From 7654b489d1255b66b7b6b1d74b384421f7b0700b Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Tue, 13 Aug 2024 12:28:58 -0400 Subject: [PATCH 01/14] Bump version to 1.0.7 and FLEVEL to 167 --- CMakeLists.txt | 2 +- Jenkinsfile | 2 +- NEWS.md | 4 ++++ libclamav/bytecode_api.h | 1 + libclamav/others.h | 2 +- win32/res/common.rc | 4 ++-- 6 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 18a80eda17..69824b9925 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -22,7 +22,7 @@ string(TIMESTAMP TODAY "%Y%m%d") set(VERSION_SUFFIX "") project( ClamAV - VERSION "1.0.6" + VERSION "1.0.7" DESCRIPTION "ClamAV open source email, web, and end-point anti-virus toolkit." ) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) diff --git a/Jenkinsfile b/Jenkinsfile index 7f82339474..212352cbb3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -10,7 +10,7 @@ properties( parameters( [ string(name: 'VERSION', - defaultValue: '1.0.6', + defaultValue: '1.0.7', description: 'ClamAV version string'), string(name: 'FRAMEWORK_BRANCH', defaultValue: '1.0', diff --git a/NEWS.md b/NEWS.md index 8c89cb0543..05a7accc89 100644 --- a/NEWS.md +++ b/NEWS.md @@ -3,6 +3,10 @@ Note: This file refers to the official packages. Things described here may differ slightly from third-party binary packages. +## 1.0.7 + +ClamAV 1.0.7 is a patch release with the following fixes: + ## 1.0.6 ClamAV 1.0.6 is a critical patch release with the following fixes: diff --git a/libclamav/bytecode_api.h b/libclamav/bytecode_api.h index 2c26f76ffa..d50bb72ea0 100644 --- a/libclamav/bytecode_api.h +++ b/libclamav/bytecode_api.h @@ -170,6 +170,7 @@ enum FunctionalityLevels { FUNC_LEVEL_1_0_4 = 164, /**< LibClamAV release 1.0.4 */ FUNC_LEVEL_1_0_5 = 165, /**< LibClamAV release 1.0.5 */ FUNC_LEVEL_1_0_6 = 166, /**< LibClamAV release 1.0.6 */ + FUNC_LEVEL_1_0_7 = 167, /**< LibClamAV release 1.0.7 */ }; /** diff --git a/libclamav/others.h b/libclamav/others.h index f7bc361e00..c4ffa4d361 100644 --- a/libclamav/others.h +++ b/libclamav/others.h @@ -73,7 +73,7 @@ * in re-enabling affected modules. */ -#define CL_FLEVEL 166 +#define CL_FLEVEL 167 #define CL_FLEVEL_DCONF CL_FLEVEL #define CL_FLEVEL_SIGTOOL CL_FLEVEL diff --git a/win32/res/common.rc b/win32/res/common.rc index 20df185543..a3017fb5f2 100644 --- a/win32/res/common.rc +++ b/win32/res/common.rc @@ -6,8 +6,8 @@ #define REPO_VERSION VERSION #endif -#define RES_VER_Q 1,0,6,0 -#define RES_VER_S "ClamAV 1.0.6" +#define RES_VER_Q 1,0,7,0 +#define RES_VER_S "ClamAV 1.0.7" VS_VERSION_INFO VERSIONINFO FILEVERSION RES_VER_Q From d49e9c359aca84332b58351411ff319f5d639151 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Wed, 10 Jul 2024 16:26:00 -0400 Subject: [PATCH 02/14] Fix unit test caused by expiring signing certificate The clamscan test "assorted_test.py::TC::test_pe_cert_trust" is about to fail because the "test.exe" test file was signed with a cert set to expire after only 2 years, and it has been 23 months. While attempting to generate a new one that will last 73000 days (200 years), I discovered that any signing certificate set to expire after 2038 will fail the trust-check because the `ca.not_after` variable is maxed out `time_t` incapable of expressing a higher number. To fix this, I've upgraded the variables to `uint64_t`. I also had to replace a bunch of generated signatures to match the new "test.exe". Finally, I noticed that "ca.not_before" was being set to the token[8] instead of token[9], which presumably mean the "NotBefore" field for Trusted and Revoked Certificates was non-functional, as it was treating the "CertSign" boolean as the "NotBefore" value. Fixes: https://github.com/Cisco-Talos/clamav/issues/1300 --- libclamav/crtmgr.h | 4 ++-- libclamav/readdb.c | 4 ++-- ....HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb | 2 +- ...g.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb | 2 +- ...HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb | 2 +- ....HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb | 2 +- ...B_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb | 2 +- ...SB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb | 2 +- ...g.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb | 2 +- ...ig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb | 2 +- ...g.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb | 2 +- ...ig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb | 2 +- ....MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb | 2 +- ...g.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb | 2 +- ....MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb | 2 +- ...g.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb | 2 +- ...SB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb | 2 +- ...MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb | 2 +- ...SB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb | 2 +- ...MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb | 2 +- .../Test.Sig.CRB.BlockCert.crb | 2 +- .../input/pe_allmatch/test-exe-src/build.py | 4 ++-- unit_tests/input/pe_allmatch/test.exe | Bin 1447976 -> 1447992 bytes .../trust-sigs/Test.Sig.CRB.TrustCert.crb | 2 +- 24 files changed, 26 insertions(+), 26 deletions(-) diff --git a/libclamav/crtmgr.h b/libclamav/crtmgr.h index eafd8203e0..e7699ba750 100644 --- a/libclamav/crtmgr.h +++ b/libclamav/crtmgr.h @@ -66,8 +66,8 @@ typedef struct cli_crt_t { fp_int n; fp_int e; fp_int sig; - time_t not_before; - time_t not_after; + int64_t not_before; + int64_t not_after; cli_crt_hashtype hashtype; int certSign; int codeSign; diff --git a/libclamav/readdb.c b/libclamav/readdb.c index b8e7d786fc..1af058454a 100644 --- a/libclamav/readdb.c +++ b/libclamav/readdb.c @@ -3458,8 +3458,8 @@ static int cli_loadcrt(FILE *fs, struct cl_engine *engine, struct cli_dbio *dbio ca.name = NULL; if (strlen(tokens[9])) - ca.not_before = atoi(tokens[8]); - ca.not_after = (-1U) >> 1; + ca.not_before = atoi(tokens[9]); + ca.not_after = (-1ULL) >> 1; ca.hashtype = CLI_HASHTYPE_ANY; crtmgr_add(&(engine->cmgr), &ca); diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb index 94fe32aec2..946e6efe3b 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb @@ -1 +1 @@ -05fcb14bd4dbad8617251d4e22708367:1447976:Test.GenSig.HDB_1of2_MD5_FIXED_testexe +8a655379478861572791e2404f45f9ed:1447992:Test.GenSig.HDB_1of2_MD5_FIXED_testexe diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb index 261053d1d8..198c450d85 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb @@ -1 +1 @@ -05fcb14bd4dbad8617251d4e22708367:*:Test.GenSig.HDB_2of2_MD5_STAR_testexe:73 \ No newline at end of file +8a655379478861572791e2404f45f9ed:*:Test.GenSig.HDB_2of2_MD5_STAR_testexe:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb index 7a3d422c7a..7134f239af 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb @@ -1 +1 @@ -2ba31b0352bae4f57c1c9144f64ac7a57c010876:1447976:Test.GenSig.HSB_1of4_SHA1_FIXED_testexe +4a2a55f483339bf55fae340f82d3b42001b30e16:1447992:Test.GenSig.HSB_1of4_SHA1_FIXED_testexe diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb index 9d05bc2da2..f5e239bbd1 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb @@ -1 +1 @@ -2ba31b0352bae4f57c1c9144f64ac7a57c010876:*:Test.GenSig.HSB_2of4_SHA1_STAR_testexe:73 +4a2a55f483339bf55fae340f82d3b42001b30e16:*:Test.GenSig.HSB_2of4_SHA1_STAR_testexe:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb index 60300a3689..fa06ce21cf 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb @@ -1 +1 @@ -4f713f2f0d3269d5ea24bf58c8acff9ad67d53044c07f028ae825cacffb6e82e:1447976:Test.GenSig.HSB_3of4_SHA256_FIXED_testexe +ecb52dac06daf876b6ed53063c5fdd5a3e05a0e70f7d326670f202f36ae66c95:1447992:Test.GenSig.HSB_3of4_SHA256_FIXED_testexe diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb index 1558769a64..ae6af8f50a 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb @@ -1 +1 @@ -4f713f2f0d3269d5ea24bf58c8acff9ad67d53044c07f028ae825cacffb6e82e:*:Test.GenSig.HSB_4of4_SHA256_STAR_testexe:73 \ No newline at end of file +ecb52dac06daf876b6ed53063c5fdd5a3e05a0e70f7d326670f202f36ae66c95:*:Test.GenSig.HSB_4of4_SHA256_STAR_testexe:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb index 60ea617381..ab261f1a2e 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb @@ -1 +1 @@ -34304:c2cf3afc85a94f96246ebc2d10427b99:Test.GenSig.MDB_01of16_MD5_FIXED_text +34304:1931e3808e2374839e1cb81790d14c14:Test.GenSig.MDB_01of16_MD5_FIXED_text diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb index a5fa019c22..86d2153bea 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb @@ -1 +1 @@ -*:c2cf3afc85a94f96246ebc2d10427b99:Test.GenSig.MDB_02of16_MD5_STAR_text:73 +*:1931e3808e2374839e1cb81790d14c14:Test.GenSig.MDB_02of16_MD5_STAR_text:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb index da1edc59fc..70e89a1f14 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb @@ -1 +1 @@ -1168896:6623c7640384c88d74cc4d7701a02627:Test.GenSig.MDB_03of16_MD5_FIXED_data +1168896:b724ae3f375a29dd4d5fbe37f430c0ea:Test.GenSig.MDB_03of16_MD5_FIXED_data diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb index 7fbd3d852b..e854e6cf60 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb @@ -1 +1 @@ -*:6623c7640384c88d74cc4d7701a02627:Test.GenSig.MDB_04of16_MD5_STAR_data:73 +*:b724ae3f375a29dd4d5fbe37f430c0ea:Test.GenSig.MDB_04of16_MD5_STAR_data:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb index 26fb2ba711..764299be73 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb @@ -1 +1 @@ -34304:7bcc8fbbab4b38c28cb9a571fa7004d8ff47b09d:Test.GenSig.MSB_01of32_SHA1_FIXED_text +34304:45f9f37f318a50c62d3f26699f2415338ddc1f81:Test.GenSig.MSB_01of32_SHA1_FIXED_text diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb index b614ef8fa0..3feba8624b 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb @@ -1 +1 @@ -*:7bcc8fbbab4b38c28cb9a571fa7004d8ff47b09d:Test.GenSig.MSB_02of32_SHA1_STAR_text:73 +*:45f9f37f318a50c62d3f26699f2415338ddc1f81:Test.GenSig.MSB_02of32_SHA1_STAR_text:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb index d7bca8539a..7010b7703e 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb @@ -1 +1 @@ -1168896:dae420693dde3530da0ad06f593148c9647a66b3:Test.GenSig.MSB_03of32_SHA1_FIXED_data +1168896:9cdbd12ab842a2d021be6cb8f379ee219e817fd7:Test.GenSig.MSB_03of32_SHA1_FIXED_data diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb index 8762992c3e..5bb94ad380 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb @@ -1 +1 @@ -*:dae420693dde3530da0ad06f593148c9647a66b3:Test.GenSig.MSB_04of32_SHA1_STAR_data:73 +*:9cdbd12ab842a2d021be6cb8f379ee219e817fd7:Test.GenSig.MSB_04of32_SHA1_STAR_data:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb index c23e1d313a..339d0e2107 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb @@ -1 +1 @@ -34304:a0174c8dfab8cd480495fede811c9fcd16ec40db6d9dbe69e9e5f32907be3a1a:Test.GenSig.MSB_17of32_SHA256_FIXED_text +34304:73757fdfd15f2e63995a547e86cc4568a9137bfb2f64a588ad9e6f45ddd5e367:Test.GenSig.MSB_17of32_SHA256_FIXED_text diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb index 920ef139e6..3124b3897b 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb @@ -1 +1 @@ -*:a0174c8dfab8cd480495fede811c9fcd16ec40db6d9dbe69e9e5f32907be3a1a:Test.GenSig.MSB_18of32_SHA256_STAR_text:73 +*:73757fdfd15f2e63995a547e86cc4568a9137bfb2f64a588ad9e6f45ddd5e367:Test.GenSig.MSB_18of32_SHA256_STAR_text:73 diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb index aefc9430e9..d5449b2b15 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb @@ -1 +1 @@ -1168896:96559752f87084cc488e3163b615d13eac1816580375facd2f872a3e4d808789:Test.GenSig.MSB_19of32_SHA256_FIXED_data +1168896:09dbd8590151147c35c0b096c7b437d69cfa08bb7116b2f1dfc20a7c8e6d7a58:Test.GenSig.MSB_19of32_SHA256_FIXED_data diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb index 236bec5bbc..43565dd810 100644 --- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb +++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb @@ -1 +1 @@ -*:96559752f87084cc488e3163b615d13eac1816580375facd2f872a3e4d808789:Test.GenSig.MSB_20of32_SHA256_STAR_data:73 +*:09dbd8590151147c35c0b096c7b437d69cfa08bb7116b2f1dfc20a7c8e6d7a58:Test.GenSig.MSB_20of32_SHA256_STAR_data:73 diff --git a/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb b/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb index 08083f0d69..719bf514a1 100644 --- a/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb +++ b/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb @@ -1 +1 @@ -Test.Sig.CRB.BlockCert;0;8b166a274bfaa700a912edd57e8e41365beea576;d2a8ea878c4bba243788488f59354835a005baae;E709F7C042C0DFE60CDEF79BFEC8723468DE92B027E4BC31C2D2B8224DE04B6A23C49C8FEBFAD35274651AA5DAA91FD392E0336B31140F90C125E43E4DEBD3276659BBC639425595F4713C4CAC1892D5D136F76263EDE02DF4EBB849A508B492C7BD3FE295617FC5FF1C482543C938F389D521D8E758D59183C7986A5729E16B5BC3081CF3A749447E23106D170E5835BA137821202B100124EDAD00F7508C19F8103B774E9FA19989058EC52776934690E2CAD67B99E93A9AD50C470E0DF4C48F9F78DBFCEF812730A3A458A310A913CCA7E0B10699A4A441C8900A59193FFDC7376162DA6DB805E4BD9AD9463717B6EEDACAD53AEA9E7FDBB2826588FBF8E45F390B4A44A6A01787DC8110581DD1DC00407C3868F3534241BB340AED7CC9CAB56D27F7E6B645F7CC7BA7B0D1BFB27036F09B9FB25B396575C16B0BF3177FE052F7B5C8BB97F72E69DA7971EAFA643C68E36B5F156BAD46F3E3A580A7CE56BA92ACB972143DDA4B20867A45081262DF2E7A1F80A9D3588C60D48010F10461A8AE675CF8EE47E66425A5A6A0D95F1076AFEC6246C3AA635C13AC1E9CEA760316FD89AE2C19FDF696A106BC20B5A2F8E14613A4633726ADC92FD67B6E219CE1A419FE7F397F153C2591547EE08B19C54C8F04B0F6824EABD2572AF9115486479567A77853DDA31CB84609154BA3A043AD0548204875FF365047BC4B7382FD03AF;010001;0;1;0;;Generated with details from sigtool --print-certs \ No newline at end of file +Test.Sig.CRB.BlockCert;0;a5f872f51516a7b95493a152eb79b61d8999188c;e8fe30ff40549bb36227b3b6fa978bc3b7c93a1b;CA5767E912FAC33005614BF5A30360CBB1C194B3B5EA7AE78DF228B76A745AE803F248CFFAE9BD8690935CE5173BB31565D04A931DD2F1D99E17B1BDD35C066F2DD097A87B1786F437156995193D5F1FD49CD855AF0FD9A3BBEA2F8A267770F0F402B28107087142A166C3FDAF673F75518F74DBA6014669FC4377D572F32F58E32F1E575508E547AA2FE25B085B58414562D77F7FE85E92F285F0B52C276A6B68A7E17E9ACBD62DD40ACD1319EE844772EADBACB789A42583953827F2EF6D796292C3ABD2F9533EB07EF196EC7274C17E7FC43B182B543FE1AC4612A995820CAEA2BF3F4FDC4BCC559E95D6180D1B34F51F7D46E40B6CAA88C0BDCDF07E9A8B415E87F57F6BAA207CBC5843D70E5C0A98E643A5E1D8614C3D9C8765B617A1568133DF55FE7E4DC7AB717EAA670E1590569FE0423619DCB062F9E2579717E9231EE44C95DE7218F2D602828C33D08305049BDE439F783B7C478B0F41DB0ADB607429D7CE33E8CB7DC98FE5ECACF21D135D0B4D5F1361BF3898450A9923D00804657CB1A5940B6D25E10A615FC77F68A60A589A2A5BA052FB6B97C22538ED1801D34950FBF4401CB3CAD2839DD3E733F3F0A8F279C886FDE63F5384B3507F03A1A6FF314A32A724D9D5C4794B7A5B01183F7977AACD402B778B900BA03C2E2D52E3A6F1C8524B833701DC6EB4538EDBD516B64BD2CAE8B7AF23312407C0F09421;010001;0;1;0;;Generated with details from sigtool --print-certs \ No newline at end of file diff --git a/unit_tests/input/pe_allmatch/test-exe-src/build.py b/unit_tests/input/pe_allmatch/test-exe-src/build.py index 45e63abf3f..354ac93dec 100755 --- a/unit_tests/input/pe_allmatch/test-exe-src/build.py +++ b/unit_tests/input/pe_allmatch/test-exe-src/build.py @@ -119,7 +119,7 @@ def gen_ca_cert(): # TODO Explore making this cert have attributes that look more like # a real CA cert (ex: restrict its uses) subj = "/C=US/ST=Maryland/L=Fulton/O=Cisco Talos/OU=ClamAV Test CA %016x/emailAddress=rfc2606@example.net" % (random.randint(1,0xFFFFFFFFFFFFFFFF)) - cmd = 'openssl req -new -x509 -days 3650 -key build/ca.key -out build/ca.crt -subj "%s"' % (subj) + cmd = 'openssl req -new -x509 -days 73000 -key build/ca.key -out build/ca.crt -subj "%s"' % (subj) run_cmd(cmd) # https://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/ @@ -136,7 +136,7 @@ def gen_cs_cert(name, ext): cmd = 'openssl req -new -key %s -out %s -subj "%s"' % (key_name, csr_name, subj) run_cmd(cmd) - cmd = 'openssl x509 -req -days 730 -in %s -CA build/ca.crt -CAkey build/ca.key -out %s -set_serial %012d -extfile ./cs.extfile.cfg' % (csr_name, crt_name, random.randint(100000000000,999999999999)) + cmd = 'openssl x509 -req -days 73000 -in %s -CA build/ca.crt -CAkey build/ca.key -out %s -set_serial %012d -extfile ./cs.extfile.cfg' % (csr_name, crt_name, random.randint(100000000000,999999999999)) run_cmd(cmd) return (key_name, crt_name) diff --git a/unit_tests/input/pe_allmatch/test.exe b/unit_tests/input/pe_allmatch/test.exe index 3f0272eb0dce17f8cc2884bb0675b785a8fe7d88..fe6b3dfea617cbea7efbc5f4642d3e2e220a1656 100644 GIT binary patch delta 59750 zcmcHBWl$VomM&o2-QC^Y-QC@SYk&|SIE}lzy9W&fcMT4~-QC^cvcv4$natd+*}A*% zi&I}$(G7LJr`~hAORBXRtF>b0L4(#Y;@83`;(>v2fw__$AVJ9Dg@G+Vwr6U~fVV+F za-3^pz-qxjJDpXM(-1*o;%A{{i6Wd;fWmT3iAmL(UWKJ*x;O{@gw88;IrjOLPnnPkv$B8JJ(;YvWw}Zh1TibY^sD6v^Ju*&Y2OKL_2`AqcZQo zFBQ6^;&uZ>E9{U064DnL@ikxb2DM6dJZ3X?1A#^kc(*xBtaSUSjV$2G$bL`}uZXJ7 zd?SMaBwDUHW$Tr|3_fNbDht>$4g%)MR%f`Xd3~Ta59pcks?wdN=;@dp9|Y&K-ENaT zN5bXfj=Cw${RHc(D++&edq)GXn%(P|VH&k+56bl3Uv|}(RU3YkxX>WR71m}}kRLwx zD{s9+u;X7KjXa}btXLfM8T1bZ?vkF8M<($rub6x&MlLJ&98-%$Y>)!vRPMPVRnCWi zAZd{Jm-BzFrG{b^?nH)@X!?