bz{w=<3GvzR;#OZ;nb~~M#6pz z|K#sNczG_k>1PH65I_I{1Q0*~0R#|0009ILKmY**5I_I{1Q0*~0R#|0009IL_~{U6 zUEVTyJ?5nKPji>GoYoI+nTg@i7&bz9@uk0y;a_Q3tF3QY_y+!Oo12`QpPe5Wt!c0{HnNsd+ocgHvesfm8zYy@@BKM*PM8@p4|Xr# z{QgK@ue{F8c|XtR^Lakc{c_H%xc2&~PNzfb{c~y;@!7l)Y45#jn4f%eyEV<})C{eX z5QdhjrC4Fpq9LQf?0EK7^A$xU4WAPYM%0170S^p#V88t^JTTya z0S^p#V88wNdcYgF^ksS2KiNP0g=9?b!yC`RpEw8Kcnk7UAUZmi2;Kd3)6JC;xZ@pR5f^OaM_(ol;_iEaD z{x|Z!iT};~f1m#+_}{{RkpBk$8~JbIznTB%_7c!2SA#Plcx__$0WZ|F4(;SM>iCW8jMZzoHbb=>IE5 z!WI30MIKzy|5s$f75#rjDqPY3UwRy_=>IS6f-CxeGyaU^{=M`l@o!Y{L-3mv`~duB z1>Xn%s)Dz{zoy{3;WHI{C;aOQz8zkr;7#yb6nqQ(Rt4V#pQYey;jw+WqUM+EItOn#2X8(H z532d4nfT`)l7(S@l?wmIOFKNE3XG!zD_pkZe$KaO!9sR6-T|etL>sLSe z|Hgh!|JZ)kpVhzmFZ!UL^}pWF`gioR{&oGVe{nzSzp`rZAjfAo=l*5BIC`WyRMe{DbOzoVb^ zPw8j<7xc4!cYo>k2Fe%Jc#AaA-`78U0o>6SlY8(vaPt=g`U(S|33v6ytoYO6X8QXI zL;R_5#rl8wB)DSzzkC8*vHo8^2Ci8DFE52F*8j^#!WHZP<#}+$`hR&QT(SONo(fm2 z|Bvp0E7t!=eqqo2n`~Rai!G|m4uZ1i2|3}xs75o3A zm%|nN|D%_}75o3A7r}LfeGA}<{r}N(;EMhK(KF#C3i;FFX8YS$7|PdF_=SBjxd)#F zFIDgf@KFjr2CmruA6*Jp?EjA*30Lg@kIsWD_Wws`!WH}fqf_CE{r|EaxMKgmtP8H# z|1UcZuSo8nvZL^^3VsN#*#9p(0KZHTe;-`2|6kSySM2|n?S?D%|I2p575o2X+u@Z8 z`cc&x2p5;F<92 z6+9LGmE?R>4}7|UcfoH^@Z<0q3VsxRqk> z?EjBi1otcKTL4$=|BspjSM2|fnhBq;kUt%Mhk{Rq->Kk};0qLd0{j~aJ_f!}!As$P zr{E*uf3M(q@NX)3CS0-qKPnZj*#9r>fh+d^OS|BT{r}SAaK-+A=~4LNo8j zf9YDdV*kIi4zAe$FI^5-?EjZ8g(uzr_XbKA!2^o?T>!sd!RNqh6nrLprGig~*DCl_ z_$mdT1g}%@3GmelJ_f!XYyzJhOp z|3Jal!kXuA&x1d&;F<6j6g(CF&&l}(J@D-c-Ua`mf**&sDELwM z4h261e^J2?z+Y1EeejnRybb;%1>X(dso*=|KUVPV@LdYt1pkSGZ-Kv};G5t-Rq(a& zpDB19{O1b39KKt@m%?9F@I~;Df-ivoLc!<2!wNnV{x1qX9p0+oQ{n%r;FI8O3O)h; zO9dYT-=pBA@PAYAk?_3=o(KPxf@i{it>CHf*OK#+9{4^5?}Gokf**&sEBI0P>k57d zzF)x)!2d(R_rc##@HY5w6nr=QfP(LY|5m}b!w)KW6a04yz6JiKf^UNVUcuMG|DfP? z@c&fsAU=GYY;O z-lO14;SmL2#Pb1~f-itO6nqZcso*o=E(MycC|U z;3MG~3Z4faq~MwG!3v%VACjCG^}sU~ybC^5!H>he3VsxxrQnC)*$RFDK1{*)!E+S6 z4W6suyWx2Xz7w9W;M?Io1#f~EDEJn5p@MIM4_END@DU1L2R~22m%~RY_)_@!3cd)g zEBFFb1@D4is^G`r6$*Y7K32gG!N)210r+JKz7IZL!Q0@MEBJ2s1O?v-|D1wvhgT|i z6a4cEz6E}Tf^ULfso-nj6BWD;ewBhRhfh-QrSQoLz6fq8_yYLV3O)z^1qGi8zed5Q z!xjC%J{7L$|Mf|5MgOl)fGhfceGFXD|Ldi2MgOmlge&@gJrAzv|Mg6`qW{-Z;Ys`d zbG`G#8#up<_=^7j{NwN$$@Ay@qwpIQ{1E&m1wR14S;6k776sn|zg59E!DlJ>TKH@QuY=#F;LG826nrWCb_HJq_bd1U_*?~_1D~hh zGvV`-^N|lFV{+dc7`gHs{GZOjm#F!9yUxK|&cU0{!GmgkekT6;hh$->zp3zlOwLF4 zz!xca7yK>-KMt=}@T2g>3VsNFw}KylC(Q%$cOU#7Mf^7Sw-kIge5r!(gx{;++u_R; zyb1no1>XX{Pr*0Ala^7^zZU)-Mf^JWcNKg&e7S-zg|A4)qtD-ucwKn^J%2u8M?dRd z*U$RR`qhvAzp%XI)^-t+%{TKAJes_QA_XY|VaXvs3{eAtz7r+(!|Alkliv9n>nQ&KMvgID~ zr^C(k_Z0>{6|PwSFPsEdtp68IfGgJj3&+3}>;HwNaK-w6;Yhe*{l72|u2}ys%!Dh} z{|i&$N!S0qfr1{mV*kIO3$9rIFE|eO_T~F%{uCUAo8#lY!l3^UT(SROZ~#86ueg@{ zeQ?G8e?c2uvHxGN8?M;@FW3oJ?Ee>Rhx-)vHNh48{{>s%iv9nBP4M9g`D@{d{r`eG zxMKgmU^!f||6i~auGs%CSOnJ<_AP)b_Wuj!z!m%d1vB9#3i;FFX8YS$7|PdF_=SBj zxd)#FFIDgf@KFjr2CmruFDQj8_Wuh;!WH}f1$l7A{(nIxT(SROkP27q|NDC2iv53I z7hJLb?>i2!NbVosQTSK|KLl6o|N9QWFH^+d2UqO>``X}&{eRzXxMKg`w-c_||MzW& zS1Rmlf-Cm_eOus){eRyk_>~IzYvGFhe_tJ3vH$N|4p;2|`hGZg$N{6+;o1Xt|;=O2LItcbr4uGs(2Z-XoL|MPdl z75o4BJK>7`|NQOnDusPbaK-+A{ua1m|37~de3nA~TDW5WKfeyH*#FO84p;2|=P!jT z_W$!2!Tk#R7Qhwz|M_#^iv9omneh1v`P1QdDEL(PoeDk)zCghzz`vp3W8e!FycGU- z3O*A4_X?f||E7Xx!WH}f`KfTl{(oK%T(SS3*9BMX|K}ZtEB62Mj=~oww?FR?T(SS3 zcL1)~|Igb8SM2}iwZRqp|9QLNiv9n*op8nef8KVuV*fv{39i`x&)Wi5?EmL&f-Cm_ z^VY%@`~P`$aK-+A-g3BN|37ajJn87yj zS1I@;c%6bzfUj2YG4M4CUJ8Fe!AHU$RPa3bLkgY=|DJ-U!XHk~b9>-x6}$`nh=L!7 z*DLr@_&NnY1YfV<2jCkNd>?$Hg15mRRq);LO$xpf{+NPqhi_K!CivqDz6Jh$1>Xe! zfr77vKcV1t@Fx{~Ied$PFNHs);EUiv1z!N)s^D|r4GKOJ{u+F;jb$AB6vu_7r=j^;B(+%1)mB37X_aVZ&mQA@PAeCN$@rWp8)@* zf{%gkQSeguzbW`g_+ACiga1mwGvU8h@KpF~$@#Dz_&x>ig8#dMABVRq_)+-l3VsN_ zU%?N+|3ks|!QW8uHu!H8d^h}ng71X?R>8N!4=Q*Q{C5hz1^%XjZ-W0`!Pmn7px|}z z|5Whh@Iwl|6#hpAUj*+^@CER<6nqZ+u!7HozpdcY;YSpFD*R6hJ_&wQ!6(4qQSdSF zV+vjh|1Sj}34d3?^WcA0@J#r73Z4r8OLCsw13#|dUGVo6{5ZT*!H>c}Q1C-3s0W|3tyJz)vdpCip1@Ukg92;C1jb3ceiP zqu@*7k!0M(9$L!eZmq`a*H)HQ>ouC;OmY5T?y8EG47nG+Td%Cq{!VYbTQ~ST!=*X3 z`~RiG!{=!!#C1(R`9!TZsHIIl`P8bi7QI#rIKtY~#PK`A`qPyXW@V*clQ6>3;UbKy z*1NS*^D7@1U7<5ccdf1rYHPBJDp!|vBInge zt3JQ7?H0}TP<_a>OVU}3Kae?5^dZx<$>q_saA!?WbV?Y}DY8XpE$=@No!*67HacB( z8G2-mL%*l(S!ZxhmEXU5T!n}4-;(cbe6Q0w?rmEW4%Rz$M_aj})oMY0GA{zRdi7Mfr{~6}q7nt$Q)g zuVry>82|OzI{xj-Mz+2_+ppC-HHT~RN252CSL^lJMF-bA4Tqtf|HJj!^C~3VOJl0_ zmegpNmb{{4FQ%G&+lJ%*3Q6;mZ~wg0&~9l8rZq)2^2{Z_weIEnm+DD>=+bR2(JOL9 zuQ1UoIt?xLw)*U13A>cA4t|H-!{^m}PJOgo_e#82TOS=4^h&%9UCG>@_X_geseyHaJhs}A??}Nksi7@kcB_; zC2eQz{QDd0vr7(2oLHU29o$=gu=hx{e~s{1dsd+r`JZpC_E*Qojg8k{=3kZ=?~N*d zz_~Zz#ebSGNrT80zerr$KC|wUfBUQa3-Q0x&{E#Vr)wmhbDB12Bkf46?y#PCtXC%o zWB;)qUV=>O)mAgFM($moJ-7Smi>r0?Y1>mmj^OqBLTp&ZXKxWYj@{Pb3Fhe9^Q3j_ z#ZreyE~@uxIa#n_Vt00Y9Zt~KExL%)f}T!^Bk8j9GwRoow^H6bpG{tg*OK=H@{X;$ zyt-mVr021E+B305WJ^2J;5Hm$hxkmw*XPU^yB{G=M-m%8j|~;EGJEFM7}`dL)iz;}XKQC((Bv`esD+*>OvZn7DTkcMp1e7m1HaANp>4F4u3B z4LeR$-}9IB>YPcuP!gTwRf%7r^NYmYg`R7u59#sY;?i{$;ad9Eao#)VSQsBSE?r}Y z+l-EKbo7}P%Xb$LE|^5eK6ETo=*T7RW^_n)a{0JR^+u(AF+?*qaHq-;KyB6Z=sE%mwc>*K@6`slnr5q=qR-)g_D!y6wiPVVms zSDnQERoEYlj~l1s*Th}ed0U4MJ-?(r`{KjK>G=g={YmtE6Fs})?Upiyp1dn*C*$pjrsb7G6Eiw_r@HzWQ)xb`GE>d;XgA2&|NYsB3n zaU~34rQaMT<0S5z;~MFgrSF6VtTcsSp(OhLo^bW?`VJpF+n0^lLEK&E*7uQ&^I9x@ zv>X1~&lqQq73Ue^yphDltC4Ny$+^>9r>5hwD3BbGg3HHIM7ZT=Tg`BtN5LE7vG& z^hL*(BQzO<_LWaECYAB1mF{avcQf@WpK@rJV^h+_=c{7Iro#whj$Px%NV!`V%J|aI zMo|C#!C2p&_1o}6*t9I(j=1u9A#pcH{aSKL#-#XFC%y|Cu3Migeb(v1`smeH4~vt9 z4KZa;#)I`q?D!dW1mfc6#M$8@?wYLgUb}Ne$MLl}o;LF>JGLz!z5yH8#M>BKw}!uoyguhz;c5P5fuMiB)6fdJF5-G2 z*SX`SY3GSQnEz$UmAO+^_6?_h!+OTTzWwCfgbkbRd26DL+|Pyg**1s{*ug&Hc(`xY z$3({cPW<>ancqmdWo{#3WR5~w&9S|d4awvBoVn)wLgpzj=EB1_$y~)whs;-`?!}b7 z$;^Q~QGZ6~3Vo0Bhu0#{kG#vso9uZ1&+R^2zJ}jNxGGy;g02hD<%^FSTfT;WlejaI z#Kot@Wx^!B$i)Y}>m+8{d)w$@Yn^2H*O51kvULk(%e{_ui$H_9CXgZik$;gP{t>@O zx`R1Io#fFF(&!ak!X!+r-y~c#UQxHSDcGe^r2ZoLlW4o-mE=>j?J1P`c11M(U1odn z>3P{a10RpZZmxv~Z9CAHFs3Pd9a#x|?!1`!(r_O#D)0aI=-QX8MajCHtbfV69PbA) z*XCqhE{)rD-nZM|tP1)c^!OutGBxe{F8@7ypZ`Ko?mblI_dYb%@8jOL8xwC0 zX>3jsFJNeS?-I9TnC2u+lOu*U`n#-erDyEb1~<^A;&Zo@O|Irz+o#KuV=if_j)}j- zik~iPe~IPVO8-}h(@c7$z0TT{tsA-Mrw#X_{~fuvB69McXc=~Dd|q7dwq==Po0xW} zu#t9dAz>DZFGZi!6RVyl8H*KnMEmE$+bHXws(VozhkP3wyJO3~wPx)S-?Uc;TVm7J zg740@jgAq_O*~SjWz7&D|DeUIC(+}`B5Xxp`D18~+3i*H+ILLSHM@R9*M@Jd#5ca! zdr}?^?WX6^XJ?`!(jQeeye!`jguozwppY+ zz#mvQ-n_0}H@-sW`>OWaw|#8+!aUO%TOQ$$NS)yNu*kx1Y2rVTBl*B}wVgITn`b(u zOs|jnbCdW}?A0f)AEjvhK0`b+;{(bTlP|{iYT6@5COFEjC&9-(j(N zPvh_U9K(Yhl>4$P66}~}*)cUi_E#mop?UsJu7QThk?e()_aS! zu6vsw>%O=7sgw6MZ!@$zD-Ybe?PF=z#Xi>d-jg-;_UpxN+Kn3`r=@+c>vXhT`Y3L1 zLi)u(gXYNaYu+e7c~I`zeU8lw{qg%AHV;?%gZ0Il!>)^#471-#oBUC)9BEIaKb7!y z+gro9N$%0-JJFvmVHlenlzVoVC=WQ+eZ$+UL-I}90z(`1klhwo-=9hN{yqD<)Uykb zU&4Q5PEf{k&ga-49hDY|Jaci2E@L#-i$^z8&YN=Hjx@Rh4r~4286@AItJHFzy`*A@ zjMdnG7`)+P-F4v2>w=pyLb+r1hH}O4tHyO+Rl}U6))REe9%UdHbov%*X}Ox_Sy|TN zs>=!LwK@LEH>yI8a8oZu3&(IuCwQ1U>jQ1lVi}{B^{v8uNv31eV z(#{l-hUl2|iM^&5$r766YQxH(K_39;OU2KkRu(>c50D zw4DEHCk*$@GqCi7Rv(jbOyW?c%sv5LZ+&;m75z_(EcW5-@B22;Mlt?*Gqzq3?iWRW zyPfkbJLksO`Ko2-BGDgX=Wfd`+s*~nciXOSC)l~(va=<|PD5-g=(V#eNBp^Yn68OG zDI<=@FRIWRX+t-=H0Ik{Hg-7}KWdw}ZXQzlJ(RM=xP7?nV@Y`uxyZ;7 zc~X`nzLXzZt|B@$H!TWqyFTJ}Yj*+%&(O zxb^XIqxoRjznHjQi7R0UYt|LXd-0v5Gg`hrDur2N{QSGuXV1UmGsfw(^xR3DDfsDn z$-i^QmG#{s&5An>8_jvoxos@6_F(hBgg$%SD#4!_Uq`mjMS7Xbj*z~!-l@|!M9<%} zSI^sHxAoE&{{LzGE&ZqXPTDictFv`9k3El~&5Ucz@wbd^BwTEMM(c9k+k^`d&OGxd zW1%GBen+@tgfq{UN_&?WPR33mGdgxU^D^z4oRLUz`n5vIC;HrUzI&a&)`rM;K0C%O z)V?VBPrsHW_Xz9beimc9tF8MNJGhU}pETPxbeyeg4)$mL&BXoOSToE=A~inM6Kq>AV)=nr$>!&gMkh z|IZ+!T4WHP{v~gnq*u}|_KK}9F;Szs&Ux=}V=)*k@m)Pc_$YCVwhKsY`j794aUO2xG60+3g8F zsb)MFcV5Y6#2d@`qBT~U6aDd1S@THZ59(Wy8Sk_EBe#n*tzj%_o@f5s{E_<(aRbCP z=im6_O7RDE-?H!IHmNtX3BI#!lJ*)lRT6`Ct z9UZ4JMsu+9ke|>m1|Mx`aP@-4r!HcO{ft0ZwV_ICCoAR}!@?UEBUQE6BYVyY% zYoA!ES4Z>Yqw@Iq)cnTq(ju?j&fE1$%KrX2MP?iD#vHxcP77)H4tZhs8F6#B)+)c& zS?#BcXkQWAI{D7}VBGprG!M-^ODVtR**@xqL)uTu7=9|=)p>Uj<;$Gg{^yCii{jRz zlEgR1e#HNIZ~RoTo$#%fGoL=ra_W1lu&WBYs<5jHyQ;9O3cISXi?g0@()Rp;x^}1vyJ*u6Q?HIx zVOJG)G2eZ+3cISXs|vfSu&WBYs<5jHyQ;9O3cISXtIFRUu9~aePn*R&lDS#rCCOKB zKr`37q^wwFc!WKcm9lGSx7D;yDc&W0uUz?lqnyX%`W^W$ZHIOLIw`l-=V{W9+WGV3 z+duQtz7!bR?1c@)mAqmuKEj-TH%yM$^Kqx)x~5%k*d^-<>(d&4i4NaJZ*fJSp}2x| z$Mn|xrhko=nfP%6?ajrM<0|R|^ET@SCA59%HN~1k)*H(FTCRla zOFz1U>}_r-asK%`(K;L*t4Z70kTZ9r^gE>crgmfAt{oH4*0)dhU#A{M)J?hQ~X|L8h=b7_K&hvh} z;fmXR{B*vvr{8oiu*UCj`n5rl4hb*eN;G%x7!ujnaIX?S z4T`lh8ct)+E;=71oXkh2**b;CuyOb?5X{!IhL_sVhF#4tF)`;*#ORLVDAt)8$g*QPo0L;y-`~IC7iKMGql@X&rvS%=TGEp zz>BoW+s1dM1_=|seCvs3uCH(}e0$TY&tJ}&+KOr~_fNBD=L%mEOyxR*YZ})Au9;jN zT!(TcT+mx1vM*`i97b2}kvV#WoEIQX1=!O*p7PK-JLuUzJHYr)%in)bNPC0tC-3R- zzHv_n>xd`+xX~F%KXJ*{V-hY*xEd`W^(L3GbxLyzYhB}YbKPz$>vB!*4qu}?=zTHO z?+B;rWr1fjN9qlccLLAo=i7dYo(Yf5uam4t=*My=pJwdhG&Z`mj1(;r;S703t@r6j zpiy&D7gFBP=XTV3C(5|p)mq_qzQMmOldxu4vhzmd?DzVm@BSgOyA$iK)Z2`Gfz(j- zybxihh_8`*C{$+jmV4qQl!uc~FqW{#jqE?`^rOxxwoY_yl(B}`7oHx_nX9Q(Sm$k7b+Iqgr`cUDzak|!&8epwizlwXqHP;8^vI3J2}$$5Iah^#RAT3yfjUUC8HW{F9&mM#W^}&VBT9zgCmB zE%KaZk6x}b-kEci%pXG+_nr?i z<4e02BV!CQ)*$1nB180J$FqdVH|?0_*cfOGYO?Qv-v-G(NfKMw|0@c57dkjkA4K=; znKHMKwzwwMa1b}0d3z{H+#$r>Bk85?3`=YSV{CO1?wBo8%4byGNp$O)=#j9Tug~3I zH7`UPLmB^sHoVx2UGu~)DbID30qUWntt{YpeqvA~9|~(yj2!YQ;$c0PHfRd@5(zYs z_ZMo}>?@``dzCJ2KpyfAQ%)k3HS)wcMan{bis5NYku1CIE%CefvA2AGF}yCUrN3@Z?uot3IzxzS9m& zrq1h(MciDAtv+7%L){lrZYaa<@TE<=j?%}A?{dGhc(IexOyCe?&G1t-=%f05} z9Ej}W$U00Q*x+hSYx;2IH_o1&u*ZcmRy;Z_sF7FZ_};!R<-WD5A>`Z>$k}$M=2%(b zr`<4|E5G4&uENjqnLfoW@z6hr_REpZ9?daN9GE3#{~kW3ej^$wocoY6_M^UlK&!8>cdfe9>d#PUw&7gH-h-nBp&h2XQ22#Mao8OSx8(D zpzRM>&#_gvHiyk;+N3|=xwcOGJD)$WKf|*4uG`=F9JD{fbiNnGd@tks)|l_^1nx}W zj#!?+BKCLYVSeiQsah>q6mG5wO4~b(_JDcuNZP6EYutWD9-2qyuu`_d%s(YxW9#$= z+J$IYDDmUd<_2U)m_GcymAqMq?BU|u{kQ5yl5md^ZcVJOvv24LuA-gu-qrK8w7oJ{ zv&J9hniukX_Sy^W`1!2O)HB!fg_r7HmuvNV%!kv$OR)*NWNvJSt?|w$&+~629OJSN zHi(=sax7I5MeVci9(>%u_?MO6T(f-9Q zZ?cCguS8S34cCeqi3c+2qd2 z6;?P`_*TvVlSZyyNgG#P7@xgX80Q;z8>ZX?cl$ju59FMi?8OdYK6qKJ({R>$0*)H? zUa3bZoc(fyJHOl!?!2ypv7$@bri{BH<}R za=(B+p^$L@urss6$k-R+yopx8-1Lydk-4{|S7g?}S*yER#_gLK6puqJv{ z8SQDHDd4KfG*T!pgSfi3WNIlc&8s z!g>iih_I=0ADM0mFKvf>mv|Y!3Z=>S+Dy&O+J)z-WwjYAm(_BHP8+%cHQOpDarFfo zhf%NeK!fHiXRTk>a%l6sb)4(tp6d$6L2^&lb?Wdn^}@$9#gpr@G?%mywZ)n{zvep%a3I^>>|3FdRI-uovW4BGd}+lux#Gfev>T>FWP4x2^8 zUx%DQeaPYdiH8#842qF6s8^1Z9T^MBo^xYPkT&h)Q|9<5r$dvmkMvRI^OEGv;n~5> zvVWSZX@UBj!|jZR<^|m=D#F~)BEHn=@I8myr9I$z<1x{`?&B9}>nfQaZkDpj7*W>M zC-D67j~n^yavPr3*()m228Xg(*Rk6h>P|rRT=K*Btf(MQ2DQ%CdDfP(EOkuAsFYb( zjaze2uW8@Tzj;6TAz@b1b_RlGz58peW;jHCO1x~R$PC?cwk^YS?csXe{cu3n9;w&0 zm0u5OH6H)a8r|=Byxy-p%Ku~B{{jC`^6%24?cxsuw2_^j;2><0XU8ARn(LKu%Y#|8 z3tnAo-EmEjGp>%-2fh#t1cNtb<4(y(>-)9Y0S=#@{r(lcpNjeZHNKngACSBbQD#D& z*HKoBy7?Te3Hm)FUX7T~??>-l7k3Z+t_O?IZP~B~8`}7%ta{dXLvHJ{H|Dc1=CdC2 zxh&>$Ma<{Q8srScemQfqHmgIc^LA*DjP9gfgwhz!L}VUb$C#_GEaa4M^1c8GCu@Qd zuGSk!tJOo!THWA`jAn*Ox5CJC{1RqOmX`LQ9&$fCwt84vg{EOY@;jEU#V30{_?7mc zH{jY!9T-GAL;IVu#-XKrZ)?zz{c6N~_k!phWXXIm%Wujgf70ZBI^$BYCr($9Vd@h3 zBJ;wDGG;D{$oY%LoIsZ7jIraMx}1Qk4gE2CyQw!R_g~XtB-0VKsms(IYtw`19*W=A zX1yJG&|#!Wn#BgO<$A0?a(@_SJ>>rSY`-S=*Jm5%{ak!0_cvw- z&HEd(14B0!YZ>|YZwvmDu$!_&LpM4@8Qy?qp0NqPSre50ccU}tp>0i1eKm5rp8f2o z{*!}}=>Kh0|9sOf(T_Z{UdedHlG7t{WKKX@&GIH=0XwY^)f<}RfwXm!|FF$c*6>4G zTeZ!iWmV$YjB@Hth!?b3EAePU^6a)@)zz9-%RJhpm0n1@7Lc_gX)hROpO89^&6-@F zyez17lmxZIB|-O*lAz~kNpSG7lA!n9l3>nzB|+culHiEWlAwN~BzVC`CBd?;lHkSN zCBcf5CBgBhOM;a>CBcdJuc1Bav}C!E_}4pV770U)88e|67d|1$I+M}MGKc2UsrC~_aK*XS!W z`U=e~V}1H?aX@=QyZ37G3I26Hye>q!=qix%VBQ-Yy{F29UcIDA(%74>TS(U}r0W*a zbqndbg>>CQx^5v|w~($|NY^c->lV^=3+cLrblpO_ZXsQ_oK4q0#x5JMi#;pPqtUDP zvFO$JgXmR%GI}k0JbJB=bkHBS(-$9Pf2)K2tz+zOb+W(J{Rj4?4pm8h#OL!q?7d&& zWAn=B)w?Qs^{wV==dKm1 z4wPm8|9V-bpLRSSkn_y}$EwPpCZA*boEi^f-;iOh4JGzHQWsXy=Fs=MAFdB*GTxOw zQr72WJRsvY=_47xna?&cJ{l+Y*JKs@9e9r6->Z>R>z)4IGunJM=jr=l z%z@LHGfdntu71$^4FAwTgFijT8bct{C1Lshx`f@-(BaN|HS)29wdYD%T7Wr6QICve z9xFG;GJ_<|lHOsQ<7O-~V@EfQXtyJ; z@m=To+YR(pT>p*l<=AER?{ZFnIhH(c{Aw%DAGh(`@gANz-pljGzvfxveLQDuXx=87 z@3%1T4bLLnEW*tq+$_S)BHS#(&1!z%p4(dU*0^WF!mNYT7BkM{+_?O=Q4RvZ4o&uv zdQsT%hxylnch)uFk54cA1NtYZA`M-E|scx?o7=aH*t?{f5YYNM7In%MQ=FcPDq3 zpPby?daImE(tFRFBu!T(>2hjL*6oix_-%u&5_azOH0_IM;s)*8uQ zf~l`Y$g={*goRu0oME1SdUU+58QRx>zICFmg~n)c=V&bb=6V}vA$r%_nBzA)L&k+- zE3&hQKc|EKk$LIJXU6H0=TC5-b?-=f6L}bD40!NgUM*n>Gc-Icz#6Gv4{X&7R)0ft zgs%^24{9r3U1Q$!7p%NfbBnLC4J}>LD0>eQhkX}$2IIsU!kT`2Pxo}p<_!Dk$wy-S zCTY&XxAuA@bE)35OxU!Savu!es(UyqS0rhS4SONqWxn2+6ExR28%U$f|B3fA;O`?Zw?rnUTDf@qNb0$*0NN z-ZtYLepvJ0^uv7$KP*Y`!+-oQ_#qtYhr~45Ypp9HAEsj0F)J_g_Gjv>y`EiDT@g7! zd)K>8Ej&Ge%NY(|I8)D%a>f}C^W8+lta2ptJNx`9{!inq%pNHVvG=*xZtG8w{YSo6 zAbZeflr7J)C(7jwROt*T-)v!^9)%- z6}#_VcU*6lHd@M@v>|~ezs@>sNsISvITC-+rkZGg-%x^l$VU z8O;BmkhIG)HE%2}KFIq;KG!~bUVC^>@xfNER-2binw$^v%=qexPS+Z(W3u$C4=f0| z9{9YLg6~~>W(VA>$9i3XH64y(+A7lOX`@Y(HDg&%FuxQ`2 zM>ya2hne9<63)x|))2yaB&-$Yd|98Cep;UYw*4smxcET&au zUGazHk@!MaI3iv2xRpCBBgHq4D|$q}yt`EHi`@ONIJuKgJ{{xZiIfX@*XcwF^FMso>C^aWB6^d(>vW>+W2xIk z=##at*fXH?zX#f9>n&mVr|fcOxy3Fg5(nNP_1MZIbBtu?5o<7UVXZVjCFQC&y;Z>$ z#z3Ano|P9)zfT(~<*v&qVMHgs=KZe0dgQvoJl`m1??tC=$GPOP_TaIe@&2;?+-6_) zqT5VkO!!IX3NOzP%9z8FKTZ{%{i2pyjq-|L+NwG{wXA`g<(Kct{4ai&b^uU1;g>#p{TaTK6w#aq6t! znr)I<-uu##w@{1AXXLs?4_Bu-j$@Bj>C>g3ma;7U6YtZhls-D_o=<(5BvCjFVL1xbHK zUN9Fo#5d{GN5*wMX|^A%GH5>29jnXMBYDO6%#&)BB}t>$A?b2>I%gfZWf&b2GvmNO@!W$R35wBDcjLjpJ7kKd=Q_+&NZfO)eg z)vpZ~Tcym4t#x|Hw3RgukN5<8-D@b54>FFEdFUR-8gDx6E^m8y=eV8Ds4vfiE&D@Kk4fKdsn=Foo<$DN=$+ZdmA3HA zGYM&X$%?xp+7_Jop~SP~eBX-8p1B!!Q$pNED{g~?mw3pR=Y~YjLkVFYx57SV>3Os< z8h(Ssv-B+|ZZ>hh!&Pj)&yuw)K^9AW(k`F*)!Fw=$k^b_@2va(VBfdu$J5b1{+w;Z zL@8Hi>&2N{?ef!C-nUaut#UTQ4rk@Z9I>O%IQsnF_gMAGjrkKTnO7#r{E|ZE#DwxN z$@0TQ@hyHSTlcQ!lY5qZ6D&SncuTRI4Lx&yf{!n;!dzsA`LY=%FCokYR+!?LFhdf; z47b93S@KxUPH?WsD|yd6=SP%Fkt6n7d1}_N z&)V)w8C(aqoiQ`>|+RP9L?(J9A9VtuAPn zu>T&P?$hQog53XoT-ZD6C2VU#*!`B=c1iD!aY2t{59$5IHT`W|+qk!aQT?dfE(AXogvv5atO9 z(^6^ra&-c06Be!ar~lj1}pB% zX53;cZm|`YX8~4LFehg%n)r_<=(gU`bNU{UK{?~u0@e~H$}<8phd+8n=VVC}@m9x{ zJH9Wp(!3xxUVXH@4v}(e#rt+byjvw+=dIFaoxV1~mYYqMVX{dH?0S=Bo9uH5>{^pK zO;(Y>tona?qS)Df&!@_`RsTgTAH2DRe;yD)27QfYxls<&#QSTeYJDN_NN=Q?>Fl42PtUx36J7i3B{uxq@$yf7V1<9bH$3GpM*eRT!vDz%|8{S9%3MtNU)kYf z+xaZ)lW~r$FPZChtS!iRN7kcd-Hzuc%yFu$XGQygQ$LCC2TuLc%y-I5I74^r7^CAe z-jy>+d~<5Mt<&AK08J``GGA@{9)xC<<*>O2pVf}F4F~*=yo(Vb@n}0=8-ZB>eOU=|EAlt1Rv6Y>AB9NzOL-^D-n9%^`wf%el5qZvgWrU^4^p6JPRWA zp!05x@7=HA3t#90o@+p_$ZO}UZfv<~MP3JGNVwc*Ez8`iw(D%Gb~exHE6jE?Ht+GR z`HnvF+8hf78gz~QiY)O#Y&xZ%u+q4a{=sM2^S6{Q)-Lqk_X3A!mv||wpYrEfJ>9pX zr>dTH#`b$k?DWU!3s=qeir<_egLew*ytBcG8%JMA8YJIkKUel~We2S@3N01K0WF# znOH(N$wR4&QV%I#?3)((`^wAMdL#7{KV`Mg_FMHv*7Q!AbHOljW9tpJndAQ*)Z17; zasL%5Q+?@@eU1}V(RcXTW&6cqtw8!qlT}CG;cGLw|54Sv4kyo_i%iDpg{;$22`kUjN%@xN=_GIEnL5c^<KQ@xA>vy+!ibe%~E(f{nBRVeU&?B6TPH zt?1f#tZ${S61kG^;!AnX0lD&gWmZ$pTg?(b(4fhAmLbwNt%!VlKIcxlnZL-~I>7gN zv|CyH^Sp7-z1+__LK|lGYtoN(ujp*2FO1C(t6Z3EoBSS;v|sXDM3UE1kHseW4I;Zf zOWL1HF&vV1(^l%g)bS?LCw`E+F1AzmcZol+J+C>ps3m-xzlA8q$+}G(J6lmgg;;t;Y3YtLgjMhW!l5)23ZH9riOM zPnho>%-LEgewDR@@RYYF77>p$yIN;sH=kqjgYoLTZn4?v*Ywfk3u_VYNL`nBQrD^H zIT9DYuWTniHk$J};nw}{M(=n1C_Y_X-Ss)T{Vc25pRMQn**3U`a}-5;#COp${P8zM zugJhh4YuyH`QCLzE$j(0d|HiD_wm^$ zYtQm*T9(Aehq2=Uc}_JtZ;70U9hdd?2CD-6D6NTuk{4e+9yW8(57u&<`;$w22gto6+z9aWSNt;>E zXkSFWv@4$@uCx*KndW|7_#S^tLfMry=D$eYl`zrquOZKp9h15zbq2l8%7xmI*t+O6 zv_HO>*J1is-pwG-w1rb;J)SdQoXy!zosH&u^o)dEUeP7LhY-gu$422V=LOBaPu>Ia zqcL)(>&%UWHS>b!0;PQz^m5)-qu9_=_Rk4WHqU&C`kp7Bx#qr-=BHkrnZkQ0Jf0H~&+ehIWVa^W4ki`%U~$AzX>r$GvKNF@k#;gj>p0CqK;hN8`UG zqKo^Zxc^n|-zj0aucO1s{UYw)jf`}z_wauQ_vGBtf^pNdTdlCyif-;_bN^e&_^NeZ z-o@e)8zhb5r&maeyo){1pi7yU@zYEFlFpw?c}C~;l2*|hzAz-;zbN@0c1t<;Yv@at zJW0$K$q&MQPRfv-pUKP5>0c18l6-o)@A7l{C)l1)eont^mLIX>9OVZ)I4f0b(5Am6 z<)JTIDJz=@GtEU>q<%`BkB*o9Ez8k+j(Mhnc@fo;h#md8-8ZiQJsucwRjtbJ|!rA|r?_ ztB=ADv}tRCj^ev|ej@&A@)^Tq&amSR+jf%=e>^R6lNl+hZW|JU4i)N^0@IBO1C z5u3+S7Q{bN|0Rzlt)c4qW;wV}d_*~reo4XvIYTAwgM=f@4C$xLvQ1exG{@_dpM{1t z?IdNjK+-PnxR5@~X*jNLzu@VrAkV}zrqUYHw*9ev%F~pBFAv!;zJvFkJzXW^Iz#)? zpBeM%)I*(lqepDB>yF(nQ5JZ|L-8`^M6aMHi?DLmEhAVvIpP|uYprS9-p1xMb6hr! zXO8o?y+xc%(k$=oe!IzixX-$Z%*`tz$5t2dZZY~OoxSmq;ZfV(miQu*cYt|l8wR(f zZF}dL3eN81i-*QmjC){gMHy*K8KiMGJ6&@%4i2QCPtNsn?n<6Zo*!xSgd8P#ZR0y=|K9m8 z&K&zBf7g4dA2JT2+_g`cUq!hav|)i?r*3=!nPz#m%Hn0h#U|K!Z%{_}OF89vPwEcu z``h+btnQflQ-ZDv`Q2dr>Dl8J9b40!xJhj0^B~H3n(!2sEhz6Fn(zGzhMX(!q#Yui zt9eHQ?e7r6^Na}T%rKnje`g)%^rZfC&xB4#LIU2Ss#muM>>0d8=1KE`0NSsIWi_lxrj|`Y*@mrCw%<8#L7o24eq{C4%qR32<-B7fJjbxhNL-$9-oFaJ2UrW8Az=uc+Rl~x zH;MlCrH1+Z4r_1u)^Dx+v)F0*;>puJ3~L!Jq%GEOcDp6*^2>Ul z@S~XX6ESK2#aQCYy3=K5n!57keRHw~^)lnov%f2U@=3z1kvR=IL;S9MmFN{Yk`~5M zj041nAD%DwW76V|rsec>@u~RSUY{nsya(kT(Ho5$*<#y5easgd#FhjbHd{6v#)fIO z4VJ9AmMq@&6q#ekCyTaG1q)) z+dYK)Q0)42c|P_1#PY0=aX5*L2NGqV&pN9a`Aw{S5}))uE9E9?e@|0vo$b4>6lqrZ z$*25y?DAvD+9a}KW%OMJi+HD}S$xSd=yKOu8 z-XOMQVMk28>iunzv%mjfu9I2ys^jk@f0 znZM^(@7Af?fBLz!sq_J9EpT~0lCqmcAAZkP`t`(TBoqAIS34%@@>}UzBhQFYE)T_~ zD`TIQPTC43UDAF@IXb&<@uwNGZ^2yK+JiWAim>uNEb3j)h0^Bn89$%-tL>L0?Y)#8 ztIz3KfKT>Vd1Xj^(pd1(sBNb>tZ+0 z)c!?e+F_$@NaO)olV`8UBWv>5l_%@}B1iV3WL;kNe`Gyg_T6L*e<9z^J*k}NyDcTG z>;cIbS@wXQ%bnZVoLjPny|r#xpRw8{@twS1^*++TzSEh^AZ-+B8u9|Vv2m)ToAIl> zn>3Gi5k0|m*m`$B&a(a^J`1q!_rAy??3L?|MfdcrG*orW2}s+9oHNod%k#?Sc|GSo zBPWROklVri&)9YsYteFi<_7du6ZdVgP1;yVJ8Kk^8%cWuawUDTrb2!dHs&-Oq5hle zg~j~lV0catdp_AD_8?=w$dG&T?2|l8O`IXDpL#R)8L4lWVb5Gm8Zx+_DxA;6J97hP zDfw+MzeB>Zo-v#?g?HLXZ(uF{W9=sDw+O#2sK?D+Bp>lrmgHY_U$HA+@=fwl_7Ej6 zWAm+r^huhUbBjILa4Elaw=Db>L)J-U{X4r6#{Kl?QvCESJ!X3+X~Rx=mm%*RjXa61 z=W#Ea&-|W%mP?uIl5@$#E0i>FKM$TO&y!1BOa4Wy$Czo1%8m>%!_byW7<{)yzVlDH zIsGnjhspgIy(>hoF+V;TrFlfWDbvwc3n$BzW7_#jb%;DT08Ey=P{+;@O-g{ z=Ze#Lo;ZVNDJrq4f@hEiF+a4QKOQXWcGmO9^4zKY{Bb5>z4H7iVR_asz@Dxl&nUC6 z5pbmL`N9ZULqL`n9a-GZMvgpVS+SRAtchD@KD)|u)I8s+ThBV@62>R**CV_a7NLVXOel71LDcw_(Vy;VQ0oIEA8RHi^9rC@6_Yq585}&ml_Wd$-r=$xzg(v=dEu2ef+JPV#?r%mQ_)-%=l>#b+O4Q(oOmtu3jhA~&M%&-3+>;EqL%d9@Y z+yjtx5z?9=>jC&(@=-sWsb`YbGFiL9FP;wO{G?aMH|eCcl6_BEgXEpCCLfH?<@xd< zFrSsbyx%jLzYRI836jUu8&1rMsHqw{DY7a&1;W; zaBp6F{6l*4+T+i(^SYh)G7`Qwzo}Q3@oqYv;a81v#>EqNGjwE7sY`XYBcJ z=W%;X9!vT;J6DT7bN}-k?SbTdWweht)y5oiA+{DuyMk{n$M>{Z5%Y|J)UiNNlRD5_ z&!mo#&e-z!->PTQ@2nhGQQ7DYI_Za8jj398_~IaEk}E2>rgJUhn!#1)I*2Rhhl7K; za(*~Cge&KTgYvFmZRLIA9p>K68bkJO&TGFoI8@qGNy{_%9Q(8IwY)3AZYShj33fY? z6H}jZW9pMUx8GMgkuU8;ppmxXuIM^dU+YsHtV^*E!taZ-4%|oC?no%xhZD*+>u;aA zYzK3+-m)F^8s7i=vfc9?DceCe`(=%~RkovTn56fAzigl6H(Ne)*`8sQ?V*%yKmFQ# zDcjQ4u+LQ^?Rso}Nn0;%jqJ5aJHuGviNoYwtJNM;Zp`+WvLw%go9(f*Ih2z!tKBi% zW7-?Z18MW6pON=pq!LcrA2&MXc|Z2R&34LcW32G$^eJXLBQoElf01^Ea1v**yi0-j zBKK^YL%9*T(!UT_-s>uIC43ffE3NR-XH{7JK=j=V^jB6m-e+RC2rKVq5ZQTzHQ&wf z2JIuV&G$1L$kZw4hC7|{vGgIltHQ~8pqqDPG7fr+-~TE0OTT505oA0p?F2TN{W12K z?F4%4dSvoZAZqDC+v2DdSCgsv=!18 z#I_gMsxK6aLQ>^Rt)^(wEoo$YVI1`=1yVlpF>XbKrJ114zZT6cM%y7%ORr@{ct#0Z; zkUd7ua!8%n@7CRhmhzH}^*Fy_z8{4;k}hNJvHZ*2D1Hs(t)cvGV*Q1%cZn-w@dmdp z`%L*Vr;zb@5lrS$GLMt{GLDydhK%8*&6j(!xA2_X;J2kU=4FTXMCW4-a;EX3U`}!K z8n=IN4QoAVlOvJCya&I|`}XPeTF|xL6H2FDcdd75=?$JxRv;LZ^Clx3oJLldcNEC8 z%#5j0DyM0MjH7c`R`_XqKe`tGyK4Cnj#_U+D9l+0d7rGL-_WkjChh6y9m2cieOzVz z$NcR9u5=~W@}4J?r@(bSb55(n{JlPr&--EywBkX#4v5SY{{J_|%95|ltA}Kn^194D zm-U=UFzX^^N7m-03}Mf6)Ww7M|B^ijo?GDi`|Ei2hp_xUljbwDDdzJxEivPHWERS>EwyXye3YKAZ1#+Hj|4+AR6LVVvKz8ygw_m3Sqb+?VmL zq)XBSTS|Jmv5mEgj(?SPCELIJmd%F^spj*bgW*}EVKL=lFng!wZ~XB6ALV}7{EkfW zf1~DiZOnM}biLc~Y%C5q2s2B5FC$EPgPP$b9T^>^x|=@J5uTuD*t#eSW*Kpv|N6~s zxAF|P76>ployxwyxu00)iAb8=)H6AUlUa+M)cHW$t-6&GW1H`nOG+4=;| zl+Xrf=6JK>`H0UnU8fsTWIQPL`It^DJ`9)mD zj~(VXCsu}(-*BG4Qqm=9;ywSar^~8SC0z{{$auBmTFEO(v#d?*pW`>zA}rlsU!SU_ z%jZWaTi9|r>G!T1r_0`U7V8G-v9^ex&X%7)9>u0Lc71sA?f;LtvyYFey7vB=$t0PC z2$L5eyva!bNs*U`sQAjc*4Fes*3!49)KWd5Rc>n^skOeg%`rrXw7rHmMZMM`B!qgo zHds`yt!3`q6e+beMXJ=-0a5U!5(N<}wbx#I?X}ll zd+oh{?FG8ntTig1+D0-bos4aEPl~%21tVL4wlns*V1!dJd?yB*m_j3;2X-N!#OXK* z=pT}cTQ-Dgck)D?=rvuo>v6~W!-|OkmT@dQUvV*hn?$eFJu1X0>_KPQIL363++fis z+IrP#Ep=L*m=kqXp8VqAS`AOiH>OQ3`A>AtT0 zD)}t-UDtjE_Z5|5XV|IJ+JCZ!vKuWg(s^C`9qW0XcZzGJuWSDb@hfI84Z82%4tzF} zg`L;6Ykz<_`(*!h?U(p6vtQ?8)sp9PY7fDM?auR5($CLLht?+2rYX(P3_No8A@MUW zPC?E#2|m=3=yMZ4b9*eCU2?WR2GnO?@=8Ri<>Bm>A&j5hn$`a&CB`r?&cpRz}H zUebPt{FL0+^%c$mjCVOn`nU7L#g95;%(ARWsSSk6Y1$0#I zyrlg)$tQ9*bpIvom#B{*$CdjoX}?1Kqx+Kft0*@g7>%P}R-H%j8$&-++zzp#gC5HF z;wLh;D{dK>vs$t7?k{vp&;ujhFLYy#11~-J0D7Cc#2<)zLx}gyTa}+0@<`kp!FXT$ zNGvsiJJYnDHQ2E}Ssv&_*#hIdc4rtdw~S4$>>S0-M!T?8ni8!unqDOY3Xpku*q;U3rG%})H4^V{z&2Ua?5aoLgc6m#OObQfff zPJLk!@6-FhIX9Yi%)L^QkzV=OpLTfMsnE0H>?Jdbv-fQne5qyCGobr=>7KXIVbI0C zx&4*8e@}7v_cNX=?q21q?&NjV-{@2AVOrS#lnY-zE_9da*l@2oX~zS6z~T_O3=*;k607w?&G zMjdO~ec(L}*iRz^_tIxh+X7zmz1SJV_eSJrH1RaKeX9gsr;9tP4V~E&bIP z%jmqrC~<-1@Y>v6DxRzSoU+wkUBa(&=wngJjIW`b<}seiD59+Lfc9SZ9KJyRukI3W zlQDZLx_Jn)-I`|p5!Q9f*HgV@<@p1Yw>$cH>Rifmni)48EBfQz$iuR6wY8#Q+2oE| z(pX=&tyN#Qr^;?nAEw<(Nxxb5jxHHrTe~Wjag+x*XUXKbMElx|3ely?&z++hb1I|{ z0~z4dX*hM<0X?_=2c!10#XvzeF=kF$m?ZiBmhjt}=5t?$54lq-^B4FkP*_V3(vO+r{Z>n=`notZ3THPfxaykwfr>F%wwz z0etq#W5Fl+JS8_#>uPGRfM}py7Uf7rTzMt<+(TyIfH{!L8H}l|Ij6>%9 zhU!k=2Gu+g+zEJOr>4*+_=R=NTzhmoQ@=v$S=(FQv^LMaie}Y4%!`hHBIMJGDYZ3{ zZDJ*v<2?Uu;G5|OPe4yA?G?@?j@tJDKKxXQH#~SZu;D$JN7>83e3vr9{Jpt-YS4dZ0Uw_7gmxPpri1%uLtT zH?7UKCj9l-WXwsJ^;q7Kg`upsZrY7rLPr$+?21H@*Jk{5<@90tq>W7F->3Cs+1Bh6 zEJUYrzppLZoAub|UYG7un(pyzjd>M*9_RJNF{em4q<_*C%(+@q8ed-lwuXHzm7<&a z3>4j^ejNrW)+3ZRU;n=IMj$`^7EMWpaJ^*YotJXtrW5U)8mWx=ZILD{P~O zbl0N%Gtl}Uk}1bJ>nV7x*y?-K2FaKei8@xYYqY(bHceP`=?6-*e6ce-7KS>Hu<4syoV=vX62&H?QosJwE1=>hErRp-TJEzSJz)OY%_ z<|*$h}GK7)D6(ZL6HRntpY3UH5Tbb@evM@8Ysq!MSq#p6nef z70SmE8QLcwvA4*HdH6P&m%X#G z*orpCUF|Q@p2m0s&(fdGoLL4x%-tXCbEs{YY85q3W#10#Hr_%zf^VUgJhk|y3b})m z^`T_^mf9ri87ZwB)hbQ*GHTwydEK?mwxK0&-W7>BxaA`~jQiutU+zAEQeTElKda(d zZ5rzOQM}Wx^w+)bXl@?BmP`MuzX(=ybbl<|%UD=lBbXc+J63$5`cn}9wr?Wxhiqpb zKZbnvl{bh@+&7ZE9prt~myvhAtN+3L(8KNWZD}mho+{~On9V zy0sR;mz=eYM1EHK>xOfrCp>!1F3GO`EU-rd3X<+*al zlwCA^?D!bw=J=d!f2^MBTAddq6OEd$F-{<#apr3U$ZuSJGXAx0Vb;Id!(FuXBG35T z<7_RF-19A_w1()kto%IV-rw+-^hHT*eAW=aEg4bWWK%X4AeV8kGP=o0AbT-yl@+P+ zWB4K+%o&tN_~=`O^dX%Cme=T+vG~w}QxlxiZ)QpYZ9y}JmD}Ov4%B_wT2|2 zrIm%8)s)e~xooQn>a*)fFMiA^0r&8Zd@It?ADeQOHEiuSrVnd~r7Edg8Ff|sRHgd1 z_7;&gd@c853s&j0o8sNqX)Y4j2j=|P;wK#4%{nyNX_ab^MmM&i=B=5T7IzqDUv9t- zi>5sGmEbSMj|kqxWbVQxPb57fsdGo8!2KDY&5%&9h(}v5_B4M&2D0*(h4G8jlf9wP zD4wQ)i3WEZ>26iptP-8_!8&l)XP>zh-Oe4yp4EM|?Vq0jZ{EJzPIO)CS!>lM;0fD= zHCD6E1mBO(T!eqrZo!wFWT(e^4k zDU0+<&apE2IkQ1$+1UKsY4YpNL!AvMT;sUQMfr1S>J=Z|YaDwfzUa+Sarkq#-)FLC z!ml7c`t9d6mIeGfdu$sO#Io-_e#x7&%sPzP02%u${}<TvYj=g%AAgX6WNMhtbWvfHau z#nqcr{kC3=FW{Vv;Q_V>_QCe%#RZBF-Tq_I_fSD9E|~PiZv5?w9pkGX*HgdeDc-#n zZ-nmm6%TW9+&!3XYT2 zW+8u(H~G-yhcrHF$r>=9-U+V<0w*1;bpz?$aIfnSrA58N`gnP{zsHsPnr*=?&$A+T z`TALNw=(kYMo(`Aj+V;aT19@1OTy223MP-r&{(AMXqSj|zHq55=6Rb`w#o_CHSW<^ zK%Q=m1%gxAmZefH0{cFoLWLfl=~ zWHPz<a4$g(4F7a^(>)%z(L@>_Xqcs)DnATIUhwo{`rU_}3ymik=Zjwzd zU#w&g`N>g3b~8COs0}=v^o~f_@e+W{+q?fjfZj z!}Y!E8aJ-@Rkk$*-%Mhi6`0wwPt53F_nzXv$Ni=PlI7Q)*ji9krvI5NMjVE-# zuWdhk0Q;hS3VOD{VJzCV1m9q}_`et)iVp7oj4zFD=*F+{)n${Drft;E(~NuI8NK6L zjiWCf5+2qJgXYP>ao}i@e zZ^(nk?;~3grFUL^q(4Xwu?LKNu06*Ue?BjpnEe2SD#w?{ZC~yPWLIgx)GY!weX%*8 ztWrF~hUxZJIgwvnk%&0fnTM90>V|ng-9euT`=2lOFSfB>i{8vmyJNS%S1CxJ$5|?* zzj*t8eD;l4oPRb*CWbabH>~hMMo@vA$m;PlP zTz9ePeu2Ekm_^J&GSM|RS^4(dq!K#<Rhk!gU2d&o&J5hBVM=nA;S3tC%p5*3rM#dZ7PYYhC{i&MVAnoZwC{ z@!>`7)u?<3-soMt*0_SaJ)m^`!gOFiqi=q@*@0eufpt3eD*eG5X><*COqd5>^R1e5 z1iJZCq$jrGhbDcVa0cnqeEd2SUwYa$;|A?L4}7wlf_)=LzVpqz5i8N*_i82@FFcGb1l8YcdZSTK0vUvcuxI> zQXb>AvB#DrOD1JI3cREGdBY&5GH5fSUz9g&Gw9adNuxX9-9vs|4$8(K0uKf>#Ozwe zUG%J#kQ_EfEzY>|hD@CUouuj9GjOcaz39l-1o9EDg?u8%(N6z7CCRAQ!W{Lg?3?^+ zTsbI@24cQjts%=U~32TB8{L3Y6XC*14CqtdfI^YvBLm%f- zRh~&xUoNA4h$%F_!cwL2o%;@~GH6_@Z>I0QX-UsB?!REp`J|rx(ciVYw~hN#nH#4n z&v306_Y2v4D^#D{cr9ZZF*{m!Ffv+gMd@c|ei_b9Yp%+6lgIF0bvRlFy)e<&L5Dh* zy=GVHIiR5?NdGnIc20VAkiMRD0|UH6ec&H=(=t9uS4QzwOQ%s+&EId)_W*~#5=-IQRe_{mn*TtYCiPeT~_vfiHSa$h8|C^7N@ zD_gcXQDf#AvS*Vq=F0H3fwc5!yDM!cx7BB#x+^`}-I_~-a0_o2_q+3bao2f$e&5aa zg{*~i^^w0DIX-;1QD9?#Y+q7P*5AF}7y1wj;Sv05H+Rm__leoIZ=Gz9*k(MQ7Mnz_a!RQ*3Y@Sy$j(=Vry6 z89jKzXmp>6al3HASs6d=`rVQF_>FFvk{lU)JKt-iLlQtt-qrJolha*Do#3FaMk`%w z8tEPLV_s>m^wUXCN^h)SjwJZI$Ja&|;*)5-z>D&2xzgz4C$iQV6%X|;J}!rc;-%v1 z7Tg4l@Q*n_Nt3nVEy_8LJe>Pxl@nhV^Zkh%vXgaJv7HjWfhrfcgtx-hnOY@+RUXpJ zU4=*GsWo}xCXbb&zidDU1^8-G&@?M4xlcn;=xn2!{|CI?w z=JE;Vg!>jkb50*~N-g92Fmuu>p8tCN$KJ%<1`lW~g$Li2zfJmHVFFo`n`+y_c^ApuGz-4P*Nm|E7{^_HvbyTg_Gyh4BPaLT4+RwCdvf>Q92x;scs4Z3+F%zUY zO6x}&a|5fa(XlQ5OB?jh8I0AAHAplIei86yZiZUp?v2&ApxZS*YyNNxHUmDCLee|1 zAI#dqPSU0SNn0-%{*ycS4|q^69*#A*{j&@tTVr^qo=x@HH(zP3NE&-9iM=d8vGkR6 zA%2~L^vvz6wSPi3@>A#le40ZTVTF~gHeO=%E_TE24a&&vtj+l4{ z^u%IhiTOo>F^4|+<|m2y<-Vuw9m=aRLfqiH(8qh4VmUr4zDeLa>?h2pUi6KRZOh7* z6aQ2v@sE1<5yugp@AF18GClp{+Q8k!aY&cSHWUr;L35ekodg|P^EuhnZ~qYaytR%c zU$^F4(gz)bs%!l9mN&l58rBTyD&f!=z?f7ioZxyrsn}C?^-0Fi^&d2h_SZZYO?3@? z@^;%gwazN^T5XNhCEhBN@A+`=EqM;ne@a4~56-8w9xJ%u+fi$H;D{v?2FK$n+iSHd z3w#`Q2kWzI&oST3J$NC_>5J_|H06wMC7)xR`WyJbx-LH5v^7@pNm{B4n5D=W`>HA% zqu7y2_D9oawvY~d5ilE&uVV5H(SK^3C0vgv-?;aub*IL`2f;=;lk%$U8+w-wOqmh+ zNQs}J&z?qqbMT$piDgq<<$p`_MA66itFuS)I%^#6611(g^wE$f;=6dx_jot3EPSSeQ;gReWA<>yV&OTwPUN*Zc~cy# zNOu)<);Z{rWO3B7V*HE$2V~>uo9KnsO3Lo^^@C-Bvox2+`s|aO)n*|VPZm-~Lo3fQ z`BlTVU><}V+Mln_Zh0qtf<3$oKXF%qJsds67_p^Wa>ZUnt@GCaS3}zCz;V`_oem%Us&f?;}PhaYnjy(rLibXY06k=hBA;WtfxOtZimTold%Ri1rIS zJh7WKrT6c7s34`dydl~fpgx$pH$Z(+Hk)Jsdn&q`x^Ne*Lu~%LEu^WBDzEyc`hoTW z;X7teLG{!J2FW9*5i!V;gW<~S_nX&mP@dHIl*xzPVEpm)U$y%$ zWKZguv(;H!vHSCjk^bKO_>?F9(w8LkwMM;0W((c zC)7oTXwJiP99(<&F9P>LMHE`c19#Dt#1P=`h!7D#>QMyF)#|=84wn}Np zgAHEpYCy;Ejrh#)?0lQ^(%&;aH_8D%U+}(u?O7uDF5nrXGAMo#!q@4`^BuD=Qzoz;8i;M``>~7M}BmHzg-MUSA z!B?w)crzowZ|-pf_S4|Hng2T4!svHku5AWX@>0z_Z;R1KJ^R(~^{jv42=LyZ{w3L@ zjL$U3QgQxI_1o&Tdw|8adC2G*=>lUXm$||*<9TDgY;>u=7 zS8)H&a`M#X0gpcTyM0_68Q-aIciZ**Oq{RER=qUGQ5~hHR6pue#<$%8PhR%g+>xZM z6)(uYUGIYTh#`qO)^qB^>L*6_E=ZC8&|8v6aMM==XLQRJ!GWhxaw2$i)UL(!t1Z{H z?;+1S;Me(KoU_SV$0hB%md4x&dwde;q&?ENivMw}Q_h6%icci2rC#T1v!6w>>z4_A z|0()Ry^PIq=ylPcviY`FI?ZptLw{ELk=B}wp~HL{ea2T@ zQRj84Gw^o`UgMc#P5C7CD{CI@5H~JA@1f@cm<8z5visVb>n&n# z!u!R-OM57myIeM$m$U|%Gjx*Nh36on%!9!D3E6qVNuGB!?opS~8ZYtd6fZeDY5Dr$ z&~<_VM|_R)w%FD$FLxvQPQDfT1|Q8iJR)mJCVGpsfO0upjJ5v+bx2hKqJn7C7g-j192gj3rI@gg2zJty(3b%iiSOlu3B)=H<-b}ZQ;nlIF6U;P3x;Bzzv4&*n4-_o+AzQ>M^ zaoQhKOcVMbqL?P^Gvb|ACRwwKEH59mnsvK8|NP50YQvar(ejU&gMD0G8?GnF7RRpp zi|We1IlJ6zoo4p-DCR+HMEERYdZvwI9q2~cvmLZG@W0Qsg?az2ZzmgE8;^YZHGYNc zR_zDme~aWuc4+hu-tD{51y6n29xa(yU-xD1v^w4KOl;rv=#wI1DHb@^$$x~u)@ud! zXu$~fKhAcoWoLIxV;=G&{Ck6Tu>Ta@QiHy}Bbs*lv!8r{^!S=FUJ>wvyreT|$z{!v zEo0m7O^((&q*XMZ{;_dv`)v#8oA~hZfFB8-pQ~@(>>+F4w+7xf!x;$tK=uniOrFGR zW7{87pZs^q=Y2?KZ2KPa4y3%N@e|y(o^RlI_damwJNaI0;TisY>JcNOu5^T>G8%@v z5nv+slLtTLaMH^nep_7IHB)zqWv^Lumile>>aO#|*H?cAkI^AnPjG@svp%|ICi_lf znoFJB%$S1=XD<)(Ul!z_9pt|g{^^X^xyt{*V%yATwHK7WD;wh^wG*_C(syr_6NxgP z60PX*(fo5)5c9i>9rmnxk$IPSQP$-W&_05^Mf$cSpow+ckfv|RPSCg3m^VcG&D8hl z(>0CaQL7uh<+7ysFi88Or0WUf(ix?li`YirvWHD$8R|V03{sk8=*@ z)w^oDGeBfi*I$6^~T*Bq~p?<4uXTJvOLuVTQ-ZW*IKCHRI!wZ$CK z7Eb<03x5u7?a5hR&3TrBMIOee4%jUR_1^`2A7$b%tlkveY?*i<@(m91y&2@Q>$6Xs z*Y#<8H1yP{pM&#HVf{a%9<%~ISc@Lq7U;nYda%If-D_`#yvv8y|4n)@jK9y-tHurt z)|ItyjJ1It?GN+olI;rXA~~Qf>#8?7pYYpc_m@sKZIXRV^WWa>p*gSLM|a(X&zAUR zyY3_({+Ak;1Ygci?N8eu>x^agblBbUaryT5uJza_bCBIf)s~W%(C?*rb;qDl$n~zD zV+1rI5|C1Bl?3i;^decIllb~gK@n)+;aJhU_-w68vH2*VjGobk@(b~b-LEh<< zhkd^59lsuX$1EboO3#IcC-488*3A2{_fKo)S}#{ycUmt^)!LGL6irq#f{!A<(Mm?~ zQB3W$Uz&O=cfhbuFz=SBNh>wii7B2-vchxpo|hhF?A-kum65vEb~LVuW}fSUw#(_a zyQ`rYUy$`z^5DzDZmnm;HMZu~JFGM1Fz2c6j&@q}rB~2Z==zg3GOk2q-!X37Xfq#nS5E*tPGgqWQf;w@ zd0CK8d;7~oUyghp_9GoVHyqU*$mWyCW)o$ZGc3_RgEZFHXI~+f%u+p|tLKpF@e%O` z=YqfT0eC(1=Gg&l3;h3G-}C=_cI*Em;tckX?ph7b>!Ig$<%QPaTDyebb)pr1e=~>Q zBmHt-S*UO1d7S@`%A2qboc}v(E_EmoF7Z@-VsRPs1aOA)56b0?z)LqVKE_)ZAM3Nf ze@WjNH`VUU$LwHE*z@ng6OMhobas9(+ciJ1T|=Ec9UIs2b+%oH&W`(f?$w(^J@*mu zg|@J4=1l>fN`r8zT+twUo~cRYe;5tehrXJO-5%6bKY|%<|Q+lf0t;CD5dS_!{~CG zaml}5(AV#ew~}UJ`!r`&yh>xlGV+oJH$09OyH>vNt6lZJ_VVkpYgzvZ`?Kg(Jhtpp z#=xJT11bZZF;qH(`BI6|!L*xnuVYR66X~_IalN<7wbB!@Es5(_zF%CHip)F5jio2r zdA~TvErEZZdwZfC?V4yGzVlJ#Rhjy5CR~MWV)BwPi}jPLB=Fp8ZRQ~(y3X_0q(w_G z?hVzrC7O;N6KuyH6JGu?dN0*Iv#Pm1yZL)zyHTDq793T`zV_wd-Z6V~)(lMIyGtc> zzD0_-0p0PdGb~c0t5)ky0dROa*RpGL)$;o6<4bh5rQ#%Xj%9uJH_s;FS1I5BHhudp zg7(0l`SR7!_baudd?NCbYR;l}opldAb2uksJ>_`vn~7eXjl|h<@6xA6h*rh}&WW)G zr;nrGv{;eJgqiSOkv=X(+q!d+7tU&Pt@n@1M1jfUuF?3L)a{YMPK4*!BZc+dz!bet z9l_PvoSzZS^rC65#sw%g_(H0kyRwg@O%IC5>-VF8|;Cm?$?f6)TQJIxw zu3_T4LXF%Ti^bd~)8)o}*+GxIjk7lfD|7_spAO>m13!=?R%A z&v;LJ?&F!gT%PuF4eXkbF~05OXfLsZc|G)=)tqm9qyvay7ax@0#0S8KKdMZ%d)Ob3 z*iye!{C|h?s148~&1%OFml1RKR?3&*ozEg89juMsth~8>^fbzZmd~!EpFK1vqw@2$ zR;IrFP(dp40AnlZ8SJh-ckZ@h(v|<)#*Q@Lt2zkoQ#t$f*B-H#(wiEC=r^&(Xtl389UMU(oOK#*xvjbdo7r=-=CvT1alvA+FJfsGta8ze-;1qrEDwz zHOy7e5!n@C9@)deIPq`cIPnqXVw>awnb_p#-}%Kbzi4HCIQ7WVsSo1HmkEd z=F#57)%QrYn5X5*$Cv)9g+1a#M-)>1N@CF4mUp@gGf|s%m^a^U{COcJTk@z+dz7K*do; zJ5v?l7ww;-jPii?0jkH&l9bgD+i)-Xn0*^=miQ>v0^CCU@`bEx-Ya+e_<=6h?> z>a5tluI;jni4ALrB~O*yXdK*Pxg}}KO)UOrCko6%*e6ANE7H4UW(&SJ#>oQBv9T*| z1-D{%*_XxoPAqAs@r@Dl6{Y^#GhCLg$n=M<2l3O@($0ZC>M?VcQh1qTbM!S&4(6UO z9iW}N!PTrfAe%$gF40csJZPEfSQCB+E#|B*WOSNe_Z_b*jXdAszw9HHXXc*NiE($< zZsqCS=j*dO{zUwnbL?*~_2b)g%Dh}ONO!9r=+1{*zJE=`YjUE{7y1^zE*RAVoT-3T z#jN~~Xob!U`LlkVH_MKqUm5?T*(V>4y^O`gsZY~BpxiZ^zUIB*Jk?oRw!-%3sZ}-1 zcZz)d{qlc@`a4%=>AazEEKF-0WUi7%F9}9^O8ZyzUGj!bBMy1RRE=3(bN#XN`_fL71@Qieu908=q>giaX z|FOkg(9As;uNFcsS>I+{`w8VH zfM@TsIdfZdBt)v7Iu+f#sBWcDrn>Q_+f*+*~Q=QTv4#3#I;XY5b-MBxbqB~AVS<%O= zSQs1K1rHYaxCemK#8^ikb7J$rO`R&cCOKBL)53oQZ^zUAPaKJ-MW=5QUjCnwUBv%Z zz30li+D-ZfyTR}%>`UmD+Loxr9IRXCo@no6LUGN!e_!&~VeoaW(Kps=!~K@}en4rI z)t+NllHT)RK+7)zTGq<`D6%c9U&6A6#VxC;#EQ*3tG3@l&OX28tlIcpCDw8COKi?g za!0N>tF|&(Vl#KNqfy7Y0R5+!-8`P>^B>`VC^nqM+VYEn&yA#;e!2X+Hy%o0BREq}ltRMHc4Ar?QIva&^QDTzo z+sn2$>t2`K^xMl`+UBivmA6>&2l@dsg!59Y=HgLV`EFTjGx?X7SFKlmeGAixKiDQZ zyS}?xalXUln^L_xzq|V9suyR0429mP>aTekGT`=Zxd zVd`5n47&9bukI>$t-DX0Yu}aUn7ZCoK5Mz^nwx%C`K4i9A5&d54y&%|psuD(X-C!7 z=fjFk@Zn+A8+vM~^M;RA=YZ~ zr@N^qvRUW%lgu2|FGmMC*i6NW*XhDHmHuaBG3ow4WIbOou?_fIC)t)_+}_n$yutT> z;rl0m`?kL8Tl$|h*Kw~=z9hIbKd++i3FjL8UCN6t(Ap8sVu#)h;=tu|%NKnO*leTF zA*x?)9iZ_B(cB09SN{$Aztso*+|gv}erZ7exdHv-wEwyn{fFrjk42yIJtQl;3b%tf*H z%Ph_|wKxM^>z01pSB|VtFGXL_&lMMXc%7KDqV_W%?JD=bg+6lQllJG<+aJ)}T7IKk zT#PsJC%lgTZiw$wI&?SwgM|7SW4kkkf4;vY|7mMQl5*c~*FGTH$HdYR?QwG2V@;j-+q%$KmbcwZ|y8p6qkq44=&&HsJ~A>%(_nUFq}eMfSqYru@ua@gr*X zCzzPTA+-7H@F2Y7#>AO`pZz7;XYq*#mL{sWC)~vkvhf!h>yOZ)_^|CawiLG4&j%KJ zFTs4ws3K~}Zfx0QZd5wIi8j0SGMD&DH_ln1dB6{7DzyeI0Vn?aEc}c% z)Ho%}#w9E7;tcD>F|TN6L6y~1=EZa$T2qA=+f-ferAN8w)J$Fzc{Ki{M!7L)i5dGj zVnsHy1S49pIciutdtCdzkCIF3uC}{lT*kDUzaK2K0bbW0;nT00Gli>vp*{vLuWT-C zo450l)ek$?xZ?J+&})V5>^-uEYutn9BWU;X+tD-2xu*$v`5HXx@mg$rTzNOnn`CUx zBGwxEtr%~|weG+#vGO#RwmmopJf%yS3vL|cU_SxyNZ8vdF>#IMz%q?hG zXlJoK2b=TL#;$r+{sv&qN*Au0H?P+1CmWl!?QAo?gFI+#NPvfRA)qdpojmDN|BvAHje7kK`eXUfiVvqlTt%`I{3NgG1xbV8$Wk7ry4G)z9E48|BbGlgU4IBDf-kuMbjOVGYR_KoI5!?K|0Lg3c)+i)Og=vL(c}~ z_2t&zQ!V;Mhv*j#)W1w)DfP&c?hER%R`pQ-GWDP@iWjPf=r{SJmd^+3K)xEvGUJnI z_v_9ao;=F}x|L_yo2<-KK9rh31I)HY~ zferAn=X`dPV4f;$`^sP88<#PC6nx0fiiJr`N)|pO&-u_c zS8xj%hw&rho0Cm!WBab!Gtx$Gu)jOe;_{V2`^2UQv0+yIPTAMjl{y3G z4ns9!-@z1#Neq=vKnl{M##1{pOcDd5eIZ zUzW<-IO?44RF#ddxHj5ZWyhP5=`GMzpM9@8eO=q<(wDS-ZcWr0B>IReig~_`wS}{K z!nsPtQF1OmO-SazYFE;< zZTp^oKg%{gk9qWGV9SEJl{t&@6?|~aNp#L}1$HL)A01q-cr5M@+`}AJwsm2!uO$-h z;bZQ%N4SzP+P&4bi9OmaJ6NvY*i$-|#8&huKs$G&*$>!oR&Je-2l)Pyy zKptP`d9SfEqDJ4IguEuhc_ZmM-}{(zBy6=B=H{m%!;!>Q2iNB@PvVYN=Ht)bK8o_N zS3CW)h@M|8za+HIOEdqKuMU6Xk9c3e{-%1yk9O%wd?NMfnX~YHd~p93)*JQQN*~Z3 zB;IQzd(`bqT5r)e((2d`Ftj=5#dUtmCUBd6PX7+`HE@2a@~OWU(yx_weyNqW(ca*( zF2&l?2TS;mw?=6naH=f9gL^tee5 zR|~XDrxaQqF%`&Sgg61(FDzf>hz6Ap9p6z|^2f;kBe;ML7di&}bU4SPqZ9b_jHF_O zMyj1}g%{7j3(+CJhG^L`Bgq;IIyPp-gu5x?#QH&(VqR3v!g42nGd_>Bonajqn;Kf6 z>4HsmCUy*(ocip6w?mq8^`Oc$wx#+G@}zn2%5gS#@yxE(xW?G6J!HgZJb#?}FL&Mb zNCxER%7dO#lXmF=*&3wJgEpJK#=N_Ifn<^ShHQcXq3?@tC-Ut!$+cv-Yi#?E0vqS> z`8ddP2j$*`+*eRuR`jY&%}e%+CeU`P z1Nue^m+}K==77qdQzsAjDwThPPlxxp4O5${J^eO(?x(z0${*xdV@8RWDg(U3g+Dy! z2%5}XgYWQcR=0Re8S&o!$Snm`ws34Ms2crLK~>G-;`;7w1y$p@FWlr=G8vr3*>2fM z%ll31X0C}gD7c8ZW{xjWae>cWp)y2^=CDCshZ+8&2US;S9A%i3Evc{_XaT)e=J_)pa(w=IJ7U-V8# zFWbQ!@?`Z(&ThF(|M)8%`Do@f%?Vq6_gdiJqMyDV=$qI3&^LR6KDbwM zDjD}>^;u#m{k4EV->`qk^a1IccaPCe(KpXtLYw638_GVcZ&Z%-&0gB$nEIxQdP(1a z=d;NQUmjIYm8&-N`}?SF$s^^M_ZYUm7d|V;Iw8xqZG(L{J%Ky$7K)k%C6~r%6j_{cb6C9ya(c(jTUu z4uS4c=8pO5a~`%Gw%%i^EA4;s(R|+EG#u|njEzg3=lyVW#Mrp(doCkZ06dl6D*Wjj z`o@2m;x-Gx3GVNxt`Cq$a|5MO?|kiR4EHoPXHN~4eonu`~+2!bn z%FS_){B9OHnNvAKNk2~M;Ca8%O4jPG_^0rlV$0Z@XC!MfGm@3dZrs{$$xRg{3vT#Q z{;k)4DN_8nMV~Tz%r7XV4yu#-irP=@sPCIPdT1oq0cgD!c9#{3Sb> zpS(TOcG|w*Sk(Ug&f=BdKacS@W&PrZ=jBDy)&#X_8vn)q$^2jK-_vwpvK{5wPBXWE zg>&$^_qT@U@jI`!6FiUSxpv3Z+;>`Si+{s8E8kK7%&jN=(D-wLx+23X%vcFL`f`@+ zfjsIQRei*pw~;~VNzFU$@lTk{0sW_ z-+i`^;>@~;U2KTDC5%J&(q_@FbMZSt-_iQQbyb(Hh0(+Dhz-$XiQ+Dmr}MA#r*b|l4?HeVzRu=zlbw@2?3HYGX*5aPSjMX0>_4@67$5f$@e#A`MTDcX z`Mh`VUYfp8{ol2!F%tDH z-QO)k))MK7Zdm|Z0Bjqu;d>!xHDbqQlcX`f$##ZxtN*F*s_)Sck5|82To(9Zkyqb; zI%*r^t9;$leco+b8uIQV=HDIUPx|?vPKWswcfkEaYbBGiPlYd+7Qg>L&3(J04)iLk zFW+q7JAV3S(7Rl9qh8^N$`B@WS%>Y=F2eQ5nr^& z2EKUQFTtH0zC9xv1OD~NADz<>l<88YnLp+5D6ro`9&Otv9_hQzT;Oh)|HZiuM zvDufa+A7P6B`ZcXN&bj&>_J`&Wyj7N?`n^RHOL9i=lIq1=ESJo$wtoKVVzU(^W5M21f9Skm)>JR)M57pt zDo?P&z3g%~0X;jwp*~R{dPAJNcL@&NVu7o`;OfsfIDXbt*@t@1(Ot-C_BrJhe3@gp zvd0D20?we`Db>4cQhQJ5g&LFbA=hayGQYT+f-Xnz;E+9qpLWzP)@MWh1ZNraaQ+$f zYaR6}{CPuorO%01=n*_Nli(`#PQBKtKC&a}`y+unQ#6tOymar50yi$ZwiOuYx>@-$ zq@i=A0~YNru&1jo_#F#{&u`0~dlwg*_3Ucl<+;ggaTS|3*x0LW+$VFfW3BjxRpI>@ zoeXWFF@2Fe=Z-0M#Mk?@NrAbOrmTfCusVTnu$@Hu1lOK71>1(P1R7VSuXT)%v@y;; z@}}ep+Mr1FkWU!A_-S3)hV12aN0zbgQFTB*O67A@yDTCe1sSXjc&$Bm+f@IJ1#V@& zWld{LtRxPbdk`FJ3$a-Ph#8FBhaO!GPm=J2K9l!Q!Y*6S@0XM2)+#RV=M%aWyT$x8 zJ4-TWWTVcyJ>B17pUf-=d8vU8Z11W|fh(h)m4b)gWysC+d9~Q1<7a&y`z=WwZ{qoj zfoz;kKE(&e=Z*8*yg>SUQhQHBvCElFu7&ItgG+v0(^k+>Lt9k@Z4@_c#CPzXsy0%4 zz@PsIe@5_rtJ?QLbnOp&sO=g;aQAF!~HrRI!KwsW)T1Am(Q4X=w0FycbRxe(s8#DhTNhhplt032^-7iAb_Hq_BIUo-1^$=ZR@v%ELP&uTRRUu95DEv;S>6bwOtlTU6_E zUn29K!uAi8E;@3@hf;W&Gye89-Us%{pKfOCh2IA=YMUf|MENy#3kTz^Is0E@z4753 zw#Dp>KX(5~u^89)DzmRMmAZmFmyu^KW&XFy49YRK5p#ZH#{_l(ew5j69x%*l%-x^r zubPiC2iN|c_>LK~n;dIon`BWutVUK=FkbGM>Dt8y>)%(q=)ECkC6bntV6Mwv6oSZsV><18mFPmp$CK`~Y_GcY#ZNP@tk3?5^`qHyln37RI=AfU zao9;+vPV7|kHhob|3qxfY!`lgL-pxJPha~U%|1lvDI)KTMdNGPuY2&zi_WN>mLn_E zNt=Cg%p&GkYZ(VGQS3VZUl*S<7h5LQTyqS@ESqs^G(7KmC}z)KeQKcB=0w`Bu&@y_ zTD$%|aMrvj8Qs^+zCCmmb`bZFJ*M=|3l7^M%c+CTFNeR*kXx>(jnEJ9=VY?;uCUqb z>qY1XUrU$R#C9Iu@0&*-eNcFI%nZj5yXFzbLE3&L_(q_6zA|rorYJpnRvrB>0v#Iv zX3U$?q5q5cPw@XW{^@_SX7X?E96#%;Jb#_%8uZ&2dA^t!iWyr=X8m7yaNX`}W;uEX zA9JLG-z9xU@Xj3R;8ncO4Bi<}4t|UGuLtjFtAkhYZt#g7-Y@0-%Q^Ti;azcQ!Y_PZ z%qKmQyzX^Xg#q0}|Z!x$x;vZUgr59`Zj1y}b?Zt%qW{-aQ z9VbsQ1uA0``ESLJX_(>UHC8zh;TLYwKi>&n;bdGqOMR6xI4neVd5@?1=oy)*k<1_` z=vz~l5!7Wcb#bBX+sIuF<%lP$i{#>)h9`c#z7^E1HXek!wJX3FSk-I1g-P3{}xl()vb@^OdiCj;kn5KF1`%y9mD&r83W zt}|B986)3jy;^6iXk6USd{5`BjNzN`QrKQoA^GmKKsid&50^=cO1O48)Eof zuqB>yX4gqaV0Sh!Rt!vi&#fUYn)P^VATc2t)2t@;b84L0WG8FABsM$#nMOSA{#d{7 z3XS#Tc~L&qG0}&wZSL%*&hNSQ!<-=l z&kENRq=s?6%`jp!^Y71h2Cd=O_4Q;I?LOoF{LJ;TFOePjdh;d2X}%#pC#Py=olaks zT|YRG<4Nhy&N^Lr!HX{XU^+7V<=`FN@xcYW-Ve$5|De!=m67I^al z+D=j#>uBQ~{Nva4Pi95$y5o~yZXRmir?D~EH#sysQ?%N#@*JN)PYQJV!=Xpwd<6={1=8Bple89Q* z)}UuDX*;bUUw(ME3tYr4e=wPJ?$hvLc^7?oc23>CM@kRCN(j0Lx4x| zm9Y>HIR2gY{QCpEyenS4u;I9j>h`*+8)fiZanycV)?C1wzh+=+5bFxE*-AD}%-ks6 zh$iw43gF`n4t9VKpC>xr22S-VJ3l-AkwTX?4CJXUvPyk*VPRVv^XBO0>)Hy@A*|a} zTaOgB{op^Q+19#zZ_v5|ZxH*5^O3coIkNWO56#bJ-}Gfgc6v=i{&q)g#?-ADo<`mt zv%RkK!sLy26}FxK%=flCp6@?lZrC=Mc6oz36n0M7{zcNGj4?kKzWIr1D>jnWOu399 z#57vEvnRiq7%_=rv(lhPcSGz)FBLK$dSBnsEhRzTST*x6<=ZUS z74%Ey8{mxbY|}^c^}MmhBmO?AvIJiw_>I6XY|7|fy1xjPGV@IN2F{DXUGr?q`X=?j8%;`NmN#f_)6eOBp|W8fPTp3?u)d0N{S zm40WC-cSyn)7t*Rx4p+m-`hYNqN@f;SD|Mj+v?mKy_L57I{klilJ?8G3EDe*_sP_S z`PpXM-L#;#yXvlf?#PXE-HvB!+?!ZGlpk!wGq$^)XM1yyPJChZZQ#kXe)E8~`@CD- zD87b#(j&mBf8>$>`UoEK3BsSV^3SK5UZMReK zvSHRhzhqlu4>D-R9>*H~3FPnx=;k)bApPo8YzE_7A81+3kr?AyBb42-jd7m6k>>|% zy@OaksCn8eG?+ZtD+%r0!8RBa?A?iJy>~fvVUP73<{$l=sT=(Yd*{j5 zCXpwd@7CTwFr#w^;`q7j&av%JFzrEn~Xn?J~5R(FpP4MGxnzJ*Z%scjm!qM zH)Y<`xu-Omb3|6|hWCZf%1}ZiP zyu*1O=9m9uOyA+tO^kE-$npvN+bWAP8&4PggKcAf>YgEuiMnU#5z6BG@rwuJAK#4c zg8ayl<^_HkqzgaqBkH+($){nM{9^-yd42ifGUAG$Cx`(Vu{i3;mK-Qp^1Ogwe|JEa zjXph5?N(I?vcwU{Tr!naDb)zP$W*$b^MvFufx`gkJWvx^slvYfEwmLUwjCX1kJ)mY5rpY!J^&SnljPe0AJcpNy1Ub!Y-@ zRHu12GGOJ!Dj5$(?czMQC!4>ZHNx5x{Pn1ZP7K$hnlBo)d(mV&I4kX;F=4u7n6f_h z9dm(veeCt-fS!BRpI8sRM}3O^bau-yfSjnTkfS z+nRaqu9@9MIopEuhG++Hx&D<=v{#j76)DD7GGgu-tr(S1EN^<|?2Pgu6EQOvSZI56 zmBO`W*p}9%kgfLw!}%VEl$MJZAJwZ7aC&H7R=+@jgYGc;>mNi?Gy%S1Efn)7c}F6#zml-UjK8Q#4pcVAI{7dCB)Pq&?~ z`q4ikT@x*jWDQ}Tz#h@Av2MlXS7einrN>y~TH8UoDMxEfN6IK5y@%Ln?hMNQ z3Ei0JKu3u;i>OD=`GTj0eWn!t`~53>QkbSSL)D2nEc!3IMl`CdLHOp;o5nvU-6H)X zI*kAG4A=5?&%;HeH-%+3aEBrG(h$xKdb6v9dWxs#9MxV9GGKVBxEsaWBxBehCDngS zjjm3?v-1>#l%83=tt(djICYXd=&mNt0<*oYl4>*WGqO@_e^8%&u!?r85InF^eb+bf zG~ml^;!7wm)ZdaWR$Zvmhpnw2@OjnsXfCgM;poc;8u*l-c!RjS8hkOkL{k@MF89iR z*gq_OO4iKS!2P-!8^mw!N_Z9=c3=5=`Jw~A@)Lg`5AErnW7jKhUo;1P+b;azmnM`4 z9`*9u{_$7x+kSN4c<8r%;y!RPe)cS({~6pl?eHOf+b8ZOFXLlR;}IVbacv2^oVG7d zPtrPpJv23`{XjzF(1DW^Zke3{m`G+n*emX*#ryo}`M=|}F@*}4Kn5KT}NDgxK zQK*X;Cz1c86=nXBwq`$0U(mc{Knwjlx6e@LBmD-sm%LL(A^qoZ$~lGa`N|`?=lu!z zZPs?E^GKDA9>Yi5^8j$VuTZ+HR4}A`FifbCus9bD|{Aj zk)0RCGs=qYq(1QO=g3>P;ph3;4}5+e+Cte5-@bB~*XL&y!>e}r7tslPbTVUr;Nkm= z4RKfFmiFqr7NqIj+*_viW7R{vOxd&9PjfW?jE~NqoeFiI_8`EI-<$*-|Np%X-R`e( z97^e|*L~NuKQV7&N6}cmvmX4k?);EG;;fbpIwM>6d~{#e{+RA2RyyZl7p+DXA0RH3 zwbzKwk16aw^`+M1W@TTyuKl)KPMKSTZ}9Z>)4ja^JgwF)Jo)64=bgr$l0@eB$>~ns ziYc}BBed6wDRu#LR4f>8$5xED3;y#oJDRjoi6rp}^9%8(PqJg{2iTDVliGi+_|gve z_u$!#@wOMyd>+~PDRxuQ!!>RZYt~P5-mkS_k{x}>_J(bo)PDc{wllObKUK!u=#I`y z+8^6^N&AMh)v}&(DuMh=Ty3R>HjcJ5&re8)v`{X*9@LELF7~(ml=|;2-zDu&;1lkojyY%l{kmfy zxEZ6(xg_YMD~^swmye>w%*&bgeU;eVA^E@;{~Oq7#PWi2jqRo-CP9P*FIM&bQ@OXt zdWrT7XH2PX$OGqa;?F@pQ3n1PQ@_jcG35)s_gqN+X6C4!{5J7>oc z{vnm%`H$jd;k12Mh5i%fdU^i)ig@ST*%^J${RVvlIHR?u?|ez`Soy%wN&2>2S~V95 z$H{$jXYWSt$L*gxn|3?+E9$Phhb{VW-9zH784nNs9-iyIUyE(H=kgyx=G9M%rFXz* zdr8-W#xqx3?y5hWP8#FXp;i1l%7>hvA{xM7Mma5{e~N!|j$>d`O$fdt_XqFt^B-i5 z+tyus!$?~rT7t5x1*@`EZuI}N_x|xwRd@dXnaLzfLcjqM7{J!c4{N0Sh=`b4gj;JZ zcHK&=ZE4rl8}b9P4I~W#qGjPWM2y;P14!4lwhli8YF$O8N`LG!pV^qE)~^jdtj$`t zj>;-+-O9ILKT54;zOUE0=O%ZCNyL_YJob$Xk-&X$!xe}l)_lXJAI88aW}J-K!o=l2+mG@e4 zZ4b}?*1f!XDeli*hVLD|hPwA@-lKcjYZ2!B6<{w(xkKS2F$hyEwn z8~r-;hoJvA=>HvmJuv%cm^}isBhddJ_+el9D4tVzuE6t8VYdhRZs^Z}z8Cro^pD~B zXV^#JSm1Cw#(+rQ5&R{&hv4rkJYL}{^hey|4Z(jY+&&8#L%CXK;rThJ9IyNqD#Kx) z%)a?ms4=L=ppJ$5Uq~n8e1)tK$FIo=>VFzWzcGB+m#@UTGY;&Y$6vZLG$RG|1^m5; zznAd$a`*Sb3A%w>yvIAE+t=gyG5;BMA>R)DHPO%>j%cNMBsl#=9za5S|4i23$hv|9t z@mnuTP>=k(L(etIZlp74PL}u{64RVyTtPdg8FQX;#QVFg3TxY+SDGWZ^pXqPH?%Xl zA0LHhwr||4=RQ69q7d3S?&IIxsS-)-*@vE8o_5+}X`j*07$40Zk0wHhKd2A;dZeMi z#kZKSuk}Z|?OAR!&zY_2rJn8sDU=oTYL96L`0TX<#+?OsNxJKWJB&lMjP;<5smIvs zx0C_u=^k#M?deP+Zqzqw6dOex6Nr zUY1DdXWR{kXPm!6o-N$BwI@ktK|4NUym|udcZl(E4K-+wxW0`z!zK*e39zTz4+DPA z;+zrw9-}|F?Sk8gaU02TtJgFGZnwj2p>bOXw@(g+TVlNicfVkm#=gk654isY-5Y%g z?4J(kQTATFG4`W#>{(vAULnosudGSN-6Y?g<}!Xs+T`z-CVwq(TWs7GXSpr0(nzy* z=kcp~Vvv2*`TyWH<>wFXbQzg&m{wgb!E$E#vTRw#e@*$CI7TIW3c>98gu32 zEciF_!SB!yBOfIe*T&GsdgYF>64on*mk-t#-))e+Nkd*aKzLz<`=i|Yz8mI=2-b|f zI^X@Gskf#sM}}CwgEhBPnKMqLN7qS~563Dr!}DN0Bx8n)`1d1>zqGEBwJr;ctMP8T zJ(X=b+w#Y8zzt>*_LaDYXEOT{w6jyNZhn&e0sF3pikuks2`u`mSy}zoNth)$x zl4g}*G}QtFu@r#znyxgUNeCm+z+->^arTQ_A@g5&% zd)RTFy6rNoKRK67x77mrk7NA?`bY3LD{L#=ljba(zf@hywgUAkPB$>04)ZkBBB=Mm z{vu;Pk@hAXS!spewI{5auMT6^2)izS&gkb4e(GU!03HQT<^?BHx;s@V;z7u0U zo&zjIn0La>od~}G^^NmxtlMX9p^U)n6FLuAht29IBQw5A)|kVNac^_998#8c%y+c> z4y|V&#C#TaB+s1jRfM&Wtj9ZQ0o8ozO{tnLQ--5;yhuZCe&Oa06L;w_VIXfhZKX^P z;vN4k?uzNobMpqy(+=$oz%Sn6TVdoh+YaVS(^0!PU)br2nog`S$K8aA9kjiDN$!<$ zd+$r zHAenBv99N>9X#+OlmYi#=c8VD@tX6mFnf-5rEj(l_lHCKUjNotj<^t}zvj1@Yi~Sz z!?icA@o^1eyFQ<^d#SA^{@uB7Kgshmj^~rG=2yV;NnGw0$$+4((Vo{64@ve(!G8-oHn9lTS08lMLrVFPv2f z=R1LK)}5ojWe$#H$bEQ^VeiMl&>k-Q?Dlqs*^}+XT`)Bc$_wX;m+1SQz;pce@ebZ6 zboJRB?r$(HU1fVLq~ptQkGa$vvouJGGw?T_aH7}t=$8XNvr!yn{o;7V{c z?!CKc87|#>eMT?Vf@+pB4~PTz&U<+@`5Oa$Kg&RejWl+Z)z|^QxQnqy=O2D2Wcz*m zQ@Agsf-;Hw@3|)xV;l_2lxJD~zRWso(uH@iYpRg`4^qB&&W8*m-{|9bhDg7AgE;lN z*igIj_yUBDy#cO=jsGFz)aS3@kA5g~@V}R5jZFQ@TJu7Gg*m3zKfPOj#dQLVOKgm( z9FDQ`g*R-UW#*Ot+r}MiPuzV@3D!XM9xIr!ec=6%WAf#1Yi#;E?mmqB!0eX#ns+)> zGHm*1D~x>++S4EJr(pX@x9qn%V$)CZ9MaA8H78T>+m7{uKce6F#}cMJ)aP3e|Ib*S zd+~>Mw~+1HQ`j$u`7aX@%$;ZAeY1o;4rA9p_g!H{9z^>FyLt|qXQ=gkcynkew<@6z0><@bEbvO@#zus5<8tx$R`jpLveWTZ>WbhsM_tK}_e=gd? zrAS8~%Yx~^SOVvSEJZ!ce}!k$uVg;rml5jG-`s+46S}+Yf-t&f)I;1;-i-4Bc0qKN zDu%uYZeD;JZ3Z`^U`8&q!``MH!g*}I7oz)qe|^kn2RXzX*N$Kf@fNOeL012Kn@Se; zVm<7(*z`Zq9oHOhudn&jZMbU??v$}R8L&IadkDE^NqIN#p^RcXf$-m^J5vwdHg;#x z4rwasWIcgB+m>5Vc3VTLK#zYDX%)tP0qk`=#{Q&l-{BtN*|R^=KjoPH#dh@jY|qU( zsZ3`1Q{bNm_ zf9&D;pQH&--wXRlQ8K%~oyhk=dbYvcVT5-(SVcYeet(-49{c};S@!Th)Tj1fo>g;z zd{6C_Q*qa^PXVQEFXNm{!SM<&l|MX|rmp$RP>-qW+uaCSZ)^~7A0_{8Nwc4uwYaHuG z&nz4B{siu3aY9(1C@Hx*^A_t!uuW%s$2-crLwu|_6wS$e5N0sO~88u*ne;fU=~Ig zJhK_+egxl>*ot>1I>*_Ot>fSq>)pET9Ipz{cG@OAe@1#9LwX`Od+=wzZ}A}Bw_sR> zNEhC@K$r=}2fe}5gYX_ic;VEf{qJnSI}{I^cPQu{XJsmx z2AuuS-<@PRf9IutUA8?oQ(?=0I@6TE_iJ_9Pe<$D!l zpdXJj`!hR=j?n$&?W6Y1gx!=aEA8+PDjkFu!}o0z??aoEoQtz9u>|fA(0)sHF7)e> z*XPl{FJEwv_n)iVJh?yB9(J8LwyNhcnkT;V$i8Uj+^(ri_s;nV#61Rge(+mG-d^$+ zb6$2^t*iUL9dnmWarfbS0ktbLaC?mY(C#Xn2PvjG@~78Tz=Zc|#2>yS#(We!eAB$l zLnw1UUbe09|Fqw>Zl41G3017yV4TeWBaVmvx1Ig=(u1`5dodjtSFtbT_gg8a=$9h5 zRyo)Ud4b=aF2KDGkxsQ4`v{u{ZvBv@_y+LLdJ1>WFCi`hm+R#1lkNE#xy*2xi@yey25^@BRJnr+133fUG08&Y@aF1 zXcyT|4|7IjS{K`3w7)03{`#?~FH_7H^TYin)Tyz3P?6q$2!31Kvv)9;i4|cF9&?w> zilDveBXmFN&w(Jf|BAlz0Nge(uTWPSwa!nwA2%7`UG-QvrSyH}n=|)~^4#9XJJ({S zz1H8Z<+z>WPx47x)%~;!GJ;tj>ks{VW!Cc{FRaHd;g}su5-(DZvl^_2MUZ8~B>wBF4C$R6q@(W|lvv1~1lxeu=#nzcRe`sUJF?=j{KFaV+ zS(Wk`<)T$%HmdJ(`YnBid1d=cHzsX^^ES#5)4_Om%&jc;(}DUlndzYW)O9msCaeb5 zGaWwGW@*O02z|v=#B(|0;X2!)DQe1toA!GBEA)(m%*ZgvG^MKh-GrlXh6!b+cz2X; z?}F#4y49{e_InYWk=Fe|ARM-hgY^aGx&FFQf3zRCqaEFw^Ff2}>pX?4R_S-r7W&7sWRj%hv#vjkqp&c8?^*nyN zlk0iZ^LwU{Tb!>@eAh0DvvpPa9NUB$HqNk>cu4wghJz`3*At-ep0d1$l*Z zVf+@2U!57axiS%A|FW&p@$0*0k2S<%<`r?ky&Zl!x&n35;vJJEJ1gvx_V6yW`w6wB zK3TH!5~x*9ao2KNziVRVLalxp0l9teCHqaOQ_)u1YHV)-W{hYGQKh%To9!L7g z@m%OBCwt2hT24@gVXpOdTMphq#5WI+mji{6OXPcR*{+k{tFX(ycPZ-sMf@H^=JU+Y zo<(*P?R$84#2tsWy(|@}b;*4XnC~tlpP@0jrym-lGc7C&m=D%fzpf+yXXET}2>CDG z1~!nNvh9U4UBr9E_K1u14XlUQYG*KCLD`@@zGyjTQ#OOLi1`P~@HEgGA-tH+ z+_D4sOBK#^DPOxaCmqg&JqsK?f5rTB9GMNyThT7%w!i2 zQS6&pFR*7gHdQvg677t>rx9Te-Yd`%_0kKw591EUYue*B-wz5M#9WO17@06m$`SAG zp&YR-pq%jj9>|K`TjBjZH0S#y{01TFXNceQqgev!;JYRBbbEf#;yWcY2gCWeJ0|pE zWLG~Kejgm}Er(2^ZKlld*`#@J4iB>szSoFvAP!u=ZIP|Nqg7<987PxbYRq(e^A&gE zSMYm=oO^kF&h`>}T=(DaI)V2;io081NO!2}4BC>(d+L*u*=M6Zsx7t2@b}TKJoEvS zBlr1O3mEWk9B?C_56!eVYbZp@`CXN z-t}XpcPoK1hs=jqCM+9_FUIc!_rs8n-T1pNGE=dPAa|h@?i#-kWpNSY;r@wx)FW6u zrX1s)oe;}`GK_VY$+uLdS#Kv%264{>?tpPaUvVwfzCMZXuj(b1iT+``{x|46cz=~r1XVT3T39JVtBaE+S)E<47 zb6Zss?~}XeAK&TQR+aGk;r*!__WYt7Zdi|=V!Sx#jqoej*J2F|eQ$H&j(HfbL7rHq zDdk|zrg;=NJn>yDy`_aW|ocr06Nm=PQ?w^U}vh7l}3VcT~|J%pvHPTVr!#2K2#Q9(8 zJf_3<^JA0;+O9=EUgF@cm|FElnR?%&bJMX$7p9|+j7?6#AMGpLeM!D6(A*JG@7oti zW9=YaxWHBs*m3TFeRzz|QBQ;YD9rbuu1)D(YAe*IxVwwvBo*yJDmu#&om->nOi!^Y z!1)vIQ=z;Z^rH!^4|?q++3@}p$QRZI(^{_3Z!W>N23W_jH{l>&H^g{53RO5|?dt15 zJ#!O#26!K@yEl7m>(?=)>mQM>v6!0{vu&YVbdB1RA$!PR9Mg@LcP@Zm<_B%l)2g}; zXT38Rqm*zCyBqUWj%$*$H!8{(Wok!-T})YGxof^*=j`{A54Xz=vF&9#@Sej@c3gt? z5Nv&>?r!uA=!@A8qZ~$Y?vH%@H`{G*O>XoLk&cSg)q66m!v_%#+L3vC>g}`f{?J*6 zvG3aRNu}IGT9-j;tWsN12JLt!A{9-BaL21P9sLyVY(~7exKo$+T&96#QV5mvBepk) zQ@1s@qMT6wP&SUPul&9(*K=8CStoGTdP(QF87wQ_U5K(uhLGkY%Zc$YebX@);d}7! zwcIr?TNNUGF{TylN^m!aKJ()<^Le4Hd5_F4_Q9#EZN^ImW4q7tL^S&DLaY{Q;6(Pk>Fp^Q7eVb3cUBmWOUHV=Uh z=Ix;a_>MvM-9NUeyg!0R_M$7PA*T^u& zL*ZH%er}>H(>>NrO4()%7Z2jVeLK~>Gv?!OkP-XSxo+rY<_GN%&743)NiAG{niA#0Q&)7{8d2lk_orf9e2%sduJ;(b!RNBbY!BfC(( zp^L{Mf8n0cg{-Uj!T=i^amFE6tGba^)YGgyAmg zxwDqi4XVV15W~YCWii<2Q-1<-M7vyb$X7*P^Jb?q*F4$mRQdS{n~}gDfrEvQUNYfn2zI6QfaO$M;-!?kV|! z3`N@`iLv;Lc1)^X3i%Fm{*Q1jP1zV5PO@mmdrv-;!aZEQ5v#Q$WR>!}v+iCuJke1% z-TooGp9Z-_8~ggRD1X?M_J6!O0r@TLxKV{iLmql>n1(y%s;~V65H zD4^`z)(rjmu}Qqg?S3p_^+)kCPQpNYPJpyQ=b`xo%#bJEr8z~{ zbIz~Pm!fUX+GpCFxd(S>Pq)zzouoV7n@f2|yEiX2Z(oKoPkF{WfUE=iDbtjH-aAM6 z=e={3<9o}iPg2%rpiiMp(~Nh~aXgImlMv?R;l0>LKQL-vW;fnN|IwuC-uug6>`i^b zRvb6E35=C6W@0-J-+Nr@awfYPr+o;W%y)T0Y?=ouT zT0#Nx>9+~@joPc%Wp*vFbe{(|*RxGxJcw`kcGN?bCFv_FLv5qjX0GU!<>_j zxC&`uzYxB!&7RmDsk<(_Z*aW6q1Epj9P|xNPT$}J`UcM~yKivVHWYqy7m`Ldf7L?Z?HY(oJIEokjL#< z2Lp$@*gt?xG*y@`)onks&iRgJ*QXM!b0Kdp z<(>B6UJCku{f(Id_@_)icnRb<(0=tc|e5@w`0G<851%#=VVtJq34pzJPVplRw;vHM*(fyBlo{7=Vi| z8}z#zcgMN5&$}~k8|Ub?ey$CF`-9Ea?dLaJ-zu;}dd(kZsTnm(J8*8dGh|0_{^Kg$ z?@XJqjI4s3IL|^EoyWPBA1=e&8cQpN*>1vQI4@gXm}!J_3}KQN+LBhv-j>A{*@W6R zsc`#pZ!fC-0}Ag8dv%$-S^i*tRlB9_i}c(S{8={a!-HO*4<1YGn72NsM3fchm$*CO1l#$0>fOnyb=6pxwralzxyJf6$021{uSWl= zLa58*A=44YnbhuH(CgQFY%=qO{&0_7m@0fhuTNt>-F-arLOZd=S9XN|J;ubCn9d_ zk%=#yM7f1Og!N0T{gh*Te0T@?YW81!5$h+&`&7)kV_$Jq@zypw@^}PuujNV3WeV|p zHh8z)R*@`x7IU_(IA^uhvI}mlO0!->wzeh12+z6g^Y$3}-`-}2Z>dN|=ojX-?1%AO zupRpZU>6}@t{vlhvWM88vdpI2>HuZCTd#E`RMO-$8`G*Z=9x|<+KWEA z%PlLm2OTO=+Ogc_JYyr=J)OHYcVEOUPZeTplyFoSd0;rHGPfM-dS^qH--miz0?t`$ zLw@{duQ=APV|$gl%2py*Bsa0(AQ$U)#e;4 z!o3R2S7NB6kVm8o{Q>Gz@$0C6`SJ)qvyqOo4&9fWf<9>W4;ClXA5mW)UX;X|%Rtq( z#g1Rc&UW`X*w3?SSsze`_1{uZ=X*qr}g zbw~IJzU%3R?kI7?T-(`>^g=G?LLT)ud60(DOhdl3vVA8jgd0DO{9;Who+@(3Z^hr^ zv2=v|Q0AkyqFgb)I&%B@P7Gy&_x}^vH%^Com%8fNrAgdpuEyv!uU!`JkNN@KF+4n9 zd{D1VdE+UseR0NO0F1eY6-rId9y^#e{Cj$AW!mrr+Pl4I3%AX7cn7vV({l&z{ob5; zYyDKC z$NfHu3t&HqdaM&f_bhO?yAkM%duhv@xEw!Q2FP?x^XK7jj@jQ3UCm&bVT zFW+@Cxo)>!UrQ7ozl-t0?Z0r0g}J1@&n4Ji(j0L|IM4i1krhJuyw9(L;g4tD_S%Iv zu)dg3_aZ%h+py&#?Aa8lP|sL}Z%3$*sawUJvFyE-@s6V0%tJkT9s8l7?o!+@Q)->{ zdZ|SYaWIO#QEEl;4msB7$;c`~I~+YU(dE72)fG-b_g%-+$yIaqvinSbpQEvMKzgJS`$r9go`8nl`eA)Lx&h%J=`DWki z=bNmt4uLy>9JB|a^TF*k?p-3?lXqi3!^L~aKdf!W9+kuPF}gQmO@rMu$V~|E3{T!y zn&uiI@}n?Tcf#0?ns75@h-1Q@=#c?8k^V5`>nytKjvmPvc^ggr?#O0*@6ic`ZB^94 zz0k^p>bc5=%%JIcF*k>@Nh<*$8 z`vC4tK$+tVw}rg}RgV5~(S>N=Kde;jzQQEuM7wY|VhnMx9(|%W>L8uiyTJaLyUY4C z@;CK~6fQK-c|QKtms(KzZ|4D~JA zIZolb;mHW>Mssg>Ycx3(>++Mqu@Ge!V);S;z8}`JOw|~~&vIZpG1kPxcs~YxiP1CO zv*EVz=9PBH{U>~59N)>p*u9+gw}Iu>VvGC>w&K~{n=ZJe?NI3UItzVnvJh^sLcNS| zoQ^U2zi@oc@iX5$!dlr$cduJG3wO2kL=!PQPrPImzSDtc&Ji(xoe23mvJ*1%?1uf1 z+A8u3&Rw6qVgI98n>ymT<2q}FN<|an($U0tFwphvM>9=bF*~|# zmW46o|LyX}kYF8U8n-O4RH0HuY?ml=V92wJldyjGCiy|ura%tkkjXK$OIjH7fnU|t z83*NBkn5%w>wc`W?q0k6=JP8t?!da=IhhRSS!hrDus^kUU#z+h+{S|+_E!sb?nK*V z+J-7!4{??aWqT2y-@-kIsjF@D8_vA(wi<kq8e&eHvZ2-(z4~t*L z-HFtn+P0|q$X~bz?HSr}wtJ&eXy?cdZ3(}7p!bwbn}>A~HUx)JNW80Xa!IdEnZuaqhj%i) z58gC0)VJOZjwS3Q`Y_)09)40S#`9|vbe`UrynVdG{Xp+~&v>V5d)VgQ&vCpLcEZ$| z3&~~}_pcfE&*6OszmA55r+Z%OYJ zEkk|%8pik06RkGa``;vc_Q}baPBhhu@5@viv|#=ko_Y53yI4C2Z9#mf|H}~v=M_aS zHoNGLaZfAC7X2Su(o^oZU&cIx*8^N52|unTqMhN{*GI_De_sLhA7($)@09!FG9wFm zUBDkBY{4AXkDq%ds7Il0%ZWa?cu0m=WWLaRI+D#dRnu7flu)}*uhaWIu|AJ-9z8rHn zbu-$UEt?Kuoa2VJ;d>GfqAvLDCd<*pi+v9-UYyg>eI5D}oT+ZMI>#X#$UgLUVfS@D3pI7s^d@kk4t@ZL$>$-{T@EO02?iv7*banq`pFYI*=bXzriudm?5 z=T$)-&icM(-7bRLVEY6%Y@gC-o3P%X*H)%uf0WFSrmwJl@t(ii0Uohn{+TwG56d9g zZ0qkov(B8UK9MqFtI*FWhh12^ba$&Mm^T&uU?KPALXXk>5X?P&I7Yc9PrU1DCq~`# z<~K$ixaE%<4%~uqKzuv)cb-8%$2`2g;lS75*l^&VPi{DHH~N$%Z*4fR|De~#KSg`C z&8SDez;k>Y!ecpe&lTkEgl&*&zc${*A_C1$;$5`9=P-K9Q>a!)vI z&=+xk4Pl4jK1Mt0IbULXW9CdDu4{g49P{I3dPdtk(>W^as7X*GnD-Vz<-0R+>>+TE zsR-v4`sU-V2&ie!lcD}h&(m<$;+Fb!2;a*)$K7EUVEkW1*~0qdln%%|)~{Y>K4(2? zhfl1xX&xc#ZB>atpCPROQr6t#=~(JcA!D*8bDuTeO(yHErLKM_nRS$7BGysVDgFHx z)_K;?&6)2+un*sbvNmnQk!3;mtk0giyWWDke&1cbx`KMsnTpy`$Zi-irQeb53VU~x za(qJhVBZl=xgVfRau1F&$~`f(%NE|J33ZpCEkT==D#5x*XCf2EW%xMr7`l!1!B#k% ztO}uyXC7~hr8|3z?TCA;#rsSO&<0pE>x7&J%(<>(-Nw6-Veam-Bl9s=?SP)^zg+j7 z_12MNjF)DV@h%JdV@NOOMQC%P-AD`5(2e$nb>2(Sm4JnXdmC^rb}+wKlb}1wE7}`19eLVTk&Yujud}@PjIxb;+!W77#mJ=x;cc~C zo{uTG1#Ykwq|jFI+>qu7HaO?+;6Ah?7_U1aa$%=kt zjXu2CiF<9Y&9yK+F2+7>#@(l4m!LnO-9g0R_b13d^NhWBCp0}}M;Q;xneVU|`FU%{ zd`AW2ho6#e8I-(rXuPP*#7Y z-1u&{hOy5Pwo5P`DURce7R&Ix`0vHOnJ>S+70D3N@;3UNU|MvUvyEs^xFN`sP8azw z?UW;==}*4=FkRcwUXl;E@OuLszwrKlw1F1dz`IIW*SRJD^9UG5zw%S~Ij&;#lSZG( zaeY^*g){pq+Ba5@g_GQC+Ku-ZcHl)i%lT=W@DgnyqOKAykFIP!#z_j0ZHp`s&r*U6%sjN;gi>Ck=cz>(LO)~q_C z`&>KBd~m$Xy;(hP00WMbDRZ1Na8IgdJ;&2d0oGPg&l7qK!2Ta&*uoyj)VIc2o!A3Z zY)c;>Z5O(?IuYC}`p4Up?VTs^7~|a0frrrt*ceX~^ISRO#rI2fyk>09wFay;PwUKQ z2lIpQADfOfIIge9di>NoW05hUva(L8|%pprn`QZ{Re`8=b#~b4$qO^nlgOp3!)BGEq3CoyUG@~A4uu|Nk|ERk! z9m5za0+r{T3gM35B`c&I{m?z1$-d-Cx9Hm!IxL4ud>7zRxYysZfqYG2eL1wo9dpMg z@i*Pp?`A(;tV*6f-&Q39M^5rQJle4L{kT4fd0}GQ;q&kX@9%)n%tkzCQZgTj^jt{Z>O}?iX(|YGxAwJU&`euydtxAMd z)PeLeE&V1f)c+7=+kx@Bo8TI2MyFr9g&(@@Hg5S&DB0kC zK7MIvl6y}whWGTaW_RH09gvT1gpc+6P->|ICe8<^e?0RR&Vxp{&kg+?{8?drzRj6| zav9%QmhMFUO5uj)MX=}mpwyU0Va{>KZ=uGZz5-%*M%?e|$~BI9DXW^6MT zex`g2e*F9~ZQaOYU|yx;y&3He;{BzGw*>V(%6=ZQ!FaI`XR*%-Ka02-Zwm3bd+^QU z+O+1!KC>g9ZgdlvgT>RUZVS%Gwqa}lhP_c6vXQ>ZW0n2_)Clx9!4BX2S(3T=e4H~u zIhc4G>8FQfqRS)QIDe@s(#((!$n{lB1NAAy4fboM+o~PuZA5vMLBAG%H87j*e%*T-ntPcCEtoNoa)8|JsbyaDF781tPl55pXDOlPeLV;!EGVAck;8EM*R z+%9+TIl{4WC(Jo7TyM;8#yu3Qi=`>BV|}=<@QAL9FV0EgToumtLeFy4^#SRjJNjiE zBWw66Ou;S9STE@>=!apz&7GRX^>CMH%0v+l{bHRR`--|99*wqQOndnZoR?7{^z|Gc zhHeFOcbCO^x&9st-F&+~SwLoJ|H|NY(r{_+C`^RhJ$4xF!doV<*e_C(*d9?ndr;o~ z_u<+8BECrsAMQ_LTt)6hct11j=V_3|9($s0YrL{q!F+*dfWnO(4bZy!!1AJ;-0dDU}I#1}~-|C|>mXQRJF8L(~VSdVQx*1!H4amKmUh4?08 zPCSKcUR>`&8}t>fhdl_le!qZm9>&y5GCSrsPs9FN3EZ3WzXR(7=YQ=x(5^FF_7e=( zUrY1C&Aj$>PPpNe&9ib=JI<(;Vn6DZ`PiGaRETGr^w<@1@SA7hjMID-+EJ0jy>P0S z>ucMv-i5tnea{-l{|E>5#Iiap7vZ=iTM!P$z2|gTD!c{rCeCNJRC4dH(qg#Whenvi zH{(3ijw%~>gYtdn1njYPhxZ-n#)ONyIv8#d!|g(t+bW0VPJTEH1Ln9dg5khjARLZC z$%RbDKB+LywiLoaKWc@>K5pwW+it1i#MxHJR;m=|1JyxG;oO*|9;`)NC_AQy<~(-| zHw6Li%TPY?k|%AP8|IjP?`MPaF|2)u=MHSn;60AXkc%ko*gibGusHN8WPx*`ZkjNB-Z`dUvq=DKmchF;6(gZ`7T@KAWGeVE!mekddj#C-%@Vx3JV? zlrh%LTSHwY&t20M^6g??g|VikMsK<4_0Sy{J~IDzOn1p(9LBiVzXfdc>vTsxCX6Wk zA4I+2TxG{`RZO?}xNM#1P9>XgGFgarak6QL^|~ZDmHM2v!+%kaJN~w!S`fA92xm`U2_O)GzBn=aD0n(O?4~G4i(r_ZoR-#TX9b-#uF#-&SxRR1n21w zK}CI>eEZykOWb{!tD&vM=fbDD`;uXpPoO#VC6$xO#X&@&AO3+y<I z3k`(yQz+vZga(X-3TK%^6Z335B{bmK!^{i7v-JNBg$vB17jDD^2Sdca%y)Li)rj)r zWjxEzc=&#R5f$+t5zi|B`HZU(Rp^I_c-s8uGpA!YhMrR6Ns_pQS;hQ3m(ec$@3(N`J0=dS-#OFjLax}AdiWk%m^-0O1A^nJ76 z=vR66-}K$L8GWa*_td^`US;%M#(uWZS9tn6Up4wlqkn?xV1FLfI^Ei5^bdLA@1#+a zN_}R{s_Hehjdiuw$J%P@np+#1)>xHos$|(mtxNe}ebRp_xu&(Lxw&D@N~^A|u4Wxw zmU!W3`hMx9qwkl8X_D!Crq!qijOyjPufNLE{|YIfyZ)s{Z8qxDp86jqKd&11zc=oG ze}}Pu+f$#t+^F|?>aVFF++Qy<>LE{kE^buA?K#`%9Z&sFD)9H8i;UW4)V)SM;ie z%=XM*SZ35#quyy$lm8b?_%E7tylBFIG2yv;(WLvuexrZgQ(uZ1)%bg9xzU^SzhvTh z>98?3={r{D>5pA*RFke_dp-RhmKrtgssH`9Q4bpR2~YjiMo;~(USn<*s;D2>7(=}AMT?O7Oy-q;|Myoi z8MUbXvdiihsm#BB^I!k%T zzMPEzdeJMdEc$iaO`jY%nRZop?BapNW5Wn_Q#`(DQ5@dt>s7tl{OezTdFs@uYH>9} zTC`R3-Lz?wb_Zt}?LHn?ar~f1vPuU^p{Pn{z|m5WOeQ(Qm|35xp9vKnkXj~OJI9m$ zF*gWB)oVveH8u|5zeW{b>?|tUhyZ(@h*#G4sH(=Q_0K)A9`WhGRcXAkvNB$(@K=gw zrRo=D7S$t2BnJVSz_sH|Mn^kU1jkO&MR+~W^fXqfc$Llp=og(`SwBE^Q4z}F>_v@F z43xfK4J4CqQ(xsI-)8v?^yrvbTKu2trlQg|9X7)^f0c|UURs2x5k3BQphL`XU#j!F zvFA6x`AxEo=@>x4tGDaxH`dp`jp771l;_Dtltbf5HLzk;+o}}>r{@n4AB5lY@*BT-5-QS*-$osugYdNe$&F(f zKm9GLM?w+*rcGba;cDk_uT}7Z`ph!}jZhnr^d6KO#0>Ed^n5iwAMq_hu~b$rQb}gG zD6AGCU8SXqAkU3GgXI7zfUVKCm2O12rX6Iz{yCU!>`5ZNvtjxK%&8wpZbZ7AlT5Et z>z{aHW9iAX)40AK>5Z!@oz5avR8)ktq#XiyS(`FlO1(Pp%rnnGeGcJMK$v5SGxQr7 zpbqc-(69Hx-;~@~^tP(3e7mx8;n{G9WaxCj8}bi<)cJ=>0Mt_g-bNu`6`#LJjg7~f z+ah#tyW64@+md%}cY8u#+KvEAd*qdc`TZq!OoMLfymrqZg7 z?VfvCU=hq|ut@bFS_ll}4ep`FD+iJ%bp_oN-_*ZJErz&1@x+sg z;gXLhDPFkLw{mkP;4@i{GH^U_tt%o~QKcp`nuWGD4;Xs~IB#0m$Kl#KHZ}t45 z=ci+*#uvr=n-Ra4AG8@deat`OiJS1jiv>n*lw7r_v2ii$QB@-%L-DcYsjOK{qNt)& z)Id>@QZ+9(Zo07kiL;>IwD2FEFQPl$V8XEeLb$@e^=Or+cY6PQ=3ei=4gcx=2WW%8 zlltjooa#dS-oT%ZNUOg28$~qte@w<3TJuKH037p?DhR|+(ldTuxbgTocxDuA7WvCi zgWoy$(|Y_vy=Q)oHfMMj^PhzmS1zF=wWQM1zp1=%GU`oZPjiH-%@;0wQ=2n3x}y`{ zJ;P^68SQW3LWav!oI^w9#mlE9#-8q&DnGq`zL;)|8ugFv`EbJg&N4rm(GKEa>mozuu(K-cxmw@2_+=IhF7Csz2mkp-IJm$S1ptO{gbmo}uby8|v7p zQyGueZ<=LKngJaY- ztsY&o+|&E{ZSFGmuCd?f>FW<0{XtLfhuf?>HI%Ct-_fSmjr}sueUnM|%9zn>UVP>+ zb97C&_vHPXIl3Xiry=>+&|&l@ybX7H`o^?YkN%^VkN!pz|4j=#`_)ts{*Ai4v_|W_ z@N@Me#kZ=ix^-1c(+1y9b9HSk=6bD7YgCri-_+gMSlzO+$#)m~VsKu*+N5((b?GkC zKXEw}uFd&>G)B7rxk^9aAA~c>f6nv|`uD@@q8-Aap!i|S3Ow>i=MVC!b;7@2QQ;J$0&4S9|5(zb5LL zzfY$()4wK0z5mPfzh74{K;~6sdmXP4T**Bw_>7SYO z)HR({{a>d4155dw>0g`l%{={ieV*D{m2F5j(_sw(z z)%Dc*4%K`=e<7Q8aNn8FO+K^1%@xmIBA=UlX2Avx@g2_RCZE~h<_9d{ua|Dn4p~%3 z`nds1`0Ed7M|?a(<##d|Nv8ioD@%X$8>XBZtFp_lITmy`(sOqCHETH?$-QrvU4G5F zp7?ensoCY%ymTbDLA&hoYhE6-8|fKC_Q7AKzghDdG#KH*4cNioY0LGQDR-}Z4J1K7 zqWrVufrdHdp3n|Y%UM^6NSsKXjAbo_#5Cy8g1;vo9T_zoGnHymYv5vfHyS^$zDQ*F3vD`%-_d{c!qG z0Slz>ctAViV>Dn3f2UoKinIK+1cM3Kocd_CaZhj+&2%Znf^<%(oef=xo*+*C+KIm=WMyY(aGm7)BoY- zT=Q(XZn-npemH%$T(=w;&Rwp#8!$lm9S&$md^|(t*PkzvO#h;;T=VSmYf0zYQ=jR- z^kA-ePWhe4wfFojKBXM8%kQSV<&f!LQkffGcKNN%wH{XQ25c~YiU+jF*OI=VKKOiQ z%3kJ_?%M?ok6>ip51^Y${`WZ zj`(Blpa&f~e^4yVtNmy^S}%QerIm)2;m{c!qNz#`M% zY6Y|-J_a4a-)Yx}phNgO?fPH`QUiadT_4U&`L(WM^oZ9DBqQ%*cKNk-<#m+DFsJ+u ziU3m_68ki`t4J~%dYROeL?plJ!kiuttUou8??(F53Y*_?M8ae9uKaw z^103Qe%~2EobYR^SQ}q77G}HOJ_hk z;^W{UR=9${J4bXJupA$FhQEUW?TC+Vz!v^aDc^u~*5er}hvQj+j-bgdhxH@4%(lv| zx9hEJ+u?QD^>)2IyvuBxGs9)QlO5{tx*RU2EoW{Z$V~tG)0USrl)t_}^dmmzf{HW^Q0d8a65~x@Z&(b9X>-{<(ql>`ISMv|C~AcjluF5ECbl<0($yKdatn`sbfG#ZivInc@%(7U{_9 zuQL6Ybbf-zbJjGqcmqnHZPNtlIS3_BICtDdd;ZQ;y}0~ipPfDbf(tHMK;fFR zqNSmBr4~M4?k>ufyM>htyrv>HPJO^j$A$!F%822dDIR{l(O(7Y+rlc-M8>|RvlvJ%)7NIxU`Va9p!Mt8pxk7R z-no?S_&ZbS^+NOhMf`)|2hD@egNcD5+&e+Le9zhQ(6)DN|5-@>58-$D&%>$NXq?06&OwV|9lvdRCHlm52+u7*ti%Jg>)g_Qp(C;bQV zyBacmuj#2-)zUn>skv^=oaTla1QRO@j_+CUlsGSil_VJ{i#FeY66mnf@;ay$5WD9^Iiw@cnW{K%4h5 zyI=XTo!3#o@V&}Gz$??UEU3@-oGq7MUX{;H&@3n<2;U9b<$Hdw>HqA{Kz6774>iUEEX{T>DoH~BNxZskkb_V~4`2e-oQ{O$D{}K5;y4&&MZ%k|T=&mSL z|Cc$sYbl?H&R5^7*au9>3=lm7ZUwY#JDE%My^=gsfd^H`iO_uL)5yUVlR*lg5_ zk=4IFo@3vZqkk9w8~?Z3uk!NYpW9E?8ol9~oayO(u8&zp@5#;4BQc}z)#}kBGx7Eu zn_a9TgbN~tWuvM-bjgPoUAlOQHk+kpDK%>r|IvzmEXNBnYF4?LwPcnmpQV<}npHk) z))L;bKpiY$0DGEgC*`VqiCR*wmMoc7UOuaQ$*d*ivz9;)A8-XvaL5o5oc3A{r*KC{ z+9$lx4}zg@7(qi9u+~AAmzOWWf8|RMD4(Fl&Jx|L*TgRQ1~0`jxBx;fswQKF?9t-PBgIe#M&A zv**qO7mFd~`&Dk%rc4+{ZqB?dLyp<<-l+{EsE-BiCGh z#mAR^;%~0HWcntx@e9j8`q|4q`L~NeKQ~+?OCfa%i8SFN@S*&@kYHRx_3H(%UJbsV z@uFAWgYSvFVDkTuCp>=*Ui~=w2UG8S`TB43o`+v=U%k(B?{oXz)1KacFXZ>jjoxtn zeZuHHxjXu5v!~w_)#}k#J$L<^;znOd)&FIV{{94?GyR(?w0iVSFFi-!bUppaeyX`Y zxYyxio+>^@yUbH1dySgqKJ(OQFCG1xsyzD%9+#)47=LBg(LC#?J08n3iXd$KsEPW& z3jTb}keY~P|007wWBw8S3+4HF4ldKbaGoFSbw0dA<^MM~eiQ4Uk|$mo#f*8LXthzy zx2PPfJ|DU4qnCdSQhg=F`fopZ^|DWW`kHG$^V!cW|NIx2vLScXD{5-%P^%hHtyZsT zYW`Bo+SYaJH?-ZTCk4%o)vfhSEvx6OXliPOzlxPjdL6s9^~P$3v$m$Cu5OJ|U#z=v zMN@T4EzS7*Xw#bdhL!7Ds`bqcwRP(oYU-?pTI*bM^vGIY*RqzEI-FZ;t*)+F)v(61 zt~Ce#u3S^ow7MC-S2WgHHTeQF0nE1Qk%F7>PLTHb#k!U?b&VF@5^Ax|ZES3_);8Q! zr=PrljeX7P+D1ls?phPyN0)tO?IqT^ZC>h?nr9yB8`jj$@sh7i*3@kXYL#a-XHE5L zZ*94zd7XA=%v*14_RQ;$pW3=P4QmJyztz=i*40i{%Kg< z+*r4|ZcVEOI0Nq2ev$6hHdnXQ%rSX~9`Q90`nu-oIn7w_)*6~OHr0G_4$ypQ9iqNb z)ztuU-5l%-HPtjA%=HakT*jO*<`5OU>Yp(mG^!oOzcD|>zcC;5-!P1SV}6Q%V?OAA zMnh}kiaFrX(ojbcno*mrM>#dDT{ToR^Ej6Q)YbE98XMqk&f2;b%AkMp?V8Vg@^iD- z*0s)QZK-aa(^?HN)A`nX7cQ97Qb)^bycz2K&a+Ojv09s~TxY6oeYN&twRy7jna^B# zIpnHxep~Qwj;|Tv!FS@To}d~zT5)5mmz8y1@vDYfW)^bWr0+`cvx$3DzPP4o!x{^6 zVpTM+Wu<64f2ht(GvW__D;k>SX)5)#ts4g4qpNLL`^8I8(`#xG{3Z34R)J(qohQg9 zJ!?@eYuNj+nHVYsqpxom+07_t=8Hb z*S6NJo@+9Cs=xIOEv@U`&6`^G>5nbD`kHG|fg4&IsvA*LTC`vc>E|@n2h(NMHq@}~ zt42~Nwl`YMO{o2TI_e=>ytAgMzJBgp7<%$py`sg`z$-p+&1YwSe3>%pXRa~3QG@!A z>gWgUzhLw_oX<2us;^o0kxzfr3wKCA=gKQRe>v`8-k>c`HTM#9s<{_X9`g?}pgiU} zf>X>tJ4|{$tAoiK4sCM7x%Ptm;aof4GoR;4g_>uIdydiTB@Z;#o-4G=tG)Kylj{$v zmO5`tRnt&E2YZAK-kYtc574*NHP%(H_4uGEZ&+V9ry0A9)hp|!spgfdtD9}SzFobz zwY6?eZFQ^eF3~P~VfcP^K3eKps~gaX;>Yw*MfR~TfM%nb`IJGY=EwwvliV+owayv^V+$dOxoHp{u$OC>+T$OW0rP1 zvO6}{p1YDytXr)wWkMqv5P!6U7c6AA%<8N|H3qs8ARQk=`?(JN6RO4)A4QMpo3p{2 z<7H7Nne8l#_R7`3jb<1f=^9)XwV|PPmC;!Y2|fIbHdg)lwcgpSzcbDF-&=oUMhcBB zb=9>uS`53+AANZ37KR_IbY%Fa!XF5n@0qMb?_dg>bO-xx-TvW4WWNDkixhEmvy#09 z1`iy|wAQt?UXo2^h90W4LV9qyl|iCgtdCZ&IjH3jO!2j=8rC9@O<%;n4PUH-AEuP8yQSS*E7rB@)>PZ-s5JUz zO>5WcF&Ks%Xj2(=oS$Re)dy`7amMz>uJbZpt({zQ)|fbBHLNn z^DPMdM)is0-ox#Cg8=rUnbag>hOCpdRozuTSCe*-TI+Ds&8BuIOG~S!3N7waabGL8 z1-p^o28E73Ny%poa;F<2A^UVqwXMX1N$re0N#SGTGqWpmI^t#*g_ufx>Pa2+C-PD< zk4lQ{zt@aHspO+AOCgaSx!P<>uWX$8WU{)l)|i*sX+diy7X@L5b3m>u!hSxNuY%+w zDM(pIWe1_{688S#4>b%e^;zkCX|Iv4orLO^GULmNa)X;^?GH=WS=n*RW=^jeWF}p) z;;M}W6e225hxS6%=4xTwFVV@YmLYu*akd0NFRSt`Aln+cm^ zl1rwR1En{b^Rshn@`(i5KI@^(q2`KABeFha;+2S4tX`>JTV2&n+j-wHH+)C<0`_C+ z_T~vSF~J1zM5696X3`{?uh#3@5+NZIFWhRgjcQviyF?z>VInWreX_0Ai$iCv_9QX~ z$|X&>8j=iI`K9Xo+4kD9=^q=nv6>_@PR^_@g;6_H}o7EYK;HP%kY@-7~IL z+RX+;MO7S$`{e_zmD;jw1>dM9=LBUtnV)UwW^}HaEL7*#&Ybb_B3~!0wq$jX>FT`H z^hsHM=BpdJ}al~(esZqHwq$CIkbi_)uP1vsV8EqS{ypO-6_`l4Q62fLn4 zca=d^(v*pLvEDrQMA&fZ>hLM7vD!p+wGuI+^MEo<#D6t8B^|82Bm+(&UX!TcBwlRN zA!v~WxymaIy;M?xGtFeJ^mP?( zX2^jTp9o1J7iuhXb#+BAldCJz3*_IBORtAz){(!*lCXyvwMMxoJAP*$(usb@^-MRrO`R;;>50Y(wv`PYsoN4Ue(25RR58qM|V$$LUb0+CMOHcYFig-8|gv^ zV;$q%3O?M%NX^VUzBx;DTadJ?XY{H+sf4YR>;=}3gtB*#*FEKXk&i0n3NY43?b9w$ zU&D-R70vG1WS+*dIC!6E8SVk6+t?=t*;#F~?<^d)iBLRxtk40xK$#ilb+e}XLfJoJ zyIiWZN9Px1Wr1B1USG{bNw^^wY0FiQ!^dW7_W98hE%Qq<4rL1=m2^d6J1BdNrKTNu z$%SVf8$uQFaLjREAtLPW^+MV8=?as}ulxT@gp?n4m9ogaj{W8n$@8y#_Oo)~8@`lk zO)BZR{ivTq$z*E<<*!p@T*(jZRb_k17!)q)x4pJu{xw#yD%)zB-N4&7kdV zY)!TOew@!#Ff*IUx|LopU|xy36}hY>TKy-2wXz|VV+p%9bQ1*Vb5BpdK6&!#XHUNP zQaVq(T${qL-{ff0*YLxK#vaub9P{R3zmUSbDCO(f z?h|2K6L!P?r%bs1SLj(B<;}~bydGg81HuVR^8~dkJ73zWRVqn8 zsx6*RPCb44vnQWTDxpop9;r<7hHMUGPa_N4g2gCRX@_v6e!Fv@$ltDLsDJ??!Sc-&{_7 z62(QoHh!W1TAoY~K7fYLq+rd|ie<_Ri*RvKThwFr_dqJk<5b9-CsNT}IL=Sx+CPlE z^zvS>17x~0o)cnUb5ZiYeydqp+TZR6U@Dh$TI{RBgddZF%Mlggs?k8p!QPFdAT z>^sAyn@=5CJ$gd>+ty=+FWYqNZB&unk?+W}<%wiGU2 z!a=0QFY4*SsH}2}vPGSh8%%m>W5<*spDu)QiryZ5qqb0Oj-IP6$YGSrX#PU_Qnhww zY1IWnx$>R!rO~iD#CJABX^rZjJ9@3<0~>`7v*#+oN#5rqh_cbd}ZT91ueQHOK&(hwflji zhs3tEHWdMsY`YI@Koe!E&dtKn5?1@#wdcI9HK(f=M%HguP@rDcz1CWCnIrp2Rg=nTu{klzpHx>?1c*|dm(}*c*bf0C+Gh)xqqa?%&U;uluLShO}FhUt8#6B zJIz|ER~Pl*cttk%@t&EMv$ohC)n*v=cJTHKcM~){!#x(M@iKDe)KEQ-t~D0peLLUA zm+WqUT-W-Y?ZfL2hCdItYlqt*AmImn<`zAN+shK)pK`dpo{jaZcsWPX-I$!#jOz3w zWvwjdl(ojF+!~43bvpj_c8lIKS10=A{AIM=s#e2zT$Ixz zIWLfV>#NP+2Pyr&@$%9aM(1Z+z80@7ERMFxaiWSMg7CEV{9M{S%A8!{wzAMeGwMPSUw>Qmh_la`h(Xey` zN!%`5Sho9DhcXdi+VtXc@mjXWKP;!oa=K!JSv1OhV>vGqdj4R9TtVvzFD|QPye&81 z$n0laUaqHCt7l{n;#=+usPDjZWuk*D)wu9e{DjQ6R zoUGPb(u3@w3&|3mE6B=;fZTnN?w>dHTutx5whOVEUsv$j8ChcFFWD&!mJqJ9!N+J@eA(eyb(ld^_~V)6bsF zX_Xyk0CuV_KZbK&x3Fh(>8Gc5R9AZO>C?|<1)qNT>1e**cXJwy$`MGScbo!-dpU+18J~>=JRcmFVLOrKWKl9vYlH(5@do-UE z?A@W$PJiZU?CWzG9(i`hXsh=Qojh#qGyQ9JZ9y(K(h;rmv>sv09<^R=Ej8tUB~28| zjc5Phc=72x2f0()mWzkta46~I5FTssS4w?)5^hf?>0739AH5Lq+%x%f(W5Jvs>@~* z{m(sfIwSi0E1!PlrHshDJmaT>37Pc1#ktw@G2E67zHOjolcR%ZKtZxskuBq#oRRHl zhH=VRCntV7j{AUwc}7=RJrmqP;xkjHKb_6hUY5<8+^oTqilII7Lpj%8($7MFd-l2f zxbXQ$=eV%7R#TUntF8LlnQU=Zj~yl}JTI9OmXa3acJZogp|D?HZmzX+6LPRd=K)zb zq?;9ioRLe^fTNHQ>RFr|MVCx;!fjp-^5)O#v5#JP$@aEw&g$Wv`O8CCGi)6e(WtnsH`d^TseWR!cJ z(g9Atm{aoNsa&u$C(pphO?Ewq$jv2lD{={?!>vBjF>Mi zo9~ULJ_1qRCd>6&c0Ju;f>%i5@^aD{<(NaBtqS+lvPx~-=agoXOV3W7ej$;~ z_nJSsC>ssA)|PFWbVV_KO%>~=Ha~T=&o|^nx~AM$wNa$|D&5#w@jB^*a&NWxi(cJk z*W?PL9!?eHI#2eOy2h)o&yqcVQok-D=c&QhSypQw^9dje%ll9{*5i+b6%!W|xirlY z_K|Y4<$1jaE#c>0c=^HSrk*)A_PFWO=OB|weXdexyibSk8pvtebMmZ@>=Rp^vgR>%OAo`Yk2aRspQy0>wO8QPo6xP96LT< z*tV3?_}uan=V!eR)B}*oS$QHOF&c=|@(`~yc8XUTJH;!FZ2b7~$3Br@(G$J8jnH7& zPh{g|Z~Sy7JbwI zeTs3a$L_y|S6?+)dd};n{&5MvGAZ4?xL8R13j^X$4u}uqe+NApm2LU3UcB_&>1VQw zhLjiLhzN67&7l z<+UUe#(ioWecI90QWY;sgm}p(_kVNeqjJAGTpI_jnUq(a|Gwv6_ZdY~fb zKln4)gYd(L?Z{w0oVt`sOYZB1jS9+LOu5dH`8A$+N#xz1o>*L~r_b8ymG$hr{CsFD zoCeyda`LIea)U9*+4Gq8T;3pAe~?M<=!CO`WKJH%G);P<=*KMj9H5-*$PF`T8$BtI zyT{={q}KfFXXh4P*W=v8Nn@75ly>%AFAoqK!%X8HQ zEqU_POGis5^#oMn|_YTApxv*$(HB+2>~UTyn9E(;m5ATwguDC`~Kpoxz@3yZMR7A0G?%1trc7X(i>b z9H@pSk;^lkX65K7Jh-`1)gI;JwQ)}F8w54-9Gl#4kaJ?${)UJtc_vq$NRpifPJ`u< zS7|nRyh<(s+Tn@Z+0_u16BW71t`CWX6Y9h5^!11XrQ6q&%_YCSrH^Ku2&N3nzx(C? zA>8wRL297yG=x<9gytUkdl%A=J#TRrl_ zr4ZlimPR~%S7o7j`I6r9 z^aBfPt+(axj)o=vqWa?QIxY#B@-JC*>F%fU@mD>5r1?g5B_n^s<3Dg*6HWf=4z(C zLmiJVk4i#De#7Grw$IIG?YZpn-+f#YQhTm>{O>xk@|OPD(SLf~p|1Mke)r0WT>Q30 zm%e9ZA{)PJ#N&U@LbbKJ6!q__c>MQ<_GvLe zGyK)je|z0s7elC2Iy9P(zvS`veJme;)#DGZeJodx8yRIym2Uqg(9giP9 zabh;BXT#$knr$p(<1c&s!_8bf@4n{oW9!Y8tbEtwkJTD74pMuzJ^uK@(YN%^j{ei@ z?io>E+#?I4x%i4jmmXctao#iG@sF)7e=Jk(o@tMNd?MFgds-g<@%dc8+jGI=$Is>C zH$DCn^?dvlkALExy#DJR|H-5G_C__8OQsORIyJpQRq<;vYV z>G2aM^6@hs|MZjj_;ru}^jdCQ?!D;o&#XO}wSVs=kAJq^n#ge8d)4DlF3UWZ&L4Yk zc>JlwT6P}Vd(-1TQ;}t1HO|-jhCP0=a<+Q@sWd+E_|qDn&inhuJ^uGr*Q@hutJT8z z-Z$mx-?vm<$=J28$NkD>cZ%`iLb!2%&g8fcqaVC>U#&4;Ut6f= z+iiH-^Z$YSs*U;PLUmO7V>RVI3=XeXg7SAeD&Ol4Z+N~Liyv(+E*|-^#C0@Y(l4to zZnnKD({=1e!