^&04=B-ZP@c_v zX&tq=^J}CB>kAoTT=mo9d52O?jFG*j_gK84U&;nIk)KjpfzBjEbkKo2;^ zqI*}^r?F&+_fVgtoHCe~pKL<^ntUFv%tY|x!Et;VM&ijVj%!$KAZJuG>bIXg`*Po6 z%5X=B5Cep$f)b%d2YU^6*$qmZY<~$X1E8FEXsN2$vnL)lFrqHc=H%LYtvExiYs;Yt zDKnl(rv6Gh+CXJE$5T%uQ@W>3&OcB;rFZu;IKyC`+#0D4RT%$9s&H#VkxA)v#< zzsr>M4&M_4M@wDBp<6QoA7XkL$#!f#Ty1R(=oX=1$6pm!Hn&f(FG8A0ELa+0I3eN26e_h^LFyIVyc&~0CD*#9;@25wBvef zQpYhGmu2iYrZtG4&kauHuIy`?0$`_M=>j_+!xsw?InZ3S-*ZDYC|q$qMtyHZe1HES zkPQ)EEy+;FP4gGA!A*Xk-i^t;j^*j~Ah%}@<=BxIQ!-bT`zR!H?@t7=wH}0!mV)$V#1#f-mJ*-jGyy*eC4~;Z zad5YF+fr7av{qYsxr>mcE*)*v6!j}OIzqtLLfsIZXz^ll*R42mo|^6ADtBeNuoO5~ z#E>!=L8(GUth*+$#H1PXuM(tKI2jPG8(n0@iX;rgf+#|W5}alW&zxHCxY=6fhgV>F zu0AcAZ`@y|;yOVU&3VDJG{W7c+`%*ZAr~_FA?GG{T?1SHt7bz1`Je45x)wwb_V1cb za?K4e6A@OEchs`Iijpl0aMCmnF1Y?PG8QNYj`5g6S)Gi0UQjadEifv8%&AjUV49c; zdP@kePv7w>mtkdBdfyzD?`q&N!}y0H>`2CG5ujeDuEtO}rdmLsWBW0=CeveFpHRn* zFWWQ64etKs0?*wN1PCDXlWV%jVC_eX)*kw{Zf@&qbdI2&idae$eF30VnWk^+kx!L` z`bJ=nw|hBVg!j6NG4lbCwTt)KdZ(?uu-JRNCuW5X9GeUDa=uy5yke2~ZP&5n&AzTn zBMOzlBIV%4)st)~%vis-AKl+jHf$jFq+sJo zX9C(XYgswtD#ORr=V7y&UOwVc3pnKA$}Y+CViaB;(OoI@S5!NwEgHUoT8|pgyl=?V&;*B9t~7Mhxyys{iVoChcyRIruXQ zt!u%CFiyhG`YTg4q`6yq`|P@#aZLd8P>Kh*au?5bwRUTQU1LS32N_n=YiF`6^&I_H zhXPD-=r`loDQ71D=17iVm z#S@2PP)8XqOpzi%p*KTXB* zVJc>0Q#NKMR&JJejgleHuarub+MdJ`g_PjC9H8QGj01s5 zjg5m5$0WwGi)W_=Jzk4E*x8r4M>eaFFGw{Xl{J4zT@n{eC?v|xq7Mgps09%Qv_26k zutVoL*%ggOjjH#}(joXu;W8-K*3_i{OE}_qliPGtyD(0TTZXr#+8#v0; z+L-0z=l{z6BY8D*p0}ds;$Wbs8>+B7&L>VIu9OdjZb(Kn99Z#;4L~qw!qVx@Vv;Pn zV!rb!Nc?S_pfE%>01<38E0zC)RKSqH@vcLVKB%f5*1QRLNDxGomJC2A3mQgDY0mu) z_+Phe`eoPmF~|c|U7Orl2KeZaxrHoW;qnBC_#bFqAQOh9=LoJW@2Q?*Yn603Lvphy z-PN8r0tKy^SVKfZ3!!nRZLYjm#^h!CI|B+LOP0qujGth%Kjp7vqxO;M02UR+z9{kQ zaz}S7e$uHgqqsl9pC(tj>!S2V{i@8izBcFqh+9pcRV%^x9Lt#BtX_a{A0+_fBiS+K za81uXkh&|v0aHpmF_z|TVfa1CvVO8wZi|@Bqh5K{g*6e~H-T^FBxi9*!}%LY=F^m3 z6#3m9%jPtT)Id1sK_hdwDgf~*Z1JolJHWI!fG8IzKD}tFIk(XrPzl8zy@Hmp;P|OI ztAuz?LTIs6h}W^T*val8ID&05?!|p6ZbG;+C`+xprRtia5+p#@ChL1=hft)OP$V7f zlq7f3hKj<^qKaZV9?yw-eR5Hrvct9dJNl}PFWAPww@pi>Q<62=N&paH{e$Oe{b8Liq<-e0E`@baBM>qO|R4gB)g4NZZ#hKcvc$lsaklLw6 zb>P3a8M^N+w`08X7H7J6`yf>TV2id}d~NT%APeW)j;-a(Twfr*G=J{x$qG^3by2di zY3b?(O2{MuE)wOK%WEG9bFfCac$Gj6VP?>HjJTa6Z*qkOzIzOxWqWvr@n$(l1ojlt zC6M`McTGyx3l5K7F})D>EB(`Ooe1~QglCo<@$7VGBTQc_Lb7u-+6y30J>r0YfjV^d za}&L51Zj$(=StU^f@Mw)S7!~$#aA1!Hfn!6yMn>*yplis7^#lg+V;+)KX1X<1%(J* zP2y$!lFyy7&lb?PKx-=N6kkF>dzMf1n2!CFP(Vtk!7dGo(sZG+shmH%_-r%jq^vgh z#OIK}nOdmuJS2eHeliYNXdTsc0}+`j3I?Wo)#Ig*oJC>SkH!?HEY!87yBeMK{OZhY z1%HkLo$flpG)_ibGUN4gb&#VasKF#mNug?c5?^)yj5Wjh;7*zQGcq`{2@9I9UqPeY z6JN&f`rlLaB(DZ;Bsviiz{Q>~feb-h^8G3NJ9ZN{R5t#n$n~=TLcVMi?-J1y34^#v z0gdXz`8{Nc-J7#yux7@jJSi?=jELXD5vRpuWB9+4=?>5zSsT3zMKBD#m)699tZS_- zy_R2Pd(0Gqp@AUTMI2m*Z9)0^;jnL1rbbB>j!%Ptk0pweK+~gn-IyaT2#Lznj;V4C z)MVe#wpW1W`Wup1InZ{c-bp3(ZY8llNX7PEWBP}S6oL4?g#SS*oIgng{Z1&=AfUKzG0O#CY1?q4I$} z8qQX#-~T}>7M%}LK`I%c8Ml}F{1d3&5Bv$L`RU*xlRCOSKw6ezZFCiw&cxHM4UiJD zIURb+@bB{b4^VLgn_VJ>`)wyzFyY7Q5@S-dW86&QAE&lixsu?|P!0);1f}Uq^z+9p zGg0+{7?NfJwsA3lY$+!s&`d%Im!-(XuWJ~klh>a2*#@h@d6{nxjq_n78wqF!#bBW2 z;4R&0e$P>)$HL&B!kOgTSZRd?!?jL9Oi_|oJZ^TJ^aHfFjT;^gAcZ*H&bhz4i)vy~ zso{>Z0k`#XLcBR#r#~VQQ)3=3|NNBj)N&LtN!K$X!sped=v87vMowdUdEVnU9AGyc zeqZYruh(I@cZMaJ^F;pDUByrguB`g1up;ytIMl0A79QXBI|32xOrK7De4?c&Pmjne zg#0chpbAtW5hx}oJ}gWHB!(fG0TM(6n5*GEgL_Y<{*F;}|M1tx!hdHJ_J4y><>es% zB9)5!mXf#s?+c3cPeHN%MNmjwMl4(=Tuhvt=A6dH%w{afz%0PxfaxT$g>wu9jEZkr zbRkGXx%NOgYUxpd5rbsA;z!AJnRHM{;dJ~&;&`k!j&0Tp=c-I1aa&nZT`(w$GCy(z zrrJ}VCBBbD4<`}!B*kt2e8>cS(0k+)!3pxIAAHtdLb|vBbtBzZ?F?~dFvu3>w;#Vy zS(8V9STaQM%Xx6W2J|s^wqzXdZPd}eHgl;+wrmq?84Ylv?R5SqM;O{XHr#fTe>5!C zkD04?>OpxtkO*Ti#dqtsWkFQIS$*Y$yv{-6m0fl|F~<-Mt%2@&v_71U7f{8y$;C<3 zKLWQqEDs>xJ58=S+2WDx6f0Y$cxtNf(hM1Uz4zB(=%Drn1K4QAA#h8;qldA1Y?fr0 zN}{HSmeBtuelv}RwDmib=m18fc*U#%PQI;sqs+0lFc+4t#o9Q<2=V*? z2O|S`(RkYEoD%i!QTa!);>+S#1X!%`fFh8q*OooPWUXzTew1X#7LjE3v}iZP+p?Er zN=OW-W88Rt10aRvOC2_F>>F_E@#`<=o`QA=L+P@-;Zh?=qXLR3Vpp7D-#|)t7HBb^<`;L`{2pI^QuSv6qjJ2`Gp#n&CBWBgc)Q8l8 zq*7kj(vo@O_t@Z3Z)=Q6n>PBybYWc7jrV)TBzN9vr(h~LP7fc3s=Fg7d@PL*@fO{~ zQ3zHYt(a@8It-UgHwVq~n;iDha{Ahe5E`l8RnsB4{rPPu8I>|o&AG-dMA*-8hw@;Y zZx?1n=_FHO7&_9@O!V5``xk}eK{zB%kN>k+h)ATz?Y@JvG{=h|~Lat+PRG2@Fg0z43qPd|^M{mzy3Dk|y} zc9)J~M^64D*y;)zhr{jYBCS5HN%7#Scd?#)56M@{`f&8t;`Zs_KK86)KlmJ%wbZ8+HlyVIy{iW^G=WFcM~pIPQ^^%{Y>EeJ>p?JIw_1ZDBT z&X`S@LLR}fIx~&DJ($DherCH2caUw9D@Zq@C?8#(?^RzuzJLaLO_*UX)}6&W%y@fa zRFO+0dR~f4=`9mNY^#;MM~o9(UO8@>CY;jp)HUxds?xwK^=$st z`YVpt(dO3}#C|RRuH6wLr7;+o(iB#RCs)!YuLJJp?5#DripQ&rJ*KHs7FVr}+Hw)` z&qq>@^agZdaA z)H}pceUxO z&;h?$mZY&t!^;D6oAg*j0YY1SGUjBaba%a7;u0@5(xTpw%zuZ>M7Dl1C3S1>0g3Jl zNfTv}+;ihxrYe1tPZ$_zeH(?wLyY_8ui|Zyy8@3^Ry#u`n0G@-zvD>!4@0rP*O>p| z7DXU=FA;ng3inS#!Mqy^;@wane=(GXP#e@IxK9Zrkc+gH#bB4VKFfFW9kV{O$bD8J zA>#76AZTE%L2!f=vnFMa@a}8Nla(1Mtidgi5q6*NLMk|jP|_o5t>+fD^aH+w^QV{yQM0jImV`yCD}y)bFd?e< zd9db*D;^C8)*}UljEQYyHZ=&O7wr_RvQ)hd8Ihw9b=S+mcx{3L4?)}VZG})cXHq;l z%y(-5ebJc|0wcxg&YIHCKuyPy#FEW`hKsd~s&7@$nK)zfe(_vMNTt%Uteb3pEEsJPunF#r;tBoK20J)IU$u>BLThrVgHiY!){>w7S zGru)v>{wVw*GPr`KCw0FHxCM5C9gJ>Gp4;$ki5aa8tNSW?+oP|(SV}@YK-;wlKP(r zq@Zm;Nzqr{hkOg~L%yz$As;w*M{}{yzpp8_KQ+acT)hBef@s3Z!pdySYQ|;qo=kC? zd|;}c1#dgPU~Gxk>m_NroHw34`DXu#2KuC#i z(egC81B^YI0c6{%g>QblJ$1BgC=^2~^`QVPp0#^-uxsL)KrSpAqu`ky!^G3`a#h8* zp={6h*59rnIa9#z z)7W&u=?iRUhjh+qyES-4J+yp{6WKWT*@IVwe4R>*-zSz^6}w?)>kFCRIxOl#-LMjV zP};^OH(p^A)1b$+Q8GX=sXb0c)dEM7yl&6x;Vuy>tV;Qp*KeF(2i*_;$|LDnlM`q2 zaArc$@KN}+zeCAqywz1}J!Z%$!Ql?ri0MBanzUE3fcU(3X2o&1lsInCCWV~dl(kh7 zoe1>x#Ojt|2V^KBN@6ADybDfj-Ou3A`UEaQt1bSi87J(zv?-DH;Y<2a!S9O;zq7TG z>q3ig+@BCqvjucqndw@a0ew=}{cya@a9N9TBeQyW2>0h;7Lj6R&!xIQBrvhSD%DPc zKQM)==nCCxM<>A+)l)Lecl=_af==nqB&lZ`#kAGringDUIqQ-q955m-umR1u5E1G_ z1_6 zhwG*2G_3N?zL%|QtcQI3JXVkT`}l|cwmOId`9UN5*EmC|pwrmro<4Xey`>62t2Dqy zNty}zA|1%*$|6vtT|)y$L=CpSTbYRk-yO& zyBY;zpZeAhl3ng$L)Px5cTg9>8D8zclb0OO6BKmWLpsoJho`;C?N_&8B91mIh9lC% zcy!E;q9X%Otz?})impk<)l%|ah=IzqUgDlB4j^=d_xqzks}Ta`YB)^O>6zi2F<4Ol zhAG1nuz#NM)i8olf&HZy{UIr~4@q4nOaxbKFTHJ}Y&MA`&O@6$4k`R{Oi;Ua9!lzY z)kgV{lIv#;2psmsS7$#B-gdvh zMp+*vy7uOliF`_H1yJD4^2I8soooU6OugiKRiK}zW*9=!T-<$o03%5rG_GI1D1$RA zLq+Az9h zpl@6#>=UvUJ`t^>3|<;g_0{hS?6~XitTbNp(M|Zj(8T3D#;nGv3FdKWMaee^{5&;xcWckuZQ2{Er_6HqxY7XJQJsm=p?joJ|>4j2ydh(eV zsjtK^8I>k;70o;^p7dpGh=vNK<85DYc6M2l<9{QrYD7YM^MJCRtrzw|+OJW&LCN~0 zg_d5(iJ}ge$WIX_@s?DsQz?(*yD>`atf^eKnau>3`%IPiIdGAi99lE7Dwxkl-Idjl zsCo8(WxxmS+~#HOE$Shx&*-2|(3rFx6{p>zUD%v#3%Tadpt%Bq=1u=u2#do9tiKQO zl*o9K#&c{c`4364{Z&%XK;4v)MRU^)CI3XJ_alE&s`yTk{5lX4_CCHlGYcGrG}V`x?Dab%bwoh1`JNNYEpjGACtu-q2_AC~cJO?nZJMex0OPVCKZtAU^j} zXoBO^5%v_!5#@RZLLC_^d;(CeO1VM%LQ%$H6m{t9ALkAf^w0o)?cEUHiew7Ba=0TT zuwLwZ^TW33z$C3FqSV1>AZ0!O+UhIM%yl5ZPmrOwdXfIv>w@b+kb_`bYu@h_%G=P8 zzBAiZ^R*uSr%g{uQkP2#-@WlkdCml8e-eafRbXA}#tRUNYqjNZ|MKVbU5lxCB z3)}qby-m4VQ(`~p8vlRhQAHg8XekjSu>Vm@JyU^c{S%|Seew5J|9wWW|H&x!k5I~l z$%u`^oWtaOF3fJiY{vHCs0Gs!`eIJtRnKV|I&a*{)I>9ii@;B>!1hlv=aeXO1n%^U z<{mTQ*bl_x96q%bN5IGhg;66e5?0|pUY!BaRlsTfBymH;K(?@Am5p5>z5j==?=jb2-gm}zmU(k`LCaiv3CdevX_+M#q(Gq^%k+%1*uteQpI&8a1d3JjnZY}0ZkHM)2vb_Q>tqgWnR{UsG!HZ zN*P)fq|T9wM=`J?7tMIb$$B;0OsUrGMr7`JjmEw1j+v<@OUz(HX=v&$#K966$-f1C z+k5HDtSm{e0zz7Qg)&p^fZnVhHDuj)co9|3M5`Xfl*lUpX6t(0>BR#s{k6APy(9Eo`*W zoz(q(EsS&;HWvMq)6-_*eR*i?xhZi#(*JH3?3MwsevVSLqF5^t8aLW+MEiF$eGuCY zK9jhP{h2=uGg$LCh{z8|Nl3`K5msTiiWWtVy|yY>AR~ghSf|>PNB)Fccnyku1wLE! zZzp7coDDbLgF&<-XXz47Ur~LKkisgFgYEg*1}_+pVdU|-?V6azwR->J?KzWlE#x(@ z1PUB~oX;uM+)f7vmJW^AE<5G%+LA6)VgCSpR;-G6dfXuQ>r^8TU;~&G-pJ<6Ab`de zfvQ6lR-7VG^?-n*cpndp(-vVIfiZIr) z6gVobt1ZU7Vc(l{!MbwP-`IsM*0cie18KLqPY&b8Yq@AIY}$ovn2g7`vUN%sYN@_L z1{FWV0_~HS&e1Uo=xSzYy4-zOok1p;&%GuH%a%4alUOXyHB#A@K!jE7>UtCH{QB6W zH_of!GaiwmwpkvAG>K5yPg10{6x4DS#Z)^oyp5Ee8mjX%Mav^R_+e>2u~8EP9%5F z1vB1&OrEP5N7j}By|LEQzai6mq~tgJ26=CKQc!%v*^gnM!*G#Wf7s`f4vc|S#Uv?J zaC2y^%CV8nJu!&YRkPA*RY3td?vbC^pvN?J`V1JKt7!&AY0`BPzS~fRbYSs^%dDkU zn>Et#ej5e^z#UEsQ~uYEdSA?>1pnwpe?W@;15yXRo3rL4#@-~>?Z+$Xh-9&!O5pO- zhxk}GaU4ss_%uEsC65tTZM?|tDT@J!+|#Z%J9|;PM~6uizD#oiCpFx~LYRTtad0ej z+cOOME|L+8$GKf@Q`bSZTvu37ilS)Iz=-vmW*EYds;7L{QI1rC`pai!{++(hm?K&- zgq$>8$qX*^7Q=KJain@19>yC4^VbqhJWH3>Z`h;2{kXfhOB+8aiM=d=0yyp8wHBj%n#T-m z$5|miXjJ^+{!)_#&TD!KOn{aH%J9iS)w-*U?}_(q~4GG390(a0!tgaqIHK%&JeGN z+nSMNm&+l}p?YyT=CC1-(&rCIf#d!9fP8rXpc z$8i__lX%c4piJGnHmeD|qzO}L*(;LCgkHx08c8plbo-YK<<|F47z{s4R#W&y0!Jzl zk!G;^14csxbKwAI&MtRFn`LI4ywaZnofI-}jZ^}pvbl7W9B3-;NKEWz0ihARKT{Gy zO@@7410w~QQOj{d99>6$tEAV-o(DOsMe*2w&27~q!^`7uml&p9JB3$uc?}<|?-LbI zshe|-1xBy C-QL41f4P8^Dc%grZiyrxvt(#-Hza1Rv#&*0wXuWIR6mVq-aN5`XP z7jm$DgeQyVE|7v;kWblO0p*eWE2Kc(7l4u(Awh&cCVPGn4K`z7M*omX(fmU)iG}+< z-^2WG%=g~6&e@Z-_rU%+mBNE}?=$)LImPiOr#L>gq_~XCP0W~>Ihjq3*o@iP{<0;t zJ4aJ14IiL7ooZsvLXY4FA!x*P=5>x??;$9~zK-Zy><1ak=yYP`2T|+}e6YOZB)B!I zxP_Ie|2Y*4iV{^s_TZd?q9~wSRw9%}G_ntObYIOphJ*X}=~0^M@NhAfaY5)B>01V} zTvhS$)tELfGN%3IYtq$sXoDCulL`fZ9v0+xLb>u+wJJaH$c>*l2C<(dQ!wV2yI%%H z9D+^sj)}gqLkNTmM)f0jPk6Fym0}heVTm`oF&bm8!WzM0MIXNjlqSXU*}zlXg528R z`E)E-YWurFAXQj0jay7Un2!q8~p^ng!i}eTUhlU_z2x!N4szjFo5{V>% z`&uVKbW=n~3_O0-xG#sRMzs>}KWL3-DOYS&rYW9%@fBU~L=@c#7E(5>d;DH3`+0IR z+K6-&o8~+4h{}xi6l0H~akQ}guWd3@dXdp8mL{}@S}w4B*3W1sFJeZEELjMd)IXqI zthRlp;{p(fP&cg&;$^#ea*not0J4#IbsC%a;pyct3iW_~*Y>2H?Ht&Zg(v-@`Eo#h zRx?O)68`wxZKFq6fENApL?_qfF2l?u_|`Ws@UH!^qRsV!^t>eRRvrQ6Ji%9r%jn`1 z8JFeioO;!`I#tM3JL^TTF(p9O-mQH%eHx1HA!qqCXDNqXGX>KDLYj{#)m=ltz_JMC(@v|JV3YgaASz`G8 zGvHz;gG1NWV;M}RcK|%GJ(D5piPVA`AcRR#sagoyuKLBt8=G|7emaOP1v^zlH`T9K zSBim0N{B(-zM+LwoqjesLVxH7##H>{3l6AK6K!jax+V5EDHfj>3U&BmQ*t~TYKY?qFa}oJ3~`WPt+H(&7|^EiJI#F$fZA~e zqUdHuH)2|C?6FCQ`xWs0O_x-k?81KfqH{B3c=Xg9moj%{4AJC<6q?^Jv3TP$t|lY( z+k?WE>xUA9-eu?Y+F6*PNnTg=gZq<3lX{K_5=*B z@ROh{&8c8x59S;$>*D}xPEoWNK#8DHauSAPJ(zFGG<#kd7O9QmwZz5FHmoAO5U*M6 z{HtF2a|*vGsEN+qlgj4~BDZrps4VL|F34*R7@L6K`#Zm7u5c8(Yxp3y?7NqlMn9K( zjLNwp#m0wTeNlb+)(C+D#I*Wkr7QhlHWr`?3OWIcX1TAmD0aiI^p>MNMzjfbH?KiJMDSB%c{2c|S~ zfWRdX(C1PB4yZH6QQ8lAH_j70=L}ru?t@w5sdZE}E zX~ENTqm~MGPV_k6dz(9c`XuThp8#}*HzEUAtyUyeiDy;%Pi51&1`{r@v8!p-AzxCuTL8PG%?E+oK1$;!L+Cqh;Q(#0NQc13}0wKPl9`Qu1l8nn?n6xG8s0o!1!G!y;4m zVEJn1ol9+xYk%P)iI^^f;|cI(`Yo9gZll7xu_S|%pGjen4FI3A4&0%CuGH6NE7^dG z42BsLDI5((G6^oD_m1E_a(eFB?(O3u+YbtjF*?9B6#(g<^2Wi_sU->o6&k1Q)&xQ} zmm+R2zCRHSJ7De5hWtchg0$peHiLg(do`*qsh`j)k#4_hFoHzFu*#a}KhXBSFyA9n z*O(HmLY5TBI2n>p40;=rZpG^a=RL~^!PoHW=je|GK~syXU70K)%o=tVrjnSck$-Fc zY4L}pIRA6JC%VoYlpo*y{huiHe&SC`T>>ZGvcH}*D$(IBU1#cr@7%elK=H&u1_4EuzL-;)GXUfy{w;VYR))n&vrUJTv^x`De9GxjmImZrTU555u7$ZoS zBMT_tJRcyVmwrFkK#Z3p%t|H29;EB}aza0rmx>x}i#H&3uF#En^)3h~NV4l9>v<}% z8Ld0A25^egY&XnQx@C~suj9Fp8n|gWn8!_;cliJ-)VdynULt2?Qp1Vio)u#rO>E)s zX!VenGfoDyT)ZOAkYB)<@&{q-udS#Zr`=DODwR0QB2{DA>DQMGqLCEmT2$#lJ>* z#3q3Cy)Q(34ER7f_W#~e?-Rbb2=ISQrT#y6rQ{01|HZCU2sz&c`M>Wd&OaT+`4LNT z8grYnvzl|UuyAl1bDEfa#8P!QxQd3)XJ+`EyFXaSu9Bqi(Z*w=Q;vS?F^8&W9WX*U zV4p&@@qzoLT+q1W)oxkeeNK$BV_9AyAr&qHC8TDS(<9wRIE@qk>DBbZfUy%YDqjMK z8l54123_KAt})^80GZttJCkr(y0HNoRa<(^7j+fYo$JojNe8N_J`C_y!f%N1T6k9a zb!tBiEuCOk7q3hpS${k^2BIK*%dmoQ^ElI@PlP_g@-eFLYoBo`lY9eB>^vr#7n%zk zX$WGE?JjBMPw+M5qV@Yi*8IL(nh6CkVyTUTXIP}Gt%=k96CGcCck&nmZAtS3q@YAE zP_G_|!Br2S!0M#h5qf}$1lT5O2zb#R^t|HvY}3G{rzzqmn!b)yWj2f~$?i-QNp{;8 zFcs6_NNXup#bmquA5M+rMQj-KIof6>zct?7QMd8fj%5Cob+ea)dL)!9Wo)oz0G5wybLK$@DDtwNg+6MOQ@JAKNOp z!*rCk=x$$h;Z(qQbNbLfBo!uW)6ctBGTaEv>*{%s=%vlV;RrJJ<06ALRHh3Tcf`Wg zRAIjSZa&#FO;jVQFy<@Qv8&wy%cWuGC-+1qWDWuTb#^z%*sS=3&G_Epc9FNrxD8fo z|NDbCwD5A)o+GClT&$-qm~R}42{OH5u@k`uTk4*T?G{bQ_Ay;jZ~!aw;_O0HqTsrEta2f8$;fqfgPYl}1ep0(c^y}HY3{EEw-C%gM^wF>=2zLoPD&O%M+w@@05i}(SSi>RyO;q#nYPF~`i|~No zwV8xgNs=aO@Ng*G_=e>+mz7@6^aHp3 z+{&k?K+FaDHeF{y#~V08Ub>~IZW;uOVI-vH)Xe&d z-7l^T2XUVLiqBVG_ufa)AoQSVmIaL`?u41a-$Jz&4krw2F5>m$Y`pgY5OETQ+Xm!O z`n~Fz(uus&SnhfIPa*fR_-OXoU=E8l`XGU=lQu=%7;yF`K8Rh`Wwg|Ws=M^@_vo@M zFOkVjG=4*vniQO(r_VP5|2nD-1U3`QaekTIF$39o$>hxiH!YJNsE4+d=zE~Qw-Wvd z-V^`E&3-hBSTJLDuz;~=YD3>QcaQtz$K%@&O^f8ym0pOb>)8xIiYkV@a~5$>&>`_C z;P(ox+IIUHUW-0sXCI@s^Y1q4P)j~a5E+2m0@&}-7ZL-?*?2o=%=AH`spJ^!ijCNX&s9Gns@wf#oT+|)ZlVj{%f>?&9H8U+I2f3fM(o%8Z_xBWjm>)ESi%K2Vy+MgLcf8{B4R&I`*FDK^SwOcp(fV(IM*a!$5Jez zqMei<;PY+9s+hQ{OQw{7l;-_)Q)*fHAE$fWG7$fxj`B2t_!o{Ec-k4R_I8D)5gC5ABiJ`9lM4w3h`2LUcM9;|uo$u?@Ar`I}4BSN(X?Fi{316P8GJs^L0E3`tlY_6%ylt ze2pIl>ELH6X-=jI>UKsQGGmE}%Q6(ZG5XU{71Yb8oR)Q0I3UXLj(i#S$q*KGX4*2F zVPsjR7*C1r)A2K1NV}Xkfr)swz!D}s*gqI$`9uhc`x$f0a-a&~_*J{Ot0|FQVJa6k z!74Pl-Qhyz^FlN5%JC0OEuytxEGyJ>1-&ZWEsPP6jn=r;?VNyc? zpxZF;UZ?BzG=lvidNMB>5b)#z=n2}c^oATxPA}>#Pf8!v5ua=%ju^`=*sO62Cvl@C zLfFC{+C_63WCC2|Ls31Cr5q_Gh|?q+du zjx$u+e5G;hqpQr70-q?rYx9fGt;DkdV2=SG%wtJaofvO-j+7*O}>ibkCp zveF1gBQ>L`e{$0xX`npnU9;02pw0sEl7QQV<>5HobQ5x`5nAQk6sK>(QvVtu&BfeT z^=uPYJ05f2?e?hKlU~yu-tS35Zes{pAUyTpkesFsRgz&L9?{P4a|D>+^eYW0oUkU3f5JjJY68;jtttw;FI)VBX;Ov^pl=@ zu@cpSK+`7ja{`q(gEu&cR(%m)gY$WiNdLDO_0f+0h@`kaBB^tI{wpHG@@xHK@wz$> z3p(!C=cQlTpm~vCaLs~cYm6U|GHa$LN+z2=8?_Oqvoa=h) zcErG_s)3g+xs6^MkHL1I?)+4OL+6mwUvSl5HK`Hm>ADth>Y)ZNJ7xQcWalmSrb_&! z36&sS6PY12lxJaZ&}Q2(q(w!7m7Q2gHnq97t2wF^c6kb7$nx93d;S z*q{JTw;q-BcT9`?txbox#n$ssds-ws8{?|RH4NC=te*^a7PlnBpU^CPd2Q&TJ&E$R z5p5kyS$McsN<(F_nxekkh8>$2iV(r|s|kFcwqc+ef1+x%P$ket1W+|wfyl^UXM9FB zSz!S|XFHXH^MwQ^OGFNrYu{u11k13 zMZ5O^`;cws+_5>d^b+8*naxosE))<$3BQ>wAVuUvH}vT`UHr$sm8M*FbEinUryQp{ zqlsH{-DD_ouWTM-1nX5nX6641qyR?Cqlu1P^2eRrVzn^|b73L{lkm&0$~Epv)CTw< zksxR=JAM;_&10?0w5ck%BM5W)>W)NzK#J=>Gb!m*W>FtK!GV8*)cc7)GpYHD+7pWJ z9m=~e_;ZQXD!6a1)h94xu^LZahB$r~yV)O*ieLP+JU4~^dEpbCbQZN`a|1RSSy5W? zTC;6`qLg$YI}}F^NPN#exAMVlgT7~G(tykum*HX&RjPR34?2K?tk3drR}g}-PoCq0 zcq1bBm8MI5yZ}6>gEi7m8o!yukczN|j?g+jKGw?a+BD#VujWT8JTE*8k@#FKK8)z5!4Pg2)%MN(X!4;s2bZaq!baxBR*gT% zCbaGA=^)dUv?GdYp{h#!q~bNQGZ-mqAX+03r-FzM5*q}>C;xGXax@v(>7ue`(0T#@ zZa(`v*Yven69Jr-{9|W6I>o&3c>(dCwu<}`R#w=c^LlfFRT=B$~Mf~}rXh3Iav zK5Xy&n|oDwls_DBqtWXraC8Qyfm}L7rMagAQm@tG*O!HmkXh7M4y9o_Fu}+;F@z37 zkU6;5I-|8b2?zw@&#kQ$FsBOuPnhk@Zt-#dy4DuPm*%N<6V!(eC@74HTM-y>eW+#X zVcV!Wy=JPQ`vomm3I<4m4f|kK9ybTy(T~cf_xG0F_c54(<#4;v+9p?jPg5c2q#N)0FP=i2F~J}$2(%K;jEbWr;hnekwwlAc4vCxD`0 zahdEM!g5A-qV+47_&6j0?UpEm$5h^i)Vs-+z5XOi&5&u&Rx=&p3n`>&#|&H|VP*>% zT6j*V1&$8+6sA;DwGB8t{AdbBsYqu*3I54h{Ae;Tlmk=25vOtj)-O6`9+6c&kwS9C z_DDzv3FYszTj=yG4tkuvY0ngoR9Uo;hJ&0+9Kgn|6n--C+*j#fN)2Z;zabTWRC)6~ z-&sotX&jsVX!0C}{Dv&REkPS#DU7gazN)2BlVBXS?7Y24boKgt-MZ@He9fbi6oh64 zOw=}-#ed2uu^!rTMwO9aEz9N)X`)tj?MN|@5Rkrx+gP-9>HqB9a=Ep0P=L%oB{J56 zFK8er;KU+)bZh8!0)~ld^$d7pI?SrlbsK+>d6kb>iwEb`{SnAF@-WQ&S@uFu6vbs8 z0t?-#W}}|pZvmper|Rj3;)hB2FP3&W|KN3l>F~7qDl&q>b1hSBt=${1*o;K4)pxs^ zfl3|rVwFIz964Z{ws&R6J?)7kS@I^7NW6VWov4b;ryBH*R572U%RRt0iAPM8@`L&E zn$pIEpjJ1dAMu7vW;Mb!doWYs+naztHhC%1Y&8!CDxtPwXz*g9Q6>%Scb}?StoX^* zKu6+~a{yM&Lz44FS=ZG>>ow{UditMFaf%C^f8fk`MJjT(xK{IeFkbFay$0)`oUg!HQi%n|p zo?#rZYED9~>yLKhUM0>5EI!mSE)-_Mc+V03F%c8rhkWenIokN)z*~QpeJ#M516Zj_ z`|MG*3{?9)#^*u8-1)}}TB=(O^TCu{SgI|pDdB@qe}}5FM_ITG;N+VBgw%iC+57z( z{lO@%-;4@7i8};FeNXwN=v7qvBsg%e1b)_1!?}HMVoayw$*lOBQJFD?R{lCw*IZKb z7}QwLdC`yTqG#F%H$~NBW`*{wqj1C>+I2XIRD~S_9k18cBhR4+2P{K_Hl>Y;d+9T@ z1`Abdw5tcbzKB+KagGeW;ZW8o^`!^a!l{S?<{l9epL9#^TMfh3!{E=2RIja=E|6Er z9884Mu{E_R@i#&U09>TSPbUq9+ZywgFI`W){I5a~l`Xy08ctAhHxsof7 zbHJdP1#43=yZ7*rWl54p6e2Nf*!kMsUUBEQf}XnFmZEAPd3nP~)0Z5>_(X>rHNs3E zAn3)+cT*<=8BYk53gpzHg+w4nG1DM|L$U%ti%dm8B<1()0dBC8*({|wF2%Atq_64H zB(^uP1lW@19hUd0emH}9wCJv+Rs{fE(_^H*A~D#d14lRMQTwi^mq8le2oD5Vw@&i~ zKs_8m6xXg|Zi%xBGz%#W#7H9HJ0|{1eA@&%fml`D{W3YQE6%SpmDX zS(^w}Tx%2|045b1jC3a;Xk&oVfsaXu@av?nrWo!tLp`VttBr))!aD{0jY#rU_z%=z zQN6A7!{JaXU=UA1d!FxM_t~DRoNfBq_hE*dIKFO@m=4Rh zcnA4eJssW2QLJv!-EPk6^ymbl>IQ=5$ax9+;&v7*K!rG=&gKAGN1^Kd2cx+Db4+Tt zITWsaIrGOqIqKste>$pBw4-=g3wwx%$!^}1RAjqF>}|B+10s|L|$4Jl^UBSeTU+U92BlU2(wG@ zx5a;z#zw#1TK~+%D%BJHpjF`*nGL5~l|tQ?!AzfX60p8o*Us1c@g3YzMxPU2rBA}a z3ZU^3>55d~E8Z>kbc~sqOn@8k2gnLqHOyb?X3AkOEENGkG1abljk=>Yp-)bSYY{N_ z4QiH&xx;<|`%33pI+GB5ZfWU96cy&LyS(2pQe?lHt1G82P!FtOf2^GV?3S$nz~W6@ zK?99INk7)Eh3XX(wH6&t=+BGn=msknp`^*ZpbT)}6B2H9D~pE~Cs}r!0wp~A$Gmx< z%KrwbkIo+PFyvn=Qvb~a+wneh)uF*E*#6tj^jCkGo7i!m1? z2Rr9K8hZ!Q`zyiaTOsRM{ITD$gF&DvIa!iWR+(LRMW}UI0wMdMTHBTE&WaLqqDtdE zY3U8}+ZsXo<>$fCod)(KWb;wY(3E!efns(>4#O$v!qK8PVO0-BrN4F+LLl~X@;#Mb zoltpvwwJDlFW=y!1cyOny;WzAB{TrfzNWk@LwOEFXs3z(K$AD$s6*7nGJZKhJwi|LD6uCo;Wa~`aGpMmwP zuRifXK{%unN$)Yus*;L;B3e9-3lAEL(E4*b6d!%9#`55)lvucuoeMt}?y!GCo|ff9 zsYkcYOgxkk@)4F?QDd;`GCUtA3Y>tH8yA35tU&#{HMwDj>iKDg1Qz%kS(rGUmcil;13db}wFbm*&)i9Wp!r%jO2 zDqai{$io4Z?2?S7ur%Ue{Texxbky4*~o_amqQz;Q#a~1<4WJXczm(vBjFfjew~GBQ5Eeb zi_4X?Iu*?K;>9l(m>13B>}cEfGqGEhZgTh;-u=KvHXO?hHJcj!^!31ud6;&1zhnx` zY~nF!A%7Bn@%Siu#;!1I=>>`}lXj)Tks&Civ;qR$bd*8|V*MY{NsoFycZ4w26S7-= zr&?GM#f8|vS#jq{bXTRN<_RA@9aiM5*G%~7+vz7vIaM&4~Wa0J}7qO zY>%JTM?nNnx>r6YavGNG2hx1mRG~mgn9A5oF>INpvsmoQPyiS)XmG`Z7<<14rwxKg zm;uCN!=4R9#azF`whHvH%WP+_)%r^jZrDwk+(4+TapX>g7t@ahGp|QC3W4Ubo;s}L zEriS4$T;5<@m$&O+9y5nP06FT3M_l8tm6+`e< z#2!401SV1-IFd_fBD|QkVtmpR#>!C* z#)mm%o$~^o?7Aw2JaL(<=0`)3Ap%Zu)P3unW_{+t{n#i>9kBoh)zF@xv|bQzN)HV@`@vuZY9WNKNfcy88lK+@MUM_nVawNYGJhry8` z`knk6BT~O#qrXDxggCFm0y{QkVVus7vX!!flik%@?;)={YYzH|A@P!1y zr>@B7C1%Sd(xp%p%{D=W!Lm_%M4)laFDEDA5hdS?6!9PrX{Ye4jIq19zR+!Xw?=M} zzw||qp1K&|4!H=jG77b#!Caf`Wn@Ed1Dw5_>$gUm7)x-`oJhv*2~`OlD)xQ5w~)IR z)2_Pm8AhV!Q=gm?3*2N>>aiu5dLHvQaW#zfReLI-7FHF&{*z1_=egX4r9Rn?HZYMpD0K%rqi|_hRCw1zSo(_^L>=7;H2701xpp=- zYMVyL9JEYk@thZ}@y)rVKzEW6q-Ib*v^d8={+5k|?z?A{9J*U*Jx_cW0gF_Eo5uf0 zJ&O3w*TiV8#U1yAut*uO3>CD+w|Ki}JVb=sxzN5*j|hTBk`{g$#Dh_}$axvc>!0W( z>96bjS4e$)K7YqZL3yX)qgrAu=l|)bzy0G+M>P%HuSXEY;=kh>!~MJjxAoDUEJdWo zXo>l}ckbsLqx9QR2+jsG#kk-mlJmnzY6q_Z1+ko4|l5wx- z%ro!&>~A0q5Pz(-)=O4Z%gPMk>k@wjD$*cgws63Q<5jrDQnu}zN6a;Nm1J%bLd~>! z?mYu!@`y=J2*7LZ3jmQ<=V&Ae_}WNIED5w7v4A#L)}-YCklnT15rp?bFE)y%>rLV} zBe$dcO1@KGl5VyU7Bp%E2KLI21|m1(njmaTnr>?95W6s1y6aXNQA<+j-jE`0`swR+UC?zZ+5Vg37@ z`ZMXAndvvDjJS*qxy($sI2f6@SeQ*2|5le02Ruertq^=s21jN+IuO{Ga^G|Y2&|2M zQtkYdRvDJGAT>PqB1d=!y&Xecp%64l;`GxZyy?>etKOad0gKc$8f2QBo9=V>`8KfF zmX~CI69ag6+^^~S6T z>;NOEqye_V&ok~bjZRm&-D*R^I61|{yXEd$O63vCX<@$G6|2#5`)lwLoSGqw)P&*o zz#ZnxFcc5D`OojFi$BJ5_|;y6P+eirFQE zR(9?GRiG*1q&bTTcd|pWW(T|4+)y%m?>v4yo?Wi7NlNxqX#3KRW^)+(h z87!;s~JKn!F#b8gJQ+phK43F&uNj{bO33((Kt^&c7 z<2nQWaq-O*qr@)C7e82nDt{6d&A5DW+0`1goA&wUe!2nVP_p{$E6CI=eu92|;1|sU z0_te@0S86oh3tYEASdH77_-?r29u*0KRXq*l+gVM=JEv!y#^xZ7+A7iaBy_6^QEX1 zz&GUQs1e&HGY02Eb(X}XhF04IzOBy68VkE7+lnu!lAn}cabxgKaUcwz=d{cVah!=~ zu`(uD(TjhY-nn~{$UJsVQhso+32Yx%;(~= z1Ago?Xhv~X$?=ir3CD@I1^V`>QevBj{PcyI3#5AVN2RqUPco#Ef!C`Jr!O~T1~8ZZ z^A}l&kH)W>-AHPgswQ@wuRMF z&FDG0Vqq!b!`4XEg9K^?zkEep^}KGd-3vyU{1J^}!BBT-&Ddk~j_MWDZR0?Rc`&tm z@f&i@y_lswU*C3(ZR|i<9K{P%P8ho_i+d#YjC8a9cc9b_q` z73QLLih3jB4%VdsL^gIBNV)Nbc=ETWf|t^(1jv`}i^@PEHH6})rUg3}7iLs{U9_qy z4{k2fWS+>}FRb|rgZR4NqElS`q$lha7Xm_P^U>>$nykN-+xKLA>biwk#79MTha6^- zbx+=27CW{9kNRKF_{F6XE@( zBhFkn+&=r!=pXwcoRaWd_zL~7j&$HpyTS~5CD`C>vN1cJ97^WfPGUDa8rKh>Njx#r zkh&YKrH4WRXXbd9qK5-xwG3zm9K9nsaN)RCL=OS0l=mx`?HktYtcYwRpq=0sOTh>@ z_~MrTlmh-DoS^Vk;H6ud<=!QgF`6YU|9(9ic|2U28_rYpLCIOL*=czV(vsBuJ^5^K zC;x8rtJJ}nS!$Xw{AgAzAJHMeMVF5rQm(9!U_1|Uo~RWUHL}D9*6W)BfTs=s;f5g< z#)qFBjP|TAiXBWqgQ>0>J}PLR;uZp&71bduezP-m7-_q%_dUCQJZ_u75LR9$ci)Og z=%*K|96GZ6n-*`Eh`DE@1&S3J4v7IgHbqymyDoSL*|{Z(g7~^uUrPwrju7lf70X#S zJO~rKF?y&B1s{Rl4>G4*meZ+|hyRhnl#Sn4Ez`oY5OVg^H)EgmY7qhWL|{K6P&L3^ zp`|daE(n^U@)`0KHt@HDNzS4~zQHoh<^0P(JjL|C3R5{-dPokHn*Riy$;%JdQo0B%uQ@=q48D-G?U4_SxN~8YgR%abb{A#iD zA&$n*8E3eH<~YNzONqe5_#39}DsuSL*2OYO6K3eRAY#MS3&#acDcYki%t#eib_=_N z(RrrPiog}NkK2(ddy_3%LowbaJO!e^{H9!KSza=$y(BmU-H3|ye|>M&IqR=sjy;)r zHpArt2y>ZZS&wFY8+DesdE}+@!)RCVQ;M4UjEzzg!>~{iGh+(dOB%On-$o~~oP9o5M1r_~Y_xC=1 z?C;_JU+nME>OlXCS*dhKD}?NS-%@`joHPGUI7c$$WMVNfGBGnXWie!AHT(}ti2+83 zz^C|VBxqP~-WM<6vigxnj4_AQd&Aqluj-fj=6^9*mvMVUt)Tuk>H@d$l30d;(t151 z*8@x#WF(cUim<#)0L(I%D`;*vL(TK^Dax`eBLJlXLT}2b!egI#wWdpXhnnVySs!H+ z51|}x6TRz^qRUr+Z{WM;TD0~PcPn5hoX~4pkEJy}S;1PNl96Sc+#%_C7J;G^tbe_D z-I&E-2{R=6>zOCHdJMqlY5mCDdcvm^8*HMVZmzsiuM3~$`JKb4A&|H)mGakt2BqC6 zJHN2**ht80zmOo@ENMkaChs!!mMCs3I+r~{pN`()i{TvArdL(JE)6+R`} z#i4#(e-*bDvEMNXEUg|MGi3oVaG`v5AQc&d_xF>P<4#-De5| zB>yl4l8oZmZ;88!TD|*B(k!DChFQrD#QmvStB?U6jP@s|=PIwLtD!CFdBnZq_tA5> zu58_-b2lZvIITlx>Vc?iFMF&>?shamw+AaoX9ei-hLF%R*_7qC@Z?}rEiqibF$H=A zj#TS}f)SkW3JO%dBS$N%BPZ+Ee&ZlpJNXpg9F;a-LU}u4YW3C5-(-fG6ctKzusA1g zM)v;E@vSrjijZ^qFqa7ZJVYhd9o}jsdRAO+$I&v`23Vs9-=h>7B|4&|77BH$?iDC@ z&{ctC1xd_a*3_2dAj{jLtu{Ta8W8sOgAsmpg3xdiW?tL0dP003ECW;^`MZZBD`iFI z>OsCz+`b3HJ?u8#Ic^xsw;Z)`QGyUZm-}7Ak7;n_unI*c#xGr!c9miUtkv4cVH9ka zK!lyCH(U0IX(CN1Np1z+@^odq;AMtoe4yvWhj!&Ox?sXxL6DQs{q5sA#{lOAxW)eb zU^4>z(JE59`$Sa+%^fMMujLA&o{HNX`dJG6+d_g|b^FW8wy1`TiV{V~Wc)l;L?|!c zledSnVHS5~uDz+*9zF21*7%yVgW-viWdM_Uwo@oy8qH{8Ryp?wrTbz>~vezHI6{k!!d?VGY zgy-jRFGc3qN7pF#IuT&NeD}AUDWXYlVI!Emig_+cL>YWwyL3b^;($H1u9>d~DZ&#U^MNLbU~BNEQF5|XPMtxwZB`t7ES2jwro3B& z%^%XNE^5HY4-#dFY7HlHWJFskwC^H2A%}3(zlFy4ANYO?8VmQI-D}rM;lMcd^mNB) zdkl}HN+~tSd^+}iEM29TN0+B@_!&3qTI#t0Gz180WO{|p=VrmOH+hW6PI@wwJ#8X( z**^Lb{1wl_G^>aRmT5fIvEF-g0iZLHk{@fFFy?VEsVD2bKT>nHZ!a z5ynj9ES^EKNcDHQ4Y%b0&Z-7M2MQC?&al`IzTi2q(Z#46n5&?b&;3JF{|GsU2Fjrv zV{JkTqx>gL{fn6MiloA-1BhS9ay%EdVKmOx?j#uwr)|5>!eRCRGc4ZJ-LrIbg>9eR%>SyG?*`}?hB1{9!G|dSIpTVzh`-1++-gWE-H@c)VK$l& zD?FaE*+Z0GI_h2(X&evBH z<1rk5l=4@&Ka|6%YFW&Ea0%d+TI|V^yw{)_OqYt62Kz_UIxiD~ug@t|O*n;Fc0Z#) zw=bQ=wbATlq2bDdHf#^y=m4TGYQFvJr=!h5m6i#up`cW5SnZu_5_4+`sgu`}ioudE z1RE1`!Bepnv2u=|TDm!hyY-fLuYKP+hF7%hvgP9UL6SyE`}zj&qK3iq75{NI25a!| z8+`vLPkjZ3`G2aZ|42iKz=8P}<*A(!r&+XrpHzQFo-_YF^4yr&n8}QdgUy7^kded4 z!mfya@#`0psHVk4I>#HSfNr@x`CqJD;Yy z;4MxZ5=1yGSILYSQaxqBWE8W+d^g3pJ!p^5q$PyB|1^V=vaLugvZM{mv1Nn$&<%r> zCxWxJz5%wOe;W;Q-(RriC_|CBps=`hGNK9)sqqQ#r4oH?UYqhgKw|{!NCzk2!kuvD z51Y63&*6@xMqv!nixP`lF9s2jsp+SlqPz)Bs3O=Ous>RB^cI-~DI3YESTC^yg)!_<7v zV6+t=sQu;g8;2djj8>QUVX0zpKg0qcv{*x~Y{b?*1h{_hljI_TxF6%V^t0SnEQF)l zQU|yv{-w(!;qC=2T7GDp1Z$?iLbO4!jBgFqSNF^d<`S2$ab1++j|Y^A^LbpsDQ_m0N|-uS8;@7v+z(@uM&+{|z^T(0xx$wD)L-RP;l z|0b1G$+pgk15N8L)dq^(#i`z*LH94=nH&%#JqFWaN8B;0-0@yE4PAVU&?fyzwDe=G zl9fpM!hSDTO5D#p_A;S*M<#cSXon%6@SLL!I}rpEYf>R_&?GhtN<##iE_7en8dp*hy_8iVZ(rdN8b7cXK;5@ z0$Q^=Ip#*1K!G$|3$V|MLU>NR5L9QQ#F-uzAN%2a|6=%q4(=t#qe{j~Iw1GA-+iK7{tKtIa z2ajXQ*SnIY215@mQwwpdIbPQEYaEn=m#}|+AF3`kq^BSZMbm{#1QXpyM&9*DPSF<3 z$a4Q$Rkg?Cq`Vmb8m|(;YxAxJR75;aaQhm^wT6dZgsEwDe?v`c30h>04=6op-Zxf? zG1$f8)auY^h!GcxEU8C^XBVj+v~UG*x}j?1a|JO?CT>y|7;wb8bz6Tg%&wr)9jGF! z8)rS>Q9>Rq@mg?)sv|*1;RWGkoD|g%W1q#dKt?mL5`IsYG z;fx*OUsbVt*Rc_*WUDt0-c90#g{AJGZ;b#v0^B8!&rTp=b-Iyg3ir*l39sZfVWg8! zT3v^Wl+ z2)g&paR_v2Bzi{z;0F;m5RAeITr@5=-lLezKbntCUrO8v>}6qtGysR>-+mG!V(t;@ zg)rEzo+>ul7nQJ0gTXx{A=8A43GW0?h3L#!S#c-(#{HC(%9U)?^QzZ1JWt%3EB-dV!#!QaP}oqVPRi9<|4da~gJ(@~BF%4E&v1 zWn(NJy_I=Lw@?u2?ErqhA%L5>7SAUM%Lumvc7G$3^w_;5rE;2{pdnW(=dQ+IQ};Ux z(|PjqstE_o?1HGO{E}i9Ar7?eg3(?wX4UDL6oSTye~{`Q zndi_z8(I9%-!R7q|A|!pBJ_NqR)(7FP7z$d0qj6S))NSgZP%l{^&lORq)bs87ewqg zsXiZ(9GxXdpW25Ee|;f~gdCgY zIpp3Zf_lYsXje}nl#ldqK|gKtFLF7r2fWJk7LlEwgi*fXP64x?6zgP?MS8)TZ5iKJ z>I|}1N1drIsxq8QMPYi7UXQ0KBH>E&PGszll@MQ#KCZ_rJ!}_xR$<4MhI8NPk*fH@5+4X&!Cxn*`nvxns{eQQV|-R%{&@tQuz7^P^WV4BpMmGhtp6B6H)dmGWn*Sz z)KY+ zxh;Jz_B^(P+kA7^{Z6Uug6PCPy1YSaEOZ|VaJ)ExI(4pT*h zup13!K;vK}t#tuU75V5qcwtW+ViSUb3gZKe3H?eSfR9xbyDR}v@HNRG+Q0zO*%>}I zE#~B`q{Fk0X@^sBvF?19rbr%{qZN72;gv)9)M7%iQGc|y*P%yO_0)=mfAiCsyZ6aY zo@)akNqR^!0T*e5CY`s+$rB#2S?!4Ef2B-fVFd$g4ZD(Pxt*H zbN0ZM0j5M@CxK)5tSZOR`-K60FUMshE;W0*P&=<*Wb#u|-c909c&Q0VL<0a;Heqm* zzo?X?RyST)ub~ViY^F+kcS~x6jz5Yik&l=u7C&mCn4s6HK@GPuM!&W~V(CviN`{Gn z*3_ou*B&&_$9##mHT2N*93jY|gr+1OmIPdU0od8z_>D#hj$&y&w(G80$7`#FxphxK zM@=m?&I~-Uk+PP&;V1Fm!JG;CudkHRGBkQ%j}a$J17VRDRW2-o=D5dl2+NLB|-60F-~%ghPEt2 z+uD%X^y^YiQIKvk2F;{dhAGO!KQ3LH^bsc5bTAwMMA5N&clU@t06Ke2Ju!zarcc^q z$tjxPa$JTsyZMilBu6JoK!s2`zdWekDu|U9JY5Rio(yp=TU?!Vij%wGj8_AN1$lZR zEs&^7@y(>TN(6*9ay9qDD+0giw{;qal3^GaY>K1k)h-VBT4k?3Tx`@&D+Hm8i!`um zM(IrgaNN8ZzK~#@CeI+0^9Xtb_T?PO?^4>t`I}HR53MSNoRRscLgc}^dN~T$eT$F0 zH-5sk%7F1cj!bXZ3~WXs77y-zMTC}ZLo3s%G{pVco$f+sUfOZSVz>Cijj)n2YMxVZ zT1-qBP3$9Z={`jiB7$&>Og(D1`j0x=-wf=m6icGNKlVp6 zg5Q#=Dn}+2u@Y)jvfBWCY!r67#LGE5C6tIDP)K=|0I6UILrF>Xw>1oLX#0`Eq7`$6 zHj4$OywQ{@CJt;07WKW2(YsjjVlzR@Q(K4$9o=a?Pw8X;DoG$}O^$Bcw*dvZz$mo3*NSLbi4t6X zvCh2=G7YDYnWnFLO?~KU_0dSw%rWpP)X^8)eCyC(`z@TlIz0&>HRZ4a->~fEMF%(P z$>WfTG3>UP50|opRPta}=5!C5r&>uwSu@eNz@E={%+T488jQ`rVNks>?Q|z`gQhtH zM5S8B9c9+sA}rw>&+{K@S2N-V)A(ac7IZ!(6mj12d9xMvLo|K+8MuJz7`>7Q9YM+4 z7eO1RT&$6iSWXl9Hec$2R~2o!KLUj!#__pO1S>g*aJ*_8zte6XIwviqGH|ye_6u@6 z6bKl1pNh8bee&^ltpeCsT1wv#CoxkgK;20`-Rbqi(^)#wE*Le?H+n$CZux$RzCfi` z0kxHFZKnrWIxvFSuyHD-(v~;JaMH+ZxNLex>8IV`Ia@0`{?|8Mhy9)$mundBBc)(t z4GvOO>%LlrBn13wiVO*)3xCzMP7Adoa+EE^Wq&HM!Jgc{>zk1~mN4RYm$sr(mRoA4 z^8XP@!A_|6y1rBm%i2`EOkInjb7`eM$bn}Igs3zFNETm zX|~{ij`+hrB=x^C&uc_;*}ppHrv8(p{zc|_EKZxY4zL?Wo^ez!=p=Q4f)E%;EGbf^jpUobRR#pAYFFf{R z!WtZeQE5Tfl<(iJX33$)Uf&1lF8X)_s|05?#jx}Uma_qZW|MXY*B1okPN^&WW`}la z6NHiHlo|pLMJ6dEar^S0fP1#{N{1W0L5 zC02UQ-|RRXI&Pw9{Cw9w`LS&I;Tt_yAA-K6EGhEGF#)I)KSOiBJDNCC+pTdBMF?{) zE0c+LkqUz7O8PPM#S*rX6FcDz!E+dO$Tx6$FdlZt!awOE^SYy2@;@h_t5w*OJ zjR9%F%dD93ejO(;dQQXYTin{ zMyz5}8(DiuZJWd24Q!j8*J9&Z>C#pW^-Jl{BuH&}8ra8OqlNh2Z%RKoL)8H8kC#Lt zD|n|SSQRmLqbND=)PZVKz8cR|xHZK{QGP>hquOIaNHl9^?pgO| z+!Tbe6VD<2F4ju>m02@@T*3R`@}|2j7pl4n{qx7fsDsn|Y@QeU((0G`+yYEnL+nCv zCx}R#UY1|=7P69wOc0G73ca69?wccK>?#H^s;{evZ|zxd+J*AEc5@H_WAc#63Y(0^ zE;e7=rN%W35?0(CzlaF-*b0N6bIQ?;9F$BwetQzzS?S3TS@*hyxI&97Ud(-6-b-p| z<@@UC_^^&H_Y}Eb;x%VeJ14oxk>~9PAZecEw_Wf8zkYIo;j!C9f7-z-@t=8=7YcYn zXe~qj*cc<@-+`pg7=88zn~7AG`VA@x-X8+v{`bkVV71mDJs~J%I6ZtiYS=f2_2xP~ ziXFM7NDp8E5n?hWp?o^e?YXJ!ma9J}A&vCA1!_h^vL|Z>H-gh5Jo{VF^H{(!k~Kz| z%;cZ7qYbm|-|x35GPW|0nqvD9dAvZ_ctb7}TzaX!9 zf=mUDziz&7IeC09M-Lwg)99Nh!^Ttdt$EkD?E}52zS3sx^veek$S;{vb=8aq3++c^ zDc_@3Mt(y*?tRG6XMlSO|(*IspjIZk%5LP@jM=Y+PNL$GqDRHxDy6GNosRk~Go z@-#^8m|dI%Yu-On(oqk%OZD^peBCoFDdo!!pc)0JWlC)G`AFp7 zLzci>SNc2!1W21XtM|*AI?@G56S;BHJdAbRbBP%yX@}n`KsYssyVIgIP_4&-Z#7u? zS~M8Hjwy=An>7R0(uUdI2y0l0t_i|ZC7WZ-2EcH;9V3M!6BsQBUL@L5UXK=u0`-+v9N-w)Ei29*fyxA6*$!U&;Q7!la5T!kyV z(ZeGRixX4n;rOIxJksBw8j6!#3x$JX$J?}F!#W)~-^jR%ZKLHD4@)pjprMZ>I{W1D zX62zymeL_VlHZ;}U5Io!Lq(qII?Kasg6j`_Z?^Yq-}tTZ(FEFg`7EbXPR{V)bMpv@ z+>#N)Jau6F39$Z3?VO&zN4%}Iii(`w?(l}6oeYq^-!-9@(&!NtAj;<;%>6rP7V2D} zv?_n5>1yrkH-EJ{V8lMO1}jUS7hB7m>rJNPpFO!J{F|W-vu}xyKiw|UXw?_#HBK`s z)Tj3c1(iYLr*|kG9LXccKql-rCx

);6g<=4z^#&GbLNwIh)w_?XFpwse91W98izo1Q?q+&X zhvthFou3RnjGSg!x=M7kJH=@@0rWB@)C*HW{4tlB3TDP& z>NZfKfz)M|y5zhtF8icdED#e?_qaP9uNekZW%%!3KX(iC`y-D}_&SbDH%PS(>TPa& zGt%=*3P6CQc>RP`AeI8z?8*8fbtK?@Gjl|T7x!KRS-cy;HciQ&pYQy+icNa{I;;*P zycgFY4Sk?^lI4}4;r4%Ibc#C9*5+Dm(6o0?RiU6eygkh_jIKJ*KUT8H4QTx!2OIz6iwx| zVH2ZrbG-mC^p&%-rv&}Vj-eEtCSCRBlNx>rby$N2f%G9IjWrY!wmAMMi4Z9fAL^))5~sC zrKrX=J;4iYP*W1=%DcQ(?LO@&N;chb0^g}k{~WFyRz;Q2(wj0opZbE;*kFVxEvvB z!*GYuLu|vcPql_Dl`CM9@+m1fRLz{<6uj5zt|vfmU1>;BApwY_j>#Feq(2G%`Z;*- z|G;i@8e2FK{%Mz;^AXsvZx?!dWbA6M?jVB;JR*lmXPx!DJ~i`k$Z7Floyel-aW zu{GJgjU3_1bjv-lr45bip5QR{%5R{7PdqJ0nHI4q;`oY$)ISHHlJ~XOqZ#MfrP+2# z!~%y@!@ns5VC^X16u}ZpM63ne=!TA{GEKe&d$}N`%C3N}dR(OQ5v51)>u48Wk%1W6 zx#en13DsxOf#TSXeyiWhTGeTv&Dsk}49^1iw6BA-*2r(moPbB?Mv z`Rml{2%@&|g$O+E?Gs)5m$mk6c+N~FXQR@Y;ka>SFqruux!;b8l}+8`H6gWHzyF>b zYG(x}ooQEt*Pg2SBo$T{%N&^()VV=5Ccv*#Rcp1UuJzXE2{BI6*aQ0ZBvk{)wlStP z^J>l7ph6ye88E(+64(9Y1CHte{@K1w+y~+Ca0lzOiXU+5&MaLqNhYF1(+2v(?h2?<)Tp83wjGccra)B(o1y$e(Gw=aC>ufv7lxCG9kIJKh?=+JXv7s zTHwtCu8uANQ^;%Ff!y&xJxKJlRwwhI;f__j{-1@Z|5H}y@7L%LN&WqZ zOc$5CqMJ0!C3XAO`FbDCZL)TQiZ^9j4CX@RDmlBL_issw=x_Dz>sB^hlTFmWS(Jg? zEfVccp^Ob$SIfKh@9{u|7x)q(LyM#t1Gh|_V~!bi&ZM5mIlI#zH_!e~tIcSI>eVyju_tJH z?NwOQ!Ky9qTW~%L<||hHU0zjYtyYu@Vu6c@d-n=Jc?p`!36vVQ*gPvH!#(;cq<*!f zJq2WoPYha|YPy%6s&8XO@8R@=m>?iv*J4%b^nfgLAG?r2O;QgCzR|~my_f9ZNPVIjG)iKtU?H+h8PUalnQ#NuC~Kn2Y-Riw2%)Zy$pf^SM`hOB zJ+@PamrjabyAH%V5T&gjNRTx1>BkR)ohQp{FdH zOJ!z=X{QMDW{kIP1h1VwcBCoX`C`kbE4serG-X=GsGH5pN#V?|!9e$1f3ADWg*VoK z$I2d6*cgE*LhC-$GBOq6o1#L6|L58isZjyW{~`SRkI+u$Kaa>Tr*0BMnj&y;m>98g{H@n# z%FOilHec0i-}eWE_bDrvCGVj~vJ~SoD~{uiFt1IC*lVv@26`ooq#{Qf3SUU>M1!07 zMRtB8DpEn2dnKz}g`Og)nylU^b>N?Q-;>v&bZVZ`l!V2?e13|t5E})@PA^??lT`5P0%-)am`U5Z_b?7WPFK3>9mwa6JXeF|NGad6F zU2H8e6p5LMC@Ut8tSp8JPn|rem10B6j3fqoT|j78W(>6QK%6969EBeDLrkwvhg&E& zblR(-7Rtj)g3(+M?%pUM1$p{y^Q?9_m6Izgh!Z^F{tF0-)rw@l9kO#ksY8dbOLc^l zd@mqozyLOU4x;_rwp<90PJV|)v4zpQZz&z;geP%0$6N%E5+%(~lf6rHfEe!^Wp1qm zQJKO>+5bn|J4R>TCD_}sZQHi(RBW3SR$Sp7S8Ut1t%{9`lZsQZ%{M*uOwa1-p7-Bt z&CJ)Vd_MQ}+h?DB$*xk}@|Oc%1g}8y;_~w*Z0%CZTd6EGQsuHm9RQ&>_t~OthH~Rw ztdIH?jhMDs=cMLQQ?eH%m0YF<&vjq^R#u^$!~Y8f*93br$n!K6y;G;Yef z#m-fku?_r`9A!q)Rz=(kop#$mp;_N>EOMaLtyVTqmO$g_%6$(@8ZJn;S87wN%PA(+ zePKOOcmtNdyespYrd;g`13m|4dL-_7Y+6-W#mT~|SuH(?d=|42thfTTH0Oc#tP`xc znei}{9wv(wuvx<8(teoiW?b%tHK&(YjoJM%A+$9+_~fn-{iQKJ2^x`4dcW7Ator$0 zK;et@6EofMo~*d~XoYb3fP7bx4_u|(W{Uf*UB7MciuPgc0^q1YWT2M91b>73;nt?S z3yN?UNuAomiw46OT)BdUL8g-k|4?5wueW05r+T?t(?I-Q(MBl^uEe8U7hR4Yt|OYq zt{x#5a-HR2vhqXTL4SQ#s?9Ka4Y;Y$BEPJFcacC%4(WSNJj7MLMPaWL2`F}cH@%K5 z&B=#Ruz_=_8}N?zvf2Pln_R~jhHE?6;5K#OAlU#EdW`-iQGK+#Z;tw$s(v?Nkxbaf zBBzuqh6;-qH>kkmyv|pFVXDMDH+}H1Pa0`)9OwQ8*m7tD)$~GV$Vs;ruRujk*Ocml;O2&FEOt{>fc&m^mcaZ=Z5sNoZ%WB!}k6cE;nEzxvsO z_KVTK-r%0rfmYXmek_n+%|u^QKA{Xkg4zN3Tll~`s!;i@63MCRQ^W`Jv;foOQop5{^KP21En~AzvolXXIsTR&`c3#Y$J5dCdeZc z3;Cw7*>{%mayzt1lK0m>0>09iKz{B$_x(e}#=NcG#!tYqd0N7NyHwQDVB)`b%}8hywTBK3I+ zsf)$)fp47YgRJH3B_?_B>>heb5~mLAW5xk}gSWej*aB)sX|%e6fL+cM%fx*djww$# z4+5OsjrRiCcvE6k%Ga!f1Mn268>yN>g?iLp(2b(Jf;i8{?>}W{QQFzgHf`-2VB9_p zAGX=}z1S@l&!i49mShE^^jHAkBw24B#sg`rgmq9K4MY_nAa?mig_S{gmD7@nxmoQMctknmJdcMTJCOLB|!wrpW0E}Y8=9+H$y(oCC-8w%(jVP&@joi)>>qz){)adMf#l;)1ivfjxPMmAVLmG85FZtE zkpHNltK&}Nz-%UP%gsvGibzvR9w|^HFGJA7^s?z<=&=KES3%Ga5q>pcZ3DD6Mx=N_ z4!D29eIAtggQWiMkn!eya|=t#RQ@ND`WFrvh!D&q^_nNuFM&wffNV#n&>TM#*k|Qr z+(MP@ZaLh6-y{XKgEmmCT2Gg^XQq%E$E6k-!#_B+u=G9ah40)*KiQ51%ZSyFFcQiy z4_cMsD|6Cf#-$*g+$xq#O^_fdkAPZK^3`qnA_0|uor^~ug>^Q}4xT>{BQUM4zsZ$| zfj^_xPc##L4;U1matQ>~J`YaT=_*h~8Bcnn5vzFU6-9u$Pqm~*d>m0mlyB^vuRD|5 zdMlJ%OYg%ZFr#~7e;UYB@nS>|`@Hz#T6&f$a)N#}282L>QZj-$$7T$8HeszVbKdKb z2RaU^+M9)abMzo51+6lBgn|0)6QOu~zlL{i%W$9N@V3);2KDy}$1xJl6kXC}rFN|Gyea;myGRi%@E%+}+yx-w&n!RLHRWR>&ZlaI%`S zv9g+)vYT>qaWE$nn?Xnb>S%vu2sL5iD|FG96``=*0Ym~%C@4eW_TZq)8E8ID9Rp?A zC|*iXcPL;3vv#WdXj8Wr7^|UNVUihwA&buG;&WbH53Txze#Hah_vkpNEy1F)CMU_d zETa2rWp8S@ck9hdOwRhTE({kIMyanHhwPfzUv7f)-|3149?>yjmn4FT~j&J=sXUzk{mkLd#wDapXv zgG|S`JXdpxmx>fKvjrnfLCw)L<+)scY^F~9u9q-;Cg!5+E77Ao{)m&tp+OAfXd^)4 z!{%09J?M#mjGz0~D#nLmxmQQCZAK>ScZEZ%5k5GtycP)z!12E6(I>k!7mo(YtBlef z*sGTi^f@%5#WKp`EHoyL3x`w4gcg~k@V@tNti#TbH#*2RTT=AA8i z<+Pgb%+nT0D@vN)1Hxc8HMkDx6{(4Ltm9%ov`gHwLvvz!O|m}vRG5oxPbeygTB>Zz z5RUbpbg4)j46)o$@;67xiC(JHZGBmt-;oLnMu}qanrI=JlC5B3!B4z^xjpEQohYxq z1~xciW>lZsktUiYHcma^{WO+2nT_C7`(|*rgNT-z>qMveL=-n? zq|Y>KRvuVX&xm08^Ez4EfNVA3HT?u_B+Gr2j_AnF5Kp(A1jP?vLPCdu1eqp_HG_9ImR?XpB~{4iS;qdl z^6c&i$q}-`o1>RAla)id(S1){%2TXMtaF%ua24QD9jDB83XM?*?4ysM9nF;zP@AY< zvDLJa!MgWgaE%OjR&xpq@k>~O-fojLuNJ~6UMX|4bVcFGWi-ps^Rk;SD6Q6t#$fM7 zBP4U4SI5z&1DSl)7c*BKv`O=X(e>VF&bXy5{%UAB>Oix62T9FCsDZ*VFL4ROQqlq2 z;*15+_3l?iQ`{kc!p zf$`TZ{re_x(N>>4|E*N&_i^+$l!E!YL53x{<`$Tl=oJR@JaOJoOq~NQxVbpRc3MZT zw2s2?DjCfJ;u@Vk>USuGvm?7QGTiqdM}6_&ZGxkAa(>?p=}5_`ETuf1a?mSQ91}e4 zx-$l;J{yKEKo@0&&~~sPjs7&kObxw3ca#bp+l<&xCDSq1WA`XTj#_YuY4atu!^nL% z{P@kUhLxPtG{)sb<4dBc>jd|4Sh&5^G`rrrSx&3gZpp5EMA4Q06CNMuVGVI=HMTF#YZx?P`>r%iXbK@i|i^M8eq&(e;3n z$OKLrhN>AkmFyNx)75Jm8zmnaEoKO*T&>zuie=SSwDFb^=4&Gl zKu4VJA-^coRbBzG;b*tLjwLe^AdK@-nKEr=JwL=wtn6x!c8c?}8GIk1FRcXLyx?rq z@)#hu#I_xjnn0qj)&NBm*NQUkp`HmAJI8t!hvFY^QYePavj(-BL)_YBox#`KY&C;h zXe~L^pO$+3v!t)M#rJ>Wfw- zJ^U~EC|0Lou`CN8`Y$XuO2ofD$4Yv;IwlRpp1ae^zFOJI5 zsP9+zU3CW;5^5yJz-WKT%t)s^phXLjWIdwB_xnzWl1a%of}h%ghGPR6>J6(xOy&2% z3468RfmI2vVvn4e8wU2}q<8Frrg-D$UJH5Q7gXkQ%4Qp8v`0g-fYx&vrOuK_CiJ{7 zL}Arup>r7$z|6j*Q=M(%b5t~t;#A9_5c_gD%+;B;HQ!0LHTT2X6*c(4h_}u>=5fUo zWf-b53}=<8uZ1E(qa~P~!AO8PTxt`P%NvS#tYJDpy6RczJULas-&NhW7Ir;s*vJAp z<8Hkd?90^DITS19AZG9W9!lvu{3A+*xgz|pqSSwcQtr_R|KcrQwE~%);=j*Rf2w3y zxRPs3Axse2%{h!sxVYIlnaxi#4O7dt48{fjOdpTJ`#o;?u^ z4T4r@P{uE7-0Vtp4q-NezbYKxjJ&wXdgJVMt`o=7M?zO}Kx;5JbR}p0tgUy`E1X#} zNa4VXXM5ViLT^jUOl!TV6M27w6SMV^=-b;JRDDlZhTakMOW1wg1^vw!6Yd27ddF+u zaL3e@(ISc-goC74X|`9P4kl$_`@B{}Hrji3y4Q%*B0CsA*&!(`t%US+H4tpLw%EAa zQ`C+2w8KCb7H`kngCpBLi zofePdT)=jHm7w)JoM1rWH<6!!eOwIwYEnA4?15Rio}DJ1cF)TITD;n^7D6T_X_h*a zd1;~8K;p*co6)-m0Z96Tms>y90pr8>=d5>amaQ5xK$$fZ-zic^Dk(ucwJSi0{m40r zziwcXP};I^LZAO?A*Bt+K9oMITJTZpYY7CR7l9|fk^1TDqlm+uXxS7XiM=!L7&mTv znAgj+NkG17hG!3y`*3$Bg+(T7RPQnkMYir6D|44cRz@IuOvQ&K`BLALk*7RoUak8=U<5hs57;^jF@7_mk0Ru`%Rvd z9-M#`AxjKJw9N;>*fp!ciogZue)E*j`PXJfu=f%ZsL;Y*y#h~5yi^RedK_W0@TLbZ z*M5TK?vHrMw_pyXeI+Gb%-hMS4|g~P5RJOIvGvRD~{>O zf>l?$HtPaaX_-AG7Ym)rs7EC>EvAY5gaWnehf|VdG|WGuzEh1weKkj=E7%8Y+PTEK zV?Zbz54U#_3TY#7>MOSL4+z+|DTrxL2`RB9L!nqn)&& zNYgPXgVO+>QS8g4vs}W!p{b1Ea_lg98DB# z?q_-ttB>t*h0=Ev2Gn)qj(*{zwnuP^Y+mI5Tq|1}P1%xuJihdL#Ro2Lr33k0PWt=y zCV7LoGKv&-pvkqqWA+4Vw?M@GTBpQj?yWGQfQ0_5#l4UdIKE11@M1~d#0&SPNqR)4 zgjg(ZcxPK>y~Hk`bR{y}4^@7ye~YJnA4h*gQ-7&ssF%?c9*gTw2vUwb#u9P5wG|K^{RXNmG-v-F6kJXt%647rl5}qMrN!6Q%Xpu5Oo(2sCPN)wh985KKNrJtjo>pDWjYTePkvUmGK2JMUF7X^fUVPy`Ha8M zdKtzv4y`J2P6%e2co&x6(g$@*b~HC|mN(f3R-I&IOd?-_2KEBj6NwT&kvqA~yt$Va z*n3piraycKPA>X1rE^}n1EC2+(jNo<;=OIlI^^Ert^d_Ru$T_ix*Y1da2Im}5}Wlq zz9&7EqK-KSN)i9(8JFQD4V$k5;RrR#GcC)6Hbl&2>z$$S)s}=)OEDeYI3mLt+yMr5 z`Vj0mQz+bZEXiO1Nv#GI9jR21*TC2*OGoV8d(+0(r?Z`KYEiKiySkHxB=aS%9%qq` zE`+fx4&QaR5q@9-Q!#9!v~8(5#VFN2c_^59gq<{^(uqD7P3wn%9BZs;3~PI^bwd|1 zs1s}^$(@iy(h_OML*dhisKdc6H||O&AT0%$<`cMa`QCfL^^AmWfw>0jy%`!K*g_#e z@GIU>$d@0;EaS8rE6>Y;D+BpfMPMaB!%iS3sLm=&&%DrTbSX?kEg5gZdW1=Y_oE$p z&oLpCxVvFv4<(c?D${;?Z?N29D)>>m+IJE*lpfKv*nF@X2QK&fj)^J9bdvg@x(>8o z<7=N)w4|h1S7Q5upc5XiIwvGh~X&{E>vgeJ&06w!?0Uj@xcnYq4jNO>3^}O)Y z8i7OMjr5jfSJdX7WE}--T7nSc19;!u=9L$LU^#D0Q5Bfe?&}RtZ$1%cABvSM9-}J)S#V5s3O6GZb%z8u!UBVK;I8O zU*f+*?yV=0xOl7^>@RFTQM^KUYW$t2MlJsFlCO>p@gFbw{)cvB8#zQx^q)-r;2%%z zLHlw*L4ZL(Ab^qu=*W{}et|h78gZGjeB9HqGI4Nou$i&`M}hngnGDOHG8vY?WHNu7 zMBrlL=3r(2peZg^w%;tYoV_OCxD_LEmI=mnjY+90tn z&`_C+)vL;;beXY$GMKZeVH{2W= zjc(+QToDoOmy7e5l{Fw&rp{{PyxED#ygwzS;@P(~`|AN6JY`s_BnlT!YIeMCkmVYi z4U{kb^H31v$H^f-NvOZHIH6ynV@To*7a2NC;8bK6{hz%pm^V)EmBU2U~Qc+ z6`BjeqN@fjd)Q3@Ko?2T;MV1puX1Dtl6>m7L`e($>pJzA@_0i}RHY&ar*`L3gLF1< zeynt}X5vMsv%ZVY5Dkx-&hPKg%Ms}lBRu3}!*V$KTeJrbTP!pJbb^==(0Tpn=n+0hfsH;8%4xxA zGD&PZ^fd0Bwod^Za~(=NtVan7mRE%*YGS!htfgF&l0XDcEo-j}tMn5_=asJ@Z?`Nf zlUp|R_;Xwc)CSF%2N#mtYDE?dc6Siknf8+EY_pWov*e4 zq?-J9xU5@0&3Ut`%~a;xS*`s z>!~bxzef%?(+IZF*i@Lom3B={#_{XO(pb&=0OdWVg@yWin zk`>epty2Wu25f@GFrJ2-Mf{L#=kl09uQWC0le`=M^(WEM?Derfon~ zrA}rw1aYknsZAcu0}&=jfz;Y!JSO3<HWDGNCm#e#d~w>|N9)1!_tbo8^c0#UcV z;wGk<$Yc#T+$nd650v^{JpcbIO#SURa!URKr9LL496^~0Z-m~MH4Q8gbWfI{4Krok zO{_PX_VF^GpCn@P+{oR2laz1gZkt}(z?6%EMPkr-7Ti5K6XmCdfS3A=v6EKUZzoC9 z6tyy_);!}yGl>39USWylY2|*hqzMNxw4X5~4r5x{OEt0+QFt5{Bl!SLW|@=wqbj3nGy(5-1G?hg+uF(#AVyc$B&Kn1OL5Q znB%})M}q@ue!R5{HlryG*t|{CgZ7DZCS!4Ksg=~zY2EW0(F^0dSrPX+!Q;hXyfF&6lr1;-a!b%H;jW!kGllvTGXRH`72fJsf!nBaYb;KZ z=9&4sU$aHlW2l^VvMZfyEsY$>QSI;^SlSVJgddf!?e~$uEk*#&1vUN%)9!hxF`u!u zb-^NeCDX<^I6ph(yZoJ@hq#2C>cUli-@yJVA2p_@8H98)%T~cK>`~_~y7^4bCs00dz3vl$FJ)pBYzQ<6 z8dr``JoZY3f;)(V#r;A1sA42>%^xWBpEemN;&6REcIOj>e@dqQg-k}PtH>{r=3s$m zx;e+H;g^5ja4E}dG26M91E`5ZdAizfl5)x~nskMmfY20#?F-N!YNEbek{^cFFi>VV zU=$7+0*N0T%>9K3CT%UxE?;qxW8$LbgUy_^O2l94_#6V}N5`88;f6W&b1o~5r9vy! zK0cz|u6ahkkRku2tkkJeKl$lB`&Eiz0fVWX^PsSgVE7S1OXM@j<52&!cGVGq6X05x zXwLTM-JLilN2B4LjzoLR#8lkC)tx?