`Cgkw8#C@VsmA6X|yhKU(%?K{v-Lf)E5`zdcXF^$LgY{9p}gWBbJ<| z&&{?o{doUaHeLQ6d3ZiMUiVLV`fm4!9zK^#ZxzyaJzUSFUo52WdAN~Fzg$Qket12X ze!ZA}EZ5%qZx+&rj_1-3j1`jzzH+xstP~c+UiZ&NPH!~lXXn=Hvn#b~ z`>C&D{M?ba{BE>wUF7QR(Q0EMJI?Ny%IfvMwSCGizfhZB&5Y|i)}a@&8M)E9wZ%W; z@g4Ph-8;Yo^((EetYyaO9XDJ)+PNrJrt`%es5i!GsZv{Bt}fJMHptF5ca~j`b3YKm zvR@5+d)*S+A=uOFB7OIk**SFG{Jn|!rE+Dyx!jVuaJ1Q|pFi@oj>X?Op}x4=EoWSX zd)>k1#Ombc?K{B@{mAV@Ke}_$^p?t5Gt+tdt`SWaHz>dJD3urMvuD~*p+DX=W!aE# z{|ybx_*gf8m*)f5J)t&PLQ&6w4GqhB6!gnDcE419&GL0D{q912 z4mhv=e6oBuSL3{N_f^d=&h6fJQ3KL%FPpy)e9I5!%iGp;afN(nuaS_LwRir(?EF76 z76kh9yWPm2j)$;oi*}E+^7&CN>_-^whyH?of$**5U`MIkSgY4ZgAv(&G;%p_2g=8I zAGxCGvj4njKE^r9NBiyz1@&a!JD211f$^R7qh6>F>_j>HH>^Cw?+toXe?6~1$ce1C zKoPBI_A9(O}GM-Kd#|)-G2Xd58pIj^UDsQU3;Ty^Y)t-|Dlfh;#|*%+-}In>oCX{ z>s=@p;{)@-h^NbVkmI~};=bcU+g2>fEtRW{H)<=*#v}&juKC5e z-5>61peLMGms_K{=E}vE9Kc~;@R5s}E^ZI@TTxCnMJbPuTn$p#KmOX+<*H?Mtu+ei zs4v(rvR-~%M?yKWPHw24UKiuh>MK#x7LWRV#QQ7u4OmZ5Z;UU5cTHOUk6be!-0$|V z^ea10h!%UrJ0}0p5%tBn-F^Dp{yw`eXeO!Gy7|TO(XOSkrNiE0{V?wr>kD3yqjM?t zyM121>{}K?S9sIP`)H`Y{O$GnsM`U%-g|%3?w0oB@7mOI#JPU-w~t=e$e#4Os%(o> z`A~dDKHA~!1U~2os6Tw94{e!#lqch0u6m}{$ls6Xb<1NaC(i8?x!E(bJIHMYsjS>u zW3^WA(^udr`pzxMZo5w|v{SC!m1?UxyL#k;71U9$*F6XzsePD`7Ub9qE zc9Hhk&g+f+VJjbh(Cd}8lWp?jqIyP7V} z?S&rHw@?3;3V$d4VK_z}zk5RE#SP$bFww+RAIg8P^CIRW-B0K+$9nv`H&ws5Lj4X- zYUB>(hW?SpgCFL(lw-X*`$o0>ZpZX|PoloKJ^D|tdr#cg=v~rue09hgL${;V_%MWPwJ)pJKB>ZK}*yFdyFD<5{m`8|mDWdAd7=lkA1$yQzu)>*WxUjHm;7M$ODzI(>< z`A|=+AFw;>nQ?jN1Nri>#!LTSH@~#*<1e&RcAjqL_L27#>W}p-UiXCJq`tvU@wZJs z>_R-&(_;L0T{8J-m+L9k5B(-^YA(k9anDvTAoh>gk6cfAJg+~aXT6p=2fz11K~LH8 z!46q(>u+gP$Kvn3uD-b4=9QAUYW6?0?x7j=#X--3)wS$%D2EF5!hDT(DwQ9}J^ym(lBvVE#k@3B(RkS( zInP01>Gv{z(&u9i-6-hWFg?3w%-8a>&%xXm%8|4oOUL{$Gy(bJx#wE$o7Q-7E|2zy zKeVNZvJWiheZ-f_$4_LRZ@BM*%87$M&o^{MBW2$f+CAM@q8#|5Z{@_>BHA(e`);T& zuAr~ao=p`>^`acrm%TrKxWK2V2jSASygt}BG_aiTSW7&gI=rs=#kt*>Utrhn5lu|@ zv8D2{+;bm?yP7Tz`JLmg%Np5}`SDopd64@PjTcvx_j(A2oc{Z#OgzeuYgqV2{m1kA zI|JmSemP##>)RmL>)s#qNFKN6{=i-A9`kwgw^X0pC%JCEp6{(S7UI6_{;tN0^Zcc4 z4W#ygqnuynp38V3Q8{s*59f%b@`>Cz=L6Fw7UecIEcTU;=boo|pri5PTp#A|RPWmH zhco^4flDUdC%>ujLI1;V>7O0_r`LVphWg@)`mboD$~SV)r&WeEUYyIP=d$e+3mH2q z<0b|<>^sp9_ikvq>R+%2tgvo&EWR?MzBt(B^2m?zzh_c~f*yH*D{cSErpAl&{DaDm z`+-oeUbhnXslK)4>~mt3ZqOF>^^c$S^200D<##(O*Xte`%gdLxEgs_-er3z!gS_;| ziiMAidwkh^)EnH2cJH3JP5H#+Adh}r49k7GT>X#CXg+ZTo~Q@rt35#|b6&Wi5$U{m zWXZzdfqH##)8)Lr7?-i0&IA3wczuF-6Y~e^b?=S5-k}K#m&za0=8f~^#|rI*dhMCX z=l_`7q50p^q>iN@9Z_GL^EvAE7;0%`Px_M>_dNqXl<)eM|bM2Nq`db)>M{nlyVI0}MP)h8XezX_3BfT`@ z>6_*wzL-z$gU#(!{)1sWNZvxfgPzi@${*gj{9-=2ZrQo~OPXJtm;d0H2GV`RgO@$L zX+FZTo}Bx9v(|XGWAUTKdIUX^R8kY5= zYrf2*jhy_3#*2gg8yd*U&(9vs%$sA^G+ms_k4m$us@ zsPArJIg<^k;-T7e>B-y9(Jkz>~-~{Q#;FJA1Ly<>!n9KJIjNU%4h9=^zzQ~ zk6hDut?yc{zK?eE@_R%6EdRBf{>MfN@~$`Kf3CK=l&=4eP2}aV-z$ZFCim4lnx5_} zu>XU-SZ7oHbJf*z)oP_$Ex_IZzl==44V)(_l2 z5Iwo~As#PqfgaQs_Yq?Kp#LW9dh%TMyyWreyj^>)x}4Vs>wPDP^}65{uN%rPKNbYS zXi?6%evol0&sL=4^zlnUE{+q}jq!s03+#WO;`(Pi-xUwLeS3mFd7f{?;t`JJyIiz4 z)K~h$hRMfxuLs(5U+8ZlGi-8rjsfkHxLr{$F}a}$^W*%8bL7cG#c;f2W6|J z{P-oy7W0K*I=<3;bM@KA**Ncyck}rUIp6eoz3Pgb@<;hk6u6+Dr1G|(Z5PJrCjxIN z%j*^Uk+(zaFIUx`UKjf^#P1!qc|74&{dZYhSscecwa5m#v&w-&>YDKf5}=w74?6T>X+}?O6UNTI!42V_vBgHka^_0Vm`It8#2jAvjIq$h@av${k zrLw$-v$8t6TwTsRXa316Dko0b<71cSe`8GVo2gV`d^{O=M!EkmcK6~+wK`g_wO4cc zp4?Pr;#}X_c&$+j#a^)Zj(WZBlh-VWeqY+Qc&txPb}Wo};YqIt!Z_c;eiZX}-#p}c zv2LOri*mazTX|1j%9ktLIZu-TG-m< zZkZG;3_IY*eyhpa&hE$O2;9DdiKWN><>i1I#=(JUlN+j-ziZ5V>^EZmDNir&>|?zE zZ`cLDST5q@Ih))4$hzzIFzoDmeqqGqP%irQ!2Vv==jrGB`t_%-s2*|NF0d2pTCD%D z3iZ18-Z2081@j^QsjK;LUw-En?_>Oi$$zqt5A`j!3;HGey&cOR?dw_?_6*98{)=&h z@~|JX`Bv6j?++*s<0j_2>E&&k54otX7+;VdR9BE^MgK&+oUiMACKF%i0C9XjHKqE+c|Ynae?$|7>xB8}M`*7nI~EUqaeldI z@feSNdfjg5E6#J6H&9>bFU}W_hU(yXXel$)r`Pwq9`b_+`ctvL#eMKKwO^duiGAR~ zL?bihjawMJ!3E`@+`f6h^Fh8?k6pjhdMp*}Tz5M+&4*pEGmZ~$H}Hw^H$DG#^AV5y z(08XME1v=UFn^-nMgE9~KIn%%dkggn-B!vgK4(zWQ%oPEzc`K$b*(<=|9$N%9rHnq2lojpr?_5V{2)Hgt0N|lbp~?aQsiDN5A^}3B6mEej(!m3 z-CmSa?AN8l>?)QQx%qg*zEqyykuT-0ROaJWXKfUf}Ce#-v>AKH-^kau=b8kzyqmhz6qrSL3 z<_(oj-m`_4NLq5^U+V_yu7`-Qfr(k?5{s_RprEa z{zI2FAp5{;<_}%*u*YK@mdY*JkXBdQwJ+qjPpY^&=P^`jtS!4}wtXf;d!}-wJuXzR zZ*o0oi~IVqM4k_xUozp$`@xf&shs^4_W!Q*E0OnPsFz51eJ7_?y4RiTn2-AlPa*!2 z#baJTy}^I-rlyN4>btIy>3JFSPD0;BOUL{BTGBtn zzhpkf6Y77un~(34yJqRI6I|ndW=qq>RrDVjcbCnF9M+Ga35$>Gh3iH7?;W=EeFc5R z{m=bgPUPhIU?1$?i}-T;Y^`-JJ`eSMAzsRIPT*7IP}~nfFZk{46zrX}F#1tZ9$e7h z(7y)tqk;RvF)Ih-3+14`gZ6{yf8K9K&&k&mvh&$zgI>|?Tt4gl4R(GX`eRvhz7yx8 z=R&>He5aiQ`d`fF{Q}q1dlRb%)=%^UwByj0rI%da@f#M#_yI@ohQ2snu9-agoxC6P zrpDlT`R6(z6zdzWzm8~puM4|VZaf6y-JynAo%{pIJ^^W}p>X~yF# z>Zj+GsP9O~*Xzc5-Y_|--@QlPmcKg|e*TL3;@rL>U+fr)tKu|EIF?U|S7VbkwMeE(*!CfbAb1pVRuX-$`X&n5G9zRW(y z{$j9C(ommkCWrQhKJ>Hy()|kd%YBpi`OJLqVoU852fHt8K>82r^K>En`z`!f*Zepx zy&uGUiKSy)$o=S6w%nI0nl5foxwD#>vEvICzU^|If2lmWx-wgnmlN{e@p@@f^@;QH zi|cydb>xH!i#@IvJW)UN3#^NKmrTAm9tN)8iOEB6-+Db`>2g0e_Z`HSLq19KdK|iF za`C#-uOsIR`{S3lR8CwWU%XC~@AYKgJ9s4t(y6@HFD*y*>GSEn^OdQB{IG^I*Sor} zpHJTte5I3@?;9W9zh1dudg3}4>LKk?KBO<8#QR9Egnlftdt7hnP;)JFUH>^m$MpK* z?D2-&T?+-o_40Fx3pyvX5Bdwjm?zK=N?pyDzDFG2kG*E`ah&`i3-7*ee&2Pf$J>4U z(T03jo1dH1eB#``$SuUD{k6Cb!OoX1Y3B64@vY+QCs$8n4NZr|r_ zT6(lEu`ui?`WWYO4ldWHVOy>D_Tu-%rZu}dw-473un+wU^9}aL=x6(2U!qES-RWWT zk&g0FpMx$J^NpK4>R&7$_34|3mOS5>`9*z0S1ca;W9Y{|5ZoijO5P5XTl7&Md2U02 z#&JHqsrkh@$2%@-px5o2zrDV9bS)kAoxWsYjMrEn=Xvi9OTS~<{Fv_f?$Br{5Be|; zN;4s$R9dohj4SM`@2FV(F1Hu?2ih}Y@`>kzU2$A(SUNaGzMgM?+0vta<9O`dj>Z4L zmipqru~^?k6MNnF7wnDY3|o4CIS;(4DW#77)9b!EroK2Y=ea2j^twNA)BL{k?s1F9 zJ~YmoPk6lNkM|3I)8ga(!t$#Ry!N)l1uLZdz)8aYg~}heZ%)ikt4}Y!pNf4ne49Vs ziTr-Btog*b{TS~rIwx?9{d7`=Wqxm&kNYL1Z42M!ew6oi+&y9Gv3*A@jB$;ACi}_S zsys3jzfb9$fAEINi-VnG8t8q8dirx$0}z^76&`2fQ%e zpbztIsr;%de$Cbsug`0Nljttg=haOuFMV$r`t&@tz1nIvs`>i-fzV%5J;nYX+rirl z_M)9C6JFky`r-;)5r!S`2gS$somORO`@FuC4a?tmTR6&($lHWfnTo3mi7vj0CQE*d zQ}{36w0PN{)f)21Ok>`^@71yRKd_;`xVR64m~-oBVz2x9CH2KQfAr(mFKeXCzy0Nm z>KAOk*0J>0ud6T4^B=gX0jaO&kKBhX9{nR@w|Kwohki~S_Ae7OHNcHP1Qp!KLdvP6F$b}`TZ=RELqWVH2ZwV*5@k}(k z5e6MNkS=Z|^q&_#>KbwKPVE|2T!p$U^K`q;OkoTOrMk*DWFdGS18+vN5p z=HtEu#(mtkx*aH2?!T|Ms`F{RuWNpBUhjp#RqpR~H8MNz`?<1gN3!=Xs@GIboaY}n z-dZY@KG)I5E3tHp8~7ME@DUFm@$e(JVbhn^Tkm0}{bw36*4H)gQkL;g_j{`@$HyMNls*?ryoetTx;!#NeLH=HRM{8+Z)5Wjr;zFqph*V2;a7w7fCcUo~Cf%P8ygM*0*XV!_3zZdsaICsJP5a%Dy zhxrrpQ0%|MrWfgb=MbUa^tx%koS$vg%fR_1$;T;*GaQiyY=H+}D!lf0_%mGkx!qf4-vm#i2i3)`0LBQ(xSE{U?1ND)N}J z_|K1+-?z^%TYS`$SQvK2`1cKn59O!zknegNdP_w+Cja?$^~Jf}pLcn*Te_YvHR}uM zJasn6eTRG(RjGWhWZHbJTSM0^484033(NB!@?$0${h>cen%niL>xtZoTt-dL*%tI2 zdQ<;GJqEcZJ)-Hd@7gr~^Bwau`f~e`dMICH+&+wxdSdxXp*(qiddtE% z-@tbS`_6^ShjQ-))(iE=^><(UIA`$1b5629eJFeXw_d3K*>Sh?viZBzllt$jn2&Y8 z?mTflefGMg*WH)|)dowlpJG3TeFwIzzG$B) z7x-#>J+ze7+nQ8)an3!;hxSgd``#aTNWa=p;hlb0<)Pes)Y?=zajrM63r}ifdjD-# zC|~TlZ1HIC*e+ulFYbi?ljcJ|!Z<0-Xu7xw{YTp0_2Rk#{Q>j;P@z8YI^e41PuKIX zy2gE3Yg^OB75XXc$9*h>W4)i&Oj1wOXVCp?w=2qF9ld7xV?Um9ea>Ow7OchWSxXurnP;vA=JdTe(1XT;+#L$Iq*K1Xkum`80z1P-&@>s$Jm&3a zf5AR*+NI*k)AeIL0+*uxJ?kz%;r^!igXH#%xt!}iP`2>ou=&M(=x=RXy#AiX@EfIlc*XV(7h36e=TVQC{-9<~)3J|``(O*!Q2Fv!FQ~jYFAw7sKDfb- zKJJNT7QWMYANkP^C9gNyHQGCB`SvcEk8;p%yC*CjJkgKZULNGZeQ(F)4<_cv{t@cg z>+4^u7fr6OUT9Y@2lb2nXTtIo>j^txZ?XM*o-f+fF+F`;3hf-_%O>A9J}VY~yLR4k zTyL8`^q*M%xW$7*j32i6$|ds;xLhm;JSV<$ezZ3@O26H4epwCni7xNAYpPcIA=(4| z4gD(GnV4Lh$22JUqMe%-j^#UtTk1(HU(_@0dYr>Rd(dtZCLireEFASYU!=?X9=3me z)8x)wR$rX+z&U4e-om)T{^Q&g&6Jsk-EJG7z3%x5OONCAE|k;Q zZnOQ~zof#w?yc(g2UYC9O8xE)JrnoQzt9PW#QNbmTFl>=*H3pR1+6&+3z&@$Y)= z$9+;<_eXth$M3k_iIvlL{!q4f^ov;TLlz&o;JwF=#mDw5@QVG(+eO}2sLp17U-Z8Z z^%WiHAD2yEC6`NZ^fOON)tT>iSd*X?Y%9@ux6h2uOjlGNIb2Ue4{M(u~z zs-d>p-q3^kMfqVbciMcs4}tj_*Qd{4we-lbV`1zY@tz6J$#LKJe%Finu5bTc=m*df z?La-fJm`mB%nyjieF>b~;y%ZI=Z$maQuzs6w_I;0*eP}L_QSraGb3@r5AzE2rN7hl zM5C#X2N$l3-zsZ9ajp;j96t2I?!o#$X?BKxd)>E|OfB>de6Dd)vCQ``up2k8lUb<5I?kO z@!%EZoEz+eFV83VV@>(%@OOq)k2o(kKBwf|P+puDLO<$tu`h`7UT&%U#%z5peZKvj zjw%;7fa^PfPv$ycLWR@c1&rg{pD#jv-Wf4Dgya0-_F|DL-4b(Ax z?{w7{cf0mZs_+i>-eK`57xrSjAwJq&G5J{EJ^B2_d}%%IliwL!tgbwfug4FE_7fdm z4~*|V-XUAY{%tE4;}P>3=F45zZjpZ3($Q~XeFpG|_4js*@`d_iUc$Zx>lV1|Lx0fX zr9DzUj;AmmzB?TRBOlDK@6K5Mp$YTlzEpgGP=5JQKp*)LO(}KspI-Ni>*|Yh&e-Q; zUx??Z!7bir9@9*{?uBBzf5hTbF0uF|6rXvDQS)ORg^%?#XLrpE|4~)lG5ue>s=he4 z+qjE8S2VJh?(08l;hpR;wONBwdr~_>+3|e*LV*{!5A2^)Rz7&*xxCmitF(0 z+7sJr#`L0IU)soqK+;{xp8(N+?=YV>}_S>h4 zY5T#>4^QUf)A4M@yxXz#FLl)ySK$1mEsgBS{jADDv)VpUeD3kf6Phm0^Wl65?|;Po z*+mtS@0qHX@zZ@Q!`to`ZjCxU@FLx|I+OOEIazAx-Wi5T4?910(&u;fii?wP! zeV^njWsi6JzwEq9+xc>^Kd|y8&E>HlMY?=H78|47zT_+8JC}ocz%S~5JlL0=hr{8E{i3gI=JjKqNB_V%%199Fb>r{8hVj*t_N_Jax&E;E$~;f=RacwtyF_Za){q{W z`#t)vPP<^_T$SImdMeIWU+s9hbNlLyhNVAjn;-W@!N7E1bngvI$398kk7%x(Nq?8> ztDBlG&h?_7d~IAKd+Gdp(86&%CoeD6+BWBk-<*>lU#_<2<;R}=(n`f8f8TmAX7R=6 zSL65ju30+PZS)U><8_R4kK@C``!0EYYmb)v1Xr#feKqhB8LuzaZJc9aJmEYJ^CZfD z^or>}n3xalyQVDMH=nLsJo4Xl(ZYBxaoFufJ<*=KxAOWi-{blrw!^T=q5sEtaJXja zednZ07Js^HKFTk0K>J}Fly37qqG(5A`iGnw=4s43c+PRxq{*QijJLtxZ}#W;{-fo? z^Lx-U__-&~_x}{~p`FGwzEryH^8bTMr_Vd?ay_>!|NqYC>pO?*SUPy=?~yLbtp=<& zU)$1jao&$V$kF`zvu@_9K@ypE%c#b+**i z$n-jC-?W9%zlUcmjORd0+ZOISAM<=e6PAv7=SM@iy>#9gw)EJahM(5wPpb=Inn~vu zr0=}~efj4-->V%zHV!@Ni+itjgnp#;$oJEMcC@q**>_Et4<0{uH5-<{`}RpMt;&^t z^1>U{mBo7VoXx%|7qt7X8Pfw!81KXsE`Ep7lX5TCF_ET!$t?k== z)AU69e4Gum&-;Io-yc&o!Zq60cOCI!b#-l}k?e#~@?ri1x82jw=k4m__&wXT0X^!A z`!4+_bM9Zx*_Fq)gI&9>TK>rEH$A*+3$ELT^Tnl@3XkhuQ-H01M2?k&lA1w*K=V>@^*^$ z4f|`a3ziS_M0(y}D=OCOA01ISaekeT>q@M@trhv%iPd!d{rXIhj_dE&mo%I{F9@Eo zo+m8*)Rg&gy)Mi6sIH8Ls}tP~S66c9MqdwHC6C+n;}y$aDtGjcxF7iXwgs^tKs~Wf z{`!Wd%l+eP=40K#dDxF!v3Ru8*SwuR8MySiKU%i*uU;^}?|E<6FW0B?bJC;s@yjoZ zY{%q(JW*eq?^kdgjeQaJbH)8pjGxrZ!dE@U|(3Yr&zC8pMqWJCx6o8<$X6d?}8cBv2uSRu^{;3 zTo&gFxc(?@n>^wX#yo=iyL&E~TpV8qEZnz_dcBbk`f$$r6BWycblk6x_k%+HZUG$GAH=+5ZpFqy-?~|+KuU?ebHzWkrR9n9b~xnr;`x)|jwT8(`CW_o=0bH; zF5mdK4^~{iFu#KfelMg{{-L$(_nv?9lB;ria6S(C9}me|kI*mWUB+4? zJFjexd;UG@_qsoOMdfO8i2a4?N@jlFEYut4a~L-`|A4&+Z+1*C)+zKC%c=BAb-4(+zBf%LicCp|pr{#S=B{ZHLA zAN7D;#rpKsW5V(k>$`8=;!!W?>#N_U$zflXtzWkN{`8E>iSv5>=_L*H;{5PuI@z%N zUAA!CN0nb_RU4l^{lZJh+3HH8T2Ex(w8Qm1`s3z=>kE4HZ@T|~5;*imb3VP#^=HPN z!fy9JD#^2RYjwH1Ud^0q{n@LY?)Q7J58t0?yxf1z`5O1%nrl~QSLT=E7t;QS+t*RQ z*Zs3w9`^A#eaYhE{5E0XJA;^v(`^gi<$jbKw)ou>=Ew0mVqu(1ruP-}E}ed|?Scx# zdGF6%vmoXN%-h9zx>S~%5~HG`x{^Du|MS!N{C9+4dcFxgr5TqC^75QcK@R&b?91+V zIoub&qoNsPKE}Krrte<*ec(%$UeqhsBRku@5e$g)BIaT2m;3gSWz&!OcE5*lPLBMs zd|wy(>OXFJP~U;|^Zaoi8rrER>vU*?c;D$SOy%o=dHBz7S~-2?cP##eM167l(Jzt^ zw13ib0ob`5lGFIOk9kOQNPMtE-jlpw;l{T4uqW1|laG&f+$s0}!`4C`yLuu~A#rJW z#qYHB>6deIIXG#qwSxh%e_smiB&vM8fy+?K^rN5sg=q`Rdkf9cI5nM*_aA?1T+_w5 zo-cPoD2B04<2o~zb6w@qb7NfpVPBLfx7MDYU0EnRfAUj>a{Agc)GyT^Id56H@|+ds z+4I?b!B1^#x;Su|(Lk?@`@`6u{gk(-d>^CUZoU(_{>4JSLw!p@Z+g9i>#4M!%|`uv zM$bhpSDf2{@dx?8xS@$X>GxsN7W@5QyrJ>pe4Y3ym)jq{YLou{-d`Fqv8dnW;y4ZE zr{`X!8JG8X)Cb?A!+01tZav?hyRLe~?ymW9-mX}9$lC|=bmH;Fc|5jf%ktSgJioTG zBDZog`|rOruIb{OV{yFLJlLP_8%fC3pYNu|i~aJw-8e2Y<$Ys1pAYjh#=$pckUz9r zTn@k1vG{KUPV%?gi}_T(Po@)6{2haD1dgd3`akY7W1o$3!TVrh`5AMBTVa!W$opU>I zKRW6wn>^N^*l&hCe#89myvY1=>)nop|8jx*(5B0U`p9{Lhl}OFUX%xWQQx9G}qQ`o}H% z%e0jXJ(1Uj+f$yG2Y2dyzyJJKx|%M|>y7%M-Uy=}2NM;RbAwQS`P0L&udg3pF?rMj z`>W6|7S>|F_^UTmPF%r`Sk8DJnum|%H6wd`N0Q%>>p)I2Y-xn_%aXG z=JhuCiWr@lhc3@(K5<36LqAW~p^+fe>waKD|48FY*DMTs;SaJ`zLT@u5-a3aX>W1b%DmcJ{7^w~n#^a9fcA3{ALx`JR+~xvHl&<+yzaxh-|o-bO` zOzFI{d&0tykNs#gA75;Tzdmm1Xcz1k;ygNR>5$Xk^^o7s(yxf+`26+IULreyPq7{P zo=@{~(9bY_`rAjY%UYx7Y72R8KRu;(ira0Te8)`Xbdt~6`P0`uJukOZUCDoU_oug0 zxua*l@8EwoQF-W!>?*57uY2gC`MA%6_9}<|r1xFyIg|gm zZF2G*M`@RL;&-}#WdY7zfEdpdG2t;e8`o&yuC{nAN3{{ z#{7x#9mn-mOFuAf{y;rmF7%*3qx`;dy*~F(o8DNS_satwKd`*S@}aywJ+2?=(Vh*< zH)uWit;>16(mtVI;yasvqowKMynQea{f%{v?8$Yj^*hM_Y-op6zWDsa&rWDQaRq&7 z&!4`biRt}Tl!x@6(d0}z?xXyywe!FHnU0UsF9yNb&wh5s!(J}RiT%Rc6Y~?&t4;#y-qd+z$T zmNdUO*Wa1ZfY?_yALp*6u7%_H87`!cSs3#S@}=)TN&Swy0h#ONzjaOXiMvJl*v~;P ze2lyASguxjbgp`))`;ilS0}C5Ta_EyCFHL*7BY5Uy_(N|YdhL4`E<5eA?J_Pw0-}! ztAQPu4{?2g^$GJC(n~X*v7^4U*SPsZ74u8m=HohU&m{{N<@(lNZ}-IY#P!$Xu@8vn zz#Y?zeLwbtC>Qflv0Pji4sBU}IsXZKW*6lVqzvc3J*ny9(Eq(&Sl9oX-(IG?;HBs7vnYB4f*o= z#9OMWWBPtxJ#}u!wM`B5q+QnU$;n;NcyTWG^TQfYxys7=MEbiwKYv-{#X&Cg3zxem zBX`5ZqTCe?tK53-_qKn*#UO|IWdF9wkA(DI_vd5&hu1%r=?A}1aRqJ<^6lzcekpJE zXjVROk~Ek9g_g--{#5y6N8gG3eqlq?#TE4j4xv8vus9a>^}le$P})?(c{8 zlCqr}^q`*U__2KL0>6JysMiA(t4C?Z6DBN-{Q~;+Kk)h^9{m{o0^b+wUA6qmHEZ`j z2zn*0VE4mbZ`hA;rXE30Up)#OZo3|C-+QRXT(%y+7&z=u5AV0J9v;rrBj_pC;}<)k zOPzDM-Fp1u1Lph%^23DHg|9*X_5k_B^~?9=vd_)@Qe}XAMdfE#&a5qqIqhiAFAb{q zq%saQen@G-o?i;>C1vdPa;8r#NPDPA?i}Zr(65X2EUCOf$zCt~Qg?ve!zw?&BxglA z{ntkZ$d3g5)oS6s>h*~M^5r1E(ri^%R^`cE)bl#}P0{{D-y!)4?s`32&MyxSkRSJY%vE($zJhxE^7sJx36+B|cb$K_GaNYZx!3U@M*a7g+LFu7Ph7Bwj(WZBx38)%&g#|uVi*U#Sg+PvdntSj zqp%)*8$5hH{nolF>2<%g>Avgv_N0Zs?djk4^ly85yuKZCxtr$C4x10YE$Q_7263^U z{i8(X#JL@Qz0v))>%o19Sf0m6xlPTS-e-#OZZGo3c&|?}{##z3zW4$9!7IvpKWY`8 ztN2Hk)IM=uKRgGE^7_uLM^rd{ZvWmJ7S8YA{g_AOpzkrSSG=zGaJ;|qU9YsOE6J&6 zUU>H8p+vsDA`b+}Z}Ixu{ONP!@xA@uvT|{s`dhAV*JZcI>U(0naQ^X+FKD_rukSy; zsDbqT2J{E{y8QT;G^wNi^t!(i+DrcQeCTJWH~M8Pf6Veh4()(`lPyQKV|pE)+sFM% zs7G4fuUs*GD9`$f#C0rw_jU6hb-BnnvG^$O*HwGUo^Q+3y?;o(k3F85=Wc}jBIEUj z9q_SF9u0hYaa;#IUa{;vbmNkiC(iZV2=$bF@W(8<6TI~L?^gA~_2PG^*CWTX_1d;_ zU`~8_&mwEqtS5{riW)N$vh8Gb$&}?LIxJfnMw%;DGXnHZ6T`Vt(nG`F+=46^loH zTsOvi`2O|{lN(rX*B|SBH|iZeqjx0H>|!tK4Zm1#ThG&a|I>2F80!r?F+P6vg6S>V z6);J8(Vh>TYRVT;WFnPowZuw!!c}MOf<53D^WT{yr5w&a+RnxP9oLoE-{UpAz7-X(AO6`=-ahceeSx@txor00y@7*?h2wbk`e0n__kO&~ z^Fhzdl|sG^3uD~iJ|n)jTFj4dY1{JQd7?q`&^J`^a>mpbw@3f!b&L6i+`hf8zxW*9 zZ+Sh3rY*lbM_fHOy4pNjxW4)4!zwe{r$hVq24)-{cnd4An|x$jVULi2Sj+?`fm9C&#>aKGwq&#(FX%gVX$m2@v!cI1!i znzu9bj0Cal_d(|>_yFmV4EOH!ygu}^sApW$3wpwbXpiKsQ~qV5a^k#R(JnvNfIe{g z@T3Z--=$5TznH7o*OV`)K;-r>mn_()->-Ly`oHKLi}8b>znH6pFTfrtlpFL&*}v0z zZL9rheKEej+|hV(t{?LU(zPFiFTNM-`n3toBo6&3^s7`q>Ye3^r*^XK|7$l)4fMoz zEA%IfuYSE1d0=Kut|`K+YDX}x{#8=Y8{UKNpFjT9dS32VIvVc9eaKzg9uDs#?~s2} z)5SRlJh#xlF3eTr(Saj)uJK=WL#~()>pt$=4d2xC^m--EJBh`kAHxS1_}Xp{Waf*1 zUDkZ!+)k{EsPBJ@^6t%+=iM0PVLlyL&afIM`sxEetiC$NwrU$+ZFGdk7=ZwW2~DGJEUH7E3=LH zCEVxn`u&@(%87G5|71x6y>8$82;&xy`kB3{{olP|=^yoa$NB_2d)<$EeFx>oz6s+E zKKd1|i=-Y;Sw)ExO;nOx%FnV6~9-Ge1&q+{zDU% z|9ib%HUH6|AkTek0QZ=`YkD;QLS|fTEor?4b1nwBbwfm za{{SvRX#0O;JkGspFe4(^7FIpYLU;cm-F)XjHmK)W*M@Ca~$XS>yrifjQ-|gI4K*+%aBZr#`9Bkt7w7GaeHN~thpua)*crHqf7!!h>WeGfr|-M2 zhTL!vj?Zx%ShsMz-@IvI^h>dGB4?-LjdpIhJnTa`zCVEdup4&maXztL$mjMwFk^am zZEhbJT9NF=RE%wf<5vaxcm3sF!^8J&g&~)hxVo{9p?^rCKlG~QF%(czurNg$auZc zFL2!r`_MlSMn8=8AG30BeTnB*z!CM2>-)6HL+&>Ixqp#MpWL|V zDYgg7`>S0`kNxkOhQ)dLDM$T2k@via^N+^suHU?A*}yZ_tE=&u{^IQv>*e+SrgK3& zxPSA4Z|{X-AKF7)rAO_Li~{~1e<`C1l6e}|89-YXZ3mtRt~QZJO#H(o}(T<4DVH-7q@ zh|d&-`?mjXD=6;cSLE^UCQZM7-z3~PmJjfTb-!cr|GtvfgZe&t#nL19bqgasuA{!L z>~?-}{BD~(o=e&9J&^wETByFD5n-OyC+7wD&Gr^wsO!8sxN z)4yN$e4)PS{5+^VaGke%+VU0a3H`=ZemF%QE6H;Gzs5D6xc^qTdi^8U_aD+{jIvP0 z*xTUx|FZY?(Ul$5o#<7!)K<6MwlFr_#(2m(HD@7nvf&pCB;q;A_GnR(P&Qr)WBU$tx3cb%#-XDSZ&(rZp%if8pn zHfsKPsUh_Kc7c6zsxQJ7{^-uSNRY|zR^zH(l2sa`ns1t)RRSt zhyJX5&YYh~-@EwVRvC_*md{Pg9H4!BEeG(i{32cDY}pieqhB96pFW56jVh;;Q~F=8 za3EPu!uQL=*Q1r=iqI+KQ;~Gg^?m5Okp8OR+r7bF|M3l%PB5C^ zgDTHoZwMar`~NOT80kjOt3Q9Y%y8tq^0`y#`E)TagZ;H_Gcwixb@5@}#?P|{2hN}# zzf0u<`nP|KiIHpYzc}2kvrkUxV_boH0=zEIj<%ir3EtnWFp)U?dPRKH3$yns$CJ}~ z2>Suvw(8I92I2DbnOXWmbYf=e-og5;wPW9G7jihC^vyL6$26|%%pe@|#wFjJS3J$H zwbQ|=$>6cKKK@uh2g|1EsA)hCG|ceRUE>3EigQ99f=K31*oP&47y)JWRld2JY)9SHPZaJiI0NHa^twjjG>2T9I_v6Z!+p7kZW@ z9r56gdCNu5|2nhz0R7x}Q~6-a`~j+YG0T)4AK8~C;yJAJyCiy=j$1ID|^tp zT=1S^Jdn-MovNMvFeNlNF%DmF^3YE$2iW~LJ0u-;?6;RD|9+y!pw6Y`AEyH)W43Pi zLcfA2pPU}r9Q+P+pa)t&OX>B6RRwKjKaN(qu`fO^2@Mw?#x5W9Tlwx)&g&b32fO+= zRSCOyV4kM)o?br|_i#G7z3A5&DETh$-zXon13q8Ge?iLu@}OV;*ZoSbEWQty$ele$ zeS=pI;zh1KbL4*p+Q%F=;- zSpTE&)?capJjZBcXOIW^037n6d?J}Y#9>?!JhWRFuO$7E*oZeii&}aZkDS^G>;d_( z@?T(}IKTdJLE`r+f6&AJ%8@|utbgs4FzS1uJuC?v=m8FRd)bGLkGqAAZy$O6X@4r} z!+1E_UuAr9p59>pCZE;|$cOrs%YVSc;%NVf^TS*{P(7nuRZfF<`v{}-jesX->mt)5 zr*guMAcxtbmM_ZR>=5Oy`U1XZhoNUDW|!7qdi_20lUwHsSXk;WgkRLUBw?%P?GncL zBVS(f{x!{D=raX68UK?EPp-lL;;5~{J~`C~^kD6PmtWk|^yUsmO11xG2}2Ip6~_6{ zV-bDi|3A6%N$NY|(N2M`?Q<;)Uu&0CUf}(S$_c*KKJ5j!By>Rs{M)v(@kswqRf%ui z5+8Pfbh95#_w3e<^JuC+dEN@j325bXppWU2Lpg;UNa?>KVdV2UhaQJ-&~mwdDVuJ3 zRya$ido(}9pg-#1qsv@=={NXxyZG?QCGqV%%d&*gKBNC^)B0=eS|D(mf2$Y1J)fCZ zdS$(tT@xG>g)0*C2jSlt*1iJ`IDy%UoY`br>w z?@H?;F8UW54lg>m&OSNS3))}g^SN$LOzpP>61MW`l(5ggsQvZZ%S28U%xiBBIex@L z<;&yO=^NCKSh-0#CGffNmZL}GtvP~8<;(1;L*mh|S-(?u-^OBI5*^xNIC3f%`tJnZ z?MutIsLA{zy1ZY|3~z(OiGKSpNZ9mSmN53Qd^yp69u5SqR34;*1K7}f*7S1u0;iKx zd124i&T2U$9{m&QEBXo4S09e}^MsHVn z6n?5U#tl!x=Wrj>Bd2;tyQBF>dlnt;XCUggB|nIV9J)cBqT672a!S|62?tLq?6jo2 z|FO}}wOhh3^zBId;pnjHBZsH?J{&NEWZwsNO7G3k`(JrGJiOrqg51#o%{S~K$4BKm zS`|L%&;4=2@`$8c|G6OHHz=OzrMKIN-M*;q+@|N-9YID8>({*YA^bv};gWTGtRHtTN&LQL z@iC9NrC-9Zn^Kj-rDD;^M>Ss^WiL!+YuDA5;%??S*$=N%RV* zFOt!hdqL#Jc$3cI@%?sk>A37+rN2{+u5K_qIc@Jgv&jJ}FTJOnHeAyC?9tU(zIOj6 z){|N~1;1rQe2jZqmLv?jLAsB3xAH#{2t3*WCmze?_>Ew>{Ke~Tf@k*hDfmf2-!m%;@51!EJqwTi+aKq>pm=B}p;z!n z`%P zF5U2=S2Q>x*{`wo@c`qGYL7zwY#?wn9-xKiuBS(*W@ZP*p0#%2+8$0Pr}C7Xe5rZE zW!gA8AllD%_Oru1?^Om!_PbHeX!nceQ6{&?=R5sE&-yJbZ|FC{Rp|m&X{^(Wnny%kX$#+t~N%?p3?>Ksu8}Fs!b3fh9 z56UblhgU5tpp--ODkonu4!3%%dbn$i;Zyx@Rl=s1n+69aCMIWsG&|apotX@VXUE*@ zr-SDh#kpkuXZy15-a)!!<17Qv{qL*de|XdRIr((F8tw}+6AVvHjt6v8&dhm!E%wFeE6IJq_ zz17Air_OiL=}EeMdX^6HXU0d@&*k6;rq6xE^nAUmCt1D&XD8@kv(dpWJ_2#yf)Hr1 z7f08xNf707MB=GmAvvdJx<4x6=z6Drf>k-uf8(AZ9Y=&;b#@bn|4*6e#-MWt=mY`B zlLH;Vb#r8LpBC(>fZm-(Z-nv4fnE;>i0`G*yW8lkFg`h@hjysc%8{2sSKq<7W1bPM zd~Rr$An0SSqAOnL(g@s+#r)qsC;TyPEtYS3cA8e& zhPoUz8{gm9k>yYJNbM9a9L!5X!_kj!T*$!LdJx)$eZ3AY#JqB!15eGP=sc6F=)9Jq zq*CQ<^OmA@KC~#SRc*7RaKty(D*=?`{ppyU)<>Ih+wqd*!caR!7~AM>G>c{ z#O01v+Hy+fT}LYlD(x%<5;(R3w8uwL{)O|v+FYG>vPk67f$0=|Pu`N2m&x6J(qYux z^7xBh7Y}p$?q$wb93BqDxA94jgj+V%?-w8CZ+6ix@vvvqD_-B48KEP-UHY-NWVkl{ zNrora;D2#+bc=m*Xy3LuVB`H{9ZJU+I7b5hI7f|k5%zch_O>ka5D&PL()*o0Nw;`+ z8B`o&?z?D6IA1S(k4HVEEiU!_lp)oJP)v z?_hXt44>i!CTovx-4gH|e8BL05%W`g(A3~Ng97+&hUYb}r_$$Gqt3np_=?HHC-oEh zjRN?-4E$4c&unJ=)VW-MS7*Fwx&WX{H^dhN(D8|*&LaKJ8J=!TXYq~&1^gO}H$#gW z%I+r>PWc^k^`GMW@|g!7ZwJ}E)X_0zn}c6q_}qQX(XmzK=hI)D9-SDTbl2gg$H&LE z6dvvI5?#qQIN~nm<$_0hd|RM!+P>dE%+z57;uJ=6MGZH|s6i@uIoyK(yp(9>vZ{{{Ra5!l3v;tAM|oR+K9*El+^ z<(C`3ml>G!RuLcd5A{8%cb(7BUH5|nQ$uP>3yfg>?uk_wGQMcg*JJ)GM^FsIM&}l8*hLJCy&vUWv!|9sAZK4Ek92 z1f1H7op-SEUKc#;4_hU?zpnHbH4J?(OW5phOTw+{Tl|W`u}Aid`7-(kp%FKD?~f9LI+(s`26iE~|(6Sa9JWbFW!?a&Uu zZcwid^fPd5=YVqczO3m5`?XdcDj&+Vv@Lkgu}Ab#Pjcl5ysUkNhgJm->!;vztI|cg zf%zohZ9S+e_`vhq8}#E=K7AhiiiC}>((~JkyA-cY<+6I^$~83}_4-TH2aG>+dRMwd z{H&c?6*-?%`EY(DCr^*SU2J|}hX**#B5y+pyA-6 zH@W=KZz?FK1pTR9k*xJ)j!Uo^&!qJ-$zs6y5O1F^CG6Tid-W$EL z#24tv?AYLyzw=Ud?x#aOlc!VoSiZU?3_F9}8+IMi`cbWcO@K-V94qP;--gZUoTD>0t6bk+CaK7%ghq?Az?G$o?KgtL7K+_XFm1}dg z!CAWZhD71}VB|x(pMm{6khLG%*R=i9z2s6op`QBk!Tum8#@~hWjzIE{asoXomv%|V zxY^TtD&P3djxwE^Cq3ZWNur_pM|)}Q*S-@cn1eX_u0rd3t~?qHk+e@}2Vj?GUs`V7 zclb6g%+XbS7TBG&6IT9sRA4`l+w6zQksWG1Gk!F#gF@5ydqodAzJ#LsG>(pRj(j~de z&uiXx?|g%S2!4Tmayj_ByZGw8uF=eUnbAY54tfW8di{ouuKC}UJ+xH>KRiX-zg_YM z4|&t)?@Q13dxIjp`lNn;TuZ%|9QF1W!B5p@W~U~Uk?rU8s@n4T=JR6i9h9BkYmIuH zJrl2-z8oIE@S3r|-opIPjgQL3(3yNZT$pb;SE{E2Egui}X}@m7hlbV{g;QA8J?Vj`;-6kx4uT_OX<^`k2W}x=xnf0E~kfk z`Md?2c}5QpZwq)HUhW|n7@y9-zoWAVp6Yq(d;E74miy4uC}{xlzN1k@@9fm%Y`u%? zMtVQx9T$q=Nngpk1JOGQ_2A&}ftHomJC$r+51sUJ$}oM?kdS|yHNO@5Ja9z)g z4$X}C_XWMPS_nT<8$CNRg99H8hKr+js(GkAD014nOb$+mMgBk2^g{nneZQ{prT<_1Ee)6d?Upd(e|vvex{UR9Sy;M{{5amh|2D_3mhRhTzft;UVd<*) zg;ME0LUsNs`EI*DU95$_*}ldm&rWu|;qJLN+?}(pRYi36NcOWq`yjQO?EL(rTj_NE zJxCLl@rj#0rtuB-NJ-aqFUAu2y5*q9gT#p13`&78DX}U(M1K-oY_cZW54SY`nG%u%dN*CYclYS>Y`hl|Q z2IH-LL$x|>e4iQ3-Z%3^#e*yHu+}ZnWbUPTV#J5T_oJgD>G9hW3qBmLQ=b`~oTe%3 zP;F92hPFQZ#L6DT18K6`tUBkUjk5?jmv6oQ)->zk!5(sW%FoS?68%28 zRFog(Ex8&JDomh-n+<=C4GGb@tv9Y=!sql?^_lh_@_5A za0x$--ie>&Gm)cwFK5E$`|qnbM93dOzJ00}7Gceu#ZF-1h)q^@03{h{t(#gbl7N^bn7Czm0$QJ;5{l zbY3ttTMzD?3eND1b2=EB3`T>&N}$#q@YA-z)V;x*1EKfxqNn6L>GC~+)tuC?Lii*1 z1k_T}&O(iSYcZ7pGa(m;;6wW){Hf>oi3TbWTAe&d-^U~zXf`8a`3gdd|yGT z{yydOL9$4F%a?OIkR)F(U5?>1chJ{p6R9np^gcw@)we_*EAKlWot&5)9HGUs8r>^I zTN$#G5lqk4>vTs%KriL+bxkREsV7sg9lfHqtW zmmUq&*(bLnUZ(HNeD^qTLC|)_OZTB3zi>CabYGgqJLBx7NX|^3nvwHN-){VJeXEUY z&dl$Im+M;-yw%S5T=|)NVVf&|lE32UKp%9pcS;2F^ilKl(Wm%0uVm*^giqv`UxB>Z-;)e&B8SQu z4OKPVFFv=YJ-f8S!w!yMwY*fm=v2kw=k#=1>;v`?ohl2QU(S9$RNs-pLC)y??Sg-? zboR36BDp=giZmaQ7ms|w_v=Tf=SrX#%a4sy*HmxtrM#n4BQ8EUFDm&qdPCikF6C9+ z{|!5O1S{ob_h?{T3_cid9}bkR(2q_nN*L*|L*Vy`+{rlE;StVNSvs&|&=Gusp$$9N zk1IbPZcl#BUW@zjkqbvalEwC`LwgbiEh*4i|EeG%1Pz3!SaOFUx z+a3J~dW8PeNBbU~?h!cDf3c(DamEL#3{Ot&XfL{G7gW9|oA2Ur&$B0UXFTxS@;?-|n6X!Kjn}^kV zSbyZSe`(p|Kr-(4@}C>`o~{bKmNUj{&|}fK4ClS0?070a@B5%@$BBo^hw%^emmSxT zoU|CL-;@*)MKL~{0hshkj{Koe(RsQT|D{=8~5eX z%X{EU|6Po~=;5zQ82Nlc!_e;`4S!he#*-)aowu!LU3PMCgdXsiVDdEoeY@&2cVC+7 zu~Zc}@W(r>2|e9+VlcAbZ+8m3;@P?@3V#Mkqj;GsOM++R65J^6;a?|f6&9dGKnOHN$5s}LES>;Uf#*!aCu;zC`p(aXP=s;?usun!rOoln3Sm+4xdRi`Sn0fbzSG$#8$`%9(#k*!cBoy6VSU zmk8TCB;D(G?S2NMKPSg%W2NKeGmig*@^Ny|`LRI4hVSAjPUn%hCjsN))~$=g-y?sm z3u!u{4c5>8^-R3I6SRLx;;|2->n(PFH}vY*?nFoJ*665x7STcZKpyDd?DK#-uXh7W z#d1HPdNF$}OT67<;_QgxR1TDj>0Qh1g$=>8{=J*SYa)X2_xV5UZ({3h6f)ge82h?@nIjphn}sTx%_w0c~F+}S=&E7@AOVIRL*@& zj^x|dtG2>~g=zk(5WfmtJvU%rh|Fw)rpcp`TM_ z!ACy?{U28O%|6~La3zh;ynFu8A6Wi+9K6+gjMob5m$nbUM|*^M?Zw)c z;c594;*}*ozFoF-N<8Xqp}cj0gS>m`^`**%`)`cTw(!rjQ`Jk8%jh{frga2QFUTM4 zzNGE3AK!jK_*#3~tKkAUzh^ILeUaWP5{5ng&u%Xm_nW=EV|RNg%}F}!&bM2PFI9i& zmrSqNZ+TMe6#cH*JJKHdA!q-~DyNNu+EAY$$0L_0htz9pk8|TN zNw;%++7Cup_kccHSCud1cytdrs*-Ny=E;F}HrI|7$m5q!tCJ&6#;296wdH8f4G07ARiId zHofV;%%NIwd%jspx7us{n*R=8}%2!3wFE(HAnG<;E zvDBW$r};5`9Wm~X!l&oQKhn!^%wm_rb&t@;ZGa>jF66-xdfR z8`pQcu<_5;<4eu=A$prOm>dq?_SgeVSzK|xwVc8mHyD!EgVq$K>cUvpF!?a=(|lMw z@+W%9udn=w)W^u@XXUx=_~qB{Iwc6oWM?}$hH zS){MFhR`?p4r;haKFyympVkMA8}sE?7P^Y(+gCFFQ2oHZ>|QCAXTS0{d37Hk8=spG zAXj$g^J`G_Jw+a_L<+go1zQcKH6|_(NB!9 zPfo^DVeVc&zE7@;?r^HpN15lJwf&|~tOy$LT9!B*hdBSxvMFIb??C6E_?b)kI0K}- zbMBwmVt8^Yhqm|mdmk$dl8A8S; zrIXPgjg!ufPNcsN`&oxau&PI2Pl^8Z9#FpY?WYO8;pj)7TwtG^;={f*-_g(Zabj%u zljrgqN;>STv?gI2-_d(GeE;ZE%$Jj#qkY6~{t@Tjz3h;9*eQI}6Mx=QY8QC)%Z2xL zmIV&`%&=ROGs1p3ys(|cGkN4a5Pr}w^F972*BPE1?0T64$vZWrP{KJqx^j%s{#pBk z`q;W9cZ@eh!z*|?kuw&@a@B@LjdefPu4}Lj5nlI3sP`;2;-%DZr{1{V& zz5QI^LZ%CvawC5Zfh9>yhpzV2Ugc(!j{ zls{Uh7@|*J&vp&ho*o!W-pTtH4xebK{=Nu$WudF<*&*^{`q+0*z!2h+{I{zfVV?!# z-DLiFh^{#uuaAz^js>8`dcwK{?DNYFPNnj6YNz%`%kKyKB;JQNIopCKld?+a=JM0> zJ|?6tfy258-=pg^_b~-&updW1-=SgEAL{8>HeGs{v#WN+Q~e@e$mf*{f(O0%`oy~5 zex+~rs`L)1elQM4``XbXbnV@6ADye)ZFVIDQ1^-K(!WaDjeCYL1S<-Xke~r(M z|NVE8ZB`>gON2P@y#rptG3kS@icH$;NLfmyo4^aiHIE?=(<{|aee zT_bg$Kr=kN$6Rd|lvja(1TVqRt@n)Rc9aY5q0v@Cw9OxI4-=!)*zkaP;(eB&1?3`b7uo9XLX!_zwS z%;eP234z@~&vHM{)YD+|@dks&(JwkV=%-Kr8vZtu;ddavBmF0Dec$nq*f`;rI+#8= zrTgR(2V%RogYM~O1iP2ymqs|9oCn{s&XK8ipw#|Q|In`4`L|Hutv;8(!)Fh??|>SN_tyE{SooeZnP~+ z81IO*t!cPd{JS)Km(uyZP}AqcH+xe$rEQH@eYGrUct!l16t1PN@tx|=i;sB*+8xY$ zFh6VQQ20&pk1mMcsqwdl625g={DUgz!9@+L90xZfdcLz{;oNRf0y!qWv_%^+3x)4 zdWCy9l=z@i{Mx$sn1^88J~S`!L(1>%eG*2$^LW36(U1M0()&T-7oMw2`Z<+nqFcl3 z;>&fsaX7vq;fZbWCs#GRsA0wXAP1>D5B57h>Q#QvtVlf0NgtY%u#Gdy8tzfQU;LX? z&YOBQtn_YG|GT3?Ncb4>ENsp5r;5^jd#|Cz!? z@aqyEt&1OSh~MmWe)Q0qgrAalwEJOLmH4mriT_vd8yemee=Ja6`HX>&^2hfJUsZS= z-+&MNuwzc>ykbfGtJ$M+L4Vh(>Bo9pJn-O$t=$6O+AIE_T~J^7VqWn+m2aSZM>?SQ zUH7%#M1klr3RXqF8#-PdId3d0J*EH9wuZN|^pA@EqK;*We?>!lcg&2&PuDJLxLf>R zQo1kJe@E5P!S{EzPQAS$@!#wae_P5c+@6#03svVw@0eF#ovcxACdUBUgwA35Wdl?1Bovy{kLC`@Lu}4 zw&LKzZ!TOM{9g3_M@v7oBKbZQs;_!JRnf5O`_!U@d#mDO-$l=@V4o~{&xWKw*{*(% z`gQfST=blt?fbk};ZAo5+-ZcX8lG2wS^OeBzjss8-`A_~Do-B=$2elq~ERL`>yC*Rpiz0N~3ct5*}}euit$}^@@Z)*suP!_&&dXYT@2hk@I1d zyLTZg_w^e8PfhOc$&)Ro@9E--^lctyj)KYIO!3x|K!koX&gUpP{cc&yjy{&94D zyTs!=?*BR`;r}LbgkRf|@OS#f|5~r}qt~!U?ec4S)US*0jzv)XbsB%2#D^!lU3z$O zS^Rs1PxR2D;32;Se)tEW;QgV<8(nun@Lr4Xnua^Yziv~*z0MEcG%vn;?v>EpXv*ZAARfNq)l5ZAkbJHQ#@*AmKk)5&xjj z4gat%;r}?VzT$m;Rl@(FU47vnejZ^>|BoG#{`q=-9jj}4^oMJo5C5hf;|4!vXIX$motP37mWF{nkH~Vybpq`JD zaBSm?Pj_%C!KwU!cguk({L4K2UtDo`k>W@Hsw{L=KheM2lyKX&_$5h?KE23ccAfr) z=&_&T=m!6bqfalePfqoM{Q3KVzMjCZ2oCwXYWMumKBcfP^{el^IQn&AsF88Bvdurq zUsr!alXmq8zI#`Ii%g80Ke+`^ex32HbRYh^YXjrQUEtx-^}~#Bcs&kHWOx#P^cY1AJYBbmn!sRN{O1KceNPFzji$xnpl^ zN9DmWx~|36yML{!u&{f&&)l6mnx$>>)OXguHlKz2bU%lgo}N?k;g_@U4~zWa|1IU? zm8)M4ar7ImT&SE^9iQmeFQ^Z?N`7Y#_Ca*#c80jPSdya*$bqp@y7-?IopQt{sw04%0t8b>_bm+b8th#zqu*?Z#X=XcU{9SoqzA<5 zIjSR1MhDNug@Gie{vc1!YA6lITg!ymm|408Rn(d?=+uDw^J2@PY^Bm=sE=t}N)HuoUHuE1 z-a0)qG&-RH-y=P^D8k>+G=`^7VGOdLe?fn7^gG=y+%1NZCia9%&kTd(@-VErl(pM`BkgdhRF5xye7s z*Yf!t=-UU)giYVkYF{Sd5(9DcyT*^+bDo|Y!%#*DQF=T7B7UL7B=zXU>FIY-E~Y2< ziiVAAez&50knZe;&TF~oIJ~u!f5c&_>LO?uEMd$iS}#cW0N^l>aQRH`ui^6y149^h zQ9eQM68RqJ&+=~zBy8sia(oA8=tZR3M;i_<`c)?{{RZFi33|Sgo(`wCQGc948vHMg zK7(>j;OHQr0;a}$pP6HLat3$rbba~+orIq{pP{$ppzPejvvm!Z96VjnPj4mB^zh>i zjwk+Wn(ihxacJ=E34HoJ>CbEzz;{d!@F5Z!X`H23G`i^M%uMYBb6OOH277Vzd#?QG zr_Mv^J)Jz>Pg8n>{uq9QeR3+_HN705_#4#!Rrc9Aj$L$uY;-84x8GCtrB;C|m7W=( z4+6MT=V7(o*ZF%Jnr?8Ws?7ZOvmj$|H}F|Fr_*#fd=~kX@`^s&&4_d!VoQ8FM+>wp z{j5DCcniRzw^p3^^BiG%`m6>`uO))}a4LP3fyqJdEf@}YbV3J}!0nqGoE#pudi?wC zUi$ue?L!>Z;D2%S`RmpPr1wg)rMJ2Di-i7&m)GNLtD^Qf0 z(BO2E;g~?h7k|%Og)vg!c?6G7xFfV6t$guQeARJy4N!@I$__&hw^F(pywd$QRa!4mdglQ&zZs@%{Yf z&d)O#$q&7PKJ?+2L#dL5w|pLS<-m;)1E?!5hwXL-N!eS$J+P*SP7l7F`3+2+bpvja ze@W86)h#}q(;pd_7#geHo3f8CiTV_SG#p&?xfS-wsXgv|>wm6?%D2;c)H; z@xVV4FhJ@az6%lt+;b`?@N;_B@+)l%UM@Y5cwMIpVGm{ps^7ihbN0|7bdg`+!-xDh zuV&?={BWM8R6fcbhP8u#*voXuiJlXCU*+>9un&^F1JcPb$-UUvANj17m+8Mx;84#^&Kn*WnBWJx zxRs=qb%4&LPEG|gBlK<;z0rAY;A~cYv?r*ahgOB|zHafgeZYQ>-OFbDUQN?@dasCw zIs;QPqkNjV3)P15fqfHS|1D*qkNp+23y?$kM}MgKv~pWlxt7I$Zb5vUYeTug_si4Z ztAdAoT7F(}mfo6k_k+__qm-wa5e8J3v^OS?+9le5*tPGY{qXrC-pWg2L=tr!*{JbkyN<{yy<@-*_PxQG}MvSA+ zuQ;FZheoG9Ourj096dM3KDnLoZJ(oboPpx-ckAM7|GRg)q2+^iBUk^*xp9q*9RlHl z`UW5Nj`pWT^M!bX5A_Isi?$DD7yBvyoa9`hcl7JJUm9Y+)9kjF5#sP@Rs38&f^<7V zJa%kGY+QnJrSdpC`5`9RaCD>RTz=@cw#&a4x_G-Mxw9f+ldCFW%imq6CIdH#;ja&9 zlsGal9h|AvCTRI^COC6mnmB6V(!*IM;hf1AB7e}c(QoZMJE@~t)(6fVnmlDDl++`u zrxl4eI!DgZiKJhmvpqR z6N?hI^{rJ213x!D4HUkceR6N%e^lT5#DCn$8B=|m9+`Z`eMptj>z6Jt969L0(INdT zb0pzOIQ+R031dH>z7Lu-iYfd1&vk|)m!%i#deJWQhQ`wE_kUh>R1!Mn6NB`n@igkg zm)rgHqtm0q$vetl?)1|+nI^WL9elahhoiB?V6x8fWj{aVP6u$zr?cSGabL=rJ$-p4 zoBn7Yhm&?6^W8Spv-Jc00%z_0O@ouOV?*vOTwTB556fIH={VB;1!t9&vx7OoN4tMu zO%vNCzTL?cvwcuAQ77bi0cg1N=*t@twDK(T@@ig>8$0K}i`wXny=^#tL{sgf-O*?M zv}Zp%ZtJ!iVV3WqGKUGSTl|0S#7w<+Q>J_RYczl!qNUi>efD2*`6QhEj7P4;!3|Cw z%jWYdt~@xMfnxOA(O3E<{P>Fa{GB|rxZNxNugq~eIl(u)TU1Vri$E`_M?$a5r|0yPx3c8HaU^L@9vMG2h_`D7B;m`QSiO^9^Z3EUug&(tS87ub8PEfSO>s- z2<39{=l;|@m;@)XL^I;VWQ#fSb2_0cDA$d~D( z&0TrIiR4oHSaso?9MHpl%`fy&UKjjA{=Jf(=Ra_Ez;+K){2N(#*`Nz<$fd(yu$p>NxJ4YSFWc21Hm&Rwz!y*W7Xm3^pE+Nf36Su*;f_5 z&=1zZ3gxT|{GM`N7EIOZwE@|nPRZHG;D>w3*Rm?`kk9<0^2_QmS=YL}GoVMYgJZ$S zO#zd1&g8OsgMP!;7uqAVPx$T*dc-;ri`$!379eRi1dpO_lz4wUhI#-w(9S>} zT^GQ6cZGVz`XA=?MSS-yiyU{(iw}OtZ>dw`Ro@t&{-CxSpbxoWSGZ5!%`63@QuCLWT zOe7mjHjX0p*lGRJdmo|*{TrQgz^;fQAu60UsNp=^1Uh@b!!*gleiDbn87rF9`mdSH(v?m-VO7tY;>L=-`Ti`Y;&Zlx>x%e78K3|#G z(dHbdlhgc|{#w)LFpY2ip2JQ?PRZT=mWfG5y;tI`9d4H}*5T-0QwWo3hyKdJ5vym(j|BW?GS3AHs1pA9EE1J$8$qT%FRS6$eAMo%^FH&I{m>lhMEQoLYe;{FuTYu$( zhS?+dmQ4+-d`Q=JAcXz@U&{(#$-rAX2Dys#$m>07oLPHVWP0S(9#B4|ZH|m#=YBg1 zJz0AS`#Bs4p6RhS6OQydM0+3bmQG2>ynmm~0nS@5AZtIw!Mnor1${JY|!^6}{J zRUdNtzts8wJwh+=_p*D~uj$FFH)tPx`$zpiJ@C?_tLH_3=(nJsQq?P$mU}otU2OHr zqi6N8fM00k)6S%*{%ZL^55@J5`v>id$)6c<4TX)*{`!K7ruDGU-qbG8Zo)_Y{r)az zubnD)Mf{{ZPO1PBf8&Pus3+h9KUdxrh1Yh<>a*H+k$i{;pCf_Lv2qmsMt`*=@xGlD z$?wDE>UmY@q1@2UqugPyuy^U-Gv`_|=O(|_&Gg89K_N1Y)yY^c^h0yw*B+%EoU!|O!A$` z-t9;InV}C8QiBoW=x^KECnt6h{pAG?#L?G!oNw!9biQl)Lmbs`@zH+|*e9p=Tf2*S9oA#k=L8S)s+@l2B|T|BPt@rn4t~Vv zzVv#*e|P)|7WHFI@GxG+e5O_OlbrMH5IFQl=&vvyM1O+x(zd{Z9`u4R@{fBQj|2h_ zJvs5xcG@lJkQ4G1_S>BT5BV_eMcC}JA#jk#<`LIP{9TJ#I+m_@cd7pNZwegbFM+?) zcVf5T4?RJTetEvIu6!%vqaL=bNH{mn=#zMp??wq@{{VW2T@}G$+zYv|pMdg&{*e!q zE8vRuWlKvc-?I29zg#{l3a5HSxq+_fw=8fN4`MuTax0%-4h0T$AiuBgxF<_5X{Y`d zPEePuhoSsX9xquxnqRbout&>pz#^p9CH5V6F&xYBC|Bgu{X#u< zh&+k@{#PfV{7d9S`we?5m8rd=Uj4q0DR_hZIQoXGNAwfzmFCCfYjtp8&OTHQ-!5=Z z4)kO8!(>R0uxsca?UR**(#1Z6Z*R5^r}DNf3f&z3w!{M;^h)LK6Y2B8-`Zd}a!Swa zZk;3J@SNK1p|XT!9!9@4JQip?zPH?z@K{}arDNsJ<-k{IPv4hWxA=Qc4lCdNU0sd^ zlS|nl^oM*Ie8G7U=-ux}{Pv}-A$*Pm;+tOkB@DheCl5Pqy&&nj&m8@IC}ErvfnDd? zg@(YvPOKfSNWAI2+4L^8}P@aA{-G)>bI-U zw1oN5hNB;SXOVq!(8C%Bs9#(bzhy~XyMi1+LJzEI#`H$~}Y4`qQz`Q6$nVbm9t zFW__K(;@IUr|`JSi}p0v{`4q)%^&uQ_peKQj=q)~>=EZZi|qE6exY+yD1J*_eCRVr zU&|SCv}pdp2lkKpW%d#XU5rCb&##eq=)uOFnqQnlec^(@p}jXaZfEF7;KVfF3PM}r zT{qEU4d1-8$Otz6eqqUl%x=sMv-1bs+m?)17Z@+qUta0o?<48xZ}on(1ivilsNXhT zRJ~b0qI!q^0l#0%$MD*-^j!VO=HKQ1XB!T#S=wNqoYt4GS2#fHk4hKzpQkf8IX3+X z=&vdD!{{_y9Nk#gnJHfTPtXG&D`zhq=Q~hO{&rF1+6x}_CMR!pKdLG9)8w^wK-+`n zzCie)9>YgHg#Dx4Ksy5bz4DKIfiC=9d$BBXpgd5Ya(YlWKOXH)sZZ#j9vYo(iEkSb z-|AzB^6e2H^$+ze2ER2)|Ho>VpvS^?NaaUm%X>OBy_ADfjsKNu3(=E*KAu5JbxbYg3?ES1iF^rGMxjXi&5xo zNP6DZY>De=^l4+a+YD&E#RMAKCP{8EqeZyYyvAzoXfF6!0 zoaImTrRmMfon55fNh~PG_=503`Kg@riBeY1%b^u5H`ojEndl?4jvhU@>gc1sK`uMD zp!`@T89TXro$<)MIDX+xnqTi++%9rZvvEcrOuX+|>p!okI4P3vZb|}23d+cP#hSvw zuFLlh4xixOcwQ13?8VJ1wj_xAhwOf&62sHksDatB)OV20!_ICA=YYdc?o;Yu_`#9d z;5j-0mB@Rzw}5`Y@U^+xAc3da#lv$2@SRTn+T2W5{=*jv;JfJ@@$l$bS~DA-boVs5 z0x&%u-cY>#>h~!86kQXNlIO~fG+f-g%U#6KCBSJoXYT~7_2$Y7<6Xr2sfz-K_P4Yq zVQWWqexdzw^Kc;PxF4Z#oZ{q8)=Mz{(e|i$I21al&whIvyK+nL(cjRy9l8NlRLiGo zKi+V3npalYCkK05=0Kd2_s2I~yuIi06AccNQ#{CncEiuF)$8_?sS6b2$RGcd`kClO zywf`;aOfYc{c4x^Ta=Eq&t-{6I|{uV0v*YBcsKA|ehDYY;#vOsBp&67_B4lI#CK8Y zE;+w>SouSb2Ow8@qV|jyTx!3oc~zD1$f4ZUI1o3l9C5zApKN+jc`=`dZ+cL9FrPKM zMLw%S*Yvp};a>?fe!=<8E6Wn@V2{cX`a(ST={r|V)VI>MgHP;xD}#^oV+L>E_bm$? z=D}unRgG79AjehEPgyI2HkGIkuW;~$t9rHit$glY5xS<=b_xGVAimYpJ_+M}FaAE* z6(eRV?>N>-bQ-08o*=5)T znH=5L;n}e*lpy`Q_!J-zC3VUMT;aBnt+A;nysXt?z!<<8Naab}u8{wzuE^ z$YUV<;_0Ft#JOeED=Qdp9s1SFl9QKQJ_UB0tEU%RE*DGhV#}jj$_wqBwUeIx?QK^V zSx!a#y!`w8l6r0>HhMNSJ~+~sDX+qQ>D4Qe-@WSjk$w-ZA>rbBev~eFs!cqdJ-^U& z$A}m;ThEKfpG(3A>tijO8kYK)j0+Yd9^+qseX~@NbSuv*A9ml<4e{kvv$YeP%JmfM zD|T+d`@ReOZ9E$Yp4xBoYL!pnny;Lbbl~BhHiS(ce|{4xUd8#*&-6-|+jUm!M;k8O zyl#d^SAzrtm9L{ru&EH?^ z^h#mPr?by)jer%104t}@ZM+3xffr`Cb!`)OV-bPFKIZ2b7Tb%rMgdtK%L&2#&l zALiz9TK=Z@Zh^D$eUQPke49PBOFH(4U3o*SRQ-N^FT;`BSs%sqN$bt)Res~^=%x0D zucmw3=v9Xi{s59zk?44_))8j9cRk6-J^iee|{oD0kJ>u_j`QC4LYp6{5rqkohz?CcURQ+T9((>LQz+igAxzTYqKpV?GA7ayBFlW^|bSEs^>JzD*RTr6YIq$IrhgoVk{N@cK5=6eW ze`-Q*YZt&@`Cxy;?4aAxv;3pog^&DOJq-jN?XuBnm-t)ymENZK)(*BfgW*VWG(OgJ zd~bs9kl@3feS3slD37*4=)q1=Z^T@*;-vP2Z>%yrIkgw88|_m)nY?~~sQJqELmf;k z8Sg`1D32>El5X`fl<<*2eA8c5!a5GJ`w~Fs#u1m^yrC{|&=1xj4u=wtb+}x;YDl`} zcUi-W;^X~x*dgeb$^)}AlkU3o`xw&PA^sINkFIM>tAuav6<^0|O&Q;DTter^IoRNT zaq}j}pMJ{ve)Fm&i9Z@*zUA)6PA?KLK&f;E|BIV9_pwh7{G}Y5uT(j7y{CCJOw)PR z_}|KhgH}K;nJ=La&SIWcE#NzQFM0y!_uB z4vh|+?V5gOly0$0YhLqxi_0J3wJ~zsyk%AVtlmk!44ow3QeOzi<9ka#=A({(@@YGh zXLmXOBYtao|3J)PI9gxx^nOc!icV_$aLbb7`205|>l*a!y1A)AWmCFL=y&!YVt4zxbxrZT z`A%nt;(L1TtW4I%yUx&E-?gc9c2T~auuIMFu|VYU^P8cQD&Nle0=_HAZ^B<8#nX1> zSZ5NuTfORBN$8~8m198n@_np_;m0P=PG)j#_4(M6B5J;GD|0ws&M7(>`#RQ8e4p=f zI^WD+;o8}co3{lQXV=G;A-^iPA^69(*(c}my{&V0y4Iz(kzOAnKKHnwecXXmY>&`)p4%QTwJ>`Ep>{I#P?y{9{M{Zk6(@F8)+?oIF!MWP` zGm`^T{213x0=R)z+`Jw6SNV^t9DX}?dyt`H^RwGW3ivNg4^GiF)AWvx^SkK2&#~F@ ziD?BdUBy4*=5gfTb@UW=^2AMDhi~e-ee-suXLP*z!|ernI3DzL3rol`Mc2nd2=cWY zj-!22Il7!&c{z>;X*x+c9Iq=)&kl}Xxbtr1PY>wOXACo4H;vciRSXw@CI63`U9O(d zPZ^gry9)Gh`~sf+6FMJn2>$Uc_Q`qtyQHC}1X_=tof@4v-^Cjh4%GcqJLp>6x&G<; za#Po%n_V-&myQ?7I zCxWg!gfeEG;{$_u>QPxb@0I*NZk|}sNNx8{7PNaO=(ZcTL_xVRdOuCL4aO%r1@+;? z1+)j#=SJ&Y6SWy0SEU*xEr*i<(;){roL%PI-xC)ybgUdsYzw+?2PeCY|KQXlo$jGa zcay>(oXZ(6Zk}9XpPY^-y9@MivYYAw=%o6+lXHTeWO5@_$D+;799jSPwSf zyNHP0$5|OVDZY0UzEr?X6YpD?j2i-@3nh( z2C#RR@4|8XoePSu_I6i0hx7WrGf2@%<@?Tp`hMpUJv(rYX*oQ5(S>82Q+vM)`KQR; z%KOeGqm!}sJ2#b{m;bxm!wxjSozBj;?t;Ag1+P+~cW`S2B`a-o+1fy6|N1W21=g1; zj2H9%Jsp8NL${jE3!#RKZ_4>o`mONv&JX}Ia?3hG8jhaC9sG#3qjv{PkDSrz9I1`f zVM)hO-|ntBD1$p4X!yRj@s$k0t&A1u^x2(`zcrxOE;O1R#5hZb&^4YP`k^!F^hO5Z zI5NpPYwn!mU7e3l*Mifh9(jTu2ddF2wW;Zuz};me|`Ax1`~3_VJgFJ(LYAiPy$4a$=Fmm-6EoBIzAtzZt%tmBzDI6iM>MGVu6 zn?e=q-h@6+Q{!)AY&jC6A5`%hAdo*Wq((6MBm zPN~dhnzUPQ?9G;!zfXqxiS^^$dTPM@m6THI(?Ap0wPJZ~JMz=vCmM7x)Pr z4e0n{SSQmi@~j9Q*fHvv(K+ny@S+LOz!`c7mVwEc-f&(uDtz~=UEp6jw`0<`!~9tH7&-Amjn0GCh}~F9F}kY`!!!qwF@^5r}oFs*WamLjb2;& zU3l7WEDOJHb&Fpr%X$&&<2|b!PwvImrz=mpb*yZKO6(wKFE6$}wYhi3Mb@M|F1H=m9zJDm!8-o;9sgeg3f~Q&)MSvY5zHu<;&aSX!>2f z=Di&P>DgoRo;8QxyjSg+zQ3UJ-y;K4A5-{-q*s$$aiz-t>3Ih-Cy zZq(=dyE&em)@R+{ZQkF*k@OwTw)pn_Vd%mpSL+2yN4{|G9Qn5I1X%yI@zEJi|Mxq3 zL__uE+oiR?eZu#C)l*xL4I`hXpKSg2?cMZa{a*Qj)2ALg{m9$89zNAIHab1ytxLbP z%KXTgodEvye0dDMFuQIC2gCNBmuR(@)T=xcD$n5B(^eF_@klt9ki;V1@C>37uq| z+J4eqj$d_%a+?_Tb75j<9<8 zpoH@ECu?u8BU+CG0{hf%^q!d=9ivqix7VAjmp)WcI9+e;h2F}5mpyT;uRXNr!S{2R z@=>0it=H+TyJ>8qF9=}6r8gg1lVEAT`qIEy{(2Fu?E~s3{F0}S-aru){HQzcE zxC{i76M!UyIQ*><#!JCn`$M%cS`MrQGm`;NJ>L58>BoYn8Hil|UTB=hf{*%?%fHwD z_4Wxxw14PlV4uD1!q4oaEP6-(`mmy-9e!BgbM+nVRc@Z8^f6D<`G?&jVeQwYen;OS za-*E!8@+71YTq+iyXEYZ=35n^gLb;b>5J@Y*~RDOJUBEp@QgEN22f}7HXENCpKS)A z^mXy~IgF%VQMsG9X}sZye9hbD1P}6+RR0exNxYO}sRX(hCmEgIEL^Fwa~S=D`q34t zU*j7Ho(E^=6*12>crAC;Z}XUjO)kyfv3a5E;WZypePKR@`H6eik`8G5-@QLvVLIfr zJ$WSHKuqleeK$$XgP)qB=b@Lhlz*e?3D>t>Y(z1oJ77 z)7EhwarrfV&3A4wu9NTS+R*6CM;k8Oe8lO4eyd!3j?$f>^v0c!EHga06x;`AQ*<^Y zIh{UL8>E^3)Q`E82LF$nk8Hb8hR)RNgvtGA;HTFIrl)y-K?QAadfa@p!ag~Z$M)xe zklD|9bVR^+fWPU?zz`kGp>bVmKl{-|AO0w>cqekMdFd{kYHzQ4H-YnNxU7u_4m>G0 zl%KU9JKx7>>uzSpPOcQ6gS^__#j>eD?CsJ%lqDVGAFBu55^wTcLrY>t+MC9w?9cE! zJ^ZT}pU?42{>5~Y{3rE`MgNHPkB@FL9dcT(1?$MoN6nrYKYzc->58LbbT0W`kv_(c ztzG_Fj|(S!U44j~rxyfn&wHU24()%b?Bu3qWu6IG{!eQV`Twxf#}4oEdH3!;xXMIw z-`V8uAyIi#-=FZhcB22j3ezE1pntQEgN*0SwFN!a%`RFQm}#?%n~(YS z7PxrJH~6%;e8k~zuS>eoYa1M+XAd}%+z#~0F5ccr^XWMG=?KEW`FTe{rU^u+AwkIB zvc%zJ{DyrgjGHcBl=Ph4X#Sv2jE5n|s+I@J7e30>_mPhIEz&jK>!4vsy8FMw`bRe>mr}QU71xYr?MWbT$d$`^3ZZ>KHig!M>!eY ztDIdY<;CE8)3tZzJbqC}=g#~vu7^Dve{Y@k-MxaJhog5f-8mzd-YkUk)-?;^T4(6e zTc*V>HhO5U={>{QX&TB5Ps|HQL*O3YkRa?r^h|M=x%6=Vy7;g&OTRvwj{8e*t!n&c z0baYr`*74R$Yn`-m~GY#kSyIrat6?{tWKh0=I8j;Tz%$zh{i!6D~iLCi&i*Uysn) zliy;R-&n$Lp5w_~BtMLg{Cr)e`BMGe0R27T^kVcwEx*0<)z3mDe2YV z$Kk&SzC9PoH%#*#OZcvHJUO-7i_LGLUY-788qW>Qj@P@`IAvnutzSLaD{R3R-_5mj za(o<)2jXM?27Q*?Av2oa^htV2`4z&SP&$Cuaxa7jU%+=WKDj6PpYd(}kn%;pvd_U; z|JZzDLEtB#570T8p=0a$n*U-vccjYr+y0~Jr9o|2%K2!6yYI_6OQ&rPi-=Oyu*H`lRrg77140;&FVb+yp4CUzLDEUToJm^*UL^<_4jhqy=_bKXY+C??`EefhB*BBHOUwD zadPt;S3Y##>$bo>*eW;&D}!Rm;2^riC4M9PjQg!h3fz4FgG#CF8*`wiC5XY8ofP#UTSjK?tVf?hB_+h1q+WZ$l| zE#bC?_-5ByFEAg*_#NXb%rn~p#aB8u-!9Ah16`w8yB}_6cyjy2E0yRTe*(h%V|Yd5 zExjQT&WoGF8=9{9HNAT4ybrE2T&mo?_X4oKi2F)%cBA$Dzs?Dr7U)fV8HbTPp`>G< z+2rxwUwGO0t!DT|UtN>1jJx9I|K_Sm+&o*F9vH6iV@)o?#udY^oCwF)U&~vVkh-Kk zz#1gPi1C!r#(c?9nNLNYZ70 z<0FORFi-yG;2JZC3)h7)u7#bO-0cp}+6S7y)@oDW8#hN?ehEhO8Xa5&w{VasqGn zyZmy7`KoT>T6r9_3Ytzb$Z=s)r(a*1oPQ|0VIQ-P3#n4()B5%3*MHfAyRz$ayAU z<@kXG2||yc13S*?q0I0$@6O$K2R!5-c8ztfmQKNM3&aP!mD7mEuZfR-BxgT8ny&Id zfAIZs&DmFf7XNRyC2Vq3BnG6GoT%SC9KDWW? zHsrlUa7Q>ShKF!)Z2Vy%f#O>7Jxq-8aJ~QI2YfbbsJULI! zoLprFio>H-@qPP%UZGFb7tV=Vc~kp3KsO#+`#Q16^vHSqeLb07i5$&|B}PiUUk!V4 z`6<@l%*X;GTK%1L^eF7{f4TC%wf+CKcXu&*l?efWzoDJ>Q2vHOmm+`D zlm3ST_4;ni7rIZWUjLTsGf=O1oIjCoV-H-1IJhHM!<~jfZ!CpAO&M zF3*XSqGGywoH5*v>Uvk(QynhtVP)i4noe!!^}cNT9Qqfl^BXB$|2fvYUi6>4zI0%I z$79;q_3Kr)o5Rzu^=^-IF1s8M?%W|*B+x_+A;&44=B9&1x#-M%9X6^Fcn#XTAQo?s) z7`n0eZ|(jgw#)Rrg`xd<{h6J*-8palE{XLkWyDFO?&H^Q`1mK>-(B?_)S(?^5@o&Y zuMb~-BT$(;t0c z=g&O!@Hz75eazgLxUy13*AK3NS_^KaZj*}Z`4|P83_Aa!K zBeMg~**$Z<_ObrK#~(UJ`x>}znLb7_k*;3$=YP-1RDpK>htH?i9OsPX`VQ}x+vUHK z$G6902lH^9uXZ`!{#ZC+3g4B8zd>ETlaX3RytvxmW8Oa=vk&;x_Aq>1t(ITUGiy7D z`@i@Rj)}B8PcuJoeKK7CT)n*N_O0D+ebo7{+q3?3PoU{N1c@;2my;<>H6V1D;FiLef%xozD_>pWB(s`Rn63OywO3?6Il?$BWM$i{nFA z$~pN?9B8-4Yk$wF$>ZyM)Z>r3{i$IcU&9(-!x~@18eiwX#{W&3UT8PrfM_9n3Nd{B zZLt1lVtqna>YvLA!*|EXa6f5B4m)|i+Vi+}eHc&U+vjNO{-izL*;Vqtk;69M)->Gx zT8&TThq&>au9wHx`%A;+zh93d|NCT4U#?%iKe{swx9NxO_YU2k4c8-AQu^-mIbZkr zJip!N?~U;n>U!nA@rBY|Xnd&0@tS7O{^`L_{G{k!_xZiCCxnwJqSI;W{ffmLQGznI zU7qdsDUImW{an4@-98uCS&0b-o;yzSKX87taj;%(`)^kCeo#+GlWB%=v4(ult31ox5Ide(mv;uKV>};bpaW33KSU>+5N` zhcu=9x*e$HZaSH#v%1_6SIYg>V{!a&*XzD;EXIX!v4k(h@IqZ}j~7aJq4B-$Z>QxD z)5VYCOoSgwp4qoHSE%2~7#qT)W$Y!jUB%DnOypZjbM^O1OPUz0ul-NXx2XoUD=)lP z#`n|Z$H)7HuG()c*5b-?DCcM07gpkk{_i^e-C`cTc07me_N2tO=dmB;@pZpY_h)VT zyq>RoZrAE`?Ro049ACF*bw6CUJ8SN9Katb7`6u&m+n&;Ov-F<8{Il~5Gy8}3M~kUG zAuhGxU z#b^852KZV%F8IwMr+OUUZs$hBG0N_G_p`s9I`8x0Y5gDA&TaXH{1kuu%GvIjav^71 zoXODjkI#pX*UJ6aw!QxCN={$*!!?ZOe`WsqE6%|6&EHC%A#Z61|JUZPw#Sb!e{uPR z?-d+)x?aXj+vvsQ(*4@;7>2IQXS@8iv_6B&Kc@};ZMse8+OGAwzgX7$HT$zWViCRi z-bMRfXuDl_r%Ylpr)#Hk-7ohi^ef?`Wuaw0J+*IqW^V4lT*)%nF8ceic0R&#UV9z; zcg9QR;rYL6FkjjH4os)5*ZQ@0EO8b2uEIpW_WTBTF@2Sxo7=FOJ7Bbj82stM#bE zwftPp?y0%(5Y?06RA_Q&eqKD5N^8q&m(#kiJj~$ z!*%;r=X1?>VajxCJ?j3l?oWoNTgUg8$9(u4%4GZf;}_4ydW3Fxz4}3yLz&M{d^zlj zl?(f&$8$LBRfo^FeAc+!@zKhw$1N9J9_9F9czN`_<0obN-Y=!)AL=mdy*a$DJp0ts zGt>2>+k=l_^|!;;gYw<=A9g+XQrzCgeaC^P2cI|n#+leYLRXegUH+wgbzl4-jvP4e ztL^i2jxWcN-EW*7N>|!R-A=FHk;m8Jn(w8>Qcjt_wjHM7I8OKfQ(!uL6(Rg$a=3WB zFmdSM)X@I)<(G;|ZMUg?g}A$7d~fCL)UJCgfAM%8uID4|@aY^M??-&tbY7W^=|Weg zQ`>L-U9LYb<+S_rkyL@4C)A^+tKWyI+wFQBQODPE>i)H+U$s8u%=M!pVH&;eHy7ii zLb$htlQ9h4`kUj9Z(>h)TQ5J`I)CWtFC5C_+W#Tnu{aRIBPDV}crota)WYoUedQ!+ zz^8xy{{COCl=Ru9`^p<}xEHRg4lK8R`tCPR4yE5&)0gL8_~*CZvt#?`zA%2zefQmW_l|qQ-}sJu?%#1w zPSO7#$~hf}LU^>q-VnarG9PxTox@XKS_s$Ar>7RC2HO2A$4k1=5~iRR)|15?k%Hd) zf0fD&QDwQc+mqYI#~%$%B7c$o_Vlge>6wM}soQY28NYTDR@N~2)b+1F^v^T%m@>Zm z>elqLiLr4_g;l&gE`D{aq|4J^dmaCYIKF?Kt+SGcuN}`}dmeFb9xlfb^*Vd^D=($^ z_v>?@Yp#zar|1%{!^YbEUQ8dl#rUt+eYJYmcKuF?|85HV=l$n?j(W{^huiwzk@NrO zi5%AZQ2$lphtDtSarw~l>wafP%pba3zwS-P;y|3A7}l=W{my%fc_0O0_**WFz%M$F$GE@kYW z4Hq*eX7(QnUsf8tp0T!lr1HXf%VaDx)+aQ~gOlxj{%@a&@u4fztLggZYlokjnwXxO z4Xe{c`l-3Hz!zhtUiY=LF$~?h5?uTJ=I_J)aNV^_O=tNZukLL8{8gRNH(!7A)aI*W z^VvOnV1DB8?DWimiDzb~7xp%tnWbjr#O5tSBlphChP&%&>_sOwZ<-DdF72JzJ-aZU zqSl3|c(Wz{ByEaXe`2W_U2aD9pIT}*EH@X$aN}~bE{4r=vwr`n&6hs8``&m#WMBBO zQz&|=xj5w6wA@^L!>P^dXAkVz7UM2C5&NG>{g;OEmn}D!+z`sRe7U*whEro<&Q2~h zSG*N_-dSqKQqMmuHCMj1)NEdE#+u81?oaM$u52!QCRG?kT$6f6mzu4qXTwr+ZR**$)ci#1X_lJnQqRRp&Go5g(^7Lo>Isv$ zG4+H=+!Sgwz8t1E@=wj>F*w~^9_C|Pj0(4*u4pc6Zfve;#`EBHwdeX~ycun-4*xea zTf+a1&1b^@oBAn3#+YS1mT+qG=6L!NF0Txn#ze)>2DzJ;o6jb(&e&3O%UiE6HMfS? z+m@SKnwvLoiupoI3~Rte7r))ydg|S9fV1zw+_vWSfLbhEc`M;+^o+xKe-(0xgo^G8{8@HeDhPwe|$~nx}87!)rY=!WBT{i;}18t zfA7YJj^Fsumfk;y*}rqSx%Ks*zPfW~b6a!k+atS2etqOO!v8BbZ;aQx!eqIkIot$jfhrOm{6e+nUjkXf(CikYqy`*pS<37}^*|r6w8%nlNy2Y@EBF4WCFF z8N0H%bL9F{&EVl@TmU)(1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7 z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+ z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF z5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7e#`}W zXFAP~VitS<`q&@+D5iV9Y4%PZKO4t|@ZWRzr?02*%zO-V1PBlyK!5-N0t5&UAV7cs z0RjXF5FkK+009C72oNAZfWVKDK<~`9J3fio>HW+6)>uyOy%+8(;m_xCH}!J(G5&9# z-#foBw=lK4vwdOa$UK`POYO+1j9{j}dX&DPKFb_SF2H&Mh^ngtfk%{{idZDt-U} diff --git a/roms/openbios b/roms/openbios index d363cf50c5..888126272f 160000 --- a/roms/openbios +++ b/roms/openbios @@ -1 +1 @@ -Subproject commit d363cf50c50c268da7e6d0bf707adde1893d1ab9 +Subproject commit 888126272f92294b0da45158393f1b862742cf6b From 819ddf7d1fbcb74ecab885dc35fea741c6316b17 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 7 Feb 2014 15:47:46 +0100 Subject: [PATCH 050/219] memory: fix limiting of translation at a page boundary Commit 360e607 (address_space_translate: do not cross page boundaries, 2014-01-30) broke MMIO accesses in cases where the section is shorter than the full register width. This can happen for example with the Bochs DISPI registers, which are 16 bits wide but have only a 1-byte long MemoryRegion (if you write to the "second byte" of the register your access is discarded; it doesn't write only to half of the register). Restrict the action of commit 360e607 to direct RAM accesses. This is enough for Xen, since MMIO will not go through the mapcache. Reported-by: Mark Cave-Ayland Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini Tested-by: Mark Cave-Ayland Signed-off-by: Peter Maydell (cherry picked from commit a87f39543a9259f671c5413723311180ee2ad2a8) Signed-off-by: Michael Roth --- exec.c | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/exec.c b/exec.c index df94429c46..b324fcc95a 100644 --- a/exec.c +++ b/exec.c @@ -266,6 +266,18 @@ address_space_translate_internal(AddressSpaceDispatch *d, hwaddr addr, hwaddr *x return section; } +static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write) +{ + if (memory_region_is_ram(mr)) { + return !(is_write && mr->readonly); + } + if (memory_region_is_romd(mr)) { + return !is_write; + } + + return false; +} + MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, hwaddr *xlat, hwaddr *plen, bool is_write) @@ -295,6 +307,11 @@ MemoryRegion *address_space_translate(AddressSpace *as, hwaddr addr, as = iotlb.target_as; } + if (memory_access_is_direct(mr, is_write)) { + hwaddr page = ((addr & TARGET_PAGE_MASK) + TARGET_PAGE_SIZE) - addr; + len = MIN(page, len); + } + *plen = len; *xlat = addr; return mr; @@ -1815,18 +1832,6 @@ static void invalidate_and_set_dirty(hwaddr addr, xen_modified_memory(addr, length); } -static inline bool memory_access_is_direct(MemoryRegion *mr, bool is_write) -{ - if (memory_region_is_ram(mr)) { - return !(is_write && mr->readonly); - } - if (memory_region_is_romd(mr)) { - return !is_write; - } - - return false; -} - static int memory_access_size(MemoryRegion *mr, unsigned l, hwaddr addr) { unsigned access_size_max = mr->ops->valid.max_access_size; From 2cd72adb1c0ec75164f8fa296ace3221f03c3ab8 Mon Sep 17 00:00:00 2001 From: Huw Davies Date: Thu, 13 Feb 2014 10:26:46 +0000 Subject: [PATCH 051/219] tcg-arm: The shift count of op_rotl_i32 is in args[2] not args[1]. It's this that should be subtracted from 0x20 when converting to a right rotate. Cc: qemu-stable@nongnu.org Signed-off-by: Huw Davies Signed-off-by: Richard Henderson (cherry picked from commit 7a3a00979d9dfe2aaa66ce5fc68cd161b4f900ba) Signed-off-by: Michael Roth --- tcg/arm/tcg-target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tcg/arm/tcg-target.c b/tcg/arm/tcg-target.c index e93a4a237b..5d4bbe7fb0 100644 --- a/tcg/arm/tcg-target.c +++ b/tcg/arm/tcg-target.c @@ -1868,7 +1868,7 @@ static inline void tcg_out_op(TCGContext *s, TCGOpcode opc, SHIFT_IMM_ROR((0x20 - args[2]) & 0x1f) : SHIFT_IMM_LSL(0)); } else { - tcg_out_dat_imm(s, COND_AL, ARITH_RSB, TCG_REG_TMP, args[1], 0x20); + tcg_out_dat_imm(s, COND_AL, ARITH_RSB, TCG_REG_TMP, args[2], 0x20); tcg_out_dat_reg(s, COND_AL, ARITH_MOV, args[0], 0, args[1], SHIFT_REG_ROR(TCG_REG_TMP)); } From c885105bf3dc367019daba2926ecec150452a9b5 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 2 Dec 2013 10:16:18 +0100 Subject: [PATCH 052/219] adlib: fix patching of port I/O addresses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 2b21fb5 (adlib: sort offsets in portio registration, 2013-08-14) fixed the offsets in adlib_portio_list, but forgot the matching indices in adlib_realizefn. Reported at http://virtuallyfun.superglobalmegacorp.com/?p=3616 by "neozeed". Signed-off-by: Paolo Bonzini Reviewed-by: Hervé Poussineau Signed-off-by: Gerd Hoffmann (cherry picked from commit 7f0ba7bb4378f22b017e08947219a352d491bac4) Signed-off-by: Michael Roth --- hw/audio/adlib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/audio/adlib.c b/hw/audio/adlib.c index bd8e9d9815..e88d2dd845 100644 --- a/hw/audio/adlib.c +++ b/hw/audio/adlib.c @@ -347,8 +347,8 @@ static void adlib_realizefn (DeviceState *dev, Error **errp) s->samples = AUD_get_buffer_size_out (s->voice) >> SHIFT; s->mixbuf = g_malloc0 (s->samples << SHIFT); - adlib_portio_list[1].offset = s->port; - adlib_portio_list[2].offset = s->port + 8; + adlib_portio_list[0].offset = s->port; + adlib_portio_list[1].offset = s->port + 8; portio_list_init (port_list, OBJECT(s), adlib_portio_list, s, "adlib"); portio_list_add (port_list, isa_address_space_io(&s->parent_obj), 0); } From 68e3bb1128f792407550f47de444f5814e8d18a8 Mon Sep 17 00:00:00 2001 From: Tomoki Sekiyama Date: Mon, 13 Jan 2014 12:25:23 -0500 Subject: [PATCH 053/219] qga: vss-win32: Use NULL as an invalid pointer for OpenEvent and CreateEvent OpenEvent and CreateEvent WinAPI return NULL when failed to open/create events handles, instead of INVALID_HANDLE_VALUE (although their return types are HANDLE). This replaces INVALID_HANDLE_VALUE related to event handles with NULL. Signed-off-by: Tomoki Sekiyama Reviewed-by: Gal Hammer Reviewed-by: Yan Vugenfirer Signed-off-by: Michael Roth (cherry picked from commit 4c1b8f1e8357d85c613d779596e4079cc581d74f) Signed-off-by: Michael Roth --- qga/vss-win32/provider.cpp | 6 +++--- qga/vss-win32/requester.cpp | 24 ++++++++++-------------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/qga/vss-win32/provider.cpp b/qga/vss-win32/provider.cpp index bf42b5e95f..c3030d8e55 100644 --- a/qga/vss-win32/provider.cpp +++ b/qga/vss-win32/provider.cpp @@ -342,18 +342,18 @@ STDMETHODIMP CQGAVssProvider::CommitSnapshots(VSS_ID SnapshotSetId) HANDLE hEventFrozen, hEventThaw, hEventTimeout; hEventFrozen = OpenEvent(EVENT_ALL_ACCESS, FALSE, EVENT_NAME_FROZEN); - if (hEventFrozen == INVALID_HANDLE_VALUE) { + if (!hEventFrozen) { return E_FAIL; } hEventThaw = OpenEvent(EVENT_ALL_ACCESS, FALSE, EVENT_NAME_THAW); - if (hEventThaw == INVALID_HANDLE_VALUE) { + if (!hEventThaw) { CloseHandle(hEventFrozen); return E_FAIL; } hEventTimeout = OpenEvent(EVENT_ALL_ACCESS, FALSE, EVENT_NAME_TIMEOUT); - if (hEventTimeout == INVALID_HANDLE_VALUE) { + if (!hEventTimeout) { CloseHandle(hEventFrozen); CloseHandle(hEventThaw); return E_FAIL; diff --git a/qga/vss-win32/requester.cpp b/qga/vss-win32/requester.cpp index 1e8dd3dfa8..0a55447e81 100644 --- a/qga/vss-win32/requester.cpp +++ b/qga/vss-win32/requester.cpp @@ -50,10 +50,6 @@ static struct QGAVSSContext { STDAPI requester_init(void) { - vss_ctx.hEventFrozen = INVALID_HANDLE_VALUE; - vss_ctx.hEventThaw = INVALID_HANDLE_VALUE; - vss_ctx.hEventTimeout = INVALID_HANDLE_VALUE; - COMInitializer initializer; /* to call CoInitializeSecurity */ HRESULT hr = CoInitializeSecurity( NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, @@ -94,17 +90,17 @@ STDAPI requester_init(void) static void requester_cleanup(void) { - if (vss_ctx.hEventFrozen != INVALID_HANDLE_VALUE) { + if (vss_ctx.hEventFrozen) { CloseHandle(vss_ctx.hEventFrozen); - vss_ctx.hEventFrozen = INVALID_HANDLE_VALUE; + vss_ctx.hEventFrozen = NULL; } - if (vss_ctx.hEventThaw != INVALID_HANDLE_VALUE) { + if (vss_ctx.hEventThaw) { CloseHandle(vss_ctx.hEventThaw); - vss_ctx.hEventThaw = INVALID_HANDLE_VALUE; + vss_ctx.hEventThaw = NULL; } - if (vss_ctx.hEventTimeout != INVALID_HANDLE_VALUE) { + if (vss_ctx.hEventTimeout) { CloseHandle(vss_ctx.hEventTimeout); - vss_ctx.hEventTimeout = INVALID_HANDLE_VALUE; + vss_ctx.hEventTimeout = NULL; } if (vss_ctx.pAsyncSnapshot) { vss_ctx.pAsyncSnapshot->Release(); @@ -374,19 +370,19 @@ void requester_freeze(int *num_vols, ErrorSet *errset) sa.bInheritHandle = FALSE; vss_ctx.hEventFrozen = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_FROZEN); - if (vss_ctx.hEventFrozen == INVALID_HANDLE_VALUE) { + if (!vss_ctx.hEventFrozen) { err_set(errset, GetLastError(), "failed to create event %s", EVENT_NAME_FROZEN); goto out; } vss_ctx.hEventThaw = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_THAW); - if (vss_ctx.hEventThaw == INVALID_HANDLE_VALUE) { + if (!vss_ctx.hEventThaw) { err_set(errset, GetLastError(), "failed to create event %s", EVENT_NAME_THAW); goto out; } vss_ctx.hEventTimeout = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_TIMEOUT); - if (vss_ctx.hEventTimeout == INVALID_HANDLE_VALUE) { + if (!vss_ctx.hEventTimeout) { err_set(errset, GetLastError(), "failed to create event %s", EVENT_NAME_TIMEOUT); goto out; @@ -443,7 +439,7 @@ void requester_thaw(int *num_vols, ErrorSet *errset) { COMPointer pAsync; - if (vss_ctx.hEventThaw == INVALID_HANDLE_VALUE) { + if (!vss_ctx.hEventThaw) { /* * In this case, DoSnapshotSet is aborted or not started, * and no volumes must be frozen. We return without an error. From 5e5d4fc68e1e0bcc29ab2354f32c37a754fd9192 Mon Sep 17 00:00:00 2001 From: Tomoki Sekiyama Date: Mon, 13 Jan 2014 12:25:29 -0500 Subject: [PATCH 054/219] qga: vss-win32: Fix interference with snapshot creation by other VSS requesters When a VSS requester such as vshadow.exe or diskshadow.exe requests to create disk snapshots, Windows may choose qemu-ga VSS provider if it is only provider registered on the system. However, because it provides only a function to freeze the filesystem, the snapshotting fails. This patch adds a check into CQGAVssProvider::IsVolumeSupported() to reject the request from other VSS requesters, so that the other provider is chosen. The check of requester is done by confirming event channels between qemu-ga's requester and provider established. To ensure that the events are initialized when CQGAVssProvider::IsVolumeSupported() is called, it moves the initialization earlier. Signed-off-by: Tomoki Sekiyama Reviewed-by: Gal Hammer Reviewed-by: Yan Vugenfirer Signed-off-by: Michael Roth (cherry picked from commit ff8adbcfdbbd9c0f2b01ff8a32bc75082fdd9844) Signed-off-by: Michael Roth --- qga/vss-win32/provider.cpp | 11 +++++++- qga/vss-win32/requester.cpp | 52 ++++++++++++++++++------------------- 2 files changed, 36 insertions(+), 27 deletions(-) diff --git a/qga/vss-win32/provider.cpp b/qga/vss-win32/provider.cpp index c3030d8e55..b2336465ac 100644 --- a/qga/vss-win32/provider.cpp +++ b/qga/vss-win32/provider.cpp @@ -291,8 +291,17 @@ STDMETHODIMP CQGAVssProvider::BeginPrepareSnapshot( STDMETHODIMP CQGAVssProvider::IsVolumeSupported( VSS_PWSZ pwszVolumeName, BOOL *pbSupportedByThisProvider) { - *pbSupportedByThisProvider = TRUE; + HANDLE hEventFrozen; + /* Check if a requester is qemu-ga by whether an event is created */ + hEventFrozen = OpenEvent(EVENT_ALL_ACCESS, FALSE, EVENT_NAME_FROZEN); + if (!hEventFrozen) { + *pbSupportedByThisProvider = FALSE; + return S_OK; + } + CloseHandle(hEventFrozen); + + *pbSupportedByThisProvider = TRUE; return S_OK; } diff --git a/qga/vss-win32/requester.cpp b/qga/vss-win32/requester.cpp index 0a55447e81..922e74ddfc 100644 --- a/qga/vss-win32/requester.cpp +++ b/qga/vss-win32/requester.cpp @@ -252,6 +252,32 @@ void requester_freeze(int *num_vols, ErrorSet *errset) CoInitialize(NULL); + /* Allow unrestricted access to events */ + InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION); + SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE); + sa.nLength = sizeof(sa); + sa.lpSecurityDescriptor = &sd; + sa.bInheritHandle = FALSE; + + vss_ctx.hEventFrozen = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_FROZEN); + if (!vss_ctx.hEventFrozen) { + err_set(errset, GetLastError(), "failed to create event %s", + EVENT_NAME_FROZEN); + goto out; + } + vss_ctx.hEventThaw = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_THAW); + if (!vss_ctx.hEventThaw) { + err_set(errset, GetLastError(), "failed to create event %s", + EVENT_NAME_THAW); + goto out; + } + vss_ctx.hEventTimeout = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_TIMEOUT); + if (!vss_ctx.hEventTimeout) { + err_set(errset, GetLastError(), "failed to create event %s", + EVENT_NAME_TIMEOUT); + goto out; + } + assert(pCreateVssBackupComponents != NULL); hr = pCreateVssBackupComponents(&vss_ctx.pVssbc); if (FAILED(hr)) { @@ -362,32 +388,6 @@ void requester_freeze(int *num_vols, ErrorSet *errset) goto out; } - /* Allow unrestricted access to events */ - InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION); - SetSecurityDescriptorDacl(&sd, TRUE, NULL, FALSE); - sa.nLength = sizeof(sa); - sa.lpSecurityDescriptor = &sd; - sa.bInheritHandle = FALSE; - - vss_ctx.hEventFrozen = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_FROZEN); - if (!vss_ctx.hEventFrozen) { - err_set(errset, GetLastError(), "failed to create event %s", - EVENT_NAME_FROZEN); - goto out; - } - vss_ctx.hEventThaw = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_THAW); - if (!vss_ctx.hEventThaw) { - err_set(errset, GetLastError(), "failed to create event %s", - EVENT_NAME_THAW); - goto out; - } - vss_ctx.hEventTimeout = CreateEvent(&sa, TRUE, FALSE, EVENT_NAME_TIMEOUT); - if (!vss_ctx.hEventTimeout) { - err_set(errset, GetLastError(), "failed to create event %s", - EVENT_NAME_TIMEOUT); - goto out; - } - /* * Start VSS quiescing operations. * CQGAVssProvider::CommitSnapshots will kick vss_ctx.hEventFrozen From 6d0a48acd8442e1a74443c190b58c60547788fdc Mon Sep 17 00:00:00 2001 From: Tomoki Sekiyama Date: Mon, 13 Jan 2014 12:25:39 -0500 Subject: [PATCH 055/219] qga: vss-win32: Fix interference with snapshot deletion by other VSS request When a VSS requester such as vshadow.exe or diskshadow.exe requests to delete snapshots, qemu-ga VSS provider's DeleteSnapshots() is also called and returns E_NOTIMPL, that makes the deletion fail. To avoid this issue, return S_OK and set values that represent no snapshots are deleted by qemu-ga VSS provider. Signed-off-by: Tomoki Sekiyama Reviewed-by: Gal Hammer Reviewed-by: Yan Vugenfirer Signed-off-by: Michael Roth (cherry picked from commit d9e1f574cb6eac0a3a2f97b67d2e7a3ad9c1dc95) Signed-off-by: Michael Roth --- qga/vss-win32/provider.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/qga/vss-win32/provider.cpp b/qga/vss-win32/provider.cpp index b2336465ac..d5129f8f65 100644 --- a/qga/vss-win32/provider.cpp +++ b/qga/vss-win32/provider.cpp @@ -278,7 +278,9 @@ STDMETHODIMP CQGAVssProvider::DeleteSnapshots( VSS_ID SourceObjectId, VSS_OBJECT_TYPE eSourceObjectType, BOOL bForceDelete, LONG *plDeletedSnapshots, VSS_ID *pNondeletedSnapshotID) { - return E_NOTIMPL; + *plDeletedSnapshots = 0; + *pNondeletedSnapshotID = SourceObjectId; + return S_OK; } STDMETHODIMP CQGAVssProvider::BeginPrepareSnapshot( From 4736fb34f7d6ca2962c0a943ca4835fd25ca6140 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 21 Feb 2014 13:36:49 +0100 Subject: [PATCH 056/219] qga: Fix memory allocation pasto qmp_guest_file_seek() allocates memory for a GuestFileRead object instead of the GuestFileSeek object it actually uses. Harmless, because the GuestFileRead is slightly larger. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Signed-off-by: Michael Roth (cherry picked from commit 10b7c5dd0da1a92182e87f5fc1887d779ad1a9e8) Signed-off-by: Michael Roth --- qga/commands-posix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qga/commands-posix.c b/qga/commands-posix.c index 8100bee67e..8763308cac 100644 --- a/qga/commands-posix.c +++ b/qga/commands-posix.c @@ -525,7 +525,7 @@ struct GuestFileSeek *qmp_guest_file_seek(int64_t handle, int64_t offset, if (ret == -1) { error_setg_errno(err, errno, "failed to seek file"); } else { - seek_data = g_malloc0(sizeof(GuestFileRead)); + seek_data = g_new0(GuestFileSeek, 1); seek_data->position = ftell(fh); seek_data->eof = feof(fh); } From e498311693377ee6aa599a37c643d364f7072170 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Wed, 26 Feb 2014 17:19:57 +0000 Subject: [PATCH 057/219] hw/misc/arm_sysctl: Fix bad boundary check on mb clock accesses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix incorrect use of sizeof() rather than ARRAY_SIZE() to guard accesses into the mb_clock[] array, which was allowing a malicious guest to overwrite the end of the array. Signed-off-by: Peter Maydell Reviewed-by: Paolo Bonzini Reviewed-by: Andreas Färber Message-id: 1392647854-8067-2-git-send-email-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org (cherry picked from commit ec1efab95767312ff4afb816d0d4b548e093b031) Signed-off-by: Michael Roth --- hw/misc/arm_sysctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/misc/arm_sysctl.c b/hw/misc/arm_sysctl.c index 0fc26d29a5..3fad6f86de 100644 --- a/hw/misc/arm_sysctl.c +++ b/hw/misc/arm_sysctl.c @@ -276,7 +276,7 @@ static bool vexpress_cfgctrl_read(arm_sysctl_state *s, unsigned int dcc, } break; case SYS_CFG_OSC: - if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) { + if (site == SYS_CFG_SITE_MB && device < ARRAY_SIZE(s->mb_clock)) { /* motherboard clock */ *val = s->mb_clock[device]; return true; @@ -324,7 +324,7 @@ static bool vexpress_cfgctrl_write(arm_sysctl_state *s, unsigned int dcc, switch (function) { case SYS_CFG_OSC: - if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) { + if (site == SYS_CFG_SITE_MB && device < ARRAY_SIZE(s->mb_clock)) { /* motherboard clock */ s->mb_clock[device] = val; return true; From 5444df15819cc1fa5a95876967d726b80f594e31 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Wed, 26 Feb 2014 17:19:58 +0000 Subject: [PATCH 058/219] hw/timer/arm_timer: Avoid array overrun for bad addresses MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The integrator's timer read/write functions log an error for bad addresses in guest accesses, but were falling through and using an out of bounds array index rather than returning early. Fix this. Signed-off-by: Peter Maydell Reviewed-by: Paolo Bonzini Reviewed-by: Andreas Färber Message-id: 1392647854-8067-4-git-send-email-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org (cherry picked from commit cba933b2257ef0ad241756a0ff86bc0acda685ca) Signed-off-by: Michael Roth --- hw/timer/arm_timer.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/timer/arm_timer.c b/hw/timer/arm_timer.c index a47afde23a..fb0a45c889 100644 --- a/hw/timer/arm_timer.c +++ b/hw/timer/arm_timer.c @@ -320,6 +320,7 @@ static uint64_t icp_pit_read(void *opaque, hwaddr offset, n = offset >> 8; if (n > 2) { qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n); + return 0; } return arm_timer_read(s->timer[n], offset & 0xff); @@ -334,6 +335,7 @@ static void icp_pit_write(void *opaque, hwaddr offset, n = offset >> 8; if (n > 2) { qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad timer %d\n", __func__, n); + return; } arm_timer_write(s->timer[n], offset & 0xff, value); From ff51a1d589b07d7f95a5355b31a9f962203fd9cd Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Wed, 26 Feb 2014 17:19:58 +0000 Subject: [PATCH 059/219] hw/intc/exynos4210_combiner: Don't overrun output_irq array in init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Exynos4210 combiner has IIC_NIRQ inputs and IIC_NGRP outputs; use the correct constant in the loop initializing our output sysbus IRQs so that we don't overrun the output_irq[] array. Signed-off-by: Peter Maydell Message-id: 1392659611-8439-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Andreas Färber Cc: qemu-stable@nongnu.org (cherry picked from commit fce0a826083e0416981e2ea9518ce5faa75b81a3) Signed-off-by: Michael Roth --- hw/intc/exynos4210_combiner.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/intc/exynos4210_combiner.c b/hw/intc/exynos4210_combiner.c index ef5e8eb22f..3287479456 100644 --- a/hw/intc/exynos4210_combiner.c +++ b/hw/intc/exynos4210_combiner.c @@ -418,7 +418,7 @@ static int exynos4210_combiner_init(SysBusDevice *sbd) qdev_init_gpio_in(dev, exynos4210_combiner_handler, IIC_NIRQ); /* Connect SysBusDev irqs to device specific irqs */ - for (i = 0; i < IIC_NIRQ; i++) { + for (i = 0; i < IIC_NGRP; i++) { sysbus_init_irq(sbd, &s->output_irq[i]); } From fa98e47a250516d83dd3712e9456bf795c83627b Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Wed, 26 Feb 2014 17:19:59 +0000 Subject: [PATCH 060/219] hw/arm/musicpal: Remove nonexistent CDTP2, CDTP3 registers The ethernet device in the musicpal only has two tx queues, but we modelled it with four CTDP registers, presumably a cut and paste from the rx queue registers. Since the tx_queue[] array is only 2 entries long this allowed a guest to overrun this buffer. Remove the nonexistent registers. Signed-off-by: Peter Maydell Message-id: 1392737293-10073-1-git-send-email-peter.maydell@linaro.org Acked-by: Jan Kiszka Cc: qemu-stable@nongnu.org (cherry picked from commit cf143ad35018c5fc1da6365b45acda2b34aba90a) Signed-off-by: Michael Roth --- hw/arm/musicpal.