`oq7KRInG1_{y8!!$LbVi@+;PLW{Xi4y)U#2# z61gk0;8HCdJ0xudzmHgtFUcSl=3J=h_A_e!jFZxs36sOnI+VrFjW<|7;D$kKjHVUC zK;4SC4}&*bLa%ZfSD^h2wF%loJo*hHjA(47bHz@9&JlCB{Q=E_G}&Acy480T>g0kz ztxHGSz01&F;SfNx$&nW`ZblMCDMfwH2x0$r!lGnGY1%b<((cE{s9G>CIeWLA|HAHj zvJFR`%LrL_x0~hHahKFuI#DJtD2C+n)Zx~k9vtpQ<>*-PRoIB)@-;_&8u4?CHIC`3 z^soC9OXN6lXb8W;2Uh^=D|t-=xcc zkOy8=IQxFx)04GkWMSFXpN=o;YFa~AgxtR2UXx{F=sVerTNGc{bLXc1b=b1BAjxkn0V>K>acTua zkB1IvcQG`u`3Q?a#tsLpobL{296s5>m%eLK1!icYcmg2Arq|et@~@8FmKlf#%?%dR z%+Z`0%!zAdzIRBv=${1cZ7PsJRQezZoG#E1qnD6-Y~4O6tzkYVg%rwqgAhs@7G zW$T9rr%UQ3{syF6`{p303tu9!o}W&TDL(B;259o}2k=a}rh*j+jjou*Dw z;&$|KQ2B^!Iaq_oJ^^p5@MKUB0|h~~&5&{{3f!3K9p+%>J?c_e(gpN{Q~Mxy#6gao z&?g_XZ2D{2VRt{eUm(CtfHi~oK|5E)e<d3ri1y8) zT-nVMRtGWCeqTsqtMAJM^M`qyrBHBO$Rs{a7Ns;xW48}`l@4v|_$s*elr(*}ZhPxD z`&P!#E*^!6(oEN15&*1pcHo0X9889?6)$sb8=#Ldwe{Aqn@#KiiO+g8}n9-AGX-zH%|Rr>kmH*<4=S0rTXjN}7pi5qc@owiNj;3i#@m=UpN6Hd2w zR+%-pM!RKHJ;giv1eTKs;*V?5_|#2VjW|L(1A7U$lzy7?rQnV#lWNbZ5|9|?cM8~2Pyzi2!<_zspb{@E_{jIgRVUus?qn0b-;F?wFm|bl zVO_zCzoRi*D9WiO1lS;20JKwNCw+}pW4E$DEA-&>`Tq$@g$w2C(pIo5Hn8WKB|fRC z4ZQko4l|c=m|+YiaP=iRud(XF)*3+p$B4TY9FGx)2l@G&d^4^>35{o>c;V z(?wd1X7R~kYeeVUxxoBI#6hS#)j*r1i=G_^2Yp<;PZ$JT5xLHyuU??7Srd=Ld^56p z6ku433uHdxeK%6i#Ge*=le|NyOm(*n5DNADK4?D_`-{LH@=g>S%7tZkPga6uPP(xF zOuN}>b=k9QiGrf-)TbHx=qL!FPLh5Q$v?5>-pSEwV02`{Fr5C z+7NzlE&HyK*Rmel{0s4-wo5+;k9Pr&r1KoYP&dpsesl=GSDMGl!?jsGor-x*uT3`~ zergl^aDB^9xrL5{Ro)VXc8b+WBotKuqiRF+bT~#)waYGf33ZcL_UZtP8TapfsUGTo z45dJ7k^V81`X8<$bc`VV^SqQgCIGtX-^ZvwO){*1nPj-kxlK4(*i6|tOpT0<*vx)& zRB<=XI}~HgDshisGtB`I1xzO4af}T0_$d9=NY_><+V>NNfW9mK)4AkaQ7hqv7^J=yu)+Q@-d&Mf13y z1faX^baHpW*8n|F`<(1?IJ%-9)T$B}~}8WauTI)DppOz_@)yiCE$fk1kJ z`=@CVWb?Tx$Z$hOMN?#Kn$YwKV74AWYsHvCN}Ai@5W=T0SVy}hWzu^x)$XR|@(iTD ztF*8HB|6^55ey5$Bd~IJ*V5k{ zrCmaUY;qyMSgy)6XzkSZ7$5_#Cgo;&$t0zEyQdaDqi^Xz5J8wN^nU29mX;8K$^~wr zFVWvjzA?PcT@)WoM3r3s+p7gj{gzW=Rw}2v7gqcu@Vk1bDtJz9p#$S%+r+}ri++S2PFEK8fu^zyV90Exjpy0 zUH>wSlFM;l2Soq|3$lbLtcR8cj);ZJH{Gz-1oX$5|nV}OnlI#Kqz|x658xVCcJJ=oC7)(uHb84 zoQ#|nw)crxPUp47AkOMtn>V-8c4t$nf?pW@vx7+VSMzCiwqUry+#!#ybe=jYX*XJ} zdVj%q;i%u)s{}s1?Qlp^b}Ld+e3lkh8p=X9m|Q(x7jt4#AS>NlN&{ZDfHReOO8I*z z_22c*DZziAMt^YBUm}^cS~Yv?ix)4wi>X=&$}^`gu_X56d7I~9u-(Ni%q7~tLCRK3 zLdI3Dh9ugyZ_69f^@I20K60u6*f(pH0$J6=>yd~2{sh`nob-+1}quduuM7Rb7N;bNp8doD(hLKpTg9u>s zAdp7#$$MtDaVlAeM{giNB`>;(3;@kq0AD5D`7vFIf{W?yPOyabh4DOa@WV+w|3L1- z&+1B|XgO|fnPk^^0wel^DXQbZj>YjM_mT;`#pv$9ya?#WiLzr%09!pELV?~n`I4SX znRvvI24A^LG4c@8TX~d$)ZabC*k;PniV9~fdwF_b2)b!i!5`bQM$a1oN zl1s*>?H03205ybXkA5`#m^$InJ%#!c;97~;OEtSvanwfpBa^^R&^vz%{*Ll1VGX>z zrsSXo@Xu#;1v)zg9uM!HLjLBzS0L=4+M8*9nFY>4`{ zp9)Vmt&D`NlJHpyhOVh6z5_a4O042qBa4t*A{qq^Q$sKwkDCKL(Sd(jDY{Tg*bLoj z1zU#)eTJ=9C-Eav>aQ&}VXm_0rtT>9Dt_>ehSZWqK3f=s>V=t!^GFK2Jp(?!;-ZZ&F14`FkFL| zI+eSP646ECwNZJcx>{^vSap9?^~x;8pPG#v`uMc1Ne7gKA+vzK1Bay-+vTqdk}0#^ zXJAV%_e2GA<%TSbW2-Wbm;n!a;Ft{6VrMBKFnBOU5wXzY>y_X|?kA;|xtAl37k?gswfC#XODF|2?2V@#M$ zSXe$3GG-=5Y}~BI|3Od^0H?uVgc#UKvp|_^DW5Gru*h4{e$io*oS|FxVNE?|`DN`p z;)y2=L|=i1PfyMUy3KXCh0JwFrLg;9BO=H-tZrZg3k_~Er3)RDqOOL6qTFE~UZ;iG zdPN7-ZYb6ldNFf9jI}v!*pYw?s*MIY&qIJA=BacHq(*bJ>fgjS0jWaqm#)DM**chO zw@Q-Sc1Qm6Qhbg^C1+)fQ-*~tkQ~UK#Oc=g0W?L|KQ_~?0pI^LjhVMRv=?3~2n`)^1?O+Jelc)yyu&Q%RA-*P7Eyvwsntj;rJuXLUC!)o| zlKL<^m@FPP4np?6rDmLkR#A6+$F= zVfgy4+FnYRGn1oku$k+a(5_YgLB1Mu``Exizj8a^AVh=m(vT(65`z)snBa1)ob~6{ zK=4fSfm?*&0_e2I%x{27Z$B_ru{~dZQr=2BSbDRe>*-@f!aNjVk=TEbFUFT|+-JuI zNZr59l*teu#W*sEntFq(eb;^;3N#Gvv{Pqq1pvo$5xUL`yMH=HsSCzvm&I4=mF%Ey=5%3MJt~_mTUx}ErJj5A2s3Lx_@=O4mssB zwU9f=KEV?z3Z}0Hx3ls&n}B7d5&5Lo;z_Ql&?(q~CpzH~pw2D)v}iQ5uEm23<`+Np zfSnzbr#nJAJlJk4QKEDfZ^u5@C_QB*6s8j%Byiy=)gxpx=7>Ea=UlSuhV%spa){(y zpFt+3It5EpjoThz__YWB{vb!x@665LhRO!GKofX(7;1rkWGXThDZL!e)*jRt$WMpu zWMDrwBe=Nbf$NiLPOsLJB+j=BXIDdJs;?%d(Affx8;C`mHyIj(H=79$dxQTlKbt&I6!>}*4T%$1^ViDHP zXkA$nU0j#E+}3N@;*$e07QXqWdnT1<+uUQ2T@5qtjjdIguY9*xnlOzG$H>=kl0p4E zs8SGLUwyWKhUBYxiK_vItp6S?vmZp!VS{8NZ2j{kUxJWMx~Q(Oht` zaLJmpFUA2h9`D?$gGWmSZ$ncdEhpFQADb}>ZgtEE5a=zs2!fGCpIBUkxk8rkkR1ef zXQch?kbAp{b$byYa@tgwUf{(&oFAKuc|TctR2j`&?mUAOwxE%|?tGn6pWX&RE0ci_vf&^y5)4;>PPCEN*kg>%8D?s0{sruN9q*vjatC z{Qw=yJYn00cWxUa1utwF(PXuFZQZ%Ub@p1RQ$agRssm^^l=ay;U$TBu6mP;EAH)Tw z5OZTvXD4s#kSh40Tqz}9*3~>_jLi_Qh>zL^paB$@?=r+5-3a=D!9IlwR{$fv*ph7V7Ko|aWu!J^nGNr3g7G^wR<~DmkejVh^Y0( zhf`*E^>9=RQC(gGaF1a^ z2maV_X37Ay_0B&K>c8wUX<1B6F2Rhr{}e|33wz9LxcV4}%!pz`xiE}nO7B7rNKDFk zn`*klGMx#?H_vasc`5?I_p2)gipWCN3EEc<{GS)=S7*b$+%j$~6+$lnhQ^Si(^?Xh z!xKgL6QqnC{mzkSffzvqRhkhg8|8KG7X;o7oTbMNb?A-2M4b462VSPyDwK}hl&{=W zbj2*Ersp%l53!5|CJV(V4MWko1o}lFjyV&in3(jefF0Q!8^BOVWb1>*+931(dY%>$ z`8mVG*HO%6R|R%m6YR5X=!rAu4(kuk@x#x%;6oeo&o-_hmk&S6BPlKlM7p)P^GZ>Q zjidrkrcjT#?(rVGKWgOfn{7cciBB<+mB{(X@8(;CD2 z+Zuz&!NzQE%*tYHWX8$D!OoIQyaFQuXckrBAVF4SyGrOgltu!d9~yE=zuY<74En+~ ziRgRgHRk05woOLh_|?wUBD2PdR#>n1)(hE|cq57hVS91Nwh2HFlgF`X_3$M8S=`xE zW5|ss8hEMfd)*6&F1w8Lq>bRz)JXeLreQUpq*M!cVC?qWFnO}9nhj9m#zRT;)y(il$=Jy+) z==@*A8|V64#q<7v-Ou%!DW1;mt(N(0pD?tITQX-6-WPXL(zC7ds!fVMre_msHKEjS z@TFR#;5E&{89}uB4mK?o7+iKdv!s%Mj#CnUebdVB=LTD$D3<;#D`;--ystpG0lo8a zV=7-iwiyb%ml;fe$kL`#s+6T9@TL61M=~VFIUDLIfHWe=nC`^gwbtr$ch~;45Wnrj z60y;*p=Y0@RnUvRHKZpT6tG)9kiUk`dnz6{j zlT>e0@xYPzVC7-fVPxoaNgIKeS|>4$H%q;ReNa7=tXHT#QUW?Yp_1ySjYCo04 zO8Cihv{K~;OH~>9R#Lv`bFhStQx}3>IuDlCv2;!? z@SM{I24`gDZCYL_vkZ`G)itI8QhT5(l1(OhR&gMluL9M+dmJfYZPhN#GLzkMb))(i zb9|Nu?Mu)C@;?KCIIu)eB~Cd-v{poW2+#+wpNTClKUN@J=F-I7p^3(F=x2-Z;>ds?%9)&+xqbwb*y_H1 zU9$tE#G*AR{Vd&j-cN`UY@Hs=S|`^&dyZIEENNMYuC(ui3sK!u>9sqMds9l6ws3pW z?hUakPnK+9p6s}S0#v}j85zuLe1O#d+r#(!IQj#m{*uO6(}WF(q;ifdCe8k0jqJ$gd}r&1=%5PaHsDBehi@+g??~Uq~D%TBoG9Zn1wr z;w$B~fmTr1$>C;x-vtD7-BFB?aVq_i)nwNj7l+ZmxY1a)42qQOcY8zW8cm?8-G!sK zlb-|1xX~Lw|GZP$BY!sK!A~>i>(x82hSA`NZW4~W`?&zY0=x_9JOoq`zBqp$H%b@4 z2}HBKTR{l>0L+gsT&Ikm`f`(r0D|KokJ#sbLG0RsT7}a^FAZR`$LVvMwhBx(Q1l-o zT_`V5C2rG`)HyZ$4((QJf^u>Z9^1Sz`7K-dlWZ3}DdbmMOJBVZFXYj>sXw-OS2EqY5jcvozE^z%hs5xc& zFVz!V(=|ZFT9K?=UWVcyAoaiR;cLB1>k>VrvaqMk*<(5-Yp=pMGU0ml?ORIhN|*Y2 zz47sMFF#zvqf=nsN|!H&iHtE z_TlTNM_tm^qOlciN2D-bmFz^VI||;Z7rPR(=)0zrOgt*E3#|C62YaPXT%ebHNb~&6$YLB=K}K0a2+fuwP3$rR?w~|to=TD6j98(sb4+3@pu9MY;@hqP zc=l1Y3@_~fuDt}!MB*ZllM5IR+Azhp`R~iUY7e=e2|DW%wI?JzN=zQ)_-wsTX-NF| z9UV@tL2L{@eY2f3Yf12y+S7K|5krAu-lyyJSw)9Y86gL*vMH_P0o%Y~Zl9DZnfq3p z3-C<~*$Vc`z2U z`@4<~j!$;w`R@-Uu>L8Q`6!-mR)QEKaWFHPv$C488!?-ke~6D+e&76!YFHeiJbh;Z zHkWdaHx#r(rt1Sdw zl%kzii-09QzlgfcJ6B+D4Lb)a-Kg~g2*0e}PjxT~OxMmkC>Ys=y- zpR}XJU6_=8(Za1IBU%28Z)Q!Hx$1tb8)|Ppazo_~K4lgN=rQWqn<5<8YcgGxjhe;&`OhbX0dDRvsz}k{;!5A3~0W6DPG}CBwa+IH~ll#cIPO*UJq!piU zgz)M|X9F_lez9I(lw7$F2fywMssz?60zh+%-kCqK6q7B__q)q@=m290y1SK42+_KQ z$H3Ic`e?U6eb##% zgji_&A~KUplBM_)S-`Ezu~*iHKBL1$P7|x@`!tXLEgWwpINY&i*4`+YYW1p~o5$=? zF*28EBEozdFqrymIe*k3(oAveEp?kdqGW3}+akFljC^(Ik{>YAP{o)DXg~h=e&kPrd4#7w66S zC%)g$i_i0Xl6j!x48kqv?lLRO%lbaSb!Lv@xAu1pd#XTRAu(=%85QoN8~M@Ned@!} zqS@$Ts7sX4WxieI$nMH0xYDdFApRx2qENGlc~97|%DFh|GSp!v)VdT)G&)fViObW zQHbdsso<0DS@(J9@wsX;T@B?b$O*N$IgjfsGhGOJK63))#7dSzM~9GL-n*b+yy(o_ zb6Xr|a|!K_satbY%VM=i$12+m)Nr{n&0I$+9y!ty8g^<`kc~9GiK=b-Qi!U8^ji?C z(Oo+zF`l3Io0*r$Zj9VU{0D>T`x^a3TR*}wwa+4Q0oQ0eZdg_?6RcqJkp0$>8Z5Zj zTqYsL0XF@=)0TvDJj~PMu3}|Af*uZHgi+qWKPBOxD`b2;(h?VkHh#mrZD>|X9-uqR zwRzyJboG)c&EIOTqm#`a8dp?t*jHHOhELlJ-aSQF1u!Z#o@R<$tc~lo760bX=os*N zW^D@iOO`?0dPPpYX`MJ*xP6D&-Mm&N%{;ApReli|kt8+7gq_atYJX=rG*!j*xW0x2 z?(JFL!@ic>~NGVq*@Gs-q#noTf=jPGHN7_th5@?NY7!p5QV;5IMX&^|j0&i{k>a z@{?PLtUJZU#syn5L|dzpHuSMF=<3kEVY&*XFCONKwdNY6lP6h0pgP`^%;DV5D9ncR z13=_<;kai|^;O@O&4X-F{4yl+?2__pLj~o71-4mT+V5fYUrk{S=?kCzU)Z%~M?9bl z23{esV9K}+!uSS^!)vOUlPAFTB+S()Y0R0?fuFJ>D^=v6hIal<0hsK&In#=)4{ zXCrSuWb&Q0t}D~>g(veC_4;q*w~#!P{_-=rV|arvTW*amJG>wI4tA18^pQx(XHG&sM;F4y14Hpyh1P9<{050Xmc_@^4w zuh_lh-%o)dayJU-JD0+R;fuU^RY;w+$KV7zzyL7y)7}v9ug0mP>hgL|(v(#!yWJWdeQ48S^HR|>id z09@MFMT6IYgCRR8COu97qT{~9NE5HwD}sc91av!4_?^O=M!!wx{G$?~03Id)9)huE zA14Sq1V-ne7>AUA2gdmRlj~CeoH!vkMVR*@NC?JzDK000E^Y*l1NNU4(aRi0hd5aH z4CK@I7XiXV$jKdGhalb`;@T3)>Q><05W%kP6`SC;0F8h;1j2n@0K7xojTRdi{QIkz z_66#!wI5J%so&r3*N?8H`?eKPPYLq=)qLqD0Fp=T5a(^n44`(XtGA`b1A|)udH<6I zL8$V{n+QyVpHuKTbCvUF z$lYx1H}0rb7ivMeB$qC|xIdOuFAaVSBWi5ns=T#O z6C~+q@dpkzxp0xewkXM-VjOcD;q+M5LF+t42(f$XOv%Nv6sIZ_3fuCv(`oUUIunLSD4}G>1K7YJQc>_&{+C( z;{H({aZ>cqlu*=*SrLD$%y3xkNRVVRj7tR65$-6JEqpOziyz8EA%azMMF9wm#fLt+wi6llkGFq|N5z)%}&|W%I->!Diu{qDR!N5o` zf}4rZjDxV&c6XYxCC)QyyQiK7k=flu)E@kCC8iBP} z@MmwmFC3@Dow)mZArDp;NFpDxP2=crQ$10V9Vv5^jqM21f~X#^5mOm;E61WEO@L)6 zVwR<8V+_bkFg{*&qZsu;QA<2YZt>XC(8w2zorC_;lcTU{1KJvsZcY|9CG9bHkiZqV zp(WC|isi!8lBxFeBe)iTo4oEi-K)mQ0W*=qFT=p%Ebkb-Z|m0_@|t%+WpP#IY%Eg- zhlda`?gc@+RPiPqAFWEDr!5^pkK@Vs8M;R8^^_G>Jubpxwq?ey*nS9ckoRPSu9km# z9>$wI>9}aZ(#he z|J`+`^)I7cWm&5yZV+Ea2XN)t3QH*LV$q# z0zibDf)+LAUrqa%$Dpr-r@!lSLUg(}OrOXK?o&eEfNMN2K9s4=K_pI3{B)Cmss%B_0{>#xzsjdTi|SkWL0lr*| zILen>Sv}SobQyi*M3>_&)w+GQ|4re5TL5JWWCWDvMS~a9kasQj7rS+`d92UJWTiKt zVG7c2NQg@)XV;s$q+YS(Dkvq>+SF2ylv4dV5M<`|88)}c)4cH5m{|*%kO}!yS#aeI zbq$9oPEL<>FJt1Z5vB6Dz5WMDuzpa!BwK^J$V zhASvts)WmZ*J9nY=0zU9qxztu)`o)uTeo-N=$}M_U1$hC)3B39w~v2ZFUf1&mZZnV zy)zM{sgFnyGm$GNNSIBz)2Ok^QTk+n1-lNeHC5LK5o$F5wrRkSL>m~^57O^1aK^Iu zAk~XUT>W(dCX#y04Gll%n441Kq}@+4y%DkwV$%|A8EV8D+^m5qiLLCqKZ&0Xh^lku zu$YJj7l)%0(s1?TLY5y8KHKfpy9IYk^^)i8`w=?KnKYcXlwED8RQEjoRP8iQM-yZx z#}|=@(HD{Pzg9#rFi<96MC$h%`G0+2{;{AUV!W470H9z@2#j!$F#3TKpeA7808mC> zP((<$4`{!aUKr%}CD!K^+~HIDUwGiY-URHCr0U zSY*dFA^zEfPuI4c>5?=9x*T2wk`N?tkE0v0@NFMlG!`~rzv0V!Ge(38-ExV8J5+*z zLx<;xL7%jO*xFYOx{_=!ukhPt#VLp+rDkocpmp7Jk07; ztkuFyH^KUed}cP#TXNRytRD7%GQ{{U%G~8oD{8&xgzs;B81Alj&u5Q>*a12i-P*oP z!L(BBJ{`i>RhsIGC56grM>H*RUIAi1q!Uv`{+J!d57|N?*ruE@0tj=SxA? z1~xso2A&el21od&+#WeSm5JYR-UyEetTnzpj5_Ccq_n=FAwlVc&KY7*!d{@$y4Lo{ ziK}##UW@JmhOxzPOlM>Z+m(UZ7gBQKpO3L=;CLE?0l!g|^@-hLy+2=5R{qnBS0!d4 ziQXU$m;r>xSex_V{hI7vj!OwS%CT#$O<0oLsIVO4xoQK9xwxP@C*qiqhJK<#*5PF; z;fP0Gwx*sX9`cba=q{=I&rVx${Si_ZG=fc3WQ5!D&p!|mr-MEp;bDHjM+a>7zx6~B z$fFpT0R^{#M`tDolC`zp&QEsf?}57COxrk$#Vouu%QBR<&7|6Ag?^;C#VMl>H8+Ej z&5?gf(@G|HYt8n;Au~QJC84rNo=H86s{*g_-%Jt9i`424gc5^Aiy8XGjqiwHt4&>r zYmjg&DpmahZ_ix_O|!cj?^v3MDR#G~hZRlgdp?E<@Pr5qn{3=;!5_V8=3_(*D&eRwG`Vo@i*6AseT2G^sxz_TE)=|_4D4=W-zqJcoA7;!NI_Sv+JHn zf-WTcH-2}oVIAwxJFo^y0cR_3Du_?cn`|}MD1rP~VDuE>Us2=)MM6#MEsbeGWlFg= zA@8Xtft|6rO#+iJn21(U&8xEl-x~~(@y~ouk_9{&LBDs8&|4~dUU`r?vXnH;y|O=4 zeJOOQ*-{AIBHf2tyy4Lf-J!2M62^-`t%gQ0=8-Ql`*<&8S#8QU=`>b{9e7-p-!Ffb zq@{Er_{*IO%Ih_ni=lY)3cNGh`ipc0FNE-OE_`by49GjGlHO4jmz2&9`nRZ}g!<2x z^bc0S{b6ZI3g-Z21m<7g-c<~fcQ&yMgIW*!OFgMnUQ2H;M1oX>r9x}9O8t$i5HHHK zg*~VZvlATaD;jAb3Uxd-2Tp%bnJM>SJitkk$saj_Hxkv7pNHI|o=sf5Zc9(RD2|yR zT~+b2l<*~a#k%o5P>Qn|W2TkS0reLZ*&`R}c;-Y-Bi0`c+BY0&l9K$UQvnzZo3z4d zmg<1i?i0T734Rqrs`8`|Dia4OOo{sj(C6|mw;w{Oh%ELAohn?uBEp+~fKQW2o* zVt$AivTEZc;0UKVQOy_|1gvXNv5&$1!ey%#?t_-~^@)7MizU_6`cV}A`mVtKE@c4@ zF%|Q=PmPg_r};HS<(D-ZM?TebIC5)qW5tc zn!tFyx%&Ith(cBA9ye@@bb1J1bXiMqo2yVia#8MpPt^LB0@ke&4Zs%f$7y`5*db5m z&n*t%vMIweIk_z<9|JS|sl&*5aP16HhBc{iMpY~^-;{B{X21{VWtOI7vNs}e)_8vq^G;NaUUCGICF|Bu|kHUc)9V@6Pa zaTV9UaMgSLudZ@47pGqETN>S^&K%E6?o=nDp?8U5fZN|-bdzJNbsqlhs>t9nXR&fF z3}yD3(#eLfUyoDi*$T=P@mx_aT+QV~9+!#8MFSwd&Te)#&Sk2N^KdABTDIdMeQ$m; z%kAA?u_bTWZuDBPZY_ei-iyYsYmHhb* z9jojvPyf}Gs<&^Xs7A8~Jw&KtT~4gDTBVyD_WbdHkx2xJfH%iw5kMCHAF2w^Pl_A> z{6kgmb2*>zCfs;{A@(2VRsVOkdY@OZCBaqz$o?m=cHbC9P5*shasC-toWFs^YRJOE zX3WNE%EiTQ%*@302VnJ(oEM8zB}V5wJ$=L!a)i8rpTfa&Dae|4Hb~0s^VDiO_qauE z?dmdT{}AB6xo_X!^A->)vtJJ!kCu6(uok z&V)&%-^_$`dw*AV{cZ7S5fyyn1A(7_Eo%4ujal=9pEGxhyZ z7hBZcrQ4Z}I4yI74HZibjX@D1b$HDLFu5%78+J!=2r>82TahcG;O71AH+^~Kzl2j!%?FfTRdUbU{rxJ<-HSb=;0~onsqUS5Omy4 zl|&m&H~jlMLl>YHyB$Gew*wU8SW!c;AcHXc|Tg#nUV-U>)T+<{rjej5>dZs&+D+-$+Tli<9Zzp%W zl_v0zvkv4EHDk(Ihfv52whqvbWPEnY6*xmL?2t6GpHeyC-^9KjCsg$n0$ITqtU;UY zQewu17NK7y+%@H&y?AI{iLK6xjOk18My#K9wa*u6(gtD?sUlnUilf%a`_>$!S1lV- z>EB71YF@0?^WYN(vvHl|-fiDouNEBXjE<3b?r4ye)M@$2{mf4YAUn~lt8(PNJTpaq z0efMOPUBSD(+){;7{%OIOhyya57Te@){W8zd?*2+c%LLeC*{TZ=5IAi9ktsN?afo@ zJe`(%Ov3-XY|8t$fc3j2{dI2jnFfjp*nMV%-Z5p-IYbSydEai7B&;!|JnlQ+qdQoo zAuz6i{x`ltTQ4#j@O`Ff*p^ZE2-!4#kV4b#|GM83KyRi3 z_0}tWyjHXt=W?y;GM8B;GwGe5_KBLj^5m2g|07{8tW7b^Cz0wVV3n~`{983t)E1GG zO%v0Wqt%1k9H1cAo@$w)DHmx>M5P3kCskG9baC!`bFzMibq2QcnjM!{a6!f zSsMZ()$>!Rd1YBUsB$^Zd(|jHi+zZ&GD>r9g|av644S%*5d|Cdmgm!sx7_fB_4kH7 z-3Bv)6!~5wzly{xYx<>O0=2jsXTRc*ZzX?s(Q|@Y*=lXP24Y=M=y3~X}|Ml+U%A(E}%jHc$rQOR|?}VM~q!*74%JK9#KO6mMmE24e4vyu)&)Lp0T#nTS06McMH5o=D3mP33 zIpZndel3%Ip5xEHVq^MyU;U&0S6_)MH%C8+VtkR94KWqTo+9XG+X&MB$VEY7*I4f1 zqmK03SE-GV6OTwLckD@O=7f?^A=TWFf+II()Z%BokhMO+>nk{q*2@!kv|%D9=8S>+ zw}N!waQUqaTh7iY3HefLGlgnjo~D=A{6YAW5%Ob7e615t?ikuDVzZVz<0d`l6$wB# zZI8lHPrVsa&J(0GDwgJCt2WcY0!yR$7*RLrfnmfQC8KrWDRR8f70;uHupgjpG;LfZ z+i9~1(b(>z{GNla8pUtdauQ$^*I;_}%EJ<2cgl&xXA)yY z?*ywjs`B%=^S3cr-SP`#i`iMkzy7LTA!73pkK9oQp`4#5i*wv3o8qY z2@{(!ClePd3)3G=HHiTeD{MiOiaF*^y?IyPnFYf*&F$u75o7Eh9j*9QZl-YfN>CP=#psB!Op(A{0MR+|&bNz;Qd-pdBG6i?JiL^+?_q+C{*oTu(jHMQ zn5Ms(**4V;wB&}+iXtBjZjqv%3EGx&jT=S8gWoS-e!?%5tpBFR;uusG@_yHb#elbOQu z78k9lZH&Ms!+z$Ou)|(%zuKJH;ofy5X|gE|0fpPvUyrjcu4Ulm>9>Lpx%phZxKI08 z<3c}Y-xFF)nE2{V*s3_FP)S>0or{RFBwmJnhNY?)96By5Pn?wa^@FK-Va9p z*1n_e!X?K8Oloo*l+7`rHlsoTq*&*f{q-k>+M~$fTzqR_umGR3O^`G_0dz520fp`a z6UeXUTUV%XrZ|KMh^$^!S+toAfwi_16zhC>2$?&o@4*bzAu0-E7lWJ0JA0uV)#VzD z-n~)^KI!{!P6Mt{!f9*|Np?g~B*qp5^aKj7Htf^+EYQ<%Z7`kn(AcH|B{R8dZ5X7@Y z!MeAU6W;z5x4fnx?6*Z*b*0mc%`ZOVKfX%rlG0RZlINdxybyQLPjP9fK3IK;@5R*q zbQ~}VkEUAc3z`jGrEaePOW41nvWcJXRdCe;`3Sk;w_es=xB=JWeUDyqsT6 z+v0O32#uR|*q+y>+X#B$PJzID+hKOw7O%ZP>>L6`m_|)$zo>U`R-fB>CXzvG7al!K zNoz?xJao|j&%b4=-yP}CreaGXK}Ti+#t4#F!;phC3TJbHsz}CEMjToM(3?Lr$f|Q~ zmoqZ;|Bb1J5!n++eRg057a5%Ne2U%@q7qL<7`z;04R*xLq0`(9o{N+uoLMPF5=cc7 z6?fG?ERGkqYr%Bat9hrmxKMGTkYjp#4#zqH0mCH8tbquLX6wspT~z*iLgsmI zsYmU)H{`UPwXeAq?S}klq?b6!DpO`=QrRB;N*v#MKc#5^gA;KJ`yoPdy0wZ z)K#^=fA4E?iAzzQwt6Zq0HR#pJW3#$&4ho>N(`kFArQ8$j`}xVDY*(=2khNS?Tf>lC z#1oC+9R^B0JQ|XvFJT{Gj?v!LhE!3jZP`ML^w7bMrW*L!1=Ck5s-VYpJP-(F_|YU! z0txyOj!L$TlYGf1u^shm=S!nML%`D$6<}U`794z|Dos=`ltd4}5G1N#Be6@5xu+?lH%cMbB&Q!i;id=kl$KY42YA6gS zC#giT-Yb0ISc|>7*_!sdD(;M22)#or)NQGctBCT6ZjKjdW83v-2^sZnazx0+1EL6dzFWv zJaZL-st~C2{m~6G6`DL{lJk#^N%?>SRi?LCY%acn2<)vnZV()|Zy^0UK7zSu0gXiq z4*+b<|1i~v=pRh=KC=o%2LJQS>i;@p#g^no15Wlof>vCb>n!d6zOI=5qAP=OWFur2 zRwE;0Hg*zF)gg?3y_PnRsi2|2!I0hFsK2YH~i6MLT3`T zZH=PMzCxQa#NEAC)M&TyKGyxfwGJd>J(*7p99}{TB*17%=Z7=QmKNivd?wmy7$79W ze!F`MX5cU~p-l3{o>jg!CGDGS71C#HI4eYL>yceP0S#8OTS5MBK>z4E8a7`^`+=ND zrF-Hkdbe1w10NXQ?I_4GC9X1>@=|(5GqLvAiGd+;_-f!*7x9GW!HF#=IY5z<&MN9L z`c^)~a4#v@I{|Xz}n8qP56*U z99jZ)n_J1bfpT~%V9bll5 zL6lH5KNi<38m0?Bi-2ib5*#BkZ>2`&0h%;HAvY_-TRw;$XeE0`x5dEg`FaGHTG6!8 z#!yXnGHZRQ4`zPrDTft!^xV@^hBDoeSV>*ZB>RY##R%CR^R+@pjTGYtYx=C_(@R!} z%pjzxI#rekzucA>W;kK1AnPx0hxkm6#y>-p(SSIgy*8F+@EiWScfuBEG*ZFJvc!fQZF zPTzugD0m)bR1Jwa54trLx%^UWRx7g}x2AWE?nO0lW}5K>`H9cHj?5f&?R(t- zM^eTLH4gp+MEF1g8TmuR31i%py7<-_{LIV#fh2IUmlzl6`kcF78v>=In|8pKk1R+X zunV&Haovfygba#P%Sbkr2yaSiBVFHmCzK&BLwbAr>B>@JCEl*T8D*evb?W;jPo3t!&9FrSj(0lwRJ0QU7s7ngHv0Miq9eQJO>IX9Z4DQOgI=QYnGgTut z*!L=Vd&evIs%$g}Y;Eo3&4W0T?|52OY-7VLAxzHQZFIGHvI){EPpOtXPSD6UCG+VQ zbPe|nk;HsFCKrj90ynKKJ~zs%F+f6{qqr$ms_>?~KmtPGZ5bXz=Fv}rg9xXhK-Sj& zBY9~p(E0?zC|jdfwUrU!5!o5w1qAfNTS6tLG#tpBq@Y^Il_@%CApr5I-i8`zsy)Di2leN0KKZ5&8y= z=yikJqD{V9@i(^0-OLWm7D+8syf$BGC_R>f%9+lMV8?R(_(6zr8cbhZE8oFtv9r}8 z_@kztwL}bZ0}}rNm2+^3rz4fX99Jpr!vO1;gYCqaM@V%8kkpP>3Ph6Dm~B-%t~y@D zAX4i}IxRHg`O%z~+Ro#CVDU%3X$C19Hm+8aiL4HUECL$%R-u~V{o3qomx=5OQ?5Vo z8yMo~BbVB}J*!qtjBvrZ!Ygzb#!!kJ& zD+90IhZjq4;ON%;>`;&9Js-0|M)Jx8N_(s`)105EdHe3nAcLcEvmk8De1_7m=zdqu zFM|r*8$N{DJ$=u-crpV4ysK3;;B3=R_^i8MGWUc%f_|P+DZa;z6%b&~48FEX*H=I< zAV`yB5He*ab|9;sgn$YfRb%U0jGaSstK?Jp1)wM^0Kp6KvYWvmSmeb$3`&$nW@0t6Wx%THD|-7kDjG|JSm0>%}x_Eil!rOLTHBoI8v?oTR(pBfU{ ziqx;Xl&-MnzT2(ZkNNM-f>YuDn3b&=d^w(go`hoFFv5eLFR<&K{6?E$CUgPPm*I*+ z6rvB;4}46}+)0xP!^YH8&x!kWt$lbCO-n(@Nth#$7=;WeE5Y|M2P`i>{rJ?QfTWUp zTCnp6s#fd5!T-Lkn%yY46DA()Ag%n(J;cuN5$SHs-CCqAJcXy$>YshT0MI?LW!|V4 z3CRl&dPITi3*Bs@c!Gbi70bV{)qDM~wnA3Ay}M}F+nn|mZ^$tcoL>_)^^H8ns=w73 z4Y4G#RsU@(Df?Tm&-OuL5xj$^E=&=qjprx9hA%d+kqI4bLhbg%E_aKPep{%CYow>j5{dl- zYopavtEdc+^Lf#t37;0Szc719#V7RL--Ir?_UHFBI~6&woqWV<%X`^BBx z=bzzFxIeYg(?*u8dAJs<&4w&`)Kghry3fg8MG98`c#p{09{Z#w%IY%_Ta7er6$?~> zj}3-+>g7I~Fb{Xgp@()a>i%$NlzSBH3MX;^@i|9DKdF6Qk{y!t^b|SZ{_WxQ|e~GZOG5=Xs z%>UR7G(!4Ee4Ufi(AdC$#e|E);19BD9?9ZEj3Vqc72}}3w15ey|B14v`TZy=wRT(! z*FO~y*JFrAi88=B3FaQ;5oSA+LdI)@i;G8QsEw#JsjwiBO+)1Y_o0PmUypj=<;MnV z5wcXVjykrTU8q`-(AO1I?~ix9-|dC!(mre|)A!-LOBYp}6o*M3!*J@qW|_i$YEW$&eoY4~Ym8qnlEL2#I) z7wrkjz>mR=yEqrvk11sjz7S^e3PuEP0nut;|Bo-S5YbaMxGY!|TAy zf@!*==P3|v8EayZrqC8Ciaj=cFv(M-*G9>W=Z2beD#sNBWpJJQuc7R@RlXs2(SfG6s*I~L1u)bl{|Qu`&8 z63=4~j1!~0rjCH;A(L9DGj!z^KkrR(8VAjzWujxPpXD~W-!Q$J2bssXUk&C0pCd4) z1`_n)PItvcW(K&)13)O13@pM6yzvlEWj34|*(g+uJqFLM^5Lm>_mVY|7tvqcJR0!r ze@>q{PG4D|7fWX3QK7XZpIl>}3rFuS#N3!!VRU%utiH0t-!zcu-c za-hXW0iU?W828lK*|lekhNeLi)f27^hZLdG~As zYA5DM$;^EWxrZ&;hb~LI4!Kk(;C*;dp#81gqr7gCdULx@uOQ9a9`!34ttr8dlaBa{ z0V(Te&;~Z)Ch$ONpL843*3I1`Q;oW@`L5W~y&kT74X9LvPuTI8qzt!uOnJ!ysa5#7 z>gy%=hYhQubh*LA`J*Zh@ah-XivMR>f&Zf)CFQ6f3H*1`ijDbq(#opAtA*f!nchPt znyapIGyGo2y`+Q31#er44sK-pN5J363dRW$vU$I?**V9Xzc3$ZHeDs2i-_EeI(f*w zTVsl1+b2uNo2W<;FB-8U_$?$8RQ$5;L42CSeF%CUL?kFOTaQSU|Cky_y8M0*z1SWI7 z4TThzL58+Bjz*;UTHqRtz~0Y3Zs+2VG3LWTl~rjQn0@oCi^Xu+p&B9i>IC>()Vy{9 zRjV&bk`dCGI~-CfH7WT{q+a5x7C;0tF;=|NBb(vbAW`!fRW+0t?5d`N`Z}| z@05`WfMsd7t?$H>>b>bMAX_m)bU4Nz9Iqq5{Jo+?7q!JT&1ufL$1$@t+&X_18 ziyx;?P>621eZ{!!D4SpZ8Ty9yGK&12@P5UTRRv_N zJgUOm{MrJ76ia}=$0&ahM*&Z(y6*qJtU8&Px_sNt<5FnYa}Bx&>t4Fggi#J^IHY@o z=pJ;B76Isvhp2`3HSJ%nc8dtTKd?GA7i4(!i{W!1sMhVFn!^vWv8dy&a+pL>TJsp>Lp;K1Qkc7cey$dgYK z&oFd;n8RqH+8huN&9z8Q35N*beNVNAtc}GmhvfPZW|h=6NcIa|(_G*BswVY1OXyKY z7@BMc_)V@2Bm{ZIJW~e8K)XS}J@vM^>deWCtb(SkQEe2GG83cV)sP;@U#O(o0vXN? zVR=k-5g@Q$i?jr)^NN;L+rcI7{!>-}2Abb+ulI5;T3PUW9jh`aH>2wczq{21gJ0 zCY=tseLW!#&9l;2dQQBr6jB`S9GFurza3jnMJ3QDs&ErQtu8u|6Vi)^zEy{E z;_S_QOr9=6_$T;YOy4CX zo?YuiX^G`Y;uASc>_RZilh@G*^b{dkJ7_h+OfcR3W!6X-?CPhTD}?biw788!6QJKp zW^n7by7jr(jt=tgsI}l9_=|-q7v1C;cz9epvXSxFV(FoOSr76}a84U?oD@`_Y7eXC zP;KKd9J}#dh+vB$%8AlzMR5NuqKj$@GHLv}Lmqvx3$gb= z2DeLRL2qU5=V=;Ts5M&c>xfIk4d)G?;kVM$aQVeiBXC2mG03TTILWX>v^W9hrj&XZ zcfw!^gPJ2ysugrhTqXVfg$)CBiAKt0sU;{QXINV5d{A7n%<(;JK=)w&rV8!}q)htF zt8gA!4PR|$EU47vZF}tG+PYdoLE{DE{qMtO16t9?wrRE3RRm-&CXy8sSTX8zwu(u` zg7rFj2fHcTZ;jMP{(WSi+A@LTo#=qiD1|w+o->>3AqMPRTW88pAV#l75mF-V`+Yyy zDAJ&=6hkgK*B6W+#DzkWnX{Jg8KMeNetD=4lOF`XeWpDT6?8n{Ep zzY8nR0fGN9{`Pc7A35Z0P{@dDCOc%g<$iCzpBPOs_i5g}!x(}3ERTAin@ni~RaWSF z!Ml$a3NYL+-0#;_Xg#-Dv|x>y6fm>2Gau(=qK>F>{J?y}reRvV%+)pv{;B{*tc)bd z2ly0A{d~AhaC2nyx=TSof)8 z+4d630HBy`XV@y7$ISiQc=+_o5+j@UXaHOzGMir2r}Zs+?AnV<*Ce4!f%sX2JOuzB ztfRUkMnz<%u}o#}ON;K$-;MpP59c~j5#unY-q?G_`Q!2E&&i2UxEU(j8~A;~+LCu( zCBJ9c=-sWD5smGzw_tL(@*gJ2;C}1{xv~3@*3@h(o*Qkr^RNZgB20BNYUo;N8Rd z48ITyk6m7y@U(WZw*t+Mvehn;YR9^Evv!n#)s#N${5>-xwUN}Bk-qMg-_q;M3q4I) zlR4__d(b|^wh;`FNJu)}9b;j%MrU6}CA{3{DS5=Hr!>|^(Xf@9^V{!AIvN^sZXM2z zysCPzps$G2o#^OcF1MAw-eaHG`OIZ&w0A1VBlGU5J_Y1^9qtK{q2RwZxTO5baX!xm zmdX!kOorMDW!!XlzSV}j6qzcCD&dW@WZDFW7ad?TKv67|lOQv9CI)@I{CNteB~>v{ zt6OOA5G%fS-k?U^?J7~W|A{RlMK7pjVx%q)Ype#3jrH4j4iC2gWimIuiY`{&g&-LC zFP=f6WzmC*9o_~9Qn>hjWjunpB-unK;1YAi`~*@;NWpSU7JbdlPRJ+f?@FtCSCu_< zN;jSzd2{NshZT%vQr!5yZr}&sjzX-Uybe1-b(^EV_(r@rW-O}#=HxQH_p`yn`CKo} zQW&f1PCsn2kGvLuxe!B@stT0G_^lK1JEb2T7yoSD--gSO>vIH&G!R`=y6k2k18!Y^ zx1t$17u9<5t0WHPZB!Ly7fv@xzqasX