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c index 023e8756e2..a8d0086354 100644 --- a/hw/arm/musicpal.c +++ b/hw/arm/musicpal.c @@ -92,8 +92,6 @@ #define MP_ETH_CRDP3 0x4AC #define MP_ETH_CTDP0 0x4E0 #define MP_ETH_CTDP1 0x4E4 -#define MP_ETH_CTDP2 0x4E8 -#define MP_ETH_CTDP3 0x4EC /* MII PHY access */ #define MP_ETH_SMIR_DATA 0x0000FFFF @@ -308,7 +306,7 @@ static uint64_t mv88w8618_eth_read(void *opaque, hwaddr offset, case MP_ETH_CRDP0 ... MP_ETH_CRDP3: return s->rx_queue[(offset - MP_ETH_CRDP0)/4]; - case MP_ETH_CTDP0 ... MP_ETH_CTDP3: + case MP_ETH_CTDP0 ... MP_ETH_CTDP1: return s->tx_queue[(offset - MP_ETH_CTDP0)/4]; default: @@ -362,7 +360,7 @@ static void mv88w8618_eth_write(void *opaque, hwaddr offset, s->cur_rx[(offset - MP_ETH_CRDP0)/4] = value; break; - case MP_ETH_CTDP0 ... MP_ETH_CTDP3: + case MP_ETH_CTDP0 ... MP_ETH_CTDP1: s->tx_queue[(offset - MP_ETH_CTDP0)/4] = value; break; } From e50218c2697812c7f2068f190a2868e4836874fe Mon Sep 17 00:00:00 2001 From: Christoffer Dall Date: Wed, 26 Feb 2014 17:19:59 +0000 Subject: [PATCH 061/219] hw/intc/arm_gic: Fix GIC_SET_LEVEL The GIC_SET_LEVEL macro unfortunately overwrote the entire level bitmask instead of just or'ing on the necessary bits, causing active level PPIs on a core to clear PPIs on other cores. Cc: qemu-stable@nongnu.org Reported-by: Rob Herring Signed-off-by: Christoffer Dall Message-id: 1393031030-8692-1-git-send-email-christoffer.dall@linaro.org Signed-off-by: Peter Maydell (cherry picked from commit 6453fa998a11e133e673c0a613b88484a8231d1d) Signed-off-by: Michael Roth --- hw/intc/gic_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/intc/gic_internal.h b/hw/intc/gic_internal.h index 3989fd1bd5..25107cef39 100644 --- a/hw/intc/gic_internal.h +++ b/hw/intc/gic_internal.h @@ -41,7 +41,7 @@ #define GIC_SET_MODEL(irq) s->irq_state[irq].model = true #define GIC_CLEAR_MODEL(irq) s->irq_state[irq].model = false #define GIC_TEST_MODEL(irq) s->irq_state[irq].model -#define GIC_SET_LEVEL(irq, cm) s->irq_state[irq].level = (cm) +#define GIC_SET_LEVEL(irq, cm) s->irq_state[irq].level |= (cm) #define GIC_CLEAR_LEVEL(irq, cm) s->irq_state[irq].level &= ~(cm) #define GIC_TEST_LEVEL(irq, cm) ((s->irq_state[irq].level & (cm)) != 0) #define GIC_SET_TRIGGER(irq) s->irq_state[irq].trigger = true From d689974b513f29342d65ffc991c6c1a4437d5d1d Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Mon, 27 Jan 2014 15:18:09 +0100 Subject: [PATCH 062/219] KVM: Use return value for error print Commit 94ccff13 introduced a more verbose failure message and retry operations on KVM VM creation. However, it ended up using a variable for its failure message that hasn't been initialized yet. Fix it to use the value it meant to set. Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf Signed-off-by: Paolo Bonzini (cherry picked from commit 521f438e36b0265d66862e9cd35e4db82686ca9f) Signed-off-by: Michael Roth --- kvm-all.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kvm-all.c b/kvm-all.c index 951e6e343f..9f18ea38b9 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -1436,7 +1436,7 @@ int kvm_init(void) } while (ret == -EINTR); if (ret < 0) { - fprintf(stderr, "ioctl(KVM_CREATE_VM) failed: %d %s\n", -s->vmfd, + fprintf(stderr, "ioctl(KVM_CREATE_VM) failed: %d %s\n", -ret, strerror(-ret)); #ifdef TARGET_S390X From ba014af39c6f9ee5af70d39ef495ac9f2bd4a76c Mon Sep 17 00:00:00 2001 From: Michael Roth Date: Mon, 3 Mar 2014 16:30:51 -0600 Subject: [PATCH 063/219] Update VERSION for 1.7.1 release Signed-off-by: Michael Roth --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index bd8bf882d0..943f9cbc4e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.7.0 +1.7.1 From 248de52cf84185b3bafea8ba31333bd0d7a34893 Mon Sep 17 00:00:00 2001 From: Gal Hammer Date: Tue, 25 Feb 2014 12:12:35 +0200 Subject: [PATCH 064/219] char: restore read callback on a reattached (hotplug) chardev Fix a bug that was introduced in commit 386a5a1e. A removal of a device set the chr handlers to NULL. However when the device is plugged back, its read callback is not restored so data can't be transferred from the host to the guest (e.g. via the virtio-serial port). https://bugzilla.redhat.com/show_bug.cgi?id=1027181 Signed-off-by: Gal Hammer Signed-off-by: Gerd Hoffmann (cherry picked from commit ac1b84dd1e020648db82a99260891aa982d1142c) Signed-off-by: Michael Roth --- qemu-char.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/qemu-char.c b/qemu-char.c index e00f84c8e9..1c0d6486f5 100644 --- a/qemu-char.c +++ b/qemu-char.c @@ -213,7 +213,7 @@ void qemu_chr_add_handlers(CharDriverState *s, s->chr_read = fd_read; s->chr_event = fd_event; s->handler_opaque = opaque; - if (s->chr_update_read_handler) + if (fe_open && s->chr_update_read_handler) s->chr_update_read_handler(s); if (!s->explicit_fe_open) { @@ -1136,13 +1136,14 @@ static void pty_chr_state(CharDriverState *chr, int connected) if (!s->connected) { s->connected = 1; qemu_chr_be_generic_open(chr); + } + if (!chr->fd_in_tag) { chr->fd_in_tag = io_add_watch_poll(s->fd, pty_chr_read_poll, pty_chr_read, chr); } } } - static void pty_chr_close(struct CharDriverState *chr) { PtyCharDriver *s = chr->opaque; @@ -2510,6 +2511,17 @@ static void tcp_chr_connect(void *opaque) qemu_chr_be_generic_open(chr); } +static void tcp_chr_update_read_handler(CharDriverState *chr) +{ + TCPCharDriver *s = chr->opaque; + + remove_fd_in_watch(chr); + if (s->chan) { + chr->fd_in_tag = io_add_watch_poll(s->chan, tcp_chr_read_poll, + tcp_chr_read, chr); + } +} + #define IACSET(x,a,b,c) x[0] = a; x[1] = b; x[2] = c; static void tcp_chr_telnet_init(int fd) { @@ -2665,6 +2677,7 @@ static CharDriverState *qemu_chr_open_socket_fd(int fd, bool do_nodelay, chr->get_msgfd = tcp_get_msgfd; chr->chr_add_client = tcp_chr_add_client; chr->chr_add_watch = tcp_chr_add_watch; + chr->chr_update_read_handler = tcp_chr_update_read_handler; /* be isn't opened until we get a connection */ chr->explicit_be_open = true; From 8b8dd2c4b50abe5647de7c336496c253dc474d3b Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 29 Jan 2014 18:47:39 +0100 Subject: [PATCH 065/219] scsi-bus: Fix transfer length for VERIFY with BYTCHK=11b The transfer length depends on field BYTCHK, which is encoded in byte 1, bits 1..2. However, the guard for for case BYTCHK=11b doesn't work, and we get case 01b instead. Fix it. Note that since emulated scsi-hd fails the command outright, it takes SCSI passthrough of a device that actually implements VERIFY with BYTCHK=11b to make the bug bite. Screwed up in commit d12ad44. Spotted by Coverity. Cc: qemu-stable@nongnu.org Signed-off-by: Markus Armbruster Signed-off-by: Paolo Bonzini (cherry picked from commit 7ef8cf9a0861b6f67f5e57428478c31bfd811651) Signed-off-by: Michael Roth --- hw/scsi/scsi-bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/scsi-bus.c b/hw/scsi/scsi-bus.c index b04438bae8..48286ef415 100644 --- a/hw/scsi/scsi-bus.c +++ b/hw/scsi/scsi-bus.c @@ -909,7 +909,7 @@ static int scsi_req_length(SCSICommand *cmd, SCSIDevice *dev, uint8_t *buf) case VERIFY_16: if ((buf[1] & 2) == 0) { cmd->xfer = 0; - } else if ((buf[1] & 4) == 1) { + } else if ((buf[1] & 4) != 0) { cmd->xfer = 1; } cmd->xfer *= dev->blocksize; From 0a77a92d74f98e4898cb54c945ada84768427851 Mon Sep 17 00:00:00 2001 From: Peter Lieven Date: Tue, 18 Feb 2014 13:08:39 +0100 Subject: [PATCH 066/219] block/iscsi: fix deadlock on scsi check condition the retry logic was broken because the complete status of the task structure was not reset. this resulted in an infinite loop retrying the command over and over. CC: qemu-stable@nongnu.org Signed-off-by: Peter Lieven Signed-off-by: Paolo Bonzini (cherry picked from commit 837c390137193e715fee20b35c0ddb164b1c4fa4) Conflicts: block/iscsi.c *only modified retry clauses present before 063c3378 Signed-off-by: Michael Roth --- block/iscsi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/block/iscsi.c b/block/iscsi.c index a410a28e38..75a4001c61 100644 --- a/block/iscsi.c +++ b/block/iscsi.c @@ -143,12 +143,13 @@ iscsi_co_generic_cb(struct iscsi_context *iscsi, int status, if (iTask->retries-- > 0 && status == SCSI_STATUS_CHECK_CONDITION && task->sense.key == SCSI_SENSE_UNIT_ATTENTION) { + error_report("iSCSI CheckCondition: %s", iscsi_get_error(iscsi)); iTask->do_retry = 1; goto out; } if (status != SCSI_STATUS_GOOD) { - error_report("iSCSI: Failure. %s", iscsi_get_error(iscsi)); + error_report("iSCSI Failure: %s", iscsi_get_error(iscsi)); } out: @@ -868,6 +869,7 @@ retry: scsi_free_scsi_task(iTask.task); iTask.task = NULL; } + iTask.complete = 0; goto retry; } @@ -964,6 +966,7 @@ retry: } if (iTask.do_retry) { + iTask.complete = 0; goto retry; } From 91ae1d30ec5b3b8826c2f9e3742e1d52f2fadb0b Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Mon, 13 Jan 2014 09:26:49 +0100 Subject: [PATCH 067/219] s390x/virtio-hcall: Add range check for hypervisor call The handler for diag 500 did not check whether the requested function was in the supported range, so illegal values could crash QEMU in the worst case. Signed-off-by: Thomas Huth Reviewed-by: Cornelia Huck Signed-off-by: Christian Borntraeger CC: qemu-stable@nongnu.org (cherry picked from commit f2c55d1735175ab37ab9f69854460087112d2756) Signed-off-by: Michael Roth --- hw/s390x/s390-virtio-hcall.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/hw/s390x/s390-virtio-hcall.c b/hw/s390x/s390-virtio-hcall.c index ee626493c6..0e328d806d 100644 --- a/hw/s390x/s390-virtio-hcall.c +++ b/hw/s390x/s390-virtio-hcall.c @@ -26,11 +26,14 @@ void s390_register_virtio_hypercall(uint64_t code, s390_virtio_fn fn) int s390_virtio_hypercall(CPUS390XState *env) { - s390_virtio_fn fn = s390_diag500_table[env->regs[1]]; + s390_virtio_fn fn; - if (!fn) { - return -EINVAL; + if (env->regs[1] < MAX_DIAG_SUBCODES) { + fn = s390_diag500_table[env->regs[1]]; + if (fn) { + return fn(&env->regs[2]); + } } - return fn(&env->regs[2]); + return -EINVAL; } From 2e191f8e545c3235849508bd555e4856347e9cc5 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Fri, 10 Jan 2014 12:38:40 -0800 Subject: [PATCH 068/219] target-i386: Fix CC_OP_CLR vs PF Parity should be set for a zero result. Cc: qemu-stable@nongnu.org Reviewed-by: Paolo Bonzini Reviewed-by: Edgar E. Iglesias Signed-off-by: Richard Henderson (cherry picked from commit d2fe51bda8adf33d07c21e034fdc13a1e1fa4e19) Signed-off-by: Michael Roth --- target-i386/cc_helper.c | 2 +- target-i386/translate.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c index ee04092b4e..05dd12b5a7 100644 --- a/target-i386/cc_helper.c +++ b/target-i386/cc_helper.c @@ -103,7 +103,7 @@ target_ulong helper_cc_compute_all(target_ulong dst, target_ulong src1, case CC_OP_EFLAGS: return src1; case CC_OP_CLR: - return CC_Z; + return CC_Z | CC_P; case CC_OP_MULB: return compute_all_mulb(dst, src1); diff --git a/target-i386/translate.c b/target-i386/translate.c index 7916e5b1f6..b19ea14458 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -915,7 +915,7 @@ static void gen_compute_eflags(DisasContext *s) return; } if (s->cc_op == CC_OP_CLR) { - tcg_gen_movi_tl(cpu_cc_src, CC_Z); + tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P); set_cc_op(s, CC_OP_EFLAGS); return; } From 6be38ee9e711dd89ea9693d317baa7a8ec9c9d12 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Mon, 24 Feb 2014 15:53:40 -0800 Subject: [PATCH 069/219] target-i386: Fix ucomis and comis memory access We were loading 16 bytes for both single and double-precision scalar comparisons. Reported-by: Alexander Bluhm Signed-off-by: Richard Henderson (cherry picked from commit cb48da7f8140b5cbb648d990876720da9cd04d8f) Conflicts: target-i386/translate.c *removed dependency on 323d1876 Signed-off-by: Michael Roth --- target-i386/translate.c | 46 ++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 10 deletions(-) diff --git a/target-i386/translate.c b/target-i386/translate.c index b19ea14458..4a25486e03 100644 --- a/target-i386/translate.c +++ b/target-i386/translate.c @@ -4565,21 +4565,47 @@ static void gen_sse(CPUX86State *env, DisasContext *s, int b, if (is_xmm) { op1_offset = offsetof(CPUX86State,xmm_regs[reg]); if (mod != 3) { + int sz = 4; + gen_lea_modrm(env, s, modrm, ®_addr, &offset_addr); op2_offset = offsetof(CPUX86State,xmm_t0); - if (b1 >= 2 && ((b >= 0x50 && b <= 0x5f && b != 0x5b) || - b == 0xc2)) { - /* specific case for SSE single instructions */ + + switch (b) { + case 0x50 ... 0x5a: + case 0x5c ... 0x5f: + case 0xc2: + /* Most sse scalar operations. */ if (b1 == 2) { - /* 32 bit access */ - gen_op_ld_T0_A0(OT_LONG + s->mem_index); - tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(0))); - } else { - /* 64 bit access */ - gen_ldq_env_A0(s->mem_index, offsetof(CPUX86State,xmm_t0.XMM_D(0))); + sz = 2; + } else if (b1 == 3) { + sz = 3; } - } else { + break; + + case 0x2e: /* ucomis[sd] */ + case 0x2f: /* comis[sd] */ + if (b1 == 0) { + sz = 2; + } else { + sz = 3; + } + break; + } + + switch (sz) { + case 2: + /* 32 bit access */ + gen_op_ld_T0_A0(OT_LONG + s->mem_index); + tcg_gen_st32_tl(cpu_T[0], cpu_env, offsetof(CPUX86State,xmm_t0.XMM_L(0))); + break; + case 3: + /* 64 bit access */ + gen_ldq_env_A0(s->mem_index, offsetof(CPUX86State,xmm_t0.XMM_D(0))); + break; + default: + /* 128 bit access */ gen_ldo_env_A0(s->mem_index, op2_offset); + break; } } else { rm = (modrm & 7) | REX_B(s); From 4f577e9e69c0ac8befd75d67ca591398e4994719 Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Fri, 24 Jan 2014 15:02:24 +0800 Subject: [PATCH 070/219] scsi: Change scsi sense buf size to 252 Current buffer size fails the assersion check in like hw/scsi/scsi-bus.c:1655: assert(req->sense_len <= sizeof(req->sense)); when backend (block/iscsi.c) returns more data then 96. Exercise the core dump path by booting an Gentoo ISO with scsi-generic device backed with iscsi (built with libiscsi 1.7.0): x86_64-softmmu/qemu-system-x86_64 \ -drive file=iscsi://localhost:3260/iqn.foobar/0,if=none,id=drive-disk \ -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 \ -device scsi-generic,drive=drive-disk,bus=scsi1.0,id=iscsi-disk \ -boot d \ -cdrom gentoo.iso qemu-system-x86_64: hw/scsi/scsi-bus.c:1655: scsi_req_complete: Assertion `req->sense_len <= sizeof(req->sense)' failed. According to SPC-4, section 4.5.2.1, 252 is the limit of sense data. So increase the value to fix it. Also remove duplicated define for the macro. Signed-off-by: Fam Zheng Reviewed-by: Benoit Canet Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit c5f52875b980e54e6bebad6121c76863356e1d7f) Signed-off-by: Michael Roth --- hw/scsi/scsi-generic.c | 2 -- hw/scsi/spapr_vscsi.c | 1 - include/hw/scsi/scsi.h | 2 +- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c index 8f195bec00..4967e477d8 100644 --- a/hw/scsi/scsi-generic.c +++ b/hw/scsi/scsi-generic.c @@ -37,8 +37,6 @@ do { fprintf(stderr, "scsi-generic: " fmt , ## __VA_ARGS__); } while (0) #include #include "block/scsi.h" -#define SCSI_SENSE_BUF_SIZE 96 - #define SG_ERR_DRIVER_TIMEOUT 0x06 #define SG_ERR_DRIVER_SENSE 0x08 diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c index c0c46d7f7c..e8bca390dd 100644 --- a/hw/scsi/spapr_vscsi.c +++ b/hw/scsi/spapr_vscsi.c @@ -60,7 +60,6 @@ #define VSCSI_MAX_SECTORS 4096 #define VSCSI_REQ_LIMIT 24 -#define SCSI_SENSE_BUF_SIZE 96 #define SRP_RSP_SENSE_DATA_LEN 18 typedef union vscsi_crq { diff --git a/include/hw/scsi/scsi.h b/include/hw/scsi/scsi.h index 76f6ac24a7..2e0554cf49 100644 --- a/include/hw/scsi/scsi.h +++ b/include/hw/scsi/scsi.h @@ -31,7 +31,7 @@ typedef struct SCSISense { uint8_t ascq; } SCSISense; -#define SCSI_SENSE_BUF_SIZE 96 +#define SCSI_SENSE_BUF_SIZE 252 struct SCSICommand { uint8_t buf[SCSI_CMD_BUF_SIZE]; From 7e42cd6f35a48b20651eb84894ba8df9039e7ccb Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 4 Mar 2014 15:28:18 +0100 Subject: [PATCH 071/219] qom: Avoid leaking str and bool properties on failure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When object_property_add_str() and object_property_add_bool() fail, they leak their internal StringProperty and BoolProperty structs. Remember to free the structs on error. Luckily this is a low-impact memory leak since most QOM properties are static qdev properties that will never take the error case. object_property_add() only fails if the property name is already in use. Signed-off-by: Stefan Hajnoczi Reviewed-by: Eric Blake Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber (cherry picked from commit a01aedc8d32e6f5b08a4041b62be3c5fab7a3382) Signed-off-by: Michael Roth --- qom/object.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/qom/object.c b/qom/object.c index 21b5a0bbe1..9156f91070 100644 --- a/qom/object.c +++ b/qom/object.c @@ -1273,6 +1273,7 @@ void object_property_add_str(Object *obj, const char *name, void (*set)(Object *, const char *, Error **), Error **errp) { + Error *local_err = NULL; StringProperty *prop = g_malloc0(sizeof(*prop)); prop->get = get; @@ -1282,7 +1283,11 @@ void object_property_add_str(Object *obj, const char *name, get ? property_get_str : NULL, set ? property_set_str : NULL, property_release_str, - prop, errp); + prop, &local_err); + if (local_err) { + error_propagate(errp, local_err); + g_free(prop); + } } typedef struct BoolProperty @@ -1329,6 +1334,7 @@ void object_property_add_bool(Object *obj, const char *name, void (*set)(Object *, bool, Error **), Error **errp) { + Error *local_err = NULL; BoolProperty *prop = g_malloc0(sizeof(*prop)); prop->get = get; @@ -1338,7 +1344,11 @@ void object_property_add_bool(Object *obj, const char *name, get ? property_get_bool : NULL, set ? property_set_bool : NULL, property_release_bool, - prop, errp); + prop, &local_err); + if (local_err) { + error_propagate(errp, local_err); + g_free(prop); + } } static char *qdev_get_type(Object *obj, Error **errp) From a290aeebc477e9b17b5aeded425be0009798faa2 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Sat, 8 Mar 2014 16:00:43 +0100 Subject: [PATCH 072/219] tap: avoid deadlocking rx The net subsystem has a control flow mechanism so peer NetClientStates can tell each other to stop sending packets. This is used to stop monitoring the tap file descriptor for incoming packets if the guest rx ring has no spare buffers. There is a corner case when tap_can_send() is true at the beginning of an event loop iteration but becomes false before the tap_send() fd handler is invoked. tap_send() will read the packet from the tap file descriptor and attempt to send it. The net queue will hold on to the packet and return 0, indicating that further I/O is not possible. tap then stops monitoring the file descriptor for reads. This is unlike the normal case where tap_can_send() is the same before and during the event loop iteration. The event loop would simply not monitor the file descriptor if tap_can_send() returns true. Upon next iteration it would check tap_can_send() again and begin monitoring if we can send. The deadlock happens because tap_send() explicitly disabled read_poll. This is done with the expectation that the peer will call qemu_net_queue_flush(). But hw/net/virtio-net.c does not monitor vm_running transitions and issue the flush. Hence we're left with a broken tap device. Cc: qemu-stable@nongnu.org Reported-by: Neil Skrypuch Tested-by: Neil Skrypuch Signed-off-by: Stefan Hajnoczi (cherry picked from commit 68e5ec64009812dbaa03ed9cfded9344986f5304) Signed-off-by: Michael Roth --- net/tap.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/tap.c b/net/tap.c index 39c1cda3e4..6b87a73960 100644 --- a/net/tap.c +++ b/net/tap.c @@ -190,7 +190,7 @@ static void tap_send(void *opaque) TAPState *s = opaque; int size; - do { + while (qemu_can_send_packet(&s->nc)) { uint8_t *buf = s->buf; size = tap_read_packet(s->fd, s->buf, sizeof(s->buf)); @@ -206,8 +206,11 @@ static void tap_send(void *opaque) size = qemu_send_packet_async(&s->nc, buf, size, tap_send_completed); if (size == 0) { tap_read_poll(s, false); + break; + } else if (size < 0) { + break; } - } while (size > 0 && qemu_can_send_packet(&s->nc)); + } } bool tap_has_ufo(NetClientState *nc) From 151be4f61f305b695c844bd7768090790b554fa8 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Fri, 7 Mar 2014 11:11:22 +0100 Subject: [PATCH 073/219] tests: Fix 'make test' for i686 hosts (build regression) 'make test' is broken at least since commit baacf04799ace72a9c735dd9306a1ceaf305e7cf. Several source files were moved to util/, and some of them there split, so add the missing prefix and new files to fix the compiler and linker errors. There remain more issues, but these changes allow running the test on a Linux i686 host. Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Weil Signed-off-by: Michael Tokarev (cherry picked from commit 6d4adef48dd6bb738474ab857f4fcb240ff9d2d6) Signed-off-by: Michael Roth --- tests/tcg/test_path.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/tcg/test_path.c b/tests/tcg/test_path.c index a064eea8fb..f8dd36aab2 100644 --- a/tests/tcg/test_path.c +++ b/tests/tcg/test_path.c @@ -1,12 +1,15 @@ /* Test path override code */ #define _GNU_SOURCE #include "config-host.h" -#include "iov.c" -#include "cutils.c" -#include "path.c" -#include "trace.c" +#include "util/cutils.c" +#include "util/hexdump.c" +#include "util/iov.c" +#include "util/path.c" +#include "util/qemu-timer-common.c" +#include "trace/control.c" +#include "../trace/generated-events.c" #ifdef CONFIG_TRACE_SIMPLE -#include "../trace/simple.c" +#include "trace/simple.c" #endif #include From 0414abe04f9782404ef08179763bca5e26633177 Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Fri, 7 Mar 2014 10:43:38 +0100 Subject: [PATCH 074/219] configure: Don't use __int128_t for clang versions before 3.2 Those versions don't fully support __int128_t. Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Weil Signed-off-by: Michael Tokarev (cherry picked from commit a00f66ab9b3021e781695a73c579b6292501ab37) Signed-off-by: Michael Roth --- configure | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configure b/configure index 3cbcea1448..c0882dc8d1 100755 --- a/configure +++ b/configure @@ -3520,6 +3520,11 @@ fi int128=no cat > $TMPC << EOF +#if defined(__clang_major__) && defined(__clang_minor__) +# if ((__clang_major__ < 3) || (__clang_major__ == 3) && (__clang_minor__ < 2)) +# error __int128_t does not work in CLANG before 3.2 +# endif +#endif __int128_t a; __uint128_t b; int main (void) { From 8211eeb7d26915d99a1d6a7eb79d09e862784f4a Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 21 Mar 2014 13:55:18 +0100 Subject: [PATCH 075/219] mirror: fix throttling delay calculation The throttling delay calculation was using an inaccurate sector count to calculate the time to sleep. This broke rate-limiting for the block mirror job. Move the delay calculation into mirror_iteration() where we know how many sectors were transferred. This lets us calculate an accurate delay time. Reported-by: Joaquim Barrera Signed-off-by: Paolo Bonzini Signed-off-by: Stefan Hajnoczi (cherry picked from commit cc8c9d6c6f28e4e376a6561a2a31524fd069bc2d) Signed-off-by: Michael Roth --- block/mirror.c | 28 +++++++++++++++------------- trace-events | 2 +- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/block/mirror.c b/block/mirror.c index 7b95acf88c..9bfc22f571 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -136,11 +136,12 @@ static void mirror_read_complete(void *opaque, int ret) mirror_write_complete, op); } -static void coroutine_fn mirror_iteration(MirrorBlockJob *s) +static uint64_t coroutine_fn mirror_iteration(MirrorBlockJob *s) { BlockDriverState *source = s->common.bs; int nb_sectors, sectors_per_chunk, nb_chunks; int64_t end, sector_num, next_chunk, next_sector, hbitmap_next_sector; + uint64_t delay_ns; MirrorOp *op; s->sector_num = hbitmap_iter_next(&s->hbi); @@ -227,7 +228,12 @@ static void coroutine_fn mirror_iteration(MirrorBlockJob *s) nb_chunks += added_chunks; next_sector += added_sectors; next_chunk += added_chunks; - } while (next_sector < end); + if (!s->synced && s->common.speed) { + delay_ns = ratelimit_calculate_delay(&s->limit, added_sectors); + } else { + delay_ns = 0; + } + } while (delay_ns == 0 && next_sector < end); /* Allocate a MirrorOp that is used as an AIO callback. */ op = g_slice_new(MirrorOp); @@ -263,6 +269,7 @@ static void coroutine_fn mirror_iteration(MirrorBlockJob *s) trace_mirror_one_iteration(s, sector_num, nb_sectors); bdrv_aio_readv(source, sector_num, &op->qiov, nb_sectors, mirror_read_complete, op); + return delay_ns; } static void mirror_free_init(MirrorBlockJob *s) @@ -358,7 +365,7 @@ static void coroutine_fn mirror_run(void *opaque) bdrv_dirty_iter_init(bs, &s->hbi); last_pause_ns = qemu_clock_get_ns(QEMU_CLOCK_REALTIME); for (;;) { - uint64_t delay_ns; + uint64_t delay_ns = 0; int64_t cnt; bool should_complete; @@ -382,8 +389,10 @@ static void coroutine_fn mirror_run(void *opaque) qemu_coroutine_yield(); continue; } else if (cnt != 0) { - mirror_iteration(s); - continue; + delay_ns = mirror_iteration(s); + if (delay_ns == 0) { + continue; + } } } @@ -428,17 +437,10 @@ static void coroutine_fn mirror_run(void *opaque) } ret = 0; - trace_mirror_before_sleep(s, cnt, s->synced); + trace_mirror_before_sleep(s, cnt, s->synced, delay_ns); if (!s->synced) { /* Publish progress */ s->common.offset = (end - cnt) * BDRV_SECTOR_SIZE; - - if (s->common.speed) { - delay_ns = ratelimit_calculate_delay(&s->limit, sectors_per_chunk); - } else { - delay_ns = 0; - } - block_job_sleep_ns(&s->common, QEMU_CLOCK_REALTIME, delay_ns); if (block_job_is_cancelled(&s->common)) { break; diff --git a/trace-events b/trace-events index 8695e9e5b7..b8887c1938 100644 --- a/trace-events +++ b/trace-events @@ -81,7 +81,7 @@ mirror_start(void *bs, void *s, void *co, void *opaque) "bs %p s %p co %p opaque mirror_restart_iter(void *s, int64_t cnt) "s %p dirty count %"PRId64 mirror_before_flush(void *s) "s %p" mirror_before_drain(void *s, int64_t cnt) "s %p dirty count %"PRId64 -mirror_before_sleep(void *s, int64_t cnt, int synced) "s %p dirty count %"PRId64" synced %d" +mirror_before_sleep(void *s, int64_t cnt, int synced, uint64_t delay_ns) "s %p dirty count %"PRId64" synced %d delay %"PRIu64"ns" mirror_one_iteration(void *s, int64_t sector_num, int nb_sectors) "s %p sector_num %"PRId64" nb_sectors %d" mirror_iteration_done(void *s, int64_t sector_num, int nb_sectors, int ret) "s %p sector_num %"PRId64" nb_sectors %d ret %d" mirror_yield(void *s, int64_t cnt, int buf_free_count, int in_flight) "s %p dirty count %"PRId64" free buffers %d in_flight %d" From 0fd56fb8443d52a20d6bd8b4b543c4a8f9d0756d Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Fri, 21 Mar 2014 13:55:19 +0100 Subject: [PATCH 076/219] mirror: fix early wake from sleep due to aio The mirror blockjob coroutine rate-limits itself by sleeping. The coroutine also performs I/O asynchronously so it's important that the aio callback doesn't wake the coroutine early as that breaks rate-limiting. Reported-by: Joaquim Barrera Signed-off-by: Stefan Hajnoczi (cherry picked from commit 7b770c720b28b8ac5b82ae431f2f354b7f8add91) Signed-off-by: Michael Roth --- block/mirror.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/block/mirror.c b/block/mirror.c index 9bfc22f571..2d9104efc0 100644 --- a/block/mirror.c +++ b/block/mirror.c @@ -95,7 +95,14 @@ static void mirror_iteration_done(MirrorOp *op, int ret) } g_slice_free(MirrorOp, op); - qemu_coroutine_enter(s->common.co, NULL); + + /* Enter coroutine when it is not sleeping. The coroutine sleeps to + * rate-limit itself. The coroutine will eventually resume since there is + * a sleep timeout so don't wake it early. + */ + if (s->common.busy) { + qemu_coroutine_enter(s->common.co, NULL); + } } static void mirror_write_complete(void *opaque, int ret) From 11088abadf88c39dc87b9cb0d7b4fbfdbe8df810 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Wed, 26 Mar 2014 18:29:52 +0800 Subject: [PATCH 077/219] virtio-net: Do not filter VLANs without F_CTRL_VLAN If VIRTIO_NET_F_CTRL_VLAN is not negotiated, do not filter out all VLAN-tagged packets but send them to the guest. This fixes VLANs with OpenBSD guests (and probably NetBSD, too, because the OpenBSD driver started as a port from NetBSD). Signed-off-by: Stefan Fritsch Signed-off-by: Amos Kong Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 0b1eaa8803e680de9a05727355dfe3d306b81e17) Signed-off-by: Michael Roth --- hw/net/virtio-net.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 93a81ebefd..ec96862ed6 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -515,6 +515,12 @@ static void virtio_net_set_features(VirtIODevice *vdev, uint32_t features) } vhost_net_ack_features(tap_get_vhost_net(nc->peer), features); } + + if ((1 << VIRTIO_NET_F_CTRL_VLAN) & features) { + memset(n->vlans, 0, MAX_VLAN >> 3); + } else { + memset(n->vlans, 0xff, MAX_VLAN >> 3); + } } static int virtio_net_handle_rx_mode(VirtIONet *n, uint8_t cmd, From 7d09facec7d0b39bf1e8642ceb9a8a70f80919e6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 May 2014 16:09:36 +0100 Subject: [PATCH 078/219] hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun The current tx_fifo code has a corner case where the guest can overrun the fifo buffer: if automatic CRCs are disabled we allow the guest to write the CRC word even if there isn't actually space for it in the FIFO. The datasheet is unclear about exactly how the hardware deals with this situation; the most plausible answer seems to be that the CRC word is just lost. Implement this fix by separating the "can we stuff another word in the FIFO" logic from the "should we transmit the packet now" check. This also moves us closer to the real hardware, which has a number of ways it can be configured to trigger sending the packet, some of which we don't implement. Signed-off-by: Peter Maydell Reviewed-by: Dr. David Alan Gilbert Cc: qemu-stable@nongnu.org (cherry picked from commit 5c10495ab1546d5d12b51a97817051e9ec98d0f6) Signed-off-by: Michael Roth --- hw/net/stellaris_enet.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index 9dd77f7571..8a1d0d172a 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -252,10 +252,12 @@ static void stellaris_enet_write(void *opaque, hwaddr offset, s->tx_fifo[s->tx_fifo_len++] = value >> 24; } } else { - s->tx_fifo[s->tx_fifo_len++] = value; - s->tx_fifo[s->tx_fifo_len++] = value >> 8; - s->tx_fifo[s->tx_fifo_len++] = value >> 16; - s->tx_fifo[s->tx_fifo_len++] = value >> 24; + if (s->tx_fifo_len + 4 <= ARRAY_SIZE(s->tx_fifo)) { + s->tx_fifo[s->tx_fifo_len++] = value; + s->tx_fifo[s->tx_fifo_len++] = value >> 8; + s->tx_fifo[s->tx_fifo_len++] = value >> 16; + s->tx_fifo[s->tx_fifo_len++] = value >> 24; + } if (s->tx_fifo_len >= s->tx_frame_len) { /* We don't implement explicit CRC, so just chop it off. */ if ((s->tctl & SE_TCTL_CRC) == 0) From 38a55f30700346b8b53e52445eaaf6b0e579a17b Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 13 May 2014 16:09:36 +0100 Subject: [PATCH 079/219] hw/net/stellaris_enet: Correct handling of packet padding The PADEN bit in the transmit control register enables padding of short data packets out to the required minimum length. However a typo here meant we were adjusting tx_fifo_len rather than tx_frame_len, so the padding didn't actually happen. Fix this bug. Signed-off-by: Peter Maydell Reviewed-by: Dr. David Alan Gilbert Cc: qemu-stable@nongnu.org (cherry picked from commit 7fd5f064d1c1a827a95ffe678418b3d5b8d2f108) Signed-off-by: Michael Roth --- hw/net/stellaris_enet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index 8a1d0d172a..376c7b0c9e 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -264,7 +264,7 @@ static void stellaris_enet_write(void *opaque, hwaddr offset, s->tx_frame_len -= 4; if ((s->tctl & SE_TCTL_PADEN) && s->tx_frame_len < 60) { memset(&s->tx_fifo[s->tx_frame_len], 0, 60 - s->tx_frame_len); - s->tx_fifo_len = 60; + s->tx_frame_len = 60; } qemu_send_packet(qemu_get_queue(s->nic), s->tx_fifo, s->tx_frame_len); From a8b7e73901487ed4f3e2794815945437585881af Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 3 Apr 2014 13:47:50 +0200 Subject: [PATCH 080/219] qcow2: Flush metadata during read-only reopen If lazy refcounts are enabled for a backing file, committing to this backing file may leave it in a dirty state even if the commit succeeds. The reason is that the bdrv_flush() call in bdrv_commit() doesn't flush refcount updates with lazy refcounts enabled, and qcow2_reopen_prepare() doesn't take care to flush metadata. In order to fix this, this patch also fixes qcow2_mark_clean(), which contains another ineffective bdrv_flush() call beause lazy refcounts are disabled only afterwards. All existing callers of qcow2_mark_clean() either don't modify refcounts or already flush manually, so that this fixes only a latent, but not yet actually triggerable bug. Another instance of the same problem is live snapshots. Again, a real corruption is prevented by an explicit flush for non-read-only images in external_snapshot_prepare(), but images using lazy refcounts stay dirty. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi (cherry picked from commit 4c2e5f8f46a17966dc45b5a3e07b97434c0eabdf) Signed-off-by: Michael Roth --- block/qcow2.c | 25 +++++++++++++++++++++---- tests/qemu-iotests/039 | 20 ++++++++++++++++++++ tests/qemu-iotests/039.out | 11 +++++++++++ 3 files changed, 52 insertions(+), 4 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index 6e5d98dc48..b43c7d0a3e 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -269,12 +269,15 @@ static int qcow2_mark_clean(BlockDriverState *bs) BDRVQcowState *s = bs->opaque; if (s->incompatible_features & QCOW2_INCOMPAT_DIRTY) { - int ret = bdrv_flush(bs); + int ret; + + s->incompatible_features &= ~QCOW2_INCOMPAT_DIRTY; + + ret = bdrv_flush(bs); if (ret < 0) { return ret; } - s->incompatible_features &= ~QCOW2_INCOMPAT_DIRTY; return qcow2_update_header(bs); } return 0; @@ -792,11 +795,25 @@ static int qcow2_set_key(BlockDriverState *bs, const char *key) return 0; } -/* We have nothing to do for QCOW2 reopen, stubs just return - * success */ +/* We have no actual commit/abort logic for qcow2, but we need to write out any + * unwritten data if we reopen read-only. */ static int qcow2_reopen_prepare(BDRVReopenState *state, BlockReopenQueue *queue, Error **errp) { + int ret; + + if ((state->flags & BDRV_O_RDWR) == 0) { + ret = bdrv_flush(state->bs); + if (ret < 0) { + return ret; + } + + ret = qcow2_mark_clean(state->bs); + if (ret < 0) { + return ret; + } + } + return 0; } diff --git a/tests/qemu-iotests/039 b/tests/qemu-iotests/039 index 8bade92a80..cc4fad8743 100755 --- a/tests/qemu-iotests/039 +++ b/tests/qemu-iotests/039 @@ -130,6 +130,26 @@ ulimit -c "$old_ulimit" ./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features _check_test_img +echo +echo "== Committing to a backing file with lazy_refcounts=on ==" + +IMGOPTS="compat=1.1,lazy_refcounts=on" +TEST_IMG="$TEST_IMG".base _make_test_img $size + +IMGOPTS="compat=1.1,lazy_refcounts=on,backing_file=$TEST_IMG.base" +_make_test_img $size + +$QEMU_IO -c "write 0 512" "$TEST_IMG" | _filter_qemu_io +$QEMU_IMG commit "$TEST_IMG" + +# The dirty bit must not be set +./qcow2.py "$TEST_IMG" dump-header | grep incompatible_features +./qcow2.py "$TEST_IMG".base dump-header | grep incompatible_features + +_check_test_img +TEST_IMG="$TEST_IMG".base _check_test_img + + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/039.out b/tests/qemu-iotests/039.out index 077fa64cbf..fb31ae0624 100644 --- a/tests/qemu-iotests/039.out +++ b/tests/qemu-iotests/039.out @@ -54,4 +54,15 @@ wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) incompatible_features 0x0 No errors were found on the image. + +== Committing to a backing file with lazy_refcounts=on == +Formatting 'TEST_DIR/t.IMGFMT.base', fmt=IMGFMT size=134217728 +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=134217728 backing_file='TEST_DIR/t.IMGFMT.base' +wrote 512/512 bytes at offset 0 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +Image committed. +incompatible_features 0x0 +incompatible_features 0x0 +No errors were found on the image. +No errors were found on the image. *** done From 3239a20294691eaaa81f41654e57fc9543234eee Mon Sep 17 00:00:00 2001 From: Max Reitz Date: Thu, 10 Apr 2014 19:36:25 +0200 Subject: [PATCH 081/219] block-commit: speed is an optional parameter As speed is an optional parameter for the QMP block-commit command, it should be set to 0 if not given (as it is undefined if has_speed is false), that is, the speed should not be limited. Cc: qemu-stable@nongnu.org Signed-off-by: Max Reitz Reviewed-by: Eric Blake Reviewed-by: Fam Zheng Signed-off-by: Kevin Wolf (cherry picked from commit 5450466394c95cea8b661fb197ed215a4ab5d700) Signed-off-by: Michael Roth --- blockdev.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/blockdev.c b/blockdev.c index 44755e1a5d..29b44a576e 100644 --- a/blockdev.c +++ b/blockdev.c @@ -1786,6 +1786,10 @@ void qmp_block_commit(const char *device, */ BlockdevOnError on_error = BLOCKDEV_ON_ERROR_REPORT; + if (!has_speed) { + speed = 0; + } + /* drain all i/o before commits */ bdrv_drain_all(); From c5dae2f4c50ef848f224da718154af4438862cdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Canet?= Date: Sat, 12 Apr 2014 22:59:50 +0200 Subject: [PATCH 082/219] ide: Correct improper smart self test counter reset in ide core. The SMART self test counter was incorrectly being reset to zero, not 1. This had the effect that on every 21st SMART EXECUTE OFFLINE: * We would write off the beginning of a dynamically allocated buffer * We forgot the SMART history Fix this. Signed-off-by: Benoit Canet Message-id: 1397336390-24664-1-git-send-email-benoit.canet@irqsave.net Reviewed-by: Markus Armbruster Cc: qemu-stable@nongnu.org Acked-by: Kevin Wolf [PMM: tweaked commit message as per suggestions from Markus] Signed-off-by: Peter Maydell (cherry picked from commit 940973ae0b45c9b6817bab8e4cf4df99a9ef83d7) Signed-off-by: Michael Roth --- hw/ide/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/ide/core.c b/hw/ide/core.c index e1f4c33fb8..6007f6f427 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -1601,7 +1601,7 @@ static bool cmd_smart(IDEState *s, uint8_t cmd) case 2: /* extended self test */ s->smart_selftest_count++; if (s->smart_selftest_count > 21) { - s->smart_selftest_count = 0; + s->smart_selftest_count = 1; } n = 2 + (s->smart_selftest_count - 1) * 24; s->smart_selftest_data[n] = s->sector; From 5cfd43b79d4ceb3dd22f8503c53fdf337f8a1792 Mon Sep 17 00:00:00 2001 From: Hannes Reinecke Date: Wed, 16 Apr 2014 16:44:13 +0200 Subject: [PATCH 083/219] megasas: Implement LD_LIST_QUERY Newer firmware implement a LD_LIST_QUERY command, and due to a driver issue no drives might be detected if this command isn't supported. So add emulation for this command, too. Cc: qemu-stable@nongnu.org Signed-off-by: Hannes Reinecke Signed-off-by: Paolo Bonzini (cherry picked from commit 34bb4d02e00e508fa9d111a6a31b45bbfecbdba5) Signed-off-by: Michael Roth --- hw/scsi/megasas.c | 17 +++++++++++++++++ hw/scsi/mfi.h | 9 +++++++++ trace-events | 1 + 3 files changed, 27 insertions(+) diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index 7c5a1a2b3a..dc09de365f 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -1101,6 +1101,21 @@ static int megasas_dcmd_ld_get_list(MegasasState *s, MegasasCmd *cmd) return MFI_STAT_OK; } +static int megasas_dcmd_ld_list_query(MegasasState *s, MegasasCmd *cmd) +{ + uint16_t flags; + + /* mbox0 contains flags */ + flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]); + trace_megasas_dcmd_ld_list_query(cmd->index, flags); + if (flags == MR_LD_QUERY_TYPE_ALL || + flags == MR_LD_QUERY_TYPE_EXPOSED_TO_HOST) { + return megasas_dcmd_ld_get_list(s, cmd); + } + + return MFI_STAT_OK; +} + static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun, MegasasCmd *cmd) { @@ -1404,6 +1419,8 @@ static const struct dcmd_cmd_tbl_t { megasas_dcmd_dummy }, { MFI_DCMD_LD_GET_LIST, "LD_GET_LIST", megasas_dcmd_ld_get_list}, + { MFI_DCMD_LD_LIST_QUERY, "LD_LIST_QUERY", + megasas_dcmd_ld_list_query }, { MFI_DCMD_LD_GET_INFO, "LD_GET_INFO", megasas_dcmd_ld_get_info }, { MFI_DCMD_LD_GET_PROP, "LD_GET_PROP", diff --git a/hw/scsi/mfi.h b/hw/scsi/mfi.h index cd8355badf..a3034f6239 100644 --- a/hw/scsi/mfi.h +++ b/hw/scsi/mfi.h @@ -164,6 +164,7 @@ typedef enum { MFI_DCMD_PD_BLINK = 0x02070100, MFI_DCMD_PD_UNBLINK = 0x02070200, MFI_DCMD_LD_GET_LIST = 0x03010000, + MFI_DCMD_LD_LIST_QUERY = 0x03010100, MFI_DCMD_LD_GET_INFO = 0x03020000, MFI_DCMD_LD_GET_PROP = 0x03030000, MFI_DCMD_LD_SET_PROP = 0x03040000, @@ -411,6 +412,14 @@ typedef enum { MR_PD_QUERY_TYPE_EXPOSED_TO_HOST = 5, /*query for system drives */ } mfi_pd_query_type; +typedef enum { + MR_LD_QUERY_TYPE_ALL = 0, + MR_LD_QUERY_TYPE_EXPOSED_TO_HOST = 1, + MR_LD_QUERY_TYPE_USED_TGT_IDS = 2, + MR_LD_QUERY_TYPE_CLUSTER_ACCESS = 3, + MR_LD_QUERY_TYPE_CLUSTER_LOCALE = 4, +} mfi_ld_query_type; + /* * Other propertities and definitions */ diff --git a/trace-events b/trace-events index b8887c1938..87fe42e37c 100644 --- a/trace-events +++ b/trace-events @@ -670,6 +670,7 @@ megasas_dcmd_ld_get_list(int cmd, int num, int max) "scmd %d: DCMD LD get list: megasas_dcmd_ld_get_info(int cmd, int ld_id) "scmd %d: DCMD LD get info for dev %d" megasas_dcmd_pd_get_info(int cmd, int pd_id) "scmd %d: DCMD PD get info for dev %d" megasas_dcmd_pd_list_query(int cmd, int flags) "scmd %d: DCMD PD list query flags %x" +megasas_dcmd_ld_list_query(int cmd, int flags) "scmd %d: DCMD LD list query flags %x" megasas_dcmd_unsupported(int cmd, unsigned long size) "scmd %d: set properties len %ld" megasas_abort_frame(int cmd, int abort_cmd) "scmd %d: aborting frame %x" megasas_abort_no_cmd(int cmd, uint64_t context) "scmd %d: no active command for frame context %" PRIx64 "" From 0655eeed184d94dc55b6a5ea16a4d5d2ab188b23 Mon Sep 17 00:00:00 2001 From: Peter Crosthwaite Date: Wed, 16 Apr 2014 20:20:52 -0700 Subject: [PATCH 084/219] arm: translate.c: Fix smlald Instruction The smlald (and probably smlsld) instruction was doing incorrect sign extensions of the operands amongst 64bit result calculation. The instruction psuedo-code is: operand2 = if m_swap then ROR(R[m],16) else R[m]; product1 = SInt(R[n]<15:0>) * SInt(operand2<15:0>); product2 = SInt(R[n]<31:16>) * SInt(operand2<31:16>); result = product1 + product2 + SInt(R[dHi]:R[dLo]); R[dHi] = result<63:32>; R[dLo] = result<31:0>; The result calculation should be done in 64 bit arithmetic, and hence product1 and product2 should be sign extended to 64b before calculation. The current implementation was adding product1 and product2 together then sign-extending the intermediate result leading to false negatives. E.G. if product1 = product2 = 0x4000000, their sum = 0x80000000, which will be incorrectly interpreted as -ve on sign extension. We fix by doing the 64b extensions on both product1 and product2 before any addition/subtraction happens. We also fix where we were possibly incorrectly setting the Q saturation flag for SMLSLD, which the ARM ARM specifically says is not set. Reported-by: Christina Smith Signed-off-by: Peter Crosthwaite Reviewed-by: Peter Maydell Message-id: 2cddb6f5a15be4ab8d2160f3499d128ae93d304d.1397704570.git.peter.crosthwaite@xilinx.com Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell (cherry picked from commit 33bbd75a7c3321432fe40a8cbacd64619c56138c) Signed-off-by: Michael Roth --- target-arm/translate.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) diff --git a/target-arm/translate.c b/target-arm/translate.c index 5f003e785e..e0c3eaa3bb 100644 --- a/target-arm/translate.c +++ b/target-arm/translate.c @@ -7732,27 +7732,39 @@ static void disas_arm_insn(CPUARMState * env, DisasContext *s) if (insn & (1 << 5)) gen_swap_half(tmp2); gen_smul_dual(tmp, tmp2); - if (insn & (1 << 6)) { - /* This subtraction cannot overflow. */ - tcg_gen_sub_i32(tmp, tmp, tmp2); - } else { - /* This addition cannot overflow 32 bits; - * however it may overflow considered as a signed - * operation, in which case we must set the Q flag. - */ - gen_helper_add_setq(tmp, cpu_env, tmp, tmp2); - } - tcg_temp_free_i32(tmp2); if (insn & (1 << 22)) { /* smlald, smlsld */ + TCGv_i64 tmp64_2; + tmp64 = tcg_temp_new_i64(); + tmp64_2 = tcg_temp_new_i64(); tcg_gen_ext_i32_i64(tmp64, tmp); + tcg_gen_ext_i32_i64(tmp64_2, tmp2); tcg_temp_free_i32(tmp); + tcg_temp_free_i32(tmp2); + if (insn & (1 << 6)) { + tcg_gen_sub_i64(tmp64, tmp64, tmp64_2); + } else { + tcg_gen_add_i64(tmp64, tmp64, tmp64_2); + } + tcg_temp_free_i64(tmp64_2); gen_addq(s, tmp64, rd, rn); gen_storeq_reg(s, rd, rn, tmp64); tcg_temp_free_i64(tmp64); } else { /* smuad, smusd, smlad, smlsd */ + if (insn & (1 << 6)) { + /* This subtraction cannot overflow. */ + tcg_gen_sub_i32(tmp, tmp, tmp2); + } else { + /* This addition cannot overflow 32 bits; + * however it may overflow considered as a + * signed operation, in which case we must set + * the Q flag. + */ + gen_helper_add_setq(tmp, cpu_env, tmp, tmp2); + } + tcg_temp_free_i32(tmp2); if (rd != 15) { tmp2 = load_reg(s, rd); From 792a40384f80264074266d62727c71f7765ceb0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Canet?= Date: Tue, 22 Apr 2014 17:05:27 +0200 Subject: [PATCH 085/219] block: Prevent coroutine stack overflow when recursing in bdrv_open_backing_file. In 1.7.1 qcow2_create2 reopen the file for flushing without the BDRV_O_NO_BACKING flags. As a consequence the code would recursively open the whole backing chain. These three stack arrays would pile up through the recursion and lead to a coroutine stack overflow. Convert these array to malloced buffers in order to streamline the coroutine footprint. Symptoms where freezes or segfaults on production machines while taking QMP externals snapshots. The overflow disturbed coroutine switching. Signed-off-by: Benoit Canet *note: backport of upstream's 1ba4b6a Signed-off-by: Michael Roth --- block.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/block.c b/block.c index 382ea71f4b..8f84dbc5cb 100644 --- a/block.c +++ b/block.c @@ -966,14 +966,14 @@ fail: */ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp) { - char backing_filename[PATH_MAX]; - int back_flags, ret; + char *backing_filename = g_malloc0(PATH_MAX); + int back_flags, ret = 0; BlockDriver *back_drv = NULL; Error *local_err = NULL; if (bs->backing_hd != NULL) { QDECREF(options); - return 0; + goto free_exit; } /* NULL means an empty set of options */ @@ -986,10 +986,9 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp) backing_filename[0] = '\0'; } else if (bs->backing_file[0] == '\0' && qdict_size(options) == 0) { QDECREF(options); - return 0; + goto free_exit; } else { - bdrv_get_full_backing_filename(bs, backing_filename, - sizeof(backing_filename)); + bdrv_get_full_backing_filename(bs, backing_filename, PATH_MAX); } bs->backing_hd = bdrv_new(""); @@ -1012,11 +1011,14 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp) error_setg(errp, "Could not open backing file: %s", error_get_pretty(local_err)); error_free(local_err); - return ret; + goto free_exit; } pstrcpy(bs->backing_file, sizeof(bs->backing_file), bs->backing_hd->file->filename); - return 0; + ret = 0; +free_exit: + g_free(backing_filename); + return ret; } /* @@ -1032,7 +1034,8 @@ int bdrv_open(BlockDriverState *bs, const char *filename, QDict *options, { int ret; /* TODO: extra byte is a hack to ensure MAX_PATH space on Windows. */ - char tmp_filename[PATH_MAX + 1]; + char *backing_filename = NULL; + char *tmp_filename = g_malloc0(PATH_MAX + 1); BlockDriverState *file = NULL; QDict *file_options = NULL; const char *drvname; @@ -1052,7 +1055,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, QDict *options, int64_t total_size; BlockDriver *bdrv_qcow2; QEMUOptionParameter *create_options; - char backing_filename[PATH_MAX]; + backing_filename = g_malloc0(PATH_MAX); if (qdict_size(options) != 0) { error_setg(errp, "Can't use snapshot=on with driver-specific options"); @@ -1075,7 +1078,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, QDict *options, bdrv_unref(bs1); - ret = get_tmp_filename(tmp_filename, sizeof(tmp_filename)); + ret = get_tmp_filename(tmp_filename, PATH_MAX + 1); if (ret < 0) { error_setg_errno(errp, -ret, "Could not get temporary filename"); goto fail; @@ -1083,8 +1086,7 @@ int bdrv_open(BlockDriverState *bs, const char *filename, QDict *options, /* Real path is meaningless for protocols */ if (path_has_protocol(filename)) { - snprintf(backing_filename, sizeof(backing_filename), - "%s", filename); + snprintf(backing_filename, PATH_MAX, "%s", filename); } else if (!realpath(filename, backing_filename)) { ret = -errno; error_setg_errno(errp, errno, "Could not resolve path '%s'", filename); @@ -1206,6 +1208,8 @@ fail: if (error_is_set(&local_err)) { error_propagate(errp, local_err); } + g_free(tmp_filename); + g_free(backing_filename); return ret; close_and_fail: @@ -1214,6 +1218,8 @@ close_and_fail: if (error_is_set(&local_err)) { error_propagate(errp, local_err); } + g_free(tmp_filename); + g_free(backing_filename); return ret; } From b1a86eb532b4d32e4527a5373307873d95729aea Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Fri, 18 Apr 2014 15:44:19 +0200 Subject: [PATCH 086/219] block: Use BDRV_O_NO_BACKING where appropriate If you open an image temporarily just because you want to check its size or get it flushed, there's no real reason to open the whole backing file chain. This is a backport of c9fbb99d41b05acf0d7b93deb2fcdbf9047c238e to qemu 1.7.1. The backport was done to fix a bug where QEMU 1.7.1 would crash or freeze when the user take around 80 consecutives snapshots in a row. git bisect would lead to commit: ba2ab2f2ca4150a7e314fbb19fa158bd8ddc36eb and it was clear that BDRV_NO_BACKING was missing. Signed-off-by: Kevin Wolf Signed-off-by: Benoit Canet Signed-off-by: Michael Roth --- block.c | 4 ++-- block/qcow2.c | 3 ++- block/vmdk.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/block.c b/block.c index 8f84dbc5cb..68651a9ba4 100644 --- a/block.c +++ b/block.c @@ -1067,9 +1067,9 @@ int bdrv_open(BlockDriverState *bs, const char *filename, QDict *options, /* if snapshot, we create a temporary backing file and open it instead of opening 'filename' directly */ - /* if there is a backing file, use it */ bs1 = bdrv_new(""); - ret = bdrv_open(bs1, filename, NULL, 0, drv, &local_err); + ret = bdrv_open(bs1, filename, NULL, BDRV_O_NO_BACKING, drv, + &local_err); if (ret < 0) { bdrv_unref(bs1); goto fail; diff --git a/block/qcow2.c b/block/qcow2.c index b43c7d0a3e..f2897b64aa 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1605,7 +1605,8 @@ static int qcow2_create2(const char *filename, int64_t total_size, /* Reopen the image without BDRV_O_NO_FLUSH to flush it before returning */ ret = bdrv_open(bs, filename, NULL, - BDRV_O_RDWR | BDRV_O_CACHE_WB, drv, &local_err); + BDRV_O_RDWR | BDRV_O_CACHE_WB | BDRV_O_NO_BACKING, + drv, &local_err); if (error_is_set(&local_err)) { error_propagate(errp, local_err); goto out; diff --git a/block/vmdk.c b/block/vmdk.c index a7ebd0f125..d35a9d7e02 100644 --- a/block/vmdk.c +++ b/block/vmdk.c @@ -1689,7 +1689,7 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options, } if (backing_file) { BlockDriverState *bs = bdrv_new(""); - ret = bdrv_open(bs, backing_file, NULL, 0, NULL, errp); + ret = bdrv_open(bs, backing_file, NULL, BDRV_O_NO_BACKING, NULL, errp); if (ret != 0) { bdrv_unref(bs); return ret; From dd8f80b83c47ce6298a0a40a357d2ad738b0a0c2 Mon Sep 17 00:00:00 2001 From: Thomas Huth Date: Fri, 25 Apr 2014 15:37:19 +0200 Subject: [PATCH 087/219] s390x/helper: Added format control bit to MMU translation With the EDAT-1 facility, the MMU translation can stop at the segment table already, pointing to a 1 MB block. And while we're at it, move the page table entry handling to a separate function, too, as suggested by Alexander Graf. Acked-by: Alexander Graf Signed-off-by: Thomas Huth Signed-off-by: Cornelia Huck (cherry picked from commit c4400206d43b6a235299c7047cca0af93269fc03) Conflicts: target-s390x/helper.c *removed unecessary context Signed-off-by: Michael Roth --- target-s390x/cpu.h | 4 +++ target-s390x/helper.c | 70 ++++++++++++++++++++++++++++++++----------- 2 files changed, 56 insertions(+), 18 deletions(-) diff --git a/target-s390x/cpu.h b/target-s390x/cpu.h index 68b5ab7056..8c0d00a2ed 100644 --- a/target-s390x/cpu.h +++ b/target-s390x/cpu.h @@ -274,6 +274,9 @@ typedef struct CPUS390XState { #define FLAG_MASK_64 (PSW_MASK_64 >> 32) #define FLAG_MASK_32 0x00001000 +/* Control register 0 bits */ +#define CR0_EDAT 0x0000000000800000ULL + static inline int cpu_mmu_index (CPUS390XState *env) { if (env->psw.mask & PSW_MASK_PSTATE) { @@ -932,6 +935,7 @@ struct sysib_322 { #define _REGION_ENTRY_LENGTH 0x03 /* region third length */ #define _SEGMENT_ENTRY_ORIGIN ~0x7ffULL /* segment table origin */ +#define _SEGMENT_ENTRY_FC 0x400 /* format control */ #define _SEGMENT_ENTRY_RO 0x200 /* page protection bit */ #define _SEGMENT_ENTRY_INV 0x20 /* invalid segment table entry */ diff --git a/target-s390x/helper.c b/target-s390x/helper.c index da33b38009..e8e92efa8d 100644 --- a/target-s390x/helper.c +++ b/target-s390x/helper.c @@ -164,6 +164,50 @@ static void trigger_page_fault(CPUS390XState *env, target_ulong vaddr, trigger_pgm_exception(env, type, ilen); } +/* Decode page table entry (normal 4KB page) */ +static int mmu_translate_pte(CPUS390XState *env, target_ulong vaddr, + uint64_t asc, uint64_t asce, + target_ulong *raddr, int *flags, int rw) +{ + if (asce & _PAGE_INVALID) { + DPRINTF("%s: PTE=0x%" PRIx64 " invalid\n", __func__, asce); + trigger_page_fault(env, vaddr, PGM_PAGE_TRANS, asc, rw); + return -1; + } + + if (asce & _PAGE_RO) { + *flags &= ~PAGE_WRITE; + } + + *raddr = asce & _ASCE_ORIGIN; + + PTE_DPRINTF("%s: PTE=0x%" PRIx64 "\n", __func__, asce); + + return 0; +} + +/* Decode EDAT1 segment frame absolute address (1MB page) */ +static int mmu_translate_sfaa(CPUS390XState *env, target_ulong vaddr, + uint64_t asc, uint64_t asce, target_ulong *raddr, + int *flags, int rw) +{ + if (asce & _SEGMENT_ENTRY_INV) { + DPRINTF("%s: SEG=0x%" PRIx64 " invalid\n", __func__, asce); + trigger_page_fault(env, vaddr, PGM_SEGMENT_TRANS, asc, rw); + return -1; + } + + if (asce & _SEGMENT_ENTRY_RO) { + *flags &= ~PAGE_WRITE; + } + + *raddr = (asce & 0xfffffffffff00000ULL) | (vaddr & 0xfffff); + + PTE_DPRINTF("%s: SEG=0x%" PRIx64 "\n", __func__, asce); + + return 0; +} + static int mmu_translate_asce(CPUS390XState *env, target_ulong vaddr, uint64_t asc, uint64_t asce, int level, target_ulong *raddr, int *flags, int rw) @@ -222,28 +266,18 @@ static int mmu_translate_asce(CPUS390XState *env, target_ulong vaddr, PTE_DPRINTF("%s: 0x%" PRIx64 " + 0x%" PRIx64 " => 0x%016" PRIx64 "\n", __func__, origin, offs, new_asce); - if (level != _ASCE_TYPE_SEGMENT) { + if (level == _ASCE_TYPE_SEGMENT) { + /* 4KB page */ + return mmu_translate_pte(env, vaddr, asc, new_asce, raddr, flags, rw); + } else if (level - 4 == _ASCE_TYPE_SEGMENT && + (new_asce & _SEGMENT_ENTRY_FC) && (env->cregs[0] & CR0_EDAT)) { + /* 1MB page */ + return mmu_translate_sfaa(env, vaddr, asc, new_asce, raddr, flags, rw); + } else { /* yet another region */ return mmu_translate_asce(env, vaddr, asc, new_asce, level - 4, raddr, flags, rw); } - - /* PTE */ - if (new_asce & _PAGE_INVALID) { - DPRINTF("%s: PTE=0x%" PRIx64 " invalid\n", __func__, new_asce); - trigger_page_fault(env, vaddr, PGM_PAGE_TRANS, asc, rw); - return -1; - } - - if (new_asce & _PAGE_RO) { - *flags &= ~PAGE_WRITE; - } - - *raddr = new_asce & _ASCE_ORIGIN; - - PTE_DPRINTF("%s: PTE=0x%" PRIx64 "\n", __func__, new_asce); - - return 0; } static int mmu_translate_asc(CPUS390XState *env, target_ulong vaddr, From 012d778c07841409dd5ce31d6069b9dfbfa15453 Mon Sep 17 00:00:00 2001 From: David Hildenbrand Date: Mon, 3 Sep 2012 12:45:13 +0200 Subject: [PATCH 088/219] s390x: empty function stubs in preparation for __KVM_HAVE_GUEST_DEBUG This patch creates empty function stubs (used by the gdbserver) in preparation for the hw debugging support by kvm on s390, which will enable the __KVM_HAVE_GUEST_DEBUG define in the linux headers and require these methods on the qemu side. Signed-off-by: David Hildenbrand Signed-off-by: Jens Freimann Reviewed-by: Cornelia Huck Cc: qemu-stable@nongnu.org Signed-off-by: Cornelia Huck (cherry picked from commit 8c0124490bcd78c9c54139cd654c71c5fbd95e6b) Signed-off-by: Michael Roth --- target-s390x/kvm.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/target-s390x/kvm.c b/target-s390x/kvm.c index b00a6617a3..ef4d5cca12 100644 --- a/target-s390x/kvm.c +++ b/target-s390x/kvm.c @@ -362,6 +362,26 @@ int kvm_arch_remove_sw_breakpoint(CPUState *cs, struct kvm_sw_breakpoint *bp) return 0; } +int kvm_arch_insert_hw_breakpoint(target_ulong addr, + target_ulong len, int type) +{ + return -ENOSYS; +} + +int kvm_arch_remove_hw_breakpoint(target_ulong addr, + target_ulong len, int type) +{ + return -ENOSYS; +} + +void kvm_arch_remove_all_hw_breakpoints(void) +{ +} + +void kvm_arch_update_guest_debug(CPUState *cpu, struct kvm_guest_debug *dbg) +{ +} + void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run) { } @@ -812,6 +832,11 @@ static int handle_tsch(S390CPU *cpu) return ret; } +static int kvm_arch_handle_debug_exit(S390CPU *cpu) +{ + return -ENOSYS; +} + int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) { S390CPU *cpu = S390_CPU(cs); @@ -827,6 +852,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run) case KVM_EXIT_S390_TSCH: ret = handle_tsch(cpu); break; + case KVM_EXIT_DEBUG: + ret = kvm_arch_handle_debug_exit(cpu); + break; default: fprintf(stderr, "Unknown KVM exit: %d\n", run->exit_reason); break; From 1a6ea3105220c67ba22820ab9f5d5854680605d4 Mon Sep 17 00:00:00 2001 From: Michael Tokarev Date: Sun, 27 Apr 2014 13:32:07 +0400 Subject: [PATCH 089/219] po/Makefile: fix $SRC_PATH reference The rule for messages.po appears to be slightly wrong. Move the `cd' command within parens. Signed-off-by: Michael Tokarev Tested-by: Stefan Weil (cherry picked from commit b920cad6693d6f2baa0217543c9f9cca5ebaf6ce) Signed-off-by: Michael Roth --- po/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/po/Makefile b/po/Makefile index 705166e2d3..669f8654a6 100644 --- a/po/Makefile +++ b/po/Makefile @@ -37,8 +37,8 @@ install: $(OBJS) $(call quiet-command, msgfmt -o $@ $<, " GEN $@") $(PO_PATH)/messages.po: $(SRC_PATH)/ui/gtk.c - $(call quiet-command, cd $(SRC_PATH) && \ - (xgettext -o - --from-code=UTF-8 --foreign-user \ + $(call quiet-command, ( cd $(SRC_PATH) && \ + xgettext -o - --from-code=UTF-8 --foreign-user \ --package-name=QEMU --package-version=$(VERSION) \ --msgid-bugs-address=qemu-devel@nongnu.org -k_ -C ui/gtk.c | \ sed -e s/CHARSET/UTF-8/) >$@, " GEN $@") From 636fa8aec3dbe75504931147565823d740325046 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 28 Apr 2014 08:15:32 +0300 Subject: [PATCH 090/219] acpi: fix tables for no-hpet configuration acpi build tried to add offset of hpet table to rsdt even when hpet was disabled. If no tables follow hpet, this could lead to a malformed rsdt. Fix it up. To avoid such errors in the future, rearrange code slightly to make it clear that acpi_add_table stores the offset of the following table - not of the previous one. Reported-by: TeLeMan Signed-off-by: Michael S. Tsirkin Cc: qemu-stable@nongnu.org (cherry picked from commit 9ac1c4c07e7e6ab16a3e2149e9b32c0d092cb3f5) Signed-off-by: Michael Roth --- hw/i386/acpi-build.