UL+GK)YkhPN75u(OYw=kOy8okaqo6#2+ zcn22m``JIPzZ?;yd9P9YX=Xm)yAt5Itzah7W=;t z)_eW0!aB4nDsVL&N)w6lgqC^D6cSZ16gs4nH?){pW;Da%GWjj69I@G7L7eCo7adzw zqH5>DSVpzfQDY2I_O~Wvl1+2gUrbJVaTpXYy$kJDt=Ii!6b#rIz-Uy3M%$p0reH%V zq$LhTn5^`*e5y~{p)&?@Vo zp-BZWq(|Df6n^dkWpgKhWUlj{t6{cWx4?a0N+xlS2X3@XPEf!dVC6c@qHeDx6-=c+ zF@gzxKxJz@>Y?)50`Ahb$=q`p;9ukFud}N^U%$Y{_B+VVX2@o2z-r25%wfvPWW@Z(;nmn$ zjve1-NPN-gGPc-=OG0^Mjvf#KB@wh}oYBI+lM72e@3~i;CR6JskW&Ja+dO4xi34U=Kfo0=0 z`*B1;?B^MV_Hf9qcb~w%$9A@zUGfsiFmMbp6WZ-O8{i%t!)^$ ztUSB8L4E*R1ko&tesezeFK>=Dh7VVh z9K-W%=i=^$4573CGIMF+n+gW`pfvG>25!6MP8o zt2_z0g^<<(=mfjm#(llv%!E-3J;H38_f=2d52w+cC)kq2y#YWID(Ry#%QS=Kmt!~N zUJ4)`8y}0)P)xc|FLkWBub}K2<$mE7p>t`7!3eeF7H!tnl4eJLa|Rb=VS@XuD`{n_ z{QWDzc|1)qt<$MoRe*WWWc;IQfL_ZDks6KD_;ZvfI_r3kvtN4Er(f4SlJ=)DUst#| zMbPEUf1(XV0POh)?++rFOi>P2M}UA&o90)8*|?7~v;_9IXJPnir942HYvN)Z$oDY zJ+EK;)0X;DLi5wB{WmxalCjW)>f|oS)E2&kz{&?da5VHONwL&Jvc0ndcaP&oSns5M zhK-IH7SW;p)SdCpBW#z?zN6>DU!P3M$6LY1CJ$cog~t00Y@0p~SWQK?Z~?a%e9T`K zL3comI^ejCT{zGJ%k6*hs?14!V`2BC<&7%iCa3mGF+r={1W~DkSP=N`UjfqZ`Ymj` zsylYZCu#!zc{pzKtb~ko(8ka3iCqFBDam6+MMR$<4xU9D6Ev(J4@aAm&YCji5 zB}$Y5cMz&6H1dk`d(_u28`VJ4Z-Srkfvc;$F&8>9erVPK(T=#~-i=-d`%5>JQQxuV zc*w1GbFl`1Pp}ux+;excBR3S2l{+9Mx|Lr!%2yK8 z-vq15{OS%}i#8bd_9kkcQzFe%yq=4}>6IlcwE2`}?>^@{jjlaXlv4?>Vu>^NZ|UlH zOZuy>{&@jIW+=?<^*7VTXHXR5%I?zL{)JK*zw66^Y)x>Js75%hztL4&FijZJ!wwf$ zuRUi5H+Iy(Ek-AuyQB{|zd6R>mrILw7y|r*Xt%~3t4j;+I#;rc9~bZ8wMnFIhhufO zkLLhZYa#unhPM8BZRu5@9$vy5ZO&7O8cuEh5!DdNHmy-cPI)(I=5Fc7hB{VFW&sjI zh$|vO#R(TyRK zgX=pqfmb3XpNonoWL6 zF!Y&xamL!L2)43Ap7CS2pl{gdE*S$>>DYl(B$-1RyCa%1@+jurHgXSihy`8xH z>%u#I_~lFn^2E7`&G9O(K{70JYf*j#rpTsSwY5ftJ9Xqi*3ylgWwdyIc$4$Bm>Ua8 zW~4|9xF;8)RDYgxY?- zhJQwC^1|S~`)(Vx0@~l4Nx8&HUM;NhuB*zGtTt4wH$fG%{-^562?^FWLc71{>R;Tz z!1gycFbJ$)xF~$68T;mxj>hoOIU=8-d*DS_pf^O!%Qg;W;N`cj&?=ZiHO8+~L{&lK zH}Kt~ou}P$P$gmC&%)l_Rs=ZM^+#q!PZs{T{?Ymv2xfRwpB1^~Knze+OjUuky?i5F&_nH1txAgy`?H!}@-nX{xxJlzQwr$%s8{4*V#kSqp zNn&Q9J-!b8sGzMVY>SVC$V9~}NV7?~i z7tXNuf0NDzWx&OES{h=;BiIiqNAzLZd$OZ|kt7kjfyB$3cv7;5H2lJs#+$;wQ zGH64(Rb6LJYIXESv5yPZ@4$p5K-3LniS17uP)hw_m(+|O?I z%%WC1C2Ny)@96neN`gh&n>ruu8li;qFmrU@$;5*-Rm^9>bG{`>|LAKyLZ@X zM?-&YpaHvtEtLC3SlGq>i_+fBP!e<~Yt}B&Jg%fmYZOK;x$kL|EGUNK%G_N)R0>4S zjtlos#iJ%2x89ouDK}_Y)IIlGijHN>t9Cuuvp%cbi#2}@d6Q0k^8R6I$XmF4^@F+; znnvN)G#%+9ha$DDr~#axE{d#}yHetlynAwtsjAvq;e`i#G$0*B@+hH@P85%v1@m6< zMVc^h(b3A>x`qamC*ZRJaMQV@D+{O*+5;zfn85d&VdxLl7Wk$pW8)`ZGWwLH5GFu`DF}A_ zgSq@M5|)9MQRO6gRc*d)f4n=$*<8rJ!Yj7<#Q&C=cHwD~|D-h?7Fq?l8?wK;?p}kK z>feWWeWKgFs9$7?lp`+^z7DowV!Kl>F7AvEgo!Q$90hpfA-7#mkmz0OOnS@bRVp;pkVa zm%?;8dPW$tNiU!O6=D6FNWT*n0~Ra;AOTrB70aNlJG4ngEr0>Lr)G#h0*d9qS0o(g z=KaB!?k@<-H+4LPsh(5oN`a(kuBl-eOJYt11&mpPXskE$n1c`}vss;MQ}Tdos(Q3l z49NZgy`(IT;JQX76J56%wqS>0qS3g5-zq-n{L?lJ;3>v1$JF2dg|?`PAf`yYpUGuL zutWsv>&OpEpjz03d=C%ikw8+(%I*R4^KU3k2RkhxT+v2Lq%!!^9|ho~i;d;tFAPA) zy)oB_`Re+b3dv@=9n&%#RJsR`iNvI+iP&~Noj4}z1xr~WD_d1I53B>_e~0{#GiOrf zrVbDv0$dp^79ciZg|nvAF+gY?KH{uOj(`3U*Gewxqv^(B764Ol_F$($4>kgTlR^d zhrL1_#G-$q3WIFOwq6Y7ZrX-Ew|hN~x2_HB7@$uV59Z|vl|>!OI+S5XncGvNl65<{ zKtO~7!>|&hgI-`N<$6b`27FNx9V%>($@ET>_O26rl9JQRFEjq5n6FzDNf`^oHAc`l zFIGaul0P|i_sYm}6%*evK1Tx!i0*#c!_M40YT>izi>BDf-jQW{>zNAnlu&Yu^)+EY zD&WlZ>XUS0G%edFQny|rz}x!|mV0jmjMkEJae5mpP7cysQ#)CP-0qF7I9W+%k>{Zx zc^WhDiT^%fL4Bu7{$lxBYZDtHEDN?6a~0qi|A|;UZ?R~zK^$!!@RP72z9jCFQcYGk zS@_{AwNf(8$EWZAMp*2BlVAP({(F8^2kovi;7h2=A(~AbVazm`${Sc;PKSKY3<3P^ z9f8&Ki?A?r)&SPFkojOGrW=N3E_OO+At*P$!Fwq_OACfs+XZ*bMIwGE@Exs)#*dyXf5CTTTu$Db z_<*;NL;in99&?ATa)mpjX! z?_#^YJJSWHH4EG11caj;Z3xEG5^y4@37Rkfp;2@Zx1Gz~;9~Z;437qF#H)z6A`tiT zu_On|aI!#5AIXv9v;kjcGSVJJH15OgU@XXbpPl30CR==S5==}FgaPKI4qKYN(+(eP zGy?<`>c0qUDe2G6_Pl|A5Y~Ur9=iGA->X*~^v8n}f6rFG$5($AU9tRAbY%!{#LB^_ z&%n&4&uGHV!N&dvwz{W7G328upkCkoYVMfHfT`YX(;1;4|0=IT+OtEYCSC`h!7gF^ z^dWMQA@l;Pxf^pb*8Fq}vajr8`#!vLBn!r(-g-_Cc9s9oNDA#c>&-N)sc{?}klx6! zX3lgQO=JFEPclt-cvK8}->c5?z9YU&56&7ep0(k&?(mOAb%0^!M^pCv3h?e$7}z%V z%d=Lvk}9~jQuUQN>C_NL6oBl`(LV7R=M2#a&FJ$!7J}fw%f3jRcw&U9zFC-E4>Ldr z65Knd)MV06oieYDIA-YyVsplI^!Xfl$ZHu)f7)%1SlxU>ihSw7yk_`XXsOF{Favd%$dC;WnD58I{-KXM zJ#*F5a6B>(w0b~S3F#KB;7$|RD$-;O{^GQamRx)+lP5j2`>_$T*<%tP9K|jor$l6% z14bI)L@ONL?NHdWjM@^ZpurEDY-=7RpZ|!J66~80FQD`oIHez%cU&yZ6nJmG2z@8I z!{$8&hpilcYy1*MrG=kM{$;0u$1MgsuZo zlb$dFeSU1X^(qgP{hC#RaP~QMO>o z-2uV992nh5_RlxL|B#15)yx)dnIwI&XMHIKiuNht`w|hWaT3O5CxXW(e(VVma((kc zFjM!K;VS84Ni3o8o@vK9Er*iaR8Oq2LjLg;Kfj^yEw#oVt#7HKGCL#X(_=q7 zXtroE#-Ka-84_JhdAh2dV~W-9r#BuE*gq7cW#{RWbkdnbTJLiDC8=GHVA?(AI8jROvSLSfAeoN|le@W= zh)wPZyb!FLmT^K~0L`6v5;B~7B7EE$=ZnF&ryGGdk=h>OcXWYCqYIfWudUX?B$BPN z3d7kJT|~Ux2@O{OS9tSe+#Ujk1dS#8YFapE!`U6R1l9=SBxY~)o8vFSU;v#HDjLvL zfcq&1fl(o_K%kdpVFBg3zBNISYqsIgP4Dbb-A*wQo@L92bg?LE%5{#PQx8u7vbpxs=+n>LE9-kU3o_UO095mx!S z8e9_2A-WUd9hi3U*Ev1ax=r@C@hGoZ@fA+5u?Juj9wdb(P1NbsV|^wRhTsM9h&gfn z^>nE@v&Pb_y%wY3Po zf;}KA>%kEi3oWvn|9ABY{MS7C2U-20d&Tyvdu3T|3t9U?tcl{q(l{^!{Z*lWdLizfTB3acqgqNs1yDE4x^r&P%;8EJhqTsg z#&HNzoC*f|aDW3)d@JDfio76k-8i_4^D*4eG9B&cpVrMvkI8E-cR47JlPy|f8zbBtnZn}m6)U2>q; zvVcso!`FJB3vf#e68=C}!B*MLw_XwK!&3hRa513?a<{Fi%n_Pl)^eXNg#Om_5fYU~ z=_AW0ioon@Uenm{W{%nMCsw00{MJ|d3%K+=LlkG3#m+f7l3`aMwhp^!PoZS7Ls;(o zTm_wSi|_oFiNNMkkzKp9DMIr`}aj z1ZUL2#f_Ec7yXG=|7ClqQI?%}o$Dy+4pmMp#U8Vo)QPX{9{Nn0w!bE>a^-Fi2(t87 zP>Uc$6EDVaH6sE>{tP@V7v4XS)lVDuUy{{7zyD5F&5Slz?KxGYkcPyxTwQV%W$`iB zC9k0B)kM{0cPa+kzsL%Cnsx_obxZNi4NtzKBy@pJ`sy^2cvkf}w*Y_51Ds=B$~tzA zUWB!!dZ3-ZO&O7=de2eJOFQH|LI&jlN+N>hFfK8ifNPh|Ql7OX99FGvnI7jloDha6 zx4*_t4+v%tMqIf-&LQs@b= z&BDIyYA+$4q;xR1t$%f|;1T{nR{oJqD?yO@|4Fj?hv#ZI8}i@Z3|b(O1%mzW@rvWm z(G|!4ctj0M80pzrnK>BQj0{+f4gbJbg=-%m3hkj&rVO9p_%Lpycp^=7zPqhQo7ji{{p~cCHko#eM$@2L#i}eYZlOH?bQ3!9X#ZtwW%zDGYucFp%Mh zT9Z+aJA5gFG9~|%uba!iN&CiY5cP~xL~a8BW*bO6jDO^d>OtQCSG={AuctcJps#lB=>>7y<%A4jy-j=8IFbC zv`H>9BzAA0+-wyBuFq7Nq^&>7NsmgnLKgT(OF}d<3EmivMkFatTX;t{LT!WJ+&JU{ z=j4vdlTL%@b82Pr>i3Had$2l%ql904rGsKSF0nEm5nS6%5H~phO90Jz zB@GfZ)UD`ceo=MLTcZ}cz#;Nc1!4?J&slEx9N#~wT{I(hSTaC{D3L=z-ZndUSP>PQ zOrQ4#wRU@nXx%g;;{% z8{HEyLH@*i!CYhXN^BD3S%#<-Kfa~R>4X9CR86U+p4|T z>6wf=uOWfUU9=Z)^J3PtM;U*3g@A@ex0^}y3acg>?uEaNqnBAXwtmiI1=yAgq>5n3f2U^a1&hDHTPdPx0iMiaPdW0B-)vxSFPxKa$KiTxRJky zryhHOj=k>kM26*4#sHYPz|_6fdHyf>>eoQ}J-Pa)2%1z4(kI_I^C0KL6AD%C;*rrNum`YPEEPy zM-00Gy`o$g9tEokC9e$ZByjSnEqEx5rnICHHW;Z$MO~ffu*03|w?bC=Pj@}>N~XKd zh;g%$AoaL?pjh{Dx)UK#D@~GdQEkE~+Hq~5+Ne1;M)9mNLDIV9>!37i4>4cdD8Lm1 zO;xTmiekUNe9DH{e*lC!Y~~G~D~Go?!A;&SOQHE3e}Ron+(DoyQBJ23CR{~R=OI1m zctYSCdXBXuG_jeM&Rd3Oq!qr(B1Qhf-@A+KX!JGdN$!(v&)9q&rM4h+X{_ z6xZz&_tr0!C(5gqxY`>d*= z#Dl>=2i;@au4^Q4UOU!qUHt(X?D*7z0gBuEO|^xZbMwg{ z2s#GJwcg0!&=jQ3`y0k=?&-y>*qtHlrfL)eioiXO+NsA%9sr%iqcyzt)?nOFZcZ^a zz`)El+;L@g9y)pcV?T_Kv8yLcX>jxu!)aeNL&k%Z=xhJV8Xg(geiCMhF|e%z+1Za; zsA?ijJjw@=c#;Z*+EPcM>#EpBsqQ}D%Z(rc=nu8aeGWD+6-0b3kUd`BkipwNs-M+Z z_>B}Bbb|x7Gr;J<|AkjhwSUGdEMcfWn4-E+%FtPz5SulLb! z^13aPH4+L|{U*=$WE7P^Mc@$`cd`bj38|woY-~a2o~!cs8~wV;x?XRv%j~9~lfA34 z$Z80*VR4Ckmec(Yf4G74g@IJ=e>%jkfWO=7sbY;@@!cHWCUw& zb_fa=`1&0spCcJnq8D`>iQ+MhR4zJ`I-O+rSPgXRd_l*--3vh$IGz9gEV4iYWb#PF z^h{DlWp+Lma*gX)LPC0>g-+RmbaDUG*y2b~OahBcT*w>u&_GtaHm}CCF#Amf0PWWc zc8^}GgOLs{ICy=c(}5{kT`=YWc*)tQEGFFjy)w0>)*xz@Vw_z zC{B!o0VED$$U?&F<&E&6H|9_6pEyTu^&Z!qRmUAv$S87Iex7}~;Rvw-T%Q0^+AQQ$ zh}yxYM;b`nb1dY?W~sNot9PX2PC?`9n^{Q)bJKh`oxMY>uSvp_Hxf_jLm9OaCP^5) zAdU;)jDa7`M$_JFvFCWPKM^tkBwlmm(GE>++Y;aNA~e&|HP3@R1*Mh}+af?lvD%RQiC7?LqT8aHv5DeY&YYNoJsj2>P>vikBlDAsLV!LNNJwSsEbgJ#gO`F zqAUE~9#?_HmSaO^eogCQq&@hN=R+9_$yerB;xhUUq1FXWqoj&4Z`mPY0Mj=1S#-4( zguD5?YMT@5X+=TD_frK+IQ3}-g1po2J15}ex@Sxlp-2`;?H*d4=Q(?PS+>wOBpNkV zz$wP1!RVODfCF^g^L!pt>+9|*1S$?-Y5`rG0|5~}?m_Kg{zL^@HZX*D>zP-(RK!7f z^P}g3q{v37UXE)YQ)%+Ldt&`-Sje{0%*O{6~o*3UunPvcd~iuOQ!b_gVU&`D@{ z(o5^b`n4(i{ubs%u#|QScs}r709HHlZZ_ZMvH6#~meH_AN?tK+bb3#EQLf1!#&}P( zFcmQ88tjbYPoG!-KKmWJOmSbNRu{WJgR;vLwN&-D@?~i)5liq479$c6I>7?&M3`}m zORsnBaYEX;(G>%ZpnZ@+P}3Hl%60RuTX=7P0x|)WH|#0oY^ddzKP@gI{i7F+~BMXmE(PO(#uuULF4RzMQ#RiyRJ9fw~B@AH=r0i7H4*eFdeJSEPzBsloe4Nk^)115`jfiOD#@G_ed9_u%$CbGME}P#8LKfVZ`zdhy zl&o;z+Rwl@(sV8}rQ8qDmr@^Xy;lcJ$P}0}w&|efcd`tRQ_mzGCPJ(-RR-(q2x1hX z4{3|-D*u^hoP)%B6P0~)RZ8Q(4_Hb3^htY0>y|6bIdhGKbdcUUvtwVE;p{TP!9<%c zpu0hk!DPM2Ihy!@ND)#rIX|v2(qa{W{svfoZM)zUX z-u@oiviDtii!)g?uJ!cYFThgE9J*0LW|C;y!*_sa4D#DoEtUGA8cl;vnZ?i9vsGb+ z7Kdn-IGaz?MkWh8)09WkO+H0e$T^YaY_DleRZ26xvX}~t@XAKa-2^kYlAuv82N%-m zlmUE%rKRV{RGmeIrRnfPk`HQm_CnPFZC^h1{f1%m_NY}jgmZgdLl02qpSPY9!A6gy z6yzp$tDOc^^Bk=@NIv~;3c3gdq*!5TFQMx;QQk@T)t7neLk{y}eyQX8Af=m(9bbXR z1`hYRtGBWh{B#raen4xBin)b{uh~tT3UUTJ7ay%{H5y9$eu=~koNnw`yt7C~vmYUo zsIE)>Y;e8M1FNigog7G!@BbLDxRL*WS3iwc8XzD4ycfj!(+dZ5n4d2PA^(5A9F)ZR z`0weJ@WkRziL0I&Ult?+8FCW@n7 zX&IYo@xoHvKJ$b_=B**Lg6{V`N#U)P9AAYBogXQUx}^JYnuu4~pme^d4h{iAe1;)1 z8Pboe#d^H(i3)RYP~3N*@rr%{6$TaWMH7bpGUL4NZ}Kp>x=ZaW7weg9rVZ&G$bktB zr#wW&^n%x8dK!!m0Ja|TnakQ17nSGcKJ2hY;$yHbL+O!z7pEO+au`%y!K-)e%LOH1 zjDCLZ_z1jhD=#x_4{U|+CoN}td?6}tWH>C1B5<{z)f7|-NYOdkWF6YTbg@7%H>N&S zzY67>FhFMAVDZ)qn2G@TV!b22WC_zfa^AUV>`jK=Vs%$5GIVam?2{z;dF9Z1RhGGf(BC zgR|JE*@Sb%+_qxmuyF^RY(1{ks&q~_w>?tDs2XjGyg`0vT6%uDXfc`R2!}BF#=(%R zVFG5~hyvOc{{;h}g`f8vFoB$np_drZgtwhs;`bhoP#@HIHxJi*a``|#fZ`S;YqzBs z>B_09eSWkmHP}7^NS-9NiZZ+4WJa?Zz_u;7H1K6{Rq{Em$^|S$z1PhTjrWF)wPT{w zO&4$6hX8Fr-mQ-8L>XYsvaY@JSv;qp6=d<8n;{sx_$LpnR$n(fz}i>~Q`=v;)&W!! zWGc4GEt6D}Yy#DQO5}BLy|I?cYj){KaP7uF$E$LwK>BUMTxyw+{R^)C{;=S$ar8S{ z{Zn|gbW;nwFZJ= zu{+jee=ZdtKwbNa{+@S;jV)HSHFDFmF39Zwqe_W@;g1iFF%+&RvTTac4x?77pl@XBAr5SwC(g zv!mZ660_MZfK?EkDRXw@8yVQ6j&YapIY?-@ z`g&xg%T^Qs9d@1E!eKi>$M6DCQYK-t|l|mINXUXCI`#;i_nN zuFAr7fl1&fewAckXkpobOnKL+x)QfWF20^+3#&opBo>wJb4nw>uTQ*qH>FF1A+;VQ zNK&g%@1|Xzw*u^BRxKPG9D}kJuCZy|K;B1*>HN91me8PCXg={kmF zHJ(8&%ohZTyKY&%qTBMvC$vryNw;+*;|p0Y#vXm}!SF#--2U%j!8eFM!&Q3cZ*cV= z$gaYdKK?~^wXTMWmGt*?_2=rBfPdsLW>pqQ#s4d}~d z7-hp)ZY(b>_I;P9Ex8;L*RT+h?2iZ#aQLqr<79M^&->23hyCCuqZtGZM4VLx#C2yw z7T|-0B)<6dI%{oels(Og-qV{E12(T;(CRO%5$Q5=si&4G_&U96XI~v>!d*X8_LR^k zd&*olP<$7qL}giR2k_g^O~QgJm<fWgGH1rJQkf4^RE3u9`{SavkMf42u34bB1dHs-$_avZ@ zGLl~hH??0t!92q+(QVup$3v6F8f;@8S^bO~mr>mu>8%FBFkhCu3~aADs_qwGDNKoS z4KsQq_0qz9$qF})$|m!1^AvA86|4czQ!KtVp84X3Rfb_wPnt_#*7Y8A{s0$)qG|9Z zsIwh;h_d1>7n9G|Q%OM7(s^vs6P{&i9PL)dsI4^!DHyolcqy%0i&P z8SQR^p>b)OnT3e@aO^@Pd<P)6>7XH{hH=*zM+FuG^^UJSWpArTI}p8VC1I)_RF)7bQv# zhOK;`x7|n7>~@;Nlm6%b4PVw-$tT{O2gvIAOQ=N}T#anjD#+|Dk(RT{0Pw@7?UYJg zgS5=|)>X252 zx5UPtMeBnqT17}9+l2{t0ht(RWFNRpR>5cZ?szAlFviqR{nDF-5?@6QzlODH+Zx6-p{nzC$_!mNIa_MCjw zyWPYM%TKsG!*NZSM3xxGeuNcv==)fsHl`~VZ=6>^t2ga7s49+|2y^Z?8~QK4`v1By z_-iEngRuV9zWVti^Q(OY%9YK)-%!}+pLsAW&#W$rmEj(!e5+E~%!!E6V8^=q7l@VS zzjdci-;YZOW^~QymOS*86NLxNJ(FLX;!1LxRB$L$yh_F`@hJ+~opQR@taqJfld1?Q zGnl|Kju6ZrE2H>q)ps>lMw>$_D`6b)fyk>uK$(&{prRoY;l>uJq~V-7wj0Y2TI}Z; zKXMG<_c3WU`iqMj8*5?;5GkDf$#G5U?i6-ZKv`=_5S<}wwgOpLwWeEJ)OOI?3W4i_ zX(0OBMrA$p0O<$tTJ9jIllI~&L~r-A?CM1sYbT81A^OUBX9oRrdkLeF zvL_)IA*Dt1#{_A9DKm=#&2P{yk!TE%C}<+=@y(XuhL}syo3kJ9xw1RxsmPg>VmMA>~c7RE}c#OA`mh;I|Xjm;~2FP2lM+u{bLs5nO6BL__ zZtz9&MUP$-HyI|jk<(nbad9lO*meQcxK8CG9nVbRbiL4bHDk}GjYq9F((kRLG848O z)2t&=M#k%J3udhLC}x2r86Q0BHxBrN(6%ls!)T0S-I}9L|mPGuA z4o<@thqd>8jtxuZ2(Mr_6C;0TB=hMM-OL&&!GOAwb?^0i%_3*_$)J@70ohbtFS9;9 z`%D_yQ$e>w(tEf@Wo~v|!+XOxz*lsYsgEnGh9}7;wmN*0o&@wRDUK5CM+{Fakae2( zwyd~VBjr|4UURS04m*Z#3+!IfGrzSB4NGnZFFnWVT0k*U@%V5gndsV0E+(SMyKlP) ze7>O|!q+$NW`H#1v2`^FsBcFAF=p>%&y{`c9m9qqNWUi30IX<-dibCr$ic|3^a}L) z;5Vb_v=8)uGQNsRf&TYeyYuZ;pYGqY)$hsGpOjZWldFF!uNdh~*bEI>4VVpC3=9}J z{0S zh}P!18H#V6!DU;rbYt@dTH==W_0qXXzz)+m!OyVOa1sPtA)r6CM0^HRFGEhnv-47# zNcFRh+r+!?I+JT>hw_pC8mTcYROtl3f2#HPKwHVK@}`1Tlc~4*;q>y&k3%a z#C8uEo=j`xwJ48DIV1^O8Fr`M*Ul}@Y{g?r%ZQ(Gdp@bXh;O)#U-Kry8L<4E4cDdD zXq;FwgM~MKJu-pL1$&lQxgd{TJ@SlD$S+Y;om`&~QX|_9H5}YlsX}pJdG7*Rr0_X~ zo(4<`z!|sS(|P94PK7oG-AsaW)~zZ|bQ&rSl|OD6H)7yVF&pm$@6La!?tI|4AP%BR zqX06x);@)J;A>8J-)Yq5PU?h9$$cp`!+fVbLn)xN5pMt7&VcCraW*z$r zpiff-RdO|2toCDKo85(%B)feFe(9(*vg=VBfL}8IDS3R7q7_lan^FhaH3QmrfnmCG z+)cnf(+X3R6*d#I>ea2QU}1UoJG>lMcn?hv^(BNSl&-dYK#2%5j}>qG0tpl3N4OwO zJ2lHh6=F5nuO4KX3wW@%+7u9ZRFNEFE6;_<88=O2%AB$GRrgG>{nK3-%DHIi4C6PG zfP*UB!$ObS>AU>MV?3eGT{BHDevHRE%Aw|Dkyn{z>X7_cxU7T5U3&tv3Up#dH~U&} zmxI>rGD6zryp&R70u&o`f^YO*_oa1Fnr_d0phc^|?fHR5T`f>Tj_Hj2x=TAiVy|T+ z(h`n>f@=Eb$8?b-0p1Geo-S$$^{!e7fNo~?q19vYqK+6<&B6Ytl84&kstBXrWBd9T zlxcB94P!ZX%Sg{`kxjA6x^+lKy(s0e*)b6muH4P zT$)eXoE$$RusXQyt%~GMR>dH8xLZEXqv*96MwNC!SOPBG>D;K7Q}jcjTn>UwwQFe9 z8!?^?<}HQ+T0$y4Vk=Mn&!`Az#lI9 zjMj^;xXRnW6jWVFqpgD%>I(WY*HuMiRNL1x()Y8V-B#2!HkXtMJ)xUL5oAbsH!nX> zyA7pXU~n6wvER1sXXYVIcY-dE8x|7<3HBmL%Uk*-zb=kh880vvyLYfcDZLhEwnN;a z1jEGvF_`;jl9f)&hB3dz%D)g<0YK-e#$0U9V(aHosC3qkyLr3b-Rt$EX8BiPLK(4W z>bY4z$u_&;OMo*D*mg?GZ+5I8UcHn5@GOzeuSddpDNJElw|;GL%m)Gk1j-|!OskA9 zMX-OQ6oD4lQ#nd54-+ULg=ZR;cFJUBPYE(|iYO!2JSWs6^by*}!;rX01(c}OQ>IIV zs3+btyWuI!x1!JSibA&vF#O<`I%Cwb(E2LB$j{WKlX4+UzO`|CwBMCaJj?oHj!zzbZ4IF}8|U z#3(TQ##MjqyJDyR3*QyCsT6)_Beglf<06KuZ#LSC2hNsyK>grrrVD~k+e6rQ<@WA)g?$6iP z-ZT+x91F_b+f-j+N@_WH$D`^R7Fb}5KHkN?ZMc2+u&er%TC~Jmq*Hzd20Fz3KgkuS z+0AcY^^phWKM7Xi6X8PtGfL`u}lWu^BNLu>UN!GZ_E; zYhckg`9tk$42KUW$C!-`ie9!WRh~p$eN<=&GMf!DUI}mZ1Y|F@`m0Sck+Z5KK`2=s z)aId3NAl>2EY@xrU)tc$mYb+=rHozoi_-q)mU_7R%bViJfMd~D@ZRK=AIE~EiprlC z+*RO_gP_k62h`{QFNqiB_q+eA_UX{3wP_#c;z875wOIzL<468nr| zvNTyPl!+kum(+VXqz;g-;<3~!x!9!wCuawF<~iox;Nc%V7}5?;1=GvT?u`?~_v&OH z2;{d3#2dI@PewR1C5K(|Akm;0Z~pA{7UGo9KYR>1KvB%?Kt)E^AsmoELs@b;+6O9R zTIG8KOcVP!MFgZr<-xW)4fwd$qeJM#7<{9RW2~gf59D{=RfId+ON~8q39v`?qEz`p z?OPE0cGtHs=whOX!<6zR-C_Y@5fi;iTfP@eUE?^k%(b4Skq;RFj!l_I{@O6yGZI2i zUO)8p+v(5>pQp)p#`3t@Gzvq7-aNI1)f3=5KvRrjzNAj%>8MQKP*O!yhCEz`=@h}& zWSM8*&ly002dXApPjLTB7S3z6LjSzIrB}7Y<>0vlRU4HA9@p#Ok}Q2My&Gk5m#p zn2Wm0r*`&WQvO z#*E~8>rmUKvl1#Rn4U^XQ8&TN@*DAw%}+h>R}%(vHkRUvfP+Y#M9Am@l?8a;CCklE zwQaGVbyG90!}~@2llBXnU4gh^J6E&aS!48vch^t>7S?kwPqj5~T7znSvhGQHvr#8A6c&kI@>RiSfp-$RH42o& z``{mjwDG#FSHz%eZP1#dM#fYNYTnu@LoC6a0s2x>RQcJNVcbv+Uv0*m?AZp^mzgnD z0VF+u+qiV#*Nbd%i*-3x3bWcTm3z`;J7?tjr>#HM;^$`QYVr+Ast|paoUBSz7 z%)c~I)lcs34#b+#@kmo*?Jx-ZeDDPq>*y#lv+i5Pa~~^&Gu0W^xjabyfs+yy{*|J4 z(a(>3XdTO0&nR!Sszn$c;G&Ir6=J4rx)uAbb;)n?I*Z(OH)J?n2!=gRw!Apg#b6wa z1mgkZ%JskCt6u}@cfR_k@oG#r{{SvCD-Bhgj;es_7LtU)qq%{!ne=7=8kj17x8N`M zimY45G6|L^w$Q^>f6|@mAV>^QV#(Le(d{9 zt*EyyV3;vm=tdIx&nr(P^M3i7O*axInSepF&h|($U6$6e$_uo)+OtOKGoid?N#{*2 zEIkk+V4zc_1}va?_Vp z?16Q)UvaDQmUGrka83J5n;Cv6ybCROJd>hf0=um-IcUTI4x!YFw za#>!DMs9>isU((YHBX3?+0|doZ!?2PLHdY3(cgZlL(T7pCcT8VL+F_{dV_n1fBE_B zp@IK&+dWgY4sQ2oeQ91LHh?z`X#yasSN@{QBdA3`@5gw8S?aa|oS)ICG zr#TVs-lt1IjF?$vcGVwuCX ze5GuRuu`_80#gU~wy(n~{8z*c#Esz*p4 zTAoFymVPeYXj~Qd>C+GAFauP5@f=CJ$w=QRtST0L`z8pclAy*xuKie~yx<>Marf_P zWn$EQnLClx3+@^qydd(XBYWCkrD6eHJjVnRr#?U^d>-_V8;K z>B?(FMW6-(ktEwFUVED5ApE1`2WFKG0*L2A;*(hc~ydIq;ZdW^q+oD%B|<+Z}*nk^SGz z;CTL@H-nPT|9QOPM27u$yy6trw43>Ry!t)7`jhYKXL$9?cg1GF%t&v{%EHXTYRGQ% zKfS99q7Q_CLAQE3b3DUl0-l&;`~1WB2S^{#v@aE_B3i<64hP4tz*FJBk0`XOSd z31bPt9#`8=&rd;O;|8H|fq@YBXlNOlfIzGL2SKCitLqgeMa6Ansa`jkzK zMqYl3JGqT7SDwjqQJ|BEoWa!XVhE;57&O_0d3odm3~!NZRWyG?Vpdv> zA<;%jUG2I^agIIoKZclU6-k;)!tZj=TC@0tvFh>$mbFS(RhCHaE^;SD(IJm+NAV=YQw>Jrk(})F)~bXe#ZE zW5?f-`<#%l*)kAR#8vn=Trs0`igc^5P(+J;#iX551aj%uK0KYd4K6Q zOPf5_2Bz(MD$DD2PD?_^H-25FB8;76^Mnot*4UlT_(aamCC8Cd?}DxxkWgm)=tr0{nRF8=Q4GW0po#68{x zy#Z1zNU%Pkk_PU@=^Mkp09U`q(VyY!KV?_J&sS#5GV1--YBG+@y!fZ>Tmryf5O6yq3(OL)1$YppgPld`T_QD+|?}6d&sR!_+l5DyIX^EWk^q^NLrX5 ztIv6W#m3JHZr{~8-aBCX{_I(Mc(-ot1k}?velpqW4e74M@qz0}h}{VNF_4hxY`}#j zyS_6Z@pV70yb&fa1X*4WIQVJ5XSC(nald4uYP)*A`Rq1Ok#ns(=25ASc z7x_J%DNXX<4_CMlQv_MN&!YsGZNcIjyu|m3+)+RE2R#(_Phdzugn~cdYNw*10CAAv zL4_i6?`8yqE0l;@>`!p@*Rm@vroWI~Rhc4UHh>AUbWh8+acoNCiSIZZOJ^rBn9)Vh z9m_6o{R6Igv{e(}{e#isPZyi#g9r}y;n<5sLz6*3Yq?y@Oduu2*>%zFd=k{@LC_M( zQ(G0F7olhy-4UHKS^U$0ruREm?V)ySUnb7rHB6~ajIMOE6qL!@iCDXXDR|9x#0Awf z2@E=JeT^Or-iwB4gXgcz<95vscHs5=wuODkvjLeREohJDJbq4TskRKN(@*zRR)@X{ zP~uuL@nsYggz($mgiK3c8@F{P{WLs+R;4 za4H4OuYKEGuOtqH(U-Rkx|uX0FUBbd=g>V0F{sk&rD@&et2Q-Jboi+f1}NH6$nouv zmj+EH``>WoQ2R%?@@t0wV|MjFt6lL=!~cb=-A56*VeIe0>d(2=A7ob_Nd4Q!z{bYT z!p3fF%*OI@%bA7spVxvn?YcU_0a}#>%6*z>VS7Czitj^c0<2}R>Ab8}$HT`qf*+3p zt~+MZAlz=F5wJA`qKUsjs)hSfxJfg4I)gE;6LC*h#ILZG1Xts=i5Dpk4DXSPz<_p5 zq*ENUU-f}#K$zq^U4bP7nRc+Kk_}v28(^0jUXz25Nhc1-2^0fVKf8lR95s7%WsoKt zfgvU=qn7wa0;UnMBl5#YEuiVPyL0o4jc!RRD;<+zB zd|(XpD_cUvOfG9*W6?MMkDDcTTa5SSC`tLbwk2!dbQ^0w= zB){kpk|Sun(Fg#O7&;jXwmgie!#FGT9v1q}MvkHduNW$$U-J_cx19Ft^a!cMKVSjuhr)3_huV41*Vth!#(p?q1<9!grJf&Sch(7ru9aJKZvJmP7Vrt|y zPx6I3msghMf0ORNk_`c5-B)JBGStn&%b8gb38tZ?@7w^=$xCdw2G1ZV^UeD=#0XL* zcCDKb_bo}*hZl2L7|R6u@}RA0`xQSg(Y3?MLz}Mb=Nl>cZ?v+9!EH3EW}u(4)>MxfaCrr-z=6t-ai3K~(P*aepdSj~D|!-v zeMjT%-9kkARa}>&io``JH7dq`nFSo-sHMB+niC~pec{0i^FER6)2!Aq#1-H3EA{Pa zsaX}eZczE#o9y0Zmp1l0Tp#fg6E*z-g6fbhHr555Gs(q?&>o=3g;l5*mC(V41rka2 ztAXtoempYa9}8I=E;k5)=INrYcKpX#v;)=d_GItm+G2I)Ohk#WHlOHarrJCC6De6C zt$Oc^pk~p=fFi))t0B=jqs!j-D&B&kt?)BbI&5%Im9`vLNZW=8URZ^z#XAQKCv$CM zhp{mGw&EHkY#sr#y|d>saa>J{R8mdMBko^6gC>FF746d+J+y8Z=-95nVf~0*nVmy& zUa~z8nO3rLj6VoHaZm}rMHoMVd6IHbVYdkuZhGSlxm;T2sZv*XA7LD3o(N4f!W6DB zez_y*cwW_omnbmdY!*x4JyLjy3*X@vzEKW0^hB)Q;FSiH4S9y6Mhi@H5QL(c!U^&v z)e6ksXg?}?qFv~|2T)y`mYm%i znI4=hV*P0cEOV}edB}&#>M%gwocqvRNufF*@KBptfkO?H02tv1CYYpaJ!4i27(i29Z# zr>$pd)_d&yFX(FOc@`A{Ubo;l2au7XC48zx0P7mI&vFh5(LQUM4)zRDJ}|-esk0$Q zlMXVynK&zQ3IN$G)*syHGxgbk9rqD_F96;>a;k$KVNC5ENf@z#S|AepjA(UK1Allc!*AQtr6IK9KMQyBc;p&zy0{GSP9yqMHDl6G* zemT`dq-=UONL*)%Ql!*44m+K%W2h;><&UtZ(@h21UTLf8h>6M8IGsU0`iT^Qiuet|%iK1- zFWW!QCIbHbjjM_9`PPJ#UsQ;77C|;u=dpv*F^q5%EA(yPOsS1gYn>oy7{<9*ZDf(L zFK#P$*V@K6AsGcKe}pUMzwurD$M1h`T*3I%`e`Hcn*4~&-D1NRQ^D(__3z(-gsbRw z@oMie9{3GcMcX{cpV|+=wONEpF^LE92=yQU4uRFgQX5-^##V8Y3)&0qv+LlwxWk0| zurbEtooakHqp)Oofrz~NFd9D1W;WDj2MZyG2CURpk;%j>b+K4ukRW7hVx7v3E^VMe zcV`#ll})DxHcor4l6U*`vDsLxGo51C`9S~}>DoCIAOr7m{jTGGz zf6h$;@w)xTd%+~pKeAP~3&Q_Pw(^QW_zSj*Frwbe{ny!w>yK@Au7BLYVPi4mU}85i z;%4GxVlp!Rr=8$dLCAt~#K1i8xSu3*TBfpOo2tpD1WZGY;G>lXiiuF&HDAY3$X%zZ zkj=GkeIh(nHaB8R*80C3!e`Xl<7RJ4%DAxn#292FS-!n9rJngHa0iiMmcKQFw2y^o zr!JN5pRilA+6Er&Itkw~@2KUA7VsSeBoywUjD~zoMbHI!x1?Er+R~qFGgx}UM*e~P zQ_Fj$6)EIb-iE7e(;+bR=f3+C-Bl^xD%0$$^jr@~4A3ve=sHay>&iHd9}%x!RWmMh z^d+``Q0I1dIV>T)6>1VI#g9KPhD}Czn+a<)XwvI1^TMD0WSWPei=v zI=m*PFpMCnUp977FvNydwIx|)&{Qb-{gpUX+2CR{Gm6AiXjt6sNqXD@3!{=N6*TF* zW=AsDUbK|3^%qaPJd@Z@YZRvO{moXX`1o2ed5(UlW}R#HJ5BsjKZ#Qqe=){)a2g}^6-K)X4;@LG*2#D|f41vW?eCHyXt*s3S zx>IAjAdu2qjLIuTY)4~!j?mELPO0Os7GfE_RhvtGFnv|-j591CF>EzJL)3@zu(GzN zd9;Ztq3Iip3gC@KnnpD z?M{jYCvZ#;{x7lB?~(K;w&METW=G-ps&%4?onI;xGzi8c0b2l4 zuRKNJZ)rw1vmoKk2*N=bd}OqP2{&&}^i1~bfP%LWwAd=@`sF*B5-;=4<@DZpYmqpE z6dsR!7=&{X*NA^2p?v9G7n7EZB|O1vJ&2J|BTdoVeM?}CEDkL8Qk+?a5VuF9MoDzp z27oFIv}(8L;^)1_46J5tcd(UF6eg$KDe-QNB|y5jBJn+RD}98tGLn|Fz-qqUY!C6j zK*D)hTc^<5K}w62!1$WP5V)qM6aj~2qi8+5o`yc_z{n0tFiiR!&o=3$t)zr(ADFyv z!u>S`>GPd&wpyQ%qmh!sA>$eN0-W+11psUZ+7^>1b^FC@qT9(?PeDPFBIk3V75ABS zeORBD==83C$njY4(hq?WDRV-+J<(3zbYa&A&pJq;3s&x0FQ=hayy*|(4_18eiT1K<$wj7T6d7U=TI zNB@4dD(gkuMfSvFo$7cT$o0Mz;Xrtz_Xq2?-U+2L0;ZL>20^pDK_|CV@1K-+HMr=RgCzF4(l{;csL%9LC z8&E!Q3{8V$xLy_vJhY3g)up3MP@t3EtUS-~1$wnvG&m1;#1?-xj%1WeCgo@Iex5bE z!tvanU|eJhMnolU8G>Y!2^a2ow>Ac3SNtg)%Go&O!d3YdZ5DluV`Gb>L>TSk%pK~P zVG&9GHZ~u==DAM~dMx0EfQUrD=ztKgG%gQGp-e4lAfuEUf--GbhNP?(-o6Hi3sOS^ z-p-3#?a5mey^JjPG-vkg=D~h017>RLJvmy(DFa^$RV!fME}q(_o!(m(;Xu)50`_eTc?ZLrP#2NUPC5*lM)wk8B0P zf%r$Z`k%QN+T{`ddzsxW8}xSd@6qZ{`@j!?{^y5+%)cd9OdrPujk!3DOgM~8xVVf> z{)w!1Tw|L}Iiv0o9_9CGbyl63q26O`$Z)^AHJxYARAw*+0QJemLE?qet?s+ejG)`K zDekopL~2K*-T;DWvg6Ptz;?6)Gg9PFuWNo4j)NDR-*6mxC6nzzjRziLe48`%rcT*z zKKUAc$|8HDW)ExD{|GQHV1xG4uvkHa71jpG%}(j@I@Nyjm?Wm`GYmbkI02y2PF&P( zD+Yl-cqQ0`i)NFL=`8ac!)jKnxZ)<~H~H)H+|jK(EEC|ZJyXEN$4G68GtoN;R)z~y zcQd~n+v#*Pz`UI;3zR}BLoj-~-MS%@_dv(x18d&4a_)r!DuqoRR{2jTR2P;+I@4UT%2$pJOqM-65%a!#9 zw7u-r-&^^iB#t`a(y1qE5OZ9epb-uZRL#hR=uN)@=t$0$mB?anu@CKcY$%wFRN*DWK)PBx< z_Ghxq7S?#4N6OzSEs z_7ln{K#-vFqtC+PuU$vI(zQ+?87Ih4m2x@*1s3J(>}=?7i!bVvbV;<<9Z1own)(#7 zFOR!YvZY;by7z4WG=97ePb)8_)eAo+54>m2&o^A1Ejx#VDV9-G`5Icaj6+&%Jmaxn zyICbWFY}_o+c^yC2gdTa^S`0Q{c7yz4u^W10C-2~Ih@HhPt;<+ybiwHaUR6*v;r>H z*|yzarrxsbUO6`mjT{fwPb_Uk!Lz$EhVP#J&koW;&t?p1?#S6mTX5rh*>Zd4^sNMw z(|+)2;upU}?bX1O)t@2T<*g>3Nn0k$VTmQVX?Fg~Y58m>caA)0U>sKjE1THY1}NOn z23Rx7=!5z7o=My6F_gFq0cDmBo`xGbY8??(A022h*2ti1`UpZd#z9?iX(LEnw2QNp z&C+IAS9q#`gCAecMZO;YJkQd1uV_AsoxBdmGGc(K-AxrV)Hp7Hkldj`l>?UyVz&+} z&xrEmbHf|)TFCZ3yPYi$2*L#0qlT}1VNb)aQ0m+t2f-y7*zaBv$srYYZ|EM z{BrUOuKpohqLEs~|9EWXf$-$Aw!QESTAwmEj2vSY1AZ)y3k!xMsK~;Tiu^Pd;vz%6 zE9>Xu>6!#VgD92B)+BS!T z`T2(RY}hv>{`@Rvhi0_)j!OKUGXVrNvHuFs{U*oC zr%Sk1@-Yb!GfHM7KvFT)9uL7ucap%lIt1(f8I!gKNBzr|?PHEYAc{Q^=_^?IX^0SS zA*YkKPUOpJj0??BE;pKeD1I7gkAl({d4PiB;{M(B)T1WeI{OzgPa*3w6@CmwvKYXl zkqZ%%X^x}*3(0;LWP+BFKrOeX|ulM#D^=l}ysB=qWUEK;i`gxROhqB#LrI0{!h^!7%>;u`|s zWRP$WU)yVmMv_k}jFQuPTyYC>%7K3ZW!mAcs#iM(6+pV?O)??oDBwYNn^DMYW`*tS zo{P0-Z|^#Z6jE~2_nE&tBykBqY3n)qMGJ3ln}d~rNk^ZY&{gKy%YO#~mUjkx*Uut? zHWzxrFrMD{u;-qEuvyxD8dtbcrTqjIIy8#~+_4r2nSWnWRiC^Top>0XfTo1BR_F2W z-v{oTo)Zyn6&S94^=^7YY#onZNy5I)jf0!g!u-;M9ERon(1`r(iGjH&(g0 zaHiioS$s#2)?xin60OVFjPv{`MDwoj(+Yj~F@coTv-ssFC9qb7^_X%Fo7#E|hE_Du z6;K0RVo`dD!DJxG*wmxwrmXAe5$^J`3#lXvaYg*xDVQn}X#7On=fgoagm6QmR8XDa(3g*mJ?O)k3j z_biiHAvg-gVBj7|s9C$z-aW#Zl8WYeCL`*5G!^}B28f@KpT5ay>y1`HXPs#>GW5cx zAj%yHGPp~#jW{r#?BmXZ%y+0V*|7ZKa|Ln5Uz$5*Ih9UapRS5R)=?b5T-~*>vm^fLunV6Wk znE$9@NSe9;Hb!DKVq#Z3Tpn~lV-P)-;3_B%*g~Gxyj|*nZ zL0Yz4dt(7G!m7E^%|FN^1M{^ov9;oSRF{q515b3r2JD1P87xj7w>_16Y|e9%B}Y^A z($KGtJ#eD5L;I!UyMlMt4rwr=mK5{(7}** z1SpyVvA)wrQ03KV?FII6H|y)eofosBqLCqWXR2VXTZfADe6g{h^VB{T{jA^CU4ukk z2*>DuDhl!0F_ekH5cb}eT0nC&f*>H24@oi z2jW+GbQKY~;O+iij$4Iau?vc&{9V==u7E?gS`=P@d`hp9f`YMew;VMHK>0cyHA2aH z!VegEFy=_ffWvEXEop*k5I89ICwebJjc7H$1L3rqV;UqpNq+^4=^QiB{Tn+|#Osm2 z`-?v5(PpDPJEe0;?9Ioub@kL!=Ik2_rrzrn3Sa!uNh2rlA62B=&wb z2nn+K>#4tNXAjujeM!09orRW>7ucB@+u85fN~DmH4zS*d(|NOA1TOLn1`YS6T>iv- zFP&sjOg6DvYrMbx2bj^^iJeEp;xs-1tjLe$tQCl=Bfk{JEz(J+U{_UKlPse#Y*EeI z_+D$?A*Z|5$nCAfOw3G+Q{vg@?Vnlw>QrC)rI+-9d%p1sV6+da%y-Ve;6)U?%9_(p?q*fpA$pA8w7FPpYw-KMp-c5b2 z8NQUS>VQWxm==z0N~kZT z!^ntzyV~HR$N!Yp8|iZml6=@1z7S!r`u0PI1Zvv51s8G|&NcYMF&nP;Ek*y41IS}9 zx2g+8woD4^bF3ZV?BShd3J}yykx-tjx==pX8{i&FM0{hw+BjpvnCcLTx^ z4iM$G3RO}De=aHBo$Hmat1D>*2qsto^sSF3Vc5uX*^|8Df|5Vksa1-Gf%*P2Mhq{E z#!%(A9cM58+>(pfj=wrZieFt6hQA7nQTx5WDp5hzEA;J&^$h}o_*TT=aiWfq55T0W zN3_}67$ndNz?L%X$Tj%pAa=p6iB0v)*CDwuqN#&zc#^J-ylUU1=ipd2v@clzXyH+2 zLzx1P>1j2CY90oHy@3jylYQ+}%R}hvs|StH!EW94Sc6ivCI^{N{FxH%;wTIcHD?vB zU*Y%esfKf5papSR*o+XN%Za5gh0z#~SSZgg7$+izRfIINP?B$h6=ET5{!^U53*!0L zp>Ga>92~oEI=_)v);n(C1gNkh_|EEDXgwzs+U%8y~{qkhLKqGo38@o-a}^~97K&74G$s}Qt-o%MXLjH6+xuG z4XGi#H?LPC+UQEDPKdpZ42sS(A0v8?>%?Lms+QHtD;tg5sf_H;0-fh!2tWrHSTG&6 zpMIx?IJ)0<=(DB0xMe+J%J6fn@)$$E+JMML7SDNb2gUR;tSPuRl$?q#Fad$pr35%q zhSGM(n5ZPSM=fbuDQvfcpx3S<0UdSw-O3(wLJ(sfS#6{?^(By-7$iRINg9{OEU9Y< zxmNKG2=eCwtavRkoN=Wopk-w+*F^1#Lm{~^i&rSoC&LiVMdk-^KsVenVlI?>_fRaR z;pw)qAZyJ~+s-68K7VOMZR(6BodYq)jR{IRE<#WSS^d*nLHin{Kjv0Ae{_h#emF!S z|8<8b{Rq;3&#ky~s-7kOo~-^Z>~zETxZvn)uiG$Tm zS%hviEb>$eQ)%T8&Kb<@NJ#j=+!V5P%=r#suY-v3bsh%bPTYmQi1AC+Jyp&>b4;jg$>F@Fh0+wJ7R2!^kqvw`DY#Z|NGO{6oT?M^$%auQ{caT5;Giz?-p)k-Y`_E6 z$~rn;xU~LTd20%ot##y4ZaXD~gPB4MjRE~@unk<9e^yOkoBYzo2AHY@$icXcRb6Z)=JKZ%7g}?u0@wOY__~~1M#@iT z2^HH>1!#B^z+hZJEf5t8p{#w)7uF$Fn;;`r1$y)@-^zeCZ**Ypq-$0qgGvAj!v^^S zLu69YxWHM^nYx}~lh+^T`e2scjMlMbICSio^ z-uDw$os(oVeShGLGG*sdI30pF`Th+XB9DO-g2a0g;gfHsuOzJikT}{t_~m+)#D>2t zFzyfu4*X__Q@wqv)jK99r+yKDBc_Cyba^x+v6|of1a?T3wS(F*mxLbU{IX+yaa@?7 z^3JWb#;f*g^`MH#M(pDk^>H)}k;%kR98y@l$#4C0UkFxMn_;nOFX238sK(fLn3KuE z&DCOTd@Z)?3wGtgmxGzRG&w&}Q8^&T_>?IfV)?&sk-vU_uk>8V3zDUPtJ9H(`XH-B zCO_o3q`%LtevhL+an(QMR$iRDL>459z?n;=Tn5dp^kk(_*2Iu~oM3vz;}S1n)PKQM zUfKO)0!HBz+u-t%5Fb%uOFZt|Awqs3IOWs@4}pmV#%4wZTc1u6vTfQ67*V&T`FJGH zF*Wa@;2ZEeFSV`g^TWt?F%(2eMrI-`V7=tNHIA!RV$rhdD`GL;)wx_O$1fQQJv6q4 z24y{wUtW_XZA3rlHYgwp!|gU!*XNSv+>O2UCWce#!<33ZEg*AwNswknph)V`(8Q`) z8e&@*7_}OB$FX50GCN$)h%0o7{QRdkgKOmnDpKLAOZ=!Qq!VL2XEqgI=`HW50ilnJ zYWO;ZYG;TR*x&-n2P<}MB~xWrpqE}E*x%@+htKfm?N2f4bshbAnp5D+!6HhicMa|! zz+k(#dCFU!lrtBYt+KHozmxYQ!7MsHndmB+>SxKP8C26i`bHE5>;qwIr-y20c4>=( z760J)M3*v-ti3(Xc>N=Ftp>559zcw|u4YcKrCG#`r1ya155y>;qO(HIk4|75QLH2v~8NVpl#g zG-9TGn>Iw3cd>rck*tbjSs++;BZhKJUlFi^EGfoN6xo^Ms*@v%Po5|>kCPGx|Mzp% z+tXyu5mr|}v0rHX?m~QL9o@MJPzqZGH*4so5PBpr2%75<9UdnKjTFX>&P5yZSsOTN z;_{!k>Tl#$%zq)bYLka_-x)SCNp{xD-x{TWl)i)5AVwXk2G+m&)%fL;&2O$^cNDe4ta)GSqmz!2ff-nMBR?&C=@~;t0!Hh|1Af+^L@)SrS#$7b zKYqC%{?xW}K+xP=0WY~e2ZL{bjB&!)ibUapsU~obFxq0v^r8j>;Gbxp`NB1f&bch? zY?%;2SYg?O9vXLTLGi8FQN48W>|xfl-MX1?DQFU`m$`Kd=IbqHoVwwTn2LM|7S{9y zHD=SbPKiWptX1N|o$5UXu)&EzHf2g`ghM=|?yAGOstr%PsuJ(`h6-K5y1oDF_Dww9 zKLuAGa`uvM$bST@{|CWUYAEtw1Xn&qN*zD{9a5;l_X>hYK+9mWn#$2#Aaw} z!eU^;&Hc}KHNt#VL7NPqn(^0$_1U1{FMJt*(m#vY5?UPA1s&o-q@WN(hqa^GPD1y$RGp8#OWk|tC;k}+!&R%U8 zPzYyXsT1}R(M+A9rAZ#gD`_^8(5I97&ds0Ff=*-x)$KlQn=ycFRdp8s@Him3laN3 z%#*(W04~&kZ`!Xb)H(y!%jsTtw@TUhDXMEAb3!CwBbd46Sr6)ykC?1Td_~WFnOTSx zvR`+1oKkBqpIm`wHjT7K-hyh)ivTcTALvd0C0V(`QHqUj>Rxw}*5+mwxCTIXsz0pnV^dN;jK6FnGm4J4T zaX@+%1;i4YOD8);q@T!4YkDFDvko!>Z%wrmxJ$b|)H@x0{Hy9gCdj5{lLPIzv06uk zJf7rg;;b?gR8Z?p_=^%d|cM{kLUh(VwV0d$;Rr`1>Af5A5grRrn58Z=w&P>(O0 z`f56(m=_gXuDY{6SuH=m4x;4;VF&T;87fDZTO_pl6Kvpz`1kmA#R9_`PxeQD<5mcL zDcbA0BoK!N_1~rv)9cQA82~GiWlTG=nA5~3`M!n#?#*^@@dX=7L|_A>rR>Chr9OO6 z2@Zd!#^GPet$xp=Kko(qQ*xzXB`Iqv>y}W0PB%tX5Xn1o$?Qj;{p@z5%q$EYKd|^0 zc-4@)y#jZBV5y$u$2i$j=zLO0_ytKQSs<9iV!_C5IMo!|zPt*uI(621UZoR?b7IVt zIMWeqoe6o%YTTxK^UzS2`I*oicXS~11|8t1D!WUC1Ok$^_NXwIG&TkEGfo*&ZU(2T zIutl79EPiwovP{h2PHkCKL?J4c-t>UiJzgApbsC>yxfc(k;28fb@}562#2to7}Bg1 z$f3RE@)z2}$X#wlC^oWjr|pXT4EcS*2WYf@K{tbxz81z)roEY8)zvQ4E+>wF2=|QJO8b>9I8skTv!m|7O|7}9A5s!&Q&Lr!XHo-$Mn6xm8KDs;iIMa za#Am~eXdw!KQqXwMd15&tJX2bDD*;3JI^sTbQ&j1Cmg;kP$J<|Uhw@qr+YVQ(IGkR zqLbks!Q2R#7QKgBV2~NlXv+cWge3r!?R$I(x1Ho&Y7VH-Mj7hT%@iG$&!K!t-wWXK zvsSaz^2d-Wv@}TN>`)>eB*=LO$A7{cE~T426k@iEDI-z%H8R zqqTg0!mGb=TrvNJ<0>hAU`jX5R`zJJH&>n|-5A8j2uT(rqC5wK1#_s;2>mx+dDP*% z^n+-0AUs*;=FYfgK`-Ng{EREa{MK^Qe#DC}y4ul*)?_7709skifGSCQaSsm-;KTaD zTtAF#DDqvR*=QQgKTU{oLXKDd-bHRT0DHDs?64V=@cp8yrdncM&PPL2;N?8BXY2ro8F;#U=2wC?yEeItwVe)h~~sU+E$f+ zf~#W<04N|Ez8GpIgCYNtFMtU@%-1);Isx+3Jr9hNP-PFk>V`mXFwqm5u#Fplo39 z@m}zsqN`JwjE5O$?yyqE&y|L*cWJt(8`ysLpO7!GO#6_tq)266^Q%M2kmI+17*n?P z9iWe0ka9$?eO#}5l6NA=k^*0A{JvTFZAw}>Dn{dO9($zUq1)Ex$JHKaERCzjqGQ~L z&qS136;`)(NN7$9&x%u^r?Mt(pvn%Q(E*(pJ=S%OL1H?M4}-(jQp55 zsX~bDD=&RrM8)$y740Z3>}_6K`2oZ(t~~HjGX(BiYy(fEByN$q2k?FAY^YfeAAXo< zxfCEQOir^$y6ZA?ydy*Vu<-f8K1m?IAX}`ApA7J`)3FGzhl3|A$HL9Q+`2p#EY4dX-1vCs!kRh5an*@LQ# z2&Sp=`Ta~yN=Q`R>l1aNdIT5pwL!bs4Dzw8zH#Hhf-?1Wk?}YY zRy_Dph``Rvm5)VEpf3C z8{B(mu0&?9+PSg*5ixj6lk{hJ3pSd0u#8`yD#MH5IghSm&!6(2E}kC92puPG(^pQq zM|0?KF4EDY%kS%}FyV;b4ghF#p@*6b87-DkZh%Il0EGA-RUFrkS1qdMxMk87F5VIG z-6AP0in%QwGc_*62E}SZ-Pm%KRP4k$38W&{&zjn#|xu$lS!QIT*5R z(T^9Eqw=hKkROVaOrC`SJ6;gtFzbKOdqK#O&P-hi(04tyw^OrEmMm3qKjTK52|S2qfty2y+A7OYzkU(_klG(k9v zZHa7YZB>{@m3>@^N8FNyA}e5PnCZ{Nc2ANQ8U*MpxV6bg3ZymY1`My`?+C%i#sFBA;rH7M+1q2?(s*J~jOc|Sz#dg~59T~&KY2Lh>%F_uC9W-Fcg z9fHL7FKfuQAJ;vV*(tjNK@XoGod*cX{SY`>+oGnOnh~yI6jM%6)9k^AYQ~HEXI@SO5aO9itU+U? z5BWqm710t$ZnGqY1d!K3;po#Q29wuk3E zQjU01=inp};D7ag9Isz_x$vcA%FWZrMJh%eE!?bzNXg3+9*lv}#1?!V;50B?wrK+2 zZBJd2;KXb=Uml+0InDsA)cBc%JOdtf^|)bW#0s)7gI9f#H1MZZfrLD{%x{!Mgj?BQ z&OC>P>uo6S_Z!6TM?DIwrhe9Z7bSoq#rwjV!Vb{&|$ycC1yjk5!L5BY)PQz8F5mS z4>8Vrd?ilb%ENvGa0Af!$YWK!H^Z^}WTU~V?)>CSr`2g5kyU~u6U+)-mDh6dnk1mn zKjmhLmV-+XNjbf9C`h(_ascyt1+DxIUq&+>+6_itVp9fvn3mltH{V9zabrS~tAGv= z9Dx>H+&sg@#U0x{!KILy^;@G=CC29m<>`XQ)*S7TdZ_02N%v^4EC}RQMrUIEP+sdM zl@G%0vE;S2TUFXDjrgsl_ds%73*0M?2!xiJiU}5faZTWJw^N1Kv9vX$M98DYBD*Z52r^_lfSW|>EhtHIO)vMBLrcz6_{{tG zzH%snwuusKFD}0nkx8!O-izXEcS*+p)^!<4i5m8x`lPOu0Jg8gXTmlC{7aevE1BW^ zoUqfF#I=)Zbg;v5k;W38s3|uh0GvKs^8t>|`~Jm~m9_ef#_um)Zr^h62@Vw7yfVF< zOo|P@bX)+ZY9(eIkb;RZpOD{9*XwVWfuP3t$tTjCi^EDt)vOSN{D_mH3vDISp#KOEYs*9g& z?4NVz%#Hmk>plhOUM}X^#D9+|{o;M`?YZ~6JwCp9ZXav?>HNydo1a-X?i610<7NGy zq?^m_UmVNu_`Pn*`qO#=4|o%kw71Qkyj08PYlOn`iRG*1=f4a~eg5&g*d5;bGXA+f zp_dM=Ul6uJH~!(dO@d2*-wj+7Jm0li%-tha}vo4;zdt}ArEuXlv|F2G*5wx>%gPO2J zp8JX07rS-@8Es?BZs)srN#n(I_5)`&8!~8c<;|XaI?dTcsuQV~Q^@Dic=4pd)cbPxec)E^$tm}`bE^_wE}kwbu%tx2xvS-+#R0v} zMRL=b_pedPw&(V$Ibr?QDfiFX{>!~ZtL~(*1$r^7_s(TM=iIf(?q&*klRY8DKvehlnfhs0x!a=e+OvKt zDYFTYKDTm8{Ug55#vRAzRG(X&FZO9C*C`Xp;u~gDVp-a+EfaQL-&3+>&PA^uG;Mw5 z&f-(?c~$qw)8od!R(XZ~Tg}s6)lX6j^yQk<)FT&bzl?Xm31H)E!XF=vlrs($s$yl^ z99ho)IwewNhSvD9#IYU=D2~1!>+>%jzr1td%BP-1MSk|LcRAKJd`{oVFU#7`I7bM?!o=$W-;oSt$=) z-C~gZsIt&5oM)cmyhS$`m7d$BzMJjPQMccFWsF|;J8TOGJ=|n$CR*u#p>ai%rLk+p z=4j79Rb@}zdQIini%w0{-gA1r3A?D!kqJ-cWi7PsE!Ztw+03l>(}7 W?Y Date: Tue, 9 Jul 2024 11:26:15 +0800 Subject: [PATCH 03/14] CI: Upgrade GitHub Actions imports in clang-format.yml --- .github/workflows/clang-format.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml index b3cbab1bae..f3b120d509 100644 --- a/.github/workflows/clang-format.yml +++ b/.github/workflows/clang-format.yml @@ -56,9 +56,9 @@ jobs: - check: "win32/compat" exclude: "" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Run clang-format style check for C/C++ programs. - uses: jidicula/clang-format-action@v4.4.1 + uses: jidicula/clang-format-action@v4.13.0 with: clang-format-version: "11" check-path: ${{ matrix.path['check'] }} From 2cc3afe1aa148881e8d046ccd048183592541689 Mon Sep 17 00:00:00 2001 From: liushuyu Date: Tue, 9 Jul 2024 12:01:24 +0800 Subject: [PATCH 04/14] CI: update various GitHub Actions imports in cmake.yml --- .github/workflows/cmake.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index 422e2911ae..1df177e1ca 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -28,17 +28,17 @@ jobs: run: rm /usr/bin/link.exe shell: bash - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 - name: Install Build Tools - uses: crazy-max/ghaction-chocolatey@v1 + uses: crazy-max/ghaction-chocolatey@v3 with: args: install wixtoolset - name: Install pytest for easier to read test results run: python3 -m pip install pytest - - uses: lukka/get-cmake@v3.21.2 + - uses: lukka/get-cmake@v3.30.0 # Restore from cache the previously built ports. If cache-miss, download, build vcpkg ports. - name: Restore vcpkg ports from cache or install vcpkg @@ -90,7 +90,7 @@ jobs: runs-on: macos-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 - name: Install Build Tools run: brew install bison flex @@ -101,7 +101,7 @@ jobs: - name: Install pytest for easier to read test results run: python3 -m pip install pytest - - uses: lukka/get-cmake@v3.21.2 + - uses: lukka/get-cmake@v3.30.0 - name: Create Build Directory shell: bash @@ -141,7 +141,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v4 - name: Update package listings run: sudo apt-get update @@ -155,7 +155,7 @@ jobs: - name: Install pytest for easier to read test results run: python3 -m pip install pytest - - uses: lukka/get-cmake@v3.21.2 + - uses: lukka/get-cmake@v3.30.0 - name: Create Build Directory shell: bash From f4b4f33dfa10683979ad42406f97a3e2cfe24a1c Mon Sep 17 00:00:00 2001 From: liushuyu Date: Thu, 11 Jul 2024 13:34:06 +0800 Subject: [PATCH 05/14] cmake/FindRust.cmake: strip MSVC linker flags ... ... from native libraries array. Otherwise Ninja will get very confused. --- cmake/FindRust.cmake | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmake/FindRust.cmake b/cmake/FindRust.cmake index 51ea4152ad..514169eca1 100644 --- a/cmake/FindRust.cmake +++ b/cmake/FindRust.cmake @@ -425,6 +425,8 @@ foreach(LINE ${LINE_LIST}) string(REPLACE "native-static-libs: " "" LINE "${LINE}") string(REGEX REPLACE " " "" LINE "${LINE}") string(REGEX REPLACE " " ";" LINE "${LINE}") + # remove linker flags + list(FILTER LINE EXCLUDE REGEX "/.*") if(LINE) message(STATUS "Rust's native static libs: ${LINE}") From cbe4837262cb380c1b8e8ccc68bfc660fdb08d80 Mon Sep 17 00:00:00 2001 From: ragusaa <54862477+ragusaa@users.noreply.github.com> Date: Wed, 3 Apr 2024 16:35:23 -0400 Subject: [PATCH 06/14] Explicitly set clang-format version to 16 --- .github/workflows/clang-format.yml | 2 +- clam-format | 96 +++++++++++++++--------------- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml index f3b120d509..a9d6a14edb 100644 --- a/.github/workflows/clang-format.yml +++ b/.github/workflows/clang-format.yml @@ -60,6 +60,6 @@ jobs: - name: Run clang-format style check for C/C++ programs. uses: jidicula/clang-format-action@v4.13.0 with: - clang-format-version: "11" + clang-format-version: "16" check-path: ${{ matrix.path['check'] }} exclude-regex: ${{ matrix.path['exclude'] }} diff --git a/clam-format b/clam-format index 9b8298390a..e3d8519418 100755 --- a/clam-format +++ b/clam-format @@ -1,54 +1,54 @@ #!