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c index 1f22fb60a4..8988047ace 100644 --- a/hw/i386/acpi-build.c +++ b/hw/i386/acpi-build.c @@ -1075,15 +1075,16 @@ void acpi_build(PcGuestInfo *guest_info, AcpiBuildTables *tables) /* ACPI tables pointed to by RSDT */ acpi_add_table(table_offsets, tables->table_data); build_fadt(tables->table_data, tables->linker, &pm, facs, dsdt); - acpi_add_table(table_offsets, tables->table_data); + acpi_add_table(table_offsets, tables->table_data); build_ssdt(tables->table_data, tables->linker, &cpu, &pm, &misc, &pci, guest_info); - acpi_add_table(table_offsets, tables->table_data); - build_madt(tables->table_data, tables->linker, &cpu, guest_info); acpi_add_table(table_offsets, tables->table_data); + build_madt(tables->table_data, tables->linker, &cpu, guest_info); + if (misc.has_hpet) { + acpi_add_table(table_offsets, tables->table_data); build_hpet(tables->table_data, tables->linker); } if (guest_info->numa_nodes) { From 6bbbb937aa4e8e59480b026e50a202bcae7785e7 Mon Sep 17 00:00:00 2001 From: Dmitry Fleytman Date: Fri, 4 Apr 2014 12:45:19 +0300 Subject: [PATCH 091/219] vmxnet3: validate interrupt indices coming from guest CVE-2013-4544 Signed-off-by: Dmitry Fleytman Reported-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Message-id: 1396604722-11902-2-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell (cherry picked from commit 8c6c0478996e8f77374e69b6df68655b0b4ba689) Signed-off-by: Michael Roth --- hw/net/vmxnet3.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index 19687aa03c..7c709ca081 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -52,6 +52,9 @@ #define VMXNET3_DEVICE_VERSION 0x1 #define VMXNET3_DEVICE_REVISION 0x1 +/* Number of interrupt vectors for non-MSIx modes */ +#define VMXNET3_MAX_NMSIX_INTRS (1) + /* Macros for rings descriptors access */ #define VMXNET3_READ_TX_QUEUE_DESCR8(dpa, field) \ (vmw_shmem_ld8(dpa + offsetof(struct Vmxnet3_TxQueueDesc, field))) @@ -1305,6 +1308,34 @@ static bool vmxnet3_verify_intx(VMXNET3State *s, int intx) (pci_get_byte(s->parent_obj.config + PCI_INTERRUPT_PIN) - 1)); } +static void vmxnet3_validate_interrupt_idx(bool is_msix, int idx) +{ + int max_ints = is_msix ? VMXNET3_MAX_INTRS : VMXNET3_MAX_NMSIX_INTRS; + if (idx >= max_ints) { + hw_error("Bad interrupt index: %d\n", idx); + } +} + +static void vmxnet3_validate_interrupts(VMXNET3State *s) +{ + int i; + + VMW_CFPRN("Verifying event interrupt index (%d)", s->event_int_idx); + vmxnet3_validate_interrupt_idx(s->msix_used, s->event_int_idx); + + for (i = 0; i < s->txq_num; i++) { + int idx = s->txq_descr[i].intr_idx; + VMW_CFPRN("Verifying TX queue %d interrupt index (%d)", i, idx); + vmxnet3_validate_interrupt_idx(s->msix_used, idx); + } + + for (i = 0; i < s->rxq_num; i++) { + int idx = s->rxq_descr[i].intr_idx; + VMW_CFPRN("Verifying RX queue %d interrupt index (%d)", i, idx); + vmxnet3_validate_interrupt_idx(s->msix_used, idx); + } +} + static void vmxnet3_activate_device(VMXNET3State *s) { int i; @@ -1447,6 +1478,8 @@ static void vmxnet3_activate_device(VMXNET3State *s) sizeof(s->rxq_descr[i].rxq_stats)); } + vmxnet3_validate_interrupts(s); + /* Make sure everything is in place before device activation */ smp_wmb(); @@ -2007,7 +2040,6 @@ vmxnet3_cleanup_msix(VMXNET3State *s) } } -#define VMXNET3_MSI_NUM_VECTORS (1) #define VMXNET3_MSI_OFFSET (0x50) #define VMXNET3_USE_64BIT (true) #define VMXNET3_PER_VECTOR_MASK (false) @@ -2018,7 +2050,7 @@ vmxnet3_init_msi(VMXNET3State *s) PCIDevice *d = PCI_DEVICE(s); int res; - res = msi_init(d, VMXNET3_MSI_OFFSET, VMXNET3_MSI_NUM_VECTORS, + res = msi_init(d, VMXNET3_MSI_OFFSET, VMXNET3_MAX_NMSIX_INTRS, VMXNET3_USE_64BIT, VMXNET3_PER_VECTOR_MASK); if (0 > res) { VMW_WRPRN("Failed to initialize MSI, error %d", res); From ed995c6c2fd065b9a01169e0824c4d12f5ef1e20 Mon Sep 17 00:00:00 2001 From: Dmitry Fleytman Date: Fri, 4 Apr 2014 12:45:20 +0300 Subject: [PATCH 092/219] vmxnet3: validate queues configuration coming from guest CVE-2013-4544 Signed-off-by: Dmitry Fleytman Reported-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Message-id: 1396604722-11902-3-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell (cherry picked from commit 9878d173f574df74bde0ff50b2f81009fbee81bb) Signed-off-by: Michael Roth --- hw/net/vmxnet3.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index 7c709ca081..0dd8c7adc7 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -1336,6 +1336,23 @@ static void vmxnet3_validate_interrupts(VMXNET3State *s) } } +static void vmxnet3_validate_queues(VMXNET3State *s) +{ + /* + * txq_num and rxq_num are total number of queues + * configured by guest. These numbers must not + * exceed corresponding maximal values. + */ + + if (s->txq_num > VMXNET3_DEVICE_MAX_TX_QUEUES) { + hw_error("Bad TX queues number: %d\n", s->txq_num); + } + + if (s->rxq_num > VMXNET3_DEVICE_MAX_RX_QUEUES) { + hw_error("Bad RX queues number: %d\n", s->rxq_num); + } +} + static void vmxnet3_activate_device(VMXNET3State *s) { int i; @@ -1382,7 +1399,7 @@ static void vmxnet3_activate_device(VMXNET3State *s) VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.misc.numRxQueues); VMW_CFPRN("Number of TX/RX queues %u/%u", s->txq_num, s->rxq_num); - assert(s->txq_num <= VMXNET3_DEVICE_MAX_TX_QUEUES); + vmxnet3_validate_queues(s); qdescr_table_pa = VMXNET3_READ_DRV_SHARED64(s->drv_shmem, devRead.misc.queueDescPA); From 709cc0434514d7bd243ce96bc9744584a9b29ff4 Mon Sep 17 00:00:00 2001 From: Dmitry Fleytman Date: Fri, 4 Apr 2014 12:45:21 +0300 Subject: [PATCH 093/219] vmxnet3: validate interrupt indices read on migration CVE-2013-4544 Signed-off-by: Dmitry Fleytman Reported-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Message-id: 1396604722-11902-4-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell (cherry picked from commit 3c99afc779c2c78718a565ad8c5e98de7c2c7484) Signed-off-by: Michael Roth --- hw/net/vmxnet3.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index 0dd8c7adc7..b9ed47ad77 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -2393,6 +2393,8 @@ static int vmxnet3_post_load(void *opaque, int version_id) } } + vmxnet3_validate_interrupts(s); + return 0; } From f93614c93633caf4181e9f8281ae6be4f2f543c8 Mon Sep 17 00:00:00 2001 From: Dmitry Fleytman Date: Fri, 4 Apr 2014 12:45:22 +0300 Subject: [PATCH 094/219] vmxnet3: validate queues configuration read on migration CVE-2013-4544 Signed-off-by: Dmitry Fleytman Reported-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Message-id: 1396604722-11902-5-git-send-email-dmitry@daynix.com Signed-off-by: Peter Maydell (cherry picked from commit f12d048a523780dbda702027d4a91b62af1a08d7) Signed-off-by: Michael Roth --- hw/net/vmxnet3.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index b9ed47ad77..bbb4fe526f 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -2393,6 +2393,7 @@ static int vmxnet3_post_load(void *opaque, int version_id) } } + vmxnet3_validate_queues(s); vmxnet3_validate_interrupts(s); return 0; From 25062a7521bd8499277e8453517112853faac57c Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:50:26 +0300 Subject: [PATCH 095/219] vmstate: reduce code duplication move size offset and number of elements math out to functions, to reduce code duplication. Signed-off-by: Michael S. Tsirkin Cc: "Dr. David Alan Gilbert" Signed-off-by: Juan Quintela (cherry picked from commit 35fc1f71899fd42323bd8f33da18f0211e0d2727) Conflicts: vmstate.c *removed dependency on b6fcfa59 (Move VMState code to vmstate.c) Signed-off-by: Michael Roth --- savevm.c | 96 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 50 insertions(+), 46 deletions(-) diff --git a/savevm.c b/savevm.c index 3f912ddcf9..2c87455aea 100644 --- a/savevm.c +++ b/savevm.c @@ -1673,6 +1673,50 @@ static void vmstate_subsection_save(QEMUFile *f, const VMStateDescription *vmsd, static int vmstate_subsection_load(QEMUFile *f, const VMStateDescription *vmsd, void *opaque); +static int vmstate_n_elems(void *opaque, VMStateField *field) +{ + int n_elems = 1; + + if (field->flags & VMS_ARRAY) { + n_elems = field->num; + } else if (field->flags & VMS_VARRAY_INT32) { + n_elems = *(int32_t *)(opaque+field->num_offset); + } else if (field->flags & VMS_VARRAY_UINT32) { + n_elems = *(uint32_t *)(opaque+field->num_offset); + } else if (field->flags & VMS_VARRAY_UINT16) { + n_elems = *(uint16_t *)(opaque+field->num_offset); + } else if (field->flags & VMS_VARRAY_UINT8) { + n_elems = *(uint8_t *)(opaque+field->num_offset); + } + + return n_elems; +} + +static int vmstate_size(void *opaque, VMStateField *field) +{ + int size = field->size; + + if (field->flags & VMS_VBUFFER) { + size = *(int32_t *)(opaque+field->size_offset); + if (field->flags & VMS_MULTIPLY) { + size *= field->size; + } + } + + return size; +} + +static void *vmstate_base_addr(void *opaque, VMStateField *field) +{ + void *base_addr = opaque + field->offset; + + if (field->flags & VMS_POINTER) { + base_addr = *(void **)base_addr + field->start; + } + + return base_addr; +} + int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd, void *opaque, int version_id) { @@ -1698,30 +1742,10 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd, field->field_exists(opaque, version_id)) || (!field->field_exists && field->version_id <= version_id)) { - void *base_addr = opaque + field->offset; - int i, n_elems = 1; - int size = field->size; + void *base_addr = vmstate_base_addr(opaque, field); + int i, n_elems = vmstate_n_elems(opaque, field); + int size = vmstate_size(opaque, field); - if (field->flags & VMS_VBUFFER) { - size = *(int32_t *)(opaque+field->size_offset); - if (field->flags & VMS_MULTIPLY) { - size *= field->size; - } - } - if (field->flags & VMS_ARRAY) { - n_elems = field->num; - } else if (field->flags & VMS_VARRAY_INT32) { - n_elems = *(int32_t *)(opaque+field->num_offset); - } else if (field->flags & VMS_VARRAY_UINT32) { - n_elems = *(uint32_t *)(opaque+field->num_offset); - } else if (field->flags & VMS_VARRAY_UINT16) { - n_elems = *(uint16_t *)(opaque+field->num_offset); - } else if (field->flags & VMS_VARRAY_UINT8) { - n_elems = *(uint8_t *)(opaque+field->num_offset); - } - if (field->flags & VMS_POINTER) { - base_addr = *(void **)base_addr + field->start; - } for (i = 0; i < n_elems; i++) { void *addr = base_addr + size * i; @@ -1762,30 +1786,10 @@ void vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd, while(field->name) { if (!field->field_exists || field->field_exists(opaque, vmsd->version_id)) { - void *base_addr = opaque + field->offset; - int i, n_elems = 1; - int size = field->size; + void *base_addr = vmstate_base_addr(opaque, field); + int i, n_elems = vmstate_n_elems(opaque, field); + int size = vmstate_size(opaque, field); - if (field->flags & VMS_VBUFFER) { - size = *(int32_t *)(opaque+field->size_offset); - if (field->flags & VMS_MULTIPLY) { - size *= field->size; - } - } - if (field->flags & VMS_ARRAY) { - n_elems = field->num; - } else if (field->flags & VMS_VARRAY_INT32) { - n_elems = *(int32_t *)(opaque+field->num_offset); - } else if (field->flags & VMS_VARRAY_UINT32) { - n_elems = *(uint32_t *)(opaque+field->num_offset); - } else if (field->flags & VMS_VARRAY_UINT16) { - n_elems = *(uint16_t *)(opaque+field->num_offset); - } else if (field->flags & VMS_VARRAY_UINT8) { - n_elems = *(uint8_t *)(opaque+field->num_offset); - } - if (field->flags & VMS_POINTER) { - base_addr = *(void **)base_addr + field->start; - } for (i = 0; i < n_elems; i++) { void *addr = base_addr + size * i; From a075a3a27e97c1f1f7cf924f6d48827644229581 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:50:31 +0300 Subject: [PATCH 096/219] vmstate: add VMS_MUST_EXIST Can be used to verify a required field exists or validate state in some other way. Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Juan Quintela (cherry picked from commit 5bf81c8d63db0216a4d29dc87f9ce530bb791dd1) Conflicts: vmstate.c *removed dependency on b6fcfa59 (Move VMState code to vmstate.c) Signed-off-by: Michael Roth --- include/migration/vmstate.h | 1 + savevm.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h index 9d09e60419..13fb78d9b9 100644 --- a/include/migration/vmstate.h +++ b/include/migration/vmstate.h @@ -100,6 +100,7 @@ enum VMStateFlags { VMS_MULTIPLY = 0x200, /* multiply "size" field by field_size */ VMS_VARRAY_UINT8 = 0x400, /* Array with size in uint8_t field*/ VMS_VARRAY_UINT32 = 0x800, /* Array with size in uint32_t field*/ + VMS_MUST_EXIST = 0x1000, /* Field must exist in input */ }; typedef struct { diff --git a/savevm.c b/savevm.c index 2c87455aea..8a228070dc 100644 --- a/savevm.c +++ b/savevm.c @@ -1762,6 +1762,10 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd, return ret; } } + } else if (field->flags & VMS_MUST_EXIST) { + fprintf(stderr, "Input validation failed: %s/%s\n", + vmsd->name, field->name); + return -1; } field++; } @@ -1802,6 +1806,12 @@ void vmstate_save_state(QEMUFile *f, const VMStateDescription *vmsd, field->info->put(f, addr, size); } } + } else { + if (field->flags & VMS_MUST_EXIST) { + fprintf(stderr, "Output state validation failed: %s/%s\n", + vmsd->name, field->name); + assert(!(field->flags & VMS_MUST_EXIST)); + } } field++; } From 29e2bbef19a9593eb20fd2286f38f1a90c0fdefd Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:50:35 +0300 Subject: [PATCH 097/219] vmstate: add VMSTATE_VALIDATE Validate state using VMS_ARRAY with num = 0 and VMS_MUST_EXIST Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit 4082f0889ba04678fc14816c53e1b9251ea9207e) Signed-off-by: Michael Roth --- include/migration/vmstate.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h index 13fb78d9b9..3007d89842 100644 --- a/include/migration/vmstate.h +++ b/include/migration/vmstate.h @@ -204,6 +204,14 @@ extern const VMStateInfo vmstate_info_bitmap; .offset = vmstate_offset_value(_state, _field, _type), \ } +/* Validate state using a boolean predicate. */ +#define VMSTATE_VALIDATE(_name, _test) { \ + .name = (_name), \ + .field_exists = (_test), \ + .flags = VMS_ARRAY | VMS_MUST_EXIST, \ + .num = 0, /* 0 elements: no data, only run _test */ \ +} + #define VMSTATE_POINTER(_field, _state, _version, _info, _type) { \ .name = (stringify(_field)), \ .version_id = (_version), \ From 95f118fa825416f8791d5f93614f9e766afffa79 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:50:39 +0300 Subject: [PATCH 098/219] virtio-net: fix buffer overflow on invalid state load CVE-2013-4148 QEMU 1.0 integer conversion in virtio_net_load()@hw/net/virtio-net.c Deals with loading a corrupted savevm image. > n->mac_table.in_use = qemu_get_be32(f); in_use is int so it can get negative when assigned 32bit unsigned value. > /* MAC_TABLE_ENTRIES may be different from the saved image */ > if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) { passing this check ^^^ > qemu_get_buffer(f, n->mac_table.macs, > n->mac_table.in_use * ETH_ALEN); with good in_use value, "n->mac_table.in_use * ETH_ALEN" can get positive and bigger than mac_table.macs. For example 0x81000000 satisfies this condition when ETH_ALEN is 6. Fix it by making the value unsigned. For consistency, change first_multi as well. Note: all call sites were audited to confirm that making them unsigned didn't cause any issues: it turns out we actually never do math on them, so it's easy to validate because both values are always <= MAC_TABLE_ENTRIES. Reviewed-by: Michael Roth Signed-off-by: Michael S. Tsirkin Reviewed-by: Laszlo Ersek Signed-off-by: Juan Quintela (cherry picked from commit 71f7fe48e10a8437c9d42d859389f37157f59980) Signed-off-by: Michael Roth --- include/hw/virtio/virtio-net.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/hw/virtio/virtio-net.h b/include/hw/virtio/virtio-net.h index df60f16a3e..4b32440837 100644 --- a/include/hw/virtio/virtio-net.h +++ b/include/hw/virtio/virtio-net.h @@ -176,8 +176,8 @@ typedef struct VirtIONet { uint8_t nobcast; uint8_t vhost_started; struct { - int in_use; - int first_multi; + uint32_t in_use; + uint32_t first_multi; uint8_t multi_overflow; uint8_t uni_overflow; uint8_t *macs; From 2b15f410bd2c333add4db2e7c96f457cdac3d149 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:50:56 +0300 Subject: [PATCH 099/219] virtio-net: out-of-bounds buffer write on invalid state load CVE-2013-4150 QEMU 1.5.0 out-of-bounds buffer write in virtio_net_load()@hw/net/virtio-net.c This code is in hw/net/virtio-net.c: if (n->max_queues > 1) { if (n->max_queues != qemu_get_be16(f)) { error_report("virtio-net: different max_queues "); return -1; } n->curr_queues = qemu_get_be16(f); for (i = 1; i < n->curr_queues; i++) { n->vqs[i].tx_waiting = qemu_get_be32(f); } } Number of vqs is max_queues, so if we get invalid input here, for example if max_queues = 2, curr_queues = 3, we get write beyond end of the buffer, with data that comes from wire. This might be used to corrupt qemu memory in hard to predict ways. Since we have lots of function pointers around, RCE might be possible. Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang Reviewed-by: Michael Roth Signed-off-by: Juan Quintela (cherry picked from commit eea750a5623ddac7a61982eec8f1c93481857578) Signed-off-by: Michael Roth --- hw/net/virtio-net.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index ec96862ed6..e00d1c0810 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1387,6 +1387,11 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) } n->curr_queues = qemu_get_be16(f); + if (n->curr_queues > n->max_queues) { + error_report("virtio-net: curr_queues %x > max_queues %x", + n->curr_queues, n->max_queues); + return -1; + } for (i = 1; i < n->curr_queues; i++) { n->vqs[i].tx_waiting = qemu_get_be32(f); } From 7b6444a2e4f5e777d05142277c842a3f3465beb3 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 28 Apr 2014 16:08:21 +0300 Subject: [PATCH 100/219] virtio-net: out-of-bounds buffer write on load CVE-2013-4149 QEMU 1.3.0 out-of-bounds buffer write in virtio_net_load()@hw/net/virtio-net.c > } else if (n->mac_table.in_use) { > uint8_t *buf = g_malloc0(n->mac_table.in_use); We are allocating buffer of size n->mac_table.in_use > qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN); and read to the n->mac_table.in_use size buffer n->mac_table.in_use * ETH_ALEN bytes, corrupting memory. If adversary controls state then memory written there is controlled by adversary. Reviewed-by: Michael Roth Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit 98f93ddd84800f207889491e0b5d851386b459cf) Signed-off-by: Michael Roth --- hw/net/virtio-net.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index e00d1c0810..29c5f35c57 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1342,10 +1342,17 @@ static int virtio_net_load(QEMUFile *f, void *opaque, int version_id) if (n->mac_table.in_use <= MAC_TABLE_ENTRIES) { qemu_get_buffer(f, n->mac_table.macs, n->mac_table.in_use * ETH_ALEN); - } else if (n->mac_table.in_use) { - uint8_t *buf = g_malloc0(n->mac_table.in_use); - qemu_get_buffer(f, buf, n->mac_table.in_use * ETH_ALEN); - g_free(buf); + } else { + int64_t i; + + /* Overflow detected - can happen if source has a larger MAC table. + * We simply set overflow flag so there's no need to maintain the + * table of addresses, discard them all. + * Note: 64 bit math to avoid integer overflow. + */ + for (i = 0; i < (int64_t)n->mac_table.in_use * ETH_ALEN; ++i) { + qemu_get_byte(f); + } n->mac_table.multi_overflow = n->mac_table.uni_overflow = 1; n->mac_table.in_use = 0; } From 5544b7e419fd47f6ad4552d30189e3a922acdfb1 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:14 +0300 Subject: [PATCH 101/219] virtio: out-of-bounds buffer write on invalid state load CVE-2013-4151 QEMU 1.0 out-of-bounds buffer write in virtio_load@hw/virtio/virtio.c So we have this code since way back when: num = qemu_get_be32(f); for (i = 0; i < num; i++) { vdev->vq[i].vring.num = qemu_get_be32(f); array of vqs has size VIRTIO_PCI_QUEUE_MAX, so on invalid input this will write beyond end of buffer. Signed-off-by: Michael S. Tsirkin Reviewed-by: Michael Roth Signed-off-by: Juan Quintela (cherry picked from commit cc45995294b92d95319b4782750a3580cabdbc0c) Signed-off-by: Michael Roth --- hw/virtio/virtio.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 965b2c0233..8dc3cb3009 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -888,7 +888,8 @@ int virtio_set_features(VirtIODevice *vdev, uint32_t val) int virtio_load(VirtIODevice *vdev, QEMUFile *f) { - int num, i, ret; + int i, ret; + uint32_t num; uint32_t features; uint32_t supported_features; BusState *qbus = qdev_get_parent_bus(DEVICE(vdev)); @@ -916,6 +917,11 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) num = qemu_get_be32(f); + if (num > VIRTIO_PCI_QUEUE_MAX) { + error_report("Invalid number of PCI queues: 0x%x", num); + return -1; + } + for (i = 0; i < num; i++) { vdev->vq[i].vring.num = qemu_get_be32(f); if (k->has_variable_vring_alignment) { From d34e6f796097bd46d1bf8b26916df757d54aba03 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:18 +0300 Subject: [PATCH 102/219] ahci: fix buffer overrun on invalid state load CVE-2013-4526 Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So we use the old version of ports to read the array but then allow any value for ports. This can cause the code to overflow. There's no reason to migrate ports - it never changes. So just make sure it matches. Reported-by: Anthony Liguori Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Maydell Signed-off-by: Juan Quintela (cherry picked from commit ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5) Signed-off-by: Michael Roth --- hw/ide/ahci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c index fbea9e8886..e3212741df 100644 --- a/hw/ide/ahci.c +++ b/hw/ide/ahci.c @@ -1290,7 +1290,7 @@ const VMStateDescription vmstate_ahci = { VMSTATE_UINT32(control_regs.impl, AHCIState), VMSTATE_UINT32(control_regs.version, AHCIState), VMSTATE_UINT32(idp_index, AHCIState), - VMSTATE_INT32(ports, AHCIState), + VMSTATE_INT32_EQUAL(ports, AHCIState), VMSTATE_END_OF_LIST() }, }; From d8aba740f274514bdda2a240f8b881f8d928f5cd Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:23 +0300 Subject: [PATCH 103/219] hpet: fix buffer overrun on invalid state load CVE-2013-4527 hw/timer/hpet.c buffer overrun hpet is a VARRAY with a uint8 size but static array of 32 To fix, make sure num_timers is valid using VMSTATE_VALID hook. Reported-by: Anthony Liguori Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Juan Quintela (cherry picked from commit 3f1c49e2136fa08ab1ef3183fd55def308829584) Signed-off-by: Michael Roth --- hw/timer/hpet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c index c6c2803d52..60892dac8c 100644 --- a/hw/timer/hpet.c +++ b/hw/timer/hpet.c @@ -227,6 +227,18 @@ static int hpet_pre_load(void *opaque) return 0; } +static bool hpet_validate_num_timers(void *opaque, int version_id) +{ + HPETState *s = opaque; + + if (s->num_timers < HPET_MIN_TIMERS) { + return false; + } else if (s->num_timers > HPET_MAX_TIMERS) { + return false; + } + return true; +} + static int hpet_post_load(void *opaque, int version_id) { HPETState *s = opaque; @@ -295,6 +307,7 @@ static const VMStateDescription vmstate_hpet = { VMSTATE_UINT64(isr, HPETState), VMSTATE_UINT64(hpet_counter, HPETState), VMSTATE_UINT8_V(num_timers, HPETState, 2), + VMSTATE_VALIDATE("num_timers in range", hpet_validate_num_timers), VMSTATE_STRUCT_VARRAY_UINT8(timer, HPETState, num_timers, 0, vmstate_hpet_timer, HPETTimer), VMSTATE_END_OF_LIST() From e83444f71eb48d18c7bcf3616846a6c2f9575f5c Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:31 +0300 Subject: [PATCH 104/219] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load 4) CVE-2013-4529 hw/pci/pcie_aer.c pcie aer log can overrun the buffer if log_num is too large There are two issues in this file: 1. log_max from remote can be larger than on local then buffer will overrun with data coming from state file. 2. log_num can be larger then we get data corruption again with an overflow but not adversary controlled. Fix both issues. Reported-by: Anthony Liguori Reported-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Juan Quintela (cherry picked from commit 5f691ff91d323b6f97c6600405a7f9dc115a0ad1) Signed-off-by: Michael Roth --- hw/pci/pcie_aer.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c index 991502e517..535be2c08a 100644 --- a/hw/pci/pcie_aer.c +++ b/hw/pci/pcie_aer.c @@ -795,6 +795,13 @@ static const VMStateDescription vmstate_pcie_aer_err = { } }; +static bool pcie_aer_state_log_num_valid(void *opaque, int version_id) +{ + PCIEAERLog *s = opaque; + + return s->log_num <= s->log_max; +} + const VMStateDescription vmstate_pcie_aer_log = { .name = "PCIE_AER_ERROR_LOG", .version_id = 1, @@ -802,7 +809,8 @@ const VMStateDescription vmstate_pcie_aer_log = { .minimum_version_id_old = 1, .fields = (VMStateField[]) { VMSTATE_UINT16(log_num, PCIEAERLog), - VMSTATE_UINT16(log_max, PCIEAERLog), + VMSTATE_UINT16_EQUAL(log_max, PCIEAERLog), + VMSTATE_VALIDATE("log_num <= log_max", pcie_aer_state_log_num_valid), VMSTATE_STRUCT_VARRAY_POINTER_UINT16(log, PCIEAERLog, log_num, vmstate_pcie_aer_err, PCIEAERErr), VMSTATE_END_OF_LIST() From f217f379a8ce520cce1e905c33660ca5a7ecad1c Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:35 +0300 Subject: [PATCH 105/219] pl022: fix buffer overun on invalid state load CVE-2013-4530 pl022.c did not bounds check tx_fifo_head and rx_fifo_head after loading them from file and before they are used to dereference array. Reported-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit d8d0a0bc7e194300e53a346d25fe5724fd588387) Signed-off-by: Michael Roth --- hw/ssi/pl022.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/hw/ssi/pl022.c b/hw/ssi/pl022.c index fd479effb9..b19bc7174a 100644 --- a/hw/ssi/pl022.c +++ b/hw/ssi/pl022.c @@ -240,11 +240,25 @@ static const MemoryRegionOps pl022_ops = { .endianness = DEVICE_NATIVE_ENDIAN, }; +static int pl022_post_load(void *opaque, int version_id) +{ + PL022State *s = opaque; + + if (s->tx_fifo_head < 0 || + s->tx_fifo_head >= ARRAY_SIZE(s->tx_fifo) || + s->rx_fifo_head < 0 || + s->rx_fifo_head >= ARRAY_SIZE(s->rx_fifo)) { + return -1; + } + return 0; +} + static const VMStateDescription vmstate_pl022 = { .name = "pl022_ssp", .version_id = 1, .minimum_version_id = 1, .minimum_version_id_old = 1, + .post_load = pl022_post_load, .fields = (VMStateField[]) { VMSTATE_UINT32(cr0, PL022State), VMSTATE_UINT32(cr1, PL022State), From a2b4e846b350f78fcb737195a40c5900923d5be8 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Wed, 12 Feb 2014 17:20:10 +0000 Subject: [PATCH 106/219] Fix vmstate_info_int32_le comparison/assign Fix comparison of vmstate_info_int32_le so that it succeeds if loaded value is (l)ess than or (e)qual When the comparison succeeds, assign the value loaded This is a change in behaviour but I think the original intent, since the idea is to check if the version/size of the thing you're loading is less than some limit, but you might well want to do something based on the actual version/size in the file Fix up comment and name text Signed-off-by: Dr. David Alan Gilbert Signed-off-by: Juan Quintela (cherry picked from commit 24a370ef2351dc596a7e47508b952ddfba79ef94) Conflicts: vmstate.c *removed dependency on b6fcfa59 (Move VMState code to vmstate.c) Signed-off-by: Michael Roth --- savevm.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/savevm.c b/savevm.c index 8a228070dc..40054cfbe3 100644 --- a/savevm.c +++ b/savevm.c @@ -1111,22 +1111,24 @@ const VMStateInfo vmstate_info_int32_equal = { .put = put_int32, }; -/* 32 bit int. See that the received value is the less or the same - than the one in the field */ +/* 32 bit int. Check that the received value is less than or equal to + the one in the field */ static int get_int32_le(QEMUFile *f, void *pv, size_t size) { - int32_t *old = pv; - int32_t new; - qemu_get_sbe32s(f, &new); + int32_t *cur = pv; + int32_t loaded; + qemu_get_sbe32s(f, &loaded); - if (*old <= new) + if (loaded <= *cur) { + *cur = loaded; return 0; + } return -EINVAL; } const VMStateInfo vmstate_info_int32_le = { - .name = "int32 equal", + .name = "int32 le", .get = get_int32_le, .put = put_int32, }; From 630ebeffb4a08f85db748b6908339a60fc213cae Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:42 +0300 Subject: [PATCH 107/219] vmstate: fix buffer overflow in target-arm/machine.c CVE-2013-4531 cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for cpreg_vmstate_array_len will cause a buffer overflow. VMSTATE_INT32_LE was supposed to protect against this but doesn't because it doesn't validate that input is non-negative. Fix this macro to valide the value appropriately. The only other user of VMSTATE_INT32_LE doesn't ever use negative numbers so it doesn't care. Reported-by: Anthony Liguori Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62) Conflicts: vmstate.c *removed dependency on b6fcfa59 (Move VMState code to vmstate.c) Signed-off-by: Michael Roth --- savevm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/savevm.c b/savevm.c index 40054cfbe3..b4367321c0 100644 --- a/savevm.c +++ b/savevm.c @@ -1111,8 +1111,9 @@ const VMStateInfo vmstate_info_int32_equal = { .put = put_int32, }; -/* 32 bit int. Check that the received value is less than or equal to - the one in the field */ +/* 32 bit int. Check that the received value is non-negative + * and less than or equal to the one in the field. + */ static int get_int32_le(QEMUFile *f, void *pv, size_t size) { @@ -1120,7 +1121,7 @@ static int get_int32_le(QEMUFile *f, void *pv, size_t size) int32_t loaded; qemu_get_sbe32s(f, &loaded); - if (loaded <= *cur) { + if (loaded >= 0 && loaded <= *cur) { *cur = loaded; return 0; } From 8f0e369a52ff0b5e0642bda47e2ead3c7e273fe1 Mon Sep 17 00:00:00 2001 From: Michael Roth Date: Thu, 3 Apr 2014 19:51:46 +0300 Subject: [PATCH 108/219] virtio: avoid buffer overrun on incoming migration CVE-2013-6399 vdev->queue_sel is read from the wire, and later used in the emulation code as an index into vdev->vq[]. If the value of vdev->queue_sel exceeds the length of vdev->vq[], currently allocated to be VIRTIO_PCI_QUEUE_MAX elements, subsequent PIO operations such as VIRTIO_PCI_QUEUE_PFN can be used to overrun the buffer with arbitrary data originating from the source. Fix this by failing migration if the value from the wire exceeds VIRTIO_PCI_QUEUE_MAX. Signed-off-by: Michael Roth Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Maydell Signed-off-by: Juan Quintela (cherry picked from commit 4b53c2c72cb5541cf394033b528a6fe2a86c0ac1) Signed-off-by: Michael Roth --- hw/virtio/virtio.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 8dc3cb3009..705fad9166 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -904,6 +904,9 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) qemu_get_8s(f, &vdev->status); qemu_get_8s(f, &vdev->isr); qemu_get_be16s(f, &vdev->queue_sel); + if (vdev->queue_sel >= VIRTIO_PCI_QUEUE_MAX) { + return -1; + } qemu_get_be32s(f, &features); if (virtio_set_features(vdev, features) < 0) { From 609f5bf6fecb78ada914b88598ae8ba43e304e36 Mon Sep 17 00:00:00 2001 From: Michael Roth Date: Mon, 28 Apr 2014 16:08:17 +0300 Subject: [PATCH 109/219] openpic: avoid buffer overrun on incoming migration CVE-2013-4534 opp->nb_cpus is read from the wire and used to determine how many IRQDest elements to read into opp->dst[]. If the value exceeds the length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary data from the wire. Fix this by failing migration if the value read from the wire exceeds MAX_CPU. Signed-off-by: Michael Roth Reviewed-by: Alexander Graf Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit 73d963c0a75cb99c6aaa3f6f25e427aa0b35a02e) Signed-off-by: Michael Roth --- hw/intc/openpic.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/hw/intc/openpic.c b/hw/intc/openpic.c index 7df72f44f0..ede1bc473f 100644 --- a/hw/intc/openpic.c +++ b/hw/intc/openpic.c @@ -41,6 +41,7 @@ #include "hw/sysbus.h" #include "hw/pci/msi.h" #include "qemu/bitops.h" +#include "qapi/qmp/qerror.h" //#define DEBUG_OPENPIC @@ -1416,7 +1417,7 @@ static void openpic_load_IRQ_queue(QEMUFile* f, IRQQueue *q) static int openpic_load(QEMUFile* f, void *opaque, int version_id) { OpenPICState *opp = (OpenPICState *)opaque; - unsigned int i; + unsigned int i, nb_cpus; if (version_id != 1) { return -EINVAL; @@ -1428,7 +1429,11 @@ static int openpic_load(QEMUFile* f, void *opaque, int version_id) qemu_get_be32s(f, &opp->spve); qemu_get_be32s(f, &opp->tfrr); - qemu_get_be32s(f, &opp->nb_cpus); + qemu_get_be32s(f, &nb_cpus); + if (opp->nb_cpus != nb_cpus) { + return -EINVAL; + } + assert(nb_cpus > 0 && nb_cpus <= MAX_CPU); for (i = 0; i < opp->nb_cpus; i++) { qemu_get_sbe32s(f, &opp->dst[i].ctpr); @@ -1567,6 +1572,13 @@ static void openpic_realize(DeviceState *dev, Error **errp) {NULL} }; + if (opp->nb_cpus > MAX_CPU) { + error_set(errp, QERR_PROPERTY_VALUE_OUT_OF_RANGE, + TYPE_OPENPIC, "nb_cpus", (uint64_t)opp->nb_cpus, + (uint64_t)0, (uint64_t)MAX_CPU); + return; + } + switch (opp->model) { case OPENPIC_MODEL_FSL_MPIC_20: default: From 68801b7be1ddabe3495f68145b1202049b1486c2 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:53 +0300 Subject: [PATCH 110/219] virtio: validate num_sg when mapping CVE-2013-4535 CVE-2013-4536 Both virtio-block and virtio-serial read, VirtQueueElements are read in as buffers, and passed to virtqueue_map_sg(), where num_sg is taken from the wire and can force writes to indicies beyond VIRTQUEUE_MAX_SIZE. To fix, validate num_sg. Reported-by: Michael Roth Signed-off-by: Michael S. Tsirkin Cc: Amit Shah Signed-off-by: Juan Quintela (cherry picked from commit 36cf2a37132c7f01fa9adb5f95f5312b27742fd4) Signed-off-by: Michael Roth --- hw/virtio/virtio.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 705fad9166..c2c9b5a1ab 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -427,6 +427,12 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr, unsigned int i; hwaddr len; + if (num_sg >= VIRTQUEUE_MAX_SIZE) { + error_report("virtio: map attempt out of bounds: %zd > %d", + num_sg, VIRTQUEUE_MAX_SIZE); + exit(1); + } + for (i = 0; i < num_sg; i++) { len = sg[i].iov_len; sg[i].iov_base = cpu_physical_memory_map(addr[i], &len, is_write); From d92a7683e8cc4d3daab1ae9197f9311a72c9d1e6 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:51:57 +0300 Subject: [PATCH 111/219] pxa2xx: avoid buffer overrun on incoming migration CVE-2013-4533 s->rx_level is read from the wire and used to determine how many bytes to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the length of s->rx_fifo[] the buffer can be overrun with arbitrary data from the wire. Fix this by validating rx_level against the size of s->rx_fifo. Cc: Don Koch Reported-by: Michael Roth Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Maydell Reviewed-by: Don Koch Signed-off-by: Juan Quintela (cherry picked from commit caa881abe0e01f9931125a0977ec33c5343e4aa7) Signed-off-by: Michael Roth --- hw/arm/pxa2xx.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c index 02b7016a04..daec57d228 100644 --- a/hw/arm/pxa2xx.c +++ b/hw/arm/pxa2xx.c @@ -742,7 +742,7 @@ static void pxa2xx_ssp_save(QEMUFile *f, void *opaque) static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id) { PXA2xxSSPState *s = (PXA2xxSSPState *) opaque; - int i; + int i, v; s->enable = qemu_get_be32(f); @@ -756,7 +756,11 @@ static int pxa2xx_ssp_load(QEMUFile *f, void *opaque, int version_id) qemu_get_8s(f, &s->ssrsa); qemu_get_8s(f, &s->ssacd); - s->rx_level = qemu_get_byte(f); + v = qemu_get_byte(f); + if (v < 0 || v > ARRAY_SIZE(s->rx_fifo)) { + return -EINVAL; + } + s->rx_level = v; s->rx_start = 0; for (i = 0; i < s->rx_level; i ++) s->rx_fifo[i] = qemu_get_byte(f); From 45edb0ca7a8a527ecf9fb36180df4b9664a9227c Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 28 Apr 2014 16:08:14 +0300 Subject: [PATCH 112/219] ssi-sd: fix buffer overrun on invalid state load CVE-2013-4537 s->arglen is taken from wire and used as idx in ssi_sd_transfer(). Validate it before access. Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit a9c380db3b8c6af19546a68145c8d1438a09c92b) Signed-off-by: Michael Roth --- hw/sd/ssi-sd.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index 1bb56c4d54..90ff07bf72 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -230,8 +230,17 @@ static int ssi_sd_load(QEMUFile *f, void *opaque, int version_id) for (i = 0; i < 5; i++) s->response[i] = qemu_get_be32(f); s->arglen = qemu_get_be32(f); + if (s->mode == SSI_SD_CMDARG && + (s->arglen < 0 || s->arglen >= ARRAY_SIZE(s->cmdarg))) { + return -EINVAL; + } s->response_pos = qemu_get_be32(f); s->stopping = qemu_get_be32(f); + if (s->mode == SSI_SD_RESPONSE && + (s->response_pos < 0 || s->response_pos >= ARRAY_SIZE(s->response) || + (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) { + return -EINVAL; + } ss->cs = qemu_get_be32(f); From af443645c3383f26a309d200413649ecac9ac58f Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:52:05 +0300 Subject: [PATCH 113/219] ssd0323: fix buffer overun on invalid state load CVE-2013-4538 s->cmd_len used as index in ssd0323_transfer() to store 32-bit field. Possible this field might then be supplied by guest to overwrite a return addr somewhere. Same for row/col fields, which are indicies into framebuffer array. To fix validate after load. Additionally, validate that the row/col_start/end are within bounds; otherwise the guest can provoke an overrun by either setting the _end field so large that the row++ increments just walk off the end of the array, or by setting the _start value to something bogus and then letting the "we hit end of row" logic reset row to row_start. For completeness, validate mode as well. Signed-off-by: Michael S. Tsirkin Reviewed-by: Peter Maydell Signed-off-by: Juan Quintela (cherry picked from commit ead7a57df37d2187813a121308213f41591bd811) Signed-off-by: Michael Roth --- hw/display/ssd0323.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c index c3231c6116..773414c7ad 100644 --- a/hw/display/ssd0323.c +++ b/hw/display/ssd0323.c @@ -312,18 +312,42 @@ static int ssd0323_load(QEMUFile *f, void *opaque, int version_id) return -EINVAL; s->cmd_len = qemu_get_be32(f); + if (s->cmd_len < 0 || s->cmd_len > ARRAY_SIZE(s->cmd_data)) { + return -EINVAL; + } s->cmd = qemu_get_be32(f); for (i = 0; i < 8; i++) s->cmd_data[i] = qemu_get_be32(f); s->row = qemu_get_be32(f); + if (s->row < 0 || s->row >= 80) { + return -EINVAL; + } s->row_start = qemu_get_be32(f); + if (s->row_start < 0 || s->row_start >= 80) { + return -EINVAL; + } s->row_end = qemu_get_be32(f); + if (s->row_end < 0 || s->row_end >= 80) { + return -EINVAL; + } s->col = qemu_get_be32(f); + if (s->col < 0 || s->col >= 64) { + return -EINVAL; + } s->col_start = qemu_get_be32(f); + if (s->col_start < 0 || s->col_start >= 64) { + return -EINVAL; + } s->col_end = qemu_get_be32(f); + if (s->col_end < 0 || s->col_end >= 64) { + return -EINVAL; + } s->redraw = qemu_get_be32(f); s->remap = qemu_get_be32(f); s->mode = qemu_get_be32(f); + if (s->mode != SSD0323_CMD && s->mode != SSD0323_DATA) { + return -EINVAL; + } qemu_get_buffer(f, s->framebuffer, sizeof(s->framebuffer)); ss->cs = qemu_get_be32(f); From c75e43b871fb0a777ae1101a26a42ea213f7aff6 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:52:09 +0300 Subject: [PATCH 114/219] tsc210x: fix buffer overrun on invalid state load MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVE-2013-4539 s->precision, nextprecision, function and nextfunction come from wire and are used as idx into resolution[] in TSC_CUT_RESOLUTION. Validate after load to avoid buffer overrun. Cc: Andreas Färber Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit 5193be3be35f29a35bc465036cd64ad60d43385f) Signed-off-by: Michael Roth --- hw/input/tsc210x.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hw/input/tsc210x.c b/hw/input/tsc210x.c index 485c9e5753..aa5b6886ea 100644 --- a/hw/input/tsc210x.c +++ b/hw/input/tsc210x.c @@ -1070,9 +1070,21 @@ static int tsc210x_load(QEMUFile *f, void *opaque, int version_id) s->enabled = qemu_get_byte(f); s->host_mode = qemu_get_byte(f); s->function = qemu_get_byte(f); + if (s->function < 0 || s->function >= ARRAY_SIZE(mode_regs)) { + return -EINVAL; + } s->nextfunction = qemu_get_byte(f); + if (s->nextfunction < 0 || s->nextfunction >= ARRAY_SIZE(mode_regs)) { + return -EINVAL; + } s->precision = qemu_get_byte(f); + if (s->precision < 0 || s->precision >= ARRAY_SIZE(resolution)) { + return -EINVAL; + } s->nextprecision = qemu_get_byte(f); + if (s->nextprecision < 0 || s->nextprecision >= ARRAY_SIZE(resolution)) { + return -EINVAL; + } s->filter = qemu_get_byte(f); s->pin_func = qemu_get_byte(f); s->ref = qemu_get_byte(f); From 8d948a000d4963fe5ef20ba8478a0119b659c4ad Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:52:13 +0300 Subject: [PATCH 115/219] zaurus: fix buffer overrun on invalid state load CVE-2013-4540 Within scoop_gpio_handler_update, if prev_level has a high bit set, then we get bit > 16 and that causes a buffer overrun. Since prev_level comes from wire indirectly, this can happen on invalid state load. Similarly for gpio_level and gpio_dir. To fix, limit to 16 bit. Reported-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Dr. David Alan Gilbert Signed-off-by: Juan Quintela (cherry picked from commit 52f91c3723932f8340fe36c8ec8b18a757c37b2b) Signed-off-by: Michael Roth --- hw/gpio/zaurus.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/hw/gpio/zaurus.c b/hw/gpio/zaurus.c index dc79a8baa6..8e2ce049de 100644 --- a/hw/gpio/zaurus.c +++ b/hw/gpio/zaurus.c @@ -203,6 +203,15 @@ static bool is_version_0 (void *opaque, int version_id) return version_id == 0; } +static bool vmstate_scoop_validate(void *opaque, int version_id) +{ + ScoopInfo *s = opaque; + + return !(s->prev_level & 0xffff0000) && + !(s->gpio_level & 0xffff0000) && + !(s->gpio_dir & 0xffff0000); +} + static const VMStateDescription vmstate_scoop_regs = { .name = "scoop", .version_id = 1, @@ -215,6 +224,7 @@ static const VMStateDescription vmstate_scoop_regs = { VMSTATE_UINT32(gpio_level, ScoopInfo), VMSTATE_UINT32(gpio_dir, ScoopInfo), VMSTATE_UINT32(prev_level, ScoopInfo), + VMSTATE_VALIDATE("irq levels are 16 bit", vmstate_scoop_validate), VMSTATE_UINT16(mcr, ScoopInfo), VMSTATE_UINT16(cdr, ScoopInfo), VMSTATE_UINT16(ccr, ScoopInfo), From a7fcb4c5e0ef930e102efba44cb04a8d8182b321 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:52:17 +0300 Subject: [PATCH 116/219] virtio-scsi: fix buffer overrun on invalid state load MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CVE-2013-4542 hw/scsi/scsi-bus.c invokes load_request. virtio_scsi_load_request does: qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem)); this probably can make elem invalid, for example, make in_num or out_num huge, then: virtio_scsi_parse_req(s, vs->cmd_vqs[n], req); will do: if (req->elem.out_num > 1) { qemu_sgl_init_external(req, &req->elem.out_sg[1], &req->elem.out_addr[1], req->elem.out_num - 1); } else { qemu_sgl_init_external(req, &req->elem.in_sg[1], &req->elem.in_addr[1], req->elem.in_num - 1); } and this will access out of array bounds. Note: this adds security checks within assert calls since SCSIBusInfo's load_request cannot fail. For now simply disable builds with NDEBUG - there seems to be little value in supporting these. Cc: Andreas Färber Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit 3c3ce981423e0d6c18af82ee62f1850c2cda5976) Signed-off-by: Michael Roth --- hw/scsi/virtio-scsi.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 3fa6d076da..3c867c6362 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -147,6 +147,15 @@ static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq) qemu_get_be32s(f, &n); assert(n < vs->conf.num_queues); qemu_get_buffer(f, (unsigned char *)&req->elem, sizeof(req->elem)); + /* TODO: add a way for SCSIBusInfo's load_request to fail, + * and fail migration instead of asserting here. + * When we do, we might be able to re-enable NDEBUG below. + */ +#ifdef NDEBUG +#error building with NDEBUG is not supported +#endif + assert(req->elem.in_num <= ARRAY_SIZE(req->elem.in_sg)); + assert(req->elem.out_num <= ARRAY_SIZE(req->elem.out_sg)); virtio_scsi_parse_req(s, vs->cmd_vqs[n], req); scsi_req_ref(sreq); From 0776525e77ac1c2e1b7a45ecde1597bb0f460877 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:52:21 +0300 Subject: [PATCH 117/219] vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/ As the macro verifies the value is positive, rename it to make the function clearer. Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit 3476436a44c29725efef0cabf5b3ea4e70054d57) Signed-off-by: Michael Roth --- hw/pci/pci.c | 4 ++-- include/migration/vmstate.h | 2 +- target-arm/machine.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 49eca955aa..347d0c0d57 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -474,7 +474,7 @@ const VMStateDescription vmstate_pci_device = { .minimum_version_id = 1, .minimum_version_id_old = 1, .fields = (VMStateField []) { - VMSTATE_INT32_LE(version_id, PCIDevice), + VMSTATE_INT32_POSITIVE_LE(version_id, PCIDevice), VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0, vmstate_info_pci_config, PCI_CONFIG_SPACE_SIZE), @@ -491,7 +491,7 @@ const VMStateDescription vmstate_pcie_device = { .minimum_version_id = 1, .minimum_version_id_old = 1, .fields = (VMStateField []) { - VMSTATE_INT32_LE(version_id, PCIDevice), + VMSTATE_INT32_POSITIVE_LE(version_id, PCIDevice), VMSTATE_BUFFER_UNSAFE_INFO(config, PCIDevice, 0, vmstate_info_pci_config, PCIE_CONFIG_SPACE_SIZE), diff --git a/include/migration/vmstate.h b/include/migration/vmstate.h index 3007d89842..1325fa5343 100644 --- a/include/migration/vmstate.h +++ b/include/migration/vmstate.h @@ -591,7 +591,7 @@ extern const VMStateInfo vmstate_info_bitmap; #define VMSTATE_UINT64_EQUAL(_f, _s) \ VMSTATE_UINT64_EQUAL_V(_f, _s, 0) -#define VMSTATE_INT32_LE(_f, _s) \ +#define VMSTATE_INT32_POSITIVE_LE(_f, _s) \ VMSTATE_SINGLE(_f, _s, 0, vmstate_info_int32_le, int32_t) #define VMSTATE_UINT8_TEST(_f, _s, _t) \ diff --git a/target-arm/machine.c b/target-arm/machine.c index 74f010f637..286e853cd9 100644 --- a/target-arm/machine.c +++ b/target-arm/machine.c @@ -246,7 +246,7 @@ const VMStateDescription vmstate_arm_cpu = { /* The length-check must come before the arrays to avoid * incoming data possibly overflowing the array. */ - VMSTATE_INT32_LE(cpreg_vmstate_array_len, ARMCPU), + VMSTATE_INT32_POSITIVE_LE(cpreg_vmstate_array_len, ARMCPU), VMSTATE_VARRAY_INT32(cpreg_vmstate_indexes, ARMCPU, cpreg_vmstate_array_len, 0, vmstate_info_uint64, uint64_t), From c4bd2e4cb0550fd83321029b9ae7582073fcac67 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Thu, 3 Apr 2014 19:52:25 +0300 Subject: [PATCH 118/219] usb: sanity check setup_index+setup_len in post_load CVE-2013-4541 s->setup_len and s->setup_index are fed into usb_packet_copy as size/offset into s->data_buf, it's possible for invalid state to exploit this to load arbitrary data. setup_len and setup_index should be checked to make sure they are not negative. Cc: Gerd Hoffmann Signed-off-by: Michael S. Tsirkin Reviewed-by: Gerd Hoffmann Signed-off-by: Juan Quintela (cherry picked from commit 9f8e9895c504149d7048e9fc5eb5cbb34b16e49a) Signed-off-by: Michael Roth --- hw/usb/bus.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hw/usb/bus.c b/hw/usb/bus.c index ca329bef29..53c85fe6ff 100644 --- a/hw/usb/bus.c +++ b/hw/usb/bus.c @@ -47,7 +47,9 @@ static int usb_device_post_load(void *opaque, int version_id) } else { dev->attached = 1; } - if (dev->setup_index >= sizeof(dev->data_buf) || + if (dev->setup_index < 0 || + dev->setup_len < 0 || + dev->setup_index >= sizeof(dev->data_buf) || dev->setup_len >= sizeof(dev->data_buf)) { return -EINVAL; } From 7abee6c9883f242b680736b4d9c730b1556498e5 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 3 Apr 2014 19:52:28 +0300 Subject: [PATCH 119/219] savevm: Ignore minimum_version_id_old if there is no load_state_old At the moment we require vmstate definitions to set minimum_version_id_old to the same value as minimum_version_id if they do not provide a load_state_old handler. Since the load_state_old functionality is required only for a handful of devices that need to retain migration compatibility with a pre-vmstate implementation, this means the bulk of devices have pointless boilerplate. Relax the definition so that minimum_version_id_old is ignored if there is no load_state_old handler. Note that under the old scheme we would segfault if the vmstate specified a minimum_version_id_old that was less than minimum_version_id but did not provide a load_state_old function, and the incoming state specified a version number between minimum_version_id_old and minimum_version_id. Under the new scheme this will just result in our failing the migration. Signed-off-by: Peter Maydell Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela (cherry picked from commit 767adce2d9cd397de3418caa16be35ea18d56f22) Conflicts: vmstate.c *removed dependency on b6fcfa59 (Move VMState code to vmstate.c) Signed-off-by: Michael Roth --- docs/migration.txt | 12 +++++------- savevm.c | 9 +++++---- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/docs/migration.txt b/docs/migration.txt index 0e0a1d44da..fe1f2bb738 100644 --- a/docs/migration.txt +++ b/docs/migration.txt @@ -139,7 +139,6 @@ static const VMStateDescription vmstate_kbd = { .name = "pckbd", .version_id = 3, .minimum_version_id = 3, - .minimum_version_id_old = 3, .fields = (VMStateField []) { VMSTATE_UINT8(write_cmd, KBDState), VMSTATE_UINT8(status, KBDState), @@ -168,12 +167,13 @@ You can see that there are several version fields: - minimum_version_id: the minimum version_id that VMState is able to understand for that device. - minimum_version_id_old: For devices that were not able to port to vmstate, we can - assign a function that knows how to read this old state. + assign a function that knows how to read this old state. This field is + ignored if there is no load_state_old handler. So, VMState is able to read versions from minimum_version_id to -version_id. And the function load_state_old() is able to load state -from minimum_version_id_old to minimum_version_id. This function is -deprecated and will be removed when no more users are left. +version_id. And the function load_state_old() (if present) is able to +load state from minimum_version_id_old to minimum_version_id. This +function is deprecated and will be removed when no more users are left. === Massaging functions === @@ -255,7 +255,6 @@ const VMStateDescription vmstate_ide_drive_pio_state = { .name = "ide_drive/pio_state", .version_id = 1, .minimum_version_id = 1, - .minimum_version_id_old = 1, .pre_save = ide_drive_pio_pre_save, .post_load = ide_drive_pio_post_load, .fields = (VMStateField []) { @@ -275,7 +274,6 @@ const VMStateDescription vmstate_ide_drive = { .name = "ide_drive", .version_id = 3, .minimum_version_id = 0, - .minimum_version_id_old = 0, .post_load = ide_drive_post_load, .fields = (VMStateField []) { .... several fields .... diff --git a/savevm.c b/savevm.c index b4367321c0..a271c2b3ee 100644 --- a/savevm.c +++ b/savevm.c @@ -1729,11 +1729,12 @@ int vmstate_load_state(QEMUFile *f, const VMStateDescription *vmsd, if (version_id > vmsd->version_id) { return -EINVAL; } - if (version_id < vmsd->minimum_version_id_old) { - return -EINVAL; - } if (version_id < vmsd->minimum_version_id) { - return vmsd->load_state_old(f, opaque, version_id); + if (vmsd->load_state_old && + version_id >= vmsd->minimum_version_id_old) { + return vmsd->load_state_old(f, opaque, version_id); + } + return -EINVAL; } if (vmsd->pre_load) { int ret = vmsd->pre_load(opaque); From 2003205fd2799fdeebe56a6c700d34555d114142 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 28 Apr 2014 16:08:23 +0300 Subject: [PATCH 120/219] virtio: validate config_len on load Malformed input can have config_len in migration stream exceed the array size allocated on destination, the result will be heap overflow. To fix, that config_len matches on both sides. CVE-2014-0182 Reported-by: "Dr. David Alan Gilbert" Signed-off-by: Michael S. Tsirkin Signed-off-by: Juan Quintela -- v2: use %ix and %zx to print config_len values Signed-off-by: Juan Quintela (cherry picked from commit a890a2f9137ac3cf5b607649e66a6f3a5512d8dc) Signed-off-by: Michael Roth --- hw/virtio/virtio.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index c2c9b5a1ab..151fae9b3d 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -895,6 +895,7 @@ int virtio_set_features(VirtIODevice *vdev, uint32_t val) int virtio_load(VirtIODevice *vdev, QEMUFile *f) { int i, ret; + int32_t config_len; uint32_t num; uint32_t features; uint32_t supported_features; @@ -921,7 +922,12 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) features, supported_features); return -1; } - vdev->config_len = qemu_get_be32(f); + config_len = qemu_get_be32(f); + if (config_len != vdev->config_len) { + error_report("Unexpected config length 0x%x. Expected 0x%zx", + config_len, vdev->config_len); + return -1; + } qemu_get_buffer(f, vdev->config, vdev->config_len); num = qemu_get_be32(f); From 73d8965bcc7cdec00dae7912f98f0db30bd1ba1b Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 28 Apr 2014 16:08:26 +0300 Subject: [PATCH 121/219] stellaris_enet: block migration Incoming migration with stellaris_enet is unsafe. It's being reworked, but for now, simply block it since noone is using it anyway. Block outgoing migration for good measure. CVE-2013-4532 Signed-off-by: Michael S. Tsirkin Signed-off-by: Michael Roth --- hw/net/stellaris_enet.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index 376c7b0c9e..0574d100b7 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -8,6 +8,7 @@ */ #include "hw/sysbus.h" #include "net/net.h" +#include "migration/migration.h" #include //#define DEBUG_STELLARIS_ENET 1 @@ -75,6 +76,7 @@ typedef struct { NICConf conf; qemu_irq irq; MemoryRegion mmio; + Error *migration_blocker; } stellaris_enet_state; static void stellaris_enet_update(stellaris_enet_state *s) @@ -361,7 +363,7 @@ static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id) stellaris_enet_state *s = (stellaris_enet_state *)opaque; int i; - if (version_id != 1) + if (1) return -EINVAL; s->ris = qemu_get_be32(f); @@ -422,6 +424,10 @@ static int stellaris_enet_init(SysBusDevice *sbd) stellaris_enet_reset(s); register_savevm(dev, "stellaris_enet", -1, 1, stellaris_enet_save, stellaris_enet_load, s); + + error_setg(&s->migration_blocker, + "stellaris_enet does not support migration"); + migrate_add_blocker(s->migration_blocker); return 0; } @@ -429,6 +435,9 @@ static void stellaris_enet_unrealize(DeviceState *dev, Error **errp) { stellaris_enet_state *s = STELLARIS_ENET(dev); + migrate_del_blocker(s->migration_blocker); + error_free(s->migration_blocker); + unregister_savevm(DEVICE(s), "stellaris_enet", s); memory_region_destroy(&s->mmio); From 3c1162e47121d4f511cc55bc9ffdd425d172f6f8 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 29 Apr 2014 13:10:05 +0200 Subject: [PATCH 122/219] target-i386: fix set of registers zeroed on reset BND0-3, BNDCFGU, BNDCFGS, BNDSTATUS were not zeroed on reset, but they should be (Intel Instruction Set Extensions Programming Reference 319433-015, pages 9-4 and 9-6). Same for YMM. XCR0 should be reset to 1. TSC and TSC_RESET were zeroed already by the memset, remove the explicit assignments. Cc: Andreas Faerber Reviewed-by: Michael S. Tsirkin Signed-off-by: Paolo Bonzini (cherry picked from commit 05e7e819d7d159a75a46354aead95e1199b8f168) Conflicts: target-i386/cpu.c target-i386/cpu.h *removed dependency on 79e9ebeb Signed-off-by: Michael Roth --- target-i386/cpu.c | 2 ++ target-i386/cpu.h | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 47af9a8816..654a04e187 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -2446,6 +2446,8 @@ static void x86_cpu_reset(CPUState *s) cpu_breakpoint_remove_all(env, BP_CPU); cpu_watchpoint_remove_all(env, BP_CPU); + env->xcr0 = 1; + #if !defined(CONFIG_USER_ONLY) /* We hard-wire the BSP to the first CPU. */ if (s->cpu_index == 0) { diff --git a/target-i386/cpu.h b/target-i386/cpu.h index ea373e82dc..199f4079dc 100644 --- a/target-i386/cpu.h +++ b/target-i386/cpu.h @@ -801,6 +801,8 @@ typedef struct CPUX86State { XMMReg xmm_t0; MMXReg mmx_t0; + XMMReg ymmh_regs[CPU_NB_REGS]; + /* sysenter registers */ uint32_t sysenter_cs; target_ulong sysenter_esp; @@ -909,9 +911,7 @@ typedef struct CPUX86State { uint16_t fpus_vmstate; uint16_t fptag_vmstate; uint16_t fpregs_format_vmstate; - uint64_t xstate_bv; - XMMReg ymmh_regs[CPU_NB_REGS]; uint64_t xcr0; From 7c569521833786a502ca0861e2f7885d2e2e3428 Mon Sep 17 00:00:00 2001 From: "Edgar E. Iglesias" Date: Thu, 1 May 2014 15:24:45 +0100 Subject: [PATCH 123/219] target-arm: Make vbar_write 64bit friendly on 32bit hosts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Edgar E. Iglesias Reviewed-by: Alex Bennée Message-id: 1398926097-28097-2-git-send-email-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell (cherry picked from commit fed3ffb9f157f33bc9b2b1c3ef68e710ee6b7b4b) Conflicts: target-arm/helper.c Signed-off-by: Michael Roth --- target-arm/helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index 3445813465..c3e491006f 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -546,7 +546,7 @@ static int pmintenclr_write(CPUARMState *env, const ARMCPRegInfo *ri, static int vbar_write(CPUARMState *env, const ARMCPRegInfo *ri, uint64_t value) { - env->cp15.c12_vbar = value & ~0x1Ful; + env->cp15.c12_vbar = value & ~0x1FULL; return 0; } From f6de3526a0c853c22c55e7087e4c7d04e408bf2c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 2 May 2014 14:45:12 +0100 Subject: [PATCH 124/219] linux-user/elfload.c: Fix incorrect ARM HWCAP bits The ELF HWCAP bits for ARM features THUMBEE, NEON, VFPv3 and VFPv3D16 are all off by one compared to the kernel definitions. Fix this discrepancy and add in the missing CRUNCH bit which was the cause of the off-by-one error. (We don't emulate any of the CPUs which have that weird hardware, so it's otherwise uninteresting to us.) Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio (cherry picked from commit 43ce393ee5f7b96d2ac22fedc40d6b6fb3f65a3e) Signed-off-by: Michael Roth --- linux-user/elfload.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 8dd424dadd..7d1e0978f3 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -346,10 +346,11 @@ enum ARM_HWCAP_ARM_EDSP = 1 << 7, ARM_HWCAP_ARM_JAVA = 1 << 8, ARM_HWCAP_ARM_IWMMXT = 1 << 9, - ARM_HWCAP_ARM_THUMBEE = 1 << 10, - ARM_HWCAP_ARM_NEON = 1 << 11, - ARM_HWCAP_ARM_VFPv3 = 1 << 12, - ARM_HWCAP_ARM_VFPv3D16 = 1 << 13, + ARM_HWCAP_ARM_CRUNCH = 1 << 10, + ARM_HWCAP_ARM_THUMBEE = 1 << 11, + ARM_HWCAP_ARM_NEON = 1 << 12, + ARM_HWCAP_ARM_VFPv3 = 1 << 13, + ARM_HWCAP_ARM_VFPv3D16 = 1 << 14, }; #define TARGET_HAS_VALIDATE_GUEST_SPACE From 64b210d4d570602ac232337c295d87e8188104ed Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 2 May 2014 14:45:13 +0100 Subject: [PATCH 125/219] linux-user/elfload.c: Update ARM HWCAP bits The kernel has added support for a number of new ARM HWCAP bits; add them to QEMU, including support for setting them where we have a corresponding CPU feature bit. We were also incorrectly setting the VFPv3D16 HWCAP -- this means "only 16 D registers", not "supports 16-bit floating point format"; since QEMU always has 32 D registers for VFPv3, we can just remove the line that incorrectly set this bit. The kernel does not set the HWCAP_FPA even if it is providing FPA emulation via nwfpe, so don't set this bit in QEMU either. Signed-off-by: Peter Maydell Cc: qemu-stable@nongnu.org Signed-off-by: Riku Voipio (cherry picked from commit 24682654654a2e7b50afc27880f4098e5fca3742) Signed-off-by: Michael Roth --- linux-user/elfload.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 7d1e0978f3..adf84ebf10 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -351,6 +351,13 @@ enum ARM_HWCAP_ARM_NEON = 1 << 12, ARM_HWCAP_ARM_VFPv3 = 1 << 13, ARM_HWCAP_ARM_VFPv3D16 = 1 << 14, + ARM_HWCAP_ARM_TLS = 1 << 15, + ARM_HWCAP_ARM_VFPv4 = 1 << 16, + ARM_HWCAP_ARM_IDIVA = 1 << 17, + ARM_HWCAP_ARM_IDIVT = 1 << 18, + ARM_HWCAP_ARM_VFPD32 = 1 << 19, + ARM_HWCAP_ARM_LPAE = 1 << 20, + ARM_HWCAP_ARM_EVTSTRM = 1 << 21, }; #define TARGET_HAS_VALIDATE_GUEST_SPACE @@ -425,17 +432,28 @@ static uint32_t get_elf_hwcap(void) hwcaps |= ARM_HWCAP_ARM_HALF; hwcaps |= ARM_HWCAP_ARM_THUMB; hwcaps |= ARM_HWCAP_ARM_FAST_MULT; - hwcaps |= ARM_HWCAP_ARM_FPA; /* probe for the extra features */ #define GET_FEATURE(feat, hwcap) \ do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) + /* EDSP is in v5TE and above, but all our v5 CPUs are v5TE */ + GET_FEATURE(ARM_FEATURE_V5, ARM_HWCAP_ARM_EDSP); GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP); GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT); GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE); GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON); GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3); - GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16); + GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS); + GET_FEATURE(ARM_FEATURE_VFP4, ARM_HWCAP_ARM_VFPv4); + GET_FEATURE(ARM_FEATURE_ARM_DIV, ARM_HWCAP_ARM_IDIVA); + GET_FEATURE(ARM_FEATURE_THUMB_DIV, ARM_HWCAP_ARM_IDIVT); + /* All QEMU's VFPv3 CPUs have 32 registers, see VFP_DREG in translate.c. + * Note that the ARM_HWCAP_ARM_VFPv3D16 bit is always the inverse of + * ARM_HWCAP_ARM_VFPD32 (and so always clear for QEMU); it is unrelated + * to our VFP_FP16 feature bit. + */ + GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPD32); + GET_FEATURE(ARM_FEATURE_LPAE, ARM_HWCAP_ARM_LPAE); #undef GET_FEATURE return hwcaps; From b6760b6203cb22ce6343c947a1dc14d61d1f1619 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 2 May 2014 14:45:14 +0100 Subject: [PATCH 126/219] linux-user/elfload.c: Fix A64 code which was incorrectly acting like A32 The ARM target-specific code in elfload.c was incorrectly allowing the 64-bit ARM target to use most of the existing 32-bit definitions: most noticably this meant that our HWCAP bits passed to the guest were wrong, and register handling when dumping core was totally broken. Fix this by properly separating the 64 and 32 bit code, since they have more differences than similarities. Signed-off-by: Peter Maydell Cc: qemu-stable@nongnu.org Signed-off-by: Riku Voipio (cherry picked from commit 24e76ff06bcd0936ee8b04b15dca42efb7d614d1) Conflicts: linux-user/elfload.c Signed-off-by: Michael Roth --- linux-user/elfload.c | 84 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 73 insertions(+), 11 deletions(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index adf84ebf10..c9147b3ede 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -267,17 +267,15 @@ static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *en #ifdef TARGET_ARM +#ifndef TARGET_AARCH64 +/* 32 bit ARM definitions */ + #define ELF_START_MMAP 0x80000000 #define elf_check_arch(x) ((x) == ELF_MACHINE) #define ELF_ARCH ELF_MACHINE - -#ifdef TARGET_AARCH64 -#define ELF_CLASS ELFCLASS64 -#else #define ELF_CLASS ELFCLASS32 -#endif static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) @@ -285,10 +283,6 @@ static inline void init_thread(struct target_pt_regs *regs, abi_long stack = infop->start_stack; memset(regs, 0, sizeof(*regs)); -#ifdef TARGET_AARCH64 - regs->pc = infop->entry & ~0x3ULL; - regs->sp = stack; -#else regs->ARM_cpsr = 0x10; if (infop->entry & 1) regs->ARM_cpsr |= CPSR_T; @@ -302,7 +296,6 @@ static inline void init_thread(struct target_pt_regs *regs, /* For uClinux PIC binaries. */ /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ regs->ARM_r10 = infop->start_data; -#endif } #define ELF_NREG 18 @@ -459,7 +452,76 @@ static uint32_t get_elf_hwcap(void) return hwcaps; } -#endif +#else +/* 64 bit ARM definitions */ +#define ELF_START_MMAP 0x80000000 + +#define elf_check_arch(x) ((x) == ELF_MACHINE) + +#define ELF_ARCH ELF_MACHINE +#define ELF_CLASS ELFCLASS64 +#define ELF_PLATFORM "aarch64" + +static inline void init_thread(struct target_pt_regs *regs, + struct image_info *infop) +{ + abi_long stack = infop->start_stack; + memset(regs, 0, sizeof(*regs)); + + regs->pc = infop->entry & ~0x3ULL; + regs->sp = stack; +} + +#define ELF_NREG 34 +typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; + +static void elf_core_copy_regs(target_elf_gregset_t *regs, + const CPUARMState *env) +{ + int i; + + for (i = 0; i < 32; i++) { + (*regs)[i] = tswapreg(env->xregs[i]); + } + (*regs)[32] = tswapreg(env->pc); + (*regs)[33] = tswapreg(pstate_read((CPUARMState *)env)); +} + +#define USE_ELF_CORE_DUMP +#define ELF_EXEC_PAGESIZE 4096 + +enum { + ARM_HWCAP_A64_FP = 1 << 0, + ARM_HWCAP_A64_ASIMD = 1 << 1, + ARM_HWCAP_A64_EVTSTRM = 1 << 2, + ARM_HWCAP_A64_AES = 1 << 3, + ARM_HWCAP_A64_PMULL = 1 << 4, + ARM_HWCAP_A64_SHA1 = 1 << 5, + ARM_HWCAP_A64_SHA2 = 1 << 6, + ARM_HWCAP_A64_CRC32 = 1 << 7, +}; + +#define ELF_HWCAP get_elf_hwcap() + +static uint32_t get_elf_hwcap(void) +{ + ARMCPU *cpu = ARM_CPU(thread_cpu); + uint32_t hwcaps = 0; + + hwcaps |= ARM_HWCAP_A64_FP; + hwcaps |= ARM_HWCAP_A64_ASIMD; + + /* probe for the extra features */ +#define GET_FEATURE(feat, hwcap) \ + do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) + GET_FEATURE(ARM_FEATURE_V8_AES, ARM_HWCAP_A64_PMULL); +#undef GET_FEATURE + + return hwcaps; +} + +#endif /* not TARGET_AARCH64 */ +#endif /* TARGET_ARM */ #ifdef TARGET_UNICORE32 From 74dd27cecb97a97a53f95094981eceb9cbd3b2f2 Mon Sep 17 00:00:00 2001 From: Alexey Kardashevskiy Date: Mon, 7 Apr 2014 22:53:21 +1000 Subject: [PATCH 127/219] spapr_pci: Fix number of returned vectors in ibm, change-msi Current guest kernels try allocating as many vectors as the quota is. For example, in the case of virtio-net (which has just 3 vectors) the guest requests 4 vectors (that is the quota in the test) and the existing ibm,change-msi handler returns 4. But before it returns, it calls msix_set_message() in a loop and corrupts memory behind the end of msix_table. This limits the number of vectors returned by ibm,change-msi to the maximum supported by the actual device. Signed-off-by: Alexey Kardashevskiy Cc: qemu-stable@nongnu.org [agraf: squash in bugfix from aik] Signed-off-by: Alexander Graf (cherry picked from commit b26696b519f853c9844e5154858e583600ee3cdc) *s/error_report/fprintf/ to reflect v1.7.x error reporting style Signed-off-by: Michael Roth --- hw/ppc/spapr_pci.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index edb4cb0413..0079d31195 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -342,6 +342,22 @@ static void rtas_ibm_change_msi(PowerPCCPU *cpu, sPAPREnvironment *spapr, /* There is no cached config, allocate MSIs */ if (!phb->msi_table[ndev].nvec) { + int max_irqs = 0; + if (ret_intr_type == RTAS_TYPE_MSI) { + max_irqs = msi_nr_vectors_allocated(pdev); + } else if (ret_intr_type == RTAS_TYPE_MSIX) { + max_irqs = pdev->msix_entries_nr; + } + if (!max_irqs) { + fprintf(stderr, + "Requested interrupt type %d is not enabled for device#%d\n", + ret_intr_type, ndev); + rtas_st(rets, 0, -1); /* Hardware error */ + return; + } + if (req_num > max_irqs) { + req_num = max_irqs; + } irq = spapr_allocate_irq_block(req_num, false, ret_intr_type == RTAS_TYPE_MSI); if (irq < 0) { From 9fbc298a478656dce0f9f25f1ea98e406cac3016 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 28 Apr 2014 17:02:21 +0300 Subject: [PATCH 128/219] pci-assign: limit # of msix vectors KVM only supports MSIX table size up to 256 vectors, but some assigned devices support more vectors, at the moment attempts to assign them fail with EINVAL. Tweak the MSIX capability exposed to guest to limit table size to a supported value. Signed-off-by: Michael S. Tsirkin Tested-by: Gonglei Cc: qemu-stable@nongnu.org Acked-by: Alex Williamson Signed-off-by: Paolo Bonzini (cherry picked from commit 639973a4740f38789057744b550df3a175bc49ad) Signed-off-by: Michael Roth --- hw/i386/kvm/pci-assign.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/hw/i386/kvm/pci-assign.c b/hw/i386/kvm/pci-assign.c index 968680104b..db70d6ea31 100644 --- a/hw/i386/kvm/pci-assign.c +++ b/hw/i386/kvm/pci-assign.c @@ -1257,6 +1257,7 @@ static int assigned_device_pci_cap_init(PCIDevice *pci_dev) if (pos != 0 && kvm_device_msix_supported(kvm_state)) { int bar_nr; uint32_t msix_table_entry; + uint16_t msix_max; if (!check_irqchip_in_kernel()) { return -ENOTSUP; @@ -1268,9 +1269,10 @@ static int assigned_device_pci_cap_init(PCIDevice *pci_dev) } pci_dev->msix_cap = pos; - pci_set_word(pci_dev->config + pos + PCI_MSIX_FLAGS, - pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS) & - PCI_MSIX_FLAGS_QSIZE); + msix_max = (pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS) & + PCI_MSIX_FLAGS_QSIZE) + 1; + msix_max = MIN(msix_max, KVM_MAX_MSIX_PER_DEV); + pci_set_word(pci_dev->config + pos + PCI_MSIX_FLAGS, msix_max - 1); /* Only enable and function mask bits are writable */ pci_set_word(pci_dev->wmask + pos + PCI_MSIX_FLAGS, @@ -1280,9 +1282,7 @@ static int assigned_device_pci_cap_init(PCIDevice *pci_dev) bar_nr = msix_table_entry & PCI_MSIX_FLAGS_BIRMASK; msix_table_entry &= ~PCI_MSIX_FLAGS_BIRMASK; dev->msix_table_addr = pci_region[bar_nr].base_addr + msix_table_entry; - dev->msix_max = pci_get_word(pci_dev->config + pos + PCI_MSIX_FLAGS); - dev->msix_max &= PCI_MSIX_FLAGS_QSIZE; - dev->msix_max += 1; + dev->msix_max = msix_max; } /* Minimal PM support, nothing writable, device appears to NAK changes */ From 84321ba2b6412bc507d8b3df3ed53cb5e2861193 Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Mon, 12 May 2014 12:04:20 +0300 Subject: [PATCH 129/219] virtio: allow mapping up to max queue size It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so it's OK if the value read is VIRTQUEUE_MAX_SIZE. Not a big problem in practice as people don't use such big queues, but it's inelegant. Reported-by: "Dr. David Alan Gilbert" Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin (cherry picked from commit 937251408051e0489f78e4db3c92e045b147b38b) Signed-off-by: Michael Roth --- hw/virtio/virtio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 151fae9b3d..c6265c69fe 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -427,7 +427,7 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr, unsigned int i; hwaddr len; - if (num_sg >= VIRTQUEUE_MAX_SIZE) { + if (num_sg > VIRTQUEUE_MAX_SIZE) { error_report("virtio: map attempt out of bounds: %zd > %d", num_sg, VIRTQUEUE_MAX_SIZE); exit(1); From 3102b1a2211eb64b296326fd593b1dec309de6d0 Mon Sep 17 00:00:00 2001 From: ChenLiang Date: Fri, 25 Apr 2014 17:06:20 +0800 Subject: [PATCH 130/219] migration: remove duplicate code version_id is checked twice in the ram_load. Signed-off-by: ChenLiang Signed-off-by: Gonglei Signed-off-by: Juan Quintela (cherry picked from commit 21a246a43b606ee833f907d589d8dcbb54a2761e) *prereq for db80fac backport Signed-off-by: Michael Roth --- arch_init.c | 64 ++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 33 deletions(-) diff --git a/arch_init.c b/arch_init.c index e0acbc5661..85652aad4f 100644 --- a/arch_init.c +++ b/arch_init.c @@ -862,7 +862,7 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) seq_iter++; - if (version_id < 4 || version_id > 4) { + if (version_id != 4) { return -EINVAL; } @@ -873,44 +873,42 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) addr &= TARGET_PAGE_MASK; if (flags & RAM_SAVE_FLAG_MEM_SIZE) { - if (version_id == 4) { - /* Synchronize RAM block list */ - char id[256]; - ram_addr_t length; - ram_addr_t total_ram_bytes = addr; + /* Synchronize RAM block list */ + char id[256]; + ram_addr_t length; + ram_addr_t total_ram_bytes = addr; - while (total_ram_bytes) { - RAMBlock *block; - uint8_t len; + while (total_ram_bytes) { + RAMBlock *block; + uint8_t len; - len = qemu_get_byte(f); - qemu_get_buffer(f, (uint8_t *)id, len); - id[len] = 0; - length = qemu_get_be64(f); + len = qemu_get_byte(f); + qemu_get_buffer(f, (uint8_t *)id, len); + id[len] = 0; + length = qemu_get_be64(f); - QTAILQ_FOREACH(block, &ram_list.blocks, next) { - if (!strncmp(id, block->idstr, sizeof(id))) { - if (block->length != length) { - fprintf(stderr, - "Length mismatch: %s: " RAM_ADDR_FMT - " in != " RAM_ADDR_FMT "\n", id, length, - block->length); - ret = -EINVAL; - goto done; - } - break; + QTAILQ_FOREACH(block, &ram_list.blocks, next) { + if (!strncmp(id, block->idstr, sizeof(id))) { + if (block->length != length) { + fprintf(stderr, + "Length mismatch: %s: " RAM_ADDR_FMT + " in != " RAM_ADDR_FMT "\n", id, length, + block->length); + ret = -EINVAL; + goto done; } + break; } - - if (!block) { - fprintf(stderr, "Unknown ramblock \"%s\", cannot " - "accept migration\n", id); - ret = -EINVAL; - goto done; - } - - total_ram_bytes -= length; } + + if (!block) { + fprintf(stderr, "Unknown ramblock \"%s\", cannot " + "accept migration\n", id); + ret = -EINVAL; + goto done; + } + + total_ram_bytes -= length; } } From 69b7aacc013ce99fe0c945c40c614228ce604a83 Mon Sep 17 00:00:00 2001 From: Peter Lieven Date: Tue, 10 Jun 2014 11:29:16 +0200 Subject: [PATCH 131/219] migration: catch unknown flags in ram_load if a saved vm has unknown flags in the memory data qemu currently simply ignores this flag and continues which yields in an unpredictable result. This patch catches all unknown flags and aborts the loading of the vm. Additionally error reports are thrown if the migration aborts abnormally. Signed-off-by: Peter Lieven Signed-off-by: Juan Quintela (cherry picked from commit db80facefa62dff42bb50c73b0f03eda5f732b49) Conflicts: arch_init.c *removed unecessary context from 4798fe55 Signed-off-by: Michael Roth --- arch_init.c | 32 +++++++++++++++++--------------- migration.c | 2 +- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/arch_init.c b/arch_init.c index 85652aad4f..80389376e9 100644 --- a/arch_init.c +++ b/arch_init.c @@ -857,7 +857,6 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) { ram_addr_t addr; int flags, ret = 0; - int error; static uint64_t seq_iter; seq_iter++; @@ -866,7 +865,7 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) return -EINVAL; } - do { + while (!ret) { addr = qemu_get_be64(f); flags = addr & ~TARGET_PAGE_MASK; @@ -895,7 +894,6 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) " in != " RAM_ADDR_FMT "\n", id, length, block->length); ret = -EINVAL; - goto done; } break; } @@ -905,14 +903,14 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) fprintf(stderr, "Unknown ramblock \"%s\", cannot " "accept migration\n", id); ret = -EINVAL; - goto done; + } + if (ret) { + break; } total_ram_bytes -= length; } - } - - if (flags & RAM_SAVE_FLAG_COMPRESS) { + } else if (flags & RAM_SAVE_FLAG_COMPRESS) { void *host; uint8_t ch; @@ -939,20 +937,24 @@ static int ram_load(QEMUFile *f, void *opaque, int version_id) } if (load_xbzrle(f, addr, host) < 0) { + error_report("Failed to decompress XBZRLE page at " + RAM_ADDR_FMT, addr); ret = -EINVAL; - goto done; + break; } } else if (flags & RAM_SAVE_FLAG_HOOK) { ram_control_load_hook(f, flags); + } else if (flags & RAM_SAVE_FLAG_EOS) { + /* normal exit */ + break; + } else { + error_report("Unknown migration flags: %#x", flags); + ret = -EINVAL; + break; } - error = qemu_file_get_error(f); - if (error) { - ret = error; - goto done; - } - } while (!(flags & RAM_SAVE_FLAG_EOS)); + ret = qemu_file_get_error(f); + } -done: DPRINTF("Completed load of VM with exit code %d seq iteration " "%" PRIu64 "\n", ret, seq_iter); return ret; diff --git a/migration.c b/migration.c index 79c86c92da..22a1399290 100644 --- a/migration.c +++ b/migration.c @@ -105,7 +105,7 @@ static void process_incoming_migration_co(void *opaque) ret = qemu_loadvm_state(f); qemu_fclose(f); if (ret < 0) { - fprintf(stderr, "load of migration failed\n"); + error_report("load of migration failed: %s", strerror(-ret)); exit(EXIT_FAILURE); } qemu_announce_self(); From 95139b786a510a52d4488a57dba068f3e4658c35 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:23 +0100 Subject: [PATCH 132/219] qemu-iotests: add ./check -cloop support Add the cloop block driver to qemu-iotests. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 47f73da0a7d36e399eaa353d93afce90de9b599d) Signed-off-by: Michael Roth --- tests/qemu-iotests/common | 7 +++++++ tests/qemu-iotests/common.rc | 3 +++ 2 files changed, 10 insertions(+) diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common index 8cde7f11fa..b5043fcba6 100644 --- a/tests/qemu-iotests/common +++ b/tests/qemu-iotests/common @@ -129,6 +129,7 @@ common options check options -raw test raw (default) -cow test cow + -cloop test cloop -qcow test qcow -qcow2 test qcow2 -qed test qed @@ -167,6 +168,12 @@ testlist options xpand=false ;; + -cloop) + IMGFMT=cloop + IMGFMT_GENERIC=false + xpand=false + ;; + -qcow) IMGFMT=qcow xpand=false diff --git a/tests/qemu-iotests/common.rc b/tests/qemu-iotests/common.rc index 7f6245770a..65c5bc118a 100644 --- a/tests/qemu-iotests/common.rc +++ b/tests/qemu-iotests/common.rc @@ -350,6 +350,9 @@ _fail() # _supported_fmt() { + # "generic" is suitable for most image formats. For some formats it doesn't + # work, however (most notably read-only formats), so they can opt out by + # setting IMGFMT_GENERIC to false. for f; do if [ "$f" = "$IMGFMT" -o "$f" = "generic" -a "$IMGFMT_GENERIC" = "true" ]; then return From 46c5cacbb43ff3129e4cde352ed5e1e47f69757a Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:24 +0100 Subject: [PATCH 133/219] qemu-iotests: add cloop input validation tests Add a cloop format-specific test case. Later patches add tests for input validation to the script. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 05560fcebb1528f4354f6f24d1eb8cdbcdf2c4b2) Conflicts: tests/qemu-iotests/group *fixed context mismatches in group file Signed-off-by: Michael Roth --- tests/qemu-iotests/075 | 53 ++++++++++++++++++ tests/qemu-iotests/075.out | 6 ++ tests/qemu-iotests/group | 1 + .../sample_images/simple-pattern.cloop.bz2 | Bin 0 -> 488 bytes 4 files changed, 60 insertions(+) create mode 100755 tests/qemu-iotests/075 create mode 100644 tests/qemu-iotests/075.out create mode 100644 tests/qemu-iotests/sample_images/simple-pattern.cloop.bz2 diff --git a/tests/qemu-iotests/075 b/tests/qemu-iotests/075 new file mode 100755 index 0000000000..88ae8bb180 --- /dev/null +++ b/tests/qemu-iotests/075 @@ -0,0 +1,53 @@ +#!/bin/bash +# +# cloop format input validation tests +# +# Copyright (C) 2013 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=stefanha@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt cloop +_supported_proto generic +_supported_os Linux + +echo +echo "== check that the first sector can be read ==" +_use_sample_img simple-pattern.cloop.bz2 +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/tests/qemu-iotests/075.out b/tests/qemu-iotests/075.out new file mode 100644 index 0000000000..26661fa17e --- /dev/null +++ b/tests/qemu-iotests/075.out @@ -0,0 +1,6 @@ +QA output created by 075 + +== check that the first sector can be read == +read 512/512 bytes at offset 0 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index b63b18c7aa..7520928af1 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -77,3 +77,4 @@ 069 rw auto 070 rw auto 073 rw auto +075 rw auto diff --git a/tests/qemu-iotests/sample_images/simple-pattern.cloop.bz2 b/tests/qemu-iotests/sample_images/simple-pattern.cloop.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..a02d2ee4c710f48e9c0151dcb25e0637e2067b9f GIT binary patch literal 488 zcmV3?Lc+41uQ7dV@xWL&_k@fD-@# zFaQ7m34&k(U;qh;fB*@Jhy*Ug9HEo0004?8UO~34GlC628%pmbhgch zQ?C-kdNsT#_wF0s)BwwA2FQRmQ2|gLC{;2<2TA~GsDT1j=>&+yJOz05+voN44`{1d zzJBs>VEI%;odJrKXRk|8ZS4K7%5gzkAQ>1{(br+n41iF_h7v?hIp07p=N-CUc+@4Yf zQ&XeXEn0Pf;=C$r^FkBM%zW*-#l~jMVhBQ-L?JW`fA{X9W`T7LT Date: Wed, 26 Mar 2014 13:05:25 +0100 Subject: [PATCH 134/219] block/cloop: validate block_size header field (CVE-2014-0144) Avoid unbounded s->uncompressed_block memory allocation by checking that the block_size header field has a reasonable value. Also enforce the assumption that the value is a non-zero multiple of 512. These constraints conform to cloop 2.639's code so we accept existing image files. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit d65f97a82c4ed48374a764c769d4ba1ea9724e97) Signed-off-by: Michael Roth --- block/cloop.c | 23 +++++++++++++++++++++++ tests/qemu-iotests/075 | 20 ++++++++++++++++++++ tests/qemu-iotests/075.out | 12 ++++++++++++ 3 files changed, 55 insertions(+) diff --git a/block/cloop.c b/block/cloop.c index b907023e10..f0216637e1 100644 --- a/block/cloop.c +++ b/block/cloop.c @@ -26,6 +26,9 @@ #include "qemu/module.h" #include +/* Maximum compressed block size */ +#define MAX_BLOCK_SIZE (64 * 1024 * 1024) + typedef struct BDRVCloopState { CoMutex lock; uint32_t block_size; @@ -68,6 +71,26 @@ static int cloop_open(BlockDriverState *bs, QDict *options, int flags, return ret; } s->block_size = be32_to_cpu(s->block_size); + if (s->block_size % 512) { + error_setg(errp, "block_size %u must be a multiple of 512", + s->block_size); + return -EINVAL; + } + if (s->block_size == 0) { + error_setg(errp, "block_size cannot be zero"); + return -EINVAL; + } + + /* cloop's create_compressed_fs.c warns about block sizes beyond 256 KB but + * we can accept more. Prevent ridiculous values like 4 GB - 1 since we + * need a buffer this big. + */ + if (s->block_size > MAX_BLOCK_SIZE) { + error_setg(errp, "block_size %u must be %u MB or less", + s->block_size, + MAX_BLOCK_SIZE / (1024 * 1024)); + return -EINVAL; + } ret = bdrv_pread(bs->file, 128 + 4, &s->n_blocks, 4); if (ret < 0) { diff --git a/tests/qemu-iotests/075 b/tests/qemu-iotests/075 index 88ae8bb180..8f54a99b14 100755 --- a/tests/qemu-iotests/075 +++ b/tests/qemu-iotests/075 @@ -42,11 +42,31 @@ _supported_fmt cloop _supported_proto generic _supported_os Linux +block_size_offset=128 + echo echo "== check that the first sector can be read ==" _use_sample_img simple-pattern.cloop.bz2 $QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== block_size must be a multiple of 512 ==" +_use_sample_img simple-pattern.cloop.bz2 +poke_file "$TEST_IMG" "$block_size_offset" "\x00\x00\x02\x01" +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== block_size cannot be zero ==" +_use_sample_img simple-pattern.cloop.bz2 +poke_file "$TEST_IMG" "$block_size_offset" "\x00\x00\x00\x00" +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== huge block_size ===" +_use_sample_img simple-pattern.cloop.bz2 +poke_file "$TEST_IMG" "$block_size_offset" "\xff\xff\xfe\x00" +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/075.out b/tests/qemu-iotests/075.out index 26661fa17e..d362c95182 100644 --- a/tests/qemu-iotests/075.out +++ b/tests/qemu-iotests/075.out @@ -3,4 +3,16 @@ QA output created by 075 == check that the first sector can be read == read 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== block_size must be a multiple of 512 == +qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size 513 must be a multiple of 512 +no file open, try 'help open' + +== block_size cannot be zero == +qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size cannot be zero +no file open, try 'help open' + +== huge block_size === +qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size 4294966784 must be 64 MB or less +no file open, try 'help open' *** done From d723971b5d0c22c5c8bd1b8bdba94bc17cc8f36d Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:26 +0100 Subject: [PATCH 135/219] block/cloop: prevent offsets_size integer overflow (CVE-2014-0143) The following integer overflow in offsets_size can lead to out-of-bounds memory stores when n_blocks has a huge value: uint32_t n_blocks, offsets_size; [...] ret = bdrv_pread(bs->file, 128 + 4, &s->n_blocks, 4); [...] s->n_blocks = be32_to_cpu(s->n_blocks); /* read offsets */ offsets_size = s->n_blocks * sizeof(uint64_t); s->offsets = g_malloc(offsets_size); [...] for(i=0;in_blocks;i++) { s->offsets[i] = be64_to_cpu(s->offsets[i]); offsets_size can be smaller than n_blocks due to integer overflow. Therefore s->offsets[] is too small when the for loop byteswaps offsets. This patch refuses to open files if offsets_size would overflow. Note that changing the type of offsets_size is not a fix since 32-bit hosts still only have 32-bit size_t. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 509a41bab5306181044b5fff02eadf96d9c8676a) Signed-off-by: Michael Roth --- block/cloop.c | 7 +++++++ tests/qemu-iotests/075 | 7 +++++++ tests/qemu-iotests/075.out | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/block/cloop.c b/block/cloop.c index f0216637e1..563e916266 100644 --- a/block/cloop.c +++ b/block/cloop.c @@ -99,6 +99,13 @@ static int cloop_open(BlockDriverState *bs, QDict *options, int flags, s->n_blocks = be32_to_cpu(s->n_blocks); /* read offsets */ + if (s->n_blocks > UINT32_MAX / sizeof(uint64_t)) { + /* Prevent integer overflow */ + error_setg(errp, "n_blocks %u must be %zu or less", + s->n_blocks, + UINT32_MAX / sizeof(uint64_t)); + return -EINVAL; + } offsets_size = s->n_blocks * sizeof(uint64_t); s->offsets = g_malloc(offsets_size); diff --git a/tests/qemu-iotests/075 b/tests/qemu-iotests/075 index 8f54a99b14..9ce6b1fb8c 100755 --- a/tests/qemu-iotests/075 +++ b/tests/qemu-iotests/075 @@ -43,6 +43,7 @@ _supported_proto generic _supported_os Linux block_size_offset=128 +n_blocks_offset=132 echo echo "== check that the first sector can be read ==" @@ -67,6 +68,12 @@ _use_sample_img simple-pattern.cloop.bz2 poke_file "$TEST_IMG" "$block_size_offset" "\xff\xff\xfe\x00" $QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== offsets_size overflow ===" +_use_sample_img simple-pattern.cloop.bz2 +poke_file "$TEST_IMG" "$n_blocks_offset" "\xff\xff\xff\xff" +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/075.out b/tests/qemu-iotests/075.out index d362c95182..a771789548 100644 --- a/tests/qemu-iotests/075.out +++ b/tests/qemu-iotests/075.out @@ -15,4 +15,8 @@ no file open, try 'help open' == huge block_size === qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size 4294966784 must be 64 MB or less no file open, try 'help open' + +== offsets_size overflow === +qemu-io: can't open device TEST_DIR/simple-pattern.cloop: n_blocks 4294967295 must be 536870911 or less +no file open, try 'help open' *** done From 7dcffbb2bfcb38c98cff911cd002c09e9326e3cc Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:27 +0100 Subject: [PATCH 136/219] block/cloop: refuse images with huge offsets arrays (CVE-2014-0144) Limit offsets_size to 512 MB so that: 1. g_malloc() does not abort due to an unreasonable size argument. 2. offsets_size does not overflow the bdrv_pread() int size argument. This limit imposes a maximum image size of 16 TB at 256 KB block size. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 7b103b36d6ef3b11827c203d3a793bf7da50ecd6) Signed-off-by: Michael Roth --- block/cloop.c | 9 +++++++++ tests/qemu-iotests/075 | 6 ++++++ tests/qemu-iotests/075.out | 4 ++++ 3 files changed, 19 insertions(+) diff --git a/block/cloop.c b/block/cloop.c index 563e916266..844665ebc3 100644 --- a/block/cloop.c +++ b/block/cloop.c @@ -107,6 +107,15 @@ static int cloop_open(BlockDriverState *bs, QDict *options, int flags, return -EINVAL; } offsets_size = s->n_blocks * sizeof(uint64_t); + if (offsets_size > 512 * 1024 * 1024) { + /* Prevent ridiculous offsets_size which causes memory allocation to + * fail or overflows bdrv_pread() size. In practice the 512 MB + * offsets[] limit supports 16 TB images at 256 KB block size. + */ + error_setg(errp, "image requires too many offsets, " + "try increasing block size"); + return -EINVAL; + } s->offsets = g_malloc(offsets_size); ret = bdrv_pread(bs->file, 128 + 4 + 4, s->offsets, offsets_size); diff --git a/tests/qemu-iotests/075 b/tests/qemu-iotests/075 index 9ce6b1fb8c..9c00fa8138 100755 --- a/tests/qemu-iotests/075 +++ b/tests/qemu-iotests/075 @@ -74,6 +74,12 @@ _use_sample_img simple-pattern.cloop.bz2 poke_file "$TEST_IMG" "$n_blocks_offset" "\xff\xff\xff\xff" $QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== refuse images that require too many offsets ===" +_use_sample_img simple-pattern.cloop.bz2 +poke_file "$TEST_IMG" "$n_blocks_offset" "\x04\x00\x00\x01" +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/075.out b/tests/qemu-iotests/075.out index a771789548..7cdaee15ed 100644 --- a/tests/qemu-iotests/075.out +++ b/tests/qemu-iotests/075.out @@ -19,4 +19,8 @@ no file open, try 'help open' == offsets_size overflow === qemu-io: can't open device TEST_DIR/simple-pattern.cloop: n_blocks 4294967295 must be 536870911 or less no file open, try 'help open' + +== refuse images that require too many offsets === +qemu-io: can't open device TEST_DIR/simple-pattern.cloop: image requires too many offsets, try increasing block size +no file open, try 'help open' *** done From 0fda3e2d639fee7c3262485c48c3b5fd6c9b4114 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:28 +0100 Subject: [PATCH 137/219] block/cloop: refuse images with bogus offsets (CVE-2014-0144) The offsets[] array allows efficient seeking and tells us the maximum compressed data size. If the offsets are bogus the maximum compressed data size will be unrealistic. This could cause g_malloc() to abort and bogus offsets mean the image is broken anyway. Therefore we should refuse such images. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit f56b9bc3ae20fc93815b34aa022be919941406ce) Signed-off-by: Michael Roth --- block/cloop.c | 34 +++++++++++++++++++++++++++++----- tests/qemu-iotests/075 | 15 +++++++++++++++ tests/qemu-iotests/075.out | 8 ++++++++ 3 files changed, 52 insertions(+), 5 deletions(-) diff --git a/block/cloop.c b/block/cloop.c index 844665ebc3..55a804f1cc 100644 --- a/block/cloop.c +++ b/block/cloop.c @@ -124,12 +124,36 @@ static int cloop_open(BlockDriverState *bs, QDict *options, int flags, } for(i=0;in_blocks;i++) { + uint64_t size; + s->offsets[i] = be64_to_cpu(s->offsets[i]); - if (i > 0) { - uint32_t size = s->offsets[i] - s->offsets[i - 1]; - if (size > max_compressed_block_size) { - max_compressed_block_size = size; - } + if (i == 0) { + continue; + } + + if (s->offsets[i] < s->offsets[i - 1]) { + error_setg(errp, "offsets not monotonically increasing at " + "index %u, image file is corrupt", i); + ret = -EINVAL; + goto fail; + } + + size = s->offsets[i] - s->offsets[i - 1]; + + /* Compressed blocks should be smaller than the uncompressed block size + * but maybe compression performed poorly so the compressed block is + * actually bigger. Clamp down on unrealistic values to prevent + * ridiculous s->compressed_block allocation. + */ + if (size > 2 * MAX_BLOCK_SIZE) { + error_setg(errp, "invalid compressed block size at index %u, " + "image file is corrupt", i); + ret = -EINVAL; + goto fail; + } + + if (size > max_compressed_block_size) { + max_compressed_block_size = size; } } diff --git a/tests/qemu-iotests/075 b/tests/qemu-iotests/075 index 9c00fa8138..d74fb33272 100755 --- a/tests/qemu-iotests/075 +++ b/tests/qemu-iotests/075 @@ -44,6 +44,7 @@ _supported_os Linux block_size_offset=128 n_blocks_offset=132 +offsets_offset=136 echo echo "== check that the first sector can be read ==" @@ -80,6 +81,20 @@ _use_sample_img simple-pattern.cloop.bz2 poke_file "$TEST_IMG" "$n_blocks_offset" "\x04\x00\x00\x01" $QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== refuse images with non-monotonically increasing offsets ==" +_use_sample_img simple-pattern.cloop.bz2 +poke_file "$TEST_IMG" "$offsets_offset" "\x00\x00\x00\x00\xff\xff\xff\xff" +poke_file "$TEST_IMG" $((offsets_offset + 8)) "\x00\x00\x00\x00\xff\xfe\x00\x00" +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== refuse images with invalid compressed block size ==" +_use_sample_img simple-pattern.cloop.bz2 +poke_file "$TEST_IMG" "$offsets_offset" "\x00\x00\x00\x00\x00\x00\x00\x00" +poke_file "$TEST_IMG" $((offsets_offset + 8)) "\xff\xff\xff\xff\xff\xff\xff\xff" +$QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/075.out b/tests/qemu-iotests/075.out index 7cdaee15ed..911cd3b4d8 100644 --- a/tests/qemu-iotests/075.out +++ b/tests/qemu-iotests/075.out @@ -23,4 +23,12 @@ no file open, try 'help open' == refuse images that require too many offsets === qemu-io: can't open device TEST_DIR/simple-pattern.cloop: image requires too many offsets, try increasing block size no file open, try 'help open' + +== refuse images with non-monotonically increasing offsets == +qemu-io: can't open device TEST_DIR/simple-pattern.cloop: offsets not monotonically increasing at index 1, image file is corrupt +no file open, try 'help open' + +== refuse images with invalid compressed block size == +qemu-io: can't open device TEST_DIR/simple-pattern.cloop: invalid compressed block size at index 1, image file is corrupt +no file open, try 'help open' *** done From dbd3e4a75cddbd99be51d1af5b26a5f3f6a134c2 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:29 +0100 Subject: [PATCH 138/219] block/cloop: fix offsets[] size off-by-one cloop stores the number of compressed blocks in the n_blocks header field. The file actually contains n_blocks + 1 offsets, where the extra offset is the end-of-file offset. The following line in cloop_read_block() results in an out-of-bounds offsets[] access: uint32_t bytes = s->offsets[block_num + 1] - s->offsets[block_num]; This patch allocates and loads the extra offset so that cloop_read_block() works correctly when the last block is accessed. Notice that we must free s->offsets[] unconditionally now since there is always an end-of-file offset. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 42d43d35d907579179a39c924d169da924786f65) Signed-off-by: Michael Roth --- block/cloop.c | 12 +++++------- tests/qemu-iotests/075 | 5 +++++ tests/qemu-iotests/075.out | 4 ++++ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/block/cloop.c b/block/cloop.c index 55a804f1cc..b6ad50fbb4 100644 --- a/block/cloop.c +++ b/block/cloop.c @@ -99,14 +99,14 @@ static int cloop_open(BlockDriverState *bs, QDict *options, int flags, s->n_blocks = be32_to_cpu(s->n_blocks); /* read offsets */ - if (s->n_blocks > UINT32_MAX / sizeof(uint64_t)) { + if (s->n_blocks > (UINT32_MAX - 1) / sizeof(uint64_t)) { /* Prevent integer overflow */ error_setg(errp, "n_blocks %u must be %zu or less", s->n_blocks, - UINT32_MAX / sizeof(uint64_t)); + (UINT32_MAX - 1) / sizeof(uint64_t)); return -EINVAL; } - offsets_size = s->n_blocks * sizeof(uint64_t); + offsets_size = (s->n_blocks + 1) * sizeof(uint64_t); if (offsets_size > 512 * 1024 * 1024) { /* Prevent ridiculous offsets_size which causes memory allocation to * fail or overflows bdrv_pread() size. In practice the 512 MB @@ -123,7 +123,7 @@ static int cloop_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } - for(i=0;in_blocks;i++) { + for (i = 0; i < s->n_blocks + 1; i++) { uint64_t size; s->offsets[i] = be64_to_cpu(s->offsets[i]); @@ -243,9 +243,7 @@ static coroutine_fn int cloop_co_read(BlockDriverState *bs, int64_t sector_num, static void cloop_close(BlockDriverState *bs) { BDRVCloopState *s = bs->opaque; - if (s->n_blocks > 0) { - g_free(s->offsets); - } + g_free(s->offsets); g_free(s->compressed_block); g_free(s->uncompressed_block); inflateEnd(&s->zstream); diff --git a/tests/qemu-iotests/075 b/tests/qemu-iotests/075 index d74fb33272..40032c563d 100755 --- a/tests/qemu-iotests/075 +++ b/tests/qemu-iotests/075 @@ -51,6 +51,11 @@ echo "== check that the first sector can be read ==" _use_sample_img simple-pattern.cloop.bz2 $QEMU_IO -c "read 0 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== check that the last sector can be read ==" +_use_sample_img simple-pattern.cloop.bz2 +$QEMU_IO -c "read $((1024 * 1024 - 512)) 512" $TEST_IMG 2>&1 | _filter_qemu_io | _filter_testdir + echo echo "== block_size must be a multiple of 512 ==" _use_sample_img simple-pattern.cloop.bz2 diff --git a/tests/qemu-iotests/075.out b/tests/qemu-iotests/075.out index 911cd3b4d8..5f1d6c120a 100644 --- a/tests/qemu-iotests/075.out +++ b/tests/qemu-iotests/075.out @@ -4,6 +4,10 @@ QA output created by 075 read 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +== check that the last sector can be read == +read 512/512 bytes at offset 1048064 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + == block_size must be a multiple of 512 == qemu-io: can't open device TEST_DIR/simple-pattern.cloop: block_size 513 must be a multiple of 512 no file open, try 'help open' From ae9b5df87713688150e187a85cc67568b6c4ad73 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:30 +0100 Subject: [PATCH 139/219] qemu-iotests: Support for bochs format Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 24f3078a049c52070adfc659fc3a1a71a11a7765) Conflicts: tests/qemu-iotests/group *fix context mismatches in group file Signed-off-by: Michael Roth --- tests/qemu-iotests/078 | 53 ++++++++++++++++++ tests/qemu-iotests/078.out | 6 ++ tests/qemu-iotests/common | 7 +++ tests/qemu-iotests/group | 1 + .../sample_images/empty.bochs.bz2 | Bin 0 -> 118 bytes 5 files changed, 67 insertions(+) create mode 100755 tests/qemu-iotests/078 create mode 100644 tests/qemu-iotests/078.out create mode 100644 tests/qemu-iotests/sample_images/empty.bochs.bz2 diff --git a/tests/qemu-iotests/078 b/tests/qemu-iotests/078 new file mode 100755 index 0000000000..f55f46d92b --- /dev/null +++ b/tests/qemu-iotests/078 @@ -0,0 +1,53 @@ +#!/bin/bash +# +# bochs format input validation tests +# +# Copyright (C) 2013 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=kwolf@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt bochs +_supported_proto generic +_supported_os Linux + +echo +echo "== Read from a valid image ==" +_use_sample_img empty.bochs.bz2 +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/tests/qemu-iotests/078.out b/tests/qemu-iotests/078.out new file mode 100644 index 0000000000..25d37c5dcd --- /dev/null +++ b/tests/qemu-iotests/078.out @@ -0,0 +1,6 @@ +QA output created by 078 + +== Read from a valid image == +read 512/512 bytes at offset 0 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +*** done diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common index b5043fcba6..35abbfcfcb 100644 --- a/tests/qemu-iotests/common +++ b/tests/qemu-iotests/common @@ -128,6 +128,7 @@ common options check options -raw test raw (default) + -bochs test bochs -cow test cow -cloop test cloop -qcow test qcow @@ -163,6 +164,12 @@ testlist options xpand=false ;; + -bochs) + IMGFMT=bochs + IMGFMT_GENERIC=false + xpand=false + ;; + -cow) IMGFMT=cow xpand=false diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 7520928af1..97226d4003 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -78,3 +78,4 @@ 070 rw auto 073 rw auto 075 rw auto +078 rw auto diff --git a/tests/qemu-iotests/sample_images/empty.bochs.bz2 b/tests/qemu-iotests/sample_images/empty.bochs.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..7a29c6ed763407f2de067d2618e6a60fb23812b8 GIT binary patch literal 118 zcmZ>Y%CIzaj8qGbEHvXuW?+ykpYp%q0D}XA$OAzJz31~91b}P?js*-MrV1$+l1$i~ z-4}9X&0;tqx7fiX Date: Wed, 26 Mar 2014 13:05:31 +0100 Subject: [PATCH 140/219] bochs: Unify header structs and make them QEMU_PACKED This is an on-disk structure, so offsets must be accurate. Before this patch, sizeof(bochs) != sizeof(header_v1), which makes the memcpy() between both invalid. We're lucky enough that the destination buffer happened to be the larger one, and the memcpy size to be taken from the smaller one, so we didn't get a buffer overflow in practice. This patch unifies the both structures, eliminating the need to do a memcpy in the first place. The common fields are extracted to the top level of the struct and the actually differing part gets a union of the two versions. Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 3dd8a6763bcc50dfc3de8da9279b741c0dea9fb1) Signed-off-by: Michael Roth --- block/bochs.c | 67 +++++++++++++++++++-------------------------------- 1 file changed, 25 insertions(+), 42 deletions(-) diff --git a/block/bochs.c b/block/bochs.c index 51d9a90577..708780d23c 100644 --- a/block/bochs.c +++ b/block/bochs.c @@ -38,46 +38,31 @@ // not allocated: 0xffffffff -// always little-endian -struct bochs_header_v1 { - char magic[32]; // "Bochs Virtual HD Image" - char type[16]; // "Redolog" - char subtype[16]; // "Undoable" / "Volatile" / "Growing" - uint32_t version; - uint32_t header; // size of header - - union { - struct { - uint32_t catalog; // num of entries - uint32_t bitmap; // bitmap size - uint32_t extent; // extent size - uint64_t disk; // disk size - char padding[HEADER_SIZE - 64 - 8 - 20]; - } redolog; - char padding[HEADER_SIZE - 64 - 8]; - } extra; -}; - // always little-endian struct bochs_header { - char magic[32]; // "Bochs Virtual HD Image" - char type[16]; // "Redolog" - char subtype[16]; // "Undoable" / "Volatile" / "Growing" + char magic[32]; /* "Bochs Virtual HD Image" */ + char type[16]; /* "Redolog" */ + char subtype[16]; /* "Undoable" / "Volatile" / "Growing" */ uint32_t version; - uint32_t header; // size of header + uint32_t header; /* size of header */ + + uint32_t catalog; /* num of entries */ + uint32_t bitmap; /* bitmap size */ + uint32_t extent; /* extent size */ union { - struct { - uint32_t catalog; // num of entries - uint32_t bitmap; // bitmap size - uint32_t extent; // extent size - uint32_t reserved; // for ??? - uint64_t disk; // disk size - char padding[HEADER_SIZE - 64 - 8 - 24]; - } redolog; - char padding[HEADER_SIZE - 64 - 8]; + struct { + uint32_t reserved; /* for ??? */ + uint64_t disk; /* disk size */ + char padding[HEADER_SIZE - 64 - 20 - 12]; + } QEMU_PACKED redolog; + struct { + uint64_t disk; /* disk size */ + char padding[HEADER_SIZE - 64 - 20 - 8]; + } QEMU_PACKED redolog_v1; + char padding[HEADER_SIZE - 64 - 20]; } extra; -}; +} QEMU_PACKED; typedef struct BDRVBochsState { CoMutex lock; @@ -114,7 +99,6 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags, BDRVBochsState *s = bs->opaque; int i; struct bochs_header bochs; - struct bochs_header_v1 header_v1; int ret; bs->read_only = 1; // no write support yet @@ -133,13 +117,12 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags, } if (le32_to_cpu(bochs.version) == HEADER_V1) { - memcpy(&header_v1, &bochs, sizeof(bochs)); - bs->total_sectors = le64_to_cpu(header_v1.extra.redolog.disk) / 512; + bs->total_sectors = le64_to_cpu(bochs.extra.redolog_v1.disk) / 512; } else { - bs->total_sectors = le64_to_cpu(bochs.extra.redolog.disk) / 512; + bs->total_sectors = le64_to_cpu(bochs.extra.redolog.disk) / 512; } - s->catalog_size = le32_to_cpu(bochs.extra.redolog.catalog); + s->catalog_size = le32_to_cpu(bochs.catalog); s->catalog_bitmap = g_malloc(s->catalog_size * 4); ret = bdrv_pread(bs->file, le32_to_cpu(bochs.header), s->catalog_bitmap, @@ -153,10 +136,10 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags, s->data_offset = le32_to_cpu(bochs.header) + (s->catalog_size * 4); - s->bitmap_blocks = 1 + (le32_to_cpu(bochs.extra.redolog.bitmap) - 1) / 512; - s->extent_blocks = 1 + (le32_to_cpu(bochs.extra.redolog.extent) - 1) / 512; + s->bitmap_blocks = 1 + (le32_to_cpu(bochs.bitmap) - 1) / 512; + s->extent_blocks = 1 + (le32_to_cpu(bochs.extent) - 1) / 512; - s->extent_size = le32_to_cpu(bochs.extra.redolog.extent); + s->extent_size = le32_to_cpu(bochs.extent); qemu_co_mutex_init(&s->lock); return 0; From 0e748624bd2261e7589b40b31413d62dc841957a Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:32 +0100 Subject: [PATCH 141/219] bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147) Gets us rid of integer overflows resulting in negative sizes which aren't correctly checked. Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 246f65838d19db6db55bfb41117c35645a2c4789) Signed-off-by: Michael Roth --- block/bochs.c | 16 ++++++++-------- tests/qemu-iotests/078 | 8 ++++++++ tests/qemu-iotests/078.out | 4 ++++ 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/block/bochs.c b/block/bochs.c index 708780d23c..04cca7110d 100644 --- a/block/bochs.c +++ b/block/bochs.c @@ -67,13 +67,13 @@ struct bochs_header { typedef struct BDRVBochsState { CoMutex lock; uint32_t *catalog_bitmap; - int catalog_size; + uint32_t catalog_size; - int data_offset; + uint32_t data_offset; - int bitmap_blocks; - int extent_blocks; - int extent_size; + uint32_t bitmap_blocks; + uint32_t extent_blocks; + uint32_t extent_size; } BDRVBochsState; static int bochs_probe(const uint8_t *buf, int buf_size, const char *filename) @@ -97,7 +97,7 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { BDRVBochsState *s = bs->opaque; - int i; + uint32_t i; struct bochs_header bochs; int ret; @@ -152,8 +152,8 @@ fail: static int64_t seek_to_sector(BlockDriverState *bs, int64_t sector_num) { BDRVBochsState *s = bs->opaque; - int64_t offset = sector_num * 512; - int64_t extent_index, extent_offset, bitmap_offset; + uint64_t offset = sector_num * 512; + uint64_t extent_index, extent_offset, bitmap_offset; char bitmap_entry; // seek to sector diff --git a/tests/qemu-iotests/078 b/tests/qemu-iotests/078 index f55f46d92b..73b573a624 100755 --- a/tests/qemu-iotests/078 +++ b/tests/qemu-iotests/078 @@ -42,11 +42,19 @@ _supported_fmt bochs _supported_proto generic _supported_os Linux +catalog_size_offset=$((0x48)) + echo echo "== Read from a valid image ==" _use_sample_img empty.bochs.bz2 { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Negative catalog size ==" +_use_sample_img empty.bochs.bz2 +poke_file "$TEST_IMG" "$catalog_size_offset" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/078.out b/tests/qemu-iotests/078.out index 25d37c5dcd..ef8c42de9c 100644 --- a/tests/qemu-iotests/078.out +++ b/tests/qemu-iotests/078.out @@ -3,4 +3,8 @@ QA output created by 078 == Read from a valid image == read 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== Negative catalog size == +qemu-io: can't open device TEST_DIR/empty.bochs: Could not open 'TEST_DIR/empty.bochs': Interrupted system call +no file open, try 'help open' *** done From 6b94cfeca8f9727ae6de41f2b53f1f906620c49a Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:33 +0100 Subject: [PATCH 142/219] bochs: Check catalog_size header field (CVE-2014-0143) It should neither become negative nor allow unbounded memory allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap buffer overflow on big endian hosts. Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit e3737b820b45e54b059656dc3f914f895ac7a88b) Signed-off-by: Michael Roth --- block/bochs.c | 13 +++++++++++++ tests/qemu-iotests/078 | 13 +++++++++++++ tests/qemu-iotests/078.out | 10 +++++++++- 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/block/bochs.c b/block/bochs.c index 04cca7110d..d1b1a2c6cc 100644 --- a/block/bochs.c +++ b/block/bochs.c @@ -122,7 +122,14 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags, bs->total_sectors = le64_to_cpu(bochs.extra.redolog.disk) / 512; } + /* Limit to 1M entries to avoid unbounded allocation. This is what is + * needed for the largest image that bximage can create (~8 TB). */ s->catalog_size = le32_to_cpu(bochs.catalog); + if (s->catalog_size > 0x100000) { + error_setg(errp, "Catalog size is too large"); + return -EFBIG; + } + s->catalog_bitmap = g_malloc(s->catalog_size * 4); ret = bdrv_pread(bs->file, le32_to_cpu(bochs.header), s->catalog_bitmap, @@ -141,6 +148,12 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags, s->extent_size = le32_to_cpu(bochs.extent); + if (s->catalog_size < bs->total_sectors / s->extent_size) { + error_setg(errp, "Catalog size is too small for this disk size"); + ret = -EINVAL; + goto fail; + } + qemu_co_mutex_init(&s->lock); return 0; diff --git a/tests/qemu-iotests/078 b/tests/qemu-iotests/078 index 73b573a624..902ef0f036 100755 --- a/tests/qemu-iotests/078 +++ b/tests/qemu-iotests/078 @@ -43,6 +43,7 @@ _supported_proto generic _supported_os Linux catalog_size_offset=$((0x48)) +disk_size_offset=$((0x58)) echo echo "== Read from a valid image ==" @@ -55,6 +56,18 @@ _use_sample_img empty.bochs.bz2 poke_file "$TEST_IMG" "$catalog_size_offset" "\xff\xff\xff\xff" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Overflow for catalog size * sizeof(uint32_t) ==" +_use_sample_img empty.bochs.bz2 +poke_file "$TEST_IMG" "$catalog_size_offset" "\x00\x00\x00\x40" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== Too small catalog bitmap for image size ==" +_use_sample_img empty.bochs.bz2 +poke_file "$TEST_IMG" "$disk_size_offset" "\x00\xc0\x0f\x00\x00\x00\x00\x7f" +{ $QEMU_IO -c "read 2T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/078.out b/tests/qemu-iotests/078.out index ef8c42de9c..7254693b08 100644 --- a/tests/qemu-iotests/078.out +++ b/tests/qemu-iotests/078.out @@ -5,6 +5,14 @@ read 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) == Negative catalog size == -qemu-io: can't open device TEST_DIR/empty.bochs: Could not open 'TEST_DIR/empty.bochs': Interrupted system call +qemu-io: can't open device TEST_DIR/empty.bochs: Catalog size is too large +no file open, try 'help open' + +== Overflow for catalog size * sizeof(uint32_t) == +qemu-io: can't open device TEST_DIR/empty.bochs: Catalog size is too large +no file open, try 'help open' + +== Too small catalog bitmap for image size == +qemu-io: can't open device TEST_DIR/empty.bochs: Catalog size is too small for this disk size no file open, try 'help open' *** done From b0a7517c244d09bbb087af0f8b455cabedc126ee Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:34 +0100 Subject: [PATCH 143/219] bochs: Check extent_size header field (CVE-2014-0142) This fixes two possible division by zero crashes: In bochs_open() and in seek_to_sector(). Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 8e53abbc20d08ae3ec30c2054e1161314ad9501d) Signed-off-by: Michael Roth --- block/bochs.c | 8 ++++++++ tests/qemu-iotests/078 | 13 +++++++++++++ tests/qemu-iotests/078.out | 8 ++++++++ 3 files changed, 29 insertions(+) diff --git a/block/bochs.c b/block/bochs.c index d1b1a2c6cc..0ec980a3a5 100644 --- a/block/bochs.c +++ b/block/bochs.c @@ -147,6 +147,14 @@ static int bochs_open(BlockDriverState *bs, QDict *options, int flags, s->extent_blocks = 1 + (le32_to_cpu(bochs.extent) - 1) / 512; s->extent_size = le32_to_cpu(bochs.extent); + if (s->extent_size == 0) { + error_setg(errp, "Extent size may not be zero"); + return -EINVAL; + } else if (s->extent_size > 0x800000) { + error_setg(errp, "Extent size %" PRIu32 " is too large", + s->extent_size); + return -EINVAL; + } if (s->catalog_size < bs->total_sectors / s->extent_size) { error_setg(errp, "Catalog size is too small for this disk size"); diff --git a/tests/qemu-iotests/078 b/tests/qemu-iotests/078 index 902ef0f036..872e734cab 100755 --- a/tests/qemu-iotests/078 +++ b/tests/qemu-iotests/078 @@ -43,6 +43,7 @@ _supported_proto generic _supported_os Linux catalog_size_offset=$((0x48)) +extent_size_offset=$((0x50)) disk_size_offset=$((0x58)) echo @@ -68,6 +69,18 @@ _use_sample_img empty.bochs.bz2 poke_file "$TEST_IMG" "$disk_size_offset" "\x00\xc0\x0f\x00\x00\x00\x00\x7f" { $QEMU_IO -c "read 2T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Negative extent size ==" +_use_sample_img empty.bochs.bz2 +poke_file "$TEST_IMG" "$extent_size_offset" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 768k 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== Zero extent size ==" +_use_sample_img empty.bochs.bz2 +poke_file "$TEST_IMG" "$extent_size_offset" "\x00\x00\x00\x00" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/078.out b/tests/qemu-iotests/078.out index 7254693b08..ea95ffdbb8 100644 --- a/tests/qemu-iotests/078.out +++ b/tests/qemu-iotests/078.out @@ -15,4 +15,12 @@ no file open, try 'help open' == Too small catalog bitmap for image size == qemu-io: can't open device TEST_DIR/empty.bochs: Catalog size is too small for this disk size no file open, try 'help open' + +== Negative extent size == +qemu-io: can't open device TEST_DIR/empty.bochs: Extent size 4294967295 is too large +no file open, try 'help open' + +== Zero extent size == +qemu-io: can't open device TEST_DIR/empty.bochs: Extent size may not be zero +no file open, try 'help open' *** done From 6ee0d5fdc7bbeb5419fb41fd949fd0b0ebe085db Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:35 +0100 Subject: [PATCH 144/219] bochs: Fix bitmap offset calculation 32 bit truncation could let us access the wrong offset in the image. Signed-off-by: Kevin Wolf Reviewed-by: Stefan Hajnoczi Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit a9ba36a45dfac645a810c31ce15ab393b69d820a) Signed-off-by: Michael Roth --- block/bochs.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/block/bochs.c b/block/bochs.c index 0ec980a3a5..5c74223964 100644 --- a/block/bochs.c +++ b/block/bochs.c @@ -185,8 +185,9 @@ static int64_t seek_to_sector(BlockDriverState *bs, int64_t sector_num) return -1; /* not allocated */ } - bitmap_offset = s->data_offset + (512 * s->catalog_bitmap[extent_index] * - (s->extent_blocks + s->bitmap_blocks)); + bitmap_offset = s->data_offset + + (512 * (uint64_t) s->catalog_bitmap[extent_index] * + (s->extent_blocks + s->bitmap_blocks)); /* read in bitmap for current extent */ if (bdrv_pread(bs->file, bitmap_offset + (extent_offset / 8), From b2390c7008561c595127090688960a145a592f6b Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Wed, 26 Mar 2014 13:05:36 +0100 Subject: [PATCH 145/219] vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144) This adds checks to make sure that max_table_entries and block_size are in sane ranges. Memory is allocated based on max_table_entries, and block_size is used to calculate indices into that allocated memory, so if these values are incorrect that can lead to potential unbounded memory allocation, or invalid memory accesses. Also, the allocation of the pagetable is changed from g_malloc0() to qemu_blockalign(). Signed-off-by: Jeff Cody Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 97f1c45c6f456572e5b504b8614e4a69e23b8e3a) Signed-off-by: Michael Roth --- block/vpc.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/block/vpc.c b/block/vpc.c index 577cc45992..4acf154a56 100644 --- a/block/vpc.c +++ b/block/vpc.c @@ -45,6 +45,8 @@ enum vhd_type { // Seconds since Jan 1, 2000 0:00:00 (UTC) #define VHD_TIMESTAMP_BASE 946684800 +#define VHD_MAX_SECTORS (65535LL * 255 * 255) + // always big-endian typedef struct vhd_footer { char creator[8]; // "conectix" @@ -164,6 +166,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, VHDDynDiskHeader *dyndisk_header; uint8_t buf[HEADER_SIZE]; uint32_t checksum; + uint64_t computed_size; int disk_type = VHD_DYNAMIC; int ret; @@ -221,7 +224,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, } /* Allow a maximum disk size of approximately 2 TB */ - if (bs->total_sectors >= 65535LL * 255 * 255) { + if (bs->total_sectors >= VHD_MAX_SECTORS) { ret = -EFBIG; goto fail; } @@ -244,7 +247,23 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, s->bitmap_size = ((s->block_size / (8 * 512)) + 511) & ~511; s->max_table_entries = be32_to_cpu(dyndisk_header->max_table_entries); - s->pagetable = g_malloc(s->max_table_entries * 4); + + if ((bs->total_sectors * 512) / s->block_size > 0xffffffffU) { + ret = -EINVAL; + goto fail; + } + if (s->max_table_entries > (VHD_MAX_SECTORS * 512) / s->block_size) { + ret = -EINVAL; + goto fail; + } + + computed_size = (uint64_t) s->max_table_entries * s->block_size; + if (computed_size < bs->total_sectors * 512) { + ret = -EINVAL; + goto fail; + } + + s->pagetable = qemu_blockalign(bs, s->max_table_entries * 4); s->bat_offset = be64_to_cpu(dyndisk_header->table_offset); @@ -297,7 +316,7 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, return 0; fail: - g_free(s->pagetable); + qemu_vfree(s->pagetable); #ifdef CACHE g_free(s->pageentry_u8); #endif @@ -819,7 +838,7 @@ static int vpc_has_zero_init(BlockDriverState *bs) static void vpc_close(BlockDriverState *bs) { BDRVVPCState *s = bs->opaque; - g_free(s->pagetable); + qemu_vfree(s->pagetable); #ifdef CACHE g_free(s->pageentry_u8); #endif From 76d1eddbe533d828eb866c36b7b13837986c7fc3 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:37 +0100 Subject: [PATCH 146/219] vpc: Validate block size (CVE-2014-0142) This fixes some cases of division by zero crashes. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 5e71dfad763d67bb64be79e20e93411c0c30ad25) Conflicts: tests/qemu-iotests/group *fixed context mismatches in group file Signed-off-by: Michael Roth --- block/vpc.c | 5 +++ tests/qemu-iotests/088 | 64 ++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/088.out | 17 ++++++++++ tests/qemu-iotests/group | 1 + 4 files changed, 87 insertions(+) create mode 100755 tests/qemu-iotests/088 create mode 100644 tests/qemu-iotests/088.out diff --git a/block/vpc.c b/block/vpc.c index 4acf154a56..be4f8ab3ca 100644 --- a/block/vpc.c +++ b/block/vpc.c @@ -244,6 +244,11 @@ static int vpc_open(BlockDriverState *bs, QDict *options, int flags, } s->block_size = be32_to_cpu(dyndisk_header->block_size); + if (!is_power_of_2(s->block_size) || s->block_size < BDRV_SECTOR_SIZE) { + error_setg(errp, "Invalid block size %" PRIu32, s->block_size); + ret = -EINVAL; + goto fail; + } s->bitmap_size = ((s->block_size / (8 * 512)) + 511) & ~511; s->max_table_entries = be32_to_cpu(dyndisk_header->max_table_entries); diff --git a/tests/qemu-iotests/088 b/tests/qemu-iotests/088 new file mode 100755 index 0000000000..c09adf8023 --- /dev/null +++ b/tests/qemu-iotests/088 @@ -0,0 +1,64 @@ +#!/bin/bash +# +# vpc (VHD) format input validation tests +# +# Copyright (C) 2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=kwolf@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! + +_cleanup() +{ + rm -f $TEST_IMG.snap + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt vpc +_supported_proto generic +_supported_os Linux + +offset_block_size=$((512 + 32)) + +echo +echo "== Invalid block size ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_block_size" "\x00\x00\x00\x00" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_block_size" "\x00\x00\x00\x80" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_block_size" "\x12\x34\x56\x78" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/tests/qemu-iotests/088.out b/tests/qemu-iotests/088.out new file mode 100644 index 0000000000..d961609e49 --- /dev/null +++ b/tests/qemu-iotests/088.out @@ -0,0 +1,17 @@ +QA output created by 088 + +== Invalid block size == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.vpc: Invalid block size 0 +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.vpc: Invalid block size 0 +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.vpc: Invalid block size 128 +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.vpc: Invalid block size 128 +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.vpc: Invalid block size 305419896 +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.vpc: Invalid block size 305419896 +no file open, try 'help open' +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 97226d4003..9b3552fcb4 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -79,3 +79,4 @@ 073 rw auto 075 rw auto 078 rw auto +088 rw auto From 37173f54b7925f02045a93c081deabca1b8a6abd Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Fri, 28 Mar 2014 11:42:24 -0400 Subject: [PATCH 147/219] vdi: add bounds checks for blocks_in_image and disk_size header fields (CVE-2014-0144) The maximum blocks_in_image is 0xffffffff / 4, which also limits the maximum disk_size for a VDI image to 1024TB. Note that this is the maximum size that QEMU will currently support with this driver, not necessarily the maximum size allowed by the image format. This also fixes an incorrect error message, a bug introduced by commit 5b7aa9b56d1bfc79916262f380c3fc7961becb50 (Reported by Stefan Weil) Signed-off-by: Jeff Cody Signed-off-by: Kevin Wolf Signed-off-by: Stefan Hajnoczi (cherry picked from commit 63fa06dc978f3669dbfd9443b33cde9e2a7f4b41) Conflicts: block/vdi.c *modified to retain 1.7's usage of logout() over error_setg() Signed-off-by: Michael Roth --- block/vdi.c | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/block/vdi.c b/block/vdi.c index b6ec0020dc..204a3e5c45 100644 --- a/block/vdi.c +++ b/block/vdi.c @@ -120,6 +120,11 @@ typedef unsigned char uuid_t[16]; #define VDI_IS_ALLOCATED(X) ((X) < VDI_DISCARDED) +/* max blocks in image is (0xffffffff / 4) */ +#define VDI_BLOCKS_IN_IMAGE_MAX 0x3fffffff +#define VDI_DISK_SIZE_MAX ((uint64_t)VDI_BLOCKS_IN_IMAGE_MAX * \ + (uint64_t)DEFAULT_CLUSTER_SIZE) + #if !defined(CONFIG_UUID) static inline void uuid_generate(uuid_t out) { @@ -384,6 +389,13 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags, vdi_header_print(&header); #endif + if (header.disk_size > VDI_DISK_SIZE_MAX) { + logout("disk size is 0x%" PRIx64 ", max supported is 0x%" PRIx64, + header.disk_size, VDI_DISK_SIZE_MAX); + ret = -ENOTSUP; + goto fail; + } + if (header.disk_size % SECTOR_SIZE != 0) { /* 'VBoxManage convertfromraw' can create images with odd disk sizes. We accept them but round the disk size to the next multiple of @@ -416,7 +428,7 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags, logout("unsupported sector size %u B\n", header.sector_size); ret = -ENOTSUP; goto fail; - } else if (header.block_size != 1 * MiB) { + } else if (header.block_size != DEFAULT_CLUSTER_SIZE) { logout("unsupported block size %u B\n", header.block_size); ret = -ENOTSUP; goto fail; @@ -433,6 +445,11 @@ static int vdi_open(BlockDriverState *bs, QDict *options, int flags, logout("parent uuid != 0, unsupported\n"); ret = -ENOTSUP; goto fail; + } else if (header.blocks_in_image > VDI_BLOCKS_IN_IMAGE_MAX) { + logout("too many blocks %u, max is %u)", + header.blocks_in_image, VDI_BLOCKS_IN_IMAGE_MAX); + ret = -ENOTSUP; + goto fail; } bs->total_sectors = header.disk_size / SECTOR_SIZE; @@ -681,11 +698,20 @@ static int vdi_create(const char *filename, QEMUOptionParameter *options, options++; } + if (bytes > VDI_DISK_SIZE_MAX) { + result = -ENOTSUP; + logout("image size (size is 0x%" PRIx64 + ", max supported is 0x%" PRIx64 ")", + bytes, VDI_DISK_SIZE_MAX); + goto exit; + } + fd = qemu_open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE, 0644); if (fd < 0) { - return -errno; + result = -errno; + goto exit; } /* We need enough blocks to store the given disk size, @@ -746,6 +772,7 @@ static int vdi_create(const char *filename, QEMUOptionParameter *options, result = -errno; } +exit: return result; } From 1786c4225db1ff1241d76e1f96a2acc1bea51d2d Mon Sep 17 00:00:00 2001 From: Jeff Cody Date: Wed, 26 Mar 2014 13:05:39 +0100 Subject: [PATCH 148/219] vhdx: Bounds checking for block_size and logical_sector_size (CVE-2014-0148) Other variables (e.g. sectors_per_block) are calculated using these variables, and if not range-checked illegal values could be obtained causing infinite loops and other potential issues when calculating BAT entries. The 1.00 VHDX spec requires BlockSize to be min 1MB, max 256MB. LogicalSectorSize is required to be either 512 or 4096 bytes. Reported-by: Kevin Wolf Signed-off-by: Jeff Cody Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 1d7678dec4761acdc43439da6ceda41a703ba1a6) Signed-off-by: Michael Roth --- block/vhdx.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/block/vhdx.c b/block/vhdx.c index 7d1af9663b..8a70ae8a12 100644 --- a/block/vhdx.c +++ b/block/vhdx.c @@ -785,12 +785,20 @@ static int vhdx_parse_metadata(BlockDriverState *bs, BDRVVHDXState *s) le32_to_cpus(&s->logical_sector_size); le32_to_cpus(&s->physical_sector_size); - if (s->logical_sector_size == 0 || s->params.block_size == 0) { + if (s->params.block_size < VHDX_BLOCK_SIZE_MIN || + s->params.block_size > VHDX_BLOCK_SIZE_MAX) { ret = -EINVAL; goto exit; } - /* both block_size and sector_size are guaranteed powers of 2 */ + /* only 2 supported sector sizes */ + if (s->logical_sector_size != 512 && s->logical_sector_size != 4096) { + ret = -EINVAL; + goto exit; + } + + /* Both block_size and sector_size are guaranteed powers of 2, below. + Due to range checks above, s->sectors_per_block can never be < 256 */ s->sectors_per_block = s->params.block_size / s->logical_sector_size; s->chunk_ratio = (VHDX_MAX_SECTORS_PER_BLOCK) * (uint64_t)s->logical_sector_size / From 4854971ac1bbc95c41f6c99c8482903c2ef8d1bb Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Wed, 26 Mar 2014 13:05:40 +0100 Subject: [PATCH 149/219] curl: check data size before memcpy to local buffer. (CVE-2014-0144) curl_read_cb is callback function for libcurl when data arrives. The data size passed in here is not guaranteed to be within the range of request we submitted, so we may overflow the guest IO buffer. Check the real size we have before memcpy to buffer to avoid overflow. Signed-off-by: Fam Zheng Reviewed-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 6d4b9e55fc625514a38d27cff4b9933f617fa7dc) Signed-off-by: Michael Roth --- block/curl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/block/curl.c b/block/curl.c index 1c04dccb82..47cf70a159 100644 --- a/block/curl.c +++ b/block/curl.c @@ -157,6 +157,11 @@ static size_t curl_read_cb(void *ptr, size_t size, size_t nmemb, void *opaque) if (!s || !s->orig_buf) goto read_end; + if (s->buf_off >= s->buf_len) { + /* buffer full, read nothing */ + return 0; + } + realsize = MIN(realsize, s->buf_len - s->buf_off); memcpy(s->orig_buf + s->buf_off, ptr, realsize); s->buf_off += realsize; From 665f3ad58f040cc1a09cbd4f91b2e7355a874c6e Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:41 +0100 Subject: [PATCH 150/219] qcow2: Check header_length (CVE-2014-0144) This fixes an unbounded allocation for s->unknown_header_fields. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 24342f2cae47d03911e346fe1e520b00dc2818e0) Conflicts: tests/qemu-iotests/group *fixed context mismatches in group file Signed-off-by: Michael Roth --- block/qcow2.c | 34 +++++++++++++++------ tests/qemu-iotests/080 | 61 ++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/080.out | 9 ++++++ tests/qemu-iotests/group | 1 + 4 files changed, 96 insertions(+), 9 deletions(-) create mode 100755 tests/qemu-iotests/080 create mode 100644 tests/qemu-iotests/080.out diff --git a/block/qcow2.c b/block/qcow2.c index f2897b64aa..e4280a2cb5 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -463,6 +463,18 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, s->qcow_version = header.version; + /* Initialise cluster size */ + if (header.cluster_bits < MIN_CLUSTER_BITS || + header.cluster_bits > MAX_CLUSTER_BITS) { + error_setg(errp, "Unsupported cluster size: 2^%i", header.cluster_bits); + ret = -EINVAL; + goto fail; + } + + s->cluster_bits = header.cluster_bits; + s->cluster_size = 1 << s->cluster_bits; + s->cluster_sectors = 1 << (s->cluster_bits - 9); + /* Initialise version 3 header fields */ if (header.version == 2) { header.incompatible_features = 0; @@ -476,6 +488,18 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, be64_to_cpus(&header.autoclear_features); be32_to_cpus(&header.refcount_order); be32_to_cpus(&header.header_length); + + if (header.header_length < 104) { + error_setg(errp, "qcow2 header too short"); + ret = -EINVAL; + goto fail; + } + } + + if (header.header_length > s->cluster_size) { + error_setg(errp, "qcow2 header exceeds cluster size"); + ret = -EINVAL; + goto fail; } if (header.header_length > sizeof(header)) { @@ -532,12 +556,6 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, } s->refcount_order = header.refcount_order; - if (header.cluster_bits < MIN_CLUSTER_BITS || - header.cluster_bits > MAX_CLUSTER_BITS) { - error_setg(errp, "Unsupported cluster size: 2^%i", header.cluster_bits); - ret = -EINVAL; - goto fail; - } if (header.crypt_method > QCOW_CRYPT_AES) { error_setg(errp, "Unsupported encryption method: %i", header.crypt_method); @@ -548,9 +566,7 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, if (s->crypt_method_header) { bs->encrypted = 1; } - s->cluster_bits = header.cluster_bits; - s->cluster_size = 1 << s->cluster_bits; - s->cluster_sectors = 1 << (s->cluster_bits - 9); + s->l2_bits = s->cluster_bits - 3; /* L2 is always one cluster */ s->l2_size = 1 << s->l2_bits; bs->total_sectors = header.size / 512; diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 new file mode 100755 index 0000000000..6512701e1e --- /dev/null +++ b/tests/qemu-iotests/080 @@ -0,0 +1,61 @@ +#!/bin/bash +# +# qcow2 format input validation tests +# +# Copyright (C) 2013 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=kwolf@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow2 +_supported_proto generic +_supported_os Linux + +header_size=104 +offset_header_size=100 +offset_ext_magic=$header_size +offset_ext_size=$((header_size + 4)) + +echo +echo "== Huge header size ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_header_size" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_header_size" "\x7f\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out new file mode 100644 index 0000000000..41a166a27f --- /dev/null +++ b/tests/qemu-iotests/080.out @@ -0,0 +1,9 @@ +QA output created by 080 + +== Huge header size == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: qcow2 header exceeds cluster size +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: qcow2 header exceeds cluster size +no file open, try 'help open' +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 9b3552fcb4..d0b762c0b4 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -79,4 +79,5 @@ 073 rw auto 075 rw auto 078 rw auto +080 rw auto 088 rw auto From 6f6db0c7aff11b233442d5e9e105f9b8bb66f2c5 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:42 +0100 Subject: [PATCH 151/219] qcow2: Check backing_file_offset (CVE-2014-0144) Header, header extension and the backing file name must all be stored in the first cluster. Setting the backing file to a much higher value allowed header extensions to become much bigger than we want them to be (unbounded allocation). Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit a1b3955c9415b1e767c130a2f59fee6aa28e575b) Signed-off-by: Michael Roth --- block/qcow2.c | 6 ++++++ tests/qemu-iotests/080 | 12 ++++++++++++ tests/qemu-iotests/080.out | 7 +++++++ 3 files changed, 25 insertions(+) diff --git a/block/qcow2.c b/block/qcow2.c index e4280a2cb5..a6ad44ef3a 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -514,6 +514,12 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, } } + if (header.backing_file_offset > s->cluster_size) { + error_setg(errp, "Invalid backing file offset"); + ret = -EINVAL; + goto fail; + } + if (header.backing_file_offset) { ext_end = header.backing_file_offset; } else { diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 6512701e1e..6d588ddd12 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -43,6 +43,8 @@ _supported_proto generic _supported_os Linux header_size=104 + +offset_backing_file_offset=8 offset_header_size=100 offset_ext_magic=$header_size offset_ext_size=$((header_size + 4)) @@ -55,6 +57,16 @@ poke_file "$TEST_IMG" "$offset_header_size" "\xff\xff\xff\xff" poke_file "$TEST_IMG" "$offset_header_size" "\x7f\xff\xff\xff" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Huge unknown header extension ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_backing_file_offset" "\xff\xff\xff\xff\xff\xff\xff\xff" +poke_file "$TEST_IMG" "$offset_ext_magic" "\x12\x34\x56\x78" +poke_file "$TEST_IMG" "$offset_ext_size" "\x7f\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x00" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 41a166a27f..48c40aa3e2 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -6,4 +6,11 @@ qemu-io: can't open device TEST_DIR/t.qcow2: qcow2 header exceeds cluster size no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow2: qcow2 header exceeds cluster size no file open, try 'help open' + +== Huge unknown header extension == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid backing file offset +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Header extension too large +no file open, try 'help open' *** done From f6027f805b111deccc0e09eec53d8be9812493fa Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:43 +0100 Subject: [PATCH 152/219] qcow2: Check refcount table size (CVE-2014-0144) Limit the in-memory reference count table size to 8 MB, it's enough in practice. This fixes an unbounded allocation as well as a buffer overflow in qcow2_refcount_init(). Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21) Signed-off-by: Michael Roth --- block/qcow2-refcount.c | 4 +++- block/qcow2.c | 9 +++++++++ tests/qemu-iotests/080 | 10 ++++++++++ tests/qemu-iotests/080.out | 7 +++++++ 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 1ff43d0906..8c57016bdd 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -40,8 +40,10 @@ static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs, int qcow2_refcount_init(BlockDriverState *bs) { BDRVQcowState *s = bs->opaque; - int ret, refcount_table_size2, i; + unsigned int refcount_table_size2, i; + int ret; + assert(s->refcount_table_size <= INT_MAX / sizeof(uint64_t)); refcount_table_size2 = s->refcount_table_size * sizeof(uint64_t); s->refcount_table = g_malloc(refcount_table_size2); if (s->refcount_table_size > 0) { diff --git a/block/qcow2.c b/block/qcow2.c index a6ad44ef3a..8c8996d130 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -579,10 +579,19 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, s->csize_shift = (62 - (s->cluster_bits - 8)); s->csize_mask = (1 << (s->cluster_bits - 8)) - 1; s->cluster_offset_mask = (1LL << s->csize_shift) - 1; + s->refcount_table_offset = header.refcount_table_offset; s->refcount_table_size = header.refcount_table_clusters << (s->cluster_bits - 3); + if (header.refcount_table_clusters > (0x800000 >> s->cluster_bits)) { + /* 8 MB refcount table is enough for 2 PB images at 64k cluster size + * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ + error_setg(errp, "Reference count table too large"); + ret = -EINVAL; + goto fail; + } + s->snapshots_offset = header.snapshots_offset; s->nb_snapshots = header.nb_snapshots; diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 6d588ddd12..6179e0519f 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -45,6 +45,7 @@ _supported_os Linux header_size=104 offset_backing_file_offset=8 +offset_refcount_table_clusters=56 offset_header_size=100 offset_ext_magic=$header_size offset_ext_size=$((header_size + 4)) @@ -67,6 +68,15 @@ poke_file "$TEST_IMG" "$offset_ext_size" "\x7f\xff\xff\xff" poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x00\x00" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Huge refcount table size ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x02\x00\x01" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 48c40aa3e2..6fef6d9892 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -13,4 +13,11 @@ qemu-io: can't open device TEST_DIR/t.qcow2: Invalid backing file offset no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow2: Header extension too large no file open, try 'help open' + +== Huge refcount table size == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Reference count table too large +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Reference count table too large +no file open, try 'help open' *** done From 818ce8487eba6b460af5a7e9f3ae38533ff85bf1 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:44 +0100 Subject: [PATCH 153/219] qcow2: Validate refcount table offset The end of the refcount table must not exceed INT64_MAX so that integer overflows are avoided. Also check for misaligned refcount table. Such images are invalid and probably the result of data corruption. Error out to avoid further corruption. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 8c7de28305a514d7f879fdfc677ca11fbf60d2e9) Signed-off-by: Michael Roth --- block/qcow2.c | 33 +++++++++++++++++++++++++++++++++ tests/qemu-iotests/080 | 13 +++++++++++++ tests/qemu-iotests/080.out | 10 ++++++++++ 3 files changed, 56 insertions(+) diff --git a/block/qcow2.c b/block/qcow2.c index 8c8996d130..de86302104 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -332,6 +332,32 @@ static int qcow2_check(BlockDriverState *bs, BdrvCheckResult *result, return ret; } +static int validate_table_offset(BlockDriverState *bs, uint64_t offset, + uint64_t entries, size_t entry_len) +{ + BDRVQcowState *s = bs->opaque; + uint64_t size; + + /* Use signed INT64_MAX as the maximum even for uint64_t header fields, + * because values will be passed to qemu functions taking int64_t. */ + if (entries > INT64_MAX / entry_len) { + return -EINVAL; + } + + size = entries * entry_len; + + if (INT64_MAX - size < offset) { + return -EINVAL; + } + + /* Tables must be cluster aligned */ + if (offset & (s->cluster_size - 1)) { + return -EINVAL; + } + + return 0; +} + static QemuOptsList qcow2_runtime_opts = { .name = "qcow2", .head = QTAILQ_HEAD_INITIALIZER(qcow2_runtime_opts.head), @@ -592,6 +618,13 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } + ret = validate_table_offset(bs, s->refcount_table_offset, + s->refcount_table_size, sizeof(uint64_t)); + if (ret < 0) { + error_setg(errp, "Invalid reference count table offset"); + goto fail; + } + s->snapshots_offset = header.snapshots_offset; s->nb_snapshots = header.nb_snapshots; diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 6179e0519f..f58ac736b7 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -45,6 +45,7 @@ _supported_os Linux header_size=104 offset_backing_file_offset=8 +offset_refcount_table_offset=48 offset_refcount_table_clusters=56 offset_header_size=100 offset_ext_magic=$header_size @@ -76,6 +77,18 @@ poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\xff\xff\xff\xff" poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x02\x00\x01" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Misaligned refcount table ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== Huge refcount offset ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\xff\xff\xff\xff\xff\xff\x00\x00" +poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x00\x00\x7f" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir # success, all done echo "*** done" diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 6fef6d9892..f919b58d83 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -20,4 +20,14 @@ qemu-io: can't open device TEST_DIR/t.qcow2: Reference count table too large no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow2: Reference count table too large no file open, try 'help open' + +== Misaligned refcount table == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid reference count table offset +no file open, try 'help open' + +== Huge refcount offset == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid reference count table offset +no file open, try 'help open' *** done From 04bc6981ca7ea65d9d4e61b4758dcb9336fd045d Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:45 +0100 Subject: [PATCH 154/219] qcow2: Validate snapshot table offset/size (CVE-2014-0144) This avoid unbounded memory allocation and fixes a potential buffer overflow on 32 bit hosts. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit ce48f2f441ca98885267af6fd636a7cb804ee646) Signed-off-by: Michael Roth --- block/qcow2-snapshot.c | 29 ++++------------------------- block/qcow2.c | 15 +++++++++++++++ block/qcow2.h | 29 ++++++++++++++++++++++++++++- tests/qemu-iotests/080 | 27 +++++++++++++++++++++++++++ tests/qemu-iotests/080.out | 17 +++++++++++++++++ 5 files changed, 91 insertions(+), 26 deletions(-) diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c index 3529c683c6..754816542e 100644 --- a/block/qcow2-snapshot.c +++ b/block/qcow2-snapshot.c @@ -26,31 +26,6 @@ #include "block/block_int.h" #include "block/qcow2.h" -typedef struct QEMU_PACKED QCowSnapshotHeader { - /* header is 8 byte aligned */ - uint64_t l1_table_offset; - - uint32_t l1_size; - uint16_t id_str_size; - uint16_t name_size; - - uint32_t date_sec; - uint32_t date_nsec; - - uint64_t vm_clock_nsec; - - uint32_t vm_state_size; - uint32_t extra_data_size; /* for extension */ - /* extra data follows */ - /* id_str follows */ - /* name follows */ -} QCowSnapshotHeader; - -typedef struct QEMU_PACKED QCowSnapshotExtraData { - uint64_t vm_state_size_large; - uint64_t disk_size; -} QCowSnapshotExtraData; - void qcow2_free_snapshots(BlockDriverState *bs) { BDRVQcowState *s = bs->opaque; @@ -357,6 +332,10 @@ int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) uint64_t *l1_table = NULL; int64_t l1_table_offset; + if (s->nb_snapshots >= QCOW_MAX_SNAPSHOTS) { + return -EFBIG; + } + memset(sn, 0, sizeof(*sn)); /* Generate an ID if it wasn't passed */ diff --git a/block/qcow2.c b/block/qcow2.c index de86302104..3b81c53e53 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -625,6 +625,21 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } + /* Snapshot table offset/length */ + if (header.nb_snapshots > QCOW_MAX_SNAPSHOTS) { + error_setg(errp, "Too many snapshots"); + ret = -EINVAL; + goto fail; + } + + ret = validate_table_offset(bs, header.snapshots_offset, + header.nb_snapshots, + sizeof(QCowSnapshotHeader)); + if (ret < 0) { + error_setg(errp, "Invalid snapshot table offset"); + goto fail; + } + s->snapshots_offset = header.snapshots_offset; s->nb_snapshots = header.nb_snapshots; diff --git a/block/qcow2.h b/block/qcow2.h index 922e19062a..99fe092753 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -38,6 +38,7 @@ #define QCOW_CRYPT_AES 1 #define QCOW_MAX_CRYPT_CLUSTERS 32 +#define QCOW_MAX_SNAPSHOTS 65536 /* indicate that the refcount of the referenced cluster is exactly one. */ #define QCOW_OFLAG_COPIED (1ULL << 63) @@ -97,6 +98,32 @@ typedef struct QCowHeader { uint32_t header_length; } QEMU_PACKED QCowHeader; +typedef struct QEMU_PACKED QCowSnapshotHeader { + /* header is 8 byte aligned */ + uint64_t l1_table_offset; + + uint32_t l1_size; + uint16_t id_str_size; + uint16_t name_size; + + uint32_t date_sec; + uint32_t date_nsec; + + uint64_t vm_clock_nsec; + + uint32_t vm_state_size; + uint32_t extra_data_size; /* for extension */ + /* extra data follows */ + /* id_str follows */ + /* name follows */ +} QCowSnapshotHeader; + +typedef struct QEMU_PACKED QCowSnapshotExtraData { + uint64_t vm_state_size_large; + uint64_t disk_size; +} QCowSnapshotExtraData; + + typedef struct QCowSnapshot { uint64_t l1_table_offset; uint32_t l1_size; @@ -202,7 +229,7 @@ typedef struct BDRVQcowState { AES_KEY aes_decrypt_key; uint64_t snapshots_offset; int snapshots_size; - int nb_snapshots; + unsigned int nb_snapshots; QCowSnapshot *snapshots; int flags; diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index f58ac736b7..8a8b460de4 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -47,6 +47,8 @@ header_size=104 offset_backing_file_offset=8 offset_refcount_table_offset=48 offset_refcount_table_clusters=56 +offset_nb_snapshots=60 +offset_snapshots_offset=64 offset_header_size=100 offset_ext_magic=$header_size offset_ext_size=$((header_size + 4)) @@ -90,6 +92,31 @@ poke_file "$TEST_IMG" "$offset_refcount_table_offset" "\xff\xff\xff\xff\xff\xff\ poke_file "$TEST_IMG" "$offset_refcount_table_clusters" "\x00\x00\x00\x7f" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid snapshot table ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_nb_snapshots" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x7f\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +poke_file "$TEST_IMG" "$offset_snapshots_offset" "\xff\xff\xff\xff\xff\xff\x00\x00" +poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef" +poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x00\x00\x00" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== Hitting snapshot table size limit ==" +_make_test_img 64M +# Put the refcount table in a more or less safe place (16 MB) +poke_file "$TEST_IMG" "$offset_snapshots_offset" "\x00\x00\x00\x00\x01\x00\x00\x00" +poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x01\x00\x00" +{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index f919b58d83..b06f47f6ce 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -30,4 +30,21 @@ no file open, try 'help open' Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 qemu-io: can't open device TEST_DIR/t.qcow2: Invalid reference count table offset no file open, try 'help open' + +== Invalid snapshot table == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Too many snapshots +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Too many snapshots +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid snapshot table offset +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid snapshot table offset +no file open, try 'help open' + +== Hitting snapshot table size limit == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-img: Could not create snapshot 'test': -27 (File too large) +read 512/512 bytes at offset 0 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) *** done From cd598d41616189f33b35f69a5f7ba70c8112c272 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:46 +0100 Subject: [PATCH 155/219] qcow2: Validate active L1 table offset and size (CVE-2014-0144) This avoids an unbounded allocation. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 2d51c32c4b511db8bb9e58208f1e2c25e4c06c85) Signed-off-by: Michael Roth --- block/qcow2.c | 16 ++++++++++++++++ tests/qemu-iotests/080 | 18 ++++++++++++++++++ tests/qemu-iotests/080.out | 11 +++++++++++ 3 files changed, 45 insertions(+) diff --git a/block/qcow2.c b/block/qcow2.c index 3b81c53e53..f1f8c9c340 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -644,6 +644,13 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, s->nb_snapshots = header.nb_snapshots; /* read the level 1 table */ + if (header.l1_size > 0x2000000) { + /* 32 MB L1 table is enough for 2 PB images at 64k cluster size + * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ + error_setg(errp, "Active L1 table too large"); + ret = -EFBIG; + goto fail; + } s->l1_size = header.l1_size; l1_vm_state_index = size_to_l1(s, header.size); @@ -661,7 +668,16 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, ret = -EINVAL; goto fail; } + + ret = validate_table_offset(bs, header.l1_table_offset, + header.l1_size, sizeof(uint64_t)); + if (ret < 0) { + error_setg(errp, "Invalid L1 table offset"); + goto fail; + } s->l1_table_offset = header.l1_table_offset; + + if (s->l1_size > 0) { s->l1_table = g_malloc0( align_offset(s->l1_size * sizeof(uint64_t), 512)); diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 8a8b460de4..7255b6cca6 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -45,6 +45,8 @@ _supported_os Linux header_size=104 offset_backing_file_offset=8 +offset_l1_size=36 +offset_l1_table_offset=40 offset_refcount_table_offset=48 offset_refcount_table_clusters=56 offset_nb_snapshots=60 @@ -117,6 +119,22 @@ poke_file "$TEST_IMG" "$offset_nb_snapshots" "\x00\x01\x00\x00" { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid L1 table ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_l1_size" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_l1_size" "\x7f\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x7f\xff\xff\xff\xff\xff\x00\x00" +poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xef" +poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index b06f47f6ce..4ec2545051 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -47,4 +47,15 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 qemu-img: Could not create snapshot 'test': -27 (File too large) read 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== Invalid L1 table == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Active L1 table too large +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Active L1 table too large +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid L1 table offset +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow2: Invalid L1 table offset +no file open, try 'help open' *** done From 5ba151f4dcca96d47896a5f77fa74ab5b6e9b06f Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:47 +0100 Subject: [PATCH 156/219] qcow2: Fix backing file name length check len could become negative and would pass the check then. Nothing bad happened because bdrv_pread() happens to return an error for negative length values, but make variables for sizes unsigned anyway. This patch also changes the behaviour to error out on invalid lengths instead of silently truncating it to 1023. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 6d33e8e7dc9d40ea105feed4b39caa3e641569e8) Signed-off-by: Michael Roth --- block/qcow2.c | 9 ++++++--- tests/qemu-iotests/080 | 8 ++++++++ tests/qemu-iotests/080.out | 5 +++++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index f1f8c9c340..3e620f2127 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -448,7 +448,8 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { BDRVQcowState *s = bs->opaque; - int len, i, ret = 0; + unsigned int len, i; + int ret = 0; QCowHeader header; QemuOpts *opts; Error *local_err = NULL; @@ -723,8 +724,10 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, /* read the backing file name */ if (header.backing_file_offset != 0) { len = header.backing_file_size; - if (len > 1023) { - len = 1023; + if (len > MIN(1023, s->cluster_size - header.backing_file_offset)) { + error_setg(errp, "Backing file name too long"); + ret = -EINVAL; + goto fail; } ret = bdrv_pread(bs->file, header.backing_file_offset, bs->backing_file, len); diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 7255b6cca6..f3091a9377 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -45,6 +45,7 @@ _supported_os Linux header_size=104 offset_backing_file_offset=8 +offset_backing_file_size=16 offset_l1_size=36 offset_l1_table_offset=40 offset_refcount_table_offset=48 @@ -135,6 +136,13 @@ poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xe poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid backing file size ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x10\x00" +poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 4ec2545051..8103211064 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -58,4 +58,9 @@ qemu-io: can't open device TEST_DIR/t.qcow2: Invalid L1 table offset no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow2: Invalid L1 table offset no file open, try 'help open' + +== Invalid backing file size == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow2: Backing file name too long +no file open, try 'help open' *** done From 2f59c95f16f3c98534b49e145da3cac0957c02a7 Mon Sep 17 00:00:00 2001 From: Hu Tao Date: Sun, 26 Jan 2014 11:12:38 +0800 Subject: [PATCH 157/219] qcow2: fix offset overflow in qcow2_alloc_clusters_at() When cluster size is big enough it can lead to an offset overflow in qcow2_alloc_clusters_at(). This patch fixes it. The allocation is stopped each time at L2 table boundary (see handle_alloc()), so the possible maximum bytes could be 2^(cluster_bits - 3 + cluster_bits) cluster_bits - 3 is used to compute the number of entry by L2 and the additional cluster_bits is to take into account each clusters referenced by the L2 entries. so int is safe for cluster_bits<=17, unsafe otherwise. Signed-off-by: Hu Tao Reviewed-by: Max Reitz Reviewed-by: Benoit Canet Signed-off-by: Kevin Wolf (cherry picked from commit 33304ec9fa484e765c6249673e09e1b7d49c5b85) Signed-off-by: Michael Roth --- block/qcow2-refcount.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 8c57016bdd..6c212c9623 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -678,7 +678,13 @@ int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, BDRVQcowState *s = bs->opaque; uint64_t cluster_index; uint64_t old_free_cluster_index; - int i, refcount, ret; + uint64_t i; + int refcount, ret; + + assert(nb_clusters >= 0); + if (nb_clusters == 0) { + return 0; + } /* Check how many clusters there are free */ cluster_index = offset >> s->cluster_bits; From aeba41549da75d5775165e9205170e5b7a30f016 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 4 Dec 2013 11:06:36 +0100 Subject: [PATCH 158/219] qcow2: Zero-initialise first cluster for new images Strictly speaking, this is only required for has_zero_init() == false, but it's easy enough to just do a cluster-aligned write that is padded with zeros after the header. This fixes that after 'qemu-img create' header extensions are attempted to be parsed that are really just random leftover data. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Fam Zheng Reviewed-by: Paolo Bonzini Signed-off-by: Stefan Hajnoczi (cherry picked from commit f8413b3c23b08a547ce18609acc6fae5fd04ed5c) Signed-off-by: Michael Roth --- block/qcow2.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index 3e620f2127..3daf0199a0 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1586,7 +1586,7 @@ static int qcow2_create2(const char *filename, int64_t total_size, * size for any qcow2 image. */ BlockDriverState* bs; - QCowHeader header; + QCowHeader *header; uint8_t* refcount_table; Error *local_err = NULL; int ret; @@ -1604,30 +1604,34 @@ static int qcow2_create2(const char *filename, int64_t total_size, } /* Write the header */ - memset(&header, 0, sizeof(header)); - header.magic = cpu_to_be32(QCOW_MAGIC); - header.version = cpu_to_be32(version); - header.cluster_bits = cpu_to_be32(cluster_bits); - header.size = cpu_to_be64(0); - header.l1_table_offset = cpu_to_be64(0); - header.l1_size = cpu_to_be32(0); - header.refcount_table_offset = cpu_to_be64(cluster_size); - header.refcount_table_clusters = cpu_to_be32(1); - header.refcount_order = cpu_to_be32(3 + REFCOUNT_SHIFT); - header.header_length = cpu_to_be32(sizeof(header)); + QEMU_BUILD_BUG_ON((1 << MIN_CLUSTER_BITS) < sizeof(*header)); + header = g_malloc0(cluster_size); + *header = (QCowHeader) { + .magic = cpu_to_be32(QCOW_MAGIC), + .version = cpu_to_be32(version), + .cluster_bits = cpu_to_be32(cluster_bits), + .size = cpu_to_be64(0), + .l1_table_offset = cpu_to_be64(0), + .l1_size = cpu_to_be32(0), + .refcount_table_offset = cpu_to_be64(cluster_size), + .refcount_table_clusters = cpu_to_be32(1), + .refcount_order = cpu_to_be32(3 + REFCOUNT_SHIFT), + .header_length = cpu_to_be32(sizeof(*header)), + }; if (flags & BLOCK_FLAG_ENCRYPT) { - header.crypt_method = cpu_to_be32(QCOW_CRYPT_AES); + header->crypt_method = cpu_to_be32(QCOW_CRYPT_AES); } else { - header.crypt_method = cpu_to_be32(QCOW_CRYPT_NONE); + header->crypt_method = cpu_to_be32(QCOW_CRYPT_NONE); } if (flags & BLOCK_FLAG_LAZY_REFCOUNTS) { - header.compatible_features |= + header->compatible_features |= cpu_to_be64(QCOW2_COMPAT_LAZY_REFCOUNTS); } - ret = bdrv_pwrite(bs, 0, &header, sizeof(header)); + ret = bdrv_pwrite(bs, 0, header, cluster_size); + g_free(header); if (ret < 0) { error_setg_errno(errp, -ret, "Could not write qcow2 header"); goto out; From ffa3ab02174f7cb474366bc325bd35264364c9fd Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Fri, 28 Mar 2014 18:06:31 +0100 Subject: [PATCH 159/219] qcow2: Don't rely on free_cluster_index in alloc_refcount_block() (CVE-2014-0147) free_cluster_index is only correct if update_refcount() was called from an allocation function, and even there it's brittle because it's used to protect unfinished allocations which still have a refcount of 0 - if it moves in the wrong place, the unfinished allocation can be corrupted. So not using it any more seems to be a good idea. Instead, use the first requested cluster to do the calculations. Return -EAGAIN if unfinished allocations could become invalid and let the caller restart its search for some free clusters. The context of creating a snapsnot is one situation where update_refcount() is called outside of a cluster allocation. For this case, the change fixes a buffer overflow if a cluster is referenced in an L2 table that cannot be represented by an existing refcount block. (new_table[refcount_table_index] was out of bounds) [Bump the qemu-iotests 026 refblock_alloc.write leak count from 10 to 11. --Stefan] Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit b106ad9185f35fc4ad669555ad0e79e276083bd7) Signed-off-by: Michael Roth --- block/qcow2-refcount.c | 72 ++++++++++++++++++++------------------ block/qcow2.c | 11 +++--- tests/qemu-iotests/026.out | 6 ++-- tests/qemu-iotests/044.out | 2 +- tests/qemu-iotests/080 | 11 ++++++ tests/qemu-iotests/080.out | 7 ++++ 6 files changed, 65 insertions(+), 44 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 6c212c9623..22dfb2d2b2 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -193,10 +193,11 @@ static int alloc_refcount_block(BlockDriverState *bs, * they can describe them themselves. * * - We need to consider that at this point we are inside update_refcounts - * and doing the initial refcount increase. This means that some clusters - * have already been allocated by the caller, but their refcount isn't - * accurate yet. free_cluster_index tells us where this allocation ends - * as long as we don't overwrite it by freeing clusters. + * and potentially doing an initial refcount increase. This means that + * some clusters have already been allocated by the caller, but their + * refcount isn't accurate yet. If we allocate clusters for metadata, we + * need to return -EAGAIN to signal the caller that it needs to restart + * the search for free clusters. * * - alloc_clusters_noref and qcow2_free_clusters may load a different * refcount block into the cache @@ -281,7 +282,10 @@ static int alloc_refcount_block(BlockDriverState *bs, } s->refcount_table[refcount_table_index] = new_block; - return 0; + + /* The new refcount block may be where the caller intended to put its + * data, so let it restart the search. */ + return -EAGAIN; } ret = qcow2_cache_put(bs, s->refcount_block_cache, (void**) refcount_block); @@ -304,8 +308,7 @@ static int alloc_refcount_block(BlockDriverState *bs, /* Calculate the number of refcount blocks needed so far */ uint64_t refcount_block_clusters = 1 << (s->cluster_bits - REFCOUNT_SHIFT); - uint64_t blocks_used = (s->free_cluster_index + - refcount_block_clusters - 1) / refcount_block_clusters; + uint64_t blocks_used = DIV_ROUND_UP(cluster_index, refcount_block_clusters); /* And now we need at least one block more for the new metadata */ uint64_t table_size = next_refcount_table_size(s, blocks_used + 1); @@ -338,8 +341,6 @@ static int alloc_refcount_block(BlockDriverState *bs, uint16_t *new_blocks = g_malloc0(blocks_clusters * s->cluster_size); uint64_t *new_table = g_malloc0(table_size * sizeof(uint64_t)); - assert(meta_offset >= (s->free_cluster_index * s->cluster_size)); - /* Fill the new refcount table */ memcpy(new_table, s->refcount_table, s->refcount_table_size * sizeof(uint64_t)); @@ -402,18 +403,19 @@ static int alloc_refcount_block(BlockDriverState *bs, s->refcount_table_size = table_size; s->refcount_table_offset = table_offset; - /* Free old table. Remember, we must not change free_cluster_index */ - uint64_t old_free_cluster_index = s->free_cluster_index; + /* Free old table. */ qcow2_free_clusters(bs, old_table_offset, old_table_size * sizeof(uint64_t), QCOW2_DISCARD_OTHER); - s->free_cluster_index = old_free_cluster_index; ret = load_refcount_block(bs, new_block, (void**) refcount_block); if (ret < 0) { return ret; } - return 0; + /* If we were trying to do the initial refcount update for some cluster + * allocation, we might have used the same clusters to store newly + * allocated metadata. Make the caller search some new space. */ + return -EAGAIN; fail_table: g_free(new_table); @@ -659,12 +661,15 @@ int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size) int ret; BLKDBG_EVENT(bs->file, BLKDBG_CLUSTER_ALLOC); - offset = alloc_clusters_noref(bs, size); - if (offset < 0) { - return offset; - } + do { + offset = alloc_clusters_noref(bs, size); + if (offset < 0) { + return offset; + } + + ret = update_refcount(bs, offset, size, 1, QCOW2_DISCARD_NEVER); + } while (ret == -EAGAIN); - ret = update_refcount(bs, offset, size, 1, QCOW2_DISCARD_NEVER); if (ret < 0) { return ret; } @@ -677,7 +682,6 @@ int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, { BDRVQcowState *s = bs->opaque; uint64_t cluster_index; - uint64_t old_free_cluster_index; uint64_t i; int refcount, ret; @@ -686,30 +690,28 @@ int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, return 0; } - /* Check how many clusters there are free */ - cluster_index = offset >> s->cluster_bits; - for(i = 0; i < nb_clusters; i++) { - refcount = get_refcount(bs, cluster_index++); + do { + /* Check how many clusters there are free */ + cluster_index = offset >> s->cluster_bits; + for(i = 0; i < nb_clusters; i++) { + refcount = get_refcount(bs, cluster_index++); - if (refcount < 0) { - return refcount; - } else if (refcount != 0) { - break; + if (refcount < 0) { + return refcount; + } else if (refcount != 0) { + break; + } } - } - /* And then allocate them */ - old_free_cluster_index = s->free_cluster_index; - s->free_cluster_index = cluster_index + i; + /* And then allocate them */ + ret = update_refcount(bs, offset, i << s->cluster_bits, 1, + QCOW2_DISCARD_NEVER); + } while (ret == -EAGAIN); - ret = update_refcount(bs, offset, i << s->cluster_bits, 1, - QCOW2_DISCARD_NEVER); if (ret < 0) { return ret; } - s->free_cluster_index = old_free_cluster_index; - return i; } diff --git a/block/qcow2.c b/block/qcow2.c index 3daf0199a0..45f3f8a10b 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -1587,7 +1587,7 @@ static int qcow2_create2(const char *filename, int64_t total_size, */ BlockDriverState* bs; QCowHeader *header; - uint8_t* refcount_table; + uint64_t* refcount_table; Error *local_err = NULL; int ret; @@ -1637,9 +1637,10 @@ static int qcow2_create2(const char *filename, int64_t total_size, goto out; } - /* Write an empty refcount table */ - refcount_table = g_malloc0(cluster_size); - ret = bdrv_pwrite(bs, cluster_size, refcount_table, cluster_size); + /* Write a refcount table with one refcount block */ + refcount_table = g_malloc0(2 * cluster_size); + refcount_table[0] = cpu_to_be64(2 * cluster_size); + ret = bdrv_pwrite(bs, cluster_size, refcount_table, 2 * cluster_size); g_free(refcount_table); if (ret < 0) { @@ -1663,7 +1664,7 @@ static int qcow2_create2(const char *filename, int64_t total_size, goto out; } - ret = qcow2_alloc_clusters(bs, 2 * cluster_size); + ret = qcow2_alloc_clusters(bs, 3 * cluster_size); if (ret < 0) { error_setg_errno(errp, -ret, "Could not allocate clusters for qcow2 " "header and refcount table"); diff --git a/tests/qemu-iotests/026.out b/tests/qemu-iotests/026.out index 15045799a2..f7c78e712a 100644 --- a/tests/qemu-iotests/026.out +++ b/tests/qemu-iotests/026.out @@ -475,7 +475,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824 Event: refblock_alloc.write_blocks; errno: 28; imm: off; once: off; write write failed: No space left on device -10 leaked clusters were found on the image. +11 leaked clusters were found on the image. This means waste of disk space, but no harm to data. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824 @@ -499,7 +499,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824 Event: refblock_alloc.write_table; errno: 28; imm: off; once: off; write write failed: No space left on device -10 leaked clusters were found on the image. +11 leaked clusters were found on the image. This means waste of disk space, but no harm to data. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824 @@ -523,7 +523,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824 Event: refblock_alloc.switch_table; errno: 28; imm: off; once: off; write write failed: No space left on device -10 leaked clusters were found on the image. +11 leaked clusters were found on the image. This means waste of disk space, but no harm to data. Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=1073741824 diff --git a/tests/qemu-iotests/044.out b/tests/qemu-iotests/044.out index 5c5aa929fb..4789a5310e 100644 --- a/tests/qemu-iotests/044.out +++ b/tests/qemu-iotests/044.out @@ -1,6 +1,6 @@ No errors were found on the image. 7292415/33554432 = 21.73% allocated, 0.00% fragmented, 0.00% compressed clusters -Image end offset: 4296448000 +Image end offset: 4296152064 . ---------------------------------------------------------------------- Ran 1 tests diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index f3091a9377..56f890395c 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -56,6 +56,8 @@ offset_header_size=100 offset_ext_magic=$header_size offset_ext_size=$((header_size + 4)) +offset_l2_table_0=$((0x40000)) + echo echo "== Huge header size ==" _make_test_img 64M @@ -143,6 +145,15 @@ poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\x00\x00\x00\x1 poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid L2 entry (huge physical offset) ==" +_make_test_img 64M +{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_l2_table_0" "\xbf\xff\xff\xff\xff\xff\x00\x00" +{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_l2_table_0" "\x80\x00\x00\xff\xff\xff\x00\x00" +{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 8103211064..303d6c3465 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -63,4 +63,11 @@ no file open, try 'help open' Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 qemu-io: can't open device TEST_DIR/t.qcow2: Backing file name too long no file open, try 'help open' + +== Invalid L2 entry (huge physical offset) == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +wrote 512/512 bytes at offset 0 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +qemu-img: Could not create snapshot 'test': -27 (File too large) +qemu-img: Could not create snapshot 'test': -11 (Resource temporarily unavailable) *** done From 7a6088c87030b84e9f4b70ed9b656bec999dfc77 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:49 +0100 Subject: [PATCH 160/219] qcow2: Avoid integer overflow in get_refcount (CVE-2014-0143) This ensures that the checks catch all invalid cluster indexes instead of returning the refcount of a wrong cluster. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit db8a31d11d6a60f48d6817530640d75aa72a9a2f) Signed-off-by: Michael Roth --- block/qcow2-refcount.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 22dfb2d2b2..57c1fbad96 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -89,7 +89,7 @@ static int load_refcount_block(BlockDriverState *bs, static int get_refcount(BlockDriverState *bs, int64_t cluster_index) { BDRVQcowState *s = bs->opaque; - int refcount_table_index, block_index; + uint64_t refcount_table_index, block_index; int64_t refcount_block_offset; int ret; uint16_t *refcount_block; From 610ab7bd3d22dcd328eaabff1be627510bae23b5 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:50 +0100 Subject: [PATCH 161/219] qcow2: Check new refcount table size on growth If the size becomes larger than what qcow2_open() would accept, fail the growing operation. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 2b5d5953eec0cc541857c3df812bdf8421596ab2) Signed-off-by: Michael Roth --- block/qcow2-refcount.c | 4 ++++ block/qcow2.c | 4 +--- block/qcow2.h | 9 +++++++++ 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 57c1fbad96..29e25a726c 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -310,6 +310,10 @@ static int alloc_refcount_block(BlockDriverState *bs, uint64_t refcount_block_clusters = 1 << (s->cluster_bits - REFCOUNT_SHIFT); uint64_t blocks_used = DIV_ROUND_UP(cluster_index, refcount_block_clusters); + if (blocks_used > QCOW_MAX_REFTABLE_SIZE / sizeof(uint64_t)) { + return -EFBIG; + } + /* And now we need at least one block more for the new metadata */ uint64_t table_size = next_refcount_table_size(s, blocks_used + 1); uint64_t last_table_size; diff --git a/block/qcow2.c b/block/qcow2.c index 45f3f8a10b..447308ea9f 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -611,9 +611,7 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, s->refcount_table_size = header.refcount_table_clusters << (s->cluster_bits - 3); - if (header.refcount_table_clusters > (0x800000 >> s->cluster_bits)) { - /* 8 MB refcount table is enough for 2 PB images at 64k cluster size - * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ + if (header.refcount_table_clusters > qcow2_max_refcount_clusters(s)) { error_setg(errp, "Reference count table too large"); ret = -EINVAL; goto fail; diff --git a/block/qcow2.h b/block/qcow2.h index 99fe092753..e1b4c4b846 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -40,6 +40,10 @@ #define QCOW_MAX_CRYPT_CLUSTERS 32 #define QCOW_MAX_SNAPSHOTS 65536 +/* 8 MB refcount table is enough for 2 PB images at 64k cluster size + * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ +#define QCOW_MAX_REFTABLE_SIZE 0x800000 + /* indicate that the refcount of the referenced cluster is exactly one. */ #define QCOW_OFLAG_COPIED (1ULL << 63) /* indicate that the cluster is compressed (they never have the copied flag) */ @@ -410,6 +414,11 @@ static inline int64_t qcow2_vm_state_offset(BDRVQcowState *s) return (int64_t)s->l1_vm_state_index << (s->cluster_bits + s->l2_bits); } +static inline uint64_t qcow2_max_refcount_clusters(BDRVQcowState *s) +{ + return QCOW_MAX_REFTABLE_SIZE >> s->cluster_bits; +} + static inline int qcow2_get_cluster_type(uint64_t l2_entry) { if (l2_entry & QCOW_OFLAG_COMPRESSED) { From c8748374758cffffd903ff08d54c1d8d492c6c72 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:51 +0100 Subject: [PATCH 162/219] qcow2: Fix types in qcow2_alloc_clusters and alloc_clusters_noref In order to avoid integer overflows. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit bb572aefbdac290363bfa5ca0e810ccce0a14ed6) Signed-off-by: Michael Roth --- block/qcow2-refcount.c | 11 ++++++----- block/qcow2.h | 6 +++--- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 29e25a726c..8a968d144e 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -28,7 +28,7 @@ #include "qemu/range.h" #include "qapi/qmp/types.h" -static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size); +static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size); static int QEMU_WARN_UNUSED_RESULT update_refcount(BlockDriverState *bs, int64_t offset, int64_t length, int addend, enum qcow2_discard_type type); @@ -634,15 +634,16 @@ int qcow2_update_cluster_refcount(BlockDriverState *bs, /* return < 0 if error */ -static int64_t alloc_clusters_noref(BlockDriverState *bs, int64_t size) +static int64_t alloc_clusters_noref(BlockDriverState *bs, uint64_t size) { BDRVQcowState *s = bs->opaque; - int i, nb_clusters, refcount; + uint64_t i, nb_clusters; + int refcount; nb_clusters = size_to_clusters(s, size); retry: for(i = 0; i < nb_clusters; i++) { - int64_t next_cluster_index = s->free_cluster_index++; + uint64_t next_cluster_index = s->free_cluster_index++; refcount = get_refcount(bs, next_cluster_index); if (refcount < 0) { @@ -659,7 +660,7 @@ retry: return (s->free_cluster_index - nb_clusters) << s->cluster_bits; } -int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size) +int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size) { int64_t offset; int ret; diff --git a/block/qcow2.h b/block/qcow2.h index e1b4c4b846..a20d91f399 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -222,8 +222,8 @@ typedef struct BDRVQcowState { uint64_t *refcount_table; uint64_t refcount_table_offset; uint32_t refcount_table_size; - int64_t free_cluster_index; - int64_t free_byte_offset; + uint64_t free_cluster_index; + uint64_t free_byte_offset; CoMutex lock; @@ -467,7 +467,7 @@ void qcow2_refcount_close(BlockDriverState *bs); int qcow2_update_cluster_refcount(BlockDriverState *bs, int64_t cluster_index, int addend, enum qcow2_discard_type type); -int64_t qcow2_alloc_clusters(BlockDriverState *bs, int64_t size); +int64_t qcow2_alloc_clusters(BlockDriverState *bs, uint64_t size); int qcow2_alloc_clusters_at(BlockDriverState *bs, uint64_t offset, int nb_clusters); int64_t qcow2_alloc_bytes(BlockDriverState *bs, int size); From e1c8770f56d59bad1056825228eec01caee24117 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:52 +0100 Subject: [PATCH 163/219] qcow2: Protect against some integer overflows in bdrv_check Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 0abe740f1de899737242bcba1fb4a9857f7a3087) Signed-off-by: Michael Roth --- block/qcow2-refcount.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 8a968d144e..99bb9b0f81 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -1019,8 +1019,7 @@ static void inc_refcounts(BlockDriverState *bs, int64_t offset, int64_t size) { BDRVQcowState *s = bs->opaque; - int64_t start, last, cluster_offset; - int k; + uint64_t start, last, cluster_offset, k; if (size <= 0) return; @@ -1030,11 +1029,7 @@ static void inc_refcounts(BlockDriverState *bs, for(cluster_offset = start; cluster_offset <= last; cluster_offset += s->cluster_size) { k = cluster_offset >> s->cluster_bits; - if (k < 0) { - fprintf(stderr, "ERROR: invalid cluster offset=0x%" PRIx64 "\n", - cluster_offset); - res->corruptions++; - } else if (k >= refcount_table_size) { + if (k >= refcount_table_size) { fprintf(stderr, "Warning: cluster offset=0x%" PRIx64 " is after " "the end of the image file, can't properly check refcounts.\n", cluster_offset); @@ -1475,14 +1470,19 @@ int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res, BdrvCheckMode fix) { BDRVQcowState *s = bs->opaque; - int64_t size, i, highest_cluster; - int nb_clusters, refcount1, refcount2; + int64_t size, i, highest_cluster, nb_clusters; + int refcount1, refcount2; QCowSnapshot *sn; uint16_t *refcount_table; int ret; size = bdrv_getlength(bs->file); nb_clusters = size_to_clusters(s, size); + if (nb_clusters > INT_MAX) { + res->check_errors++; + return -EFBIG; + } + refcount_table = g_malloc0(nb_clusters * sizeof(uint16_t)); res->bfi.total_clusters = From 3c6347ce8c3edc677c95da437bd40321e6d57b00 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:05:53 +0100 Subject: [PATCH 164/219] qcow2: Fix new L1 table size check (CVE-2014-0143) The size in bytes is assigned to an int later, so check that instead of the number of entries. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit cab60de930684c33f67d4e32c7509b567f8c445b) Signed-off-by: Michael Roth --- block/qcow2-cluster.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 791083a0ef..64a7ee60b8 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -55,7 +55,7 @@ int qcow2_grow_l1_table(BlockDriverState *bs, uint64_t min_size, } } - if (new_l1_size > INT_MAX) { + if (new_l1_size > INT_MAX / sizeof(uint64_t)) { return -EFBIG; } From dedf4a5f79d8dcb384c1324b44dae536ec938d9d Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:54 +0100 Subject: [PATCH 165/219] dmg: coding style and indentation cleanup Clean up the mix of tabs and spaces, as well as the coding style violations in block/dmg.c. There are no semantic changes since this patch simply reformats the code. This patch is necessary before we can make meaningful changes to this file, due to the inconsistent formatting and confusing indentation. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 2c1885adcf0312da80c7317b09f9adad97fa0fc6) Signed-off-by: Michael Roth --- block/dmg.c | 220 ++++++++++++++++++++++++++++------------------------ 1 file changed, 118 insertions(+), 102 deletions(-) diff --git a/block/dmg.c b/block/dmg.c index d5e9b1ff01..be2f26e85e 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -96,9 +96,9 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { BDRVDMGState *s = bs->opaque; - uint64_t info_begin,info_end,last_in_offset,last_out_offset; + uint64_t info_begin, info_end, last_in_offset, last_out_offset; uint32_t count, tmp; - uint32_t max_compressed_size=1,max_sectors_per_chunk=1,i; + uint32_t max_compressed_size = 1, max_sectors_per_chunk = 1, i; int64_t offset; int ret; @@ -160,37 +160,39 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } - if (type == 0x6d697368 && count >= 244) { - int new_size, chunk_count; + if (type == 0x6d697368 && count >= 244) { + int new_size, chunk_count; offset += 4; offset += 200; - chunk_count = (count-204)/40; - new_size = sizeof(uint64_t) * (s->n_chunks + chunk_count); - s->types = g_realloc(s->types, new_size/2); - s->offsets = g_realloc(s->offsets, new_size); - s->lengths = g_realloc(s->lengths, new_size); - s->sectors = g_realloc(s->sectors, new_size); - s->sectorcounts = g_realloc(s->sectorcounts, new_size); + chunk_count = (count - 204) / 40; + new_size = sizeof(uint64_t) * (s->n_chunks + chunk_count); + s->types = g_realloc(s->types, new_size / 2); + s->offsets = g_realloc(s->offsets, new_size); + s->lengths = g_realloc(s->lengths, new_size); + s->sectors = g_realloc(s->sectors, new_size); + s->sectorcounts = g_realloc(s->sectorcounts, new_size); for (i = s->n_chunks; i < s->n_chunks + chunk_count; i++) { ret = read_uint32(bs, offset, &s->types[i]); if (ret < 0) { goto fail; } - offset += 4; - if(s->types[i]!=0x80000005 && s->types[i]!=1 && s->types[i]!=2) { - if(s->types[i]==0xffffffff) { - last_in_offset = s->offsets[i-1]+s->lengths[i-1]; - last_out_offset = s->sectors[i-1]+s->sectorcounts[i-1]; - } - chunk_count--; - i--; - offset += 36; - continue; - } - offset += 4; + offset += 4; + if (s->types[i] != 0x80000005 && s->types[i] != 1 && + s->types[i] != 2) { + if (s->types[i] == 0xffffffff) { + last_in_offset = s->offsets[i - 1] + s->lengths[i - 1]; + last_out_offset = s->sectors[i - 1] + + s->sectorcounts[i - 1]; + } + chunk_count--; + i--; + offset += 36; + continue; + } + offset += 4; ret = read_uint64(bs, offset, &s->sectors[i]); if (ret < 0) { @@ -218,19 +220,21 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, } offset += 8; - if(s->lengths[i]>max_compressed_size) - max_compressed_size = s->lengths[i]; - if(s->sectorcounts[i]>max_sectors_per_chunk) - max_sectors_per_chunk = s->sectorcounts[i]; - } - s->n_chunks+=chunk_count; - } + if (s->lengths[i] > max_compressed_size) { + max_compressed_size = s->lengths[i]; + } + if (s->sectorcounts[i] > max_sectors_per_chunk) { + max_sectors_per_chunk = s->sectorcounts[i]; + } + } + s->n_chunks += chunk_count; + } } /* initialize zlib engine */ - s->compressed_chunk = g_malloc(max_compressed_size+1); - s->uncompressed_chunk = g_malloc(512*max_sectors_per_chunk); - if(inflateInit(&s->zstream) != Z_OK) { + s->compressed_chunk = g_malloc(max_compressed_size + 1); + s->uncompressed_chunk = g_malloc(512 * max_sectors_per_chunk); + if (inflateInit(&s->zstream) != Z_OK) { ret = -EINVAL; goto fail; } @@ -252,27 +256,29 @@ fail: } static inline int is_sector_in_chunk(BDRVDMGState* s, - uint32_t chunk_num,int sector_num) + uint32_t chunk_num, int sector_num) { - if(chunk_num>=s->n_chunks || s->sectors[chunk_num]>sector_num || - s->sectors[chunk_num]+s->sectorcounts[chunk_num]<=sector_num) - return 0; - else - return -1; + if (chunk_num >= s->n_chunks || s->sectors[chunk_num] > sector_num || + s->sectors[chunk_num] + s->sectorcounts[chunk_num] <= sector_num) { + return 0; + } else { + return -1; + } } -static inline uint32_t search_chunk(BDRVDMGState* s,int sector_num) +static inline uint32_t search_chunk(BDRVDMGState *s, int sector_num) { /* binary search */ - uint32_t chunk1=0,chunk2=s->n_chunks,chunk3; - while(chunk1!=chunk2) { - chunk3 = (chunk1+chunk2)/2; - if(s->sectors[chunk3]>sector_num) - chunk2 = chunk3; - else if(s->sectors[chunk3]+s->sectorcounts[chunk3]>sector_num) - return chunk3; - else - chunk1 = chunk3; + uint32_t chunk1 = 0, chunk2 = s->n_chunks, chunk3; + while (chunk1 != chunk2) { + chunk3 = (chunk1 + chunk2) / 2; + if (s->sectors[chunk3] > sector_num) { + chunk2 = chunk3; + } else if (s->sectors[chunk3] + s->sectorcounts[chunk3] > sector_num) { + return chunk3; + } else { + chunk1 = chunk3; + } } return s->n_chunks; /* error */ } @@ -281,54 +287,62 @@ static inline int dmg_read_chunk(BlockDriverState *bs, int sector_num) { BDRVDMGState *s = bs->opaque; - if(!is_sector_in_chunk(s,s->current_chunk,sector_num)) { - int ret; - uint32_t chunk = search_chunk(s,sector_num); + if (!is_sector_in_chunk(s, s->current_chunk, sector_num)) { + int ret; + uint32_t chunk = search_chunk(s, sector_num); - if(chunk>=s->n_chunks) - return -1; + if (chunk >= s->n_chunks) { + return -1; + } - s->current_chunk = s->n_chunks; - switch(s->types[chunk]) { - case 0x80000005: { /* zlib compressed */ - int i; + s->current_chunk = s->n_chunks; + switch (s->types[chunk]) { + case 0x80000005: { /* zlib compressed */ + int i; - /* we need to buffer, because only the chunk as whole can be - * inflated. */ - i=0; - do { + /* we need to buffer, because only the chunk as whole can be + * inflated. */ + i = 0; + do { ret = bdrv_pread(bs->file, s->offsets[chunk] + i, - s->compressed_chunk+i, s->lengths[chunk]-i); - if(ret<0 && errno==EINTR) - ret=0; - i+=ret; - } while(ret>=0 && ret+ilengths[chunk]); + s->compressed_chunk + i, + s->lengths[chunk] - i); + if (ret < 0 && errno == EINTR) { + ret = 0; + } + i += ret; + } while (ret >= 0 && ret + i < s->lengths[chunk]); - if (ret != s->lengths[chunk]) - return -1; + if (ret != s->lengths[chunk]) { + return -1; + } - s->zstream.next_in = s->compressed_chunk; - s->zstream.avail_in = s->lengths[chunk]; - s->zstream.next_out = s->uncompressed_chunk; - s->zstream.avail_out = 512*s->sectorcounts[chunk]; - ret = inflateReset(&s->zstream); - if(ret != Z_OK) - return -1; - ret = inflate(&s->zstream, Z_FINISH); - if(ret != Z_STREAM_END || s->zstream.total_out != 512*s->sectorcounts[chunk]) - return -1; - break; } - case 1: /* copy */ - ret = bdrv_pread(bs->file, s->offsets[chunk], + s->zstream.next_in = s->compressed_chunk; + s->zstream.avail_in = s->lengths[chunk]; + s->zstream.next_out = s->uncompressed_chunk; + s->zstream.avail_out = 512 * s->sectorcounts[chunk]; + ret = inflateReset(&s->zstream); + if (ret != Z_OK) { + return -1; + } + ret = inflate(&s->zstream, Z_FINISH); + if (ret != Z_STREAM_END || + s->zstream.total_out != 512 * s->sectorcounts[chunk]) { + return -1; + } + break; } + case 1: /* copy */ + ret = bdrv_pread(bs->file, s->offsets[chunk], s->uncompressed_chunk, s->lengths[chunk]); - if (ret != s->lengths[chunk]) - return -1; - break; - case 2: /* zero */ - memset(s->uncompressed_chunk, 0, 512*s->sectorcounts[chunk]); - break; - } - s->current_chunk = chunk; + if (ret != s->lengths[chunk]) { + return -1; + } + break; + case 2: /* zero */ + memset(s->uncompressed_chunk, 0, 512 * s->sectorcounts[chunk]); + break; + } + s->current_chunk = chunk; } return 0; } @@ -339,12 +353,14 @@ static int dmg_read(BlockDriverState *bs, int64_t sector_num, BDRVDMGState *s = bs->opaque; int i; - for(i=0;isectors[s->current_chunk]; - memcpy(buf+i*512,s->uncompressed_chunk+sector_offset_in_chunk*512,512); + for (i = 0; i < nb_sectors; i++) { + uint32_t sector_offset_in_chunk; + if (dmg_read_chunk(bs, sector_num + i) != 0) { + return -1; + } + sector_offset_in_chunk = sector_num + i - s->sectors[s->current_chunk]; + memcpy(buf + i * 512, + s->uncompressed_chunk + sector_offset_in_chunk * 512, 512); } return 0; } @@ -376,12 +392,12 @@ static void dmg_close(BlockDriverState *bs) } static BlockDriver bdrv_dmg = { - .format_name = "dmg", - .instance_size = sizeof(BDRVDMGState), - .bdrv_probe = dmg_probe, - .bdrv_open = dmg_open, - .bdrv_read = dmg_co_read, - .bdrv_close = dmg_close, + .format_name = "dmg", + .instance_size = sizeof(BDRVDMGState), + .bdrv_probe = dmg_probe, + .bdrv_open = dmg_open, + .bdrv_read = dmg_co_read, + .bdrv_close = dmg_close, }; static void bdrv_dmg_init(void) From ad08cae75c444366ad7a5222c6b7867f31a338f7 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:55 +0100 Subject: [PATCH 166/219] dmg: prevent out-of-bounds array access on terminator When a terminator is reached the base for offsets and sectors is stored. The following records that are processed will use this base value. If the first record we encounter is a terminator, then calculating the base values would result in out-of-bounds array accesses. Don't do that. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 73ed27ec28a1dbebdd2ae792284151f029950fbe) Signed-off-by: Michael Roth --- block/dmg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/dmg.c b/block/dmg.c index be2f26e85e..f4f3e8e9f2 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -182,7 +182,7 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, offset += 4; if (s->types[i] != 0x80000005 && s->types[i] != 1 && s->types[i] != 2) { - if (s->types[i] == 0xffffffff) { + if (s->types[i] == 0xffffffff && i > 0) { last_in_offset = s->offsets[i - 1] + s->lengths[i - 1]; last_out_offset = s->sectors[i - 1] + s->sectorcounts[i - 1]; From 4ee5b9c8cbe05d1865924dce226b4c3aedc4dae6 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:56 +0100 Subject: [PATCH 167/219] dmg: drop broken bdrv_pread() loop It is not necessary to check errno for EINTR and the block layer does not produce short reads. Therefore we can drop the loop that attempts to read a compressed chunk. The loop is buggy because it incorrectly adds the transferred bytes twice: do { ret = bdrv_pread(...); i += ret; } while (ret >= 0 && ret + i < s->lengths[chunk]); Luckily we can drop the loop completely and perform a single bdrv_pread(). Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit b404bf854217dbe8a5649449eb3ad33777f7d900) Signed-off-by: Michael Roth --- block/dmg.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/block/dmg.c b/block/dmg.c index f4f3e8e9f2..1cc5426d8c 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -298,21 +298,10 @@ static inline int dmg_read_chunk(BlockDriverState *bs, int sector_num) s->current_chunk = s->n_chunks; switch (s->types[chunk]) { case 0x80000005: { /* zlib compressed */ - int i; - /* we need to buffer, because only the chunk as whole can be * inflated. */ - i = 0; - do { - ret = bdrv_pread(bs->file, s->offsets[chunk] + i, - s->compressed_chunk + i, - s->lengths[chunk] - i); - if (ret < 0 && errno == EINTR) { - ret = 0; - } - i += ret; - } while (ret >= 0 && ret + i < s->lengths[chunk]); - + ret = bdrv_pread(bs->file, s->offsets[chunk], + s->compressed_chunk, s->lengths[chunk]); if (ret != s->lengths[chunk]) { return -1; } From 4b50bd735711928869f14824481ac2cbda5333d5 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:57 +0100 Subject: [PATCH 168/219] dmg: use appropriate types when reading chunks Use the right types instead of signed int: size_t new_size; This is a byte count for g_realloc() that is calculated from uint32_t and size_t values. uint32_t chunk_count; Use the same type as s->n_chunks, which is used together with chunk_count. This patch is a cleanup and does not fix bugs. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit eb71803b041f55779ea10d860c0f66df285c68de) Signed-off-by: Michael Roth --- block/dmg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/block/dmg.c b/block/dmg.c index 1cc5426d8c..f98c94dc47 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -161,7 +161,8 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, } if (type == 0x6d697368 && count >= 244) { - int new_size, chunk_count; + size_t new_size; + uint32_t chunk_count; offset += 4; offset += 200; From 758c4840c64d2f0faed18c16c02cbb2c2a3bdfe3 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:58 +0100 Subject: [PATCH 169/219] dmg: sanitize chunk length and sectorcount (CVE-2014-0145) Chunk length and sectorcount are used for decompression buffers as well as the bdrv_pread() count argument. Ensure that they have reasonable values so neither memory allocation nor conversion from uint64_t to int will cause problems. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit c165f7758009a4f793c1fc19ebb69cf55313450b) Signed-off-by: Michael Roth --- block/dmg.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/block/dmg.c b/block/dmg.c index f98c94dc47..ad253fe1ed 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -27,6 +27,14 @@ #include "qemu/module.h" #include +enum { + /* Limit chunk sizes to prevent unreasonable amounts of memory being used + * or truncating when converting to 32-bit types + */ + DMG_LENGTHS_MAX = 64 * 1024 * 1024, /* 64 MB */ + DMG_SECTORCOUNTS_MAX = DMG_LENGTHS_MAX / 512, +}; + typedef struct BDRVDMGState { CoMutex lock; /* each chunk contains a certain number of sectors, @@ -208,6 +216,14 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, } offset += 8; + if (s->sectorcounts[i] > DMG_SECTORCOUNTS_MAX) { + error_report("sector count %" PRIu64 " for chunk %u is " + "larger than max (%u)", + s->sectorcounts[i], i, DMG_SECTORCOUNTS_MAX); + ret = -EINVAL; + goto fail; + } + ret = read_uint64(bs, offset, &s->offsets[i]); if (ret < 0) { goto fail; @@ -221,6 +237,14 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, } offset += 8; + if (s->lengths[i] > DMG_LENGTHS_MAX) { + error_report("length %" PRIu64 " for chunk %u is larger " + "than max (%u)", + s->lengths[i], i, DMG_LENGTHS_MAX); + ret = -EINVAL; + goto fail; + } + if (s->lengths[i] > max_compressed_size) { max_compressed_size = s->lengths[i]; } From d400b5dc4acaa883d8e856a137c37f7aea1b2707 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:05:59 +0100 Subject: [PATCH 170/219] dmg: use uint64_t consistently for sectors and lengths The DMG metadata is stored as uint64_t, so use the same type for sector_num. int was a particularly poor choice since it is only 32-bit and would truncate large values. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 686d7148ec23402a172628c800022b3a95a022c9) Signed-off-by: Michael Roth --- block/dmg.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/block/dmg.c b/block/dmg.c index ad253fe1ed..be0ee3306e 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -281,7 +281,7 @@ fail: } static inline int is_sector_in_chunk(BDRVDMGState* s, - uint32_t chunk_num, int sector_num) + uint32_t chunk_num, uint64_t sector_num) { if (chunk_num >= s->n_chunks || s->sectors[chunk_num] > sector_num || s->sectors[chunk_num] + s->sectorcounts[chunk_num] <= sector_num) { @@ -291,7 +291,7 @@ static inline int is_sector_in_chunk(BDRVDMGState* s, } } -static inline uint32_t search_chunk(BDRVDMGState *s, int sector_num) +static inline uint32_t search_chunk(BDRVDMGState *s, uint64_t sector_num) { /* binary search */ uint32_t chunk1 = 0, chunk2 = s->n_chunks, chunk3; @@ -308,7 +308,7 @@ static inline uint32_t search_chunk(BDRVDMGState *s, int sector_num) return s->n_chunks; /* error */ } -static inline int dmg_read_chunk(BlockDriverState *bs, int sector_num) +static inline int dmg_read_chunk(BlockDriverState *bs, uint64_t sector_num) { BDRVDMGState *s = bs->opaque; From b6f7fbdd1d9e27822e829e983fb6f907576a24e4 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 26 Mar 2014 13:06:00 +0100 Subject: [PATCH 171/219] dmg: prevent chunk buffer overflow (CVE-2014-0145) Both compressed and uncompressed I/O is buffered. dmg_open() calculates the maximum buffer size needed from the metadata in the image file. There is currently a buffer overflow since ->lengths[] is accounted against the maximum compressed buffer size but actually uses the uncompressed buffer: switch (s->types[chunk]) { case 1: /* copy */ ret = bdrv_pread(bs->file, s->offsets[chunk], s->uncompressed_chunk, s->lengths[chunk]); We must account against the maximum uncompressed buffer size for type=1 chunks. This patch fixes the maximum buffer size calculation to take into account the chunk type. It is critical that we update the correct maximum since there are two buffers ->compressed_chunk and ->uncompressed_chunk. Signed-off-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit f0dce23475b5af5da6b17b97c1765271307734b6) Signed-off-by: Michael Roth --- block/dmg.c | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/block/dmg.c b/block/dmg.c index be0ee3306e..856402e1f2 100644 --- a/block/dmg.c +++ b/block/dmg.c @@ -100,6 +100,37 @@ static int read_uint32(BlockDriverState *bs, int64_t offset, uint32_t *result) return 0; } +/* Increase max chunk sizes, if necessary. This function is used to calculate + * the buffer sizes needed for compressed/uncompressed chunk I/O. + */ +static void update_max_chunk_size(BDRVDMGState *s, uint32_t chunk, + uint32_t *max_compressed_size, + uint32_t *max_sectors_per_chunk) +{ + uint32_t compressed_size = 0; + uint32_t uncompressed_sectors = 0; + + switch (s->types[chunk]) { + case 0x80000005: /* zlib compressed */ + compressed_size = s->lengths[chunk]; + uncompressed_sectors = s->sectorcounts[chunk]; + break; + case 1: /* copy */ + uncompressed_sectors = (s->lengths[chunk] + 511) / 512; + break; + case 2: /* zero */ + uncompressed_sectors = s->sectorcounts[chunk]; + break; + } + + if (compressed_size > *max_compressed_size) { + *max_compressed_size = compressed_size; + } + if (uncompressed_sectors > *max_sectors_per_chunk) { + *max_sectors_per_chunk = uncompressed_sectors; + } +} + static int dmg_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { @@ -245,12 +276,8 @@ static int dmg_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } - if (s->lengths[i] > max_compressed_size) { - max_compressed_size = s->lengths[i]; - } - if (s->sectorcounts[i] > max_sectors_per_chunk) { - max_sectors_per_chunk = s->sectorcounts[i]; - } + update_max_chunk_size(s, i, &max_compressed_size, + &max_sectors_per_chunk); } s->n_chunks += chunk_count; } From 759d38652ae6bbe1253b921c13c43d2c6c25b8d5 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:06:02 +0100 Subject: [PATCH 172/219] block: Limit request size (CVE-2014-0143) Limiting the size of a single request to INT_MAX not only fixes a direct integer overflow in bdrv_check_request() (which would only trigger bad behaviour with ridiculously huge images, as in close to 2^64 bytes), but can also prevent overflows in all block drivers. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 8f4754ede56e3f9ea3fd7207f4a7c4453e59285b) Signed-off-by: Michael Roth --- block.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/block.c b/block.c index 68651a9ba4..202d817382 100644 --- a/block.c +++ b/block.c @@ -2277,6 +2277,10 @@ static int bdrv_check_byte_request(BlockDriverState *bs, int64_t offset, static int bdrv_check_request(BlockDriverState *bs, int64_t sector_num, int nb_sectors) { + if (nb_sectors > INT_MAX / BDRV_SECTOR_SIZE) { + return -EIO; + } + return bdrv_check_byte_request(bs, sector_num * BDRV_SECTOR_SIZE, nb_sectors * BDRV_SECTOR_SIZE); } From c2c52728f5719a4534f52fd2f0c6f3d04e230bdf Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:06:04 +0100 Subject: [PATCH 173/219] qcow2: Fix NULL dereference in qcow2_open() error path (CVE-2014-0146) The qcow2 code assumes that s->snapshots is non-NULL if s->nb_snapshots != 0. By having the initialisation of both fields separated in qcow2_open(), any error occuring in between would cause the error path to dereference NULL in qcow2_free_snapshots() if the image had any snapshots. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 11b128f4062dd7f89b14abc8877ff20d41b28be9) Signed-off-by: Michael Roth --- block/qcow2.c | 7 ++++--- tests/qemu-iotests/080 | 7 +++++++ tests/qemu-iotests/080.out | 4 ++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/block/qcow2.c b/block/qcow2.c index 447308ea9f..52b73a9302 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -639,9 +639,6 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } - s->snapshots_offset = header.snapshots_offset; - s->nb_snapshots = header.nb_snapshots; - /* read the level 1 table */ if (header.l1_size > 0x2000000) { /* 32 MB L1 table is enough for 2 PB images at 64k cluster size @@ -736,6 +733,10 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, bs->backing_file[len] = '\0'; } + /* Internal snapshots */ + s->snapshots_offset = header.snapshots_offset; + s->nb_snapshots = header.nb_snapshots; + ret = qcow2_read_snapshots(bs); if (ret < 0) { error_setg_errno(errp, -ret, "Could not read snapshots"); diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 56f890395c..59e7a441b3 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -138,6 +138,13 @@ poke_file "$TEST_IMG" "$offset_l1_table_offset" "\x12\x34\x56\x78\x90\xab\xcd\xe poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid L1 table (with internal snapshot in the image) ==" +_make_test_img 64M +{ $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x00" +_img_info + echo echo "== Invalid backing file size ==" _make_test_img 64M diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 303d6c3465..4d84fbf64b 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -59,6 +59,10 @@ no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow2: Invalid L1 table offset no file open, try 'help open' +== Invalid L1 table (with internal snapshot in the image) == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-img: Could not open 'TEST_DIR/t.IMGFMT': L1 table is too small + == Invalid backing file size == Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 qemu-io: can't open device TEST_DIR/t.qcow2: Backing file name too long From 641c3ec44252f077100269e631a3583046848f18 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:06:03 +0100 Subject: [PATCH 174/219] qcow2: Fix copy_sectors() with VM state bs->total_sectors is not the highest possible sector number that could be involved in a copy on write operation: VM state is after the end of the virtual disk. This resulted in wrong values for the number of sectors to be copied (n). The code that checks for the end of the image isn't required any more because the code hasn't been calling the block layer's bdrv_read() for a long time; instead, it directly calls qcow2_readv(), which doesn't error out on VM state sector numbers. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 6b7d4c55586a849aa8313282d79432917eade3bf) Signed-off-by: Michael Roth --- block/qcow2-cluster.c | 9 --------- tests/qemu-iotests/029 | 22 ++++++++++++++++++++-- tests/qemu-iotests/029.out | 13 +++++++++++++ 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c index 64a7ee60b8..23f28786ad 100644 --- a/block/qcow2-cluster.c +++ b/block/qcow2-cluster.c @@ -359,15 +359,6 @@ static int coroutine_fn copy_sectors(BlockDriverState *bs, struct iovec iov; int n, ret; - /* - * If this is the last cluster and it is only partially used, we must only - * copy until the end of the image, or bdrv_check_request will fail for the - * bdrv_read/write calls below. - */ - if (start_sect + n_end > bs->total_sectors) { - n_end = bs->total_sectors - start_sect; - } - n = n_end - n_start; if (n <= 0) { return 0; diff --git a/tests/qemu-iotests/029 b/tests/qemu-iotests/029 index b424726fc4..567e07160c 100755 --- a/tests/qemu-iotests/029 +++ b/tests/qemu-iotests/029 @@ -1,7 +1,6 @@ #!/bin/bash # -# Test loading internal snapshots where the L1 table of the snapshot -# is smaller than the current L1 table. +# qcow2 internal snapshots/VM state tests # # Copyright (C) 2011 Red Hat, Inc. # @@ -45,6 +44,11 @@ _supported_fmt qcow2 _supported_proto generic _supported_os Linux +echo +echo Test loading internal snapshots where the L1 table of the snapshot +echo is smaller than the current L1 table. +echo + CLUSTER_SIZE=65536 _make_test_img 64M $QEMU_IMG snapshot -c foo "$TEST_IMG" @@ -59,6 +63,20 @@ $QEMU_IO -c 'write -b 0 4M' "$TEST_IMG" | _filter_qemu_io $QEMU_IMG snapshot -a foo "$TEST_IMG" _check_test_img + +echo +echo Try using a huge VM state +echo + +CLUSTER_SIZE=65536 +_make_test_img 64M +{ $QEMU_IO -c "write -b -P 0x11 1T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +{ $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +{ $QEMU_IMG snapshot -a foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +{ $QEMU_IO -c "read -b -P 0x11 1T 4k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +_check_test_img + + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/029.out b/tests/qemu-iotests/029.out index 0eedb3a3ab..9029698a1c 100644 --- a/tests/qemu-iotests/029.out +++ b/tests/qemu-iotests/029.out @@ -1,4 +1,8 @@ QA output created by 029 + +Test loading internal snapshots where the L1 table of the snapshot +is smaller than the current L1 table. + Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 wrote 4096/4096 bytes at offset 0 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) @@ -7,4 +11,13 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=16777216 wrote 4194304/4194304 bytes at offset 0 4 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) No errors were found on the image. + +Try using a huge VM state + +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +wrote 4096/4096 bytes at offset 1099511627776 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +read 4096/4096 bytes at offset 1099511627776 +4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +No errors were found on the image. *** done From d99c4e2d857fbd5e95bf61971d59eb10499289c0 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:06:05 +0100 Subject: [PATCH 175/219] qcow2: Fix L1 allocation size in qcow2_snapshot_load_tmp() (CVE-2014-0145) For the L1 table to loaded for an internal snapshot, the code allocated only enough memory to hold the currently active L1 table. If the snapshot's L1 table is actually larger than the current one, this leads to a buffer overflow. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit c05e4667be91b46ab42b5a11babf8e84d476cc6b) Signed-off-by: Michael Roth --- block/qcow2-snapshot.c | 2 +- tests/qemu-iotests/029 | 18 +++++++++++++++++- tests/qemu-iotests/029.out | 4 ++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c index 754816542e..4170e87ac1 100644 --- a/block/qcow2-snapshot.c +++ b/block/qcow2-snapshot.c @@ -673,7 +673,7 @@ int qcow2_snapshot_load_tmp(BlockDriverState *bs, const char *snapshot_name) sn = &s->snapshots[snapshot_index]; /* Allocate and read in the snapshot's L1 table */ - new_l1_bytes = s->l1_size * sizeof(uint64_t); + new_l1_bytes = sn->l1_size * sizeof(uint64_t); new_l1_table = g_malloc0(align_offset(new_l1_bytes, 512)); ret = bdrv_pread(bs->file, sn->l1_table_offset, new_l1_table, new_l1_bytes); diff --git a/tests/qemu-iotests/029 b/tests/qemu-iotests/029 index 567e07160c..fa46ace67b 100755 --- a/tests/qemu-iotests/029 +++ b/tests/qemu-iotests/029 @@ -30,7 +30,8 @@ status=1 # failure is the default! _cleanup() { - _cleanup_test_img + rm -f $TEST_IMG.snap + _cleanup_test_img } trap "_cleanup; exit \$status" 0 1 2 3 15 @@ -44,6 +45,9 @@ _supported_fmt qcow2 _supported_proto generic _supported_os Linux +offset_size=24 +offset_l1_size=36 + echo echo Test loading internal snapshots where the L1 table of the snapshot echo is smaller than the current L1 table. @@ -77,6 +81,18 @@ _make_test_img 64M _check_test_img +echo +echo "qcow2_snapshot_load_tmp() should take the L1 size from the snapshot" +echo + +CLUSTER_SIZE=512 +_make_test_img 64M +{ $QEMU_IMG snapshot -c foo $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_size" "\x00\x00\x00\x00\x00\x00\x02\x00" +poke_file "$TEST_IMG" "$offset_l1_size" "\x00\x00\x00\x01" +{ $QEMU_IMG convert -s foo $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_qemu_io | _filter_testdir + + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/029.out b/tests/qemu-iotests/029.out index 9029698a1c..ce0e64d24a 100644 --- a/tests/qemu-iotests/029.out +++ b/tests/qemu-iotests/029.out @@ -20,4 +20,8 @@ wrote 4096/4096 bytes at offset 1099511627776 read 4096/4096 bytes at offset 1099511627776 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) No errors were found on the image. + +qcow2_snapshot_load_tmp() should take the L1 size from the snapshot + +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 *** done From cfa8008cc01ed811a5c2aca30af44e7d4ece97e6 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:06:06 +0100 Subject: [PATCH 176/219] qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143) This avoids an unbounded allocation. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 6a83f8b5bec6f59e56cc49bd49e4c3f8f805d56f) Signed-off-by: Michael Roth --- block/qcow2-snapshot.c | 4 ++++ block/qcow2.c | 4 +--- block/qcow2.h | 4 ++++ tests/qemu-iotests/080 | 15 ++++++++++++++- tests/qemu-iotests/080.out | 6 ++++++ 5 files changed, 29 insertions(+), 4 deletions(-) diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c index 4170e87ac1..621871046d 100644 --- a/block/qcow2-snapshot.c +++ b/block/qcow2-snapshot.c @@ -673,6 +673,10 @@ int qcow2_snapshot_load_tmp(BlockDriverState *bs, const char *snapshot_name) sn = &s->snapshots[snapshot_index]; /* Allocate and read in the snapshot's L1 table */ + if (sn->l1_size > QCOW_MAX_L1_SIZE) { + error_report("Snapshot L1 table too large"); + return -EFBIG; + } new_l1_bytes = sn->l1_size * sizeof(uint64_t); new_l1_table = g_malloc0(align_offset(new_l1_bytes, 512)); diff --git a/block/qcow2.c b/block/qcow2.c index 52b73a9302..37b0f6c9fb 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -640,9 +640,7 @@ static int qcow2_open(BlockDriverState *bs, QDict *options, int flags, } /* read the level 1 table */ - if (header.l1_size > 0x2000000) { - /* 32 MB L1 table is enough for 2 PB images at 64k cluster size - * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ + if (header.l1_size > QCOW_MAX_L1_SIZE) { error_setg(errp, "Active L1 table too large"); ret = -EFBIG; goto fail; diff --git a/block/qcow2.h b/block/qcow2.h index a20d91f399..29afb59e48 100644 --- a/block/qcow2.h +++ b/block/qcow2.h @@ -44,6 +44,10 @@ * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ #define QCOW_MAX_REFTABLE_SIZE 0x800000 +/* 32 MB L1 table is enough for 2 PB images at 64k cluster size + * (128 GB for 512 byte clusters, 2 EB for 2 MB clusters) */ +#define QCOW_MAX_L1_SIZE 0x2000000 + /* indicate that the refcount of the referenced cluster is exactly one. */ #define QCOW_OFLAG_COPIED (1ULL << 63) /* indicate that the cluster is compressed (they never have the copied flag) */ diff --git a/tests/qemu-iotests/080 b/tests/qemu-iotests/080 index 59e7a441b3..6b3a3e77a5 100755 --- a/tests/qemu-iotests/080 +++ b/tests/qemu-iotests/080 @@ -30,7 +30,8 @@ status=1 # failure is the default! _cleanup() { - _cleanup_test_img + rm -f $TEST_IMG.snap + _cleanup_test_img } trap "_cleanup; exit \$status" 0 1 2 3 15 @@ -58,6 +59,10 @@ offset_ext_size=$((header_size + 4)) offset_l2_table_0=$((0x40000)) +offset_snap1=$((0x70000)) +offset_snap1_l1_offset=$((offset_snap1 + 0)) +offset_snap1_l1_size=$((offset_snap1 + 8)) + echo echo "== Huge header size ==" _make_test_img 64M @@ -161,6 +166,14 @@ poke_file "$TEST_IMG" "$offset_l2_table_0" "\xbf\xff\xff\xff\xff\xff\x00\x00" poke_file "$TEST_IMG" "$offset_l2_table_0" "\x80\x00\x00\xff\xff\xff\x00\x00" { $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid snapshot L1 table ==" +_make_test_img 64M +{ $QEMU_IO -c "write 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +{ $QEMU_IMG snapshot -c test $TEST_IMG; } 2>&1 | _filter_testdir +poke_file "$TEST_IMG" "$offset_snap1_l1_size" "\x10\x00\x00\x00" +{ $QEMU_IMG convert -s test $TEST_IMG $TEST_IMG.snap; } 2>&1 | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/080.out b/tests/qemu-iotests/080.out index 4d84fbf64b..f7a943c7a4 100644 --- a/tests/qemu-iotests/080.out +++ b/tests/qemu-iotests/080.out @@ -74,4 +74,10 @@ wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) qemu-img: Could not create snapshot 'test': -27 (File too large) qemu-img: Could not create snapshot 'test': -11 (Resource temporarily unavailable) + +== Invalid snapshot L1 table == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +wrote 512/512 bytes at offset 0 +512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) +qemu-img: Failed to load snapshot: Snapshot L1 table too large *** done From 750336bc908fd6e728d9ff127d532af70b4ff776 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:06:08 +0100 Subject: [PATCH 177/219] parallels: Fix catalog size integer overflow (CVE-2014-0143) The first test case would cause a huge memory allocation, leading to a qemu abort; the second one to a too small malloc() for the catalog (smaller than s->catalog_size), which causes a read-only out-of-bounds array access and on big endian hosts an endianess conversion for an undefined memory area. The sample image used here is not an original Parallels image. It was created using an hexeditor on the basis of the struct that qemu uses. Good enough for trying to crash the driver, but not for ensuring compatibility. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit afbcc40bee4ef51731102d7d4b499ee12fc182e1) Conflicts: tests/qemu-iotests/group *fixed mismatches in group file Signed-off-by: Michael Roth --- block/parallels.c | 7 +- tests/qemu-iotests/076 | 69 ++++++++++++++++++ tests/qemu-iotests/076.out | 14 ++++ tests/qemu-iotests/common | 7 ++ tests/qemu-iotests/group | 1 + .../sample_images/fake.parallels.bz2 | Bin 0 -> 141 bytes 6 files changed, 97 insertions(+), 1 deletion(-) create mode 100755 tests/qemu-iotests/076 create mode 100644 tests/qemu-iotests/076.out create mode 100644 tests/qemu-iotests/sample_images/fake.parallels.bz2 diff --git a/block/parallels.c b/block/parallels.c index 2121e43204..5d1c0af354 100644 --- a/block/parallels.c +++ b/block/parallels.c @@ -49,7 +49,7 @@ typedef struct BDRVParallelsState { CoMutex lock; uint32_t *catalog_bitmap; - int catalog_size; + unsigned int catalog_size; int tracks; } BDRVParallelsState; @@ -94,6 +94,11 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags, s->tracks = le32_to_cpu(ph.tracks); s->catalog_size = le32_to_cpu(ph.catalog_entries); + if (s->catalog_size > INT_MAX / 4) { + error_setg(errp, "Catalog too large"); + ret = -EFBIG; + goto fail; + } s->catalog_bitmap = g_malloc(s->catalog_size * 4); ret = bdrv_pread(bs->file, 64, s->catalog_bitmap, s->catalog_size * 4); diff --git a/tests/qemu-iotests/076 b/tests/qemu-iotests/076 new file mode 100755 index 0000000000..6028ac5db0 --- /dev/null +++ b/tests/qemu-iotests/076 @@ -0,0 +1,69 @@ +#!/bin/bash +# +# parallels format input validation tests +# +# Copyright (C) 2013 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=kwolf@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! + +_cleanup() +{ + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt parallels +_supported_proto generic +_supported_os Linux + +catalog_entries_offset=$((0x20)) +nb_sectors_offset=$((0x24)) + +echo +echo "== Read from a valid (enough) image ==" +_use_sample_img fake.parallels.bz2 +{ $QEMU_IO -c "read -P 0x11 0 64k" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== Negative catalog size ==" +_use_sample_img fake.parallels.bz2 +poke_file "$TEST_IMG" "$catalog_entries_offset" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +echo +echo "== Overflow in catalog allocation ==" +_use_sample_img fake.parallels.bz2 +poke_file "$TEST_IMG" "$nb_sectors_offset" "\xff\xff\xff\xff" +poke_file "$TEST_IMG" "$catalog_entries_offset" "\x01\x00\x00\x40" +{ $QEMU_IO -c "read 64M 64M" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/tests/qemu-iotests/076.out b/tests/qemu-iotests/076.out new file mode 100644 index 0000000000..12af42ac1c --- /dev/null +++ b/tests/qemu-iotests/076.out @@ -0,0 +1,14 @@ +QA output created by 076 + +== Read from a valid (enough) image == +read 65536/65536 bytes at offset 0 +64 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) + +== Negative catalog size == +qemu-io: can't open device TEST_DIR/fake.parallels: Catalog too large +no file open, try 'help open' + +== Overflow in catalog allocation == +qemu-io: can't open device TEST_DIR/fake.parallels: Catalog too large +no file open, try 'help open' +*** done diff --git a/tests/qemu-iotests/common b/tests/qemu-iotests/common index 35abbfcfcb..f8c1b56a50 100644 --- a/tests/qemu-iotests/common +++ b/tests/qemu-iotests/common @@ -131,6 +131,7 @@ check options -bochs test bochs -cow test cow -cloop test cloop + -parallels test parallels -qcow test qcow -qcow2 test qcow2 -qed test qed @@ -181,6 +182,12 @@ testlist options xpand=false ;; + -parallels) + IMGFMT=parallels + IMGFMT_GENERIC=false + xpand=false + ;; + -qcow) IMGFMT=qcow xpand=false diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index d0b762c0b4..7e0e9a859a 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -78,6 +78,7 @@ 070 rw auto 073 rw auto 075 rw auto +076 auto 078 rw auto 080 rw auto 088 rw auto diff --git a/tests/qemu-iotests/sample_images/fake.parallels.bz2 b/tests/qemu-iotests/sample_images/fake.parallels.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..ffb5f13bac31bc9ab6e1ea5c0cfa26786f2c4cc6 GIT binary patch literal 141 zcmV;80CN9AT4*^jL0KkKS*i&LJ^%_Hf6(xNVE_;S2ml2D2!JYJ)&M{N00969FaWp; z000b`1pojBOn|7QnnOSv)YEF7cgIVO0ByGSdk7e?fW`f$x`2Bi3t$bd06owJs09G{ vKo+1B1LXi)0CVe)J@eC^zBuEJbFFJA24D=p8Gt*$AL8yvrwS4kK_LggA5<|C literal 0 HcmV?d00001 From 97a0e27e719ad2d01420969adebb52f337fa6b94 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 26 Mar 2014 13:06:09 +0100 Subject: [PATCH 178/219] parallels: Sanity check for s->tracks (CVE-2014-0142) This avoids a possible division by zero. Convert s->tracks to unsigned as well because it feels better than surviving just because the results of calculations with s->tracks are converted to unsigned anyway. Signed-off-by: Kevin Wolf Reviewed-by: Max Reitz Signed-off-by: Stefan Hajnoczi (cherry picked from commit 9302e863aa8baa5d932fc078967050c055fa1a7f) Signed-off-by: Michael Roth --- block/parallels.c | 7 ++++++- tests/qemu-iotests/076 | 7 +++++++ tests/qemu-iotests/076.out | 4 ++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/block/parallels.c b/block/parallels.c index 5d1c0af354..d83cde4a2a 100644 --- a/block/parallels.c +++ b/block/parallels.c @@ -51,7 +51,7 @@ typedef struct BDRVParallelsState { uint32_t *catalog_bitmap; unsigned int catalog_size; - int tracks; + unsigned int tracks; } BDRVParallelsState; static int parallels_probe(const uint8_t *buf, int buf_size, const char *filename) @@ -92,6 +92,11 @@ static int parallels_open(BlockDriverState *bs, QDict *options, int flags, bs->total_sectors = le32_to_cpu(ph.nb_sectors); s->tracks = le32_to_cpu(ph.tracks); + if (s->tracks == 0) { + error_setg(errp, "Invalid image: Zero sectors per track"); + ret = -EINVAL; + goto fail; + } s->catalog_size = le32_to_cpu(ph.catalog_entries); if (s->catalog_size > INT_MAX / 4) { diff --git a/tests/qemu-iotests/076 b/tests/qemu-iotests/076 index 6028ac5db0..b614a7dd6e 100755 --- a/tests/qemu-iotests/076 +++ b/tests/qemu-iotests/076 @@ -42,6 +42,7 @@ _supported_fmt parallels _supported_proto generic _supported_os Linux +tracks_offset=$((0x1c)) catalog_entries_offset=$((0x20)) nb_sectors_offset=$((0x24)) @@ -63,6 +64,12 @@ poke_file "$TEST_IMG" "$nb_sectors_offset" "\xff\xff\xff\xff" poke_file "$TEST_IMG" "$catalog_entries_offset" "\x01\x00\x00\x40" { $QEMU_IO -c "read 64M 64M" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Zero sectors per track ==" +_use_sample_img fake.parallels.bz2 +poke_file "$TEST_IMG" "$tracks_offset" "\x00\x00\x00\x00" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/076.out b/tests/qemu-iotests/076.out index 12af42ac1c..f7745d8b0d 100644 --- a/tests/qemu-iotests/076.out +++ b/tests/qemu-iotests/076.out @@ -11,4 +11,8 @@ no file open, try 'help open' == Overflow in catalog allocation == qemu-io: can't open device TEST_DIR/fake.parallels: Catalog too large no file open, try 'help open' + +== Zero sectors per track == +qemu-io: can't open device TEST_DIR/fake.parallels: Invalid image: Zero sectors per track +no file open, try 'help open' *** done From 41819e90af4228c40a92da828a82446073412a5a Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 7 May 2014 16:56:10 +0200 Subject: [PATCH 179/219] qcow1: Make padding in the header explicit We were relying on all compilers inserting the same padding in the header struct that is used for the on-disk format. Let's not do that. Mark the struct as packed and insert an explicit padding field for compatibility. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Benoit Canet (cherry picked from commit ea54feff58efedc809641474b25a3130309678e7) Signed-off-by: Michael Roth --- block/qcow.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/block/qcow.c b/block/qcow.c index c470e05f60..1ca04e6f32 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -48,9 +48,10 @@ typedef struct QCowHeader { uint64_t size; /* in bytes */ uint8_t cluster_bits; uint8_t l2_bits; + uint16_t padding; uint32_t crypt_method; uint64_t l1_table_offset; -} QCowHeader; +} QEMU_PACKED QCowHeader; #define L2_CACHE_SIZE 16 From e6c55cf7c25ceb0c14a292520a61786374f69bcf Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Wed, 7 May 2014 17:30:30 +0200 Subject: [PATCH 180/219] qcow1: Check maximum cluster size Huge values for header.cluster_bits cause unbounded allocations (e.g. for s->cluster_cache) and crash qemu this way. Less huge values may survive those allocations, but can cause integer overflows later on. The only cluster sizes that qemu can create are 4k (for standalone images) and 512 (for images with backing files), so we can limit it to 64k. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Benoit Canet (cherry picked from commit 7159a45b2bf2dcb9f49f1e27d1d3d135a0247a2f) Conflicts: block/qcow.c tests/qemu-iotests/group *removed mismatch due to error msgs from upstream's b6d5066d *removed context from upstream block tests Signed-off-by: Michael Roth --- block/qcow.c | 9 +++++- tests/qemu-iotests/092 | 63 ++++++++++++++++++++++++++++++++++++++ tests/qemu-iotests/092.out | 13 ++++++++ tests/qemu-iotests/group | 1 + 4 files changed, 85 insertions(+), 1 deletion(-) create mode 100755 tests/qemu-iotests/092 create mode 100644 tests/qemu-iotests/092.out diff --git a/block/qcow.c b/block/qcow.c index 1ca04e6f32..c04ec42b58 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -126,10 +126,17 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } - if (header.size <= 1 || header.cluster_bits < 9) { + if (header.size <= 1) { + error_setg(errp, "Image size is too small (must be at least 2 bytes)"); ret = -EINVAL; goto fail; } + if (header.cluster_bits < 9 || header.cluster_bits > 16) { + error_setg(errp, "Cluster size must be between 512 and 64k"); + ret = -EINVAL; + goto fail; + } + if (header.crypt_method > QCOW_CRYPT_AES) { ret = -EINVAL; goto fail; diff --git a/tests/qemu-iotests/092 b/tests/qemu-iotests/092 new file mode 100755 index 0000000000..d060e6fa87 --- /dev/null +++ b/tests/qemu-iotests/092 @@ -0,0 +1,63 @@ +#!/bin/bash +# +# qcow1 format input validation tests +# +# Copyright (C) 2014 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# creator +owner=kwolf@redhat.com + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! + +_cleanup() +{ + rm -f $TEST_IMG.snap + _cleanup_test_img +} +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +_supported_fmt qcow +_supported_proto generic +_supported_os Linux + +offset_cluster_bits=32 + +echo +echo "== Invalid cluster size ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_cluster_bits" "\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_cluster_bits" "\x1f" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_cluster_bits" "\x08" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_cluster_bits" "\x11" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/tests/qemu-iotests/092.out b/tests/qemu-iotests/092.out new file mode 100644 index 0000000000..8bf81580cd --- /dev/null +++ b/tests/qemu-iotests/092.out @@ -0,0 +1,13 @@ +QA output created by 092 + +== Invalid cluster size == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow: Cluster size must be between 512 and 64k +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: Cluster size must be between 512 and 64k +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: Cluster size must be between 512 and 64k +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: Cluster size must be between 512 and 64k +no file open, try 'help open' +*** done diff --git a/tests/qemu-iotests/group b/tests/qemu-iotests/group index 7e0e9a859a..b5abc5b8f8 100644 --- a/tests/qemu-iotests/group +++ b/tests/qemu-iotests/group @@ -82,3 +82,4 @@ 078 rw auto 080 rw auto 088 rw auto +092 rw auto quick From 8b17eb6e6cdd4d5b4f3291c7e8afff83960f00d7 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 15 May 2014 16:10:11 +0200 Subject: [PATCH 181/219] qcow1: Validate L2 table size (CVE-2014-0222) Too large L2 table sizes cause unbounded allocations. Images actually created by qemu-img only have 512 byte or 4k L2 tables. To keep things consistent with cluster sizes, allow ranges between 512 bytes and 64k (in fact, down to 1 entry = 8 bytes is technically working, but L2 table sizes smaller than a cluster don't make a lot of sense). This also means that the number of bytes on the virtual disk that are described by the same L2 table is limited to at most 8k * 64k or 2^29, preventively avoiding any integer overflows. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Benoit Canet (cherry picked from commit 42eb58179b3b215bb507da3262b682b8a2ec10b5) Signed-off-by: Michael Roth --- block/qcow.c | 8 ++++++++ tests/qemu-iotests/092 | 15 +++++++++++++++ tests/qemu-iotests/092.out | 11 +++++++++++ 3 files changed, 34 insertions(+) diff --git a/block/qcow.c b/block/qcow.c index c04ec42b58..73a96a0cd3 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -137,6 +137,14 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, goto fail; } + /* l2_bits specifies number of entries; storing a uint64_t in each entry, + * so bytes = num_entries << 3. */ + if (header.l2_bits < 9 - 3 || header.l2_bits > 16 - 3) { + error_setg(errp, "L2 table size must be between 512 and 64k"); + ret = -EINVAL; + goto fail; + } + if (header.crypt_method > QCOW_CRYPT_AES) { ret = -EINVAL; goto fail; diff --git a/tests/qemu-iotests/092 b/tests/qemu-iotests/092 index d060e6fa87..fb8bacc58c 100755 --- a/tests/qemu-iotests/092 +++ b/tests/qemu-iotests/092 @@ -44,6 +44,7 @@ _supported_proto generic _supported_os Linux offset_cluster_bits=32 +offset_l2_bits=33 echo echo "== Invalid cluster size ==" @@ -57,6 +58,20 @@ poke_file "$TEST_IMG" "$offset_cluster_bits" "\x08" poke_file "$TEST_IMG" "$offset_cluster_bits" "\x11" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid L2 table size ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_l2_bits" "\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_l2_bits" "\x05" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_l2_bits" "\x0e" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + +# 1 << 0x1b = 2^31 / L2_CACHE_SIZE +poke_file "$TEST_IMG" "$offset_l2_bits" "\x1b" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/092.out b/tests/qemu-iotests/092.out index 8bf81580cd..73918b3c50 100644 --- a/tests/qemu-iotests/092.out +++ b/tests/qemu-iotests/092.out @@ -10,4 +10,15 @@ qemu-io: can't open device TEST_DIR/t.qcow: Cluster size must be between 512 and no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow: Cluster size must be between 512 and 64k no file open, try 'help open' + +== Invalid L2 table size == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow: L2 table size must be between 512 and 64k +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: L2 table size must be between 512 and 64k +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: L2 table size must be between 512 and 64k +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: L2 table size must be between 512 and 64k +no file open, try 'help open' *** done From b53d8665a2665978d7f7da47d2fca13e9481b067 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 8 May 2014 13:08:20 +0200 Subject: [PATCH 182/219] qcow1: Validate image size (CVE-2014-0223) A huge image size could cause s->l1_size to overflow. Make sure that images never require a L1 table larger than what fits in s->l1_size. This cannot only cause unbounded allocations, but also the allocation of a too small L1 table, resulting in out-of-bounds array accesses (both reads and writes). Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf (cherry picked from commit 46485de0cb357b57373e1ca895adedf1f3ed46ec) Signed-off-by: Michael Roth --- block/qcow.c | 16 ++++++++++++++-- tests/qemu-iotests/092 | 9 +++++++++ tests/qemu-iotests/092.out | 7 +++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index 73a96a0cd3..2840386b7f 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -61,7 +61,7 @@ typedef struct BDRVQcowState { int cluster_sectors; int l2_bits; int l2_size; - int l1_size; + unsigned int l1_size; uint64_t cluster_offset_mask; uint64_t l1_table_offset; uint64_t *l1_table; @@ -163,7 +163,19 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, /* read the level 1 table */ shift = s->cluster_bits + s->l2_bits; - s->l1_size = (header.size + (1LL << shift) - 1) >> shift; + if (header.size > UINT64_MAX - (1LL << shift)) { + error_setg(errp, "Image too large"); + ret = -EINVAL; + goto fail; + } else { + uint64_t l1_size = (header.size + (1LL << shift) - 1) >> shift; + if (l1_size > INT_MAX / sizeof(uint64_t)) { + error_setg(errp, "Image too large"); + ret = -EINVAL; + goto fail; + } + s->l1_size = l1_size; + } s->l1_table_offset = header.l1_table_offset; s->l1_table = g_malloc(s->l1_size * sizeof(uint64_t)); diff --git a/tests/qemu-iotests/092 b/tests/qemu-iotests/092 index fb8bacc58c..ae6ca763a0 100755 --- a/tests/qemu-iotests/092 +++ b/tests/qemu-iotests/092 @@ -43,6 +43,7 @@ _supported_fmt qcow _supported_proto generic _supported_os Linux +offset_size=24 offset_cluster_bits=32 offset_l2_bits=33 @@ -72,6 +73,14 @@ poke_file "$TEST_IMG" "$offset_l2_bits" "\x0e" poke_file "$TEST_IMG" "$offset_l2_bits" "\x1b" { $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid size ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_size" "\xee\xee\xee\xee\xee\xee\xee\xee" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_size" "\x7f\xff\xff\xff\xff\xff\xff\xff" +{ $QEMU_IO -c "write 0 64M" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/092.out b/tests/qemu-iotests/092.out index 73918b3c50..ac03302d86 100644 --- a/tests/qemu-iotests/092.out +++ b/tests/qemu-iotests/092.out @@ -21,4 +21,11 @@ qemu-io: can't open device TEST_DIR/t.qcow: L2 table size must be between 512 an no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow: L2 table size must be between 512 and 64k no file open, try 'help open' + +== Invalid size == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow: Image too large +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: Image too large +no file open, try 'help open' *** done From 2f1eb049dffa7ef0f5e1cf8fd9effa0aeab20870 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 8 May 2014 13:35:09 +0200 Subject: [PATCH 183/219] qcow1: Stricter backing file length check Like qcow2 since commit 6d33e8e7, error out on invalid lengths instead of silently truncating them to 1023. Also don't rely on bdrv_pread() catching integer overflows that make len negative, but use unsigned variables in the first place. Cc: qemu-stable@nongnu.org Signed-off-by: Kevin Wolf Reviewed-by: Benoit Canet (cherry picked from commit d66e5cee002c471b78139228a4e7012736b375f9) Signed-off-by: Michael Roth --- block/qcow.c | 7 +++++-- tests/qemu-iotests/092 | 11 +++++++++++ tests/qemu-iotests/092.out | 7 +++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/block/qcow.c b/block/qcow.c index 2840386b7f..276a4d0335 100644 --- a/block/qcow.c +++ b/block/qcow.c @@ -97,7 +97,8 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, Error **errp) { BDRVQcowState *s = bs->opaque; - int len, i, shift, ret; + unsigned int len, i, shift; + int ret; QCowHeader header; ret = bdrv_pread(bs->file, 0, &header, sizeof(header)); @@ -199,7 +200,9 @@ static int qcow_open(BlockDriverState *bs, QDict *options, int flags, if (header.backing_file_offset != 0) { len = header.backing_file_size; if (len > 1023) { - len = 1023; + error_setg(errp, "Backing file name too long"); + ret = -EINVAL; + goto fail; } ret = bdrv_pread(bs->file, header.backing_file_offset, bs->backing_file, len); diff --git a/tests/qemu-iotests/092 b/tests/qemu-iotests/092 index ae6ca763a0..a8c0c9ca2b 100755 --- a/tests/qemu-iotests/092 +++ b/tests/qemu-iotests/092 @@ -43,6 +43,8 @@ _supported_fmt qcow _supported_proto generic _supported_os Linux +offset_backing_file_offset=8 +offset_backing_file_size=16 offset_size=24 offset_cluster_bits=32 offset_l2_bits=33 @@ -81,6 +83,15 @@ poke_file "$TEST_IMG" "$offset_size" "\xee\xee\xee\xee\xee\xee\xee\xee" poke_file "$TEST_IMG" "$offset_size" "\x7f\xff\xff\xff\xff\xff\xff\xff" { $QEMU_IO -c "write 0 64M" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +echo +echo "== Invalid backing file length ==" +_make_test_img 64M +poke_file "$TEST_IMG" "$offset_backing_file_offset" "\x00\x00\x00\xff" +poke_file "$TEST_IMG" "$offset_backing_file_size" "\xff\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir +poke_file "$TEST_IMG" "$offset_backing_file_size" "\x7f\xff\xff\xff" +{ $QEMU_IO -c "read 0 512" $TEST_IMG; } 2>&1 | _filter_qemu_io | _filter_testdir + # success, all done echo "*** done" rm -f $seq.full diff --git a/tests/qemu-iotests/092.out b/tests/qemu-iotests/092.out index ac03302d86..496d8f0a63 100644 --- a/tests/qemu-iotests/092.out +++ b/tests/qemu-iotests/092.out @@ -28,4 +28,11 @@ qemu-io: can't open device TEST_DIR/t.qcow: Image too large no file open, try 'help open' qemu-io: can't open device TEST_DIR/t.qcow: Image too large no file open, try 'help open' + +== Invalid backing file length == +Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 +qemu-io: can't open device TEST_DIR/t.qcow: Backing file name too long +no file open, try 'help open' +qemu-io: can't open device TEST_DIR/t.qcow: Backing file name too long +no file open, try 'help open' *** done From 44564f82264447979f774039f73b9343fb505127 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 16 May 2014 17:44:06 +0200 Subject: [PATCH 184/219] virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path Spotted by Coverity. Signed-off-by: Markus Armbruster Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 91e7fcca4743cf694eb0c8e7a8d938cf359b5bd8) Signed-off-by: Michael Roth --- hw/scsi/virtio-scsi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 3c867c6362..4f238c280b 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -496,7 +496,7 @@ static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev, uint32_t event, uint32_t reason) { VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s); - VirtIOSCSIReq *req = virtio_scsi_pop_req(s, vs->event_vq); + VirtIOSCSIReq *req; VirtIOSCSIEvent *evt; VirtIODevice *vdev = VIRTIO_DEVICE(s); int in_size; @@ -505,6 +505,7 @@ static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev, return; } + req = virtio_scsi_pop_req(s, vs->event_vq); if (!req) { s->events_dropped = true; return; From 26b51027f9b658f28c9f1c90f8b0eb342ca42ab4 Mon Sep 17 00:00:00 2001 From: Max Filippov Date: Tue, 20 May 2014 14:48:45 +0400 Subject: [PATCH 185/219] target-xtensa: fix cross-page jumps/calls at the end of TB Use tb->pc instead of dc->pc to check for cross-page jumps. When TB translation stops at the page boundary dc->pc points to the next page allowing chaining to TBs in it, which is wrong. Cc: qemu-stable@nongnu.org Signed-off-by: Max Filippov (cherry picked from commit 433d33c555deeed375996e338df1a9510df401c6) Signed-off-by: Michael Roth --- target-xtensa/translate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target-xtensa/translate.c b/target-xtensa/translate.c index 2d2df33115..7d34326417 100644 --- a/target-xtensa/translate.c +++ b/target-xtensa/translate.c @@ -414,7 +414,7 @@ static void gen_jump(DisasContext *dc, TCGv dest) static void gen_jumpi(DisasContext *dc, uint32_t dest, int slot) { TCGv_i32 tmp = tcg_const_i32(dest); - if (((dc->pc ^ dest) & TARGET_PAGE_MASK) != 0) { + if (((dc->tb->pc ^ dest) & TARGET_PAGE_MASK) != 0) { slot = -1; } gen_jump_slot(dc, tmp, slot); @@ -442,7 +442,7 @@ static void gen_callw(DisasContext *dc, int callinc, TCGv_i32 dest) static void gen_callwi(DisasContext *dc, int callinc, uint32_t dest, int slot) { TCGv_i32 tmp = tcg_const_i32(dest); - if (((dc->pc ^ dest) & TARGET_PAGE_MASK) != 0) { + if (((dc->tb->pc ^ dest) & TARGET_PAGE_MASK) != 0) { slot = -1; } gen_callw_slot(dc, callinc, tmp, slot); From c2fb0f287011b23183739e183ab4b0668476cc4b Mon Sep 17 00:00:00 2001 From: Stefan Weil Date: Mon, 28 Apr 2014 19:20:00 +0200 Subject: [PATCH 186/219] cputlb: Fix regression with TCG interpreter (bug 1310324) Commit 0f842f8a246f2b5b51a11c13f933bf7a90ae8e96 replaced GETPC_EXT() which was derived from GETPC() by GETRA_EXT() without fixing cputlb.c. A later patch replaced GETRA_EXT() by GETRA() in exec/softmmu_template.h which is included in cputlb.c. The TCG interpreter failed because the values returned by GETRA() were no longer explicitly set to 0. The redefinition of GETRA() introduced here fixes this. In addition, GETPC_ADJ which is also used in exec/softmmu_template.h is set to 0. Both changes reduce the compiled code size for cputlb.c by more than 100 bytes, so the normal TCG without interpreter also profits from the reduced code size and slightly faster code. Cc: qemu-stable@nongnu.org Reported-by: Giovanni Mascellani Signed-off-by: Stefan Weil Signed-off-by: Paolo Bonzini (cherry picked from commit 7e4e88656c1e6192e9e47a2054d2dc190c1b840b) Signed-off-by: Michael Roth --- cputlb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cputlb.c b/cputlb.c index fff0afbd4a..6c030c8154 100644 --- a/cputlb.c +++ b/cputlb.c @@ -344,8 +344,10 @@ tb_page_addr_t get_page_addr_code(CPUArchState *env1, target_ulong addr) } #define MMUSUFFIX _cmmu -#undef GETPC -#define GETPC() ((uintptr_t)0) +#undef GETPC_ADJ +#define GETPC_ADJ 0 +#undef GETRA +#define GETRA() ((uintptr_t)0) #define SOFTMMU_CODE_ACCESS #define SHIFT 0 From d2b987479a322f246753ce82a5b6f535e15626f4 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 28 May 2014 11:17:01 +0200 Subject: [PATCH 187/219] blockdev: Plug memory leak in blockdev_init() blockdev_init() leaks bs_opts when qemu_opts_create() fails, i.e. when the ID is bad. Missed in commit ec9c10d. Signed-off-by: Markus Armbruster Reviewed-by: Benoit Canet Signed-off-by: Kevin Wolf (cherry picked from commit 6376f9522372d589f3efe60001dc0486237dd375) Signed-off-by: Michael Roth --- blockdev.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/blockdev.c b/blockdev.c index 29b44a576e..31b66ccb89 100644 --- a/blockdev.c +++ b/blockdev.c @@ -334,7 +334,7 @@ static DriveInfo *blockdev_init(QDict *bs_opts, opts = qemu_opts_create(&qemu_common_drive_opts, id, 1, &error); if (error_is_set(&error)) { error_propagate(errp, error); - return NULL; + goto err_no_opts; } qemu_opts_absorb_qdict(opts, bs_opts, &error); @@ -535,8 +535,9 @@ err: QTAILQ_REMOVE(&drives, dinfo, next); g_free(dinfo); early_err: - QDECREF(bs_opts); qemu_opts_del(opts); +err_no_opts: + QDECREF(bs_opts); return NULL; } From d1775fe94a1bbfb337c7e6d178a81de3c5339d3f Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 28 May 2014 11:17:02 +0200 Subject: [PATCH 188/219] blockdev: Plug memory leak in drive_init() bs_opts is leaked on all paths from its qdev_new() that don't got through blockdev_init(). Add the missing QDECREF(), and zap bs_opts after blockdev_init(), so the new QDECREF() does nothing when we go through blockdev_init(). Leak introduced in commit f298d07. Spotted by Coverity. Signed-off-by: Markus Armbruster Signed-off-by: Kevin Wolf (cherry picked from commit 3cb0e25c4b417b7336816bd92de458f0770d49ff) Conflicts: blockdev.c *fixed trivial context mismatch due to blockdev_init signature change Signed-off-by: Michael Roth --- blockdev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/blockdev.c b/blockdev.c index 31b66ccb89..4d911f9600 100644 --- a/blockdev.c +++ b/blockdev.c @@ -868,6 +868,7 @@ DriveInfo *drive_init(QemuOpts *all_opts, BlockInterfaceType block_default_type) /* Actual block device init: Functionality shared with blockdev-add */ dinfo = blockdev_init(bs_opts, type, &local_err); + bs_opts = NULL; if (dinfo == NULL) { if (error_is_set(&local_err)) { qerror_report_err(local_err); @@ -904,6 +905,7 @@ DriveInfo *drive_init(QemuOpts *all_opts, BlockInterfaceType block_default_type) fail: qemu_opts_del(legacy_opts); + QDECREF(bs_opts); return dinfo; } From 7267e51b324dd23837b244261417c7002054430f Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 28 May 2014 11:17:03 +0200 Subject: [PATCH 189/219] block/qapi: Plug memory leak in dump_qobject() case QTYPE_QERROR Introduced in commit a8d8ecb. Spotted by Coverity. Signed-off-by: Markus Armbruster Reviewed-by: Benoit Canet Signed-off-by: Kevin Wolf (cherry picked from commit f25391c2a6ef1674384204265429520ea50e82bc) Signed-off-by: Michael Roth --- block/qapi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/block/qapi.c b/block/qapi.c index 5880b3e42b..e9007c9ae5 100644 --- a/block/qapi.c +++ b/block/qapi.c @@ -471,6 +471,7 @@ static void dump_qobject(fprintf_function func_fprintf, void *f, case QTYPE_QERROR: { QString *value = qerror_human((QError *)obj); func_fprintf(f, "%s", qstring_get_str(value)); + QDECREF(value); break; } case QTYPE_NONE: From 501da9369cc96d19b8973eed33d1161bb200b035 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 28 May 2014 11:17:04 +0200 Subject: [PATCH 190/219] block/vvfat: Plug memory leak in check_directory_consistency() On error path. Introduced in commit a046433a. Spotted by Coverity. Signed-off-by: Markus Armbruster Reviewed-by: Benoit Canet Signed-off-by: Kevin Wolf (cherry picked from commit 6262bbd363b53a1f19c473345d7cc40254dd5c73) Signed-off-by: Michael Roth --- block/vvfat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/vvfat.c b/block/vvfat.c index 3ddaa0bcce..e71d71ead8 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -1866,7 +1866,7 @@ static int check_directory_consistency(BDRVVVFATState *s, if (s->used_clusters[cluster_num] & USED_ANY) { fprintf(stderr, "cluster %d used more than once\n", (int)cluster_num); - return 0; + goto fail; } s->used_clusters[cluster_num] = USED_DIRECTORY; From d3cd48a85fc8f0aa4358a866da31842480edf1e6 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 28 May 2014 11:17:05 +0200 Subject: [PATCH 191/219] block/vvfat: Plug memory leak in read_directory() Has always been leaky. Spotted by Coverity. Signed-off-by: Markus Armbruster Reviewed-by: Benoit Canet Signed-off-by: Kevin Wolf (cherry picked from commit b122c3b6d020e529b203836efb8f611ece787293) Signed-off-by: Michael Roth --- block/vvfat.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/block/vvfat.c b/block/vvfat.c index e71d71ead8..e9e4fad44d 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -788,7 +788,9 @@ static int read_directory(BDRVVVFATState* s, int mapping_index) s->current_mapping->path=buffer; s->current_mapping->read_only = (st.st_mode & (S_IWUSR | S_IWGRP | S_IWOTH)) == 0; - } + } else { + g_free(buffer); + } } closedir(dir); From df9c108acd5aaf4f5ac6e5b799b619c6b6a88975 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 28 May 2014 11:17:06 +0200 Subject: [PATCH 192/219] block/sheepdog: Plug memory leak in sd_snapshot_create() Has always been leaky. Spotted by Coverity. Signed-off-by: Markus Armbruster Reviewed-by: Benoit Canet Signed-off-by: Kevin Wolf (cherry picked from commit 2df5fee2dbd56a9c34afd6d7df6744da2d951ccb) Signed-off-by: Michael Roth --- block/sheepdog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/block/sheepdog.c b/block/sheepdog.c index ef387de71f..43a23df803 100644 --- a/block/sheepdog.c +++ b/block/sheepdog.c @@ -2082,6 +2082,7 @@ static int sd_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) strncpy(s->inode.tag, sn_info->name, sizeof(s->inode.tag)); /* we don't need to update entire object */ datalen = SD_INODE_SIZE - sizeof(s->inode.data_vdi_id); + inode = g_malloc(datalen); /* refresh inode. */ fd = connect_to_sdog(s); @@ -2105,8 +2106,6 @@ static int sd_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) goto cleanup; } - inode = (SheepdogInode *)g_malloc(datalen); - ret = read_object(fd, (char *)inode, vid_to_vdi_oid(new_vid), s->inode.nr_copies, datalen, 0, s->cache_flags); @@ -2120,6 +2119,7 @@ static int sd_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info) s->inode.name, s->inode.snap_id, s->inode.vdi_id); cleanup: + g_free(inode); closesocket(fd); return ret; } From cb34d1e9e938f42aacbd85c8d0ac08b66d44ad29 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 28 May 2014 11:17:07 +0200 Subject: [PATCH 193/219] qemu-img: Plug memory leak in convert command Introduced in commit 661a0f7. Spotted by Coverity. Signed-off-by: Markus Armbruster Reviewed-by: Benoit Canet Signed-off-by: Kevin Wolf (cherry picked from commit bb9cd2ee99f6537c072d5f4bac441717d3cd2bed) Signed-off-by: Michael Roth --- qemu-img.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu-img.c b/qemu-img.c index b6b5644cb6..1d5caa3c8b 100644 --- a/qemu-img.c +++ b/qemu-img.c @@ -1355,7 +1355,7 @@ static int img_convert(int argc, char **argv) ret = bdrv_parse_cache_flags(cache, &flags); if (ret < 0) { error_report("Invalid cache option: %s", cache); - return -1; + goto out; } out_bs = bdrv_new_open(out_filename, out_fmt, flags, true, quiet); From ccb08f53d5cb084b2ea5449f0176b9bbe20571ed Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 15 May 2014 14:40:23 +0100 Subject: [PATCH 194/219] linux-user: Don't overrun guest buffer in sched_getaffinity If the guest's "long" type is smaller than the host's, then our sched_getaffinity wrapper needs to round the buffer size up to a multiple of the host sizeof(long). This means that when we copy the data back from the host buffer to the guest's buffer there might be more than we can fit. Rather than overflowing the guest's buffer, handle this case by returning EINVAL or ignoring the unused extra space, as appropriate. Note that only guests using the syscall interface directly might run into this bug -- the glibc wrappers around it will always use a buffer whose size is a multiple of 8 regardless of guest architecture. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio (cherry picked from commit be3bd286bc06bb68cdc71748d9dd4edcd57b2b24) Signed-off-by: Michael Roth --- linux-user/syscall.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 81f79f994f..de8918d629 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -7479,6 +7479,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask)); if (!is_error(ret)) { + if (ret > arg2) { + /* More data returned than the caller's buffer will fit. + * This only happens if sizeof(abi_long) < sizeof(long) + * and the caller passed us a buffer holding an odd number + * of abi_longs. If the host kernel is actually using the + * extra 4 bytes then fail EINVAL; otherwise we can just + * ignore them and only copy the interesting part. + */ + int numcpus = sysconf(_SC_NPROCESSORS_CONF); + if (numcpus > arg2 * 8) { + ret = -TARGET_EINVAL; + break; + } + ret = arg2; + } + if (copy_to_user(arg3, mask, ret)) { goto efault; } From e34feec2641228394cafd8a7559f463cf4091138 Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 28 May 2014 14:01:44 -0700 Subject: [PATCH 195/219] tcg-i386: Fix win64 qemu store The first non-register argument isn't placed at offset 0. Cc: qemu-stable@nongnu.org Reviewed-by: Stefan Weil Signed-off-by: Richard Henderson (cherry picked from commit 0b919667302aa395bfde0328749dc21a0b123c44) Signed-off-by: Michael Roth --- tcg/i386/tcg-target.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tcg/i386/tcg-target.c b/tcg/i386/tcg-target.c index 7ac8e45485..60d3325c97 100644 --- a/tcg/i386/tcg-target.c +++ b/tcg/i386/tcg-target.c @@ -1306,7 +1306,8 @@ static void tcg_out_qemu_st_slow_path(TCGContext *s, TCGLabelQemuLdst *l) } else { retaddr = TCG_REG_RAX; tcg_out_movi(s, TCG_TYPE_PTR, retaddr, (uintptr_t)l->raddr); - tcg_out_st(s, TCG_TYPE_PTR, retaddr, TCG_REG_ESP, 0); + tcg_out_st(s, TCG_TYPE_PTR, retaddr, TCG_REG_ESP, + TCG_TARGET_CALL_STACK_OFFSET); } } From f784615221c6018896d985101edc7e6de3cc9119 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 9 Jun 2014 15:43:26 +0100 Subject: [PATCH 196/219] target-arm: Fix errors in writes to generic timer control registers The code for handling writes to the generic timer control registers had several bugs: * ISTATUS (bit 2) is read-only but we forced it to zero on any write * the check for "was IMASK (bit 1) toggled?" incorrectly used '&' where it should be '^' * the handling of IMASK was inverted: we should set the IRQ if ISTATUS is set and IMASK is clear, not if both are set The combination of these bugs meant that when running a Linux guest that uses the generic timers we would fairly quickly end up either forgetting that the timer output should be asserted, or failing to set the IRQ when the timer was unmasked. The result is that the guest never gets any more timer interrupts. Signed-off-by: Peter Maydell Message-id: 1401803208-1281-1-git-send-email-peter.maydell@linaro.org Cc: qemu-stable@nongnu.org (cherry picked from commit d3afacc7269fee45d54d1501a46b51f12ea7bb15) Signed-off-by: Michael Roth --- target-arm/helper.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/target-arm/helper.c b/target-arm/helper.c index c3e491006f..6e67317811 100644 --- a/target-arm/helper.c +++ b/target-arm/helper.c @@ -859,16 +859,16 @@ static int gt_ctl_write(CPUARMState *env, const ARMCPRegInfo *ri, int timeridx = ri->crm & 1; uint32_t oldval = env->cp15.c14_timer[timeridx].ctl; - env->cp15.c14_timer[timeridx].ctl = value & 3; + env->cp15.c14_timer[timeridx].ctl = deposit64(oldval, 0, 2, value); if ((oldval ^ value) & 1) { /* Enable toggled */ gt_recalc_timer(cpu, timeridx); - } else if ((oldval & value) & 2) { + } else if ((oldval ^ value) & 2) { /* IMASK toggled: don't need to recalculate, * just set the interrupt line based on ISTATUS */ qemu_set_irq(cpu->gt_timer_outputs[timeridx], - (oldval & 4) && (value & 2)); + (oldval & 4) && !(value & 2)); } return 0; } From 501910686272349efbb0458d008fd76d2695a5c4 Mon Sep 17 00:00:00 2001 From: Cornelia Huck Date: Tue, 27 May 2014 12:40:44 +0200 Subject: [PATCH 197/219] s390x/css: handle emw correctly for tsch We should not try to store the emw portion of the irb if extended measurements are not applicable. In particular, we should not surprise the guest by storing a larger irb if it did not enable extended measurements. Cc: qemu-stable@nongnu.org Reviewed-by: David Hildenbrand Tested-by: Christian Borntraeger Signed-off-by: Cornelia Huck (cherry picked from commit f068d320def7fd83bf0fcdca37b305f1c2ac5413) Signed-off-by: Michael Roth --- hw/s390x/css.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/hw/s390x/css.c b/hw/s390x/css.c index 101da63d04..ebe44ae6ec 100644 --- a/hw/s390x/css.c +++ b/hw/s390x/css.c @@ -722,9 +722,11 @@ out: return ret; } -static void copy_irb_to_guest(IRB *dest, const IRB *src) +static void copy_irb_to_guest(IRB *dest, const IRB *src, PMCW *pmcw) { int i; + uint16_t stctl = src->scsw.ctrl & SCSW_CTRL_MASK_STCTL; + uint16_t actl = src->scsw.ctrl & SCSW_CTRL_MASK_ACTL; copy_scsw_to_guest(&dest->scsw, &src->scsw); @@ -734,8 +736,22 @@ static void copy_irb_to_guest(IRB *dest, const IRB *src) for (i = 0; i < ARRAY_SIZE(dest->ecw); i++) { dest->ecw[i] = cpu_to_be32(src->ecw[i]); } - for (i = 0; i < ARRAY_SIZE(dest->emw); i++) { - dest->emw[i] = cpu_to_be32(src->emw[i]); + /* extended measurements enabled? */ + if ((src->scsw.flags & SCSW_FLAGS_MASK_ESWF) || + !(pmcw->flags & PMCW_FLAGS_MASK_TF) || + !(pmcw->chars & PMCW_CHARS_MASK_XMWME)) { + return; + } + /* extended measurements pending? */ + if (!(stctl & SCSW_STCTL_STATUS_PEND)) { + return; + } + if ((stctl & SCSW_STCTL_PRIMARY) || + (stctl == SCSW_STCTL_SECONDARY) || + ((stctl & SCSW_STCTL_INTERMEDIATE) && (actl & SCSW_ACTL_SUSP))) { + for (i = 0; i < ARRAY_SIZE(dest->emw); i++) { + dest->emw[i] = cpu_to_be32(src->emw[i]); + } } } @@ -781,7 +797,7 @@ int css_do_tsch(SubchDev *sch, IRB *target_irb) } } /* Store the irb to the guest. */ - copy_irb_to_guest(target_irb, &irb); + copy_irb_to_guest(target_irb, &irb, p); /* Clear conditions on subchannel, if applicable. */ if (stctl & SCSW_STCTL_STATUS_PEND) { From 404194562406e71d41c52742e674279e601903d6 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 3 Jun 2014 11:21:01 +0200 Subject: [PATCH 198/219] aio: fix qemu_bh_schedule() bh->ctx race condition qemu_bh_schedule() is supposed to be thread-safe at least the first time it is called. Unfortunately this is not quite true: bh->scheduled = 1; aio_notify(bh->ctx); Since another thread may run the BH callback once it has been scheduled, there is a race condition if the callback frees the BH before aio_notify(bh->ctx) has a chance to run. Reported-by: Stefan Priebe Signed-off-by: Stefan Hajnoczi Reviewed-by: Paolo Bonzini Tested-by: Stefan Priebe (cherry picked from commit 924fe1293c3e7a3c787bbdfb351e7f168caee3e9) Signed-off-by: Michael Roth --- async.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/async.c b/async.c index 5fb3fa61df..c6d810d186 100644 --- a/async.c +++ b/async.c @@ -117,15 +117,21 @@ void qemu_bh_schedule_idle(QEMUBH *bh) void qemu_bh_schedule(QEMUBH *bh) { + AioContext *ctx; + if (bh->scheduled) return; + ctx = bh->ctx; bh->idle = 0; - /* Make sure that idle & any writes needed by the callback are done - * before the locations are read in the aio_bh_poll. + /* Make sure that: + * 1. idle & any writes needed by the callback are done before the + * locations are read in the aio_bh_poll. + * 2. ctx is loaded before scheduled is set and the callback has a chance + * to execute. */ - smp_wmb(); + smp_mb(); bh->scheduled = 1; - aio_notify(bh->ctx); + aio_notify(ctx); } From 23dbc56d22b3de291a75ae40563bf45573569840 Mon Sep 17 00:00:00 2001 From: Gonglei Date: Mon, 19 May 2014 15:26:03 +0800 Subject: [PATCH 199/219] qga: Fix handle fd leak in acquire_privilege() token should be closed in all conditions. So move CloseHandle(token) to "out" branch. Signed-off-by: Wang Rui Signed-off-by: Gonglei Signed-off-by: Michael Roth (cherry picked from commit 374044f08fe18a18469b981812cd8695f5b3569c) Signed-off-by: Michael Roth --- qga/commands-win32.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/qga/commands-win32.c b/qga/commands-win32.c index a6a0af264b..c59e144f8d 100644 --- a/qga/commands-win32.c +++ b/qga/commands-win32.c @@ -31,7 +31,7 @@ static void acquire_privilege(const char *name, Error **err) { - HANDLE token; + HANDLE token = NULL; TOKEN_PRIVILEGES priv; Error *local_err = NULL; @@ -57,13 +57,15 @@ static void acquire_privilege(const char *name, Error **err) goto out; } - CloseHandle(token); } else { error_set(&local_err, QERR_QGA_COMMAND_FAILED, "failed to open privilege token"); } out: + if (token) { + CloseHandle(token); + } if (local_err) { error_propagate(err, local_err); } From 63bf1e0ea53479271debccaad05c993996cf2ea9 Mon Sep 17 00:00:00 2001 From: "Michael R. Hines" Date: Tue, 18 Feb 2014 10:34:06 +0800 Subject: [PATCH 200/219] rdma: bug fixes 1. Fix small memory leak in parsing inet address from command line in data_init() 2. Fix ibv_post_send() return value check and pass error code back up correctly. 3. Fix rdma_destroy_qp() segfault after failure to connect to destination. Reported-by: frank.yangjie@gmail.com Reported-by: dgilbert@redhat.com Signed-off-by: Michael R. Hines Signed-off-by: Juan Quintela (cherry picked from commit e325b49a320b493cc5d69e263751ff716dc458fe) Signed-off-by: Michael Roth --- migration-rdma.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/migration-rdma.c b/migration-rdma.c index f94f3b4e3a..29351a6056 100644 --- a/migration-rdma.c +++ b/migration-rdma.c @@ -1589,13 +1589,11 @@ static int qemu_rdma_post_send_control(RDMAContext *rdma, uint8_t *buf, } - if (ibv_post_send(rdma->qp, &send_wr, &bad_wr)) { - return -1; - } + ret = ibv_post_send(rdma->qp, &send_wr, &bad_wr); - if (ret < 0) { + if (ret > 0) { fprintf(stderr, "Failed to use post IB SEND for control!\n"); - return ret; + return -ret; } ret = qemu_rdma_block_for_wrid(rdma, RDMA_WRID_SEND_CONTROL, NULL); @@ -2237,10 +2235,6 @@ static void qemu_rdma_cleanup(RDMAContext *rdma) } } - if (rdma->qp) { - rdma_destroy_qp(rdma->cm_id); - rdma->qp = NULL; - } if (rdma->cq) { ibv_destroy_cq(rdma->cq); rdma->cq = NULL; @@ -2258,6 +2252,10 @@ static void qemu_rdma_cleanup(RDMAContext *rdma) rdma->listen_id = NULL; } if (rdma->cm_id) { + if (rdma->qp) { + rdma_destroy_qp(rdma->cm_id); + rdma->qp = NULL; + } rdma_destroy_id(rdma->cm_id); rdma->cm_id = NULL; } @@ -2512,8 +2510,10 @@ static void *qemu_rdma_data_init(const char *host_port, Error **errp) } else { ERROR(errp, "bad RDMA migration address '%s'", host_port); g_free(rdma); - return NULL; + rdma = NULL; } + + qapi_free_InetSocketAddress(addr); } return rdma; From 36afdba00af1ebcf311fa17b8c77402a19fe4492 Mon Sep 17 00:00:00 2001 From: Ulrich Obergfell Date: Sun, 8 Jun 2014 19:22:33 +0200 Subject: [PATCH 201/219] scsi-disk: fix bug in scsi_block_new_request() introduced by commit 137745c This patch fixes a bug in scsi_block_new_request() that was introduced by commit 137745c5c60f083ec982fe9e861e8c16ebca1ba8. If the host cache is used - i.e. if BDRV_O_NOCACHE is _not_ set - the 'break' statement needs to be executed to 'fall back' to SG_IO. Cc: qemu-stable@nongnu.org Signed-off-by: Ulrich Obergfell Signed-off-by: Paolo Bonzini (cherry picked from commit 2fe5a9f73b3446690db2cae8a58473b0b4beaa32) Signed-off-by: Michael Roth --- hw/scsi/scsi-disk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index ade5d4ad7b..06c31e9ec1 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -2372,7 +2372,7 @@ static SCSIRequest *scsi_block_new_request(SCSIDevice *d, uint32_t tag, * ones (such as WRITE SAME or EXTENDED COPY, etc.). So, without * O_DIRECT everything must go through SG_IO. */ - if (bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE) { + if (!(bdrv_get_flags(s->qdev.conf.bs) & BDRV_O_NOCACHE)) { break; } From 79bd7781dd0cc4583902f67661cbad8d4d9eecfc Mon Sep 17 00:00:00 2001 From: "Michael S. Tsirkin" Date: Wed, 18 Jun 2014 18:55:22 +0300 Subject: [PATCH 202/219] vhost: fix resource leak in error handling vhost_verify_ring_mappings leaks mappings on error. Fix this up. Cc: qemu-stable@nongnu.org Signed-off-by: Michael S. Tsirkin (cherry picked from commit 8617343faae6ba7e916137c6c9e3ef22c00565d8) Signed-off-by: Michael Roth --- hw/virtio/vhost.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index 9e336ad81e..1d349e0c72 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -309,7 +309,9 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, uint64_t size) { int i; - for (i = 0; i < dev->nvqs; ++i) { + int r = 0; + + for (i = 0; !r && i < dev->nvqs; ++i) { struct vhost_virtqueue *vq = dev->vqs + i; hwaddr l; void *p; @@ -321,15 +323,15 @@ static int vhost_verify_ring_mappings(struct vhost_dev *dev, p = cpu_physical_memory_map(vq->ring_phys, &l, 1); if (!p || l != vq->ring_size) { fprintf(stderr, "Unable to map ring buffer for ring %d\n", i); - return -ENOMEM; + r = -ENOMEM; } if (p != vq->ring) { fprintf(stderr, "Ring buffer relocated for ring %d\n", i); - return -EBUSY; + r = -EBUSY; } cpu_physical_memory_unmap(p, l, 0, 0); } - return 0; + return r; } static struct vhost_memory_region *vhost_dev_find_reg(struct vhost_dev *dev, From f0c609dedeb06d939f4544280a6a23f6ca75211d Mon Sep 17 00:00:00 2001 From: Hani Benhabiles Date: Wed, 18 Jun 2014 00:23:34 +0100 Subject: [PATCH 203/219] usb: Fix usb-bt-dongle initialization. Due to an incomplete initialization, adding a usb-bt-dongle device through HMP or QMP will cause a segmentation fault. Signed-off-by: Hani Benhabiles Reviewed-by: Paolo Bonzini Signed-off-by: Gerd Hoffmann (cherry picked from commit c340a284f382a5f40774521f41b4bade76ddfa58) Signed-off-by: Michael Roth --- hw/usb/dev-bluetooth.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/hw/usb/dev-bluetooth.c b/hw/usb/dev-bluetooth.c index 7f292b1ae6..43a9a6d514 100644 --- a/hw/usb/dev-bluetooth.c +++ b/hw/usb/dev-bluetooth.c @@ -19,6 +19,7 @@ */ #include "qemu-common.h" +#include "qemu/error-report.h" #include "hw/usb.h" #include "hw/usb/desc.h" #include "sysemu/bt.h" @@ -506,6 +507,14 @@ static int usb_bt_initfn(USBDevice *dev) usb_desc_create_serial(dev); usb_desc_init(dev); + s->dev.opaque = s; + if (!s->hci) { + s->hci = bt_new_hci(qemu_find_bt_vlan(0)); + } + s->hci->opaque = s; + s->hci->evt_recv = usb_bt_out_hci_packet_event; + s->hci->acl_recv = usb_bt_out_hci_packet_acl; + usb_bt_handle_reset(&s->dev); s->intr = usb_ep_get(dev, USB_TOKEN_IN, USB_EVT_EP); return 0; @@ -516,6 +525,7 @@ static USBDevice *usb_bt_init(USBBus *bus, const char *cmdline) USBDevice *dev; struct USBBtState *s; HCIInfo *hci; + const char *name = "usb-bt-dongle"; if (*cmdline) { hci = hci_init(cmdline); @@ -525,19 +535,17 @@ static USBDevice *usb_bt_init(USBBus *bus, const char *cmdline) if (!hci) return NULL; - dev = usb_create_simple(bus, "usb-bt-dongle"); + dev = usb_create(bus, name); if (!dev) { + error_report("Failed to create USB device '%s'", name); return NULL; } s = DO_UPCAST(struct USBBtState, dev, dev); - s->dev.opaque = s; - s->hci = hci; - s->hci->opaque = s; - s->hci->evt_recv = usb_bt_out_hci_packet_event; - s->hci->acl_recv = usb_bt_out_hci_packet_acl; - - usb_bt_handle_reset(&s->dev); + if (qdev_init(&dev->qdev) < 0) { + error_report("Failed to initialize USB device '%s'", name); + return NULL; + } return dev; } From b47506f55cf4fb01d04e3c76c77ca09b75cf75c6 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Fri, 6 Jun 2014 14:46:05 +0200 Subject: [PATCH 204/219] KVM: Fix GSI number space limit KVM tells us the number of GSIs it can handle inside the kernel. That value is basically KVM_MAX_IRQ_ROUTES. However when we try to set the GSI mapping table, it checks for r = -EINVAL; if (routing.nr >= KVM_MAX_IRQ_ROUTES) goto out; erroring out even when we're only using all of the GSIs. To make sure we never hit that limit, let's reduce the number of GSIs we get from KVM by one. Cc: qemu-stable@nongnu.org Signed-off-by: Alexander Graf Signed-off-by: Paolo Bonzini (cherry picked from commit 00008418aa22700f6c49e794e79f53aeb157d10f) Signed-off-by: Michael Roth --- kvm-all.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kvm-all.c b/kvm-all.c index 9f18ea38b9..7e05f08c2e 100644 --- a/kvm-all.c +++ b/kvm-all.c @@ -965,7 +965,7 @@ void kvm_init_irq_routing(KVMState *s) { int gsi_count, i; - gsi_count = kvm_check_extension(s, KVM_CAP_IRQ_ROUTING); + gsi_count = kvm_check_extension(s, KVM_CAP_IRQ_ROUTING) - 1; if (gsi_count > 0) { unsigned int gsi_bits, i; From 8a93721d04a55b3f23d1594287fe812da01c0d31 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 23 Jun 2014 15:55:03 +0100 Subject: [PATCH 205/219] coroutine-win32.c: Add noinline attribute to work around gcc bug A gcc codegen bug in x86_64-w64-mingw32-gcc (GCC) 4.6.3 means that non-debug builds of QEMU for Windows tend to assert when using coroutines. Work around this by marking qemu_coroutine_switch as noinline. If we allow gcc to inline qemu_coroutine_switch into coroutine_trampoline, then it hoists the code to get the address of the TLS variable "current" out of the while() loop. This is an invalid transformation because the SwitchToFiber() call may be called when running thread A but return in thread B, and so we might be in a different thread context each time round the loop. This can happen quite often. Typically. a coroutine is started when a VCPU thread does bdrv_aio_readv: VCPU thread main VCPU thread coroutine I/O coroutine bdrv_aio_readv -----> start I/O operation thread_pool_submit_co <------------ yields back to emulation Then I/O finishes and the thread-pool.c event notifier triggers in the I/O thread. event_notifier_ready calls thread_pool_co_cb, and the I/O coroutine now restarts *in another thread*: iothread main iothread coroutine I/O coroutine (formerly in VCPU thread) event_notifier_ready thread_pool_co_cb -----> current = I/O coroutine; call AIO callback But on Win32, because of the bug, the "current" being set here the current coroutine of the VCPU thread, not the iothread. noinline is a good-enough workaround, and quite unlikely to break in the future. (Thanks to Paolo Bonzini for assistance in diagnosing the problem and providing the detailed example/ascii art quoted above.) Signed-off-by: Peter Maydell Message-id: 1403535303-14939-1-git-send-email-peter.maydell@linaro.org Reviewed-by: Paolo Bonzini Reviewed-by: Richard Henderson (cherry picked from commit ff4873cb8c81db89668d8b56e19e57b852edb5f5) Signed-off-by: Michael Roth --- coroutine-win32.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/coroutine-win32.c b/coroutine-win32.c index edc1f72c18..17ace37dee 100644 --- a/coroutine-win32.c +++ b/coroutine-win32.c @@ -36,8 +36,17 @@ typedef struct static __thread CoroutineWin32 leader; static __thread Coroutine *current; -CoroutineAction qemu_coroutine_switch(Coroutine *from_, Coroutine *to_, - CoroutineAction action) +/* This function is marked noinline to prevent GCC from inlining it + * into coroutine_trampoline(). If we allow it to do that then it + * hoists the code to get the address of the TLS variable "current" + * out of the while() loop. This is an invalid transformation because + * the SwitchToFiber() call may be called when running thread A but + * return in thread B, and so we might be in a different thread + * context each time round the loop. + */ +CoroutineAction __attribute__((noinline)) +qemu_coroutine_switch(Coroutine *from_, Coroutine *to_, + CoroutineAction action) { CoroutineWin32 *from = DO_UPCAST(CoroutineWin32, base, from_); CoroutineWin32 *to = DO_UPCAST(CoroutineWin32, base, to_); From 7a3cd5ab408d06fac4e1ae6aa88b823a48db085c Mon Sep 17 00:00:00 2001 From: Eduardo Habkost Date: Wed, 30 Apr 2014 13:48:34 -0300 Subject: [PATCH 206/219] target-i386: Filter FEAT_7_0_EBX TCG features too MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The TCG_7_0_EBX_FEATURES macro was defined but never used (it even had a typo that was never noticed). Make the existing TCG feature filtering code use it. Reviewed-by: Richard Henderson Signed-off-by: Eduardo Habkost Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber (cherry picked from commit d0a70f46fa9a3257089a56f2f620b0eff868557f) Conflicts: target-i386/cpu.c *fixed simple context mismatch Signed-off-by: Michael Roth --- target-i386/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target-i386/cpu.c b/target-i386/cpu.c index 654a04e187..d6bc332156 100644 --- a/target-i386/cpu.c +++ b/target-i386/cpu.c @@ -539,7 +539,7 @@ typedef struct x86_def_t { #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \ CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A) #define TCG_SVM_FEATURES 0 -#define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP \ +#define TCG_7_0_EBX_FEATURES (CPUID_7_0_EBX_SMEP | CPUID_7_0_EBX_SMAP | \ CPUID_7_0_EBX_BMI1 | CPUID_7_0_EBX_BMI2 | CPUID_7_0_EBX_ADX) /* missing: CPUID_7_0_EBX_FSGSBASE, CPUID_7_0_EBX_HLE, CPUID_7_0_EBX_AVX2, @@ -2562,6 +2562,7 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) if (!kvm_enabled()) { env->features[FEAT_1_EDX] &= TCG_FEATURES; env->features[FEAT_1_ECX] &= TCG_EXT_FEATURES; + env->features[FEAT_7_0_EBX] &= TCG_7_0_EBX_FEATURES; env->features[FEAT_8000_0001_EDX] &= (TCG_EXT2_FEATURES #ifdef TARGET_X86_64 | CPUID_EXT2_SYSCALL | CPUID_EXT2_LM From 0fd14a556436386311c3c5aeeac501ce468c8df0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= Date: Tue, 24 Jun 2014 19:11:32 +0200 Subject: [PATCH 207/219] virtio-net: byteswap virtio-net header MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TCP connectivity fails when the guest has a different endianness. The packets are silently dropped on the host by the tap backend when they are read from user space because the endianness of the virtio-net header is in the wrong order. These lines may appear in the guest console: [ 454.709327] skbuff: bad partial csum: csum=8704/4096 len=74 [ 455.702554] skbuff: bad partial csum: csum=8704/4096 len=74 The issue that got first spotted with a ppc64le PowerKVM guest, but it also exists for the less common case of a x86_64 guest run by a big-endian ppc64 TCG hypervisor. Signed-off-by: Cédric Le Goater [ Ported from PowerKVM, Greg Kurz ] Signed-off-by: Greg Kurz Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 032a74a1c0fcdd5fd1c69e56126b4c857ee36611) Signed-off-by: Michael Roth --- hw/net/virtio-net.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 29c5f35c57..6246725614 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -843,6 +843,14 @@ static int virtio_net_has_buffers(VirtIONetQueue *q, int bufsize) return 1; } +static void virtio_net_hdr_swap(struct virtio_net_hdr *hdr) +{ + tswap16s(&hdr->hdr_len); + tswap16s(&hdr->gso_size); + tswap16s(&hdr->csum_start); + tswap16s(&hdr->csum_offset); +} + /* dhclient uses AF_PACKET but doesn't pass auxdata to the kernel so * it never finds out that the packets don't have valid checksums. This * causes dhclient to get upset. Fedora's carried a patch for ages to @@ -878,6 +886,7 @@ static void receive_header(VirtIONet *n, const struct iovec *iov, int iov_cnt, void *wbuf = (void *)buf; work_around_broken_dhclient(wbuf, wbuf + n->host_hdr_len, size - n->host_hdr_len); + virtio_net_hdr_swap(wbuf); iov_from_buf(iov, iov_cnt, 0, buf, sizeof(struct virtio_net_hdr)); } else { struct virtio_net_hdr hdr = { @@ -1086,6 +1095,14 @@ static int32_t virtio_net_flush_tx(VirtIONetQueue *q) exit(1); } + if (n->has_vnet_hdr) { + if (out_sg[0].iov_len < n->guest_hdr_len) { + error_report("virtio-net header incorrect"); + exit(1); + } + virtio_net_hdr_swap((void *) out_sg[0].iov_base); + } + /* * If host wants to see the guest header as is, we can * pass it on unchanged. Otherwise, copy just the parts From 62c754e67cc5eb74a176e4de71028f1fc8638bb5 Mon Sep 17 00:00:00 2001 From: Alexander Graf Date: Tue, 24 Jun 2014 19:13:50 +0200 Subject: [PATCH 208/219] virtio-serial: don't migrate the config space The device configuration is set at realize time and never changes. It should not be migrated as it is done today. For the sake of compatibility, let's just skip them at load time. Signed-off-by: Alexander Graf [ added missing casts to uint16_t *, added From, SoB and commit message, Greg Kurz ] Reviewed-by: Michael S. Tsirkin Signed-off-by: Greg Kurz Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit e38e943a1fa20d04deb1899be19b12aadec7a585) Signed-off-by: Michael Roth --- hw/char/virtio-serial-bus.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index a7ede90ec1..f3e496f5ac 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -670,6 +670,7 @@ static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id) uint32_t max_nr_ports, nr_active_ports, ports_map; unsigned int i; int ret; + uint32_t tmp; if (version_id > 3) { return -EINVAL; @@ -685,17 +686,12 @@ static int virtio_serial_load(QEMUFile *f, void *opaque, int version_id) return 0; } - /* The config space */ - qemu_get_be16s(f, &s->config.cols); - qemu_get_be16s(f, &s->config.rows); - - qemu_get_be32s(f, &max_nr_ports); - tswap32s(&max_nr_ports); - if (max_nr_ports > tswap32(s->config.max_nr_ports)) { - /* Source could have had more ports than us. Fail migration. */ - return -EINVAL; - } + /* Unused */ + qemu_get_be16s(f, (uint16_t *) &tmp); + qemu_get_be16s(f, (uint16_t *) &tmp); + qemu_get_be32s(f, &tmp); + max_nr_ports = tswap32(s->config.max_nr_ports); for (i = 0; i < (max_nr_ports + 31) / 32; i++) { qemu_get_be32s(f, &ports_map); From 3c3d8c6d19f704796de9a7873b13ba723161d3bd Mon Sep 17 00:00:00 2001 From: Hani Benhabiles Date: Sun, 18 May 2014 11:50:04 +0100 Subject: [PATCH 209/219] nbd: Don't export a block device with no medium. The device is exported with erroneous values and can't be read. Before the patch: $ sudo nbd-client localhost -p 10809 /dev/nbd0 -name floppy0 Negotiation: ..size = 17592186044415MB bs=1024, sz=18446744073709547520 bytes $ sudo mount /dev/nbd0 /mnt/tmp/ mount: block device /dev/nbd0 is write-protected, mounting read-only mount: /dev/nbd0: can't read superblock After the patch: (qemu) nbd_server_add ide0-hd0 (qemu) nbd_server_add floppy0 Device 'floppy0' has no medium Signed-off-by: Hani Benhabiles Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 60fe4fac22895576973e317d7148b084c31cc64c) Signed-off-by: Michael Roth --- blockdev-nbd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/blockdev-nbd.c b/blockdev-nbd.c index 922cf5657b..a700d52d71 100644 --- a/blockdev-nbd.c +++ b/blockdev-nbd.c @@ -91,6 +91,10 @@ void qmp_nbd_server_add(const char *device, bool has_writable, bool writable, error_set(errp, QERR_DEVICE_NOT_FOUND, device); return; } + if (!bdrv_is_inserted(bs)) { + error_set(errp, QERR_DEVICE_HAS_NO_MEDIUM, device); + return; + } if (!has_writable) { writable = false; From cf392d2c7c0f10adc5d9d4f740e034b646605fff Mon Sep 17 00:00:00 2001 From: Hani Benhabiles Date: Sun, 18 May 2014 11:50:05 +0100 Subject: [PATCH 210/219] nbd: Don't validate from and len in NBD_CMD_DISC. These values aren't used in this case. Currently, the from field in the request sent by the nbd kernel module leading to a false error message when ending the connection with the client. $ qemu-nbd some.img -v // After nbd-client -d /dev/nbd0 nbd.c:nbd_trip():L1031: From: 18446744073709551104, Len: 0, Size: 20971520, Offset: 0 nbd.c:nbd_trip():L1032: requested operation past EOF--bad client? nbd.c:nbd_receive_request():L638: read failed Signed-off-by: Hani Benhabiles Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 8c5d1abbb79193dca8e4823ef53d8d1e650362ae) Signed-off-by: Michael Roth --- nbd.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nbd.c b/nbd.c index f847940f3e..d0974579ae 100644 --- a/nbd.c +++ b/nbd.c @@ -1069,6 +1069,7 @@ static void nbd_trip(void *opaque) struct nbd_request request; struct nbd_reply reply; ssize_t ret; + uint32_t command; TRACE("Reading request."); if (client->closing) { @@ -1091,8 +1092,8 @@ static void nbd_trip(void *opaque) reply.error = -ret; goto error_reply; } - - if ((request.from + request.len) > exp->size) { + command = request.type & NBD_CMD_MASK_COMMAND; + if (command != NBD_CMD_DISC && (request.from + request.len) > exp->size) { LOG("From: %" PRIu64 ", Len: %u, Size: %" PRIu64 ", Offset: %" PRIu64 "\n", request.from, request.len, @@ -1101,7 +1102,7 @@ static void nbd_trip(void *opaque) goto invalid_request; } - switch (request.type & NBD_CMD_MASK_COMMAND) { + switch (command) { case NBD_CMD_READ: TRACE("Request type is READ"); From 25351f6a9ad55990d5140a928fd6ea29e48943af Mon Sep 17 00:00:00 2001 From: Hani Benhabiles Date: Tue, 13 May 2014 00:35:15 +0100 Subject: [PATCH 211/219] nbd: Close socket on negotiation failure. Otherwise, the nbd client may hang waiting for the server response. Signed-off-by: Hani Benhabiles Acked-by: Paolo Bonzini Signed-off-by: Michael Tokarev (cherry picked from commit 36af599417dde11747a27dc8550ff2281657a8ff) Signed-off-by: Michael Roth --- blockdev-nbd.c | 4 ++-- qemu-nbd.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/blockdev-nbd.c b/blockdev-nbd.c index a700d52d71..18dc528761 100644 --- a/blockdev-nbd.c +++ b/blockdev-nbd.c @@ -27,8 +27,8 @@ static void nbd_accept(void *opaque) socklen_t addr_len = sizeof(addr); int fd = accept(server_fd, (struct sockaddr *)&addr, &addr_len); - if (fd >= 0) { - nbd_client_new(NULL, fd, nbd_client_put); + if (fd >= 0 && !nbd_client_new(NULL, fd, nbd_client_put)) { + close(fd); } } diff --git a/qemu-nbd.c b/qemu-nbd.c index c26c98ef1d..7a2cff92c2 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -299,8 +299,10 @@ static void nbd_accept(void *opaque) return; } - if (fd >= 0 && nbd_client_new(exp, fd, nbd_client_closed)) { + if (nbd_client_new(exp, fd, nbd_client_closed)) { nb_fds++; + } else { + close(fd); } } From 0c60b74a0cc17a8fedb1b300b7b65ae946d917c9 Mon Sep 17 00:00:00 2001 From: Hani Benhabiles Date: Sat, 31 May 2014 22:39:42 +0100 Subject: [PATCH 212/219] nbd: Shutdown socket before closing. This forces finishing data sending to client before closing the socket like in exports listing or replying with NBD_REP_ERR_UNSUP cases. Signed-off-by: Hani Benhabiles Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini (cherry picked from commit 27e5eae4577316f7e86a56eb7363d4e78f79e3e5) Signed-off-by: Michael Roth --- blockdev-nbd.c | 1 + qemu-nbd.c | 1 + 2 files changed, 2 insertions(+) diff --git a/blockdev-nbd.c b/blockdev-nbd.c index 18dc528761..b3a24740b2 100644 --- a/blockdev-nbd.c +++ b/blockdev-nbd.c @@ -28,6 +28,7 @@ static void nbd_accept(void *opaque) int fd = accept(server_fd, (struct sockaddr *)&addr, &addr_len); if (fd >= 0 && !nbd_client_new(NULL, fd, nbd_client_put)) { + shutdown(fd, 2); close(fd); } } diff --git a/qemu-nbd.c b/qemu-nbd.c index 7a2cff92c2..474966f468 100644 --- a/qemu-nbd.c +++ b/qemu-nbd.c @@ -302,6 +302,7 @@ static void nbd_accept(void *opaque) if (nbd_client_new(exp, fd, nbd_client_closed)) { nb_fds++; } else { + shutdown(fd, 2); close(fd); } } From 41ee91810e8ae15ac9bc84ccf358c6f425f7ba6f Mon Sep 17 00:00:00 2001 From: Michael Roth Date: Tue, 20 May 2014 12:20:39 -0500 Subject: [PATCH 213/219] qapi: zero-initialize all QMP command parameters In general QMP command parameter values are specified by consumers of the QMP/HMP interface, but in the case of optional parameters these values may be left uninitialized. It is considered a bug for code to make use of optional parameters that have not been flagged as being present by the marshalling code (via corresponding has_ parameter), however our marshalling code will still pass these uninitialized values on to the corresponding QMP function (to then be ignored). Some compilers (clang in particular) consider this unsafe however, and generate warnings as a result. As reported by Peter Maydell: This is something clang's -fsanitize=undefined spotted. The code generated by qapi-commands.py in qmp-marshal.c for qmp_marshal_* functions where there are some optional arguments looks like this: bool has_force = false; bool force; mi = qmp_input_visitor_new_strict(QOBJECT(args)); v = qmp_input_get_visitor(mi); visit_type_str(v, &device, "device", errp); visit_start_optional(v, &has_force, "force", errp); if (has_force) { visit_type_bool(v, &force, "force", errp); } visit_end_optional(v, errp); qmp_input_visitor_cleanup(mi); if (error_is_set(errp)) { goto out; } qmp_eject(device, has_force, force, errp); In the case where has_force is false, we never initialize force, but then we use it by passing it to qmp_eject. I imagine we don't then actually use the value, but clang complains in particular for 'bool' variables because the value that ends up being loaded from memory for 'force' is not either 0 or 1 (being uninitialized stack contents). Fix this by initializing all QMP command parameters to {0} in the marshalling code prior to passing them on to the QMP functions. Signed-off-by: Michael Roth Reported-by: Peter Maydell Tested-by: Peter Maydell Reviewed-by: Eric Blake Reviewed-by: Markus Armbruster Signed-off-by: Luiz Capitulino (cherry picked from commit fc13d937269c1cd01a4b7720c1dcce01722727a2) Signed-off-by: Michael Roth --- scripts/qapi-commands.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/qapi-commands.py b/scripts/qapi-commands.py index b12b6964ef..b9c41fb605 100644 --- a/scripts/qapi-commands.py +++ b/scripts/qapi-commands.py @@ -119,7 +119,7 @@ bool has_%(argname)s = false; argname=c_var(argname), argtype=c_type(argtype)) else: ret += mcgen(''' -%(argtype)s %(argname)s; +%(argtype)s %(argname)s = {0}; ''', argname=c_var(argname), argtype=c_type(argtype)) From 02835d57444ce7308931b71cabbe5fb1d7d8b9eb Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 21 Feb 2014 16:42:52 +0100 Subject: [PATCH 214/219] vnc: Fix tight_detect_smooth_image() for lossless case VncTight member uint8_t quality is either (uint8_t)-1 for lossless or less than 10 for lossy. tight_detect_smooth_image() first promotes it to int, then compares with -1. Always unequal, so we always execute the lossy code. Reads beyond tight_conf[] and returns crap when quality is actually lossless. Compare to (uint8_t)-1 instead, like we do elsewhere. Spotted by Coverity. Signed-off-by: Markus Armbruster Signed-off-by: Gerd Hoffmann (cherry picked from commit 2e7bcdb99adbd8fc10ad9ddcf93bd2bf3c0f1f2d) Signed-off-by: Michael Roth --- ui/vnc-enc-tight.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c index e6966aebc3..59b59c0c79 100644 --- a/ui/vnc-enc-tight.c +++ b/ui/vnc-enc-tight.c @@ -330,7 +330,7 @@ tight_detect_smooth_image(VncState *vs, int w, int h) } else { errors = tight_detect_smooth_image16(vs, w, h); } - if (quality != -1) { + if (quality != (uint8_t)-1) { return (errors < tight_conf[quality].jpeg_threshold); } return (errors < tight_conf[compression].gradient_threshold); From bb485bf2e85e134f8f7869ac2e8855adad8ee688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Tue, 13 May 2014 11:39:42 +0200 Subject: [PATCH 215/219] sdhci: Fix misuse of qemu_free_irqs() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It does a g_free() on the pointer, so don't pass a local &foo reference. Reviewed-by: Peter Crosthwaite Reviewed-by: Peter Maydell Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber (cherry picked from commit 127a4e1a51c038ec9167083b65d376dddcc64530) Signed-off-by: Michael Roth --- hw/sd/sdhci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index 0906a1d62b..9e8a236070 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -1185,8 +1185,8 @@ static void sdhci_uninitfn(Object *obj) timer_free(s->insert_timer); timer_del(s->transfer_timer); timer_free(s->transfer_timer); - qemu_free_irqs(&s->eject_cb); - qemu_free_irqs(&s->ro_cb); + qemu_free_irq(s->eject_cb); + qemu_free_irq(s->ro_cb); if (s->fifo_buffer) { g_free(s->fifo_buffer); From 53e4895c985c7dbadd47915706c9bdfe7471aa51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Wed, 18 Jun 2014 00:55:18 -0700 Subject: [PATCH 216/219] hw: Fix qemu_allocate_irqs() leaks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace qemu_allocate_irqs(foo, bar, 1)[0] with qemu_allocate_irq(foo, bar, 0). This avoids leaking the dereferenced qemu_irq *. Cc: Markus Armbruster Reviewed-by: Peter Crosthwaite Reviewed-by: Peter Maydell Signed-off-by: Andreas Färber [PC Changes: * Applied change to instance in sh4/sh7750.c ] Signed-off-by: Peter Crosthwaite Reviewed-by: Kirill Batuzov [AF: Fix IRQ index in sh4/sh7750.c] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber (cherry picked from commit f3c7d0389fe8a2792fd4c1cf151b885de03c8f62) Signed-off-by: Michael Roth --- hw/arm/omap1.c | 14 +++++++------- hw/arm/omap2.c | 2 +- hw/arm/pxa2xx.c | 4 ++-- hw/arm/spitz.c | 4 ++-- hw/arm/z2.c | 2 +- hw/core/irq.c | 4 ++-- hw/dma/omap_dma.c | 4 ++-- hw/ide/microdrive.c | 2 +- hw/misc/cbus.c | 6 +++--- hw/pcmcia/pxa2xx.c | 2 +- hw/sd/omap_mmc.c | 2 +- hw/sd/sdhci.c | 4 ++-- hw/sh4/sh7750.c | 3 +-- hw/timer/omap_gptimer.c | 4 ++-- 14 files changed, 28 insertions(+), 29 deletions(-) diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c index 47511d2cae..e97eacd365 100644 --- a/hw/arm/omap1.c +++ b/hw/arm/omap1.c @@ -172,7 +172,7 @@ static void omap_timer_clk_update(void *opaque, int line, int on) static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer) { omap_clk_adduser(timer->clk, - qemu_allocate_irqs(omap_timer_clk_update, timer, 1)[0]); + qemu_allocate_irq(omap_timer_clk_update, timer, 0)); timer->rate = omap_clk_getrate(timer->clk); } @@ -2094,7 +2094,7 @@ static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory, "omap-mpuio", 0x800); memory_region_add_subregion(memory, base, &s->iomem); - omap_clk_adduser(clk, qemu_allocate_irqs(omap_mpuio_onoff, s, 1)[0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_mpuio_onoff, s, 0)); return s; } @@ -2397,7 +2397,7 @@ static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory, "omap-pwl", 0x800); memory_region_add_subregion(system_memory, base, &s->iomem); - omap_clk_adduser(clk, qemu_allocate_irqs(omap_pwl_clk_update, s, 1)[0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_pwl_clk_update, s, 0)); return s; } @@ -3481,8 +3481,8 @@ static void omap_mcbsp_i2s_start(void *opaque, int line, int level) void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave) { s->codec = slave; - slave->rx_swallow = qemu_allocate_irqs(omap_mcbsp_i2s_swallow, s, 1)[0]; - slave->tx_start = qemu_allocate_irqs(omap_mcbsp_i2s_start, s, 1)[0]; + slave->rx_swallow = qemu_allocate_irq(omap_mcbsp_i2s_swallow, s, 0); + slave->tx_start = qemu_allocate_irq(omap_mcbsp_i2s_start, s, 0); } /* LED Pulse Generators */ @@ -3630,7 +3630,7 @@ static struct omap_lpg_s *omap_lpg_init(MemoryRegion *system_memory, memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg", 0x800); memory_region_add_subregion(system_memory, base, &s->iomem); - omap_clk_adduser(clk, qemu_allocate_irqs(omap_lpg_clk_update, s, 1)[0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_lpg_clk_update, s, 0)); return s; } @@ -3844,7 +3844,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory, s->sdram_size = sdram_size; s->sram_size = OMAP15XX_SRAM_SIZE; - s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0]; + s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0); /* Clocks */ omap_clk_init(s); diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c index 36efde0d64..dc53a7abba 100644 --- a/hw/arm/omap2.c +++ b/hw/arm/omap2.c @@ -2260,7 +2260,7 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem, s->sdram_size = sdram_size; s->sram_size = OMAP242X_SRAM_SIZE; - s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0]; + s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0); /* Clocks */ omap_clk_init(s); diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c index daec57d228..30cf71fb00 100644 --- a/hw/arm/pxa2xx.c +++ b/hw/arm/pxa2xx.c @@ -2057,7 +2057,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space, fprintf(stderr, "Unable to find CPU definition\n"); exit(1); } - s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0]; + s->reset = qemu_allocate_irq(pxa2xx_reset, s, 0); /* SDRAM & Internal Memory Storage */ memory_region_init_ram(&s->sdram, NULL, "pxa270.sdram", sdram_size); @@ -2188,7 +2188,7 @@ PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size) fprintf(stderr, "Unable to find CPU definition\n"); exit(1); } - s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0]; + s->reset = qemu_allocate_irq(pxa2xx_reset, s, 0); /* SDRAM & Internal Memory Storage */ memory_region_init_ram(&s->sdram, NULL, "pxa255.sdram", sdram_size); diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c index ba172835eb..54f21668cb 100644 --- a/hw/arm/spitz.c +++ b/hw/arm/spitz.c @@ -743,7 +743,7 @@ static void spitz_i2c_setup(PXA2xxState *cpu) spitz_wm8750_addr(wm, 0, 0); qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_WM, - qemu_allocate_irqs(spitz_wm8750_addr, wm, 1)[0]); + qemu_allocate_irq(spitz_wm8750_addr, wm, 0)); /* .. and to the sound interface. */ cpu->i2s->opaque = wm; cpu->i2s->codec_out = wm8750_dac_dat; @@ -849,7 +849,7 @@ static void spitz_gpio_setup(PXA2xxState *cpu, int slots) * wouldn't guarantee that a guest ever exits the loop. */ spitz_hsync = 0; - lcd_hsync = qemu_allocate_irqs(spitz_lcd_hsync_handler, cpu, 1)[0]; + lcd_hsync = qemu_allocate_irq(spitz_lcd_hsync_handler, cpu, 0); pxa2xx_gpio_read_notifier(cpu->gpio, lcd_hsync); pxa2xx_lcd_vsync_notifier(cpu->lcd, lcd_hsync); diff --git a/hw/arm/z2.c b/hw/arm/z2.c index d52c5019b3..d662130a2d 100644 --- a/hw/arm/z2.c +++ b/hw/arm/z2.c @@ -359,7 +359,7 @@ static void z2_init(QEMUMachineInitArgs *args) wm8750_data_req_set(wm, mpu->i2s->data_req, mpu->i2s); qdev_connect_gpio_out(mpu->gpio, Z2_GPIO_LCD_CS, - qemu_allocate_irqs(z2_lcd_cs, z2_lcd, 1)[0]); + qemu_allocate_irq(z2_lcd_cs, z2_lcd, 0)); z2_binfo.kernel_filename = kernel_filename; z2_binfo.kernel_cmdline = kernel_cmdline; diff --git a/hw/core/irq.c b/hw/core/irq.c index 03c8cb31ea..3d284c6482 100644 --- a/hw/core/irq.c +++ b/hw/core/irq.c @@ -102,7 +102,7 @@ qemu_irq qemu_irq_invert(qemu_irq irq) { /* The default state for IRQs is low, so raise the output now. */ qemu_irq_raise(irq); - return qemu_allocate_irqs(qemu_notirq, irq, 1)[0]; + return qemu_allocate_irq(qemu_notirq, irq, 0); } static void qemu_splitirq(void *opaque, int line, int level) @@ -117,7 +117,7 @@ qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2) qemu_irq *s = g_malloc0(2 * sizeof(qemu_irq)); s[0] = irq1; s[1] = irq2; - return qemu_allocate_irqs(qemu_splitirq, s, 1)[0]; + return qemu_allocate_irq(qemu_splitirq, s, 0); } static void proxy_irq_handler(void *opaque, int n, int level) diff --git a/hw/dma/omap_dma.c b/hw/dma/omap_dma.c index 0e8cccd27f..bb02279372 100644 --- a/hw/dma/omap_dma.c +++ b/hw/dma/omap_dma.c @@ -1660,7 +1660,7 @@ struct soc_dma_s *omap_dma_init(hwaddr base, qemu_irq *irqs, } omap_dma_setcaps(s); - omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]); + omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0)); omap_dma_reset(s->dma); omap_dma_clk_update(s, 0, 1); @@ -2082,7 +2082,7 @@ struct soc_dma_s *omap_dma4_init(hwaddr base, qemu_irq *irqs, s->intr_update = omap_dma_interrupts_4_update; omap_dma_setcaps(s); - omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]); + omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0)); omap_dma_reset(s->dma); omap_dma_clk_update(s, 0, !!s->dma->freq); diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c index 21d6495817..c73c5a700f 100644 --- a/hw/ide/microdrive.c +++ b/hw/ide/microdrive.c @@ -594,7 +594,7 @@ static void microdrive_realize(DeviceState *dev, Error **errp) { MicroDriveState *md = MICRODRIVE(dev); - ide_init2(&md->bus, qemu_allocate_irqs(md_set_irq, md, 1)[0]); + ide_init2(&md->bus, qemu_allocate_irq(md_set_irq, md, 0)); } static void microdrive_init(Object *obj) diff --git a/hw/misc/cbus.c b/hw/misc/cbus.c index 29b467b61f..495d5078fe 100644 --- a/hw/misc/cbus.c +++ b/hw/misc/cbus.c @@ -135,9 +135,9 @@ CBus *cbus_init(qemu_irq dat) CBusPriv *s = (CBusPriv *) g_malloc0(sizeof(*s)); s->dat_out = dat; - s->cbus.clk = qemu_allocate_irqs(cbus_clk, s, 1)[0]; - s->cbus.dat = qemu_allocate_irqs(cbus_dat, s, 1)[0]; - s->cbus.sel = qemu_allocate_irqs(cbus_sel, s, 1)[0]; + s->cbus.clk = qemu_allocate_irq(cbus_clk, s, 0); + s->cbus.dat = qemu_allocate_irq(cbus_dat, s, 0); + s->cbus.sel = qemu_allocate_irq(cbus_sel, s, 0); s->sel = 1; s->clk = 0; diff --git a/hw/pcmcia/pxa2xx.c b/hw/pcmcia/pxa2xx.c index 8f17596cc3..4a126b3e04 100644 --- a/hw/pcmcia/pxa2xx.c +++ b/hw/pcmcia/pxa2xx.c @@ -195,7 +195,7 @@ static void pxa2xx_pcmcia_initfn(Object *obj) memory_region_add_subregion(&s->container_mem, 0x0c000000, &s->common_iomem); - s->slot.irq = qemu_allocate_irqs(pxa2xx_pcmcia_set_irq, s, 1)[0]; + s->slot.irq = qemu_allocate_irq(pxa2xx_pcmcia_set_irq, s, 0); object_property_add_link(obj, "card", TYPE_PCMCIA_CARD, (Object **)&s->card, NULL); diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c index 937a47869a..6c92149c04 100644 --- a/hw/sd/omap_mmc.c +++ b/hw/sd/omap_mmc.c @@ -625,7 +625,7 @@ struct omap_mmc_s *omap2_mmc_init(struct omap_target_agent_s *ta, exit(1); } - s->cdet = qemu_allocate_irqs(omap_mmc_cover_cb, s, 1)[0]; + s->cdet = qemu_allocate_irq(omap_mmc_cover_cb, s, 0); sd_set_cb(s->card, NULL, s->cdet); return s; diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index 9e8a236070..79a2b1d2ae 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -1169,8 +1169,8 @@ static void sdhci_initfn(Object *obj) if (s->card == NULL) { exit(1); } - s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0]; - s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0]; + s->eject_cb = qemu_allocate_irq(sdhci_insert_eject_cb, s, 0); + s->ro_cb = qemu_allocate_irq(sdhci_card_readonly_cb, s, 0); sd_set_cb(s->card, s->ro_cb, s->eject_cb); s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_raise_insertion_irq, s); diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c index 1439ba44e5..6ad66c9f59 100644 --- a/hw/sh4/sh7750.c +++ b/hw/sh4/sh7750.c @@ -838,6 +838,5 @@ SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion *sysmem) qemu_irq sh7750_irl(SH7750State *s) { sh_intc_toggle_source(sh_intc_source(&s->intc, IRL), 1, 0); /* enable */ - return qemu_allocate_irqs(sh_intc_set_irl, sh_intc_source(&s->intc, IRL), - 1)[0]; + return qemu_allocate_irq(sh_intc_set_irl, sh_intc_source(&s->intc, IRL), 0); } diff --git a/hw/timer/omap_gptimer.c b/hw/timer/omap_gptimer.c index 016207f626..b7f3d49ca6 100644 --- a/hw/timer/omap_gptimer.c +++ b/hw/timer/omap_gptimer.c @@ -227,7 +227,7 @@ static void omap_gp_timer_clk_update(void *opaque, int line, int on) static void omap_gp_timer_clk_setup(struct omap_gp_timer_s *timer) { omap_clk_adduser(timer->clk, - qemu_allocate_irqs(omap_gp_timer_clk_update, timer, 1)[0]); + qemu_allocate_irq(omap_gp_timer_clk_update, timer, 0)); timer->rate = omap_clk_getrate(timer->clk); } @@ -476,7 +476,7 @@ struct omap_gp_timer_s *omap_gp_timer_init(struct omap_target_agent_s *ta, s->clk = fclk; s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_tick, s); s->match = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_match, s); - s->in = qemu_allocate_irqs(omap_gp_timer_input, s, 1)[0]; + s->in = qemu_allocate_irq(omap_gp_timer_input, s, 0); omap_gp_timer_reset(s); omap_gp_timer_clk_setup(s); From 14d9fb02c26133f637b3184fb4c766098e2f635e Mon Sep 17 00:00:00 2001 From: Le Tan Date: Wed, 2 Jul 2014 08:06:35 +0800 Subject: [PATCH 217/219] pci: assign devfn to pci_dev before calling pci_device_iommu_address_space() In function do_pci_register_device() in file hw/pci/pci.c, move the assignment of pci_dev->devfn to the position before the call to pci_device_iommu_address_space(pci_dev) which will use the value of pci_dev->devfn. Fixes: 9eda7d373e9c691c070eddcbe3467b991f67f6bd pci: Introduce helper to retrieve a PCI device's DMA address space Cc: qemu-stable@nongnu.org Signed-off-by: Le Tan Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit efc8188e9398e54567b238b756eec2cc746cd2a4) Signed-off-by: Michael Roth --- hw/pci/pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/pci/pci.c b/hw/pci/pci.c index 347d0c0d57..e1bc1e3f9f 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -820,6 +820,7 @@ static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus, } pci_dev->bus = bus; + pci_dev->devfn = devfn; dma_as = pci_device_iommu_address_space(pci_dev); memory_region_init_alias(&pci_dev->bus_master_enable_region, @@ -829,7 +830,6 @@ static PCIDevice *do_pci_register_device(PCIDevice *pci_dev, PCIBus *bus, address_space_init(&pci_dev->bus_master_as, &pci_dev->bus_master_enable_region, name); - pci_dev->devfn = devfn; pstrcpy(pci_dev->name, sizeof(pci_dev->name), name); pci_dev->irq_state = 0; pci_config_alloc(pci_dev); From 8fde73e13858e6acd33ce5dea1e11e81ad0848af Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Fri, 27 Jun 2014 20:02:48 +0100 Subject: [PATCH 218/219] Allow mismatched virtio config-len Commit 'virtio: validate config_len on load' restricted config_len loaded from the wire to match the config_len that the device had. Unfortunately, there are cases where this isn't true, the one we found it on was the wce addition in virtio-blk. Allow mismatched config-lengths: *) If the version on the wire is shorter then fine *) If the version on the wire is longer, load what we have space for and skip the rest. (This is mst@redhat.com's rework of what I originally posted) Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 2f5732e9648fcddc8759a8fd25c0b41a38352be6) Signed-off-by: Michael Roth --- hw/virtio/virtio.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index c6265c69fe..3fe91b74de 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -923,12 +923,18 @@ int virtio_load(VirtIODevice *vdev, QEMUFile *f) return -1; } config_len = qemu_get_be32(f); - if (config_len != vdev->config_len) { - error_report("Unexpected config length 0x%x. Expected 0x%zx", - config_len, vdev->config_len); - return -1; + + /* + * There are cases where the incoming config can be bigger or smaller + * than what we have; so load what we have space for, and skip + * any excess that's in the stream. + */ + qemu_get_buffer(f, vdev->config, MIN(config_len, vdev->config_len)); + + while (config_len > vdev->config_len) { + qemu_get_byte(f); + config_len--; } - qemu_get_buffer(f, vdev->config, vdev->config_len); num = qemu_get_be32(f); From adba377ea7880c0aa43787fdfbadbc5f6afeaa16 Mon Sep 17 00:00:00 2001 From: Michael Roth Date: Mon, 21 Jul 2014 17:41:40 -0500 Subject: [PATCH 219/219] Update VERSION for 1.7.2 release Signed-off-by: Michael Roth --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 943f9cbc4e..f8a696c8dc 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.7.1 +1.7.2