/bin/bash -clang-format -style='{ Language: Cpp, UseTab: Never, IndentWidth: 4, AlignTrailingComments: true, AlignConsecutiveAssignments: true, AlignAfterOpenBracket: true, AlignEscapedNewlines: Left, AlignOperands: true, AllowShortFunctionsOnASingleLine: Empty, AllowShortIfStatementsOnASingleLine: true, AllowShortLoopsOnASingleLine: true, BreakBeforeBraces: Linux, BreakBeforeTernaryOperators: true, ColumnLimit: 0, FixNamespaceComments: true, SortIncludes: false, MaxEmptyLinesToKeep: 1, SpaceBeforeParens: ControlStatements, IndentCaseLabels: true, DerivePointerAlignment: true }' -dump-config > .clang-format +clang-format-16 -style='{ Language: Cpp, UseTab: Never, IndentWidth: 4, AlignTrailingComments: true, AlignConsecutiveAssignments: true, AlignAfterOpenBracket: true, AlignEscapedNewlines: Left, AlignOperands: true, AllowShortFunctionsOnASingleLine: Empty, AllowShortIfStatementsOnASingleLine: true, AllowShortLoopsOnASingleLine: true, BreakBeforeBraces: Linux, BreakBeforeTernaryOperators: true, ColumnLimit: 0, FixNamespaceComments: true, SortIncludes: false, MaxEmptyLinesToKeep: 1, SpaceBeforeParens: ControlStatements, IndentCaseLabels: true, DerivePointerAlignment: true }' -dump-config > .clang-format -clang-format -i -verbose clamav-milter/*.c -clang-format -i -verbose clamav-milter/*.h -clang-format -i -verbose clambc/*.c -clang-format -i -verbose clambc/*.h -clang-format -i -verbose clamconf/*.c -clang-format -i -verbose clamconf/*.h -clang-format -i -verbose clamd/*.c -clang-format -i -verbose clamd/*.h -clang-format -i -verbose clamdscan/*.c -clang-format -i -verbose clamdscan/*.h -clang-format -i -verbose clamdtop/*.c -clang-format -i -verbose clamdtop/*.h -clang-format -i -verbose clamscan/*.c -clang-format -i -verbose clamscan/*.h -clang-format -i -verbose clamsubmit/*.c -clang-format -i -verbose clamsubmit/*.h -clang-format -i -verbose examples/*.c -clang-format -i -verbose examples/*.h -clang-format -i -verbose examples/fileprop_analysis/*.c -clang-format -i -verbose examples/fileprop_analysis/old/*.c -clang-format -i -verbose freshclam/*.c -clang-format -i -verbose freshclam/*.h -clang-format -i -verbose libclamav/*.c -clang-format -i -verbose libclamav/*.h -clang-format -i -verbose libclamav/jsparse/*.c -clang-format -i -verbose libclamav/jsparse/*.h -clang-format -i -verbose libclamav/lzw/*.c -clang-format -i -verbose libclamav/lzw/*.h -clang-format -i -verbose libclamav/nsis/nulsft.* -clang-format -i -verbose libclamav/c++/*.cpp -clang-format -i -verbose libclamav/c++/*.h -clang-format -i -verbose libclamunrar_iface/*.cpp -clang-format -i -verbose libclamunrar_iface/*.h -clang-format -i -verbose libfreshclam/*.c -clang-format -i -verbose libfreshclam/*.h -clang-format -i -verbose common/*.c -clang-format -i -verbose common/*.h -clang-format -i -verbose sigtool/*.c -clang-format -i -verbose sigtool/*.h -clang-format -i -verbose clamonacc/*.c -clang-format -i -verbose clamonacc/*.h -clang-format -i -verbose clamonacc/*/*.c -clang-format -i -verbose clamonacc/*/*.h -clang-format -i -verbose unit_tests/*.c -clang-format -i -verbose unit_tests/*.h -clang-format -i -verbose win32/compat/*.c -clang-format -i -verbose win32/compat/*.h +clang-format-16 -i -verbose clamav-milter/*.c +clang-format-16 -i -verbose clamav-milter/*.h +clang-format-16 -i -verbose clambc/*.c +clang-format-16 -i -verbose clambc/*.h +clang-format-16 -i -verbose clamconf/*.c +clang-format-16 -i -verbose clamconf/*.h +clang-format-16 -i -verbose clamd/*.c +clang-format-16 -i -verbose clamd/*.h +clang-format-16 -i -verbose clamdscan/*.c +clang-format-16 -i -verbose clamdscan/*.h +clang-format-16 -i -verbose clamdtop/*.c +clang-format-16 -i -verbose clamdtop/*.h +clang-format-16 -i -verbose clamscan/*.c +clang-format-16 -i -verbose clamscan/*.h +clang-format-16 -i -verbose clamsubmit/*.c +clang-format-16 -i -verbose clamsubmit/*.h +clang-format-16 -i -verbose examples/*.c +clang-format-16 -i -verbose examples/*.h +clang-format-16 -i -verbose examples/fileprop_analysis/*.c +clang-format-16 -i -verbose examples/fileprop_analysis/old/*.c +clang-format-16 -i -verbose freshclam/*.c +clang-format-16 -i -verbose freshclam/*.h +clang-format-16 -i -verbose libclamav/*.c +clang-format-16 -i -verbose libclamav/*.h +clang-format-16 -i -verbose libclamav/jsparse/*.c +clang-format-16 -i -verbose libclamav/jsparse/*.h +clang-format-16 -i -verbose libclamav/lzw/*.c +clang-format-16 -i -verbose libclamav/lzw/*.h +clang-format-16 -i -verbose libclamav/nsis/nulsft.* +clang-format-16 -i -verbose libclamav/c++/*.cpp +clang-format-16 -i -verbose libclamav/c++/*.h +clang-format-16 -i -verbose libclamunrar_iface/*.cpp +clang-format-16 -i -verbose libclamunrar_iface/*.h +clang-format-16 -i -verbose libfreshclam/*.c +clang-format-16 -i -verbose libfreshclam/*.h +clang-format-16 -i -verbose common/*.c +clang-format-16 -i -verbose common/*.h +clang-format-16 -i -verbose sigtool/*.c +clang-format-16 -i -verbose sigtool/*.h +clang-format-16 -i -verbose clamonacc/*.c +clang-format-16 -i -verbose clamonacc/*.h +clang-format-16 -i -verbose clamonacc/*/*.c +clang-format-16 -i -verbose clamonacc/*/*.h +clang-format-16 -i -verbose unit_tests/*.c +clang-format-16 -i -verbose unit_tests/*.h +clang-format-16 -i -verbose win32/compat/*.c +clang-format-16 -i -verbose win32/compat/*.h # Undo changes to specific files that we don't really want to reformat git checkout libclamav/iana_cctld.h From 52dedbd681d0d30161f2d084981241cb73c86dd5 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Tue, 13 Aug 2024 12:41:03 -0400 Subject: [PATCH 07/14] clam-format touchup --- .clang-format | 124 +++++++++++++++++++++++++------- clamdscan/proto.c | 2 +- libclamav/apm.c | 2 +- libclamav/c++/bytecode2llvm.cpp | 2 +- libclamav/egg.c | 2 +- libclamav/entconv.c | 2 +- libclamav/gpt.c | 4 +- libclamav/ishield.c | 2 +- libclamav/jsparse/js-norm.c | 2 +- libclamav/matcher-byte-comp.c | 2 +- libclamav/matcher-pcre.c | 2 +- libclamav/mbox.c | 2 +- libclamav/mbr.c | 4 +- libclamav/others.c | 2 +- libclamav/pe_icons.c | 2 +- libclamav/scanners.c | 8 +-- libclamav/sf_base64decode.h | 2 +- win32/compat/dirent.c | 6 +- win32/compat/strptime.c | 4 +- 19 files changed, 126 insertions(+), 50 deletions(-) diff --git a/.clang-format b/.clang-format index 87ebea09b2..5ae36afdd8 100644 --- a/.clang-format +++ b/.clang-format @@ -2,40 +2,65 @@ Language: Cpp AccessModifierOffset: -2 AlignAfterOpenBracket: Align -AlignConsecutiveMacros: false -AlignConsecutiveAssignments: true -AlignConsecutiveBitFields: false -AlignConsecutiveDeclarations: false +AlignArrayOfStructures: None +AlignConsecutiveAssignments: + Enabled: true + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: true +AlignConsecutiveBitFields: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: false +AlignConsecutiveDeclarations: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: false +AlignConsecutiveMacros: + Enabled: false + AcrossEmptyLines: false + AcrossComments: false + AlignCompound: false + PadOperators: false AlignEscapedNewlines: Left AlignOperands: Align -AlignTrailingComments: true +AlignTrailingComments: + Kind: Always + OverEmptyLines: 0 AllowAllArgumentsOnNextLine: true -AllowAllConstructorInitializersOnNextLine: true AllowAllParametersOfDeclarationOnNextLine: true -AllowShortEnumsOnASingleLine: true AllowShortBlocksOnASingleLine: Never AllowShortCaseLabelsOnASingleLine: false +AllowShortEnumsOnASingleLine: true AllowShortFunctionsOnASingleLine: Empty -AllowShortLambdasOnASingleLine: All AllowShortIfStatementsOnASingleLine: WithoutElse +AllowShortLambdasOnASingleLine: All AllowShortLoopsOnASingleLine: true AlwaysBreakAfterDefinitionReturnType: None AlwaysBreakAfterReturnType: None AlwaysBreakBeforeMultilineStrings: false AlwaysBreakTemplateDeclarations: MultiLine +AttributeMacros: + - __capability BinPackArguments: true BinPackParameters: true +BitFieldColonSpacing: Both BraceWrapping: AfterCaseLabel: false AfterClass: true AfterControlStatement: Never AfterEnum: false + AfterExternBlock: false AfterFunction: true AfterNamespace: true AfterObjCDeclaration: false AfterStruct: false AfterUnion: false - AfterExternBlock: false BeforeCatch: false BeforeElse: false BeforeLambdaBody: false @@ -44,55 +69,75 @@ BraceWrapping: SplitEmptyFunction: true SplitEmptyRecord: true SplitEmptyNamespace: true +BreakAfterAttributes: Never +BreakAfterJavaFieldAnnotations: false +BreakArrays: true BreakBeforeBinaryOperators: None +BreakBeforeConceptDeclarations: Always BreakBeforeBraces: Linux -BreakBeforeInheritanceComma: false -BreakInheritanceList: BeforeColon +BreakBeforeInlineASMColon: OnlyMultiline BreakBeforeTernaryOperators: true -BreakConstructorInitializersBeforeComma: false BreakConstructorInitializers: BeforeColon -BreakAfterJavaFieldAnnotations: false +BreakInheritanceList: BeforeColon BreakStringLiterals: true ColumnLimit: 0 CommentPragmas: '^ IWYU pragma:' CompactNamespaces: false -ConstructorInitializerAllOnOneLineOrOnePerLine: false ConstructorInitializerIndentWidth: 4 ContinuationIndentWidth: 4 Cpp11BracedListStyle: true -DeriveLineEnding: true DerivePointerAlignment: true DisableFormat: false +EmptyLineAfterAccessModifier: Never +EmptyLineBeforeAccessModifier: LogicalBlock ExperimentalAutoDetectBinPacking: false FixNamespaceComments: true ForEachMacros: - foreach - Q_FOREACH - BOOST_FOREACH +IfMacros: + - KJ_IF_MAYBE IncludeBlocks: Preserve IncludeCategories: - Regex: '^"(llvm|llvm-c|clang|clang-c)/' Priority: 2 SortPriority: 0 + CaseSensitive: false - Regex: '^(<|"(gtest|gmock|isl|json)/)' Priority: 3 SortPriority: 0 + CaseSensitive: false - Regex: '.*' Priority: 1 SortPriority: 0 + CaseSensitive: false IncludeIsMainRegex: '(Test)?$' IncludeIsMainSourceRegex: '' -IndentCaseLabels: true +IndentAccessModifiers: false IndentCaseBlocks: false +IndentCaseLabels: true +IndentExternBlock: AfterExternBlock IndentGotoLabels: true IndentPPDirectives: None -IndentExternBlock: AfterExternBlock +IndentRequiresClause: true IndentWidth: 4 IndentWrappedFunctionNames: false +InsertBraces: false +InsertNewlineAtEOF: false InsertTrailingCommas: None +IntegerLiteralSeparator: + Binary: 0 + BinaryMinDigits: 0 + Decimal: 0 + DecimalMinDigits: 0 + Hex: 0 + HexMinDigits: 0 JavaScriptQuotes: Leave JavaScriptWrapImports: true KeepEmptyLinesAtTheStartOfBlocks: true +LambdaBodyIndentation: Signature +LineEnding: DeriveLF MacroBlockBegin: '' MacroBlockEnd: '' MaxEmptyLinesToKeep: 1 @@ -102,47 +147,78 @@ ObjCBlockIndentWidth: 2 ObjCBreakBeforeNestedBlockParam: true ObjCSpaceAfterProperty: false ObjCSpaceBeforeProtocolList: true +PackConstructorInitializers: BinPack PenaltyBreakAssignment: 2 PenaltyBreakBeforeFirstCallParameter: 19 PenaltyBreakComment: 300 PenaltyBreakFirstLessLess: 120 +PenaltyBreakOpenParenthesis: 0 PenaltyBreakString: 1000 PenaltyBreakTemplateDeclaration: 10 PenaltyExcessCharacter: 1000000 +PenaltyIndentedWhitespace: 0 PenaltyReturnTypeOnItsOwnLine: 60 PointerAlignment: Right +PPIndentWidth: -1 +QualifierAlignment: Leave +ReferenceAlignment: Pointer ReflowComments: true -SortIncludes: false -SortUsingDeclarations: true +RemoveBracesLLVM: false +RemoveSemicolon: false +RequiresClausePosition: OwnLine +RequiresExpressionIndentation: OuterScope +SeparateDefinitionBlocks: Leave +ShortNamespaceLines: 1 +SortIncludes: Never +SortJavaStaticImport: Before +SortUsingDeclarations: LexicographicNumeric SpaceAfterCStyleCast: false SpaceAfterLogicalNot: false SpaceAfterTemplateKeyword: true +SpaceAroundPointerQualifiers: Default SpaceBeforeAssignmentOperators: true +SpaceBeforeCaseColon: false SpaceBeforeCpp11BracedList: false SpaceBeforeCtorInitializerColon: true SpaceBeforeInheritanceColon: true SpaceBeforeParens: ControlStatements +SpaceBeforeParensOptions: + AfterControlStatements: true + AfterForeachMacros: true + AfterFunctionDefinitionName: false + AfterFunctionDeclarationName: false + AfterIfMacros: true + AfterOverloadedOperator: false + AfterRequiresInClause: false + AfterRequiresInExpression: false + BeforeNonEmptyParentheses: false SpaceBeforeRangeBasedForLoopColon: true +SpaceBeforeSquareBrackets: false SpaceInEmptyBlock: false SpaceInEmptyParentheses: false SpacesBeforeTrailingComments: 1 -SpacesInAngles: false +SpacesInAngles: Never SpacesInConditionalStatement: false SpacesInContainerLiterals: true SpacesInCStyleCastParentheses: false +SpacesInLineCommentPrefix: + Minimum: 1 + Maximum: -1 SpacesInParentheses: false SpacesInSquareBrackets: false -SpaceBeforeSquareBrackets: false Standard: Latest +StatementAttributeLikeMacros: + - Q_EMIT StatementMacros: - Q_UNUSED - QT_REQUIRE_VERSION TabWidth: 8 -UseCRLF: false UseTab: Never WhitespaceSensitiveMacros: - - STRINGIZE - - PP_STRINGIZE - BOOST_PP_STRINGIZE + - CF_SWIFT_NAME + - NS_SWIFT_NAME + - PP_STRINGIZE + - STRINGIZE ... diff --git a/clamdscan/proto.c b/clamdscan/proto.c index 0bd7ed37d9..00513d4517 100644 --- a/clamdscan/proto.c +++ b/clamdscan/proto.c @@ -212,7 +212,7 @@ struct client_parallel_data { unsigned int id; const char *file; struct SCANID *next; - } * ids; + } *ids; }; /* Sends a proper scan request to clamd and parses its replies diff --git a/libclamav/apm.c b/libclamav/apm.c index 327aca7bc4..a9930e0e63 100644 --- a/libclamav/apm.c +++ b/libclamav/apm.c @@ -37,7 +37,7 @@ #include "scanners.h" #include "dconf.h" -//#define DEBUG_APM_PARSE +// #define DEBUG_APM_PARSE #ifdef DEBUG_APM_PARSE #define apm_parsemsg(...) cli_dbgmsg(__VA_ARGS__) diff --git a/libclamav/c++/bytecode2llvm.cpp b/libclamav/c++/bytecode2llvm.cpp index 4834498035..4b5c036e4e 100644 --- a/libclamav/c++/bytecode2llvm.cpp +++ b/libclamav/c++/bytecode2llvm.cpp @@ -106,7 +106,7 @@ void LLVMInitializePowerPCAsmPrinter(); #include "llvm/IR/Dominators.h" -//#define TIMING +// #define TIMING #undef TIMING #include "llvm/Config/llvm-config.h" diff --git a/libclamav/egg.c b/libclamav/egg.c index 60c0ea9737..c96d58dc89 100644 --- a/libclamav/egg.c +++ b/libclamav/egg.c @@ -99,7 +99,7 @@ typedef uint16_t WCHAR; * general defines */ #define EOFARC 0x08E28222 /* Signals end of each header, or end of archive. */ -//#define EOFAR_ 0x2282E208 +// #define EOFAR_ 0x2282E208 /* * egg_header */ diff --git a/libclamav/entconv.c b/libclamav/entconv.c index 15160846a8..7e5052fa12 100644 --- a/libclamav/entconv.c +++ b/libclamav/entconv.c @@ -57,7 +57,7 @@ typedef struct { enum encodings encoding; size_t size; -} * iconv_t; +}* iconv_t; #endif static unsigned char tohex[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; diff --git a/libclamav/gpt.c b/libclamav/gpt.c index 48710fe134..24b85eb89d 100644 --- a/libclamav/gpt.c +++ b/libclamav/gpt.c @@ -41,8 +41,8 @@ #include "scanners.h" #include "dconf.h" -//#define DEBUG_GPT_PARSE -//#define DEBUG_GPT_PRINT +// #define DEBUG_GPT_PARSE +// #define DEBUG_GPT_PRINT #ifdef DEBUG_GPT_PARSE #define gpt_parsemsg(...) cli_dbgmsg(__VA_ARGS__) diff --git a/libclamav/ishield.c b/libclamav/ishield.c index ed09f3fd55..282f4eeff2 100644 --- a/libclamav/ishield.c +++ b/libclamav/ishield.c @@ -358,7 +358,7 @@ struct IS_CABSTUFF { unsigned int cabno; off_t off; size_t sz; - } * cabs; + } *cabs; off_t hdr; size_t hdrsz; unsigned int cabcnt; diff --git a/libclamav/jsparse/js-norm.c b/libclamav/jsparse/js-norm.c index b8c0cae405..449e5b68d9 100644 --- a/libclamav/jsparse/js-norm.c +++ b/libclamav/jsparse/js-norm.c @@ -67,7 +67,7 @@ typedef struct scanner { size_t lastpos; enum tokenizer_state state; enum tokenizer_state last_state; -} * yyscan_t; +} *yyscan_t; static int yylex(YYSTYPE *lvalp, yyscan_t); static void yy_scan_bytes(const char *, size_t, yyscan_t scanner); diff --git a/libclamav/matcher-byte-comp.c b/libclamav/matcher-byte-comp.c index d3cf69b24a..f9ae3094c2 100644 --- a/libclamav/matcher-byte-comp.c +++ b/libclamav/matcher-byte-comp.c @@ -36,7 +36,7 @@ #include "str.h" /* DEBUGGING */ -//#define MATCHER_BCOMP_DEBUG +// #define MATCHER_BCOMP_DEBUG #ifdef MATCHER_BCOMP_DEBUG #define bcm_dbgmsg(...) cli_dbgmsg(__VA_ARGS__) #else diff --git a/libclamav/matcher-pcre.c b/libclamav/matcher-pcre.c index a0da207e7c..0e80398ac0 100644 --- a/libclamav/matcher-pcre.c +++ b/libclamav/matcher-pcre.c @@ -46,7 +46,7 @@ #endif /* DEBUGGING */ -//#define MATCHER_PCRE_DEBUG +// #define MATCHER_PCRE_DEBUG #ifdef MATCHER_PCRE_DEBUG #define pm_dbgmsg(...) cli_dbgmsg(__VA_ARGS__) #else diff --git a/libclamav/mbox.c b/libclamav/mbox.c index 927d9d55e0..379f809466 100644 --- a/libclamav/mbox.c +++ b/libclamav/mbox.c @@ -162,7 +162,7 @@ typedef enum { * Slows things down a lot and only catches unencoded copies * of EICAR within bounces, which don't matter */ -//#define SCAN_UNENCODED_BOUNCES +// #define SCAN_UNENCODED_BOUNCES typedef struct mbox_ctx { const char *dir; diff --git a/libclamav/mbr.c b/libclamav/mbr.c index 13550eb96c..ee28e4bb45 100644 --- a/libclamav/mbr.c +++ b/libclamav/mbr.c @@ -38,8 +38,8 @@ #include "scanners.h" #include "dconf.h" -//#define DEBUG_MBR_PARSE -//#define DEBUG_EBR_PARSE +// #define DEBUG_MBR_PARSE +// #define DEBUG_EBR_PARSE #ifdef DEBUG_MBR_PARSE #define mbr_parsemsg(...) cli_dbgmsg(__VA_ARGS__) diff --git a/libclamav/others.c b/libclamav/others.c index 447e58d7f8..544468351f 100644 --- a/libclamav/others.c +++ b/libclamav/others.c @@ -269,7 +269,7 @@ static void *get_module_function(HMODULE handle, const char *name) static void *get_module_function(void *handle, const char *name) { void *procAddress = NULL; - procAddress = dlsym(handle, name); + procAddress = dlsym(handle, name); if (NULL == procAddress) { const char *err = dlerror(); if (NULL == err) { diff --git a/libclamav/pe_icons.c b/libclamav/pe_icons.c index fc17266ae1..cfda789ef1 100644 --- a/libclamav/pe_icons.c +++ b/libclamav/pe_icons.c @@ -188,7 +188,7 @@ int cli_groupiconscan(struct ICON_ENV *icon_env, uint32_t rva) uint16_t depth; uint32_t sz; uint16_t id; - } * dir; + } *dir; raddr = cli_rawaddr(cli_readint32(grp), peinfo->sections, peinfo->nsections, (unsigned int *)(&err), map->len, peinfo->hdr_size); cli_dbgmsg("cli_scanicon: icon group @%x\n", raddr); diff --git a/libclamav/scanners.c b/libclamav/scanners.c index 921e35ddd2..4ef0c7a160 100644 --- a/libclamav/scanners.c +++ b/libclamav/scanners.c @@ -1271,9 +1271,9 @@ static cl_error_t cli_scanbzip(cli_ctx *ctx) char buf[FILEBUFF]; memset(&strm, 0, sizeof(strm)); - strm.next_out = buf; + strm.next_out = buf; strm.avail_out = sizeof(buf); - rc = BZ2_bzDecompressInit(&strm, 0, 0); + rc = BZ2_bzDecompressInit(&strm, 0, 0); if (BZ_OK != rc) { cli_dbgmsg("Bzip: DecompressInit failed: %d\n", rc); return CL_EOPEN; @@ -1287,7 +1287,7 @@ static cl_error_t cli_scanbzip(cli_ctx *ctx) do { if (!strm.avail_in) { - strm.next_in = (void *)fmap_need_off_once_len(ctx->fmap, off, FILEBUFF, &avail); + strm.next_in = (void *)fmap_need_off_once_len(ctx->fmap, off, FILEBUFF, &avail); strm.avail_in = avail; off += avail; if (!strm.avail_in) { @@ -1323,7 +1323,7 @@ static cl_error_t cli_scanbzip(cli_ctx *ctx) if (cli_checklimits("Bzip", ctx, size, 0, 0) != CL_CLEAN) break; - strm.next_out = buf; + strm.next_out = buf; strm.avail_out = sizeof(buf); } } while (BZ_STREAM_END != rc); diff --git a/libclamav/sf_base64decode.h b/libclamav/sf_base64decode.h index 15cf8313bf..9d1b51af74 100644 --- a/libclamav/sf_base64decode.h +++ b/libclamav/sf_base64decode.h @@ -27,6 +27,6 @@ #include #include "clamav-types.h" -int sf_base64decode(uint8_t*, size_t, uint8_t*, size_t, size_t*); +int sf_base64decode(uint8_t *, size_t, uint8_t *, size_t, size_t *); #endif diff --git a/win32/compat/dirent.c b/win32/compat/dirent.c index c0364ecc04..5c3b502a2e 100644 --- a/win32/compat/dirent.c +++ b/win32/compat/dirent.c @@ -22,11 +22,11 @@ #include #include -//#include "clamav.h" -//#include "others.h" +// #include "clamav.h" +// #include "others.h" #include "dirent.h" #include "w32_stat.h" -//#include "misc.h" +// #include "misc.h" DIR *opendir(const char *name) { diff --git a/win32/compat/strptime.c b/win32/compat/strptime.c index 9ffbeb0176..a35c5b393a 100644 --- a/win32/compat/strptime.c +++ b/win32/compat/strptime.c @@ -19,7 +19,7 @@ #define strncasecmp _strnicmp #ifndef _LIBC -//# include +// # include #endif #include @@ -31,7 +31,7 @@ #endif #include #include -//#include +// #include #ifdef _LIBC #include "../locale/localeinfo.h" From 34e1521fc5ddb9924a7ac41b00d409818e51544b Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior Date: Wed, 26 Jun 2024 23:01:47 +0200 Subject: [PATCH 08/14] cli_check_mydoom_log: Avoid unaligned access. fmap_need_off_once() may return an unaligned pointer. This in return leads to an unaligned access during the load of the uint32_t variables loading to failures on architectures not supporting unaligned access. This was reported to the Debian BTS as #1073128. [bigeasy: Commit message, reworked the patch a bit]. Link: https://bugs.debian.org/1073128 Signed-off-by: Sebastian Andrzej Siewior --- libclamav/special.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/libclamav/special.c b/libclamav/special.c index 943a969499..29e23f2461 100644 --- a/libclamav/special.c +++ b/libclamav/special.c @@ -48,7 +48,8 @@ int cli_check_mydoom_log(cli_ctx *ctx) { - const uint32_t *record; + uint32_t record[16]; + const uint32_t *ptr; uint32_t check, key; fmap_t *map = ctx->fmap; unsigned int blocks = map->len / (8 * 4); @@ -59,14 +60,24 @@ int cli_check_mydoom_log(cli_ctx *ctx) if (blocks > 5) blocks = 5; - record = fmap_need_off_once(map, 0, 8 * 4 * blocks); - if (!record) + /* + * The following pointer might not be properly aligned. There there is + * memcmp() + memcpy() workaround to avoid performing an unaligned access + * while reading the uint32_t. + */ + ptr = fmap_need_off_once(map, 0, 8 * 4 * blocks); + if (!ptr) return CL_CLEAN; + while (blocks) { /* This wasn't probably intended but that's what the current code does anyway */ - if (record[--blocks] == 0xffffffff) + const uint32_t marker_ff = 0xffffffff; + + if (!memcmp(&ptr[--blocks], &marker_ff, sizeof(uint32_t))) return CL_CLEAN; } + memcpy(record, ptr, sizeof(record)); + key = ~be32_to_host(record[0]); check = (be32_to_host(record[1]) ^ key) + (be32_to_host(record[2]) ^ key) + From 326b45e6d8b7077ace1427d7203f59a389a2800c Mon Sep 17 00:00:00 2001 From: rsundriyal Date: Tue, 30 Apr 2024 13:25:31 -0400 Subject: [PATCH 09/14] Adding param to define test pipelines path --- Jenkinsfile | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 212352cbb3..1ae677686d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,6 +24,9 @@ properties( string(name: 'TESTS_FUZZ_BRANCH', defaultValue: '1.0', description: 'tests-fuzz-regression branch'), + string(name: 'TEST_PIPELINES_PATH', + defaultValue: 'ClamAV/test-pipelines', + description: 'test-pipelines path for clamav in Jenkins'), string(name: 'BUILD_PIPELINE', defaultValue: 'build-1.0', description: 'test-pipelines branch for build acceptance'), @@ -82,7 +85,7 @@ node('master') { def buildResult stage('Build') { - buildResult = build(job: "test-pipelines/${params.BUILD_PIPELINE}", + buildResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -93,7 +96,7 @@ node('master') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." } stage('Test') { @@ -104,13 +107,13 @@ node('master') { def exception = null try { stage("Regular Pipeline") { - regularResult = build(job: "test-pipelines/${params.REGULAR_PIPELINE}", + regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}", propagate: true, wait: true, parameters: [ [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "test-pipelines/${params.BUILD_PIPELINE}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -118,14 +121,14 @@ node('master') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded." } } catch (exc) { - echo "test-pipelines/${params.REGULAR_PIPELINE} failed." + echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} failed." exception = exc } stage("Custom Pipeline") { - final customResult = build(job: "test-pipelines/${params.CUSTOM_PIPELINE}", + final customResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -137,7 +140,7 @@ node('master') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "test-pipelines/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." } if(exception != null) { echo "Custom Pipeline passed, but Regular pipeline failed!" @@ -147,7 +150,7 @@ node('master') { tasks["fuzz_regression"] = { stage("Fuzz Regression") { - final fuzzResult = build(job: "test-pipelines/${params.FUZZ_PIPELINE}", + final fuzzResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE}", propagate: true, wait: true, parameters: [ @@ -158,7 +161,7 @@ node('master') { [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"] ] ) - echo "test-pipelines/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded." + echo "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded." } } From 925a3ef000265934f79dc0396d34ad2e0527fdce Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Wed, 22 May 2024 15:42:23 -0400 Subject: [PATCH 10/14] Jenkins: separate build pipeline and package test pipeline The build pipeline used to build clamav packages and then test those packages with a rudimentary test set. This change will build the clamav packages in one pipeline - then test the packages in a new test pipeline. The new test pipeline will use the larger test suite that we use for testing from-source builds in the "regular" test pipeline. --- Jenkinsfile | 53 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 43 insertions(+), 10 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 1ae677686d..61efad9062 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -17,19 +17,25 @@ properties( description: 'test-framework branch'), string(name: 'TESTS_BRANCH', defaultValue: '1.0', - description: 'tests branch'), + description: 'tests branch for the package and regular tests'), string(name: 'TESTS_CUSTOM_BRANCH', defaultValue: '1.0', description: 'tests-custom branch'), string(name: 'TESTS_FUZZ_BRANCH', defaultValue: '1.0', description: 'tests-fuzz-regression branch'), + string(name: 'BUILD_PIPELINES_PATH', + defaultValue: 'ClamAV/build-pipelines', + description: 'build-pipelines path for clamav in Jenkins'), string(name: 'TEST_PIPELINES_PATH', defaultValue: 'ClamAV/test-pipelines', description: 'test-pipelines path for clamav in Jenkins'), string(name: 'BUILD_PIPELINE', defaultValue: 'build-1.0', description: 'test-pipelines branch for build acceptance'), + string(name: 'PACKAGE_PIPELINE', + defaultValue: 'package-1.0', + description: 'test-pipelines branch for package tests.'), string(name: 'REGULAR_PIPELINE', defaultValue: 'regular-1.0', description: 'test-pipelines branch for regular tests.'), @@ -53,7 +59,7 @@ properties( ] ) -node('master') { +node('default') { stage('Generate Tarball') { cleanWs() @@ -85,10 +91,11 @@ node('master') { def buildResult stage('Build') { - buildResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}", + buildResult = build(job: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}", propagate: true, wait: true, parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -96,21 +103,45 @@ node('master') { [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] ] ) - echo "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." + echo "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded." } stage('Test') { def tasks = [:] - tasks["regular_and_custom"] = { - def regularResult + tasks["package_regular_custom"] = { def exception = null try { - stage("Regular Pipeline") { - regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}", + stage("Package") { + final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE}", propagate: true, wait: true, parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.PACKAGE_PIPELINE}"], + [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], + [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], + [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], + [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], + [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"], + [$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"] + ] + ) + echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} #${regularResult.number} succeeded." + } + } catch (exc) { + echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} failed." + exception = exc + } + + try { + stage("Regular From-Source") { + final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}", + propagate: true, + wait: true, + parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.REGULAR_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], @@ -127,11 +158,13 @@ node('master') { echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} failed." exception = exc } - stage("Custom Pipeline") { + + stage("Custom From-Source") { final customResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE}", propagate: true, wait: true, parameters: [ + [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.CUSTOM_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_CUSTOM_BRANCH}"], @@ -143,7 +176,7 @@ node('master') { echo "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded." } if(exception != null) { - echo "Custom Pipeline passed, but Regular pipeline failed!" + echo "Custom Pipeline passed, but prior pipelines failed!" throw exception } } From b88abd93367fa3db7bdd943572bd45d32d66db1f Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Thu, 23 May 2024 15:44:44 -0400 Subject: [PATCH 11/14] Jenkins: Specify dependencies for CPack We switched hosts for this stage to one that doesn't have system-installed libs. --- Jenkinsfile | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 61efad9062..17ae3f4f8b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -80,7 +80,27 @@ node('default') { dir(path: 'build') { sh """# CPack - cmake .. -D VENDOR_DEPENDENCIES=ON + cmake .. -D VENDOR_DEPENDENCIES=ON \ + -D JSONC_INCLUDE_DIR="$HOME/.mussels/install/host-static/include/json-c" \ + -D JSONC_LIBRARY="$HOME/.mussels/install/host-static/lib/libjson-c.a" \ + -D ENABLE_JSON_SHARED=OFF \ + -D BZIP2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \ + -D BZIP2_LIBRARY_RELEASE="$HOME/bzip2-1.0.8-install/lib/libbz2.a" \ + -D OPENSSL_ROOT_DIR="$HOME/.mussels/install/host-static" \ + -D OPENSSL_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \ + -D OPENSSL_CRYPTO_LIBRARY="$HOME/.mussels/install/host-static/lib/libcrypto.a" \ + -D OPENSSL_SSL_LIBRARY="$HOME/.mussels/install/host-static/lib/libssl.a" \ + -D LIBXML2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include/libxml2" \ + -D LIBXML2_LIBRARY="$HOME/.mussels/install/host-static/lib/libxml2.a" \ + -D PCRE2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \ + -D PCRE2_LIBRARY="$HOME/.mussels/install/host-static/lib/libpcre2-8.a" \ + -D CURSES_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \ + -D CURSES_LIBRARY="$HOME/.mussels/install/host-static/lib/libncurses.a;$HOME/.mussels/install/host-static/lib/libtinfo.a" \ + -D ZLIB_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \ + -D ZLIB_LIBRARY="$HOME/.mussels/install/host-static/lib/libz.a" \ + -D LIBCHECK_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \ + -D LIBCHECK_LIBRARY="$HOME/.mussels/install/host-static/lib/libcheck.a" + cpack --config CPackSourceConfig.cmake """ archiveArtifacts(artifacts: "clamav-${params.VERSION}*.tar.gz", onlyIfSuccessful: true) } From 6903281c3ce08d00e212a6d8b0904745f083d7d1 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Thu, 23 May 2024 21:01:53 -0400 Subject: [PATCH 12/14] Jenkins: Fixup build-pipeline path --- Jenkinsfile | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 17ae3f4f8b..b2383735d6 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -115,7 +115,6 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -137,10 +136,9 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.PACKAGE_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], + [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], @@ -161,11 +159,8 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.REGULAR_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.TEST_PIPELINES_PATH}/${params.BUILD_PIPELINE}"], - [$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"], [$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"], [$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"], @@ -184,7 +179,6 @@ node('default') { propagate: true, wait: true, parameters: [ - [$class: 'StringParameterValue', name: 'PIPELINE_BRANCH_NAME', value: "${params.CUSTOM_PIPELINE}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"], [$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"], [$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_CUSTOM_BRANCH}"], From 72fd5753bc26ed7198052d8facc4b7f8e8218622 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Tue, 13 Aug 2024 12:04:33 -0400 Subject: [PATCH 13/14] News: updates prior to 1.0.7 --- NEWS.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/NEWS.md b/NEWS.md index 05a7accc89..8e823c535d 100644 --- a/NEWS.md +++ b/NEWS.md @@ -7,6 +7,22 @@ differ slightly from third-party binary packages. ClamAV 1.0.7 is a patch release with the following fixes: +- Fix unit test caused by expiring signing certificate. + - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1305) + +- Fixed a build issue on Windows with newer versions of Rust. + Also upgraded GitHub Actions imports to fix CI failures. + Fixes courtesy of liushuyu. + - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1307) + +- Fixed an unaligned pointer dereference issue on select architectures. + Fix courtesy of Sebastian Andrzej Siewior. + - Backport of [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1293) + +- Fixes to Jenkins CI pipeline. + +For details, see [GitHub pull request](https://github.com/Cisco-Talos/clamav/pull/1331) + ## 1.0.6 ClamAV 1.0.6 is a critical patch release with the following fixes: From acf717dae2959753a542b79701316474abed1884 Mon Sep 17 00:00:00 2001 From: Micah Snyder Date: Wed, 28 Aug 2024 15:07:27 -0400 Subject: [PATCH 14/14] Tests: remove unused Python modules from freshclam tests The 'cgi' module is deprecrated and will be removed in Python 3.13. We weren't using it anyways. Fixes: https://github.com/Cisco-Talos/clamav/issues/1327 --- unit_tests/freshclam_test.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/unit_tests/freshclam_test.py b/unit_tests/freshclam_test.py index ae5b9b8a24..bdfa7ff4b6 100644 --- a/unit_tests/freshclam_test.py +++ b/unit_tests/freshclam_test.py @@ -10,14 +10,10 @@ from pathlib import Path import platform import shutil -import subprocess -import sys -import time import unittest from functools import partial from http.server import HTTPServer, BaseHTTPRequestHandler -import cgi import testcase